From 5730a7a8e59492e6b9aa3ab188d077c1f8bc3386 Mon Sep 17 00:00:00 2001
From: tls-n <rihubert@ethz.ch>
Date: Fri, 11 Aug 2017 01:23:47 +0200
Subject: [PATCH] Initial commit

---
 README.md                                     |     30 +
 ca/cert_creation.sh                           |     20 +
 ca/client_db/cert.req                         |     18 +
 ca/client_db/cert.req2                        |    Bin 0 -> 247 bytes
 ca/client_db/cert8.db                         |    Bin 0 -> 65536 bytes
 ca/client_db/key3.db                          |    Bin 0 -> 16384 bytes
 ca/client_db/secmod.db                        |    Bin 0 -> 16384 bytes
 ca/client_db/server.crt                       |    Bin 0 -> 325 bytes
 ca/noise.txt                                  |    250 +
 ca/server_db/cert.req                         |     18 +
 ca/server_db/cert.req2                        |    Bin 0 -> 247 bytes
 ca/server_db/cert8.db                         |    Bin 0 -> 65536 bytes
 ca/server_db/key3.db                          |    Bin 0 -> 16384 bytes
 ca/server_db/secmod.db                        |    Bin 0 -> 16384 bytes
 ca/server_db/server.crt                       |    Bin 0 -> 325 bytes
 nss/.clang-format                             |     65 +
 nss/.gitignore                                |     20 +
 nss/.hg_archival.txt                          |      4 +
 nss/.hgignore                                 |     20 +
 nss/.taskcluster.yml                          |     89 +
 nss/COPYING                                   |    403 +
 nss/Makefile                                  |    159 +
 .../buildbot-slave/bbenv-example.sh           |     67 +
 nss/automation/buildbot-slave/build.sh        |    414 +
 nss/automation/buildbot-slave/reboot.bat      |      6 +
 nss/automation/buildbot-slave/startbuild.bat  |     14 +
 nss/automation/ossfuzz/build.sh               |     57 +
 nss/automation/release/nss-release-helper.py  |    250 +
 .../taskcluster/docker-aarch64/Dockerfile     |     30 +
 .../docker-aarch64/bin/checkout.sh            |     20 +
 .../taskcluster/docker-aarch64/setup.sh       |     40 +
 .../taskcluster/docker-arm/Dockerfile         |     27 +
 .../taskcluster/docker-arm/bin/checkout.sh    |     25 +
 .../taskcluster/docker-arm/bin/uname.sh       |     18 +
 .../taskcluster/docker-arm/setup.sh           |     35 +
 .../taskcluster/docker-decision/Dockerfile    |     27 +
 .../docker-decision/bin/checkout.sh           |     20 +
 .../taskcluster/docker-decision/setup.sh      |     31 +
 .../taskcluster/docker-fuzz/Dockerfile        |     33 +
 .../taskcluster/docker-fuzz/bin/checkout.sh   |     20 +
 .../taskcluster/docker-fuzz/setup.sh          |     48 +
 nss/automation/taskcluster/docker/Dockerfile  |     33 +
 .../taskcluster/docker/bin/checkout.sh        |     20 +
 nss/automation/taskcluster/docker/setup.sh    |     66 +
 .../taskcluster/graph/npm-shrinkwrap.json     |   1643 +
 nss/automation/taskcluster/graph/package.json |     24 +
 .../taskcluster/graph/src/context_hash.js     |     43 +
 .../taskcluster/graph/src/extend.js           |    601 +
 .../taskcluster/graph/src/image_builder.js    |     62 +
 nss/automation/taskcluster/graph/src/index.js |     14 +
 nss/automation/taskcluster/graph/src/merge.js |     10 +
 nss/automation/taskcluster/graph/src/queue.js |    248 +
 .../taskcluster/graph/src/try_syntax.js       |    153 +
 nss/automation/taskcluster/scripts/build.sh   |     21 +
 .../taskcluster/scripts/build_gyp.sh          |     13 +
 .../taskcluster/scripts/build_nspr.sh         |     18 +
 .../taskcluster/scripts/build_nss.sh          |     39 +
 .../taskcluster/scripts/build_softoken.sh     |     30 +
 .../taskcluster/scripts/build_util.sh         |     25 +
 .../taskcluster/scripts/extend_task_graph.sh  |     11 +
 nss/automation/taskcluster/scripts/fuzz.sh    |     32 +
 .../taskcluster/scripts/gen_certs.sh          |     16 +
 .../taskcluster/scripts/run_clang_format.sh   |     60 +
 .../taskcluster/scripts/run_scan_build.sh     |     51 +
 .../taskcluster/scripts/run_tests.sh          |      9 +
 nss/automation/taskcluster/scripts/split.sh   |    152 +
 nss/automation/taskcluster/scripts/tools.sh   |     38 +
 nss/automation/taskcluster/windows/build.sh   |     15 +
 .../taskcluster/windows/gen_certs.sh          |     19 +
 .../taskcluster/windows/releng.manifest       |     10 +
 .../taskcluster/windows/run_tests.sh          |     13 +
 nss/automation/taskcluster/windows/setup.sh   |     30 +
 nss/automation/travis/validate-formatting.sh  |     18 +
 nss/build.sh                                  |    236 +
 nss/cmd/Makefile                              |     44 +
 nss/cmd/addbuiltin/Makefile                   |     48 +
 nss/cmd/addbuiltin/addbuiltin.c               |    574 +
 nss/cmd/addbuiltin/addbuiltin.gyp             |     24 +
 nss/cmd/addbuiltin/manifest.mn                |     20 +
 nss/cmd/atob/Makefile                         |     48 +
 nss/cmd/atob/atob.c                           |    174 +
 nss/cmd/atob/atob.gyp                         |     30 +
 nss/cmd/atob/manifest.mn                      |     22 +
 nss/cmd/benchmark/.gitignore                  |      2 +
 nss/cmd/benchmark/Makefile                    |     46 +
 nss/cmd/benchmark/README.md                   |      5 +
 nss/cmd/benchmark/client_db                   |      1 +
 nss/cmd/benchmark/main.c                      |    247 +
 nss/cmd/benchmark/manifest.mn                 |     23 +
 nss/cmd/benchmark/messages.txt                |      0
 nss/cmd/bltest/Makefile                       |     54 +
 nss/cmd/bltest/blapitest.c                    |   4234 +
 nss/cmd/bltest/bltest.gyp                     |     35 +
 nss/cmd/bltest/manifest.mn                    |     26 +
 nss/cmd/bltest/pkcs1_vectors.h                |    789 +
 nss/cmd/bltest/tests/README                   |     56 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext0      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext1      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext10     |      3 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext11     |      3 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext12     |      4 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext13     |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext14     |      2 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext15     |      2 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext16     |      3 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext17     |      3 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext18     |      4 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext19     |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext2      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext20     |      2 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext21     |      2 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext22     |      3 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext23     |      3 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext24     |      4 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext3      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext4      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext5      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext6      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext7      |      1 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext8      |      2 +
 nss/cmd/bltest/tests/aes_cbc/ciphertext9      |      2 +
 nss/cmd/bltest/tests/aes_cbc/iv0              |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv1              |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/iv10             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv11             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv12             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv13             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv14             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv15             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv16             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv17             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv18             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv19             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv2              |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/iv20             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv21             |      2 +
 nss/cmd/bltest/tests/aes_cbc/iv22             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv23             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/iv24             |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv3              |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/iv4              |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/iv5              |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/iv6              |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/iv7              |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv8              |      1 +
 nss/cmd/bltest/tests/aes_cbc/iv9              |      1 +
 nss/cmd/bltest/tests/aes_cbc/key0             |      1 +
 nss/cmd/bltest/tests/aes_cbc/key1             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/key10            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key11            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key12            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key13            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key14            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key15            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key16            |    Bin 0 -> 24 bytes
 nss/cmd/bltest/tests/aes_cbc/key17            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key18            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key19            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key2             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/key20            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key21            |      2 +
 nss/cmd/bltest/tests/aes_cbc/key22            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key23            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key24            |      1 +
 nss/cmd/bltest/tests/aes_cbc/key3             |    Bin 0 -> 24 bytes
 nss/cmd/bltest/tests/aes_cbc/key4             |    Bin 0 -> 24 bytes
 nss/cmd/bltest/tests/aes_cbc/key5             |    Bin 0 -> 32 bytes
 nss/cmd/bltest/tests/aes_cbc/key6             |    Bin 0 -> 32 bytes
 nss/cmd/bltest/tests/aes_cbc/key7             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_cbc/key8             |      1 +
 nss/cmd/bltest/tests/aes_cbc/key9             |      1 +
 nss/cmd/bltest/tests/aes_cbc/mktst.sh         |     11 +
 nss/cmd/bltest/tests/aes_cbc/numtests         |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext0       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext1       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext10      |      2 +
 nss/cmd/bltest/tests/aes_cbc/plaintext11      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext12      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext13      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext14      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext15      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext16      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext17      |      2 +
 nss/cmd/bltest/tests/aes_cbc/plaintext18      |    Bin 0 -> 160 bytes
 nss/cmd/bltest/tests/aes_cbc/plaintext19      |    Bin 0 -> 32 bytes
 nss/cmd/bltest/tests/aes_cbc/plaintext2       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext20      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext21      |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext22      |    Bin 0 -> 128 bytes
 nss/cmd/bltest/tests/aes_cbc/plaintext23      |    Bin 0 -> 144 bytes
 nss/cmd/bltest/tests/aes_cbc/plaintext24      |    Bin 0 -> 160 bytes
 nss/cmd/bltest/tests/aes_cbc/plaintext3       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext4       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext5       |      2 +
 nss/cmd/bltest/tests/aes_cbc/plaintext6       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext7       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext8       |      1 +
 nss/cmd/bltest/tests/aes_cbc/plaintext9       |      2 +
 nss/cmd/bltest/tests/aes_cbc/test1.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test10.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test11.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test12.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test13.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test14.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test15.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test16.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test17.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test18.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test19.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test2.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test20.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test21.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test22.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test23.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test24.txt       |      5 +
 nss/cmd/bltest/tests/aes_cbc/test3.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test4.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test5.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test6.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test7.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test8.txt        |      5 +
 nss/cmd/bltest/tests/aes_cbc/test9.txt        |      5 +
 nss/cmd/bltest/tests/aes_ctr/aes_ctr_0.txt    |     28 +
 nss/cmd/bltest/tests/aes_ctr/aes_ctr_1.txt    |     28 +
 nss/cmd/bltest/tests/aes_ctr/aes_ctr_2.txt    |     28 +
 .../tests/aes_ctr/aes_ctr_tests_source.txt    |    199 +
 nss/cmd/bltest/tests/aes_ctr/ciphertext0      |      2 +
 nss/cmd/bltest/tests/aes_ctr/ciphertext1      |      2 +
 nss/cmd/bltest/tests/aes_ctr/ciphertext2      |      2 +
 nss/cmd/bltest/tests/aes_ctr/iv0              |      1 +
 nss/cmd/bltest/tests/aes_ctr/iv1              |      1 +
 nss/cmd/bltest/tests/aes_ctr/iv2              |      1 +
 nss/cmd/bltest/tests/aes_ctr/key0             |      1 +
 nss/cmd/bltest/tests/aes_ctr/key1             |      1 +
 nss/cmd/bltest/tests/aes_ctr/key2             |      1 +
 nss/cmd/bltest/tests/aes_ctr/mktst.sh         |      9 +
 nss/cmd/bltest/tests/aes_ctr/numtests         |      1 +
 nss/cmd/bltest/tests/aes_ctr/plaintext0       |      2 +
 nss/cmd/bltest/tests/aes_ctr/plaintext1       |      2 +
 nss/cmd/bltest/tests/aes_ctr/plaintext2       |      2 +
 .../tests/aes_cts/aes-cts-type-1-vectors.txt  |     47 +
 nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt    |      6 +
 nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt    |      6 +
 nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt    |      6 +
 nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt    |      6 +
 nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt    |      6 +
 nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt    |      6 +
 nss/cmd/bltest/tests/aes_cts/ciphertext0      |      1 +
 nss/cmd/bltest/tests/aes_cts/ciphertext1      |      1 +
 nss/cmd/bltest/tests/aes_cts/ciphertext2      |      1 +
 nss/cmd/bltest/tests/aes_cts/ciphertext3      |      1 +
 nss/cmd/bltest/tests/aes_cts/ciphertext4      |      1 +
 nss/cmd/bltest/tests/aes_cts/ciphertext5      |      2 +
 nss/cmd/bltest/tests/aes_cts/iv0              |    Bin 0 -> 34 bytes
 nss/cmd/bltest/tests/aes_cts/iv1              |    Bin 0 -> 34 bytes
 nss/cmd/bltest/tests/aes_cts/iv2              |    Bin 0 -> 34 bytes
 nss/cmd/bltest/tests/aes_cts/iv3              |    Bin 0 -> 34 bytes
 nss/cmd/bltest/tests/aes_cts/iv4              |    Bin 0 -> 34 bytes
 nss/cmd/bltest/tests/aes_cts/iv5              |    Bin 0 -> 34 bytes
 nss/cmd/bltest/tests/aes_cts/key0             |      1 +
 nss/cmd/bltest/tests/aes_cts/key1             |      1 +
 nss/cmd/bltest/tests/aes_cts/key2             |      1 +
 nss/cmd/bltest/tests/aes_cts/key3             |      1 +
 nss/cmd/bltest/tests/aes_cts/key4             |      1 +
 nss/cmd/bltest/tests/aes_cts/key5             |      1 +
 nss/cmd/bltest/tests/aes_cts/mktst.sh         |      9 +
 nss/cmd/bltest/tests/aes_cts/numtests         |      1 +
 nss/cmd/bltest/tests/aes_cts/plaintext0       |      1 +
 nss/cmd/bltest/tests/aes_cts/plaintext1       |      1 +
 nss/cmd/bltest/tests/aes_cts/plaintext2       |      1 +
 nss/cmd/bltest/tests/aes_cts/plaintext3       |      1 +
 nss/cmd/bltest/tests/aes_cts/plaintext4       |      1 +
 nss/cmd/bltest/tests/aes_cts/plaintext5       |      1 +
 nss/cmd/bltest/tests/aes_ecb/ciphertext0      |      1 +
 nss/cmd/bltest/tests/aes_ecb/ciphertext1      |      1 +
 nss/cmd/bltest/tests/aes_ecb/ciphertext2      |      1 +
 nss/cmd/bltest/tests/aes_ecb/ciphertext3      |      1 +
 nss/cmd/bltest/tests/aes_ecb/ciphertext4      |      1 +
 nss/cmd/bltest/tests/aes_ecb/ciphertext5      |      1 +
 nss/cmd/bltest/tests/aes_ecb/ciphertext6      |      1 +
 nss/cmd/bltest/tests/aes_ecb/key0             |      1 +
 nss/cmd/bltest/tests/aes_ecb/key1             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_ecb/key2             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_ecb/key3             |    Bin 0 -> 24 bytes
 nss/cmd/bltest/tests/aes_ecb/key4             |    Bin 0 -> 24 bytes
 nss/cmd/bltest/tests/aes_ecb/key5             |    Bin 0 -> 32 bytes
 nss/cmd/bltest/tests/aes_ecb/key6             |    Bin 0 -> 32 bytes
 nss/cmd/bltest/tests/aes_ecb/mktst.sh         |     10 +
 nss/cmd/bltest/tests/aes_ecb/numtests         |      1 +
 nss/cmd/bltest/tests/aes_ecb/plaintext0       |      1 +
 nss/cmd/bltest/tests/aes_ecb/plaintext1       |      1 +
 nss/cmd/bltest/tests/aes_ecb/plaintext2       |      1 +
 nss/cmd/bltest/tests/aes_ecb/plaintext3       |      1 +
 nss/cmd/bltest/tests/aes_ecb/plaintext4       |      1 +
 nss/cmd/bltest/tests/aes_ecb/plaintext5       |      2 +
 nss/cmd/bltest/tests/aes_ecb/plaintext6       |      1 +
 nss/cmd/bltest/tests/aes_ecb/test1.txt        |      4 +
 nss/cmd/bltest/tests/aes_ecb/test2.txt        |      4 +
 nss/cmd/bltest/tests/aes_ecb/test3.txt        |      4 +
 nss/cmd/bltest/tests/aes_ecb/test4.txt        |      4 +
 nss/cmd/bltest/tests/aes_ecb/test5.txt        |      4 +
 nss/cmd/bltest/tests/aes_ecb/test6.txt        |      4 +
 nss/cmd/bltest/tests/aes_gcm/aad0             |      0
 nss/cmd/bltest/tests/aes_gcm/aad1             |      0
 nss/cmd/bltest/tests/aes_gcm/aad10            |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad11            |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad12            |      0
 nss/cmd/bltest/tests/aes_gcm/aad13            |      0
 nss/cmd/bltest/tests/aes_gcm/aad14            |      0
 nss/cmd/bltest/tests/aes_gcm/aad15            |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad16            |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad17            |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad2             |      0
 nss/cmd/bltest/tests/aes_gcm/aad3             |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad4             |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad5             |      1 +
 nss/cmd/bltest/tests/aes_gcm/aad6             |      0
 nss/cmd/bltest/tests/aes_gcm/aad7             |      0
 nss/cmd/bltest/tests/aes_gcm/aad8             |      0
 nss/cmd/bltest/tests/aes_gcm/aad9             |      1 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext0      |      1 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext1      |      1 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext10     |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext11     |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext12     |      1 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext13     |      1 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext14     |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext15     |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext16     |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext17     |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext2      |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext3      |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext4      |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext5      |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext6      |      1 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext7      |      1 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext8      |      2 +
 nss/cmd/bltest/tests/aes_gcm/ciphertext9      |      2 +
 nss/cmd/bltest/tests/aes_gcm/hex.c            |     78 +
 nss/cmd/bltest/tests/aes_gcm/iv0              |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/aes_gcm/iv1              |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/aes_gcm/iv10             |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv11             |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv12             |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/aes_gcm/iv13             |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/aes_gcm/iv14             |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv15             |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv16             |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv17             |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv2              |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv3              |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv4              |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv5              |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv6              |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/aes_gcm/iv7              |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/aes_gcm/iv8              |      1 +
 nss/cmd/bltest/tests/aes_gcm/iv9              |      1 +
 nss/cmd/bltest/tests/aes_gcm/key0             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_gcm/key1             |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_gcm/key10            |      1 +
 nss/cmd/bltest/tests/aes_gcm/key11            |      1 +
 nss/cmd/bltest/tests/aes_gcm/key12            |    Bin 0 -> 32 bytes
 nss/cmd/bltest/tests/aes_gcm/key13            |    Bin 0 -> 32 bytes
 nss/cmd/bltest/tests/aes_gcm/key14            |      1 +
 nss/cmd/bltest/tests/aes_gcm/key15            |      1 +
 nss/cmd/bltest/tests/aes_gcm/key16            |      1 +
 nss/cmd/bltest/tests/aes_gcm/key17            |      1 +
 nss/cmd/bltest/tests/aes_gcm/key2             |      1 +
 nss/cmd/bltest/tests/aes_gcm/key3             |      1 +
 nss/cmd/bltest/tests/aes_gcm/key4             |      1 +
 nss/cmd/bltest/tests/aes_gcm/key5             |      1 +
 nss/cmd/bltest/tests/aes_gcm/key6             |    Bin 0 -> 24 bytes
 nss/cmd/bltest/tests/aes_gcm/key7             |    Bin 0 -> 24 bytes
 nss/cmd/bltest/tests/aes_gcm/key8             |      1 +
 nss/cmd/bltest/tests/aes_gcm/key9             |      1 +
 nss/cmd/bltest/tests/aes_gcm/mktst.sh         |     13 +
 nss/cmd/bltest/tests/aes_gcm/numtests         |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext0       |      0
 nss/cmd/bltest/tests/aes_gcm/plaintext1       |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_gcm/plaintext10      |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext11      |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext12      |      0
 nss/cmd/bltest/tests/aes_gcm/plaintext13      |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_gcm/plaintext14      |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext15      |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext16      |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext17      |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext2       |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext3       |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext4       |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext5       |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext6       |      0
 nss/cmd/bltest/tests/aes_gcm/plaintext7       |    Bin 0 -> 16 bytes
 nss/cmd/bltest/tests/aes_gcm/plaintext8       |      1 +
 nss/cmd/bltest/tests/aes_gcm/plaintext9       |      1 +
 nss/cmd/bltest/tests/aes_gcm/test0.txt        |     11 +
 nss/cmd/bltest/tests/aes_gcm/test1.txt        |     14 +
 nss/cmd/bltest/tests/aes_gcm/test10.txt       |     28 +
 nss/cmd/bltest/tests/aes_gcm/test11.txt       |     31 +
 nss/cmd/bltest/tests/aes_gcm/test12.txt       |     11 +
 nss/cmd/bltest/tests/aes_gcm/test13.txt       |     14 +
 nss/cmd/bltest/tests/aes_gcm/test14.txt       |     23 +
 nss/cmd/bltest/tests/aes_gcm/test15.txt       |     26 +
 nss/cmd/bltest/tests/aes_gcm/test16.txt       |     28 +
 nss/cmd/bltest/tests/aes_gcm/test17.txt       |     31 +
 nss/cmd/bltest/tests/aes_gcm/test2.txt        |     23 +
 nss/cmd/bltest/tests/aes_gcm/test3.txt        |     26 +
 nss/cmd/bltest/tests/aes_gcm/test4.txt        |     28 +
 nss/cmd/bltest/tests/aes_gcm/test5.txt        |     31 +
 nss/cmd/bltest/tests/aes_gcm/test6.txt        |     11 +
 nss/cmd/bltest/tests/aes_gcm/test7.txt        |     14 +
 nss/cmd/bltest/tests/aes_gcm/test8.txt        |     23 +
 nss/cmd/bltest/tests/aes_gcm/test9.txt        |     26 +
 nss/cmd/bltest/tests/aes_gcm/test_source.txt  |    439 +
 nss/cmd/bltest/tests/camellia_cbc/ciphertext0 |      1 +
 nss/cmd/bltest/tests/camellia_cbc/ciphertext1 |      1 +
 nss/cmd/bltest/tests/camellia_cbc/ciphertext2 |      1 +
 nss/cmd/bltest/tests/camellia_cbc/iv0         |      1 +
 nss/cmd/bltest/tests/camellia_cbc/key0        |      1 +
 nss/cmd/bltest/tests/camellia_cbc/key1        |      1 +
 nss/cmd/bltest/tests/camellia_cbc/key2        |      1 +
 nss/cmd/bltest/tests/camellia_cbc/numtests    |      1 +
 nss/cmd/bltest/tests/camellia_cbc/plaintext0  |      1 +
 nss/cmd/bltest/tests/camellia_ecb/ciphertext0 |      1 +
 nss/cmd/bltest/tests/camellia_ecb/ciphertext1 |      1 +
 nss/cmd/bltest/tests/camellia_ecb/ciphertext2 |      1 +
 nss/cmd/bltest/tests/camellia_ecb/key0        |      1 +
 nss/cmd/bltest/tests/camellia_ecb/key1        |      1 +
 nss/cmd/bltest/tests/camellia_ecb/key2        |      1 +
 nss/cmd/bltest/tests/camellia_ecb/numtests    |      1 +
 nss/cmd/bltest/tests/camellia_ecb/plaintext0  |      1 +
 nss/cmd/bltest/tests/chacha20_poly1305/aad0   |      1 +
 nss/cmd/bltest/tests/chacha20_poly1305/aad1   |    Bin 0 -> 12 bytes
 .../tests/chacha20_poly1305/ciphertext0       |      1 +
 .../tests/chacha20_poly1305/ciphertext1       |      1 +
 nss/cmd/bltest/tests/chacha20_poly1305/iv0    |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/chacha20_poly1305/iv1    |    Bin 0 -> 12 bytes
 nss/cmd/bltest/tests/chacha20_poly1305/key0   |      1 +
 nss/cmd/bltest/tests/chacha20_poly1305/key1   |      1 +
 .../bltest/tests/chacha20_poly1305/numtests   |      1 +
 .../bltest/tests/chacha20_poly1305/plaintext0 |      1 +
 .../bltest/tests/chacha20_poly1305/plaintext1 |      1 +
 nss/cmd/bltest/tests/des3_cbc/ciphertext0     |      1 +
 nss/cmd/bltest/tests/des3_cbc/iv0             |      1 +
 nss/cmd/bltest/tests/des3_cbc/key0            |      1 +
 nss/cmd/bltest/tests/des3_cbc/numtests        |      1 +
 nss/cmd/bltest/tests/des3_cbc/plaintext0      |      1 +
 nss/cmd/bltest/tests/des3_ecb/ciphertext0     |      1 +
 nss/cmd/bltest/tests/des3_ecb/key0            |      1 +
 nss/cmd/bltest/tests/des3_ecb/numtests        |      1 +
 nss/cmd/bltest/tests/des3_ecb/plaintext0      |      1 +
 nss/cmd/bltest/tests/des_cbc/ciphertext0      |      1 +
 nss/cmd/bltest/tests/des_cbc/iv0              |      1 +
 nss/cmd/bltest/tests/des_cbc/key0             |      1 +
 nss/cmd/bltest/tests/des_cbc/numtests         |      1 +
 nss/cmd/bltest/tests/des_cbc/plaintext0       |      1 +
 nss/cmd/bltest/tests/des_ecb/ciphertext0      |      1 +
 nss/cmd/bltest/tests/des_ecb/key0             |      1 +
 nss/cmd/bltest/tests/des_ecb/numtests         |      1 +
 nss/cmd/bltest/tests/des_ecb/plaintext0       |      1 +
 nss/cmd/bltest/tests/dsa/ciphertext0          |      1 +
 nss/cmd/bltest/tests/dsa/ciphertext1          |      1 +
 nss/cmd/bltest/tests/dsa/ciphertext10         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext11         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext12         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext13         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext14         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext15         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext16         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext17         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext18         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext19         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext2          |      1 +
 nss/cmd/bltest/tests/dsa/ciphertext20         |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext3          |      1 +
 nss/cmd/bltest/tests/dsa/ciphertext4          |      1 +
 nss/cmd/bltest/tests/dsa/ciphertext5          |      1 +
 nss/cmd/bltest/tests/dsa/ciphertext6          |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext7          |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext8          |      2 +
 nss/cmd/bltest/tests/dsa/ciphertext9          |      2 +
 nss/cmd/bltest/tests/dsa/dsa_fips.txt         |    248 +
 nss/cmd/bltest/tests/dsa/key0                 |      6 +
 nss/cmd/bltest/tests/dsa/key1                 |     10 +
 nss/cmd/bltest/tests/dsa/key10                |     18 +
 nss/cmd/bltest/tests/dsa/key11                |     18 +
 nss/cmd/bltest/tests/dsa/key12                |     18 +
 nss/cmd/bltest/tests/dsa/key13                |     18 +
 nss/cmd/bltest/tests/dsa/key14                |     18 +
 nss/cmd/bltest/tests/dsa/key15                |     18 +
 nss/cmd/bltest/tests/dsa/key16                |     26 +
 nss/cmd/bltest/tests/dsa/key17                |     26 +
 nss/cmd/bltest/tests/dsa/key18                |     26 +
 nss/cmd/bltest/tests/dsa/key19                |     26 +
 nss/cmd/bltest/tests/dsa/key2                 |     10 +
 nss/cmd/bltest/tests/dsa/key20                |     26 +
 nss/cmd/bltest/tests/dsa/key3                 |     10 +
 nss/cmd/bltest/tests/dsa/key4                 |     10 +
 nss/cmd/bltest/tests/dsa/key5                 |     10 +
 nss/cmd/bltest/tests/dsa/key6                 |     18 +
 nss/cmd/bltest/tests/dsa/key7                 |     18 +
 nss/cmd/bltest/tests/dsa/key8                 |     18 +
 nss/cmd/bltest/tests/dsa/key9                 |     18 +
 nss/cmd/bltest/tests/dsa/keyseed0             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed1             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed10            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed11            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed12            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed13            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed14            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed15            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed16            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed17            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed18            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed19            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed2             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed20            |      1 +
 nss/cmd/bltest/tests/dsa/keyseed3             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed4             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed5             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed6             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed7             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed8             |      1 +
 nss/cmd/bltest/tests/dsa/keyseed9             |      1 +
 nss/cmd/bltest/tests/dsa/numtests             |      1 +
 nss/cmd/bltest/tests/dsa/plaintext0           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext1           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext10          |      2 +
 nss/cmd/bltest/tests/dsa/plaintext11          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext12          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext13          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext14          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext15          |      2 +
 nss/cmd/bltest/tests/dsa/plaintext16          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext17          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext18          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext19          |      1 +
 nss/cmd/bltest/tests/dsa/plaintext2           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext20          |      2 +
 nss/cmd/bltest/tests/dsa/plaintext3           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext4           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext5           |      2 +
 nss/cmd/bltest/tests/dsa/plaintext6           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext7           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext8           |      1 +
 nss/cmd/bltest/tests/dsa/plaintext9           |      1 +
 nss/cmd/bltest/tests/dsa/pqg0                 |      4 +
 nss/cmd/bltest/tests/dsa/pqg1                 |      6 +
 nss/cmd/bltest/tests/dsa/pqg10                |     12 +
 nss/cmd/bltest/tests/dsa/pqg11                |     12 +
 nss/cmd/bltest/tests/dsa/pqg12                |     12 +
 nss/cmd/bltest/tests/dsa/pqg13                |     12 +
 nss/cmd/bltest/tests/dsa/pqg14                |     12 +
 nss/cmd/bltest/tests/dsa/pqg15                |     12 +
 nss/cmd/bltest/tests/dsa/pqg16                |     17 +
 nss/cmd/bltest/tests/dsa/pqg17                |     17 +
 nss/cmd/bltest/tests/dsa/pqg18                |     17 +
 nss/cmd/bltest/tests/dsa/pqg19                |     17 +
 nss/cmd/bltest/tests/dsa/pqg2                 |      6 +
 nss/cmd/bltest/tests/dsa/pqg20                |     17 +
 nss/cmd/bltest/tests/dsa/pqg3                 |      6 +
 nss/cmd/bltest/tests/dsa/pqg4                 |      6 +
 nss/cmd/bltest/tests/dsa/pqg5                 |      6 +
 nss/cmd/bltest/tests/dsa/pqg6                 |     12 +
 nss/cmd/bltest/tests/dsa/pqg7                 |     12 +
 nss/cmd/bltest/tests/dsa/pqg8                 |     12 +
 nss/cmd/bltest/tests/dsa/pqg9                 |     12 +
 nss/cmd/bltest/tests/dsa/sigseed0             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed1             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed10            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed11            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed12            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed13            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed14            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed15            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed16            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed17            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed18            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed19            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed2             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed20            |      1 +
 nss/cmd/bltest/tests/dsa/sigseed3             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed4             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed5             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed6             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed7             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed8             |      1 +
 nss/cmd/bltest/tests/dsa/sigseed9             |      1 +
 nss/cmd/bltest/tests/ecdsa/README             |      4 +
 nss/cmd/bltest/tests/ecdsa/ciphertext0        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext1        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext10       |      2 +
 nss/cmd/bltest/tests/ecdsa/ciphertext11       |      2 +
 nss/cmd/bltest/tests/ecdsa/ciphertext12       |      2 +
 nss/cmd/bltest/tests/ecdsa/ciphertext13       |      2 +
 nss/cmd/bltest/tests/ecdsa/ciphertext14       |      2 +
 nss/cmd/bltest/tests/ecdsa/ciphertext15       |      2 +
 nss/cmd/bltest/tests/ecdsa/ciphertext16       |      3 +
 nss/cmd/bltest/tests/ecdsa/ciphertext17       |      3 +
 nss/cmd/bltest/tests/ecdsa/ciphertext18       |      3 +
 nss/cmd/bltest/tests/ecdsa/ciphertext19       |      3 +
 nss/cmd/bltest/tests/ecdsa/ciphertext2        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext20       |      3 +
 nss/cmd/bltest/tests/ecdsa/ciphertext3        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext4        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext5        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext6        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext7        |      1 +
 nss/cmd/bltest/tests/ecdsa/ciphertext8        |      2 +
 nss/cmd/bltest/tests/ecdsa/ciphertext9        |      2 +
 nss/cmd/bltest/tests/ecdsa/key0               |      3 +
 nss/cmd/bltest/tests/ecdsa/key1               |      4 +
 nss/cmd/bltest/tests/ecdsa/key10              |      3 +
 nss/cmd/bltest/tests/ecdsa/key11              |      3 +
 nss/cmd/bltest/tests/ecdsa/key12              |      3 +
 nss/cmd/bltest/tests/ecdsa/key13              |      3 +
 nss/cmd/bltest/tests/ecdsa/key14              |      3 +
 nss/cmd/bltest/tests/ecdsa/key15              |      4 +
 nss/cmd/bltest/tests/ecdsa/key16              |      4 +
 nss/cmd/bltest/tests/ecdsa/key17              |      4 +
 nss/cmd/bltest/tests/ecdsa/key18              |      5 +
 nss/cmd/bltest/tests/ecdsa/key19              |      5 +
 nss/cmd/bltest/tests/ecdsa/key2               |      5 +
 nss/cmd/bltest/tests/ecdsa/key20              |      5 +
 nss/cmd/bltest/tests/ecdsa/key3               |      2 +
 nss/cmd/bltest/tests/ecdsa/key4               |      2 +
 nss/cmd/bltest/tests/ecdsa/key5               |      2 +
 nss/cmd/bltest/tests/ecdsa/key6               |      2 +
 nss/cmd/bltest/tests/ecdsa/key7               |      2 +
 nss/cmd/bltest/tests/ecdsa/key8               |      3 +
 nss/cmd/bltest/tests/ecdsa/key9               |      3 +
 nss/cmd/bltest/tests/ecdsa/numtests           |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext0         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext1         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext10        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext11        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext12        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext13        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext14        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext15        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext16        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext17        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext18        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext19        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext2         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext20        |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext3         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext4         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext5         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext6         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext7         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext8         |      1 +
 nss/cmd/bltest/tests/ecdsa/plaintext9         |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed0           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed1           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed10          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed11          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed12          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed13          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed14          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed15          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed16          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed17          |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed18          |      2 +
 nss/cmd/bltest/tests/ecdsa/sigseed19          |      2 +
 nss/cmd/bltest/tests/ecdsa/sigseed2           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed20          |      2 +
 nss/cmd/bltest/tests/ecdsa/sigseed3           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed4           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed5           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed6           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed7           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed8           |      1 +
 nss/cmd/bltest/tests/ecdsa/sigseed9           |      1 +
 nss/cmd/bltest/tests/md2/ciphertext0          |      1 +
 nss/cmd/bltest/tests/md2/numtests             |      1 +
 nss/cmd/bltest/tests/md2/plaintext0           |      1 +
 nss/cmd/bltest/tests/md5/ciphertext0          |      1 +
 nss/cmd/bltest/tests/md5/numtests             |      1 +
 nss/cmd/bltest/tests/md5/plaintext0           |      1 +
 nss/cmd/bltest/tests/rc2_cbc/ciphertext0      |      1 +
 nss/cmd/bltest/tests/rc2_cbc/iv0              |      1 +
 nss/cmd/bltest/tests/rc2_cbc/key0             |      1 +
 nss/cmd/bltest/tests/rc2_cbc/numtests         |      1 +
 nss/cmd/bltest/tests/rc2_cbc/plaintext0       |      1 +
 nss/cmd/bltest/tests/rc2_ecb/ciphertext0      |      1 +
 nss/cmd/bltest/tests/rc2_ecb/key0             |      1 +
 nss/cmd/bltest/tests/rc2_ecb/numtests         |      1 +
 nss/cmd/bltest/tests/rc2_ecb/plaintext0       |      1 +
 nss/cmd/bltest/tests/rc4/ciphertext0          |      1 +
 nss/cmd/bltest/tests/rc4/ciphertext1          |      1 +
 nss/cmd/bltest/tests/rc4/key0                 |      1 +
 nss/cmd/bltest/tests/rc4/key1                 |      1 +
 nss/cmd/bltest/tests/rc4/numtests             |      1 +
 nss/cmd/bltest/tests/rc4/plaintext0           |      1 +
 nss/cmd/bltest/tests/rc4/plaintext1           |      1 +
 nss/cmd/bltest/tests/rc5_cbc/ciphertext0      |      1 +
 nss/cmd/bltest/tests/rc5_cbc/iv0              |      1 +
 nss/cmd/bltest/tests/rc5_cbc/key0             |      1 +
 nss/cmd/bltest/tests/rc5_cbc/numtests         |      1 +
 nss/cmd/bltest/tests/rc5_cbc/params0          |      2 +
 nss/cmd/bltest/tests/rc5_cbc/plaintext0       |      1 +
 nss/cmd/bltest/tests/rc5_ecb/ciphertext0      |      1 +
 nss/cmd/bltest/tests/rc5_ecb/key0             |      1 +
 nss/cmd/bltest/tests/rc5_ecb/numtests         |      1 +
 nss/cmd/bltest/tests/rc5_ecb/params0          |      2 +
 nss/cmd/bltest/tests/rc5_ecb/plaintext0       |      1 +
 nss/cmd/bltest/tests/rsa/ciphertext0          |      1 +
 nss/cmd/bltest/tests/rsa/key0                 |      4 +
 nss/cmd/bltest/tests/rsa/numtests             |      1 +
 nss/cmd/bltest/tests/rsa/plaintext0           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext0     |      3 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext1     |      3 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext10    |      4 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext11    |      4 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext12    |      5 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext13    |      5 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext14    |      5 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext15    |      5 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext16    |      5 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext17    |      5 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext2     |      3 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext3     |      3 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext4     |      3 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext5     |      3 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext6     |      4 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext7     |      4 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext8     |      4 +
 nss/cmd/bltest/tests/rsa_oaep/ciphertext9     |      4 +
 nss/cmd/bltest/tests/rsa_oaep/hash0           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash1           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash10          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash11          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash12          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash13          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash14          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash15          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash16          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash17          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash2           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash3           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash4           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash5           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash6           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash7           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash8           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/hash9           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key0            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key1            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key10           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key11           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key12           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key13           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key14           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key15           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key16           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key17           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key2            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key3            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key4            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key5            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key6            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key7            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key8            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/key9            |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash0       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash1       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash10      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash11      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash12      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash13      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash14      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash15      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash16      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash17      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash2       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash3       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash4       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash5       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash6       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash7       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash8       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/maskhash9       |      1 +
 nss/cmd/bltest/tests/rsa_oaep/numtests        |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext0      |    Bin 0 -> 28 bytes
 nss/cmd/bltest/tests/rsa_oaep/plaintext1      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext10     |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext11     |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext12     |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext13     |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext14     |      2 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext15     |    Bin 0 -> 36 bytes
 nss/cmd/bltest/tests/rsa_oaep/plaintext16     |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext17     |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext2      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext3      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext4      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext5      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext6      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext7      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext8      |      1 +
 nss/cmd/bltest/tests/rsa_oaep/plaintext9      |      3 +
 nss/cmd/bltest/tests/rsa_oaep/seed0           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed1           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed10          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed11          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed12          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed13          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed14          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed15          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed16          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed17          |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed2           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed3           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed4           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed5           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed6           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed7           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed8           |      1 +
 nss/cmd/bltest/tests/rsa_oaep/seed9           |      1 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext0      |      3 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext1      |      3 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext10     |      4 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext11     |      4 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext12     |      5 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext13     |      5 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext14     |      5 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext15     |      5 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext16     |      5 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext17     |      5 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext2      |      3 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext3      |      3 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext4      |      3 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext5      |      3 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext6      |      4 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext7      |      4 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext8      |      4 +
 nss/cmd/bltest/tests/rsa_pss/ciphertext9      |      4 +
 nss/cmd/bltest/tests/rsa_pss/hash0            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash1            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash10           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash11           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash12           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash13           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash14           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash15           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash16           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash17           |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash2            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash3            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash4            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash5            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash6            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash7            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash8            |      1 +
 nss/cmd/bltest/tests/rsa_pss/hash9            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key0             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key1             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key10            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key11            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key12            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key13            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key14            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key15            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key16            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key17            |      1 +
 nss/cmd/bltest/tests/rsa_pss/key2             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key3             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key4             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key5             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key6             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key7             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key8             |      1 +
 nss/cmd/bltest/tests/rsa_pss/key9             |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash0        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash1        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash10       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash11       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash12       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash13       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash14       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash15       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash16       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash17       |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash2        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash3        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash4        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash5        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash6        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash7        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash8        |      1 +
 nss/cmd/bltest/tests/rsa_pss/maskhash9        |      1 +
 nss/cmd/bltest/tests/rsa_pss/numtests         |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext0       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext1       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext10      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext11      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext12      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext13      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext14      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext15      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext16      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext17      |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext2       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext3       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext4       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext5       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext6       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext7       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext8       |      1 +
 nss/cmd/bltest/tests/rsa_pss/plaintext9       |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed0            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed1            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed10           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed11           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed12           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed13           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed14           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed15           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed16           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed17           |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed2            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed3            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed4            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed5            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed6            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed7            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed8            |      1 +
 nss/cmd/bltest/tests/rsa_pss/seed9            |      1 +
 nss/cmd/bltest/tests/seed_cbc/ciphertext0     |      1 +
 nss/cmd/bltest/tests/seed_cbc/iv0             |      1 +
 nss/cmd/bltest/tests/seed_cbc/key0            |      1 +
 nss/cmd/bltest/tests/seed_cbc/numtests        |      1 +
 nss/cmd/bltest/tests/seed_cbc/plaintext0      |      1 +
 nss/cmd/bltest/tests/seed_ecb/ciphertext0     |      1 +
 nss/cmd/bltest/tests/seed_ecb/iv0             |      1 +
 nss/cmd/bltest/tests/seed_ecb/key0            |      1 +
 nss/cmd/bltest/tests/seed_ecb/numtests        |      1 +
 nss/cmd/bltest/tests/seed_ecb/plaintext0      |      1 +
 nss/cmd/bltest/tests/sha1/ciphertext0         |      1 +
 nss/cmd/bltest/tests/sha1/numtests            |      1 +
 nss/cmd/bltest/tests/sha1/plaintext0          |      1 +
 nss/cmd/bltest/tests/sha224/ciphertext0       |      2 +
 nss/cmd/bltest/tests/sha224/ciphertext1       |      2 +
 nss/cmd/bltest/tests/sha224/numtests          |      1 +
 nss/cmd/bltest/tests/sha224/plaintext0        |      1 +
 nss/cmd/bltest/tests/sha224/plaintext1        |      1 +
 nss/cmd/bltest/tests/sha256/ciphertext0       |      1 +
 nss/cmd/bltest/tests/sha256/ciphertext1       |      1 +
 nss/cmd/bltest/tests/sha256/numtests          |      1 +
 nss/cmd/bltest/tests/sha256/plaintext0        |      1 +
 nss/cmd/bltest/tests/sha256/plaintext1        |      1 +
 nss/cmd/bltest/tests/sha384/ciphertext0       |      1 +
 nss/cmd/bltest/tests/sha384/ciphertext1       |      1 +
 nss/cmd/bltest/tests/sha384/numtests          |      1 +
 nss/cmd/bltest/tests/sha384/plaintext0        |      1 +
 nss/cmd/bltest/tests/sha384/plaintext1        |      1 +
 nss/cmd/bltest/tests/sha512/ciphertext0       |      2 +
 nss/cmd/bltest/tests/sha512/ciphertext1       |      2 +
 nss/cmd/bltest/tests/sha512/numtests          |      1 +
 nss/cmd/bltest/tests/sha512/plaintext0        |      1 +
 nss/cmd/bltest/tests/sha512/plaintext1        |      1 +
 nss/cmd/btoa/Makefile                         |     47 +
 nss/cmd/btoa/btoa.c                           |    203 +
 nss/cmd/btoa/btoa.gyp                         |     30 +
 nss/cmd/btoa/manifest.mn                      |     21 +
 nss/cmd/certcgi/HOWTO.txt                     |    137 +
 nss/cmd/certcgi/Makefile                      |     48 +
 nss/cmd/certcgi/ca.html                       |     19 +
 nss/cmd/certcgi/ca_form.html                  |    357 +
 nss/cmd/certcgi/certcgi.c                     |   2246 +
 nss/cmd/certcgi/certcgi.gyp                   |     33 +
 nss/cmd/certcgi/index.html                    |    789 +
 nss/cmd/certcgi/main.html                     |     76 +
 nss/cmd/certcgi/manifest.mn                   |     22 +
 nss/cmd/certcgi/nscp_ext_form.html            |     84 +
 nss/cmd/certcgi/stnd_ext_form.html            |    219 +
 nss/cmd/certutil/Makefile                     |     48 +
 nss/cmd/certutil/certext.c                    |   2218 +
 nss/cmd/certutil/certutil.c                   |   3707 +
 nss/cmd/certutil/certutil.gyp                 |     32 +
 nss/cmd/certutil/certutil.h                   |     57 +
 nss/cmd/certutil/keystuff.c                   |    609 +
 nss/cmd/certutil/manifest.mn                  |     25 +
 nss/cmd/chktest/Makefile                      |     47 +
 nss/cmd/chktest/chktest.c                     |     45 +
 nss/cmd/chktest/chktest.gyp                   |     32 +
 nss/cmd/chktest/manifest.mn                   |     27 +
 nss/cmd/clientProof/.gitignore                |      2 +
 nss/cmd/clientProof/.project                  |     27 +
 nss/cmd/clientProof/Makefile                  |     46 +
 nss/cmd/clientProof/client_db                 |      1 +
 nss/cmd/clientProof/main.c                    |    315 +
 nss/cmd/clientProof/manifest.mn               |     23 +
 nss/cmd/crlutil/Makefile                      |     53 +
 nss/cmd/crlutil/crlgen.c                      |   1542 +
 nss/cmd/crlutil/crlgen.h                      |    178 +
 nss/cmd/crlutil/crlgen_lex.c                  |   1773 +
 nss/cmd/crlutil/crlgen_lex_fix.sed            |      6 +
 nss/cmd/crlutil/crlgen_lex_orig.l             |    181 +
 nss/cmd/crlutil/crlutil.c                     |   1156 +
 nss/cmd/crlutil/crlutil.gyp                   |     32 +
 nss/cmd/crlutil/manifest.mn                   |     25 +
 nss/cmd/crmf-cgi/Makefile                     |     53 +
 nss/cmd/crmf-cgi/config.mk                    |     16 +
 nss/cmd/crmf-cgi/crmfcgi.c                    |   1090 +
 nss/cmd/crmf-cgi/crmfcgi.html                 |    136 +
 nss/cmd/crmf-cgi/manifest.mn                  |     33 +
 nss/cmd/crmftest/Makefile                     |     64 +
 nss/cmd/crmftest/config.mk                    |     15 +
 nss/cmd/crmftest/crmftest.gyp                 |     25 +
 nss/cmd/crmftest/manifest.mn                  |     25 +
 nss/cmd/crmftest/testcrmf.c                   |   1654 +
 nss/cmd/dbck/Makefile                         |     47 +
 nss/cmd/dbck/dbck.c                           |   1350 +
 nss/cmd/dbck/dbrecover.c                      |    668 +
 nss/cmd/dbck/manifest.mn                      |     22 +
 nss/cmd/dbtest/Makefile                       |     46 +
 nss/cmd/dbtest/dbtest.c                       |    244 +
 nss/cmd/dbtest/dbtest.gyp                     |     25 +
 nss/cmd/dbtest/manifest.mn                    |     22 +
 nss/cmd/derdump/Makefile                      |     48 +
 nss/cmd/derdump/derdump.c                     |    128 +
 nss/cmd/derdump/derdump.gyp                   |     30 +
 nss/cmd/derdump/manifest.mn                   |     21 +
 nss/cmd/digest/Makefile                       |     48 +
 nss/cmd/digest/digest.c                       |    228 +
 nss/cmd/digest/digest.gyp                     |     30 +
 nss/cmd/digest/manifest.mn                    |     22 +
 nss/cmd/ecperf/Makefile                       |     46 +
 nss/cmd/ecperf/ecperf.c                       |    727 +
 nss/cmd/ecperf/ecperf.gyp                     |     35 +
 nss/cmd/ecperf/manifest.mn                    |     18 +
 nss/cmd/ectest/Makefile                       |     46 +
 nss/cmd/ectest/ectest.c                       |    186 +
 nss/cmd/ectest/manifest.mn                    |     18 +
 nss/cmd/ectest/testvecs.h                     |    728 +
 nss/cmd/fbectest/Makefile                     |     46 +
 nss/cmd/fbectest/fbectest.c                   |    281 +
 nss/cmd/fbectest/fbectest.gyp                 |     34 +
 nss/cmd/fbectest/manifest.mn                  |     18 +
 nss/cmd/fbectest/testvecs.h                   |    818 +
 nss/cmd/fipstest/Makefile                     |     49 +
 nss/cmd/fipstest/aes.sh                       |    112 +
 nss/cmd/fipstest/aesgcm.sh                    |     67 +
 nss/cmd/fipstest/dsa.sh                       |     71 +
 nss/cmd/fipstest/ecdsa.sh                     |     60 +
 nss/cmd/fipstest/fipstest.c                   |   6137 +
 nss/cmd/fipstest/fipstest.gyp                 |     31 +
 nss/cmd/fipstest/hmac.sh                      |     36 +
 nss/cmd/fipstest/manifest.mn                  |     23 +
 nss/cmd/fipstest/rng.sh                       |     34 +
 nss/cmd/fipstest/rsa.sh                       |     50 +
 nss/cmd/fipstest/runtest.sh                   |     17 +
 nss/cmd/fipstest/sha.sh                       |     66 +
 nss/cmd/fipstest/tdea.sh                      |    106 +
 nss/cmd/fipstest/tls.sh                       |     34 +
 nss/cmd/fipstest/validate.sh                  |      7 +
 nss/cmd/fipstest/validate1.sh                 |     30 +
 nss/cmd/httpserv/Makefile                     |     46 +
 nss/cmd/httpserv/httpserv.c                   |   1453 +
 nss/cmd/httpserv/httpserv.gyp                 |     30 +
 nss/cmd/httpserv/manifest.mn                  |     20 +
 nss/cmd/lib/Makefile                          |     49 +
 nss/cmd/lib/basicutil.c                       |    776 +
 nss/cmd/lib/basicutil.h                       |    138 +
 nss/cmd/lib/berparse.c                        |    388 +
 nss/cmd/lib/config.mk                         |     15 +
 nss/cmd/lib/derprint.c                        |    594 +
 nss/cmd/lib/exports.gyp                       |     27 +
 nss/cmd/lib/ffs.c                             |     21 +
 nss/cmd/lib/lib.gyp                           |     36 +
 nss/cmd/lib/manifest.mn                       |     39 +
 nss/cmd/lib/moreoids.c                        |    167 +
 nss/cmd/lib/pk11table.c                       |   1517 +
 nss/cmd/lib/pk11table.h                       |    178 +
 nss/cmd/lib/pppolicy.c                        |    263 +
 nss/cmd/lib/secpwd.c                          |    168 +
 nss/cmd/lib/secutil.c                         |   3962 +
 nss/cmd/lib/secutil.h                         |    436 +
 nss/cmd/libpkix/Makefile                      |     46 +
 nss/cmd/libpkix/config.mk                     |      9 +
 nss/cmd/libpkix/manifest.mn                   |     11 +
 nss/cmd/libpkix/perf/Makefile                 |     46 +
 nss/cmd/libpkix/perf/libpkix_buildthreads.c   |    337 +
 nss/cmd/libpkix/perf/manifest.mn              |     21 +
 nss/cmd/libpkix/perf/nss_threads.c            |    158 +
 nss/cmd/libpkix/pkix/Makefile                 |     48 +
 nss/cmd/libpkix/pkix/certsel/Makefile         |     47 +
 nss/cmd/libpkix/pkix/certsel/manifest.mn      |     21 +
 .../libpkix/pkix/certsel/test_certselector.c  |   1683 +
 .../pkix/certsel/test_comcertselparams.c      |    800 +
 nss/cmd/libpkix/pkix/checker/Makefile         |     47 +
 nss/cmd/libpkix/pkix/checker/manifest.mn      |     19 +
 .../pkix/checker/test_certchainchecker.c      |    185 +
 nss/cmd/libpkix/pkix/crlsel/Makefile          |     47 +
 nss/cmd/libpkix/pkix/crlsel/manifest.mn       |     21 +
 .../pkix/crlsel/test_comcrlselparams.c        |    406 +
 .../libpkix/pkix/crlsel/test_crlselector.c    |    168 +
 nss/cmd/libpkix/pkix/manifest.mn              |     11 +
 nss/cmd/libpkix/pkix/params/Makefile          |     47 +
 nss/cmd/libpkix/pkix/params/manifest.mn       |     23 +
 nss/cmd/libpkix/pkix/params/test_procparams.c |    478 +
 .../libpkix/pkix/params/test_resourcelimits.c |     99 +
 .../libpkix/pkix/params/test_trustanchor.c    |    251 +
 nss/cmd/libpkix/pkix/params/test_valparams.c  |    261 +
 nss/cmd/libpkix/pkix/results/Makefile         |     47 +
 nss/cmd/libpkix/pkix/results/manifest.mn      |     23 +
 .../libpkix/pkix/results/test_buildresult.c   |    212 +
 .../libpkix/pkix/results/test_policynode.c    |    612 +
 nss/cmd/libpkix/pkix/results/test_valresult.c |    199 +
 .../libpkix/pkix/results/test_verifynode.c    |    112 +
 nss/cmd/libpkix/pkix/store/Makefile           |     47 +
 nss/cmd/libpkix/pkix/store/manifest.mn        |     19 +
 nss/cmd/libpkix/pkix/store/test_store.c       |    194 +
 nss/cmd/libpkix/pkix/top/Makefile             |     47 +
 nss/cmd/libpkix/pkix/top/manifest.mn          |     33 +
 nss/cmd/libpkix/pkix/top/test_basicchecker.c  |    238 +
 .../pkix/top/test_basicconstraintschecker.c   |    145 +
 nss/cmd/libpkix/pkix/top/test_buildchain.c    |    418 +
 .../pkix/top/test_buildchain_partialchain.c   |    725 +
 .../pkix/top/test_buildchain_resourcelimits.c |    438 +
 .../pkix/top/test_buildchain_uchecker.c       |    327 +
 .../libpkix/pkix/top/test_customcrlchecker.c  |    435 +
 .../pkix/top/test_defaultcrlchecker2stores.c  |    230 +
 nss/cmd/libpkix/pkix/top/test_ocsp.c          |    288 +
 nss/cmd/libpkix/pkix/top/test_policychecker.c |    535 +
 .../pkix/top/test_subjaltnamechecker.c        |    261 +
 nss/cmd/libpkix/pkix/top/test_validatechain.c |    221 +
 .../libpkix/pkix/top/test_validatechain_NB.c  |    351 +
 .../libpkix/pkix/top/test_validatechain_bc.c  |    233 +
 nss/cmd/libpkix/pkix/util/Makefile            |     47 +
 nss/cmd/libpkix/pkix/util/manifest.mn         |     23 +
 nss/cmd/libpkix/pkix/util/test_error.c        |    385 +
 nss/cmd/libpkix/pkix/util/test_list.c         |    765 +
 nss/cmd/libpkix/pkix/util/test_list2.c        |    120 +
 nss/cmd/libpkix/pkix/util/test_logger.c       |    314 +
 nss/cmd/libpkix/pkix_pl/Makefile              |     48 +
 nss/cmd/libpkix/pkix_pl/manifest.mn           |     11 +
 nss/cmd/libpkix/pkix_pl/module/Makefile       |     47 +
 nss/cmd/libpkix/pkix_pl/module/manifest.mn    |     24 +
 .../pkix_pl/module/test_colcertstore.c        |    247 +
 .../libpkix/pkix_pl/module/test_ekuchecker.c  |    275 +
 .../pkix_pl/module/test_httpcertstore.c       |    300 +
 .../pkix_pl/module/test_pk11certstore.c       |    580 +
 nss/cmd/libpkix/pkix_pl/module/test_socket.c  |    571 +
 nss/cmd/libpkix/pkix_pl/pki/Makefile          |     47 +
 nss/cmd/libpkix/pkix_pl/pki/manifest.mn       |     28 +
 .../pkix_pl/pki/test_authorityinfoaccess.c    |    105 +
 nss/cmd/libpkix/pkix_pl/pki/test_cert.c       |   2088 +
 nss/cmd/libpkix/pkix_pl/pki/test_crl.c        |    302 +
 nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c   |    208 +
 nss/cmd/libpkix/pkix_pl/pki/test_date.c       |    106 +
 .../libpkix/pkix_pl/pki/test_generalname.c    |    123 +
 .../pkix_pl/pki/test_nameconstraints.c        |    127 +
 .../pkix_pl/pki/test_subjectinfoaccess.c      |    121 +
 nss/cmd/libpkix/pkix_pl/pki/test_x500name.c   |    169 +
 nss/cmd/libpkix/pkix_pl/system/Makefile       |     47 +
 nss/cmd/libpkix/pkix_pl/system/manifest.mn    |     38 +
 nss/cmd/libpkix/pkix_pl/system/stress_test.c  |    146 +
 nss/cmd/libpkix/pkix_pl/system/test_bigint.c  |    190 +
 .../libpkix/pkix_pl/system/test_bytearray.c   |    231 +
 .../libpkix/pkix_pl/system/test_hashtable.c   |    380 +
 nss/cmd/libpkix/pkix_pl/system/test_mem.c     |    133 +
 .../libpkix/pkix_pl/system/test_monitorlock.c |    104 +
 nss/cmd/libpkix/pkix_pl/system/test_mutex.c   |    102 +
 nss/cmd/libpkix/pkix_pl/system/test_mutex2.c  |    166 +
 nss/cmd/libpkix/pkix_pl/system/test_mutex3.c  |    104 +
 nss/cmd/libpkix/pkix_pl/system/test_object.c  |    281 +
 nss/cmd/libpkix/pkix_pl/system/test_oid.c     |    212 +
 nss/cmd/libpkix/pkix_pl/system/test_rwlock.c  |    204 +
 nss/cmd/libpkix/pkix_pl/system/test_string.c  |    434 +
 nss/cmd/libpkix/pkix_pl/system/test_string2.c |    337 +
 nss/cmd/libpkix/pkixlibs.mk                   |     27 +
 nss/cmd/libpkix/pkixrules.mk                  |      7 +
 nss/cmd/libpkix/pkixutil/Makefile             |     43 +
 nss/cmd/libpkix/pkixutil/manifest.mn          |     41 +
 nss/cmd/libpkix/pkixutil/pkixutil.c           |    299 +
 nss/cmd/libpkix/sample_apps/Makefile          |     46 +
 nss/cmd/libpkix/sample_apps/build_chain.c     |    242 +
 nss/cmd/libpkix/sample_apps/dumpcert.c        |    182 +
 nss/cmd/libpkix/sample_apps/dumpcrl.c         |    186 +
 nss/cmd/libpkix/sample_apps/manifest.mn       |     23 +
 nss/cmd/libpkix/sample_apps/validate_chain.c  |    220 +
 nss/cmd/libpkix/testutil/Makefile             |     51 +
 nss/cmd/libpkix/testutil/config.mk            |     15 +
 nss/cmd/libpkix/testutil/manifest.mn          |     26 +
 nss/cmd/libpkix/testutil/pkixutil.def         |     48 +
 nss/cmd/libpkix/testutil/testutil.c           |    576 +
 nss/cmd/libpkix/testutil/testutil.h           |    292 +
 nss/cmd/libpkix/testutil/testutil_nss.c       |    579 +
 nss/cmd/libpkix/testutil/testutil_nss.h       |    119 +
 nss/cmd/listsuites/Makefile                   |     47 +
 nss/cmd/listsuites/listsuites.c               |     62 +
 nss/cmd/listsuites/listsuites.gyp             |     24 +
 nss/cmd/listsuites/manifest.mn                |     15 +
 nss/cmd/lowhashtest/Makefile                  |     65 +
 nss/cmd/lowhashtest/lowhashtest.c             |    445 +
 nss/cmd/lowhashtest/lowhashtest.gyp           |     32 +
 nss/cmd/lowhashtest/manifest.mn               |     25 +
 nss/cmd/makepqg/Makefile                      |     49 +
 nss/cmd/makepqg/makepqg.c                     |    349 +
 nss/cmd/makepqg/makepqg.gyp                   |     25 +
 nss/cmd/makepqg/manifest.mn                   |     19 +
 nss/cmd/makepqg/testit.ksh                    |     13 +
 nss/cmd/manifest.mn                           |    108 +
 nss/cmd/modutil/Makefile                      |     54 +
 nss/cmd/modutil/README                        |      7 +
 nss/cmd/modutil/error.h                       |    139 +
 nss/cmd/modutil/install-ds.c                  |   1525 +
 nss/cmd/modutil/install-ds.h                  |    260 +
 nss/cmd/modutil/install.c                     |    959 +
 nss/cmd/modutil/install.h                     |    100 +
 nss/cmd/modutil/installparse.c                |    434 +
 nss/cmd/modutil/installparse.h                |      7 +
 nss/cmd/modutil/installparse.l                |    137 +
 nss/cmd/modutil/installparse.y                |    104 +
 nss/cmd/modutil/instsec.c                     |    153 +
 nss/cmd/modutil/lex.Pk11Install_yy.c          |   1607 +
 nss/cmd/modutil/manifest.mn                   |     34 +
 nss/cmd/modutil/modutil.c                     |    970 +
 nss/cmd/modutil/modutil.gyp                   |     44 +
 nss/cmd/modutil/modutil.h                     |     40 +
 nss/cmd/modutil/pk11.c                        |    960 +
 nss/cmd/modutil/pk11jar.html                  |    279 +
 nss/cmd/modutil/rules.mk                      |     26 +
 nss/cmd/modutil/specification.html            |    322 +
 nss/cmd/mpitests/mpi-test.c                   |   2127 +
 nss/cmd/mpitests/mpitests.gyp                 |     39 +
 nss/cmd/mpitests/test-info.c                  |    157 +
 nss/cmd/multinit/Makefile                     |     47 +
 nss/cmd/multinit/manifest.mn                  |     13 +
 nss/cmd/multinit/multinit.c                   |    881 +
 nss/cmd/multinit/multinit.gyp                 |     24 +
 nss/cmd/ocspclnt/Makefile                     |     45 +
 nss/cmd/ocspclnt/manifest.mn                  |     24 +
 nss/cmd/ocspclnt/ocspclnt.c                   |   1243 +
 nss/cmd/ocspclnt/ocspclnt.gyp                 |     25 +
 nss/cmd/ocspresp/Makefile                     |     47 +
 nss/cmd/ocspresp/manifest.mn                  |     15 +
 nss/cmd/ocspresp/ocspresp.c                   |    251 +
 nss/cmd/ocspresp/ocspresp.gyp                 |     24 +
 nss/cmd/oidcalc/Makefile                      |     48 +
 nss/cmd/oidcalc/manifest.mn                   |     19 +
 nss/cmd/oidcalc/oidcalc.c                     |     86 +
 nss/cmd/oidcalc/oidcalc.gyp                   |     30 +
 nss/cmd/p7content/Makefile                    |     47 +
 nss/cmd/p7content/manifest.mn                 |     15 +
 nss/cmd/p7content/p7content.c                 |    269 +
 nss/cmd/p7content/p7content.gyp               |     24 +
 nss/cmd/p7env/Makefile                        |     47 +
 nss/cmd/p7env/manifest.mn                     |     15 +
 nss/cmd/p7env/p7env.c                         |    261 +
 nss/cmd/p7env/p7env.gyp                       |     24 +
 nss/cmd/p7sign/Makefile                       |     47 +
 nss/cmd/p7sign/manifest.mn                    |     15 +
 nss/cmd/p7sign/p7sign.c                       |    281 +
 nss/cmd/p7sign/p7sign.gyp                     |     24 +
 nss/cmd/p7verify/Makefile                     |     47 +
 nss/cmd/p7verify/manifest.mn                  |     15 +
 nss/cmd/p7verify/p7verify.c                   |    283 +
 nss/cmd/p7verify/p7verify.gyp                 |     24 +
 nss/cmd/perfclient/Makefile                   |     46 +
 nss/cmd/perfclient/client_db                  |      1 +
 nss/cmd/perfclient/main.c                     |    147 +
 nss/cmd/perfclient/manifest.mn                |     23 +
 nss/cmd/perfserver/Makefile                   |     46 +
 nss/cmd/perfserver/main.c                     |    189 +
 nss/cmd/perfserver/manifest.mn                |     23 +
 nss/cmd/perfserver/server_db                  |      1 +
 nss/cmd/pk11ectest/Makefile                   |     46 +
 nss/cmd/pk11ectest/manifest.mn                |     16 +
 nss/cmd/pk11ectest/pk11ectest.c               |    171 +
 nss/cmd/pk11ectest/pk11ectest.gyp             |     31 +
 nss/cmd/pk11gcmtest/Makefile                  |     47 +
 nss/cmd/pk11gcmtest/manifest.mn               |     20 +
 nss/cmd/pk11gcmtest/pk11gcmtest.c             |    460 +
 nss/cmd/pk11gcmtest/pk11gcmtest.gyp           |     24 +
 nss/cmd/pk11gcmtest/tests/README              |     14 +
 nss/cmd/pk11gcmtest/tests/gcmDecrypt128.rsp   |   1016 +
 nss/cmd/pk11gcmtest/tests/gcmDecrypt192.rsp   |   1016 +
 nss/cmd/pk11gcmtest/tests/gcmDecrypt256.rsp   |   1016 +
 .../pk11gcmtest/tests/gcmEncryptExtIV128.rsp  |   1016 +
 .../pk11gcmtest/tests/gcmEncryptExtIV192.rsp  |   1016 +
 .../pk11gcmtest/tests/gcmEncryptExtIV256.rsp  |   1016 +
 nss/cmd/pk11mode/Makefile                     |     65 +
 nss/cmd/pk11mode/manifest.mn                  |     16 +
 nss/cmd/pk11mode/pk11mode.c                   |   5387 +
 nss/cmd/pk11mode/pk11mode.gyp                 |     24 +
 nss/cmd/pk11util/Makefile                     |     48 +
 nss/cmd/pk11util/manifest.mn                  |     23 +
 nss/cmd/pk11util/pk11util.c                   |   2240 +
 nss/cmd/pk11util/scripts/dosign               |    162 +
 nss/cmd/pk11util/scripts/hssign               |     48 +
 nss/cmd/pk11util/scripts/lcert                |     35 +
 nss/cmd/pk11util/scripts/mechanisms           |     11 +
 nss/cmd/pk11util/scripts/pLabel1              |      6 +
 nss/cmd/pk11util/scripts/pMechanisms          |      8 +
 nss/cmd/pk11util/scripts/pcert                |     30 +
 nss/cmd/pk12util/Makefile                     |     48 +
 nss/cmd/pk12util/manifest.mn                  |     23 +
 nss/cmd/pk12util/pk12util.c                   |   1103 +
 nss/cmd/pk12util/pk12util.gyp                 |     30 +
 nss/cmd/pk12util/pk12util.h                   |     40 +
 nss/cmd/pk1sign/Makefile                      |     47 +
 nss/cmd/pk1sign/manifest.mn                   |     15 +
 nss/cmd/pk1sign/pk1sign.c                     |    318 +
 nss/cmd/pk1sign/pk1sign.gyp                   |     24 +
 nss/cmd/pkix-errcodes/Makefile                |     47 +
 nss/cmd/pkix-errcodes/manifest.mn             |     15 +
 nss/cmd/pkix-errcodes/pkix-errcodes.c         |     35 +
 nss/cmd/pkix-errcodes/pkix-errcodes.gyp       |     24 +
 nss/cmd/platlibs.gypi                         |     76 +
 nss/cmd/platlibs.mk                           |    265 +
 nss/cmd/platrules.mk                          |     19 +
 nss/cmd/pp/Makefile                           |     47 +
 nss/cmd/pp/manifest.mn                        |     19 +
 nss/cmd/pp/pp.c                               |    196 +
 nss/cmd/pp/pp.gyp                             |     30 +
 nss/cmd/ppcertdata/Makefile                   |     48 +
 nss/cmd/ppcertdata/manifest.mn                |     22 +
 nss/cmd/ppcertdata/ppcertdata.c               |     99 +
 nss/cmd/proofgen/.gitignore                   |      2 +
 nss/cmd/proofgen/Makefile                     |     46 +
 nss/cmd/proofgen/client_db                    |      1 +
 nss/cmd/proofgen/main.c                       |    188 +
 nss/cmd/proofgen/manifest.mn                  |     23 +
 nss/cmd/pwdecrypt/Makefile                    |     45 +
 nss/cmd/pwdecrypt/manifest.mn                 |     26 +
 nss/cmd/pwdecrypt/pwdecrypt.c                 |    330 +
 nss/cmd/pwdecrypt/pwdecrypt.gyp               |     25 +
 nss/cmd/randtrafficClient/Makefile            |     46 +
 nss/cmd/randtrafficClient/client_db           |      1 +
 nss/cmd/randtrafficClient/main.c              |    206 +
 nss/cmd/randtrafficClient/manifest.mn         |     23 +
 nss/cmd/randtrafficServer/Makefile            |     46 +
 nss/cmd/randtrafficServer/main.c              |    190 +
 nss/cmd/randtrafficServer/manifest.mn         |     23 +
 nss/cmd/randtrafficServer/server_db           |      1 +
 nss/cmd/replayClient/.gitignore               |      2 +
 nss/cmd/replayClient/Makefile                 |     46 +
 nss/cmd/replayClient/client_db                |      1 +
 nss/cmd/replayClient/main.c                   |    213 +
 nss/cmd/replayClient/manifest.mn              |     23 +
 nss/cmd/replayClient/messages.txt             |      0
 nss/cmd/replayServer/Makefile                 |     46 +
 nss/cmd/replayServer/main.c                   |    217 +
 nss/cmd/replayServer/manifest.mn              |     23 +
 nss/cmd/replayServer/server_db                |      1 +
 nss/cmd/rsaperf/Makefile                      |     46 +
 nss/cmd/rsaperf/defkey.c                      |    293 +
 nss/cmd/rsaperf/manifest.mn                   |     24 +
 nss/cmd/rsaperf/rsaperf.c                     |    696 +
 nss/cmd/rsaperf/rsaperf.gyp                   |     36 +
 nss/cmd/rsapoptst/Makefile                    |     54 +
 nss/cmd/rsapoptst/manifest.mn                 |     22 +
 nss/cmd/rsapoptst/rsapoptst.c                 |    535 +
 nss/cmd/samples/cert                          |     15 +
 nss/cmd/samples/cert0                         |    Bin 0 -> 505 bytes
 nss/cmd/samples/cert1                         |    Bin 0 -> 515 bytes
 nss/cmd/samples/cert2                         |    Bin 0 -> 528 bytes
 nss/cmd/samples/pkcs7.ber                     |    Bin 0 -> 1771 bytes
 nss/cmd/samples/pkcs7bday.ber                 |    Bin 0 -> 1881 bytes
 nss/cmd/samples/pkcs7cnet.ber                 |    Bin 0 -> 3330 bytes
 nss/cmd/samples/pkcs7news.ber                 |    Bin 0 -> 255328 bytes
 nss/cmd/samples/x509v3.der                    |    Bin 0 -> 463 bytes
 nss/cmd/samples/x509v3.txt                    |     10 +
 nss/cmd/sdrtest/Makefile                      |     45 +
 nss/cmd/sdrtest/manifest.mn                   |     26 +
 nss/cmd/sdrtest/sdrtest.c                     |    427 +
 nss/cmd/sdrtest/sdrtest.gyp                   |     25 +
 nss/cmd/selfserv/Makefile                     |     46 +
 nss/cmd/selfserv/manifest.mn                  |     20 +
 nss/cmd/selfserv/selfserv.c                   |   2784 +
 nss/cmd/selfserv/selfserv.gyp                 |     30 +
 nss/cmd/serverProof/.cproject                 |     56 +
 nss/cmd/serverProof/.project                  |     27 +
 nss/cmd/serverProof/Makefile                  |     46 +
 nss/cmd/serverProof/main.c                    |    192 +
 nss/cmd/serverProof/manifest.mn               |     23 +
 nss/cmd/serverProof/server_db                 |      1 +
 nss/cmd/shlibsign/Makefile                    |     99 +
 nss/cmd/shlibsign/mangle/Makefile             |     65 +
 nss/cmd/shlibsign/mangle/mangle.c             |    140 +
 nss/cmd/shlibsign/mangle/mangle.gyp           |     31 +
 nss/cmd/shlibsign/mangle/manifest.mn          |     24 +
 nss/cmd/shlibsign/manifest.mn                 |     27 +
 nss/cmd/shlibsign/shlibsign.c                 |   1332 +
 nss/cmd/shlibsign/shlibsign.gyp               |     30 +
 nss/cmd/shlibsign/sign.cmd                    |     25 +
 nss/cmd/shlibsign/sign.sh                     |     51 +
 nss/cmd/signtool/Makefile                     |     44 +
 nss/cmd/signtool/README                       |    128 +
 nss/cmd/signtool/certgen.c                    |    713 +
 nss/cmd/signtool/javascript.c                 |   1817 +
 nss/cmd/signtool/list.c                       |    215 +
 nss/cmd/signtool/manifest.mn                  |     25 +
 nss/cmd/signtool/sign.c                       |    834 +
 nss/cmd/signtool/signtool.c                   |   1068 +
 nss/cmd/signtool/signtool.gyp                 |     33 +
 nss/cmd/signtool/signtool.h                   |    113 +
 nss/cmd/signtool/util.c                       |   1086 +
 nss/cmd/signtool/verify.c                     |    337 +
 nss/cmd/signtool/zip.c                        |    676 +
 nss/cmd/signtool/zip.h                        |     69 +
 nss/cmd/signver/Makefile                      |     43 +
 nss/cmd/signver/examples/1/form.pl            |     22 +
 nss/cmd/signver/examples/1/signedForm.html    |     55 +
 nss/cmd/signver/examples/1/signedForm.nt.html |     55 +
 nss/cmd/signver/examples/1/signedForm.pl      |     60 +
 nss/cmd/signver/manifest.mn                   |     24 +
 nss/cmd/signver/pk7print.c                    |    872 +
 nss/cmd/signver/signver.c                     |    315 +
 nss/cmd/signver/signver.gyp                   |     26 +
 nss/cmd/smimetools/Makefile                   |     49 +
 nss/cmd/smimetools/cmsutil.c                  |   1628 +
 nss/cmd/smimetools/manifest.mn                |     17 +
 nss/cmd/smimetools/rules.mk                   |      7 +
 nss/cmd/smimetools/smime                      |    547 +
 nss/cmd/smimetools/smimetools.gyp             |     25 +
 nss/cmd/ssltap/Makefile                       |     51 +
 nss/cmd/ssltap/manifest.mn                    |     23 +
 nss/cmd/ssltap/ssltap-manual.html             |    170 +
 nss/cmd/ssltap/ssltap.c                       |   2590 +
 nss/cmd/ssltap/ssltap.gyp                     |     25 +
 nss/cmd/strsclnt/Makefile                     |     47 +
 nss/cmd/strsclnt/manifest.mn                  |     19 +
 nss/cmd/strsclnt/strsclnt.c                   |   1554 +
 nss/cmd/strsclnt/strsclnt.gyp                 |     30 +
 nss/cmd/symkeyutil/Makefile                   |     48 +
 nss/cmd/symkeyutil/manifest.mn                |     23 +
 nss/cmd/symkeyutil/symkey.man                 |    182 +
 nss/cmd/symkeyutil/symkeyutil.c               |   1102 +
 nss/cmd/symkeyutil/symkeyutil.gyp             |     30 +
 nss/cmd/test/Makefile                         |     46 +
 nss/cmd/test/client_db                        |      1 +
 nss/cmd/test/main.c                           |    179 +
 nss/cmd/test/manifest.mn                      |     23 +
 nss/cmd/tests/Makefile                        |     45 +
 nss/cmd/tests/baddbdir.c                      |     38 +
 nss/cmd/tests/conflict.c                      |     27 +
 nss/cmd/tests/dertimetest.c                   |    102 +
 nss/cmd/tests/encodeinttest.c                 |     62 +
 nss/cmd/tests/manifest.mn                     |     29 +
 nss/cmd/tests/nonspr10.c                      |     90 +
 nss/cmd/tests/remtest.c                       |    136 +
 nss/cmd/tests/secmodtest.c                    |    126 +
 nss/cmd/tests/tests.gyp                       |     91 +
 nss/cmd/tstclnt/Makefile                      |     46 +
 nss/cmd/tstclnt/manifest.mn                   |     23 +
 nss/cmd/tstclnt/tstclnt.c                     |   1927 +
 nss/cmd/tstclnt/tstclnt.gyp                   |     31 +
 nss/cmd/verifier/.gitignore                   |      2 +
 nss/cmd/verifier/Makefile                     |     46 +
 nss/cmd/verifier/client_db                    |      1 +
 nss/cmd/verifier/main.c                       |     76 +
 nss/cmd/verifier/manifest.mn                  |     23 +
 nss/cmd/vfychain/Makefile                     |     46 +
 nss/cmd/vfychain/manifest.mn                  |     23 +
 nss/cmd/vfychain/vfychain.c                   |    820 +
 nss/cmd/vfychain/vfychain.gyp                 |     30 +
 nss/cmd/vfyserv/Makefile                      |     46 +
 nss/cmd/vfyserv/manifest.mn                   |     23 +
 nss/cmd/vfyserv/vfyserv.c                     |    572 +
 nss/cmd/vfyserv/vfyserv.gyp                   |     32 +
 nss/cmd/vfyserv/vfyserv.h                     |    138 +
 nss/cmd/vfyserv/vfyutil.c                     |    620 +
 nss/coreconf/AIX.mk                           |     67 +
 nss/coreconf/Android.mk                       |      6 +
 nss/coreconf/BSD_OS.mk                        |     56 +
 nss/coreconf/BeOS.mk                          |     47 +
 nss/coreconf/Darwin.mk                        |    147 +
 nss/coreconf/FreeBSD.mk                       |     58 +
 nss/coreconf/HP-UX.mk                         |     84 +
 nss/coreconf/HP-UXA.09.03.mk                  |     17 +
 nss/coreconf/HP-UXA.09.07.mk                  |     16 +
 nss/coreconf/HP-UXA.09.mk                     |     11 +
 nss/coreconf/HP-UXB.10.01.mk                  |     12 +
 nss/coreconf/HP-UXB.10.10.mk                  |     22 +
 nss/coreconf/HP-UXB.10.20.mk                  |     22 +
 nss/coreconf/HP-UXB.10.30.mk                  |     28 +
 nss/coreconf/HP-UXB.10.mk                     |      8 +
 nss/coreconf/HP-UXB.11.00.mk                  |     17 +
 nss/coreconf/HP-UXB.11.11.mk                  |     17 +
 nss/coreconf/HP-UXB.11.20.mk                  |     17 +
 nss/coreconf/HP-UXB.11.22.mk                  |     17 +
 nss/coreconf/HP-UXB.11.23.mk                  |     17 +
 nss/coreconf/HP-UXB.11.mk                     |     48 +
 nss/coreconf/IRIX.mk                          |     94 +
 nss/coreconf/IRIX5.2.mk                       |      5 +
 nss/coreconf/IRIX5.3.mk                       |      7 +
 nss/coreconf/IRIX5.mk                         |     10 +
 nss/coreconf/IRIX6.2.mk                       |     13 +
 nss/coreconf/IRIX6.3.mk                       |     12 +
 nss/coreconf/IRIX6.5.mk                       |     15 +
 nss/coreconf/IRIX6.mk                         |     17 +
 nss/coreconf/Linux.mk                         |    209 +
 nss/coreconf/Makefile                         |     15 +
 nss/coreconf/NCR3.0.mk                        |     65 +
 nss/coreconf/NEC4.2.mk                        |     36 +
 nss/coreconf/NetBSD.mk                        |     55 +
 nss/coreconf/OS2.mk                           |    156 +
 nss/coreconf/OSF1.mk                          |     48 +
 nss/coreconf/OSF1V2.0.mk                      |      5 +
 nss/coreconf/OSF1V3.0.mk                      |      5 +
 nss/coreconf/OSF1V3.2.mk                      |     16 +
 nss/coreconf/OSF1V4.0.mk                      |     24 +
 nss/coreconf/OSF1V4.0B.mk                     |      5 +
 nss/coreconf/OSF1V4.0D.mk                     |      9 +
 nss/coreconf/OSF1V5.0.mk                      |     20 +
 nss/coreconf/OSF1V5.1.mk                      |     20 +
 nss/coreconf/OpenBSD.mk                       |     41 +
 nss/coreconf/OpenUNIX.mk                      |     60 +
 nss/coreconf/QNX.mk                           |     39 +
 nss/coreconf/README                           |    555 +
 nss/coreconf/RISCOS.mk                        |     22 +
 nss/coreconf/ReliantUNIX.mk                   |     58 +
 nss/coreconf/ReliantUNIX5.4.mk                |      5 +
 nss/coreconf/SCOOS5.0.mk                      |      6 +
 nss/coreconf/SCO_SV3.2.mk                     |     60 +
 nss/coreconf/SunOS4.1.3_U1.mk                 |     28 +
 nss/coreconf/SunOS5.mk                        |    144 +
 nss/coreconf/UNIX.mk                          |     66 +
 nss/coreconf/UNIXWARE2.1.mk                   |     29 +
 nss/coreconf/WIN32.mk                         |    378 +
 nss/coreconf/WIN95.mk                         |     15 +
 nss/coreconf/WINNT.mk                         |     20 +
 nss/coreconf/Werror.mk                        |    105 +
 nss/coreconf/arch.mk                          |    323 +
 nss/coreconf/check_cc_clang.py                |     21 +
 nss/coreconf/command.mk                       |     39 +
 nss/coreconf/config.gypi                      |    548 +
 nss/coreconf/config.mk                        |    210 +
 nss/coreconf/coreconf.dep                     |     13 +
 nss/coreconf/coreconf.pl                      |    128 +
 nss/coreconf/cpdist.pl                        |    167 +
 nss/coreconf/detect_host_arch.py              |     25 +
 nss/coreconf/empty.c                          |      1 +
 nss/coreconf/fuzz.sh                          |     38 +
 nss/coreconf/headers.mk                       |     24 +
 nss/coreconf/import.pl                        |    189 +
 nss/coreconf/jdk.mk                           |    504 +
 nss/coreconf/jniregen.pl                      |     79 +
 nss/coreconf/location.mk                      |     78 +
 nss/coreconf/mkdepend/Makefile                |     60 +
 nss/coreconf/mkdepend/cppsetup.c              |    233 +
 nss/coreconf/mkdepend/def.h                   |    184 +
 nss/coreconf/mkdepend/ifparser.c              |    551 +
 nss/coreconf/mkdepend/ifparser.h              |     83 +
 nss/coreconf/mkdepend/imakemdep.h             |    782 +
 nss/coreconf/mkdepend/include.c               |    337 +
 nss/coreconf/mkdepend/main.c                  |    870 +
 nss/coreconf/mkdepend/mkdepend.man            |    382 +
 nss/coreconf/mkdepend/parse.c                 |    693 +
 nss/coreconf/mkdepend/pr.c                    |    124 +
 nss/coreconf/module.mk                        |     37 +
 nss/coreconf/nsinstall/Makefile               |     42 +
 nss/coreconf/nsinstall/nsinstall.c            |    407 +
 nss/coreconf/nsinstall/nsinstall.gyp          |     21 +
 nss/coreconf/nsinstall/pathsub.c              |    272 +
 nss/coreconf/nsinstall/pathsub.h              |     48 +
 nss/coreconf/nsinstall/sunos4.h               |    134 +
 nss/coreconf/nspr.sh                          |     51 +
 nss/coreconf/outofdate.pl                     |     39 +
 nss/coreconf/precommit.clang-format.sh        |     63 +
 nss/coreconf/prefix.mk                        |     44 +
 nss/coreconf/release.pl                       |    112 +
 nss/coreconf/rules.mk                         |    970 +
 nss/coreconf/ruleset.mk                       |    220 +
 nss/coreconf/sanitizers.mk                    |     19 +
 nss/coreconf/sanitizers.py                    |     33 +
 nss/coreconf/sanitizers.sh                    |     78 +
 nss/coreconf/shlibsign.py                     |     30 +
 nss/coreconf/source.mk                        |    162 +
 nss/coreconf/suffix.mk                        |     67 +
 nss/coreconf/tree.mk                          |     52 +
 nss/coreconf/version.mk                       |     77 +
 nss/coreconf/version.pl                       |     48 +
 nss/coreconf/werror.py                        |     60 +
 nss/coreconf/zlib.mk                          |     17 +
 nss/cpputil/.clang-format                     |      4 +
 nss/cpputil/README                            |     11 +
 nss/cpputil/cpputil.gyp                       |     27 +
 nss/cpputil/dummy_io.cc                       |    221 +
 nss/cpputil/dummy_io.h                        |     62 +
 nss/cpputil/dummy_io_fwd.cc                   |    162 +
 nss/cpputil/scoped_ptrs.h                     |     63 +
 nss/doc/.hgignore                             |      3 +
 nss/doc/Makefile                              |     69 +
 nss/doc/README                                |      7 +
 nss/doc/certutil.xml                          |   1243 +
 nss/doc/cmsutil.xml                           |    299 +
 nss/doc/crlutil.xml                           |    525 +
 nss/doc/derdump.xml                           |     96 +
 nss/doc/html/.hgignore                        |      1 +
 nss/doc/html/certutil.html                    |    354 +
 nss/doc/html/cmsutil.html                     |     27 +
 nss/doc/html/crlutil.html                     |    204 +
 nss/doc/html/derdump.html                     |      7 +
 nss/doc/html/modutil.html                     |    250 +
 nss/doc/html/pk12util.html                    |     77 +
 nss/doc/html/pp.html                          |      7 +
 nss/doc/html/signtool.html                    |    284 +
 nss/doc/html/signver.html                     |     33 +
 nss/doc/html/ssltap.html                      |    417 +
 nss/doc/html/vfychain.html                    |     26 +
 nss/doc/html/vfyserv.html                     |      5 +
 nss/doc/modutil.xml                           |    761 +
 nss/doc/nroff/certutil.1                      |   2050 +
 nss/doc/nroff/cmsutil.1                       |    271 +
 nss/doc/nroff/crlutil.1                       |    389 +
 nss/doc/nroff/derdump.1                       |     92 +
 nss/doc/nroff/modutil.1                       |   1452 +
 nss/doc/nroff/pk12util.1                      |   1040 +
 nss/doc/nroff/pp.1                            |    108 +
 nss/doc/nroff/signtool.1                      |    681 +
 nss/doc/nroff/signver.1                       |    320 +
 nss/doc/nroff/ssltap.1                        |    609 +
 nss/doc/nroff/vfychain.1                      |    169 +
 nss/doc/nroff/vfyserv.1                       |     70 +
 nss/doc/pk12util.xml                          |    478 +
 nss/doc/pp.xml                                |    123 +
 nss/doc/signtool.xml                          |    681 +
 nss/doc/signver.xml                           |    230 +
 nss/doc/ssltap.xml                            |    579 +
 nss/doc/vfychain.xml                          |    232 +
 nss/doc/vfyserv.xml                           |     85 +
 nss/exports.gyp                               |     77 +
 nss/external_tests/.clang-format              |      4 +
 nss/external_tests/Makefile                   |     44 +
 nss/external_tests/README                     |     15 +
 nss/external_tests/common/Makefile            |     41 +
 nss/external_tests/common/gtest.mk            |     36 +
 nss/external_tests/common/gtests.cc           |     22 +
 nss/external_tests/common/manifest.mn         |     21 +
 nss/external_tests/common/scoped_ptrs.h       |     55 +
 nss/external_tests/der_gtest/Makefile         |     43 +
 .../der_gtest/der_getint_unittest.cc          |    110 +
 nss/external_tests/der_gtest/manifest.mn      |     21 +
 nss/external_tests/google_test/Makefile       |     44 +
 nss/external_tests/google_test/gtest/CHANGES  |    157 +
 .../google_test/gtest/CMakeLists.txt          |    260 +
 .../google_test/gtest/CONTRIBUTORS            |     37 +
 nss/external_tests/google_test/gtest/LICENSE  |     28 +
 .../google_test/gtest/Makefile.am             |    306 +
 nss/external_tests/google_test/gtest/README   |    435 +
 .../google_test/gtest/build-aux/.keep         |      0
 .../gtest/cmake/internal_utils.cmake          |    242 +
 .../google_test/gtest/codegear/gtest.cbproj   |    138 +
 .../gtest/codegear/gtest.groupproj            |     54 +
 .../google_test/gtest/codegear/gtest_all.cc   |     38 +
 .../google_test/gtest/codegear/gtest_link.cc  |     40 +
 .../gtest/codegear/gtest_main.cbproj          |     82 +
 .../gtest/codegear/gtest_unittest.cbproj      |     88 +
 .../google_test/gtest/configure.ac            |     68 +
 .../gtest/include/gtest/gtest-death-test.h    |    294 +
 .../gtest/include/gtest/gtest-message.h       |    250 +
 .../gtest/include/gtest/gtest-param-test.h    |   1421 +
 .../include/gtest/gtest-param-test.h.pump     |    487 +
 .../gtest/include/gtest/gtest-printers.h      |    891 +
 .../gtest/include/gtest/gtest-spi.h           |    232 +
 .../gtest/include/gtest/gtest-test-part.h     |    179 +
 .../gtest/include/gtest/gtest-typed-test.h    |    259 +
 .../google_test/gtest/include/gtest/gtest.h   |   2307 +
 .../gtest/include/gtest/gtest_pred_impl.h     |    358 +
 .../gtest/include/gtest/gtest_prod.h          |     58 +
 .../internal/gtest-death-test-internal.h      |    319 +
 .../include/gtest/internal/gtest-filepath.h   |    206 +
 .../include/gtest/internal/gtest-internal.h   |   1193 +
 .../include/gtest/internal/gtest-linked_ptr.h |    233 +
 .../internal/gtest-param-util-generated.h     |   5143 +
 .../gtest-param-util-generated.h.pump         |    301 +
 .../include/gtest/internal/gtest-param-util.h |    619 +
 .../gtest/include/gtest/internal/gtest-port.h |   2432 +
 .../include/gtest/internal/gtest-string.h     |    167 +
 .../include/gtest/internal/gtest-tuple.h      |   1020 +
 .../include/gtest/internal/gtest-tuple.h.pump |    347 +
 .../include/gtest/internal/gtest-type-util.h  |   3331 +
 .../gtest/internal/gtest-type-util.h.pump     |    297 +
 .../google_test/gtest/m4/acx_pthread.m4       |    363 +
 .../google_test/gtest/m4/gtest.m4             |     74 +
 .../google_test/gtest/make/Makefile           |     82 +
 .../google_test/gtest/msvc/gtest-md.sln       |     45 +
 .../google_test/gtest/msvc/gtest-md.vcproj    |    126 +
 .../google_test/gtest/msvc/gtest.sln          |     45 +
 .../google_test/gtest/msvc/gtest.vcproj       |    126 +
 .../gtest/msvc/gtest_main-md.vcproj           |    129 +
 .../google_test/gtest/msvc/gtest_main.vcproj  |    129 +
 .../gtest/msvc/gtest_prod_test-md.vcproj      |    164 +
 .../gtest/msvc/gtest_prod_test.vcproj         |    164 +
 .../gtest/msvc/gtest_unittest-md.vcproj       |    147 +
 .../gtest/msvc/gtest_unittest.vcproj          |    147 +
 .../google_test/gtest/samples/prime_tables.h  |    123 +
 .../google_test/gtest/samples/sample1.cc      |     68 +
 .../google_test/gtest/samples/sample1.h       |     43 +
 .../gtest/samples/sample10_unittest.cc        |    144 +
 .../gtest/samples/sample1_unittest.cc         |    153 +
 .../google_test/gtest/samples/sample2.cc      |     56 +
 .../google_test/gtest/samples/sample2.h       |     85 +
 .../gtest/samples/sample2_unittest.cc         |    109 +
 .../google_test/gtest/samples/sample3-inl.h   |    172 +
 .../gtest/samples/sample3_unittest.cc         |    151 +
 .../google_test/gtest/samples/sample4.cc      |     46 +
 .../google_test/gtest/samples/sample4.h       |     53 +
 .../gtest/samples/sample4_unittest.cc         |     45 +
 .../gtest/samples/sample5_unittest.cc         |    199 +
 .../gtest/samples/sample6_unittest.cc         |    224 +
 .../gtest/samples/sample7_unittest.cc         |    130 +
 .../gtest/samples/sample8_unittest.cc         |    173 +
 .../gtest/samples/sample9_unittest.cc         |    160 +
 .../google_test/gtest/scripts/common.py       |     83 +
 .../gtest/scripts/fuse_gtest_files.py         |    250 +
 .../gtest/scripts/gen_gtest_pred_impl.py      |    730 +
 .../google_test/gtest/scripts/gtest-config.in |    274 +
 .../google_test/gtest/scripts/pump.py         |    855 +
 .../google_test/gtest/scripts/release_docs.py |    158 +
 .../google_test/gtest/scripts/test/Makefile   |     59 +
 .../google_test/gtest/scripts/upload.py       |   1387 +
 .../google_test/gtest/scripts/upload_gtest.py |     78 +
 .../google_test/gtest/src/gtest-all.cc        |     48 +
 .../google_test/gtest/src/gtest-death-test.cc |   1346 +
 .../google_test/gtest/src/gtest-filepath.cc   |    387 +
 .../gtest/src/gtest-internal-inl.h            |   1192 +
 .../google_test/gtest/src/gtest-port.cc       |   1184 +
 .../google_test/gtest/src/gtest-printers.cc   |    373 +
 .../google_test/gtest/src/gtest-test-part.cc  |    110 +
 .../google_test/gtest/src/gtest-typed-test.cc |    110 +
 .../google_test/gtest/src/gtest.cc            |   5291 +
 .../google_test/gtest/src/gtest_main.cc       |     38 +
 .../gtest/test/gtest-death-test_ex_test.cc    |     93 +
 .../gtest/test/gtest-death-test_test.cc       |   1423 +
 .../gtest/test/gtest-filepath_test.cc         |    680 +
 .../gtest/test/gtest-linked_ptr_test.cc       |    154 +
 .../gtest/test/gtest-listener_test.cc         |    310 +
 .../gtest/test/gtest-message_test.cc          |    159 +
 .../gtest/test/gtest-options_test.cc          |    215 +
 .../gtest/test/gtest-param-test2_test.cc      |     65 +
 .../gtest/test/gtest-param-test_test.cc       |    904 +
 .../gtest/test/gtest-param-test_test.h        |     57 +
 .../google_test/gtest/test/gtest-port_test.cc |   1323 +
 .../gtest/test/gtest-printers_test.cc         |   1651 +
 .../gtest/test/gtest-test-part_test.cc        |    208 +
 .../gtest/test/gtest-tuple_test.cc            |    320 +
 .../gtest/test/gtest-typed-test2_test.cc      |     45 +
 .../gtest/test/gtest-typed-test_test.cc       |    361 +
 .../gtest/test/gtest-typed-test_test.h        |     66 +
 .../gtest/test/gtest-unittest-api_test.cc     |    341 +
 .../google_test/gtest/test/gtest_all_test.cc  |     47 +
 .../test/gtest_break_on_failure_unittest.py   |    212 +
 .../test/gtest_break_on_failure_unittest_.cc  |     88 +
 .../gtest/test/gtest_catch_exceptions_test.py |    237 +
 .../test/gtest_catch_exceptions_test_.cc      |    311 +
 .../gtest/test/gtest_color_test.py            |    130 +
 .../gtest/test/gtest_color_test_.cc           |     71 +
 .../gtest/test/gtest_env_var_test.py          |    103 +
 .../gtest/test/gtest_env_var_test_.cc         |    126 +
 .../gtest/test/gtest_environment_test.cc      |    192 +
 .../gtest/test/gtest_filter_unittest.py       |    633 +
 .../gtest/test/gtest_filter_unittest_.cc      |    140 +
 .../google_test/gtest/test/gtest_help_test.py |    172 +
 .../gtest/test/gtest_help_test_.cc            |     46 +
 .../gtest/test/gtest_list_tests_unittest.py   |    207 +
 .../gtest/test/gtest_list_tests_unittest_.cc  |    157 +
 .../gtest/test/gtest_main_unittest.cc         |     45 +
 .../gtest/test/gtest_no_test_unittest.cc      |     56 +
 .../gtest/test/gtest_output_test.py           |    335 +
 .../gtest/test/gtest_output_test_.cc          |   1039 +
 .../test/gtest_output_test_golden_lin.txt     |    732 +
 .../gtest/test/gtest_pred_impl_unittest.cc    |   2427 +
 .../gtest/test/gtest_premature_exit_test.cc   |    143 +
 .../google_test/gtest/test/gtest_prod_test.cc |     57 +
 .../gtest/test/gtest_repeat_test.cc           |    253 +
 .../gtest/test/gtest_shuffle_test.py          |    325 +
 .../gtest/test/gtest_shuffle_test_.cc         |    103 +
 .../gtest/test/gtest_sole_header_test.cc      |     57 +
 .../gtest/test/gtest_stress_test.cc           |    256 +
 .../gtest/test/gtest_test_utils.py            |    320 +
 .../test/gtest_throw_on_failure_ex_test.cc    |     92 +
 .../gtest/test/gtest_throw_on_failure_test.py |    171 +
 .../test/gtest_throw_on_failure_test_.cc      |     72 +
 .../gtest/test/gtest_uninitialized_test.py    |     70 +
 .../gtest/test/gtest_uninitialized_test_.cc   |     43 +
 .../google_test/gtest/test/gtest_unittest.cc  |   7525 +
 .../gtest/test/gtest_xml_outfile1_test_.cc    |     49 +
 .../gtest/test/gtest_xml_outfile2_test_.cc    |     49 +
 .../gtest/test/gtest_xml_outfiles_test.py     |    132 +
 .../gtest/test/gtest_xml_output_unittest.py   |    307 +
 .../gtest/test/gtest_xml_output_unittest_.cc  |    181 +
 .../gtest/test/gtest_xml_test_utils.py        |    194 +
 .../google_test/gtest/test/production.cc      |     36 +
 .../google_test/gtest/test/production.h       |     55 +
 .../gtest/xcode/Config/DebugProject.xcconfig  |     30 +
 .../xcode/Config/FrameworkTarget.xcconfig     |     17 +
 .../gtest/xcode/Config/General.xcconfig       |     41 +
 .../xcode/Config/ReleaseProject.xcconfig      |     32 +
 .../xcode/Config/StaticLibraryTarget.xcconfig |     18 +
 .../gtest/xcode/Config/TestTarget.xcconfig    |      8 +
 .../gtest/xcode/Resources/Info.plist          |     30 +
 .../xcode/Samples/FrameworkSample/Info.plist  |     28 +
 .../WidgetFramework.xcodeproj/project.pbxproj |    457 +
 .../xcode/Samples/FrameworkSample/runtests.sh |     62 +
 .../xcode/Samples/FrameworkSample/widget.cc   |     63 +
 .../xcode/Samples/FrameworkSample/widget.h    |     59 +
 .../Samples/FrameworkSample/widget_test.cc    |     68 +
 .../gtest/xcode/Scripts/runtests.sh           |     65 +
 .../gtest/xcode/Scripts/versiongenerate.py    |    100 +
 .../xcode/gtest.xcodeproj/project.pbxproj     |   1135 +
 nss/external_tests/google_test/manifest.mn    |     23 +
 nss/external_tests/manifest.mn                |     16 +
 nss/external_tests/nss_bogo_shim/Makefile     |     52 +
 nss/external_tests/nss_bogo_shim/config.cc    |     58 +
 nss/external_tests/nss_bogo_shim/config.h     |     89 +
 nss/external_tests/nss_bogo_shim/config.json  |     41 +
 nss/external_tests/nss_bogo_shim/manifest.mn  |     20 +
 .../nss_bogo_shim/nss_bogo_shim.cc            |    314 +
 nss/external_tests/nss_bogo_shim/nsskeys.cc   |     84 +
 nss/external_tests/nss_bogo_shim/nsskeys.h    |     20 +
 nss/external_tests/pk11_gtest/Makefile        |     43 +
 nss/external_tests/pk11_gtest/manifest.mn     |     26 +
 .../pk11_gtest/pk11_aeskeywrap_unittest.cc    |    132 +
 .../pk11_chacha20poly1305_unittest.cc         |    263 +
 .../pk11_gtest/pk11_pbkdf2_unittest.cc        |     96 +
 .../pk11_gtest/pk11_prf_unittest.cc           |    229 +
 .../pk11_gtest/pk11_rsapss_unittest.cc        |    242 +
 nss/external_tests/ssl_gtest/Makefile         |     59 +
 nss/external_tests/ssl_gtest/databuffer.h     |    183 +
 nss/external_tests/ssl_gtest/gtest_utils.h    |     57 +
 .../ssl_gtest/libssl_internals.c              |    285 +
 .../ssl_gtest/libssl_internals.h              |     40 +
 nss/external_tests/ssl_gtest/manifest.mn      |     52 +
 .../ssl_gtest/ssl_0rtt_unittest.cc            |    196 +
 .../ssl_gtest/ssl_agent_unittest.cc           |    254 +
 .../ssl_gtest/ssl_auth_unittest.cc            |    523 +
 .../ssl_gtest/ssl_cert_ext_unittest.cc        |    214 +
 .../ssl_gtest/ssl_ciphersuite_unittest.cc     |    438 +
 .../ssl_gtest/ssl_damage_unittest.cc          |     61 +
 .../ssl_gtest/ssl_dhe_unittest.cc             |    520 +
 .../ssl_gtest/ssl_drop_unittest.cc            |    113 +
 .../ssl_gtest/ssl_ecdh_unittest.cc            |    343 +
 .../ssl_gtest/ssl_ems_unittest.cc             |    100 +
 .../ssl_gtest/ssl_extension_unittest.cc       |    580 +
 nss/external_tests/ssl_gtest/ssl_gtest.cc     |     44 +
 .../ssl_gtest/ssl_hrr_unittest.cc             |    197 +
 .../ssl_gtest/ssl_loopback_unittest.cc        |    241 +
 .../ssl_gtest/ssl_record_unittest.cc          |    111 +
 .../ssl_gtest/ssl_resumption_unittest.cc      |    443 +
 .../ssl_gtest/ssl_skip_unittest.cc            |    159 +
 .../ssl_gtest/ssl_staticrsa_unittest.cc       |    123 +
 .../ssl_gtest/ssl_v2_client_hello_unittest.cc |    355 +
 .../ssl_gtest/ssl_version_unittest.cc         |    244 +
 nss/external_tests/ssl_gtest/test_io.cc       |    536 +
 nss/external_tests/ssl_gtest/test_io.h        |    146 +
 nss/external_tests/ssl_gtest/tls_agent.cc     |    883 +
 nss/external_tests/ssl_gtest/tls_agent.h      |    425 +
 nss/external_tests/ssl_gtest/tls_connect.cc   |    546 +
 nss/external_tests/ssl_gtest/tls_connect.h    |    224 +
 nss/external_tests/ssl_gtest/tls_filter.cc    |    475 +
 nss/external_tests/ssl_gtest/tls_filter.h     |    303 +
 .../ssl_gtest/tls_hkdf_unittest.cc            |    262 +
 nss/external_tests/ssl_gtest/tls_parser.cc    |     73 +
 nss/external_tests/ssl_gtest/tls_parser.h     |    125 +
 nss/external_tests/util_gtest/Makefile        |     45 +
 nss/external_tests/util_gtest/manifest.mn     |     26 +
 .../util_gtest/util_utf8_unittest.cc          |    979 +
 nss/fuzz/.clang-format                        |      4 +
 nss/fuzz/asn1_mutators.cc                     |    122 +
 nss/fuzz/asn1_mutators.h                      |     16 +
 nss/fuzz/certDN.options                       |      3 +
 nss/fuzz/certDN_target.cc                     |     45 +
 nss/fuzz/clone_corpus.sh                      |      4 +
 nss/fuzz/clone_libfuzzer.sh                   |     46 +
 nss/fuzz/fuzz.gyp                             |    302 +
 nss/fuzz/git-copy.sh                          |     32 +
 nss/fuzz/mpi-add.options                      |      3 +
 nss/fuzz/mpi-addmod.options                   |      3 +
 nss/fuzz/mpi-div.options                      |      3 +
 nss/fuzz/mpi-expmod.options                   |      3 +
 nss/fuzz/mpi-invmod.options                   |      2 +
 nss/fuzz/mpi-mod.options                      |      3 +
 nss/fuzz/mpi-mulmod.options                   |      3 +
 nss/fuzz/mpi-sqr.options                      |      3 +
 nss/fuzz/mpi-sqrmod.options                   |      3 +
 nss/fuzz/mpi-sub.options                      |      3 +
 nss/fuzz/mpi-submod.options                   |      3 +
 nss/fuzz/mpi_add_target.cc                    |     42 +
 nss/fuzz/mpi_addmod_target.cc                 |     27 +
 nss/fuzz/mpi_div_target.cc                    |     36 +
 nss/fuzz/mpi_expmod_target.cc                 |     27 +
 nss/fuzz/mpi_helper.cc                        |    100 +
 nss/fuzz/mpi_helper.h                         |     86 +
 nss/fuzz/mpi_invmod_target.cc                 |     70 +
 nss/fuzz/mpi_mod_target.cc                    |     36 +
 nss/fuzz/mpi_mulmod_target.cc                 |     27 +
 nss/fuzz/mpi_sqr_target.cc                    |     40 +
 nss/fuzz/mpi_sqrmod_target.cc                 |     36 +
 nss/fuzz/mpi_sub_target.cc                    |     42 +
 nss/fuzz/mpi_submod_target.cc                 |     27 +
 nss/fuzz/pkcs8_target.cc                      |     39 +
 nss/fuzz/quickder.options                     |      3 +
 nss/fuzz/quickder_target.cc                   |     85 +
 nss/fuzz/shared.h                             |     40 +
 nss/fuzz/tls-client-no_fuzzer_mode.options    |      3 +
 nss/fuzz/tls-client.options                   |      3 +
 nss/fuzz/tls_client_config.cc                 |     35 +
 nss/fuzz/tls_client_config.h                  |     24 +
 nss/fuzz/tls_client_socket.cc                 |     34 +
 nss/fuzz/tls_client_socket.h                  |     24 +
 nss/fuzz/tls_client_target.cc                 |    130 +
 nss/fuzz/warning.txt                          |     16 +
 nss/gtests/.clang-format                      |      4 +
 nss/gtests/Makefile                           |     44 +
 nss/gtests/README                             |     15 +
 nss/gtests/common/Makefile                    |     41 +
 nss/gtests/common/gtest.gypi                  |     45 +
 nss/gtests/common/gtest.mk                    |     36 +
 nss/gtests/common/gtests.cc                   |     26 +
 nss/gtests/common/manifest.mn                 |     22 +
 nss/gtests/der_gtest/Makefile                 |     43 +
 nss/gtests/der_gtest/der_getint_unittest.cc   |    122 +
 nss/gtests/der_gtest/der_gtest.gyp            |     30 +
 .../der_private_key_import_unittest.cc        |    110 +
 nss/gtests/der_gtest/manifest.mn              |     23 +
 nss/gtests/freebl_gtest/freebl_gtest.gyp      |     69 +
 nss/gtests/freebl_gtest/kat/Hash_DRBG.rsp     |  17702 ++
 nss/gtests/freebl_gtest/kat/Hash_DRBG.txt     |  44582 ++++
 nss/gtests/freebl_gtest/mpi_unittest.cc       |    120 +
 nss/gtests/freebl_gtest/prng_kat_unittest.cc  |    195 +
 nss/gtests/google_test/Makefile               |     44 +
 nss/gtests/google_test/google_test.gyp        |     26 +
 nss/gtests/google_test/gtest/CHANGES          |    157 +
 nss/gtests/google_test/gtest/CMakeLists.txt   |    260 +
 nss/gtests/google_test/gtest/CONTRIBUTORS     |     37 +
 nss/gtests/google_test/gtest/LICENSE          |     28 +
 nss/gtests/google_test/gtest/Makefile.am      |    306 +
 nss/gtests/google_test/gtest/README           |    435 +
 nss/gtests/google_test/gtest/build-aux/.keep  |      0
 .../gtest/cmake/internal_utils.cmake          |    242 +
 .../google_test/gtest/codegear/gtest.cbproj   |    138 +
 .../gtest/codegear/gtest.groupproj            |     54 +
 .../google_test/gtest/codegear/gtest_all.cc   |     38 +
 .../google_test/gtest/codegear/gtest_link.cc  |     40 +
 .../gtest/codegear/gtest_main.cbproj          |     82 +
 .../gtest/codegear/gtest_unittest.cbproj      |     88 +
 nss/gtests/google_test/gtest/configure.ac     |     68 +
 .../gtest/include/gtest/gtest-death-test.h    |    294 +
 .../gtest/include/gtest/gtest-message.h       |    250 +
 .../gtest/include/gtest/gtest-param-test.h    |   1421 +
 .../include/gtest/gtest-param-test.h.pump     |    487 +
 .../gtest/include/gtest/gtest-printers.h      |    891 +
 .../gtest/include/gtest/gtest-spi.h           |    232 +
 .../gtest/include/gtest/gtest-test-part.h     |    179 +
 .../gtest/include/gtest/gtest-typed-test.h    |    259 +
 .../google_test/gtest/include/gtest/gtest.h   |   2307 +
 .../gtest/include/gtest/gtest_pred_impl.h     |    358 +
 .../gtest/include/gtest/gtest_prod.h          |     58 +
 .../internal/gtest-death-test-internal.h      |    319 +
 .../include/gtest/internal/gtest-filepath.h   |    206 +
 .../include/gtest/internal/gtest-internal.h   |   1193 +
 .../include/gtest/internal/gtest-linked_ptr.h |    233 +
 .../internal/gtest-param-util-generated.h     |   5143 +
 .../gtest-param-util-generated.h.pump         |    301 +
 .../include/gtest/internal/gtest-param-util.h |    619 +
 .../gtest/include/gtest/internal/gtest-port.h |   2432 +
 .../include/gtest/internal/gtest-string.h     |    167 +
 .../include/gtest/internal/gtest-tuple.h      |   1020 +
 .../include/gtest/internal/gtest-tuple.h.pump |    347 +
 .../include/gtest/internal/gtest-type-util.h  |   3331 +
 .../gtest/internal/gtest-type-util.h.pump     |    297 +
 .../google_test/gtest/m4/acx_pthread.m4       |    363 +
 nss/gtests/google_test/gtest/m4/gtest.m4      |     74 +
 nss/gtests/google_test/gtest/make/Makefile    |     82 +
 .../google_test/gtest/msvc/gtest-md.sln       |     45 +
 .../google_test/gtest/msvc/gtest-md.vcproj    |    126 +
 nss/gtests/google_test/gtest/msvc/gtest.sln   |     45 +
 .../google_test/gtest/msvc/gtest.vcproj       |    126 +
 .../gtest/msvc/gtest_main-md.vcproj           |    129 +
 .../google_test/gtest/msvc/gtest_main.vcproj  |    129 +
 .../gtest/msvc/gtest_prod_test-md.vcproj      |    164 +
 .../gtest/msvc/gtest_prod_test.vcproj         |    164 +
 .../gtest/msvc/gtest_unittest-md.vcproj       |    147 +
 .../gtest/msvc/gtest_unittest.vcproj          |    147 +
 .../google_test/gtest/samples/prime_tables.h  |    123 +
 .../google_test/gtest/samples/sample1.cc      |     68 +
 .../google_test/gtest/samples/sample1.h       |     43 +
 .../gtest/samples/sample10_unittest.cc        |    144 +
 .../gtest/samples/sample1_unittest.cc         |    153 +
 .../google_test/gtest/samples/sample2.cc      |     56 +
 .../google_test/gtest/samples/sample2.h       |     85 +
 .../gtest/samples/sample2_unittest.cc         |    109 +
 .../google_test/gtest/samples/sample3-inl.h   |    172 +
 .../gtest/samples/sample3_unittest.cc         |    151 +
 .../google_test/gtest/samples/sample4.cc      |     46 +
 .../google_test/gtest/samples/sample4.h       |     53 +
 .../gtest/samples/sample4_unittest.cc         |     45 +
 .../gtest/samples/sample5_unittest.cc         |    199 +
 .../gtest/samples/sample6_unittest.cc         |    224 +
 .../gtest/samples/sample7_unittest.cc         |    130 +
 .../gtest/samples/sample8_unittest.cc         |    173 +
 .../gtest/samples/sample9_unittest.cc         |    160 +
 .../google_test/gtest/scripts/common.py       |     83 +
 .../gtest/scripts/fuse_gtest_files.py         |    250 +
 .../gtest/scripts/gen_gtest_pred_impl.py      |    730 +
 .../google_test/gtest/scripts/gtest-config.in |    274 +
 nss/gtests/google_test/gtest/scripts/pump.py  |    855 +
 .../google_test/gtest/scripts/release_docs.py |    158 +
 .../google_test/gtest/scripts/test/Makefile   |     59 +
 .../google_test/gtest/scripts/upload.py       |   1387 +
 .../google_test/gtest/scripts/upload_gtest.py |     78 +
 nss/gtests/google_test/gtest/src/gtest-all.cc |     48 +
 .../google_test/gtest/src/gtest-death-test.cc |   1346 +
 .../google_test/gtest/src/gtest-filepath.cc   |    387 +
 .../gtest/src/gtest-internal-inl.h            |   1192 +
 .../google_test/gtest/src/gtest-port.cc       |   1184 +
 .../google_test/gtest/src/gtest-printers.cc   |    373 +
 .../google_test/gtest/src/gtest-test-part.cc  |    110 +
 .../google_test/gtest/src/gtest-typed-test.cc |    110 +
 nss/gtests/google_test/gtest/src/gtest.cc     |   5291 +
 .../google_test/gtest/src/gtest_main.cc       |     38 +
 .../gtest/test/gtest-death-test_ex_test.cc    |     93 +
 .../gtest/test/gtest-death-test_test.cc       |   1423 +
 .../gtest/test/gtest-filepath_test.cc         |    680 +
 .../gtest/test/gtest-linked_ptr_test.cc       |    154 +
 .../gtest/test/gtest-listener_test.cc         |    310 +
 .../gtest/test/gtest-message_test.cc          |    159 +
 .../gtest/test/gtest-options_test.cc          |    215 +
 .../gtest/test/gtest-param-test2_test.cc      |     65 +
 .../gtest/test/gtest-param-test_test.cc       |    904 +
 .../gtest/test/gtest-param-test_test.h        |     57 +
 .../google_test/gtest/test/gtest-port_test.cc |   1323 +
 .../gtest/test/gtest-printers_test.cc         |   1651 +
 .../gtest/test/gtest-test-part_test.cc        |    208 +
 .../gtest/test/gtest-tuple_test.cc            |    320 +
 .../gtest/test/gtest-typed-test2_test.cc      |     45 +
 .../gtest/test/gtest-typed-test_test.cc       |    361 +
 .../gtest/test/gtest-typed-test_test.h        |     66 +
 .../gtest/test/gtest-unittest-api_test.cc     |    341 +
 .../google_test/gtest/test/gtest_all_test.cc  |     47 +
 .../test/gtest_break_on_failure_unittest.py   |    212 +
 .../test/gtest_break_on_failure_unittest_.cc  |     88 +
 .../gtest/test/gtest_catch_exceptions_test.py |    237 +
 .../test/gtest_catch_exceptions_test_.cc      |    311 +
 .../gtest/test/gtest_color_test.py            |    130 +
 .../gtest/test/gtest_color_test_.cc           |     71 +
 .../gtest/test/gtest_env_var_test.py          |    103 +
 .../gtest/test/gtest_env_var_test_.cc         |    126 +
 .../gtest/test/gtest_environment_test.cc      |    192 +
 .../gtest/test/gtest_filter_unittest.py       |    633 +
 .../gtest/test/gtest_filter_unittest_.cc      |    140 +
 .../google_test/gtest/test/gtest_help_test.py |    172 +
 .../gtest/test/gtest_help_test_.cc            |     46 +
 .../gtest/test/gtest_list_tests_unittest.py   |    207 +
 .../gtest/test/gtest_list_tests_unittest_.cc  |    157 +
 .../gtest/test/gtest_main_unittest.cc         |     45 +
 .../gtest/test/gtest_no_test_unittest.cc      |     56 +
 .../gtest/test/gtest_output_test.py           |    335 +
 .../gtest/test/gtest_output_test_.cc          |   1039 +
 .../test/gtest_output_test_golden_lin.txt     |    732 +
 .../gtest/test/gtest_pred_impl_unittest.cc    |   2427 +
 .../gtest/test/gtest_premature_exit_test.cc   |    143 +
 .../google_test/gtest/test/gtest_prod_test.cc |     57 +
 .../gtest/test/gtest_repeat_test.cc           |    253 +
 .../gtest/test/gtest_shuffle_test.py          |    325 +
 .../gtest/test/gtest_shuffle_test_.cc         |    103 +
 .../gtest/test/gtest_sole_header_test.cc      |     57 +
 .../gtest/test/gtest_stress_test.cc           |    256 +
 .../gtest/test/gtest_test_utils.py            |    320 +
 .../test/gtest_throw_on_failure_ex_test.cc    |     92 +
 .../gtest/test/gtest_throw_on_failure_test.py |    171 +
 .../test/gtest_throw_on_failure_test_.cc      |     72 +
 .../gtest/test/gtest_uninitialized_test.py    |     70 +
 .../gtest/test/gtest_uninitialized_test_.cc   |     43 +
 .../google_test/gtest/test/gtest_unittest.cc  |   7525 +
 .../gtest/test/gtest_xml_outfile1_test_.cc    |     49 +
 .../gtest/test/gtest_xml_outfile2_test_.cc    |     49 +
 .../gtest/test/gtest_xml_outfiles_test.py     |    132 +
 .../gtest/test/gtest_xml_output_unittest.py   |    307 +
 .../gtest/test/gtest_xml_output_unittest_.cc  |    181 +
 .../gtest/test/gtest_xml_test_utils.py        |    194 +
 .../google_test/gtest/test/production.cc      |     36 +
 .../google_test/gtest/test/production.h       |     55 +
 .../gtest/xcode/Config/DebugProject.xcconfig  |     30 +
 .../xcode/Config/FrameworkTarget.xcconfig     |     17 +
 .../gtest/xcode/Config/General.xcconfig       |     41 +
 .../xcode/Config/ReleaseProject.xcconfig      |     32 +
 .../xcode/Config/StaticLibraryTarget.xcconfig |     18 +
 .../gtest/xcode/Config/TestTarget.xcconfig    |      8 +
 .../gtest/xcode/Resources/Info.plist          |     30 +
 .../xcode/Samples/FrameworkSample/Info.plist  |     28 +
 .../WidgetFramework.xcodeproj/project.pbxproj |    457 +
 .../xcode/Samples/FrameworkSample/runtests.sh |     62 +
 .../xcode/Samples/FrameworkSample/widget.cc   |     63 +
 .../xcode/Samples/FrameworkSample/widget.h    |     59 +
 .../Samples/FrameworkSample/widget_test.cc    |     68 +
 .../gtest/xcode/Scripts/runtests.sh           |     65 +
 .../gtest/xcode/Scripts/versiongenerate.py    |    100 +
 .../xcode/gtest.xcodeproj/project.pbxproj     |   1135 +
 nss/gtests/google_test/manifest.mn            |     23 +
 nss/gtests/manifest.mn                        |     16 +
 nss/gtests/nss_bogo_shim/Makefile             |     52 +
 nss/gtests/nss_bogo_shim/config.cc            |     58 +
 nss/gtests/nss_bogo_shim/config.h             |     93 +
 nss/gtests/nss_bogo_shim/config.json          |     68 +
 nss/gtests/nss_bogo_shim/manifest.mn          |     20 +
 nss/gtests/nss_bogo_shim/nss_bogo_shim.cc     |    579 +
 nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp    |     76 +
 nss/gtests/nss_bogo_shim/nsskeys.cc           |     83 +
 nss/gtests/nss_bogo_shim/nsskeys.h            |     20 +
 nss/gtests/pk11_gtest/Makefile                |     43 +
 nss/gtests/pk11_gtest/manifest.mn             |     31 +
 .../pk11_gtest/pk11_aeskeywrap_unittest.cc    |    132 +
 .../pk11_chacha20poly1305_unittest.cc         |    263 +
 .../pk11_gtest/pk11_curve25519_unittest.cc    |    117 +
 nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc  |    156 +
 nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h    |    251 +
 nss/gtests/pk11_gtest/pk11_export_unittest.cc |     66 +
 nss/gtests/pk11_gtest/pk11_gtest.gyp          |     54 +
 nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc |     96 +
 nss/gtests/pk11_gtest/pk11_prf_unittest.cc    |    229 +
 nss/gtests/pk11_gtest/pk11_prng_unittest.cc   |     78 +
 nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc |    199 +
 nss/gtests/pk11_gtest/pk11_rsapss_vectors.h   |   1083 +
 nss/gtests/pk11_gtest/pk11_signature_test.h   |    140 +
 nss/gtests/ssl_gtest/Makefile                 |     56 +
 nss/gtests/ssl_gtest/databuffer.h             |    191 +
 nss/gtests/ssl_gtest/gtest_utils.h            |     57 +
 nss/gtests/ssl_gtest/libssl_internals.c       |    373 +
 nss/gtests/ssl_gtest/libssl_internals.h       |     54 +
 nss/gtests/ssl_gtest/manifest.mn              |     59 +
 nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc     |    285 +
 nss/gtests/ssl_gtest/ssl_agent_unittest.cc    |    210 +
 nss/gtests/ssl_gtest/ssl_auth_unittest.cc     |    831 +
 nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc |    257 +
 .../ssl_gtest/ssl_ciphersuite_unittest.cc     |    464 +
 nss/gtests/ssl_gtest/ssl_damage_unittest.cc   |     61 +
 nss/gtests/ssl_gtest/ssl_dhe_unittest.cc      |    614 +
 nss/gtests/ssl_gtest/ssl_drop_unittest.cc     |    133 +
 nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc     |    586 +
 nss/gtests/ssl_gtest/ssl_ems_unittest.cc      |    100 +
 nss/gtests/ssl_gtest/ssl_exporter_unittest.cc |    125 +
 .../ssl_gtest/ssl_extension_unittest.cc       |   1032 +
 nss/gtests/ssl_gtest/ssl_fragment_unittest.cc |    157 +
 nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc     |    229 +
 nss/gtests/ssl_gtest/ssl_gather_unittest.cc   |    153 +
 nss/gtests/ssl_gtest/ssl_gtest.cc             |     50 +
 nss/gtests/ssl_gtest/ssl_gtest.gyp            |    112 +
 nss/gtests/ssl_gtest/ssl_hrr_unittest.cc      |    363 +
 nss/gtests/ssl_gtest/ssl_loopback_unittest.cc |    273 +
 nss/gtests/ssl_gtest/ssl_record_unittest.cc   |    111 +
 .../ssl_gtest/ssl_resumption_unittest.cc      |    699 +
 nss/gtests/ssl_gtest/ssl_skip_unittest.cc     |    235 +
 .../ssl_gtest/ssl_staticrsa_unittest.cc       |    125 +
 .../ssl_gtest/ssl_v2_client_hello_unittest.cc |    373 +
 nss/gtests/ssl_gtest/ssl_version_unittest.cc  |    319 +
 nss/gtests/ssl_gtest/test_io.cc               |    251 +
 nss/gtests/ssl_gtest/test_io.h                |    174 +
 nss/gtests/ssl_gtest/tls_agent.cc             |   1027 +
 nss/gtests/ssl_gtest/tls_agent.h              |    535 +
 nss/gtests/ssl_gtest/tls_connect.cc           |    729 +
 nss/gtests/ssl_gtest/tls_connect.h            |    275 +
 nss/gtests/ssl_gtest/tls_filter.cc            |    617 +
 nss/gtests/ssl_gtest/tls_filter.h             |    401 +
 nss/gtests/ssl_gtest/tls_hkdf_unittest.cc     |    262 +
 nss/gtests/ssl_gtest/tls_parser.cc            |     73 +
 nss/gtests/ssl_gtest/tls_parser.h             |    132 +
 nss/gtests/ssl_gtest/tls_protect.cc           |    145 +
 nss/gtests/ssl_gtest/tls_protect.h            |     76 +
 nss/gtests/util_gtest/Makefile                |     45 +
 nss/gtests/util_gtest/manifest.mn             |     28 +
 nss/gtests/util_gtest/util_b64_unittest.cc    |     79 +
 nss/gtests/util_gtest/util_gtest.gyp          |     42 +
 nss/gtests/util_gtest/util_utf8_unittest.cc   |    986 +
 nss/lib/Makefile                              |     97 +
 nss/lib/base/Makefile                         |     11 +
 nss/lib/base/arena.c                          |   1143 +
 nss/lib/base/base.gyp                         |     32 +
 nss/lib/base/base.h                           |   1106 +
 nss/lib/base/baset.h                          |    124 +
 nss/lib/base/config.mk                        |     19 +
 nss/lib/base/error.c                          |    272 +
 nss/lib/base/errorval.c                       |     65 +
 nss/lib/base/exports.gyp                      |     33 +
 nss/lib/base/hash.c                           |    314 +
 nss/lib/base/hashops.c                        |     64 +
 nss/lib/base/item.c                           |    186 +
 nss/lib/base/libc.c                           |    143 +
 nss/lib/base/list.c                           |    405 +
 nss/lib/base/manifest.mn                      |     38 +
 nss/lib/base/nssbase.h                        |    233 +
 nss/lib/base/nssbaset.h                       |    118 +
 nss/lib/base/tracker.c                        |    378 +
 nss/lib/base/utf8.c                           |    679 +
 nss/lib/certdb/Makefile                       |     48 +
 nss/lib/certdb/alg1485.c                      |   1579 +
 nss/lib/certdb/cert.h                         |   1584 +
 nss/lib/certdb/certdb.c                       |   3231 +
 nss/lib/certdb/certdb.gyp                     |     34 +
 nss/lib/certdb/certdb.h                       |     89 +
 nss/lib/certdb/certi.h                        |    381 +
 nss/lib/certdb/certt.h                        |   1328 +
 nss/lib/certdb/certv3.c                       |    222 +
 nss/lib/certdb/certxutl.c                     |    493 +
 nss/lib/certdb/certxutl.h                     |     44 +
 nss/lib/certdb/config.mk                      |     15 +
 nss/lib/certdb/crl.c                          |   3045 +
 nss/lib/certdb/exports.gyp                    |     36 +
 nss/lib/certdb/genname.c                      |   1990 +
 nss/lib/certdb/genname.h                      |     93 +
 nss/lib/certdb/manifest.mn                    |     40 +
 nss/lib/certdb/polcyxtn.c                     |    806 +
 nss/lib/certdb/secname.c                      |    711 +
 nss/lib/certdb/stanpcertdb.c                  |   1035 +
 nss/lib/certdb/xauthkid.c                     |    128 +
 nss/lib/certdb/xbsconst.c                     |    143 +
 nss/lib/certdb/xconst.c                       |    269 +
 nss/lib/certdb/xconst.h                       |     30 +
 nss/lib/certhigh/Makefile                     |     48 +
 nss/lib/certhigh/certhigh.c                   |   1207 +
 nss/lib/certhigh/certhigh.gyp                 |     31 +
 nss/lib/certhigh/certhtml.c                   |    300 +
 nss/lib/certhigh/certreq.c                    |    331 +
 nss/lib/certhigh/certvfy.c                    |   2082 +
 nss/lib/certhigh/certvfypkix.c                |   2305 +
 nss/lib/certhigh/config.mk                    |     15 +
 nss/lib/certhigh/crlv2.c                      |    160 +
 nss/lib/certhigh/exports.gyp                  |     33 +
 nss/lib/certhigh/manifest.mn                  |     34 +
 nss/lib/certhigh/ocsp.c                       |   6120 +
 nss/lib/certhigh/ocsp.h                       |    723 +
 nss/lib/certhigh/ocspi.h                      |    166 +
 nss/lib/certhigh/ocspsig.c                    |    597 +
 nss/lib/certhigh/ocspt.h                      |    301 +
 nss/lib/certhigh/ocspti.h                     |    356 +
 nss/lib/certhigh/xcrldist.c                   |    212 +
 nss/lib/ckfw/Makefile                         |     39 +
 nss/lib/ckfw/builtins/Makefile                |     54 +
 nss/lib/ckfw/builtins/README                  |     45 +
 nss/lib/ckfw/builtins/anchor.c                |     17 +
 nss/lib/ckfw/builtins/bfind.c                 |    261 +
 nss/lib/ckfw/builtins/binst.c                 |     87 +
 nss/lib/ckfw/builtins/bobject.c               |    206 +
 nss/lib/ckfw/builtins/bsession.c              |     71 +
 nss/lib/ckfw/builtins/bslot.c                 |     81 +
 nss/lib/ckfw/builtins/btoken.c                |    135 +
 nss/lib/ckfw/builtins/builtins.gyp            |     61 +
 nss/lib/ckfw/builtins/builtins.h              |     66 +
 nss/lib/ckfw/builtins/certdata.perl           |    192 +
 nss/lib/ckfw/builtins/certdata.txt            |  30029 +++
 nss/lib/ckfw/builtins/ckbiver.c               |     18 +
 nss/lib/ckfw/builtins/config.mk               |     38 +
 nss/lib/ckfw/builtins/constants.c             |     64 +
 nss/lib/ckfw/builtins/exports.gyp             |     25 +
 nss/lib/ckfw/builtins/manifest.mn             |     30 +
 nss/lib/ckfw/builtins/nssckbi.def             |     26 +
 nss/lib/ckfw/builtins/nssckbi.h               |     60 +
 nss/lib/ckfw/builtins/nssckbi.rc              |     64 +
 nss/lib/ckfw/capi/Makefile                    |     75 +
 nss/lib/ckfw/capi/README                      |      7 +
 nss/lib/ckfw/capi/anchor.c                    |     17 +
 nss/lib/ckfw/capi/cfind.c                     |    562 +
 nss/lib/ckfw/capi/cinst.c                     |     97 +
 nss/lib/ckfw/capi/ckcapi.h                    |    242 +
 nss/lib/ckfw/capi/ckcapiver.c                 |     17 +
 nss/lib/ckfw/capi/cobject.c                   |   2226 +
 nss/lib/ckfw/capi/config.mk                   |     31 +
 nss/lib/ckfw/capi/constants.c                 |     63 +
 nss/lib/ckfw/capi/crsa.c                      |    687 +
 nss/lib/ckfw/capi/csession.c                  |     87 +
 nss/lib/ckfw/capi/cslot.c                     |     81 +
 nss/lib/ckfw/capi/ctoken.c                    |    184 +
 nss/lib/ckfw/capi/manifest.mn                 |     33 +
 nss/lib/ckfw/capi/nsscapi.def                 |     26 +
 nss/lib/ckfw/capi/nsscapi.h                   |     41 +
 nss/lib/ckfw/capi/nsscapi.rc                  |     64 +
 nss/lib/ckfw/capi/staticobj.c                 |     40 +
 nss/lib/ckfw/ck.api                           |    541 +
 nss/lib/ckfw/ck.h                             |     88 +
 nss/lib/ckfw/ckapi.perl                       |    434 +
 nss/lib/ckfw/ckfw.gyp                         |     34 +
 nss/lib/ckfw/ckfw.h                           |   2049 +
 nss/lib/ckfw/ckfwm.h                          |    112 +
 nss/lib/ckfw/ckfwtm.h                         |     23 +
 nss/lib/ckfw/ckmd.h                           |     28 +
 nss/lib/ckfw/ckt.h                            |      8 +
 nss/lib/ckfw/config.mk                        |     25 +
 nss/lib/ckfw/crypto.c                         |    318 +
 nss/lib/ckfw/dbm/Makefile                     |      9 +
 nss/lib/ckfw/dbm/anchor.c                     |     17 +
 nss/lib/ckfw/dbm/ckdbm.h                      |    210 +
 nss/lib/ckfw/dbm/config.mk                    |      8 +
 nss/lib/ckfw/dbm/db.c                         |   1069 +
 nss/lib/ckfw/dbm/find.c                       |    126 +
 nss/lib/ckfw/dbm/instance.c                   |    147 +
 nss/lib/ckfw/dbm/manifest.mn                  |     25 +
 nss/lib/ckfw/dbm/object.c                     |    155 +
 nss/lib/ckfw/dbm/session.c                    |    255 +
 nss/lib/ckfw/dbm/slot.c                       |    165 +
 nss/lib/ckfw/dbm/token.c                      |    260 +
 nss/lib/ckfw/exports.gyp                      |     44 +
 nss/lib/ckfw/find.c                           |    362 +
 nss/lib/ckfw/hash.c                           |    280 +
 nss/lib/ckfw/instance.c                       |   1294 +
 nss/lib/ckfw/manifest.mn                      |     53 +
 nss/lib/ckfw/mechanism.c                      |   1102 +
 nss/lib/ckfw/mutex.c                          |    248 +
 nss/lib/ckfw/nssck.api                        |   1854 +
 nss/lib/ckfw/nssckepv.h                       |     10 +
 nss/lib/ckfw/nssckft.h                        |     11 +
 nss/lib/ckfw/nssckfw.h                        |    462 +
 nss/lib/ckfw/nssckfwc.h                       |    879 +
 nss/lib/ckfw/nssckfwt.h                       |    109 +
 nss/lib/ckfw/nssckg.h                         |     10 +
 nss/lib/ckfw/nssckmdt.h                       |   1904 +
 nss/lib/ckfw/nssckt.h                         |     12 +
 nss/lib/ckfw/nssmkey/Makefile                 |     72 +
 nss/lib/ckfw/nssmkey/README                   |     21 +
 nss/lib/ckfw/nssmkey/ckmk.h                   |    182 +
 nss/lib/ckfw/nssmkey/ckmkver.c                |     17 +
 nss/lib/ckfw/nssmkey/config.mk                |     24 +
 nss/lib/ckfw/nssmkey/manchor.c                |     17 +
 nss/lib/ckfw/nssmkey/manifest.mn              |     33 +
 nss/lib/ckfw/nssmkey/mconstants.c             |     61 +
 nss/lib/ckfw/nssmkey/mfind.c                  |    352 +
 nss/lib/ckfw/nssmkey/minst.c                  |     97 +
 nss/lib/ckfw/nssmkey/mobject.c                |   1861 +
 nss/lib/ckfw/nssmkey/mrsa.c                   |    479 +
 nss/lib/ckfw/nssmkey/msession.c               |     87 +
 nss/lib/ckfw/nssmkey/mslot.c                  |     81 +
 nss/lib/ckfw/nssmkey/mtoken.c                 |    184 +
 nss/lib/ckfw/nssmkey/nssmkey.def              |     26 +
 nss/lib/ckfw/nssmkey/nssmkey.h                |     41 +
 nss/lib/ckfw/nssmkey/staticobj.c              |     36 +
 nss/lib/ckfw/object.c                         |    973 +
 nss/lib/ckfw/session.c                        |   2390 +
 nss/lib/ckfw/sessobj.c                        |   1012 +
 nss/lib/ckfw/slot.c                           |    694 +
 nss/lib/ckfw/token.c                          |   1791 +
 nss/lib/ckfw/wrap.c                           |   5550 +
 nss/lib/crmf/Makefile                         |     49 +
 nss/lib/crmf/asn1cmn.c                        |    216 +
 nss/lib/crmf/challcli.c                       |    238 +
 nss/lib/crmf/cmmf.h                           |   1082 +
 nss/lib/crmf/cmmfasn1.c                       |    131 +
 nss/lib/crmf/cmmfchal.c                       |    289 +
 nss/lib/crmf/cmmfi.h                          |     92 +
 nss/lib/crmf/cmmfit.h                         |    115 +
 nss/lib/crmf/cmmfrec.c                        |    316 +
 nss/lib/crmf/cmmfresp.c                       |    280 +
 nss/lib/crmf/cmmft.h                          |     73 +
 nss/lib/crmf/config.mk                        |     16 +
 nss/lib/crmf/crmf.gyp                         |     43 +
 nss/lib/crmf/crmf.h                           |   1741 +
 nss/lib/crmf/crmfcont.c                       |   1161 +
 nss/lib/crmf/crmfdec.c                        |    360 +
 nss/lib/crmf/crmfenc.c                        |     48 +
 nss/lib/crmf/crmffut.h                        |    357 +
 nss/lib/crmf/crmfget.c                        |    443 +
 nss/lib/crmf/crmfi.h                          |    185 +
 nss/lib/crmf/crmfit.h                         |    185 +
 nss/lib/crmf/crmfpop.c                        |    598 +
 nss/lib/crmf/crmfreq.c                        |    663 +
 nss/lib/crmf/crmft.h                          |    186 +
 nss/lib/crmf/crmftmpl.c                       |    240 +
 nss/lib/crmf/encutil.c                        |     33 +
 nss/lib/crmf/exports.gyp                      |     37 +
 nss/lib/crmf/manifest.mn                      |     46 +
 nss/lib/crmf/respcli.c                        |    136 +
 nss/lib/crmf/respcmn.c                        |    399 +
 nss/lib/crmf/servget.c                        |    974 +
 nss/lib/cryptohi/Makefile                     |     49 +
 nss/lib/cryptohi/config.mk                    |     15 +
 nss/lib/cryptohi/cryptohi.gyp                 |     27 +
 nss/lib/cryptohi/cryptohi.h                   |    364 +
 nss/lib/cryptohi/cryptoht.h                   |     14 +
 nss/lib/cryptohi/dsautil.c                    |    272 +
 nss/lib/cryptohi/exports.gyp                  |     37 +
 nss/lib/cryptohi/key.h                        |     12 +
 nss/lib/cryptohi/keyhi.h                      |    271 +
 nss/lib/cryptohi/keyi.h                       |     22 +
 nss/lib/cryptohi/keyt.h                       |     10 +
 nss/lib/cryptohi/keythi.h                     |    247 +
 nss/lib/cryptohi/manifest.mn                  |     36 +
 nss/lib/cryptohi/sechash.c                    |    438 +
 nss/lib/cryptohi/sechash.h                    |     58 +
 nss/lib/cryptohi/seckey.c                     |   1976 +
 nss/lib/cryptohi/secsign.c                    |    510 +
 nss/lib/cryptohi/secvfy.c                     |    781 +
 nss/lib/dbm/Makefile                          |     52 +
 nss/lib/dbm/config/config.mk                  |     35 +
 nss/lib/dbm/include/Makefile                  |     47 +
 nss/lib/dbm/include/exports.gyp               |     38 +
 nss/lib/dbm/include/extern.h                  |     63 +
 nss/lib/dbm/include/hash.h                    |    341 +
 nss/lib/dbm/include/hsearch.h                 |     50 +
 nss/lib/dbm/include/include.gyp               |     12 +
 nss/lib/dbm/include/manifest.mn               |     23 +
 nss/lib/dbm/include/mcom_db.h                 |    423 +
 nss/lib/dbm/include/ncompat.h                 |    224 +
 nss/lib/dbm/include/page.h                    |     93 +
 nss/lib/dbm/include/queue.h                   |    258 +
 nss/lib/dbm/include/search.h                  |     50 +
 nss/lib/dbm/include/winfile.h                 |    103 +
 nss/lib/dbm/manifest.mn                       |     17 +
 nss/lib/dbm/src/Makefile                      |     48 +
 nss/lib/dbm/src/config.mk                     |     33 +
 nss/lib/dbm/src/db.c                          |    134 +
 nss/lib/dbm/src/dirent.c                      |    344 +
 nss/lib/dbm/src/dirent.h                      |     97 +
 nss/lib/dbm/src/h_bigkey.c                    |    707 +
 nss/lib/dbm/src/h_func.c                      |    207 +
 nss/lib/dbm/src/h_log2.c                      |     54 +
 nss/lib/dbm/src/h_page.c                      |   1252 +
 nss/lib/dbm/src/hash.c                        |   1172 +
 nss/lib/dbm/src/hash_buf.c                    |    407 +
 nss/lib/dbm/src/manifest.mn                   |     28 +
 nss/lib/dbm/src/memmove.c                     |    146 +
 nss/lib/dbm/src/mktemp.c                      |    149 +
 nss/lib/dbm/src/snprintf.c                    |     50 +
 nss/lib/dbm/src/src.gyp                       |     40 +
 nss/lib/dbm/src/strerror.c                    |     73 +
 nss/lib/dbm/tests/Makefile                    |     41 +
 nss/lib/dbm/tests/dbmtest.pkg                 |      2 +
 nss/lib/dbm/tests/lots.c                      |    553 +
 nss/lib/dev/Makefile                          |     24 +
 nss/lib/dev/ckhelper.c                        |    592 +
 nss/lib/dev/ckhelper.h                        |    148 +
 nss/lib/dev/config.mk                         |     19 +
 nss/lib/dev/dev.gyp                           |     26 +
 nss/lib/dev/dev.h                             |    747 +
 nss/lib/dev/devm.h                            |    157 +
 nss/lib/dev/devslot.c                         |    254 +
 nss/lib/dev/devt.h                            |    147 +
 nss/lib/dev/devtm.h                           |     25 +
 nss/lib/dev/devtoken.c                        |   1558 +
 nss/lib/dev/devutil.c                         |    998 +
 nss/lib/dev/exports.gyp                       |     31 +
 nss/lib/dev/manifest.mn                       |     35 +
 nss/lib/dev/nssdev.h                          |     36 +
 nss/lib/dev/nssdevt.h                         |     36 +
 nss/lib/freebl/Makefile                       |    751 +
 nss/lib/freebl/aeskeywrap.c                   |    389 +
 nss/lib/freebl/alg2268.c                      |    509 +
 nss/lib/freebl/alghmac.c                      |    166 +
 nss/lib/freebl/alghmac.h                      |     64 +
 nss/lib/freebl/arcfive.c                      |     87 +
 nss/lib/freebl/arcfour-amd64-gas.s            |     88 +
 nss/lib/freebl/arcfour-amd64-masm.asm         |    107 +
 nss/lib/freebl/arcfour-amd64-sun.s            |     84 +
 nss/lib/freebl/arcfour.c                      |    594 +
 nss/lib/freebl/blapi.h                        |   1625 +
 nss/lib/freebl/blapii.h                       |     61 +
 nss/lib/freebl/blapit.h                       |    414 +
 nss/lib/freebl/blname.c                       |    100 +
 nss/lib/freebl/camellia.c                     |   1896 +
 nss/lib/freebl/camellia.h                     |     42 +
 nss/lib/freebl/chacha20.c                     |    119 +
 nss/lib/freebl/chacha20.h                     |     26 +
 nss/lib/freebl/chacha20_vec.c                 |    327 +
 nss/lib/freebl/chacha20poly1305.c             |    198 +
 nss/lib/freebl/chacha20poly1305.h             |     15 +
 nss/lib/freebl/config.mk                      |     97 +
 nss/lib/freebl/ctr.c                          |    246 +
 nss/lib/freebl/ctr.h                          |     53 +
 nss/lib/freebl/cts.c                          |    307 +
 nss/lib/freebl/cts.h                          |     33 +
 nss/lib/freebl/des.c                          |    676 +
 nss/lib/freebl/des.h                          |     43 +
 nss/lib/freebl/desblapi.c                     |    256 +
 nss/lib/freebl/det_rng.c                      |     67 +
 nss/lib/freebl/det_rng.h                      |     12 +
 nss/lib/freebl/dh.c                           |    452 +
 nss/lib/freebl/drbg.c                         |    972 +
 nss/lib/freebl/dsa.c                          |    647 +
 nss/lib/freebl/ec.c                           |   1169 +
 nss/lib/freebl/ec.h                           |     21 +
 nss/lib/freebl/ecdecode.c                     |    311 +
 nss/lib/freebl/ecl/README                     |    163 +
 nss/lib/freebl/ecl/README.FP                  |    284 +
 nss/lib/freebl/ecl/curve25519_32.c            |    390 +
 nss/lib/freebl/ecl/curve25519_64.c            |    514 +
 nss/lib/freebl/ecl/ec2.h                      |     92 +
 nss/lib/freebl/ecl/ec2_163.c                  |    223 +
 nss/lib/freebl/ecl/ec2_193.c                  |    240 +
 nss/lib/freebl/ecl/ec2_233.c                  |    263 +
 nss/lib/freebl/ecl/ec2_aff.c                  |    298 +
 nss/lib/freebl/ecl/ec2_mont.c                 |    230 +
 nss/lib/freebl/ecl/ec2_proj.c                 |    328 +
 nss/lib/freebl/ecl/ec_naf.c                   |     68 +
 nss/lib/freebl/ecl/ecl-curve.h                |    123 +
 nss/lib/freebl/ecl/ecl-exp.h                  |    167 +
 nss/lib/freebl/ecl/ecl-priv.h                 |    257 +
 nss/lib/freebl/ecl/ecl.c                      |    301 +
 nss/lib/freebl/ecl/ecl.h                      |     60 +
 nss/lib/freebl/ecl/ecl_curve.c                |     93 +
 nss/lib/freebl/ecl/ecl_gf.c                   |    958 +
 nss/lib/freebl/ecl/ecl_mult.c                 |    305 +
 nss/lib/freebl/ecl/ecp.h                      |    106 +
 nss/lib/freebl/ecl/ecp_192.c                  |    493 +
 nss/lib/freebl/ecl/ecp_224.c                  |    351 +
 nss/lib/freebl/ecl/ecp_25519.c                |    119 +
 nss/lib/freebl/ecl/ecp_256.c                  |    401 +
 nss/lib/freebl/ecl/ecp_256_32.c               |   1535 +
 nss/lib/freebl/ecl/ecp_384.c                  |    258 +
 nss/lib/freebl/ecl/ecp_521.c                  |    137 +
 nss/lib/freebl/ecl/ecp_aff.c                  |    308 +
 nss/lib/freebl/ecl/ecp_fp.c                   |    531 +
 nss/lib/freebl/ecl/ecp_fp.h                   |    371 +
 nss/lib/freebl/ecl/ecp_fp160.c                |    145 +
 nss/lib/freebl/ecl/ecp_fp192.c                |    143 +
 nss/lib/freebl/ecl/ecp_fp224.c                |    156 +
 nss/lib/freebl/ecl/ecp_fpinc.c                |   1077 +
 nss/lib/freebl/ecl/ecp_jac.c                  |    513 +
 nss/lib/freebl/ecl/ecp_jm.c                   |    283 +
 nss/lib/freebl/ecl/ecp_mont.c                 |    154 +
 nss/lib/freebl/ecl/tests/ec2_test.c           |    461 +
 nss/lib/freebl/ecl/tests/ec_naft.c            |    121 +
 nss/lib/freebl/ecl/tests/ecp_fpt.c            |   1075 +
 nss/lib/freebl/ecl/tests/ecp_test.c           |    408 +
 nss/lib/freebl/ecl/uint128.c                  |     90 +
 nss/lib/freebl/ecl/uint128.h                  |     35 +
 nss/lib/freebl/exports.gyp                    |     48 +
 nss/lib/freebl/fipsfreebl.c                   |   1715 +
 nss/lib/freebl/freebl.def                     |     26 +
 nss/lib/freebl/freebl.gyp                     |    268 +
 nss/lib/freebl/freebl.rc                      |     68 +
 nss/lib/freebl/freebl_base.gypi               |    199 +
 nss/lib/freebl/freebl_hash.def                |     39 +
 nss/lib/freebl/freebl_hash_vector.def         |     34 +
 nss/lib/freebl/freeblver.c                    |     18 +
 nss/lib/freebl/gcm.c                          |    860 +
 nss/lib/freebl/gcm.h                          |     31 +
 nss/lib/freebl/genload.c                      |    167 +
 nss/lib/freebl/hmacct.c                       |    335 +
 nss/lib/freebl/hmacct.h                       |     38 +
 nss/lib/freebl/intel-aes-x64-masm.asm         |    971 +
 nss/lib/freebl/intel-aes-x86-masm.asm         |    949 +
 nss/lib/freebl/intel-aes.h                    |    143 +
 nss/lib/freebl/intel-aes.s                    |   2514 +
 nss/lib/freebl/intel-gcm-wrap.c               |    254 +
 nss/lib/freebl/intel-gcm-x64-masm.asm         |   1295 +
 nss/lib/freebl/intel-gcm-x86-masm.asm         |   1209 +
 nss/lib/freebl/intel-gcm.h                    |     83 +
 nss/lib/freebl/intel-gcm.s                    |   1340 +
 nss/lib/freebl/jpake.c                        |    495 +
 nss/lib/freebl/ldvector.c                     |    353 +
 nss/lib/freebl/loader.c                       |   2126 +
 nss/lib/freebl/loader.h                       |    788 +
 nss/lib/freebl/lowhash_vector.c               |    217 +
 nss/lib/freebl/manifest.mn                    |    195 +
 nss/lib/freebl/md2.c                          |    269 +
 nss/lib/freebl/md5.c                          |    598 +
 nss/lib/freebl/mknewpc2.c                     |    208 +
 nss/lib/freebl/mksp.c                         |    119 +
 nss/lib/freebl/mpi/Makefile                   |    244 +
 nss/lib/freebl/mpi/Makefile.os2               |    243 +
 nss/lib/freebl/mpi/Makefile.win               |    254 +
 nss/lib/freebl/mpi/README                     |    746 +
 nss/lib/freebl/mpi/all-tests                  |     83 +
 nss/lib/freebl/mpi/doc/LICENSE                |     11 +
 nss/lib/freebl/mpi/doc/LICENSE-MPL            |      3 +
 nss/lib/freebl/mpi/doc/basecvt.pod            |     65 +
 nss/lib/freebl/mpi/doc/build                  |     30 +
 nss/lib/freebl/mpi/doc/div.txt                |     64 +
 nss/lib/freebl/mpi/doc/expt.txt               |     94 +
 nss/lib/freebl/mpi/doc/gcd.pod                |     28 +
 nss/lib/freebl/mpi/doc/invmod.pod             |     34 +
 nss/lib/freebl/mpi/doc/isprime.pod            |     63 +
 nss/lib/freebl/mpi/doc/lap.pod                |     36 +
 nss/lib/freebl/mpi/doc/mpi-test.pod           |     51 +
 nss/lib/freebl/mpi/doc/mul.txt                |     77 +
 nss/lib/freebl/mpi/doc/pi.txt                 |     53 +
 nss/lib/freebl/mpi/doc/prime.txt              |   6542 +
 nss/lib/freebl/mpi/doc/prng.pod               |     38 +
 nss/lib/freebl/mpi/doc/redux.txt              |     86 +
 nss/lib/freebl/mpi/doc/sqrt.txt               |     50 +
 nss/lib/freebl/mpi/doc/square.txt             |     72 +
 nss/lib/freebl/mpi/doc/timing.txt             |    213 +
 nss/lib/freebl/mpi/hpma512.s                  |    615 +
 nss/lib/freebl/mpi/hppa20.s                   |    904 +
 nss/lib/freebl/mpi/hppatch.adb                |     21 +
 nss/lib/freebl/mpi/logtab.h                   |     28 +
 nss/lib/freebl/mpi/make-logtab                |     29 +
 nss/lib/freebl/mpi/make-test-arrays           |     98 +
 nss/lib/freebl/mpi/mdxptest.c                 |    306 +
 nss/lib/freebl/mpi/montmulf.c                 |    286 +
 nss/lib/freebl/mpi/montmulf.h                 |     65 +
 nss/lib/freebl/mpi/montmulf.il                |    108 +
 nss/lib/freebl/mpi/montmulf.s                 |   1938 +
 nss/lib/freebl/mpi/montmulfv8.il              |    108 +
 nss/lib/freebl/mpi/montmulfv8.s               |   1818 +
 nss/lib/freebl/mpi/montmulfv9.il              |     93 +
 nss/lib/freebl/mpi/montmulfv9.s               |   2346 +
 nss/lib/freebl/mpi/mp_comba.c                 |   3235 +
 nss/lib/freebl/mpi/mp_comba_amd64_masm.asm    |  13066 +
 nss/lib/freebl/mpi/mp_comba_amd64_sun.s       |  16097 ++
 nss/lib/freebl/mpi/mp_gf2m-priv.h             |     73 +
 nss/lib/freebl/mpi/mp_gf2m.c                  |    678 +
 nss/lib/freebl/mpi/mp_gf2m.h                  |     28 +
 nss/lib/freebl/mpi/mpcpucache.c               |    808 +
 nss/lib/freebl/mpi/mpcpucache_amd64.s         |    861 +
 nss/lib/freebl/mpi/mpcpucache_x86.s           |    902 +
 nss/lib/freebl/mpi/mpi-config.h               |     64 +
 nss/lib/freebl/mpi/mpi-priv.h                 |    243 +
 nss/lib/freebl/mpi/mpi-test.c                 |   2160 +
 nss/lib/freebl/mpi/mpi.c                      |   4837 +
 nss/lib/freebl/mpi/mpi.h                      |    311 +
 nss/lib/freebl/mpi/mpi_amd64.c                |     32 +
 nss/lib/freebl/mpi/mpi_amd64_gas.s            |    389 +
 nss/lib/freebl/mpi/mpi_amd64_masm.asm         |    388 +
 nss/lib/freebl/mpi/mpi_amd64_sun.s            |    385 +
 nss/lib/freebl/mpi/mpi_arm.c                  |    175 +
 nss/lib/freebl/mpi/mpi_hp.c                   |     81 +
 nss/lib/freebl/mpi/mpi_i86pc.s                |    313 +
 nss/lib/freebl/mpi/mpi_mips.s                 |    472 +
 nss/lib/freebl/mpi/mpi_sparc.c                |    226 +
 nss/lib/freebl/mpi/mpi_sse2.s                 |    294 +
 nss/lib/freebl/mpi/mpi_x86.s                  |    541 +
 nss/lib/freebl/mpi/mpi_x86_asm.c              |    531 +
 nss/lib/freebl/mpi/mpi_x86_os2.s              |    538 +
 nss/lib/freebl/mpi/mplogic.c                  |    443 +
 nss/lib/freebl/mpi/mplogic.h                  |     52 +
 nss/lib/freebl/mpi/mpmontg.c                  |   1141 +
 nss/lib/freebl/mpi/mpprime.c                  |    599 +
 nss/lib/freebl/mpi/mpprime.h                  |     42 +
 nss/lib/freebl/mpi/mpv_sparc.c                |    221 +
 nss/lib/freebl/mpi/mpv_sparcv8.s              |   1607 +
 nss/lib/freebl/mpi/mpv_sparcv9.s              |   1645 +
 nss/lib/freebl/mpi/mpvalpha.c                 |    183 +
 nss/lib/freebl/mpi/mulsqr.c                   |     84 +
 nss/lib/freebl/mpi/multest                    |     76 +
 nss/lib/freebl/mpi/primes.c                   |    841 +
 nss/lib/freebl/mpi/stats                      |     39 +
 nss/lib/freebl/mpi/target.mk                  |    233 +
 nss/lib/freebl/mpi/test-arrays.txt            |     55 +
 nss/lib/freebl/mpi/test-info.c                |    160 +
 nss/lib/freebl/mpi/tests/LICENSE              |      6 +
 nss/lib/freebl/mpi/tests/LICENSE-MPL          |      3 +
 nss/lib/freebl/mpi/tests/mptest-1.c           |     43 +
 nss/lib/freebl/mpi/tests/mptest-2.c           |     62 +
 nss/lib/freebl/mpi/tests/mptest-3.c           |    105 +
 nss/lib/freebl/mpi/tests/mptest-3a.c          |    123 +
 nss/lib/freebl/mpi/tests/mptest-4.c           |    111 +
 nss/lib/freebl/mpi/tests/mptest-4a.c          |    109 +
 nss/lib/freebl/mpi/tests/mptest-4b.c          |    107 +
 nss/lib/freebl/mpi/tests/mptest-5.c           |     85 +
 nss/lib/freebl/mpi/tests/mptest-5a.c          |    147 +
 nss/lib/freebl/mpi/tests/mptest-6.c           |     78 +
 nss/lib/freebl/mpi/tests/mptest-7.c           |     85 +
 nss/lib/freebl/mpi/tests/mptest-8.c           |     68 +
 nss/lib/freebl/mpi/tests/mptest-9.c           |    109 +
 nss/lib/freebl/mpi/tests/mptest-b.c           |    230 +
 nss/lib/freebl/mpi/tests/pi1k.txt             |      1 +
 nss/lib/freebl/mpi/tests/pi2k.txt             |      1 +
 nss/lib/freebl/mpi/tests/pi5k.txt             |      1 +
 nss/lib/freebl/mpi/timetest                   |     99 +
 nss/lib/freebl/mpi/types.pl                   |    127 +
 nss/lib/freebl/mpi/utils/LICENSE              |      4 +
 nss/lib/freebl/mpi/utils/LICENSE-MPL          |      3 +
 nss/lib/freebl/mpi/utils/PRIMES               |     41 +
 nss/lib/freebl/mpi/utils/README               |    206 +
 nss/lib/freebl/mpi/utils/basecvt.c            |     68 +
 nss/lib/freebl/mpi/utils/bbs_rand.c           |     65 +
 nss/lib/freebl/mpi/utils/bbs_rand.h           |     24 +
 nss/lib/freebl/mpi/utils/bbsrand.c            |     35 +
 nss/lib/freebl/mpi/utils/dec2hex.c            |     40 +
 nss/lib/freebl/mpi/utils/exptmod.c            |     55 +
 nss/lib/freebl/mpi/utils/fact.c               |     84 +
 nss/lib/freebl/mpi/utils/gcd.c                |     95 +
 nss/lib/freebl/mpi/utils/hex2dec.c            |     40 +
 nss/lib/freebl/mpi/utils/identest.c           |     84 +
 nss/lib/freebl/mpi/utils/invmod.c             |     61 +
 nss/lib/freebl/mpi/utils/isprime.c            |     89 +
 nss/lib/freebl/mpi/utils/lap.c                |     90 +
 nss/lib/freebl/mpi/utils/makeprime.c          |    116 +
 nss/lib/freebl/mpi/utils/metime.c             |    102 +
 nss/lib/freebl/mpi/utils/pi.c                 |    171 +
 nss/lib/freebl/mpi/utils/primegen.c           |    159 +
 nss/lib/freebl/mpi/utils/prng.c               |     57 +
 nss/lib/freebl/mpi/utils/ptab.pl              |     26 +
 nss/lib/freebl/mpi/utils/sieve.c              |    243 +
 nss/lib/freebl/mpi/vis_32.il                  |   1291 +
 nss/lib/freebl/mpi/vis_64.il                  |    997 +
 nss/lib/freebl/mpi/vis_proto.h                |    234 +
 nss/lib/freebl/nsslowhash.c                   |    150 +
 nss/lib/freebl/nsslowhash.h                   |     33 +
 nss/lib/freebl/os2_rand.c                     |    334 +
 ...ly1305-donna-x64-sse2-incremental-source.c |    881 +
 nss/lib/freebl/poly1305.c                     |    314 +
 nss/lib/freebl/poly1305.h                     |     28 +
 nss/lib/freebl/pqg.c                          |   1878 +
 nss/lib/freebl/pqg.h                          |     25 +
 nss/lib/freebl/rawhash.c                      |    154 +
 nss/lib/freebl/ret_cr16.s                     |     27 +
 nss/lib/freebl/rijndael.c                     |   1375 +
 nss/lib/freebl/rijndael.h                     |     67 +
 nss/lib/freebl/rijndael32.tab                 |   1219 +
 nss/lib/freebl/rijndael_tables.c              |    215 +
 nss/lib/freebl/rsa.c                          |   1628 +
 nss/lib/freebl/rsapkcs.c                      |   1425 +
 nss/lib/freebl/secmpi.h                       |     54 +
 nss/lib/freebl/secrng.h                       |     65 +
 nss/lib/freebl/seed.c                         |    641 +
 nss/lib/freebl/seed.h                         |    125 +
 nss/lib/freebl/sha-fast-amd64-sun.s           |   2151 +
 nss/lib/freebl/sha256.h                       |     19 +
 nss/lib/freebl/sha512.c                       |   1655 +
 nss/lib/freebl/sha_fast.c                     |    545 +
 nss/lib/freebl/sha_fast.h                     |    176 +
 nss/lib/freebl/shsign.h                       |     14 +
 nss/lib/freebl/shvfy.c                        |    534 +
 nss/lib/freebl/stubs.c                        |    711 +
 nss/lib/freebl/stubs.h                        |     66 +
 nss/lib/freebl/sysrand.c                      |     16 +
 nss/lib/freebl/tlsprfalg.c                    |    134 +
 nss/lib/freebl/unix_rand.c                    |   1083 +
 nss/lib/freebl/win_rand.c                     |    161 +
 nss/lib/jar/Makefile                          |     11 +
 nss/lib/jar/config.mk                         |     26 +
 nss/lib/jar/exports.gyp                       |     27 +
 nss/lib/jar/jar-ds.c                          |     36 +
 nss/lib/jar/jar-ds.h                          |     77 +
 nss/lib/jar/jar.c                             |    687 +
 nss/lib/jar/jar.gyp                           |     76 +
 nss/lib/jar/jar.h                             |    372 +
 nss/lib/jar/jarfile.c                         |    966 +
 nss/lib/jar/jarfile.h                         |     76 +
 nss/lib/jar/jarint.c                          |     52 +
 nss/lib/jar/jarint.h                          |     54 +
 nss/lib/jar/jarnav.c                          |     63 +
 nss/lib/jar/jarsign.c                         |    250 +
 nss/lib/jar/jarver.c                          |   1167 +
 nss/lib/jar/jzconf.h                          |    189 +
 nss/lib/jar/jzlib.h                           |    916 +
 nss/lib/jar/manifest.mn                       |     25 +
 nss/lib/libpkix/Makefile                      |     48 +
 nss/lib/libpkix/config.mk                     |     16 +
 nss/lib/libpkix/include/Makefile              |     48 +
 nss/lib/libpkix/include/config.mk             |     15 +
 nss/lib/libpkix/include/exports.gyp           |     38 +
 nss/lib/libpkix/include/include.gyp           |     12 +
 nss/lib/libpkix/include/manifest.mn           |     32 +
 nss/lib/libpkix/include/pkix.h                |    301 +
 nss/lib/libpkix/include/pkix_certsel.h        |   1826 +
 nss/lib/libpkix/include/pkix_certstore.h      |    714 +
 nss/lib/libpkix/include/pkix_checker.h        |    394 +
 nss/lib/libpkix/include/pkix_crlsel.h         |    759 +
 nss/lib/libpkix/include/pkix_errorstrings.h   |   1099 +
 nss/lib/libpkix/include/pkix_params.h         |   1793 +
 nss/lib/libpkix/include/pkix_pl_pki.h         |   2735 +
 nss/lib/libpkix/include/pkix_pl_system.h      |   1545 +
 nss/lib/libpkix/include/pkix_results.h        |    425 +
 nss/lib/libpkix/include/pkix_revchecker.h     |    215 +
 nss/lib/libpkix/include/pkix_sample_modules.h |    420 +
 nss/lib/libpkix/include/pkix_util.h           |    941 +
 nss/lib/libpkix/include/pkixt.h               |    485 +
 nss/lib/libpkix/manifest.mn                   |     13 +
 nss/lib/libpkix/pkix/Makefile                 |     48 +
 nss/lib/libpkix/pkix/certsel/Makefile         |     48 +
 nss/lib/libpkix/pkix/certsel/certsel.gyp      |     24 +
 nss/lib/libpkix/pkix/certsel/config.mk        |     15 +
 nss/lib/libpkix/pkix/certsel/exports.gyp      |     26 +
 nss/lib/libpkix/pkix/certsel/manifest.mn      |     23 +
 .../libpkix/pkix/certsel/pkix_certselector.c  |   1637 +
 .../libpkix/pkix/certsel/pkix_certselector.h  |     41 +
 .../pkix/certsel/pkix_comcertselparams.c      |   1188 +
 .../pkix/certsel/pkix_comcertselparams.h      |     57 +
 nss/lib/libpkix/pkix/checker/Makefile         |     48 +
 nss/lib/libpkix/pkix/checker/checker.gyp      |     35 +
 nss/lib/libpkix/pkix/checker/config.mk        |     15 +
 nss/lib/libpkix/pkix/checker/exports.gyp      |     37 +
 nss/lib/libpkix/pkix/checker/manifest.mn      |     45 +
 .../checker/pkix_basicconstraintschecker.c    |    306 +
 .../checker/pkix_basicconstraintschecker.h    |     42 +
 .../pkix/checker/pkix_certchainchecker.c      |    322 +
 .../pkix/checker/pkix_certchainchecker.h      |     36 +
 .../libpkix/pkix/checker/pkix_crlchecker.c    |    438 +
 .../libpkix/pkix/checker/pkix_crlchecker.h    |     68 +
 .../libpkix/pkix/checker/pkix_ekuchecker.c    |    328 +
 .../libpkix/pkix/checker/pkix_ekuchecker.h    |     92 +
 .../pkix/checker/pkix_expirationchecker.c     |    113 +
 .../pkix/checker/pkix_expirationchecker.h     |     30 +
 .../pkix/checker/pkix_namechainingchecker.c   |    121 +
 .../pkix/checker/pkix_namechainingchecker.h   |     30 +
 .../checker/pkix_nameconstraintschecker.c     |    308 +
 .../checker/pkix_nameconstraintschecker.h     |     43 +
 .../libpkix/pkix/checker/pkix_ocspchecker.c   |    419 +
 .../libpkix/pkix/checker/pkix_ocspchecker.h   |     67 +
 .../libpkix/pkix/checker/pkix_policychecker.c |   2783 +
 .../libpkix/pkix/checker/pkix_policychecker.h |     73 +
 .../pkix/checker/pkix_revocationchecker.c     |    475 +
 .../pkix/checker/pkix_revocationchecker.h     |    151 +
 .../pkix/checker/pkix_revocationmethod.c      |     66 +
 .../pkix/checker/pkix_revocationmethod.h      |     81 +
 .../pkix/checker/pkix_signaturechecker.c      |    443 +
 .../pkix/checker/pkix_signaturechecker.h      |     44 +
 .../pkix/checker/pkix_targetcertchecker.c     |    516 +
 .../pkix/checker/pkix_targetcertchecker.h     |     47 +
 nss/lib/libpkix/pkix/config.mk                |     15 +
 nss/lib/libpkix/pkix/crlsel/Makefile          |     48 +
 nss/lib/libpkix/pkix/crlsel/config.mk         |     15 +
 nss/lib/libpkix/pkix/crlsel/crlsel.gyp        |     24 +
 nss/lib/libpkix/pkix/crlsel/exports.gyp       |     26 +
 nss/lib/libpkix/pkix/crlsel/manifest.mn       |     23 +
 .../pkix/crlsel/pkix_comcrlselparams.c        |    826 +
 .../pkix/crlsel/pkix_comcrlselparams.h        |     38 +
 .../libpkix/pkix/crlsel/pkix_crlselector.c    |    870 +
 .../libpkix/pkix/crlsel/pkix_crlselector.h    |     40 +
 nss/lib/libpkix/pkix/manifest.mn              |     11 +
 nss/lib/libpkix/pkix/params/Makefile          |     48 +
 nss/lib/libpkix/pkix/params/config.mk         |     15 +
 nss/lib/libpkix/pkix/params/exports.gyp       |     28 +
 nss/lib/libpkix/pkix/params/manifest.mn       |     27 +
 nss/lib/libpkix/pkix/params/params.gyp        |     26 +
 nss/lib/libpkix/pkix/params/pkix_procparams.c |   1417 +
 nss/lib/libpkix/pkix/params/pkix_procparams.h |     50 +
 .../libpkix/pkix/params/pkix_resourcelimits.c |    433 +
 .../libpkix/pkix/params/pkix_resourcelimits.h |     36 +
 .../libpkix/pkix/params/pkix_trustanchor.c    |    525 +
 .../libpkix/pkix/params/pkix_trustanchor.h    |     35 +
 nss/lib/libpkix/pkix/params/pkix_valparams.c  |    335 +
 nss/lib/libpkix/pkix/params/pkix_valparams.h  |     33 +
 nss/lib/libpkix/pkix/results/Makefile         |     48 +
 nss/lib/libpkix/pkix/results/config.mk        |     15 +
 nss/lib/libpkix/pkix/results/exports.gyp      |     28 +
 nss/lib/libpkix/pkix/results/manifest.mn      |     27 +
 .../libpkix/pkix/results/pkix_buildresult.c   |    362 +
 .../libpkix/pkix/results/pkix_buildresult.h   |     40 +
 .../libpkix/pkix/results/pkix_policynode.c    |   1377 +
 .../libpkix/pkix/results/pkix_policynode.h    |     74 +
 nss/lib/libpkix/pkix/results/pkix_valresult.c |    442 +
 nss/lib/libpkix/pkix/results/pkix_valresult.h |     43 +
 .../libpkix/pkix/results/pkix_verifynode.c    |   1182 +
 .../libpkix/pkix/results/pkix_verifynode.h    |     75 +
 nss/lib/libpkix/pkix/results/results.gyp      |     26 +
 nss/lib/libpkix/pkix/store/Makefile           |     48 +
 nss/lib/libpkix/pkix/store/config.mk          |     15 +
 nss/lib/libpkix/pkix/store/exports.gyp        |     25 +
 nss/lib/libpkix/pkix/store/manifest.mn        |     21 +
 nss/lib/libpkix/pkix/store/pkix_store.c       |    415 +
 nss/lib/libpkix/pkix/store/pkix_store.h       |     41 +
 nss/lib/libpkix/pkix/store/store.gyp          |     23 +
 nss/lib/libpkix/pkix/top/Makefile             |     48 +
 nss/lib/libpkix/pkix/top/config.mk            |     15 +
 nss/lib/libpkix/pkix/top/exports.gyp          |     27 +
 nss/lib/libpkix/pkix/top/manifest.mn          |     25 +
 nss/lib/libpkix/pkix/top/pkix_build.c         |   3763 +
 nss/lib/libpkix/pkix/top/pkix_build.h         |    120 +
 nss/lib/libpkix/pkix/top/pkix_lifecycle.c     |    210 +
 nss/lib/libpkix/pkix/top/pkix_lifecycle.h     |     23 +
 nss/lib/libpkix/pkix/top/pkix_validate.c      |   1451 +
 nss/lib/libpkix/pkix/top/pkix_validate.h      |     42 +
 nss/lib/libpkix/pkix/top/top.gyp              |     25 +
 nss/lib/libpkix/pkix/util/Makefile            |     48 +
 nss/lib/libpkix/pkix/util/config.mk           |     15 +
 nss/lib/libpkix/pkix/util/exports.gyp         |     28 +
 nss/lib/libpkix/pkix/util/manifest.mn         |     28 +
 nss/lib/libpkix/pkix/util/pkix_error.c        |    565 +
 nss/lib/libpkix/pkix/util/pkix_error.h        |     36 +
 nss/lib/libpkix/pkix/util/pkix_errpaths.c     |    103 +
 nss/lib/libpkix/pkix/util/pkix_list.c         |   1701 +
 nss/lib/libpkix/pkix/util/pkix_list.h         |     95 +
 nss/lib/libpkix/pkix/util/pkix_logger.c       |   1088 +
 nss/lib/libpkix/pkix/util/pkix_logger.h       |     57 +
 nss/lib/libpkix/pkix/util/pkix_tools.c        |   1519 +
 nss/lib/libpkix/pkix/util/pkix_tools.h        |   1588 +
 nss/lib/libpkix/pkix/util/util.gyp            |     27 +
 nss/lib/libpkix/pkix_pl_nss/Makefile          |     48 +
 nss/lib/libpkix/pkix_pl_nss/config.mk         |     15 +
 nss/lib/libpkix/pkix_pl_nss/manifest.mn       |     11 +
 nss/lib/libpkix/pkix_pl_nss/module/Makefile   |     48 +
 nss/lib/libpkix/pkix_pl_nss/module/config.mk  |     35 +
 .../libpkix/pkix_pl_nss/module/exports.gyp    |     36 +
 .../libpkix/pkix_pl_nss/module/manifest.mn    |     38 +
 nss/lib/libpkix/pkix_pl_nss/module/module.gyp |     41 +
 .../pkix_pl_nss/module/pkix_pl_aiamgr.c       |    699 +
 .../pkix_pl_nss/module/pkix_pl_aiamgr.h       |     65 +
 .../pkix_pl_nss/module/pkix_pl_colcertstore.c |   1282 +
 .../pkix_pl_nss/module/pkix_pl_colcertstore.h |     34 +
 .../module/pkix_pl_httpcertstore.c            |   1147 +
 .../module/pkix_pl_httpcertstore.h            |     62 +
 .../module/pkix_pl_httpdefaultclient.c        |   1654 +
 .../module/pkix_pl_httpdefaultclient.h        |    139 +
 .../module/pkix_pl_ldapcertstore.c            |   1116 +
 .../module/pkix_pl_ldapcertstore.h            |     75 +
 .../module/pkix_pl_ldapdefaultclient.c        |   2493 +
 .../module/pkix_pl_ldapdefaultclient.h        |     82 +
 .../pkix_pl_nss/module/pkix_pl_ldaprequest.c  |    757 +
 .../pkix_pl_nss/module/pkix_pl_ldaprequest.h  |     86 +
 .../pkix_pl_nss/module/pkix_pl_ldapresponse.c |    786 +
 .../pkix_pl_nss/module/pkix_pl_ldapresponse.h |     96 +
 .../pkix_pl_nss/module/pkix_pl_ldapt.h        |    314 +
 .../module/pkix_pl_ldaptemplates.c            |    417 +
 .../pkix_pl_nss/module/pkix_pl_nsscontext.c   |    319 +
 .../pkix_pl_nss/module/pkix_pl_nsscontext.h   |     52 +
 .../module/pkix_pl_pk11certstore.c            |   1039 +
 .../module/pkix_pl_pk11certstore.h            |     31 +
 .../pkix_pl_nss/module/pkix_pl_socket.c       |   1695 +
 .../pkix_pl_nss/module/pkix_pl_socket.h       |    209 +
 nss/lib/libpkix/pkix_pl_nss/pki/Makefile      |     49 +
 nss/lib/libpkix/pkix_pl_nss/pki/config.mk     |     15 +
 nss/lib/libpkix/pkix_pl_nss/pki/exports.gyp   |     41 +
 nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn   |     53 +
 nss/lib/libpkix/pkix_pl_nss/pki/pki.gyp       |     39 +
 .../pki/pkix_pl_basicconstraints.c            |    407 +
 .../pki/pkix_pl_basicconstraints.h            |     47 +
 .../libpkix/pkix_pl_nss/pki/pkix_pl_cert.c    |   3714 +
 .../libpkix/pkix_pl_nss/pki/pkix_pl_cert.h    |    107 +
 .../pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c  |    371 +
 .../pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h  |     50 +
 .../pkix_pl_nss/pki/pkix_pl_certpolicymap.c   |    386 +
 .../pkix_pl_nss/pki/pkix_pl_certpolicymap.h   |     49 +
 .../pki/pkix_pl_certpolicyqualifier.c         |    365 +
 .../pki/pkix_pl_certpolicyqualifier.h         |     52 +
 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c |   1068 +
 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h |     48 +
 .../libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c   |    151 +
 .../libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h   |     53 +
 .../pkix_pl_nss/pki/pkix_pl_crlentry.c        |    880 +
 .../pkix_pl_nss/pki/pkix_pl_crlentry.h        |     46 +
 .../libpkix/pkix_pl_nss/pki/pkix_pl_date.c    |    466 +
 .../libpkix/pkix_pl_nss/pki/pkix_pl_date.h    |     55 +
 .../pkix_pl_nss/pki/pkix_pl_generalname.c     |    873 +
 .../pkix_pl_nss/pki/pkix_pl_generalname.h     |     49 +
 .../pkix_pl_nss/pki/pkix_pl_infoaccess.c      |    874 +
 .../pkix_pl_nss/pki/pkix_pl_infoaccess.h      |     49 +
 .../pkix_pl_nss/pki/pkix_pl_nameconstraints.c |   1274 +
 .../pkix_pl_nss/pki/pkix_pl_nameconstraints.h |     68 +
 .../pkix_pl_nss/pki/pkix_pl_ocspcertid.c      |    251 +
 .../pkix_pl_nss/pki/pkix_pl_ocspcertid.h      |     53 +
 .../pkix_pl_nss/pki/pkix_pl_ocsprequest.c     |    441 +
 .../pkix_pl_nss/pki/pkix_pl_ocsprequest.h     |     61 +
 .../pkix_pl_nss/pki/pkix_pl_ocspresponse.c    |   1067 +
 .../pkix_pl_nss/pki/pkix_pl_ocspresponse.h    |    106 +
 .../pkix_pl_nss/pki/pkix_pl_publickey.c       |    489 +
 .../pkix_pl_nss/pki/pkix_pl_publickey.h       |     38 +
 .../pkix_pl_nss/pki/pkix_pl_x500name.c        |    667 +
 .../pkix_pl_nss/pki/pkix_pl_x500name.h        |     74 +
 nss/lib/libpkix/pkix_pl_nss/system/Makefile   |     49 +
 nss/lib/libpkix/pkix_pl_nss/system/config.mk  |     15 +
 .../libpkix/pkix_pl_nss/system/exports.gyp    |     37 +
 .../libpkix/pkix_pl_nss/system/manifest.mn    |     46 +
 .../pkix_pl_nss/system/pkix_pl_bigint.c       |    398 +
 .../pkix_pl_nss/system/pkix_pl_bigint.h       |     40 +
 .../pkix_pl_nss/system/pkix_pl_bytearray.c    |    504 +
 .../pkix_pl_nss/system/pkix_pl_bytearray.h    |     40 +
 .../pkix_pl_nss/system/pkix_pl_common.c       |   1073 +
 .../pkix_pl_nss/system/pkix_pl_common.h       |    159 +
 .../pkix_pl_nss/system/pkix_pl_error.c        |     26 +
 .../pkix_pl_nss/system/pkix_pl_hashtable.c    |    383 +
 .../pkix_pl_nss/system/pkix_pl_hashtable.h    |     29 +
 .../pkix_pl_nss/system/pkix_pl_lifecycle.c    |    279 +
 .../pkix_pl_nss/system/pkix_pl_lifecycle.h    |     91 +
 .../libpkix/pkix_pl_nss/system/pkix_pl_mem.c  |    168 +
 .../libpkix/pkix_pl_nss/system/pkix_pl_mem.h  |     24 +
 .../pkix_pl_nss/system/pkix_pl_monitorlock.c  |    136 +
 .../pkix_pl_nss/system/pkix_pl_monitorlock.h  |     33 +
 .../pkix_pl_nss/system/pkix_pl_mutex.c        |    163 +
 .../pkix_pl_nss/system/pkix_pl_mutex.h        |     33 +
 .../pkix_pl_nss/system/pkix_pl_object.c       |   1440 +
 .../pkix_pl_nss/system/pkix_pl_object.h       |     76 +
 .../libpkix/pkix_pl_nss/system/pkix_pl_oid.c  |    316 +
 .../libpkix/pkix_pl_nss/system/pkix_pl_oid.h  |     39 +
 .../pkix_pl_nss/system/pkix_pl_primhash.c     |    584 +
 .../pkix_pl_nss/system/pkix_pl_primhash.h     |    102 +
 .../pkix_pl_nss/system/pkix_pl_rwlock.c       |    217 +
 .../pkix_pl_nss/system/pkix_pl_rwlock.h       |     35 +
 .../pkix_pl_nss/system/pkix_pl_string.c       |    621 +
 .../pkix_pl_nss/system/pkix_pl_string.h       |     37 +
 nss/lib/libpkix/pkix_pl_nss/system/system.gyp |     36 +
 nss/lib/manifest.mn                           |     62 +
 nss/lib/nss/Makefile                          |     46 +
 nss/lib/nss/config.mk                         |    114 +
 nss/lib/nss/exports.gyp                       |     32 +
 nss/lib/nss/manifest.mn                       |     31 +
 nss/lib/nss/nss.def                           |   1107 +
 nss/lib/nss/nss.gyp                           |     83 +
 nss/lib/nss/nss.h                             |    322 +
 nss/lib/nss/nss.rc                            |     68 +
 nss/lib/nss/nssinit.c                         |   1372 +
 nss/lib/nss/nssoptions.c                      |    104 +
 nss/lib/nss/nssoptions.h                      |     20 +
 nss/lib/nss/nssrenam.h                        |     15 +
 nss/lib/nss/nssver.c                          |     18 +
 nss/lib/nss/pkixpriv.def                      |    322 +
 nss/lib/nss/utilwrap.c                        |    870 +
 nss/lib/pk11wrap/Makefile                     |     62 +
 nss/lib/pk11wrap/config.mk                    |     15 +
 nss/lib/pk11wrap/debug_module.c               |   2760 +
 nss/lib/pk11wrap/dev3hack.c                   |    279 +
 nss/lib/pk11wrap/dev3hack.h                   |     30 +
 nss/lib/pk11wrap/exports.gyp                  |     39 +
 nss/lib/pk11wrap/manifest.mn                  |     63 +
 nss/lib/pk11wrap/pk11akey.c                   |   2529 +
 nss/lib/pk11wrap/pk11auth.c                   |    807 +
 nss/lib/pk11wrap/pk11cert.c                   |   2739 +
 nss/lib/pk11wrap/pk11cxt.c                    |   1019 +
 nss/lib/pk11wrap/pk11err.c                    |    141 +
 nss/lib/pk11wrap/pk11func.h                   |     15 +
 nss/lib/pk11wrap/pk11kea.c                    |    140 +
 nss/lib/pk11wrap/pk11list.c                   |     99 +
 nss/lib/pk11wrap/pk11load.c                   |    657 +
 nss/lib/pk11wrap/pk11mech.c                   |   1917 +
 nss/lib/pk11wrap/pk11merge.c                  |   1432 +
 nss/lib/pk11wrap/pk11nobj.c                   |    791 +
 nss/lib/pk11wrap/pk11obj.c                    |   2106 +
 nss/lib/pk11wrap/pk11pars.c                   |   1796 +
 nss/lib/pk11wrap/pk11pbe.c                    |   1474 +
 nss/lib/pk11wrap/pk11pk12.c                   |    786 +
 nss/lib/pk11wrap/pk11pqg.c                    |    522 +
 nss/lib/pk11wrap/pk11pqg.h                    |    135 +
 nss/lib/pk11wrap/pk11priv.h                   |    187 +
 nss/lib/pk11wrap/pk11pub.h                    |    888 +
 nss/lib/pk11wrap/pk11sdr.c                    |    437 +
 nss/lib/pk11wrap/pk11sdr.h                    |     28 +
 nss/lib/pk11wrap/pk11skey.c                   |   2770 +
 nss/lib/pk11wrap/pk11slot.c                   |   2484 +
 nss/lib/pk11wrap/pk11util.c                   |   1629 +
 nss/lib/pk11wrap/pk11wrap.gyp                 |     70 +
 nss/lib/pk11wrap/secmod.h                     |    167 +
 nss/lib/pk11wrap/secmodi.h                    |    170 +
 nss/lib/pk11wrap/secmodt.h                    |    444 +
 nss/lib/pk11wrap/secmodti.h                   |    183 +
 nss/lib/pk11wrap/secpkcs5.h                   |     61 +
 nss/lib/pkcs12/Makefile                       |     49 +
 nss/lib/pkcs12/config.mk                      |     16 +
 nss/lib/pkcs12/exports.gyp                    |     29 +
 nss/lib/pkcs12/manifest.mn                    |     31 +
 nss/lib/pkcs12/p12.h                          |    236 +
 nss/lib/pkcs12/p12creat.c                     |    218 +
 nss/lib/pkcs12/p12d.c                         |   3612 +
 nss/lib/pkcs12/p12dec.c                       |    670 +
 nss/lib/pkcs12/p12e.c                         |   2085 +
 nss/lib/pkcs12/p12exp.c                       |   1374 +
 nss/lib/pkcs12/p12local.c                     |   1368 +
 nss/lib/pkcs12/p12local.h                     |     60 +
 nss/lib/pkcs12/p12plcy.c                      |    125 +
 nss/lib/pkcs12/p12plcy.h                      |     25 +
 nss/lib/pkcs12/p12t.h                         |    155 +
 nss/lib/pkcs12/p12tmpl.c                      |    290 +
 nss/lib/pkcs12/pkcs12.gyp                     |     29 +
 nss/lib/pkcs12/pkcs12.h                       |     41 +
 nss/lib/pkcs12/pkcs12t.h                      |    341 +
 nss/lib/pkcs7/Makefile                        |     48 +
 nss/lib/pkcs7/certread.c                      |    528 +
 nss/lib/pkcs7/config.mk                       |     14 +
 nss/lib/pkcs7/exports.gyp                     |     33 +
 nss/lib/pkcs7/manifest.mn                     |     33 +
 nss/lib/pkcs7/p7common.c                      |    663 +
 nss/lib/pkcs7/p7create.c                      |   1300 +
 nss/lib/pkcs7/p7decode.c                      |   1914 +
 nss/lib/pkcs7/p7encode.c                      |   1079 +
 nss/lib/pkcs7/p7local.c                       |   1310 +
 nss/lib/pkcs7/p7local.h                       |    137 +
 nss/lib/pkcs7/pkcs7.gyp                       |     29 +
 nss/lib/pkcs7/pkcs7t.h                        |    233 +
 nss/lib/pkcs7/secmime.c                       |    800 +
 nss/lib/pkcs7/secmime.h                       |    160 +
 nss/lib/pkcs7/secpkcs7.h                      |    626 +
 nss/lib/pki/Makefile                          |     11 +
 nss/lib/pki/asymmkey.c                        |    361 +
 nss/lib/pki/certdecode.c                      |     60 +
 nss/lib/pki/certificate.c                     |   1101 +
 nss/lib/pki/config.mk                         |     19 +
 nss/lib/pki/cryptocontext.c                   |    914 +
 nss/lib/pki/doc/standiag.png                  |    Bin 0 -> 20475 bytes
 nss/lib/pki/doc/standoc.html                  |    442 +
 nss/lib/pki/exports.gyp                       |     32 +
 nss/lib/pki/manifest.mn                       |     45 +
 nss/lib/pki/nsspki.h                          |   2779 +
 nss/lib/pki/nsspkit.h                         |    247 +
 nss/lib/pki/pki.gyp                           |     32 +
 nss/lib/pki/pki.h                             |    141 +
 nss/lib/pki/pki3hack.c                        |   1441 +
 nss/lib/pki/pki3hack.h                        |    149 +
 nss/lib/pki/pkibase.c                         |   1222 +
 nss/lib/pki/pkim.h                            |    547 +
 nss/lib/pki/pkistore.c                        |    675 +
 nss/lib/pki/pkistore.h                        |    138 +
 nss/lib/pki/pkit.h                            |    183 +
 nss/lib/pki/pkitm.h                           |     88 +
 nss/lib/pki/symmkey.c                         |    238 +
 nss/lib/pki/tdcache.c                         |   1106 +
 nss/lib/pki/trustdomain.c                     |   1192 +
 nss/lib/smime/Makefile                        |     48 +
 nss/lib/smime/cms.h                           |   1153 +
 nss/lib/smime/cmsarray.c                      |    186 +
 nss/lib/smime/cmsasn1.c                       |    491 +
 nss/lib/smime/cmsattr.c                       |    425 +
 nss/lib/smime/cmscinfo.c                      |    375 +
 nss/lib/smime/cmscipher.c                     |    722 +
 nss/lib/smime/cmsdecode.c                     |    738 +
 nss/lib/smime/cmsdigdata.c                    |    210 +
 nss/lib/smime/cmsdigest.c                     |    259 +
 nss/lib/smime/cmsencdata.c                    |    260 +
 nss/lib/smime/cmsencode.c                     |    763 +
 nss/lib/smime/cmsenvdata.c                    |    398 +
 nss/lib/smime/cmslocal.h                      |    351 +
 nss/lib/smime/cmsmessage.c                    |    293 +
 nss/lib/smime/cmspubkey.c                     |    285 +
 nss/lib/smime/cmsrecinfo.c                    |    669 +
 nss/lib/smime/cmsreclist.c                    |    170 +
 nss/lib/smime/cmsreclist.h                    |     27 +
 nss/lib/smime/cmssigdata.c                    |   1141 +
 nss/lib/smime/cmssiginfo.c                    |   1024 +
 nss/lib/smime/cmst.h                          |    491 +
 nss/lib/smime/cmsudf.c                        |    440 +
 nss/lib/smime/cmsutil.c                       |    367 +
 nss/lib/smime/config.mk                       |     63 +
 nss/lib/smime/exports.gyp                     |     34 +
 nss/lib/smime/manifest.mn                     |     51 +
 nss/lib/smime/smime.def                       |    287 +
 nss/lib/smime/smime.gyp                       |     80 +
 nss/lib/smime/smime.h                         |    141 +
 nss/lib/smime/smime.rc                        |     68 +
 nss/lib/smime/smimemessage.c                  |    183 +
 nss/lib/smime/smimesym.c                      |     12 +
 nss/lib/smime/smimeutil.c                     |    776 +
 nss/lib/smime/smimever.c                      |     18 +
 nss/lib/softoken/Makefile                     |     78 +
 nss/lib/softoken/config.mk                    |     63 +
 nss/lib/softoken/exports.gyp                  |     38 +
 nss/lib/softoken/fipsaudt.c                   |    321 +
 nss/lib/softoken/fipstest.c                   |    654 +
 nss/lib/softoken/fipstokn.c                   |   1656 +
 nss/lib/softoken/jpakesftk.c                  |    359 +
 nss/lib/softoken/legacydb/Makefile            |     62 +
 nss/lib/softoken/legacydb/cdbhdl.h            |     51 +
 nss/lib/softoken/legacydb/config.mk           |     57 +
 nss/lib/softoken/legacydb/dbmshim.c           |    539 +
 nss/lib/softoken/legacydb/keydb.c             |   2250 +
 nss/lib/softoken/legacydb/keydbi.h            |     52 +
 nss/lib/softoken/legacydb/legacydb.gyp        |     66 +
 nss/lib/softoken/legacydb/lgattr.c            |   1792 +
 nss/lib/softoken/legacydb/lgcreate.c          |   1017 +
 nss/lib/softoken/legacydb/lgdb.h              |    175 +
 nss/lib/softoken/legacydb/lgdestroy.c         |    110 +
 nss/lib/softoken/legacydb/lgfind.c            |    912 +
 nss/lib/softoken/legacydb/lgfips.c            |    115 +
 nss/lib/softoken/legacydb/lginit.c            |    660 +
 nss/lib/softoken/legacydb/lgutil.c            |    399 +
 nss/lib/softoken/legacydb/lowcert.c           |    856 +
 nss/lib/softoken/legacydb/lowkey.c            |    395 +
 nss/lib/softoken/legacydb/lowkeyi.h           |    151 +
 nss/lib/softoken/legacydb/lowkeyti.h          |    132 +
 nss/lib/softoken/legacydb/manifest.mn         |     32 +
 nss/lib/softoken/legacydb/nssdbm.def          |     31 +
 nss/lib/softoken/legacydb/nssdbm.rc           |     68 +
 nss/lib/softoken/legacydb/pcert.h             |    228 +
 nss/lib/softoken/legacydb/pcertdb.c           |   5333 +
 nss/lib/softoken/legacydb/pcertt.h            |    418 +
 nss/lib/softoken/legacydb/pk11db.c            |    731 +
 nss/lib/softoken/lgglue.c                     |    408 +
 nss/lib/softoken/lgglue.h                     |     59 +
 nss/lib/softoken/lowkey.c                     |    500 +
 nss/lib/softoken/lowkeyi.h                    |     71 +
 nss/lib/softoken/lowkeyti.h                   |     93 +
 nss/lib/softoken/lowpbe.c                     |   1366 +
 nss/lib/softoken/lowpbe.h                     |    107 +
 nss/lib/softoken/manifest.mn                  |     61 +
 nss/lib/softoken/padbuf.c                     |     49 +
 nss/lib/softoken/pkcs11.c                     |   4936 +
 nss/lib/softoken/pkcs11c.c                    |   7804 +
 nss/lib/softoken/pkcs11i.h                    |    763 +
 nss/lib/softoken/pkcs11ni.h                   |     20 +
 nss/lib/softoken/pkcs11u.c                    |   1994 +
 nss/lib/softoken/sdb.c                        |   2107 +
 nss/lib/softoken/sdb.h                        |     93 +
 nss/lib/softoken/sftkdb.c                     |   2716 +
 nss/lib/softoken/sftkdb.h                     |     71 +
 nss/lib/softoken/sftkdbt.h                    |     12 +
 nss/lib/softoken/sftkdbti.h                   |     58 +
 nss/lib/softoken/sftkhmac.c                   |    190 +
 nss/lib/softoken/sftkpars.c                   |    251 +
 nss/lib/softoken/sftkpars.h                   |     14 +
 nss/lib/softoken/sftkpwd.c                    |   1261 +
 nss/lib/softoken/softkver.c                   |     18 +
 nss/lib/softoken/softkver.h                   |     31 +
 nss/lib/softoken/softoken.gyp                 |    101 +
 nss/lib/softoken/softoken.h                   |    265 +
 nss/lib/softoken/softokn.def                  |     28 +
 nss/lib/softoken/softokn.rc                   |     68 +
 nss/lib/softoken/softoknt.h                   |     43 +
 nss/lib/softoken/tlsprf.c                     |    198 +
 nss/lib/sqlite/Makefile                       |     54 +
 nss/lib/sqlite/README                         |      3 +
 nss/lib/sqlite/config.mk                      |     43 +
 nss/lib/sqlite/exports.gyp                    |     25 +
 nss/lib/sqlite/manifest.mn                    |     34 +
 nss/lib/sqlite/sqlite.def                     |    147 +
 nss/lib/sqlite/sqlite.gyp                     |     50 +
 nss/lib/sqlite/sqlite3.c                      | 186041 +++++++++++++++
 nss/lib/sqlite/sqlite3.h                      |   8630 +
 nss/lib/ssl/Makefile                          |     67 +
 nss/lib/ssl/SSLerrs.h                         |    510 +
 nss/lib/ssl/authcert.c                        |     89 +
 nss/lib/ssl/cmpcert.c                         |     89 +
 nss/lib/ssl/config.mk                         |     67 +
 nss/lib/ssl/derive.c                          |    885 +
 nss/lib/ssl/dhe-param.c                       |    418 +
 nss/lib/ssl/dtlscon.c                         |   1208 +
 nss/lib/ssl/exports.gyp                       |     29 +
 nss/lib/ssl/manifest.mn                       |     59 +
 nss/lib/ssl/notes.txt                         |    104 +
 nss/lib/ssl/os2_err.c                         |    330 +
 nss/lib/ssl/os2_err.h                         |     53 +
 nss/lib/ssl/preenc.h                          |    113 +
 nss/lib/ssl/prelib.c                          |     34 +
 nss/lib/ssl/ssl.def                           |    242 +
 nss/lib/ssl/ssl.gyp                           |    103 +
 nss/lib/ssl/ssl.h                             |   1405 +
 nss/lib/ssl/ssl.rc                            |     68 +
 nss/lib/ssl/ssl3con.c                         |  13432 ++
 nss/lib/ssl/ssl3ecc.c                         |   1005 +
 nss/lib/ssl/ssl3ext.c                         |    533 +
 nss/lib/ssl/ssl3ext.h                         |    161 +
 nss/lib/ssl/ssl3exthandle.c                   |   2488 +
 nss/lib/ssl/ssl3exthandle.h                   |     95 +
 nss/lib/ssl/ssl3gthr.c                        |    596 +
 nss/lib/ssl/ssl3prot.h                        |    341 +
 nss/lib/ssl/sslauth.c                         |    292 +
 nss/lib/ssl/sslcert.c                         |    915 +
 nss/lib/ssl/sslcert.h                         |     60 +
 nss/lib/ssl/sslcon.c                          |    264 +
 nss/lib/ssl/ssldef.c                          |    226 +
 nss/lib/ssl/sslenum.c                         |    157 +
 nss/lib/ssl/sslerr.c                          |     41 +
 nss/lib/ssl/sslerr.h                          |    254 +
 nss/lib/ssl/sslerrstrs.c                      |     36 +
 nss/lib/ssl/sslgrp.c                          |    164 +
 nss/lib/ssl/sslimpl.h                         |   1910 +
 nss/lib/ssl/sslinfo.c                         |    495 +
 nss/lib/ssl/sslinit.c                         |     59 +
 nss/lib/ssl/sslmutex.c                        |    659 +
 nss/lib/ssl/sslmutex.h                        |    129 +
 nss/lib/ssl/sslnonce.c                        |    509 +
 nss/lib/ssl/sslproto.h                        |    294 +
 nss/lib/ssl/sslreveal.c                       |    110 +
 nss/lib/ssl/sslsecur.c                        |   1271 +
 nss/lib/ssl/sslsnce.c                         |   2193 +
 nss/lib/ssl/sslsock.c                         |   3833 +
 nss/lib/ssl/sslt.h                            |    422 +
 nss/lib/ssl/ssltrace.c                        |    114 +
 nss/lib/ssl/sslver.c                          |     18 +
 nss/lib/ssl/tls13con.c                        |   4494 +
 nss/lib/ssl/tls13con.h                        |     89 +
 nss/lib/ssl/tls13exthandle.c                  |   1367 +
 nss/lib/ssl/tls13exthandle.h                  |     84 +
 nss/lib/ssl/tls13hkdf.c                       |    270 +
 nss/lib/ssl/tls13hkdf.h                       |     38 +
 nss/lib/ssl/tlsproof.c                        |   2418 +
 nss/lib/ssl/tlsproof.h                        |    129 +
 nss/lib/ssl/tlsproofstr.h                     |     45 +
 nss/lib/ssl/unix_err.c                        |    837 +
 nss/lib/ssl/unix_err.h                        |     57 +
 nss/lib/ssl/win32err.c                        |    550 +
 nss/lib/ssl/win32err.h                        |     51 +
 nss/lib/sysinit/Makefile                      |     48 +
 nss/lib/sysinit/config.mk                     |     80 +
 nss/lib/sysinit/manifest.mn                   |     15 +
 nss/lib/sysinit/nsssysinit.c                  |    403 +
 nss/lib/sysinit/sysinit.gyp                   |     31 +
 nss/lib/util/Makefile                         |     50 +
 nss/lib/util/SECerrs.h                        |    551 +
 nss/lib/util/base64.h                         |     41 +
 nss/lib/util/ciferfam.h                       |     62 +
 nss/lib/util/config.mk                        |     45 +
 nss/lib/util/derdec.c                         |    189 +
 nss/lib/util/derenc.c                         |    460 +
 nss/lib/util/dersubr.c                        |    249 +
 nss/lib/util/dertime.c                        |    310 +
 nss/lib/util/eccutil.h                        |     15 +
 nss/lib/util/errstrs.c                        |     41 +
 nss/lib/util/exports.gyp                      |     67 +
 nss/lib/util/hasht.h                          |     63 +
 nss/lib/util/manifest.mn                      |     90 +
 nss/lib/util/nssb64.h                         |     94 +
 nss/lib/util/nssb64d.c                        |    823 +
 nss/lib/util/nssb64e.c                        |    734 +
 nss/lib/util/nssb64t.h                        |     15 +
 nss/lib/util/nssilckt.h                       |    191 +
 nss/lib/util/nssilock.c                       |    479 +
 nss/lib/util/nssilock.h                       |    267 +
 nss/lib/util/nsslocks.h                       |     10 +
 nss/lib/util/nssrwlk.c                        |    448 +
 nss/lib/util/nssrwlk.h                        |    132 +
 nss/lib/util/nssrwlkt.h                       |     19 +
 nss/lib/util/nssutil.def                      |    298 +
 nss/lib/util/nssutil.h                        |     41 +
 nss/lib/util/nssutil.rc                       |     68 +
 nss/lib/util/oidstring.c                      |    114 +
 nss/lib/util/pkcs11.h                         |    252 +
 nss/lib/util/pkcs11f.h                        |    812 +
 nss/lib/util/pkcs11n.h                        |    509 +
 nss/lib/util/pkcs11p.h                        |     21 +
 nss/lib/util/pkcs11t.h                        |   1800 +
 nss/lib/util/pkcs11u.h                        |     19 +
 nss/lib/util/pkcs1sig.c                       |    169 +
 nss/lib/util/pkcs1sig.h                       |     30 +
 nss/lib/util/portreg.c                        |    375 +
 nss/lib/util/portreg.h                        |     81 +
 nss/lib/util/quickder.c                       |    819 +
 nss/lib/util/secalgid.c                       |    129 +
 nss/lib/util/secasn1.h                        |    303 +
 nss/lib/util/secasn1d.c                       |   3416 +
 nss/lib/util/secasn1e.c                       |   1568 +
 nss/lib/util/secasn1t.h                       |    267 +
 nss/lib/util/secasn1u.c                       |     94 +
 nss/lib/util/seccomon.h                       |     91 +
 nss/lib/util/secder.h                         |    172 +
 nss/lib/util/secdert.h                        |    129 +
 nss/lib/util/secdig.c                         |    182 +
 nss/lib/util/secdig.h                         |    100 +
 nss/lib/util/secdigt.h                        |     26 +
 nss/lib/util/secerr.h                         |    218 +
 nss/lib/util/secitem.c                        |    487 +
 nss/lib/util/secitem.h                        |    118 +
 nss/lib/util/secload.c                        |    182 +
 nss/lib/util/secoid.c                         |   2306 +
 nss/lib/util/secoid.h                         |    140 +
 nss/lib/util/secoidt.h                        |    540 +
 nss/lib/util/secplcy.c                        |     83 +
 nss/lib/util/secplcy.h                        |    104 +
 nss/lib/util/secport.c                        |    732 +
 nss/lib/util/secport.h                        |    287 +
 nss/lib/util/sectime.c                        |    163 +
 nss/lib/util/templates.c                      |    136 +
 nss/lib/util/utf8.c                           |    445 +
 nss/lib/util/util.gyp                         |     59 +
 nss/lib/util/utilmod.c                        |    771 +
 nss/lib/util/utilmodt.h                       |     43 +
 nss/lib/util/utilpars.c                       |   1231 +
 nss/lib/util/utilpars.h                       |     63 +
 nss/lib/util/utilparst.h                      |     78 +
 nss/lib/util/utilrename.h                     |    162 +
 nss/lib/util/verref.h                         |     43 +
 nss/lib/zlib/Makefile                         |     55 +
 nss/lib/zlib/README                           |    115 +
 nss/lib/zlib/README.nss                       |     18 +
 nss/lib/zlib/adler32.c                        |    169 +
 nss/lib/zlib/compress.c                       |     80 +
 nss/lib/zlib/config.mk                        |     20 +
 nss/lib/zlib/crc32.c                          |    442 +
 nss/lib/zlib/crc32.h                          |    445 +
 nss/lib/zlib/deflate.c                        |   1834 +
 nss/lib/zlib/deflate.h                        |    342 +
 nss/lib/zlib/example.c                        |    565 +
 nss/lib/zlib/exports.gyp                      |     33 +
 nss/lib/zlib/gzclose.c                        |     25 +
 nss/lib/zlib/gzguts.h                         |    132 +
 nss/lib/zlib/gzlib.c                          |    537 +
 nss/lib/zlib/gzread.c                         |    653 +
 nss/lib/zlib/gzwrite.c                        |    531 +
 nss/lib/zlib/infback.c                        |    632 +
 nss/lib/zlib/inffast.c                        |    340 +
 nss/lib/zlib/inffast.h                        |     11 +
 nss/lib/zlib/inffixed.h                       |     98 +
 nss/lib/zlib/inflate.c                        |   1480 +
 nss/lib/zlib/inflate.h                        |    122 +
 nss/lib/zlib/inftrees.c                       |    330 +
 nss/lib/zlib/inftrees.h                       |     62 +
 nss/lib/zlib/manifest.mn                      |     39 +
 nss/lib/zlib/minigzip.c                       |    440 +
 nss/lib/zlib/patches/prune-zlib.sh            |     34 +
 nss/lib/zlib/trees.c                          |   1244 +
 nss/lib/zlib/trees.h                          |    132 +
 nss/lib/zlib/uncompr.c                        |     59 +
 nss/lib/zlib/zconf.h                          |    428 +
 nss/lib/zlib/zlib.gyp                         |     49 +
 nss/lib/zlib/zlib.h                           |   1613 +
 nss/lib/zlib/zutil.c                          |    318 +
 nss/lib/zlib/zutil.h                          |    275 +
 nss/manifest.mn                               |     13 +
 nss/nss-tool/.clang-format                    |      4 +
 nss/nss-tool/common/argparse.cc               |     23 +
 nss/nss-tool/common/argparse.h                |     30 +
 nss/nss-tool/common/util.cc                   |    135 +
 nss/nss-tool/common/util.h                    |     23 +
 nss/nss-tool/db/dbtool.cc                     |    369 +
 nss/nss-tool/db/dbtool.h                      |     25 +
 nss/nss-tool/nss_tool.cc                      |     42 +
 nss/nss-tool/nss_tool.gyp                     |     29 +
 nss/nss.gyp                                   |    273 +
 nss/pkg/Makefile                              |     27 +
 nss/pkg/linux/Makefile                        |     88 +
 nss/pkg/linux/sun-nss.spec                    |     52 +
 nss/pkg/pkg-config/nss-config.in              |    145 +
 nss/pkg/pkg-config/nss.pc.in                  |     11 +
 nss/pkg/solaris/Makefile                      |     91 +
 nss/pkg/solaris/Makefile-devl.com             |     37 +
 nss/pkg/solaris/Makefile-devl.targ            |     28 +
 nss/pkg/solaris/Makefile-tlsu.com             |     37 +
 nss/pkg/solaris/Makefile-tlsu.targ            |     36 +
 nss/pkg/solaris/Makefile.com                  |     37 +
 nss/pkg/solaris/Makefile.targ                 |     36 +
 nss/pkg/solaris/SUNWtls/Makefile              |     18 +
 nss/pkg/solaris/SUNWtls/pkgdepend             |     30 +
 nss/pkg/solaris/SUNWtls/pkginfo.tmpl          |     35 +
 nss/pkg/solaris/SUNWtls/prototype_com         |     43 +
 nss/pkg/solaris/SUNWtls/prototype_i386        |     56 +
 nss/pkg/solaris/SUNWtls/prototype_sparc       |     69 +
 nss/pkg/solaris/SUNWtlsd/Makefile             |     18 +
 nss/pkg/solaris/SUNWtlsd/pkgdepend            |     25 +
 nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl         |     35 +
 nss/pkg/solaris/SUNWtlsd/prototype            |    128 +
 nss/pkg/solaris/SUNWtlsu/Makefile             |     18 +
 nss/pkg/solaris/SUNWtlsu/pkgdepend            |     24 +
 nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl         |     35 +
 nss/pkg/solaris/SUNWtlsu/prototype_com        |     39 +
 nss/pkg/solaris/SUNWtlsu/prototype_i386       |     44 +
 nss/pkg/solaris/SUNWtlsu/prototype_sparc      |     44 +
 nss/pkg/solaris/bld_awk_pkginfo.ksh           |    107 +
 nss/pkg/solaris/common_files/copyright        |      6 +
 nss/pkg/solaris/proto64.mk                    |     16 +
 nss/readme.md                                 |    174 +
 nss/tests/README.txt                          |      6 +
 nss/tests/all.sh                              |    312 +
 nss/tests/bogo/bogo.sh                        |     53 +
 nss/tests/cert/cert.sh                        |   2012 +
 nss/tests/cert/certext.txt                    |    130 +
 nss/tests/chains/chains.sh                    |   1308 +
 nss/tests/chains/ocspd-config/ocspd-certs.sh  |    116 +
 .../chains/ocspd-config/ocspd.conf.template   |     46 +
 nss/tests/chains/ocspd-config/readme          |      3 +
 nss/tests/chains/scenarios/aia.cfg            |     35 +
 nss/tests/chains/scenarios/anypolicy.cfg      |     77 +
 .../chains/scenarios/anypolicywithlevel.cfg   |    399 +
 nss/tests/chains/scenarios/bridge.cfg         |    106 +
 nss/tests/chains/scenarios/bridgewithaia.cfg  |     54 +
 .../chains/scenarios/bridgewithhalfaia.cfg    |     89 +
 .../bridgewithpolicyextensionandmapping.cfg   |    187 +
 nss/tests/chains/scenarios/crldp.cfg          |    105 +
 nss/tests/chains/scenarios/dsa.cfg            |     72 +
 nss/tests/chains/scenarios/explicitPolicy.cfg |     78 +
 nss/tests/chains/scenarios/extension.cfg      |    102 +
 nss/tests/chains/scenarios/extension2.cfg     |    140 +
 nss/tests/chains/scenarios/mapping.cfg        |     63 +
 nss/tests/chains/scenarios/mapping2.cfg       |     71 +
 nss/tests/chains/scenarios/megabridge_3_2.cfg |    130 +
 nss/tests/chains/scenarios/method.cfg         |     25 +
 .../chains/scenarios/nameconstraints.cfg      |    161 +
 nss/tests/chains/scenarios/ocsp.cfg           |    177 +
 nss/tests/chains/scenarios/ocspd.cfg          |    172 +
 nss/tests/chains/scenarios/realcerts.cfg      |     29 +
 nss/tests/chains/scenarios/revoc.cfg          |     86 +
 nss/tests/chains/scenarios/scenarios          |     24 +
 nss/tests/chains/scenarios/trustanchors.cfg   |    114 +
 nss/tests/cipher/cipher.sh                    |    140 +
 nss/tests/cipher/cipher.txt                   |     57 +
 nss/tests/cipher/dsa.txt                      |     13 +
 nss/tests/cipher/gcm.txt                      |     16 +
 nss/tests/cipher/hash.txt                     |     11 +
 nss/tests/cipher/performance.sh               |    156 +
 nss/tests/cipher/rsa.txt                      |     11 +
 nss/tests/cipher/symmkey.txt                  |     36 +
 nss/tests/clean_tbx                           |    172 +
 nss/tests/cmdtests/cmdtests.sh                |    101 +
 nss/tests/common/Makefile                     |     24 +
 nss/tests/common/cleanup.sh                   |     55 +
 nss/tests/common/init.sh                      |    672 +
 nss/tests/common/parsegtestreport.sed         |      8 +
 nss/tests/common/results_header.html          |      6 +
 nss/tests/core_watch                          |     45 +
 nss/tests/crmf/crmf.sh                        |     89 +
 nss/tests/dbtests/dbtests.sh                  |    262 +
 nss/tests/dbupgrade/dbupgrade.sh              |    106 +
 nss/tests/dll_version.sh                      |     50 +
 nss/tests/doc/clean.gif                       |    Bin 0 -> 5503 bytes
 nss/tests/doc/nssqa.txt                       |    108 +
 nss/tests/doc/platform_specific_problems      |    110 +
 nss/tests/doc/qa_wrapper.html                 |    269 +
 nss/tests/dummy/dummy.sh                      |     19 +
 nss/tests/ec/ec.sh                            |     37 +
 nss/tests/ec/ecperf.sh                        |     52 +
 nss/tests/ec/ectest.sh                        |     93 +
 nss/tests/fips/fips.sh                        |    293 +
 nss/tests/gtests/gtests.sh                    |     90 +
 nss/tests/header                              |   1636 +
 nss/tests/interop/interop.sh                  |     68 +
 nss/tests/iopr/cert_iopr.sh                   |    405 +
 nss/tests/iopr/ocsp_iopr.sh                   |    231 +
 nss/tests/iopr/server_scr/apache_unix.cfg     |     47 +
 nss/tests/iopr/server_scr/cert_gen.sh         |    367 +
 nss/tests/iopr/server_scr/cipher.list         |     98 +
 nss/tests/iopr/server_scr/client.cgi          |    526 +
 nss/tests/iopr/server_scr/config              |     17 +
 nss/tests/iopr/server_scr/iis_windows.cfg     |     33 +
 nss/tests/iopr/server_scr/iopr_server.cfg     |     67 +
 nss/tests/iopr/server_scr/sslreq.dat          |      2 +
 nss/tests/iopr/ssl_iopr.sh                    |    643 +
 nss/tests/jss_dll_version.sh                  |     22 +
 nss/tests/jssdir                              |     28 +
 nss/tests/jssqa                               |    220 +
 nss/tests/libpkix/cert_trust.map              |      6 +
 nss/tests/libpkix/certs/BrAirWaysBadSig.cert  |    Bin 0 -> 1647 bytes
 .../certs/CertificatePoliciesCritical.crt     |    Bin 0 -> 805 bytes
 nss/tests/libpkix/certs/GoodCACert.crt        |    Bin 0 -> 625 bytes
 .../libpkix/certs/NameConstraints.ca.cert     |    Bin 0 -> 626 bytes
 .../certs/NameConstraints.dcissallowed.cert   |    Bin 0 -> 888 bytes
 .../certs/NameConstraints.dcissblocked.cert   |    Bin 0 -> 889 bytes
 .../certs/NameConstraints.dcisscopy.cert      |    Bin 0 -> 957 bytes
 .../certs/NameConstraints.intermediate.cert   |    Bin 0 -> 662 bytes
 .../certs/NameConstraints.intermediate2.cert  |    Bin 0 -> 644 bytes
 .../certs/NameConstraints.intermediate3.cert  |    Bin 0 -> 716 bytes
 .../certs/NameConstraints.intermediate4.cert  |    Bin 0 -> 607 bytes
 .../certs/NameConstraints.intermediate5.cert  |    Bin 0 -> 612 bytes
 .../certs/NameConstraints.intermediate6.cert  |    Bin 0 -> 611 bytes
 .../libpkix/certs/NameConstraints.ncca.cert   |    Bin 0 -> 672 bytes
 .../certs/NameConstraints.server1.cert        |    Bin 0 -> 660 bytes
 .../certs/NameConstraints.server10.cert       |    Bin 0 -> 560 bytes
 .../certs/NameConstraints.server11.cert       |    Bin 0 -> 585 bytes
 .../certs/NameConstraints.server12.cert       |    Bin 0 -> 562 bytes
 .../certs/NameConstraints.server13.cert       |    Bin 0 -> 574 bytes
 .../certs/NameConstraints.server14.cert       |    Bin 0 -> 574 bytes
 .../certs/NameConstraints.server15.cert       |    Bin 0 -> 634 bytes
 .../certs/NameConstraints.server16.cert       |    Bin 0 -> 612 bytes
 .../certs/NameConstraints.server17.cert       |    Bin 0 -> 630 bytes
 .../certs/NameConstraints.server2.cert        |    Bin 0 -> 643 bytes
 .../certs/NameConstraints.server3.cert        |    Bin 0 -> 660 bytes
 .../certs/NameConstraints.server4.cert        |    Bin 0 -> 663 bytes
 .../certs/NameConstraints.server5.cert        |    Bin 0 -> 646 bytes
 .../certs/NameConstraints.server6.cert        |    Bin 0 -> 663 bytes
 .../certs/NameConstraints.server7.cert        |    Bin 0 -> 578 bytes
 .../certs/NameConstraints.server8.cert        |    Bin 0 -> 564 bytes
 .../certs/NameConstraints.server9.cert        |    Bin 0 -> 551 bytes
 nss/tests/libpkix/certs/OCSPCA1.cert          |    Bin 0 -> 574 bytes
 nss/tests/libpkix/certs/OCSPCA1.p12           |    Bin 0 -> 1690 bytes
 nss/tests/libpkix/certs/OCSPCA2.cert          |    Bin 0 -> 574 bytes
 nss/tests/libpkix/certs/OCSPCA2.p12           |    Bin 0 -> 1690 bytes
 nss/tests/libpkix/certs/OCSPCA3.cert          |    Bin 0 -> 574 bytes
 nss/tests/libpkix/certs/OCSPCA3.p12           |    Bin 0 -> 1690 bytes
 nss/tests/libpkix/certs/OCSPEE11.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE12.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE13.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE14.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE15.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE21.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE22.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE23.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE31.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE32.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPEE33.cert         |    Bin 0 -> 552 bytes
 nss/tests/libpkix/certs/OCSPRoot.cert         |    Bin 0 -> 549 bytes
 nss/tests/libpkix/certs/OCSPRoot.p12          |    Bin 0 -> 1668 bytes
 nss/tests/libpkix/certs/PayPalEE.cert         |    Bin 0 -> 1376 bytes
 nss/tests/libpkix/certs/PayPalICA.cert        |    Bin 0 -> 1205 bytes
 nss/tests/libpkix/certs/PayPalRootCA.cert     |    Bin 0 -> 969 bytes
 nss/tests/libpkix/certs/TestCA.ca.cert        |    Bin 0 -> 628 bytes
 nss/tests/libpkix/certs/TestUser50.cert       |    Bin 0 -> 615 bytes
 nss/tests/libpkix/certs/TestUser51.cert       |    Bin 0 -> 615 bytes
 .../certs/TrustAnchorRootCertificate.crt      |    Bin 0 -> 572 bytes
 .../certs/ValidCertificatePathTest1EE.crt     |    Bin 0 -> 622 bytes
 nss/tests/libpkix/certs/anchor2dsa            |    Bin 0 -> 906 bytes
 nss/tests/libpkix/certs/crldiff.crl           |    Bin 0 -> 237 bytes
 nss/tests/libpkix/certs/crlgood.crl           |    Bin 0 -> 237 bytes
 .../certs/extKeyUsage/codeSigningEKUCert      |    Bin 0 -> 696 bytes
 .../libpkix/certs/extKeyUsage/multiEKUCert    |    Bin 0 -> 716 bytes
 nss/tests/libpkix/certs/extKeyUsage/noEKUCert |    Bin 0 -> 742 bytes
 .../libpkix/certs/generalName/altNameDnCert   |    Bin 0 -> 748 bytes
 .../certs/generalName/altNameDnCert_diff      |    Bin 0 -> 747 bytes
 .../libpkix/certs/generalName/altNameDnsCert  |    Bin 0 -> 700 bytes
 .../certs/generalName/altNameDnsCert_diff     |    Bin 0 -> 700 bytes
 .../libpkix/certs/generalName/altNameEdiCert  |    Bin 0 -> 702 bytes
 .../certs/generalName/altNameEdiCert_diff     |    Bin 0 -> 700 bytes
 .../libpkix/certs/generalName/altNameIpCert   |    Bin 0 -> 692 bytes
 .../certs/generalName/altNameIpCert_diff      |    Bin 0 -> 692 bytes
 .../libpkix/certs/generalName/altNameNoneCert |    Bin 0 -> 742 bytes
 .../libpkix/certs/generalName/altNameOidCert  |    Bin 0 -> 691 bytes
 .../certs/generalName/altNameOidCert_diff     |    Bin 0 -> 694 bytes
 .../certs/generalName/altNameOtherCert        |    Bin 0 -> 698 bytes
 .../certs/generalName/altNameOtherCert_diff   |    Bin 0 -> 698 bytes
 .../certs/generalName/altNameRfc822Cert       |    Bin 0 -> 740 bytes
 .../certs/generalName/altNameRfc822Cert_diff  |    Bin 0 -> 703 bytes
 .../certs/generalName/altNameRfc822DnsCert    |    Bin 0 -> 718 bytes
 .../libpkix/certs/generalName/altNameUriCert  |    Bin 0 -> 706 bytes
 .../certs/generalName/altNameUriCert_diff     |    Bin 0 -> 708 bytes
 .../libpkix/certs/generalName/altNameX400Cert |    Bin 0 -> 691 bytes
 .../certs/generalName/altNameX400Cert_diff    |    Bin 0 -> 691 bytes
 nss/tests/libpkix/certs/hanfeiyu2hanfeiyu     |    Bin 0 -> 669 bytes
 nss/tests/libpkix/certs/hy2hc-bc              |    Bin 0 -> 668 bytes
 nss/tests/libpkix/certs/hy2hy-bc0             |    Bin 0 -> 685 bytes
 nss/tests/libpkix/certs/issuer-hanfei.crl     |    Bin 0 -> 199 bytes
 nss/tests/libpkix/certs/issuer-none.crl       |    Bin 0 -> 196 bytes
 .../libpkix/certs/keyIdentifier/authKeyIDCert |    Bin 0 -> 536 bytes
 .../libpkix/certs/keyIdentifier/subjKeyIDCert |    Bin 0 -> 906 bytes
 .../libpkix/certs/keyUsage/decipherOnlyCert   |    Bin 0 -> 692 bytes
 .../libpkix/certs/keyUsage/encipherOnlyCert   |    Bin 0 -> 692 bytes
 .../libpkix/certs/keyUsage/multiKeyUsagesCert |    Bin 0 -> 742 bytes
 .../libpkix/certs/keyUsage/noKeyUsagesCert    |    Bin 0 -> 675 bytes
 nss/tests/libpkix/certs/make-ca-u50-u51       |     37 +
 nss/tests/libpkix/certs/make-nc               |    508 +
 nss/tests/libpkix/certs/noExtensionsCert      |    Bin 0 -> 680 bytes
 nss/tests/libpkix/certs/nss2alice             |    Bin 0 -> 602 bytes
 .../libpkix/certs/publicKey/dsaWithParams     |    Bin 0 -> 906 bytes
 .../libpkix/certs/publicKey/dsaWithoutParams  |    Bin 0 -> 536 bytes
 nss/tests/libpkix/certs/publicKey/labs2yassir |    Bin 0 -> 676 bytes
 nss/tests/libpkix/certs/publicKey/yassir2labs |    Bin 0 -> 676 bytes
 nss/tests/libpkix/certs/sun2sun               |    Bin 0 -> 666 bytes
 nss/tests/libpkix/certs/yassir2bcn            |    Bin 0 -> 742 bytes
 nss/tests/libpkix/certs/yassir2yassir         |    Bin 0 -> 760 bytes
 nss/tests/libpkix/common/libpkix_init.sh      |    324 +
 nss/tests/libpkix/common/libpkix_init_nist.sh |     70 +
 nss/tests/libpkix/libpkix.sh                  |    139 +
 .../libpkix/pkix_pl_tests/module/cert8.db     |    Bin 0 -> 65536 bytes
 .../libpkix/pkix_pl_tests/module/key3.db      |    Bin 0 -> 32768 bytes
 .../module/rev_data/local/crldiff.crl         |    Bin 0 -> 237 bytes
 .../module/rev_data/local/crlgood.crl         |    Bin 0 -> 237 bytes
 .../module/rev_data/local/issuer-hanfei.crl   |    Bin 0 -> 199 bytes
 .../module/rev_data/local/issuer-none.crl     |    Bin 0 -> 196 bytes
 .../module/rev_data/test_eku_all.crt          |    Bin 0 -> 774 bytes
 .../rev_data/test_eku_allbutcodesigningEE.crt |    Bin 0 -> 732 bytes
 .../module/rev_data/test_eku_clientauth.crt   |    Bin 0 -> 726 bytes
 .../module/rev_data/test_eku_clientauthEE.crt |    Bin 0 -> 694 bytes
 .../test_eku_codesigning_clientauth.crt       |    Bin 0 -> 734 bytes
 .../pkix_pl_tests/module/runPLTests.sh        |    101 +
 .../libpkix/pkix_pl_tests/module/secmod.db    |    Bin 0 -> 32768 bytes
 .../pkix_pl_tests/pki/rev_data/local/README   |      3 +
 .../pki/rev_data/local/crldiff.crl            |    Bin 0 -> 237 bytes
 .../pki/rev_data/local/crlgood.crl            |    Bin 0 -> 237 bytes
 .../pki/rev_data/local/issuer-hanfei.crl      |    Bin 0 -> 199 bytes
 .../pki/rev_data/local/issuer-none.crl        |    Bin 0 -> 196 bytes
 .../libpkix/pkix_pl_tests/pki/runPLTests.sh   |     81 +
 nss/tests/libpkix/pkix_pl_tests/runPLTests.sh |     67 +
 .../pkix_pl_tests/system/runPLTests.sh        |     46 +
 nss/tests/libpkix/pkix_tests/certsel/keyUsage |      0
 .../libpkix/pkix_tests/certsel/runTests.sh    |     33 +
 .../libpkix/pkix_tests/checker/runTests.sh    |     31 +
 .../libpkix/pkix_tests/crlsel/runTests.sh     |     33 +
 .../libpkix/pkix_tests/params/runTests.sh     |     36 +
 .../libpkix/pkix_tests/results/runTests.sh    |     36 +
 nss/tests/libpkix/pkix_tests/runTests.sh      |     98 +
 .../libpkix/pkix_tests/store/runTests.sh      |     32 +
 .../libpkix/pkix_tests/top/anchorcert.crt     |    Bin 0 -> 694 bytes
 .../backtracking/signature/greg.crl           |    Bin 0 -> 169 bytes
 .../signature/greg2yassir_badsig.crt          |    Bin 0 -> 689 bytes
 .../build_data/backtracking/signature/jes.crl |    Bin 0 -> 153 bytes
 .../backtracking/signature/jes2greg.crt       |    Bin 0 -> 671 bytes
 .../backtracking/signature/jes2jes.crt        |    Bin 0 -> 656 bytes
 .../backtracking/signature/jes2labs.crt       |    Bin 0 -> 555 bytes
 .../backtracking/signature/labs.crl           |    Bin 0 -> 155 bytes
 .../backtracking/signature/labs2yassir.crt    |    Bin 0 -> 675 bytes
 .../backtracking/signature/yassir.crl         |    Bin 0 -> 173 bytes
 .../backtracking/signature/yassir2hanfei.crt  |    Bin 0 -> 692 bytes
 .../multi_path/signature/fail/greg.crl        |    Bin 0 -> 169 bytes
 .../multi_path/signature/fail/greg2yassir.crt |    Bin 0 -> 689 bytes
 .../multi_path/signature/fail/jes.crl         |    Bin 0 -> 153 bytes
 .../multi_path/signature/fail/jes2greg.crt    |    Bin 0 -> 671 bytes
 .../multi_path/signature/fail/jes2jes.crt     |    Bin 0 -> 656 bytes
 .../multi_path/signature/fail/jes2labs.crt    |    Bin 0 -> 555 bytes
 .../multi_path/signature/fail/labs.crl        |    Bin 0 -> 155 bytes
 .../multi_path/signature/fail/labs2yassir.crt |    Bin 0 -> 676 bytes
 .../multi_path/signature/fail/yassir.crl      |    Bin 0 -> 173 bytes
 .../signature/fail/yassir2hanfei.crt          |    Bin 0 -> 692 bytes
 .../multi_path/signature/pass/greg.crl        |    Bin 0 -> 169 bytes
 .../multi_path/signature/pass/greg2yassir.crt |    Bin 0 -> 689 bytes
 .../multi_path/signature/pass/jes.crl         |    Bin 0 -> 153 bytes
 .../multi_path/signature/pass/jes2greg.crt    |    Bin 0 -> 671 bytes
 .../multi_path/signature/pass/jes2jes.crt     |    Bin 0 -> 656 bytes
 .../multi_path/signature/pass/jes2labs.crt    |    Bin 0 -> 555 bytes
 .../multi_path/signature/pass/labs.crl        |    Bin 0 -> 155 bytes
 .../multi_path/signature/pass/labs2yassir.crt |    Bin 0 -> 676 bytes
 .../multi_path/signature/pass/yassir.crl      |    Bin 0 -> 173 bytes
 .../signature/pass/yassir2hanfei.crt          |    Bin 0 -> 692 bytes
 .../single_path/signature/fail/greg.crl       |    Bin 0 -> 169 bytes
 .../signature/fail/greg2yassir_badsig.crt     |    Bin 0 -> 689 bytes
 .../single_path/signature/fail/jes.crl        |    Bin 0 -> 153 bytes
 .../single_path/signature/fail/jes2greg.crt   |    Bin 0 -> 671 bytes
 .../single_path/signature/fail/jes2jes.crt    |    Bin 0 -> 656 bytes
 .../single_path/signature/fail/yassir.crl     |    Bin 0 -> 173 bytes
 .../signature/fail/yassir2hanfei.crt          |    Bin 0 -> 692 bytes
 .../single_path/signature/pass/greg.crl       |    Bin 0 -> 169 bytes
 .../signature/pass/greg2yassir.crt            |    Bin 0 -> 689 bytes
 .../single_path/signature/pass/jes.crl        |    Bin 0 -> 153 bytes
 .../single_path/signature/pass/jes2greg.crt   |    Bin 0 -> 671 bytes
 .../single_path/signature/pass/jes2jes.crt    |    Bin 0 -> 656 bytes
 .../single_path/signature/pass/yassir.crl     |    Bin 0 -> 173 bytes
 .../signature/pass/yassir2hanfei.crt          |    Bin 0 -> 692 bytes
 .../top/build_data/test1/greg2yassir.crt      |    Bin 0 -> 689 bytes
 .../top/build_data/test1/jes2greg.crt         |    Bin 0 -> 671 bytes
 .../top/build_data/test1/jes2jes.crt          |    Bin 0 -> 656 bytes
 .../top/build_data/test1/jes2labs.crt         |    Bin 0 -> 555 bytes
 .../top/build_data/test1/labs2yassir.crt      |    Bin 0 -> 676 bytes
 .../top/build_data/test1/yassir2hanfei.crt    |    Bin 0 -> 692 bytes
 .../top/build_data/test1/yassir2richard.crt   |    Bin 0 -> 520 bytes
 .../top/build_data/test2/jes2greg.crt         |    Bin 0 -> 671 bytes
 .../top/build_data/test2/jes2jes.crt          |    Bin 0 -> 656 bytes
 .../top/build_data/test2/jes2labs.crt         |    Bin 0 -> 555 bytes
 .../top/build_data/test2/labs2yassir.crt      |    Bin 0 -> 669 bytes
 .../top/build_data/test2/nelson2yassir.crt    |    Bin 0 -> 676 bytes
 .../top/build_data/test2/yassir2hanfei.crt    |    Bin 0 -> 692 bytes
 .../top/build_data/test2/yassir2richard.crt   |    Bin 0 -> 520 bytes
 .../top/build_data/test3/jes2greg.crt         |    Bin 0 -> 671 bytes
 .../top/build_data/test3/jes2jes.crt          |    Bin 0 -> 656 bytes
 .../top/build_data/test3/jes2labs.crt         |    Bin 0 -> 555 bytes
 .../top/build_data/test3/labs2yassir.crt      |    Bin 0 -> 669 bytes
 .../top/build_data/test3/nelson2yassir.crt    |    Bin 0 -> 676 bytes
 .../top/build_data/test3/yassir2hanfei.crt    |    Bin 0 -> 692 bytes
 nss/tests/libpkix/pkix_tests/top/cert8.db     |    Bin 0 -> 65536 bytes
 nss/tests/libpkix/pkix_tests/top/goodcert.crt |    Bin 0 -> 1031 bytes
 nss/tests/libpkix/pkix_tests/top/key3.db      |    Bin 0 -> 32768 bytes
 .../top/rev_data/crlchecker/chem.crl          |    Bin 0 -> 239 bytes
 .../top/rev_data/crlchecker/chem2prof.crt     |    Bin 0 -> 709 bytes
 .../top/rev_data/crlchecker/phy2prof.crt      |    Bin 0 -> 707 bytes
 .../top/rev_data/crlchecker/phys.crl          |    Bin 0 -> 201 bytes
 .../top/rev_data/crlchecker/prof.crl          |    Bin 0 -> 203 bytes
 .../top/rev_data/crlchecker/prof2test.crt     |    Bin 0 -> 691 bytes
 .../top/rev_data/crlchecker/sci.crl           |    Bin 0 -> 200 bytes
 .../top/rev_data/crlchecker/sci2chem.crt      |    Bin 0 -> 707 bytes
 .../top/rev_data/crlchecker/sci2phy.crt       |    Bin 0 -> 703 bytes
 .../top/rev_data/crlchecker/sci2sci.crt       |    Bin 0 -> 703 bytes
 .../top/rev_data/crlchecker/test.crl          |    Bin 0 -> 205 bytes
 .../libpkix/pkix_tests/top/revokedcert.crt    |    Bin 0 -> 1034 bytes
 nss/tests/libpkix/pkix_tests/top/runTests.sh  |    517 +
 nss/tests/libpkix/pkix_tests/top/secmod.db    |    Bin 0 -> 32768 bytes
 nss/tests/libpkix/pkix_tests/util/runTests.sh |     33 +
 nss/tests/libpkix/runTests.sh                 |     87 +
 nss/tests/libpkix/sample_apps/README          |     77 +
 nss/tests/libpkix/sample_apps/cert8.db        |    Bin 0 -> 65536 bytes
 nss/tests/libpkix/sample_apps/key3.db         |    Bin 0 -> 32768 bytes
 nss/tests/libpkix/sample_apps/runPerf.sh      |    143 +
 nss/tests/libpkix/sample_apps/secmod.db       |    Bin 0 -> 32768 bytes
 nss/tests/libpkix/vfychain_test.lst           |      4 +
 nss/tests/lowhash/lowhash.sh                  |     97 +
 nss/tests/memleak/ignored                     |     58 +
 nss/tests/memleak/memleak.sh                  |    915 +
 nss/tests/memleak/sslreq.dat                  |      2 +
 nss/tests/merge/merge.sh                      |    277 +
 nss/tests/mksymlinks                          |    115 +
 nss/tests/mpi/mpi.sh                          |     40 +
 nss/tests/multinit/multinit.sh                |    158 +
 nss/tests/multinit/multinit.txt               |     79 +
 nss/tests/nssdir                              |     28 +
 nss/tests/nsspath                             |     12 +
 nss/tests/nssqa                               |    286 +
 nss/tests/ocsp/ocsp.sh                        |     54 +
 nss/tests/path_uniq                           |    107 +
 nss/tests/perf/perf.sh                        |     61 +
 .../netscape/suites/security/ssl/cert7.db     |    Bin 0 -> 90112 bytes
 .../netscape/suites/security/ssl/key3.db      |    Bin 0 -> 16384 bytes
 nss/tests/pkits/pkits.sh                      |   1988 +
 nss/tests/platformlist                        |     11 +
 nss/tests/platformlist.tbx                    |     14 +
 nss/tests/qa_stage                            |    336 +
 nss/tests/qa_stat                             |    938 +
 nss/tests/qaclean                             |    144 +
 nss/tests/remote/Makefile                     |    153 +
 nss/tests/remote/manifest.mn                  |      6 +
 nss/tests/run_niscc.sh                        |    982 +
 nss/tests/sdr/sdr.sh                          |    111 +
 nss/tests/set_environment                     |    234 +
 nss/tests/smime/alice.txt                     |      6 +
 nss/tests/smime/bob.txt                       |      6 +
 nss/tests/smime/smime.sh                      |    259 +
 nss/tests/ssl/ssl.sh                          |   1199 +
 nss/tests/ssl/ssl_dist_stress.sh              |    313 +
 nss/tests/ssl/sslauth.txt                     |     76 +
 nss/tests/ssl/sslcov.txt                      |    143 +
 nss/tests/ssl/sslpolicy.txt                   |    174 +
 nss/tests/ssl/sslreq.dat                      |      2 +
 nss/tests/ssl/sslreq.txt                      |      2 +
 nss/tests/ssl/sslstress.txt                   |     87 +
 nss/tests/ssl_gtests/ssl_gtests.sh            |    159 +
 nss/tests/tools/sign.html                     |      8 +
 nss/tests/tools/signjs.html                   |     11 +
 nss/tests/tools/tools.sh                      |    498 +
 nss/trademarks.txt                            |    129 +
 3764 files changed, 1221505 insertions(+)
 create mode 100644 README.md
 create mode 100644 ca/cert_creation.sh
 create mode 100644 ca/client_db/cert.req
 create mode 100644 ca/client_db/cert.req2
 create mode 100644 ca/client_db/cert8.db
 create mode 100644 ca/client_db/key3.db
 create mode 100644 ca/client_db/secmod.db
 create mode 100644 ca/client_db/server.crt
 create mode 100644 ca/noise.txt
 create mode 100644 ca/server_db/cert.req
 create mode 100644 ca/server_db/cert.req2
 create mode 100644 ca/server_db/cert8.db
 create mode 100644 ca/server_db/key3.db
 create mode 100644 ca/server_db/secmod.db
 create mode 100644 ca/server_db/server.crt
 create mode 100644 nss/.clang-format
 create mode 100644 nss/.gitignore
 create mode 100644 nss/.hg_archival.txt
 create mode 100644 nss/.hgignore
 create mode 100644 nss/.taskcluster.yml
 create mode 100644 nss/COPYING
 create mode 100644 nss/Makefile
 create mode 100644 nss/automation/buildbot-slave/bbenv-example.sh
 create mode 100755 nss/automation/buildbot-slave/build.sh
 create mode 100644 nss/automation/buildbot-slave/reboot.bat
 create mode 100644 nss/automation/buildbot-slave/startbuild.bat
 create mode 100755 nss/automation/ossfuzz/build.sh
 create mode 100644 nss/automation/release/nss-release-helper.py
 create mode 100644 nss/automation/taskcluster/docker-aarch64/Dockerfile
 create mode 100755 nss/automation/taskcluster/docker-aarch64/bin/checkout.sh
 create mode 100755 nss/automation/taskcluster/docker-aarch64/setup.sh
 create mode 100644 nss/automation/taskcluster/docker-arm/Dockerfile
 create mode 100755 nss/automation/taskcluster/docker-arm/bin/checkout.sh
 create mode 100755 nss/automation/taskcluster/docker-arm/bin/uname.sh
 create mode 100755 nss/automation/taskcluster/docker-arm/setup.sh
 create mode 100644 nss/automation/taskcluster/docker-decision/Dockerfile
 create mode 100644 nss/automation/taskcluster/docker-decision/bin/checkout.sh
 create mode 100644 nss/automation/taskcluster/docker-decision/setup.sh
 create mode 100644 nss/automation/taskcluster/docker-fuzz/Dockerfile
 create mode 100644 nss/automation/taskcluster/docker-fuzz/bin/checkout.sh
 create mode 100644 nss/automation/taskcluster/docker-fuzz/setup.sh
 create mode 100644 nss/automation/taskcluster/docker/Dockerfile
 create mode 100644 nss/automation/taskcluster/docker/bin/checkout.sh
 create mode 100644 nss/automation/taskcluster/docker/setup.sh
 create mode 100644 nss/automation/taskcluster/graph/npm-shrinkwrap.json
 create mode 100644 nss/automation/taskcluster/graph/package.json
 create mode 100644 nss/automation/taskcluster/graph/src/context_hash.js
 create mode 100644 nss/automation/taskcluster/graph/src/extend.js
 create mode 100644 nss/automation/taskcluster/graph/src/image_builder.js
 create mode 100644 nss/automation/taskcluster/graph/src/index.js
 create mode 100644 nss/automation/taskcluster/graph/src/merge.js
 create mode 100644 nss/automation/taskcluster/graph/src/queue.js
 create mode 100644 nss/automation/taskcluster/graph/src/try_syntax.js
 create mode 100755 nss/automation/taskcluster/scripts/build.sh
 create mode 100755 nss/automation/taskcluster/scripts/build_gyp.sh
 create mode 100755 nss/automation/taskcluster/scripts/build_nspr.sh
 create mode 100755 nss/automation/taskcluster/scripts/build_nss.sh
 create mode 100755 nss/automation/taskcluster/scripts/build_softoken.sh
 create mode 100755 nss/automation/taskcluster/scripts/build_util.sh
 create mode 100755 nss/automation/taskcluster/scripts/extend_task_graph.sh
 create mode 100755 nss/automation/taskcluster/scripts/fuzz.sh
 create mode 100755 nss/automation/taskcluster/scripts/gen_certs.sh
 create mode 100755 nss/automation/taskcluster/scripts/run_clang_format.sh
 create mode 100755 nss/automation/taskcluster/scripts/run_scan_build.sh
 create mode 100755 nss/automation/taskcluster/scripts/run_tests.sh
 create mode 100644 nss/automation/taskcluster/scripts/split.sh
 create mode 100644 nss/automation/taskcluster/scripts/tools.sh
 create mode 100644 nss/automation/taskcluster/windows/build.sh
 create mode 100644 nss/automation/taskcluster/windows/gen_certs.sh
 create mode 100644 nss/automation/taskcluster/windows/releng.manifest
 create mode 100644 nss/automation/taskcluster/windows/run_tests.sh
 create mode 100644 nss/automation/taskcluster/windows/setup.sh
 create mode 100755 nss/automation/travis/validate-formatting.sh
 create mode 100755 nss/build.sh
 create mode 100644 nss/cmd/Makefile
 create mode 100644 nss/cmd/addbuiltin/Makefile
 create mode 100644 nss/cmd/addbuiltin/addbuiltin.c
 create mode 100644 nss/cmd/addbuiltin/addbuiltin.gyp
 create mode 100644 nss/cmd/addbuiltin/manifest.mn
 create mode 100644 nss/cmd/atob/Makefile
 create mode 100644 nss/cmd/atob/atob.c
 create mode 100644 nss/cmd/atob/atob.gyp
 create mode 100644 nss/cmd/atob/manifest.mn
 create mode 100644 nss/cmd/benchmark/.gitignore
 create mode 100644 nss/cmd/benchmark/Makefile
 create mode 100644 nss/cmd/benchmark/README.md
 create mode 120000 nss/cmd/benchmark/client_db
 create mode 100644 nss/cmd/benchmark/main.c
 create mode 100644 nss/cmd/benchmark/manifest.mn
 create mode 100644 nss/cmd/benchmark/messages.txt
 create mode 100644 nss/cmd/bltest/Makefile
 create mode 100644 nss/cmd/bltest/blapitest.c
 create mode 100644 nss/cmd/bltest/bltest.gyp
 create mode 100644 nss/cmd/bltest/manifest.mn
 create mode 100644 nss/cmd/bltest/pkcs1_vectors.h
 create mode 100644 nss/cmd/bltest/tests/README
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext10
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext11
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext12
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext13
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext14
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext15
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext16
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext17
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext18
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext19
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext20
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext21
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext22
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext23
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext24
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext6
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext7
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext8
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/ciphertext9
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv0
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv1
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv10
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv11
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv12
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv13
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv14
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv15
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv16
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv17
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv18
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv19
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv2
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv20
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv21
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv22
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv23
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv24
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv3
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv4
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv5
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv6
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv7
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv8
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/iv9
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key0
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key1
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key10
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key11
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key12
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key13
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key14
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key15
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key16
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key17
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key18
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key19
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key2
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key20
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key21
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key22
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key23
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key24
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key3
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key4
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key5
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key6
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key7
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key8
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/key9
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/mktst.sh
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/numtests
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext0
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext1
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext10
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext11
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext12
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext13
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext14
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext15
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext16
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext17
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext18
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext19
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext2
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext20
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext21
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext22
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext23
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext24
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext3
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext4
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext5
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext6
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext7
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext8
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/plaintext9
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test1.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test10.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test11.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test12.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test13.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test14.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test15.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test16.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test17.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test18.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test19.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test2.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test20.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test21.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test22.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test23.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test24.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test3.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test4.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test5.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test6.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test7.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test8.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cbc/test9.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/aes_ctr_0.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/aes_ctr_1.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/aes_ctr_2.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/aes_ctr_tests_source.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/iv0
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/iv1
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/iv2
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/key0
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/key1
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/key2
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/mktst.sh
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/numtests
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/plaintext0
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/plaintext1
 create mode 100644 nss/cmd/bltest/tests/aes_ctr/plaintext2
 create mode 100644 nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
 create mode 100644 nss/cmd/bltest/tests/aes_cts/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/aes_cts/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/aes_cts/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/aes_cts/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/aes_cts/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/aes_cts/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/aes_cts/iv0
 create mode 100644 nss/cmd/bltest/tests/aes_cts/iv1
 create mode 100644 nss/cmd/bltest/tests/aes_cts/iv2
 create mode 100644 nss/cmd/bltest/tests/aes_cts/iv3
 create mode 100644 nss/cmd/bltest/tests/aes_cts/iv4
 create mode 100644 nss/cmd/bltest/tests/aes_cts/iv5
 create mode 100644 nss/cmd/bltest/tests/aes_cts/key0
 create mode 100644 nss/cmd/bltest/tests/aes_cts/key1
 create mode 100644 nss/cmd/bltest/tests/aes_cts/key2
 create mode 100644 nss/cmd/bltest/tests/aes_cts/key3
 create mode 100644 nss/cmd/bltest/tests/aes_cts/key4
 create mode 100644 nss/cmd/bltest/tests/aes_cts/key5
 create mode 100644 nss/cmd/bltest/tests/aes_cts/mktst.sh
 create mode 100644 nss/cmd/bltest/tests/aes_cts/numtests
 create mode 100644 nss/cmd/bltest/tests/aes_cts/plaintext0
 create mode 100644 nss/cmd/bltest/tests/aes_cts/plaintext1
 create mode 100644 nss/cmd/bltest/tests/aes_cts/plaintext2
 create mode 100644 nss/cmd/bltest/tests/aes_cts/plaintext3
 create mode 100644 nss/cmd/bltest/tests/aes_cts/plaintext4
 create mode 100644 nss/cmd/bltest/tests/aes_cts/plaintext5
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/ciphertext6
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/key0
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/key1
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/key2
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/key3
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/key4
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/key5
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/key6
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/mktst.sh
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/numtests
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/plaintext0
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/plaintext1
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/plaintext2
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/plaintext3
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/plaintext4
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/plaintext5
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/plaintext6
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/test1.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/test2.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/test3.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/test4.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/test5.txt
 create mode 100644 nss/cmd/bltest/tests/aes_ecb/test6.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad0
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad1
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad10
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad11
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad12
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad13
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad14
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad15
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad16
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad17
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad2
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad3
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad4
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad5
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad6
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad7
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad8
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/aad9
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext10
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext11
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext12
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext13
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext14
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext15
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext16
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext17
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext6
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext7
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext8
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/ciphertext9
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/hex.c
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv0
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv1
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv10
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv11
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv12
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv13
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv14
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv15
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv16
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv17
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv2
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv3
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv4
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv5
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv6
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv7
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv8
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/iv9
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key0
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key1
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key10
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key11
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key12
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key13
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key14
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key15
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key16
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key17
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key2
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key3
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key4
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key5
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key6
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key7
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key8
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/key9
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/mktst.sh
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/numtests
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext0
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext1
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext10
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext11
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext12
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext13
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext14
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext15
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext16
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext17
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext2
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext3
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext4
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext5
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext6
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext7
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext8
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/plaintext9
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test0.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test1.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test10.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test11.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test12.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test13.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test14.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test15.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test16.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test17.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test2.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test3.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test4.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test5.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test6.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test7.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test8.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test9.txt
 create mode 100644 nss/cmd/bltest/tests/aes_gcm/test_source.txt
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/iv0
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/key0
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/key1
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/key2
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/numtests
 create mode 100644 nss/cmd/bltest/tests/camellia_cbc/plaintext0
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/key0
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/key1
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/key2
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/numtests
 create mode 100644 nss/cmd/bltest/tests/camellia_ecb/plaintext0
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/aad0
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/aad1
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/iv0
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/iv1
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/key0
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/key1
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/numtests
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/plaintext0
 create mode 100644 nss/cmd/bltest/tests/chacha20_poly1305/plaintext1
 create mode 100644 nss/cmd/bltest/tests/des3_cbc/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/des3_cbc/iv0
 create mode 100644 nss/cmd/bltest/tests/des3_cbc/key0
 create mode 100644 nss/cmd/bltest/tests/des3_cbc/numtests
 create mode 100644 nss/cmd/bltest/tests/des3_cbc/plaintext0
 create mode 100644 nss/cmd/bltest/tests/des3_ecb/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/des3_ecb/key0
 create mode 100644 nss/cmd/bltest/tests/des3_ecb/numtests
 create mode 100644 nss/cmd/bltest/tests/des3_ecb/plaintext0
 create mode 100644 nss/cmd/bltest/tests/des_cbc/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/des_cbc/iv0
 create mode 100644 nss/cmd/bltest/tests/des_cbc/key0
 create mode 100644 nss/cmd/bltest/tests/des_cbc/numtests
 create mode 100644 nss/cmd/bltest/tests/des_cbc/plaintext0
 create mode 100644 nss/cmd/bltest/tests/des_ecb/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/des_ecb/key0
 create mode 100644 nss/cmd/bltest/tests/des_ecb/numtests
 create mode 100644 nss/cmd/bltest/tests/des_ecb/plaintext0
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext10
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext11
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext12
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext13
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext14
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext15
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext16
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext17
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext18
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext19
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext20
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext6
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext7
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext8
 create mode 100644 nss/cmd/bltest/tests/dsa/ciphertext9
 create mode 100644 nss/cmd/bltest/tests/dsa/dsa_fips.txt
 create mode 100644 nss/cmd/bltest/tests/dsa/key0
 create mode 100644 nss/cmd/bltest/tests/dsa/key1
 create mode 100644 nss/cmd/bltest/tests/dsa/key10
 create mode 100644 nss/cmd/bltest/tests/dsa/key11
 create mode 100644 nss/cmd/bltest/tests/dsa/key12
 create mode 100644 nss/cmd/bltest/tests/dsa/key13
 create mode 100644 nss/cmd/bltest/tests/dsa/key14
 create mode 100644 nss/cmd/bltest/tests/dsa/key15
 create mode 100644 nss/cmd/bltest/tests/dsa/key16
 create mode 100644 nss/cmd/bltest/tests/dsa/key17
 create mode 100644 nss/cmd/bltest/tests/dsa/key18
 create mode 100644 nss/cmd/bltest/tests/dsa/key19
 create mode 100644 nss/cmd/bltest/tests/dsa/key2
 create mode 100644 nss/cmd/bltest/tests/dsa/key20
 create mode 100644 nss/cmd/bltest/tests/dsa/key3
 create mode 100644 nss/cmd/bltest/tests/dsa/key4
 create mode 100644 nss/cmd/bltest/tests/dsa/key5
 create mode 100644 nss/cmd/bltest/tests/dsa/key6
 create mode 100644 nss/cmd/bltest/tests/dsa/key7
 create mode 100644 nss/cmd/bltest/tests/dsa/key8
 create mode 100644 nss/cmd/bltest/tests/dsa/key9
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed0
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed1
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed10
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed11
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed12
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed13
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed14
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed15
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed16
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed17
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed18
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed19
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed2
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed20
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed3
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed4
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed5
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed6
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed7
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed8
 create mode 100644 nss/cmd/bltest/tests/dsa/keyseed9
 create mode 100644 nss/cmd/bltest/tests/dsa/numtests
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext0
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext1
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext10
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext11
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext12
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext13
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext14
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext15
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext16
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext17
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext18
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext19
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext2
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext20
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext3
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext4
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext5
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext6
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext7
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext8
 create mode 100644 nss/cmd/bltest/tests/dsa/plaintext9
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg0
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg1
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg10
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg11
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg12
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg13
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg14
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg15
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg16
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg17
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg18
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg19
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg2
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg20
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg3
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg4
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg5
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg6
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg7
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg8
 create mode 100644 nss/cmd/bltest/tests/dsa/pqg9
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed0
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed1
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed10
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed11
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed12
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed13
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed14
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed15
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed16
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed17
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed18
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed19
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed2
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed20
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed3
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed4
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed5
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed6
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed7
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed8
 create mode 100644 nss/cmd/bltest/tests/dsa/sigseed9
 create mode 100644 nss/cmd/bltest/tests/ecdsa/README
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext10
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext11
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext12
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext13
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext14
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext15
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext16
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext17
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext18
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext19
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext20
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext6
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext7
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext8
 create mode 100644 nss/cmd/bltest/tests/ecdsa/ciphertext9
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key0
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key1
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key10
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key11
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key12
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key13
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key14
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key15
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key16
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key17
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key18
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key19
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key2
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key20
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key3
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key4
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key5
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key6
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key7
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key8
 create mode 100644 nss/cmd/bltest/tests/ecdsa/key9
 create mode 100644 nss/cmd/bltest/tests/ecdsa/numtests
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext0
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext1
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext10
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext11
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext12
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext13
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext14
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext15
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext16
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext17
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext18
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext19
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext2
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext20
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext3
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext4
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext5
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext6
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext7
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext8
 create mode 100644 nss/cmd/bltest/tests/ecdsa/plaintext9
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed0
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed1
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed10
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed11
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed12
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed13
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed14
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed15
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed16
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed17
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed18
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed19
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed2
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed20
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed3
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed4
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed5
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed6
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed7
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed8
 create mode 100644 nss/cmd/bltest/tests/ecdsa/sigseed9
 create mode 100644 nss/cmd/bltest/tests/md2/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/md2/numtests
 create mode 100644 nss/cmd/bltest/tests/md2/plaintext0
 create mode 100644 nss/cmd/bltest/tests/md5/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/md5/numtests
 create mode 100644 nss/cmd/bltest/tests/md5/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rc2_cbc/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rc2_cbc/iv0
 create mode 100644 nss/cmd/bltest/tests/rc2_cbc/key0
 create mode 100644 nss/cmd/bltest/tests/rc2_cbc/numtests
 create mode 100644 nss/cmd/bltest/tests/rc2_cbc/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rc2_ecb/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rc2_ecb/key0
 create mode 100644 nss/cmd/bltest/tests/rc2_ecb/numtests
 create mode 100644 nss/cmd/bltest/tests/rc2_ecb/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rc4/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rc4/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/rc4/key0
 create mode 100644 nss/cmd/bltest/tests/rc4/key1
 create mode 100644 nss/cmd/bltest/tests/rc4/numtests
 create mode 100644 nss/cmd/bltest/tests/rc4/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rc4/plaintext1
 create mode 100644 nss/cmd/bltest/tests/rc5_cbc/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rc5_cbc/iv0
 create mode 100644 nss/cmd/bltest/tests/rc5_cbc/key0
 create mode 100644 nss/cmd/bltest/tests/rc5_cbc/numtests
 create mode 100644 nss/cmd/bltest/tests/rc5_cbc/params0
 create mode 100644 nss/cmd/bltest/tests/rc5_cbc/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rc5_ecb/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rc5_ecb/key0
 create mode 100644 nss/cmd/bltest/tests/rc5_ecb/numtests
 create mode 100644 nss/cmd/bltest/tests/rc5_ecb/params0
 create mode 100644 nss/cmd/bltest/tests/rc5_ecb/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rsa/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rsa/key0
 create mode 100644 nss/cmd/bltest/tests/rsa/numtests
 create mode 100644 nss/cmd/bltest/tests/rsa/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext10
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext11
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext12
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext13
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext14
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext15
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext16
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext17
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext6
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext7
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext8
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/ciphertext9
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash0
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash1
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash10
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash11
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash12
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash13
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash14
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash15
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash16
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash17
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash2
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash3
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash4
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash5
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash6
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash7
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash8
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/hash9
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key0
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key1
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key10
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key11
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key12
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key13
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key14
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key15
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key16
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key17
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key2
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key3
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key4
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key5
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key6
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key7
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key8
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/key9
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash0
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash1
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash10
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash11
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash12
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash13
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash14
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash15
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash16
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash17
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash2
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash3
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash4
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash5
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash6
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash7
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash8
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/maskhash9
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/numtests
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext1
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext10
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext11
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext12
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext13
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext14
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext15
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext16
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext17
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext2
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext3
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext4
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext5
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext6
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext7
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext8
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/plaintext9
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed0
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed1
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed10
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed11
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed12
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed13
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed14
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed15
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed16
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed17
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed2
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed3
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed4
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed5
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed6
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed7
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed8
 create mode 100644 nss/cmd/bltest/tests/rsa_oaep/seed9
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext10
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext11
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext12
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext13
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext14
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext15
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext16
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext17
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext2
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext3
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext4
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext5
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext6
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext7
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext8
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/ciphertext9
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash0
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash1
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash10
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash11
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash12
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash13
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash14
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash15
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash16
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash17
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash2
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash3
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash4
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash5
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash6
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash7
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash8
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/hash9
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key0
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key1
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key10
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key11
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key12
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key13
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key14
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key15
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key16
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key17
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key2
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key3
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key4
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key5
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key6
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key7
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key8
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/key9
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash0
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash1
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash10
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash11
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash12
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash13
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash14
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash15
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash16
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash17
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash2
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash3
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash4
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash5
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash6
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash7
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash8
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/maskhash9
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/numtests
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext0
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext1
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext10
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext11
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext12
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext13
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext14
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext15
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext16
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext17
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext2
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext3
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext4
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext5
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext6
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext7
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext8
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/plaintext9
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed0
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed1
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed10
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed11
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed12
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed13
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed14
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed15
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed16
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed17
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed2
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed3
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed4
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed5
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed6
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed7
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed8
 create mode 100644 nss/cmd/bltest/tests/rsa_pss/seed9
 create mode 100644 nss/cmd/bltest/tests/seed_cbc/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/seed_cbc/iv0
 create mode 100644 nss/cmd/bltest/tests/seed_cbc/key0
 create mode 100644 nss/cmd/bltest/tests/seed_cbc/numtests
 create mode 100644 nss/cmd/bltest/tests/seed_cbc/plaintext0
 create mode 100644 nss/cmd/bltest/tests/seed_ecb/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/seed_ecb/iv0
 create mode 100644 nss/cmd/bltest/tests/seed_ecb/key0
 create mode 100644 nss/cmd/bltest/tests/seed_ecb/numtests
 create mode 100644 nss/cmd/bltest/tests/seed_ecb/plaintext0
 create mode 100644 nss/cmd/bltest/tests/sha1/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/sha1/numtests
 create mode 100644 nss/cmd/bltest/tests/sha1/plaintext0
 create mode 100644 nss/cmd/bltest/tests/sha224/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/sha224/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/sha224/numtests
 create mode 100644 nss/cmd/bltest/tests/sha224/plaintext0
 create mode 100644 nss/cmd/bltest/tests/sha224/plaintext1
 create mode 100644 nss/cmd/bltest/tests/sha256/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/sha256/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/sha256/numtests
 create mode 100644 nss/cmd/bltest/tests/sha256/plaintext0
 create mode 100644 nss/cmd/bltest/tests/sha256/plaintext1
 create mode 100644 nss/cmd/bltest/tests/sha384/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/sha384/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/sha384/numtests
 create mode 100644 nss/cmd/bltest/tests/sha384/plaintext0
 create mode 100644 nss/cmd/bltest/tests/sha384/plaintext1
 create mode 100644 nss/cmd/bltest/tests/sha512/ciphertext0
 create mode 100644 nss/cmd/bltest/tests/sha512/ciphertext1
 create mode 100644 nss/cmd/bltest/tests/sha512/numtests
 create mode 100644 nss/cmd/bltest/tests/sha512/plaintext0
 create mode 100644 nss/cmd/bltest/tests/sha512/plaintext1
 create mode 100644 nss/cmd/btoa/Makefile
 create mode 100644 nss/cmd/btoa/btoa.c
 create mode 100644 nss/cmd/btoa/btoa.gyp
 create mode 100644 nss/cmd/btoa/manifest.mn
 create mode 100644 nss/cmd/certcgi/HOWTO.txt
 create mode 100644 nss/cmd/certcgi/Makefile
 create mode 100644 nss/cmd/certcgi/ca.html
 create mode 100644 nss/cmd/certcgi/ca_form.html
 create mode 100644 nss/cmd/certcgi/certcgi.c
 create mode 100644 nss/cmd/certcgi/certcgi.gyp
 create mode 100644 nss/cmd/certcgi/index.html
 create mode 100644 nss/cmd/certcgi/main.html
 create mode 100644 nss/cmd/certcgi/manifest.mn
 create mode 100644 nss/cmd/certcgi/nscp_ext_form.html
 create mode 100644 nss/cmd/certcgi/stnd_ext_form.html
 create mode 100644 nss/cmd/certutil/Makefile
 create mode 100644 nss/cmd/certutil/certext.c
 create mode 100644 nss/cmd/certutil/certutil.c
 create mode 100644 nss/cmd/certutil/certutil.gyp
 create mode 100644 nss/cmd/certutil/certutil.h
 create mode 100644 nss/cmd/certutil/keystuff.c
 create mode 100644 nss/cmd/certutil/manifest.mn
 create mode 100644 nss/cmd/chktest/Makefile
 create mode 100644 nss/cmd/chktest/chktest.c
 create mode 100644 nss/cmd/chktest/chktest.gyp
 create mode 100644 nss/cmd/chktest/manifest.mn
 create mode 100644 nss/cmd/clientProof/.gitignore
 create mode 100644 nss/cmd/clientProof/.project
 create mode 100644 nss/cmd/clientProof/Makefile
 create mode 120000 nss/cmd/clientProof/client_db
 create mode 100644 nss/cmd/clientProof/main.c
 create mode 100644 nss/cmd/clientProof/manifest.mn
 create mode 100644 nss/cmd/crlutil/Makefile
 create mode 100644 nss/cmd/crlutil/crlgen.c
 create mode 100644 nss/cmd/crlutil/crlgen.h
 create mode 100644 nss/cmd/crlutil/crlgen_lex.c
 create mode 100644 nss/cmd/crlutil/crlgen_lex_fix.sed
 create mode 100644 nss/cmd/crlutil/crlgen_lex_orig.l
 create mode 100644 nss/cmd/crlutil/crlutil.c
 create mode 100644 nss/cmd/crlutil/crlutil.gyp
 create mode 100644 nss/cmd/crlutil/manifest.mn
 create mode 100644 nss/cmd/crmf-cgi/Makefile
 create mode 100644 nss/cmd/crmf-cgi/config.mk
 create mode 100644 nss/cmd/crmf-cgi/crmfcgi.c
 create mode 100644 nss/cmd/crmf-cgi/crmfcgi.html
 create mode 100644 nss/cmd/crmf-cgi/manifest.mn
 create mode 100644 nss/cmd/crmftest/Makefile
 create mode 100644 nss/cmd/crmftest/config.mk
 create mode 100644 nss/cmd/crmftest/crmftest.gyp
 create mode 100644 nss/cmd/crmftest/manifest.mn
 create mode 100644 nss/cmd/crmftest/testcrmf.c
 create mode 100644 nss/cmd/dbck/Makefile
 create mode 100644 nss/cmd/dbck/dbck.c
 create mode 100644 nss/cmd/dbck/dbrecover.c
 create mode 100644 nss/cmd/dbck/manifest.mn
 create mode 100644 nss/cmd/dbtest/Makefile
 create mode 100644 nss/cmd/dbtest/dbtest.c
 create mode 100644 nss/cmd/dbtest/dbtest.gyp
 create mode 100644 nss/cmd/dbtest/manifest.mn
 create mode 100644 nss/cmd/derdump/Makefile
 create mode 100644 nss/cmd/derdump/derdump.c
 create mode 100644 nss/cmd/derdump/derdump.gyp
 create mode 100644 nss/cmd/derdump/manifest.mn
 create mode 100644 nss/cmd/digest/Makefile
 create mode 100644 nss/cmd/digest/digest.c
 create mode 100644 nss/cmd/digest/digest.gyp
 create mode 100644 nss/cmd/digest/manifest.mn
 create mode 100644 nss/cmd/ecperf/Makefile
 create mode 100644 nss/cmd/ecperf/ecperf.c
 create mode 100644 nss/cmd/ecperf/ecperf.gyp
 create mode 100755 nss/cmd/ecperf/manifest.mn
 create mode 100644 nss/cmd/ectest/Makefile
 create mode 100644 nss/cmd/ectest/ectest.c
 create mode 100644 nss/cmd/ectest/manifest.mn
 create mode 100644 nss/cmd/ectest/testvecs.h
 create mode 100644 nss/cmd/fbectest/Makefile
 create mode 100644 nss/cmd/fbectest/fbectest.c
 create mode 100644 nss/cmd/fbectest/fbectest.gyp
 create mode 100644 nss/cmd/fbectest/manifest.mn
 create mode 100644 nss/cmd/fbectest/testvecs.h
 create mode 100755 nss/cmd/fipstest/Makefile
 create mode 100644 nss/cmd/fipstest/aes.sh
 create mode 100644 nss/cmd/fipstest/aesgcm.sh
 create mode 100755 nss/cmd/fipstest/dsa.sh
 create mode 100644 nss/cmd/fipstest/ecdsa.sh
 create mode 100644 nss/cmd/fipstest/fipstest.c
 create mode 100644 nss/cmd/fipstest/fipstest.gyp
 create mode 100755 nss/cmd/fipstest/hmac.sh
 create mode 100644 nss/cmd/fipstest/manifest.mn
 create mode 100644 nss/cmd/fipstest/rng.sh
 create mode 100644 nss/cmd/fipstest/rsa.sh
 create mode 100644 nss/cmd/fipstest/runtest.sh
 create mode 100644 nss/cmd/fipstest/sha.sh
 create mode 100644 nss/cmd/fipstest/tdea.sh
 create mode 100644 nss/cmd/fipstest/tls.sh
 create mode 100644 nss/cmd/fipstest/validate.sh
 create mode 100644 nss/cmd/fipstest/validate1.sh
 create mode 100644 nss/cmd/httpserv/Makefile
 create mode 100644 nss/cmd/httpserv/httpserv.c
 create mode 100644 nss/cmd/httpserv/httpserv.gyp
 create mode 100644 nss/cmd/httpserv/manifest.mn
 create mode 100644 nss/cmd/lib/Makefile
 create mode 100644 nss/cmd/lib/basicutil.c
 create mode 100644 nss/cmd/lib/basicutil.h
 create mode 100644 nss/cmd/lib/berparse.c
 create mode 100644 nss/cmd/lib/config.mk
 create mode 100644 nss/cmd/lib/derprint.c
 create mode 100644 nss/cmd/lib/exports.gyp
 create mode 100644 nss/cmd/lib/ffs.c
 create mode 100644 nss/cmd/lib/lib.gyp
 create mode 100644 nss/cmd/lib/manifest.mn
 create mode 100644 nss/cmd/lib/moreoids.c
 create mode 100644 nss/cmd/lib/pk11table.c
 create mode 100644 nss/cmd/lib/pk11table.h
 create mode 100644 nss/cmd/lib/pppolicy.c
 create mode 100644 nss/cmd/lib/secpwd.c
 create mode 100644 nss/cmd/lib/secutil.c
 create mode 100644 nss/cmd/lib/secutil.h
 create mode 100755 nss/cmd/libpkix/Makefile
 create mode 100644 nss/cmd/libpkix/config.mk
 create mode 100755 nss/cmd/libpkix/manifest.mn
 create mode 100755 nss/cmd/libpkix/perf/Makefile
 create mode 100644 nss/cmd/libpkix/perf/libpkix_buildthreads.c
 create mode 100755 nss/cmd/libpkix/perf/manifest.mn
 create mode 100644 nss/cmd/libpkix/perf/nss_threads.c
 create mode 100755 nss/cmd/libpkix/pkix/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/certsel/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/certsel/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/certsel/test_certselector.c
 create mode 100644 nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c
 create mode 100755 nss/cmd/libpkix/pkix/checker/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/checker/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/checker/test_certchainchecker.c
 create mode 100755 nss/cmd/libpkix/pkix/crlsel/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/crlsel/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c
 create mode 100644 nss/cmd/libpkix/pkix/crlsel/test_crlselector.c
 create mode 100755 nss/cmd/libpkix/pkix/manifest.mn
 create mode 100755 nss/cmd/libpkix/pkix/params/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/params/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/params/test_procparams.c
 create mode 100644 nss/cmd/libpkix/pkix/params/test_resourcelimits.c
 create mode 100644 nss/cmd/libpkix/pkix/params/test_trustanchor.c
 create mode 100644 nss/cmd/libpkix/pkix/params/test_valparams.c
 create mode 100755 nss/cmd/libpkix/pkix/results/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/results/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/results/test_buildresult.c
 create mode 100644 nss/cmd/libpkix/pkix/results/test_policynode.c
 create mode 100644 nss/cmd/libpkix/pkix/results/test_valresult.c
 create mode 100644 nss/cmd/libpkix/pkix/results/test_verifynode.c
 create mode 100755 nss/cmd/libpkix/pkix/store/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/store/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/store/test_store.c
 create mode 100755 nss/cmd/libpkix/pkix/top/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/top/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/top/test_basicchecker.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_buildchain.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_customcrlchecker.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_ocsp.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_policychecker.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_validatechain.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_validatechain_NB.c
 create mode 100644 nss/cmd/libpkix/pkix/top/test_validatechain_bc.c
 create mode 100755 nss/cmd/libpkix/pkix/util/Makefile
 create mode 100755 nss/cmd/libpkix/pkix/util/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix/util/test_error.c
 create mode 100644 nss/cmd/libpkix/pkix/util/test_list.c
 create mode 100644 nss/cmd/libpkix/pkix/util/test_list2.c
 create mode 100644 nss/cmd/libpkix/pkix/util/test_logger.c
 create mode 100755 nss/cmd/libpkix/pkix_pl/Makefile
 create mode 100755 nss/cmd/libpkix/pkix_pl/manifest.mn
 create mode 100755 nss/cmd/libpkix/pkix_pl/module/Makefile
 create mode 100755 nss/cmd/libpkix/pkix_pl/module/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/module/test_socket.c
 create mode 100755 nss/cmd/libpkix/pkix_pl/pki/Makefile
 create mode 100755 nss/cmd/libpkix/pkix_pl/pki/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_cert.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_crl.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_date.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_generalname.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/pki/test_x500name.c
 create mode 100755 nss/cmd/libpkix/pkix_pl/system/Makefile
 create mode 100755 nss/cmd/libpkix/pkix_pl/system/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/stress_test.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_bigint.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_bytearray.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_hashtable.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_mem.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_mutex.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_mutex2.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_mutex3.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_object.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_oid.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_rwlock.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_string.c
 create mode 100644 nss/cmd/libpkix/pkix_pl/system/test_string2.c
 create mode 100755 nss/cmd/libpkix/pkixlibs.mk
 create mode 100755 nss/cmd/libpkix/pkixrules.mk
 create mode 100644 nss/cmd/libpkix/pkixutil/Makefile
 create mode 100644 nss/cmd/libpkix/pkixutil/manifest.mn
 create mode 100644 nss/cmd/libpkix/pkixutil/pkixutil.c
 create mode 100755 nss/cmd/libpkix/sample_apps/Makefile
 create mode 100644 nss/cmd/libpkix/sample_apps/build_chain.c
 create mode 100644 nss/cmd/libpkix/sample_apps/dumpcert.c
 create mode 100644 nss/cmd/libpkix/sample_apps/dumpcrl.c
 create mode 100755 nss/cmd/libpkix/sample_apps/manifest.mn
 create mode 100644 nss/cmd/libpkix/sample_apps/validate_chain.c
 create mode 100755 nss/cmd/libpkix/testutil/Makefile
 create mode 100644 nss/cmd/libpkix/testutil/config.mk
 create mode 100755 nss/cmd/libpkix/testutil/manifest.mn
 create mode 100644 nss/cmd/libpkix/testutil/pkixutil.def
 create mode 100644 nss/cmd/libpkix/testutil/testutil.c
 create mode 100644 nss/cmd/libpkix/testutil/testutil.h
 create mode 100644 nss/cmd/libpkix/testutil/testutil_nss.c
 create mode 100644 nss/cmd/libpkix/testutil/testutil_nss.h
 create mode 100644 nss/cmd/listsuites/Makefile
 create mode 100644 nss/cmd/listsuites/listsuites.c
 create mode 100644 nss/cmd/listsuites/listsuites.gyp
 create mode 100644 nss/cmd/listsuites/manifest.mn
 create mode 100644 nss/cmd/lowhashtest/Makefile
 create mode 100644 nss/cmd/lowhashtest/lowhashtest.c
 create mode 100644 nss/cmd/lowhashtest/lowhashtest.gyp
 create mode 100644 nss/cmd/lowhashtest/manifest.mn
 create mode 100644 nss/cmd/makepqg/Makefile
 create mode 100644 nss/cmd/makepqg/makepqg.c
 create mode 100644 nss/cmd/makepqg/makepqg.gyp
 create mode 100644 nss/cmd/makepqg/manifest.mn
 create mode 100644 nss/cmd/makepqg/testit.ksh
 create mode 100644 nss/cmd/manifest.mn
 create mode 100644 nss/cmd/modutil/Makefile
 create mode 100644 nss/cmd/modutil/README
 create mode 100644 nss/cmd/modutil/error.h
 create mode 100644 nss/cmd/modutil/install-ds.c
 create mode 100644 nss/cmd/modutil/install-ds.h
 create mode 100644 nss/cmd/modutil/install.c
 create mode 100644 nss/cmd/modutil/install.h
 create mode 100644 nss/cmd/modutil/installparse.c
 create mode 100644 nss/cmd/modutil/installparse.h
 create mode 100644 nss/cmd/modutil/installparse.l
 create mode 100644 nss/cmd/modutil/installparse.y
 create mode 100644 nss/cmd/modutil/instsec.c
 create mode 100644 nss/cmd/modutil/lex.Pk11Install_yy.c
 create mode 100644 nss/cmd/modutil/manifest.mn
 create mode 100644 nss/cmd/modutil/modutil.c
 create mode 100644 nss/cmd/modutil/modutil.gyp
 create mode 100644 nss/cmd/modutil/modutil.h
 create mode 100644 nss/cmd/modutil/pk11.c
 create mode 100644 nss/cmd/modutil/pk11jar.html
 create mode 100644 nss/cmd/modutil/rules.mk
 create mode 100644 nss/cmd/modutil/specification.html
 create mode 100644 nss/cmd/mpitests/mpi-test.c
 create mode 100644 nss/cmd/mpitests/mpitests.gyp
 create mode 100644 nss/cmd/mpitests/test-info.c
 create mode 100644 nss/cmd/multinit/Makefile
 create mode 100644 nss/cmd/multinit/manifest.mn
 create mode 100644 nss/cmd/multinit/multinit.c
 create mode 100644 nss/cmd/multinit/multinit.gyp
 create mode 100644 nss/cmd/ocspclnt/Makefile
 create mode 100644 nss/cmd/ocspclnt/manifest.mn
 create mode 100644 nss/cmd/ocspclnt/ocspclnt.c
 create mode 100644 nss/cmd/ocspclnt/ocspclnt.gyp
 create mode 100644 nss/cmd/ocspresp/Makefile
 create mode 100644 nss/cmd/ocspresp/manifest.mn
 create mode 100644 nss/cmd/ocspresp/ocspresp.c
 create mode 100644 nss/cmd/ocspresp/ocspresp.gyp
 create mode 100644 nss/cmd/oidcalc/Makefile
 create mode 100644 nss/cmd/oidcalc/manifest.mn
 create mode 100644 nss/cmd/oidcalc/oidcalc.c
 create mode 100644 nss/cmd/oidcalc/oidcalc.gyp
 create mode 100644 nss/cmd/p7content/Makefile
 create mode 100644 nss/cmd/p7content/manifest.mn
 create mode 100644 nss/cmd/p7content/p7content.c
 create mode 100644 nss/cmd/p7content/p7content.gyp
 create mode 100644 nss/cmd/p7env/Makefile
 create mode 100644 nss/cmd/p7env/manifest.mn
 create mode 100644 nss/cmd/p7env/p7env.c
 create mode 100644 nss/cmd/p7env/p7env.gyp
 create mode 100644 nss/cmd/p7sign/Makefile
 create mode 100644 nss/cmd/p7sign/manifest.mn
 create mode 100644 nss/cmd/p7sign/p7sign.c
 create mode 100644 nss/cmd/p7sign/p7sign.gyp
 create mode 100644 nss/cmd/p7verify/Makefile
 create mode 100644 nss/cmd/p7verify/manifest.mn
 create mode 100644 nss/cmd/p7verify/p7verify.c
 create mode 100644 nss/cmd/p7verify/p7verify.gyp
 create mode 100644 nss/cmd/perfclient/Makefile
 create mode 120000 nss/cmd/perfclient/client_db
 create mode 100644 nss/cmd/perfclient/main.c
 create mode 100644 nss/cmd/perfclient/manifest.mn
 create mode 100644 nss/cmd/perfserver/Makefile
 create mode 100644 nss/cmd/perfserver/main.c
 create mode 100644 nss/cmd/perfserver/manifest.mn
 create mode 120000 nss/cmd/perfserver/server_db
 create mode 100644 nss/cmd/pk11ectest/Makefile
 create mode 100644 nss/cmd/pk11ectest/manifest.mn
 create mode 100644 nss/cmd/pk11ectest/pk11ectest.c
 create mode 100644 nss/cmd/pk11ectest/pk11ectest.gyp
 create mode 100755 nss/cmd/pk11gcmtest/Makefile
 create mode 100644 nss/cmd/pk11gcmtest/manifest.mn
 create mode 100644 nss/cmd/pk11gcmtest/pk11gcmtest.c
 create mode 100644 nss/cmd/pk11gcmtest/pk11gcmtest.gyp
 create mode 100644 nss/cmd/pk11gcmtest/tests/README
 create mode 100644 nss/cmd/pk11gcmtest/tests/gcmDecrypt128.rsp
 create mode 100644 nss/cmd/pk11gcmtest/tests/gcmDecrypt192.rsp
 create mode 100644 nss/cmd/pk11gcmtest/tests/gcmDecrypt256.rsp
 create mode 100644 nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV128.rsp
 create mode 100644 nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV192.rsp
 create mode 100644 nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV256.rsp
 create mode 100755 nss/cmd/pk11mode/Makefile
 create mode 100644 nss/cmd/pk11mode/manifest.mn
 create mode 100644 nss/cmd/pk11mode/pk11mode.c
 create mode 100644 nss/cmd/pk11mode/pk11mode.gyp
 create mode 100644 nss/cmd/pk11util/Makefile
 create mode 100644 nss/cmd/pk11util/manifest.mn
 create mode 100644 nss/cmd/pk11util/pk11util.c
 create mode 100644 nss/cmd/pk11util/scripts/dosign
 create mode 100644 nss/cmd/pk11util/scripts/hssign
 create mode 100644 nss/cmd/pk11util/scripts/lcert
 create mode 100644 nss/cmd/pk11util/scripts/mechanisms
 create mode 100644 nss/cmd/pk11util/scripts/pLabel1
 create mode 100644 nss/cmd/pk11util/scripts/pMechanisms
 create mode 100644 nss/cmd/pk11util/scripts/pcert
 create mode 100644 nss/cmd/pk12util/Makefile
 create mode 100644 nss/cmd/pk12util/manifest.mn
 create mode 100644 nss/cmd/pk12util/pk12util.c
 create mode 100644 nss/cmd/pk12util/pk12util.gyp
 create mode 100644 nss/cmd/pk12util/pk12util.h
 create mode 100644 nss/cmd/pk1sign/Makefile
 create mode 100644 nss/cmd/pk1sign/manifest.mn
 create mode 100644 nss/cmd/pk1sign/pk1sign.c
 create mode 100644 nss/cmd/pk1sign/pk1sign.gyp
 create mode 100644 nss/cmd/pkix-errcodes/Makefile
 create mode 100644 nss/cmd/pkix-errcodes/manifest.mn
 create mode 100644 nss/cmd/pkix-errcodes/pkix-errcodes.c
 create mode 100644 nss/cmd/pkix-errcodes/pkix-errcodes.gyp
 create mode 100644 nss/cmd/platlibs.gypi
 create mode 100644 nss/cmd/platlibs.mk
 create mode 100644 nss/cmd/platrules.mk
 create mode 100644 nss/cmd/pp/Makefile
 create mode 100644 nss/cmd/pp/manifest.mn
 create mode 100644 nss/cmd/pp/pp.c
 create mode 100644 nss/cmd/pp/pp.gyp
 create mode 100644 nss/cmd/ppcertdata/Makefile
 create mode 100644 nss/cmd/ppcertdata/manifest.mn
 create mode 100644 nss/cmd/ppcertdata/ppcertdata.c
 create mode 100644 nss/cmd/proofgen/.gitignore
 create mode 100644 nss/cmd/proofgen/Makefile
 create mode 120000 nss/cmd/proofgen/client_db
 create mode 100644 nss/cmd/proofgen/main.c
 create mode 100644 nss/cmd/proofgen/manifest.mn
 create mode 100644 nss/cmd/pwdecrypt/Makefile
 create mode 100644 nss/cmd/pwdecrypt/manifest.mn
 create mode 100644 nss/cmd/pwdecrypt/pwdecrypt.c
 create mode 100644 nss/cmd/pwdecrypt/pwdecrypt.gyp
 create mode 100644 nss/cmd/randtrafficClient/Makefile
 create mode 120000 nss/cmd/randtrafficClient/client_db
 create mode 100644 nss/cmd/randtrafficClient/main.c
 create mode 100644 nss/cmd/randtrafficClient/manifest.mn
 create mode 100644 nss/cmd/randtrafficServer/Makefile
 create mode 100644 nss/cmd/randtrafficServer/main.c
 create mode 100644 nss/cmd/randtrafficServer/manifest.mn
 create mode 120000 nss/cmd/randtrafficServer/server_db
 create mode 100644 nss/cmd/replayClient/.gitignore
 create mode 100644 nss/cmd/replayClient/Makefile
 create mode 120000 nss/cmd/replayClient/client_db
 create mode 100644 nss/cmd/replayClient/main.c
 create mode 100644 nss/cmd/replayClient/manifest.mn
 create mode 100644 nss/cmd/replayClient/messages.txt
 create mode 100644 nss/cmd/replayServer/Makefile
 create mode 100644 nss/cmd/replayServer/main.c
 create mode 100644 nss/cmd/replayServer/manifest.mn
 create mode 120000 nss/cmd/replayServer/server_db
 create mode 100644 nss/cmd/rsaperf/Makefile
 create mode 100644 nss/cmd/rsaperf/defkey.c
 create mode 100644 nss/cmd/rsaperf/manifest.mn
 create mode 100644 nss/cmd/rsaperf/rsaperf.c
 create mode 100644 nss/cmd/rsaperf/rsaperf.gyp
 create mode 100644 nss/cmd/rsapoptst/Makefile
 create mode 100644 nss/cmd/rsapoptst/manifest.mn
 create mode 100644 nss/cmd/rsapoptst/rsapoptst.c
 create mode 100644 nss/cmd/samples/cert
 create mode 100644 nss/cmd/samples/cert0
 create mode 100644 nss/cmd/samples/cert1
 create mode 100644 nss/cmd/samples/cert2
 create mode 100644 nss/cmd/samples/pkcs7.ber
 create mode 100644 nss/cmd/samples/pkcs7bday.ber
 create mode 100644 nss/cmd/samples/pkcs7cnet.ber
 create mode 100644 nss/cmd/samples/pkcs7news.ber
 create mode 100644 nss/cmd/samples/x509v3.der
 create mode 100644 nss/cmd/samples/x509v3.txt
 create mode 100644 nss/cmd/sdrtest/Makefile
 create mode 100644 nss/cmd/sdrtest/manifest.mn
 create mode 100644 nss/cmd/sdrtest/sdrtest.c
 create mode 100644 nss/cmd/sdrtest/sdrtest.gyp
 create mode 100644 nss/cmd/selfserv/Makefile
 create mode 100644 nss/cmd/selfserv/manifest.mn
 create mode 100644 nss/cmd/selfserv/selfserv.c
 create mode 100644 nss/cmd/selfserv/selfserv.gyp
 create mode 100644 nss/cmd/serverProof/.cproject
 create mode 100644 nss/cmd/serverProof/.project
 create mode 100644 nss/cmd/serverProof/Makefile
 create mode 100644 nss/cmd/serverProof/main.c
 create mode 100644 nss/cmd/serverProof/manifest.mn
 create mode 120000 nss/cmd/serverProof/server_db
 create mode 100644 nss/cmd/shlibsign/Makefile
 create mode 100644 nss/cmd/shlibsign/mangle/Makefile
 create mode 100644 nss/cmd/shlibsign/mangle/mangle.c
 create mode 100644 nss/cmd/shlibsign/mangle/mangle.gyp
 create mode 100644 nss/cmd/shlibsign/mangle/manifest.mn
 create mode 100644 nss/cmd/shlibsign/manifest.mn
 create mode 100644 nss/cmd/shlibsign/shlibsign.c
 create mode 100644 nss/cmd/shlibsign/shlibsign.gyp
 create mode 100644 nss/cmd/shlibsign/sign.cmd
 create mode 100644 nss/cmd/shlibsign/sign.sh
 create mode 100644 nss/cmd/signtool/Makefile
 create mode 100644 nss/cmd/signtool/README
 create mode 100644 nss/cmd/signtool/certgen.c
 create mode 100644 nss/cmd/signtool/javascript.c
 create mode 100644 nss/cmd/signtool/list.c
 create mode 100644 nss/cmd/signtool/manifest.mn
 create mode 100644 nss/cmd/signtool/sign.c
 create mode 100644 nss/cmd/signtool/signtool.c
 create mode 100644 nss/cmd/signtool/signtool.gyp
 create mode 100644 nss/cmd/signtool/signtool.h
 create mode 100644 nss/cmd/signtool/util.c
 create mode 100644 nss/cmd/signtool/verify.c
 create mode 100644 nss/cmd/signtool/zip.c
 create mode 100644 nss/cmd/signtool/zip.h
 create mode 100644 nss/cmd/signver/Makefile
 create mode 100755 nss/cmd/signver/examples/1/form.pl
 create mode 100644 nss/cmd/signver/examples/1/signedForm.html
 create mode 100644 nss/cmd/signver/examples/1/signedForm.nt.html
 create mode 100755 nss/cmd/signver/examples/1/signedForm.pl
 create mode 100644 nss/cmd/signver/manifest.mn
 create mode 100644 nss/cmd/signver/pk7print.c
 create mode 100644 nss/cmd/signver/signver.c
 create mode 100644 nss/cmd/signver/signver.gyp
 create mode 100644 nss/cmd/smimetools/Makefile
 create mode 100644 nss/cmd/smimetools/cmsutil.c
 create mode 100644 nss/cmd/smimetools/manifest.mn
 create mode 100644 nss/cmd/smimetools/rules.mk
 create mode 100755 nss/cmd/smimetools/smime
 create mode 100644 nss/cmd/smimetools/smimetools.gyp
 create mode 100644 nss/cmd/ssltap/Makefile
 create mode 100644 nss/cmd/ssltap/manifest.mn
 create mode 100644 nss/cmd/ssltap/ssltap-manual.html
 create mode 100644 nss/cmd/ssltap/ssltap.c
 create mode 100644 nss/cmd/ssltap/ssltap.gyp
 create mode 100644 nss/cmd/strsclnt/Makefile
 create mode 100644 nss/cmd/strsclnt/manifest.mn
 create mode 100644 nss/cmd/strsclnt/strsclnt.c
 create mode 100644 nss/cmd/strsclnt/strsclnt.gyp
 create mode 100644 nss/cmd/symkeyutil/Makefile
 create mode 100644 nss/cmd/symkeyutil/manifest.mn
 create mode 100644 nss/cmd/symkeyutil/symkey.man
 create mode 100644 nss/cmd/symkeyutil/symkeyutil.c
 create mode 100644 nss/cmd/symkeyutil/symkeyutil.gyp
 create mode 100644 nss/cmd/test/Makefile
 create mode 120000 nss/cmd/test/client_db
 create mode 100644 nss/cmd/test/main.c
 create mode 100644 nss/cmd/test/manifest.mn
 create mode 100644 nss/cmd/tests/Makefile
 create mode 100644 nss/cmd/tests/baddbdir.c
 create mode 100644 nss/cmd/tests/conflict.c
 create mode 100644 nss/cmd/tests/dertimetest.c
 create mode 100644 nss/cmd/tests/encodeinttest.c
 create mode 100644 nss/cmd/tests/manifest.mn
 create mode 100644 nss/cmd/tests/nonspr10.c
 create mode 100644 nss/cmd/tests/remtest.c
 create mode 100644 nss/cmd/tests/secmodtest.c
 create mode 100644 nss/cmd/tests/tests.gyp
 create mode 100644 nss/cmd/tstclnt/Makefile
 create mode 100644 nss/cmd/tstclnt/manifest.mn
 create mode 100644 nss/cmd/tstclnt/tstclnt.c
 create mode 100644 nss/cmd/tstclnt/tstclnt.gyp
 create mode 100644 nss/cmd/verifier/.gitignore
 create mode 100644 nss/cmd/verifier/Makefile
 create mode 120000 nss/cmd/verifier/client_db
 create mode 100644 nss/cmd/verifier/main.c
 create mode 100644 nss/cmd/verifier/manifest.mn
 create mode 100644 nss/cmd/vfychain/Makefile
 create mode 100644 nss/cmd/vfychain/manifest.mn
 create mode 100644 nss/cmd/vfychain/vfychain.c
 create mode 100644 nss/cmd/vfychain/vfychain.gyp
 create mode 100644 nss/cmd/vfyserv/Makefile
 create mode 100644 nss/cmd/vfyserv/manifest.mn
 create mode 100644 nss/cmd/vfyserv/vfyserv.c
 create mode 100644 nss/cmd/vfyserv/vfyserv.gyp
 create mode 100644 nss/cmd/vfyserv/vfyserv.h
 create mode 100644 nss/cmd/vfyserv/vfyutil.c
 create mode 100644 nss/coreconf/AIX.mk
 create mode 100644 nss/coreconf/Android.mk
 create mode 100644 nss/coreconf/BSD_OS.mk
 create mode 100644 nss/coreconf/BeOS.mk
 create mode 100644 nss/coreconf/Darwin.mk
 create mode 100644 nss/coreconf/FreeBSD.mk
 create mode 100644 nss/coreconf/HP-UX.mk
 create mode 100644 nss/coreconf/HP-UXA.09.03.mk
 create mode 100644 nss/coreconf/HP-UXA.09.07.mk
 create mode 100644 nss/coreconf/HP-UXA.09.mk
 create mode 100644 nss/coreconf/HP-UXB.10.01.mk
 create mode 100644 nss/coreconf/HP-UXB.10.10.mk
 create mode 100644 nss/coreconf/HP-UXB.10.20.mk
 create mode 100644 nss/coreconf/HP-UXB.10.30.mk
 create mode 100644 nss/coreconf/HP-UXB.10.mk
 create mode 100644 nss/coreconf/HP-UXB.11.00.mk
 create mode 100644 nss/coreconf/HP-UXB.11.11.mk
 create mode 100644 nss/coreconf/HP-UXB.11.20.mk
 create mode 100644 nss/coreconf/HP-UXB.11.22.mk
 create mode 100644 nss/coreconf/HP-UXB.11.23.mk
 create mode 100644 nss/coreconf/HP-UXB.11.mk
 create mode 100644 nss/coreconf/IRIX.mk
 create mode 100644 nss/coreconf/IRIX5.2.mk
 create mode 100644 nss/coreconf/IRIX5.3.mk
 create mode 100644 nss/coreconf/IRIX5.mk
 create mode 100644 nss/coreconf/IRIX6.2.mk
 create mode 100644 nss/coreconf/IRIX6.3.mk
 create mode 100644 nss/coreconf/IRIX6.5.mk
 create mode 100644 nss/coreconf/IRIX6.mk
 create mode 100644 nss/coreconf/Linux.mk
 create mode 100644 nss/coreconf/Makefile
 create mode 100644 nss/coreconf/NCR3.0.mk
 create mode 100644 nss/coreconf/NEC4.2.mk
 create mode 100644 nss/coreconf/NetBSD.mk
 create mode 100644 nss/coreconf/OS2.mk
 create mode 100644 nss/coreconf/OSF1.mk
 create mode 100644 nss/coreconf/OSF1V2.0.mk
 create mode 100644 nss/coreconf/OSF1V3.0.mk
 create mode 100644 nss/coreconf/OSF1V3.2.mk
 create mode 100644 nss/coreconf/OSF1V4.0.mk
 create mode 100644 nss/coreconf/OSF1V4.0B.mk
 create mode 100644 nss/coreconf/OSF1V4.0D.mk
 create mode 100644 nss/coreconf/OSF1V5.0.mk
 create mode 100644 nss/coreconf/OSF1V5.1.mk
 create mode 100644 nss/coreconf/OpenBSD.mk
 create mode 100644 nss/coreconf/OpenUNIX.mk
 create mode 100644 nss/coreconf/QNX.mk
 create mode 100644 nss/coreconf/README
 create mode 100644 nss/coreconf/RISCOS.mk
 create mode 100644 nss/coreconf/ReliantUNIX.mk
 create mode 100644 nss/coreconf/ReliantUNIX5.4.mk
 create mode 100644 nss/coreconf/SCOOS5.0.mk
 create mode 100644 nss/coreconf/SCO_SV3.2.mk
 create mode 100644 nss/coreconf/SunOS4.1.3_U1.mk
 create mode 100644 nss/coreconf/SunOS5.mk
 create mode 100644 nss/coreconf/UNIX.mk
 create mode 100644 nss/coreconf/UNIXWARE2.1.mk
 create mode 100644 nss/coreconf/WIN32.mk
 create mode 100644 nss/coreconf/WIN95.mk
 create mode 100644 nss/coreconf/WINNT.mk
 create mode 100644 nss/coreconf/Werror.mk
 create mode 100644 nss/coreconf/arch.mk
 create mode 100644 nss/coreconf/check_cc_clang.py
 create mode 100644 nss/coreconf/command.mk
 create mode 100644 nss/coreconf/config.gypi
 create mode 100644 nss/coreconf/config.mk
 create mode 100644 nss/coreconf/coreconf.dep
 create mode 100644 nss/coreconf/coreconf.pl
 create mode 100755 nss/coreconf/cpdist.pl
 create mode 100644 nss/coreconf/detect_host_arch.py
 create mode 100644 nss/coreconf/empty.c
 create mode 100644 nss/coreconf/fuzz.sh
 create mode 100644 nss/coreconf/headers.mk
 create mode 100755 nss/coreconf/import.pl
 create mode 100644 nss/coreconf/jdk.mk
 create mode 100755 nss/coreconf/jniregen.pl
 create mode 100644 nss/coreconf/location.mk
 create mode 100644 nss/coreconf/mkdepend/Makefile
 create mode 100644 nss/coreconf/mkdepend/cppsetup.c
 create mode 100644 nss/coreconf/mkdepend/def.h
 create mode 100644 nss/coreconf/mkdepend/ifparser.c
 create mode 100644 nss/coreconf/mkdepend/ifparser.h
 create mode 100644 nss/coreconf/mkdepend/imakemdep.h
 create mode 100644 nss/coreconf/mkdepend/include.c
 create mode 100644 nss/coreconf/mkdepend/main.c
 create mode 100644 nss/coreconf/mkdepend/mkdepend.man
 create mode 100644 nss/coreconf/mkdepend/parse.c
 create mode 100644 nss/coreconf/mkdepend/pr.c
 create mode 100644 nss/coreconf/module.mk
 create mode 100644 nss/coreconf/nsinstall/Makefile
 create mode 100644 nss/coreconf/nsinstall/nsinstall.c
 create mode 100644 nss/coreconf/nsinstall/nsinstall.gyp
 create mode 100644 nss/coreconf/nsinstall/pathsub.c
 create mode 100644 nss/coreconf/nsinstall/pathsub.h
 create mode 100644 nss/coreconf/nsinstall/sunos4.h
 create mode 100644 nss/coreconf/nspr.sh
 create mode 100755 nss/coreconf/outofdate.pl
 create mode 100755 nss/coreconf/precommit.clang-format.sh
 create mode 100644 nss/coreconf/prefix.mk
 create mode 100755 nss/coreconf/release.pl
 create mode 100644 nss/coreconf/rules.mk
 create mode 100644 nss/coreconf/ruleset.mk
 create mode 100644 nss/coreconf/sanitizers.mk
 create mode 100644 nss/coreconf/sanitizers.py
 create mode 100644 nss/coreconf/sanitizers.sh
 create mode 100644 nss/coreconf/shlibsign.py
 create mode 100644 nss/coreconf/source.mk
 create mode 100644 nss/coreconf/suffix.mk
 create mode 100644 nss/coreconf/tree.mk
 create mode 100644 nss/coreconf/version.mk
 create mode 100644 nss/coreconf/version.pl
 create mode 100644 nss/coreconf/werror.py
 create mode 100644 nss/coreconf/zlib.mk
 create mode 100644 nss/cpputil/.clang-format
 create mode 100644 nss/cpputil/README
 create mode 100644 nss/cpputil/cpputil.gyp
 create mode 100644 nss/cpputil/dummy_io.cc
 create mode 100644 nss/cpputil/dummy_io.h
 create mode 100644 nss/cpputil/dummy_io_fwd.cc
 create mode 100644 nss/cpputil/scoped_ptrs.h
 create mode 100644 nss/doc/.hgignore
 create mode 100644 nss/doc/Makefile
 create mode 100644 nss/doc/README
 create mode 100644 nss/doc/certutil.xml
 create mode 100644 nss/doc/cmsutil.xml
 create mode 100644 nss/doc/crlutil.xml
 create mode 100644 nss/doc/derdump.xml
 create mode 100644 nss/doc/html/.hgignore
 create mode 100644 nss/doc/html/certutil.html
 create mode 100644 nss/doc/html/cmsutil.html
 create mode 100644 nss/doc/html/crlutil.html
 create mode 100644 nss/doc/html/derdump.html
 create mode 100644 nss/doc/html/modutil.html
 create mode 100644 nss/doc/html/pk12util.html
 create mode 100644 nss/doc/html/pp.html
 create mode 100644 nss/doc/html/signtool.html
 create mode 100644 nss/doc/html/signver.html
 create mode 100644 nss/doc/html/ssltap.html
 create mode 100644 nss/doc/html/vfychain.html
 create mode 100644 nss/doc/html/vfyserv.html
 create mode 100644 nss/doc/modutil.xml
 create mode 100644 nss/doc/nroff/certutil.1
 create mode 100644 nss/doc/nroff/cmsutil.1
 create mode 100644 nss/doc/nroff/crlutil.1
 create mode 100644 nss/doc/nroff/derdump.1
 create mode 100644 nss/doc/nroff/modutil.1
 create mode 100644 nss/doc/nroff/pk12util.1
 create mode 100644 nss/doc/nroff/pp.1
 create mode 100644 nss/doc/nroff/signtool.1
 create mode 100644 nss/doc/nroff/signver.1
 create mode 100644 nss/doc/nroff/ssltap.1
 create mode 100644 nss/doc/nroff/vfychain.1
 create mode 100644 nss/doc/nroff/vfyserv.1
 create mode 100644 nss/doc/pk12util.xml
 create mode 100644 nss/doc/pp.xml
 create mode 100644 nss/doc/signtool.xml
 create mode 100644 nss/doc/signver.xml
 create mode 100644 nss/doc/ssltap.xml
 create mode 100644 nss/doc/vfychain.xml
 create mode 100644 nss/doc/vfyserv.xml
 create mode 100644 nss/exports.gyp
 create mode 100644 nss/external_tests/.clang-format
 create mode 100644 nss/external_tests/Makefile
 create mode 100644 nss/external_tests/README
 create mode 100644 nss/external_tests/common/Makefile
 create mode 100644 nss/external_tests/common/gtest.mk
 create mode 100644 nss/external_tests/common/gtests.cc
 create mode 100644 nss/external_tests/common/manifest.mn
 create mode 100644 nss/external_tests/common/scoped_ptrs.h
 create mode 100644 nss/external_tests/der_gtest/Makefile
 create mode 100644 nss/external_tests/der_gtest/der_getint_unittest.cc
 create mode 100644 nss/external_tests/der_gtest/manifest.mn
 create mode 100644 nss/external_tests/google_test/Makefile
 create mode 100644 nss/external_tests/google_test/gtest/CHANGES
 create mode 100644 nss/external_tests/google_test/gtest/CMakeLists.txt
 create mode 100644 nss/external_tests/google_test/gtest/CONTRIBUTORS
 create mode 100644 nss/external_tests/google_test/gtest/LICENSE
 create mode 100644 nss/external_tests/google_test/gtest/Makefile.am
 create mode 100644 nss/external_tests/google_test/gtest/README
 create mode 100644 nss/external_tests/google_test/gtest/build-aux/.keep
 create mode 100644 nss/external_tests/google_test/gtest/cmake/internal_utils.cmake
 create mode 100644 nss/external_tests/google_test/gtest/codegear/gtest.cbproj
 create mode 100644 nss/external_tests/google_test/gtest/codegear/gtest.groupproj
 create mode 100644 nss/external_tests/google_test/gtest/codegear/gtest_all.cc
 create mode 100644 nss/external_tests/google_test/gtest/codegear/gtest_link.cc
 create mode 100644 nss/external_tests/google_test/gtest/codegear/gtest_main.cbproj
 create mode 100644 nss/external_tests/google_test/gtest/codegear/gtest_unittest.cbproj
 create mode 100644 nss/external_tests/google_test/gtest/configure.ac
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-death-test.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-message.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h.pump
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-printers.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-spi.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-test-part.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest-typed-test.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest_pred_impl.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/gtest_prod.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-filepath.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-port.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-string.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h
 create mode 100644 nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
 create mode 100644 nss/external_tests/google_test/gtest/m4/acx_pthread.m4
 create mode 100644 nss/external_tests/google_test/gtest/m4/gtest.m4
 create mode 100644 nss/external_tests/google_test/gtest/make/Makefile
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest-md.sln
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest-md.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest.sln
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest_main-md.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest_main.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest_prod_test.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest_unittest-md.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/msvc/gtest_unittest.vcproj
 create mode 100644 nss/external_tests/google_test/gtest/samples/prime_tables.h
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample1.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample1.h
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample10_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample1_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample2.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample2.h
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample2_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample3-inl.h
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample3_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample4.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample4.h
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample4_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample5_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample6_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample7_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample8_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/samples/sample9_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/scripts/common.py
 create mode 100755 nss/external_tests/google_test/gtest/scripts/fuse_gtest_files.py
 create mode 100755 nss/external_tests/google_test/gtest/scripts/gen_gtest_pred_impl.py
 create mode 100755 nss/external_tests/google_test/gtest/scripts/gtest-config.in
 create mode 100755 nss/external_tests/google_test/gtest/scripts/pump.py
 create mode 100755 nss/external_tests/google_test/gtest/scripts/release_docs.py
 create mode 100644 nss/external_tests/google_test/gtest/scripts/test/Makefile
 create mode 100755 nss/external_tests/google_test/gtest/scripts/upload.py
 create mode 100755 nss/external_tests/google_test/gtest/scripts/upload_gtest.py
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-all.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-death-test.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-filepath.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-internal-inl.h
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-port.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-printers.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-test-part.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest-typed-test.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest.cc
 create mode 100644 nss/external_tests/google_test/gtest/src/gtest_main.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-death-test_ex_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-death-test_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-filepath_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-linked_ptr_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-listener_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-message_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-options_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-param-test2_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-param-test_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-param-test_test.h
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-port_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-printers_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-test-part_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-tuple_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-typed-test2_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-typed-test_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-typed-test_test.h
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest-unittest-api_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_all_test.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_color_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_color_test_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_env_var_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_env_var_test_.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_environment_test.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_filter_unittest.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_filter_unittest_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_help_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_help_test_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest_.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_main_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_no_test_unittest.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_output_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_output_test_.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_output_test_golden_lin.txt
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_pred_impl_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_premature_exit_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_prod_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_repeat_test.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_shuffle_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_shuffle_test_.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_sole_header_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_stress_test.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_test_utils.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_uninitialized_test.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_uninitialized_test_.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_unittest.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_xml_outfiles_test.py
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest.py
 create mode 100644 nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest_.cc
 create mode 100755 nss/external_tests/google_test/gtest/test/gtest_xml_test_utils.py
 create mode 100644 nss/external_tests/google_test/gtest/test/production.cc
 create mode 100644 nss/external_tests/google_test/gtest/test/production.h
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Config/DebugProject.xcconfig
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Config/General.xcconfig
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Config/TestTarget.xcconfig
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Resources/Info.plist
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Scripts/runtests.sh
 create mode 100644 nss/external_tests/google_test/gtest/xcode/Scripts/versiongenerate.py
 create mode 100644 nss/external_tests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
 create mode 100644 nss/external_tests/google_test/manifest.mn
 create mode 100644 nss/external_tests/manifest.mn
 create mode 100644 nss/external_tests/nss_bogo_shim/Makefile
 create mode 100644 nss/external_tests/nss_bogo_shim/config.cc
 create mode 100644 nss/external_tests/nss_bogo_shim/config.h
 create mode 100644 nss/external_tests/nss_bogo_shim/config.json
 create mode 100644 nss/external_tests/nss_bogo_shim/manifest.mn
 create mode 100644 nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
 create mode 100644 nss/external_tests/nss_bogo_shim/nsskeys.cc
 create mode 100644 nss/external_tests/nss_bogo_shim/nsskeys.h
 create mode 100644 nss/external_tests/pk11_gtest/Makefile
 create mode 100644 nss/external_tests/pk11_gtest/manifest.mn
 create mode 100644 nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
 create mode 100644 nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
 create mode 100644 nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
 create mode 100644 nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
 create mode 100644 nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/Makefile
 create mode 100644 nss/external_tests/ssl_gtest/databuffer.h
 create mode 100644 nss/external_tests/ssl_gtest/gtest_utils.h
 create mode 100644 nss/external_tests/ssl_gtest/libssl_internals.c
 create mode 100644 nss/external_tests/ssl_gtest/libssl_internals.h
 create mode 100644 nss/external_tests/ssl_gtest/manifest.mn
 create mode 100644 nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_damage_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_drop_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_ems_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_gtest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_hrr_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_record_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/ssl_version_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/test_io.cc
 create mode 100644 nss/external_tests/ssl_gtest/test_io.h
 create mode 100644 nss/external_tests/ssl_gtest/tls_agent.cc
 create mode 100644 nss/external_tests/ssl_gtest/tls_agent.h
 create mode 100644 nss/external_tests/ssl_gtest/tls_connect.cc
 create mode 100644 nss/external_tests/ssl_gtest/tls_connect.h
 create mode 100644 nss/external_tests/ssl_gtest/tls_filter.cc
 create mode 100644 nss/external_tests/ssl_gtest/tls_filter.h
 create mode 100644 nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc
 create mode 100644 nss/external_tests/ssl_gtest/tls_parser.cc
 create mode 100644 nss/external_tests/ssl_gtest/tls_parser.h
 create mode 100644 nss/external_tests/util_gtest/Makefile
 create mode 100644 nss/external_tests/util_gtest/manifest.mn
 create mode 100644 nss/external_tests/util_gtest/util_utf8_unittest.cc
 create mode 100644 nss/fuzz/.clang-format
 create mode 100644 nss/fuzz/asn1_mutators.cc
 create mode 100644 nss/fuzz/asn1_mutators.h
 create mode 100644 nss/fuzz/certDN.options
 create mode 100644 nss/fuzz/certDN_target.cc
 create mode 100755 nss/fuzz/clone_corpus.sh
 create mode 100755 nss/fuzz/clone_libfuzzer.sh
 create mode 100644 nss/fuzz/fuzz.gyp
 create mode 100755 nss/fuzz/git-copy.sh
 create mode 100644 nss/fuzz/mpi-add.options
 create mode 100644 nss/fuzz/mpi-addmod.options
 create mode 100644 nss/fuzz/mpi-div.options
 create mode 100644 nss/fuzz/mpi-expmod.options
 create mode 100644 nss/fuzz/mpi-invmod.options
 create mode 100644 nss/fuzz/mpi-mod.options
 create mode 100644 nss/fuzz/mpi-mulmod.options
 create mode 100644 nss/fuzz/mpi-sqr.options
 create mode 100644 nss/fuzz/mpi-sqrmod.options
 create mode 100644 nss/fuzz/mpi-sub.options
 create mode 100644 nss/fuzz/mpi-submod.options
 create mode 100644 nss/fuzz/mpi_add_target.cc
 create mode 100644 nss/fuzz/mpi_addmod_target.cc
 create mode 100644 nss/fuzz/mpi_div_target.cc
 create mode 100644 nss/fuzz/mpi_expmod_target.cc
 create mode 100644 nss/fuzz/mpi_helper.cc
 create mode 100644 nss/fuzz/mpi_helper.h
 create mode 100644 nss/fuzz/mpi_invmod_target.cc
 create mode 100644 nss/fuzz/mpi_mod_target.cc
 create mode 100644 nss/fuzz/mpi_mulmod_target.cc
 create mode 100644 nss/fuzz/mpi_sqr_target.cc
 create mode 100644 nss/fuzz/mpi_sqrmod_target.cc
 create mode 100644 nss/fuzz/mpi_sub_target.cc
 create mode 100644 nss/fuzz/mpi_submod_target.cc
 create mode 100644 nss/fuzz/pkcs8_target.cc
 create mode 100644 nss/fuzz/quickder.options
 create mode 100644 nss/fuzz/quickder_target.cc
 create mode 100644 nss/fuzz/shared.h
 create mode 100644 nss/fuzz/tls-client-no_fuzzer_mode.options
 create mode 100644 nss/fuzz/tls-client.options
 create mode 100644 nss/fuzz/tls_client_config.cc
 create mode 100644 nss/fuzz/tls_client_config.h
 create mode 100644 nss/fuzz/tls_client_socket.cc
 create mode 100644 nss/fuzz/tls_client_socket.h
 create mode 100644 nss/fuzz/tls_client_target.cc
 create mode 100644 nss/fuzz/warning.txt
 create mode 100644 nss/gtests/.clang-format
 create mode 100644 nss/gtests/Makefile
 create mode 100644 nss/gtests/README
 create mode 100644 nss/gtests/common/Makefile
 create mode 100644 nss/gtests/common/gtest.gypi
 create mode 100644 nss/gtests/common/gtest.mk
 create mode 100644 nss/gtests/common/gtests.cc
 create mode 100644 nss/gtests/common/manifest.mn
 create mode 100644 nss/gtests/der_gtest/Makefile
 create mode 100644 nss/gtests/der_gtest/der_getint_unittest.cc
 create mode 100644 nss/gtests/der_gtest/der_gtest.gyp
 create mode 100644 nss/gtests/der_gtest/der_private_key_import_unittest.cc
 create mode 100644 nss/gtests/der_gtest/manifest.mn
 create mode 100644 nss/gtests/freebl_gtest/freebl_gtest.gyp
 create mode 100644 nss/gtests/freebl_gtest/kat/Hash_DRBG.rsp
 create mode 100644 nss/gtests/freebl_gtest/kat/Hash_DRBG.txt
 create mode 100644 nss/gtests/freebl_gtest/mpi_unittest.cc
 create mode 100644 nss/gtests/freebl_gtest/prng_kat_unittest.cc
 create mode 100644 nss/gtests/google_test/Makefile
 create mode 100644 nss/gtests/google_test/google_test.gyp
 create mode 100644 nss/gtests/google_test/gtest/CHANGES
 create mode 100644 nss/gtests/google_test/gtest/CMakeLists.txt
 create mode 100644 nss/gtests/google_test/gtest/CONTRIBUTORS
 create mode 100644 nss/gtests/google_test/gtest/LICENSE
 create mode 100644 nss/gtests/google_test/gtest/Makefile.am
 create mode 100644 nss/gtests/google_test/gtest/README
 create mode 100644 nss/gtests/google_test/gtest/build-aux/.keep
 create mode 100644 nss/gtests/google_test/gtest/cmake/internal_utils.cmake
 create mode 100644 nss/gtests/google_test/gtest/codegear/gtest.cbproj
 create mode 100644 nss/gtests/google_test/gtest/codegear/gtest.groupproj
 create mode 100644 nss/gtests/google_test/gtest/codegear/gtest_all.cc
 create mode 100644 nss/gtests/google_test/gtest/codegear/gtest_link.cc
 create mode 100644 nss/gtests/google_test/gtest/codegear/gtest_main.cbproj
 create mode 100644 nss/gtests/google_test/gtest/codegear/gtest_unittest.cbproj
 create mode 100644 nss/gtests/google_test/gtest/configure.ac
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-death-test.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-message.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h.pump
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-printers.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-spi.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-test-part.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest-typed-test.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest_pred_impl.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/gtest_prod.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-filepath.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-internal.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-port.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-string.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h
 create mode 100644 nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
 create mode 100644 nss/gtests/google_test/gtest/m4/acx_pthread.m4
 create mode 100644 nss/gtests/google_test/gtest/m4/gtest.m4
 create mode 100644 nss/gtests/google_test/gtest/make/Makefile
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest-md.sln
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest-md.vcproj
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest.sln
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest.vcproj
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest_main-md.vcproj
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest_main.vcproj
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest_prod_test.vcproj
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest_unittest-md.vcproj
 create mode 100644 nss/gtests/google_test/gtest/msvc/gtest_unittest.vcproj
 create mode 100644 nss/gtests/google_test/gtest/samples/prime_tables.h
 create mode 100644 nss/gtests/google_test/gtest/samples/sample1.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample1.h
 create mode 100644 nss/gtests/google_test/gtest/samples/sample10_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample1_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample2.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample2.h
 create mode 100644 nss/gtests/google_test/gtest/samples/sample2_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample3-inl.h
 create mode 100644 nss/gtests/google_test/gtest/samples/sample3_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample4.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample4.h
 create mode 100644 nss/gtests/google_test/gtest/samples/sample4_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample5_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample6_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample7_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample8_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/samples/sample9_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/scripts/common.py
 create mode 100755 nss/gtests/google_test/gtest/scripts/fuse_gtest_files.py
 create mode 100755 nss/gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py
 create mode 100755 nss/gtests/google_test/gtest/scripts/gtest-config.in
 create mode 100755 nss/gtests/google_test/gtest/scripts/pump.py
 create mode 100755 nss/gtests/google_test/gtest/scripts/release_docs.py
 create mode 100644 nss/gtests/google_test/gtest/scripts/test/Makefile
 create mode 100755 nss/gtests/google_test/gtest/scripts/upload.py
 create mode 100755 nss/gtests/google_test/gtest/scripts/upload_gtest.py
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-all.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-death-test.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-filepath.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-internal-inl.h
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-port.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-printers.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-test-part.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest-typed-test.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest.cc
 create mode 100644 nss/gtests/google_test/gtest/src/gtest_main.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-death-test_ex_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-death-test_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-filepath_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-linked_ptr_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-listener_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-message_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-options_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-param-test2_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-param-test_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-param-test_test.h
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-port_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-printers_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-test-part_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-tuple_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-typed-test2_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-typed-test_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-typed-test_test.h
 create mode 100644 nss/gtests/google_test/gtest/test/gtest-unittest-api_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_all_test.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_color_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_color_test_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_env_var_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_env_var_test_.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_environment_test.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_filter_unittest.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_filter_unittest_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_help_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_help_test_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_list_tests_unittest.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_list_tests_unittest_.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_main_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_no_test_unittest.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_output_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_output_test_.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_output_test_golden_lin.txt
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_premature_exit_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_prod_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_repeat_test.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_shuffle_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_shuffle_test_.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_sole_header_test.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_stress_test.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_test_utils.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_uninitialized_test.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_uninitialized_test_.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_unittest.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_xml_outfiles_test.py
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py
 create mode 100644 nss/gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc
 create mode 100755 nss/gtests/google_test/gtest/test/gtest_xml_test_utils.py
 create mode 100644 nss/gtests/google_test/gtest/test/production.cc
 create mode 100644 nss/gtests/google_test/gtest/test/production.h
 create mode 100644 nss/gtests/google_test/gtest/xcode/Config/DebugProject.xcconfig
 create mode 100644 nss/gtests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
 create mode 100644 nss/gtests/google_test/gtest/xcode/Config/General.xcconfig
 create mode 100644 nss/gtests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
 create mode 100644 nss/gtests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
 create mode 100644 nss/gtests/google_test/gtest/xcode/Config/TestTarget.xcconfig
 create mode 100644 nss/gtests/google_test/gtest/xcode/Resources/Info.plist
 create mode 100644 nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
 create mode 100644 nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
 create mode 100644 nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
 create mode 100644 nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
 create mode 100644 nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
 create mode 100644 nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
 create mode 100644 nss/gtests/google_test/gtest/xcode/Scripts/runtests.sh
 create mode 100644 nss/gtests/google_test/gtest/xcode/Scripts/versiongenerate.py
 create mode 100644 nss/gtests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
 create mode 100644 nss/gtests/google_test/manifest.mn
 create mode 100644 nss/gtests/manifest.mn
 create mode 100644 nss/gtests/nss_bogo_shim/Makefile
 create mode 100644 nss/gtests/nss_bogo_shim/config.cc
 create mode 100644 nss/gtests/nss_bogo_shim/config.h
 create mode 100644 nss/gtests/nss_bogo_shim/config.json
 create mode 100644 nss/gtests/nss_bogo_shim/manifest.mn
 create mode 100644 nss/gtests/nss_bogo_shim/nss_bogo_shim.cc
 create mode 100644 nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
 create mode 100644 nss/gtests/nss_bogo_shim/nsskeys.cc
 create mode 100644 nss/gtests/nss_bogo_shim/nsskeys.h
 create mode 100644 nss/gtests/pk11_gtest/Makefile
 create mode 100644 nss/gtests/pk11_gtest/manifest.mn
 create mode 100644 nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h
 create mode 100644 nss/gtests/pk11_gtest/pk11_export_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_gtest.gyp
 create mode 100644 nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_prf_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_prng_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
 create mode 100644 nss/gtests/pk11_gtest/pk11_rsapss_vectors.h
 create mode 100644 nss/gtests/pk11_gtest/pk11_signature_test.h
 create mode 100644 nss/gtests/ssl_gtest/Makefile
 create mode 100644 nss/gtests/ssl_gtest/databuffer.h
 create mode 100644 nss/gtests/ssl_gtest/gtest_utils.h
 create mode 100644 nss/gtests/ssl_gtest/libssl_internals.c
 create mode 100644 nss/gtests/ssl_gtest/libssl_internals.h
 create mode 100644 nss/gtests/ssl_gtest/manifest.mn
 create mode 100644 nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_agent_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_auth_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_damage_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_drop_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_ems_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_extension_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_gather_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_gtest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_gtest.gyp
 create mode 100644 nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_record_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_skip_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/ssl_version_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/test_io.cc
 create mode 100644 nss/gtests/ssl_gtest/test_io.h
 create mode 100644 nss/gtests/ssl_gtest/tls_agent.cc
 create mode 100644 nss/gtests/ssl_gtest/tls_agent.h
 create mode 100644 nss/gtests/ssl_gtest/tls_connect.cc
 create mode 100644 nss/gtests/ssl_gtest/tls_connect.h
 create mode 100644 nss/gtests/ssl_gtest/tls_filter.cc
 create mode 100644 nss/gtests/ssl_gtest/tls_filter.h
 create mode 100644 nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
 create mode 100644 nss/gtests/ssl_gtest/tls_parser.cc
 create mode 100644 nss/gtests/ssl_gtest/tls_parser.h
 create mode 100644 nss/gtests/ssl_gtest/tls_protect.cc
 create mode 100644 nss/gtests/ssl_gtest/tls_protect.h
 create mode 100644 nss/gtests/util_gtest/Makefile
 create mode 100644 nss/gtests/util_gtest/manifest.mn
 create mode 100644 nss/gtests/util_gtest/util_b64_unittest.cc
 create mode 100644 nss/gtests/util_gtest/util_gtest.gyp
 create mode 100644 nss/gtests/util_gtest/util_utf8_unittest.cc
 create mode 100644 nss/lib/Makefile
 create mode 100644 nss/lib/base/Makefile
 create mode 100644 nss/lib/base/arena.c
 create mode 100644 nss/lib/base/base.gyp
 create mode 100644 nss/lib/base/base.h
 create mode 100644 nss/lib/base/baset.h
 create mode 100644 nss/lib/base/config.mk
 create mode 100644 nss/lib/base/error.c
 create mode 100644 nss/lib/base/errorval.c
 create mode 100644 nss/lib/base/exports.gyp
 create mode 100644 nss/lib/base/hash.c
 create mode 100644 nss/lib/base/hashops.c
 create mode 100644 nss/lib/base/item.c
 create mode 100644 nss/lib/base/libc.c
 create mode 100644 nss/lib/base/list.c
 create mode 100644 nss/lib/base/manifest.mn
 create mode 100644 nss/lib/base/nssbase.h
 create mode 100644 nss/lib/base/nssbaset.h
 create mode 100644 nss/lib/base/tracker.c
 create mode 100644 nss/lib/base/utf8.c
 create mode 100644 nss/lib/certdb/Makefile
 create mode 100644 nss/lib/certdb/alg1485.c
 create mode 100644 nss/lib/certdb/cert.h
 create mode 100644 nss/lib/certdb/certdb.c
 create mode 100644 nss/lib/certdb/certdb.gyp
 create mode 100644 nss/lib/certdb/certdb.h
 create mode 100644 nss/lib/certdb/certi.h
 create mode 100644 nss/lib/certdb/certt.h
 create mode 100644 nss/lib/certdb/certv3.c
 create mode 100644 nss/lib/certdb/certxutl.c
 create mode 100644 nss/lib/certdb/certxutl.h
 create mode 100644 nss/lib/certdb/config.mk
 create mode 100644 nss/lib/certdb/crl.c
 create mode 100644 nss/lib/certdb/exports.gyp
 create mode 100644 nss/lib/certdb/genname.c
 create mode 100644 nss/lib/certdb/genname.h
 create mode 100644 nss/lib/certdb/manifest.mn
 create mode 100644 nss/lib/certdb/polcyxtn.c
 create mode 100644 nss/lib/certdb/secname.c
 create mode 100644 nss/lib/certdb/stanpcertdb.c
 create mode 100644 nss/lib/certdb/xauthkid.c
 create mode 100644 nss/lib/certdb/xbsconst.c
 create mode 100644 nss/lib/certdb/xconst.c
 create mode 100644 nss/lib/certdb/xconst.h
 create mode 100644 nss/lib/certhigh/Makefile
 create mode 100644 nss/lib/certhigh/certhigh.c
 create mode 100644 nss/lib/certhigh/certhigh.gyp
 create mode 100644 nss/lib/certhigh/certhtml.c
 create mode 100644 nss/lib/certhigh/certreq.c
 create mode 100644 nss/lib/certhigh/certvfy.c
 create mode 100644 nss/lib/certhigh/certvfypkix.c
 create mode 100644 nss/lib/certhigh/config.mk
 create mode 100644 nss/lib/certhigh/crlv2.c
 create mode 100644 nss/lib/certhigh/exports.gyp
 create mode 100644 nss/lib/certhigh/manifest.mn
 create mode 100644 nss/lib/certhigh/ocsp.c
 create mode 100644 nss/lib/certhigh/ocsp.h
 create mode 100644 nss/lib/certhigh/ocspi.h
 create mode 100644 nss/lib/certhigh/ocspsig.c
 create mode 100644 nss/lib/certhigh/ocspt.h
 create mode 100644 nss/lib/certhigh/ocspti.h
 create mode 100644 nss/lib/certhigh/xcrldist.c
 create mode 100644 nss/lib/ckfw/Makefile
 create mode 100644 nss/lib/ckfw/builtins/Makefile
 create mode 100644 nss/lib/ckfw/builtins/README
 create mode 100644 nss/lib/ckfw/builtins/anchor.c
 create mode 100644 nss/lib/ckfw/builtins/bfind.c
 create mode 100644 nss/lib/ckfw/builtins/binst.c
 create mode 100644 nss/lib/ckfw/builtins/bobject.c
 create mode 100644 nss/lib/ckfw/builtins/bsession.c
 create mode 100644 nss/lib/ckfw/builtins/bslot.c
 create mode 100644 nss/lib/ckfw/builtins/btoken.c
 create mode 100644 nss/lib/ckfw/builtins/builtins.gyp
 create mode 100644 nss/lib/ckfw/builtins/builtins.h
 create mode 100644 nss/lib/ckfw/builtins/certdata.perl
 create mode 100644 nss/lib/ckfw/builtins/certdata.txt
 create mode 100644 nss/lib/ckfw/builtins/ckbiver.c
 create mode 100644 nss/lib/ckfw/builtins/config.mk
 create mode 100644 nss/lib/ckfw/builtins/constants.c
 create mode 100644 nss/lib/ckfw/builtins/exports.gyp
 create mode 100644 nss/lib/ckfw/builtins/manifest.mn
 create mode 100644 nss/lib/ckfw/builtins/nssckbi.def
 create mode 100644 nss/lib/ckfw/builtins/nssckbi.h
 create mode 100644 nss/lib/ckfw/builtins/nssckbi.rc
 create mode 100644 nss/lib/ckfw/capi/Makefile
 create mode 100644 nss/lib/ckfw/capi/README
 create mode 100644 nss/lib/ckfw/capi/anchor.c
 create mode 100644 nss/lib/ckfw/capi/cfind.c
 create mode 100644 nss/lib/ckfw/capi/cinst.c
 create mode 100644 nss/lib/ckfw/capi/ckcapi.h
 create mode 100644 nss/lib/ckfw/capi/ckcapiver.c
 create mode 100644 nss/lib/ckfw/capi/cobject.c
 create mode 100644 nss/lib/ckfw/capi/config.mk
 create mode 100644 nss/lib/ckfw/capi/constants.c
 create mode 100644 nss/lib/ckfw/capi/crsa.c
 create mode 100644 nss/lib/ckfw/capi/csession.c
 create mode 100644 nss/lib/ckfw/capi/cslot.c
 create mode 100644 nss/lib/ckfw/capi/ctoken.c
 create mode 100644 nss/lib/ckfw/capi/manifest.mn
 create mode 100644 nss/lib/ckfw/capi/nsscapi.def
 create mode 100644 nss/lib/ckfw/capi/nsscapi.h
 create mode 100644 nss/lib/ckfw/capi/nsscapi.rc
 create mode 100644 nss/lib/ckfw/capi/staticobj.c
 create mode 100644 nss/lib/ckfw/ck.api
 create mode 100644 nss/lib/ckfw/ck.h
 create mode 100644 nss/lib/ckfw/ckapi.perl
 create mode 100644 nss/lib/ckfw/ckfw.gyp
 create mode 100644 nss/lib/ckfw/ckfw.h
 create mode 100644 nss/lib/ckfw/ckfwm.h
 create mode 100644 nss/lib/ckfw/ckfwtm.h
 create mode 100644 nss/lib/ckfw/ckmd.h
 create mode 100644 nss/lib/ckfw/ckt.h
 create mode 100644 nss/lib/ckfw/config.mk
 create mode 100644 nss/lib/ckfw/crypto.c
 create mode 100644 nss/lib/ckfw/dbm/Makefile
 create mode 100644 nss/lib/ckfw/dbm/anchor.c
 create mode 100644 nss/lib/ckfw/dbm/ckdbm.h
 create mode 100644 nss/lib/ckfw/dbm/config.mk
 create mode 100644 nss/lib/ckfw/dbm/db.c
 create mode 100644 nss/lib/ckfw/dbm/find.c
 create mode 100644 nss/lib/ckfw/dbm/instance.c
 create mode 100644 nss/lib/ckfw/dbm/manifest.mn
 create mode 100644 nss/lib/ckfw/dbm/object.c
 create mode 100644 nss/lib/ckfw/dbm/session.c
 create mode 100644 nss/lib/ckfw/dbm/slot.c
 create mode 100644 nss/lib/ckfw/dbm/token.c
 create mode 100644 nss/lib/ckfw/exports.gyp
 create mode 100644 nss/lib/ckfw/find.c
 create mode 100644 nss/lib/ckfw/hash.c
 create mode 100644 nss/lib/ckfw/instance.c
 create mode 100644 nss/lib/ckfw/manifest.mn
 create mode 100644 nss/lib/ckfw/mechanism.c
 create mode 100644 nss/lib/ckfw/mutex.c
 create mode 100644 nss/lib/ckfw/nssck.api
 create mode 100644 nss/lib/ckfw/nssckepv.h
 create mode 100644 nss/lib/ckfw/nssckft.h
 create mode 100644 nss/lib/ckfw/nssckfw.h
 create mode 100644 nss/lib/ckfw/nssckfwc.h
 create mode 100644 nss/lib/ckfw/nssckfwt.h
 create mode 100644 nss/lib/ckfw/nssckg.h
 create mode 100644 nss/lib/ckfw/nssckmdt.h
 create mode 100644 nss/lib/ckfw/nssckt.h
 create mode 100644 nss/lib/ckfw/nssmkey/Makefile
 create mode 100644 nss/lib/ckfw/nssmkey/README
 create mode 100644 nss/lib/ckfw/nssmkey/ckmk.h
 create mode 100644 nss/lib/ckfw/nssmkey/ckmkver.c
 create mode 100644 nss/lib/ckfw/nssmkey/config.mk
 create mode 100644 nss/lib/ckfw/nssmkey/manchor.c
 create mode 100644 nss/lib/ckfw/nssmkey/manifest.mn
 create mode 100644 nss/lib/ckfw/nssmkey/mconstants.c
 create mode 100644 nss/lib/ckfw/nssmkey/mfind.c
 create mode 100644 nss/lib/ckfw/nssmkey/minst.c
 create mode 100644 nss/lib/ckfw/nssmkey/mobject.c
 create mode 100644 nss/lib/ckfw/nssmkey/mrsa.c
 create mode 100644 nss/lib/ckfw/nssmkey/msession.c
 create mode 100644 nss/lib/ckfw/nssmkey/mslot.c
 create mode 100644 nss/lib/ckfw/nssmkey/mtoken.c
 create mode 100644 nss/lib/ckfw/nssmkey/nssmkey.def
 create mode 100644 nss/lib/ckfw/nssmkey/nssmkey.h
 create mode 100644 nss/lib/ckfw/nssmkey/staticobj.c
 create mode 100644 nss/lib/ckfw/object.c
 create mode 100644 nss/lib/ckfw/session.c
 create mode 100644 nss/lib/ckfw/sessobj.c
 create mode 100644 nss/lib/ckfw/slot.c
 create mode 100644 nss/lib/ckfw/token.c
 create mode 100644 nss/lib/ckfw/wrap.c
 create mode 100644 nss/lib/crmf/Makefile
 create mode 100644 nss/lib/crmf/asn1cmn.c
 create mode 100644 nss/lib/crmf/challcli.c
 create mode 100644 nss/lib/crmf/cmmf.h
 create mode 100644 nss/lib/crmf/cmmfasn1.c
 create mode 100644 nss/lib/crmf/cmmfchal.c
 create mode 100644 nss/lib/crmf/cmmfi.h
 create mode 100644 nss/lib/crmf/cmmfit.h
 create mode 100644 nss/lib/crmf/cmmfrec.c
 create mode 100644 nss/lib/crmf/cmmfresp.c
 create mode 100644 nss/lib/crmf/cmmft.h
 create mode 100644 nss/lib/crmf/config.mk
 create mode 100644 nss/lib/crmf/crmf.gyp
 create mode 100644 nss/lib/crmf/crmf.h
 create mode 100644 nss/lib/crmf/crmfcont.c
 create mode 100644 nss/lib/crmf/crmfdec.c
 create mode 100644 nss/lib/crmf/crmfenc.c
 create mode 100644 nss/lib/crmf/crmffut.h
 create mode 100644 nss/lib/crmf/crmfget.c
 create mode 100644 nss/lib/crmf/crmfi.h
 create mode 100644 nss/lib/crmf/crmfit.h
 create mode 100644 nss/lib/crmf/crmfpop.c
 create mode 100644 nss/lib/crmf/crmfreq.c
 create mode 100644 nss/lib/crmf/crmft.h
 create mode 100644 nss/lib/crmf/crmftmpl.c
 create mode 100644 nss/lib/crmf/encutil.c
 create mode 100644 nss/lib/crmf/exports.gyp
 create mode 100644 nss/lib/crmf/manifest.mn
 create mode 100644 nss/lib/crmf/respcli.c
 create mode 100644 nss/lib/crmf/respcmn.c
 create mode 100644 nss/lib/crmf/servget.c
 create mode 100644 nss/lib/cryptohi/Makefile
 create mode 100644 nss/lib/cryptohi/config.mk
 create mode 100644 nss/lib/cryptohi/cryptohi.gyp
 create mode 100644 nss/lib/cryptohi/cryptohi.h
 create mode 100644 nss/lib/cryptohi/cryptoht.h
 create mode 100644 nss/lib/cryptohi/dsautil.c
 create mode 100644 nss/lib/cryptohi/exports.gyp
 create mode 100644 nss/lib/cryptohi/key.h
 create mode 100644 nss/lib/cryptohi/keyhi.h
 create mode 100644 nss/lib/cryptohi/keyi.h
 create mode 100644 nss/lib/cryptohi/keyt.h
 create mode 100644 nss/lib/cryptohi/keythi.h
 create mode 100644 nss/lib/cryptohi/manifest.mn
 create mode 100644 nss/lib/cryptohi/sechash.c
 create mode 100644 nss/lib/cryptohi/sechash.h
 create mode 100644 nss/lib/cryptohi/seckey.c
 create mode 100644 nss/lib/cryptohi/secsign.c
 create mode 100644 nss/lib/cryptohi/secvfy.c
 create mode 100644 nss/lib/dbm/Makefile
 create mode 100644 nss/lib/dbm/config/config.mk
 create mode 100644 nss/lib/dbm/include/Makefile
 create mode 100644 nss/lib/dbm/include/exports.gyp
 create mode 100644 nss/lib/dbm/include/extern.h
 create mode 100644 nss/lib/dbm/include/hash.h
 create mode 100644 nss/lib/dbm/include/hsearch.h
 create mode 100644 nss/lib/dbm/include/include.gyp
 create mode 100644 nss/lib/dbm/include/manifest.mn
 create mode 100644 nss/lib/dbm/include/mcom_db.h
 create mode 100644 nss/lib/dbm/include/ncompat.h
 create mode 100644 nss/lib/dbm/include/page.h
 create mode 100644 nss/lib/dbm/include/queue.h
 create mode 100644 nss/lib/dbm/include/search.h
 create mode 100644 nss/lib/dbm/include/winfile.h
 create mode 100644 nss/lib/dbm/manifest.mn
 create mode 100644 nss/lib/dbm/src/Makefile
 create mode 100644 nss/lib/dbm/src/config.mk
 create mode 100644 nss/lib/dbm/src/db.c
 create mode 100644 nss/lib/dbm/src/dirent.c
 create mode 100644 nss/lib/dbm/src/dirent.h
 create mode 100644 nss/lib/dbm/src/h_bigkey.c
 create mode 100644 nss/lib/dbm/src/h_func.c
 create mode 100644 nss/lib/dbm/src/h_log2.c
 create mode 100644 nss/lib/dbm/src/h_page.c
 create mode 100644 nss/lib/dbm/src/hash.c
 create mode 100644 nss/lib/dbm/src/hash_buf.c
 create mode 100644 nss/lib/dbm/src/manifest.mn
 create mode 100644 nss/lib/dbm/src/memmove.c
 create mode 100644 nss/lib/dbm/src/mktemp.c
 create mode 100644 nss/lib/dbm/src/snprintf.c
 create mode 100644 nss/lib/dbm/src/src.gyp
 create mode 100644 nss/lib/dbm/src/strerror.c
 create mode 100644 nss/lib/dbm/tests/Makefile
 create mode 100644 nss/lib/dbm/tests/dbmtest.pkg
 create mode 100644 nss/lib/dbm/tests/lots.c
 create mode 100644 nss/lib/dev/Makefile
 create mode 100644 nss/lib/dev/ckhelper.c
 create mode 100644 nss/lib/dev/ckhelper.h
 create mode 100644 nss/lib/dev/config.mk
 create mode 100644 nss/lib/dev/dev.gyp
 create mode 100644 nss/lib/dev/dev.h
 create mode 100644 nss/lib/dev/devm.h
 create mode 100644 nss/lib/dev/devslot.c
 create mode 100644 nss/lib/dev/devt.h
 create mode 100644 nss/lib/dev/devtm.h
 create mode 100644 nss/lib/dev/devtoken.c
 create mode 100644 nss/lib/dev/devutil.c
 create mode 100644 nss/lib/dev/exports.gyp
 create mode 100644 nss/lib/dev/manifest.mn
 create mode 100644 nss/lib/dev/nssdev.h
 create mode 100644 nss/lib/dev/nssdevt.h
 create mode 100644 nss/lib/freebl/Makefile
 create mode 100644 nss/lib/freebl/aeskeywrap.c
 create mode 100644 nss/lib/freebl/alg2268.c
 create mode 100644 nss/lib/freebl/alghmac.c
 create mode 100644 nss/lib/freebl/alghmac.h
 create mode 100644 nss/lib/freebl/arcfive.c
 create mode 100644 nss/lib/freebl/arcfour-amd64-gas.s
 create mode 100644 nss/lib/freebl/arcfour-amd64-masm.asm
 create mode 100644 nss/lib/freebl/arcfour-amd64-sun.s
 create mode 100644 nss/lib/freebl/arcfour.c
 create mode 100644 nss/lib/freebl/blapi.h
 create mode 100644 nss/lib/freebl/blapii.h
 create mode 100644 nss/lib/freebl/blapit.h
 create mode 100644 nss/lib/freebl/blname.c
 create mode 100644 nss/lib/freebl/camellia.c
 create mode 100644 nss/lib/freebl/camellia.h
 create mode 100644 nss/lib/freebl/chacha20.c
 create mode 100644 nss/lib/freebl/chacha20.h
 create mode 100644 nss/lib/freebl/chacha20_vec.c
 create mode 100644 nss/lib/freebl/chacha20poly1305.c
 create mode 100644 nss/lib/freebl/chacha20poly1305.h
 create mode 100644 nss/lib/freebl/config.mk
 create mode 100644 nss/lib/freebl/ctr.c
 create mode 100644 nss/lib/freebl/ctr.h
 create mode 100644 nss/lib/freebl/cts.c
 create mode 100644 nss/lib/freebl/cts.h
 create mode 100644 nss/lib/freebl/des.c
 create mode 100644 nss/lib/freebl/des.h
 create mode 100644 nss/lib/freebl/desblapi.c
 create mode 100644 nss/lib/freebl/det_rng.c
 create mode 100644 nss/lib/freebl/det_rng.h
 create mode 100644 nss/lib/freebl/dh.c
 create mode 100644 nss/lib/freebl/drbg.c
 create mode 100644 nss/lib/freebl/dsa.c
 create mode 100644 nss/lib/freebl/ec.c
 create mode 100644 nss/lib/freebl/ec.h
 create mode 100644 nss/lib/freebl/ecdecode.c
 create mode 100644 nss/lib/freebl/ecl/README
 create mode 100644 nss/lib/freebl/ecl/README.FP
 create mode 100644 nss/lib/freebl/ecl/curve25519_32.c
 create mode 100644 nss/lib/freebl/ecl/curve25519_64.c
 create mode 100644 nss/lib/freebl/ecl/ec2.h
 create mode 100644 nss/lib/freebl/ecl/ec2_163.c
 create mode 100644 nss/lib/freebl/ecl/ec2_193.c
 create mode 100644 nss/lib/freebl/ecl/ec2_233.c
 create mode 100644 nss/lib/freebl/ecl/ec2_aff.c
 create mode 100644 nss/lib/freebl/ecl/ec2_mont.c
 create mode 100644 nss/lib/freebl/ecl/ec2_proj.c
 create mode 100644 nss/lib/freebl/ecl/ec_naf.c
 create mode 100644 nss/lib/freebl/ecl/ecl-curve.h
 create mode 100644 nss/lib/freebl/ecl/ecl-exp.h
 create mode 100644 nss/lib/freebl/ecl/ecl-priv.h
 create mode 100644 nss/lib/freebl/ecl/ecl.c
 create mode 100644 nss/lib/freebl/ecl/ecl.h
 create mode 100644 nss/lib/freebl/ecl/ecl_curve.c
 create mode 100644 nss/lib/freebl/ecl/ecl_gf.c
 create mode 100644 nss/lib/freebl/ecl/ecl_mult.c
 create mode 100644 nss/lib/freebl/ecl/ecp.h
 create mode 100644 nss/lib/freebl/ecl/ecp_192.c
 create mode 100644 nss/lib/freebl/ecl/ecp_224.c
 create mode 100644 nss/lib/freebl/ecl/ecp_25519.c
 create mode 100644 nss/lib/freebl/ecl/ecp_256.c
 create mode 100644 nss/lib/freebl/ecl/ecp_256_32.c
 create mode 100644 nss/lib/freebl/ecl/ecp_384.c
 create mode 100644 nss/lib/freebl/ecl/ecp_521.c
 create mode 100644 nss/lib/freebl/ecl/ecp_aff.c
 create mode 100644 nss/lib/freebl/ecl/ecp_fp.c
 create mode 100644 nss/lib/freebl/ecl/ecp_fp.h
 create mode 100644 nss/lib/freebl/ecl/ecp_fp160.c
 create mode 100644 nss/lib/freebl/ecl/ecp_fp192.c
 create mode 100644 nss/lib/freebl/ecl/ecp_fp224.c
 create mode 100644 nss/lib/freebl/ecl/ecp_fpinc.c
 create mode 100644 nss/lib/freebl/ecl/ecp_jac.c
 create mode 100644 nss/lib/freebl/ecl/ecp_jm.c
 create mode 100644 nss/lib/freebl/ecl/ecp_mont.c
 create mode 100644 nss/lib/freebl/ecl/tests/ec2_test.c
 create mode 100644 nss/lib/freebl/ecl/tests/ec_naft.c
 create mode 100644 nss/lib/freebl/ecl/tests/ecp_fpt.c
 create mode 100644 nss/lib/freebl/ecl/tests/ecp_test.c
 create mode 100644 nss/lib/freebl/ecl/uint128.c
 create mode 100644 nss/lib/freebl/ecl/uint128.h
 create mode 100644 nss/lib/freebl/exports.gyp
 create mode 100644 nss/lib/freebl/fipsfreebl.c
 create mode 100644 nss/lib/freebl/freebl.def
 create mode 100644 nss/lib/freebl/freebl.gyp
 create mode 100644 nss/lib/freebl/freebl.rc
 create mode 100644 nss/lib/freebl/freebl_base.gypi
 create mode 100644 nss/lib/freebl/freebl_hash.def
 create mode 100644 nss/lib/freebl/freebl_hash_vector.def
 create mode 100644 nss/lib/freebl/freeblver.c
 create mode 100644 nss/lib/freebl/gcm.c
 create mode 100644 nss/lib/freebl/gcm.h
 create mode 100644 nss/lib/freebl/genload.c
 create mode 100644 nss/lib/freebl/hmacct.c
 create mode 100644 nss/lib/freebl/hmacct.h
 create mode 100644 nss/lib/freebl/intel-aes-x64-masm.asm
 create mode 100644 nss/lib/freebl/intel-aes-x86-masm.asm
 create mode 100644 nss/lib/freebl/intel-aes.h
 create mode 100644 nss/lib/freebl/intel-aes.s
 create mode 100644 nss/lib/freebl/intel-gcm-wrap.c
 create mode 100644 nss/lib/freebl/intel-gcm-x64-masm.asm
 create mode 100644 nss/lib/freebl/intel-gcm-x86-masm.asm
 create mode 100644 nss/lib/freebl/intel-gcm.h
 create mode 100644 nss/lib/freebl/intel-gcm.s
 create mode 100644 nss/lib/freebl/jpake.c
 create mode 100644 nss/lib/freebl/ldvector.c
 create mode 100644 nss/lib/freebl/loader.c
 create mode 100644 nss/lib/freebl/loader.h
 create mode 100644 nss/lib/freebl/lowhash_vector.c
 create mode 100644 nss/lib/freebl/manifest.mn
 create mode 100644 nss/lib/freebl/md2.c
 create mode 100644 nss/lib/freebl/md5.c
 create mode 100644 nss/lib/freebl/mknewpc2.c
 create mode 100644 nss/lib/freebl/mksp.c
 create mode 100644 nss/lib/freebl/mpi/Makefile
 create mode 100644 nss/lib/freebl/mpi/Makefile.os2
 create mode 100644 nss/lib/freebl/mpi/Makefile.win
 create mode 100644 nss/lib/freebl/mpi/README
 create mode 100755 nss/lib/freebl/mpi/all-tests
 create mode 100644 nss/lib/freebl/mpi/doc/LICENSE
 create mode 100644 nss/lib/freebl/mpi/doc/LICENSE-MPL
 create mode 100644 nss/lib/freebl/mpi/doc/basecvt.pod
 create mode 100755 nss/lib/freebl/mpi/doc/build
 create mode 100644 nss/lib/freebl/mpi/doc/div.txt
 create mode 100644 nss/lib/freebl/mpi/doc/expt.txt
 create mode 100644 nss/lib/freebl/mpi/doc/gcd.pod
 create mode 100644 nss/lib/freebl/mpi/doc/invmod.pod
 create mode 100644 nss/lib/freebl/mpi/doc/isprime.pod
 create mode 100644 nss/lib/freebl/mpi/doc/lap.pod
 create mode 100644 nss/lib/freebl/mpi/doc/mpi-test.pod
 create mode 100644 nss/lib/freebl/mpi/doc/mul.txt
 create mode 100644 nss/lib/freebl/mpi/doc/pi.txt
 create mode 100644 nss/lib/freebl/mpi/doc/prime.txt
 create mode 100644 nss/lib/freebl/mpi/doc/prng.pod
 create mode 100644 nss/lib/freebl/mpi/doc/redux.txt
 create mode 100644 nss/lib/freebl/mpi/doc/sqrt.txt
 create mode 100644 nss/lib/freebl/mpi/doc/square.txt
 create mode 100644 nss/lib/freebl/mpi/doc/timing.txt
 create mode 100644 nss/lib/freebl/mpi/hpma512.s
 create mode 100644 nss/lib/freebl/mpi/hppa20.s
 create mode 100644 nss/lib/freebl/mpi/hppatch.adb
 create mode 100644 nss/lib/freebl/mpi/logtab.h
 create mode 100755 nss/lib/freebl/mpi/make-logtab
 create mode 100755 nss/lib/freebl/mpi/make-test-arrays
 create mode 100644 nss/lib/freebl/mpi/mdxptest.c
 create mode 100644 nss/lib/freebl/mpi/montmulf.c
 create mode 100644 nss/lib/freebl/mpi/montmulf.h
 create mode 100644 nss/lib/freebl/mpi/montmulf.il
 create mode 100644 nss/lib/freebl/mpi/montmulf.s
 create mode 100644 nss/lib/freebl/mpi/montmulfv8.il
 create mode 100644 nss/lib/freebl/mpi/montmulfv8.s
 create mode 100644 nss/lib/freebl/mpi/montmulfv9.il
 create mode 100644 nss/lib/freebl/mpi/montmulfv9.s
 create mode 100644 nss/lib/freebl/mpi/mp_comba.c
 create mode 100644 nss/lib/freebl/mpi/mp_comba_amd64_masm.asm
 create mode 100644 nss/lib/freebl/mpi/mp_comba_amd64_sun.s
 create mode 100644 nss/lib/freebl/mpi/mp_gf2m-priv.h
 create mode 100644 nss/lib/freebl/mpi/mp_gf2m.c
 create mode 100644 nss/lib/freebl/mpi/mp_gf2m.h
 create mode 100644 nss/lib/freebl/mpi/mpcpucache.c
 create mode 100644 nss/lib/freebl/mpi/mpcpucache_amd64.s
 create mode 100644 nss/lib/freebl/mpi/mpcpucache_x86.s
 create mode 100644 nss/lib/freebl/mpi/mpi-config.h
 create mode 100644 nss/lib/freebl/mpi/mpi-priv.h
 create mode 100644 nss/lib/freebl/mpi/mpi-test.c
 create mode 100644 nss/lib/freebl/mpi/mpi.c
 create mode 100644 nss/lib/freebl/mpi/mpi.h
 create mode 100644 nss/lib/freebl/mpi/mpi_amd64.c
 create mode 100644 nss/lib/freebl/mpi/mpi_amd64_gas.s
 create mode 100644 nss/lib/freebl/mpi/mpi_amd64_masm.asm
 create mode 100644 nss/lib/freebl/mpi/mpi_amd64_sun.s
 create mode 100644 nss/lib/freebl/mpi/mpi_arm.c
 create mode 100644 nss/lib/freebl/mpi/mpi_hp.c
 create mode 100644 nss/lib/freebl/mpi/mpi_i86pc.s
 create mode 100644 nss/lib/freebl/mpi/mpi_mips.s
 create mode 100644 nss/lib/freebl/mpi/mpi_sparc.c
 create mode 100644 nss/lib/freebl/mpi/mpi_sse2.s
 create mode 100644 nss/lib/freebl/mpi/mpi_x86.s
 create mode 100644 nss/lib/freebl/mpi/mpi_x86_asm.c
 create mode 100644 nss/lib/freebl/mpi/mpi_x86_os2.s
 create mode 100644 nss/lib/freebl/mpi/mplogic.c
 create mode 100644 nss/lib/freebl/mpi/mplogic.h
 create mode 100644 nss/lib/freebl/mpi/mpmontg.c
 create mode 100644 nss/lib/freebl/mpi/mpprime.c
 create mode 100644 nss/lib/freebl/mpi/mpprime.h
 create mode 100644 nss/lib/freebl/mpi/mpv_sparc.c
 create mode 100644 nss/lib/freebl/mpi/mpv_sparcv8.s
 create mode 100644 nss/lib/freebl/mpi/mpv_sparcv9.s
 create mode 100644 nss/lib/freebl/mpi/mpvalpha.c
 create mode 100644 nss/lib/freebl/mpi/mulsqr.c
 create mode 100755 nss/lib/freebl/mpi/multest
 create mode 100644 nss/lib/freebl/mpi/primes.c
 create mode 100755 nss/lib/freebl/mpi/stats
 create mode 100644 nss/lib/freebl/mpi/target.mk
 create mode 100644 nss/lib/freebl/mpi/test-arrays.txt
 create mode 100644 nss/lib/freebl/mpi/test-info.c
 create mode 100644 nss/lib/freebl/mpi/tests/LICENSE
 create mode 100644 nss/lib/freebl/mpi/tests/LICENSE-MPL
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-1.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-2.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-3.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-3a.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-4.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-4a.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-4b.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-5.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-5a.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-6.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-7.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-8.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-9.c
 create mode 100644 nss/lib/freebl/mpi/tests/mptest-b.c
 create mode 100644 nss/lib/freebl/mpi/tests/pi1k.txt
 create mode 100644 nss/lib/freebl/mpi/tests/pi2k.txt
 create mode 100644 nss/lib/freebl/mpi/tests/pi5k.txt
 create mode 100755 nss/lib/freebl/mpi/timetest
 create mode 100755 nss/lib/freebl/mpi/types.pl
 create mode 100644 nss/lib/freebl/mpi/utils/LICENSE
 create mode 100644 nss/lib/freebl/mpi/utils/LICENSE-MPL
 create mode 100644 nss/lib/freebl/mpi/utils/PRIMES
 create mode 100644 nss/lib/freebl/mpi/utils/README
 create mode 100644 nss/lib/freebl/mpi/utils/basecvt.c
 create mode 100644 nss/lib/freebl/mpi/utils/bbs_rand.c
 create mode 100644 nss/lib/freebl/mpi/utils/bbs_rand.h
 create mode 100644 nss/lib/freebl/mpi/utils/bbsrand.c
 create mode 100644 nss/lib/freebl/mpi/utils/dec2hex.c
 create mode 100644 nss/lib/freebl/mpi/utils/exptmod.c
 create mode 100644 nss/lib/freebl/mpi/utils/fact.c
 create mode 100644 nss/lib/freebl/mpi/utils/gcd.c
 create mode 100644 nss/lib/freebl/mpi/utils/hex2dec.c
 create mode 100644 nss/lib/freebl/mpi/utils/identest.c
 create mode 100644 nss/lib/freebl/mpi/utils/invmod.c
 create mode 100644 nss/lib/freebl/mpi/utils/isprime.c
 create mode 100644 nss/lib/freebl/mpi/utils/lap.c
 create mode 100644 nss/lib/freebl/mpi/utils/makeprime.c
 create mode 100644 nss/lib/freebl/mpi/utils/metime.c
 create mode 100644 nss/lib/freebl/mpi/utils/pi.c
 create mode 100644 nss/lib/freebl/mpi/utils/primegen.c
 create mode 100644 nss/lib/freebl/mpi/utils/prng.c
 create mode 100755 nss/lib/freebl/mpi/utils/ptab.pl
 create mode 100644 nss/lib/freebl/mpi/utils/sieve.c
 create mode 100644 nss/lib/freebl/mpi/vis_32.il
 create mode 100644 nss/lib/freebl/mpi/vis_64.il
 create mode 100644 nss/lib/freebl/mpi/vis_proto.h
 create mode 100644 nss/lib/freebl/nsslowhash.c
 create mode 100644 nss/lib/freebl/nsslowhash.h
 create mode 100644 nss/lib/freebl/os2_rand.c
 create mode 100644 nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
 create mode 100644 nss/lib/freebl/poly1305.c
 create mode 100644 nss/lib/freebl/poly1305.h
 create mode 100644 nss/lib/freebl/pqg.c
 create mode 100644 nss/lib/freebl/pqg.h
 create mode 100644 nss/lib/freebl/rawhash.c
 create mode 100644 nss/lib/freebl/ret_cr16.s
 create mode 100644 nss/lib/freebl/rijndael.c
 create mode 100644 nss/lib/freebl/rijndael.h
 create mode 100644 nss/lib/freebl/rijndael32.tab
 create mode 100644 nss/lib/freebl/rijndael_tables.c
 create mode 100644 nss/lib/freebl/rsa.c
 create mode 100644 nss/lib/freebl/rsapkcs.c
 create mode 100644 nss/lib/freebl/secmpi.h
 create mode 100644 nss/lib/freebl/secrng.h
 create mode 100644 nss/lib/freebl/seed.c
 create mode 100644 nss/lib/freebl/seed.h
 create mode 100644 nss/lib/freebl/sha-fast-amd64-sun.s
 create mode 100644 nss/lib/freebl/sha256.h
 create mode 100644 nss/lib/freebl/sha512.c
 create mode 100644 nss/lib/freebl/sha_fast.c
 create mode 100644 nss/lib/freebl/sha_fast.h
 create mode 100644 nss/lib/freebl/shsign.h
 create mode 100644 nss/lib/freebl/shvfy.c
 create mode 100644 nss/lib/freebl/stubs.c
 create mode 100644 nss/lib/freebl/stubs.h
 create mode 100644 nss/lib/freebl/sysrand.c
 create mode 100644 nss/lib/freebl/tlsprfalg.c
 create mode 100644 nss/lib/freebl/unix_rand.c
 create mode 100644 nss/lib/freebl/win_rand.c
 create mode 100644 nss/lib/jar/Makefile
 create mode 100644 nss/lib/jar/config.mk
 create mode 100644 nss/lib/jar/exports.gyp
 create mode 100644 nss/lib/jar/jar-ds.c
 create mode 100644 nss/lib/jar/jar-ds.h
 create mode 100644 nss/lib/jar/jar.c
 create mode 100644 nss/lib/jar/jar.gyp
 create mode 100644 nss/lib/jar/jar.h
 create mode 100644 nss/lib/jar/jarfile.c
 create mode 100644 nss/lib/jar/jarfile.h
 create mode 100644 nss/lib/jar/jarint.c
 create mode 100644 nss/lib/jar/jarint.h
 create mode 100644 nss/lib/jar/jarnav.c
 create mode 100644 nss/lib/jar/jarsign.c
 create mode 100644 nss/lib/jar/jarver.c
 create mode 100644 nss/lib/jar/jzconf.h
 create mode 100644 nss/lib/jar/jzlib.h
 create mode 100644 nss/lib/jar/manifest.mn
 create mode 100755 nss/lib/libpkix/Makefile
 create mode 100755 nss/lib/libpkix/config.mk
 create mode 100755 nss/lib/libpkix/include/Makefile
 create mode 100755 nss/lib/libpkix/include/config.mk
 create mode 100644 nss/lib/libpkix/include/exports.gyp
 create mode 100644 nss/lib/libpkix/include/include.gyp
 create mode 100755 nss/lib/libpkix/include/manifest.mn
 create mode 100755 nss/lib/libpkix/include/pkix.h
 create mode 100755 nss/lib/libpkix/include/pkix_certsel.h
 create mode 100755 nss/lib/libpkix/include/pkix_certstore.h
 create mode 100755 nss/lib/libpkix/include/pkix_checker.h
 create mode 100755 nss/lib/libpkix/include/pkix_crlsel.h
 create mode 100755 nss/lib/libpkix/include/pkix_errorstrings.h
 create mode 100755 nss/lib/libpkix/include/pkix_params.h
 create mode 100755 nss/lib/libpkix/include/pkix_pl_pki.h
 create mode 100755 nss/lib/libpkix/include/pkix_pl_system.h
 create mode 100755 nss/lib/libpkix/include/pkix_results.h
 create mode 100755 nss/lib/libpkix/include/pkix_revchecker.h
 create mode 100755 nss/lib/libpkix/include/pkix_sample_modules.h
 create mode 100755 nss/lib/libpkix/include/pkix_util.h
 create mode 100755 nss/lib/libpkix/include/pkixt.h
 create mode 100755 nss/lib/libpkix/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/Makefile
 create mode 100755 nss/lib/libpkix/pkix/certsel/Makefile
 create mode 100644 nss/lib/libpkix/pkix/certsel/certsel.gyp
 create mode 100755 nss/lib/libpkix/pkix/certsel/config.mk
 create mode 100644 nss/lib/libpkix/pkix/certsel/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/certsel/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/certsel/pkix_certselector.c
 create mode 100755 nss/lib/libpkix/pkix/certsel/pkix_certselector.h
 create mode 100755 nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c
 create mode 100755 nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h
 create mode 100755 nss/lib/libpkix/pkix/checker/Makefile
 create mode 100644 nss/lib/libpkix/pkix/checker/checker.gyp
 create mode 100755 nss/lib/libpkix/pkix/checker/config.mk
 create mode 100644 nss/lib/libpkix/pkix/checker/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/checker/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_crlchecker.h
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_policychecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_policychecker.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c
 create mode 100644 nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c
 create mode 100755 nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h
 create mode 100755 nss/lib/libpkix/pkix/config.mk
 create mode 100755 nss/lib/libpkix/pkix/crlsel/Makefile
 create mode 100755 nss/lib/libpkix/pkix/crlsel/config.mk
 create mode 100644 nss/lib/libpkix/pkix/crlsel/crlsel.gyp
 create mode 100644 nss/lib/libpkix/pkix/crlsel/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/crlsel/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c
 create mode 100755 nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h
 create mode 100755 nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c
 create mode 100755 nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h
 create mode 100755 nss/lib/libpkix/pkix/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/params/Makefile
 create mode 100755 nss/lib/libpkix/pkix/params/config.mk
 create mode 100644 nss/lib/libpkix/pkix/params/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/params/manifest.mn
 create mode 100644 nss/lib/libpkix/pkix/params/params.gyp
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_procparams.c
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_procparams.h
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_resourcelimits.c
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_resourcelimits.h
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_trustanchor.c
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_trustanchor.h
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_valparams.c
 create mode 100755 nss/lib/libpkix/pkix/params/pkix_valparams.h
 create mode 100755 nss/lib/libpkix/pkix/results/Makefile
 create mode 100755 nss/lib/libpkix/pkix/results/config.mk
 create mode 100644 nss/lib/libpkix/pkix/results/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/results/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_buildresult.c
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_buildresult.h
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_policynode.c
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_policynode.h
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_valresult.c
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_valresult.h
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_verifynode.c
 create mode 100755 nss/lib/libpkix/pkix/results/pkix_verifynode.h
 create mode 100644 nss/lib/libpkix/pkix/results/results.gyp
 create mode 100755 nss/lib/libpkix/pkix/store/Makefile
 create mode 100755 nss/lib/libpkix/pkix/store/config.mk
 create mode 100644 nss/lib/libpkix/pkix/store/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/store/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/store/pkix_store.c
 create mode 100755 nss/lib/libpkix/pkix/store/pkix_store.h
 create mode 100644 nss/lib/libpkix/pkix/store/store.gyp
 create mode 100755 nss/lib/libpkix/pkix/top/Makefile
 create mode 100755 nss/lib/libpkix/pkix/top/config.mk
 create mode 100644 nss/lib/libpkix/pkix/top/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/top/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/top/pkix_build.c
 create mode 100755 nss/lib/libpkix/pkix/top/pkix_build.h
 create mode 100755 nss/lib/libpkix/pkix/top/pkix_lifecycle.c
 create mode 100755 nss/lib/libpkix/pkix/top/pkix_lifecycle.h
 create mode 100755 nss/lib/libpkix/pkix/top/pkix_validate.c
 create mode 100755 nss/lib/libpkix/pkix/top/pkix_validate.h
 create mode 100644 nss/lib/libpkix/pkix/top/top.gyp
 create mode 100755 nss/lib/libpkix/pkix/util/Makefile
 create mode 100755 nss/lib/libpkix/pkix/util/config.mk
 create mode 100644 nss/lib/libpkix/pkix/util/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix/util/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix/util/pkix_error.c
 create mode 100755 nss/lib/libpkix/pkix/util/pkix_error.h
 create mode 100644 nss/lib/libpkix/pkix/util/pkix_errpaths.c
 create mode 100755 nss/lib/libpkix/pkix/util/pkix_list.c
 create mode 100755 nss/lib/libpkix/pkix/util/pkix_list.h
 create mode 100644 nss/lib/libpkix/pkix/util/pkix_logger.c
 create mode 100644 nss/lib/libpkix/pkix/util/pkix_logger.h
 create mode 100755 nss/lib/libpkix/pkix/util/pkix_tools.c
 create mode 100755 nss/lib/libpkix/pkix/util/pkix_tools.h
 create mode 100644 nss/lib/libpkix/pkix/util/util.gyp
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/Makefile
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/config.mk
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/Makefile
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/config.mk
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/module.gyp
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/pki/Makefile
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/pki/config.mk
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pki.gyp
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/Makefile
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/config.mk
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/system/exports.gyp
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/manifest.mn
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c
 create mode 100755 nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h
 create mode 100644 nss/lib/libpkix/pkix_pl_nss/system/system.gyp
 create mode 100644 nss/lib/manifest.mn
 create mode 100644 nss/lib/nss/Makefile
 create mode 100644 nss/lib/nss/config.mk
 create mode 100644 nss/lib/nss/exports.gyp
 create mode 100644 nss/lib/nss/manifest.mn
 create mode 100644 nss/lib/nss/nss.def
 create mode 100644 nss/lib/nss/nss.gyp
 create mode 100644 nss/lib/nss/nss.h
 create mode 100644 nss/lib/nss/nss.rc
 create mode 100644 nss/lib/nss/nssinit.c
 create mode 100644 nss/lib/nss/nssoptions.c
 create mode 100644 nss/lib/nss/nssoptions.h
 create mode 100644 nss/lib/nss/nssrenam.h
 create mode 100644 nss/lib/nss/nssver.c
 create mode 100644 nss/lib/nss/pkixpriv.def
 create mode 100644 nss/lib/nss/utilwrap.c
 create mode 100644 nss/lib/pk11wrap/Makefile
 create mode 100644 nss/lib/pk11wrap/config.mk
 create mode 100644 nss/lib/pk11wrap/debug_module.c
 create mode 100644 nss/lib/pk11wrap/dev3hack.c
 create mode 100644 nss/lib/pk11wrap/dev3hack.h
 create mode 100644 nss/lib/pk11wrap/exports.gyp
 create mode 100644 nss/lib/pk11wrap/manifest.mn
 create mode 100644 nss/lib/pk11wrap/pk11akey.c
 create mode 100644 nss/lib/pk11wrap/pk11auth.c
 create mode 100644 nss/lib/pk11wrap/pk11cert.c
 create mode 100644 nss/lib/pk11wrap/pk11cxt.c
 create mode 100644 nss/lib/pk11wrap/pk11err.c
 create mode 100644 nss/lib/pk11wrap/pk11func.h
 create mode 100644 nss/lib/pk11wrap/pk11kea.c
 create mode 100644 nss/lib/pk11wrap/pk11list.c
 create mode 100644 nss/lib/pk11wrap/pk11load.c
 create mode 100644 nss/lib/pk11wrap/pk11mech.c
 create mode 100644 nss/lib/pk11wrap/pk11merge.c
 create mode 100644 nss/lib/pk11wrap/pk11nobj.c
 create mode 100644 nss/lib/pk11wrap/pk11obj.c
 create mode 100644 nss/lib/pk11wrap/pk11pars.c
 create mode 100644 nss/lib/pk11wrap/pk11pbe.c
 create mode 100644 nss/lib/pk11wrap/pk11pk12.c
 create mode 100644 nss/lib/pk11wrap/pk11pqg.c
 create mode 100644 nss/lib/pk11wrap/pk11pqg.h
 create mode 100644 nss/lib/pk11wrap/pk11priv.h
 create mode 100644 nss/lib/pk11wrap/pk11pub.h
 create mode 100644 nss/lib/pk11wrap/pk11sdr.c
 create mode 100644 nss/lib/pk11wrap/pk11sdr.h
 create mode 100644 nss/lib/pk11wrap/pk11skey.c
 create mode 100644 nss/lib/pk11wrap/pk11slot.c
 create mode 100644 nss/lib/pk11wrap/pk11util.c
 create mode 100644 nss/lib/pk11wrap/pk11wrap.gyp
 create mode 100644 nss/lib/pk11wrap/secmod.h
 create mode 100644 nss/lib/pk11wrap/secmodi.h
 create mode 100644 nss/lib/pk11wrap/secmodt.h
 create mode 100644 nss/lib/pk11wrap/secmodti.h
 create mode 100644 nss/lib/pk11wrap/secpkcs5.h
 create mode 100644 nss/lib/pkcs12/Makefile
 create mode 100644 nss/lib/pkcs12/config.mk
 create mode 100644 nss/lib/pkcs12/exports.gyp
 create mode 100644 nss/lib/pkcs12/manifest.mn
 create mode 100644 nss/lib/pkcs12/p12.h
 create mode 100644 nss/lib/pkcs12/p12creat.c
 create mode 100644 nss/lib/pkcs12/p12d.c
 create mode 100644 nss/lib/pkcs12/p12dec.c
 create mode 100644 nss/lib/pkcs12/p12e.c
 create mode 100644 nss/lib/pkcs12/p12exp.c
 create mode 100644 nss/lib/pkcs12/p12local.c
 create mode 100644 nss/lib/pkcs12/p12local.h
 create mode 100644 nss/lib/pkcs12/p12plcy.c
 create mode 100644 nss/lib/pkcs12/p12plcy.h
 create mode 100644 nss/lib/pkcs12/p12t.h
 create mode 100644 nss/lib/pkcs12/p12tmpl.c
 create mode 100644 nss/lib/pkcs12/pkcs12.gyp
 create mode 100644 nss/lib/pkcs12/pkcs12.h
 create mode 100644 nss/lib/pkcs12/pkcs12t.h
 create mode 100644 nss/lib/pkcs7/Makefile
 create mode 100644 nss/lib/pkcs7/certread.c
 create mode 100644 nss/lib/pkcs7/config.mk
 create mode 100644 nss/lib/pkcs7/exports.gyp
 create mode 100644 nss/lib/pkcs7/manifest.mn
 create mode 100644 nss/lib/pkcs7/p7common.c
 create mode 100644 nss/lib/pkcs7/p7create.c
 create mode 100644 nss/lib/pkcs7/p7decode.c
 create mode 100644 nss/lib/pkcs7/p7encode.c
 create mode 100644 nss/lib/pkcs7/p7local.c
 create mode 100644 nss/lib/pkcs7/p7local.h
 create mode 100644 nss/lib/pkcs7/pkcs7.gyp
 create mode 100644 nss/lib/pkcs7/pkcs7t.h
 create mode 100644 nss/lib/pkcs7/secmime.c
 create mode 100644 nss/lib/pkcs7/secmime.h
 create mode 100644 nss/lib/pkcs7/secpkcs7.h
 create mode 100644 nss/lib/pki/Makefile
 create mode 100644 nss/lib/pki/asymmkey.c
 create mode 100644 nss/lib/pki/certdecode.c
 create mode 100644 nss/lib/pki/certificate.c
 create mode 100644 nss/lib/pki/config.mk
 create mode 100644 nss/lib/pki/cryptocontext.c
 create mode 100644 nss/lib/pki/doc/standiag.png
 create mode 100644 nss/lib/pki/doc/standoc.html
 create mode 100644 nss/lib/pki/exports.gyp
 create mode 100644 nss/lib/pki/manifest.mn
 create mode 100644 nss/lib/pki/nsspki.h
 create mode 100644 nss/lib/pki/nsspkit.h
 create mode 100644 nss/lib/pki/pki.gyp
 create mode 100644 nss/lib/pki/pki.h
 create mode 100644 nss/lib/pki/pki3hack.c
 create mode 100644 nss/lib/pki/pki3hack.h
 create mode 100644 nss/lib/pki/pkibase.c
 create mode 100644 nss/lib/pki/pkim.h
 create mode 100644 nss/lib/pki/pkistore.c
 create mode 100644 nss/lib/pki/pkistore.h
 create mode 100644 nss/lib/pki/pkit.h
 create mode 100644 nss/lib/pki/pkitm.h
 create mode 100644 nss/lib/pki/symmkey.c
 create mode 100644 nss/lib/pki/tdcache.c
 create mode 100644 nss/lib/pki/trustdomain.c
 create mode 100644 nss/lib/smime/Makefile
 create mode 100644 nss/lib/smime/cms.h
 create mode 100644 nss/lib/smime/cmsarray.c
 create mode 100644 nss/lib/smime/cmsasn1.c
 create mode 100644 nss/lib/smime/cmsattr.c
 create mode 100644 nss/lib/smime/cmscinfo.c
 create mode 100644 nss/lib/smime/cmscipher.c
 create mode 100644 nss/lib/smime/cmsdecode.c
 create mode 100644 nss/lib/smime/cmsdigdata.c
 create mode 100644 nss/lib/smime/cmsdigest.c
 create mode 100644 nss/lib/smime/cmsencdata.c
 create mode 100644 nss/lib/smime/cmsencode.c
 create mode 100644 nss/lib/smime/cmsenvdata.c
 create mode 100644 nss/lib/smime/cmslocal.h
 create mode 100644 nss/lib/smime/cmsmessage.c
 create mode 100644 nss/lib/smime/cmspubkey.c
 create mode 100644 nss/lib/smime/cmsrecinfo.c
 create mode 100644 nss/lib/smime/cmsreclist.c
 create mode 100644 nss/lib/smime/cmsreclist.h
 create mode 100644 nss/lib/smime/cmssigdata.c
 create mode 100644 nss/lib/smime/cmssiginfo.c
 create mode 100644 nss/lib/smime/cmst.h
 create mode 100644 nss/lib/smime/cmsudf.c
 create mode 100644 nss/lib/smime/cmsutil.c
 create mode 100644 nss/lib/smime/config.mk
 create mode 100644 nss/lib/smime/exports.gyp
 create mode 100644 nss/lib/smime/manifest.mn
 create mode 100644 nss/lib/smime/smime.def
 create mode 100644 nss/lib/smime/smime.gyp
 create mode 100644 nss/lib/smime/smime.h
 create mode 100644 nss/lib/smime/smime.rc
 create mode 100644 nss/lib/smime/smimemessage.c
 create mode 100644 nss/lib/smime/smimesym.c
 create mode 100644 nss/lib/smime/smimeutil.c
 create mode 100644 nss/lib/smime/smimever.c
 create mode 100644 nss/lib/softoken/Makefile
 create mode 100644 nss/lib/softoken/config.mk
 create mode 100644 nss/lib/softoken/exports.gyp
 create mode 100644 nss/lib/softoken/fipsaudt.c
 create mode 100644 nss/lib/softoken/fipstest.c
 create mode 100644 nss/lib/softoken/fipstokn.c
 create mode 100644 nss/lib/softoken/jpakesftk.c
 create mode 100644 nss/lib/softoken/legacydb/Makefile
 create mode 100644 nss/lib/softoken/legacydb/cdbhdl.h
 create mode 100644 nss/lib/softoken/legacydb/config.mk
 create mode 100644 nss/lib/softoken/legacydb/dbmshim.c
 create mode 100644 nss/lib/softoken/legacydb/keydb.c
 create mode 100644 nss/lib/softoken/legacydb/keydbi.h
 create mode 100644 nss/lib/softoken/legacydb/legacydb.gyp
 create mode 100644 nss/lib/softoken/legacydb/lgattr.c
 create mode 100644 nss/lib/softoken/legacydb/lgcreate.c
 create mode 100644 nss/lib/softoken/legacydb/lgdb.h
 create mode 100644 nss/lib/softoken/legacydb/lgdestroy.c
 create mode 100644 nss/lib/softoken/legacydb/lgfind.c
 create mode 100644 nss/lib/softoken/legacydb/lgfips.c
 create mode 100644 nss/lib/softoken/legacydb/lginit.c
 create mode 100644 nss/lib/softoken/legacydb/lgutil.c
 create mode 100644 nss/lib/softoken/legacydb/lowcert.c
 create mode 100644 nss/lib/softoken/legacydb/lowkey.c
 create mode 100644 nss/lib/softoken/legacydb/lowkeyi.h
 create mode 100644 nss/lib/softoken/legacydb/lowkeyti.h
 create mode 100644 nss/lib/softoken/legacydb/manifest.mn
 create mode 100644 nss/lib/softoken/legacydb/nssdbm.def
 create mode 100644 nss/lib/softoken/legacydb/nssdbm.rc
 create mode 100644 nss/lib/softoken/legacydb/pcert.h
 create mode 100644 nss/lib/softoken/legacydb/pcertdb.c
 create mode 100644 nss/lib/softoken/legacydb/pcertt.h
 create mode 100644 nss/lib/softoken/legacydb/pk11db.c
 create mode 100644 nss/lib/softoken/lgglue.c
 create mode 100644 nss/lib/softoken/lgglue.h
 create mode 100644 nss/lib/softoken/lowkey.c
 create mode 100644 nss/lib/softoken/lowkeyi.h
 create mode 100644 nss/lib/softoken/lowkeyti.h
 create mode 100644 nss/lib/softoken/lowpbe.c
 create mode 100644 nss/lib/softoken/lowpbe.h
 create mode 100644 nss/lib/softoken/manifest.mn
 create mode 100644 nss/lib/softoken/padbuf.c
 create mode 100644 nss/lib/softoken/pkcs11.c
 create mode 100644 nss/lib/softoken/pkcs11c.c
 create mode 100644 nss/lib/softoken/pkcs11i.h
 create mode 100644 nss/lib/softoken/pkcs11ni.h
 create mode 100644 nss/lib/softoken/pkcs11u.c
 create mode 100644 nss/lib/softoken/sdb.c
 create mode 100644 nss/lib/softoken/sdb.h
 create mode 100644 nss/lib/softoken/sftkdb.c
 create mode 100644 nss/lib/softoken/sftkdb.h
 create mode 100644 nss/lib/softoken/sftkdbt.h
 create mode 100644 nss/lib/softoken/sftkdbti.h
 create mode 100644 nss/lib/softoken/sftkhmac.c
 create mode 100644 nss/lib/softoken/sftkpars.c
 create mode 100644 nss/lib/softoken/sftkpars.h
 create mode 100644 nss/lib/softoken/sftkpwd.c
 create mode 100644 nss/lib/softoken/softkver.c
 create mode 100644 nss/lib/softoken/softkver.h
 create mode 100644 nss/lib/softoken/softoken.gyp
 create mode 100644 nss/lib/softoken/softoken.h
 create mode 100644 nss/lib/softoken/softokn.def
 create mode 100644 nss/lib/softoken/softokn.rc
 create mode 100644 nss/lib/softoken/softoknt.h
 create mode 100644 nss/lib/softoken/tlsprf.c
 create mode 100644 nss/lib/sqlite/Makefile
 create mode 100644 nss/lib/sqlite/README
 create mode 100644 nss/lib/sqlite/config.mk
 create mode 100644 nss/lib/sqlite/exports.gyp
 create mode 100644 nss/lib/sqlite/manifest.mn
 create mode 100644 nss/lib/sqlite/sqlite.def
 create mode 100644 nss/lib/sqlite/sqlite.gyp
 create mode 100644 nss/lib/sqlite/sqlite3.c
 create mode 100644 nss/lib/sqlite/sqlite3.h
 create mode 100644 nss/lib/ssl/Makefile
 create mode 100644 nss/lib/ssl/SSLerrs.h
 create mode 100644 nss/lib/ssl/authcert.c
 create mode 100644 nss/lib/ssl/cmpcert.c
 create mode 100644 nss/lib/ssl/config.mk
 create mode 100644 nss/lib/ssl/derive.c
 create mode 100644 nss/lib/ssl/dhe-param.c
 create mode 100644 nss/lib/ssl/dtlscon.c
 create mode 100644 nss/lib/ssl/exports.gyp
 create mode 100644 nss/lib/ssl/manifest.mn
 create mode 100644 nss/lib/ssl/notes.txt
 create mode 100644 nss/lib/ssl/os2_err.c
 create mode 100644 nss/lib/ssl/os2_err.h
 create mode 100644 nss/lib/ssl/preenc.h
 create mode 100644 nss/lib/ssl/prelib.c
 create mode 100644 nss/lib/ssl/ssl.def
 create mode 100644 nss/lib/ssl/ssl.gyp
 create mode 100644 nss/lib/ssl/ssl.h
 create mode 100644 nss/lib/ssl/ssl.rc
 create mode 100644 nss/lib/ssl/ssl3con.c
 create mode 100644 nss/lib/ssl/ssl3ecc.c
 create mode 100644 nss/lib/ssl/ssl3ext.c
 create mode 100644 nss/lib/ssl/ssl3ext.h
 create mode 100644 nss/lib/ssl/ssl3exthandle.c
 create mode 100644 nss/lib/ssl/ssl3exthandle.h
 create mode 100644 nss/lib/ssl/ssl3gthr.c
 create mode 100644 nss/lib/ssl/ssl3prot.h
 create mode 100644 nss/lib/ssl/sslauth.c
 create mode 100644 nss/lib/ssl/sslcert.c
 create mode 100644 nss/lib/ssl/sslcert.h
 create mode 100644 nss/lib/ssl/sslcon.c
 create mode 100644 nss/lib/ssl/ssldef.c
 create mode 100644 nss/lib/ssl/sslenum.c
 create mode 100644 nss/lib/ssl/sslerr.c
 create mode 100644 nss/lib/ssl/sslerr.h
 create mode 100644 nss/lib/ssl/sslerrstrs.c
 create mode 100644 nss/lib/ssl/sslgrp.c
 create mode 100644 nss/lib/ssl/sslimpl.h
 create mode 100644 nss/lib/ssl/sslinfo.c
 create mode 100644 nss/lib/ssl/sslinit.c
 create mode 100644 nss/lib/ssl/sslmutex.c
 create mode 100644 nss/lib/ssl/sslmutex.h
 create mode 100644 nss/lib/ssl/sslnonce.c
 create mode 100644 nss/lib/ssl/sslproto.h
 create mode 100644 nss/lib/ssl/sslreveal.c
 create mode 100644 nss/lib/ssl/sslsecur.c
 create mode 100644 nss/lib/ssl/sslsnce.c
 create mode 100644 nss/lib/ssl/sslsock.c
 create mode 100644 nss/lib/ssl/sslt.h
 create mode 100644 nss/lib/ssl/ssltrace.c
 create mode 100644 nss/lib/ssl/sslver.c
 create mode 100644 nss/lib/ssl/tls13con.c
 create mode 100644 nss/lib/ssl/tls13con.h
 create mode 100644 nss/lib/ssl/tls13exthandle.c
 create mode 100644 nss/lib/ssl/tls13exthandle.h
 create mode 100644 nss/lib/ssl/tls13hkdf.c
 create mode 100644 nss/lib/ssl/tls13hkdf.h
 create mode 100644 nss/lib/ssl/tlsproof.c
 create mode 100644 nss/lib/ssl/tlsproof.h
 create mode 100644 nss/lib/ssl/tlsproofstr.h
 create mode 100644 nss/lib/ssl/unix_err.c
 create mode 100644 nss/lib/ssl/unix_err.h
 create mode 100644 nss/lib/ssl/win32err.c
 create mode 100644 nss/lib/ssl/win32err.h
 create mode 100644 nss/lib/sysinit/Makefile
 create mode 100644 nss/lib/sysinit/config.mk
 create mode 100644 nss/lib/sysinit/manifest.mn
 create mode 100644 nss/lib/sysinit/nsssysinit.c
 create mode 100644 nss/lib/sysinit/sysinit.gyp
 create mode 100644 nss/lib/util/Makefile
 create mode 100644 nss/lib/util/SECerrs.h
 create mode 100644 nss/lib/util/base64.h
 create mode 100644 nss/lib/util/ciferfam.h
 create mode 100644 nss/lib/util/config.mk
 create mode 100644 nss/lib/util/derdec.c
 create mode 100644 nss/lib/util/derenc.c
 create mode 100644 nss/lib/util/dersubr.c
 create mode 100644 nss/lib/util/dertime.c
 create mode 100644 nss/lib/util/eccutil.h
 create mode 100644 nss/lib/util/errstrs.c
 create mode 100644 nss/lib/util/exports.gyp
 create mode 100644 nss/lib/util/hasht.h
 create mode 100644 nss/lib/util/manifest.mn
 create mode 100644 nss/lib/util/nssb64.h
 create mode 100644 nss/lib/util/nssb64d.c
 create mode 100644 nss/lib/util/nssb64e.c
 create mode 100644 nss/lib/util/nssb64t.h
 create mode 100644 nss/lib/util/nssilckt.h
 create mode 100644 nss/lib/util/nssilock.c
 create mode 100644 nss/lib/util/nssilock.h
 create mode 100644 nss/lib/util/nsslocks.h
 create mode 100644 nss/lib/util/nssrwlk.c
 create mode 100644 nss/lib/util/nssrwlk.h
 create mode 100644 nss/lib/util/nssrwlkt.h
 create mode 100644 nss/lib/util/nssutil.def
 create mode 100644 nss/lib/util/nssutil.h
 create mode 100644 nss/lib/util/nssutil.rc
 create mode 100644 nss/lib/util/oidstring.c
 create mode 100644 nss/lib/util/pkcs11.h
 create mode 100644 nss/lib/util/pkcs11f.h
 create mode 100644 nss/lib/util/pkcs11n.h
 create mode 100644 nss/lib/util/pkcs11p.h
 create mode 100644 nss/lib/util/pkcs11t.h
 create mode 100644 nss/lib/util/pkcs11u.h
 create mode 100644 nss/lib/util/pkcs1sig.c
 create mode 100644 nss/lib/util/pkcs1sig.h
 create mode 100644 nss/lib/util/portreg.c
 create mode 100644 nss/lib/util/portreg.h
 create mode 100644 nss/lib/util/quickder.c
 create mode 100644 nss/lib/util/secalgid.c
 create mode 100644 nss/lib/util/secasn1.h
 create mode 100644 nss/lib/util/secasn1d.c
 create mode 100644 nss/lib/util/secasn1e.c
 create mode 100644 nss/lib/util/secasn1t.h
 create mode 100644 nss/lib/util/secasn1u.c
 create mode 100644 nss/lib/util/seccomon.h
 create mode 100644 nss/lib/util/secder.h
 create mode 100644 nss/lib/util/secdert.h
 create mode 100644 nss/lib/util/secdig.c
 create mode 100644 nss/lib/util/secdig.h
 create mode 100644 nss/lib/util/secdigt.h
 create mode 100644 nss/lib/util/secerr.h
 create mode 100644 nss/lib/util/secitem.c
 create mode 100644 nss/lib/util/secitem.h
 create mode 100644 nss/lib/util/secload.c
 create mode 100644 nss/lib/util/secoid.c
 create mode 100644 nss/lib/util/secoid.h
 create mode 100644 nss/lib/util/secoidt.h
 create mode 100644 nss/lib/util/secplcy.c
 create mode 100644 nss/lib/util/secplcy.h
 create mode 100644 nss/lib/util/secport.c
 create mode 100644 nss/lib/util/secport.h
 create mode 100644 nss/lib/util/sectime.c
 create mode 100644 nss/lib/util/templates.c
 create mode 100644 nss/lib/util/utf8.c
 create mode 100644 nss/lib/util/util.gyp
 create mode 100644 nss/lib/util/utilmod.c
 create mode 100644 nss/lib/util/utilmodt.h
 create mode 100644 nss/lib/util/utilpars.c
 create mode 100644 nss/lib/util/utilpars.h
 create mode 100644 nss/lib/util/utilparst.h
 create mode 100644 nss/lib/util/utilrename.h
 create mode 100644 nss/lib/util/verref.h
 create mode 100644 nss/lib/zlib/Makefile
 create mode 100644 nss/lib/zlib/README
 create mode 100644 nss/lib/zlib/README.nss
 create mode 100644 nss/lib/zlib/adler32.c
 create mode 100644 nss/lib/zlib/compress.c
 create mode 100644 nss/lib/zlib/config.mk
 create mode 100644 nss/lib/zlib/crc32.c
 create mode 100644 nss/lib/zlib/crc32.h
 create mode 100644 nss/lib/zlib/deflate.c
 create mode 100644 nss/lib/zlib/deflate.h
 create mode 100644 nss/lib/zlib/example.c
 create mode 100644 nss/lib/zlib/exports.gyp
 create mode 100644 nss/lib/zlib/gzclose.c
 create mode 100644 nss/lib/zlib/gzguts.h
 create mode 100644 nss/lib/zlib/gzlib.c
 create mode 100644 nss/lib/zlib/gzread.c
 create mode 100644 nss/lib/zlib/gzwrite.c
 create mode 100644 nss/lib/zlib/infback.c
 create mode 100644 nss/lib/zlib/inffast.c
 create mode 100644 nss/lib/zlib/inffast.h
 create mode 100644 nss/lib/zlib/inffixed.h
 create mode 100644 nss/lib/zlib/inflate.c
 create mode 100644 nss/lib/zlib/inflate.h
 create mode 100644 nss/lib/zlib/inftrees.c
 create mode 100644 nss/lib/zlib/inftrees.h
 create mode 100644 nss/lib/zlib/manifest.mn
 create mode 100644 nss/lib/zlib/minigzip.c
 create mode 100644 nss/lib/zlib/patches/prune-zlib.sh
 create mode 100644 nss/lib/zlib/trees.c
 create mode 100644 nss/lib/zlib/trees.h
 create mode 100644 nss/lib/zlib/uncompr.c
 create mode 100644 nss/lib/zlib/zconf.h
 create mode 100644 nss/lib/zlib/zlib.gyp
 create mode 100644 nss/lib/zlib/zlib.h
 create mode 100644 nss/lib/zlib/zutil.c
 create mode 100644 nss/lib/zlib/zutil.h
 create mode 100644 nss/manifest.mn
 create mode 100644 nss/nss-tool/.clang-format
 create mode 100644 nss/nss-tool/common/argparse.cc
 create mode 100644 nss/nss-tool/common/argparse.h
 create mode 100644 nss/nss-tool/common/util.cc
 create mode 100644 nss/nss-tool/common/util.h
 create mode 100644 nss/nss-tool/db/dbtool.cc
 create mode 100644 nss/nss-tool/db/dbtool.h
 create mode 100644 nss/nss-tool/nss_tool.cc
 create mode 100644 nss/nss-tool/nss_tool.gyp
 create mode 100644 nss/nss.gyp
 create mode 100644 nss/pkg/Makefile
 create mode 100644 nss/pkg/linux/Makefile
 create mode 100644 nss/pkg/linux/sun-nss.spec
 create mode 100644 nss/pkg/pkg-config/nss-config.in
 create mode 100644 nss/pkg/pkg-config/nss.pc.in
 create mode 100644 nss/pkg/solaris/Makefile
 create mode 100755 nss/pkg/solaris/Makefile-devl.com
 create mode 100755 nss/pkg/solaris/Makefile-devl.targ
 create mode 100755 nss/pkg/solaris/Makefile-tlsu.com
 create mode 100755 nss/pkg/solaris/Makefile-tlsu.targ
 create mode 100644 nss/pkg/solaris/Makefile.com
 create mode 100644 nss/pkg/solaris/Makefile.targ
 create mode 100644 nss/pkg/solaris/SUNWtls/Makefile
 create mode 100644 nss/pkg/solaris/SUNWtls/pkgdepend
 create mode 100644 nss/pkg/solaris/SUNWtls/pkginfo.tmpl
 create mode 100644 nss/pkg/solaris/SUNWtls/prototype_com
 create mode 100644 nss/pkg/solaris/SUNWtls/prototype_i386
 create mode 100644 nss/pkg/solaris/SUNWtls/prototype_sparc
 create mode 100755 nss/pkg/solaris/SUNWtlsd/Makefile
 create mode 100755 nss/pkg/solaris/SUNWtlsd/pkgdepend
 create mode 100755 nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl
 create mode 100755 nss/pkg/solaris/SUNWtlsd/prototype
 create mode 100755 nss/pkg/solaris/SUNWtlsu/Makefile
 create mode 100755 nss/pkg/solaris/SUNWtlsu/pkgdepend
 create mode 100755 nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl
 create mode 100755 nss/pkg/solaris/SUNWtlsu/prototype_com
 create mode 100644 nss/pkg/solaris/SUNWtlsu/prototype_i386
 create mode 100644 nss/pkg/solaris/SUNWtlsu/prototype_sparc
 create mode 100644 nss/pkg/solaris/bld_awk_pkginfo.ksh
 create mode 100644 nss/pkg/solaris/common_files/copyright
 create mode 100644 nss/pkg/solaris/proto64.mk
 create mode 100644 nss/readme.md
 create mode 100644 nss/tests/README.txt
 create mode 100755 nss/tests/all.sh
 create mode 100755 nss/tests/bogo/bogo.sh
 create mode 100755 nss/tests/cert/cert.sh
 create mode 100644 nss/tests/cert/certext.txt
 create mode 100755 nss/tests/chains/chains.sh
 create mode 100755 nss/tests/chains/ocspd-config/ocspd-certs.sh
 create mode 100644 nss/tests/chains/ocspd-config/ocspd.conf.template
 create mode 100644 nss/tests/chains/ocspd-config/readme
 create mode 100644 nss/tests/chains/scenarios/aia.cfg
 create mode 100644 nss/tests/chains/scenarios/anypolicy.cfg
 create mode 100644 nss/tests/chains/scenarios/anypolicywithlevel.cfg
 create mode 100644 nss/tests/chains/scenarios/bridge.cfg
 create mode 100644 nss/tests/chains/scenarios/bridgewithaia.cfg
 create mode 100644 nss/tests/chains/scenarios/bridgewithhalfaia.cfg
 create mode 100644 nss/tests/chains/scenarios/bridgewithpolicyextensionandmapping.cfg
 create mode 100644 nss/tests/chains/scenarios/crldp.cfg
 create mode 100644 nss/tests/chains/scenarios/dsa.cfg
 create mode 100644 nss/tests/chains/scenarios/explicitPolicy.cfg
 create mode 100644 nss/tests/chains/scenarios/extension.cfg
 create mode 100644 nss/tests/chains/scenarios/extension2.cfg
 create mode 100644 nss/tests/chains/scenarios/mapping.cfg
 create mode 100644 nss/tests/chains/scenarios/mapping2.cfg
 create mode 100644 nss/tests/chains/scenarios/megabridge_3_2.cfg
 create mode 100644 nss/tests/chains/scenarios/method.cfg
 create mode 100644 nss/tests/chains/scenarios/nameconstraints.cfg
 create mode 100644 nss/tests/chains/scenarios/ocsp.cfg
 create mode 100644 nss/tests/chains/scenarios/ocspd.cfg
 create mode 100644 nss/tests/chains/scenarios/realcerts.cfg
 create mode 100644 nss/tests/chains/scenarios/revoc.cfg
 create mode 100644 nss/tests/chains/scenarios/scenarios
 create mode 100644 nss/tests/chains/scenarios/trustanchors.cfg
 create mode 100755 nss/tests/cipher/cipher.sh
 create mode 100644 nss/tests/cipher/cipher.txt
 create mode 100644 nss/tests/cipher/dsa.txt
 create mode 100644 nss/tests/cipher/gcm.txt
 create mode 100644 nss/tests/cipher/hash.txt
 create mode 100755 nss/tests/cipher/performance.sh
 create mode 100644 nss/tests/cipher/rsa.txt
 create mode 100644 nss/tests/cipher/symmkey.txt
 create mode 100755 nss/tests/clean_tbx
 create mode 100644 nss/tests/cmdtests/cmdtests.sh
 create mode 100644 nss/tests/common/Makefile
 create mode 100755 nss/tests/common/cleanup.sh
 create mode 100644 nss/tests/common/init.sh
 create mode 100644 nss/tests/common/parsegtestreport.sed
 create mode 100644 nss/tests/common/results_header.html
 create mode 100755 nss/tests/core_watch
 create mode 100644 nss/tests/crmf/crmf.sh
 create mode 100755 nss/tests/dbtests/dbtests.sh
 create mode 100755 nss/tests/dbupgrade/dbupgrade.sh
 create mode 100755 nss/tests/dll_version.sh
 create mode 100644 nss/tests/doc/clean.gif
 create mode 100755 nss/tests/doc/nssqa.txt
 create mode 100644 nss/tests/doc/platform_specific_problems
 create mode 100755 nss/tests/doc/qa_wrapper.html
 create mode 100644 nss/tests/dummy/dummy.sh
 create mode 100755 nss/tests/ec/ec.sh
 create mode 100755 nss/tests/ec/ecperf.sh
 create mode 100644 nss/tests/ec/ectest.sh
 create mode 100755 nss/tests/fips/fips.sh
 create mode 100755 nss/tests/gtests/gtests.sh
 create mode 100644 nss/tests/header
 create mode 100755 nss/tests/interop/interop.sh
 create mode 100644 nss/tests/iopr/cert_iopr.sh
 create mode 100644 nss/tests/iopr/ocsp_iopr.sh
 create mode 100644 nss/tests/iopr/server_scr/apache_unix.cfg
 create mode 100644 nss/tests/iopr/server_scr/cert_gen.sh
 create mode 100644 nss/tests/iopr/server_scr/cipher.list
 create mode 100644 nss/tests/iopr/server_scr/client.cgi
 create mode 100644 nss/tests/iopr/server_scr/config
 create mode 100644 nss/tests/iopr/server_scr/iis_windows.cfg
 create mode 100644 nss/tests/iopr/server_scr/iopr_server.cfg
 create mode 100644 nss/tests/iopr/server_scr/sslreq.dat
 create mode 100644 nss/tests/iopr/ssl_iopr.sh
 create mode 100755 nss/tests/jss_dll_version.sh
 create mode 100755 nss/tests/jssdir
 create mode 100755 nss/tests/jssqa
 create mode 100644 nss/tests/libpkix/cert_trust.map
 create mode 100644 nss/tests/libpkix/certs/BrAirWaysBadSig.cert
 create mode 100755 nss/tests/libpkix/certs/CertificatePoliciesCritical.crt
 create mode 100644 nss/tests/libpkix/certs/GoodCACert.crt
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.ca.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.intermediate.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.intermediate2.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.intermediate3.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.intermediate4.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.intermediate5.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.intermediate6.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.ncca.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server1.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server10.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server11.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server12.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server13.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server14.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server15.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server16.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server17.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server2.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server3.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server4.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server5.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server6.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server7.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server8.cert
 create mode 100644 nss/tests/libpkix/certs/NameConstraints.server9.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPCA1.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPCA1.p12
 create mode 100644 nss/tests/libpkix/certs/OCSPCA2.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPCA2.p12
 create mode 100644 nss/tests/libpkix/certs/OCSPCA3.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPCA3.p12
 create mode 100644 nss/tests/libpkix/certs/OCSPEE11.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE12.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE13.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE14.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE15.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE21.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE22.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE23.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE31.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE32.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPEE33.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPRoot.cert
 create mode 100644 nss/tests/libpkix/certs/OCSPRoot.p12
 create mode 100644 nss/tests/libpkix/certs/PayPalEE.cert
 create mode 100644 nss/tests/libpkix/certs/PayPalICA.cert
 create mode 100644 nss/tests/libpkix/certs/PayPalRootCA.cert
 create mode 100644 nss/tests/libpkix/certs/TestCA.ca.cert
 create mode 100644 nss/tests/libpkix/certs/TestUser50.cert
 create mode 100644 nss/tests/libpkix/certs/TestUser51.cert
 create mode 100644 nss/tests/libpkix/certs/TrustAnchorRootCertificate.crt
 create mode 100644 nss/tests/libpkix/certs/ValidCertificatePathTest1EE.crt
 create mode 100755 nss/tests/libpkix/certs/anchor2dsa
 create mode 100755 nss/tests/libpkix/certs/crldiff.crl
 create mode 100755 nss/tests/libpkix/certs/crlgood.crl
 create mode 100755 nss/tests/libpkix/certs/extKeyUsage/codeSigningEKUCert
 create mode 100755 nss/tests/libpkix/certs/extKeyUsage/multiEKUCert
 create mode 100755 nss/tests/libpkix/certs/extKeyUsage/noEKUCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameDnCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameDnCert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameDnsCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameDnsCert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameEdiCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameEdiCert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameIpCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameIpCert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameNoneCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameOidCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameOidCert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameOtherCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameOtherCert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameRfc822Cert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameRfc822Cert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameRfc822DnsCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameUriCert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameUriCert_diff
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameX400Cert
 create mode 100755 nss/tests/libpkix/certs/generalName/altNameX400Cert_diff
 create mode 100755 nss/tests/libpkix/certs/hanfeiyu2hanfeiyu
 create mode 100755 nss/tests/libpkix/certs/hy2hc-bc
 create mode 100755 nss/tests/libpkix/certs/hy2hy-bc0
 create mode 100755 nss/tests/libpkix/certs/issuer-hanfei.crl
 create mode 100755 nss/tests/libpkix/certs/issuer-none.crl
 create mode 100755 nss/tests/libpkix/certs/keyIdentifier/authKeyIDCert
 create mode 100755 nss/tests/libpkix/certs/keyIdentifier/subjKeyIDCert
 create mode 100755 nss/tests/libpkix/certs/keyUsage/decipherOnlyCert
 create mode 100755 nss/tests/libpkix/certs/keyUsage/encipherOnlyCert
 create mode 100755 nss/tests/libpkix/certs/keyUsage/multiKeyUsagesCert
 create mode 100755 nss/tests/libpkix/certs/keyUsage/noKeyUsagesCert
 create mode 100755 nss/tests/libpkix/certs/make-ca-u50-u51
 create mode 100755 nss/tests/libpkix/certs/make-nc
 create mode 100755 nss/tests/libpkix/certs/noExtensionsCert
 create mode 100755 nss/tests/libpkix/certs/nss2alice
 create mode 100755 nss/tests/libpkix/certs/publicKey/dsaWithParams
 create mode 100755 nss/tests/libpkix/certs/publicKey/dsaWithoutParams
 create mode 100755 nss/tests/libpkix/certs/publicKey/labs2yassir
 create mode 100755 nss/tests/libpkix/certs/publicKey/yassir2labs
 create mode 100755 nss/tests/libpkix/certs/sun2sun
 create mode 100755 nss/tests/libpkix/certs/yassir2bcn
 create mode 100755 nss/tests/libpkix/certs/yassir2yassir
 create mode 100644 nss/tests/libpkix/common/libpkix_init.sh
 create mode 100644 nss/tests/libpkix/common/libpkix_init_nist.sh
 create mode 100755 nss/tests/libpkix/libpkix.sh
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/cert8.db
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/key3.db
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/crldiff.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/crlgood.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/issuer-hanfei.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/issuer-none.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_all.crt
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_allbutcodesigningEE.crt
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_clientauth.crt
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_clientauthEE.crt
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_codesigning_clientauth.crt
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/runPLTests.sh
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/module/secmod.db
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/README
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/crldiff.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/crlgood.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/issuer-hanfei.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/issuer-none.crl
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/pki/runPLTests.sh
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/runPLTests.sh
 create mode 100755 nss/tests/libpkix/pkix_pl_tests/system/runPLTests.sh
 create mode 100755 nss/tests/libpkix/pkix_tests/certsel/keyUsage
 create mode 100755 nss/tests/libpkix/pkix_tests/certsel/runTests.sh
 create mode 100755 nss/tests/libpkix/pkix_tests/checker/runTests.sh
 create mode 100755 nss/tests/libpkix/pkix_tests/crlsel/runTests.sh
 create mode 100755 nss/tests/libpkix/pkix_tests/params/runTests.sh
 create mode 100755 nss/tests/libpkix/pkix_tests/results/runTests.sh
 create mode 100755 nss/tests/libpkix/pkix_tests/runTests.sh
 create mode 100755 nss/tests/libpkix/pkix_tests/store/runTests.sh
 create mode 100644 nss/tests/libpkix/pkix_tests/top/anchorcert.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/greg.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/greg2yassir_badsig.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2labs.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/labs.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/labs2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/yassir.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/yassir2hanfei.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/greg.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/greg2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2labs.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/labs.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/labs2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/yassir.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/yassir2hanfei.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/greg.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/greg2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2labs.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/labs.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/labs2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/yassir.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/yassir2hanfei.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/greg.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/greg2yassir_badsig.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/yassir.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/yassir2hanfei.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/greg.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/greg2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/yassir.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/yassir2hanfei.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test1/greg2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2labs.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test1/labs2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test1/yassir2hanfei.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test1/yassir2richard.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2labs.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test2/labs2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test2/nelson2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test2/yassir2hanfei.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test2/yassir2richard.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2greg.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2jes.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2labs.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test3/labs2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test3/nelson2yassir.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/build_data/test3/yassir2hanfei.crt
 create mode 100644 nss/tests/libpkix/pkix_tests/top/cert8.db
 create mode 100644 nss/tests/libpkix/pkix_tests/top/goodcert.crt
 create mode 100644 nss/tests/libpkix/pkix_tests/top/key3.db
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/chem.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/chem2prof.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/phy2prof.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/phys.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/prof.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/prof2test.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci.crl
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2chem.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2phy.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2sci.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/test.crl
 create mode 100644 nss/tests/libpkix/pkix_tests/top/revokedcert.crt
 create mode 100755 nss/tests/libpkix/pkix_tests/top/runTests.sh
 create mode 100644 nss/tests/libpkix/pkix_tests/top/secmod.db
 create mode 100755 nss/tests/libpkix/pkix_tests/util/runTests.sh
 create mode 100755 nss/tests/libpkix/runTests.sh
 create mode 100755 nss/tests/libpkix/sample_apps/README
 create mode 100755 nss/tests/libpkix/sample_apps/cert8.db
 create mode 100755 nss/tests/libpkix/sample_apps/key3.db
 create mode 100755 nss/tests/libpkix/sample_apps/runPerf.sh
 create mode 100755 nss/tests/libpkix/sample_apps/secmod.db
 create mode 100644 nss/tests/libpkix/vfychain_test.lst
 create mode 100644 nss/tests/lowhash/lowhash.sh
 create mode 100644 nss/tests/memleak/ignored
 create mode 100755 nss/tests/memleak/memleak.sh
 create mode 100644 nss/tests/memleak/sslreq.dat
 create mode 100755 nss/tests/merge/merge.sh
 create mode 100755 nss/tests/mksymlinks
 create mode 100644 nss/tests/mpi/mpi.sh
 create mode 100755 nss/tests/multinit/multinit.sh
 create mode 100644 nss/tests/multinit/multinit.txt
 create mode 100755 nss/tests/nssdir
 create mode 100755 nss/tests/nsspath
 create mode 100755 nss/tests/nssqa
 create mode 100644 nss/tests/ocsp/ocsp.sh
 create mode 100755 nss/tests/path_uniq
 create mode 100755 nss/tests/perf/perf.sh
 create mode 100644 nss/tests/pkcs11/netscape/suites/security/ssl/cert7.db
 create mode 100644 nss/tests/pkcs11/netscape/suites/security/ssl/key3.db
 create mode 100755 nss/tests/pkits/pkits.sh
 create mode 100644 nss/tests/platformlist
 create mode 100644 nss/tests/platformlist.tbx
 create mode 100755 nss/tests/qa_stage
 create mode 100755 nss/tests/qa_stat
 create mode 100755 nss/tests/qaclean
 create mode 100644 nss/tests/remote/Makefile
 create mode 100644 nss/tests/remote/manifest.mn
 create mode 100755 nss/tests/run_niscc.sh
 create mode 100755 nss/tests/sdr/sdr.sh
 create mode 100644 nss/tests/set_environment
 create mode 100644 nss/tests/smime/alice.txt
 create mode 100644 nss/tests/smime/bob.txt
 create mode 100755 nss/tests/smime/smime.sh
 create mode 100755 nss/tests/ssl/ssl.sh
 create mode 100755 nss/tests/ssl/ssl_dist_stress.sh
 create mode 100644 nss/tests/ssl/sslauth.txt
 create mode 100644 nss/tests/ssl/sslcov.txt
 create mode 100644 nss/tests/ssl/sslpolicy.txt
 create mode 100644 nss/tests/ssl/sslreq.dat
 create mode 100644 nss/tests/ssl/sslreq.txt
 create mode 100644 nss/tests/ssl/sslstress.txt
 create mode 100755 nss/tests/ssl_gtests/ssl_gtests.sh
 create mode 100644 nss/tests/tools/sign.html
 create mode 100644 nss/tests/tools/signjs.html
 create mode 100644 nss/tests/tools/tools.sh
 create mode 100755 nss/trademarks.txt

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..244ef3f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,30 @@
+# TLS-N implementation for NSS 
+
+This is the prototype [TLS-N](https://tls-n.org) implementation based on Mozilla's [NSS](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS) library. 
+
+## Main Library
+The main library file can be found inside (nss/lib/ssl/tlsproof.c). Here the most important functions are:
+
+``` tlsproof_addMessageToProof ```
+This function adds a record to the evidence calculation.
+
+``` SSL_TLSProofRequestProof ```
+The requester calls this function to trigger the evidence request.
+
+``` tlsproof_handleMessageRequest ```
+The function used by the generator to finalize the evidence.
+
+``` tlsproof_handleMessageResponse ```
+Uses the supplied evidence to create a proof according to the user's wishes.
+
+``` SSL_TLSProofCheckProof ```
+Verifies a given proof. 
+
+### Test Applications
+We have also provided multiple test applications, such as:
+* A standalone [verifier](nss/cmd/verifier) that verifies proofs.
+* A [client](nss/cmd/randtrafficClient) and [server](randtrafficServer) application to test TLS-N with a specified amount of random traffic.
+* A [bechmarking](nss/cmd/benchmark) app for TLS-N.
+
+#### Test-CA
+For testing purposes we provide a Test CA with a test certiface for ```tls-n.testserver```. The certificate store has an empty password. You have to resolve this hostname accordingly in DNS.
diff --git a/ca/cert_creation.sh b/ca/cert_creation.sh
new file mode 100644
index 0000000..2e283d0
--- /dev/null
+++ b/ca/cert_creation.sh
@@ -0,0 +1,20 @@
+ps -ef > noise.txt
+date >> noise.txt
+mkdir server_db
+cd server_db
+certutil -N --empty-password -d .
+echo -e "5\n6\n7\ny\ny\n\ny\n" | certutil -S -s "CN=TLS-N Root CA"  -k ec -q secp256r1  -n tlsproofca -x -t "C,C,C" -1 -2 -d . -z ../noise.txt # 5,6,7,y,y,,y
+ps -ef > ../noise.txt
+date >> ../noise.txt
+date "+%N" >> ../noise.txt
+certutil -R -k ec -q secp256r1 -s "CN=tls-n.testserver,O=TLS-N,C=NN" -d . -u V -a -f pwd.txt -o cert.req -z ../noise.txt
+openssl req -in cert.req -out cert.req2 -outform DER
+certutil -C -i cert.req2 -o server.crt -c tlsproofca -f pwd.txt -d .
+certutil -A -n tlsproofserver.com -t "u,u,u" -i server.crt -f pwd.txt -d .
+cd ..
+mkdir client_db
+cp server_db/* client_db
+cd client_db
+certutil -D -d . -f pwd.txt -n tls-n.testserver
+cd ..
+
diff --git a/ca/client_db/cert.req b/ca/client_db/cert.req
new file mode 100644
index 0000000..39fe947
--- /dev/null
+++ b/ca/client_db/cert.req
@@ -0,0 +1,18 @@
+
+Certificate request generated by Netscape certutil
+Phone: (not specified)
+
+Common Name: tls-n.testserver
+Email: (not specified)
+Organization: TLS-N
+State: (not specified)
+Country: NN
+
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIH0MIGaAgEAMDgxCzAJBgNVBAYTAk5OMQ4wDAYDVQQKEwVUTFMtTjEZMBcGA1UE
+AxMQdGxzLW4udGVzdHNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKTR
+iNOt2VpeI+llhXEmHXzmAvuhv/OmnbPsDkfI+/HO3EJUVv1E/ad6UWPm/7cSAm20
+BsVLe95KJ42mPvKMgxWgADAKBggqhkjOPQQDAgNJADBGAiEAwG4kqlSisqkKl1St
+nsBYQYKNPIXD/W0tx3pworFZt+MCIQDn72ZDAAmqs3rH/+ScIT934Z0Vcc4J9kpc
+C4IdQnqXeQ==
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/ca/client_db/cert.req2 b/ca/client_db/cert.req2
new file mode 100644
index 0000000000000000000000000000000000000000..931eda0c8a70ef10383f0e0304270bbdc3018708
GIT binary patch
literal 247
zcmXqL{9@2Ji;0oJz`~H*fRl|ml!Z;0$<NP_&wvNS;Sy#I@d?)TGn6zC2l1JO1xj*?
zb@TK}Qj1H9Q;W({iwq(SgxT1&+C0wLGBL7ofEmn;?95IKEK4qSTwZ%KDo*)jYHOjI
zY|S&K-wXGDUN(308$S0FzdxS4;}jD1*X8f>s=(xD|F;V<<!)g+>Ro-$OTBlQ-KU;r
z(FF_!Tu>8Pn3<S884TQ*6d4ZWsjLcFv}q;R^pLgl4n#OM_1d%^{+p|NysBW)#>nlD
ofl8jgPjhDAT(!CC`2Qz!6z$6&&J`^@$N9}GhPz4DscL#907IEu$p8QV

literal 0
HcmV?d00001

diff --git a/ca/client_db/cert8.db b/ca/client_db/cert8.db
new file mode 100644
index 0000000000000000000000000000000000000000..20deb33a9a72b08b2bff61a61640aeccab3b3d90
GIT binary patch
literal 65536
zcmeI)eN0tl9KiACoO8MN%ByuDEuv&N%M$k-Fe?L&m{2N1LnLy|rgzuT6mDMbSVNhi
z=Bn9Zy4L1P<urVmkS}bObC_;zOoq-HVJy;WLrq&oOl^*C&$$<sKZKfNuFdbcd-j~?
zJm)#jb3VU&{`@_{nY2&{p$p;oMu@5ERKyFRsmd<G-G8F`!xxNj9qtk?`~1U-nqO3H
zAND<Vx$B2JvYxv>FB2kw00IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@2q1s}
z0tg_000IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@2p}+A0uFK2>b1VKs;#A}
zgg6jD009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**
z5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q58#1l)!Yn(zn_Tw3`?!0%sN=?hf(0u#Od
zav>g7`Te`wHYLi@<^wX(Y0PsNp19(Ix#@*tiv0fInCEj1`HUGON7!9Xk6u`4#>-f{
z5$%Zz-)BB3M@7bsR1>6EObq%egOMrR>ft56K;`TH3K1=Ot#<2>wc7GpTFy_|E3(S6
z#%Cp{GF&?h@EimXKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009IL
zKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1P~Z@0k<y1lsnHk)^C&L?AC;sYX7u6
z;gPGfTv>bWQ$yEuJt~s?9PM;JvG&Ci*$zV=JP}$xGAhn|TCGfGm>HAJN%QTdY2Iw!
z`I_Y`(&Kc6SD<VCOEEN;F-<tOpL*xphVSPuNW0*Bd)c^@72W#vtw;W>-*Vtm{0lAD
z|2Xl(wBnM!>3ut@U-EW`4&JYqH#xtawfx7KkG)@?)3a`Mk{s}A#tb3z^;B^&I5P92
zu_gDdFK8}a)>!}Q&dk}rHoy5>ZowxN-5>8;oUCs7>SXEmswdC49-cR4^R+!)2da;L
z*V^H#E~?vKFrnjgTgq*awSUPYw}Vh>|FoGRMg<{X)?T_5gpC~oSNb1=@YJM?fkCjF
zLyR08xjjGc_^vsnH8Zj<znuJYY-(rX-$&PlGCHq(-t*dX#-8=9zwawNQWMzro_BK9
z@vUn&<m|}Y{BYNzXN}(MMQ3|2%-xnIQ)Plmf=}^iTF4P44OPi_`$B?!LH(^X=fL;7
z5sCJ)#^g<|^p?{L>O$kzc>j9q-MaFg4<28+q^hVhF|IbGBGK^0v9^`x8mBjPwS0E@
zd|uj_mcy}Sp<{8&_ck{)r5sGU5ee@?mE^y>O*syl$sgGWAm-La0BTJC1^`11GlqDg
z`c@wry!+<2s3z*W$97%dbrC=S0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**
x5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5cod|`~#|^N|yit

literal 0
HcmV?d00001

diff --git a/ca/client_db/key3.db b/ca/client_db/key3.db
new file mode 100644
index 0000000000000000000000000000000000000000..00ad06f85e8e1705911bed599d036873fdf7dcc1
GIT binary patch
literal 16384
zcmeI%TQJm77y$6IH*I$N|C@%2B9}-?s5Da{H7lY?JLHl{?QW>CELP;QE?Guq8Iht^
zle>~>iqs@zbXnExh$&;Ii#y9sF6m-6v`Y`Y^w0xMGv7CJ=KJQHGv}Q7J$?siXtNMP
zM1;s~2rXBYh>j3JmDB@Ke-*0rxe3x-o?Ai`b)6d`=v8HPsQ0MHq6c;UJ&S%XTnGXn
z00JNY0w4eaAOHd&00JNY0{@Eu6;0va@nO6cuf#9oo_IDEhh<~45Fh{oAOHd&00JNY
z0w4eaAOHd&u)qQ&)km{cQoWU#2F*OxIrZBz0-Zu2S?Q3q>^3T+<h1YlIb0`WS;fH;
zK@V<0BoN3+S$$L1(NCm?#{GFhOJj!vW3IJ3gaMaurdDb51?|1UL7qfYQA79c&aDez
zJoeR;<{EX^5wUe^qMGt;&USCVI#ky`!}bgIaHHOq?BQASeU!dl<2qs2uiUjvOf4>!
z-7@%8{3E|>pGEShUTY$2;woK~Y@2D;Ttv(071T$I6MQ?d6D~ol)#t_zwfJzG$tADT
z+N(N``WegpQ^HL3;s%Jy!p6^K1=R}7NunH=zT4;FIn9_Zk705KX78^c2G?jjb&dVt
zvLU0)enOP2?Ob3Ic&xPbGjCMJZ>m4qAvk7N6v*YVSzHS~iyJ}GA|!5!SRNV6(aobg
z!&@Isni)`prs#Jun~u%bK2?kA+Pid2UcDU-3uW>7QM~Yz7MxT5oFI~?e>nd%FNBC1
zaV0j6DY5^hV*&330T2KI5C8!X009sH0T2KI5CDO{68LkY;hgYZ?6=I=CcDVWiK_e}
z@6BE=E%S|rGwJc64A!R5gPccC<I~E|U$j>YG*J7v>)ld<obGm9EMPu26<YUH*hc$N
zJ9Qss%}7IxvKpS8bu^dsH>Z>-8b$)$Xzm|J%+fPUhn5cdR~QX45mPRH5EGe}5K*zJ
zJ%yHYijhGVKV~^s(RbA-dQP;A4DI)0B!(=x;9#VG<h0|L7@7S_bDx(tJG$Gv$#3>M
zzPNGNTX4X3%xg^#-B6}A(<GYRD*JkS;`naTt?ZYhcMdfQ!i&>6J0f2crsmj}ZxgS5
s&)!Lzv}1Qo%H5|IxSIpVg8&GC00@8p2!H?xfB*=900@8p2>g42pQWadM*si-

literal 0
HcmV?d00001

diff --git a/ca/client_db/secmod.db b/ca/client_db/secmod.db
new file mode 100644
index 0000000000000000000000000000000000000000..b6e81ca751dff9ba46a094715f7b4f507fbc7a6c
GIT binary patch
literal 16384
zcmeI&u}Z^07{Kw*R!RqnE^Z<R4!0Hh0Ga9{MJdD=h{?5t#-yYv=-^{G3O<vYlS6zB
zsh3=f7Qw-x6#0K}+}(GV?=HXjq;njKNK0h@MdZj1<v?W5c6F2PYGBu!M7!ymCAaA@
zd#G%#j(ShswjNz~pRJ$Efe0Xg00IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@
z2<(bLOWqGF@71fkUAYnWKmY**5I_I{1Q0*~0R#|0;BNvQQS!F&Mto=s#kRTR$yE@j
zi>x$77N%-690cmD-&dD;yhx4R^%UjVIGMyr;p?7OktxbiVaCawueF+*`>)B|M7MeD
zYuESU8?DA^IGOuuF^j{}G$r(EGT5l&HVnU4bE(AETYqw$Pfd1i=24N%$|TR~755JR
nxxMu5RZngE5x@Q3$C5w*0R#|0009ILKmY**5I_Kd|1R(eN?b*1

literal 0
HcmV?d00001

diff --git a/ca/client_db/server.crt b/ca/client_db/server.crt
new file mode 100644
index 0000000000000000000000000000000000000000..55a697de4dd0f14e2c2bc165d75881be0d4a6060
GIT binary patch
literal 325
zcmXqLVstcUe7=C0iIItkm0{J{*&+s9Y#dr`9_MUXn3)VD48;sY*qB3En1y*me1diT
z6oT^eOB9?P4dldm4b2TK3=ND7jm!*9qCi|jLpT>G!)?F`(#a;w<mYF|XTSsEa0#=5
zjWLuo5Qi8mP?A%uo2OTjT3k|`T2z)=WDsc}%*GCO0TUzCDa?%Q%uWm}OD=X?UVAet
zPWfeOYoVHK%`>Lo3-^CsHh1$IKKB#9Kc2he6cYB=<?r&Uz~pEDw+k`lZecs>U473>
zy?2@2r=Dg}WUn!MG8niqDKfk+5ip*v5+*pwXJ1I+x@9pdjQwBjt9a|^Ge7Uyyp3tn
pKqUvxM=UAResOwFsMVYwYwm8YI(Y5$b@r;D37dR$uHQH-3jmk5Y~BC>

literal 0
HcmV?d00001

diff --git a/ca/noise.txt b/ca/noise.txt
new file mode 100644
index 0000000..167604b
--- /dev/null
+++ b/ca/noise.txt
@@ -0,0 +1,250 @@
+UID        PID  PPID  C STIME TTY          TIME CMD
+root         1     0  0 Jul21 ?        00:00:25 /sbin/init
+root         2     0  0 Jul21 ?        00:00:00 [kthreadd]
+root         4     2  0 Jul21 ?        00:00:00 [kworker/0:0H]
+root         6     2  0 Jul21 ?        00:00:00 [mm_percpu_wq]
+root         7     2  0 Jul21 ?        00:00:36 [ksoftirqd/0]
+root         8     2  0 Jul21 ?        00:10:34 [rcu_preempt]
+root         9     2  0 Jul21 ?        00:00:00 [rcu_sched]
+root        10     2  0 Jul21 ?        00:00:00 [rcu_bh]
+root        11     2  0 Jul21 ?        00:00:01 [migration/0]
+root        12     2  0 Jul21 ?        00:00:06 [watchdog/0]
+root        13     2  0 Jul21 ?        00:00:00 [cpuhp/0]
+root        14     2  0 Jul21 ?        00:00:00 [cpuhp/1]
+root        15     2  0 Jul21 ?        00:00:05 [watchdog/1]
+root        16     2  0 Jul21 ?        00:00:01 [migration/1]
+root        17     2  0 Jul21 ?        00:00:03 [ksoftirqd/1]
+root        19     2  0 Jul21 ?        00:00:00 [kworker/1:0H]
+root        20     2  0 Jul21 ?        00:00:00 [cpuhp/2]
+root        21     2  0 Jul21 ?        00:00:06 [watchdog/2]
+root        22     2  0 Jul21 ?        00:00:01 [migration/2]
+root        23     2  0 Jul21 ?        00:00:03 [ksoftirqd/2]
+root        25     2  0 Jul21 ?        00:00:00 [kworker/2:0H]
+root        26     2  0 Jul21 ?        00:00:00 [cpuhp/3]
+root        27     2  0 Jul21 ?        00:00:06 [watchdog/3]
+root        28     2  0 Jul21 ?        00:00:01 [migration/3]
+root        29     2  0 Jul21 ?        00:00:01 [ksoftirqd/3]
+root        31     2  0 Jul21 ?        00:00:00 [kworker/3:0H]
+root        32     2  0 Jul21 ?        00:00:00 [kdevtmpfs]
+root        33     2  0 Jul21 ?        00:00:00 [netns]
+root        36     2  0 Jul21 ?        00:00:02 [khungtaskd]
+root        37     2  0 Jul21 ?        00:00:00 [oom_reaper]
+root        38     2  0 Jul21 ?        00:00:00 [writeback]
+root        39     2  0 Jul21 ?        00:00:00 [kcompactd0]
+root        40     2  0 Jul21 ?        00:00:00 [ksmd]
+root        41     2  0 Jul21 ?        00:08:49 [khugepaged]
+root        42     2  0 Jul21 ?        00:00:00 [crypto]
+root        43     2  0 Jul21 ?        00:00:00 [kintegrityd]
+root        44     2  0 Jul21 ?        00:00:00 [bioset]
+root        45     2  0 Jul21 ?        00:00:00 [kblockd]
+root        46     2  0 Jul21 ?        00:00:00 [devfreq_wq]
+root        47     2  0 Jul21 ?        00:00:00 [watchdogd]
+root        49     2  0 Jul21 ?        00:04:05 [kswapd0]
+root        50     2  0 Jul21 ?        00:00:00 [bioset]
+root        63     2  0 Jul21 ?        00:00:00 [kthrotld]
+root        64     2  0 Jul21 ?        00:00:00 [ipv6_addrconf]
+root       104     2  0 Jul21 ?        00:00:00 [ata_sff]
+root       143     2  0 Jul21 ?        00:00:00 [scsi_eh_0]
+root       144     2  0 Jul21 ?        00:00:00 [scsi_tmf_0]
+root       145     2  0 Jul21 ?        00:00:00 [scsi_eh_1]
+root       146     2  0 Jul21 ?        00:00:00 [scsi_tmf_1]
+root       147     2  0 Jul21 ?        00:00:00 [scsi_eh_2]
+root       148     2  0 Jul21 ?        00:00:00 [scsi_tmf_2]
+root       149     2  0 Jul21 ?        00:00:00 [scsi_eh_3]
+root       150     2  0 Jul21 ?        00:00:00 [scsi_tmf_3]
+root       151     2  0 Jul21 ?        00:00:00 [scsi_eh_4]
+root       152     2  0 Jul21 ?        00:00:00 [scsi_tmf_4]
+root       153     2  0 Jul21 ?        00:00:00 [scsi_eh_5]
+root       154     2  0 Jul21 ?        00:00:00 [scsi_tmf_5]
+root       162     2  0 Jul21 ?        00:00:00 [bioset]
+root       166     2  0 Jul21 ?        00:02:18 [kworker/0:1H]
+root       186     2  0 Jul21 ?        00:00:00 [kdmflush]
+root       188     2  0 Jul21 ?        00:00:00 [bioset]
+root       189     2  0 Jul21 ?        00:00:00 [kcryptd_io]
+root       190     2  0 Jul21 ?        00:00:00 [kcryptd]
+root       191     2  0 Jul21 ?        00:02:23 [dmcrypt_write]
+root       193     2  0 Jul21 ?        00:00:00 [bioset]
+root       199     2  0 Jul21 ?        00:00:00 [kdmflush]
+root       200     2  0 Jul21 ?        00:00:00 [bioset]
+root       204     2  0 Jul21 ?        00:00:00 [kdmflush]
+root       205     2  0 Jul21 ?        00:00:00 [bioset]
+root       208     2  0 Jul21 ?        00:00:00 [kdmflush]
+root       212     2  0 Jul21 ?        00:00:00 [bioset]
+root       223     2  0 Jul21 ?        00:00:02 [kworker/2:1H]
+root       238     2  0 Jul21 ?        00:00:17 [jbd2/dm-2-8]
+root       239     2  0 Jul21 ?        00:00:00 [ext4-rsv-conver]
+root       262     1  0 Jul21 ?        00:00:41 /usr/lib/systemd/systemd-journald
+root       270     2  0 Jul21 ?        00:00:00 [ktpacpid]
+root       273     2  0 Jul21 ?        00:00:03 [kworker/1:1H]
+root       274     2  0 Jul21 ?        00:00:00 [iprt-VBoxWQueue]
+root       276     2  0 Jul21 ?        00:00:02 [kworker/3:1H]
+root       277     1  0 Jul21 ?        00:00:04 /usr/lib/systemd/systemd-udevd
+root       278     2  0 Jul21 ?        00:00:01 [iprt-VBoxTscThr]
+root       331     2  0 Jul21 ?        00:00:00 [acpi_thermal_pm]
+root       480     2  0 Jul21 ?        00:00:00 [ext4-rsv-conver]
+root       505     2  0 Jul21 ?        00:00:00 [cfg80211]
+root       529     2  0 Jul21 ?        01:56:15 [irq/36-iwlwifi]
+root       568     2  0 Jul21 ?        00:00:00 [i915/signal:0]
+root       569     2  0 Jul21 ?        00:00:00 [i915/signal:1]
+root       576     2  0 Jul21 ?        00:00:00 [i915/signal:2]
+hubert     658 31866  0 Aug04 ?        00:00:06 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=289E0D52C0B48B885CD429EE8688F4B6 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+root       741     1  0 Jul21 ?        00:00:00 /usr/bin/lvmetad -f
+root      1105     2  0 Jul21 ?        00:00:41 [jbd2/dm-3-8]
+root      1106     2  0 Jul21 ?        00:00:00 [ext4-rsv-conver]
+root      1114     1  0 Jul21 ?        00:03:49 /usr/bin/thinkfan -n -s5 -q
+root      1115     1  0 Jul21 ?        00:00:06 /usr/bin/crond -n
+dbus      1116     1  0 Jul21 ?        00:15:11 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
+root      1119     1  0 Jul21 ?        00:27:54 /usr/bin/python2 -O /usr/share/wicd/daemon/wicd-daemon.py --no-daemon
+root      1121     1  0 Jul21 ?        00:01:00 /usr/bin/acpid --foreground --netlink
+root      1123     1  0 Jul21 ?        00:00:04 /usr/lib/systemd/systemd-logind
+root      1125     1  0 Jul21 ?        00:00:32 /usr/bin/syslog-ng -F
+root      1592     1  0 Jul21 ?        01:09:59 /usr/bin/dockerd -H fd://
+root      1595     1  0 Jul21 ?        00:00:00 /usr/bin/sshd -D
+root      1600     2  0 Jul21 ?        00:05:17 [kworker/u17:0]
+root      1610     1  0 Jul21 tty1     00:00:00 /sbin/agetty --noclear tty1 linux
+root      1611     1  0 Jul21 ?        00:00:00 /usr/bin/slim -nodaemon
+root      1660  1611  0 Jul21 tty7     04:42:03 /usr/lib/xorg-server/Xorg -nolisten tcp vt07 -auth /var/run/slim.auth
+root      1678     2  0 Jul21 ?        00:00:21 [kworker/u17:1]
+root      1715  1119  0 Jul21 ?        00:12:10 /usr/bin/python2 -O /usr/share/wicd/daemon/monitor.py
+hubert    2066     1  0 Jul21 ?        00:00:10 /usr/lib/systemd/systemd --user
+hubert    2067  2066  0 Jul21 ?        00:00:00 (sd-pam)
+hubert    2078  1611  0 Jul21 ?        00:02:49 i3
+hubert    2085  2066  0 Jul21 ?        00:00:07 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation
+hubert    2087     1  0 Jul21 ?        00:00:02 gnome-keyring-daemon
+hubert    2094     1  0 Jul21 ?        00:00:55 xfce4-clipman
+hubert    2102     1  0 Jul21 ?        00:01:00 orage
+hubert    2119     1  0 Jul21 ?        00:01:05 i3bar --bar_id=bar-0 --socket=/run/user/1000/i3/ipc-socket.2078
+hubert    2123  2119  0 Jul21 ?        00:05:15 i3status
+hubert    2128  2066  0 Jul21 ?        00:00:00 /usr/lib/at-spi2-core/at-spi-bus-launcher
+hubert    2134  2128  0 Jul21 ?        00:00:28 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
+hubert    2140  2066  0 Jul21 ?        00:00:00 /usr/lib/xfce4/xfconf/xfconfd
+hubert    2145  2066  0 Jul21 ?        00:01:44 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
+hubert    2210  2066  0 Jul21 ?        00:00:06 /usr/lib/GConf/gconfd-2
+hubert    2414  2066  0 Jul21 ?        00:01:16 /usr/bin/gpg-agent --supervised
+hubert    3483     1  0 Aug03 ?        00:00:01 xterm
+hubert    3500  3483  0 Aug03 pts/10   00:00:02 zsh
+hubert    4605     1  0 Aug05 ?        00:00:29 evince /tmp/mozilla_hubert0/paper.pdf
+hubert    5333 11028  0 12:13 pts/22   00:03:29 node /home/hubert/.node_modules/bin/truffle-testrpc
+hubert    5704     1  0 Aug04 ?        00:00:00 /bin/zsh
+hubert    5717  5704  0 Aug04 ?        00:45:14 /usr/lib/thunderbird/thunderbird
+hubert    6344 31866  0 12:43 ?        00:00:40 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=81CA01159608F846CD9C203772B048B5 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert    6835 27197  0 Aug07 pts/6    00:00:19 vi main.tex
+root      9355     2  0 Aug09 ?        00:00:06 [kworker/3:0]
+hubert    9443     1  0 Aug07 ?        00:00:01 xterm
+hubert    9460  9443  0 Aug07 pts/4    00:00:00 zsh
+hubert    9561     1  0 Aug03 ?        00:00:00 xterm
+hubert    9578  9561  0 Aug03 pts/7    00:00:00 zsh
+hubert    9748 31866  0 14:26 ?        00:00:25 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=BD83BF238B871A07F2908BCCA3D20319 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert    9767 31866  0 14:26 ?        00:01:24 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=F6D7C3BABECDB0E552584085A2C9F235 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   10088  9460  0 Aug07 pts/4    00:00:00 vi fig_reorderingattack.tex
+hubert   10409     1  0 Jul31 ?        00:00:00 xterm
+hubert   10426 10409  0 Jul31 pts/3    00:00:00 zsh
+hubert   10463 10426  0 Jul31 pts/3    00:00:00 vi false_positives.txt
+hubert   10630     1  0 Jul28 ?        00:00:01 xterm
+hubert   10637 10630  0 Jul28 pts/21   00:00:00 zsh
+hubert   11011     1  0 Jul28 ?        00:00:01 xterm
+hubert   11028 11011  0 Jul28 pts/22   00:00:00 zsh
+hubert   13195     1  0 Jul28 ?        00:00:00 xterm
+hubert   13212 13195  0 Jul28 pts/2    00:00:00 zsh
+hubert   13265 13212  0 Jul28 pts/2    00:00:00 vi imported/ethereum/Wallet.sol
+hubert   14464     1  0 Jul28 ?        00:00:01 xterm
+hubert   14481 14464  0 Jul28 pts/23   00:00:00 zsh
+root     14578     2  0 Aug08 ?        00:00:00 [irq/32-mei_me]
+root     14579     2  0 Aug08 ?        00:00:00 [irq/16-mmc0]
+hubert   14995  2066  0 Jul24 ?        00:00:00 /usr/lib/dconf/dconf-service
+root     15058     2  0 17:01 ?        00:00:00 [kworker/1:1]
+hubert   15879     1  0 Jul24 ?        00:00:12 xterm
+hubert   15896 15879  0 Jul24 pts/5    00:00:02 zsh
+root     16071     1  0 Aug08 ?        00:01:53 dhcpcd
+hubert   16132     1  0 Aug08 ?        00:00:40 xterm
+hubert   16139 16132  0 Aug08 pts/13   00:00:00 zsh
+hubert   16550     1  0 17:39 ?        00:00:01 xterm
+hubert   16568 16550  0 17:39 pts/0    00:00:02 zsh
+hubert   16875 14481  0 Jul28 pts/23   00:00:08 node /home/hubert/.node_modules/bin/truffle console
+hubert   17622 31866  0 Aug09 ?        00:00:17 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=053D905D833EC7568B19D51B18A3835D --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   17832     1  0 Aug08 ?        00:00:00 xterm
+hubert   17849 17832  0 Aug08 pts/9    00:00:00 zsh
+hubert   17867 17849  0 Aug08 pts/9    00:00:00 vi fallback_and_more.sol
+hubert   18298     1  0 Aug08 ?        00:00:00 xterm
+hubert   18315 18298  0 Aug08 pts/16   00:00:00 zsh
+hubert   18345     1  0 Aug09 ?        00:00:04 xterm
+hubert   18362 18345  0 Aug09 pts/19   00:00:02 zsh
+hubert   18415 18315  0 Aug08 pts/16   00:00:47 evince CES_full-2003-2.pdf
+hubert   18906 10637  0 Jul28 pts/21   00:00:00 vi Reservation.sol
+root     19010  1592  0 Aug03 ?        00:17:34 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc
+hubert   19469 31866  0 Aug09 ?        00:00:26 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=E019B288BCD40AA097039098D1899850 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+root     19522     1  0 Jul22 ?        00:00:36 /usr/lib/upower/upowerd
+hubert   19927     1  0 Jul24 ?        00:00:01 xterm
+hubert   19945 19927  0 Jul24 pts/8    00:00:01 zsh
+hubert   19959     1  0 Aug09 ?        00:00:05 xterm
+hubert   19976 19959  0 Aug09 pts/1    00:00:03 zsh
+root     21015     2  0 21:09 ?        00:00:05 [kworker/u16:2]
+hubert   21085     1  0 21:10 ?        00:00:00 xterm
+hubert   21102 21085  0 21:10 pts/14   00:00:00 zsh
+hubert   21668 31866  0 21:28 ?        00:00:15 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=66CFEC1C291E00B21A6FD059C0C8CAFF --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+root     21852     2  0 21:31 ?        00:00:00 [kworker/2:0]
+hubert   21954     1  0 21:32 ?        00:00:00 xterm
+hubert   21971 21954  0 21:32 pts/11   00:00:00 zsh
+hubert   22135     1  0 Aug04 ?        00:01:44 evince main.pdf
+hubert   22139  2066  0 Aug04 ?        00:00:00 /usr/lib/evince/evinced
+root     22752     2  0 Aug04 ?        00:00:00 [bioset]
+hubert   23037 16139  3 22:05 pts/13   00:02:43 mplayer -noar -nojoystick -nolirc -fs -loop 0 /home/hubert/mukke/miles_children.mp3
+hubert   23500 31866  0 Aug04 ?        00:01:08 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=001F8195543E36AEC0F84D5FC220A82E --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   24040     1  0 Aug07 ?        00:00:00 /bin/zsh
+hubert   24043 24040  8 Aug07 ?        07:01:53 /usr/lib/firefox/firefox
+hubert   24160     1  0 Aug07 ?        00:00:00 /bin/zsh
+hubert   24164 24160  0 Aug07 ?        00:00:00 /usr/lib/eclipse/eclipse
+hubert   24165 24164  3 Aug07 ?        02:31:10 /usr/bin/java -Dosgi.requiredJavaVersion=1.8 -Dosgi.instance.area.default=@user.home/eclipse-workspace -XX:+UseG1GC -XX:+UseStringDeduplication -Dosgi.requiredJavaVersion=1.8 -Xms256m -Xmx1024m -jar /usr/lib/eclipse//plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar -os linux -ws gtk -arch x86_64 -showsplash /usr/lib/eclipse//plugins/org.eclipse.epp.package.common_4.7.0.20170620-1800/splash.bmp -launcher /usr/lib/eclipse/eclipse -name Eclipse --launcher.library /usr/lib/eclipse//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.500.v20170531-1133/eclipse_1624.so -startup /usr/lib/eclipse//plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar --launcher.appendVmargs -exitdata 11440014 -product org.eclipse.epp.package.java.product -vm /usr/bin/java -vmargs -Dosgi.requiredJavaVersion=1.8 -Dosgi.instance.area.default=@user.home/eclipse-workspace -XX:+UseG1GC -XX:+UseStringDeduplication -Dosgi.requiredJavaVersion=1.8 -Xms256m -Xmx1024m -jar /usr/lib/eclipse//plugins/org.eclipse.equinox.launcher_1.4.0.v20161219-1356.jar
+hubert   24219 19976  0 22:21 pts/1    00:00:00 vi README.md
+root     24564     2  0 22:33 ?        00:00:02 [kworker/0:0]
+hubert   24614 31866  4 22:35 ?        00:02:14 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=CB478A87C4D17F08CB28A14B889B0DB9 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+root     24902     2  0 22:43 ?        00:00:02 [kworker/u16:4]
+hubert   24910 31866  1 22:43 ?        00:00:38 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=039D355B2BEABA43E8F3BF515D291D93 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   25149     1  0 Aug09 ?        00:00:00 /bin/zsh
+hubert   25152 25149  0 Aug09 ?        00:00:47 evince
+hubert   25168     1  0 Aug09 ?        00:00:10 xterm
+hubert   25185 25168  0 Aug09 pts/17   00:00:00 zsh
+hubert   25209     1  0 Aug07 ?        00:00:00 /usr/lib/webkit2gtk-4.0/WebKitNetworkProcess 150
+root     25340     2  0 22:52 ?        00:00:01 [kworker/u16:5]
+root     25643     2  0 22:57 ?        00:00:00 [kworker/0:2]
+root     25644     2  0 22:57 ?        00:00:00 [kworker/2:2]
+root     25783     2  0 23:00 ?        00:00:01 [kworker/u16:1]
+hubert   26069     1  0 23:04 ?        00:00:00 xterm
+hubert   26086 26069  0 23:04 pts/15   00:00:00 zsh
+hubert   26140     1  0 Aug07 ?        00:00:03 /usr/lib/webkit2gtk-4.0/WebKitWebProcess 160
+hubert   26276 31866 18 23:08 ?        00:03:05 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=FF9838BC3C7B81643EC2018E40955224 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+root     26323     2  0 23:09 ?        00:00:01 [kworker/u16:7]
+hubert   26351 31866  0 23:11 ?        00:00:05 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=FD05C72A42976CBC6B85103EFAE1B437 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+root     26389     2  0 23:12 ?        00:00:00 [kworker/1:2]
+root     26430     2  0 23:13 ?        00:00:00 [kworker/3:1]
+hubert   26621 16568  0 23:19 pts/0    00:00:00 vi cert_creation.sh
+hubert   26691     1  0 23:22 ?        00:00:00 xterm
+hubert   26708 26691  0 23:22 pts/18   00:00:00 zsh
+hubert   26795 21102  0 23:23 pts/14   00:00:00 man certutil
+hubert   26807 26795  0 23:23 pts/14   00:00:00 less
+hubert   26915 26708  0 23:25 pts/18   00:00:00 ps -ef
+hubert   27179     1  0 Aug04 ?        00:00:04 xterm
+hubert   27197 27179  0 Aug04 pts/6    00:00:00 zsh
+hubert   27775     1  0 Jul28 ?        00:00:39 xterm
+hubert   27792 27775  0 Jul28 pts/12   00:00:01 zsh
+root     27952     2  0 Jul28 ?        00:00:00 [bioset]
+hubert   28132 24043  0 Aug09 ?        00:00:41 /usr/bin/evince /tmp/mozilla_hubert0/p1197-dowling.pdf
+root     31079     2  0 Jul24 ?        00:00:00 [dio/dm-3]
+polkitd  31448     1  0 Jul25 ?        00:00:50 /usr/lib/polkit-1/polkitd --no-debug
+root     31476     1  0 Jul25 ?        00:01:17 /usr/bin/cupsd -l
+colord   31477     1  0 Jul25 ?        00:00:00 /usr/lib/colord/colord
+hubert   31643 31866  0 Aug04 ?        00:00:07 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=DC1172410C70C0F58E75E6D62CFFDEAD --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   31858     1  0 Jul24 ?        00:00:00 /bin/zsh
+hubert   31861 31858  3 Jul24 ?        13:46:37 /usr/lib/opera/opera
+hubert   31863 31861  0 Jul24 ?        00:00:00 /usr/lib/opera/opera_sandbox /usr/lib/opera/opera --type=zygote
+hubert   31864 31863  0 Jul24 ?        00:00:00 /usr/lib/opera/opera --type=zygote
+hubert   31866 31864  0 Jul24 ?        00:00:00 /usr/lib/opera/opera --type=zygote
+hubert   31934 31861  0 Jul24 ?        02:22:40 /usr/lib/opera/opera --type=gpu-process --field-trial-handle=1 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,7,8,10,24,30,63,68,76 --disable-gl-extensions=GL_ARB_timer_query GL_EXT_timer_query GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent --disable-webrtc-hw-encoding --gpu-vendor-id=0x8086 --gpu-device-id=0x0126 --gpu-driver-vendor=Mesa --gpu-driver-version=17.1.4 --gpu-driver-date --service-request-channel-token=D475D44CA403ED1AC8789FEE92E3D5F7
+hubert   31937 31934  0 Jul24 ?        00:00:00 /usr/lib/opera/opera --type=gpu-broker
+hubert   31969 31866  0 Jul24 ?        00:00:05 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=F2861656839C6C74836DBB94F63A6E9C --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   31980 31866  0 Jul24 ?        00:00:10 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=637D81672AEE9F862B863C3CD30E68D1 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   32021 31866  0 Jul24 ?        00:01:07 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=13C3244006EB0927FBB3DA60803441AF --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   32081 31866  1 Jul24 ?        04:29:26 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=B912F73C8CF5743F2E6305E6A45CB54C --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,
+hubert   32124 31866  1 Jul24 ?        06:13:22 /usr/lib/opera/opera --type=renderer --field-trial-handle=1 --primordial-pipe-token=01234742489C6A487EC763DD784F8EBE --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,
+Thu Aug 10 23:25:53 CEST 2017
+047155232
diff --git a/ca/server_db/cert.req b/ca/server_db/cert.req
new file mode 100644
index 0000000..39fe947
--- /dev/null
+++ b/ca/server_db/cert.req
@@ -0,0 +1,18 @@
+
+Certificate request generated by Netscape certutil
+Phone: (not specified)
+
+Common Name: tls-n.testserver
+Email: (not specified)
+Organization: TLS-N
+State: (not specified)
+Country: NN
+
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIH0MIGaAgEAMDgxCzAJBgNVBAYTAk5OMQ4wDAYDVQQKEwVUTFMtTjEZMBcGA1UE
+AxMQdGxzLW4udGVzdHNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKTR
+iNOt2VpeI+llhXEmHXzmAvuhv/OmnbPsDkfI+/HO3EJUVv1E/ad6UWPm/7cSAm20
+BsVLe95KJ42mPvKMgxWgADAKBggqhkjOPQQDAgNJADBGAiEAwG4kqlSisqkKl1St
+nsBYQYKNPIXD/W0tx3pworFZt+MCIQDn72ZDAAmqs3rH/+ScIT934Z0Vcc4J9kpc
+C4IdQnqXeQ==
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/ca/server_db/cert.req2 b/ca/server_db/cert.req2
new file mode 100644
index 0000000000000000000000000000000000000000..931eda0c8a70ef10383f0e0304270bbdc3018708
GIT binary patch
literal 247
zcmXqL{9@2Ji;0oJz`~H*fRl|ml!Z;0$<NP_&wvNS;Sy#I@d?)TGn6zC2l1JO1xj*?
zb@TK}Qj1H9Q;W({iwq(SgxT1&+C0wLGBL7ofEmn;?95IKEK4qSTwZ%KDo*)jYHOjI
zY|S&K-wXGDUN(308$S0FzdxS4;}jD1*X8f>s=(xD|F;V<<!)g+>Ro-$OTBlQ-KU;r
z(FF_!Tu>8Pn3<S884TQ*6d4ZWsjLcFv}q;R^pLgl4n#OM_1d%^{+p|NysBW)#>nlD
ofl8jgPjhDAT(!CC`2Qz!6z$6&&J`^@$N9}GhPz4DscL#907IEu$p8QV

literal 0
HcmV?d00001

diff --git a/ca/server_db/cert8.db b/ca/server_db/cert8.db
new file mode 100644
index 0000000000000000000000000000000000000000..20deb33a9a72b08b2bff61a61640aeccab3b3d90
GIT binary patch
literal 65536
zcmeI)eN0tl9KiACoO8MN%ByuDEuv&N%M$k-Fe?L&m{2N1LnLy|rgzuT6mDMbSVNhi
z=Bn9Zy4L1P<urVmkS}bObC_;zOoq-HVJy;WLrq&oOl^*C&$$<sKZKfNuFdbcd-j~?
zJm)#jb3VU&{`@_{nY2&{p$p;oMu@5ERKyFRsmd<G-G8F`!xxNj9qtk?`~1U-nqO3H
zAND<Vx$B2JvYxv>FB2kw00IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@2q1s}
z0tg_000IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@2p}+A0uFK2>b1VKs;#A}
zgg6jD009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**
z5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q58#1l)!Yn(zn_Tw3`?!0%sN=?hf(0u#Od
zav>g7`Te`wHYLi@<^wX(Y0PsNp19(Ix#@*tiv0fInCEj1`HUGON7!9Xk6u`4#>-f{
z5$%Zz-)BB3M@7bsR1>6EObq%egOMrR>ft56K;`TH3K1=Ot#<2>wc7GpTFy_|E3(S6
z#%Cp{GF&?h@EimXKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009IL
zKmY**5I_I{1Q0*~0R#|0009ILKmY**5I_I{1P~Z@0k<y1lsnHk)^C&L?AC;sYX7u6
z;gPGfTv>bWQ$yEuJt~s?9PM;JvG&Ci*$zV=JP}$xGAhn|TCGfGm>HAJN%QTdY2Iw!
z`I_Y`(&Kc6SD<VCOEEN;F-<tOpL*xphVSPuNW0*Bd)c^@72W#vtw;W>-*Vtm{0lAD
z|2Xl(wBnM!>3ut@U-EW`4&JYqH#xtawfx7KkG)@?)3a`Mk{s}A#tb3z^;B^&I5P92
zu_gDdFK8}a)>!}Q&dk}rHoy5>ZowxN-5>8;oUCs7>SXEmswdC49-cR4^R+!)2da;L
z*V^H#E~?vKFrnjgTgq*awSUPYw}Vh>|FoGRMg<{X)?T_5gpC~oSNb1=@YJM?fkCjF
zLyR08xjjGc_^vsnH8Zj<znuJYY-(rX-$&PlGCHq(-t*dX#-8=9zwawNQWMzro_BK9
z@vUn&<m|}Y{BYNzXN}(MMQ3|2%-xnIQ)Plmf=}^iTF4P44OPi_`$B?!LH(^X=fL;7
z5sCJ)#^g<|^p?{L>O$kzc>j9q-MaFg4<28+q^hVhF|IbGBGK^0v9^`x8mBjPwS0E@
zd|uj_mcy}Sp<{8&_ck{)r5sGU5ee@?mE^y>O*syl$sgGWAm-La0BTJC1^`11GlqDg
z`c@wry!+<2s3z*W$97%dbrC=S0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**
x5I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009ILKmY**5cod|`~#|^N|yit

literal 0
HcmV?d00001

diff --git a/ca/server_db/key3.db b/ca/server_db/key3.db
new file mode 100644
index 0000000000000000000000000000000000000000..00ad06f85e8e1705911bed599d036873fdf7dcc1
GIT binary patch
literal 16384
zcmeI%TQJm77y$6IH*I$N|C@%2B9}-?s5Da{H7lY?JLHl{?QW>CELP;QE?Guq8Iht^
zle>~>iqs@zbXnExh$&;Ii#y9sF6m-6v`Y`Y^w0xMGv7CJ=KJQHGv}Q7J$?siXtNMP
zM1;s~2rXBYh>j3JmDB@Ke-*0rxe3x-o?Ai`b)6d`=v8HPsQ0MHq6c;UJ&S%XTnGXn
z00JNY0w4eaAOHd&00JNY0{@Eu6;0va@nO6cuf#9oo_IDEhh<~45Fh{oAOHd&00JNY
z0w4eaAOHd&u)qQ&)km{cQoWU#2F*OxIrZBz0-Zu2S?Q3q>^3T+<h1YlIb0`WS;fH;
zK@V<0BoN3+S$$L1(NCm?#{GFhOJj!vW3IJ3gaMaurdDb51?|1UL7qfYQA79c&aDez
zJoeR;<{EX^5wUe^qMGt;&USCVI#ky`!}bgIaHHOq?BQASeU!dl<2qs2uiUjvOf4>!
z-7@%8{3E|>pGEShUTY$2;woK~Y@2D;Ttv(071T$I6MQ?d6D~ol)#t_zwfJzG$tADT
z+N(N``WegpQ^HL3;s%Jy!p6^K1=R}7NunH=zT4;FIn9_Zk705KX78^c2G?jjb&dVt
zvLU0)enOP2?Ob3Ic&xPbGjCMJZ>m4qAvk7N6v*YVSzHS~iyJ}GA|!5!SRNV6(aobg
z!&@Isni)`prs#Jun~u%bK2?kA+Pid2UcDU-3uW>7QM~Yz7MxT5oFI~?e>nd%FNBC1
zaV0j6DY5^hV*&330T2KI5C8!X009sH0T2KI5CDO{68LkY;hgYZ?6=I=CcDVWiK_e}
z@6BE=E%S|rGwJc64A!R5gPccC<I~E|U$j>YG*J7v>)ld<obGm9EMPu26<YUH*hc$N
zJ9Qss%}7IxvKpS8bu^dsH>Z>-8b$)$Xzm|J%+fPUhn5cdR~QX45mPRH5EGe}5K*zJ
zJ%yHYijhGVKV~^s(RbA-dQP;A4DI)0B!(=x;9#VG<h0|L7@7S_bDx(tJG$Gv$#3>M
zzPNGNTX4X3%xg^#-B6}A(<GYRD*JkS;`naTt?ZYhcMdfQ!i&>6J0f2crsmj}ZxgS5
s&)!Lzv}1Qo%H5|IxSIpVg8&GC00@8p2!H?xfB*=900@8p2>g42pQWadM*si-

literal 0
HcmV?d00001

diff --git a/ca/server_db/secmod.db b/ca/server_db/secmod.db
new file mode 100644
index 0000000000000000000000000000000000000000..b6e81ca751dff9ba46a094715f7b4f507fbc7a6c
GIT binary patch
literal 16384
zcmeI&u}Z^07{Kw*R!RqnE^Z<R4!0Hh0Ga9{MJdD=h{?5t#-yYv=-^{G3O<vYlS6zB
zsh3=f7Qw-x6#0K}+}(GV?=HXjq;njKNK0h@MdZj1<v?W5c6F2PYGBu!M7!ymCAaA@
zd#G%#j(ShswjNz~pRJ$Efe0Xg00IagfB*srAb<b@2q1s}0tg_000IagfB*srAb<b@
z2<(bLOWqGF@71fkUAYnWKmY**5I_I{1Q0*~0R#|0;BNvQQS!F&Mto=s#kRTR$yE@j
zi>x$77N%-690cmD-&dD;yhx4R^%UjVIGMyr;p?7OktxbiVaCawueF+*`>)B|M7MeD
zYuESU8?DA^IGOuuF^j{}G$r(EGT5l&HVnU4bE(AETYqw$Pfd1i=24N%$|TR~755JR
nxxMu5RZngE5x@Q3$C5w*0R#|0009ILKmY**5I_Kd|1R(eN?b*1

literal 0
HcmV?d00001

diff --git a/ca/server_db/server.crt b/ca/server_db/server.crt
new file mode 100644
index 0000000000000000000000000000000000000000..55a697de4dd0f14e2c2bc165d75881be0d4a6060
GIT binary patch
literal 325
zcmXqLVstcUe7=C0iIItkm0{J{*&+s9Y#dr`9_MUXn3)VD48;sY*qB3En1y*me1diT
z6oT^eOB9?P4dldm4b2TK3=ND7jm!*9qCi|jLpT>G!)?F`(#a;w<mYF|XTSsEa0#=5
zjWLuo5Qi8mP?A%uo2OTjT3k|`T2z)=WDsc}%*GCO0TUzCDa?%Q%uWm}OD=X?UVAet
zPWfeOYoVHK%`>Lo3-^CsHh1$IKKB#9Kc2he6cYB=<?r&Uz~pEDw+k`lZecs>U473>
zy?2@2r=Dg}WUn!MG8niqDKfk+5ip*v5+*pwXJ1I+x@9pdjQwBjt9a|^Ge7Uyyp3tn
pKqUvxM=UAResOwFsMVYwYwm8YI(Y5$b@r;D37dR$uHQH-3jmk5Y~BC>

literal 0
HcmV?d00001

diff --git a/nss/.clang-format b/nss/.clang-format
new file mode 100644
index 0000000..b90d52f
--- /dev/null
+++ b/nss/.clang-format
@@ -0,0 +1,65 @@
+---
+Language:        Cpp
+# BasedOnStyle:  Mozilla
+AccessModifierOffset: -2
+AlignAfterOpenBracket: true
+AlignEscapedNewlinesLeft: false
+AlignOperands:   true
+AlignTrailingComments: true
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: All
+AlwaysBreakAfterDefinitionReturnType: true
+AlwaysBreakTemplateDeclarations: false
+AlwaysBreakBeforeMultilineStrings: false
+BreakBeforeBinaryOperators: false
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BinPackParameters: true
+BinPackArguments: true
+ColumnLimit:     0
+ConstructorInitializerAllOnOneLineOrOnePerLine: true
+ConstructorInitializerIndentWidth: 4
+DerivePointerAlignment: true
+ExperimentalAutoDetectBinPacking: false
+IndentCaseLabels: true
+IndentWrappedFunctionNames: false
+IndentFunctionDeclarationAfterType: false
+MaxEmptyLinesToKeep: 1
+KeepEmptyLinesAtTheStartOfBlocks: true
+NamespaceIndentation: None
+ObjCBlockIndentWidth: 2
+ObjCSpaceAfterProperty: true
+ObjCSpaceBeforeProtocolList: false
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakString: 1000
+PenaltyBreakFirstLessLess: 120
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 200
+PointerAlignment: Right
+SpacesBeforeTrailingComments: 1
+Cpp11BracedListStyle: false
+Standard:        Cpp03
+IndentWidth:     4
+TabWidth:        8
+UseTab:          Never
+BreakBeforeBraces: Linux
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+SpacesInAngles:  false
+SpaceInEmptyParentheses: false
+SpacesInCStyleCastParentheses: false
+SpaceAfterCStyleCast: false
+SpacesInContainerLiterals: true
+SpaceBeforeAssignmentOperators: true
+ContinuationIndentWidth: 4
+CommentPragmas:  '^ IWYU pragma:'
+ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
+SpaceBeforeParens: ControlStatements
+DisableFormat:   false
+SortIncludes: false
+...
diff --git a/nss/.gitignore b/nss/.gitignore
new file mode 100644
index 0000000..079fcae
--- /dev/null
+++ b/nss/.gitignore
@@ -0,0 +1,20 @@
+*~
+*.swp
+*OPT.OBJ/
+*DBG.OBJ/
+*DBG.OBJD/
+out/*
+*.pyc
+*.bak
+*.out
+*.rej
+*.patch
+GPATH
+GRTAGS
+GTAGS
+#*
+.#*
+.ycm_extra_conf.py*
+fuzz/libFuzzer/*
+fuzz/corpus
+fuzz/out
diff --git a/nss/.hg_archival.txt b/nss/.hg_archival.txt
new file mode 100644
index 0000000..cfd7283
--- /dev/null
+++ b/nss/.hg_archival.txt
@@ -0,0 +1,4 @@
+repo: 9949429068caa6bb8827a8ceeaa7c605d722f47f
+node: 127d10a77798396fdb659231040bb4b57ec16dc5
+branch: NSS_3_30_BRANCH
+tag: NSS_3_30_1_RTM
diff --git a/nss/.hgignore b/nss/.hgignore
new file mode 100644
index 0000000..a8d626e
--- /dev/null
+++ b/nss/.hgignore
@@ -0,0 +1,20 @@
+syntax: glob
+*~
+*OPT.OBJ/*
+*DBG.OBJ/*
+*DBG.OBJD/*
+out/*
+*.pyc
+*.bak
+*.out
+*.rej
+*.patch
+GPATH
+GRTAGS
+GTAGS
+#*
+.#*
+.ycm_extra_conf.py*
+fuzz/libFuzzer/*
+fuzz/corpus
+fuzz/out
diff --git a/nss/.taskcluster.yml b/nss/.taskcluster.yml
new file mode 100644
index 0000000..9d56c9b
--- /dev/null
+++ b/nss/.taskcluster.yml
@@ -0,0 +1,89 @@
+---
+version: 0
+metadata:
+  name: "NSS Continuous Integration"
+  description: "The Taskcluster task graph for the NSS tree"
+  owner: "mozilla-taskcluster-maintenance@mozilla.com"
+  source: {{{source}}}
+
+scopes:
+  # Note the below scopes are insecure however these get overriden on the server
+  # side to whatever scopes are set by mozilla-taskcluster.
+  - queue:*
+  - docker-worker:*
+  - scheduler:*
+
+# Available mustache parameters (see the mozilla-taskcluster source):
+#
+# - owner:          push user (email address)
+# - source:         URL of this YAML file
+# - url:            repository URL
+# - project:        alias for the destination repository (basename of
+#                   the repo url)
+# - level:          SCM level of the destination repository
+#                   (1 = try, 3 = core)
+# - revision:       (short) hg revision of the head of the push
+# - revision_hash:  (long) hg revision of the head of the push
+# - comment:        comment of the push
+# - pushlog_id:     id in the pushlog table of the repository
+#
+# and functions:
+# - as_slugid:      convert a label into a slugId
+# - from_now:       generate a timestamp at a fixed offset from now
+
+tasks:
+  - taskId: '{{#as_slugid}}decision task{{/as_slugid}}'
+    reruns: 3
+    task:
+      created: '{{now}}'
+      deadline: '{{#from_now}}1 day{{/from_now}}'
+      expires: '{{#from_now}}14 days{{/from_now}}'
+
+      metadata:
+        owner: mozilla-taskcluster-maintenance@mozilla.com
+        source: {{{source}}}
+        name: "NSS Decision Task"
+        description: |
+            The task that creates all of the other tasks in the task graph
+
+      workerType: "hg-worker"
+      provisionerId: "aws-provisioner-v1"
+
+      tags:
+        createdForUser: {{owner}}
+
+      routes:
+        - "tc-treeherder-stage.v2.{{project}}.{{revision}}.{{pushlog_id}}"
+        - "tc-treeherder.v2.{{project}}.{{revision}}.{{pushlog_id}}"
+
+      payload:
+        image: ttaubert/nss-decision:0.0.2
+
+        env:
+          TC_OWNER: {{owner}}
+          TC_SOURCE: {{{source}}}
+          TC_PROJECT: {{project}}
+          TC_COMMENT: '{{comment}}'
+          NSS_PUSHLOG_ID: '{{pushlog_id}}'
+          NSS_HEAD_REPOSITORY: '{{{url}}}'
+          NSS_HEAD_REVISION: '{{revision}}'
+
+        maxRunTime: 1800
+
+        command:
+          - bash
+          - -cx
+          - >
+            bin/checkout.sh &&
+            nss/automation/taskcluster/scripts/extend_task_graph.sh
+
+        features:
+          taskclusterProxy: true
+
+      extra:
+        treeherder:
+          symbol: D
+          build:
+            platform: nss-decision
+          machine:
+            platform: nss-decision
diff --git a/nss/COPYING b/nss/COPYING
new file mode 100644
index 0000000..212af5b
--- /dev/null
+++ b/nss/COPYING
@@ -0,0 +1,403 @@
+NSS is available under the Mozilla Public License, version 2, a copy of which
+is below.
+
+Note on GPL Compatibility
+-------------------------
+
+The MPL 2, section 3.3, permits you to combine NSS with code under the GNU
+General Public License (GPL) version 2, or any later version of that
+license, to make a Larger Work, and distribute the result under the GPL.
+The only condition is that you must also make NSS, and any changes you
+have made to it, available to recipients under the terms of the MPL 2 also.
+
+Anyone who receives the combined code from you does not have to continue
+to dual licence in this way, and may, if they wish, distribute under the
+terms of either of the two licences - either the MPL alone or the GPL
+alone. However, we discourage people from distributing copies of NSS under
+the GPL alone, because it means that any improvements they make cannot be
+reincorporated into the main version of NSS. There is never a need to do
+this for license compatibility reasons.
+
+Note on LGPL Compatibility
+--------------------------
+
+The above also applies to combining MPLed code in a single library with
+code under the GNU Lesser General Public License (LGPL) version 2.1, or
+any later version of that license. If the LGPLed code and the MPLed code
+are not in the same library, then the copyleft coverage of the two
+licences does not overlap, so no issues arise.
+
+
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in 
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
diff --git a/nss/Makefile b/nss/Makefile
new file mode 100644
index 0000000..a24c4ca
--- /dev/null
+++ b/nss/Makefile
@@ -0,0 +1,159 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifdef NSS_DISABLE_GTESTS
+DIRS := $(filter-out gtests,$(DIRS))
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+nss_build_all: build_nspr all latest
+
+nss_clean_all: clobber_nspr clobber
+
+NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/config.status
+NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure
+
+#
+# Translate coreconf build options to NSPR configure options.
+#
+
+ifeq ($(OS_TARGET),Android)
+NSPR_CONFIGURE_OPTS += --with-android-ndk=$(ANDROID_NDK) \
+                       --target=$(ANDROID_PREFIX) \
+                       --with-android-version=$(OS_TARGET_RELEASE) \
+                       --with-android-toolchain=$(ANDROID_TOOLCHAIN) \
+                       --with-android-platform=$(ANDROID_SYSROOT)
+endif
+ifdef BUILD_OPT
+NSPR_CONFIGURE_OPTS += --disable-debug --enable-optimize
+endif
+ifdef USE_X32
+NSPR_CONFIGURE_OPTS += --enable-x32
+endif
+ifdef USE_64
+NSPR_CONFIGURE_OPTS += --enable-64bit
+endif
+ifeq ($(OS_TARGET),WIN95)
+NSPR_CONFIGURE_OPTS += --enable-win32-target=WIN95
+endif
+ifdef USE_DEBUG_RTL
+NSPR_CONFIGURE_OPTS += --enable-debug-rtl
+endif
+ifdef USE_STATIC_RTL
+NSPR_CONFIGURE_OPTS += --enable-static-rtl
+endif
+ifdef NS_USE_GCC
+NSPR_CONFIGURE_ENV = CC=gcc CXX=g++
+endif
+ifdef CC
+NSPR_CONFIGURE_ENV = CC=$(CC)
+endif
+ifdef CCC
+NSPR_CONFIGURE_ENV += CXX=$(CCC)
+endif
+# Remove -arch definitions. NSPR can't handle that.
+NSPR_CONFIGURE_ENV := $(filter-out -arch x86_64,$(NSPR_CONFIGURE_ENV))
+NSPR_CONFIGURE_ENV := $(filter-out -arch i386,$(NSPR_CONFIGURE_ENV))
+NSPR_CONFIGURE_ENV := $(filter-out -arch ppc,$(NSPR_CONFIGURE_ENV))
+
+#
+# Some pwd commands on Windows (for example, the pwd
+# command in Cygwin) return a pathname that begins
+# with a (forward) slash.  When such a pathname is
+# passed to Windows build tools (for example, cl), it
+# is mistaken as a command-line option.  If that is the case,
+# we use a relative pathname as NSPR's prefix on Windows.
+#
+
+USEABSPATH="YES"
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+ifeq (,$(findstring :,$(shell pwd)))
+USEABSPATH="NO"
+endif
+endif
+ifeq ($(USEABSPATH),"YES")
+NSPR_PREFIX = $(shell pwd)/../dist/$(OBJDIR_NAME)
+else
+NSPR_PREFIX = $$(topsrcdir)/../dist/$(OBJDIR_NAME)
+endif
+
+ifndef NSS_GYP_PREFIX
+$(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
+	mkdir -p $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
+	cd $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) ; \
+	$(NSPR_CONFIGURE_ENV) sh ../configure \
+	$(NSPR_CONFIGURE_OPTS) \
+	--with-dist-prefix='$(NSPR_PREFIX)' \
+	--with-dist-includedir='$(NSPR_PREFIX)/include'
+else
+$(NSPR_CONFIG_STATUS): $(NSPR_CONFIGURE)
+	mkdir -p $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
+	cd $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) ; \
+	$(NSPR_CONFIGURE_ENV) sh ../configure \
+	$(NSPR_CONFIGURE_OPTS) \
+	--prefix='$(NSS_GYP_PREFIX)'
+endif
+
+build_nspr: $(NSPR_CONFIG_STATUS)
+	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)
+
+install_nspr: build_nspr
+	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) install
+
+clobber_nspr: $(NSPR_CONFIG_STATUS)
+	$(MAKE) -C $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME) clobber
+
+build_docs:
+	$(MAKE) -C $(CORE_DEPTH)/doc
+
+clean_docs:
+	$(MAKE) -C $(CORE_DEPTH)/doc clean
+
+nss_RelEng_bld: import all
+
+package:
+	$(MAKE) -C pkg publish
+
+latest:
+	echo $(OBJDIR_NAME) > $(CORE_DEPTH)/../dist/latest
+
diff --git a/nss/automation/buildbot-slave/bbenv-example.sh b/nss/automation/buildbot-slave/bbenv-example.sh
new file mode 100644
index 0000000..c76e5d6
--- /dev/null
+++ b/nss/automation/buildbot-slave/bbenv-example.sh
@@ -0,0 +1,67 @@
+#! /bin/bash
+
+# Each buildbot-slave requires a bbenv.sh file that defines
+# machine specific variables. This is an example file.
+
+
+HOST=$(hostname | cut -d. -f1)
+export HOST
+
+# if your machine's IP isn't registered in DNS,
+# you must set appropriate environment variables
+# that can be resolved locally.
+# For example, if localhost.localdomain works on your system, set:
+#HOST=localhost
+#DOMSUF=localdomain
+#export DOMSUF
+
+ARCH=$(uname -s)
+
+ulimit -c unlimited 2> /dev/null
+
+export NSPR_LOG_MODULES="pkix:1"
+
+#export JAVA_HOME_32=
+#export JAVA_HOME_64=
+
+#enable if you have PKITS data
+#export PKITS_DATA=$HOME/pkits/data/
+
+NSS_BUILD_TARGET="clean nss_build_all"
+JSS_BUILD_TARGET="clean all"
+
+MAKE=gmake
+AWK=awk
+PATCH=patch
+
+if [ "${ARCH}" = "SunOS" ]; then
+    AWK=nawk
+    PATCH=gpatch
+    ARCH=SunOS/$(uname -p)
+fi
+
+if [ "${ARCH}" = "Linux" -a -f /etc/system-release ]; then
+   VERSION=`sed -e 's; release ;;' -e 's; (.*)$;;' -e 's;Red Hat Enterprise Linux Server;RHEL;' -e 's;Red Hat Enterprise Linux Workstation;RHEL;' /etc/system-release`
+   ARCH=Linux/${VERSION}
+   echo ${ARCH}
+fi
+
+PROCESSOR=$(uname -p)
+if [ "${PROCESSOR}" = "ppc64" ]; then
+    ARCH="${ARCH}/ppc64"
+fi
+if [ "${PROCESSOR}" = "powerpc" ]; then
+    ARCH="${ARCH}/ppc"
+fi
+
+PORT_64_DBG=8543
+PORT_64_OPT=8544
+PORT_32_DBG=8545
+PORT_32_OPT=8546
+
+if [ "${NSS_TESTS}" = "memleak" ]; then
+    PORT_64_DBG=8547
+    PORT_64_OPT=8548
+    PORT_32_DBG=8549
+    PORT_32_OPT=8550
+fi
diff --git a/nss/automation/buildbot-slave/build.sh b/nss/automation/buildbot-slave/build.sh
new file mode 100755
index 0000000..7f1a960
--- /dev/null
+++ b/nss/automation/buildbot-slave/build.sh
@@ -0,0 +1,414 @@
+#! /bin/bash
+
+# Ensure a failure of the first command inside a pipe
+# won't be hidden by commands later in the pipe.
+# (e.g. as in ./dosomething | grep)
+
+set -o pipefail
+
+proc_args()
+{
+    while [ -n "$1" ]; do
+        OPT=$(echo $1 | cut -d= -f1)
+        VAL=$(echo $1 | cut -d= -f2)
+
+        case $OPT in
+            "--build-nss")
+                BUILD_NSS=1
+                ;;
+            "--test-nss")
+                TEST_NSS=1
+                ;;
+            "--build-jss")
+                BUILD_JSS=1
+                ;;
+            "--test-jss")
+                TEST_JSS=1
+                ;;
+            "--memtest")
+                NSS_TESTS="memleak"
+                export NSS_TESTS
+                ;;
+            "--nojsssign")
+                NO_JSS_SIGN=1
+                ;;
+            *)
+                echo "Usage: $0 ..."
+                echo "    --memtest   - run the memory leak tests"
+                echo "    --nojsssign - try to sign jss"
+                echo "    --build-nss"
+                echo "    --build-jss"
+                echo "    --test-nss"
+                echo "    --test-jss"
+                exit 1
+                ;;
+        esac 
+
+        shift
+    done
+}
+
+set_env()
+{
+    TOPDIR=$(pwd)
+    HGDIR=$(pwd)$(echo "/hg")
+    OUTPUTDIR=$(pwd)$(echo "/output")
+    LOG_ALL="${OUTPUTDIR}/all.log"
+    LOG_TMP="${OUTPUTDIR}/tmp.log"
+
+    echo "hello" |grep --line-buffered hello >/dev/null 2>&1
+    [ $? -eq 0 ] && GREP_BUFFER="--line-buffered"
+}
+
+print_log()
+{
+    DATE=$(date "+TB [%Y-%m-%d %H:%M:%S]")
+    echo "${DATE} $*"
+    echo "${DATE} $*" >> ${LOG_ALL}
+}
+
+print_result()
+{
+    TESTNAME=$1
+    RET=$2
+    EXP=$3
+
+    if [ ${RET} -eq ${EXP} ]; then
+        print_log "${TESTNAME} PASSED"
+    else
+        print_log "${TESTNAME} FAILED"
+    fi
+}
+
+print_env()
+{
+    print_log "######## Environment variables ########"
+
+    uname -a | tee -a ${LOG_ALL}
+    if [ -e "/etc/redhat-release" ]; then
+        cat "/etc/redhat-release" | tee -a ${LOG_ALL}
+    fi
+    # don't print the MAIL command, it might contain a password    
+    env | grep -v "^MAIL=" | tee -a ${LOG_ALL}
+}
+
+set_cycle()
+{
+    BITS=$1
+    OPT=$2
+
+    if [ "${BITS}" = "64" ]; then
+        USE_64=1
+        JAVA_HOME=${JAVA_HOME_64} 
+        PORT_DBG=${PORT_64_DBG}
+        PORT_OPT=${PORT_64_OPT}
+    else
+        USE_64=
+        JAVA_HOME=${JAVA_HOME_32} 
+        PORT_DBG=${PORT_32_DBG}
+        PORT_OPT=${PORT_32_OPT}
+    fi
+    export USE_64
+    export JAVA_HOME
+
+    BUILD_OPT=
+    if [ "${OPT}" = "OPT" ]; then
+        BUILD_OPT=1
+        XPCLASS=xpclass.jar
+        PORT=${PORT_OPT}
+    else
+        BUILD_OPT=
+        XPCLASS=xpclass_dbg.jar
+        PORT=${PORT_DBG}
+    fi
+    export BUILD_OPT
+
+    PORT_JSS_SERVER=$(expr ${PORT} + 20)
+    PORT_JSSE_SERVER=$(expr ${PORT} + 40)
+
+    export PORT
+    export PORT_JSS_SERVER
+    export PORT_JSSE_SERVER
+}
+
+build_nss()
+{
+    print_log "######## NSS - build - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/nss"
+    cd ${HGDIR}/nss
+
+    print_log "$ ${MAKE} ${NSS_BUILD_TARGET}"
+    #${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
+    ${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
+    RET=$?
+    print_result "NSS - build - ${BITS} bits - ${OPT}" ${RET} 0
+
+    if [ ${RET} -eq 0 ]; then
+        return 0
+    else
+        tail -100 ${LOG_ALL}
+        return ${RET}
+    fi
+}
+
+build_jss()
+{
+    print_log "######## JSS - build - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/jss"
+    cd ${HGDIR}/jss
+
+    print_log "$ ${MAKE} ${JSS_BUILD_TARGET}"
+    #${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
+    ${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
+    RET=$?
+    print_result "JSS build - ${BITS} bits - ${OPT}" ${RET} 0
+    [ ${RET} -eq 0 ] || return ${RET}
+
+    print_log "$ cd ${HGDIR}/dist"
+    cd ${HGDIR}/dist
+
+    if [ -z "${NO_JSS_SIGN}" ]; then
+	print_log "cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa"
+	cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa >> ${LOG_ALL} 2>&1
+	RET=$?
+	print_result "JSS - sign JAR files - ${BITS} bits - ${OPT}" ${RET} 0
+	[ ${RET} -eq 0 ] || return ${RET}
+    fi
+    print_log "${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS}"
+    ${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS} >> ${LOG_ALL} 2>&1
+    RET=$?
+    print_result "JSS - verify JAR files - ${BITS} bits - ${OPT}" ${RET} 0
+    [ ${RET} -eq 0 ] || return ${RET}
+
+    return 0
+}
+
+test_nss()
+{
+    print_log "######## NSS - tests - ${BITS} bits - ${OPT} ########"
+
+    if [ "${OS_TARGET}" = "Android" ]; then
+	print_log "$ cd ${HGDIR}/nss/tests/remote"
+	cd ${HGDIR}/nss/tests/remote
+	print_log "$ make test_android"
+	make test_android 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
+	OUTPUTFILE=${HGDIR}/tests_results/security/*.1/output.log
+    else
+	print_log "$ cd ${HGDIR}/nss/tests"
+	cd ${HGDIR}/nss/tests
+	print_log "$ ./all.sh"
+	./all.sh 2>&1 | tee ${LOG_TMP} | egrep ${GREP_BUFFER} ": #|^\[.{10}\] "
+	OUTPUTFILE=${LOG_TMP}
+    fi
+
+    cat ${LOG_TMP} >> ${LOG_ALL}
+    tail -n2 ${HGDIR}/tests_results/security/*.1/results.html | grep END_OF_TEST >> ${LOG_ALL}
+    RET=$?
+
+    print_log "######## details of detected failures (if any) ########"
+    grep -B50 FAILED ${OUTPUTFILE}
+    [ $? -eq 1 ] || RET=1
+
+    print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
+    return ${RET}
+}
+
+test_jss()
+{
+    print_log "######## JSS - tests - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/jss"
+    cd ${HGDIR}/jss
+
+    print_log "$ ${MAKE} platform"
+    PLATFORM=$(${MAKE} platform)
+    print_log "PLATFORM=${PLATFORM}"
+
+    print_log "$ cd ${HGDIR}/jss/org/mozilla/jss/tests"
+    cd ${HGDIR}/jss/org/mozilla/jss/tests
+
+    print_log "$ perl all.pl dist ${HGDIR}/dist/${PLATFORM}"
+    perl all.pl dist ${HGDIR}/dist/${PLATFORM} 2>&1 | tee ${LOG_TMP}
+    cat ${LOG_TMP} >> ${LOG_ALL}
+
+    tail -n2 ${LOG_TMP} | grep JSSTEST_RATE > /dev/null
+    RET=$?
+
+    grep FAIL ${LOG_TMP} 
+    [ $? -eq 1 ] || RET=1
+
+    print_result "JSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
+    return ${RET}
+}
+
+create_objdir_dist_link()
+{
+    # compute relevant 'dist' OBJDIR_NAME subdirectory names for JSS and NSS
+    OS_TARGET=`uname -s`
+    OS_RELEASE=`uname -r | sed 's/-.*//' | sed 's/-.*//' | cut -d . -f1,2`
+    CPU_TAG=_`uname -m`
+    # OBJDIR_NAME_COMPILER appears to be defined for NSS but not JSS
+    OBJDIR_NAME_COMPILER=_cc
+    LIBC_TAG=_glibc
+    IMPL_STRATEGY=_PTH
+    if [ "${RUN_BITS}" = "64" ]; then
+        OBJDIR_TAG=_${RUN_BITS}_${RUN_OPT}.OBJ
+    else
+        OBJDIR_TAG=_${RUN_OPT}.OBJ
+    fi
+
+    # define NSS_OBJDIR_NAME
+    NSS_OBJDIR_NAME=${OS_TARGET}${OS_RELEASE}${CPU_TAG}${OBJDIR_NAME_COMPILER}
+    NSS_OBJDIR_NAME=${NSS_OBJDIR_NAME}${LIBC_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}
+    print_log "create_objdir_dist_link(): NSS_OBJDIR_NAME='${NSS_OBJDIR_NAME}'"
+
+    # define JSS_OBJDIR_NAME
+    JSS_OBJDIR_NAME=${OS_TARGET}${OS_RELEASE}${CPU_TAG}
+    JSS_OBJDIR_NAME=${JSS_OBJDIR_NAME}${LIBC_TAG}${IMPL_STRATEGY}${OBJDIR_TAG}
+    print_log "create_objdir_dist_link(): JSS_OBJDIR_NAME='${JSS_OBJDIR_NAME}'"
+
+    if [ -e "${HGDIR}/dist/${NSS_OBJDIR_NAME}" ]; then
+        SOURCE=${HGDIR}/dist/${NSS_OBJDIR_NAME}
+        TARGET=${HGDIR}/dist/${JSS_OBJDIR_NAME}
+        ln -s ${SOURCE} ${TARGET} >/dev/null 2>&1
+    fi
+}
+
+build_and_test()
+{
+    if [ -n "${BUILD_NSS}" ]; then
+        build_nss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${TEST_NSS}" ]; then
+        test_nss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${BUILD_JSS}" ]; then
+        create_objdir_dist_link
+        build_jss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${TEST_JSS}" ]; then
+        test_jss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    return 0
+}
+
+run_cycle()
+{
+    print_env
+    build_and_test
+    RET=$?
+
+    grep ^TinderboxPrint ${LOG_ALL}
+
+    return ${RET}
+}
+
+prepare()
+{
+    rm -rf ${OUTPUTDIR}.oldest >/dev/null 2>&1
+    mv ${OUTPUTDIR}.older ${OUTPUTDIR}.oldest >/dev/null 2>&1
+    mv ${OUTPUTDIR}.old ${OUTPUTDIR}.older >/dev/null 2>&1
+    mv ${OUTPUTDIR}.last ${OUTPUTDIR}.old >/dev/null 2>&1
+    mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
+    mkdir -p ${OUTPUTDIR}
+
+    # Remove temporary test files from previous jobs, that weren't cleaned up
+    # by move_results(), e.g. caused by unexpected interruptions.
+    rm -rf ${HGDIR}/tests_results/
+
+    cd ${HGDIR}/nss
+
+    if [ -n "${FEWER_STRESS_ITERATIONS}" ]; then
+        sed -i 's/-c_1000_/-c_500_/g' tests/ssl/sslstress.txt
+    fi
+
+    return 0
+}
+
+move_results()
+{
+    cd ${HGDIR}
+    if [ -n "${TEST_NSS}" ]; then
+	mv -f tests_results ${OUTPUTDIR}
+    fi
+    tar -c -z --dereference -f ${OUTPUTDIR}/dist.tgz dist
+    rm -rf dist
+}
+
+run_all()
+{
+    set_cycle ${BITS} ${OPT}
+    prepare
+    run_cycle
+    RESULT=$?
+    print_log "### result of run_cycle is ${RESULT}"
+    move_results
+    return ${RESULT}
+}
+
+main()
+{
+    VALID=0
+    RET=1
+
+    for BITS in 32 64; do
+        echo ${RUN_BITS} | grep ${BITS} > /dev/null
+        [ $? -eq 0 ] || continue
+        for OPT in DBG OPT; do
+            echo ${RUN_OPT} | grep ${OPT} > /dev/null
+            [ $? -eq 0 ] || continue
+
+            VALID=1
+            set_env
+            run_all
+            RET=$?
+	    print_log "### result of run_all is ${RET}"
+        done
+    done
+
+    if [ ${VALID} -ne 1 ]; then
+        echo "Need to set valid bits/opt values."
+        return 1
+    fi
+
+    return ${RET}
+}
+
+#function killallsub()
+#{
+#    FINAL_RET=$?
+#    for proc in `jobs -p`
+#    do
+#        kill -9 $proc
+#    done
+#    return ${FINAL_RET}
+#}
+#trap killallsub EXIT
+
+#IS_RUNNING_FILE="./build-is-running"
+
+#if [ -a $IS_RUNNING_FILE ]; then
+#    echo "exiting, because old job is still running"
+#    exit 1
+#fi
+
+#touch $IS_RUNNING_FILE
+
+echo "tinderbox args: $0 $@"
+. ${ENVVARS}
+proc_args "$@"
+main
+
+#RET=$?
+#rm $IS_RUNNING_FILE
+#exit ${RET}
diff --git a/nss/automation/buildbot-slave/reboot.bat b/nss/automation/buildbot-slave/reboot.bat
new file mode 100644
index 0000000..c6a5c7b
--- /dev/null
+++ b/nss/automation/buildbot-slave/reboot.bat
@@ -0,0 +1,6 @@
+IF EXIST ..\buildbot-is-building (
+    del ..\buildbot-is-building
+    shutdown /r /t 0
+
+    timeout /t 120
+)
diff --git a/nss/automation/buildbot-slave/startbuild.bat b/nss/automation/buildbot-slave/startbuild.bat
new file mode 100644
index 0000000..ba06834
--- /dev/null
+++ b/nss/automation/buildbot-slave/startbuild.bat
@@ -0,0 +1,14 @@
+echo running > ..\buildbot-is-building
+
+echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
+"%MOZILLABUILD%\msys\bin\bash" -c "hg/nss/automation/buildbot-slave/build.sh %*"
+
+if %errorlevel% neq 0 (
+  set EXITCODE=1
+) else (
+  set EXITCODE=0
+)
+
+del ..\buildbot-is-building
+
+exit /b %EXITCODE%
diff --git a/nss/automation/ossfuzz/build.sh b/nss/automation/ossfuzz/build.sh
new file mode 100755
index 0000000..04dca18
--- /dev/null
+++ b/nss/automation/ossfuzz/build.sh
@@ -0,0 +1,57 @@
+#!/bin/bash -eu
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+################################################################################
+
+# List of targets disabled for oss-fuzz.
+declare -A disabled=([pkcs8]=1)
+
+# List of targets we want to fuzz in TLS and non-TLS mode.
+declare -A tls_targets=([tls-client]=1)
+
+# Helper function that copies a fuzzer binary and its seed corpus.
+copy_fuzzer()
+{
+    local fuzzer=$1
+    local name=$2
+
+    # Copy the binary.
+    cp ../dist/Debug/bin/$fuzzer $OUT/$name
+
+    # Zip and copy the corpus, if any.
+    if [ -d "$SRC/nss-corpus/$name" ]; then
+        zip $OUT/${name}_seed_corpus.zip $SRC/nss-corpus/$name/*
+    else
+        zip $OUT/${name}_seed_corpus.zip $SRC/nss-corpus/*/*
+    fi
+}
+
+# Copy libFuzzer options
+cp fuzz/*.options $OUT/
+
+# Build the library (non-TLS fuzzing mode).
+CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" \
+    ./build.sh -c -v --fuzz=oss --fuzz --disable-tests
+
+# Copy fuzzing targets.
+for fuzzer in $(find ../dist/Debug/bin -name "nssfuzz-*" -printf "%f\n"); do
+    name=${fuzzer:8}
+    if [ -z "${disabled[$name]:-}" ]; then
+        [ -n "${tls_targets[$name]:-}" ] && name="${name}-no_fuzzer_mode"
+        copy_fuzzer $fuzzer $name
+    fi
+done
+
+# Build the library again (TLS fuzzing mode).
+CXX="$CXX -stdlib=libc++" LDFLAGS="$CFLAGS" \
+    ./build.sh -c -v --fuzz=oss --fuzz=tls --disable-tests
+
+# Copy dual mode targets in TLS mode.
+for name in "${!tls_targets[@]}"; do
+    if [ -z "${disabled[$name]:-}" ]; then
+        copy_fuzzer nssfuzz-$name $name
+    fi
+done
diff --git a/nss/automation/release/nss-release-helper.py b/nss/automation/release/nss-release-helper.py
new file mode 100644
index 0000000..a7b4088
--- /dev/null
+++ b/nss/automation/release/nss-release-helper.py
@@ -0,0 +1,250 @@
+#!/usr/bin/python
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import os
+import sys
+import datetime
+import shutil
+import glob
+from optparse import OptionParser
+from subprocess import check_call
+
+nssutil_h = "lib/util/nssutil.h"
+softkver_h = "lib/softoken/softkver.h"
+nss_h = "lib/nss/nss.h"
+nssckbi_h = "lib/ckfw/builtins/nssckbi.h"
+
+def check_call_noisy(cmd, *args, **kwargs):
+    print "Executing command:", cmd
+    check_call(cmd, *args, **kwargs)
+
+o = OptionParser(usage="client.py [options] remove_beta | set_beta | print_library_versions | print_root_ca_version | set_root_ca_version | set_version_to_minor_release | set_version_to_patch_release | set_release_candidate_number | set_4_digit_release_number | create_nss_release_archive")
+
+try:
+    options, args = o.parse_args()
+    action = args[0]
+except IndexError:
+    o.print_help()
+    sys.exit(2)
+
+def exit_with_failure(what):
+    print "failure: ", what
+    sys.exit(2)
+
+def check_files_exist():
+    if (not os.path.exists(nssutil_h) or not os.path.exists(softkver_h)
+        or not os.path.exists(nss_h) or not os.path.exists(nssckbi_h)):
+        exit_with_failure("cannot find expected header files, must run from inside NSS hg directory")
+
+def sed_inplace(sed_expression, filename):
+    backup_file = filename + '.tmp'
+    check_call_noisy(["sed", "-i.tmp", sed_expression, filename])
+    os.remove(backup_file)
+
+def toggle_beta_status(is_beta):
+    check_files_exist()
+    if (is_beta):
+        print "adding Beta status to version numbers"
+        sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\)\" *$/\\1 Beta\"/', nssutil_h)
+        sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nssutil_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *$/\\1 \" Beta"/', softkver_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_FALSE *$/\\1PR_TRUE/', softkver_h)
+        sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *$/\\1 \" Beta"/', nss_h)
+        sed_inplace('s/^\(#define *NSS_BETA *\)PR_FALSE *$/\\1PR_TRUE/', nss_h)
+    else:
+        print "removing Beta status from version numbers"
+        sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"[0-9.]\+\) *Beta\" *$/\\1\"/', nssutil_h)
+        sed_inplace('s/^\(#define *NSSUTIL_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nssutil_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"[0-9.]\+\" *SOFTOKEN_ECC_STRING\) *\" *Beta\" *$/\\1/', softkver_h)
+        sed_inplace('s/^\(#define *SOFTOKEN_BETA *\)PR_TRUE *$/\\1PR_FALSE/', softkver_h)
+        sed_inplace('s/^\(#define *NSS_VERSION *\"[0-9.]\+\" *_NSS_CUSTOMIZED\) *\" *Beta\" *$/\\1/', nss_h)
+        sed_inplace('s/^\(#define *NSS_BETA *\)PR_TRUE *$/\\1PR_FALSE/', nss_h)
+    print "please run 'hg stat' and 'hg diff' to verify the files have been verified correctly"
+
+def print_beta_versions():
+    check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define *NSSUTIL_BETA", nssutil_h])
+    check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define *SOFTOKEN_BETA", softkver_h])
+    check_call_noisy(["egrep", "#define *NSS_VERSION|#define *NSS_BETA", nss_h])
+
+def remove_beta_status():
+    print "--- removing beta flags. Existing versions were:"
+    print_beta_versions()
+    toggle_beta_status(False)
+    print "--- finished modifications, new versions are:"
+    print_beta_versions()
+
+def set_beta_status():
+    print "--- adding beta flags. Existing versions were:"
+    print_beta_versions()
+    toggle_beta_status(True)
+    print "--- finished modifications, new versions are:"
+    print_beta_versions()
+
+def print_library_versions():
+    check_files_exist()
+    check_call_noisy(["egrep", "#define *NSSUTIL_VERSION|#define NSSUTIL_VMAJOR|#define *NSSUTIL_VMINOR|#define *NSSUTIL_VPATCH|#define *NSSUTIL_VBUILD|#define *NSSUTIL_BETA", nssutil_h])
+    check_call_noisy(["egrep", "#define *SOFTOKEN_VERSION|#define SOFTOKEN_VMAJOR|#define *SOFTOKEN_VMINOR|#define *SOFTOKEN_VPATCH|#define *SOFTOKEN_VBUILD|#define *SOFTOKEN_BETA", softkver_h])
+    check_call_noisy(["egrep", "#define *NSS_VERSION|#define NSS_VMAJOR|#define *NSS_VMINOR|#define *NSS_VPATCH|#define *NSS_VBUILD|#define *NSS_BETA", nss_h])
+
+def print_root_ca_version():
+    check_files_exist()
+    check_call_noisy(["grep", "define *NSS_BUILTINS_LIBRARY_VERSION", nssckbi_h])
+
+
+def ensure_arguments_after_action(how_many, usage):
+    if (len(sys.argv) != (2+how_many)):
+        exit_with_failure("incorrect number of arguments, expected parameters are:\n" + usage)
+
+def set_major_versions(major):
+    sed_inplace('s/^\(#define *NSSUTIL_VMAJOR *\).*$/\\1' + major + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VMAJOR *\).*$/\\1' + major + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VMAJOR *\).*$/\\1' + major + '/', nss_h)
+
+def set_minor_versions(minor):
+    sed_inplace('s/^\(#define *NSSUTIL_VMINOR *\).*$/\\1' + minor + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VMINOR *\).*$/\\1' + minor + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VMINOR *\).*$/\\1' + minor + '/', nss_h)
+
+def set_patch_versions(patch):
+    sed_inplace('s/^\(#define *NSSUTIL_VPATCH *\).*$/\\1' + patch + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VPATCH *\).*$/\\1' + patch + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VPATCH *\).*$/\\1' + patch + '/', nss_h)
+
+def set_build_versions(build):
+    sed_inplace('s/^\(#define *NSSUTIL_VBUILD *\).*$/\\1' + build + '/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VBUILD *\).*$/\\1' + build + '/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VBUILD *\).*$/\\1' + build + '/', nss_h)
+
+def set_full_lib_versions(version):
+    sed_inplace('s/^\(#define *NSSUTIL_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nssutil_h)
+    sed_inplace('s/^\(#define *SOFTOKEN_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', softkver_h)
+    sed_inplace('s/^\(#define *NSS_VERSION *\"\)\([0-9.]\+\)\(.*\)$/\\1' + version + '\\3/', nss_h)
+
+def set_root_ca_version():
+    ensure_arguments_after_action(2, "major_version  minor_version")
+    major = args[1].strip()
+    minor = args[2].strip()
+    version = major + '.' + minor
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION *\"\).*$/\\1' + version + '/', nssckbi_h)
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MAJOR *\).*$/\\1' + major + '/', nssckbi_h)
+    sed_inplace('s/^\(#define *NSS_BUILTINS_LIBRARY_VERSION_MINOR *\).*$/\\1' + minor + '/', nssckbi_h)
+
+def set_all_lib_versions(version, major, minor, patch, build):
+    set_full_lib_versions(version)
+    set_major_versions(major)
+    set_minor_versions(minor)
+    set_patch_versions(patch)
+    set_build_versions(build)
+
+def set_version_to_minor_release():
+    ensure_arguments_after_action(2, "major_version  minor_version")
+    major = args[1].strip()
+    minor = args[2].strip()
+    version = major + '.' + minor
+    patch = "0"
+    build = "0"
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def set_version_to_patch_release():
+    ensure_arguments_after_action(3, "major_version  minor_version  patch_release")
+    major = args[1].strip()
+    minor = args[2].strip()
+    patch = args[3].strip()
+    version = major + '.' + minor + '.' + patch
+    build = "0"
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def set_release_candidate_number():
+    ensure_arguments_after_action(1, "release_candidate_number")
+    build = args[1].strip()
+    set_build_versions(build)
+
+def set_4_digit_release_number():
+    ensure_arguments_after_action(4, "major_version  minor_version  patch_release  4th_digit_release_number")
+    major = args[1].strip()
+    minor = args[2].strip()
+    patch = args[3].strip()
+    build = args[4].strip()
+    version = major + '.' + minor + '.' + patch + '.' + build
+    set_all_lib_versions(version, major, minor, patch, build)
+
+def create_nss_release_archive():
+    ensure_arguments_after_action(4, "nss_release_version  nss_hg_release_tag  nspr_release_version  path_to_stage_directory")
+    nssrel = args[1].strip() #e.g. 3.19.3
+    nssreltag = args[2].strip() #e.g. NSS_3_19_3_RTM
+    nsprrel = args[3].strip() #e.g. 4.10.8
+    stagedir = args[4].strip() #e.g. ../stage
+
+    nspr_tar = "nspr-" + nsprrel + ".tar.gz"
+    nsprtar_with_path= stagedir + "/v" + nsprrel + "/src/" + nspr_tar
+    if (not os.path.exists(nsprtar_with_path)):
+        exit_with_failure("cannot find nspr archive at expected location " + nsprtar_with_path)
+
+    nss_stagedir= stagedir + "/" + nssreltag + "/src"
+    if (os.path.exists(nss_stagedir)):
+        exit_with_failure("nss stage directory already exists: " + nss_stagedir)
+
+    nss_tar = "nss-" + nssrel + ".tar.gz"
+
+    check_call_noisy(["mkdir", "-p", nss_stagedir])
+    check_call_noisy(["hg", "archive", "-r", nssreltag, "--prefix=nss-" + nssrel + "/nss",
+                      stagedir + "/" + nssreltag + "/src/" + nss_tar, "-X", ".hgtags"])
+    check_call_noisy(["tar", "-xz", "-C", nss_stagedir, "-f", nsprtar_with_path])
+    print "changing to directory " + nss_stagedir
+    os.chdir(nss_stagedir)
+    check_call_noisy(["tar", "-xz", "-f", nss_tar])
+    check_call_noisy(["mv", "-i", "nspr-" + nsprrel + "/nspr", "nss-" + nssrel + "/"])
+    check_call_noisy(["rmdir", "nspr-" + nsprrel])
+
+    nss_nspr_tar = "nss-" + nssrel + "-with-nspr-" + nsprrel + ".tar.gz"
+
+    check_call_noisy(["tar", "-cz", "--remove-files", "-f", nss_nspr_tar, "nss-" + nssrel])
+    check_call("sha1sum " + nss_tar + " " + nss_nspr_tar + " > SHA1SUMS", shell=True)
+    check_call("sha256sum " + nss_tar + " " + nss_nspr_tar + " > SHA256SUMS", shell=True)
+    print "created directory " + nss_stagedir + " with files:"
+    check_call_noisy(["ls", "-l"])
+
+if action in ('remove_beta'):
+    remove_beta_status()
+
+elif action in ('set_beta'):
+    set_beta_status()
+
+elif action in ('print_library_versions'):
+    print_library_versions()
+
+elif action in ('print_root_ca_version'):
+    print_root_ca_version()
+
+elif action in ('set_root_ca_version'):
+    set_root_ca_version()
+
+# x.y version number - 2 parameters
+elif action in ('set_version_to_minor_release'):
+    set_version_to_minor_release()
+
+# x.y.z version number - 3 parameters
+elif action in ('set_version_to_patch_release'):
+    set_version_to_patch_release()
+
+# change the release candidate number, usually increased by one,
+# usually if previous release candiate had a bug
+# 1 parameter
+elif action in ('set_release_candidate_number'):
+    set_release_candidate_number()
+
+# use the build/release candiate number in the identifying version number
+# 4 parameters
+elif action in ('set_4_digit_release_number'):
+    set_4_digit_release_number()
+
+elif action in ('create_nss_release_archive'):
+    create_nss_release_archive()
+
+else:
+    o.print_help()
+    sys.exit(2)
+
+sys.exit(0)
diff --git a/nss/automation/taskcluster/docker-aarch64/Dockerfile b/nss/automation/taskcluster/docker-aarch64/Dockerfile
new file mode 100644
index 0000000..cd58278
--- /dev/null
+++ b/nss/automation/taskcluster/docker-aarch64/Dockerfile
@@ -0,0 +1,30 @@
+FROM franziskus/xenial:aarch64
+MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Add build and test scripts.
+ADD bin /home/worker/bin
+RUN chmod +x /home/worker/bin/*
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Change user.
+USER worker
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
diff --git a/nss/automation/taskcluster/docker-aarch64/bin/checkout.sh b/nss/automation/taskcluster/docker-aarch64/bin/checkout.sh
new file mode 100755
index 0000000..9167f6b
--- /dev/null
+++ b/nss/automation/taskcluster/docker-aarch64/bin/checkout.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
diff --git a/nss/automation/taskcluster/docker-aarch64/setup.sh b/nss/automation/taskcluster/docker-aarch64/setup.sh
new file mode 100755
index 0000000..b137a50
--- /dev/null
+++ b/nss/automation/taskcluster/docker-aarch64/setup.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+export DEBIAN_FRONTEND=noninteractive
+
+apt-get -y update
+apt-get -y install software-properties-common
+
+# Add more repos
+add-apt-repository "deb http://ports.ubuntu.com/ xenial main restricted universe multiverse"
+add-apt-repository "deb http://ports.ubuntu.com/ xenial-security main restricted universe multiverse"
+add-apt-repository "deb http://ports.ubuntu.com/ xenial-updates main restricted universe multiverse"
+add-apt-repository "deb http://ports.ubuntu.com/ xenial-backports main restricted universe multiverse"
+
+# Update.
+apt-get -y update
+apt-get -y dist-upgrade
+
+apt_packages=()
+apt_packages+=('build-essential')
+apt_packages+=('ca-certificates')
+apt_packages+=('curl')
+apt_packages+=('zlib1g-dev')
+apt_packages+=('ninja-build')
+apt_packages+=('gyp')
+apt_packages+=('mercurial')
+
+# Install packages.
+apt-get install -y --no-install-recommends ${apt_packages[@]}
+
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+rm $0
diff --git a/nss/automation/taskcluster/docker-arm/Dockerfile b/nss/automation/taskcluster/docker-arm/Dockerfile
new file mode 100644
index 0000000..9a7e502
--- /dev/null
+++ b/nss/automation/taskcluster/docker-arm/Dockerfile
@@ -0,0 +1,27 @@
+FROM armv7/armhf-ubuntu:16.04
+MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Add build and test scripts.
+ADD bin /home/worker/bin
+RUN chmod +x /home/worker/bin/*
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
diff --git a/nss/automation/taskcluster/docker-arm/bin/checkout.sh b/nss/automation/taskcluster/docker-arm/bin/checkout.sh
new file mode 100755
index 0000000..4b89128
--- /dev/null
+++ b/nss/automation/taskcluster/docker-arm/bin/checkout.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # set up fake uname
+    if [ ! -f /bin/uname-real ]; then
+        mv /bin/uname /bin/uname-real
+        ln -s /home/worker/bin/uname.sh /bin/uname
+    fi
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
diff --git a/nss/automation/taskcluster/docker-arm/bin/uname.sh b/nss/automation/taskcluster/docker-arm/bin/uname.sh
new file mode 100755
index 0000000..61ad13c
--- /dev/null
+++ b/nss/automation/taskcluster/docker-arm/bin/uname.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+args=`getopt rmvs $*`
+set -- $args
+for i
+do
+  if [ "$i" == "-v" ]; then
+    /bin/uname-real -v
+  fi
+  if [ "$i" == "-r" ]; then
+    echo "4.4.16-v7+"
+  fi
+  if [ "$i" == "-m" ]; then
+    echo "armv7l"
+  fi
+  if [ "$i" == "-s" ]; then
+    echo "Linux"
+  fi
+done
\ No newline at end of file
diff --git a/nss/automation/taskcluster/docker-arm/setup.sh b/nss/automation/taskcluster/docker-arm/setup.sh
new file mode 100755
index 0000000..42d66a4
--- /dev/null
+++ b/nss/automation/taskcluster/docker-arm/setup.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+export DEBIAN_FRONTEND=noninteractive
+
+# Update.
+apt-get -y update
+apt-get -y dist-upgrade
+
+apt_packages=()
+apt_packages+=('build-essential')
+apt_packages+=('ca-certificates')
+apt_packages+=('curl')
+apt_packages+=('python-dev')
+apt_packages+=('python-pip')
+apt_packages+=('python-setuptools')
+apt_packages+=('zlib1g-dev')
+
+# Install packages.
+apt-get install -y --no-install-recommends ${apt_packages[@]}
+
+# Latest Mercurial.
+pip install --upgrade pip
+pip install Mercurial
+
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+rm $0
diff --git a/nss/automation/taskcluster/docker-decision/Dockerfile b/nss/automation/taskcluster/docker-decision/Dockerfile
new file mode 100644
index 0000000..35777c0
--- /dev/null
+++ b/nss/automation/taskcluster/docker-decision/Dockerfile
@@ -0,0 +1,27 @@
+FROM ubuntu:16.04
+MAINTAINER Tim Taubert <ttaubert@mozilla.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Add build and test scripts.
+ADD bin /home/worker/bin
+RUN chmod +x /home/worker/bin/*
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
diff --git a/nss/automation/taskcluster/docker-decision/bin/checkout.sh b/nss/automation/taskcluster/docker-decision/bin/checkout.sh
new file mode 100644
index 0000000..9167f6b
--- /dev/null
+++ b/nss/automation/taskcluster/docker-decision/bin/checkout.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
diff --git a/nss/automation/taskcluster/docker-decision/setup.sh b/nss/automation/taskcluster/docker-decision/setup.sh
new file mode 100644
index 0000000..e5a6d20
--- /dev/null
+++ b/nss/automation/taskcluster/docker-decision/setup.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Update packages.
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y update && apt-get -y upgrade
+
+# Need those to install newer packages below.
+apt-get install -y --no-install-recommends apt-utils curl ca-certificates
+
+# Latest Mercurial.
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
+echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
+
+# Install packages.
+apt-get -y update && apt-get install -y --no-install-recommends mercurial
+
+# Latest Node.JS.
+curl -sL https://deb.nodesource.com/setup_6.x | bash -
+apt-get install -y --no-install-recommends nodejs
+
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+rm $0
diff --git a/nss/automation/taskcluster/docker-fuzz/Dockerfile b/nss/automation/taskcluster/docker-fuzz/Dockerfile
new file mode 100644
index 0000000..254f166
--- /dev/null
+++ b/nss/automation/taskcluster/docker-fuzz/Dockerfile
@@ -0,0 +1,33 @@
+FROM ubuntu:16.04
+MAINTAINER Tim Taubert <ttaubert@mozilla.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Add build and test scripts.
+ADD bin /home/worker/bin
+RUN chmod +x /home/worker/bin/*
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Change user.
+USER worker
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# LLVM 4.0
+ENV PATH "${PATH}:/home/worker/third_party/llvm-build/Release+Asserts/bin/"
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
diff --git a/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh b/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh
new file mode 100644
index 0000000..9167f6b
--- /dev/null
+++ b/nss/automation/taskcluster/docker-fuzz/bin/checkout.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
diff --git a/nss/automation/taskcluster/docker-fuzz/setup.sh b/nss/automation/taskcluster/docker-fuzz/setup.sh
new file mode 100644
index 0000000..899ad7d
--- /dev/null
+++ b/nss/automation/taskcluster/docker-fuzz/setup.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Update packages.
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y update && apt-get -y upgrade
+
+# Need this to add keys for PPAs below.
+apt-get install -y --no-install-recommends apt-utils
+
+apt_packages=()
+apt_packages+=('build-essential')
+apt_packages+=('ca-certificates')
+apt_packages+=('curl')
+apt_packages+=('git')
+apt_packages+=('gyp')
+apt_packages+=('libssl-dev')
+apt_packages+=('ninja-build')
+apt_packages+=('pkg-config')
+apt_packages+=('zlib1g-dev')
+
+# Latest Mercurial.
+apt_packages+=('mercurial')
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
+echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
+
+# Install packages.
+apt-get -y update
+apt-get install -y --no-install-recommends ${apt_packages[@]}
+
+# Install LLVM/clang-4.0.
+mkdir clang-tmp
+git clone -n --depth 1 https://chromium.googlesource.com/chromium/src/tools/clang clang-tmp/clang
+git -C clang-tmp/clang checkout HEAD scripts/update.py
+clang-tmp/clang/scripts/update.py
+rm -fr clang-tmp
+
+# Generate locales.
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+rm $0
diff --git a/nss/automation/taskcluster/docker/Dockerfile b/nss/automation/taskcluster/docker/Dockerfile
new file mode 100644
index 0000000..8a2256d
--- /dev/null
+++ b/nss/automation/taskcluster/docker/Dockerfile
@@ -0,0 +1,33 @@
+FROM ubuntu:16.04
+MAINTAINER Tim Taubert <ttaubert@mozilla.com>
+
+RUN useradd -d /home/worker -s /bin/bash -m worker
+WORKDIR /home/worker
+
+# Add build and test scripts.
+ADD bin /home/worker/bin
+RUN chmod +x /home/worker/bin/*
+
+# Install dependencies.
+ADD setup.sh /tmp/setup.sh
+RUN bash /tmp/setup.sh
+
+# Change user.
+USER worker
+
+# Env variables.
+ENV HOME /home/worker
+ENV SHELL /bin/bash
+ENV USER worker
+ENV LOGNAME worker
+ENV HOSTNAME taskcluster-worker
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+ENV HOST localhost
+ENV DOMSUF localdomain
+
+# Rust + Go
+ENV PATH "${PATH}:/home/worker/.cargo/bin/:/usr/lib/go-1.6/bin"
+
+# Set a default command for debugging.
+CMD ["/bin/bash", "--login"]
diff --git a/nss/automation/taskcluster/docker/bin/checkout.sh b/nss/automation/taskcluster/docker/bin/checkout.sh
new file mode 100644
index 0000000..9167f6b
--- /dev/null
+++ b/nss/automation/taskcluster/docker/bin/checkout.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [ $(id -u) = 0 ]; then
+    # Drop privileges by re-running this script.
+    exec su worker $0
+fi
+
+# Default values for testing.
+REVISION=${NSS_HEAD_REVISION:-default}
+REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
+
+# Clone NSS.
+for i in 0 2 5; do
+    sleep $i
+    hg clone -r $REVISION $REPOSITORY nss && exit 0
+    rm -rf nss
+done
+exit 1
diff --git a/nss/automation/taskcluster/docker/setup.sh b/nss/automation/taskcluster/docker/setup.sh
new file mode 100644
index 0000000..bead035
--- /dev/null
+++ b/nss/automation/taskcluster/docker/setup.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Update packages.
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y update && apt-get -y upgrade
+
+# Need this to add keys for PPAs below.
+apt-get install -y --no-install-recommends apt-utils
+
+apt_packages=()
+apt_packages+=('build-essential')
+apt_packages+=('ca-certificates')
+apt_packages+=('curl')
+apt_packages+=('npm')
+apt_packages+=('git')
+apt_packages+=('golang-1.6')
+apt_packages+=('ninja-build')
+apt_packages+=('pkg-config')
+apt_packages+=('zlib1g-dev')
+
+# 32-bit builds
+apt_packages+=('lib32z1-dev')
+apt_packages+=('gcc-multilib')
+apt_packages+=('g++-multilib')
+
+# ct-verif and sanitizers
+apt_packages+=('valgrind')
+
+# Latest Mercurial.
+apt_packages+=('mercurial')
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
+echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
+
+# gcc 4.8 and 6
+apt_packages+=('g++-6')
+apt_packages+=('g++-4.8')
+apt_packages+=('g++-6-multilib')
+apt_packages+=('g++-4.8-multilib')
+apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 60C317803A41BA51845E371A1E9377A2BA9EF27F
+echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu xenial main" > /etc/apt/sources.list.d/toolchain.list
+
+# Install packages.
+apt-get -y update
+apt-get install -y --no-install-recommends ${apt_packages[@]}
+
+# 32-bit builds
+ln -s /usr/include/x86_64-linux-gnu/zconf.h /usr/include
+
+# Install clang-3.9 into /usr/local/.
+# FIXME: verify signature
+curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz | tar xJv -C /usr/local --strip-components=1
+
+# Install latest Rust (stable).
+su worker -c "curl https://sh.rustup.rs -sSf | sh -s -- -y"
+
+locale-gen en_US.UTF-8
+dpkg-reconfigure locales
+
+# Cleanup.
+rm -rf ~/.ccache ~/.cache
+apt-get autoremove -y
+apt-get clean
+apt-get autoclean
+rm $0
diff --git a/nss/automation/taskcluster/graph/npm-shrinkwrap.json b/nss/automation/taskcluster/graph/npm-shrinkwrap.json
new file mode 100644
index 0000000..b805bb8
--- /dev/null
+++ b/nss/automation/taskcluster/graph/npm-shrinkwrap.json
@@ -0,0 +1,1643 @@
+{
+  "name": "decision-task",
+  "version": "0.0.1",
+  "dependencies": {
+    "amqplib": {
+      "version": "0.4.2",
+      "from": "amqplib@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.2.tgz",
+      "dependencies": {
+        "isarray": {
+          "version": "0.0.1",
+          "from": "isarray@0.0.1",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"
+        },
+        "readable-stream": {
+          "version": "1.1.14",
+          "from": "readable-stream@>=1.0.0 <2.0.0 >=1.1.9",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz"
+        }
+      }
+    },
+    "ansi-regex": {
+      "version": "2.0.0",
+      "from": "ansi-regex@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.0.0.tgz"
+    },
+    "ansi-styles": {
+      "version": "2.2.1",
+      "from": "ansi-styles@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz"
+    },
+    "anymatch": {
+      "version": "1.3.0",
+      "from": "anymatch@>=1.3.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-1.3.0.tgz"
+    },
+    "argparse": {
+      "version": "1.0.9",
+      "from": "argparse@>=1.0.7 <2.0.0",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.9.tgz"
+    },
+    "arr-diff": {
+      "version": "2.0.0",
+      "from": "arr-diff@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/arr-diff/-/arr-diff-2.0.0.tgz"
+    },
+    "arr-flatten": {
+      "version": "1.0.1",
+      "from": "arr-flatten@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/arr-flatten/-/arr-flatten-1.0.1.tgz"
+    },
+    "array-find-index": {
+      "version": "1.0.2",
+      "from": "array-find-index@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/array-find-index/-/array-find-index-1.0.2.tgz"
+    },
+    "array-uniq": {
+      "version": "1.0.3",
+      "from": "array-uniq@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz"
+    },
+    "array-unique": {
+      "version": "0.2.1",
+      "from": "array-unique@>=0.2.1 <0.3.0",
+      "resolved": "https://registry.npmjs.org/array-unique/-/array-unique-0.2.1.tgz"
+    },
+    "arrify": {
+      "version": "1.0.1",
+      "from": "arrify@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz"
+    },
+    "asap": {
+      "version": "1.0.0",
+      "from": "asap@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/asap/-/asap-1.0.0.tgz"
+    },
+    "asn1": {
+      "version": "0.2.3",
+      "from": "asn1@>=0.2.3 <0.3.0",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz"
+    },
+    "assert-plus": {
+      "version": "0.2.0",
+      "from": "assert-plus@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.2.0.tgz"
+    },
+    "async": {
+      "version": "2.1.1",
+      "from": "async@*",
+      "resolved": "https://registry.npmjs.org/async/-/async-2.1.1.tgz"
+    },
+    "async-each": {
+      "version": "1.0.1",
+      "from": "async-each@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/async-each/-/async-each-1.0.1.tgz"
+    },
+    "asynckit": {
+      "version": "0.4.0",
+      "from": "asynckit@>=0.4.0 <0.5.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"
+    },
+    "aws-sign2": {
+      "version": "0.6.0",
+      "from": "aws-sign2@>=0.6.0 <0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.6.0.tgz"
+    },
+    "aws4": {
+      "version": "1.5.0",
+      "from": "aws4@>=1.2.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.5.0.tgz"
+    },
+    "babel-cli": {
+      "version": "6.16.0",
+      "from": "babel-cli@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-cli/-/babel-cli-6.16.0.tgz"
+    },
+    "babel-code-frame": {
+      "version": "6.16.0",
+      "from": "babel-code-frame@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.16.0.tgz"
+    },
+    "babel-compile": {
+      "version": "2.0.0",
+      "from": "babel-compile@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/babel-compile/-/babel-compile-2.0.0.tgz"
+    },
+    "babel-core": {
+      "version": "6.17.0",
+      "from": "babel-core@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-core/-/babel-core-6.17.0.tgz"
+    },
+    "babel-generator": {
+      "version": "6.17.0",
+      "from": "babel-generator@>=6.17.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-generator/-/babel-generator-6.17.0.tgz"
+    },
+    "babel-helper-call-delegate": {
+      "version": "6.8.0",
+      "from": "babel-helper-call-delegate@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-call-delegate/-/babel-helper-call-delegate-6.8.0.tgz"
+    },
+    "babel-helper-define-map": {
+      "version": "6.9.0",
+      "from": "babel-helper-define-map@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-define-map/-/babel-helper-define-map-6.9.0.tgz"
+    },
+    "babel-helper-function-name": {
+      "version": "6.8.0",
+      "from": "babel-helper-function-name@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-function-name/-/babel-helper-function-name-6.8.0.tgz"
+    },
+    "babel-helper-get-function-arity": {
+      "version": "6.8.0",
+      "from": "babel-helper-get-function-arity@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-get-function-arity/-/babel-helper-get-function-arity-6.8.0.tgz"
+    },
+    "babel-helper-hoist-variables": {
+      "version": "6.8.0",
+      "from": "babel-helper-hoist-variables@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-hoist-variables/-/babel-helper-hoist-variables-6.8.0.tgz"
+    },
+    "babel-helper-optimise-call-expression": {
+      "version": "6.8.0",
+      "from": "babel-helper-optimise-call-expression@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-optimise-call-expression/-/babel-helper-optimise-call-expression-6.8.0.tgz"
+    },
+    "babel-helper-regex": {
+      "version": "6.9.0",
+      "from": "babel-helper-regex@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-regex/-/babel-helper-regex-6.9.0.tgz"
+    },
+    "babel-helper-remap-async-to-generator": {
+      "version": "6.16.2",
+      "from": "babel-helper-remap-async-to-generator@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-remap-async-to-generator/-/babel-helper-remap-async-to-generator-6.16.2.tgz"
+    },
+    "babel-helper-replace-supers": {
+      "version": "6.16.0",
+      "from": "babel-helper-replace-supers@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helper-replace-supers/-/babel-helper-replace-supers-6.16.0.tgz"
+    },
+    "babel-helpers": {
+      "version": "6.16.0",
+      "from": "babel-helpers@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-helpers/-/babel-helpers-6.16.0.tgz"
+    },
+    "babel-messages": {
+      "version": "6.8.0",
+      "from": "babel-messages@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-messages/-/babel-messages-6.8.0.tgz"
+    },
+    "babel-plugin-check-es2015-constants": {
+      "version": "6.8.0",
+      "from": "babel-plugin-check-es2015-constants@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-check-es2015-constants/-/babel-plugin-check-es2015-constants-6.8.0.tgz"
+    },
+    "babel-plugin-syntax-async-functions": {
+      "version": "6.13.0",
+      "from": "babel-plugin-syntax-async-functions@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-syntax-async-functions/-/babel-plugin-syntax-async-functions-6.13.0.tgz"
+    },
+    "babel-plugin-transform-async-to-generator": {
+      "version": "6.16.0",
+      "from": "babel-plugin-transform-async-to-generator@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-async-to-generator/-/babel-plugin-transform-async-to-generator-6.16.0.tgz"
+    },
+    "babel-plugin-transform-es2015-arrow-functions": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-arrow-functions@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-arrow-functions/-/babel-plugin-transform-es2015-arrow-functions-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-block-scoped-functions": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-block-scoped-functions@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-block-scoped-functions/-/babel-plugin-transform-es2015-block-scoped-functions-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-block-scoping": {
+      "version": "6.15.0",
+      "from": "babel-plugin-transform-es2015-block-scoping@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-block-scoping/-/babel-plugin-transform-es2015-block-scoping-6.15.0.tgz"
+    },
+    "babel-plugin-transform-es2015-classes": {
+      "version": "6.14.0",
+      "from": "babel-plugin-transform-es2015-classes@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-classes/-/babel-plugin-transform-es2015-classes-6.14.0.tgz"
+    },
+    "babel-plugin-transform-es2015-computed-properties": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-computed-properties@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-computed-properties/-/babel-plugin-transform-es2015-computed-properties-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-destructuring": {
+      "version": "6.16.0",
+      "from": "babel-plugin-transform-es2015-destructuring@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-destructuring/-/babel-plugin-transform-es2015-destructuring-6.16.0.tgz"
+    },
+    "babel-plugin-transform-es2015-duplicate-keys": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-duplicate-keys@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-duplicate-keys/-/babel-plugin-transform-es2015-duplicate-keys-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-for-of": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-for-of@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-for-of/-/babel-plugin-transform-es2015-for-of-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-function-name": {
+      "version": "6.9.0",
+      "from": "babel-plugin-transform-es2015-function-name@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-function-name/-/babel-plugin-transform-es2015-function-name-6.9.0.tgz"
+    },
+    "babel-plugin-transform-es2015-literals": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-literals@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-literals/-/babel-plugin-transform-es2015-literals-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-amd": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-modules-amd@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-amd/-/babel-plugin-transform-es2015-modules-amd-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-commonjs": {
+      "version": "6.16.0",
+      "from": "babel-plugin-transform-es2015-modules-commonjs@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-commonjs/-/babel-plugin-transform-es2015-modules-commonjs-6.16.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-systemjs": {
+      "version": "6.14.0",
+      "from": "babel-plugin-transform-es2015-modules-systemjs@>=6.14.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-systemjs/-/babel-plugin-transform-es2015-modules-systemjs-6.14.0.tgz"
+    },
+    "babel-plugin-transform-es2015-modules-umd": {
+      "version": "6.12.0",
+      "from": "babel-plugin-transform-es2015-modules-umd@>=6.12.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-modules-umd/-/babel-plugin-transform-es2015-modules-umd-6.12.0.tgz"
+    },
+    "babel-plugin-transform-es2015-object-super": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-object-super@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-object-super/-/babel-plugin-transform-es2015-object-super-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-parameters": {
+      "version": "6.17.0",
+      "from": "babel-plugin-transform-es2015-parameters@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-parameters/-/babel-plugin-transform-es2015-parameters-6.17.0.tgz"
+    },
+    "babel-plugin-transform-es2015-shorthand-properties": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-shorthand-properties@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-shorthand-properties/-/babel-plugin-transform-es2015-shorthand-properties-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-spread": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-spread@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-spread/-/babel-plugin-transform-es2015-spread-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-sticky-regex": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-sticky-regex@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-sticky-regex/-/babel-plugin-transform-es2015-sticky-regex-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-template-literals": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-template-literals@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-template-literals/-/babel-plugin-transform-es2015-template-literals-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-typeof-symbol": {
+      "version": "6.8.0",
+      "from": "babel-plugin-transform-es2015-typeof-symbol@>=6.6.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-typeof-symbol/-/babel-plugin-transform-es2015-typeof-symbol-6.8.0.tgz"
+    },
+    "babel-plugin-transform-es2015-unicode-regex": {
+      "version": "6.11.0",
+      "from": "babel-plugin-transform-es2015-unicode-regex@>=6.3.13 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-es2015-unicode-regex/-/babel-plugin-transform-es2015-unicode-regex-6.11.0.tgz"
+    },
+    "babel-plugin-transform-regenerator": {
+      "version": "6.16.1",
+      "from": "babel-plugin-transform-regenerator@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-regenerator/-/babel-plugin-transform-regenerator-6.16.1.tgz"
+    },
+    "babel-plugin-transform-runtime": {
+      "version": "6.15.0",
+      "from": "babel-plugin-transform-runtime@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-runtime/-/babel-plugin-transform-runtime-6.15.0.tgz"
+    },
+    "babel-plugin-transform-strict-mode": {
+      "version": "6.11.3",
+      "from": "babel-plugin-transform-strict-mode@>=6.8.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-plugin-transform-strict-mode/-/babel-plugin-transform-strict-mode-6.11.3.tgz"
+    },
+    "babel-polyfill": {
+      "version": "6.16.0",
+      "from": "babel-polyfill@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-polyfill/-/babel-polyfill-6.16.0.tgz"
+    },
+    "babel-preset-es2015": {
+      "version": "6.16.0",
+      "from": "babel-preset-es2015@>=6.9.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-preset-es2015/-/babel-preset-es2015-6.16.0.tgz"
+    },
+    "babel-preset-taskcluster": {
+      "version": "3.0.0",
+      "from": "babel-preset-taskcluster@>=3.0.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/babel-preset-taskcluster/-/babel-preset-taskcluster-3.0.0.tgz"
+    },
+    "babel-register": {
+      "version": "6.16.3",
+      "from": "babel-register@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-register/-/babel-register-6.16.3.tgz"
+    },
+    "babel-runtime": {
+      "version": "6.11.6",
+      "from": "babel-runtime@>=6.11.6 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.11.6.tgz"
+    },
+    "babel-template": {
+      "version": "6.16.0",
+      "from": "babel-template@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-template/-/babel-template-6.16.0.tgz"
+    },
+    "babel-traverse": {
+      "version": "6.16.0",
+      "from": "babel-traverse@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-traverse/-/babel-traverse-6.16.0.tgz"
+    },
+    "babel-types": {
+      "version": "6.16.0",
+      "from": "babel-types@>=6.16.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babel-types/-/babel-types-6.16.0.tgz"
+    },
+    "babylon": {
+      "version": "6.11.6",
+      "from": "babylon@>=6.11.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/babylon/-/babylon-6.11.6.tgz"
+    },
+    "balanced-match": {
+      "version": "0.4.2",
+      "from": "balanced-match@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-0.4.2.tgz"
+    },
+    "bcrypt-pbkdf": {
+      "version": "1.0.0",
+      "from": "bcrypt-pbkdf@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.0.tgz"
+    },
+    "bin-version": {
+      "version": "1.0.4",
+      "from": "bin-version@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/bin-version/-/bin-version-1.0.4.tgz"
+    },
+    "bin-version-check": {
+      "version": "2.1.0",
+      "from": "bin-version-check@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/bin-version-check/-/bin-version-check-2.1.0.tgz"
+    },
+    "binary-extensions": {
+      "version": "1.7.0",
+      "from": "binary-extensions@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-1.7.0.tgz"
+    },
+    "bitsyntax": {
+      "version": "0.0.4",
+      "from": "bitsyntax@>=0.0.4 <0.1.0",
+      "resolved": "https://registry.npmjs.org/bitsyntax/-/bitsyntax-0.0.4.tgz"
+    },
+    "bl": {
+      "version": "1.1.2",
+      "from": "bl@>=1.1.2 <1.2.0",
+      "resolved": "https://registry.npmjs.org/bl/-/bl-1.1.2.tgz",
+      "dependencies": {
+        "readable-stream": {
+          "version": "2.0.6",
+          "from": "readable-stream@>=2.0.5 <2.1.0",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz"
+        }
+      }
+    },
+    "boom": {
+      "version": "2.10.1",
+      "from": "boom@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz"
+    },
+    "brace-expansion": {
+      "version": "1.1.6",
+      "from": "brace-expansion@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz"
+    },
+    "braces": {
+      "version": "1.8.5",
+      "from": "braces@>=1.8.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-1.8.5.tgz"
+    },
+    "buffer-more-ints": {
+      "version": "0.0.2",
+      "from": "buffer-more-ints@0.0.2",
+      "resolved": "https://registry.npmjs.org/buffer-more-ints/-/buffer-more-ints-0.0.2.tgz"
+    },
+    "buffer-shims": {
+      "version": "1.0.0",
+      "from": "buffer-shims@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/buffer-shims/-/buffer-shims-1.0.0.tgz"
+    },
+    "builtin-modules": {
+      "version": "1.1.1",
+      "from": "builtin-modules@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz"
+    },
+    "camelcase": {
+      "version": "2.1.1",
+      "from": "camelcase@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-2.1.1.tgz"
+    },
+    "camelcase-keys": {
+      "version": "2.1.0",
+      "from": "camelcase-keys@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/camelcase-keys/-/camelcase-keys-2.1.0.tgz"
+    },
+    "caseless": {
+      "version": "0.11.0",
+      "from": "caseless@>=0.11.0 <0.12.0",
+      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.11.0.tgz"
+    },
+    "chalk": {
+      "version": "1.1.1",
+      "from": "chalk@1.1.1",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.1.tgz"
+    },
+    "chokidar": {
+      "version": "1.6.0",
+      "from": "chokidar@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-1.6.0.tgz"
+    },
+    "combined-stream": {
+      "version": "1.0.5",
+      "from": "combined-stream@>=1.0.5 <1.1.0",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.5.tgz"
+    },
+    "commander": {
+      "version": "2.9.0",
+      "from": "commander@>=2.8.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.9.0.tgz"
+    },
+    "component-emitter": {
+      "version": "1.2.1",
+      "from": "component-emitter@>=1.2.0 <1.3.0",
+      "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.2.1.tgz"
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "from": "concat-map@0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz"
+    },
+    "convert-source-map": {
+      "version": "1.3.0",
+      "from": "convert-source-map@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.3.0.tgz"
+    },
+    "cookiejar": {
+      "version": "2.0.6",
+      "from": "cookiejar@2.0.6",
+      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.0.6.tgz"
+    },
+    "core-js": {
+      "version": "2.4.1",
+      "from": "core-js@>=2.4.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.4.1.tgz"
+    },
+    "core-util-is": {
+      "version": "1.0.2",
+      "from": "core-util-is@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"
+    },
+    "cryptiles": {
+      "version": "2.0.5",
+      "from": "cryptiles@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz"
+    },
+    "currently-unhandled": {
+      "version": "0.4.1",
+      "from": "currently-unhandled@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/currently-unhandled/-/currently-unhandled-0.4.1.tgz"
+    },
+    "dashdash": {
+      "version": "1.14.0",
+      "from": "dashdash@>=1.12.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.0.tgz",
+      "dependencies": {
+        "assert-plus": {
+          "version": "1.0.0",
+          "from": "assert-plus@>=1.0.0 <2.0.0",
+          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"
+        }
+      }
+    },
+    "debug": {
+      "version": "2.2.0",
+      "from": "debug@>=2.1.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz"
+    },
+    "decamelize": {
+      "version": "1.2.0",
+      "from": "decamelize@>=1.1.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz"
+    },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "from": "delayed-stream@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"
+    },
+    "detect-indent": {
+      "version": "3.0.1",
+      "from": "detect-indent@>=3.0.1 <4.0.0",
+      "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-3.0.1.tgz"
+    },
+    "ecc-jsbn": {
+      "version": "0.1.1",
+      "from": "ecc-jsbn@>=0.1.1 <0.2.0",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz"
+    },
+    "error-ex": {
+      "version": "1.3.0",
+      "from": "error-ex@>=1.2.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.0.tgz"
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "from": "escape-string-regexp@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz"
+    },
+    "esprima": {
+      "version": "2.7.3",
+      "from": "esprima@>=2.6.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-2.7.3.tgz"
+    },
+    "esutils": {
+      "version": "2.0.2",
+      "from": "esutils@>=2.0.2 <3.0.0",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz"
+    },
+    "eventsource": {
+      "version": "0.1.6",
+      "from": "eventsource@>=0.1.6 <0.2.0",
+      "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-0.1.6.tgz"
+    },
+    "expand-brackets": {
+      "version": "0.1.5",
+      "from": "expand-brackets@>=0.1.4 <0.2.0",
+      "resolved": "https://registry.npmjs.org/expand-brackets/-/expand-brackets-0.1.5.tgz"
+    },
+    "expand-range": {
+      "version": "1.8.2",
+      "from": "expand-range@>=1.8.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/expand-range/-/expand-range-1.8.2.tgz"
+    },
+    "extend": {
+      "version": "3.0.0",
+      "from": "extend@>=3.0.0 <3.1.0",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.0.tgz"
+    },
+    "extglob": {
+      "version": "0.3.2",
+      "from": "extglob@>=0.3.1 <0.4.0",
+      "resolved": "https://registry.npmjs.org/extglob/-/extglob-0.3.2.tgz"
+    },
+    "extsprintf": {
+      "version": "1.0.2",
+      "from": "extsprintf@1.0.2",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.0.2.tgz"
+    },
+    "faye-websocket": {
+      "version": "0.11.0",
+      "from": "faye-websocket@>=0.11.0 <0.12.0",
+      "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.0.tgz"
+    },
+    "filename-regex": {
+      "version": "2.0.0",
+      "from": "filename-regex@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/filename-regex/-/filename-regex-2.0.0.tgz"
+    },
+    "fill-range": {
+      "version": "2.2.3",
+      "from": "fill-range@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-2.2.3.tgz"
+    },
+    "find-up": {
+      "version": "1.1.2",
+      "from": "find-up@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz",
+      "dependencies": {
+        "path-exists": {
+          "version": "2.1.0",
+          "from": "path-exists@>=2.0.0 <3.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz"
+        }
+      }
+    },
+    "find-versions": {
+      "version": "1.2.1",
+      "from": "find-versions@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/find-versions/-/find-versions-1.2.1.tgz"
+    },
+    "flatmap": {
+      "version": "0.0.3",
+      "from": "flatmap@0.0.3",
+      "resolved": "https://registry.npmjs.org/flatmap/-/flatmap-0.0.3.tgz"
+    },
+    "for-in": {
+      "version": "0.1.6",
+      "from": "for-in@>=0.1.5 <0.2.0",
+      "resolved": "https://registry.npmjs.org/for-in/-/for-in-0.1.6.tgz"
+    },
+    "for-own": {
+      "version": "0.1.4",
+      "from": "for-own@>=0.1.3 <0.2.0",
+      "resolved": "https://registry.npmjs.org/for-own/-/for-own-0.1.4.tgz"
+    },
+    "forever-agent": {
+      "version": "0.6.1",
+      "from": "forever-agent@>=0.6.1 <0.7.0",
+      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"
+    },
+    "form-data": {
+      "version": "2.0.0",
+      "from": "form-data@>=2.0.0 <2.1.0",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.0.0.tgz"
+    },
+    "formidable": {
+      "version": "1.0.17",
+      "from": "formidable@>=1.0.14 <1.1.0",
+      "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.0.17.tgz"
+    },
+    "fs-readdir-recursive": {
+      "version": "0.1.2",
+      "from": "fs-readdir-recursive@>=0.1.0 <0.2.0",
+      "resolved": "https://registry.npmjs.org/fs-readdir-recursive/-/fs-readdir-recursive-0.1.2.tgz"
+    },
+    "fs-walk": {
+      "version": "0.0.1",
+      "from": "fs-walk@0.0.1",
+      "resolved": "https://registry.npmjs.org/fs-walk/-/fs-walk-0.0.1.tgz"
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "from": "fs.realpath@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"
+    },
+    "generate-function": {
+      "version": "2.0.0",
+      "from": "generate-function@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/generate-function/-/generate-function-2.0.0.tgz"
+    },
+    "generate-object-property": {
+      "version": "1.2.0",
+      "from": "generate-object-property@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/generate-object-property/-/generate-object-property-1.2.0.tgz"
+    },
+    "get-stdin": {
+      "version": "4.0.1",
+      "from": "get-stdin@>=4.0.1 <5.0.0",
+      "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz"
+    },
+    "getpass": {
+      "version": "0.1.6",
+      "from": "getpass@>=0.1.1 <0.2.0",
+      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.6.tgz",
+      "dependencies": {
+        "assert-plus": {
+          "version": "1.0.0",
+          "from": "assert-plus@>=1.0.0 <2.0.0",
+          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"
+        }
+      }
+    },
+    "glob": {
+      "version": "5.0.15",
+      "from": "glob@>=5.0.5 <6.0.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz"
+    },
+    "glob-base": {
+      "version": "0.3.0",
+      "from": "glob-base@>=0.3.0 <0.4.0",
+      "resolved": "https://registry.npmjs.org/glob-base/-/glob-base-0.3.0.tgz"
+    },
+    "glob-parent": {
+      "version": "2.0.0",
+      "from": "glob-parent@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-2.0.0.tgz"
+    },
+    "globals": {
+      "version": "8.18.0",
+      "from": "globals@>=8.3.0 <9.0.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-8.18.0.tgz"
+    },
+    "graceful-fs": {
+      "version": "4.1.9",
+      "from": "graceful-fs@>=4.1.2 <5.0.0",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.9.tgz"
+    },
+    "graceful-readlink": {
+      "version": "1.0.1",
+      "from": "graceful-readlink@>=1.0.0",
+      "resolved": "https://registry.npmjs.org/graceful-readlink/-/graceful-readlink-1.0.1.tgz"
+    },
+    "har-validator": {
+      "version": "2.0.6",
+      "from": "har-validator@>=2.0.6 <2.1.0",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-2.0.6.tgz"
+    },
+    "has-ansi": {
+      "version": "2.0.0",
+      "from": "has-ansi@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz"
+    },
+    "hawk": {
+      "version": "3.1.3",
+      "from": "hawk@>=3.1.3 <3.2.0",
+      "resolved": "https://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz"
+    },
+    "hoek": {
+      "version": "2.16.3",
+      "from": "hoek@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz"
+    },
+    "home-or-tmp": {
+      "version": "1.0.0",
+      "from": "home-or-tmp@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/home-or-tmp/-/home-or-tmp-1.0.0.tgz"
+    },
+    "hosted-git-info": {
+      "version": "2.1.5",
+      "from": "hosted-git-info@>=2.1.4 <3.0.0",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.1.5.tgz"
+    },
+    "http-signature": {
+      "version": "1.1.1",
+      "from": "http-signature@>=1.1.0 <1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.1.1.tgz"
+    },
+    "indent-string": {
+      "version": "2.1.0",
+      "from": "indent-string@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-2.1.0.tgz",
+      "dependencies": {
+        "repeating": {
+          "version": "2.0.1",
+          "from": "repeating@>=2.0.0 <3.0.0",
+          "resolved": "https://registry.npmjs.org/repeating/-/repeating-2.0.1.tgz"
+        }
+      }
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "from": "inflight@>=1.0.4 <2.0.0",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz"
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "from": "inherits@>=2.0.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz"
+    },
+    "intersect": {
+      "version": "1.0.1",
+      "from": "intersect@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/intersect/-/intersect-1.0.1.tgz"
+    },
+    "invariant": {
+      "version": "2.2.1",
+      "from": "invariant@>=2.2.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.1.tgz"
+    },
+    "is-arrayish": {
+      "version": "0.2.1",
+      "from": "is-arrayish@>=0.2.1 <0.3.0",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz"
+    },
+    "is-binary-path": {
+      "version": "1.0.1",
+      "from": "is-binary-path@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-1.0.1.tgz"
+    },
+    "is-buffer": {
+      "version": "1.1.4",
+      "from": "is-buffer@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.4.tgz"
+    },
+    "is-builtin-module": {
+      "version": "1.0.0",
+      "from": "is-builtin-module@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz"
+    },
+    "is-dotfile": {
+      "version": "1.0.2",
+      "from": "is-dotfile@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-dotfile/-/is-dotfile-1.0.2.tgz"
+    },
+    "is-equal-shallow": {
+      "version": "0.1.3",
+      "from": "is-equal-shallow@>=0.1.3 <0.2.0",
+      "resolved": "https://registry.npmjs.org/is-equal-shallow/-/is-equal-shallow-0.1.3.tgz"
+    },
+    "is-extendable": {
+      "version": "0.1.1",
+      "from": "is-extendable@>=0.1.1 <0.2.0",
+      "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz"
+    },
+    "is-extglob": {
+      "version": "1.0.0",
+      "from": "is-extglob@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-1.0.0.tgz"
+    },
+    "is-finite": {
+      "version": "1.0.2",
+      "from": "is-finite@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-finite/-/is-finite-1.0.2.tgz"
+    },
+    "is-glob": {
+      "version": "2.0.1",
+      "from": "is-glob@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-2.0.1.tgz"
+    },
+    "is-my-json-valid": {
+      "version": "2.15.0",
+      "from": "is-my-json-valid@>=2.12.4 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-my-json-valid/-/is-my-json-valid-2.15.0.tgz"
+    },
+    "is-number": {
+      "version": "2.1.0",
+      "from": "is-number@>=2.1.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-2.1.0.tgz"
+    },
+    "is-posix-bracket": {
+      "version": "0.1.1",
+      "from": "is-posix-bracket@>=0.1.0 <0.2.0",
+      "resolved": "https://registry.npmjs.org/is-posix-bracket/-/is-posix-bracket-0.1.1.tgz"
+    },
+    "is-primitive": {
+      "version": "2.0.0",
+      "from": "is-primitive@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/is-primitive/-/is-primitive-2.0.0.tgz"
+    },
+    "is-property": {
+      "version": "1.0.2",
+      "from": "is-property@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/is-property/-/is-property-1.0.2.tgz"
+    },
+    "is-typedarray": {
+      "version": "1.0.0",
+      "from": "is-typedarray@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz"
+    },
+    "is-utf8": {
+      "version": "0.2.1",
+      "from": "is-utf8@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz"
+    },
+    "isarray": {
+      "version": "1.0.0",
+      "from": "isarray@1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz"
+    },
+    "isobject": {
+      "version": "2.1.0",
+      "from": "isobject@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/isobject/-/isobject-2.1.0.tgz"
+    },
+    "isstream": {
+      "version": "0.1.2",
+      "from": "isstream@>=0.1.2 <0.2.0",
+      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"
+    },
+    "jodid25519": {
+      "version": "1.0.2",
+      "from": "jodid25519@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/jodid25519/-/jodid25519-1.0.2.tgz"
+    },
+    "js-tokens": {
+      "version": "2.0.0",
+      "from": "js-tokens@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-2.0.0.tgz"
+    },
+    "js-yaml": {
+      "version": "3.6.1",
+      "from": "js-yaml@>=3.6.1 <4.0.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.6.1.tgz"
+    },
+    "jsbn": {
+      "version": "0.1.0",
+      "from": "jsbn@>=0.1.0 <0.2.0",
+      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.0.tgz"
+    },
+    "jsesc": {
+      "version": "1.3.0",
+      "from": "jsesc@>=1.3.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-1.3.0.tgz"
+    },
+    "json-schema": {
+      "version": "0.2.3",
+      "from": "json-schema@0.2.3",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"
+    },
+    "json-stringify-safe": {
+      "version": "5.0.1",
+      "from": "json-stringify-safe@>=5.0.1 <5.1.0",
+      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"
+    },
+    "json3": {
+      "version": "3.3.2",
+      "from": "json3@>=3.3.2 <4.0.0",
+      "resolved": "https://registry.npmjs.org/json3/-/json3-3.3.2.tgz"
+    },
+    "json5": {
+      "version": "0.4.0",
+      "from": "json5@>=0.4.0 <0.5.0",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-0.4.0.tgz"
+    },
+    "jsonpointer": {
+      "version": "4.0.0",
+      "from": "jsonpointer@>=4.0.0 <5.0.0",
+      "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-4.0.0.tgz"
+    },
+    "jsprim": {
+      "version": "1.3.1",
+      "from": "jsprim@>=1.2.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.3.1.tgz"
+    },
+    "kind-of": {
+      "version": "3.0.4",
+      "from": "kind-of@>=3.0.2 <4.0.0",
+      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.0.4.tgz"
+    },
+    "load-json-file": {
+      "version": "1.1.0",
+      "from": "load-json-file@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz"
+    },
+    "lodash": {
+      "version": "4.16.4",
+      "from": "lodash@>=4.2.0 <5.0.0",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.16.4.tgz"
+    },
+    "log-symbols": {
+      "version": "1.0.2",
+      "from": "log-symbols@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-1.0.2.tgz"
+    },
+    "loose-envify": {
+      "version": "1.2.0",
+      "from": "loose-envify@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.2.0.tgz",
+      "dependencies": {
+        "js-tokens": {
+          "version": "1.0.3",
+          "from": "js-tokens@>=1.0.1 <2.0.0",
+          "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-1.0.3.tgz"
+        }
+      }
+    },
+    "loud-rejection": {
+      "version": "1.6.0",
+      "from": "loud-rejection@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/loud-rejection/-/loud-rejection-1.6.0.tgz"
+    },
+    "map-obj": {
+      "version": "1.0.1",
+      "from": "map-obj@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz"
+    },
+    "meow": {
+      "version": "3.7.0",
+      "from": "meow@>=3.5.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/meow/-/meow-3.7.0.tgz"
+    },
+    "merge": {
+      "version": "1.2.0",
+      "from": "merge@>=1.2.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/merge/-/merge-1.2.0.tgz"
+    },
+    "methods": {
+      "version": "1.1.2",
+      "from": "methods@>=1.1.1 <1.2.0",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz"
+    },
+    "micromatch": {
+      "version": "2.3.11",
+      "from": "micromatch@>=2.1.5 <3.0.0",
+      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-2.3.11.tgz"
+    },
+    "mime": {
+      "version": "1.3.4",
+      "from": "mime@1.3.4",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.3.4.tgz"
+    },
+    "mime-db": {
+      "version": "1.24.0",
+      "from": "mime-db@>=1.24.0 <1.25.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.24.0.tgz"
+    },
+    "mime-types": {
+      "version": "2.1.12",
+      "from": "mime-types@>=2.1.7 <2.2.0",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.12.tgz"
+    },
+    "minimatch": {
+      "version": "3.0.3",
+      "from": "minimatch@>=3.0.2 <4.0.0",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.3.tgz"
+    },
+    "minimist": {
+      "version": "1.2.0",
+      "from": "minimist@>=1.2.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz"
+    },
+    "mkdirp": {
+      "version": "0.5.1",
+      "from": "mkdirp@>=0.5.1 <0.6.0",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
+      "dependencies": {
+        "minimist": {
+          "version": "0.0.8",
+          "from": "minimist@0.0.8",
+          "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz"
+        }
+      }
+    },
+    "ms": {
+      "version": "0.7.1",
+      "from": "ms@0.7.1",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz"
+    },
+    "node-uuid": {
+      "version": "1.4.7",
+      "from": "node-uuid@>=1.4.7 <1.5.0",
+      "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.7.tgz"
+    },
+    "normalize-package-data": {
+      "version": "2.3.5",
+      "from": "normalize-package-data@>=2.3.4 <3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.3.5.tgz"
+    },
+    "normalize-path": {
+      "version": "2.0.1",
+      "from": "normalize-path@>=2.0.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-2.0.1.tgz"
+    },
+    "number-is-nan": {
+      "version": "1.0.1",
+      "from": "number-is-nan@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz"
+    },
+    "oauth-sign": {
+      "version": "0.8.2",
+      "from": "oauth-sign@>=0.8.1 <0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz"
+    },
+    "object-assign": {
+      "version": "4.1.0",
+      "from": "object-assign@>=4.0.1 <5.0.0",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.0.tgz"
+    },
+    "object.omit": {
+      "version": "2.0.0",
+      "from": "object.omit@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/object.omit/-/object.omit-2.0.0.tgz"
+    },
+    "once": {
+      "version": "1.4.0",
+      "from": "once@>=1.3.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz"
+    },
+    "original": {
+      "version": "1.0.0",
+      "from": "original@>=0.0.5",
+      "resolved": "https://registry.npmjs.org/original/-/original-1.0.0.tgz",
+      "dependencies": {
+        "url-parse": {
+          "version": "1.0.5",
+          "from": "url-parse@>=1.0.0 <1.1.0",
+          "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.0.5.tgz"
+        }
+      }
+    },
+    "os-tmpdir": {
+      "version": "1.0.2",
+      "from": "os-tmpdir@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz"
+    },
+    "output-file-sync": {
+      "version": "1.1.2",
+      "from": "output-file-sync@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/output-file-sync/-/output-file-sync-1.1.2.tgz"
+    },
+    "parse-glob": {
+      "version": "3.0.4",
+      "from": "parse-glob@>=3.0.4 <4.0.0",
+      "resolved": "https://registry.npmjs.org/parse-glob/-/parse-glob-3.0.4.tgz"
+    },
+    "parse-json": {
+      "version": "2.2.0",
+      "from": "parse-json@>=2.2.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz"
+    },
+    "path-exists": {
+      "version": "1.0.0",
+      "from": "path-exists@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-1.0.0.tgz"
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "from": "path-is-absolute@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz"
+    },
+    "path-type": {
+      "version": "1.1.0",
+      "from": "path-type@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz"
+    },
+    "pify": {
+      "version": "2.3.0",
+      "from": "pify@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz"
+    },
+    "pinkie": {
+      "version": "2.0.4",
+      "from": "pinkie@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz"
+    },
+    "pinkie-promise": {
+      "version": "2.0.1",
+      "from": "pinkie-promise@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz"
+    },
+    "preserve": {
+      "version": "0.2.0",
+      "from": "preserve@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/preserve/-/preserve-0.2.0.tgz"
+    },
+    "private": {
+      "version": "0.1.6",
+      "from": "private@>=0.1.6 <0.2.0",
+      "resolved": "https://registry.npmjs.org/private/-/private-0.1.6.tgz"
+    },
+    "process-nextick-args": {
+      "version": "1.0.7",
+      "from": "process-nextick-args@>=1.0.6 <1.1.0",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-1.0.7.tgz"
+    },
+    "promise": {
+      "version": "6.1.0",
+      "from": "promise@>=6.1.0 <7.0.0",
+      "resolved": "https://registry.npmjs.org/promise/-/promise-6.1.0.tgz"
+    },
+    "qs": {
+      "version": "6.2.1",
+      "from": "qs@>=6.2.0 <6.3.0",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.2.1.tgz"
+    },
+    "querystringify": {
+      "version": "0.0.4",
+      "from": "querystringify@>=0.0.0 <0.1.0",
+      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-0.0.4.tgz"
+    },
+    "randomatic": {
+      "version": "1.1.5",
+      "from": "randomatic@>=1.1.3 <2.0.0",
+      "resolved": "https://registry.npmjs.org/randomatic/-/randomatic-1.1.5.tgz"
+    },
+    "read-pkg": {
+      "version": "1.1.0",
+      "from": "read-pkg@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz"
+    },
+    "read-pkg-up": {
+      "version": "1.0.1",
+      "from": "read-pkg-up@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz"
+    },
+    "readable-stream": {
+      "version": "2.1.5",
+      "from": "readable-stream@>=2.0.2 <3.0.0",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.1.5.tgz"
+    },
+    "readdirp": {
+      "version": "2.1.0",
+      "from": "readdirp@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-2.1.0.tgz"
+    },
+    "redent": {
+      "version": "1.0.0",
+      "from": "redent@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/redent/-/redent-1.0.0.tgz"
+    },
+    "reduce-component": {
+      "version": "1.0.1",
+      "from": "reduce-component@1.0.1",
+      "resolved": "https://registry.npmjs.org/reduce-component/-/reduce-component-1.0.1.tgz"
+    },
+    "regenerate": {
+      "version": "1.3.1",
+      "from": "regenerate@>=1.2.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.3.1.tgz"
+    },
+    "regenerator-runtime": {
+      "version": "0.9.5",
+      "from": "regenerator-runtime@>=0.9.5 <0.10.0",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.9.5.tgz"
+    },
+    "regex-cache": {
+      "version": "0.4.3",
+      "from": "regex-cache@>=0.4.2 <0.5.0",
+      "resolved": "https://registry.npmjs.org/regex-cache/-/regex-cache-0.4.3.tgz"
+    },
+    "regexpu-core": {
+      "version": "2.0.0",
+      "from": "regexpu-core@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-2.0.0.tgz"
+    },
+    "regjsgen": {
+      "version": "0.2.0",
+      "from": "regjsgen@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/regjsgen/-/regjsgen-0.2.0.tgz"
+    },
+    "regjsparser": {
+      "version": "0.1.5",
+      "from": "regjsparser@>=0.1.4 <0.2.0",
+      "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.1.5.tgz",
+      "dependencies": {
+        "jsesc": {
+          "version": "0.5.0",
+          "from": "jsesc@>=0.5.0 <0.6.0",
+          "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz"
+        }
+      }
+    },
+    "repeat-element": {
+      "version": "1.1.2",
+      "from": "repeat-element@>=1.1.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/repeat-element/-/repeat-element-1.1.2.tgz"
+    },
+    "repeat-string": {
+      "version": "1.5.4",
+      "from": "repeat-string@>=1.5.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.5.4.tgz"
+    },
+    "repeating": {
+      "version": "1.1.3",
+      "from": "repeating@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/repeating/-/repeating-1.1.3.tgz"
+    },
+    "request": {
+      "version": "2.75.0",
+      "from": "request@>=2.65.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.75.0.tgz"
+    },
+    "requires-port": {
+      "version": "1.0.0",
+      "from": "requires-port@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz"
+    },
+    "rimraf": {
+      "version": "2.5.4",
+      "from": "rimraf@>=2.4.3 <3.0.0",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.5.4.tgz",
+      "dependencies": {
+        "glob": {
+          "version": "7.1.1",
+          "from": "glob@>=7.0.5 <8.0.0",
+          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.1.tgz"
+        }
+      }
+    },
+    "semver": {
+      "version": "4.3.6",
+      "from": "semver@>=4.0.3 <5.0.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-4.3.6.tgz"
+    },
+    "semver-regex": {
+      "version": "1.0.0",
+      "from": "semver-regex@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/semver-regex/-/semver-regex-1.0.0.tgz"
+    },
+    "semver-truncate": {
+      "version": "1.1.2",
+      "from": "semver-truncate@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/semver-truncate/-/semver-truncate-1.1.2.tgz",
+      "dependencies": {
+        "semver": {
+          "version": "5.3.0",
+          "from": "semver@>=5.3.0 <6.0.0",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.3.0.tgz"
+        }
+      }
+    },
+    "set-immediate-shim": {
+      "version": "1.0.1",
+      "from": "set-immediate-shim@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz"
+    },
+    "shebang-regex": {
+      "version": "1.0.0",
+      "from": "shebang-regex@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz"
+    },
+    "signal-exit": {
+      "version": "3.0.1",
+      "from": "signal-exit@>=3.0.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.1.tgz"
+    },
+    "slash": {
+      "version": "1.0.0",
+      "from": "slash@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/slash/-/slash-1.0.0.tgz"
+    },
+    "slugid": {
+      "version": "1.1.0",
+      "from": "slugid@>=1.1.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/slugid/-/slugid-1.1.0.tgz"
+    },
+    "sntp": {
+      "version": "1.0.9",
+      "from": "sntp@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz"
+    },
+    "sockjs-client": {
+      "version": "1.1.1",
+      "from": "sockjs-client@>=1.0.3 <2.0.0",
+      "resolved": "https://registry.npmjs.org/sockjs-client/-/sockjs-client-1.1.1.tgz"
+    },
+    "source-map": {
+      "version": "0.5.6",
+      "from": "source-map@>=0.5.0 <0.6.0",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.6.tgz"
+    },
+    "source-map-support": {
+      "version": "0.4.3",
+      "from": "source-map-support@>=0.4.2 <0.5.0",
+      "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.4.3.tgz"
+    },
+    "spdx-correct": {
+      "version": "1.0.2",
+      "from": "spdx-correct@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-1.0.2.tgz"
+    },
+    "spdx-expression-parse": {
+      "version": "1.0.4",
+      "from": "spdx-expression-parse@>=1.0.0 <1.1.0",
+      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-1.0.4.tgz"
+    },
+    "spdx-license-ids": {
+      "version": "1.2.2",
+      "from": "spdx-license-ids@>=1.0.2 <2.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-1.2.2.tgz"
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "from": "sprintf-js@>=1.0.2 <1.1.0",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz"
+    },
+    "sshpk": {
+      "version": "1.10.1",
+      "from": "sshpk@>=1.7.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.10.1.tgz",
+      "dependencies": {
+        "assert-plus": {
+          "version": "1.0.0",
+          "from": "assert-plus@>=1.0.0 <2.0.0",
+          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"
+        }
+      }
+    },
+    "string_decoder": {
+      "version": "0.10.31",
+      "from": "string_decoder@>=0.10.0 <0.11.0",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz"
+    },
+    "stringstream": {
+      "version": "0.0.5",
+      "from": "stringstream@>=0.0.4 <0.1.0",
+      "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz"
+    },
+    "strip-ansi": {
+      "version": "3.0.1",
+      "from": "strip-ansi@>=3.0.0 <4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz"
+    },
+    "strip-bom": {
+      "version": "2.0.0",
+      "from": "strip-bom@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz"
+    },
+    "strip-indent": {
+      "version": "1.0.1",
+      "from": "strip-indent@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-1.0.1.tgz"
+    },
+    "superagent": {
+      "version": "1.7.2",
+      "from": "superagent@>=1.7.0 <1.8.0",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-1.7.2.tgz",
+      "dependencies": {
+        "async": {
+          "version": "0.9.2",
+          "from": "async@>=0.9.0 <0.10.0",
+          "resolved": "https://registry.npmjs.org/async/-/async-0.9.2.tgz"
+        },
+        "combined-stream": {
+          "version": "0.0.7",
+          "from": "combined-stream@>=0.0.4 <0.1.0",
+          "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-0.0.7.tgz"
+        },
+        "delayed-stream": {
+          "version": "0.0.5",
+          "from": "delayed-stream@0.0.5",
+          "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-0.0.5.tgz"
+        },
+        "form-data": {
+          "version": "0.2.0",
+          "from": "form-data@0.2.0",
+          "resolved": "https://registry.npmjs.org/form-data/-/form-data-0.2.0.tgz"
+        },
+        "isarray": {
+          "version": "0.0.1",
+          "from": "isarray@0.0.1",
+          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz"
+        },
+        "mime-db": {
+          "version": "1.12.0",
+          "from": "mime-db@>=1.12.0 <1.13.0",
+          "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.12.0.tgz"
+        },
+        "mime-types": {
+          "version": "2.0.14",
+          "from": "mime-types@>=2.0.3 <2.1.0",
+          "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.0.14.tgz"
+        },
+        "qs": {
+          "version": "2.3.3",
+          "from": "qs@2.3.3",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-2.3.3.tgz"
+        },
+        "readable-stream": {
+          "version": "1.0.27-1",
+          "from": "readable-stream@1.0.27-1",
+          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.27-1.tgz"
+        }
+      }
+    },
+    "superagent-hawk": {
+      "version": "0.0.6",
+      "from": "superagent-hawk@>=0.0.6 <0.0.7",
+      "resolved": "https://registry.npmjs.org/superagent-hawk/-/superagent-hawk-0.0.6.tgz",
+      "dependencies": {
+        "boom": {
+          "version": "0.4.2",
+          "from": "boom@>=0.4.0 <0.5.0",
+          "resolved": "https://registry.npmjs.org/boom/-/boom-0.4.2.tgz"
+        },
+        "cryptiles": {
+          "version": "0.2.2",
+          "from": "cryptiles@>=0.2.0 <0.3.0",
+          "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-0.2.2.tgz"
+        },
+        "hawk": {
+          "version": "1.0.0",
+          "from": "hawk@>=1.0.0 <1.1.0",
+          "resolved": "https://registry.npmjs.org/hawk/-/hawk-1.0.0.tgz"
+        },
+        "hoek": {
+          "version": "0.9.1",
+          "from": "hoek@>=0.9.0 <0.10.0",
+          "resolved": "https://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz"
+        },
+        "qs": {
+          "version": "0.6.6",
+          "from": "qs@>=0.6.6 <0.7.0",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-0.6.6.tgz"
+        },
+        "sntp": {
+          "version": "0.2.4",
+          "from": "sntp@>=0.2.0 <0.3.0",
+          "resolved": "https://registry.npmjs.org/sntp/-/sntp-0.2.4.tgz"
+        }
+      }
+    },
+    "superagent-promise": {
+      "version": "0.2.0",
+      "from": "superagent-promise@>=0.2.0 <0.3.0",
+      "resolved": "https://registry.npmjs.org/superagent-promise/-/superagent-promise-0.2.0.tgz"
+    },
+    "supports-color": {
+      "version": "2.0.0",
+      "from": "supports-color@>=2.0.0 <3.0.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz"
+    },
+    "taskcluster-client": {
+      "version": "1.4.0",
+      "from": "taskcluster-client@>=1.2.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/taskcluster-client/-/taskcluster-client-1.4.0.tgz",
+      "dependencies": {
+        "hawk": {
+          "version": "2.3.1",
+          "from": "hawk@>=2.3.1 <3.0.0",
+          "resolved": "https://registry.npmjs.org/hawk/-/hawk-2.3.1.tgz"
+        },
+        "lodash": {
+          "version": "3.10.1",
+          "from": "lodash@>=3.6.0 <4.0.0",
+          "resolved": "https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz"
+        }
+      }
+    },
+    "to-fast-properties": {
+      "version": "1.0.2",
+      "from": "to-fast-properties@>=1.0.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-1.0.2.tgz"
+    },
+    "tough-cookie": {
+      "version": "2.3.1",
+      "from": "tough-cookie@>=2.3.0 <2.4.0",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.1.tgz"
+    },
+    "trim-newlines": {
+      "version": "1.0.0",
+      "from": "trim-newlines@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/trim-newlines/-/trim-newlines-1.0.0.tgz"
+    },
+    "tunnel-agent": {
+      "version": "0.4.3",
+      "from": "tunnel-agent@>=0.4.1 <0.5.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.4.3.tgz"
+    },
+    "tweetnacl": {
+      "version": "0.14.3",
+      "from": "tweetnacl@>=0.14.0 <0.15.0",
+      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.3.tgz"
+    },
+    "url-join": {
+      "version": "0.0.1",
+      "from": "url-join@>=0.0.1 <0.0.2",
+      "resolved": "https://registry.npmjs.org/url-join/-/url-join-0.0.1.tgz"
+    },
+    "url-parse": {
+      "version": "1.1.6",
+      "from": "url-parse@>=1.1.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.1.6.tgz"
+    },
+    "user-home": {
+      "version": "1.1.1",
+      "from": "user-home@>=1.1.1 <2.0.0",
+      "resolved": "https://registry.npmjs.org/user-home/-/user-home-1.1.1.tgz"
+    },
+    "util-deprecate": {
+      "version": "1.0.2",
+      "from": "util-deprecate@>=1.0.1 <1.1.0",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz"
+    },
+    "uuid": {
+      "version": "2.0.3",
+      "from": "uuid@>=2.0.1 <3.0.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-2.0.3.tgz"
+    },
+    "v8flags": {
+      "version": "2.0.11",
+      "from": "v8flags@>=2.0.10 <3.0.0",
+      "resolved": "https://registry.npmjs.org/v8flags/-/v8flags-2.0.11.tgz"
+    },
+    "validate-npm-package-license": {
+      "version": "3.0.1",
+      "from": "validate-npm-package-license@>=3.0.1 <4.0.0",
+      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.1.tgz"
+    },
+    "verror": {
+      "version": "1.3.6",
+      "from": "verror@1.3.6",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.3.6.tgz"
+    },
+    "websocket-driver": {
+      "version": "0.6.5",
+      "from": "websocket-driver@>=0.5.1",
+      "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.6.5.tgz"
+    },
+    "websocket-extensions": {
+      "version": "0.1.1",
+      "from": "websocket-extensions@>=0.1.1",
+      "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.1.tgz"
+    },
+    "when": {
+      "version": "3.6.4",
+      "from": "when@>=3.6.2 <3.7.0",
+      "resolved": "https://registry.npmjs.org/when/-/when-3.6.4.tgz"
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "from": "wrappy@>=1.0.0 <2.0.0",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz"
+    },
+    "xtend": {
+      "version": "4.0.1",
+      "from": "xtend@>=4.0.0 <5.0.0",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz"
+    }
+  }
+}
diff --git a/nss/automation/taskcluster/graph/package.json b/nss/automation/taskcluster/graph/package.json
new file mode 100644
index 0000000..d866ade
--- /dev/null
+++ b/nss/automation/taskcluster/graph/package.json
@@ -0,0 +1,24 @@
+{
+  "name": "decision-task",
+  "version": "0.0.1",
+  "private": true,
+  "author": "Tim Taubert <ttaubert@mozilla.com>",
+  "description": "Decision Task for NSS",
+  "scripts": {
+    "compile": "babel-compile -p taskcluster src:lib",
+    "install": "npm run compile"
+  },
+  "dependencies": {
+    "babel-cli": "^6.14.0",
+    "babel-compile": "^2.0.0",
+    "babel-preset-taskcluster": "^3.0.0",
+    "babel-runtime": "^6.11.6",
+    "flatmap": "0.0.3",
+    "intersect": "^1.0.1",
+    "js-yaml": "^3.6.1",
+    "merge": "^1.2.0",
+    "minimist": "^1.2.0",
+    "slugid": "^1.1.0",
+    "taskcluster-client": "^1.2.1"
+  }
+}
diff --git a/nss/automation/taskcluster/graph/src/context_hash.js b/nss/automation/taskcluster/graph/src/context_hash.js
new file mode 100644
index 0000000..f0a2e9a
--- /dev/null
+++ b/nss/automation/taskcluster/graph/src/context_hash.js
@@ -0,0 +1,43 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import fs from "fs";
+import path from "path";
+import crypto from "crypto";
+import flatmap from "flatmap";
+
+// Compute the SHA-256 digest.
+function sha256(data) {
+  let hash = crypto.createHash("sha256");
+  hash.update(data);
+  return hash.digest("hex");
+}
+
+// Recursively collect a list of all files of a given directory.
+function collectFilesInDirectory(dir) {
+  return flatmap(fs.readdirSync(dir), entry => {
+    let entry_path = path.join(dir, entry);
+
+    if (fs.lstatSync(entry_path).isDirectory()) {
+      return collectFilesInDirectory(entry_path);
+    }
+
+    return [entry_path];
+  });
+}
+
+// Compute a context hash for the given context path.
+export default function (context_path) {
+  let root = path.join(__dirname, "../../../..");
+  let dir = path.join(root, context_path);
+  let files = collectFilesInDirectory(dir).sort();
+  let hashes = files.map(file => {
+    return sha256(file + "|" + fs.readFileSync(file, "utf-8"));
+  });
+
+  // Generate a new prefix every month to ensure the image stays buildable.
+  let now = new Date();
+  let prefix = `${now.getUTCFullYear()}-${now.getUTCMonth() + 1}:`;
+  return sha256(prefix + hashes.join(","));
+}
diff --git a/nss/automation/taskcluster/graph/src/extend.js b/nss/automation/taskcluster/graph/src/extend.js
new file mode 100644
index 0000000..e0db085
--- /dev/null
+++ b/nss/automation/taskcluster/graph/src/extend.js
@@ -0,0 +1,601 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import merge from "./merge";
+import * as queue from "./queue";
+
+const LINUX_IMAGE = {name: "linux", path: "automation/taskcluster/docker"};
+const FUZZ_IMAGE = {name: "fuzz", path: "automation/taskcluster/docker-fuzz"};
+
+const WINDOWS_CHECKOUT_CMD =
+  "bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " +
+    "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " +
+    "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\"";
+
+/*****************************************************************************/
+
+queue.filter(task => {
+  if (task.group == "Builds") {
+    // Remove extra builds on {A,UB}San and ARM.
+    if (task.collection == "asan" || task.platform == "aarch64") {
+      return false;
+    }
+
+    // Remove extra builds w/o libpkix for non-linux64-debug.
+    if (task.symbol == "noLibpkix" &&
+        (task.platform != "linux64" || task.collection != "debug")) {
+      return false;
+    }
+
+    // Make modular builds only on Linux x64.
+    if (task.symbol == "modular" && task.platform != "linux64") {
+      return false;
+    }
+  }
+
+  if (task.tests == "bogo" || task.tests == "interop") {
+    // No windows
+    if (task.platform == "windows2012-64") {
+      return false;
+    }
+
+    // No ARM; TODO: enable
+    if (task.platform == "aarch64") {
+      return false;
+    }
+  }
+
+  // GYP builds with -Ddisable_libpkix=1 by default.
+  if ((task.collection == "gyp" || task.collection == "asan"
+       || task.platform == "aarch64") && task.tests == "chains") {
+    return false;
+  }
+
+  return true;
+});
+
+queue.map(task => {
+  if (task.collection == "asan") {
+    // CRMF and FIPS tests still leak, unfortunately.
+    if (task.tests == "crmf" || task.tests == "fips") {
+      task.env.ASAN_OPTIONS = "detect_leaks=0";
+    }
+  }
+
+  // Windows is slow.
+  if (task.platform == "windows2012-64" && task.tests == "chains") {
+    task.maxRunTime = 7200;
+  }
+
+  return task;
+});
+
+/*****************************************************************************/
+
+export default async function main() {
+  await scheduleLinux("Linux 32 (opt)", {
+    env: {BUILD_OPT: "1"},
+    platform: "linux32",
+    image: LINUX_IMAGE
+  });
+
+  await scheduleLinux("Linux 32 (debug)", {
+    platform: "linux32",
+    collection: "debug",
+    image: LINUX_IMAGE
+  });
+
+  await scheduleLinux("Linux 64 (opt)", {
+    env: {USE_64: "1", BUILD_OPT: "1"},
+    platform: "linux64",
+    image: LINUX_IMAGE
+  });
+
+  await scheduleLinux("Linux 64 (debug)", {
+    env: {USE_64: "1"},
+    platform: "linux64",
+    collection: "debug",
+    image: LINUX_IMAGE
+  });
+
+  await scheduleLinux("Linux 64 (debug, gyp)", {
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
+    ],
+    platform: "linux64",
+    collection: "gyp",
+    image: LINUX_IMAGE
+  });
+
+  await scheduleLinux("Linux 64 (GYP, ASan, debug)", {
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh -g -v --ubsan --asan"
+    ],
+    env: {
+      UBSAN_OPTIONS: "print_stacktrace=1",
+      NSS_DISABLE_ARENA_FREE_LIST: "1",
+      NSS_DISABLE_UNLOAD: "1",
+      CC: "clang",
+      CCC: "clang++",
+    },
+    platform: "linux64",
+    collection: "asan",
+    image: LINUX_IMAGE
+  });
+
+  await scheduleWindows("Windows 2012 64 (opt)", {
+    env: {BUILD_OPT: "1"}
+  });
+
+  await scheduleWindows("Windows 2012 64 (debug)", {
+    collection: "debug"
+  });
+
+  await scheduleFuzzing();
+
+  await scheduleTestBuilds();
+
+  await scheduleTools();
+
+  let aarch64_base = {
+    image: "franziskus/nss-aarch64-ci",
+    provisioner: "localprovisioner",
+    workerType: "nss-aarch64",
+    platform: "aarch64",
+    maxRunTime: 7200
+  };
+
+  await scheduleLinux("Linux AArch64 (debug)",
+    merge({
+      command: [
+        "/bin/bash",
+        "-c",
+        "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
+      ],
+      collection: "debug",
+    }, aarch64_base)
+  );
+
+  await scheduleLinux("Linux AArch64 (opt)",
+    merge({
+      command: [
+        "/bin/bash",
+        "-c",
+        "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh --opt"
+      ],
+      collection: "opt",
+    }, aarch64_base)
+  );
+}
+
+/*****************************************************************************/
+
+async function scheduleLinux(name, base) {
+  // Build base definition.
+  let build_base = merge({
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
+    ],
+    artifacts: {
+      public: {
+        expires: 24 * 7,
+        type: "directory",
+        path: "/home/worker/artifacts"
+      }
+    },
+    kind: "build",
+    symbol: "B"
+  }, base);
+
+  // The task that builds NSPR+NSS.
+  let task_build = queue.scheduleTask(merge(build_base, {name}));
+
+  // The task that generates certificates.
+  let task_cert = queue.scheduleTask(merge(build_base, {
+    name: "Certificates",
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/gen_certs.sh"
+    ],
+    parent: task_build,
+    symbol: "Certs"
+  }));
+
+  // Schedule tests.
+  scheduleTests(task_build, task_cert, merge(base, {
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+    ]
+  }));
+
+  // Extra builds.
+  let extra_base = merge({group: "Builds"}, build_base);
+  queue.scheduleTask(merge(extra_base, {
+    name: `${name} w/ clang-3.9`,
+    env: {
+      CC: "clang",
+      CCC: "clang++",
+    },
+    symbol: "clang-3.9"
+  }));
+
+  queue.scheduleTask(merge(extra_base, {
+    name: `${name} w/ gcc-4.8`,
+    env: {
+      CC: "gcc-4.8",
+      CCC: "g++-4.8"
+    },
+    symbol: "gcc-4.8"
+  }));
+
+  queue.scheduleTask(merge(extra_base, {
+    name: `${name} w/ gcc-6.1`,
+    env: {
+      CC: "gcc-6",
+      CCC: "g++-6"
+    },
+    symbol: "gcc-6.1"
+  }));
+
+  queue.scheduleTask(merge(extra_base, {
+    name: `${name} w/ NSS_DISABLE_LIBPKIX=1`,
+    env: {NSS_DISABLE_LIBPKIX: "1"},
+    symbol: "noLibpkix"
+  }));
+
+  queue.scheduleTask(merge(extra_base, {
+    name: `${name} w/ modular builds`,
+    env: {NSS_BUILD_MODULAR: "1"},
+    symbol: "modular"
+  }));
+
+  return queue.submit();
+}
+
+/*****************************************************************************/
+
+function scheduleFuzzingRun(base, name, target, max_len, symbol = null, corpus = null) {
+  const MAX_FUZZ_TIME = 300;
+
+  queue.scheduleTask(merge(base, {
+    name,
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
+        `${target} nss/fuzz/corpus/${corpus || target} ` +
+        `-max_total_time=${MAX_FUZZ_TIME} ` +
+        `-max_len=${max_len}`
+    ],
+    symbol: symbol || name
+  }));
+}
+
+async function scheduleFuzzing() {
+  let base = {
+    env: {
+      ASAN_OPTIONS: "allocator_may_return_null=1",
+      UBSAN_OPTIONS: "print_stacktrace=1",
+      NSS_DISABLE_ARENA_FREE_LIST: "1",
+      NSS_DISABLE_UNLOAD: "1",
+      CC: "clang",
+      CCC: "clang++"
+    },
+    features: ["allowPtrace"],
+    platform: "linux64",
+    collection: "fuzz",
+    image: FUZZ_IMAGE
+  };
+
+  // Build base definition.
+  let build_base = merge({
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && " +
+      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz"
+    ],
+    artifacts: {
+      public: {
+        expires: 24 * 7,
+        type: "directory",
+        path: "/home/worker/artifacts"
+      }
+    },
+    kind: "build",
+    symbol: "B"
+  }, base);
+
+  // The task that builds NSPR+NSS.
+  let task_build = queue.scheduleTask(merge(build_base, {
+    name: "Linux x64 (debug, fuzz)"
+  }));
+
+  // The task that builds NSPR+NSS (TLS fuzzing mode).
+  let task_build_tls = queue.scheduleTask(merge(build_base, {
+    name: "Linux x64 (debug, TLS fuzz)",
+    symbol: "B",
+    group: "TLS",
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && " +
+      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls"
+    ],
+  }));
+
+  // Schedule tests.
+  queue.scheduleTask(merge(base, {
+    parent: task_build_tls,
+    name: "Gtests",
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+    ],
+    env: {GTESTFILTER: "*Fuzz*"},
+    tests: "ssl_gtests gtests",
+    cycle: "standard",
+    symbol: "Gtest",
+    kind: "test"
+  }));
+
+  // Schedule fuzzing runs.
+  let run_base = merge(base, {parent: task_build, kind: "test"});
+  scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096);
+  scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000);
+
+  // Schedule MPI fuzzing runs.
+  let mpi_base = merge(run_base, {group: "MPI"});
+  let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr",
+                   "sqrmod", "sub", "submod"];
+  for (let name of mpi_names) {
+    scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name);
+  }
+  scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod");
+
+  // Schedule TLS fuzzing runs (non-fuzzing mode).
+  let tls_base = merge(run_base, {group: "TLS"});
+  scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm",
+                     "tls-client-no_fuzzer_mode");
+
+  // Schedule TLS fuzzing runs (fuzzing mode).
+  let tls_fm_base = merge(tls_base, {parent: task_build_tls});
+  scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client");
+
+  return queue.submit();
+}
+
+/*****************************************************************************/
+
+async function scheduleTestBuilds() {
+  let base = {
+    platform: "linux64",
+    collection: "gyp",
+    group: "Test",
+    image: LINUX_IMAGE
+  };
+
+  // Build base definition.
+  let build = merge({
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && " +
+      "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --test --ct-verif"
+    ],
+    artifacts: {
+      public: {
+        expires: 24 * 7,
+        type: "directory",
+        path: "/home/worker/artifacts"
+      }
+    },
+    kind: "build",
+    symbol: "B",
+    name: "Linux 64 (debug, gyp, test)"
+  }, base);
+
+  // The task that builds NSPR+NSS.
+  let task_build = queue.scheduleTask(build);
+
+  // Schedule tests.
+  queue.scheduleTask(merge(base, {
+    parent: task_build,
+    name: "mpi",
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
+    ],
+    tests: "mpi",
+    cycle: "standard",
+    symbol: "mpi",
+    kind: "test"
+  }));
+
+  return queue.submit();
+}
+
+
+/*****************************************************************************/
+
+async function scheduleWindows(name, base) {
+  base = merge(base, {
+    workerType: "nss-win2012r2",
+    platform: "windows2012-64",
+    env: {
+      PATH: "c:\\mozilla-build\\python;c:\\mozilla-build\\msys\\local\\bin;" +
+            "c:\\mozilla-build\\7zip;c:\\mozilla-build\\info-zip;" +
+            "c:\\mozilla-build\\python\\Scripts;c:\\mozilla-build\\yasm;" +
+            "c:\\mozilla-build\\msys\\bin;c:\\Windows\\system32;" +
+            "c:\\mozilla-build\\upx391w;c:\\mozilla-build\\moztools-x64\\bin;" +
+            "c:\\mozilla-build\\wget",
+      DOMSUF: "localdomain",
+      HOST: "localhost",
+      USE_64: "1"
+    }
+  });
+
+  // Build base definition.
+  let build_base = merge(base, {
+    command: [
+      WINDOWS_CHECKOUT_CMD,
+      "bash -c nss/automation/taskcluster/windows/build.sh"
+    ],
+    artifacts: [{
+      expires: 24 * 7,
+      type: "directory",
+      path: "public\\build"
+    }],
+    kind: "build",
+    symbol: "B"
+  });
+
+  // The task that builds NSPR+NSS.
+  let task_build = queue.scheduleTask(merge(build_base, {name}));
+
+  // The task that generates certificates.
+  let task_cert = queue.scheduleTask(merge(build_base, {
+    name: "Certificates",
+    command: [
+      WINDOWS_CHECKOUT_CMD,
+      "bash -c nss/automation/taskcluster/windows/gen_certs.sh"
+    ],
+    parent: task_build,
+    symbol: "Certs"
+  }));
+
+  // Schedule tests.
+  scheduleTests(task_build, task_cert, merge(base, {
+    command: [
+      WINDOWS_CHECKOUT_CMD,
+      "bash -c nss/automation/taskcluster/windows/run_tests.sh"
+    ]
+  }));
+
+  return queue.submit();
+}
+
+/*****************************************************************************/
+
+function scheduleTests(task_build, task_cert, test_base) {
+  test_base = merge({kind: "test"}, test_base);
+
+  // Schedule tests that do NOT need certificates.
+  let no_cert_base = merge(test_base, {parent: task_build});
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "Gtests", symbol: "Gtest", tests: "ssl_gtests gtests", cycle: "standard"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "Bogo tests", symbol: "Bogo", tests: "bogo", cycle: "standard"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "Interop tests", symbol: "Interop", tests: "interop", cycle: "standard"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "Chains tests", symbol: "Chains", tests: "chains"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "Cipher tests", symbol: "Cipher", tests: "cipher"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "EC tests", symbol: "EC", tests: "ec"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "Lowhash tests", symbol: "Lowhash", tests: "lowhash"
+  }));
+  queue.scheduleTask(merge(no_cert_base, {
+    name: "SDR tests", symbol: "SDR", tests: "sdr"
+  }));
+
+  // Schedule tests that need certificates.
+  let cert_base = merge(test_base, {parent: task_cert});
+  queue.scheduleTask(merge(cert_base, {
+    name: "CRMF tests", symbol: "CRMF", tests: "crmf"
+  }));
+  queue.scheduleTask(merge(cert_base, {
+    name: "DB tests", symbol: "DB", tests: "dbtests"
+  }));
+  queue.scheduleTask(merge(cert_base, {
+    name: "FIPS tests", symbol: "FIPS", tests: "fips"
+  }));
+  queue.scheduleTask(merge(cert_base, {
+    name: "Merge tests", symbol: "Merge", tests: "merge"
+  }));
+  queue.scheduleTask(merge(cert_base, {
+    name: "S/MIME tests", symbol: "SMIME", tests: "smime"
+  }));
+  queue.scheduleTask(merge(cert_base, {
+    name: "Tools tests", symbol: "Tools", tests: "tools"
+  }));
+
+  // SSL tests, need certificates too.
+  let ssl_base = merge(cert_base, {tests: "ssl", group: "SSL"});
+  queue.scheduleTask(merge(ssl_base, {
+    name: "SSL tests (standard)", symbol: "standard", cycle: "standard"
+  }));
+  queue.scheduleTask(merge(ssl_base, {
+    name: "SSL tests (pkix)", symbol: "pkix", cycle: "pkix"
+  }));
+  queue.scheduleTask(merge(ssl_base, {
+    name: "SSL tests (sharedb)", symbol: "sharedb", cycle: "sharedb"
+  }));
+  queue.scheduleTask(merge(ssl_base, {
+    name: "SSL tests (upgradedb)", symbol: "upgradedb", cycle: "upgradedb"
+  }));
+}
+
+/*****************************************************************************/
+
+async function scheduleTools() {
+  let base = {
+    image: LINUX_IMAGE,
+    platform: "nss-tools",
+    kind: "test"
+  };
+
+  queue.scheduleTask(merge(base, {
+    symbol: "clang-format-3.9",
+    name: "clang-format-3.9",
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_clang_format.sh"
+    ]
+  }));
+
+  queue.scheduleTask(merge(base, {
+    symbol: "scan-build-3.9",
+    name: "scan-build-3.9",
+    env: {
+      USE_64: "1",
+      CC: "clang",
+      CCC: "clang++",
+    },
+    artifacts: {
+      public: {
+        expires: 24 * 7,
+        type: "directory",
+        path: "/home/worker/artifacts"
+      }
+    },
+    command: [
+      "/bin/bash",
+      "-c",
+      "bin/checkout.sh && nss/automation/taskcluster/scripts/run_scan_build.sh"
+    ]
+  }));
+
+  return queue.submit();
+}
diff --git a/nss/automation/taskcluster/graph/src/image_builder.js b/nss/automation/taskcluster/graph/src/image_builder.js
new file mode 100644
index 0000000..bc90e02
--- /dev/null
+++ b/nss/automation/taskcluster/graph/src/image_builder.js
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import * as queue from "./queue";
+import context_hash from "./context_hash";
+import taskcluster from "taskcluster-client";
+
+async function taskHasImageArtifact(taskId) {
+  let queue = new taskcluster.Queue();
+  let {artifacts} = await queue.listLatestArtifacts(taskId);
+  return artifacts.some(artifact => artifact.name == "public/image.tar");
+}
+
+async function findTaskWithImageArtifact(ns) {
+  let index = new taskcluster.Index();
+  let {taskId} = await index.findTask(ns);
+  let has_image = await taskHasImageArtifact(taskId);
+  return has_image ? taskId : null;
+}
+
+export async function findTask({name, path}) {
+  let hash = await context_hash(path);
+  let ns = `docker.images.v1.${process.env.TC_PROJECT}.${name}.hash.${hash}`;
+  return findTaskWithImageArtifact(ns).catch(() => null);
+}
+
+export async function buildTask({name, path}) {
+  let hash = await context_hash(path);
+  let ns = `docker.images.v1.${process.env.TC_PROJECT}.${name}.hash.${hash}`;
+
+  return {
+    name: "Image Builder",
+    image: "taskcluster/image_builder:0.1.5",
+    routes: ["index." + ns],
+    env: {
+      HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
+      BASE_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
+      HEAD_REV: process.env.NSS_HEAD_REVISION,
+      HEAD_REF: process.env.NSS_HEAD_REVISION,
+      PROJECT: process.env.TC_PROJECT,
+      CONTEXT_PATH: path,
+      HASH: hash
+    },
+    artifacts: {
+      "public/image.tar": {
+        type: "file",
+        expires: 24 * 90,
+        path: "/artifacts/image.tar"
+      }
+    },
+    command: [
+      "/bin/bash",
+      "-c",
+      "/home/worker/bin/build_image.sh"
+    ],
+    platform: "nss-decision",
+    features: ["dind"],
+    kind: "build",
+    symbol: "I"
+  };
+}
diff --git a/nss/automation/taskcluster/graph/src/index.js b/nss/automation/taskcluster/graph/src/index.js
new file mode 100644
index 0000000..4153e1b
--- /dev/null
+++ b/nss/automation/taskcluster/graph/src/index.js
@@ -0,0 +1,14 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import * as try_syntax from "./try_syntax";
+import extend from "./extend";
+
+// Init try syntax filter.
+if (process.env.TC_PROJECT == "nss-try") {
+  try_syntax.initFilter();
+}
+
+// Extend the task graph.
+extend().catch(console.error);
diff --git a/nss/automation/taskcluster/graph/src/merge.js b/nss/automation/taskcluster/graph/src/merge.js
new file mode 100644
index 0000000..17043dd
--- /dev/null
+++ b/nss/automation/taskcluster/graph/src/merge.js
@@ -0,0 +1,10 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import {recursive as merge} from "merge";
+
+// We always want to clone.
+export default function (...args) {
+  return merge(true, ...args);
+}
diff --git a/nss/automation/taskcluster/graph/src/queue.js b/nss/automation/taskcluster/graph/src/queue.js
new file mode 100644
index 0000000..b78c54d
--- /dev/null
+++ b/nss/automation/taskcluster/graph/src/queue.js
@@ -0,0 +1,248 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import {clone} from "merge";
+import merge from "./merge";
+import slugid from "slugid";
+import taskcluster from "taskcluster-client";
+import * as image_builder from "./image_builder";
+
+let maps = [];
+let filters = [];
+
+let tasks = new Map();
+let image_tasks = new Map();
+
+let queue = new taskcluster.Queue({
+  baseUrl: "http://taskcluster/queue/v1"
+});
+
+function fromNow(hours) {
+  let d = new Date();
+  d.setHours(d.getHours() + (hours|0));
+  return d.toJSON();
+}
+
+function parseRoutes(routes) {
+  return [
+    `tc-treeherder.v2.${process.env.TC_PROJECT}.${process.env.NSS_HEAD_REVISION}.${process.env.NSS_PUSHLOG_ID}`,
+    ...routes
+  ];
+}
+
+function parseFeatures(list) {
+  return list.reduce((map, feature) => {
+    map[feature] = true;
+    return map;
+  }, {});
+}
+
+function parseArtifacts(artifacts) {
+  let copy = clone(artifacts);
+  Object.keys(copy).forEach(key => {
+    copy[key].expires = fromNow(copy[key].expires);
+  });
+  return copy;
+}
+
+function parseCollection(name) {
+  let collection = {};
+  collection[name] = true;
+  return collection;
+}
+
+function parseTreeherder(def) {
+  let treeherder = {
+    build: {
+      platform: def.platform
+    },
+    machine: {
+      platform: def.platform
+    },
+    symbol: def.symbol,
+    jobKind: def.kind
+  };
+
+  if (def.group) {
+    treeherder.groupSymbol = def.group;
+  }
+
+  if (def.collection) {
+    treeherder.collection = parseCollection(def.collection);
+  }
+
+  if (def.tier) {
+    treeherder.tier = def.tier;
+  }
+
+  return treeherder;
+}
+
+function convertTask(def) {
+  let scopes = [];
+  let dependencies = [];
+
+  let env = merge({
+    NSS_HEAD_REPOSITORY: process.env.NSS_HEAD_REPOSITORY,
+    NSS_HEAD_REVISION: process.env.NSS_HEAD_REVISION
+  }, def.env || {});
+
+  if (def.parent) {
+    dependencies.push(def.parent);
+    env.TC_PARENT_TASK_ID = def.parent;
+  }
+
+  if (def.tests) {
+    env.NSS_TESTS = def.tests;
+  }
+
+  if (def.cycle) {
+    env.NSS_CYCLES = def.cycle;
+  }
+
+  let payload = {
+    env,
+    command: def.command,
+    maxRunTime: def.maxRunTime || 3600
+  };
+
+  if (def.image) {
+    payload.image = def.image;
+  }
+
+  if (def.artifacts) {
+    payload.artifacts = parseArtifacts(def.artifacts);
+  }
+
+  if (def.features) {
+    payload.features = parseFeatures(def.features);
+
+    if (payload.features.allowPtrace) {
+      scopes.push("docker-worker:feature:allowPtrace");
+    }
+  }
+
+  return {
+    provisionerId: def.provisioner || "aws-provisioner-v1",
+    workerType: def.workerType || "hg-worker",
+    schedulerId: "task-graph-scheduler",
+
+    scopes,
+    created: fromNow(0),
+    deadline: fromNow(24),
+
+    dependencies,
+    routes: parseRoutes(def.routes || []),
+
+    metadata: {
+      name: def.name,
+      description: def.name,
+      owner: process.env.TC_OWNER,
+      source: process.env.TC_SOURCE
+    },
+
+    payload,
+
+    extra: {
+      treeherder: parseTreeherder(def)
+    }
+  };
+}
+
+export function map(fun) {
+  maps.push(fun);
+}
+
+export function filter(fun) {
+  filters.push(fun);
+}
+
+export function scheduleTask(def) {
+  let taskId = slugid.v4();
+  tasks.set(taskId, merge({}, def));
+  return taskId;
+}
+
+export async function submit() {
+  let promises = new Map();
+
+  for (let [taskId, task] of tasks) {
+    // Allow filtering tasks before we schedule them.
+    if (!filters.every(filter => filter(task))) {
+      continue;
+    }
+
+    // Allow changing tasks before we schedule them.
+    maps.forEach(map => { task = map(merge({}, task)) });
+
+    let log_id = `${task.name} @ ${task.platform}[${task.collection || "opt"}]`;
+    console.log(`+ Submitting ${log_id}.`);
+
+    let parent = task.parent;
+
+    // Convert the task definition.
+    task = await convertTask(task);
+
+    // Convert the docker image definition.
+    let image_def = task.payload.image;
+    if (image_def && image_def.hasOwnProperty("path")) {
+      let key = `${image_def.name}:${image_def.path}`;
+      let data = {};
+
+      // Check the cache first.
+      if (image_tasks.has(key)) {
+        data = image_tasks.get(key);
+      } else {
+        data.taskId = await image_builder.findTask(image_def);
+        data.isPending = !data.taskId;
+
+        // No task found.
+        if (data.isPending) {
+          let image_task = await image_builder.buildTask(image_def);
+
+          // Schedule a new image builder task immediately.
+          data.taskId = slugid.v4();
+
+          try {
+            await queue.createTask(data.taskId, convertTask(image_task));
+          } catch (e) {
+            console.error("! FAIL: Scheduling image builder task failed.");
+            continue; /* Skip this task on failure. */
+          }
+        }
+
+        // Store in cache.
+        image_tasks.set(key, data);
+      }
+
+      if (data.isPending) {
+        task.dependencies.push(data.taskId);
+      }
+
+      task.payload.image = {
+        path: "public/image.tar",
+        taskId: data.taskId,
+        type: "task-image"
+      };
+    }
+
+    // Wait for the parent task to be created before scheduling dependants.
+    let predecessor = parent ? promises.get(parent) : Promise.resolve();
+
+    promises.set(taskId, predecessor.then(() => {
+      // Schedule the task.
+      return queue.createTask(taskId, task).catch(err => {
+        console.error(`! FAIL: Scheduling ${log_id} failed.`, err);
+      });
+    }));
+  }
+
+  // Wait for all requests to finish.
+  if (promises.length) {
+    await Promise.all([...promises.values()]);
+    console.log("=== Total:", promises.length, "tasks. ===");
+  }
+
+  tasks.clear();
+}
diff --git a/nss/automation/taskcluster/graph/src/try_syntax.js b/nss/automation/taskcluster/graph/src/try_syntax.js
new file mode 100644
index 0000000..e5203e7
--- /dev/null
+++ b/nss/automation/taskcluster/graph/src/try_syntax.js
@@ -0,0 +1,153 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import * as queue from "./queue";
+import intersect from "intersect";
+import parse_args from "minimist";
+
+function parseOptions(opts) {
+  opts = parse_args(opts.split(/\s+/), {
+    default: {build: "do", platform: "all", unittests: "none", tools: "none"},
+    alias: {b: "build", p: "platform", u: "unittests", t: "tools", e: "extra-builds"},
+    string: ["build", "platform", "unittests", "tools", "extra-builds"]
+  });
+
+  // Parse build types (d=debug, o=opt).
+  let builds = intersect(opts.build.split(""), ["d", "o"]);
+
+  // If the given value is nonsense default to debug and opt builds.
+  if (builds.length == 0) {
+    builds = ["d", "o"];
+  }
+
+  // Parse platforms.
+  let allPlatforms = ["linux", "linux64", "linux64-asan", "win64",
+                      "linux64-gyp", "linux64-fuzz", "aarch64"];
+  let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
+
+  // If the given value is nonsense or "none" default to all platforms.
+  if (platforms.length == 0 && opts.platform != "none") {
+    platforms = allPlatforms;
+  }
+
+  // Parse unit tests.
+  let aliases = {"gtests": "gtest"};
+  let allUnitTests = ["bogo", "crmf", "chains", "cipher", "db", "ec", "fips",
+                      "gtest", "interop", "lowhash", "merge", "sdr", "smime", "tools",
+                      "ssl", "mpi", "scert", "spki"];
+  let unittests = intersect(opts.unittests.split(/\s*,\s*/).map(t => {
+    return aliases[t] || t;
+  }), allUnitTests);
+
+  // If the given value is "all" run all tests.
+  // If it's nonsense then don't run any tests.
+  if (opts.unittests == "all") {
+    unittests = allUnitTests;
+  } else if (unittests.length == 0) {
+    unittests = [];
+  }
+
+  // Parse tools.
+  let allTools = ["clang-format", "scan-build"];
+  let tools = intersect(opts.tools.split(/\s*,\s*/), allTools);
+
+  // If the given value is "all" run all tools.
+  // If it's nonsense then don't run any tools.
+  if (opts.tools == "all") {
+    tools = allTools;
+  } else if (tools.length == 0) {
+    tools = [];
+  }
+
+  return {
+    builds: builds,
+    platforms: platforms,
+    unittests: unittests,
+    extra: (opts.e == "all"),
+    tools: tools
+  };
+}
+
+function filter(opts) {
+  return function (task) {
+    // Filter tools. We can immediately return here as those
+    // are not affected by platform or build type selectors.
+    if (task.platform == "nss-tools") {
+      return opts.tools.some(tool => {
+        return task.symbol.toLowerCase().startsWith(tool);
+      });
+    }
+
+    // Filter unit tests.
+    if (task.tests) {
+      let found = opts.unittests.some(test => {
+        // TODO: think of something more intelligent here.
+        if (task.symbol.toLowerCase().startsWith("mpi") && test == "mpi") {
+          return true;
+        }
+        return (task.group || task.symbol).toLowerCase().startsWith(test);
+      });
+
+      if (!found) {
+        return false;
+      }
+    }
+
+    // Filter extra builds.
+    if (task.group == "Builds" && !opts.extra) {
+      return false;
+    }
+
+    let coll = name => name == (task.collection || "opt");
+
+    // Filter by platform.
+    let found = opts.platforms.some(platform => {
+      let aliases = {
+        "linux": "linux32",
+        "linux64-asan": "linux64",
+        "linux64-fuzz": "linux64",
+        "linux64-gyp": "linux64",
+        "win64": "windows2012-64"
+      };
+
+      // Check the platform name.
+      let keep = (task.platform == (aliases[platform] || platform));
+
+      // Additional checks.
+      if (platform == "linux64-asan") {
+        keep &= coll("asan");
+      } else if (platform == "linux64-gyp") {
+        keep &= coll("gyp");
+      } else if (platform == "linux64-fuzz") {
+        keep &= coll("fuzz");
+      } else {
+        keep &= coll("opt") || coll("debug");
+      }
+
+      return keep;
+    });
+
+    if (!found) {
+      return false;
+    }
+
+    // Finally, filter by build type.
+    let isDebug = coll("debug") || coll("asan") || coll("gyp") ||
+                  coll("fuzz");
+    return (isDebug && opts.builds.includes("d")) ||
+           (!isDebug && opts.builds.includes("o"));
+  }
+}
+
+export function initFilter() {
+  let comment = process.env.TC_COMMENT || "";
+
+  // Check for try syntax in changeset comment.
+  let match = comment.match(/^\s*try:\s*(.*)\s*$/);
+
+  // Add try syntax filter.
+  if (match) {
+    queue.filter(filter(parseOptions(match[1])));
+  }
+}
diff --git a/nss/automation/taskcluster/scripts/build.sh b/nss/automation/taskcluster/scripts/build.sh
new file mode 100755
index 0000000..649fdaa
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/build.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+if [ -n "$NSS_BUILD_MODULAR" ]; then
+    $(dirname "$0")/build_nspr.sh || exit $?
+    $(dirname "$0")/build_util.sh || exit $?
+    $(dirname "$0")/build_softoken.sh || exit $?
+    $(dirname "$0")/build_nss.sh || exit $?
+    exit
+fi
+
+# Clone NSPR if needed.
+hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
+
+# Build.
+make -C nss nss_build_all
+
+# Package.
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist
diff --git a/nss/automation/taskcluster/scripts/build_gyp.sh b/nss/automation/taskcluster/scripts/build_gyp.sh
new file mode 100755
index 0000000..7190bd5
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/build_gyp.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+# Clone NSPR if needed.
+hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
+
+# Build.
+nss/build.sh -g -v "$@"
+
+# Package.
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist
diff --git a/nss/automation/taskcluster/scripts/build_nspr.sh b/nss/automation/taskcluster/scripts/build_nspr.sh
new file mode 100755
index 0000000..4d19034
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/build_nspr.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+source $(dirname $0)/tools.sh
+
+# Clone NSPR if needed.
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
+
+# Build.
+rm -rf dist
+make -C nss build_nspr
+
+# Package.
+test -d artifacts || mkdir artifacts
+rm -rf dist-nspr
+mv dist dist-nspr
+tar cvfjh artifacts/dist-nspr.tar.bz2 dist-nspr
diff --git a/nss/automation/taskcluster/scripts/build_nss.sh b/nss/automation/taskcluster/scripts/build_nss.sh
new file mode 100755
index 0000000..b909bc3
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/build_nss.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+source $(dirname $0)/tools.sh
+source $(dirname $0)/split.sh
+
+test -d dist-softoken || { echo "run build_softoken.sh first" 1>&2; exit 1; }
+
+rm -rf nss-nss
+split_nss nss nss-nss
+
+# Build.
+export NSS_BUILD_WITHOUT_SOFTOKEN=1
+export NSS_USE_SYSTEM_FREEBL=1
+
+platform=`make -s -C nss platform`
+
+export NSPR_LIB_DIR="$PWD/dist-nspr/$platform/lib"
+export NSSUTIL_LIB_DIR="$PWD/dist-util/$platform/lib"
+export FREEBL_LIB_DIR="$PWD/dist-softoken/$platform/lib"
+export SOFTOKEN_LIB_DIR="$PWD/dist-softoken/$platform/lib"
+export FREEBL_LIBS=-lfreebl
+
+export NSS_NO_PKCS11_BYPASS=1
+export FREEBL_NO_DEPEND=1
+
+export LIBRARY_PATH="$PWD/dist-nspr/$platform/lib:$PWD/dist-util/$platform/lib:$PWD/dist-softoken/$platform/lib"
+export LD_LIBRARY_PATH="$LIBRARY_PATH:$LD_LIBRARY_PATH"
+export INCLUDES="-I$PWD/dist-nspr/$platform/include -I$PWD/dist-util/public/nss -I$PWD/dist-softoken/public/nss"
+
+rm -rf dist
+make -C nss-nss nss_build_all
+
+# Package.
+test -d artifacts || mkdir artifacts
+rm -rf dist-nss
+mv dist dist-nss
+tar cvfjh artifacts/dist-nss.tar.bz2 dist-nss
diff --git a/nss/automation/taskcluster/scripts/build_softoken.sh b/nss/automation/taskcluster/scripts/build_softoken.sh
new file mode 100755
index 0000000..e5aaecc
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/build_softoken.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+source $(dirname $0)/tools.sh
+source $(dirname $0)/split.sh
+
+test -d dist-util || { echo "run build_util.sh first" 1>&2; exit 1; }
+
+rm -rf nss-softoken
+split_softoken nss nss-softoken
+
+# Build.
+platform=`make -s -C nss platform`
+export LIBRARY_PATH="$PWD/dist-nspr/$platform/lib:$PWD/dist-util/$platform/lib"
+export LD_LIBRARY_PATH="$LIBRARY_PATH:$LD_LIBRARY_PATH"
+export INCLUDES="-I$PWD/dist-nspr/$platform/include -I$PWD/dist-util/public/nss"
+export NSS_BUILD_SOFTOKEN_ONLY=1
+
+rm -rf dist
+make -C nss-softoken nss_build_all
+
+mv dist/private/nss/blapi.h dist/public/nss
+mv dist/private/nss/alghmac.h dist/public/nss
+
+# Package.
+test -d artifacts || mkdir artifacts
+rm -rf dist-softoken
+mv dist dist-softoken
+tar cvfjh artifacts/dist-softoken.tar.bz2 dist-softoken
diff --git a/nss/automation/taskcluster/scripts/build_util.sh b/nss/automation/taskcluster/scripts/build_util.sh
new file mode 100755
index 0000000..0d2ecc5
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/build_util.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+source $(dirname $0)/tools.sh
+source $(dirname $0)/split.sh
+
+rm -rf nss-util
+split_util nss nss-util
+
+# Build.
+platform=`make -s -C nss platform`
+export LIBRARY_PATH="$PWD/dist-nspr/$platform/lib"
+export LD_LIBRARY_PATH="$LIBRARY_PATH:$LD_LIBRARY_PATH"
+export INCLUDES="-I$PWD/dist-nspr/$platform/include"
+export NSS_BUILD_UTIL_ONLY=1
+
+rm -rf dist
+make -C nss-util nss_build_all
+
+# Package.
+test -d artifacts || mkdir artifacts
+rm -rf dist-util
+mv dist dist-util
+tar cvfjh artifacts/dist-util.tar.bz2 dist-util
diff --git a/nss/automation/taskcluster/scripts/extend_task_graph.sh b/nss/automation/taskcluster/scripts/extend_task_graph.sh
new file mode 100755
index 0000000..ade84cd
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/extend_task_graph.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+mkdir -p /home/worker/artifacts
+
+# Install Node.JS dependencies.
+cd nss/automation/taskcluster/graph/ && npm install
+
+# Extend the task graph.
+node lib/index.js
diff --git a/nss/automation/taskcluster/scripts/fuzz.sh b/nss/automation/taskcluster/scripts/fuzz.sh
new file mode 100755
index 0000000..cd3ed93
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/fuzz.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+type="$1"
+shift
+
+# Fetch artifact if needed.
+fetch_dist
+
+# Clone corpus.
+./nss/fuzz/clone_corpus.sh
+
+# Ensure we have a corpus.
+if [ ! -d "nss/fuzz/corpus/$type" ]; then
+  mkdir -p nss/fuzz/corpus/$type
+
+  set +x
+
+  # Create a corpus out of what we have.
+  for f in $(find nss/fuzz/corpus -type f); do
+    cp $f "nss/fuzz/corpus/$type"
+  done
+
+  set -x
+fi
+
+# Fetch objdir name.
+objdir=$(cat dist/latest)
+
+# Run nssfuzz.
+dist/$objdir/bin/nssfuzz-"$type" "$@"
diff --git a/nss/automation/taskcluster/scripts/gen_certs.sh b/nss/automation/taskcluster/scripts/gen_certs.sh
new file mode 100755
index 0000000..b8d4f60
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/gen_certs.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+# Fetch artifact if needed.
+fetch_dist
+
+# Generate certificates.
+NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" $(dirname $0)/run_tests.sh
+
+# Reset test counter so that test runs pick up our certificates.
+echo 1 > tests_results/security/localhost
+
+# Package.
+mkdir artifacts
+tar cvfjh artifacts/dist.tar.bz2 dist tests_results
diff --git a/nss/automation/taskcluster/scripts/run_clang_format.sh b/nss/automation/taskcluster/scripts/run_clang_format.sh
new file mode 100755
index 0000000..3a36042
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/run_clang_format.sh
@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+# Apply clang-format on the provided folder and verify that this doesn't change any file.
+# If any file differs after formatting, the script eventually exits with 1.
+# Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
+
+# Includes a default set of directories.
+
+if [ $# -gt 0 ]; then
+    dirs=("$@")
+else
+    top=$(dirname $0)/../../..
+    dirs=( \
+         "$top/cmd" \
+         "$top/fuzz" \
+         "$top/lib/base" \
+         "$top/lib/certdb" \
+         "$top/lib/certhigh" \
+         "$top/lib/ckfw" \
+         "$top/lib/crmf" \
+         "$top/lib/cryptohi" \
+         "$top/lib/dbm" \
+         "$top/lib/dev" \
+         "$top/lib/freebl" \
+         "$top/lib/jar" \
+         "$top/lib/nss" \
+         "$top/lib/pk11wrap" \
+         "$top/lib/pkcs7" \
+         "$top/lib/pkcs12" \
+         "$top/lib/pki" \
+         "$top/lib/smime" \
+         "$top/lib/softoken" \
+         "$top/lib/ssl" \
+         "$top/lib/sysinit" \
+         "$top/lib/util" \
+         "$top/gtests/common" \
+         "$top/gtests/der_gtest" \
+         "$top/gtests/freebl_gtest" \
+         "$top/gtests/pk11_gtest" \
+         "$top/gtests/ssl_gtest" \
+         "$top/gtests/util_gtest" \
+         "$top/nss-tool" \
+         "$top/cpputil" \
+    )
+fi
+
+for dir in "${dirs[@]}"; do
+    find "$dir" -type f \( -name '*.[ch]' -o -name '*.cc' \) -exec clang-format -i {} \+
+done
+
+TMPFILE=$(mktemp /tmp/$(basename $0).XXXXXX)
+trap 'rm $TMPFILE' exit
+if (cd $(dirname $0); hg root >/dev/null 2>&1); then
+    hg diff --git "$top" | tee $TMPFILE
+else
+    git -C "$top" diff | tee $TMPFILE
+fi
+[[ ! -s $TMPFILE ]]
diff --git a/nss/automation/taskcluster/scripts/run_scan_build.sh b/nss/automation/taskcluster/scripts/run_scan_build.sh
new file mode 100755
index 0000000..4024c22
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/run_scan_build.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+# Clone NSPR if needed.
+if [ ! -d "nspr" ]; then
+    hg_clone https://hg.mozilla.org/projects/nspr ./nspr default
+fi
+
+# Build.
+cd nss
+make nss_build_all
+
+# What we want to scan.
+# key: directory to scan
+# value: number of errors expected in that directory
+declare -A scan=( \
+        [lib/base]=0 \
+        [lib/certdb]=0 \
+        [lib/certhigh]=0 \
+        [lib/ckfw]=0 \
+        [lib/crmf]=0 \
+        [lib/cryptohi]=0 \
+        [lib/dev]=0 \
+        [lib/freebl]=0 \
+        [lib/nss]=0 \
+        [lib/ssl]=0 \
+        [lib/util]=0 \
+    )
+
+# remove .OBJ directories to force a rebuild of just the select few
+for i in "${!scan[@]}"; do
+   find "$i" -name "*.OBJ" -exec rm -rf {} \+
+done
+
+# run scan-build (only building affected directories)
+scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..
+
+# print errors we found
+set +v +x
+STATUS=0
+for i in "${!scan[@]}"; do
+   n=$(grep -Rn "$i" /home/worker/artifacts/*/report-*.html | wc -l)
+   if [ $n -ne ${scan[$i]} ]; then
+     STATUS=1
+     echo "$(date '+%T') WARNING - TEST-UNEXPECTED-FAIL: $i contains $n scan-build errors"
+   elif [ $n -ne 0 ]; then
+     echo "$(date '+%T') WARNING - TEST-EXPECTED-FAIL: $i contains $n scan-build errors"
+   fi
+done
+exit $STATUS
diff --git a/nss/automation/taskcluster/scripts/run_tests.sh b/nss/automation/taskcluster/scripts/run_tests.sh
new file mode 100755
index 0000000..b8e2676
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/run_tests.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+source $(dirname "$0")/tools.sh
+
+# Fetch artifact if needed.
+fetch_dist
+
+# Run tests.
+cd nss/tests && ./all.sh
diff --git a/nss/automation/taskcluster/scripts/split.sh b/nss/automation/taskcluster/scripts/split.sh
new file mode 100644
index 0000000..c43c3e4
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/split.sh
@@ -0,0 +1,152 @@
+copy_top()
+{
+  srcdir_="$1"
+  dstdir_="$2"
+  files=`find "$srcdir_" -maxdepth 1 -mindepth 1 -type f`
+  for f in $files; do
+    cp -p "$f" "$dstdir_"
+  done
+}
+
+split_util() {
+  nssdir="$1"
+  dstdir="$2"
+
+  # Prepare a source tree only containing files to build nss-util:
+  #
+  #   nss/dbm                     full directory
+  #   nss/coreconf                full directory
+  #   nss                         top files only
+  #   nss/lib                     top files only
+  #   nss/lib/util                full directory
+
+  # Copy everything.
+  cp -R $nssdir $dstdir
+
+  # Skip gtests when building.
+  sed '/^DIRS = /s/ gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn
+
+  # Remove subdirectories that we don't want.
+  rm -rf $dstdir/cmd
+  rm -rf $dstdir/tests
+  rm -rf $dstdir/lib
+  rm -rf $dstdir/automation
+  rm -rf $dstdir/gtests
+  rm -rf $dstdir/doc
+
+  # Start with an empty cmd lib directories to be filled selectively.
+  mkdir $dstdir/cmd
+  cp $nssdir/cmd/Makefile $dstdir/cmd
+  cp $nssdir/cmd/manifest.mn $dstdir/cmd
+  cp $nssdir/cmd/platlibs.mk $dstdir/cmd
+  cp $nssdir/cmd/platrules.mk $dstdir/cmd
+
+  # Copy some files at the top and the util subdirectory recursively.
+  mkdir $dstdir/lib
+  cp $nssdir/lib/Makefile $dstdir/lib
+  cp $nssdir/lib/manifest.mn $dstdir/lib
+  cp -R $nssdir/lib/util $dstdir/lib/util
+}
+
+split_softoken() {
+  nssdir="$1"
+  dstdir="$2"
+
+  # Prepare a source tree only containing files to build nss-softoken:
+  #
+  #   nss/dbm                     full directory
+  #   nss/coreconf                full directory
+  #   nss                         top files only
+  #   nss/lib                     top files only
+  #   nss/lib/freebl              full directory
+  #   nss/lib/softoken            full directory
+  #   nss/lib/softoken/dbm        full directory
+
+  # Copy everything.
+  cp -R $nssdir $dstdir
+
+  # Skip gtests when building.
+  sed '/^DIRS = /s/ gtests$//' $nssdir/manifest.mn > $dstdir/manifest.mn-t && mv $dstdir/manifest.mn-t $dstdir/manifest.mn
+
+  # Remove subdirectories that we don't want.
+  rm -rf $dstdir/cmd
+  rm -rf $dstdir/tests
+  rm -rf $dstdir/lib
+  rm -rf $dstdir/pkg
+  rm -rf $dstdir/automation
+  rm -rf $dstdir/gtests
+  rm -rf $dstdir/doc
+
+  # Start with an empty lib directory and copy only what we need.
+  mkdir $dstdir/lib
+  copy_top $nssdir/lib $dstdir/lib
+  cp -R $nssdir/lib/dbm $dstdir/lib/dbm
+  cp -R $nssdir/lib/freebl $dstdir/lib/freebl
+  cp -R $nssdir/lib/softoken $dstdir/lib/softoken
+  cp -R $nssdir/lib/sqlite $dstdir/lib/sqlite
+
+  mkdir $dstdir/cmd
+  copy_top $nssdir/cmd $dstdir/cmd
+  cp -R $nssdir/cmd/bltest $dstdir/cmd/bltest
+  cp -R $nssdir/cmd/ecperf $dstdir/cmd/ecperf
+  cp -R $nssdir/cmd/fbectest $dstdir/cmd/fbectest
+  cp -R $nssdir/cmd/fipstest $dstdir/cmd/fipstest
+  cp -R $nssdir/cmd/lib $dstdir/cmd/lib
+  cp -R $nssdir/cmd/lowhashtest $dstdir/cmd/lowhashtest
+  cp -R $nssdir/cmd/shlibsign $dstdir/cmd/shlibsign
+
+  mkdir $dstdir/tests
+  copy_top $nssdir/tests $dstdir/tests
+
+  cp -R $nssdir/tests/cipher $dstdir/tests/cipher
+  cp -R $nssdir/tests/common $dstdir/tests/common
+  cp -R $nssdir/tests/ec $dstdir/tests/ec
+  cp -R $nssdir/tests/lowhash $dstdir/tests/lowhash
+
+  cp $nssdir/lib/util/verref.h $dstdir/lib/freebl
+  cp $nssdir/lib/util/verref.h $dstdir/lib/softoken
+  cp $nssdir/lib/util/verref.h $dstdir/lib/softoken/legacydb
+}
+
+split_nss() {
+  nssdir="$1"
+  dstdir="$2"
+
+  # Prepare a source tree only containing files to build nss:
+  #
+  #   nss/dbm                     full directory
+  #   nss/coreconf                full directory
+  #   nss                         top files only
+  #   nss/lib                     top files only
+  #   nss/lib/freebl              full directory
+  #   nss/lib/softoken            full directory
+  #   nss/lib/softoken/dbm        full directory
+
+  # Copy everything.
+  cp -R $nssdir $dstdir
+
+  # Remove subdirectories that we don't want.
+  rm -rf $dstdir/lib/freebl
+  rm -rf $dstdir/lib/softoken
+  rm -rf $dstdir/lib/util
+  rm -rf $dstdir/cmd/bltest
+  rm -rf $dstdir/cmd/fipstest
+  rm -rf $dstdir/cmd/rsaperf_low
+
+  # Copy these headers until the upstream bug is accepted
+  # Upstream https://bugzilla.mozilla.org/show_bug.cgi?id=820207
+  cp $nssdir/lib/softoken/lowkeyi.h $dstdir/cmd/rsaperf
+  cp $nssdir/lib/softoken/lowkeyti.h $dstdir/cmd/rsaperf
+
+  # Copy verref.h which will be needed later during the build phase.
+  cp $nssdir/lib/util/verref.h $dstdir/lib/ckfw/builtins/verref.h
+  cp $nssdir/lib/util/verref.h $dstdir/lib/nss/verref.h
+  cp $nssdir/lib/util/verref.h $dstdir/lib/smime/verref.h
+  cp $nssdir/lib/util/verref.h $dstdir/lib/ssl/verref.h
+  cp $nssdir/lib/util/templates.c $dstdir/lib/nss/templates.c
+
+  # FIXME: Skip util_gtest because it links with libnssutil.a.  Note
+  # that we can't use libnssutil3.so instead, because util_gtest
+  # depends on internal symbols not exported from the shared library.
+  sed '/	util_gtest \\/d' $dstdir/gtests/manifest.mn > $dstdir/gtests/manifest.mn-t && mv $dstdir/gtests/manifest.mn-t $dstdir/gtests/manifest.mn
+}
diff --git a/nss/automation/taskcluster/scripts/tools.sh b/nss/automation/taskcluster/scripts/tools.sh
new file mode 100644
index 0000000..46d567e
--- /dev/null
+++ b/nss/automation/taskcluster/scripts/tools.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+if [[ $(id -u) -eq 0 ]]; then
+    # Drop privileges by re-running this script.
+    # Note: this mangles arguments, better to avoid running scripts as root.
+    exec su worker -c "$0 $*"
+fi
+
+# Usage: hg_clone repo dir [revision=@]
+hg_clone() {
+    repo=$1
+    dir=$2
+    rev=${3:-@}
+    if [ -d "$dir" ]; then
+        hg pull -R "$dir" -ur "$rev" "$repo" && return
+        rm -rf "$dir"
+    fi
+    for i in 0 2 5; do
+        sleep $i
+        hg clone -r "$rev" "$repo" "$dir" && return
+        rm -rf "$dir"
+    done
+    exit 1
+}
+
+fetch_dist() {
+    url=https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/dist.tar.bz2
+    if [ ! -d "dist" ]; then
+        for i in 0 2 5; do
+            sleep $i
+            curl --retry 3 -Lo dist.tar.bz2 $url && tar xvjf dist.tar.bz2 && return
+            rm -fr dist.tar.bz2 dist
+        done
+        exit 1
+    fi
+}
diff --git a/nss/automation/taskcluster/windows/build.sh b/nss/automation/taskcluster/windows/build.sh
new file mode 100644
index 0000000..6c8a474
--- /dev/null
+++ b/nss/automation/taskcluster/windows/build.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Set up the toolchain.
+source $(dirname $0)/setup.sh
+
+# Clone NSPR.
+hg_clone https://hg.mozilla.org/projects/nspr nspr default
+
+# Build.
+make -C nss nss_build_all
+
+# Package.
+7z a public/build/dist.7z dist
diff --git a/nss/automation/taskcluster/windows/gen_certs.sh b/nss/automation/taskcluster/windows/gen_certs.sh
new file mode 100644
index 0000000..ead16bb
--- /dev/null
+++ b/nss/automation/taskcluster/windows/gen_certs.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Set up the toolchain.
+source $(dirname $0)/setup.sh
+
+# Fetch artifact.
+wget -t 3 --retry-connrefused -w 5 --random-wait https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/build/dist.7z -O dist.7z
+7z x dist.7z
+
+# Generate certificates.
+NSS_TESTS=cert NSS_CYCLES="standard pkix sharedb" nss/tests/all.sh
+
+# Reset test counter so that test runs pick up our certificates.
+echo 1 > tests_results/security/localhost
+
+# Package.
+7z a public/build/dist.7z dist tests_results
diff --git a/nss/automation/taskcluster/windows/releng.manifest b/nss/automation/taskcluster/windows/releng.manifest
new file mode 100644
index 0000000..403be2b
--- /dev/null
+++ b/nss/automation/taskcluster/windows/releng.manifest
@@ -0,0 +1,10 @@
+[
+  {
+    "version": "Visual Studio 2015 Update 3 14.0.25425.01 / SDK 10.0.14393.0",
+    "size": 326656969,
+    "digest": "babc414ffc0457d27f5a1ed24a8e4873afbe2f1c1a4075469a27c005e1babc3b2a788f643f825efedff95b79686664c67ec4340ed535487168a3482e68559bc7",
+    "algorithm": "sha512",
+    "filename": "vs2015u3.zip",
+    "unpack": true
+  }
+]
diff --git a/nss/automation/taskcluster/windows/run_tests.sh b/nss/automation/taskcluster/windows/run_tests.sh
new file mode 100644
index 0000000..f64a78e
--- /dev/null
+++ b/nss/automation/taskcluster/windows/run_tests.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Set up the toolchain.
+source $(dirname $0)/setup.sh
+
+# Fetch artifact.
+wget -t 3 --retry-connrefused -w 5 --random-wait https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/build/dist.7z -O dist.7z
+7z x dist.7z
+
+# Run tests.
+cd nss/tests && ./all.sh
diff --git a/nss/automation/taskcluster/windows/setup.sh b/nss/automation/taskcluster/windows/setup.sh
new file mode 100644
index 0000000..3273277
--- /dev/null
+++ b/nss/automation/taskcluster/windows/setup.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+set -v -e -x
+
+# Usage: hg_clone repo dir [revision=@]
+hg_clone() {
+    repo=$1
+    dir=$2
+    rev=${3:-@}
+    for i in 0 2 5; do
+        sleep $i
+        hg clone -r "$rev" "$repo" "$dir" && return
+        rm -rf "$dir"
+    done
+    exit 1
+}
+
+hg_clone https://hg.mozilla.org/build/tools tools default
+
+tools/scripts/tooltool/tooltool_wrapper.sh $(dirname $0)/releng.manifest https://api.pub.build.mozilla.org/tooltool/ non-existant-file.sh /c/mozilla-build/python/python.exe /c/builds/tooltool.py --authentication-file /c/builds/relengapi.tok -c /c/builds/tooltool_cache
+VSPATH="$(pwd)/vs2015u3"
+
+export WINDOWSSDKDIR="${VSPATH}/SDK"
+export WIN32_REDIST_DIR="${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT"
+export WIN_UCRT_REDIST_DIR="${VSPATH}/SDK/Redist/ucrt/DLLs/x64"
+
+export PATH="${VSPATH}/VC/bin/amd64:${VSPATH}/VC/bin:${VSPATH}/SDK/bin/x64:${VSPATH}/VC/redist/x64/Microsoft.VC140.CRT:${VSPATH}/SDK/Redist/ucrt/DLLs/x64:${PATH}"
+
+export INCLUDE="${VSPATH}/VC/include:${VSPATH}/SDK/Include/10.0.14393.0/ucrt:${VSPATH}/SDK/Include/10.0.14393.0/shared:${VSPATH}/SDK/Include/10.0.14393.0/um"
+export LIB="${VSPATH}/VC/lib/amd64:${VSPATH}/SDK/lib/10.0.14393.0/ucrt/x64:${VSPATH}/SDK/lib/10.0.14393.0/um/x64"
diff --git a/nss/automation/travis/validate-formatting.sh b/nss/automation/travis/validate-formatting.sh
new file mode 100755
index 0000000..246270f
--- /dev/null
+++ b/nss/automation/travis/validate-formatting.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Apply clang-format 3.8 on the provided folder and verify that this doesn't change any file.
+# If any file differs after formatting, the script eventually exits with 1.
+# Any differences between formatted and unformatted files is printed to stdout to give a hint what's wrong.
+
+STATUS=0
+for i in $(find $1 -type f -name '*.[ch]' -print); do
+  if ! clang-format-3.8 $i | diff $i -; then
+    echo "Sorry, $i is not formatted properly. Please use clang-format 3.8 on your patch before landing."
+    STATUS=1
+  fi
+done
+exit $STATUS
diff --git a/nss/build.sh b/nss/build.sh
new file mode 100755
index 0000000..c9ff426
--- /dev/null
+++ b/nss/build.sh
@@ -0,0 +1,236 @@
+#!/usr/bin/env bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+################################################################################
+#
+# This script builds NSS with gyp and ninja.
+#
+# This build system is still under development.  It does not yet support all
+# the features or platforms that NSS supports.
+
+set -e
+
+cwd=$(cd $(dirname $0); pwd -P)
+source "$cwd"/coreconf/nspr.sh
+source "$cwd"/coreconf/sanitizers.sh
+
+# Usage info
+show_help()
+{
+    cat << EOF
+Usage: ${0##*/} [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
+                [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
+                [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
+                [--disable-tests] [--fuzz[=tls|oss]]
+
+This script builds NSS with gyp and ninja.
+
+This build system is still under development.  It does not yet support all
+the features or platforms that NSS supports.
+
+NSS build tool options:
+
+    -h               display this help and exit
+    -c               clean before build
+    -v               verbose build
+    -j <n>           run at most <n> concurrent jobs
+    --nspr           force a rebuild of NSPR
+    --gyp|-g         force a rerun of gyp
+    --opt|-o         do an opt build
+    -m32             do a 32-bit build on a 64-bit system
+    --test           ignore map files and export everything we have
+    --fuzz           build fuzzing targets (this always enables test builds)
+                     --fuzz=tls to enable TLS fuzzing mode
+                     --fuzz=oss to build for OSS-Fuzz
+    --pprof          build with gperftool support
+    --ct-verif       build with valgrind for ct-verif
+    --scan-build     run the build with scan-build (scan-build has to be in the path)
+                     --scan-build=/out/path sets the output path for scan-build
+    --asan           do an asan build
+    --ubsan          do an ubsan build
+                     --ubsan=bool,shift,... sets specific UB sanitizers
+    --msan           do an msan build
+    --sancov         do sanitize coverage builds
+                     --sancov=func sets coverage to function level for example
+    --disable-tests  don't build tests and corresponding cmdline utils
+EOF
+}
+
+run_verbose()
+{
+    if [ "$verbose" = 1 ]; then
+        echo "$@"
+        exec 3>&1
+    else
+        exec 3>/dev/null
+    fi
+    "$@" 1>&3 2>&3
+    exec 3>&-
+}
+
+if [ -n "$CCC" ] && [ -z "$CXX" ]; then
+    export CXX="$CCC"
+fi
+
+opt_build=0
+build_64=0
+clean=0
+rebuild_gyp=0
+rebuild_nspr=0
+target=Debug
+verbose=0
+fuzz=0
+fuzz_tls=0
+fuzz_oss=0
+
+gyp_params=(--depth="$cwd" --generator-output=".")
+nspr_params=()
+ninja_params=()
+
+# try to guess sensible defaults
+arch=$(python "$cwd"/coreconf/detect_host_arch.py)
+if [ "$arch" = "x64" -o "$arch" = "aarch64" ]; then
+    build_64=1
+fi
+
+# parse command line arguments
+while [ $# -gt 0 ]; do
+    case $1 in
+        -c) clean=1 ;;
+        --gyp|-g) rebuild_gyp=1 ;;
+        --nspr) nspr_clean; rebuild_nspr=1 ;;
+        -j) ninja_params+=(-j "$2"); shift ;;
+        -v) ninja_params+=(-v); verbose=1 ;;
+        --test) gyp_params+=(-Dtest_build=1) ;;
+        --fuzz) fuzz=1 ;;
+        --fuzz=oss) fuzz=1; fuzz_oss=1 ;;
+        --fuzz=tls) fuzz=1; fuzz_tls=1 ;;
+        --scan-build) enable_scanbuild  ;;
+        --scan-build=?*) enable_scanbuild "${1#*=}" ;;
+        --opt|-o) opt_build=1 ;;
+        -m32|--m32) build_64=0 ;;
+        --asan) enable_sanitizer asan ;;
+        --msan) enable_sanitizer msan ;;
+        --ubsan) enable_ubsan ;;
+        --ubsan=?*) enable_ubsan "${1#*=}" ;;
+        --sancov) enable_sancov ;;
+        --sancov=?*) enable_sancov "${1#*=}" ;;
+        --pprof) gyp_params+=(-Duse_pprof=1) ;;
+        --ct-verif) gyp_params+=(-Dct_verif=1) ;;
+        --disable-tests) gyp_params+=(-Ddisable_tests=1) ;;
+        --no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
+        *) show_help; exit 2 ;;
+    esac
+    shift
+done
+
+if [ "$opt_build" = 1 ]; then
+    target=Release
+else
+    target=Debug
+fi
+if [ "$build_64" = 1 ]; then
+    nspr_params+=(--enable-64bit)
+else
+    gyp_params+=(-Dtarget_arch=ia32)
+fi
+if [ "$fuzz" = 1 ]; then
+    source "$cwd"/coreconf/fuzz.sh
+fi
+
+# set paths
+target_dir="$cwd"/out/$target
+mkdir -p "$target_dir"
+dist_dir="$cwd"/../dist
+dist_dir=$(mkdir -p "$dist_dir"; cd "$dist_dir"; pwd -P)
+gyp_params+=(-Dnss_dist_dir="$dist_dir")
+
+# -c = clean first
+if [ "$clean" = 1 ]; then
+    nspr_clean
+    rm -rf "$cwd"/out
+    rm -rf "$dist_dir"
+fi
+
+# This saves a canonical representation of arguments that we are passing to gyp
+# or the NSPR build so that we can work out if a rebuild is needed.
+# Caveat: This can fail for arguments that are position-dependent.
+# e.g., "-e 2 -f 1" and "-e 1 -f 2" canonicalize the same.
+check_config()
+{
+    local newconf="$1".new oldconf="$1"
+    shift
+    mkdir -p $(dirname "$newconf")
+    echo CC="$CC" >"$newconf"
+    echo CCC="$CCC" >>"$newconf"
+    echo CXX="$CXX" >>"$newconf"
+    for i in "$@"; do echo $i; done | sort >>"$newconf"
+
+    # Note: The following diff fails if $oldconf isn't there as well, which
+    # happens if we don't have a previous successful build.
+    ! diff -q "$newconf" "$oldconf" >/dev/null 2>&1
+}
+
+gyp_config="$cwd"/out/gyp_config
+nspr_config="$cwd"/out/$target/nspr_config
+
+# If we don't have a build directory make sure that we rebuild.
+if [ ! -d "$target_dir" ]; then
+    rebuild_nspr=1
+    rebuild_gyp=1
+elif [ ! -d "$dist_dir"/$target ]; then
+    rebuild_nspr=1
+fi
+
+# Update NSPR ${C,CXX,LD}FLAGS.
+nspr_set_flags $sanitizer_flags
+
+if check_config "$nspr_config" "${nspr_params[@]}" \
+                 nspr_cflags="$nspr_cflags" \
+                 nspr_cxxflags="$nspr_cxxflags" \
+                 nspr_ldflags="$nspr_ldflags"; then
+    rebuild_nspr=1
+fi
+
+# Forward sanitizer flags.
+if [ ! -z "$sanitizer_flags" ]; then
+    gyp_params+=(-Dsanitizer_flags="$sanitizer_flags")
+fi
+
+if check_config "$gyp_config" "${gyp_params[@]}"; then
+    rebuild_gyp=1
+fi
+
+# save the chosen target
+mkdir -p "$dist_dir"
+echo $target > "$dist_dir"/latest
+
+if [ "$rebuild_nspr" = 1 ]; then
+    nspr_build "${nspr_params[@]}"
+    mv -f "$nspr_config".new "$nspr_config"
+fi
+if [ "$rebuild_gyp" = 1 ]; then
+
+    # These extra arguments aren't used in determining whether to rebuild.
+    obj_dir="$dist_dir"/$target
+    gyp_params+=(-Dnss_dist_obj_dir=$obj_dir)
+    gyp_params+=(-Dnspr_lib_dir=$obj_dir/lib)
+    gyp_params+=(-Dnspr_include_dir=$obj_dir/include/nspr)
+
+    run_verbose run_scanbuild gyp -f ninja "${gyp_params[@]}" "$cwd"/nss.gyp
+
+    mv -f "$gyp_config".new "$gyp_config"
+fi
+
+# Run ninja.
+if hash ninja 2>/dev/null; then
+    ninja=ninja
+elif hash ninja-build 2>/dev/null; then
+    ninja=ninja-build
+else
+    echo "Please install ninja" 1>&2
+    exit 1
+fi
+run_scanbuild $ninja -C "$target_dir" "${ninja_params[@]}"
diff --git a/nss/cmd/Makefile b/nss/cmd/Makefile
new file mode 100644
index 0000000..86ef29a
--- /dev/null
+++ b/nss/cmd/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ..
+DEPTH = ..
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+
+ifdef BUILD_LIBPKIX_TESTS
+DIRS += libpkix
+endif
+
+ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+BLTEST_SRCDIR =
+ECPERF_SRCDIR =
+FREEBL_ECTEST_SRCDIR =
+FIPSTEST_SRCDIR =
+SHLIBSIGN_SRCDIR =
+else
+BLTEST_SRCDIR = bltest
+ECPERF_SRCDIR = ecperf
+FREEBL_ECTEST_SRCDIR = fbectest
+FIPSTEST_SRCDIR = fipstest
+SHLIBSIGN_SRCDIR = shlibsign
+endif
+
+LOWHASHTEST_SRCDIR=
+ifeq ($(FREEBL_LOWHASH),1)
+LOWHASHTEST_SRCDIR = lowhashtest  # Add the lowhashtest directory to DIRS.
+endif
+
+INCLUDES += \
+	-I$(DIST)/../public/security \
+	-I./include \
+	$(NULL)
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+symbols::
+	@echo "TARGETS	= $(TARGETS)"
diff --git a/nss/cmd/addbuiltin/Makefile b/nss/cmd/addbuiltin/Makefile
new file mode 100644
index 0000000..74ae200
--- /dev/null
+++ b/nss/cmd/addbuiltin/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
diff --git a/nss/cmd/addbuiltin/addbuiltin.c b/nss/cmd/addbuiltin/addbuiltin.c
new file mode 100644
index 0000000..8316720
--- /dev/null
+++ b/nss/cmd/addbuiltin/addbuiltin.c
@@ -0,0 +1,574 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Tool for converting builtin CA certs.
+ */
+
+#include "nssrenam.h"
+#include "nss.h"
+#include "cert.h"
+#include "certdb.h"
+#include "secutil.h"
+#include "pk11func.h"
+
+#if defined(WIN32)
+#include <fcntl.h>
+#include <io.h>
+#endif
+
+void
+dumpbytes(unsigned char *buf, int len)
+{
+    int i;
+    for (i = 0; i < len; i++) {
+        if ((i != 0) && ((i & 0xf) == 0)) {
+            printf("\n");
+        }
+        printf("\\%03o", buf[i]);
+    }
+    printf("\n");
+}
+
+int
+hasPositiveTrust(unsigned int trust)
+{
+    if (trust & CERTDB_TRUSTED) {
+        if (trust & CERTDB_TRUSTED_CA) {
+            return PR_TRUE;
+        } else {
+            return PR_FALSE;
+        }
+    } else {
+        if (trust & CERTDB_TRUSTED_CA) {
+            return PR_TRUE;
+        } else if (trust & CERTDB_VALID_CA) {
+            return PR_TRUE;
+        } else if (trust & CERTDB_TERMINAL_RECORD) {
+            return PR_FALSE;
+        } else {
+            return PR_FALSE;
+        }
+    }
+    return PR_FALSE;
+}
+
+char *
+getTrustString(unsigned int trust)
+{
+    if (trust & CERTDB_TRUSTED) {
+        if (trust & CERTDB_TRUSTED_CA) {
+            return "CKT_NSS_TRUSTED_DELEGATOR";
+        } else {
+            return "CKT_NSS_TRUSTED";
+        }
+    } else {
+        if (trust & CERTDB_TRUSTED_CA) {
+            return "CKT_NSS_TRUSTED_DELEGATOR";
+        } else if (trust & CERTDB_VALID_CA) {
+            return "CKT_NSS_VALID_DELEGATOR";
+        } else if (trust & CERTDB_TERMINAL_RECORD) {
+            return "CKT_NSS_NOT_TRUSTED";
+        } else {
+            return "CKT_NSS_MUST_VERIFY_TRUST";
+        }
+    }
+    return "CKT_NSS_TRUST_UNKNOWN"; /* not reached */
+}
+
+static const SEC_ASN1Template serialTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(CERTCertificate, serialNumber) },
+    { 0 }
+};
+
+void
+print_crl_info(CERTName *name, SECItem *serial)
+{
+    PRBool saveWrapeState = SECU_GetWrapEnabled();
+    SECU_EnableWrap(PR_FALSE);
+
+    SECU_PrintNameQuotesOptional(stdout, name, "# Issuer", 0, PR_FALSE);
+    printf("\n");
+
+    SECU_PrintInteger(stdout, serial, "# Serial Number", 0);
+
+    SECU_EnableWrap(saveWrapeState);
+}
+
+static SECStatus
+ConvertCRLEntry(SECItem *sdder, PRInt32 crlentry, char *nickname)
+{
+    int rv;
+    PLArenaPool *arena = NULL;
+    CERTSignedCrl *newCrl = NULL;
+    CERTCrlEntry *entry;
+
+    CERTName *name = NULL;
+    SECItem *derName = NULL;
+    SECItem *serial = NULL;
+
+    rv = SEC_ERROR_NO_MEMORY;
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena)
+        return rv;
+
+    newCrl = CERT_DecodeDERCrlWithFlags(arena, sdder, SEC_CRL_TYPE,
+                                        CRL_DECODE_DEFAULT_OPTIONS);
+    if (!newCrl)
+        return SECFailure;
+
+    name = &newCrl->crl.name;
+    derName = &newCrl->crl.derName;
+
+    if (newCrl->crl.entries != NULL) {
+        PRInt32 iv = 0;
+        while ((entry = newCrl->crl.entries[iv++]) != NULL) {
+            if (crlentry == iv) {
+                serial = &entry->serialNumber;
+                break;
+            }
+        }
+    }
+
+    if (!name || !derName || !serial)
+        return SECFailure;
+
+    printf("\n# Distrust \"%s\"\n", nickname);
+    print_crl_info(name, serial);
+
+    printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n");
+    printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
+    printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
+    printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
+    printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+
+    printf("CKA_ISSUER MULTILINE_OCTAL\n");
+    dumpbytes(derName->data, derName->len);
+    printf("END\n");
+    printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
+    printf("\\002\\%03o", serial->len); /* 002: type integer; len >=3 digits */
+    dumpbytes(serial->data, serial->len);
+    printf("END\n");
+
+    printf("CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED\n");
+    printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED\n");
+    printf("CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED\n");
+    printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE\n");
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+void
+print_info(SECItem *sdder, CERTCertificate *c)
+{
+    PRBool saveWrapeState = SECU_GetWrapEnabled();
+    SECU_EnableWrap(PR_FALSE);
+
+    SECU_PrintNameQuotesOptional(stdout, &c->issuer, "# Issuer", 0, PR_FALSE);
+    printf("\n");
+
+    SECU_PrintInteger(stdout, &c->serialNumber, "# Serial Number", 0);
+
+    SECU_PrintNameQuotesOptional(stdout, &c->subject, "# Subject", 0, PR_FALSE);
+    printf("\n");
+
+    SECU_PrintTimeChoice(stdout, &c->validity.notBefore, "# Not Valid Before", 0);
+    SECU_PrintTimeChoice(stdout, &c->validity.notAfter, "# Not Valid After ", 0);
+
+    SECU_PrintFingerprints(stdout, sdder, "# Fingerprint", 0);
+
+    SECU_EnableWrap(saveWrapeState);
+}
+
+static SECStatus
+ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust,
+                   PRBool excludeCert, PRBool excludeHash)
+{
+    SECStatus rv = SECSuccess;
+    CERTCertificate *cert;
+    unsigned char sha1_hash[SHA1_LENGTH];
+    unsigned char md5_hash[MD5_LENGTH];
+    SECItem *serial = NULL;
+    PRBool step_up = PR_FALSE;
+    const char *trust_info;
+
+    cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname);
+    if (!cert) {
+        return SECFailure;
+    }
+    serial = SEC_ASN1EncodeItem(NULL, NULL, cert, serialTemplate);
+    if (!serial) {
+        return SECFailure;
+    }
+
+    if (!excludeCert) {
+        printf("\n#\n# Certificate \"%s\"\n#\n", nickname);
+        print_info(sdder, cert);
+        printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
+        printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
+        printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
+        printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
+        printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+        printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
+        printf("CKA_SUBJECT MULTILINE_OCTAL\n");
+        dumpbytes(cert->derSubject.data, cert->derSubject.len);
+        printf("END\n");
+        printf("CKA_ID UTF8 \"0\"\n");
+        printf("CKA_ISSUER MULTILINE_OCTAL\n");
+        dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
+        printf("END\n");
+        printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
+        dumpbytes(serial->data, serial->len);
+        printf("END\n");
+        printf("CKA_VALUE MULTILINE_OCTAL\n");
+        dumpbytes(sdder->data, sdder->len);
+        printf("END\n");
+        if (hasPositiveTrust(trust->sslFlags) ||
+            hasPositiveTrust(trust->emailFlags) ||
+            hasPositiveTrust(trust->objectSigningFlags)) {
+            printf("CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE\n");
+        }
+    }
+
+    if ((trust->sslFlags | trust->emailFlags | trust->objectSigningFlags) ==
+        CERTDB_TERMINAL_RECORD)
+        trust_info = "Distrust";
+    else
+        trust_info = "Trust for";
+
+    printf("\n# %s \"%s\"\n", trust_info, nickname);
+    print_info(sdder, cert);
+
+    printf("CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST\n");
+    printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
+    printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
+    printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
+    printf("CKA_LABEL UTF8 \"%s\"\n", nickname);
+
+    if (!excludeHash) {
+        PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
+        printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
+        dumpbytes(sha1_hash, SHA1_LENGTH);
+        printf("END\n");
+        PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
+        printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
+        dumpbytes(md5_hash, MD5_LENGTH);
+        printf("END\n");
+    }
+
+    printf("CKA_ISSUER MULTILINE_OCTAL\n");
+    dumpbytes(cert->derIssuer.data, cert->derIssuer.len);
+    printf("END\n");
+    printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
+    dumpbytes(serial->data, serial->len);
+    printf("END\n");
+
+    printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n",
+           getTrustString(trust->sslFlags));
+    printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n",
+           getTrustString(trust->emailFlags));
+    printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n",
+           getTrustString(trust->objectSigningFlags));
+#ifdef notdef
+    printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NSS_TRUSTED\n");
+    printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NSS_TRUSTED_DELEGATOR\n");
+#endif
+
+    step_up = (trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
+    printf("CKA_TRUST_STEP_UP_APPROVED CK_BBOOL %s\n",
+           step_up ? "CK_TRUE" : "CK_FALSE");
+
+    PORT_Free(sdder->data);
+    return (rv);
+}
+
+void
+printheader()
+{
+    printf("# \n"
+           "# This Source Code Form is subject to the terms of the Mozilla Public\n"
+           "# License, v. 2.0. If a copy of the MPL was not distributed with this\n"
+           "# file, You can obtain one at http://mozilla.org/MPL/2.0/.\n"
+           "#\n"
+           "# certdata.txt\n"
+           "#\n"
+           "# This file contains the object definitions for the certs and other\n"
+           "# information \"built into\" NSS.\n"
+           "#\n"
+           "# Object definitions:\n"
+           "#\n"
+           "#    Certificates\n"
+           "#\n"
+           "#  -- Attribute --          -- type --              -- value --\n"
+           "#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE\n"
+           "#  CKA_TOKEN                CK_BBOOL                CK_TRUE\n"
+           "#  CKA_PRIVATE              CK_BBOOL                CK_FALSE\n"
+           "#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE\n"
+           "#  CKA_LABEL                UTF8                    (varies)\n"
+           "#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509\n"
+           "#  CKA_SUBJECT              DER+base64              (varies)\n"
+           "#  CKA_ID                   byte array              (varies)\n"
+           "#  CKA_ISSUER               DER+base64              (varies)\n"
+           "#  CKA_SERIAL_NUMBER        DER+base64              (varies)\n"
+           "#  CKA_VALUE                DER+base64              (varies)\n"
+           "#  CKA_NSS_EMAIL            ASCII7                  (unused here)\n"
+           "#\n"
+           "#    Trust\n"
+           "#\n"
+           "#  -- Attribute --              -- type --          -- value --\n"
+           "#  CKA_CLASS                    CK_OBJECT_CLASS     CKO_TRUST\n"
+           "#  CKA_TOKEN                    CK_BBOOL            CK_TRUE\n"
+           "#  CKA_PRIVATE                  CK_BBOOL            CK_FALSE\n"
+           "#  CKA_MODIFIABLE               CK_BBOOL            CK_FALSE\n"
+           "#  CKA_LABEL                    UTF8                (varies)\n"
+           "#  CKA_ISSUER                   DER+base64          (varies)\n"
+           "#  CKA_SERIAL_NUMBER            DER+base64          (varies)\n"
+           "#  CKA_CERT_HASH                binary+base64       (varies)\n"
+           "#  CKA_EXPIRES                  CK_DATE             (not used here)\n"
+           "#  CKA_TRUST_DIGITAL_SIGNATURE  CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_NON_REPUDIATION    CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_KEY_ENCIPHERMENT   CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_DATA_ENCIPHERMENT  CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_KEY_AGREEMENT      CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_KEY_CERT_SIGN      CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_CRL_SIGN           CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_SERVER_AUTH        CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_CLIENT_AUTH        CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_CODE_SIGNING       CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_EMAIL_PROTECTION   CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_IPSEC_END_SYSTEM   CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_IPSEC_TUNNEL       CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_IPSEC_USER         CK_TRUST            (varies)\n"
+           "#  CKA_TRUST_TIME_STAMPING      CK_TRUST            (varies)\n"
+           "#  (other trust attributes can be defined)\n"
+           "#\n"
+           "\n"
+           "#\n"
+           "# The object to tell NSS that this is a root list and we don't\n"
+           "# have to go looking for others.\n"
+           "#\n"
+           "BEGINDATA\n"
+           "CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST\n"
+           "CKA_TOKEN CK_BBOOL CK_TRUE\n"
+           "CKA_PRIVATE CK_BBOOL CK_FALSE\n"
+           "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
+           "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
+}
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr, "%s -t trust -n nickname [-i certfile] [-c] [-h]\n", progName);
+    fprintf(stderr,
+            "\tRead a der-encoded cert from certfile or stdin, and output\n"
+            "\tit to stdout in a format suitable for the builtin root module.\n"
+            "\tExample: %s -n MyCA -t \"C,C,C\" -i myca.der >> certdata.txt\n",
+            progName);
+    fprintf(stderr, "%s -D -n label [-i certfile]\n", progName);
+    fprintf(stderr,
+            "\tRead a der-encoded cert from certfile or stdin, and output\n"
+            "\ta distrust record.\n"
+            "\t(-D is equivalent to -t p,p,p -c -h)\n");
+    fprintf(stderr, "%s -C -e crl-entry-number -n label [-i crlfile]\n", progName);
+    fprintf(stderr,
+            "\tRead a CRL from crlfile or stdin, and output\n"
+            "\ta distrust record (issuer+serial).\n"
+            "\t(-C implies -c -h)\n");
+    fprintf(stderr, "%-15s trust flags (cCTpPuw).\n", "-t trust");
+    fprintf(stderr, "%-15s nickname to assign to builtin cert, or\n",
+            "-n nickname");
+    fprintf(stderr, "%-15s a label for the distrust record.\n", "");
+    fprintf(stderr, "%-15s exclude the certificate (only add a trust record)\n", "-c");
+    fprintf(stderr, "%-15s exclude hash from trust record\n", "-h");
+    fprintf(stderr, "%-15s     (useful to distrust any matching issuer/serial)\n", "");
+    fprintf(stderr, "%-15s     (not allowed when adding positive trust)\n", "");
+    fprintf(stderr, "%-15s a CRL entry number, as shown by \"crlutil -S\"\n", "-e");
+    fprintf(stderr, "%-15s input file to read (default stdin)\n", "-i file");
+    fprintf(stderr, "%-15s     (pipe through atob if the cert is b64-encoded)\n", "");
+    exit(-1);
+}
+
+enum {
+    opt_Input = 0,
+    opt_Nickname,
+    opt_Trust,
+    opt_Distrust,
+    opt_ExcludeCert,
+    opt_ExcludeHash,
+    opt_DistrustCRL,
+    opt_CRLEnry
+};
+
+static secuCommandFlag addbuiltin_options[] =
+    {
+      { /* opt_Input         */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Nickname      */ 'n', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Trust         */ 't', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Distrust      */ 'D', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ExcludeCert   */ 'c', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ExcludeHash   */ 'h', PR_FALSE, 0, PR_FALSE },
+      { /* opt_DistrustCRL   */ 'C', PR_FALSE, 0, PR_FALSE },
+      { /* opt_CRLEnry       */ 'e', PR_TRUE, 0, PR_FALSE },
+    };
+
+int
+main(int argc, char **argv)
+{
+    SECStatus rv;
+    char *nickname = NULL;
+    char *trusts = NULL;
+    char *progName;
+    PRFileDesc *infile;
+    CERTCertTrust trust = { 0 };
+    SECItem derItem = { 0 };
+    PRInt32 crlentry = 0;
+    PRInt32 mutuallyExclusiveOpts = 0;
+    PRBool decodeTrust = PR_FALSE;
+
+    secuCommand addbuiltin = { 0 };
+    addbuiltin.numOptions = sizeof(addbuiltin_options) / sizeof(secuCommandFlag);
+    addbuiltin.options = addbuiltin_options;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin);
+
+    if (rv != SECSuccess)
+        Usage(progName);
+
+    if (addbuiltin.options[opt_Trust].activated)
+        ++mutuallyExclusiveOpts;
+    if (addbuiltin.options[opt_Distrust].activated)
+        ++mutuallyExclusiveOpts;
+    if (addbuiltin.options[opt_DistrustCRL].activated)
+        ++mutuallyExclusiveOpts;
+
+    if (mutuallyExclusiveOpts != 1) {
+        fprintf(stderr, "%s: you must specify exactly one of -t or -D or -C\n",
+                progName);
+        Usage(progName);
+    }
+
+    if (addbuiltin.options[opt_DistrustCRL].activated) {
+        if (!addbuiltin.options[opt_CRLEnry].activated) {
+            fprintf(stderr, "%s: you must specify the CRL entry number.\n",
+                    progName);
+            Usage(progName);
+        } else {
+            crlentry = atoi(addbuiltin.options[opt_CRLEnry].arg);
+            if (crlentry < 1) {
+                fprintf(stderr, "%s: The CRL entry number must be > 0.\n",
+                        progName);
+                Usage(progName);
+            }
+        }
+    }
+
+    if (!addbuiltin.options[opt_Nickname].activated) {
+        fprintf(stderr, "%s: you must specify parameter -n (a nickname or a label).\n",
+                progName);
+        Usage(progName);
+    }
+
+    if (addbuiltin.options[opt_Input].activated) {
+        infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
+        if (!infile) {
+            fprintf(stderr, "%s: failed to open input file.\n", progName);
+            exit(1);
+        }
+    } else {
+#if defined(WIN32)
+        /* If we're going to read binary data from stdin, we must put stdin
+	** into O_BINARY mode or else incoming \r\n's will become \n's,
+	** and latin-1 characters will be altered.
+	*/
+
+        int smrv = _setmode(_fileno(stdin), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+                    progName);
+            exit(1);
+        }
+#endif
+        infile = PR_STDIN;
+    }
+
+#if defined(WIN32)
+    /* We must put stdout into O_BINARY mode or else the output will include
+    ** carriage returns.
+    */
+    {
+        int smrv = _setmode(_fileno(stdout), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr, "%s: Cannot change stdout to binary mode.\n", progName);
+            exit(1);
+        }
+    }
+#endif
+
+    nickname = strdup(addbuiltin.options[opt_Nickname].arg);
+
+    NSS_NoDB_Init(NULL);
+
+    if (addbuiltin.options[opt_Distrust].activated ||
+        addbuiltin.options[opt_DistrustCRL].activated) {
+        addbuiltin.options[opt_ExcludeCert].activated = PR_TRUE;
+        addbuiltin.options[opt_ExcludeHash].activated = PR_TRUE;
+    }
+
+    if (addbuiltin.options[opt_Distrust].activated) {
+        trusts = strdup("p,p,p");
+        decodeTrust = PR_TRUE;
+    } else if (addbuiltin.options[opt_Trust].activated) {
+        trusts = strdup(addbuiltin.options[opt_Trust].arg);
+        decodeTrust = PR_TRUE;
+    }
+
+    if (decodeTrust) {
+        rv = CERT_DecodeTrustString(&trust, trusts);
+        if (rv) {
+            fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
+            Usage(progName);
+        }
+    }
+
+    if (addbuiltin.options[opt_Trust].activated &&
+        addbuiltin.options[opt_ExcludeHash].activated) {
+        if ((trust.sslFlags | trust.emailFlags | trust.objectSigningFlags) !=
+            CERTDB_TERMINAL_RECORD) {
+            fprintf(stderr, "%s: Excluding the hash only allowed with distrust.\n", progName);
+            Usage(progName);
+        }
+    }
+
+    SECU_FileToItem(&derItem, infile);
+
+    /*printheader();*/
+
+    if (addbuiltin.options[opt_DistrustCRL].activated) {
+        rv = ConvertCRLEntry(&derItem, crlentry, nickname);
+    } else {
+        rv = ConvertCertificate(&derItem, nickname, &trust,
+                                addbuiltin.options[opt_ExcludeCert].activated,
+                                addbuiltin.options[opt_ExcludeHash].activated);
+        if (rv) {
+            fprintf(stderr, "%s: failed to convert certificate.\n", progName);
+            exit(1);
+        }
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+    return (SECSuccess);
+}
diff --git a/nss/cmd/addbuiltin/addbuiltin.gyp b/nss/cmd/addbuiltin/addbuiltin.gyp
new file mode 100644
index 0000000..a8d1382
--- /dev/null
+++ b/nss/cmd/addbuiltin/addbuiltin.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'addbuiltin',
+      'type': 'executable',
+      'sources': [
+        'addbuiltin.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/addbuiltin/manifest.mn b/nss/cmd/addbuiltin/manifest.mn
new file mode 100644
index 0000000..9c44c08
--- /dev/null
+++ b/nss/cmd/addbuiltin/manifest.mn
@@ -0,0 +1,20 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = \
+	addbuiltin.c \
+	$(NULL)
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd
+
+PROGRAM = addbuiltin
+
diff --git a/nss/cmd/atob/Makefile b/nss/cmd/atob/Makefile
new file mode 100644
index 0000000..2aaef8f
--- /dev/null
+++ b/nss/cmd/atob/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/atob/atob.c b/nss/cmd/atob/atob.c
new file mode 100644
index 0000000..115b0e9
--- /dev/null
+++ b/nss/cmd/atob/atob.c
@@ -0,0 +1,174 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plgetopt.h"
+#include "secutil.h"
+#include "nssb64.h"
+#include <errno.h>
+
+#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
+#if !defined(WIN32)
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+#endif
+
+#if defined(WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+static PRInt32
+output_binary(void *arg, const unsigned char *obuf, PRInt32 size)
+{
+    FILE *outFile = arg;
+    int nb;
+
+    nb = fwrite(obuf, 1, size, outFile);
+    if (nb != size) {
+        PORT_SetError(SEC_ERROR_IO);
+        return -1;
+    }
+
+    return nb;
+}
+
+static PRBool
+isBase64Char(char c)
+{
+    return ((c >= 'A' && c <= 'Z') ||
+            (c >= 'a' && c <= 'z') ||
+            (c >= '0' && c <= '9') ||
+            c == '+' || c == '/' ||
+            c == '=');
+}
+
+static SECStatus
+decode_file(FILE *outFile, FILE *inFile)
+{
+    NSSBase64Decoder *cx;
+    SECStatus status = SECFailure;
+    char ibuf[4096];
+    const char *ptr;
+
+    cx = NSSBase64Decoder_Create(output_binary, outFile);
+    if (!cx) {
+        return -1;
+    }
+
+    for (;;) {
+        if (feof(inFile))
+            break;
+        if (!fgets(ibuf, sizeof(ibuf), inFile)) {
+            if (ferror(inFile)) {
+                PORT_SetError(SEC_ERROR_IO);
+                goto loser;
+            }
+            /* eof */
+            break;
+        }
+        for (ptr = ibuf; *ptr; ++ptr) {
+            char c = *ptr;
+            if (c == '\n' || c == '\r') {
+                break; /* found end of line */
+            }
+            if (!isBase64Char(c)) {
+                ptr = ibuf; /* ignore line */
+                break;
+            }
+        }
+        if (ibuf == ptr) {
+            continue; /* skip empty or non-base64 line */
+        }
+
+        status = NSSBase64Decoder_Update(cx, ibuf, ptr - ibuf);
+        if (status != SECSuccess)
+            goto loser;
+    }
+
+    return NSSBase64Decoder_Destroy(cx, PR_FALSE);
+
+loser:
+    (void)NSSBase64Decoder_Destroy(cx, PR_TRUE);
+    return status;
+}
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage: %s [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    exit(-1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    SECStatus rv;
+    FILE *inFile, *outFile;
+    PLOptState *optstate;
+    PLOptStatus status;
+
+    inFile = 0;
+    outFile = 0;
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    /* Parse command line arguments */
+    optstate = PL_CreateOptState(argc, argv, "?hi:o:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+            case 'h':
+                Usage(progName);
+                break;
+
+            case 'i':
+                inFile = fopen(optstate->value, "r");
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+        }
+    }
+    if (!inFile)
+        inFile = stdin;
+    if (!outFile) {
+#if defined(WIN32)
+        int smrv = _setmode(_fileno(stdout), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+                    progName);
+            return smrv;
+        }
+#endif
+        outFile = stdout;
+    }
+    rv = decode_file(outFile, inFile);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+                progName, PORT_GetError(), errno);
+        return -1;
+    }
+    return 0;
+}
diff --git a/nss/cmd/atob/atob.gyp b/nss/cmd/atob/atob.gyp
new file mode 100644
index 0000000..af972c2
--- /dev/null
+++ b/nss/cmd/atob/atob.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'atob',
+      'type': 'executable',
+      'sources': [
+        'atob.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/atob/manifest.mn b/nss/cmd/atob/manifest.mn
new file mode 100644
index 0000000..5d822b9
--- /dev/null
+++ b/nss/cmd/atob/manifest.mn
@@ -0,0 +1,22 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = atob.c
+
+PROGRAM	= atob
+
diff --git a/nss/cmd/benchmark/.gitignore b/nss/cmd/benchmark/.gitignore
new file mode 100644
index 0000000..f1d55a6
--- /dev/null
+++ b/nss/cmd/benchmark/.gitignore
@@ -0,0 +1,2 @@
+.cproject
+
diff --git a/nss/cmd/benchmark/Makefile b/nss/cmd/benchmark/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/benchmark/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/benchmark/README.md b/nss/cmd/benchmark/README.md
new file mode 100644
index 0000000..7f511f2
--- /dev/null
+++ b/nss/cmd/benchmark/README.md
@@ -0,0 +1,5 @@
+tool to send http GET requests to a server requesting files 10.txt, ..., 10000000.txt
+run as e.g.
+`./benchmark localhost 4242 | grep -v 'HUBI' | grep -v "Message Hash" | grep -v "New Hash Chain Value"`
+
+to get a csv output, where the first column is the file size and the other columns are the time in seconds from sending the request to receiving the full response
diff --git a/nss/cmd/benchmark/client_db b/nss/cmd/benchmark/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/benchmark/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/benchmark/main.c b/nss/cmd/benchmark/main.c
new file mode 100644
index 0000000..2823f23
--- /dev/null
+++ b/nss/cmd/benchmark/main.c
@@ -0,0 +1,247 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include <pk11func.h>
+#include <time.h>
+#include "tlsproofstr.h"
+
+#define SHA_256_LENGTH 32
+#define RUNS 100
+
+/*Error handler*/
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+	exit(1);
+}
+
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+	printf("Pass retrieved \n");
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+
+
+//*
+SECStatus fetchTLSProofCallBack(unsigned char *proof, unsigned int length){
+	printf("Got proof of size: %i\n", length);
+	if(SSL_TLSProofCheckProof(proof, length) == SECSuccess){
+		printf("Proof successfully verified!\n");
+	} else {
+		printf("Proof is incorrect\n");
+	}		
+	return SECSuccess;
+}
+// */
+
+
+int main(int argc, char *argv[])
+{
+    PRFileDesc* socketfd = NULL;
+    PRHostEnt host;
+    PRNetAddr addr;
+    SECStatus rv;
+    PRStatus pr;
+    char buffer[65536];
+    char buffParam[256];
+    int n;
+    int extension_on;
+    PRSocketOptionData  socketOption;
+    SSLVersionRange ver;
+    
+    // 3 arguments are necessary for the client
+    if(argc < 4){
+        error("Specify host, port and whether the extension is on (1) or off (0)");
+    }
+    extension_on = atoi(argv[3]);
+    //Set the password callback
+    PK11_SetPasswordFunc(getPwd);
+    
+    //Init
+    rv = NSS_Init("../client_db");
+    if(rv != SECSuccess) error("NSS_Init");
+    
+    int response_size = 10;
+    for(int i=0 ; i < 7 ; i++)
+    {
+        //Open
+        socketfd = PR_OpenTCPSocket(PR_AF_INET);
+        if (socketfd == NULL) error("PR_OpenTCPSocket");
+    
+    
+        //Set socket option
+        socketOption.option = PR_SockOpt_Nonblocking;
+        socketOption.value.non_blocking = PR_FALSE;
+        pr = PR_SetSocketOption(socketfd, &socketOption);
+        if (pr != PR_SUCCESS) error("PR_SetSocketOption");
+    
+        //Import
+        socketfd = SSL_ImportFD(NULL, socketfd);
+        if (socketfd == NULL) error("SSL_ImportFD");
+    
+        //Set server mode
+        rv = SSL_OptionSet(socketfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+        if(rv != SECSuccess) error("SSL_OptionSet, SSL_HANDSHAKE_AS_CLIENT ");
+    
+        if (extension_on) {
+        //Enable TLS Proof extension for non-repudiation
+            rv = SSL_OptionSet(socketfd, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+            if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+            fprintf(stderr, "TLS-N enabled\n");
+            //Set the proof return callback
+            rv = SSL_TLSProofSetReturnCallBack(socketfd, fetchTLSProofCallBack, hidden_plaintext_proof);
+            if(rv != SECSuccess) error("SLL_TLSProofSetReturnCallBack");
+        } else {
+            rv = SSL_OptionSet(socketfd, SSL_ENABLE_TLS_PROOF, PR_FALSE);
+            if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+            fprintf(stderr, "TLS-N disabled\n");
+        }
+    
+        //Set url for authentication
+        rv = SSL_SetURL(socketfd, "tls-n.testserver");
+        if(rv != SECSuccess) error("SSL_SetURL");
+    
+        //Force TLS 1.3
+        ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+        ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+        rv = SSL_VersionRangeSet(socketfd,&ver);
+        if(rv != SECSuccess) error("SSL_VersionRangeSet");
+    
+        //Get host
+        pr = PR_GetHostByName(argv[1],buffParam,256,&host);
+        if (pr != PR_SUCCESS) error("PR_GetHostByName");
+        rv = PR_EnumerateHostEnt(0, &host, atoi(argv[2]), &addr);
+        if(rv < 0) error("PR_EnumerateHostEnt");
+    
+        //Connect
+        pr = PR_Connect(socketfd, &addr, PR_INTERVAL_NO_TIMEOUT);
+        if(pr != PR_SUCCESS) error("PR_Connect");
+    
+        PRBool val = PR_FALSE;
+
+        //Send one request to establish session
+        snprintf(buffer, sizeof(buffer), "GET /%d.txt HTTP/1.1\nHost: tls-n.testserver\n\n", response_size);
+        n = PR_Write(socketfd,buffer,strlen(buffer));
+        if (n < 0) {
+            error("ERROR writing to socket");
+        }
+        
+        //See if the negotiation of TLS proof was successful
+        rv = SSL_TLSProofIsNegociated(socketfd,&val);
+        if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+        
+        //Get the TLS version used
+        rv = SSL_VersionRangeGet(socketfd,&ver);
+        if(rv != SECSuccess) error("SSL_VersionRangeGet");
+        
+        //Read an incoming message
+        char current = '\0';
+        char last = '\0';
+        int header_size = 0;
+        while (!(current=='\n' && last=='\n')) {
+            if (current != '\r') {
+                last = current;
+            }
+            n = PR_Read(socketfd,&current,1);
+            //printf("%x ",current);
+            header_size++;
+            if (n<=0) break;
+        }
+        n = 0;
+        int n_read = 1; 
+        while (n < response_size && n_read > 0) {
+            bzero(buffer,sizeof(buffer));
+            n_read = PR_Read(socketfd,buffer,sizeof(buffer));
+            n += n_read;
+        }
+        if (n < 0){
+            error("ERROR reading from socket");
+        }
+        if (n == 0){
+            error("socket closed prematurely");
+        }
+        //printf("\nheader size: %d\n", header_size);
+        double times[RUNS];
+        for (int j=0; j<RUNS; j++){
+            
+            /* sleep */
+            struct timespec sleep_time;
+            struct timespec rem;
+            sleep_time.tv_sec = (i>=6);
+            sleep_time.tv_nsec = 100000000;
+            nanosleep(&sleep_time, &rem);
+    
+            snprintf(buffer, sizeof(buffer), "GET /%d.txt HTTP/1.1\nHost: tls-n.testserver\n\n", response_size);
+            
+            struct timespec start;
+            clock_gettime(CLOCK_REALTIME, &start);
+            //Send request
+            n = PR_Write(socketfd,buffer,strlen(buffer));
+            if (n < 0) {
+                error("ERROR writing to socket");
+                    }
+        
+            //Read an incoming message
+            current = '\0';
+            last = '\0';
+            while (!(current=='\n' && last=='\n')) {
+                if (current != '\r') {
+                    last = current;
+                }
+                n = PR_Read(socketfd,&current,1);
+                if (n<=0) break;
+            }
+            n = 0;
+            n_read = 1; 
+            while (n < response_size && n_read > 0) {
+                bzero(buffer,sizeof(buffer));
+                n_read = PR_Read(socketfd,buffer,sizeof(buffer));
+                n += n_read;
+                //printf("%d\n",n);
+            }
+            if (n_read == 0){
+                error("socket closed prematurely");
+            }
+            if (n_read < 0){
+                printf("response_size: %d\trun: %d\n",response_size, j);
+                error("ERROR reading from socket");
+            }
+            //printf("\n");
+            struct timespec end;
+            clock_gettime(CLOCK_REALTIME, &end);
+            long long diff = (end.tv_sec - start.tv_sec)*1000000000 + end.tv_nsec - start.tv_nsec;
+            double diff_s = ((double) diff)/1000000000.0;
+            times[j] = diff_s;
+            //printf("Time: %f seconds", diff_s);
+    
+        }
+        printf("%d", response_size);
+        for(int j=0;j<RUNS;j++) {
+            printf(", %f", times[j]);
+        }
+        printf("\n");
+        fflush(stdout);
+        response_size = response_size*10;
+        PR_Close(socketfd);
+    }
+    return 0;
+}
+
diff --git a/nss/cmd/benchmark/manifest.mn b/nss/cmd/benchmark/manifest.mn
new file mode 100644
index 0000000..eabfefa
--- /dev/null
+++ b/nss/cmd/benchmark/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= benchmark
+
diff --git a/nss/cmd/benchmark/messages.txt b/nss/cmd/benchmark/messages.txt
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/Makefile b/nss/cmd/bltest/Makefile
new file mode 100644
index 0000000..a5e83ef
--- /dev/null
+++ b/nss/cmd/bltest/Makefile
@@ -0,0 +1,54 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \
+#	-always-use-cache-dir $(CC)
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#EXTRA_SHARED_LIBS += \
+#	-L/usr/lib \
+#	-lposix4 \
+#	$(NULL)
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/bltest/blapitest.c b/nss/cmd/bltest/blapitest.c
new file mode 100644
index 0000000..a3a162d
--- /dev/null
+++ b/nss/cmd/bltest/blapitest.c
@@ -0,0 +1,4234 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "blapi.h"
+#include "secrng.h"
+#include "prmem.h"
+#include "prprf.h"
+#include "prtime.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "nssb64.h"
+#include "basicutil.h"
+#include "plgetopt.h"
+#include "softoken.h"
+#include "nspr.h"
+#include "secport.h"
+#include "secoid.h"
+#include "nssutil.h"
+
+#include "pkcs1_vectors.h"
+
+#ifndef NSS_DISABLE_ECC
+#include "ecl-curve.h"
+SECStatus EC_DecodeParams(const SECItem *encodedParams,
+                          ECParams **ecparams);
+SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                        const ECParams *srcParams);
+#endif
+
+char *progName;
+char *testdir = NULL;
+
+#define BLTEST_DEFAULT_CHUNKSIZE 4096
+
+#define WORDSIZE sizeof(unsigned long)
+
+#define CHECKERROR(rv, ln)                                               \
+    if (rv) {                                                            \
+        PRErrorCode prerror = PR_GetError();                             \
+        PR_fprintf(PR_STDERR, "%s: ERR %d (%s) at line %d.\n", progName, \
+                   prerror, PORT_ErrorToString(prerror), ln);            \
+        exit(-1);                                                        \
+    }
+
+/* Macros for performance timing. */
+#define TIMESTART() \
+    time1 = PR_IntervalNow();
+
+#define TIMEFINISH(time, reps)                          \
+    time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \
+    time1 = PR_IntervalToMilliseconds(time2);           \
+    time = ((double)(time1)) / reps;
+
+#define TIMEMARK(seconds)                      \
+    time1 = PR_SecondsToInterval(seconds);     \
+    {                                          \
+        PRInt64 tmp;                           \
+        if (time2 == 0) {                      \
+            time2 = 1;                         \
+        }                                      \
+        LL_DIV(tmp, time1, time2);             \
+        if (tmp < 10) {                        \
+            if (tmp == 0) {                    \
+                opsBetweenChecks = 1;          \
+            } else {                           \
+                LL_L2I(opsBetweenChecks, tmp); \
+            }                                  \
+        } else {                               \
+            opsBetweenChecks = 10;             \
+        }                                      \
+    }                                          \
+    time2 = time1;                             \
+    time1 = PR_IntervalNow();
+
+#define TIMETOFINISH() \
+    PR_IntervalNow() - time1 >= time2
+
+static void
+Usage()
+{
+#define PRINTUSAGE(subject, option, predicate) \
+    fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate);
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "[-DEHSVR]", "List available cipher modes"); /* XXX */
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-E -m mode ", "Encrypt a buffer");
+    PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
+    PRINTUSAGE("", "", "[-b bufsize] [-g keysize] [-e exp] [-r rounds]");
+    PRINTUSAGE("", "", "[-w wordsize] [-p repetitions | -5 time_interval]");
+    PRINTUSAGE("", "", "[-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for output buffer");
+    PRINTUSAGE("", "-k", "file which contains key");
+    PRINTUSAGE("", "-v", "file which contains initialization vector");
+    PRINTUSAGE("", "-b", "size of input buffer");
+    PRINTUSAGE("", "-g", "key size (in bytes)");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+    PRINTUSAGE("", "--aad", "File with contains additional auth data");
+    PRINTUSAGE("(rsa)", "-e", "rsa public exponent");
+    PRINTUSAGE("(rc5)", "-r", "number of rounds");
+    PRINTUSAGE("(rc5)", "-w", "wordsize (32 or 64)");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-D -m mode", "Decrypt a buffer");
+    PRINTUSAGE("", "", "[-i plaintext] [-o ciphertext] [-k key] [-v iv]");
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for output buffer");
+    PRINTUSAGE("", "-k", "file which contains key");
+    PRINTUSAGE("", "-v", "file which contains initialization vector");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+    PRINTUSAGE("", "--aad", "File with contains additional auth data");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-H -m mode", "Hash a buffer");
+    PRINTUSAGE("", "", "[-i plaintext] [-o hash]");
+    PRINTUSAGE("", "", "[-b bufsize]");
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for hash");
+    PRINTUSAGE("", "-b", "size of input buffer");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-S -m mode", "Sign a buffer");
+    PRINTUSAGE("", "", "[-i plaintext] [-o signature] [-k key]");
+    PRINTUSAGE("", "", "[-b bufsize]");
+#ifndef NSS_DISABLE_ECC
+    PRINTUSAGE("", "", "[-n curvename]");
+#endif
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-o", "file for signature");
+    PRINTUSAGE("", "-k", "file which contains key");
+#ifndef NSS_DISABLE_ECC
+    PRINTUSAGE("", "-n", "name of curve for EC key generation; one of:");
+    PRINTUSAGE("", "", "  nistp256, nistp384, nistp521");
+#endif
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-V -m mode", "Verify a signed buffer");
+    PRINTUSAGE("", "", "[-i plaintext] [-s signature] [-k key]");
+    PRINTUSAGE("", "", "[-p repetitions | -5 time_interval] [-4 th_num]");
+    PRINTUSAGE("", "-m", "cipher mode to use");
+    PRINTUSAGE("", "-i", "file which contains input buffer");
+    PRINTUSAGE("", "-s", "file which contains signature of input buffer");
+    PRINTUSAGE("", "-k", "file which contains key");
+    PRINTUSAGE("", "-p", "do performance test");
+    PRINTUSAGE("", "-4", "run test in multithread mode. th_num number of parallel threads");
+    PRINTUSAGE("", "-5", "run test for specified time interval(in seconds)");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-N -m mode -b bufsize",
+               "Create a nonce plaintext and key");
+    PRINTUSAGE("", "", "[-g keysize] [-u cxreps]");
+    PRINTUSAGE("", "-g", "key size (in bytes)");
+    PRINTUSAGE("", "-u", "number of repetitions of context creation");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-R [-g keysize] [-e exp]",
+               "Test the RSA populate key function");
+    PRINTUSAGE("", "", "[-r repetitions]");
+    PRINTUSAGE("", "-g", "key size (in bytes)");
+    PRINTUSAGE("", "-e", "rsa public exponent");
+    PRINTUSAGE("", "-r", "repetitions of the test");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-F", "Run the FIPS self-test");
+    fprintf(stderr, "\n");
+    PRINTUSAGE(progName, "-T [-m mode1,mode2...]", "Run the BLAPI self-test");
+    fprintf(stderr, "\n");
+    exit(1);
+}
+
+/*  Helper functions for ascii<-->binary conversion/reading/writing */
+
+/* XXX argh */
+struct item_with_arena {
+    SECItem *item;
+    PLArenaPool *arena;
+};
+
+static PRInt32
+get_binary(void *arg, const unsigned char *ibuf, PRInt32 size)
+{
+    struct item_with_arena *it = arg;
+    SECItem *binary = it->item;
+    SECItem *tmp;
+    int index;
+    if (binary->data == NULL) {
+        tmp = SECITEM_AllocItem(it->arena, NULL, size);
+        binary->data = tmp->data;
+        binary->len = tmp->len;
+        index = 0;
+    } else {
+        SECITEM_ReallocItem(NULL, binary, binary->len, binary->len + size);
+        index = binary->len;
+    }
+    PORT_Memcpy(&binary->data[index], ibuf, size);
+    return binary->len;
+}
+
+static SECStatus
+atob(SECItem *ascii, SECItem *binary, PLArenaPool *arena)
+{
+    SECStatus status;
+    NSSBase64Decoder *cx;
+    struct item_with_arena it;
+    int len;
+    binary->data = NULL;
+    binary->len = 0;
+    it.item = binary;
+    it.arena = arena;
+    len = (strncmp((const char *)&ascii->data[ascii->len - 2], "\r\n", 2)) ? ascii->len
+                                                                           : ascii->len - 2;
+    cx = NSSBase64Decoder_Create(get_binary, &it);
+    status = NSSBase64Decoder_Update(cx, (const char *)ascii->data, len);
+    status = NSSBase64Decoder_Destroy(cx, PR_FALSE);
+    return status;
+}
+
+static PRInt32
+output_ascii(void *arg, const char *obuf, PRInt32 size)
+{
+    PRFileDesc *outfile = arg;
+    PRInt32 nb = PR_Write(outfile, obuf, size);
+    if (nb != size) {
+        PORT_SetError(SEC_ERROR_IO);
+        return -1;
+    }
+    return nb;
+}
+
+static SECStatus
+btoa_file(SECItem *binary, PRFileDesc *outfile)
+{
+    SECStatus status;
+    NSSBase64Encoder *cx;
+    if (binary->len == 0)
+        return SECSuccess;
+    cx = NSSBase64Encoder_Create(output_ascii, outfile);
+    status = NSSBase64Encoder_Update(cx, binary->data, binary->len);
+    status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
+    status = PR_Write(outfile, "\r\n", 2);
+    return status;
+}
+
+SECStatus
+hex_from_2char(unsigned char *c2, unsigned char *byteval)
+{
+    int i;
+    unsigned char offset;
+    *byteval = 0;
+    for (i = 0; i < 2; i++) {
+        if (c2[i] >= '0' && c2[i] <= '9') {
+            offset = c2[i] - '0';
+            *byteval |= offset << 4 * (1 - i);
+        } else if (c2[i] >= 'a' && c2[i] <= 'f') {
+            offset = c2[i] - 'a';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else if (c2[i] >= 'A' && c2[i] <= 'F') {
+            offset = c2[i] - 'A';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+char2_from_hex(unsigned char byteval, char *c2)
+{
+    int i;
+    unsigned char offset;
+    for (i = 0; i < 2; i++) {
+        offset = (byteval >> 4 * (1 - i)) & 0x0f;
+        if (offset < 10) {
+            c2[i] = '0' + offset;
+        } else {
+            c2[i] = 'A' + offset - 10;
+        }
+    }
+    return SECSuccess;
+}
+
+void
+serialize_key(SECItem *it, int ni, PRFileDesc *file)
+{
+    unsigned char len[4];
+    int i;
+    NSSBase64Encoder *cx;
+    cx = NSSBase64Encoder_Create(output_ascii, file);
+    for (i = 0; i < ni; i++, it++) {
+        len[0] = (it->len >> 24) & 0xff;
+        len[1] = (it->len >> 16) & 0xff;
+        len[2] = (it->len >> 8) & 0xff;
+        len[3] = (it->len & 0xff);
+        NSSBase64Encoder_Update(cx, len, 4);
+        NSSBase64Encoder_Update(cx, it->data, it->len);
+    }
+    NSSBase64Encoder_Destroy(cx, PR_FALSE);
+    PR_Write(file, "\r\n", 2);
+}
+
+void
+key_from_filedata(PLArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
+{
+    int fpos = 0;
+    int i, len;
+    unsigned char *buf = filedata->data;
+    for (i = 0; i < ni; i++) {
+        len = (buf[fpos++] & 0xff) << 24;
+        len |= (buf[fpos++] & 0xff) << 16;
+        len |= (buf[fpos++] & 0xff) << 8;
+        len |= (buf[fpos++] & 0xff);
+        if (ns <= i) {
+            if (len > 0) {
+                it->len = len;
+                it->data = PORT_ArenaAlloc(arena, it->len);
+                PORT_Memcpy(it->data, &buf[fpos], it->len);
+            } else {
+                it->len = 0;
+                it->data = NULL;
+            }
+            it++;
+        }
+        fpos += len;
+    }
+}
+
+static RSAPrivateKey *
+rsakey_from_filedata(PLArenaPool *arena, SECItem *filedata)
+{
+    RSAPrivateKey *key;
+    key = (RSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(RSAPrivateKey));
+    key->arena = arena;
+    key_from_filedata(arena, &key->version, 0, 9, filedata);
+    return key;
+}
+
+static PQGParams *
+pqg_from_filedata(PLArenaPool *arena, SECItem *filedata)
+{
+    PQGParams *pqg;
+    pqg = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
+    pqg->arena = arena;
+    key_from_filedata(arena, &pqg->prime, 0, 3, filedata);
+    return pqg;
+}
+
+static DSAPrivateKey *
+dsakey_from_filedata(PLArenaPool *arena, SECItem *filedata)
+{
+    DSAPrivateKey *key;
+    key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
+    key->params.arena = arena;
+    key_from_filedata(arena, &key->params.prime, 0, 5, filedata);
+    return key;
+}
+
+#ifndef NSS_DISABLE_ECC
+static ECPrivateKey *
+eckey_from_filedata(PLArenaPool *arena, SECItem *filedata)
+{
+    ECPrivateKey *key;
+    SECStatus rv;
+    ECParams *tmpECParams = NULL;
+    key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
+    /* read and convert params */
+    key->ecParams.arena = arena;
+    key_from_filedata(arena, &key->ecParams.DEREncoding, 0, 1, filedata);
+    rv = SECOID_Init();
+    CHECKERROR(rv, __LINE__);
+    rv = EC_DecodeParams(&key->ecParams.DEREncoding, &tmpECParams);
+    CHECKERROR(rv, __LINE__);
+    rv = EC_CopyParams(key->ecParams.arena, &key->ecParams, tmpECParams);
+    CHECKERROR(rv, __LINE__);
+    rv = SECOID_Shutdown();
+    CHECKERROR(rv, __LINE__);
+    PORT_FreeArena(tmpECParams->arena, PR_TRUE);
+    /* read key */
+    key_from_filedata(arena, &key->publicValue, 1, 3, filedata);
+    return key;
+}
+
+typedef struct curveNameTagPairStr {
+    char *curveName;
+    SECOidTag curveOidTag;
+} CurveNameTagPair;
+
+static CurveNameTagPair nameTagPair[] =
+    {
+      { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
+      { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
+      { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
+      { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
+      { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
+      { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
+      { "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
+      { "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
+      { "nistk233", SEC_OID_SECG_EC_SECT233K1 },
+      { "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
+      { "nistb233", SEC_OID_SECG_EC_SECT233R1 },
+      { "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
+      { "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
+      { "nistk283", SEC_OID_SECG_EC_SECT283K1 },
+      { "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
+      { "nistb283", SEC_OID_SECG_EC_SECT283R1 },
+      { "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
+      { "nistk409", SEC_OID_SECG_EC_SECT409K1 },
+      { "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
+      { "nistb409", SEC_OID_SECG_EC_SECT409R1 },
+      { "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
+      { "nistk571", SEC_OID_SECG_EC_SECT571K1 },
+      { "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
+      { "nistb571", SEC_OID_SECG_EC_SECT571R1 },
+      { "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
+      { "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
+      { "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
+      { "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
+      { "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
+      { "nistp192", SEC_OID_SECG_EC_SECP192R1 },
+      { "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
+      { "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
+      { "nistp224", SEC_OID_SECG_EC_SECP224R1 },
+      { "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
+      { "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
+      { "nistp256", SEC_OID_SECG_EC_SECP256R1 },
+      { "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
+      { "nistp384", SEC_OID_SECG_EC_SECP384R1 },
+      { "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
+      { "nistp521", SEC_OID_SECG_EC_SECP521R1 },
+
+      { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+      { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+      { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+      { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+      { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+      { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+
+      { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+      { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+      { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+      { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+      { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+      { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+      { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+      { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+      { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+      { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+      { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+      { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+      { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+      { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+      { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+      { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+      { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+      { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+      { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+      { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+      { "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
+      { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
+      { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
+      { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
+
+      { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
+      { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
+      { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
+      { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+      { "curve25519", SEC_OID_CURVE25519 },
+    };
+
+static SECItem *
+getECParams(const char *curve)
+{
+    SECItem *ecparams;
+    SECOidData *oidData = NULL;
+    SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
+    int i, numCurves;
+
+    if (curve != NULL) {
+        numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
+        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
+             i++) {
+            if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+                curveOidTag = nameTagPair[i].curveOidTag;
+        }
+    }
+
+    /* Return NULL if curve name is not recognized */
+    if ((curveOidTag == SEC_OID_UNKNOWN) ||
+        (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
+        fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
+        return NULL;
+    }
+
+    ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
+
+    /*
+     * ecparams->data needs to contain the ASN encoding of an object ID (OID)
+     * representing the named curve. The actual OID is in
+     * oidData->oid.data so we simply prepend 0x06 and OID length
+     */
+    ecparams->data[0] = SEC_ASN1_OBJECT_ID;
+    ecparams->data[1] = oidData->oid.len;
+    memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
+
+    return ecparams;
+}
+#endif /* NSS_DISABLE_ECC */
+
+static void
+dump_pqg(PQGParams *pqg)
+{
+    SECU_PrintInteger(stdout, &pqg->prime, "PRIME:", 0);
+    SECU_PrintInteger(stdout, &pqg->subPrime, "SUBPRIME:", 0);
+    SECU_PrintInteger(stdout, &pqg->base, "BASE:", 0);
+}
+
+static void
+dump_dsakey(DSAPrivateKey *key)
+{
+    dump_pqg(&key->params);
+    SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0);
+    SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
+}
+
+#ifndef NSS_DISABLE_ECC
+static void
+dump_ecp(ECParams *ecp)
+{
+    /* TODO other fields */
+    SECU_PrintInteger(stdout, &ecp->base, "BASE POINT:", 0);
+}
+
+static void
+dump_eckey(ECPrivateKey *key)
+{
+    dump_ecp(&key->ecParams);
+    SECU_PrintInteger(stdout, &key->publicValue, "PUBLIC VALUE:", 0);
+    SECU_PrintInteger(stdout, &key->privateValue, "PRIVATE VALUE:", 0);
+}
+#endif
+
+static void
+dump_rsakey(RSAPrivateKey *key)
+{
+    SECU_PrintInteger(stdout, &key->version, "VERSION:", 0);
+    SECU_PrintInteger(stdout, &key->modulus, "MODULUS:", 0);
+    SECU_PrintInteger(stdout, &key->publicExponent, "PUBLIC EXP:", 0);
+    SECU_PrintInteger(stdout, &key->privateExponent, "PRIVATE EXP:", 0);
+    SECU_PrintInteger(stdout, &key->prime1, "CRT PRIME 1:", 0);
+    SECU_PrintInteger(stdout, &key->prime2, "CRT PRIME 2:", 0);
+    SECU_PrintInteger(stdout, &key->exponent1, "CRT EXP 1:", 0);
+    SECU_PrintInteger(stdout, &key->exponent2, "CRT EXP 2:", 0);
+    SECU_PrintInteger(stdout, &key->coefficient, "CRT COEFFICIENT:", 0);
+}
+
+typedef enum {
+    bltestBase64Encoded, /* Base64 encoded ASCII */
+    bltestBinary,        /* straight binary */
+    bltestHexSpaceDelim, /* 0x12 0x34 0xab 0xCD ... */
+    bltestHexStream      /* 1234abCD ... */
+} bltestIOMode;
+
+typedef struct
+{
+    SECItem buf;
+    SECItem pBuf;
+    bltestIOMode mode;
+    PRFileDesc *file;
+} bltestIO;
+
+typedef SECStatus (*bltestSymmCipherFn)(void *cx,
+                                        unsigned char *output,
+                                        unsigned int *outputLen,
+                                        unsigned int maxOutputLen,
+                                        const unsigned char *input,
+                                        unsigned int inputLen);
+
+typedef SECStatus (*bltestAEADFn)(void *cx,
+                                  unsigned char *output,
+                                  unsigned int *outputLen,
+                                  unsigned int maxOutputLen,
+                                  const unsigned char *input,
+                                  unsigned int inputLen,
+                                  const unsigned char *nonce,
+                                  unsigned int nonceLen,
+                                  const unsigned char *ad,
+                                  unsigned int adLen);
+
+typedef SECStatus (*bltestPubKeyCipherFn)(void *key,
+                                          SECItem *output,
+                                          const SECItem *input);
+
+typedef SECStatus (*bltestHashCipherFn)(unsigned char *dest,
+                                        const unsigned char *src,
+                                        PRUint32 src_length);
+
+/* Note: Algorithms are grouped in order to support is_symmkeyCipher /
+ * is_pubkeyCipher / is_hashCipher / is_sigCipher
+ */
+typedef enum {
+    bltestINVALID = -1,
+    bltestDES_ECB,     /* Symmetric Key Ciphers */
+    bltestDES_CBC,     /* .            */
+    bltestDES_EDE_ECB, /* .            */
+    bltestDES_EDE_CBC, /* .            */
+    bltestRC2_ECB,     /* .            */
+    bltestRC2_CBC,     /* .            */
+    bltestRC4,         /* .            */
+#ifdef NSS_SOFTOKEN_DOES_RC5
+    bltestRC5_ECB, /* .            */
+    bltestRC5_CBC, /* .            */
+#endif
+    bltestAES_ECB,      /* .                     */
+    bltestAES_CBC,      /* .                     */
+    bltestAES_CTS,      /* .                     */
+    bltestAES_CTR,      /* .                     */
+    bltestAES_GCM,      /* .                     */
+    bltestCAMELLIA_ECB, /* .                     */
+    bltestCAMELLIA_CBC, /* .                     */
+    bltestSEED_ECB,     /* SEED algorithm      */
+    bltestSEED_CBC,     /* SEED algorithm      */
+    bltestCHACHA20,     /* ChaCha20 + Poly1305   */
+    bltestRSA,          /* Public Key Ciphers    */
+    bltestRSA_OAEP,     /* . (Public Key Enc.)   */
+    bltestRSA_PSS,      /* . (Public Key Sig.)   */
+#ifndef NSS_DISABLE_ECC
+    bltestECDSA, /* . (Public Key Sig.)   */
+#endif
+    bltestDSA,    /* . (Public Key Sig.)   */
+    bltestMD2,    /* Hash algorithms       */
+    bltestMD5,    /* .             */
+    bltestSHA1,   /* .             */
+    bltestSHA224, /* .             */
+    bltestSHA256, /* .             */
+    bltestSHA384, /* .             */
+    bltestSHA512, /* .             */
+    NUMMODES
+} bltestCipherMode;
+
+static char *mode_strings[] =
+    {
+      "des_ecb",
+      "des_cbc",
+      "des3_ecb",
+      "des3_cbc",
+      "rc2_ecb",
+      "rc2_cbc",
+      "rc4",
+#ifdef NSS_SOFTOKEN_DOES_RC5
+      "rc5_ecb",
+      "rc5_cbc",
+#endif
+      "aes_ecb",
+      "aes_cbc",
+      "aes_cts",
+      "aes_ctr",
+      "aes_gcm",
+      "camellia_ecb",
+      "camellia_cbc",
+      "seed_ecb",
+      "seed_cbc",
+      "chacha20_poly1305",
+      "rsa",
+      "rsa_oaep",
+      "rsa_pss",
+#ifndef NSS_DISABLE_ECC
+      "ecdsa",
+#endif
+      /*"pqg",*/
+      "dsa",
+      "md2",
+      "md5",
+      "sha1",
+      "sha224",
+      "sha256",
+      "sha384",
+      "sha512",
+    };
+
+typedef struct
+{
+    bltestIO key;
+    bltestIO iv;
+} bltestSymmKeyParams;
+
+typedef struct
+{
+    bltestSymmKeyParams sk; /* must be first */
+    bltestIO aad;
+} bltestAuthSymmKeyParams;
+
+typedef struct
+{
+    bltestIO key;
+    bltestIO iv;
+    int rounds;
+    int wordsize;
+} bltestRC5Params;
+
+typedef struct
+{
+    bltestIO key;
+    int keysizeInBits;
+
+    /* OAEP & PSS */
+    HASH_HashType hashAlg;
+    HASH_HashType maskHashAlg;
+    bltestIO seed; /* salt if PSS */
+} bltestRSAParams;
+
+typedef struct
+{
+    bltestIO pqgdata;
+    unsigned int keysize;
+    bltestIO keyseed;
+    bltestIO sigseed;
+    PQGParams *pqg;
+} bltestDSAParams;
+
+#ifndef NSS_DISABLE_ECC
+typedef struct
+{
+    char *curveName;
+    bltestIO sigseed;
+} bltestECDSAParams;
+#endif
+
+typedef struct
+{
+    bltestIO key;
+    void *privKey;
+    void *pubKey;
+    bltestIO sig; /* if doing verify, the signature (which may come
+                   * from sigfile. */
+
+    union {
+        bltestRSAParams rsa;
+        bltestDSAParams dsa;
+#ifndef NSS_DISABLE_ECC
+        bltestECDSAParams ecdsa;
+#endif
+    } cipherParams;
+} bltestAsymKeyParams;
+
+typedef struct
+{
+    bltestIO key; /* unused */
+    PRBool restart;
+} bltestHashParams;
+
+typedef union {
+    bltestIO key;
+    bltestSymmKeyParams sk;
+    bltestAuthSymmKeyParams ask;
+    bltestRC5Params rc5;
+    bltestAsymKeyParams asymk;
+    bltestHashParams hash;
+} bltestParams;
+
+typedef struct bltestCipherInfoStr bltestCipherInfo;
+
+struct bltestCipherInfoStr {
+    PLArenaPool *arena;
+    /* link to next in multithreaded test */
+    bltestCipherInfo *next;
+    PRThread *cipherThread;
+
+    /* MonteCarlo test flag*/
+    PRBool mCarlo;
+    /* cipher context */
+    void *cx;
+    /* I/O streams */
+    bltestIO input;
+    bltestIO output;
+    /* Cipher-specific parameters */
+    bltestParams params;
+    /* Cipher mode */
+    bltestCipherMode mode;
+    /* Cipher function (encrypt/decrypt/sign/verify/hash) */
+    union {
+        bltestSymmCipherFn symmkeyCipher;
+        bltestAEADFn aeadCipher;
+        bltestPubKeyCipherFn pubkeyCipher;
+        bltestHashCipherFn hashCipher;
+    } cipher;
+    /* performance testing */
+    int repetitionsToPerfom;
+    int seconds;
+    int repetitions;
+    int cxreps;
+    double cxtime;
+    double optime;
+};
+
+PRBool
+is_symmkeyCipher(bltestCipherMode mode)
+{
+    /* change as needed! */
+    if (mode >= bltestDES_ECB && mode <= bltestSEED_CBC)
+        return PR_TRUE;
+    return PR_FALSE;
+}
+
+PRBool
+is_aeadCipher(bltestCipherMode mode)
+{
+    /* change as needed! */
+    switch (mode) {
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+PRBool
+is_authCipher(bltestCipherMode mode)
+{
+    /* change as needed! */
+    switch (mode) {
+        case bltestAES_GCM:
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+PRBool
+is_singleShotCipher(bltestCipherMode mode)
+{
+    /* change as needed! */
+    switch (mode) {
+        case bltestAES_GCM:
+        case bltestAES_CTS:
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+PRBool
+is_pubkeyCipher(bltestCipherMode mode)
+{
+    /* change as needed! */
+    if (mode >= bltestRSA && mode <= bltestDSA)
+        return PR_TRUE;
+    return PR_FALSE;
+}
+
+PRBool
+is_hashCipher(bltestCipherMode mode)
+{
+    /* change as needed! */
+    if (mode >= bltestMD2 && mode <= bltestSHA512)
+        return PR_TRUE;
+    return PR_FALSE;
+}
+
+PRBool
+is_sigCipher(bltestCipherMode mode)
+{
+    /* change as needed! */
+    if (mode >= bltestRSA_PSS && mode <= bltestDSA)
+        return PR_TRUE;
+    return PR_FALSE;
+}
+
+PRBool
+cipher_requires_IV(bltestCipherMode mode)
+{
+    /* change as needed! */
+    switch (mode) {
+        case bltestDES_CBC:
+        case bltestDES_EDE_CBC:
+        case bltestRC2_CBC:
+#ifdef NSS_SOFTOKEN_DOES_RC5
+        case bltestRC5_CBC:
+#endif
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestAES_GCM:
+        case bltestCAMELLIA_CBC:
+        case bltestSEED_CBC:
+        case bltestCHACHA20:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+SECStatus finishIO(bltestIO *output, PRFileDesc *file);
+
+SECStatus
+setupIO(PLArenaPool *arena, bltestIO *input, PRFileDesc *file,
+        char *str, int numBytes)
+{
+    SECStatus rv = SECSuccess;
+    SECItem fileData;
+    SECItem *in;
+    unsigned char *tok;
+    unsigned int i, j;
+    PRBool needToFreeFile = PR_FALSE;
+
+    if (file && (numBytes == 0 || file == PR_STDIN)) {
+        /* grabbing data from a file */
+        rv = SECU_FileToItem(&fileData, file);
+        if (rv != SECSuccess)
+            return SECFailure;
+        in = &fileData;
+        needToFreeFile = PR_TRUE;
+    } else if (str) {
+        /* grabbing data from command line */
+        fileData.data = (unsigned char *)str;
+        fileData.len = PL_strlen(str);
+        in = &fileData;
+    } else if (file) {
+        /* create nonce */
+        SECITEM_AllocItem(arena, &input->buf, numBytes);
+        RNG_GenerateGlobalRandomBytes(input->buf.data, numBytes);
+        return finishIO(input, file);
+    } else {
+        return SECFailure;
+    }
+
+    switch (input->mode) {
+        case bltestBase64Encoded:
+            if (in->len == 0) {
+                input->buf.data = NULL;
+                input->buf.len = 0;
+                break;
+            }
+            rv = atob(in, &input->buf, arena);
+            break;
+        case bltestBinary:
+            if (in->len == 0) {
+                input->buf.data = NULL;
+                input->buf.len = 0;
+                break;
+            }
+            if (in->data[in->len - 1] == '\n')
+                --in->len;
+            if (in->data[in->len - 1] == '\r')
+                --in->len;
+            rv = SECITEM_CopyItem(arena, &input->buf, in);
+            break;
+        case bltestHexSpaceDelim:
+            SECITEM_AllocItem(arena, &input->buf, in->len / 5);
+            for (i = 0, j = 0; i < in->len; i += 5, j++) {
+                tok = &in->data[i];
+                if (tok[0] != '0' || tok[1] != 'x' || tok[4] != ' ')
+                    /* bad hex token */
+                    break;
+
+                rv = hex_from_2char(&tok[2], input->buf.data + j);
+                if (rv)
+                    break;
+            }
+            break;
+        case bltestHexStream:
+            SECITEM_AllocItem(arena, &input->buf, in->len / 2);
+            for (i = 0, j = 0; i < in->len; i += 2, j++) {
+                tok = &in->data[i];
+                rv = hex_from_2char(tok, input->buf.data + j);
+                if (rv)
+                    break;
+            }
+            break;
+    }
+
+    if (needToFreeFile)
+        SECITEM_FreeItem(&fileData, PR_FALSE);
+    return rv;
+}
+
+SECStatus
+finishIO(bltestIO *output, PRFileDesc *file)
+{
+    SECStatus rv = SECSuccess;
+    PRInt32 nb;
+    unsigned char byteval;
+    SECItem *it;
+    char hexstr[5];
+    unsigned int i;
+    if (output->pBuf.len > 0) {
+        it = &output->pBuf;
+    } else {
+        it = &output->buf;
+    }
+    switch (output->mode) {
+        case bltestBase64Encoded:
+            rv = btoa_file(it, file);
+            break;
+        case bltestBinary:
+            nb = PR_Write(file, it->data, it->len);
+            rv = (nb == (PRInt32)it->len) ? SECSuccess : SECFailure;
+            break;
+        case bltestHexSpaceDelim:
+            hexstr[0] = '0';
+            hexstr[1] = 'x';
+            hexstr[4] = ' ';
+            for (i = 0; i < it->len; i++) {
+                byteval = it->data[i];
+                rv = char2_from_hex(byteval, hexstr + 2);
+                nb = PR_Write(file, hexstr, 5);
+                if (rv)
+                    break;
+            }
+            PR_Write(file, "\n", 1);
+            break;
+        case bltestHexStream:
+            for (i = 0; i < it->len; i++) {
+                byteval = it->data[i];
+                rv = char2_from_hex(byteval, hexstr);
+                if (rv)
+                    break;
+                nb = PR_Write(file, hexstr, 2);
+            }
+            PR_Write(file, "\n", 1);
+            break;
+    }
+    return rv;
+}
+
+SECStatus
+bltestCopyIO(PLArenaPool *arena, bltestIO *dest, bltestIO *src)
+{
+    if (SECITEM_CopyItem(arena, &dest->buf, &src->buf) != SECSuccess) {
+        return SECFailure;
+    }
+    if (src->pBuf.len > 0) {
+        dest->pBuf.len = src->pBuf.len;
+        dest->pBuf.data = dest->buf.data + (src->pBuf.data - src->buf.data);
+    }
+    dest->mode = src->mode;
+    dest->file = src->file;
+
+    return SECSuccess;
+}
+
+void
+misalignBuffer(PLArenaPool *arena, bltestIO *io, int off)
+{
+    ptrdiff_t offset = (ptrdiff_t)io->buf.data % WORDSIZE;
+    int length = io->buf.len;
+    if (offset != off) {
+        SECITEM_ReallocItemV2(arena, &io->buf, length + 2 * WORDSIZE);
+        /* offset may have changed? */
+        offset = (ptrdiff_t)io->buf.data % WORDSIZE;
+        if (offset != off) {
+            memmove(io->buf.data + off, io->buf.data, length);
+            io->pBuf.data = io->buf.data + off;
+            io->pBuf.len = length;
+        } else {
+            io->pBuf.data = io->buf.data;
+            io->pBuf.len = length;
+        }
+    } else {
+        io->pBuf.data = io->buf.data;
+        io->pBuf.len = length;
+    }
+}
+
+SECStatus
+des_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return DES_Encrypt((DESContext *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+des_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return DES_Decrypt((DESContext *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+rc2_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return RC2_Encrypt((RC2Context *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+rc2_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return RC2_Decrypt((RC2Context *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+rc4_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return RC4_Encrypt((RC4Context *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+rc4_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return RC4_Decrypt((RC4Context *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+aes_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return AES_Encrypt((AESContext *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+aes_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    return AES_Decrypt((AESContext *)cx, output, outputLen, maxOutputLen,
+                       input, inputLen);
+}
+
+SECStatus
+chacha20_poly1305_Encrypt(void *cx, unsigned char *output,
+                          unsigned int *outputLen, unsigned int maxOutputLen,
+                          const unsigned char *input, unsigned int inputLen,
+                          const unsigned char *nonce, unsigned int nonceLen,
+                          const unsigned char *ad, unsigned int adLen)
+{
+    return ChaCha20Poly1305_Seal((ChaCha20Poly1305Context *)cx, output,
+                                 outputLen, maxOutputLen, input, inputLen,
+                                 nonce, nonceLen, ad, adLen);
+}
+
+SECStatus
+chacha20_poly1305_Decrypt(void *cx, unsigned char *output,
+                          unsigned int *outputLen, unsigned int maxOutputLen,
+                          const unsigned char *input, unsigned int inputLen,
+                          const unsigned char *nonce, unsigned int nonceLen,
+                          const unsigned char *ad, unsigned int adLen)
+{
+    return ChaCha20Poly1305_Open((ChaCha20Poly1305Context *)cx, output,
+                                 outputLen, maxOutputLen, input, inputLen,
+                                 nonce, nonceLen, ad, adLen);
+}
+
+SECStatus
+camellia_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+                 unsigned int maxOutputLen, const unsigned char *input,
+                 unsigned int inputLen)
+{
+    return Camellia_Encrypt((CamelliaContext *)cx, output, outputLen,
+                            maxOutputLen,
+                            input, inputLen);
+}
+
+SECStatus
+camellia_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+                 unsigned int maxOutputLen, const unsigned char *input,
+                 unsigned int inputLen)
+{
+    return Camellia_Decrypt((CamelliaContext *)cx, output, outputLen,
+                            maxOutputLen,
+                            input, inputLen);
+}
+
+SECStatus
+seed_Encrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+             unsigned int maxOutputLen, const unsigned char *input,
+             unsigned int inputLen)
+{
+    return SEED_Encrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
+                        input, inputLen);
+}
+
+SECStatus
+seed_Decrypt(void *cx, unsigned char *output, unsigned int *outputLen,
+             unsigned int maxOutputLen, const unsigned char *input,
+             unsigned int inputLen)
+{
+    return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
+                        input, inputLen);
+}
+
+SECStatus
+rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey;
+    SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
+    if (rv == SECSuccess) {
+        output->len = pubKey->modulus.data[0] ? pubKey->modulus.len : pubKey->modulus.len - 1;
+    }
+    return rv;
+}
+
+SECStatus
+rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    RSAPrivateKey *privKey = (RSAPrivateKey *)params->privKey;
+    SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data);
+    if (rv == SECSuccess) {
+        output->len = privKey->modulus.data[0] ? privKey->modulus.len : privKey->modulus.len - 1;
+    }
+    return rv;
+}
+
+SECStatus
+rsa_signDigestPSS(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_SignPSS((RSAPrivateKey *)params->privKey,
+                       rsaParams->hashAlg,
+                       rsaParams->maskHashAlg,
+                       rsaParams->seed.buf.data,
+                       rsaParams->seed.buf.len,
+                       output->data, &output->len, output->len,
+                       input->data, input->len);
+}
+
+SECStatus
+rsa_verifyDigestPSS(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_CheckSignPSS((RSAPublicKey *)params->pubKey,
+                            rsaParams->hashAlg,
+                            rsaParams->maskHashAlg,
+                            rsaParams->seed.buf.len,
+                            output->data, output->len,
+                            input->data, input->len);
+}
+
+SECStatus
+rsa_encryptOAEP(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_EncryptOAEP((RSAPublicKey *)params->pubKey,
+                           rsaParams->hashAlg,
+                           rsaParams->maskHashAlg,
+                           NULL, 0,
+                           rsaParams->seed.buf.data,
+                           rsaParams->seed.buf.len,
+                           output->data, &output->len, output->len,
+                           input->data, input->len);
+}
+
+SECStatus
+rsa_decryptOAEP(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_DecryptOAEP((RSAPrivateKey *)params->privKey,
+                           rsaParams->hashAlg,
+                           rsaParams->maskHashAlg,
+                           NULL, 0,
+                           output->data, &output->len, output->len,
+                           input->data, input->len);
+}
+
+SECStatus
+dsa_signDigest(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    if (params->cipherParams.dsa.sigseed.buf.len > 0) {
+        return DSA_SignDigestWithSeed((DSAPrivateKey *)params->privKey,
+                                      output, input,
+                                      params->cipherParams.dsa.sigseed.buf.data);
+    }
+    return DSA_SignDigest((DSAPrivateKey *)params->privKey, output, input);
+}
+
+SECStatus
+dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
+}
+
+#ifndef NSS_DISABLE_ECC
+SECStatus
+ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    if (params->cipherParams.ecdsa.sigseed.buf.len > 0) {
+        return ECDSA_SignDigestWithSeed(
+            (ECPrivateKey *)params->privKey,
+            output, input,
+            params->cipherParams.ecdsa.sigseed.buf.data,
+            params->cipherParams.ecdsa.sigseed.buf.len);
+    }
+    return ECDSA_SignDigest((ECPrivateKey *)params->privKey, output, input);
+}
+
+SECStatus
+ecdsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    return ECDSA_VerifyDigest((ECPublicKey *)params->pubKey, output, input);
+}
+#endif
+
+SECStatus
+bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    PRIntervalTime time1, time2;
+    bltestSymmKeyParams *desp = &cipherInfo->params.sk;
+    int minorMode;
+    int i;
+    switch (cipherInfo->mode) {
+        case bltestDES_ECB:
+            minorMode = NSS_DES;
+            break;
+        case bltestDES_CBC:
+            minorMode = NSS_DES_CBC;
+            break;
+        case bltestDES_EDE_ECB:
+            minorMode = NSS_DES_EDE3;
+            break;
+        case bltestDES_EDE_CBC:
+            minorMode = NSS_DES_EDE3_CBC;
+            break;
+        default:
+            return SECFailure;
+    }
+    cipherInfo->cx = (void *)DES_CreateContext(desp->key.buf.data,
+                                               desp->iv.buf.data,
+                                               minorMode, encrypt);
+    if (cipherInfo->cxreps > 0) {
+        DESContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(DESContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)DES_CreateContext(desp->key.buf.data,
+                                                   desp->iv.buf.data,
+                                                   minorMode, encrypt);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            DES_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
+    }
+    if (encrypt)
+        cipherInfo->cipher.symmkeyCipher = des_Encrypt;
+    else
+        cipherInfo->cipher.symmkeyCipher = des_Decrypt;
+    return SECSuccess;
+}
+
+SECStatus
+bltest_rc2_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    PRIntervalTime time1, time2;
+    bltestSymmKeyParams *rc2p = &cipherInfo->params.sk;
+    int minorMode;
+    int i;
+    switch (cipherInfo->mode) {
+        case bltestRC2_ECB:
+            minorMode = NSS_RC2;
+            break;
+        case bltestRC2_CBC:
+            minorMode = NSS_RC2_CBC;
+            break;
+        default:
+            return SECFailure;
+    }
+    cipherInfo->cx = (void *)RC2_CreateContext(rc2p->key.buf.data,
+                                               rc2p->key.buf.len,
+                                               rc2p->iv.buf.data,
+                                               minorMode,
+                                               rc2p->key.buf.len);
+    if (cipherInfo->cxreps > 0) {
+        RC2Context **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC2Context *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)RC2_CreateContext(rc2p->key.buf.data,
+                                                   rc2p->key.buf.len,
+                                                   rc2p->iv.buf.data,
+                                                   minorMode,
+                                                   rc2p->key.buf.len);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            RC2_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
+    }
+    if (encrypt)
+        cipherInfo->cipher.symmkeyCipher = rc2_Encrypt;
+    else
+        cipherInfo->cipher.symmkeyCipher = rc2_Decrypt;
+    return SECSuccess;
+}
+
+SECStatus
+bltest_rc4_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    PRIntervalTime time1, time2;
+    int i;
+    bltestSymmKeyParams *rc4p = &cipherInfo->params.sk;
+    cipherInfo->cx = (void *)RC4_CreateContext(rc4p->key.buf.data,
+                                               rc4p->key.buf.len);
+    if (cipherInfo->cxreps > 0) {
+        RC4Context **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(RC4Context *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)RC4_CreateContext(rc4p->key.buf.data,
+                                                   rc4p->key.buf.len);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            RC4_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
+    }
+    if (encrypt)
+        cipherInfo->cipher.symmkeyCipher = rc4_Encrypt;
+    else
+        cipherInfo->cipher.symmkeyCipher = rc4_Decrypt;
+    return SECSuccess;
+}
+
+SECStatus
+bltest_rc5_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+#ifdef NSS_SOFTOKEN_DOES_RC5
+    PRIntervalTime time1, time2;
+    bltestRC5Params *rc5p = &cipherInfo->params.rc5;
+    int minorMode;
+    switch (cipherInfo->mode) {
+        case bltestRC5_ECB:
+            minorMode = NSS_RC5;
+            break;
+        case bltestRC5_CBC:
+            minorMode = NSS_RC5_CBC;
+            break;
+        default:
+            return SECFailure;
+    }
+    TIMESTART();
+    cipherInfo->cx = (void *)RC5_CreateContext(&rc5p->key.buf,
+                                               rc5p->rounds, rc5p->wordsize,
+                                               rc5p->iv.buf.data, minorMode);
+    TIMEFINISH(cipherInfo->cxtime, 1.0);
+    if (encrypt)
+        cipherInfo->cipher.symmkeyCipher = RC5_Encrypt;
+    else
+        cipherInfo->cipher.symmkeyCipher = RC5_Decrypt;
+    return SECSuccess;
+#else
+    return SECFailure;
+#endif
+}
+
+SECStatus
+bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    bltestSymmKeyParams *aesp = &cipherInfo->params.sk;
+    bltestAuthSymmKeyParams *gcmp = &cipherInfo->params.ask;
+    int minorMode;
+    int i;
+    int keylen = aesp->key.buf.len;
+    unsigned int blocklen = AES_BLOCK_SIZE;
+    PRIntervalTime time1, time2;
+    unsigned char *params;
+    int len;
+    CK_AES_CTR_PARAMS ctrParams;
+    CK_GCM_PARAMS gcmParams;
+
+    params = aesp->iv.buf.data;
+    switch (cipherInfo->mode) {
+        case bltestAES_ECB:
+            minorMode = NSS_AES;
+            break;
+        case bltestAES_CBC:
+            minorMode = NSS_AES_CBC;
+            break;
+        case bltestAES_CTS:
+            minorMode = NSS_AES_CTS;
+            break;
+        case bltestAES_CTR:
+            minorMode = NSS_AES_CTR;
+            ctrParams.ulCounterBits = 32;
+            len = PR_MIN(aesp->iv.buf.len, blocklen);
+            PORT_Memset(ctrParams.cb, 0, blocklen);
+            PORT_Memcpy(ctrParams.cb, aesp->iv.buf.data, len);
+            params = (unsigned char *)&ctrParams;
+            break;
+        case bltestAES_GCM:
+            minorMode = NSS_AES_GCM;
+            gcmParams.pIv = gcmp->sk.iv.buf.data;
+            gcmParams.ulIvLen = gcmp->sk.iv.buf.len;
+            gcmParams.pAAD = gcmp->aad.buf.data;
+            gcmParams.ulAADLen = gcmp->aad.buf.len;
+            gcmParams.ulTagBits = blocklen * 8;
+            params = (unsigned char *)&gcmParams;
+            break;
+        default:
+            return SECFailure;
+    }
+    cipherInfo->cx = (void *)AES_CreateContext(aesp->key.buf.data,
+                                               params,
+                                               minorMode, encrypt,
+                                               keylen, blocklen);
+    if (cipherInfo->cxreps > 0) {
+        AESContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(AESContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)AES_CreateContext(aesp->key.buf.data,
+                                                   params,
+                                                   minorMode, encrypt,
+                                                   keylen, blocklen);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            AES_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
+    }
+    if (encrypt)
+        cipherInfo->cipher.symmkeyCipher = aes_Encrypt;
+    else
+        cipherInfo->cipher.symmkeyCipher = aes_Decrypt;
+    return SECSuccess;
+}
+
+SECStatus
+bltest_camellia_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    bltestSymmKeyParams *camelliap = &cipherInfo->params.sk;
+    int minorMode;
+    int i;
+    int keylen = camelliap->key.buf.len;
+    PRIntervalTime time1, time2;
+
+    switch (cipherInfo->mode) {
+        case bltestCAMELLIA_ECB:
+            minorMode = NSS_CAMELLIA;
+            break;
+        case bltestCAMELLIA_CBC:
+            minorMode = NSS_CAMELLIA_CBC;
+            break;
+        default:
+            return SECFailure;
+    }
+    cipherInfo->cx = (void *)Camellia_CreateContext(camelliap->key.buf.data,
+                                                    camelliap->iv.buf.data,
+                                                    minorMode, encrypt,
+                                                    keylen);
+    if (cipherInfo->cxreps > 0) {
+        CamelliaContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(CamelliaContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)Camellia_CreateContext(camelliap->key.buf.data,
+                                                        camelliap->iv.buf.data,
+                                                        minorMode, encrypt,
+                                                        keylen);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            Camellia_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
+    }
+    if (encrypt)
+        cipherInfo->cipher.symmkeyCipher = camellia_Encrypt;
+    else
+        cipherInfo->cipher.symmkeyCipher = camellia_Decrypt;
+    return SECSuccess;
+}
+
+SECStatus
+bltest_seed_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    PRIntervalTime time1, time2;
+    bltestSymmKeyParams *seedp = &cipherInfo->params.sk;
+    int minorMode;
+    int i;
+
+    switch (cipherInfo->mode) {
+        case bltestSEED_ECB:
+            minorMode = NSS_SEED;
+            break;
+        case bltestSEED_CBC:
+            minorMode = NSS_SEED_CBC;
+            break;
+        default:
+            return SECFailure;
+    }
+    cipherInfo->cx = (void *)SEED_CreateContext(seedp->key.buf.data,
+                                                seedp->iv.buf.data,
+                                                minorMode, encrypt);
+    if (cipherInfo->cxreps > 0) {
+        SEEDContext **dummycx;
+        dummycx = PORT_Alloc(cipherInfo->cxreps * sizeof(SEEDContext *));
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummycx[i] = (void *)SEED_CreateContext(seedp->key.buf.data,
+                                                    seedp->iv.buf.data,
+                                                    minorMode, encrypt);
+        }
+        TIMEFINISH(cipherInfo->cxtime, 1.0);
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            SEED_DestroyContext(dummycx[i], PR_TRUE);
+        }
+        PORT_Free(dummycx);
+    }
+    if (encrypt)
+        cipherInfo->cipher.symmkeyCipher = seed_Encrypt;
+    else
+        cipherInfo->cipher.symmkeyCipher = seed_Decrypt;
+
+    return SECSuccess;
+}
+
+SECStatus
+bltest_chacha20_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    const unsigned int tagLen = 16;
+    const bltestSymmKeyParams *sk = &cipherInfo->params.sk;
+    cipherInfo->cx = ChaCha20Poly1305_CreateContext(sk->key.buf.data,
+                                                    sk->key.buf.len, tagLen);
+
+    if (encrypt)
+        cipherInfo->cipher.aeadCipher = chacha20_poly1305_Encrypt;
+    else
+        cipherInfo->cipher.aeadCipher = chacha20_poly1305_Decrypt;
+    return SECSuccess;
+}
+
+SECStatus
+bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    int i;
+    RSAPrivateKey **dummyKey;
+    RSAPrivateKey *privKey;
+    RSAPublicKey *pubKey;
+    PRIntervalTime time1, time2;
+
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    bltestRSAParams *rsap = &asymk->cipherParams.rsa;
+
+    /* RSA key gen was done during parameter setup */
+    cipherInfo->cx = asymk;
+    privKey = (RSAPrivateKey *)asymk->privKey;
+
+    /* For performance testing */
+    if (cipherInfo->cxreps > 0) {
+        /* Create space for n private key objects */
+        dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps *
+                                                sizeof(RSAPrivateKey *));
+        /* Time n keygens, storing in the array */
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            dummyKey[i] = RSA_NewKey(rsap->keysizeInBits,
+                                     &privKey->publicExponent);
+        TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+        /* Free the n key objects */
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            PORT_FreeArena(dummyKey[i]->arena, PR_TRUE);
+        PORT_Free(dummyKey);
+    }
+
+    if ((encrypt && !is_sigCipher(cipherInfo->mode)) ||
+        (!encrypt && is_sigCipher(cipherInfo->mode))) {
+        /* Have to convert private key to public key.  Memory
+         * is freed with private key's arena  */
+        pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena,
+                                                 sizeof(RSAPublicKey));
+        pubKey->modulus.len = privKey->modulus.len;
+        pubKey->modulus.data = privKey->modulus.data;
+        pubKey->publicExponent.len = privKey->publicExponent.len;
+        pubKey->publicExponent.data = privKey->publicExponent.data;
+        asymk->pubKey = (void *)pubKey;
+    }
+    switch (cipherInfo->mode) {
+        case bltestRSA:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_PublicKeyOp
+                                                      : rsa_PrivateKeyOp;
+            break;
+        case bltestRSA_PSS:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_signDigestPSS
+                                                      : rsa_verifyDigestPSS;
+            break;
+        case bltestRSA_OAEP:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP
+                                                      : rsa_decryptOAEP;
+            break;
+        default:
+            break;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy)
+{
+    if (keysize < 1024) {
+        int j = PQG_PBITS_TO_INDEX(keysize);
+        return PQG_ParamGen(j, pqg, vfy);
+    }
+    return PQG_ParamGenV2(keysize, 0, 0, pqg, vfy);
+}
+
+SECStatus
+bltest_pqg_init(bltestDSAParams *dsap)
+{
+    SECStatus rv, res;
+    PQGVerify *vfy = NULL;
+    rv = blapi_pqg_param_gen(dsap->keysize, &dsap->pqg, &vfy);
+    CHECKERROR(rv, __LINE__);
+    rv = PQG_VerifyParams(dsap->pqg, vfy, &res);
+    CHECKERROR(res, __LINE__);
+    CHECKERROR(rv, __LINE__);
+    return rv;
+}
+
+SECStatus
+bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    int i;
+    DSAPrivateKey **dummyKey;
+    PQGParams *dummypqg;
+    PRIntervalTime time1, time2;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    bltestDSAParams *dsap = &asymk->cipherParams.dsa;
+    PQGVerify *ignore = NULL;
+    cipherInfo->cx = asymk;
+    /* For performance testing */
+    if (cipherInfo->cxreps > 0) {
+        /* Create space for n private key objects */
+        dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
+                                                 sizeof(DSAPrivateKey *));
+        /* Time n keygens, storing in the array */
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            dummypqg = NULL;
+            blapi_pqg_param_gen(dsap->keysize, &dummypqg, &ignore);
+            DSA_NewKey(dummypqg, &dummyKey[i]);
+        }
+        TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+        /* Free the n key objects */
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE);
+        PORT_Free(dummyKey);
+    }
+    if (!dsap->pqg && dsap->pqgdata.buf.len > 0) {
+        dsap->pqg = pqg_from_filedata(cipherInfo->arena, &dsap->pqgdata.buf);
+    }
+    if (!asymk->privKey && asymk->key.buf.len > 0) {
+        asymk->privKey = dsakey_from_filedata(cipherInfo->arena, &asymk->key.buf);
+    }
+    if (encrypt) {
+        cipherInfo->cipher.pubkeyCipher = dsa_signDigest;
+    } else {
+        /* Have to convert private key to public key.  Memory
+         * is freed with private key's arena  */
+        DSAPublicKey *pubkey;
+        DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey;
+        pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena,
+                                                  sizeof(DSAPublicKey));
+        pubkey->params.prime.len = key->params.prime.len;
+        pubkey->params.prime.data = key->params.prime.data;
+        pubkey->params.subPrime.len = key->params.subPrime.len;
+        pubkey->params.subPrime.data = key->params.subPrime.data;
+        pubkey->params.base.len = key->params.base.len;
+        pubkey->params.base.data = key->params.base.data;
+        pubkey->publicValue.len = key->publicValue.len;
+        pubkey->publicValue.data = key->publicValue.data;
+        asymk->pubKey = pubkey;
+        cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest;
+    }
+    return SECSuccess;
+}
+
+#ifndef NSS_DISABLE_ECC
+SECStatus
+bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    int i;
+    ECPrivateKey **dummyKey;
+    PRIntervalTime time1, time2;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    cipherInfo->cx = asymk;
+    /* For performance testing */
+    if (cipherInfo->cxreps > 0) {
+        /* Create space for n private key objects */
+        dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
+                                                sizeof(ECPrivateKey *));
+        /* Time n keygens, storing in the array */
+        TIMESTART();
+        for (i = 0; i < cipherInfo->cxreps; i++) {
+            EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]);
+        }
+        TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
+        /* Free the n key objects */
+        for (i = 0; i < cipherInfo->cxreps; i++)
+            PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
+        PORT_Free(dummyKey);
+    }
+    if (!asymk->privKey && asymk->key.buf.len > 0) {
+        asymk->privKey = eckey_from_filedata(cipherInfo->arena, &asymk->key.buf);
+    }
+    if (encrypt) {
+        cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
+    } else {
+        /* Have to convert private key to public key.  Memory
+         * is freed with private key's arena  */
+        ECPublicKey *pubkey;
+        ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
+        pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
+                                                 sizeof(ECPublicKey));
+        pubkey->ecParams.type = key->ecParams.type;
+        pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
+        pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
+        pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
+        pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
+        pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
+        pubkey->ecParams.fieldID.k2 = key->ecParams.fieldID.k2;
+        pubkey->ecParams.fieldID.k3 = key->ecParams.fieldID.k3;
+        pubkey->ecParams.curve.a.len = key->ecParams.curve.a.len;
+        pubkey->ecParams.curve.a.data = key->ecParams.curve.a.data;
+        pubkey->ecParams.curve.b.len = key->ecParams.curve.b.len;
+        pubkey->ecParams.curve.b.data = key->ecParams.curve.b.data;
+        pubkey->ecParams.curve.seed.len = key->ecParams.curve.seed.len;
+        pubkey->ecParams.curve.seed.data = key->ecParams.curve.seed.data;
+        pubkey->ecParams.base.len = key->ecParams.base.len;
+        pubkey->ecParams.base.data = key->ecParams.base.data;
+        pubkey->ecParams.order.len = key->ecParams.order.len;
+        pubkey->ecParams.order.data = key->ecParams.order.data;
+        pubkey->ecParams.cofactor = key->ecParams.cofactor;
+        pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
+        pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
+        pubkey->ecParams.name = key->ecParams.name;
+        pubkey->publicValue.len = key->publicValue.len;
+        pubkey->publicValue.data = key->publicValue.data;
+        asymk->pubKey = pubkey;
+        cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
+    }
+    return SECSuccess;
+}
+#endif
+
+/* XXX unfortunately, this is not defined in blapi.h */
+SECStatus
+md2_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    unsigned int len;
+    MD2Context *cx = MD2_NewContext();
+    if (cx == NULL)
+        return SECFailure;
+    MD2_Begin(cx);
+    MD2_Update(cx, src, src_length);
+    MD2_End(cx, dest, &len, MD2_LENGTH);
+    MD2_DestroyContext(cx, PR_TRUE);
+    return SECSuccess;
+}
+
+SECStatus
+md2_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    MD2Context *cx, *cx_cpy;
+    unsigned char *cxbytes;
+    unsigned int len;
+    unsigned int i, quarter;
+    SECStatus rv = SECSuccess;
+    cx = MD2_NewContext();
+    MD2_Begin(cx);
+    /* divide message by 4, restarting 3 times */
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        MD2_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = MD2_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        MD2_Flatten(cx, cxbytes);
+        cx_cpy = MD2_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: MD2_Resurrect failed!\n", progName);
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            MD2_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: MD2_restart failed!\n", progName);
+            goto finish;
+        }
+        MD2_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
+    }
+    MD2_End(cx, dest, &len, MD2_LENGTH);
+finish:
+    MD2_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+md5_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    SECStatus rv = SECSuccess;
+    MD5Context *cx, *cx_cpy;
+    unsigned char *cxbytes;
+    unsigned int len;
+    unsigned int i, quarter;
+    cx = MD5_NewContext();
+    MD5_Begin(cx);
+    /* divide message by 4, restarting 3 times */
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        MD5_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = MD5_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        MD5_Flatten(cx, cxbytes);
+        cx_cpy = MD5_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: MD5_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            MD5_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: MD5_restart failed!\n", progName);
+            goto finish;
+        }
+        MD5_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
+    }
+    MD5_End(cx, dest, &len, MD5_LENGTH);
+finish:
+    MD5_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+sha1_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    SECStatus rv = SECSuccess;
+    SHA1Context *cx, *cx_cpy;
+    unsigned char *cxbytes;
+    unsigned int len;
+    unsigned int i, quarter;
+    cx = SHA1_NewContext();
+    SHA1_Begin(cx);
+    /* divide message by 4, restarting 3 times */
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA1_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA1_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA1_Flatten(cx, cxbytes);
+        cx_cpy = SHA1_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA1_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA1_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA1_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA1_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
+    }
+    SHA1_End(cx, dest, &len, MD5_LENGTH);
+finish:
+    SHA1_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+SHA224_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    SECStatus rv = SECSuccess;
+    SHA224Context *cx, *cx_cpy;
+    unsigned char *cxbytes;
+    unsigned int len;
+    unsigned int i, quarter;
+    cx = SHA224_NewContext();
+    SHA224_Begin(cx);
+    /* divide message by 4, restarting 3 times */
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA224_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA224_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA224_Flatten(cx, cxbytes);
+        cx_cpy = SHA224_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA224_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA224_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA224_restart failed!\n", progName);
+            goto finish;
+        }
+
+        SHA224_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
+    }
+    SHA224_End(cx, dest, &len, MD5_LENGTH);
+finish:
+    SHA224_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+SHA256_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    SECStatus rv = SECSuccess;
+    SHA256Context *cx, *cx_cpy;
+    unsigned char *cxbytes;
+    unsigned int len;
+    unsigned int i, quarter;
+    cx = SHA256_NewContext();
+    SHA256_Begin(cx);
+    /* divide message by 4, restarting 3 times */
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA256_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA256_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA256_Flatten(cx, cxbytes);
+        cx_cpy = SHA256_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA256_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA256_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA256_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA256_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
+    }
+    SHA256_End(cx, dest, &len, MD5_LENGTH);
+finish:
+    SHA256_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+SHA384_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    SECStatus rv = SECSuccess;
+    SHA384Context *cx, *cx_cpy;
+    unsigned char *cxbytes;
+    unsigned int len;
+    unsigned int i, quarter;
+    cx = SHA384_NewContext();
+    SHA384_Begin(cx);
+    /* divide message by 4, restarting 3 times */
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA384_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA384_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA384_Flatten(cx, cxbytes);
+        cx_cpy = SHA384_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA384_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA384_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA384_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA384_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
+    }
+    SHA384_End(cx, dest, &len, MD5_LENGTH);
+finish:
+    SHA384_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+SHA512_restart(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    SECStatus rv = SECSuccess;
+    SHA512Context *cx, *cx_cpy;
+    unsigned char *cxbytes;
+    unsigned int len;
+    unsigned int i, quarter;
+    cx = SHA512_NewContext();
+    SHA512_Begin(cx);
+    /* divide message by 4, restarting 3 times */
+    quarter = (src_length + 3) / 4;
+    for (i = 0; i < 4 && src_length > 0; i++) {
+        SHA512_Update(cx, src + i * quarter, PR_MIN(quarter, src_length));
+        len = SHA512_FlattenSize(cx);
+        cxbytes = PORT_Alloc(len);
+        SHA512_Flatten(cx, cxbytes);
+        cx_cpy = SHA512_Resurrect(cxbytes, NULL);
+        if (!cx_cpy) {
+            PR_fprintf(PR_STDERR, "%s: SHA512_Resurrect failed!\n", progName);
+            rv = SECFailure;
+            goto finish;
+        }
+        rv = PORT_Memcmp(cx, cx_cpy, len);
+        if (rv) {
+            SHA512_DestroyContext(cx_cpy, PR_TRUE);
+            PR_fprintf(PR_STDERR, "%s: SHA512_restart failed!\n", progName);
+            goto finish;
+        }
+        SHA512_DestroyContext(cx_cpy, PR_TRUE);
+        PORT_Free(cxbytes);
+        src_length -= quarter;
+    }
+    SHA512_End(cx, dest, &len, MD5_LENGTH);
+finish:
+    SHA512_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+pubkeyInitKey(bltestCipherInfo *cipherInfo, PRFileDesc *file,
+#ifndef NSS_DISABLE_ECC
+              int keysize, int exponent, char *curveName)
+#else
+              int keysize, int exponent)
+#endif
+{
+    int i;
+    SECStatus rv = SECSuccess;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    bltestRSAParams *rsap;
+    RSAPrivateKey **rsaKey = NULL;
+    bltestDSAParams *dsap;
+    DSAPrivateKey **dsaKey = NULL;
+#ifndef NSS_DISABLE_ECC
+    SECItem *tmpECParamsDER;
+    ECParams *tmpECParams = NULL;
+    SECItem ecSerialize[3];
+    ECPrivateKey **ecKey = NULL;
+#endif
+    switch (cipherInfo->mode) {
+        case bltestRSA:
+        case bltestRSA_PSS:
+        case bltestRSA_OAEP:
+            rsap = &asymk->cipherParams.rsa;
+            rsaKey = (RSAPrivateKey **)&asymk->privKey;
+            if (keysize > 0) {
+                SECItem expitem = { 0, 0, 0 };
+                SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int));
+                for (i = 1; i <= sizeof(int); i++)
+                    expitem.data[i - 1] = exponent >> (8 * (sizeof(int) - i));
+                *rsaKey = RSA_NewKey(keysize * 8, &expitem);
+                serialize_key(&(*rsaKey)->version, 9, file);
+                rsap->keysizeInBits = keysize * 8;
+            } else {
+                setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+                *rsaKey = rsakey_from_filedata(cipherInfo->arena, &asymk->key.buf);
+                rsap->keysizeInBits = (*rsaKey)->modulus.len * 8;
+            }
+            break;
+        case bltestDSA:
+            dsap = &asymk->cipherParams.dsa;
+            dsaKey = (DSAPrivateKey **)&asymk->privKey;
+            if (keysize > 0) {
+                dsap->keysize = keysize * 8;
+                if (!dsap->pqg)
+                    bltest_pqg_init(dsap);
+                rv = DSA_NewKey(dsap->pqg, dsaKey);
+                CHECKERROR(rv, __LINE__);
+                serialize_key(&(*dsaKey)->params.prime, 5, file);
+            } else {
+                setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+                *dsaKey = dsakey_from_filedata(cipherInfo->arena, &asymk->key.buf);
+                dsap->keysize = (*dsaKey)->params.prime.len * 8;
+            }
+            break;
+#ifndef NSS_DISABLE_ECC
+        case bltestECDSA:
+            ecKey = (ECPrivateKey **)&asymk->privKey;
+            if (curveName != NULL) {
+                tmpECParamsDER = getECParams(curveName);
+                rv = SECOID_Init();
+                CHECKERROR(rv, __LINE__);
+                rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
+                CHECKERROR(rv, __LINE__);
+                rv = EC_NewKey(tmpECParams, ecKey);
+                CHECKERROR(rv, __LINE__);
+                ecSerialize[0].type = tmpECParamsDER->type;
+                ecSerialize[0].data = tmpECParamsDER->data;
+                ecSerialize[0].len = tmpECParamsDER->len;
+                ecSerialize[1].type = (*ecKey)->publicValue.type;
+                ecSerialize[1].data = (*ecKey)->publicValue.data;
+                ecSerialize[1].len = (*ecKey)->publicValue.len;
+                ecSerialize[2].type = (*ecKey)->privateValue.type;
+                ecSerialize[2].data = (*ecKey)->privateValue.data;
+                ecSerialize[2].len = (*ecKey)->privateValue.len;
+                serialize_key(&(ecSerialize[0]), 3, file);
+                SECITEM_FreeItem(tmpECParamsDER, PR_TRUE);
+                PORT_FreeArena(tmpECParams->arena, PR_TRUE);
+                rv = SECOID_Shutdown();
+                CHECKERROR(rv, __LINE__);
+            } else {
+                setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+                *ecKey = eckey_from_filedata(cipherInfo->arena, &asymk->key.buf);
+            }
+            break;
+#endif
+        default:
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+cipherInit(bltestCipherInfo *cipherInfo, PRBool encrypt)
+{
+    PRBool restart;
+    int outlen;
+    switch (cipherInfo->mode) {
+        case bltestDES_ECB:
+        case bltestDES_CBC:
+        case bltestDES_EDE_ECB:
+        case bltestDES_EDE_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_des_init(cipherInfo, encrypt);
+            break;
+        case bltestRC2_ECB:
+        case bltestRC2_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_rc2_init(cipherInfo, encrypt);
+            break;
+        case bltestRC4:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_rc4_init(cipherInfo, encrypt);
+            break;
+#ifdef NSS_SOFTOKEN_DOES_RC5
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+#endif
+            return bltest_rc5_init(cipherInfo, encrypt);
+            break;
+        case bltestAES_ECB:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestAES_GCM:
+            outlen = cipherInfo->input.pBuf.len;
+            if (cipherInfo->mode == bltestAES_GCM && encrypt) {
+                outlen += 16;
+            }
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
+            return bltest_aes_init(cipherInfo, encrypt);
+            break;
+        case bltestCAMELLIA_ECB:
+        case bltestCAMELLIA_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_camellia_init(cipherInfo, encrypt);
+            break;
+        case bltestSEED_ECB:
+        case bltestSEED_CBC:
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              cipherInfo->input.pBuf.len);
+            return bltest_seed_init(cipherInfo, encrypt);
+            break;
+        case bltestCHACHA20:
+            outlen = cipherInfo->input.pBuf.len + (encrypt ? 16 : 0);
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf, outlen);
+            return bltest_chacha20_init(cipherInfo, encrypt);
+            break;
+        case bltestRSA:
+        case bltestRSA_OAEP:
+        case bltestRSA_PSS:
+            if (encrypt || cipherInfo->mode != bltestRSA_PSS) {
+                /* Don't allocate a buffer for PSS in verify mode, as no actual
+         * output is produced. */
+                SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                                  RSA_MAX_MODULUS_BITS / 8);
+            }
+            return bltest_rsa_init(cipherInfo, encrypt);
+            break;
+        case bltestDSA:
+            if (encrypt) {
+                SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                                  DSA_MAX_SIGNATURE_LEN);
+            }
+            return bltest_dsa_init(cipherInfo, encrypt);
+            break;
+#ifndef NSS_DISABLE_ECC
+        case bltestECDSA:
+            if (encrypt) {
+                SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                                  2 * MAX_ECKEY_LEN);
+            }
+            return bltest_ecdsa_init(cipherInfo, encrypt);
+            break;
+#endif
+        case bltestMD2:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              MD2_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestMD5:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              MD5_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? md5_restart : MD5_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA1:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA1_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? sha1_restart : SHA1_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA224:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA224_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA224_restart
+                                                      : SHA224_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA256:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA256_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA256_restart
+                                                      : SHA256_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA384:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA384_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA384_restart
+                                                      : SHA384_HashBuf;
+            return SECSuccess;
+            break;
+        case bltestSHA512:
+            restart = cipherInfo->params.hash.restart;
+            SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+                              SHA512_LENGTH);
+            cipherInfo->cipher.hashCipher = (restart) ? SHA512_restart
+                                                      : SHA512_HashBuf;
+            return SECSuccess;
+            break;
+        default:
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+cipherDoOp(bltestCipherInfo *cipherInfo)
+{
+    PRIntervalTime time1, time2;
+    SECStatus rv = SECSuccess;
+    int i;
+    unsigned int len;
+    unsigned int maxLen = cipherInfo->output.pBuf.len;
+    unsigned char *dummyOut;
+    dummyOut = PORT_Alloc(maxLen);
+    if (is_symmkeyCipher(cipherInfo->mode)) {
+        const unsigned char *input = cipherInfo->input.pBuf.data;
+        unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ? cipherInfo->input.pBuf.len
+                                                                      : PR_MIN(cipherInfo->input.pBuf.len, 16);
+        unsigned char *output = cipherInfo->output.pBuf.data;
+        unsigned int outputLen = maxLen;
+        unsigned int totalOutputLen = 0;
+        TIMESTART();
+        rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx,
+                                                 output, &len, outputLen,
+                                                 input, inputLen);
+        CHECKERROR(rv, __LINE__);
+        totalOutputLen += len;
+        if (cipherInfo->input.pBuf.len > inputLen) {
+            input += inputLen;
+            inputLen = cipherInfo->input.pBuf.len - inputLen;
+            output += len;
+            outputLen -= len;
+            rv = (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx,
+                                                     output, &len, outputLen,
+                                                     input, inputLen);
+            CHECKERROR(rv, __LINE__);
+            totalOutputLen += len;
+        }
+        cipherInfo->output.pBuf.len = totalOutputLen;
+        TIMEFINISH(cipherInfo->optime, 1.0);
+        cipherInfo->repetitions = 0;
+        if (cipherInfo->repetitionsToPerfom != 0) {
+            TIMESTART();
+            for (i = 0; i < cipherInfo->repetitionsToPerfom; i++,
+                cipherInfo->repetitions++) {
+                (*cipherInfo->cipher.symmkeyCipher)(cipherInfo->cx, dummyOut,
+                                                    &len, maxLen,
+                                                    cipherInfo->input.pBuf.data,
+                                                    cipherInfo->input.pBuf.len);
+
+                CHECKERROR(rv, __LINE__);
+            }
+        } else {
+            int opsBetweenChecks = 0;
+            TIMEMARK(cipherInfo->seconds);
+            while (!(TIMETOFINISH())) {
+                int j = 0;
+                for (; j < opsBetweenChecks; j++) {
+                    (*cipherInfo->cipher.symmkeyCipher)(
+                        cipherInfo->cx, dummyOut, &len, maxLen,
+                        cipherInfo->input.pBuf.data,
+                        cipherInfo->input.pBuf.len);
+                }
+                cipherInfo->repetitions += j;
+            }
+        }
+        TIMEFINISH(cipherInfo->optime, 1.0);
+    } else if (is_aeadCipher(cipherInfo->mode)) {
+        const unsigned char *input = cipherInfo->input.pBuf.data;
+        unsigned int inputLen = cipherInfo->input.pBuf.len;
+        unsigned char *output = cipherInfo->output.pBuf.data;
+        unsigned int outputLen;
+        bltestSymmKeyParams *sk = &cipherInfo->params.sk;
+        bltestAuthSymmKeyParams *ask = &cipherInfo->params.ask;
+
+        TIMESTART();
+        rv = (*cipherInfo->cipher.aeadCipher)(
+            cipherInfo->cx,
+            output, &outputLen, maxLen,
+            input, inputLen,
+            sk->iv.buf.data, sk->iv.buf.len,
+            ask->aad.buf.data, ask->aad.buf.len);
+        CHECKERROR(rv, __LINE__);
+        cipherInfo->output.pBuf.len = outputLen;
+        TIMEFINISH(cipherInfo->optime, 1.0);
+
+        cipherInfo->repetitions = 0;
+        if (cipherInfo->repetitionsToPerfom != 0) {
+            TIMESTART();
+            for (i = 0; i < cipherInfo->repetitionsToPerfom; i++,
+                cipherInfo->repetitions++) {
+                rv = (*cipherInfo->cipher.aeadCipher)(
+                    cipherInfo->cx,
+                    output, &outputLen, maxLen,
+                    input, inputLen,
+                    sk->iv.buf.data, sk->iv.buf.len,
+                    ask->aad.buf.data, ask->aad.buf.len);
+                CHECKERROR(rv, __LINE__);
+            }
+        } else {
+            int opsBetweenChecks = 0;
+            TIMEMARK(cipherInfo->seconds);
+            while (!(TIMETOFINISH())) {
+                int j = 0;
+                for (; j < opsBetweenChecks; j++) {
+                    (*cipherInfo->cipher.aeadCipher)(
+                        cipherInfo->cx,
+                        output, &outputLen, maxLen,
+                        input, inputLen,
+                        sk->iv.buf.data, sk->iv.buf.len,
+                        ask->aad.buf.data, ask->aad.buf.len);
+                }
+                cipherInfo->repetitions += j;
+            }
+        }
+        TIMEFINISH(cipherInfo->optime, 1.0);
+    } else if (is_pubkeyCipher(cipherInfo->mode)) {
+        TIMESTART();
+        rv = (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx,
+                                                &cipherInfo->output.pBuf,
+                                                &cipherInfo->input.pBuf);
+        TIMEFINISH(cipherInfo->optime, 1.0);
+        CHECKERROR(rv, __LINE__);
+        cipherInfo->repetitions = 0;
+        if (cipherInfo->repetitionsToPerfom != 0) {
+            TIMESTART();
+            for (i = 0; i < cipherInfo->repetitionsToPerfom;
+                 i++, cipherInfo->repetitions++) {
+                SECItem dummy;
+                dummy.data = dummyOut;
+                dummy.len = maxLen;
+                (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy,
+                                                   &cipherInfo->input.pBuf);
+                CHECKERROR(rv, __LINE__);
+            }
+        } else {
+            int opsBetweenChecks = 0;
+            TIMEMARK(cipherInfo->seconds);
+            while (!(TIMETOFINISH())) {
+                int j = 0;
+                for (; j < opsBetweenChecks; j++) {
+                    SECItem dummy;
+                    dummy.data = dummyOut;
+                    dummy.len = maxLen;
+                    (*cipherInfo->cipher.pubkeyCipher)(cipherInfo->cx, &dummy,
+                                                       &cipherInfo->input.pBuf);
+                    CHECKERROR(rv, __LINE__);
+                }
+                cipherInfo->repetitions += j;
+            }
+        }
+        TIMEFINISH(cipherInfo->optime, 1.0);
+    } else if (is_hashCipher(cipherInfo->mode)) {
+        TIMESTART();
+        rv = (*cipherInfo->cipher.hashCipher)(cipherInfo->output.pBuf.data,
+                                              cipherInfo->input.pBuf.data,
+                                              cipherInfo->input.pBuf.len);
+        TIMEFINISH(cipherInfo->optime, 1.0);
+        CHECKERROR(rv, __LINE__);
+        cipherInfo->repetitions = 0;
+        if (cipherInfo->repetitionsToPerfom != 0) {
+            TIMESTART();
+            for (i = 0; i < cipherInfo->repetitionsToPerfom;
+                 i++, cipherInfo->repetitions++) {
+                (*cipherInfo->cipher.hashCipher)(dummyOut,
+                                                 cipherInfo->input.pBuf.data,
+                                                 cipherInfo->input.pBuf.len);
+                CHECKERROR(rv, __LINE__);
+            }
+        } else {
+            int opsBetweenChecks = 0;
+            TIMEMARK(cipherInfo->seconds);
+            while (!(TIMETOFINISH())) {
+                int j = 0;
+                for (; j < opsBetweenChecks; j++) {
+                    bltestIO *input = &cipherInfo->input;
+                    (*cipherInfo->cipher.hashCipher)(dummyOut,
+                                                     input->pBuf.data,
+                                                     input->pBuf.len);
+                    CHECKERROR(rv, __LINE__);
+                }
+                cipherInfo->repetitions += j;
+            }
+        }
+        TIMEFINISH(cipherInfo->optime, 1.0);
+    }
+    PORT_Free(dummyOut);
+    return rv;
+}
+
+SECStatus
+cipherFinish(bltestCipherInfo *cipherInfo)
+{
+    SECStatus rv = SECSuccess;
+
+    switch (cipherInfo->mode) {
+        case bltestDES_ECB:
+        case bltestDES_CBC:
+        case bltestDES_EDE_ECB:
+        case bltestDES_EDE_CBC:
+            DES_DestroyContext((DESContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestAES_GCM:
+        case bltestAES_ECB:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+            AES_DestroyContext((AESContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestCAMELLIA_ECB:
+        case bltestCAMELLIA_CBC:
+            Camellia_DestroyContext((CamelliaContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestSEED_ECB:
+        case bltestSEED_CBC:
+            SEED_DestroyContext((SEEDContext *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestCHACHA20:
+            ChaCha20Poly1305_DestroyContext((ChaCha20Poly1305Context *)
+                                                cipherInfo->cx,
+                                            PR_TRUE);
+            break;
+        case bltestRC2_ECB:
+        case bltestRC2_CBC:
+            RC2_DestroyContext((RC2Context *)cipherInfo->cx, PR_TRUE);
+            break;
+        case bltestRC4:
+            RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
+            break;
+#ifdef NSS_SOFTOKEN_DOES_RC5
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE);
+            break;
+#endif
+        case bltestRSA:     /* keys are alloc'ed within cipherInfo's arena, */
+        case bltestRSA_PSS: /* will be freed with it. */
+        case bltestRSA_OAEP:
+        case bltestDSA:
+#ifndef NSS_DISABLE_ECC
+        case bltestECDSA:
+#endif
+        case bltestMD2: /* hash contexts are ephemeral */
+        case bltestMD5:
+        case bltestSHA1:
+        case bltestSHA224:
+        case bltestSHA256:
+        case bltestSHA384:
+        case bltestSHA512:
+            return SECSuccess;
+            break;
+        default:
+            return SECFailure;
+    }
+    return rv;
+}
+
+void
+print_exponent(SECItem *exp)
+{
+    int i;
+    int e = 0;
+    if (exp->len <= 4) {
+        for (i = exp->len; i >= 0; --i)
+            e |= exp->data[exp->len - i] << 8 * (i - 1);
+        fprintf(stdout, "%12d", e);
+    } else {
+        e = 8 * exp->len;
+        fprintf(stdout, "~2**%-8d", e);
+    }
+}
+
+static void
+splitToReportUnit(PRInt64 res, int *resArr, int *del, int size)
+{
+    PRInt64 remaining = res, tmp = 0;
+    PRInt64 Ldel;
+    int i = -1;
+
+    while (remaining > 0 && ++i < size) {
+        LL_I2L(Ldel, del[i]);
+        LL_MOD(tmp, remaining, Ldel);
+        LL_L2I(resArr[i], tmp);
+        LL_DIV(remaining, remaining, Ldel);
+    }
+}
+
+static char *
+getHighUnitBytes(PRInt64 res)
+{
+    int spl[] = { 0, 0, 0, 0 };
+    int del[] = { 1024, 1024, 1024, 1024 };
+    char *marks[] = { "b", "Kb", "Mb", "Gb" };
+    int i = 3;
+
+    splitToReportUnit(res, spl, del, 4);
+
+    for (; i > 0; i--) {
+        if (spl[i] != 0) {
+            break;
+        }
+    }
+
+    return PR_smprintf("%d%s", spl[i], marks[i]);
+}
+
+static void
+printPR_smpString(const char *sformat, char *reportStr,
+                  const char *nformat, PRInt64 rNum)
+{
+    if (reportStr) {
+        fprintf(stdout, sformat, reportStr);
+        PR_smprintf_free(reportStr);
+    } else {
+        fprintf(stdout, nformat, rNum);
+    }
+}
+
+static char *
+getHighUnitOps(PRInt64 res)
+{
+    int spl[] = { 0, 0, 0, 0 };
+    int del[] = { 1000, 1000, 1000, 1000 };
+    char *marks[] = { "", "T", "M", "B" };
+    int i = 3;
+
+    splitToReportUnit(res, spl, del, 4);
+
+    for (; i > 0; i--) {
+        if (spl[i] != 0) {
+            break;
+        }
+    }
+
+    return PR_smprintf("%d%s", spl[i], marks[i]);
+}
+
+void
+dump_performance_info(bltestCipherInfo *infoList, double totalTimeInt,
+                      PRBool encrypt, PRBool cxonly)
+{
+    bltestCipherInfo *info = infoList;
+
+    PRInt64 totalIn = 0;
+    PRBool td = PR_TRUE;
+
+    int repetitions = 0;
+    int cxreps = 0;
+    double cxtime = 0;
+    double optime = 0;
+    while (info != NULL) {
+        repetitions += info->repetitions;
+        cxreps += info->cxreps;
+        cxtime += info->cxtime;
+        optime += info->optime;
+        totalIn += (PRInt64)info->input.buf.len * (PRInt64)info->repetitions;
+
+        info = info->next;
+    }
+    info = infoList;
+
+    fprintf(stdout, "#%9s", "mode");
+    fprintf(stdout, "%12s", "in");
+print_td:
+    switch (info->mode) {
+        case bltestDES_ECB:
+        case bltestDES_CBC:
+        case bltestDES_EDE_ECB:
+        case bltestDES_EDE_CBC:
+        case bltestAES_ECB:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestAES_GCM:
+        case bltestCAMELLIA_ECB:
+        case bltestCAMELLIA_CBC:
+        case bltestSEED_ECB:
+        case bltestSEED_CBC:
+        case bltestRC2_ECB:
+        case bltestRC2_CBC:
+        case bltestRC4:
+            if (td)
+                fprintf(stdout, "%8s", "symmkey");
+            else
+                fprintf(stdout, "%8d", 8 * info->params.sk.key.buf.len);
+            break;
+#ifdef NSS_SOFTOKEN_DOES_RC5
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            if (info->params.sk.key.buf.len > 0)
+                printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len);
+            if (info->rounds > 0)
+                printf("rounds=%d,", info->params.rc5.rounds);
+            if (info->wordsize > 0)
+                printf("wordsize(bytes)=%d,", info->params.rc5.wordsize);
+            break;
+#endif
+        case bltestRSA:
+        case bltestRSA_PSS:
+        case bltestRSA_OAEP:
+            if (td) {
+                fprintf(stdout, "%8s", "rsa_mod");
+                fprintf(stdout, "%12s", "rsa_pe");
+            } else {
+                bltestAsymKeyParams *asymk = &info->params.asymk;
+                fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits);
+                print_exponent(
+                    &((RSAPrivateKey *)asymk->privKey)->publicExponent);
+            }
+            break;
+        case bltestDSA:
+            if (td) {
+                fprintf(stdout, "%8s", "pqg_mod");
+            } else {
+                fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
+            }
+            break;
+#ifndef NSS_DISABLE_ECC
+        case bltestECDSA:
+            if (td) {
+                fprintf(stdout, "%12s", "ec_curve");
+            } else {
+                ECPrivateKey *key = (ECPrivateKey *)info->params.asymk.privKey;
+                ECCurveName curveName = key->ecParams.name;
+                fprintf(stdout, "%12s",
+                        ecCurve_map[curveName] ? ecCurve_map[curveName]->text : "Unsupported curve");
+            }
+            break;
+#endif
+        case bltestMD2:
+        case bltestMD5:
+        case bltestSHA1:
+        case bltestSHA256:
+        case bltestSHA384:
+        case bltestSHA512:
+        default:
+            break;
+    }
+    if (!td) {
+        PRInt64 totalThroughPut;
+
+        printPR_smpString("%8s", getHighUnitOps(repetitions),
+                          "%8d", repetitions);
+
+        printPR_smpString("%8s", getHighUnitOps(cxreps), "%8d", cxreps);
+
+        fprintf(stdout, "%12.3f", cxtime);
+        fprintf(stdout, "%12.3f", optime);
+        fprintf(stdout, "%12.03f", totalTimeInt / 1000);
+
+        totalThroughPut = (PRInt64)(totalIn / totalTimeInt * 1000);
+        printPR_smpString("%12s", getHighUnitBytes(totalThroughPut),
+                          "%12d", totalThroughPut);
+
+        fprintf(stdout, "\n");
+        return;
+    }
+
+    fprintf(stdout, "%8s", "opreps");
+    fprintf(stdout, "%8s", "cxreps");
+    fprintf(stdout, "%12s", "context");
+    fprintf(stdout, "%12s", "op");
+    fprintf(stdout, "%12s", "time(sec)");
+    fprintf(stdout, "%12s", "thrgput");
+    fprintf(stdout, "\n");
+    fprintf(stdout, "%8s", mode_strings[info->mode]);
+    fprintf(stdout, "_%c", (cxonly) ? 'c' : (encrypt) ? 'e' : 'd');
+    printPR_smpString("%12s", getHighUnitBytes(totalIn), "%12d", totalIn);
+
+    td = !td;
+    goto print_td;
+}
+
+void
+printmodes()
+{
+    bltestCipherMode mode;
+    int nummodes = sizeof(mode_strings) / sizeof(char *);
+    fprintf(stderr, "%s: Available modes (specify with -m):\n", progName);
+    for (mode = 0; mode < nummodes; mode++)
+        fprintf(stderr, "%s\n", mode_strings[mode]);
+}
+
+bltestCipherMode
+get_mode(const char *modestring)
+{
+    bltestCipherMode mode;
+    int nummodes = sizeof(mode_strings) / sizeof(char *);
+    for (mode = 0; mode < nummodes; mode++)
+        if (PL_strcmp(modestring, mode_strings[mode]) == 0)
+            return mode;
+    fprintf(stderr, "%s: invalid mode: %s\n", progName, modestring);
+    return bltestINVALID;
+}
+
+void
+load_file_data(PLArenaPool *arena, bltestIO *data,
+               char *fn, bltestIOMode ioMode)
+{
+    PRFileDesc *file;
+    data->mode = ioMode;
+    data->file = NULL; /* don't use -- not saving anything */
+    data->pBuf.data = NULL;
+    data->pBuf.len = 0;
+    file = PR_Open(fn, PR_RDONLY, 00660);
+    if (file) {
+        setupIO(arena, data, file, NULL, 0);
+        PR_Close(file);
+    }
+}
+
+HASH_HashType
+mode_str_to_hash_alg(const SECItem *modeStr)
+{
+    bltestCipherMode mode;
+    char *tempModeStr = NULL;
+    if (!modeStr || modeStr->len == 0)
+        return HASH_AlgNULL;
+    tempModeStr = PORT_Alloc(modeStr->len + 1);
+    if (!tempModeStr)
+        return HASH_AlgNULL;
+    memcpy(tempModeStr, modeStr->data, modeStr->len);
+    tempModeStr[modeStr->len] = '\0';
+    mode = get_mode(tempModeStr);
+    PORT_Free(tempModeStr);
+    switch (mode) {
+        case bltestMD2:
+            return HASH_AlgMD2;
+        case bltestMD5:
+            return HASH_AlgMD5;
+        case bltestSHA1:
+            return HASH_AlgSHA1;
+        case bltestSHA224:
+            return HASH_AlgSHA224;
+        case bltestSHA256:
+            return HASH_AlgSHA256;
+        case bltestSHA384:
+            return HASH_AlgSHA384;
+        case bltestSHA512:
+            return HASH_AlgSHA512;
+        default:
+            return HASH_AlgNULL;
+    }
+}
+
+void
+get_params(PLArenaPool *arena, bltestParams *params,
+           bltestCipherMode mode, int j)
+{
+    char filename[256];
+    char *modestr = mode_strings[mode];
+    bltestIO tempIO;
+
+#ifdef NSS_SOFTOKEN_DOES_RC5
+    FILE *file;
+    char *mark, *param, *val;
+    int index = 0;
+#endif
+    switch (mode) {
+        case bltestAES_GCM:
+        case bltestCHACHA20:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
+            load_file_data(arena, &params->ask.aad, filename, bltestBinary);
+        case bltestDES_CBC:
+        case bltestDES_EDE_CBC:
+        case bltestRC2_CBC:
+        case bltestAES_CBC:
+        case bltestAES_CTS:
+        case bltestAES_CTR:
+        case bltestCAMELLIA_CBC:
+        case bltestSEED_CBC:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
+            load_file_data(arena, &params->sk.iv, filename, bltestBinary);
+        case bltestDES_ECB:
+        case bltestDES_EDE_ECB:
+        case bltestRC2_ECB:
+        case bltestRC4:
+        case bltestAES_ECB:
+        case bltestCAMELLIA_ECB:
+        case bltestSEED_ECB:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->sk.key, filename, bltestBinary);
+            break;
+#ifdef NSS_SOFTOKEN_DOES_RC5
+        case bltestRC5_ECB:
+        case bltestRC5_CBC:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
+            load_file_data(arena, &params->sk.iv, filename, bltestBinary);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->sk.key, filename, bltestBinary);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+                    "params", j);
+            file = fopen(filename, "r");
+            if (!file)
+                return;
+            param = malloc(100);
+            len = fread(param, 1, 100, file);
+            while (index < len) {
+                mark = PL_strchr(param, '=');
+                *mark = '\0';
+                val = mark + 1;
+                mark = PL_strchr(val, '\n');
+                *mark = '\0';
+                if (PL_strcmp(param, "rounds") == 0) {
+                    params->rc5.rounds = atoi(val);
+                } else if (PL_strcmp(param, "wordsize") == 0) {
+                    params->rc5.wordsize = atoi(val);
+                }
+                index += PL_strlen(param) + PL_strlen(val) + 2;
+                param = mark + 1;
+            }
+            break;
+#endif
+        case bltestRSA_PSS:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+            load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+        /* fall through */
+        case bltestRSA_OAEP:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j);
+            load_file_data(arena, &params->asymk.cipherParams.rsa.seed,
+                           filename, bltestBase64Encoded);
+
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j);
+            load_file_data(arena, &tempIO, filename, bltestBinary);
+            params->asymk.cipherParams.rsa.hashAlg =
+                mode_str_to_hash_alg(&tempIO.buf);
+
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j);
+            load_file_data(arena, &tempIO, filename, bltestBinary);
+            params->asymk.cipherParams.rsa.maskHashAlg =
+                mode_str_to_hash_alg(&tempIO.buf);
+        /* fall through */
+        case bltestRSA:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->asymk.key, filename,
+                           bltestBase64Encoded);
+            params->asymk.privKey =
+                (void *)rsakey_from_filedata(arena, &params->asymk.key.buf);
+            break;
+        case bltestDSA:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+            params->asymk.privKey =
+                (void *)dsakey_from_filedata(arena, &params->asymk.key.buf);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j);
+            load_file_data(arena, &params->asymk.cipherParams.dsa.pqgdata, filename,
+                           bltestBase64Encoded);
+            params->asymk.cipherParams.dsa.pqg =
+                pqg_from_filedata(arena, &params->asymk.cipherParams.dsa.pqgdata.buf);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j);
+            load_file_data(arena, &params->asymk.cipherParams.dsa.keyseed, filename,
+                           bltestBase64Encoded);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
+            load_file_data(arena, &params->asymk.cipherParams.dsa.sigseed, filename,
+                           bltestBase64Encoded);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+            load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+            break;
+#ifndef NSS_DISABLE_ECC
+        case bltestECDSA:
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
+            load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+            params->asymk.privKey =
+                (void *)eckey_from_filedata(arena, &params->asymk.key.buf);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
+            load_file_data(arena, &params->asymk.cipherParams.ecdsa.sigseed,
+                           filename, bltestBase64Encoded);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+            load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+            break;
+#endif
+        case bltestMD2:
+        case bltestMD5:
+        case bltestSHA1:
+        case bltestSHA224:
+        case bltestSHA256:
+        case bltestSHA384:
+        case bltestSHA512:
+            /*params->hash.restart = PR_TRUE;*/
+            params->hash.restart = PR_FALSE;
+            break;
+        default:
+            break;
+    }
+}
+
+SECStatus
+verify_self_test(bltestIO *result, bltestIO *cmp, bltestCipherMode mode,
+                 PRBool forward, SECStatus sigstatus)
+{
+    PRBool equal;
+    char *modestr = mode_strings[mode];
+    equal = SECITEM_ItemsAreEqual(&result->pBuf, &cmp->buf);
+    if (is_sigCipher(mode)) {
+        if (forward) {
+            if (equal) {
+                printf("Signature self-test for %s passed.\n", modestr);
+            } else {
+                printf("Signature self-test for %s failed!\n", modestr);
+            }
+            return equal ? SECSuccess : SECFailure;
+        } else {
+            if (sigstatus == SECSuccess) {
+                printf("Verification self-test for %s passed.\n", modestr);
+            } else {
+                printf("Verification self-test for %s failed!\n", modestr);
+            }
+            return sigstatus;
+        }
+    } else if (is_hashCipher(mode)) {
+        if (equal) {
+            printf("Hash self-test for %s passed.\n", modestr);
+        } else {
+            printf("Hash self-test for %s failed!\n", modestr);
+        }
+    } else {
+        if (forward) {
+            if (equal) {
+                printf("Encryption self-test for %s passed.\n", modestr);
+            } else {
+                printf("Encryption self-test for %s failed!\n", modestr);
+            }
+        } else {
+            if (equal) {
+                printf("Decryption self-test for %s passed.\n", modestr);
+            } else {
+                printf("Decryption self-test for %s failed!\n", modestr);
+            }
+        }
+    }
+    return equal ? SECSuccess : SECFailure;
+}
+
+static SECStatus
+ReadFileToItem(PLArenaPool *arena, SECItem *dst, const char *filename)
+{
+    SECItem tmp = { siBuffer, NULL, 0 };
+    PRFileDesc *file;
+    SECStatus rv;
+
+    file = PR_Open(filename, PR_RDONLY, 00660);
+    if (!file) {
+        return SECFailure;
+    }
+    rv = SECU_FileToItem(&tmp, file);
+    rv |= SECITEM_CopyItem(arena, dst, &tmp);
+    SECITEM_FreeItem(&tmp, PR_FALSE);
+    PR_Close(file);
+    return rv;
+}
+
+static SECStatus
+blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
+               PRBool encrypt, PRBool decrypt)
+{
+    bltestCipherInfo cipherInfo;
+    bltestIO pt, ct;
+    bltestCipherMode mode;
+    bltestParams *params;
+    unsigned int i, j, nummodes, numtests;
+    char *modestr;
+    char filename[256];
+    PLArenaPool *arena;
+    SECItem item;
+    SECStatus rv = SECSuccess, srv;
+
+    PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo));
+    arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
+    cipherInfo.arena = arena;
+
+    nummodes = (numModes == 0) ? NUMMODES : numModes;
+    for (i = 0; i < nummodes; i++) {
+        if (numModes > 0)
+            mode = modes[i];
+        else
+            mode = i;
+        if (mode == bltestINVALID) {
+            fprintf(stderr, "%s: Skipping invalid mode.\n", progName);
+            continue;
+        }
+        modestr = mode_strings[mode];
+        cipherInfo.mode = mode;
+        params = &cipherInfo.params;
+        /* get the number of tests in the directory */
+        sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
+        if (ReadFileToItem(arena, &item, filename) != SECSuccess) {
+            fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename);
+            rv = SECFailure;
+            continue;
+        }
+        /* loop over the tests in the directory */
+        numtests = 0;
+        for (j = 0; j < item.len; j++) {
+            if (!isdigit(item.data[j])) {
+                break;
+            }
+            numtests *= 10;
+            numtests += (int)(item.data[j] - '0');
+        }
+        for (j = 0; j < numtests; j++) {
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+                    "plaintext", j);
+            load_file_data(arena, &pt, filename,
+                           is_sigCipher(mode) ? bltestBase64Encoded
+                                              : bltestBinary);
+            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+                    "ciphertext", j);
+            load_file_data(arena, &ct, filename, bltestBase64Encoded);
+
+            get_params(arena, params, mode, j);
+            /* Forward Operation (Encrypt/Sign/Hash)
+            ** Align the input buffer (plaintext) according to request
+            ** then perform operation and compare to ciphertext
+            */
+            if (encrypt) {
+                rv |= bltestCopyIO(arena, &cipherInfo.input, &pt);
+                misalignBuffer(arena, &cipherInfo.input, inoff);
+                memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+                rv |= cipherInit(&cipherInfo, PR_TRUE);
+                misalignBuffer(arena, &cipherInfo.output, outoff);
+                rv |= cipherDoOp(&cipherInfo);
+                rv |= cipherFinish(&cipherInfo);
+                rv |= verify_self_test(&cipherInfo.output,
+                                       &ct, mode, PR_TRUE, SECSuccess);
+                /* If testing hash, only one op to test */
+                if (is_hashCipher(mode))
+                    continue;
+                if (is_sigCipher(mode)) {
+                    /* Verify operations support detached signature files. For
+                    ** consistency between tests that run Sign/Verify back to
+                    ** back (eg: self-tests) and tests that are only running
+                    ** verify operations, copy the output into the sig buf,
+                    ** and then copy the sig buf back out when verifying. For
+                    ** self-tests, this is unnecessary copying, but for
+                    ** verify-only operations, this ensures that the output
+                    ** buffer is properly configured
+                    */
+                    rv |= bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
+                }
+            }
+            if (!decrypt)
+                continue;
+            /* Reverse Operation (Decrypt/Verify)
+            ** Align the input buffer (ciphertext) according to request
+            ** then perform operation and compare to plaintext
+            */
+            if (is_sigCipher(mode)) {
+                rv |= bltestCopyIO(arena, &cipherInfo.input, &pt);
+                rv |= bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
+            } else {
+                rv |= bltestCopyIO(arena, &cipherInfo.input, &ct);
+                memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+            }
+            misalignBuffer(arena, &cipherInfo.input, inoff);
+            rv |= cipherInit(&cipherInfo, PR_FALSE);
+            misalignBuffer(arena, &cipherInfo.output, outoff);
+            srv = SECSuccess;
+            srv |= cipherDoOp(&cipherInfo);
+            rv |= cipherFinish(&cipherInfo);
+            rv |= verify_self_test(&cipherInfo.output,
+                                   &pt, mode, PR_FALSE, srv);
+        }
+    }
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+SECStatus
+dump_file(bltestCipherMode mode, char *filename)
+{
+    bltestIO keydata;
+    PLArenaPool *arena = NULL;
+    arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return SECFailure;
+    }
+    if (mode == bltestRSA || mode == bltestRSA_PSS || mode == bltestRSA_OAEP) {
+        RSAPrivateKey *key;
+        load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+        key = rsakey_from_filedata(arena, &keydata.buf);
+        dump_rsakey(key);
+    } else if (mode == bltestDSA) {
+#if 0
+    PQGParams *pqg;
+    get_file_data(filename, &item, PR_TRUE);
+    pqg = pqg_from_filedata(&item);
+    dump_pqg(pqg);
+#endif
+        DSAPrivateKey *key;
+        load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+        key = dsakey_from_filedata(arena, &keydata.buf);
+        dump_dsakey(key);
+#ifndef NSS_DISABLE_ECC
+    } else if (mode == bltestECDSA) {
+        ECPrivateKey *key;
+        load_file_data(arena, &keydata, filename, bltestBase64Encoded);
+        key = eckey_from_filedata(arena, &keydata.buf);
+        dump_eckey(key);
+#endif
+    }
+    PORT_FreeArena(arena, PR_FALSE);
+    return SECFailure;
+}
+
+void
+ThreadExecTest(void *data)
+{
+    bltestCipherInfo *cipherInfo = (bltestCipherInfo *)data;
+
+    if (cipherInfo->mCarlo == PR_TRUE) {
+        int mciter;
+        for (mciter = 0; mciter < 10000; mciter++) {
+            cipherDoOp(cipherInfo);
+            memcpy(cipherInfo->input.buf.data,
+                   cipherInfo->output.buf.data,
+                   cipherInfo->input.buf.len);
+        }
+    } else {
+        cipherDoOp(cipherInfo);
+    }
+    cipherFinish(cipherInfo);
+}
+
+static void
+rsaPrivKeyReset(RSAPrivateKey *tstKey)
+{
+    PLArenaPool *arena;
+
+    tstKey->version.data = NULL;
+    tstKey->version.len = 0;
+    tstKey->modulus.data = NULL;
+    tstKey->modulus.len = 0;
+    tstKey->publicExponent.data = NULL;
+    tstKey->publicExponent.len = 0;
+    tstKey->privateExponent.data = NULL;
+    tstKey->privateExponent.len = 0;
+    tstKey->prime1.data = NULL;
+    tstKey->prime1.len = 0;
+    tstKey->prime2.data = NULL;
+    tstKey->prime2.len = 0;
+    tstKey->exponent1.data = NULL;
+    tstKey->exponent1.len = 0;
+    tstKey->exponent2.data = NULL;
+    tstKey->exponent2.len = 0;
+    tstKey->coefficient.data = NULL;
+    tstKey->coefficient.len = 0;
+
+    arena = tstKey->arena;
+    tstKey->arena = NULL;
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+}
+
+#define RSA_TEST_EQUAL(comp)                                   \
+    if (!SECITEM_ItemsAreEqual(&(src->comp), &(dest->comp))) { \
+        fprintf(stderr, "key->" #comp " not equal");           \
+        if (src->comp.len != dest->comp.len) {                 \
+            fprintf(stderr, "src_len = %d, dest_len = %d",     \
+                    src->comp.len, dest->comp.len);            \
+        }                                                      \
+        fprintf(stderr, "\n");                                 \
+        areEqual = PR_FALSE;                                   \
+    }
+
+static PRBool
+rsaPrivKeysAreEqual(RSAPrivateKey *src, RSAPrivateKey *dest)
+{
+    PRBool areEqual = PR_TRUE;
+    RSA_TEST_EQUAL(modulus)
+    RSA_TEST_EQUAL(publicExponent)
+    RSA_TEST_EQUAL(privateExponent)
+    RSA_TEST_EQUAL(prime1)
+    RSA_TEST_EQUAL(prime2)
+    RSA_TEST_EQUAL(exponent1)
+    RSA_TEST_EQUAL(exponent2)
+    RSA_TEST_EQUAL(coefficient)
+    if (!areEqual) {
+        fprintf(stderr, "original key:\n");
+        dump_rsakey(src);
+        fprintf(stderr, "recreated key:\n");
+        dump_rsakey(dest);
+    }
+    return areEqual;
+}
+
+static int
+doRSAPopulateTestKV()
+{
+    RSAPrivateKey tstKey = { 0 };
+    SECStatus rv;
+    int failed = 0;
+    int i;
+
+    tstKey.arena = NULL;
+
+    /* Test public exponent, private exponent, modulus cases from
+     * pkcs1v15sign-vectors.txt. Some are valid PKCS#1 keys but not valid RSA
+     * ones (de = 1 mod lcm(p − 1, q − 1))
+     */
+    for (i = 0; i < PR_ARRAY_SIZE(PKCS1_VECTORS); ++i) {
+        struct pkcs1_test_vector *v = &PKCS1_VECTORS[i];
+
+        rsaPrivKeyReset(&tstKey);
+        tstKey.privateExponent.data = v->d;
+        tstKey.privateExponent.len = v->d_len;
+        tstKey.publicExponent.data = v->e;
+        tstKey.publicExponent.len = v->e_len;
+        tstKey.modulus.data = v->n;
+        tstKey.modulus.len = v->n_len;
+
+        rv = RSA_PopulatePrivateKey(&tstKey);
+        if (rv != SECSuccess) {
+            fprintf(stderr, "RSA Populate failed: pkcs1v15sign-vector %d\n", i);
+            failed = 1;
+        } else if (memcmp(v->q, tstKey.prime1.data, v->q_len) ||
+                   tstKey.prime1.len != v->q_len) {
+            fprintf(stderr, "RSA Populate key mismatch: pkcs1v15sign-vector %d q\n", i);
+            failed = 1;
+        } else if (memcmp(v->p, tstKey.prime2.data, v->p_len) ||
+                   tstKey.prime1.len != v->p_len) {
+            fprintf(stderr, "RSA Populate key mismatch: pkcs1v15sign-vector %d p\n", i);
+            failed = 1;
+        } else {
+            fprintf(stderr, "RSA Populate success: pkcs1v15sign-vector %d p\n", i);
+        }
+    }
+
+    PORT_FreeArena(tstKey.arena, PR_TRUE);
+    return failed;
+}
+
+/*
+ * Test the RSA populate command to see that it can really build
+ * keys from its components.
+ */
+static int
+doRSAPopulateTest(unsigned int keySize, unsigned long exponent)
+{
+    RSAPrivateKey *srcKey;
+    RSAPrivateKey tstKey = { 0 };
+    SECItem expitem = { 0, 0, 0 };
+    SECStatus rv;
+    unsigned char pubExp[32];
+    int expLen = 0;
+    int failed = 0;
+    int i;
+
+    for (i = 0; i < sizeof(unsigned long); i++) {
+        int shift = (sizeof(unsigned long) - i - 1) * 8;
+        if (expLen || (exponent && ((unsigned long)0xffL << shift))) {
+            pubExp[expLen] = (unsigned char)((exponent >> shift) & 0xff);
+            expLen++;
+        }
+    }
+
+    expitem.data = pubExp;
+    expitem.len = expLen;
+
+    srcKey = RSA_NewKey(keySize, &expitem);
+    if (srcKey == NULL) {
+        fprintf(stderr, "RSA Key Gen failed");
+        return -1;
+    }
+
+    /* test the basic case - most common, public exponent, modulus, prime */
+    tstKey.arena = NULL;
+    rsaPrivKeyReset(&tstKey);
+
+    tstKey.publicExponent = srcKey->publicExponent;
+    tstKey.modulus = srcKey->modulus;
+    tstKey.prime1 = srcKey->prime1;
+
+    rv = RSA_PopulatePrivateKey(&tstKey);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
+        failed = 1;
+    } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
+        fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
+        failed = 1;
+    }
+
+    /* test the basic2 case, public exponent, modulus, prime2 */
+    rsaPrivKeyReset(&tstKey);
+
+    tstKey.publicExponent = srcKey->publicExponent;
+    tstKey.modulus = srcKey->modulus;
+    tstKey.prime1 = srcKey->prime2; /* test with q in the prime1 position */
+
+    rv = RSA_PopulatePrivateKey(&tstKey);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
+        failed = 1;
+    } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
+        fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
+        failed = 1;
+    }
+
+    /* test the medium case, private exponent, prime1, prime2 */
+    rsaPrivKeyReset(&tstKey);
+
+    tstKey.privateExponent = srcKey->privateExponent;
+    tstKey.prime1 = srcKey->prime2; /* purposefully swap them to make */
+    tstKey.prime2 = srcKey->prime1; /* sure populated swaps them back */
+
+    rv = RSA_PopulatePrivateKey(&tstKey);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "RSA Populate failed: privExp p q\n");
+        failed = 1;
+    } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
+        fprintf(stderr, "RSA Populate key mismatch: privExp  p q\n");
+        failed = 1;
+    }
+
+    /* test the advanced case, public exponent, private exponent, prime2 */
+    rsaPrivKeyReset(&tstKey);
+
+    tstKey.privateExponent = srcKey->privateExponent;
+    tstKey.publicExponent = srcKey->publicExponent;
+    tstKey.prime2 = srcKey->prime2; /* use q in the prime2 position */
+
+    rv = RSA_PopulatePrivateKey(&tstKey);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
+        fprintf(stderr, " - not fatal\n");
+        /* it's possible that we can't uniquely determine the original key
+         * from just the exponents and prime. Populate returns an error rather
+         * than return the wrong key. */
+    } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
+        /* if we returned a key, it *must* be correct */
+        fprintf(stderr, "RSA Populate key mismatch: pubExp privExp  q\n");
+        rv = RSA_PrivateKeyCheck(&tstKey);
+        failed = 1;
+    }
+
+    /* test the advanced case2, public exponent, private exponent, modulus */
+    rsaPrivKeyReset(&tstKey);
+
+    tstKey.privateExponent = srcKey->privateExponent;
+    tstKey.publicExponent = srcKey->publicExponent;
+    tstKey.modulus = srcKey->modulus;
+
+    rv = RSA_PopulatePrivateKey(&tstKey);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
+        failed = 1;
+    } else if (!rsaPrivKeysAreEqual(&tstKey, srcKey)) {
+        fprintf(stderr, "RSA Populate key mismatch: pubExp privExp  mod\n");
+        failed = 1;
+    }
+
+    PORT_FreeArena(srcKey->arena, PR_TRUE);
+    return failed ? -1 : 0;
+}
+
+/* bltest commands */
+enum {
+    cmd_Decrypt = 0,
+    cmd_Encrypt,
+    cmd_FIPS,
+    cmd_Hash,
+    cmd_Nonce,
+    cmd_Dump,
+    cmd_RSAPopulate,
+    cmd_RSAPopulateKV,
+    cmd_Sign,
+    cmd_SelfTest,
+    cmd_Verify
+};
+
+/* bltest options */
+enum {
+    opt_B64 = 0,
+    opt_BufSize,
+    opt_Restart,
+    opt_SelfTestDir,
+    opt_Exponent,
+    opt_SigFile,
+    opt_KeySize,
+    opt_Hex,
+    opt_Input,
+    opt_PQGFile,
+    opt_Key,
+    opt_HexWSpc,
+    opt_Mode,
+#ifndef NSS_DISABLE_ECC
+    opt_CurveName,
+#endif
+    opt_Output,
+    opt_Repetitions,
+    opt_ZeroBuf,
+    opt_Rounds,
+    opt_Seed,
+    opt_SigSeedFile,
+    opt_CXReps,
+    opt_IV,
+    opt_WordSize,
+    opt_UseSeed,
+    opt_UseSigSeed,
+    opt_SeedFile,
+    opt_AAD,
+    opt_InputOffset,
+    opt_OutputOffset,
+    opt_MonteCarlo,
+    opt_ThreadNum,
+    opt_SecondsToRun,
+    opt_CmdLine
+};
+
+static secuCommandFlag bltest_commands[] =
+    {
+      { /* cmd_Decrypt */ 'D', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Encrypt */ 'E', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_FIPS */ 'F', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Hash */ 'H', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Nonce */ 'N', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Dump */ 'P', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_RSAPopulate */ 'R', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_RSAPopulateKV */ 'K', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Sign */ 'S', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_SelfTest */ 'T', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Verify */ 'V', PR_FALSE, 0, PR_FALSE }
+    };
+
+static secuCommandFlag bltest_options[] =
+    {
+      { /* opt_B64 */ 'a', PR_FALSE, 0, PR_FALSE },
+      { /* opt_BufSize */ 'b', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Restart */ 'c', PR_FALSE, 0, PR_FALSE },
+      { /* opt_SelfTestDir */ 'd', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Exponent */ 'e', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SigFile */ 'f', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeySize */ 'g', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Hex */ 'h', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Input */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_PQGFile */ 'j', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Key */ 'k', PR_TRUE, 0, PR_FALSE },
+      { /* opt_HexWSpc */ 'l', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Mode */ 'm', PR_TRUE, 0, PR_FALSE },
+#ifndef NSS_DISABLE_ECC
+      { /* opt_CurveName */ 'n', PR_TRUE, 0, PR_FALSE },
+#endif
+      { /* opt_Output */ 'o', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Repetitions */ 'p', PR_TRUE, 0, PR_FALSE },
+      { /* opt_ZeroBuf */ 'q', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Rounds */ 'r', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Seed */ 's', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SigSeedFile */ 't', PR_TRUE, 0, PR_FALSE },
+      { /* opt_CXReps */ 'u', PR_TRUE, 0, PR_FALSE },
+      { /* opt_IV */ 'v', PR_TRUE, 0, PR_FALSE },
+      { /* opt_WordSize */ 'w', PR_TRUE, 0, PR_FALSE },
+      { /* opt_UseSeed */ 'x', PR_FALSE, 0, PR_FALSE },
+      { /* opt_UseSigSeed */ 'y', PR_FALSE, 0, PR_FALSE },
+      { /* opt_SeedFile */ 'z', PR_FALSE, 0, PR_FALSE },
+      { /* opt_AAD */ 0, PR_TRUE, 0, PR_FALSE, "aad" },
+      { /* opt_InputOffset */ '1', PR_TRUE, 0, PR_FALSE },
+      { /* opt_OutputOffset */ '2', PR_TRUE, 0, PR_FALSE },
+      { /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ThreadNum */ '4', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE },
+      { /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE }
+    };
+
+int
+main(int argc, char **argv)
+{
+    SECStatus rv = SECFailure;
+
+    double totalTime = 0.0;
+    PRIntervalTime time1, time2;
+    PRFileDesc *outfile = NULL;
+    bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL;
+    bltestIOMode ioMode;
+    int bufsize, exponent, curThrdNum;
+#ifndef NSS_DISABLE_ECC
+    char *curveName = NULL;
+#endif
+    int i, commandsEntered;
+    int inoff, outoff;
+    int threads = 1;
+
+    secuCommand bltest;
+    bltest.numCommands = sizeof(bltest_commands) / sizeof(secuCommandFlag);
+    bltest.numOptions = sizeof(bltest_options) / sizeof(secuCommandFlag);
+    bltest.commands = bltest_commands;
+    bltest.options = bltest_options;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = NSS_InitializePRErrorTable();
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return -1;
+    }
+    rv = RNG_RNGInit();
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return -1;
+    }
+    rv = BL_Init();
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return -1;
+    }
+    RNG_SystemInfoForRNG();
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &bltest);
+    if (rv == SECFailure) {
+        fprintf(stderr, "%s: command line parsing error!\n", progName);
+        goto print_usage;
+    }
+    rv = SECFailure;
+
+    cipherInfo = PORT_ZNew(bltestCipherInfo);
+    cipherInfoListHead = cipherInfo;
+
+    /* Check the number of commands entered on the command line. */
+    commandsEntered = 0;
+    for (i = 0; i < bltest.numCommands; i++)
+        if (bltest.commands[i].activated)
+            commandsEntered++;
+
+    if (commandsEntered > 1 &&
+        !(commandsEntered == 2 && bltest.commands[cmd_SelfTest].activated)) {
+        fprintf(stderr, "%s: one command at a time!\n", progName);
+        goto print_usage;
+    }
+
+    if (commandsEntered == 0) {
+        fprintf(stderr, "%s: you must enter a command!\n", progName);
+        goto print_usage;
+    }
+
+    if (bltest.commands[cmd_Sign].activated)
+        bltest.commands[cmd_Encrypt].activated = PR_TRUE;
+    if (bltest.commands[cmd_Verify].activated)
+        bltest.commands[cmd_Decrypt].activated = PR_TRUE;
+    if (bltest.commands[cmd_Hash].activated)
+        bltest.commands[cmd_Encrypt].activated = PR_TRUE;
+
+    inoff = outoff = 0;
+    if (bltest.options[opt_InputOffset].activated)
+        inoff = PORT_Atoi(bltest.options[opt_InputOffset].arg);
+    if (bltest.options[opt_OutputOffset].activated)
+        outoff = PORT_Atoi(bltest.options[opt_OutputOffset].arg);
+
+    testdir = (bltest.options[opt_SelfTestDir].activated) ? strdup(bltest.options[opt_SelfTestDir].arg)
+                                                          : ".";
+
+    /*
+     * Handle three simple cases first
+     */
+
+    /* test the RSA_PopulatePrivateKey function with known vectors */
+    if (bltest.commands[cmd_RSAPopulateKV].activated) {
+        PORT_Free(cipherInfo);
+        return doRSAPopulateTestKV();
+    }
+
+    /* test the RSA_PopulatePrivateKey function */
+    if (bltest.commands[cmd_RSAPopulate].activated) {
+        unsigned int keySize = 1024;
+        unsigned long exponent = 65537;
+        int rounds = 1;
+        int ret = -1;
+
+        if (bltest.options[opt_KeySize].activated) {
+            keySize = PORT_Atoi(bltest.options[opt_KeySize].arg);
+        }
+        if (bltest.options[opt_Rounds].activated) {
+            rounds = PORT_Atoi(bltest.options[opt_Rounds].arg);
+        }
+        if (bltest.options[opt_Exponent].activated) {
+            exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
+        }
+
+        for (i = 0; i < rounds; i++) {
+            printf("Running RSA Populate test round %d\n", i);
+            ret = doRSAPopulateTest(keySize, exponent);
+            if (ret != 0) {
+                break;
+            }
+        }
+        if (ret != 0) {
+            fprintf(stderr, "RSA Populate test round %d: FAILED\n", i);
+        }
+        PORT_Free(cipherInfo);
+        return ret;
+    }
+
+    /* Do BLAPI self-test */
+    if (bltest.commands[cmd_SelfTest].activated) {
+        PRBool encrypt = PR_TRUE, decrypt = PR_TRUE;
+        /* user may specified a set of ciphers to test.  parse them. */
+        bltestCipherMode modesToTest[NUMMODES];
+        int numModesToTest = 0;
+        char *tok, *str;
+        str = bltest.options[opt_Mode].arg;
+        while (str) {
+            tok = strchr(str, ',');
+            if (tok)
+                *tok = '\0';
+            modesToTest[numModesToTest++] = get_mode(str);
+            if (tok) {
+                *tok = ',';
+                str = tok + 1;
+            } else {
+                break;
+            }
+        }
+        if (bltest.commands[cmd_Decrypt].activated &&
+            !bltest.commands[cmd_Encrypt].activated)
+            encrypt = PR_FALSE;
+        if (bltest.commands[cmd_Encrypt].activated &&
+            !bltest.commands[cmd_Decrypt].activated)
+            decrypt = PR_FALSE;
+        rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
+                            encrypt, decrypt);
+        PORT_Free(cipherInfo);
+        return rv == SECSuccess ? 0 : 1;
+    }
+
+    /* Do FIPS self-test */
+    if (bltest.commands[cmd_FIPS].activated) {
+        CK_RV ckrv = sftk_FIPSEntryOK();
+        fprintf(stdout, "CK_RV: %ld.\n", ckrv);
+        PORT_Free(cipherInfo);
+        if (ckrv == CKR_OK)
+            return SECSuccess;
+        return SECFailure;
+    }
+
+    /*
+     * Check command line arguments for Encrypt/Decrypt/Hash/Sign/Verify
+     */
+
+    if ((bltest.commands[cmd_Decrypt].activated ||
+         bltest.commands[cmd_Verify].activated) &&
+        bltest.options[opt_BufSize].activated) {
+        fprintf(stderr, "%s: Cannot use a nonce as input to decrypt/verify.\n",
+                progName);
+        goto print_usage;
+    }
+
+    if (bltest.options[opt_Mode].activated) {
+        cipherInfo->mode = get_mode(bltest.options[opt_Mode].arg);
+        if (cipherInfo->mode == bltestINVALID) {
+            goto print_usage;
+        }
+    } else {
+        fprintf(stderr, "%s: You must specify a cipher mode with -m.\n",
+                progName);
+        goto print_usage;
+    }
+
+    if (bltest.options[opt_Repetitions].activated &&
+        bltest.options[opt_SecondsToRun].activated) {
+        fprintf(stderr, "%s: Operation time should be defined in either "
+                        "repetitions(-p) or seconds(-5) not both",
+                progName);
+        goto print_usage;
+    }
+
+    if (bltest.options[opt_Repetitions].activated) {
+        cipherInfo->repetitionsToPerfom =
+            PORT_Atoi(bltest.options[opt_Repetitions].arg);
+    } else {
+        cipherInfo->repetitionsToPerfom = 0;
+    }
+
+    if (bltest.options[opt_SecondsToRun].activated) {
+        cipherInfo->seconds = PORT_Atoi(bltest.options[opt_SecondsToRun].arg);
+    } else {
+        cipherInfo->seconds = 0;
+    }
+
+    if (bltest.options[opt_CXReps].activated) {
+        cipherInfo->cxreps = PORT_Atoi(bltest.options[opt_CXReps].arg);
+    } else {
+        cipherInfo->cxreps = 0;
+    }
+
+    if (bltest.options[opt_ThreadNum].activated) {
+        threads = PORT_Atoi(bltest.options[opt_ThreadNum].arg);
+        if (threads <= 0) {
+            threads = 1;
+        }
+    }
+
+    /* Dump a file (rsakey, dsakey, etc.) */
+    if (bltest.commands[cmd_Dump].activated) {
+        rv = dump_file(cipherInfo->mode, bltest.options[opt_Input].arg);
+        PORT_Free(cipherInfo);
+        return rv;
+    }
+
+    /* default input mode is binary */
+    ioMode = (bltest.options[opt_B64].activated)
+                 ? bltestBase64Encoded
+                 : (bltest.options[opt_Hex].activated)
+                       ? bltestHexStream
+                       : (bltest.options[opt_HexWSpc].activated) ? bltestHexSpaceDelim
+                                                                 : bltestBinary;
+
+    if (bltest.options[opt_Exponent].activated)
+        exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
+    else
+        exponent = 65537;
+
+#ifndef NSS_DISABLE_ECC
+    if (bltest.options[opt_CurveName].activated)
+        curveName = PORT_Strdup(bltest.options[opt_CurveName].arg);
+    else
+        curveName = NULL;
+#endif
+
+    if (bltest.commands[cmd_Verify].activated &&
+        !bltest.options[opt_SigFile].activated) {
+        fprintf(stderr, "%s: You must specify a signature file with -f.\n",
+                progName);
+
+    print_usage:
+        if (cipherInfo) {
+            PORT_Free(cipherInfo);
+        }
+        Usage();
+    }
+
+    if (bltest.options[opt_MonteCarlo].activated) {
+        cipherInfo->mCarlo = PR_TRUE;
+    } else {
+        cipherInfo->mCarlo = PR_FALSE;
+    }
+
+    for (curThrdNum = 0; curThrdNum < threads; curThrdNum++) {
+        int keysize = 0;
+        PRFileDesc *file = NULL, *infile;
+        bltestParams *params;
+        char *instr = NULL;
+        PLArenaPool *arena;
+
+        if (curThrdNum > 0) {
+            bltestCipherInfo *newCInfo = PORT_ZNew(bltestCipherInfo);
+            if (!newCInfo) {
+                fprintf(stderr, "%s: Can not allocate  memory.\n", progName);
+                goto exit_point;
+            }
+            newCInfo->mode = cipherInfo->mode;
+            newCInfo->mCarlo = cipherInfo->mCarlo;
+            newCInfo->repetitionsToPerfom =
+                cipherInfo->repetitionsToPerfom;
+            newCInfo->seconds = cipherInfo->seconds;
+            newCInfo->cxreps = cipherInfo->cxreps;
+            cipherInfo->next = newCInfo;
+            cipherInfo = newCInfo;
+        }
+        arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            fprintf(stderr, "%s: Can not allocate memory.\n", progName);
+            goto exit_point;
+        }
+        cipherInfo->arena = arena;
+        params = &cipherInfo->params;
+
+        /* Set up an encryption key. */
+        keysize = 0;
+        file = NULL;
+        if (is_symmkeyCipher(cipherInfo->mode) ||
+            is_aeadCipher(cipherInfo->mode)) {
+            char *keystr = NULL; /* if key is on command line */
+            if (bltest.options[opt_Key].activated) {
+                if (bltest.options[opt_CmdLine].activated) {
+                    keystr = bltest.options[opt_Key].arg;
+                } else {
+                    file = PR_Open(bltest.options[opt_Key].arg,
+                                   PR_RDONLY, 00660);
+                }
+            } else {
+                if (bltest.options[opt_KeySize].activated)
+                    keysize = PORT_Atoi(bltest.options[opt_KeySize].arg);
+                else
+                    keysize = 8; /* use 64-bit default (DES) */
+                /* save the random key for reference */
+                file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660);
+            }
+            params->key.mode = ioMode;
+            setupIO(cipherInfo->arena, &params->key, file, keystr, keysize);
+            if (file)
+                PR_Close(file);
+        } else if (is_pubkeyCipher(cipherInfo->mode)) {
+            if (bltest.options[opt_Key].activated) {
+                file = PR_Open(bltest.options[opt_Key].arg, PR_RDONLY, 00660);
+            } else {
+                if (bltest.options[opt_KeySize].activated)
+                    keysize = PORT_Atoi(bltest.options[opt_KeySize].arg);
+                else
+                    keysize = 64; /* use 512-bit default */
+                file = PR_Open("tmp.key", PR_WRONLY | PR_CREATE_FILE, 00660);
+            }
+            params->key.mode = bltestBase64Encoded;
+#ifndef NSS_DISABLE_ECC
+            pubkeyInitKey(cipherInfo, file, keysize, exponent, curveName);
+#else
+            pubkeyInitKey(cipherInfo, file, keysize, exponent);
+#endif
+            PR_Close(file);
+        }
+
+        /* set up an initialization vector. */
+        if (cipher_requires_IV(cipherInfo->mode)) {
+            char *ivstr = NULL;
+            bltestSymmKeyParams *skp;
+            file = NULL;
+#ifdef NSS_SOFTOKEN_DOES_RC5
+            if (cipherInfo->mode == bltestRC5_CBC)
+                skp = (bltestSymmKeyParams *)&params->rc5;
+            else
+#endif
+                skp = &params->sk;
+            if (bltest.options[opt_IV].activated) {
+                if (bltest.options[opt_CmdLine].activated) {
+                    ivstr = bltest.options[opt_IV].arg;
+                } else {
+                    file = PR_Open(bltest.options[opt_IV].arg,
+                                   PR_RDONLY, 00660);
+                }
+            } else {
+                /* save the random iv for reference */
+                file = PR_Open("tmp.iv", PR_WRONLY | PR_CREATE_FILE, 00660);
+            }
+            memset(&skp->iv, 0, sizeof skp->iv);
+            skp->iv.mode = ioMode;
+            setupIO(cipherInfo->arena, &skp->iv, file, ivstr, keysize);
+            if (file) {
+                PR_Close(file);
+            }
+        }
+
+        /* set up an initialization vector. */
+        if (is_authCipher(cipherInfo->mode)) {
+            char *aadstr = NULL;
+            bltestAuthSymmKeyParams *askp;
+            file = NULL;
+            askp = &params->ask;
+            if (bltest.options[opt_AAD].activated) {
+                if (bltest.options[opt_CmdLine].activated) {
+                    aadstr = bltest.options[opt_AAD].arg;
+                } else {
+                    file = PR_Open(bltest.options[opt_AAD].arg,
+                                   PR_RDONLY, 00660);
+                }
+            } else {
+                file = NULL;
+            }
+            memset(&askp->aad, 0, sizeof askp->aad);
+            askp->aad.mode = ioMode;
+            setupIO(cipherInfo->arena, &askp->aad, file, aadstr, 0);
+            if (file) {
+                PR_Close(file);
+            }
+        }
+
+        if (bltest.commands[cmd_Verify].activated) {
+            file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
+            if (is_sigCipher(cipherInfo->mode)) {
+                memset(&params->asymk.sig, 0, sizeof(bltestIO));
+                params->asymk.sig.mode = ioMode;
+                setupIO(cipherInfo->arena, &params->asymk.sig, file, NULL, 0);
+            }
+            if (file) {
+                PR_Close(file);
+            }
+        }
+
+        if (bltest.options[opt_PQGFile].activated) {
+            file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660);
+            params->asymk.cipherParams.dsa.pqgdata.mode = bltestBase64Encoded;
+            setupIO(cipherInfo->arena, &params->asymk.cipherParams.dsa.pqgdata,
+                    file, NULL, 0);
+            if (file) {
+                PR_Close(file);
+            }
+        }
+
+        /* Set up the input buffer */
+        if (bltest.options[opt_Input].activated) {
+            if (bltest.options[opt_CmdLine].activated) {
+                instr = bltest.options[opt_Input].arg;
+                infile = NULL;
+            } else {
+                /* form file name from testdir and input arg. */
+                char *filename = bltest.options[opt_Input].arg;
+                if (bltest.options[opt_SelfTestDir].activated &&
+                    testdir && filename && filename[0] != '/') {
+                    filename = PR_smprintf("%s/tests/%s/%s", testdir,
+                                           mode_strings[cipherInfo->mode],
+                                           filename);
+                    if (!filename) {
+                        fprintf(stderr, "%s: Can not allocate memory.\n",
+                                progName);
+                        goto exit_point;
+                    }
+                    infile = PR_Open(filename, PR_RDONLY, 00660);
+                    PR_smprintf_free(filename);
+                } else {
+                    infile = PR_Open(filename, PR_RDONLY, 00660);
+                }
+            }
+        } else if (bltest.options[opt_BufSize].activated) {
+            /* save the random plaintext for reference */
+            char *tmpFName = PR_smprintf("tmp.in.%d", curThrdNum);
+            if (!tmpFName) {
+                fprintf(stderr, "%s: Can not allocate memory.\n", progName);
+                goto exit_point;
+            }
+            infile = PR_Open(tmpFName, PR_WRONLY | PR_CREATE_FILE, 00660);
+            PR_smprintf_free(tmpFName);
+        } else {
+            infile = PR_STDIN;
+        }
+        if (!infile) {
+            fprintf(stderr, "%s: Failed to open input file.\n", progName);
+            goto exit_point;
+        }
+        cipherInfo->input.mode = ioMode;
+
+        /* Set up the output stream */
+        if (bltest.options[opt_Output].activated) {
+            /* form file name from testdir and input arg. */
+            char *filename = bltest.options[opt_Output].arg;
+            if (bltest.options[opt_SelfTestDir].activated &&
+                testdir && filename && filename[0] != '/') {
+                filename = PR_smprintf("%s/tests/%s/%s", testdir,
+                                       mode_strings[cipherInfo->mode],
+                                       filename);
+                if (!filename) {
+                    fprintf(stderr, "%s: Can not allocate memory.\n", progName);
+                    goto exit_point;
+                }
+                outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660);
+                PR_smprintf_free(filename);
+            } else {
+                outfile = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE, 00660);
+            }
+        } else {
+            outfile = PR_STDOUT;
+        }
+        if (!outfile) {
+            fprintf(stderr, "%s: Failed to open output file.\n", progName);
+            rv = SECFailure;
+            goto exit_point;
+        }
+        cipherInfo->output.mode = ioMode;
+        if (bltest.options[opt_SelfTestDir].activated && ioMode == bltestBinary)
+            cipherInfo->output.mode = bltestBase64Encoded;
+
+        if (is_hashCipher(cipherInfo->mode))
+            cipherInfo->params.hash.restart =
+                bltest.options[opt_Restart].activated;
+
+        bufsize = 0;
+        if (bltest.options[opt_BufSize].activated)
+            bufsize = PORT_Atoi(bltest.options[opt_BufSize].arg);
+
+        /*infile = NULL;*/
+        setupIO(cipherInfo->arena, &cipherInfo->input, infile, instr, bufsize);
+        if (infile && infile != PR_STDIN)
+            PR_Close(infile);
+        misalignBuffer(cipherInfo->arena, &cipherInfo->input, inoff);
+
+        cipherInit(cipherInfo, bltest.commands[cmd_Encrypt].activated);
+        misalignBuffer(cipherInfo->arena, &cipherInfo->output, outoff);
+    }
+
+    if (!bltest.commands[cmd_Nonce].activated) {
+        TIMESTART();
+        cipherInfo = cipherInfoListHead;
+        while (cipherInfo != NULL) {
+            cipherInfo->cipherThread =
+                PR_CreateThread(PR_USER_THREAD,
+                                ThreadExecTest,
+                                cipherInfo,
+                                PR_PRIORITY_NORMAL,
+                                PR_GLOBAL_THREAD,
+                                PR_JOINABLE_THREAD,
+                                0);
+            cipherInfo = cipherInfo->next;
+        }
+
+        cipherInfo = cipherInfoListHead;
+        while (cipherInfo != NULL) {
+            PR_JoinThread(cipherInfo->cipherThread);
+            finishIO(&cipherInfo->output, outfile);
+            cipherInfo = cipherInfo->next;
+        }
+        TIMEFINISH(totalTime, 1);
+    }
+
+    cipherInfo = cipherInfoListHead;
+    if (cipherInfo->repetitions > 0 || cipherInfo->cxreps > 0 ||
+        threads > 1)
+        dump_performance_info(cipherInfoListHead, totalTime,
+                              bltest.commands[cmd_Encrypt].activated,
+                              (cipherInfo->repetitions == 0));
+
+    rv = SECSuccess;
+
+exit_point:
+    if (outfile && outfile != PR_STDOUT)
+        PR_Close(outfile);
+    cipherInfo = cipherInfoListHead;
+    while (cipherInfo != NULL) {
+        bltestCipherInfo *tmpInfo = cipherInfo;
+
+        if (cipherInfo->arena)
+            PORT_FreeArena(cipherInfo->arena, PR_TRUE);
+        cipherInfo = cipherInfo->next;
+        PORT_Free(tmpInfo);
+    }
+
+    /*NSS_Shutdown();*/
+
+    return SECSuccess;
+}
diff --git a/nss/cmd/bltest/bltest.gyp b/nss/cmd/bltest/bltest.gyp
new file mode 100644
index 0000000..7139c31
--- /dev/null
+++ b/nss/cmd/bltest/bltest.gyp
@@ -0,0 +1,35 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'bltest',
+      'type': 'executable',
+      'sources': [
+        'blapitest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../nss/lib/softoken'
+    ],
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/bltest/manifest.mn b/nss/cmd/bltest/manifest.mn
new file mode 100644
index 0000000..6e9946c
--- /dev/null
+++ b/nss/cmd/bltest/manifest.mn
@@ -0,0 +1,26 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+REQUIRES = seccmd dbm softoken
+
+INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
+
+PROGRAM = bltest
+
+ USE_STATIC_LIBS = 1
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	blapitest.c \
+	$(NULL)
+
diff --git a/nss/cmd/bltest/pkcs1_vectors.h b/nss/cmd/bltest/pkcs1_vectors.h
new file mode 100644
index 0000000..0672967
--- /dev/null
+++ b/nss/cmd/bltest/pkcs1_vectors.h
@@ -0,0 +1,789 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Vectors from pkcs1v15sign-vectors.txt */
+
+struct pkcs1_test_vector {
+    unsigned char *n;
+    unsigned long n_len;
+    unsigned char *e;
+    unsigned long e_len;
+    unsigned char *d;
+    unsigned long d_len;
+    unsigned char *p;
+    unsigned long p_len;
+    unsigned char *q;
+    unsigned long q_len;
+};
+
+struct pkcs1_test_vector PKCS1_VECTORS[15] = {
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88,
+            0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac,
+
+            0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02,
+
+            0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1,
+            0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f,
+            0xee, 0x89, 0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7,
+            0x34, 0xe4, 0x47, 0x27, 0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53,
+            0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c,
+            0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52,
+            0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22,
+            0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3,
+            0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    },
+    {
+        (unsigned char[]){
+            0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+            0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e,
+            0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a,
+            0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62,
+            0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf,
+            0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+            0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d,
+            0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77,
+            0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59,
+            0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3,
+            0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f,
+            0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+            0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37 },
+        128,
+        (unsigned char[]){ 0x01, 0x00, 0x01 }, 3,
+        (unsigned char[]){
+            0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f, 0x54, 0x51,
+            0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+            0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe,
+            0x92, 0xe8, 0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f,
+            0x97, 0x85, 0x3a, 0xd0, 0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3,
+            0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1, 0x12, 0x31, 0x88, 0x44,
+            0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89, 0x6a, 0x10,
+            0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+            0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c,
+            0x2a, 0xba, 0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f,
+            0x53, 0xc3, 0xee, 0x37, 0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e,
+            0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22, 0xad, 0x79, 0xc6, 0xdc,
+            0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25 },
+        128,
+        (unsigned char[]){
+            0xb6, 0x9d, 0xca, 0x1c, 0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7,
+            0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a, 0xbc, 0xde, 0x12, 0x3f,
+            0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b, 0x6e, 0x48,
+            0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+            0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e,
+            0x69, 0x63, 0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26,
+            0x9a, 0x67, 0x99, 0xfd },
+        64,
+        (unsigned char[]){
+            0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+            0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa,
+            0x72, 0xd5, 0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96,
+            0x79, 0x48, 0xc0, 0xa7, 0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb,
+            0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf, 0x55, 0xa1, 0x53, 0x5b,
+            0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d, 0xcd, 0x3e,
+            0xda, 0x8e, 0x64, 0x43 },
+        64,
+    }
+};
diff --git a/nss/cmd/bltest/tests/README b/nss/cmd/bltest/tests/README
new file mode 100644
index 0000000..6d1302b
--- /dev/null
+++ b/nss/cmd/bltest/tests/README
@@ -0,0 +1,56 @@
+This directory contains a set of tests for each cipher supported by
+BLAPI.  Each subdirectory contains known plaintext and ciphertext pairs
+(and keys and/or iv's if needed).  The tests can be run as a full set
+with:
+    bltest -T
+or as subsets, for example:
+    bltest -T -m des_ecb,md2,rsa
+
+In each subdirectory, the plaintext, key, and iv are ascii, and treated
+as such.  The ciphertext is base64-encoded to avoid the hassle of binary
+files.
+
+To add a test, incremement the value in the numtests file.  Create a
+plaintext, key, and iv file, such that the name of the file is
+incrememted one from the last set of tests.  For example, if you are
+adding the second test, put your data in files named plaintext1, key1,
+and iv1 (ignoring key and iv if they are not needed, of course).  Make
+sure your key and iv are the correct number of bytes for your cipher (a
+trailing \n is okay, but any other trailing bytes will be used!).  Once
+you have your input data, create output data by running bltest on a
+trusted implementation.  For example, for a new DES ECB test, run
+    bltest -E -m des_ecb -i plaintext1 -k key1 -o ciphertext1 -a in the
+tests/des_ecb directory.  Then run
+    bltest -T des_ecb from the cmd/bltest directory in the tree of the
+implementation you want to test.
+
+Note that the -a option above is important, it tells bltest to expect
+the input to be straight ASCII, and not base64 encoded binary!
+
+Special cases:
+
+RC5:
+RC5 can take additional parameters, the number of rounds to perform and
+the wordsize to use.  The number of rounds is between is between 0 and
+255, and the wordsize is either is either 16, 32, or 64 bits (at this
+time only 32-bit is supported).  These parameters are specified in a
+paramsN file, where N is an index as above.  The format of the file is
+"rounds=R\nwordsize=W\n".
+
+public key modes (RSA and DSA):
+Asymmetric key ciphers use keys with special properties, so creating a
+key file with "Mozilla!" in it will not get you very far!  To create a
+public key, run bltest with the plaintext you want to encrypt, using a
+trusted implementation.  bltest will generate a key and store it in
+"tmp.key", rename that file to keyN.  For example:
+    bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a
+    mv tmp.key key0
+
+RSA-OAEP/RSA-PSS:
+RSA-OAEP and RSA-PSS have a number of additional parameters to feed in.
+- "seedN": The seed or salt to use when encrypting/signing
+- "hashN" / "maskhashN" - The base digest algorithm and the digest algorithm
+   to use with MGF1, respectively. This should be an ASCII string specifying
+   one of the hash algorithms recognized by bltest (eg: "sha1", "sha256")
+
+[note: specifying a keysize (-g) when using RSA is important!]
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext0 b/nss/cmd/bltest/tests/aes_cbc/ciphertext0
new file mode 100644
index 0000000..4da9e52
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext0
@@ -0,0 +1 @@
+oJLgOzZ1GiWt3DGo2sPKaOnyGuRz5sZwmDyn4dvAqd8=
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext1 b/nss/cmd/bltest/tests/aes_cbc/ciphertext1
new file mode 100644
index 0000000..1126bbf
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext1
@@ -0,0 +1 @@
+AzZ2PpZtkllaVnzJzlN/Xg==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext10 b/nss/cmd/bltest/tests/aes_cbc/ciphertext10
new file mode 100644
index 0000000..c3d443f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext10
@@ -0,0 +1,3 @@
+eykx9YVfcXFF4A8VKp9HlDWbH/yz5V9ZTjMJi1HCOmx0oGwdlP3tf9KuQsfbesrv
+WETLM67dxoUlhe0AIKZpnSy1OAnO/RaRSM5CKSr6sGNEOXgwbFgsGLnODaPQhM5N
+PEgs/Y/PGoUITon7iLQKCE1elyRm0HZmEm+3YfhAePI=
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext11 b/nss/cmd/bltest/tests/aes_cbc/ciphertext11
new file mode 100644
index 0000000..ae00d8b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext11
@@ -0,0 +1,3 @@
+sJUS8+/57Q2FiQmDpz2tu3w2eNUlgb5kqKj8WG9JDyUhKXpHigWYBA69D1UJ+vsJ
+afnZ5gDq7zOxuT7tmWh7Fn+JpQZarEOc5G87jSLTCGXmTkXvjNMLaYQ1OoRKEcjN
+YNug6IZrPuMNJLP6imQ7MoNT4GAQ+oJzyP1U7woraTDlUgquXNWQL5uGozWSykNl
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext12 b/nss/cmd/bltest/tests/aes_cbc/ciphertext12
new file mode 100644
index 0000000..605a1ba
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext12
@@ -0,0 +1,4 @@
+a+ihKABFWjIFOIU+DLoxvS2A6gyFFkpMXCYa5IVBfZPv/i68DQoLUdbqGGM9IQz2
+PAxN28J2B/LoHtkRMZHvhtVvO5m+bEFaQVApn7hGznFgtAtjuvEXnRknWi6DaYN2
+0ouSVIxo4G5tmU4sFQHtKXAU5wLN7+4vZWRHcGAJYU2AHeHKr3P4t/pWzxupS2MZ
+M7vld2JDgIUPEXQ1oDVbKw==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext13 b/nss/cmd/bltest/tests/aes_cbc/ciphertext13
new file mode 100644
index 0000000..2abf369
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext13
@@ -0,0 +1 @@
+UdRHefkNQKgASCdsA1y0nKKke8ubnPcnC5FEeTeH1T8=
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext14 b/nss/cmd/bltest/tests/aes_cbc/ciphertext14
new file mode 100644
index 0000000..f16428a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext14
@@ -0,0 +1,2 @@
+1fVYl2C/nHYiKP3iNt4fot0trUSNs/qb4MQZbv1Go1yE3RrHfZ21jJWRjLMXpkMK
+CNL7ao6LDxybcsejRNw0nw==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext15 b/nss/cmd/bltest/tests/aes_cbc/ciphertext15
new file mode 100644
index 0000000..ed1cecd
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext15
@@ -0,0 +1,2 @@
+dTlZdL0ys2ZWVKbI45a4iuNLEjV1hyp6tofY52tG35EailkM0B0vXDML46Zibp3T
+ql4Q7RTo/4KYEbb+1Q8/UzykOFocvKePXEdE5Q8vg1kWXCSF0TJOdsPq52oMysYp
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext16 b/nss/cmd/bltest/tests/aes_cbc/ciphertext16
new file mode 100644
index 0000000..8fa8952
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext16
@@ -0,0 +1,3 @@
+gVjiFCDyW1nWrpQ/ocvyHwLpefQZ2rASanIbfu9Vvumtl/XM/30jkFe7wZqMN4FC
+92cvHV5+F9e+vLAHDoNVys5mYBcaU7YYFq6CSm72nORwtv/TtbtLQ4h02R0nhU07
+byWGDTholY3jMH1isTOb3duKMYwM4PM8F8rw6fYECCA=
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext17 b/nss/cmd/bltest/tests/aes_cbc/ciphertext17
new file mode 100644
index 0000000..8ca864c
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext17
@@ -0,0 +1,3 @@
+km2ySMwbog8MV2MafIrvCU95GTe5BZSeNGAkDov6b6SDEVobMQtuQ2nK68UmKIg3
+ex3apYAOpJaivf8PmhAx5xKcmiDjViHn8Li6yg2HAw8q58qFk8hZlnegb9SyYAnq
+0I/srCTKqc8srTtHDIInQVp7Hg8uqz+tltcKIJyLsmxidnfiUxuUNcpuPERNGVtf
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext18 b/nss/cmd/bltest/tests/aes_cbc/ciphertext18
new file mode 100644
index 0000000..9b42740
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext18
@@ -0,0 +1,4 @@
+yCzyxHbeqMtqbmB6QNLwORvoLqnshKU3poIPmvuZe3Y5fQBUJPqmp03E6MeqSokA
+aQ+JS20dyoBnU5PSJDrax2LxWTAeNX6YtyR2IxDNWnuv4cKgMNukb9k6n9uJzBMs
+qcF9xyAx7Ggi7lqdmdvKZseEwBsIhcu2LinZeAGSfsQVpdIVFY0yX57miUN60bdo
+StM8DZJzlFGsh/Of+MMbhA==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext19 b/nss/cmd/bltest/tests/aes_cbc/ciphertext19
new file mode 100644
index 0000000..39bf937
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext19
@@ -0,0 +1 @@
+L6Dfciqf07ZMsY+ys9tV/yJnQidXKJQT+PZXUHQSpkw=
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext2 b/nss/cmd/bltest/tests/aes_cbc/ciphertext2
new file mode 100644
index 0000000..ec069ab
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext2
@@ -0,0 +1 @@
+qaFjG/SZaVTrwJOVeyNFiQ==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext20 b/nss/cmd/bltest/tests/aes_cbc/ciphertext20
new file mode 100644
index 0000000..d74f0e0
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext20
@@ -0,0 +1,2 @@
+BdXHdylCGwi3N+QRGfpEONH1cMx3Kk1sPff/7aA4TvhCiM43/ExMfRElpJmwUTZM
+OJ/WOb3aZH2qO9rasutVlA==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext21 b/nss/cmd/bltest/tests/aes_cbc/ciphertext21
new file mode 100644
index 0000000..9f3b9ea
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext21
@@ -0,0 +1,2 @@
+rD1tuv4uD3QGMv2eggv2BEzVsVUcu5zAPAslw5zLfzO4Oqz8pAoyZfK7/4eRU0SK
+ysuI/Ps7t7EP5GOmjAEJ8Cg4Lj5VexrfAu1kira7iV3wIF0m67+ppf2M69jkvuPc
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext22 b/nss/cmd/bltest/tests/aes_cbc/ciphertext22
new file mode 100644
index 0000000..b9b5b5c
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext22
@@ -0,0 +1,3 @@
+kLe5YwojePU/UBq3vv8DkVUAgHG8hDjniZMs/T6xKZGVRl5mM4SUY/20Q3Unji/b
+ExCCHmSSz4D/Fct3JQn7Qm867uJ71JOIgv0q5rW9nZH6SkOxe7Q5675ZwEIxAWOo
+Kl/lOIeW7uNaGBoScfAL4puFLY+nWbrQH/RnjwEFlM0=
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext23 b/nss/cmd/bltest/tests/aes_cbc/ciphertext23
new file mode 100644
index 0000000..e7710c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext23
@@ -0,0 +1,3 @@
+AlSyNGO8q+xaOV63TI+w6xN6B7xvXp9h7AsFfeMFcU+PopQiHJGhWcMVk5uB4wDu
+kCGS7F8VJUQo2HcveTJOxDKYyiHACzcCc+5eXtkOQ++h4FpdFxIJ/jT58pI326Km
+cmZQ/TsTIXR9EgiGPGw8az4th5q18leC8Iuo8qu+Y+C+20oifoGvs2u2ZFUINW00
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext24 b/nss/cmd/bltest/tests/aes_cbc/ciphertext24
new file mode 100644
index 0000000..d5234aa
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext24
@@ -0,0 +1,4 @@
+/Fhz5Q3o+vTGuEunB7CFTp25qy6ffXB/u6M4xoQ6GPxvrOuvZj0mKW+zKbTSbxhJ
+THngnneWR/m6+odIljDXn0MBYQwjAMGdvzFIt8rIxPSUQQJ1TzMukrb3xedbxhee
+uHegeNRxkAkCF0TBTxP9KlWiucRNGAAGhahFpPYyx8VqdzBu+maiTQXQiNzXwT/i
+T8RHJ1ll255NN/vJMERIzQ==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext3 b/nss/cmd/bltest/tests/aes_cbc/ciphertext3
new file mode 100644
index 0000000..82c4cd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext3
@@ -0,0 +1 @@
+J1z8BBPYzLcFE8OFmx0Pcg==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext4 b/nss/cmd/bltest/tests/aes_cbc/ciphertext4
new file mode 100644
index 0000000..81714bd
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext4
@@ -0,0 +1 @@
+ybgTX/G1rcQT39BTshvZbQ==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext5 b/nss/cmd/bltest/tests/aes_cbc/ciphertext5
new file mode 100644
index 0000000..ce9672a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext5
@@ -0,0 +1 @@
+XJ2ETtRvmIUIXl1qT5TH1w==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext6 b/nss/cmd/bltest/tests/aes_cbc/ciphertext6
new file mode 100644
index 0000000..fc53a4f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext6
@@ -0,0 +1 @@
+qf91vXz2YT03Mcd8O20MBA==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext7 b/nss/cmd/bltest/tests/aes_cbc/ciphertext7
new file mode 100644
index 0000000..1d6d84b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext7
@@ -0,0 +1 @@
+xNxh2XJZZ6MCAQSpc48jhoUnzoOaqxdS/YvblagsTQA=
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext8 b/nss/cmd/bltest/tests/aes_cbc/ciphertext8
new file mode 100644
index 0000000..7191a64
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext8
@@ -0,0 +1,2 @@
+Gblgl3LGPzOGCL9utSyhC+ZQl/icHgkFxCQB/Ud5GuLFRAstRzEWyni9n/L7YBXP
+0xZSTq59y5Wuc46+roSkZw==
diff --git a/nss/cmd/bltest/tests/aes_cbc/ciphertext9 b/nss/cmd/bltest/tests/aes_cbc/ciphertext9
new file mode 100644
index 0000000..232a691
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/ciphertext9
@@ -0,0 +1,2 @@
+O4YRv8SXPFzY6YKwc7MxhM0mEQFZFy5EmI61/1ZhoeFvrWclj8v+5VRpJnoS3DdI
+k7TjUz029WNMMJVYNZbxNaqM0RONyJi8VlHuNakuv4mrautTZmU7xgpw4AdPwR7+
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv0 b/nss/cmd/bltest/tests/aes_cbc/iv0
new file mode 100644
index 0000000..4e65bc0
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv0
@@ -0,0 +1 @@
+qwertyuiopasdfgh
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv1 b/nss/cmd/bltest/tests/aes_cbc/iv1
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/iv10 b/nss/cmd/bltest/tests/aes_cbc/iv10
new file mode 100644
index 0000000..58d7a2d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv10
@@ -0,0 +1 @@
+žù4”n\Ю—½XS,´“�
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv11 b/nss/cmd/bltest/tests/aes_cbc/iv11
new file mode 100644
index 0000000..6847886
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv11
@@ -0,0 +1 @@
+$_&[vëëÂíÊÄ¢ø
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv12 b/nss/cmd/bltest/tests/aes_cbc/iv12
new file mode 100644
index 0000000..15040cd
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv12
@@ -0,0 +1 @@
+»ë/«´H¯„—–$J×
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv13 b/nss/cmd/bltest/tests/aes_cbc/iv13
new file mode 100644
index 0000000..1bef08a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv13
@@ -0,0 +1 @@
+óÖf~�My`÷P[£ƒë
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv14 b/nss/cmd/bltest/tests/aes_cbc/iv14
new file mode 100644
index 0000000..099828f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv14
@@ -0,0 +1 @@
+‹YÉ œRœ¨9ŸÀÎ<8
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv15 b/nss/cmd/bltest/tests/aes_cbc/iv15
new file mode 100644
index 0000000..d7a44d9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv15
@@ -0,0 +1 @@
+6긃¯ï“lÃ�c(FÍ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv16 b/nss/cmd/bltest/tests/aes_cbc/iv16
new file mode 100644
index 0000000..678bb8d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv16
@@ -0,0 +1 @@
+ãțЗëÝöOH�Ûm¿â
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv17 b/nss/cmd/bltest/tests/aes_cbc/iv17
new file mode 100644
index 0000000..7ff21ab
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv17
@@ -0,0 +1 @@
+’¤(3ñE
¤½Æè<
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv18 b/nss/cmd/bltest/tests/aes_cbc/iv18
new file mode 100644
index 0000000..244b502
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv18
@@ -0,0 +1 @@
+$@€8,Êà{›¶cUÁ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv19 b/nss/cmd/bltest/tests/aes_cbc/iv19
new file mode 100644
index 0000000..919e165
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv19
@@ -0,0 +1 @@
+ýê¡4È×7�EquýWÓü
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv2 b/nss/cmd/bltest/tests/aes_cbc/iv2
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/iv20 b/nss/cmd/bltest/tests/aes_cbc/iv20
new file mode 100644
index 0000000..c49bf8f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv20
@@ -0,0 +1 @@
+ÀÍ+ëÌ»lI’ÕH*ÇVè
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv21 b/nss/cmd/bltest/tests/aes_cbc/iv21
new file mode 100644
index 0000000..6452e3d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv21
@@ -0,0 +1,2 @@
+³Ë—¨
+S™¸ÂE
;“•
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv22 b/nss/cmd/bltest/tests/aes_cbc/iv22
new file mode 100644
index 0000000..42b7bd3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv22
@@ -0,0 +1 @@
+LïüYcÔY`&u>–I
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv23 b/nss/cmd/bltest/tests/aes_cbc/iv23
new file mode 100644
index 0000000000000000000000000000000000000000..99b22495ccacd11ae5c41ccdd2a241b9470d3a3b
GIT binary patch
literal 16
YcmWGMCi&;XCVQSr)h`UoPMyvL07fVXQ~&?~

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/iv24 b/nss/cmd/bltest/tests/aes_cbc/iv24
new file mode 100644
index 0000000..0104daf
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv24
@@ -0,0 +1 @@
+ÖÕ�¸ÏëӶ꡵?~á
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv3 b/nss/cmd/bltest/tests/aes_cbc/iv3
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/iv4 b/nss/cmd/bltest/tests/aes_cbc/iv4
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/iv5 b/nss/cmd/bltest/tests/aes_cbc/iv5
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/iv6 b/nss/cmd/bltest/tests/aes_cbc/iv6
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/iv7 b/nss/cmd/bltest/tests/aes_cbc/iv7
new file mode 100644
index 0000000..524d1b9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv7
@@ -0,0 +1 @@
+ªÑX<Ùeã»/40Ðe»
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv8 b/nss/cmd/bltest/tests/aes_cbc/iv8
new file mode 100644
index 0000000..f58e954
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv8
@@ -0,0 +1 @@
+È	]‹± `iŸ|—J 
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/iv9 b/nss/cmd/bltest/tests/aes_cbc/iv9
new file mode 100644
index 0000000..d6c4782
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/iv9
@@ -0,0 +1 @@
+eµî60¾Ö¸BÙ¹z
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key0 b/nss/cmd/bltest/tests/aes_cbc/key0
new file mode 100644
index 0000000..13911cc
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key0
@@ -0,0 +1 @@
+fedcba9876543210
diff --git a/nss/cmd/bltest/tests/aes_cbc/key1 b/nss/cmd/bltest/tests/aes_cbc/key1
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key10 b/nss/cmd/bltest/tests/aes_cbc/key10
new file mode 100644
index 0000000..3cdff7a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key10
@@ -0,0 +1 @@
+Ä‘Ê1ùEŽ)©%ìU�x
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key11 b/nss/cmd/bltest/tests/aes_cbc/key11
new file mode 100644
index 0000000..4a13040
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key11
@@ -0,0 +1 @@
+öè}q°Mn°jhÜjqô˜
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key12 b/nss/cmd/bltest/tests/aes_cbc/key12
new file mode 100644
index 0000000..0a0103d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key12
@@ -0,0 +1 @@
+,A7QÃ'0W£6xk
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key13 b/nss/cmd/bltest/tests/aes_cbc/key13
new file mode 100644
index 0000000..87ae208
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key13
@@ -0,0 +1 @@
+ê³±œX¨sᘃ«�ƒ»øQû.k!
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key14 b/nss/cmd/bltest/tests/aes_cbc/key14
new file mode 100644
index 0000000..de4da4d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key14
@@ -0,0 +1 @@
+{±{M÷…i~¬Ï–˜âËuæy|é5Ë
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key15 b/nss/cmd/bltest/tests/aes_cbc/key15
new file mode 100644
index 0000000..b13351f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key15
@@ -0,0 +1 @@
+ãþÌuðZ	³ƒßÓ‰£Ó<ɸT³²TÀô
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key16 b/nss/cmd/bltest/tests/aes_cbc/key16
new file mode 100644
index 0000000000000000000000000000000000000000..71afcb384f652847a5a15141d4bec356a5376dc6
GIT binary patch
literal 24
gcmey(d43+l?H|n<bJ^!iVkkerZe!TV9lC2P0F>1W1poj5

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key17 b/nss/cmd/bltest/tests/aes_cbc/key17
new file mode 100644
index 0000000..291b89b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key17
@@ -0,0 +1 @@
+¼¦ú<gý)N•�fþ‹ÖOEô(õ¼Ž—3§
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key18 b/nss/cmd/bltest/tests/aes_cbc/key18
new file mode 100644
index 0000000..9c28957
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key18
@@ -0,0 +1 @@
+*ÕæJªUWíÁk,jMK^î
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key19 b/nss/cmd/bltest/tests/aes_cbc/key19
new file mode 100644
index 0000000..f0ca408
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key19
@@ -0,0 +1 @@
+ÜâlkLû(eÚNìÒÏþlßC3Û›_w´`g›Ô�®
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key2 b/nss/cmd/bltest/tests/aes_cbc/key2
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key20 b/nss/cmd/bltest/tests/aes_cbc/key20
new file mode 100644
index 0000000..ce28587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key20
@@ -0,0 +1 @@
+“ÿcq¯j[Ž�¬ßZ=K¯Ñ¯µs¾zÞž†‚æcå
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key21 b/nss/cmd/bltest/tests/aes_cbc/key21
new file mode 100644
index 0000000..1b1a9bc
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key21
@@ -0,0 +1,2 @@
+s¸úð3¬™…\öùéä…i
+Y¤†�MÏHÒ‚ú®*
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key22 b/nss/cmd/bltest/tests/aes_cbc/key22
new file mode 100644
index 0000000..4b23daa
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key22
@@ -0,0 +1 @@
+E‹g¿!- ó¥Î9 eX-Îûó�ª"”Ÿƒ8«�R&
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key23 b/nss/cmd/bltest/tests/aes_cbc/key23
new file mode 100644
index 0000000..cc1b48f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key23
@@ -0,0 +1 @@
+ÒA-°„]„ås+‹½d)WG;�û™Ê‹ÿpç’
ÁÛì‰
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key24 b/nss/cmd/bltest/tests/aes_cbc/key24
new file mode 100644
index 0000000..cf579fc
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key24
@@ -0,0 +1 @@
+H¾Y~c,w#$ÈÓúœZžÍ
ì]
;þÃvÅS+
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key3 b/nss/cmd/bltest/tests/aes_cbc/key3
new file mode 100644
index 0000000000000000000000000000000000000000..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
KcmZQzzzzTa7ytnP

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key4 b/nss/cmd/bltest/tests/aes_cbc/key4
new file mode 100644
index 0000000000000000000000000000000000000000..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
KcmZQzzzzTa7ytnP

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key5 b/nss/cmd/bltest/tests/aes_cbc/key5
new file mode 100644
index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
KcmZQzzz+ZbAOHaX

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key6 b/nss/cmd/bltest/tests/aes_cbc/key6
new file mode 100644
index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
KcmZQzzz+ZbAOHaX

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key7 b/nss/cmd/bltest/tests/aes_cbc/key7
new file mode 100644
index 0000000000000000000000000000000000000000..c1e46cee5edf8442a908610bfa0210df55912925
GIT binary patch
literal 16
XcmZQ)xW>HjsK}G-#EH9{xvY2qGus8}

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/key8 b/nss/cmd/bltest/tests/aes_cbc/key8
new file mode 100644
index 0000000..804b8d4
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key8
@@ -0,0 +1 @@
+·óÉWnÝ
¶>��¬+š9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/key9 b/nss/cmd/bltest/tests/aes_cbc/key9
new file mode 100644
index 0000000..193a2a1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/key9
@@ -0,0 +1 @@
+»ç·ºOñ®|4þ‹F^
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/mktst.sh b/nss/cmd/bltest/tests/aes_cbc/mktst.sh
new file mode 100644
index 0000000..443167e
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/mktst.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
+do
+    file="test$i.txt"
+    grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i
+    grep "IV = "  $file | sed -e 's;IV = ;;' | hex > iv$i
+    grep "PLAINTEXT = "  $file | sed -e 's;PLAINTEXT = ;;' | hex  > plaintext$i
+    grep "CIPHERTEXT = "  $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin
+    btoa < ciphertext$i.bin > ciphertext$i
+    rm ciphertext$i.bin
+done
diff --git a/nss/cmd/bltest/tests/aes_cbc/numtests b/nss/cmd/bltest/tests/aes_cbc/numtests
new file mode 100644
index 0000000..7273c0f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/numtests
@@ -0,0 +1 @@
+25
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext0 b/nss/cmd/bltest/tests/aes_cbc/plaintext0
new file mode 100644
index 0000000..cc67189
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext0
@@ -0,0 +1 @@
+0123456789abcdef0123456789abcdef
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext1 b/nss/cmd/bltest/tests/aes_cbc/plaintext1
new file mode 100644
index 0000000..8bac1b7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext1
@@ -0,0 +1 @@
+óD�ì<Æ'ºÍ]Ãûòsæ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext10 b/nss/cmd/bltest/tests/aes_cbc/plaintext10
new file mode 100644
index 0000000..779400b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext10
@@ -0,0 +1,2 @@
+Ëjx~
ìVù¡e•�¯3l¦´…Ùé@“ÆQRdŸˆ.‡My¬^{Ò§Lå®�.èTöSž
+”ykÔÉüÛÇšËïM
vÑŠ÷â¤üGÝfßlM¾PäfTšG¶6¼Ç³¦$•µk¶{mE_ëÙ¿ï켦Çó5ÏΛEË�
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext11 b/nss/cmd/bltest/tests/aes_cbc/plaintext11
new file mode 100644
index 0000000..c226c29
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext11
@@ -0,0 +1 @@
+ø+ï<s¦÷ø
²…rmi¶¿UîÂZ…�; àD_&¹»;£цnMØòåøì´ämt§§Œ Íü{ÌžG›§ Êº”8#ŠÐÀQÕÙ�ãÝÎnkKÔ«ÏžŽØ®ß¡Ï–;“ g¹}wm·n~‘?tHã‚DPŸ¯6½‚áS6Ó\ŸÔä‰?Û„
O‡)
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext12 b/nss/cmd/bltest/tests/aes_cbc/plaintext12
new file mode 100644
index 0000000..357fd2c
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext12
@@ -0,0 +1 @@
+@Ù0ù S4Ù�o♜?‚ ?jW¨ÄuÉESÑÑi:Üa€Ið§i¢îÖ¦ËÀ>ÅÌͼ�ìLå`ÏÒ"W	2mM甎TÖÐ×þ×Rû#ñªD”û°
0éÞÔç~7Ày-‚€@Ã%±¥ïÑ_ÈBä@ÊCt¿8óÃü>ã's;Šî¼ÐUw/Ü`?{,¦Ÿöb6+à¡q»Üê]?
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext13 b/nss/cmd/bltest/tests/aes_cbc/plaintext13
new file mode 100644
index 0000000..88c5250
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext13
@@ -0,0 +1 @@
+�NLÌÑh#!…mðiãñÆú9:Ÿ°-YÛtÁ@�³¬Ä
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext14 b/nss/cmd/bltest/tests/aes_cbc/plaintext14
new file mode 100644
index 0000000..c42aec2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext14
@@ -0,0 +1 @@
+Û7…¨‰´½8wTÚ"/L-+þ
yà[Éû©A¾ê0ñ#ž¬ð�Fì
Ãhé†ü¦·ÅŽIyÒ–½y†ïõO
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext15 b/nss/cmd/bltest/tests/aes_cbc/plaintext15
new file mode 100644
index 0000000..1266255
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext15
@@ -0,0 +1 @@
+“/_:X Õ:kêªd1:4ˆôë°õµ~ø8áW–#;Öæ€wS‹.Qïp�<IVC.ŠŽæ£NB²jؽ®l*ù¦Ç™o;`ÒgAñÉôà=JR° eJ3óMÎ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext16 b/nss/cmd/bltest/tests/aes_cbc/plaintext16
new file mode 100644
index 0000000..6348620
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext16
@@ -0,0 +1 @@
+Á£vƒû(”gÝ,‰ïº»Òî$ÏÑ�DYmí&‚Çš/qz2¿j$ºÝ2¤îc|s·¤¦%†5e‘ûŸúE½ü<±"bA³ÞÎØ™j¥¨Óè�pà¤KÀWÔ†# Ö"©?©Ú)ªíõÙèvÉF ”_øìÈ?'7žÕ\ô�Åy'
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext17 b/nss/cmd/bltest/tests/aes_cbc/plaintext17
new file mode 100644
index 0000000..6343a1a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext17
@@ -0,0 +1,2 @@
+[ì¼1ؾ­m6®
JXcÑJCkUÒž¦ºªArqqm³£;.PkE †ßæ�ƒJÂÞ0¼A%NÅ@Ä}B7Çy/ÜבMŠò±ufBÕŒu©/kÅ=2j饷á±
+—VWF’“M™9ü9ž ?~ߎ~d‚êÝ1 @pè—´ŒkÊ+@E“P€é3w5ŒB ôÞÞ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext18 b/nss/cmd/bltest/tests/aes_cbc/plaintext18
new file mode 100644
index 0000000000000000000000000000000000000000..4858130f6624513fd3967636d0a94fa32080b18c
GIT binary patch
literal 160
zcmV;R0AK&UioXDm6JwZqg3Nc&?2&1EqlJH-PlUaBKx`9@0%?x`GIr2Jks!YGSB-f7
z%D#>V4iRw+KME&Ay;4I?#{d<GOc)-${ZYmQryNq`z~K<QK#bI4vPh^4ii*H%xl*hh
zf3DF)fPWfu8-MG{_k&kr-u{y8&&R2hP8@J7|K_}gb3W4{LNOr-TEH#%mMhD_lW>ym
OzYdV7vJO4i!bGmGT}_$*

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext19 b/nss/cmd/bltest/tests/aes_cbc/plaintext19
new file mode 100644
index 0000000000000000000000000000000000000000..0d6ad5e8c8ce9227c5d865f9611d744f34fa2470
GIT binary patch
literal 32
ocmWG|`R?JGpa#wtr_Y*ZmUhTbEehFaKk@ppG+hBhg`n3A03N;%bN~PV

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext2 b/nss/cmd/bltest/tests/aes_cbc/plaintext2
new file mode 100644
index 0000000..b2153e2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext2
@@ -0,0 +1 @@
+—˜Äd­uÇÃ"}¹Nr
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext20 b/nss/cmd/bltest/tests/aes_cbc/plaintext20
new file mode 100644
index 0000000..6873047
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext20
@@ -0,0 +1 @@
+‹7ù�ô»%•kæ1sÈÜXê—ÿI¶C{4É¿ð–©OíÖ‚5&«ÂzŽanî%J´V}ÖŽŒÍL8¬V;cœ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext21 b/nss/cmd/bltest/tests/aes_cbc/plaintext21
new file mode 100644
index 0000000..22bfbac
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext21
@@ -0,0 +1 @@
+:Þ¦ànBÄðA‘òw^ö7Œ°ˆ$^ÜOdHâ2[`Ð4[Ÿœxße–ì�"·¹çn�<v³-]g'?ƒþzoÃÝ<I‘púW
³¾¬a´�ð©á?„F@ÄPšÓzß°®
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext22 b/nss/cmd/bltest/tests/aes_cbc/plaintext22
new file mode 100644
index 0000000000000000000000000000000000000000..a36a7f9da083ee25e73838e070e3de67a1b2cd7f
GIT binary patch
literal 128
zcmV-`0Du1_Z`VBITI1@RCEY5NR7pOT*keEDGqquM+~{~*<=eZ2+w#bw?y>1>QHhoX
z<ncSa5xG0|^P4njz7&OvTXGFbQY|+A?Rqktn;wNMl7Pg0xC5LQ#F7<ppnVu*5`!?{
ioG^{vp=nN)$VCA0rXFEIm*{FR?81%qOv^maR5z+EaY7;h

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext23 b/nss/cmd/bltest/tests/aes_cbc/plaintext23
new file mode 100644
index 0000000000000000000000000000000000000000..5201604a5f4b52d856f9f60dffe7a2dcfb10df1a
GIT binary patch
literal 144
zcmV;B0B`>SU<Sme8W;?jDS}O%30se<sBgsjCG4zW*kAVElHaIsCWyc)C@dR_^hB2j
z@-21g8Ib{9vLkfKUym7GTd=R|0|XEFmR=4MIoqXWJ{M1lrJ=K*<E(?6;|HYVOHYp*
y0Au$!>=>-u|1Q7abA#tJRfi+zLGYo2ZLi;*=pqoQB#Xflv%$QJP9-d$8`uK{W<=Ql

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext24 b/nss/cmd/bltest/tests/aes_cbc/plaintext24
new file mode 100644
index 0000000000000000000000000000000000000000..42c59ead887f692e13b6e5bbfe82c26331c34b2e
GIT binary patch
literal 160
zcmV;R0AK$MW7HGVhDC7a3$|g4_@ud5RfcGcGP|Iq?7=oKt*1)bGQ}#-(W-Prx>kEm
zeX8vD%p9_jg0B`z<s&NqC}?R`HCdPksi*LI9}|9;vEj+uyot7@<gcmQSXJ$+S5Q`{
z^!Owq79=aM!d5X2oidmvtTjDxU!$LZ&cQ_1LPc2l_Y0WGAPH^{EQMWJNQIyVC5R54
O`*T5K&d&EN@G!VcN=~-`

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext3 b/nss/cmd/bltest/tests/aes_cbc/plaintext3
new file mode 100644
index 0000000..b565f3a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext3
@@ -0,0 +1 @@
+zjô·ù‚)Þxmu¶9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext4 b/nss/cmd/bltest/tests/aes_cbc/plaintext4
new file mode 100644
index 0000000..9ef1cbb
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext4
@@ -0,0 +1 @@
+œ-ˆBåô�Wd‚Óš#šñ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext5 b/nss/cmd/bltest/tests/aes_cbc/plaintext5
new file mode 100644
index 0000000..767e9f4
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext5
@@ -0,0 +1,2 @@
+
G0ø
+Æ%þ„ð&ÆýT}
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext6 b/nss/cmd/bltest/tests/aes_cbc/plaintext6
new file mode 100644
index 0000000..e8537b6
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext6
@@ -0,0 +1 @@
+$¯6<äf_(%×´tœ˜
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext7 b/nss/cmd/bltest/tests/aes_cbc/plaintext7
new file mode 100644
index 0000000..b3b7284
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext7
@@ -0,0 +1 @@
+‹%Ç¿±ø½ÔÏÉö�ÿÅÝÇ&¡—ðå÷ ÷092y¾‘
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext8 b/nss/cmd/bltest/tests/aes_cbc/plaintext8
new file mode 100644
index 0000000..32b0833
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext8
@@ -0,0 +1 @@
+šÁ™TγTÓ"`÷7?Ó6$�ýän¿í.y�Zn½ÄiÞÀA‡r+„Ú¼²,è¡FWÚ 
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/plaintext9 b/nss/cmd/bltest/tests/aes_cbc/plaintext9
new file mode 100644
index 0000000..ba4b455
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/plaintext9
@@ -0,0 +1,2 @@
+*­,CV‹­tGFÓÚÀT4m&þݼš½‘‘@´yKâ© 
+QšQ¥µ@ôí'5H
²CN™©»`þSv7%¶(ÕsšQ·î:ï¯Å´Á¿Ddgç¿_xó÷Êñ‡
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cbc/test1.txt b/nss/cmd/bltest/tests/aes_cbc/test1.txt
new file mode 100644
index 0000000..1d46380
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test1.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 00000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6
+CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e
diff --git a/nss/cmd/bltest/tests/aes_cbc/test10.txt b/nss/cmd/bltest/tests/aes_cbc/test10.txt
new file mode 100644
index 0000000..e220c90
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test10.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = c491ca31f91708458e29a925ec558d78
+IV = 9ef934946e5cd0ae97bd58532cb49381
+PLAINTEXT = cb6a787e0dec56f9a165957f81af336ca6b40785d9e94093c6190e5152649f882e874d79ac5e167bd2a74ce5ae088d2ee854f6539e0a94796b1e1bd4c9fcdbc79acbef4d01eeb89776d18af71ae2a4fc47dd66df6c4dbe1d1850e466549a47b636bcc7c2b3a62495b56bb67b6d455f1eebd9bfefecbca6c7f335cfce9b45cb9d
+CIPHERTEXT = 7b2931f5855f717145e00f152a9f4794359b1ffcb3e55f594e33098b51c23a6c74a06c1d94fded7fd2ae42c7db7acaef5844cb33aeddc6852585ed0020a6699d2cb53809cefd169148ce42292afab063443978306c582c18b9ce0da3d084ce4d3c482cfd8fcf1a85084e89fb88b40a084d5e972466d07666126fb761f84078f2
diff --git a/nss/cmd/bltest/tests/aes_cbc/test11.txt b/nss/cmd/bltest/tests/aes_cbc/test11.txt
new file mode 100644
index 0000000..4eb4383
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test11.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = f6e87d71b0104d6eb06a68dc6a71f498
+IV = 1c245f26195b76ebebc2edcac412a2f8
+PLAINTEXT = f82bef3c73a6f7f80db285726d691db6bf55eec25a859d3ba0e0445f26b9bb3b16a3161ed1866e4dd8f2e5f8ecb4e46d74a7a78c20cdfc7bcc9e479ba7a0caba9438238ad0c01651d5d98de37f03ddce6e6b4bd4ab03cf9e8ed818aedfa1cf963b932067b97d776dce1087196e7e913f7448e38244509f0caf36bd8217e15336d35c149fd4e41707893fdb84014f8729
+CIPHERTEXT = b09512f3eff9ed0d85890983a73dadbb7c3678d52581be64a8a8fc586f490f2521297a478a0598040ebd0f5509fafb0969f9d9e600eaef33b1b93eed99687b167f89a5065aac439ce46f3b8d22d30865e64e45ef8cd30b6984353a844a11c8cd60dba0e8866b3ee30d24b3fa8a643b328353e06010fa8273c8fd54ef0a2b6930e5520aae5cd5902f9b86a33592ca4365
diff --git a/nss/cmd/bltest/tests/aes_cbc/test12.txt b/nss/cmd/bltest/tests/aes_cbc/test12.txt
new file mode 100644
index 0000000..1b2c7aa
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test12.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 2c14413751c31e2730570ba3361c786b
+IV = 1dbbeb2f19abb448af849796244a19d7
+PLAINTEXT = 40d930f9a05334d9816fe204999c3f82a03f6a0457a8c475c94553d1d116693adc618049f0a769a2eed6a6cb14c0143ec5cccdbc8dec4ce560cfd206225709326d4de7948e54d603d01b12d7fed752fb23f1aa4494fbb00130e9ded4e77e37c079042d828040c325b1a5efd15fc842e44014ca4374bf38f3c3fc3ee327733b0c8aee1abcd055772f18dc04603f7b2c1ea69ff662361f2be0a171bbdcea1e5d3f
+CIPHERTEXT = 6be8a12800455a320538853e0cba31bd2d80ea0c85164a4c5c261ae485417d93effe2ebc0d0a0b51d6ea18633d210cf63c0c4ddbc27607f2e81ed9113191ef86d56f3b99be6c415a4150299fb846ce7160b40b63baf1179d19275a2e83698376d28b92548c68e06e6d994e2c1501ed297014e702cdefee2f656447706009614d801de1caaf73f8b7fa56cf1ba94b631933bbe577624380850f117435a0355b2b
diff --git a/nss/cmd/bltest/tests/aes_cbc/test13.txt b/nss/cmd/bltest/tests/aes_cbc/test13.txt
new file mode 100644
index 0000000..344157f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test13.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = eab3b19c581aa873e1981c83ab8d83bbf8025111fb2e6b21
+IV = f3d6667e8d4d791e60f7505ba383eb05
+PLAINTEXT = 9d4e4cccd1682321856df069e3f1c6fa391a083a9fb02d59db74c14081b3acc4
+CIPHERTEXT = 51d44779f90d40a80048276c035cb49ca2a47bcb9b9cf7270b9144793787d53f
diff --git a/nss/cmd/bltest/tests/aes_cbc/test14.txt b/nss/cmd/bltest/tests/aes_cbc/test14.txt
new file mode 100644
index 0000000..c548ceb
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test14.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = 067bb17b4df785697eaccf961f98e212cb75e6797ce935cb
+IV = 8b59c9209c529ca8391c9fc0ce033c38
+PLAINTEXT = db3785a889b4bd387754da222f0e4c2d2bfe0d79e05bc910fba941beea30f1239eacf0068f4619ec01c368e986fca6b7c58e490579d29611bd10087986eff54f
+CIPHERTEXT = d5f5589760bf9c762228fde236de1fa2dd2dad448db3fa9be0c4196efd46a35c84dd1ac77d9db58c95918cb317a6430a08d2fb6a8e8b0f1c9b72c7a344dc349f
diff --git a/nss/cmd/bltest/tests/aes_cbc/test15.txt b/nss/cmd/bltest/tests/aes_cbc/test15.txt
new file mode 100644
index 0000000..71e0f1c
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test15.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = e3fecc75f0075a09b383dfd389a3d33cc9b854b3b254c0f4
+IV = 36eab883afef936cc38f63284619cd19
+PLAINTEXT = 931b2f5f3a5820d53a6beaaa6431083a3488f4eb03b0f5b57ef838e1579623103bd6e6800377538b2e51ef708f3c4956432e8a8ee6a34e190642b26ad8bdae6c2af9a6c7996f3b6004d2671e41f1c9f40ee03d1c4a52b0a0654a331f15f34dce
+CIPHERTEXT = 75395974bd32b3665654a6c8e396b88ae34b123575872a7ab687d8e76b46df911a8a590cd01d2f5c330be3a6626e9dd3aa5e10ed14e8ff829811b6fed50f3f533ca4385a1cbca78f5c4744e50f2f8359165c2485d1324e76c3eae76a0ccac629
diff --git a/nss/cmd/bltest/tests/aes_cbc/test16.txt b/nss/cmd/bltest/tests/aes_cbc/test16.txt
new file mode 100644
index 0000000..60e6e58
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test16.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = fb09cf9e00dbf883689d079c920077c0073c31890b55bab5
+IV = e3c89bd097c3abddf64f4881db6dbfe2
+PLAINTEXT = c1a37683fb289467dd1b2c89efba16bbd2ee24cf18d19d44596ded2682c79a2f711c7a32bf6a24badd32a4ee637c73b7a41da6258635650f91fb9ffa45bdfc3cb122136241b3deced8996aa51ea8d3e81c9d70e006a44bc0571ed48623a0d622a93fa9da290baaedf5d9e876c94620945ff8ecc83f27379ed55cf490c5790f27
+CIPHERTEXT = 8158e21420f25b59d6ae943fa1cbf21f02e979f419dab0126a721b7eef55bee9ad97f5ccff7d239057bbc19a8c378142f7672f1d5e7e17d7bebcb0070e8355cace6660171a53b61816ae824a6ef69ce470b6ffd3b5bb4b438874d91d27854d3b6f25860d3868958de3307d62b1339bdddb8a318c0ce0f33c17caf0e9f6040820
diff --git a/nss/cmd/bltest/tests/aes_cbc/test17.txt b/nss/cmd/bltest/tests/aes_cbc/test17.txt
new file mode 100644
index 0000000..262b055
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test17.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = bca6fa3c67fd294e958f66fe8bd64f45f428f5bc8e9733a7
+IV = 92a47f2833f1450d1da41717bdc6e83c
+PLAINTEXT = 5becbc31d8bead6d36ae014a5863d14a431e6b55d29ea6baaa417271716db3a33b2e506b452086dfe690834ac2de30bc41254ec5401ec47d064237c7792fdcd7914d8af20eb114756642d519021a8c75a92f6bc53d326ae9a5b7e1b10a9756574692934d9939fc399e0c203f7edf8e7e6482eadd31a0400770e897b48c6bca2b404593045080e93377358c42a0f4dede
+CIPHERTEXT = 926db248cc1ba20f0c57631a7c8aef094f791937b905949e3460240e8bfa6fa483115a1b310b6e4369caebc5262888377b1ddaa5800ea496a2bdff0f9a1031e7129c9a20e35621e7f0b8baca0d87030f2ae7ca8593c8599677a06fd4b26009ead08fecac24caa9cf2cad3b470c8227415a7b1e0f2eab3fad96d70a209c8bb26c627677e2531b9435ca6e3c444d195b5f
diff --git a/nss/cmd/bltest/tests/aes_cbc/test18.txt b/nss/cmd/bltest/tests/aes_cbc/test18.txt
new file mode 100644
index 0000000..50a2966
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test18.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 162ad50ee64a0702aa551f571dedc16b2c1b6a1e4d4b5eee
+IV = 24408038161a2ccae07b029bb66355c1
+PLAINTEXT = be8abf00901363987a82cc77d0ec91697ba3857f9e4f84bd79406c138d02698f003276d0449120bef4578d78fecabe8e070e11710b3f0a2744bd52434ec70015884c181ebdfd51c604a71c52e4c0e110bc408cd462b248a80b8a8ac06bb952ac1d7faed144807f1a731b7febcaf7835762defe92eccfc7a9944e1c702cffe6bc86733ed321423121085ac02df8962bcbc1937092eebf0e90a8b20e3dd8c244ae
+CIPHERTEXT = c82cf2c476dea8cb6a6e607a40d2f0391be82ea9ec84a537a6820f9afb997b76397d005424faa6a74dc4e8c7aa4a8900690f894b6d1dca80675393d2243adac762f159301e357e98b724762310cd5a7bafe1c2a030dba46fd93a9fdb89cc132ca9c17dc72031ec6822ee5a9d99dbca66c784c01b0885cbb62e29d97801927ec415a5d215158d325f9ee689437ad1b7684ad33c0d92739451ac87f39ff8c31b84
diff --git a/nss/cmd/bltest/tests/aes_cbc/test19.txt b/nss/cmd/bltest/tests/aes_cbc/test19.txt
new file mode 100644
index 0000000..a38ed01
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test19.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = dce26c6b4cfb286510da4eecd2cffe6cdf430f33db9b5f77b460679bd49d13ae
+IV = fdeaa134c8d7379d457175fd1a57d3fc
+PLAINTEXT = 50e9eee1ac528009e8cbcd356975881f957254b13f91d7c6662d10312052eb00
+CIPHERTEXT = 2fa0df722a9fd3b64cb18fb2b3db55ff2267422757289413f8f657507412a64c
diff --git a/nss/cmd/bltest/tests/aes_cbc/test2.txt b/nss/cmd/bltest/tests/aes_cbc/test2.txt
new file mode 100644
index 0000000..d9b681b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test2.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 00000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 9798c4640bad75c7c3227db910174e72
+CIPHERTEXT = a9a1631bf4996954ebc093957b234589
diff --git a/nss/cmd/bltest/tests/aes_cbc/test20.txt b/nss/cmd/bltest/tests/aes_cbc/test20.txt
new file mode 100644
index 0000000..a0586e1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test20.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = 0493ff637108af6a5b8e90ac1fdf035a3d4bafd1afb573be7ade9e8682e663e5
+IV = c0cd2bebccbb6c49920bd5482ac756e8
+PLAINTEXT = 8b37f9148df4bb25956be6310c73c8dc58ea9714ff49b643107b34c9bff096a94fedd6823526abc27a8e0b16616eee254ab4567dd68e8ccd4c38ac563b13639c
+CIPHERTEXT = 05d5c77729421b08b737e41119fa4438d1f570cc772a4d6c3df7ffeda0384ef84288ce37fc4c4c7d1125a499b051364c389fd639bdda647daa3bdadab2eb5594
diff --git a/nss/cmd/bltest/tests/aes_cbc/test21.txt b/nss/cmd/bltest/tests/aes_cbc/test21.txt
new file mode 100644
index 0000000..06abcde
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test21.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = 73b8faf00b3302ac99855cf6f9e9e48518690a5906a4869d4dcf48d282faae2a
+IV = b3cb97a80a539912b8c21f450d3b9395
+PLAINTEXT = 3adea6e06e42c4f041021491f2775ef6378cb08824165edc4f6448e232175b60d0345b9f9c78df6596ec9d22b7b9e76e8f3c76b32d5d67273f1d83fe7a6fc3dd3c49139170fa5701b3beac61b490f0a9e13f844640c4500f9ad3087adfb0ae10
+CIPHERTEXT = ac3d6dbafe2e0f740632fd9e820bf6044cd5b1551cbb9cc03c0b25c39ccb7f33b83aacfca40a3265f2bbff879153448acacb88fcfb3bb7b10fe463a68c0109f028382e3e557b1adf02ed648ab6bb895df0205d26ebbfa9a5fd8cebd8e4bee3dc
diff --git a/nss/cmd/bltest/tests/aes_cbc/test22.txt b/nss/cmd/bltest/tests/aes_cbc/test22.txt
new file mode 100644
index 0000000..991068f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test22.txt
@@ -0,0 +1,5 @@
+COUNT = 7
+KEY = 458b67bf212d20f3a57fce392065582dcefbf381aa22949f8338ab9052260e1d
+IV = 4c12effc5963d40459602675153e9649
+PLAINTEXT = 256fd73ce35ae3ea9c25dd2a9454493e96d8633fe633b56176dce8785ce5dbbb84dbf2c8a2eeb1e96b51899605e4f13bbc11b93bf6f39b3469be14858b5b720d4a522d36feed7a329c9b1e852c9280c47db8039c17c4921571a07d1864128330e09c308ddea1694e95c84500f1a61e614197e86a30ecc28df64ccb3ccf5437aa
+CIPHERTEXT = 90b7b9630a2378f53f501ab7beff039155008071bc8438e789932cfd3eb1299195465e6633849463fdb44375278e2fdb1310821e6492cf80ff15cb772509fb426f3aeee27bd4938882fd2ae6b5bd9d91fa4a43b17bb439ebbe59c042310163a82a5fe5388796eee35a181a1271f00be29b852d8fa759bad01ff4678f010594cd
diff --git a/nss/cmd/bltest/tests/aes_cbc/test23.txt b/nss/cmd/bltest/tests/aes_cbc/test23.txt
new file mode 100644
index 0000000..aa6b7d0
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test23.txt
@@ -0,0 +1,5 @@
+COUNT = 8
+KEY = d2412db0845d84e5732b8bbd642957473b81fb99ca8bff70e7920d16c1dbec89
+IV = 51c619fcf0b23f0c7925f400a6cacb6d
+PLAINTEXT = 026006c4a71a180c9929824d9d095b8faaa86fc4fa25ecac61d85ff6de92dfa8702688c02a282c1b8af4449707f22d75e91991015db22374c95f8f195d5bb0afeb03040ff8965e0e1339dba5653e174f8aa5a1b39fe3ac839ce307a4e44b4f8f1b0063f738ec18acdbff2ebfe07383e734558723e741f0a1836dafdf9de82210a9248bc113b3c1bc8b4e252ca01bd803
+CIPHERTEXT = 0254b23463bcabec5a395eb74c8fb0eb137a07bc6f5e9f61ec0b057de305714f8fa294221c91a159c315939b81e300ee902192ec5f15254428d8772f79324ec43298ca21c00b370273ee5e5ed90e43efa1e05a5d171209fe34f9f29237dba2a6726650fd3b1321747d1208863c6c3c6b3e2d879ab5f25782f08ba8f2abbe63e0bedb4a227e81afb36bb6645508356d34
diff --git a/nss/cmd/bltest/tests/aes_cbc/test24.txt b/nss/cmd/bltest/tests/aes_cbc/test24.txt
new file mode 100644
index 0000000..231fcd1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test24.txt
@@ -0,0 +1,5 @@
+COUNT = 9
+KEY = 48be597e632c16772324c8d3fa1d9c5a9ecd010f14ec5d110d3bfec376c5532b
+IV = d6d581b8cf04ebd3b6eaa1b53f047ee1
+PLAINTEXT = 0c63d413d3864570e70bb6618bf8a4b9585586688c32bba0a5ecc1362fada74ada32c52acfd1aa7444ba567b4e7daaecf7cc1cb29182af164ae5232b002868695635599807a9a7f07a1f137e97b1e1c9dabc89b6a5e4afa9db5855edaa575056a8f4f8242216242bb0c256310d9d329826ac353d715fa39f80cec144d6424558f9f70b98c920096e0f2c855d594885a00625880e9dfb734163cecef72cf030b8
+CIPHERTEXT = fc5873e50de8faf4c6b84ba707b0854e9db9ab2e9f7d707fbba338c6843a18fc6facebaf663d26296fb329b4d26f18494c79e09e779647f9bafa87489630d79f4301610c2300c19dbf3148b7cac8c4f4944102754f332e92b6f7c5e75bc6179eb877a078d4719009021744c14f13fd2a55a2b9c44d18000685a845a4f632c7c56a77306efa66a24d05d088dcd7c13fe24fc447275965db9e4d37fbc9304448cd
diff --git a/nss/cmd/bltest/tests/aes_cbc/test3.txt b/nss/cmd/bltest/tests/aes_cbc/test3.txt
new file mode 100644
index 0000000..bdbc91b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test3.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 1b077a6af4b7f98229de786d7516b639
+CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72
diff --git a/nss/cmd/bltest/tests/aes_cbc/test4.txt b/nss/cmd/bltest/tests/aes_cbc/test4.txt
new file mode 100644
index 0000000..764b095
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test4.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1
+CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d
diff --git a/nss/cmd/bltest/tests/aes_cbc/test5.txt b/nss/cmd/bltest/tests/aes_cbc/test5.txt
new file mode 100644
index 0000000..8a58240
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test5.txt
@@ -0,0 +1,5 @@
+COUNT = 0
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 014730f80ac625fe84f026c60bfd547d
+CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7
diff --git a/nss/cmd/bltest/tests/aes_cbc/test6.txt b/nss/cmd/bltest/tests/aes_cbc/test6.txt
new file mode 100644
index 0000000..aa97489
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test6.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98
+CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04
diff --git a/nss/cmd/bltest/tests/aes_cbc/test7.txt b/nss/cmd/bltest/tests/aes_cbc/test7.txt
new file mode 100644
index 0000000..734c8c2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test7.txt
@@ -0,0 +1,5 @@
+COUNT = 1
+KEY = 0700d603a1c514e46b6191ba430a3a0c
+IV = aad1583cd91365e3bb2f0c3430d065bb
+PLAINTEXT = 068b25c7bfb1f8bdd4cfc908f69dffc5ddc726a197f0e5f720f730393279be91
+CIPHERTEXT = c4dc61d9725967a3020104a9738f23868527ce839aab1752fd8bdb95a82c4d00
diff --git a/nss/cmd/bltest/tests/aes_cbc/test8.txt b/nss/cmd/bltest/tests/aes_cbc/test8.txt
new file mode 100644
index 0000000..ed628c9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test8.txt
@@ -0,0 +1,5 @@
+COUNT = 3
+KEY = b7f3c9576e12dd0db63e8f8fac2b9a39
+IV = c80f095d8bb1a060699f7c19974a1aa0
+PLAINTEXT = 9ac19954ce1319b354d3220460f71c1e373f1cd336240881160cfde46ebfed2e791e8d5a1a136ebd1dc469dec00c4187722b841cdabcb22c1be8a14657da200e
+CIPHERTEXT = 19b9609772c63f338608bf6eb52ca10be65097f89c1e0905c42401fd47791ae2c5440b2d473116ca78bd9ff2fb6015cfd316524eae7dcb95ae738ebeae84a467
diff --git a/nss/cmd/bltest/tests/aes_cbc/test9.txt b/nss/cmd/bltest/tests/aes_cbc/test9.txt
new file mode 100644
index 0000000..16bc6d6
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cbc/test9.txt
@@ -0,0 +1,5 @@
+COUNT = 5
+KEY = bbe7b7ba07124ff1ae7c3416fe8b465e
+IV = 7f65b5ee3630bed6b84202d97fb97a1e
+PLAINTEXT = 2aad0c2c4306568bad7447460fd3dac054346d26feddbc9abd9110914011b4794be2a9a00a519a51a5b5124014f4ed2735480db21b434e99a911bb0b60fe0253763725b628d5739a5117b7ee3aefafc5b4c1bf446467e7bf5f78f31ff7caf187
+CIPHERTEXT = 3b8611bfc4973c5cd8e982b073b33184cd26110159172e44988eb5ff5661a1e16fad67258fcbfee55469267a12dc374893b4e3533d36f5634c3095583596f135aa8cd1138dc898bc5651ee35a92ebf89ab6aeb5366653bc60a70e0074fc11efe
diff --git a/nss/cmd/bltest/tests/aes_ctr/aes_ctr_0.txt b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_0.txt
new file mode 100644
index 0000000..1e2a367
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_0.txt
@@ -0,0 +1,28 @@
+Test="F.5.1 CTR-AES128.Encrypt"
+Type=Encrypt
+Key=2b7e151628aed2a6abf7158809cf4f3c
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Output Block=ec8cdf7398607cb0f2d21675ea9ea1e4
+Plaintext=6bc1bee22e409f96e93d7e117393172a
+Ciphertext=874d6191b620e3261bef6864990db6ce
+}
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00
+Output Block=362b7c3c6773516318a077d7fc5073ae
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51
+Ciphertext=9806f66b7970fdff8617187bb9fffdff
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01
+Output Block=6a2cc3787889374fbeb4c81b17ba6c44
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef
+Ciphertext=5ae4df3edbd5d35e5b4f09020db03eab
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02
+Output Block=e89c399ff0f198c6d40a31db156cabfe
+Plaintext=f69f2445df4f9b17ad2b417be66c3710
+Ciphertext=1e031dda2fbe03d1792170a0f3009cee
+}
diff --git a/nss/cmd/bltest/tests/aes_ctr/aes_ctr_1.txt b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_1.txt
new file mode 100644
index 0000000..d42fc19
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_1.txt
@@ -0,0 +1,28 @@
+Test="F.5.3 CTR-AES192.Encrypt"
+Type=Encrypt
+Key=8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+Output Block=717d2dc639128334a6167a488ded7921 
+Plaintext=6bc1bee22e409f96e93d7e117393172a 
+Ciphertext=1abc932417521ca24f2b0459fe7e6e0b
+}
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00 
+Output Block=a72eb3bb14a556734b7bad6ab16100c5 
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51 
+Ciphertext=090339ec0aa6faefd5ccc2c6f4ce8e94
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01 
+Output Block=2efeae2d72b722613446dc7f4c2af918 
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef 
+Ciphertext=1e36b26bd1ebc670d1bd1d665620abf7
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02 
+Output Block=b9e783b30dd7924ff7bc9b97beaa8740 
+Plaintext=f69f2445df4f9b17ad2b417be66c3710 
+Ciphertext=4f78a7f6d29809585a97daec58c6b050
+}
diff --git a/nss/cmd/bltest/tests/aes_ctr/aes_ctr_2.txt b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_2.txt
new file mode 100644
index 0000000..7db8009
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_2.txt
@@ -0,0 +1,28 @@
+Test="F.5.5 CTR-AES256.Encrypt"
+Type=Encrypt
+Key=603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Output Block=0bdf7df1591716335e9a8b15c860c502
+Plaintext=6bc1bee22e409f96e93d7e117393172a
+Ciphertext=601ec313775789a5b7a7f504bbf3d228
+}
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00
+Output Block=5a6e699d536119065433863c8f657b94
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51
+Ciphertext=f443e3ca4d62b59aca84e990cacaf5c5
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01
+Output Block=1bc12c9c01610d5d0d8bd6a3378eca62
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef
+Ciphertext=2b0930daa23de94ce87017ba2d84988d
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02
+Output Block=2956e1c8693536b1bee99c73a31576b6
+Plaintext=f69f2445df4f9b17ad2b417be66c3710
+Ciphertext=dfc9c58db67aada613c2dd08457941a6
+}
diff --git a/nss/cmd/bltest/tests/aes_ctr/aes_ctr_tests_source.txt b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_tests_source.txt
new file mode 100644
index 0000000..bef853b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/aes_ctr_tests_source.txt
@@ -0,0 +1,199 @@
+#
+# From NIST Special Publication 800-38A; 2001 Edition ;
+# "Recommendation for Block Cipher Modes of Operation: Methods and Techniques"
+# Morris Dworkin
+# Appendix F Example Vectors for Modes of Operation of the AES
+#
+# In this appendix, three examples are provided for each of the modes in this recommendation with
+# the AES algorithm [2] as the underlying block cipher: one example is given for each of the
+# allowed key sizes (128, 192, and 256 bits). Some intermediate results are presented. For the five
+# confidentiality modes, examples are provided for both encryption and decryption. Examples are
+# provided for 1-bit, 8-bit, and 128 bit CFB. The plaintext for all but two of these examples is
+# equivalent to the following string of hexadecimal characters, formatted into four 128 bit blocks:
+#
+#     6bc1bee22e409f96e93d7e117393172a 
+#     ae2d8a571e03ac9c9eb76fac45af8e51 
+#     30c81c46a35ce411e5fbc1191a0a52ef 
+#     f69f2445df4f9b17ad2b417be66c3710. 
+#
+# For the example of 1-bit CFB, the plaintext is the first 16 bits in the above string; for the example
+# of 8-bit CFB, the plaintext is the first 18 octets in the above string. All strings are presented in
+# hexadecimal notation, except in the example of 1-bit CFB, where the plaintext and ciphertext
+# segments are single bits.
+#
+#
+#  F.5 CTR Example Vectors
+
+Test="F.5.1 CTR-AES128.Encrypt"
+Type=Encrypt
+Key=2b7e151628aed2a6abf7158809cf4f3c
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Output Block=ec8cdf7398607cb0f2d21675ea9ea1e4
+Plaintext=6bc1bee22e409f96e93d7e117393172a
+Ciphertext=874d6191b620e3261bef6864990db6ce
+}
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00
+Output Block=362b7c3c6773516318a077d7fc5073ae
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51
+Ciphertext=9806f66b7970fdff8617187bb9fffdff
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01
+Output Block=6a2cc3787889374fbeb4c81b17ba6c44
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef
+Ciphertext=5ae4df3edbd5d35e5b4f09020db03eab
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02
+Output Block=e89c399ff0f198c6d40a31db156cabfe
+Plaintext=f69f2445df4f9b17ad2b417be66c3710
+Ciphertext=1e031dda2fbe03d1792170a0f3009cee
+}
+
+Test="F.5.2 CTR-AES128.Decrypt"
+Type=Decrypt
+Key=2b7e151628aed2a6abf7158809cf4f3c
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Output Block=ec8cdf7398607cb0f2d21675ea9ea1e4
+Ciphertext=874d6191b620e3261bef6864990db6ce
+Plaintext=6bc1bee22e409f96e93d7e117393172a
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00
+Output Block=362b7c3c6773516318a077d7fc5073ae
+Ciphertext=9806f66b7970fdff8617187bb9fffdff
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01
+Output Block=6a2cc3787889374fbeb4c81b17ba6c44
+Ciphertext=5ae4df3edbd5d35e5b4f09020db03eab
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02
+Output Block=e89c399ff0f198c6d40a31db156cabfe
+Ciphertext=1e031dda2fbe03d1792170a0f3009cee
+Plaintext=f69f2445df4f9b17ad2b417be66c3710
+}
+
+Test="F.5.3 CTR-AES192.Encrypt"
+Type=Encrypt
+Key=8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+Output Block=717d2dc639128334a6167a488ded7921 
+Plaintext=6bc1bee22e409f96e93d7e117393172a 
+Ciphertext=1abc932417521ca24f2b0459fe7e6e0b
+}
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00 
+Output Block=a72eb3bb14a556734b7bad6ab16100c5 
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51 
+Ciphertext=090339ec0aa6faefd5ccc2c6f4ce8e94
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01 
+Output Block=2efeae2d72b722613446dc7f4c2af918 
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef 
+Ciphertext=1e36b26bd1ebc670d1bd1d665620abf7
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02 
+Output Block=b9e783b30dd7924ff7bc9b97beaa8740 
+Plaintext=f69f2445df4f9b17ad2b417be66c3710 
+Ciphertext=4f78a7f6d29809585a97daec58c6b050
+}
+
+Test="F.5.4 CTR-AES192.Decrypt"
+Type="Decrypt"
+Key=8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+Output Block=717d2dc639128334a6167a488ded7921 
+Ciphertext=1abc932417521ca24f2b0459fe7e6e0b
+Plaintext=6bc1bee22e409f96e93d7e117393172a
+} 
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00 
+Output Block=a72eb3bb14a556734b7bad6ab16100c5 
+Ciphertext=090339ec0aa6faefd5ccc2c6f4ce8e94
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51
+} 
+Block #3 
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01 
+Output Block=2efeae2d72b722613446dc7f4c2af918 
+Ciphertext=1e36b26bd1ebc670d1bd1d665620abf7
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef
+}
+Block #4 
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02 
+Output Block=b9e783b30dd7924ff7bc9b97beaa8740 
+Ciphertext=4f78a7f6d29809585a97daec58c6b050
+Plaintext=f69f2445df4f9b17ad2b417be66c3710 
+}
+
+Test="F.5.5 CTR-AES256.Encrypt"
+Type=Encrypt
+Key=603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
+Output Block=0bdf7df1591716335e9a8b15c860c502
+Plaintext=6bc1bee22e409f96e93d7e117393172a
+Ciphertext=601ec313775789a5b7a7f504bbf3d228
+}
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00
+Output Block=5a6e699d536119065433863c8f657b94
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51
+Ciphertext=f443e3ca4d62b59aca84e990cacaf5c5
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01
+Output Block=1bc12c9c01610d5d0d8bd6a3378eca62
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef
+Ciphertext=2b0930daa23de94ce87017ba2d84988d
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02
+Output Block=2956e1c8693536b1bee99c73a31576b6
+Plaintext=f69f2445df4f9b17ad2b417be66c3710
+Ciphertext=dfc9c58db67aada613c2dd08457941a6
+}
+
+Test="F.5.6 CTR-AES256.Decrypt"
+Type=Decrypt
+Key=603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
+Init. Counter=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+Block #1={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff 
+OutputBlock=0bdf7df1591716335e9a8b15c860c502 
+Ciphertext=601ec313775789a5b7a7f504bbf3d228
+Plaintext=6bc1bee22e409f96e93d7e117393172a 
+}
+Block #2={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff00 
+OutputBlock=5a6e699d536119065433863c8f657b94 
+Ciphertext=f443e3ca4d62b59aca84e990cacaf5c5 
+Plaintext=ae2d8a571e03ac9c9eb76fac45af8e51 
+}
+Block #3={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff01 
+OutputBlock=1bc12c9c01610d5d0d8bd6a3378eca62 
+Ciphertext=2b0930daa23de94ce87017ba2d84988d 
+Plaintext=30c81c46a35ce411e5fbc1191a0a52ef 
+}
+Block #4={
+Input Block=f0f1f2f3f4f5f6f7f8f9fafbfcfdff02 
+OutputBlock=2956e1c8693536b1bee99c73a31576b6 
+Ciphertext=dfc9c58db67aada613c2dd08457941a6 
+Plaintext=f69f2445df4f9b17ad2b417be66c3710
+}
+
diff --git a/nss/cmd/bltest/tests/aes_ctr/ciphertext0 b/nss/cmd/bltest/tests/aes_ctr/ciphertext0
new file mode 100644
index 0000000..a3a4ab2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/ciphertext0
@@ -0,0 +1,2 @@
+h01hkbYg4yYb72hkmQ22zpgG9mt5cP3/hhcYe7n//f9a5N8+29XTXltPCQINsD6r
+HgMd2i++A9F5IXCg8wCc7g==
diff --git a/nss/cmd/bltest/tests/aes_ctr/ciphertext1 b/nss/cmd/bltest/tests/aes_ctr/ciphertext1
new file mode 100644
index 0000000..60ed700
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/ciphertext1
@@ -0,0 +1,2 @@
+GryTJBdSHKJPKwRZ/n5uCwkDOewKpvrv1czCxvTOjpQeNrJr0evGcNG9HWZWIKv3
+T3in9tKYCVhal9rsWMawUA==
diff --git a/nss/cmd/bltest/tests/aes_ctr/ciphertext2 b/nss/cmd/bltest/tests/aes_ctr/ciphertext2
new file mode 100644
index 0000000..4c6462f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/ciphertext2
@@ -0,0 +1,2 @@
+YB7DE3dXiaW3p/UEu/PSKPRD48pNYrWayoTpkMrK9cUrCTDaoj3pTOhwF7othJiN
+38nFjbZ6raYTwt0IRXlBpg==
diff --git a/nss/cmd/bltest/tests/aes_ctr/iv0 b/nss/cmd/bltest/tests/aes_ctr/iv0
new file mode 100644
index 0000000..10ae5e1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/iv0
@@ -0,0 +1 @@
+ðñòóôõö÷øùúûüýþÿ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/iv1 b/nss/cmd/bltest/tests/aes_ctr/iv1
new file mode 100644
index 0000000..10ae5e1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/iv1
@@ -0,0 +1 @@
+ðñòóôõö÷øùúûüýþÿ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/iv2 b/nss/cmd/bltest/tests/aes_ctr/iv2
new file mode 100644
index 0000000..10ae5e1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/iv2
@@ -0,0 +1 @@
+ðñòóôõö÷øùúûüýþÿ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/key0 b/nss/cmd/bltest/tests/aes_ctr/key0
new file mode 100644
index 0000000..efb7819
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/key0
@@ -0,0 +1 @@
++~(®Ò¦«÷ˆ	ÏO<
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/key1 b/nss/cmd/bltest/tests/aes_ctr/key1
new file mode 100644
index 0000000..06b40e4
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/key1
@@ -0,0 +1 @@
+Žs°÷ÚdRÈó+€�yåbøêÒR,k{
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/key2 b/nss/cmd/bltest/tests/aes_ctr/key2
new file mode 100644
index 0000000..cf22d1a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/key2
@@ -0,0 +1 @@
+`=ëÊq¾+s®ð…}w�5,;a×-˜£	ßô
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/mktst.sh b/nss/cmd/bltest/tests/aes_ctr/mktst.sh
new file mode 100644
index 0000000..b6f2f6f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/mktst.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+for i in 0 1 2
+do
+    file="aes_ctr_$i.txt"
+    grep Key $file | sed -e 's;Key=;;' | hex > key$i
+    grep "Init. Counter"  $file | sed -e 's;Init. Counter=;;' | hex > iv$i
+    grep "Ciphertext"  $file | sed -e 's;Ciphertext=;;' | hex | btoa > ciphertext$i
+    grep "Plaintext"  $file | sed -e 's;Plaintext=;;' | hex  > plaintext$i
+done
diff --git a/nss/cmd/bltest/tests/aes_ctr/numtests b/nss/cmd/bltest/tests/aes_ctr/numtests
new file mode 100644
index 0000000..00750ed
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/numtests
@@ -0,0 +1 @@
+3
diff --git a/nss/cmd/bltest/tests/aes_ctr/plaintext0 b/nss/cmd/bltest/tests/aes_ctr/plaintext0
new file mode 100644
index 0000000..8ad7704
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/plaintext0
@@ -0,0 +1,2 @@
+kÁ¾â.@Ÿ–é=~s“*®-ŠW¬œž·o¬E¯ŽQ0ÈF£\äåûÁ
+RïöŸ$EßO›­+A{æl7
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/plaintext1 b/nss/cmd/bltest/tests/aes_ctr/plaintext1
new file mode 100644
index 0000000..8ad7704
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/plaintext1
@@ -0,0 +1,2 @@
+kÁ¾â.@Ÿ–é=~s“*®-ŠW¬œž·o¬E¯ŽQ0ÈF£\äåûÁ
+RïöŸ$EßO›­+A{æl7
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ctr/plaintext2 b/nss/cmd/bltest/tests/aes_ctr/plaintext2
new file mode 100644
index 0000000..8ad7704
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ctr/plaintext2
@@ -0,0 +1,2 @@
+kÁ¾â.@Ÿ–é=~s“*®-ŠW¬œž·o¬E¯ŽQ0ÈF£\äåûÁ
+RïöŸ$EßO›­+A{æl7
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt b/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
new file mode 100644
index 0000000..b107586
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/aes-cts-type-1-vectors.txt
@@ -0,0 +1,47 @@
+# Raeburn                     Standards Track                    [Page 12]
+# 
+# RFC 3962             AES Encryption for Kerberos 5         February 2005
+# 
+# Some test vectors for CBC with ciphertext stealing, using an initial
+# vector of all-zero.
+#
+# Original Test vectors were for AES CTS-3 (Kerberos). These test vectors have been modified for AES CTS-1 (NIST)
+#
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
+
diff --git a/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt b/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
new file mode 100644
index 0000000..fa28439
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/aes_cts_0.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20
+Output:   97 c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+Next IV:  c6 35 35 68 f2 bf 8c b4 d8 a5 80 36 2d a7 ff 7f
+
diff --git a/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt b/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
new file mode 100644
index 0000000..dae9735
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/aes_cts_1.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+Next IV:  fc 00 78 3e 0e fd b2 c1 d4 45 d4 c8 ef f7 ed 22
+
diff --git a/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt b/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
new file mode 100644
index 0000000..df89289
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/aes_cts_2.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+Next IV:  39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8
+
diff --git a/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt b/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
new file mode 100644
index 0000000..11e68e0
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/aes_cts_3.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+Next IV:  b3 ff fd 94 0c 16 a1 8c 1b 55 49 d2 f8 38 02 9e
+
diff --git a/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt b/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
new file mode 100644
index 0000000..b5dc5ae
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/aes_cts_4.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+Next IV:  9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8
+
diff --git a/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt b/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
new file mode 100644
index 0000000..db837f9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/aes_cts_5.txt
@@ -0,0 +1,6 @@
+Key:      63 68 69 63 6b 65 6e 20 74 65 72 69 79 61 6b 69
+IV:       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+Input:    49 20 77 6f 75 6c 64 20 6c 69 6b 65 20 74 68 65 20 47 65 6e 65 72 61 6c 20 47 61 75 27 73 20 43 68 69 63 6b 65 6e 2c 20 70 6c 65 61 73 65 2c 20 61 6e 64 20 77 6f 6e 74 6f 6e 20 73 6f 75 70 2e
+Output:   97 68 72 68 d6 ec cc c0 c0 7b 25 e2 5e cf e5 84 39 31 25 23 a7 86 62 d5 be 7f cb cc 98 eb f5 a8 9d ad 8b bb 96 c4 cd c0 3b c1 03 e1 a1 94 bb d8 48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+Next IV:  48 07 ef e8 36 ee 89 a5 26 73 0d bc 2f 7b c8 40
+
diff --git a/nss/cmd/bltest/tests/aes_cts/ciphertext0 b/nss/cmd/bltest/tests/aes_cts/ciphertext0
new file mode 100644
index 0000000..bcfdc10
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/ciphertext0
@@ -0,0 +1 @@
+l8Y1NWjyv4y02KWANi2n/38=
diff --git a/nss/cmd/bltest/tests/aes_cts/ciphertext1 b/nss/cmd/bltest/tests/aes_cts/ciphertext1
new file mode 100644
index 0000000..6656080
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/ciphertext1
@@ -0,0 +1 @@
+l2hyaNbszMDAeyXiXs/l/AB4Pg79ssHURdTI7/ftIg==
diff --git a/nss/cmd/bltest/tests/aes_cts/ciphertext2 b/nss/cmd/bltest/tests/aes_cts/ciphertext2
new file mode 100644
index 0000000..336d705
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/ciphertext2
@@ -0,0 +1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9ag=
diff --git a/nss/cmd/bltest/tests/aes_cts/ciphertext3 b/nss/cmd/bltest/tests/aes_cts/ciphertext3
new file mode 100644
index 0000000..7c53d40
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/ciphertext3
@@ -0,0 +1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9bP//ZQMFqGMG1VJ0vg4Ap4=
diff --git a/nss/cmd/bltest/tests/aes_cts/ciphertext4 b/nss/cmd/bltest/tests/aes_cts/ciphertext4
new file mode 100644
index 0000000..ef31331
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/ciphertext4
@@ -0,0 +1 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
diff --git a/nss/cmd/bltest/tests/aes_cts/ciphertext5 b/nss/cmd/bltest/tests/aes_cts/ciphertext5
new file mode 100644
index 0000000..0ead143
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/ciphertext5
@@ -0,0 +1,2 @@
+l2hyaNbszMDAeyXiXs/lhDkxJSOnhmLVvn/LzJjr9aidrYu7lsTNwDvBA+GhlLvY
+SAfv6DbuiaUmcw28L3vIQA==
diff --git a/nss/cmd/bltest/tests/aes_cts/iv0 b/nss/cmd/bltest/tests/aes_cts/iv0
new file mode 100644
index 0000000000000000000000000000000000000000..4bdfab8333086af48b9ece6d1f9db9aa9a07cdff
GIT binary patch
literal 34
dcmZQzKm~jZ$4pH#KJD+>a${+OneOuc^#Dwl2^|0c

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cts/iv1 b/nss/cmd/bltest/tests/aes_cts/iv1
new file mode 100644
index 0000000000000000000000000000000000000000..3e8c8e9e6b97306f58059d6807b665465bc3bc64
GIT binary patch
literal 34
ecmZQzKm~jZe;6w4`2KD>c*XU~iTB^%DggjZ*a_(X

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cts/iv2 b/nss/cmd/bltest/tests/aes_cts/iv2
new file mode 100644
index 0000000000000000000000000000000000000000..b4bbc2e76fb0ee149bce3609e147cae594ccf0d4
GIT binary patch
literal 34
dcmZQzKm~jZmWHaz%iEH!?yEn2X2$EUD*!$l2^jzY

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cts/iv3 b/nss/cmd/bltest/tests/aes_cts/iv3
new file mode 100644
index 0000000000000000000000000000000000000000..c065e8362dc47e875113249f9a575f490363087a
GIT binary patch
literal 34
dcmZQzKm~jZoB#iv!Xvh@M>^E=(hm!!c>qgx2mAm4

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cts/iv4 b/nss/cmd/bltest/tests/aes_cts/iv4
new file mode 100644
index 0000000000000000000000000000000000000000..ba11a0ec02ff240e50a83121b4c2b60eed06e3a3
GIT binary patch
literal 34
ecmZQzKm~jZbJuq7o_6Hy0qcXz4;N0^eFFeigbFSI

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cts/iv5 b/nss/cmd/bltest/tests/aes_cts/iv5
new file mode 100644
index 0000000000000000000000000000000000000000..213a4bd3c7541d93cdc6bd0427ca28cc3cb2c062
GIT binary patch
literal 34
dcmZQzKm~jZ9_;U5n7!*<s#eUqN5A@n0{}x72b%x@

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_cts/key0 b/nss/cmd/bltest/tests/aes_cts/key0
new file mode 100644
index 0000000..8ec57e8
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/key0
@@ -0,0 +1 @@
+chicken teriyaki
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/key1 b/nss/cmd/bltest/tests/aes_cts/key1
new file mode 100644
index 0000000..8ec57e8
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/key1
@@ -0,0 +1 @@
+chicken teriyaki
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/key2 b/nss/cmd/bltest/tests/aes_cts/key2
new file mode 100644
index 0000000..8ec57e8
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/key2
@@ -0,0 +1 @@
+chicken teriyaki
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/key3 b/nss/cmd/bltest/tests/aes_cts/key3
new file mode 100644
index 0000000..8ec57e8
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/key3
@@ -0,0 +1 @@
+chicken teriyaki
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/key4 b/nss/cmd/bltest/tests/aes_cts/key4
new file mode 100644
index 0000000..8ec57e8
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/key4
@@ -0,0 +1 @@
+chicken teriyaki
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/key5 b/nss/cmd/bltest/tests/aes_cts/key5
new file mode 100644
index 0000000..8ec57e8
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/key5
@@ -0,0 +1 @@
+chicken teriyaki
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/mktst.sh b/nss/cmd/bltest/tests/aes_cts/mktst.sh
new file mode 100644
index 0000000..58b628d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/mktst.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+for i in 0 1 2 3 4 5
+do
+    file="aes_cts_$i.txt"
+    grep "Key" $file | sed -e 's;Key:;;' | hex > key$i
+    grep "IV"  $file | sed -e 's;IV:;;' | hex > iv$i
+    grep "Input"  $file | sed -e 's;Input:;;' | hex  > plaintext$i
+    grep "Output"  $file | sed -e 's;Output:;;' | hex | btoa > ciphertext$i
+done
diff --git a/nss/cmd/bltest/tests/aes_cts/numtests b/nss/cmd/bltest/tests/aes_cts/numtests
new file mode 100644
index 0000000..1e8b314
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/numtests
@@ -0,0 +1 @@
+6
diff --git a/nss/cmd/bltest/tests/aes_cts/plaintext0 b/nss/cmd/bltest/tests/aes_cts/plaintext0
new file mode 100644
index 0000000..3f35c97
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/plaintext0
@@ -0,0 +1 @@
+I would like the 
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/plaintext1 b/nss/cmd/bltest/tests/aes_cts/plaintext1
new file mode 100644
index 0000000..3975448
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/plaintext1
@@ -0,0 +1 @@
+I would like the General Gau's 
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/plaintext2 b/nss/cmd/bltest/tests/aes_cts/plaintext2
new file mode 100644
index 0000000..d0664ea
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/plaintext2
@@ -0,0 +1 @@
+I would like the General Gau's C
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/plaintext3 b/nss/cmd/bltest/tests/aes_cts/plaintext3
new file mode 100644
index 0000000..563970b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/plaintext3
@@ -0,0 +1 @@
+I would like the General Gau's Chicken, please,
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/plaintext4 b/nss/cmd/bltest/tests/aes_cts/plaintext4
new file mode 100644
index 0000000..b908471
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/plaintext4
@@ -0,0 +1 @@
+I would like the General Gau's Chicken, please, 
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_cts/plaintext5 b/nss/cmd/bltest/tests/aes_cts/plaintext5
new file mode 100644
index 0000000..5e4c069
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_cts/plaintext5
@@ -0,0 +1 @@
+I would like the General Gau's Chicken, please, and wonton soup.
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ecb/ciphertext0 b/nss/cmd/bltest/tests/aes_ecb/ciphertext0
new file mode 100644
index 0000000..d6818c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/ciphertext0
@@ -0,0 +1 @@
+PVuaCIiaKQhblgFCbVMTTg==
diff --git a/nss/cmd/bltest/tests/aes_ecb/ciphertext1 b/nss/cmd/bltest/tests/aes_ecb/ciphertext1
new file mode 100644
index 0000000..1126bbf
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/ciphertext1
@@ -0,0 +1 @@
+AzZ2PpZtkllaVnzJzlN/Xg==
diff --git a/nss/cmd/bltest/tests/aes_ecb/ciphertext2 b/nss/cmd/bltest/tests/aes_ecb/ciphertext2
new file mode 100644
index 0000000..ec069ab
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/ciphertext2
@@ -0,0 +1 @@
+qaFjG/SZaVTrwJOVeyNFiQ==
diff --git a/nss/cmd/bltest/tests/aes_ecb/ciphertext3 b/nss/cmd/bltest/tests/aes_ecb/ciphertext3
new file mode 100644
index 0000000..82c4cd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/ciphertext3
@@ -0,0 +1 @@
+J1z8BBPYzLcFE8OFmx0Pcg==
diff --git a/nss/cmd/bltest/tests/aes_ecb/ciphertext4 b/nss/cmd/bltest/tests/aes_ecb/ciphertext4
new file mode 100644
index 0000000..81714bd
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/ciphertext4
@@ -0,0 +1 @@
+ybgTX/G1rcQT39BTshvZbQ==
diff --git a/nss/cmd/bltest/tests/aes_ecb/ciphertext5 b/nss/cmd/bltest/tests/aes_ecb/ciphertext5
new file mode 100644
index 0000000..ce9672a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/ciphertext5
@@ -0,0 +1 @@
+XJ2ETtRvmIUIXl1qT5TH1w==
diff --git a/nss/cmd/bltest/tests/aes_ecb/ciphertext6 b/nss/cmd/bltest/tests/aes_ecb/ciphertext6
new file mode 100644
index 0000000..fc53a4f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/ciphertext6
@@ -0,0 +1 @@
+qf91vXz2YT03Mcd8O20MBA==
diff --git a/nss/cmd/bltest/tests/aes_ecb/key0 b/nss/cmd/bltest/tests/aes_ecb/key0
new file mode 100644
index 0000000..13911cc
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/key0
@@ -0,0 +1 @@
+fedcba9876543210
diff --git a/nss/cmd/bltest/tests/aes_ecb/key1 b/nss/cmd/bltest/tests/aes_ecb/key1
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_ecb/key2 b/nss/cmd/bltest/tests/aes_ecb/key2
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_ecb/key3 b/nss/cmd/bltest/tests/aes_ecb/key3
new file mode 100644
index 0000000000000000000000000000000000000000..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
KcmZQzzzzTa7ytnP

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_ecb/key4 b/nss/cmd/bltest/tests/aes_ecb/key4
new file mode 100644
index 0000000000000000000000000000000000000000..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
KcmZQzzzzTa7ytnP

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_ecb/key5 b/nss/cmd/bltest/tests/aes_ecb/key5
new file mode 100644
index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
KcmZQzzz+ZbAOHaX

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_ecb/key6 b/nss/cmd/bltest/tests/aes_ecb/key6
new file mode 100644
index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
KcmZQzzz+ZbAOHaX

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_ecb/mktst.sh b/nss/cmd/bltest/tests/aes_ecb/mktst.sh
new file mode 100644
index 0000000..6d46509
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/mktst.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+for i in 1 2 3 4 5 6
+do
+    file="test$i.txt"
+    grep "KEY = " $file | sed -e 's;KEY = ;;' | hex > key$i
+    grep "PLAINTEXT = "  $file | sed -e 's;PLAINTEXT = ;;' | hex  > plaintext$i
+    grep "CIPHERTEXT = "  $file | sed -e 's;CIPHERTEXT = ;;' | hex > ciphertext$i.bin
+    btoa < ciphertext$i.bin > ciphertext$i
+    rm ciphertext$i.bin
+done
diff --git a/nss/cmd/bltest/tests/aes_ecb/numtests b/nss/cmd/bltest/tests/aes_ecb/numtests
new file mode 100644
index 0000000..7f8f011
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/numtests
@@ -0,0 +1 @@
+7
diff --git a/nss/cmd/bltest/tests/aes_ecb/plaintext0 b/nss/cmd/bltest/tests/aes_ecb/plaintext0
new file mode 100644
index 0000000..8d6a8d5
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/plaintext0
@@ -0,0 +1 @@
+0123456789abcdef
diff --git a/nss/cmd/bltest/tests/aes_ecb/plaintext1 b/nss/cmd/bltest/tests/aes_ecb/plaintext1
new file mode 100644
index 0000000..8bac1b7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/plaintext1
@@ -0,0 +1 @@
+óD�ì<Æ'ºÍ]Ãûòsæ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ecb/plaintext2 b/nss/cmd/bltest/tests/aes_ecb/plaintext2
new file mode 100644
index 0000000..b2153e2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/plaintext2
@@ -0,0 +1 @@
+—˜Äd­uÇÃ"}¹Nr
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ecb/plaintext3 b/nss/cmd/bltest/tests/aes_ecb/plaintext3
new file mode 100644
index 0000000..b565f3a
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/plaintext3
@@ -0,0 +1 @@
+zjô·ù‚)Þxmu¶9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ecb/plaintext4 b/nss/cmd/bltest/tests/aes_ecb/plaintext4
new file mode 100644
index 0000000..9ef1cbb
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/plaintext4
@@ -0,0 +1 @@
+œ-ˆBåô�Wd‚Óš#šñ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ecb/plaintext5 b/nss/cmd/bltest/tests/aes_ecb/plaintext5
new file mode 100644
index 0000000..767e9f4
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/plaintext5
@@ -0,0 +1,2 @@
+
G0ø
+Æ%þ„ð&ÆýT}
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ecb/plaintext6 b/nss/cmd/bltest/tests/aes_ecb/plaintext6
new file mode 100644
index 0000000..e8537b6
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/plaintext6
@@ -0,0 +1 @@
+$¯6<äf_(%×´tœ˜
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_ecb/test1.txt b/nss/cmd/bltest/tests/aes_ecb/test1.txt
new file mode 100644
index 0000000..96a2adb
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/test1.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 00000000000000000000000000000000
+PLAINTEXT = f34481ec3cc627bacd5dc3fb08f273e6
+CIPHERTEXT = 0336763e966d92595a567cc9ce537f5e
diff --git a/nss/cmd/bltest/tests/aes_ecb/test2.txt b/nss/cmd/bltest/tests/aes_ecb/test2.txt
new file mode 100644
index 0000000..a01daae
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/test2.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 00000000000000000000000000000000
+PLAINTEXT = 9798c4640bad75c7c3227db910174e72
+CIPHERTEXT = a9a1631bf4996954ebc093957b234589
diff --git a/nss/cmd/bltest/tests/aes_ecb/test3.txt b/nss/cmd/bltest/tests/aes_ecb/test3.txt
new file mode 100644
index 0000000..803c23c
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/test3.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 000000000000000000000000000000000000000000000000
+PLAINTEXT = 1b077a6af4b7f98229de786d7516b639
+CIPHERTEXT = 275cfc0413d8ccb70513c3859b1d0f72
diff --git a/nss/cmd/bltest/tests/aes_ecb/test4.txt b/nss/cmd/bltest/tests/aes_ecb/test4.txt
new file mode 100644
index 0000000..e567fab
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/test4.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 000000000000000000000000000000000000000000000000
+PLAINTEXT = 9c2d8842e5f48f57648205d39a239af1
+CIPHERTEXT = c9b8135ff1b5adc413dfd053b21bd96d
diff --git a/nss/cmd/bltest/tests/aes_ecb/test5.txt b/nss/cmd/bltest/tests/aes_ecb/test5.txt
new file mode 100644
index 0000000..c96940e
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/test5.txt
@@ -0,0 +1,4 @@
+COUNT = 0
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+PLAINTEXT = 014730f80ac625fe84f026c60bfd547d
+CIPHERTEXT = 5c9d844ed46f9885085e5d6a4f94c7d7
diff --git a/nss/cmd/bltest/tests/aes_ecb/test6.txt b/nss/cmd/bltest/tests/aes_ecb/test6.txt
new file mode 100644
index 0000000..d8d0058
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_ecb/test6.txt
@@ -0,0 +1,4 @@
+COUNT = 1
+KEY = 0000000000000000000000000000000000000000000000000000000000000000
+PLAINTEXT = 0b24af36193ce4665f2825d7b4749c98
+CIPHERTEXT = a9ff75bd7cf6613d3731c77c3b6d0c04
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad0 b/nss/cmd/bltest/tests/aes_gcm/aad0
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad1 b/nss/cmd/bltest/tests/aes_gcm/aad1
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad10 b/nss/cmd/bltest/tests/aes_gcm/aad10
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad10
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad11 b/nss/cmd/bltest/tests/aes_gcm/aad11
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad11
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad12 b/nss/cmd/bltest/tests/aes_gcm/aad12
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad13 b/nss/cmd/bltest/tests/aes_gcm/aad13
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad14 b/nss/cmd/bltest/tests/aes_gcm/aad14
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad15 b/nss/cmd/bltest/tests/aes_gcm/aad15
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad15
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad16 b/nss/cmd/bltest/tests/aes_gcm/aad16
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad16
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad17 b/nss/cmd/bltest/tests/aes_gcm/aad17
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad17
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad2 b/nss/cmd/bltest/tests/aes_gcm/aad2
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad3 b/nss/cmd/bltest/tests/aes_gcm/aad3
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad3
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad4 b/nss/cmd/bltest/tests/aes_gcm/aad4
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad4
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad5 b/nss/cmd/bltest/tests/aes_gcm/aad5
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad5
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad6 b/nss/cmd/bltest/tests/aes_gcm/aad6
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad7 b/nss/cmd/bltest/tests/aes_gcm/aad7
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad8 b/nss/cmd/bltest/tests/aes_gcm/aad8
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/aad9 b/nss/cmd/bltest/tests/aes_gcm/aad9
new file mode 100644
index 0000000..87b29d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/aad9
@@ -0,0 +1 @@
+þíúÎÞ­¾ïþíúÎÞ­¾ï«­ÚÒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext0 b/nss/cmd/bltest/tests/aes_gcm/ciphertext0
new file mode 100644
index 0000000..3b35214
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext0
@@ -0,0 +1 @@
+WOL8zvp+MGE2fx1XpOdFWg==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext1 b/nss/cmd/bltest/tests/aes_gcm/ciphertext1
new file mode 100644
index 0000000..9913ff1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext1
@@ -0,0 +1 @@
+A4jazmC2o5LzKMK5cbL+eKtuR9Qs7BO99TpnshJXvd8=
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext10 b/nss/cmd/bltest/tests/aes_gcm/ciphertext10
new file mode 100644
index 0000000..70cb471
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext10
@@ -0,0 +1,2 @@
+DxD1ma4UoVTtJLNuJTJNuMVmYy7yu7NPg0coD8RQcFf93CnfmkcfdcZlQdTU2tHJ
+6ToZpY6LRz+g8GL3ZdzFf89iOiQJT8ykDTUz+A==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext11 b/nss/cmd/bltest/tests/aes_gcm/ciphertext11
new file mode 100644
index 0000000..b9c4236
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext11
@@ -0,0 +1,2 @@
+0n6IaBzjJDxIMBZaj9z5/x3podjmtEfvbve3mChmbkWB55ASrzTd2eLwN1ibKS2z
+5nwDZ0X6Iufptzc73PVm/ykcJbu4Vo/D03am2Q==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext12 b/nss/cmd/bltest/tests/aes_gcm/ciphertext12
new file mode 100644
index 0000000..b756f5c
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext12
@@ -0,0 +1 @@
+Uw+K+8dFNrmpY7TxxMtziw==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext13 b/nss/cmd/bltest/tests/aes_gcm/ciphertext13
new file mode 100644
index 0000000..15bc5e1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext13
@@ -0,0 +1 @@
+zqdAPU1ga24HTsXTuvOdGNDRyKeZmWvwJluYtdSKuRk=
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext14 b/nss/cmd/bltest/tests/aes_gcm/ciphertext14
new file mode 100644
index 0000000..a982ef2
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext14
@@ -0,0 +1,2 @@
+Ui3B8JlWfQf0fzejKoRCfWQ6jNy/5cDJdZiivSVV0aqMsI5IWQ27PaewixBWgog4
+xfYeY5O6egq8yfZiiYAVrbCU2sXZNHG97BpQInDjzGw=
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext15 b/nss/cmd/bltest/tests/aes_gcm/ciphertext15
new file mode 100644
index 0000000..5f5b952
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext15
@@ -0,0 +1,2 @@
+Ui3B8JlWfQf0fzejKoRCfWQ6jNy/5cDJdZiivSVV0aqMsI5IWQ27PaewixBWgog4
+xfYeY5O6egq8yfZidvxuzg9OF2jN34hTuy1VGw==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext16 b/nss/cmd/bltest/tests/aes_gcm/ciphertext16
new file mode 100644
index 0000000..86d9096
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext16
@@ -0,0 +1,2 @@
+w3Yt8cp4fTKuR8E78ZhEy68a4U0Ll2r6xS/315u6neD+tYLTOTSk8JVMwjY7xz94
+YqxDDmSr5Jn0fJsfOjN9v0anksReRUkT/i6o8g==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext17 b/nss/cmd/bltest/tests/aes_gcm/ciphertext17
new file mode 100644
index 0000000..6be2346
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext17
@@ -0,0 +1,2 @@
+Wo3vLwyeU/H3XXhTZZ4qIO6ysiqv3mQZoFirT290a/QPwMO3gPJERS2j6/HF2Cze
+okGJlyAO+C5Ern4/pEqCZu4cjrDItdTPWunxmg==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext2 b/nss/cmd/bltest/tests/aes_gcm/ciphertext2
new file mode 100644
index 0000000..f5efb3d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext2
@@ -0,0 +1,2 @@
+QoMewiF3dCRLciG3hNDUnOOqIS8sAqTgNcF+IymsoS4h1RSyVGaTHH2PalqshKoF
+G6MLOWoKrJc9WOCRRz9ZhU1cKvMnzWSmLPNavSum+rQ=
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext3 b/nss/cmd/bltest/tests/aes_gcm/ciphertext3
new file mode 100644
index 0000000..80fe95e
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext3
@@ -0,0 +1,2 @@
+QoMewiF3dCRLciG3hNDUnOOqIS8sAqTgNcF+IymsoS4h1RSyVGaTHH2PalqshKoF
+G6MLOWoKrJc9WOCRW8lPvDIhpduU+ula5xIaRw==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext4 b/nss/cmd/bltest/tests/aes_gcm/ciphertext4
new file mode 100644
index 0000000..cbc0194
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext4
@@ -0,0 +1,2 @@
+YTU7TCgGk0p3f/UfoipHVWmbKnFPzcb4N2bl+XtsdCNzgGkA5J8ksisJdUTUiWtC
+SYm14eusDwfCP0WYNhLS5547B4VWG+FKrKL8yw==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext5 b/nss/cmd/bltest/tests/aes_gcm/ciphertext5
new file mode 100644
index 0000000..77127ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext5
@@ -0,0 +1,2 @@
+jOJJmGJWFbYDoDOsoT+4lL6REqXDohGouiYqPMp+LKcB5Kmk+6Q8kMzcsoHUjHxv
+1ih10qykFwNMNK7lYZzFrv/+C/pGKvQ8FpnQUA==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext6 b/nss/cmd/bltest/tests/aes_gcm/ciphertext6
new file mode 100644
index 0000000..dc07bfd
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext6
@@ -0,0 +1 @@
+zTOyisdz90ugDtHzElckNQ==
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext7 b/nss/cmd/bltest/tests/aes_gcm/ciphertext7
new file mode 100644
index 0000000..d405c82
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext7
@@ -0,0 +1 @@
+mOckfAfw/kEcJn5DhLD2AC/1jYADOSerjvTUWHUU8Ps=
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext8 b/nss/cmd/bltest/tests/aes_gcm/ciphertext8
new file mode 100644
index 0000000..53738bb
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext8
@@ -0,0 +1,2 @@
+OYDKCzwA6EHrBvrEhyonV4WeHOqm79mEYoWTtAyh4Zx9dz0AwUTFJaxhnRjISj9H
+GOJEiy/jJNnM2icQrK3iVpkkp8hYcza/sRgCTbhnShQ=
diff --git a/nss/cmd/bltest/tests/aes_gcm/ciphertext9 b/nss/cmd/bltest/tests/aes_gcm/ciphertext9
new file mode 100644
index 0000000..bde2785
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/ciphertext9
@@ -0,0 +1,2 @@
+OYDKCzwA6EHrBvrEhyonV4WeHOqm79mEYoWTtAyh4Zx9dz0AwUTFJaxhnRjISj9H
+GOJEiy/jJNnM2icQJRlJjoDxR483ulW9bSdhjA==
diff --git a/nss/cmd/bltest/tests/aes_gcm/hex.c b/nss/cmd/bltest/tests/aes_gcm/hex.c
new file mode 100644
index 0000000..cdf583d
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/hex.c
@@ -0,0 +1,78 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int
+tohex(int c)
+{
+    if ((c >= '0') && (c <= '9')) {
+        return c - '0';
+    }
+    if ((c >= 'a') && (c <= 'f')) {
+        return c - 'a' + 10;
+    }
+    if ((c >= 'A') && (c <= 'F')) {
+        return c - 'A' + 10;
+    }
+    return 0;
+}
+
+int
+isspace(int c)
+{
+    if (c <= ' ')
+        return 1;
+    if (c == '\n')
+        return 1;
+    if (c == '\t')
+        return 1;
+    if (c == ':')
+        return 1;
+    if (c == ';')
+        return 1;
+    if (c == ',')
+        return 1;
+    return 0;
+}
+
+void
+verify_nibble(int nibble, int current)
+{
+    if (nibble != 0) {
+        fprintf(stderr, "count mismatch %d (nibbles=0x%x)\n", nibble, current);
+        fflush(stderr);
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    int c;
+    int current = 0;
+    int nibble = 0;
+    int skip = 0;
+
+    if (argv[1]) {
+        skip = atoi(argv[1]);
+    }
+
+#define NIBBLE_COUNT 2
+    while ((c = getchar()) != EOF) {
+        if (isspace(c)) {
+            verify_nibble(nibble, current);
+            continue;
+        }
+        if (skip) {
+            skip--;
+            continue;
+        }
+        current = current << 4 | tohex(c);
+        nibble++;
+        if (nibble == NIBBLE_COUNT) {
+            putchar(current);
+            nibble = 0;
+            current = 0;
+        }
+    }
+    return 0;
+}
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv0 b/nss/cmd/bltest/tests/aes_gcm/iv0
new file mode 100644
index 0000000000000000000000000000000000000000..ce58bc9f84b9623e708de4eb8427a57d9f9a160f
GIT binary patch
literal 12
KcmZQzKmY&$3;+QD

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/iv1 b/nss/cmd/bltest/tests/aes_gcm/iv1
new file mode 100644
index 0000000000000000000000000000000000000000..ce58bc9f84b9623e708de4eb8427a57d9f9a160f
GIT binary patch
literal 12
KcmZQzKmY&$3;+QD

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/iv10 b/nss/cmd/bltest/tests/aes_gcm/iv10
new file mode 100644
index 0000000..bad60b0
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv10
@@ -0,0 +1 @@
+Êþº¾úÎÛ­
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv11 b/nss/cmd/bltest/tests/aes_gcm/iv11
new file mode 100644
index 0000000..f446641
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv11
@@ -0,0 +1 @@
+“"]ø„åU�œZÿRiªjz•8SO}¡äÃÒ£§(ÃÀÉQV€•9üðâBškRT®Ûõ ÞjW¦7³›
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv12 b/nss/cmd/bltest/tests/aes_gcm/iv12
new file mode 100644
index 0000000000000000000000000000000000000000..ce58bc9f84b9623e708de4eb8427a57d9f9a160f
GIT binary patch
literal 12
KcmZQzKmY&$3;+QD

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/iv13 b/nss/cmd/bltest/tests/aes_gcm/iv13
new file mode 100644
index 0000000000000000000000000000000000000000..ce58bc9f84b9623e708de4eb8427a57d9f9a160f
GIT binary patch
literal 12
KcmZQzKmY&$3;+QD

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/iv14 b/nss/cmd/bltest/tests/aes_gcm/iv14
new file mode 100644
index 0000000..e3728f7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv14
@@ -0,0 +1 @@
+Êþº¾úÎÛ­ÞÊøˆ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv15 b/nss/cmd/bltest/tests/aes_gcm/iv15
new file mode 100644
index 0000000..e3728f7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv15
@@ -0,0 +1 @@
+Êþº¾úÎÛ­ÞÊøˆ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv16 b/nss/cmd/bltest/tests/aes_gcm/iv16
new file mode 100644
index 0000000..bad60b0
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv16
@@ -0,0 +1 @@
+Êþº¾úÎÛ­
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv17 b/nss/cmd/bltest/tests/aes_gcm/iv17
new file mode 100644
index 0000000..f446641
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv17
@@ -0,0 +1 @@
+“"]ø„åU�œZÿRiªjz•8SO}¡äÃÒ£§(ÃÀÉQV€•9üðâBškRT®Ûõ ÞjW¦7³›
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv2 b/nss/cmd/bltest/tests/aes_gcm/iv2
new file mode 100644
index 0000000..e3728f7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv2
@@ -0,0 +1 @@
+Êþº¾úÎÛ­ÞÊøˆ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv3 b/nss/cmd/bltest/tests/aes_gcm/iv3
new file mode 100644
index 0000000..e3728f7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv3
@@ -0,0 +1 @@
+Êþº¾úÎÛ­ÞÊøˆ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv4 b/nss/cmd/bltest/tests/aes_gcm/iv4
new file mode 100644
index 0000000..bad60b0
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv4
@@ -0,0 +1 @@
+Êþº¾úÎÛ­
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv5 b/nss/cmd/bltest/tests/aes_gcm/iv5
new file mode 100644
index 0000000..f446641
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv5
@@ -0,0 +1 @@
+“"]ø„åU�œZÿRiªjz•8SO}¡äÃÒ£§(ÃÀÉQV€•9üðâBškRT®Ûõ ÞjW¦7³›
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv6 b/nss/cmd/bltest/tests/aes_gcm/iv6
new file mode 100644
index 0000000000000000000000000000000000000000..ce58bc9f84b9623e708de4eb8427a57d9f9a160f
GIT binary patch
literal 12
KcmZQzKmY&$3;+QD

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/iv7 b/nss/cmd/bltest/tests/aes_gcm/iv7
new file mode 100644
index 0000000000000000000000000000000000000000..ce58bc9f84b9623e708de4eb8427a57d9f9a160f
GIT binary patch
literal 12
KcmZQzKmY&$3;+QD

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/iv8 b/nss/cmd/bltest/tests/aes_gcm/iv8
new file mode 100644
index 0000000..e3728f7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv8
@@ -0,0 +1 @@
+Êþº¾úÎÛ­ÞÊøˆ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/iv9 b/nss/cmd/bltest/tests/aes_gcm/iv9
new file mode 100644
index 0000000..e3728f7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/iv9
@@ -0,0 +1 @@
+Êþº¾úÎÛ­ÞÊøˆ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key0 b/nss/cmd/bltest/tests/aes_gcm/key0
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/key1 b/nss/cmd/bltest/tests/aes_gcm/key1
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/key10 b/nss/cmd/bltest/tests/aes_gcm/key10
new file mode 100644
index 0000000..222b4b5
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key10
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†es
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key11 b/nss/cmd/bltest/tests/aes_gcm/key11
new file mode 100644
index 0000000..222b4b5
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key11
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†es
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key12 b/nss/cmd/bltest/tests/aes_gcm/key12
new file mode 100644
index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
KcmZQzzz+ZbAOHaX

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/key13 b/nss/cmd/bltest/tests/aes_gcm/key13
new file mode 100644
index 0000000000000000000000000000000000000000..4e4e4935707a596987ec1cc32e3d0d587dbe4f04
GIT binary patch
literal 32
KcmZQzzz+ZbAOHaX

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/key14 b/nss/cmd/bltest/tests/aes_gcm/key14
new file mode 100644
index 0000000..2163baf
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key14
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key15 b/nss/cmd/bltest/tests/aes_gcm/key15
new file mode 100644
index 0000000..2163baf
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key15
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key16 b/nss/cmd/bltest/tests/aes_gcm/key16
new file mode 100644
index 0000000..2163baf
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key16
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key17 b/nss/cmd/bltest/tests/aes_gcm/key17
new file mode 100644
index 0000000..2163baf
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key17
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key2 b/nss/cmd/bltest/tests/aes_gcm/key2
new file mode 100644
index 0000000..767ebda
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key2
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key3 b/nss/cmd/bltest/tests/aes_gcm/key3
new file mode 100644
index 0000000..767ebda
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key3
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key4 b/nss/cmd/bltest/tests/aes_gcm/key4
new file mode 100644
index 0000000..767ebda
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key4
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key5 b/nss/cmd/bltest/tests/aes_gcm/key5
new file mode 100644
index 0000000..767ebda
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key5
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key6 b/nss/cmd/bltest/tests/aes_gcm/key6
new file mode 100644
index 0000000000000000000000000000000000000000..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
KcmZQzzzzTa7ytnP

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/key7 b/nss/cmd/bltest/tests/aes_gcm/key7
new file mode 100644
index 0000000000000000000000000000000000000000..4ac5fc6cf890b46738523c4d4d9d964e312f368f
GIT binary patch
literal 24
KcmZQzzzzTa7ytnP

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/key8 b/nss/cmd/bltest/tests/aes_gcm/key8
new file mode 100644
index 0000000..222b4b5
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key8
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†es
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/key9 b/nss/cmd/bltest/tests/aes_gcm/key9
new file mode 100644
index 0000000..222b4b5
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/key9
@@ -0,0 +1 @@
+þÿé’†esmj�”g0ƒþÿé’†es
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/mktst.sh b/nss/cmd/bltest/tests/aes_gcm/mktst.sh
new file mode 100644
index 0000000..a990f51
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/mktst.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+for i in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
+do
+    file="test$i.txt"
+    grep K= $file | sed -e 's;K=;;' | hex > key$i
+    grep IV=  $file | sed -e 's;IV=;;' | hex > iv$i
+    grep "C="  $file | sed -e 's;C=;;' | hex > ciphertext$i.bin
+    grep "P="  $file | sed -e 's;P=;;' | hex  > plaintext$i
+    grep "A="  $file | sed -e 's;A=;;' | hex  > aad$i
+    grep "T="  $file | sed -e 's;T=;;' | hex  >> ciphertext$i.bin
+    btoa < ciphertext$i.bin > ciphertext$i
+    rm ciphertext$i.bin
+done
diff --git a/nss/cmd/bltest/tests/aes_gcm/numtests b/nss/cmd/bltest/tests/aes_gcm/numtests
new file mode 100644
index 0000000..3c03207
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/numtests
@@ -0,0 +1 @@
+18
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext0 b/nss/cmd/bltest/tests/aes_gcm/plaintext0
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext1 b/nss/cmd/bltest/tests/aes_gcm/plaintext1
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext10 b/nss/cmd/bltest/tests/aes_gcm/plaintext10
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext10
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext11 b/nss/cmd/bltest/tests/aes_gcm/plaintext11
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext11
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext12 b/nss/cmd/bltest/tests/aes_gcm/plaintext12
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext13 b/nss/cmd/bltest/tests/aes_gcm/plaintext13
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext14 b/nss/cmd/bltest/tests/aes_gcm/plaintext14
new file mode 100644
index 0000000..664f6c9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext14
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9¯ÒU
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext15 b/nss/cmd/bltest/tests/aes_gcm/plaintext15
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext15
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext16 b/nss/cmd/bltest/tests/aes_gcm/plaintext16
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext16
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext17 b/nss/cmd/bltest/tests/aes_gcm/plaintext17
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext17
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext2 b/nss/cmd/bltest/tests/aes_gcm/plaintext2
new file mode 100644
index 0000000..664f6c9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext2
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9¯ÒU
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext3 b/nss/cmd/bltest/tests/aes_gcm/plaintext3
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext3
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext4 b/nss/cmd/bltest/tests/aes_gcm/plaintext4
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext4
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext5 b/nss/cmd/bltest/tests/aes_gcm/plaintext5
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext5
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext6 b/nss/cmd/bltest/tests/aes_gcm/plaintext6
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext7 b/nss/cmd/bltest/tests/aes_gcm/plaintext7
new file mode 100644
index 0000000000000000000000000000000000000000..01d633b27e8ea9b17084fc911d0c8cc43a4170a9
GIT binary patch
literal 16
KcmZQzKm`B*5C8!H

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext8 b/nss/cmd/bltest/tests/aes_gcm/plaintext8
new file mode 100644
index 0000000..664f6c9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext8
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9¯ÒU
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/plaintext9 b/nss/cmd/bltest/tests/aes_gcm/plaintext9
new file mode 100644
index 0000000..0050587
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/plaintext9
@@ -0,0 +1 @@
+Ù12%ø„å¥Y	ůõ&š†§©S4÷Ú.L0=Š1Šr<••h	S/Ï$I¦µ%±jíõª
æWºc{9
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/aes_gcm/test0.txt b/nss/cmd/bltest/tests/aes_gcm/test0.txt
new file mode 100644
index 0000000..a8bd4e1
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test0.txt
@@ -0,0 +1,11 @@
+test="Test Case 1"
+K=00000000000000000000000000000000
+P= 
+IV=000000000000000000000000
+H=66e94bd4ef8a2c3b884cfa59ca342b2e
+Y0=00000000000000000000000000000001
+E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a
+len(A)||len(C)=00000000000000000000000000000000 
+GHASH(H,A,C)=00000000000000000000000000000000
+C=
+T=58e2fccefa7e3061367f1d57a4e7455a
diff --git a/nss/cmd/bltest/tests/aes_gcm/test1.txt b/nss/cmd/bltest/tests/aes_gcm/test1.txt
new file mode 100644
index 0000000..7bb83ce
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test1.txt
@@ -0,0 +1,14 @@
+test="Test Case 2"
+K=00000000000000000000000000000000
+P=00000000000000000000000000000000
+IV=000000000000000000000000
+H=66e94bd4ef8a2c3b884cfa59ca342b2e
+Y0=00000000000000000000000000000001
+E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a
+Y1=00000000000000000000000000000002
+E(K,Y1)=0388dace60b6a392f328c2b971b2fe78
+X1 5e2ec746917062882c85b0685353deb7
+len(A)||len(C)=00000000000000000000000000000080
+GHASH(H,A,C)=f38cbb1ad69223dcc3457ae5b6b0f885
+C=0388dace60b6a392f328c2b971b2fe78
+T=ab6e47d42cec13bdf53a67b21257bddf
diff --git a/nss/cmd/bltest/tests/aes_gcm/test10.txt b/nss/cmd/bltest/tests/aes_gcm/test10.txt
new file mode 100644
index 0000000..2a4a5a9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test10.txt
@@ -0,0 +1,28 @@
+test="Test Case 11"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbad
+H=466923ec9ae682214f2c082badb39249
+N1=9473c07b02544299cf007c42c5778218
+len({})||len(IV)=00000000000000000000000000000040
+Y0=a14378078d27258a6292737e1802ada5
+E(K,Y0)=7bb6d647c902427ce7cf26563a337371
+X1=f3bf7ba3e305aeb05ed0d2e4fe076666
+X2=20a51fa2302e9c01b87c48f2c3d91a56
+Y1=a14378078d27258a6292737e1802ada6
+E(K,Y1)=d621c7bc5690a7b1487dbaab8ac76b22
+Y2=a14378078d27258a6292737e1802ada7
+E(K,Y2)=43c1ca7de78f4495ad0b18324e61fa25
+Y3=a14378078d27258a6292737e1802ada8
+E(K,Y3)=e1e0254a0f2f1626e9aa4ff09d7c64ec
+Y4=a14378078d27258a6292737e1802ada9
+E(K,Y4)=5850f4502486a1681a9319ce7d0afa59
+X3=8bdedafd6ee8e529689de3a269b8240d
+X4=6607feb377b49c9ecdbc696344fe22d8
+X5=8a19570a06500ba9405fcece4a73fb48
+X6=8532826e63ce4a5b89b70fa28f8070fe
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=1e6a133806607858ee80eaf237064089
+C=0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7
+T=65dcc57fcf623a24094fcca40d3533f8
diff --git a/nss/cmd/bltest/tests/aes_gcm/test11.txt b/nss/cmd/bltest/tests/aes_gcm/test11.txt
new file mode 100644
index 0000000..d46e6f9
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test11.txt
@@ -0,0 +1,31 @@
+test="Test Case 12"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+H=466923ec9ae682214f2c082badb39249
+N1=19aef0f04763b0c87903c5a217d5314f
+N2=62120253f79efc978625d1feb03b5b5b
+N3=b6ce2a84e366de900fa78a1653df77fb
+N4=374ecad90487f0bb261ba817447e022c
+len({})||len(IV)=000000000000000000000000000001e0
+Y0=4505cdc367a054c5002820e96aebef27
+E(K,Y0)=5ea3194f9dd012a3b9bc5103d6e0284d
+X1=f3bf7ba3e305aeb05ed0d2e4fe076666
+X2=20a51fa2302e9c01b87c48f2c3d91a56
+Y1=4505cdc367a054c5002820e96aebef28
+E(K,Y1)=0b4fba4de46722d9ed691f9f2029df65
+Y2=4505cdc367a054c5002820e96aebef29
+E(K,Y2)=9b4e088bf380b03540bb87a5a257e437
+Y3=4505cdc367a054c5002820e96aebef2a
+E(K,Y3)=9ddb9c873a5cd48acd3f397cd28f9896
+Y4=4505cdc367a054c5002820e96aebef2b
+E(K,Y4)=5716ee92eff7c4b053d44c0294ea88cd
+X3=f70d61693ea7f53f08c866d6eedb1e4b
+X4=dc40bc9a181b35aed66488071ef282ae
+X5=85ffa424b87b35cac7be9c450f0d7aee
+X6=65233cbe5251f7d246bfc967a8678647
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=82567fb0b4cc371801eadec005968e94
+C=d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b
+T=dcf566ff291c25bbb8568fc3d376a6d9
diff --git a/nss/cmd/bltest/tests/aes_gcm/test12.txt b/nss/cmd/bltest/tests/aes_gcm/test12.txt
new file mode 100644
index 0000000..b9ccfa8
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test12.txt
@@ -0,0 +1,11 @@
+test="Test Case 13"
+K=0000000000000000000000000000000000000000000000000000000000000000
+P=
+IV=000000000000000000000000
+H=dc95c078a2408989ad48a21492842087
+Y0=00000000000000000000000000000001
+E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b
+len(A)||len(C)=00000000000000000000000000000000
+GHASH(H,A,C)=00000000000000000000000000000000
+C=
+T=530f8afbc74536b9a963b4f1c4cb738b
diff --git a/nss/cmd/bltest/tests/aes_gcm/test13.txt b/nss/cmd/bltest/tests/aes_gcm/test13.txt
new file mode 100644
index 0000000..b589ba4
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test13.txt
@@ -0,0 +1,14 @@
+test="Test Case 14"
+K=0000000000000000000000000000000000000000000000000000000000000000
+P=00000000000000000000000000000000
+IV=000000000000000000000000
+H=dc95c078a2408989ad48a21492842087
+Y0=00000000000000000000000000000001
+E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b
+Y1=00000000000000000000000000000002
+E(K,Y1)=cea7403d4d606b6e074ec5d3baf39d18
+X1=fd6ab7586e556dba06d69cfe6223b262
+len(A)||len(C)=00000000000000000000000000000080
+GHASH(H,A,C)=83de425c5edc5d498f382c441041ca92
+C=cea7403d4d606b6e074ec5d3baf39d18
+T=d0d1c8a799996bf0265b98b5d48ab919
diff --git a/nss/cmd/bltest/tests/aes_gcm/test14.txt b/nss/cmd/bltest/tests/aes_gcm/test14.txt
new file mode 100644
index 0000000..f650ea7
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test14.txt
@@ -0,0 +1,23 @@
+test="Test Case 15"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+IV=cafebabefacedbaddecaf888
+H=acbef20579b4b8ebce889bac8732dad7
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=8b1cf3d561d27be251263e66857164e7
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=e29d258faad137135bd49280af645bd8
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=908c82ddcc65b26e887f85341f243d1d
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8
+X1=fcbefb78635d598eddaf982310670f35
+X2=29de812309d3116a6eff7ec844484f3e
+X3=45fad9deeda9ea561b8f199c3613845b
+X4=ed95f8e164bf3213febc740f0bd9c6af
+len(A)||len(C)=00000000000000000000000000000200
+GHASH(H,A,C)=4db870d37cb75fcb46097c36230d1612
+C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad
+T=b094dac5d93471bdec1a502270e3cc6c
diff --git a/nss/cmd/bltest/tests/aes_gcm/test15.txt b/nss/cmd/bltest/tests/aes_gcm/test15.txt
new file mode 100644
index 0000000..f1a49e3
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test15.txt
@@ -0,0 +1,26 @@
+test="Test Case 16"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbaddecaf888
+H=acbef20579b4b8ebce889bac8732dad7
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e
+X1=5165d242c2592c0a6375e2622cf925d2
+X2=8efa30ce83298b85fe71abefc0cdd01d
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=8b1cf3d561d27be251263e66857164e7
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=e29d258faad137135bd49280af645bd8
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=908c82ddcc65b26e887f85341f243d1d
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8
+X3=abe07e0bb62354177480b550f9f6cdcc
+X4=3978e4f141b95f3b4699756b1c3c2082
+X5=8abf3c48901debe76837d8a05c7d6e87
+X6=9249beaf520c48b912fa120bbf391dc8
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=8bd0c4d8aacd391e67cca447e8c38f65
+C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662
+T=76fc6ece0f4e1768cddf8853bb2d551b
diff --git a/nss/cmd/bltest/tests/aes_gcm/test16.txt b/nss/cmd/bltest/tests/aes_gcm/test16.txt
new file mode 100644
index 0000000..6918aca
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test16.txt
@@ -0,0 +1,28 @@
+test="Test Case 17"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbad
+H=acbef20579b4b8ebce889bac8732dad7
+N1=90c22e3d2aca34b971e8bd09708fae5c
+len({})||len(IV)=00000000000000000000000000000040
+Y0=0095df49dd90abe3e4d252475748f5d4
+E(K,Y0)=4f903f37fe611d454217fbfa5cd7d791
+X1=5165d242c2592c0a6375e2622cf925d2
+X2=8efa30ce83298b85fe71abefc0cdd01d
+Y1=0095df49dd90abe3e4d252475748f5d5
+E(K,Y1)=1a471fd432fc7bd70b1ec8fe5e6d6251
+Y2=0095df49dd90abe3e4d252475748f5d6
+E(K,Y2)=29bd481e1ea39d20eb63c7ea118b1792
+Y3=0095df49dd90abe3e4d252475748f5d7
+E(K,Y3)=e2898e46ac5cada3ba83cc1272618a5d
+Y4=0095df49dd90abe3e4d252475748f5d8
+E(K,Y4)=d3c6aefbcea602ce4e1fe026065447bf
+X3=55e1ff68f9249e64b95223858e5cb936
+X4=cef1c034383dc96f733aaa4c99bd3e61
+X5=68588d004fd468f5854515039b08165d
+X6=2378943c034697f72a80fce5059bf3f3
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=75a34288b8c68f811c52b2e9a2f97f63
+C=c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f
+T=3a337dbf46a792c45e454913fe2ea8f2
diff --git a/nss/cmd/bltest/tests/aes_gcm/test17.txt b/nss/cmd/bltest/tests/aes_gcm/test17.txt
new file mode 100644
index 0000000..a5c538e
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test17.txt
@@ -0,0 +1,31 @@
+test="Test Case 18"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+H=acbef20579b4b8ebce889bac8732dad7
+N1=0bfe66e2032f195516379f5fb710f987
+N2=f0631554d11409915feec8f9f5102aba
+N3=749b90dda19a1557fd9e9fd31fed1d14
+N4=7a6a833f260d848793b327cb07d1b190
+len({})||len(IV)=000000000000000000000000000001e0
+Y0=0cd953e2140a5976079f8e2406bc8eb4
+E(K,Y0)=71b54d092bb0c3d9ba94538d4096e691
+X1=5165d242c2592c0a6375e2622cf925d2
+X2=8efa30ce83298b85fe71abefc0cdd01d
+Y1=0cd953e2140a5976079f8e2406bc8eb5
+E(K,Y1)=83bcdd0af41a551452047196ca6b0cba
+Y2=0cd953e2140a5976079f8e2406bc8eb6
+E(K,Y2)=68151b79baea93c38e149b72e545e186
+Y3=0cd953e2140a5976079f8e2406bc8eb7
+E(K,Y3)=13fccf22159a4d16026ce5d58c7e99fb
+Y4=0cd953e2140a5976079f8e2406bc8eb8
+E(K,Y4)=132b64628a031e79fecd050675a64f07
+X3=e963941cfa8c417bdaa3b3d94ab4e905
+X4=2178d7f836e5fa105ce0fdf0fc8f0654
+X5=bac14eeba3216f966b3e7e011475b832
+X6=cc9ae9175729a649936e890bd971a8bf
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=d5ffcf6fc5ac4d69722187421a7f170b
+C=5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f
+T=a44a8266ee1c8eb0c8b5d4cf5ae9f19a
diff --git a/nss/cmd/bltest/tests/aes_gcm/test2.txt b/nss/cmd/bltest/tests/aes_gcm/test2.txt
new file mode 100644
index 0000000..8e69bf6
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test2.txt
@@ -0,0 +1,23 @@
+test="Test Case 3"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+IV=cafebabefacedbaddecaf888
+H=b83b533708bf535d0aa6e52980d53b78
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=3de91827c10e9a4f5240647ee5221f20
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0
+X1=59ed3f2bb1a0aaa07c9f56c6a504647b
+X2=b714c9048389afd9f9bc5c1d4378e052
+X3=47400c6577b1ee8d8f40b2721e86ff10
+X4=4796cf49464704b5dd91f159bb1b7f95
+len(A)||len(C)=00000000000000000000000000000200
+GHASH(H,A,C)=7f1b32b81b820d02614f8895ac1d4eac
+C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985
+T=4d5c2af327cd64a62cf35abd2ba6fab4
diff --git a/nss/cmd/bltest/tests/aes_gcm/test3.txt b/nss/cmd/bltest/tests/aes_gcm/test3.txt
new file mode 100644
index 0000000..4083eac
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test3.txt
@@ -0,0 +1,26 @@
+test="Test Case 4"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbaddecaf888
+H=b83b533708bf535d0aa6e52980d53b78
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418
+X1=ed56aaf8a72d67049fdb9228edba1322
+X2=cd47221ccef0554ee4bb044c88150352
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=3de91827c10e9a4f5240647ee5221f20
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0
+X3=54f5e1b2b5a8f9525c23924751a3ca51
+X4=324f585c6ffc1359ab371565d6c45f93
+X5=ca7dd446af4aa70cc3c0cd5abba6aa1c
+X6=1590df9b2eb6768289e57d56274c8570
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=698e57f70e6ecc7fd9463b7260a9ae5f
+C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091
+T=5bc94fbc3221a5db94fae95ae7121a47
diff --git a/nss/cmd/bltest/tests/aes_gcm/test4.txt b/nss/cmd/bltest/tests/aes_gcm/test4.txt
new file mode 100644
index 0000000..ec62258
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test4.txt
@@ -0,0 +1,28 @@
+test="Test Case 5"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbad
+H=b83b533708bf535d0aa6e52980d53b78
+N1=6f288b846e5fed9a18376829c86a6a16
+len({})||len(C)=00000000000000000000000000000040
+Y0=c43a83c4c4badec4354ca984db252f7d
+E(K,Y0)=e94ab9535c72bea9e089c93d48e62fb0
+X1=ed56aaf8a72d67049fdb9228edba1322
+X2=cd47221ccef0554ee4bb044c88150352
+Y1=c43a83c4c4badec4354ca984db252f7e
+E(K,Y1)=b8040969d08295afd226fcda0ddf61cf
+Y2=c43a83c4c4badec4354ca984db252f7f
+E(K,Y2)=ef3c83225af93122192ad5c4f15dfe51
+Y3=c43a83c4c4badec4354ca984db252f80
+E(K,Y3)=6fbc659571f72de104c67b609d2fde67
+Y4=c43a83c4c4badec4354ca984db252f81
+E(K,Y4)=f8e3581441a1e950785c3ea1430c6fa6
+X3=9379e2feae14649c86cf2250e3a81916
+X4=65dde904c92a6b3db877c4817b50a5f4
+X5=48c53cf863b49a1b0bbfc48c3baaa89d
+X6=08c873f1c8cec3effc209a07468caab1
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=df586bb4c249b92cb6922877e444d37b
+C=61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598
+T=3612d2e79e3b0785561be14aaca2fccb
diff --git a/nss/cmd/bltest/tests/aes_gcm/test5.txt b/nss/cmd/bltest/tests/aes_gcm/test5.txt
new file mode 100644
index 0000000..709251b
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test5.txt
@@ -0,0 +1,31 @@
+test="Test Case 6"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+H=b83b533708bf535d0aa6e52980d53b78
+N1=004d6599d7fb1634756e1e299d81630f
+N2=88ffe8a3c8033df4b54d732f7f88408e
+N3=24e694cfab657beabba8055aad495e23
+N4=d8349a5eda24943c8fbb2ef5168b20cb
+len({})||len(IV)=000000000000000000000000000001e0
+Y0=3bab75780a31c059f83d2a44752f9864
+7dc63b399f2d98d57ab073b6baa4138e
+X1=ed56aaf8a72d67049fdb9228edba1322
+X2=cd47221ccef0554ee4bb044c88150352
+Y1=3bab75780a31c059f83d2a44752f9865
+E(K,Y1)=55d37bbd9ad21353a6f93a690eca9e0e
+Y2=3bab75780a31c059f83d2a44752f9866
+E(K,Y2)=3836bbf6d696e672946a1a01404fa6d5
+Y3=3bab75780a31c059f83d2a44752f9867
+E(K,Y3)=1dd8a5316ecc35c3e313bca59d2ac94a
+Y4=3bab75780a31c059f83d2a44752f9868
+E(K,Y4)=6742982706a9f154f657d5dc94b746db
+X3=31727669c63c6f078b5d22adbbbca384
+X4=480c00db2679065a7ed2f771a53acacd
+X5=1c1ae3c355e2214466a9923d2ba6ab35
+X6=0694c6f16bb0275a48891d06590344b0
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=1c5afe9760d3932f3c9a878aac3dc3de
+C=8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5
+T=619cc5aefffe0bfa462af43c1699d050
diff --git a/nss/cmd/bltest/tests/aes_gcm/test6.txt b/nss/cmd/bltest/tests/aes_gcm/test6.txt
new file mode 100644
index 0000000..b738e1f
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test6.txt
@@ -0,0 +1,11 @@
+test="Test Case 7"
+K=000000000000000000000000000000000000000000000000
+P=
+IV=000000000000000000000000
+H=aae06992acbf52a3e8f4a96ec9300bd7
+Y0=00000000000000000000000000000001
+E(K,Y0)=cd33b28ac773f74ba00ed1f312572435
+len(A)||len(C)=00000000000000000000000000000000
+GHASH(H,A,C)=00000000000000000000000000000000
+C=
+T=cd33b28ac773f74ba00ed1f312572435
diff --git a/nss/cmd/bltest/tests/aes_gcm/test7.txt b/nss/cmd/bltest/tests/aes_gcm/test7.txt
new file mode 100644
index 0000000..68bc521
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test7.txt
@@ -0,0 +1,14 @@
+test="Test Case 8"
+K=000000000000000000000000000000000000000000000000
+P=00000000000000000000000000000000
+IV=000000000000000000000000
+H=aae06992acbf52a3e8f4a96ec9300bd7
+Y0=00000000000000000000000000000001
+E(K,Y0)=cd33b28ac773f74ba00ed1f312572435
+Y1=00000000000000000000000000000002
+E(K,Y1)=98e7247c07f0fe411c267e4384b0f600
+X1=90e87315fb7d4e1b4092ec0cbfda5d7d
+len(A)||len(C)=00000000000000000000000000000080
+GHASH(H,A,C)=e2c63f0ac44ad0e02efa05ab6743d4ce
+C=98e7247c07f0fe411c267e4384b0f600
+T=2ff58d80033927ab8ef4d4587514f0fb
diff --git a/nss/cmd/bltest/tests/aes_gcm/test8.txt b/nss/cmd/bltest/tests/aes_gcm/test8.txt
new file mode 100644
index 0000000..5443240
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test8.txt
@@ -0,0 +1,23 @@
+test="Test Case 9"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+IV=cafebabefacedbaddecaf888
+H=466923ec9ae682214f2c082badb39249
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=614b3195542ccc7683ae933c81ec8a62
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=a988a97e85eec28e76b95c29b6023003
+X1=dddca3f91c17821ffac4a6d0fed176f7
+X2=a4e84ac60e2730f4a7e0e1eef708b198
+X3=e67592048dd7153973a0dbbb8804bee2
+X4=503e86628536625fb746ce3cecea433f
+len(A)||len(C)=00000000000000000000000000000200
+GHASH(H,A,C)=51110d40f6c8fff0eb1ae33445a889f0
+C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256
+T=9924a7c8587336bfb118024db8674a14
diff --git a/nss/cmd/bltest/tests/aes_gcm/test9.txt b/nss/cmd/bltest/tests/aes_gcm/test9.txt
new file mode 100644
index 0000000..bcd5939
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test9.txt
@@ -0,0 +1,26 @@
+test="Test Case 10"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbaddecaf888
+H=466923ec9ae682214f2c082badb39249
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4
+X1=f3bf7ba3e305aeb05ed0d2e4fe076666
+X2=20a51fa2302e9c01b87c48f2c3d91a56
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=614b3195542ccc7683ae933c81ec8a62
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=a988a97e85eec28e76b95c29b6023003
+X3=714f9700ddf520f20695f6180c6e669d
+X4=e858680b7b240d2ecf7e06bbad4524e2
+X5=3f4865abd6bb3fb9f5c4a816f0a9b778
+X6=4256f67fe87b4f49422ba11af857c973
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=ed2ce3062e4a8ec06db8b4c490e8a268
+C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710
+T=2519498e80f1478f37ba55bd6d27618c
diff --git a/nss/cmd/bltest/tests/aes_gcm/test_source.txt b/nss/cmd/bltest/tests/aes_gcm/test_source.txt
new file mode 100644
index 0000000..61c78fc
--- /dev/null
+++ b/nss/cmd/bltest/tests/aes_gcm/test_source.txt
@@ -0,0 +1,439 @@
+#  AppendixB AES Test Vectors
+#  From "The Galois/Counter Mode of Operation (GCM)", David A McGree & John Viega,
+#   http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-spec.pdf
+#
+# This appendix contains test cases for AES GCM, with AES key sizes of 128, 192, and 256 bits. These
+# cases use the same notation as in Equations 1 and 2, with the exception that Ni is used in place of
+# Xi when GHASH is used to compute Y0 , in order to distinguish that case from the later invocation
+# of GHASH. All values are in hexadecimal, and a zero-length variable is indicated by the absence
+# of any hex digits. Each line consists of 128 bits of data, and variables whose lengths exceed that
+# value are continued on successive lines. The leftmost hex digit corresponds to the leftmost four
+# bits of the variable. For example, the lowest 128 bits of the field polynomial are represented as
+# e100000000000000000000000000000000.
+#
+
+test="Test Case 1"
+K=00000000000000000000000000000000
+P= 
+IV=000000000000000000000000
+H=66e94bd4ef8a2c3b884cfa59ca342b2e
+Y0=00000000000000000000000000000001
+E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a
+len(A)||len(C)=00000000000000000000000000000000 
+GHASH(H,A,C)=00000000000000000000000000000000
+C=
+T=58e2fccefa7e3061367f1d57a4e7455a
+
+
+test="Test Case 2"
+K=00000000000000000000000000000000
+P=00000000000000000000000000000000
+IV=000000000000000000000000
+H=66e94bd4ef8a2c3b884cfa59ca342b2e
+Y0=00000000000000000000000000000001
+E(K,Y0)=58e2fccefa7e3061367f1d57a4e7455a
+Y1=00000000000000000000000000000002
+E(K,Y1)=0388dace60b6a392f328c2b971b2fe78
+X1 5e2ec746917062882c85b0685353deb7
+len(A)||len(C)=00000000000000000000000000000080
+GHASH(H,A,C)=f38cbb1ad69223dcc3457ae5b6b0f885
+C=0388dace60b6a392f328c2b971b2fe78
+T=ab6e47d42cec13bdf53a67b21257bddf
+
+test="Test Case 3"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+IV=cafebabefacedbaddecaf888
+H=b83b533708bf535d0aa6e52980d53b78
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=3de91827c10e9a4f5240647ee5221f20
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0
+X1=59ed3f2bb1a0aaa07c9f56c6a504647b
+X2=b714c9048389afd9f9bc5c1d4378e052
+X3=47400c6577b1ee8d8f40b2721e86ff10
+X4=4796cf49464704b5dd91f159bb1b7f95
+len(A)||len(C)=00000000000000000000000000000200
+GHASH(H,A,C)=7f1b32b81b820d02614f8895ac1d4eac
+C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985
+T=4d5c2af327cd64a62cf35abd2ba6fab4
+
+test="Test Case 4"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbaddecaf888
+H=b83b533708bf535d0aa6e52980d53b78
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=3247184b3c4f69a44dbcd22887bbb418
+X1=ed56aaf8a72d67049fdb9228edba1322
+X2=cd47221ccef0554ee4bb044c88150352
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=9bb22ce7d9f372c1ee2b28722b25f206
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=650d887c3936533a1b8d4e1ea39d2b5c
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=3de91827c10e9a4f5240647ee5221f20
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=aac9e6ccc0074ac0873b9ba85d908bd0
+X3=54f5e1b2b5a8f9525c23924751a3ca51
+X4=324f585c6ffc1359ab371565d6c45f93
+X5=ca7dd446af4aa70cc3c0cd5abba6aa1c
+X6=1590df9b2eb6768289e57d56274c8570
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=698e57f70e6ecc7fd9463b7260a9ae5f
+C=42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091
+T=5bc94fbc3221a5db94fae95ae7121a47
+
+test="Test Case 5"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbad
+H=b83b533708bf535d0aa6e52980d53b78
+N1=6f288b846e5fed9a18376829c86a6a16
+len({})||len(C)=00000000000000000000000000000040
+Y0=c43a83c4c4badec4354ca984db252f7d
+E(K,Y0)=e94ab9535c72bea9e089c93d48e62fb0
+X1=ed56aaf8a72d67049fdb9228edba1322
+X2=cd47221ccef0554ee4bb044c88150352
+Y1=c43a83c4c4badec4354ca984db252f7e
+E(K,Y1)=b8040969d08295afd226fcda0ddf61cf
+Y2=c43a83c4c4badec4354ca984db252f7f
+E(K,Y2)=ef3c83225af93122192ad5c4f15dfe51
+Y3=c43a83c4c4badec4354ca984db252f80
+E(K,Y3)=6fbc659571f72de104c67b609d2fde67
+Y4=c43a83c4c4badec4354ca984db252f81
+E(K,Y4)=f8e3581441a1e950785c3ea1430c6fa6
+X3=9379e2feae14649c86cf2250e3a81916
+X4=65dde904c92a6b3db877c4817b50a5f4
+X5=48c53cf863b49a1b0bbfc48c3baaa89d
+X6=08c873f1c8cec3effc209a07468caab1
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=df586bb4c249b92cb6922877e444d37b
+C=61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598
+T=3612d2e79e3b0785561be14aaca2fccb
+
+test="Test Case 6"
+K=feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+H=b83b533708bf535d0aa6e52980d53b78
+N1=004d6599d7fb1634756e1e299d81630f
+N2=88ffe8a3c8033df4b54d732f7f88408e
+N3=24e694cfab657beabba8055aad495e23
+N4=d8349a5eda24943c8fbb2ef5168b20cb
+len({})||len(IV)=000000000000000000000000000001e0
+Y0=3bab75780a31c059f83d2a44752f9864
+7dc63b399f2d98d57ab073b6baa4138e
+X1=ed56aaf8a72d67049fdb9228edba1322
+X2=cd47221ccef0554ee4bb044c88150352
+Y1=3bab75780a31c059f83d2a44752f9865
+E(K,Y1)=55d37bbd9ad21353a6f93a690eca9e0e
+Y2=3bab75780a31c059f83d2a44752f9866
+E(K,Y2)=3836bbf6d696e672946a1a01404fa6d5
+Y3=3bab75780a31c059f83d2a44752f9867
+E(K,Y3)=1dd8a5316ecc35c3e313bca59d2ac94a
+Y4=3bab75780a31c059f83d2a44752f9868
+E(K,Y4)=6742982706a9f154f657d5dc94b746db
+X3=31727669c63c6f078b5d22adbbbca384
+X4=480c00db2679065a7ed2f771a53acacd
+X5=1c1ae3c355e2214466a9923d2ba6ab35
+X6=0694c6f16bb0275a48891d06590344b0
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=1c5afe9760d3932f3c9a878aac3dc3de
+C=8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5
+T=619cc5aefffe0bfa462af43c1699d050
+
+test="Test Case 7"
+K=000000000000000000000000000000000000000000000000
+P=
+IV=000000000000000000000000
+H=aae06992acbf52a3e8f4a96ec9300bd7
+Y0=00000000000000000000000000000001
+E(K,Y0)=cd33b28ac773f74ba00ed1f312572435
+len(A)||len(C)=00000000000000000000000000000000
+GHASH(H,A,C)=00000000000000000000000000000000
+C=
+T=cd33b28ac773f74ba00ed1f312572435
+
+test="Test Case 8"
+K=000000000000000000000000000000000000000000000000
+P=00000000000000000000000000000000
+IV=000000000000000000000000
+H=aae06992acbf52a3e8f4a96ec9300bd7
+Y0=00000000000000000000000000000001
+E(K,Y0)=cd33b28ac773f74ba00ed1f312572435
+Y1=00000000000000000000000000000002
+E(K,Y1)=98e7247c07f0fe411c267e4384b0f600
+X1=90e87315fb7d4e1b4092ec0cbfda5d7d
+len(A)||len(C)=00000000000000000000000000000080
+GHASH(H,A,C)=e2c63f0ac44ad0e02efa05ab6743d4ce
+C=98e7247c07f0fe411c267e4384b0f600
+T=2ff58d80033927ab8ef4d4587514f0fb
+
+
+test="Test Case 9"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+IV=cafebabefacedbaddecaf888
+H=466923ec9ae682214f2c082badb39249
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=614b3195542ccc7683ae933c81ec8a62
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=a988a97e85eec28e76b95c29b6023003
+X1=dddca3f91c17821ffac4a6d0fed176f7
+X2=a4e84ac60e2730f4a7e0e1eef708b198
+X3=e67592048dd7153973a0dbbb8804bee2
+X4=503e86628536625fb746ce3cecea433f
+len(A)||len(C)=00000000000000000000000000000200
+GHASH(H,A,C)=51110d40f6c8fff0eb1ae33445a889f0
+C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256
+T=9924a7c8587336bfb118024db8674a14
+
+test="Test Case 10"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbaddecaf888
+H=466923ec9ae682214f2c082badb39249
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=c835aa88aebbc94f5a02e179fdcfc3e4
+X1=f3bf7ba3e305aeb05ed0d2e4fe076666
+X2=20a51fa2302e9c01b87c48f2c3d91a56
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=e0b1f82ec484eea44e5ff30128df01cd
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=0339b5b9b3db2e5e4cc9a38986906bee
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=614b3195542ccc7683ae933c81ec8a62
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=a988a97e85eec28e76b95c29b6023003
+X3=714f9700ddf520f20695f6180c6e669d
+X4=e858680b7b240d2ecf7e06bbad4524e2
+X5=3f4865abd6bb3fb9f5c4a816f0a9b778
+X6=4256f67fe87b4f49422ba11af857c973
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=ed2ce3062e4a8ec06db8b4c490e8a268
+C=3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710
+T=2519498e80f1478f37ba55bd6d27618c
+
+test="Test Case 11"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbad
+H=466923ec9ae682214f2c082badb39249
+N1=9473c07b02544299cf007c42c5778218
+len({})||len(IV)=00000000000000000000000000000040
+Y0=a14378078d27258a6292737e1802ada5
+E(K,Y0)=7bb6d647c902427ce7cf26563a337371
+X1=f3bf7ba3e305aeb05ed0d2e4fe076666
+X2=20a51fa2302e9c01b87c48f2c3d91a56
+Y1=a14378078d27258a6292737e1802ada6
+E(K,Y1)=d621c7bc5690a7b1487dbaab8ac76b22
+Y2=a14378078d27258a6292737e1802ada7
+E(K,Y2)=43c1ca7de78f4495ad0b18324e61fa25
+Y3=a14378078d27258a6292737e1802ada8
+E(K,Y3)=e1e0254a0f2f1626e9aa4ff09d7c64ec
+Y4=a14378078d27258a6292737e1802ada9
+E(K,Y4)=5850f4502486a1681a9319ce7d0afa59
+X3=8bdedafd6ee8e529689de3a269b8240d
+X4=6607feb377b49c9ecdbc696344fe22d8
+X5=8a19570a06500ba9405fcece4a73fb48
+X6=8532826e63ce4a5b89b70fa28f8070fe
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=1e6a133806607858ee80eaf237064089
+C=0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7
+T=65dcc57fcf623a24094fcca40d3533f8
+
+test="Test Case 12"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+H=466923ec9ae682214f2c082badb39249
+N1=19aef0f04763b0c87903c5a217d5314f
+N2=62120253f79efc978625d1feb03b5b5b
+N3=b6ce2a84e366de900fa78a1653df77fb
+N4=374ecad90487f0bb261ba817447e022c
+len({})||len(IV)=000000000000000000000000000001e0
+Y0=4505cdc367a054c5002820e96aebef27
+E(K,Y0)=5ea3194f9dd012a3b9bc5103d6e0284d
+X1=f3bf7ba3e305aeb05ed0d2e4fe076666
+X2=20a51fa2302e9c01b87c48f2c3d91a56
+Y1=4505cdc367a054c5002820e96aebef28
+E(K,Y1)=0b4fba4de46722d9ed691f9f2029df65
+Y2=4505cdc367a054c5002820e96aebef29
+E(K,Y2)=9b4e088bf380b03540bb87a5a257e437
+Y3=4505cdc367a054c5002820e96aebef2a
+E(K,Y3)=9ddb9c873a5cd48acd3f397cd28f9896
+Y4=4505cdc367a054c5002820e96aebef2b
+E(K,Y4)=5716ee92eff7c4b053d44c0294ea88cd
+X3=f70d61693ea7f53f08c866d6eedb1e4b
+X4=dc40bc9a181b35aed66488071ef282ae
+X5=85ffa424b87b35cac7be9c450f0d7aee
+X6=65233cbe5251f7d246bfc967a8678647
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=82567fb0b4cc371801eadec005968e94
+C=d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b
+T=dcf566ff291c25bbb8568fc3d376a6d9
+
+test="Test Case 13"
+K=0000000000000000000000000000000000000000000000000000000000000000
+P=
+IV=000000000000000000000000
+H=dc95c078a2408989ad48a21492842087
+Y0=00000000000000000000000000000001
+E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b
+len(A)||len(C)=00000000000000000000000000000000
+GHASH(H,A,C)=00000000000000000000000000000000
+C=
+T=530f8afbc74536b9a963b4f1c4cb738b
+
+
+test="Test Case 14"
+K=0000000000000000000000000000000000000000000000000000000000000000
+P=00000000000000000000000000000000
+IV=000000000000000000000000
+H=dc95c078a2408989ad48a21492842087
+Y0=00000000000000000000000000000001
+E(K,Y0)=530f8afbc74536b9a963b4f1c4cb738b
+Y1=00000000000000000000000000000002
+E(K,Y1)=cea7403d4d606b6e074ec5d3baf39d18
+X1=fd6ab7586e556dba06d69cfe6223b262
+len(A)||len(C)=00000000000000000000000000000080
+GHASH(H,A,C)=83de425c5edc5d498f382c441041ca92
+C=cea7403d4d606b6e074ec5d3baf39d18
+T=d0d1c8a799996bf0265b98b5d48ab919
+
+test="Test Case 15"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255
+IV=cafebabefacedbaddecaf888
+H=acbef20579b4b8ebce889bac8732dad7
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=8b1cf3d561d27be251263e66857164e7
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=e29d258faad137135bd49280af645bd8
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=908c82ddcc65b26e887f85341f243d1d
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8
+X1=fcbefb78635d598eddaf982310670f35
+X2=29de812309d3116a6eff7ec844484f3e
+X3=45fad9deeda9ea561b8f199c3613845b
+X4=ed95f8e164bf3213febc740f0bd9c6af
+len(A)||len(C)=00000000000000000000000000000200
+GHASH(H,A,C)=4db870d37cb75fcb46097c36230d1612
+C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad
+T=b094dac5d93471bdec1a502270e3cc6c
+
+test="Test Case 16"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbaddecaf888
+H=acbef20579b4b8ebce889bac8732dad7
+Y0=cafebabefacedbaddecaf88800000001
+E(K,Y0)=fd2caa16a5832e76aa132c1453eeda7e
+X1=5165d242c2592c0a6375e2622cf925d2
+X2=8efa30ce83298b85fe71abefc0cdd01d
+Y1=cafebabefacedbaddecaf88800000002
+E(K,Y1)=8b1cf3d561d27be251263e66857164e7
+Y2=cafebabefacedbaddecaf88800000003
+E(K,Y2)=e29d258faad137135bd49280af645bd8
+Y3=cafebabefacedbaddecaf88800000004
+E(K,Y3)=908c82ddcc65b26e887f85341f243d1d
+Y4=cafebabefacedbaddecaf88800000005
+E(K,Y4)=749cf39639b79c5d06aa8d5b932fc7f8
+X3=abe07e0bb62354177480b550f9f6cdcc
+X4=3978e4f141b95f3b4699756b1c3c2082
+X5=8abf3c48901debe76837d8a05c7d6e87
+X6=9249beaf520c48b912fa120bbf391dc8
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=8bd0c4d8aacd391e67cca447e8c38f65
+C=522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662
+T=76fc6ece0f4e1768cddf8853bb2d551b
+
+
+test="Test Case 17"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=cafebabefacedbad
+H=acbef20579b4b8ebce889bac8732dad7
+N1=90c22e3d2aca34b971e8bd09708fae5c
+len({})||len(IV)=00000000000000000000000000000040
+Y0=0095df49dd90abe3e4d252475748f5d4
+E(K,Y0)=4f903f37fe611d454217fbfa5cd7d791
+X1=5165d242c2592c0a6375e2622cf925d2
+X2=8efa30ce83298b85fe71abefc0cdd01d
+Y1=0095df49dd90abe3e4d252475748f5d5
+E(K,Y1)=1a471fd432fc7bd70b1ec8fe5e6d6251
+Y2=0095df49dd90abe3e4d252475748f5d6
+E(K,Y2)=29bd481e1ea39d20eb63c7ea118b1792
+Y3=0095df49dd90abe3e4d252475748f5d7
+E(K,Y3)=e2898e46ac5cada3ba83cc1272618a5d
+Y4=0095df49dd90abe3e4d252475748f5d8
+E(K,Y4)=d3c6aefbcea602ce4e1fe026065447bf
+X3=55e1ff68f9249e64b95223858e5cb936
+X4=cef1c034383dc96f733aaa4c99bd3e61
+X5=68588d004fd468f5854515039b08165d
+X6=2378943c034697f72a80fce5059bf3f3
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=75a34288b8c68f811c52b2e9a2f97f63
+C=c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f
+T=3a337dbf46a792c45e454913fe2ea8f2
+
+test="Test Case 18"
+K=feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308
+P=d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39
+A=feedfacedeadbeeffeedfacedeadbeefabaddad2
+IV=9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b
+H=acbef20579b4b8ebce889bac8732dad7
+N1=0bfe66e2032f195516379f5fb710f987
+N2=f0631554d11409915feec8f9f5102aba
+N3=749b90dda19a1557fd9e9fd31fed1d14
+N4=7a6a833f260d848793b327cb07d1b190
+len({})||len(IV)=000000000000000000000000000001e0
+Y0=0cd953e2140a5976079f8e2406bc8eb4
+E(K,Y0)=71b54d092bb0c3d9ba94538d4096e691
+X1=5165d242c2592c0a6375e2622cf925d2
+X2=8efa30ce83298b85fe71abefc0cdd01d
+Y1=0cd953e2140a5976079f8e2406bc8eb5
+E(K,Y1)=83bcdd0af41a551452047196ca6b0cba
+Y2=0cd953e2140a5976079f8e2406bc8eb6
+E(K,Y2)=68151b79baea93c38e149b72e545e186
+Y3=0cd953e2140a5976079f8e2406bc8eb7
+E(K,Y3)=13fccf22159a4d16026ce5d58c7e99fb
+Y4=0cd953e2140a5976079f8e2406bc8eb8
+E(K,Y4)=132b64628a031e79fecd050675a64f07
+X3=e963941cfa8c417bdaa3b3d94ab4e905
+X4=2178d7f836e5fa105ce0fdf0fc8f0654
+X5=bac14eeba3216f966b3e7e011475b832
+X6=cc9ae9175729a649936e890bd971a8bf
+len(A)||len(C)=00000000000000a000000000000001e0
+GHASH(H,A,C)=d5ffcf6fc5ac4d69722187421a7f170b
+C=5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f
+T=a44a8266ee1c8eb0c8b5d4cf5ae9f19a
+
+
+
+
+
diff --git a/nss/cmd/bltest/tests/camellia_cbc/ciphertext0 b/nss/cmd/bltest/tests/camellia_cbc/ciphertext0
new file mode 100644
index 0000000..e789595
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/ciphertext0
@@ -0,0 +1 @@
+taydfPlRJe3wf8Td0xJ9Tw==
diff --git a/nss/cmd/bltest/tests/camellia_cbc/ciphertext1 b/nss/cmd/bltest/tests/camellia_cbc/ciphertext1
new file mode 100644
index 0000000..7dbd9b0
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/ciphertext1
@@ -0,0 +1 @@
+yoYCZwKnUMcS4ADHxnwObA==
diff --git a/nss/cmd/bltest/tests/camellia_cbc/ciphertext2 b/nss/cmd/bltest/tests/camellia_cbc/ciphertext2
new file mode 100644
index 0000000..007a2b0
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/ciphertext2
@@ -0,0 +1 @@
+T+Wn4cs1Sbqrh/XtNd4vzQ==
diff --git a/nss/cmd/bltest/tests/camellia_cbc/iv0 b/nss/cmd/bltest/tests/camellia_cbc/iv0
new file mode 100644
index 0000000..4e65bc0
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/iv0
@@ -0,0 +1 @@
+qwertyuiopasdfgh
diff --git a/nss/cmd/bltest/tests/camellia_cbc/key0 b/nss/cmd/bltest/tests/camellia_cbc/key0
new file mode 100644
index 0000000..13911cc
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/key0
@@ -0,0 +1 @@
+fedcba9876543210
diff --git a/nss/cmd/bltest/tests/camellia_cbc/key1 b/nss/cmd/bltest/tests/camellia_cbc/key1
new file mode 100644
index 0000000..a9cb2f1
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/key1
@@ -0,0 +1 @@
+fedcba9876543210fedcba98
diff --git a/nss/cmd/bltest/tests/camellia_cbc/key2 b/nss/cmd/bltest/tests/camellia_cbc/key2
new file mode 100644
index 0000000..ab55fe2
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/key2
@@ -0,0 +1 @@
+fedcba9876543210fedcba9876543210
diff --git a/nss/cmd/bltest/tests/camellia_cbc/numtests b/nss/cmd/bltest/tests/camellia_cbc/numtests
new file mode 100644
index 0000000..00750ed
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/numtests
@@ -0,0 +1 @@
+3
diff --git a/nss/cmd/bltest/tests/camellia_cbc/plaintext0 b/nss/cmd/bltest/tests/camellia_cbc/plaintext0
new file mode 100644
index 0000000..8d6a8d5
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_cbc/plaintext0
@@ -0,0 +1 @@
+0123456789abcdef
diff --git a/nss/cmd/bltest/tests/camellia_ecb/ciphertext0 b/nss/cmd/bltest/tests/camellia_ecb/ciphertext0
new file mode 100644
index 0000000..084ba78
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/ciphertext0
@@ -0,0 +1 @@
+6v0CGxSwow3AhsyhunfdbQ==
diff --git a/nss/cmd/bltest/tests/camellia_ecb/ciphertext1 b/nss/cmd/bltest/tests/camellia_ecb/ciphertext1
new file mode 100644
index 0000000..dbd6e5f
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/ciphertext1
@@ -0,0 +1 @@
+Nf1GwJiBtZT+VPJp+gBhPA==
diff --git a/nss/cmd/bltest/tests/camellia_ecb/ciphertext2 b/nss/cmd/bltest/tests/camellia_ecb/ciphertext2
new file mode 100644
index 0000000..0b278ce
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/ciphertext2
@@ -0,0 +1 @@
+ilB/0K3SI86Oecwh7cruGA==
diff --git a/nss/cmd/bltest/tests/camellia_ecb/key0 b/nss/cmd/bltest/tests/camellia_ecb/key0
new file mode 100644
index 0000000..13911cc
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/key0
@@ -0,0 +1 @@
+fedcba9876543210
diff --git a/nss/cmd/bltest/tests/camellia_ecb/key1 b/nss/cmd/bltest/tests/camellia_ecb/key1
new file mode 100644
index 0000000..a9cb2f1
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/key1
@@ -0,0 +1 @@
+fedcba9876543210fedcba98
diff --git a/nss/cmd/bltest/tests/camellia_ecb/key2 b/nss/cmd/bltest/tests/camellia_ecb/key2
new file mode 100644
index 0000000..ab55fe2
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/key2
@@ -0,0 +1 @@
+fedcba9876543210fedcba9876543210
diff --git a/nss/cmd/bltest/tests/camellia_ecb/numtests b/nss/cmd/bltest/tests/camellia_ecb/numtests
new file mode 100644
index 0000000..00750ed
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/numtests
@@ -0,0 +1 @@
+3
diff --git a/nss/cmd/bltest/tests/camellia_ecb/plaintext0 b/nss/cmd/bltest/tests/camellia_ecb/plaintext0
new file mode 100644
index 0000000..8d6a8d5
--- /dev/null
+++ b/nss/cmd/bltest/tests/camellia_ecb/plaintext0
@@ -0,0 +1 @@
+0123456789abcdef
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/aad0 b/nss/cmd/bltest/tests/chacha20_poly1305/aad0
new file mode 100644
index 0000000..a420ef1
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/aad0
@@ -0,0 +1 @@
+PQRSÀÁÂÃÄÅÆÇ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/aad1 b/nss/cmd/bltest/tests/chacha20_poly1305/aad1
new file mode 100644
index 0000000000000000000000000000000000000000..91287a1a2e38397b4bd5081fadab286c1fbd971a
GIT binary patch
literal 12
Pcmext+|kAW27VI(7}Nt4

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0 b/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0
new file mode 100644
index 0000000..a06f68b
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext0
@@ -0,0 +1 @@
+0xqNNGSOYNt7hq+8U+9+wqSt7VEpbgj+qeK1pzbuYtY9vqRejKlnEoL6+2naknKLGnHeCp4GCykF1qW2fs07NpLdvX8td4uMmAOu4ygJG1j6syTk+tZ1lFWFgItIMde8P/Te8I5Lep3ldtJlhs7GS2EWGuELWU8J4mp+kC7L0GAGkQ==
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1 b/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1
new file mode 100644
index 0000000..e7f0d01
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/ciphertext1
@@ -0,0 +1 @@
+ZKCGFXWGGvRg8GLHm+ZDvV6AXP00XPOJ8QhnCsdsjLJMbPwYdV1D7qCe6U44LSawvbe3PDIbAQDU8Dt/NViUzzMvgw5xC5fOmMioSr0LlIEUrRduAI0zvWD5grH/N8hVl5egbvTw72HBhjJOKzUGODYGkHtqfAKw+fYVe1PIZ+S5Fmx2e4BNRqWbUhbN56TpkEDFpAQzIl7igqGwoGxSPq9FNNf4P6EVWwBHcYy8VGoNBysEs1ZO6htCInP1SCcaC7IxYFP6dpkZVevWMVlDTs67TkZtrloQc6ZydicJehBJ5hfZHTYQlPpo8P93mHEwMFvqui7aBN+Ze3FNbG8sKaatXLQCKwJwm+6tnWeJDLsiOSM2/qGFHzg=
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/iv0 b/nss/cmd/bltest/tests/chacha20_poly1305/iv0
new file mode 100644
index 0000000000000000000000000000000000000000..7e8a175046dde8a759e54a088eac41101ebd5782
GIT binary patch
literal 12
TcmZQ)U|?`?baHlab#n&*3A6$v

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/iv1 b/nss/cmd/bltest/tests/chacha20_poly1305/iv1
new file mode 100644
index 0000000000000000000000000000000000000000..7c8b98f50daf0ac0902bf4c98da4c5f6a91ca994
GIT binary patch
literal 12
TcmZQzU|?WmVrF4wW9I+>0E7S~

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/key0 b/nss/cmd/bltest/tests/chacha20_poly1305/key0
new file mode 100644
index 0000000..503ecb8
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/key0
@@ -0,0 +1 @@
+€�‚ƒ„…†‡ˆ‰Š‹Œ�Ž��‘’“”•–—˜™š›œ�žŸ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/key1 b/nss/cmd/bltest/tests/chacha20_poly1305/key1
new file mode 100644
index 0000000..002bf1b
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/key1
@@ -0,0 +1 @@
+’@¥ëUÓŠó3ˆ†öµðG9Á@+€	�Ê\¼ puÀ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/numtests b/nss/cmd/bltest/tests/chacha20_poly1305/numtests
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/numtests
@@ -0,0 +1 @@
+2
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0 b/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0
new file mode 100644
index 0000000..74c2229
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/plaintext0
@@ -0,0 +1 @@
+Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1 b/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1
new file mode 100644
index 0000000..029317d
--- /dev/null
+++ b/nss/cmd/bltest/tests/chacha20_poly1305/plaintext1
@@ -0,0 +1 @@
+Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as /“work in progress./�
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/des3_cbc/ciphertext0 b/nss/cmd/bltest/tests/des3_cbc/ciphertext0
new file mode 100644
index 0000000..61dae31
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_cbc/ciphertext0
@@ -0,0 +1 @@
+KV3MDNGKWOc=
diff --git a/nss/cmd/bltest/tests/des3_cbc/iv0 b/nss/cmd/bltest/tests/des3_cbc/iv0
new file mode 100644
index 0000000..97b5955
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_cbc/iv0
@@ -0,0 +1 @@
+12345678
diff --git a/nss/cmd/bltest/tests/des3_cbc/key0 b/nss/cmd/bltest/tests/des3_cbc/key0
new file mode 100644
index 0000000..588efd1
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_cbc/key0
@@ -0,0 +1 @@
+abcdefghijklmnopqrstuvwx
diff --git a/nss/cmd/bltest/tests/des3_cbc/numtests b/nss/cmd/bltest/tests/des3_cbc/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_cbc/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/des3_cbc/plaintext0 b/nss/cmd/bltest/tests/des3_cbc/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/des3_ecb/ciphertext0 b/nss/cmd/bltest/tests/des3_ecb/ciphertext0
new file mode 100644
index 0000000..76dc820
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_ecb/ciphertext0
@@ -0,0 +1 @@
+RgckVNh4QcM=
diff --git a/nss/cmd/bltest/tests/des3_ecb/key0 b/nss/cmd/bltest/tests/des3_ecb/key0
new file mode 100644
index 0000000..588efd1
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_ecb/key0
@@ -0,0 +1 @@
+abcdefghijklmnopqrstuvwx
diff --git a/nss/cmd/bltest/tests/des3_ecb/numtests b/nss/cmd/bltest/tests/des3_ecb/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_ecb/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/des3_ecb/plaintext0 b/nss/cmd/bltest/tests/des3_ecb/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/des3_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/des_cbc/ciphertext0 b/nss/cmd/bltest/tests/des_cbc/ciphertext0
new file mode 100644
index 0000000..67d2ad1
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_cbc/ciphertext0
@@ -0,0 +1 @@
+Perdg9FMYQ4=
diff --git a/nss/cmd/bltest/tests/des_cbc/iv0 b/nss/cmd/bltest/tests/des_cbc/iv0
new file mode 100644
index 0000000..97b5955
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_cbc/iv0
@@ -0,0 +1 @@
+12345678
diff --git a/nss/cmd/bltest/tests/des_cbc/key0 b/nss/cmd/bltest/tests/des_cbc/key0
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_cbc/key0
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/des_cbc/numtests b/nss/cmd/bltest/tests/des_cbc/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_cbc/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/des_cbc/plaintext0 b/nss/cmd/bltest/tests/des_cbc/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/des_ecb/ciphertext0 b/nss/cmd/bltest/tests/des_ecb/ciphertext0
new file mode 100644
index 0000000..8be22fa
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_ecb/ciphertext0
@@ -0,0 +1 @@
+3bNoWzzNiFc=
diff --git a/nss/cmd/bltest/tests/des_ecb/key0 b/nss/cmd/bltest/tests/des_ecb/key0
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_ecb/key0
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/des_ecb/numtests b/nss/cmd/bltest/tests/des_ecb/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_ecb/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/des_ecb/plaintext0 b/nss/cmd/bltest/tests/des_ecb/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/des_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext0 b/nss/cmd/bltest/tests/dsa/ciphertext0
new file mode 100644
index 0000000..8e71505
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext0
@@ -0,0 +1 @@
+fB0bnKWvjT6X5NIkZ5l/Y/DXZ6QNI6j0iPhR/ZERkfj67xRnTWY1cg==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext1 b/nss/cmd/bltest/tests/dsa/ciphertext1
new file mode 100644
index 0000000..4420dc7
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext1
@@ -0,0 +1 @@
+UO0OgQ4/HHy2rGIzIFhEi9iyhMDGre0XIWtGt+S28ql8GtfMPag/3g==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext10 b/nss/cmd/bltest/tests/dsa/ciphertext10
new file mode 100644
index 0000000..55e975a
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext10
@@ -0,0 +1,2 @@
+namWZQDenTtrf0QcpVAjP8RQlEvFB+Ac1KywMC1y8fZoHoZ/fYvq6+ukvFsjKHYE
+pkz+4cFkWVo=
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext11 b/nss/cmd/bltest/tests/dsa/ciphertext11
new file mode 100644
index 0000000..62388f1
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext11
@@ -0,0 +1,2 @@
+Nj4BxWTzgKJ9fSOyB68/lh1I/AmVSH9gBSd11ySrPRBJFtkbKScpTkKdU3wG3SRj
+0YRQGMyihz6Qpsg3tEX93g==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext12 b/nss/cmd/bltest/tests/dsa/ciphertext12
new file mode 100644
index 0000000..5a933e6
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext12
@@ -0,0 +1,2 @@
+BZvunnCLfyDD95GmQO3ulk4KpnKJPEhHmXFYF7Oo9tRL1ByEpyTMhuTwGU7A+/N5
+5lTQ1/ah8IvUaBOUIqXDUw==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext13 b/nss/cmd/bltest/tests/dsa/ciphertext13
new file mode 100644
index 0000000..4a21643
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext13
@@ -0,0 +1,2 @@
+YzBV4FXyN8OJmdgcOXhIw4zOgKVbZJ2eeQXCmOKlFEcrv2gxdmDsHksVSRUCewvA
+DuGc/Av3XQGTBQTyzhCosA==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext14 b/nss/cmd/bltest/tests/dsa/ciphertext14
new file mode 100644
index 0000000..ca7896f
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext14
@@ -0,0 +1,2 @@
+T9jyXAWQMAJzgdQWfDF0tr4AiMFfClc9fr0Flg9aHrJfVoac7nv2T+xdXW6hW7H6
+EWkAOofszBYhuQobiSIm8g==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext15 b/nss/cmd/bltest/tests/dsa/ciphertext15
new file mode 100644
index 0000000..65e68f9
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext15
@@ -0,0 +1,2 @@
+akfqV86uzBFtcZD/bG3Zgxq3W0v2yykQg+Qmi0hu0kUBc1X2mKMqvppNSn3afIWV
+DN3DSKuKZ1HnL93AGqXR8A==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext16 b/nss/cmd/bltest/tests/dsa/ciphertext16
new file mode 100644
index 0000000..e72ae9e
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext16
@@ -0,0 +1,2 @@
+IcoUjN9EvkrpOy81O45RLQOtltr6gGI/3kkiqV8DJzJz5It3o6pEMHSDwt2JXLUd
+shEhd8GFxZyx3P8y/aAqTw==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext17 b/nss/cmd/bltest/tests/dsa/ciphertext17
new file mode 100644
index 0000000..8341730
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext17
@@ -0,0 +1,2 @@
+LlnV8w9zeB04JVtw3t7rOK54308ALB90fAjercZTAVVhXFWy3wyijGCms4XFj6A2
+34xLL08ZNXML+PTwvtE2EA==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext18 b/nss/cmd/bltest/tests/dsa/ciphertext18
new file mode 100644
index 0000000..56e3ad3
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext18
@@ -0,0 +1,2 @@
+U7rmxvM24usxHB6S2V/ESakpRE74HsQnlmCyANWUM95J86dOlT53p5Qa867+707U
+mb4gmXag7bP6Xny5YbDBEg==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext19 b/nss/cmd/bltest/tests/dsa/ciphertext19
new file mode 100644
index 0000000..16d0828
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext19
@@ -0,0 +1,2 @@
+dpVpihR1XbQgboULT18ZxUCwfQfgiqxZHiAIFkbm7tw9rgEVTs/3sZAHqVPxhfBm
+PvfyU38LFeBPs0PJYfNt4g==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext2 b/nss/cmd/bltest/tests/dsa/ciphertext2
new file mode 100644
index 0000000..e2442d9
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext2
@@ -0,0 +1 @@
+r+5xnn+Ei1Q0nMw7T7JgZYM6TY5zTv6ZIlbzEyXnSbwyokoflXs6Gw==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext20 b/nss/cmd/bltest/tests/dsa/ciphertext20
new file mode 100644
index 0000000..ead0ebb
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext20
@@ -0,0 +1,2 @@
+pApskFZUxV/FjpnH0aP+6ixb5kgj1Ahs6BHzNM/cRI1keAUJd+xYWYBFTgovJqAw
+N7khyliKeKTa/36E1JqKbA==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext3 b/nss/cmd/bltest/tests/dsa/ciphertext3
new file mode 100644
index 0000000..072c996
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext3
@@ -0,0 +1 @@
+dmg6CF1nQurflaYa91+IEnbP0mo7naf5km6qrQvr1IRcZ/zbZNEkUw==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext4 b/nss/cmd/bltest/tests/dsa/ciphertext4
new file mode 100644
index 0000000..4a5ebfa
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext4
@@ -0,0 +1 @@
+d8TZn2KzrX3R/mSY20Wl2nPOe94jhxoAKuUD/auqaoTcyPOHaXN/AQ==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext5 b/nss/cmd/bltest/tests/dsa/ciphertext5
new file mode 100644
index 0000000..707fd56
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext5
@@ -0,0 +1 @@
+pT8fjyC409RyDxSourUiawedmVMR9T9qTla1H2DiDUlXronhYq6mFg==
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext6 b/nss/cmd/bltest/tests/dsa/ciphertext6
new file mode 100644
index 0000000..1bba787
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext6
@@ -0,0 +1,2 @@
+Rd8vQj6UvxVd1OHZ5j8xXqYG3ThSfUz2Moc4yFmz6O+lvAzL9KPLtlFcS5v3hM+s
+3MEB3J+B0x8=
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext7 b/nss/cmd/bltest/tests/dsa/ciphertext7
new file mode 100644
index 0000000..d1a66d3
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext7
@@ -0,0 +1,2 @@
+ZRAuj2TssR8GAXsaDA3vPCmJfCd8SpSLH02muSGtCrsnvTwhFmy5au9wwNvV8wec
+qw3VQ9QSW9E=
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext8 b/nss/cmd/bltest/tests/dsa/ciphertext8
new file mode 100644
index 0000000..87fa10c
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext8
@@ -0,0 +1,2 @@
+nF+kaHndr1wU8H37UyBxX2em/sF5461TNC+20cPhfns8TQrI1J9N0PBMFqCU9C2g
+r8xskPXxu8g=
diff --git a/nss/cmd/bltest/tests/dsa/ciphertext9 b/nss/cmd/bltest/tests/dsa/ciphertext9
new file mode 100644
index 0000000..dad2c50
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/ciphertext9
@@ -0,0 +1,2 @@
+WrQ+3mahVogUbR9M1xZHAsDERXvU/d66wEgpU2xY6Ksn0oUSxGBjyWv1vOuPutIy
+2PWznEdV0LE=
diff --git a/nss/cmd/bltest/tests/dsa/dsa_fips.txt b/nss/cmd/bltest/tests/dsa/dsa_fips.txt
new file mode 100644
index 0000000..e657c08
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/dsa_fips.txt
@@ -0,0 +1,248 @@
+# CAVS 11.2
+# "SigGen" information for "dsa2_values"
+# Mod sizes selected: L=1024, N=160, SHA-1 L=1024, N=160, SHA-224 L=1024, N=160, SHA-256 L=1024, N=160, SHA-384 L=1024, N=160, SHA-512 L=2048, N=224, SHA-1 L=2048, N=224, SHA-224 L=2048, N=224, SHA-256 L=2048, N=224, SHA-384 L=2048, N=224, SHA-512 L=2048, N=256, SHA-1 L=2048, N=256, SHA-224 L=2048, N=256, SHA-256 L=2048, N=256, SHA-384 L=2048, N=256, SHA-512 L=3072, N=256, SHA-1 L=3072, N=256, SHA-224 L=3072, N=256, SHA-256 L=3072, N=256, SHA-384 L=3072, N=256, SHA-512
+# Generated on Tue Aug 16 11:21:08 2011
+#
+# These sample from NIST were used to generate dsa tests 1-20
+#
+
+[mod = L=1024, N=160, SHA-1]
+
+P = a8f9cd201e5e35d892f85f80e4db2599a5676a3b1d4f190330ed3256b26d0e80a0e49a8fffaaad2a24f472d2573241d4d6d6c7480c80b4c67bb4479c15ada7ea8424d2502fa01472e760241713dab025ae1b02e1703a1435f62ddf4ee4c1b664066eb22f2e3bf28bb70a2a76e4fd5ebe2d1229681b5b06439ac9c7e9d8bde283
+Q = f85f0f83ac4df7ea0cdf8f469bfeeaea14156495
+G = 2b3152ff6c62f14622b8f48e59f8af46883b38e79b8c74deeae9df131f8b856e3ad6c8455dab87cc0da8ac973417ce4f7878557d6cdf40b35b4a0ca3eb310c6a95d68ce284ad4e25ea28591611ee08b8444bd64b25f3f7c572410ddfb39cc728b9c936f85f419129869929cdb909a6a3a99bbe089216368171bd0ba81de4fe33
+Msg = 3b46736d559bd4e0c2c1b2553a33ad3c6cf23cac998d3d0c0e8fa4b19bca06f2f386db2dcff9dca4f40ad8f561ffc308b46c5f31a7735b5fa7e0f9e6cb512e63d7eea05538d66a75cd0d4234b5ccf6c1715ccaaf9cdc0a2228135f716ee9bdee7fc13ec27a03a6d11c5c5b3685f51900b1337153bc6c4e8f52920c33fa37f4e7
+X = c53eae6d45323164c7d07af5715703744a63fc3a
+Y = 313fd9ebca91574e1c2eebe1517c57e0c21b0209872140c5328761bbb2450b33f1b18b409ce9ab7c4cd8fda3391e8e34868357c199e16a6b2eba06d6749def791d79e95d3a4d09b24c392ad89dbf100995ae19c01062056bb14bce005e8731efde175f95b975089bdcdaea562b32786d96f5a31aedf75364008ad4fffebb970b
+K = 98cbcc4969d845e2461b5f66383dd503712bbcfa
+R = 50ed0e810e3f1c7cb6ac62332058448bd8b284c0
+S = c6aded17216b46b7e4b6f2a97c1ad7cc3da83fde
+
+[mod = L=1024, N=160, SHA-224]
+
+P = 8b9b32f5ba38faad5e0d506eb555540d0d7963195558ca308b7466228d92a17b3b14b8e0ab77a9f3b2959a09848aa69f8df92cd9e9edef0adf792ce77bfceccadd9352700ca5faecf181fa0c326db1d6e5d352458011e51bd3248f4e3bd7c820d7e0a81932aca1eba390175e53eada197223674e3900263e90f72d94e7447bff
+Q = bc550e965647fb3a20f245ec8475624abbb26edd
+G = 11333a931fba503487777376859fdc12f7c687b0948ae889d287f1b7a712ad220ae4f1ce379d0dbb5c9abf419621f005fc123c327e5055d1850634c36d397e689e111d598c1c3636b940c84f42f436846e8e7fcad9012ceda398720f32fffd1a45ab6136ce417069207ac140675b8f86dd063915ae6f62b0cec729fbd509ac17
+Msg = fb2128052509488cad0745ed3e6312850dd96ddaf791f1e624e22a6b9beaa65319c325c78ef59cacba0ccfa722259f24f92c17b77a8f6d8e97c93d880d2d8dbbbedcf6acefa06b0e476ca2013d0394bd90d56c10626ef43cea79d1ef0bc7ac452bf9b9acaef70325e055ac006d34024b32204abea4be5faae0a6d46d365ed0d9
+X = 6e2e31bbfc670944d7a7120e39a981520614d8a8
+Y = 7e339f3757450390160e02291559f30bed0b2d758c5ccc2d8d456232bb435ae49de7e7957e3aad9bfdcf6fd5d9b6ee3b521bc2229a8421dc2aa59b9952345a8fc1de49b348003a9b18da642d7f6f56e3bc665131ae9762088a93786f7b4b72a4bcc308c67e2532a3a5bf09652055cc26bf3b18833598cffd7011f2285f794557
+K = 8cb35d255505a4c41421e562d10827266aa68663
+R = afee719e7f848b54349ccc3b4fb26065833a4d8e
+S = 734efe992256f31325e749bc32a24a1f957b3a1b
+
+[mod = L=1024, N=160, SHA-256]
+
+P = cba13e533637c37c0e80d9fcd052c1e41a88ac325c4ebe13b7170088d54eef4881f3d35eae47c210385a8485d2423a64da3ffda63a26f92cf5a304f39260384a9b7759d8ac1adc81d3f8bfc5e6cb10efb4e0f75867f4e848d1a338586dd0648feeb163647ffe7176174370540ee8a8f588da8cc143d939f70b114a7f981b8483
+Q = 95031b8aa71f29d525b773ef8b7c6701ad8a5d99
+G = 45bcaa443d4cd1602d27aaf84126edc73bd773de6ece15e97e7fef46f13072b7adcaf7b0053cf4706944df8c4568f26c997ee7753000fbe477a37766a4e970ff40008eb900b9de4b5f9ae06e06db6106e78711f3a67feca74dd5bddcdf675ae4014ee9489a42917fbee3bb9f2a24df67512c1c35c97bfbf2308eaacd28368c5c
+Msg = 812172f09cbae62517804885754125fc6066e9a902f9db2041eeddd7e8da67e4a2e65d0029c45ecacea6002f9540eb1004c883a8f900fd84a98b5c449ac49c56f3a91d8bed3f08f427935fbe437ce46f75cd666a0707265c61a096698dc2f36b28c65ec7b6e475c8b67ddfb444b2ee6a984e9d6d15233e25e44bd8d7924d129d
+X = 2eac4f4196fedb3e651b3b00040184cfd6da2ab4
+Y = 4cd6178637d0f0de1488515c3b12e203a3c0ca652f2fe30d088dc7278a87affa634a727a721932d671994a958a0f89223c286c3a9b10a96560542e2626b72e0cd28e5133fb57dc238b7fab2de2a49863ecf998751861ae668bf7cad136e6933f57dfdba544e3147ce0e7370fa6e8ff1de690c51b4aeedf0485183889205591e8
+K = 85976c5610a74959531040a5512b347eac587e48
+R = 76683a085d6742eadf95a61af75f881276cfd26a
+S = 3b9da7f9926eaaad0bebd4845c67fcdb64d12453
+
+[mod = L=1024, N=160, SHA-384]
+
+P = f24a4afc72c7e373a3c30962332fe5405c45930963909418c30792aaf135ddea561e94f24726716b75a18828982e4ce44c1fddcb746487b6b77a9a5a17f868ab50cd621b5bc9da470880b287d7398190a42a5ee22ed8d1ff147e2019810c8298ed68e1ca69d41d555f249e649fb1725ddb075c17b37beff467fdd1609243373f
+Q = da065a078ddb56ee5d2ad06cafab20820d2c4755
+G = 47b5591b79043e4e03ca78a0e277c9a21e2a6b543bf4f044104cd9ac93eff8e101bb6031efc8c596d5d2f92e3a3d0f1f74702dd54f77d3cd46c04dee7a5de9f00ad317691fddcefe4a220a2651acae7fcedda92bfcca855db6705e8d864f8192bf6bf860c00f08ad6493ecc1872e0028d5c86d44505db57422515c3825a6f78a
+Msg = b0dbbf4a421ba5c5b0e52f09629801c113258c252f29898c3354706e39ec5824be523d0e2f8cfe022cd61165301274d5d621a59755f50404d8b802371ce616defa962e3636ae934ec34e4bcf77a16c7eff8cf4cc08a0f4849d6ad4307e9f8df83f24ad16ab46d1a61d2d7d4e21681eb2ae281a1a5f9bca8573a3f5281d308a5a
+X = 649820168eb594f59cd9b28b9aefe8cc106a6c4f
+Y = 43a27b740f422cb2dc3eaa232315883a2f6a22927f997d024f5a638b507b17d3b1cbd3ec691cc674470960a0146efdecb95bb5fe249749e3c806cd5cc3e7f7bab845dadbe1f50b3366fb827a942ce6246dda7bd2c13e1b4a926c0c82c884639552d9d46036f9a4bc2a9e51c2d76e3074d1f53a63224c4279e0fa460474d4ffde
+K = 33c7ba88ff69707971b25ac344ae4a566e195f99
+R = 77c4d99f62b3ad7dd1fe6498db45a5da73ce7bde
+S = 23871a002ae503fdabaa6a84dcc8f38769737f01
+
+[mod = L=1024, N=160, SHA-512]
+
+P = 88d968e9602ecbda6d86f7c970a3ffbeb1da962f28c0afb9270ef05bc330ca98c3adf83c072feb05fb2e293b5065bbb0cbcc930c24d8d07869deaecd92a2604c0f5dd35c5b431fda6a222c52c3562bf7571c710209be8b3b858818788725fe8112b7d6bc82e0ff1cbbf5d6fe94690af2b510e41ad8207dc2c02fb9fa5cefaab5
+Q = a665689b9e5b9ce82fd1676006cf4cf67ecc56b7
+G = 267e282857417752113fba3fca7155b5ce89e7c8a33c1a29122e2b720965fc04245267ff87fc67a5730fe5b308013aa3266990fbb398185a87e055b443a868ce0ce13ae6aee330b9d25d3bbb362665c5881daf0c5aa75e9d4a82e8f04c91a9ad294822e33978ab0c13fadc45831f9d37da4efa0fc2c5eb01371fa85b7ddb1f82
+Msg = 3a84a5314e90fd33bb7cd6ca68720c69058da1da1b359046ae8922cac8afc5e025771635fb4735491521a728441b5cb087d60776ee0ecc2174a41985a82cf46d8f8d8b274a0cc439b00971077c745f8cf701cf56bf9914cc57209b555dc87ca8c13da063270c60fc2c988e692b75a7f2a669903b93d2e14e8efb6fb9f8694a78
+X = 07ce8862e64b7f6c7482046dbfc93907123e5214
+Y = 60f5341e48ca7a3bc5decee61211dd2727cd8e2fc7635f3aabea262366e458f5c51c311afda916cb0dcdc5d5a5729f573a532b594743199bcfa7454903e74b33ddfe65896306cec20ebd8427682fa501ee06bc4c5d1425cbe31828ba008b19c9da68136cf71840b205919e783a628a5a57cf91cf569b2854ffef7a096eda96c9
+K = 2f170907ac69726b14f22056dcb37b4df85f7424
+R = a53f1f8f20b8d3d4720f14a8bab5226b079d9953
+S = 11f53f6a4e56b51f60e20d4957ae89e162aea616
+
+[mod = L=2048, N=224, SHA-1]
+
+P = f2d39ed3062b13c916273600a0f2a029e86d7a4b9217b4f1815bf2b24d9710a57ab33f997294b014585b8d0198dfdccbcd75314da5ff85aa344b45adaeaa979b51a312a7bfa94472fb633f1a6f156bb4458867dfd38403f06b851f00fe2d3484077bded71ab7513d04a140220575fb693395480e4c8402b7a46cec2d37a778c305accd1f13e9f62e865315f4b22cc467c8986ec8e4961ddf810566b0c4ee369ac6aa15e43f4744005826f5bde8071a19e30b6909aac4b3d174237270dad02799d09b8a2cc5f22e66894b5422228b2c234f11f5a771c5b89cf465a2acecbbeeaa1725fe8f9b59422be8991052cb556ddf2c8ce8fa9206dbf39feadc194e00f8e5
+Q = 8000000000000000c118f49835e4ef733c4d15800fcf059e884d31b1
+G = e3a93c09da6f560e4d483a382a4c546f2335c36a4c35ac1463c08a3e6dd415df56fdc537f25fd5372be63e4f5300780b782f1acd01c8b4eb33414615fd0ea82573acba7ef83f5a943854151afc2d7dfe121fb8cd03335b065b549c5dcc606be9052483bc284e12ac3c8dba09b426e08402030e70bc1cc2bf8957c4ba0630f3f32ad689389ac47443176063f247d9e2296b3ea5b5bc2335828ea1a080ed35918dee212fd031279d1b894f01afec523833669eac031a420e540ba1320a59c424a3e5849a460a56bcb001647885b1433c4f992971746bfe2977ce7259c550b551a6c35761e4a41af764e8d92132fcc0a59d1684eab90d863f29f41cf7578faa908c
+Msg = edc6fd9b6c6e8a59f283016f7f29ee16deeaa609b5737927162aef34fed985d0bcb550275637ba67831a2d4efccb35296dfe730f4a0b4f4728d1d7d1bb8f4a36238a5c94311fa1134a93a6b4de39c085e9f60ae4e237c0416d58042bb36baa38cba8c896295b745d5376fd8ce42eb6ee5a1b38f87716b265b76e58cfb24a9170
+X = 6132e551cdac88409183bd37ee1452cd247d4834b08814b275be3ff5
+Y = 289ff18c32a56bb0b8839370647683a38a5a7e291410b93207212adc8088d30f93e9e4abc523f3d46936e7d5c90d88742b36afd37563408f15c8c1a4f7ac24bf05f01008ffee70c8825d57c3a9308bad8a095af2b53b2dda3cbed846d95e301eb9b84766415d11f6c33209a0d28571096ab04a79aa0dc465997529686b68e887cd8a205c2dc8195aef0422eba9979f549ac85548e419413643b7244361153ada1480d238cd00dc16527938955548dd5d027ded1029eeeb8ed6c61b4cd59341d8b15466e9da890a989996f4d7691e6072de136af28b5874bf08bd1f8a60cfb1c00888132909f515e04bce81b02951aa41baac68ffdb8c5dc77a1d32d8f2c10dd7
+K = 7197392d32d0af6a7183cc3398556f8f687d86a8ff742be6ad38562f
+R = 45df2f423e94bf155dd4e1d9e63f315ea606dd38527d4cf6328738c8
+S = 59b3e8efa5bc0ccbf4a3cbb6515c4b9bf784cfacdcc101dc9f81d31f
+
+[mod = L=2048, N=224, SHA-224]
+
+P = aa815c9db1c4d3d2773c7d0d4d1da75ecfc4a39e97d5fa191ffec8b1490a290ce335e5ce87ea620a8a17de0bb64714e2ec840bf00e6ebdb4ffb4e324ca07c3c8717309af1410362a772c9add838b2b0cae1e90ab448adabdacd2e5df59c4187a32a23719d6c57e9400885383bf8f066f23b941920d54c35b4f7cc5044f3b40f17046956307b748e840732844d00a9ce6ec5714293b6265147f15c67f4be38b082b55fdeadb6124689fb76f9d25cc28b8eaa98b562d5c1011e0dcf9b39923240d332d89dc9603b7bddd0c70b83caa2905631b1c83cabbae6c0c0c2efe8f58131ed8351bf93e875f6a73a93cbad470141a2687fbacf2d71c8ddee971ad660729ad
+Q = ea347e90be7c2875d1fe1db622b4763837c5e27a6037310348c1aa11
+G = 2042094ccbc8b8723fc928c12fda671b83295e99c743576f44504be1186323319b5002d24f173df909ea241d6ea5289904ee4636204b2fbe94b068fe093f7962579549551d3af219ad8ed19939eff86bcec834de2f2f78596e89e7cb52c524e177098a56c232eb1f563aa84bc6b026deee6ff51cb441e080f2dafaea1ced86427d1c346be55c66803d4b76d133cd445b4c3482fa415023463c9bf30f2f784223e26057d3aa0d7fbb660630c52e49d4a0325c7389e072aa349f13c966e159752fbb71e9336890f93243fa6e72d299365ee5b3fe266ebf1110568fee4425c847b50210bd484b97431a42856adca3e7d1a9c9c675c7e266918320dd5a78a48c48a9
+Msg = e920fc1610718f2b0213d301c0092a51f3c6b0107bbbd8243a9689c044e2d142f202d9d195a5faef4be5acadc9ff6f7d2261e58b517139bcb9489b110423c2e59eb181294ffdae8aad0e624fab974c97f9f5e7dc19d678a9cb3429cf05ec509072856f5adfec6e29bafe8e5ba95593e612843e343111d88a1eaff7dc0a2e277f
+X = 7b489021578e79e7bd3ee7ab456f659f3dc07c88f5c9a39e4f8cee81
+Y = 1ae10c786ad0902c5c685dae5c7121418a377b888b5f2f2bc76623570fd62bcb190b471ad5359c5f062f8819289e956d8aa6f90d1f8cf1ee72d3a1bdfd56c478dc29a19c4569b5a60e3a8f34f60656eac5b25dde5514a5c67b675423204f6ccaf0990617cc7355b9d3ed868978a252020a769ed59a6edaa6efe3377eef45f3f6f3e64179cc7db8b143fb835c5d71bfcfa1e2a9049bccf7fe9ab57546220fe3f4b7521c861739d138507e81a46a6993605441dcb90d6ee4afbc42cabe90a254444968109d7edd9694a023239f1d56175dd1fac115915e24fab563f4fc3f269bed2f300832d112596485a711417aa73bb4ac72a651a1fa5baed3636c720d397008
+K = 37fadd419fcbd2b073a06ae96b9eceb63e29aee9ac5fa2bdb31ab85d
+R = 65102e8f64ecb11f06017b1a0c0def3c29897c277c4a948b1f4da6b9
+S = 21ad0abb27bd3c21166cb96aef70c0dbd5f3079cab0dd543d4125bd1
+
+[mod = L=2048, N=224, SHA-256]
+
+P = a4c7eaab42c4c73b757770916489f17cd50725cd0a4bc4e1cf67f763b8c1de2d6dab9856baafb008f365b18a42e14dc51f350b88eca0209c5aa4fd71a7a96c765f5901c21e720570d7837bec7c76d2e49344731ca39405d0a879b9e0dcd1a8125fd130ec1e783e654b94e3002e6b629e904ab3877867720cbd54b4270a9e15cd028c7cc796f06c272a660951928fdbeb2dca061b41e932257305742ff16e2f429191d5e5f1a6ddf6e78c5d7722cff80a9c0bd5c8d7aeba8c04438992b075e307c1534c49ad380f477f5f7987dc172c161dca38dcaf3fb3846c72c9119a5299adc748951b3dce0d00d4a9013800b2008203b72465bc6a84ae059a30c4522dea57
+Q = ce89fe332b8e4eb3d1e8ddcea5d163a5bc13b63f16993755427aef43
+G = 8c465edf5a180730291e080dfc5385397a5006450dba2efe0129264fbd897bb5579ca0eab19aa278220424724b4f2a6f6ee6328432abf661380646097233505339c5519d357d7112b6eec938b85d5aa75cc2e38092f0a530acb54e50fe82c4d562fb0f3036b80b30334023ebbe6637a0010b00c7db86371168563671e1e0f028aedbd45d2d572621a609982a073e51aae27707afbeef29e2ecee84d7a6d5da382be3a35f42b6c66849202ab19d025b869d08776476d1ab981475ad2ad2f3e6fd07e30696d90a626816df60d6ca7afd7b482f942f83b45cc82933731f87faee320900f2aa3e70b1867e1430e40be67c07f9290299ef067b8b24a7515b3f992c07
+Msg = cec8d2843dee7cb5f9119b75562585e05c5ce2f4e6457e9bcc3c1c781ccd2c0442b6282aea610f7161dcede176e774861f7d2691be6c894ac3ebf80c0fab21e52a3e63ae0b35025762ccd6c9e1fecc7f9fe00aa55c0c3ae33ae88f66187f9598eba9f863171f3f56484625bf39d883427349b8671d9bb7d396180694e5b546ae
+X = 551595eccbb003b0bf8ddda184a59da51e459a0d28205e5592ca4cb1
+Y = 748a40237211a2d9852596e7a891f43d4eb0ee48826c9cfb336bbb68dbe5a5e16b2e1271d4d13de03644bb85ef6be523a4d4d88415bcd596ba8e0a3c4f6439e981ed013d7d9c70336febf7d420cfed02c267457bb3f3e7c82145d2af54830b942ec74a5d503e4226cd25dd75decd3f50f0a858155d7be799410836ddc559ce99e1ae513808fdaeac34843dd7258f16f67f19205f6f139251a4186da8496d5e90d3fecf8ed10be6c25ff5eb33d960c9a8f4c581c8c724ca43b761e9fdb5af66bffb9d2ebb11a6b504a1fbe4f834ecb6ac254cab513e943b9a953a7084b3305c661bfad434f6a835503c9ade7f4a57f5c965ec301ecde938ee31b4deb038af97b3
+K = 6f326546aa174b3d319ef7331ec8dfd363dd78ae583a920165ff7e54
+R = 9c5fa46879ddaf5c14f07dfb5320715f67a6fec179e3ad53342fb6d1
+S = c3e17e7b3c4d0ac8d49f4dd0f04c16a094f42da0afcc6c90f5f1bbc8
+
+[mod = L=2048, N=224, SHA-384]
+
+P = a6bb5333ce343c31c9b2c878ab91eef2fdea35c6db0e716762bfc0d436d87506e865a4d2c8cfbbd626ce8bfe64563ca5686cd8cf081490f02445b289087982495fb69976b10242d6d50fc23b4dbdb0bef78305d9a4d05d9eae65d87a893eaf397e04e39baa85a26c8ffbdef1233287b5f5b6ef6a90f27a69481a932ee47b18d5d27eb107ffb05025e646e8876b5cb567fec1dd35835d42082198531fafbe5ae280c575a1fb0e62e9b3ca37e197ad96d9dde1f33f2cec7d27deae261c83ee8e2002af7eb6e82f6a14796af037577a1032bbc709129caabd8addf870ae2d0595c8fdb37155748f0dea34b44d4f82ed58c2f5b1b8481662ac53473c693410082fbd
+Q = 8c3ee5bd9a2aaf068bd5845bd55ecf27417055307577bbc3770ec68b
+G = 43b5a6b6d0bb962ec9766a377c32cc4124f1311188c2ecf95c0cd4a4fa097225b7618cb1276c474578d3bf564c145199c092a1b14baa929c2f3f0f36e0c2dae91eba08be30992a889f2952e0442c37af484a4ecdc3243ccfcb9e3413cf5cdd6630b09fe17efbfde14d8725493019b7b73d1f782b48ef30bec36e00e02ba336d2254fc202a69612cd9446f91d76b739ffa6d8b86052f8dc5f1145801c56241af5ba9037241bd89e6338b58e01310671c268eb5e33acb57d1f99f16440a675827d4017754d601a17ada2fbedf904554a90b01530da8c93cd14ce293cb2bd3e7937e934b79e310fe4d80c13f92f63381355bd80a1abee1a73fdfb6da24ef28002a3
+Msg = df5d564db83592c1128be5d29b7036880d55e834a291a745ed8dcd438c4da6b1b9f39412b2c5110730db83c1ccdfe9059dd96ec7ea2bbcb34e3eba72ef0a1d4721c7c0221e29279f014d63facc5bc8f18c539b92ff2af89e568225d6b4cf599cb3dff5e3c6ddfac0a27f10f636ec220abb72630bae9a39c18fd3663e4651ccac
+X = 4efa5136eb6aa74e92bbfc913b0bfebb613db7a47221fb7b64f42e6f
+Y = 647979b7960ce7b971ff0e5f6435f42a41b18c9de09a301114a013a7cd01183f176f88838379dcb4efb67daea79def3f042cbcf9cc503b4c2151a2364f7c9437b19643e67e24a36bac4a4cfa293deedf8ec6b154a32aa72985f7d8de235334b546c29def458c55d0c5c0ac5d74e2024ec7d4abc2fda516a2a0b1a4d886ad92c204707828a4fc7794f60ee8a4be1101c9e5518f7e19eebd475f2de6f6ba89c28bd129f13993befe5818440319a79549833196342a31dbaf7d79497dec65ee7dbef70e58f99d0595f6a711409ade3151d45563d53c1cd0a8ab1a18beff6502cbb0c069b114ea7be77898d0f4e549991ba0b368971b1072ece4afc380e9ae329a50
+K = 7e0f1ce21d185ae65c0a00395567ea9cf217462b58b9c89c4e5ff9cf
+R = 5ab43ede66a15688146d1f4cd7164702c0c4457bd4fddebac0482953
+S = 6c58e8ab27d28512c46063c96bf5bceb8fbad232d8f5b39c4755d0b1
+
+[mod = L=2048, N=224, SHA-512]
+
+P = bfebd000b2d6cd4ab38efba35df334df721d6c2f2b3d956679cbad009f3dfbd002952cc899cc2356ec8769bd3d1ba5a73023729888da92ca48a5ee94c97f4f04a2e3acb4f33a2f0fb3783c31f2c70fa7c70f38214a27dadec8b12e67996a9e85ee3bb148803130147392dc5253c04d7063535e6cd646bfb186984e08b58b74a7be5b333bf32b0abfd5665360e9a923a0c528ff1c62c7253458f5678528719d436e50148741f45dc7dd2c6cac71c55231f12a83fefd2ed0a33ede1b8a51f566fcf7890682cdc1931dc207c92bf2ef4e28ab31661eeb77f1601eea941c9591f038d3f00d912857db05e64b2ad569320061c6f863ff3354d842e7e7ea715afef8d1
+Q = aa986df8a064278e9363316a9830bcfa490656faa6d5daa817d87949
+G = 8195ad9a478fd985216ee58368366d2edd13c12b3d62239169fa042d91156408b483122f44ed6236b8308a6cdb52f9af3de88ec89e039afad7da3aa66c1976049a8e0a7d18d567baf99fcefe315cada01548386b10b25e52f52ed78eb4d28082e5e1ffee9480c4fe2cc4aafd1efc9d4fd2cc6d155968931271ef15b3240e7fb043a80c8f628befe09d645077c1029d21e0ac8bf0ba9c27714d1b580ede594aa01b3b76f6e745fc1ec07db37e2fd7e98c6c8c6915228e422c309de9f5db168f50249d1be1ed3298090808e2ebb896bb79b8c4cbf94d4c2064e37e612ba4449d7ac210edde211416d64b051dd8046ab041732665411a7f154d31b3e11a51da7fc0
+Msg = e9f59c6a5cbe8f5b0cf75008d06a076a6739bdddb39b82143cd03939aa4738a287c2a6f31829bbe15f02cc2ee7d7122dbd132825970daddd8a4d851da86e7edc8940cb1188319218b8e0248a103eae34bc68d85f5a32830d7e5dc7718f74db5e4224c0debe1e841e1eea1a88fee0f85d9fb087cbcee55f86037a646e38346d2b
+X = 6a5b4ffc44238d1852fb9b74e4c1661be85984043cfeee023f57cac6
+Y = af6721bf75dec6a1b76ad35ca3750def31117c5b441c15a306835a1db74c003b86ae9099ebfb745b0aa9cb000cf43fb021513b8f197bc865b22bf949b491809ad752ffc1ca8e54bea16dc7f539e4c55fb70a7743dd28f262f60ef0f2fcaac29e8021a7938c18ffe03075d0b7e0a2b4dcabe46ed1953d33e37f113af519ab0bf0b6186c12b5f6488437f5193096e2fd6a6a1835604794c66b42ae5265c1cf1cb53ae84997975e0318a93ce41e3902e4ef54de3c56555bd19491acd53f3e57464e1f460389dbc5fa80648fa5a5a0f2956e9ec3b8dc441b535c641c362eed770da828649bfd146472b0f46a4c064e459f88bff90dede7ec56177a9a71d167948712
+K = 9ced89ea5050982222830efef26e7394f5ab7d837d4549962d285fae
+R = 9da9966500de9d3b6b7f441ca550233fc450944bc507e01cd4acb030
+S = 2d72f1f6681e867f7d8beaebeba4bc5b23287604a64cfee1c164595a
+
+[mod = L=2048, N=256, SHA-1]
+
+P = c1a59d215573949e0b20a974c2edf2e3137ff2463062f75f1d13df12aba1076bb2d013402b60af6c187fb0fa362167c976c2617c726f9077f09e18c11b60f65008825bd6c02a1f57d3eb0ad41cd547de43d87f2525f971d42b306506e7ca03be63b35f4ada172d0a06924440a14250d7822ac2d5aeafed4619e79d4158a7d5eb2d9f023db181a8f094b2c6cb87cb8535416ac19813f07144660c557745f44a01c6b1029092c129b0d27183e82c5a21a80177ee7476eb95c466fb472bd3d2dc286ce25847e93cbfa9ad39cc57035d0c7b64b926a9c7f5a7b2bc5abcbfbdc0b0e3fede3c1e02c44afc8aefc7957da07a0e5fd12339db8667616f62286df80d58ab
+Q = 8000000000000000000000001bd62c65e8b87c89797f8f0cbfa55e4a6810e2c7
+G = aea5878740f1424d3c6ea9c6b4799615d2749298a17e26207f76cef340ddd390e1b1ad6b6c0010ad015a103342ddd452cac024b36e42d9b8ed52fafae7a1d3ce9e4b21f910d1356eb163a3e5a8184c781bf14492afa2e4b0a56d8884fd01a628b9662739c42e5c5795ade2f5f27e6de1d963917ce8806fc40d021cd87aa3aa3a9e4f0c2c4c45d2959b2578b2fb1a2229c37e181059b9d5e7b7862fa82e2377a49ed0f9dca820a5814079dd6610714efaf8b0cc683d8e72e4c884e6f9d4946b3e8d4cbb92adbbe7d4c47cc30be7f8c37ca81883a1aac6860059ff4640a29ccae73de20b12e63b00a88b2ee9ba94b75eb40a656e15d9ec83731c85d0effcb9ef9f
+Msg = de3605dbefde353cbe05e0d6098647b6d041460dfd4c000312be1afe7551fd3b93fed76a9763c34e004564b8f7dcacbd99e85030632c94e9b0a032046523b7aacdf934a2dbbdcfceefe66b4e3d1cb29e994ff3a4648a8edd9d58ed71f12399d90624789c4e0eebb0fbd5080f7d730f875a1f290749334cb405e9fd2ae1b4ed65
+X = 5a42e77248358f06ae980a2c64f6a22bea2bf7b4fc0015745053c432b7132a67
+Y = 880e17c4ae8141750609d8251c0bbd7acf6d0b460ed3688e9a5f990e6c4b5b00875da750e0228a04102a35f57e74b8d2f9b6950f0d1db8d302c5c90a5b8786a82c68ff5b17a57a758496c5f8053e4484a253d9942204d9a1109f4bd2a3ec311a60cf69c685b586d986f565d33dbf5aab7091e31aa4102c4f4b53fbf872d700156465b6c075e7f778471a23502dc0fee41b271c837a1c26691699f3550d060a331099f64837cddec69caebf51bf4ec9f36f2a220fe773cb4d3c02d0446ddd46133532ef1c3c69d432e303502bd05a75279a7809a742ac4a7872b07f1908654049419350e37a95f2ef33361d8d8736d4083dc14c0bb972e14d4c7b97f3ddfccaef
+K = 2cb9c1d617e127a4770d0a946fb947c5100ed0ca59454ea80479f6885ec10534
+R = 363e01c564f380a27d7d23b207af3f961d48fc0995487f60052775d724ab3d10
+S = 4916d91b2927294e429d537c06dd2463d1845018cca2873e90a6c837b445fdde
+
+[mod = L=2048, N=256, SHA-224]
+
+P = d02276ebf3c22ffd666983183a47ae94c9bccbcbf95ddcb491d1f7ce643549199992d37c79e7b032d26ed031b6ba4489f3125826fafb2726a98333ebd9abdde592d8693d9859536d9cc3841a1d24e044d35aced6136256fc6d6b615cf4f4163aa381eb2b4c480825a8eccc56d8ddcf5fe637e38ad9b2974bd2cf68bf271e0d067d2465a8b6b660524f0082598945ada58ea649b9804eb4753408c2c59768c46abb82e3295f3d9ca469f84cc187f572dc4b5a3b39346ec839dfad6f07d6d1f0e215209bb0ecc05c767cf2e7943ac9cfb02eee1e9ef5946e8ce88316b5e15fdcf95a132ef2e4bb0817136528cfa5dd96532f9c3abe5c421620edb6bcbd52234ca9
+Q = 8000000012997e8285e4089708f528070c6d7af8a0bd01409e7a079cdb6fc5bb
+G = 778453049ef262147fed7b59b0ee6764607c51e7b5b5fc6fea7a7a7b1dd6bb283f4a9ae98efd3964b1556758cb15b2a53af8619e74d85898bec77d3b3f382494ae5961a13ffc745da386182291519800f99dd710e00aeb15adee088e2798ee2e46f598526cf0f4667055d1ba009750041dc5cdd2725ff1d97dd340c8518af7671b87d39d67aeced84b66f84e0701efc82a5c9ef954ee576d24c385b14d63037f0d866fd424b4975bdd5485ed740cb932e843f906683f7c7b2c74775d901c361b847b519c0da699638da40bd736b783d2710b2c2cc26ef91271bf4e2c1929f876e902e2057164223bc78d6a2b9f6c0c7a7cb85922f7d6c4287ae23861f8128848
+Msg = 39f2d8d503aae8cd17854456ecfad49a18900d4375412bc689181ed9c2ccafea98dca689a72dc75e5367d3d3abfc2169700d5891cff70f69d9aca093b061b9f5057f94636bc2783115254344fb12e33b167272e198838a8728e7744ea9a2e8248e34d5906e298302472637b879de91c1a6f9f331a5cf98a5af29132990d27416
+X = 6ba81e6cd4367798aaab8b7af1135183a37c42a766dbd68cd2dce78f2670ef0f
+Y = 7bb31e98c7a0437f978a73d5dcfbdfbb09cc2499dfaf1eb5256bccd6358cabb5f67d04a42823463b7e957f2b9213f1fa8e5a98d614484701abb8c7d67641fe6ed06fa4527b493ddab2e74640fde3de70da693f1db2b8e26417040af0eea6cab451a795a52e187d2ee241b93f65c86c6d66f45834cce165ac5eb670d4f0095c23ce9757e3bdc636f991ee0073d90a09202edb35cc3ea1cf9adca1617fa0bffd9c126229a604a1d3bf4931ddf0b9942dfc8a2f8c09fcc97032564a79ae1ebe1e2ce49ff57839e7c43fa60b1603d15a450898aa4e4a1ee8065794126d64f013367096a83686b9f158c33b10f5f3b36cf1f6358b3f34f84b101dc26d3db68bcc95c8
+K = 45030b79a395b1632700cbaffead97998d02bed8e0656876fc0174e4bdb96f79
+R = 059bee9e708b7f20c3f791a640edee964e0aa672893c484799715817b3a8f6d4
+S = 4bd41c84a724cc86e4f0194ec0fbf379e654d0d7f6a1f08bd468139422a5c353
+
+[mod = L=2048, N=256, SHA-256]
+
+P = a8adb6c0b4cf9588012e5deff1a871d383e0e2a85b5e8e03d814fe13a059705e663230a377bf7323a8fa117100200bfd5adf857393b0bbd67906c081e585410e38480ead51684dac3a38f7b64c9eb109f19739a4517cd7d5d6291e8af20a3fbf17336c7bf80ee718ee087e322ee41047dabefbcc34d10b66b644ddb3160a28c0639563d71993a26543eadb7718f317bf5d9577a6156561b082a10029cd44012b18de6844509fe058ba87980792285f2750969fe89c2cd6498db3545638d5379d125dccf64e06c1af33a6190841d223da1513333a7c9d78462abaab31b9f96d5f34445ceb6309f2f6d2c8dde06441e87980d303ef9a1ff007e8be2f0be06cc15f
+Q = e71f8567447f42e75f5ef85ca20fe557ab0343d37ed09edc3f6e68604d6b9dfb
+G = 5ba24de9607b8998e66ce6c4f812a314c6935842f7ab54cd82b19fa104abfb5d84579a623b2574b37d22ccae9b3e415e48f5c0f9bcbdff8071d63b9bb956e547af3a8df99e5d3061979652ff96b765cb3ee493643544c75dbe5bb39834531952a0fb4b0378b3fcbb4c8b5800a5330392a2a04e700bb6ed7e0b85795ea38b1b962741b3f33b9dde2f4ec1354f09e2eb78e95f037a5804b6171659f88715ce1a9b0cc90c27f35ef2f10ff0c7c7a2bb0154d9b8ebe76a3d764aa879af372f4240de8347937e5a90cec9f41ff2f26b8da9a94a225d1a913717d73f10397d2183f1ba3b7b45a68f1ff1893caf69a827802f7b6a48d51da6fbefb64fd9a6c5b75c4561
+Msg = 4e3a28bcf90d1d2e75f075d9fbe55b36c5529b17bc3a9ccaba6935c9e20548255b3dfae0f91db030c12f2c344b3a29c4151c5b209f5e319fdf1c23b190f64f1fe5b330cb7c8fa952f9d90f13aff1cb11d63181da9efc6f7e15bfed4862d1a62c7dcf3ba8bf1ff304b102b1ec3f1497dddf09712cf323f5610a9d10c3d9132659
+X = 446969025446247f84fdea74d02d7dd13672b2deb7c085be11111441955a377b
+Y = 5a55dceddd1134ee5f11ed85deb4d634a3643f5f36dc3a70689256469a0b651ad22880f14ab85719434f9c0e407e60ea420e2a0cd29422c4899c416359dbb1e592456f2b3cce233259c117542fd05f31ea25b015d9121c890b90e0bad033be1368d229985aac7226d1c8c2eab325ef3b2cd59d3b9f7de7dbc94af1a9339eb430ca36c26c46ecfa6c5481711496f624e188ad7540ef5df26f8efacb820bd17a1f618acb50c9bc197d4cb7ccac45d824a3bf795c234b556b06aeb929173453252084003f69fe98045fe74002ba658f93475622f76791d9b2623d1b5fff2cc16844746efd2d30a6a8134bfc4c8cc80a46107901fb973c28fc553130f3286c1489da
+K = 117a529e3fdfc79843a5a4c07539036b865214e014b4928c2a31f47bf62a4fdb
+R = 633055e055f237c38999d81c397848c38cce80a55b649d9e7905c298e2a51447
+S = 2bbf68317660ec1e4b154915027b0bc00ee19cfc0bf75d01930504f2ce10a8b0
+
+[mod = L=2048, N=256, SHA-384]
+
+P = a6167c16fff74e29342b8586aed3cd896f7b1635a2286ff16fdff41a06317ca6b05ca2ba7c060ad6db1561621ccb0c40b86a03619bfff32e204cbd90b79dcb5f86ebb493e3bd1988d8097fa23fa4d78fb3cddcb00c466423d8fa719873c37645fe4eecc57171bbedfe56fa9474c96385b8ba378c79972d7aaae69a2ba64cde8e5654f0f7b74550cd3447e7a472a33b4037db468dde31c348aa25e82b7fc41b837f7fc226a6103966ecd8f9d14c2d3149556d43829f137451b8d20f8520b0ce8e3d705f74d0a57ea872c2bdee9714e0b63906cddfdc28b6777d19325000f8ed5278ec5d912d102109319cba3b6469d4672909b4f0dbeec0bbb634b551ba0cf213
+Q = 8427529044d214c07574f7b359c2e01c23fd97701b328ac8c1385b81c5373895
+G = 6fc232415c31200cf523af3483f8e26ace808d2f1c6a8b863ab042cc7f6b7144b2d39472c3cb4c7681d0732843503d8f858cbe476e6740324aaa295950105978c335069b919ff9a6ff4b410581b80712fe5d3e04ddb4dfd26d5e7fbca2b0c52d8d404343d57b2f9b2a26daa7ece30ceab9e1789f9751aaa9387049965af32650c6ca5b374a5ae70b3f98e053f51857d6bbb17a670e6eaaf89844d641e1e13d5a1b24d053dc6b8fd101c624786951927e426310aba9498a0042b3dc7bbc59d705f80d9b807de415f7e94c5cf9d789992d3bb8336d1d808cb86b56dde09d934bb527033922de14bf307376ab7d22fbcd616f9eda479ab214a17850bdd0802a871c
+Msg = 8c78cffdcf25d8230b835b30512684c9b252115870b603d1b4ba2eb5d35b33f26d96b684126ec34fff67dfe5c8c856acfe3a9ff45ae11d415f30449bcdc3bf9a9fb5a7e48afeaba6d0b0fc9bce0197eb2bf7a840249d4e550c5a25dc1c71370e67933edad2362fae6fad1efba5c08dc1931ca2841b44b78c0c63a1665ffac860
+X = 459eb1588e9f7dd4f286677a7415cb25a1b46e7a7cfadc8a45100383e20da69d
+Y = 5ca7151bca0e457bbc46f59f71d81ab16688dc0eb7e4d17b166c3326c5b12c5bdebb3613224d1a754023c50b83cb5ecc139096cef28933b3b12ca31038e4089383597c59cc27b902be5da62cae7da5f4af90e9410ed1604082e2e38e25eb0b78dfac0aeb2ad3b19dc23539d2bcd755db1cc6c9805a7dd109e1c98667a5b9d52b21c2772121b8d0d2b246e5fd3da80728e85bbf0d7067d1c6baa64394a29e7fcbf80842bd4ab02b35d83f59805a104e0bd69d0079a065f59e3e6f21573a00da990b72ea537fa98caaa0a58800a7e7a0623e263d4fca65ebb8eded46efdfe7db92c9ebd38062d8f12534f015b186186ee2361d62c24e4f22b3e95da0f9062ce04d
+K = 2368037a1c7647c683d7e301ac79b7feebc736effe3ab1644b68308b4b28620d
+R = 4fd8f25c059030027381d4167c3174b6be0088c15f0a573d7ebd05960f5a1eb2
+S = 5f56869cee7bf64fec5d5d6ea15bb1fa1169003a87eccc1621b90a1b892226f2
+
+[mod = L=2048, N=256, SHA-512]
+
+P = f63da3be9a9616196c6556f3ce6fd8b98bdda9137473da46fed970e2b8d147387a81922065d528a7d6433ebc5e35b15c67ea35a5a5bff5b9cef1cd1e6fe31dda52838da3aa89b9b4e8d9d3c0732ccc4f238ce1b416c4ca93f2c6800e5f4ed41c4f7615cec5531b98680b20dc63f73e70d803aacfaece33d45fa0e39d77c8508209528b9046b5917010791234397e412d22bc0b8d67cbd1cd28a32c2460a0bd86aaba0eea80e16e3245643171e34221760c203a56b8207a1009e6c1a2f6cda85f85c4f9e410b9499233c0ee072e465af4fb4fb9282c5c10e8234fd630ea92f0aae6b97a520db34475707b79a4c175265c0356ccbca827e3837df3d6d0576d9079
+Q = 9b7463f8269f0b909abed10991684f36a64ac864e0d6d717c0ef21577a4c3907
+G = 972a75f606e8aa3a91ff08fd131a20f5963251304e3d1431b712fa0803d527fd710fb7eb27e52904971cd43ca977199a24dbeeb4b7bc2ba075d3b72eb6b2c5ad8f0e8b8f48c50b554c7e0711f4c7416330806672498f430292724bf98a8ea48c7f53d7b31d8b7528b1a6f087d2c27c335202835b1e314225b37aef8bfcec7d80920c4a460a3d68344ded75ed9ee867fa2a6945063894f563b68633b8b39f83a1aaaf5a96c7f422687e7c84cf8fb8cc5f4504dff087bcb26a95bbf8583f03b3a0e43a356b2bd7e25cdddf7a015300faecc6793c5ee99b6327cb8456e32d9115339d5a6b712b7f9d0301acb05133e3115e454d3a6dd24a1693c94aab5406504bf7
+Msg = 8ab01510cfa33cfa5bcff003bba39996fa727693abf6ac010bb959b0b59a15306c0c3a1921af2a76717aa55b39fa3723f4c3229ca9acf6b741614bb551cde8a7220ab97d4b453bec1e05a0eaa42e382bbc7b9b84f8237dc8964ee5b66e9b2a4ca61cf675140efef54fb327a665def8d57ab097e8c53c643fcb58209c4215b608
+X = 5f6e545daef6cd1b8d9848dd98758807236ac0b7ff053b32c703eaa3b1147557
+Y = 41197ce2233d7e48c803cd64c78f657923b9e36b871401f8661c21d8ba38c6b9b3239db767b11d1d401e5faecbf7a45860cc5f1a54d60286b7d6e1c99fd5b8c84ed851c5357d41ad60163f224d78c996143fff89dd3a8fe123dae1f621427fd8cce76ed138d68fa248f374ae233249625b93f3dd5937d15e541b7effa4df4fea7d52faced615bfe0348418ff93e69a20a52e55c76cc30f307f84e71e4aabc0825eca3a95b4bd58ebfb0029d23a169e9d80ba7d1c5fd35395e6602e089aa9918f08bae35ae1cac7af33694129e98f0dadadd90eaeb6eed25024390b1a60af794734c397b0f509865b134b2867c115d6f489b6dd7e3c82994b45dce2a23c6bc902
+K = 5fe61afddbdf04449b24295a52a1a037d3f31441a3cec138b7f0102db86ef132
+R = 6a47ea57ceaecc116d7190ff6c6dd9831ab75b4bf6cb291083e4268b486ed245
+S = 017355f698a32abe9a4d4a7dda7c85950cddc348ab8a6751e72fddc01aa5d1f0
+
+[mod = L=3072, N=256, SHA-1]
+
+P = fd5a6c56dd290f7dd84a29de17126eb4e4487b3eff0a44abe5c59792d2e1200b9c3db44d528b9f7d2248032e4ba0f7bfc4fafc706be511db2276c0b7ecffd38da2e1c2f237a75390c1e4d3239cba8e20e55840ecb05df5f01a1b6977ad1906f2cb544ccfb93b901ad0966b1832ad2dab526244a3156c905c01ac51cb73b9dcd9860d56175a425d846485d9b1f44a8a0c2578e6cf61947bc1a1392fdd320b16a9d70455fe436f2d47ded8e8e605f7486eb578ea7fc4ffd13c07f9996af159fd411e9451403278dd1141a8c926b35c96384bbd6bee09c46f44c36b1ffc7197f5e925dbe0544a68e6ab8c18e426a466b392f9c27dd79fefa9ca163cc5a375539a8559f277f657a535d1964c6a5e91683ef5698ebaa01ef818dbf72cb04c3ff092d188866f25cd405108f566b087f73d2d5beb51fac6de84ae5161a66af9602c7e4bfc146f4820bdfc092faeac69133e4a08a5b202a12498a22e57bad54674ed4b510109d52b5f74e70e1f6f82161718cd4cf00cc9f1958acc8bddcdfbd1fbe46cd1
+Q = 800000000000000000000000334a26dd8f49c6811ce81bb1342b06e980f64b75
+G = 99ab030a21a5c9818174872167641c81c1e03c9b274cfbc27bc472542927766de5fa0539b3b73f3f16ac866a9aec8b445ded97fbff08834ed98c77e7fc89e5dc657bef766ff7fbf8e76873e17bee412762d56fe1141760ab4d25bafd4b6ef25b49a3506632d1f8e10770930760ec1325932c5a4baf9e90154264ddf442ec5c41fed95d11525151dbcfb3758149bad81c62b9cff7816b8f953b8b7c022590d1584e921dc955f5328ac72983ed5cf0d04056fe0d531e62f8f6c9ab3c0fcd44e14860b7311d2561c77c1d32f6c69dc8f77968c9d881ad9db5e0c114fda8628bca0335eb7fb9e15e625aabab58fc01194c81bf6fb2ce54077b82250e57c6a7b25deb6ee39d4b686a5c307a7612b2d85ee92512413dea297e44f317be7ceb70a3328af0b401001a418562b8ffe4e9771b4b4a8e0b40c791349d5d4e459fe620a1a2fc72e2f6ca28567d4c2632bbde1b49864c06bb12619f132c1da8f571ef613eac739f66ab3914cb3fa1ab86e05e5082ebaa24ebeea4cf51beefc27df512fe3fee7d
+Msg = ca84af5c9adbc0044db00d7acfb1b493aab0388ffbad47b38cd3e9e3111cfe2cda2a45f751c46862f05bdcec4b698adfd2e1606e484c3be4ac0c379d4fbc7c2cda43e922811d7f6c33040e8e65d5f317684b90e26387cf931fe7c2f515058d753b08137ff2c6b79c910de8283149e6872cb66f7e02e66f2371785129569362f1
+X = 433cfd0532ccfd8cdd1b25920d2bb7396987b766240379035b0e86527ce9c52d
+Y = e7c2ee18c3aa362c0182c6a56c2584628083c73e045beda8d653690c9c2f6544edf9702c57c455273905336a5f5171107a313cd7d0b0f50f8d3342c60219f22a9023394059d05f464c4496d55dab6eb0898527ff4cf5678e7b5bfb5e18d92c4a9d73288cce14530fc4702f6d0397ec39a880c4a72d358730c56633386ede028023c1791f3164d1574e7823c79b8a3ca1343ea166ba6f02b7ff7e9ef2198db107f7cc159f3b6a1c00a78c355c566deb0ac6fde3f633cb9177a1fbc6c1766ca021d5fec470101abb440d2f06982181a8c92b7cdd765336b9a1e1ab70283d6db0a963fb648c37c4e29a74c37577291049ab47cdbc104c04db966681ea8ebb9f00cf4c4a5462117379575fbda4b801979451fa94b19b4e93656705c0f734f3e0914bb96c1e2b8a0fb68faf14296efdf3300ad95bcde8b67cc4b26e6488eef925cfaeac6f0d6567e8b41355f89d1c2b8fe687bfa2df5e287e1305b89b8c388c26196090ac0351abc561aadc797da8ccea4146c3e96095ebce353e0da4c55019052caa
+K = 40f503abd70fd49a76c67a83e08b062b3fd465ad92be433c080e5f295bb9f559
+R = 21ca148cdf44be4ae93b2f353b8e512d03ad96dafa80623fde4922a95f032732
+S = 73e48b77a3aa44307483c2dd895cb51db2112177c185c59cb1dcff32fda02a4f
+
+[mod = L=3072, N=256, SHA-224]
+
+P = f63b3cdd646d8e7ddb57216aa6eec2134d707488a1f29cfa9970645f1227ea5db2e318eea5da1687c7ed90509669345ed6134cff32203ab72aecbfa693d216aeb55d8d28a981f4abff07d1319a799be5dd746f84842817929c305b408598af12045daa2f1ccc8be4d81b513c630f017fec1658aca108a1af6120ec05e3018c4253c9dd35bce062b73d0f2a93d41c481a5c43bb97909682d39a9a60dc3c35e36375dec6ced0d2db3ba0d111bedea701a0e4753624977a9e75b70a74e2b81e38a52ab22da131b35416d3cec9663079746a763476e57598142e39861545daaf8d38a176f26c71f5afebd9c5620da80cf3452b55c37c661b4a1ec0351710b9de4a3cbe0b98b4d9ec89128d97aa7efb19db8ba43cc0be25c200f90e1506cb78ec0c336d7a95613d4204e8ed68d0f0a6c78420105a8d2d438fbd2551a64a1a0b03ffb878742f8c9979cfa87394150281998d51701d5fcfa9696a4989fd25f400955e626b1abe926c0afa69aa6981900effcdd030592f82b2042a47a9a5a8cb0283dc4d
+Q = 80000000ba4634b5fa4da054bd0ca48ae490e57711f381193842429159ba7ca1
+G = 8ad4553c4e49aa24728ab5024417b132d2ca53a55d959458f2f759adb0435beeefa3a2cfcd0038e2420643fc4a4deeb5d9feaa1edf21193b40e14b42982a94f35c58b81147d7189d263c9b12fe63ab9fa5f6f03a2860c186432e3ab04f2ab0f2fb6147bd9bf7ed5d20713b9da21383e2c3a168e7d09d3d8a5a058fd23095b5acfeb864a3306be2425fa1ad32ad6d9382e603b03c68af4af0246397102c4155cba811abf99da7839e77b2eac9970588ca1d0a2361723a164ac9229c2e80dcfa8db4f9e29803effb3168c7fed7a3a6de40dda19a0536af9b5b7afaefb9c70d6ae8df12da658f6236043aea873db29ceb6f07d108f5225687bd0c30e3084e2090b45ae2f92a97b8ecb7a9705c4956b8b31c4a3d61107c84e47adda6c80d5d22dab3d859220f9d5aab13677ae3df168f0c176d176b54506c639853f04ddef2722f39c18e5ce426e14562ad8ff26247af88870efb72c0cce836de8fee67a662378245b502bf1f83099988a093ce7cdc81364c78b1f4a51b800df6137c71d65e6b089a
+Msg = 957973fc3f3fe3f559065be5d4a0c281cf17959018b9a670d2b3706d41d5812e37301005f8b70ebd2fba3c40a3f377a751b6cb9693e3cb00d92888247d07921d3c1e9257ce08733b8926e0df7bdb6e855f1f851075d4e628d110d42b643b54876e5faa3611477ee68371562555269ed62a9271bad50cc4d46038de2dd41920c2
+X = 524a7ea5977f8102b3552930477f5f042401165d4637dcd8b9d13df4f3aae5d0
+Y = 42243539e49db9ea19d98d97f6f2a94b23529812df889eaabcfeda01ce4c759487fb89bc82da75fe1c9134361f86de47d16d8eee80e56ac502178e8ed8129477af8bfbd8262c5edd937e1a86c0f0e7b2afe7bcbddfcb5814ced0b756a76ca178423bb4d578c5da183712d968582640aa0ec7e9fb56bfd960d7a57549747d8fb7ade47cfe816c1e57da6633dacc537de060813964bb5b2757a312f9da3d84e60aff98170051d3d90e380b8bcc1986c58ff9dc91e8827d4f9f5fc4b2b2e743cf9389ff02dec01f5d434b430d162e891c3355f91855339f8df58300e4c993ae4df8c4318b5c4bd05283ca4b46b7d2fb0f6476bf15907f50dd4141aa7acac9daa62eccd3a67357122060b6cece0446a93eb230ad93bc9a4d1b1efeeca1e3fc83c119785035b439509ffb7968b1a448b7bd8315753fdf04a256eca1562a11b096c90a36b353659cbde4420e17e90b94c43c7519c60641ceec056f897b97d6bb1861268e0dc79b7c3b6b7639c255bf06865737459126cb465bc1da4a043a1963da7d63
+K = 29e4d7790e181b4767903fe0eb37757f33f13337c33588c1fdbfba0e655ab621
+R = 2e59d5f30f73781d38255b70dedeeb38ae78df4f002c1f747c08deadc6530155
+S = 615c55b2df0ca28c60a6b385c58fa036df8c4b2f4f1935730bf8f4f0bed13610
+
+[mod = L=3072, N=256, SHA-256]
+
+P = c7b86d7044218e367453d210e76433e4e27a983db1c560bb9755a8fb7d819912c56cfe002ab1ff3f72165b943c0b28ed46039a07de507d7a29f738603decd1270380a41f971f2592661a64ba2f351d9a69e51a888a05156b7fe1563c4b77ee93a44949138438a2ab8bdcfc49b4e78d1cde766e54984760057d76cd740c94a4dd25a46aa77b18e9d707d6738497d4eac364f4792d9766a16a0e234807e96b8c64d404bbdb876e39b5799ef53fe6cb9bab62ef19fdcc2bdd905beda13b9ef7ac35f1f557cb0dc458c019e2bc19a9f5dfc1e4eca9e6d466564124304a31f038605a3e342da01be1c2b545610edd2c1397a3c8396588c6329efeb4e165af5b368a39a88e4888e39f40bb3de4eb1416672f999fead37aef1ca9643ff32cdbc0fcebe628d7e46d281a989d43dd21432151af68be3f6d56acfbdb6c97d87fcb5e6291bf8b4ee1275ae0eb4383cc753903c8d29f4adb6a547e405decdff288c5f6c7aa30dcb12f84d392493a70933317c0f5e6552601fae18f17e6e5bb6bf396d32d8ab9
+Q = 876fa09e1dc62b236ce1c3155ba48b0ccfda29f3ac5a97f7ffa1bd87b68d2a4b
+G = 110afebb12c7f862b6de03d47fdbc3326e0d4d31b12a8ca95b2dee2123bcc667d4f72c1e7209767d2721f95fbd9a4d03236d54174fbfaff2c4ff7deae4738b20d9f37bf0a1134c288b420af0b5792e47a92513c0413f346a4edbab2c45bdca13f5341c2b55b8ba54932b9217b5a859e553f14bb8c120fbb9d99909dff5ea68e14b379964fd3f3861e5ba5cc970c4a180eef54428703961021e7bd68cb637927b8cbee6805fa27285bfee4d1ef70e02c1a18a7cd78bef1dd9cdad45dde9cd690755050fc4662937ee1d6f4db12807ccc95bc435f11b71e7086048b1dab5913c6055012de82e43a4e50cf93feff5dcab814abc224c5e0025bd868c3fc592041bba04747c10af513fc36e4d91c63ee5253422cf4063398d77c52fcb011427cbfcfa67b1b2c2d1aa4a3da72645cb1c767036054e2f31f88665a54461c885fb3219d5ad8748a01158f6c7c0df5a8c908ba8c3e536822428886c7b500bbc15b49df746b9de5a78fe3b4f6991d0110c3cbff458039dc36261cf46af4bc2515368f4abb7
+Msg = cb06e02234263c22b80e832d6dc5a1bee5ea8af3bc2da752441c04027f176158bfe68372bd67f84d489c0d49b07d4025962976be60437be1a2d01d3be0992afa5abe0980e26a9da4ae72f827b423665195cc4eed6fe85c335b32d9c03c945a86e7fa99373f0a30c6eca938b3afb6dff67adb8bece6f8cfec4b6a12ea281e2323
+X = 3470832055dade94e14cd8777171d18e5d06f66aeff4c61471e4eba74ee56164
+Y = 456a105c713566234838bc070b8a751a0b57767cb75e99114a1a46641e11da1fa9f22914d808ad7148612c1ea55d25301781e9ae0c9ae36a69d87ba039ec7cd864c3ad094873e6e56709fd10d966853d611b1cff15d37fdee424506c184d62c7033358be78c2250943b6f6d043d63b317de56e5ad8d1fd97dd355abe96452f8e435485fb3b907b51900aa3f24418df50b4fcdafbf6137548c39373b8bc4ba3dabb4746ebd17b87fcd6a2f197c107b18ec5b465e6e4cb430d9c0ce78da5988441054a370792b730da9aba41a3169af26176f74e6f7c0c9c9b55b62bbe7ce38d4695d48157e660c2acb63f482f55418150e5fee43ace84c540c3ba7662ae80835c1a2d51890ea96ba206427c41ef8c38aa07d2a365e7e58380d8f4782e22ac2101af732ee22758337b253637838e16f50f56d313d07981880d685557f7d79a6db823c61f1bb3dbc5d50421a4843a6f29690e78aa0f0cff304231818b81fc4a243fc00f09a54c466d6a8c73d32a55e1abd5ec8b4e1afa32a79b01df85a81f3f5cfe
+K = 3d7c068a3978b2d8fe9034bcad65ad7c300c4440e4085de280e577eea72c1207
+R = 53bae6c6f336e2eb311c1e92d95fc449a929444ef81ec4279660b200d59433de
+S = 49f3a74e953e77a7941af3aefeef4ed499be209976a0edb3fa5e7cb961b0c112
+
+[mod = L=3072, N=256, SHA-384]
+
+P = a410d23ed9ad9964d3e401cb9317a25213f75712acbc5c12191abf3f1c0e723e2333b49eb1f95b0f9748d952f04a5ae358859d384403ce364aa3f58dd9769909b45048548c55872a6afbb3b15c54882f96c20df1b2df164f0bac849ca17ad2df63abd75c881922e79a5009f00b7d631622e90e7fa4e980618575e1d6bd1a72d5b6a50f4f6a68b793937c4af95fc11541759a1736577d9448b87792dff07232415512e933755e12250d466e9cc8df150727d747e51fea7964158326b1365d580cb190f4518291598221fdf36c6305c8b8a8ed05663dd7b006e945f592abbecae460f77c71b6ec649d3fd5394202ed7bbbd040f7b8fd57cb06a99be254fa25d71a3760734046c2a0db383e02397913ae67ce65870d9f6c6f67a9d00497be1d763b21937cf9cbf9a24ef97bbcaa07916f8894e5b7fb03258821ac46140965b23c5409ca49026efb2bf95bce025c4183a5f659bf6aaeef56d7933bb29697d7d541348c871fa01f869678b2e34506f6dc0a4c132b689a0ed27dc3c8d53702aa584877
+Q = abc67417725cf28fc7640d5de43825f416ebfa80e191c42ee886303338f56045
+G = 867d5fb72f5936d1a14ed3b60499662f3124686ef108c5b3da6663a0e86197ec2cc4c9460193a74ff16028ac9441b0c7d27c2272d483ac7cd794d598416c4ff9099a61679d417d478ce5dd974bf349a14575afe74a88b12dd5f6d1cbd3f91ddd597ed68e79eba402613130c224b94ac28714a1f1c552475a5d29cfcdd8e08a6b1d65661e28ef313514d1408f5abd3e06ebe3a7d814d1ede316bf495273ca1d574f42b482eea30db53466f454b51a175a0b89b3c05dda006e719a2e6371669080d768cc038cdfb8098e9aad9b8d83d4b759f43ac9d22b353ed88a33723550150de0361b7a376f37b45d437f71cb711f2847de671ad1059516a1d45755224a15d37b4aeada3f58c69a136daef0636fe38e3752064afe598433e80089fda24b144a462734bef8f77638845b00e59ce7fa4f1daf487a2cada11eaba72bb23e1df6b66a183edd226c440272dd9b06bec0e57f1a0822d2e00212064b6dba64562085f5a75929afa5fe509e0b78e630aaf12f91e4980c9b0d6f7e059a2ea3e23479d930
+Msg = ed9a64d3109ef8a9292956b946873ca4bd887ce624b81be81b82c69c67aaddf5655f70fe4768114db2834c71787f858e5165da1a7fa961d855ad7e5bc4b7be31b97dbe770798ef7966152b14b86ae35625a28aee5663b9ef3067cbdfbabd87197e5c842d3092eb88dca57c6c8ad4c00a19ddf2e1967b59bd06ccaef933bc28e7
+X = 6d4c934391b7f6fb6e19e3141f8c0018ef5726118a11064358c7d35b37737377
+Y = 1f0a5c75e7985d6e70e4fbfda51a10b925f6accb600d7c6510db90ec367b93bb069bd286e8f979b22ef0702f717a8755c18309c87dae3fe82cc3dc8f4b7aa3d5f3876f4d4b3eb68bfe910c43076d6cd0d39fc88dde78f09480db55234e6c8ca59fe2700efec04feee6b4e8ee2413721858be7190dbe905f456edcab55b2dc2916dc1e8731988d9ef8b619abcf8955aa960ef02b3f02a8dc649369222af50f1338ed28d667f3f10cae2a3c28a3c1d08df639c81ada13c8fd198c6dae3d62a3fe9f04c985c65f610c06cb8faea68edb80de6cf07a8e89c00218185a952b23572e34df07ce5b4261e5de427eb503ee1baf5992db6d438b47434c40c22657bc163e7953fa33eff39dc2734607039aadd6ac27e4367131041f845ffa1a13f556bfba2307a5c78f2ccf11298c762e08871968e48dc3d1569d09965cd09da43cf0309a16af1e20fee7da3dc21b364c4615cd5123fa5f9b23cfc4ffd9cfdcea670623840b062d4648d2eba786ad3f7ae337a4284324ace236f9f7174fbf442b99043002f
+K = 40b5cc685c3d1f59072228af9551683b5b8c8ff65240114ad2dacfccf3928057
+R = 7695698a14755db4206e850b4f5f19c540b07d07e08aac591e20081646e6eedc
+S = 3dae01154ecff7b19007a953f185f0663ef7f2537f0b15e04fb343c961f36de2
+
+[mod = L=3072, N=256, SHA-512]
+
+P = c1d0a6d0b5ed615dee76ac5a60dd35ecb000a202063018b1ba0a06fe7a00f765db1c59a680cecfe3ad41475badb5ad50b6147e2596b88d34656052aca79486ea6f6ec90b23e363f3ab8cdc8b93b62a070e02688ea877843a4685c2ba6db111e9addbd7ca4bce65bb10c9ceb69bf806e2ebd7e54edeb7f996a65c907b50efdf8e575bae462a219c302fef2ae81d73cee75274625b5fc29c6d60c057ed9e7b0d46ad2f57fe01f823230f31422722319ce0abf1f141f326c00fbc2be4cdb8944b6fd050bd300bdb1c5f4da72537e553e01d51239c4d461860f1fb4fd8fa79f5d5263ff62fed7008e2e0a2d36bf7b9062d0d75db226c3464b67ba24101b085f2c670c0f87ae530d98ee60c5472f4aa15fb25041e19106354da06bc2b1d322d40ed97b21fd1cdad3025c69da6ce9c7ddf3dcf1ea4d56577bfdec23071c1f05ee4077b5391e9a404eaffe12d1ea62d06acd6bf19e91a158d2066b4cd20e4c4e52ffb1d5204cd022bc7108f2c799fb468866ef1cb09bce09dfd49e4740ff8140497be61
+Q = bf65441c987b7737385eadec158dd01614da6f15386248e59f3cddbefc8e9dd1
+G = c02ac85375fab80ba2a784b94e4d145b3be0f92090eba17bd12358cf3e03f4379584f8742252f76b1ede3fc37281420e74a963e4c088796ff2bab8db6e9a4530fc67d51f88b905ab43995aab46364cb40c1256f0466f3dbce36203ef228b35e90247e95e5115e831b126b628ee984f349911d30ffb9d613b50a84dfa1f042ba536b82d5101e711c629f9f2096dc834deec63b70f2a2315a6d27323b995aa20d3d0737075186f5049af6f512a0c38a9da06817f4b619b94520edfac85c4a6e2e186225c95a04ec3c3422b8deb284e98d24b31465802008a097c25969e826c2baa59d2cba33d6c1d9f3962330c1fcda7cfb18508fea7d0555e3a169daed353f3ee6f4bb30244319161dff6438a37ca793b24bbb1b1bc2194fc6e6ef60278157899cb03c5dd6fc91a836eb20a25c09945643d95f7bd50d206684d6ffc14d16d82d5f781225bff908392a5793b803f9b70b4dfcb394f9ed81c18e391a09eb3f93a032d81ba670cabfd6f64aa5e3374cb7c2029f45200e4f0bfd820c8bd58dc5eeb34
+Msg = 494180eed0951371bbaf0a850ef13679df49c1f13fe3770b6c13285bf3ad93dc4ab018aab9139d74200808e9c55bf88300324cc697efeaa641d37f3acf72d8c97bff0182a35b940150c98a03ef41a3e1487440c923a988e53ca3ce883a2fb532bb7441c122f1dc2f9d0b0bc07f26ba29a35cdf0da846a9d8eab405cbf8c8e77f
+X = 150b5c51ea6402276bc912322f0404f6d57ff7d32afcaa83b6dfde11abb48181
+Y = 6da54f2b0ddb4dcce2da1edfa16ba84953d8429ce60cd111a5c65edcf7ba5b8d9387ab6881c24880b2afbdb437e9ed7ffb8e96beca7ea80d1d90f24d546112629df5c9e9661742cc872fdb3d409bc77b75b17c7e6cfff86261071c4b5c9f9898be1e9e27349b933c34fb345685f8fc6c12470d124cecf51b5d5adbf5e7a2490f8d67aac53a82ed6a2110686cf631c348bcbc4cf156f3a6980163e2feca72a45f6b3d68c10e5a2283b470b7292674490383f75fa26ccf93c0e1c8d0628ca35f2f3d9b6876505d118988957237a2fc8051cb47b410e8b7a619e73b1350a9f6a260c5f16841e7c4db53d8eaa0b4708d62f95b2a72e2f04ca14647bca6b5e3ee707fcdf758b925eb8d4e6ace4fc7443c9bc5819ff9e555be098aa055066828e21b818fedc3aac517a0ee8f9060bd86e0d4cce212ab6a3a243c5ec0274563353ca7103af085e8f41be524fbb75cda88903907df94bfd69373e288949bd0626d85c1398b3073a139d5c747d24afdae7a3e745437335d0ee993eef36a3041c912f7eb58
+K = b599111b9f78402cefe7bde8bf553b6ca00d5abaf9a158aa42f2607bf78510bc
+R = a40a6c905654c55fc58e99c7d1a3feea2c5be64823d4086ce811f334cfdc448d
+S = 6478050977ec585980454e0a2f26a03037b921ca588a78a4daff7e84d49a8a6c
+
diff --git a/nss/cmd/bltest/tests/dsa/key0 b/nss/cmd/bltest/tests/dsa/key0
new file mode 100644
index 0000000..e582eeb
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key0
@@ -0,0 +1,6 @@
+AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s
+Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA
+Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc
+xC6fb0ZLCIzFcq9T5teIAgAAAEAZExhx11sWEqgZ8p140bDXNG96p3u2KoWb/WxW
+ddqdIS06Nu8Wcu9mC4x8JVzA7HSFj7oz9EwGaZYwp2sDDuMzAAAAFCBwsyI9ujcv
+3hwP/HsuO0mLJgYU
diff --git a/nss/cmd/bltest/tests/dsa/key1 b/nss/cmd/bltest/tests/dsa/key1
new file mode 100644
index 0000000..8ba3118
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key1
@@ -0,0 +1,10 @@
+AAAAgKj5zSAeXjXYkvhfgOTbJZmlZ2o7HU8ZAzDtMlaybQ6AoOSaj/+qrSok9HLS
+VzJB1NbWx0gMgLTGe7RHnBWtp+qEJNJQL6AUcudgJBcT2rAlrhsC4XA6FDX2Ld9O
+5MG2ZAZusi8uO/KLtwoqduT9Xr4tEiloG1sGQ5rJx+nYveKDAAAAFPhfD4OsTffq
+DN+PRpv+6uoUFWSVAAAAgCsxUv9sYvFGIrj0jln4r0aIOzjnm4x03urp3xMfi4Vu
+OtbIRV2rh8wNqKyXNBfOT3h4VX1s30CzW0oMo+sxDGqV1ozihK1OJeooWRYR7gi4
+REvWSyXz98VyQQ3fs5zHKLnJNvhfQZEphpkpzbkJpqOpm74IkhY2gXG9C6gd5P4z
+AAAAgDE/2evKkVdOHC7r4VF8V+DCGwIJhyFAxTKHYbuyRQsz8bGLQJzpq3xM2P2j
+OR6ONIaDV8GZ4WprLroG1nSd73kdeeldOk0Jskw5KtidvxAJla4ZwBBiBWuxS84A
+Xocx794XX5W5dQib3NrqVisyeG2W9aMa7fdTZACK1P/+u5cLAAAAFMU+rm1FMjFk
+x9B69XFXA3RKY/w6
diff --git a/nss/cmd/bltest/tests/dsa/key10 b/nss/cmd/bltest/tests/dsa/key10
new file mode 100644
index 0000000..166f9bd
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key10
@@ -0,0 +1,18 @@
+AAABAL/r0ACy1s1Ks477o13zNN9yHWwvKz2VZnnLrQCfPfvQApUsyJnMI1bsh2m9
+PRulpzAjcpiI2pLKSKXulMl/TwSi46y08zovD7N4PDHyxw+nxw84IUon2t7IsS5n
+mWqehe47sUiAMTAUc5LcUlPATXBjU15s1ka/sYaYTgi1i3SnvlszO/MrCr/VZlNg
+6akjoMUo/xxixyU0WPVnhShxnUNuUBSHQfRdx90sbKxxxVIx8SqD/v0u0KM+3huK
+UfVm/PeJBoLNwZMdwgfJK/LvTiirMWYe63fxYB7qlByVkfA40/ANkShX2wXmSyrV
+aTIAYcb4Y/8zVNhC5+fqcVr++NEAAAAcqpht+KBkJ46TYzFqmDC8+kkGVvqm1dqo
+F9h5SQAAAQCBla2aR4/ZhSFu5YNoNm0u3RPBKz1iI5Fp+gQtkRVkCLSDEi9E7WI2
+uDCKbNtS+a896I7IngOa+tfaOqZsGXYEmo4KfRjVZ7r5n87+MVytoBVIOGsQsl5S
+9S7XjrTSgILl4f/ulIDE/izEqv0e/J1P0sxtFVlokxJx7xWzJA5/sEOoDI9ii+/g
+nWRQd8ECnSHgrIvwupwncU0bWA7eWUqgGzt29udF/B7AfbN+L9fpjGyMaRUijkIs
+MJ3p9dsWj1AknRvh7TKYCQgI4uu4lrt5uMTL+U1MIGTjfmErpESdesIQ7d4hFBbW
+SwUd2ARqsEFzJmVBGn8VTTGz4RpR2n/AAAABAK9nIb913saht2rTXKN1De8xEXxb
+RBwVowaDWh23TAA7hq6Qmev7dFsKqcsADPQ/sCFRO48Ze8hlsiv5SbSRgJrXUv/B
+yo5UvqFtx/U55MVftwp3Q90o8mL2DvDy/KrCnoAhp5OMGP/gMHXQt+CitNyr5G7R
+lT0z438ROvUZqwvwthhsErX2SIQ39RkwluL9amoYNWBHlMZrQq5SZcHPHLU66EmX
+l14DGKk85B45AuTvVN48VlVb0ZSRrNU/PldGTh9GA4nbxfqAZI+lpaDylW6ew7jc
+RBtTXGQcNi7tdw2oKGSb/RRkcrD0akwGTkWfiL/5De3n7FYXeppx0WeUhxIAAAAc
+altP/EQjjRhS+5t05MFmG+hZhAQ8/u4CP1fKxg==
diff --git a/nss/cmd/bltest/tests/dsa/key11 b/nss/cmd/bltest/tests/dsa/key11
new file mode 100644
index 0000000..086f493
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key11
@@ -0,0 +1,18 @@
+AAABAMGlnSFVc5SeCyCpdMLt8uMTf/JGMGL3Xx0T3xKroQdrstATQCtgr2wYf7D6
+NiFnyXbCYXxyb5B38J4YwRtg9lAIglvWwCofV9PrCtQc1UfeQ9h/JSX5cdQrMGUG
+58oDvmOzX0raFy0KBpJEQKFCUNeCKsLVrq/tRhnnnUFYp9XrLZ8CPbGBqPCUssbL
+h8uFNUFqwZgT8HFEZgxVd0X0SgHGsQKQksEpsNJxg+gsWiGoAXfudHbrlcRm+0cr
+09LcKGziWEfpPL+prTnMVwNdDHtkuSapx/WnsrxavL+9wLDj/t48HgLESvyK78eV
+faB6Dl/RIznbhmdhb2IobfgNWKsAAAAggAAAAAAAAAAAAAAAG9YsZei4fIl5f48M
+v6VeSmgQ4scAAAEArqWHh0DxQk08bqnGtHmWFdJ0kpihfiYgf3bO80Dd05Dhsa1r
+bAAQrQFaEDNC3dRSysAks25C2bjtUvr656HTzp5LIfkQ0TVusWOj5agYTHgb8USS
+r6LksKVtiIT9AaYouWYnOcQuXFeVreL18n5t4dljkXzogG/EDQIc2HqjqjqeTwws
+TEXSlZsleLL7GiIpw34YEFm51ee3hi+oLiN3pJ7Q+dyoIKWBQHndZhBxTvr4sMxo
+PY5y5MiE5vnUlGs+jUy7kq2759TEfMML5/jDfKgYg6GqxoYAWf9GQKKcyuc94gsS
+5jsAqIsu6bqUt160CmVuFdnsg3MchdDv/LnvnwAAAQCIDhfEroFBdQYJ2CUcC716
+z20LRg7TaI6aX5kObEtbAIddp1DgIooEECo19X50uNL5tpUPDR240wLFyQpbh4ao
+LGj/WxelenWElsX4BT5EhKJT2ZQiBNmhEJ9L0qPsMRpgz2nGhbWG2Yb1ZdM9v1qr
+cJHjGqQQLE9LU/v4ctcAFWRltsB15/d4RxojUC3A/uQbJxyDehwmaRaZ81UNBgoz
+EJn2SDfN3sacrr9Rv07J828qIg/nc8tNPALQRG3dRhM1Mu8cPGnUMuMDUCvQWnUn
+mngJp0KsSnhysH8ZCGVASUGTUON6lfLvMzYdjYc21Ag9wUwLuXLhTUx7l/Pd/Mrv
+AAAAIFpC53JINY8GrpgKLGT2oivqK/e0/AAVdFBTxDK3Eypn
diff --git a/nss/cmd/bltest/tests/dsa/key12 b/nss/cmd/bltest/tests/dsa/key12
new file mode 100644
index 0000000..bb2cba1
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key12
@@ -0,0 +1,18 @@
+AAABANAiduvzwi/9ZmmDGDpHrpTJvMvL+V3ctJHR985kNUkZmZLTfHnnsDLSbtAx
+trpEifMSWCb6+ycmqYMz69mr3eWS2Gk9mFlTbZzDhBodJOBE01rO1hNiVvxta2Fc
+9PQWOqOB6ytMSAglqOzMVtjdz1/mN+OK2bKXS9LPaL8nHg0GfSRlqLa2YFJPAIJZ
+iUWtpY6mSbmATrR1NAjCxZdoxGq7guMpXz2cpGn4TMGH9XLcS1o7OTRuyDnfrW8H
+1tHw4hUgm7DswFx2fPLnlDrJz7Au7h6e9ZRujOiDFrXhX9z5WhMu8uS7CBcTZSjP
+pd2WUy+cOr5cQhYg7ba8vVIjTKkAAAAggAAAABKZfoKF5AiXCPUoBwxtevigvQFA
+nnoHnNtvxbsAAAEAd4RTBJ7yYhR/7XtZsO5nZGB8Uee1tfxv6np6ex3Wuyg/Sprp
+jv05ZLFVZ1jLFbKlOvhhnnTYWJi+x307PzgklK5ZYaE//HRdo4YYIpFRmAD5ndcQ
+4ArrFa3uCI4nmO4uRvWYUmzw9GZwVdG6AJdQBB3FzdJyX/HZfdNAyFGK92cbh9Od
+Z67O2Etm+E4HAe/IKlye+VTuV20kw4WxTWMDfw2Gb9QktJdb3VSF7XQMuTLoQ/kG
+aD98eyx0d12QHDYbhHtRnA2mmWONpAvXNreD0nELLCzCbvkScb9OLBkp+HbpAuIF
+cWQiO8eNaiufbAx6fLhZIvfWxCh64jhh+BKISAAAAQB7sx6Yx6BDf5eKc9Xc+9+7
+Ccwkmd+vHrUla8zWNYyrtfZ9BKQoI0Y7fpV/K5IT8fqOWpjWFEhHAau4x9Z2Qf5u
+0G+kUntJPdqy50ZA/ePecNppPx2yuOJkFwQK8O6myrRRp5WlLhh9LuJBuT9lyGxt
+ZvRYNMzhZaxetnDU8AlcI86XV+O9xjb5ke4Ac9kKCSAu2zXMPqHPmtyhYX+gv/2c
+EmIppgSh079JMd3wuZQt/IovjAn8yXAyVkp5rh6+Hizkn/V4OefEP6YLFgPRWkUI
+mKpOSh7oBleUEm1k8BM2cJaoNoa58VjDOxD187Ns8fY1iz80+EsQHcJtPbaLzJXI
+AAAAIGuoHmzUNneYqquLevETUYOjfEKnZtvWjNLc548mcO8P
diff --git a/nss/cmd/bltest/tests/dsa/key13 b/nss/cmd/bltest/tests/dsa/key13
new file mode 100644
index 0000000..b3e25c7
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key13
@@ -0,0 +1,18 @@
+AAABAKittsC0z5WIAS5d7/GocdOD4OKoW16OA9gU/hOgWXBeZjIwo3e/cyOo+hFx
+ACAL/VrfhXOTsLvWeQbAgeWFQQ44SA6tUWhNrDo497ZMnrEJ8Zc5pFF819XWKR6K
+8go/vxczbHv4DucY7gh+Mi7kEEfavvvMNNELZrZE3bMWCijAY5Vj1xmTomVD6tt3
+GPMXv12Vd6YVZWGwgqEAKc1EASsY3mhEUJ/gWLqHmAeSKF8nUJaf6Jws1kmNs1RW
+ONU3nRJdzPZOBsGvM6YZCEHSI9oVEzM6fJ14Riq6qzG5+W1fNERc62MJ8vbSyN3g
+ZEHoeYDTA++aH/AH6L4vC+BswV8AAAAg5x+FZ0R/QudfXvhcog/lV6sDQ9N+0J7c
+P25oYE1rnfsAAAEAW6JN6WB7iZjmbObE+BKjFMaTWEL3q1TNgrGfoQSr+12EV5pi
+OyV0s30izK6bPkFeSPXA+by9/4Bx1jubuVblR686jfmeXTBhl5ZS/5a3Zcs+5JNk
+NUTHXb5bs5g0UxlSoPtLA3iz/LtMi1gApTMDkqKgTnALtu1+C4V5XqOLG5YnQbPz
+O53eL07BNU8J4ut46V8DelgEthcWWfiHFc4amwzJDCfzXvLxD/DHx6K7AVTZuOvn
+aj12Sqh5rzcvQkDeg0eTflqQzsn0H/Lya42pqUoiXRqRNxfXPxA5fSGD8bo7e0Wm
+jx/xiTyvaagngC97akjVHab777ZP2abFt1xFYQAAAQBaVdzt3RE07l8R7YXetNY0
+o2Q/XzbcOnBoklZGmgtlGtIogPFKuFcZQ0+cDkB+YOpCDioM0pQixImcQWNZ27Hl
+kkVvKzzOIzJZwRdUL9BfMeolsBXZEhyJC5DgutAzvhNo0imYWqxyJtHIwuqzJe87
+LNWdO59959vJSvGpM560MMo2wmxG7PpsVIFxFJb2JOGIrXVA713yb476y4IL0Xof
+YYrLUMm8GX1Mt8ysRdgko795XCNLVWsGrrkpFzRTJSCEAD9p/pgEX+dAArplj5NH
+ViL3Z5HZsmI9G1//LMFoRHRu/S0wpqgTS/xMjMgKRhB5AfuXPCj8VTEw8yhsFIna
+AAAAIERpaQJURiR/hP3qdNAtfdE2crLet8CFvhERFEGVWjd7
diff --git a/nss/cmd/bltest/tests/dsa/key14 b/nss/cmd/bltest/tests/dsa/key14
new file mode 100644
index 0000000..759c602
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key14
@@ -0,0 +1,18 @@
+AAABAKYWfBb/904pNCuFhq7TzYlvexY1oihv8W/f9BoGMXymsFyiunwGCtbbFWFi
+HMsMQLhqA2Gb//MuIEy9kLedy1+G67ST470ZiNgJf6I/pNePs83csAxGZCPY+nGY
+c8N2Rf5O7MVxcbvt/lb6lHTJY4W4ujeMeZcteqrmmiumTN6OVlTw97dFUM00R+ek
+cqM7QDfbRo3eMcNIqiXoK3/EG4N/f8ImphA5ZuzY+dFMLTFJVW1Dgp8TdFG40g+F
+ILDOjj1wX3TQpX6ocsK97pcU4LY5Bs3f3Ci2d30ZMlAA+O1SeOxdkS0QIQkxnLo7
+ZGnUZykJtPDb7sC7tjS1UboM8hMAAAAghCdSkETSFMB1dPezWcLgHCP9l3AbMorI
+wThbgcU3OJUAAAEAb8IyQVwxIAz1I680g/jias6AjS8caouGOrBCzH9rcUSy05Ry
+w8tMdoHQcyhDUD2PhYy+R25nQDJKqilZUBBZeMM1BpuRn/mm/0tBBYG4BxL+XT4E
+3bTf0m1ef7yisMUtjUBDQ9V7L5sqJtqn7OMM6rnheJ+XUaqpOHBJllrzJlDGyls3
+SlrnCz+Y4FP1GFfWu7F6Zw5uqviYRNZB4eE9Whsk0FPca4/RAcYkeGlRkn5CYxCr
+qUmKAEKz3Hu8WdcF+A2bgH3kFffpTFz514mZLTu4M20dgIy4a1bd4J2TS7UnAzki
+3hS/MHN2q30i+81hb57aR5qyFKF4UL3QgCqHHAAAAQBcpxUbyg5Fe7xG9Z9x2Bqx
+ZojcDrfk0XsWbDMmxbEsW967NhMiTRp1QCPFC4PLXswTkJbO8okzs7EsoxA45AiT
+g1l8WcwnuQK+XaYsrn2l9K+Q6UEO0WBAguLjjiXrC3jfrArrKtOxncI1OdK811Xb
+HMbJgFp90QnhyYZnpbnVKyHCdyEhuNDSskbl/T2oByjoW78NcGfRxrqmQ5Sinn/L
++AhCvUqwKzXYP1mAWhBOC9adAHmgZfWePm8hVzoA2pkLcupTf6mMqqCliACn56Bi
+PiY9T8pl67jt7Ubv3+fbksnr04Bi2PElNPAVsYYYbuI2HWLCTk8is+ldoPkGLOBN
+AAAAIEWesViOn33U8oZnenQVyyWhtG56fPrcikUQA4PiDaad
diff --git a/nss/cmd/bltest/tests/dsa/key15 b/nss/cmd/bltest/tests/dsa/key15
new file mode 100644
index 0000000..dee9a8a
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key15
@@ -0,0 +1,18 @@
+AAABAPY9o76alhYZbGVW885v2LmL3akTdHPaRv7ZcOK40Uc4eoGSIGXVKKfWQz68
+XjWxXGfqNaWlv/W5zvHNHm/jHdpSg42jqom5tOjZ08BzLMxPI4zhtBbEypPyxoAO
+X07UHE92Fc7FUxuYaAsg3GP3PnDYA6rPrs4z1F+g4513yFCCCVKLkEa1kXAQeRI0
+OX5BLSK8C41ny9HNKKMsJGCgvYaqug7qgOFuMkVkMXHjQiF2DCA6VrggehAJ5sGi
+9s2oX4XE+eQQuUmSM8DuBy5GWvT7T7koLFwQ6CNP1jDqkvCq5rl6Ug2zRHVwe3mk
+wXUmXANWzLyoJ+ODffPW0FdtkHkAAAAgm3Rj+CafC5CavtEJkWhPNqZKyGTg1tcX
+wO8hV3pMOQcAAAEAlyp19gboqjqR/wj9Exog9ZYyUTBOPRQxtxL6CAPVJ/1xD7fr
+J+UpBJcc1DypdxmaJNvutLe8K6B107cutrLFrY8Oi49IxQtVTH4HEfTHQWMwgGZy
+SY9DApJyS/mKjqSMf1PXsx2LdSixpvCH0sJ8M1ICg1seMUIls3rvi/zsfYCSDEpG
+Cj1oNE3tde2e6Gf6KmlFBjiU9WO2hjO4s5+DoaqvWpbH9CJofnyEz4+4zF9FBN/w
+h7yyapW7+Fg/A7Og5Do1ayvX4lzd33oBUwD67MZ5PF7pm2Mny4RW4y2RFTOdWmtx
+K3+dAwGssFEz4xFeRU06bdJKFpPJSqtUBlBL9wAAAQBBGXziIz1+SMgDzWTHj2V5
+I7nja4cUAfhmHCHYujjGubMjnbdnsR0dQB5frsv3pFhgzF8aVNYChrfW4cmf1bjI
+TthRxTV9Qa1gFj8iTXjJlhQ//4ndOo/hI9rh9iFCf9jM527RONaPokjzdK4jMkli
+W5Pz3Vk30V5UG37/pN9P6n1S+s7WFb/gNIQY/5PmmiClLlXHbMMPMH+E5x5Kq8CC
+Xso6lbS9WOv7ACnSOhaenYC6fRxf01OV5mAuCJqpkY8IuuNa4crHrzNpQSnpjw2t
+rdkOrrbu0lAkOQsaYK95RzTDl7D1CYZbE0soZ8EV1vSJtt1+PIKZS0Xc4qI8a8kC
+AAAAIF9uVF2u9s0bjZhI3Zh1iAcjasC3/wU7MscD6qOxFHVX
diff --git a/nss/cmd/bltest/tests/dsa/key16 b/nss/cmd/bltest/tests/dsa/key16
new file mode 100644
index 0000000..704d76c
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key16
@@ -0,0 +1,26 @@
+AAABgP1abFbdKQ992Eop3hcSbrTkSHs+/wpEq+XFl5LS4SALnD20TVKLn30iSAMu
+S6D3v8T6/HBr5RHbInbAt+z/042i4cLyN6dTkMHk0yOcuo4g5VhA7LBd9fAaG2l3
+rRkG8stUTM+5O5Aa0JZrGDKtLatSYkSjFWyQXAGsUctzudzZhg1WF1pCXYRkhdmx
+9EqKDCV45s9hlHvBoTkv3TILFqnXBFX+Q28tR97Y6OYF90hutXjqf8T/0TwH+Zlq
+8Vn9QR6UUUAyeN0RQajJJrNcljhLvWvuCcRvRMNrH/xxl/XpJdvgVEpo5quMGOQm
+pGazkvnCfdef76nKFjzFo3VTmoVZ8nf2V6U10ZZMal6RaD71aY66oB74GNv3LLBM
+P/CS0YiGbyXNQFEI9Wawh/c9LVvrUfrG3oSuUWGmavlgLH5L/BRvSCC9/Akvrqxp
+Ez5KCKWyAqEkmKIuV7rVRnTtS1EBCdUrX3TnDh9vghYXGM1M8AzJ8ZWKzIvdzfvR
+++Rs0QAAACCAAAAAAAAAAAAAAAAzSibdj0nGgRzoG7E0KwbpgPZLdQAAAYCZqwMK
+IaXJgYF0hyFnZByBweA8mydM+8J7xHJUKSd2beX6BTmztz8/FqyGaprsi0Rd7Zf7
+/wiDTtmMd+f8ieXcZXvvdm/3+/jnaHPhe+5BJ2LVb+EUF2CrTSW6/Utu8ltJo1Bm
+MtH44Qdwkwdg7BMlkyxaS6+ekBVCZN30QuxcQf7ZXRFSUVHbz7N1gUm62Bxiuc/3
+gWuPlTuLfAIlkNFYTpIdyVX1MorHKYPtXPDQQFb+DVMeYvj2yas8D81E4UhgtzEd
+JWHHfB0y9sadyPd5aMnYga2dteDBFP2oYovKAzXrf7nhXmJaq6tY/AEZTIG/b7LO
+VAd7giUOV8ansl3rbuOdS2hqXDB6dhKy2F7pJRJBPeopfkTzF75863CjMorwtAEA
+GkGFYrj/5Ol3G0tKjgtAx5E0nV1ORZ/mIKGi/HLi9sooVn1MJjK73htJhkwGuxJh
+nxMsHaj1ce9hPqxzn2arORTLP6GrhuBeUILrqiTr7qTPUb7vwn31Ev4/7n0AAAGA
+58LuGMOqNiwBgsalbCWEYoCDxz4EW+2o1lNpDJwvZUTt+XAsV8RVJzkFM2pfUXEQ
+ejE819Cw9Q+NM0LGAhnyKpAjOUBZ0F9GTESW1V2rbrCJhSf/TPVnjntb+14Y2SxK
+nXMojM4UUw/EcC9tA5fsOaiAxKctNYcwxWYzOG7eAoAjwXkfMWTRV054I8ebijyh
+ND6hZrpvArf/fp7yGY2xB/fMFZ87ahwAp4w1XFZt6wrG/eP2M8uRd6H7xsF2bKAh
+1f7EcBAau0QNLwaYIYGoySt83XZTNrmh4atwKD1tsKlj+2SMN8TimnTDdXcpEEmr
+R828EEwE25ZmgeqOu58Az0xKVGIRc3lXX72kuAGXlFH6lLGbTpNlZwXA9zTz4JFL
+uWweK4oPto+vFClu/fMwCtlbzei2fMSybmSI7vklz66sbw1lZ+i0E1X4nRwrj+aH
+v6LfXih+EwW4m4w4jCYZYJCsA1GrxWGq3Hl9qMzqQUbD6WCV6841Pg2kxVAZBSyq
+AAAAIEM8/QUyzP2M3Rslkg0rtzlph7dmJAN5A1sOhlJ86cUt
diff --git a/nss/cmd/bltest/tests/dsa/key17 b/nss/cmd/bltest/tests/dsa/key17
new file mode 100644
index 0000000..d5b0144
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key17
@@ -0,0 +1,26 @@
+AAABgPY7PN1kbY5921chaqbuwhNNcHSIofKc+plwZF8SJ+pdsuMY7qXaFofH7ZBQ
+lmk0XtYTTP8yIDq3Kuy/ppPSFq61XY0oqYH0q/8H0TGaeZvl3XRvhIQoF5KcMFtA
+hZivEgRdqi8czIvk2BtRPGMPAX/sFlisoQihr2Eg7AXjAYxCU8ndNbzgYrc9DyqT
+1BxIGlxDu5eQloLTmppg3Dw142N13sbO0NLbO6DREb7epwGg5HU2JJd6nnW3CnTi
+uB44pSqyLaExs1QW087JZjB5dGp2NHbldZgULjmGFUXar404oXbybHH1r+vZxWIN
+qAzzRStVw3xmG0oewDUXELneSjy+C5i02eyJEo2Xqn77GduLpDzAviXCAPkOFQbL
+eOwMM216lWE9QgTo7WjQ8KbHhCAQWo0tQ4+9JVGmShoLA/+4eHQvjJl5z6hzlBUC
+gZmNUXAdX8+paWpJif0l9ACVXmJrGr6SbAr6aappgZAO/83QMFkvgrIEKkeppajL
+AoPcTQAAACCAAAAAukY0tfpNoFS9DKSK5JDldxHzgRk4QkKRWbp8oQAAAYCK1FU8
+TkmqJHKKtQJEF7Ey0spTpV2VlFjy91mtsENb7u+jos/NADjiQgZD/EpN7rXZ/qoe
+3yEZO0DhS0KYKpTzXFi4EUfXGJ0mPJsS/mOrn6X28DooYMGGQy46sE8qsPL7YUe9
+m/ftXSBxO52iE4Piw6Fo59CdPYpaBY/SMJW1rP64ZKMwa+JCX6GtMq1tk4LmA7A8
+aK9K8CRjlxAsQVXLqBGr+Z2ng553surJlwWIyh0KI2FyOhZKySKcLoDc+o20+eKY
+A+/7MWjH/tejpt5A3aGaBTavm1t6+u+5xw1q6N8S2mWPYjYEOuqHPbKc628H0Qj1
+IlaHvQww4whOIJC0WuL5Kpe47LepcFxJVrizHEo9YRB8hOR63abIDV0i2rPYWSIP
+nVqrE2d6498WjwwXbRdrVFBsY5hT8E3e8nIvOcGOXOQm4UVirY/yYkeviIcO+3LA
+zOg23o/uZ6ZiN4JFtQK/H4MJmYigk8583IE2THix9KUbgA32E3xx1l5rCJoAAAGA
+QiQ1OeSdueoZ2Y2X9vKpSyNSmBLfiJ6qvP7aAc5MdZSH+4m8gtp1/hyRNDYfht5H
+0W2O7oDlasUCF46O2BKUd6+L+9gmLF7dk34ahsDw57Kv57y938tYFM7Qt1anbKF4
+Qju01XjF2hg3EtloWCZAqg7H6ftWv9lg16V1SXR9j7et5Hz+gWweV9pmM9rMU33g
+YIE5ZLtbJ1ejEvnaPYTmCv+YFwBR09kOOAuLzBmGxY/53JHogn1Pn1/EsrLnQ8+T
+if8C3sAfXUNLQw0WLokcM1X5GFUzn431gwDkyZOuTfjEMYtcS9BSg8pLRrfS+w9k
+dr8VkH9Q3UFBqnrKydqmLszTpnNXEiBgts7OBEapPrIwrZO8mk0bHv7soeP8g8EZ
+eFA1tDlQn/t5aLGkSLe9gxV1P98EolbsoVYqEbCWyQo2s1NlnL3kQg4X6QuUxDx1
+GcYGQc7sBW+Je5fWuxhhJo4Nx5t8O2t2OcJVvwaGVzdFkSbLRlvB2koEOhlj2n1j
+AAAAIFJKfqWXf4ECs1UpMEd/XwQkARZdRjfc2LnRPfTzquXQ
diff --git a/nss/cmd/bltest/tests/dsa/key18 b/nss/cmd/bltest/tests/dsa/key18
new file mode 100644
index 0000000..fe841bb
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key18
@@ -0,0 +1,26 @@
+AAABgMe4bXBEIY42dFPSEOdkM+Tiepg9scVgu5dVqPt9gZkSxWz+ACqx/z9yFluU
+PAso7UYDmgfeUH16Kfc4YD3s0ScDgKQflx8lkmYaZLovNR2aaeUaiIoFFWt/4VY8
+S3fuk6RJSROEOKKri9z8SbTnjRzedm5UmEdgBX12zXQMlKTdJaRqp3sY6dcH1nOE
+l9Tqw2T0eS2XZqFqDiNIB+lrjGTUBLvbh245tXme9T/my5urYu8Z/cwr3ZBb7aE7
+nvesNfH1V8sNxFjAGeK8Gan138Hk7Knm1GZWQSQwSjHwOGBaPjQtoBvhwrVFYQ7d
+LBOXo8g5ZYjGMp7+tOFlr1s2ijmojkiI459Auz3k6xQWZy+Zn+rTeu8cqWQ/8yzb
+wPzr5ijX5G0oGpidQ90hQyFRr2i+P21WrPvbbJfYf8teYpG/i07hJ1rg60ODzHU5
+A8jSn0rbalR+QF3s3/KIxfbHqjDcsS+E05JJOnCTMxfA9eZVJgH64Y8X5uW7a/OW
+0y2KuQAAACCHb6CeHcYrI2zhwxVbpIsMz9op86xal/f/ob2Hto0qSwAAAYARCv67
+Esf4YrbeA9R/28Mybg1NMbEqjKlbLe4hI7zGZ9T3LB5yCXZ9JyH5X72aTQMjbVQX
+T7+v8sT/ferkc4sg2fN78KETTCiLQgrwtXkuR6klE8BBPzRqTturLEW9yhP1NBwr
+Vbi6VJMrkhe1qFnlU/FLuMEg+7nZmQnf9epo4Us3mWT9Pzhh5bpcyXDEoYDu9UQo
+cDlhAh571oy2N5J7jL7mgF+icoW/7k0e9w4CwaGKfNeL7x3Zza1F3enNaQdVBQ/E
+Zik37h1vTbEoB8zJW8Q18Rtx5whgSLHatZE8YFUBLeguQ6TlDPk/7/Xcq4FKvCJM
+XgAlvYaMP8WSBBu6BHR8EK9RP8NuTZHGPuUlNCLPQGM5jXfFL8sBFCfL/PpnsbLC
+0apKPacmRcscdnA2BU4vMfiGZaVEYciF+zIZ1a2HSKARWPbHwN9ajJCLqMPlNoIk
+KIhse1ALvBW0nfdGud5aeP47T2mR0BEMPL/0WAOdw2Jhz0avS8JRU2j0q7cAAAGA
+RWoQXHE1ZiNIOLwHC4p1GgtXdny3XpkRShpGZB4R2h+p8ikU2AitcUhhLB6lXSUw
+F4Hprgya42pp2HugOex82GTDrQlIc+blZwn9ENlmhT1hGxz/FdN/3uQkUGwYTWLH
+AzNYvnjCJQlDtvbQQ9Y7MX3lblrY0f2X3TVavpZFL45DVIX7O5B7UZAKo/JEGN9Q
+tPza+/YTdUjDk3O4vEuj2rtHRuvRe4f81qLxl8EHsY7FtGXm5MtDDZwM542lmIRB
+BUo3B5K3MNqaukGjFpryYXb3Tm98DJybVbYrvnzjjUaV1IFX5mDCrLY/SC9VQYFQ
+5f7kOs6ExUDDunZiroCDXBotUYkOqWuiBkJ8Qe+MOKoH0qNl5+WDgNj0eC4irCEB
+r3Mu4idYM3slNjeDjhb1D1bTE9B5gYgNaFVX99eabbgjxh8bs9vF1QQhpIQ6bylp
+DniqDwz/MEIxgYuB/EokP8APCaVMRm1qjHPTKlXhq9Xsi04a+jKnmwHfhagfP1z+
+AAAAIDRwgyBV2t6U4UzYd3Fx0Y5dBvZq7/TGFHHk66dO5WFk
diff --git a/nss/cmd/bltest/tests/dsa/key19 b/nss/cmd/bltest/tests/dsa/key19
new file mode 100644
index 0000000..5f769be
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key19
@@ -0,0 +1,26 @@
+AAABgKQQ0j7ZrZlk0+QBy5MXolIT91cSrLxcEhkavz8cDnI+IzO0nrH5Ww+XSNlS
+8Epa41iFnThEA842SqP1jdl2mQm0UEhUjFWHKmr7s7FcVIgvlsIN8bLfFk8LrISc
+oXrS32Or11yIGSLnmlAJ8At9YxYi6Q5/pOmAYYV14da9GnLVtqUPT2pot5OTfEr5
+X8EVQXWaFzZXfZRIuHeS3/ByMkFVEukzdV4SJQ1GbpzI3xUHJ9dH5R/qeWQVgyax
+Nl1YDLGQ9FGCkVmCIf3zbGMFyLio7QVmPdewBulF9ZKrvsrkYPd8cbbsZJ0/1TlC
+Au17u9BA97j9V8sGqZviVPol1xo3YHNARsKg2zg+Ajl5E65nzmWHDZ9sb2ep0ASX
+vh12OyGTfPnL+aJO+Xu8qgeRb4iU5bf7AyWIIaxGFAllsjxUCcpJAm77K/lbzgJc
+QYOl9lm/aq7vVteTO7KWl9fVQTSMhx+gH4aWeLLjRQb23ApMEytomg7SfcPI1TcC
+qlhIdwAAACCrxnQXclzyj8dkDV3kOCX0Fuv6gOGRxC7ohjAzOPVgRQAAAYCGfV+3
+L1k20aFO07YEmWYvMSRobvEIxbPaZmOg6GGX7CzEyUYBk6dP8WAorJRBsMfSfCJy
+1IOsfNeU1ZhBbE/5CZphZ51BfUeM5d2XS/NJoUV1r+dKiLEt1fbRy9P5Hd1ZftaO
+eeukAmExMMIkuUrChxSh8cVSR1pdKc/N2OCKax1lZh4o7zE1FNFAj1q9Pgbr46fY
+FNHt4xa/SVJzyh1XT0K0gu6jDbU0ZvRUtRoXWguJs8Bd2gBucZouY3FmkIDXaMwD
+jN+4CY6arZuNg9S3WfQ6ydIrNT7YijNyNVAVDeA2G3o3bze0XUN/cctxHyhH3mca
+0QWVFqHUV1UiShXTe0rq2j9YxpoTba7wY2/jjjdSBkr+WYQz6ACJ/aJLFEpGJzS+
++Pd2OIRbAOWc5/pPHa9IeiytoR6rpyuyPh32tmoYPt0ibEQCct2bBr7A5X8aCCLS
+4AISBkttumRWIIX1p1kpr6X+UJ4LeOYwqvEvkeSYDJsNb34Fmi6j4jR52TAAAAGA
+HwpcdeeYXW5w5Pv9pRoQuSX2rMtgDXxlENuQ7DZ7k7sGm9KG6Pl5si7wcC9xeodV
+wYMJyH2uP+gsw9yPS3qj1fOHb01LPraL/pEMQwdtbNDTn8iN3njwlIDbVSNObIyl
+n+JwDv7AT+7mtOjuJBNyGFi+cZDb6QX0Vu3KtVstwpFtwehzGYjZ74thmrz4lVqp
+YO8Cs/AqjcZJNpIir1DxM47SjWZ/PxDK4qPCijwdCN9jnIGtoTyP0ZjG2uPWKj/p
+8EyYXGX2EMBsuPrqaO24DebPB6jonAAhgYWpUrI1cuNN8HzltCYeXeQn61A+4br1
+mS221Di0dDTEDCJle8Fj55U/oz7/OdwnNGBwOardasJ+Q2cTEEH4Rf+hoT9Va/ui
+MHpcePLM8RKYx2LgiHGWjkjcPRVp0JllzQnaQ88DCaFq8eIP7n2j3CGzZMRhXNUS
+P6X5sjz8T/2c/c6mcGI4QLBi1GSNLrp4atP3rjN6QoQySs4jb59xdPv0QrmQQwAv
+AAAAIG1Mk0ORt/b7bhnjFB+MABjvVyYRihEGQ1jH01s3c3N3
diff --git a/nss/cmd/bltest/tests/dsa/key2 b/nss/cmd/bltest/tests/dsa/key2
new file mode 100644
index 0000000..7df1a90
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key2
@@ -0,0 +1,10 @@
+AAAAgIubMvW6OPqtXg1QbrVVVA0NeWMZVVjKMIt0ZiKNkqF7OxS44Kt3qfOylZoJ
+hIqmn435LNnp7e8K33ks53v87Mrdk1JwDKX67PGB+gwybbHW5dNSRYAR5RvTJI9O
+O9fIINfgqBkyrKHro5AXXlPq2hlyI2dOOQAmPpD3LZTnRHv/AAAAFLxVDpZWR/s6
+IPJF7IR1Ykq7sm7dAAAAgBEzOpMfulA0h3dzdoWf3BL3xoewlIroidKH8benEq0i
+CuTxzjedDbtcmr9BliHwBfwSPDJ+UFXRhQY0w205fmieER1ZjBw2NrlAyE9C9DaE
+bo5/ytkBLO2jmHIPMv/9GkWrYTbOQXBpIHrBQGdbj4bdBjkVrm9isM7HKfvVCawX
+AAAAgH4znzdXRQOQFg4CKRVZ8wvtCy11jFzMLY1FYjK7Q1rknefnlX46rZv9z2/V
+2bbuO1IbwiKahCHcKqWbmVI0Wo/B3kmzSAA6mxjaZC1/b1bjvGZRMa6XYgiKk3hv
+e0typLzDCMZ+JTKjpb8JZSBVzCa/OxiDNZjP/XAR8ihfeUVXAAAAFG4uMbv8ZwlE
+16cSDjmpgVIGFNio
diff --git a/nss/cmd/bltest/tests/dsa/key20 b/nss/cmd/bltest/tests/dsa/key20
new file mode 100644
index 0000000..5a5dbfd
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key20
@@ -0,0 +1,26 @@
+AAABgMHQptC17WFd7nasWmDdNeywAKICBjAYsboKBv56APdl2xxZpoDOz+OtQUdb
+rbWtULYUfiWWuI00ZWBSrKeUhupvbskLI+Nj86uM3IuTtioHDgJojqh3hDpGhcK6
+bbER6a3b18pLzmW7EMnOtpv4BuLr1+VO3rf5lqZckHtQ79+OV1uuRiohnDAv7yro
+HXPO51J0YltfwpxtYMBX7Z57DUatL1f+AfgjIw8xQiciMZzgq/HxQfMmwA+8K+TN
+uJRLb9BQvTAL2xxfTaclN+VT4B1RI5xNRhhg8ftP2Pp59dUmP/Yv7XAI4uCi02v3
+uQYtDXXbImw0ZLZ7okEBsIXyxnDA+HrlMNmO5gxUcvSqFfslBB4ZEGNU2ga8Kx0y
+LUDtl7If0c2tMCXGnabOnH3fPc8epNVld7/ewjBxwfBe5Ad7U5HppATq/+EtHqYt
+BqzWvxnpGhWNIGa0zSDkxOUv+x1SBM0CK8cQjyx5n7Rohm7xywm84J39SeR0D/gU
+BJe+YQAAACC/ZUQcmHt3NzherewVjdAWFNpvFThiSOWfPN2+/I6d0QAAAYDAKshT
+dfq4C6KnhLlOTRRbO+D5IJDroXvRI1jPPgP0N5WE+HQiUvdrHt4/w3KBQg50qWPk
+wIh5b/K6uNtumkUw/GfVH4i5BatDmVqrRjZMtAwSVvBGbz2842ID7yKLNekCR+le
+URXoMbEmtijumE80mRHTD/udYTtQqE36HwQrpTa4LVEB5xHGKfnyCW3INN7sY7cP
+KiMVptJzI7mVqiDT0HNwdRhvUEmvb1EqDDip2gaBf0thm5RSDt+shcSm4uGGIlyV
+oE7Dw0IrjesoTpjSSzFGWAIAigl8JZaegmwrqlnSy6M9bB2fOWIzDB/Np8+xhQj+
+p9BVXjoWna7TU/Pub0uzAkQxkWHf9kOKN8p5OyS7sbG8IZT8bm72AngVeJnLA8Xd
+b8kag26yCiXAmUVkPZX3vVDSBmhNb/wU0W2C1feBIlv/kIOSpXk7gD+bcLTfyzlP
+ntgcGOORoJ6z+ToDLYG6Zwyr/W9kql4zdMt8ICn0UgDk8L/YIMi9WNxe6zQAAAGA
+baVPKw3bTczi2h7foWuoSVPYQpzmDNERpcZe3Pe6W42Th6togcJIgLKvvbQ36e1/
++46Wvsp+qA0dkPJNVGESYp31yelmF0LMhy/bPUCbx3t1sXx+bP/4YmEHHEtcn5iY
+vh6eJzSbkzw0+zRWhfj8bBJHDRJM7PUbXVrb9eeiSQ+NZ6rFOoLtaiEQaGz2McNI
+vLxM8VbzppgBY+L+ynKkX2s9aMEOWiKDtHC3KSZ0SQOD91+ibM+TwOHI0GKMo18v
+PZtodlBdEYmIlXI3ovyAUctHtBDot6YZ5zsTUKn2omDF8WhB58TbU9jqoLRwjWL5
+Wypy4vBMoUZHvKa14+5wf833WLkl641Oas5Px0Q8m8WBn/nlVb4JiqBVBmgo4huB
+j+3DqsUXoO6PkGC9huDUzOISq2o6JDxewCdFYzU8pxA68IXo9BvlJPu3XNqIkDkH
+35S/1pNz4oiUm9BibYXBOYswc6E51cdH0kr9rno+dFQ3M10O6ZPu82owQckS9+tY
+AAAAIBULXFHqZAIna8kSMi8EBPbVf/fTKvyqg7bf3hGrtIGB
diff --git a/nss/cmd/bltest/tests/dsa/key3 b/nss/cmd/bltest/tests/dsa/key3
new file mode 100644
index 0000000..50c0a9b
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key3
@@ -0,0 +1,10 @@
+AAAAgMuhPlM2N8N8DoDZ/NBSweQaiKwyXE6+E7cXAIjVTu9IgfPTXq5HwhA4WoSF
+0kI6ZNo//aY6Jvks9aME85JgOEqbd1nYrBrcgdP4v8XmyxDvtOD3WGf06EjRozhY
+bdBkj+6xY2R//nF2F0NwVA7oqPWI2ozBQ9k59wsRSn+YG4SDAAAAFJUDG4qnHynV
+Jbdz74t8ZwGtil2ZAAAAgEW8qkQ9TNFgLSeq+EEm7cc713Pebs4V6X5/70bxMHK3
+rcr3sAU89HBpRN+MRWjybJl+53UwAPvkd6N3ZqTpcP9AAI65ALneS1+a4G4G22EG
+54cR86Z/7KdN1b3c32da5AFO6UiaQpF/vuO7nyok32dRLBw1yXv78jCOqs0oNoxc
+AAAAgEzWF4Y30PDeFIhRXDsS4gOjwMplLy/jDQiNxyeKh6/6Y0pyenIZMtZxmUqV
+ig+JIjwobDqbEKllYFQuJia3LgzSjlEz+1fcI4t/qy3ipJhj7PmYdRhhrmaL98rR
+NuaTP1ff26VE4xR84Oc3D6bo/x3mkMUbSu7fBIUYOIkgVZHoAAAAFC6sT0GW/ts+
+ZRs7AAQBhM/W2iq0
diff --git a/nss/cmd/bltest/tests/dsa/key4 b/nss/cmd/bltest/tests/dsa/key4
new file mode 100644
index 0000000..657abc8
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key4
@@ -0,0 +1,10 @@
+AAAAgPJKSvxyx+Nzo8MJYjMv5UBcRZMJY5CUGMMHkqrxNd3qVh6U8kcmcWt1oYgo
+mC5M5Ewf3ct0ZIe2t3qaWhf4aKtQzWIbW8naRwiAsofXOYGQpCpe4i7Y0f8UfiAZ
+gQyCmO1o4cpp1B1VXySeZJ+xcl3bB1wXs3vv9Gf90WCSQzc/AAAAFNoGWgeN21bu
+XSrQbK+rIIINLEdVAAAAgEe1WRt5BD5OA8p4oOJ3yaIeKmtUO/TwRBBM2ayT7/jh
+AbtgMe/IxZbV0vkuOj0PH3RwLdVPd9PNRsBN7npd6fAK0xdpH93O/koiCiZRrK5/
+zt2pK/zKhV22cF6Nhk+Bkr9r+GDADwitZJPswYcuACjVyG1EUF21dCJRXDglpveK
+AAAAgEOie3QPQiyy3D6qIyMViDovaiKSf5l9Ak9aY4tQexfTscvT7GkcxnRHCWCg
+FG797Llbtf4kl0njyAbNXMPn97q4Rdrb4fULM2b7gnqULOYkbdp70sE+G0qSbAyC
+yIRjlVLZ1GA2+aS8Kp5RwtduMHTR9TpjIkxCeeD6RgR01P/eAAAAFGSYIBaOtZT1
+nNmyi5rv6MwQamxP
diff --git a/nss/cmd/bltest/tests/dsa/key5 b/nss/cmd/bltest/tests/dsa/key5
new file mode 100644
index 0000000..8d94d7f
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key5
@@ -0,0 +1,10 @@
+AAAAgIjZaOlgLsvabYb3yXCj/76x2pYvKMCvuScO8FvDMMqYw634PAcv6wX7Lik7
+UGW7sMvMkwwk2NB4ad6uzZKiYEwPXdNcW0Mf2moiLFLDViv3VxxxAgm+izuFiBh4
+hyX+gRK31ryC4P8cu/XW/pRpCvK1EOQa2CB9wsAvufpc76q1AAAAFKZlaJueW5zo
+L9FnYAbPTPZ+zFa3AAAAgCZ+KChXQXdSET+6P8pxVbXOiefIozwaKRIuK3IJZfwE
+JFJn/4f8Z6VzD+WzCAE6oyZpkPuzmBhah+BVtEOoaM4M4TrmruMwudJdO7s2JmXF
+iB2vDFqnXp1KgujwTJGprSlIIuM5eKsME/rcRYMfnTfaTvoPwsXrATcfqFt92x+C
+AAAAgGD1NB5Iyno7xd7O5hIR3ScnzY4vx2NfOqvqJiNm5Fj1xRwxGv2pFssNzcXV
+pXKfVzpTK1lHQxmbz6dFSQPnSzPd/mWJYwbOwg69hCdoL6UB7ga8TF0UJcvjGCi6
+AIsZydpoE2z3GECyBZGeeDpiilpXz5HPVpsoVP/veglu2pbJAAAAFAfOiGLmS39s
+dIIEbb/JOQcSPlIU
diff --git a/nss/cmd/bltest/tests/dsa/key6 b/nss/cmd/bltest/tests/dsa/key6
new file mode 100644
index 0000000..3408d5c
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key6
@@ -0,0 +1,18 @@
+AAABAPLTntMGKxPJFic2AKDyoCnobXpLkhe08YFb8rJNlxClerM/mXKUsBRYW40B
+mN/cy811MU2l/4WqNEtFra6ql5tRoxKnv6lEcvtjPxpvFWu0RYhn39OEA/BrhR8A
+/i00hAd73tcat1E9BKFAIgV1+2kzlUgOTIQCt6Rs7C03p3jDBazNHxPp9i6GUxX0
+sizEZ8iYbsjklh3fgQVmsMTuNprGqhXkP0dEAFgm9b3oBxoZ4wtpCarEs9F0I3Jw
+2tAnmdCbiizF8i5miUtUIiKLLCNPEfWnccW4nPRloqzsu+6qFyX+j5tZQivomRBS
+y1Vt3yyM6PqSBtvzn+rcGU4A+OUAAAAcgAAAAAAAAADBGPSYNeTvczxNFYAPzwWe
+iE0xsQAAAQDjqTwJ2m9WDk1IOjgqTFRvIzXDakw1rBRjwIo+bdQV31b9xTfyX9U3
+K+Y+T1MAeAt4LxrNAci06zNBRhX9Dqglc6y6fvg/WpQ4VBUa/C19/hIfuM0DM1sG
+W1ScXcxga+kFJIO8KE4SrDyNugm0JuCEAgMOcLwcwr+JV8S6BjDz8yrWiTiaxHRD
+F2Bj8kfZ4ilrPqW1vCM1go6hoIDtNZGN7iEv0DEnnRuJTwGv7FI4M2aerAMaQg5U
+C6EyClnEJKPlhJpGCla8sAFkeIWxQzxPmSlxdGv+KXfOclnFULVRpsNXYeSkGvdk
+6NkhMvzApZ0WhOq5DYY/KfQc91ePqpCMAAABACif8YwypWuwuIOTcGR2g6OKWn4p
+FBC5MgchKtyAiNMPk+nkq8Uj89RpNufVyQ2IdCs2r9N1Y0CPFcjBpPesJL8F8BAI
+/+5wyIJdV8OpMIutigla8rU7Ldo8vthG2V4wHrm4R2ZBXRH2wzIJoNKFcQlqsEp5
+qg3EZZl1KWhraOiHzYogXC3IGVrvBCLrqZefVJrIVUjkGUE2Q7ckQ2EVOtoUgNI4
+zQDcFlJ5OJVVSN1dAn3tECnu647WxhtM1ZNB2LFUZunaiQqYmZb012keYHLeE2ry
+i1h0vwi9H4pgz7HACIgTKQn1FeBLzoGwKVGqQbqsaP/bjF3Heh0y2PLBDdcAAAAc
+YTLlUc2siECRg7037hRSzSR9SDSwiBSydb4/9Q==
diff --git a/nss/cmd/bltest/tests/dsa/key7 b/nss/cmd/bltest/tests/dsa/key7
new file mode 100644
index 0000000..e7830fb
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key7
@@ -0,0 +1,18 @@
+AAABAKqBXJ2xxNPSdzx9DU0dp17PxKOel9X6GR/+yLFJCikM4zXlzofqYgqKF94L
+tkcU4uyEC/AObr20/7TjJMoHw8hxcwmvFBA2Kncsmt2DiysMrh6Qq0SK2r2s0uXf
+WcQYejKiNxnWxX6UAIhTg7+PBm8juUGSDVTDW098xQRPO0DxcEaVYwe3SOhAcyhE
+0Aqc5uxXFCk7YmUUfxXGf0vjiwgrVf3q22EkaJ+3b50lzCi46qmLVi1cEBHg3Pmz
+mSMkDTMtidyWA7e93QxwuDyqKQVjGxyDyruubAwMLv6PWBMe2DUb+T6HX2pzqTy6
+1HAUGiaH+6zy1xyN3ulxrWYHKa0AAAAc6jR+kL58KHXR/h22IrR2ODfF4npgNzED
+SMGqEQAAAQAgQglMy8i4cj/JKMEv2mcbgylemcdDV29EUEvhGGMjMZtQAtJPFz35
+CeokHW6lKJkE7kY2IEsvvpSwaP4JP3liV5VJVR068hmtjtGZOe/4a87INN4vL3hZ
+bonny1LFJOF3CYpWwjLrH1Y6qEvGsCbe7m/1HLRB4IDy2vrqHO2GQn0cNGvlXGaA
+PUt20TPNRFtMNIL6QVAjRjyb8w8veEIj4mBX06oNf7tmBjDFLknUoDJcc4ngcqo0
+nxPJZuFZdS+7cekzaJD5MkP6bnLSmTZe5bP+Jm6/ERBWj+5EJchHtQIQvUhLl0Ma
+QoVq3KPn0anJxnXH4maRgyDdWnikjEipAAABABrhDHhq0JAsXGhdrlxxIUGKN3uI
+i18vK8dmI1cP1ivLGQtHGtU1nF8GL4gZKJ6VbYqm+Q0fjPHuctOhvf1WxHjcKaGc
+RWm1pg46jzT2BlbqxbJd3lUUpcZ7Z1QjIE9syvCZBhfMc1W50+2GiXiiUgIKdp7V
+mm7apu/jN37vRfP28+ZBecx9uLFD+4NcXXG/z6HiqQSbzPf+mrV1RiIP4/S3UhyG
+FznROFB+gaRqaZNgVEHcuQ1u5K+8Qsq+kKJUREloEJ1+3ZaUoCMjnx1WF13R+sEV
+kV4k+rVj9Pw/JpvtLzAIMtESWWSFpxFBeqc7tKxyplGh+luu02Nscg05cAgAAAAc
+e0iQIVeOeee9PuerRW9lnz3AfIj1yaOeT4zugQ==
diff --git a/nss/cmd/bltest/tests/dsa/key8 b/nss/cmd/bltest/tests/dsa/key8
new file mode 100644
index 0000000..e7e72bd
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key8
@@ -0,0 +1,18 @@
+AAABAKTH6qtCxMc7dXdwkWSJ8XzVByXNCkvE4c9n92O4wd4tbauYVrqvsAjzZbGK
+QuFNxR81C4jsoCCcWqT9caepbHZfWQHCHnIFcNeDe+x8dtLkk0RzHKOUBdCoebng
+3NGoEl/RMOweeD5lS5TjAC5rYp6QSrOHeGdyDL1UtCcKnhXNAox8x5bwbCcqZglR
+ko/b6y3KBhtB6TIlcwV0L/FuL0KRkdXl8abd9ueMXXciz/gKnAvVyNeuuowEQ4mS
+sHXjB8FTTEmtOA9Hf195h9wXLBYdyjjcrz+zhGxyyRGaUpmtx0iVGz3ODQDUqQE4
+ALIAggO3JGW8aoSuBZowxFIt6lcAAAAczon+MyuOTrPR6N3OpdFjpbwTtj8WmTdV
+QnrvQwAAAQCMRl7fWhgHMCkeCA38U4U5elAGRQ26Lv4BKSZPvYl7tVecoOqxmqJ4
+IgQkcktPKm9u5jKEMqv2YTgGRglyM1BTOcVRnTV9cRK27sk4uF1ap1zC44CS8KUw
+rLVOUP6CxNVi+w8wNrgLMDNAI+u+ZjegAQsAx9uGNxFoVjZx4eDwKK7b1F0tVyYh
+pgmYKgc+Uaridwevvu8p4uzuhNem1do4K+OjX0K2xmhJICqxnQJbhp0Id2R20auY
+FHWtKtLz5v0H4waW2QpiaBbfYNbKev17SC+UL4O0XMgpM3Mfh/ruMgkA8qo+cLGG
+fhQw5AvmfAf5KQKZ7wZ7iySnUVs/mSwHAAABAHSKQCNyEaLZhSWW56iR9D1OsO5I
+gmyc+zNru2jb5aXhay4ScdTRPeA2RLuF72vlI6TU2IQVvNWWuo4KPE9kOemB7QE9
+fZxwM2/r99Qgz+0CwmdFe7Pz58ghRdKvVIMLlC7HSl1QPkImzSXddd7NP1DwqFgV
+XXvnmUEINt3FWc6Z4a5ROAj9rqw0hD3XJY8W9n8ZIF9vE5JRpBhtqEltXpDT/s+O
+0Qvmwl/16zPZYMmo9MWByMckykO3Yen9ta9mv/udLrsRprUEofvk+DTstqwlTKtR
+PpQ7mpU6cISzMFxmG/rUNPaoNVA8mt5/Slf1yWXsMB7N6TjuMbTesDivl7MAAAAc
+VRWV7MuwA7C/jd2hhKWdpR5Fmg0oIF5VkspMsQ==
diff --git a/nss/cmd/bltest/tests/dsa/key9 b/nss/cmd/bltest/tests/dsa/key9
new file mode 100644
index 0000000..1ab8a0c
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/key9
@@ -0,0 +1,18 @@
+AAABAKa7UzPONDwxybLIeKuR7vL96jXG2w5xZ2K/wNQ22HUG6GWk0sjPu9Ymzov+
+ZFY8pWhs2M8IFJDwJEWyiQh5gklftpl2sQJC1tUPwjtNvbC+94MF2aTQXZ6uZdh6
+iT6vOX4E45uqhaJsj/ve8SMyh7X1tu9qkPJ6aUgaky7kexjV0n6xB/+wUCXmRuiH
+a1y1Z/7B3TWDXUIIIZhTH6++WuKAxXWh+w5i6bPKN+GXrZbZ3eHzPyzsfSferiYc
+g+6OIAKvfrboL2oUeWrwN1d6EDK7xwkSnKq9it34cK4tBZXI/bNxVXSPDeo0tE1P
+gu1YwvWxuEgWYqxTRzxpNBAIL70AAAAcjD7lvZoqrwaL1YRb1V7PJ0FwVTB1d7vD
+dw7GiwAAAQBDtaa20LuWLsl2ajd8MsxBJPExEYjC7PlcDNSk+glyJbdhjLEnbEdF
+eNO/VkwUUZnAkqGxS6qSnC8/DzbgwtrpHroIvjCZKoifKVLgRCw3r0hKTs3DJDzP
+y540E89c3WYwsJ/hfvv94U2HJUkwGbe3PR94K0jvML7DbgDgK6M20iVPwgKmlhLN
+lEb5HXa3Of+m2LhgUvjcXxFFgBxWJBr1upA3JBvYnmM4tY4BMQZxwmjrXjOstX0f
+mfFkQKZ1gn1AF3VNYBoXraL77fkEVUqQsBUw2oyTzRTOKTyyvT55N+k0t54xD+TY
+DBP5L2M4E1W9gKGr7hpz/fttok7ygAKjAAABAGR5ebeWDOe5cf8OX2Q19CpBsYyd
+4JowERSgE6fNARg/F2+Ig4N53LTvtn2up53vPwQsvPnMUDtMIVGiNk98lDexlkPm
+fiSja6xKTPopPe7fjsaxVKMqpymF99jeI1M0tUbCne9FjFXQxcCsXXTiAk7H1KvC
+/aUWoqCxpNiGrZLCBHB4KKT8d5T2DuikvhEByeVRj34Z7r1HXy3m9rqJwovRKfE5
+k77+WBhEAxmnlUmDMZY0KjHbr315SX3sZe59vvcOWPmdBZX2pxFAmt4xUdRVY9U8
+HNCoqxoYvv9lAsuwwGmxFOp753iY0PTlSZkboLNolxsQcuzkr8OA6a4ymlAAAAAc
+TvpRNutqp06Su/yROwv+u2E9t6RyIft7ZPQubw==
diff --git a/nss/cmd/bltest/tests/dsa/keyseed0 b/nss/cmd/bltest/tests/dsa/keyseed0
new file mode 100644
index 0000000..6eea359
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed0
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed1 b/nss/cmd/bltest/tests/dsa/keyseed1
new file mode 100644
index 0000000..6eea359
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed1
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed10 b/nss/cmd/bltest/tests/dsa/keyseed10
new file mode 100644
index 0000000..054c192
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed10
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
diff --git a/nss/cmd/bltest/tests/dsa/keyseed11 b/nss/cmd/bltest/tests/dsa/keyseed11
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed11
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed12 b/nss/cmd/bltest/tests/dsa/keyseed12
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed12
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed13 b/nss/cmd/bltest/tests/dsa/keyseed13
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed13
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed14 b/nss/cmd/bltest/tests/dsa/keyseed14
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed14
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed15 b/nss/cmd/bltest/tests/dsa/keyseed15
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed15
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed16 b/nss/cmd/bltest/tests/dsa/keyseed16
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed16
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed17 b/nss/cmd/bltest/tests/dsa/keyseed17
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed17
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed18 b/nss/cmd/bltest/tests/dsa/keyseed18
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed18
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed19 b/nss/cmd/bltest/tests/dsa/keyseed19
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed19
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed2 b/nss/cmd/bltest/tests/dsa/keyseed2
new file mode 100644
index 0000000..6eea359
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed2
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed20 b/nss/cmd/bltest/tests/dsa/keyseed20
new file mode 100644
index 0000000..cde1798
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed20
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed3 b/nss/cmd/bltest/tests/dsa/keyseed3
new file mode 100644
index 0000000..6eea359
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed3
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed4 b/nss/cmd/bltest/tests/dsa/keyseed4
new file mode 100644
index 0000000..6eea359
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed4
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed5 b/nss/cmd/bltest/tests/dsa/keyseed5
new file mode 100644
index 0000000..6eea359
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed5
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAA=
diff --git a/nss/cmd/bltest/tests/dsa/keyseed6 b/nss/cmd/bltest/tests/dsa/keyseed6
new file mode 100644
index 0000000..054c192
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed6
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
diff --git a/nss/cmd/bltest/tests/dsa/keyseed7 b/nss/cmd/bltest/tests/dsa/keyseed7
new file mode 100644
index 0000000..054c192
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed7
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
diff --git a/nss/cmd/bltest/tests/dsa/keyseed8 b/nss/cmd/bltest/tests/dsa/keyseed8
new file mode 100644
index 0000000..054c192
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed8
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
diff --git a/nss/cmd/bltest/tests/dsa/keyseed9 b/nss/cmd/bltest/tests/dsa/keyseed9
new file mode 100644
index 0000000..054c192
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/keyseed9
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
diff --git a/nss/cmd/bltest/tests/dsa/numtests b/nss/cmd/bltest/tests/dsa/numtests
new file mode 100644
index 0000000..aabe6ec
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/numtests
@@ -0,0 +1 @@
+21
diff --git a/nss/cmd/bltest/tests/dsa/plaintext0 b/nss/cmd/bltest/tests/dsa/plaintext0
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext0
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext1 b/nss/cmd/bltest/tests/dsa/plaintext1
new file mode 100644
index 0000000..f7b1bad
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext1
@@ -0,0 +1 @@
+WEKejzcfnh1ppb+WpVTWJ8/VSFw=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext10 b/nss/cmd/bltest/tests/dsa/plaintext10
new file mode 100644
index 0000000..08d653e
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext10
@@ -0,0 +1,2 @@
+rBhknAaqqqlnKm/advb86OGGUVWFcbz9ihmsNZcQniSGMCNRB1ROUVCb5azZuiZ+
+4ImIYj1aymGnxDoIS+YZng==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext11 b/nss/cmd/bltest/tests/dsa/plaintext11
new file mode 100644
index 0000000..05f0054
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext11
@@ -0,0 +1 @@
+PlUtQFJV4fg6RHC9IFSw1nSy/dY=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext12 b/nss/cmd/bltest/tests/dsa/plaintext12
new file mode 100644
index 0000000..639a7cc
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext12
@@ -0,0 +1 @@
+tGiqjB9KQERHn6GvDD8iHrgM5nYcmcaGbRp9nQ==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext13 b/nss/cmd/bltest/tests/dsa/plaintext13
new file mode 100644
index 0000000..924d0ed
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext13
@@ -0,0 +1 @@
+CrhLNBzxdeOM06JwSiDHlsHH0AlCJKHkdpQvJw4OTio=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext14 b/nss/cmd/bltest/tests/dsa/plaintext14
new file mode 100644
index 0000000..967d952
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext14
@@ -0,0 +1 @@
+4II54Zw0xvxpgkZbrlGIWAPGug2Ih8VgwXb+NG3cRkcdkNR5SHsy/jDgrlTYQGn/
diff --git a/nss/cmd/bltest/tests/dsa/plaintext15 b/nss/cmd/bltest/tests/dsa/plaintext15
new file mode 100644
index 0000000..a702f7e
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext15
@@ -0,0 +1,2 @@
+OfmOLA3KSs6DsKB+owDqX4JKdU9bT3xwUOJzPGkrsyKo3mur8w2dklEbOObDF5zg
+XxEGB/8DFIp8sCqeP2qewg==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext16 b/nss/cmd/bltest/tests/dsa/plaintext16
new file mode 100644
index 0000000..dfa0cda
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext16
@@ -0,0 +1 @@
+mbNzEDnv9o8UR+5qjp+UCBlCe70=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext17 b/nss/cmd/bltest/tests/dsa/plaintext17
new file mode 100644
index 0000000..ec01a51
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext17
@@ -0,0 +1 @@
+INmoiblVarLpT/1EghXog/90qXfqHhqcQlUsmg==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext18 b/nss/cmd/bltest/tests/dsa/plaintext18
new file mode 100644
index 0000000..84a9856
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext18
@@ -0,0 +1 @@
+b5h4y7cMDS2TQtEP6tSlMuxCp3q1hlT3LLt7noMBKrA=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext19 b/nss/cmd/bltest/tests/dsa/plaintext19
new file mode 100644
index 0000000..aa054c5
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext19
@@ -0,0 +1 @@
+kYTu+RQoZJZSUNshOvoBQxBj2N7aAyjFYJzs0WWVBdRaLlujVOVu2dlxGwJktm9M
diff --git a/nss/cmd/bltest/tests/dsa/plaintext2 b/nss/cmd/bltest/tests/dsa/plaintext2
new file mode 100644
index 0000000..bf54afc
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext2
@@ -0,0 +1 @@
+IDdekD+X/lylh+t2yXvLHboeHUZAZUozsUU48g==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext20 b/nss/cmd/bltest/tests/dsa/plaintext20
new file mode 100644
index 0000000..20c8ee2
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext20
@@ -0,0 +1,2 @@
+Q6bpLpUVhU3Sjdd4YG4BnAfUf4u6TrwCAzmSB0q66YryvQBzf3fQ3H4fp4GVuYRV
+ftjzEtAhCf9OYBtR4GSnvA==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext3 b/nss/cmd/bltest/tests/dsa/plaintext3
new file mode 100644
index 0000000..a8ec5df
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext3
@@ -0,0 +1 @@
+Mqqlk48AsWXhRAWNXCGQuvRpPAwqfbTlmnfsFKcKblA=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext4 b/nss/cmd/bltest/tests/dsa/plaintext4
new file mode 100644
index 0000000..46644c0
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext4
@@ -0,0 +1 @@
+w8+3pOAcqljMh1bLGnWAWlZvlgnJhOJDBC2C0M3mTFrCeylP+FfUSfGfRD2uDS2f
diff --git a/nss/cmd/bltest/tests/dsa/plaintext5 b/nss/cmd/bltest/tests/dsa/plaintext5
new file mode 100644
index 0000000..631d1eb
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext5
@@ -0,0 +1,2 @@
+PiPosk1QVF3Ck1taH0AunEzHuPxBHnFMTKPWBsxTI9YdZ5XAEzt5QPHQKm7ja20+
+bmsWwSw++jcz8N2DY6WW2g==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext6 b/nss/cmd/bltest/tests/dsa/plaintext6
new file mode 100644
index 0000000..f62997b
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext6
@@ -0,0 +1 @@
+uCkA/iALiJlpG34VqA2JNi5cqJY=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext7 b/nss/cmd/bltest/tests/dsa/plaintext7
new file mode 100644
index 0000000..c0f0aa0
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext7
@@ -0,0 +1 @@
+KfVXa9k+jC0vrKPpgWQNMrHmPXpYTROh7YXBMw==
diff --git a/nss/cmd/bltest/tests/dsa/plaintext8 b/nss/cmd/bltest/tests/dsa/plaintext8
new file mode 100644
index 0000000..9c053cb
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext8
@@ -0,0 +1 @@
+GC7dULJ04jKDdn7fzRjVyUZm7aDbl31cEJU6STyznuA=
diff --git a/nss/cmd/bltest/tests/dsa/plaintext9 b/nss/cmd/bltest/tests/dsa/plaintext9
new file mode 100644
index 0000000..c0378ae
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/plaintext9
@@ -0,0 +1 @@
+hV6v7+GSeeSI2lL+Nu9CJCNoU2pR8eyGkOsfOxb2lBZ42gDIglCTvg88E4ocTsam
diff --git a/nss/cmd/bltest/tests/dsa/pqg0 b/nss/cmd/bltest/tests/dsa/pqg0
new file mode 100644
index 0000000..f16326c
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg0
@@ -0,0 +1,4 @@
+AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s
+Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA
+Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc
+xC6fb0ZLCIzFcq9T5teIAg==
diff --git a/nss/cmd/bltest/tests/dsa/pqg1 b/nss/cmd/bltest/tests/dsa/pqg1
new file mode 100644
index 0000000..0c09290
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg1
@@ -0,0 +1,6 @@
+AAAAgKj5zSAeXjXYkvhfgOTbJZmlZ2o7HU8ZAzDtMlaybQ6AoOSaj/+qrSok9HLS
+VzJB1NbWx0gMgLTGe7RHnBWtp+qEJNJQL6AUcudgJBcT2rAlrhsC4XA6FDX2Ld9O
+5MG2ZAZusi8uO/KLtwoqduT9Xr4tEiloG1sGQ5rJx+nYveKDAAAAFPhfD4OsTffq
+DN+PRpv+6uoUFWSVAAAAgCsxUv9sYvFGIrj0jln4r0aIOzjnm4x03urp3xMfi4Vu
+OtbIRV2rh8wNqKyXNBfOT3h4VX1s30CzW0oMo+sxDGqV1ozihK1OJeooWRYR7gi4
+REvWSyXz98VyQQ3fs5zHKLnJNvhfQZEphpkpzbkJpqOpm74IkhY2gXG9C6gd5P4z
diff --git a/nss/cmd/bltest/tests/dsa/pqg10 b/nss/cmd/bltest/tests/dsa/pqg10
new file mode 100644
index 0000000..6654a09
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg10
@@ -0,0 +1,12 @@
+AAABAL/r0ACy1s1Ks477o13zNN9yHWwvKz2VZnnLrQCfPfvQApUsyJnMI1bsh2m9
+PRulpzAjcpiI2pLKSKXulMl/TwSi46y08zovD7N4PDHyxw+nxw84IUon2t7IsS5n
+mWqehe47sUiAMTAUc5LcUlPATXBjU15s1ka/sYaYTgi1i3SnvlszO/MrCr/VZlNg
+6akjoMUo/xxixyU0WPVnhShxnUNuUBSHQfRdx90sbKxxxVIx8SqD/v0u0KM+3huK
+UfVm/PeJBoLNwZMdwgfJK/LvTiirMWYe63fxYB7qlByVkfA40/ANkShX2wXmSyrV
+aTIAYcb4Y/8zVNhC5+fqcVr++NEAAAAcqpht+KBkJ46TYzFqmDC8+kkGVvqm1dqo
+F9h5SQAAAQCBla2aR4/ZhSFu5YNoNm0u3RPBKz1iI5Fp+gQtkRVkCLSDEi9E7WI2
+uDCKbNtS+a896I7IngOa+tfaOqZsGXYEmo4KfRjVZ7r5n87+MVytoBVIOGsQsl5S
+9S7XjrTSgILl4f/ulIDE/izEqv0e/J1P0sxtFVlokxJx7xWzJA5/sEOoDI9ii+/g
+nWRQd8ECnSHgrIvwupwncU0bWA7eWUqgGzt29udF/B7AfbN+L9fpjGyMaRUijkIs
+MJ3p9dsWj1AknRvh7TKYCQgI4uu4lrt5uMTL+U1MIGTjfmErpESdesIQ7d4hFBbW
+SwUd2ARqsEFzJmVBGn8VTTGz4RpR2n/A
diff --git a/nss/cmd/bltest/tests/dsa/pqg11 b/nss/cmd/bltest/tests/dsa/pqg11
new file mode 100644
index 0000000..a0a47d4
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg11
@@ -0,0 +1,12 @@
+AAABAMGlnSFVc5SeCyCpdMLt8uMTf/JGMGL3Xx0T3xKroQdrstATQCtgr2wYf7D6
+NiFnyXbCYXxyb5B38J4YwRtg9lAIglvWwCofV9PrCtQc1UfeQ9h/JSX5cdQrMGUG
+58oDvmOzX0raFy0KBpJEQKFCUNeCKsLVrq/tRhnnnUFYp9XrLZ8CPbGBqPCUssbL
+h8uFNUFqwZgT8HFEZgxVd0X0SgHGsQKQksEpsNJxg+gsWiGoAXfudHbrlcRm+0cr
+09LcKGziWEfpPL+prTnMVwNdDHtkuSapx/WnsrxavL+9wLDj/t48HgLESvyK78eV
+faB6Dl/RIznbhmdhb2IobfgNWKsAAAAggAAAAAAAAAAAAAAAG9YsZei4fIl5f48M
+v6VeSmgQ4scAAAEArqWHh0DxQk08bqnGtHmWFdJ0kpihfiYgf3bO80Dd05Dhsa1r
+bAAQrQFaEDNC3dRSysAks25C2bjtUvr656HTzp5LIfkQ0TVusWOj5agYTHgb8USS
+r6LksKVtiIT9AaYouWYnOcQuXFeVreL18n5t4dljkXzogG/EDQIc2HqjqjqeTwws
+TEXSlZsleLL7GiIpw34YEFm51ee3hi+oLiN3pJ7Q+dyoIKWBQHndZhBxTvr4sMxo
+PY5y5MiE5vnUlGs+jUy7kq2759TEfMML5/jDfKgYg6GqxoYAWf9GQKKcyuc94gsS
+5jsAqIsu6bqUt160CmVuFdnsg3MchdDv/Lnvnw==
diff --git a/nss/cmd/bltest/tests/dsa/pqg12 b/nss/cmd/bltest/tests/dsa/pqg12
new file mode 100644
index 0000000..b62db4b
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg12
@@ -0,0 +1,12 @@
+AAABANAiduvzwi/9ZmmDGDpHrpTJvMvL+V3ctJHR985kNUkZmZLTfHnnsDLSbtAx
+trpEifMSWCb6+ycmqYMz69mr3eWS2Gk9mFlTbZzDhBodJOBE01rO1hNiVvxta2Fc
+9PQWOqOB6ytMSAglqOzMVtjdz1/mN+OK2bKXS9LPaL8nHg0GfSRlqLa2YFJPAIJZ
+iUWtpY6mSbmATrR1NAjCxZdoxGq7guMpXz2cpGn4TMGH9XLcS1o7OTRuyDnfrW8H
+1tHw4hUgm7DswFx2fPLnlDrJz7Au7h6e9ZRujOiDFrXhX9z5WhMu8uS7CBcTZSjP
+pd2WUy+cOr5cQhYg7ba8vVIjTKkAAAAggAAAABKZfoKF5AiXCPUoBwxtevigvQFA
+nnoHnNtvxbsAAAEAd4RTBJ7yYhR/7XtZsO5nZGB8Uee1tfxv6np6ex3Wuyg/Sprp
+jv05ZLFVZ1jLFbKlOvhhnnTYWJi+x307PzgklK5ZYaE//HRdo4YYIpFRmAD5ndcQ
+4ArrFa3uCI4nmO4uRvWYUmzw9GZwVdG6AJdQBB3FzdJyX/HZfdNAyFGK92cbh9Od
+Z67O2Etm+E4HAe/IKlye+VTuV20kw4WxTWMDfw2Gb9QktJdb3VSF7XQMuTLoQ/kG
+aD98eyx0d12QHDYbhHtRnA2mmWONpAvXNreD0nELLCzCbvkScb9OLBkp+HbpAuIF
+cWQiO8eNaiufbAx6fLhZIvfWxCh64jhh+BKISA==
diff --git a/nss/cmd/bltest/tests/dsa/pqg13 b/nss/cmd/bltest/tests/dsa/pqg13
new file mode 100644
index 0000000..3f01b91
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg13
@@ -0,0 +1,12 @@
+AAABAKittsC0z5WIAS5d7/GocdOD4OKoW16OA9gU/hOgWXBeZjIwo3e/cyOo+hFx
+ACAL/VrfhXOTsLvWeQbAgeWFQQ44SA6tUWhNrDo497ZMnrEJ8Zc5pFF819XWKR6K
+8go/vxczbHv4DucY7gh+Mi7kEEfavvvMNNELZrZE3bMWCijAY5Vj1xmTomVD6tt3
+GPMXv12Vd6YVZWGwgqEAKc1EASsY3mhEUJ/gWLqHmAeSKF8nUJaf6Jws1kmNs1RW
+ONU3nRJdzPZOBsGvM6YZCEHSI9oVEzM6fJ14Riq6qzG5+W1fNERc62MJ8vbSyN3g
+ZEHoeYDTA++aH/AH6L4vC+BswV8AAAAg5x+FZ0R/QudfXvhcog/lV6sDQ9N+0J7c
+P25oYE1rnfsAAAEAW6JN6WB7iZjmbObE+BKjFMaTWEL3q1TNgrGfoQSr+12EV5pi
+OyV0s30izK6bPkFeSPXA+by9/4Bx1jubuVblR686jfmeXTBhl5ZS/5a3Zcs+5JNk
+NUTHXb5bs5g0UxlSoPtLA3iz/LtMi1gApTMDkqKgTnALtu1+C4V5XqOLG5YnQbPz
+O53eL07BNU8J4ut46V8DelgEthcWWfiHFc4amwzJDCfzXvLxD/DHx6K7AVTZuOvn
+aj12Sqh5rzcvQkDeg0eTflqQzsn0H/Lya42pqUoiXRqRNxfXPxA5fSGD8bo7e0Wm
+jx/xiTyvaagngC97akjVHab777ZP2abFt1xFYQ==
diff --git a/nss/cmd/bltest/tests/dsa/pqg14 b/nss/cmd/bltest/tests/dsa/pqg14
new file mode 100644
index 0000000..5b04b1e
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg14
@@ -0,0 +1,12 @@
+AAABAKYWfBb/904pNCuFhq7TzYlvexY1oihv8W/f9BoGMXymsFyiunwGCtbbFWFi
+HMsMQLhqA2Gb//MuIEy9kLedy1+G67ST470ZiNgJf6I/pNePs83csAxGZCPY+nGY
+c8N2Rf5O7MVxcbvt/lb6lHTJY4W4ujeMeZcteqrmmiumTN6OVlTw97dFUM00R+ek
+cqM7QDfbRo3eMcNIqiXoK3/EG4N/f8ImphA5ZuzY+dFMLTFJVW1Dgp8TdFG40g+F
+ILDOjj1wX3TQpX6ocsK97pcU4LY5Bs3f3Ci2d30ZMlAA+O1SeOxdkS0QIQkxnLo7
+ZGnUZykJtPDb7sC7tjS1UboM8hMAAAAghCdSkETSFMB1dPezWcLgHCP9l3AbMorI
+wThbgcU3OJUAAAEAb8IyQVwxIAz1I680g/jias6AjS8caouGOrBCzH9rcUSy05Ry
+w8tMdoHQcyhDUD2PhYy+R25nQDJKqilZUBBZeMM1BpuRn/mm/0tBBYG4BxL+XT4E
+3bTf0m1ef7yisMUtjUBDQ9V7L5sqJtqn7OMM6rnheJ+XUaqpOHBJllrzJlDGyls3
+SlrnCz+Y4FP1GFfWu7F6Zw5uqviYRNZB4eE9Whsk0FPca4/RAcYkeGlRkn5CYxCr
+qUmKAEKz3Hu8WdcF+A2bgH3kFffpTFz514mZLTu4M20dgIy4a1bd4J2TS7UnAzki
+3hS/MHN2q30i+81hb57aR5qyFKF4UL3QgCqHHA==
diff --git a/nss/cmd/bltest/tests/dsa/pqg15 b/nss/cmd/bltest/tests/dsa/pqg15
new file mode 100644
index 0000000..ecc45f3
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg15
@@ -0,0 +1,12 @@
+AAABAPY9o76alhYZbGVW885v2LmL3akTdHPaRv7ZcOK40Uc4eoGSIGXVKKfWQz68
+XjWxXGfqNaWlv/W5zvHNHm/jHdpSg42jqom5tOjZ08BzLMxPI4zhtBbEypPyxoAO
+X07UHE92Fc7FUxuYaAsg3GP3PnDYA6rPrs4z1F+g4513yFCCCVKLkEa1kXAQeRI0
+OX5BLSK8C41ny9HNKKMsJGCgvYaqug7qgOFuMkVkMXHjQiF2DCA6VrggehAJ5sGi
+9s2oX4XE+eQQuUmSM8DuBy5GWvT7T7koLFwQ6CNP1jDqkvCq5rl6Ug2zRHVwe3mk
+wXUmXANWzLyoJ+ODffPW0FdtkHkAAAAgm3Rj+CafC5CavtEJkWhPNqZKyGTg1tcX
+wO8hV3pMOQcAAAEAlyp19gboqjqR/wj9Exog9ZYyUTBOPRQxtxL6CAPVJ/1xD7fr
+J+UpBJcc1DypdxmaJNvutLe8K6B107cutrLFrY8Oi49IxQtVTH4HEfTHQWMwgGZy
+SY9DApJyS/mKjqSMf1PXsx2LdSixpvCH0sJ8M1ICg1seMUIls3rvi/zsfYCSDEpG
+Cj1oNE3tde2e6Gf6KmlFBjiU9WO2hjO4s5+DoaqvWpbH9CJofnyEz4+4zF9FBN/w
+h7yyapW7+Fg/A7Og5Do1ayvX4lzd33oBUwD67MZ5PF7pm2Mny4RW4y2RFTOdWmtx
+K3+dAwGssFEz4xFeRU06bdJKFpPJSqtUBlBL9w==
diff --git a/nss/cmd/bltest/tests/dsa/pqg16 b/nss/cmd/bltest/tests/dsa/pqg16
new file mode 100644
index 0000000..e298647
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg16
@@ -0,0 +1,17 @@
+AAABgP1abFbdKQ992Eop3hcSbrTkSHs+/wpEq+XFl5LS4SALnD20TVKLn30iSAMu
+S6D3v8T6/HBr5RHbInbAt+z/042i4cLyN6dTkMHk0yOcuo4g5VhA7LBd9fAaG2l3
+rRkG8stUTM+5O5Aa0JZrGDKtLatSYkSjFWyQXAGsUctzudzZhg1WF1pCXYRkhdmx
+9EqKDCV45s9hlHvBoTkv3TILFqnXBFX+Q28tR97Y6OYF90hutXjqf8T/0TwH+Zlq
+8Vn9QR6UUUAyeN0RQajJJrNcljhLvWvuCcRvRMNrH/xxl/XpJdvgVEpo5quMGOQm
+pGazkvnCfdef76nKFjzFo3VTmoVZ8nf2V6U10ZZMal6RaD71aY66oB74GNv3LLBM
+P/CS0YiGbyXNQFEI9Wawh/c9LVvrUfrG3oSuUWGmavlgLH5L/BRvSCC9/Akvrqxp
+Ez5KCKWyAqEkmKIuV7rVRnTtS1EBCdUrX3TnDh9vghYXGM1M8AzJ8ZWKzIvdzfvR
+++Rs0QAAACCAAAAAAAAAAAAAAAAzSibdj0nGgRzoG7E0KwbpgPZLdQAAAYCZqwMK
+IaXJgYF0hyFnZByBweA8mydM+8J7xHJUKSd2beX6BTmztz8/FqyGaprsi0Rd7Zf7
+/wiDTtmMd+f8ieXcZXvvdm/3+/jnaHPhe+5BJ2LVb+EUF2CrTSW6/Utu8ltJo1Bm
+MtH44Qdwkwdg7BMlkyxaS6+ekBVCZN30QuxcQf7ZXRFSUVHbz7N1gUm62Bxiuc/3
+gWuPlTuLfAIlkNFYTpIdyVX1MorHKYPtXPDQQFb+DVMeYvj2yas8D81E4UhgtzEd
+JWHHfB0y9sadyPd5aMnYga2dteDBFP2oYovKAzXrf7nhXmJaq6tY/AEZTIG/b7LO
+VAd7giUOV8ansl3rbuOdS2hqXDB6dhKy2F7pJRJBPeopfkTzF75863CjMorwtAEA
+GkGFYrj/5Ol3G0tKjgtAx5E0nV1ORZ/mIKGi/HLi9sooVn1MJjK73htJhkwGuxJh
+nxMsHaj1ce9hPqxzn2arORTLP6GrhuBeUILrqiTr7qTPUb7vwn31Ev4/7n0=
diff --git a/nss/cmd/bltest/tests/dsa/pqg17 b/nss/cmd/bltest/tests/dsa/pqg17
new file mode 100644
index 0000000..fa1b638
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg17
@@ -0,0 +1,17 @@
+AAABgPY7PN1kbY5921chaqbuwhNNcHSIofKc+plwZF8SJ+pdsuMY7qXaFofH7ZBQ
+lmk0XtYTTP8yIDq3Kuy/ppPSFq61XY0oqYH0q/8H0TGaeZvl3XRvhIQoF5KcMFtA
+hZivEgRdqi8czIvk2BtRPGMPAX/sFlisoQihr2Eg7AXjAYxCU8ndNbzgYrc9DyqT
+1BxIGlxDu5eQloLTmppg3Dw142N13sbO0NLbO6DREb7epwGg5HU2JJd6nnW3CnTi
+uB44pSqyLaExs1QW087JZjB5dGp2NHbldZgULjmGFUXar404oXbybHH1r+vZxWIN
+qAzzRStVw3xmG0oewDUXELneSjy+C5i02eyJEo2Xqn77GduLpDzAviXCAPkOFQbL
+eOwMM216lWE9QgTo7WjQ8KbHhCAQWo0tQ4+9JVGmShoLA/+4eHQvjJl5z6hzlBUC
+gZmNUXAdX8+paWpJif0l9ACVXmJrGr6SbAr6aappgZAO/83QMFkvgrIEKkeppajL
+AoPcTQAAACCAAAAAukY0tfpNoFS9DKSK5JDldxHzgRk4QkKRWbp8oQAAAYCK1FU8
+TkmqJHKKtQJEF7Ey0spTpV2VlFjy91mtsENb7u+jos/NADjiQgZD/EpN7rXZ/qoe
+3yEZO0DhS0KYKpTzXFi4EUfXGJ0mPJsS/mOrn6X28DooYMGGQy46sE8qsPL7YUe9
+m/ftXSBxO52iE4Piw6Fo59CdPYpaBY/SMJW1rP64ZKMwa+JCX6GtMq1tk4LmA7A8
+aK9K8CRjlxAsQVXLqBGr+Z2ng553surJlwWIyh0KI2FyOhZKySKcLoDc+o20+eKY
+A+/7MWjH/tejpt5A3aGaBTavm1t6+u+5xw1q6N8S2mWPYjYEOuqHPbKc628H0Qj1
+IlaHvQww4whOIJC0WuL5Kpe47LepcFxJVrizHEo9YRB8hOR63abIDV0i2rPYWSIP
+nVqrE2d6498WjwwXbRdrVFBsY5hT8E3e8nIvOcGOXOQm4UVirY/yYkeviIcO+3LA
+zOg23o/uZ6ZiN4JFtQK/H4MJmYigk8583IE2THix9KUbgA32E3xx1l5rCJo=
diff --git a/nss/cmd/bltest/tests/dsa/pqg18 b/nss/cmd/bltest/tests/dsa/pqg18
new file mode 100644
index 0000000..cd7ed66
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg18
@@ -0,0 +1,17 @@
+AAABgMe4bXBEIY42dFPSEOdkM+Tiepg9scVgu5dVqPt9gZkSxWz+ACqx/z9yFluU
+PAso7UYDmgfeUH16Kfc4YD3s0ScDgKQflx8lkmYaZLovNR2aaeUaiIoFFWt/4VY8
+S3fuk6RJSROEOKKri9z8SbTnjRzedm5UmEdgBX12zXQMlKTdJaRqp3sY6dcH1nOE
+l9Tqw2T0eS2XZqFqDiNIB+lrjGTUBLvbh245tXme9T/my5urYu8Z/cwr3ZBb7aE7
+nvesNfH1V8sNxFjAGeK8Gan138Hk7Knm1GZWQSQwSjHwOGBaPjQtoBvhwrVFYQ7d
+LBOXo8g5ZYjGMp7+tOFlr1s2ijmojkiI459Auz3k6xQWZy+Zn+rTeu8cqWQ/8yzb
+wPzr5ijX5G0oGpidQ90hQyFRr2i+P21WrPvbbJfYf8teYpG/i07hJ1rg60ODzHU5
+A8jSn0rbalR+QF3s3/KIxfbHqjDcsS+E05JJOnCTMxfA9eZVJgH64Y8X5uW7a/OW
+0y2KuQAAACCHb6CeHcYrI2zhwxVbpIsMz9op86xal/f/ob2Hto0qSwAAAYARCv67
+Esf4YrbeA9R/28Mybg1NMbEqjKlbLe4hI7zGZ9T3LB5yCXZ9JyH5X72aTQMjbVQX
+T7+v8sT/ferkc4sg2fN78KETTCiLQgrwtXkuR6klE8BBPzRqTturLEW9yhP1NBwr
+Vbi6VJMrkhe1qFnlU/FLuMEg+7nZmQnf9epo4Us3mWT9Pzhh5bpcyXDEoYDu9UQo
+cDlhAh571oy2N5J7jL7mgF+icoW/7k0e9w4CwaGKfNeL7x3Zza1F3enNaQdVBQ/E
+Zik37h1vTbEoB8zJW8Q18Rtx5whgSLHatZE8YFUBLeguQ6TlDPk/7/Xcq4FKvCJM
+XgAlvYaMP8WSBBu6BHR8EK9RP8NuTZHGPuUlNCLPQGM5jXfFL8sBFCfL/PpnsbLC
+0apKPacmRcscdnA2BU4vMfiGZaVEYciF+zIZ1a2HSKARWPbHwN9ajJCLqMPlNoIk
+KIhse1ALvBW0nfdGud5aeP47T2mR0BEMPL/0WAOdw2Jhz0avS8JRU2j0q7c=
diff --git a/nss/cmd/bltest/tests/dsa/pqg19 b/nss/cmd/bltest/tests/dsa/pqg19
new file mode 100644
index 0000000..cacd4e4
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg19
@@ -0,0 +1,17 @@
+AAABgKQQ0j7ZrZlk0+QBy5MXolIT91cSrLxcEhkavz8cDnI+IzO0nrH5Ww+XSNlS
+8Epa41iFnThEA842SqP1jdl2mQm0UEhUjFWHKmr7s7FcVIgvlsIN8bLfFk8LrISc
+oXrS32Or11yIGSLnmlAJ8At9YxYi6Q5/pOmAYYV14da9GnLVtqUPT2pot5OTfEr5
+X8EVQXWaFzZXfZRIuHeS3/ByMkFVEukzdV4SJQ1GbpzI3xUHJ9dH5R/qeWQVgyax
+Nl1YDLGQ9FGCkVmCIf3zbGMFyLio7QVmPdewBulF9ZKrvsrkYPd8cbbsZJ0/1TlC
+Au17u9BA97j9V8sGqZviVPol1xo3YHNARsKg2zg+Ajl5E65nzmWHDZ9sb2ep0ASX
+vh12OyGTfPnL+aJO+Xu8qgeRb4iU5bf7AyWIIaxGFAllsjxUCcpJAm77K/lbzgJc
+QYOl9lm/aq7vVteTO7KWl9fVQTSMhx+gH4aWeLLjRQb23ApMEytomg7SfcPI1TcC
+qlhIdwAAACCrxnQXclzyj8dkDV3kOCX0Fuv6gOGRxC7ohjAzOPVgRQAAAYCGfV+3
+L1k20aFO07YEmWYvMSRobvEIxbPaZmOg6GGX7CzEyUYBk6dP8WAorJRBsMfSfCJy
+1IOsfNeU1ZhBbE/5CZphZ51BfUeM5d2XS/NJoUV1r+dKiLEt1fbRy9P5Hd1ZftaO
+eeukAmExMMIkuUrChxSh8cVSR1pdKc/N2OCKax1lZh4o7zE1FNFAj1q9Pgbr46fY
+FNHt4xa/SVJzyh1XT0K0gu6jDbU0ZvRUtRoXWguJs8Bd2gBucZouY3FmkIDXaMwD
+jN+4CY6arZuNg9S3WfQ6ydIrNT7YijNyNVAVDeA2G3o3bze0XUN/cctxHyhH3mca
+0QWVFqHUV1UiShXTe0rq2j9YxpoTba7wY2/jjjdSBkr+WYQz6ACJ/aJLFEpGJzS+
++Pd2OIRbAOWc5/pPHa9IeiytoR6rpyuyPh32tmoYPt0ibEQCct2bBr7A5X8aCCLS
+4AISBkttumRWIIX1p1kpr6X+UJ4LeOYwqvEvkeSYDJsNb34Fmi6j4jR52TA=
diff --git a/nss/cmd/bltest/tests/dsa/pqg2 b/nss/cmd/bltest/tests/dsa/pqg2
new file mode 100644
index 0000000..4bde8ec
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg2
@@ -0,0 +1,6 @@
+AAAAgIubMvW6OPqtXg1QbrVVVA0NeWMZVVjKMIt0ZiKNkqF7OxS44Kt3qfOylZoJ
+hIqmn435LNnp7e8K33ks53v87Mrdk1JwDKX67PGB+gwybbHW5dNSRYAR5RvTJI9O
+O9fIINfgqBkyrKHro5AXXlPq2hlyI2dOOQAmPpD3LZTnRHv/AAAAFLxVDpZWR/s6
+IPJF7IR1Ykq7sm7dAAAAgBEzOpMfulA0h3dzdoWf3BL3xoewlIroidKH8benEq0i
+CuTxzjedDbtcmr9BliHwBfwSPDJ+UFXRhQY0w205fmieER1ZjBw2NrlAyE9C9DaE
+bo5/ytkBLO2jmHIPMv/9GkWrYTbOQXBpIHrBQGdbj4bdBjkVrm9isM7HKfvVCawX
diff --git a/nss/cmd/bltest/tests/dsa/pqg20 b/nss/cmd/bltest/tests/dsa/pqg20
new file mode 100644
index 0000000..f782840
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg20
@@ -0,0 +1,17 @@
+AAABgMHQptC17WFd7nasWmDdNeywAKICBjAYsboKBv56APdl2xxZpoDOz+OtQUdb
+rbWtULYUfiWWuI00ZWBSrKeUhupvbskLI+Nj86uM3IuTtioHDgJojqh3hDpGhcK6
+bbER6a3b18pLzmW7EMnOtpv4BuLr1+VO3rf5lqZckHtQ79+OV1uuRiohnDAv7yro
+HXPO51J0YltfwpxtYMBX7Z57DUatL1f+AfgjIw8xQiciMZzgq/HxQfMmwA+8K+TN
+uJRLb9BQvTAL2xxfTaclN+VT4B1RI5xNRhhg8ftP2Pp59dUmP/Yv7XAI4uCi02v3
+uQYtDXXbImw0ZLZ7okEBsIXyxnDA+HrlMNmO5gxUcvSqFfslBB4ZEGNU2ga8Kx0y
+LUDtl7If0c2tMCXGnabOnH3fPc8epNVld7/ewjBxwfBe5Ad7U5HppATq/+EtHqYt
+BqzWvxnpGhWNIGa0zSDkxOUv+x1SBM0CK8cQjyx5n7Rohm7xywm84J39SeR0D/gU
+BJe+YQAAACC/ZUQcmHt3NzherewVjdAWFNpvFThiSOWfPN2+/I6d0QAAAYDAKshT
+dfq4C6KnhLlOTRRbO+D5IJDroXvRI1jPPgP0N5WE+HQiUvdrHt4/w3KBQg50qWPk
+wIh5b/K6uNtumkUw/GfVH4i5BatDmVqrRjZMtAwSVvBGbz2842ID7yKLNekCR+le
+URXoMbEmtijumE80mRHTD/udYTtQqE36HwQrpTa4LVEB5xHGKfnyCW3INN7sY7cP
+KiMVptJzI7mVqiDT0HNwdRhvUEmvb1EqDDip2gaBf0thm5RSDt+shcSm4uGGIlyV
+oE7Dw0IrjesoTpjSSzFGWAIAigl8JZaegmwrqlnSy6M9bB2fOWIzDB/Np8+xhQj+
+p9BVXjoWna7TU/Pub0uzAkQxkWHf9kOKN8p5OyS7sbG8IZT8bm72AngVeJnLA8Xd
+b8kag26yCiXAmUVkPZX3vVDSBmhNb/wU0W2C1feBIlv/kIOSpXk7gD+bcLTfyzlP
+ntgcGOORoJ6z+ToDLYG6Zwyr/W9kql4zdMt8ICn0UgDk8L/YIMi9WNxe6zQ=
diff --git a/nss/cmd/bltest/tests/dsa/pqg3 b/nss/cmd/bltest/tests/dsa/pqg3
new file mode 100644
index 0000000..1f92161
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg3
@@ -0,0 +1,6 @@
+AAAAgMuhPlM2N8N8DoDZ/NBSweQaiKwyXE6+E7cXAIjVTu9IgfPTXq5HwhA4WoSF
+0kI6ZNo//aY6Jvks9aME85JgOEqbd1nYrBrcgdP4v8XmyxDvtOD3WGf06EjRozhY
+bdBkj+6xY2R//nF2F0NwVA7oqPWI2ozBQ9k59wsRSn+YG4SDAAAAFJUDG4qnHynV
+Jbdz74t8ZwGtil2ZAAAAgEW8qkQ9TNFgLSeq+EEm7cc713Pebs4V6X5/70bxMHK3
+rcr3sAU89HBpRN+MRWjybJl+53UwAPvkd6N3ZqTpcP9AAI65ALneS1+a4G4G22EG
+54cR86Z/7KdN1b3c32da5AFO6UiaQpF/vuO7nyok32dRLBw1yXv78jCOqs0oNoxc
diff --git a/nss/cmd/bltest/tests/dsa/pqg4 b/nss/cmd/bltest/tests/dsa/pqg4
new file mode 100644
index 0000000..0446942
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg4
@@ -0,0 +1,6 @@
+AAAAgPJKSvxyx+Nzo8MJYjMv5UBcRZMJY5CUGMMHkqrxNd3qVh6U8kcmcWt1oYgo
+mC5M5Ewf3ct0ZIe2t3qaWhf4aKtQzWIbW8naRwiAsofXOYGQpCpe4i7Y0f8UfiAZ
+gQyCmO1o4cpp1B1VXySeZJ+xcl3bB1wXs3vv9Gf90WCSQzc/AAAAFNoGWgeN21bu
+XSrQbK+rIIINLEdVAAAAgEe1WRt5BD5OA8p4oOJ3yaIeKmtUO/TwRBBM2ayT7/jh
+AbtgMe/IxZbV0vkuOj0PH3RwLdVPd9PNRsBN7npd6fAK0xdpH93O/koiCiZRrK5/
+zt2pK/zKhV22cF6Nhk+Bkr9r+GDADwitZJPswYcuACjVyG1EUF21dCJRXDglpveK
diff --git a/nss/cmd/bltest/tests/dsa/pqg5 b/nss/cmd/bltest/tests/dsa/pqg5
new file mode 100644
index 0000000..6a091c5
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg5
@@ -0,0 +1,6 @@
+AAAAgIjZaOlgLsvabYb3yXCj/76x2pYvKMCvuScO8FvDMMqYw634PAcv6wX7Lik7
+UGW7sMvMkwwk2NB4ad6uzZKiYEwPXdNcW0Mf2moiLFLDViv3VxxxAgm+izuFiBh4
+hyX+gRK31ryC4P8cu/XW/pRpCvK1EOQa2CB9wsAvufpc76q1AAAAFKZlaJueW5zo
+L9FnYAbPTPZ+zFa3AAAAgCZ+KChXQXdSET+6P8pxVbXOiefIozwaKRIuK3IJZfwE
+JFJn/4f8Z6VzD+WzCAE6oyZpkPuzmBhah+BVtEOoaM4M4TrmruMwudJdO7s2JmXF
+iB2vDFqnXp1KgujwTJGprSlIIuM5eKsME/rcRYMfnTfaTvoPwsXrATcfqFt92x+C
diff --git a/nss/cmd/bltest/tests/dsa/pqg6 b/nss/cmd/bltest/tests/dsa/pqg6
new file mode 100644
index 0000000..e1220d7
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg6
@@ -0,0 +1,12 @@
+AAABAPLTntMGKxPJFic2AKDyoCnobXpLkhe08YFb8rJNlxClerM/mXKUsBRYW40B
+mN/cy811MU2l/4WqNEtFra6ql5tRoxKnv6lEcvtjPxpvFWu0RYhn39OEA/BrhR8A
+/i00hAd73tcat1E9BKFAIgV1+2kzlUgOTIQCt6Rs7C03p3jDBazNHxPp9i6GUxX0
+sizEZ8iYbsjklh3fgQVmsMTuNprGqhXkP0dEAFgm9b3oBxoZ4wtpCarEs9F0I3Jw
+2tAnmdCbiizF8i5miUtUIiKLLCNPEfWnccW4nPRloqzsu+6qFyX+j5tZQivomRBS
+y1Vt3yyM6PqSBtvzn+rcGU4A+OUAAAAcgAAAAAAAAADBGPSYNeTvczxNFYAPzwWe
+iE0xsQAAAQDjqTwJ2m9WDk1IOjgqTFRvIzXDakw1rBRjwIo+bdQV31b9xTfyX9U3
+K+Y+T1MAeAt4LxrNAci06zNBRhX9Dqglc6y6fvg/WpQ4VBUa/C19/hIfuM0DM1sG
+W1ScXcxga+kFJIO8KE4SrDyNugm0JuCEAgMOcLwcwr+JV8S6BjDz8yrWiTiaxHRD
+F2Bj8kfZ4ilrPqW1vCM1go6hoIDtNZGN7iEv0DEnnRuJTwGv7FI4M2aerAMaQg5U
+C6EyClnEJKPlhJpGCla8sAFkeIWxQzxPmSlxdGv+KXfOclnFULVRpsNXYeSkGvdk
+6NkhMvzApZ0WhOq5DYY/KfQc91ePqpCM
diff --git a/nss/cmd/bltest/tests/dsa/pqg7 b/nss/cmd/bltest/tests/dsa/pqg7
new file mode 100644
index 0000000..f65cc5c
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg7
@@ -0,0 +1,12 @@
+AAABAKqBXJ2xxNPSdzx9DU0dp17PxKOel9X6GR/+yLFJCikM4zXlzofqYgqKF94L
+tkcU4uyEC/AObr20/7TjJMoHw8hxcwmvFBA2Kncsmt2DiysMrh6Qq0SK2r2s0uXf
+WcQYejKiNxnWxX6UAIhTg7+PBm8juUGSDVTDW098xQRPO0DxcEaVYwe3SOhAcyhE
+0Aqc5uxXFCk7YmUUfxXGf0vjiwgrVf3q22EkaJ+3b50lzCi46qmLVi1cEBHg3Pmz
+mSMkDTMtidyWA7e93QxwuDyqKQVjGxyDyruubAwMLv6PWBMe2DUb+T6HX2pzqTy6
+1HAUGiaH+6zy1xyN3ulxrWYHKa0AAAAc6jR+kL58KHXR/h22IrR2ODfF4npgNzED
+SMGqEQAAAQAgQglMy8i4cj/JKMEv2mcbgylemcdDV29EUEvhGGMjMZtQAtJPFz35
+CeokHW6lKJkE7kY2IEsvvpSwaP4JP3liV5VJVR068hmtjtGZOe/4a87INN4vL3hZ
+bonny1LFJOF3CYpWwjLrH1Y6qEvGsCbe7m/1HLRB4IDy2vrqHO2GQn0cNGvlXGaA
+PUt20TPNRFtMNIL6QVAjRjyb8w8veEIj4mBX06oNf7tmBjDFLknUoDJcc4ngcqo0
+nxPJZuFZdS+7cekzaJD5MkP6bnLSmTZe5bP+Jm6/ERBWj+5EJchHtQIQvUhLl0Ma
+QoVq3KPn0anJxnXH4maRgyDdWnikjEip
diff --git a/nss/cmd/bltest/tests/dsa/pqg8 b/nss/cmd/bltest/tests/dsa/pqg8
new file mode 100644
index 0000000..93b5700
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg8
@@ -0,0 +1,12 @@
+AAABAKTH6qtCxMc7dXdwkWSJ8XzVByXNCkvE4c9n92O4wd4tbauYVrqvsAjzZbGK
+QuFNxR81C4jsoCCcWqT9caepbHZfWQHCHnIFcNeDe+x8dtLkk0RzHKOUBdCoebng
+3NGoEl/RMOweeD5lS5TjAC5rYp6QSrOHeGdyDL1UtCcKnhXNAox8x5bwbCcqZglR
+ko/b6y3KBhtB6TIlcwV0L/FuL0KRkdXl8abd9ueMXXciz/gKnAvVyNeuuowEQ4mS
+sHXjB8FTTEmtOA9Hf195h9wXLBYdyjjcrz+zhGxyyRGaUpmtx0iVGz3ODQDUqQE4
+ALIAggO3JGW8aoSuBZowxFIt6lcAAAAczon+MyuOTrPR6N3OpdFjpbwTtj8WmTdV
+QnrvQwAAAQCMRl7fWhgHMCkeCA38U4U5elAGRQ26Lv4BKSZPvYl7tVecoOqxmqJ4
+IgQkcktPKm9u5jKEMqv2YTgGRglyM1BTOcVRnTV9cRK27sk4uF1ap1zC44CS8KUw
+rLVOUP6CxNVi+w8wNrgLMDNAI+u+ZjegAQsAx9uGNxFoVjZx4eDwKK7b1F0tVyYh
+pgmYKgc+Uaridwevvu8p4uzuhNem1do4K+OjX0K2xmhJICqxnQJbhp0Id2R20auY
+FHWtKtLz5v0H4waW2QpiaBbfYNbKev17SC+UL4O0XMgpM3Mfh/ruMgkA8qo+cLGG
+fhQw5AvmfAf5KQKZ7wZ7iySnUVs/mSwH
diff --git a/nss/cmd/bltest/tests/dsa/pqg9 b/nss/cmd/bltest/tests/dsa/pqg9
new file mode 100644
index 0000000..8cec6fa
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/pqg9
@@ -0,0 +1,12 @@
+AAABAKa7UzPONDwxybLIeKuR7vL96jXG2w5xZ2K/wNQ22HUG6GWk0sjPu9Ymzov+
+ZFY8pWhs2M8IFJDwJEWyiQh5gklftpl2sQJC1tUPwjtNvbC+94MF2aTQXZ6uZdh6
+iT6vOX4E45uqhaJsj/ve8SMyh7X1tu9qkPJ6aUgaky7kexjV0n6xB/+wUCXmRuiH
+a1y1Z/7B3TWDXUIIIZhTH6++WuKAxXWh+w5i6bPKN+GXrZbZ3eHzPyzsfSferiYc
+g+6OIAKvfrboL2oUeWrwN1d6EDK7xwkSnKq9it34cK4tBZXI/bNxVXSPDeo0tE1P
+gu1YwvWxuEgWYqxTRzxpNBAIL70AAAAcjD7lvZoqrwaL1YRb1V7PJ0FwVTB1d7vD
+dw7GiwAAAQBDtaa20LuWLsl2ajd8MsxBJPExEYjC7PlcDNSk+glyJbdhjLEnbEdF
+eNO/VkwUUZnAkqGxS6qSnC8/DzbgwtrpHroIvjCZKoifKVLgRCw3r0hKTs3DJDzP
+y540E89c3WYwsJ/hfvv94U2HJUkwGbe3PR94K0jvML7DbgDgK6M20iVPwgKmlhLN
+lEb5HXa3Of+m2LhgUvjcXxFFgBxWJBr1upA3JBvYnmM4tY4BMQZxwmjrXjOstX0f
+mfFkQKZ1gn1AF3VNYBoXraL77fkEVUqQsBUw2oyTzRTOKTyyvT55N+k0t54xD+TY
+DBP5L2M4E1W9gKGr7hpz/fttok7ygAKj
diff --git a/nss/cmd/bltest/tests/dsa/sigseed0 b/nss/cmd/bltest/tests/dsa/sigseed0
new file mode 100644
index 0000000..05d7fd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed0
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed1 b/nss/cmd/bltest/tests/dsa/sigseed1
new file mode 100644
index 0000000..83a7ecf
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed1
@@ -0,0 +1 @@
+mMvMSWnYReJGG19mOD3VA3ErvPo=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed10 b/nss/cmd/bltest/tests/dsa/sigseed10
new file mode 100644
index 0000000..7ddd4ea
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed10
@@ -0,0 +1 @@
+nO2J6lBQmCIigw7+8m5zlPWrfYN9RUmWLShfrg==
diff --git a/nss/cmd/bltest/tests/dsa/sigseed11 b/nss/cmd/bltest/tests/dsa/sigseed11
new file mode 100644
index 0000000..a12adcb
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed11
@@ -0,0 +1 @@
+LLnB1hfhJ6R3DQqUb7lHxRAO0MpZRU6oBHn2iF7BBTQ=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed12 b/nss/cmd/bltest/tests/dsa/sigseed12
new file mode 100644
index 0000000..d51eaf3
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed12
@@ -0,0 +1 @@
+RQMLeaOVsWMnAMuv/q2XmY0CvtjgZWh2/AF05L25b3k=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed13 b/nss/cmd/bltest/tests/dsa/sigseed13
new file mode 100644
index 0000000..77c773a
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed13
@@ -0,0 +1 @@
+EXpSnj/fx5hDpaTAdTkDa4ZSFOAUtJKMKjH0e/YqT9s=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed14 b/nss/cmd/bltest/tests/dsa/sigseed14
new file mode 100644
index 0000000..8178d4b
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed14
@@ -0,0 +1 @@
+I2gDehx2R8aD1+MBrHm3/uvHNu/+OrFkS2gwi0soYg0=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed15 b/nss/cmd/bltest/tests/dsa/sigseed15
new file mode 100644
index 0000000..8bfb678
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed15
@@ -0,0 +1 @@
+X+Ya/dvfBESbJClaUqGgN9PzFEGjzsE4t/AQLbhu8TI=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed16 b/nss/cmd/bltest/tests/dsa/sigseed16
new file mode 100644
index 0000000..06c4c1b
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed16
@@ -0,0 +1 @@
+QPUDq9cP1Jp2xnqD4IsGKz/UZa2SvkM8CA5fKVu59Vk=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed17 b/nss/cmd/bltest/tests/dsa/sigseed17
new file mode 100644
index 0000000..43148bf
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed17
@@ -0,0 +1 @@
+KeTXeQ4YG0dnkD/g6zd1fzPxMzfDNYjB/b+6DmVatiE=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed18 b/nss/cmd/bltest/tests/dsa/sigseed18
new file mode 100644
index 0000000..370f857
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed18
@@ -0,0 +1 @@
+PXwGijl4stj+kDS8rWWtfDAMREDkCF3igOV37qcsEgc=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed19 b/nss/cmd/bltest/tests/dsa/sigseed19
new file mode 100644
index 0000000..edb0bf8
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed19
@@ -0,0 +1 @@
+QLXMaFw9H1kHIiivlVFoO1uMj/ZSQBFK0trPzPOSgFc=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed2 b/nss/cmd/bltest/tests/dsa/sigseed2
new file mode 100644
index 0000000..814709f
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed2
@@ -0,0 +1 @@
+jLNdJVUFpMQUIeVi0QgnJmqmhmM=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed20 b/nss/cmd/bltest/tests/dsa/sigseed20
new file mode 100644
index 0000000..de625fd
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed20
@@ -0,0 +1 @@
+tZkRG594QCzv573ov1U7bKANWrr5oViqQvJge/eFELw=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed3 b/nss/cmd/bltest/tests/dsa/sigseed3
new file mode 100644
index 0000000..d2c7339
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed3
@@ -0,0 +1 @@
+hZdsVhCnSVlTEEClUSs0fqxYfkg=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed4 b/nss/cmd/bltest/tests/dsa/sigseed4
new file mode 100644
index 0000000..036d29a
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed4
@@ -0,0 +1 @@
+M8e6iP9pcHlxslrDRK5KVm4ZX5k=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed5 b/nss/cmd/bltest/tests/dsa/sigseed5
new file mode 100644
index 0000000..7d80d66
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed5
@@ -0,0 +1 @@
+LxcJB6xpcmsU8iBW3LN7TfhfdCQ=
diff --git a/nss/cmd/bltest/tests/dsa/sigseed6 b/nss/cmd/bltest/tests/dsa/sigseed6
new file mode 100644
index 0000000..2f8d8df
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed6
@@ -0,0 +1 @@
+cZc5LTLQr2pxg8wzmFVvj2h9hqj/dCvmrThWLw==
diff --git a/nss/cmd/bltest/tests/dsa/sigseed7 b/nss/cmd/bltest/tests/dsa/sigseed7
new file mode 100644
index 0000000..eda9323
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed7
@@ -0,0 +1 @@
+N/rdQZ/L0rBzoGrpa57Otj4prumsX6K9sxq4XQ==
diff --git a/nss/cmd/bltest/tests/dsa/sigseed8 b/nss/cmd/bltest/tests/dsa/sigseed8
new file mode 100644
index 0000000..03997e0
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed8
@@ -0,0 +1 @@
+bzJlRqoXSz0xnvczHsjf02PdeK5YOpIBZf9+VA==
diff --git a/nss/cmd/bltest/tests/dsa/sigseed9 b/nss/cmd/bltest/tests/dsa/sigseed9
new file mode 100644
index 0000000..0ce4ead
--- /dev/null
+++ b/nss/cmd/bltest/tests/dsa/sigseed9
@@ -0,0 +1 @@
+fg8c4h0YWuZcCgA5VWfqnPIXRitYucicTl/5zw==
diff --git a/nss/cmd/bltest/tests/ecdsa/README b/nss/cmd/bltest/tests/ecdsa/README
new file mode 100644
index 0000000..0a6ece6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/README
@@ -0,0 +1,4 @@
+0 nistp256
+1 nistp384
+# the following tests are not yet implemented
+2 nistp521
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext0 b/nss/cmd/bltest/tests/ecdsa/ciphertext0
new file mode 100644
index 0000000..14d8e0e
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext0
@@ -0,0 +1 @@
+GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg==
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext1 b/nss/cmd/bltest/tests/ecdsa/ciphertext1
new file mode 100644
index 0000000..4484aae
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext1
@@ -0,0 +1 @@
+PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ==
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext10 b/nss/cmd/bltest/tests/ecdsa/ciphertext10
new file mode 100644
index 0000000..a956d53
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext10
@@ -0,0 +1,2 @@
+AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1
+nWpHF7VcyCVzJeV6
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext11 b/nss/cmd/bltest/tests/ecdsa/ciphertext11
new file mode 100644
index 0000000..8cc2c26
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext11
@@ -0,0 +1,2 @@
+AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG
+JOsY/MHnGhDeAGRl
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext12 b/nss/cmd/bltest/tests/ecdsa/ciphertext12
new file mode 100644
index 0000000..5a05a78
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext12
@@ -0,0 +1,2 @@
+aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+
+DpDaGnOLkfAyZ8GcuaCujg==
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext13 b/nss/cmd/bltest/tests/ecdsa/ciphertext13
new file mode 100644
index 0000000..690c00a
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext13
@@ -0,0 +1,2 @@
+AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz
+jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext14 b/nss/cmd/bltest/tests/ecdsa/ciphertext14
new file mode 100644
index 0000000..fe527c6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext14
@@ -0,0 +1,2 @@
+AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC
+PSDJasPT90T5Va8sNtjXtSpHWxc2roV9
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext15 b/nss/cmd/bltest/tests/ecdsa/ciphertext15
new file mode 100644
index 0000000..d109094
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext15
@@ -0,0 +1,2 @@
+NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp
+dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext16 b/nss/cmd/bltest/tests/ecdsa/ciphertext16
new file mode 100644
index 0000000..d5fe144
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext16
@@ -0,0 +1,3 @@
+ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH
+dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I
+nBLCHIppt/Q=
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext17 b/nss/cmd/bltest/tests/ecdsa/ciphertext17
new file mode 100644
index 0000000..486bf66
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext17
@@ -0,0 +1,3 @@
+AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj
+qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds
+Dme40b2G6fE=
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext18 b/nss/cmd/bltest/tests/ecdsa/ciphertext18
new file mode 100644
index 0000000..7eeef38
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext18
@@ -0,0 +1,3 @@
+AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE
+RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA
+3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext19 b/nss/cmd/bltest/tests/ecdsa/ciphertext19
new file mode 100644
index 0000000..ef8e5f3
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext19
@@ -0,0 +1,3 @@
+AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf
+i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O
+uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext2 b/nss/cmd/bltest/tests/ecdsa/ciphertext2
new file mode 100644
index 0000000..a3837a4
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext2
@@ -0,0 +1 @@
+Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg==
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext20 b/nss/cmd/bltest/tests/ecdsa/ciphertext20
new file mode 100644
index 0000000..67c9924
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext20
@@ -0,0 +1,3 @@
+ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot
+70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k
+n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext3 b/nss/cmd/bltest/tests/ecdsa/ciphertext3
new file mode 100644
index 0000000..e9a4808
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext3
@@ -0,0 +1 @@
+AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext4 b/nss/cmd/bltest/tests/ecdsa/ciphertext4
new file mode 100644
index 0000000..57ce239
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext4
@@ -0,0 +1 @@
+AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext5 b/nss/cmd/bltest/tests/ecdsa/ciphertext5
new file mode 100644
index 0000000..e476c80
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext5
@@ -0,0 +1 @@
+AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext6 b/nss/cmd/bltest/tests/ecdsa/ciphertext6
new file mode 100644
index 0000000..bdea717
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext6
@@ -0,0 +1 @@
+5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext7 b/nss/cmd/bltest/tests/ecdsa/ciphertext7
new file mode 100644
index 0000000..3273fd9
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext7
@@ -0,0 +1 @@
+WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext8 b/nss/cmd/bltest/tests/ecdsa/ciphertext8
new file mode 100644
index 0000000..636392e
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext8
@@ -0,0 +1,2 @@
+ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ
+LPDBU0i2uOg=
diff --git a/nss/cmd/bltest/tests/ecdsa/ciphertext9 b/nss/cmd/bltest/tests/ecdsa/ciphertext9
new file mode 100644
index 0000000..0c43fa3
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/ciphertext9
@@ -0,0 +1,2 @@
+QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1
+TIRGjkV2L+A=
diff --git a/nss/cmd/bltest/tests/ecdsa/key0 b/nss/cmd/bltest/tests/ecdsa/key0
new file mode 100644
index 0000000..491fdba
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key0
@@ -0,0 +1,3 @@
+AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
+NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
+7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/key1 b/nss/cmd/bltest/tests/ecdsa/key1
new file mode 100644
index 0000000..a062f1f
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key1
@@ -0,0 +1,4 @@
+AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
+r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
+q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
+yALMCiXJqRVXwbq42WMuaELMW+g=
diff --git a/nss/cmd/bltest/tests/ecdsa/key10 b/nss/cmd/bltest/tests/ecdsa/key10
new file mode 100644
index 0000000..3e33417
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key10
@@ -0,0 +1,3 @@
+AAAABwYFK4EEABoAAAA9BACmzalMQJBOWV2FoyV0tXSpT07Xajq4bB1SUwSY7QGn
+dgGC3GBqjPs9vEpqfMMQ2M9k3+5oubWnexNFhQAAAB4BRha/6sE7VSHl92ZqCj5p
+LYtBpK23jzfdVWO8SAY=
diff --git a/nss/cmd/bltest/tests/ecdsa/key11 b/nss/cmd/bltest/tests/ecdsa/key11
new file mode 100644
index 0000000..6111d52
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key11
@@ -0,0 +1,3 @@
+AAAABwYFK4EEABsAAAA9BAD2/x9HSYYVEQ9AU4MivlIKPypJjsm0sTrp8BftlQGv
+KaYrKpZCg/CEw3C2kqvke7HAu+10hafK9asRxQAAAB4AXyFCurtsXhahkyJpkb5J
+LUg3xVL00vviR0KyFZY=
diff --git a/nss/cmd/bltest/tests/ecdsa/key12 b/nss/cmd/bltest/tests/ecdsa/key12
new file mode 100644
index 0000000..491fdba
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key12
@@ -0,0 +1,3 @@
+AAAACgYIKoZIzj0DAQcAAABBBNGB7n4kH15tKA/SMpetaQVqg6WxIuuUuMQT2tDX
+NN5jKZfaxD47NsTjTr3x3D5t1qRBYuL6VtdgIuxBIHGG9dcAAAAgaGjyZBL+LN3a
+7NkGiHJBfqh7XKNH0AnPF3vFWpostIQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/key13 b/nss/cmd/bltest/tests/ecdsa/key13
new file mode 100644
index 0000000..fc8057a
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key13
@@ -0,0 +1,3 @@
+AAAABwYFK4EEABAAAABJBAT3klWkt7+1Pr6QGEcvEIZplopwt1alrsJUThDOxvUF
+7KvBpQLVjB+DQTwYQnEREb/WFyRgUBuIbII0+zd/g0fLHE4PQ8SNlAAAACQFPsMX
+mqSVRreUVasUOIZQFB2jnpwCUyoq+xa9SRril5LeOCY=
diff --git a/nss/cmd/bltest/tests/ecdsa/key14 b/nss/cmd/bltest/tests/ecdsa/key14
new file mode 100644
index 0000000..2e15823
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key14
@@ -0,0 +1,3 @@
+AAAABwYFK4EEABEAAABJBAf/ei/XCrFrMZLBp5BFkKZ3Odn+ZJu7QIAK32Ubuxmi
+xgWTewf2vv+KY5kHwsBYuBXmmnKe9Ak9zGP4Lykvgk5n5J6iUz5ycQAAACQAQHXa
+d29OqGxoDNCl9xETW3tAL/2hfZzstNuOPLm5kj4j1Dc=
diff --git a/nss/cmd/bltest/tests/ecdsa/key15 b/nss/cmd/bltest/tests/ecdsa/key15
new file mode 100644
index 0000000..a062f1f
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key15
@@ -0,0 +1,4 @@
+AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
+r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
+q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
+yALMCiXJqRVXwbq42WMuaELMW+g=
diff --git a/nss/cmd/bltest/tests/ecdsa/key16 b/nss/cmd/bltest/tests/ecdsa/key16
new file mode 100644
index 0000000..d2694ae
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key16
@@ -0,0 +1,4 @@
+AAAABwYFK4EEACQAAABpBADkgknFgTPuirxQxFlqIK+vcARWzlpJR+qmyRyQsBiz
+Nh6Ws036xUKY9M8LxMIWXFNM6aIA2wxKsBF+HHD6oy27EAJSJOGbke/9F9Kv5AiW
+2RXA4mllUaxCNsuQ36PqUdqv4FeXxWTpAAAANAHTZloqhR0V4bfyaeo2hojcvY3T
+NO04ewNryBpsHZ0bhID0EfewYuwQmX00GYNfuV3mJ2w=
diff --git a/nss/cmd/bltest/tests/ecdsa/key17 b/nss/cmd/bltest/tests/ecdsa/key17
new file mode 100644
index 0000000..30be057
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key17
@@ -0,0 +1,4 @@
+AAAABwYFK4EEACUAAABpBAAEE/bAmqCjO3FLvN93Q/UjDyDp2sj+F//buuf1hZ0K
+1rSOGXMLcBrqVa8R6UJ57F9/Yc0BCTylpJMXjfCr4eDczG4WOQk+5x8kpKQs5Q9U
+V3IolHDiQY/Nhn7o4UFn5/mF71T3qUqwAAAANAH/o7jEl9Bw+Arj9uQ7ZHkoPGgx
+t92UJg1r/lxa7UUd66iJfRI8n8yQH/sw56D1+CweeII=
diff --git a/nss/cmd/bltest/tests/ecdsa/key18 b/nss/cmd/bltest/tests/ecdsa/key18
new file mode 100644
index 0000000..bbdcb13
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key18
@@ -0,0 +1,5 @@
+AAAABwYFK4EEACYAAACRBAffZTrfwIl0dciO2fui3UhZw6r+jnFh7gyER92gXL7+
+LzPgTHagd1vdQiIX4K8Dv76KN0BldiFuX5odP7qC26MUaiURDdWT0AWcPmumSSBH
+NXZYLLx5hQjW3BTNwV7v5bmUjezfgtuOCC30dQGs2GMgExAmiWRjTkiPrHg1SFKF
+3RklauOyMWauaVpEzh3c+wAAAEgAZvLs4/Rx7tS+QGH92fGGIxPWPbVYOpDKwabY
+poV2i1BD5Fxvw+eHlvxVOLmRPqRCPTfOLwAeNbHyt17U/BVZ8+svTChlzuA=
diff --git a/nss/cmd/bltest/tests/ecdsa/key19 b/nss/cmd/bltest/tests/ecdsa/key19
new file mode 100644
index 0000000..31b4071
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key19
@@ -0,0 +1,5 @@
+AAAABwYFK4EEACcAAACRBASpPvOfQVqiMD+cBL/nulFit5pk/5beJ6/KpeIltg4s
+6/s7PPggJA59BP7RJwak6rgY3PsRqXVPjyM/1UkUfRUR2BJgOfNTkQe9WF7Y5zXy
+TM76cWhOP+sLSoUcscy/HTLCpHqRLLvWZPDzgjrfJqSlydMEDZjWsJRVPk9IfeQ/
+amGiWOhJIQd/bSrAazZn6AAAAEgFz1qZzjHuhuP1boJ7gzndJhQslx1efbESxHSc
+wbOpeBpw2MsCAwjtgo3Y8pviFIC8+5MStkFjE8uHQ0ngXc02wm3G0xj8XGQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/key2 b/nss/cmd/bltest/tests/ecdsa/key2
new file mode 100644
index 0000000..c4da348
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key2
@@ -0,0 +1,5 @@
+AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
+jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
+nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
+MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
+DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
diff --git a/nss/cmd/bltest/tests/ecdsa/key20 b/nss/cmd/bltest/tests/ecdsa/key20
new file mode 100644
index 0000000..c4da348
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key20
@@ -0,0 +1,5 @@
+AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
+jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
+nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
+MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
+DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
diff --git a/nss/cmd/bltest/tests/ecdsa/key3 b/nss/cmd/bltest/tests/ecdsa/key3
new file mode 100644
index 0000000..689e06b
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key3
@@ -0,0 +1,2 @@
+AAAABwYFK4EEAAEAAAArBAe4qW9DTVGRVIYYznwJZbn8mWXLugA2A+Mv112Bu+y7
+gxI8E4/fEdLTsQAAABUGEQDNcbxi0JhwALA8FCCxvmWYM3E=
diff --git a/nss/cmd/bltest/tests/ecdsa/key4 b/nss/cmd/bltest/tests/ecdsa/key4
new file mode 100644
index 0000000..90ecb72
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key4
@@ -0,0 +1,2 @@
+AAAABwYFK4EEAAIAAAArBAXw45Pc59l1QWmAB1W6M30lyFzQmAH/0FIFKYgEOYIa
+dnEXMwKNwaRdsQAAABUCErj052f+Rth5OxAm376LOAQyvBY=
diff --git a/nss/cmd/bltest/tests/ecdsa/key5 b/nss/cmd/bltest/tests/ecdsa/key5
new file mode 100644
index 0000000..b9d221f
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key5
@@ -0,0 +1,2 @@
+AAAABwYFK4EEAA8AAAArBAFhm71N2wsUOYCwDNr/6rFvNX1okAbki1SNlHq2TQDO
+Bktd1M0jlApWVQAAABUCILsraWg3Qi5nBsXQ1pGmZk0YuSA=
diff --git a/nss/cmd/bltest/tests/ecdsa/key6 b/nss/cmd/bltest/tests/ecdsa/key6
new file mode 100644
index 0000000..92fb463
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key6
@@ -0,0 +1,2 @@
+AAAABwYFK4EEAB8AAAAxBHOYACoc9XsLk5n8NZZKV2U9CDoMj/VRDvqbf+myloR7
+uBfVNm+uVN33Sa65phAfXQAAABitxs6KZtkqU4tglcdQ1Rmk2U74vjYP0JM=
diff --git a/nss/cmd/bltest/tests/ecdsa/key7 b/nss/cmd/bltest/tests/ecdsa/key7
new file mode 100644
index 0000000..83fced1
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key7
@@ -0,0 +1,2 @@
+AAAACgYIKoZIzj0DAQEAAAAxBOyOI+rIs3x+jsChxQqSVblnoZGqhIM1WX0FMfw+
+D8Dz6Y25iPcAQFpIAWh29FxnrgAAABh+uEQYXwMB783sULxE6PEd1t/MNZ9HSHI=
diff --git a/nss/cmd/bltest/tests/ecdsa/key8 b/nss/cmd/bltest/tests/ecdsa/key8
new file mode 100644
index 0000000..cc7c610
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key8
@@ -0,0 +1,3 @@
+AAAABwYFK4EEACAAAAA5BKQnZoj4VtlPqrJ5dekM4haG+7PjfgO4wNNIqD7JnrKI
+gTUd+oUQ41d517xCObyBaHNzdVPty9DvAAAAHIrG9+FE+OJV5UV2l/op7PCDPI4G
+qkpgzPIwe7U=
diff --git a/nss/cmd/bltest/tests/ecdsa/key9 b/nss/cmd/bltest/tests/ecdsa/key9
new file mode 100644
index 0000000..ab8f43b
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/key9
@@ -0,0 +1,3 @@
+AAAABwYFK4EEACEAAAA5BGCNDWldzQCbI83PMR96tqR6JnIUpvfIO8l6hIf/QfMc
+rx2BbrSLoy6EJmP++Jyw5yNyaoVaNYl6AAAAHDnjgcUSIshTSLuejnSsvtvU363b
+1NJv4ULUbIs=
diff --git a/nss/cmd/bltest/tests/ecdsa/numtests b/nss/cmd/bltest/tests/ecdsa/numtests
new file mode 100644
index 0000000..aabe6ec
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/numtests
@@ -0,0 +1 @@
+21
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext0 b/nss/cmd/bltest/tests/ecdsa/plaintext0
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext0
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext1 b/nss/cmd/bltest/tests/ecdsa/plaintext1
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext1
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext10 b/nss/cmd/bltest/tests/ecdsa/plaintext10
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext10
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext11 b/nss/cmd/bltest/tests/ecdsa/plaintext11
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext11
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext12 b/nss/cmd/bltest/tests/ecdsa/plaintext12
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext12
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext13 b/nss/cmd/bltest/tests/ecdsa/plaintext13
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext13
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext14 b/nss/cmd/bltest/tests/ecdsa/plaintext14
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext14
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext15 b/nss/cmd/bltest/tests/ecdsa/plaintext15
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext15
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext16 b/nss/cmd/bltest/tests/ecdsa/plaintext16
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext16
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext17 b/nss/cmd/bltest/tests/ecdsa/plaintext17
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext17
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext18 b/nss/cmd/bltest/tests/ecdsa/plaintext18
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext18
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext19 b/nss/cmd/bltest/tests/ecdsa/plaintext19
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext19
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext2 b/nss/cmd/bltest/tests/ecdsa/plaintext2
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext2
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext20 b/nss/cmd/bltest/tests/ecdsa/plaintext20
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext20
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext3 b/nss/cmd/bltest/tests/ecdsa/plaintext3
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext3
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext4 b/nss/cmd/bltest/tests/ecdsa/plaintext4
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext4
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext5 b/nss/cmd/bltest/tests/ecdsa/plaintext5
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext5
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext6 b/nss/cmd/bltest/tests/ecdsa/plaintext6
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext6
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext7 b/nss/cmd/bltest/tests/ecdsa/plaintext7
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext7
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext8 b/nss/cmd/bltest/tests/ecdsa/plaintext8
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext8
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/plaintext9 b/nss/cmd/bltest/tests/ecdsa/plaintext9
new file mode 100644
index 0000000..48fbdb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/plaintext9
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed0 b/nss/cmd/bltest/tests/ecdsa/sigseed0
new file mode 100644
index 0000000..05d7fd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed0
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed1 b/nss/cmd/bltest/tests/ecdsa/sigseed1
new file mode 100644
index 0000000..05d7fd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed1
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed10 b/nss/cmd/bltest/tests/ecdsa/sigseed10
new file mode 100644
index 0000000..6983e5f
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed10
@@ -0,0 +1 @@
+fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed11 b/nss/cmd/bltest/tests/ecdsa/sigseed11
new file mode 100644
index 0000000..6983e5f
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed11
@@ -0,0 +1 @@
+fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed12 b/nss/cmd/bltest/tests/ecdsa/sigseed12
new file mode 100644
index 0000000..92aa40c
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed12
@@ -0,0 +1 @@
+/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed13 b/nss/cmd/bltest/tests/ecdsa/sigseed13
new file mode 100644
index 0000000..4ac0765
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed13
@@ -0,0 +1 @@
+ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed14 b/nss/cmd/bltest/tests/ecdsa/sigseed14
new file mode 100644
index 0000000..4ac0765
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed14
@@ -0,0 +1 @@
+ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed15 b/nss/cmd/bltest/tests/ecdsa/sigseed15
new file mode 100644
index 0000000..0975230
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed15
@@ -0,0 +1 @@
+/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed16 b/nss/cmd/bltest/tests/ecdsa/sigseed16
new file mode 100644
index 0000000..36fbf09
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed16
@@ -0,0 +1 @@
+fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed17 b/nss/cmd/bltest/tests/ecdsa/sigseed17
new file mode 100644
index 0000000..36fbf09
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed17
@@ -0,0 +1 @@
+fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed18 b/nss/cmd/bltest/tests/ecdsa/sigseed18
new file mode 100644
index 0000000..7be8ce6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed18
@@ -0,0 +1,2 @@
+PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
+MTQxNTE2MTcxODE5MWExYjE=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed19 b/nss/cmd/bltest/tests/ecdsa/sigseed19
new file mode 100644
index 0000000..7be8ce6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed19
@@ -0,0 +1,2 @@
+PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
+MTQxNTE2MTcxODE5MWExYjE=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed2 b/nss/cmd/bltest/tests/ecdsa/sigseed2
new file mode 100644
index 0000000..05d7fd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed2
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed20 b/nss/cmd/bltest/tests/ecdsa/sigseed20
new file mode 100644
index 0000000..f0dddb6
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed20
@@ -0,0 +1,2 @@
+/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
+MTQxNTE2MTcxODE=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed3 b/nss/cmd/bltest/tests/ecdsa/sigseed3
new file mode 100644
index 0000000..05d7fd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed3
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed4 b/nss/cmd/bltest/tests/ecdsa/sigseed4
new file mode 100644
index 0000000..05d7fd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed4
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed5 b/nss/cmd/bltest/tests/ecdsa/sigseed5
new file mode 100644
index 0000000..05d7fd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed5
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed6 b/nss/cmd/bltest/tests/ecdsa/sigseed6
new file mode 100644
index 0000000..a068719
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed6
@@ -0,0 +1 @@
+/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed7 b/nss/cmd/bltest/tests/ecdsa/sigseed7
new file mode 100644
index 0000000..a068719
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed7
@@ -0,0 +1 @@
+/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed8 b/nss/cmd/bltest/tests/ecdsa/sigseed8
new file mode 100644
index 0000000..01ae265
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed8
@@ -0,0 +1 @@
+/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
diff --git a/nss/cmd/bltest/tests/ecdsa/sigseed9 b/nss/cmd/bltest/tests/ecdsa/sigseed9
new file mode 100644
index 0000000..01ae265
--- /dev/null
+++ b/nss/cmd/bltest/tests/ecdsa/sigseed9
@@ -0,0 +1 @@
+/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
diff --git a/nss/cmd/bltest/tests/md2/ciphertext0 b/nss/cmd/bltest/tests/md2/ciphertext0
new file mode 100644
index 0000000..22e1fc4
--- /dev/null
+++ b/nss/cmd/bltest/tests/md2/ciphertext0
@@ -0,0 +1 @@
+CS/UNcrWhB5Knt7Gf8Tz3Q==
diff --git a/nss/cmd/bltest/tests/md2/numtests b/nss/cmd/bltest/tests/md2/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/md2/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/md2/plaintext0 b/nss/cmd/bltest/tests/md2/plaintext0
new file mode 100644
index 0000000..dce2994
--- /dev/null
+++ b/nss/cmd/bltest/tests/md2/plaintext0
@@ -0,0 +1 @@
+16-bytes to MD2.
diff --git a/nss/cmd/bltest/tests/md5/ciphertext0 b/nss/cmd/bltest/tests/md5/ciphertext0
new file mode 100644
index 0000000..ea11ee5
--- /dev/null
+++ b/nss/cmd/bltest/tests/md5/ciphertext0
@@ -0,0 +1 @@
+XN8lnQuWAiMqmSGfvd8Hdw==
diff --git a/nss/cmd/bltest/tests/md5/numtests b/nss/cmd/bltest/tests/md5/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/md5/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/md5/plaintext0 b/nss/cmd/bltest/tests/md5/plaintext0
new file mode 100644
index 0000000..5ae3875
--- /dev/null
+++ b/nss/cmd/bltest/tests/md5/plaintext0
@@ -0,0 +1 @@
+63-byte input to MD5 can be a bit tricky, but no problems here.
diff --git a/nss/cmd/bltest/tests/rc2_cbc/ciphertext0 b/nss/cmd/bltest/tests/rc2_cbc/ciphertext0
new file mode 100644
index 0000000..d964ef8
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_cbc/ciphertext0
@@ -0,0 +1 @@
+3ki6eVsWpY8=
diff --git a/nss/cmd/bltest/tests/rc2_cbc/iv0 b/nss/cmd/bltest/tests/rc2_cbc/iv0
new file mode 100644
index 0000000..97b5955
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_cbc/iv0
@@ -0,0 +1 @@
+12345678
diff --git a/nss/cmd/bltest/tests/rc2_cbc/key0 b/nss/cmd/bltest/tests/rc2_cbc/key0
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_cbc/key0
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/rc2_cbc/numtests b/nss/cmd/bltest/tests/rc2_cbc/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_cbc/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/rc2_cbc/plaintext0 b/nss/cmd/bltest/tests/rc2_cbc/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/rc2_ecb/ciphertext0 b/nss/cmd/bltest/tests/rc2_ecb/ciphertext0
new file mode 100644
index 0000000..337d307
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_ecb/ciphertext0
@@ -0,0 +1 @@
+WT+tc4fANhQ=
diff --git a/nss/cmd/bltest/tests/rc2_ecb/key0 b/nss/cmd/bltest/tests/rc2_ecb/key0
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_ecb/key0
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/rc2_ecb/numtests b/nss/cmd/bltest/tests/rc2_ecb/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_ecb/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/rc2_ecb/plaintext0 b/nss/cmd/bltest/tests/rc2_ecb/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc2_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/rc4/ciphertext0 b/nss/cmd/bltest/tests/rc4/ciphertext0
new file mode 100644
index 0000000..004f134
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc4/ciphertext0
@@ -0,0 +1 @@
+34sTZJtr20k=
diff --git a/nss/cmd/bltest/tests/rc4/ciphertext1 b/nss/cmd/bltest/tests/rc4/ciphertext1
new file mode 100644
index 0000000..6050da4
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc4/ciphertext1
@@ -0,0 +1 @@
+34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M=
diff --git a/nss/cmd/bltest/tests/rc4/key0 b/nss/cmd/bltest/tests/rc4/key0
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc4/key0
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/rc4/key1 b/nss/cmd/bltest/tests/rc4/key1
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc4/key1
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/rc4/numtests b/nss/cmd/bltest/tests/rc4/numtests
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc4/numtests
@@ -0,0 +1 @@
+2
diff --git a/nss/cmd/bltest/tests/rc4/plaintext0 b/nss/cmd/bltest/tests/rc4/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc4/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/rc4/plaintext1 b/nss/cmd/bltest/tests/rc4/plaintext1
new file mode 100644
index 0000000..d41abc7
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc4/plaintext1
@@ -0,0 +1 @@
+Mozilla!Mozilla!Mozilla!Mozilla!
diff --git a/nss/cmd/bltest/tests/rc5_cbc/ciphertext0 b/nss/cmd/bltest/tests/rc5_cbc/ciphertext0
new file mode 100644
index 0000000..544713b
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_cbc/ciphertext0
@@ -0,0 +1 @@
+qsv4Fn2J6d0=
diff --git a/nss/cmd/bltest/tests/rc5_cbc/iv0 b/nss/cmd/bltest/tests/rc5_cbc/iv0
new file mode 100644
index 0000000..97b5955
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_cbc/iv0
@@ -0,0 +1 @@
+12345678
diff --git a/nss/cmd/bltest/tests/rc5_cbc/key0 b/nss/cmd/bltest/tests/rc5_cbc/key0
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_cbc/key0
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/rc5_cbc/numtests b/nss/cmd/bltest/tests/rc5_cbc/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_cbc/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/rc5_cbc/params0 b/nss/cmd/bltest/tests/rc5_cbc/params0
new file mode 100644
index 0000000..d68e036
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_cbc/params0
@@ -0,0 +1,2 @@
+rounds=10
+wordsize=4
diff --git a/nss/cmd/bltest/tests/rc5_cbc/plaintext0 b/nss/cmd/bltest/tests/rc5_cbc/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/rc5_ecb/ciphertext0 b/nss/cmd/bltest/tests/rc5_ecb/ciphertext0
new file mode 100644
index 0000000..133777d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_ecb/ciphertext0
@@ -0,0 +1 @@
+4ZKK/1v5Ohc=
diff --git a/nss/cmd/bltest/tests/rc5_ecb/key0 b/nss/cmd/bltest/tests/rc5_ecb/key0
new file mode 100644
index 0000000..65513c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_ecb/key0
@@ -0,0 +1 @@
+zyxwvuts
diff --git a/nss/cmd/bltest/tests/rc5_ecb/numtests b/nss/cmd/bltest/tests/rc5_ecb/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_ecb/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/rc5_ecb/params0 b/nss/cmd/bltest/tests/rc5_ecb/params0
new file mode 100644
index 0000000..d68e036
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_ecb/params0
@@ -0,0 +1,2 @@
+rounds=10
+wordsize=4
diff --git a/nss/cmd/bltest/tests/rc5_ecb/plaintext0 b/nss/cmd/bltest/tests/rc5_ecb/plaintext0
new file mode 100644
index 0000000..5513e43
--- /dev/null
+++ b/nss/cmd/bltest/tests/rc5_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
diff --git a/nss/cmd/bltest/tests/rsa/ciphertext0 b/nss/cmd/bltest/tests/rsa/ciphertext0
new file mode 100644
index 0000000..943ea59
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa/ciphertext0
@@ -0,0 +1 @@
+qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as=
diff --git a/nss/cmd/bltest/tests/rsa/key0 b/nss/cmd/bltest/tests/rsa/key0
new file mode 100644
index 0000000..1352fe9
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa/key0
@@ -0,0 +1,4 @@
+AAAAAAAAACC5lyu2K2ro8YGnvOCKaL1sFX1HEIblIVbuMXsa8oeFSwAAAAERAAAA
+IBXVjKwFG6LvPG4WOIjBBzmxGNpkQwDs3W5qZcXVzqahAAAAEOEOH/WnhZCJyM39
+oNfhf18AAAAQ0xvmxqXXs3L62xxogUl9lQAAABAaeiHgqkvy4wiQtG1Gkv/tAAAA
+EMaw2TNu6SFdKFXAYluQdjEAAAAQi0u+IlgKCt/hatGAsTrfzQ==
diff --git a/nss/cmd/bltest/tests/rsa/numtests b/nss/cmd/bltest/tests/rsa/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/rsa/plaintext0 b/nss/cmd/bltest/tests/rsa/plaintext0
new file mode 100644
index 0000000..d915bc8
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa/plaintext0
@@ -0,0 +1 @@
+512bitsforRSAPublicKeyEncryption
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext0 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext0
new file mode 100644
index 0000000..7037fa2
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext0
@@ -0,0 +1,3 @@
+NU/me0oSbV01/jbHd3kaP3uhPe9ITi05CK/3IvrUaPshaW3pXQvpEcLTF0+K/MIBA197bY5pQC3l
+RRYYwhpTX6nXv8W43Z/CQ/jPkn2zEyLW6IHqqRqZYXDmV6BaJmQm2YyIAD+Ed8EicJSg2foejEAk
+MJzh7My1IQA11HrHLoo=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext1 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext1
new file mode 100644
index 0000000..4cece48
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext1
@@ -0,0 +1,3 @@
+ZA2xrMWOBWj+VAfl+bcB3/jDyR5xbFNvx/zsbLW3HBFlmI1KJ54Vd9cw/Hopky4/AMgVFSNtjY4x
+AXp6Cd9DUtkEzet5qlg63MMeppikwFKD2rqQib5UkfZ8Gk7kjcdLu+ZkOu+EZnm0yzlaNS1e0RWR
+LfaW/+BwKTKUbXFJK0Q=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext10 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext10
new file mode 100644
index 0000000..6007b8d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext10
@@ -0,0 +1,4 @@
+Iyr7ySf6CML2onuH1KXLCcB9wm+uc9c6kFWIOfT9ZtKBuH7HNLziN7oWZpjtgpEGp95pQs1s3OeP
+7Y0uTYFCjmZJDQNiZM75KvlB0+NQVf45geFNKcu5pPZ0cwY7rseaEXn1oXycGDLyg4/X1eWbuWWd
+VtzooBnt7xuzrMxpfMbMenePYKBkx/b11SnGIQJi4APeWD6B4xZ7iZcfuMDhXUT//vibU9jWTdeX
+0Vm1bSsI6lMH6hLCQb1Y1O4nih8u
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext11 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext11
new file mode 100644
index 0000000..43b65a6
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext11
@@ -0,0 +1,4 @@
+Q4zH3AimjaJJ5CUF+Fc7pg4sJ3PVspD0z53/cY6EIIHDg+ZwJKDylZTqmHudJeS3OPKFlw0ZWrs6
+jIBU49eda5yagye6WW8SWeJxJmdHZpB9jVgv86hHYVSSmtsebRI1ssy07I9mO6nMZwqSvr2FPI2/
+acZDbQFvYa3YNulHMkUENCB/n9TEPewqEqlY76Ae/iZpiZteYEwlXFX7cWbeVYnjaVl7sJFowG3V
+2xd+BqF0DrLVyC+uym2S/O6ZMbqf
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext12 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext12
new file mode 100644
index 0000000..9d0da8a
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext12
@@ -0,0 +1,5 @@
+U+pdwIzSYPs7hYVnKH+pFVLDCy/r+6IT8K6HcC0GjRm6sH/ldFI9+0ITnWjDxa/u4L/ky3lpy/OC
+uATW5hOWFE4tDmB0H4mTwwFLWLmxlXqLq80jr4VPTDVvsWYqpyv8x+WGVZ3EKA0WDBJnhacj6+6+
+/3HxFZRECq74fRB5Ood0ojnUoEyH/hRnudr4UgjsbHJVeUqWzCkUL5qL1Bjjwf1nNEsM0IKd87K+
+xgJTGWKTxrNNP3XTLyE91Fxic9UFrfTM7RBXy3WPwmru+kQSVe1OZMGZ7gdefxZkYYL9tGRzm2ir
+Xa/w5j6VUgFoJPBUv008jJCpe7a2VTKE60KfzA==
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext13 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext13
new file mode 100644
index 0000000..3ecd857
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext13
@@ -0,0 +1,5 @@
+orGkMKnWV+L6HCu17UP/slwFowj+kJPAEDF5X1h0QAEQgorlj7m1gc6d3dPlSa4EoJhUWb3mxiZZ
+TnsF3EJ4sqFGXBNoQIgjyF6W3GbDowmDxjlmT8RWmjf+IeWhlbV3bu0t+NjTYa9obnUCKbvWY/Fh
+hopQYV4MM3vsDKNf7AuxnDbrLgu8wFgvodk6rNsGEGP1nyzh7kNgXl2J7KGD0qzf6fgQEQIq07Q6
+PdQX2slLThHqgbGSlm6WaxgggucZZGB7T4AC82KZhEoR8q4PrqwurnD49PmAiKzc0KxVbp/MxRFS
+GQj60m8ExkIBRQMFd4dYsFOL+LW7FEqCjmKXlQ==
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext14 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext14
new file mode 100644
index 0000000..09d8a85
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext14
@@ -0,0 +1,5 @@
+mIbD5nZKi5qE6EFI69jDsaqAUDgaePZocUwW2c/Spu3FaXnFNdne47RLhcGL6JKJkjcXEUciFtld
+2pjS7oNHybFN/9/4SqSNJawG99fmU5islnsc6Qkl9n3OBJt/gS2wdCmXp01E/oHb4Oej/q8uXECv
+iI1VDdu+O8IGV6KVQ/j8KRO5vRphsqsiVuxAm719wNF3F+olxD9C7Sffhzi/SvxnZv96/whZVV7i
+g5IPTIpjxKc0DLr93DOezbSwUVAC+WyTK1t5Fnr2mcCtP8z98PROhacCYr8uGP40uFBYmXXoZ/+W
+nUjqvyEicVRs3AWmnstSblKHDINvMHvXmHgO3g==
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext15 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext15
new file mode 100644
index 0000000..bae2acb
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext15
@@ -0,0 +1,5 @@
+Yxjp+1wNBeUwfhaDQ26QMpOsRkI1iqoiPXFjATq6h+Lf2o5gxoYOKaHpJoYWPqC5F18ynKOxMaHt
+06d3Wai5e61qT49DlvKM9vOcpYES5IFg1uID2qWFbzrKX/7Vd69JlAjj39Iz4+YE2+NKnEyQgt5l
+UnysYzHSncgOBQig+nEi5/Mp9sylz6NNTR2kF4BUV+AIvsVJ5Hj/nhKnY8R30Vu7ePW2m9V4MPws
+TtaG15vHKpXYX4gTTGsK/laozPvIVYKLszm9F5Cc8dcN4zNa4HA5CT5gbWVTZd5lULhyzW3h1EDu
+AxthlF9imtijU7DUCTnpajxFDSqNXu6fZ4CTyA==
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext16 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext16
new file mode 100644
index 0000000..6226b0e
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext16
@@ -0,0 +1,5 @@
+dSkIcsz9SkUFZg1lH1babaoJyhMB2JBjL2qZLz1WXO5GSv3tQO07W+k1ZxTqWqdlX0oTZsLxfHKP
+byxaXR+OKEKbxOb48s/42o3A4KmAjkX9CeovpAyyts5v//XA4VnRG2jZCoX3uE4QOwnmgmZkgMZX
+UFwJKSWUaKMUeG106rExVzzyNL9X232eZsxnSBkuAC3A3uqTBYXwgx/c2bwz1R957S/8Frz01ZgS
+/OvKo/kGmw5EVobWRMJcz2O0Vu5fpv/pbxnN91H+2erzWVd1Tb9L/qUhaqGETcUHyy0IDnIuuhUD
+CMK1/xGTYg8XZuz0SBuvuUO9KSh38hNspJSroA==
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext17 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext17
new file mode 100644
index 0000000..9095393
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext17
@@ -0,0 +1,5 @@
+LSB6c0Mqj7TAMFGz9zsophdkCY36NMR6IJlfgRWqaBZnm1V+gtvuWEkIxuaXgtfes029Za8GPVf8
+p2pf0GlJL9YGjZmE0gk1BWWmLlx38jA4wSyxDGY0cJtUfEb2tKcJvYXKEi10Rl75d2LCl2Pgbbx6
+nnOMeL/KAQLcXnnWW5c/KCQMqrLhYaeLV9JiRX7YGV1T48eunaAhiDxtt8JK/dIyLqyXKtPDVMX8
+7x4UbDoCkPtnrfAHBm4AQo0s7BjOWPkyhpje/vSy617HaRj94cGYy7OLevxnYmqa7+xDIr/ZDSVj
+SByaIh94yCcsgtG2KrkU4cafavbvMMpSYNtKRg==
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext2 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext2
new file mode 100644
index 0000000..8eb40cd
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext2
@@ -0,0 +1,3 @@
+Qjc27QNfYCavJ2w1wLN0GzZeX3bKCRtOjCni8L7+5gNZWqgyLWAtLmJeleuBsvHJck6CLsp224YY
+zwnFNDUDpDYINbWQO8Y344efsF4O8yaF1a7FBnzXzJb+SyZwturDBmsfz1aGtoWJqvt9YpsC2Phi
+XKODNiTUgA+wgbHPlOs=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext3 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext3
new file mode 100644
index 0000000..1e86bb0
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext3
@@ -0,0 +1,3 @@
+RerUylUeZiyYAPGsqCg7BSXmq64wvktKunYvpA/T044iq+/Gl5T267vAXduxEhYkfS9BL9D7qHxu
+Os2IiBNkb9DkjnhSBPnD9z1tgjlWJyLd3Ydx/sSLg6Me5vWSxM/UvIgXTzsToRKq47n3uA4Pxvcl
+W6iA3H2AIeIq1qhfB1U=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext4 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext4
new file mode 100644
index 0000000..3f87612
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext4
@@ -0,0 +1,3 @@
+NvbjTZSo002qy6M6ITnQCthak0WoYFHnMHFiAFa5IOIZAFhVohOg8jiXzc1zG0UlfHd/6QggK+/d
+C1g4axJE6gz1OaBdXRAynaROEwMP12Dc1kTP7yCU0ZENP0M+HHxt0YvB8t9/ZD1mL7ndN+rZBZGQ
+9PpmyjnoacTrRJy9xDk=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext5 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext5
new file mode 100644
index 0000000..64a5f4f
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext5
@@ -0,0 +1,3 @@
+Qs7iYXsezqTbP0gpOG+9Ydr78DjhgNg3yWNm3yTAl7SrD6xr31kNghyfEGQuaBrQW414s3jA9Gzi
++tY/dOCtPfBrB11+tfVjb41AO5BZynYbXGK7UqpFAC6nC6rOCN7SQ7nYy9YqaK3iZYMrVlZOQ6b6
+Qu0ZmgmXaXQt8VOeglU=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext6 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext6
new file mode 100644
index 0000000..9af9805
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext6
@@ -0,0 +1,4 @@
+JnvNEYrKsfyLqByF1zADy4YQ+lXB2X2o1Ip8fwaJak23UaooQlW502rWXzdlPYKfGzf5e4ABlCVF
+svwsVac3bKehvksXYMjgWjPlqiUmuNmOMXCI54NMdVsqWbEmMaGCwF1dQ6sXeSZPhFb1Fc5X399R
+LVST2re3M43Et9eNucCRrDuvU3pp/H9UnZefDv+alP2kFpvU0dGaacmeM8O1VJDVAbObHtrhGP9n
+k6FTJhWE06Xzn25oLj0XyM0SYfpy
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext7 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext7
new file mode 100644
index 0000000..4396ffb
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext7
@@ -0,0 +1,4 @@
+k6yfBnHsKay7RE7/waV0E1HWD9sOOT+/dUrPDeSXYaFIQd93cum8gnc5ZqFYTE1yuuoAEY+D81zK
+blN8vU2BH1WDspeD2KbZTNMb5w1vUmwQ/wnG+nzgaXlaP80FEf1fy1ZLzIDqnHjzi4ABJTnYpN32
+/oHpzdt/UNu7vMfl2GCXzPTsSRifuL8xi+bVoHFdUWtJrxkSWM0y3IM85utGc8A6Gbus6IzFSJX2
+NswMHsiQltEc4jWiZcoXZCMqaJro
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext8 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext8
new file mode 100644
index 0000000..5d53ef0
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext8
@@ -0,0 +1,4 @@
+gevdlQVLDIIu+a12k/Woet+0tMTOcN8t+E7UnATaWLpfwgoZ4abot6OQCyJ5bcToae5rQnktFajs
+61bAnGmRToE86o9pMeS47W9CGvKY1ZXJf0eJx8qmEsfvNgmEwhuT7cVAEGi1r0x4qHcbmE1TuOqK
+3y9qfUoLp2x14d2fZY8g3tSkYHHUbXeRtWgD2P6n8LD45Brj8JODpvlYX+d1Pqr/0r+UVjEIvuzC
+B7u1NfX8xwXw3en3CMYvSanJA3HT
diff --git a/nss/cmd/bltest/tests/rsa_oaep/ciphertext9 b/nss/cmd/bltest/tests/rsa_oaep/ciphertext9
new file mode 100644
index 0000000..6e865ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/ciphertext9
@@ -0,0 +1,4 @@
+vMNflM3mbLETZiXWJblEMqNbIvPS+hGmE/8PylvVf4e5AszcHNCuvLBxXuhp0dH+OV9nkwA/XspG
+UFnIhmDURv9fCBhVICJVfjjAimfq2ZEmIlTxBoKXXsVjl3aFN/SXevbV9qrOt/sl3sWTcjAjH9iX
+ivSRGaKfKeQkq4JytHVieS1clPd0uIKdCw2fGoye3fN1dNX6JI7vqcUnH8XsJXnIG91htBD6Yf42
+5CQiHBE63bJ1ZkyAHTTKjGNR5KhY
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash0 b/nss/cmd/bltest/tests/rsa_oaep/hash0
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash0
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash1 b/nss/cmd/bltest/tests/rsa_oaep/hash1
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash1
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash10 b/nss/cmd/bltest/tests/rsa_oaep/hash10
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash10
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash11 b/nss/cmd/bltest/tests/rsa_oaep/hash11
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash11
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash12 b/nss/cmd/bltest/tests/rsa_oaep/hash12
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash12
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash13 b/nss/cmd/bltest/tests/rsa_oaep/hash13
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash13
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash14 b/nss/cmd/bltest/tests/rsa_oaep/hash14
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash14
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash15 b/nss/cmd/bltest/tests/rsa_oaep/hash15
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash15
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash16 b/nss/cmd/bltest/tests/rsa_oaep/hash16
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash16
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash17 b/nss/cmd/bltest/tests/rsa_oaep/hash17
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash17
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash2 b/nss/cmd/bltest/tests/rsa_oaep/hash2
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash2
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash3 b/nss/cmd/bltest/tests/rsa_oaep/hash3
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash3
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash4 b/nss/cmd/bltest/tests/rsa_oaep/hash4
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash4
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash5 b/nss/cmd/bltest/tests/rsa_oaep/hash5
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash5
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash6 b/nss/cmd/bltest/tests/rsa_oaep/hash6
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash6
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash7 b/nss/cmd/bltest/tests/rsa_oaep/hash7
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash7
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash8 b/nss/cmd/bltest/tests/rsa_oaep/hash8
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash8
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/hash9 b/nss/cmd/bltest/tests/rsa_oaep/hash9
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/hash9
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key0 b/nss/cmd/bltest/tests/rsa_oaep/key0
new file mode 100644
index 0000000..61684be
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key0
@@ -0,0 +1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key1 b/nss/cmd/bltest/tests/rsa_oaep/key1
new file mode 100644
index 0000000..61684be
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key1
@@ -0,0 +1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key10 b/nss/cmd/bltest/tests/rsa_oaep/key10
new file mode 100644
index 0000000..3c9f874
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key10
@@ -0,0 +1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key11 b/nss/cmd/bltest/tests/rsa_oaep/key11
new file mode 100644
index 0000000..3c9f874
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key11
@@ -0,0 +1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key12 b/nss/cmd/bltest/tests/rsa_oaep/key12
new file mode 100644
index 0000000..a2ad3ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key12
@@ -0,0 +1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key13 b/nss/cmd/bltest/tests/rsa_oaep/key13
new file mode 100644
index 0000000..a2ad3ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key13
@@ -0,0 +1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key14 b/nss/cmd/bltest/tests/rsa_oaep/key14
new file mode 100644
index 0000000..a2ad3ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key14
@@ -0,0 +1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key15 b/nss/cmd/bltest/tests/rsa_oaep/key15
new file mode 100644
index 0000000..a2ad3ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key15
@@ -0,0 +1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key16 b/nss/cmd/bltest/tests/rsa_oaep/key16
new file mode 100644
index 0000000..a2ad3ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key16
@@ -0,0 +1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key17 b/nss/cmd/bltest/tests/rsa_oaep/key17
new file mode 100644
index 0000000..a2ad3ff
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key17
@@ -0,0 +1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key2 b/nss/cmd/bltest/tests/rsa_oaep/key2
new file mode 100644
index 0000000..61684be
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key2
@@ -0,0 +1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key3 b/nss/cmd/bltest/tests/rsa_oaep/key3
new file mode 100644
index 0000000..61684be
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key3
@@ -0,0 +1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key4 b/nss/cmd/bltest/tests/rsa_oaep/key4
new file mode 100644
index 0000000..61684be
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key4
@@ -0,0 +1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key5 b/nss/cmd/bltest/tests/rsa_oaep/key5
new file mode 100644
index 0000000..61684be
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key5
@@ -0,0 +1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key6 b/nss/cmd/bltest/tests/rsa_oaep/key6
new file mode 100644
index 0000000..3c9f874
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key6
@@ -0,0 +1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key7 b/nss/cmd/bltest/tests/rsa_oaep/key7
new file mode 100644
index 0000000..3c9f874
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key7
@@ -0,0 +1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key8 b/nss/cmd/bltest/tests/rsa_oaep/key8
new file mode 100644
index 0000000..3c9f874
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key8
@@ -0,0 +1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/key9 b/nss/cmd/bltest/tests/rsa_oaep/key9
new file mode 100644
index 0000000..3c9f874
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/key9
@@ -0,0 +1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash0 b/nss/cmd/bltest/tests/rsa_oaep/maskhash0
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash0
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash1 b/nss/cmd/bltest/tests/rsa_oaep/maskhash1
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash1
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash10 b/nss/cmd/bltest/tests/rsa_oaep/maskhash10
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash10
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash11 b/nss/cmd/bltest/tests/rsa_oaep/maskhash11
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash11
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash12 b/nss/cmd/bltest/tests/rsa_oaep/maskhash12
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash12
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash13 b/nss/cmd/bltest/tests/rsa_oaep/maskhash13
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash13
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash14 b/nss/cmd/bltest/tests/rsa_oaep/maskhash14
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash14
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash15 b/nss/cmd/bltest/tests/rsa_oaep/maskhash15
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash15
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash16 b/nss/cmd/bltest/tests/rsa_oaep/maskhash16
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash16
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash17 b/nss/cmd/bltest/tests/rsa_oaep/maskhash17
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash17
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash2 b/nss/cmd/bltest/tests/rsa_oaep/maskhash2
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash2
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash3 b/nss/cmd/bltest/tests/rsa_oaep/maskhash3
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash3
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash4 b/nss/cmd/bltest/tests/rsa_oaep/maskhash4
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash4
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash5 b/nss/cmd/bltest/tests/rsa_oaep/maskhash5
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash5
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash6 b/nss/cmd/bltest/tests/rsa_oaep/maskhash6
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash6
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash7 b/nss/cmd/bltest/tests/rsa_oaep/maskhash7
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash7
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash8 b/nss/cmd/bltest/tests/rsa_oaep/maskhash8
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash8
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/maskhash9 b/nss/cmd/bltest/tests/rsa_oaep/maskhash9
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/maskhash9
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_oaep/numtests b/nss/cmd/bltest/tests/rsa_oaep/numtests
new file mode 100644
index 0000000..3c03207
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/numtests
@@ -0,0 +1 @@
+18
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext0 b/nss/cmd/bltest/tests/rsa_oaep/plaintext0
new file mode 100644
index 0000000000000000000000000000000000000000..5961feea3d47407f8b2be5ccc39ba3f7928a99d6
GIT binary patch
literal 28
kcmYe(kn|H`x7}d9(&yH^pTWx0uk!Ay+}Y0H_3xhv0G$2|c>n+a

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext1 b/nss/cmd/bltest/tests/rsa_oaep/plaintext1
new file mode 100644
index 0000000..bd17cf9
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext1
@@ -0,0 +1 @@
+u@GõGèä…e#)ŠÉºâEﯗûåo�Õ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext10 b/nss/cmd/bltest/tests/rsa_oaep/plaintext10
new file mode 100644
index 0000000..d07c85b
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext10
@@ -0,0 +1 @@
+SæèÇ)ÖùÃÝ1~t°ÛŽLÌ¢_<ƒtnzÆ:cï79絕«¹n�UåO{Ô´37�û‘
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext11 b/nss/cmd/bltest/tests/rsa_oaep/plaintext11
new file mode 100644
index 0000000..fcd6baa
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext11
@@ -0,0 +1 @@
+¶²Ž¢�¼d
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext12 b/nss/cmd/bltest/tests/rsa_oaep/plaintext12
new file mode 100644
index 0000000..a154e41
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext12
@@ -0,0 +1 @@
+‹ºkø*l†Õñun—•hp°‰S°kN²¼”î
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext13 b/nss/cmd/bltest/tests/rsa_oaep/plaintext13
new file mode 100644
index 0000000..8af8ac6
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext13
@@ -0,0 +1 @@
+æ­;X©òEu7>W
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext14 b/nss/cmd/bltest/tests/rsa_oaep/plaintext14
new file mode 100644
index 0000000..b302369
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext14
@@ -0,0 +1,2 @@
+Q
+,ö†o¢4SÉN£Ÿ¼%cè>”EKA$
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext15 b/nss/cmd/bltest/tests/rsa_oaep/plaintext15
new file mode 100644
index 0000000000000000000000000000000000000000..36812091de63f6bc664e4b80344adb93975c21a5
GIT binary patch
literal 36
ucmV+<0Nek(-5Cv|x6=UMng-%5s^X_#5Xm3*XScy?-iuQPN+wCEKt;({8xghu

literal 0
HcmV?d00001

diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext16 b/nss/cmd/bltest/tests/rsa_oaep/plaintext16
new file mode 100644
index 0000000..7449ac6
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext16
@@ -0,0 +1 @@
+§Ýl}ÂKFùÝ_‘­¤Ã³ß”~‡r2©
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext17 b/nss/cmd/bltest/tests/rsa_oaep/plaintext17
new file mode 100644
index 0000000..f3945c8
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext17
@@ -0,0 +1 @@
+êñ§:F	S}æœÙ"‹¼ûšŒ¨ÆÃï¯oä§ôcNÐ|9ìi"׸ê,ë¬
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext2 b/nss/cmd/bltest/tests/rsa_oaep/plaintext2
new file mode 100644
index 0000000..6c08a2a
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext2
@@ -0,0 +1 @@
+ÙJàƒ.dEÎB3°mS‚±ÛKªÓtmÉß$ÔãÂEÿY¦B>°áÐ-OæFÏi�ý�Œn—°Q
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext3 b/nss/cmd/bltest/tests/rsa_oaep/plaintext3
new file mode 100644
index 0000000..efd84ad
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext3
@@ -0,0 +1 @@
+RæPÙŽ*‹O†…!S¹~
Ý1o4jöz…
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext4 b/nss/cmd/bltest/tests/rsa_oaep/plaintext4
new file mode 100644
index 0000000..1796336
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext4
@@ -0,0 +1 @@
+�¨ŸÙåùt¢ŸïûF+Ilùè
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext5 b/nss/cmd/bltest/tests/rsa_oaep/plaintext5
new file mode 100644
index 0000000..38913e9
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext5
@@ -0,0 +1 @@
+&RP„Bq
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext6 b/nss/cmd/bltest/tests/rsa_oaep/plaintext6
new file mode 100644
index 0000000..5d4bf7c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext6
@@ -0,0 +1 @@
+÷5ýUº’Y,;R¸ùÄöšª¾øþˆ­Ð•YTFœôì‰lYí¡bçTœŠ»ͼ!¡.ɶµ¸ý/9ž¶
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext7 b/nss/cmd/bltest/tests/rsa_oaep/plaintext7
new file mode 100644
index 0000000..d1bf800
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext7
@@ -0,0 +1 @@
+�¹`P¦:«ä-ßá—‰õ@Ltt²mÎ>Ô‚¿–Ì�‹ô ÅFY
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext8 b/nss/cmd/bltest/tests/rsa_oaep/plaintext8
new file mode 100644
index 0000000..bb96c95
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext8
@@ -0,0 +1 @@
+ý2d)ß›‰	µK¸óO$
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/plaintext9 b/nss/cmd/bltest/tests/rsa_oaep/plaintext9
new file mode 100644
index 0000000..8a71ad8
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/plaintext9
@@ -0,0 +1,3 @@
+ñE›_’ðr:.VbHM�Œ
+ ü)ÚÖ¬Ô;µóïýôá¶>ýþf(Ð×L¡›òÖžJ
+¿†Ò“’ZygrøŽ
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed0 b/nss/cmd/bltest/tests/rsa_oaep/seed0
new file mode 100644
index 0000000..8b990a2
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed0
@@ -0,0 +1 @@
+GLd26iEGnWl3ajPpa61I4d2gpe8=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed1 b/nss/cmd/bltest/tests/rsa_oaep/seed1
new file mode 100644
index 0000000..afb497d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed1
@@ -0,0 +1 @@
+DMdCzkqbfzL5UbyyUe/ZJf5P418=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed10 b/nss/cmd/bltest/tests/rsa_oaep/seed10
new file mode 100644
index 0000000..762ceaf
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed10
@@ -0,0 +1 @@
+/LxCFALp7KvGCCr6QLpfJlIshA4=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed11 b/nss/cmd/bltest/tests/rsa_oaep/seed11
new file mode 100644
index 0000000..5cfd292
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed11
@@ -0,0 +1 @@
+I6reDh4Iu5uaeNIwKlL5whsuG6I=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed12 b/nss/cmd/bltest/tests/rsa_oaep/seed12
new file mode 100644
index 0000000..516e13d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed12
@@ -0,0 +1 @@
+R+GrcRn+5WyV7l6q2G9A0KpjvTM=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed13 b/nss/cmd/bltest/tests/rsa_oaep/seed13
new file mode 100644
index 0000000..680ddbd
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed13
@@ -0,0 +1 @@
+bRf1tMH/rDUdGVv3sJ0J8JpAec8=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed14 b/nss/cmd/bltest/tests/rsa_oaep/seed14
new file mode 100644
index 0000000..f41e51c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed14
@@ -0,0 +1 @@
+OFOHUU3szHx0DdjN+druSaHL/VQ=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed15 b/nss/cmd/bltest/tests/rsa_oaep/seed15
new file mode 100644
index 0000000..9a825c9
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed15
@@ -0,0 +1 @@
+XKymoPdkFhqWhPhdkrbg7zfKi2U=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed16 b/nss/cmd/bltest/tests/rsa_oaep/seed16
new file mode 100644
index 0000000..dcf464d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed16
@@ -0,0 +1 @@
+lbyp44WYlLPdhp+n7NW7xkAb8+Q=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed17 b/nss/cmd/bltest/tests/rsa_oaep/seed17
new file mode 100644
index 0000000..90133c7
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed17
@@ -0,0 +1 @@
+n0fd9C6X7qhWqb28cU6zrCL26zI=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed2 b/nss/cmd/bltest/tests/rsa_oaep/seed2
new file mode 100644
index 0000000..0c82aab
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed2
@@ -0,0 +1 @@
+JRTfRpV1WmeyiOr0kFw27sZv0v0=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed3 b/nss/cmd/bltest/tests/rsa_oaep/seed3
new file mode 100644
index 0000000..4cd022e
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed3
@@ -0,0 +1 @@
+xENaPhoYpotoIENikKN877hds/s=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed4 b/nss/cmd/bltest/tests/rsa_oaep/seed4
new file mode 100644
index 0000000..275f908
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed4
@@ -0,0 +1 @@
+sxjELfO+D4P+qCP1p7R+1eQlo7U=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed5 b/nss/cmd/bltest/tests/rsa_oaep/seed5
new file mode 100644
index 0000000..3406494
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed5
@@ -0,0 +1 @@
+5OwJgsIzbzpnf2o1YXTrDOiHq8I=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed6 b/nss/cmd/bltest/tests/rsa_oaep/seed6
new file mode 100644
index 0000000..c7316f9
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed6
@@ -0,0 +1 @@
+jsll8TSj7Jkx6SocoNyBadXqcFw=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed7 b/nss/cmd/bltest/tests/rsa_oaep/seed7
new file mode 100644
index 0000000..a4cbd16
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed7
@@ -0,0 +1 @@
+7LG4sl+lDNqwjlYEKGf0r1gm0Ww=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed8 b/nss/cmd/bltest/tests/rsa_oaep/seed8
new file mode 100644
index 0000000..d4a76a0
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed8
@@ -0,0 +1 @@
+6JuwMsbOYiy9tTvJRmAU6nf3d8A=
diff --git a/nss/cmd/bltest/tests/rsa_oaep/seed9 b/nss/cmd/bltest/tests/rsa_oaep/seed9
new file mode 100644
index 0000000..8cd39a9
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_oaep/seed9
@@ -0,0 +1 @@
+YG87mcC5zNdx6qKeoOTIhPMYnMw=
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext0 b/nss/cmd/bltest/tests/rsa_pss/ciphertext0
new file mode 100644
index 0000000..0ed7e8c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext0
@@ -0,0 +1,3 @@
+kHQwj7WY6XAbIpQ4jlL5cfqsK2ClFFrxhd9Sh7XtKIflfOf9RNyGNOQHyODkNgvCJvPsIn+dnlRj
+jo0x9QUSFd9uu5wvlXmqd1mKOPkUtbnBvYPE4vnzgqDQqjVC/+5lmEpgG8aeso3rJ9yhLILC1MP2
+bNUA8f8rmU2KTjDLszw=
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext1 b/nss/cmd/bltest/tests/rsa_pss/ciphertext1
new file mode 100644
index 0000000..01aa061
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext1
@@ -0,0 +1,3 @@
+Pvf0boMb+SsyJ0FCpYX/zvvcp7Mq6Q0Q+w8McpmE8E7ymp3weAd1zkNzm5eDg5DbClUF5j3pJwKN
+nSmyGcosRReDJVilXWlKbSW52rZgA8TMzZB4Ahk75RcNJhR9N7k1kCQb5RwlBV9H72J1LPviFBj6
+/pjCLE1NR3JP21Zp6EM=
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext10 b/nss/cmd/bltest/tests/rsa_pss/ciphertext10
new file mode 100644
index 0000000..f31ec8e
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext10
@@ -0,0 +1,4 @@
+ghAt+MuR5xeZGaBNJtM11k+8L4csRIM5QyQd6EVIECdM3z219C1CPbFSr3E19wFCDjm0lKZ8v9Gf
+kRnaIzoj2lxkObW6DSvDc+7jUHABN41KQHOFa3/iq6C17pOyf0r+x9TRIJIcg/YGdlsCwZ5Naho7
+lfpMQilRvk9SExB37xcXlynN3721aVDbrO7+eMsWZAoJnqVtJDie7xD4/ssxuj6jsifAqGaYu4nj
+6TY5Bb8id3sqOqUhtltM73bYO95M
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext11 b/nss/cmd/bltest/tests/rsa_pss/ciphertext11
new file mode 100644
index 0000000..2e67c03
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext11
@@ -0,0 +1,4 @@
+p/2w0lkWXKLIjQC78QKKhn0zdpnQYRk7F6lkjhTMu6rerKrN7IFedXEpTruKEXryBfoHi0ewcSwZ
+njrQUTXFBMJLgXBRFXQIAkh5kv/VEdSvxrhUSR6z8N1SMTlUL/FcMQHuhVQ1F8ajx5QXxn4t2ap0
+HpopsG3LWTwjNrNnCuOvusfD524hVHPoZuM4yiRN4AtiYk1rlCaCLOrp+MxGCJX0ElAHP9RcWh57
+QlwgSkI6aZFZ9pA+cQs3p7sryASf
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext12 b/nss/cmd/bltest/tests/rsa_pss/ciphertext12
new file mode 100644
index 0000000..7f3530c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext12
@@ -0,0 +1,5 @@
+gsKxYAk7iqPA91IrGfhzVAZsd4R6vyqfzlQtDoTpIMWvtJ/9/azhZWDulKE2lgEUjrrXoOFRzxYz
+F5Glcn0F8h505+uBFEAgaTXXRHZaFeefAVy2bFMsh6agWWHIv610GppmVwIolDk+ciNzl5bAKndF
+XQ9VWw7AHd8lm2IH/Q/VdhTO8aVXO6r/TsAAaZUWWbhfJDAKJRYMqFItxuZyflfQGdfmNim4/l6J
+4lzBW+s6ZHV3VZKZKAubKPebBAkAC+JbvZZAi6O0PMSGGE3RyOYlU/oa9AQPYGY95/XknAQ4jiV/
+HOicldq0ijFdm2axt2KCM4dv8jhSMNBw0H4WZg==
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext13 b/nss/cmd/bltest/tests/rsa_pss/ciphertext13
new file mode 100644
index 0000000..2d87915
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext13
@@ -0,0 +1,5 @@
+FK412d0GupL387iXl4rtfNS/X/C1haQL1GzhtCzScDBTu5BE1k6BPY+W2y3XAH0QEY9vj4SWCXrX
+Xh/2kjQbKJKtVaYzocVefwoK1ZoOIDpbgniuxU3YYi4oMdhxdPjK/0PubEZEU0XYSlllm/uS7NTI
+GGaGlfNHBvZoKKiZWWN/K/PjJRwkvbpNS3ZJ2gAiIYsRnITnmmUn7FuKX4YcFZlS4j7AXh5xc0b6
+7+ixaGglvSsmL7JTEGbA3gms3i5CMWkHKLXYXhFaL2uSt5wlq8m9k5n/i8+CWlLqH1bqdt0m9Duq
++hi/qSpQTL01aZ4m0dzFoohzhfPGMjLwbzJEww==
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext14 b/nss/cmd/bltest/tests/rsa_pss/ciphertext14
new file mode 100644
index 0000000..eaa167e
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext14
@@ -0,0 +1,5 @@
+bj5Ne2sV0vtGATuJAKpbuzk5zywJVxeYcEICbuYsdMVM/9XX1X77v5UKD1xXT6CdP8HJ9ROwW0/1
+Ddjfft+iAQKFTDXlkhgBGacM5bCFGCqgLZ6iqpDR3wPy2q6IW6L10Fr9rJdHbwa5O1vJShqAqpEW
+xNYV8zOwmIkrJf+s4mb121paO8wQqCTtVarTW3J4NPuMB9oo/PQWpdmyIk8fi0QrNvkeRW/eotfP
+4zZyaN4DB6THTpJBWe0zOT1eBlVTHHcye4mCG97fiAFhx4zUGWtUGfesw/E+Xr8WG258ZyRxbKM7
+hcLiVkAZKsKFllHVC95+uXblHOyCi5i2VjuGuw==
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext15 b/nss/cmd/bltest/tests/rsa_pss/ciphertext15
new file mode 100644
index 0000000..a7bff41
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext15
@@ -0,0 +1,5 @@
+NAR/+WxNwNyQstT/WaGjYaR1SyVdLuCvfYv4fJvJ593u3jOTTGPKHA49JiyxRe+TKh8sCpl6pqNP
+jq7nR32CzPCQlaa4rK041O7J+36retAtodEdjlTBgl5Vv1jCojI0uQK+Ek+ekDio9o+kXaty9m4J
+Rb8di6zJBExvBwmMn87FijqrEAyAUXgVXwMKEkxFDlrL2kfQ5PELgKI/gD53TQI7ABXCC5+bvnyR
+KWM41ey0ccr7AyAHtnpgvl9pUEqfAauzy0Z7Jg4rzoYL6Nlb+SwMjhSW7R5ShZOkq7bfRi3eiglo
+3/5GgxFoV6Iy9ev2yFviOHRa0POPdnpf2/SG+w==
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext16 b/nss/cmd/bltest/tests/rsa_pss/ciphertext16
new file mode 100644
index 0000000..79e7afb
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext16
@@ -0,0 +1,5 @@
+fgk16hj01sHRfOgusrODbFWzhFic4Z3+dDNjrJlI0fNGt7/d/pLv14rbIfrvyJreQrEPN0AD/hIu
+Z0KaHLjL0fjZAUVkxE0SARb0mQ8abjh3TBlL0bghMoawd7BJnS57P0NKsSKJxVZoTe7XgTGTS7Pd
+ZTcjb3xvPcsJ1Ha+B3IeN+HO7Zsve0Boh71TFXMF4ci0+E1zO8Hhhv4GzFm27bj0vX/+/fT3upz7
+nVcGibWhpBCadGppCJPbN5klWgy5IV0tHNSQWQ6VLoyHhqoAESZSUkcMBB37w+7Hw8v3HCSGnRFc
+DLSpVvVtUwuAq1iaz+/GkHUd3zbo04P4PO3SzA==
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext17 b/nss/cmd/bltest/tests/rsa_pss/ciphertext17
new file mode 100644
index 0000000..86b2cfd
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext17
@@ -0,0 +1,5 @@
+bTtbh/Z+plevIfdUQZd9IYD5GyxfaS3oKVVpamhnMNm5d42XB1jMsmBxwiCf+9YSW+LpbqgbZ8ub
+kwgjn9oX97K2Ts2glra5NWQKWhy0KpFVscnvemM6AsWfDW7lm4UsQ7NQKec8lA/wQQ6PEU7tRrvQ
++uFl5CviUopAHDso/YGO8yMtyp9NKg9RZuxZxCOW1sEdvBIVpW+hcWnblXU0PvNPneMqSc3DF0ki
+8inCPhjkXfk1MRnsQxnO3OehfGQIjB9vUr4pY0EAs5GdOPPR7ZTmiR5mpzuPuEn1h031lFnimMe7
+zi7ueCoZWqZv4tBzKyXllfV9PgYbH8PkBjv5jw==
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext2 b/nss/cmd/bltest/tests/rsa_pss/ciphertext2
new file mode 100644
index 0000000..47f9922
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext2
@@ -0,0 +1,3 @@
+ZmAm+6cb0+fPExV8wsUajkqmhK+XePkYSfNDNdFBwAFUxBl2IfliSmdbWrwi7n1bqv+q4cm6yizD
+c7PzPnjmFDw5WpGqf6ymZOtzOv0U2IJyWdmadVD6ylAe8rBOM8I6pR9LnoKC79tyjMCrCUBakWB8
+Y2mWG8gnDS1POfzmErE=
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext3 b/nss/cmd/bltest/tests/rsa_pss/ciphertext3
new file mode 100644
index 0000000..28306f2
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext3
@@ -0,0 +1,3 @@
+Rgl5OyPp0JNi3CG7R9oLTzp2ImSaR9RkAZua6v5TNZwXjJHNWLpry3i+A0anvGN/S4c9S6s47mYf
+GZY0xUehrYRC4D2gFbE25UP3qwfAwT5CJbjejM4l1PbrhAD4H34YM7fubjNNNwlkynn9uHK011Ij
+te6wgQFZH7Uy0VWm3oc=
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext4 b/nss/cmd/bltest/tests/rsa_pss/ciphertext4
new file mode 100644
index 0000000..a83e4f5
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext4
@@ -0,0 +1,3 @@
+HSqtIhyk0x3fE1CSOQGTmOPRSzLcNNxa9K6uo8CVr3NHnPCkXlYpY1pToBg3dhWxbLmxOz4J1nHr
+ceOHuFRcWWDaWmR3bnaOgrLJNYO/EEw/2yNRK3tOifYz3QBjpTDbRSSwHD84TAkxDjFaedzT1oQC
+Kn8xyGWmZOMWl4t1n60=
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext5 b/nss/cmd/bltest/tests/rsa_pss/ciphertext5
new file mode 100644
index 0000000..b4a3e3c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext5
@@ -0,0 +1,3 @@
+KjT2El4fawv5cehPvUHGMr6PLCrOfei2km4x/5Ppr5h/vAblHpvhT1GY+R8/lTvWfaYKnfWXZMPc
+D+COHL7wt1+GjRCtP7p0n+9Z+22sRqDW5QQ2kzFYb1jkYo85qieJglQ7wO61N9xhlYAZs5T7Jz8h
+WFigoBrE1lC5VcZ/TFg=
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext6 b/nss/cmd/bltest/tests/rsa_pss/ciphertext6
new file mode 100644
index 0000000..92a284c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext6
@@ -0,0 +1,4 @@
+WGEHImw84BOnyPBNGmopWbtLjiBbpDontQ8SQRG8Ne9YmwOfWTIYfLaW19mjLAw4MApc3aSDS2LS
+6yQK8z950T378JW/WZ4NloaUjBlkdHtn6JyaulzYUBYjb1ZsxYAssT6tUbx8pr7zuU3L27HVcEaX
+cd8OALGooGd3Ry0jFiee2uhkdGaNTh7/+V8d5hxgINoyrpK78WUg/vPPTYj2ESHyS72f6RtZyvEj
+WyqT/4H8QDrd9OveqEk0qc2vjhqe
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext7 b/nss/cmd/bltest/tests/rsa_pss/ciphertext7
new file mode 100644
index 0000000..55bed19
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext7
@@ -0,0 +1,4 @@
+gLbWQyVSCfCkVnY4l6ye0lnUWbScKIfliC7LRDTP1m3X4WmTdTgeUc1/VU8sJxcEs5nUK0viVAoO
+ymGVH1Umf3woeMEihC2tsosBvV+MAl9+IoQYpnPAPWvAxzbQopVGvWf3htnWkszqd41x2YwgY7en
+EJIYek01rxCBEdg+g+rkbEaqNCd+BgRFiZA3iPHV587iX7SF6SlJEYgU1vLD7jYUiQFvMn+1vFF+
+tQRwv/oa+l9M6aoM5bjuGb9VAblY
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext8 b/nss/cmd/bltest/tests/rsa_pss/ciphertext8
new file mode 100644
index 0000000..b6a3018
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext8
@@ -0,0 +1,4 @@
+SEQI84mM1fU0g/gIGe+/JwjDTSeosqb66LMi+SQCN/mBgXrKGEbxCE2qbXwHlfblvxr1nDjhhYQ3
+zh9+xBm5jIc2rfbdmgCxgG0r060Kc3deBfUt/vOlmrSwgUPw3wXNGtnQS+zsptqkohKYA+IAy8d3
+h8r0wdBmOmxZh7YFlSAZeCyvLsFCbWj7lO0dS+gWp+0IG3fmqzMLP/wHOCD+zeNyf8vile5hoFCj
+Q2WGN8P9ZZz7Y3Nt4y2fkNPC9j7K
diff --git a/nss/cmd/bltest/tests/rsa_pss/ciphertext9 b/nss/cmd/bltest/tests/rsa_pss/ciphertext9
new file mode 100644
index 0000000..0da2bcb
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/ciphertext9
@@ -0,0 +1,4 @@
+hOvrSBvlmEW0ZGi6+0ccARLgKyNdhLXZEcvRkm7lB0rgQkSVyyDoIwi467ZfQZoD+0DnK3iYHYiq
+0UMFNoUXLJeynIt78K5ztbImPEA9oO0vgP90UK94KOuLhvACi9KosXak0ijMzqGDlPI4sJ/3WMwA
+vAQwEVI1V0LygrVOZjqRnnCdjaJK3lUAp7mqUCJuDKUpI+bC2GDsUP9ID6V0d+grBWX0N595x3LV
+wtqAr5+/Ml7Ob8ILAJYWFL7omhg+
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash0 b/nss/cmd/bltest/tests/rsa_pss/hash0
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash0
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash1 b/nss/cmd/bltest/tests/rsa_pss/hash1
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash1
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash10 b/nss/cmd/bltest/tests/rsa_pss/hash10
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash10
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash11 b/nss/cmd/bltest/tests/rsa_pss/hash11
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash11
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash12 b/nss/cmd/bltest/tests/rsa_pss/hash12
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash12
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash13 b/nss/cmd/bltest/tests/rsa_pss/hash13
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash13
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash14 b/nss/cmd/bltest/tests/rsa_pss/hash14
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash14
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash15 b/nss/cmd/bltest/tests/rsa_pss/hash15
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash15
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash16 b/nss/cmd/bltest/tests/rsa_pss/hash16
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash16
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash17 b/nss/cmd/bltest/tests/rsa_pss/hash17
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash17
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash2 b/nss/cmd/bltest/tests/rsa_pss/hash2
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash2
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash3 b/nss/cmd/bltest/tests/rsa_pss/hash3
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash3
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash4 b/nss/cmd/bltest/tests/rsa_pss/hash4
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash4
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash5 b/nss/cmd/bltest/tests/rsa_pss/hash5
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash5
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash6 b/nss/cmd/bltest/tests/rsa_pss/hash6
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash6
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash7 b/nss/cmd/bltest/tests/rsa_pss/hash7
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash7
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash8 b/nss/cmd/bltest/tests/rsa_pss/hash8
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash8
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/hash9 b/nss/cmd/bltest/tests/rsa_pss/hash9
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/hash9
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/key0 b/nss/cmd/bltest/tests/rsa_pss/key0
new file mode 100644
index 0000000..4615480
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key0
@@ -0,0 +1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key1 b/nss/cmd/bltest/tests/rsa_pss/key1
new file mode 100644
index 0000000..4615480
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key1
@@ -0,0 +1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key10 b/nss/cmd/bltest/tests/rsa_pss/key10
new file mode 100644
index 0000000..ef62249
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key10
@@ -0,0 +1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key11 b/nss/cmd/bltest/tests/rsa_pss/key11
new file mode 100644
index 0000000..ef62249
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key11
@@ -0,0 +1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key12 b/nss/cmd/bltest/tests/rsa_pss/key12
new file mode 100644
index 0000000..9f74b31
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key12
@@ -0,0 +1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key13 b/nss/cmd/bltest/tests/rsa_pss/key13
new file mode 100644
index 0000000..9f74b31
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key13
@@ -0,0 +1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key14 b/nss/cmd/bltest/tests/rsa_pss/key14
new file mode 100644
index 0000000..9f74b31
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key14
@@ -0,0 +1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key15 b/nss/cmd/bltest/tests/rsa_pss/key15
new file mode 100644
index 0000000..9f74b31
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key15
@@ -0,0 +1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key16 b/nss/cmd/bltest/tests/rsa_pss/key16
new file mode 100644
index 0000000..9f74b31
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key16
@@ -0,0 +1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key17 b/nss/cmd/bltest/tests/rsa_pss/key17
new file mode 100644
index 0000000..9f74b31
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key17
@@ -0,0 +1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key2 b/nss/cmd/bltest/tests/rsa_pss/key2
new file mode 100644
index 0000000..4615480
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key2
@@ -0,0 +1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key3 b/nss/cmd/bltest/tests/rsa_pss/key3
new file mode 100644
index 0000000..4615480
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key3
@@ -0,0 +1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key4 b/nss/cmd/bltest/tests/rsa_pss/key4
new file mode 100644
index 0000000..4615480
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key4
@@ -0,0 +1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key5 b/nss/cmd/bltest/tests/rsa_pss/key5
new file mode 100644
index 0000000..4615480
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key5
@@ -0,0 +1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key6 b/nss/cmd/bltest/tests/rsa_pss/key6
new file mode 100644
index 0000000..ef62249
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key6
@@ -0,0 +1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key7 b/nss/cmd/bltest/tests/rsa_pss/key7
new file mode 100644
index 0000000..ef62249
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key7
@@ -0,0 +1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key8 b/nss/cmd/bltest/tests/rsa_pss/key8
new file mode 100644
index 0000000..ef62249
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key8
@@ -0,0 +1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/key9 b/nss/cmd/bltest/tests/rsa_pss/key9
new file mode 100644
index 0000000..ef62249
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/key9
@@ -0,0 +1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash0 b/nss/cmd/bltest/tests/rsa_pss/maskhash0
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash0
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash1 b/nss/cmd/bltest/tests/rsa_pss/maskhash1
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash1
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash10 b/nss/cmd/bltest/tests/rsa_pss/maskhash10
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash10
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash11 b/nss/cmd/bltest/tests/rsa_pss/maskhash11
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash11
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash12 b/nss/cmd/bltest/tests/rsa_pss/maskhash12
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash12
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash13 b/nss/cmd/bltest/tests/rsa_pss/maskhash13
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash13
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash14 b/nss/cmd/bltest/tests/rsa_pss/maskhash14
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash14
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash15 b/nss/cmd/bltest/tests/rsa_pss/maskhash15
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash15
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash16 b/nss/cmd/bltest/tests/rsa_pss/maskhash16
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash16
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash17 b/nss/cmd/bltest/tests/rsa_pss/maskhash17
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash17
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash2 b/nss/cmd/bltest/tests/rsa_pss/maskhash2
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash2
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash3 b/nss/cmd/bltest/tests/rsa_pss/maskhash3
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash3
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash4 b/nss/cmd/bltest/tests/rsa_pss/maskhash4
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash4
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash5 b/nss/cmd/bltest/tests/rsa_pss/maskhash5
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash5
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash6 b/nss/cmd/bltest/tests/rsa_pss/maskhash6
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash6
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash7 b/nss/cmd/bltest/tests/rsa_pss/maskhash7
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash7
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash8 b/nss/cmd/bltest/tests/rsa_pss/maskhash8
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash8
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/maskhash9 b/nss/cmd/bltest/tests/rsa_pss/maskhash9
new file mode 100644
index 0000000..fcdd09c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/maskhash9
@@ -0,0 +1 @@
+sha1
diff --git a/nss/cmd/bltest/tests/rsa_pss/numtests b/nss/cmd/bltest/tests/rsa_pss/numtests
new file mode 100644
index 0000000..3c03207
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/numtests
@@ -0,0 +1 @@
+18
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext0 b/nss/cmd/bltest/tests/rsa_pss/plaintext0
new file mode 100644
index 0000000..6218384
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext0
@@ -0,0 +1 @@
+zYtlOMuOjeVmtovQZ1advx7icY4=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext1 b/nss/cmd/bltest/tests/rsa_pss/plaintext1
new file mode 100644
index 0000000..e8ce055
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext1
@@ -0,0 +1 @@
+41vvwXodFguc41+9jrFufuSR0/0=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext10 b/nss/cmd/bltest/tests/rsa_pss/plaintext10
new file mode 100644
index 0000000..e7c8e71
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext10
@@ -0,0 +1 @@
+altL5M02zJff3pmV77+PCXpKmRo=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext11 b/nss/cmd/bltest/tests/rsa_pss/plaintext11
new file mode 100644
index 0000000..6af26f1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext11
@@ -0,0 +1 @@
+ud/R33akYcUeZXbGyO0Kkj0cUOc=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext12 b/nss/cmd/bltest/tests/rsa_pss/plaintext12
new file mode 100644
index 0000000..d94dd83
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext12
@@ -0,0 +1 @@
+lZa7Ywz2qNTqRgBCK566ixNnXdQ=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext13 b/nss/cmd/bltest/tests/rsa_pss/plaintext13
new file mode 100644
index 0000000..a7998a4
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext13
@@ -0,0 +1 @@
+tQMxk5knf9bByPEDPL8EGZ6iFxY=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext14 b/nss/cmd/bltest/tests/rsa_pss/plaintext14
new file mode 100644
index 0000000..b18920b
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext14
@@ -0,0 +1 @@
+UKrt6FNrLDByCLJ1pnri3xlsdig=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext15 b/nss/cmd/bltest/tests/rsa_pss/plaintext15
new file mode 100644
index 0000000..407ec5c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext15
@@ -0,0 +1 @@
+qgtyuLNx3dEMiuR0QlzMz4hCopQ=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext16 b/nss/cmd/bltest/tests/rsa_pss/plaintext16
new file mode 100644
index 0000000..c10bd8d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext16
@@ -0,0 +1 @@
++tOQLJdQYiorxnJiLEgnDMV9Pqg=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext17 b/nss/cmd/bltest/tests/rsa_pss/plaintext17
new file mode 100644
index 0000000..cf9856c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext17
@@ -0,0 +1 @@
+EiGW3rXRIr2Mb8eB/2kk18aVqt4=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext2 b/nss/cmd/bltest/tests/rsa_pss/plaintext2
new file mode 100644
index 0000000..3b390ec
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext2
@@ -0,0 +1 @@
+BlLsZ7zuMPnSaZEiuRwZq9uon5E=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext3 b/nss/cmd/bltest/tests/rsa_pss/plaintext3
new file mode 100644
index 0000000..36da06a
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext3
@@ -0,0 +1 @@
+OcIcTM7anBrfg5x0ThISpkN1dew=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext4 b/nss/cmd/bltest/tests/rsa_pss/plaintext4
new file mode 100644
index 0000000..c8d7ff2
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext4
@@ -0,0 +1 @@
+NtrpE7d70XyubnsJRT0kVEzrszw=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext5 b/nss/cmd/bltest/tests/rsa_pss/plaintext5
new file mode 100644
index 0000000..fb0a775
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext5
@@ -0,0 +1 @@
+Re7xkfT3nDH+XS7eflCYmU6SnS0=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext6 b/nss/cmd/bltest/tests/rsa_pss/plaintext6
new file mode 100644
index 0000000..05de2c2
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext6
@@ -0,0 +1 @@
+JxWkm4sAEs167oTBFkRubf4/rsA=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext7 b/nss/cmd/bltest/tests/rsa_pss/plaintext7
new file mode 100644
index 0000000..b0b0660
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext7
@@ -0,0 +1 @@
+LayVbVOWR0isNk0GWVgnxrTxQ80=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext8 b/nss/cmd/bltest/tests/rsa_pss/plaintext8
new file mode 100644
index 0000000..dc97a9c
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext8
@@ -0,0 +1 @@
+KNmMRszK+9O8BOcvlnpUvT6hIpg=
diff --git a/nss/cmd/bltest/tests/rsa_pss/plaintext9 b/nss/cmd/bltest/tests/rsa_pss/plaintext9
new file mode 100644
index 0000000..cd9c072
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/plaintext9
@@ -0,0 +1 @@
+CGbS/1p58l72aM1vMbQt7kIeTA4=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed0 b/nss/cmd/bltest/tests/rsa_pss/seed0
new file mode 100644
index 0000000..2e26315
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed0
@@ -0,0 +1 @@
+3ulZx+BkETYUIP+AGF7Vfz5ndq8=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed1 b/nss/cmd/bltest/tests/rsa_pss/seed1
new file mode 100644
index 0000000..26e4788
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed1
@@ -0,0 +1 @@
+7yhp+kDDRssYPas9e//Jj9Vt9C0=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed10 b/nss/cmd/bltest/tests/rsa_pss/seed10
new file mode 100644
index 0000000..8418bb7
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed10
@@ -0,0 +1 @@
+1okleobv+mghLF4MYZ7KKV+5G2c=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed11 b/nss/cmd/bltest/tests/rsa_pss/seed11
new file mode 100644
index 0000000..f582586
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed11
@@ -0,0 +1 @@
+wl8Tv2fQgWcaBIGh8YINYTu6InY=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed12 b/nss/cmd/bltest/tests/rsa_pss/seed12
new file mode 100644
index 0000000..59469f9
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed12
@@ -0,0 +1 @@
+BOIV7m/5NLnacNdzDIc0q/zs3ok=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed13 b/nss/cmd/bltest/tests/rsa_pss/seed13
new file mode 100644
index 0000000..402552f
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed13
@@ -0,0 +1 @@
+iyvdS0D69UXHeN35vBpJy1f5txs=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed14 b/nss/cmd/bltest/tests/rsa_pss/seed14
new file mode 100644
index 0000000..d840fd5
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed14
@@ -0,0 +1 @@
+Tpb8GzmPkrRGcQEMDcPv1uIMLXM=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed15 b/nss/cmd/bltest/tests/rsa_pss/seed15
new file mode 100644
index 0000000..2edca8b
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed15
@@ -0,0 +1 @@
+x81pjYS2USjYg146ix6w4By1Qew=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed16 b/nss/cmd/bltest/tests/rsa_pss/seed16
new file mode 100644
index 0000000..80e23fb
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed16
@@ -0,0 +1 @@
+76i/+WISsvSj83GhDVdBUmVfXfs=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed17 b/nss/cmd/bltest/tests/rsa_pss/seed17
new file mode 100644
index 0000000..2e7a00d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed17
@@ -0,0 +1 @@
+rYsVI3A2RiJLZgtVCIWRfKLR3yg=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed2 b/nss/cmd/bltest/tests/rsa_pss/seed2
new file mode 100644
index 0000000..4df6784
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed2
@@ -0,0 +1 @@
+cQucR0fYANTeh/Eq/c5t8YEHzHc=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed3 b/nss/cmd/bltest/tests/rsa_pss/seed3
new file mode 100644
index 0000000..d58108d
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed3
@@ -0,0 +1 @@
+BW8AmF3hTY71zqnoL4wnvvcgM14=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed4 b/nss/cmd/bltest/tests/rsa_pss/seed4
new file mode 100644
index 0000000..7d366c1
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed4
@@ -0,0 +1 @@
+gOcP+GoI3j7GCXKzm0+/3Opnro4=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed5 b/nss/cmd/bltest/tests/rsa_pss/seed5
new file mode 100644
index 0000000..a2da928
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed5
@@ -0,0 +1 @@
+qKtp3YAfAHTCofxgZJg2xhbZloE=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed6 b/nss/cmd/bltest/tests/rsa_pss/seed6
new file mode 100644
index 0000000..6dcd0e5
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed6
@@ -0,0 +1 @@
+wKQlMT3411ZL0kNNMRUj1SV+7YA=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed7 b/nss/cmd/bltest/tests/rsa_pss/seed7
new file mode 100644
index 0000000..0b6e3f3
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed7
@@ -0,0 +1 @@
+swfEO0hQqNrC8V8y43g574xcDpE=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed8 b/nss/cmd/bltest/tests/rsa_pss/seed8
new file mode 100644
index 0000000..b1b34b4
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed8
@@ -0,0 +1 @@
+misAfoCXi7sZLDVOt9qa7fx02/U=
diff --git a/nss/cmd/bltest/tests/rsa_pss/seed9 b/nss/cmd/bltest/tests/rsa_pss/seed9
new file mode 100644
index 0000000..d18d81a
--- /dev/null
+++ b/nss/cmd/bltest/tests/rsa_pss/seed9
@@ -0,0 +1 @@
+cPOCvd9NXS3YizvHtzCL5jK4QEU=
diff --git a/nss/cmd/bltest/tests/seed_cbc/ciphertext0 b/nss/cmd/bltest/tests/seed_cbc/ciphertext0
new file mode 100644
index 0000000..97e970e
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_cbc/ciphertext0
@@ -0,0 +1 @@
+JVdzim3if1YIcpGABasoCQ==
diff --git a/nss/cmd/bltest/tests/seed_cbc/iv0 b/nss/cmd/bltest/tests/seed_cbc/iv0
new file mode 100644
index 0000000..2b3b076
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_cbc/iv0
@@ -0,0 +1 @@
+1234567890123456
diff --git a/nss/cmd/bltest/tests/seed_cbc/key0 b/nss/cmd/bltest/tests/seed_cbc/key0
new file mode 100644
index 0000000..13911cc
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_cbc/key0
@@ -0,0 +1 @@
+fedcba9876543210
diff --git a/nss/cmd/bltest/tests/seed_cbc/numtests b/nss/cmd/bltest/tests/seed_cbc/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_cbc/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/seed_cbc/plaintext0 b/nss/cmd/bltest/tests/seed_cbc/plaintext0
new file mode 100644
index 0000000..8d6a8d5
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_cbc/plaintext0
@@ -0,0 +1 @@
+0123456789abcdef
diff --git a/nss/cmd/bltest/tests/seed_ecb/ciphertext0 b/nss/cmd/bltest/tests/seed_ecb/ciphertext0
new file mode 100644
index 0000000..314ffbd
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_ecb/ciphertext0
@@ -0,0 +1 @@
+GX8KY3uUhAQnL6XbQhXjEw==
diff --git a/nss/cmd/bltest/tests/seed_ecb/iv0 b/nss/cmd/bltest/tests/seed_ecb/iv0
new file mode 100644
index 0000000..2b3b076
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_ecb/iv0
@@ -0,0 +1 @@
+1234567890123456
diff --git a/nss/cmd/bltest/tests/seed_ecb/key0 b/nss/cmd/bltest/tests/seed_ecb/key0
new file mode 100644
index 0000000..13911cc
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_ecb/key0
@@ -0,0 +1 @@
+fedcba9876543210
diff --git a/nss/cmd/bltest/tests/seed_ecb/numtests b/nss/cmd/bltest/tests/seed_ecb/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_ecb/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/seed_ecb/plaintext0 b/nss/cmd/bltest/tests/seed_ecb/plaintext0
new file mode 100644
index 0000000..8d6a8d5
--- /dev/null
+++ b/nss/cmd/bltest/tests/seed_ecb/plaintext0
@@ -0,0 +1 @@
+0123456789abcdef
diff --git a/nss/cmd/bltest/tests/sha1/ciphertext0 b/nss/cmd/bltest/tests/sha1/ciphertext0
new file mode 100644
index 0000000..1fe4bd2
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha1/ciphertext0
@@ -0,0 +1 @@
+cDSMAygXMPIJZC5bntZ4ZhecQ9g=
diff --git a/nss/cmd/bltest/tests/sha1/numtests b/nss/cmd/bltest/tests/sha1/numtests
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha1/numtests
@@ -0,0 +1 @@
+1
diff --git a/nss/cmd/bltest/tests/sha1/plaintext0 b/nss/cmd/bltest/tests/sha1/plaintext0
new file mode 100644
index 0000000..863e79c
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha1/plaintext0
@@ -0,0 +1 @@
+A cage went in search of a bird.
diff --git a/nss/cmd/bltest/tests/sha224/ciphertext0 b/nss/cmd/bltest/tests/sha224/ciphertext0
new file mode 100644
index 0000000..dfc3d27
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha224/ciphertext0
@@ -0,0 +1,2 @@
+Iwl9IjQF2CKGQqR3vaJVsyqtvOS9oLP342ydpw==
+
diff --git a/nss/cmd/bltest/tests/sha224/ciphertext1 b/nss/cmd/bltest/tests/sha224/ciphertext1
new file mode 100644
index 0000000..bef4714
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha224/ciphertext1
@@ -0,0 +1,2 @@
+dTiLFlEndsxdul2h/YkBULDGRVy09YsZUlIlJQ==
+
diff --git a/nss/cmd/bltest/tests/sha224/numtests b/nss/cmd/bltest/tests/sha224/numtests
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha224/numtests
@@ -0,0 +1 @@
+2
diff --git a/nss/cmd/bltest/tests/sha224/plaintext0 b/nss/cmd/bltest/tests/sha224/plaintext0
new file mode 100644
index 0000000..8baef1b
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha224/plaintext0
@@ -0,0 +1 @@
+abc
diff --git a/nss/cmd/bltest/tests/sha224/plaintext1 b/nss/cmd/bltest/tests/sha224/plaintext1
new file mode 100644
index 0000000..afb5dce
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha224/plaintext1
@@ -0,0 +1 @@
+abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
diff --git a/nss/cmd/bltest/tests/sha256/ciphertext0 b/nss/cmd/bltest/tests/sha256/ciphertext0
new file mode 100644
index 0000000..07e2ff1
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha256/ciphertext0
@@ -0,0 +1 @@
+ungWv48Bz+pBQUDeXa4iI7ADYaOWF3qctBD/YfIAFa0=
diff --git a/nss/cmd/bltest/tests/sha256/ciphertext1 b/nss/cmd/bltest/tests/sha256/ciphertext1
new file mode 100644
index 0000000..2ab6e1d
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha256/ciphertext1
@@ -0,0 +1 @@
+JI1qYdIGOLjlwCaTDD5gOaM85Flk/yFn9uzt1BnbBsE=
diff --git a/nss/cmd/bltest/tests/sha256/numtests b/nss/cmd/bltest/tests/sha256/numtests
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha256/numtests
@@ -0,0 +1 @@
+2
diff --git a/nss/cmd/bltest/tests/sha256/plaintext0 b/nss/cmd/bltest/tests/sha256/plaintext0
new file mode 100644
index 0000000..8baef1b
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha256/plaintext0
@@ -0,0 +1 @@
+abc
diff --git a/nss/cmd/bltest/tests/sha256/plaintext1 b/nss/cmd/bltest/tests/sha256/plaintext1
new file mode 100644
index 0000000..afb5dce
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha256/plaintext1
@@ -0,0 +1 @@
+abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
diff --git a/nss/cmd/bltest/tests/sha384/ciphertext0 b/nss/cmd/bltest/tests/sha384/ciphertext0
new file mode 100644
index 0000000..c94f91e
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha384/ciphertext0
@@ -0,0 +1 @@
+ywB1P0WjXou1oD1pmsZQBycsMqsO3tFjGotgWkP/W+2AhgcroefMI1i67KE0yCWn
diff --git a/nss/cmd/bltest/tests/sha384/ciphertext1 b/nss/cmd/bltest/tests/sha384/ciphertext1
new file mode 100644
index 0000000..833f06d
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha384/ciphertext1
@@ -0,0 +1 @@
+CTMMM/cRR+g9GS/Hgs0bR1MRGxc7OwXSL6CAhuOw9xL8x8caVX4tuWbD6fqRdGA5
diff --git a/nss/cmd/bltest/tests/sha384/numtests b/nss/cmd/bltest/tests/sha384/numtests
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha384/numtests
@@ -0,0 +1 @@
+2
diff --git a/nss/cmd/bltest/tests/sha384/plaintext0 b/nss/cmd/bltest/tests/sha384/plaintext0
new file mode 100644
index 0000000..8baef1b
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha384/plaintext0
@@ -0,0 +1 @@
+abc
diff --git a/nss/cmd/bltest/tests/sha384/plaintext1 b/nss/cmd/bltest/tests/sha384/plaintext1
new file mode 100644
index 0000000..94fcc2b
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha384/plaintext1
@@ -0,0 +1 @@
+abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
diff --git a/nss/cmd/bltest/tests/sha512/ciphertext0 b/nss/cmd/bltest/tests/sha512/ciphertext0
new file mode 100644
index 0000000..8b626e2
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha512/ciphertext0
@@ -0,0 +1,2 @@
+3a81oZNherrMQXNJriBBMRLm+k6JqX6iCp7u5ktV05ohkpkqJ0/BqDa6PCOj/uu9
+RU1EI2Q86A4qmslPpUyknw==
diff --git a/nss/cmd/bltest/tests/sha512/ciphertext1 b/nss/cmd/bltest/tests/sha512/ciphertext1
new file mode 100644
index 0000000..c02d175
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha512/ciphertext1
@@ -0,0 +1,2 @@
+jpWbddrjE9qM9PcoFPwUP493ecbrn3+hcpmurbaIkBhQHSieSQD35DMbmd7EtUM6
+x9Mp7rbdJlReluVbh0vpCQ==
diff --git a/nss/cmd/bltest/tests/sha512/numtests b/nss/cmd/bltest/tests/sha512/numtests
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha512/numtests
@@ -0,0 +1 @@
+2
diff --git a/nss/cmd/bltest/tests/sha512/plaintext0 b/nss/cmd/bltest/tests/sha512/plaintext0
new file mode 100644
index 0000000..8baef1b
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha512/plaintext0
@@ -0,0 +1 @@
+abc
diff --git a/nss/cmd/bltest/tests/sha512/plaintext1 b/nss/cmd/bltest/tests/sha512/plaintext1
new file mode 100644
index 0000000..94fcc2b
--- /dev/null
+++ b/nss/cmd/bltest/tests/sha512/plaintext1
@@ -0,0 +1 @@
+abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
diff --git a/nss/cmd/btoa/Makefile b/nss/cmd/btoa/Makefile
new file mode 100644
index 0000000..f3b23fd
--- /dev/null
+++ b/nss/cmd/btoa/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/btoa/btoa.c b/nss/cmd/btoa/btoa.c
new file mode 100644
index 0000000..2a5e6d4
--- /dev/null
+++ b/nss/cmd/btoa/btoa.c
@@ -0,0 +1,203 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plgetopt.h"
+#include "secutil.h"
+#include "nssb64.h"
+#include <errno.h>
+
+#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
+#if !defined(WIN32)
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+#endif
+
+#if defined(WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+static PRInt32
+output_ascii(void *arg, const char *obuf, PRInt32 size)
+{
+    FILE *outFile = arg;
+    int nb;
+
+    nb = fwrite(obuf, 1, size, outFile);
+    if (nb != size) {
+        PORT_SetError(SEC_ERROR_IO);
+        return -1;
+    }
+
+    return nb;
+}
+
+static SECStatus
+encode_file(FILE *outFile, FILE *inFile)
+{
+    NSSBase64Encoder *cx;
+    int nb;
+    SECStatus status = SECFailure;
+    unsigned char ibuf[4096];
+
+    cx = NSSBase64Encoder_Create(output_ascii, outFile);
+    if (!cx) {
+        return -1;
+    }
+
+    for (;;) {
+        if (feof(inFile))
+            break;
+        nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+        if (nb != sizeof(ibuf)) {
+            if (nb == 0) {
+                if (ferror(inFile)) {
+                    PORT_SetError(SEC_ERROR_IO);
+                    goto loser;
+                }
+                /* eof */
+                break;
+            }
+        }
+
+        status = NSSBase64Encoder_Update(cx, ibuf, nb);
+        if (status != SECSuccess)
+            goto loser;
+    }
+
+    status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
+    if (status != SECSuccess)
+        return status;
+
+    /*
+     * Add a trailing CRLF.  Note this must be done *after* the call
+     * to Destroy above (because only then are we sure all data has
+     * been written out).
+     */
+    fwrite("\r\n", 1, 2, outFile);
+    return SECSuccess;
+
+loser:
+    (void)NSSBase64Encoder_Destroy(cx, PR_TRUE);
+    return status;
+}
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage: %s [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    fprintf(stderr, "%-20s Wrap output in BEGIN/END lines and the given suffix\n",
+            "-w suffix");
+    fprintf(stderr, "%-20s (use \"c\" as a shortcut for suffix CERTIFICATE)\n",
+            "");
+    exit(-1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    SECStatus rv;
+    FILE *inFile, *outFile;
+    PLOptState *optstate;
+    PLOptStatus status;
+    char *suffix = NULL;
+
+    inFile = 0;
+    outFile = 0;
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    /* Parse command line arguments */
+    optstate = PL_CreateOptState(argc, argv, "i:o:w:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            default:
+                Usage(progName);
+                break;
+
+            case 'i':
+                inFile = fopen(optstate->value, "rb");
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'w':
+                if (!strcmp(optstate->value, "c"))
+                    suffix = strdup("CERTIFICATE");
+                else
+                    suffix = strdup(optstate->value);
+                break;
+        }
+    }
+    if (status == PL_OPT_BAD)
+        Usage(progName);
+    if (!inFile) {
+#if defined(WIN32)
+        /* If we're going to read binary data from stdin, we must put stdin
+        ** into O_BINARY mode or else incoming \r\n's will become \n's.
+        */
+
+        int smrv = _setmode(_fileno(stdin), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+                    progName);
+            return smrv;
+        }
+#endif
+        inFile = stdin;
+    }
+    if (!outFile) {
+#if defined(WIN32)
+        /* We're going to write binary data to stdout. We must put stdout
+        ** into O_BINARY mode or else outgoing \r\n's will become \r\r\n's.
+        */
+
+        int smrv = _setmode(_fileno(stdout), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+                    progName);
+            return smrv;
+        }
+#endif
+        outFile = stdout;
+    }
+    if (suffix) {
+        fprintf(outFile, "-----BEGIN %s-----\n", suffix);
+    }
+    rv = encode_file(outFile, inFile);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+                progName, PORT_GetError(), errno);
+        return -1;
+    }
+    if (suffix) {
+        fprintf(outFile, "-----END %s-----\n", suffix);
+    }
+    return 0;
+}
diff --git a/nss/cmd/btoa/btoa.gyp b/nss/cmd/btoa/btoa.gyp
new file mode 100644
index 0000000..295d575
--- /dev/null
+++ b/nss/cmd/btoa/btoa.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'btoa',
+      'type': 'executable',
+      'sources': [
+        'btoa.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/btoa/manifest.mn b/nss/cmd/btoa/manifest.mn
new file mode 100644
index 0000000..52508a5
--- /dev/null
+++ b/nss/cmd/btoa/manifest.mn
@@ -0,0 +1,21 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# MODULE is implicitly REQUIRED, doesn't need to be listed below.
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = btoa.c
+
+PROGRAM	= btoa
+
diff --git a/nss/cmd/certcgi/HOWTO.txt b/nss/cmd/certcgi/HOWTO.txt
new file mode 100644
index 0000000..54edf8e
--- /dev/null
+++ b/nss/cmd/certcgi/HOWTO.txt
@@ -0,0 +1,137 @@
+        How to setup your very own Cert-O-Matic Root CA server
+
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+        How to setup your very own Cert-O-Matic Root CA server
+
+The program certcgi is part of a small test CA that is used inside 
+Netscape by the NSS development team.  That CA is affectionately known
+as "Cert-O-Matic" or "Cert-O-Matic II".  It presently runs on a server
+named interzone.mcom.com inside Netscape's firewall.
+
+If you wish to setup your own Cert-O-Matic, here are directions.
+
+Disclaimer:  This program does not follow good practices for root CAs.
+It should be used only for playing/testing and never for production use.
+Remember, you've been warned!
+
+Cert-O-Matic consists of some html files, shell scripts, one executable
+program that uses NSS and NSPR, the usual set of NSS .db files, and a file
+in which to remember the serial number of the last cert issued.  The 
+html files and the source to the executable program are in this directory.
+Sample shell scripts are shown below.  
+
+The shell scripts and executable program run as CGI "scripts".  The
+entire thing runs on an ordinary http web server.  It would also run on
+an https web server.  The shell scripts and html files must be
+customized for the server on which they run.
+
+The package assumes you have a "document root" directory $DOCROOT, and a
+"cgi-bin" directory $CGIBIN.  In this example, the document root is
+assumed to be located in /var/www/htdocs, and the cgi-bin directory in
+/var/www/cgi-bin.
+
+The server is assumed to run all cgi scripts as the user "nobody".
+The names of the cgi scripts run directly by the server all end in .cgi
+because some servers like it that way.
+
+Instructions:
+
+- Create directory $DOCROOT/certomatic
+- Copy the following files from nss/cmd/certcgi to $DOCROOT/certomatic
+        ca.html index.html main.html nscp_ext_form.html stnd_ext_form.html
+- Edit the html files, substituting the name of your own server for the
+  server named in those files.
+- In some web page (e.g. your server's home page), provide an html link to
+  $DOCROOT/certomatic/index.html. This is where users start to get their
+  own certs from certomatic.
+- give these files and directories appropriate permissions.
+
+- Create directories $CGIBIN/certomatic and $CGIBIN/certomatic/bin
+  make sure that $CGIBIN/certomatic is writable by "nobody"
+
+- Create a new set of NSS db files there with the following command:
+
+        certutil -N -d $CGIBIN/certomatic
+
+- when certutil prompts you for the password, enter the word foo
+  because that is compiled into the certcgi program.
+
+- Create the new Root CA cert with this command
+
+        certutil -S -x -d $CGIBIN/certomatic -n "Cert-O-Matic II" \
+        -s "CN=Cert-O-Matic II, O=Cert-O-Matic II" -t TCu,cu,cu -k rsa \
+        -g 1024 -m 10001 -v 60
+
+  (adjust the -g, -m and -v parameters to taste.  -s and -x must be as
+shown.)
+
+- dump out the new root CA cert in base64 encoding:
+
+        certutil -d $CGIBIN/certomatic -L -n "Cert-O-Matic II" -a > \
+          $CGIBIN/certomatic/root.cacert
+
+- In $CGIBIN/certomatic/bin add two shell scripts - one to download the
+  root CA cert on demand, and one to run the certcgi program.
+
+download.cgi, the script to install the root CA cert into a browser on
+demand, is this:
+
+#!/bin/sh
+echo "Content-type: application/x-x509-ca-cert"
+echo
+cat $CGIBIN/certomatic/root.cacert
+
+You'll have to put the real path into that cat command because CGIBIN
+won't be defined when this script is run by the server.
+
+certcgi.cgi, the script to run the certcgi program is similar to this:
+
+#!/bin/sh
+cd $CGIBIN/certomatic/bin
+LD_LIBRARY_PATH=$PLATFORM/lib
+export LD_LIBRARY_PATH
+$PLATFORM/bin/certcgi $* 2>&1
+
+Where $PLATFORM/lib is where the NSPR nad NSS DSOs are located, and
+$PLATFORM/bin is where certcgi is located.  PLATFORM is not defined when 
+the server runs this script, so you'll have to substitute the right value 
+in your script.  certcgi requires that the working directory be one level 
+below the NSS DBs, that is, the DBs are accessed in the directory "..".
+
+You'll want to provide an html link somewhere to the script that downloads
+the root.cacert file.  You'll probably want to put that next to the link
+that loads the index.html page.  On interzone, this is done with the 
+following html:
+
+<a href="/certomatic/index.html">Cert-O-Matic II Root CA server</a>
+<p>
+<a href="/cgi-bin/certomatic/bin/download.cgi">Download and trust Root CA
+certificate</a>
+
+The index.html file in this directory invokes the certcgi.cgi script with 
+the form post method, so if you change the name of the certcgi.cgi script, 
+you'll also have to change the index.html file in $DOCROOT/certomatic
+
+The 4 files used by the certcgi program (the 3 NSS DBs, and the serial
+number file) are not required to live in $CGIBIN/certomatic, but they are
+required to live in $CWD/.. when certcgi starts.
+
+Known bugs:
+
+1. Because multiple of these CAs exist simultaneously, it would be best if 
+they didn't all have to be called "Cert-O-Matic II", but that string is 
+presently hard coded into certcgi.c.
+
+2. the html files in this directory contain numerous extraneous <FORM> tags
+which appear to use the post method and have action URLS that are never
+actually used.  burp.cgi and echoform.cgi are never actually used.  This
+should be cleaned up.
+
+3. The html files use <layer> tags which are supported only in Netscape 
+Navigator and Netscape Communication 4.x browsers.  The html files do 
+not work as intended with Netscape 6.x, Mozilla or Microsoft IE browsers.
+The html files should be fixed to work with all those named browsers.
+
diff --git a/nss/cmd/certcgi/Makefile b/nss/cmd/certcgi/Makefile
new file mode 100644
index 0000000..c2039d8
--- /dev/null
+++ b/nss/cmd/certcgi/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/certcgi/ca.html b/nss/cmd/certcgi/ca.html
new file mode 100644
index 0000000..3f3f086
--- /dev/null
+++ b/nss/cmd/certcgi/ca.html
@@ -0,0 +1,19 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<form method="post" name="ca_form" action="mailto:jerdonek@netscape.com">
+<input type="radio" name="caChoiceradio" value="SignWithDefaultkey" 
+    onClick="{parent.choice_change(this.form)}"> 
+    Use the Cert-O-matic certificate to issue the cert</p>
+<input type="radio" name="caChoiceradio" value="SignWithRandomChain" 
+    onClick="{parent.choice_change(this.form)}"> Use a 
+    <input type="text" size="2" maxsize="2" name="autoCAs"> CA long 
+    automatically generated chain ending with the Cert-O-Matic Cert 
+    (18 maximum)</p>
+<input type="radio" name="caChoiceradio" value="SignWithSpecifiedChain" 
+    onClick="{parent.choice_change(this.form)}"> Use a 
+    <input type="text" size="1" maxlength="1" name="manCAs" 
+    onChange="{parent.ca_num_change(this.value,this.form)}"> CA long 
+    user input chain ending in the Cert-O-Matic Cert.</p>
+</form>
diff --git a/nss/cmd/certcgi/ca_form.html b/nss/cmd/certcgi/ca_form.html
new file mode 100644
index 0000000..452996b
--- /dev/null
+++ b/nss/cmd/certcgi/ca_form.html
@@ -0,0 +1,357 @@
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+    <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi">
+    <table border=0 cellspacing=10 cellpadding=0>
+    <tr>
+    <td>
+    Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p>
+    </td>
+    <td></td><td></td><td>
+    Mail: </td><td><input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}"></p>
+    RFC 1274<input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">
+    e-mail<input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)"></td>
+    <tr>
+    <td>
+    Organization: </td><td>  <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td>
+    <td></td><td></td><td>
+    Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td>
+    <tr>
+    <td>
+    RFC 1274 UID: </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td>
+    <td></td><td></td><td>
+    Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td>
+    <tr>
+    <td>
+    State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td>
+    <td></td><td></td><td>
+    Country: </td><td><input type="text" size="2" maxsize="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}"></p></td>
+    </table>
+    <table border=0 cellspacing=10 cellpadding=0>
+    <tr>
+    <td>
+    Serial Number:</p>
+    <DD>
+    <input type="radio" name="serial" value="auto" checked> Auto Generate</P>
+    <DD>
+    <input type="radio" name="serial" value="input">
+    Use this value: <input type="text" name="serial_value" size="8" maxlength="8"></p>
+    </td>
+    <td></td><td></td><td></td><td></td>
+    <td>
+    X.509 version:</p>
+    <DD>
+    <input type="radio" name="ver" value="1" checked> Version 1</p>
+    <DD>
+    <input type="radio" name="ver" value="3"> Version 3</P></td>
+    <td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td><td></td>
+    <td>
+    Key Type:</p>
+    <DD>
+    <input type="radio" name="keyType" value="rsa" checked> RSA</p>
+    <DD>
+    <input type="radio" name="keyType" value="dsa"> DSA</P></td>
+    </table>
+    DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P>
+    <Select name="keysize">
+        <option>1024 (High Grade)
+        <option>768 (Medium Grade)
+        <option>512 (Low Grade)
+    </select> 
+    </p>
+  <hr>
+    </p>
+    <table  border=1 cellspacing=5 cellpadding=5>
+    <tr>
+    <td>
+    <b>Netscape Certificate Type: </b></p>
+    Activate extension: <input type="checkbox" name="netscape-cert-type"></P>
+    Critical: <input type="checkbox" name="netscape-cert-type-crit">
+    <td>
+    <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P>
+    <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P>
+    <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P>
+    <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P>    
+    <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P>
+    <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P>
+    <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P>
+    <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P>
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape Base URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-base-url"></P>
+    Critical: <input type="checkbox" name="netscape-base-url-crit">
+    <td>
+    <input type="text" name="netscape-base-url-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape Revocation URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-revocation-url"></P>
+    Critical: <input type="checkbox" name="netscape-revocation-url-crit">
+    <td>
+    <input type="text" name="netscape-revocation-url-text" size="50">
+    </tr>
+    <tr>
+    <td>    
+    <b>Netscape CA Revocation URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P>
+    Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit">
+    <td>
+    <input type="text" name="netscape-ca-revocation-url-text" size="50">
+    </tr>
+    <tr>
+    <td>    
+    <b>Netscape Certificate Renewal URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P>
+    Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit">
+    <td>
+    <input type="text" name="netscape-cert-renewal-url-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape CA Policy URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P>
+    Critical: <input type="checkbox" name="netscape-ca-policy-url-crit">
+    <td>
+    <input type="text" name="netscape-ca-policy-url-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape SSL Server Name:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P>
+    Critical: <input type="checkbox" name="netscape-ssl-server-name-crit">
+    <td>
+    <input type="text" name="netscape-ssl-server-name-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape Comment:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-comment"></P>
+    Critical: <input type="checkbox" name="netscape-comment-crit">
+    <td>
+    <textarea name="netscape-comment-text" rows="5" cols="50"></textarea>
+    </tr>
+    </table>
+    </p>
+  <hr>
+    </p>
+    <table  border=1 cellspacing=5 cellpadding=5>
+    <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi">
+    <tr>
+    <td>
+    <b>Key Usage: </b></p>
+    Activate extension: <input type="checkbox" name="keyUsage"></P>
+    Critical: <input type="checkbox" name="keyUsage-crit">
+    <td>
+    <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P>
+    <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P>    
+    <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P>    
+    <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P>
+    <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P>
+    <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P>
+    <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P>
+    </tr>
+    <tr>
+    <td>
+    <b>Extended Key Usage: </b></p>
+    Activate extension: <input type="checkbox" name="extKeyUsage"></P>
+    Critical: <input type="checkbox" name="extKeyUsage-crit">
+    <td>
+    <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P>
+    <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P>
+    <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P>
+    <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P>
+    <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
+    <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
+    <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
+    <input type="checkbox" name="extKeyUsage-msTrustListSign"> Microsoft Trust List Signing</P>
+    </tr>
+    <tr>
+    <td>
+    <b>Basic Constraints:</b></p>
+    Activate extension: <input type="checkbox" name="basicConstraints"></P>
+    Critical: <input type="checkbox" name="basicConstraints-crit">
+    <td>
+    CA:</p>
+    <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p>
+    <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p>
+    <input type="checkbox" name="basicConstraints-pathLengthConstraint">
+     Include Path length:  <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p>
+    </tr>
+    <tr>
+    <td>
+    <b>Authority Key Identifier:</b></p>
+    Activate extension: <input type="checkbox" name="authorityKeyIdentifier">
+    <td>
+    <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p>
+    <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p>
+    </tr>
+    <tr>
+    <td>    
+    <b>Subject Key Identifier:</b></p>
+    Activate extension: <input type="checkbox" name="subjectKeyIdentifier">
+    <td>
+    Key Identifier: 
+    <input type="text" name="subjectKeyIdentifier-text"></p>
+    This is an:<p>
+    <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p>
+    <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p>
+    </tr>
+    <tr>
+    <td>    
+    <b>Private Key Usage Period:</b></p>
+    Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p>
+    Critical: <input type="checkbox" name="privKeyUsagePeriod-crit">
+    <td>
+    Use:</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p>
+    <b>Not to be used to sign before:</b></p>
+    <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p>
+    <dd><dd>(YYYY/MM/DD HH:MM:SS): 
+    <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/
+    <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/
+    <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> 
+    <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p>
+    <b>Not to be used to sign after:</b></p>
+    <dd>(YYYY/MM/DD HH:MM:SS): 
+    <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/
+    <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/
+    <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> 
+    <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p>
+    </tr>
+    <tr>
+    <td>
+    <b>Subject Alternative Name:</b></p>
+    Activate extension: <input type="checkbox" name="SubAltName"></P>
+    Critical: <input type="checkbox" name="SubAltName-crit">
+    <td>
+      <table>
+      <tr>
+      <td>
+      General Names:</p>
+      <select name="SubAltNameSelect" multiple size="10">
+      </select></p></p>
+      <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}">
+      <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)">
+      </td><td>
+        <table><tr><td>
+        Name Type: </td></tr><tr><td>
+        <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, 
+        OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td>
+        <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td>
+        <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td>
+        <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td>
+        <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td>
+	<input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr>
+        </table>
+      Name: <input type="text" name="SubAltNameText">
+        Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p>
+      </tr>
+      </table>
+    </tr>
+
+
+    <tr>
+    <td>
+    <b>Issuer Alternative Name:</b></p>
+    Activate extension: <input type="checkbox" name="IssuerAltName"></P>
+    Critical: <input type="checkbox" name="IssuerAltName-crit">
+    <td>
+      <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p>
+      <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name:
+      <table>
+      <tr>
+      <td>
+      General Names:</p>
+      <select name="IssuerAltNameSelect" multiple size="10">
+      </select></p></p>
+      <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}">
+      <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)">
+      </td><td>
+        <table><tr><td>
+        Name Type: </td></tr><tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, 
+        OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr>
+        </table>
+      Name: <input type="text" name="IssuerAltNameText"> 
+        Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p>
+      </tr>
+      </table>
+    </tr>
+
+    <tr>
+    <td>
+    <b>Name Constraints:</b></p>
+    Activate extension: <input type="checkbox" name="NameConstraints"></P>
+    <td>
+      <table>
+      <tr>
+      <td>
+      Name Constraints:</p>
+
+
+      <select name="NameConstraintSelect" multiple size="10">
+      </select></p></p>
+      <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}">
+      <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)">
+      </td><td>
+        <table><tr><td>
+        Name Type: </td></tr><tr><td>
+        <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name,
+        OID: <input type="text" name="NameConstraintOtherNameOID" size="6">  </td><td>
+        <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td>
+        <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td>
+        <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td>
+        <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr>
+        </table>
+      Name: <input type="text" name="NameConstraintText">
+        Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p>
+      Constraint type:<p>
+      <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p>
+      <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p>
+      Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p>
+      Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p>
+
+
+
+      </tr>
+      </table>
+    </tr>
+    </table>
+    </form>
+
+
+
+
+
+
+
+
+
+
diff --git a/nss/cmd/certcgi/certcgi.c b/nss/cmd/certcgi/certcgi.c
new file mode 100644
index 0000000..35409e2
--- /dev/null
+++ b/nss/cmd/certcgi/certcgi.c
@@ -0,0 +1,2246 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Cert-O-Matic CGI */
+
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+
+#include "pk11func.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "secder.h"
+#include "genname.h"
+#include "xconst.h"
+#include "secutil.h"
+#include "pk11pqg.h"
+#include "certxutl.h"
+#include "nss.h"
+
+/* #define TEST           1 */
+/* #define FILEOUT        1 */
+/* #define OFFLINE        1 */
+#define START_FIELDS 100
+#define PREFIX_LEN 6
+#define SERIAL_FILE "../serial"
+#define DB_DIRECTORY ".."
+
+static char *progName;
+
+typedef struct PairStr Pair;
+
+struct PairStr {
+    char *name;
+    char *data;
+};
+
+char prefix[PREFIX_LEN];
+
+const SEC_ASN1Template CERTIA5TypeTemplate[] = {
+    { SEC_ASN1_IA5_STRING }
+};
+
+SECKEYPrivateKey *privkeys[9] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+                                  NULL, NULL };
+
+#ifdef notdef
+const SEC_ASN1Template CERT_GeneralNameTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
+};
+#endif
+
+static void
+error_out(char *error_string)
+{
+    printf("Content-type: text/plain\n\n");
+    printf("%s", error_string);
+    fflush(stderr);
+    fflush(stdout);
+    exit(1);
+}
+
+static void
+error_allocate(void)
+{
+    error_out("ERROR: Unable to allocate memory");
+}
+
+static char *
+make_copy_string(char *read_pos,
+                 int length,
+                 char sentinal_value)
+/* copys string from to a new string it creates and
+       returns a pointer to the new string */
+{
+    int remaining = length;
+    char *write_pos;
+    char *new;
+
+    new = write_pos = (char *)PORT_Alloc(length);
+    if (new == NULL) {
+        error_allocate();
+    }
+    while (*read_pos != sentinal_value) {
+        if (remaining == 1) {
+            remaining += length;
+            length = length * 2;
+            new = PORT_Realloc(new, length);
+            if (new == NULL) {
+                error_allocate();
+            }
+            write_pos = new + length - remaining;
+        }
+        *write_pos = *read_pos;
+        ++write_pos;
+        ++read_pos;
+        remaining = remaining - 1;
+    }
+    *write_pos = '\0';
+    return new;
+}
+
+static SECStatus
+clean_input(Pair *data)
+/* converts the non-alphanumeric characters in a form post
+       from hex codes back to characters */
+{
+    int length;
+    int hi_digit;
+    int low_digit;
+    char character;
+    char *begin_pos;
+    char *read_pos;
+    char *write_pos;
+    PRBool name = PR_TRUE;
+
+    begin_pos = data->name;
+    while (begin_pos != NULL) {
+        length = strlen(begin_pos);
+        read_pos = write_pos = begin_pos;
+        while ((read_pos - begin_pos) < length) {
+            if (*read_pos == '+') {
+                *read_pos = ' ';
+            }
+            if (*read_pos == '%') {
+                hi_digit = *(read_pos + 1);
+                low_digit = *(read_pos + 2);
+                read_pos += 3;
+                if (isdigit(hi_digit)) {
+                    hi_digit = hi_digit - '0';
+                } else {
+                    hi_digit = toupper(hi_digit);
+                    if (isxdigit(hi_digit)) {
+                        hi_digit = (hi_digit - 'A') + 10;
+                    } else {
+                        error_out("ERROR: Form data incorrectly formated");
+                    }
+                }
+                if (isdigit(low_digit)) {
+                    low_digit = low_digit - '0';
+                } else {
+                    low_digit = toupper(low_digit);
+                    if ((low_digit >= 'A') && (low_digit <= 'F')) {
+                        low_digit = (low_digit - 'A') + 10;
+                    } else {
+                        error_out("ERROR: Form data incorrectly formated");
+                    }
+                }
+                character = (hi_digit << 4) | low_digit;
+                if (character != 10) {
+                    *write_pos = character;
+                    ++write_pos;
+                }
+            } else {
+                *write_pos = *read_pos;
+                ++write_pos;
+                ++read_pos;
+            }
+        }
+        *write_pos = '\0';
+        if (name == PR_TRUE) {
+            begin_pos = data->data;
+            name = PR_FALSE;
+        } else {
+            data++;
+            begin_pos = data->name;
+            name = PR_TRUE;
+        }
+    }
+    return SECSuccess;
+}
+
+static char *
+make_name(char *new_data)
+/* gets the next field name in the input string and returns
+       a pointer to a string containing a copy of it */
+{
+    int length = 20;
+    char *name;
+
+    name = make_copy_string(new_data, length, '=');
+    return name;
+}
+
+static char *
+make_data(char *new_data)
+/* gets the data for the next field in the input string
+       and returns a pointer to a string containing it */
+{
+    int length = 100;
+    char *data;
+    char *read_pos;
+
+    read_pos = new_data;
+    while (*(read_pos - 1) != '=') {
+        ++read_pos;
+    }
+    data = make_copy_string(read_pos, length, '&');
+    return data;
+}
+
+static Pair
+make_pair(char *new_data)
+/* makes a pair name/data pair from the input string */
+{
+    Pair temp;
+
+    temp.name = make_name(new_data);
+    temp.data = make_data(new_data);
+    return temp;
+}
+
+static Pair *
+make_datastruct(char *data, int len)
+/* parses the input from the form post into a data
+       structure of field name/data pairs */
+{
+    Pair *datastruct;
+    Pair *current;
+    char *curr_pos;
+    int fields = START_FIELDS;
+    int remaining = START_FIELDS;
+
+    curr_pos = data;
+    datastruct = current = (Pair *)PORT_Alloc(fields * sizeof(Pair));
+    if (datastruct == NULL) {
+        error_allocate();
+    }
+    while (curr_pos - data < len) {
+        if (remaining == 1) {
+            remaining += fields;
+            fields = fields * 2;
+            datastruct = (Pair *)PORT_Realloc(datastruct, fields *
+                                                              sizeof(Pair));
+            if (datastruct == NULL) {
+                error_allocate();
+            }
+            current = datastruct + (fields - remaining);
+        }
+        *current = make_pair(curr_pos);
+        while (*curr_pos != '&') {
+            ++curr_pos;
+        }
+        ++curr_pos;
+        ++current;
+        remaining = remaining - 1;
+    }
+    current->name = NULL;
+    return datastruct;
+}
+
+static char *
+return_name(Pair *data_struct,
+            int n)
+/* returns a pointer to the name of the nth
+       (starting from 0) item in the data structure */
+{
+    char *name;
+
+    if ((data_struct + n)->name != NULL) {
+        name = (data_struct + n)->name;
+        return name;
+    } else {
+        return NULL;
+    }
+}
+
+static char *
+return_data(Pair *data_struct, int n)
+/* returns a pointer to the data of the nth (starting from 0)
+       itme in the data structure */
+{
+    char *data;
+
+    data = (data_struct + n)->data;
+    return data;
+}
+
+static char *
+add_prefix(char *field_name)
+{
+    extern char prefix[PREFIX_LEN];
+    int i = 0;
+    char *rv;
+    char *write;
+
+    rv = write = PORT_Alloc(PORT_Strlen(prefix) + PORT_Strlen(field_name) + 1);
+    for (i = 0; i < PORT_Strlen(prefix); i++) {
+        *write = prefix[i];
+        write++;
+    }
+    *write = '\0';
+    rv = PORT_Strcat(rv, field_name);
+    return rv;
+}
+
+static char *
+find_field(Pair *data,
+           char *field_name,
+           PRBool add_pre)
+/* returns a pointer to the data of the first pair
+       thats name matches the string it is passed */
+{
+    int i = 0;
+    char *retrieved;
+    int found = 0;
+
+    if (add_pre) {
+        field_name = add_prefix(field_name);
+    }
+    while (return_name(data, i) != NULL) {
+        if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
+            retrieved = return_data(data, i);
+            found = 1;
+            break;
+        }
+        i++;
+    }
+    if (!found) {
+        retrieved = NULL;
+    }
+    return retrieved;
+}
+
+static PRBool
+find_field_bool(Pair *data,
+                char *fieldname,
+                PRBool add_pre)
+{
+    char *rv;
+
+    rv = find_field(data, fieldname, add_pre);
+
+    if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) {
+        return PR_TRUE;
+    } else {
+        return PR_FALSE;
+    }
+}
+
+static CERTCertificateRequest *
+makeCertReq(Pair *form_data,
+            int which_priv_key)
+/* makes and encodes a certrequest */
+{
+
+    PK11SlotInfo *slot;
+    CERTCertificateRequest *certReq = NULL;
+    CERTSubjectPublicKeyInfo *spki;
+    SECKEYPrivateKey *privkey = NULL;
+    SECKEYPublicKey *pubkey = NULL;
+    CERTName *name;
+    char *key;
+    extern SECKEYPrivateKey *privkeys[9];
+    int keySizeInBits;
+    char *challenge = "foo";
+    SECStatus rv = SECSuccess;
+    PQGParams *pqgParams = NULL;
+    PQGVerify *pqgVfy = NULL;
+
+    name = CERT_AsciiToName(find_field(form_data, "subject", PR_TRUE));
+    if (name == NULL) {
+        error_out("ERROR: Unable to create Subject Name");
+    }
+    key = find_field(form_data, "key", PR_TRUE);
+    if (key == NULL) {
+        switch (*find_field(form_data, "keysize", PR_TRUE)) {
+            case '0':
+                keySizeInBits = 2048;
+                break;
+            case '1':
+                keySizeInBits = 1024;
+                break;
+            case '2':
+                keySizeInBits = 512;
+                break;
+            default:
+                error_out("ERROR: Unsupported Key length selected");
+        }
+        if (find_field_bool(form_data, "keyType-dsa", PR_TRUE)) {
+            rv = PK11_PQG_ParamGen(keySizeInBits, &pqgParams, &pqgVfy);
+            if (rv != SECSuccess) {
+                error_out("ERROR: Unable to generate PQG parameters");
+            }
+            slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
+            privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN,
+                                           pqgParams, &pubkey, PR_FALSE,
+                                           PR_TRUE, NULL);
+        } else {
+            privkey = SECKEY_CreateRSAPrivateKey(keySizeInBits, &pubkey, NULL);
+        }
+        privkeys[which_priv_key] = privkey;
+        spki = SECKEY_CreateSubjectPublicKeyInfo(pubkey);
+    } else {
+        spki = SECKEY_ConvertAndDecodePublicKeyAndChallenge(key, challenge,
+                                                            NULL);
+        if (spki == NULL) {
+            error_out("ERROR: Unable to decode Public Key and Challenge String");
+        }
+    }
+    certReq = CERT_CreateCertificateRequest(name, spki, NULL);
+    if (certReq == NULL) {
+        error_out("ERROR: Unable to create Certificate Request");
+    }
+    if (pubkey != NULL) {
+        SECKEY_DestroyPublicKey(pubkey);
+    }
+    if (spki != NULL) {
+        SECKEY_DestroySubjectPublicKeyInfo(spki);
+    }
+    if (pqgParams != NULL) {
+        PK11_PQG_DestroyParams(pqgParams);
+    }
+    if (pqgVfy != NULL) {
+        PK11_PQG_DestroyVerify(pqgVfy);
+    }
+    return certReq;
+}
+
+static CERTCertificate *
+MakeV1Cert(CERTCertDBHandle *handle,
+           CERTCertificateRequest *req,
+           char *issuerNameStr,
+           PRBool selfsign,
+           int serialNumber,
+           int warpmonths,
+           Pair *data)
+{
+    CERTCertificate *issuerCert = NULL;
+    CERTValidity *validity;
+    CERTCertificate *cert = NULL;
+    PRExplodedTime printableTime;
+    PRTime now,
+        after;
+    if (!selfsign) {
+        issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
+        if (!issuerCert) {
+            error_out("ERROR: Could not find issuer's certificate");
+            return NULL;
+        }
+    }
+    if (find_field_bool(data, "manValidity", PR_TRUE)) {
+        (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
+    } else {
+        now = PR_Now();
+    }
+    PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+    if (warpmonths) {
+        printableTime.tm_month += warpmonths;
+        now = PR_ImplodeTime(&printableTime);
+        PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+    }
+    if (find_field_bool(data, "manValidity", PR_TRUE)) {
+        (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
+        PR_ExplodeTime(after, PR_GMTParameters, &printableTime);
+    } else {
+        printableTime.tm_month += 3;
+        after = PR_ImplodeTime(&printableTime);
+    }
+    /* note that the time is now in micro-second unit */
+    validity = CERT_CreateValidity(now, after);
+
+    if (selfsign) {
+        cert = CERT_CreateCertificate(serialNumber, &(req->subject), validity, req);
+    } else {
+        cert = CERT_CreateCertificate(serialNumber, &(issuerCert->subject), validity, req);
+    }
+
+    CERT_DestroyValidity(validity);
+    if (issuerCert) {
+        CERT_DestroyCertificate(issuerCert);
+    }
+    return (cert);
+}
+
+static int
+get_serial_number(Pair *data)
+{
+    int serial = 0;
+    int error;
+    char *filename = SERIAL_FILE;
+    char *SN;
+    FILE *serialFile;
+
+    if (find_field_bool(data, "serial-auto", PR_TRUE)) {
+        serialFile = fopen(filename, "r");
+        if (serialFile != NULL) {
+            size_t nread = fread(&serial, sizeof(int), 1, serialFile);
+            if (ferror(serialFile) != 0 || nread != 1) {
+                error_out("Error: Unable to read serial number file");
+            }
+            if (serial == -1) {
+                serial = 21;
+            }
+            fclose(serialFile);
+            ++serial;
+            serialFile = fopen(filename, "w");
+            if (serialFile == NULL) {
+                error_out("ERROR: Unable to open serial number file for writing");
+            }
+            fwrite(&serial, sizeof(int), 1, serialFile);
+            if (ferror(serialFile) != 0) {
+                error_out("Error: Unable to write to serial number file");
+            }
+        } else {
+            fclose(serialFile);
+            serialFile = fopen(filename, "w");
+            if (serialFile == NULL) {
+                error_out("ERROR: Unable to open serial number file");
+            }
+            serial = 21;
+            fwrite(&serial, sizeof(int), 1, serialFile);
+            if (ferror(serialFile) != 0) {
+                error_out("Error: Unable to write to serial number file");
+            }
+            error = ferror(serialFile);
+            if (error != 0) {
+                error_out("ERROR: Unable to write to serial file");
+            }
+        }
+        fclose(serialFile);
+    } else {
+        SN = find_field(data, "serial_value", PR_TRUE);
+        while (*SN != '\0') {
+            serial = serial * 16;
+            if ((*SN >= 'A') && (*SN <= 'F')) {
+                serial += *SN - 'A' + 10;
+            } else {
+                if ((*SN >= 'a') && (*SN <= 'f')) {
+                    serial += *SN - 'a' + 10;
+                } else {
+                    serial += *SN - '0';
+                }
+            }
+            ++SN;
+        }
+    }
+    return serial;
+}
+
+typedef SECStatus (*EXTEN_VALUE_ENCODER)(PLArenaPool *extHandle, void *value, SECItem *encodedValue);
+
+static SECStatus
+EncodeAndAddExtensionValue(
+    PLArenaPool *arena,
+    void *extHandle,
+    void *value,
+    PRBool criticality,
+    int extenType,
+    EXTEN_VALUE_ENCODER EncodeValueFn)
+{
+    SECItem encodedValue;
+    SECStatus rv;
+
+    encodedValue.data = NULL;
+    encodedValue.len = 0;
+    rv = (*EncodeValueFn)(arena, value, &encodedValue);
+    if (rv != SECSuccess) {
+        error_out("ERROR: Unable to encode extension value");
+    }
+    rv = CERT_AddExtension(extHandle, extenType, &encodedValue, criticality, PR_TRUE);
+    return (rv);
+}
+
+static SECStatus
+AddKeyUsage(void *extHandle,
+            Pair *data)
+{
+    SECItem bitStringValue;
+    unsigned char keyUsage = 0x0;
+
+    if (find_field_bool(data, "keyUsage-digitalSignature", PR_TRUE)) {
+        keyUsage |= (0x80 >> 0);
+    }
+    if (find_field_bool(data, "keyUsage-nonRepudiation", PR_TRUE)) {
+        keyUsage |= (0x80 >> 1);
+    }
+    if (find_field_bool(data, "keyUsage-keyEncipherment", PR_TRUE)) {
+        keyUsage |= (0x80 >> 2);
+    }
+    if (find_field_bool(data, "keyUsage-dataEncipherment", PR_TRUE)) {
+        keyUsage |= (0x80 >> 3);
+    }
+    if (find_field_bool(data, "keyUsage-keyAgreement", PR_TRUE)) {
+        keyUsage |= (0x80 >> 4);
+    }
+    if (find_field_bool(data, "keyUsage-keyCertSign", PR_TRUE)) {
+        keyUsage |= (0x80 >> 5);
+    }
+    if (find_field_bool(data, "keyUsage-cRLSign", PR_TRUE)) {
+        keyUsage |= (0x80 >> 6);
+    }
+
+    bitStringValue.data = &keyUsage;
+    bitStringValue.len = 1;
+
+    return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
+                                             (find_field_bool(data, "keyUsage-crit", PR_TRUE))));
+}
+
+static CERTOidSequence *
+CreateOidSequence(void)
+{
+    CERTOidSequence *rv = (CERTOidSequence *)NULL;
+    PLArenaPool *arena = (PLArenaPool *)NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if ((PLArenaPool *)NULL == arena) {
+        goto loser;
+    }
+
+    rv = (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
+    if ((CERTOidSequence *)NULL == rv) {
+        goto loser;
+    }
+
+    rv->oids = (SECItem **)PORT_ArenaZAlloc(arena, sizeof(SECItem *));
+    if ((SECItem **)NULL == rv->oids) {
+        goto loser;
+    }
+
+    rv->arena = arena;
+    return rv;
+
+loser:
+    if ((PLArenaPool *)NULL != arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (CERTOidSequence *)NULL;
+}
+
+static SECStatus
+AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
+{
+    SECItem **oids;
+    PRUint32 count = 0;
+    SECOidData *od;
+
+    od = SECOID_FindOIDByTag(oidTag);
+    if ((SECOidData *)NULL == od) {
+        return SECFailure;
+    }
+
+    for (oids = os->oids; (SECItem *)NULL != *oids; oids++) {
+        count++;
+    }
+
+    /* ArenaZRealloc */
+
+    {
+        PRUint32 i;
+
+        oids = (SECItem **)PORT_ArenaZAlloc(os->arena, sizeof(SECItem *) * (count + 2));
+        if ((SECItem **)NULL == oids) {
+            return SECFailure;
+        }
+
+        for (i = 0; i < count; i++) {
+            oids[i] = os->oids[i];
+        }
+
+        /* ArenaZFree(os->oids); */
+    }
+
+    os->oids = oids;
+    os->oids[count] = &od->oid;
+
+    return SECSuccess;
+}
+
+static SECItem *
+EncodeOidSequence(CERTOidSequence *os)
+{
+    SECItem *rv;
+    extern const SEC_ASN1Template CERT_OidSeqTemplate[];
+
+    rv = (SECItem *)PORT_ArenaZAlloc(os->arena, sizeof(SECItem));
+    if ((SECItem *)NULL == rv) {
+        goto loser;
+    }
+
+    if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) {
+        goto loser;
+    }
+
+    return rv;
+
+loser:
+    return (SECItem *)NULL;
+}
+
+static SECStatus
+AddExtKeyUsage(void *extHandle, Pair *data)
+{
+    SECStatus rv;
+    CERTOidSequence *os;
+    SECItem *value;
+    PRBool crit;
+
+    os = CreateOidSequence();
+    if ((CERTOidSequence *)NULL == os) {
+        return SECFailure;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-serverAuth", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-msTrustListSign", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-clientAuth", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-codeSign", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-emailProtect", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-timeStamp", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-ocspResponder", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    if (find_field_bool(data, "extKeyUsage-NS-govtApproved", PR_TRUE)) {
+        rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    value = EncodeOidSequence(os);
+
+    crit = find_field_bool(data, "extKeyUsage-crit", PR_TRUE);
+
+    rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, value,
+                           crit, PR_TRUE);
+/*FALLTHROUGH*/
+loser:
+    CERT_DestroyOidSequence(os);
+    return rv;
+}
+
+static SECStatus
+AddSubKeyID(void *extHandle,
+            Pair *data,
+            CERTCertificate *subjectCert)
+{
+    SECItem encodedValue;
+    SECStatus rv;
+    char *read;
+    char *write;
+    char *first;
+    char character;
+    int high_digit = 0,
+        low_digit = 0;
+    int len;
+    PRBool odd = PR_FALSE;
+
+    encodedValue.data = NULL;
+    encodedValue.len = 0;
+    first = read = write = find_field(data, "subjectKeyIdentifier-text",
+                                      PR_TRUE);
+    len = PORT_Strlen(first);
+    odd = ((len % 2) != 0) ? PR_TRUE : PR_FALSE;
+    if (find_field_bool(data, "subjectKeyIdentifier-radio-hex", PR_TRUE)) {
+        if (odd) {
+            error_out("ERROR: Improperly formated subject key identifier, hex values must be expressed as an octet string");
+        }
+        while (*read != '\0') {
+            if (!isxdigit(*read)) {
+                error_out("ERROR: Improperly formated subject key identifier");
+            }
+            *read = toupper(*read);
+            if ((*read >= 'A') && (*read <= 'F')) {
+                high_digit = *read - 'A' + 10;
+            } else {
+                high_digit = *read - '0';
+            }
+            ++read;
+            if (!isxdigit(*read)) {
+                error_out("ERROR: Improperly formated subject key identifier");
+            }
+            *read = toupper(*read);
+            if ((*read >= 'A') && (*read <= 'F')) {
+                low_digit = *(read) - 'A' + 10;
+            } else {
+                low_digit = *(read) - '0';
+            }
+            character = (high_digit << 4) | low_digit;
+            *write = character;
+            ++write;
+            ++read;
+        }
+        *write = '\0';
+        len = write - first;
+    }
+    subjectCert->subjectKeyID.data = (unsigned char *)find_field(data, "subjectKeyIdentifier-text", PR_TRUE);
+    subjectCert->subjectKeyID.len = len;
+    rv = CERT_EncodeSubjectKeyID(NULL, &subjectCert->subjectKeyID, &encodedValue);
+    if (rv) {
+        return (rv);
+    }
+    return (CERT_AddExtension(extHandle, SEC_OID_X509_SUBJECT_KEY_ID,
+                              &encodedValue, PR_FALSE, PR_TRUE));
+}
+
+static SECStatus
+AddAuthKeyID(void *extHandle,
+             Pair *data,
+             char *issuerNameStr,
+             CERTCertDBHandle *handle)
+{
+    CERTAuthKeyID *authKeyID = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    CERTCertificate *issuerCert = NULL;
+    CERTGeneralName *genNames;
+    CERTName *directoryName = NULL;
+
+    issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        error_allocate();
+    }
+
+    authKeyID = PORT_ArenaZAlloc(arena, sizeof(CERTAuthKeyID));
+    if (authKeyID == NULL) {
+        error_allocate();
+    }
+    if (find_field_bool(data, "authorityKeyIdentifier-radio-keyIdentifier",
+                        PR_TRUE)) {
+        authKeyID->keyID.data = PORT_ArenaAlloc(arena, PORT_Strlen((char *)issuerCert->subjectKeyID.data));
+        if (authKeyID->keyID.data == NULL) {
+            error_allocate();
+        }
+        PORT_Memcpy(authKeyID->keyID.data, issuerCert->subjectKeyID.data,
+                    authKeyID->keyID.len =
+                        PORT_Strlen((char *)issuerCert->subjectKeyID.data));
+    } else {
+
+        PORT_Assert(arena);
+        genNames = (CERTGeneralName *)PORT_ArenaZAlloc(arena, (sizeof(CERTGeneralName)));
+        if (genNames == NULL) {
+            error_allocate();
+        }
+        genNames->l.next = genNames->l.prev = &(genNames->l);
+        genNames->type = certDirectoryName;
+
+        directoryName = CERT_AsciiToName(issuerCert->subjectName);
+        if (!directoryName) {
+            error_out("ERROR: Unable to create Directory Name");
+        }
+        rv = CERT_CopyName(arena, &genNames->name.directoryName,
+                           directoryName);
+        CERT_DestroyName(directoryName);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to copy Directory Name");
+        }
+        authKeyID->authCertIssuer = genNames;
+        if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) {
+            error_out("ERROR: Unable to get Issuer General Name for Authority Key ID Extension");
+        }
+        authKeyID->authCertSerialNumber = issuerCert->serialNumber;
+    }
+    rv = EncodeAndAddExtensionValue(arena, extHandle, authKeyID, PR_FALSE,
+                                    SEC_OID_X509_AUTH_KEY_ID,
+                                    (EXTEN_VALUE_ENCODER)
+                                        CERT_EncodeAuthKeyID);
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return (rv);
+}
+
+static SECStatus
+AddPrivKeyUsagePeriod(void *extHandle,
+                      Pair *data,
+                      CERTCertificate *cert)
+{
+    char *notBeforeStr;
+    char *notAfterStr;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    CERTPrivKeyUsagePeriod *pkup;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        error_allocate();
+    }
+    pkup = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
+    if (pkup == NULL) {
+        error_allocate();
+    }
+    notBeforeStr = (char *)PORT_Alloc(16);
+    if (notBeforeStr == NULL) {
+        error_allocate();
+    }
+    notAfterStr = (char *)PORT_Alloc(16);
+    if (notAfterStr == NULL) {
+        error_allocate();
+    }
+    *notBeforeStr = '\0';
+    *notAfterStr = '\0';
+    pkup->arena = arena;
+    pkup->notBefore.len = 0;
+    pkup->notBefore.data = NULL;
+    pkup->notAfter.len = 0;
+    pkup->notAfter.data = NULL;
+    if (find_field_bool(data, "privKeyUsagePeriod-radio-notBefore", PR_TRUE) ||
+        find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
+        pkup->notBefore.len = 15;
+        pkup->notBefore.data = (unsigned char *)notBeforeStr;
+        if (find_field_bool(data, "privKeyUsagePeriod-notBefore-radio-manual",
+                            PR_TRUE)) {
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-year",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-month",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-day",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-hour",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-minute",
+                                                 PR_TRUE));
+            PORT_Strcat(notBeforeStr, find_field(data,
+                                                 "privKeyUsagePeriod-notBefore-second",
+                                                 PR_TRUE));
+            if ((*(notBeforeStr + 14) != '\0') ||
+                (!isdigit(*(notBeforeStr + 13))) ||
+                (*(notBeforeStr + 12) >= '5' && *(notBeforeStr + 12) <= '0') ||
+                (!isdigit(*(notBeforeStr + 11))) ||
+                (*(notBeforeStr + 10) >= '5' && *(notBeforeStr + 10) <= '0') ||
+                (!isdigit(*(notBeforeStr + 9))) ||
+                (*(notBeforeStr + 8) >= '2' && *(notBeforeStr + 8) <= '0') ||
+                (!isdigit(*(notBeforeStr + 7))) ||
+                (*(notBeforeStr + 6) >= '3' && *(notBeforeStr + 6) <= '0') ||
+                (!isdigit(*(notBeforeStr + 5))) ||
+                (*(notBeforeStr + 4) >= '1' && *(notBeforeStr + 4) <= '0') ||
+                (!isdigit(*(notBeforeStr + 3))) ||
+                (!isdigit(*(notBeforeStr + 2))) ||
+                (!isdigit(*(notBeforeStr + 1))) ||
+                (!isdigit(*(notBeforeStr + 0))) ||
+                (*(notBeforeStr + 8) == '2' && *(notBeforeStr + 9) >= '4') ||
+                (*(notBeforeStr + 6) == '3' && *(notBeforeStr + 7) >= '1') ||
+                (*(notBeforeStr + 4) == '1' && *(notBeforeStr + 5) >= '2')) {
+                error_out("ERROR: Improperly formated private key usage period");
+            }
+            *(notBeforeStr + 14) = 'Z';
+            *(notBeforeStr + 15) = '\0';
+        } else {
+            if ((*(cert->validity.notBefore.data) > '5') ||
+                ((*(cert->validity.notBefore.data) == '5') &&
+                 (*(cert->validity.notBefore.data + 1) != '0'))) {
+                PORT_Strcat(notBeforeStr, "19");
+            } else {
+                PORT_Strcat(notBeforeStr, "20");
+            }
+            PORT_Strcat(notBeforeStr, (char *)cert->validity.notBefore.data);
+        }
+    }
+    if (find_field_bool(data, "privKeyUsagePeriod-radio-notAfter", PR_TRUE) ||
+        find_field_bool(data, "privKeyUsagePeriod-radio-both", PR_TRUE)) {
+        pkup->notAfter.len = 15;
+        pkup->notAfter.data = (unsigned char *)notAfterStr;
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-year",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-month",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-day",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-hour",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-minute",
+                                            PR_TRUE));
+        PORT_Strcat(notAfterStr, find_field(data, "privKeyUsagePeriod-notAfter-second",
+                                            PR_TRUE));
+        if ((*(notAfterStr + 14) != '\0') ||
+            (!isdigit(*(notAfterStr + 13))) ||
+            (*(notAfterStr + 12) >= '5' && *(notAfterStr + 12) <= '0') ||
+            (!isdigit(*(notAfterStr + 11))) ||
+            (*(notAfterStr + 10) >= '5' && *(notAfterStr + 10) <= '0') ||
+            (!isdigit(*(notAfterStr + 9))) ||
+            (*(notAfterStr + 8) >= '2' && *(notAfterStr + 8) <= '0') ||
+            (!isdigit(*(notAfterStr + 7))) ||
+            (*(notAfterStr + 6) >= '3' && *(notAfterStr + 6) <= '0') ||
+            (!isdigit(*(notAfterStr + 5))) ||
+            (*(notAfterStr + 4) >= '1' && *(notAfterStr + 4) <= '0') ||
+            (!isdigit(*(notAfterStr + 3))) ||
+            (!isdigit(*(notAfterStr + 2))) ||
+            (!isdigit(*(notAfterStr + 1))) ||
+            (!isdigit(*(notAfterStr + 0))) ||
+            (*(notAfterStr + 8) == '2' && *(notAfterStr + 9) >= '4') ||
+            (*(notAfterStr + 6) == '3' && *(notAfterStr + 7) >= '1') ||
+            (*(notAfterStr + 4) == '1' && *(notAfterStr + 5) >= '2')) {
+            error_out("ERROR: Improperly formated private key usage period");
+        }
+        *(notAfterStr + 14) = 'Z';
+        *(notAfterStr + 15) = '\0';
+    }
+
+    PORT_Assert(arena);
+
+    rv = EncodeAndAddExtensionValue(arena, extHandle, pkup,
+                                    find_field_bool(data,
+                                                    "privKeyUsagePeriod-crit",
+                                                    PR_TRUE),
+                                    SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
+                                    (EXTEN_VALUE_ENCODER)
+                                        CERT_EncodePrivateKeyUsagePeriod);
+    PORT_FreeArena(arena, PR_FALSE);
+    PORT_Free(notBeforeStr);
+    PORT_Free(notAfterStr);
+    return (rv);
+}
+
+static SECStatus
+AddBasicConstraint(void *extHandle,
+                   Pair *data)
+{
+    CERTBasicConstraints basicConstraint;
+    SECItem encodedValue;
+    SECStatus rv;
+
+    encodedValue.data = NULL;
+    encodedValue.len = 0;
+    basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
+    basicConstraint.isCA = (find_field_bool(data, "basicConstraints-cA-radio-CA",
+                                            PR_TRUE));
+    if (find_field_bool(data, "basicConstraints-pathLengthConstraint", PR_TRUE)) {
+        basicConstraint.pathLenConstraint = atoi(find_field(data, "basicConstraints-pathLengthConstraint-text",
+                                                            PR_TRUE));
+    }
+
+    rv = CERT_EncodeBasicConstraintValue(NULL, &basicConstraint,
+                                         &encodedValue);
+    if (rv)
+        return (rv);
+    rv = CERT_AddExtension(extHandle, SEC_OID_X509_BASIC_CONSTRAINTS,
+                           &encodedValue,
+                           (find_field_bool(data, "basicConstraints-crit",
+                                            PR_TRUE)),
+                           PR_TRUE);
+
+    PORT_Free(encodedValue.data);
+    return (rv);
+}
+
+static SECStatus
+AddNscpCertType(void *extHandle,
+                Pair *data)
+{
+    SECItem bitStringValue;
+    unsigned char CertType = 0x0;
+
+    if (find_field_bool(data, "netscape-cert-type-ssl-client", PR_TRUE)) {
+        CertType |= (0x80 >> 0);
+    }
+    if (find_field_bool(data, "netscape-cert-type-ssl-server", PR_TRUE)) {
+        CertType |= (0x80 >> 1);
+    }
+    if (find_field_bool(data, "netscape-cert-type-smime", PR_TRUE)) {
+        CertType |= (0x80 >> 2);
+    }
+    if (find_field_bool(data, "netscape-cert-type-object-signing", PR_TRUE)) {
+        CertType |= (0x80 >> 3);
+    }
+    if (find_field_bool(data, "netscape-cert-type-reserved", PR_TRUE)) {
+        CertType |= (0x80 >> 4);
+    }
+    if (find_field_bool(data, "netscape-cert-type-ssl-ca", PR_TRUE)) {
+        CertType |= (0x80 >> 5);
+    }
+    if (find_field_bool(data, "netscape-cert-type-smime-ca", PR_TRUE)) {
+        CertType |= (0x80 >> 6);
+    }
+    if (find_field_bool(data, "netscape-cert-type-object-signing-ca", PR_TRUE)) {
+        CertType |= (0x80 >> 7);
+    }
+
+    bitStringValue.data = &CertType;
+    bitStringValue.len = 1;
+
+    return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
+                                             (find_field_bool(data, "netscape-cert-type-crit", PR_TRUE))));
+}
+
+static SECStatus
+add_IA5StringExtension(void *extHandle,
+                       char *string,
+                       PRBool crit,
+                       int idtag)
+{
+    SECItem encodedValue;
+    SECStatus rv;
+
+    encodedValue.data = NULL;
+    encodedValue.len = 0;
+
+    rv = CERT_EncodeIA5TypeExtension(NULL, string, &encodedValue);
+    if (rv) {
+        return (rv);
+    }
+    return (CERT_AddExtension(extHandle, idtag, &encodedValue, crit, PR_TRUE));
+}
+
+static SECItem *
+string_to_oid(char *string)
+{
+    int i;
+    int length = 20;
+    int remaining;
+    int first_value;
+    int second_value;
+    int value;
+    int oidLength;
+    unsigned char *oidString;
+    unsigned char *write;
+    unsigned char *read;
+    unsigned char *temp;
+    SECItem *oid;
+
+    remaining = length;
+    i = 0;
+    while (*string == ' ') {
+        string++;
+    }
+    while (isdigit(*(string + i))) {
+        i++;
+    }
+    if (*(string + i) == '.') {
+        *(string + i) = '\0';
+    } else {
+        error_out("ERROR: Improperly formated OID");
+    }
+    first_value = atoi(string);
+    if (first_value < 0 || first_value > 2) {
+        error_out("ERROR: Improperly formated OID");
+    }
+    string += i + 1;
+    i = 0;
+    while (isdigit(*(string + i))) {
+        i++;
+    }
+    if (*(string + i) == '.') {
+        *(string + i) = '\0';
+    } else {
+        error_out("ERROR: Improperly formated OID");
+    }
+    second_value = atoi(string);
+    if (second_value < 0 || second_value > 39) {
+        error_out("ERROR: Improperly formated OID");
+    }
+    oidString = PORT_ZAlloc(2);
+    *oidString = (first_value * 40) + second_value;
+    *(oidString + 1) = '\0';
+    oidLength = 1;
+    string += i + 1;
+    i = 0;
+    temp = write = PORT_ZAlloc(length);
+    while (*string != '\0') {
+        value = 0;
+        while (isdigit(*(string + i))) {
+            i++;
+        }
+        if (*(string + i) == '\0') {
+            value = atoi(string);
+            string += i;
+        } else {
+            if (*(string + i) == '.') {
+                *(string + i) = '\0';
+                value = atoi(string);
+                string += i + 1;
+            } else {
+                *(string + i) = '\0';
+                i++;
+                value = atoi(string);
+                while (*(string + i) == ' ')
+                    i++;
+                if (*(string + i) != '\0') {
+                    error_out("ERROR: Improperly formated OID");
+                }
+            }
+        }
+        i = 0;
+        while (value != 0) {
+            if (remaining < 1) {
+                remaining += length;
+                length = length * 2;
+                temp = PORT_Realloc(temp, length);
+                write = temp + length - remaining;
+            }
+            *write = (value & 0x7f) | (0x80);
+            write++;
+            remaining--;
+            value = value >> 7;
+        }
+        *temp = *temp & (0x7f);
+        oidLength += write - temp;
+        oidString = PORT_Realloc(oidString, (oidLength + 1));
+        read = write - 1;
+        write = oidLength + oidString - 1;
+        for (i = 0; i < (length - remaining); i++) {
+            *write = *read;
+            write--;
+            read++;
+        }
+        write = temp;
+        remaining = length;
+    }
+    *(oidString + oidLength) = '\0';
+    oid = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    oid->data = oidString;
+    oid->len = oidLength;
+    PORT_Free(temp);
+    return oid;
+}
+
+static SECItem *
+string_to_ipaddress(char *string)
+{
+    int i = 0;
+    int value;
+    int j = 0;
+    SECItem *ipaddress;
+
+    while (*string == ' ') {
+        string++;
+    }
+    ipaddress = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    ipaddress->data = PORT_ZAlloc(9);
+    while (*string != '\0' && j < 8) {
+        while (isdigit(*(string + i))) {
+            i++;
+        }
+        if (*(string + i) == '.') {
+            *(string + i) = '\0';
+            value = atoi(string);
+            string = string + i + 1;
+            i = 0;
+        } else {
+            if (*(string + i) == '\0') {
+                value = atoi(string);
+                string = string + i;
+                i = 0;
+            } else {
+                *(string + i) = '\0';
+                while (*(string + i) == ' ') {
+                    i++;
+                }
+                if (*(string + i) == '\0') {
+                    value = atoi(string);
+                    string = string + i;
+                    i = 0;
+                } else {
+                    error_out("ERROR: Improperly formated IP Address");
+                }
+            }
+        }
+        if (value >= 0 && value < 256) {
+            *(ipaddress->data + j) = value;
+        } else {
+            error_out("ERROR: Improperly formated IP Address");
+        }
+        j++;
+    }
+    *(ipaddress->data + j) = '\0';
+    if (j != 4 && j != 8) {
+        error_out("ERROR: Improperly formated IP Address");
+    }
+    ipaddress->len = j;
+    return ipaddress;
+}
+
+static int
+chr_to_hex(char c)
+{
+    if (isdigit(c)) {
+        return c - '0';
+    }
+    if (isxdigit(c)) {
+        return toupper(c) - 'A' + 10;
+    }
+    return -1;
+}
+
+static SECItem *
+string_to_binary(char *string)
+{
+    SECItem *rv;
+
+    rv = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (rv == NULL) {
+        error_allocate();
+    }
+    rv->data = (unsigned char *)PORT_ZAlloc((PORT_Strlen(string)) / 3 + 2);
+    rv->len = 0;
+    while (*string && !isxdigit(*string)) {
+        string++;
+    }
+    while (*string) {
+        int high, low;
+        high = chr_to_hex(*string++);
+        low = chr_to_hex(*string++);
+        if (high < 0 || low < 0) {
+            error_out("ERROR: Improperly formated binary encoding");
+        }
+        rv->data[(rv->len)++] = high << 4 | low;
+        if (*string != ':') {
+            break;
+        }
+        ++string;
+    }
+    while (*string == ' ') {
+        ++string;
+    }
+    if (*string) {
+        error_out("ERROR: Junk after binary encoding");
+    }
+
+    return rv;
+}
+
+static SECStatus
+MakeGeneralName(char *name,
+                CERTGeneralName *genName,
+                PLArenaPool *arena)
+{
+    SECItem *oid;
+    SECOidData *oidData;
+    SECItem *ipaddress;
+    SECItem *temp = NULL;
+    int i;
+    int nameType;
+    PRBool binary = PR_FALSE;
+    SECStatus rv = SECSuccess;
+    PRBool nickname = PR_FALSE;
+
+    PORT_Assert(genName);
+    PORT_Assert(arena);
+    nameType = *(name + PORT_Strlen(name) - 1) - '0';
+    if (nameType == 0 && *(name + PORT_Strlen(name) - 2) == '1') {
+        nickname = PR_TRUE;
+        nameType = certOtherName;
+    }
+    if (nameType < 1 || nameType > 9) {
+        error_out("ERROR: Unknown General Name Type");
+    }
+    *(name + PORT_Strlen(name) - 4) = '\0';
+    genName->type = nameType;
+
+    switch (genName->type) {
+        case certURI:
+        case certRFC822Name:
+        case certDNSName: {
+            genName->name.other.data = (unsigned char *)name;
+            genName->name.other.len = PORT_Strlen(name);
+            break;
+        }
+
+        case certIPAddress: {
+            ipaddress = string_to_ipaddress(name);
+            genName->name.other.data = ipaddress->data;
+            genName->name.other.len = ipaddress->len;
+            break;
+        }
+
+        case certRegisterID: {
+            oid = string_to_oid(name);
+            genName->name.other.data = oid->data;
+            genName->name.other.len = oid->len;
+            break;
+        }
+
+        case certEDIPartyName:
+        case certX400Address: {
+
+            genName->name.other.data = PORT_ArenaAlloc(arena,
+                                                       PORT_Strlen(name) + 2);
+            if (genName->name.other.data == NULL) {
+                error_allocate();
+            }
+
+            PORT_Memcpy(genName->name.other.data + 2, name, PORT_Strlen(name));
+            /* This may not be accurate for all cases.
+             For now, use this tag type */
+            genName->name.other.data[0] = (char)(((genName->type - 1) &
+                                                  0x1f) |
+                                                 0x80);
+            genName->name.other.data[1] = (char)PORT_Strlen(name);
+            genName->name.other.len = PORT_Strlen(name) + 2;
+            break;
+        }
+
+        case certOtherName: {
+            i = 0;
+            if (!nickname) {
+                while (!isdigit(*(name + PORT_Strlen(name) - i))) {
+                    i++;
+                }
+                if (*(name + PORT_Strlen(name) - i) == '1') {
+                    binary = PR_TRUE;
+                } else {
+                    binary = PR_FALSE;
+                }
+                while (*(name + PORT_Strlen(name) - i) != '-') {
+                    i++;
+                }
+                *(name + PORT_Strlen(name) - i - 1) = '\0';
+                i = 0;
+                while (*(name + i) != '-') {
+                    i++;
+                }
+                *(name + i - 1) = '\0';
+                oid = string_to_oid(name + i + 2);
+            } else {
+                oidData = SECOID_FindOIDByTag(SEC_OID_NETSCAPE_NICKNAME);
+                oid = &oidData->oid;
+                while (*(name + PORT_Strlen(name) - i) != '-') {
+                    i++;
+                }
+                *(name + PORT_Strlen(name) - i) = '\0';
+            }
+            genName->name.OthName.oid.data = oid->data;
+            genName->name.OthName.oid.len = oid->len;
+            if (binary) {
+                temp = string_to_binary(name);
+                genName->name.OthName.name.data = temp->data;
+                genName->name.OthName.name.len = temp->len;
+            } else {
+                temp = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+                if (temp == NULL) {
+                    error_allocate();
+                }
+                temp->data = (unsigned char *)name;
+                temp->len = PORT_Strlen(name);
+                SEC_ASN1EncodeItem(arena, &(genName->name.OthName.name), temp,
+                                   CERTIA5TypeTemplate);
+            }
+            PORT_Free(temp);
+            break;
+        }
+
+        case certDirectoryName: {
+            CERTName *directoryName = NULL;
+
+            directoryName = CERT_AsciiToName(name);
+            if (!directoryName) {
+                error_out("ERROR: Improperly formated alternative name");
+                break;
+            }
+            rv = CERT_CopyName(arena, &genName->name.directoryName,
+                               directoryName);
+            CERT_DestroyName(directoryName);
+
+            break;
+        }
+    }
+    genName->l.next = &(genName->l);
+    genName->l.prev = &(genName->l);
+    return rv;
+}
+
+static CERTGeneralName *
+MakeAltName(Pair *data,
+            char *which,
+            PLArenaPool *arena)
+{
+    CERTGeneralName *SubAltName;
+    CERTGeneralName *current;
+    CERTGeneralName *newname;
+    char *name = NULL;
+    SECStatus rv = SECSuccess;
+    int len;
+
+    len = PORT_Strlen(which);
+    name = find_field(data, which, PR_TRUE);
+    SubAltName = current = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName));
+    if (current == NULL) {
+        error_allocate();
+    }
+    while (name != NULL) {
+
+        rv = MakeGeneralName(name, current, arena);
+
+        if (rv != SECSuccess) {
+            break;
+        }
+        if (*(which + len - 1) < '9') {
+            *(which + len - 1) = *(which + len - 1) + 1;
+        } else {
+            if (isdigit(*(which + len - 2))) {
+                *(which + len - 2) = *(which + len - 2) + 1;
+                *(which + len - 1) = '0';
+            } else {
+                *(which + len - 1) = '1';
+                *(which + len) = '0';
+                *(which + len + 1) = '\0';
+                len++;
+            }
+        }
+        len = PORT_Strlen(which);
+        name = find_field(data, which, PR_TRUE);
+        if (name != NULL) {
+            newname = (CERTGeneralName *)PORT_ZAlloc(sizeof(CERTGeneralName));
+            if (newname == NULL) {
+                error_allocate();
+            }
+            current->l.next = &(newname->l);
+            newname->l.prev = &(current->l);
+            current = newname;
+            newname = NULL;
+        } else {
+            current->l.next = &(SubAltName->l);
+            SubAltName->l.prev = &(current->l);
+        }
+    }
+    if (rv == SECFailure) {
+        return NULL;
+    }
+    return SubAltName;
+}
+
+static CERTNameConstraints *
+MakeNameConstraints(Pair *data,
+                    PLArenaPool *arena)
+{
+    CERTNameConstraints *NameConstraints;
+    CERTNameConstraint *current = NULL;
+    CERTNameConstraint *last_permited = NULL;
+    CERTNameConstraint *last_excluded = NULL;
+    char *constraint = NULL;
+    char *which;
+    SECStatus rv = SECSuccess;
+    int len;
+    int i;
+    long max;
+    long min;
+    PRBool permited;
+
+    NameConstraints = (CERTNameConstraints *)PORT_ZAlloc(sizeof(CERTNameConstraints));
+    which = make_copy_string("NameConstraintSelect0", 25, '\0');
+    len = PORT_Strlen(which);
+    constraint = find_field(data, which, PR_TRUE);
+    NameConstraints->permited = NameConstraints->excluded = NULL;
+    while (constraint != NULL) {
+        current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint));
+        if (current == NULL) {
+            error_allocate();
+        }
+        i = 0;
+        while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
+            i++;
+        }
+        *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
+        max = (long)atoi(constraint + PORT_Strlen(constraint) + 3);
+        if (max > 0) {
+            (void)SEC_ASN1EncodeInteger(arena, &current->max, max);
+        }
+        i = 0;
+        while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
+            i++;
+        }
+        *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
+        min = (long)atoi(constraint + PORT_Strlen(constraint) + 3);
+        (void)SEC_ASN1EncodeInteger(arena, &current->min, min);
+        while (*(constraint + PORT_Strlen(constraint) - i) != '-') {
+            i++;
+        }
+        *(constraint + PORT_Strlen(constraint) - i - 1) = '\0';
+        if (*(constraint + PORT_Strlen(constraint) + 3) == 'p') {
+            permited = PR_TRUE;
+        } else {
+            permited = PR_FALSE;
+        }
+        rv = MakeGeneralName(constraint, &(current->name), arena);
+
+        if (rv != SECSuccess) {
+            break;
+        }
+        if (*(which + len - 1) < '9') {
+            *(which + len - 1) = *(which + len - 1) + 1;
+        } else {
+            if (isdigit(*(which + len - 2))) {
+                *(which + len - 2) = *(which + len - 2) + 1;
+                *(which + len - 1) = '0';
+            } else {
+                *(which + len - 1) = '1';
+                *(which + len) = '0';
+                *(which + len + 1) = '\0';
+                len++;
+            }
+        }
+        len = PORT_Strlen(which);
+        if (permited) {
+            if (NameConstraints->permited == NULL) {
+                NameConstraints->permited = last_permited = current;
+            }
+            last_permited->l.next = &(current->l);
+            current->l.prev = &(last_permited->l);
+            last_permited = current;
+        } else {
+            if (NameConstraints->excluded == NULL) {
+                NameConstraints->excluded = last_excluded = current;
+            }
+            last_excluded->l.next = &(current->l);
+            current->l.prev = &(last_excluded->l);
+            last_excluded = current;
+        }
+        constraint = find_field(data, which, PR_TRUE);
+        if (constraint != NULL) {
+            current = (CERTNameConstraint *)PORT_ZAlloc(sizeof(CERTNameConstraint));
+            if (current == NULL) {
+                error_allocate();
+            }
+        }
+    }
+    if (NameConstraints->permited != NULL) {
+        last_permited->l.next = &(NameConstraints->permited->l);
+        NameConstraints->permited->l.prev = &(last_permited->l);
+    }
+    if (NameConstraints->excluded != NULL) {
+        last_excluded->l.next = &(NameConstraints->excluded->l);
+        NameConstraints->excluded->l.prev = &(last_excluded->l);
+    }
+    if (which != NULL) {
+        PORT_Free(which);
+    }
+    if (rv == SECFailure) {
+        return NULL;
+    }
+    return NameConstraints;
+}
+
+static SECStatus
+AddAltName(void *extHandle,
+           Pair *data,
+           char *issuerNameStr,
+           CERTCertDBHandle *handle,
+           int type)
+{
+    PRBool autoIssuer = PR_FALSE;
+    PLArenaPool *arena = NULL;
+    CERTGeneralName *genName = NULL;
+    char *which = NULL;
+    char *name = NULL;
+    SECStatus rv = SECSuccess;
+    SECItem *issuersAltName = NULL;
+    CERTCertificate *issuerCert = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        error_allocate();
+    }
+    if (type == 0) {
+        which = make_copy_string("SubAltNameSelect0", 20, '\0');
+        genName = MakeAltName(data, which, arena);
+    } else {
+        if (autoIssuer) {
+            autoIssuer = find_field_bool(data, "IssuerAltNameSourceRadio-auto",
+                                         PR_TRUE);
+            issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
+            rv = cert_FindExtension((*issuerCert).extensions,
+                                    SEC_OID_X509_SUBJECT_ALT_NAME,
+                                    issuersAltName);
+            if (issuersAltName == NULL) {
+                name = PORT_Alloc(PORT_Strlen((*issuerCert).subjectName) + 4);
+                PORT_Strcpy(name, (*issuerCert).subjectName);
+                PORT_Strcat(name, " - 5");
+            }
+        } else {
+            which = make_copy_string("IssuerAltNameSelect0", 20, '\0');
+            genName = MakeAltName(data, which, arena);
+        }
+    }
+    if (type == 0) {
+        EncodeAndAddExtensionValue(arena, extHandle, genName,
+                                   find_field_bool(data, "SubAltName-crit",
+                                                   PR_TRUE),
+                                   SEC_OID_X509_SUBJECT_ALT_NAME,
+                                   (EXTEN_VALUE_ENCODER)
+                                       CERT_EncodeAltNameExtension);
+
+    } else {
+        if (autoIssuer && (name == NULL)) {
+            rv = CERT_AddExtension(extHandle, SEC_OID_X509_ISSUER_ALT_NAME, issuersAltName,
+                                   find_field_bool(data, "IssuerAltName-crit", PR_TRUE), PR_TRUE);
+        } else {
+            EncodeAndAddExtensionValue(arena, extHandle, genName,
+                                       find_field_bool(data,
+                                                       "IssuerAltName-crit",
+                                                       PR_TRUE),
+                                       SEC_OID_X509_ISSUER_ALT_NAME,
+                                       (EXTEN_VALUE_ENCODER)
+                                           CERT_EncodeAltNameExtension);
+        }
+    }
+    if (which != NULL) {
+        PORT_Free(which);
+    }
+    if (issuerCert != NULL) {
+        CERT_DestroyCertificate(issuerCert);
+    }
+    return rv;
+}
+
+static SECStatus
+AddNameConstraints(void *extHandle,
+                   Pair *data)
+{
+    PLArenaPool *arena = NULL;
+    CERTNameConstraints *constraints = NULL;
+    SECStatus rv = SECSuccess;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        error_allocate();
+    }
+    constraints = MakeNameConstraints(data, arena);
+    if (constraints != NULL) {
+        EncodeAndAddExtensionValue(arena, extHandle, constraints, PR_TRUE,
+                                   SEC_OID_X509_NAME_CONSTRAINTS,
+                                   (EXTEN_VALUE_ENCODER)
+                                       CERT_EncodeNameConstraintsExtension);
+    }
+    if (arena != NULL) {
+        PORT_ArenaRelease(arena, NULL);
+    }
+    return rv;
+}
+
+static SECStatus
+add_extensions(CERTCertificate *subjectCert,
+               Pair *data,
+               char *issuerNameStr,
+               CERTCertDBHandle *handle)
+{
+    void *extHandle;
+    SECStatus rv = SECSuccess;
+
+    extHandle = CERT_StartCertExtensions(subjectCert);
+    if (extHandle == NULL) {
+        error_out("ERROR: Unable to get certificates extension handle");
+    }
+    if (find_field_bool(data, "keyUsage", PR_TRUE)) {
+        rv = AddKeyUsage(extHandle, data);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Key Usage extension");
+        }
+    }
+
+    if (find_field_bool(data, "extKeyUsage", PR_TRUE)) {
+        rv = AddExtKeyUsage(extHandle, data);
+        if (SECSuccess != rv) {
+            error_out("ERROR: Unable to add Extended Key Usage extension");
+        }
+    }
+
+    if (find_field_bool(data, "basicConstraints", PR_TRUE)) {
+        rv = AddBasicConstraint(extHandle, data);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Basic Constraint extension");
+        }
+    }
+    if (find_field_bool(data, "subjectKeyIdentifier", PR_TRUE)) {
+        rv = AddSubKeyID(extHandle, data, subjectCert);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Subject Key Identifier Extension");
+        }
+    }
+    if (find_field_bool(data, "authorityKeyIdentifier", PR_TRUE)) {
+        rv = AddAuthKeyID(extHandle, data, issuerNameStr, handle);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Authority Key Identifier extension");
+        }
+    }
+    if (find_field_bool(data, "privKeyUsagePeriod", PR_TRUE)) {
+        rv = AddPrivKeyUsagePeriod(extHandle, data, subjectCert);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Private Key Usage Period extension");
+        }
+    }
+    if (find_field_bool(data, "SubAltName", PR_TRUE)) {
+        rv = AddAltName(extHandle, data, NULL, NULL, 0);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Subject Alternative Name extension");
+        }
+    }
+    if (find_field_bool(data, "IssuerAltName", PR_TRUE)) {
+        rv = AddAltName(extHandle, data, issuerNameStr, handle, 1);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Issuer Alternative Name Extension");
+        }
+    }
+    if (find_field_bool(data, "NameConstraints", PR_TRUE)) {
+        rv = AddNameConstraints(extHandle, data);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Name Constraints Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-cert-type", PR_TRUE)) {
+        rv = AddNscpCertType(extHandle, data);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape Certificate Type Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-base-url", PR_TRUE)) {
+        rv = add_IA5StringExtension(extHandle,
+                                    find_field(data, "netscape-base-url-text",
+                                               PR_TRUE),
+                                    find_field_bool(data,
+                                                    "netscape-base-url-crit",
+                                                    PR_TRUE),
+                                    SEC_OID_NS_CERT_EXT_BASE_URL);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape Base URL Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-revocation-url", PR_TRUE)) {
+        rv = add_IA5StringExtension(extHandle,
+                                    find_field(data,
+                                               "netscape-revocation-url-text",
+                                               PR_TRUE),
+                                    find_field_bool(data, "netscape-revocation-url-crit",
+                                                    PR_TRUE),
+                                    SEC_OID_NS_CERT_EXT_REVOCATION_URL);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape Revocation URL Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-ca-revocation-url", PR_TRUE)) {
+        rv = add_IA5StringExtension(extHandle,
+                                    find_field(data,
+                                               "netscape-ca-revocation-url-text",
+                                               PR_TRUE),
+                                    find_field_bool(data, "netscape-ca-revocation-url-crit", PR_TRUE),
+                                    SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape CA Revocation URL Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-cert-renewal-url", PR_TRUE)) {
+        rv = add_IA5StringExtension(extHandle,
+                                    find_field(data,
+                                               "netscape-cert-renewal-url-text",
+                                               PR_TRUE),
+                                    find_field_bool(data, "netscape-cert-renewal-url-crit",
+                                                    PR_TRUE),
+                                    SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape Certificate Renewal URL Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-ca-policy-url", PR_TRUE)) {
+        rv = add_IA5StringExtension(extHandle,
+                                    find_field(data,
+                                               "netscape-ca-policy-url-text",
+                                               PR_TRUE),
+                                    find_field_bool(data, "netscape-ca-policy-url-crit",
+                                                    PR_TRUE),
+                                    SEC_OID_NS_CERT_EXT_CA_POLICY_URL);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape CA Policy URL Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-ssl-server-name", PR_TRUE)) {
+        rv = add_IA5StringExtension(extHandle,
+                                    find_field(data,
+                                               "netscape-ssl-server-name-text",
+                                               PR_TRUE),
+                                    find_field_bool(data, "netscape-ssl-server-name-crit",
+                                                    PR_TRUE),
+                                    SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape SSL Server Name Extension");
+        }
+    }
+    if (find_field_bool(data, "netscape-comment", PR_TRUE)) {
+        rv = add_IA5StringExtension(extHandle,
+                                    find_field(data, "netscape-comment-text",
+                                               PR_TRUE),
+                                    find_field_bool(data,
+                                                    "netscape-comment-crit",
+                                                    PR_TRUE),
+                                    SEC_OID_NS_CERT_EXT_COMMENT);
+        if (rv != SECSuccess) {
+            error_out("ERROR: Unable to add Netscape Comment Extension");
+        }
+    }
+    CERT_FinishExtensions(extHandle);
+    return (rv);
+}
+
+char *
+return_dbpasswd(PK11SlotInfo *slot, PRBool retry, void *data)
+{
+    char *rv;
+
+    /* don't clobber our poor smart card */
+    if (retry == PR_TRUE) {
+        return NULL;
+    }
+    rv = PORT_Alloc(4);
+    PORT_Strcpy(rv, "foo");
+    return rv;
+}
+
+SECKEYPrivateKey *
+FindPrivateKeyFromNameStr(char *name,
+                          CERTCertDBHandle *certHandle)
+{
+    SECKEYPrivateKey *key;
+    CERTCertificate *cert;
+    CERTCertificate *p11Cert;
+
+    /* We don't presently have a PK11 function to find a cert by
+    ** subject name.
+    ** We do have a function to find a cert in the internal slot's
+    ** cert db by subject name, but it doesn't setup the slot info.
+    ** So, this HACK works, but should be replaced as soon as we
+    ** have a function to search for certs accross slots by subject name.
+    */
+    cert = CERT_FindCertByNameString(certHandle, name);
+    if (cert == NULL || cert->nickname == NULL) {
+        error_out("ERROR: Unable to retrieve issuers certificate");
+    }
+    p11Cert = PK11_FindCertFromNickname(cert->nickname, NULL);
+    if (p11Cert == NULL) {
+        error_out("ERROR: Unable to retrieve issuers certificate");
+    }
+    key = PK11_FindKeyByAnyCert(p11Cert, NULL);
+    return key;
+}
+
+static SECItem *
+SignCert(CERTCertificate *cert,
+         char *issuerNameStr,
+         Pair *data,
+         CERTCertDBHandle *handle,
+         int which_key)
+{
+    SECItem der;
+    SECKEYPrivateKey *caPrivateKey = NULL;
+    SECStatus rv;
+    PLArenaPool *arena;
+    SECOidTag algID;
+
+    if (which_key == 0) {
+        caPrivateKey = FindPrivateKeyFromNameStr(issuerNameStr, handle);
+    } else {
+        caPrivateKey = privkeys[which_key - 1];
+    }
+    if (caPrivateKey == NULL) {
+        error_out("ERROR: unable to retrieve issuers key");
+    }
+
+    arena = cert->arena;
+
+    algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType,
+                                            SEC_OID_UNKNOWN);
+    if (algID == SEC_OID_UNKNOWN) {
+        error_out("ERROR: Unknown key type for issuer.");
+        goto done;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
+    if (rv != SECSuccess) {
+        error_out("ERROR: Could not set signature algorithm id.");
+    }
+
+    if (find_field_bool(data, "ver-1", PR_TRUE)) {
+        *(cert->version.data) = 0;
+        cert->version.len = 1;
+    } else {
+        *(cert->version.data) = 2;
+        cert->version.len = 1;
+    }
+    der.data = NULL;
+    der.len = 0;
+    (void)SEC_ASN1EncodeItem(arena, &der, cert, CERT_CertificateTemplate);
+    if (der.data == NULL) {
+        error_out("ERROR: Could not encode certificate.\n");
+    }
+    rv = SEC_DerSignData(arena, &(cert->derCert), der.data, der.len, caPrivateKey,
+                         algID);
+    if (rv != SECSuccess) {
+        error_out("ERROR: Could not sign encoded certificate data.\n");
+    }
+done:
+    SECKEY_DestroyPrivateKey(caPrivateKey);
+    return &(cert->derCert);
+}
+
+int
+main(int argc, char **argv)
+{
+    int length = 500;
+    int remaining = 500;
+    int n;
+    int i;
+    int serial;
+    int chainLen;
+    int which_key;
+    char *pos;
+#ifdef OFFLINE
+    char *form_output = "key=MIIBPTCBpzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA7"
+                        "SLqjWBL9Wl11Vlg%0AaMqZCvcQOL%2FnvSqYPPRP0XZy9SoAeyWzQnBOiCm2t8H5mK7r2"
+                        "jnKdAQOmfhjaJil%0A3hNVu3SekHOXF6Ze7bkWa6%2FSGVcY%2FojkydxFSgY43nd1iyd"
+                        "zPQDp8WWLL%2BpVpt%2B%2B%0ATRhFtVXbF0fQI03j9h3BoTgP2lkCAwEAARYDZm9vMA0"
+                        "GCSqGSIb3DQEBBAUAA4GB%0AAJ8UfRKJ0GtG%2B%2BufCC6tAfTzKrq3CTBHnom55EyXc"
+                        "sAsv6WbDqI%2F0rLAPkn2Xo1r%0AnNhtMxIuj441blMt%2Fa3AGLOy5zmC7Qawt8IytvQ"
+                        "ikQ1XTpTBCXevytrmLjCmlURr%0ANJryTM48WaMQHiMiJpbXCqVJC1d%2FpEWBtqvALzZ"
+                        "aOOIy&subject=CN%3D%22test%22%26serial-auto%3Dtrue%26serial_value%3D%"
+                        "26ver-1%3Dtrue%26ver-3%3Dfalse%26caChoiceradio-SignWithDefaultkey%3Dt"
+                        "rue%26caChoiceradio-SignWithRandomChain%3Dfalse%26autoCAs%3D%26caChoi"
+                        "ceradio-SignWithSpecifiedChain%3Dfalse%26manCAs%3D%26%24";
+#else
+    char *form_output;
+#endif
+    char *issuerNameStr;
+    char *certName;
+    char *DBdir = DB_DIRECTORY;
+    char *prefixs[10] = { "CA#1-", "CA#2-", "CA#3-",
+                          "CA#4-", "CA#5-", "CA#6-",
+                          "CA#7-", "CA#8-", "CA#9-", "" };
+    Pair *form_data;
+    CERTCertificate *cert;
+    CERTCertDBHandle *handle;
+    CERTCertificateRequest *certReq = NULL;
+    int warpmonths = 0;
+    SECItem *certDER;
+#ifdef FILEOUT
+    FILE *outfile;
+#endif
+    SECStatus status = SECSuccess;
+    extern char prefix[PREFIX_LEN];
+    SEC_PKCS7ContentInfo *certChain;
+    SECItem *encodedCertChain;
+    PRBool UChain = PR_FALSE;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+#ifdef TEST
+    sleep(20);
+#endif
+    SECU_ConfigDirectory(DBdir);
+
+    PK11_SetPasswordFunc(return_dbpasswd);
+    status = NSS_InitReadWrite(DBdir);
+    if (status != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return -1;
+    }
+    handle = CERT_GetDefaultCertDB();
+
+    prefix[0] = '\0';
+#if !defined(OFFLINE)
+    form_output = (char *)PORT_Alloc(length);
+    if (form_output == NULL) {
+        error_allocate();
+    }
+    pos = form_output;
+    while (feof(stdin) == 0) {
+        if (remaining <= 1) {
+            remaining += length;
+            length = length * 2;
+            form_output = PORT_Realloc(form_output, (length));
+            if (form_output == NULL) {
+                error_allocate();
+            }
+            pos = form_output + length - remaining;
+        }
+        n = fread(pos, 1, (size_t)(remaining - 1), stdin);
+        pos += n;
+        remaining -= n;
+    }
+    *pos = '&';
+    pos++;
+    length = pos - form_output;
+#else
+    length = PORT_Strlen(form_output);
+#endif
+#ifdef FILEOUT
+    printf("Content-type: text/plain\n\n");
+    fwrite(form_output, 1, (size_t)length, stdout);
+    printf("\n");
+#endif
+#ifdef FILEOUT
+    fwrite(form_output, 1, (size_t)length, stdout);
+    printf("\n");
+    fflush(stdout);
+#endif
+    form_data = make_datastruct(form_output, length);
+    status = clean_input(form_data);
+#if !defined(OFFLINE)
+    PORT_Free(form_output);
+#endif
+#ifdef FILEOUT
+    i = 0;
+    while (return_name(form_data, i) != NULL) {
+        printf("%s", return_name(form_data, i));
+        printf("=\n");
+        printf("%s", return_data(form_data, i));
+        printf("\n");
+        i++;
+    }
+    printf("I got that done, woo hoo\n");
+    fflush(stdout);
+#endif
+    issuerNameStr = PORT_Alloc(200);
+    if (find_field_bool(form_data, "caChoiceradio-SignWithSpecifiedChain",
+                        PR_FALSE)) {
+        UChain = PR_TRUE;
+        chainLen = atoi(find_field(form_data, "manCAs", PR_FALSE));
+        PORT_Strcpy(prefix, prefixs[0]);
+        issuerNameStr = PORT_Strcpy(issuerNameStr,
+                                    "CN=Cert-O-Matic II, O=Cert-O-Matic II");
+        if (chainLen == 0) {
+            UChain = PR_FALSE;
+        }
+    } else {
+        if (find_field_bool(form_data, "caChoiceradio-SignWithRandomChain",
+                            PR_FALSE)) {
+            PORT_Strcpy(prefix, prefixs[9]);
+            chainLen = atoi(find_field(form_data, "autoCAs", PR_FALSE));
+            if (chainLen < 1 || chainLen > 18) {
+                issuerNameStr = PORT_Strcpy(issuerNameStr,
+                                            "CN=CA18, O=Cert-O-Matic II");
+            }
+            issuerNameStr = PORT_Strcpy(issuerNameStr, "CN=CA");
+            issuerNameStr = PORT_Strcat(issuerNameStr,
+                                        find_field(form_data, "autoCAs", PR_FALSE));
+            issuerNameStr = PORT_Strcat(issuerNameStr, ", O=Cert-O-Matic II");
+        } else {
+            issuerNameStr = PORT_Strcpy(issuerNameStr,
+                                        "CN=Cert-O-Matic II, O=Cert-O-Matic II");
+        }
+        chainLen = 0;
+    }
+
+    i = -1;
+    which_key = 0;
+    do {
+        extern SECStatus cert_GetKeyID(CERTCertificate * cert);
+        i++;
+        if (i != 0 && UChain) {
+            PORT_Strcpy(prefix, prefixs[i]);
+        }
+        /*        find_field(form_data,"subject", PR_TRUE); */
+        certReq = makeCertReq(form_data, which_key);
+#ifdef OFFLINE
+        serial = 900;
+#else
+        serial = get_serial_number(form_data);
+#endif
+        cert = MakeV1Cert(handle, certReq, issuerNameStr, PR_FALSE,
+                          serial, warpmonths, form_data);
+        if (certReq != NULL) {
+            CERT_DestroyCertificateRequest(certReq);
+        }
+        if (find_field_bool(form_data, "ver-3", PR_TRUE)) {
+            status = add_extensions(cert, form_data, issuerNameStr, handle);
+            if (status != SECSuccess) {
+                error_out("ERROR: Unable to add extensions");
+            }
+        }
+        status = cert_GetKeyID(cert);
+        if (status == SECFailure) {
+            error_out("ERROR: Unable to get Key ID.");
+        }
+        certDER = SignCert(cert, issuerNameStr, form_data, handle, which_key);
+        CERT_NewTempCertificate(handle, certDER, NULL, PR_FALSE, PR_TRUE);
+        issuerNameStr = find_field(form_data, "subject", PR_TRUE);
+        /*        SECITEM_FreeItem(certDER, PR_TRUE); */
+        CERT_DestroyCertificate(cert);
+        if (i == (chainLen - 1)) {
+            i = 8;
+        }
+        ++which_key;
+    } while (i < 9 && UChain);
+
+#ifdef FILEOUT
+    outfile = fopen("../certout", "wb");
+#endif
+    certName = find_field(form_data, "subject", PR_FALSE);
+    cert = CERT_FindCertByNameString(handle, certName);
+    certChain = SEC_PKCS7CreateCertsOnly(cert, PR_TRUE, handle);
+    if (certChain == NULL) {
+        error_out("ERROR: No certificates in cert chain");
+    }
+    encodedCertChain = SEC_PKCS7EncodeItem(NULL, NULL, certChain, NULL, NULL,
+                                           NULL);
+    if (encodedCertChain) {
+#if !defined(FILEOUT)
+        printf("Content-type: application/x-x509-user-cert\r\n");
+        printf("Content-length: %d\r\n\r\n", encodedCertChain->len);
+        fwrite(encodedCertChain->data, 1, encodedCertChain->len, stdout);
+#else
+        fwrite(encodedCertChain->data, 1, encodedCertChain->len, outfile);
+#endif
+
+    } else {
+        error_out("Error: Unable to DER encode certificate");
+    }
+#ifdef FILEOUT
+    printf("\nI got here!\n");
+    fflush(outfile);
+    fclose(outfile);
+#endif
+    fflush(stdout);
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+    return 0;
+}
diff --git a/nss/cmd/certcgi/certcgi.gyp b/nss/cmd/certcgi/certcgi.gyp
new file mode 100644
index 0000000..5ad2893
--- /dev/null
+++ b/nss/cmd/certcgi/certcgi.gyp
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'certcgi',
+      'type': 'executable',
+      'sources': [
+        'certcgi.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20',
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/certcgi/index.html b/nss/cmd/certcgi/index.html
new file mode 100644
index 0000000..3ae6a10
--- /dev/null
+++ b/nss/cmd/certcgi/index.html
@@ -0,0 +1,789 @@
+<HTML>	<!-- -*- Mode: Java; tab-width: 8 -*- -->
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<HEAD>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 
+<SCRIPT LANGUAGE="JavaScript1.2">
+
+script_url = 'http://interzone.mcom.com/cgi-bin/certomatic/bin/certcgi.cgi'
+
+ext_page_ver1 =
+  make_page_intro('Version 1 extensions', "#FFFFFF") +
+  '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext1">' +
+  'Version 1 X.509 certs do not support extensions' +
+  '</IFRAME>' +
+  '</body></html>';
+
+num_ca = 0;
+
+your_certificate_index_label       = 'Your Certificate';
+netscape_extensions_index_label    = 'Netscape X.509 Extensions';
+standard_extensions_index_label    = 'Standard X.509 Extensions';
+certifying_authorities_index_label = 'Certifying Authorities';
+add_sub_alt_name_index_label       = 'Add Subject Alternative Name';
+
+index_list = 
+  '0, your_certificate_index_label,' +
+  '0, netscape_extensions_index_label,' +
+  '0, standard_extensions_index_label,' +
+  '0, certifying_authorities_index_label';
+
+add_index_list = '';
+
+ver = 3
+
+max_pages = 13;
+cur_page = 1;
+
+ext_page_array = new Array(max_pages);
+
+index_label = 'Options';
+
+var main_page = 
+  make_page_intro('Your Key', "#FFFFFF") +
+  '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="main" SRC="main.html">' +
+  '</IFRAME>' +
+  '</body></html>' ;
+
+function setSubAltNameType(form)
+{
+  with(form) {
+    if (SubAltNameRadio[0].checked) {
+      return true;
+    }
+    if (SubAltNameRadio[3].checked || SubAltNameRadio[5].checked) {
+      SubAltNameDataType.checked = true;
+      return true;
+    }
+    if (SubAltNameRadio[1].checked || SubAltNameRadio[2].checked ||
+	SubAltNameRadio[4].checked || SubAltNameRadio[6].checked ||
+	SubAltNameRadio[7].checked || SubAltNameRadio[8].checked) {
+      SubAltNameDataType.checked = false;
+      return true;
+    }
+  }
+  return true;
+}
+
+function setIssuerAltNameType(form)
+{
+  with(form) {
+    if (IssuerAltNameRadio[0].checked) {
+      return true;
+    }
+    if (IssuerAltNameRadio[3].checked || IssuerAltNameRadio[5].checked) {
+      IssuerAltNameDataType.checked = true;
+      return true;
+    }
+    if (IssuerAltNameRadio[1].checked || IssuerAltNameRadio[2].checked ||
+	IssuerAltNameRadio[4].checked || IssuerAltNameRadio[6].checked ||
+	IssuerAltNameRadio[7].checked || IssuerAltNameRadio[8].checked) {
+      IssuerAltNameDataType.checked = false;
+      return true;
+    }
+  }
+  return true;
+}
+
+
+function setNameConstraintNameType(form)
+{
+  with(form) {
+    if (NameConstraintRadio[0].checked) {
+      return true;
+    }
+    if (NameConstraintRadio[3].checked || NameConstraintRadio[5].checked) {
+      NameConstraintNameDataType.checked = true;
+      return true;
+    }
+    if (NameConstraintRadio[1].checked || NameConstraintRadio[2].checked ||
+	NameConstraintRadio[4].checked || NameConstraintRadio[6].checked ||
+	NameConstraintRadio[7].checked || NameConstraintRadio[8].checked) {
+      NameConstraintNameDataType.checked = false;
+      return true;
+    }
+  }
+  return true;
+}
+
+
+function addSubAltName(form)
+{
+  with(form) {
+    var len = SubAltNameSelect.length;
+    var value;
+    var i = 0;
+    while(!(i == (SubAltNameRadio.length - 1)) & 
+          !(SubAltNameRadio[i].checked == true)) {
+      i++;
+    }
+    if (i != 0) {
+      value = SubAltNameText.value + " - " + (i + 1);
+    } else {
+      value = SubAltNameText.value + " - " + 
+              SubAltNameOtherNameOID.value + " - ";
+      if (SubAltNameDataType.checked) {
+	value += "1 - ";
+      } else {
+	value += "0 - ";
+      }
+      value += (i + 1);
+      if (SubAltNameOtherNameOID.value == "") {
+	alert("Other names must include an OID");
+	return false;
+      }
+    }
+
+    if ((SubAltNameText.value == "") | (SubAltNameRadio[i].checked != true)) {
+      alert("Alternative Names must include values for name and name type.");
+    } else {
+      SubAltNameSelect.options[len] = new Option(value, value);
+    }
+  }
+  return true;
+}
+
+function deleteSubAltName(form)
+{
+  with(form) {
+    while (SubAltNameSelect.selectedIndex >= 0) {
+      SubAltNameSelect[SubAltNameSelect.selectedIndex] = null;
+    }
+  }
+}
+  
+function addIssuerAltName(form)
+{
+  with(form)
+  {
+    var len = IssuerAltNameSelect.length;
+    var value;
+    var i = 0;
+
+    while(!(i == (IssuerAltNameRadio.length -1)) & 
+          !(IssuerAltNameRadio[i].checked == true)) {
+      i++;
+    }
+    if (i != 0) {
+      value = IssuerAltNameText.value + " - " + (i + 1);
+    } else {
+      value = IssuerAltNameText.value + " - " + 
+              IssuerAltNameOtherNameOID.value + " - ";
+      if (IssuerAltNameDataType.checked) {
+	value += "1 - ";
+      } else {
+	value += "0 - ";
+      }
+      value += (i + 1);
+      if (IssuerAltNameOtherNameOID.value == "") {
+	  alert("Other names must include an OID");
+	  return false;
+      }
+    }
+    if ((IssuerAltNameText.value == "") | 
+        (IssuerAltNameRadio[i].checked != true)) {
+      alert("Alternative Names must include values for name and name type.")
+    } else {
+      IssuerAltNameSelect.options[len] = new Option(value, value);
+    }
+  }
+  return true;
+}
+
+function deleteIssuerAltName(form)
+{
+  with(form) {
+    while (IssuerAltNameSelect.selectedIndex >= 0) {
+      IssuerAltNameSelect[IssuerAltNameSelect.selectedIndex] = null;
+    }
+  }
+}
+
+
+
+function addNameConstraint(form)
+{
+  with(form) {
+    var len = NameConstraintSelect.length;
+    var value;
+    var i = 0;
+    var min = NameConstraintMin.value;
+    var max = NameConstraintMax.value;
+
+    while(!(i == (NameConstraintRadio.length - 1) ) & 
+          !(NameConstraintRadio[i].checked == true)) {
+      i++;
+    }
+    value = NameConstraintText.value + " - ";
+    if (i == 0) {
+      value += NameConstraintOtherNameOID.value + " - ";
+      if (NameConstraintNameDataType.checked) {
+	value += "1 - ";
+      } else {
+	value += "0 - ";
+      }
+      if (NameConstraintOtherNameOID.value == "") {
+	alert("Other names must include an OID");
+	return false;
+      }
+    }
+    value += (i + 1) + " - ";
+    if (NameConstraintTypeRadio[0].checked == true) {
+      value += "p - ";
+    } else {
+      value += "e - ";
+    }
+    value += min + " - " + max;
+    if ((min == "") | (NameConstraintText.value == "") | 
+        (NameConstraintRadio[i].checked != true)) {
+      alert("Name Constraints must include values for minimum, name, and name type.")
+    } else {
+      NameConstraintSelect.options[len] = new Option(value, value);
+    }
+  }
+  return true;
+}
+
+function deleteNameConstraint(form)
+{
+  with(form) {
+    while (NameConstraintSelect.selectedIndex >= 0) {
+      NameConstraintSelect[NameConstraintSelect.selectedIndex] = null;
+    }
+  }
+}
+
+
+function submit_it()
+{
+  save_cur_page(cur_page);
+
+  var ver1 = (ver == 1);
+  var ver3 = (ver == 3);
+  var array_string;
+  var serial        = ext_page_array[0][10][0];
+  var serial_number = ext_page_array[0][12][0];
+  var manValidity   = ext_page_array[0][19][0];
+  var notBefore     = ext_page_array[0][20][0];
+  var notAfter      = ext_page_array[0][21][0];
+  var subject       = ext_page_array[0][22][0];
+
+  if (subject == "") {
+    alert("The DN field must contain some data");
+    return false;
+  }
+  if (!serial & serial_number == "") {
+    alert("No serial number specified");
+    return false;
+  }
+  if (ext_page_array[0][15][0]) {
+    var keygen = "<keygen name=\"key\" challenge=\"foo\">";
+  } else {
+    switch (ext_page_array[0][17][0]) {
+      case 2:
+        var keygen = "<keygen keytype=\"dsa\" pqg=\"MIGdAkEAjfKklEkidqo9JXWbsGhpy+rA2Dr7jQz3y7gyTw14guXQdi/FtyEOr8Lprawyq3qsSWk9+/g3JMLsBzbuMcgCkQIVAMdzIYxzfsjumTtPLe0w9I7azpFfAkEAYm0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5UhklycxC6fb0ZLCIzFcq9T5teIAg==\" name=\"key\" challenge=\"foo\">";
+	break;
+      case 1:
+        var keygen = "<keygen keytype=\"dsa\" pqg=\"MIHaAmDCboVgX0+6pEeMlbwsasWDVBcJNHPKMzkq9kbCRK2U3k+tE15n+Dc2g3ZjDYr1um51e2iLC34/BwAAAAAAAAAAAAAAAAAAAAAAAAABbBhnlFN5Djmt0Mk8cdEBY5H8iPMCFMhUnFtbpjn3EyfH2DjVg3ALh7FtAmA2zWzhpeCwvOTjYnQorlXiv0WcnSiWmaC79CRYkFt5i+UEfRxwP1eNGJBVB1T+CPW6JGd4WhgsqtSf53pn5DEtv++O7lNfXyOhWhb3KaWHYIx8fuAXtioIWkWmpfEIVZA=\" name=\"key\" challenge=\"foo\">";
+	break;
+      case 0:
+        var keygen = "<keygen keytype=\"dsa\" pqg=\"MIIBHAKBgId8SiiWrcdua5zbsBhPkKfFcnHBG7T/bQla7c6OixGjjmSSuq2fJLvMKa579CaxHxLZzZZXIHmAk9poRgWl2GUUkCJ68XSum8OQzDPXPsofcEdeANjw3mIAAAAAAAAAAAAAAAAAAAAAAAAIE+MkW5hguLIQqWvEVi9dMpbNu6OZAhTIA+y3TgyiwA0D8pt686ofaL1IOQKBgAiZQC6UCXztr2iXxJrAC+51gN5oX/R9Thilln9RGegsWnHrdxUOpcm5vAWp1LU8TOXtujE8kqkm3UxIRhUWQORe9IxLANAXmZJqkw9FEVHkxj6Cy9detwT2MyBzSwS6avsf7aLisgHmI/IHSeapJsQ3NQa3rikb6zRiqIV+TVa6\" name=\"key\" challenge=\"foo\">";
+        break;
+    }
+  }
+  array_string =  build_array_string();
+  hiddens = "<input type=\"hidden\" name=\"subject\" value=\'" + subject + "\'> \n" +
+            "<input type=\"hidden\" name=\"serial-auto\" value=\"" + serial + "\"> \n" +
+            "<input type=\"hidden\" name=\"serial_value\" value=\"" + serial_number + "\"> \n" +
+            "<input type=\"hidden\" name=\"ver-1\" value=\"" + ver1 + "\"> \n" +
+            "<input type=\"hidden\" name=\"ver-3\" value=\"" + ver3 + "\"> \n" +
+            "<input type=\"hidden\" name=\"notBefore\" value=\"" + notBefore + "\"> \n" +
+            "<input type=\"hidden\" name=\"notAfter\" value=\"" + notAfter + "\"> \n" +
+            "<input type=\"hidden\" name=\"manValidity\" value=\"" + manValidity + "\"> \n" +
+            array_string;
+
+  var good_submit_page =
+    '<html>' +
+    '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" BGCOLOR="#FFFFFF">' +
+    '<form method="post" action="' + script_url + '">' +
+    'Select size for your key:' + keygen + '</p>' +
+    '<input type="submit"></p>' +
+    hiddens +
+    '</form>\n' +
+    '</body>\n' +
+    '</html>\n';
+
+  window.frames['right'].document.write(good_submit_page);
+  window.frames['right'].document.close();
+  cur_page = max_pages + 1;
+  make_left_frame(window);
+  return false;
+}
+
+
+
+function build_array_string()
+{
+  var pg;
+  var array_string = '';
+  var pages;
+
+  if ((ext_page_array[3][4][0] > 0) && ext_page_array[3][3][0]) {
+    pages = 4 + parseInt(ext_page_array[3][4][0]);
+  } else {
+    pages = 4;
+  }
+  for (pg = 1; pg < pages; pg++) {
+    if ((pg > 1 || (ver == 3)) && (ext_page_array[pg].length > 1)) {
+      if (pg < 4) {
+	for (i = 0; i < ext_page_array[pg].length; i++) {
+	  if (ext_page_array[pg][i][3].indexOf("radio") == -1) {
+	    if (ext_page_array[pg][i][3].indexOf("multiple") == -1) {
+	      array_string +=  '<input type=\"hidden\" name=\"' + 
+                               ext_page_array[pg][i][1] + '\" value=\'' + 
+                               ext_page_array[pg][i][0] + '\'> \n';
+	    } else {
+	      for (k = 0; k < ext_page_array[pg][i][0].length; k++) {
+		array_string += '<input type=\"hidden\" name=\"' + 
+                                ext_page_array[pg][i][1] + k + '\" value=\'' + 
+                                ext_page_array[pg][i][0][k] + '\'> \n';
+	      }
+	    }
+	  } else {
+	    array_string += '<input type=\"hidden\" name=\"' + 
+                            ext_page_array[pg][i][1] + '-' + 
+			    ext_page_array[pg][i][2] + '\" value=\'' + 
+			    ext_page_array[pg][i][0] + '\'> \n';
+	  }
+	}
+      } else {
+	for (i = 0; i < ext_page_array[pg].length; i++) {
+	  if (ext_page_array[pg][i][3].indexOf("radio") == -1) {
+	    if (ext_page_array[pg][i][3].indexOf("multiple") == -1) {
+	      array_string += '<input type=\"hidden\" name=\"' + 
+	                      'CA#' + (pg - 3) + '-' + 
+			      ext_page_array[pg][i][1] + '\" value=\'' + 
+			      ext_page_array[pg][i][0] +'\'> \n';
+	    } else {
+	      for (k = 0; k < ext_page_array[pg][i][0].length; k++) {
+		array_string += '<input type=\"hidden\" name=\"' + 
+		                'CA#' + (pg - 3) + '-' + 
+				ext_page_array[pg][i][1] + k + '\" value=\'' + 
+				ext_page_array[pg][i][0][k] + '\'> \n';
+	      }
+	    }
+	  } else {
+	    array_string += '<input type=\"hidden\" name=\"' + 
+	                    'CA#' + (pg - 3) + '-' + 
+			    ext_page_array[pg][i][1] + '-' + 
+			    ext_page_array[pg][i][2] + '\" value=\'' + 
+			    ext_page_array[pg][i][0] + '\'> \n';
+	  }
+	}
+      }
+    }
+  }
+  return array_string;
+}
+
+
+
+function init_ext_page_array()
+{
+  for (i = 0; i < max_pages; i++) {
+    ext_page_array[i] = '';
+  }
+}
+
+function ca_num_change(n,ca_form)
+{
+  with(ca_form) {
+    n = parseInt(n,10);
+    if (caChoiceradio[2].checked) {
+      if (n) {
+	update_left_frame(n);
+      } else {
+	update_left_frame(0);
+      }
+    }
+  }
+}
+
+function choice_change(ca_form)
+{
+  with(ca_form) {
+    if (caChoiceradio[2].checked) {
+      ca_num_change(manCAs.value,ca_form);
+    } else {
+      update_left_frame(0);
+    }
+  }
+}
+
+function update_left_frame(n)
+{
+  var add_string = '';
+  for (var i = 0; i < n; i++) {
+    var j = i + 1;
+    add_string = add_string + ',1, \'CA #' + j + '\'';
+  }
+  top.add_index_list = add_string;
+  num_ca = n;
+  make_left_frame(window);
+}
+
+function set_ver1()
+// redraws the extensions page for version 1 certificates
+{
+  ver = 1
+  if (cur_page == 2 || cur_page == 3) {
+    switch_right_frame(window, cur_page, cur_page);
+  }
+}
+
+
+function set_ver3()
+// redraws the extensions page for version 3 certificates
+{
+  ver = 3
+  if (cur_page == 2) {
+    switch_right_frame(window, 0, 2);
+  } else if (cur_page == 3) {
+    switch_right_frame(window, 0, 3);
+  }
+}
+
+function reset_subject(marker, value, form)
+// Updates the subject field from a subordinate field
+{
+  with(form) {
+    var field_sep = '", ';
+    var begin_index = subject.value.indexOf(marker);
+    if (begin_index != 0 && subject.value[begin_index - 1] != ' ') {
+      begin_index = subject.value.indexOf(marker, begin_index +1);
+    }
+    var end_index = subject.value.indexOf(field_sep, begin_index);
+    if (begin_index > -1) {       // is it a delete/change?
+      if (end_index == -1) {      // is it the last one (includes only one)?
+        if (value.length > 0) {   // do I have to change it?
+          if (begin_index == 0) { // is is the only one?
+            subject.value = marker + '"' + value + '"';
+          } else {                // it is the last of many
+            subject.value = subject.value.substring(0,begin_index) + 
+	                    marker + '"' + value + '"';
+          }
+        } else {                  //  must be a delete
+          if (begin_index == 0) { // is it the only one?
+            begin_index += 2;
+          }
+          subject.value = subject.value.substring(0,(begin_index - 2));
+        }
+      } else {                    // it is the first of many or a middle one
+        if (value.length >0) {    // do I have to change it?
+          subject.value = 
+	  	subject.value.substring(0,(begin_index + marker.length + 1)) + 
+		value + subject.value.substring(end_index,subject.length);
+        } else {                  // it is a delete
+          subject.value = subject.value.substring(0,begin_index) + 
+	        subject.value.substring((end_index + 3),subject.length);
+        }
+      }
+    } else {                      // It is either an insert or a do nothing
+      if (value.length > 0) {     // is it an insert?
+        if (subject.value.length == 0) {  // is subject currently empty?
+          subject.value = marker + '"' + value + '"';
+        } else {
+          subject.value = subject.value + ', ' + marker + '"' + value + '"';
+        }
+      }
+    }
+  }
+}
+
+
+
+function reset_subjectFields(form)
+// updates all the subordinate fields from the subject field of a form
+// **** move the strings to global variables, to make maintentance easier ****
+{
+
+  update_subject_Field(form, 'CN=\"', form.name);
+  update_subject_Field(form, 'MAIL=\"', form.email);
+  update_subject_Field(form, 'O=\"', form.org);
+  update_subject_Field(form, 'C=\"', form.country);
+  update_subject_Field(form, ' L=\"', form.loc);
+  update_subject_Field(form, 'ST=\"', form.state);
+  update_subject_Field(form, 'E=\"', form.email);
+  update_subject_Field(form, 'OU=\"', form.org_unit);
+  update_subject_Field(form, 'UID=\"', form.uid);
+}
+
+function update_subject_Field(form, marker, update_field)
+//updates a single subordinate field from the subject field of a form
+// *** need to deal with the two types of e-mail addresses **************
+{
+  with(form) {
+    var field_sep = '", ';
+    var begin_index = subject.value.indexOf(marker) + marker.length;
+    var end_index = subject.value.indexOf(field_sep, begin_index);
+    if (end_index == -1) {
+      end_index = subject.value.indexOf('"',begin_index);
+    }
+    if (begin_index != (-1 + marker.length) ) {
+      update_field.value = subject.value.substring(begin_index, end_index);
+    } else {
+      update_field.value = '';
+    }
+  }
+}
+
+
+function switch_mail(form)
+// **** Do I want to delete the other type of e-mail address ? ************
+{
+  if (form.email_type[0].checked) {
+    var del = 'E=';
+    var ins = 'MAIL=';
+  } else {
+    var del = 'MAIL=';
+    var ins = 'E=';
+  }
+  reset_subject(del, '', form);
+  reset_subject(ins, form.email.value, form);
+}
+
+function make_page_intro(title, bgcolor)
+{
+  var style = '<STYLE TYPE="text/css">BODY{' +
+    'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' +
+    'font-size: 10pt;' +
+    '}' +
+    'TD{' +
+    'font-family: Geneva,MS Sans Serif,Arial,Lucida,Helvetica,sans-serif;' +
+    'font-size: 10pt;}' +
+    '</STYLE>';
+
+  if (bgcolor == null) { bgcolor = "#C0C0C0"; }
+  return '<HTML><HEAD>' +
+    '<TITLE>' + title + '</TITLE>' +
+    '</HEAD>' +
+    '<BODY TEXT="#000000" LINK="#000000" VLINK="#000000" ALINK="#FF0000" ' +
+          'BGCOLOR="' + bgcolor + '">';
+}
+
+
+function make_left_frame(window)
+{
+  with (window.frames['index']) {
+    eval ('index_string = make_left_frame_page(cur_page, ' 
+           + index_list + add_index_list + ' )');
+    fool1 = make_page_intro(index_label, "#FFFFFF") +
+      index_string + '</BODY></HTML>';
+    document.write(fool1);
+    document.close();
+  }
+}
+
+
+function save_cur_page(page_number)
+{
+  var len;
+  var pg = page_number - 1;
+  if (window.frames['right'].document.forms.length != 0) {
+    with (window.frames['right'].document) {
+      if ((page_number != 2 && page_number != 3 && page_number <= max_pages) || 
+	  ver == 3) {
+        ext_page_array[pg] = new Array(forms[0].elements.length);
+        for (i = 0; i < forms[0].elements.length; i++) {
+	  ext_page_array[pg][i] = new Array(4);
+	  switch (forms[0].elements[i].type) {
+	  case 'radio': 
+          case 'checkbox':
+	    ext_page_array[pg][i][0] = forms[0].elements[i].checked;
+	    break;
+	  case 'select-one':
+	    ext_page_array[pg][i][0] = forms[0].elements[i].selectedIndex;
+	    break;
+	  case 'select-multiple':
+	    len = forms[0].elements[i].options.length;
+	    ext_page_array[pg][i][0] = new Array(len);
+	    for(k = 0; k < len; k++) {
+	      ext_page_array[pg][i][0][k] = forms[0].elements[i].options[k].value;
+	    }
+	    break;
+	  default:
+	    ext_page_array[pg][i][0] = forms[0].elements[i].value;
+	  }
+	  ext_page_array[pg][i][1] = forms[0].elements[i].name;
+	  ext_page_array[pg][i][2] = forms[0].elements[i].value;
+	  ext_page_array[pg][i][3] = forms[0].elements[i].type;
+        }
+      }
+    }
+  }
+}
+
+function reload_form(page_number)
+{
+  var j = page_number - 1;
+  with (window.frames['right'].document) {
+    if (((page_number < 2 || page_number > 3) || ver == 3) 
+	&& page_number != 0 && (ext_page_array[j].length > 1)) {
+      for (i = 0; i < ext_page_array[j].length; i++) {
+	switch (forms[0].elements[i].type) {
+	case 'radio': case 'checkbox':
+	  forms[0].elements[i].checked = ext_page_array[j][i][0];
+	  break;
+	case 'select-one':
+	  forms[0].elements[i].selectedIndex = ext_page_array[j][i][0];
+	  break;
+	case 'select-multiple':
+	  for (k = 0; k < ext_page_array[j][i][0].length; k++) {
+	    forms[0].elements[i].options[k] = 
+	        new Option(ext_page_array[j][i][0][k], 
+			   ext_page_array[j][i][0][k]);
+	  }
+	  break;
+	default:
+	  forms[0].elements[i].value = ext_page_array[j][i][0];
+	}
+      }
+    }
+  }
+}
+
+function switch_right_frame(top_window, old_pane, new_pane)
+{
+  var ext_page_stnd =
+    make_page_intro(standard_extensions_index_label, "#FFFFFF") +
+    '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' +
+    'SRC="stnd_ext_form.html">' +
+    '</IFRAME></body></html>';
+
+  var ext_page_nscp = 
+    make_page_intro(netscape_extensions_index_label, "#FFFFFF") +
+    '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' +
+    'SRC="nscp_ext_form.html">' +
+    '</IFRAME></body></html>';
+
+  var ext_page_ca =
+    make_page_intro(certifying_authorities_index_label, "#FFFFFF") +
+    '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' +
+    'SRC="ca.html">' +
+    '</IFRAME></body</html>';
+
+  var ext_page_ca_exp =
+    make_page_intro('Certifying Authority Details', "#FFFFFF") +
+    '<IFRAME WIDTH="100%" HEIGHT="100%" FRAMEBORDER=0 ID="ext" ' +
+    'SRC="ca_form.html">' +
+    '</IFRAME></body></html>';
+
+
+  if (old_pane > 0 && cur_page <= max_pages) {
+    save_cur_page(old_pane);
+  }
+  cur_page = new_pane;
+  make_left_frame(top_window);
+  if (new_pane == 2 || new_pane == 3) {
+    if (ver == 1) {
+      frames['right'].document.write(ext_page_ver1);
+      frames['right'].document.close();
+    } else if (new_pane == 2) {
+      frames['right'].document.write(ext_page_nscp);
+      frames['right'].document.close();
+      reload_form(new_pane);
+    } else {
+      frames['right'].document.write(ext_page_stnd);
+      frames['right'].document.close();
+      reload_form(new_pane);
+    }
+  } else if (new_pane == 4) {
+    frames['right'].document.write(ext_page_ca);
+    frames['right'].document.close();
+    reload_form(new_pane);
+  } else if (new_pane == 1) {
+    frames['right'].document.write(main_page);
+    frames['right'].document.close();
+    reload_form(new_pane);
+  } else {
+    frames['right'].document.write(ext_page_ca_exp);
+    frames['right'].document.close();
+    reload_form(new_pane);
+  }
+}
+
+function make_left_frame_page(selected)
+{
+  var n_strings = ( make_left_frame_page.arguments.length - 1 ) / 2;
+  var table_background;
+  var command;
+  var indent;
+  var label;
+  var ret_string = "";
+    
+  ret_string += '<TABLE CELLSPACING=4>';
+  for ( var i = 1; i <= n_strings; i++ ) {
+    if ( i == selected ) {
+      table_background = 'BGCOLOR=#BBCCBB';
+    } else {
+      table_background = '';
+    }
+	
+    indent = make_left_frame_page.arguments[(i*2) - 1];
+    label =  make_left_frame_page.arguments[(i*2)];
+
+    if ( indent == 0 ) {
+      ret_string += ('<TR><TD COLSPAN=2 ' + table_background + '>');
+    } else {
+      ret_string += ('<TR><TD>&nbsp;&nbsp;</TD><TD ' + table_background + '>');
+    }
+
+    command = "'parent.switch_right_frame(parent," + selected + "," + i + ")'";
+    ret_string += ('<A HREF="javascript:void setTimeout(' + command + ',0)">');
+    if ( indent == 0 ) { ret_string += "<B>"; }
+    ret_string += label;
+    if ( indent == 0 ) { ret_string += "</B>"; }
+    ret_string += '</A></TD></TR>';
+  }
+  if (selected == (max_pages + 1)) {
+    table_background = 'BGCOLOR=#BBCCBB';
+  } else {
+    table_background = '';
+  }
+  ret_string +=
+    '<TR><TD COLSPAN=2 ' + table_background + 
+    '><b><A HREF="javascript:void setTimeout(\'top.submit_it()\', 0)">Finish</A></b>' +
+    '</TD></TR>' +
+    '<input type="submit"></form>' + 
+    '</TABLE>';
+  return(ret_string);
+}
+
+
+function make_page(window)
+// Draws the initial page setup
+{
+  selected = cur_page
+  init_ext_page_array()
+
+  with (window.frames['right']) {
+    location="main.html";
+//  document.write(main_page);
+//  document.close();
+  }
+
+  make_left_frame(window);
+
+}
+</script>
+
+</HEAD>
+<title>Cert-O-Matic</title>
+  <FRAMESET cols="150,*" BORDER=3 ONLOAD="make_page(window)">
+      <FRAME SRC="about:blank" ID="index" NAME="index"
+           MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3>
+      <FRAME SRC="about:blank" ID="right" NAME="right"
+           MARGINWIDTH=15 MARGINHEIGHT=10 BORDER=3>
+  </FRAMESET>
+</HTML>
diff --git a/nss/cmd/certcgi/main.html b/nss/cmd/certcgi/main.html
new file mode 100644
index 0000000..05dd9da
--- /dev/null
+++ b/nss/cmd/certcgi/main.html
@@ -0,0 +1,76 @@
+<HTML>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<HEAD>
+    <TITLE>Main Layer for CertOMatic</TITLE>
+</HEAD>
+
+    <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi">
+    <table border=0 cellspacing=10 cellpadding=0>
+    <tr>
+    <td>
+    Common Name:</td><td> <input type="text" name="name" onChange="{window.top.reset_subject('CN=', value, form)}"></p>
+    </td>
+    <td></td><td></td>
+    <td>
+    Organization: </td><td>  <input type="text" name="org" onChange="{window.top.reset_subject('O=', value, form)}"></p></td>
+    <tr>
+    <td>
+    <input type="radio" name="email_type" value="1" onClick="window.top.switch_mail(form)">MAIL=
+
+    <input type="radio" name="email_type" value="2" checked onClick="window.top.switch_mail(form)">E=
+    </td>
+    <td>
+    <input type="text" name="email" onChange="var temp;{if (email_type[0].checked) {temp = 'MAIL='} else {temp = 'E='}} ;{window.top.reset_subject(temp, value, form)}">
+    </td>
+    <td></td><td></td><td>
+    Organizational Unit: </td><td><input type="text" name="org_unit" onChange="{window.top.reset_subject('OU=', value, form)}"></p></td>
+    <tr>
+    <td>
+    UID= </td><td><input type="text" name="uid" onChange="{window.top.reset_subject('UID=', value, form)}"></p></td>
+    <td></td><td></td><td>
+    Locality: </td><td><input type="text" name="loc" onChange="{window.top.reset_subject('L=', value, form)}"></p></td>
+    <tr>
+    <td>
+    State or Province: </td><td><input type="text" name="state" onChange="{window.top.reset_subject('ST=', value, form)}"></p></td>
+    <td></td><td></td><td>
+    Country: </td><td><input type="text" size="2" name="country" onChange="{window.top.reset_subject('C=', value, form)}" maxlength="2"></p></td>
+    <tr>
+    <td COLSPAN=2>
+    Serial Number:
+    <DD><input type="radio" name="serial" value="auto" checked> Auto Generate
+    <DD><input type="radio" name="serial" value="input">
+    Use this hex value:&nbsp; <input type="text" name="serial_value" size="8" maxlength="8"></p>
+    </td>
+    <td></td> <td></td>
+    <td COLSPAN=2>
+    X.509 version:
+    <DD><input type="radio" name="ver" value="1" onClick="if (this.checked) {window.top.set_ver1();}"> Version 1
+    <DD><input type="radio" name="ver" value="3" checked onClick="if (this.checked) {window.top.set_ver3();}"> Version 3</P></td>
+    <tr>
+    <td COLSPAN=2>
+    Key Type:
+    <DD><input type="radio" name="keyType" value="rsa" checked> RSA
+    <DD><input type="radio" name="keyType" value="dsa"> DSA</p>
+    Intermediate CA Key Sizes:
+    <DD><select name="keysize">
+        <option>2048 (Very High Grade)
+        <option>1024 (High Grade)
+        <option>512  (Low Grade)
+        </select>
+    </td>
+    <td></td> <td></td>
+    <td COLSPAN=2>
+    Validity:
+    <DD><input type="radio" name="validity" value="auto" checked> 
+       Generate Automatically
+    <DD><input type="radio" name="validity" value="man"> Use these values:
+    <DD>Not Before:&nbsp; <input type="text" size="15" maxlength="17" name="notBefore">
+    <DD>Not After:&nbsp;&nbsp;&nbsp; <input type="text" size="15" maxlength="17" name="notAfter">
+    <DD>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
+    <FONT SIZE=-1><TT>YYMMDDhhmm[ss]{Z|+hhmm|-hhmm} </TT></FONT>
+    </table>
+    DN: <input type="text" name="subject" size="70" onChange="{window.top.reset_subjectFields(form)}"></P>  	      
+    </form>
+</HTML>
diff --git a/nss/cmd/certcgi/manifest.mn b/nss/cmd/certcgi/manifest.mn
new file mode 100644
index 0000000..9e17cef
--- /dev/null
+++ b/nss/cmd/certcgi/manifest.mn
@@ -0,0 +1,22 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header directories are implicitly REQUIREd.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = certcgi.c
+
+PROGRAM	= certcgi
+
+USE_STATIC_LIBS = 1
+
diff --git a/nss/cmd/certcgi/nscp_ext_form.html b/nss/cmd/certcgi/nscp_ext_form.html
new file mode 100644
index 0000000..f2a4a20
--- /dev/null
+++ b/nss/cmd/certcgi/nscp_ext_form.html
@@ -0,0 +1,84 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html> 
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+  <body>
+    <table  border=1 cellspacing=5 cellpadding=5>
+    <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi">
+    <tr>
+    <td>
+    <b>Netscape Certificate Type: </b></p>
+    Activate extension: <input type="checkbox" name="netscape-cert-type"></P>
+    Critical: <input type="checkbox" name="netscape-cert-type-crit">
+    <td>
+    <input type="checkbox" name="netscape-cert-type-ssl-client"> SSL Client</P>
+    <input type="checkbox" name="netscape-cert-type-ssl-server"> SSL Server</P>
+    <input type="checkbox" name="netscape-cert-type-smime"> S/MIME</P>
+    <input type="checkbox" name="netscape-cert-type-object-signing"> Object Signing</P>    
+    <input type="checkbox" name="netscape-cert-type-reserved"> Reserved for future use (bit 4)</P>
+    <input type="checkbox" name="netscape-cert-type-ssl-ca"> SSL CA</P>
+    <input type="checkbox" name="netscape-cert-type-smime-ca"> S/MIME CA</P>
+    <input type="checkbox" name="netscape-cert-type-object-signing-ca"> Object Signing CA</P>
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape Base URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-base-url"></P>
+    Critical: <input type="checkbox" name="netscape-base-url-crit">
+    <td>
+    <input type="text" name="netscape-base-url-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape Revocation URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-revocation-url"></P>
+    Critical: <input type="checkbox" name="netscape-revocation-url-crit">
+    <td>
+    <input type="text" name="netscape-revocation-url-text" size="50">
+    </tr>
+    <tr>
+    <td>    
+    <b>Netscape CA Revocation URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-ca-revocation-url"></P>
+    Critical: <input type="checkbox" name="netscape-ca-revocation-url-crit">
+    <td>
+    <input type="text" name="netscape-ca-revocation-url-text" size="50">
+    </tr>
+    <tr>
+    <td>    
+    <b>Netscape Certificate Renewal URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-cert-renewal-url"></P>
+    Critical: <input type="checkbox" name="netscape-cert-renewal-url-crit">
+    <td>
+    <input type="text" name="netscape-cert-renewal-url-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape CA Policy URL:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-ca-policy-url"></P>
+    Critical: <input type="checkbox" name="netscape-ca-policy-url-crit">
+    <td>
+    <input type="text" name="netscape-ca-policy-url-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape SSL Server Name:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-ssl-server-name"></P>
+    Critical: <input type="checkbox" name="netscape-ssl-server-name-crit">
+    <td>
+    <input type="text" name="netscape-ssl-server-name-text" size="50">
+    </tr>
+    <tr>
+    <td>
+    <b>Netscape Comment:</b></p>
+    Activate extension: <input type="checkbox" name="netscape-comment"></P>
+    Critical: <input type="checkbox" name="netscape-comment-crit">
+    <td>
+    <textarea name="netscape-comment-text" rows="5" cols="50"></textarea>
+    </tr>
+        
+    </table>
+  </body>
+</html>
diff --git a/nss/cmd/certcgi/stnd_ext_form.html b/nss/cmd/certcgi/stnd_ext_form.html
new file mode 100644
index 0000000..60d4d86
--- /dev/null
+++ b/nss/cmd/certcgi/stnd_ext_form.html
@@ -0,0 +1,219 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+  <body>
+    <table  border=1 cellspacing=5 cellpadding=5>
+    <form method="post" name="primary_form" action="http://interzone.mcom.com/burp.cgi">
+    <tr>
+    <td>
+    <b>Key Usage: </b></p>
+    Activate extension: <input type="checkbox" name="keyUsage"></P>
+    Critical: <input type="checkbox" name="keyUsage-crit">
+    <td>
+    <input type="checkbox" name="keyUsage-digitalSignature"> Digital Signature</P>
+    <input type="checkbox" name="keyUsage-nonRepudiation"> Non Repudiation</P>    
+    <input type="checkbox" name="keyUsage-keyEncipherment"> Key Encipherment</P>    
+    <input type="checkbox" name="keyUsage-dataEncipherment"> Data Encipherment</P>
+    <input type="checkbox" name="keyUsage-keyAgreement"> Key Agreement</P>
+    <input type="checkbox" name="keyUsage-keyCertSign"> Key Certificate Signing</P>
+    <input type="checkbox" name="keyUsage-cRLSign"> CRL Signing</P>
+    </tr>
+    <tr>
+    <td>
+    <b>Extended Key Usage: </b></p>
+    Activate extension: <input type="checkbox" name="extKeyUsage"></P>
+    Critical: <input type="checkbox" name="extKeyUsage-crit">
+    <td>
+    <input type="checkbox" name="extKeyUsage-serverAuth"> Server Auth</P>
+    <input type="checkbox" name="extKeyUsage-clientAuth"> Client Auth</P>
+    <input type="checkbox" name="extKeyUsage-codeSign"> Code Signing</P>
+    <input type="checkbox" name="extKeyUsage-emailProtect"> Email Protection</P>
+    <input type="checkbox" name="extKeyUsage-timeStamp"> Timestamp</P>
+    <input type="checkbox" name="extKeyUsage-ocspResponder"> OCSP Responder</P>
+    <input type="checkbox" name="extKeyUsage-NS-govtApproved"> Step-up</P>
+    <input type="checkbox" name="extKeyUsage-msTrustListSign"> Microsoft Trust List Signing</P>
+    </tr>
+    <tr>
+    <td>
+    <b>Basic Constraints:</b></p>
+    Activate extension: <input type="checkbox" name="basicConstraints"></P>
+    Critical: <input type="checkbox" name="basicConstraints-crit">
+    <td>
+    CA:</p>
+    <dd><input type=radio name="basicConstraints-cA-radio" value="CA"> True</p>
+    <dd><input type=radio name="basicConstraints-cA-radio" value="NotCA"> False</p>
+    <input type="checkbox" name="basicConstraints-pathLengthConstraint">
+     Include Path length:  <input type="text" name="basicConstraints-pathLengthConstraint-text" size="2"></p>
+    </tr>
+    <tr>
+    <td>
+    <b>Authority Key Identifier:</b></p>
+    Activate extension: <input type="checkbox" name="authorityKeyIdentifier">
+    <td>
+    <input type="radio" name="authorityKeyIdentifier-radio" value="keyIdentifier"> Key Identider</p>
+    <input type="radio" name="authorityKeyIdentifier-radio" value="authorityCertIssuer"> Issuer Name and Serial number</p>
+    </tr>
+    <tr>
+    <td>    
+    <b>Subject Key Identifier:</b></p>
+    Activate extension: <input type="checkbox" name="subjectKeyIdentifier">
+    <td>
+    Key Identifier: 
+    <input type="text" name="subjectKeyIdentifier-text"></p>
+    This is an:<p>
+    <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="ascii"> ascii text value<p>
+    <dd><dd><input type="radio" name="subjectKeyIdentifier-radio" value="hex"> hex value<p>
+    </tr>
+    <tr>
+    <td>    
+    <b>Private Key Usage Period:</b></p>
+    Activate extension: <input type="checkbox" name="privKeyUsagePeriod"></p>
+    Critical: <input type="checkbox" name="privKeyUsagePeriod-crit">
+    <td>
+    Use:</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notBefore"> Not Before</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-radio" value="notAfter"> Not After</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-radio" value="both" > Both</p>
+    <b>Not to be used to sign before:</b></p>
+    <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="auto"> Set to time of certificate issue</p>
+    <dd><input type="radio" name="privKeyUsagePeriod-notBefore-radio" value="manual"> Use This value</p>
+    <dd><dd>(YYYY/MM/DD HH:MM:SS): 
+    <input type="text" name="privKeyUsagePeriod-notBefore-year" size="4" maxlength="4">/
+    <input type="text" name="privKeyUsagePeriod-notBefore-month" size="2" maxlength="2">/
+    <input type="text" name="privKeyUsagePeriod-notBefore-day" size="2" maxlength="2"> 
+    <input type="text" name="privKeyUsagePeriod-notBefore-hour" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notBefore-minute" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notBefore-second" size="2" maxlength="2"></p>
+    <b>Not to be used to sign after:</b></p>
+    <dd>(YYYY/MM/DD HH:MM:SS): 
+    <input type="text" name="privKeyUsagePeriod-notAfter-year" size="4" maxlength="4">/
+    <input type="text" name="privKeyUsagePeriod-notAfter-month" size="2" maxlength="2">/
+    <input type="text" name="privKeyUsagePeriod-notAfter-day" size="2" maxlength="2"> 
+    <input type="text" name="privKeyUsagePeriod-notAfter-hour" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notAfter-minute" size="2" maxlength="2">:
+    <input type="text" name="privKeyUsagePeriod-notAfter-second" size="2" maxlength="2"></p>
+    </tr>
+    <tr>
+    <td>
+    <b>Subject Alternative Name:</b></p>
+    Activate extension: <input type="checkbox" name="SubAltName"></P>
+    Critical: <input type="checkbox" name="SubAltName-crit">
+    <td>
+      <table>
+      <tr>
+      <td>
+      General Names:</p>
+      <select name="SubAltNameSelect" multiple size="10">
+      </select></p></p>
+      <input type="button" name="SubAltName-add" value="Add" onClick="{parent.addSubAltName(this.form)}">
+      <input type="button" name="SubAltName-delete" value="Delete" onClick="parent.deleteSubAltName(this.form)">
+      </td><td>
+        <table><tr><td>
+        Name Type: </td></tr><tr><td>
+        <input type="radio" name="SubAltNameRadio" value="otherName" onClick="parent.setSubAltNameType(form)"> Other Name, 
+        OID: <input type="text" name="SubAltNameOtherNameOID" size="6"> </td><td>
+        <input type="radio" name="SubAltNameRadio" value="rfc822Name" onClick="parent.setSubAltNameType(form)"> RFC 822 Name</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="dnsName" onClick="parent.setSubAltNameType(form)"> DNS Name </td><td>
+        <input type="radio" name="SubAltNameRadio" value="x400" onClick="parent.setSubAltNameType(form)"> X400 Address</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="directoryName" onClick="parent.setSubAltNameType(form)"> Directory Name</td><td>
+        <input type="radio" name="SubAltNameRadio" value="ediPartyName" onClick="parent.setSubAltNameType(form)"> EDI Party Name</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="URL" onClick="parent.setSubAltNameType(form)"> Uniform Resource Locator</td><td>
+        <input type="radio" name="SubAltNameRadio" value="ipAddress" onClick="parent.setSubAltNameType(form)"> IP Address</td></tr><td>
+        <input type="radio" name="SubAltNameRadio" value="regID"onClick="parent.setSubAltNameType(form)"> Registered ID</td><td>
+	<input type="radio" name="SubAltNameRadio" value="nscpNickname" onClick="parent.setSubAltNameType(form)"> Netscape Certificate Nickname</td><td></tr>
+        </table>
+      Name: <input type="text" name="SubAltNameText">
+        Binary Encoded: <input type="checkbox" name="SubAltNameDataType" value="binary" onClick="parent.setSubAltNameType(form)"></p>
+      </tr>
+      </table>
+    </tr>
+
+
+    <tr>
+    <td>
+    <b>Issuer Alternative Name:</b></p>
+    Activate extension: <input type="checkbox" name="IssuerAltName"></P>
+    Critical: <input type="checkbox" name="IssuerAltName-crit">
+    <td>
+      <input type="radio" name="IssuerAltNameSourceRadio" value="auto"> Use the Subject Alternative Name from the Issuers Certificate</p>
+      <input type="radio" name="IssuerAltNameSourceRadio" value="man"> Use this Name:
+      <table>
+      <tr>
+      <td>
+      General Names:</p>
+      <select name="IssuerAltNameSelect" multiple size="10">
+      </select></p></p>
+      <input type="button" name="IssuerAltName-add" value="Add" onClick="{parent.addIssuerAltName(this.form)}">
+      <input type="button" name="IssuerAltName-delete" value="Delete" onClick="parent.deleteIssuerAltName(this.form)">
+      </td><td>
+        <table><tr><td>
+        Name Type: </td></tr><tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="otherName" onClick="parent.setIssuerAltNameType(form)"> Other Name, 
+        OID: <input type="text" name="IssuerAltNameOtherNameOID" size="6"> </td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="rfc822Name" onClick="parent.setIssuerAltNameType(form)"> RFC 822 Name</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="dnsName" onClick="parent.setIssuerAltNameType(form)"> DNS Name </td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="x400" onClick="parent.setIssuerAltNameType(form)"> X400 Address</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="directoryName" onClick="parent.setIssuerAltNameType(form)"> Directory Name</td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="ediPartyName" onClick="parent.setIssuerAltNameType(form)"> EDI Party Name</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="URL" onClick="parent.setIssuerAltNameType(form)"> Uniform Resource Locator</td><td>
+        <input type="radio" name="IssuerAltNameRadio" value="ipAddress" onClick="parent.setIssuerAltNameType(form)"> IP Address</td></tr><td>
+        <input type="radio" name="IssuerAltNameRadio" value="regID" onClick="parent.setIssuerAltNameType(form)"> Registered ID</td><td></tr>
+        </table>
+      Name: <input type="text" name="IssuerAltNameText"> 
+        Binary Encoded: <input type="checkbox" name="IssuerAltNameDataType" value="binary" onClick="parent.setIssuerAltNameType(form)"></p>
+      </tr>
+      </table>
+    </tr>
+
+    <tr>
+    <td>
+    <b>Name Constraints:</b></p>
+    Activate extension: <input type="checkbox" name="NameConstraints"></P>
+    <td>
+      <table>
+      <tr>
+      <td>
+      Name Constraints:</p>
+      <select name="NameConstraintSelect" multiple size="10">
+      </select></p></p>
+      <input type="button" name="NameConstraint-add" value="Add" onClick="{parent.addNameConstraint(this.form)}">
+      <input type="button" name="NameConstraint-delete" value="Delete" onClick="parent.deleteNameConstraint(this.form)">
+      </td><td>
+        <table><tr><td>
+        Name Type: </td></tr><tr><td>
+        <input type="radio" name="NameConstraintRadio" value="otherName" onClick="parent.setNameConstraintNameType(form)"> Other Name,
+        OID: <input type="text" name="NameConstraintOtherNameOID" size="6">  </td><td>
+        <input type="radio" name="NameConstraintRadio" value="rfc822Name" onClick="parent.setNameConstraintNameType(form)"> RFC 822 Name</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="dnsName" onClick="parent.setNameConstraintNameType(form)"> DNS Name </td><td>
+        <input type="radio" name="NameConstraintRadio" value="x400" onClick="parent.setNameConstraintNameType(form)"> X400 Address</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="directoryName" onClick="parent.setNameConstraintNameType(form)"> Directory Name</td><td>
+        <input type="radio" name="NameConstraintRadio" value="ediPartyName" onClick="parent.setNameConstraintNameType(form)"> EDI Party Name</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="URL" onClick="parent.setNameConstraintNameType(form)"> Uniform Resource Locator</td><td>
+        <input type="radio" name="NameConstraintRadio" value="ipAddress" onClick="parent.setNameConstraintNameType(form)"> IP Address</td></tr><td>
+        <input type="radio" name="NameConstraintRadio" value="regID" onClick="parent.setNameConstraintNameType(form)"> Registered ID</td><td></tr>
+        </table>
+      Name: <input type="text" name="NameConstraintText">
+        Binary Encoded: <input type="checkbox" name="NameConstraintNameDataType" value="binary" onClick="parent.setNameConstraintNameType(form)"></p>
+      Constraint type:<p>
+      <dd><input type="radio" name="NameConstraintTypeRadio" value="permited"> permited<p>
+      <dd><input type="radio" name="NameConstraintTypeRadio" value="excluded"> excluded<p>
+      Minimum: <input type="text" name="NameConstraintMin" size="8" maxlength="8"></p>
+      Maximum: <input type="text" name="NameConstraintMax" size="8" maxlength="8"></p>
+      </tr>
+      </table>
+    </tr>
+
+    </table>
+  </body>
+</html>
+
+
+
+
+
+
+
+
diff --git a/nss/cmd/certutil/Makefile b/nss/cmd/certutil/Makefile
new file mode 100644
index 0000000..74ae200
--- /dev/null
+++ b/nss/cmd/certutil/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
diff --git a/nss/cmd/certutil/certext.c b/nss/cmd/certutil/certext.c
new file mode 100644
index 0000000..b080f06
--- /dev/null
+++ b/nss/cmd/certutil/certext.c
@@ -0,0 +1,2218 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** certext.c
+**
+** part of certutil for managing certificates extensions
+**
+*/
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#if defined(WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+#include "secutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include "cert.h"
+#include "xconst.h"
+#include "prprf.h"
+#include "certutil.h"
+#include "genname.h"
+#include "prnetdb.h"
+
+#define GEN_BREAK(e) \
+    rv = e;          \
+    break;
+
+static char *
+Gets_s(char *buff, size_t size)
+{
+    char *str;
+
+    if (buff == NULL || size < 1) {
+        PORT_Assert(0);
+        return NULL;
+    }
+    if ((str = fgets(buff, size, stdin)) != NULL) {
+        int len = PORT_Strlen(str);
+        /*
+         * fgets() automatically converts native text file
+         * line endings to '\n'.  As defensive programming
+         * (just in case fgets has a bug or we put stdin in
+         * binary mode by mistake), we handle three native
+         * text file line endings here:
+         *   '\n'      Unix (including Linux and Mac OS X)
+         *   '\r''\n'  DOS/Windows & OS/2
+         *   '\r'      Mac OS Classic
+         * len can not be less then 1, since in case with
+         * empty string it has at least '\n' in the buffer
+         */
+        if (buff[len - 1] == '\n' || buff[len - 1] == '\r') {
+            buff[len - 1] = '\0';
+            if (len > 1 && buff[len - 2] == '\r')
+                buff[len - 2] = '\0';
+        }
+    } else {
+        buff[0] = '\0';
+    }
+    return str;
+}
+
+static SECStatus
+PrintChoicesAndGetAnswer(char *str, char *rBuff, int rSize)
+{
+    fputs(str, stdout);
+    fputs(" > ", stdout);
+    fflush(stdout);
+    if (Gets_s(rBuff, rSize) == NULL) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static CERTGeneralName *
+GetGeneralName(PLArenaPool *arena, CERTGeneralName *useExistingName, PRBool onlyOne)
+{
+    CERTGeneralName *namesList = NULL;
+    CERTGeneralName *current;
+    CERTGeneralName *tail = NULL;
+    SECStatus rv = SECSuccess;
+    int intValue;
+    char buffer[512];
+    void *mark;
+
+    PORT_Assert(arena);
+    mark = PORT_ArenaMark(arena);
+    do {
+        if (PrintChoicesAndGetAnswer(
+                "\nSelect one of the following general name type: \n"
+                "\t2 - rfc822Name\n"
+                "\t3 - dnsName\n"
+                "\t5 - directoryName\n"
+                "\t7 - uniformResourceidentifier\n"
+                "\t8 - ipAddress\n"
+                "\t9 - registerID\n"
+                "\tAny other number to finish\n"
+                "\t\tChoice:",
+                buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+        intValue = PORT_Atoi(buffer);
+        /*
+         * Should use ZAlloc instead of Alloc to avoid problem with garbage
+         * initialized pointers in CERT_CopyName
+         */
+        switch (intValue) {
+            case certRFC822Name:
+            case certDNSName:
+            case certDirectoryName:
+            case certURI:
+            case certIPAddress:
+            case certRegisterID:
+                break;
+            default:
+                intValue = 0; /* force a break for anything else */
+        }
+
+        if (intValue == 0)
+            break;
+
+        if (namesList == NULL) {
+            if (useExistingName) {
+                namesList = current = tail = useExistingName;
+            } else {
+                namesList = current = tail =
+                    PORT_ArenaZNew(arena, CERTGeneralName);
+            }
+        } else {
+            current = PORT_ArenaZNew(arena, CERTGeneralName);
+        }
+        if (current == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        current->type = intValue;
+        puts("\nEnter data:");
+        fflush(stdout);
+        if (Gets_s(buffer, sizeof(buffer)) == NULL) {
+            PORT_SetError(SEC_ERROR_INPUT_LEN);
+            GEN_BREAK(SECFailure);
+        }
+        switch (current->type) {
+            case certURI:
+            case certDNSName:
+            case certRFC822Name:
+                current->name.other.data =
+                    PORT_ArenaAlloc(arena, strlen(buffer));
+                if (current->name.other.data == NULL) {
+                    GEN_BREAK(SECFailure);
+                }
+                PORT_Memcpy(current->name.other.data, buffer,
+                            current->name.other.len = strlen(buffer));
+                break;
+
+            case certEDIPartyName:
+            case certIPAddress:
+            case certOtherName:
+            case certRegisterID:
+            case certX400Address: {
+
+                current->name.other.data =
+                    PORT_ArenaAlloc(arena, strlen(buffer) + 2);
+                if (current->name.other.data == NULL) {
+                    GEN_BREAK(SECFailure);
+                }
+
+                PORT_Memcpy(current->name.other.data + 2, buffer,
+                            strlen(buffer));
+                /* This may not be accurate for all cases.  For now,
+                 * use this tag type */
+                current->name.other.data[0] =
+                    (char)(((current->type - 1) & 0x1f) | 0x80);
+                current->name.other.data[1] = (char)strlen(buffer);
+                current->name.other.len = strlen(buffer) + 2;
+                break;
+            }
+
+            case certDirectoryName: {
+                CERTName *directoryName = NULL;
+
+                directoryName = CERT_AsciiToName(buffer);
+                if (!directoryName) {
+                    fprintf(stderr, "certutil: improperly formatted name: "
+                                    "\"%s\"\n",
+                            buffer);
+                    break;
+                }
+
+                rv = CERT_CopyName(arena, &current->name.directoryName,
+                                   directoryName);
+                CERT_DestroyName(directoryName);
+
+                break;
+            }
+        }
+        if (rv != SECSuccess)
+            break;
+        current->l.next = &(namesList->l);
+        current->l.prev = &(tail->l);
+        tail->l.next = &(current->l);
+        tail = current;
+
+    } while (!onlyOne);
+
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(arena, mark);
+        namesList = NULL;
+    }
+    return (namesList);
+}
+
+static CERTGeneralName *
+CreateGeneralName(PLArenaPool *arena)
+{
+    return GetGeneralName(arena, NULL, PR_FALSE);
+}
+
+static SECStatus
+GetString(PLArenaPool *arena, char *prompt, SECItem *value)
+{
+    char buffer[251];
+    char *buffPrt;
+
+    buffer[0] = '\0';
+    value->data = NULL;
+    value->len = 0;
+
+    puts(prompt);
+    buffPrt = Gets_s(buffer, sizeof(buffer));
+    /* returned NULL here treated the same way as empty string */
+    if (buffPrt && strlen(buffer) > 0) {
+        value->data = PORT_ArenaAlloc(arena, strlen(buffer));
+        if (value->data == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return (SECFailure);
+        }
+        PORT_Memcpy(value->data, buffer, value->len = strlen(buffer));
+    }
+    return (SECSuccess);
+}
+
+static PRBool
+GetYesNo(char *prompt)
+{
+    char buf[3];
+    char *buffPrt;
+
+    buf[0] = 'n';
+    puts(prompt);
+    buffPrt = Gets_s(buf, sizeof(buf));
+    return (buffPrt && (buf[0] == 'y' || buf[0] == 'Y')) ? PR_TRUE : PR_FALSE;
+}
+
+/* Parses comma separated values out of the string pointed by nextPos.
+ * Parsed value is compared to an array of possible values(valueArray).
+ * If match is found, a value index is returned, otherwise returns SECFailue.
+ * nextPos is set to the token after found comma separator or to NULL.
+ * NULL in nextPos should be used as indication of the last parsed token.
+ * A special value "critical" can be parsed out from the supplied sting.*/
+
+static SECStatus
+parseNextCmdInput(const char *const *valueArray, int *value, char **nextPos,
+                  PRBool *critical)
+{
+    char *thisPos;
+    int keyLen = 0;
+    int arrIndex = 0;
+
+    if (!valueArray || !value || !nextPos || !critical) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    thisPos = *nextPos;
+    while (1) {
+        if ((*nextPos = strchr(thisPos, ',')) == NULL) {
+            keyLen = strlen(thisPos);
+        } else {
+            keyLen = *nextPos - thisPos;
+            *nextPos += 1;
+        }
+        /* if critical keyword is found, go for another loop,
+         * but check, if it is the last keyword of
+         * the string.*/
+        if (!strncmp("critical", thisPos, keyLen)) {
+            *critical = PR_TRUE;
+            if (*nextPos == NULL) {
+                return SECSuccess;
+            }
+            thisPos = *nextPos;
+            continue;
+        }
+        break;
+    }
+    for (arrIndex = 0; valueArray[arrIndex]; arrIndex++) {
+        if (!strncmp(valueArray[arrIndex], thisPos, keyLen)) {
+            *value = arrIndex;
+            return SECSuccess;
+        }
+    }
+    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    return SECFailure;
+}
+
+static const char *const
+    keyUsageKeyWordArray[] = { "digitalSignature",
+                               "nonRepudiation",
+                               "keyEncipherment",
+                               "dataEncipherment",
+                               "keyAgreement",
+                               "certSigning",
+                               "crlSigning",
+                               NULL };
+
+static SECStatus
+AddKeyUsage(void *extHandle, const char *userSuppliedValue)
+{
+    SECItem bitStringValue;
+    unsigned char keyUsage = 0x0;
+    char buffer[5];
+    int value;
+    char *nextPos = (char *)userSuppliedValue;
+    PRBool isCriticalExt = PR_FALSE;
+
+    if (!userSuppliedValue) {
+        while (1) {
+            if (PrintChoicesAndGetAnswer(
+                    "\t\t0 - Digital Signature\n"
+                    "\t\t1 - Non-repudiation\n"
+                    "\t\t2 - Key encipherment\n"
+                    "\t\t3 - Data encipherment\n"
+                    "\t\t4 - Key agreement\n"
+                    "\t\t5 - Cert signing key\n"
+                    "\t\t6 - CRL signing key\n"
+                    "\t\tOther to finish\n",
+                    buffer, sizeof(buffer)) == SECFailure) {
+                return SECFailure;
+            }
+            value = PORT_Atoi(buffer);
+            if (value < 0 || value > 6)
+                break;
+            if (value == 0) {
+                /* Checking that zero value of variable 'value'
+                 * corresponds to '0' input made by user */
+                char *chPtr = strchr(buffer, '0');
+                if (chPtr == NULL) {
+                    continue;
+                }
+            }
+            keyUsage |= (0x80 >> value);
+        }
+        isCriticalExt = GetYesNo("Is this a critical extension [y/N]?");
+    } else {
+        while (1) {
+            if (parseNextCmdInput(keyUsageKeyWordArray, &value, &nextPos,
+                                  &isCriticalExt) == SECFailure) {
+                return SECFailure;
+            }
+            keyUsage |= (0x80 >> value);
+            if (!nextPos)
+                break;
+        }
+    }
+
+    bitStringValue.data = &keyUsage;
+    bitStringValue.len = 1;
+
+    return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_X509_KEY_USAGE, &bitStringValue,
+                                             isCriticalExt));
+}
+
+static CERTOidSequence *
+CreateOidSequence(void)
+{
+    CERTOidSequence *rv = (CERTOidSequence *)NULL;
+    PLArenaPool *arena = (PLArenaPool *)NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if ((PLArenaPool *)NULL == arena) {
+        goto loser;
+    }
+
+    rv = (CERTOidSequence *)PORT_ArenaZNew(arena, CERTOidSequence);
+    if ((CERTOidSequence *)NULL == rv) {
+        goto loser;
+    }
+
+    rv->oids = (SECItem **)PORT_ArenaZNew(arena, SECItem *);
+    if ((SECItem **)NULL == rv->oids) {
+        goto loser;
+    }
+
+    rv->arena = arena;
+    return rv;
+
+loser:
+    if ((PLArenaPool *)NULL != arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (CERTOidSequence *)NULL;
+}
+
+static void
+DestroyOidSequence(CERTOidSequence *os)
+{
+    if (os->arena) {
+        PORT_FreeArena(os->arena, PR_FALSE);
+    }
+}
+
+static SECStatus
+AddOidToSequence(CERTOidSequence *os, SECOidTag oidTag)
+{
+    SECItem **oids;
+    PRUint32 count = 0;
+    SECOidData *od;
+
+    od = SECOID_FindOIDByTag(oidTag);
+    if ((SECOidData *)NULL == od) {
+        return SECFailure;
+    }
+
+    for (oids = os->oids; (SECItem *)NULL != *oids; oids++) {
+        if (*oids == &od->oid) {
+            /* We already have this oid */
+            return SECSuccess;
+        }
+        count++;
+    }
+
+    /* ArenaZRealloc */
+
+    {
+        PRUint32 i;
+
+        oids = (SECItem **)PORT_ArenaZNewArray(os->arena, SECItem *, count + 2);
+        if ((SECItem **)NULL == oids) {
+            return SECFailure;
+        }
+
+        for (i = 0; i < count; i++) {
+            oids[i] = os->oids[i];
+        }
+
+        /* ArenaZFree(os->oids); */
+    }
+
+    os->oids = oids;
+    os->oids[count] = &od->oid;
+
+    return SECSuccess;
+}
+
+SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
+
+const SEC_ASN1Template CERT_OidSeqTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids),
+      SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
+};
+
+static SECItem *
+EncodeOidSequence(CERTOidSequence *os)
+{
+    SECItem *rv;
+
+    rv = (SECItem *)PORT_ArenaZNew(os->arena, SECItem);
+    if ((SECItem *)NULL == rv) {
+        goto loser;
+    }
+
+    if (!SEC_ASN1EncodeItem(os->arena, rv, os, CERT_OidSeqTemplate)) {
+        goto loser;
+    }
+
+    return rv;
+
+loser:
+    return (SECItem *)NULL;
+}
+
+static const char *const
+    extKeyUsageKeyWordArray[] = { "serverAuth",
+                                  "clientAuth",
+                                  "codeSigning",
+                                  "emailProtection",
+                                  "timeStamp",
+                                  "ocspResponder",
+                                  "stepUp",
+                                  "msTrustListSigning",
+                                  NULL };
+
+static SECStatus
+AddExtKeyUsage(void *extHandle, const char *userSuppliedValue)
+{
+    char buffer[5];
+    int value;
+    CERTOidSequence *os;
+    SECStatus rv;
+    SECItem *item;
+    PRBool isCriticalExt = PR_FALSE;
+    char *nextPos = (char *)userSuppliedValue;
+
+    os = CreateOidSequence();
+    if ((CERTOidSequence *)NULL == os) {
+        return SECFailure;
+    }
+
+    while (1) {
+        if (!userSuppliedValue) {
+            if (PrintChoicesAndGetAnswer(
+                    "\t\t0 - Server Auth\n"
+                    "\t\t1 - Client Auth\n"
+                    "\t\t2 - Code Signing\n"
+                    "\t\t3 - Email Protection\n"
+                    "\t\t4 - Timestamp\n"
+                    "\t\t5 - OCSP Responder\n"
+                    "\t\t6 - Step-up\n"
+                    "\t\t7 - Microsoft Trust List Signing\n"
+                    "\t\tOther to finish\n",
+                    buffer, sizeof(buffer)) == SECFailure) {
+                GEN_BREAK(SECFailure);
+            }
+            value = PORT_Atoi(buffer);
+
+            if (value == 0) {
+                /* Checking that zero value of variable 'value'
+                 * corresponds to '0' input made by user */
+                char *chPtr = strchr(buffer, '0');
+                if (chPtr == NULL) {
+                    continue;
+                }
+            }
+        } else {
+            if (parseNextCmdInput(extKeyUsageKeyWordArray, &value, &nextPos,
+                                  &isCriticalExt) == SECFailure) {
+                return SECFailure;
+            }
+        }
+
+        switch (value) {
+            case 0:
+                rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH);
+                break;
+            case 1:
+                rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH);
+                break;
+            case 2:
+                rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_CODE_SIGN);
+                break;
+            case 3:
+                rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT);
+                break;
+            case 4:
+                rv = AddOidToSequence(os, SEC_OID_EXT_KEY_USAGE_TIME_STAMP);
+                break;
+            case 5:
+                rv = AddOidToSequence(os, SEC_OID_OCSP_RESPONDER);
+                break;
+            case 6:
+                rv = AddOidToSequence(os, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED);
+                break;
+            case 7:
+                rv = AddOidToSequence(os, SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING);
+                break;
+            default:
+                goto endloop;
+        }
+
+        if (userSuppliedValue && !nextPos)
+            break;
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+endloop:
+    item = EncodeOidSequence(os);
+
+    if (!userSuppliedValue) {
+        isCriticalExt = GetYesNo("Is this a critical extension [y/N]?");
+    }
+
+    rv = CERT_AddExtension(extHandle, SEC_OID_X509_EXT_KEY_USAGE, item,
+                           isCriticalExt, PR_TRUE);
+/*FALLTHROUGH*/
+loser:
+    DestroyOidSequence(os);
+    return rv;
+}
+
+static const char *const
+    nsCertTypeKeyWordArray[] = { "sslClient",
+                                 "sslServer",
+                                 "smime",
+                                 "objectSigning",
+                                 "Not!Used",
+                                 "sslCA",
+                                 "smimeCA",
+                                 "objectSigningCA",
+                                 NULL };
+
+static SECStatus
+AddNscpCertType(void *extHandle, const char *userSuppliedValue)
+{
+    SECItem bitStringValue;
+    unsigned char keyUsage = 0x0;
+    char buffer[5];
+    int value;
+    char *nextPos = (char *)userSuppliedValue;
+    PRBool isCriticalExt = PR_FALSE;
+
+    if (!userSuppliedValue) {
+        while (1) {
+            if (PrintChoicesAndGetAnswer(
+                    "\t\t0 - SSL Client\n"
+                    "\t\t1 - SSL Server\n"
+                    "\t\t2 - S/MIME\n"
+                    "\t\t3 - Object Signing\n"
+                    "\t\t4 - Reserved for future use\n"
+                    "\t\t5 - SSL CA\n"
+                    "\t\t6 - S/MIME CA\n"
+                    "\t\t7 - Object Signing CA\n"
+                    "\t\tOther to finish\n",
+                    buffer, sizeof(buffer)) == SECFailure) {
+                return SECFailure;
+            }
+            value = PORT_Atoi(buffer);
+            if (value < 0 || value > 7)
+                break;
+            if (value == 0) {
+                /* Checking that zero value of variable 'value'
+                 * corresponds to '0' input made by user */
+                char *chPtr = strchr(buffer, '0');
+                if (chPtr == NULL) {
+                    continue;
+                }
+            }
+            keyUsage |= (0x80 >> value);
+        }
+        isCriticalExt = GetYesNo("Is this a critical extension [y/N]?");
+    } else {
+        while (1) {
+            if (parseNextCmdInput(nsCertTypeKeyWordArray, &value, &nextPos,
+                                  &isCriticalExt) == SECFailure) {
+                return SECFailure;
+            }
+            keyUsage |= (0x80 >> value);
+            if (!nextPos)
+                break;
+        }
+    }
+
+    bitStringValue.data = &keyUsage;
+    bitStringValue.len = 1;
+
+    return (CERT_EncodeAndAddBitStrExtension(extHandle, SEC_OID_NS_CERT_EXT_CERT_TYPE, &bitStringValue,
+                                             isCriticalExt));
+}
+
+SECStatus
+GetOidFromString(PLArenaPool *arena, SECItem *to,
+                 const char *from, size_t fromLen)
+{
+    SECStatus rv;
+    SECOidTag tag;
+    SECOidData *coid;
+
+    /* try dotted form first */
+    rv = SEC_StringToOID(arena, to, from, fromLen);
+    if (rv == SECSuccess) {
+        return rv;
+    }
+
+    /* Check to see if it matches a name in our oid table.
+     * SECOID_FindOIDByTag returns NULL if tag is out of bounds.
+     */
+    tag = SEC_OID_UNKNOWN;
+    coid = SECOID_FindOIDByTag(tag);
+    for (; coid; coid = SECOID_FindOIDByTag(++tag)) {
+        if (PORT_Strncasecmp(from, coid->desc, fromLen) == 0) {
+            break;
+        }
+    }
+    if (coid == NULL) {
+        /* none found */
+        return SECFailure;
+    }
+    return SECITEM_CopyItem(arena, to, &coid->oid);
+}
+
+static SECStatus
+AddSubjectAltNames(PLArenaPool *arena, CERTGeneralName **existingListp,
+                   const char *constNames, CERTGeneralNameType type)
+{
+    CERTGeneralName *nameList = NULL;
+    CERTGeneralName *current = NULL;
+    PRCList *prev = NULL;
+    char *cp, *nextName = NULL;
+    SECStatus rv = SECSuccess;
+    PRBool readTypeFromName = (PRBool)(type == 0);
+    char *names = NULL;
+
+    if (constNames)
+        names = PORT_Strdup(constNames);
+
+    if (names == NULL) {
+        return SECFailure;
+    }
+
+    /*
+     * walk down the comma separated list of names. NOTE: there is
+     * no sanity checks to see if the email address look like
+     * email addresses.
+     *
+     * Each name may optionally be prefixed with a type: string.
+     * If it isn't, the type from the previous name will be used.
+     * If there wasn't a previous name yet, the type given
+     * as a parameter to this function will be used.
+     * If the type value is zero (undefined), we'll fail.
+     */
+    for (cp = names; cp; cp = nextName) {
+        int len;
+        char *oidString;
+        char *nextComma;
+        CERTName *name;
+        PRStatus status;
+        unsigned char *data;
+        PRNetAddr addr;
+
+        nextName = NULL;
+        if (*cp == ',') {
+            cp++;
+        }
+        nextComma = PORT_Strchr(cp, ',');
+        if (nextComma) {
+            *nextComma = 0;
+            nextName = nextComma + 1;
+        }
+        if ((*cp) == 0) {
+            continue;
+        }
+        if (readTypeFromName) {
+            char *save = cp;
+            /* Because we already replaced nextComma with end-of-string,
+             * a found colon belongs to the current name */
+            cp = PORT_Strchr(cp, ':');
+            if (cp) {
+                *cp = 0;
+                cp++;
+                type = CERT_GetGeneralNameTypeFromString(save);
+                if (*cp == 0) {
+                    continue;
+                }
+            } else {
+                if (type == 0) {
+                    /* no type known yet */
+                    rv = SECFailure;
+                    break;
+                }
+                cp = save;
+            }
+        }
+
+        current = PORT_ArenaZNew(arena, CERTGeneralName);
+        if (!current) {
+            rv = SECFailure;
+            break;
+        }
+
+        current->type = type;
+        switch (type) {
+            /* string types */
+            case certRFC822Name:
+            case certDNSName:
+            case certURI:
+                current->name.other.data =
+                    (unsigned char *)PORT_ArenaStrdup(arena, cp);
+                current->name.other.len = PORT_Strlen(cp);
+                break;
+            /* unformated data types */
+            case certX400Address:
+            case certEDIPartyName:
+                /* turn a string into a data and len */
+                rv = SECFailure; /* punt on these for now */
+                fprintf(stderr, "EDI Party Name and X.400 Address not supported\n");
+                break;
+            case certDirectoryName:
+                /* certDirectoryName */
+                name = CERT_AsciiToName(cp);
+                if (name == NULL) {
+                    rv = SECFailure;
+                    fprintf(stderr, "Invalid Directory Name (\"%s\")\n", cp);
+                    break;
+                }
+                rv = CERT_CopyName(arena, &current->name.directoryName, name);
+                CERT_DestroyName(name);
+                break;
+            /* types that require more processing */
+            case certIPAddress:
+                /* convert the string to an ip address */
+                status = PR_StringToNetAddr(cp, &addr);
+                if (status != PR_SUCCESS) {
+                    rv = SECFailure;
+                    fprintf(stderr, "Invalid IP Address (\"%s\")\n", cp);
+                    break;
+                }
+
+                if (PR_NetAddrFamily(&addr) == PR_AF_INET) {
+                    len = sizeof(addr.inet.ip);
+                    data = (unsigned char *)&addr.inet.ip;
+                } else if (PR_NetAddrFamily(&addr) == PR_AF_INET6) {
+                    len = sizeof(addr.ipv6.ip);
+                    data = (unsigned char *)&addr.ipv6.ip;
+                } else {
+                    fprintf(stderr, "Invalid IP Family\n");
+                    rv = SECFailure;
+                    break;
+                }
+                current->name.other.data = PORT_ArenaAlloc(arena, len);
+                if (current->name.other.data == NULL) {
+                    rv = SECFailure;
+                    break;
+                }
+                current->name.other.len = len;
+                PORT_Memcpy(current->name.other.data, data, len);
+                break;
+            case certRegisterID:
+                rv = GetOidFromString(arena, &current->name.other, cp, strlen(cp));
+                break;
+            case certOtherName:
+                oidString = cp;
+                cp = PORT_Strchr(cp, ';');
+                if (cp == NULL) {
+                    rv = SECFailure;
+                    fprintf(stderr, "missing name in other name\n");
+                    break;
+                }
+                *cp++ = 0;
+                current->name.OthName.name.data =
+                    (unsigned char *)PORT_ArenaStrdup(arena, cp);
+                if (current->name.OthName.name.data == NULL) {
+                    rv = SECFailure;
+                    break;
+                }
+                current->name.OthName.name.len = PORT_Strlen(cp);
+                rv = GetOidFromString(arena, &current->name.OthName.oid,
+                                      oidString, strlen(oidString));
+                break;
+            default:
+                rv = SECFailure;
+                fprintf(stderr, "Missing or invalid Subject Alternate Name type\n");
+                break;
+        }
+        if (rv == SECFailure) {
+            break;
+        }
+
+        if (prev) {
+            current->l.prev = prev;
+            prev->next = &(current->l);
+        } else {
+            nameList = current;
+        }
+        prev = &(current->l);
+    }
+    PORT_Free(names);
+    /* at this point nameList points to the head of a doubly linked,
+     * but not yet circular, list and current points to its tail. */
+    if (rv == SECSuccess && nameList) {
+        if (*existingListp != NULL) {
+            PRCList *existingprev;
+            /* add nameList to the end of the existing list */
+            existingprev = (*existingListp)->l.prev;
+            (*existingListp)->l.prev = &(current->l);
+            nameList->l.prev = existingprev;
+            existingprev->next = &(nameList->l);
+            current->l.next = &((*existingListp)->l);
+        } else {
+            /* make nameList circular and set it as the new existingList */
+            nameList->l.prev = prev;
+            current->l.next = &(nameList->l);
+            *existingListp = nameList;
+        }
+    }
+    return rv;
+}
+
+static SECStatus
+AddEmailSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
+                   const char *emailAddrs)
+{
+    return AddSubjectAltNames(arena, existingListp, emailAddrs,
+                              certRFC822Name);
+}
+
+static SECStatus
+AddDNSSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
+                 const char *dnsNames)
+{
+    return AddSubjectAltNames(arena, existingListp, dnsNames, certDNSName);
+}
+
+static SECStatus
+AddGeneralSubjectAlt(PLArenaPool *arena, CERTGeneralName **existingListp,
+                     const char *altNames)
+{
+    return AddSubjectAltNames(arena, existingListp, altNames, 0);
+}
+
+static SECStatus
+AddBasicConstraint(PLArenaPool *arena, void *extHandle)
+{
+    CERTBasicConstraints basicConstraint;
+    SECStatus rv;
+    char buffer[10];
+    PRBool yesNoAns;
+
+    do {
+        basicConstraint.pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
+        basicConstraint.isCA = GetYesNo("Is this a CA certificate [y/N]?");
+
+        buffer[0] = '\0';
+        if (PrintChoicesAndGetAnswer("Enter the path length constraint, "
+                                     "enter to skip [<0 for unlimited path]:",
+                                     buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+        if (PORT_Strlen(buffer) > 0)
+            basicConstraint.pathLenConstraint = PORT_Atoi(buffer);
+
+        yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
+                                             &basicConstraint, yesNoAns, SEC_OID_X509_BASIC_CONSTRAINTS,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeBasicConstraintValue);
+    } while (0);
+
+    return (rv);
+}
+
+static SECStatus
+AddNameConstraints(void *extHandle)
+{
+    PLArenaPool *arena = NULL;
+    CERTNameConstraints *constraints = NULL;
+
+    CERTNameConstraint *current = NULL;
+    CERTNameConstraint *last_permited = NULL;
+    CERTNameConstraint *last_excluded = NULL;
+    SECStatus rv = SECSuccess;
+
+    char buffer[512];
+    int intValue = 0;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena) {
+        constraints = PORT_ArenaZNew(arena, CERTNameConstraints);
+    }
+
+    if (!arena || !constraints) {
+        SECU_PrintError(progName, "out of memory");
+        PORT_FreeArena(arena, PR_FALSE);
+        return SECFailure;
+    }
+
+    constraints->permited = constraints->excluded = NULL;
+
+    do {
+        current = PORT_ArenaZNew(arena, CERTNameConstraint);
+        if (!current) {
+            GEN_BREAK(SECFailure);
+        }
+
+        (void)SEC_ASN1EncodeInteger(arena, &current->min, 0);
+
+        if (!GetGeneralName(arena, &current->name, PR_TRUE)) {
+            GEN_BREAK(SECFailure);
+        }
+
+        if (PrintChoicesAndGetAnswer("Type of Name Constraint?\n"
+                                     "\t1 - permitted\n\t2 - excluded\n\tAny"
+                                     "other number to finish\n\tChoice",
+                                     buffer, sizeof(buffer)) !=
+            SECSuccess) {
+            GEN_BREAK(SECFailure);
+        }
+
+        intValue = PORT_Atoi(buffer);
+        switch (intValue) {
+            case 1:
+                if (constraints->permited == NULL) {
+                    constraints->permited = last_permited = current;
+                }
+                last_permited->l.next = &(current->l);
+                current->l.prev = &(last_permited->l);
+                last_permited = current;
+                break;
+            case 2:
+                if (constraints->excluded == NULL) {
+                    constraints->excluded = last_excluded = current;
+                }
+                last_excluded->l.next = &(current->l);
+                current->l.prev = &(last_excluded->l);
+                last_excluded = current;
+                break;
+        }
+
+        PR_snprintf(buffer, sizeof(buffer), "Add another entry to the"
+                                            " Name Constraint Extension [y/N]");
+
+        if (GetYesNo(buffer) == 0) {
+            break;
+        }
+
+    } while (1);
+
+    if (rv == SECSuccess) {
+        int oidIdent = SEC_OID_X509_NAME_CONSTRAINTS;
+
+        PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        if (constraints->permited != NULL) {
+            last_permited->l.next = &(constraints->permited->l);
+            constraints->permited->l.prev = &(last_permited->l);
+        }
+        if (constraints->excluded != NULL) {
+            last_excluded->l.next = &(constraints->excluded->l);
+            constraints->excluded->l.prev = &(last_excluded->l);
+        }
+
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, constraints,
+                                             yesNoAns, oidIdent,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeNameConstraintsExtension);
+    }
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+static SECStatus
+AddAuthKeyID(void *extHandle)
+{
+    CERTAuthKeyID *authKeyID = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    PRBool yesNoAns;
+
+    do {
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            SECU_PrintError(progName, "out of memory");
+            GEN_BREAK(SECFailure);
+        }
+
+        if (GetYesNo("Enter value for the authKeyID extension [y/N]?") == 0)
+            break;
+
+        authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID);
+        if (authKeyID == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        rv = GetString(arena, "Enter value for the key identifier fields,"
+                              "enter to omit:",
+                       &authKeyID->keyID);
+        if (rv != SECSuccess)
+            break;
+
+        SECU_SECItemHexStringToBinary(&authKeyID->keyID);
+
+        authKeyID->authCertIssuer = CreateGeneralName(arena);
+        if (authKeyID->authCertIssuer == NULL &&
+            SECFailure == PORT_GetError())
+            break;
+
+        rv = GetString(arena, "Enter value for the authCertSerial field, "
+                              "enter to omit:",
+                       &authKeyID->authCertSerialNumber);
+
+        yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
+                                             authKeyID, yesNoAns, SEC_OID_X509_AUTH_KEY_ID,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID);
+        if (rv)
+            break;
+
+    } while (0);
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+static SECStatus
+AddSubjKeyID(void *extHandle)
+{
+    SECItem keyID;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    PRBool yesNoAns;
+
+    do {
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            SECU_PrintError(progName, "out of memory");
+            GEN_BREAK(SECFailure);
+        }
+        printf("Adding Subject Key ID extension.\n");
+
+        rv = GetString(arena, "Enter value for the key identifier fields,"
+                              "enter to omit:",
+                       &keyID);
+        if (rv != SECSuccess)
+            break;
+
+        SECU_SECItemHexStringToBinary(&keyID);
+
+        yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
+                                             &keyID, yesNoAns, SEC_OID_X509_SUBJECT_KEY_ID,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeSubjectKeyID);
+        if (rv)
+            break;
+
+    } while (0);
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+static SECStatus
+AddCrlDistPoint(void *extHandle)
+{
+    PLArenaPool *arena = NULL;
+    CERTCrlDistributionPoints *crlDistPoints = NULL;
+    CRLDistributionPoint *current;
+    SECStatus rv = SECSuccess;
+    int count = 0, intValue;
+    char buffer[512];
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena)
+        return (SECFailure);
+
+    do {
+        current = NULL;
+
+        current = PORT_ArenaZNew(arena, CRLDistributionPoint);
+        if (current == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        /* Get the distributionPointName fields - this field is optional */
+        if (PrintChoicesAndGetAnswer(
+                "Enter the type of the distribution point name:\n"
+                "\t1 - Full Name\n\t2 - Relative Name\n\tAny other "
+                "number to finish\n\t\tChoice: ",
+                buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+        intValue = PORT_Atoi(buffer);
+        switch (intValue) {
+            case generalName:
+                current->distPointType = intValue;
+                current->distPoint.fullName = CreateGeneralName(arena);
+                rv = PORT_GetError();
+                break;
+
+            case relativeDistinguishedName: {
+                CERTName *name;
+
+                current->distPointType = intValue;
+                puts("Enter the relative name: ");
+                fflush(stdout);
+                if (Gets_s(buffer, sizeof(buffer)) == NULL) {
+                    GEN_BREAK(SECFailure);
+                }
+                /* For simplicity, use CERT_AsciiToName to converse from a string
+               to NAME, but we only interest in the first RDN */
+                name = CERT_AsciiToName(buffer);
+                if (!name) {
+                    GEN_BREAK(SECFailure);
+                }
+                rv = CERT_CopyRDN(arena, &current->distPoint.relativeName,
+                                  name->rdns[0]);
+                CERT_DestroyName(name);
+                break;
+            }
+        }
+        if (rv != SECSuccess)
+            break;
+
+        /* Get the reason flags */
+        if (PrintChoicesAndGetAnswer(
+                "\nSelect one of the following for the reason flags\n"
+                "\t0 - unused\n\t1 - keyCompromise\n"
+                "\t2 - caCompromise\n\t3 - affiliationChanged\n"
+                "\t4 - superseded\n\t5 - cessationOfOperation\n"
+                "\t6 - certificateHold\n"
+                "\tAny other number to finish\t\tChoice: ",
+                buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+        intValue = PORT_Atoi(buffer);
+        if (intValue == 0) {
+            /* Checking that zero value of variable 'value'
+             * corresponds to '0' input made by user */
+            char *chPtr = strchr(buffer, '0');
+            if (chPtr == NULL) {
+                intValue = -1;
+            }
+        }
+        if (intValue >= 0 && intValue < 8) {
+            current->reasons.data = PORT_ArenaAlloc(arena, sizeof(char));
+            if (current->reasons.data == NULL) {
+                GEN_BREAK(SECFailure);
+            }
+            *current->reasons.data = (char)(0x80 >> intValue);
+            current->reasons.len = 1;
+        }
+        puts("Enter value for the CRL Issuer name:\n");
+        current->crlIssuer = CreateGeneralName(arena);
+        if (current->crlIssuer == NULL && (rv = PORT_GetError()) == SECFailure)
+            break;
+
+        if (crlDistPoints == NULL) {
+            crlDistPoints = PORT_ArenaZNew(arena, CERTCrlDistributionPoints);
+            if (crlDistPoints == NULL) {
+                GEN_BREAK(SECFailure);
+            }
+        }
+
+        if (crlDistPoints->distPoints) {
+            crlDistPoints->distPoints =
+                PORT_ArenaGrow(arena, crlDistPoints->distPoints,
+                               sizeof(*crlDistPoints->distPoints) * count,
+                               sizeof(*crlDistPoints->distPoints) * (count + 1));
+        } else {
+            crlDistPoints->distPoints =
+                PORT_ArenaZAlloc(arena, sizeof(*crlDistPoints->distPoints) * (count + 1));
+        }
+        if (crlDistPoints->distPoints == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        crlDistPoints->distPoints[count] = current;
+        ++count;
+        if (GetYesNo("Enter another value for the CRLDistributionPoint "
+                     "extension [y/N]?") == 0) {
+            /* Add null to the end to mark end of data */
+            crlDistPoints->distPoints =
+                PORT_ArenaGrow(arena, crlDistPoints->distPoints,
+                               sizeof(*crlDistPoints->distPoints) * count,
+                               sizeof(*crlDistPoints->distPoints) * (count + 1));
+            crlDistPoints->distPoints[count] = NULL;
+            break;
+        }
+
+    } while (1);
+
+    if (rv == SECSuccess) {
+        PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle,
+                                             crlDistPoints, yesNoAns, SEC_OID_X509_CRL_DIST_POINTS,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCRLDistributionPoints);
+    }
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+static SECStatus
+AddPolicyConstraints(void *extHandle)
+{
+    CERTCertificatePolicyConstraints *policyConstr;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    SECItem *item, *dummy;
+    char buffer[512];
+    int value;
+    PRBool yesNoAns;
+    PRBool skipExt = PR_TRUE;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
+    policyConstr = PORT_ArenaZNew(arena, CERTCertificatePolicyConstraints);
+    if (policyConstr == NULL) {
+        SECU_PrintError(progName, "out of memory");
+        goto loser;
+    }
+
+    if (PrintChoicesAndGetAnswer("for requireExplicitPolicy enter the number "
+                                 "of certs in path\nbefore explicit policy is required\n"
+                                 "(press Enter to omit)",
+                                 buffer, sizeof(buffer)) == SECFailure) {
+        goto loser;
+    }
+
+    if (PORT_Strlen(buffer)) {
+        value = PORT_Atoi(buffer);
+        if (value < 0) {
+            goto loser;
+        }
+        item = &policyConstr->explicitPolicySkipCerts;
+        dummy = SEC_ASN1EncodeInteger(arena, item, value);
+        if (!dummy) {
+            goto loser;
+        }
+        skipExt = PR_FALSE;
+    }
+
+    if (PrintChoicesAndGetAnswer("for inihibitPolicyMapping enter "
+                                 "the number of certs in path\n"
+                                 "after which policy mapping is not allowed\n"
+                                 "(press Enter to omit)",
+                                 buffer, sizeof(buffer)) == SECFailure) {
+        goto loser;
+    }
+
+    if (PORT_Strlen(buffer)) {
+        value = PORT_Atoi(buffer);
+        if (value < 0) {
+            goto loser;
+        }
+        item = &policyConstr->inhibitMappingSkipCerts;
+        dummy = SEC_ASN1EncodeInteger(arena, item, value);
+        if (!dummy) {
+            goto loser;
+        }
+        skipExt = PR_FALSE;
+    }
+
+    if (!skipExt) {
+        yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, policyConstr,
+                                             yesNoAns, SEC_OID_X509_POLICY_CONSTRAINTS,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyConstraintsExtension);
+    } else {
+        fprintf(stdout, "Policy Constraint extensions must contain "
+                        "at least one policy field\n");
+        rv = SECFailure;
+    }
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return (rv);
+}
+
+static SECStatus
+AddInhibitAnyPolicy(void *extHandle)
+{
+    CERTCertificateInhibitAny certInhibitAny;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    SECItem *item, *dummy;
+    char buffer[10];
+    int value;
+    PRBool yesNoAns;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
+    if (PrintChoicesAndGetAnswer("Enter the number of certs in the path "
+                                 "permitted to use anyPolicy.\n"
+                                 "(press Enter for 0)",
+                                 buffer, sizeof(buffer)) == SECFailure) {
+        goto loser;
+    }
+
+    item = &certInhibitAny.inhibitAnySkipCerts;
+    value = PORT_Atoi(buffer);
+    if (value < 0) {
+        goto loser;
+    }
+    dummy = SEC_ASN1EncodeInteger(arena, item, value);
+    if (!dummy) {
+        goto loser;
+    }
+
+    yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+    rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &certInhibitAny,
+                                         yesNoAns, SEC_OID_X509_INHIBIT_ANY_POLICY,
+                                         (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInhibitAnyExtension);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return (rv);
+}
+
+static SECStatus
+AddPolicyMappings(void *extHandle)
+{
+    CERTPolicyMap **policyMapArr = NULL;
+    CERTPolicyMap *current;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    int count = 0;
+    char buffer[512];
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
+    do {
+        if (PrintChoicesAndGetAnswer("Enter an Object Identifier (dotted "
+                                     "decimal format) for Issuer Domain Policy",
+                                     buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        current = PORT_ArenaZNew(arena, CERTPolicyMap);
+        if (current == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        rv = SEC_StringToOID(arena, &current->issuerDomainPolicy, buffer, 0);
+        if (rv == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        if (PrintChoicesAndGetAnswer("Enter an Object Identifier for "
+                                     "Subject Domain Policy",
+                                     buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        rv = SEC_StringToOID(arena, &current->subjectDomainPolicy, buffer, 0);
+        if (rv == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        if (policyMapArr == NULL) {
+            policyMapArr = PORT_ArenaZNew(arena, CERTPolicyMap *);
+            if (policyMapArr == NULL) {
+                GEN_BREAK(SECFailure);
+            }
+        }
+
+        policyMapArr = PORT_ArenaGrow(arena, policyMapArr,
+                                      sizeof(current) * count,
+                                      sizeof(current) * (count + 1));
+        if (policyMapArr == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        policyMapArr[count] = current;
+        ++count;
+
+        if (!GetYesNo("Enter another Policy Mapping [y/N]")) {
+            /* Add null to the end to mark end of data */
+            policyMapArr = PORT_ArenaGrow(arena, policyMapArr,
+                                          sizeof(current) * count,
+                                          sizeof(current) * (count + 1));
+            if (policyMapArr == NULL) {
+                GEN_BREAK(SECFailure);
+            }
+            policyMapArr[count] = NULL;
+            break;
+        }
+
+    } while (1);
+
+    if (rv == SECSuccess) {
+        CERTCertificatePolicyMappings mappings;
+        PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        mappings.arena = arena;
+        mappings.policyMaps = policyMapArr;
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &mappings,
+                                             yesNoAns, SEC_OID_X509_POLICY_MAPPINGS,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodePolicyMappingExtension);
+    }
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+enum PoliciQualifierEnum {
+    cpsPointer = 1,
+    userNotice = 2
+};
+
+static CERTPolicyQualifier **
+RequestPolicyQualifiers(PLArenaPool *arena, SECItem *policyID)
+{
+    CERTPolicyQualifier **policyQualifArr = NULL;
+    CERTPolicyQualifier *current;
+    SECStatus rv = SECSuccess;
+    int count = 0;
+    char buffer[512];
+    void *mark;
+    SECOidData *oid = NULL;
+    int intValue = 0;
+    int inCount = 0;
+
+    PORT_Assert(arena);
+    mark = PORT_ArenaMark(arena);
+    do {
+        current = PORT_ArenaZNew(arena, CERTPolicyQualifier);
+        if (current == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        /* Get the accessMethod fields */
+        SECU_PrintObjectID(stdout, policyID,
+                           "Choose the type of qualifier for policy", 0);
+
+        if (PrintChoicesAndGetAnswer(
+                "\t1 - CPS Pointer qualifier\n"
+                "\t2 - User notice qualifier\n"
+                "\tAny other number to finish\n"
+                "\t\tChoice: ",
+                buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+        intValue = PORT_Atoi(buffer);
+        switch (intValue) {
+            case cpsPointer: {
+                SECItem input;
+
+                oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CPS_POINTER_QUALIFIER);
+                if (PrintChoicesAndGetAnswer("Enter CPS pointer URI: ",
+                                             buffer, sizeof(buffer)) == SECFailure) {
+                    GEN_BREAK(SECFailure);
+                }
+                input.len = PORT_Strlen(buffer);
+                input.data = (void *)PORT_ArenaStrdup(arena, buffer);
+                if (input.data == NULL ||
+                    SEC_ASN1EncodeItem(arena, &current->qualifierValue, &input,
+                                       SEC_ASN1_GET(SEC_IA5StringTemplate)) == NULL) {
+                    GEN_BREAK(SECFailure);
+                }
+                break;
+            }
+            case userNotice: {
+                SECItem **noticeNumArr;
+                CERTUserNotice *notice = PORT_ArenaZNew(arena, CERTUserNotice);
+                if (!notice) {
+                    GEN_BREAK(SECFailure);
+                }
+
+                oid = SECOID_FindOIDByTag(SEC_OID_PKIX_USER_NOTICE_QUALIFIER);
+
+                if (GetYesNo("\t add a User Notice reference? [y/N]")) {
+
+                    if (PrintChoicesAndGetAnswer("Enter user organization string: ",
+                                                 buffer, sizeof(buffer)) ==
+                        SECFailure) {
+                        GEN_BREAK(SECFailure);
+                    }
+
+                    notice->noticeReference.organization.type = siAsciiString;
+                    notice->noticeReference.organization.len =
+                        PORT_Strlen(buffer);
+                    notice->noticeReference.organization.data =
+                        (void *)PORT_ArenaStrdup(arena, buffer);
+
+                    noticeNumArr = PORT_ArenaZNewArray(arena, SECItem *, 2);
+                    if (!noticeNumArr) {
+                        GEN_BREAK(SECFailure);
+                    }
+
+                    do {
+                        SECItem *noticeNum;
+
+                        noticeNum = PORT_ArenaZNew(arena, SECItem);
+
+                        if (PrintChoicesAndGetAnswer(
+                                "Enter User Notice reference number "
+                                "(or -1 to quit): ",
+                                buffer, sizeof(buffer)) == SECFailure) {
+                            GEN_BREAK(SECFailure);
+                        }
+
+                        intValue = PORT_Atoi(buffer);
+                        if (noticeNum == NULL) {
+                            if (intValue < 0) {
+                                fprintf(stdout, "a noticeReference must have at "
+                                                "least one reference number\n");
+                                GEN_BREAK(SECFailure);
+                            }
+                        } else {
+                            if (intValue >= 0) {
+                                noticeNumArr = PORT_ArenaGrow(arena, noticeNumArr,
+                                                              sizeof(current) *
+                                                                  inCount,
+                                                              sizeof(current) *
+                                                                  (inCount + 1));
+                                if (noticeNumArr == NULL) {
+                                    GEN_BREAK(SECFailure);
+                                }
+                            } else {
+                                break;
+                            }
+                        }
+                        if (!SEC_ASN1EncodeInteger(arena, noticeNum, intValue)) {
+                            GEN_BREAK(SECFailure);
+                        }
+                        noticeNumArr[inCount++] = noticeNum;
+                        noticeNumArr[inCount] = NULL;
+
+                    } while (1);
+                    if (rv == SECFailure) {
+                        GEN_BREAK(SECFailure);
+                    }
+                    notice->noticeReference.noticeNumbers = noticeNumArr;
+                    rv = CERT_EncodeNoticeReference(arena, &notice->noticeReference,
+                                                    &notice->derNoticeReference);
+                    if (rv == SECFailure) {
+                        GEN_BREAK(SECFailure);
+                    }
+                }
+                if (GetYesNo("\t EnterUser Notice explicit text? [y/N]")) {
+                    /* Getting only 200 bytes - RFC limitation */
+                    if (PrintChoicesAndGetAnswer(
+                            "\t", buffer, 200) == SECFailure) {
+                        GEN_BREAK(SECFailure);
+                    }
+                    notice->displayText.type = siAsciiString;
+                    notice->displayText.len = PORT_Strlen(buffer);
+                    notice->displayText.data =
+                        (void *)PORT_ArenaStrdup(arena, buffer);
+                    if (notice->displayText.data == NULL) {
+                        GEN_BREAK(SECFailure);
+                    }
+                }
+
+                rv = CERT_EncodeUserNotice(arena, notice, &current->qualifierValue);
+                if (rv == SECFailure) {
+                    GEN_BREAK(SECFailure);
+                }
+
+                break;
+            }
+        }
+        if (rv == SECFailure || oid == NULL ||
+            SECITEM_CopyItem(arena, &current->qualifierID, &oid->oid) ==
+                SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        if (!policyQualifArr) {
+            policyQualifArr = PORT_ArenaZNew(arena, CERTPolicyQualifier *);
+        } else {
+            policyQualifArr = PORT_ArenaGrow(arena, policyQualifArr,
+                                             sizeof(current) * count,
+                                             sizeof(current) * (count + 1));
+        }
+        if (policyQualifArr == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        policyQualifArr[count] = current;
+        ++count;
+
+        if (!GetYesNo("Enter another policy qualifier [y/N]")) {
+            /* Add null to the end to mark end of data */
+            policyQualifArr = PORT_ArenaGrow(arena, policyQualifArr,
+                                             sizeof(current) * count,
+                                             sizeof(current) * (count + 1));
+            if (policyQualifArr == NULL) {
+                GEN_BREAK(SECFailure);
+            }
+            policyQualifArr[count] = NULL;
+            break;
+        }
+
+    } while (1);
+
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(arena, mark);
+        policyQualifArr = NULL;
+    }
+    return (policyQualifArr);
+}
+
+static SECStatus
+AddCertPolicies(void *extHandle)
+{
+    CERTPolicyInfo **certPoliciesArr = NULL;
+    CERTPolicyInfo *current;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    int count = 0;
+    char buffer[512];
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
+    do {
+        current = PORT_ArenaZNew(arena, CERTPolicyInfo);
+        if (current == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        if (PrintChoicesAndGetAnswer("Enter a CertPolicy Object Identifier "
+                                     "(dotted decimal format)\n"
+                                     "or \"any\" for AnyPolicy:",
+                                     buffer, sizeof(buffer)) == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        if (strncmp(buffer, "any", 3) == 0) {
+            /* use string version of X509_CERTIFICATE_POLICIES.anyPolicy */
+            strcpy(buffer, "OID.2.5.29.32.0");
+        }
+        rv = SEC_StringToOID(arena, &current->policyID, buffer, 0);
+
+        if (rv == SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        current->policyQualifiers =
+            RequestPolicyQualifiers(arena, &current->policyID);
+
+        if (!certPoliciesArr) {
+            certPoliciesArr = PORT_ArenaZNew(arena, CERTPolicyInfo *);
+        } else {
+            certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
+                                             sizeof(current) * count,
+                                             sizeof(current) * (count + 1));
+        }
+        if (certPoliciesArr == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        certPoliciesArr[count] = current;
+        ++count;
+
+        if (!GetYesNo("Enter another PolicyInformation field [y/N]?")) {
+            /* Add null to the end to mark end of data */
+            certPoliciesArr = PORT_ArenaGrow(arena, certPoliciesArr,
+                                             sizeof(current) * count,
+                                             sizeof(current) * (count + 1));
+            if (certPoliciesArr == NULL) {
+                GEN_BREAK(SECFailure);
+            }
+            certPoliciesArr[count] = NULL;
+            break;
+        }
+
+    } while (1);
+
+    if (rv == SECSuccess) {
+        CERTCertificatePolicies policies;
+        PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        policies.arena = arena;
+        policies.policyInfos = certPoliciesArr;
+
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, &policies,
+                                             yesNoAns, SEC_OID_X509_CERTIFICATE_POLICIES,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeCertPoliciesExtension);
+    }
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+enum AuthInfoAccessTypesEnum {
+    caIssuers = 1,
+    ocsp = 2
+};
+
+enum SubjInfoAccessTypesEnum {
+    caRepository = 1,
+    timeStamping = 2
+};
+
+/* Encode and add an AIA or SIA extension */
+static SECStatus
+AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert)
+{
+    CERTAuthInfoAccess **infoAccArr = NULL;
+    CERTAuthInfoAccess *current;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    int count = 0;
+    char buffer[512];
+    SECOidData *oid = NULL;
+    int intValue = 0;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
+    do {
+        current = NULL;
+        current = PORT_ArenaZNew(arena, CERTAuthInfoAccess);
+        if (current == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        /* Get the accessMethod fields */
+        if (addSIAExt) {
+            if (isCACert) {
+                puts("Adding \"CA Repository\" access method type for "
+                     "Subject Information Access extension:\n");
+                intValue = caRepository;
+            } else {
+                puts("Adding \"Time Stamping Services\" access method type for "
+                     "Subject Information Access extension:\n");
+                intValue = timeStamping;
+            }
+        } else {
+            if (PrintChoicesAndGetAnswer("Enter access method type "
+                                         "for Authority Information Access extension:\n"
+                                         "\t1 - CA Issuers\n\t2 - OCSP\n\tAny"
+                                         "other number to finish\n\tChoice",
+                                         buffer, sizeof(buffer)) !=
+                SECSuccess) {
+                GEN_BREAK(SECFailure);
+            }
+            intValue = PORT_Atoi(buffer);
+        }
+        if (addSIAExt) {
+            switch (intValue) {
+                case caRepository:
+                    oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_REPOSITORY);
+                    break;
+
+                case timeStamping:
+                    oid = SECOID_FindOIDByTag(SEC_OID_PKIX_TIMESTAMPING);
+                    break;
+            }
+        } else {
+            switch (intValue) {
+                case caIssuers:
+                    oid = SECOID_FindOIDByTag(SEC_OID_PKIX_CA_ISSUERS);
+                    break;
+
+                case ocsp:
+                    oid = SECOID_FindOIDByTag(SEC_OID_PKIX_OCSP);
+                    break;
+            }
+        }
+        if (oid == NULL ||
+            SECITEM_CopyItem(arena, &current->method, &oid->oid) ==
+                SECFailure) {
+            GEN_BREAK(SECFailure);
+        }
+
+        current->location = CreateGeneralName(arena);
+        if (!current->location) {
+            GEN_BREAK(SECFailure);
+        }
+
+        if (infoAccArr == NULL) {
+            infoAccArr = PORT_ArenaZNew(arena, CERTAuthInfoAccess *);
+        } else {
+            infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
+                                        sizeof(current) * count,
+                                        sizeof(current) * (count + 1));
+        }
+        if (infoAccArr == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        infoAccArr[count] = current;
+        ++count;
+
+        PR_snprintf(buffer, sizeof(buffer), "Add another location to the %s"
+                                            " Information Access extension [y/N]",
+                    (addSIAExt) ? "Subject" : "Authority");
+
+        if (GetYesNo(buffer) == 0) {
+            /* Add null to the end to mark end of data */
+            infoAccArr = PORT_ArenaGrow(arena, infoAccArr,
+                                        sizeof(current) * count,
+                                        sizeof(current) * (count + 1));
+            if (infoAccArr == NULL) {
+                GEN_BREAK(SECFailure);
+            }
+            infoAccArr[count] = NULL;
+            break;
+        }
+
+    } while (1);
+
+    if (rv == SECSuccess) {
+        int oidIdent = SEC_OID_X509_AUTH_INFO_ACCESS;
+
+        PRBool yesNoAns = GetYesNo("Is this a critical extension [y/N]?");
+
+        if (addSIAExt) {
+            oidIdent = SEC_OID_X509_SUBJECT_INFO_ACCESS;
+        }
+        rv = SECU_EncodeAndAddExtensionValue(arena, extHandle, infoAccArr,
+                                             yesNoAns, oidIdent,
+                                             (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeInfoAccessExtension);
+    }
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+/* Example of valid input:
+ *     1.2.3.4:critical:/tmp/abc,5.6.7.8:not-critical:/tmp/xyz
+ */
+static SECStatus
+parseNextGenericExt(const char *nextExtension, const char **oid, int *oidLen,
+                    const char **crit, int *critLen,
+                    const char **filename, int *filenameLen,
+                    const char **next)
+{
+    const char *nextColon;
+    const char *nextComma;
+    const char *iter = nextExtension;
+
+    if (!iter || !*iter)
+        return SECFailure;
+
+    /* Require colons at earlier positions than nextComma (or end of string ) */
+    nextComma = strchr(iter, ',');
+
+    *oid = iter;
+    nextColon = strchr(iter, ':');
+    if (!nextColon || (nextComma && nextColon > nextComma))
+        return SECFailure;
+    *oidLen = (nextColon - *oid);
+
+    if (!*oidLen)
+        return SECFailure;
+
+    iter = nextColon;
+    ++iter;
+
+    *crit = iter;
+    nextColon = strchr(iter, ':');
+    if (!nextColon || (nextComma && nextColon > nextComma))
+        return SECFailure;
+    *critLen = (nextColon - *crit);
+
+    if (!*critLen)
+        return SECFailure;
+
+    iter = nextColon;
+    ++iter;
+
+    *filename = iter;
+    if (nextComma) {
+        *filenameLen = (nextComma - *filename);
+        iter = nextComma;
+        ++iter;
+        *next = iter;
+    } else {
+        *filenameLen = strlen(*filename);
+        *next = NULL;
+    }
+
+    if (!*filenameLen)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+SECStatus
+AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
+              certutilExtnList extList, const char *extGeneric)
+{
+    PLArenaPool *arena;
+    SECStatus rv = SECSuccess;
+    char *errstring = NULL;
+    const char *nextExtension = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return SECFailure;
+    }
+
+    do {
+        /* Add key usage extension */
+        if (extList[ext_keyUsage].activated) {
+            rv = AddKeyUsage(extHandle, extList[ext_keyUsage].arg);
+            if (rv) {
+                errstring = "KeyUsage";
+                break;
+            }
+        }
+
+        /* Add extended key usage extension */
+        if (extList[ext_extKeyUsage].activated) {
+            rv = AddExtKeyUsage(extHandle, extList[ext_extKeyUsage].arg);
+            if (rv) {
+                errstring = "ExtendedKeyUsage";
+                break;
+            }
+        }
+
+        /* Add basic constraint extension */
+        if (extList[ext_basicConstraint].activated) {
+            rv = AddBasicConstraint(arena, extHandle);
+            if (rv) {
+                errstring = "BasicConstraint";
+                break;
+            }
+        }
+
+        /* Add name constraints extension */
+        if (extList[ext_nameConstraints].activated) {
+            rv = AddNameConstraints(extHandle);
+            if (rv) {
+                errstring = "NameConstraints";
+                break;
+            }
+        }
+
+        if (extList[ext_authorityKeyID].activated) {
+            rv = AddAuthKeyID(extHandle);
+            if (rv) {
+                errstring = "AuthorityKeyID";
+                break;
+            }
+        }
+
+        if (extList[ext_subjectKeyID].activated) {
+            rv = AddSubjKeyID(extHandle);
+            if (rv) {
+                errstring = "SubjectKeyID";
+                break;
+            }
+        }
+
+        if (extList[ext_CRLDistPts].activated) {
+            rv = AddCrlDistPoint(extHandle);
+            if (rv) {
+                errstring = "CRLDistPoints";
+                break;
+            }
+        }
+
+        if (extList[ext_NSCertType].activated) {
+            rv = AddNscpCertType(extHandle, extList[ext_NSCertType].arg);
+            if (rv) {
+                errstring = "NSCertType";
+                break;
+            }
+        }
+
+        if (extList[ext_authInfoAcc].activated ||
+            extList[ext_subjInfoAcc].activated) {
+            rv = AddInfoAccess(extHandle, extList[ext_subjInfoAcc].activated,
+                               extList[ext_basicConstraint].activated);
+            if (rv) {
+                errstring = "InformationAccess";
+                break;
+            }
+        }
+
+        if (extList[ext_certPolicies].activated) {
+            rv = AddCertPolicies(extHandle);
+            if (rv) {
+                errstring = "Policies";
+                break;
+            }
+        }
+
+        if (extList[ext_policyMappings].activated) {
+            rv = AddPolicyMappings(extHandle);
+            if (rv) {
+                errstring = "PolicyMappings";
+                break;
+            }
+        }
+
+        if (extList[ext_policyConstr].activated) {
+            rv = AddPolicyConstraints(extHandle);
+            if (rv) {
+                errstring = "PolicyConstraints";
+                break;
+            }
+        }
+
+        if (extList[ext_inhibitAnyPolicy].activated) {
+            rv = AddInhibitAnyPolicy(extHandle);
+            if (rv) {
+                errstring = "InhibitAnyPolicy";
+                break;
+            }
+        }
+
+        if (emailAddrs || dnsNames || extList[ext_subjectAltName].activated) {
+            CERTGeneralName *namelist = NULL;
+            SECItem item = { 0, NULL, 0 };
+
+            rv = SECSuccess;
+
+            if (emailAddrs) {
+                rv |= AddEmailSubjectAlt(arena, &namelist, emailAddrs);
+            }
+
+            if (dnsNames) {
+                rv |= AddDNSSubjectAlt(arena, &namelist, dnsNames);
+            }
+
+            if (extList[ext_subjectAltName].activated) {
+                rv |= AddGeneralSubjectAlt(arena, &namelist,
+                                           extList[ext_subjectAltName].arg);
+            }
+
+            if (rv == SECSuccess) {
+                rv = CERT_EncodeAltNameExtension(arena, namelist, &item);
+                if (rv == SECSuccess) {
+                    rv = CERT_AddExtension(extHandle,
+                                           SEC_OID_X509_SUBJECT_ALT_NAME,
+                                           &item, PR_FALSE, PR_TRUE);
+                }
+            }
+            if (rv) {
+                errstring = "SubjectAltName";
+                break;
+            }
+        }
+    } while (0);
+
+    PORT_FreeArena(arena, PR_FALSE);
+
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "Problem creating %s extension", errstring);
+    }
+
+    nextExtension = extGeneric;
+    while (nextExtension && *nextExtension) {
+        SECItem oid_item, value;
+        PRBool isCritical;
+        const char *oid, *crit, *filename, *next;
+        int oidLen, critLen, filenameLen;
+        PRFileDesc *inFile = NULL;
+        char *zeroTerminatedFilename = NULL;
+
+        rv = parseNextGenericExt(nextExtension, &oid, &oidLen, &crit, &critLen,
+                                 &filename, &filenameLen, &next);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName,
+                            "error parsing generic extension parameter %s",
+                            nextExtension);
+            break;
+        }
+        oid_item.data = NULL;
+        oid_item.len = 0;
+        rv = GetOidFromString(NULL, &oid_item, oid, oidLen);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "malformed extension OID %s", nextExtension);
+            break;
+        }
+        if (!strncmp("critical", crit, critLen)) {
+            isCritical = PR_TRUE;
+        } else if (!strncmp("not-critical", crit, critLen)) {
+            isCritical = PR_FALSE;
+        } else {
+            rv = SECFailure;
+            SECU_PrintError(progName, "expected 'critical' or 'not-critical'");
+            break;
+        }
+        zeroTerminatedFilename = PL_strndup(filename, filenameLen);
+        if (!zeroTerminatedFilename) {
+            rv = SECFailure;
+            SECU_PrintError(progName, "out of memory");
+            break;
+        }
+        rv = SECFailure;
+        inFile = PR_Open(zeroTerminatedFilename, PR_RDONLY, 0);
+        if (inFile) {
+            rv = SECU_ReadDERFromFile(&value, inFile, PR_FALSE, PR_FALSE);
+            PR_Close(inFile);
+            inFile = NULL;
+        }
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "unable to read file %s",
+                            zeroTerminatedFilename);
+        }
+        PL_strfree(zeroTerminatedFilename);
+        if (rv != SECSuccess) {
+            break;
+        }
+        rv = CERT_AddExtensionByOID(extHandle, &oid_item, &value, isCritical,
+                                    PR_TRUE /*copyData*/);
+        SECITEM_FreeItem(&value, PR_FALSE);
+        SECITEM_FreeItem(&oid_item, PR_FALSE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "failed to add extension %s", nextExtension);
+            break;
+        }
+        nextExtension = next;
+    }
+
+    return rv;
+}
diff --git a/nss/cmd/certutil/certutil.c b/nss/cmd/certutil/certutil.c
new file mode 100644
index 0000000..24acdbc
--- /dev/null
+++ b/nss/cmd/certutil/certutil.c
@@ -0,0 +1,3707 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** certutil.c
+**
+** utility for managing certificates and the cert database
+**
+*/
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#if defined(WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+#include "secutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "nss.h"
+#include "certutil.h"
+
+#define MIN_KEY_BITS 512
+/* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */
+#define MAX_KEY_BITS 8192
+#define DEFAULT_KEY_BITS 2048
+
+#define GEN_BREAK(e) \
+    rv = e;          \
+    break;
+
+char *progName;
+
+static CERTCertificateRequest *
+GetCertRequest(const SECItem *reqDER, void *pwarg)
+{
+    CERTCertificateRequest *certReq = NULL;
+    CERTSignedData signedData;
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+
+    do {
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+
+        certReq = (CERTCertificateRequest *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificateRequest));
+        if (!certReq) {
+            GEN_BREAK(SECFailure);
+        }
+        certReq->arena = arena;
+
+        /* Since cert request is a signed data, must decode to get the inner
+           data
+         */
+        PORT_Memset(&signedData, 0, sizeof(signedData));
+        rv = SEC_ASN1DecodeItem(arena, &signedData,
+                                SEC_ASN1_GET(CERT_SignedDataTemplate), reqDER);
+        if (rv) {
+            break;
+        }
+        rv = SEC_ASN1DecodeItem(arena, certReq,
+                                SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
+        if (rv) {
+            break;
+        }
+        rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData,
+                                                    &certReq->subjectPublicKeyInfo, pwarg);
+    } while (0);
+
+    if (rv) {
+        SECU_PrintError(progName, "bad certificate request\n");
+        if (arena) {
+            PORT_FreeArena(arena, PR_FALSE);
+        }
+        certReq = NULL;
+    }
+
+    return certReq;
+}
+
+static SECStatus
+AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts,
+        const SECItem *certDER, PRBool emailcert, void *pwdata)
+{
+    CERTCertTrust *trust = NULL;
+    CERTCertificate *cert = NULL;
+    SECStatus rv;
+
+    do {
+        /* Read in an ASCII cert and return a CERTCertificate */
+        cert = CERT_DecodeCertFromPackage((char *)certDER->data, certDER->len);
+        if (!cert) {
+            SECU_PrintError(progName, "could not decode certificate");
+            GEN_BREAK(SECFailure);
+        }
+
+        /* Create a cert trust */
+        trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
+        if (!trust) {
+            SECU_PrintError(progName, "unable to allocate cert trust");
+            GEN_BREAK(SECFailure);
+        }
+
+        rv = CERT_DecodeTrustString(trust, trusts);
+        if (rv) {
+            SECU_PrintError(progName, "unable to decode trust string");
+            GEN_BREAK(SECFailure);
+        }
+
+        rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, name, PR_FALSE);
+        if (rv != SECSuccess) {
+            /* sigh, PK11_Import Cert and CERT_ChangeCertTrust should have
+             * been coded to take a password arg. */
+            if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+                rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+                if (rv != SECSuccess) {
+                    SECU_PrintError(progName,
+                                    "could not authenticate to token %s.",
+                                    PK11_GetTokenName(slot));
+                    GEN_BREAK(SECFailure);
+                }
+                rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE,
+                                     name, PR_FALSE);
+            }
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName,
+                                "could not add certificate to token or database");
+                GEN_BREAK(SECFailure);
+            }
+        }
+
+        rv = CERT_ChangeCertTrust(handle, cert, trust);
+        if (rv != SECSuccess) {
+            if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+                rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+                if (rv != SECSuccess) {
+                    SECU_PrintError(progName,
+                                    "could not authenticate to token %s.",
+                                    PK11_GetTokenName(slot));
+                    GEN_BREAK(SECFailure);
+                }
+                rv = CERT_ChangeCertTrust(handle, cert, trust);
+            }
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName,
+                                "could not change trust on certificate");
+                GEN_BREAK(SECFailure);
+            }
+        }
+
+        if (emailcert) {
+            CERT_SaveSMimeProfile(cert, NULL, pwdata);
+        }
+
+    } while (0);
+
+    CERT_DestroyCertificate(cert);
+    PORT_Free(trust);
+
+    return rv;
+}
+
+static SECStatus
+CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
+        SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii,
+        const char *emailAddrs, const char *dnsNames,
+        certutilExtnList extnList, const char *extGeneric,
+        PRBool pssCertificate, /*out*/ SECItem *result)
+{
+    CERTSubjectPublicKeyInfo *spki;
+    CERTCertificateRequest *cr;
+    SECItem *encoding;
+    SECOidTag signAlgTag;
+    SECStatus rv;
+    PLArenaPool *arena;
+    void *extHandle;
+    SECItem signedReq = { siBuffer, NULL, 0 };
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "out of memory");
+        return SECFailure;
+    }
+
+    /* Create info about public key */
+    spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
+    if (!spki) {
+        PORT_FreeArena(arena, PR_FALSE);
+        SECU_PrintError(progName, "unable to create subject public key");
+        return SECFailure;
+    }
+
+    /* Change cert type to RSA-PSS, if desired. */
+    if (pssCertificate) {
+        spki->algorithm.parameters.data = NULL;
+        rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE, 0);
+        if (rv != SECSuccess) {
+            PORT_FreeArena(arena, PR_FALSE);
+            SECU_PrintError(progName, "unable to set algorithm ID");
+            return SECFailure;
+        }
+    }
+
+    /* Generate certificate request */
+    cr = CERT_CreateCertificateRequest(subject, spki, NULL);
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+    if (!cr) {
+        PORT_FreeArena(arena, PR_FALSE);
+        SECU_PrintError(progName, "unable to make certificate request");
+        return SECFailure;
+    }
+
+    extHandle = CERT_StartCertificateRequestAttributes(cr);
+    if (extHandle == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        CERT_DestroyCertificateRequest(cr);
+        return SECFailure;
+    }
+    if (AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric) !=
+        SECSuccess) {
+        PORT_FreeArena(arena, PR_FALSE);
+        CERT_FinishExtensions(extHandle);
+        CERT_DestroyCertificateRequest(cr);
+        return SECFailure;
+    }
+    CERT_FinishExtensions(extHandle);
+    CERT_FinishCertificateRequestAttributes(cr);
+
+    /* Der encode the request */
+    encoding = SEC_ASN1EncodeItem(arena, NULL, cr,
+                                  SEC_ASN1_GET(CERT_CertificateRequestTemplate));
+    CERT_DestroyCertificateRequest(cr);
+    if (encoding == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        SECU_PrintError(progName, "der encoding of request failed");
+        return SECFailure;
+    }
+
+    /* Sign the request */
+    signAlgTag = SEC_GetSignatureAlgorithmOidTag(keyType, hashAlgTag);
+    if (signAlgTag == SEC_OID_UNKNOWN) {
+        PORT_FreeArena(arena, PR_FALSE);
+        SECU_PrintError(progName, "unknown Key or Hash type");
+        return SECFailure;
+    }
+
+    rv = SEC_DerSignData(arena, &signedReq, encoding->data, encoding->len,
+                         privk, signAlgTag);
+    if (rv) {
+        PORT_FreeArena(arena, PR_FALSE);
+        SECU_PrintError(progName, "signing of data failed");
+        return SECFailure;
+    }
+
+    /* Encode request in specified format */
+    if (ascii) {
+        char *obuf;
+        char *header, *name, *email, *org, *state, *country;
+
+        obuf = BTOA_ConvertItemToAscii(&signedReq);
+        if (!obuf) {
+            goto oom;
+        }
+
+        name = CERT_GetCommonName(subject);
+        if (!name) {
+            name = PORT_Strdup("(not specified)");
+        }
+
+        if (!phone)
+            phone = "(not specified)";
+
+        email = CERT_GetCertEmailAddress(subject);
+        if (!email)
+            email = PORT_Strdup("(not specified)");
+
+        org = CERT_GetOrgName(subject);
+        if (!org)
+            org = PORT_Strdup("(not specified)");
+
+        state = CERT_GetStateName(subject);
+        if (!state)
+            state = PORT_Strdup("(not specified)");
+
+        country = CERT_GetCountryName(subject);
+        if (!country)
+            country = PORT_Strdup("(not specified)");
+
+        header = PR_smprintf(
+            "\nCertificate request generated by Netscape certutil\n"
+            "Phone: %s\n\n"
+            "Common Name: %s\n"
+            "Email: %s\n"
+            "Organization: %s\n"
+            "State: %s\n"
+            "Country: %s\n\n"
+            "%s\n",
+            phone, name, email, org, state, country, NS_CERTREQ_HEADER);
+
+        PORT_Free(name);
+        PORT_Free(email);
+        PORT_Free(org);
+        PORT_Free(state);
+        PORT_Free(country);
+
+        if (header) {
+            char *trailer = PR_smprintf("\n%s\n", NS_CERTREQ_TRAILER);
+            if (trailer) {
+                PRUint32 headerLen = PL_strlen(header);
+                PRUint32 obufLen = PL_strlen(obuf);
+                PRUint32 trailerLen = PL_strlen(trailer);
+                SECITEM_AllocItem(NULL, result,
+                                  headerLen + obufLen + trailerLen);
+                if (result->data) {
+                    PORT_Memcpy(result->data, header, headerLen);
+                    PORT_Memcpy(result->data + headerLen, obuf, obufLen);
+                    PORT_Memcpy(result->data + headerLen + obufLen,
+                                trailer, trailerLen);
+                }
+                PR_smprintf_free(trailer);
+            }
+            PR_smprintf_free(header);
+        }
+        PORT_Free(obuf);
+    } else {
+        (void)SECITEM_CopyItem(NULL, result, &signedReq);
+    }
+
+    if (!result->data) {
+    oom:
+        SECU_PrintError(progName, "out of memory");
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+static SECStatus
+ChangeTrustAttributes(CERTCertDBHandle *handle, PK11SlotInfo *slot,
+                      char *name, char *trusts, void *pwdata)
+{
+    SECStatus rv;
+    CERTCertificate *cert;
+    CERTCertTrust *trust;
+
+    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
+    if (!cert) {
+        SECU_PrintError(progName, "could not find certificate named \"%s\"",
+                        name);
+        return SECFailure;
+    }
+
+    trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
+    if (!trust) {
+        SECU_PrintError(progName, "unable to allocate cert trust");
+        return SECFailure;
+    }
+
+    /* This function only decodes these characters: pPwcTCu, */
+    rv = CERT_DecodeTrustString(trust, trusts);
+    if (rv) {
+        SECU_PrintError(progName, "unable to decode trust string");
+        return SECFailure;
+    }
+
+    /* CERT_ChangeCertTrust API does not have a way to pass in
+     * a context, so NSS can't prompt for the password if it needs to.
+     * check to see if the failure was token not logged in and
+     * log in if need be. */
+    rv = CERT_ChangeCertTrust(handle, cert, trust);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+            rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName, "could not authenticate to token %s.",
+                                PK11_GetTokenName(slot));
+                return SECFailure;
+            }
+            rv = CERT_ChangeCertTrust(handle, cert, trust);
+        }
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "unable to modify trust attributes");
+            return SECFailure;
+        }
+    }
+    CERT_DestroyCertificate(cert);
+    PORT_Free(trust);
+
+    return SECSuccess;
+}
+
+static SECStatus
+DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii)
+{
+    CERTCertificate *the_cert;
+    CERTCertificateList *chain;
+    int i, j;
+    the_cert = SECU_FindCertByNicknameOrFilename(handle, name,
+                                                 ascii, NULL);
+    if (!the_cert) {
+        SECU_PrintError(progName, "Could not find: %s\n", name);
+        return SECFailure;
+    }
+    chain = CERT_CertChainFromCert(the_cert, 0, PR_TRUE);
+    CERT_DestroyCertificate(the_cert);
+    if (!chain) {
+        SECU_PrintError(progName, "Could not obtain chain for: %s\n", name);
+        return SECFailure;
+    }
+    for (i = chain->len - 1; i >= 0; i--) {
+        CERTCertificate *c;
+        c = CERT_FindCertByDERCert(handle, &chain->certs[i]);
+        for (j = i; j < chain->len - 1; j++) {
+            printf("  ");
+        }
+        if (c) {
+            printf("\"%s\" [%s]\n\n", c->nickname, c->subjectName);
+            CERT_DestroyCertificate(c);
+        } else {
+            printf("(null)\n\n");
+        }
+    }
+    CERT_DestroyCertificateList(chain);
+    return SECSuccess;
+}
+
+static SECStatus
+outputCertOrExtension(CERTCertificate *the_cert, PRBool raw, PRBool ascii,
+                      SECItem *extensionOID, PRFileDesc *outfile)
+{
+    SECItem data;
+    PRInt32 numBytes;
+    SECStatus rv = SECFailure;
+    if (extensionOID) {
+        int i;
+        PRBool found = PR_FALSE;
+        for (i = 0; the_cert->extensions[i] != NULL; i++) {
+            CERTCertExtension *extension = the_cert->extensions[i];
+            if (SECITEM_CompareItem(&extension->id, extensionOID) == SECEqual) {
+                found = PR_TRUE;
+                numBytes = PR_Write(outfile, extension->value.data,
+                                    extension->value.len);
+                rv = SECSuccess;
+                if (numBytes != (PRInt32)extension->value.len) {
+                    SECU_PrintSystemError(progName, "error writing extension");
+                    rv = SECFailure;
+                }
+                break;
+            }
+        }
+        if (!found) {
+            SECU_PrintSystemError(progName, "extension not found");
+            rv = SECFailure;
+        }
+    } else {
+        data.data = the_cert->derCert.data;
+        data.len = the_cert->derCert.len;
+        if (ascii) {
+            PR_fprintf(outfile, "%s\n%s\n%s\n", NS_CERT_HEADER,
+                       BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
+            rv = SECSuccess;
+        } else if (raw) {
+            numBytes = PR_Write(outfile, data.data, data.len);
+            rv = SECSuccess;
+            if (numBytes != (PRInt32)data.len) {
+                SECU_PrintSystemError(progName, "error writing raw cert");
+                rv = SECFailure;
+            }
+        } else {
+            rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate", NULL);
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName, "problem printing certificate");
+            }
+        }
+    }
+    return rv;
+}
+
+static SECStatus
+listCerts(CERTCertDBHandle *handle, char *name, char *email,
+          PK11SlotInfo *slot, PRBool raw, PRBool ascii,
+          SECItem *extensionOID,
+          PRFileDesc *outfile, void *pwarg)
+{
+    SECStatus rv = SECFailure;
+    CERTCertList *certs;
+    CERTCertListNode *node;
+
+    /* List certs on a non-internal slot. */
+    if (!PK11_IsFriendly(slot) && PK11_NeedLogin(slot)) {
+        SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, pwarg);
+        if (newrv != SECSuccess) {
+            SECU_PrintError(progName, "could not authenticate to token %s.",
+                            PK11_GetTokenName(slot));
+            return SECFailure;
+        }
+    }
+    if (name) {
+        CERTCertificate *the_cert =
+            SECU_FindCertByNicknameOrFilename(handle, name, ascii, NULL);
+        if (!the_cert) {
+            SECU_PrintError(progName, "Could not find cert: %s\n", name);
+            return SECFailure;
+        }
+        /* Here, we have one cert with the desired nickname or email
+         * address.  Now, we will attempt to get a list of ALL certs
+         * with the same subject name as the cert we have.  That list
+         * should contain, at a minimum, the one cert we have already found.
+         * If the list of certs is empty (NULL), the libraries have failed.
+         */
+        certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject,
+                                           PR_Now(), PR_FALSE);
+        CERT_DestroyCertificate(the_cert);
+        if (!certs) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            SECU_PrintError(progName, "problem printing certificates");
+            return SECFailure;
+        }
+        for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs);
+             node = CERT_LIST_NEXT(node)) {
+            rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
+                                       outfile);
+            if (rv != SECSuccess) {
+                break;
+            }
+        }
+    } else if (email) {
+        certs = PK11_FindCertsFromEmailAddress(email, NULL);
+        if (!certs) {
+            SECU_PrintError(progName,
+                            "Could not find certificates for email address: %s\n",
+                            email);
+            return SECFailure;
+        }
+        for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs);
+             node = CERT_LIST_NEXT(node)) {
+            rv = outputCertOrExtension(node->cert, raw, ascii, extensionOID,
+                                       outfile);
+            if (rv != SECSuccess) {
+                break;
+            }
+        }
+    } else {
+        certs = PK11_ListCertsInSlot(slot);
+        if (certs) {
+            for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node, certs);
+                 node = CERT_LIST_NEXT(node)) {
+                SECU_PrintCertNickname(node, stdout);
+            }
+            rv = SECSuccess;
+        }
+    }
+    if (certs) {
+        CERT_DestroyCertList(certs);
+    }
+    if (rv) {
+        SECU_PrintError(progName, "problem printing certificate nicknames");
+        return SECFailure;
+    }
+
+    return SECSuccess; /* not rv ?? */
+}
+
+static SECStatus
+ListCerts(CERTCertDBHandle *handle, char *nickname, char *email,
+          PK11SlotInfo *slot, PRBool raw, PRBool ascii,
+          SECItem *extensionOID,
+          PRFileDesc *outfile, secuPWData *pwdata)
+{
+    SECStatus rv;
+
+    if (!ascii && !raw && !nickname && !email) {
+        PR_fprintf(outfile, "\n%-60s %-5s\n%-60s %-5s\n\n",
+                   "Certificate Nickname", "Trust Attributes", "",
+                   "SSL,S/MIME,JAR/XPI");
+    }
+    if (slot == NULL) {
+        CERTCertList *list;
+        CERTCertListNode *node;
+
+        list = PK11_ListCerts(PK11CertListAll, pwdata);
+        for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
+             node = CERT_LIST_NEXT(node)) {
+            SECU_PrintCertNickname(node, stdout);
+        }
+        CERT_DestroyCertList(list);
+        return SECSuccess;
+    }
+    rv = listCerts(handle, nickname, email, slot, raw, ascii,
+                   extensionOID, outfile, pwdata);
+    return rv;
+}
+
+static SECStatus
+DeleteCert(CERTCertDBHandle *handle, char *name)
+{
+    SECStatus rv;
+    CERTCertificate *cert;
+
+    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
+    if (!cert) {
+        SECU_PrintError(progName, "could not find certificate named \"%s\"",
+                        name);
+        return SECFailure;
+    }
+
+    rv = SEC_DeletePermCertificate(cert);
+    CERT_DestroyCertificate(cert);
+    if (rv) {
+        SECU_PrintError(progName, "unable to delete certificate");
+    }
+    return rv;
+}
+
+static SECStatus
+RenameCert(CERTCertDBHandle *handle, char *name, char *newName)
+{
+    SECStatus rv;
+    CERTCertificate *cert;
+
+    cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
+    if (!cert) {
+        SECU_PrintError(progName, "could not find certificate named \"%s\"",
+                        name);
+        return SECFailure;
+    }
+
+    rv = __PK11_SetCertificateNickname(cert, newName);
+    CERT_DestroyCertificate(cert);
+    if (rv) {
+        SECU_PrintError(progName, "unable to rename certificate");
+    }
+    return rv;
+}
+
+static SECStatus
+ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
+             char *certUsage, PRBool checkSig, PRBool logit,
+             PRBool ascii, secuPWData *pwdata)
+{
+    SECStatus rv;
+    CERTCertificate *cert = NULL;
+    PRTime timeBoundary;
+    SECCertificateUsage usage;
+    CERTVerifyLog reallog;
+    CERTVerifyLog *log = NULL;
+
+    if (!certUsage) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return (SECFailure);
+    }
+
+    switch (*certUsage) {
+        case 'O':
+            usage = certificateUsageStatusResponder;
+            break;
+        case 'L':
+            usage = certificateUsageSSLCA;
+            break;
+        case 'A':
+            usage = certificateUsageAnyCA;
+            break;
+        case 'Y':
+            usage = certificateUsageVerifyCA;
+            break;
+        case 'C':
+            usage = certificateUsageSSLClient;
+            break;
+        case 'V':
+            usage = certificateUsageSSLServer;
+            break;
+        case 'S':
+            usage = certificateUsageEmailSigner;
+            break;
+        case 'R':
+            usage = certificateUsageEmailRecipient;
+            break;
+        case 'J':
+            usage = certificateUsageObjectSigner;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return (SECFailure);
+    }
+    do {
+        cert = SECU_FindCertByNicknameOrFilename(handle, name, ascii,
+                                                 NULL);
+        if (!cert) {
+            SECU_PrintError(progName, "could not find certificate named \"%s\"",
+                            name);
+            GEN_BREAK(SECFailure)
+        }
+
+        if (date != NULL) {
+            rv = DER_AsciiToTime(&timeBoundary, date);
+            if (rv) {
+                SECU_PrintError(progName, "invalid input date");
+                GEN_BREAK(SECFailure)
+            }
+        } else {
+            timeBoundary = PR_Now();
+        }
+
+        if (logit) {
+            log = &reallog;
+
+            log->count = 0;
+            log->head = NULL;
+            log->tail = NULL;
+            log->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+            if (log->arena == NULL) {
+                SECU_PrintError(progName, "out of memory");
+                GEN_BREAK(SECFailure)
+            }
+        }
+
+        rv = CERT_VerifyCertificate(handle, cert, checkSig, usage,
+                                    timeBoundary, pwdata, log, &usage);
+        if (log) {
+            if (log->head == NULL) {
+                fprintf(stdout, "%s: certificate is valid\n", progName);
+                GEN_BREAK(SECSuccess)
+            } else {
+                char *name;
+                CERTVerifyLogNode *node;
+
+                node = log->head;
+                while (node) {
+                    if (node->cert->nickname != NULL) {
+                        name = node->cert->nickname;
+                    } else {
+                        name = node->cert->subjectName;
+                    }
+                    fprintf(stderr, "%s : %s\n", name,
+                            SECU_Strerror(node->error));
+                    CERT_DestroyCertificate(node->cert);
+                    node = node->next;
+                }
+            }
+        } else {
+            if (rv != SECSuccess) {
+                PRErrorCode perr = PORT_GetError();
+                fprintf(stdout, "%s: certificate is invalid: %s\n",
+                        progName, SECU_Strerror(perr));
+                GEN_BREAK(SECFailure)
+            }
+            fprintf(stdout, "%s: certificate is valid\n", progName);
+            GEN_BREAK(SECSuccess)
+        }
+    } while (0);
+
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+
+    return (rv);
+}
+
+static PRBool
+ItemIsPrintableASCII(const SECItem *item)
+{
+    unsigned char *src = item->data;
+    unsigned int len = item->len;
+    while (len-- > 0) {
+        unsigned char uc = *src++;
+        if (uc < 0x20 || uc > 0x7e)
+            return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/* Caller ensures that dst is at least item->len*2+1 bytes long */
+static void
+SECItemToHex(const SECItem *item, char *dst)
+{
+    if (dst && item && item->data) {
+        unsigned char *src = item->data;
+        unsigned int len = item->len;
+        for (; len > 0; --len, dst += 2) {
+            sprintf(dst, "%02x", *src++);
+        }
+        *dst = '\0';
+    }
+}
+
+static const char *const keyTypeName[] = {
+    "null", "rsa", "dsa", "fortezza", "dh", "kea", "ec"
+};
+
+#define MAX_CKA_ID_BIN_LEN 20
+#define MAX_CKA_ID_STR_LEN 40
+
+/* print key number, key ID (in hex or ASCII), key label (nickname) */
+static SECStatus
+PrintKey(PRFileDesc *out, const char *nickName, int count,
+         SECKEYPrivateKey *key, void *pwarg)
+{
+    SECItem *ckaID;
+    char ckaIDbuf[MAX_CKA_ID_STR_LEN + 4];
+
+    pwarg = NULL;
+    ckaID = PK11_GetLowLevelKeyIDForPrivateKey(key);
+    if (!ckaID) {
+        strcpy(ckaIDbuf, "(no CKA_ID)");
+    } else if (ItemIsPrintableASCII(ckaID)) {
+        int len = PR_MIN(MAX_CKA_ID_STR_LEN, ckaID->len);
+        ckaIDbuf[0] = '"';
+        memcpy(ckaIDbuf + 1, ckaID->data, len);
+        ckaIDbuf[1 + len] = '"';
+        ckaIDbuf[2 + len] = '\0';
+    } else {
+        /* print ckaid in hex */
+        SECItem idItem = *ckaID;
+        if (idItem.len > MAX_CKA_ID_BIN_LEN)
+            idItem.len = MAX_CKA_ID_BIN_LEN;
+        SECItemToHex(&idItem, ckaIDbuf);
+    }
+
+    PR_fprintf(out, "<%2d> %-8.8s %-42.42s %s\n", count,
+               keyTypeName[key->keyType], ckaIDbuf, nickName);
+    SECITEM_ZfreeItem(ckaID, PR_TRUE);
+
+    return SECSuccess;
+}
+
+/* returns SECSuccess if ANY keys are found, SECFailure otherwise. */
+static SECStatus
+ListKeysInSlot(PK11SlotInfo *slot, const char *nickName, KeyType keyType,
+               void *pwarg)
+{
+    SECKEYPrivateKeyList *list;
+    SECKEYPrivateKeyListNode *node;
+    int count = 0;
+
+    if (PK11_NeedLogin(slot)) {
+        SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwarg);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "could not authenticate to token %s.",
+                            PK11_GetTokenName(slot));
+            return SECFailure;
+        }
+    }
+
+    if (nickName && nickName[0])
+        list = PK11_ListPrivKeysInSlot(slot, (char *)nickName, pwarg);
+    else
+        list = PK11_ListPrivateKeysInSlot(slot);
+    if (list == NULL) {
+        SECU_PrintError(progName, "problem listing keys");
+        return SECFailure;
+    }
+    for (node = PRIVKEY_LIST_HEAD(list);
+         !PRIVKEY_LIST_END(node, list);
+         node = PRIVKEY_LIST_NEXT(node)) {
+        char *keyName;
+        static const char orphan[] = { "(orphan)" };
+
+        if (keyType != nullKey && keyType != node->key->keyType)
+            continue;
+        keyName = PK11_GetPrivateKeyNickname(node->key);
+        if (!keyName || !keyName[0]) {
+            /* Try extra hard to find nicknames for keys that lack them. */
+            CERTCertificate *cert;
+            PORT_Free((void *)keyName);
+            keyName = NULL;
+            cert = PK11_GetCertFromPrivateKey(node->key);
+            if (cert) {
+                if (cert->nickname && cert->nickname[0]) {
+                    keyName = PORT_Strdup(cert->nickname);
+                } else if (cert->emailAddr && cert->emailAddr[0]) {
+                    keyName = PORT_Strdup(cert->emailAddr);
+                }
+                CERT_DestroyCertificate(cert);
+            }
+        }
+        if (nickName) {
+            if (!keyName || PL_strcmp(keyName, nickName)) {
+                /* PKCS#11 module returned unwanted keys */
+                PORT_Free((void *)keyName);
+                continue;
+            }
+        }
+        if (!keyName)
+            keyName = (char *)orphan;
+
+        PrintKey(PR_STDOUT, keyName, count, node->key, pwarg);
+
+        if (keyName != (char *)orphan)
+            PORT_Free((void *)keyName);
+        count++;
+    }
+    SECKEY_DestroyPrivateKeyList(list);
+
+    if (count == 0) {
+        PR_fprintf(PR_STDOUT, "%s: no keys found\n", progName);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* returns SECSuccess if ANY keys are found, SECFailure otherwise. */
+static SECStatus
+ListKeys(PK11SlotInfo *slot, const char *nickName, int index,
+         KeyType keyType, PRBool dopriv, secuPWData *pwdata)
+{
+    SECStatus rv = SECFailure;
+    static const char fmt[] =
+        "%s: Checking token \"%.33s\" in slot \"%.65s\"\n";
+
+    if (slot == NULL) {
+        PK11SlotList *list;
+        PK11SlotListElement *le;
+
+        list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, pwdata);
+        if (list) {
+            for (le = list->head; le; le = le->next) {
+                PR_fprintf(PR_STDOUT, fmt, progName,
+                           PK11_GetTokenName(le->slot),
+                           PK11_GetSlotName(le->slot));
+                rv &= ListKeysInSlot(le->slot, nickName, keyType, pwdata);
+            }
+            PK11_FreeSlotList(list);
+        }
+    } else {
+        PR_fprintf(PR_STDOUT, fmt, progName, PK11_GetTokenName(slot),
+                   PK11_GetSlotName(slot));
+        rv = ListKeysInSlot(slot, nickName, keyType, pwdata);
+    }
+    return rv;
+}
+
+static SECStatus
+DeleteKey(char *nickname, secuPWData *pwdata)
+{
+    SECStatus rv;
+    CERTCertificate *cert;
+    PK11SlotInfo *slot;
+
+    slot = PK11_GetInternalKeySlot();
+    if (PK11_NeedLogin(slot)) {
+        SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "could not authenticate to token %s.",
+                            PK11_GetTokenName(slot));
+            return SECFailure;
+        }
+    }
+    cert = PK11_FindCertFromNickname(nickname, pwdata);
+    if (!cert) {
+        PK11_FreeSlot(slot);
+        return SECFailure;
+    }
+    rv = PK11_DeleteTokenCertAndKey(cert, pwdata);
+    if (rv != SECSuccess) {
+        SECU_PrintError("problem deleting private key \"%s\"\n", nickname);
+    }
+    CERT_DestroyCertificate(cert);
+    PK11_FreeSlot(slot);
+    return rv;
+}
+
+/*
+ *  L i s t M o d u l e s
+ *
+ *  Print a list of the PKCS11 modules that are
+ *  available. This is useful for smartcard people to
+ *  make sure they have the drivers loaded.
+ *
+ */
+static SECStatus
+ListModules(void)
+{
+    PK11SlotList *list;
+    PK11SlotListElement *le;
+
+    /* get them all! */
+    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
+    if (list == NULL)
+        return SECFailure;
+
+    /* look at each slot*/
+    for (le = list->head; le; le = le->next) {
+        printf("\n");
+        printf("    slot: %s\n", PK11_GetSlotName(le->slot));
+        printf("   token: %s\n", PK11_GetTokenName(le->slot));
+    }
+    PK11_FreeSlotList(list);
+
+    return SECSuccess;
+}
+
+static void
+PrintSyntax(char *progName)
+{
+#define FPS fprintf(stderr,
+    FPS "Type %s -H for more detailed descriptions\n", progName);
+    FPS "Usage:  %s -N [-d certdir] [-P dbprefix] [-f pwfile] [--empty-password]\n", progName);
+    FPS "Usage:  %s -T [-d certdir] [-P dbprefix] [-h token-name]\n"
+        "\t\t [-f pwfile] [-0 SSO-password]\n", progName);
+    FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n",
+        progName);
+    FPS "\t%s -B -i batch-file\n", progName);
+    FPS "\t%s -C [-c issuer-name | -x] -i cert-request-file -o cert-file\n"
+        "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
+        "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n"
+        "\t\t [-1 | --keyUsage [keyUsageKeyword,..]] [-2] [-3] [-4]\n"
+        "\t\t [-5 | --nsCertType [nsCertTypeKeyword,...]]\n"
+        "\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n"
+        "\t\t [-8 dns-names] [-a]\n",
+        progName);
+    FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName);
+    FPS "\t%s --rename -n cert-name --new-n new-cert-name\n"
+        "\t\t [-d certdir] [-P dbprefix]\n", progName);
+    FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n",
+        progName);
+    FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n",
+        progName);
+    FPS "\t%s -G -n key-name [-h token-name] [-k rsa] [-g key-size] [-y exp]\n"
+        "\t\t [-f pwfile] [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
+    FPS "\t%s -G [-h token-name] -k dsa [-q pqgfile -g key-size] [-f pwfile]\n"
+        "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
+#ifndef NSS_DISABLE_ECC
+    FPS "\t%s -G [-h token-name] -k ec -q curve [-f pwfile]\n"
+        "\t\t [-z noisefile] [-d certdir] [-P dbprefix]\n", progName);
+    FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|ec|rsa|all]\n",
+        progName);
+#else
+    FPS "\t%s -K [-n key-name] [-h token-name] [-k dsa|rsa|all]\n",
+        progName);
+#endif /* NSS_DISABLE_ECC */
+    FPS "\t\t [-f pwfile] [-X] [-d certdir] [-P dbprefix]\n");
+    FPS "\t%s --upgrade-merge --source-dir upgradeDir --upgrade-id uniqueID\n",
+        progName);
+    FPS "\t\t [--upgrade-token-name tokenName] [-d targetDBDir]\n");
+    FPS "\t\t [-P targetDBPrefix] [--source-prefix upgradeDBPrefix]\n");
+    FPS "\t\t [-f targetPWfile] [-@ upgradePWFile]\n");
+    FPS "\t%s --merge --source-dir sourceDBDir [-d targetDBdir]\n",
+        progName);
+    FPS "\t\t [-P targetDBPrefix] [--source-prefix sourceDBPrefix]\n");
+    FPS "\t\t [-f targetPWfile] [-@ sourcePWFile]\n");
+    FPS "\t%s -L [-n cert-name] [-h token-name] [--email email-address]\n",
+        progName);
+    FPS "\t\t [-X] [-r] [-a] [--dump-ext-val OID] [-d certdir] [-P dbprefix]\n");
+    FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
+        progName);
+    FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName);
+    FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n"
+        "\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile]\n"
+        "\t\t [-g key-size] [-Z hashAlg]\n",
+        progName);
+    FPS "\t%s -V -n cert-name -u usage [-b time] [-e] [-a]\n"
+        "\t\t[-X] [-d certdir] [-P dbprefix]\n",
+        progName);
+    FPS "Usage:  %s -W [-d certdir] [-f pwfile] [-@newpwfile]\n",
+        progName);
+    FPS "\t%s -S -n cert-name -s subj [-c issuer-name | -x]  -t trustargs\n"
+        "\t\t [-k key-type-or-id] [-q key-params] [-h token-name] [-g key-size]\n"
+        "\t\t [-m serial-number] [-w warp-months] [-v months-valid]\n"
+        "\t\t [-f pwfile] [-d certdir] [-P dbprefix] [-Z hashAlg]\n"
+        "\t\t [-p phone] [-1] [-2] [-3] [-4] [-5] [-6] [-7 emailAddrs]\n"
+        "\t\t [-8 DNS-names]\n"
+        "\t\t [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA]\n"
+        "\t\t [--extSKID] [--extNC] [--extSAN type:name[,type:name]...]\n"
+        "\t\t [--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...]\n", progName);
+    FPS "\t%s -U [-X] [-d certdir] [-P dbprefix]\n", progName);
+    exit(1);
+}
+
+enum usage_level {
+    usage_all = 0,
+    usage_selected = 1
+};
+
+static void luCommonDetailsAE();
+
+static void
+luA(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "A"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Add a certificate to the database        (create if needed)\n",
+        "-A");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    if (ul == usage_all) {
+    FPS "%-20s\n", "   All options under -E apply");
+    } else {
+        luCommonDetailsAE();
+    }
+}
+
+static void
+luB(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "B"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Run a series of certutil commands from a batch file\n", "-B");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Specify the batch file\n", "   -i batch-file");
+}
+
+static void
+luE(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "E"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Add an Email certificate to the database (create if needed)\n",
+        "-E");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    luCommonDetailsAE();
+}
+
+static void
+luCommonDetailsAE()
+{
+    FPS "%-20s Specify the nickname of the certificate to add\n",
+        "   -n cert-name");
+    FPS "%-20s Set the certificate trust attributes:\n",
+        "   -t trustargs");
+    FPS "%-25s trustargs is of the form x,y,z where x is for SSL, y is for S/MIME,\n", "");
+    FPS "%-25s and z is for code signing. Use ,, for no explicit trust.\n", "");
+    FPS "%-25s p \t prohibited (explicitly distrusted)\n", "");
+    FPS "%-25s P \t trusted peer\n", "");
+    FPS "%-25s c \t valid CA\n", "");
+    FPS "%-25s T \t trusted CA to issue client certs (implies c)\n", "");
+    FPS "%-25s C \t trusted CA to issue server certs (implies c)\n", "");
+    FPS "%-25s u \t user cert\n", "");
+    FPS "%-25s w \t send warning\n", "");
+    FPS "%-25s g \t make step-up cert\n", "");
+    FPS "%-20s Specify the password file\n",
+        "   -f pwfile");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s The input certificate is encoded in ASCII (RFC1113)\n",
+        "   -a");
+    FPS "%-20s Specify the certificate file (default is stdin)\n",
+        "   -i input");
+    FPS "\n");
+}
+
+static void
+luC(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "C"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Create a new binary certificate from a BINARY cert request\n",
+        "-C");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s The nickname of the issuer cert\n",
+        "   -c issuer-name");
+    FPS "%-20s The BINARY certificate request file\n",
+        "   -i cert-request ");
+    FPS "%-20s Output binary cert to this file (default is stdout)\n",
+        "   -o output-cert");
+    FPS "%-20s Self sign\n",
+        "   -x");
+    FPS "%-20s Cert serial number\n",
+        "   -m serial-number");
+    FPS "%-20s Time Warp\n",
+        "   -w warp-months");
+    FPS "%-20s Months valid (default is 3)\n",
+        "   -v months-valid");
+    FPS "%-20s Specify the password file\n",
+        "   -f pwfile");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s \n"
+              "%-20s Specify the hash algorithm to use. Possible keywords:\n"
+              "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n"
+              "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n",
+        "   -Z hashAlg", "", "", "");
+    FPS "%-20s \n"
+              "%-20s Create key usage extension. Possible keywords:\n"
+              "%-20s \"digitalSignature\", \"nonRepudiation\", \"keyEncipherment\",\n"
+              "%-20s \"dataEncipherment\", \"keyAgreement\", \"certSigning\",\n"
+              "%-20s \"crlSigning\", \"critical\"\n",
+        "   -1 | --keyUsage keyword,keyword,...", "", "", "", "");
+    FPS "%-20s Create basic constraint extension\n",
+        "   -2 ");
+    FPS "%-20s Create authority key ID extension\n",
+        "   -3 ");
+    FPS "%-20s Create crl distribution point extension\n",
+        "   -4 ");
+    FPS "%-20s \n"
+              "%-20s Create netscape cert type extension. Possible keywords:\n"
+              "%-20s \"sslClient\", \"sslServer\", \"smime\", \"objectSigning\",\n"
+              "%-20s \"sslCA\", \"smimeCA\", \"objectSigningCA\", \"critical\".\n",
+        "   -5 | --nsCertType keyword,keyword,... ", "", "", "");
+    FPS "%-20s \n"
+              "%-20s Create extended key usage extension. Possible keywords:\n"
+              "%-20s \"serverAuth\", \"clientAuth\",\"codeSigning\",\n"
+              "%-20s \"emailProtection\", \"timeStamp\",\"ocspResponder\",\n"
+              "%-20s \"stepUp\", \"msTrustListSign\", \"critical\"\n",
+        "   -6 | --extKeyUsage keyword,keyword,...", "", "", "", "");
+    FPS "%-20s Create an email subject alt name extension\n",
+        "   -7 emailAddrs");
+    FPS "%-20s Create an dns subject alt name extension\n",
+        "   -8 dnsNames");
+    FPS "%-20s The input certificate request is encoded in ASCII (RFC1113)\n",
+        "   -a");
+    FPS "\n");
+}
+
+static void
+luG(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "G"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Generate a new key pair\n",
+        "-G");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Name of token in which to generate key (default is internal)\n",
+        "   -h token-name");
+#ifndef NSS_DISABLE_ECC
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
+        "   -k key-type");
+    FPS "%-20s Key size in bits, (min %d, max %d, default %d) (not for ec)\n",
+        "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
+#else
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
+        "   -k key-type");
+    FPS "%-20s Key size in bits, (min %d, max %d, default %d)\n",
+        "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
+#endif /* NSS_DISABLE_ECC */
+    FPS "%-20s Set the public exponent value (3, 17, 65537) (rsa only)\n",
+        "   -y exp");
+    FPS "%-20s Specify the password file\n",
+        "   -f password-file");
+    FPS "%-20s Specify the noise file to be used\n",
+        "   -z noisefile");
+    FPS "%-20s read PQG value from pqgfile (dsa only)\n",
+        "   -q pqgfile");
+#ifndef NSS_DISABLE_ECC
+    FPS "%-20s Elliptic curve name (ec only)\n",
+        "   -q curve-name");
+    FPS "%-20s One of nistp256, nistp384, nistp521, curve25519.\n", "");
+    FPS "%-20s If a custom token is present, the following curves are also supported:\n", "");
+    FPS "%-20s sect163k1, nistk163, sect163r1, sect163r2,\n", "");
+    FPS "%-20s nistb163, sect193r1, sect193r2, sect233k1, nistk233,\n", "");
+    FPS "%-20s sect233r1, nistb233, sect239k1, sect283k1, nistk283,\n", "");
+    FPS "%-20s sect283r1, nistb283, sect409k1, nistk409, sect409r1,\n", "");
+    FPS "%-20s nistb409, sect571k1, nistk571, sect571r1, nistb571,\n", "");
+    FPS "%-20s secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,\n", "");
+    FPS "%-20s nistp192, secp224k1, secp224r1, nistp224, secp256k1,\n", "");
+    FPS "%-20s secp256r1, secp384r1, secp521r1,\n", "");
+    FPS "%-20s prime192v1, prime192v2, prime192v3, \n", "");
+    FPS "%-20s prime239v1, prime239v2, prime239v3, c2pnb163v1, \n", "");
+    FPS "%-20s c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, \n", "");
+    FPS "%-20s c2tnb191v2, c2tnb191v3,  \n", "");
+    FPS "%-20s c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, \n", "");
+    FPS "%-20s c2pnb272w1, c2pnb304w1, \n", "");
+    FPS "%-20s c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, \n", "");
+    FPS "%-20s secp112r2, secp128r1, secp128r2, sect113r1, sect113r2\n", "");
+    FPS "%-20s sect131r1, sect131r2\n", "");
+#endif
+    FPS "%-20s Key database directory (default is ~/.netscape)\n",
+        "   -d keydir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s\n"
+        "%-20s PKCS #11 key Attributes.\n",
+        "   --keyAttrFlags attrflags", "");
+    FPS "%-20s Comma separated list of key attribute attribute flags,\n", "");
+    FPS "%-20s selected from the following list of choices:\n", "");
+    FPS "%-20s {token | session} {public | private} {sensitive | insensitive}\n", "");
+    FPS "%-20s {modifiable | unmodifiable} {extractable | unextractable}\n", "");
+    FPS "%-20s\n",
+        "   --keyOpFlagsOn opflags");
+    FPS "%-20s\n"
+        "%-20s PKCS #11 key Operation Flags.\n",
+        "   --keyOpFlagsOff opflags", "");
+    FPS "%-20s Comma separated list of one or more of the following:\n", "");
+    FPS "%-20s encrypt, decrypt, sign, sign_recover, verify,\n", "");
+    FPS "%-20s verify_recover, wrap, unwrap, derive\n", "");
+    FPS "\n");
+}
+
+static void
+luD(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "D"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Delete a certificate from the database\n",
+        "-D");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s The nickname of the cert to delete\n",
+        "   -n cert-name");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "\n");
+}
+
+static void
+luF(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "F"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Delete a key from the database\n",
+        "-F");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s The nickname of the key to delete\n",
+        "   -n cert-name");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "\n");
+}
+
+static void
+luU(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "U"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s List all modules\n", /*, or print out a single named module\n",*/
+        "-U");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Module database directory (default is '~/.netscape')\n",
+        "   -d moddir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+        "   -X");
+    FPS "\n");
+}
+
+static void
+luK(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "K"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s List all private keys\n",
+        "-K");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Name of token to search (\"all\" for all tokens)\n",
+        "   -h token-name ");
+
+    FPS "%-20s Key type (\"all\" (default), \"dsa\","
+#ifndef NSS_DISABLE_ECC
+                                                    " \"ec\","
+#endif
+                                                    " \"rsa\")\n",
+        "   -k key-type");
+    FPS "%-20s The nickname of the key or associated certificate\n",
+        "   -n name");
+    FPS "%-20s Specify the password file\n",
+        "   -f password-file");
+    FPS "%-20s Key database directory (default is ~/.netscape)\n",
+        "   -d keydir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+        "   -X");
+    FPS "\n");
+}
+
+static void
+luL(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "L"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s List all certs, or print out a single named cert (or a subset)\n",
+        "-L");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Name of token to search (\"all\" for all tokens)\n",
+        "   -h token-name ");
+    FPS "%-20s Pretty print named cert (list all if unspecified)\n",
+        "   -n cert-name");
+    FPS "%-20s \n"
+              "%-20s Pretty print cert with email address (list all if unspecified)\n",
+        "   --email email-address", "");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+        "   -X");
+    FPS "%-20s For single cert, print binary DER encoding\n",
+        "   -r");
+    FPS "%-20s For single cert, print ASCII encoding (RFC1113)\n",
+        "   -a");
+    FPS "%-20s \n"
+              "%-20s For single cert, print binary DER encoding of extension OID\n",
+        "   --dump-ext-val OID", "");
+    FPS "\n");
+}
+
+static void
+luM(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "M"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Modify trust attributes of certificate\n",
+        "-M");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s The nickname of the cert to modify\n",
+        "   -n cert-name");
+    FPS "%-20s Set the certificate trust attributes (see -A above)\n",
+        "   -t trustargs");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "\n");
+}
+
+static void
+luN(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "N"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Create a new certificate database\n",
+        "-N");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s Specify the password file\n",
+        "   -f password-file");
+    FPS "%-20s use empty password when creating a new database\n",
+        "   --empty-password");
+    FPS "\n");
+}
+
+static void
+luT(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "T"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Reset the Key database or token\n",
+        "-T");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s Token to reset (default is internal)\n",
+        "   -h token-name");
+    FPS "%-20s Set token's Site Security Officer password\n",
+        "   -0 SSO-password");
+    FPS "\n");
+}
+
+static void
+luO(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "O"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Print the chain of a certificate\n",
+        "-O");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s The nickname of the cert to modify\n",
+        "   -n cert-name");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Input the certificate in ASCII (RFC1113); default is binary\n",
+        "   -a");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+        "   -X");
+    FPS "\n");
+}
+
+static void
+luR(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "R"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Generate a certificate request (stdout)\n",
+        "-R");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Specify the subject name (using RFC1485)\n",
+        "   -s subject");
+    FPS "%-20s Output the cert request to this file\n",
+        "   -o output-req");
+#ifndef NSS_DISABLE_ECC
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
+#else
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
+#endif /* NSS_DISABLE_ECC */
+        "   -k key-type-or-id");
+    FPS "%-20s or nickname of the cert key to use \n",
+        "");
+    FPS "%-20s Name of token in which to generate key (default is internal)\n",
+        "   -h token-name");
+    FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
+        "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
+    FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
+        "   -q pqgfile");
+#ifndef NSS_DISABLE_ECC
+    FPS "%-20s Elliptic curve name (ec only)\n",
+        "   -q curve-name");
+    FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
+        "");
+#endif /* NSS_DISABLE_ECC */
+    FPS "%-20s Specify the password file\n",
+        "   -f pwfile");
+    FPS "%-20s Key database directory (default is ~/.netscape)\n",
+        "   -d keydir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n",
+        "   -p phone");
+    FPS "%-20s \n"
+              "%-20s Specify the hash algorithm to use. Possible keywords:\n"
+              "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n"
+              "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n",
+        "   -Z hashAlg", "", "", "");
+    FPS "%-20s Output the cert request in ASCII (RFC1113); default is binary\n",
+        "   -a");
+    FPS "%-20s \n",
+        "   See -S for available extension options");
+    FPS "%-20s \n",
+        "   See -G for available key flag options");
+    FPS "\n");
+}
+
+static void
+luV(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "V"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Validate a certificate\n",
+        "-V");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s The nickname of the cert to Validate\n",
+        "   -n cert-name");
+    FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n",
+        "   -b time");
+    FPS "%-20s Check certificate signature \n",
+        "   -e ");
+    FPS "%-20s Specify certificate usage:\n", "   -u certusage");
+    FPS "%-25s C \t SSL Client\n", "");
+    FPS "%-25s V \t SSL Server\n", "");
+    FPS "%-25s L \t SSL CA\n", "");
+    FPS "%-25s A \t Any CA\n", "");
+    FPS "%-25s Y \t Verify CA\n", "");
+    FPS "%-25s S \t Email signer\n", "");
+    FPS "%-25s R \t Email Recipient\n", "");
+    FPS "%-25s O \t OCSP status responder\n", "");
+    FPS "%-25s J \t Object signer\n", "");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Input the certificate in ASCII (RFC1113); default is binary\n",
+        "   -a");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s force the database to open R/W\n",
+        "   -X");
+    FPS "\n");
+}
+
+static void
+luW(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "W"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Change the key database password\n",
+        "-W");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s cert and key database directory\n",
+        "   -d certdir");
+    FPS "%-20s Specify a file with the current password\n",
+        "   -f pwfile");
+    FPS "%-20s Specify a file with the new password in two lines\n",
+        "   -@ newpwfile");
+    FPS "\n");
+}
+
+static void
+luRename(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "rename"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Change the database nickname of a certificate\n",
+        "--rename");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s The old nickname of the cert to rename\n",
+        "   -n cert-name");
+    FPS "%-20s The new nickname of the cert to rename\n",
+        "   --new-n new-name");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "\n");
+}
+
+static void
+luUpgradeMerge(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "upgrade-merge"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Upgrade an old database and merge it into a new one\n",
+        "--upgrade-merge");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Cert database directory to merge into (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix of the target database\n",
+        "   -P dbprefix");
+    FPS "%-20s Specify the password file for the target database\n",
+        "   -f pwfile");
+    FPS "%-20s \n%-20s Cert database directory to upgrade from\n",
+        "   --source-dir certdir", "");
+    FPS "%-20s \n%-20s Cert & Key database prefix of the upgrade database\n",
+        "   --source-prefix dbprefix", "");
+    FPS "%-20s \n%-20s Unique identifier for the upgrade database\n",
+        "   --upgrade-id uniqueID", "");
+    FPS "%-20s \n%-20s Name of the token while it is in upgrade state\n",
+        "   --upgrade-token-name name", "");
+    FPS "%-20s Specify the password file for the upgrade database\n",
+        "   -@ pwfile");
+    FPS "\n");
+}
+
+static void
+luMerge(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "merge"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Merge source database into the target database\n",
+        "--merge");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Cert database directory of target (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix of the target database\n",
+        "   -P dbprefix");
+    FPS "%-20s Specify the password file for the target database\n",
+        "   -f pwfile");
+    FPS "%-20s \n%-20s Cert database directory of the source database\n",
+        "   --source-dir certdir", "");
+    FPS "%-20s \n%-20s Cert & Key database prefix of the source database\n",
+        "   --source-prefix dbprefix", "");
+    FPS "%-20s Specify the password file for the source database\n",
+        "   -@ pwfile");
+    FPS "\n");
+}
+
+static void
+luS(enum usage_level ul, const char *command)
+{
+    int is_my_command = (command && 0 == strcmp(command, "S"));
+    if (ul == usage_all || !command || is_my_command)
+    FPS "%-15s Make a certificate and add to database\n",
+        "-S");
+    if (ul == usage_selected && !is_my_command)
+        return;
+    FPS "%-20s Specify the nickname of the cert\n",
+        "   -n key-name");
+    FPS "%-20s Specify the subject name (using RFC1485)\n",
+        "   -s subject");
+    FPS "%-20s The nickname of the issuer cert\n",
+        "   -c issuer-name");
+    FPS "%-20s Set the certificate trust attributes (see -A above)\n",
+        "   -t trustargs");
+#ifndef NSS_DISABLE_ECC
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
+#else
+    FPS "%-20s Type of key pair to generate (\"dsa\", \"rsa\" (default))\n",
+#endif /* NSS_DISABLE_ECC */
+        "   -k key-type-or-id");
+    FPS "%-20s Name of token in which to generate key (default is internal)\n",
+        "   -h token-name");
+    FPS "%-20s Key size in bits, RSA keys only (min %d, max %d, default %d)\n",
+        "   -g key-size", MIN_KEY_BITS, MAX_KEY_BITS, DEFAULT_KEY_BITS);
+    FPS "%-20s Name of file containing PQG parameters (dsa only)\n",
+        "   -q pqgfile");
+#ifndef NSS_DISABLE_ECC
+    FPS "%-20s Elliptic curve name (ec only)\n",
+        "   -q curve-name");
+    FPS "%-20s See the \"-G\" option for a full list of supported names.\n",
+        "");
+#endif /* NSS_DISABLE_ECC */
+    FPS "%-20s Self sign\n",
+        "   -x");
+    FPS "%-20s Cert serial number\n",
+        "   -m serial-number");
+    FPS "%-20s Time Warp\n",
+        "   -w warp-months");
+    FPS "%-20s Months valid (default is 3)\n",
+        "   -v months-valid");
+    FPS "%-20s Specify the password file\n",
+        "   -f pwfile");
+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
+        "   -d certdir");
+    FPS "%-20s Cert & Key database prefix\n",
+        "   -P dbprefix");
+    FPS "%-20s Specify the contact phone number (\"123-456-7890\")\n",
+        "   -p phone");
+    FPS "%-20s \n"
+              "%-20s Specify the hash algorithm to use. Possible keywords:\n"
+              "%-20s \"MD2\", \"MD4\", \"MD5\", \"SHA1\", \"SHA224\",\n"
+              "%-20s \"SHA256\", \"SHA384\", \"SHA512\"\n",
+        "   -Z hashAlg", "", "", "");
+    FPS "%-20s Create key usage extension\n",
+        "   -1 ");
+    FPS "%-20s Create basic constraint extension\n",
+        "   -2 ");
+    FPS "%-20s Create authority key ID extension\n",
+        "   -3 ");
+    FPS "%-20s Create crl distribution point extension\n",
+        "   -4 ");
+    FPS "%-20s Create netscape cert type extension\n",
+        "   -5 ");
+    FPS "%-20s Create extended key usage extension\n",
+        "   -6 ");
+    FPS "%-20s Create an email subject alt name extension\n",
+        "   -7 emailAddrs ");
+    FPS "%-20s Create a DNS subject alt name extension\n",
+        "   -8 DNS-names");
+    FPS "%-20s Create an Authority Information Access extension\n",
+        "   --extAIA ");
+    FPS "%-20s Create a Subject Information Access extension\n",
+        "   --extSIA ");
+    FPS "%-20s Create a Certificate Policies extension\n",
+        "   --extCP ");
+    FPS "%-20s Create a Policy Mappings extension\n",
+        "   --extPM ");
+    FPS "%-20s Create a Policy Constraints extension\n",
+        "   --extPC ");
+    FPS "%-20s Create an Inhibit Any Policy extension\n",
+        "   --extIA ");
+    FPS "%-20s Create a subject key ID extension\n",
+        "   --extSKID ");
+    FPS "%-20s \n",
+        "   See -G for available key flag options");
+    FPS "%-20s Create a name constraints extension\n",
+        "   --extNC ");
+    FPS "%-20s \n"
+        "%-20s Create a Subject Alt Name extension with one or multiple names\n",
+        "   --extSAN type:name[,type:name]...", "");
+    FPS "%-20s - type: directory, dn, dns, edi, ediparty, email, ip, ipaddr,\n", "");
+    FPS "%-20s         other, registerid, rfc822, uri, x400, x400addr\n", "");
+    FPS "%-20s \n"
+        "%-20s Add one or multiple extensions that certutil cannot encode yet,\n"
+        "%-20s by loading their encodings from external files.\n",
+        "   --extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]...", "", "");
+    FPS "%-20s - OID (example): 1.2.3.4\n", "");
+    FPS "%-20s - critical-flag: critical or not-critical\n", "");
+    FPS "%-20s - filename: full path to a file containing an encoded extension\n", "");
+    FPS "\n");
+}
+
+static void
+LongUsage(char *progName, enum usage_level ul, const char *command)
+{
+    luA(ul, command);
+    luB(ul, command);
+    luE(ul, command);
+    luC(ul, command);
+    luG(ul, command);
+    luD(ul, command);
+    luRename(ul, command);
+    luF(ul, command);
+    luU(ul, command);
+    luK(ul, command);
+    luL(ul, command);
+    luM(ul, command);
+    luN(ul, command);
+    luT(ul, command);
+    luO(ul, command);
+    luR(ul, command);
+    luV(ul, command);
+    luW(ul, command);
+    luUpgradeMerge(ul, command);
+    luMerge(ul, command);
+    luS(ul, command);
+#undef FPS
+}
+
+static void
+Usage(char *progName)
+{
+    PR_fprintf(PR_STDERR,
+               "%s - Utility to manipulate NSS certificate databases\n\n"
+               "Usage:  %s <command> -d <database-directory> <options>\n\n"
+               "Valid commands:\n",
+               progName, progName);
+    LongUsage(progName, usage_selected, NULL);
+    PR_fprintf(PR_STDERR, "\n"
+                          "%s -H <command> : Print available options for the given command\n"
+                          "%s -H : Print complete help output of all commands and options\n"
+                          "%s --syntax : Print a short summary of all commands and options\n",
+               progName, progName, progName);
+    exit(1);
+}
+
+static CERTCertificate *
+MakeV1Cert(CERTCertDBHandle *handle,
+           CERTCertificateRequest *req,
+           char *issuerNickName,
+           PRBool selfsign,
+           unsigned int serialNumber,
+           int warpmonths,
+           int validityMonths)
+{
+    CERTCertificate *issuerCert = NULL;
+    CERTValidity *validity;
+    CERTCertificate *cert = NULL;
+    PRExplodedTime printableTime;
+    PRTime now, after;
+
+    if (!selfsign) {
+        issuerCert = CERT_FindCertByNicknameOrEmailAddr(handle, issuerNickName);
+        if (!issuerCert) {
+            SECU_PrintError(progName, "could not find certificate named \"%s\"",
+                            issuerNickName);
+            return NULL;
+        }
+    }
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+    if (warpmonths) {
+        printableTime.tm_month += warpmonths;
+        now = PR_ImplodeTime(&printableTime);
+        PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+    }
+    printableTime.tm_month += validityMonths;
+    after = PR_ImplodeTime(&printableTime);
+
+    /* note that the time is now in micro-second unit */
+    validity = CERT_CreateValidity(now, after);
+    if (validity) {
+        cert = CERT_CreateCertificate(serialNumber,
+                                      (selfsign ? &req->subject
+                                                : &issuerCert->subject),
+                                      validity, req);
+
+        CERT_DestroyValidity(validity);
+    }
+    if (issuerCert) {
+        CERT_DestroyCertificate(issuerCert);
+    }
+
+    return (cert);
+}
+
+static SECStatus
+SignCert(CERTCertDBHandle *handle, CERTCertificate *cert, PRBool selfsign,
+         SECOidTag hashAlgTag,
+         SECKEYPrivateKey *privKey, char *issuerNickName,
+         int certVersion, void *pwarg)
+{
+    SECItem der;
+    SECKEYPrivateKey *caPrivateKey = NULL;
+    SECStatus rv;
+    PLArenaPool *arena;
+    SECOidTag algID;
+    void *dummy;
+
+    if (!selfsign) {
+        CERTCertificate *issuer = PK11_FindCertFromNickname(issuerNickName, pwarg);
+        if ((CERTCertificate *)NULL == issuer) {
+            SECU_PrintError(progName, "unable to find issuer with nickname %s",
+                            issuerNickName);
+            return SECFailure;
+        }
+
+        privKey = caPrivateKey = PK11_FindKeyByAnyCert(issuer, pwarg);
+        CERT_DestroyCertificate(issuer);
+        if (caPrivateKey == NULL) {
+            SECU_PrintError(progName, "unable to retrieve key %s", issuerNickName);
+            return SECFailure;
+        }
+    }
+
+    arena = cert->arena;
+
+    algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, hashAlgTag);
+    if (algID == SEC_OID_UNKNOWN) {
+        fprintf(stderr, "Unknown key or hash type for issuer.");
+        rv = SECFailure;
+        goto done;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, &cert->signature, algID, 0);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "Could not set signature algorithm id.");
+        goto done;
+    }
+
+    switch (certVersion) {
+        case (SEC_CERTIFICATE_VERSION_1):
+            /* The initial version for x509 certificates is version one
+         * and this default value must be an implicit DER encoding. */
+            cert->version.data = NULL;
+            cert->version.len = 0;
+            break;
+        case (SEC_CERTIFICATE_VERSION_2):
+        case (SEC_CERTIFICATE_VERSION_3):
+        case 3: /* unspecified format (would be version 4 certificate). */
+            *(cert->version.data) = certVersion;
+            cert->version.len = 1;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+
+    der.len = 0;
+    der.data = NULL;
+    dummy = SEC_ASN1EncodeItem(arena, &der, cert,
+                               SEC_ASN1_GET(CERT_CertificateTemplate));
+    if (!dummy) {
+        fprintf(stderr, "Could not encode certificate.\n");
+        rv = SECFailure;
+        goto done;
+    }
+
+    rv = SEC_DerSignData(arena, &cert->derCert, der.data, der.len, privKey, algID);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "Could not sign encoded certificate data.\n");
+        /* result allocated out of the arena, it will be freed
+         * when the arena is freed */
+        goto done;
+    }
+done:
+    if (caPrivateKey) {
+        SECKEY_DestroyPrivateKey(caPrivateKey);
+    }
+    return rv;
+}
+
+static SECStatus
+CreateCert(
+    CERTCertDBHandle *handle,
+    PK11SlotInfo *slot,
+    char *issuerNickName,
+    const SECItem *certReqDER,
+    SECKEYPrivateKey **selfsignprivkey,
+    void *pwarg,
+    SECOidTag hashAlgTag,
+    unsigned int serialNumber,
+    int warpmonths,
+    int validityMonths,
+    const char *emailAddrs,
+    const char *dnsNames,
+    PRBool ascii,
+    PRBool selfsign,
+    certutilExtnList extnList,
+    const char *extGeneric,
+    int certVersion,
+    SECItem *certDER)
+{
+    void *extHandle = NULL;
+    CERTCertificate *subjectCert = NULL;
+    CERTCertificateRequest *certReq = NULL;
+    SECStatus rv = SECSuccess;
+    CERTCertExtension **CRexts;
+
+    do {
+        /* Create a certrequest object from the input cert request der */
+        certReq = GetCertRequest(certReqDER, pwarg);
+        if (certReq == NULL) {
+            GEN_BREAK(SECFailure)
+        }
+
+        subjectCert = MakeV1Cert(handle, certReq, issuerNickName, selfsign,
+                                 serialNumber, warpmonths, validityMonths);
+        if (subjectCert == NULL) {
+            GEN_BREAK(SECFailure)
+        }
+
+        extHandle = CERT_StartCertExtensions(subjectCert);
+        if (extHandle == NULL) {
+            GEN_BREAK(SECFailure)
+        }
+
+        rv = AddExtensions(extHandle, emailAddrs, dnsNames, extnList, extGeneric);
+        if (rv != SECSuccess) {
+            GEN_BREAK(SECFailure)
+        }
+
+        if (certReq->attributes != NULL &&
+            certReq->attributes[0] != NULL &&
+            certReq->attributes[0]->attrType.data != NULL &&
+            certReq->attributes[0]->attrType.len > 0 &&
+            SECOID_FindOIDTag(&certReq->attributes[0]->attrType) ==
+                SEC_OID_PKCS9_EXTENSION_REQUEST) {
+            rv = CERT_GetCertificateRequestExtensions(certReq, &CRexts);
+            if (rv != SECSuccess)
+                break;
+            rv = CERT_MergeExtensions(extHandle, CRexts);
+            if (rv != SECSuccess)
+                break;
+        }
+
+        CERT_FinishExtensions(extHandle);
+        extHandle = NULL;
+
+        /* self-signing a cert request, find the private key */
+        if (selfsign && *selfsignprivkey == NULL) {
+            *selfsignprivkey = PK11_FindKeyByDERCert(slot, subjectCert, pwarg);
+            if (!*selfsignprivkey) {
+                fprintf(stderr, "Failed to locate private key.\n");
+                rv = SECFailure;
+                break;
+            }
+        }
+
+        rv = SignCert(handle, subjectCert, selfsign, hashAlgTag,
+                      *selfsignprivkey, issuerNickName,
+                      certVersion, pwarg);
+        if (rv != SECSuccess)
+            break;
+
+        rv = SECFailure;
+        if (ascii) {
+            char *asciiDER = BTOA_DataToAscii(subjectCert->derCert.data,
+                                              subjectCert->derCert.len);
+            if (asciiDER) {
+                char *wrapped = PR_smprintf("%s\n%s\n%s\n",
+                                            NS_CERT_HEADER,
+                                            asciiDER,
+                                            NS_CERT_TRAILER);
+                if (wrapped) {
+                    PRUint32 wrappedLen = PL_strlen(wrapped);
+                    if (SECITEM_AllocItem(NULL, certDER, wrappedLen)) {
+                        PORT_Memcpy(certDER->data, wrapped, wrappedLen);
+                        rv = SECSuccess;
+                    }
+                    PR_smprintf_free(wrapped);
+                }
+                PORT_Free(asciiDER);
+            }
+        } else {
+            rv = SECITEM_CopyItem(NULL, certDER, &subjectCert->derCert);
+        }
+    } while (0);
+    if (extHandle) {
+        CERT_FinishExtensions(extHandle);
+    }
+    CERT_DestroyCertificateRequest(certReq);
+    CERT_DestroyCertificate(subjectCert);
+    if (rv != SECSuccess) {
+        PRErrorCode perr = PR_GetError();
+        fprintf(stderr, "%s: unable to create cert (%s)\n", progName,
+                SECU_Strerror(perr));
+    }
+    return (rv);
+}
+
+/*
+ * map a class to a user presentable string
+ */
+static const char *objClassArray[] = {
+    "Data",
+    "Certificate",
+    "Public Key",
+    "Private Key",
+    "Secret Key",
+    "Hardware Feature",
+    "Domain Parameters",
+    "Mechanism"
+};
+
+static const char *objNSSClassArray[] = {
+    "CKO_NSS",
+    "Crl",
+    "SMIME Record",
+    "Trust",
+    "Builtin Root List"
+};
+
+const char *
+getObjectClass(CK_ULONG classType)
+{
+    static char buf[sizeof(CK_ULONG) * 2 + 3];
+
+    if (classType <= CKO_MECHANISM) {
+        return objClassArray[classType];
+    }
+    if (classType >= CKO_NSS && classType <= CKO_NSS_BUILTIN_ROOT_LIST) {
+        return objNSSClassArray[classType - CKO_NSS];
+    }
+    sprintf(buf, "0x%lx", classType);
+    return buf;
+}
+
+typedef struct {
+    char *name;
+    int nameSize;
+    CK_ULONG value;
+} flagArray;
+
+#define NAME_SIZE(x) #x, sizeof(#x) - 1
+
+flagArray opFlagsArray[] =
+    {
+      { NAME_SIZE(encrypt), CKF_ENCRYPT },
+      { NAME_SIZE(decrypt), CKF_DECRYPT },
+      { NAME_SIZE(sign), CKF_SIGN },
+      { NAME_SIZE(sign_recover), CKF_SIGN_RECOVER },
+      { NAME_SIZE(verify), CKF_VERIFY },
+      { NAME_SIZE(verify_recover), CKF_VERIFY_RECOVER },
+      { NAME_SIZE(wrap), CKF_WRAP },
+      { NAME_SIZE(unwrap), CKF_UNWRAP },
+      { NAME_SIZE(derive), CKF_DERIVE },
+    };
+
+int opFlagsCount = sizeof(opFlagsArray) / sizeof(flagArray);
+
+flagArray attrFlagsArray[] =
+    {
+      { NAME_SIZE(token), PK11_ATTR_TOKEN },
+      { NAME_SIZE(session), PK11_ATTR_SESSION },
+      { NAME_SIZE(private), PK11_ATTR_PRIVATE },
+      { NAME_SIZE(public), PK11_ATTR_PUBLIC },
+      { NAME_SIZE(modifiable), PK11_ATTR_MODIFIABLE },
+      { NAME_SIZE(unmodifiable), PK11_ATTR_UNMODIFIABLE },
+      { NAME_SIZE(sensitive), PK11_ATTR_SENSITIVE },
+      { NAME_SIZE(insensitive), PK11_ATTR_INSENSITIVE },
+      { NAME_SIZE(extractable), PK11_ATTR_EXTRACTABLE },
+      { NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE }
+
+    };
+
+int attrFlagsCount = sizeof(attrFlagsArray) / sizeof(flagArray);
+
+#define MAX_STRING 30
+CK_ULONG
+GetFlags(char *flagsString, flagArray *flagArray, int count)
+{
+    CK_ULONG flagsValue = strtol(flagsString, NULL, 0);
+    int i;
+
+    if ((flagsValue != 0) || (*flagsString == 0)) {
+        return flagsValue;
+    }
+    while (*flagsString) {
+        for (i = 0; i < count; i++) {
+            if (strncmp(flagsString, flagArray[i].name, flagArray[i].nameSize) ==
+                0) {
+                flagsValue |= flagArray[i].value;
+                flagsString += flagArray[i].nameSize;
+                if (*flagsString != 0) {
+                    flagsString++;
+                }
+                break;
+            }
+        }
+        if (i == count) {
+            char name[MAX_STRING];
+            char *tok;
+
+            strncpy(name, flagsString, MAX_STRING);
+            name[MAX_STRING - 1] = 0;
+            tok = strchr(name, ',');
+            if (tok) {
+                *tok = 0;
+            }
+            fprintf(stderr, "Unknown flag (%s)\n", name);
+            tok = strchr(flagsString, ',');
+            if (tok == NULL) {
+                break;
+            }
+            flagsString = tok + 1;
+        }
+    }
+    return flagsValue;
+}
+
+CK_FLAGS
+GetOpFlags(char *flags)
+{
+    return GetFlags(flags, opFlagsArray, opFlagsCount);
+}
+
+PK11AttrFlags
+GetAttrFlags(char *flags)
+{
+    return GetFlags(flags, attrFlagsArray, attrFlagsCount);
+}
+
+char *
+mkNickname(unsigned char *data, int len)
+{
+    char *nick = PORT_Alloc(len + 1);
+    if (!nick) {
+        return nick;
+    }
+    PORT_Memcpy(nick, data, len);
+    nick[len] = 0;
+    return nick;
+}
+
+/*
+ * dump a PK11_MergeTokens error log to the console
+ */
+void
+DumpMergeLog(const char *progname, PK11MergeLog *log)
+{
+    PK11MergeLogNode *node;
+
+    for (node = log->head; node; node = node->next) {
+        SECItem attrItem;
+        char *nickname = NULL;
+        const char *objectClass = NULL;
+        SECStatus rv;
+
+        attrItem.data = NULL;
+        rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object,
+                                   CKA_LABEL, &attrItem);
+        if (rv == SECSuccess) {
+            nickname = mkNickname(attrItem.data, attrItem.len);
+            PORT_Free(attrItem.data);
+        }
+        attrItem.data = NULL;
+        rv = PK11_ReadRawAttribute(PK11_TypeGeneric, node->object,
+                                   CKA_CLASS, &attrItem);
+        if (rv == SECSuccess) {
+            if (attrItem.len == sizeof(CK_ULONG)) {
+                objectClass = getObjectClass(*(CK_ULONG *)attrItem.data);
+            }
+            PORT_Free(attrItem.data);
+        }
+
+        fprintf(stderr, "%s: Could not merge object %s (type %s): %s\n",
+                progName,
+                nickname ? nickname : "unnamed",
+                objectClass ? objectClass : "unknown",
+                SECU_Strerror(node->error));
+
+        if (nickname) {
+            PORT_Free(nickname);
+        }
+    }
+}
+
+/*  Certutil commands  */
+enum {
+    cmd_AddCert = 0,
+    cmd_CreateNewCert,
+    cmd_DeleteCert,
+    cmd_AddEmailCert,
+    cmd_DeleteKey,
+    cmd_GenKeyPair,
+    cmd_PrintHelp,
+    cmd_PrintSyntax,
+    cmd_ListKeys,
+    cmd_ListCerts,
+    cmd_ModifyCertTrust,
+    cmd_NewDBs,
+    cmd_DumpChain,
+    cmd_CertReq,
+    cmd_CreateAndAddCert,
+    cmd_TokenReset,
+    cmd_ListModules,
+    cmd_CheckCertValidity,
+    cmd_ChangePassword,
+    cmd_Version,
+    cmd_Batch,
+    cmd_Merge,
+    cmd_UpgradeMerge, /* test only */
+    cmd_Rename,
+    max_cmd
+};
+
+/*  Certutil options */
+enum certutilOpts {
+    opt_SSOPass = 0,
+    opt_AddKeyUsageExt,
+    opt_AddBasicConstraintExt,
+    opt_AddAuthorityKeyIDExt,
+    opt_AddCRLDistPtsExt,
+    opt_AddNSCertTypeExt,
+    opt_AddExtKeyUsageExt,
+    opt_ExtendedEmailAddrs,
+    opt_ExtendedDNSNames,
+    opt_ASCIIForIO,
+    opt_ValidityTime,
+    opt_IssuerName,
+    opt_CertDir,
+    opt_VerifySig,
+    opt_PasswordFile,
+    opt_KeySize,
+    opt_TokenName,
+    opt_InputFile,
+    opt_Emailaddress,
+    opt_KeyIndex,
+    opt_KeyType,
+    opt_DetailedInfo,
+    opt_SerialNumber,
+    opt_Nickname,
+    opt_OutputFile,
+    opt_PhoneNumber,
+    opt_DBPrefix,
+    opt_PQGFile,
+    opt_BinaryDER,
+    opt_Subject,
+    opt_Trust,
+    opt_Usage,
+    opt_Validity,
+    opt_OffsetMonths,
+    opt_SelfSign,
+    opt_RW,
+    opt_Exponent,
+    opt_NoiseFile,
+    opt_Hash,
+    opt_NewPasswordFile,
+    opt_AddAuthInfoAccExt,
+    opt_AddSubjInfoAccExt,
+    opt_AddCertPoliciesExt,
+    opt_AddPolicyMapExt,
+    opt_AddPolicyConstrExt,
+    opt_AddInhibAnyExt,
+    opt_AddNameConstraintsExt,
+    opt_AddSubjectKeyIDExt,
+    opt_AddCmdKeyUsageExt,
+    opt_AddCmdNSCertTypeExt,
+    opt_AddCmdExtKeyUsageExt,
+    opt_SourceDir,
+    opt_SourcePrefix,
+    opt_UpgradeID,
+    opt_UpgradeTokenName,
+    opt_KeyOpFlagsOn,
+    opt_KeyOpFlagsOff,
+    opt_KeyAttrFlags,
+    opt_EmptyPassword,
+    opt_CertVersion,
+    opt_AddSubjectAltNameExt,
+    opt_DumpExtensionValue,
+    opt_GenericExtensions,
+    opt_NewNickname,
+    opt_Pss,
+    opt_Help
+};
+
+static const secuCommandFlag commands_init[] =
+    {
+      { /* cmd_AddCert             */ 'A', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_CreateNewCert       */ 'C', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_DeleteCert          */ 'D', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_AddEmailCert        */ 'E', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_DeleteKey           */ 'F', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_GenKeyPair          */ 'G', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_PrintHelp           */ 'H', PR_FALSE, 0, PR_FALSE, "help" },
+      { /* cmd_PrintSyntax         */ 0, PR_FALSE, 0, PR_FALSE,
+        "syntax" },
+      { /* cmd_ListKeys            */ 'K', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_ListCerts           */ 'L', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_ModifyCertTrust     */ 'M', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_NewDBs              */ 'N', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_DumpChain           */ 'O', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_CertReq             */ 'R', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_CreateAndAddCert    */ 'S', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_TokenReset          */ 'T', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_ListModules         */ 'U', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_CheckCertValidity   */ 'V', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_ChangePassword      */ 'W', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Version             */ 'Y', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Batch               */ 'B', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Merge               */ 0, PR_FALSE, 0, PR_FALSE, "merge" },
+      { /* cmd_UpgradeMerge        */ 0, PR_FALSE, 0, PR_FALSE,
+        "upgrade-merge" },
+      { /* cmd_Rename              */ 0, PR_FALSE, 0, PR_FALSE,
+        "rename" }
+    };
+#define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0]))
+
+static const secuCommandFlag options_init[] =
+    {
+      { /* opt_SSOPass             */ '0', PR_TRUE, 0, PR_FALSE },
+      { /* opt_AddKeyUsageExt      */ '1', PR_FALSE, 0, PR_FALSE },
+      { /* opt_AddBasicConstraintExt*/ '2', PR_FALSE, 0, PR_FALSE },
+      { /* opt_AddAuthorityKeyIDExt*/ '3', PR_FALSE, 0, PR_FALSE },
+      { /* opt_AddCRLDistPtsExt    */ '4', PR_FALSE, 0, PR_FALSE },
+      { /* opt_AddNSCertTypeExt    */ '5', PR_FALSE, 0, PR_FALSE },
+      { /* opt_AddExtKeyUsageExt   */ '6', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ExtendedEmailAddrs  */ '7', PR_TRUE, 0, PR_FALSE },
+      { /* opt_ExtendedDNSNames    */ '8', PR_TRUE, 0, PR_FALSE },
+      { /* opt_ASCIIForIO          */ 'a', PR_FALSE, 0, PR_FALSE },
+      { /* opt_ValidityTime        */ 'b', PR_TRUE, 0, PR_FALSE },
+      { /* opt_IssuerName          */ 'c', PR_TRUE, 0, PR_FALSE },
+      { /* opt_CertDir             */ 'd', PR_TRUE, 0, PR_FALSE },
+      { /* opt_VerifySig           */ 'e', PR_FALSE, 0, PR_FALSE },
+      { /* opt_PasswordFile        */ 'f', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeySize             */ 'g', PR_TRUE, 0, PR_FALSE },
+      { /* opt_TokenName           */ 'h', PR_TRUE, 0, PR_FALSE },
+      { /* opt_InputFile           */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Emailaddress        */ 0, PR_TRUE, 0, PR_FALSE, "email" },
+      { /* opt_KeyIndex            */ 'j', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeyType             */ 'k', PR_TRUE, 0, PR_FALSE },
+      { /* opt_DetailedInfo        */ 'l', PR_FALSE, 0, PR_FALSE },
+      { /* opt_SerialNumber        */ 'm', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Nickname            */ 'n', PR_TRUE, 0, PR_FALSE },
+      { /* opt_OutputFile          */ 'o', PR_TRUE, 0, PR_FALSE },
+      { /* opt_PhoneNumber         */ 'p', PR_TRUE, 0, PR_FALSE },
+      { /* opt_DBPrefix            */ 'P', PR_TRUE, 0, PR_FALSE },
+      { /* opt_PQGFile             */ 'q', PR_TRUE, 0, PR_FALSE },
+      { /* opt_BinaryDER           */ 'r', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Subject             */ 's', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Trust               */ 't', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Usage               */ 'u', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Validity            */ 'v', PR_TRUE, 0, PR_FALSE },
+      { /* opt_OffsetMonths        */ 'w', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SelfSign            */ 'x', PR_FALSE, 0, PR_FALSE },
+      { /* opt_RW                  */ 'X', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Exponent            */ 'y', PR_TRUE, 0, PR_FALSE },
+      { /* opt_NoiseFile           */ 'z', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Hash                */ 'Z', PR_TRUE, 0, PR_FALSE },
+      { /* opt_NewPasswordFile     */ '@', PR_TRUE, 0, PR_FALSE },
+      { /* opt_AddAuthInfoAccExt   */ 0, PR_FALSE, 0, PR_FALSE, "extAIA" },
+      { /* opt_AddSubjInfoAccExt   */ 0, PR_FALSE, 0, PR_FALSE, "extSIA" },
+      { /* opt_AddCertPoliciesExt  */ 0, PR_FALSE, 0, PR_FALSE, "extCP" },
+      { /* opt_AddPolicyMapExt     */ 0, PR_FALSE, 0, PR_FALSE, "extPM" },
+      { /* opt_AddPolicyConstrExt  */ 0, PR_FALSE, 0, PR_FALSE, "extPC" },
+      { /* opt_AddInhibAnyExt      */ 0, PR_FALSE, 0, PR_FALSE, "extIA" },
+      { /* opt_AddNameConstraintsExt*/ 0, PR_FALSE, 0, PR_FALSE, "extNC" },
+      { /* opt_AddSubjectKeyIDExt  */ 0, PR_FALSE, 0, PR_FALSE,
+        "extSKID" },
+      { /* opt_AddCmdKeyUsageExt   */ 0, PR_TRUE, 0, PR_FALSE,
+        "keyUsage" },
+      { /* opt_AddCmdNSCertTypeExt */ 0, PR_TRUE, 0, PR_FALSE,
+        "nsCertType" },
+      { /* opt_AddCmdExtKeyUsageExt*/ 0, PR_TRUE, 0, PR_FALSE,
+        "extKeyUsage" },
+
+      { /* opt_SourceDir           */ 0, PR_TRUE, 0, PR_FALSE,
+        "source-dir" },
+      { /* opt_SourcePrefix        */ 0, PR_TRUE, 0, PR_FALSE,
+        "source-prefix" },
+      { /* opt_UpgradeID           */ 0, PR_TRUE, 0, PR_FALSE,
+        "upgrade-id" },
+      { /* opt_UpgradeTokenName    */ 0, PR_TRUE, 0, PR_FALSE,
+        "upgrade-token-name" },
+      { /* opt_KeyOpFlagsOn        */ 0, PR_TRUE, 0, PR_FALSE,
+        "keyOpFlagsOn" },
+      { /* opt_KeyOpFlagsOff       */ 0, PR_TRUE, 0, PR_FALSE,
+        "keyOpFlagsOff" },
+      { /* opt_KeyAttrFlags        */ 0, PR_TRUE, 0, PR_FALSE,
+        "keyAttrFlags" },
+      { /* opt_EmptyPassword       */ 0, PR_FALSE, 0, PR_FALSE,
+        "empty-password" },
+      { /* opt_CertVersion         */ 0, PR_TRUE, 0, PR_FALSE,
+        "certVersion" },
+      { /* opt_AddSubjectAltExt    */ 0, PR_TRUE, 0, PR_FALSE, "extSAN" },
+      { /* opt_DumpExtensionValue  */ 0, PR_TRUE, 0, PR_FALSE,
+        "dump-ext-val" },
+      { /* opt_GenericExtensions   */ 0, PR_TRUE, 0, PR_FALSE,
+        "extGeneric" },
+      { /* opt_NewNickname         */ 0, PR_TRUE, 0, PR_FALSE,
+        "new-n" },
+      { /* opt_Pss                 */ 0, PR_FALSE, 0, PR_FALSE,
+        "pss" },
+    };
+#define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
+
+static secuCommandFlag certutil_commands[NUM_COMMANDS];
+static secuCommandFlag certutil_options[NUM_OPTIONS];
+
+static const secuCommand certutil = {
+    NUM_COMMANDS,
+    NUM_OPTIONS,
+    certutil_commands,
+    certutil_options
+};
+
+static certutilExtnList certutil_extns;
+
+static int
+certutil_main(int argc, char **argv, PRBool initialize)
+{
+    CERTCertDBHandle *certHandle;
+    PK11SlotInfo *slot = NULL;
+    CERTName *subject = 0;
+    PRFileDesc *inFile = PR_STDIN;
+    PRFileDesc *outFile = PR_STDOUT;
+    SECItem certReqDER = { siBuffer, NULL, 0 };
+    SECItem certDER = { siBuffer, NULL, 0 };
+    const char *slotname = "internal";
+    const char *certPrefix = "";
+    char *sourceDir = "";
+    const char *srcCertPrefix = "";
+    char *upgradeID = "";
+    char *upgradeTokenName = "";
+    KeyType keytype = rsaKey;
+    char *name = NULL;
+    char *newName = NULL;
+    char *email = NULL;
+    char *keysource = NULL;
+    SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
+    int keysize = DEFAULT_KEY_BITS;
+    int publicExponent = 0x010001;
+    int certVersion = SEC_CERTIFICATE_VERSION_3;
+    unsigned int serialNumber = 0;
+    int warpmonths = 0;
+    int validityMonths = 3;
+    int commandsEntered = 0;
+    char commandToRun = '\0';
+    secuPWData pwdata = { PW_NONE, 0 };
+    secuPWData pwdata2 = { PW_NONE, 0 };
+    PRBool readOnly = PR_FALSE;
+    PRBool initialized = PR_FALSE;
+    CK_FLAGS keyOpFlagsOn = 0;
+    CK_FLAGS keyOpFlagsOff = 0;
+    PK11AttrFlags keyAttrFlags =
+        PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE;
+
+    SECKEYPrivateKey *privkey = NULL;
+    SECKEYPublicKey *pubkey = NULL;
+
+    int i;
+    SECStatus rv;
+
+    progName = PORT_Strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+    memcpy(certutil_commands, commands_init, sizeof commands_init);
+    memcpy(certutil_options, options_init, sizeof options_init);
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &certutil);
+
+    if (rv != SECSuccess)
+        Usage(progName);
+
+    if (certutil.commands[cmd_PrintSyntax].activated) {
+        PrintSyntax(progName);
+    }
+
+    if (certutil.commands[cmd_PrintHelp].activated) {
+        int i;
+        char buf[2];
+        const char *command = NULL;
+        for (i = 0; i < max_cmd; i++) {
+            if (i == cmd_PrintHelp)
+                continue;
+            if (certutil.commands[i].activated) {
+                if (certutil.commands[i].flag) {
+                    buf[0] = certutil.commands[i].flag;
+                    buf[1] = 0;
+                    command = buf;
+                } else {
+                    command = certutil.commands[i].longform;
+                }
+                break;
+            }
+        }
+        LongUsage(progName, (command ? usage_selected : usage_all), command);
+        exit(1);
+    }
+
+    if (certutil.options[opt_PasswordFile].arg) {
+        pwdata.source = PW_FROMFILE;
+        pwdata.data = certutil.options[opt_PasswordFile].arg;
+    }
+    if (certutil.options[opt_NewPasswordFile].arg) {
+        pwdata2.source = PW_FROMFILE;
+        pwdata2.data = certutil.options[opt_NewPasswordFile].arg;
+    }
+
+    if (certutil.options[opt_CertDir].activated)
+        SECU_ConfigDirectory(certutil.options[opt_CertDir].arg);
+
+    if (certutil.options[opt_SourceDir].activated)
+        sourceDir = certutil.options[opt_SourceDir].arg;
+
+    if (certutil.options[opt_UpgradeID].activated)
+        upgradeID = certutil.options[opt_UpgradeID].arg;
+
+    if (certutil.options[opt_UpgradeTokenName].activated)
+        upgradeTokenName = certutil.options[opt_UpgradeTokenName].arg;
+
+    if (certutil.options[opt_KeySize].activated) {
+        keysize = PORT_Atoi(certutil.options[opt_KeySize].arg);
+        if ((keysize < MIN_KEY_BITS) || (keysize > MAX_KEY_BITS)) {
+            PR_fprintf(PR_STDERR,
+                       "%s -g:  Keysize must be between %d and %d.\n",
+                       progName, MIN_KEY_BITS, MAX_KEY_BITS);
+            return 255;
+        }
+#ifndef NSS_DISABLE_ECC
+        if (keytype == ecKey) {
+            PR_fprintf(PR_STDERR, "%s -g:  Not for ec keys.\n", progName);
+            return 255;
+        }
+#endif /* NSS_DISABLE_ECC */
+    }
+
+    /*  -h specify token name  */
+    if (certutil.options[opt_TokenName].activated) {
+        if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0)
+            slotname = NULL;
+        else
+            slotname = certutil.options[opt_TokenName].arg;
+    }
+
+    /*  -Z hash type  */
+    if (certutil.options[opt_Hash].activated) {
+        char *arg = certutil.options[opt_Hash].arg;
+        hashAlgTag = SECU_StringToSignatureAlgTag(arg);
+        if (hashAlgTag == SEC_OID_UNKNOWN) {
+            PR_fprintf(PR_STDERR, "%s -Z:  %s is not a recognized type.\n",
+                       progName, arg);
+            return 255;
+        }
+    }
+
+    /*  -k key type  */
+    if (certutil.options[opt_KeyType].activated) {
+        char *arg = certutil.options[opt_KeyType].arg;
+        if (PL_strcmp(arg, "rsa") == 0) {
+            keytype = rsaKey;
+        } else if (PL_strcmp(arg, "dsa") == 0) {
+            keytype = dsaKey;
+#ifndef NSS_DISABLE_ECC
+        } else if (PL_strcmp(arg, "ec") == 0) {
+            keytype = ecKey;
+#endif /* NSS_DISABLE_ECC */
+        } else if (PL_strcmp(arg, "all") == 0) {
+            keytype = nullKey;
+        } else {
+            /* use an existing private/public key pair */
+            keysource = arg;
+        }
+    } else if (certutil.commands[cmd_ListKeys].activated) {
+        keytype = nullKey;
+    }
+
+    if (certutil.options[opt_KeyOpFlagsOn].activated) {
+        keyOpFlagsOn = GetOpFlags(certutil.options[opt_KeyOpFlagsOn].arg);
+    }
+    if (certutil.options[opt_KeyOpFlagsOff].activated) {
+        keyOpFlagsOff = GetOpFlags(certutil.options[opt_KeyOpFlagsOff].arg);
+        keyOpFlagsOn &= ~keyOpFlagsOff; /* make off override on */
+    }
+    if (certutil.options[opt_KeyAttrFlags].activated) {
+        keyAttrFlags = GetAttrFlags(certutil.options[opt_KeyAttrFlags].arg);
+    }
+
+    /*  -m serial number */
+    if (certutil.options[opt_SerialNumber].activated) {
+        int sn = PORT_Atoi(certutil.options[opt_SerialNumber].arg);
+        if (sn < 0) {
+            PR_fprintf(PR_STDERR, "%s -m:  %s is not a valid serial number.\n",
+                       progName, certutil.options[opt_SerialNumber].arg);
+            return 255;
+        }
+        serialNumber = sn;
+    }
+
+    /*  -P certdb name prefix */
+    if (certutil.options[opt_DBPrefix].activated) {
+        if (certutil.options[opt_DBPrefix].arg) {
+            certPrefix = certutil.options[opt_DBPrefix].arg;
+        } else {
+            Usage(progName);
+        }
+    }
+
+    /*  --source-prefix certdb name prefix */
+    if (certutil.options[opt_SourcePrefix].activated) {
+        if (certutil.options[opt_SourcePrefix].arg) {
+            srcCertPrefix = certutil.options[opt_SourcePrefix].arg;
+        } else {
+            Usage(progName);
+        }
+    }
+
+    /*  -q PQG file or curve name */
+    if (certutil.options[opt_PQGFile].activated) {
+#ifndef NSS_DISABLE_ECC
+        if ((keytype != dsaKey) && (keytype != ecKey)) {
+            PR_fprintf(PR_STDERR, "%s -q: specifies a PQG file for DSA keys"
+                                  " (-k dsa) or a named curve for EC keys (-k ec)\n)",
+                       progName);
+#else  /* } */
+        if (keytype != dsaKey) {
+            PR_fprintf(PR_STDERR, "%s -q: PQG file is for DSA key (-k dsa).\n)",
+                       progName);
+#endif /* NSS_DISABLE_ECC */
+            return 255;
+        }
+    }
+
+    /*  -s subject name  */
+    if (certutil.options[opt_Subject].activated) {
+        subject = CERT_AsciiToName(certutil.options[opt_Subject].arg);
+        if (!subject) {
+            PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
+                       progName, certutil.options[opt_Subject].arg);
+            return 255;
+        }
+    }
+
+    /*  -v validity period  */
+    if (certutil.options[opt_Validity].activated) {
+        validityMonths = PORT_Atoi(certutil.options[opt_Validity].arg);
+        if (validityMonths < 0) {
+            PR_fprintf(PR_STDERR, "%s -v: incorrect validity period: \"%s\"\n",
+                       progName, certutil.options[opt_Validity].arg);
+            return 255;
+        }
+    }
+
+    /*  -w warp months  */
+    if (certutil.options[opt_OffsetMonths].activated)
+        warpmonths = PORT_Atoi(certutil.options[opt_OffsetMonths].arg);
+
+    /*  -y public exponent (for RSA)  */
+    if (certutil.options[opt_Exponent].activated) {
+        publicExponent = PORT_Atoi(certutil.options[opt_Exponent].arg);
+        if ((publicExponent != 3) &&
+            (publicExponent != 17) &&
+            (publicExponent != 65537)) {
+            PR_fprintf(PR_STDERR, "%s -y: incorrect public exponent %d.",
+                       progName, publicExponent);
+            PR_fprintf(PR_STDERR, "Must be 3, 17, or 65537.\n");
+            return 255;
+        }
+    }
+
+    /*  --certVersion */
+    if (certutil.options[opt_CertVersion].activated) {
+        certVersion = PORT_Atoi(certutil.options[opt_CertVersion].arg);
+        if (certVersion < 1 || certVersion > 4) {
+            PR_fprintf(PR_STDERR, "%s -certVersion: incorrect certificate version %d.",
+                       progName, certVersion);
+            PR_fprintf(PR_STDERR, "Must be 1, 2, 3 or 4.\n");
+            return 255;
+        }
+        certVersion = certVersion - 1;
+    }
+
+    /*  Check number of commands entered.  */
+    commandsEntered = 0;
+    for (i = 0; i < certutil.numCommands; i++) {
+        if (certutil.commands[i].activated) {
+            commandToRun = certutil.commands[i].flag;
+            commandsEntered++;
+        }
+        if (commandsEntered > 1)
+            break;
+    }
+    if (commandsEntered > 1) {
+        PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
+        PR_fprintf(PR_STDERR, "You entered: ");
+        for (i = 0; i < certutil.numCommands; i++) {
+            if (certutil.commands[i].activated)
+                PR_fprintf(PR_STDERR, " -%c", certutil.commands[i].flag);
+        }
+        PR_fprintf(PR_STDERR, "\n");
+        return 255;
+    }
+    if (commandsEntered == 0) {
+        Usage(progName);
+    }
+
+    if (certutil.commands[cmd_ListCerts].activated ||
+        certutil.commands[cmd_PrintHelp].activated ||
+        certutil.commands[cmd_ListKeys].activated ||
+        certutil.commands[cmd_ListModules].activated ||
+        certutil.commands[cmd_CheckCertValidity].activated ||
+        certutil.commands[cmd_Version].activated) {
+        readOnly = !certutil.options[opt_RW].activated;
+    }
+
+    /*  -A, -D, -F, -M, -S, -V, and all require -n  */
+    if ((certutil.commands[cmd_AddCert].activated ||
+         certutil.commands[cmd_DeleteCert].activated ||
+         certutil.commands[cmd_DeleteKey].activated ||
+         certutil.commands[cmd_DumpChain].activated ||
+         certutil.commands[cmd_ModifyCertTrust].activated ||
+         certutil.commands[cmd_CreateAndAddCert].activated ||
+         certutil.commands[cmd_CheckCertValidity].activated) &&
+        !certutil.options[opt_Nickname].activated) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: nickname is required for this command (-n).\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  -A, -E, -M, -S require trust  */
+    if ((certutil.commands[cmd_AddCert].activated ||
+         certutil.commands[cmd_AddEmailCert].activated ||
+         certutil.commands[cmd_ModifyCertTrust].activated ||
+         certutil.commands[cmd_CreateAndAddCert].activated) &&
+        !certutil.options[opt_Trust].activated) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: trust is required for this command (-t).\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  if -L is given raw, ascii or dump mode, it must be for only one cert. */
+    if (certutil.commands[cmd_ListCerts].activated &&
+        (certutil.options[opt_ASCIIForIO].activated ||
+         certutil.options[opt_DumpExtensionValue].activated ||
+         certutil.options[opt_BinaryDER].activated) &&
+        !certutil.options[opt_Nickname].activated) {
+        PR_fprintf(PR_STDERR,
+                   "%s: nickname is required to dump cert in raw or ascii mode.\n",
+                   progName);
+        return 255;
+    }
+
+    /*  -L can only be in (raw || ascii).  */
+    if (certutil.commands[cmd_ListCerts].activated &&
+        certutil.options[opt_ASCIIForIO].activated &&
+        certutil.options[opt_BinaryDER].activated) {
+        PR_fprintf(PR_STDERR,
+                   "%s: cannot specify both -r and -a when dumping cert.\n",
+                   progName);
+        return 255;
+    }
+
+    /*  If making a cert request, need a subject.  */
+    if ((certutil.commands[cmd_CertReq].activated ||
+         certutil.commands[cmd_CreateAndAddCert].activated) &&
+        !(certutil.options[opt_Subject].activated || keysource)) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: subject is required to create a cert request.\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  If making a cert, need a serial number.  */
+    if ((certutil.commands[cmd_CreateNewCert].activated ||
+         certutil.commands[cmd_CreateAndAddCert].activated) &&
+        !certutil.options[opt_SerialNumber].activated) {
+        /*  Make a default serial number from the current time.  */
+        PRTime now = PR_Now();
+        LL_USHR(now, now, 19);
+        LL_L2UI(serialNumber, now);
+    }
+
+    /*  Validation needs the usage to validate for.  */
+    if (certutil.commands[cmd_CheckCertValidity].activated &&
+        !certutil.options[opt_Usage].activated) {
+        PR_fprintf(PR_STDERR,
+                   "%s -V: specify a usage to validate the cert for (-u).\n",
+                   progName);
+        return 255;
+    }
+
+    /* Rename needs an old and a new nickname */
+    if (certutil.commands[cmd_Rename].activated &&
+        !(certutil.options[opt_Nickname].activated &&
+          certutil.options[opt_NewNickname].activated)) {
+
+        PR_fprintf(PR_STDERR,
+                   "%s --rename: specify an old nickname (-n) and\n"
+                   "   a new nickname (--new-n).\n",
+                   progName);
+        return 255;
+    }
+
+    /* Upgrade/Merge needs a source database and a upgrade id. */
+    if (certutil.commands[cmd_UpgradeMerge].activated &&
+        !(certutil.options[opt_SourceDir].activated &&
+          certutil.options[opt_UpgradeID].activated)) {
+
+        PR_fprintf(PR_STDERR,
+                   "%s --upgrade-merge: specify an upgrade database directory "
+                   "(--source-dir) and\n"
+                   "   an upgrade ID (--upgrade-id).\n",
+                   progName);
+        return 255;
+    }
+
+    /* Merge needs a source database */
+    if (certutil.commands[cmd_Merge].activated &&
+        !certutil.options[opt_SourceDir].activated) {
+
+        PR_fprintf(PR_STDERR,
+                   "%s --merge: specify an source database directory "
+                   "(--source-dir)\n",
+                   progName);
+        return 255;
+    }
+
+    /*  To make a cert, need either a issuer or to self-sign it.  */
+    if (certutil.commands[cmd_CreateAndAddCert].activated &&
+        !(certutil.options[opt_IssuerName].activated ||
+          certutil.options[opt_SelfSign].activated)) {
+        PR_fprintf(PR_STDERR,
+                   "%s -S: must specify issuer (-c) or self-sign (-x).\n",
+                   progName);
+        return 255;
+    }
+
+    /*  Using slotname == NULL for listing keys and certs on all slots,
+     *  but only that. */
+    if (!(certutil.commands[cmd_ListKeys].activated ||
+          certutil.commands[cmd_DumpChain].activated ||
+          certutil.commands[cmd_ListCerts].activated) &&
+        slotname == NULL) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: cannot use \"-h all\" for this command.\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  Using keytype == nullKey for list all key types, but only that.  */
+    if (!certutil.commands[cmd_ListKeys].activated && keytype == nullKey) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: cannot use \"-k all\" for this command.\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  Open the input file.  */
+    if (certutil.options[opt_InputFile].activated) {
+        inFile = PR_Open(certutil.options[opt_InputFile].arg, PR_RDONLY, 0);
+        if (!inFile) {
+            PR_fprintf(PR_STDERR,
+                       "%s:  unable to open \"%s\" for reading (%ld, %ld).\n",
+                       progName, certutil.options[opt_InputFile].arg,
+                       PR_GetError(), PR_GetOSError());
+            return 255;
+        }
+    }
+
+    /*  Open the output file.  */
+    if (certutil.options[opt_OutputFile].activated) {
+        outFile = PR_Open(certutil.options[opt_OutputFile].arg,
+                          PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 00660);
+        if (!outFile) {
+            PR_fprintf(PR_STDERR,
+                       "%s:  unable to open \"%s\" for writing (%ld, %ld).\n",
+                       progName, certutil.options[opt_OutputFile].arg,
+                       PR_GetError(), PR_GetOSError());
+            return 255;
+        }
+    }
+
+    name = SECU_GetOptionArg(&certutil, opt_Nickname);
+    newName = SECU_GetOptionArg(&certutil, opt_NewNickname);
+    email = SECU_GetOptionArg(&certutil, opt_Emailaddress);
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    if (PR_TRUE == initialize) {
+        /*  Initialize NSPR and NSS.  */
+        PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+        if (!certutil.commands[cmd_UpgradeMerge].activated) {
+            rv = NSS_Initialize(SECU_ConfigDirectory(NULL),
+                                certPrefix, certPrefix,
+                                "secmod.db", readOnly ? NSS_INIT_READONLY : 0);
+        } else {
+            rv = NSS_InitWithMerge(SECU_ConfigDirectory(NULL),
+                                   certPrefix, certPrefix, "secmod.db",
+                                   sourceDir, srcCertPrefix, srcCertPrefix,
+                                   upgradeID, upgradeTokenName,
+                                   readOnly ? NSS_INIT_READONLY : 0);
+        }
+        if (rv != SECSuccess) {
+            SECU_PrintPRandOSError(progName);
+            rv = SECFailure;
+            goto shutdown;
+        }
+        initialized = PR_TRUE;
+        SECU_RegisterDynamicOids();
+    }
+    certHandle = CERT_GetDefaultCertDB();
+
+    if (certutil.commands[cmd_Version].activated) {
+        printf("Certificate database content version: command not implemented.\n");
+    }
+
+    if (PL_strcmp(slotname, "internal") == 0)
+        slot = PK11_GetInternalKeySlot();
+    else if (slotname != NULL)
+        slot = PK11_FindSlotByName(slotname);
+
+    if (!slot && (certutil.commands[cmd_NewDBs].activated ||
+                  certutil.commands[cmd_ModifyCertTrust].activated ||
+                  certutil.commands[cmd_ChangePassword].activated ||
+                  certutil.commands[cmd_TokenReset].activated ||
+                  certutil.commands[cmd_CreateAndAddCert].activated ||
+                  certutil.commands[cmd_AddCert].activated ||
+                  certutil.commands[cmd_Merge].activated ||
+                  certutil.commands[cmd_UpgradeMerge].activated ||
+                  certutil.commands[cmd_AddEmailCert].activated)) {
+
+        SECU_PrintError(progName, "could not find the slot %s", slotname);
+        rv = SECFailure;
+        goto shutdown;
+    }
+
+    /*  If creating new database, initialize the password.  */
+    if (certutil.commands[cmd_NewDBs].activated) {
+        if (certutil.options[opt_EmptyPassword].activated && (PK11_NeedUserInit(slot)))
+            PK11_InitPin(slot, (char *)NULL, "");
+        else
+            SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+                           certutil.options[opt_NewPasswordFile].arg);
+    }
+
+    /* walk through the upgrade merge if necessary.
+     * This option is more to test what some applications will want to do
+     * to do an automatic upgrade. The --merge command is more useful for
+     * the general case where 2 database need to be merged together.
+     */
+    if (certutil.commands[cmd_UpgradeMerge].activated) {
+        if (*upgradeTokenName == 0) {
+            upgradeTokenName = upgradeID;
+        }
+        if (!PK11_IsInternal(slot)) {
+            fprintf(stderr, "Only internal DB's can be upgraded\n");
+            rv = SECSuccess;
+            goto shutdown;
+        }
+        if (!PK11_IsRemovable(slot)) {
+            printf("database already upgraded.\n");
+            rv = SECSuccess;
+            goto shutdown;
+        }
+        if (!PK11_NeedLogin(slot)) {
+            printf("upgrade complete!\n");
+            rv = SECSuccess;
+            goto shutdown;
+        }
+        /* authenticate to the old DB if necessary */
+        if (PORT_Strcmp(PK11_GetTokenName(slot), upgradeTokenName) == 0) {
+            /* if we need a password, supply it. This will be the password
+             * for the old database */
+            rv = PK11_Authenticate(slot, PR_FALSE, &pwdata2);
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName, "Could not get password for %s",
+                                upgradeTokenName);
+                goto shutdown;
+            }
+            /*
+             * if we succeeded above, but still aren't logged in, that means
+             * we just supplied the password for the old database. We may
+             * need the password for the new database. NSS will automatically
+             * change the token names at this point
+             */
+            if (PK11_IsLoggedIn(slot, &pwdata)) {
+                printf("upgrade complete!\n");
+                rv = SECSuccess;
+                goto shutdown;
+            }
+        }
+
+        /* call PK11_IsPresent to update our cached token information */
+        if (!PK11_IsPresent(slot)) {
+            /* this shouldn't happen. We call isPresent to force a token
+             * info update */
+            fprintf(stderr, "upgrade/merge internal error\n");
+            rv = SECFailure;
+            goto shutdown;
+        }
+
+        /* the token is now set to the state of the source database,
+         * if we need a password for it, PK11_Authenticate will
+         * automatically prompt us */
+        rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
+        if (rv == SECSuccess) {
+            printf("upgrade complete!\n");
+        } else {
+            SECU_PrintError(progName, "Could not get password for %s",
+                            PK11_GetTokenName(slot));
+        }
+        goto shutdown;
+    }
+
+    /*
+     * merge 2 databases.
+     */
+    if (certutil.commands[cmd_Merge].activated) {
+        PK11SlotInfo *sourceSlot = NULL;
+        PK11MergeLog *log;
+        char *modspec = PR_smprintf(
+            "configDir='%s' certPrefix='%s' tokenDescription='%s'",
+            sourceDir, srcCertPrefix,
+            *upgradeTokenName ? upgradeTokenName : "Source Database");
+
+        if (!modspec) {
+            rv = SECFailure;
+            goto shutdown;
+        }
+
+        sourceSlot = SECMOD_OpenUserDB(modspec);
+        PR_smprintf_free(modspec);
+        if (!sourceSlot) {
+            SECU_PrintError(progName, "couldn't open source database");
+            rv = SECFailure;
+            goto shutdown;
+        }
+
+        rv = PK11_Authenticate(slot, PR_FALSE, &pwdata);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "Couldn't get password for %s",
+                            PK11_GetTokenName(slot));
+            goto merge_fail;
+        }
+
+        rv = PK11_Authenticate(sourceSlot, PR_FALSE, &pwdata2);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "Couldn't get password for %s",
+                            PK11_GetTokenName(sourceSlot));
+            goto merge_fail;
+        }
+
+        log = PK11_CreateMergeLog();
+        if (!log) {
+            rv = SECFailure;
+            SECU_PrintError(progName, "couldn't create error log");
+            goto merge_fail;
+        }
+
+        rv = PK11_MergeTokens(slot, sourceSlot, log, &pwdata, &pwdata2);
+        if (rv != SECSuccess) {
+            DumpMergeLog(progName, log);
+        }
+        PK11_DestroyMergeLog(log);
+
+    merge_fail:
+        SECMOD_CloseUserDB(sourceSlot);
+        PK11_FreeSlot(sourceSlot);
+        goto shutdown;
+    }
+
+    /* The following 8 options are mutually exclusive with all others. */
+
+    /*  List certs (-L)  */
+    if (certutil.commands[cmd_ListCerts].activated) {
+        if (certutil.options[opt_DumpExtensionValue].activated) {
+            const char *oid_str;
+            SECItem oid_item;
+            SECStatus srv;
+            oid_item.data = NULL;
+            oid_item.len = 0;
+            oid_str = certutil.options[opt_DumpExtensionValue].arg;
+            srv = GetOidFromString(NULL, &oid_item, oid_str, strlen(oid_str));
+            if (srv != SECSuccess) {
+                SECU_PrintError(progName, "malformed extension OID %s",
+                                oid_str);
+                goto shutdown;
+            }
+            rv = ListCerts(certHandle, name, email, slot,
+                           PR_TRUE /*binary*/, PR_FALSE /*ascii*/,
+                           &oid_item,
+                           outFile, &pwdata);
+            SECITEM_FreeItem(&oid_item, PR_FALSE);
+        } else {
+            rv = ListCerts(certHandle, name, email, slot,
+                           certutil.options[opt_BinaryDER].activated,
+                           certutil.options[opt_ASCIIForIO].activated,
+                           NULL, outFile, &pwdata);
+        }
+        goto shutdown;
+    }
+    if (certutil.commands[cmd_DumpChain].activated) {
+        rv = DumpChain(certHandle, name,
+                       certutil.options[opt_ASCIIForIO].activated);
+        goto shutdown;
+    }
+    /*  XXX needs work  */
+    /*  List keys (-K)  */
+    if (certutil.commands[cmd_ListKeys].activated) {
+        rv = ListKeys(slot, name, 0 /*keyindex*/, keytype, PR_FALSE /*dopriv*/,
+                      &pwdata);
+        goto shutdown;
+    }
+    /*  List modules (-U)  */
+    if (certutil.commands[cmd_ListModules].activated) {
+        rv = ListModules();
+        goto shutdown;
+    }
+    /*  Delete cert (-D)  */
+    if (certutil.commands[cmd_DeleteCert].activated) {
+        rv = DeleteCert(certHandle, name);
+        goto shutdown;
+    }
+    /*  Rename cert (--rename)  */
+    if (certutil.commands[cmd_Rename].activated) {
+        rv = RenameCert(certHandle, name, newName);
+        goto shutdown;
+    }
+    /*  Delete key (-F)  */
+    if (certutil.commands[cmd_DeleteKey].activated) {
+        rv = DeleteKey(name, &pwdata);
+        goto shutdown;
+    }
+    /*  Modify trust attribute for cert (-M)  */
+    if (certutil.commands[cmd_ModifyCertTrust].activated) {
+        rv = ChangeTrustAttributes(certHandle, slot, name,
+                                   certutil.options[opt_Trust].arg, &pwdata);
+        goto shutdown;
+    }
+    /*  Change key db password (-W) (future - change pw to slot?)  */
+    if (certutil.commands[cmd_ChangePassword].activated) {
+        rv = SECU_ChangePW2(slot, 0, 0, certutil.options[opt_PasswordFile].arg,
+                            certutil.options[opt_NewPasswordFile].arg);
+        goto shutdown;
+    }
+    /*  Reset the a token */
+    if (certutil.commands[cmd_TokenReset].activated) {
+        char *sso_pass = "";
+
+        if (certutil.options[opt_SSOPass].activated) {
+            sso_pass = certutil.options[opt_SSOPass].arg;
+        }
+        rv = PK11_ResetToken(slot, sso_pass);
+
+        goto shutdown;
+    }
+    /*  Check cert validity against current time (-V)  */
+    if (certutil.commands[cmd_CheckCertValidity].activated) {
+        /* XXX temporary hack for fips - must log in to get priv key */
+        if (certutil.options[opt_VerifySig].activated) {
+            if (slot && PK11_NeedLogin(slot)) {
+                SECStatus newrv = PK11_Authenticate(slot, PR_TRUE, &pwdata);
+                if (newrv != SECSuccess) {
+                    SECU_PrintError(progName, "could not authenticate to token %s.",
+                                    PK11_GetTokenName(slot));
+                    goto shutdown;
+                }
+            }
+        }
+        rv = ValidateCert(certHandle, name,
+                          certutil.options[opt_ValidityTime].arg,
+                          certutil.options[opt_Usage].arg,
+                          certutil.options[opt_VerifySig].activated,
+                          certutil.options[opt_DetailedInfo].activated,
+                          certutil.options[opt_ASCIIForIO].activated,
+                          &pwdata);
+        if (rv != SECSuccess && PR_GetError() == SEC_ERROR_INVALID_ARGS)
+            SECU_PrintError(progName, "validation failed");
+        goto shutdown;
+    }
+
+    /*
+     *  Key generation
+     */
+
+    /*  These commands may require keygen.  */
+    if (certutil.commands[cmd_CertReq].activated ||
+        certutil.commands[cmd_CreateAndAddCert].activated ||
+        certutil.commands[cmd_GenKeyPair].activated) {
+        if (keysource) {
+            CERTCertificate *keycert;
+            keycert = CERT_FindCertByNicknameOrEmailAddr(certHandle, keysource);
+            if (!keycert) {
+                keycert = PK11_FindCertFromNickname(keysource, NULL);
+                if (!keycert) {
+                    SECU_PrintError(progName,
+                                    "%s is neither a key-type nor a nickname", keysource);
+                    return SECFailure;
+                }
+            }
+            privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
+            if (privkey)
+                pubkey = CERT_ExtractPublicKey(keycert);
+            if (!pubkey) {
+                SECU_PrintError(progName,
+                                "Could not get keys from cert %s", keysource);
+                rv = SECFailure;
+                CERT_DestroyCertificate(keycert);
+                goto shutdown;
+            }
+            keytype = privkey->keyType;
+            /* On CertReq for renewal if no subject has been
+             * specified obtain it from the certificate.
+             */
+            if (certutil.commands[cmd_CertReq].activated && !subject) {
+                subject = CERT_AsciiToName(keycert->subjectName);
+                if (!subject) {
+                    SECU_PrintError(progName,
+                                    "Could not get subject from certificate %s", keysource);
+                    CERT_DestroyCertificate(keycert);
+                    rv = SECFailure;
+                    goto shutdown;
+                }
+            }
+            CERT_DestroyCertificate(keycert);
+        } else {
+            privkey =
+                CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,
+                                            publicExponent,
+                                            certutil.options[opt_NoiseFile].arg,
+                                            &pubkey,
+                                            certutil.options[opt_PQGFile].arg,
+                                            keyAttrFlags,
+                                            keyOpFlagsOn,
+                                            keyOpFlagsOff,
+                                            &pwdata);
+            if (privkey == NULL) {
+                SECU_PrintError(progName, "unable to generate key(s)\n");
+                rv = SECFailure;
+                goto shutdown;
+            }
+        }
+        privkey->wincx = &pwdata;
+        PORT_Assert(pubkey != NULL);
+
+        /*  If all that was needed was keygen, exit.  */
+        if (certutil.commands[cmd_GenKeyPair].activated) {
+            rv = SECSuccess;
+            goto shutdown;
+        }
+    }
+
+    if (certutil.options[opt_Pss].activated) {
+        if (!certutil.commands[cmd_CertReq].activated &&
+            !certutil.commands[cmd_CreateAndAddCert].activated) {
+            PR_fprintf(PR_STDERR,
+                       "%s -%c: --pss only works with -R or -S.\n",
+                       progName, commandToRun);
+            return 255;
+        }
+        if (keytype != rsaKey) {
+            PR_fprintf(PR_STDERR,
+                       "%s -%c: --pss only works with RSA keys.\n",
+                       progName, commandToRun);
+            return 255;
+        }
+    }
+
+    /* If we need a list of extensions convert the flags into list format */
+    if (certutil.commands[cmd_CertReq].activated ||
+        certutil.commands[cmd_CreateAndAddCert].activated ||
+        certutil.commands[cmd_CreateNewCert].activated) {
+        certutil_extns[ext_keyUsage].activated =
+            certutil.options[opt_AddCmdKeyUsageExt].activated;
+        if (!certutil_extns[ext_keyUsage].activated) {
+            certutil_extns[ext_keyUsage].activated =
+                certutil.options[opt_AddKeyUsageExt].activated;
+        } else {
+            certutil_extns[ext_keyUsage].arg =
+                certutil.options[opt_AddCmdKeyUsageExt].arg;
+        }
+        certutil_extns[ext_basicConstraint].activated =
+            certutil.options[opt_AddBasicConstraintExt].activated;
+        certutil_extns[ext_nameConstraints].activated =
+            certutil.options[opt_AddNameConstraintsExt].activated;
+        certutil_extns[ext_authorityKeyID].activated =
+            certutil.options[opt_AddAuthorityKeyIDExt].activated;
+        certutil_extns[ext_subjectKeyID].activated =
+            certutil.options[opt_AddSubjectKeyIDExt].activated;
+        certutil_extns[ext_CRLDistPts].activated =
+            certutil.options[opt_AddCRLDistPtsExt].activated;
+        certutil_extns[ext_NSCertType].activated =
+            certutil.options[opt_AddCmdNSCertTypeExt].activated;
+        if (!certutil_extns[ext_NSCertType].activated) {
+            certutil_extns[ext_NSCertType].activated =
+                certutil.options[opt_AddNSCertTypeExt].activated;
+        } else {
+            certutil_extns[ext_NSCertType].arg =
+                certutil.options[opt_AddCmdNSCertTypeExt].arg;
+        }
+
+        certutil_extns[ext_extKeyUsage].activated =
+            certutil.options[opt_AddCmdExtKeyUsageExt].activated;
+        if (!certutil_extns[ext_extKeyUsage].activated) {
+            certutil_extns[ext_extKeyUsage].activated =
+                certutil.options[opt_AddExtKeyUsageExt].activated;
+        } else {
+            certutil_extns[ext_extKeyUsage].arg =
+                certutil.options[opt_AddCmdExtKeyUsageExt].arg;
+        }
+        certutil_extns[ext_subjectAltName].activated =
+            certutil.options[opt_AddSubjectAltNameExt].activated;
+        if (certutil_extns[ext_subjectAltName].activated) {
+            certutil_extns[ext_subjectAltName].arg =
+                certutil.options[opt_AddSubjectAltNameExt].arg;
+        }
+
+        certutil_extns[ext_authInfoAcc].activated =
+            certutil.options[opt_AddAuthInfoAccExt].activated;
+        certutil_extns[ext_subjInfoAcc].activated =
+            certutil.options[opt_AddSubjInfoAccExt].activated;
+        certutil_extns[ext_certPolicies].activated =
+            certutil.options[opt_AddCertPoliciesExt].activated;
+        certutil_extns[ext_policyMappings].activated =
+            certutil.options[opt_AddPolicyMapExt].activated;
+        certutil_extns[ext_policyConstr].activated =
+            certutil.options[opt_AddPolicyConstrExt].activated;
+        certutil_extns[ext_inhibitAnyPolicy].activated =
+            certutil.options[opt_AddInhibAnyExt].activated;
+    }
+
+    /* -A -C or -E    Read inFile */
+    if (certutil.commands[cmd_CreateNewCert].activated ||
+        certutil.commands[cmd_AddCert].activated ||
+        certutil.commands[cmd_AddEmailCert].activated) {
+        PRBool isCreate = certutil.commands[cmd_CreateNewCert].activated;
+        rv = SECU_ReadDERFromFile(isCreate ? &certReqDER : &certDER, inFile,
+                                  certutil.options[opt_ASCIIForIO].activated,
+                                  PR_TRUE);
+        if (rv)
+            goto shutdown;
+    }
+
+    /*
+     *  Certificate request
+     */
+
+    /*  Make a cert request (-R).  */
+    if (certutil.commands[cmd_CertReq].activated) {
+        rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
+                     certutil.options[opt_PhoneNumber].arg,
+                     certutil.options[opt_ASCIIForIO].activated,
+                     certutil.options[opt_ExtendedEmailAddrs].arg,
+                     certutil.options[opt_ExtendedDNSNames].arg,
+                     certutil_extns,
+                     (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
+                                                                        : NULL),
+                     certutil.options[opt_Pss].activated,
+                     &certReqDER);
+        if (rv)
+            goto shutdown;
+        privkey->wincx = &pwdata;
+    }
+
+    /*
+     *  Certificate creation
+     */
+
+    /*  If making and adding a cert, create a cert request file first without
+     *  any extensions, then load it with the command line extensions
+     *  and output the cert to another file.
+     */
+    if (certutil.commands[cmd_CreateAndAddCert].activated) {
+        static certutilExtnList nullextnlist = { { PR_FALSE, NULL } };
+        rv = CertReq(privkey, pubkey, keytype, hashAlgTag, subject,
+                     certutil.options[opt_PhoneNumber].arg,
+                     PR_FALSE, /* do not BASE64-encode regardless of -a option */
+                     NULL,
+                     NULL,
+                     nullextnlist,
+                     (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
+                                                                        : NULL),
+                     certutil.options[opt_Pss].activated,
+                     &certReqDER);
+        if (rv)
+            goto shutdown;
+        privkey->wincx = &pwdata;
+    }
+
+    /*  Create a certificate (-C or -S).  */
+    if (certutil.commands[cmd_CreateAndAddCert].activated ||
+        certutil.commands[cmd_CreateNewCert].activated) {
+        rv = CreateCert(certHandle, slot,
+                        certutil.options[opt_IssuerName].arg,
+                        &certReqDER, &privkey, &pwdata, hashAlgTag,
+                        serialNumber, warpmonths, validityMonths,
+                        certutil.options[opt_ExtendedEmailAddrs].arg,
+                        certutil.options[opt_ExtendedDNSNames].arg,
+                        certutil.options[opt_ASCIIForIO].activated &&
+                            certutil.commands[cmd_CreateNewCert].activated,
+                        certutil.options[opt_SelfSign].activated,
+                        certutil_extns,
+                        (certutil.options[opt_GenericExtensions].activated ? certutil.options[opt_GenericExtensions].arg
+                                                                           : NULL),
+                        certVersion,
+                        &certDER);
+        if (rv)
+            goto shutdown;
+    }
+
+    /*
+     * Adding a cert to the database (or slot)
+     */
+
+    /* -A -E or -S    Add the cert to the DB */
+    if (certutil.commands[cmd_CreateAndAddCert].activated ||
+        certutil.commands[cmd_AddCert].activated ||
+        certutil.commands[cmd_AddEmailCert].activated) {
+        if (strstr(certutil.options[opt_Trust].arg, "u")) {
+            fprintf(stderr, "Notice: Trust flag u is set automatically if the "
+                            "private key is present.\n");
+        }
+        rv = AddCert(slot, certHandle, name,
+                     certutil.options[opt_Trust].arg,
+                     &certDER,
+                     certutil.commands[cmd_AddEmailCert].activated, &pwdata);
+        if (rv)
+            goto shutdown;
+    }
+
+    if (certutil.commands[cmd_CertReq].activated ||
+        certutil.commands[cmd_CreateNewCert].activated) {
+        SECItem *item = certutil.commands[cmd_CertReq].activated ? &certReqDER
+                                                                 : &certDER;
+        PRInt32 written = PR_Write(outFile, item->data, item->len);
+        if (written < 0 || (PRUint32)written != item->len) {
+            rv = SECFailure;
+        }
+    }
+
+shutdown:
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    if (privkey) {
+        SECKEY_DestroyPrivateKey(privkey);
+    }
+    if (pubkey) {
+        SECKEY_DestroyPublicKey(pubkey);
+    }
+    if (subject) {
+        CERT_DestroyName(subject);
+    }
+    if (name) {
+        PL_strfree(name);
+    }
+    if (newName) {
+        PL_strfree(newName);
+    }
+    if (inFile && inFile != PR_STDIN) {
+        PR_Close(inFile);
+    }
+    if (outFile && outFile != PR_STDOUT) {
+        PR_Close(outFile);
+    }
+    SECITEM_FreeItem(&certReqDER, PR_FALSE);
+    SECITEM_FreeItem(&certDER, PR_FALSE);
+    if (pwdata.data && pwdata.source == PW_PLAINTEXT) {
+        /* Allocated by a PL_strdup call in SECU_GetModulePassword. */
+        PL_strfree(pwdata.data);
+    }
+    if (email) {
+        PL_strfree(email);
+    }
+
+    /* Open the batch command file.
+     *
+     * - If -B <command line> option is specified, the contents in the
+     * command file will be interpreted as subsequent certutil
+     * commands to be executed in the current certutil process
+     * context after the current certutil command has been executed.
+     * - Each line in the command file consists of the command
+     * line arguments for certutil.
+     * - The -d <configdir> option will be ignored if specified in the
+     * command file.
+     * - Quoting with double quote characters ("...") is supported
+     * to allow white space in a command line argument.  The
+     * double quote character cannot be escaped and quoting cannot
+     * be nested in this version.
+     * - each line in the batch file is limited to 512 characters
+    */
+
+    if ((SECSuccess == rv) && certutil.commands[cmd_Batch].activated) {
+        FILE *batchFile = NULL;
+        char *nextcommand = NULL;
+        PRInt32 cmd_len = 0, buf_size = 0;
+        static const int increment = 512;
+
+        if (!certutil.options[opt_InputFile].activated ||
+            !certutil.options[opt_InputFile].arg) {
+            PR_fprintf(PR_STDERR,
+                       "%s:  no batch input file specified.\n",
+                       progName);
+            return 255;
+        }
+        batchFile = fopen(certutil.options[opt_InputFile].arg, "r");
+        if (!batchFile) {
+            PR_fprintf(PR_STDERR,
+                       "%s:  unable to open \"%s\" for reading (%ld, %ld).\n",
+                       progName, certutil.options[opt_InputFile].arg,
+                       PR_GetError(), PR_GetOSError());
+            return 255;
+        }
+        /* read and execute command-lines in a loop */
+        while (SECSuccess == rv) {
+            PRBool invalid = PR_FALSE;
+            int newargc = 2;
+            char *space = NULL;
+            char *nextarg = NULL;
+            char **newargv = NULL;
+            char *crlf;
+
+            if (cmd_len + increment > buf_size) {
+                char *new_buf;
+                buf_size += increment;
+                new_buf = PORT_Realloc(nextcommand, buf_size);
+                if (!new_buf) {
+                    PR_fprintf(PR_STDERR, "%s: PORT_Realloc(%ld) failed\n",
+                               progName, buf_size);
+                    break;
+                }
+                nextcommand = new_buf;
+                nextcommand[cmd_len] = '\0';
+            }
+            if (!fgets(nextcommand + cmd_len, buf_size - cmd_len, batchFile)) {
+                break;
+            }
+            crlf = PORT_Strrchr(nextcommand, '\n');
+            if (crlf) {
+                *crlf = '\0';
+            }
+            cmd_len = strlen(nextcommand);
+            if (cmd_len && nextcommand[cmd_len - 1] == '\\') {
+                nextcommand[--cmd_len] = '\0';
+                continue;
+            }
+
+            /* we now need to split the command into argc / argv format */
+
+            newargv = PORT_Alloc(sizeof(char *) * (newargc + 1));
+            newargv[0] = progName;
+            newargv[1] = nextcommand;
+            nextarg = nextcommand;
+            while ((space = PORT_Strpbrk(nextarg, " \f\n\r\t\v"))) {
+                while (isspace(*space)) {
+                    *space = '\0';
+                    space++;
+                }
+                if (*space == '\0') {
+                    break;
+                } else if (*space != '\"') {
+                    nextarg = space;
+                } else {
+                    char *closingquote = strchr(space + 1, '\"');
+                    if (closingquote) {
+                        *closingquote = '\0';
+                        space++;
+                        nextarg = closingquote + 1;
+                    } else {
+                        invalid = PR_TRUE;
+                        nextarg = space;
+                    }
+                }
+                newargc++;
+                newargv = PORT_Realloc(newargv, sizeof(char *) * (newargc + 1));
+                newargv[newargc - 1] = space;
+            }
+            newargv[newargc] = NULL;
+
+            /* invoke next command */
+            if (PR_TRUE == invalid) {
+                PR_fprintf(PR_STDERR, "Missing closing quote in batch command :\n%s\nNot executed.\n",
+                           nextcommand);
+                rv = SECFailure;
+            } else {
+                if (0 != certutil_main(newargc, newargv, PR_FALSE))
+                    rv = SECFailure;
+            }
+            PORT_Free(newargv);
+            cmd_len = 0;
+            nextcommand[0] = '\0';
+        }
+        PORT_Free(nextcommand);
+        fclose(batchFile);
+    }
+
+    if ((initialized == PR_TRUE) && NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+    if (rv == SECSuccess) {
+        return 0;
+    } else {
+        return 255;
+    }
+}
+
+int
+main(int argc, char **argv)
+{
+    int rv = certutil_main(argc, argv, PR_TRUE);
+    PL_ArenaFinish();
+    PR_Cleanup();
+    return rv;
+}
diff --git a/nss/cmd/certutil/certutil.gyp b/nss/cmd/certutil/certutil.gyp
new file mode 100644
index 0000000..d8f1b5d
--- /dev/null
+++ b/nss/cmd/certutil/certutil.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'certutil',
+      'type': 'executable',
+      'sources': [
+        'certext.c',
+        'certutil.c',
+        'keystuff.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/certutil/certutil.h b/nss/cmd/certutil/certutil.h
new file mode 100644
index 0000000..5655872
--- /dev/null
+++ b/nss/cmd/certutil/certutil.h
@@ -0,0 +1,57 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CERTUTIL_H
+#define _CERTUTIL_H
+
+extern SECKEYPrivateKey *
+CERTUTIL_GeneratePrivateKey(KeyType keytype,
+                            PK11SlotInfo *slot,
+                            int rsasize,
+                            int publicExponent,
+                            char *noise,
+                            SECKEYPublicKey **pubkeyp,
+                            char *pqgFile,
+                            PK11AttrFlags attrFlags,
+                            CK_FLAGS opFlagsOn,
+                            CK_FLAGS opFlagsOff,
+                            secuPWData *pwdata);
+
+extern char *progName;
+
+enum certutilExtns {
+    ext_keyUsage = 0,
+    ext_basicConstraint,
+    ext_authorityKeyID,
+    ext_CRLDistPts,
+    ext_NSCertType,
+    ext_extKeyUsage,
+    ext_authInfoAcc,
+    ext_subjInfoAcc,
+    ext_certPolicies,
+    ext_policyMappings,
+    ext_policyConstr,
+    ext_inhibitAnyPolicy,
+    ext_subjectKeyID,
+    ext_nameConstraints,
+    ext_subjectAltName,
+    ext_End
+};
+
+typedef struct ExtensionEntryStr {
+    PRBool activated;
+    const char *arg;
+} ExtensionEntry;
+
+typedef ExtensionEntry certutilExtnList[ext_End];
+
+extern SECStatus
+AddExtensions(void *extHandle, const char *emailAddrs, const char *dnsNames,
+              certutilExtnList extList, const char *extGeneric);
+
+extern SECStatus
+GetOidFromString(PLArenaPool *arena, SECItem *to,
+                 const char *from, size_t fromLen);
+
+#endif /* _CERTUTIL_H */
diff --git a/nss/cmd/certutil/keystuff.c b/nss/cmd/certutil/keystuff.c
new file mode 100644
index 0000000..1569313
--- /dev/null
+++ b/nss/cmd/certutil/keystuff.c
@@ -0,0 +1,609 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+#include "secutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#include <sys/time.h>
+#include <termios.h>
+#endif
+
+#if defined(XP_WIN) || defined(XP_PC)
+#include <time.h>
+#include <conio.h>
+#endif
+
+#if defined(__sun) && !defined(SVR4)
+extern int fclose(FILE *);
+extern int fprintf(FILE *, char *, ...);
+extern int isatty(int);
+extern char *sys_errlist[];
+#define strerror(errno) sys_errlist[errno]
+#endif
+
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+
+#include "pk11func.h"
+
+#define NUM_KEYSTROKES 120
+#define RAND_BUF_SIZE 60
+
+#define ERROR_BREAK  \
+    rv = SECFailure; \
+    break;
+
+const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
+    { 0 }
+};
+
+/* returns 0 for success, -1 for failure (EOF encountered) */
+static int
+UpdateRNG(void)
+{
+    char randbuf[RAND_BUF_SIZE];
+    int fd;
+    int c;
+    int rv = 0;
+    size_t count;
+#ifdef XP_UNIX
+    cc_t orig_cc_min;
+    cc_t orig_cc_time;
+    tcflag_t orig_lflag;
+    struct termios tio;
+#endif
+    char meter[] = {
+        "\r|                                                            |"
+    };
+
+#define FPS fprintf(stderr,
+    FPS "\n");
+    FPS "A random seed must be generated that will be used in the\n");
+    FPS "creation of your key.  One of the easiest ways to create a\n");
+    FPS "random seed is to use the timing of keystrokes on a keyboard.\n");
+    FPS "\n");
+    FPS "To begin, type keys on the keyboard until this progress meter\n");
+    FPS "is full.  DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n");
+    FPS "\n");
+    FPS "\n");
+    FPS "Continue typing until the progress meter is full:\n\n");
+    FPS "%s", meter);
+    FPS "\r|");
+
+    /* turn off echo on stdin & return on 1 char instead of NL */
+    fd = fileno(stdin);
+
+#if defined(XP_UNIX)
+    tcgetattr(fd, &tio);
+    orig_lflag = tio.c_lflag;
+    orig_cc_min = tio.c_cc[VMIN];
+    orig_cc_time = tio.c_cc[VTIME];
+    tio.c_lflag &= ~ECHO;
+    tio.c_lflag &= ~ICANON;
+    tio.c_cc[VMIN] = 1;
+    tio.c_cc[VTIME] = 0;
+    tcsetattr(fd, TCSAFLUSH, &tio);
+#endif
+
+    /* Get random noise from keyboard strokes */
+    count = 0;
+    while (count < sizeof randbuf) {
+#if defined(XP_UNIX)
+        c = getc(stdin);
+#else
+        c = getch();
+#endif
+        if (c == EOF) {
+            rv = -1;
+            break;
+        }
+        randbuf[count] = c;
+        if (count == 0 || c != randbuf[count - 1]) {
+            count++;
+            FPS "*");
+        }
+    }
+    PK11_RandomUpdate(randbuf, sizeof randbuf);
+    memset(randbuf, 0, sizeof randbuf);
+
+    FPS "\n\n");
+    FPS "Finished.  Press enter to continue: ");
+    while ((c = getc(stdin)) != '\n' && c != EOF)
+        ;
+    if (c == EOF)
+        rv = -1;
+    FPS "\n");
+
+#undef FPS
+
+#if defined(XP_UNIX)
+    /* set back termio the way it was */
+    tio.c_lflag = orig_lflag;
+    tio.c_cc[VMIN] = orig_cc_min;
+    tio.c_cc[VTIME] = orig_cc_time;
+    tcsetattr(fd, TCSAFLUSH, &tio);
+#endif
+    return rv;
+}
+
+static const unsigned char P[] = { 0,
+                                   0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65,
+                                   0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd,
+                                   0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66,
+                                   0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08,
+                                   0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b,
+                                   0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b,
+                                   0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6,
+                                   0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83,
+                                   0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13,
+                                   0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9,
+                                   0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5,
+                                   0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8,
+                                   0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe,
+                                   0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63,
+                                   0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c,
+                                   0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef,
+                                   0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e,
+                                   0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3,
+                                   0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47,
+                                   0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f,
+                                   0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb,
+                                   0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97,
+                                   0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d,
+                                   0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81,
+                                   0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20,
+                                   0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c,
+                                   0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93,
+                                   0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9,
+                                   0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60,
+                                   0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32,
+                                   0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42,
+                                   0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 };
+static const unsigned char Q[] = { 0,
+                                   0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3,
+                                   0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03,
+                                   0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d,
+                                   0x3a, 0x95, 0xf4, 0xf1 };
+static const unsigned char G[] = {
+    0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62,
+    0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79,
+    0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7,
+    0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc,
+    0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1,
+    0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e,
+    0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54,
+    0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6,
+    0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a,
+    0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8,
+    0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f,
+    0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93,
+    0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83,
+    0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae,
+    0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3,
+    0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb,
+    0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e,
+    0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4,
+    0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58,
+    0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac,
+    0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e,
+    0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1,
+    0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d,
+    0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c,
+    0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a,
+    0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03,
+    0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5,
+    0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac,
+    0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d,
+    0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa,
+    0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd,
+    0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4
+};
+
+/* P, Q, G have been generated using the NSS makepqg utility:
+ *         makepqg -l 2048 -g 224 -r
+ * (see also: bug 1170322)
+ *
+ *   h: 1 (0x1)
+ *   SEED:
+ *       d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:
+ *       0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63:
+ *       1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:
+ *       e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36:
+ *       b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c:
+ *       7c:9e:aa:3e
+ *   g:       672
+ *   counter: 0
+ */
+
+static const SECKEYPQGParams default_pqg_params = {
+    NULL,
+    { 0, (unsigned char *)P, sizeof(P) },
+    { 0, (unsigned char *)Q, sizeof(Q) },
+    { 0, (unsigned char *)G, sizeof(G) }
+};
+
+static SECKEYPQGParams *
+decode_pqg_params(const char *str)
+{
+    char *buf;
+    unsigned int len;
+    PLArenaPool *arena;
+    SECKEYPQGParams *params;
+    SECStatus status;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+
+    params = PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
+    if (params == NULL)
+        goto loser;
+    params->arena = arena;
+
+    buf = (char *)ATOB_AsciiToData(str, &len);
+    if ((buf == NULL) || (len == 0))
+        goto loser;
+
+    status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len);
+    if (status != SECSuccess)
+        goto loser;
+
+    return params;
+
+loser:
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+void
+CERTUTIL_DestroyParamsPQG(SECKEYPQGParams *params)
+{
+    if (params->arena) {
+        PORT_FreeArena(params->arena, PR_FALSE);
+    }
+}
+
+static int
+pqg_prime_bits(const SECKEYPQGParams *params)
+{
+    int primeBits = 0;
+
+    if (params != NULL) {
+        int i;
+        for (i = 0; params->prime.data[i] == 0; i++) {
+            /* empty */;
+        }
+        primeBits = (params->prime.len - i) * 8;
+    }
+
+    return primeBits;
+}
+
+static char *
+getPQGString(const char *filename)
+{
+    unsigned char *buf = NULL;
+    PRFileDesc *src;
+    PRInt32 numBytes;
+    PRStatus prStatus;
+    PRFileInfo info;
+
+    src = PR_Open(filename, PR_RDONLY, 0);
+    if (!src) {
+        fprintf(stderr, "Failed to open PQG file %s\n", filename);
+        return NULL;
+    }
+
+    prStatus = PR_GetOpenFileInfo(src, &info);
+
+    if (prStatus == PR_SUCCESS) {
+        buf = (unsigned char *)PORT_Alloc(info.size + 1);
+    }
+    if (!buf) {
+        PR_Close(src);
+        fprintf(stderr, "Failed to read PQG file %s\n", filename);
+        return NULL;
+    }
+
+    numBytes = PR_Read(src, buf, info.size);
+    PR_Close(src);
+    if (numBytes != info.size) {
+        PORT_Free(buf);
+        fprintf(stderr, "Failed to read PQG file %s\n", filename);
+        PORT_SetError(SEC_ERROR_IO);
+        return NULL;
+    }
+
+    if (buf[numBytes - 1] == '\n')
+        numBytes--;
+    if (buf[numBytes - 1] == '\r')
+        numBytes--;
+    buf[numBytes] = 0;
+
+    return (char *)buf;
+}
+
+static SECKEYPQGParams *
+getpqgfromfile(int keyBits, const char *pqgFile)
+{
+    char *end, *str, *pqgString;
+    SECKEYPQGParams *params = NULL;
+
+    str = pqgString = getPQGString(pqgFile);
+    if (!str)
+        return NULL;
+
+    do {
+        end = PORT_Strchr(str, ',');
+        if (end)
+            *end = '\0';
+        params = decode_pqg_params(str);
+        if (params) {
+            int primeBits = pqg_prime_bits(params);
+            if (keyBits == primeBits)
+                break;
+            CERTUTIL_DestroyParamsPQG(params);
+            params = NULL;
+        }
+        if (end)
+            str = end + 1;
+    } while (end);
+
+    PORT_Free(pqgString);
+    return params;
+}
+
+static SECStatus
+CERTUTIL_FileForRNG(const char *noise)
+{
+    char buf[2048];
+    PRFileDesc *fd;
+    PRInt32 count;
+
+    fd = PR_Open(noise, PR_RDONLY, 0);
+    if (!fd) {
+        fprintf(stderr, "failed to open noise file.");
+        return SECFailure;
+    }
+
+    do {
+        count = PR_Read(fd, buf, sizeof(buf));
+        if (count > 0) {
+            PK11_RandomUpdate(buf, count);
+        }
+    } while (count > 0);
+
+    PR_Close(fd);
+    return SECSuccess;
+}
+
+#ifndef NSS_DISABLE_ECC
+typedef struct curveNameTagPairStr {
+    char *curveName;
+    SECOidTag curveOidTag;
+} CurveNameTagPair;
+
+static CurveNameTagPair nameTagPair[] =
+    {
+      { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
+      { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
+      { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
+      { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
+      { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
+      { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
+      { "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
+      { "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
+      { "nistk233", SEC_OID_SECG_EC_SECT233K1 },
+      { "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
+      { "nistb233", SEC_OID_SECG_EC_SECT233R1 },
+      { "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
+      { "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
+      { "nistk283", SEC_OID_SECG_EC_SECT283K1 },
+      { "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
+      { "nistb283", SEC_OID_SECG_EC_SECT283R1 },
+      { "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
+      { "nistk409", SEC_OID_SECG_EC_SECT409K1 },
+      { "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
+      { "nistb409", SEC_OID_SECG_EC_SECT409R1 },
+      { "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
+      { "nistk571", SEC_OID_SECG_EC_SECT571K1 },
+      { "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
+      { "nistb571", SEC_OID_SECG_EC_SECT571R1 },
+      { "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
+      { "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
+      { "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
+      { "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
+      { "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
+      { "nistp192", SEC_OID_SECG_EC_SECP192R1 },
+      { "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
+      { "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
+      { "nistp224", SEC_OID_SECG_EC_SECP224R1 },
+      { "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
+      { "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
+      { "nistp256", SEC_OID_SECG_EC_SECP256R1 },
+      { "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
+      { "nistp384", SEC_OID_SECG_EC_SECP384R1 },
+      { "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
+      { "nistp521", SEC_OID_SECG_EC_SECP521R1 },
+
+      { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+      { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+      { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+      { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+      { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+      { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+
+      { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+      { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+      { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+      { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+      { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+      { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+      { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+      { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+      { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+      { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+      { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+      { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+      { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+      { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+      { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+      { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+      { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+      { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+      { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+      { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+      { "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
+      { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
+      { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
+      { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
+
+      { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
+      { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
+      { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
+      { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+      { "curve25519", SEC_OID_CURVE25519 },
+    };
+
+static SECKEYECParams *
+getECParams(const char *curve)
+{
+    SECKEYECParams *ecparams;
+    SECOidData *oidData = NULL;
+    SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
+    int i, numCurves;
+
+    if (curve != NULL) {
+        numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
+        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
+             i++) {
+            if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+                curveOidTag = nameTagPair[i].curveOidTag;
+        }
+    }
+
+    /* Return NULL if curve name is not recognized */
+    if ((curveOidTag == SEC_OID_UNKNOWN) ||
+        (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
+        fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
+        return NULL;
+    }
+
+    ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
+
+    /* 
+     * ecparams->data needs to contain the ASN encoding of an object ID (OID)
+     * representing the named curve. The actual OID is in 
+     * oidData->oid.data so we simply prepend 0x06 and OID length
+     */
+    ecparams->data[0] = SEC_ASN1_OBJECT_ID;
+    ecparams->data[1] = oidData->oid.len;
+    memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
+
+    return ecparams;
+}
+#endif /* NSS_DISABLE_ECC */
+
+SECKEYPrivateKey *
+CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size,
+                            int publicExponent, const char *noise,
+                            SECKEYPublicKey **pubkeyp, const char *pqgFile,
+                            PK11AttrFlags attrFlags, CK_FLAGS opFlagsOn,
+                            CK_FLAGS opFlagsOff, secuPWData *pwdata)
+{
+    CK_MECHANISM_TYPE mechanism;
+    PK11RSAGenParams rsaparams;
+    SECKEYPQGParams *dsaparams = NULL;
+    void *params;
+    SECKEYPrivateKey *privKey = NULL;
+
+    if (slot == NULL)
+        return NULL;
+
+    if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess)
+        return NULL;
+
+    /*
+     * Do some random-number initialization.
+     */
+
+    if (noise) {
+        SECStatus rv = CERTUTIL_FileForRNG(noise);
+        if (rv != SECSuccess) {
+            PORT_SetError(PR_END_OF_FILE_ERROR); /* XXX */
+            return NULL;
+        }
+    } else {
+        int rv = UpdateRNG();
+        if (rv) {
+            PORT_SetError(PR_END_OF_FILE_ERROR);
+            return NULL;
+        }
+    }
+
+    switch (keytype) {
+        case rsaKey:
+            rsaparams.keySizeInBits = size;
+            rsaparams.pe = publicExponent;
+            mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+            params = &rsaparams;
+            break;
+        case dsaKey:
+            mechanism = CKM_DSA_KEY_PAIR_GEN;
+            if (pqgFile) {
+                dsaparams = getpqgfromfile(size, pqgFile);
+                if (dsaparams == NULL)
+                    return NULL;
+                params = dsaparams;
+            } else {
+                /* cast away const, and don't set dsaparams */
+                params = (void *)&default_pqg_params;
+            }
+            break;
+#ifndef NSS_DISABLE_ECC
+        case ecKey:
+            mechanism = CKM_EC_KEY_PAIR_GEN;
+            /* For EC keys, PQGFile determines EC parameters */
+            if ((params = (void *)getECParams(pqgFile)) == NULL)
+                return NULL;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            return NULL;
+    }
+
+    fprintf(stderr, "\n\n");
+    fprintf(stderr, "Generating key.  This may take a few moments...\n\n");
+
+    privKey = PK11_GenerateKeyPairWithOpFlags(slot, mechanism, params, pubkeyp,
+                                              attrFlags, opFlagsOn, opFlagsOn |
+                                                                        opFlagsOff,
+                                              pwdata /*wincx*/);
+    /* free up the params */
+    switch (keytype) {
+        case dsaKey:
+            if (dsaparams)
+                CERTUTIL_DestroyParamsPQG(dsaparams);
+            break;
+#ifndef NSS_DISABLE_ECC
+        case ecKey:
+            SECITEM_FreeItem((SECItem *)params, PR_TRUE);
+            break;
+#endif
+        default: /* nothing to free */
+            break;
+    }
+    return privKey;
+}
diff --git a/nss/cmd/certutil/manifest.mn b/nss/cmd/certutil/manifest.mn
new file mode 100644
index 0000000..c0bce4c
--- /dev/null
+++ b/nss/cmd/certutil/manifest.mn
@@ -0,0 +1,25 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = \
+	certext.c \
+	certutil.c \
+	keystuff.c \
+	$(NULL)
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = dbm seccmd
+
+PROGRAM = certutil
+
+#USE_STATIC_LIBS = 1
diff --git a/nss/cmd/chktest/Makefile b/nss/cmd/chktest/Makefile
new file mode 100644
index 0000000..3ffa387
--- /dev/null
+++ b/nss/cmd/chktest/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/chktest/chktest.c b/nss/cmd/chktest/chktest.c
new file mode 100644
index 0000000..a33d184
--- /dev/null
+++ b/nss/cmd/chktest/chktest.c
@@ -0,0 +1,45 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "blapi.h"
+#include "secutil.h"
+
+static int
+Usage()
+{
+    fprintf(stderr, "Usage:  chktest <full-path-to-shared-library>\n");
+    fprintf(stderr, "        Will test for valid chk file.\n");
+    fprintf(stderr, "        Will print SUCCESS or FAILURE.\n");
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    SECStatus rv = SECFailure;
+    PRBool good_result = PR_FALSE;
+
+    if (argc != 2)
+        return Usage();
+
+    rv = RNG_RNGInit();
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError("");
+        return -1;
+    }
+    rv = BL_Init();
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError("");
+        return -1;
+    }
+    RNG_SystemInfoForRNG();
+
+    good_result = BLAPI_SHVerifyFile(argv[1]);
+    printf("%s\n",
+           (good_result ? "SUCCESS" : "FAILURE"));
+    return (good_result) ? SECSuccess : SECFailure;
+}
diff --git a/nss/cmd/chktest/chktest.gyp b/nss/cmd/chktest/chktest.gyp
new file mode 100644
index 0000000..15abbcc
--- /dev/null
+++ b/nss/cmd/chktest/chktest.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'chktest',
+      'type': 'executable',
+      'sources': [
+        'chktest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/chktest/manifest.mn b/nss/cmd/chktest/manifest.mn
new file mode 100644
index 0000000..50b1ca1
--- /dev/null
+++ b/nss/cmd/chktest/manifest.mn
@@ -0,0 +1,27 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+#REQUIRES = seccmd dbm softoken
+REQUIRES = seccmd dbm
+
+#INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
+
+PROGRAM = chktest
+
+ USE_STATIC_LIBS = 1
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	chktest.c \
+	$(NULL)
+
diff --git a/nss/cmd/clientProof/.gitignore b/nss/cmd/clientProof/.gitignore
new file mode 100644
index 0000000..f1d55a6
--- /dev/null
+++ b/nss/cmd/clientProof/.gitignore
@@ -0,0 +1,2 @@
+.cproject
+
diff --git a/nss/cmd/clientProof/.project b/nss/cmd/clientProof/.project
new file mode 100644
index 0000000..f3ab255
--- /dev/null
+++ b/nss/cmd/clientProof/.project
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>clientProof</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.core.ccnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+	</natures>
+</projectDescription>
diff --git a/nss/cmd/clientProof/Makefile b/nss/cmd/clientProof/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/clientProof/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/clientProof/client_db b/nss/cmd/clientProof/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/clientProof/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/clientProof/main.c b/nss/cmd/clientProof/main.c
new file mode 100644
index 0000000..ba7eedb
--- /dev/null
+++ b/nss/cmd/clientProof/main.c
@@ -0,0 +1,315 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "tlsproofstr.h"
+#include <pk11func.h>
+
+#define SHA_256_LENGTH 32
+
+/*Global variables*/
+unsigned char merkleRoot[SHA_256_LENGTH]; //Merkle root
+FILE *messagesFile = NULL; // File to print the messages received and sent
+
+/*Error handler*/
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+	exit(1);
+}
+
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+	printf("Pass retrieved \n");
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+/*Add a message to the Merkle tree
+ * message is the input message and len the length
+ * This function print the input and output of the hash functions. */
+void saveMessage(char* message, unsigned int len)
+{
+	SECStatus rv;
+	PK11Context *ctx = NULL;
+	unsigned char *hashMessage = NULL;
+	unsigned int outLen =0;
+	hashMessage = malloc(32*sizeof(char));
+
+	printf("\nInput =>[");
+	for(int i = 0; i < len; i++) printf("%02x", message[i]);
+	printf("] = '");
+	for(int i = 0; i < len; i++) if(message[i]!= 0x0a) printf("%c", message[i]);
+	printf("'\n");
+
+	//Hash the input message
+	ctx = PK11_CreateDigestContext(SEC_OID_SHA256);
+	if (!ctx) error("PK11_CreateDigestContext");
+	rv = PK11_DigestBegin(ctx);
+	if(rv != SECSuccess) error("PK11_DigestBegin");
+	rv = PK11_DigestOp(ctx,(unsigned char*)message,len);
+	if(rv != SECSuccess) error("PK11_DigestOp");
+    rv = PK11_DigestFinal(ctx,hashMessage,&outLen,SHA_256_LENGTH);
+
+    printf("Message Hash=>[");
+    for(int i = 0; i < outLen; i++) printf("%02x", hashMessage[i]);
+        		printf("]\n");
+
+ 	printf("Input =>[");
+    for(int i = 0; i < SHA_256_LENGTH; i++) printf("%02x", merkleRoot[i]);
+    for(int i = 0; i < SHA_256_LENGTH; i++) printf("%02x", hashMessage[i]);
+    printf("]\n");
+
+    //Hash the actual Merkle root with the previous computed hash
+    ctx = PK11_CreateDigestContext(SEC_OID_SHA256);
+    if (!ctx) error("PK11_CreateDigestContext");
+    rv = PK11_DigestBegin(ctx);
+    if(rv != SECSuccess) error("PK11_DigestBegin");
+    rv = PK11_DigestOp(ctx,merkleRoot,SHA_256_LENGTH);
+    if(rv != SECSuccess) error("PK11_DigestOp");
+    rv = PK11_DigestOp(ctx,hashMessage,SHA_256_LENGTH);
+    if(rv != SECSuccess) error("PK11_DigestOp");
+    rv = PK11_DigestFinal(ctx,hashMessage,&outLen,SHA_256_LENGTH);
+
+    printf("New Root=>[");
+        for(int i = 0; i < outLen; i++) printf("%02x", hashMessage[i]);
+            		printf("]\n\n");
+
+    //Update the Merkle root with the new hash
+    memcpy(merkleRoot,hashMessage,SHA_256_LENGTH);
+
+	return;
+}
+
+
+SECStatus fetchTLSProofCallBack(unsigned char *proof, unsigned int length){
+	printf("Got proof of size: %i\n", length);
+	if(SSL_TLSProofCheckProof(proof, length) == SECSuccess){
+		printf("Proof successfully verified!\n");
+	} else {
+		printf("Proof is incorrect\n");
+	}		
+	PORT_Free(proof);
+	exit(0);
+	return SECSuccess;
+}
+
+
+
+
+/*This is set when configuring TLS proof
+ * It will be called by NSS when it receive a signature from the server. */
+SECStatus myTLSPRoofCallBack(PRFileDesc *fd, unsigned char *signature, unsigned int length)
+{
+	SECItem sigItem;
+	sigItem.len = length;
+	sigItem.data = signature;
+	CERTCertificate *cert = NULL;
+	cert = PK11_FindCertFromNickname("tls-n.testserver",NULL); assert(cert);
+	SECKEYPublicKey *pubKey = NULL;
+	pubKey = CERT_ExtractPublicKey(cert); assert(pubKey);
+	SECStatus rv;
+	FILE *sigFile = fopen("sig.txt", "w");
+
+	printf("Proof received ! Contain the following signature :\n");
+
+	printf("[");
+	for(int i = 0; i < length; i++) printf("%02x", signature[i]);
+	printf("]\n");
+
+	//Save the signature in a file
+	for(int i = 0; i < length; i++) fprintf(sigFile,"%x", signature[i]);
+	fclose(sigFile);
+
+	//Read the message file
+	printf("\nPress enter to verify the signature ...");
+	while(getchar()!= '\n');
+	printf("Generate Merkle root from file...\n");
+	unsigned char c = 0x00;
+	int l = 0;
+	char buffer[256];
+	FILE *mess;
+	mess = fopen("messages.txt", "r");
+
+	if(!mess) return SECFailure;
+
+	while(c != 0xff){
+		c = getc(mess);
+		buffer[l] = c;
+		l++;
+
+		if(l >= 256) return SECFailure;
+
+		if(c == 0x0a){
+			//Add message to hash chain
+			saveMessage(buffer,l);
+			l = 0;
+		}
+	}
+
+	//Verify signature over the Merkle root
+	SECItem data;
+	data.type = siBuffer;
+	data.data = merkleRoot;
+	data.len = SHA_256_LENGTH;
+
+	rv = PK11_Verify(pubKey, &sigItem, &data, NULL);
+
+	printf("Verification of the signature: =>[%i] (0 = valid -1 = invalid)\n",(int)rv);
+
+
+
+	return SECSuccess;
+}
+
+int main(int argc, char *argv[])
+{
+	PRFileDesc* socketfd = NULL;
+	PRHostEnt host;
+	PRNetAddr addr;
+	SECStatus rv;
+	PRStatus pr;
+	char buffer[1024];
+	char buffParam[256];
+	int n;
+	PRSocketOptionData  socketOption;
+	SSLVersionRange ver;
+
+	//Initialize the original Merkle root (root of the Merkle root) to "000..."
+	for(int i=0;i < SHA_256_LENGTH;i++) merkleRoot[i] = 0;
+
+	messagesFile = fopen("messages.txt", "w");
+
+	// 3 arguments are necessary for the client
+	if(argc < 3){
+		error("Specify host and port");
+	}
+
+	//Set the password callback
+	PK11_SetPasswordFunc(getPwd);
+
+	//Init
+	rv = NSS_Init("../client_db");
+	if(rv != SECSuccess) error("NSS_Init");
+
+	//Open
+	socketfd = PR_OpenTCPSocket(PR_AF_INET);
+	if (socketfd == NULL) error("PR_OpenTCPSocket");
+
+
+	//Set socket option
+	socketOption.option = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+	pr = PR_SetSocketOption(socketfd, &socketOption);
+	if (pr != PR_SUCCESS) error("PR_SetSocketOption");
+
+	//Import
+	socketfd = SSL_ImportFD(NULL, socketfd);
+	if (socketfd == NULL) error("SSL_ImportFD");
+
+	//Set server mode
+	rv = SSL_OptionSet(socketfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_HANDSHAKE_AS_CLIENT ");
+
+	//Force TLS 1.3
+    ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+    ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+    rv = SSL_VersionRangeSet(socketfd,&ver);
+    if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(socketfd, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Set the proof return callback
+	rv = SSL_TLSProofSetReturnCallBack(socketfd, fetchTLSProofCallBack, hidden_plaintext_proof);
+	if(rv != SECSuccess) error("SSL_TLSProofSetReturnCallBack");
+
+	//Set url for authentication
+	rv = SSL_SetURL(socketfd, "tls-n.testserver");
+	if(rv != SECSuccess) error("SSL_SetURL");
+
+	//Get host
+	pr = PR_GetHostByName(argv[1],buffParam,256,&host);
+	if (pr != PR_SUCCESS) error("PR_GetHostByName");
+	rv = PR_EnumerateHostEnt(0, &host, atoi(argv[2]), &addr);
+	if(rv < 0) error("PR_EnumerateHostEnt");
+
+	//Connect
+	pr = PR_Connect(socketfd, &addr, PR_INTERVAL_NO_TIMEOUT);
+	if(pr != PR_SUCCESS) error("PR_Connect");
+
+	PRBool val = PR_FALSE;
+
+	/*Our client will ask 3 times for some user input before terminating the exchange*/
+	for(int i=0 ; i < 3 ; i++)
+	{
+		printf("\nPlease enter the message: \n");
+		fgets(buffer,sizeof(buffer)-1,stdin);
+		/*Send the previously typed message
+		 * Note that when doing the first Write NSS will triger the Handshake
+		 * n is the number of packet sent*/
+		n = PR_Write(socketfd,buffer,strlen(buffer));
+		if (n < 0)
+			error("ERROR writing to socket");
+
+		//Update the merkle root and save the sent message
+		//saveMessage(buffer,n);
+		for(int i = 0; i < n; i++) fprintf(messagesFile,"%c", buffer[i]);
+
+
+		//See if the negotiation of TLS proof was successful
+		rv = SSL_TLSProofIsNegociated(socketfd,&val);
+		if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+
+		//Get the TLS version used
+		rv = SSL_VersionRangeGet(socketfd,&ver);
+		if(rv != SECSuccess) error("SSL_VersionRangeGet");
+
+		/* Print the TLS version negotiated, for TLS 1.3 it should show [304:304] and if TLS proof was
+		 * successfully negotiated */
+		printf("\nNew message ! Protocol[%x:%x], TLS Proof enable[%i] :\n",ver.min,ver.max,(int)val);
+
+		//Read an incoming message
+		bzero(buffer,sizeof(buffer));
+		n = PR_Read(socketfd,buffer,sizeof(buffer));
+		if (n < 0)
+			error("ERROR reading from socket");
+		printf("%s",buffer);
+
+		//Update the merkle root and save the received message
+		//saveMessage(buffer,n);
+		for(int i = 0; i < n; i++) fprintf(messagesFile,"%c", buffer[i]);
+	}
+
+	//Request the proof, NSS will call the associated callback when the proof arrive
+	rv = SSL_TLSProofRequestProof(socketfd);
+	if(rv != SECSuccess) error("SSL_TLSProofRequestProof");
+
+	fclose(messagesFile);
+
+	//This is necessary to get the signature but will never return
+	PR_Read(socketfd,buffer,255);
+
+	PR_Close(socketfd);
+
+
+	printf("\nEND\n");
+	return 0;
+}
+
diff --git a/nss/cmd/clientProof/manifest.mn b/nss/cmd/clientProof/manifest.mn
new file mode 100644
index 0000000..6c25b1e
--- /dev/null
+++ b/nss/cmd/clientProof/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= clientProof
+
diff --git a/nss/cmd/crlutil/Makefile b/nss/cmd/crlutil/Makefile
new file mode 100644
index 0000000..a61ae1c
--- /dev/null
+++ b/nss/cmd/crlutil/Makefile
@@ -0,0 +1,53 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+#
+# crlgen_lex can be generated on linux by flex or solaris by lex
+#
+crlgen_lex:
+	${LEX} -t crlgen_lex_orig.l > crlgen_lex_fix.c
+	sed -f crlgen_lex_fix.sed < crlgen_lex_fix.c > crlgen_lex.c
+	rm -f crlgen_lex_fix.c
+
+include ../platrules.mk
diff --git a/nss/cmd/crlutil/crlgen.c b/nss/cmd/crlutil/crlgen.c
new file mode 100644
index 0000000..1f9dc4b
--- /dev/null
+++ b/nss/cmd/crlutil/crlgen.c
@@ -0,0 +1,1542 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** crlgen.c
+**
+** utility for managing certificates revocation lists generation
+**
+*/
+
+#include <stdio.h>
+#include <math.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "nss.h"
+#include "secutil.h"
+#include "cert.h"
+#include "certi.h"
+#include "certdb.h"
+#include "pk11func.h"
+#include "crlgen.h"
+
+/* Destroys extHandle and data. data was create on heap.
+ * extHandle creaded by CERT_StartCRLEntryExtensions. entry
+ * was allocated on arena.*/
+static void
+destroyEntryData(CRLGENEntryData *data)
+{
+    if (!data)
+        return;
+    PORT_Assert(data->entry);
+    if (data->extHandle)
+        CERT_FinishExtensions(data->extHandle);
+    PORT_Free(data);
+}
+
+/* Prints error messages along with line number */
+void
+crlgen_PrintError(int line, char *msg, ...)
+{
+    va_list args;
+
+    va_start(args, msg);
+
+    fprintf(stderr, "crlgen: (line: %d) ", line);
+    vfprintf(stderr, msg, args);
+
+    va_end(args);
+}
+/* Finds CRLGENEntryData in hashtable according PRUint64 value
+ * - certId : cert serial number*/
+static CRLGENEntryData *
+crlgen_FindEntry(CRLGENGeneratorData *crlGenData, SECItem *certId)
+{
+    if (!crlGenData->entryDataHashTable || !certId)
+        return NULL;
+    return (CRLGENEntryData *)
+        PL_HashTableLookup(crlGenData->entryDataHashTable,
+                           certId);
+}
+
+/* Removes CRLGENEntryData from hashtable according to certId
+ * - certId : cert serial number*/
+static SECStatus
+crlgen_RmEntry(CRLGENGeneratorData *crlGenData, SECItem *certId)
+{
+    CRLGENEntryData *data = NULL;
+    SECStatus rv = SECSuccess;
+
+    if (!crlGenData->entryDataHashTable) {
+        return SECSuccess;
+    }
+
+    data = crlgen_FindEntry(crlGenData, certId);
+    if (!data) {
+        return SECSuccess;
+    }
+
+    if (!PL_HashTableRemove(crlGenData->entryDataHashTable, certId)) {
+        rv = SECFailure;
+    }
+
+    destroyEntryData(data);
+    return rv;
+}
+
+/* Stores CRLGENEntryData in hashtable according to certId
+ * - certId : cert serial number*/
+static CRLGENEntryData *
+crlgen_PlaceAnEntry(CRLGENGeneratorData *crlGenData,
+                    CERTCrlEntry *entry, SECItem *certId)
+{
+    CRLGENEntryData *newData = NULL;
+
+    PORT_Assert(crlGenData && crlGenData->entryDataHashTable &&
+                entry);
+    if (!crlGenData || !crlGenData->entryDataHashTable || !entry) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    newData = PORT_ZNew(CRLGENEntryData);
+    if (!newData) {
+        return NULL;
+    }
+    newData->entry = entry;
+    newData->certId = certId;
+    if (!PL_HashTableAdd(crlGenData->entryDataHashTable,
+                         newData->certId, newData)) {
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "Can not add entryData structure\n");
+        return NULL;
+    }
+    return newData;
+}
+
+/* Use this structure to keep pointer when commiting entries extensions */
+struct commitData {
+    int pos;
+    CERTCrlEntry **entries;
+};
+
+/* HT PL_HashTableEnumerateEntries callback. Sorts hashtable entries of the
+ * table he. Returns value through arg parameter*/
+static PRIntn PR_CALLBACK
+crlgen_CommitEntryData(PLHashEntry *he, PRIntn i, void *arg)
+{
+    CRLGENEntryData *data = NULL;
+
+    PORT_Assert(he);
+    if (!he) {
+        return HT_ENUMERATE_NEXT;
+    }
+    data = (CRLGENEntryData *)he->value;
+
+    PORT_Assert(data);
+    PORT_Assert(arg);
+
+    if (data) {
+        struct commitData *dt = (struct commitData *)arg;
+        dt->entries[dt->pos++] = data->entry;
+        destroyEntryData(data);
+    }
+    return HT_ENUMERATE_NEXT;
+}
+
+/* Copy char * datainto allocated in arena SECItem */
+static SECStatus
+crlgen_SetString(PLArenaPool *arena, const char *dataIn, SECItem *value)
+{
+    SECItem item;
+
+    PORT_Assert(arena && dataIn);
+    if (!arena || !dataIn) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    item.data = (void *)dataIn;
+    item.len = PORT_Strlen(dataIn);
+
+    return SECITEM_CopyItem(arena, value, &item);
+}
+
+/* Creates CERTGeneralName from parsed data for the Authority Key Extension */
+static CERTGeneralName *
+crlgen_GetGeneralName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
+                      const char *data)
+{
+    CERTGeneralName *namesList = NULL;
+    CERTGeneralName *current;
+    CERTGeneralName *tail = NULL;
+    SECStatus rv = SECSuccess;
+    const char *nextChunk = NULL;
+    const char *currData = NULL;
+    int intValue;
+    char buffer[512];
+    void *mark;
+
+    if (!data)
+        return NULL;
+    PORT_Assert(arena);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(arena);
+
+    nextChunk = data;
+    currData = data;
+    do {
+        int nameLen = 0;
+        char name[128];
+        const char *sepPrt = NULL;
+        nextChunk = PORT_Strchr(currData, '|');
+        if (!nextChunk)
+            nextChunk = data + strlen(data);
+        sepPrt = PORT_Strchr(currData, ':');
+        if (sepPrt == NULL || sepPrt >= nextChunk) {
+            *buffer = '\0';
+            sepPrt = nextChunk;
+        } else {
+            PORT_Memcpy(buffer, sepPrt + 1,
+                        (nextChunk - sepPrt - 1));
+            buffer[nextChunk - sepPrt - 1] = '\0';
+        }
+        nameLen = PR_MIN(sepPrt - currData, sizeof(name) - 1);
+        PORT_Memcpy(name, currData, nameLen);
+        name[nameLen] = '\0';
+        currData = nextChunk + 1;
+
+        if (!PORT_Strcmp(name, "otherName"))
+            intValue = certOtherName;
+        else if (!PORT_Strcmp(name, "rfc822Name"))
+            intValue = certRFC822Name;
+        else if (!PORT_Strcmp(name, "dnsName"))
+            intValue = certDNSName;
+        else if (!PORT_Strcmp(name, "x400Address"))
+            intValue = certX400Address;
+        else if (!PORT_Strcmp(name, "directoryName"))
+            intValue = certDirectoryName;
+        else if (!PORT_Strcmp(name, "ediPartyName"))
+            intValue = certEDIPartyName;
+        else if (!PORT_Strcmp(name, "URI"))
+            intValue = certURI;
+        else if (!PORT_Strcmp(name, "ipAddress"))
+            intValue = certIPAddress;
+        else if (!PORT_Strcmp(name, "registerID"))
+            intValue = certRegisterID;
+        else
+            intValue = -1;
+
+        if (intValue >= certOtherName && intValue <= certRegisterID) {
+            if (namesList == NULL) {
+                namesList = current = tail = PORT_ArenaZNew(arena,
+                                                            CERTGeneralName);
+            } else {
+                current = PORT_ArenaZNew(arena, CERTGeneralName);
+            }
+            if (current == NULL) {
+                rv = SECFailure;
+                break;
+            }
+        } else {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            break;
+        }
+        current->type = intValue;
+        switch (current->type) {
+            case certURI:
+            case certDNSName:
+            case certRFC822Name:
+                current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer));
+                if (current->name.other.data == NULL) {
+                    rv = SECFailure;
+                    break;
+                }
+                PORT_Memcpy(current->name.other.data, buffer,
+                            current->name.other.len = strlen(buffer));
+                break;
+
+            case certEDIPartyName:
+            case certIPAddress:
+            case certOtherName:
+            case certRegisterID:
+            case certX400Address: {
+
+                current->name.other.data = PORT_ArenaAlloc(arena, strlen(buffer) + 2);
+                if (current->name.other.data == NULL) {
+                    rv = SECFailure;
+                    break;
+                }
+
+                PORT_Memcpy(current->name.other.data + 2, buffer, strlen(buffer));
+                /* This may not be accurate for all cases.For now, use this tag type */
+                current->name.other.data[0] = (char)(((current->type - 1) & 0x1f) | 0x80);
+                current->name.other.data[1] = (char)strlen(buffer);
+                current->name.other.len = strlen(buffer) + 2;
+                break;
+            }
+
+            case certDirectoryName: {
+                CERTName *directoryName = NULL;
+
+                directoryName = CERT_AsciiToName(buffer);
+                if (!directoryName) {
+                    rv = SECFailure;
+                    break;
+                }
+
+                rv = CERT_CopyName(arena, &current->name.directoryName, directoryName);
+                CERT_DestroyName(directoryName);
+
+                break;
+            }
+        }
+        if (rv != SECSuccess)
+            break;
+        current->l.next = &(namesList->l);
+        current->l.prev = &(tail->l);
+        tail->l.next = &(current->l);
+        tail = current;
+
+    } while (nextChunk != data + strlen(data));
+
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(arena, mark);
+        namesList = NULL;
+    }
+    return (namesList);
+}
+
+/* Creates CERTGeneralName from parsed data for the Authority Key Extension */
+static CERTGeneralName *
+crlgen_DistinguishedName(PLArenaPool *arena, CRLGENGeneratorData *crlGenData,
+                         const char *data)
+{
+    CERTName *directoryName = NULL;
+    CERTGeneralName *current;
+    SECStatus rv = SECFailure;
+    void *mark;
+
+    if (!data)
+        return NULL;
+    PORT_Assert(arena);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(arena);
+
+    current = PORT_ArenaZNew(arena, CERTGeneralName);
+    if (current == NULL) {
+        goto loser;
+    }
+    current->type = certDirectoryName;
+    current->l.next = &current->l;
+    current->l.prev = &current->l;
+
+    directoryName = CERT_AsciiToName((char *)data);
+    if (!directoryName) {
+        goto loser;
+    }
+
+    rv = CERT_CopyName(arena, &current->name.directoryName, directoryName);
+    CERT_DestroyName(directoryName);
+
+loser:
+    if (rv != SECSuccess) {
+        PORT_SetError(rv);
+        PORT_ArenaRelease(arena, mark);
+        current = NULL;
+    }
+    return (current);
+}
+
+/* Adding Authority Key ID extension to extension handle. */
+static SECStatus
+crlgen_AddAuthKeyID(CRLGENGeneratorData *crlGenData,
+                    const char **dataArr)
+{
+    void *extHandle = NULL;
+    CERTAuthKeyID *authKeyID = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(dataArr && crlGenData);
+    if (!crlGenData || !dataArr) {
+        return SECFailure;
+    }
+
+    extHandle = crlGenData->crlExtHandle;
+
+    if (!dataArr[0] || !dataArr[1] || !dataArr[2]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of parameters.\n");
+        return SECFailure;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    authKeyID = PORT_ArenaZNew(arena, CERTAuthKeyID);
+    if (authKeyID == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    if (dataArr[3] == NULL) {
+        rv = crlgen_SetString(arena, dataArr[2], &authKeyID->keyID);
+        if (rv != SECSuccess)
+            goto loser;
+    } else {
+        rv = crlgen_SetString(arena, dataArr[3],
+                              &authKeyID->authCertSerialNumber);
+        if (rv != SECSuccess)
+            goto loser;
+
+        authKeyID->authCertIssuer =
+            crlgen_DistinguishedName(arena, crlGenData, dataArr[2]);
+        if (authKeyID->authCertIssuer == NULL && SECFailure == PORT_GetError()) {
+            crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n");
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    rv =
+        SECU_EncodeAndAddExtensionValue(arena, extHandle, authKeyID,
+                                        (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
+                                        SEC_OID_X509_AUTH_KEY_ID,
+                                        (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAuthKeyID);
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+/* Creates and add Subject Alternative Names extension */
+static SECStatus
+crlgen_AddIssuerAltNames(CRLGENGeneratorData *crlGenData,
+                         const char **dataArr)
+{
+    CERTGeneralName *nameList = NULL;
+    PLArenaPool *arena = NULL;
+    void *extHandle = NULL;
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(dataArr && crlGenData);
+    if (!crlGenData || !dataArr) {
+        return SECFailure;
+    }
+
+    if (!dataArr || !dataArr[0] || !dataArr[1] || !dataArr[2]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+        return SECFailure;
+    }
+
+    PORT_Assert(dataArr && crlGenData);
+    if (!crlGenData || !dataArr) {
+        return SECFailure;
+    }
+
+    extHandle = crlGenData->crlExtHandle;
+
+    if (!dataArr[0] || !dataArr[1] || !dataArr[2]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of parameters.\n");
+        return SECFailure;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    nameList = crlgen_GetGeneralName(arena, crlGenData, dataArr[2]);
+    if (nameList == NULL) {
+        crlgen_PrintError(crlGenData->parsedLineNum, "syntax error.\n");
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv =
+        SECU_EncodeAndAddExtensionValue(arena, extHandle, nameList,
+                                        (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
+                                        SEC_OID_X509_ISSUER_ALT_NAME,
+                                        (EXTEN_EXT_VALUE_ENCODER)CERT_EncodeAltNameExtension);
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+/* Creates and adds CRLNumber extension to extension handle.
+ * Since, this is CRL extension, extension handle is the one
+ * related to CRL extensions */
+static SECStatus
+crlgen_AddCrlNumber(CRLGENGeneratorData *crlGenData, const char **dataArr)
+{
+    PLArenaPool *arena = NULL;
+    SECItem encodedItem;
+    void *dummy;
+    SECStatus rv = SECFailure;
+    int code = 0;
+
+    PORT_Assert(dataArr && crlGenData);
+    if (!crlGenData || !dataArr) {
+        goto loser;
+    }
+
+    if (!dataArr[0] || !dataArr[1] || !dataArr[2]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+        goto loser;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    code = atoi(dataArr[2]);
+    if (code == 0 && *dataArr[2] != '0') {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(arena, &encodedItem, code);
+    if (!dummy) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = CERT_AddExtension(crlGenData->crlExtHandle, SEC_OID_X509_CRL_NUMBER,
+                           &encodedItem,
+                           (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
+                           PR_TRUE);
+
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+/* Creates Cert Revocation Reason code extension. Encodes it and
+ * returns as SECItem structure */
+static SECItem *
+crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
+                        int *extCode)
+{
+    SECItem *encodedItem;
+    void *dummy;
+    void *mark = NULL;
+    int code = 0;
+
+    PORT_Assert(arena && dataArr);
+    if (!arena || !dataArr) {
+        goto loser;
+    }
+
+    mark = PORT_ArenaMark(arena);
+
+    encodedItem = PORT_ArenaZNew(arena, SECItem);
+    if (encodedItem == NULL) {
+        goto loser;
+    }
+
+    if (dataArr[2] == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+
+    code = atoi(dataArr[2]);
+    /* aACompromise(10) is the last possible of the values
+     * for the Reason Core Extension */
+    if ((code == 0 && *dataArr[2] != '0') || code > 10) {
+
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(arena, encodedItem, code);
+    if (!dummy) {
+        goto loser;
+    }
+
+    *extCode = SEC_OID_X509_REASON_CODE;
+    return encodedItem;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(arena, mark);
+    }
+    return NULL;
+}
+
+/* Creates Cert Invalidity Date extension. Encodes it and
+ * returns as SECItem structure */
+static SECItem *
+crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
+                            int *extCode)
+{
+    SECItem *encodedItem;
+    int length = 0;
+    void *mark = NULL;
+
+    PORT_Assert(arena && dataArr);
+    if (!arena || !dataArr) {
+        goto loser;
+    }
+
+    mark = PORT_ArenaMark(arena);
+
+    encodedItem = PORT_ArenaZNew(arena, SECItem);
+    if (encodedItem == NULL) {
+        goto loser;
+    }
+
+    length = PORT_Strlen(dataArr[2]);
+
+    encodedItem->type = siGeneralizedTime;
+    encodedItem->data = PORT_ArenaAlloc(arena, length);
+    if (!encodedItem->data) {
+        goto loser;
+    }
+
+    PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) *
+                                                   sizeof(char));
+
+    *extCode = SEC_OID_X509_INVALID_DATE;
+    return encodedItem;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(arena, mark);
+    }
+    return NULL;
+}
+
+/* Creates(by calling extCreator function) and adds extension to a set
+ * of already added certs. Uses values of rangeFrom and rangeTo from
+ * CRLGENCrlGenCtl structure for identifying the inclusive set of certs */
+static SECStatus
+crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
+                         const char **dataArr, char *extName,
+                         SECItem *(*extCreator)(PLArenaPool *arena,
+                                                const char **dataArr,
+                                                int *extCode))
+{
+    PRUint64 i = 0;
+    SECStatus rv = SECFailure;
+    int extCode = 0;
+    PRUint64 lastRange;
+    SECItem *ext = NULL;
+    PLArenaPool *arena = NULL;
+
+    PORT_Assert(crlGenData && dataArr);
+    if (!crlGenData || !dataArr) {
+        goto loser;
+    }
+
+    if (!dataArr[0] || !dataArr[1]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+    }
+
+    lastRange = crlGenData->rangeTo - crlGenData->rangeFrom + 1;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    ext = extCreator(arena, dataArr, &extCode);
+    if (ext == NULL) {
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "got error while creating extension: %s\n",
+                          extName);
+        goto loser;
+    }
+
+    for (i = 0; i < lastRange; i++) {
+        CRLGENEntryData *extData = NULL;
+        void *extHandle = NULL;
+        SECItem *certIdItem =
+            SEC_ASN1EncodeInteger(arena, NULL,
+                                  crlGenData->rangeFrom + i);
+        if (!certIdItem) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        extData = crlgen_FindEntry(crlGenData, certIdItem);
+        if (!extData) {
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "can not add extension: crl entry "
+                              "(serial number: %d) is not in the list yet.\n",
+                              crlGenData->rangeFrom + i);
+            continue;
+        }
+
+        extHandle = extData->extHandle;
+        if (extHandle == NULL) {
+            extHandle = extData->extHandle =
+                CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl,
+                                             (CERTCrlEntry *)extData->entry);
+        }
+        rv = CERT_AddExtension(extHandle, extCode, ext,
+                               (*dataArr[1] == '1') ? PR_TRUE : PR_FALSE,
+                               PR_TRUE);
+        if (rv == SECFailure) {
+            goto loser;
+        }
+    }
+
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+/* Commits all added entries and their's extensions into CRL. */
+SECStatus
+CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData)
+{
+    int size = 0;
+    CERTCrl *crl;
+    PLArenaPool *arena;
+    SECStatus rv = SECSuccess;
+    void *mark;
+
+    PORT_Assert(crlGenData && crlGenData->signCrl && crlGenData->signCrl->arena);
+    if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    arena = crlGenData->signCrl->arena;
+    crl = &crlGenData->signCrl->crl;
+
+    mark = PORT_ArenaMark(arena);
+
+    if (crlGenData->crlExtHandle)
+        CERT_FinishExtensions(crlGenData->crlExtHandle);
+
+    size = crlGenData->entryDataHashTable->nentries;
+    crl->entries = NULL;
+    if (size) {
+        crl->entries = PORT_ArenaZNewArray(arena, CERTCrlEntry *, size + 1);
+        if (!crl->entries) {
+            rv = SECFailure;
+        } else {
+            struct commitData dt;
+            dt.entries = crl->entries;
+            dt.pos = 0;
+            PL_HashTableEnumerateEntries(crlGenData->entryDataHashTable,
+                                         &crlgen_CommitEntryData, &dt);
+            /* Last should be NULL */
+            crl->entries[size] = NULL;
+        }
+    }
+
+    if (rv != SECSuccess)
+        PORT_ArenaRelease(arena, mark);
+    return rv;
+}
+
+/* Initializes extHandle with data from extensions array */
+static SECStatus
+crlgen_InitExtensionHandle(void *extHandle,
+                           CERTCertExtension **extensions)
+{
+    CERTCertExtension *extension = NULL;
+
+    if (!extensions)
+        return SECSuccess;
+
+    PORT_Assert(extHandle != NULL);
+    if (!extHandle) {
+        return SECFailure;
+    }
+
+    extension = *extensions;
+    while (extension) {
+        SECOidTag oidTag = SECOID_FindOIDTag(&extension->id);
+        /* shell we skip unknown extensions? */
+        CERT_AddExtension(extHandle, oidTag, &extension->value,
+                          (extension->critical.len != 0) ? PR_TRUE : PR_FALSE,
+                          PR_FALSE);
+        extension = *(++extensions);
+    }
+    return SECSuccess;
+}
+
+/* Used for initialization of extension handles for crl and certs
+ * extensions from existing CRL data then modifying existing CRL.*/
+SECStatus
+CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData)
+{
+    CERTCrl *crl = NULL;
+    PRUint64 maxSN = 0;
+
+    PORT_Assert(crlGenData && crlGenData->signCrl &&
+                crlGenData->entryDataHashTable);
+    if (!crlGenData || !crlGenData->signCrl ||
+        !crlGenData->entryDataHashTable) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    crl = &crlGenData->signCrl->crl;
+    crlGenData->crlExtHandle = CERT_StartCRLExtensions(crl);
+    crlgen_InitExtensionHandle(crlGenData->crlExtHandle,
+                               crl->extensions);
+    crl->extensions = NULL;
+
+    if (crl->entries) {
+        CERTCrlEntry **entry = crl->entries;
+        while (*entry) {
+            PRUint64 sn = DER_GetInteger(&(*entry)->serialNumber);
+            CRLGENEntryData *extData =
+                crlgen_PlaceAnEntry(crlGenData, *entry, &(*entry)->serialNumber);
+            if ((*entry)->extensions) {
+                extData->extHandle =
+                    CERT_StartCRLEntryExtensions(&crlGenData->signCrl->crl,
+                                                 (CERTCrlEntry *)extData->entry);
+                if (crlgen_InitExtensionHandle(extData->extHandle,
+                                               (*entry)->extensions) == SECFailure)
+                    return SECFailure;
+            }
+            (*entry)->extensions = NULL;
+            entry++;
+            maxSN = PR_MAX(maxSN, sn);
+        }
+    }
+
+    crlGenData->rangeFrom = crlGenData->rangeTo = maxSN + 1;
+    return SECSuccess;
+}
+
+/*****************************************************************************
+ * Parser trigger functions start here
+ */
+
+/* Sets new internal range value for add/rm certs.*/
+static SECStatus
+crlgen_SetNewRangeField(CRLGENGeneratorData *crlGenData, char *value)
+{
+    long rangeFrom = 0, rangeTo = 0;
+    char *dashPos = NULL;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (value == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+        return SECFailure;
+    }
+
+    if ((dashPos = strchr(value, '-')) != NULL) {
+        char *rangeToS, *rangeFromS = value;
+        *dashPos = '\0';
+        rangeFrom = atoi(rangeFromS);
+        *dashPos = '-';
+
+        rangeToS = (char *)(dashPos + 1);
+        rangeTo = atol(rangeToS);
+    } else {
+        rangeFrom = atol(value);
+        rangeTo = rangeFrom;
+    }
+
+    if (rangeFrom < 1 || rangeTo < rangeFrom) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "bad cert id range: %s.\n", value);
+        return SECFailure;
+    }
+
+    crlGenData->rangeFrom = rangeFrom;
+    crlGenData->rangeTo = rangeTo;
+
+    return SECSuccess;
+}
+
+/* Changes issuer subject field in CRL. By default this data is taken from
+ * issuer cert subject field.Not yet implemented */
+static SECStatus
+crlgen_SetIssuerField(CRLGENGeneratorData *crlGenData, char *value)
+{
+    crlgen_PrintError(crlGenData->parsedLineNum,
+                      "Can not change CRL issuer field.\n");
+    return SECFailure;
+}
+
+/* Encode and sets CRL thisUpdate and nextUpdate time fields*/
+static SECStatus
+crlgen_SetTimeField(CRLGENGeneratorData *crlGenData, char *value,
+                    PRBool setThisUpdate)
+{
+    CERTSignedCrl *signCrl;
+    PLArenaPool *arena;
+    CERTCrl *crl;
+    int length = 0;
+    SECItem *timeDest = NULL;
+
+    PORT_Assert(crlGenData && crlGenData->signCrl &&
+                crlGenData->signCrl->arena);
+    if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    signCrl = crlGenData->signCrl;
+    arena = signCrl->arena;
+    crl = &signCrl->crl;
+
+    if (value == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+        return SECFailure;
+    }
+    length = PORT_Strlen(value);
+
+    if (setThisUpdate == PR_TRUE) {
+        timeDest = &crl->lastUpdate;
+    } else {
+        timeDest = &crl->nextUpdate;
+    }
+
+    timeDest->type = siGeneralizedTime;
+    timeDest->data = PORT_ArenaAlloc(arena, length);
+    if (!timeDest->data) {
+        return SECFailure;
+    }
+    PORT_Memcpy(timeDest->data, value, length);
+    timeDest->len = length;
+
+    return SECSuccess;
+}
+
+/* Adds new extension into CRL or added cert handles */
+static SECStatus
+crlgen_AddExtension(CRLGENGeneratorData *crlGenData, const char **extData)
+{
+    PORT_Assert(crlGenData && crlGenData->crlExtHandle);
+    if (!crlGenData || !crlGenData->crlExtHandle) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (extData == NULL || *extData == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+        return SECFailure;
+    }
+    if (!PORT_Strcmp(*extData, "authKeyId"))
+        return crlgen_AddAuthKeyID(crlGenData, extData);
+    else if (!PORT_Strcmp(*extData, "issuerAltNames"))
+        return crlgen_AddIssuerAltNames(crlGenData, extData);
+    else if (!PORT_Strcmp(*extData, "crlNumber"))
+        return crlgen_AddCrlNumber(crlGenData, extData);
+    else if (!PORT_Strcmp(*extData, "reasonCode"))
+        return crlgen_AddEntryExtension(crlGenData, extData, "reasonCode",
+                                        crlgen_CreateReasonCode);
+    else if (!PORT_Strcmp(*extData, "invalidityDate"))
+        return crlgen_AddEntryExtension(crlGenData, extData, "invalidityDate",
+                                        crlgen_CreateInvalidityDate);
+    else {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+        return SECFailure;
+    }
+}
+
+/* Created CRLGENEntryData for cert with serial number certId and
+ * adds it to entryDataHashTable. certId can be a single cert serial
+ * number or an inclusive rage of certs */
+static SECStatus
+crlgen_AddCert(CRLGENGeneratorData *crlGenData,
+               char *certId, char *revocationDate)
+{
+    CERTSignedCrl *signCrl;
+    SECItem *certIdItem;
+    PLArenaPool *arena;
+    PRUint64 rangeFrom = 0, rangeTo = 0, i = 0;
+    int timeValLength = -1;
+    SECStatus rv = SECFailure;
+    void *mark;
+
+    PORT_Assert(crlGenData && crlGenData->signCrl &&
+                crlGenData->signCrl->arena);
+    if (!crlGenData || !crlGenData->signCrl || !crlGenData->signCrl->arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    signCrl = crlGenData->signCrl;
+    arena = signCrl->arena;
+
+    if (!certId || !revocationDate) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "insufficient number of arguments.\n");
+        return SECFailure;
+    }
+
+    timeValLength = strlen(revocationDate);
+
+    if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure &&
+        certId) {
+        return SECFailure;
+    }
+    rangeFrom = crlGenData->rangeFrom;
+    rangeTo = crlGenData->rangeTo;
+
+    for (i = 0; i < rangeTo - rangeFrom + 1; i++) {
+        CERTCrlEntry *entry;
+        mark = PORT_ArenaMark(arena);
+        entry = PORT_ArenaZNew(arena, CERTCrlEntry);
+        if (entry == NULL) {
+            goto loser;
+        }
+
+        certIdItem = SEC_ASN1EncodeInteger(arena, &entry->serialNumber,
+                                           rangeFrom + i);
+        if (!certIdItem) {
+            goto loser;
+        }
+
+        if (crlgen_FindEntry(crlGenData, certIdItem)) {
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "entry already exists. Use \"range\" "
+                              "and \"rmcert\" before adding a new one with the "
+                              "same serial number %ld\n",
+                              rangeFrom + i);
+            goto loser;
+        }
+
+        entry->serialNumber.type = siBuffer;
+
+        entry->revocationDate.type = siGeneralizedTime;
+
+        entry->revocationDate.data =
+            PORT_ArenaAlloc(arena, timeValLength);
+        if (entry->revocationDate.data == NULL) {
+            goto loser;
+        }
+
+        PORT_Memcpy(entry->revocationDate.data, revocationDate,
+                    timeValLength * sizeof(char));
+        entry->revocationDate.len = timeValLength;
+
+        entry->extensions = NULL;
+        if (!crlgen_PlaceAnEntry(crlGenData, entry, certIdItem)) {
+            goto loser;
+        }
+        mark = NULL;
+    }
+
+    rv = SECSuccess;
+loser:
+    if (mark) {
+        PORT_ArenaRelease(arena, mark);
+    }
+    return rv;
+}
+
+/* Removes certs from entryDataHashTable which have certId serial number.
+ * certId can have value of a range of certs */
+static SECStatus
+crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId)
+{
+    PRUint64 i = 0;
+
+    PORT_Assert(crlGenData && certId);
+    if (!crlGenData || !certId) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure &&
+        certId) {
+        return SECFailure;
+    }
+
+    for (i = 0; i < crlGenData->rangeTo - crlGenData->rangeFrom + 1; i++) {
+        SECItem *certIdItem = SEC_ASN1EncodeInteger(NULL, NULL,
+                                                    crlGenData->rangeFrom + i);
+        if (certIdItem) {
+            CRLGENEntryData *extData =
+                crlgen_FindEntry(crlGenData, certIdItem);
+            if (!extData) {
+                printf("Cert with id %s is not in the list\n", certId);
+            } else {
+                crlgen_RmEntry(crlGenData, certIdItem);
+            }
+            SECITEM_FreeItem(certIdItem, PR_TRUE);
+        }
+    }
+
+    return SECSuccess;
+}
+
+/*************************************************************************
+ * Lex Parser Helper functions are used to store parsed information
+ * in context related structures. Context(or state) is identified base on
+ * a type of a instruction parser currently is going through. New context
+ * is identified by first token in a line. It can be addcert context,
+ * addext context, etc. */
+
+/* Updates CRL field depending on current context */
+static SECStatus
+crlgen_updateCrlFn_field(CRLGENGeneratorData *crlGenData, void *str)
+{
+    CRLGENCrlField *fieldStr = (CRLGENCrlField *)str;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (crlGenData->contextId) {
+        case CRLGEN_ISSUER_CONTEXT:
+            crlgen_SetIssuerField(crlGenData, fieldStr->value);
+            break;
+        case CRLGEN_UPDATE_CONTEXT:
+            return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_TRUE);
+            break;
+        case CRLGEN_NEXT_UPDATE_CONTEXT:
+            return crlgen_SetTimeField(crlGenData, fieldStr->value, PR_FALSE);
+            break;
+        case CRLGEN_CHANGE_RANGE_CONTEXT:
+            return crlgen_SetNewRangeField(crlGenData, fieldStr->value);
+            break;
+        default:
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "syntax error (unknow token type: %d)\n",
+                              crlGenData->contextId);
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Sets parsed data for CRL field update into temporary structure */
+static SECStatus
+crlgen_setNextDataFn_field(CRLGENGeneratorData *crlGenData, void *str,
+                           void *data, unsigned short dtype)
+{
+    CRLGENCrlField *fieldStr = (CRLGENCrlField *)str;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (crlGenData->contextId) {
+        case CRLGEN_CHANGE_RANGE_CONTEXT:
+            if (dtype != CRLGEN_TYPE_DIGIT && dtype != CRLGEN_TYPE_DIGIT_RANGE) {
+                crlgen_PrintError(crlGenData->parsedLineNum,
+                                  "range value should have "
+                                  "numeric or numeric range values.\n");
+                return SECFailure;
+            }
+            break;
+        case CRLGEN_NEXT_UPDATE_CONTEXT:
+        case CRLGEN_UPDATE_CONTEXT:
+            if (dtype != CRLGEN_TYPE_ZDATE) {
+                crlgen_PrintError(crlGenData->parsedLineNum,
+                                  "bad formated date. Should be "
+                                  "YYYYMMDDHHMMSSZ.\n");
+                return SECFailure;
+            }
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "syntax error (unknow token type: %d).\n",
+                              crlGenData->contextId, data);
+            return SECFailure;
+    }
+    fieldStr->value = PORT_Strdup(data);
+    if (!fieldStr->value) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Triggers cert entries update depending on current context */
+static SECStatus
+crlgen_updateCrlFn_cert(CRLGENGeneratorData *crlGenData, void *str)
+{
+    CRLGENCertEntry *certStr = (CRLGENCertEntry *)str;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (crlGenData->contextId) {
+        case CRLGEN_ADD_CERT_CONTEXT:
+            return crlgen_AddCert(crlGenData, certStr->certId,
+                                  certStr->revocationTime);
+        case CRLGEN_RM_CERT_CONTEXT:
+            return crlgen_RmCert(crlGenData, certStr->certId);
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "syntax error (unknow token type: %d).\n",
+                              crlGenData->contextId);
+            return SECFailure;
+    }
+}
+
+/* Sets parsed data for CRL entries update into temporary structure */
+static SECStatus
+crlgen_setNextDataFn_cert(CRLGENGeneratorData *crlGenData, void *str,
+                          void *data, unsigned short dtype)
+{
+    CRLGENCertEntry *certStr = (CRLGENCertEntry *)str;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (dtype) {
+        case CRLGEN_TYPE_DIGIT:
+        case CRLGEN_TYPE_DIGIT_RANGE:
+            certStr->certId = PORT_Strdup(data);
+            if (!certStr->certId) {
+                return SECFailure;
+            }
+            break;
+        case CRLGEN_TYPE_DATE:
+        case CRLGEN_TYPE_ZDATE:
+            certStr->revocationTime = PORT_Strdup(data);
+            if (!certStr->revocationTime) {
+                return SECFailure;
+            }
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "syntax error (unknow token type: %d).\n",
+                              crlGenData->contextId);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Triggers cert entries/crl extension update */
+static SECStatus
+crlgen_updateCrlFn_extension(CRLGENGeneratorData *crlGenData, void *str)
+{
+    CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str;
+
+    return crlgen_AddExtension(crlGenData, (const char **)extStr->extData);
+}
+
+/* Defines maximum number of fields extension may have */
+#define MAX_EXT_DATA_LENGTH 10
+
+/* Sets parsed extension data for CRL entries/CRL extensions update
+ * into temporary structure */
+static SECStatus
+crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
+                               void *data, unsigned short dtype)
+{
+    CRLGENExtensionEntry *extStr = (CRLGENExtensionEntry *)str;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (extStr->extData == NULL) {
+        extStr->extData = PORT_ZNewArray(char *, MAX_EXT_DATA_LENGTH);
+        if (!extStr->extData) {
+            return SECFailure;
+        }
+    }
+    if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        crlgen_PrintError(crlGenData->parsedLineNum,
+                          "number of fields in extension "
+                          "exceeded maximum allowed data length: %d.\n",
+                          MAX_EXT_DATA_LENGTH);
+        return SECFailure;
+    }
+    extStr->extData[extStr->nextUpdatedData] = PORT_Strdup(data);
+    if (!extStr->extData[extStr->nextUpdatedData]) {
+        return SECFailure;
+    }
+    extStr->nextUpdatedData += 1;
+
+    return SECSuccess;
+}
+
+/****************************************************************************************
+ * Top level functions are triggered directly by parser.
+ */
+
+/*
+ * crl generation script parser recreates a temporary data staructure
+ * for each line it is going through. This function cleans temp structure.
+ */
+void
+crlgen_destroyTempData(CRLGENGeneratorData *crlGenData)
+{
+    if (crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) {
+        switch (crlGenData->contextId) {
+            case CRLGEN_ISSUER_CONTEXT:
+            case CRLGEN_UPDATE_CONTEXT:
+            case CRLGEN_NEXT_UPDATE_CONTEXT:
+            case CRLGEN_CHANGE_RANGE_CONTEXT:
+                if (crlGenData->crlField->value)
+                    PORT_Free(crlGenData->crlField->value);
+                PORT_Free(crlGenData->crlField);
+                break;
+            case CRLGEN_ADD_CERT_CONTEXT:
+            case CRLGEN_RM_CERT_CONTEXT:
+                if (crlGenData->certEntry->certId)
+                    PORT_Free(crlGenData->certEntry->certId);
+                if (crlGenData->certEntry->revocationTime)
+                    PORT_Free(crlGenData->certEntry->revocationTime);
+                PORT_Free(crlGenData->certEntry);
+                break;
+            case CRLGEN_ADD_EXTENSION_CONTEXT:
+                if (crlGenData->extensionEntry->extData) {
+                    int i = 0;
+                    for (; i < crlGenData->extensionEntry->nextUpdatedData; i++)
+                        PORT_Free(*(crlGenData->extensionEntry->extData + i));
+                    PORT_Free(crlGenData->extensionEntry->extData);
+                }
+                PORT_Free(crlGenData->extensionEntry);
+                break;
+        }
+        crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT;
+    }
+}
+
+SECStatus
+crlgen_updateCrl(CRLGENGeneratorData *crlGenData)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (crlGenData->contextId) {
+        case CRLGEN_ISSUER_CONTEXT:
+        case CRLGEN_UPDATE_CONTEXT:
+        case CRLGEN_NEXT_UPDATE_CONTEXT:
+        case CRLGEN_CHANGE_RANGE_CONTEXT:
+            rv = crlGenData->crlField->updateCrlFn(crlGenData, crlGenData->crlField);
+            break;
+        case CRLGEN_RM_CERT_CONTEXT:
+        case CRLGEN_ADD_CERT_CONTEXT:
+            rv = crlGenData->certEntry->updateCrlFn(crlGenData, crlGenData->certEntry);
+            break;
+        case CRLGEN_ADD_EXTENSION_CONTEXT:
+            rv = crlGenData->extensionEntry->updateCrlFn(crlGenData, crlGenData->extensionEntry);
+            break;
+        case CRLGEN_UNKNOWN_CONTEXT:
+            break;
+        default:
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "unknown lang context type code: %d.\n",
+                              crlGenData->contextId);
+            PORT_Assert(0);
+            return SECFailure;
+    }
+    /* Clrean structures after crl update */
+    crlgen_destroyTempData(crlGenData);
+
+    crlGenData->parsedLineNum += 1;
+
+    return rv;
+}
+
+SECStatus
+crlgen_setNextData(CRLGENGeneratorData *crlGenData, void *data,
+                   unsigned short dtype)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(crlGenData);
+    if (!crlGenData) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (crlGenData->contextId) {
+        case CRLGEN_ISSUER_CONTEXT:
+        case CRLGEN_UPDATE_CONTEXT:
+        case CRLGEN_NEXT_UPDATE_CONTEXT:
+        case CRLGEN_CHANGE_RANGE_CONTEXT:
+            rv = crlGenData->crlField->setNextDataFn(crlGenData, crlGenData->crlField,
+                                                     data, dtype);
+            break;
+        case CRLGEN_ADD_CERT_CONTEXT:
+        case CRLGEN_RM_CERT_CONTEXT:
+            rv = crlGenData->certEntry->setNextDataFn(crlGenData, crlGenData->certEntry,
+                                                      data, dtype);
+            break;
+        case CRLGEN_ADD_EXTENSION_CONTEXT:
+            rv =
+                crlGenData->extensionEntry->setNextDataFn(crlGenData, crlGenData->extensionEntry, data, dtype);
+            break;
+        case CRLGEN_UNKNOWN_CONTEXT:
+            break;
+        default:
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "unknown context type: %d.\n",
+                              crlGenData->contextId);
+            PORT_Assert(0);
+            return SECFailure;
+    }
+    return rv;
+}
+
+SECStatus
+crlgen_createNewLangStruct(CRLGENGeneratorData *crlGenData,
+                           unsigned structType)
+{
+    PORT_Assert(crlGenData &&
+                crlGenData->contextId == CRLGEN_UNKNOWN_CONTEXT);
+    if (!crlGenData ||
+        crlGenData->contextId != CRLGEN_UNKNOWN_CONTEXT) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (structType) {
+        case CRLGEN_ISSUER_CONTEXT:
+        case CRLGEN_UPDATE_CONTEXT:
+        case CRLGEN_NEXT_UPDATE_CONTEXT:
+        case CRLGEN_CHANGE_RANGE_CONTEXT:
+            crlGenData->crlField = PORT_New(CRLGENCrlField);
+            if (!crlGenData->crlField) {
+                return SECFailure;
+            }
+            crlGenData->contextId = structType;
+            crlGenData->crlField->value = NULL;
+            crlGenData->crlField->updateCrlFn = &crlgen_updateCrlFn_field;
+            crlGenData->crlField->setNextDataFn = &crlgen_setNextDataFn_field;
+            break;
+        case CRLGEN_RM_CERT_CONTEXT:
+        case CRLGEN_ADD_CERT_CONTEXT:
+            crlGenData->certEntry = PORT_New(CRLGENCertEntry);
+            if (!crlGenData->certEntry) {
+                return SECFailure;
+            }
+            crlGenData->contextId = structType;
+            crlGenData->certEntry->certId = 0;
+            crlGenData->certEntry->revocationTime = NULL;
+            crlGenData->certEntry->updateCrlFn = &crlgen_updateCrlFn_cert;
+            crlGenData->certEntry->setNextDataFn = &crlgen_setNextDataFn_cert;
+            break;
+        case CRLGEN_ADD_EXTENSION_CONTEXT:
+            crlGenData->extensionEntry = PORT_New(CRLGENExtensionEntry);
+            if (!crlGenData->extensionEntry) {
+                return SECFailure;
+            }
+            crlGenData->contextId = structType;
+            crlGenData->extensionEntry->extData = NULL;
+            crlGenData->extensionEntry->nextUpdatedData = 0;
+            crlGenData->extensionEntry->updateCrlFn =
+                &crlgen_updateCrlFn_extension;
+            crlGenData->extensionEntry->setNextDataFn =
+                &crlgen_setNextDataFn_extension;
+            break;
+        case CRLGEN_UNKNOWN_CONTEXT:
+            break;
+        default:
+            crlgen_PrintError(crlGenData->parsedLineNum,
+                              "unknown context type: %d.\n", structType);
+            PORT_Assert(0);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Parser initialization function */
+CRLGENGeneratorData *
+CRLGEN_InitCrlGeneration(CERTSignedCrl *signCrl, PRFileDesc *src)
+{
+    CRLGENGeneratorData *crlGenData = NULL;
+
+    PORT_Assert(signCrl && src);
+    if (!signCrl || !src) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    crlGenData = PORT_ZNew(CRLGENGeneratorData);
+    if (!crlGenData) {
+        return NULL;
+    }
+
+    crlGenData->entryDataHashTable =
+        PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+                        PL_CompareValues, NULL, NULL);
+    if (!crlGenData->entryDataHashTable) {
+        PORT_Free(crlGenData);
+        return NULL;
+    }
+
+    crlGenData->src = src;
+    crlGenData->parsedLineNum = 1;
+    crlGenData->contextId = CRLGEN_UNKNOWN_CONTEXT;
+    crlGenData->signCrl = signCrl;
+    crlGenData->rangeFrom = 0;
+    crlGenData->rangeTo = 0;
+    crlGenData->crlExtHandle = NULL;
+
+    PORT_SetError(0);
+
+    return crlGenData;
+}
+
+void
+CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData)
+{
+    if (!crlGenData)
+        return;
+    if (crlGenData->src)
+        PR_Close(crlGenData->src);
+    PL_HashTableDestroy(crlGenData->entryDataHashTable);
+    PORT_Free(crlGenData);
+}
diff --git a/nss/cmd/crlutil/crlgen.h b/nss/cmd/crlutil/crlgen.h
new file mode 100644
index 0000000..3ec7921
--- /dev/null
+++ b/nss/cmd/crlutil/crlgen.h
@@ -0,0 +1,178 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CRLGEN_H_
+#define _CRLGEN_H_
+
+#include "prio.h"
+#include "prprf.h"
+#include "plhash.h"
+#include "seccomon.h"
+#include "certt.h"
+#include "secoidt.h"
+
+#define CRLGEN_UNKNOWN_CONTEXT 0
+#define CRLGEN_ISSUER_CONTEXT 1
+#define CRLGEN_UPDATE_CONTEXT 2
+#define CRLGEN_NEXT_UPDATE_CONTEXT 3
+#define CRLGEN_ADD_EXTENSION_CONTEXT 4
+#define CRLGEN_ADD_CERT_CONTEXT 6
+#define CRLGEN_CHANGE_RANGE_CONTEXT 7
+#define CRLGEN_RM_CERT_CONTEXT 8
+
+#define CRLGEN_TYPE_DATE 0
+#define CRLGEN_TYPE_ZDATE 1
+#define CRLGEN_TYPE_DIGIT 2
+#define CRLGEN_TYPE_DIGIT_RANGE 3
+#define CRLGEN_TYPE_OID 4
+#define CRLGEN_TYPE_STRING 5
+#define CRLGEN_TYPE_ID 6
+
+typedef struct CRLGENGeneratorDataStr CRLGENGeneratorData;
+typedef struct CRLGENEntryDataStr CRLGENEntryData;
+typedef struct CRLGENExtensionEntryStr CRLGENExtensionEntry;
+typedef struct CRLGENCertEntrySrt CRLGENCertEntry;
+typedef struct CRLGENCrlFieldStr CRLGENCrlField;
+typedef struct CRLGENEntriesSortedDataStr CRLGENEntriesSortedData;
+
+/* Exported functions */
+
+/* Used for initialization of extension handles for crl and certs
+ * extensions from existing CRL data then modifying existing CRL.*/
+extern SECStatus CRLGEN_ExtHandleInit(CRLGENGeneratorData *crlGenData);
+
+/* Commits all added entries and their's extensions into CRL. */
+extern SECStatus CRLGEN_CommitExtensionsAndEntries(CRLGENGeneratorData *crlGenData);
+
+/* Lunches the crl generation script parse */
+extern SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *crlGenData);
+
+/* Closes crl generation script file and frees crlGenData */
+extern void CRLGEN_FinalizeCrlGeneration(CRLGENGeneratorData *crlGenData);
+
+/* Parser initialization function. Creates CRLGENGeneratorData structure
+ *  for the current thread */
+extern CRLGENGeneratorData *CRLGEN_InitCrlGeneration(CERTSignedCrl *newCrl,
+                                                     PRFileDesc *src);
+
+/* This lock is defined in crlgen_lex.c(derived from crlgen_lex.l).
+ * It controls access to invocation of yylex, allows to parse one
+ * script at a time */
+extern void CRLGEN_InitCrlGenParserLock();
+extern void CRLGEN_DestroyCrlGenParserLock();
+
+/* The following function types are used to define functions for each of
+ * CRLGENExtensionEntryStr, CRLGENCertEntrySrt, CRLGENCrlFieldStr to
+ * provide functionality needed for these structures*/
+typedef SECStatus updateCrlFn_t(CRLGENGeneratorData *crlGenData, void *str);
+typedef SECStatus setNextDataFn_t(CRLGENGeneratorData *crlGenData, void *str,
+                                  void *data, unsigned short dtype);
+typedef SECStatus createNewLangStructFn_t(CRLGENGeneratorData *crlGenData,
+                                          void *str, unsigned i);
+
+/* Sets reports failure to parser if anything goes wrong */
+extern void crlgen_setFailure(CRLGENGeneratorData *str, char *);
+
+/* Collects data in to one of the current data structure that corresponds
+ * to the correct context type. This function gets called after each token
+ * is found for a particular line */
+extern SECStatus crlgen_setNextData(CRLGENGeneratorData *str, void *data,
+                                    unsigned short dtype);
+
+/* initiates crl update with collected data. This function is called at the
+ * end of each line */
+extern SECStatus crlgen_updateCrl(CRLGENGeneratorData *str);
+
+/* Creates new context structure depending on token that was parsed
+ * at the beginning of a line */
+extern SECStatus crlgen_createNewLangStruct(CRLGENGeneratorData *str,
+                                            unsigned structType);
+
+/* CRLGENExtensionEntry is used to store addext request data for either
+ * CRL extensions or CRL entry extensions. The differentiation between
+ * is based on order and type of extension been added.
+ *    - extData : all data in request staring from name of the extension are
+ *                in saved here.
+ *    - nextUpdatedData: counter of elements added to extData
+ */
+struct CRLGENExtensionEntryStr {
+    char **extData;
+    int nextUpdatedData;
+    updateCrlFn_t *updateCrlFn;
+    setNextDataFn_t *setNextDataFn;
+};
+
+/* CRLGENCeryestEntry is used to store addcert request data
+ *   - certId : certificate id or range of certificate with dash as a delimiter
+ *              All certs from range will be inclusively added to crl
+ *   - revocationTime: revocation time of cert(s)
+ */
+struct CRLGENCertEntrySrt {
+    char *certId;
+    char *revocationTime;
+    updateCrlFn_t *updateCrlFn;
+    setNextDataFn_t *setNextDataFn;
+};
+
+/* CRLGENCrlField is used to store crl fields record like update time, next
+ * update time, etc.
+ *  - value: value of the parsed field data*/
+struct CRLGENCrlFieldStr {
+    char *value;
+    updateCrlFn_t *updateCrlFn;
+    setNextDataFn_t *setNextDataFn;
+};
+
+/* Can not create entries extension until completely done with parsing.
+ * Therefore need to keep joined data
+ *   - certId : serial number of certificate
+ *   - extHandle: head pointer to a list of extensions that belong to
+ *                 entry
+ *   - entry : CERTCrlEntry structure pointer*/
+struct CRLGENEntryDataStr {
+    SECItem *certId;
+    void *extHandle;
+    CERTCrlEntry *entry;
+};
+
+/* Crl generator/parser main structure. Keeps info regarding current state of
+ * parser(context, status), parser helper functions pointers, parsed data and
+ * generated data.
+ *  - contextId : current parsing context. Context in this parser environment
+ *                defines what type of crl operations parser is going through
+ *                in the current line of crl generation script.
+ *                setting or new cert or an extension addition, etc.
+ *  - createNewLangStructFn: pointer to top level function which creates
+ *                             data structures according contextId
+ *  - setNextDataFn : pointer to top level function which sets new parsed data
+ *                    in temporary structure
+ *  - updateCrlFn   : pointer to top level function which triggers actual
+ *                    crl update functions with gathered data
+ *  - union         : data union create according to contextId
+ *  - rangeFrom, rangeTo : holds last range in which certs was added
+ *  - newCrl        : pointer to CERTSignedCrl newly created crl
+ *  - crlExtHandle : pointer to crl extension handle
+ *  - entryDataHashTable: hash of CRLGENEntryData.
+ *                     key: cert serial number
+ *                     data: CRLGENEntryData pointer
+ *  - parserStatus  : current status of parser. Triggers parser to abort when
+ *                    set to SECFailure
+ *  - src : PRFileDesc structure pointer of crl generator config file
+ *  - parsedLineNum : currently parsing line. Keeping it to report errors */
+struct CRLGENGeneratorDataStr {
+    unsigned short contextId;
+    CRLGENCrlField *crlField;
+    CRLGENCertEntry *certEntry;
+    CRLGENExtensionEntry *extensionEntry;
+    PRUint64 rangeFrom;
+    PRUint64 rangeTo;
+    CERTSignedCrl *signCrl;
+    void *crlExtHandle;
+    PLHashTable *entryDataHashTable;
+
+    PRFileDesc *src;
+    int parsedLineNum;
+};
+
+#endif /* _CRLGEN_H_ */
diff --git a/nss/cmd/crlutil/crlgen_lex.c b/nss/cmd/crlutil/crlgen_lex.c
new file mode 100644
index 0000000..fb53ec8
--- /dev/null
+++ b/nss/cmd/crlutil/crlgen_lex.c
@@ -0,0 +1,1773 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+
+#include <stdio.h>
+#ifdef _WIN32
+#include <io.h>
+#else
+#include <unistd.h>
+#endif
+
+/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
+#ifdef c_plusplus
+#ifndef __cplusplus
+#define __cplusplus
+#endif
+#endif
+
+#ifdef __cplusplus
+
+#include <stdlib.h>
+
+/* Use prototypes in function declarations. */
+#define YY_USE_PROTOS
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_PROTOS
+#define YY_USE_CONST
+
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
+
+#ifdef __TURBOC__
+#pragma warn - rch
+#pragma warn - use
+#include <io.h>
+#include <stdlib.h>
+#define YY_USE_CONST
+#define YY_USE_PROTOS
+#endif
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+#ifdef YY_USE_PROTOS
+#define YY_PROTO(proto) proto
+#else
+#define YY_PROTO(proto) ()
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index.  If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int)(unsigned char)c)
+
+/* Enter a start condition.  This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN yy_start = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state.  The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START ((yy_start - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart(yyin)
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#define YY_BUF_SIZE 16384
+
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+
+extern int yyleng;
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+/* The funky do-while in the following #define is used to turn the definition
+ * int a single C statement (which needs a semi-colon terminator).  This
+ * avoids problems with code like:
+ *
+ *  if ( condition_holds )
+ *    yyless( 5 );
+ *  else
+ *    do_something_else();
+ *
+ * Prior to using the do-while the compiler would get upset at the
+ * "else" because it interpreted the "if" statement as being all
+ * done when it reached the ';' after the yyless() call.
+ */
+
+/* Return all but the first 'n' matched characters back to the input stream. */
+
+#define yyless(n)                                      \
+    do {                                               \
+        /* Undo effects of setting up yytext. */       \
+        *yy_cp = yy_hold_char;                         \
+        YY_RESTORE_YY_MORE_OFFSET                      \
+        yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ;  \
+        YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+    } while (0)
+
+#define unput(c) yyunput(c, yytext_ptr)
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+typedef unsigned int yy_size_t;
+
+struct yy_buffer_state {
+    FILE *yy_input_file;
+
+    char *yy_ch_buf;  /* input buffer */
+    char *yy_buf_pos; /* current position in input buffer */
+
+    /* Size of input buffer in bytes, not including room for EOB
+     * characters.
+     */
+    yy_size_t yy_buf_size;
+
+    /* Number of characters read into yy_ch_buf, not including EOB
+     * characters.
+     */
+    int yy_n_chars;
+
+    /* Whether we "own" the buffer - i.e., we know we created it,
+     * and can realloc() it to grow it, and should free() it to
+     * delete it.
+     */
+    int yy_is_our_buffer;
+
+    /* Whether this is an "interactive" input source; if so, and
+     * if we're using stdio for input, then we want to use getc()
+     * instead of fread(), to make sure we stop fetching input after
+     * each newline.
+     */
+    int yy_is_interactive;
+
+    /* Whether we're considered to be at the beginning of a line.
+     * If so, '^' rules will be active on the next match, otherwise
+     * not.
+     */
+    int yy_at_bol;
+
+    /* Whether to try to fill the input buffer when we reach the
+     * end of it.
+     */
+    int yy_fill_buffer;
+
+    int yy_buffer_status;
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+/* When an EOF's been seen but there's still some text to process
+   * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+   * shouldn't try reading from the input source any more.  We might
+   * still have a bunch of tokens to match, though, because of
+   * possible backing-up.
+   *
+   * When we actually see the EOF, we change the status to "new"
+   * (via yyrestart()), so that the user can continue scanning by
+   * just pointing yyin at a new input file.
+   */
+#define YY_BUFFER_EOF_PENDING 2
+};
+
+static YY_BUFFER_STATE yy_current_buffer = 0;
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ */
+#define YY_CURRENT_BUFFER yy_current_buffer
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
+
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *)0;
+static int yy_init = 1;  /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin.  A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart YY_PROTO((FILE * input_file));
+
+void yy_switch_to_buffer YY_PROTO((YY_BUFFER_STATE new_buffer));
+void yy_load_buffer_state YY_PROTO((void));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO((FILE * file, int size));
+void yy_delete_buffer YY_PROTO((YY_BUFFER_STATE b));
+void yy_init_buffer YY_PROTO((YY_BUFFER_STATE b, FILE *file));
+void yy_flush_buffer YY_PROTO((YY_BUFFER_STATE b));
+#define YY_FLUSH_BUFFER yy_flush_buffer(yy_current_buffer)
+
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO((char *base, yy_size_t size));
+YY_BUFFER_STATE yy_scan_string YY_PROTO((yyconst char *yy_str));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO((yyconst char *bytes, int len));
+
+static void *yy_flex_alloc YY_PROTO((yy_size_t));
+static void *yy_flex_realloc YY_PROTO((void *, yy_size_t));
+static void yy_flex_free YY_PROTO((void *));
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive)                           \
+    {                                                                \
+        if (!yy_current_buffer)                                      \
+            yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+        yy_current_buffer->yy_is_interactive = is_interactive;       \
+    }
+
+#define yy_set_bol(at_bol)                                           \
+    {                                                                \
+        if (!yy_current_buffer)                                      \
+            yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+        yy_current_buffer->yy_at_bol = at_bol;                       \
+    }
+
+#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
+
+typedef unsigned char YY_CHAR;
+FILE *yyin = (FILE *)0, *yyout = (FILE *)0;
+typedef int yy_state_type;
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state YY_PROTO((void));
+static yy_state_type yy_try_NUL_trans YY_PROTO((yy_state_type current_state));
+static int yy_get_next_buffer YY_PROTO((void));
+static void yy_fatal_error YY_PROTO((yyconst char msg[]));
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION             \
+    yytext_ptr = yy_bp;                 \
+    yytext_ptr -= yy_more_len;          \
+    yyleng = (int)(yy_cp - yytext_ptr); \
+    yy_hold_char = *yy_cp;              \
+    *yy_cp = '\0';                      \
+    yy_c_buf_p = yy_cp;
+
+#define YY_NUM_RULES 17
+#define YY_END_OF_BUFFER 18
+/* clang-format off */
+static yyconst short int yy_accept[67] =
+    {   0,
+        0,    0,   18,   16,   14,   15,   16,   11,   12,    2,
+       10,    9,    9,    9,    9,    9,   13,   14,   15,   11,
+       12,    0,   12,    2,    9,    9,    9,    9,    9,   13,
+        3,    4,    2,    9,    9,    9,    9,    2,    9,    9,
+        9,    9,    2,    2,    9,    9,    8,    9,    2,    5,
+        9,    6,    2,    9,    2,    9,    2,    9,    2,    7,
+        2,    2,    2,    2,    1,    0
+    } ;
+
+static yyconst int yy_ec[256] =
+    {   0,
+        1,    1,    1,    1,    1,    1,    1,    1,    2,    3,
+        1,    1,    4,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    2,    1,    5,    6,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    7,    8,    1,    9,    9,   10,
+       11,   12,   12,   12,   13,   13,   13,   14,    1,    1,
+       15,    1,    1,    1,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   16,   16,   16,   16,   16,   16,   16,
+       16,   16,   16,   16,   16,   16,   16,   16,   16,   17,
+        1,    1,    1,    1,    1,    1,   18,   16,   16,   19,
+
+       20,   16,   21,   16,   22,   16,   16,   16,   16,   23,
+       16,   24,   16,   25,   26,   27,   28,   16,   16,   29,
+       16,   16,    1,   14,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1
+    } ;
+
+static yyconst int yy_meta[30] =
+    {   0,
+        1,    1,    2,    1,    3,    1,    1,    4,    5,    5,
+        5,    5,    5,    4,    1,    4,    4,    4,    4,    4,
+        4,    4,    4,    4,    4,    4,    4,    4,    4
+    } ;
+
+static yyconst short int yy_base[72] =
+    {   0,
+        0,  149,  154,  205,  138,  205,  103,    0,    0,   23,
+      205,   29,   30,   31,   32,   33,    0,   99,  205,    0,
+        0,    0,   50,   55,   34,   61,   41,   63,   64,    0,
+        0,    0,   79,   65,   68,   86,   66,   99,  105,   88,
+      106,   90,  118,   76,  107,  110,   89,  125,   43,   91,
+      127,  128,  138,  144,  113,  129,  154,  160,  160,  130,
+      172,  166,  177,  144,    0,  205,  190,  192,  194,  199,
+       76
+    } ;
+
+static yyconst short int yy_def[72] =
+    {   0,
+       66,    1,   66,   66,   66,   66,   66,   67,   68,   68,
+       66,   69,   69,   69,   69,   69,   70,   66,   66,   67,
+       68,   71,   68,   10,   69,   69,   69,   69,   69,   70,
+       71,   23,   10,   69,   69,   69,   69,   10,   69,   69,
+       69,   69,   10,   38,   69,   69,   69,   69,   38,   69,
+       69,   69,   38,   69,   38,   69,   38,   69,   38,   69,
+       38,   38,   38,   38,   68,    0,   66,   66,   66,   66,
+       66
+    } ;
+
+static yyconst short int yy_nxt[235] =
+    {   0,
+        4,    5,    6,    7,    8,    4,    4,    9,   10,   10,
+       10,   10,   10,    9,   11,   12,   12,   12,   12,   12,
+       12,   13,   14,   12,   15,   12,   12,   16,   12,   22,
+       23,   24,   24,   24,   24,   24,   21,   21,   21,   21,
+       21,   21,   21,   21,   21,   21,   21,   21,   21,   28,
+       27,   53,   53,   53,   21,   26,   29,   32,   32,   32,
+       32,   32,   32,   33,   33,   33,   33,   33,   21,   35,
+       21,   21,   21,   21,   21,   21,   21,   21,   21,   21,
+       31,   21,   37,   42,   44,   36,   34,   38,   38,   38,
+       38,   38,   39,   21,   40,   21,   21,   21,   21,   21,
+
+       18,   21,   21,   21,   21,   19,   41,   43,   44,   44,
+       44,   44,   21,   21,   21,   46,   48,   21,   21,   21,
+       21,   57,   57,   21,   45,   47,   49,   49,   49,   49,
+       49,   50,   21,   51,   21,   21,   21,   21,   21,   18,
+       21,   21,   21,   21,   52,   54,   55,   55,   55,   55,
+       55,   21,   44,   66,   17,   58,   66,   21,   66,   66,
+       65,   56,   59,   59,   59,   59,   59,   21,   61,   61,
+       61,   61,   66,   21,   63,   63,   63,   63,   66,   60,
+       62,   62,   62,   62,   62,   64,   64,   64,   64,   64,
+       20,   20,   66,   20,   20,   21,   21,   25,   25,   30,
+
+       66,   30,   30,   30,    3,   66,   66,   66,   66,   66,
+       66,   66,   66,   66,   66,   66,   66,   66,   66,   66,
+       66,   66,   66,   66,   66,   66,   66,   66,   66,   66,
+       66,   66,   66,   66
+    } ;
+
+static yyconst short int yy_chk[235] =
+    {   0,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,    1,
+        1,    1,    1,    1,    1,    1,    1,    1,    1,   10,
+       10,   10,   10,   10,   10,   10,   12,   13,   14,   15,
+       16,   25,   12,   13,   14,   15,   16,   25,   27,   15,
+       14,   49,   49,   49,   27,   13,   16,   23,   23,   23,
+       23,   23,   23,   24,   24,   24,   24,   24,   26,   27,
+       28,   29,   34,   37,   26,   35,   28,   29,   34,   37,
+       71,   35,   29,   37,   44,   28,   26,   33,   33,   33,
+       33,   33,   34,   36,   35,   40,   47,   42,   50,   36,
+
+       18,   40,   47,   42,   50,    7,   36,   38,   38,   38,
+       38,   38,   39,   41,   45,   40,   42,   46,   39,   41,
+       45,   55,   55,   46,   39,   41,   43,   43,   43,   43,
+       43,   45,   48,   46,   51,   52,   56,   60,   48,    5,
+       51,   52,   56,   60,   48,   51,   53,   53,   53,   53,
+       53,   54,   64,    3,    2,   56,    0,   54,    0,    0,
+       64,   54,   57,   57,   57,   57,   57,   58,   59,   59,
+       59,   59,    0,   58,   62,   62,   62,   62,    0,   58,
+       61,   61,   61,   61,   61,   63,   63,   63,   63,   63,
+       67,   67,    0,   67,   67,   68,   68,   69,   69,   70,
+
+        0,   70,   70,   70,   66,   66,   66,   66,   66,   66,
+       66,   66,   66,   66,   66,   66,   66,   66,   66,   66,
+       66,   66,   66,   66,   66,   66,   66,   66,   66,   66,
+       66,   66,   66,   66
+    } ;
+/* clang-format on */
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+static int yy_more_flag = 0;
+static int yy_more_len = 0;
+#define yymore() (yy_more_flag = 1)
+#define YY_MORE_ADJ yy_more_len
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "crlgen_lex_orig.l"
+#define INITIAL 0
+#line 2 "crlgen_lex_orig.l"
+
+#include "crlgen.h"
+
+static SECStatus parserStatus = SECSuccess;
+static CRLGENGeneratorData *parserData;
+static PRFileDesc *src;
+
+#define YY_INPUT(buf, result, max_size)                      \
+    if (parserStatus != SECFailure) {                        \
+        if (((result = PR_Read(src, buf, max_size)) == 0) && \
+            ferror(yyin))                                    \
+            return SECFailure;                               \
+    } else {                                                 \
+        return SECFailure;                                   \
+    }
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap YY_PROTO((void));
+#else
+extern int yywrap YY_PROTO((void));
+#endif
+#endif
+
+#ifndef YY_NO_UNPUT
+static void yyunput YY_PROTO((int c, char *buf_ptr));
+#endif
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy YY_PROTO((char *, yyconst char *, int));
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen YY_PROTO((yyconst char *));
+#endif
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+static int yyinput YY_PROTO((void));
+#else
+static int input YY_PROTO((void));
+#endif
+#endif
+
+#if YY_STACK_USED
+static int yy_start_stack_ptr = 0;
+static int yy_start_stack_depth = 0;
+static int *yy_start_stack = 0;
+#ifndef YY_NO_PUSH_STATE
+static void yy_push_state YY_PROTO((int new_state));
+#endif
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state YY_PROTO((void));
+#endif
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state YY_PROTO((void));
+#endif
+
+#else
+#define YY_NO_PUSH_STATE 1
+#define YY_NO_POP_STATE 1
+#define YY_NO_TOP_STATE 1
+#endif
+
+#ifdef YY_MALLOC_DECL
+YY_MALLOC_DECL
+#else
+#if __STDC__
+#ifndef __cplusplus
+#include <stdlib.h>
+#endif
+#else
+/* Just try to get by without declaring the routines.  This will fail
+ * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
+ * or sizeof(void*) != sizeof(int).
+ */
+#endif
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void)fwrite(yytext, yyleng, 1, yyout)
+#endif
+
+/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf, result, max_size)                           \
+    if (yy_current_buffer->yy_is_interactive) {                   \
+        int c = '*', n;                                           \
+        for (n = 0; n < max_size &&                               \
+                    (c = getc(yyin)) != EOF && c != '\n';         \
+             ++n)                                                 \
+            buf[n] = (char)c;                                     \
+        if (c == '\n')                                            \
+            buf[n++] = (char)c;                                   \
+        if (c == EOF && ferror(yyin))                             \
+            YY_FATAL_ERROR("input in flex scanner failed");       \
+        result = n;                                               \
+    } else if (((result = fread(buf, 1, max_size, yyin)) == 0) && \
+               ferror(yyin))                                      \
+        YY_FATAL_ERROR("input in flex scanner failed");
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error(msg)
+#endif
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL int yylex YY_PROTO((void))
+#endif
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP                     \
+    if (yyleng > 0)                       \
+        yy_current_buffer->yy_at_bol =    \
+            (yytext[yyleng - 1] == '\n'); \
+    YY_USER_ACTION
+
+YY_DECL
+{
+    register yy_state_type yy_current_state;
+    register char *yy_cp = NULL, *yy_bp = NULL;
+    register int yy_act;
+
+#line 28 "crlgen_lex_orig.l"
+
+    if (yy_init) {
+        yy_init = 0;
+
+#ifdef YY_USER_INIT
+        YY_USER_INIT;
+#endif
+
+        if (!yy_start)
+            yy_start = 1; /* first start state */
+
+        if (!yyin)
+            yyin = stdin;
+
+        if (!yyout)
+            yyout = stdout;
+
+        if (!yy_current_buffer)
+            yy_current_buffer =
+                yy_create_buffer(yyin, YY_BUF_SIZE);
+
+        yy_load_buffer_state();
+    }
+
+    while (1) /* loops until end-of-file is reached */
+    {
+        yy_more_len = 0;
+        if (yy_more_flag) {
+            yy_more_len = yy_c_buf_p - yytext_ptr;
+            yy_more_flag = 0;
+        }
+        yy_cp = yy_c_buf_p;
+
+        /* Support of yytext. */
+        *yy_cp = yy_hold_char;
+
+        /* yy_bp points to the position in yy_ch_buf of the start of
+         * the current run.
+         */
+        yy_bp = yy_cp;
+
+        yy_current_state = yy_start;
+        yy_current_state += YY_AT_BOL();
+    yy_match:
+        do {
+            register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+            if (yy_accept[yy_current_state]) {
+                yy_last_accepting_state = yy_current_state;
+                yy_last_accepting_cpos = yy_cp;
+            }
+            while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+                yy_current_state = (int)yy_def[yy_current_state];
+                if (yy_current_state >= 67)
+                    yy_c = yy_meta[(unsigned int)yy_c];
+            }
+            yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+            ++yy_cp;
+        } while (yy_base[yy_current_state] != 205);
+
+    yy_find_action:
+        yy_act = yy_accept[yy_current_state];
+        if (yy_act == 0) { /* have to back up */
+            yy_cp = yy_last_accepting_cpos;
+            yy_current_state = yy_last_accepting_state;
+            yy_act = yy_accept[yy_current_state];
+        }
+
+        YY_DO_BEFORE_ACTION;
+
+    do_action: /* This label is used only to access EOF actions. */
+
+        switch (yy_act) { /* beginning of action switch */
+            case 0:       /* must back up */
+                /* undo the effects of YY_DO_BEFORE_ACTION */
+                *yy_cp = yy_hold_char;
+                yy_cp = yy_last_accepting_cpos;
+                yy_current_state = yy_last_accepting_state;
+                goto yy_find_action;
+
+            case 1:
+                YY_RULE_SETUP
+#line 30 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 2:
+                YY_RULE_SETUP
+#line 36 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 3:
+                YY_RULE_SETUP
+#line 42 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 4:
+                YY_RULE_SETUP
+#line 48 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 5:
+                YY_RULE_SETUP
+#line 54 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 6:
+                YY_RULE_SETUP
+#line 60 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 7:
+                YY_RULE_SETUP
+#line 65 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 8:
+                YY_RULE_SETUP
+#line 71 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 9:
+                YY_RULE_SETUP
+#line 77 "crlgen_lex_orig.l"
+                {
+                    if (strcmp(yytext, "addcert") ==
+                        0) {
+                        parserStatus =
+                            crlgen_createNewLangStruct(parserData,
+                                                       CRLGEN_ADD_CERT_CONTEXT);
+                        if (parserStatus !=
+                            SECSuccess)
+                            return parserStatus;
+                    } else if (strcmp(yytext, "rmcert") ==
+                               0) {
+                        parserStatus =
+                            crlgen_createNewLangStruct(parserData,
+                                                       CRLGEN_RM_CERT_CONTEXT);
+                        if (parserStatus !=
+                            SECSuccess)
+                            return parserStatus;
+                    } else if (strcmp(yytext, "addext") ==
+                               0) {
+                        parserStatus =
+                            crlgen_createNewLangStruct(parserData,
+                                                       CRLGEN_ADD_EXTENSION_CONTEXT);
+                        if (parserStatus !=
+                            SECSuccess)
+                            return parserStatus;
+                    } else {
+                        parserStatus =
+                            crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID);
+                        if (parserStatus !=
+                            SECSuccess)
+                            return parserStatus;
+                    }
+                }
+                YY_BREAK
+            case 10:
+                YY_RULE_SETUP
+#line 100 "crlgen_lex_orig.l"
+
+                YY_BREAK
+            case 11:
+                YY_RULE_SETUP
+#line 102 "crlgen_lex_orig.l"
+                {
+                    if (yytext[yyleng -
+                               1] ==
+                        '\\') {
+                        yymore();
+                    } else {
+                        register int c;
+                        c =
+                            input();
+                        if (c !=
+                            '\"') {
+                            printf("Error: Line ending \" is missing:  %c\n", c);
+                            unput(c);
+                        } else {
+                            parserStatus =
+                                crlgen_setNextData(parserData, yytext + 1,
+                                                   CRLGEN_TYPE_STRING);
+                            if (parserStatus !=
+                                SECSuccess)
+                                return parserStatus;
+                        }
+                    }
+                }
+                YY_BREAK
+            case 12:
+                YY_RULE_SETUP
+#line 120 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 13:
+                YY_RULE_SETUP
+#line 128 "crlgen_lex_orig.l"
+                /* eat up one-line comments */ {}
+                YY_BREAK
+            case 14:
+                YY_RULE_SETUP
+#line 130 "crlgen_lex_orig.l"
+                {
+                }
+                YY_BREAK
+            case 15:
+                YY_RULE_SETUP
+#line 132 "crlgen_lex_orig.l"
+                {
+                    parserStatus =
+                        crlgen_updateCrl(parserData);
+                    if (parserStatus !=
+                        SECSuccess)
+                        return parserStatus;
+                }
+                YY_BREAK
+            case 16:
+                YY_RULE_SETUP
+#line 138 "crlgen_lex_orig.l"
+                {
+                    fprintf(stderr, "Syntax error at line %d: unknown token %s\n",
+                            parserData->parsedLineNum, yytext);
+                    return SECFailure;
+                }
+                YY_BREAK
+            case 17:
+                YY_RULE_SETUP
+#line 144 "crlgen_lex_orig.l"
+                ECHO;
+                YY_BREAK
+            case YY_STATE_EOF(INITIAL):
+                yyterminate();
+
+            case YY_END_OF_BUFFER: {
+                /* Amount of text matched not including the EOB char. */
+                int yy_amount_of_matched_text = (int)(yy_cp - yytext_ptr) - 1;
+
+                /* Undo the effects of YY_DO_BEFORE_ACTION. */
+                *yy_cp = yy_hold_char;
+                YY_RESTORE_YY_MORE_OFFSET
+
+                if (yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW) {
+                    /* We're scanning a new file or input source.  It's
+       * possible that this happened because the user
+       * just pointed yyin at a new source and called
+       * yylex().  If so, then we have to assure
+       * consistency between yy_current_buffer and our
+       * globals.  Here is the right place to do so, because
+       * this is the first action (other than possibly a
+       * back-up) that will match for the new input source.
+       */
+                    yy_n_chars = yy_current_buffer->yy_n_chars;
+                    yy_current_buffer->yy_input_file = yyin;
+                    yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
+                }
+
+                /* Note that here we test for yy_c_buf_p "<=" to the position
+     * of the first EOB in the buffer, since yy_c_buf_p will
+     * already have been incremented past the NUL character
+     * (since all states make transitions on EOB to the
+     * end-of-buffer state).  Contrast this with the test
+     * in input().
+     */
+                if (yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars]) { /* This was really a NUL. */
+                    yy_state_type yy_next_state;
+
+                    yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
+
+                    yy_current_state = yy_get_previous_state();
+
+                    /* Okay, we're now positioned to make the NUL
+       * transition.  We couldn't have
+       * yy_get_previous_state() go ahead and do it
+       * for us because it doesn't know how to deal
+       * with the possibility of jamming (and we don't
+       * want to build jamming into it because then it
+       * will run more slowly).
+       */
+
+                    yy_next_state = yy_try_NUL_trans(yy_current_state);
+
+                    yy_bp = yytext_ptr + YY_MORE_ADJ;
+
+                    if (yy_next_state) {
+                        /* Consume the NUL. */
+                        yy_cp = ++yy_c_buf_p;
+                        yy_current_state = yy_next_state;
+                        goto yy_match;
+                    }
+
+                    else {
+                        yy_cp = yy_c_buf_p;
+                        goto yy_find_action;
+                    }
+                }
+
+                else
+                    switch (yy_get_next_buffer()) {
+                        case EOB_ACT_END_OF_FILE: {
+                            yy_did_buffer_switch_on_eof = 0;
+
+                            if (yywrap()) {
+                                /* Note: because we've taken care in
+           * yy_get_next_buffer() to have set up
+           * yytext, we can now set up
+           * yy_c_buf_p so that if some total
+           * hoser (like flex itself) wants to
+           * call the scanner after we return the
+           * YY_NULL, it'll still work - another
+           * YY_NULL will get returned.
+           */
+                                yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
+
+                                yy_act = YY_STATE_EOF(YY_START);
+                                goto do_action;
+                            }
+
+                            else {
+                                if (!yy_did_buffer_switch_on_eof)
+                                    YY_NEW_FILE;
+                            }
+                            break;
+                        }
+
+                        case EOB_ACT_CONTINUE_SCAN:
+                            yy_c_buf_p =
+                                yytext_ptr + yy_amount_of_matched_text;
+
+                            yy_current_state = yy_get_previous_state();
+
+                            yy_cp = yy_c_buf_p;
+                            yy_bp = yytext_ptr + YY_MORE_ADJ;
+                            goto yy_match;
+
+                        case EOB_ACT_LAST_MATCH:
+                            yy_c_buf_p =
+                                &yy_current_buffer->yy_ch_buf[yy_n_chars];
+
+                            yy_current_state = yy_get_previous_state();
+
+                            yy_cp = yy_c_buf_p;
+                            yy_bp = yytext_ptr + YY_MORE_ADJ;
+                            goto yy_find_action;
+                    }
+                break;
+            }
+
+            default:
+                YY_FATAL_ERROR(
+                    "fatal flex scanner internal error--no action found");
+        } /* end of action switch */
+    }     /* end of scanning one token */
+} /* end of yylex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ *  EOB_ACT_LAST_MATCH -
+ *  EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ *  EOB_ACT_END_OF_FILE - end of file
+ */
+
+static int
+yy_get_next_buffer()
+{
+    register char *dest = yy_current_buffer->yy_ch_buf;
+    register char *source = yytext_ptr;
+    register int number_to_move, i;
+    int ret_val;
+
+    if (yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1])
+        YY_FATAL_ERROR(
+            "fatal flex scanner internal error--end of buffer missed");
+
+    if (yy_current_buffer->yy_fill_buffer == 0) { /* Don't try to fill the buffer, so this is an EOF. */
+        if (yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1) {
+            /* We matched a single character, the EOB, so
+       * treat this as a final EOF.
+       */
+            return EOB_ACT_END_OF_FILE;
+        }
+
+        else {
+            /* We matched some text prior to the EOB, first
+       * process it.
+       */
+            return EOB_ACT_LAST_MATCH;
+        }
+    }
+
+    /* Try to read more data. */
+
+    /* First move last chars to start of buffer. */
+    number_to_move = (int)(yy_c_buf_p - yytext_ptr) - 1;
+
+    for (i = 0; i < number_to_move; ++i)
+        *(dest++) = *(source++);
+
+    if (yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING)
+        /* don't do the read, it's not guaranteed to return an EOF,
+     * just force an EOF
+     */
+        yy_current_buffer->yy_n_chars = yy_n_chars = 0;
+
+    else {
+        int num_to_read =
+            yy_current_buffer->yy_buf_size - number_to_move - 1;
+
+        while (num_to_read <= 0) { /* Not enough room in the buffer - grow it. */
+#ifdef YY_USES_REJECT
+            YY_FATAL_ERROR(
+                "input buffer overflow, can't enlarge buffer because scanner uses REJECT");
+#else
+
+            /* just a shorter name for the current buffer */
+            YY_BUFFER_STATE b = yy_current_buffer;
+
+            int yy_c_buf_p_offset =
+                (int)(yy_c_buf_p - b->yy_ch_buf);
+
+            if (b->yy_is_our_buffer) {
+                int new_size = b->yy_buf_size * 2;
+
+                if (new_size <= 0)
+                    b->yy_buf_size += b->yy_buf_size / 8;
+                else
+                    b->yy_buf_size *= 2;
+
+                b->yy_ch_buf = (char *)
+                    /* Include room in for 2 EOB chars. */
+                    yy_flex_realloc((void *)b->yy_ch_buf,
+                                    b->yy_buf_size + 2);
+            } else
+                /* Can't grow it, we don't own it. */
+                b->yy_ch_buf = 0;
+
+            if (!b->yy_ch_buf)
+                YY_FATAL_ERROR(
+                    "fatal error - scanner input buffer overflow");
+
+            yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+            num_to_read = yy_current_buffer->yy_buf_size -
+                          number_to_move - 1;
+#endif
+        }
+
+        if (num_to_read > YY_READ_BUF_SIZE)
+            num_to_read = YY_READ_BUF_SIZE;
+
+        /* Read in more data. */
+        YY_INPUT((&yy_current_buffer->yy_ch_buf[number_to_move]),
+                 yy_n_chars, num_to_read);
+
+        yy_current_buffer->yy_n_chars = yy_n_chars;
+    }
+
+    if (yy_n_chars == 0) {
+        if (number_to_move == YY_MORE_ADJ) {
+            ret_val = EOB_ACT_END_OF_FILE;
+            yyrestart(yyin);
+        }
+
+        else {
+            ret_val = EOB_ACT_LAST_MATCH;
+            yy_current_buffer->yy_buffer_status =
+                YY_BUFFER_EOF_PENDING;
+        }
+    }
+
+    else
+        ret_val = EOB_ACT_CONTINUE_SCAN;
+
+    yy_n_chars += number_to_move;
+    yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+    yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
+
+    yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
+
+    return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+static yy_state_type
+yy_get_previous_state()
+{
+    register yy_state_type yy_current_state;
+    register char *yy_cp;
+
+    yy_current_state = yy_start;
+    yy_current_state += YY_AT_BOL();
+
+    for (yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp) {
+        register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+        if (yy_accept[yy_current_state]) {
+            yy_last_accepting_state = yy_current_state;
+            yy_last_accepting_cpos = yy_cp;
+        }
+        while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+            yy_current_state = (int)yy_def[yy_current_state];
+            if (yy_current_state >= 67)
+                yy_c = yy_meta[(unsigned int)yy_c];
+        }
+        yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+    }
+
+    return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ *  next_state = yy_try_NUL_trans( current_state );
+ */
+
+#ifdef YY_USE_PROTOS
+static yy_state_type
+yy_try_NUL_trans(yy_state_type yy_current_state)
+#else
+static yy_state_type yy_try_NUL_trans(yy_current_state)
+    yy_state_type yy_current_state;
+#endif
+{
+    register int yy_is_jam;
+    register char *yy_cp = yy_c_buf_p;
+
+    register YY_CHAR yy_c = 1;
+    if (yy_accept[yy_current_state]) {
+        yy_last_accepting_state = yy_current_state;
+        yy_last_accepting_cpos = yy_cp;
+    }
+    while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+        yy_current_state = (int)yy_def[yy_current_state];
+        if (yy_current_state >= 67)
+            yy_c = yy_meta[(unsigned int)yy_c];
+    }
+    yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+    yy_is_jam = (yy_current_state == 66);
+
+    return yy_is_jam ? 0 : yy_current_state;
+}
+
+#ifndef YY_NO_UNPUT
+#ifdef YY_USE_PROTOS
+static void
+yyunput(int c, register char *yy_bp)
+#else
+static void yyunput(c, yy_bp) int c;
+register char *yy_bp;
+#endif
+{
+    register char *yy_cp = yy_c_buf_p;
+
+    /* undo effects of setting up yytext */
+    *yy_cp = yy_hold_char;
+
+    if (yy_cp < yy_current_buffer->yy_ch_buf + 2) { /* need to shift things up to make room */
+        /* +2 for EOB chars. */
+        register int number_to_move = yy_n_chars + 2;
+        register char *dest = &yy_current_buffer->yy_ch_buf[yy_current_buffer->yy_buf_size +
+                                                            2];
+        register char *source =
+            &yy_current_buffer->yy_ch_buf[number_to_move];
+
+        while (source > yy_current_buffer->yy_ch_buf)
+            *--dest = *--source;
+
+        yy_cp += (int)(dest - source);
+        yy_bp += (int)(dest - source);
+        yy_current_buffer->yy_n_chars =
+            yy_n_chars = yy_current_buffer->yy_buf_size;
+
+        if (yy_cp < yy_current_buffer->yy_ch_buf + 2)
+            YY_FATAL_ERROR("flex scanner push-back overflow");
+    }
+
+    *--yy_cp = (char)c;
+
+    yytext_ptr = yy_bp;
+    yy_hold_char = *yy_cp;
+    yy_c_buf_p = yy_cp;
+}
+#endif /* ifndef YY_NO_UNPUT */
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+static int
+yyinput()
+#else
+static int
+input()
+#endif
+{
+    int c;
+
+    *yy_c_buf_p = yy_hold_char;
+
+    if (*yy_c_buf_p == YY_END_OF_BUFFER_CHAR) {
+        /* yy_c_buf_p now points to the character we want to return.
+     * If this occurs *before* the EOB characters, then it's a
+     * valid NUL; if not, then we've hit the end of the buffer.
+     */
+        if (yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars])
+            /* This was really a NUL. */
+            *yy_c_buf_p = '\0';
+
+        else { /* need more input */
+            int offset = yy_c_buf_p - yytext_ptr;
+            ++yy_c_buf_p;
+
+            switch (yy_get_next_buffer()) {
+                case EOB_ACT_LAST_MATCH:
+                    /* This happens because yy_g_n_b()
+           * sees that we've accumulated a
+           * token and flags that we need to
+           * try matching the token before
+           * proceeding.  But for input(),
+           * there's no matching to consider.
+           * So convert the EOB_ACT_LAST_MATCH
+           * to EOB_ACT_END_OF_FILE.
+           */
+
+                    /* Reset buffer status. */
+                    yyrestart(yyin);
+
+                /* fall through */
+
+                case EOB_ACT_END_OF_FILE: {
+                    if (yywrap())
+                        return EOF;
+
+                    if (!yy_did_buffer_switch_on_eof)
+                        YY_NEW_FILE;
+#ifdef __cplusplus
+                    return yyinput();
+#else
+                    return input();
+#endif
+                }
+
+                case EOB_ACT_CONTINUE_SCAN:
+                    yy_c_buf_p = yytext_ptr + offset;
+                    break;
+            }
+        }
+    }
+
+    c = *(unsigned char *)yy_c_buf_p; /* cast for 8-bit char's */
+    *yy_c_buf_p = '\0';               /* preserve yytext */
+    yy_hold_char = *++yy_c_buf_p;
+
+    yy_current_buffer->yy_at_bol = (c == '\n');
+
+    return c;
+}
+#endif /* YY_NO_INPUT */
+
+#ifdef YY_USE_PROTOS
+void
+yyrestart(FILE *input_file)
+#else
+void yyrestart(input_file)
+    FILE *input_file;
+#endif
+{
+    if (!yy_current_buffer)
+        yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE);
+
+    yy_init_buffer(yy_current_buffer, input_file);
+    yy_load_buffer_state();
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_switch_to_buffer(YY_BUFFER_STATE new_buffer)
+#else
+void yy_switch_to_buffer(new_buffer)
+    YY_BUFFER_STATE new_buffer;
+#endif
+{
+    if (yy_current_buffer == new_buffer)
+        return;
+
+    if (yy_current_buffer) {
+        /* Flush out information for old buffer. */
+        *yy_c_buf_p = yy_hold_char;
+        yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+        yy_current_buffer->yy_n_chars = yy_n_chars;
+    }
+
+    yy_current_buffer = new_buffer;
+    yy_load_buffer_state();
+
+    /* We don't actually know whether we did this switch during
+   * EOF (yywrap()) processing, but the only time this flag
+   * is looked at is after yywrap() is called, so it's safe
+   * to go ahead and always set it.
+   */
+    yy_did_buffer_switch_on_eof = 1;
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_load_buffer_state(void)
+#else
+void
+yy_load_buffer_state()
+#endif
+{
+    yy_n_chars = yy_current_buffer->yy_n_chars;
+    yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+    yyin = yy_current_buffer->yy_input_file;
+    yy_hold_char = *yy_c_buf_p;
+}
+
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_create_buffer(FILE *file, int size)
+#else
+YY_BUFFER_STATE yy_create_buffer(file, size)
+    FILE *file;
+int size;
+#endif
+{
+    YY_BUFFER_STATE b;
+
+    b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+    if (!b)
+        YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
+
+    b->yy_buf_size = size;
+
+    /* yy_ch_buf has to be 2 characters longer than the size given because
+   * we need to put in 2 end-of-buffer characters.
+   */
+    b->yy_ch_buf = (char *)yy_flex_alloc(b->yy_buf_size + 2);
+    if (!b->yy_ch_buf)
+        YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
+
+    b->yy_is_our_buffer = 1;
+
+    yy_init_buffer(b, file);
+
+    return b;
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_delete_buffer(YY_BUFFER_STATE b)
+#else
+void yy_delete_buffer(b)
+    YY_BUFFER_STATE b;
+#endif
+{
+    if (!b)
+        return;
+
+    if (b == yy_current_buffer)
+        yy_current_buffer = (YY_BUFFER_STATE)0;
+
+    if (b->yy_is_our_buffer)
+        yy_flex_free((void *)b->yy_ch_buf);
+
+    yy_flex_free((void *)b);
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_init_buffer(YY_BUFFER_STATE b, FILE *file)
+#else
+void yy_init_buffer(b, file)
+    YY_BUFFER_STATE b;
+FILE *file;
+#endif
+
+{
+    yy_flush_buffer(b);
+
+    b->yy_input_file = file;
+    b->yy_fill_buffer = 1;
+
+#if YY_ALWAYS_INTERACTIVE
+    b->yy_is_interactive = 1;
+#else
+#if YY_NEVER_INTERACTIVE
+    b->yy_is_interactive = 0;
+#else
+    b->yy_is_interactive = file ? (isatty(fileno(file)) > 0) : 0;
+#endif
+#endif
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_flush_buffer(YY_BUFFER_STATE b)
+#else
+void yy_flush_buffer(b)
+    YY_BUFFER_STATE b;
+#endif
+
+{
+    if (!b)
+        return;
+
+    b->yy_n_chars = 0;
+
+    /* We always need two end-of-buffer characters.  The first causes
+   * a transition to the end-of-buffer state.  The second causes
+   * a jam in that state.
+   */
+    b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+    b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+    b->yy_buf_pos = &b->yy_ch_buf[0];
+
+    b->yy_at_bol = 1;
+    b->yy_buffer_status = YY_BUFFER_NEW;
+
+    if (b == yy_current_buffer)
+        yy_load_buffer_state();
+}
+
+#ifndef YY_NO_SCAN_BUFFER
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_scan_buffer(char *base, yy_size_t size)
+#else
+YY_BUFFER_STATE yy_scan_buffer(base, size) char *base;
+yy_size_t size;
+#endif
+{
+    YY_BUFFER_STATE b;
+
+    if (size < 2 ||
+        base[size - 2] != YY_END_OF_BUFFER_CHAR ||
+        base[size - 1] != YY_END_OF_BUFFER_CHAR)
+        /* They forgot to leave room for the EOB's. */
+        return 0;
+
+    b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+    if (!b)
+        YY_FATAL_ERROR("out of dynamic memory in yy_scan_buffer()");
+
+    b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+    b->yy_buf_pos = b->yy_ch_buf = base;
+    b->yy_is_our_buffer = 0;
+    b->yy_input_file = 0;
+    b->yy_n_chars = b->yy_buf_size;
+    b->yy_is_interactive = 0;
+    b->yy_at_bol = 1;
+    b->yy_fill_buffer = 0;
+    b->yy_buffer_status = YY_BUFFER_NEW;
+
+    yy_switch_to_buffer(b);
+
+    return b;
+}
+#endif
+
+#ifndef YY_NO_SCAN_STRING
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_scan_string(yyconst char *yy_str)
+#else
+YY_BUFFER_STATE yy_scan_string(yy_str)
+    yyconst char *yy_str;
+#endif
+{
+    int len;
+    for (len = 0; yy_str[len]; ++len)
+        ;
+
+    return yy_scan_bytes(yy_str, len);
+}
+#endif
+
+#ifndef YY_NO_SCAN_BYTES
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_scan_bytes(yyconst char *bytes, int len)
+#else
+YY_BUFFER_STATE yy_scan_bytes(bytes, len)
+    yyconst char *bytes;
+int len;
+#endif
+{
+    YY_BUFFER_STATE b;
+    char *buf;
+    yy_size_t n;
+    int i;
+
+    /* Get memory for full buffer, including space for trailing EOB's. */
+    n = len + 2;
+    buf = (char *)yy_flex_alloc(n);
+    if (!buf)
+        YY_FATAL_ERROR("out of dynamic memory in yy_scan_bytes()");
+
+    for (i = 0; i < len; ++i)
+        buf[i] = bytes[i];
+
+    buf[len] = buf[len + 1] = YY_END_OF_BUFFER_CHAR;
+
+    b = yy_scan_buffer(buf, n);
+    if (!b)
+        YY_FATAL_ERROR("bad buffer in yy_scan_bytes()");
+
+    /* It's okay to grow etc. this buffer, and we should throw it
+     * away when we're done.
+     */
+    b->yy_is_our_buffer = 1;
+
+    return b;
+}
+#endif
+
+#ifndef YY_NO_PUSH_STATE
+#ifdef YY_USE_PROTOS
+static void
+yy_push_state(int new_state)
+#else
+static void yy_push_state(new_state) int new_state;
+#endif
+{
+    if (yy_start_stack_ptr >= yy_start_stack_depth) {
+        yy_size_t new_size;
+
+        yy_start_stack_depth += YY_START_STACK_INCR;
+        new_size = yy_start_stack_depth * sizeof(int);
+
+        if (!yy_start_stack)
+            yy_start_stack = (int *)yy_flex_alloc(new_size);
+
+        else
+            yy_start_stack = (int *)yy_flex_realloc(
+                (void *)yy_start_stack, new_size);
+
+        if (!yy_start_stack)
+            YY_FATAL_ERROR(
+                "out of memory expanding start-condition stack");
+    }
+
+    yy_start_stack[yy_start_stack_ptr++] = YY_START;
+
+    BEGIN(new_state);
+}
+#endif
+
+#ifndef YY_NO_POP_STATE
+static void
+yy_pop_state()
+{
+    if (--yy_start_stack_ptr < 0)
+        YY_FATAL_ERROR("start-condition stack underflow");
+
+    BEGIN(yy_start_stack[yy_start_stack_ptr]);
+}
+#endif
+
+#ifndef YY_NO_TOP_STATE
+static int
+yy_top_state()
+{
+    return yy_start_stack[yy_start_stack_ptr - 1];
+}
+#endif
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+#ifdef YY_USE_PROTOS
+static void
+yy_fatal_error(yyconst char msg[])
+#else
+static void yy_fatal_error(msg) char msg[];
+#endif
+{
+    (void)fprintf(stderr, "%s\n", msg);
+    exit(YY_EXIT_FAILURE);
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n)                                \
+    do {                                         \
+        /* Undo effects of setting up yytext. */ \
+        yytext[yyleng] = yy_hold_char;           \
+        yy_c_buf_p = yytext + n;                 \
+        yy_hold_char = *yy_c_buf_p;              \
+        *yy_c_buf_p = '\0';                      \
+        yyleng = n;                              \
+    } while (0)
+
+/* Internal utility routines. */
+
+#ifndef yytext_ptr
+#ifdef YY_USE_PROTOS
+static void
+yy_flex_strncpy(char *s1, yyconst char *s2, int n)
+#else
+static void yy_flex_strncpy(s1, s2, n) char *s1;
+yyconst char *s2;
+int n;
+#endif
+{
+    register int i;
+    for (i = 0; i < n; ++i)
+        s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+#ifdef YY_USE_PROTOS
+static int
+yy_flex_strlen(yyconst char *s)
+#else
+static int yy_flex_strlen(s)
+    yyconst char *s;
+#endif
+{
+    register int n;
+    for (n = 0; s[n]; ++n)
+        ;
+
+    return n;
+}
+#endif
+
+#ifdef YY_USE_PROTOS
+static void *
+yy_flex_alloc(yy_size_t size)
+#else
+static void *yy_flex_alloc(size)
+    yy_size_t size;
+#endif
+{
+    return (void *)malloc(size);
+}
+
+#ifdef YY_USE_PROTOS
+static void *
+yy_flex_realloc(void *ptr, yy_size_t size)
+#else
+static void *yy_flex_realloc(ptr, size) void *ptr;
+yy_size_t size;
+#endif
+{
+    /* The cast to (char *) in the following accommodates both
+     * implementations that use char* generic pointers, and those
+     * that use void* generic pointers.  It works with the latter
+     * because both ANSI C and C++ allow castless assignment from
+     * any pointer type to void*, and deal with argument conversions
+     * as though doing an assignment.
+     */
+    return (void *)realloc((char *)ptr, size);
+}
+
+#ifdef YY_USE_PROTOS
+static void
+yy_flex_free(void *ptr)
+#else
+static void yy_flex_free(ptr) void *ptr;
+#endif
+{
+    free(ptr);
+}
+
+#if YY_MAIN
+int
+main()
+{
+    yylex();
+    return 0;
+}
+#endif
+#line 144 "crlgen_lex_orig.l"
+
+#include "prlock.h"
+
+static PRLock *parserInvocationLock;
+
+void
+CRLGEN_InitCrlGenParserLock()
+{
+    parserInvocationLock = PR_NewLock();
+}
+
+void
+CRLGEN_DestroyCrlGenParserLock()
+{
+    PR_DestroyLock(parserInvocationLock);
+}
+
+SECStatus
+CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData)
+{
+    SECStatus rv;
+
+    PR_Lock(parserInvocationLock);
+
+    parserStatus = SECSuccess;
+    parserData = parserCtlData;
+    src = parserCtlData->src;
+
+    rv = yylex();
+
+    PR_Unlock(parserInvocationLock);
+
+    return rv;
+}
+
+int
+yywrap()
+{
+    return 1;
+}
diff --git a/nss/cmd/crlutil/crlgen_lex_fix.sed b/nss/cmd/crlutil/crlgen_lex_fix.sed
new file mode 100644
index 0000000..603dd2d
--- /dev/null
+++ b/nss/cmd/crlutil/crlgen_lex_fix.sed
@@ -0,0 +1,6 @@
+/<unistd.h>/ {
+        i #ifdef _WIN32
+	i #include <io.h>
+	i #else
+        a #endif
+}
diff --git a/nss/cmd/crlutil/crlgen_lex_orig.l b/nss/cmd/crlutil/crlgen_lex_orig.l
new file mode 100644
index 0000000..a412e98
--- /dev/null
+++ b/nss/cmd/crlutil/crlgen_lex_orig.l
@@ -0,0 +1,181 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+%{
+
+#include "crlgen.h"
+
+static SECStatus parserStatus = SECSuccess;
+static CRLGENGeneratorData *parserData;
+static PRFileDesc *src;
+
+#define YY_INPUT(buf,result,max_size) \
+    if ( parserStatus != SECFailure) { \
+	 if (((result = PR_Read(src, buf, max_size)) == 0) && \
+	     ferror( yyin )) \
+	   return SECFailure; \
+    } else  { return SECFailure; }
+              
+
+%}
+
+%a 5000
+DIGIT          [0-9]+
+DIGIT_RANGE    [0-9]+-[0-9]+
+ID             [a-zA-Z][a-zA-Z0-9]*
+OID            [0-9]+\.[\.0-9]+
+DATE           [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9]
+ZDATE          [0-9]{4}[01][0-9][0-3][0-9][0-2][0-9][0-6][0-9][0-6][0-9]Z
+N_SP_STRING    [a-zA-Z0-9\:\|\.]+
+
+%%
+
+{ZDATE}   {
+parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ZDATE);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+{DIGIT}   {
+parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+{DIGIT_RANGE}  {
+parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_DIGIT_RANGE);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+{OID}     {
+parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_OID);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+issuer     {
+parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_ISSUER_CONTEXT);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+update     {
+parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_UPDATE_CONTEXT);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+nextupdate {
+parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_NEXT_UPDATE_CONTEXT);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+range      {
+parserStatus = crlgen_createNewLangStruct(parserData, CRLGEN_CHANGE_RANGE_CONTEXT);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+{ID}      {
+if (strcmp(yytext, "addcert") == 0) {
+    parserStatus = crlgen_createNewLangStruct(parserData,
+                                    CRLGEN_ADD_CERT_CONTEXT);
+    if (parserStatus != SECSuccess)
+        return parserStatus;
+} else if (strcmp(yytext, "rmcert") == 0) {
+    parserStatus = crlgen_createNewLangStruct(parserData,
+                                    CRLGEN_RM_CERT_CONTEXT);
+    if (parserStatus != SECSuccess)
+        return parserStatus;
+} else if (strcmp(yytext, "addext") == 0) {
+    parserStatus = crlgen_createNewLangStruct(parserData,
+                                    CRLGEN_ADD_EXTENSION_CONTEXT);
+    if (parserStatus != SECSuccess)
+        return parserStatus;
+} else {
+    parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_ID);
+    if (parserStatus != SECSuccess)
+        return parserStatus;
+}
+}
+
+"="
+
+\"[^\"]* {
+if (yytext[yyleng-1] == '\\') {
+    yymore();
+} else {
+    register int c;
+    c = input();
+    if (c != '\"') {
+        printf( "Error: Line ending \" is missing:  %c\n", c);
+        unput(c);
+    } else {
+        parserStatus = crlgen_setNextData(parserData, yytext + 1,
+                                          CRLGEN_TYPE_STRING);
+        if (parserStatus != SECSuccess)
+            return parserStatus;
+    }
+}
+}
+
+{N_SP_STRING} {
+parserStatus = crlgen_setNextData(parserData, yytext, CRLGEN_TYPE_STRING);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+
+
+^#[^\n]*     /* eat up one-line comments */ {}
+
+[ \t]+      {}
+
+(\n|\r\n)  {
+parserStatus = crlgen_updateCrl(parserData);
+if (parserStatus != SECSuccess)
+    return parserStatus;
+}
+
+.           {
+    fprintf(stderr, "Syntax error at line %d: unknown token %s\n",
+            parserData->parsedLineNum, yytext);
+    return SECFailure;
+}
+
+%%
+#include "prlock.h"
+
+static PRLock *parserInvocationLock;
+
+void CRLGEN_InitCrlGenParserLock()
+{
+    parserInvocationLock = PR_NewLock();
+}
+
+void CRLGEN_DestroyCrlGenParserLock()
+{
+    PR_DestroyLock(parserInvocationLock);
+}
+
+
+SECStatus CRLGEN_StartCrlGen(CRLGENGeneratorData *parserCtlData)
+{
+    SECStatus rv;
+
+    PR_Lock(parserInvocationLock);
+
+    parserStatus = SECSuccess;
+    parserData = parserCtlData;
+    src = parserCtlData->src;
+
+    rv = yylex();
+
+    PR_Unlock(parserInvocationLock);
+
+    return rv;
+}
+
+int yywrap() {return 1;}
diff --git a/nss/cmd/crlutil/crlutil.c b/nss/cmd/crlutil/crlutil.c
new file mode 100644
index 0000000..c008ecc
--- /dev/null
+++ b/nss/cmd/crlutil/crlutil.c
@@ -0,0 +1,1156 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** certutil.c
+**
+** utility for managing certificates and the cert database
+**
+*/
+/* test only */
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "secutil.h"
+#include "cert.h"
+#include "certi.h"
+#include "certdb.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "crlgen.h"
+
+#define SEC_CERT_DB_EXISTS 0
+#define SEC_CREATE_CERT_DB 1
+
+static char *progName;
+
+static CERTSignedCrl *
+FindCRL(CERTCertDBHandle *certHandle, char *name, int type)
+{
+    CERTSignedCrl *crl = NULL;
+    CERTCertificate *cert = NULL;
+    SECItem derName;
+
+    derName.data = NULL;
+    derName.len = 0;
+
+    cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, name);
+    if (!cert) {
+        CERTName *certName = NULL;
+        PLArenaPool *arena = NULL;
+        SECStatus rv = SECSuccess;
+
+        certName = CERT_AsciiToName(name);
+        if (certName) {
+            arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+            if (arena) {
+                SECItem *nameItem =
+                    SEC_ASN1EncodeItem(arena, NULL, (void *)certName,
+                                       SEC_ASN1_GET(CERT_NameTemplate));
+                if (nameItem) {
+                    rv = SECITEM_CopyItem(NULL, &derName, nameItem);
+                }
+                PORT_FreeArena(arena, PR_FALSE);
+            }
+            CERT_DestroyName(certName);
+        }
+
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "SECITEM_CopyItem failed, out of memory");
+            return ((CERTSignedCrl *)NULL);
+        }
+
+        if (!derName.len || !derName.data) {
+            SECU_PrintError(progName, "could not find certificate named '%s'", name);
+            return ((CERTSignedCrl *)NULL);
+        }
+    } else {
+        SECStatus rv = SECITEM_CopyItem(NULL, &derName, &cert->derSubject);
+        CERT_DestroyCertificate(cert);
+        if (rv != SECSuccess) {
+            return ((CERTSignedCrl *)NULL);
+        }
+    }
+
+    crl = SEC_FindCrlByName(certHandle, &derName, type);
+    if (crl == NULL)
+        SECU_PrintError(progName, "could not find %s's CRL", name);
+    if (derName.data) {
+        SECITEM_FreeItem(&derName, PR_FALSE);
+    }
+    return (crl);
+}
+
+static SECStatus
+DisplayCRL(CERTCertDBHandle *certHandle, char *nickName, int crlType)
+{
+    CERTSignedCrl *crl = NULL;
+
+    crl = FindCRL(certHandle, nickName, crlType);
+
+    if (crl) {
+        SECU_PrintCRLInfo(stdout, &crl->crl, "CRL Info:\n", 0);
+        SEC_DestroyCrl(crl);
+        return SECSuccess;
+    }
+    return SECFailure;
+}
+
+static void
+ListCRLNames(CERTCertDBHandle *certHandle, int crlType, PRBool deletecrls)
+{
+    CERTCrlHeadNode *crlList = NULL;
+    CERTCrlNode *crlNode = NULL;
+    CERTName *name = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+
+    do {
+        arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+        if (arena == NULL) {
+            fprintf(stderr, "%s: fail to allocate memory\n", progName);
+            break;
+        }
+
+        name = PORT_ArenaZAlloc(arena, sizeof(*name));
+        if (name == NULL) {
+            fprintf(stderr, "%s: fail to allocate memory\n", progName);
+            break;
+        }
+        name->arena = arena;
+
+        rv = SEC_LookupCrls(certHandle, &crlList, crlType);
+        if (rv != SECSuccess) {
+            fprintf(stderr, "%s: fail to look up CRLs (%s)\n", progName,
+                    SECU_Strerror(PORT_GetError()));
+            break;
+        }
+
+        /* just in case */
+        if (!crlList)
+            break;
+
+        crlNode = crlList->first;
+
+        fprintf(stdout, "\n");
+        fprintf(stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
+        while (crlNode) {
+            char *asciiname = NULL;
+            CERTCertificate *cert = NULL;
+            if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) {
+                cert = CERT_FindCertByName(certHandle,
+                                           &crlNode->crl->crl.derName);
+                if (!cert) {
+                    SECU_PrintError(progName, "could not find signing "
+                                              "certificate in database");
+                }
+            }
+            if (cert) {
+                char *certName = NULL;
+                if (cert->nickname && PORT_Strlen(cert->nickname) > 0) {
+                    certName = cert->nickname;
+                } else if (cert->emailAddr && PORT_Strlen(cert->emailAddr) > 0) {
+                    certName = cert->emailAddr;
+                }
+                if (certName) {
+                    asciiname = PORT_Strdup(certName);
+                }
+                CERT_DestroyCertificate(cert);
+            }
+
+            if (!asciiname) {
+                name = &crlNode->crl->crl.name;
+                if (!name) {
+                    SECU_PrintError(progName, "fail to get the CRL "
+                                              "issuer name");
+                    continue;
+                }
+                asciiname = CERT_NameToAscii(name);
+            }
+            fprintf(stdout, "%-40s %-5s\n", asciiname, "CRL");
+            if (asciiname) {
+                PORT_Free(asciiname);
+            }
+            if (PR_TRUE == deletecrls) {
+                CERTSignedCrl *acrl = NULL;
+                SECItem *issuer = &crlNode->crl->crl.derName;
+                acrl = SEC_FindCrlByName(certHandle, issuer, crlType);
+                if (acrl) {
+                    SEC_DeletePermCRL(acrl);
+                    SEC_DestroyCrl(acrl);
+                }
+            }
+            crlNode = crlNode->next;
+        }
+
+    } while (0);
+    if (crlList)
+        PORT_FreeArena(crlList->arena, PR_FALSE);
+    PORT_FreeArena(arena, PR_FALSE);
+}
+
+static SECStatus
+ListCRL(CERTCertDBHandle *certHandle, char *nickName, int crlType)
+{
+    if (nickName == NULL) {
+        ListCRLNames(certHandle, crlType, PR_FALSE);
+        return SECSuccess;
+    }
+
+    return DisplayCRL(certHandle, nickName, crlType);
+}
+
+static SECStatus
+DeleteCRL(CERTCertDBHandle *certHandle, char *name, int type)
+{
+    CERTSignedCrl *crl = NULL;
+    SECStatus rv = SECFailure;
+
+    crl = FindCRL(certHandle, name, type);
+    if (!crl) {
+        SECU_PrintError(progName, "could not find the issuer %s's CRL", name);
+        return SECFailure;
+    }
+    rv = SEC_DeletePermCRL(crl);
+    SEC_DestroyCrl(crl);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "fail to delete the issuer %s's CRL "
+                                  "from the perm database (reason: %s)",
+                        name, SECU_Strerror(PORT_GetError()));
+        return SECFailure;
+    }
+    return (rv);
+}
+
+SECStatus
+ImportCRL(CERTCertDBHandle *certHandle, char *url, int type,
+          PRFileDesc *inFile, PRInt32 importOptions, PRInt32 decodeOptions,
+          secuPWData *pwdata)
+{
+    CERTSignedCrl *crl = NULL;
+    SECItem crlDER;
+    PK11SlotInfo *slot = NULL;
+    int rv;
+#if defined(DEBUG_jp96085)
+    PRIntervalTime starttime, endtime, elapsed;
+    PRUint32 mins, secs, msecs;
+#endif
+
+    crlDER.data = NULL;
+
+    /* Read in the entire file specified with the -f argument */
+    rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "unable to read input file");
+        return (SECFailure);
+    }
+
+    decodeOptions |= CRL_DECODE_DONT_COPY_DER;
+
+    slot = PK11_GetInternalKeySlot();
+
+    if (PK11_NeedLogin(slot)) {
+        rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+#if defined(DEBUG_jp96085)
+    starttime = PR_IntervalNow();
+#endif
+    crl = PK11_ImportCRL(slot, &crlDER, url, type,
+                         NULL, importOptions, NULL, decodeOptions);
+#if defined(DEBUG_jp96085)
+    endtime = PR_IntervalNow();
+    elapsed = endtime - starttime;
+    mins = PR_IntervalToSeconds(elapsed) / 60;
+    secs = PR_IntervalToSeconds(elapsed) % 60;
+    msecs = PR_IntervalToMilliseconds(elapsed) % 1000;
+    printf("Elapsed : %2d:%2d.%3d\n", mins, secs, msecs);
+#endif
+    if (!crl) {
+        const char *errString;
+
+        rv = SECFailure;
+        errString = SECU_Strerror(PORT_GetError());
+        if (errString && PORT_Strlen(errString) == 0)
+            SECU_PrintError(progName,
+                            "CRL is not imported (error: input CRL is not up to date.)");
+        else
+            SECU_PrintError(progName, "unable to import CRL");
+    } else {
+        SEC_DestroyCrl(crl);
+    }
+loser:
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    SECITEM_FreeItem(&crlDER, PR_FALSE);
+    return (rv);
+}
+
+SECStatus
+DumpCRL(PRFileDesc *inFile)
+{
+    int rv;
+    PLArenaPool *arena = NULL;
+    CERTSignedCrl *newCrl = NULL;
+
+    SECItem crlDER;
+    crlDER.data = NULL;
+
+    /* Read in the entire file specified with the -f argument */
+    rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "unable to read input file");
+        return (SECFailure);
+    }
+
+    rv = SEC_ERROR_NO_MEMORY;
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena)
+        return rv;
+
+    newCrl = CERT_DecodeDERCrlWithFlags(arena, &crlDER, SEC_CRL_TYPE,
+                                        CRL_DECODE_DEFAULT_OPTIONS);
+    if (!newCrl)
+        return SECFailure;
+
+    SECU_PrintCRLInfo(stdout, &newCrl->crl, "CRL file contents", 0);
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+static CERTCertificate *
+FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl,
+                char *certNickName)
+{
+    CERTCertificate *cert = NULL, *certTemp = NULL;
+    SECStatus rv = SECFailure;
+    CERTAuthKeyID *authorityKeyID = NULL;
+    SECItem *subject = NULL;
+
+    PORT_Assert(certHandle != NULL);
+    if (!certHandle || (!signCrl && !certNickName)) {
+        SECU_PrintError(progName, "invalid args for function "
+                                  "FindSigningCert \n");
+        return NULL;
+    }
+
+    if (signCrl) {
+#if 0
+        authorityKeyID = SECU_FindCRLAuthKeyIDExten(tmpArena, scrl);
+#endif
+        subject = &signCrl->crl.derName;
+    } else {
+        certTemp = CERT_FindCertByNickname(certHandle, certNickName);
+        if (!certTemp) {
+            SECU_PrintError(progName, "could not find certificate \"%s\" "
+                                      "in database",
+                            certNickName);
+            goto loser;
+        }
+        subject = &certTemp->derSubject;
+    }
+
+    cert = SECU_FindCrlIssuer(certHandle, subject, authorityKeyID, PR_Now());
+    if (!cert) {
+        SECU_PrintError(progName, "could not find signing certificate "
+                                  "in database");
+        goto loser;
+    } else {
+        rv = SECSuccess;
+    }
+
+loser:
+    if (certTemp)
+        CERT_DestroyCertificate(certTemp);
+    if (cert && rv != SECSuccess)
+        CERT_DestroyCertificate(cert);
+    return cert;
+}
+
+static CERTSignedCrl *
+CreateModifiedCRLCopy(PLArenaPool *arena, CERTCertDBHandle *certHandle,
+                      CERTCertificate **cert, char *certNickName,
+                      PRFileDesc *inFile, PRInt32 decodeOptions,
+                      PRInt32 importOptions, secuPWData *pwdata)
+{
+    SECItem crlDER = { 0, NULL, 0 };
+    CERTSignedCrl *signCrl = NULL;
+    CERTSignedCrl *modCrl = NULL;
+    PLArenaPool *modArena = NULL;
+    SECStatus rv = SECSuccess;
+
+    if (!arena || !certHandle || !certNickName) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        SECU_PrintError(progName, "CreateModifiedCRLCopy: invalid args\n");
+        return NULL;
+    }
+
+    modArena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (!modArena) {
+        SECU_PrintError(progName, "fail to allocate memory\n");
+        return NULL;
+    }
+
+    if (inFile != NULL) {
+        rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "unable to read input file");
+            PORT_FreeArena(modArena, PR_FALSE);
+            goto loser;
+        }
+
+        decodeOptions |= CRL_DECODE_DONT_COPY_DER;
+
+        modCrl = CERT_DecodeDERCrlWithFlags(modArena, &crlDER, SEC_CRL_TYPE,
+                                            decodeOptions);
+        if (!modCrl) {
+            SECU_PrintError(progName, "fail to decode CRL");
+            goto loser;
+        }
+
+        if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)) {
+            /* If caCert is a v2 certificate, make sure that it
+             * can be used for crl signing purpose */
+            *cert = FindSigningCert(certHandle, modCrl, NULL);
+            if (!*cert) {
+                goto loser;
+            }
+
+            rv = CERT_VerifySignedData(&modCrl->signatureWrap, *cert,
+                                       PR_Now(), pwdata);
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName, "fail to verify signed data\n");
+                goto loser;
+            }
+        }
+    } else {
+        modCrl = FindCRL(certHandle, certNickName, SEC_CRL_TYPE);
+        if (!modCrl) {
+            SECU_PrintError(progName, "fail to find crl %s in database\n",
+                            certNickName);
+            goto loser;
+        }
+    }
+
+    signCrl = PORT_ArenaZNew(arena, CERTSignedCrl);
+    if (signCrl == NULL) {
+        SECU_PrintError(progName, "fail to allocate memory\n");
+        goto loser;
+    }
+
+    rv = SECU_CopyCRL(arena, &signCrl->crl, &modCrl->crl);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "unable to dublicate crl for "
+                                  "modification.");
+        goto loser;
+    }
+
+    /* Make sure the update time is current. It can be modified later
+     * by "update <time>" command from crl generation script */
+    rv = DER_EncodeTimeChoice(arena, &signCrl->crl.lastUpdate, PR_Now());
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "fail to encode current time\n");
+        goto loser;
+    }
+
+    signCrl->arena = arena;
+    signCrl->referenceCount = 1;
+
+loser:
+    if (crlDER.data) {
+        SECITEM_FreeItem(&crlDER, PR_FALSE);
+    }
+    if (modArena && (!modCrl || modCrl->arena != modArena)) {
+        PORT_FreeArena(modArena, PR_FALSE);
+    }
+    if (modCrl)
+        SEC_DestroyCrl(modCrl);
+    if (rv != SECSuccess && signCrl) {
+        SEC_DestroyCrl(signCrl);
+        signCrl = NULL;
+    }
+    return signCrl;
+}
+
+static CERTSignedCrl *
+CreateNewCrl(PLArenaPool *arena, CERTCertDBHandle *certHandle,
+             CERTCertificate *cert)
+{
+    CERTSignedCrl *signCrl = NULL;
+    void *dummy = NULL;
+    SECStatus rv;
+    void *mark = NULL;
+
+    /* if the CERTSignedCrl structure changes, this function will need to be
+       updated as well */
+    if (!cert || !arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        SECU_PrintError(progName, "invalid args for function "
+                                  "CreateNewCrl\n");
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(arena);
+
+    signCrl = PORT_ArenaZNew(arena, CERTSignedCrl);
+    if (signCrl == NULL) {
+        SECU_PrintError(progName, "fail to allocate memory\n");
+        return NULL;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(arena, &signCrl->crl.version,
+                                  SEC_CRL_VERSION_2);
+    /* set crl->version */
+    if (!dummy) {
+        SECU_PrintError(progName, "fail to create crl version data "
+                                  "container\n");
+        goto loser;
+    }
+
+    /* copy SECItem name from cert */
+    rv = SECITEM_CopyItem(arena, &signCrl->crl.derName, &cert->derSubject);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "fail to duplicate der name from "
+                                  "certificate.\n");
+        goto loser;
+    }
+
+    /* copy CERTName name structure from cert issuer */
+    rv = CERT_CopyName(arena, &signCrl->crl.name, &cert->subject);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "fail to duplicate RD name from "
+                                  "certificate.\n");
+        goto loser;
+    }
+
+    rv = DER_EncodeTimeChoice(arena, &signCrl->crl.lastUpdate, PR_Now());
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "fail to encode current time\n");
+        goto loser;
+    }
+
+    /* set fields */
+    signCrl->arena = arena;
+    signCrl->dbhandle = certHandle;
+    signCrl->crl.arena = arena;
+
+    PORT_ArenaUnmark(arena, mark);
+
+    return signCrl;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+static SECStatus
+UpdateCrl(CERTSignedCrl *signCrl, PRFileDesc *inCrlInitFile)
+{
+    CRLGENGeneratorData *crlGenData = NULL;
+    SECStatus rv;
+
+    if (!signCrl || !inCrlInitFile) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        SECU_PrintError(progName, "invalid args for function "
+                                  "CreateNewCrl\n");
+        return SECFailure;
+    }
+
+    crlGenData = CRLGEN_InitCrlGeneration(signCrl, inCrlInitFile);
+    if (!crlGenData) {
+        SECU_PrintError(progName, "can not initialize parser structure.\n");
+        return SECFailure;
+    }
+
+    rv = CRLGEN_ExtHandleInit(crlGenData);
+    if (rv == SECFailure) {
+        SECU_PrintError(progName, "can not initialize entries handle.\n");
+        goto loser;
+    }
+
+    rv = CRLGEN_StartCrlGen(crlGenData);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "crl generation failed");
+        goto loser;
+    }
+
+loser:
+    /* CommitExtensionsAndEntries is partially responsible for freeing
+     * up memory that was used for CRL generation. Should be called regardless
+     * of previouse call status, but only after initialization of
+     * crlGenData was done. It will commit all changes that was done before
+     * an error has occurred.
+     */
+    if (SECSuccess != CRLGEN_CommitExtensionsAndEntries(crlGenData)) {
+        SECU_PrintError(progName, "crl generation failed");
+        rv = SECFailure;
+    }
+    CRLGEN_FinalizeCrlGeneration(crlGenData);
+    return rv;
+}
+
+static SECStatus
+SignAndStoreCrl(CERTSignedCrl *signCrl, CERTCertificate *cert,
+                char *outFileName, SECOidTag hashAlgTag, int ascii,
+                char *slotName, char *url, secuPWData *pwdata)
+{
+    PK11SlotInfo *slot = NULL;
+    PRFileDesc *outFile = NULL;
+    SECStatus rv;
+    SignAndEncodeFuncExitStat errCode;
+
+    PORT_Assert(signCrl && (!ascii || outFileName));
+    if (!signCrl || (ascii && !outFileName)) {
+        SECU_PrintError(progName, "invalid args for function "
+                                  "SignAndStoreCrl\n");
+        return SECFailure;
+    }
+
+    if (!slotName || !PL_strcmp(slotName, "internal"))
+        slot = PK11_GetInternalKeySlot();
+    else
+        slot = PK11_FindSlotByName(slotName);
+    if (!slot) {
+        SECU_PrintError(progName, "can not find requested slot");
+        return SECFailure;
+    }
+
+    if (PK11_NeedLogin(slot)) {
+        rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    rv = SECU_SignAndEncodeCRL(cert, signCrl, hashAlgTag, &errCode);
+    if (rv != SECSuccess) {
+        char *errMsg = NULL;
+        switch (errCode) {
+            case noKeyFound:
+                errMsg = "No private key found of signing cert";
+                break;
+
+            case noSignatureMatch:
+                errMsg = "Key and Algorithm OId are do not match";
+                break;
+
+            default:
+            case failToEncode:
+                errMsg = "Failed to encode crl structure";
+                break;
+
+            case failToSign:
+                errMsg = "Failed to sign crl structure";
+                break;
+
+            case noMem:
+                errMsg = "Can not allocate memory";
+                break;
+        }
+        SECU_PrintError(progName, "%s\n", errMsg);
+        goto loser;
+    }
+
+    if (outFileName) {
+        outFile = PR_Open(outFileName, PR_WRONLY | PR_CREATE_FILE, PR_IRUSR | PR_IWUSR);
+        if (!outFile) {
+            SECU_PrintError(progName, "unable to open \"%s\" for writing\n",
+                            outFileName);
+            goto loser;
+        }
+    }
+
+    rv = SECU_StoreCRL(slot, signCrl->derCrl, outFile, ascii, url);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "fail to save CRL\n");
+    }
+
+loser:
+    if (outFile)
+        PR_Close(outFile);
+    if (slot)
+        PK11_FreeSlot(slot);
+    return rv;
+}
+
+static SECStatus
+GenerateCRL(CERTCertDBHandle *certHandle, char *certNickName,
+            PRFileDesc *inCrlInitFile, PRFileDesc *inFile,
+            char *outFileName, int ascii, char *slotName,
+            PRInt32 importOptions, char *alg, PRBool quiet,
+            PRInt32 decodeOptions, char *url, secuPWData *pwdata,
+            int modifyFlag)
+{
+    CERTCertificate *cert = NULL;
+    CERTSignedCrl *signCrl = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
+
+    if (alg) {
+        hashAlgTag = SECU_StringToSignatureAlgTag(alg);
+        if (hashAlgTag == SEC_OID_UNKNOWN) {
+            SECU_PrintError(progName, "%s -Z:  %s is not a recognized type.\n",
+                            progName, alg);
+            return SECFailure;
+        }
+    } else {
+        hashAlgTag = SEC_OID_UNKNOWN;
+    }
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "fail to allocate memory\n");
+        return SECFailure;
+    }
+
+    if (modifyFlag == PR_TRUE) {
+        signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName,
+                                        inFile, decodeOptions, importOptions,
+                                        pwdata);
+        if (signCrl == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    if (!cert) {
+        cert = FindSigningCert(certHandle, signCrl, certNickName);
+        if (cert == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    if (!signCrl) {
+        if (modifyFlag == PR_TRUE) {
+            if (!outFileName) {
+                int len = strlen(certNickName) + 5;
+                outFileName = PORT_ArenaAlloc(arena, len);
+                PR_snprintf(outFileName, len, "%s.crl", certNickName);
+            }
+            SECU_PrintError(progName, "Will try to generate crl. "
+                                      "It will be saved in file: %s",
+                            outFileName);
+        }
+        signCrl = CreateNewCrl(arena, certHandle, cert);
+        if (!signCrl) {
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    rv = UpdateCrl(signCrl, inCrlInitFile);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SignAndStoreCrl(signCrl, cert, outFileName, hashAlgTag, ascii,
+                         slotName, url, pwdata);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (signCrl && !quiet) {
+        SECU_PrintCRLInfo(stdout, &signCrl->crl, "CRL Info:\n", 0);
+    }
+
+loser:
+    if (arena && (!signCrl || !signCrl->arena))
+        PORT_FreeArena(arena, PR_FALSE);
+    if (signCrl)
+        SEC_DestroyCrl(signCrl);
+    if (cert)
+        CERT_DestroyCertificate(cert);
+    return (rv);
+}
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s -L [-n nickname] [-d keydir] [-P dbprefix] [-t crlType]\n"
+            "        %s -D -n nickname [-d keydir] [-P dbprefix]\n"
+            "        %s -S -i crl\n"
+            "        %s -I -i crl -t crlType [-u url] [-d keydir] [-P dbprefix] [-B] "
+            "[-p pwd-file] -w [pwd-string]\n"
+            "        %s -E -t crlType [-d keydir] [-P dbprefix]\n"
+            "        %s -T\n"
+            "        %s -G|-M -c crl-init-file -n nickname [-i crl] [-u url] "
+            "[-d keydir] [-P dbprefix] [-Z alg] ] [-p pwd-file] -w [pwd-string] "
+            "[-a] [-B]\n",
+            progName, progName, progName, progName, progName, progName, progName);
+
+    fprintf(stderr, "%-15s List CRL\n", "-L");
+    fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
+            "-n nickname");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+            "-d keydir");
+    fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
+            "-P dbprefix");
+
+    fprintf(stderr, "%-15s Delete a CRL from the cert database\n", "-D");
+    fprintf(stderr, "%-20s Specify the nickname for the CA certificate\n",
+            "-n nickname");
+    fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+            "-d keydir");
+    fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
+            "-P dbprefix");
+
+    fprintf(stderr, "%-15s Erase all CRLs of specified type from hte cert database\n", "-E");
+    fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+            "-d keydir");
+    fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
+            "-P dbprefix");
+
+    fprintf(stderr, "%-15s Show contents of a CRL file (without database)\n", "-S");
+    fprintf(stderr, "%-20s Specify the file which contains the CRL to show\n",
+            "-i crl");
+
+    fprintf(stderr, "%-15s Import a CRL to the cert database\n", "-I");
+    fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
+            "-i crl");
+    fprintf(stderr, "%-20s Specify the url.\n", "-u url");
+    fprintf(stderr, "%-20s Specify the crl type.\n", "-t crlType");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+            "-d keydir");
+    fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
+            "-P dbprefix");
+#ifdef DEBUG
+    fprintf(stderr, "%-15s Test . Only for debugging purposes. See source code\n", "-T");
+#endif
+    fprintf(stderr, "%-20s CRL Types (default is SEC_CRL_TYPE):\n", " ");
+    fprintf(stderr, "%-20s \t 0 - SEC_KRL_TYPE\n", " ");
+    fprintf(stderr, "%-20s \t 1 - SEC_CRL_TYPE\n", " ");
+    fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B");
+    fprintf(stderr, "\n%-20s Partial decode for faster operation.\n", "-p");
+    fprintf(stderr, "%-20s Repeat the operation.\n", "-r <iterations>");
+    fprintf(stderr, "\n%-15s Create CRL\n", "-G");
+    fprintf(stderr, "%-15s Modify CRL\n", "-M");
+    fprintf(stderr, "%-20s Specify crl initialization file\n",
+            "-c crl-conf-file");
+    fprintf(stderr, "%-20s Specify the nickname of the CA certificate\n",
+            "-n nickname");
+    fprintf(stderr, "%-20s Specify the file which contains the CRL to import\n",
+            "-i crl");
+    fprintf(stderr, "%-20s Specify a CRL output file\n",
+            "-o crl-output-file");
+    fprintf(stderr, "%-20s Specify to use base64 encoded CRL output format\n",
+            "-a");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+            "-d keydir");
+    fprintf(stderr, "%-20s Provide path to a default pwd file\n",
+            "-f pwd-file");
+    fprintf(stderr, "%-20s Provide db password in command line\n",
+            "-w pwd-string");
+    fprintf(stderr, "%-20s Cert & Key database prefix (default is \"\")\n",
+            "-P dbprefix");
+    fprintf(stderr, "%-20s Specify the url.\n", "-u url");
+    fprintf(stderr, "\n%-20s Bypass CA certificate checks.\n", "-B");
+
+    exit(-1);
+}
+
+int
+main(int argc, char **argv)
+{
+    CERTCertDBHandle *certHandle;
+    PRFileDesc *inFile;
+    PRFileDesc *inCrlInitFile = NULL;
+    int generateCRL;
+    int modifyCRL;
+    int listCRL;
+    int importCRL;
+    int showFileCRL;
+    int deleteCRL;
+    int rv;
+    char *nickName;
+    char *url;
+    char *dbPrefix = PORT_Strdup("");
+    char *alg = NULL;
+    char *outFile = NULL;
+    char *slotName = NULL;
+    int ascii = 0;
+    int crlType;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus secstatus;
+    PRInt32 decodeOptions = CRL_DECODE_DEFAULT_OPTIONS;
+    PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
+    PRBool quiet = PR_FALSE;
+    PRBool test = PR_FALSE;
+    PRBool erase = PR_FALSE;
+    PRInt32 i = 0;
+    PRInt32 iterations = 1;
+    PRBool readonly = PR_FALSE;
+
+    secuPWData pwdata = { PW_NONE, 0 };
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = 0;
+    deleteCRL = importCRL = listCRL = generateCRL = modifyCRL = showFileCRL = 0;
+    inFile = NULL;
+    nickName = url = NULL;
+    certHandle = NULL;
+    crlType = SEC_CRL_TYPE;
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "sqBCDGILMSTEP:f:d:i:h:n:p:t:u:r:aZ:o:c:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+
+            case 'T':
+                test = PR_TRUE;
+                break;
+
+            case 'E':
+                erase = PR_TRUE;
+                break;
+
+            case 'B':
+                importOptions |= CRL_IMPORT_BYPASS_CHECKS;
+                break;
+
+            case 'G':
+                generateCRL = 1;
+                break;
+
+            case 'M':
+                modifyCRL = 1;
+                break;
+
+            case 'D':
+                deleteCRL = 1;
+                break;
+
+            case 'I':
+                importCRL = 1;
+                break;
+
+            case 'S':
+                showFileCRL = 1;
+                break;
+
+            case 'C':
+            case 'L':
+                listCRL = 1;
+                break;
+
+            case 'P':
+                PORT_Free(dbPrefix);
+                dbPrefix = PORT_Strdup(optstate->value);
+                break;
+
+            case 'Z':
+                alg = PORT_Strdup(optstate->value);
+                break;
+
+            case 'a':
+                ascii = 1;
+                break;
+
+            case 'c':
+                inCrlInitFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!inCrlInitFile) {
+                    PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
+                               progName, optstate->value);
+                    rv = SECFailure;
+                    goto loser;
+                }
+                break;
+
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'h':
+                slotName = PORT_Strdup(optstate->value);
+                break;
+
+            case 'i':
+                inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!inFile) {
+                    PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for reading\n",
+                               progName, optstate->value);
+                    rv = SECFailure;
+                    goto loser;
+                }
+                break;
+
+            case 'n':
+                nickName = PORT_Strdup(optstate->value);
+                break;
+
+            case 'o':
+                outFile = PORT_Strdup(optstate->value);
+                break;
+
+            case 'p':
+                decodeOptions |= CRL_DECODE_SKIP_ENTRIES;
+                break;
+
+            case 'r': {
+                const char *str = optstate->value;
+                if (str && atoi(str) > 0)
+                    iterations = atoi(str);
+            } break;
+
+            case 't': {
+                crlType = atoi(optstate->value);
+                if (crlType != SEC_CRL_TYPE && crlType != SEC_KRL_TYPE) {
+                    PR_fprintf(PR_STDERR, "%s: invalid crl type\n", progName);
+                    rv = SECFailure;
+                    goto loser;
+                }
+                break;
+
+                case 'q':
+                    quiet = PR_TRUE;
+                    break;
+
+                case 'w':
+                    pwdata.source = PW_PLAINTEXT;
+                    pwdata.data = PORT_Strdup(optstate->value);
+                    break;
+
+                case 'u':
+                    url = PORT_Strdup(optstate->value);
+                    break;
+            }
+        }
+    }
+
+    if (deleteCRL && !nickName)
+        Usage(progName);
+    if (importCRL && !inFile)
+        Usage(progName);
+    if (showFileCRL && !inFile)
+        Usage(progName);
+    if ((generateCRL && !nickName) ||
+        (modifyCRL && !inFile && !nickName))
+        Usage(progName);
+    if (!(listCRL || deleteCRL || importCRL || showFileCRL || generateCRL ||
+          modifyCRL || test || erase))
+        Usage(progName);
+
+    if (listCRL || showFileCRL) {
+        readonly = PR_TRUE;
+    }
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    if (showFileCRL) {
+        NSS_NoDB_Init(NULL);
+    } else {
+        secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
+                                   "secmod.db", readonly ? NSS_INIT_READONLY : 0);
+        if (secstatus != SECSuccess) {
+            SECU_PrintPRandOSError(progName);
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    SECU_RegisterDynamicOids();
+
+    certHandle = CERT_GetDefaultCertDB();
+    if (certHandle == NULL) {
+        SECU_PrintError(progName, "unable to open the cert db");
+        rv = SECFailure;
+        goto loser;
+    }
+
+    CRLGEN_InitCrlGenParserLock();
+
+    for (i = 0; i < iterations; i++) {
+        /* Read in the private key info */
+        if (deleteCRL)
+            DeleteCRL(certHandle, nickName, crlType);
+        else if (listCRL) {
+            rv = ListCRL(certHandle, nickName, crlType);
+        } else if (importCRL) {
+            rv = ImportCRL(certHandle, url, crlType, inFile, importOptions,
+                           decodeOptions, &pwdata);
+        } else if (showFileCRL) {
+            rv = DumpCRL(inFile);
+        } else if (generateCRL || modifyCRL) {
+            if (!inCrlInitFile)
+                inCrlInitFile = PR_STDIN;
+            rv = GenerateCRL(certHandle, nickName, inCrlInitFile,
+                             inFile, outFile, ascii, slotName,
+                             importOptions, alg, quiet,
+                             decodeOptions, url, &pwdata,
+                             modifyCRL);
+        } else if (erase) {
+            /* list and delete all CRLs */
+            ListCRLNames(certHandle, crlType, PR_TRUE);
+        }
+#ifdef DEBUG
+        else if (test) {
+            /* list and delete all CRLs */
+            ListCRLNames(certHandle, crlType, PR_TRUE);
+            /* list CRLs */
+            ListCRLNames(certHandle, crlType, PR_FALSE);
+            /* import CRL as a blob */
+            rv = ImportCRL(certHandle, url, crlType, inFile, importOptions,
+                           decodeOptions, &pwdata);
+            /* list CRLs */
+            ListCRLNames(certHandle, crlType, PR_FALSE);
+        }
+#endif
+    }
+
+    CRLGEN_DestroyCrlGenParserLock();
+
+loser:
+    PL_DestroyOptState(optstate);
+
+    if (inFile) {
+        PR_Close(inFile);
+    }
+    if (alg) {
+        PORT_Free(alg);
+    }
+    if (slotName) {
+        PORT_Free(slotName);
+    }
+    if (nickName) {
+        PORT_Free(nickName);
+    }
+    if (outFile) {
+        PORT_Free(outFile);
+    }
+    if (url) {
+        PORT_Free(url);
+    }
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
+    }
+
+    PORT_Free(dbPrefix);
+
+    if (NSS_Shutdown() != SECSuccess) {
+        rv = SECFailure;
+    }
+
+    return (rv != SECSuccess);
+}
diff --git a/nss/cmd/crlutil/crlutil.gyp b/nss/cmd/crlutil/crlutil.gyp
new file mode 100644
index 0000000..470449b
--- /dev/null
+++ b/nss/cmd/crlutil/crlutil.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'crlutil',
+      'type': 'executable',
+      'sources': [
+        'crlgen.c',
+        'crlgen_lex.c',
+        'crlutil.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/crlutil/manifest.mn b/nss/cmd/crlutil/manifest.mn
new file mode 100644
index 0000000..cd0549c
--- /dev/null
+++ b/nss/cmd/crlutil/manifest.mn
@@ -0,0 +1,25 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = crlgen_lex.c crlgen.c crlutil.c 
+
+# this has to be different for NT and UNIX.
+# PROGRAM	= ./$(OBJDIR)/crlutil.exe
+PROGRAM	= crlutil
+
+#USE_STATIC_LIBS = 1
diff --git a/nss/cmd/crmf-cgi/Makefile b/nss/cmd/crmf-cgi/Makefile
new file mode 100644
index 0000000..f817268
--- /dev/null
+++ b/nss/cmd/crmf-cgi/Makefile
@@ -0,0 +1,53 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+EXTRA_LIBS += $(DIST)/lib/crmf.lib
+else
+EXTRA_LIBS += $(DIST)/lib/libcrmf.$(LIB_SUFFIX) 
+endif
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/crmf-cgi/config.mk b/nss/cmd/crmf-cgi/config.mk
new file mode 100644
index 0000000..77fca36
--- /dev/null
+++ b/nss/cmd/crmf-cgi/config.mk
@@ -0,0 +1,16 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(PROGRAM)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+LIBRARY        =
+
diff --git a/nss/cmd/crmf-cgi/crmfcgi.c b/nss/cmd/crmf-cgi/crmfcgi.c
new file mode 100644
index 0000000..07b81f2
--- /dev/null
+++ b/nss/cmd/crmf-cgi/crmfcgi.c
@@ -0,0 +1,1090 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "nss.h"
+#include "key.h"
+#include "cert.h"
+#include "pk11func.h"
+#include "secmod.h"
+#include "cmmf.h"
+#include "crmf.h"
+#include "base64.h"
+#include "secasn1.h"
+#include "cryptohi.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#define DEFAULT_ALLOC_SIZE 200
+#define DEFAULT_CGI_VARS 20
+
+typedef struct CGIVariableStr {
+    char *name;
+    char *value;
+} CGIVariable;
+
+typedef struct CGIVarTableStr {
+    CGIVariable **variables;
+    int numVars;
+    int numAlloc;
+} CGIVarTable;
+
+typedef struct CertResponseInfoStr {
+    CERTCertificate *cert;
+    long certReqID;
+} CertResponseInfo;
+
+typedef struct ChallengeCreationInfoStr {
+    long random;
+    SECKEYPublicKey *pubKey;
+} ChallengeCreationInfo;
+
+char *missingVar = NULL;
+
+/*
+ * Error values.
+ */
+typedef enum {
+    NO_ERROR = 0,
+    NSS_INIT_FAILED,
+    AUTH_FAILED,
+    REQ_CGI_VAR_NOT_PRESENT,
+    CRMF_REQ_NOT_PRESENT,
+    BAD_ASCII_FOR_REQ,
+    CGI_VAR_MISSING,
+    COULD_NOT_FIND_CA,
+    COULD_NOT_DECODE_REQS,
+    OUT_OF_MEMORY,
+    ERROR_RETRIEVING_REQUEST_MSG,
+    ERROR_RETRIEVING_CERT_REQUEST,
+    ERROR_RETRIEVING_SUBJECT_FROM_REQ,
+    ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ,
+    ERROR_CREATING_NEW_CERTIFICATE,
+    COULD_NOT_START_EXTENSIONS,
+    ERROR_RETRIEVING_EXT_FROM_REQ,
+    ERROR_ADDING_EXT_TO_CERT,
+    ERROR_ENDING_EXTENSIONS,
+    COULD_NOT_FIND_ISSUER_PRIVATE_KEY,
+    UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER,
+    ERROR_SETTING_SIGN_ALG,
+    ERROR_ENCODING_NEW_CERT,
+    ERROR_SIGNING_NEW_CERT,
+    ERROR_CREATING_CERT_REP_CONTENT,
+    ERROR_CREATING_SINGLE_CERT_RESPONSE,
+    ERROR_SETTING_CERT_RESPONSES,
+    ERROR_CREATING_CA_LIST,
+    ERROR_ADDING_ISSUER_TO_CA_LIST,
+    ERROR_ENCODING_CERT_REP_CONTENT,
+    NO_POP_FOR_REQUEST,
+    UNSUPPORTED_POP,
+    ERROR_RETRIEVING_POP_SIGN_KEY,
+    ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY,
+    ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY,
+    DO_CHALLENGE_RESPONSE,
+    ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT,
+    ERROR_ENCODING_CERT_REQ_FOR_POP,
+    ERROR_VERIFYING_SIGNATURE_POP,
+    ERROR_RETRIEVING_PUB_KEY_FOR_CHALL,
+    ERROR_CREATING_EMPTY_CHAL_CONTENT,
+    ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER,
+    ERROR_SETTING_CHALLENGE,
+    ERROR_ENCODING_CHALL,
+    ERROR_CONVERTING_CHALL_TO_BASE64,
+    ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN,
+    ERROR_CREATING_KEY_RESP_FROM_DER,
+    ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE,
+    ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED,
+    ERROR_GETTING_KEY_ENCIPHERMENT,
+    ERROR_NO_POP_FOR_PRIVKEY,
+    ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE
+} ErrorCode;
+
+const char *
+CGITableFindValue(CGIVarTable *varTable, const char *key);
+
+void
+spitOutHeaders(void)
+{
+    printf("Content-type: text/html\n\n");
+}
+
+void
+dumpRequest(CGIVarTable *varTable)
+{
+    int i;
+    CGIVariable *var;
+
+    printf("<table border=1 cellpadding=1 cellspacing=1 width=\"100%%\">\n");
+    printf("<tr><td><b><center>Variable Name<center></b></td>"
+           "<td><b><center>Value</center></b></td></tr>\n");
+    for (i = 0; i < varTable->numVars; i++) {
+        var = varTable->variables[i];
+        printf("<tr><td><pre>%s</pre></td><td><pre>%s</pre></td></tr>\n",
+               var->name, var->value);
+    }
+    printf("</table>\n");
+}
+
+void
+echo_request(CGIVarTable *varTable)
+{
+    spitOutHeaders();
+    printf("<html><head><title>CGI Echo Page</title></head>\n"
+           "<body><h1>Got the following request</h1>\n");
+    dumpRequest(varTable);
+    printf("</body></html>");
+}
+
+void
+processVariable(CGIVariable *var)
+{
+    char *plusSign, *percentSign;
+
+    /*First look for all of the '+' and convert them to spaces */
+    plusSign = var->value;
+    while ((plusSign = strchr(plusSign, '+')) != NULL) {
+        *plusSign = ' ';
+    }
+    percentSign = var->value;
+    while ((percentSign = strchr(percentSign, '%')) != NULL) {
+        char string[3];
+        int value;
+
+        string[0] = percentSign[1];
+        string[1] = percentSign[2];
+        string[2] = '\0';
+
+        sscanf(string, "%x", &value);
+        *percentSign = (char)value;
+        memmove(&percentSign[1], &percentSign[3], 1 + strlen(&percentSign[3]));
+    }
+}
+
+char *
+parseNextVariable(CGIVarTable *varTable, char *form_output)
+{
+    char *ampersand, *equal;
+    CGIVariable *var;
+
+    if (varTable->numVars == varTable->numAlloc) {
+        CGIVariable **newArr = realloc(varTable->variables,
+                                       (varTable->numAlloc + DEFAULT_CGI_VARS) * sizeof(CGIVariable *));
+        if (newArr == NULL) {
+            return NULL;
+        }
+        varTable->variables = newArr;
+        varTable->numAlloc += DEFAULT_CGI_VARS;
+    }
+    equal = strchr(form_output, '=');
+    if (equal == NULL) {
+        return NULL;
+    }
+    ampersand = strchr(equal, '&');
+    if (ampersand == NULL) {
+        return NULL;
+    }
+    equal[0] = '\0';
+    if (ampersand != NULL) {
+        ampersand[0] = '\0';
+    }
+    var = malloc(sizeof(CGIVariable));
+    var->name = form_output;
+    var->value = &equal[1];
+    varTable->variables[varTable->numVars] = var;
+    varTable->numVars++;
+    processVariable(var);
+    return (ampersand != NULL) ? &ampersand[1] : NULL;
+}
+
+void
+ParseInputVariables(CGIVarTable *varTable, char *form_output)
+{
+    varTable->variables = malloc(sizeof(CGIVariable *) * DEFAULT_CGI_VARS);
+    varTable->numVars = 0;
+    varTable->numAlloc = DEFAULT_CGI_VARS;
+    while (form_output && form_output[0] != '\0') {
+        form_output = parseNextVariable(varTable, form_output);
+    }
+}
+
+const char *
+CGITableFindValue(CGIVarTable *varTable, const char *key)
+{
+    const char *retVal = NULL;
+    int i;
+
+    for (i = 0; i < varTable->numVars; i++) {
+        if (strcmp(varTable->variables[i]->name, key) == 0) {
+            retVal = varTable->variables[i]->value;
+            break;
+        }
+    }
+    return retVal;
+}
+
+char *
+passwordCallback(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+    const char *passwd;
+    if (retry) {
+        return NULL;
+    }
+    passwd = CGITableFindValue((CGIVarTable *)arg, "dbPassword");
+    if (passwd == NULL) {
+        return NULL;
+    }
+    return PORT_Strdup(passwd);
+}
+
+ErrorCode
+initNSS(CGIVarTable *varTable)
+{
+    const char *nssDir;
+    PK11SlotInfo *keySlot;
+    SECStatus rv;
+
+    nssDir = CGITableFindValue(varTable, "NSSDirectory");
+    if (nssDir == NULL) {
+        missingVar = "NSSDirectory";
+        return REQ_CGI_VAR_NOT_PRESENT;
+    }
+    rv = NSS_Init(nssDir);
+    if (rv != SECSuccess) {
+        return NSS_INIT_FAILED;
+    }
+    PK11_SetPasswordFunc(passwordCallback);
+    keySlot = PK11_GetInternalKeySlot();
+    rv = PK11_Authenticate(keySlot, PR_FALSE, varTable);
+    PK11_FreeSlot(keySlot);
+    if (rv != SECSuccess) {
+        return AUTH_FAILED;
+    }
+    return NO_ERROR;
+}
+
+void
+dumpErrorMessage(ErrorCode errNum)
+{
+    spitOutHeaders();
+    printf("<html><head><title>Error</title></head><body><h1>Error processing "
+           "data</h1> Received the error %d<p>",
+           errNum);
+    if (errNum == REQ_CGI_VAR_NOT_PRESENT) {
+        printf("The missing variable is %s.", missingVar);
+    }
+    printf("<i>More useful information here in the future.</i></body></html>");
+}
+
+ErrorCode
+initOldCertReq(CERTCertificateRequest *oldCertReq,
+               CERTName *subject, CERTSubjectPublicKeyInfo *spki)
+{
+    PLArenaPool *poolp;
+
+    poolp = oldCertReq->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    SEC_ASN1EncodeInteger(poolp, &oldCertReq->version,
+                          SEC_CERTIFICATE_VERSION_3);
+    CERT_CopyName(poolp, &oldCertReq->subject, subject);
+    SECKEY_CopySubjectPublicKeyInfo(poolp, &oldCertReq->subjectPublicKeyInfo,
+                                    spki);
+    oldCertReq->attributes = NULL;
+    return NO_ERROR;
+}
+
+ErrorCode
+addExtensions(CERTCertificate *newCert, CRMFCertRequest *certReq)
+{
+    int numExtensions, i;
+    void *extHandle;
+    ErrorCode rv = NO_ERROR;
+    CRMFCertExtension *ext;
+    SECStatus srv;
+
+    numExtensions = CRMF_CertRequestGetNumberOfExtensions(certReq);
+    if (numExtensions == 0) {
+        /* No extensions to add */
+        return NO_ERROR;
+    }
+    extHandle = CERT_StartCertExtensions(newCert);
+    if (extHandle == NULL) {
+        rv = COULD_NOT_START_EXTENSIONS;
+        goto loser;
+    }
+    for (i = 0; i < numExtensions; i++) {
+        ext = CRMF_CertRequestGetExtensionAtIndex(certReq, i);
+        if (ext == NULL) {
+            rv = ERROR_RETRIEVING_EXT_FROM_REQ;
+        }
+        srv = CERT_AddExtension(extHandle, CRMF_CertExtensionGetOidTag(ext),
+                                CRMF_CertExtensionGetValue(ext),
+                                CRMF_CertExtensionGetIsCritical(ext), PR_FALSE);
+        if (srv != SECSuccess) {
+            rv = ERROR_ADDING_EXT_TO_CERT;
+        }
+    }
+    srv = CERT_FinishExtensions(extHandle);
+    if (srv != SECSuccess) {
+        rv = ERROR_ENDING_EXTENSIONS;
+        goto loser;
+    }
+    return NO_ERROR;
+loser:
+    return rv;
+}
+
+void
+writeOutItem(const char *filePath, SECItem *der)
+{
+    PRFileDesc *outfile;
+
+    outfile = PR_Open(filePath,
+                      PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                      0666);
+    PR_Write(outfile, der->data, der->len);
+    PR_Close(outfile);
+}
+
+ErrorCode
+createNewCert(CERTCertificate **issuedCert, CERTCertificateRequest *oldCertReq,
+              CRMFCertReqMsg *currReq, CRMFCertRequest *certReq,
+              CERTCertificate *issuerCert, CGIVarTable *varTable)
+{
+    CERTCertificate *newCert = NULL;
+    CERTValidity *validity;
+    PRExplodedTime printableTime;
+    PRTime now, after;
+    ErrorCode rv = NO_ERROR;
+    SECKEYPrivateKey *issuerPrivKey;
+    SECItem derCert = { 0 };
+    SECOidTag signTag;
+    SECStatus srv;
+    long version;
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+    printableTime.tm_month += 9;
+    after = PR_ImplodeTime(&printableTime);
+    validity = CERT_CreateValidity(now, after);
+    newCert = *issuedCert =
+        CERT_CreateCertificate(rand(), &(issuerCert->subject), validity,
+                               oldCertReq);
+    if (newCert == NULL) {
+        rv = ERROR_CREATING_NEW_CERTIFICATE;
+        goto loser;
+    }
+    rv = addExtensions(newCert, certReq);
+    if (rv != NO_ERROR) {
+        goto loser;
+    }
+    issuerPrivKey = PK11_FindKeyByAnyCert(issuerCert, varTable);
+    if (issuerPrivKey == NULL) {
+        rv = COULD_NOT_FIND_ISSUER_PRIVATE_KEY;
+    }
+    signTag = SEC_GetSignatureAlgorithmOidTag(issuerPrivatekey->keytype,
+                                              SEC_OID_UNKNOWN);
+    if (signTag == SEC_OID_UNKNOWN) {
+        rv = UNSUPPORTED_SIGN_OPERATION_FOR_ISSUER;
+        goto loser;
+    }
+    srv = SECOID_SetAlgorithmID(newCert->arena, &newCert->signature,
+                                signTag, 0);
+    if (srv != SECSuccess) {
+        rv = ERROR_SETTING_SIGN_ALG;
+        goto loser;
+    }
+    srv = CRMF_CertRequestGetCertTemplateVersion(certReq, &version);
+    if (srv != SECSuccess) {
+        /* No version included in the request */
+        *(newCert->version.data) = SEC_CERTIFICATE_VERSION_3;
+    } else {
+        SECITEM_FreeItem(&newCert->version, PR_FALSE);
+        SEC_ASN1EncodeInteger(newCert->arena, &newCert->version, version);
+    }
+    SEC_ASN1EncodeItem(newCert->arena, &derCert, newCert,
+                       CERT_CertificateTemplate);
+    if (derCert.data == NULL) {
+        rv = ERROR_ENCODING_NEW_CERT;
+        goto loser;
+    }
+    srv = SEC_DerSignData(newCert->arena, &(newCert->derCert), derCert.data,
+                          derCert.len, issuerPrivKey, signTag);
+    if (srv != SECSuccess) {
+        rv = ERROR_SIGNING_NEW_CERT;
+        goto loser;
+    }
+#ifdef WRITE_OUT_RESPONSE
+    writeOutItem("newcert.der", &newCert->derCert);
+#endif
+    return NO_ERROR;
+loser:
+    *issuedCert = NULL;
+    if (newCert) {
+        CERT_DestroyCertificate(newCert);
+    }
+    return rv;
+}
+
+void
+formatCMMFResponse(char *nickname, char *base64Response)
+{
+    char *currLine, *nextLine;
+
+    printf("var retVal = crypto.importUserCertificates(\"%s\",\n", nickname);
+    currLine = base64Response;
+    while (1) {
+        nextLine = strchr(currLine, '\n');
+        if (nextLine == NULL) {
+            /* print out the last line here. */
+            printf("\"%s\",\n", currLine);
+            break;
+        }
+        nextLine[0] = '\0';
+        printf("\"%s\\n\"+\n", currLine);
+        currLine = nextLine + 1;
+    }
+    printf("true);\n"
+           "if(retVal == '') {\n"
+           "\tdocument.write(\"<h1>New Certificate Successfully Imported.</h1>\");\n"
+           "} else {\n"
+           "\tdocument.write(\"<h2>Unable to import New Certificate</h2>\");\n"
+           "\tdocument.write(\"crypto.importUserCertificates returned <b>\");\n"
+           "\tdocument.write(retVal);\n"
+           "\tdocument.write(\"</b>\");\n"
+           "}\n");
+}
+
+void
+spitOutCMMFResponse(char *nickname, char *base64Response)
+{
+    spitOutHeaders();
+    printf("<html>\n<head>\n<title>CMMF Resonse Page</title>\n</head>\n\n"
+           "<body><h1>CMMF Response Page</h1>\n"
+           "<script language=\"JavaScript\">\n"
+           "<!--\n");
+    formatCMMFResponse(nickname, base64Response);
+    printf("// -->\n"
+           "</script>\n</body>\n</html>");
+}
+
+char *
+getNickname(CERTCertificate *cert)
+{
+    char *nickname;
+
+    if (cert->nickname != NULL) {
+        return cert->nickname;
+    }
+    nickname = CERT_GetCommonName(&cert->subject);
+    if (nickname != NULL) {
+        return nickname;
+    }
+    return CERT_NameToAscii(&cert->subject);
+}
+
+ErrorCode
+createCMMFResponse(CertResponseInfo *issuedCerts, int numCerts,
+                   CERTCertificate *issuerCert, char **base64der)
+{
+    CMMFCertRepContent *certRepContent = NULL;
+    ErrorCode rv = NO_ERROR;
+    CMMFCertResponse **responses, *currResponse;
+    CERTCertList *caList;
+    int i;
+    SECStatus srv;
+    PLArenaPool *poolp;
+    SECItem *der;
+
+    certRepContent = CMMF_CreateCertRepContent();
+    if (certRepContent == NULL) {
+        rv = ERROR_CREATING_CERT_REP_CONTENT;
+        goto loser;
+    }
+    responses = PORT_NewArray(CMMFCertResponse *, numCerts);
+    if (responses == NULL) {
+        rv = OUT_OF_MEMORY;
+        goto loser;
+    }
+    for (i = 0; i < numCerts; i++) {
+        responses[i] = currResponse =
+            CMMF_CreateCertResponse(issuedCerts[i].certReqID);
+        if (currResponse == NULL) {
+            rv = ERROR_CREATING_SINGLE_CERT_RESPONSE;
+            goto loser;
+        }
+        CMMF_CertResponseSetPKIStatusInfoStatus(currResponse, cmmfGranted);
+        CMMF_CertResponseSetCertificate(currResponse, issuedCerts[i].cert);
+    }
+    srv = CMMF_CertRepContentSetCertResponses(certRepContent, responses,
+                                              numCerts);
+    if (srv != SECSuccess) {
+        rv = ERROR_SETTING_CERT_RESPONSES;
+        goto loser;
+    }
+    caList = CERT_NewCertList();
+    if (caList == NULL) {
+        rv = ERROR_CREATING_CA_LIST;
+        goto loser;
+    }
+    srv = CERT_AddCertToListTail(caList, issuerCert);
+    if (srv != SECSuccess) {
+        rv = ERROR_ADDING_ISSUER_TO_CA_LIST;
+        goto loser;
+    }
+    srv = CMMF_CertRepContentSetCAPubs(certRepContent, caList);
+    CERT_DestroyCertList(caList);
+    poolp = PORT_NewArena(1024);
+    der = SEC_ASN1EncodeItem(poolp, NULL, certRepContent,
+                             CMMFCertRepContentTemplate);
+    if (der == NULL) {
+        rv = ERROR_ENCODING_CERT_REP_CONTENT;
+        goto loser;
+    }
+#ifdef WRITE_OUT_RESPONSE
+    writeOutItem("CertRepContent.der", der);
+#endif
+    *base64der = BTOA_DataToAscii(der->data, der->len);
+    return NO_ERROR;
+loser:
+    return rv;
+}
+
+ErrorCode
+issueCerts(CertResponseInfo *issuedCerts, int numCerts,
+           CERTCertificate *issuerCert)
+{
+    ErrorCode rv;
+    char *base64Response;
+
+    rv = createCMMFResponse(issuedCerts, numCerts, issuerCert, &base64Response);
+    if (rv != NO_ERROR) {
+        goto loser;
+    }
+    spitOutCMMFResponse(getNickname(issuedCerts[0].cert), base64Response);
+    return NO_ERROR;
+loser:
+    return rv;
+}
+
+ErrorCode
+verifySignature(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
+                CRMFCertRequest *certReq, CERTCertificate *newCert)
+{
+    SECStatus srv;
+    ErrorCode rv = NO_ERROR;
+    CRMFPOPOSigningKey *signKey = NULL;
+    SECAlgorithmID *algID = NULL;
+    SECItem *signature = NULL;
+    SECKEYPublicKey *pubKey = NULL;
+    SECItem *reqDER = NULL;
+
+    srv = CRMF_CertReqMsgGetPOPOSigningKey(currReq, &signKey);
+    if (srv != SECSuccess || signKey == NULL) {
+        rv = ERROR_RETRIEVING_POP_SIGN_KEY;
+        goto loser;
+    }
+    algID = CRMF_POPOSigningKeyGetAlgID(signKey);
+    if (algID == NULL) {
+        rv = ERROR_RETRIEVING_ALG_ID_FROM_SIGN_KEY;
+        goto loser;
+    }
+    signature = CRMF_POPOSigningKeyGetSignature(signKey);
+    if (signature == NULL) {
+        rv = ERROR_RETRIEVING_SIGNATURE_FROM_POP_SIGN_KEY;
+        goto loser;
+    }
+    /* Make the length the number of bytes instead of bits */
+    signature->len = (signature->len + 7) / 8;
+    pubKey = CERT_ExtractPublicKey(newCert);
+    if (pubKey == NULL) {
+        rv = ERROR_RETRIEVING_PUB_KEY_FROM_NEW_CERT;
+        goto loser;
+    }
+    reqDER = SEC_ASN1EncodeItem(NULL, NULL, certReq, CRMFCertRequestTemplate);
+    if (reqDER == NULL) {
+        rv = ERROR_ENCODING_CERT_REQ_FOR_POP;
+        goto loser;
+    }
+    srv = VFY_VerifyDataWithAlgorithmID(reqDER->data, reqDER->len, pubKey,
+                                        signature, &algID->algorithm, NULL, varTable);
+    if (srv != SECSuccess) {
+        rv = ERROR_VERIFYING_SIGNATURE_POP;
+        goto loser;
+    }
+/* Fall thru in successfull case. */
+loser:
+    if (pubKey != NULL) {
+        SECKEY_DestroyPublicKey(pubKey);
+    }
+    if (reqDER != NULL) {
+        SECITEM_FreeItem(reqDER, PR_TRUE);
+    }
+    if (signature != NULL) {
+        SECITEM_FreeItem(signature, PR_TRUE);
+    }
+    if (algID != NULL) {
+        SECOID_DestroyAlgorithmID(algID, PR_TRUE);
+    }
+    if (signKey != NULL) {
+        CRMF_DestroyPOPOSigningKey(signKey);
+    }
+    return rv;
+}
+
+ErrorCode
+doChallengeResponse(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
+                    CRMFCertRequest *certReq, CERTCertificate *newCert,
+                    ChallengeCreationInfo *challs, int *numChall)
+{
+    CRMFPOPOPrivKey *privKey = NULL;
+    CRMFPOPOPrivKeyChoice privKeyChoice;
+    SECStatus srv;
+    ErrorCode rv = NO_ERROR;
+
+    srv = CRMF_CertReqMsgGetPOPKeyEncipherment(currReq, &privKey);
+    if (srv != SECSuccess || privKey == NULL) {
+        rv = ERROR_GETTING_KEY_ENCIPHERMENT;
+        goto loser;
+    }
+    privKeyChoice = CRMF_POPOPrivKeyGetChoice(privKey);
+    CRMF_DestroyPOPOPrivKey(privKey);
+    switch (privKeyChoice) {
+        case crmfSubsequentMessage:
+            challs = &challs[*numChall];
+            challs->random = rand();
+            challs->pubKey = CERT_ExtractPublicKey(newCert);
+            if (challs->pubKey == NULL) {
+                rv =
+                    ERROR_RETRIEVING_PUB_KEY_FOR_CHALL;
+                goto loser;
+            }
+            (*numChall)++;
+            rv = DO_CHALLENGE_RESPONSE;
+            break;
+        case crmfThisMessage:
+            /* There'd better be a PKIArchiveControl in this message */
+            if (!CRMF_CertRequestIsControlPresent(certReq,
+                                                  crmfPKIArchiveOptionsControl)) {
+                rv =
+                    ERROR_NO_POP_FOR_PRIVKEY;
+                goto loser;
+            }
+            break;
+        default:
+            rv = ERROR_UNSUPPORTED_POPOPRIVKEY_TYPE;
+            goto loser;
+    }
+loser:
+    return rv;
+}
+
+ErrorCode
+doProofOfPossession(CGIVarTable *varTable, CRMFCertReqMsg *currReq,
+                    CRMFCertRequest *certReq, CERTCertificate *newCert,
+                    ChallengeCreationInfo *challs, int *numChall)
+{
+    CRMFPOPChoice popChoice;
+    ErrorCode rv = NO_ERROR;
+
+    popChoice = CRMF_CertReqMsgGetPOPType(currReq);
+    if (popChoice == crmfNoPOPChoice) {
+        rv = NO_POP_FOR_REQUEST;
+        goto loser;
+    }
+    switch (popChoice) {
+        case crmfSignature:
+            rv = verifySignature(varTable, currReq, certReq, newCert);
+            break;
+        case crmfKeyEncipherment:
+            rv = doChallengeResponse(varTable, currReq, certReq, newCert,
+                                     challs, numChall);
+            break;
+        case crmfRAVerified:
+        case crmfKeyAgreement:
+        default:
+            rv = UNSUPPORTED_POP;
+            goto loser;
+    }
+loser:
+    return rv;
+}
+
+void
+convertB64ToJS(char *base64)
+{
+    int i;
+
+    for (i = 0; base64[i] != '\0'; i++) {
+        if (base64[i] == '\n') {
+            printf("\\n");
+        } else {
+            printf("%c", base64[i]);
+        }
+    }
+}
+
+void
+formatChallenge(char *chall64, char *certRepContentDER,
+                ChallengeCreationInfo *challInfo, int numChalls)
+{
+    printf("function respondToChallenge() {\n"
+           "  var chalForm = document.chalForm;\n\n"
+           "  chalForm.CertRepContent.value = '");
+    convertB64ToJS(certRepContentDER);
+    printf("';\n"
+           "  chalForm.ChallResponse.value = crypto.popChallengeResponse('");
+    convertB64ToJS(chall64);
+    printf("');\n"
+           "  chalForm.submit();\n"
+           "}\n");
+}
+
+void
+spitOutChallenge(char *chall64, char *certRepContentDER,
+                 ChallengeCreationInfo *challInfo, int numChalls,
+                 char *nickname)
+{
+    int i;
+
+    spitOutHeaders();
+    printf("<html>\n"
+           "<head>\n"
+           "<title>Challenge Page</title>\n"
+           "<script language=\"JavaScript\">\n"
+           "<!--\n");
+    /* The JavaScript function actually gets defined within
+   * this function call
+   */
+    formatChallenge(chall64, certRepContentDER, challInfo, numChalls);
+    printf("// -->\n"
+           "</script>\n"
+           "</head>\n"
+           "<body onLoad='respondToChallenge()'>\n"
+           "<h1>Cartman is now responding to the Challenge "
+           "presented by the CGI</h1>\n"
+           "<form action='crmfcgi' method='post' name='chalForm'>\n"
+           "<input type='hidden' name=CertRepContent value=''>\n"
+           "<input type='hidden' name=ChallResponse value=''>\n");
+    for (i = 0; i < numChalls; i++) {
+        printf("<input type='hidden' name='chal%d' value='%d'>\n",
+               i + 1, challInfo[i].random);
+    }
+    printf("<input type='hidden' name='nickname' value='%s'>\n", nickname);
+    printf("</form>\n</body>\n</html>");
+}
+
+ErrorCode
+issueChallenge(CertResponseInfo *issuedCerts, int numCerts,
+               ChallengeCreationInfo *challInfo, int numChalls,
+               CERTCertificate *issuer, CGIVarTable *varTable)
+{
+    ErrorCode rv = NO_ERROR;
+    CMMFPOPODecKeyChallContent *chalContent = NULL;
+    int i;
+    SECStatus srv;
+    PLArenaPool *poolp;
+    CERTGeneralName *genName;
+    SECItem *challDER = NULL;
+    char *chall64, *certRepContentDER;
+
+    rv = createCMMFResponse(issuedCerts, numCerts, issuer,
+                            &certRepContentDER);
+    if (rv != NO_ERROR) {
+        goto loser;
+    }
+    chalContent = CMMF_CreatePOPODecKeyChallContent();
+    if (chalContent == NULL) {
+        rv = ERROR_CREATING_EMPTY_CHAL_CONTENT;
+        goto loser;
+    }
+    poolp = PORT_NewArena(1024);
+    if (poolp == NULL) {
+        rv = OUT_OF_MEMORY;
+        goto loser;
+    }
+    genName = CERT_GetCertificateNames(issuer, poolp);
+    if (genName == NULL) {
+        rv = ERROR_EXTRACTING_GEN_NAME_FROM_ISSUER;
+        goto loser;
+    }
+    for (i = 0; i < numChalls; i++) {
+        srv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
+                                                          challInfo[i].random,
+                                                          genName,
+                                                          challInfo[i].pubKey,
+                                                          varTable);
+        SECKEY_DestroyPublicKey(challInfo[i].pubKey);
+        if (srv != SECSuccess) {
+            rv = ERROR_SETTING_CHALLENGE;
+            goto loser;
+        }
+    }
+    challDER = SEC_ASN1EncodeItem(NULL, NULL, chalContent,
+                                  CMMFPOPODecKeyChallContentTemplate);
+    if (challDER == NULL) {
+        rv = ERROR_ENCODING_CHALL;
+        goto loser;
+    }
+    chall64 = BTOA_DataToAscii(challDER->data, challDER->len);
+    SECITEM_FreeItem(challDER, PR_TRUE);
+    if (chall64 == NULL) {
+        rv = ERROR_CONVERTING_CHALL_TO_BASE64;
+        goto loser;
+    }
+    spitOutChallenge(chall64, certRepContentDER, challInfo, numChalls,
+                     getNickname(issuedCerts[0].cert));
+loser:
+    return rv;
+}
+
+ErrorCode
+processRequest(CGIVarTable *varTable)
+{
+    CERTCertDBHandle *certdb;
+    SECKEYKeyDBHandle *keydb;
+    CRMFCertReqMessages *certReqs = NULL;
+    const char *crmfReq;
+    const char *caNickname;
+    CERTCertificate *caCert = NULL;
+    CertResponseInfo *issuedCerts = NULL;
+    CERTSubjectPublicKeyInfo spki = { 0 };
+    ErrorCode rv = NO_ERROR;
+    PRBool doChallengeResponse = PR_FALSE;
+    SECItem der = { 0 };
+    SECStatus srv;
+    CERTCertificateRequest oldCertReq = { 0 };
+    CRMFCertReqMsg **reqMsgs = NULL, *currReq = NULL;
+    CRMFCertRequest **reqs = NULL, *certReq = NULL;
+    CERTName subject = { 0 };
+    int numReqs, i;
+    ChallengeCreationInfo *challInfo = NULL;
+    int numChalls = 0;
+
+    certdb = CERT_GetDefaultCertDB();
+    keydb = SECKEY_GetDefaultKeyDB();
+    crmfReq = CGITableFindValue(varTable, "CRMFRequest");
+    if (crmfReq == NULL) {
+        rv = CGI_VAR_MISSING;
+        missingVar = "CRMFRequest";
+        goto loser;
+    }
+    caNickname = CGITableFindValue(varTable, "CANickname");
+    if (caNickname == NULL) {
+        rv = CGI_VAR_MISSING;
+        missingVar = "CANickname";
+        goto loser;
+    }
+    caCert = CERT_FindCertByNickname(certdb, caNickname);
+    if (caCert == NULL) {
+        rv = COULD_NOT_FIND_CA;
+        goto loser;
+    }
+    srv = ATOB_ConvertAsciiToItem(&der, crmfReq);
+    if (srv != SECSuccess) {
+        rv = BAD_ASCII_FOR_REQ;
+        goto loser;
+    }
+    certReqs = CRMF_CreateCertReqMessagesFromDER(der.data, der.len);
+    SECITEM_FreeItem(&der, PR_FALSE);
+    if (certReqs == NULL) {
+        rv = COULD_NOT_DECODE_REQS;
+        goto loser;
+    }
+    numReqs = CRMF_CertReqMessagesGetNumMessages(certReqs);
+    issuedCerts = PORT_ZNewArray(CertResponseInfo, numReqs);
+    challInfo = PORT_ZNewArray(ChallengeCreationInfo, numReqs);
+    if (issuedCerts == NULL || challInfo == NULL) {
+        rv = OUT_OF_MEMORY;
+        goto loser;
+    }
+    reqMsgs = PORT_ZNewArray(CRMFCertReqMsg *, numReqs);
+    reqs = PORT_ZNewArray(CRMFCertRequest *, numReqs);
+    if (reqMsgs == NULL || reqs == NULL) {
+        rv = OUT_OF_MEMORY;
+        goto loser;
+    }
+    for (i = 0; i < numReqs; i++) {
+        currReq = reqMsgs[i] =
+            CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqs, i);
+        if (currReq == NULL) {
+            rv = ERROR_RETRIEVING_REQUEST_MSG;
+            goto loser;
+        }
+        certReq = reqs[i] = CRMF_CertReqMsgGetCertRequest(currReq);
+        if (certReq == NULL) {
+            rv = ERROR_RETRIEVING_CERT_REQUEST;
+            goto loser;
+        }
+        srv = CRMF_CertRequestGetCertTemplateSubject(certReq, &subject);
+        if (srv != SECSuccess) {
+            rv = ERROR_RETRIEVING_SUBJECT_FROM_REQ;
+            goto loser;
+        }
+        srv = CRMF_CertRequestGetCertTemplatePublicKey(certReq, &spki);
+        if (srv != SECSuccess) {
+            rv = ERROR_RETRIEVING_PUBLIC_KEY_FROM_REQ;
+            goto loser;
+        }
+        rv = initOldCertReq(&oldCertReq, &subject, &spki);
+        if (rv != NO_ERROR) {
+            goto loser;
+        }
+        rv = createNewCert(&issuedCerts[i].cert, &oldCertReq, currReq, certReq,
+                           caCert, varTable);
+        if (rv != NO_ERROR) {
+            goto loser;
+        }
+        rv = doProofOfPossession(varTable, currReq, certReq, issuedCerts[i].cert,
+                                 challInfo, &numChalls);
+        if (rv != NO_ERROR) {
+            if (rv == DO_CHALLENGE_RESPONSE) {
+                doChallengeResponse = PR_TRUE;
+            } else {
+                goto loser;
+            }
+        }
+        CRMF_CertReqMsgGetID(currReq, &issuedCerts[i].certReqID);
+        CRMF_DestroyCertReqMsg(currReq);
+        CRMF_DestroyCertRequest(certReq);
+    }
+    if (doChallengeResponse) {
+        rv = issueChallenge(issuedCerts, numReqs, challInfo, numChalls, caCert,
+                            varTable);
+    } else {
+        rv = issueCerts(issuedCerts, numReqs, caCert);
+    }
+loser:
+    if (certReqs != NULL) {
+        CRMF_DestroyCertReqMessages(certReqs);
+    }
+    return rv;
+}
+
+ErrorCode
+processChallengeResponse(CGIVarTable *varTable, const char *certRepContent)
+{
+    SECItem binDER = { 0 };
+    SECStatus srv;
+    ErrorCode rv = NO_ERROR;
+    const char *clientResponse;
+    const char *formChalValue;
+    const char *nickname;
+    CMMFPOPODecKeyRespContent *respContent = NULL;
+    int numResponses, i;
+    long curResponse, expectedResponse;
+    char cgiChalVar[10];
+#ifdef WRITE_OUT_RESPONSE
+    SECItem certRepBinDER = { 0 };
+
+    ATOB_ConvertAsciiToItem(&certRepBinDER, certRepContent);
+    writeOutItem("challCertRepContent.der", &certRepBinDER);
+    PORT_Free(certRepBinDER.data);
+#endif
+    clientResponse = CGITableFindValue(varTable, "ChallResponse");
+    if (clientResponse == NULL) {
+        rv = REQ_CGI_VAR_NOT_PRESENT;
+        missingVar = "ChallResponse";
+        goto loser;
+    }
+    srv = ATOB_ConvertAsciiToItem(&binDER, clientResponse);
+    if (srv != SECSuccess) {
+        rv = ERROR_CONVERTING_RESP_FROM_CHALL_TO_BIN;
+        goto loser;
+    }
+    respContent = CMMF_CreatePOPODecKeyRespContentFromDER(binDER.data,
+                                                          binDER.len);
+    SECITEM_FreeItem(&binDER, PR_FALSE);
+    binDER.data = NULL;
+    if (respContent == NULL) {
+        rv = ERROR_CREATING_KEY_RESP_FROM_DER;
+        goto loser;
+    }
+    numResponses = CMMF_POPODecKeyRespContentGetNumResponses(respContent);
+    for (i = 0; i < numResponses; i++) {
+        srv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &curResponse);
+        if (srv != SECSuccess) {
+            rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE;
+            goto loser;
+        }
+        sprintf(cgiChalVar, "chal%d", i + 1);
+        formChalValue = CGITableFindValue(varTable, cgiChalVar);
+        if (formChalValue == NULL) {
+            rv = REQ_CGI_VAR_NOT_PRESENT;
+            missingVar = strdup(cgiChalVar);
+            goto loser;
+        }
+        sscanf(formChalValue, "%ld", &expectedResponse);
+        if (expectedResponse != curResponse) {
+            rv = ERROR_RETURNED_CHALL_NOT_VALUE_EXPECTED;
+            goto loser;
+        }
+    }
+    nickname = CGITableFindValue(varTable, "nickname");
+    if (nickname == NULL) {
+        rv = REQ_CGI_VAR_NOT_PRESENT;
+        missingVar = "nickname";
+        goto loser;
+    }
+    spitOutCMMFResponse(nickname, certRepContent);
+loser:
+    if (respContent != NULL) {
+        CMMF_DestroyPOPODecKeyRespContent(respContent);
+    }
+    return rv;
+}
+
+int
+main()
+{
+    char *form_output = NULL;
+    int form_output_len, form_output_used;
+    CGIVarTable varTable = { 0 };
+    ErrorCode errNum = 0;
+    char *certRepContent;
+
+#ifdef ATTACH_CGI
+    /* Put an ifinite loop in here so I can attach to
+     * the process after the process is spun off
+     */
+    {
+        int stupid = 1;
+        while (stupid)
+            ;
+    }
+#endif
+
+    form_output_used = 0;
+    srand(time(NULL));
+    while (feof(stdin) == 0) {
+        if (form_output == NULL) {
+            form_output = PORT_NewArray(char, DEFAULT_ALLOC_SIZE + 1);
+            form_output_len = DEFAULT_ALLOC_SIZE;
+        } else if ((form_output_used + DEFAULT_ALLOC_SIZE) >= form_output_len) {
+            form_output_len += DEFAULT_ALLOC_SIZE;
+            form_output = PORT_Realloc(form_output, form_output_len + 1);
+        }
+        form_output_used += fread(&form_output[form_output_used], sizeof(char),
+                                  DEFAULT_ALLOC_SIZE, stdin);
+    }
+    ParseInputVariables(&varTable, form_output);
+    certRepContent = CGITableFindValue(&varTable, "CertRepContent");
+    if (certRepContent == NULL) {
+        errNum = initNSS(&varTable);
+        if (errNum != 0) {
+            goto loser;
+        }
+        errNum = processRequest(&varTable);
+    } else {
+        errNum = processChallengeResponse(&varTable, certRepContent);
+    }
+    if (errNum != NO_ERROR) {
+        goto loser;
+    }
+    goto done;
+loser:
+    dumpErrorMessage(errNum);
+done:
+    free(form_output);
+    return 0;
+}
diff --git a/nss/cmd/crmf-cgi/crmfcgi.html b/nss/cmd/crmf-cgi/crmfcgi.html
new file mode 100644
index 0000000..537b0f5
--- /dev/null
+++ b/nss/cmd/crmf-cgi/crmfcgi.html
@@ -0,0 +1,136 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<html>
+<head>
+<title>CRMF Test Page for PSM</title>
+<script language=javascript>
+var request;
+//This variable must be set to the first value
+//in the select field "testType" in the form.
+var keyGenType="SigningOnlyRSA";
+
+var requestedDN = "CN=Javi CA Shack ID, O=NSS";
+
+function setTestType() {
+  var testType = document.crmfForm.testType;
+  
+  keyGenType = testType.options[testType.selectedIndex].value;
+}
+
+function setRequest() {
+  with (document.crmfForm) {
+    CRMFRequest.value = request.request;
+    submit();
+  }
+}
+
+function generateSignAndEncryptRSARequest() {
+    request = crypto.generateCRMFRequest(requestedDN,
+                                         null, null, null, "setRequest()",
+                                         crypto.algorithms.rsa.keyEx.keySizes[0],
+                                         null, "rsa-dual-use");    
+}
+
+function generateSigningOnlyRSARequest() {
+    request = crypto.generateCRMFRequest(requestedDN,null,null,null,"setRequest()",
+                                         crypto.algorithms.rsa.signing.keySizes[0],
+                                         null, "rsa-sign");
+}
+
+function generateEncryptionOnlyRSARequest() {
+    request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
+                                         crypto.algorithms.rsa.keyEx.keySizes[0],
+                                         null, "rsa-ex");
+}
+
+function generateDualRSAKeys() {
+    request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
+                                         crypto.algorithms.rsa.keyEx.keySizes[0],
+                                         null, "rsa-ex",
+                                         crypto.algorithms.rsa.signing.keySizes[0],
+                                         null, "rsa-sign");
+}
+
+function generateDSAKey() {
+    request = crypto.generateCRMFRequest(requestedDN, null, null, null, "setRequest()",
+                                         crypto.algorithms.dsa.keySizes[0],
+                                         null, "dsa-sign-nonrepudiation");
+}
+
+function processForm(form) {
+  with (form) {
+    if (typeof(crypto.version) == "undefined") {
+      alert('You must be running PSM in order to use this page.');
+      return false;
+    }
+    if (NSSDirectory.value == "") {
+      alert('You must provide a path for NSS to use.');
+      return false;
+    }
+    if (dbPassword.value == "") {
+      alert('You must provide a password for the certificate database.');
+      return false;
+    }
+    if (CANickname.value == "") {
+      alert('You must provide a CA Nickname to use.');
+      return false;
+    }
+    //Now do the correct key generation.
+    if (keyGenType == "SignAndEncryptRSA") {
+      generateSignAndEncryptRSARequest();
+    } else if (keyGenType == "SigningOnlyRSA") {
+      generateSigningOnlyRSARequest();
+    } else if (keyGenType == "EncryptionOnlyRSA") {
+      generateEncryptionOnlyRSARequest();
+    } else if (keyGenType == "DualRSAKeys") {
+      generateDualRSAKeys();
+    } else if (keyGenType == "DSAKeyGen") {
+      generateDSAKey();
+    }
+  }
+  return true;
+}
+</script>
+</head>
+<body>
+<h1><center>CRMF Test page for PSM</center></h1>
+This page is designed to be used in combination with the executable
+produced by ns/security/cmd/crmf-cgi in a CGI environment.  In order
+to successfully use this page, modify its action to post to a a server
+where you have installed the crmfcgi executable and you'll be able to
+test the functionality.
+<hr>
+<form name="crmfForm" method=post action="http://www.cgi-site.com/cgi-bin/crmfcgi"> 
+<h2>Certificate Database information</h2>
+First, enter all the information for the CGI to use for initializing 
+NSS.  The CGI will use the directory entered below as the directory
+where to look for the certificate and key databases.
+<pre>
+Path for NSS Config: <input size=40 type="text" name="NSSDirectory">
+</pre>
+Enter the password for the certificate database found in the direcotry
+above.
+<pre>
+Database Password:   <input type="password" name="dbPassword" size=40>
+</pre>
+Now enter the nickname of the certificate to use for signing the 
+certificate issued during this test.
+<pre>
+CA Nickname:         <input size=40 type="text" name="CANickname">
+</pre>
+<h2>Now, figure out which type of key generation you want to test:</h2>
+<select name="testType" onChange="setTestType()">`
+<option value="SigningOnlyRSA">Signing Only-RSA
+<option value="EncryptionOnlyRSA">Encryption Only-RSA
+<option value="SignAndEncryptRSA">Sign and Encrypt Single Key -RSA
+<option value="DualRSAKeys">Dual Keys-RSA
+<option value="DSAKeyGen">DSA Key Gen
+</select>
+<input type="hidden" name=CRMFRequest value="">
+<hr>
+<input type="button" value="OK" onclick="processForm(document.crmfForm)">
+</form>
+</body>
+</html>
diff --git a/nss/cmd/crmf-cgi/manifest.mn b/nss/cmd/crmf-cgi/manifest.mn
new file mode 100644
index 0000000..1212424
--- /dev/null
+++ b/nss/cmd/crmf-cgi/manifest.mn
@@ -0,0 +1,33 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+MODULE	= sectools
+
+EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	crmfcgi.c \
+	$(NULL)
+
+
+REQUIRES = nss dbm seccmd
+
+ifdef ATTACH_CGI
+DEFINES += -DATTACH_CGI
+endif
+
+ifdef WRITE_OUT_RESPONSE
+DEFINES += -DWRITE_OUT_RESPONSE
+endif
+
+PROGRAM  = crmfcgi
+
+USE_STATIC_LIBS = 1
+
+INCLUDES = 
+
+DEFINES = -DNSPR20
diff --git a/nss/cmd/crmftest/Makefile b/nss/cmd/crmftest/Makefile
new file mode 100644
index 0000000..369cdc8
--- /dev/null
+++ b/nss/cmd/crmftest/Makefile
@@ -0,0 +1,64 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2)
+OS_LIBS += -lsvld 
+endif 
+
+ifeq ($(OS_TARGET)$(OS_RELEASE), SunOS5.6)
+OS_LIBS += -ldl -lxnet -lposix4 -lsocket -lnsl
+endif
+
+EXTRA_LIBS += $(DIST)/lib/$(LIB_PREFIX)crmf.$(LIB_SUFFIX)
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+LDDIST = $(DIST)/lib
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+EXTRA_LIBS += $(LDDIST)/sectool.lib
+endif
+
+include ../platrules.mk
diff --git a/nss/cmd/crmftest/config.mk b/nss/cmd/crmftest/config.mk
new file mode 100644
index 0000000..9838ef1
--- /dev/null
+++ b/nss/cmd/crmftest/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(PROGRAM)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+LIBRARY        =
+
diff --git a/nss/cmd/crmftest/crmftest.gyp b/nss/cmd/crmftest/crmftest.gyp
new file mode 100644
index 0000000..c14bd19
--- /dev/null
+++ b/nss/cmd/crmftest/crmftest.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'crmftest',
+      'type': 'executable',
+      'sources': [
+        'testcrmf.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/crmf/crmf.gyp:crmf'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/crmftest/manifest.mn b/nss/cmd/crmftest/manifest.mn
new file mode 100644
index 0000000..578729e
--- /dev/null
+++ b/nss/cmd/crmftest/manifest.mn
@@ -0,0 +1,25 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+DEPTH      = .
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE	= nss
+
+EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	testcrmf.c \
+	$(NULL)
+
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+# REQUIRES = dbm
+
+PROGRAM  = crmftest
+
diff --git a/nss/cmd/crmftest/testcrmf.c b/nss/cmd/crmftest/testcrmf.c
new file mode 100644
index 0000000..fefa689
--- /dev/null
+++ b/nss/cmd/crmftest/testcrmf.c
@@ -0,0 +1,1654 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This program does 5 separate functions.  By default, it does them all.
+ * It can be told to do any subset of them.
+ * It does them in this order:
+ *
+ * 1. Generate file of CRMF cert requests.
+ *     Generates 2 keys pairs, one for signing, one for encryption.
+ *     Can generate RSA or DSA (XXX - DSA is only useful for signing).
+ *     Generate a cert request for each of the two public keys.
+ *     Generate a single CRMF cert request message that requests both certs.
+ *     Leave the generated CRMF request message in file
+ *         configdir/CertReqMessages.der
+ *
+ * 2. Decode CRMF Request(s) Message.
+ *  Reads in the file   configdir/CertReqMessages.der
+ *  (either generated by step 1 above, or user supplied).
+ *  Decodes it.  NOTHING MORE.  Drops these decoded results on the floor.
+ *  The CMMF response (below) contains a completely unrelated cert.  :-(
+ *
+ * 3. CMMF "Stuff".
+ *  a)  Generates a CMMF response, containing a single cert chain, as if
+ *  it was a response to a received CRMF request.  But the cert is
+ *  simply a user cert from the user's local soft token, whose
+ *  nickname is given in the -p option.  The CMMF response has no
+ *  relationship to the request generated above.  The CMMF message
+ *  is placed in configdir/CertRepContent.der.
+ *  b)  Decodes the newly generated CMMF response found in file
+ *  configdir/CertRepContent.der and discards the result.  8-/
+ *  c)  Generate a CMMF Key Escrow message
+ *      needs 2 nicknames:
+ *      It takes the public and private keys for the cert identified
+ *      by -p nickname, and wraps them with a sym key that is in turn
+ *      wrapped with the pubkey in the CA cert, whose nickname is
+ *      given with the -s option.
+ *      Store the message in configdir/KeyRecRepContent.der
+ *  d)  Decode the CMMF Key Escrow message generated just above.
+ *      Get it from file configdir/KeyRecRepContent.der
+ *      This is just a decoder test.  Results are discarded.
+ *
+ * 4. Key Recovery
+ *  This code does not yet compile, and what it was intended to do
+ *  has not been fully determined.
+ *
+ * 5. Challenge/Response.
+ *  Haven't analyzed this code yet.
+ *
+ *
+ */
+
+/* KNOWN BUGS:
+** 1. generates BOTH signing and encryption cert requests, even for DSA keys.
+**
+** 2. Does not verify the siganture in the "Proof of Posession" in the
+**  decoded cert requests.  It only checks syntax of the POP.
+** 3. CMMF "Stuff" should be broken up into separate steps, each of
+**  which may be optionally selected.
+*/
+
+#include <stdio.h>
+#include "nspr.h"
+#include "nss.h"
+#include "crmf.h"
+#include "secerr.h"
+#include "pk11func.h"
+#include "key.h"
+#include "cmmf.h"
+#include "plgetopt.h"
+#include "secutil.h"
+#include "pk11pqg.h"
+
+#if 0
+#include "pkcs11.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "pqggen.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "pkcs11.h"
+#include "secitem.h"
+#include "secasn1.h"
+#include "sechash.h"
+#endif
+
+#define MAX_KEY_LEN 512
+#define PATH_LEN 150
+#define BUFF_SIZE 150
+#define UID_BITS 800
+#define BPB 8
+#define CRMF_FILE "CertReqMessages.der"
+
+PRTime notBefore;
+char *personalCert = NULL;
+char *recoveryEncrypter = NULL;
+char *caCertName = NULL;
+static secuPWData pwdata = { PW_NONE, 0 };
+char *configdir;
+PRBool doingDSA = PR_FALSE;
+
+CERTCertDBHandle *db;
+
+typedef struct {
+    SECKEYPrivateKey *privKey;
+    SECKEYPublicKey *pubKey;
+    CRMFCertRequest *certReq;
+    CRMFCertReqMsg *certReqMsg;
+} TESTKeyPair;
+
+void
+debug_test(SECItem *src, char *filePath)
+{
+    PRFileDesc *fileDesc;
+
+    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                       0666);
+    if (fileDesc == NULL) {
+        printf("Could not cretae file %s.\n", filePath);
+        return;
+    }
+    PR_Write(fileDesc, src->data, src->len);
+}
+
+SECStatus
+get_serial_number(long *dest)
+{
+    SECStatus rv;
+
+    if (dest == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long));
+    if (rv != SECSuccess) {
+        /* PK11_GenerateRandom calls PORT_SetError */
+        return SECFailure;
+    }
+    /* make serial number positive */
+    if (*dest < 0L)
+        *dest = -*dest;
+    return SECSuccess;
+}
+
+PK11RSAGenParams *
+GetRSAParams(void)
+{
+    PK11RSAGenParams *rsaParams;
+
+    rsaParams = PORT_ZNew(PK11RSAGenParams);
+
+    if (rsaParams == NULL)
+        return NULL;
+
+    rsaParams->keySizeInBits = MAX_KEY_LEN;
+    rsaParams->pe = 0x10001;
+
+    return rsaParams;
+}
+
+PQGParams *
+GetDSAParams(void)
+{
+    PQGParams *params = NULL;
+    PQGVerify *vfy = NULL;
+
+    SECStatus rv;
+
+    rv = PK11_PQG_ParamGen(0, &params, &vfy);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+    PK11_PQG_DestroyVerify(vfy);
+    return params;
+}
+
+/* Generate a key pair, and then generate a subjectPublicKeyInfo
+** for the public key in that pair.  return all 3.
+*/
+CERTSubjectPublicKeyInfo *
+GetSubjectPubKeyInfo(TESTKeyPair *pair)
+{
+    CERTSubjectPublicKeyInfo *spki = NULL;
+    SECKEYPrivateKey *privKey = NULL;
+    SECKEYPublicKey *pubKey = NULL;
+    PK11SlotInfo *keySlot = NULL;
+
+    keySlot = PK11_GetInternalKeySlot();
+    PK11_Authenticate(keySlot, PR_FALSE, &pwdata);
+
+    if (!doingDSA) {
+        PK11RSAGenParams *rsaParams = GetRSAParams();
+        if (rsaParams == NULL) {
+            PK11_FreeSlot(keySlot);
+            return NULL;
+        }
+        privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN,
+                                       (void *)rsaParams, &pubKey, PR_FALSE,
+                                       PR_FALSE, &pwdata);
+    } else {
+        PQGParams *dsaParams = GetDSAParams();
+        if (dsaParams == NULL) {
+            PK11_FreeSlot(keySlot);
+            return NULL;
+        }
+        privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN,
+                                       (void *)dsaParams, &pubKey, PR_FALSE,
+                                       PR_FALSE, &pwdata);
+    }
+    PK11_FreeSlot(keySlot);
+    if (privKey == NULL || pubKey == NULL) {
+        if (pubKey) {
+            SECKEY_DestroyPublicKey(pubKey);
+        }
+        if (privKey) {
+            SECKEY_DestroyPrivateKey(privKey);
+        }
+        return NULL;
+    }
+
+    spki = SECKEY_CreateSubjectPublicKeyInfo(pubKey);
+    pair->privKey = privKey;
+    pair->pubKey = pubKey;
+    return spki;
+}
+
+SECStatus
+InitPKCS11(void)
+{
+    PK11SlotInfo *keySlot;
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    keySlot = PK11_GetInternalKeySlot();
+
+    if (PK11_NeedUserInit(keySlot) && PK11_NeedLogin(keySlot)) {
+        if (SECU_ChangePW(keySlot, NULL, NULL) != SECSuccess) {
+            printf("Initializing the PINs failed.\n");
+            return SECFailure;
+        }
+    }
+
+    PK11_FreeSlot(keySlot);
+    return SECSuccess;
+}
+
+void
+WriteItOut(void *arg, const char *buf, unsigned long len)
+{
+    PRFileDesc *fileDesc = (PRFileDesc *)arg;
+
+    PR_Write(fileDesc, (void *)buf, len);
+}
+
+CRMFCertExtCreationInfo *
+GetExtensions(void)
+{
+    unsigned char keyUsage[4] = { 0x03, 0x02, 0x07, KU_DIGITAL_SIGNATURE };
+    /* What are these magic numbers? */
+    SECItem data = { 0, NULL, 0 };
+    CRMFCertExtension *extension;
+    CRMFCertExtCreationInfo *extInfo =
+        PORT_ZNew(CRMFCertExtCreationInfo);
+
+    data.data = keyUsage;
+    data.len = sizeof keyUsage;
+
+    extension =
+        CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE, PR_FALSE, &data);
+    if (extension && extInfo) {
+        extInfo->numExtensions = 1;
+        extInfo->extensions = PORT_ZNewArray(CRMFCertExtension *, 1);
+        extInfo->extensions[0] = extension;
+    }
+    return extInfo;
+}
+
+void
+FreeExtInfo(CRMFCertExtCreationInfo *extInfo)
+{
+    int i;
+
+    for (i = 0; i < extInfo->numExtensions; i++) {
+        CRMF_DestroyCertExtension(extInfo->extensions[i]);
+    }
+    PORT_Free(extInfo->extensions);
+    PORT_Free(extInfo);
+}
+
+int
+InjectCertName(CRMFCertRequest *certReq,
+               CRMFCertTemplateField inTemplateField,
+               const char *inNameString)
+{
+    char *nameStr;
+    CERTName *name;
+    int irv = 0;
+
+    nameStr = PORT_Strdup(inNameString);
+    if (!nameStr)
+        return 5;
+    name = CERT_AsciiToName(nameStr);
+    if (name == NULL) {
+        printf("Could not create CERTName structure from %s.\n", nameStr);
+        irv = 5;
+        goto finish;
+    }
+
+    irv = CRMF_CertRequestSetTemplateField(certReq, inTemplateField, (void *)name);
+    if (irv != SECSuccess) {
+        printf("Could not add name to cert template\n");
+        irv = 6;
+    }
+
+finish:
+    PORT_Free(nameStr);
+    if (name)
+        CERT_DestroyName(name);
+    return irv;
+}
+
+int
+CreateCertRequest(TESTKeyPair *pair, long inRequestID)
+{
+    CERTCertificate *caCert;
+    CERTSubjectPublicKeyInfo *spki;
+    CRMFCertExtCreationInfo *extInfo;
+    CRMFCertRequest *certReq;
+    CRMFEncryptedKey *encKey;
+    CRMFPKIArchiveOptions *pkiArchOpt;
+    SECAlgorithmID *algID;
+    long serialNumber;
+    long version = 3;
+    SECStatus rv;
+    CRMFValidityCreationInfo validity;
+    unsigned char UIDbuf[UID_BITS / BPB];
+    SECItem issuerUID = { siBuffer, NULL, 0 };
+    SECItem subjectUID = { siBuffer, NULL, 0 };
+
+    /* len in bits */
+    issuerUID.data = UIDbuf;
+    issuerUID.len = UID_BITS;
+    subjectUID.data = UIDbuf;
+    subjectUID.len = UID_BITS;
+
+    pair->certReq = NULL;
+    certReq = CRMF_CreateCertRequest(inRequestID);
+    if (certReq == NULL) {
+        printf("Could not initialize a certificate request.\n");
+        return 1;
+    }
+
+    /* set to version 3 */
+    rv = CRMF_CertRequestSetTemplateField(certReq, crmfVersion,
+                                          (void *)(&version));
+    if (rv != SECSuccess) {
+        printf("Could not add the version number to the "
+               "Certificate Request.\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 2;
+    }
+
+    /* set serial number */
+    if (get_serial_number(&serialNumber) != SECSuccess) {
+        printf("Could not generate a serial number for cert request.\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 3;
+    }
+    rv = CRMF_CertRequestSetTemplateField(certReq, crmfSerialNumber,
+                                          (void *)(&serialNumber));
+    if (rv != SECSuccess) {
+        printf("Could not add serial number to certificate template\n.");
+        CRMF_DestroyCertRequest(certReq);
+        return 4;
+    }
+
+    /* Set issuer name */
+    rv = InjectCertName(certReq, crmfIssuer,
+                        "CN=mozilla CA Shack,O=Information Systems");
+    if (rv) {
+        printf("Could not add issuer to cert template\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 5;
+    }
+
+    /* Set Subject Name */
+    rv = InjectCertName(certReq, crmfSubject,
+                        "CN=mozilla CA Shack ID,O=Engineering,C=US");
+    if (rv) {
+        printf("Could not add Subject to cert template\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 5;
+    }
+
+    /* Set Algorithm ID */
+    algID = PK11_CreatePBEAlgorithmID(SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
+                                      1, NULL);
+    if (algID == NULL) {
+        printf("Couldn't create algorithm ID\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 9;
+    }
+    rv = CRMF_CertRequestSetTemplateField(certReq, crmfSigningAlg, (void *)algID);
+    SECOID_DestroyAlgorithmID(algID, PR_TRUE);
+    if (rv != SECSuccess) {
+        printf("Could not add the signing algorithm to the cert template.\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 10;
+    }
+
+    /* Set Validity Dates */
+    validity.notBefore = &notBefore;
+    validity.notAfter = NULL;
+    notBefore = PR_Now();
+    rv = CRMF_CertRequestSetTemplateField(certReq, crmfValidity, (void *)(&validity));
+    if (rv != SECSuccess) {
+        printf("Could not add validity to cert template\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 11;
+    }
+
+    /* Generate a key pair and Add the spki to the request */
+    spki = GetSubjectPubKeyInfo(pair);
+    if (spki == NULL) {
+        printf("Could not create a Subject Public Key Info to add\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 12;
+    }
+    rv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, (void *)spki);
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+    if (rv != SECSuccess) {
+        printf("Could not add the public key to the template\n");
+        CRMF_DestroyCertRequest(certReq);
+        return 13;
+    }
+
+    /* Set the requested isser Unique ID */
+    PK11_GenerateRandom(UIDbuf, sizeof UIDbuf);
+    CRMF_CertRequestSetTemplateField(certReq, crmfIssuerUID, (void *)&issuerUID);
+
+    /* Set the requested Subject Unique ID */
+    PK11_GenerateRandom(UIDbuf, sizeof UIDbuf);
+    CRMF_CertRequestSetTemplateField(certReq, crmfSubjectUID, (void *)&subjectUID);
+
+    /* Add extensions - XXX need to understand these magic numbers */
+    extInfo = GetExtensions();
+    CRMF_CertRequestSetTemplateField(certReq, crmfExtension, (void *)extInfo);
+    FreeExtInfo(extInfo);
+
+    /* get the recipient CA's cert */
+    caCert = CERT_FindCertByNickname(db, caCertName);
+    if (caCert == NULL) {
+        printf("Could not find the certificate for %s\n", caCertName);
+        CRMF_DestroyCertRequest(certReq);
+        return 50;
+    }
+    encKey = CRMF_CreateEncryptedKeyWithEncryptedValue(pair->privKey, caCert);
+    CERT_DestroyCertificate(caCert);
+    if (encKey == NULL) {
+        printf("Could not create Encrypted Key with Encrypted Value.\n");
+        return 14;
+    }
+    pkiArchOpt = CRMF_CreatePKIArchiveOptions(crmfEncryptedPrivateKey, encKey);
+    CRMF_DestroyEncryptedKey(encKey);
+    if (pkiArchOpt == NULL) {
+        printf("Could not create PKIArchiveOptions.\n");
+        return 15;
+    }
+    rv = CRMF_CertRequestSetPKIArchiveOptions(certReq, pkiArchOpt);
+    CRMF_DestroyPKIArchiveOptions(pkiArchOpt);
+    if (rv != SECSuccess) {
+        printf("Could not add the PKIArchiveControl to Cert Request.\n");
+        return 16;
+    }
+    pair->certReq = certReq;
+    return 0;
+}
+
+int
+Encode(CRMFCertReqMsg *inCertReq1, CRMFCertReqMsg *inCertReq2)
+{
+    PRFileDesc *fileDesc;
+    SECStatus rv;
+    int irv = 0;
+    CRMFCertReqMsg *msgArr[3];
+    char filePath[PATH_LEN];
+
+    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
+    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                       0666);
+    if (fileDesc == NULL) {
+        printf("Could not open file %s\n", filePath);
+        irv = 14;
+        goto finish;
+    }
+    msgArr[0] = inCertReq1;
+    msgArr[1] = inCertReq2;
+    msgArr[2] = NULL;
+    rv = CRMF_EncodeCertReqMessages(msgArr, WriteItOut, (void *)fileDesc);
+    if (rv != SECSuccess) {
+        printf("An error occurred while encoding.\n");
+        irv = 15;
+    }
+finish:
+    PR_Close(fileDesc);
+    return irv;
+}
+
+int
+AddProofOfPossession(TESTKeyPair *pair,
+                     CRMFPOPChoice inPOPChoice)
+{
+
+    switch (inPOPChoice) {
+        case crmfSignature:
+            CRMF_CertReqMsgSetSignaturePOP(pair->certReqMsg, pair->privKey,
+                                           pair->pubKey, NULL, NULL, &pwdata);
+            break;
+        case crmfRAVerified:
+            CRMF_CertReqMsgSetRAVerifiedPOP(pair->certReqMsg);
+            break;
+        case crmfKeyEncipherment:
+            CRMF_CertReqMsgSetKeyEnciphermentPOP(pair->certReqMsg,
+                                                 crmfSubsequentMessage,
+                                                 crmfChallengeResp, NULL);
+            break;
+        case crmfKeyAgreement: {
+            SECItem pendejo;
+            unsigned char lame[] = { 0xf0, 0x0f, 0xf0, 0x0f, 0xf0 };
+
+            pendejo.data = lame;
+            pendejo.len = 5;
+
+            CRMF_CertReqMsgSetKeyAgreementPOP(pair->certReqMsg, crmfThisMessage,
+                                              crmfNoSubseqMess, &pendejo);
+        } break;
+        default:
+            return 1;
+    }
+    return 0;
+}
+
+int
+Decode(void)
+{
+    PRFileDesc *fileDesc;
+    CRMFCertReqMsg *certReqMsg;
+    CRMFCertRequest *certReq;
+    CRMFCertReqMessages *certReqMsgs;
+    SECStatus rv;
+    int numMsgs, i;
+    long lame;
+    CRMFGetValidity validity = { NULL, NULL };
+    SECItem item = { siBuffer, NULL, 0 };
+    char filePath[PATH_LEN];
+
+    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
+    fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
+    if (fileDesc == NULL) {
+        printf("Could not open file %s\n", filePath);
+        return 214;
+    }
+    rv = SECU_FileToItem(&item, fileDesc);
+    PR_Close(fileDesc);
+    if (rv != SECSuccess) {
+        return 215;
+    }
+
+    certReqMsgs = CRMF_CreateCertReqMessagesFromDER((char *)item.data, item.len);
+    if (certReqMsgs == NULL) {
+        printf("Error decoding CertReqMessages.\n");
+        return 202;
+    }
+    numMsgs = CRMF_CertReqMessagesGetNumMessages(certReqMsgs);
+    if (numMsgs <= 0) {
+        printf("WARNING: The DER contained %d messages.\n", numMsgs);
+    }
+    for (i = 0; i < numMsgs; i++) {
+        SECStatus rv;
+        printf("crmftest: Processing cert request %d\n", i);
+        certReqMsg = CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqMsgs, i);
+        if (certReqMsg == NULL) {
+            printf("ERROR: Could not access the message at index %d of %s\n",
+                   i, filePath);
+        }
+        rv = CRMF_CertReqMsgGetID(certReqMsg, &lame);
+        if (rv) {
+            SECU_PrintError("crmftest", "CRMF_CertReqMsgGetID");
+        }
+        certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg);
+        if (!certReq) {
+            SECU_PrintError("crmftest", "CRMF_CertReqMsgGetCertRequest");
+        }
+        rv = CRMF_CertRequestGetCertTemplateValidity(certReq, &validity);
+        if (rv) {
+            SECU_PrintError("crmftest", "CRMF_CertRequestGetCertTemplateValidity");
+        }
+        if (!validity.notBefore) {
+            /* We encoded a notBefore, so somthing's wrong if it's not here. */
+            printf("ERROR: Validity period notBefore date missing.\n");
+        }
+        /* XXX It's all parsed now.  We probably should DO SOMETHING with it.
+    ** But nope.  We just throw it all away.
+    ** Maybe this was intended to be no more than a decoder test.
+    */
+        CRMF_DestroyGetValidity(&validity);
+        CRMF_DestroyCertRequest(certReq);
+        CRMF_DestroyCertReqMsg(certReqMsg);
+    }
+    CRMF_DestroyCertReqMessages(certReqMsgs);
+    SECITEM_FreeItem(&item, PR_FALSE);
+    return 0;
+}
+
+int
+GetBitsFromFile(const char *filePath, SECItem *item)
+{
+    PRFileDesc *fileDesc;
+    SECStatus rv;
+
+    fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
+    if (fileDesc == NULL) {
+        printf("Could not open file %s\n", filePath);
+        return 14;
+    }
+
+    rv = SECU_FileToItem(item, fileDesc);
+    PR_Close(fileDesc);
+
+    if (rv != SECSuccess) {
+        item->data = NULL;
+        item->len = 0;
+        return 15;
+    }
+    return 0;
+}
+
+int
+DecodeCMMFCertRepContent(char *derFile)
+{
+    CMMFCertRepContent *certRepContent;
+    int irv = 0;
+    SECItem fileBits = { siBuffer, NULL, 0 };
+
+    GetBitsFromFile(derFile, &fileBits);
+    if (fileBits.data == NULL) {
+        printf("Could not get bits from file %s\n", derFile);
+        return 304;
+    }
+    certRepContent = CMMF_CreateCertRepContentFromDER(db,
+                                                      (char *)fileBits.data, fileBits.len);
+    if (certRepContent == NULL) {
+        printf("Error while decoding %s\n", derFile);
+        irv = 303;
+    } else {
+        /* That was fun.  Now, let's throw it away!  */
+        CMMF_DestroyCertRepContent(certRepContent);
+    }
+    SECITEM_FreeItem(&fileBits, PR_FALSE);
+    return irv;
+}
+
+int
+EncodeCMMFCertReply(const char *filePath,
+                    CERTCertificate *cert,
+                    CERTCertList *list)
+{
+    int rv = 0;
+    SECStatus srv;
+    PRFileDesc *fileDesc = NULL;
+    CMMFCertRepContent *certRepContent = NULL;
+    CMMFCertResponse *certResp = NULL;
+    CMMFCertResponse *certResponses[3];
+
+    certResp = CMMF_CreateCertResponse(0xff123);
+    CMMF_CertResponseSetPKIStatusInfoStatus(certResp, cmmfGranted);
+
+    CMMF_CertResponseSetCertificate(certResp, cert);
+
+    certResponses[0] = certResp;
+    certResponses[1] = NULL;
+    certResponses[2] = NULL;
+
+    certRepContent = CMMF_CreateCertRepContent();
+    CMMF_CertRepContentSetCertResponses(certRepContent, certResponses, 1);
+
+    CMMF_CertRepContentSetCAPubs(certRepContent, list);
+
+    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                       0666);
+    if (fileDesc == NULL) {
+        printf("Could not open file %s\n", filePath);
+        rv = 400;
+        goto finish;
+    }
+
+    srv = CMMF_EncodeCertRepContent(certRepContent, WriteItOut,
+                                    (void *)fileDesc);
+    PR_Close(fileDesc);
+    if (srv != SECSuccess) {
+        printf("CMMF_EncodeCertRepContent failed,\n");
+        rv = 401;
+    }
+finish:
+    if (certRepContent) {
+        CMMF_DestroyCertRepContent(certRepContent);
+    }
+    if (certResp) {
+        CMMF_DestroyCertResponse(certResp);
+    }
+    return rv;
+}
+
+/* Extract the public key from the cert whose nickname is given. */
+int
+extractPubKeyFromNamedCert(const char *nickname, SECKEYPublicKey **pPubKey)
+{
+    CERTCertificate *caCert = NULL;
+    SECKEYPublicKey *caPubKey = NULL;
+    int rv = 0;
+
+    caCert = CERT_FindCertByNickname(db, (char *)nickname);
+    if (caCert == NULL) {
+        printf("Could not get the certifcate for %s\n", caCertName);
+        rv = 411;
+        goto finish;
+    }
+    caPubKey = CERT_ExtractPublicKey(caCert);
+    if (caPubKey == NULL) {
+        printf("Could not extract the public from the "
+               "certificate for \n%s\n",
+               caCertName);
+        rv = 412;
+    }
+finish:
+    *pPubKey = caPubKey;
+    CERT_DestroyCertificate(caCert);
+    caCert = NULL;
+    return rv;
+}
+
+int
+EncodeCMMFRecoveryMessage(const char *filePath,
+                          CERTCertificate *cert,
+                          CERTCertList *list)
+{
+    SECKEYPublicKey *caPubKey = NULL;
+    SECKEYPrivateKey *privKey = NULL;
+    CMMFKeyRecRepContent *repContent = NULL;
+    PRFileDesc *fileDesc;
+    int rv = 0;
+    SECStatus srv;
+
+    /* Extract the public key from the cert whose nickname is given in
+    ** the -s option.
+    */
+    rv = extractPubKeyFromNamedCert(caCertName, &caPubKey);
+    if (rv)
+        goto finish;
+
+    repContent = CMMF_CreateKeyRecRepContent();
+    if (repContent == NULL) {
+        printf("Could not allocate a CMMFKeyRecRepContent structure\n");
+        rv = 407;
+        goto finish;
+    }
+    srv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(repContent,
+                                                      cmmfGrantedWithMods);
+    if (srv != SECSuccess) {
+        printf("Error trying to set PKIStatusInfo for "
+               "CMMFKeyRecRepContent.\n");
+        rv = 406;
+        goto finish;
+    }
+    srv = CMMF_KeyRecRepContentSetNewSignCert(repContent, cert);
+    if (srv != SECSuccess) {
+        printf("Error trying to set the new signing certificate for "
+               "key recovery\n");
+        rv = 408;
+        goto finish;
+    }
+    srv = CMMF_KeyRecRepContentSetCACerts(repContent, list);
+    if (srv != SECSuccess) {
+        printf("Errory trying to add the list of CA certs to the "
+               "CMMFKeyRecRepContent structure.\n");
+        rv = 409;
+        goto finish;
+    }
+    privKey = PK11_FindKeyByAnyCert(cert, &pwdata);
+    if (privKey == NULL) {
+        printf("Could not get the private key associated with the\n"
+               "certificate %s\n",
+               personalCert);
+        rv = 410;
+        goto finish;
+    }
+
+    srv = CMMF_KeyRecRepContentSetCertifiedKeyPair(repContent, cert, privKey,
+                                                   caPubKey);
+    if (srv != SECSuccess) {
+        printf("Could not set the Certified Key Pair\n");
+        rv = 413;
+        goto finish;
+    }
+    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                       0666);
+    if (fileDesc == NULL) {
+        printf("Could not open file %s\n", filePath);
+        rv = 414;
+        goto finish;
+    }
+
+    srv = CMMF_EncodeKeyRecRepContent(repContent, WriteItOut,
+                                      (void *)fileDesc);
+    PR_Close(fileDesc);
+    if (srv != SECSuccess) {
+        printf("CMMF_EncodeKeyRecRepContent failed\n");
+        rv = 415;
+    }
+finish:
+    if (privKey)
+        SECKEY_DestroyPrivateKey(privKey);
+    if (caPubKey)
+        SECKEY_DestroyPublicKey(caPubKey);
+    if (repContent)
+        CMMF_DestroyKeyRecRepContent(repContent);
+    return rv;
+}
+
+int
+decodeCMMFRecoveryMessage(const char *filePath)
+{
+    CMMFKeyRecRepContent *repContent = NULL;
+    int rv = 0;
+    SECItem fileBits = { siBuffer, NULL, 0 };
+
+    GetBitsFromFile(filePath, &fileBits);
+    if (!fileBits.len) {
+        rv = 451;
+        goto finish;
+    }
+    repContent =
+        CMMF_CreateKeyRecRepContentFromDER(db, (const char *)fileBits.data,
+                                           fileBits.len);
+    if (repContent == NULL) {
+        printf("ERROR: CMMF_CreateKeyRecRepContentFromDER failed on file:\n"
+               "\t%s\n",
+               filePath);
+        rv = 452;
+    }
+finish:
+    if (repContent) {
+        CMMF_DestroyKeyRecRepContent(repContent);
+    }
+    SECITEM_FreeItem(&fileBits, PR_FALSE);
+    return rv;
+}
+
+int
+DoCMMFStuff(void)
+{
+    CERTCertificate *cert = NULL;
+    CERTCertList *list = NULL;
+    int rv = 0;
+    char filePath[PATH_LEN];
+
+    /* Do common setup for the following steps.
+    */
+    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, "CertRepContent.der");
+
+    cert = CERT_FindCertByNickname(db, personalCert);
+    if (cert == NULL) {
+        printf("Could not find the certificate for %s\n", personalCert);
+        rv = 416;
+        goto finish;
+    }
+    list = CERT_GetCertChainFromCert(cert, PR_Now(), certUsageEmailSigner);
+    if (list == NULL) {
+        printf("Could not find the certificate chain for %s\n", personalCert);
+        rv = 418;
+        goto finish;
+    }
+
+    /* a) Generate the CMMF response message, using a user cert named
+    **    by -p option, rather than a cert generated from the CRMF
+    **    request itself.   The CMMF message is placed in
+    **    configdir/CertRepContent.der.
+    */
+    rv = EncodeCMMFCertReply(filePath, cert, list);
+    if (rv != 0) {
+        goto finish;
+    }
+
+    /* b) Decode the CMMF Cert granting message encoded just above,
+    **    found in configdir/CertRepContent.der.
+    **    This only tests the decoding.  The decoded content is discarded.
+    */
+    rv = DecodeCMMFCertRepContent(filePath);
+    if (rv != 0) {
+        goto finish;
+    }
+
+    /* c) Generate a CMMF Key Excrow message
+    **    It takes the public and private keys for the cert identified
+    **    by -p nickname, and wraps them with a sym key that is in turn
+    **    wrapped with the pubkey in the CA cert, whose nickname is
+    **    given by the -s option.
+    **    Store the message in configdir/KeyRecRepContent.der
+    */
+    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
+                "KeyRecRepContent.der");
+
+    rv = EncodeCMMFRecoveryMessage(filePath, cert, list);
+    if (rv)
+        goto finish;
+
+    /* d) Decode the CMMF Key Excrow message generated just above.
+    **    Get it from file configdir/KeyRecRepContent.der
+    **    This is just a decoder test.  Results are discarded.
+    */
+
+    rv = decodeCMMFRecoveryMessage(filePath);
+
+finish:
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+    if (list) {
+        CERT_DestroyCertList(list);
+    }
+    return rv;
+}
+
+#define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/
+
+int
+DoKeyRecovery(SECKEYPrivateKey *privKey)
+{
+#ifdef DOING_KEY_RECOVERY /* Doesn't compile yet. */
+    SECKEYPublicKey *pubKey;
+    PK11SlotInfo *slot;
+    unsigned char *ciphertext;
+    unsigned char *text_compared;
+    SECKEYPrivateKey *unwrappedPrivKey;
+    SECKEYPrivateKey *caPrivKey;
+    CMMFKeyRecRepContent *keyRecRep;
+    CMMFCertifiedKeyPair *certKeyPair;
+    CERTCertificate *caCert;
+    CERTCertificate *myCert;
+    SECKEYPublicKey *caPubKey;
+    PRFileDesc *fileDesc;
+    CK_ULONG max_bytes_encrypted;
+    CK_ULONG bytes_encrypted;
+    CK_ULONG bytes_compared;
+    CK_ULONG bytes_decrypted;
+    CK_RV crv;
+    CK_OBJECT_HANDLE id;
+    CK_MECHANISM mech = { CKM_INVALID_MECHANISM, NULL, 0 };
+    SECStatus rv;
+    SECItem fileBits;
+    SECItem nickname;
+    unsigned char plaintext[KNOWN_MESSAGE_LENGTH];
+    char filePath[PATH_LEN];
+    static const unsigned char known_message[] = { "Known Crypto Message" };
+
+    /*caCert = CERT_FindCertByNickname(db, caCertName);*/
+    myCert = CERT_FindCertByNickname(db, personalCert);
+    if (myCert == NULL) {
+        printf("Could not find the certificate for %s\n", personalCert);
+        return 700;
+    }
+    caCert = CERT_FindCertByNickname(db, recoveryEncrypter);
+    if (caCert == NULL) {
+        printf("Could not find the certificate for %s\n", recoveryEncrypter);
+        return 701;
+    }
+    caPubKey = CERT_ExtractPublicKey(caCert);
+    pubKey = SECKEY_ConvertToPublicKey(privKey);
+    max_bytes_encrypted = PK11_GetPrivateModulusLen(privKey);
+    slot = PK11_GetBestSlotWithAttributes(mapWrapKeyType(privKey->keyType),
+                                          CKF_ENCRYPT, 0, NULL);
+    id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);
+
+    switch (privKey->keyType) {
+        case rsaKey:
+            mech.mechanism = CKM_RSA_PKCS;
+            break;
+        case dsaKey:
+            mech.mechanism = CKM_DSA;
+            break;
+        case dhKey:
+            mech.mechanism = CKM_DH_PKCS_DERIVE;
+            break;
+        default:
+            printf("Bad Key type in key recovery.\n");
+            return 512;
+    }
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_EncryptInit(slot->session, &mech, id);
+    if (crv != CKR_OK) {
+        PK11_ExitSlotMonitor(slot);
+        PK11_FreeSlot(slot);
+        printf("C_EncryptInit failed in KeyRecovery\n");
+        return 500;
+    }
+    ciphertext = PORT_NewArray(unsigned char, max_bytes_encrypted);
+    if (ciphertext == NULL) {
+        PK11_ExitSlotMonitor(slot);
+        PK11_FreeSlot(slot);
+        printf("Could not allocate memory for ciphertext.\n");
+        return 501;
+    }
+    bytes_encrypted = max_bytes_encrypted;
+    crv = PK11_GETTAB(slot)->C_Encrypt(slot->session,
+                                       known_message,
+                                       KNOWN_MESSAGE_LENGTH,
+                                       ciphertext,
+                                       &bytes_encrypted);
+    PK11_ExitSlotMonitor(slot);
+    PK11_FreeSlot(slot);
+    if (crv != CKR_OK) {
+        PORT_Free(ciphertext);
+        return 502;
+    }
+    /* Always use the smaller of these two values . . . */
+    bytes_compared = (bytes_encrypted > KNOWN_MESSAGE_LENGTH)
+                         ? KNOWN_MESSAGE_LENGTH
+                         : bytes_encrypted;
+
+    /* If there was a failure, the plaintext */
+    /* goes at the end, therefore . . .      */
+    text_compared = (bytes_encrypted > KNOWN_MESSAGE_LENGTH)
+                        ? (ciphertext + bytes_encrypted -
+                           KNOWN_MESSAGE_LENGTH)
+                        : ciphertext;
+
+    keyRecRep = CMMF_CreateKeyRecRepContent();
+    if (keyRecRep == NULL) {
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        CMMF_DestroyKeyRecRepContent(keyRecRep);
+        printf("Could not allocate a CMMFKeyRecRepContent structre.\n");
+        return 503;
+    }
+    rv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(keyRecRep,
+                                                     cmmfGranted);
+    if (rv != SECSuccess) {
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        CMMF_DestroyKeyRecRepContent(keyRecRep);
+        printf("Could not set the status for the KeyRecRepContent\n");
+        return 504;
+    }
+    /* The myCert here should correspond to the certificate corresponding
+     * to the private key, but for this test any certificate will do.
+     */
+    rv = CMMF_KeyRecRepContentSetCertifiedKeyPair(keyRecRep, myCert,
+                                                  privKey, caPubKey);
+    if (rv != SECSuccess) {
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        CMMF_DestroyKeyRecRepContent(keyRecRep);
+        printf("Could not set the Certified Key Pair\n");
+        return 505;
+    }
+    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir,
+                "KeyRecRepContent.der");
+    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                       0666);
+    if (fileDesc == NULL) {
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        CMMF_DestroyKeyRecRepContent(keyRecRep);
+        printf("Could not open file %s\n", filePath);
+        return 506;
+    }
+    rv = CMMF_EncodeKeyRecRepContent(keyRecRep, WriteItOut, fileDesc);
+    CMMF_DestroyKeyRecRepContent(keyRecRep);
+    PR_Close(fileDesc);
+
+    if (rv != SECSuccess) {
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        printf("Error while encoding CMMFKeyRecRepContent\n");
+        return 507;
+    }
+    GetBitsFromFile(filePath, &fileBits);
+    if (fileBits.data == NULL) {
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        printf("Could not get the bits from file %s\n", filePath);
+        return 508;
+    }
+    keyRecRep =
+        CMMF_CreateKeyRecRepContentFromDER(db, (const char *)fileBits.data,
+                                           fileBits.len);
+    if (keyRecRep == NULL) {
+        printf("Could not decode the KeyRecRepContent in file %s\n",
+               filePath);
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        return 509;
+    }
+    caPrivKey = PK11_FindKeyByAnyCert(caCert, &pwdata);
+    if (CMMF_KeyRecRepContentGetPKIStatusInfoStatus(keyRecRep) !=
+        cmmfGranted) {
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        CMMF_DestroyKeyRecRepContent(keyRecRep);
+        printf("A bad status came back with the "
+               "KeyRecRepContent structure\n");
+        return 510;
+    }
+
+#define NICKNAME "Key Recovery Test Key"
+    nickname.data = (unsigned char *)NICKNAME;
+    nickname.len = PORT_Strlen(NICKNAME);
+
+    certKeyPair = CMMF_KeyRecRepContentGetCertKeyAtIndex(keyRecRep, 0);
+    CMMF_DestroyKeyRecRepContent(keyRecRep);
+    rv = CMMF_CertifiedKeyPairUnwrapPrivKey(certKeyPair,
+                                            caPrivKey,
+                                            &nickname,
+                                            PK11_GetInternalKeySlot(),
+                                            db,
+                                            &unwrappedPrivKey, &pwdata);
+    CMMF_DestroyCertifiedKeyPair(certKeyPair);
+    if (rv != SECSuccess) {
+        printf("Unwrapping the private key failed.\n");
+        return 511;
+    }
+    /*Now let's try to decrypt the ciphertext with the "recovered" key*/
+    PK11_EnterSlotMonitor(slot);
+    crv =
+        PK11_GETTAB(slot)->C_DecryptInit(unwrappedPrivKey->pkcs11Slot->session,
+                                         &mech,
+                                         unwrappedPrivKey->pkcs11ID);
+    if (crv != CKR_OK) {
+        PK11_ExitSlotMonitor(slot);
+        PORT_Free(ciphertext);
+        PK11_FreeSlot(slot);
+        printf("Decrypting with the recovered key failed.\n");
+        return 513;
+    }
+    bytes_decrypted = KNOWN_MESSAGE_LENGTH;
+    crv = PK11_GETTAB(slot)->C_Decrypt(unwrappedPrivKey->pkcs11Slot->session,
+                                       ciphertext,
+                                       bytes_encrypted, plaintext,
+                                       &bytes_decrypted);
+    SECKEY_DestroyPrivateKey(unwrappedPrivKey);
+    PK11_ExitSlotMonitor(slot);
+    PORT_Free(ciphertext);
+    if (crv != CKR_OK) {
+        PK11_FreeSlot(slot);
+        printf("Decrypting the ciphertext with recovered key failed.\n");
+        return 514;
+    }
+    if ((bytes_decrypted != KNOWN_MESSAGE_LENGTH) ||
+        (PORT_Memcmp(plaintext, known_message, KNOWN_MESSAGE_LENGTH) != 0)) {
+        PK11_FreeSlot(slot);
+        printf("The recovered plaintext does not equal the known message:\n"
+               "\tKnown message:       %s\n"
+               "\tRecovered plaintext: %s\n",
+               known_message, plaintext);
+        return 515;
+    }
+#endif
+    return 0;
+}
+
+int
+DoChallengeResponse(SECKEYPrivateKey *privKey,
+                    SECKEYPublicKey *pubKey)
+{
+    CMMFPOPODecKeyChallContent *chalContent = NULL;
+    CMMFPOPODecKeyRespContent *respContent = NULL;
+    CERTCertificate *myCert = NULL;
+    CERTGeneralName *myGenName = NULL;
+    PLArenaPool *poolp = NULL;
+    PRFileDesc *fileDesc;
+    SECItem *publicValue;
+    SECItem *keyID;
+    SECKEYPrivateKey *foundPrivKey;
+    long *randomNums;
+    int numChallengesFound = 0;
+    int numChallengesSet = 1;
+    int i;
+    long retrieved;
+    SECStatus rv;
+    SECItem DecKeyChallBits;
+    char filePath[PATH_LEN];
+
+    chalContent = CMMF_CreatePOPODecKeyChallContent();
+    myCert = CERT_FindCertByNickname(db, personalCert);
+    if (myCert == NULL) {
+        printf("Could not find the certificate for %s\n", personalCert);
+        return 900;
+    }
+    poolp = PORT_NewArena(1024);
+    if (poolp == NULL) {
+        printf("Could no allocate a new arena in DoChallengeResponse\n");
+        return 901;
+    }
+    myGenName = CERT_GetCertificateNames(myCert, poolp);
+    if (myGenName == NULL) {
+        printf("Could not get the general names for %s certificate\n",
+               personalCert);
+        return 902;
+    }
+    randomNums = PORT_ArenaNewArray(poolp, long, numChallengesSet);
+    PK11_GenerateRandom((unsigned char *)randomNums,
+                        numChallengesSet * sizeof(long));
+    for (i = 0; i < numChallengesSet; i++) {
+        rv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
+                                                         randomNums[i],
+                                                         myGenName,
+                                                         pubKey,
+                                                         &pwdata);
+        if (rv != SECSuccess) {
+            printf("Could not set the challenge in DoChallengeResponse\n");
+            return 903;
+        }
+    }
+    PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyChallContent.der",
+                configdir);
+    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                       0666);
+    if (fileDesc == NULL) {
+        printf("Could not open file %s\n", filePath);
+        return 904;
+    }
+    rv = CMMF_EncodePOPODecKeyChallContent(chalContent, WriteItOut,
+                                           (void *)fileDesc);
+    PR_Close(fileDesc);
+    CMMF_DestroyPOPODecKeyChallContent(chalContent);
+    if (rv != SECSuccess) {
+        printf("Could not encode the POPODecKeyChallContent.\n");
+        return 905;
+    }
+    GetBitsFromFile(filePath, &DecKeyChallBits);
+    chalContent = CMMF_CreatePOPODecKeyChallContentFromDER((const char *)DecKeyChallBits.data, DecKeyChallBits.len);
+    SECITEM_FreeItem(&DecKeyChallBits, PR_FALSE);
+    if (chalContent == NULL) {
+        printf("Could not create the POPODecKeyChallContent from DER\n");
+        return 906;
+    }
+    numChallengesFound =
+        CMMF_POPODecKeyChallContentGetNumChallenges(chalContent);
+    if (numChallengesFound != numChallengesSet) {
+        printf("Number of Challenges Found (%d) does not equal the number "
+               "set (%d)\n",
+               numChallengesFound, numChallengesSet);
+        return 907;
+    }
+    for (i = 0; i < numChallengesSet; i++) {
+        publicValue = CMMF_POPODecKeyChallContentGetPublicValue(chalContent, i);
+        if (publicValue == NULL) {
+            printf("Could not get the public value for challenge at index %d\n",
+                   i);
+            return 908;
+        }
+        keyID = PK11_MakeIDFromPubKey(publicValue);
+        if (keyID == NULL) {
+            printf("Could not make the keyID from the public value\n");
+            return 909;
+        }
+        foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot, keyID, &pwdata);
+        if (foundPrivKey == NULL) {
+            printf("Could not find the private key corresponding to the public"
+                   " value.\n");
+            return 910;
+        }
+        rv = CMMF_POPODecKeyChallContDecryptChallenge(chalContent, i,
+                                                      foundPrivKey);
+        if (rv != SECSuccess) {
+            printf("Could not decrypt the challenge at index %d\n", i);
+            return 911;
+        }
+        rv = CMMF_POPODecKeyChallContentGetRandomNumber(chalContent, i,
+                                                        &retrieved);
+        if (rv != SECSuccess) {
+            printf("Could not get the random number from the challenge at "
+                   "index %d\n",
+                   i);
+            return 912;
+        }
+        if (retrieved != randomNums[i]) {
+            printf("Retrieved the number (%ld), expected (%ld)\n", retrieved,
+                   randomNums[i]);
+            return 913;
+        }
+    }
+    CMMF_DestroyPOPODecKeyChallContent(chalContent);
+    PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyRespContent.der",
+                configdir);
+    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                       0666);
+    if (fileDesc == NULL) {
+        printf("Could not open file %s\n", filePath);
+        return 914;
+    }
+    rv = CMMF_EncodePOPODecKeyRespContent(randomNums, numChallengesSet,
+                                          WriteItOut, fileDesc);
+    PR_Close(fileDesc);
+    if (rv != 0) {
+        printf("Could not encode the POPODecKeyRespContent\n");
+        return 915;
+    }
+    GetBitsFromFile(filePath, &DecKeyChallBits);
+    respContent =
+        CMMF_CreatePOPODecKeyRespContentFromDER((const char *)DecKeyChallBits.data,
+                                                DecKeyChallBits.len);
+    if (respContent == NULL) {
+        printf("Could not decode the contents of the file %s\n", filePath);
+        return 916;
+    }
+    numChallengesFound =
+        CMMF_POPODecKeyRespContentGetNumResponses(respContent);
+    if (numChallengesFound != numChallengesSet) {
+        printf("Number of responses found (%d) does not match the number "
+               "of challenges set (%d)\n",
+               numChallengesFound, numChallengesSet);
+        return 917;
+    }
+    for (i = 0; i < numChallengesSet; i++) {
+        rv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &retrieved);
+        if (rv != SECSuccess) {
+            printf("Could not retrieve the response at index %d\n", i);
+            return 918;
+        }
+        if (retrieved != randomNums[i]) {
+            printf("Retrieved the number (%ld), expected (%ld)\n", retrieved,
+                   randomNums[i]);
+            return 919;
+        }
+    }
+    CMMF_DestroyPOPODecKeyRespContent(respContent);
+    return 0;
+}
+
+int
+MakeCertRequest(TESTKeyPair *pair, CRMFPOPChoice inPOPChoice, long inRequestID)
+{
+    int irv;
+
+    /* Generate a key pair and a cert request for it. */
+    irv = CreateCertRequest(pair, inRequestID);
+    if (irv != 0 || pair->certReq == NULL) {
+        goto loser;
+    }
+
+    pair->certReqMsg = CRMF_CreateCertReqMsg();
+    if (!pair->certReqMsg) {
+        irv = 999;
+        goto loser;
+    }
+    /* copy certReq into certReqMsg */
+    CRMF_CertReqMsgSetCertRequest(pair->certReqMsg, pair->certReq);
+    irv = AddProofOfPossession(pair, inPOPChoice);
+loser:
+    return irv;
+}
+
+int
+DestroyPairReqAndMsg(TESTKeyPair *pair)
+{
+    SECStatus rv = SECSuccess;
+    int irv = 0;
+
+    if (pair->certReq) {
+        rv = CRMF_DestroyCertRequest(pair->certReq);
+        pair->certReq = NULL;
+        if (rv != SECSuccess) {
+            printf("Error when destroying cert request.\n");
+            irv = 100;
+        }
+    }
+    if (pair->certReqMsg) {
+        rv = CRMF_DestroyCertReqMsg(pair->certReqMsg);
+        pair->certReqMsg = NULL;
+        if (rv != SECSuccess) {
+            printf("Error when destroying cert request msg.\n");
+            if (!irv)
+                irv = 101;
+        }
+    }
+    return irv;
+}
+
+int
+DestroyPair(TESTKeyPair *pair)
+{
+    int irv = 0;
+
+    if (pair->pubKey) {
+        SECKEY_DestroyPublicKey(pair->pubKey);
+        pair->pubKey = NULL;
+    }
+    if (pair->privKey) {
+        SECKEY_DestroyPrivateKey(pair->privKey);
+        pair->privKey = NULL;
+    }
+    DestroyPairReqAndMsg(pair);
+    return irv;
+}
+
+int
+DoCRMFRequest(TESTKeyPair *signPair, TESTKeyPair *cryptPair)
+{
+    int irv, tirv = 0;
+
+    /* Generate a key pair and a cert request for it. */
+    irv = MakeCertRequest(signPair, crmfSignature, 0x0f020304);
+    if (irv != 0 || signPair->certReq == NULL) {
+        goto loser;
+    }
+
+    if (!doingDSA) {
+        irv = MakeCertRequest(cryptPair, crmfKeyAgreement, 0x0f050607);
+        if (irv != 0 || cryptPair->certReq == NULL) {
+            goto loser;
+        }
+    }
+
+    /* encode the cert request messages into a unified request message.
+    ** leave it in a file with a fixed name.  :(
+    */
+    irv = Encode(signPair->certReqMsg, cryptPair->certReqMsg);
+
+loser:
+    if (signPair->certReq) {
+        tirv = DestroyPairReqAndMsg(signPair);
+        if (tirv && !irv)
+            irv = tirv;
+    }
+    if (cryptPair->certReq) {
+        tirv = DestroyPairReqAndMsg(cryptPair);
+        if (tirv && !irv)
+            irv = tirv;
+    }
+    return irv;
+}
+
+void
+Usage(void)
+{
+    printf("Usage:\n"
+           "\tcrmftest -d [Database Directory] -p [Personal Cert]\n"
+           "\t         -e [Encrypter] -s [CA Certificate] [-P password]\n\n"
+           "\t         [crmf] [dsa] [decode] [cmmf] [recover] [challenge]\n"
+           "\t         [-f password_file]\n"
+           "Database Directory\n"
+           "\tThis is the directory where the key3.db, cert7.db, and\n"
+           "\tsecmod.db files are located.  This is also the directory\n"
+           "\twhere the program will place CRMF/CMMF der files\n"
+           "Personal Cert\n"
+           "\tThis is the certificate that already exists in the cert\n"
+           "\tdatabase to use while encoding the response.  The private\n"
+           "\tkey associated with the certificate must also exist in the\n"
+           "\tkey database.\n"
+           "Encrypter\n"
+           "\tThis is the certificate to use when encrypting the the \n"
+           "\tkey recovery response.  The private key for this cert\n"
+           "\tmust also be present in the key database.\n"
+           "CA Certificate\n"
+           "\tThis is the nickname of the certificate to use as the\n"
+           "\tCA when doing all of the encoding.\n");
+}
+
+#define TEST_MAKE_CRMF_REQ 0x0001
+#define TEST_USE_DSA 0x0002
+#define TEST_DECODE_CRMF_REQ 0x0004
+#define TEST_DO_CMMF_STUFF 0x0008
+#define TEST_KEY_RECOVERY 0x0010
+#define TEST_CHALLENGE_RESPONSE 0x0020
+
+SECStatus
+parsePositionalParam(const char *arg, PRUint32 *flags)
+{
+    if (!strcmp(arg, "crmf")) {
+        *flags |= TEST_MAKE_CRMF_REQ;
+    } else if (!strcmp(arg, "dsa")) {
+        *flags |= TEST_MAKE_CRMF_REQ | TEST_USE_DSA;
+        doingDSA = PR_TRUE;
+    } else if (!strcmp(arg, "decode")) {
+        *flags |= TEST_DECODE_CRMF_REQ;
+    } else if (!strcmp(arg, "cmmf")) {
+        *flags |= TEST_DO_CMMF_STUFF;
+    } else if (!strcmp(arg, "recover")) {
+        *flags |= TEST_KEY_RECOVERY;
+    } else if (!strcmp(arg, "challenge")) {
+        *flags |= TEST_CHALLENGE_RESPONSE;
+    } else {
+        printf("unknown positional paremeter: %s\n", arg);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* it's not clear, in some cases, whether the desired key is from
+** the sign pair or the crypt pair, so we're guessing in some places.
+** This define serves to remind us of the places where we're guessing.
+*/
+#define WHICH_KEY cryptPair
+
+int
+main(int argc, char **argv)
+{
+    TESTKeyPair signPair, cryptPair;
+    PLOptState *optstate;
+    PLOptStatus status;
+    char *password = NULL;
+    char *pwfile = NULL;
+    int irv = 0;
+    PRUint32 flags = 0;
+    SECStatus rv;
+    PRBool nssInit = PR_FALSE;
+
+    memset(&signPair, 0, sizeof signPair);
+    memset(&cryptPair, 0, sizeof cryptPair);
+    printf("\ncrmftest v1.0\n");
+    optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:f:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'd':
+                configdir = PORT_Strdup(optstate->value);
+                rv = NSS_Init(configdir);
+                if (rv != SECSuccess) {
+                    printf("NSS_Init (-d) failed\n");
+                    return 101;
+                }
+                nssInit = PR_TRUE;
+                break;
+            case 'p':
+                personalCert = PORT_Strdup(optstate->value);
+                if (personalCert == NULL) {
+                    printf("-p  failed\n");
+                    return 603;
+                }
+                break;
+            case 'e':
+                recoveryEncrypter = PORT_Strdup(optstate->value);
+                if (recoveryEncrypter == NULL) {
+                    printf("-e  failed\n");
+                    return 602;
+                }
+                break;
+            case 's':
+                caCertName = PORT_Strdup(optstate->value);
+                if (caCertName == NULL) {
+                    printf("-s  failed\n");
+                    return 604;
+                }
+                break;
+            case 'P':
+                password = PORT_Strdup(optstate->value);
+                if (password == NULL) {
+                    printf("-P  failed\n");
+                    return 606;
+                }
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = password;
+                break;
+            case 'f':
+                pwfile = PORT_Strdup(optstate->value);
+                if (pwfile == NULL) {
+                    printf("-f  failed\n");
+                    return 607;
+                }
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = pwfile;
+                break;
+            case 0: /* positional parameter */
+                rv = parsePositionalParam(optstate->value, &flags);
+                if (rv) {
+                    printf("bad positional parameter.\n");
+                    return 605;
+                }
+                break;
+            default:
+                Usage();
+                return 601;
+        }
+    }
+    PL_DestroyOptState(optstate);
+    if (status == PL_OPT_BAD || !nssInit) {
+        Usage();
+        return 600;
+    }
+    if (!flags)
+        flags = ~TEST_USE_DSA;
+    db = CERT_GetDefaultCertDB();
+    InitPKCS11();
+
+    if (flags & TEST_MAKE_CRMF_REQ) {
+        printf("Generating CRMF request\n");
+        irv = DoCRMFRequest(&signPair, &cryptPair);
+        if (irv)
+            goto loser;
+    }
+
+    if (flags & TEST_DECODE_CRMF_REQ) {
+        printf("Decoding CRMF request\n");
+        irv = Decode();
+        if (irv != 0) {
+            printf("Error while decoding\n");
+            goto loser;
+        }
+    }
+
+    if (flags & TEST_DO_CMMF_STUFF) {
+        printf("Doing CMMF Stuff\n");
+        if ((irv = DoCMMFStuff()) != 0) {
+            printf("CMMF tests failed.\n");
+            goto loser;
+        }
+    }
+
+    if (flags & TEST_KEY_RECOVERY) {
+        /* Requires some other options be set.
+        ** Once we know exactly what hey are, test for them here.
+        */
+        printf("Doing Key Recovery\n");
+        irv = DoKeyRecovery(WHICH_KEY.privKey);
+        if (irv != 0) {
+            printf("Error doing key recovery\n");
+            goto loser;
+        }
+    }
+
+    if (flags & TEST_CHALLENGE_RESPONSE) {
+        printf("Doing Challenge / Response\n");
+        irv = DoChallengeResponse(WHICH_KEY.privKey, WHICH_KEY.pubKey);
+        if (irv != 0) {
+            printf("Error doing challenge-response\n");
+            goto loser;
+        }
+    }
+    printf("Exiting successfully!!!\n\n");
+    irv = 0;
+
+loser:
+    DestroyPair(&signPair);
+    DestroyPair(&cryptPair);
+    rv = NSS_Shutdown();
+    if (rv) {
+        printf("NSS_Shutdown did not shutdown cleanly!\n");
+    }
+    PORT_Free(configdir);
+    if (irv)
+        printf("crmftest returning %d\n", irv);
+    return irv;
+}
diff --git a/nss/cmd/dbck/Makefile b/nss/cmd/dbck/Makefile
new file mode 100644
index 0000000..ea1d2f4
--- /dev/null
+++ b/nss/cmd/dbck/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+INCLUDES += -I ../../lib/softoken
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
diff --git a/nss/cmd/dbck/dbck.c b/nss/cmd/dbck/dbck.c
new file mode 100644
index 0000000..6791a0d
--- /dev/null
+++ b/nss/cmd/dbck/dbck.c
@@ -0,0 +1,1350 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** dbck.c
+**
+** utility for fixing corrupt cert databases
+**
+*/
+#include <stdio.h>
+#include <string.h>
+
+#include "secutil.h"
+#include "cdbhdl.h"
+#include "certdb.h"
+#include "cert.h"
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+#include "pcert.h"
+#include "nss.h"
+
+static char *progName;
+
+/* placeholders for pointer error types */
+static void *WrongEntry;
+static void *NoNickname;
+static void *NoSMime;
+
+typedef enum {
+    /* 0*/ NoSubjectForCert = 0,
+    /* 1*/ SubjectHasNoKeyForCert,
+    /* 2*/ NoNicknameOrSMimeForSubject,
+    /* 3*/ WrongNicknameForSubject,
+    /* 4*/ NoNicknameEntry,
+    /* 5*/ WrongSMimeForSubject,
+    /* 6*/ NoSMimeEntry,
+    /* 7*/ NoSubjectForNickname,
+    /* 8*/ NoSubjectForSMime,
+    /* 9*/ NicknameAndSMimeEntries,
+    NUM_ERROR_TYPES
+} dbErrorType;
+
+static char *dbErrorString[NUM_ERROR_TYPES] = {
+    /* 0*/ "<CERT ENTRY>\nDid not find a subject entry for this certificate.",
+    /* 1*/ "<SUBJECT ENTRY>\nSubject has certKey which is not in db.",
+    /* 2*/ "<SUBJECT ENTRY>\nSubject does not have a nickname or email address.",
+    /* 3*/ "<SUBJECT ENTRY>\nUsing this subject's nickname, found a nickname entry for a different subject.",
+    /* 4*/ "<SUBJECT ENTRY>\nDid not find a nickname entry for this subject.",
+    /* 5*/ "<SUBJECT ENTRY>\nUsing this subject's email, found an S/MIME entry for a different subject.",
+    /* 6*/ "<SUBJECT ENTRY>\nDid not find an S/MIME entry for this subject.",
+    /* 7*/ "<NICKNAME ENTRY>\nDid not find a subject entry for this nickname.",
+    /* 8*/ "<S/MIME ENTRY>\nDid not find a subject entry for this S/MIME profile.",
+};
+
+static char *errResult[NUM_ERROR_TYPES] = {
+    "Certificate entries that had no subject entry.",
+    "Subject entries with no corresponding Certificate entries.",
+    "Subject entries that had no nickname or S/MIME entries.",
+    "Redundant nicknames (subjects with the same nickname).",
+    "Subject entries that had no nickname entry.",
+    "Redundant email addresses (subjects with the same email address).",
+    "Subject entries that had no S/MIME entry.",
+    "Nickname entries that had no subject entry.",
+    "S/MIME entries that had no subject entry.",
+    "Subject entries with BOTH nickname and S/MIME entries."
+};
+
+enum {
+    GOBOTH = 0,
+    GORIGHT,
+    GOLEFT
+};
+
+typedef struct
+{
+    PRBool verbose;
+    PRBool dograph;
+    PRFileDesc *out;
+    PRFileDesc *graphfile;
+    int dbErrors[NUM_ERROR_TYPES];
+} dbDebugInfo;
+
+struct certDBEntryListNodeStr {
+    PRCList link;
+    certDBEntry entry;
+    void *appData;
+};
+typedef struct certDBEntryListNodeStr certDBEntryListNode;
+
+/*
+ * A list node for a cert db entry.  The index is a unique identifier
+ * to use for creating generic maps of a db.  This struct handles
+ * the cert, nickname, and smime db entry types, as all three have a
+ * single handle to a subject entry.
+ * This structure is pointed to by certDBEntryListNode->appData.
+ */
+typedef struct
+{
+    PLArenaPool *arena;
+    int index;
+    certDBEntryListNode *pSubject;
+} certDBEntryMap;
+
+/*
+ * Subject entry is special case, it has bidirectional handles.  One
+ * subject entry can point to several certs (using the same DN), and
+ * a nickname and/or smime entry.
+ * This structure is pointed to by certDBEntryListNode->appData.
+ */
+typedef struct
+{
+    PLArenaPool *arena;
+    int index;
+    int numCerts;
+    certDBEntryListNode **pCerts;
+    certDBEntryListNode *pNickname;
+    certDBEntryListNode *pSMime;
+} certDBSubjectEntryMap;
+
+/*
+ * A map of a certdb.
+ */
+typedef struct
+{
+    int numCerts;
+    int numSubjects;
+    int numNicknames;
+    int numSMime;
+    int numRevocation;
+    certDBEntryListNode certs;      /* pointer to head of cert list */
+    certDBEntryListNode subjects;   /* pointer to head of subject list */
+    certDBEntryListNode nicknames;  /* pointer to head of nickname list */
+    certDBEntryListNode smime;      /* pointer to head of smime list */
+    certDBEntryListNode revocation; /* pointer to head of revocation list */
+} certDBArray;
+
+/* Cast list to the base element, a certDBEntryListNode. */
+#define LISTNODE_CAST(node) \
+    ((certDBEntryListNode *)(node))
+
+static void
+Usage(char *progName)
+{
+#define FPS fprintf(stderr,
+    FPS "Type %s -H for more detailed descriptions\n", progName);
+    FPS "Usage:  %s -D [-d certdir] [-m] [-v [-f dumpfile]]\n",
+    progName);
+#ifdef DORECOVER
+    FPS "        %s -R -o newdbname [-d certdir] [-aprsx] [-v [-f dumpfile]]\n",
+    progName);
+#endif
+    exit(-1);
+}
+
+static void
+LongUsage(char *progName)
+{
+    FPS "%-15s Display this help message.\n",
+    "-H");
+    FPS "%-15s Dump analysis.  No changes will be made to the database.\n",
+    "-D");
+    FPS "%-15s Cert database directory (default is ~/.netscape)\n",
+    "   -d certdir");
+    FPS "%-15s Put database graph in ./mailfile (default is stdout).\n",
+    "   -m");
+    FPS "%-15s Verbose mode.  Dumps the entire contents of your cert8.db.\n",
+    "   -v");
+    FPS "%-15s File to dump verbose output into. (default is stdout)\n",
+    "   -f dumpfile");
+#ifdef DORECOVER
+    FPS "%-15s Repair the database.  The program will look for broken\n",
+    "-R");
+    FPS "%-15s dependencies between subject entries and certificates,\n",
+        "");
+    FPS "%-15s between nickname entries and subjects, and between SMIME\n",
+        "");
+    FPS "%-15s profiles and subjects.  Any duplicate entries will be\n",
+        "");
+    FPS "%-15s removed, any missing entries will be created.\n",
+        "");
+    FPS "%-15s File to store new database in (default is new_cert8.db)\n",
+    "   -o newdbname");
+    FPS "%-15s Cert database directory (default is ~/.netscape)\n",
+    "   -d certdir");
+    FPS "%-15s Prompt before removing any certificates.\n",
+        "   -p");
+    FPS "%-15s Keep all possible certificates.  Only remove certificates\n",
+    "   -a");
+    FPS "%-15s which prevent creation of a consistent database.  Thus any\n",
+    "");
+    FPS "%-15s expired or redundant entries will be kept.\n",
+    "");
+    FPS "%-15s Keep redundant nickname/email entries.  It is possible\n",
+    "   -r");
+    FPS "%-15s only one such entry will be usable.\n",
+    "");
+    FPS "%-15s Don't require an S/MIME profile in order to keep an S/MIME\n",
+    "   -s");
+    FPS "%-15s cert.  An empty profile will be created.\n",
+    "");
+    FPS "%-15s Keep expired certificates.\n",
+    "   -x");
+    FPS "%-15s Verbose mode - report all activity while recovering db.\n",
+    "   -v");
+    FPS "%-15s File to dump verbose output into.\n",
+    "   -f dumpfile");
+    FPS "\n");
+#endif
+    exit(-1);
+#undef FPS
+}
+
+/*******************************************************************
+ *
+ *  Functions for dbck.
+ *
+ ******************************************************************/
+
+void
+printHexString(PRFileDesc *out, SECItem *hexval)
+{
+    unsigned int i;
+    for (i = 0; i < hexval->len; i++) {
+        if (i != hexval->len - 1) {
+            PR_fprintf(out, "%02x:", hexval->data[i]);
+        } else {
+            PR_fprintf(out, "%02x", hexval->data[i]);
+        }
+    }
+    PR_fprintf(out, "\n");
+}
+
+SECStatus
+dumpCertificate(CERTCertificate *cert, int num, PRFileDesc *outfile)
+{
+    int userCert = 0;
+    CERTCertTrust *trust = cert->trust;
+    userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
+               (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
+               (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
+    if (num >= 0) {
+        PR_fprintf(outfile, "Certificate: %3d\n", num);
+    } else {
+        PR_fprintf(outfile, "Certificate:\n");
+    }
+    PR_fprintf(outfile, "----------------\n");
+    if (userCert)
+        PR_fprintf(outfile, "(User Cert)\n");
+    PR_fprintf(outfile, "## SUBJECT:  %s\n", cert->subjectName);
+    PR_fprintf(outfile, "## ISSUER:  %s\n", cert->issuerName);
+    PR_fprintf(outfile, "## SERIAL NUMBER:  ");
+    printHexString(outfile, &cert->serialNumber);
+    { /*  XXX should be separate function.  */
+        PRTime timeBefore, timeAfter;
+        PRExplodedTime beforePrintable, afterPrintable;
+        char *beforestr, *afterstr;
+        DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
+        DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
+        PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
+        PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
+        beforestr = PORT_Alloc(100);
+        afterstr = PORT_Alloc(100);
+        PR_FormatTime(beforestr, 100, "%a %b %d %H:%M:%S %Y", &beforePrintable);
+        PR_FormatTime(afterstr, 100, "%a %b %d %H:%M:%S %Y", &afterPrintable);
+        PR_fprintf(outfile, "## VALIDITY:  %s to %s\n", beforestr, afterstr);
+    }
+    PR_fprintf(outfile, "\n");
+    return SECSuccess;
+}
+
+SECStatus
+dumpCertEntry(certDBEntryCert *entry, int num, PRFileDesc *outfile)
+{
+#if 0
+    NSSLOWCERTCertificate *cert;
+    /* should we check for existing duplicates? */
+    cert = nsslowcert_DecodeDERCertificate(&entry->cert.derCert,
+                        entry->cert.nickname);
+#else
+    CERTCertificate *cert;
+    cert = CERT_DecodeDERCertificate(&entry->derCert, PR_FALSE, NULL);
+#endif
+    if (!cert) {
+        fprintf(stderr, "Failed to decode certificate.\n");
+        return SECFailure;
+    }
+    cert->trust = (CERTCertTrust *)&entry->trust;
+    dumpCertificate(cert, num, outfile);
+    CERT_DestroyCertificate(cert);
+    return SECSuccess;
+}
+
+SECStatus
+dumpSubjectEntry(certDBEntrySubject *entry, int num, PRFileDesc *outfile)
+{
+    char *subjectName = CERT_DerNameToAscii(&entry->derSubject);
+
+    PR_fprintf(outfile, "Subject: %3d\n", num);
+    PR_fprintf(outfile, "------------\n");
+    PR_fprintf(outfile, "## %s\n", subjectName);
+    if (entry->nickname)
+        PR_fprintf(outfile, "## Subject nickname:  %s\n", entry->nickname);
+    if (entry->emailAddrs) {
+        unsigned int n;
+        for (n = 0; n < entry->nemailAddrs && entry->emailAddrs[n]; ++n) {
+            char *emailAddr = entry->emailAddrs[n];
+            if (emailAddr[0]) {
+                PR_fprintf(outfile, "## Subject email address:  %s\n",
+                           emailAddr);
+            }
+        }
+    }
+    PR_fprintf(outfile, "## This subject has %d cert(s).\n", entry->ncerts);
+    PR_fprintf(outfile, "\n");
+    PORT_Free(subjectName);
+    return SECSuccess;
+}
+
+SECStatus
+dumpNicknameEntry(certDBEntryNickname *entry, int num, PRFileDesc *outfile)
+{
+    PR_fprintf(outfile, "Nickname: %3d\n", num);
+    PR_fprintf(outfile, "-------------\n");
+    PR_fprintf(outfile, "##  \"%s\"\n\n", entry->nickname);
+    return SECSuccess;
+}
+
+SECStatus
+dumpSMimeEntry(certDBEntrySMime *entry, int num, PRFileDesc *outfile)
+{
+    PR_fprintf(outfile, "S/MIME Profile: %3d\n", num);
+    PR_fprintf(outfile, "-------------------\n");
+    PR_fprintf(outfile, "##  \"%s\"\n", entry->emailAddr);
+#ifdef OLDWAY
+    PR_fprintf(outfile, "##  OPTIONS:  ");
+    printHexString(outfile, &entry->smimeOptions);
+    PR_fprintf(outfile, "##  TIMESTAMP:  ");
+    printHexString(outfile, &entry->optionsDate);
+#else
+    SECU_PrintAny(stdout, &entry->smimeOptions, "##  OPTIONS  ", 0);
+    fflush(stdout);
+    if (entry->optionsDate.len && entry->optionsDate.data)
+        PR_fprintf(outfile, "##  TIMESTAMP: %.*s\n",
+                   entry->optionsDate.len, entry->optionsDate.data);
+#endif
+    PR_fprintf(outfile, "\n");
+    return SECSuccess;
+}
+
+SECStatus
+mapCertEntries(certDBArray *dbArray)
+{
+    certDBEntryCert *certEntry;
+    certDBEntrySubject *subjectEntry;
+    certDBEntryListNode *certNode, *subjNode;
+    certDBSubjectEntryMap *smap;
+    certDBEntryMap *map;
+    PLArenaPool *tmparena;
+    SECItem derSubject;
+    SECItem certKey;
+    PRCList *cElem, *sElem;
+
+    /* Arena for decoded entries */
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    /* Iterate over cert entries and map them to subject entries.
+     * NOTE: mapSubjectEntries must be called first to alloc memory
+     * for array of subject->cert map.
+     */
+    for (cElem = PR_LIST_HEAD(&dbArray->certs.link);
+         cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) {
+        certNode = LISTNODE_CAST(cElem);
+        certEntry = (certDBEntryCert *)&certNode->entry;
+        map = (certDBEntryMap *)certNode->appData;
+        CERT_NameFromDERCert(&certEntry->derCert, &derSubject);
+        CERT_KeyFromDERCert(tmparena, &certEntry->derCert, &certKey);
+        /*  Loop over found subjects for cert's DN.  */
+        for (sElem = PR_LIST_HEAD(&dbArray->subjects.link);
+             sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) {
+            subjNode = LISTNODE_CAST(sElem);
+            subjectEntry = (certDBEntrySubject *)&subjNode->entry;
+            if (SECITEM_ItemsAreEqual(&derSubject, &subjectEntry->derSubject)) {
+                unsigned int i;
+                /*  Found matching subject name, create link.  */
+                map->pSubject = subjNode;
+                /*  Make sure subject entry has cert's key.  */
+                for (i = 0; i < subjectEntry->ncerts; i++) {
+                    if (SECITEM_ItemsAreEqual(&certKey,
+                                              &subjectEntry->certKeys[i])) {
+                        /*  Found matching cert key.  */
+                        smap = (certDBSubjectEntryMap *)subjNode->appData;
+                        smap->pCerts[i] = certNode;
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return SECSuccess;
+}
+
+SECStatus
+mapSubjectEntries(certDBArray *dbArray)
+{
+    certDBEntrySubject *subjectEntry;
+    certDBEntryListNode *subjNode;
+    certDBSubjectEntryMap *subjMap;
+    PRCList *sElem;
+
+    for (sElem = PR_LIST_HEAD(&dbArray->subjects.link);
+         sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) {
+        /* Iterate over subject entries and map subjects to nickname
+         * and smime entries.  The cert<->subject map will be handled
+         * by a subsequent call to mapCertEntries.
+         */
+        subjNode = LISTNODE_CAST(sElem);
+        subjectEntry = (certDBEntrySubject *)&subjNode->entry;
+        subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+        /* need to alloc memory here for array of matching certs. */
+        subjMap->pCerts = PORT_ArenaAlloc(subjMap->arena,
+                                          subjectEntry->ncerts * sizeof(int));
+        subjMap->numCerts = subjectEntry->ncerts;
+        subjMap->pNickname = NoNickname;
+        subjMap->pSMime = NoSMime;
+
+        if (subjectEntry->nickname) {
+            /* Subject should have a nickname entry, so create a link. */
+            PRCList *nElem;
+            for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link);
+                 nElem != &dbArray->nicknames.link;
+                 nElem = PR_NEXT_LINK(nElem)) {
+                certDBEntryListNode *nickNode;
+                certDBEntryNickname *nicknameEntry;
+                /*  Look for subject's nickname in nickname entries.  */
+                nickNode = LISTNODE_CAST(nElem);
+                nicknameEntry = (certDBEntryNickname *)&nickNode->entry;
+                if (PL_strcmp(subjectEntry->nickname,
+                              nicknameEntry->nickname) == 0) {
+                    /*  Found a nickname entry for subject's nickname.  */
+                    if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
+                                              &nicknameEntry->subjectName)) {
+                        certDBEntryMap *nickMap;
+                        nickMap = (certDBEntryMap *)nickNode->appData;
+                        /*  Nickname and subject match.  */
+                        subjMap->pNickname = nickNode;
+                        nickMap->pSubject = subjNode;
+                    } else if (subjMap->pNickname == NoNickname) {
+                        /*  Nickname entry found is for diff. subject.  */
+                        subjMap->pNickname = WrongEntry;
+                    }
+                }
+            }
+        }
+        if (subjectEntry->emailAddrs) {
+            unsigned int n;
+            for (n = 0; n < subjectEntry->nemailAddrs &&
+                        subjectEntry->emailAddrs[n];
+                 ++n) {
+                char *emailAddr = subjectEntry->emailAddrs[n];
+                if (emailAddr[0]) {
+                    PRCList *mElem;
+                    /* Subject should have an smime entry, so create a link. */
+                    for (mElem = PR_LIST_HEAD(&dbArray->smime.link);
+                         mElem != &dbArray->smime.link;
+                         mElem = PR_NEXT_LINK(mElem)) {
+                        certDBEntryListNode *smimeNode;
+                        certDBEntrySMime *smimeEntry;
+                        /*  Look for subject's email in S/MIME entries.  */
+                        smimeNode = LISTNODE_CAST(mElem);
+                        smimeEntry = (certDBEntrySMime *)&smimeNode->entry;
+                        if (PL_strcmp(emailAddr,
+                                      smimeEntry->emailAddr) == 0) {
+                            /*  Found a S/MIME entry for subject's email.  */
+                            if (SECITEM_ItemsAreEqual(
+                                    &subjectEntry->derSubject,
+                                    &smimeEntry->subjectName)) {
+                                certDBEntryMap *smimeMap;
+                                /*  S/MIME entry and subject match.  */
+                                subjMap->pSMime = smimeNode;
+                                smimeMap = (certDBEntryMap *)smimeNode->appData;
+                                smimeMap->pSubject = subjNode;
+                            } else if (subjMap->pSMime == NoSMime) {
+                                /*  S/MIME entry found is for diff. subject.  */
+                                subjMap->pSMime = WrongEntry;
+                            }
+                        }
+                    } /* end for */
+                }     /* endif (emailAddr[0]) */
+            }         /* end for */
+        }             /* endif (subjectEntry->emailAddrs) */
+    }
+    return SECSuccess;
+}
+
+void
+printnode(dbDebugInfo *info, const char *str, int num)
+{
+    if (!info->dograph)
+        return;
+    if (num < 0) {
+        PR_fprintf(info->graphfile, str);
+    } else {
+        PR_fprintf(info->graphfile, str, num);
+    }
+}
+
+PRBool
+map_handle_is_ok(dbDebugInfo *info, void *mapPtr, int indent)
+{
+    if (mapPtr == NULL) {
+        if (indent > 0)
+            printnode(info, "                ", -1);
+        if (indent >= 0)
+            printnode(info, "******************* ", -1);
+        return PR_FALSE;
+    } else if (mapPtr == WrongEntry) {
+        if (indent > 0)
+            printnode(info, "                  ", -1);
+        if (indent >= 0)
+            printnode(info, "??????????????????? ", -1);
+        return PR_FALSE;
+    } else {
+        return PR_TRUE;
+    }
+}
+
+/* these call each other */
+void print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap,
+                       int direction);
+void print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap,
+                          int direction);
+void print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap,
+                         int direction, int optindex, int opttype);
+void print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap,
+                      int direction);
+
+/* Given an smime entry, print its unique identifier.  If GOLEFT is
+ * specified, print the cert<-subject<-smime map, else just print
+ * the smime entry.
+ */
+void
+print_smime_graph(dbDebugInfo *info, certDBEntryMap *smimeMap, int direction)
+{
+    certDBSubjectEntryMap *subjMap;
+    certDBEntryListNode *subjNode;
+    if (direction == GOLEFT) {
+        /* Need to output subject and cert first, see print_subject_graph */
+        subjNode = smimeMap->pSubject;
+        if (map_handle_is_ok(info, (void *)subjNode, 1)) {
+            subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+            print_subject_graph(info, subjMap, GOLEFT,
+                                smimeMap->index, certDBEntryTypeSMimeProfile);
+        } else {
+            printnode(info, "<---- S/MIME   %5d   ", smimeMap->index);
+            info->dbErrors[NoSubjectForSMime]++;
+        }
+    } else {
+        printnode(info, "S/MIME   %5d   ", smimeMap->index);
+    }
+}
+
+/* Given a nickname entry, print its unique identifier.  If GOLEFT is
+ * specified, print the cert<-subject<-nickname map, else just print
+ * the nickname entry.
+ */
+void
+print_nickname_graph(dbDebugInfo *info, certDBEntryMap *nickMap, int direction)
+{
+    certDBSubjectEntryMap *subjMap;
+    certDBEntryListNode *subjNode;
+    if (direction == GOLEFT) {
+        /* Need to output subject and cert first, see print_subject_graph */
+        subjNode = nickMap->pSubject;
+        if (map_handle_is_ok(info, (void *)subjNode, 1)) {
+            subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+            print_subject_graph(info, subjMap, GOLEFT,
+                                nickMap->index, certDBEntryTypeNickname);
+        } else {
+            printnode(info, "<---- Nickname %5d   ", nickMap->index);
+            info->dbErrors[NoSubjectForNickname]++;
+        }
+    } else {
+        printnode(info, "Nickname %5d   ", nickMap->index);
+    }
+}
+
+/* Given a subject entry, if going right print the graph of the nickname|smime
+ * that it maps to (by its unique identifier); and if going left
+ * print the list of certs that it points to.
+ */
+void
+print_subject_graph(dbDebugInfo *info, certDBSubjectEntryMap *subjMap,
+                    int direction, int optindex, int opttype)
+{
+    certDBEntryMap *map;
+    certDBEntryListNode *node;
+    int i;
+    /* The first line of output always contains the cert id, subject id,
+     * and nickname|smime id.  Subsequent lines may contain additional
+     * cert id's for the subject if going left or both directions.
+     * Ex. of printing the graph for a subject entry:
+     * Cert 3 <- Subject 5 -> Nickname 32
+     * Cert 8 /
+     * Cert 9 /
+     * means subject 5 has 3 certs, 3, 8, and 9, and corresponds
+     * to nickname entry 32.
+     * To accomplish the above, it is required to dump the entire first
+     * line left-to-right, regardless of the input direction, and then
+     * finish up any remaining cert entries.  Hence the code is uglier
+     * than one may expect.
+     */
+    if (direction == GOLEFT || direction == GOBOTH) {
+        /* In this case, nothing should be output until the first cert is
+         * located and output (cert 3 in the above example).
+         */
+        if (subjMap->numCerts == 0 || subjMap->pCerts == NULL)
+            /* XXX uh-oh */
+            return;
+        /* get the first cert and dump it. */
+        node = subjMap->pCerts[0];
+        if (map_handle_is_ok(info, (void *)node, 0)) {
+            map = (certDBEntryMap *)node->appData;
+            /* going left here stops. */
+            print_cert_graph(info, map, GOLEFT);
+        } else {
+            info->dbErrors[SubjectHasNoKeyForCert]++;
+        }
+        /* Now it is safe to output the subject id. */
+        if (direction == GOLEFT)
+            printnode(info, "Subject  %5d <---- ", subjMap->index);
+        else /* direction == GOBOTH */
+            printnode(info, "Subject  %5d ----> ", subjMap->index);
+    }
+    if (direction == GORIGHT || direction == GOBOTH) {
+        /* Okay, now output the nickname|smime for this subject. */
+        if (direction != GOBOTH) /* handled above */
+            printnode(info, "Subject  %5d ----> ", subjMap->index);
+        if (subjMap->pNickname) {
+            node = subjMap->pNickname;
+            if (map_handle_is_ok(info, (void *)node, 0)) {
+                map = (certDBEntryMap *)node->appData;
+                /* going right here stops. */
+                print_nickname_graph(info, map, GORIGHT);
+            }
+        }
+        if (subjMap->pSMime) {
+            node = subjMap->pSMime;
+            if (map_handle_is_ok(info, (void *)node, 0)) {
+                map = (certDBEntryMap *)node->appData;
+                /* going right here stops. */
+                print_smime_graph(info, map, GORIGHT);
+            }
+        }
+        if (!subjMap->pNickname && !subjMap->pSMime) {
+            printnode(info, "******************* ", -1);
+            info->dbErrors[NoNicknameOrSMimeForSubject]++;
+        }
+        if (subjMap->pNickname && subjMap->pSMime) {
+            info->dbErrors[NicknameAndSMimeEntries]++;
+        }
+    }
+    if (direction != GORIGHT) { /* going right has only one cert */
+        if (opttype == certDBEntryTypeNickname)
+            printnode(info, "Nickname %5d   ", optindex);
+        else if (opttype == certDBEntryTypeSMimeProfile)
+            printnode(info, "S/MIME   %5d   ", optindex);
+        for (i = 1 /* 1st one already done */; i < subjMap->numCerts; i++) {
+            printnode(info, "\n", -1); /* start a new line */
+            node = subjMap->pCerts[i];
+            if (map_handle_is_ok(info, (void *)node, 0)) {
+                map = (certDBEntryMap *)node->appData;
+                /* going left here stops. */
+                print_cert_graph(info, map, GOLEFT);
+                printnode(info, "/", -1);
+            }
+        }
+    }
+}
+
+/* Given a cert entry, print its unique identifer.  If GORIGHT is specified,
+ * print the cert->subject->nickname|smime map, else just print
+ * the cert entry.
+ */
+void
+print_cert_graph(dbDebugInfo *info, certDBEntryMap *certMap, int direction)
+{
+    certDBSubjectEntryMap *subjMap;
+    certDBEntryListNode *subjNode;
+    if (direction == GOLEFT) {
+        printnode(info, "Cert     %5d <---- ", certMap->index);
+        /* only want cert entry, terminate here. */
+        return;
+    }
+    /* Keep going right then. */
+    printnode(info, "Cert     %5d ----> ", certMap->index);
+    subjNode = certMap->pSubject;
+    if (map_handle_is_ok(info, (void *)subjNode, 0)) {
+        subjMap = (certDBSubjectEntryMap *)subjNode->appData;
+        print_subject_graph(info, subjMap, GORIGHT, -1, -1);
+    } else {
+        info->dbErrors[NoSubjectForCert]++;
+    }
+}
+
+SECStatus
+computeDBGraph(certDBArray *dbArray, dbDebugInfo *info)
+{
+    PRCList *cElem, *sElem, *nElem, *mElem;
+    certDBEntryListNode *node;
+    certDBEntryMap *map;
+    certDBSubjectEntryMap *subjMap;
+
+    /* Graph is of this form:
+     *
+     * certs:
+     * cert ---> subject ---> (nickname|smime)
+     *
+     * subjects:
+     * cert <--- subject ---> (nickname|smime)
+     *
+     * nicknames and smime:
+     * cert <--- subject <--- (nickname|smime)
+     */
+
+    /* Print cert graph. */
+    for (cElem = PR_LIST_HEAD(&dbArray->certs.link);
+         cElem != &dbArray->certs.link; cElem = PR_NEXT_LINK(cElem)) {
+        /* Print graph of everything to right of cert entry. */
+        node = LISTNODE_CAST(cElem);
+        map = (certDBEntryMap *)node->appData;
+        print_cert_graph(info, map, GORIGHT);
+        printnode(info, "\n", -1);
+    }
+    printnode(info, "\n", -1);
+
+    /* Print subject graph. */
+    for (sElem = PR_LIST_HEAD(&dbArray->subjects.link);
+         sElem != &dbArray->subjects.link; sElem = PR_NEXT_LINK(sElem)) {
+        /* Print graph of everything to both sides of subject entry. */
+        node = LISTNODE_CAST(sElem);
+        subjMap = (certDBSubjectEntryMap *)node->appData;
+        print_subject_graph(info, subjMap, GOBOTH, -1, -1);
+        printnode(info, "\n", -1);
+    }
+    printnode(info, "\n", -1);
+
+    /* Print nickname graph. */
+    for (nElem = PR_LIST_HEAD(&dbArray->nicknames.link);
+         nElem != &dbArray->nicknames.link; nElem = PR_NEXT_LINK(nElem)) {
+        /* Print graph of everything to left of nickname entry. */
+        node = LISTNODE_CAST(nElem);
+        map = (certDBEntryMap *)node->appData;
+        print_nickname_graph(info, map, GOLEFT);
+        printnode(info, "\n", -1);
+    }
+    printnode(info, "\n", -1);
+
+    /* Print smime graph. */
+    for (mElem = PR_LIST_HEAD(&dbArray->smime.link);
+         mElem != &dbArray->smime.link; mElem = PR_NEXT_LINK(mElem)) {
+        /* Print graph of everything to left of smime entry. */
+        node = LISTNODE_CAST(mElem);
+        if (node == NULL)
+            break;
+        map = (certDBEntryMap *)node->appData;
+        print_smime_graph(info, map, GOLEFT);
+        printnode(info, "\n", -1);
+    }
+    printnode(info, "\n", -1);
+
+    return SECSuccess;
+}
+
+/*
+ * List the entries in the db, showing handles between entry types.
+ */
+void
+verboseOutput(certDBArray *dbArray, dbDebugInfo *info)
+{
+    int i, ref;
+    PRCList *elem;
+    certDBEntryListNode *node;
+    certDBEntryMap *map;
+    certDBSubjectEntryMap *smap;
+    certDBEntrySubject *subjectEntry;
+
+    /* List certs */
+    for (elem = PR_LIST_HEAD(&dbArray->certs.link);
+         elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) {
+        node = LISTNODE_CAST(elem);
+        map = (certDBEntryMap *)node->appData;
+        dumpCertEntry((certDBEntryCert *)&node->entry, map->index, info->out);
+        /* walk the cert handle to it's subject entry */
+        if (map_handle_is_ok(info, map->pSubject, -1)) {
+            smap = (certDBSubjectEntryMap *)map->pSubject->appData;
+            ref = smap->index;
+            PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
+        } else {
+            PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
+        }
+    }
+    /* List subjects */
+    for (elem = PR_LIST_HEAD(&dbArray->subjects.link);
+         elem != &dbArray->subjects.link; elem = PR_NEXT_LINK(elem)) {
+        int refs = 0;
+        node = LISTNODE_CAST(elem);
+        subjectEntry = (certDBEntrySubject *)&node->entry;
+        smap = (certDBSubjectEntryMap *)node->appData;
+        dumpSubjectEntry(subjectEntry, smap->index, info->out);
+        /* iterate over subject's certs */
+        for (i = 0; i < smap->numCerts; i++) {
+            /* walk each subject handle to it's cert entries */
+            if (map_handle_is_ok(info, smap->pCerts[i], -1)) {
+                ref = ((certDBEntryMap *)smap->pCerts[i]->appData)->index;
+                PR_fprintf(info->out, "-->(%d. certificate %d)\n", i, ref);
+            } else {
+                PR_fprintf(info->out, "-->(%d. MISSING CERT ENTRY)\n", i);
+            }
+        }
+        if (subjectEntry->nickname) {
+            ++refs;
+            /* walk each subject handle to it's nickname entry */
+            if (map_handle_is_ok(info, smap->pNickname, -1)) {
+                ref = ((certDBEntryMap *)smap->pNickname->appData)->index;
+                PR_fprintf(info->out, "-->(nickname %d)\n", ref);
+            } else {
+                PR_fprintf(info->out, "-->(MISSING NICKNAME ENTRY)\n");
+            }
+        }
+        if (subjectEntry->nemailAddrs &&
+            subjectEntry->emailAddrs &&
+            subjectEntry->emailAddrs[0] &&
+            subjectEntry->emailAddrs[0][0]) {
+            ++refs;
+            /* walk each subject handle to it's smime entry */
+            if (map_handle_is_ok(info, smap->pSMime, -1)) {
+                ref = ((certDBEntryMap *)smap->pSMime->appData)->index;
+                PR_fprintf(info->out, "-->(s/mime %d)\n", ref);
+            } else {
+                PR_fprintf(info->out, "-->(MISSING S/MIME ENTRY)\n");
+            }
+        }
+        if (!refs) {
+            PR_fprintf(info->out, "-->(NO NICKNAME+S/MIME ENTRY)\n");
+        }
+        PR_fprintf(info->out, "\n\n");
+    }
+    for (elem = PR_LIST_HEAD(&dbArray->nicknames.link);
+         elem != &dbArray->nicknames.link; elem = PR_NEXT_LINK(elem)) {
+        node = LISTNODE_CAST(elem);
+        map = (certDBEntryMap *)node->appData;
+        dumpNicknameEntry((certDBEntryNickname *)&node->entry, map->index,
+                          info->out);
+        if (map_handle_is_ok(info, map->pSubject, -1)) {
+            ref = ((certDBEntryMap *)map->pSubject->appData)->index;
+            PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
+        } else {
+            PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
+        }
+    }
+    for (elem = PR_LIST_HEAD(&dbArray->smime.link);
+         elem != &dbArray->smime.link; elem = PR_NEXT_LINK(elem)) {
+        node = LISTNODE_CAST(elem);
+        map = (certDBEntryMap *)node->appData;
+        dumpSMimeEntry((certDBEntrySMime *)&node->entry, map->index, info->out);
+        if (map_handle_is_ok(info, map->pSubject, -1)) {
+            ref = ((certDBEntryMap *)map->pSubject->appData)->index;
+            PR_fprintf(info->out, "-->(subject %d)\n\n\n", ref);
+        } else {
+            PR_fprintf(info->out, "-->(MISSING SUBJECT ENTRY)\n\n\n");
+        }
+    }
+    PR_fprintf(info->out, "\n\n");
+}
+
+/* A callback function, intended to be called from nsslowcert_TraverseDBEntries
+ * Builds a PRCList of DB entries of the specified type.
+ */
+SECStatus
+SEC_GetCertDBEntryList(SECItem *dbdata, SECItem *dbkey,
+                       certDBEntryType entryType, void *pdata)
+{
+    certDBEntry *entry;
+    certDBEntryListNode *node;
+    PRCList *list = (PRCList *)pdata;
+
+    if (!dbdata || !dbkey || !pdata || !dbdata->data || !dbkey->data) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    entry = nsslowcert_DecodeAnyDBEntry(dbdata, dbkey, entryType, NULL);
+    if (!entry) {
+        return SECSuccess; /* skip it */
+    }
+    node = PORT_ArenaZNew(entry->common.arena, certDBEntryListNode);
+    if (!node) {
+        /* DestroyDBEntry(entry); */
+        PLArenaPool *arena = entry->common.arena;
+        PORT_Memset(&entry->common, 0, sizeof entry->common);
+        PORT_FreeArena(arena, PR_FALSE);
+        return SECFailure;
+    }
+    node->entry = *entry; /* crude but effective. */
+    PR_INIT_CLIST(&node->link);
+    PR_INSERT_BEFORE(&node->link, list);
+    return SECSuccess;
+}
+
+int
+fillDBEntryArray(NSSLOWCERTCertDBHandle *handle, certDBEntryType type,
+                 certDBEntryListNode *list)
+{
+    PRCList *elem;
+    certDBEntryListNode *node;
+    certDBEntryMap *mnode;
+    certDBSubjectEntryMap *smnode;
+    PLArenaPool *arena;
+    int count = 0;
+
+    /* Initialize a dummy entry in the list.  The list head will be the
+     * next element, so this element is skipped by for loops.
+     */
+    PR_INIT_CLIST((PRCList *)list);
+    /* Collect all of the cert db entries for this type into a list. */
+    nsslowcert_TraverseDBEntries(handle, type, SEC_GetCertDBEntryList, list);
+
+    for (elem = PR_LIST_HEAD(&list->link);
+         elem != &list->link; elem = PR_NEXT_LINK(elem)) {
+        /* Iterate over the entries and ... */
+        node = (certDBEntryListNode *)elem;
+        if (type != certDBEntryTypeSubject) {
+            arena = PORT_NewArena(sizeof(*mnode));
+            mnode = PORT_ArenaZNew(arena, certDBEntryMap);
+            mnode->arena = arena;
+            /* ... assign a unique index number to each node, and ... */
+            mnode->index = count;
+            /* ... set the map pointer for the node. */
+            node->appData = (void *)mnode;
+        } else {
+            /* allocate some room for the cert pointers also */
+            arena = PORT_NewArena(sizeof(*smnode) + 20 * sizeof(void *));
+            smnode = PORT_ArenaZNew(arena, certDBSubjectEntryMap);
+            smnode->arena = arena;
+            smnode->index = count;
+            node->appData = (void *)smnode;
+        }
+        count++;
+    }
+    return count;
+}
+
+void
+freeDBEntryList(PRCList *list)
+{
+    PRCList *next, *elem;
+    certDBEntryListNode *node;
+    certDBEntryMap *map;
+
+    for (elem = PR_LIST_HEAD(list); elem != list;) {
+        next = PR_NEXT_LINK(elem);
+        node = (certDBEntryListNode *)elem;
+        map = (certDBEntryMap *)node->appData;
+        PR_REMOVE_LINK(&node->link);
+        PORT_FreeArena(map->arena, PR_TRUE);
+        PORT_FreeArena(node->entry.common.arena, PR_TRUE);
+        elem = next;
+    }
+}
+
+void
+DBCK_DebugDB(NSSLOWCERTCertDBHandle *handle, PRFileDesc *out,
+             PRFileDesc *mailfile)
+{
+    int i, nCertsFound, nSubjFound, nErr;
+    int nCerts, nSubjects, nSubjCerts, nNicknames, nSMime, nRevocation;
+    PRCList *elem;
+    char c;
+    dbDebugInfo info;
+    certDBArray dbArray;
+
+    PORT_Memset(&dbArray, 0, sizeof(dbArray));
+    PORT_Memset(&info, 0, sizeof(info));
+    info.verbose = (PRBool)(out != NULL);
+    info.dograph = info.verbose;
+    info.out = (out) ? out : PR_STDOUT;
+    info.graphfile = mailfile ? mailfile : PR_STDOUT;
+
+    /*  Fill the array structure with cert/subject/nickname/smime entries.  */
+    dbArray.numCerts = fillDBEntryArray(handle, certDBEntryTypeCert,
+                                        &dbArray.certs);
+    dbArray.numSubjects = fillDBEntryArray(handle, certDBEntryTypeSubject,
+                                           &dbArray.subjects);
+    dbArray.numNicknames = fillDBEntryArray(handle, certDBEntryTypeNickname,
+                                            &dbArray.nicknames);
+    dbArray.numSMime = fillDBEntryArray(handle, certDBEntryTypeSMimeProfile,
+                                        &dbArray.smime);
+    dbArray.numRevocation = fillDBEntryArray(handle, certDBEntryTypeRevocation,
+                                             &dbArray.revocation);
+
+    /*  Compute the map between the database entries.  */
+    mapSubjectEntries(&dbArray);
+    mapCertEntries(&dbArray);
+    computeDBGraph(&dbArray, &info);
+
+    /*  Store the totals for later reference.  */
+    nCerts = dbArray.numCerts;
+    nSubjects = dbArray.numSubjects;
+    nNicknames = dbArray.numNicknames;
+    nSMime = dbArray.numSMime;
+    nRevocation = dbArray.numRevocation;
+    nSubjCerts = 0;
+    for (elem = PR_LIST_HEAD(&dbArray.subjects.link);
+         elem != &dbArray.subjects.link; elem = PR_NEXT_LINK(elem)) {
+        certDBSubjectEntryMap *smap;
+        smap = (certDBSubjectEntryMap *)LISTNODE_CAST(elem)->appData;
+        nSubjCerts += smap->numCerts;
+    }
+
+    if (info.verbose) {
+        /*  Dump the database contents.  */
+        verboseOutput(&dbArray, &info);
+    }
+
+    freeDBEntryList(&dbArray.certs.link);
+    freeDBEntryList(&dbArray.subjects.link);
+    freeDBEntryList(&dbArray.nicknames.link);
+    freeDBEntryList(&dbArray.smime.link);
+    freeDBEntryList(&dbArray.revocation.link);
+
+    PR_fprintf(info.out, "\n");
+    PR_fprintf(info.out, "Database statistics:\n");
+    PR_fprintf(info.out, "N0: Found %4d Certificate entries.\n",
+               nCerts);
+    PR_fprintf(info.out, "N1: Found %4d Subject entries (unique DN's).\n",
+               nSubjects);
+    PR_fprintf(info.out, "N2: Found %4d Cert keys within Subject entries.\n",
+               nSubjCerts);
+    PR_fprintf(info.out, "N3: Found %4d Nickname entries.\n",
+               nNicknames);
+    PR_fprintf(info.out, "N4: Found %4d S/MIME entries.\n",
+               nSMime);
+    PR_fprintf(info.out, "N5: Found %4d CRL entries.\n",
+               nRevocation);
+    PR_fprintf(info.out, "\n");
+
+    nErr = 0;
+    for (i = 0; i < NUM_ERROR_TYPES; i++) {
+        PR_fprintf(info.out, "E%d: Found %4d %s\n",
+                   i, info.dbErrors[i], errResult[i]);
+        nErr += info.dbErrors[i];
+    }
+    PR_fprintf(info.out, "--------------\n    Found %4d errors in database.\n",
+               nErr);
+
+    PR_fprintf(info.out, "\nCertificates:\n");
+    PR_fprintf(info.out, "N0 == N2 + E%d + E%d\n", NoSubjectForCert,
+               SubjectHasNoKeyForCert);
+    nCertsFound = nSubjCerts +
+                  info.dbErrors[NoSubjectForCert] +
+                  info.dbErrors[SubjectHasNoKeyForCert];
+    c = (nCertsFound == nCerts) ? '=' : '!';
+    PR_fprintf(info.out, "%d %c= %d + %d + %d\n", nCerts, c, nSubjCerts,
+               info.dbErrors[NoSubjectForCert],
+               info.dbErrors[SubjectHasNoKeyForCert]);
+    PR_fprintf(info.out, "\nSubjects:\n");
+    PR_fprintf(info.out,
+               "N1 == N3 + N4 + E%d + E%d + E%d + E%d + E%d - E%d - E%d - E%d\n",
+               NoNicknameOrSMimeForSubject,
+               WrongNicknameForSubject,
+               NoNicknameEntry,
+               WrongSMimeForSubject,
+               NoSMimeEntry,
+               NoSubjectForNickname,
+               NoSubjectForSMime,
+               NicknameAndSMimeEntries);
+    nSubjFound = nNicknames + nSMime +
+                 info.dbErrors[NoNicknameOrSMimeForSubject] +
+                 info.dbErrors[WrongNicknameForSubject] +
+                 info.dbErrors[NoNicknameEntry] +
+                 info.dbErrors[WrongSMimeForSubject] +
+                 info.dbErrors[NoSMimeEntry] -
+                 info.dbErrors[NoSubjectForNickname] -
+                 info.dbErrors[NoSubjectForSMime] -
+                 info.dbErrors[NicknameAndSMimeEntries];
+    c = (nSubjFound == nSubjects) ? '=' : '!';
+    PR_fprintf(info.out,
+               "%2d %c= %2d + %2d + %2d + %2d + %2d + %2d + %2d - %2d - %2d - %2d\n",
+               nSubjects, c, nNicknames, nSMime,
+               info.dbErrors[NoNicknameOrSMimeForSubject],
+               info.dbErrors[WrongNicknameForSubject],
+               info.dbErrors[NoNicknameEntry],
+               info.dbErrors[WrongSMimeForSubject],
+               info.dbErrors[NoSMimeEntry],
+               info.dbErrors[NoSubjectForNickname],
+               info.dbErrors[NoSubjectForSMime],
+               info.dbErrors[NicknameAndSMimeEntries]);
+    PR_fprintf(info.out, "\n");
+}
+
+#ifdef DORECOVER
+#include "dbrecover.c"
+#endif /* DORECOVER */
+
+enum {
+    cmd_Debug = 0,
+    cmd_LongUsage,
+    cmd_Recover
+};
+
+enum {
+    opt_KeepAll = 0,
+    opt_CertDir,
+    opt_Dumpfile,
+    opt_InputDB,
+    opt_OutputDB,
+    opt_Mailfile,
+    opt_Prompt,
+    opt_KeepRedundant,
+    opt_KeepNoSMimeProfile,
+    opt_Verbose,
+    opt_KeepExpired
+};
+
+static secuCommandFlag dbck_commands[] =
+    {
+      { /* cmd_Debug,    */ 'D', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_LongUsage,*/ 'H', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_Recover,  */ 'R', PR_FALSE, 0, PR_FALSE }
+    };
+
+static secuCommandFlag dbck_options[] =
+    {
+      { /* opt_KeepAll,           */ 'a', PR_FALSE, 0, PR_FALSE },
+      { /* opt_CertDir,           */ 'd', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Dumpfile,          */ 'f', PR_TRUE, 0, PR_FALSE },
+      { /* opt_InputDB,           */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_OutputDB,          */ 'o', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Mailfile,          */ 'm', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Prompt,            */ 'p', PR_FALSE, 0, PR_FALSE },
+      { /* opt_KeepRedundant,     */ 'r', PR_FALSE, 0, PR_FALSE },
+      { /* opt_KeepNoSMimeProfile,*/ 's', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Verbose,           */ 'v', PR_FALSE, 0, PR_FALSE },
+      { /* opt_KeepExpired,       */ 'x', PR_FALSE, 0, PR_FALSE }
+    };
+
+#define CERT_DB_FMT "%s/cert%s.db"
+
+static char *
+dbck_certdb_name_cb(void *arg, int dbVersion)
+{
+    const char *configdir = (const char *)arg;
+    const char *dbver;
+    char *smpname = NULL;
+    char *dbname = NULL;
+
+    switch (dbVersion) {
+        case 8:
+            dbver = "8";
+            break;
+        case 7:
+            dbver = "7";
+            break;
+        case 6:
+            dbver = "6";
+            break;
+        case 5:
+            dbver = "5";
+            break;
+        case 4:
+        default:
+            dbver = "";
+            break;
+    }
+
+    /* make sure we return something allocated with PORT_ so we have properly
+     * matched frees at the end */
+    smpname = PR_smprintf(CERT_DB_FMT, configdir, dbver);
+    if (smpname) {
+        dbname = PORT_Strdup(smpname);
+        PR_smprintf_free(smpname);
+    }
+    return dbname;
+}
+
+int
+main(int argc, char **argv)
+{
+    NSSLOWCERTCertDBHandle *certHandle;
+
+    PRFileDesc *mailfile = NULL;
+    PRFileDesc *dumpfile = NULL;
+
+    char *pathname = 0;
+    char *fullname = 0;
+    char *newdbname = 0;
+
+    PRBool removeExpired, requireProfile, singleEntry;
+    SECStatus rv;
+    secuCommand dbck;
+
+    dbck.numCommands = sizeof(dbck_commands) / sizeof(secuCommandFlag);
+    dbck.numOptions = sizeof(dbck_options) / sizeof(secuCommandFlag);
+    dbck.commands = dbck_commands;
+    dbck.options = dbck_options;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &dbck);
+
+    if (rv != SECSuccess)
+        Usage(progName);
+
+    if (dbck.commands[cmd_LongUsage].activated)
+        LongUsage(progName);
+
+    if (!dbck.commands[cmd_Debug].activated &&
+        !dbck.commands[cmd_Recover].activated) {
+        PR_fprintf(PR_STDERR, "Please specify -H, -D or -R.\n");
+        Usage(progName);
+    }
+
+    removeExpired = !(dbck.options[opt_KeepAll].activated ||
+                      dbck.options[opt_KeepExpired].activated);
+
+    requireProfile = !(dbck.options[opt_KeepAll].activated ||
+                       dbck.options[opt_KeepNoSMimeProfile].activated);
+
+    singleEntry = !(dbck.options[opt_KeepAll].activated ||
+                    dbck.options[opt_KeepRedundant].activated);
+
+    if (dbck.options[opt_OutputDB].activated) {
+        newdbname = PL_strdup(dbck.options[opt_OutputDB].arg);
+    } else {
+        newdbname = PL_strdup("new_cert8.db");
+    }
+
+    /*  Create a generic graph of the database.  */
+    if (dbck.options[opt_Mailfile].activated) {
+        mailfile = PR_Open("./mailfile", PR_RDWR | PR_CREATE_FILE, 00660);
+        if (!mailfile) {
+            fprintf(stderr, "Unable to create mailfile.\n");
+            return -1;
+        }
+    }
+
+    /*  Dump all debugging info while running.  */
+    if (dbck.options[opt_Verbose].activated) {
+        if (dbck.options[opt_Dumpfile].activated) {
+            dumpfile = PR_Open(dbck.options[opt_Dumpfile].arg,
+                               PR_RDWR | PR_CREATE_FILE, 00660);
+            if (!dumpfile) {
+                fprintf(stderr, "Unable to create dumpfile.\n");
+                return -1;
+            }
+        } else {
+            dumpfile = PR_STDOUT;
+        }
+    }
+
+    /*  Set the cert database directory.  */
+    if (dbck.options[opt_CertDir].activated) {
+        SECU_ConfigDirectory(dbck.options[opt_CertDir].arg);
+    }
+
+    pathname = SECU_ConfigDirectory(NULL);
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_NoDB_Init(pathname);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "NSS_NoDB_Init failed\n");
+        return -1;
+    }
+
+    certHandle = PORT_ZNew(NSSLOWCERTCertDBHandle);
+    if (!certHandle) {
+        SECU_PrintError(progName, "unable to get database handle");
+        return -1;
+    }
+    certHandle->ref = 1;
+
+#ifdef NOTYET
+    /*  Open the possibly corrupt database.  */
+    if (dbck.options[opt_InputDB].activated) {
+        PRFileInfo fileInfo;
+        fullname = PR_smprintf("%s/%s", pathname,
+                               dbck.options[opt_InputDB].arg);
+        if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) {
+            fprintf(stderr, "Unable to read file \"%s\".\n", fullname);
+            return -1;
+        }
+        rv = CERT_OpenCertDBFilename(certHandle, fullname, PR_TRUE);
+    } else
+#endif
+    {
+/*  Use the default.  */
+#ifdef NOTYET
+        fullname = SECU_CertDBNameCallback(NULL, CERT_DB_FILE_VERSION);
+        if (PR_GetFileInfo(fullname, &fileInfo) != PR_SUCCESS) {
+            fprintf(stderr, "Unable to read file \"%s\".\n", fullname);
+            return -1;
+        }
+#endif
+        rv = nsslowcert_OpenCertDB(certHandle,
+                                   PR_TRUE,             /* readOnly */
+                                   NULL,                /* rdb appName */
+                                   "",                  /* rdb prefix */
+                                   dbck_certdb_name_cb, /* namecb */
+                                   pathname,            /* configDir */
+                                   PR_FALSE);           /* volatile */
+    }
+
+    if (rv) {
+        SECU_PrintError(progName, "unable to open cert database");
+        return -1;
+    }
+
+    if (dbck.commands[cmd_Debug].activated) {
+        DBCK_DebugDB(certHandle, dumpfile, mailfile);
+        return 0;
+    }
+
+#ifdef DORECOVER
+    if (dbck.commands[cmd_Recover].activated) {
+        DBCK_ReconstructDBFromCerts(certHandle, newdbname,
+                                    dumpfile, removeExpired,
+                                    requireProfile, singleEntry,
+                                    dbck.options[opt_Prompt].activated);
+        return 0;
+    }
+#endif
+
+    if (mailfile)
+        PR_Close(mailfile);
+    if (dumpfile)
+        PR_Close(dumpfile);
+    if (certHandle) {
+        nsslowcert_ClosePermCertDB(certHandle);
+        PORT_Free(certHandle);
+    }
+    return -1;
+}
diff --git a/nss/cmd/dbck/dbrecover.c b/nss/cmd/dbck/dbrecover.c
new file mode 100644
index 0000000..74d21d8
--- /dev/null
+++ b/nss/cmd/dbck/dbrecover.c
@@ -0,0 +1,668 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+enum {
+    dbInvalidCert = 0,
+    dbNoSMimeProfile,
+    dbOlderCert,
+    dbBadCertificate,
+    dbCertNotWrittenToDB
+};
+
+typedef struct dbRestoreInfoStr {
+    NSSLOWCERTCertDBHandle *handle;
+    PRBool verbose;
+    PRFileDesc *out;
+    int nCerts;
+    int nOldCerts;
+    int dbErrors[5];
+    PRBool removeType[3];
+    PRBool promptUser[3];
+} dbRestoreInfo;
+
+char *
+IsEmailCert(CERTCertificate *cert)
+{
+    char *email, *tmp1, *tmp2;
+    PRBool isCA;
+    int len;
+
+    if (!cert->subjectName) {
+        return NULL;
+    }
+
+    tmp1 = PORT_Strstr(cert->subjectName, "E=");
+    tmp2 = PORT_Strstr(cert->subjectName, "MAIL=");
+    /* XXX Nelson has cert for KTrilli which does not have either
+     * of above but is email cert (has cert->emailAddr).
+     */
+    if (!tmp1 && !tmp2 && !(cert->emailAddr && cert->emailAddr[0])) {
+        return NULL;
+    }
+
+    /*  Server or CA cert, not personal email.  */
+    isCA = CERT_IsCACert(cert, NULL);
+    if (isCA)
+        return NULL;
+
+    /*  XXX CERT_IsCACert advertises checking the key usage ext.,
+        but doesn't appear to. */
+    /*  Check the key usage extension.  */
+    if (cert->keyUsagePresent) {
+        /*  Must at least be able to sign or encrypt (not neccesarily
+         *  both if it is one of a dual cert).
+         */
+        if (!((cert->rawKeyUsage & KU_DIGITAL_SIGNATURE) ||
+              (cert->rawKeyUsage & KU_KEY_ENCIPHERMENT)))
+            return NULL;
+
+        /*  CA cert, not personal email.  */
+        if (cert->rawKeyUsage & (KU_KEY_CERT_SIGN | KU_CRL_SIGN))
+            return NULL;
+    }
+
+    if (cert->emailAddr && cert->emailAddr[0]) {
+        email = PORT_Strdup(cert->emailAddr);
+    } else {
+        if (tmp1)
+            tmp1 += 2; /* "E="  */
+        else
+            tmp1 = tmp2 + 5; /* "MAIL=" */
+        len = strcspn(tmp1, ", ");
+        email = (char *)PORT_Alloc(len + 1);
+        PORT_Strncpy(email, tmp1, len);
+        email[len] = '\0';
+    }
+
+    return email;
+}
+
+SECStatus
+deleteit(CERTCertificate *cert, void *arg)
+{
+    return SEC_DeletePermCertificate(cert);
+}
+
+/*  Different than DeleteCertificate - has the added bonus of removing
+ *  all certs with the same DN.
+ */
+SECStatus
+deleteAllEntriesForCert(NSSLOWCERTCertDBHandle *handle, CERTCertificate *cert,
+                        PRFileDesc *outfile)
+{
+#if 0
+    certDBEntrySubject *subjectEntry;
+    certDBEntryNickname *nicknameEntry;
+    certDBEntrySMime *smimeEntry;
+    int i;
+#endif
+
+    if (outfile) {
+        PR_fprintf(outfile, "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$\n\n");
+        PR_fprintf(outfile, "Deleting redundant certificate:\n");
+        dumpCertificate(cert, -1, outfile);
+    }
+
+    CERT_TraverseCertsForSubject(handle, cert->subjectList, deleteit, NULL);
+#if 0
+    CERT_LockDB(handle);
+    subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject);
+    /*  It had better be there, or created a bad db.  */
+    PORT_Assert(subjectEntry);
+    for (i=0; i<subjectEntry->ncerts; i++) {
+        DeleteDBCertEntry(handle, &subjectEntry->certKeys[i]);
+    }
+    DeleteDBSubjectEntry(handle, &cert->derSubject);
+    if (subjectEntry->emailAddr && subjectEntry->emailAddr[0]) {
+        smimeEntry = ReadDBSMimeEntry(handle, subjectEntry->emailAddr);
+        if (smimeEntry) {
+            if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
+                                      &smimeEntry->subjectName))
+                /*  Only delete it if it's for this subject!  */
+                DeleteDBSMimeEntry(handle, subjectEntry->emailAddr);
+            SEC_DestroyDBEntry((certDBEntry*)smimeEntry);
+        }
+    }
+    if (subjectEntry->nickname) {
+        nicknameEntry = ReadDBNicknameEntry(handle, subjectEntry->nickname);
+        if (nicknameEntry) {
+            if (SECITEM_ItemsAreEqual(&subjectEntry->derSubject,
+                                      &nicknameEntry->subjectName))
+                /*  Only delete it if it's for this subject!  */
+                DeleteDBNicknameEntry(handle, subjectEntry->nickname);
+            SEC_DestroyDBEntry((certDBEntry*)nicknameEntry);
+        }
+    }
+    SEC_DestroyDBEntry((certDBEntry*)subjectEntry);
+    CERT_UnlockDB(handle);
+#endif
+    return SECSuccess;
+}
+
+void
+getCertsToDelete(char *numlist, int len, int *certNums, int nCerts)
+{
+    int j, num;
+    char *numstr, *numend, *end;
+
+    numstr = numlist;
+    end = numstr + len - 1;
+    while (numstr != end) {
+        numend = strpbrk(numstr, ", \n");
+        *numend = '\0';
+        if (PORT_Strlen(numstr) == 0)
+            return;
+        num = PORT_Atoi(numstr);
+        if (numstr == numlist)
+            certNums[0] = num;
+        for (j = 1; j < nCerts + 1; j++) {
+            if (num == certNums[j]) {
+                certNums[j] = -1;
+                break;
+            }
+        }
+        if (numend == end)
+            break;
+        numstr = strpbrk(numend + 1, "0123456789");
+    }
+}
+
+PRBool
+userSaysDeleteCert(CERTCertificate **certs, int nCerts,
+                   int errtype, dbRestoreInfo *info, int *certNums)
+{
+    char response[32];
+    PRInt32 nb;
+    int i;
+    /*  User wants to remove cert without prompting.  */
+    if (info->promptUser[errtype] == PR_FALSE)
+        return (info->removeType[errtype]);
+    switch (errtype) {
+        case dbInvalidCert:
+            PR_fprintf(PR_STDOUT, "********  Expired ********\n");
+            PR_fprintf(PR_STDOUT, "Cert has expired.\n\n");
+            dumpCertificate(certs[0], -1, PR_STDOUT);
+            PR_fprintf(PR_STDOUT,
+                       "Keep it? (y/n - this one, Y/N - all expired certs) [n] ");
+            break;
+        case dbNoSMimeProfile:
+            PR_fprintf(PR_STDOUT, "********  No Profile ********\n");
+            PR_fprintf(PR_STDOUT, "S/MIME cert has no profile.\n\n");
+            dumpCertificate(certs[0], -1, PR_STDOUT);
+            PR_fprintf(PR_STDOUT,
+                       "Keep it? (y/n - this one, Y/N - all S/MIME w/o profile) [n] ");
+            break;
+        case dbOlderCert:
+            PR_fprintf(PR_STDOUT, "*******  Redundant nickname/email *******\n\n");
+            PR_fprintf(PR_STDOUT, "These certs have the same nickname/email:\n");
+            for (i = 0; i < nCerts; i++)
+                dumpCertificate(certs[i], i, PR_STDOUT);
+            PR_fprintf(PR_STDOUT,
+                       "Enter the certs you would like to keep from those listed above.\n");
+            PR_fprintf(PR_STDOUT,
+                       "Use a comma-separated list of the cert numbers (ex. 0, 8, 12).\n");
+            PR_fprintf(PR_STDOUT,
+                       "The first cert in the list will be the primary cert\n");
+            PR_fprintf(PR_STDOUT,
+                       " accessed by the nickname/email handle.\n");
+            PR_fprintf(PR_STDOUT,
+                       "List cert numbers to keep here, or hit enter\n");
+            PR_fprintf(PR_STDOUT,
+                       " to always keep only the newest cert:  ");
+            break;
+        default:
+    }
+    nb = PR_Read(PR_STDIN, response, sizeof(response));
+    PR_fprintf(PR_STDOUT, "\n\n");
+    if (errtype == dbOlderCert) {
+        if (!isdigit(response[0])) {
+            info->promptUser[errtype] = PR_FALSE;
+            info->removeType[errtype] = PR_TRUE;
+            return PR_TRUE;
+        }
+        getCertsToDelete(response, nb, certNums, nCerts);
+        return PR_TRUE;
+    }
+    /*  User doesn't want to be prompted for this type anymore.  */
+    if (response[0] == 'Y') {
+        info->promptUser[errtype] = PR_FALSE;
+        info->removeType[errtype] = PR_FALSE;
+        return PR_FALSE;
+    } else if (response[0] == 'N') {
+        info->promptUser[errtype] = PR_FALSE;
+        info->removeType[errtype] = PR_TRUE;
+        return PR_TRUE;
+    }
+    return (response[0] != 'y') ? PR_TRUE : PR_FALSE;
+}
+
+SECStatus
+addCertToDB(certDBEntryCert *certEntry, dbRestoreInfo *info,
+            NSSLOWCERTCertDBHandle *oldhandle)
+{
+    SECStatus rv = SECSuccess;
+    PRBool allowOverride;
+    PRBool userCert;
+    SECCertTimeValidity validity;
+    CERTCertificate *oldCert = NULL;
+    CERTCertificate *dbCert = NULL;
+    CERTCertificate *newCert = NULL;
+    CERTCertTrust *trust;
+    certDBEntrySMime *smimeEntry = NULL;
+    char *email = NULL;
+    char *nickname = NULL;
+    int nCertsForSubject = 1;
+
+    oldCert = CERT_DecodeDERCertificate(&certEntry->derCert, PR_FALSE,
+                                        certEntry->nickname);
+    if (!oldCert) {
+        info->dbErrors[dbBadCertificate]++;
+        SEC_DestroyDBEntry((certDBEntry *)certEntry);
+        return SECSuccess;
+    }
+
+    oldCert->dbEntry = certEntry;
+    oldCert->trust = &certEntry->trust;
+    oldCert->dbhandle = oldhandle;
+
+    trust = oldCert->trust;
+
+    info->nOldCerts++;
+
+    if (info->verbose)
+        PR_fprintf(info->out, "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n\n");
+
+    if (oldCert->nickname)
+        nickname = PORT_Strdup(oldCert->nickname);
+
+    /*  Always keep user certs.  Skip ahead.  */
+    /*  XXX if someone sends themselves a signed message, it is possible
+        for their cert to be imported as an "other" cert, not a user cert.
+        this mucks with smime entries...  */
+    userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
+               (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
+               (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
+    if (userCert)
+        goto createcert;
+
+    /*  If user chooses so, ignore expired certificates.  */
+    allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) ||
+                             (oldCert->keyUsage == certUsageSSLServerWithStepUp));
+    validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride);
+    /*  If cert expired and user wants to delete it, ignore it. */
+    if ((validity != secCertTimeValid) &&
+        userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) {
+        info->dbErrors[dbInvalidCert]++;
+        if (info->verbose) {
+            PR_fprintf(info->out, "Deleting expired certificate:\n");
+            dumpCertificate(oldCert, -1, info->out);
+        }
+        goto cleanup;
+    }
+
+    /*  New database will already have default certs, don't attempt
+        to overwrite them.  */
+    dbCert = CERT_FindCertByDERCert(info->handle, &oldCert->derCert);
+    if (dbCert) {
+        info->nCerts++;
+        if (info->verbose) {
+            PR_fprintf(info->out, "Added certificate to database:\n");
+            dumpCertificate(oldCert, -1, info->out);
+        }
+        goto cleanup;
+    }
+
+    /*  Determine if cert is S/MIME and get its email if so.  */
+    email = IsEmailCert(oldCert);
+
+/*
+        XXX  Just create empty profiles?
+    if (email) {
+        SECItem *profile = CERT_FindSMimeProfile(oldCert);
+        if (!profile &&
+            userSaysDeleteCert(&oldCert, 1, dbNoSMimeProfile, info, 0)) {
+            info->dbErrors[dbNoSMimeProfile]++;
+            if (info->verbose) {
+                PR_fprintf(info->out,
+                           "Deleted cert missing S/MIME profile.\n");
+                dumpCertificate(oldCert, -1, info->out);
+            }
+            goto cleanup;
+        } else {
+            SECITEM_FreeItem(profile);
+        }
+    }
+    */
+
+createcert:
+
+    /*  Sometimes happens... */
+    if (!nickname && userCert)
+        nickname = PORT_Strdup(oldCert->subjectName);
+
+    /*  Create a new certificate, copy of the old one.  */
+    newCert = CERT_NewTempCertificate(info->handle, &oldCert->derCert,
+                                      nickname, PR_FALSE, PR_TRUE);
+    if (!newCert) {
+        PR_fprintf(PR_STDERR, "Unable to create new certificate.\n");
+        dumpCertificate(oldCert, -1, PR_STDERR);
+        info->dbErrors[dbBadCertificate]++;
+        goto cleanup;
+    }
+
+    /*  Add the cert to the new database.  */
+    rv = CERT_AddTempCertToPerm(newCert, nickname, oldCert->trust);
+    if (rv) {
+        PR_fprintf(PR_STDERR, "Failed to write temp cert to perm database.\n");
+        dumpCertificate(oldCert, -1, PR_STDERR);
+        info->dbErrors[dbCertNotWrittenToDB]++;
+        goto cleanup;
+    }
+
+    if (info->verbose) {
+        PR_fprintf(info->out, "Added certificate to database:\n");
+        dumpCertificate(oldCert, -1, info->out);
+    }
+
+    /*  If the cert is an S/MIME cert, and the first with it's subject,
+     *  modify the subject entry to include the email address,
+     *  CERT_AddTempCertToPerm does not do email addresses and S/MIME entries.
+     */
+    if (smimeEntry) { /*&& !userCert && nCertsForSubject == 1) { */
+#if 0
+        UpdateSubjectWithEmailAddr(newCert, email);
+#endif
+        SECItem emailProfile, profileTime;
+        rv = CERT_FindFullSMimeProfile(oldCert, &emailProfile, &profileTime);
+        /*  calls UpdateSubjectWithEmailAddr  */
+        if (rv == SECSuccess)
+            rv = CERT_SaveSMimeProfile(newCert, &emailProfile, &profileTime);
+    }
+
+    info->nCerts++;
+
+cleanup:
+
+    if (nickname)
+        PORT_Free(nickname);
+    if (email)
+        PORT_Free(email);
+    if (oldCert)
+        CERT_DestroyCertificate(oldCert);
+    if (dbCert)
+        CERT_DestroyCertificate(dbCert);
+    if (newCert)
+        CERT_DestroyCertificate(newCert);
+    if (smimeEntry)
+        SEC_DestroyDBEntry((certDBEntry *)smimeEntry);
+    return SECSuccess;
+}
+
+#if 0
+SECStatus
+copyDBEntry(SECItem *data, SECItem *key, certDBEntryType type, void *pdata)
+{
+    SECStatus rv;
+    NSSLOWCERTCertDBHandle *newdb = (NSSLOWCERTCertDBHandle *)pdata;
+    certDBEntryCommon common;
+    SECItem dbkey;
+
+    common.type = type;
+    common.version = CERT_DB_FILE_VERSION;
+    common.flags = data->data[2];
+    common.arena = NULL;
+
+    dbkey.len = key->len + SEC_DB_KEY_HEADER_LEN;
+    dbkey.data = (unsigned char *)PORT_Alloc(dbkey.len*sizeof(unsigned char));
+    PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], key->data, key->len);
+    dbkey.data[0] = type;
+
+    rv = WriteDBEntry(newdb, &common, &dbkey, data);
+
+    PORT_Free(dbkey.data);
+    return rv;
+}
+#endif
+
+int
+certIsOlder(CERTCertificate **cert1, CERTCertificate **cert2)
+{
+    return !CERT_IsNewer(*cert1, *cert2);
+}
+
+int
+findNewestSubjectForEmail(NSSLOWCERTCertDBHandle *handle, int subjectNum,
+                          certDBArray *dbArray, dbRestoreInfo *info,
+                          int *subjectWithSMime, int *smimeForSubject)
+{
+    int newestSubject;
+    int subjectsForEmail[50];
+    int i, j, ns, sNum;
+    certDBEntryListNode *subjects = &dbArray->subjects;
+    certDBEntryListNode *smime = &dbArray->smime;
+    certDBEntrySubject *subjectEntry1, *subjectEntry2;
+    certDBEntrySMime *smimeEntry;
+    CERTCertificate **certs;
+    CERTCertificate *cert;
+    CERTCertTrust *trust;
+    PRBool userCert;
+    int *certNums;
+
+    ns = 0;
+    subjectEntry1 = (certDBEntrySubject *)&subjects.entries[subjectNum];
+    subjectsForEmail[ns++] = subjectNum;
+
+    *subjectWithSMime = -1;
+    *smimeForSubject = -1;
+    newestSubject = subjectNum;
+
+    cert = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]);
+    if (cert) {
+        trust = cert->trust;
+        userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) ||
+                   (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) ||
+                   (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER);
+        CERT_DestroyCertificate(cert);
+    }
+
+    /*
+     * XXX Should we make sure that subjectEntry1->emailAddr is not
+     * a null pointer or an empty string before going into the next
+     * two for loops, which pass it to PORT_Strcmp?
+     */
+
+    /*  Loop over the remaining subjects.  */
+    for (i = subjectNum + 1; i < subjects.numEntries; i++) {
+        subjectEntry2 = (certDBEntrySubject *)&subjects.entries[i];
+        if (!subjectEntry2)
+            continue;
+        if (subjectEntry2->emailAddr && subjectEntry2->emailAddr[0] &&
+            PORT_Strcmp(subjectEntry1->emailAddr,
+                        subjectEntry2->emailAddr) == 0) {
+            /*  Found a subject using the same email address.  */
+            subjectsForEmail[ns++] = i;
+        }
+    }
+
+    /*  Find the S/MIME entry for this email address.  */
+    for (i = 0; i < smime.numEntries; i++) {
+        smimeEntry = (certDBEntrySMime *)&smime.entries[i];
+        if (smimeEntry->common.arena == NULL)
+            continue;
+        if (smimeEntry->emailAddr && smimeEntry->emailAddr[0] &&
+            PORT_Strcmp(subjectEntry1->emailAddr, smimeEntry->emailAddr) == 0) {
+            /*  Find which of the subjects uses this S/MIME entry.  */
+            for (j = 0; j < ns && *subjectWithSMime < 0; j++) {
+                sNum = subjectsForEmail[j];
+                subjectEntry2 = (certDBEntrySubject *)&subjects.entries[sNum];
+                if (SECITEM_ItemsAreEqual(&smimeEntry->subjectName,
+                                          &subjectEntry2->derSubject)) {
+                    /*  Found the subject corresponding to the S/MIME entry. */
+                    *subjectWithSMime = sNum;
+                    *smimeForSubject = i;
+                }
+            }
+            SEC_DestroyDBEntry((certDBEntry *)smimeEntry);
+            PORT_Memset(smimeEntry, 0, sizeof(certDBEntry));
+            break;
+        }
+    }
+
+    if (ns <= 1)
+        return subjectNum;
+
+    if (userCert)
+        return *subjectWithSMime;
+
+    /*  Now find which of the subjects has the newest cert.  */
+    certs = (CERTCertificate **)PORT_Alloc(ns * sizeof(CERTCertificate *));
+    certNums = (int *)PORT_Alloc((ns + 1) * sizeof(int));
+    certNums[0] = 0;
+    for (i = 0; i < ns; i++) {
+        sNum = subjectsForEmail[i];
+        subjectEntry1 = (certDBEntrySubject *)&subjects.entries[sNum];
+        certs[i] = CERT_FindCertByKey(handle, &subjectEntry1->certKeys[0]);
+        certNums[i + 1] = i;
+    }
+    /*  Sort the array by validity.  */
+    qsort(certs, ns, sizeof(CERTCertificate *),
+          (int (*)(const void *, const void *))certIsOlder);
+    newestSubject = -1;
+    for (i = 0; i < ns; i++) {
+        sNum = subjectsForEmail[i];
+        subjectEntry1 = (certDBEntrySubject *)&subjects.entries[sNum];
+        if (SECITEM_ItemsAreEqual(&subjectEntry1->derSubject,
+                                  &certs[0]->derSubject))
+            newestSubject = sNum;
+        else
+            SEC_DestroyDBEntry((certDBEntry *)subjectEntry1);
+    }
+    if (info && userSaysDeleteCert(certs, ns, dbOlderCert, info, certNums)) {
+        for (i = 1; i < ns + 1; i++) {
+            if (certNums[i] >= 0 && certNums[i] != certNums[0]) {
+                deleteAllEntriesForCert(handle, certs[certNums[i]], info->out);
+                info->dbErrors[dbOlderCert]++;
+            }
+        }
+    }
+    CERT_DestroyCertArray(certs, ns);
+    return newestSubject;
+}
+
+NSSLOWCERTCertDBHandle *
+DBCK_ReconstructDBFromCerts(NSSLOWCERTCertDBHandle *oldhandle, char *newdbname,
+                            PRFileDesc *outfile, PRBool removeExpired,
+                            PRBool requireProfile, PRBool singleEntry,
+                            PRBool promptUser)
+{
+    SECStatus rv;
+    dbRestoreInfo info;
+    certDBEntryContentVersion *oldContentVersion;
+    certDBArray dbArray;
+    int i;
+
+    PORT_Memset(&dbArray, 0, sizeof(dbArray));
+    PORT_Memset(&info, 0, sizeof(info));
+    info.verbose = (outfile) ? PR_TRUE : PR_FALSE;
+    info.out = (outfile) ? outfile : PR_STDOUT;
+    info.removeType[dbInvalidCert] = removeExpired;
+    info.removeType[dbNoSMimeProfile] = requireProfile;
+    info.removeType[dbOlderCert] = singleEntry;
+    info.promptUser[dbInvalidCert] = promptUser;
+    info.promptUser[dbNoSMimeProfile] = promptUser;
+    info.promptUser[dbOlderCert] = promptUser;
+
+    /*  Allocate a handle to fill with CERT_OpenCertDB below.  */
+    info.handle = PORT_ZNew(NSSLOWCERTCertDBHandle);
+    if (!info.handle) {
+        fprintf(stderr, "unable to get database handle");
+        return NULL;
+    }
+
+    /*  Create a certdb with the most recent set of roots.  */
+    rv = CERT_OpenCertDBFilename(info.handle, newdbname, PR_FALSE);
+
+    if (rv) {
+        fprintf(stderr, "could not open certificate database");
+        goto loser;
+    }
+
+    /*  Create certificate, subject, nickname, and email records.
+     *  mcom_db seems to have a sequential access bug.  Though reads and writes
+     *  should be allowed during traversal, they seem to screw up the sequence.
+     *  So, stuff all the cert entries into an array, and loop over the array
+     *  doing read/writes in the db.
+     */
+    fillDBEntryArray(oldhandle, certDBEntryTypeCert, &dbArray.certs);
+    for (elem = PR_LIST_HEAD(&dbArray->certs.link);
+         elem != &dbArray->certs.link; elem = PR_NEXT_LINK(elem)) {
+        node = LISTNODE_CAST(elem);
+        addCertToDB((certDBEntryCert *)&node->entry, &info, oldhandle);
+        /* entries get destroyed in addCertToDB */
+    }
+#if 0
+    rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeSMimeProfile,
+                               copyDBEntry, info.handle);
+#endif
+
+/*  Fix up the pointers between (nickname|S/MIME) --> (subject).
+     *  Create S/MIME entries for S/MIME certs.
+     *  Have the S/MIME entry point to the last-expiring cert using
+     *  an email address.
+     */
+#if 0
+    CERT_RedoHandlesForSubjects(info.handle, singleEntry, &info);
+#endif
+
+    freeDBEntryList(&dbArray.certs.link);
+
+/*  Copy over the version record.  */
+/*  XXX Already exists - and _must_ be correct... */
+/*
+    versionEntry = ReadDBVersionEntry(oldhandle);
+    rv = WriteDBVersionEntry(info.handle, versionEntry);
+    */
+
+/*  Copy over the content version record.  */
+/*  XXX Can probably get useful info from old content version?
+     *      Was this db created before/after this tool?  etc.
+     */
+#if 0
+    oldContentVersion = ReadDBContentVersionEntry(oldhandle);
+    CERT_SetDBContentVersion(oldContentVersion->contentVersion, info.handle);
+#endif
+
+#if 0
+    /*  Copy over the CRL & KRL records.  */
+    rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeRevocation,
+                               copyDBEntry, info.handle);
+    /*  XXX Only one KRL, just do db->get? */
+    rv = nsslowcert_TraverseDBEntries(oldhandle, certDBEntryTypeKeyRevocation,
+                               copyDBEntry, info.handle);
+#endif
+
+    PR_fprintf(info.out, "Database had %d certificates.\n", info.nOldCerts);
+
+    PR_fprintf(info.out, "Reconstructed %d certificates.\n", info.nCerts);
+    PR_fprintf(info.out, "(ax) Rejected %d expired certificates.\n",
+               info.dbErrors[dbInvalidCert]);
+    PR_fprintf(info.out, "(as) Rejected %d S/MIME certificates missing a profile.\n",
+               info.dbErrors[dbNoSMimeProfile]);
+    PR_fprintf(info.out, "(ar) Rejected %d certificates for which a newer certificate was found.\n",
+               info.dbErrors[dbOlderCert]);
+    PR_fprintf(info.out, "     Rejected %d corrupt certificates.\n",
+               info.dbErrors[dbBadCertificate]);
+    PR_fprintf(info.out, "     Rejected %d certificates which did not write to the DB.\n",
+               info.dbErrors[dbCertNotWrittenToDB]);
+
+    if (rv)
+        goto loser;
+
+    return info.handle;
+
+loser:
+    if (info.handle)
+        PORT_Free(info.handle);
+    return NULL;
+}
diff --git a/nss/cmd/dbck/manifest.mn b/nss/cmd/dbck/manifest.mn
new file mode 100644
index 0000000..ec8812e
--- /dev/null
+++ b/nss/cmd/dbck/manifest.mn
@@ -0,0 +1,22 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20 
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = \
+	dbck.c \
+	$(NULL)
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = dbm seccmd
+
+PROGRAM = dbck
+USE_STATIC_LIBS = 1
diff --git a/nss/cmd/dbtest/Makefile b/nss/cmd/dbtest/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/dbtest/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/dbtest/dbtest.c b/nss/cmd/dbtest/dbtest.c
new file mode 100644
index 0000000..9a6a034
--- /dev/null
+++ b/nss/cmd/dbtest/dbtest.c
@@ -0,0 +1,244 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** dbtest.c
+**
+** QA test for cert and key databases, especially to open
+** database readonly (NSS_INIT_READONLY) and force initializations
+** even if the databases cannot be opened (NSS_INIT_FORCEOPEN)
+**
+*/
+#include <stdio.h>
+#include <string.h>
+
+#if defined(WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+#include "secutil.h"
+#include "pk11pub.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include "nspr.h"
+#include "prtypes.h"
+#include "certdb.h"
+#include "nss.h"
+#include "../modutil/modutil.h"
+
+#include "plgetopt.h"
+
+static char *progName;
+
+char *dbDir = NULL;
+
+static char *dbName[] = { "secmod.db", "cert8.db", "key3.db" };
+static char *dbprefix = "";
+static char *secmodName = "secmod.db";
+static char *userPassword = "";
+PRBool verbose;
+
+static char *
+getPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+    int *success = (int *)arg;
+
+    if (retry) {
+        *success = 0;
+        return NULL;
+    }
+
+    *success = 1;
+    return PORT_Strdup(userPassword);
+}
+
+static void
+Usage(const char *progName)
+{
+    printf("Usage:  %s [-r] [-f] [-i] [-d dbdir ] \n",
+           progName);
+    printf("%-20s open database readonly (NSS_INIT_READONLY)\n", "-r");
+    printf("%-20s Continue to force initializations even if the\n", "-f");
+    printf("%-20s databases cannot be opened (NSS_INIT_FORCEOPEN)\n", " ");
+    printf("%-20s Try to initialize the database\n", "-i");
+    printf("%-20s Supply a password with which to initialize the db\n", "-p");
+    printf("%-20s Directory with cert database (default is .\n",
+           "-d certdir");
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    PLOptState *optstate;
+    PLOptStatus optstatus;
+
+    PRUint32 flags = 0;
+    Error ret;
+    SECStatus rv;
+    char *dbString = NULL;
+    PRBool doInitTest = PR_FALSE;
+    int i;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    optstate = PL_CreateOptState(argc, argv, "rfip:d:h");
+
+    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'h':
+            default:
+                Usage(progName);
+                break;
+
+            case 'r':
+                flags |= NSS_INIT_READONLY;
+                break;
+
+            case 'f':
+                flags |= NSS_INIT_FORCEOPEN;
+                break;
+
+            case 'i':
+                doInitTest = PR_TRUE;
+                break;
+
+            case 'p':
+                userPassword = PORT_Strdup(optstate->value);
+                break;
+
+            case 'd':
+                dbDir = PORT_Strdup(optstate->value);
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+    if (optstatus == PL_OPT_BAD)
+        Usage(progName);
+
+    if (dbDir) {
+        char *tmp = dbDir;
+        dbDir = SECU_ConfigDirectory(tmp);
+        PORT_Free(tmp);
+    } else {
+        /* Look in $SSL_DIR */
+        dbDir = SECU_ConfigDirectory(SECU_DefaultSSLDir());
+    }
+    PR_fprintf(PR_STDERR, "dbdir selected is %s\n\n", dbDir);
+
+    if (dbDir[0] == '\0') {
+        PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
+        ret = DIR_DOESNT_EXIST_ERR;
+        goto loser;
+    }
+
+    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+
+    /* get the status of the directory and databases and output message */
+    if (PR_Access(dbDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+        PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dbDir);
+    } else if (PR_Access(dbDir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+        PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dbDir);
+    } else {
+        if (!(flags & NSS_INIT_READONLY) &&
+            PR_Access(dbDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+            PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dbDir);
+        }
+        if (!doInitTest) {
+            for (i = 0; i < 3; i++) {
+                dbString = PR_smprintf("%s/%s", dbDir, dbName[i]);
+                PR_fprintf(PR_STDOUT, "database checked is %s\n", dbString);
+                if (PR_Access(dbString, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+                    PR_fprintf(PR_STDERR, errStrings[FILE_DOESNT_EXIST_ERR],
+                               dbString);
+                } else if (PR_Access(dbString, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+                    PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR],
+                               dbString);
+                } else if (!(flags & NSS_INIT_READONLY) &&
+                           PR_Access(dbString, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+                    PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
+                               dbString);
+                }
+                PR_smprintf_free(dbString);
+            }
+        }
+    }
+
+    rv = NSS_Initialize(SECU_ConfigDirectory(dbDir), dbprefix, dbprefix,
+                        secmodName, flags);
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        ret = NSS_INITIALIZE_FAILED_ERR;
+    } else {
+        ret = SUCCESS;
+        if (doInitTest) {
+            PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+            SECStatus rv;
+            int passwordSuccess = 0;
+            int type = CKM_DES3_CBC;
+            SECItem keyid = { 0, NULL, 0 };
+            unsigned char keyIdData[] = { 0xff, 0xfe };
+            PK11SymKey *key = NULL;
+
+            keyid.data = keyIdData;
+            keyid.len = sizeof(keyIdData);
+
+            PK11_SetPasswordFunc(getPassword);
+            rv = PK11_InitPin(slot, (char *)NULL, userPassword);
+            if (rv != SECSuccess) {
+                PR_fprintf(PR_STDERR, "Failed to Init DB: %s\n",
+                           SECU_Strerror(PORT_GetError()));
+                ret = CHANGEPW_FAILED_ERR;
+            }
+            if (*userPassword && !PK11_IsLoggedIn(slot, &passwordSuccess)) {
+                PR_fprintf(PR_STDERR, "New DB did not log in after init\n");
+                ret = AUTHENTICATION_FAILED_ERR;
+            }
+            /* generate a symetric key */
+            key = PK11_TokenKeyGen(slot, type, NULL, 0, &keyid,
+                                   PR_TRUE, &passwordSuccess);
+
+            if (!key) {
+                PR_fprintf(PR_STDERR, "Could not generated symetric key: %s\n",
+                           SECU_Strerror(PORT_GetError()));
+                exit(UNSPECIFIED_ERR);
+            }
+            PK11_FreeSymKey(key);
+            PK11_Logout(slot);
+
+            PK11_Authenticate(slot, PR_TRUE, &passwordSuccess);
+
+            if (*userPassword && !passwordSuccess) {
+                PR_fprintf(PR_STDERR, "New DB Did not initalize\n");
+                ret = AUTHENTICATION_FAILED_ERR;
+            }
+            key = PK11_FindFixedKey(slot, type, &keyid, &passwordSuccess);
+
+            if (!key) {
+                PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
+                           SECU_Strerror(PORT_GetError()));
+                ret = UNSPECIFIED_ERR;
+            } else {
+                PK11_FreeSymKey(key);
+            }
+            PK11_FreeSlot(slot);
+        }
+
+        if (NSS_Shutdown() != SECSuccess) {
+            PR_fprintf(PR_STDERR, "Could not find generated key: %s\n",
+                       SECU_Strerror(PORT_GetError()));
+            exit(1);
+        }
+    }
+
+loser:
+    return ret;
+}
diff --git a/nss/cmd/dbtest/dbtest.gyp b/nss/cmd/dbtest/dbtest.gyp
new file mode 100644
index 0000000..fb58573
--- /dev/null
+++ b/nss/cmd/dbtest/dbtest.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'dbtest',
+      'type': 'executable',
+      'sources': [
+        'dbtest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/dbtest/manifest.mn b/nss/cmd/dbtest/manifest.mn
new file mode 100644
index 0000000..8f9ec1f
--- /dev/null
+++ b/nss/cmd/dbtest/manifest.mn
@@ -0,0 +1,22 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= dbtest.c  
+
+PROGRAM	= dbtest
+
diff --git a/nss/cmd/derdump/Makefile b/nss/cmd/derdump/Makefile
new file mode 100644
index 0000000..c2039d8
--- /dev/null
+++ b/nss/cmd/derdump/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/derdump/derdump.c b/nss/cmd/derdump/derdump.c
new file mode 100644
index 0000000..d687a8b
--- /dev/null
+++ b/nss/cmd/derdump/derdump.c
@@ -0,0 +1,128 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secutil.h"
+#include "nss.h"
+#include <errno.h>
+
+#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
+#if !defined(WIN32)
+extern int fprintf(FILE *, char *, ...);
+#endif
+#endif
+#include "plgetopt.h"
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage: %s [-r] [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr, "%-20s For formatted items, dump raw bytes as well\n",
+            "-r");
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    exit(-1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *outFile;
+    PRFileDesc *inFile;
+    SECItem der = { siBuffer, NULL, 0 };
+    SECStatus rv;
+    PRInt16 xp_error;
+    PRBool raw = PR_FALSE;
+    PLOptState *optstate;
+    PLOptStatus status;
+    int retval = -1;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    /* Parse command line arguments */
+    inFile = 0;
+    outFile = 0;
+    optstate = PL_CreateOptState(argc, argv, "i:o:r");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'i':
+                inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    goto cleanup;
+                }
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "w");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    goto cleanup;
+                }
+                break;
+
+            case 'r':
+                raw = PR_TRUE;
+                break;
+
+            default:
+                Usage(progName);
+                break;
+        }
+    }
+    if (status == PL_OPT_BAD)
+        Usage(progName);
+
+    if (!inFile)
+        inFile = PR_STDIN;
+    if (!outFile)
+        outFile = stdout;
+
+    rv = NSS_NoDB_Init(NULL);
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        goto cleanup;
+    }
+
+    rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE, PR_FALSE);
+    if (rv == SECSuccess) {
+        rv = DER_PrettyPrint(outFile, &der, raw);
+        if (rv == SECSuccess) {
+            retval = 0;
+            goto cleanup;
+        }
+    }
+
+    xp_error = PORT_GetError();
+    if (xp_error) {
+        SECU_PrintError(progName, "error %d", xp_error);
+    }
+    if (errno) {
+        SECU_PrintSystemError(progName, "errno=%d", errno);
+    }
+    retval = 1;
+
+cleanup:
+    retval |= NSS_Shutdown();
+    if (inFile) {
+        PR_Close(inFile);
+    }
+    if (outFile) {
+        fflush(outFile);
+        fclose(outFile);
+    }
+    PL_DestroyOptState(optstate);
+    if (der.data) {
+        PORT_Free(der.data);
+    }
+
+    return retval;
+}
diff --git a/nss/cmd/derdump/derdump.gyp b/nss/cmd/derdump/derdump.gyp
new file mode 100644
index 0000000..5637685
--- /dev/null
+++ b/nss/cmd/derdump/derdump.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'derdump',
+      'type': 'executable',
+      'sources': [
+        'derdump.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/derdump/manifest.mn b/nss/cmd/derdump/manifest.mn
new file mode 100644
index 0000000..0b55037
--- /dev/null
+++ b/nss/cmd/derdump/manifest.mn
@@ -0,0 +1,21 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = derdump.c
+
+PROGRAM	= derdump
diff --git a/nss/cmd/digest/Makefile b/nss/cmd/digest/Makefile
new file mode 100644
index 0000000..c2039d8
--- /dev/null
+++ b/nss/cmd/digest/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/digest/digest.c b/nss/cmd/digest/digest.c
new file mode 100644
index 0000000..8c4c149
--- /dev/null
+++ b/nss/cmd/digest/digest.c
@@ -0,0 +1,228 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secutil.h"
+#include "pk11func.h"
+#include "secoid.h"
+
+#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
+#if !defined(WIN32)
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+#endif
+
+#include "plgetopt.h"
+
+static SECOidData *
+HashTypeToOID(HASH_HashType hashtype)
+{
+    SECOidTag hashtag;
+
+    if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL)
+        return NULL;
+
+    switch (hashtype) {
+        case HASH_AlgMD2:
+            hashtag = SEC_OID_MD2;
+            break;
+        case HASH_AlgMD5:
+            hashtag = SEC_OID_MD5;
+            break;
+        case HASH_AlgSHA1:
+            hashtag = SEC_OID_SHA1;
+            break;
+        default:
+            fprintf(stderr, "A new hash type has been added to HASH_HashType.\n");
+            fprintf(stderr, "This program needs to be updated!\n");
+            return NULL;
+    }
+
+    return SECOID_FindOIDByTag(hashtag);
+}
+
+static SECOidData *
+HashNameToOID(const char *hashName)
+{
+    HASH_HashType htype;
+    SECOidData *hashOID;
+
+    for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
+        hashOID = HashTypeToOID(htype);
+        if (PORT_Strcasecmp(hashName, hashOID->desc) == 0)
+            break;
+    }
+
+    if (htype == HASH_AlgTOTAL)
+        return NULL;
+
+    return hashOID;
+}
+
+static void
+Usage(char *progName)
+{
+    HASH_HashType htype;
+
+    fprintf(stderr,
+            "Usage:  %s -t type [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr, "%-20s Specify the digest method (must be one of\n",
+            "-t type");
+    fprintf(stderr, "%-20s ", "");
+    for (htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) {
+        fprintf(stderr, "%s", HashTypeToOID(htype)->desc);
+        if (htype == (HASH_AlgTOTAL - 2))
+            fprintf(stderr, " or ");
+        else if (htype != (HASH_AlgTOTAL - 1))
+            fprintf(stderr, ", ");
+    }
+    fprintf(stderr, " (case ignored))\n");
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    exit(-1);
+}
+
+static int
+DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID)
+{
+    int nb;
+    unsigned char ibuf[4096], digest[32];
+    PK11Context *hashcx;
+    unsigned int len;
+    SECStatus rv;
+
+    hashcx = PK11_CreateDigestContext(hashOID->offset);
+    if (hashcx == NULL) {
+        return -1;
+    }
+    PK11_DigestBegin(hashcx);
+
+    for (;;) {
+        if (feof(inFile))
+            break;
+        nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+        if (nb != sizeof(ibuf)) {
+            if (nb == 0) {
+                if (ferror(inFile)) {
+                    PORT_SetError(SEC_ERROR_IO);
+                    PK11_DestroyContext(hashcx, PR_TRUE);
+                    return -1;
+                }
+                /* eof */
+                break;
+            }
+        }
+        rv = PK11_DigestOp(hashcx, ibuf, nb);
+        if (rv != SECSuccess) {
+            PK11_DestroyContext(hashcx, PR_TRUE);
+            return -1;
+        }
+    }
+
+    rv = PK11_DigestFinal(hashcx, digest, &len, 32);
+    PK11_DestroyContext(hashcx, PR_TRUE);
+
+    if (rv != SECSuccess)
+        return -1;
+
+    nb = fwrite(digest, 1, len, outFile);
+    if (nb != len) {
+        PORT_SetError(SEC_ERROR_IO);
+        return -1;
+    }
+
+    return 0;
+}
+
+#include "nss.h"
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *inFile, *outFile;
+    char *hashName;
+    SECOidData *hashOID;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    inFile = NULL;
+    outFile = NULL;
+    hashName = NULL;
+
+    rv = NSS_Init("/tmp");
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: NSS_Init failed in directory %s\n",
+                progName, "/tmp");
+        return -1;
+    }
+
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "t:i:o:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+
+            case 'i':
+                inFile = fopen(optstate->value, "r");
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "w");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 't':
+                hashName = strdup(optstate->value);
+                break;
+        }
+    }
+
+    if (!hashName)
+        Usage(progName);
+
+    if (!inFile)
+        inFile = stdin;
+    if (!outFile)
+        outFile = stdout;
+
+    hashOID = HashNameToOID(hashName);
+    if (hashOID == NULL) {
+        fprintf(stderr, "%s: invalid digest type\n", progName);
+        Usage(progName);
+    }
+
+    if (DigestFile(outFile, inFile, hashOID)) {
+        fprintf(stderr, "%s: problem digesting data (%s)\n",
+                progName, SECU_Strerror(PORT_GetError()));
+        return -1;
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+    return 0;
+}
diff --git a/nss/cmd/digest/digest.gyp b/nss/cmd/digest/digest.gyp
new file mode 100644
index 0000000..c2e0028
--- /dev/null
+++ b/nss/cmd/digest/digest.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'digest',
+      'type': 'executable',
+      'sources': [
+        'digest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/digest/manifest.mn b/nss/cmd/digest/manifest.mn
new file mode 100644
index 0000000..3e76406
--- /dev/null
+++ b/nss/cmd/digest/manifest.mn
@@ -0,0 +1,22 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS	= digest.c  
+
+PROGRAM	= digest
+
diff --git a/nss/cmd/ecperf/Makefile b/nss/cmd/ecperf/Makefile
new file mode 100644
index 0000000..7b74b36
--- /dev/null
+++ b/nss/cmd/ecperf/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/ecperf/ecperf.c b/nss/cmd/ecperf/ecperf.c
new file mode 100644
index 0000000..40ba3c8
--- /dev/null
+++ b/nss/cmd/ecperf/ecperf.c
@@ -0,0 +1,727 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "blapi.h"
+#include "ec.h"
+#include "ecl-curve.h"
+#include "prprf.h"
+#include "basicutil.h"
+#include "pkcs11.h"
+#include "nspr.h"
+#include <stdio.h>
+
+#define __PASTE(x, y) x##y
+
+/*
+ * Get the NSS specific PKCS #11 function names.
+ */
+#undef CK_PKCS11_FUNCTION_INFO
+#undef CK_NEED_ARG_LIST
+
+#define CK_EXTERN extern
+#define CK_PKCS11_FUNCTION_INFO(func) \
+    CK_RV __PASTE(NS, func)
+#define CK_NEED_ARG_LIST 1
+
+#include "pkcs11f.h"
+
+/* mapping between ECCurveName enum and pointers to ECCurveParams */
+static SECOidTag ecCurve_oid_map[] = {
+    SEC_OID_UNKNOWN,                /* ECCurve_noName */
+    SEC_OID_ANSIX962_EC_PRIME192V1, /* ECCurve_NIST_P192 */
+    SEC_OID_SECG_EC_SECP224R1,      /* ECCurve_NIST_P224 */
+    SEC_OID_ANSIX962_EC_PRIME256V1, /* ECCurve_NIST_P256 */
+    SEC_OID_SECG_EC_SECP384R1,      /* ECCurve_NIST_P384 */
+    SEC_OID_SECG_EC_SECP521R1,      /* ECCurve_NIST_P521 */
+    SEC_OID_SECG_EC_SECT163K1,      /* ECCurve_NIST_K163 */
+    SEC_OID_SECG_EC_SECT163R1,      /* ECCurve_NIST_B163 */
+    SEC_OID_SECG_EC_SECT233K1,      /* ECCurve_NIST_K233 */
+    SEC_OID_SECG_EC_SECT233R1,      /* ECCurve_NIST_B233 */
+    SEC_OID_SECG_EC_SECT283K1,      /* ECCurve_NIST_K283 */
+    SEC_OID_SECG_EC_SECT283R1,      /* ECCurve_NIST_B283 */
+    SEC_OID_SECG_EC_SECT409K1,      /* ECCurve_NIST_K409 */
+    SEC_OID_SECG_EC_SECT409R1,      /* ECCurve_NIST_B409 */
+    SEC_OID_SECG_EC_SECT571K1,      /* ECCurve_NIST_K571 */
+    SEC_OID_SECG_EC_SECT571R1,      /* ECCurve_NIST_B571 */
+    SEC_OID_ANSIX962_EC_PRIME192V2,
+    SEC_OID_ANSIX962_EC_PRIME192V3,
+    SEC_OID_ANSIX962_EC_PRIME239V1,
+    SEC_OID_ANSIX962_EC_PRIME239V2,
+    SEC_OID_ANSIX962_EC_PRIME239V3,
+    SEC_OID_ANSIX962_EC_C2PNB163V1,
+    SEC_OID_ANSIX962_EC_C2PNB163V2,
+    SEC_OID_ANSIX962_EC_C2PNB163V3,
+    SEC_OID_ANSIX962_EC_C2PNB176V1,
+    SEC_OID_ANSIX962_EC_C2TNB191V1,
+    SEC_OID_ANSIX962_EC_C2TNB191V2,
+    SEC_OID_ANSIX962_EC_C2TNB191V3,
+    SEC_OID_ANSIX962_EC_C2PNB208W1,
+    SEC_OID_ANSIX962_EC_C2TNB239V1,
+    SEC_OID_ANSIX962_EC_C2TNB239V2,
+    SEC_OID_ANSIX962_EC_C2TNB239V3,
+    SEC_OID_ANSIX962_EC_C2PNB272W1,
+    SEC_OID_ANSIX962_EC_C2PNB304W1,
+    SEC_OID_ANSIX962_EC_C2TNB359V1,
+    SEC_OID_ANSIX962_EC_C2PNB368W1,
+    SEC_OID_ANSIX962_EC_C2TNB431R1,
+    SEC_OID_SECG_EC_SECP112R1,
+    SEC_OID_SECG_EC_SECP112R2,
+    SEC_OID_SECG_EC_SECP128R1,
+    SEC_OID_SECG_EC_SECP128R2,
+    SEC_OID_SECG_EC_SECP160K1,
+    SEC_OID_SECG_EC_SECP160R1,
+    SEC_OID_SECG_EC_SECP160R2,
+    SEC_OID_SECG_EC_SECP192K1,
+    SEC_OID_SECG_EC_SECP224K1,
+    SEC_OID_SECG_EC_SECP256K1,
+    SEC_OID_SECG_EC_SECT113R1,
+    SEC_OID_SECG_EC_SECT113R2,
+    SEC_OID_SECG_EC_SECT131R1,
+    SEC_OID_SECG_EC_SECT131R2,
+    SEC_OID_SECG_EC_SECT163R1,
+    SEC_OID_SECG_EC_SECT193R1,
+    SEC_OID_SECG_EC_SECT193R2,
+    SEC_OID_SECG_EC_SECT239K1,
+    SEC_OID_UNKNOWN, /* ECCurve_WTLS_1 */
+    SEC_OID_UNKNOWN, /* ECCurve_WTLS_8 */
+    SEC_OID_UNKNOWN, /* ECCurve_WTLS_9 */
+    SEC_OID_CURVE25519,
+    SEC_OID_UNKNOWN /* ECCurve_pastLastCurve */
+};
+
+typedef SECStatus (*op_func)(void *, void *, void *);
+typedef SECStatus (*pk11_op_func)(CK_SESSION_HANDLE, void *, void *, void *);
+
+typedef struct ThreadDataStr {
+    op_func op;
+    void *p1;
+    void *p2;
+    void *p3;
+    int iters;
+    PRLock *lock;
+    int count;
+    SECStatus status;
+    int isSign;
+} ThreadData;
+
+typedef SECItem SECKEYECParams;
+
+void
+PKCS11Thread(void *data)
+{
+    ThreadData *threadData = (ThreadData *)data;
+    pk11_op_func op = (pk11_op_func)threadData->op;
+    int iters = threadData->iters;
+    unsigned char sigData[256];
+    SECItem sig;
+    CK_SESSION_HANDLE session;
+    CK_RV crv;
+
+    threadData->status = SECSuccess;
+    threadData->count = 0;
+
+    /* get our thread's session */
+    PR_Lock(threadData->lock);
+    crv = NSC_OpenSession(1, CKF_SERIAL_SESSION, NULL, 0, &session);
+    PR_Unlock(threadData->lock);
+    if (crv != CKR_OK) {
+        return;
+    }
+
+    if (threadData->isSign) {
+        sig.data = sigData;
+        sig.len = sizeof(sigData);
+        threadData->p2 = (void *)&sig;
+    }
+
+    while (iters--) {
+        threadData->status = (*op)(session, threadData->p1,
+                                   threadData->p2, threadData->p3);
+        if (threadData->status != SECSuccess) {
+            break;
+        }
+        threadData->count++;
+    }
+    return;
+}
+
+void
+genericThread(void *data)
+{
+    ThreadData *threadData = (ThreadData *)data;
+    int iters = threadData->iters;
+    unsigned char sigData[256];
+    SECItem sig;
+
+    threadData->status = SECSuccess;
+    threadData->count = 0;
+
+    if (threadData->isSign) {
+        sig.data = sigData;
+        sig.len = sizeof(sigData);
+        threadData->p2 = (void *)&sig;
+    }
+
+    while (iters--) {
+        threadData->status = (*threadData->op)(threadData->p1,
+                                               threadData->p2, threadData->p3);
+        if (threadData->status != SECSuccess) {
+            break;
+        }
+        threadData->count++;
+    }
+    return;
+}
+
+/* Time iter repetitions of operation op. */
+SECStatus
+M_TimeOperation(void (*threadFunc)(void *),
+                op_func opfunc, char *op, void *param1, void *param2,
+                void *param3, int iters, int numThreads, PRLock *lock,
+                CK_SESSION_HANDLE session, int isSign, double *rate)
+{
+    double dUserTime;
+    int i, total;
+    PRIntervalTime startTime, totalTime;
+    PRThread **threadIDs;
+    ThreadData *threadData;
+    pk11_op_func pk11_op = (pk11_op_func)opfunc;
+    SECStatus rv;
+
+    /* verify operation works before testing performance */
+    if (session) {
+        rv = (*pk11_op)(session, param1, param2, param3);
+    } else {
+        rv = (*opfunc)(param1, param2, param3);
+    }
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", op);
+        return rv;
+    }
+
+    /* get Data structures */
+    threadIDs = (PRThread **)PORT_Alloc(numThreads * sizeof(PRThread *));
+    threadData = (ThreadData *)PORT_Alloc(numThreads * sizeof(ThreadData));
+
+    startTime = PR_Now();
+    if (numThreads == 1) {
+        for (i = 0; i < iters; i++) {
+            if (session) {
+                rv = (*pk11_op)(session, param1, param2, param3);
+            } else {
+                rv = (*opfunc)(param1, param2, param3);
+            }
+            if (rv != SECSuccess) {
+                PORT_Free(threadIDs);
+                PORT_Free(threadData);
+                SECU_PrintError("Error:", op);
+                return rv;
+            }
+        }
+        total = iters;
+    } else {
+        for (i = 0; i < numThreads; i++) {
+            threadData[i].op = opfunc;
+            threadData[i].p1 = (void *)param1;
+            threadData[i].p2 = (void *)param2;
+            threadData[i].p3 = (void *)param3;
+            threadData[i].iters = iters;
+            threadData[i].lock = lock;
+            threadData[i].isSign = isSign;
+            threadIDs[i] = PR_CreateThread(PR_USER_THREAD, threadFunc,
+                                           (void *)&threadData[i], PR_PRIORITY_NORMAL,
+                                           PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
+        }
+
+        total = 0;
+        for (i = 0; i < numThreads; i++) {
+            PR_JoinThread(threadIDs[i]);
+            /* check the status */
+            total += threadData[i].count;
+        }
+    }
+
+    totalTime = PR_Now() - startTime;
+    /* SecondsToInterval seems to be broken here ... */
+    dUserTime = (double)totalTime / (double)1000000;
+    if (dUserTime) {
+        printf("    %-15s count:%4d sec: %3.2f op/sec: %6.2f\n",
+               op, total, dUserTime, (double)total / dUserTime);
+        if (rate) {
+            *rate = ((double)total) / dUserTime;
+        }
+    }
+    PORT_Free(threadIDs);
+    PORT_Free(threadData);
+
+    return SECSuccess;
+}
+
+/* Test curve using specific field arithmetic. */
+#define ECTEST_NAMED_GFP(name_c, name_v)                                        \
+    if (usefreebl) {                                                            \
+        printf("Testing %s using freebl implementation...\n", name_c);          \
+        rv = ectest_curve_freebl(name_v, iterations, numThreads, ec_field_GFp); \
+        if (rv != SECSuccess)                                                   \
+            goto cleanup;                                                       \
+        printf("... okay.\n");                                                  \
+    }                                                                           \
+    if (usepkcs11) {                                                            \
+        printf("Testing %s using pkcs11 implementation...\n", name_c);          \
+        rv = ectest_curve_pkcs11(name_v, iterations, numThreads);               \
+        if (rv != SECSuccess)                                                   \
+            goto cleanup;                                                       \
+        printf("... okay.\n");                                                  \
+    }
+
+/* Test curve using specific field arithmetic. */
+#define ECTEST_NAMED_CUSTOM(name_c, name_v)                                       \
+    if (usefreebl) {                                                              \
+        printf("Testing %s using freebl implementation...\n", name_c);            \
+        rv = ectest_curve_freebl(name_v, iterations, numThreads, ec_field_plain); \
+        if (rv != SECSuccess)                                                     \
+            goto cleanup;                                                         \
+        printf("... okay.\n");                                                    \
+    }                                                                             \
+    if (usepkcs11) {                                                              \
+        printf("Testing %s using pkcs11 implementation...\n", name_c);            \
+        rv = ectest_curve_pkcs11(name_v, iterations, numThreads);                 \
+        if (rv != SECSuccess)                                                     \
+            goto cleanup;                                                         \
+        printf("... okay.\n");                                                    \
+    }
+
+#define PK11_SETATTRS(x, id, v, l) \
+    (x)->type = (id);              \
+    (x)->pValue = (v);             \
+    (x)->ulValueLen = (l);
+
+SECStatus
+PKCS11_Derive(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
+              CK_MECHANISM *pMech, int *dummy)
+{
+    CK_RV crv;
+    CK_OBJECT_HANDLE newKey;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_ATTRIBUTE keyTemplate[3];
+    CK_ATTRIBUTE *attrs = keyTemplate;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, 1);
+    attrs++;
+
+    crv = NSC_DeriveKey(session, pMech, *hKey, keyTemplate, 3, &newKey);
+    if (crv != CKR_OK) {
+        printf("Derive Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PKCS11_Sign(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
+            SECItem *sig, SECItem *digest)
+{
+    CK_RV crv;
+    CK_MECHANISM mech;
+    CK_ULONG sigLen = sig->len;
+
+    mech.mechanism = CKM_ECDSA;
+    mech.pParameter = NULL;
+    mech.ulParameterLen = 0;
+
+    crv = NSC_SignInit(session, &mech, *hKey);
+    if (crv != CKR_OK) {
+        printf("Sign Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+    crv = NSC_Sign(session, digest->data, digest->len, sig->data, &sigLen);
+    if (crv != CKR_OK) {
+        printf("Sign Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+    sig->len = (unsigned int)sigLen;
+    return SECSuccess;
+}
+
+SECStatus
+PKCS11_Verify(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE *hKey,
+              SECItem *sig, SECItem *digest)
+{
+    CK_RV crv;
+    CK_MECHANISM mech;
+
+    mech.mechanism = CKM_ECDSA;
+    mech.pParameter = NULL;
+    mech.ulParameterLen = 0;
+
+    crv = NSC_VerifyInit(session, &mech, *hKey);
+    if (crv != CKR_OK) {
+        printf("Verify Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+    crv = NSC_Verify(session, digest->data, digest->len, sig->data, sig->len);
+    if (crv != CKR_OK) {
+        printf("Verify Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+ecName2params(ECCurveName curve, SECKEYECParams *params)
+{
+    SECOidData *oidData = NULL;
+
+    if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve) ||
+        ((oidData = SECOID_FindOIDByTag(ecCurve_oid_map[curve])) == NULL)) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+        return SECFailure;
+    }
+
+    SECITEM_AllocItem(NULL, params, (2 + oidData->oid.len));
+    /*
+     * params->data needs to contain the ASN encoding of an object ID (OID)
+     * representing the named curve. The actual OID is in
+     * oidData->oid.data so we simply prepend 0x06 and OID length
+     */
+    params->data[0] = SEC_ASN1_OBJECT_ID;
+    params->data[1] = oidData->oid.len;
+    memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
+
+    return SECSuccess;
+}
+
+/* Performs basic tests of elliptic curve cryptography over prime fields.
+ * If tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+SECStatus
+ectest_curve_pkcs11(ECCurveName curve, int iterations, int numThreads)
+{
+    CK_OBJECT_HANDLE ecPriv;
+    CK_OBJECT_HANDLE ecPub;
+    CK_SESSION_HANDLE session;
+    SECItem sig;
+    SECItem digest;
+    SECKEYECParams ecParams;
+    CK_MECHANISM mech;
+    CK_ECDH1_DERIVE_PARAMS ecdh_params;
+    unsigned char sigData[256];
+    unsigned char digestData[20];
+    unsigned char pubKeyData[256];
+    PRLock *lock = NULL;
+    double signRate, deriveRate = 0;
+    CK_ATTRIBUTE template;
+    SECStatus rv;
+    CK_RV crv;
+
+    ecParams.data = NULL;
+    ecParams.len = 0;
+    rv = ecName2params(curve, &ecParams);
+    if (rv != SECSuccess) {
+        goto cleanup;
+    }
+
+    crv = NSC_OpenSession(1, CKF_SERIAL_SESSION, NULL, 0, &session);
+    if (crv != CKR_OK) {
+        printf("OpenSession Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+
+    PORT_Memset(digestData, 0xa5, sizeof(digestData));
+    digest.data = digestData;
+    digest.len = sizeof(digestData);
+    sig.data = sigData;
+    sig.len = sizeof(sigData);
+
+    template.type = CKA_EC_PARAMS;
+    template.pValue = ecParams.data;
+    template.ulValueLen = ecParams.len;
+    mech.mechanism = CKM_EC_KEY_PAIR_GEN;
+    mech.pParameter = NULL;
+    mech.ulParameterLen = 0;
+    crv = NSC_GenerateKeyPair(session, &mech,
+                              &template, 1, NULL, 0, &ecPub, &ecPriv);
+    if (crv != CKR_OK) {
+        printf("GenerateKeyPair Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+
+    template.type = CKA_EC_POINT;
+    template.pValue = pubKeyData;
+    template.ulValueLen = sizeof(pubKeyData);
+    crv = NSC_GetAttributeValue(session, ecPub, &template, 1);
+    if (crv != CKR_OK) {
+        printf("GenerateKeyPair Failed CK_RV=0x%x\n", (int)crv);
+        return SECFailure;
+    }
+
+    ecdh_params.kdf = CKD_NULL;
+    ecdh_params.ulSharedDataLen = 0;
+    ecdh_params.pSharedData = NULL;
+    ecdh_params.ulPublicDataLen = template.ulValueLen;
+    ecdh_params.pPublicData = template.pValue;
+
+    mech.mechanism = CKM_ECDH1_DERIVE;
+    mech.pParameter = (void *)&ecdh_params;
+    mech.ulParameterLen = sizeof(ecdh_params);
+
+    lock = PR_NewLock();
+
+    if (ecCurve_map[curve]->usage & KU_KEY_AGREEMENT) {
+        rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Derive, "ECDH_Derive",
+                             &ecPriv, &mech, NULL, iterations, numThreads,
+                             lock, session, 0, &deriveRate);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+    }
+
+    if (ecCurve_map[curve]->usage & KU_DIGITAL_SIGNATURE) {
+        rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Sign, "ECDSA_Sign",
+                             (void *)&ecPriv, &sig, &digest, iterations, numThreads,
+                             lock, session, 1, &signRate);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        printf("        ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
+        /* get a signature */
+        rv = PKCS11_Sign(session, &ecPriv, &sig, &digest);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        rv = M_TimeOperation(PKCS11Thread, (op_func)PKCS11_Verify, "ECDSA_Verify",
+                             (void *)&ecPub, &sig, &digest, iterations, numThreads,
+                             lock, session, 0, NULL);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    if (lock) {
+        PR_DestroyLock(lock);
+    }
+    return rv;
+}
+
+SECStatus
+ECDH_DeriveWrap(ECPrivateKey *priv, ECPublicKey *pub, int *dummy)
+{
+    SECItem secret;
+    unsigned char secretData[256];
+    SECStatus rv;
+
+    secret.data = secretData;
+    secret.len = sizeof(secretData);
+
+    rv = ECDH_Derive(&pub->publicValue, &pub->ecParams,
+                     &priv->privateValue, 0, &secret);
+    SECITEM_FreeItem(&secret, PR_FALSE);
+    return rv;
+}
+
+/* Performs basic tests of elliptic curve cryptography over prime fields.
+ * If tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+SECStatus
+ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads,
+                    ECFieldType fieldType)
+{
+    ECParams ecParams = { 0 };
+    ECPrivateKey *ecPriv = NULL;
+    ECPublicKey ecPub;
+    SECItem sig;
+    SECItem digest;
+    unsigned char sigData[256];
+    unsigned char digestData[20];
+    double signRate, deriveRate = 0;
+    char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
+    SECStatus rv = SECFailure;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve)) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return SECFailure;
+    }
+
+    ecParams.name = curve;
+    ecParams.type = ec_params_named;
+    ecParams.curveOID.data = NULL;
+    ecParams.curveOID.len = 0;
+    ecParams.curve.seed.data = NULL;
+    ecParams.curve.seed.len = 0;
+    ecParams.DEREncoding.data = NULL;
+    ecParams.DEREncoding.len = 0;
+
+    ecParams.fieldID.size = ecCurve_map[curve]->size;
+    ecParams.fieldID.type = fieldType;
+    SECU_HexString2SECItem(arena, &ecParams.fieldID.u.prime, ecCurve_map[curve]->irr);
+    SECU_HexString2SECItem(arena, &ecParams.curve.a, ecCurve_map[curve]->curvea);
+    SECU_HexString2SECItem(arena, &ecParams.curve.b, ecCurve_map[curve]->curveb);
+    genenc[0] = '0';
+    genenc[1] = '4';
+    genenc[2] = '\0';
+    strcat(genenc, ecCurve_map[curve]->genx);
+    strcat(genenc, ecCurve_map[curve]->geny);
+    SECU_HexString2SECItem(arena, &ecParams.base, genenc);
+    SECU_HexString2SECItem(arena, &ecParams.order, ecCurve_map[curve]->order);
+    ecParams.cofactor = ecCurve_map[curve]->cofactor;
+
+    PORT_Memset(digestData, 0xa5, sizeof(digestData));
+    digest.data = digestData;
+    digest.len = sizeof(digestData);
+    sig.data = sigData;
+    sig.len = sizeof(sigData);
+
+    rv = EC_NewKey(&ecParams, &ecPriv);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    ecPub.ecParams = ecParams;
+    ecPub.publicValue = ecPriv->publicValue;
+
+    if (ecCurve_map[curve]->usage & KU_KEY_AGREEMENT) {
+        rv = M_TimeOperation(genericThread, (op_func)ECDH_DeriveWrap, "ECDH_Derive",
+                             ecPriv, &ecPub, NULL, iterations, numThreads, 0, 0, 0, &deriveRate);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+    }
+
+    if (ecCurve_map[curve]->usage & KU_DIGITAL_SIGNATURE) {
+        rv = M_TimeOperation(genericThread, (op_func)ECDSA_SignDigest, "ECDSA_Sign",
+                             ecPriv, &sig, &digest, iterations, numThreads, 0, 0, 1, &signRate);
+        if (rv != SECSuccess)
+            goto cleanup;
+        printf("        ECDHE max rate = %.2f\n", (deriveRate + signRate) / 4.0);
+        rv = ECDSA_SignDigest(ecPriv, &sig, &digest);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        rv = M_TimeOperation(genericThread, (op_func)ECDSA_VerifyDigest, "ECDSA_Verify",
+                             &ecPub, &sig, &digest, iterations, numThreads, 0, 0, 0, NULL);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    PORT_FreeArena(arena, PR_FALSE);
+    PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
+    return rv;
+}
+
+/* Prints help information. */
+void
+printUsage(char *prog)
+{
+    printf("Usage: %s [-i iterations] [-t threads ] [-ans] [-fp] [-Al]\n"
+           "-a: ansi\n-n: nist\n-s: secp\n-f: usefreebl\n-p: usepkcs11\n-A: all\n",
+           prog);
+}
+
+/* Performs tests of elliptic curve cryptography over prime fields If
+ * tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+    int ansi = 0;
+    int nist = 0;
+    int secp = 0;
+    int usefreebl = 0;
+    int usepkcs11 = 0;
+    int i;
+    SECStatus rv = SECSuccess;
+    int iterations = 100;
+    int numThreads = 1;
+
+    const CK_C_INITIALIZE_ARGS pk11args = {
+        NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS,
+        (void *)"flags=readOnly,noCertDB,noModDB", NULL
+    };
+
+    /* read command-line arguments */
+    for (i = 1; i < argv; i++) {
+        if (PL_strcasecmp(argc[i], "-i") == 0) {
+            i++;
+            iterations = atoi(argc[i]);
+        } else if (PL_strcasecmp(argc[i], "-t") == 0) {
+            i++;
+            numThreads = atoi(argc[i]);
+        } else if (PL_strcasecmp(argc[i], "-A") == 0) {
+            ansi = nist = secp = 1;
+            usepkcs11 = usefreebl = 1;
+        } else if (PL_strcasecmp(argc[i], "-a") == 0) {
+            ansi = 1;
+        } else if (PL_strcasecmp(argc[i], "-n") == 0) {
+            nist = 1;
+        } else if (PL_strcasecmp(argc[i], "-s") == 0) {
+            secp = 1;
+        } else if (PL_strcasecmp(argc[i], "-p") == 0) {
+            usepkcs11 = 1;
+        } else if (PL_strcasecmp(argc[i], "-f") == 0) {
+            usefreebl = 1;
+        } else {
+            printUsage(argc[0]);
+            return 0;
+        }
+    }
+
+    if ((ansi | nist | secp) == 0) {
+        nist = 1;
+    }
+    if ((usepkcs11 | usefreebl) == 0) {
+        usefreebl = 1;
+    }
+
+    rv = RNG_RNGInit();
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", "RNG_RNGInit");
+        return -1;
+    }
+    RNG_SystemInfoForRNG();
+
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", "SECOID_Init");
+        goto cleanup;
+    }
+
+    if (usepkcs11) {
+        CK_RV crv = NSC_Initialize((CK_VOID_PTR)&pk11args);
+        if (crv != CKR_OK) {
+            fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv);
+            return SECFailure;
+        }
+    }
+
+    /* specific arithmetic tests */
+    if (nist) {
+        ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
+        ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
+        ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
+        ECTEST_NAMED_CUSTOM("Curve25519", ECCurve25519);
+    }
+
+cleanup:
+    rv |= SECOID_Shutdown();
+    RNG_RNGShutdown();
+
+    if (rv != SECSuccess) {
+        printf("Error: exiting with error value\n");
+    }
+    return rv;
+}
diff --git a/nss/cmd/ecperf/ecperf.gyp b/nss/cmd/ecperf/ecperf.gyp
new file mode 100644
index 0000000..c6e9944
--- /dev/null
+++ b/nss/cmd/ecperf/ecperf.gyp
@@ -0,0 +1,35 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'ecperf',
+      'type': 'executable',
+      'sources': [
+        'ecperf.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '<(DEPTH)/lib/softoken',
+    ],
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/ecperf/manifest.mn b/nss/cmd/ecperf/manifest.mn
new file mode 100755
index 0000000..96cdc5a
--- /dev/null
+++ b/nss/cmd/ecperf/manifest.mn
@@ -0,0 +1,18 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH = ../..
+CORE_DEPTH = ../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
+
+CSRCS = ecperf.c
+
+PROGRAM = ecperf
+
+USE_STATIC_LIBS = 1
diff --git a/nss/cmd/ectest/Makefile b/nss/cmd/ectest/Makefile
new file mode 100644
index 0000000..d20daa4
--- /dev/null
+++ b/nss/cmd/ectest/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/ectest/ectest.c b/nss/cmd/ectest/ectest.c
new file mode 100644
index 0000000..545fbdd
--- /dev/null
+++ b/nss/cmd/ectest/ectest.c
@@ -0,0 +1,186 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "blapi.h"
+#include "ec.h"
+#include "ecl-curve.h"
+#include "prprf.h"
+#include "basicutil.h"
+#include "secder.h"
+#include "secitem.h"
+#include "nspr.h"
+#include <stdio.h>
+
+typedef struct {
+    ECCurveName curve;
+    char *privhex;
+    char *our_pubhex;
+    char *their_pubhex;
+    char *common_key;
+    char *name;
+} ECDH_KAT;
+
+#include "testvecs.h"
+
+/*
+ * Initializes a SECItem from a hexadecimal string
+ *
+ */
+static SECItem *
+hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
+{
+    int i = 0;
+    int byteval = 0;
+    int tmp = PORT_Strlen(str);
+
+    PORT_Assert(arena);
+    PORT_Assert(item);
+
+    if ((tmp % 2) != 0) {
+        return NULL;
+    }
+
+    item = SECITEM_AllocItem(arena, item, tmp / 2);
+    if (item == NULL) {
+        return NULL;
+    }
+
+    while (str[i]) {
+        if ((str[i] >= '0') && (str[i] <= '9')) {
+            tmp = str[i] - '0';
+        } else if ((str[i] >= 'a') && (str[i] <= 'f')) {
+            tmp = str[i] - 'a' + 10;
+        } else if ((str[i] >= 'A') && (str[i] <= 'F')) {
+            tmp = str[i] - 'A' + 10;
+        } else {
+            /* item is in arena and gets freed by the caller */
+            return NULL;
+        }
+
+        byteval = byteval * 16 + tmp;
+        if ((i % 2) != 0) {
+            item->data[i / 2] = byteval;
+            byteval = 0;
+        }
+        i++;
+    }
+
+    return item;
+}
+
+SECStatus
+ectest_ecdh_kat(ECDH_KAT *kat)
+{
+    ECCurveName curve = kat->curve;
+    ECParams ecParams = { 0 };
+    ECPrivateKey *ecPriv = NULL;
+    SECItem theirKey = { siBuffer, NULL, 0 };
+    SECStatus rv = SECFailure;
+    PLArenaPool *arena;
+    SECItem seed = { siBuffer, NULL, 0 };
+    SECItem answer = { siBuffer, NULL, 0 };
+    SECItem answer2 = { siBuffer, NULL, 0 };
+    SECItem derived = { siBuffer, NULL, 0 };
+    char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve)) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return SECFailure;
+    }
+
+    ecParams.name = curve;
+    ecParams.type = ec_params_named;
+    ecParams.curveOID.data = NULL;
+    ecParams.curveOID.len = 0;
+    ecParams.curve.seed.data = NULL;
+    ecParams.curve.seed.len = 0;
+    ecParams.DEREncoding.data = NULL;
+    ecParams.DEREncoding.len = 0;
+
+    ecParams.fieldID.size = ecCurve_map[curve]->size;
+    ecParams.fieldID.type = ec_field_GFp;
+    hexString2SECItem(arena, &ecParams.fieldID.u.prime, ecCurve_map[curve]->irr);
+    hexString2SECItem(arena, &ecParams.curve.a, ecCurve_map[curve]->curvea);
+    hexString2SECItem(arena, &ecParams.curve.b, ecCurve_map[curve]->curveb);
+    genenc[0] = '0';
+    genenc[1] = '4';
+    genenc[2] = '\0';
+    strcat(genenc, ecCurve_map[curve]->genx);
+    strcat(genenc, ecCurve_map[curve]->geny);
+    hexString2SECItem(arena, &ecParams.base, genenc);
+    hexString2SECItem(arena, &ecParams.order, ecCurve_map[curve]->order);
+    ecParams.cofactor = ecCurve_map[curve]->cofactor;
+
+    hexString2SECItem(arena, &answer, kat->our_pubhex);
+    hexString2SECItem(arena, &seed, kat->privhex);
+    rv = EC_NewKeyFromSeed(&ecParams, &ecPriv, seed.data, seed.len);
+    if (rv != SECSuccess) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+    if (SECITEM_CompareItem(&answer, &ecPriv->publicValue) != SECEqual) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+
+    hexString2SECItem(arena, &theirKey, kat->their_pubhex);
+    hexString2SECItem(arena, &answer2, kat->common_key);
+    rv = ECDH_Derive(&theirKey, &ecParams, &ecPriv->privateValue, PR_TRUE, &derived);
+    if (rv != SECSuccess) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+
+    if (SECITEM_CompareItem(&answer2, &derived) != SECEqual) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+cleanup:
+    PORT_FreeArena(arena, PR_FALSE);
+    PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
+    SECITEM_FreeItem(&derived, PR_FALSE);
+    return rv;
+}
+
+/* Performs tests of elliptic curve cryptography over prime fields If
+ * tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+    SECStatus rv = SECSuccess;
+    int numkats = 0;
+    int i = 0;
+
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", "SECOID_Init");
+        goto cleanup;
+    }
+
+    while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
+        numkats++;
+    }
+    printf("1..%d\n", numkats);
+    for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
+        rv = ectest_ecdh_kat(&ecdh_testvecs[i]);
+        if (rv != SECSuccess) {
+            printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
+        } else {
+            printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
+        }
+    }
+
+cleanup:
+    rv |= SECOID_Shutdown();
+
+    if (rv != SECSuccess) {
+        printf("Error: exiting with error value\n");
+    }
+    return rv;
+}
diff --git a/nss/cmd/ectest/manifest.mn b/nss/cmd/ectest/manifest.mn
new file mode 100644
index 0000000..6d6b77c
--- /dev/null
+++ b/nss/cmd/ectest/manifest.mn
@@ -0,0 +1,18 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH = ../..
+CORE_DEPTH = ../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
+
+CSRCS = ectest.c
+
+PROGRAM = ectest
+
+USE_STATIC_LIBS = 1
diff --git a/nss/cmd/ectest/testvecs.h b/nss/cmd/ectest/testvecs.h
new file mode 100644
index 0000000..3f76440
--- /dev/null
+++ b/nss/cmd/ectest/testvecs.h
@@ -0,0 +1,728 @@
+static ECDH_KAT ecdh_testvecs[] = {
+    { ECCurve_NIST_P256,
+      "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
+      "04ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b23028af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141",
+      "04700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
+      "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
+      "curve: P256 vector: 0" },
+
+    { ECCurve_NIST_P256,
+      "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5",
+      "04119f2f047902782ab0c9e27a54aff5eb9b964829ca99c06b02ddba95b0a3f6d08f52b726664cac366fc98ac7a012b2682cbd962e5acb544671d41b9445704d1d",
+      "04809f04289c64348c01515eb03d5ce7ac1a8cb9498f5caa50197e58d43a86a7aeb29d84e811197f25eba8f5194092cb6ff440e26d4421011372461f579271cda3",
+      "057d636096cb80b67a8c038c890e887d1adfa4195e9b3ce241c8a778c59cda67",
+      "curve: P256 vector: 1" },
+
+    { ECCurve_NIST_P256,
+      "1accfaf1b97712b85a6f54b148985a1bdc4c9bec0bd258cad4b3d603f49f32c8",
+      "04d9f2b79c172845bfdb560bbb01447ca5ecc0470a09513b6126902c6b4f8d1051f815ef5ec32128d3487834764678702e64e164ff7315185e23aff5facd96d7bc",
+      "04a2339c12d4a03c33546de533268b4ad667debf458b464d77443636440ee7fec3ef48a3ab26e20220bcda2c1851076839dae88eae962869a497bf73cb66faf536",
+      "2d457b78b4614132477618a5b077965ec90730a8c81a1c75d6d4ec68005d67ec",
+      "curve: P256 vector: 2" },
+
+    { ECCurve_NIST_P256,
+      "207c43a79bfee03db6f4b944f53d2fb76cc49ef1c9c4d34d51b6c65c4db6932d",
+      "0424277c33f450462dcb3d4801d57b9ced05188f16c28eda873258048cd1607e0dc4789753e2b1f63b32ff014ec42cd6a69fac81dfe6d0d6fd4af372ae27c46f88",
+      "04df3989b9fa55495719b3cf46dccd28b5153f7808191dd518eff0c3cff2b705ed422294ff46003429d739a33206c8752552c8ba54a270defc06e221e0feaf6ac4",
+      "96441259534b80f6aee3d287a6bb17b5094dd4277d9e294f8fe73e48bf2a0024",
+      "curve: P256 vector: 3" },
+
+    { ECCurve_NIST_P256,
+      "59137e38152350b195c9718d39673d519838055ad908dd4757152fd8255c09bf",
+      "04a8c5fdce8b62c5ada598f141adb3b26cf254c280b2857a63d2ad783a73115f6b806e1aafec4af80a0d786b3de45375b517a7e5b51ffb2c356537c9e6ef227d4a",
+      "0441192d2813e79561e6a1d6f53c8bc1a433a199c835e141b05a74a97b0faeb9221af98cc45e98a7e041b01cf35f462b7562281351c8ebf3ffa02e33a0722a1328",
+      "19d44c8d63e8e8dd12c22a87b8cd4ece27acdde04dbf47f7f27537a6999a8e62",
+      "curve: P256 vector: 4" },
+
+    { ECCurve_NIST_P256,
+      "f5f8e0174610a661277979b58ce5c90fee6c9b3bb346a90a7196255e40b132ef",
+      "047b861dcd2844a5a8363f6b8ef8d493640f55879217189d80326aad9480dfc149c4675b45eeb306405f6c33c38bc69eb2bdec9b75ad5af4706aab84543b9cc63a",
+      "0433e82092a0f1fb38f5649d5867fba28b503172b7035574bf8e5b7100a3052792f2cf6b601e0a05945e335550bf648d782f46186c772c0f20d3cd0d6b8ca14b2f",
+      "664e45d5bba4ac931cd65d52017e4be9b19a515f669bea4703542a2c525cd3d3",
+      "curve: P256 vector: 5" },
+
+    { ECCurve_NIST_P256,
+      "3b589af7db03459c23068b64f63f28d3c3c6bc25b5bf76ac05f35482888b5190",
+      "049fb38e2d58ea1baf7622e96720101cae3cde4ba6c1e9fa26d9b1de0899102863d5561b900406edf50802dd7d73e89395f8aed72fba0e1d1b61fe1d22302260f0",
+      "046a9e0c3f916e4e315c91147be571686d90464e8bf981d34a90b6353bca6eeba740f9bead39c2f2bcc2602f75b8a73ec7bdffcbcead159d0174c6c4d3c5357f05",
+      "ca342daa50dc09d61be7c196c85e60a80c5cb04931746820be548cdde055679d",
+      "curve: P256 vector: 6" },
+
+    { ECCurve_NIST_P256,
+      "d8bf929a20ea7436b2461b541a11c80e61d826c0a4c9d322b31dd54e7f58b9c8",
+      "0420f07631e4a6512a89ad487c4e9d63039e579cb0d7a556cb9e661cd59c1e7fa46de91846b3eee8a5ec09c2ab1f41e21bd83620ccdd1bdce3ab7ea6e02dd274f5",
+      "04a9c0acade55c2a73ead1a86fb0a9713223c82475791cd0e210b046412ce224bbf6de0afa20e93e078467c053d241903edad734c6b403ba758c2b5ff04c9d4229",
+      "35aa9b52536a461bfde4e85fc756be928c7de97923f0416c7a3ac8f88b3d4489",
+      "curve: P256 vector: 7" },
+
+    { ECCurve_NIST_P256,
+      "0f9883ba0ef32ee75ded0d8bda39a5146a29f1f2507b3bd458dbea0b2bb05b4d",
+      "04abb61b423be5d6c26e21c605832c9142dc1dfe5a5fff28726737936e6fbf516d733d2513ef58beab202090586fac91bf0fee31e80ab33473ab23a2d89e58fad6",
+      "0494e94f16a98255fff2b9ac0c9598aac35487b3232d3231bd93b7db7df36f9eb9d8049a43579cfa90b8093a94416cbefbf93386f15b3f6e190b6e3455fedfe69a",
+      "605c16178a9bc875dcbff54d63fe00df699c03e8a888e9e94dfbab90b25f39b4",
+      "curve: P256 vector: 8" },
+
+    { ECCurve_NIST_P256,
+      "2beedb04b05c6988f6a67500bb813faf2cae0d580c9253b6339e4a3337bb6c08",
+      "043d63e429cb5fa895a9247129bf4e48e89f35d7b11de8158efeb3e106a2a873950cae9e477ef41e7c8c1064379bb7b554ddcbcae79f9814281f1e50f0403c61f3",
+      "04e099bf2a4d557460b5544430bbf6da11004d127cb5d67f64ab07c94fcdf5274fd9c50dbe70d714edb5e221f4e020610eeb6270517e688ca64fb0e98c7ef8c1c5",
+      "f96e40a1b72840854bb62bc13c40cc2795e373d4e715980b261476835a092e0b",
+      "curve: P256 vector: 9" },
+
+    { ECCurve_NIST_P256,
+      "77c15dcf44610e41696bab758943eff1409333e4d5a11bbe72c8f6c395e9f848",
+      "04ad5d13c3db508ddcd38457e5991434a251bed49cf5ddcb59cdee73865f138c9f62cec1e70588aa4fdfc7b9a09daa678081c04e1208b9d662b8a2214bf8e81a21",
+      "04f75a5fe56bda34f3c1396296626ef012dc07e4825838778a645c8248cff0165833bbdf1b1772d8059df568b061f3f1122f28a8d819167c97be448e3dc3fb0c3c",
+      "8388fa79c4babdca02a8e8a34f9e43554976e420a4ad273c81b26e4228e9d3a3",
+      "curve: P256 vector: 10" },
+
+    { ECCurve_NIST_P256,
+      "42a83b985011d12303db1a800f2610f74aa71cdf19c67d54ce6c9ed951e9093e",
+      "04ab48caa61ea35f13f8ed07ffa6a13e8db224dfecfae1a7df8b1bb6ebaf0cb97d1274530ca2c385a3218bddfbcbf0b4024c9badd5243bff834ebff24a8618dccb",
+      "042db4540d50230756158abf61d9835712b6486c74312183ccefcaef2797b7674d62f57f314e3f3495dc4e099012f5e0ba71770f9660a1eada54104cdfde77243e",
+      "72877cea33ccc4715038d4bcbdfe0e43f42a9e2c0c3b017fc2370f4b9acbda4a",
+      "curve: P256 vector: 11" },
+
+    { ECCurve_NIST_P256,
+      "ceed35507b5c93ead5989119b9ba342cfe38e6e638ba6eea343a55475de2800b",
+      "049a8cd9bd72e71752df91440f77c547509a84df98114e7de4f26cdb39234a625dd07cfc84c8e144fab2839f5189bb1d7c88631d579bbc58012ed9a2327da52f62",
+      "04cd94fc9497e8990750309e9a8534fd114b0a6e54da89c4796101897041d14ecbc3def4b5fe04faee0a11932229fff563637bfdee0e79c6deeaf449f85401c5c4",
+      "e4e7408d85ff0e0e9c838003f28cdbd5247cdce31f32f62494b70e5f1bc36307",
+      "curve: P256 vector: 12" },
+
+    { ECCurve_NIST_P256,
+      "43e0e9d95af4dc36483cdd1968d2b7eeb8611fcce77f3a4e7d059ae43e509604",
+      "04f989cf8ee956a82e7ebd9881cdbfb2fd946189b08db53559bc8cfdd48071eb145eff28f1a18a616b04b7d337868679f6dd84f9a7b3d7b6f8af276c19611a541d",
+      "0415b9e467af4d290c417402e040426fe4cf236bae72baa392ed89780dfccdb471cdf4e9170fb904302b8fd93a820ba8cc7ed4efd3a6f2d6b05b80b2ff2aee4e77",
+      "ed56bcf695b734142c24ecb1fc1bb64d08f175eb243a31f37b3d9bb4407f3b96",
+      "curve: P256 vector: 13" },
+
+    { ECCurve_NIST_P256,
+      "b2f3600df3368ef8a0bb85ab22f41fc0e5f4fdd54be8167a5c3cd4b08db04903",
+      "0469c627625b36a429c398b45c38677cb35d8beb1cf78a571e40e99fe4eac1cd4e81690112b0a88f20f7136b28d7d47e5fbc2ada3c8edd87589bc19ec9590637bd",
+      "0449c503ba6c4fa605182e186b5e81113f075bc11dcfd51c932fb21e951eee2fa18af706ff0922d87b3f0c5e4e31d8b259aeb260a9269643ed520a13bb25da5924",
+      "bc5c7055089fc9d6c89f83c1ea1ada879d9934b2ea28fcf4e4a7e984b28ad2cf",
+      "curve: P256 vector: 14" },
+
+    { ECCurve_NIST_P256,
+      "4002534307f8b62a9bf67ff641ddc60fef593b17c3341239e95bdb3e579bfdc8",
+      "045fe964671315a18aa68a2a6e3dd1fde7e23b8ce7181471cfac43c99e1ae80262d5827be282e62c84de531b963884ba832db5d6b2c3a256f0e604fe7e6b8a7f72",
+      "0419b38de39fdd2f70f7091631a4f75d1993740ba9429162c2a45312401636b29c09aed7232b28e060941741b6828bcdfa2bc49cc844f3773611504f82a390a5ae",
+      "9a4e8e657f6b0e097f47954a63c75d74fcba71a30d83651e3e5a91aa7ccd8343",
+      "curve: P256 vector: 15" },
+
+    { ECCurve_NIST_P256,
+      "4dfa12defc60319021b681b3ff84a10a511958c850939ed45635934ba4979147",
+      "04c9b2b8496f1440bd4a2d1e52752fd372835b364885e154a7dac49295f281ec7cfbe6b926a8a4de26ccc83b802b1212400754be25d9f3eeaf008b09870ae76321",
+      "042c91c61f33adfe9311c942fdbff6ba47020feff416b7bb63cec13faf9b0999546cab31b06419e5221fca014fb84ec870622a1b12bab5ae43682aa7ea73ea08d0",
+      "3ca1fc7ad858fb1a6aba232542f3e2a749ffc7203a2374a3f3d3267f1fc97b78",
+      "curve: P256 vector: 16" },
+
+    { ECCurve_NIST_P256,
+      "1331f6d874a4ed3bc4a2c6e9c74331d3039796314beee3b7152fcdba5556304e",
+      "0459e1e101521046ad9cf1d082e9d2ec7dd22530cce064991f1e55c5bcf5fcb591482f4f673176c8fdaa0bb6e59b15a3e47454e3a04297d3863c9338d98add1f37",
+      "04a28a2edf58025668f724aaf83a50956b7ac1cfbbff79b08c3bf87dfd2828d767dfa7bfffd4c766b86abeaf5c99b6e50cb9ccc9d9d00b7ffc7804b0491b67bc03",
+      "1aaabe7ee6e4a6fa732291202433a237df1b49bc53866bfbe00db96a0f58224f",
+      "curve: P256 vector: 17" },
+
+    { ECCurve_NIST_P256,
+      "dd5e9f70ae740073ca0204df60763fb6036c45709bf4a7bb4e671412fad65da3",
+      "0430b9db2e2e977bcdc98cb87dd736cbd8e78552121925cf16e1933657c2fb23146a45028800b81291bce5c2e1fed7ded650620ebbe6050c6f3a7f0dfb4673ab5c",
+      "04a2ef857a081f9d6eb206a81c4cf78a802bdf598ae380c8886ecd85fdc1ed7644563c4c20419f07bc17d0539fade1855e34839515b892c0f5d26561f97fa04d1a",
+      "430e6a4fba4449d700d2733e557f66a3bf3d50517c1271b1ddae1161b7ac798c",
+      "curve: P256 vector: 18" },
+
+    { ECCurve_NIST_P256,
+      "5ae026cfc060d55600717e55b8a12e116d1d0df34af831979057607c2d9c2f76",
+      "0446c9ebd1a4a3c8c0b6d572b5dcfba12467603208a9cb5d2acfbb733c40cf639146c913a27d044185d38b467ace011e04d4d9bbbb8cb9ae25fa92aaf15a595e86",
+      "04ccd8a2d86bc92f2e01bce4d6922cf7fe1626aed044685e95e2eebd464505f01fe9ddd583a9635a667777d5b8a8f31b0f79eba12c75023410b54b8567dddc0f38",
+      "1ce9e6740529499f98d1f1d71329147a33df1d05e4765b539b11cf615d6974d3",
+      "curve: P256 vector: 19" },
+
+    { ECCurve_NIST_P256,
+      "b601ac425d5dbf9e1735c5e2d5bdb79ca98b3d5be4a2cfd6f2273f150e064d9d",
+      "047c9e950841d26c8dde8994398b8f5d475a022bc63de7773fcf8d552e01f1ba0acc42b9885c9b3bee0f8d8c57d3a8f6355016c019c4062fa22cff2f209b5cc2e1",
+      "04c188ffc8947f7301fb7b53e36746097c2134bf9cc981ba74b4e9c4361f595e4ebf7d2f2056e72421ef393f0c0f2b0e00130e3cac4abbcc00286168e85ec55051",
+      "4690e3743c07d643f1bc183636ab2a9cb936a60a802113c49bb1b3f2d0661660",
+      "curve: P256 vector: 20" },
+
+    { ECCurve_NIST_P256,
+      "fefb1dda1845312b5fce6b81b2be205af2f3a274f5a212f66c0d9fc33d7ae535",
+      "0438b54db85500cb20c61056edd3d88b6a9dc26780a047f213a6e1b900f76596eb6387e4e5781571e4eb8ae62991a33b5dc33301c5bc7e125d53794a39160d8fd0",
+      "04317e1020ff53fccef18bf47bb7f2dd7707fb7b7a7578e04f35b3beed222a0eb609420ce5a19d77c6fe1ee587e6a49fbaf8f280e8df033d75403302e5a27db2ae",
+      "30c2261bd0004e61feda2c16aa5e21ffa8d7e7f7dbf6ec379a43b48e4b36aeb0",
+      "curve: P256 vector: 21" },
+
+    { ECCurve_NIST_P256,
+      "334ae0c4693d23935a7e8e043ebbde21e168a7cba3fa507c9be41d7681e049ce",
+      "043f2bf1589abf3047bf3e54ac9a95379bff95f8f55405f64eca36a7eebe8ffca75212a94e66c5ae9a8991872f66a72723d80ec5b2e925745c456f5371943b3a06",
+      "0445fb02b2ceb9d7c79d9c2fa93e9c7967c2fa4df5789f9640b24264b1e524fcb15c6e8ecf1f7d3023893b7b1ca1e4d178972ee2a230757ddc564ffe37f5c5a321",
+      "2adae4a138a239dcd93c243a3803c3e4cf96e37fe14e6a9b717be9599959b11c",
+      "curve: P256 vector: 22" },
+
+    { ECCurve_NIST_P256,
+      "2c4bde40214fcc3bfc47d4cf434b629acbe9157f8fd0282540331de7942cf09d",
+      "0429c0807f10cbc42fb45c9989da50681eead716daa7b9e91fd32e062f5eb92ca0ff1d6d1955d7376b2da24fe1163a271659136341bc2eb1195fc706dc62e7f34d",
+      "04a19ef7bff98ada781842fbfc51a47aff39b5935a1c7d9625c8d323d511c92de6e9c184df75c955e02e02e400ffe45f78f339e1afe6d056fb3245f4700ce606ef",
+      "2e277ec30f5ea07d6ce513149b9479b96e07f4b6913b1b5c11305c1444a1bc0b",
+      "curve: P256 vector: 23" },
+
+    { ECCurve_NIST_P256,
+      "85a268f9d7772f990c36b42b0a331adc92b5941de0b862d5d89a347cbf8faab0",
+      "049cf4b98581ca1779453cc816ff28b4100af56cf1bf2e5bc312d83b6b1b21d3337a5504fcac5231a0d12d658218284868229c844a04a3450d6c7381abe080bf3b",
+      "04356c5a444c049a52fee0adeb7e5d82ae5aa83030bfff31bbf8ce2096cf161c4b57d128de8b2a57a094d1a001e572173f96e8866ae352bf29cddaf92fc85b2f92",
+      "1e51373bd2c6044c129c436e742a55be2a668a85ae08441b6756445df5493857",
+      "curve: P256 vector: 24" },
+
+    { ECCurve_NIST_P384,
+      "3cc3122a68f0d95027ad38c067916ba0eb8c38894d22e1b15618b6818a661774ad463b205da88cf699ab4d43c9cf98a1",
+      "049803807f2f6d2fd966cdd0290bd410c0190352fbec7ff6247de1302df86f25d34fe4a97bef60cff548355c015dbb3e5"
+      "fba26ca69ec2f5b5d9dad20cc9da711383a9dbe34ea3fa5a2af75b46502629ad54dd8b7d73a8abb06a3a3be47d650cc99",
+      "04a7c76b970c3b5fe8b05d2838ae04ab47697b9eaf52e764592efda27fe7513272734466b400091adbf2d68c58e0c5006"
+      "6ac68f19f2e1cb879aed43a9969b91a0839c4c38a49749b661efedf243451915ed0905a32b060992b468c64766fc8437a",
+      "5f9d29dc5e31a163060356213669c8ce132e22f57c9a04f40ba7fcead493b457e5621e766c40a2e3d4d6a04b25e533f1",
+      "curve: P384 vector: 0" },
+
+    { ECCurve_NIST_P384,
+      "92860c21bde06165f8e900c687f8ef0a05d14f290b3f07d8b3a8cc6404366e5d5119cd6d03fb12dc58e89f13df9cd783",
+      "04ea4018f5a307c379180bf6a62fd2ceceebeeb7d4df063a66fb838aa35243419791f7e2c9d4803c9319aa0eb03c416b"
+      "6668835a91484f05ef028284df6436fb88ffebabcdd69ab0133e6735a1bcfb37203d10d340a8328a7b68770ca75878a1a6",
+      "0430f43fcf2b6b00de53f624f1543090681839717d53c7c955d1d69efaf0349b7363acb447240101cbb3af6641ce4b88e0"
+      "25e46c0c54f0162a77efcc27b6ea792002ae2ba82714299c860857a68153ab62e525ec0530d81b5aa15897981e858757",
+      "a23742a2c267d7425fda94b93f93bbcc24791ac51cd8fd501a238d40812f4cbfc59aac9520d758cf789c76300c69d2ff",
+      "curve: P384 vector: 1" },
+
+    { ECCurve_NIST_P384,
+      "12cf6a223a72352543830f3f18530d5cb37f26880a0b294482c8a8ef8afad09aa78b7dc2f2789a78c66af5d1cc553853",
+      "04fcfcea085e8cf74d0dced1620ba8423694f903a219bbf901b0b59d6ac81baad316a242ba32bde85cb248119b852fab6"
+      "6972e3c68c7ab402c5836f2a16ed451a33120a7750a6039f3ff15388ee622b7065f7122bf6d51aefbc29b37b03404581b",
+      "041aefbfa2c6c8c855a1a216774550b79a24cda37607bb1f7cc906650ee4b3816d68f6a9c75da6e4242cebfb6652f65180"
+      "419d28b723ebadb7658fcebb9ad9b7adea674f1da3dc6b6397b55da0f61a3eddacb4acdb14441cb214b04a0844c02fa3",
+      "3d2e640f350805eed1ff43b40a72b2abed0a518bcebe8f2d15b111b6773223da3c3489121db173d414b5bd5ad7153435",
+      "curve: P384 vector: 2" },
+
+    { ECCurve_NIST_P384,
+      "8dd48063a3a058c334b5cc7a4ce07d02e5ee6d8f1f3c51a1600962cbab462690ae3cd974fb39e40b0e843daa0fd32de1",
+      "04e38c9846248123c3421861ea4d32669a7b5c3c08376ad28104399494c84ff5efa3894adb2c6cbe8c3c913ef2eec5bd3"
+      "c9fa84024a1028796df84021f7b6c9d02f0f4bd1a612a03cbf75a0beea43fef8ae84b48c60172aadf09c1ad016d0bf3ce",
+      "048bc089326ec55b9cf59b34f0eb754d93596ca290fcb3444c83d4de3a5607037ec397683f8cef07eab2fe357eae36c44"
+      "9d9d16ce8ac85b3f1e94568521aae534e67139e310ec72693526aa2e927b5b322c95a1a033c229cb6770c957cd3148dd7",
+      "6a42cfc392aba0bfd3d17b7ccf062b91fc09bbf3417612d02a90bdde62ae40c54bb2e56e167d6b70db670097eb8db854",
+      "curve: P384 vector: 3" },
+
+    { ECCurve_NIST_P384,
+      "84ece6cc3429309bd5b23e959793ed2b111ec5cb43b6c18085fcaea9efa0685d98a6262ee0d330ee250bc8a67d0e733f",
+      "043222063a2997b302ee60ee1961108ff4c7acf1c0ef1d5fb0d164b84bce71c431705cb9aea9a45f5d73806655a058bee"
+      "3e61fa9e7fbe7cd43abf99596a3d3a039e99fa9dc93b0bdd9cad81966d17eeaf557068afa7c78466bb5b22032d1100fa6",
+      "04eb952e2d9ac0c20c6cc48fb225c2ad154f53c8750b003fd3b4ed8ed1dc0defac61bcdde02a2bcfee7067d75d342ed2b"
+      "0f1828205baece82d1b267d0d7ff2f9c9e15b69a72df47058a97f3891005d1fb38858f5603de840e591dfa4f6e7d489e1",
+      "ce7ba454d4412729a32bb833a2d1fd2ae612d4667c3a900e069214818613447df8c611de66da200db7c375cf913e4405",
+      "curve: P384 vector: 4" },
+
+    { ECCurve_NIST_P384,
+      "68fce2121dc3a1e37b10f1dde309f9e2e18fac47cd1770951451c3484cdb77cb136d00e731260597cc2859601c01a25b",
+      "04868be0e694841830e424d913d8e7d86b84ee1021d82b0ecf523f09fe89a76c0c95c49f2dfbcf829c1e39709d55efbb"
+      "3b9195eb183675b40fd92f51f37713317e4a9b4f715c8ab22e0773b1bc71d3a219f05b8116074658ee86b52e36f3897116",
+      "04441d029e244eb7168d647d4df50db5f4e4974ab3fdaf022aff058b3695d0b8c814cc88da6285dc6df1ac55c55388500"
+      "3e8025ac23a41d4b1ea2aa46c50c6e479946b59b6d76497cd9249977e0bfe4a6262622f13d42a3c43d66bdbb30403c345",
+      "ba69f0acdf3e1ca95caaac4ecaf475bbe51b54777efce01ca381f45370e486fe87f9f419b150c61e329a286d1aa265ec",
+      "curve: P384 vector: 5" },
+
+    { ECCurve_NIST_P384,
+      "b1764c54897e7aae6de9e7751f2f37de849291f88f0f91093155b858d1cc32a3a87980f706b86cc83f927bdfdbeae0bd",
+      "04c371222feaa6770c6f3ea3e0dac9740def4fcf821378b7f91ff937c21e0470f70f3a31d5c6b2912195f10926942b48ae"
+      "047d6b4d765123563f81116bc665b7b8cc6207830d805fd84da7cb805a65baa7c12fd592d1b5b5e3e65d9672a9ef7662",
+      "043d4e6bf08a73404accc1629873468e4269e82d90d832e58ad72142639b5a056ad8d35c66c60e8149fac0c797bceb7c2"
+      "f9b0308dc7f0e6d29f8c277acbc65a21e5adb83d11e6873bc0a07fda0997f482504602f59e10bc5cb476b83d0a4f75e71",
+      "1a6688ee1d6e59865d8e3ada37781d36bb0c2717eef92e61964d3927cb765c2965ea80f7f63e58c322ba0397faeaf62b",
+      "curve: P384 vector: 6" },
+
+    { ECCurve_NIST_P384,
+      "f0f7a96e70d98fd5a30ad6406cf56eb5b72a510e9f192f50e1f84524dbf3d2439f7287bb36f5aa912a79deaab4adea82",
+      "0499c8c41cb1ab5e0854a346e4b08a537c1706a61553387c8d94943ab15196d40dbaa55b8210a77a5d00915f2c4ea69e"
+      "ab5531065bdcf17bfb3cb55a02e41a57c7f694c383ad289f900fbd656c2233a93c92e933e7a26f54cbb56f0ad875c51bb0",
+      "04f5f6bef1d110da03be0017eac760cc34b24d092f736f237bc7054b3865312a813bcb62d297fb10a4f7abf54708fe2d3d"
+      "06fdf8d7dc032f4e10010bf19cbf6159321252ff415fb91920d438f24e67e60c2eb0463204679fa356af44cea9c9ebf5",
+      "d06a568bf2336b90cbac325161be7695eacb2295f599500d787f072612aca313ee5d874f807ddef6c1f023fe2b6e7cd0",
+      "curve: P384 vector: 7" },
+
+    { ECCurve_NIST_P384,
+      "9efb87ddc61d43c482ba66e1b143aef678fbd0d1bebc2000941fabe677fe5b706bf78fce36d100b17cc787ead74bbca2",
+      "044c34efee8f0c95565d2065d1bbac2a2dd25ae964320eb6bccedc5f3a9b42a881a1afca1bb6b880584fa27b01c193cd9"
+      "2d8fb01dbf7cd0a3868c26b951f393c3c56c2858cee901f7793ff5d271925d13a41f8e52409f4eba1990f33acb0bac669",
+      "047cdec77e0737ea37c67b89b7137fe38818010f4464438ee4d1d35a0c488cad3fde2f37d00885d36d3b795b9f93d23a6"
+      "728c42ee8d6027c56cf979ba4c229fdb01d234944f8ac433650112c3cf0f02844e888a3569dfef7828a8a884589aa055e",
+      "bb3b1eda9c6560d82ff5bee403339f1e80342338a991344853b56b24f109a4d94b92f654f0425edd4c205903d7586104",
+      "curve: P384 vector: 8" },
+
+    { ECCurve_NIST_P384,
+      "d787a57fde22ec656a0a525cf3c738b30d73af61e743ea90893ecb2d7b622add2f94ee25c2171467afb093f3f84d0018",
+      "04171546923b87b2cbbad664f01ce932bf09d6a6118168678446bfa9f0938608cb4667a98f4ec8ac1462285c2508f7486"
+      "2fa41cb4db68ae71f1f8a3e8939dc52c2dec61a83c983beb2a02baf29ec49278088882ed0cf56c74b5c173b552ccf63cf",
+      "048eeea3a319c8df99fbc29cb55f243a720d95509515ee5cc587a5c5ae22fbbd009e626db3e911def0b99a4f7ae304b1b"
+      "a73877dc94db9adddc0d9a4b24e8976c22d73c844370e1ee857f8d1b129a3bd5f63f40caf3bd0533e38a5f5777074ff9e",
+      "1e97b60add7cb35c7403dd884c0a75795b7683fff8b49f9d8672a8206bfdcf0a106b8768f983258c74167422e44e4d14",
+      "curve: P384 vector: 9" },
+
+    { ECCurve_NIST_P384,
+      "83d70f7b164d9f4c227c767046b20eb34dfc778f5387e32e834b1e6daec20edb8ca5bb4192093f543b68e6aeb7ce788b",
+      "0457cd770f3bbcbe0c78c770eab0b169bc45e139f86378ffae1c2b16966727c2f2eb724572b8f3eb228d130db4ff862c"
+      "637ec5c8813b685558d83e924f14bc719f6eb7ae0cbb2c474227c5bda88637a4f26c64817929af999592da6f787490332f",
+      "04a721f6a2d4527411834b13d4d3a33c29beb83ab7682465c6cbaf6624aca6ea58c30eb0f29dd842886695400d7254f20f"
+      "14ba6e26355109ad35129366d5e3a640ae798505a7fa55a96a36b5dad33de00474f6670f522214dd7952140ab0a7eb68",
+      "1023478840e54775bfc69293a3cf97f5bc914726455c66538eb5623e218feef7df4befa23e09d77145ad577db32b41f9",
+      "curve: P384 vector: 10" },
+
+    { ECCurve_NIST_P384,
+      "8f558e05818b88ed383d5fca962e53413db1a0e4637eda194f761944cbea114ab9d5da175a7d57882550b0e432f395a9",
+      "049a2f57f4867ce753d72b0d95195df6f96c1fae934f602efd7b6a54582f556cfa539d89005ca2edac08ad9b72dd1f60b"
+      "ad9b94ee82da9cc601f346044998ba387aee56404dc6ecc8ab2b590443319d0b2b6176f9d0eac2d44678ed561607d09a9",
+      "04d882a8505c2d5cb9b8851fc676677bb0087681ad53faceba1738286b45827561e7da37b880276c656cfc38b32ade847"
+      "e34b314bdc134575654573cffaf40445da2e6aaf987f7e913cd4c3091523058984a25d8f21da8326192456c6a0fa5f60c",
+      "6ad6b9dc8a6cf0d3691c501cbb967867f6e4bbb764b60dbff8fcff3ed42dbba39d63cf325b4b4078858495ddee75f954",
+      "curve: P384 vector: 11" },
+
+    { ECCurve_NIST_P384,
+      "0f5dee0affa7bbf239d5dff32987ebb7cf84fcceed643e1d3c62d0b3352aec23b6e5ac7fa4105c8cb26126ad2d1892cb",
+      "0423346bdfbc9d7c7c736e02bdf607671ff6082fdd27334a8bc75f3b23681ebe614d0597dd614fae58677c835a9f0b273"
+      "b82ba36290d2f94db41479eb45ab4eaf67928a2315138d59eecc9b5285dfddd6714f77557216ea44cc6fc119d8243efaf",
+      "04815c9d773dbf5fb6a1b86799966247f4006a23c92e68c55e9eaa998b17d8832dd4d84d927d831d4f68dac67c6488219f"
+      "e79269948b2611484560fd490feec887cb55ef99a4b524880fa7499d6a07283aae2afa33feab97deca40bc606c4d8764",
+      "cc9e063566d46b357b3fcae21827377331e5e290a36e60cd7c39102b828ae0b918dc5a02216b07fe6f1958d834e42437",
+      "curve: P384 vector: 12" },
+
+    { ECCurve_NIST_P384,
+      "037b633b5b8ba857c0fc85656868232e2febf59578718391b81da8541a00bfe53c30ae04151847f27499f8d7abad8cf4",
+      "048878ac8a947f7d5cb2b47aad24fbb8210d86126585399a2871f84aa9c5fde3074ae540c6bf82275ca822d0feb862bc7"
+      "4632f5cd2f900c2711c32f8930728eb647d31edd8d650f9654e7d33e5ed1b475489d08daa30d8cbcba6bfc3b60d9b5a37",
+      "041c0eeda7a2be000c5bdcda0478aed4db733d2a9e341224379123ad847030f29e3b168fa18e89a3c0fba2a6ce1c28fc3"
+      "bec8c1c83c118c4dbea94271869f2d868eb65e8b44e21e6f14b0f4d9b38c068daefa27114255b9a41d084cc4a1ad85456",
+      "deff7f03bd09865baf945e73edff6d5122c03fb561db87dec8662e09bed4340b28a9efe118337bb7d3d4f7f568635ff9",
+      "curve: P384 vector: 13" },
+
+    { ECCurve_NIST_P384,
+      "e3d07106bedcc096e7d91630ffd3094df2c7859db8d7edbb2e37b4ac47f429a637d06a67d2fba33838764ef203464991",
+      "04e74a1a2b85f1cbf8dbbdf050cf1aff8acb02fda2fb6591f9d3cfe4e79d0ae938a9c1483e7b75f8db24505d65065cdb1"
+      "81773ee591822f7abaa856a1a60bc0a5203548dbd1cb5025466eff8481bd07614eaa04a16c3db76905913e972a5b6b59d",
+      "04c95c185e256bf997f30b311548ae7f768a38dee43eeeef43083f3077be70e2bf39ac1d4daf360c514c8c6be623443d1"
+      "a3e63a663eaf75d8a765ab2b9a35513d7933fa5e26420a5244550ec6c3b6f033b96db2aca3d6ac6aab052ce929595aea5",
+      "c8b1038f735ad3bb3e4637c3e47eab487637911a6b7950a4e461948329d3923b969e5db663675623611a457fcda35a71",
+      "curve: P384 vector: 14" },
+
+    { ECCurve_NIST_P384,
+      "f3f9b0c65a49a506632c8a45b10f66b5316f9eeb06fae218f2da62333f99905117b141c760e8974efc4af10570635791",
+      "04a4ad77aa7d86e5361118a6b921710c820721210712f4c347985fdee58aa4effa1e28be80a17b120b139f96300f89b4"
+      "9b1ddf22e07e03f1560d8f45a480094560dba9fae7f9531130c1b57ebb95982496524f31d3797793396fa823f22bdb4328",
+      "043497238a7e6ad166df2dac039aa4dac8d17aa925e7c7631eb3b56e3aaa1c545fcd54d2e5985807910fb202b1fc191d2a"
+      "a49e5c487dcc7aa40a8f234c979446040d9174e3ad357d404d7765183195aed3f913641b90c81a306ebf0d8913861316",
+      "d337eaa32b9f716b8747b005b97a553c59dab0c51df41a2d49039cdae705aa75c7b9e7bc0b6a0e8c578c902bc4fff23e",
+      "curve: P384 vector: 15" },
+
+    { ECCurve_NIST_P384,
+      "59fce7fad7de28bac0230690c95710c720e528f9a4e54d3a6a8cd5fc5c5f21637031ce1c5b4e3d39647d8dcb9b794664",
+      "049c43bf971edf09402876ee742095381f78b1bd3aa39b5132af75dbfe7e98bd78bde10fe2e903c2b6379e1deee175a1b"
+      "0a6c58ecea5a477bb01bd543b339f1cc49f1371a2cda4d46eb4e53e250597942351a99665a122ffea9bde0636c375daf2",
+      "0490a34737d45b1aa65f74e0bd0659bc118f8e4b774b761944ffa6573c6df4f41dec0d11b697abd934d390871d4b453240"
+      "9b590719bb3307c149a7817be355d684893a307764b512eeffe07cb699edb5a6ffbf8d6032e6c79d5e93e94212c2aa4e",
+      "32d292b695a4488e42a7b7922e1ae537d76a3d21a0b2e36875f60e9f6d3e8779c2afb3a413b9dd79ae18e70b47d337c1",
+      "curve: P384 vector: 16" },
+
+    { ECCurve_NIST_P384,
+      "3e49fbf950a424c5d80228dc4bc35e9f6c6c0c1d04440998da0a609a877575dbe437d6a5cedaa2ddd2a1a17fd112aded",
+      "045a949594228b1a3d6f599eb3db0d06070fbc551c657b58234ba164ce3fe415fa5f3eb823c08dc29b8c341219c77b6b3"
+      "d2baad447c8c290cfed25edd9031c41d0b76921457327f42db31122b81f337bbf0b1039ec830ce9061a3761953c75e4a8",
+      "04dda546acfc8f903d11e2e3920669636d44b2068aeb66ff07aa266f0030e1535b0ed0203cb8a460ac990f1394faf22f1"
+      "d15bbb2597913035faadf413476f4c70f7279769a40c986f470c427b4ee4962abdf8173bbad81874772925fd32f0b159f",
+      "1220e7e6cad7b25df98e5bbdcc6c0b65ca6c2a50c5ff6c41dca71e475646fd489615979ca92fb4389aeadefde79a24f1",
+      "curve: P384 vector: 17" },
+
+    { ECCurve_NIST_P384,
+      "50ccc1f7076e92f4638e85f2db98e0b483e6e2204c92bdd440a6deea04e37a07c6e72791c190ad4e4e86e01efba84269",
+      "04756c07df0ce32c839dac9fb4733c9c28b70113a676a7057c38d223f22a3a9095a8d564653af528e04c7e1824be4a651"
+      "217c2ce6962cbd2a2e066297b39d57dd9bb4680f0191d390f70b4e461419b2972ce68ad46127fdda6c39195774ea86df3",
+      "04788be2336c52f4454d63ee944b1e49bfb619a08371048e6da92e584eae70bde1f171c4df378bd1f3c0ab03048a237802"
+      "4673ebd8db604eaf41711748bab2968a23ca4476ce144e728247f08af752929157b5830f1e26067466bdfa8b65145a33",
+      "793bb9cd22a93cf468faf804a38d12b78cb12189ec679ddd2e9aa21fa9a5a0b049ab16a23574fe04c1c3c02343b91beb",
+      "curve: P384 vector: 18" },
+
+    { ECCurve_NIST_P384,
+      "06f132b71f74d87bf99857e1e4350a594e5fe35533b888552ceccbc0d8923c902e36141d7691e28631b8bc9bafe5e064",
+      "042a3cc6b8ff5cde926e7e3a189a1bd029c9b586351af8838f4f201cb8f4b70ef3b0da06d352c80fc26baf8f42b784459"
+      "ebf9985960176da6d23c7452a2954ffcbbcb24249b43019a2a023e0b3dabd461f19ad3e775c364f3f11ad49f3099400d3",
+      "04d09bb822eb99e38060954747c82bb3278cf96bbf36fece3400f4c873838a40c135eb3babb9293bd1001bf3ecdee7bf2"
+      "6d416db6e1b87bbb7427788a3b6c7a7ab2c165b1e366f9608df512037584f213a648d47f16ac326e19aae972f63fd76c9",
+      "012d191cf7404a523678c6fc075de8285b243720a903047708bb33e501e0dbee5bcc40d7c3ef6c6da39ea24d830da1e8",
+      "curve: P384 vector: 19" },
+
+    { ECCurve_NIST_P384,
+      "12048ebb4331ec19a1e23f1a2c773b664ccfe90a28bfb846fc12f81dff44b7443c77647164bf1e9e67fd2c07a6766241",
+      "04bc18836bc7a9fdf54b5352f37d7528ab8fa8ec544a8c6180511cbfdd49cce377c39e34c031b5240dc9980503ed2f26"
+      "2c8086cbe338191080f0b7a16c7afc4c7b0326f9ac66f58552ef4bb9d24de3429ed5d3277ed58fcf48f2b5f61326bec6c6",
+      "0413741262ede5861dad71063dfd204b91ea1d3b7c631df68eb949969527d79a1dc59295ef7d2bca6743e8cd77b04d1"
+      "b580baaeadc7e19d74a8a04451a135f1be1b02fe299f9dc00bfdf201e83d995c6950bcc1cb89d6f7b30bf54656b9a4da586",
+      "ad0fd3ddffe8884b9263f3c15fe1f07f2a5a22ffdc7e967085eea45f0cd959f20f18f522763e28bcc925e496a52dda98",
+      "curve: P384 vector: 20" },
+
+    { ECCurve_NIST_P384,
+      "34d61a699ca576169fcdc0cc7e44e4e1221db0fe63d16850c8104029f7d48449714b9884328cae189978754ab460b486",
+      "04867f81104ccd6b163a7902b670ef406042cb0cce7dcdc63d1dfc91b2c40e3cdf7595834bf9eceb79849f1636fc8462f"
+      "c9d4bde8e875ec49697d258d1d59465f8431c6f5531e1c59e9f9ebe3cf164a8d9ce10a12f1979283a959bad244dd83863",
+      "049e22cbc18657f516a864b37b783348b66f1aa9626cd631f4fa1bd32ad88cf11db52057c660860d39d11fbf024fabd44"
+      "46b0d53c79681c28116df71e9cee74fd56c8b7f04b39f1198cc72284e98be9562e35926fb4f48a9fbecafe729309e8b6f",
+      "dc4ca392dc15e20185f2c6a8ea5ec31dfc96f56153a47394b3072b13d0015f5d4ae13beb3bed54d65848f9b8383e6c95",
+      "curve: P384 vector: 21" },
+
+    { ECCurve_NIST_P384,
+      "dc60fa8736d702135ff16aab992bb88eac397f5972456c72ec447374d0d8ce61153831bfc86ad5a6eb5b60bfb96a862c",
+      "04b69beede85d0f829fec1b893ccb9c3e052ff692e13b974537bc5b0f9feaf7b22e84f03231629b24866bdb4b8cf9089"
+      "1466f85e2bfcaba2843285b0e14ebc07ef7dafff8b424416fee647b59897b619f20eed95a632e6a4206bf7da429c04c560",
+      "042db5da5f940eaa884f4db5ec2139b0469f38e4e6fbbcc52df15c0f7cf7fcb1808c749764b6be85d2fdc5b16f58ad5d"
+      "c022e8b02dcf33e1b5a083849545f84ad5e43f77cb71546dbbac0d11bdb2ee202e9d3872e8d028c08990746c5e1dde9989",
+      "d765b208112d2b9ed5ad10c4046e2e3b0dbf57c469329519e239ac28b25c7d852bf757d5de0ee271cadd021d86cfd347",
+      "curve: P384 vector: 22" },
+
+    { ECCurve_NIST_P384,
+      "6fa6a1c704730987aa634b0516a826aba8c6d6411d3a4c89772d7a62610256a2e2f289f5c3440b0ec1e70fa339e251ce",
+      "0453de1fc1328e8de14aecab29ad8a40d6b13768f86f7d298433d20fec791f86f8bc73f358098b256a298bb488de257bf"
+      "4ac28944fd27f17b82946c04c66c41f0053d3692f275da55cd8739a95bd8cd3af2f96e4de959ea8344d8945375905858b",
+      "04329647baa354224eb4414829c5368c82d7893b39804e08cbb2180f459befc4b347a389a70c91a23bd9d30c83be5295d"
+      "3cc8f61923fad2aa8e505d6cfa126b9fabd5af9dce290b75660ef06d1caa73681d06089c33bc4246b3aa30dbcd2435b12",
+      "d3778850aeb58804fbe9dfe6f38b9fa8e20c2ca4e0dec335aafceca0333e3f2490b53c0c1a14a831ba37c4b9d74be0f2",
+      "curve: P384 vector: 23" },
+
+    { ECCurve_NIST_P384,
+      "74ad8386c1cb2ca0fcdeb31e0869bb3f48c036afe2ef110ca302bc8b910f621c9fcc54cec32bb89ec7caa84c7b8e54a8",
+      "0427a3e83cfb9d5122e73129d801615857da7cc089cccc9c54ab3032a19e0a0a9f677346e37f08a0b3ed8da6e5dd69106"
+      "38d60e44aa5e0fd30c918456796af37f0e41957901645e5c596c6d989f5859b03a0bd7d1f4e77936fff3c74d204e5388e",
+      "0429d8a36d22200a75b7aea1bb47cdfcb1b7fd66de967041434728ab5d533a060df732130600fe6f75852a871fb2938e3"
+      "9e19b53db528395de897a45108967715eb8cb55c3fcbf23379372c0873a058d57544b102ecce722b2ccabb1a603774fd5",
+      "81e1e71575bb4505498de097350186430a6242fa6c57b85a5f984a23371123d2d1424eefbf804258392bc723e4ef1e35",
+      "curve: P384 vector: 24" },
+
+    { ECCurve_NIST_P521,
+      "017eecc07ab4b329068fba65e56a1f8890aa935e57134ae0ffcce802735151f4eac6564f6ee9974c5e6887a1fefee5743"
+      "ae2241bfeb95d5ce31ddcb6f9edb4d6fc47",
+      "0400602f9d0cf9e526b29e22381c203c48a886c2b0673033366314f1ffbcba240ba42f4ef38a76174635f91e6b4ed3427"
+      "5eb01c8467d05ca80315bf1a7bbd945f550a501b7c85f26f5d4b2d7355cf6b02117659943762b6d1db5ab4f1dbc44ce7b2"
+      "946eb6c7de342962893fd387d1b73d7a8672d1f236961170b7eb3579953ee5cdc88cd2d",
+      "0400685a48e86c79f0f0875f7bc18d25eb5fc8c0b07e5da4f4370f3a9490340854334b1e1b87fa395464c60626124a4e70"
+      "d0f785601d37c09870ebf176666877a2046d01ba52c56fc8776d9e8f5db4f0cc27636d0b741bbe05400697942e80b739884"
+      "a83bde99e0f6716939e632bc8986fa18dccd443a348b6c3e522497955a4f3c302f676",
+      "005fc70477c3e63bc3954bd0df3ea0d1f41ee21746ed95fc5e1fdf90930d5e136672d72cc770742d1711c3c3a4c334a0ad9"
+      "759436a4d3c5bf6e74b9578fac148c831",
+      "curve: P521 vector: 0" },
+
+    { ECCurve_NIST_P521,
+      "00816f19c1fb10ef94d4a1d81c156ec3d1de08b66761f03f06ee4bb9dcebbbfe1eaa1ed49a6a990838d8ed318c14d74cc"
+      "872f95d05d07ad50f621ceb620cd905cfb8",
+      "0400d45615ed5d37fde699610a62cd43ba76bedd8f85ed31005fe00d6450fbbd101291abd96d4945a8b57bc73b3fe9f46"
+      "71105309ec9b6879d0551d930dac8ba45d25501425332844e592b440c0027972ad1526431c06732df19cd46a242172d4d"
+      "d67c2c8c99dfc22e49949a56cf90c6473635ce82f25b33682fb19bc33bd910ed8ce3a7fa",
+      "0401df277c152108349bc34d539ee0cf06b24f5d3500677b4445453ccc21409453aafb8a72a0be9ebe54d12270aa51b3a"
+      "b7f316aa5e74a951c5e53f74cd95fc29aee7a013d52f33a9f3c14384d1587fa8abe7aed74bc33749ad9c570b471776422c"
+      "7d4505d9b0a96b3bfac041e4c6a6990ae7f700e5b4a6640229112deafa0cd8bb0d089b0",
+      "000b3920ac830ade812c8f96805da2236e002acbbf13596a9ab254d44d0e91b6255ebf1229f366fb5a05c5884ef46032c2"
+      "6d42189273ca4efa4c3db6bd12a6853759",
+      "curve: P521 vector: 1" },
+
+    { ECCurve_NIST_P521,
+      "012f2e0c6d9e9d117ceb9723bced02eb3d4eebf5feeaf8ee0113ccd8057b13ddd416e0b74280c2d0ba8ed291c443bc1b14"
+      "1caf8afb3a71f97f57c225c03e1e4d42b0",
+      "0400717fcb3d4a40d103871ede044dc803db508aaa4ae74b70b9fb8d8dfd84bfecfad17871879698c292d2fd5e17b4f9343"
+      "636c531a4fac68a35a93665546b9a87867900f3d96a8637036993ab5d244500fff9d2772112826f6436603d3eb234a44d5c"
+      "4e5c577234679c4f9df725ee5b9118f23d8a58d0cc01096daf70e8dfec0128bdc2e8",
+      "040092db3142564d27a5f0006f819908fba1b85038a5bc2509906a497daac67fd7aee0fc2daba4e4334eeaef0e0019204b4"
+      "71cd88024f82115d8149cc0cf4f7ce1a4d5016bad0623f517b158d9881841d2571efbad63f85cbe2e581960c5d670601a67"
+      "60272675a548996217e4ab2b8ebce31d71fca63fcc3c08e91c1d8edd91cf6fe845f8",
+      "006b380a6e95679277cfee4e8353bf96ef2a1ebdd060749f2f046fe571053740bbcc9a0b55790bc9ab56c3208aa05ddf746"
+      "a10a3ad694daae00d980d944aabc6a08f",
+      "curve: P521 vector: 2" },
+
+    { ECCurve_NIST_P521,
+      "00e548a79d8b05f923b9825d11b656f222e8cb98b0f89de1d317184dc5a698f7c71161ee7dc11cd31f4f4f8ae3a981e1a3e7"
+      "8bdebb97d7c204b9261b4ef92e0918e0",
+      "04000ce800217ed243dd10a79ad73df578aa8a3f9194af528cd1094bbfee27a3b5481ad5862c8876c0c3f91294c0ab3aa806"
+      "d9020cbaa2ed72b7fecdc5a09a6dad6f3201543c9ab45b12469232918e21d5a351f9a4b9cbf9efb2afcc402fa9b31650bec2d6"
+      "41a05c440d35331c0893d11fb13151335988b303341301a73dc5f61d574e67d9",
+      "0400fdd40d9e9d974027cb3bae682162eac1328ad61bc4353c45bf5afe76bf607d2894c8cce23695d920f2464fda4773d4693b"
+      "e4b3773584691bdb0329b7f4c86cc2990034ceac6a3fef1c3e1c494bfe8d872b183832219a7e14da414d4e3474573671ec19b03"
+      "3be831b915435905925b44947c592959945b4eb7c951c3b9c8cf52530ba23",
+      "00fbbcd0b8d05331fef6086f22a6cce4d35724ab7a2f49dd8458d0bfd57a0b8b70f246c17c4468c076874b0dff7a0336823b19e"
+      "98bf1cec05e4beffb0591f97713c6",
+      "curve: P521 vector: 3" },
+
+    { ECCurve_NIST_P521,
+      "01c8aae94bb10b8ca4f7be577b4fb32bb2381032c4942c24fc2d753e7cc5e47b483389d9f3b956d20ee9001b1eef9f23545f72"
+      "c5602140046839e963313c3decc864",
+      "040106a14e2ee8ff970aa8ab0c79b97a33bba2958e070b75b94736b77bbe3f777324fa52872771aa88a63a9e8490c3378df4dc"
+      "760cd14d62be700779dd1a4377943656002366ce3941e0b284b1aa81215d0d3b9778fce23c8cd1e4ed6fa0abf62156c91d4b3eb"
+      "55999c3471bed275e9e60e5aa9d690d310bfb15c9c5bbd6f5e9eb39682b74",
+      "040098d99dee0816550e84dbfced7e88137fddcf581a725a455021115fe49f8dc3cf233cd9ea0e6f039dc7919da973cdceaca20"
+      "5da39e0bd98c8062536c47f258f44b500cd225c8797371be0c4297d2b457740100c774141d8f214c23b61aa2b6cd4806b9b70722"
+      "aa4965fb622f42b7391e27e5ec21c5679c5b06b59127372997d421adc1e",
+      "0145cfa38f25943516c96a5fd4bfebb2f645d10520117aa51971eff442808a23b4e23c187e639ff928c3725fbd1c0c2ad0d4aeb2"
+      "07bc1a6fb6cb6d467888dc044b3c",
+      "curve: P521 vector: 4" },
+
+    { ECCurve_NIST_P521,
+      "009b0af137c9696c75b7e6df7b73156bb2d45f482e5a4217324f478b10ceb76af09724cf86afa316e7f89918d31d54824a5c33"
+      "107a483c15c15b96edc661340b1c0e",
+      "0400748cdbb875d35f4bccb62abe20e82d32e4c14dc2feb5b87da2d0ccb11c9b6d4b7737b6c46f0dfb4d896e2db92fcf53cdbb"
+      "ae2a404c0babd564ad7adeac6273efa301984acab8d8f173323de0bb60274b228871609373bb22a17287e9dec7495873abc09a"
+      "8915b54c8455c8e02f654f602e23a2bbd7a9ebb74f3009bd65ecc650814cc0",
+      "04007ae115adaaf041691ab6b7fb8c921f99d8ed32d283d67084e80b9ad9c40c56cd98389fb0a849d9ecf7268c297b6f934061"
+      "19f40e32b5773ed25a28a9a85c4a758801a28e004e37eeaefe1f4dbb71f1878696141af3a10a9691c4ed93487214643b761fa4b"
+      "0fbeeb247cf6d3fba7a60697536ad03f49b80a9d1cb079673654977c5fa94",
+      "005c5721e96c273319fd60ecc46b5962f698e974b429f28fe6962f4ac656be2eb8674c4aafc037eab48ece612953b1e8d86101"
+      "6b6ad0c79805784c67f73ada96f351",
+      "curve: P521 vector: 5" },
+
+    { ECCurve_NIST_P521,
+      "01e48faacee6dec83ffcde944cf6bdf4ce4bae72747888ebafee455b1e91584971efb49127976a52f4142952f7c207ec0265f2b"
+      "718cf3ead96ea4f62c752e4f7acd3",
+      "04010eb1b4d9172bcc23f4f20cc9560fc54928c3f34ea61c00391dc766c76ed9fa608449377d1e4fadd1236025417330b4b91086"
+      "704ace3e4e6484c606e2a943478c860149413864069825ee1d0828da9f4a97713005e9bd1adbc3b38c5b946900721a960fe96ad2c"
+      "1b3a44fe3de9156136d44cb17cbc2415729bb782e16bfe2deb3069e43",
+      "04012588115e6f7f7bdcfdf57f03b169b479758baafdaf569d04135987b2ce6164c02a57685eb5276b5dae6295d3fe90620f38b55"
+      "35c6d2260c173e61eb888ca92020301542c169cf97c2596fe2ddd848a222e367c5f7e6267ebc1bcd9ab5dcf49158f1a48e4af29a89"
+      "7b7e6a82091c2db874d8e7abf0f58064691344154f396dbaed188b6",
+      "01736d9717429b4f412e903febe2f9e0fffd81355d6ce2c06ff3f66a3be15ceec6e65e308347593f00d7f33591da4043c30763d72"
+      "749f72cdceebe825e4b34ecd570",
+      "curve: P521 vector: 6" },
+
+    { ECCurve_NIST_P521,
+      "00c29aa223ea8d64b4a1eda27f39d3bc98ea0148dd98c1cbe595f8fd2bfbde119c9e017a50f5d1fc121c08c1cef31b75885955"
+      "6eb3e0e042d8dd6aaac57a05ca61e3",
+      "04001511c848ef60d5419a98d10204db0fe58224124370061bcfa4e9249d50618c56bf3722471b259f38263bb7b280d23caf2a"
+      "1ee8737f9371cdb2732cdc958369930c01d461681ae6d8c49b4c5f4d6016143fb1bd7491573e3ed0e6c48b82e821644f87f82f0"
+      "e5f08fd16f1f98fa17586200ab02ed8c627b35c3f27617ec5fd92f456203f",
+      "040169491d55bd09049fdf4c2a53a660480fee4c03a0538675d1cd09b5bba78dac48543ef118a1173b3fbf8b20e39ce0e6b8"
+      "90a163c50f9645b3d21d1cbb3b60a6fff40083494b2eba76910fed33c761804515011fab50e3b377abd8a8a045d886d2238d2"
+      "c268ac1b6ec88bd71b7ba78e2c33c152e4bf7da5d565e4acbecf5e92c7ad662bb",
+      "018f2ae9476c771726a77780208dedfefa205488996b18fecc50bfd4c132753f5766b2cd744afa9918606de2e016effc63622"
+      "e9029e76dc6e3f0c69f7aeced565c2c",
+      "curve: P521 vector: 7" },
+
+    { ECCurve_NIST_P521,
+      "0028692be2bf5c4b48939846fb3d5bce74654bb2646e15f8389e23708a1afadf561511ea0d9957d0b53453819d60fba8f65a1"
+      "8f7b29df021b1bb01cd163293acc3cc",
+      "0401cfdc10c799f5c79cb6930a65fba351748e07567993e5e410ef4cacc4cd8a25784991eb4674e41050f930c7190ac812b92"
+      "45f48a7973b658daf408822fe5b85f6680180d9ddfc9af77b9c4a6f02a834db15e535e0b3845b2cce30388301b51cecbe32763"
+      "07ef439b5c9e6a72dc2d94d879bc395052dbb4a5787d06efb280210fb8be037",
+      "04008415f5bbd0eee387d6c09d0ef8acaf29c66db45d6ba101860ae45d3c60e1e0e3f7247a4626a60fdd404965c3566c79f644"
+      "9e856ce0bf94619f97da8da24bd2cfb600fdd7c59c58c361bc50a7a5d0d36f723b17c4f2ad2b03c24d42dc50f74a8c465a0afc"
+      "4683f10fab84652dfe9e928c2626b5456453e1573ff60be1507467d431fbb2",
+      "0105a346988b92ed8c7a25ce4d79d21bc86cfcc7f99c6cd19dbb4a39f48ab943b79e4f0647348da0b80bd864b85c6b8d92536"
+      "d6aa544dc7537a00c858f8b66319e25",
+      "curve: P521 vector: 8" },
+
+    { ECCurve_NIST_P521,
+      "01194d1ee613f5366cbc44b504d21a0cf6715e209cd358f2dd5f3e71cc0d67d0e964168c42a084ebda746f9863a86bacffc81"
+      "9f1edf1b8c727ccfb3047240a57c435",
+      "04016bd15c8a58d366f7f2b2f298cc87b7485e9ee70d11d12448b8377c0a82c7626f67aff7f97be7a3546bf417eeeddf75a93"
+      "c130191c84108042ea2fca17fd3f80d1401560502d04b74fce1743aab477a9d1eac93e5226981fdb97a7478ce4ce566ff72439"
+      "31284fad850b0c2bcae0ddd2d97790160c1a2e77c3ed6c95ecc44b89e2637fc",
+      "0401c721eea805a5cba29f34ba5758775be0cf6160e6c08723f5ab17bf96a1ff2bd9427961a4f34b07fc0b14ca4b2bf6845de"
+      "bd5a869f124ebfa7aa72fe565050b7f1800b6e89eb0e1dcf181236f7c548fd1a8c16b258b52c1a9bfd3fe8f22841b26763265"
+      "f074c4ccf2d634ae97b701956f67a11006c52d97197d92f585f5748bc2672eeb",
+      "004531b3d2c6cd12f21604c8610e6723dbf4daf80b5a459d6ba5814397d1c1f7a21d7c114be964e27376aaebe3a7bc3d6af7"
+      "a7f8c7befb611afe487ff032921f750f",
+      "curve: P521 vector: 9" },
+
+    { ECCurve_NIST_P521,
+      "01fd90e3e416e98aa3f2b6afa7f3bf368e451ad9ca5bd54b5b14aee2ed6723dde5181f5085b68169b09fbec721372ccf6b"
+      "284713f9a6356b8d560a8ff78ca3737c88",
+      "0401ebea1b10d3e3b971b7efb69fc878de11c7f472e4e4d384c31b8d6288d8071517acade9b39796c7af5163bcf71aeda7"
+      "77533f382c6cf0a4d9bbb938c85f44b78037016b0e3e19c2996b2cbd1ff64730e7ca90edca1984f9b2951333535e5748baa"
+      "34a99f61ff4d5f812079e0f01e87789f34efdad8098015ee74a4f846dd190d16dc6e1",
+      "0401c35823e440a9363ab98d9fc7a7bc0c0532dc7977a79165599bf1a9cc64c00fb387b42cca365286e8430360bfad3643"
+      "bc31354eda50dc936c329ecdb60905c40fcb00d9e7f433531e44df4f6d514201cbaabb06badd6783e01111726d815531d23"
+      "3c5cdb722893ffbb2027259d594de77438809738120c6f783934f926c3fb69b40c409",
+      "0100c8935969077bae0ba89ef0df8161d975ec5870ac811ae7e65ca5394efba4f0633d41bf79ea5e5b9496bbd7aae000b05"
+      "94baa82ef8f244e6984ae87ae1ed124b7",
+      "curve: P521 vector: 10" },
+
+    { ECCurve_NIST_P521,
+      "009012ecfdadc85ced630afea534cdc8e9d1ab8be5f3753dcf5f2b09b40eda66fc6858549bc36e6f8df55998cfa9a0703a"
+      "ecf6c42799c245011064f530c09db98369",
+      "0400234e32be0a907131d2d128a6477e0caceb86f02479745e0fe245cb332de631c078871160482eeef584e274df7fa412c"
+      "ea3e1e91f71ecba8781d9205d48386341ad01cf86455b09b1c005cffba8d76289a3759628c874beea462f51f30bd581e380"
+      "3134307dedbb771b3334ee15be2e242cd79c3407d2f58935456c6941dd9b6d155a46",
+      "0400093057fb862f2ad2e82e581baeb3324e7b32946f2ba845a9beeed87d6995f54918ec6619b9931955d5a89d4d74adf10"
+      "46bb362192f2ef6bd3e3d2d04dd1f87054a00aa3fb2448335f694e3cda4ae0cc71b1b2f2a206fa802d7262f19983c44674f"
+      "e15327acaac1fa40424c395a6556cb8167312527fae5865ecffc14bbdc17da78cdcf",
+      "017f36af19303841d13a389d95ec0b801c7f9a679a823146c75c17bc44256e9ad422a4f8b31f14647b2c7d317b933f7c294"
+      "6c4b8abd1d56d620fab1b5ff1a3adc71f",
+      "curve: P521 vector: 11" },
+
+    { ECCurve_NIST_P521,
+      "01b5ff847f8eff20b88cfad42c06e58c3742f2f8f1fdfd64b539ba48c25926926bd5e332b45649c0b184f77255e9d58fe8"
+      "afa1a6d968e2cb1d4637777120c765c128",
+      "0401de3dc9263bc8c4969dc684be0eec54befd9a9f3dba194d8658a789341bf0d78d84da6735227cafaf093519516911975"
+      "73c8c360a11e5285712b8bbdf5ac91b977c00812de58cd095ec2e5a9b247eb3ed41d8bef6aeace194a7a05b65aa5d289fbc9"
+      "b1770ec84bb6be0c2c64cc37c1d54a7f5d71377a9adbe20f26f6f2b544a821ea831",
+      "040083192ed0b1cb31f75817794937f66ad91cf74552cd510cedb9fd641310422af5d09f221cad249ee814d16dd7ac84ded"
+      "9eacdc28340fcfc9c0c06abe30a2fc28cd8002212ed868c9ba0fb2c91e2c39ba93996a3e4ebf45f2852d0928c48930e875c"
+      "c7b428d0e7f3f4d503e5d60c68cb49b13c2480cd486bed9200caddaddfe4ff8e3562",
+      "00062f9fc29ae1a68b2ee0dcf956cbd38c88ae5f645eaa546b00ebe87a7260bf724be20d34b9d02076655c933d056b21e30"
+      "4c24ddb1dedf1dd76de611fc4a2340336",
+      "curve: P521 vector: 12" },
+
+    { ECCurve_NIST_P521,
+      "011a6347d4e801c91923488354cc533e7e35fddf81ff0fb7f56bb0726e0c29ee5dcdc5f394ba54cf57269048aab6e055895c"
+      "8da24b8b0639a742314390cc04190ed6",
+      "0400fe30267f33ba5cdefc25cbb3c9320dad9ccb1d7d376644620ca4fadee5626a3cede25ad254624def727a7048f7145f761"
+      "62aa98042f9b123b2076f8e8cf59b3fdf001145dc6631953b6e2945e94301d6cbb098fe4b04f7ee9b09411df104dc82d7d79e"
+      "c46a01ed0f2d3e7db6eb680694bdeb107c1078aec6cabd9ebee3d342fe7e54df",
+      "0401a89b636a93e5d2ba6c2292bf23033a84f06a3ac1220ea71e806afbe097a804cc67e9baa514cfb6c12c9194be30212bf7a"
+      "ae7fdf6d376c212f0554e656463ffab7e0182efcaf70fc412d336602e014da47256a0b606f2addcce8053bf817ac8656bb4e4"
+      "2f14c8cbf2a68f488ab35dcdf64056271dee1f606a440ba4bd4e5a11b8b8e54f",
+      "0128ab09bfec5406799e610f772ba17e892249fa8e0e7b18a04b9197034b250b48294f1867fb9641518f92766066a07a8b917"
+      "b0e76879e1011e51ccbd9f540c54d4f",
+      "curve: P521 vector: 13" },
+
+    { ECCurve_NIST_P521,
+      "0022b6d2a22d71dfaa811d2d9f9f31fbed27f2e1f3d239538ddf3e4cc8c39a330266db25b7bc0a9704f17bde7f3592bf5f1f2d"
+      "4b56013aacc3d8d1bc02f00d3146cc",
+      "0400ba38cfbf9fd2518a3f61d43549e7a6a6d28b2be57ffd3e0faceb636b34ed17e044a9f249dae8fc132e937e2d9349cd2ed7"
+      "7bb1049ceb692a2ec5b17ad61502a64c001ec91d3058573fa6c0564a02a1a010160c313bc7c73510dc983e5461682b5be00dbc"
+      "e7e2c682ad73f29ca822cdc111f68fabe33a7b384a648342c3cdb9f050bcdb",
+      "04017200b3f16a68cbaed2bf78ba8cddfb6cffac262bba00fbc25f9dc72a07ce59372904899f364c44cb264c097b647d4412be"
+      "e3e519892d534d9129f8a28f7500fee700baba8d672a4f4a3b63de48b96f56e18df5d68f7d70d5109833f43770d6732e06b39ad"
+      "60d93e5b43db8789f1ec0aba47286a39ea584235acea757dbf13d53b58364",
+      "0101e462e9d9159968f6440e956f11dcf2227ae4aea81667122b6af9239a291eb5d6cf5a4087f358525fcacfa46bb2db01a75a"
+      "f1ba519b2d31da33eda87a9d565748",
+      "curve: P521 vector: 14" },
+
+    { ECCurve_NIST_P521,
+      "005bacfff268acf6553c3c583b464ea36a1d35e2b257a5d49eb3419d5a095087c2fb4d15cf5bf5af816d0f3ff7586490ccd3ddc1"
+      "a98b39ce63749c6288ce0dbdac7d",
+      "040036e488da7581472a9d8e628c58d6ad727311b7e6a3f6ae33a8544f34b09280249020be7196916fafd90e2ec54b66b5468d23"
+      "61b99b56fa00d7ac37abb8c6f16653011edb9fb8adb6a43f4f5f5fdc1421c9fe04fc8ba46c9b66334e3af927c8befb4307104f299"
+      "acec4e30f812d9345c9720d19869dbfffd4ca3e7d2713eb5fc3f42615",
+      "04004efd5dbd2f979e3831ce98f82355d6ca14a5757842875882990ab85ab9b7352dd6b9b2f4ea9a1e95c3880d65d1f3602f9ca6"
+      "53dc346fac858658d75626f4d4fb080061cf15dbdaa7f31589c98400373da284506d70c89f074ed262a9e28140796b7236c2eef99"
+      "016085e71552ff488c72b7339fefb7915c38459cb20ab85aec4e45052",
+      "0141d6a4b719ab67eaf04a92c0a41e2dda78f4354fb90bdc35202cc7699b9b04d49616f82255debf7bbec045ae58f982a66905fc"
+      "fae69d689785e38c868eb4a27e7b",
+      "curve: P521 vector: 15" },
+
+    { ECCurve_NIST_P521,
+      "008e2c93c5423876223a637cad367c8589da69a2d0fc68612f31923ae50219df2452e7cc92615b67f17b57ffd2f52b19154bb40"
+      "d7715336420fde2e89fee244f59dc",
+      "0400fa3b35118d6c422570f724a26f90b2833b19239174cea081c53133f64db60d6940ea1261299c04c1f4587cdb0c4c39616"
+      "479c1bb0c146799a118032dcf98f899c00069f040229006151fa32b51f679c8816f7c17506b403809dc77cd58a2aec430d94d"
+      "13b6c916de99f355aa45fcfbc6853d686c71be496a067d24bfaea4818fc51f75",
+      "040129891de0cf3cf82e8c2cf1bf90bb296fe00ab08ca45bb7892e0e227a504fdd05d2381a4448b68adff9c4153c87eacb783"
+      "30d8bd52515f9f9a0b58e85f446bb4e10009edd679696d3d1d0ef327f200383253f6413683d9e4fcc87bb35f112c2f110098d"
+      "15e5701d7ceee416291ff5fed85e687f727388b9afe26a4f6feed560b218e6bb",
+      "00345e26e0abb1aac12b75f3a9cf41efe1c336396dffa4a067a4c2cfeb878c68b2b045faa4e5b4e6fa4678f5b603c351903b1"
+      "4bf9a6a70c439257199a640890b61d1",
+      "curve: P521 vector: 16" },
+
+    { ECCurve_NIST_P521,
+      "0004d49d39d40d8111bf16d28c5936554326b197353eebbcf47545393bc8d3aaf98f14f5be7074bfb38e6cc97b989754074da"
+      "ddb3045f4e4ce745669fdb3ec0d5fa8",
+      "04012ec226d050ce07c79b3df4d0f0891f9f7adf462e8c98dbc1a2a14f5e53a3f5ad894433587cc429a8be9ea1d84fa33b180"
+      "3690dae04da7218d30026157fc995cf52004837dfbf3426f57b5c793269130abb9a38f618532211931154db4eeb9aede88e57"
+      "290f842ea0f2ea9a5f74c6203a3920fe4e305f6118f676b154e1d75b9cb5eb88",
+      "0401a3c20240e59f5b7a3e17c275d2314ba1741210ad58b71036f8c83cc1f6b0f409dfdd9113e94b67ec39c3291426c23ffc"
+      "c447054670d2908ff8fe67dc2306034c5c01d2825bfd3af8b1e13205780c137fe938f84fde40188e61ea02cead81badfdb425"
+      "c29f7d7fb0324debadc10bbb93de68f62c35069268283f5265865db57a79f7bf7",
+      "006fe9de6fb8e672e7fd150fdc5e617fabb0d43906354ccfd224757c7276f7a1010091b17ed072074f8d10a5ec971eb35a5c"
+      "b7076603b7bc38d432cbc059f80f9488",
+      "curve: P521 vector: 17" },
+
+    { ECCurve_NIST_P521,
+      "011a5d1cc79cd2bf73ea106f0e60a5ace220813b53e27b739864334a07c03367efda7a4619fa6eef3a9746492283b3c445610"
+      "a023a9cc49bf4591140384fca5c8bb5",
+      "0400eb07c7332eedb7d3036059d35f7d2288d4377d5f42337ad3964079fb120ccd4c8bd384b585621055217023acd9a94fcb3"
+      "b965bfb394675e788ade41a1de73e620c00491a835de2e6e7deb7e090f4a11f2c460c0b1f3d5e94ee8d751014dc720784fd3b"
+      "54500c86ebaef18429f09e8e876d5d1538968a030d7715dde99f0d8f06e29d59",
+      "04007e2d138f2832e345ae8ff65957e40e5ec7163f016bdf6d24a2243daa631d878a4a16783990c722382130f9e51f0c1bd6"
+      "ff5ac96780e48b68f5dec95f42e6144bb500b0de5c896791f52886b0f09913e26e78dd0b69798fc4df6d95e3ca708ecbcbcce1c1895f"
+      "5561bbabaae372e9e67e6e1a3be60e19b470cdf673ec1fc393d3426e20",
+      "01e4e759ecedce1013baf73e6fcc0b92451d03bdd50489b78871c333114990c9ba6a9b2fc7b1a2d9a1794c1b60d9279af6f"
+      "146f0bbfb0683140403bfa4ccdb524a29",
+      "curve: P521 vector: 18" },
+
+    { ECCurve_NIST_P521,
+      "010c908caf1be74c616b625fc8c1f514446a6aec83b5937141d6afbb0a8c7666a7746fa1f7a6664a2123e8cdf6cd8bf836c5"
+      "6d3c0ebdcc980e43a186f938f3a78ae7",
+      "040031890f4c7abec3f723362285d77d2636f876817db3bbc88b01e773597b969ff6f013ea470c854ab4a7739004eb8cbea6"
+      "9b82ddf36acadd406871798ecb2ac3aa7f00d8b429ae3250266b9643c0c765a60dc10155bc2531cf8627296f4978b6640a9e"
+      "600e19d0037d58503fa80799546a814d7478a550aa90e5ebeb052527faaeae5d08",
+      "0400118c36022209b1af8ebad1a12b566fc48744576e1199fe80de1cdf851cdf03e5b9091a8f7e079e83b7f827259b691d0"
+      "c22ee29d6bdf73ec7bbfd746f2cd97a357d00da5ff4904548a342e2e7ba6a1f4ee5f840411a96cf63e6fe622f22c13e614e"
+      "0a847c11a1ab3f1d12cc850c32e095614ca8f7e2721477b486e9ff40372977c3f65c",
+      "0163c9191d651039a5fe985a0eea1eba018a40ab1937fcd2b61220820ee8f2302e9799f6edfc3f5174f369d672d377ea895"
+      "4a8d0c8b851e81a56fda95212a6578f0e",
+      "curve: P521 vector: 19" },
+
+    { ECCurve_NIST_P521,
+      "01b37d6b7288de671360425d3e5ac1ccb21815079d8d73431e9b74a6f0e7ae004a357575b11ad66642ce8b775593eba9d98"
+      "bf25c75ef0b4d3a2098bbc641f59a2b77",
+      "0400189a5ee34de7e35aefeaeef9220c18071b4c29a4c3bd9d954458bd3e82a7a34da34cff5579b8101c065b1f2f527cf45"
+      "81501e28ef5671873e65267733d003520af01eb4bc50a7b4d4599d7e3fa773ddb9eb252c9b3422872e544bdf75c7bf60f51"
+      "66ddc11eb08fa7c30822dabaee373ab468eb2d922e484e2a527fff2ebb804b7d9a37",
+      "0401780edff1ca1c03cfbe593edc6c049bcb2860294a92c355489d9afb2e702075ade1c953895a456230a0cde905de4a3f"
+      "38573dbfcccd67ad6e7e93f0b5581e926a5d00a5481962c9162962e7f0ebdec936935d0eaa813e8226d40d7f6119bfd940"
+      "602380c86721e61db1830f51e139f210000bcec0d8edd39e54d73a9a129f95cd5fa979",
+      "015d613e267a36342e0d125cdad643d80d97ed0600afb9e6b9545c9e64a98cc6da7c5aaa3a8da0bdd9dd3b97e9788218a8"
+      "0abafc106ef065c8f1c4e1119ef58d298b",
+      "curve: P521 vector: 20" },
+
+    { ECCurve_NIST_P521,
+      "00f2661ac762f60c5fff23be5d969ccd4ec6f98e4e72618d12bdcdb9b4102162333788c0bae59f91cdfc172c7a1681ee44d9"
+      "6ab2135a6e5f3415ebbcd55165b1afb0",
+      "0400a8e25a6902d687b4787cdc94c364ac7cecc5c495483ed363dc0aa95ee2bd739c4c4d46b17006c728b076350d7d7e54c"
+      "6822f52f47162a25109aaaba690cab696ec0168d2f08fe19e4dc9ee7a195b03c9f7fe6676f9f520b6270557504e72ca4394"
+      "a2c6918625e15ac0c51b8f95cd560123653fb8e8ee6db961e2c4c62cc54e92e2a2a9",
+      "04016dacffa183e5303083a334f765de724ec5ec9402026d4797884a9828a0d321a8cfac74ab737fe20a7d6befcfc73b6a3"
+      "5c1c7b01d373e31abc192d48a4241a35803011e5327cac22d305e7156e559176e19bee7e4f2f59e86f1a9d0b6603b6a7df"
+      "1069bde6387feb71587b8ffce5b266e1bae86de29378a34e5c74b6724c4d40a719923",
+      "014d6082a3b5ced1ab8ca265a8106f302146c4acb8c30bb14a4c991e3c82a9731288bdb91e0e85bda313912d06384fc44"
+      "f2153fb13506fa9cf43c9aab5750988c943",
+      "curve: P521 vector: 21" },
+
+    { ECCurve_NIST_P521,
+      "00f430ca1261f09681a9282e9e970a9234227b1d5e58d558c3cc6eff44d1bdf53de16ad5ee2b18b92d62fc79586116b0e"
+      "fc15f79340fb7eaf5ce6c44341dcf8dde27",
+      "04006c1d9b5eca87de1fb871a0a32f807c725adccde9b3967453a71347d608f0c030cd09e338cdecbf4a02015bc8a6e8"
+      "d3e2595fe773ffc2fc4e4a55d0b1a2cc00323b01141b2109e7f4981c952aa818a2b9f6f5c41feccdb7a7a45b9b4b6729"
+      "37771b008cae5f934dfe3fed10d383ab1f38769c92ce88d9be5414817ecb073a31ab368ccb",
+      "0400a091421d3703e3b341e9f1e7d58f8cf7bdbd1798d001967b801d1cec27e605c580b2387c1cb464f55ce7ac803341"
+      "02ab03cfb86d88af76c9f4129c01bedd3bbfc4008c9c577a8e6fc446815e9d40baa66025f15dae285f19eb668ee60ae9"
+      "c98e7ecdbf2b2a68e22928059f67db188007161d3ecf397e0883f0c4eb7eaf7827a62205cc",
+      "0020c00747cb8d492fd497e0fec54644bf027d418ab686381f109712a99cabe328b9743d2225836f9ad66e5d7fed1de2"
+      "47e0da92f60d5b31f9e47672e57f710598f4",
+      "curve: P521 vector: 22" },
+
+    { ECCurve_NIST_P521,
+      "005dc33aeda03c2eb233014ee468dff753b72f73b00991043ea353828ae69d4cd0fadeda7bb278b535d7c57406ff2e6e"
+      "473a5a4ff98e90f90d6dadd25100e8d85666",
+      "0400c825ba307373cec8dd2498eef82e21fd9862168dbfeb83593980ca9f82875333899fe94f137daf1c4189eb502937"
+      "c3a367ea7951ed8b0f3377fcdf2922021d46a5016b8a2540d5e65493888bc337249e67c0a68774f3e8d81e3b4574a012"
+      "5165f0bd58b8af9de74b35832539f95c3cd9f1b759408560aa6851ae3ac7555347b0d3b13b",
+      "04004f38816681771289ce0cb83a5e29a1ab06fc91f786994b23708ff08a08a0f675b809ae99e9f9967eb1a49f196057"
+      "d69e50d6dedb4dd2d9a81c02bdcc8f7f518460009efb244c8b91087de1eed766500f0e81530752d469256ef79f6b965d"
+      "8a2232a0c2dbc4e8e1d09214bab38485be6e357c4200d073b52f04e4a16fc6f5247187aecb",
+      "00c2bfafcd7fbd3e2fd1c750fdea61e70bd4787a7e68468c574ee99ebc47eedef064e8944a73bcb7913dbab5d93dca6"
+      "60d216c553622362794f7a2acc71022bdb16f",
+      "curve: P521 vector: 23" },
+
+    { ECCurve_NIST_P521,
+      "00df14b1f1432a7b0fb053965fd8643afee26b2451ecb6a8a53a655d5fbe16e4c64ce8647225eb11e7fdcb23627471"
+      "dffc5c2523bd2ae89957cba3a57a23933e5a78",
+      "04004e8583bbbb2ecd93f0714c332dff5ab3bc6396e62f3c560229664329baa5138c3bb1c36428abd4e23d17fcb7"
+      "a2cfcc224b2e734c8941f6f121722d7b6b9415457601cf0874f204b0363f020864672fadbf87c8811eb147758b254b"
+      "74b14fae742159f0f671a018212bbf25b8519e126d4cad778cfff50d288fd39ceb0cac635b175ec0",
+      "0401a32099b02c0bd85371f60b0dd20890e6c7af048c8179890fda308b359dbbc2b7a832bb8c6526c4af99a7ea3f0"
+      "b3cb96ae1eb7684132795c478ad6f962e4a6f446d017627357b39e9d7632a1370b3e93c1afb5c851b910eb4ead0c9"
+      "d387df67cde85003e0e427552f1cd09059aad0262e235cce5fba8cedc4fdc1463da76dcd4b6d1a46",
+      "01aaf24e5d47e4080c18c55ea35581cd8da30f1a079565045d2008d51b12d0abb4411cda7a0785b15d149ed301a36"
+      "97062f42da237aa7f07e0af3fd00eb1800d9c41",
+      "curve: P521 vector: 24" },
+
+    { ECCurve_pastLastCurve, NULL, NULL, NULL, NULL, NULL }
+};
diff --git a/nss/cmd/fbectest/Makefile b/nss/cmd/fbectest/Makefile
new file mode 100644
index 0000000..d20daa4
--- /dev/null
+++ b/nss/cmd/fbectest/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/fbectest/fbectest.c b/nss/cmd/fbectest/fbectest.c
new file mode 100644
index 0000000..2b65411
--- /dev/null
+++ b/nss/cmd/fbectest/fbectest.c
@@ -0,0 +1,281 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "blapi.h"
+#include "ec.h"
+#include "ecl-curve.h"
+#include "prprf.h"
+#include "basicutil.h"
+#include "secder.h"
+#include "secitem.h"
+#include "nspr.h"
+#include <stdio.h>
+
+typedef struct {
+    ECCurveName curve;
+    int iterations;
+    char *privhex;
+    char *our_pubhex;
+    char *their_pubhex;
+    char *common_key;
+    char *name;
+    ECFieldType fieldType;
+} ECDH_KAT;
+
+typedef struct {
+    ECCurveName curve;
+    char *point;
+    char *name;
+    ECFieldType fieldType;
+} ECDH_BAD;
+
+#include "testvecs.h"
+
+void
+printBuf(const SECItem *item)
+{
+    int i;
+    if (!item || !item->len) {
+        printf("(null)\n");
+        return;
+    }
+
+    for (i = 0; i < item->len; i++) {
+        printf("%02x", item->data[i]);
+    }
+    printf("\n");
+}
+
+/* Initialise test with basic curve populate with only the necessary things */
+SECStatus
+init_params(ECParams *ecParams, ECCurveName curve, PLArenaPool **arena,
+            ECFieldType type)
+{
+    if ((curve < ECCurve_noName) || (curve > ECCurve_pastLastCurve)) {
+        return SECFailure;
+    }
+    *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!*arena) {
+        return SECFailure;
+    }
+    ecParams->name = curve;
+    ecParams->type = ec_params_named;
+    ecParams->curveOID.data = NULL;
+    ecParams->curveOID.len = 0;
+    ecParams->curve.seed.data = NULL;
+    ecParams->curve.seed.len = 0;
+    ecParams->DEREncoding.data = NULL;
+    ecParams->DEREncoding.len = 0;
+    ecParams->arena = *arena;
+    ecParams->fieldID.size = ecCurve_map[curve]->size;
+    ecParams->fieldID.type = type;
+    ecParams->cofactor = ecCurve_map[curve]->cofactor;
+
+    return SECSuccess;
+}
+
+SECStatus
+ectest_ecdh_kat(ECDH_KAT *kat)
+{
+    ECCurveName curve = kat->curve;
+    ECParams ecParams = { 0 };
+    ECPrivateKey *ecPriv = NULL;
+    SECItem theirKey = { siBuffer, NULL, 0 };
+    SECStatus rv = SECFailure;
+    PLArenaPool *arena = NULL;
+    SECItem seed = { siBuffer, NULL, 0 };
+    SECItem answer = { siBuffer, NULL, 0 };
+    SECItem answer2 = { siBuffer, NULL, 0 };
+    SECItem derived = { siBuffer, NULL, 0 };
+    char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
+    int i;
+
+    rv = init_params(&ecParams, curve, &arena, kat->fieldType);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    SECU_HexString2SECItem(arena, &ecParams.fieldID.u.prime, ecCurve_map[curve]->irr);
+    SECU_HexString2SECItem(arena, &ecParams.curve.a, ecCurve_map[curve]->curvea);
+    SECU_HexString2SECItem(arena, &ecParams.curve.b, ecCurve_map[curve]->curveb);
+    genenc[0] = '0';
+    genenc[1] = '4';
+    genenc[2] = '\0';
+    PORT_Assert(PR_ARRAY_SIZE(genenc) >= PORT_Strlen(ecCurve_map[curve]->genx));
+    PORT_Assert(PR_ARRAY_SIZE(genenc) >= PORT_Strlen(ecCurve_map[curve]->geny));
+    strcat(genenc, ecCurve_map[curve]->genx);
+    strcat(genenc, ecCurve_map[curve]->geny);
+    SECU_HexString2SECItem(arena, &ecParams.base, genenc);
+    SECU_HexString2SECItem(arena, &ecParams.order, ecCurve_map[curve]->order);
+
+    if (kat->our_pubhex) {
+        SECU_HexString2SECItem(arena, &answer, kat->our_pubhex);
+    }
+    SECU_HexString2SECItem(arena, &seed, kat->privhex);
+    rv = EC_NewKeyFromSeed(&ecParams, &ecPriv, seed.data, seed.len);
+    if (rv != SECSuccess) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+    if (kat->our_pubhex) {
+        if (SECITEM_CompareItem(&answer, &ecPriv->publicValue) != SECEqual) {
+            rv = SECFailure;
+            goto cleanup;
+        }
+    }
+
+    SECU_HexString2SECItem(arena, &theirKey, kat->their_pubhex);
+    SECU_HexString2SECItem(arena, &answer2, kat->common_key);
+
+    rv = EC_ValidatePublicKey(&ecParams, &theirKey);
+    if (rv != SECSuccess) {
+        printf("EC_ValidatePublicKey failed\n");
+        goto cleanup;
+    }
+
+    for (i = 0; i < kat->iterations; ++i) {
+        rv = ECDH_Derive(&theirKey, &ecParams, &ecPriv->privateValue, PR_TRUE, &derived);
+        if (rv != SECSuccess) {
+            rv = SECFailure;
+            goto cleanup;
+        }
+        rv = SECITEM_CopyItem(ecParams.arena, &theirKey, &ecPriv->privateValue);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        rv = SECITEM_CopyItem(ecParams.arena, &ecPriv->privateValue, &derived);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        SECITEM_FreeItem(&derived, PR_FALSE);
+    }
+
+    if (SECITEM_CompareItem(&answer2, &ecPriv->privateValue) != SECEqual) {
+        printf("expected: ");
+        printBuf(&answer2);
+        printf("derived:  ");
+        printBuf(&ecPriv->privateValue);
+        rv = SECFailure;
+        goto cleanup;
+    }
+
+cleanup:
+    PORT_FreeArena(arena, PR_FALSE);
+    if (ecPriv) {
+        PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
+    }
+    if (derived.data) {
+        SECITEM_FreeItem(&derived, PR_FALSE);
+    }
+    return rv;
+}
+
+SECStatus
+ectest_validate_point(ECDH_BAD *bad)
+{
+    ECParams ecParams = { 0 };
+    SECItem point = { siBuffer, NULL, 0 };
+    SECStatus rv = SECFailure;
+    PLArenaPool *arena = NULL;
+
+    rv = init_params(&ecParams, bad->curve, &arena, bad->fieldType);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    SECU_HexString2SECItem(arena, &point, bad->point);
+    rv = EC_ValidatePublicKey(&ecParams, &point);
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+void
+printUsage(char *prog)
+{
+    printf("Usage: %s [-fp] [-nd]\n"
+           "\t-n: NIST curves\n"
+           "\t-d: non-NIST curves\n"
+           "You have to specify at at least one of n or d.\n"
+           "By default no tests are executed.\n",
+           prog);
+}
+
+/* Performs tests of elliptic curve cryptography over prime fields If
+ * tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+    SECStatus rv = SECSuccess;
+    int numkats = 0;
+    int i = 0;
+    int nist = 0;
+    int nonnist = 0;
+
+    for (i = 1; i < argv; i++) {
+        if (PL_strcasecmp(argc[i], "-n") == 0) {
+            nist = 1;
+        } else if (PL_strcasecmp(argc[i], "-d") == 0) {
+            nonnist = 1;
+        } else {
+            printUsage(argc[0]);
+            return 1;
+        }
+    }
+    if (!nist && !nonnist) {
+        printUsage(argc[0]);
+        return 1;
+    }
+
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", "SECOID_Init");
+        goto cleanup;
+    }
+
+    /* Test P256, P384, P521 */
+    if (nist) {
+        while (ecdh_testvecs[numkats].curve != ECCurve_pastLastCurve) {
+            numkats++;
+        }
+        printf("1..%d\n", numkats);
+        for (i = 0; ecdh_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
+            if (ectest_ecdh_kat(&ecdh_testvecs[i]) != SECSuccess) {
+                printf("not okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
+                rv = SECFailure;
+            } else {
+                printf("okay %d - %s\n", i + 1, ecdh_testvecs[i].name);
+            }
+        }
+    }
+
+    /* Test KAT for non-NIST curves */
+    if (nonnist) {
+        for (i = 0; nonnist_testvecs[i].curve != ECCurve_pastLastCurve; i++) {
+            if (ectest_ecdh_kat(&nonnist_testvecs[i]) != SECSuccess) {
+                printf("not okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
+                rv = SECFailure;
+            } else {
+                printf("okay %d - %s\n", i + 1, nonnist_testvecs[i].name);
+            }
+        }
+        for (i = 0; nonnist_testvecs_bad_values[i].curve != ECCurve_pastLastCurve; i++) {
+            if (ectest_validate_point(&nonnist_testvecs_bad_values[i]) == SECSuccess) {
+                printf("not okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
+                rv = SECFailure;
+            } else {
+                printf("okay %d - %s\n", i + 1, nonnist_testvecs_bad_values[i].name);
+            }
+        }
+    }
+
+cleanup:
+    rv |= SECOID_Shutdown();
+
+    if (rv != SECSuccess) {
+        printf("Error: exiting with error value\n");
+    }
+    return rv;
+}
diff --git a/nss/cmd/fbectest/fbectest.gyp b/nss/cmd/fbectest/fbectest.gyp
new file mode 100644
index 0000000..07357bc
--- /dev/null
+++ b/nss/cmd/fbectest/fbectest.gyp
@@ -0,0 +1,34 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'fbectest',
+      'type': 'executable',
+      'sources': [
+        'fbectest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '<(DEPTH)/lib/softoken',
+    ],
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/fbectest/manifest.mn b/nss/cmd/fbectest/manifest.mn
new file mode 100644
index 0000000..85d6aa5
--- /dev/null
+++ b/nss/cmd/fbectest/manifest.mn
@@ -0,0 +1,18 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH = ../..
+CORE_DEPTH = ../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
+
+CSRCS = fbectest.c
+
+PROGRAM = fbectest
+
+USE_STATIC_LIBS = 1
diff --git a/nss/cmd/fbectest/testvecs.h b/nss/cmd/fbectest/testvecs.h
new file mode 100644
index 0000000..e66a2bf
--- /dev/null
+++ b/nss/cmd/fbectest/testvecs.h
@@ -0,0 +1,818 @@
+static ECDH_KAT ecdh_testvecs[] = {
+    { ECCurve_NIST_P256, 1,
+      "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
+      "04ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b23028af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141",
+      "04700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
+      "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
+      "curve: P256 vector: 0", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5",
+      "04119f2f047902782ab0c9e27a54aff5eb9b964829ca99c06b02ddba95b0a3f6d08f52b726664cac366fc98ac7a012b2682cbd962e5acb544671d41b9445704d1d",
+      "04809f04289c64348c01515eb03d5ce7ac1a8cb9498f5caa50197e58d43a86a7aeb29d84e811197f25eba8f5194092cb6ff440e26d4421011372461f579271cda3",
+      "057d636096cb80b67a8c038c890e887d1adfa4195e9b3ce241c8a778c59cda67",
+      "curve: P256 vector: 1", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "1accfaf1b97712b85a6f54b148985a1bdc4c9bec0bd258cad4b3d603f49f32c8",
+      "04d9f2b79c172845bfdb560bbb01447ca5ecc0470a09513b6126902c6b4f8d1051f815ef5ec32128d3487834764678702e64e164ff7315185e23aff5facd96d7bc",
+      "04a2339c12d4a03c33546de533268b4ad667debf458b464d77443636440ee7fec3ef48a3ab26e20220bcda2c1851076839dae88eae962869a497bf73cb66faf536",
+      "2d457b78b4614132477618a5b077965ec90730a8c81a1c75d6d4ec68005d67ec",
+      "curve: P256 vector: 2", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "207c43a79bfee03db6f4b944f53d2fb76cc49ef1c9c4d34d51b6c65c4db6932d",
+      "0424277c33f450462dcb3d4801d57b9ced05188f16c28eda873258048cd1607e0dc4789753e2b1f63b32ff014ec42cd6a69fac81dfe6d0d6fd4af372ae27c46f88",
+      "04df3989b9fa55495719b3cf46dccd28b5153f7808191dd518eff0c3cff2b705ed422294ff46003429d739a33206c8752552c8ba54a270defc06e221e0feaf6ac4",
+      "96441259534b80f6aee3d287a6bb17b5094dd4277d9e294f8fe73e48bf2a0024",
+      "curve: P256 vector: 3", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "59137e38152350b195c9718d39673d519838055ad908dd4757152fd8255c09bf",
+      "04a8c5fdce8b62c5ada598f141adb3b26cf254c280b2857a63d2ad783a73115f6b806e1aafec4af80a0d786b3de45375b517a7e5b51ffb2c356537c9e6ef227d4a",
+      "0441192d2813e79561e6a1d6f53c8bc1a433a199c835e141b05a74a97b0faeb9221af98cc45e98a7e041b01cf35f462b7562281351c8ebf3ffa02e33a0722a1328",
+      "19d44c8d63e8e8dd12c22a87b8cd4ece27acdde04dbf47f7f27537a6999a8e62",
+      "curve: P256 vector: 4", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "f5f8e0174610a661277979b58ce5c90fee6c9b3bb346a90a7196255e40b132ef",
+      "047b861dcd2844a5a8363f6b8ef8d493640f55879217189d80326aad9480dfc149c4675b45eeb306405f6c33c38bc69eb2bdec9b75ad5af4706aab84543b9cc63a",
+      "0433e82092a0f1fb38f5649d5867fba28b503172b7035574bf8e5b7100a3052792f2cf6b601e0a05945e335550bf648d782f46186c772c0f20d3cd0d6b8ca14b2f",
+      "664e45d5bba4ac931cd65d52017e4be9b19a515f669bea4703542a2c525cd3d3",
+      "curve: P256 vector: 5", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "3b589af7db03459c23068b64f63f28d3c3c6bc25b5bf76ac05f35482888b5190",
+      "049fb38e2d58ea1baf7622e96720101cae3cde4ba6c1e9fa26d9b1de0899102863d5561b900406edf50802dd7d73e89395f8aed72fba0e1d1b61fe1d22302260f0",
+      "046a9e0c3f916e4e315c91147be571686d90464e8bf981d34a90b6353bca6eeba740f9bead39c2f2bcc2602f75b8a73ec7bdffcbcead159d0174c6c4d3c5357f05",
+      "ca342daa50dc09d61be7c196c85e60a80c5cb04931746820be548cdde055679d",
+      "curve: P256 vector: 6", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "d8bf929a20ea7436b2461b541a11c80e61d826c0a4c9d322b31dd54e7f58b9c8",
+      "0420f07631e4a6512a89ad487c4e9d63039e579cb0d7a556cb9e661cd59c1e7fa46de91846b3eee8a5ec09c2ab1f41e21bd83620ccdd1bdce3ab7ea6e02dd274f5",
+      "04a9c0acade55c2a73ead1a86fb0a9713223c82475791cd0e210b046412ce224bbf6de0afa20e93e078467c053d241903edad734c6b403ba758c2b5ff04c9d4229",
+      "35aa9b52536a461bfde4e85fc756be928c7de97923f0416c7a3ac8f88b3d4489",
+      "curve: P256 vector: 7", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "0f9883ba0ef32ee75ded0d8bda39a5146a29f1f2507b3bd458dbea0b2bb05b4d",
+      "04abb61b423be5d6c26e21c605832c9142dc1dfe5a5fff28726737936e6fbf516d733d2513ef58beab202090586fac91bf0fee31e80ab33473ab23a2d89e58fad6",
+      "0494e94f16a98255fff2b9ac0c9598aac35487b3232d3231bd93b7db7df36f9eb9d8049a43579cfa90b8093a94416cbefbf93386f15b3f6e190b6e3455fedfe69a",
+      "605c16178a9bc875dcbff54d63fe00df699c03e8a888e9e94dfbab90b25f39b4",
+      "curve: P256 vector: 8", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "2beedb04b05c6988f6a67500bb813faf2cae0d580c9253b6339e4a3337bb6c08",
+      "043d63e429cb5fa895a9247129bf4e48e89f35d7b11de8158efeb3e106a2a873950cae9e477ef41e7c8c1064379bb7b554ddcbcae79f9814281f1e50f0403c61f3",
+      "04e099bf2a4d557460b5544430bbf6da11004d127cb5d67f64ab07c94fcdf5274fd9c50dbe70d714edb5e221f4e020610eeb6270517e688ca64fb0e98c7ef8c1c5",
+      "f96e40a1b72840854bb62bc13c40cc2795e373d4e715980b261476835a092e0b",
+      "curve: P256 vector: 9", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "77c15dcf44610e41696bab758943eff1409333e4d5a11bbe72c8f6c395e9f848",
+      "04ad5d13c3db508ddcd38457e5991434a251bed49cf5ddcb59cdee73865f138c9f62cec1e70588aa4fdfc7b9a09daa678081c04e1208b9d662b8a2214bf8e81a21",
+      "04f75a5fe56bda34f3c1396296626ef012dc07e4825838778a645c8248cff0165833bbdf1b1772d8059df568b061f3f1122f28a8d819167c97be448e3dc3fb0c3c",
+      "8388fa79c4babdca02a8e8a34f9e43554976e420a4ad273c81b26e4228e9d3a3",
+      "curve: P256 vector: 10", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "42a83b985011d12303db1a800f2610f74aa71cdf19c67d54ce6c9ed951e9093e",
+      "04ab48caa61ea35f13f8ed07ffa6a13e8db224dfecfae1a7df8b1bb6ebaf0cb97d1274530ca2c385a3218bddfbcbf0b4024c9badd5243bff834ebff24a8618dccb",
+      "042db4540d50230756158abf61d9835712b6486c74312183ccefcaef2797b7674d62f57f314e3f3495dc4e099012f5e0ba71770f9660a1eada54104cdfde77243e",
+      "72877cea33ccc4715038d4bcbdfe0e43f42a9e2c0c3b017fc2370f4b9acbda4a",
+      "curve: P256 vector: 11", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "ceed35507b5c93ead5989119b9ba342cfe38e6e638ba6eea343a55475de2800b",
+      "049a8cd9bd72e71752df91440f77c547509a84df98114e7de4f26cdb39234a625dd07cfc84c8e144fab2839f5189bb1d7c88631d579bbc58012ed9a2327da52f62",
+      "04cd94fc9497e8990750309e9a8534fd114b0a6e54da89c4796101897041d14ecbc3def4b5fe04faee0a11932229fff563637bfdee0e79c6deeaf449f85401c5c4",
+      "e4e7408d85ff0e0e9c838003f28cdbd5247cdce31f32f62494b70e5f1bc36307",
+      "curve: P256 vector: 12", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "43e0e9d95af4dc36483cdd1968d2b7eeb8611fcce77f3a4e7d059ae43e509604",
+      "04f989cf8ee956a82e7ebd9881cdbfb2fd946189b08db53559bc8cfdd48071eb145eff28f1a18a616b04b7d337868679f6dd84f9a7b3d7b6f8af276c19611a541d",
+      "0415b9e467af4d290c417402e040426fe4cf236bae72baa392ed89780dfccdb471cdf4e9170fb904302b8fd93a820ba8cc7ed4efd3a6f2d6b05b80b2ff2aee4e77",
+      "ed56bcf695b734142c24ecb1fc1bb64d08f175eb243a31f37b3d9bb4407f3b96",
+      "curve: P256 vector: 13", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "b2f3600df3368ef8a0bb85ab22f41fc0e5f4fdd54be8167a5c3cd4b08db04903",
+      "0469c627625b36a429c398b45c38677cb35d8beb1cf78a571e40e99fe4eac1cd4e81690112b0a88f20f7136b28d7d47e5fbc2ada3c8edd87589bc19ec9590637bd",
+      "0449c503ba6c4fa605182e186b5e81113f075bc11dcfd51c932fb21e951eee2fa18af706ff0922d87b3f0c5e4e31d8b259aeb260a9269643ed520a13bb25da5924",
+      "bc5c7055089fc9d6c89f83c1ea1ada879d9934b2ea28fcf4e4a7e984b28ad2cf",
+      "curve: P256 vector: 14", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "4002534307f8b62a9bf67ff641ddc60fef593b17c3341239e95bdb3e579bfdc8",
+      "045fe964671315a18aa68a2a6e3dd1fde7e23b8ce7181471cfac43c99e1ae80262d5827be282e62c84de531b963884ba832db5d6b2c3a256f0e604fe7e6b8a7f72",
+      "0419b38de39fdd2f70f7091631a4f75d1993740ba9429162c2a45312401636b29c09aed7232b28e060941741b6828bcdfa2bc49cc844f3773611504f82a390a5ae",
+      "9a4e8e657f6b0e097f47954a63c75d74fcba71a30d83651e3e5a91aa7ccd8343",
+      "curve: P256 vector: 15", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "4dfa12defc60319021b681b3ff84a10a511958c850939ed45635934ba4979147",
+      "04c9b2b8496f1440bd4a2d1e52752fd372835b364885e154a7dac49295f281ec7cfbe6b926a8a4de26ccc83b802b1212400754be25d9f3eeaf008b09870ae76321",
+      "042c91c61f33adfe9311c942fdbff6ba47020feff416b7bb63cec13faf9b0999546cab31b06419e5221fca014fb84ec870622a1b12bab5ae43682aa7ea73ea08d0",
+      "3ca1fc7ad858fb1a6aba232542f3e2a749ffc7203a2374a3f3d3267f1fc97b78",
+      "curve: P256 vector: 16", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "1331f6d874a4ed3bc4a2c6e9c74331d3039796314beee3b7152fcdba5556304e",
+      "0459e1e101521046ad9cf1d082e9d2ec7dd22530cce064991f1e55c5bcf5fcb591482f4f673176c8fdaa0bb6e59b15a3e47454e3a04297d3863c9338d98add1f37",
+      "04a28a2edf58025668f724aaf83a50956b7ac1cfbbff79b08c3bf87dfd2828d767dfa7bfffd4c766b86abeaf5c99b6e50cb9ccc9d9d00b7ffc7804b0491b67bc03",
+      "1aaabe7ee6e4a6fa732291202433a237df1b49bc53866bfbe00db96a0f58224f",
+      "curve: P256 vector: 17", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "dd5e9f70ae740073ca0204df60763fb6036c45709bf4a7bb4e671412fad65da3",
+      "0430b9db2e2e977bcdc98cb87dd736cbd8e78552121925cf16e1933657c2fb23146a45028800b81291bce5c2e1fed7ded650620ebbe6050c6f3a7f0dfb4673ab5c",
+      "04a2ef857a081f9d6eb206a81c4cf78a802bdf598ae380c8886ecd85fdc1ed7644563c4c20419f07bc17d0539fade1855e34839515b892c0f5d26561f97fa04d1a",
+      "430e6a4fba4449d700d2733e557f66a3bf3d50517c1271b1ddae1161b7ac798c",
+      "curve: P256 vector: 18", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "5ae026cfc060d55600717e55b8a12e116d1d0df34af831979057607c2d9c2f76",
+      "0446c9ebd1a4a3c8c0b6d572b5dcfba12467603208a9cb5d2acfbb733c40cf639146c913a27d044185d38b467ace011e04d4d9bbbb8cb9ae25fa92aaf15a595e86",
+      "04ccd8a2d86bc92f2e01bce4d6922cf7fe1626aed044685e95e2eebd464505f01fe9ddd583a9635a667777d5b8a8f31b0f79eba12c75023410b54b8567dddc0f38",
+      "1ce9e6740529499f98d1f1d71329147a33df1d05e4765b539b11cf615d6974d3",
+      "curve: P256 vector: 19", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "b601ac425d5dbf9e1735c5e2d5bdb79ca98b3d5be4a2cfd6f2273f150e064d9d",
+      "047c9e950841d26c8dde8994398b8f5d475a022bc63de7773fcf8d552e01f1ba0acc42b9885c9b3bee0f8d8c57d3a8f6355016c019c4062fa22cff2f209b5cc2e1",
+      "04c188ffc8947f7301fb7b53e36746097c2134bf9cc981ba74b4e9c4361f595e4ebf7d2f2056e72421ef393f0c0f2b0e00130e3cac4abbcc00286168e85ec55051",
+      "4690e3743c07d643f1bc183636ab2a9cb936a60a802113c49bb1b3f2d0661660",
+      "curve: P256 vector: 20", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "fefb1dda1845312b5fce6b81b2be205af2f3a274f5a212f66c0d9fc33d7ae535",
+      "0438b54db85500cb20c61056edd3d88b6a9dc26780a047f213a6e1b900f76596eb6387e4e5781571e4eb8ae62991a33b5dc33301c5bc7e125d53794a39160d8fd0",
+      "04317e1020ff53fccef18bf47bb7f2dd7707fb7b7a7578e04f35b3beed222a0eb609420ce5a19d77c6fe1ee587e6a49fbaf8f280e8df033d75403302e5a27db2ae",
+      "30c2261bd0004e61feda2c16aa5e21ffa8d7e7f7dbf6ec379a43b48e4b36aeb0",
+      "curve: P256 vector: 21", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "334ae0c4693d23935a7e8e043ebbde21e168a7cba3fa507c9be41d7681e049ce",
+      "043f2bf1589abf3047bf3e54ac9a95379bff95f8f55405f64eca36a7eebe8ffca75212a94e66c5ae9a8991872f66a72723d80ec5b2e925745c456f5371943b3a06",
+      "0445fb02b2ceb9d7c79d9c2fa93e9c7967c2fa4df5789f9640b24264b1e524fcb15c6e8ecf1f7d3023893b7b1ca1e4d178972ee2a230757ddc564ffe37f5c5a321",
+      "2adae4a138a239dcd93c243a3803c3e4cf96e37fe14e6a9b717be9599959b11c",
+      "curve: P256 vector: 22", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "2c4bde40214fcc3bfc47d4cf434b629acbe9157f8fd0282540331de7942cf09d",
+      "0429c0807f10cbc42fb45c9989da50681eead716daa7b9e91fd32e062f5eb92ca0ff1d6d1955d7376b2da24fe1163a271659136341bc2eb1195fc706dc62e7f34d",
+      "04a19ef7bff98ada781842fbfc51a47aff39b5935a1c7d9625c8d323d511c92de6e9c184df75c955e02e02e400ffe45f78f339e1afe6d056fb3245f4700ce606ef",
+      "2e277ec30f5ea07d6ce513149b9479b96e07f4b6913b1b5c11305c1444a1bc0b",
+      "curve: P256 vector: 23", ec_field_GFp },
+
+    { ECCurve_NIST_P256, 1,
+      "85a268f9d7772f990c36b42b0a331adc92b5941de0b862d5d89a347cbf8faab0",
+      "049cf4b98581ca1779453cc816ff28b4100af56cf1bf2e5bc312d83b6b1b21d3337a5504fcac5231a0d12d658218284868229c844a04a3450d6c7381abe080bf3b",
+      "04356c5a444c049a52fee0adeb7e5d82ae5aa83030bfff31bbf8ce2096cf161c4b57d128de8b2a57a094d1a001e572173f96e8866ae352bf29cddaf92fc85b2f92",
+      "1e51373bd2c6044c129c436e742a55be2a668a85ae08441b6756445df5493857",
+      "curve: P256 vector: 24", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "3cc3122a68f0d95027ad38c067916ba0eb8c38894d22e1b15618b6818a661774ad463b205da88cf699ab4d43c9cf98a1",
+      "049803807f2f6d2fd966cdd0290bd410c0190352fbec7ff6247de1302df86f25d34fe4a97bef60cff548355c015dbb3e5"
+      "fba26ca69ec2f5b5d9dad20cc9da711383a9dbe34ea3fa5a2af75b46502629ad54dd8b7d73a8abb06a3a3be47d650cc99",
+      "04a7c76b970c3b5fe8b05d2838ae04ab47697b9eaf52e764592efda27fe7513272734466b400091adbf2d68c58e0c5006"
+      "6ac68f19f2e1cb879aed43a9969b91a0839c4c38a49749b661efedf243451915ed0905a32b060992b468c64766fc8437a",
+      "5f9d29dc5e31a163060356213669c8ce132e22f57c9a04f40ba7fcead493b457e5621e766c40a2e3d4d6a04b25e533f1",
+      "curve: P384 vector: 0", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "92860c21bde06165f8e900c687f8ef0a05d14f290b3f07d8b3a8cc6404366e5d5119cd6d03fb12dc58e89f13df9cd783",
+      "04ea4018f5a307c379180bf6a62fd2ceceebeeb7d4df063a66fb838aa35243419791f7e2c9d4803c9319aa0eb03c416b"
+      "6668835a91484f05ef028284df6436fb88ffebabcdd69ab0133e6735a1bcfb37203d10d340a8328a7b68770ca75878a1a6",
+      "0430f43fcf2b6b00de53f624f1543090681839717d53c7c955d1d69efaf0349b7363acb447240101cbb3af6641ce4b88e0"
+      "25e46c0c54f0162a77efcc27b6ea792002ae2ba82714299c860857a68153ab62e525ec0530d81b5aa15897981e858757",
+      "a23742a2c267d7425fda94b93f93bbcc24791ac51cd8fd501a238d40812f4cbfc59aac9520d758cf789c76300c69d2ff",
+      "curve: P384 vector: 1", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "12cf6a223a72352543830f3f18530d5cb37f26880a0b294482c8a8ef8afad09aa78b7dc2f2789a78c66af5d1cc553853",
+      "04fcfcea085e8cf74d0dced1620ba8423694f903a219bbf901b0b59d6ac81baad316a242ba32bde85cb248119b852fab6"
+      "6972e3c68c7ab402c5836f2a16ed451a33120a7750a6039f3ff15388ee622b7065f7122bf6d51aefbc29b37b03404581b",
+      "041aefbfa2c6c8c855a1a216774550b79a24cda37607bb1f7cc906650ee4b3816d68f6a9c75da6e4242cebfb6652f65180"
+      "419d28b723ebadb7658fcebb9ad9b7adea674f1da3dc6b6397b55da0f61a3eddacb4acdb14441cb214b04a0844c02fa3",
+      "3d2e640f350805eed1ff43b40a72b2abed0a518bcebe8f2d15b111b6773223da3c3489121db173d414b5bd5ad7153435",
+      "curve: P384 vector: 2", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "8dd48063a3a058c334b5cc7a4ce07d02e5ee6d8f1f3c51a1600962cbab462690ae3cd974fb39e40b0e843daa0fd32de1",
+      "04e38c9846248123c3421861ea4d32669a7b5c3c08376ad28104399494c84ff5efa3894adb2c6cbe8c3c913ef2eec5bd3"
+      "c9fa84024a1028796df84021f7b6c9d02f0f4bd1a612a03cbf75a0beea43fef8ae84b48c60172aadf09c1ad016d0bf3ce",
+      "048bc089326ec55b9cf59b34f0eb754d93596ca290fcb3444c83d4de3a5607037ec397683f8cef07eab2fe357eae36c44"
+      "9d9d16ce8ac85b3f1e94568521aae534e67139e310ec72693526aa2e927b5b322c95a1a033c229cb6770c957cd3148dd7",
+      "6a42cfc392aba0bfd3d17b7ccf062b91fc09bbf3417612d02a90bdde62ae40c54bb2e56e167d6b70db670097eb8db854",
+      "curve: P384 vector: 3", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "84ece6cc3429309bd5b23e959793ed2b111ec5cb43b6c18085fcaea9efa0685d98a6262ee0d330ee250bc8a67d0e733f",
+      "043222063a2997b302ee60ee1961108ff4c7acf1c0ef1d5fb0d164b84bce71c431705cb9aea9a45f5d73806655a058bee"
+      "3e61fa9e7fbe7cd43abf99596a3d3a039e99fa9dc93b0bdd9cad81966d17eeaf557068afa7c78466bb5b22032d1100fa6",
+      "04eb952e2d9ac0c20c6cc48fb225c2ad154f53c8750b003fd3b4ed8ed1dc0defac61bcdde02a2bcfee7067d75d342ed2b"
+      "0f1828205baece82d1b267d0d7ff2f9c9e15b69a72df47058a97f3891005d1fb38858f5603de840e591dfa4f6e7d489e1",
+      "ce7ba454d4412729a32bb833a2d1fd2ae612d4667c3a900e069214818613447df8c611de66da200db7c375cf913e4405",
+      "curve: P384 vector: 4", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "68fce2121dc3a1e37b10f1dde309f9e2e18fac47cd1770951451c3484cdb77cb136d00e731260597cc2859601c01a25b",
+      "04868be0e694841830e424d913d8e7d86b84ee1021d82b0ecf523f09fe89a76c0c95c49f2dfbcf829c1e39709d55efbb"
+      "3b9195eb183675b40fd92f51f37713317e4a9b4f715c8ab22e0773b1bc71d3a219f05b8116074658ee86b52e36f3897116",
+      "04441d029e244eb7168d647d4df50db5f4e4974ab3fdaf022aff058b3695d0b8c814cc88da6285dc6df1ac55c55388500"
+      "3e8025ac23a41d4b1ea2aa46c50c6e479946b59b6d76497cd9249977e0bfe4a6262622f13d42a3c43d66bdbb30403c345",
+      "ba69f0acdf3e1ca95caaac4ecaf475bbe51b54777efce01ca381f45370e486fe87f9f419b150c61e329a286d1aa265ec",
+      "curve: P384 vector: 5", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "b1764c54897e7aae6de9e7751f2f37de849291f88f0f91093155b858d1cc32a3a87980f706b86cc83f927bdfdbeae0bd",
+      "04c371222feaa6770c6f3ea3e0dac9740def4fcf821378b7f91ff937c21e0470f70f3a31d5c6b2912195f10926942b48ae"
+      "047d6b4d765123563f81116bc665b7b8cc6207830d805fd84da7cb805a65baa7c12fd592d1b5b5e3e65d9672a9ef7662",
+      "043d4e6bf08a73404accc1629873468e4269e82d90d832e58ad72142639b5a056ad8d35c66c60e8149fac0c797bceb7c2"
+      "f9b0308dc7f0e6d29f8c277acbc65a21e5adb83d11e6873bc0a07fda0997f482504602f59e10bc5cb476b83d0a4f75e71",
+      "1a6688ee1d6e59865d8e3ada37781d36bb0c2717eef92e61964d3927cb765c2965ea80f7f63e58c322ba0397faeaf62b",
+      "curve: P384 vector: 6", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "f0f7a96e70d98fd5a30ad6406cf56eb5b72a510e9f192f50e1f84524dbf3d2439f7287bb36f5aa912a79deaab4adea82",
+      "0499c8c41cb1ab5e0854a346e4b08a537c1706a61553387c8d94943ab15196d40dbaa55b8210a77a5d00915f2c4ea69e"
+      "ab5531065bdcf17bfb3cb55a02e41a57c7f694c383ad289f900fbd656c2233a93c92e933e7a26f54cbb56f0ad875c51bb0",
+      "04f5f6bef1d110da03be0017eac760cc34b24d092f736f237bc7054b3865312a813bcb62d297fb10a4f7abf54708fe2d3d"
+      "06fdf8d7dc032f4e10010bf19cbf6159321252ff415fb91920d438f24e67e60c2eb0463204679fa356af44cea9c9ebf5",
+      "d06a568bf2336b90cbac325161be7695eacb2295f599500d787f072612aca313ee5d874f807ddef6c1f023fe2b6e7cd0",
+      "curve: P384 vector: 7", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "9efb87ddc61d43c482ba66e1b143aef678fbd0d1bebc2000941fabe677fe5b706bf78fce36d100b17cc787ead74bbca2",
+      "044c34efee8f0c95565d2065d1bbac2a2dd25ae964320eb6bccedc5f3a9b42a881a1afca1bb6b880584fa27b01c193cd9"
+      "2d8fb01dbf7cd0a3868c26b951f393c3c56c2858cee901f7793ff5d271925d13a41f8e52409f4eba1990f33acb0bac669",
+      "047cdec77e0737ea37c67b89b7137fe38818010f4464438ee4d1d35a0c488cad3fde2f37d00885d36d3b795b9f93d23a6"
+      "728c42ee8d6027c56cf979ba4c229fdb01d234944f8ac433650112c3cf0f02844e888a3569dfef7828a8a884589aa055e",
+      "bb3b1eda9c6560d82ff5bee403339f1e80342338a991344853b56b24f109a4d94b92f654f0425edd4c205903d7586104",
+      "curve: P384 vector: 8", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "d787a57fde22ec656a0a525cf3c738b30d73af61e743ea90893ecb2d7b622add2f94ee25c2171467afb093f3f84d0018",
+      "04171546923b87b2cbbad664f01ce932bf09d6a6118168678446bfa9f0938608cb4667a98f4ec8ac1462285c2508f7486"
+      "2fa41cb4db68ae71f1f8a3e8939dc52c2dec61a83c983beb2a02baf29ec49278088882ed0cf56c74b5c173b552ccf63cf",
+      "048eeea3a319c8df99fbc29cb55f243a720d95509515ee5cc587a5c5ae22fbbd009e626db3e911def0b99a4f7ae304b1b"
+      "a73877dc94db9adddc0d9a4b24e8976c22d73c844370e1ee857f8d1b129a3bd5f63f40caf3bd0533e38a5f5777074ff9e",
+      "1e97b60add7cb35c7403dd884c0a75795b7683fff8b49f9d8672a8206bfdcf0a106b8768f983258c74167422e44e4d14",
+      "curve: P384 vector: 9", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "83d70f7b164d9f4c227c767046b20eb34dfc778f5387e32e834b1e6daec20edb8ca5bb4192093f543b68e6aeb7ce788b",
+      "0457cd770f3bbcbe0c78c770eab0b169bc45e139f86378ffae1c2b16966727c2f2eb724572b8f3eb228d130db4ff862c"
+      "637ec5c8813b685558d83e924f14bc719f6eb7ae0cbb2c474227c5bda88637a4f26c64817929af999592da6f787490332f",
+      "04a721f6a2d4527411834b13d4d3a33c29beb83ab7682465c6cbaf6624aca6ea58c30eb0f29dd842886695400d7254f20f"
+      "14ba6e26355109ad35129366d5e3a640ae798505a7fa55a96a36b5dad33de00474f6670f522214dd7952140ab0a7eb68",
+      "1023478840e54775bfc69293a3cf97f5bc914726455c66538eb5623e218feef7df4befa23e09d77145ad577db32b41f9",
+      "curve: P384 vector: 10", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "8f558e05818b88ed383d5fca962e53413db1a0e4637eda194f761944cbea114ab9d5da175a7d57882550b0e432f395a9",
+      "049a2f57f4867ce753d72b0d95195df6f96c1fae934f602efd7b6a54582f556cfa539d89005ca2edac08ad9b72dd1f60b"
+      "ad9b94ee82da9cc601f346044998ba387aee56404dc6ecc8ab2b590443319d0b2b6176f9d0eac2d44678ed561607d09a9",
+      "04d882a8505c2d5cb9b8851fc676677bb0087681ad53faceba1738286b45827561e7da37b880276c656cfc38b32ade847"
+      "e34b314bdc134575654573cffaf40445da2e6aaf987f7e913cd4c3091523058984a25d8f21da8326192456c6a0fa5f60c",
+      "6ad6b9dc8a6cf0d3691c501cbb967867f6e4bbb764b60dbff8fcff3ed42dbba39d63cf325b4b4078858495ddee75f954",
+      "curve: P384 vector: 11", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "0f5dee0affa7bbf239d5dff32987ebb7cf84fcceed643e1d3c62d0b3352aec23b6e5ac7fa4105c8cb26126ad2d1892cb",
+      "0423346bdfbc9d7c7c736e02bdf607671ff6082fdd27334a8bc75f3b23681ebe614d0597dd614fae58677c835a9f0b273"
+      "b82ba36290d2f94db41479eb45ab4eaf67928a2315138d59eecc9b5285dfddd6714f77557216ea44cc6fc119d8243efaf",
+      "04815c9d773dbf5fb6a1b86799966247f4006a23c92e68c55e9eaa998b17d8832dd4d84d927d831d4f68dac67c6488219f"
+      "e79269948b2611484560fd490feec887cb55ef99a4b524880fa7499d6a07283aae2afa33feab97deca40bc606c4d8764",
+      "cc9e063566d46b357b3fcae21827377331e5e290a36e60cd7c39102b828ae0b918dc5a02216b07fe6f1958d834e42437",
+      "curve: P384 vector: 12", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "037b633b5b8ba857c0fc85656868232e2febf59578718391b81da8541a00bfe53c30ae04151847f27499f8d7abad8cf4",
+      "048878ac8a947f7d5cb2b47aad24fbb8210d86126585399a2871f84aa9c5fde3074ae540c6bf82275ca822d0feb862bc7"
+      "4632f5cd2f900c2711c32f8930728eb647d31edd8d650f9654e7d33e5ed1b475489d08daa30d8cbcba6bfc3b60d9b5a37",
+      "041c0eeda7a2be000c5bdcda0478aed4db733d2a9e341224379123ad847030f29e3b168fa18e89a3c0fba2a6ce1c28fc3"
+      "bec8c1c83c118c4dbea94271869f2d868eb65e8b44e21e6f14b0f4d9b38c068daefa27114255b9a41d084cc4a1ad85456",
+      "deff7f03bd09865baf945e73edff6d5122c03fb561db87dec8662e09bed4340b28a9efe118337bb7d3d4f7f568635ff9",
+      "curve: P384 vector: 13", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "e3d07106bedcc096e7d91630ffd3094df2c7859db8d7edbb2e37b4ac47f429a637d06a67d2fba33838764ef203464991",
+      "04e74a1a2b85f1cbf8dbbdf050cf1aff8acb02fda2fb6591f9d3cfe4e79d0ae938a9c1483e7b75f8db24505d65065cdb1"
+      "81773ee591822f7abaa856a1a60bc0a5203548dbd1cb5025466eff8481bd07614eaa04a16c3db76905913e972a5b6b59d",
+      "04c95c185e256bf997f30b311548ae7f768a38dee43eeeef43083f3077be70e2bf39ac1d4daf360c514c8c6be623443d1"
+      "a3e63a663eaf75d8a765ab2b9a35513d7933fa5e26420a5244550ec6c3b6f033b96db2aca3d6ac6aab052ce929595aea5",
+      "c8b1038f735ad3bb3e4637c3e47eab487637911a6b7950a4e461948329d3923b969e5db663675623611a457fcda35a71",
+      "curve: P384 vector: 14", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "f3f9b0c65a49a506632c8a45b10f66b5316f9eeb06fae218f2da62333f99905117b141c760e8974efc4af10570635791",
+      "04a4ad77aa7d86e5361118a6b921710c820721210712f4c347985fdee58aa4effa1e28be80a17b120b139f96300f89b4"
+      "9b1ddf22e07e03f1560d8f45a480094560dba9fae7f9531130c1b57ebb95982496524f31d3797793396fa823f22bdb4328",
+      "043497238a7e6ad166df2dac039aa4dac8d17aa925e7c7631eb3b56e3aaa1c545fcd54d2e5985807910fb202b1fc191d2a"
+      "a49e5c487dcc7aa40a8f234c979446040d9174e3ad357d404d7765183195aed3f913641b90c81a306ebf0d8913861316",
+      "d337eaa32b9f716b8747b005b97a553c59dab0c51df41a2d49039cdae705aa75c7b9e7bc0b6a0e8c578c902bc4fff23e",
+      "curve: P384 vector: 15", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "59fce7fad7de28bac0230690c95710c720e528f9a4e54d3a6a8cd5fc5c5f21637031ce1c5b4e3d39647d8dcb9b794664",
+      "049c43bf971edf09402876ee742095381f78b1bd3aa39b5132af75dbfe7e98bd78bde10fe2e903c2b6379e1deee175a1b"
+      "0a6c58ecea5a477bb01bd543b339f1cc49f1371a2cda4d46eb4e53e250597942351a99665a122ffea9bde0636c375daf2",
+      "0490a34737d45b1aa65f74e0bd0659bc118f8e4b774b761944ffa6573c6df4f41dec0d11b697abd934d390871d4b453240"
+      "9b590719bb3307c149a7817be355d684893a307764b512eeffe07cb699edb5a6ffbf8d6032e6c79d5e93e94212c2aa4e",
+      "32d292b695a4488e42a7b7922e1ae537d76a3d21a0b2e36875f60e9f6d3e8779c2afb3a413b9dd79ae18e70b47d337c1",
+      "curve: P384 vector: 16", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "3e49fbf950a424c5d80228dc4bc35e9f6c6c0c1d04440998da0a609a877575dbe437d6a5cedaa2ddd2a1a17fd112aded",
+      "045a949594228b1a3d6f599eb3db0d06070fbc551c657b58234ba164ce3fe415fa5f3eb823c08dc29b8c341219c77b6b3"
+      "d2baad447c8c290cfed25edd9031c41d0b76921457327f42db31122b81f337bbf0b1039ec830ce9061a3761953c75e4a8",
+      "04dda546acfc8f903d11e2e3920669636d44b2068aeb66ff07aa266f0030e1535b0ed0203cb8a460ac990f1394faf22f1"
+      "d15bbb2597913035faadf413476f4c70f7279769a40c986f470c427b4ee4962abdf8173bbad81874772925fd32f0b159f",
+      "1220e7e6cad7b25df98e5bbdcc6c0b65ca6c2a50c5ff6c41dca71e475646fd489615979ca92fb4389aeadefde79a24f1",
+      "curve: P384 vector: 17", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "50ccc1f7076e92f4638e85f2db98e0b483e6e2204c92bdd440a6deea04e37a07c6e72791c190ad4e4e86e01efba84269",
+      "04756c07df0ce32c839dac9fb4733c9c28b70113a676a7057c38d223f22a3a9095a8d564653af528e04c7e1824be4a651"
+      "217c2ce6962cbd2a2e066297b39d57dd9bb4680f0191d390f70b4e461419b2972ce68ad46127fdda6c39195774ea86df3",
+      "04788be2336c52f4454d63ee944b1e49bfb619a08371048e6da92e584eae70bde1f171c4df378bd1f3c0ab03048a237802"
+      "4673ebd8db604eaf41711748bab2968a23ca4476ce144e728247f08af752929157b5830f1e26067466bdfa8b65145a33",
+      "793bb9cd22a93cf468faf804a38d12b78cb12189ec679ddd2e9aa21fa9a5a0b049ab16a23574fe04c1c3c02343b91beb",
+      "curve: P384 vector: 18", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "06f132b71f74d87bf99857e1e4350a594e5fe35533b888552ceccbc0d8923c902e36141d7691e28631b8bc9bafe5e064",
+      "042a3cc6b8ff5cde926e7e3a189a1bd029c9b586351af8838f4f201cb8f4b70ef3b0da06d352c80fc26baf8f42b784459"
+      "ebf9985960176da6d23c7452a2954ffcbbcb24249b43019a2a023e0b3dabd461f19ad3e775c364f3f11ad49f3099400d3",
+      "04d09bb822eb99e38060954747c82bb3278cf96bbf36fece3400f4c873838a40c135eb3babb9293bd1001bf3ecdee7bf2"
+      "6d416db6e1b87bbb7427788a3b6c7a7ab2c165b1e366f9608df512037584f213a648d47f16ac326e19aae972f63fd76c9",
+      "012d191cf7404a523678c6fc075de8285b243720a903047708bb33e501e0dbee5bcc40d7c3ef6c6da39ea24d830da1e8",
+      "curve: P384 vector: 19", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "12048ebb4331ec19a1e23f1a2c773b664ccfe90a28bfb846fc12f81dff44b7443c77647164bf1e9e67fd2c07a6766241",
+      "04bc18836bc7a9fdf54b5352f37d7528ab8fa8ec544a8c6180511cbfdd49cce377c39e34c031b5240dc9980503ed2f26"
+      "2c8086cbe338191080f0b7a16c7afc4c7b0326f9ac66f58552ef4bb9d24de3429ed5d3277ed58fcf48f2b5f61326bec6c6",
+      "0413741262ede5861dad71063dfd204b91ea1d3b7c631df68eb949969527d79a1dc59295ef7d2bca6743e8cd77b04d1"
+      "b580baaeadc7e19d74a8a04451a135f1be1b02fe299f9dc00bfdf201e83d995c6950bcc1cb89d6f7b30bf54656b9a4da586",
+      "ad0fd3ddffe8884b9263f3c15fe1f07f2a5a22ffdc7e967085eea45f0cd959f20f18f522763e28bcc925e496a52dda98",
+      "curve: P384 vector: 20", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "34d61a699ca576169fcdc0cc7e44e4e1221db0fe63d16850c8104029f7d48449714b9884328cae189978754ab460b486",
+      "04867f81104ccd6b163a7902b670ef406042cb0cce7dcdc63d1dfc91b2c40e3cdf7595834bf9eceb79849f1636fc8462f"
+      "c9d4bde8e875ec49697d258d1d59465f8431c6f5531e1c59e9f9ebe3cf164a8d9ce10a12f1979283a959bad244dd83863",
+      "049e22cbc18657f516a864b37b783348b66f1aa9626cd631f4fa1bd32ad88cf11db52057c660860d39d11fbf024fabd44"
+      "46b0d53c79681c28116df71e9cee74fd56c8b7f04b39f1198cc72284e98be9562e35926fb4f48a9fbecafe729309e8b6f",
+      "dc4ca392dc15e20185f2c6a8ea5ec31dfc96f56153a47394b3072b13d0015f5d4ae13beb3bed54d65848f9b8383e6c95",
+      "curve: P384 vector: 21", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "dc60fa8736d702135ff16aab992bb88eac397f5972456c72ec447374d0d8ce61153831bfc86ad5a6eb5b60bfb96a862c",
+      "04b69beede85d0f829fec1b893ccb9c3e052ff692e13b974537bc5b0f9feaf7b22e84f03231629b24866bdb4b8cf9089"
+      "1466f85e2bfcaba2843285b0e14ebc07ef7dafff8b424416fee647b59897b619f20eed95a632e6a4206bf7da429c04c560",
+      "042db5da5f940eaa884f4db5ec2139b0469f38e4e6fbbcc52df15c0f7cf7fcb1808c749764b6be85d2fdc5b16f58ad5d"
+      "c022e8b02dcf33e1b5a083849545f84ad5e43f77cb71546dbbac0d11bdb2ee202e9d3872e8d028c08990746c5e1dde9989",
+      "d765b208112d2b9ed5ad10c4046e2e3b0dbf57c469329519e239ac28b25c7d852bf757d5de0ee271cadd021d86cfd347",
+      "curve: P384 vector: 22", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "6fa6a1c704730987aa634b0516a826aba8c6d6411d3a4c89772d7a62610256a2e2f289f5c3440b0ec1e70fa339e251ce",
+      "0453de1fc1328e8de14aecab29ad8a40d6b13768f86f7d298433d20fec791f86f8bc73f358098b256a298bb488de257bf"
+      "4ac28944fd27f17b82946c04c66c41f0053d3692f275da55cd8739a95bd8cd3af2f96e4de959ea8344d8945375905858b",
+      "04329647baa354224eb4414829c5368c82d7893b39804e08cbb2180f459befc4b347a389a70c91a23bd9d30c83be5295d"
+      "3cc8f61923fad2aa8e505d6cfa126b9fabd5af9dce290b75660ef06d1caa73681d06089c33bc4246b3aa30dbcd2435b12",
+      "d3778850aeb58804fbe9dfe6f38b9fa8e20c2ca4e0dec335aafceca0333e3f2490b53c0c1a14a831ba37c4b9d74be0f2",
+      "curve: P384 vector: 23", ec_field_GFp },
+
+    { ECCurve_NIST_P384, 1,
+      "74ad8386c1cb2ca0fcdeb31e0869bb3f48c036afe2ef110ca302bc8b910f621c9fcc54cec32bb89ec7caa84c7b8e54a8",
+      "0427a3e83cfb9d5122e73129d801615857da7cc089cccc9c54ab3032a19e0a0a9f677346e37f08a0b3ed8da6e5dd69106"
+      "38d60e44aa5e0fd30c918456796af37f0e41957901645e5c596c6d989f5859b03a0bd7d1f4e77936fff3c74d204e5388e",
+      "0429d8a36d22200a75b7aea1bb47cdfcb1b7fd66de967041434728ab5d533a060df732130600fe6f75852a871fb2938e3"
+      "9e19b53db528395de897a45108967715eb8cb55c3fcbf23379372c0873a058d57544b102ecce722b2ccabb1a603774fd5",
+      "81e1e71575bb4505498de097350186430a6242fa6c57b85a5f984a23371123d2d1424eefbf804258392bc723e4ef1e35",
+      "curve: P384 vector: 24", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "017eecc07ab4b329068fba65e56a1f8890aa935e57134ae0ffcce802735151f4eac6564f6ee9974c5e6887a1fefee5743"
+      "ae2241bfeb95d5ce31ddcb6f9edb4d6fc47",
+      "0400602f9d0cf9e526b29e22381c203c48a886c2b0673033366314f1ffbcba240ba42f4ef38a76174635f91e6b4ed3427"
+      "5eb01c8467d05ca80315bf1a7bbd945f550a501b7c85f26f5d4b2d7355cf6b02117659943762b6d1db5ab4f1dbc44ce7b2"
+      "946eb6c7de342962893fd387d1b73d7a8672d1f236961170b7eb3579953ee5cdc88cd2d",
+      "0400685a48e86c79f0f0875f7bc18d25eb5fc8c0b07e5da4f4370f3a9490340854334b1e1b87fa395464c60626124a4e70"
+      "d0f785601d37c09870ebf176666877a2046d01ba52c56fc8776d9e8f5db4f0cc27636d0b741bbe05400697942e80b739884"
+      "a83bde99e0f6716939e632bc8986fa18dccd443a348b6c3e522497955a4f3c302f676",
+      "005fc70477c3e63bc3954bd0df3ea0d1f41ee21746ed95fc5e1fdf90930d5e136672d72cc770742d1711c3c3a4c334a0ad9"
+      "759436a4d3c5bf6e74b9578fac148c831",
+      "curve: P521 vector: 0", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "00816f19c1fb10ef94d4a1d81c156ec3d1de08b66761f03f06ee4bb9dcebbbfe1eaa1ed49a6a990838d8ed318c14d74cc"
+      "872f95d05d07ad50f621ceb620cd905cfb8",
+      "0400d45615ed5d37fde699610a62cd43ba76bedd8f85ed31005fe00d6450fbbd101291abd96d4945a8b57bc73b3fe9f46"
+      "71105309ec9b6879d0551d930dac8ba45d25501425332844e592b440c0027972ad1526431c06732df19cd46a242172d4d"
+      "d67c2c8c99dfc22e49949a56cf90c6473635ce82f25b33682fb19bc33bd910ed8ce3a7fa",
+      "0401df277c152108349bc34d539ee0cf06b24f5d3500677b4445453ccc21409453aafb8a72a0be9ebe54d12270aa51b3a"
+      "b7f316aa5e74a951c5e53f74cd95fc29aee7a013d52f33a9f3c14384d1587fa8abe7aed74bc33749ad9c570b471776422c"
+      "7d4505d9b0a96b3bfac041e4c6a6990ae7f700e5b4a6640229112deafa0cd8bb0d089b0",
+      "000b3920ac830ade812c8f96805da2236e002acbbf13596a9ab254d44d0e91b6255ebf1229f366fb5a05c5884ef46032c2"
+      "6d42189273ca4efa4c3db6bd12a6853759",
+      "curve: P521 vector: 1", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "012f2e0c6d9e9d117ceb9723bced02eb3d4eebf5feeaf8ee0113ccd8057b13ddd416e0b74280c2d0ba8ed291c443bc1b14"
+      "1caf8afb3a71f97f57c225c03e1e4d42b0",
+      "0400717fcb3d4a40d103871ede044dc803db508aaa4ae74b70b9fb8d8dfd84bfecfad17871879698c292d2fd5e17b4f9343"
+      "636c531a4fac68a35a93665546b9a87867900f3d96a8637036993ab5d244500fff9d2772112826f6436603d3eb234a44d5c"
+      "4e5c577234679c4f9df725ee5b9118f23d8a58d0cc01096daf70e8dfec0128bdc2e8",
+      "040092db3142564d27a5f0006f819908fba1b85038a5bc2509906a497daac67fd7aee0fc2daba4e4334eeaef0e0019204b4"
+      "71cd88024f82115d8149cc0cf4f7ce1a4d5016bad0623f517b158d9881841d2571efbad63f85cbe2e581960c5d670601a67"
+      "60272675a548996217e4ab2b8ebce31d71fca63fcc3c08e91c1d8edd91cf6fe845f8",
+      "006b380a6e95679277cfee4e8353bf96ef2a1ebdd060749f2f046fe571053740bbcc9a0b55790bc9ab56c3208aa05ddf746"
+      "a10a3ad694daae00d980d944aabc6a08f",
+      "curve: P521 vector: 2", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "00e548a79d8b05f923b9825d11b656f222e8cb98b0f89de1d317184dc5a698f7c71161ee7dc11cd31f4f4f8ae3a981e1a3e7"
+      "8bdebb97d7c204b9261b4ef92e0918e0",
+      "04000ce800217ed243dd10a79ad73df578aa8a3f9194af528cd1094bbfee27a3b5481ad5862c8876c0c3f91294c0ab3aa806"
+      "d9020cbaa2ed72b7fecdc5a09a6dad6f3201543c9ab45b12469232918e21d5a351f9a4b9cbf9efb2afcc402fa9b31650bec2d6"
+      "41a05c440d35331c0893d11fb13151335988b303341301a73dc5f61d574e67d9",
+      "0400fdd40d9e9d974027cb3bae682162eac1328ad61bc4353c45bf5afe76bf607d2894c8cce23695d920f2464fda4773d4693b"
+      "e4b3773584691bdb0329b7f4c86cc2990034ceac6a3fef1c3e1c494bfe8d872b183832219a7e14da414d4e3474573671ec19b03"
+      "3be831b915435905925b44947c592959945b4eb7c951c3b9c8cf52530ba23",
+      "00fbbcd0b8d05331fef6086f22a6cce4d35724ab7a2f49dd8458d0bfd57a0b8b70f246c17c4468c076874b0dff7a0336823b19e"
+      "98bf1cec05e4beffb0591f97713c6",
+      "curve: P521 vector: 3", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "01c8aae94bb10b8ca4f7be577b4fb32bb2381032c4942c24fc2d753e7cc5e47b483389d9f3b956d20ee9001b1eef9f23545f72"
+      "c5602140046839e963313c3decc864",
+      "040106a14e2ee8ff970aa8ab0c79b97a33bba2958e070b75b94736b77bbe3f777324fa52872771aa88a63a9e8490c3378df4dc"
+      "760cd14d62be700779dd1a4377943656002366ce3941e0b284b1aa81215d0d3b9778fce23c8cd1e4ed6fa0abf62156c91d4b3eb"
+      "55999c3471bed275e9e60e5aa9d690d310bfb15c9c5bbd6f5e9eb39682b74",
+      "040098d99dee0816550e84dbfced7e88137fddcf581a725a455021115fe49f8dc3cf233cd9ea0e6f039dc7919da973cdceaca20"
+      "5da39e0bd98c8062536c47f258f44b500cd225c8797371be0c4297d2b457740100c774141d8f214c23b61aa2b6cd4806b9b70722"
+      "aa4965fb622f42b7391e27e5ec21c5679c5b06b59127372997d421adc1e",
+      "0145cfa38f25943516c96a5fd4bfebb2f645d10520117aa51971eff442808a23b4e23c187e639ff928c3725fbd1c0c2ad0d4aeb2"
+      "07bc1a6fb6cb6d467888dc044b3c",
+      "curve: P521 vector: 4", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "009b0af137c9696c75b7e6df7b73156bb2d45f482e5a4217324f478b10ceb76af09724cf86afa316e7f89918d31d54824a5c33"
+      "107a483c15c15b96edc661340b1c0e",
+      "0400748cdbb875d35f4bccb62abe20e82d32e4c14dc2feb5b87da2d0ccb11c9b6d4b7737b6c46f0dfb4d896e2db92fcf53cdbb"
+      "ae2a404c0babd564ad7adeac6273efa301984acab8d8f173323de0bb60274b228871609373bb22a17287e9dec7495873abc09a"
+      "8915b54c8455c8e02f654f602e23a2bbd7a9ebb74f3009bd65ecc650814cc0",
+      "04007ae115adaaf041691ab6b7fb8c921f99d8ed32d283d67084e80b9ad9c40c56cd98389fb0a849d9ecf7268c297b6f934061"
+      "19f40e32b5773ed25a28a9a85c4a758801a28e004e37eeaefe1f4dbb71f1878696141af3a10a9691c4ed93487214643b761fa4b"
+      "0fbeeb247cf6d3fba7a60697536ad03f49b80a9d1cb079673654977c5fa94",
+      "005c5721e96c273319fd60ecc46b5962f698e974b429f28fe6962f4ac656be2eb8674c4aafc037eab48ece612953b1e8d86101"
+      "6b6ad0c79805784c67f73ada96f351",
+      "curve: P521 vector: 5", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "01e48faacee6dec83ffcde944cf6bdf4ce4bae72747888ebafee455b1e91584971efb49127976a52f4142952f7c207ec0265f2b"
+      "718cf3ead96ea4f62c752e4f7acd3",
+      "04010eb1b4d9172bcc23f4f20cc9560fc54928c3f34ea61c00391dc766c76ed9fa608449377d1e4fadd1236025417330b4b91086"
+      "704ace3e4e6484c606e2a943478c860149413864069825ee1d0828da9f4a97713005e9bd1adbc3b38c5b946900721a960fe96ad2c"
+      "1b3a44fe3de9156136d44cb17cbc2415729bb782e16bfe2deb3069e43",
+      "04012588115e6f7f7bdcfdf57f03b169b479758baafdaf569d04135987b2ce6164c02a57685eb5276b5dae6295d3fe90620f38b55"
+      "35c6d2260c173e61eb888ca92020301542c169cf97c2596fe2ddd848a222e367c5f7e6267ebc1bcd9ab5dcf49158f1a48e4af29a89"
+      "7b7e6a82091c2db874d8e7abf0f58064691344154f396dbaed188b6",
+      "01736d9717429b4f412e903febe2f9e0fffd81355d6ce2c06ff3f66a3be15ceec6e65e308347593f00d7f33591da4043c30763d72"
+      "749f72cdceebe825e4b34ecd570",
+      "curve: P521 vector: 6", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "00c29aa223ea8d64b4a1eda27f39d3bc98ea0148dd98c1cbe595f8fd2bfbde119c9e017a50f5d1fc121c08c1cef31b75885955"
+      "6eb3e0e042d8dd6aaac57a05ca61e3",
+      "04001511c848ef60d5419a98d10204db0fe58224124370061bcfa4e9249d50618c56bf3722471b259f38263bb7b280d23caf2a"
+      "1ee8737f9371cdb2732cdc958369930c01d461681ae6d8c49b4c5f4d6016143fb1bd7491573e3ed0e6c48b82e821644f87f82f0"
+      "e5f08fd16f1f98fa17586200ab02ed8c627b35c3f27617ec5fd92f456203f",
+      "040169491d55bd09049fdf4c2a53a660480fee4c03a0538675d1cd09b5bba78dac48543ef118a1173b3fbf8b20e39ce0e6b8"
+      "90a163c50f9645b3d21d1cbb3b60a6fff40083494b2eba76910fed33c761804515011fab50e3b377abd8a8a045d886d2238d2"
+      "c268ac1b6ec88bd71b7ba78e2c33c152e4bf7da5d565e4acbecf5e92c7ad662bb",
+      "018f2ae9476c771726a77780208dedfefa205488996b18fecc50bfd4c132753f5766b2cd744afa9918606de2e016effc63622"
+      "e9029e76dc6e3f0c69f7aeced565c2c",
+      "curve: P521 vector: 7", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "0028692be2bf5c4b48939846fb3d5bce74654bb2646e15f8389e23708a1afadf561511ea0d9957d0b53453819d60fba8f65a1"
+      "8f7b29df021b1bb01cd163293acc3cc",
+      "0401cfdc10c799f5c79cb6930a65fba351748e07567993e5e410ef4cacc4cd8a25784991eb4674e41050f930c7190ac812b92"
+      "45f48a7973b658daf408822fe5b85f6680180d9ddfc9af77b9c4a6f02a834db15e535e0b3845b2cce30388301b51cecbe32763"
+      "07ef439b5c9e6a72dc2d94d879bc395052dbb4a5787d06efb280210fb8be037",
+      "04008415f5bbd0eee387d6c09d0ef8acaf29c66db45d6ba101860ae45d3c60e1e0e3f7247a4626a60fdd404965c3566c79f644"
+      "9e856ce0bf94619f97da8da24bd2cfb600fdd7c59c58c361bc50a7a5d0d36f723b17c4f2ad2b03c24d42dc50f74a8c465a0afc"
+      "4683f10fab84652dfe9e928c2626b5456453e1573ff60be1507467d431fbb2",
+      "0105a346988b92ed8c7a25ce4d79d21bc86cfcc7f99c6cd19dbb4a39f48ab943b79e4f0647348da0b80bd864b85c6b8d92536"
+      "d6aa544dc7537a00c858f8b66319e25",
+      "curve: P521 vector: 8", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "01194d1ee613f5366cbc44b504d21a0cf6715e209cd358f2dd5f3e71cc0d67d0e964168c42a084ebda746f9863a86bacffc81"
+      "9f1edf1b8c727ccfb3047240a57c435",
+      "04016bd15c8a58d366f7f2b2f298cc87b7485e9ee70d11d12448b8377c0a82c7626f67aff7f97be7a3546bf417eeeddf75a93"
+      "c130191c84108042ea2fca17fd3f80d1401560502d04b74fce1743aab477a9d1eac93e5226981fdb97a7478ce4ce566ff72439"
+      "31284fad850b0c2bcae0ddd2d97790160c1a2e77c3ed6c95ecc44b89e2637fc",
+      "0401c721eea805a5cba29f34ba5758775be0cf6160e6c08723f5ab17bf96a1ff2bd9427961a4f34b07fc0b14ca4b2bf6845de"
+      "bd5a869f124ebfa7aa72fe565050b7f1800b6e89eb0e1dcf181236f7c548fd1a8c16b258b52c1a9bfd3fe8f22841b26763265"
+      "f074c4ccf2d634ae97b701956f67a11006c52d97197d92f585f5748bc2672eeb",
+      "004531b3d2c6cd12f21604c8610e6723dbf4daf80b5a459d6ba5814397d1c1f7a21d7c114be964e27376aaebe3a7bc3d6af7"
+      "a7f8c7befb611afe487ff032921f750f",
+      "curve: P521 vector: 9", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "01fd90e3e416e98aa3f2b6afa7f3bf368e451ad9ca5bd54b5b14aee2ed6723dde5181f5085b68169b09fbec721372ccf6b"
+      "284713f9a6356b8d560a8ff78ca3737c88",
+      "0401ebea1b10d3e3b971b7efb69fc878de11c7f472e4e4d384c31b8d6288d8071517acade9b39796c7af5163bcf71aeda7"
+      "77533f382c6cf0a4d9bbb938c85f44b78037016b0e3e19c2996b2cbd1ff64730e7ca90edca1984f9b2951333535e5748baa"
+      "34a99f61ff4d5f812079e0f01e87789f34efdad8098015ee74a4f846dd190d16dc6e1",
+      "0401c35823e440a9363ab98d9fc7a7bc0c0532dc7977a79165599bf1a9cc64c00fb387b42cca365286e8430360bfad3643"
+      "bc31354eda50dc936c329ecdb60905c40fcb00d9e7f433531e44df4f6d514201cbaabb06badd6783e01111726d815531d23"
+      "3c5cdb722893ffbb2027259d594de77438809738120c6f783934f926c3fb69b40c409",
+      "0100c8935969077bae0ba89ef0df8161d975ec5870ac811ae7e65ca5394efba4f0633d41bf79ea5e5b9496bbd7aae000b05"
+      "94baa82ef8f244e6984ae87ae1ed124b7",
+      "curve: P521 vector: 10", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "009012ecfdadc85ced630afea534cdc8e9d1ab8be5f3753dcf5f2b09b40eda66fc6858549bc36e6f8df55998cfa9a0703a"
+      "ecf6c42799c245011064f530c09db98369",
+      "0400234e32be0a907131d2d128a6477e0caceb86f02479745e0fe245cb332de631c078871160482eeef584e274df7fa412c"
+      "ea3e1e91f71ecba8781d9205d48386341ad01cf86455b09b1c005cffba8d76289a3759628c874beea462f51f30bd581e380"
+      "3134307dedbb771b3334ee15be2e242cd79c3407d2f58935456c6941dd9b6d155a46",
+      "0400093057fb862f2ad2e82e581baeb3324e7b32946f2ba845a9beeed87d6995f54918ec6619b9931955d5a89d4d74adf10"
+      "46bb362192f2ef6bd3e3d2d04dd1f87054a00aa3fb2448335f694e3cda4ae0cc71b1b2f2a206fa802d7262f19983c44674f"
+      "e15327acaac1fa40424c395a6556cb8167312527fae5865ecffc14bbdc17da78cdcf",
+      "017f36af19303841d13a389d95ec0b801c7f9a679a823146c75c17bc44256e9ad422a4f8b31f14647b2c7d317b933f7c294"
+      "6c4b8abd1d56d620fab1b5ff1a3adc71f",
+      "curve: P521 vector: 11", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "01b5ff847f8eff20b88cfad42c06e58c3742f2f8f1fdfd64b539ba48c25926926bd5e332b45649c0b184f77255e9d58fe8"
+      "afa1a6d968e2cb1d4637777120c765c128",
+      "0401de3dc9263bc8c4969dc684be0eec54befd9a9f3dba194d8658a789341bf0d78d84da6735227cafaf093519516911975"
+      "73c8c360a11e5285712b8bbdf5ac91b977c00812de58cd095ec2e5a9b247eb3ed41d8bef6aeace194a7a05b65aa5d289fbc9"
+      "b1770ec84bb6be0c2c64cc37c1d54a7f5d71377a9adbe20f26f6f2b544a821ea831",
+      "040083192ed0b1cb31f75817794937f66ad91cf74552cd510cedb9fd641310422af5d09f221cad249ee814d16dd7ac84ded"
+      "9eacdc28340fcfc9c0c06abe30a2fc28cd8002212ed868c9ba0fb2c91e2c39ba93996a3e4ebf45f2852d0928c48930e875c"
+      "c7b428d0e7f3f4d503e5d60c68cb49b13c2480cd486bed9200caddaddfe4ff8e3562",
+      "00062f9fc29ae1a68b2ee0dcf956cbd38c88ae5f645eaa546b00ebe87a7260bf724be20d34b9d02076655c933d056b21e30"
+      "4c24ddb1dedf1dd76de611fc4a2340336",
+      "curve: P521 vector: 12", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "011a6347d4e801c91923488354cc533e7e35fddf81ff0fb7f56bb0726e0c29ee5dcdc5f394ba54cf57269048aab6e055895c"
+      "8da24b8b0639a742314390cc04190ed6",
+      "0400fe30267f33ba5cdefc25cbb3c9320dad9ccb1d7d376644620ca4fadee5626a3cede25ad254624def727a7048f7145f761"
+      "62aa98042f9b123b2076f8e8cf59b3fdf001145dc6631953b6e2945e94301d6cbb098fe4b04f7ee9b09411df104dc82d7d79e"
+      "c46a01ed0f2d3e7db6eb680694bdeb107c1078aec6cabd9ebee3d342fe7e54df",
+      "0401a89b636a93e5d2ba6c2292bf23033a84f06a3ac1220ea71e806afbe097a804cc67e9baa514cfb6c12c9194be30212bf7a"
+      "ae7fdf6d376c212f0554e656463ffab7e0182efcaf70fc412d336602e014da47256a0b606f2addcce8053bf817ac8656bb4e4"
+      "2f14c8cbf2a68f488ab35dcdf64056271dee1f606a440ba4bd4e5a11b8b8e54f",
+      "0128ab09bfec5406799e610f772ba17e892249fa8e0e7b18a04b9197034b250b48294f1867fb9641518f92766066a07a8b917"
+      "b0e76879e1011e51ccbd9f540c54d4f",
+      "curve: P521 vector: 13", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "0022b6d2a22d71dfaa811d2d9f9f31fbed27f2e1f3d239538ddf3e4cc8c39a330266db25b7bc0a9704f17bde7f3592bf5f1f2d"
+      "4b56013aacc3d8d1bc02f00d3146cc",
+      "0400ba38cfbf9fd2518a3f61d43549e7a6a6d28b2be57ffd3e0faceb636b34ed17e044a9f249dae8fc132e937e2d9349cd2ed7"
+      "7bb1049ceb692a2ec5b17ad61502a64c001ec91d3058573fa6c0564a02a1a010160c313bc7c73510dc983e5461682b5be00dbc"
+      "e7e2c682ad73f29ca822cdc111f68fabe33a7b384a648342c3cdb9f050bcdb",
+      "04017200b3f16a68cbaed2bf78ba8cddfb6cffac262bba00fbc25f9dc72a07ce59372904899f364c44cb264c097b647d4412be"
+      "e3e519892d534d9129f8a28f7500fee700baba8d672a4f4a3b63de48b96f56e18df5d68f7d70d5109833f43770d6732e06b39ad"
+      "60d93e5b43db8789f1ec0aba47286a39ea584235acea757dbf13d53b58364",
+      "0101e462e9d9159968f6440e956f11dcf2227ae4aea81667122b6af9239a291eb5d6cf5a4087f358525fcacfa46bb2db01a75a"
+      "f1ba519b2d31da33eda87a9d565748",
+      "curve: P521 vector: 14", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "005bacfff268acf6553c3c583b464ea36a1d35e2b257a5d49eb3419d5a095087c2fb4d15cf5bf5af816d0f3ff7586490ccd3ddc1"
+      "a98b39ce63749c6288ce0dbdac7d",
+      "040036e488da7581472a9d8e628c58d6ad727311b7e6a3f6ae33a8544f34b09280249020be7196916fafd90e2ec54b66b5468d23"
+      "61b99b56fa00d7ac37abb8c6f16653011edb9fb8adb6a43f4f5f5fdc1421c9fe04fc8ba46c9b66334e3af927c8befb4307104f299"
+      "acec4e30f812d9345c9720d19869dbfffd4ca3e7d2713eb5fc3f42615",
+      "04004efd5dbd2f979e3831ce98f82355d6ca14a5757842875882990ab85ab9b7352dd6b9b2f4ea9a1e95c3880d65d1f3602f9ca6"
+      "53dc346fac858658d75626f4d4fb080061cf15dbdaa7f31589c98400373da284506d70c89f074ed262a9e28140796b7236c2eef99"
+      "016085e71552ff488c72b7339fefb7915c38459cb20ab85aec4e45052",
+      "0141d6a4b719ab67eaf04a92c0a41e2dda78f4354fb90bdc35202cc7699b9b04d49616f82255debf7bbec045ae58f982a66905fc"
+      "fae69d689785e38c868eb4a27e7b",
+      "curve: P521 vector: 15", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "008e2c93c5423876223a637cad367c8589da69a2d0fc68612f31923ae50219df2452e7cc92615b67f17b57ffd2f52b19154bb40"
+      "d7715336420fde2e89fee244f59dc",
+      "0400fa3b35118d6c422570f724a26f90b2833b19239174cea081c53133f64db60d6940ea1261299c04c1f4587cdb0c4c39616"
+      "479c1bb0c146799a118032dcf98f899c00069f040229006151fa32b51f679c8816f7c17506b403809dc77cd58a2aec430d94d"
+      "13b6c916de99f355aa45fcfbc6853d686c71be496a067d24bfaea4818fc51f75",
+      "040129891de0cf3cf82e8c2cf1bf90bb296fe00ab08ca45bb7892e0e227a504fdd05d2381a4448b68adff9c4153c87eacb783"
+      "30d8bd52515f9f9a0b58e85f446bb4e10009edd679696d3d1d0ef327f200383253f6413683d9e4fcc87bb35f112c2f110098d"
+      "15e5701d7ceee416291ff5fed85e687f727388b9afe26a4f6feed560b218e6bb",
+      "00345e26e0abb1aac12b75f3a9cf41efe1c336396dffa4a067a4c2cfeb878c68b2b045faa4e5b4e6fa4678f5b603c351903b1"
+      "4bf9a6a70c439257199a640890b61d1",
+      "curve: P521 vector: 16", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "0004d49d39d40d8111bf16d28c5936554326b197353eebbcf47545393bc8d3aaf98f14f5be7074bfb38e6cc97b989754074da"
+      "ddb3045f4e4ce745669fdb3ec0d5fa8",
+      "04012ec226d050ce07c79b3df4d0f0891f9f7adf462e8c98dbc1a2a14f5e53a3f5ad894433587cc429a8be9ea1d84fa33b180"
+      "3690dae04da7218d30026157fc995cf52004837dfbf3426f57b5c793269130abb9a38f618532211931154db4eeb9aede88e57"
+      "290f842ea0f2ea9a5f74c6203a3920fe4e305f6118f676b154e1d75b9cb5eb88",
+      "0401a3c20240e59f5b7a3e17c275d2314ba1741210ad58b71036f8c83cc1f6b0f409dfdd9113e94b67ec39c3291426c23ffc"
+      "c447054670d2908ff8fe67dc2306034c5c01d2825bfd3af8b1e13205780c137fe938f84fde40188e61ea02cead81badfdb425"
+      "c29f7d7fb0324debadc10bbb93de68f62c35069268283f5265865db57a79f7bf7",
+      "006fe9de6fb8e672e7fd150fdc5e617fabb0d43906354ccfd224757c7276f7a1010091b17ed072074f8d10a5ec971eb35a5c"
+      "b7076603b7bc38d432cbc059f80f9488",
+      "curve: P521 vector: 17", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "011a5d1cc79cd2bf73ea106f0e60a5ace220813b53e27b739864334a07c03367efda7a4619fa6eef3a9746492283b3c445610"
+      "a023a9cc49bf4591140384fca5c8bb5",
+      "0400eb07c7332eedb7d3036059d35f7d2288d4377d5f42337ad3964079fb120ccd4c8bd384b585621055217023acd9a94fcb3"
+      "b965bfb394675e788ade41a1de73e620c00491a835de2e6e7deb7e090f4a11f2c460c0b1f3d5e94ee8d751014dc720784fd3b"
+      "54500c86ebaef18429f09e8e876d5d1538968a030d7715dde99f0d8f06e29d59",
+      "04007e2d138f2832e345ae8ff65957e40e5ec7163f016bdf6d24a2243daa631d878a4a16783990c722382130f9e51f0c1bd6"
+      "ff5ac96780e48b68f5dec95f42e6144bb500b0de5c896791f52886b0f09913e26e78dd0b69798fc4df6d95e3ca708ecbcbcce1c1895f"
+      "5561bbabaae372e9e67e6e1a3be60e19b470cdf673ec1fc393d3426e20",
+      "01e4e759ecedce1013baf73e6fcc0b92451d03bdd50489b78871c333114990c9ba6a9b2fc7b1a2d9a1794c1b60d9279af6f"
+      "146f0bbfb0683140403bfa4ccdb524a29",
+      "curve: P521 vector: 18", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "010c908caf1be74c616b625fc8c1f514446a6aec83b5937141d6afbb0a8c7666a7746fa1f7a6664a2123e8cdf6cd8bf836c5"
+      "6d3c0ebdcc980e43a186f938f3a78ae7",
+      "040031890f4c7abec3f723362285d77d2636f876817db3bbc88b01e773597b969ff6f013ea470c854ab4a7739004eb8cbea6"
+      "9b82ddf36acadd406871798ecb2ac3aa7f00d8b429ae3250266b9643c0c765a60dc10155bc2531cf8627296f4978b6640a9e"
+      "600e19d0037d58503fa80799546a814d7478a550aa90e5ebeb052527faaeae5d08",
+      "0400118c36022209b1af8ebad1a12b566fc48744576e1199fe80de1cdf851cdf03e5b9091a8f7e079e83b7f827259b691d0"
+      "c22ee29d6bdf73ec7bbfd746f2cd97a357d00da5ff4904548a342e2e7ba6a1f4ee5f840411a96cf63e6fe622f22c13e614e"
+      "0a847c11a1ab3f1d12cc850c32e095614ca8f7e2721477b486e9ff40372977c3f65c",
+      "0163c9191d651039a5fe985a0eea1eba018a40ab1937fcd2b61220820ee8f2302e9799f6edfc3f5174f369d672d377ea895"
+      "4a8d0c8b851e81a56fda95212a6578f0e",
+      "curve: P521 vector: 19", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "01b37d6b7288de671360425d3e5ac1ccb21815079d8d73431e9b74a6f0e7ae004a357575b11ad66642ce8b775593eba9d98"
+      "bf25c75ef0b4d3a2098bbc641f59a2b77",
+      "0400189a5ee34de7e35aefeaeef9220c18071b4c29a4c3bd9d954458bd3e82a7a34da34cff5579b8101c065b1f2f527cf45"
+      "81501e28ef5671873e65267733d003520af01eb4bc50a7b4d4599d7e3fa773ddb9eb252c9b3422872e544bdf75c7bf60f51"
+      "66ddc11eb08fa7c30822dabaee373ab468eb2d922e484e2a527fff2ebb804b7d9a37",
+      "0401780edff1ca1c03cfbe593edc6c049bcb2860294a92c355489d9afb2e702075ade1c953895a456230a0cde905de4a3f"
+      "38573dbfcccd67ad6e7e93f0b5581e926a5d00a5481962c9162962e7f0ebdec936935d0eaa813e8226d40d7f6119bfd940"
+      "602380c86721e61db1830f51e139f210000bcec0d8edd39e54d73a9a129f95cd5fa979",
+      "015d613e267a36342e0d125cdad643d80d97ed0600afb9e6b9545c9e64a98cc6da7c5aaa3a8da0bdd9dd3b97e9788218a8"
+      "0abafc106ef065c8f1c4e1119ef58d298b",
+      "curve: P521 vector: 20", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "00f2661ac762f60c5fff23be5d969ccd4ec6f98e4e72618d12bdcdb9b4102162333788c0bae59f91cdfc172c7a1681ee44d9"
+      "6ab2135a6e5f3415ebbcd55165b1afb0",
+      "0400a8e25a6902d687b4787cdc94c364ac7cecc5c495483ed363dc0aa95ee2bd739c4c4d46b17006c728b076350d7d7e54c"
+      "6822f52f47162a25109aaaba690cab696ec0168d2f08fe19e4dc9ee7a195b03c9f7fe6676f9f520b6270557504e72ca4394"
+      "a2c6918625e15ac0c51b8f95cd560123653fb8e8ee6db961e2c4c62cc54e92e2a2a9",
+      "04016dacffa183e5303083a334f765de724ec5ec9402026d4797884a9828a0d321a8cfac74ab737fe20a7d6befcfc73b6a3"
+      "5c1c7b01d373e31abc192d48a4241a35803011e5327cac22d305e7156e559176e19bee7e4f2f59e86f1a9d0b6603b6a7df"
+      "1069bde6387feb71587b8ffce5b266e1bae86de29378a34e5c74b6724c4d40a719923",
+      "014d6082a3b5ced1ab8ca265a8106f302146c4acb8c30bb14a4c991e3c82a9731288bdb91e0e85bda313912d06384fc44"
+      "f2153fb13506fa9cf43c9aab5750988c943",
+      "curve: P521 vector: 21", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "00f430ca1261f09681a9282e9e970a9234227b1d5e58d558c3cc6eff44d1bdf53de16ad5ee2b18b92d62fc79586116b0e"
+      "fc15f79340fb7eaf5ce6c44341dcf8dde27",
+      "04006c1d9b5eca87de1fb871a0a32f807c725adccde9b3967453a71347d608f0c030cd09e338cdecbf4a02015bc8a6e8"
+      "d3e2595fe773ffc2fc4e4a55d0b1a2cc00323b01141b2109e7f4981c952aa818a2b9f6f5c41feccdb7a7a45b9b4b6729"
+      "37771b008cae5f934dfe3fed10d383ab1f38769c92ce88d9be5414817ecb073a31ab368ccb",
+      "0400a091421d3703e3b341e9f1e7d58f8cf7bdbd1798d001967b801d1cec27e605c580b2387c1cb464f55ce7ac803341"
+      "02ab03cfb86d88af76c9f4129c01bedd3bbfc4008c9c577a8e6fc446815e9d40baa66025f15dae285f19eb668ee60ae9"
+      "c98e7ecdbf2b2a68e22928059f67db188007161d3ecf397e0883f0c4eb7eaf7827a62205cc",
+      "0020c00747cb8d492fd497e0fec54644bf027d418ab686381f109712a99cabe328b9743d2225836f9ad66e5d7fed1de2"
+      "47e0da92f60d5b31f9e47672e57f710598f4",
+      "curve: P521 vector: 22", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "005dc33aeda03c2eb233014ee468dff753b72f73b00991043ea353828ae69d4cd0fadeda7bb278b535d7c57406ff2e6e"
+      "473a5a4ff98e90f90d6dadd25100e8d85666",
+      "0400c825ba307373cec8dd2498eef82e21fd9862168dbfeb83593980ca9f82875333899fe94f137daf1c4189eb502937"
+      "c3a367ea7951ed8b0f3377fcdf2922021d46a5016b8a2540d5e65493888bc337249e67c0a68774f3e8d81e3b4574a012"
+      "5165f0bd58b8af9de74b35832539f95c3cd9f1b759408560aa6851ae3ac7555347b0d3b13b",
+      "04004f38816681771289ce0cb83a5e29a1ab06fc91f786994b23708ff08a08a0f675b809ae99e9f9967eb1a49f196057"
+      "d69e50d6dedb4dd2d9a81c02bdcc8f7f518460009efb244c8b91087de1eed766500f0e81530752d469256ef79f6b965d"
+      "8a2232a0c2dbc4e8e1d09214bab38485be6e357c4200d073b52f04e4a16fc6f5247187aecb",
+      "00c2bfafcd7fbd3e2fd1c750fdea61e70bd4787a7e68468c574ee99ebc47eedef064e8944a73bcb7913dbab5d93dca6"
+      "60d216c553622362794f7a2acc71022bdb16f",
+      "curve: P521 vector: 23", ec_field_GFp },
+
+    { ECCurve_NIST_P521, 1,
+      "00df14b1f1432a7b0fb053965fd8643afee26b2451ecb6a8a53a655d5fbe16e4c64ce8647225eb11e7fdcb23627471"
+      "dffc5c2523bd2ae89957cba3a57a23933e5a78",
+      "04004e8583bbbb2ecd93f0714c332dff5ab3bc6396e62f3c560229664329baa5138c3bb1c36428abd4e23d17fcb7"
+      "a2cfcc224b2e734c8941f6f121722d7b6b9415457601cf0874f204b0363f020864672fadbf87c8811eb147758b254b"
+      "74b14fae742159f0f671a018212bbf25b8519e126d4cad778cfff50d288fd39ceb0cac635b175ec0",
+      "0401a32099b02c0bd85371f60b0dd20890e6c7af048c8179890fda308b359dbbc2b7a832bb8c6526c4af99a7ea3f0"
+      "b3cb96ae1eb7684132795c478ad6f962e4a6f446d017627357b39e9d7632a1370b3e93c1afb5c851b910eb4ead0c9"
+      "d387df67cde85003e0e427552f1cd09059aad0262e235cce5fba8cedc4fdc1463da76dcd4b6d1a46",
+      "01aaf24e5d47e4080c18c55ea35581cd8da30f1a079565045d2008d51b12d0abb4411cda7a0785b15d149ed301a36"
+      "97062f42da237aa7f07e0af3fd00eb1800d9c41",
+      "curve: P521 vector: 24", ec_field_GFp },
+
+    { ECCurve_pastLastCurve, 0, NULL, NULL, NULL, NULL, NULL, 0 }
+};
+
+static ECDH_KAT nonnist_testvecs[] = {
+    { ECCurve25519, 1,
+      "a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4",
+      NULL,
+      "e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c",
+      "c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552",
+      "curve: 25519 vector: 0", ec_field_plain },
+    { ECCurve25519, 1,
+      "4b66e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba0d",
+      NULL,
+      "e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a493",
+      "95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957",
+      "curve: 25519 vector: 1", ec_field_plain },
+    { ECCurve25519, 1,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      NULL,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      "422c8e7a6227d7bca1350b3e2bb7279f7897b87bb6854b783c60e80311ae3079",
+      "curve: 25519 vector: 2", ec_field_plain },
+    { ECCurve25519, 1000,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      NULL,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      "684cf59ba83309552800ef566f2f4d3c1c3887c49360e3875f2eb94d99532c51",
+      "curve: 25519 vector: 1000 iterations", ec_field_plain },
+#ifdef NSS_ENABLE_EXPENSIVE_TESTS
+    /* This test is disabled by default because it takes a very long time
+       * to run. */
+    { ECCurve25519, 1000000,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      NULL,
+      "0900000000000000000000000000000000000000000000000000000000000000",
+      "7c3911e0ab2586fd864497297e575e6f3bc601c0883c30df5f4dd2d24f665424",
+      "curve: 25519 vector: 1000000 iterations", ec_field_plain },
+#endif
+    { ECCurve25519, 1,
+      "174a56a75017c029e0861044d3c57c291823cf477ae6e21065cc121578bfa893",
+      NULL,
+      "7bd8396462a5788951caf3d3a28cb0904e4d081e62e6ac2d9da7152eb1310f30",
+      "28c09f6be3666a6ab3bf8f5b03eec14e95505e32726ae887053ce6a2061a9656",
+      "curve: 25519 custom vector 1", ec_field_plain },
+    { ECCurve25519, 1,
+      "577a2a7fcdacd4ccf7d7f81ba93ec83ae4bda32bec00ff7d59c294b69404f688",
+      NULL,
+      "a43b5491cbd9273abf694115f383fabe3bdc5f2baa30d2e00e43b6937a75cc5d",
+      "4aed703c32552576ca0b30a3fab53242e1eea29ddec993219d3c2b3c3e59b735",
+      "curve: 25519 custom vector 1", ec_field_plain },
+
+    { ECCurve_pastLastCurve, 0, NULL, NULL, NULL, NULL, NULL, 0 }
+};
+
+static ECDH_BAD nonnist_testvecs_bad_values[] = {
+    { ECCurve25519, "00", "curve: 25519 vector: 0 bad point", ec_field_plain },
+    { ECCurve25519,
+      "0100000000000000000000000000000000000000000000000000000000000000",
+      "curve: 25519 vector: 1 bad point", ec_field_plain },
+    { ECCurve25519,
+      "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b8",
+      "curve: 25519 vector: 2 bad point", ec_field_plain },
+    { ECCurve25519,
+      "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157",
+      "curve: 25519 vector: 3 bad point", ec_field_plain },
+    { ECCurve25519,
+      "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+      "curve: 25519 vector: 4 bad point", ec_field_plain },
+    { ECCurve25519,
+      "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+      "curve: 25519 vector: 5 bad point", ec_field_plain },
+    { ECCurve25519,
+      "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f",
+      "curve: 25519 vector: 6 bad point", ec_field_plain },
+    { ECCurve25519,
+      "cdeb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880",
+      "curve: 25519 vector: 7 bad point", ec_field_plain },
+    { ECCurve25519,
+      "4c9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7",
+      "curve: 25519 vector: 8 bad point", ec_field_plain },
+    { ECCurve25519,
+      "d9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "curve: 25519 vector: 9 bad point", ec_field_plain },
+    { ECCurve25519,
+      "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "curve: 25519 vector: 10 bad point", ec_field_plain },
+    { ECCurve25519,
+      "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+      "curve: 25519 vector: 11 bad point", ec_field_plain },
+
+    { ECCurve_pastLastCurve, 0, NULL, 0 }
+};
diff --git a/nss/cmd/fipstest/Makefile b/nss/cmd/fipstest/Makefile
new file mode 100755
index 0000000..2cf5c05
--- /dev/null
+++ b/nss/cmd/fipstest/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \
+#	-always-use-cache-dir $(CC)
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/fipstest/aes.sh b/nss/cmd/fipstest/aes.sh
new file mode 100644
index 0000000..7e25e60
--- /dev/null
+++ b/nss/cmd/fipstest/aes.sh
@@ -0,0 +1,112 @@
+#!/bin/sh
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+#
+# A Bourne shell script for running the NIST AES Algorithm Validation Suite
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/AES
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+cbc_kat_requests="
+CBCGFSbox128.req
+CBCGFSbox192.req
+CBCGFSbox256.req
+CBCKeySbox128.req
+CBCKeySbox192.req
+CBCKeySbox256.req
+CBCVarKey128.req
+CBCVarKey192.req
+CBCVarKey256.req
+CBCVarTxt128.req
+CBCVarTxt192.req
+CBCVarTxt256.req
+"
+
+cbc_mct_requests="
+CBCMCT128.req
+CBCMCT192.req
+CBCMCT256.req
+"
+
+cbc_mmt_requests="
+CBCMMT128.req
+CBCMMT192.req
+CBCMMT256.req
+"
+
+ecb_kat_requests="
+ECBGFSbox128.req
+ECBGFSbox192.req
+ECBGFSbox256.req
+ECBKeySbox128.req
+ECBKeySbox192.req
+ECBKeySbox256.req
+ECBVarKey128.req
+ECBVarKey192.req
+ECBVarKey256.req
+ECBVarTxt128.req
+ECBVarTxt192.req
+ECBVarTxt256.req
+"
+
+ecb_mct_requests="
+ECBMCT128.req
+ECBMCT192.req
+ECBMCT256.req
+"
+
+ecb_mmt_requests="
+ECBMMT128.req
+ECBMMT192.req
+ECBMMT256.req
+"
+
+if [ ${COMMAND} = "verify" ]; then
+    for request in $cbc_kat_requests $cbc_mct_requests $cbc_mmt_requests $ecb_kat_requests $ecb_mct_requests $ecb_mmt_requests; do
+	sh ./validate1.sh ${TESTDIR} $request
+    done
+    exit 0
+fi
+
+for request in $cbc_kat_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes kat cbc ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $cbc_mct_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes mct cbc ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $cbc_mmt_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes mmt cbc ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $ecb_kat_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes kat ecb ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $ecb_mct_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes mct ecb ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $ecb_mmt_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes mmt ecb ${REQDIR}/$request > ${RSPDIR}/$response
+done
diff --git a/nss/cmd/fipstest/aesgcm.sh b/nss/cmd/fipstest/aesgcm.sh
new file mode 100644
index 0000000..3b4dcf5
--- /dev/null
+++ b/nss/cmd/fipstest/aesgcm.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST AES Algorithm Validation Suite
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/AES_GCM
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+gcm_decrypt_requests="
+gcmDecrypt128.req
+gcmDecrypt192.req
+gcmDecrypt256.req
+"
+
+gcm_encrypt_extiv_requests="
+gcmEncryptExtIV128.req
+gcmEncryptExtIV192.req
+gcmEncryptExtIV256.req
+"
+gcm_encrypt_intiv_requests="
+"
+
+#gcm_encrypt_intiv_requests="
+#gcmEncryptIntIV128.req
+#gcmEncryptIntIV192.req
+#gcmEncryptIntIV256.req
+#"
+
+if [ ${COMMAND} = "verify" ]; then
+    for request in $gcm_decrypt_requests $gcm_encrypt_extiv_requests; do
+	sh ./validate1.sh ${TESTDIR} $request ' ' '-e /Reason:/d'
+    done
+    for request in $gcm_encrypt_intiv_requests; do
+	name=`basename $request .req`
+    	echo ">>>>>  $name"
+        fipstest aes gcm decrypt ${RSPDIR}/$name.rsp | grep FAIL
+    done
+    exit 0
+fi
+
+for request in $gcm_decrypt_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes gcm decrypt ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $gcm_encrypt_intiv_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes gcm encrypt_intiv ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $gcm_encrypt_extiv_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest aes gcm encrypt_extiv ${REQDIR}/$request > ${RSPDIR}/$response
+done
diff --git a/nss/cmd/fipstest/dsa.sh b/nss/cmd/fipstest/dsa.sh
new file mode 100755
index 0000000..da18e1f
--- /dev/null
+++ b/nss/cmd/fipstest/dsa.sh
@@ -0,0 +1,71 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST DSA Validation System
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/DSA2
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+
+#
+# several of the DSA tests do use known answer tests to verify the result.
+# in those cases, feed generated tests back into the fipstest tool and
+# see if we can verify those value. NOTE: th PQGVer and SigVer tests verify
+# the dsa pqgver and dsa sigver functions, so we know they can detect errors
+# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular.
+#
+if [ ${COMMAND} = "verify" ]; then
+# verify generated keys
+    name=KeyPair
+    echo ">>>>>  $name"
+    fipstest dsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F
+# verify generated pqg values
+    name=PQGGen
+    echo ">>>>>  $name"
+    fipstest dsa pqgver ${RSPDIR}/$name.rsp | grep ^Result.=.F
+# verify PQGVer with known answer
+#    sh ./validate1.sh ${TESTDIR} PQGVer.req ' ' '-e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;'
+# verify signatures
+    name=SigGen
+    echo ">>>>>  $name"
+    fipstest dsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F
+# verify SigVer with known answer
+    sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);;'
+    exit 0
+fi
+
+request=KeyPair.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest dsa keypair ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=PQGGen.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest dsa pqggen ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=PQGVer1863.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest dsa pqgver ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=SigGen.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest dsa siggen ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=SigVer.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest dsa sigver ${REQDIR}/$request > ${RSPDIR}/$response
diff --git a/nss/cmd/fipstest/ecdsa.sh b/nss/cmd/fipstest/ecdsa.sh
new file mode 100644
index 0000000..9482160
--- /dev/null
+++ b/nss/cmd/fipstest/ecdsa.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST ECDSA Validation System
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/ECDSA2
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+#
+# several of the ECDSA tests do not use known answer tests to verify the result.
+# In those cases, feed generated tests back into the fipstest tool and
+# see if we can verify those value. NOTE:  PQGVer and SigVer tests verify
+# the dsa pqgver and dsa sigver functions, so we know they can detect errors
+# in those PQGGen and SigGen. Only the KeyPair verify is potentially circular.
+#
+if [ ${COMMAND} = "verify" ]; then
+# verify generated keys
+    name=KeyPair
+    echo ">>>>>  $name"
+    fipstest ecdsa keyver ${RSPDIR}/$name.rsp | grep ^Result.=.F
+    sh ./validate1.sh ${TESTDIR} PKV.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;'
+# verify signatures
+    name=SigGen
+    echo ">>>>>  $name"
+    fipstest ecdsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F
+# verify SigVer with known answer
+    sh ./validate1.sh ${TESTDIR} SigVer.req ' ' '-e /^X.=/d -e /^Result.=.F/s;.(.*);; -e /^Result.=.P/s;.(.*);;'
+    exit 0
+fi
+
+request=KeyPair.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest ecdsa keypair ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=PKV.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest ecdsa pkv ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=SigGen.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest ecdsa siggen ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=SigVer.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest ecdsa sigver ${REQDIR}/$request > ${RSPDIR}/$response
diff --git a/nss/cmd/fipstest/fipstest.c b/nss/cmd/fipstest/fipstest.c
new file mode 100644
index 0000000..ab73e42
--- /dev/null
+++ b/nss/cmd/fipstest/fipstest.c
@@ -0,0 +1,6137 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#include "secitem.h"
+#include "blapi.h"
+#include "nssutil.h"
+#include "secerr.h"
+#include "secder.h"
+#include "secdig.h"
+#include "secoid.h"
+#include "ec.h"
+#include "hasht.h"
+#include "lowkeyi.h"
+#include "softoken.h"
+#include "pkcs11t.h"
+#define __PASTE(x, y) x##y
+#undef CK_PKCS11_FUNCTION_INFO
+#undef CK_NEED_ARG_LIST
+#define CK_EXTERN extern
+#define CK_PKCS11_FUNCTION_INFO(func) \
+    CK_RV __PASTE(NS, func)
+#define CK_NEED_ARG_LIST 1
+#include "pkcs11f.h"
+#undef CK_PKCS11_FUNCTION_INFO
+#undef CK_NEED_ARG_LIST
+#undef __PASTE
+#define SSL3_RANDOM_LENGTH 32
+
+#if 0
+#include "../../lib/freebl/mpi/mpi.h"
+#endif
+
+#ifndef NSS_DISABLE_ECC
+extern SECStatus
+EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams);
+extern SECStatus
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+              const ECParams *srcParams);
+#endif
+
+#define ENCRYPT 1
+#define DECRYPT 0
+#define BYTE unsigned char
+#define DEFAULT_RSA_PUBLIC_EXPONENT 0x10001
+#define RSA_MAX_TEST_MODULUS_BITS 4096
+#define RSA_MAX_TEST_MODULUS_BYTES RSA_MAX_TEST_MODULUS_BITS / 8
+#define RSA_MAX_TEST_EXPONENT_BYTES 8
+#define PQG_TEST_SEED_BYTES 20
+
+SECStatus
+hex_to_byteval(const char *c2, unsigned char *byteval)
+{
+    int i;
+    unsigned char offset;
+    *byteval = 0;
+    for (i = 0; i < 2; i++) {
+        if (c2[i] >= '0' && c2[i] <= '9') {
+            offset = c2[i] - '0';
+            *byteval |= offset << 4 * (1 - i);
+        } else if (c2[i] >= 'a' && c2[i] <= 'f') {
+            offset = c2[i] - 'a';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else if (c2[i] >= 'A' && c2[i] <= 'F') {
+            offset = c2[i] - 'A';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+byteval_to_hex(unsigned char byteval, char *c2, char a)
+{
+    int i;
+    unsigned char offset;
+    for (i = 0; i < 2; i++) {
+        offset = (byteval >> 4 * (1 - i)) & 0x0f;
+        if (offset < 10) {
+            c2[i] = '0' + offset;
+        } else {
+            c2[i] = a + offset - 10;
+        }
+    }
+    return SECSuccess;
+}
+
+void
+to_hex_str(char *str, const unsigned char *buf, unsigned int len)
+{
+    unsigned int i;
+    for (i = 0; i < len; i++) {
+        byteval_to_hex(buf[i], &str[2 * i], 'a');
+    }
+    str[2 * len] = '\0';
+}
+
+void
+to_hex_str_cap(char *str, const unsigned char *buf, unsigned int len)
+{
+    unsigned int i;
+    for (i = 0; i < len; i++) {
+        byteval_to_hex(buf[i], &str[2 * i], 'A');
+    }
+    str[2 * len] = '\0';
+}
+
+/*
+ * Convert a string of hex digits (str) to an array (buf) of len bytes.
+ * Return PR_TRUE if the hex string can fit in the byte array.  Return
+ * PR_FALSE if the hex string is empty or is too long.
+ */
+PRBool
+from_hex_str(unsigned char *buf, unsigned int len, const char *str)
+{
+    unsigned int nxdigit; /* number of hex digits in str */
+    unsigned int i;       /* index into buf */
+    unsigned int j;       /* index into str */
+
+    /* count the hex digits */
+    nxdigit = 0;
+    for (nxdigit = 0; isxdigit(str[nxdigit]); nxdigit++) {
+        /* empty body */
+    }
+    if (nxdigit == 0) {
+        return PR_FALSE;
+    }
+    if (nxdigit > 2 * len) {
+        /*
+         * The input hex string is too long, but we allow it if the
+         * extra digits are leading 0's.
+         */
+        for (j = 0; j < nxdigit - 2 * len; j++) {
+            if (str[j] != '0') {
+                return PR_FALSE;
+            }
+        }
+        /* skip leading 0's */
+        str += nxdigit - 2 * len;
+        nxdigit = 2 * len;
+    }
+    for (i = 0, j = 0; i < len; i++) {
+        if (2 * i < 2 * len - nxdigit) {
+            /* Handle a short input as if we padded it with leading 0's. */
+            if (2 * i + 1 < 2 * len - nxdigit) {
+                buf[i] = 0;
+            } else {
+                char tmp[2];
+                tmp[0] = '0';
+                tmp[1] = str[j];
+                hex_to_byteval(tmp, &buf[i]);
+                j++;
+            }
+        } else {
+            hex_to_byteval(&str[j], &buf[i]);
+            j += 2;
+        }
+    }
+    return PR_TRUE;
+}
+
+SECStatus
+tdea_encrypt_buf(
+    int mode,
+    const unsigned char *key,
+    const unsigned char *iv,
+    unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
+    const unsigned char *input, unsigned int inputlen)
+{
+    SECStatus rv = SECFailure;
+    DESContext *cx;
+    unsigned char doublecheck[8 * 20]; /* 1 to 20 blocks */
+    unsigned int doublechecklen = 0;
+
+    cx = DES_CreateContext(key, iv, mode, PR_TRUE);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = DES_Encrypt(cx, output, outputlen, maxoutputlen, input, inputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (*outputlen != inputlen) {
+        goto loser;
+    }
+    DES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+
+    /*
+     * Doublecheck our result by decrypting the ciphertext and
+     * compare the output with the input plaintext.
+     */
+    cx = DES_CreateContext(key, iv, mode, PR_FALSE);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = DES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
+                     output, *outputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (doublechecklen != *outputlen) {
+        goto loser;
+    }
+    DES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+    if (memcmp(doublecheck, input, inputlen) != 0) {
+        goto loser;
+    }
+    rv = SECSuccess;
+
+loser:
+    if (cx != NULL) {
+        DES_DestroyContext(cx, PR_TRUE);
+    }
+    return rv;
+}
+
+SECStatus
+tdea_decrypt_buf(
+    int mode,
+    const unsigned char *key,
+    const unsigned char *iv,
+    unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
+    const unsigned char *input, unsigned int inputlen)
+{
+    SECStatus rv = SECFailure;
+    DESContext *cx;
+    unsigned char doublecheck[8 * 20]; /* 1 to 20 blocks */
+    unsigned int doublechecklen = 0;
+
+    cx = DES_CreateContext(key, iv, mode, PR_FALSE);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = DES_Decrypt(cx, output, outputlen, maxoutputlen,
+                     input, inputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (*outputlen != inputlen) {
+        goto loser;
+    }
+    DES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+
+    /*
+     * Doublecheck our result by encrypting the plaintext and
+     * compare the output with the input ciphertext.
+     */
+    cx = DES_CreateContext(key, iv, mode, PR_TRUE);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = DES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
+                     output, *outputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (doublechecklen != *outputlen) {
+        goto loser;
+    }
+    DES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+    if (memcmp(doublecheck, input, inputlen) != 0) {
+        goto loser;
+    }
+    rv = SECSuccess;
+
+loser:
+    if (cx != NULL) {
+        DES_DestroyContext(cx, PR_TRUE);
+    }
+    return rv;
+}
+
+/*
+ * Perform the TDEA Known Answer Test (KAT) or Multi-block Message
+ * Test (MMT) in ECB or CBC mode.  The KAT (there are five types)
+ * and MMT have the same structure: given the key and IV (CBC mode
+ * only), encrypt the given plaintext or decrypt the given ciphertext.
+ * So we can handle them the same way.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+tdea_kat_mmt(char *reqfn)
+{
+    char buf[180]; /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "CIPHERTEXT = <180 hex digits>\n".
+                         */
+    FILE *req;     /* input stream from the REQUEST file */
+    FILE *resp;    /* output stream to the RESPONSE file */
+    int i, j;
+    int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */
+    int crypt = DECRYPT;     /* 1 means encrypt, 0 means decrypt */
+    unsigned char key[24];   /* TDEA 3 key bundle */
+    unsigned int numKeys = 0;
+    unsigned char iv[8];             /* for all modes except ECB */
+    unsigned char plaintext[8 * 20]; /* 1 to 20 blocks */
+    unsigned int plaintextlen;
+    unsigned char ciphertext[8 * 20]; /* 1 to 20 blocks */
+    unsigned int ciphertextlen;
+    SECStatus rv;
+
+    req = fopen(reqfn, "r");
+    resp = stdout;
+    while (fgets(buf, sizeof buf, req) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, resp);
+            continue;
+        }
+        /* [ENCRYPT] or [DECRYPT] */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "ENCRYPT", 7) == 0) {
+                crypt = ENCRYPT;
+            } else {
+                crypt = DECRYPT;
+            }
+            fputs(buf, resp);
+            continue;
+        }
+        /* NumKeys */
+        if (strncmp(&buf[0], "NumKeys", 7) == 0) {
+            i = 7;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            numKeys = buf[i];
+            fputs(buf, resp);
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            /* mode defaults to ECB, if dataset has IV mode will be set CBC */
+            mode = NSS_DES_EDE3;
+            /* zeroize the variables for the test with this data set */
+            memset(key, 0, sizeof key);
+            memset(iv, 0, sizeof iv);
+            memset(plaintext, 0, sizeof plaintext);
+            plaintextlen = 0;
+            memset(ciphertext, 0, sizeof ciphertext);
+            ciphertextlen = 0;
+            fputs(buf, resp);
+            continue;
+        }
+        if (numKeys == 0) {
+            if (strncmp(buf, "KEYs", 4) == 0) {
+                i = 4;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                    hex_to_byteval(&buf[i], &key[j]);
+                    key[j + 8] = key[j];
+                    key[j + 16] = key[j];
+                }
+                fputs(buf, resp);
+                continue;
+            }
+        } else {
+            /* KEY1 = ... */
+            if (strncmp(buf, "KEY1", 4) == 0) {
+                i = 4;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                    hex_to_byteval(&buf[i], &key[j]);
+                }
+                fputs(buf, resp);
+                continue;
+            }
+            /* KEY2 = ... */
+            if (strncmp(buf, "KEY2", 4) == 0) {
+                i = 4;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                for (j = 8; isxdigit(buf[i]); i += 2, j++) {
+                    hex_to_byteval(&buf[i], &key[j]);
+                }
+                fputs(buf, resp);
+                continue;
+            }
+            /* KEY3 = ... */
+            if (strncmp(buf, "KEY3", 4) == 0) {
+                i = 4;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                for (j = 16; isxdigit(buf[i]); i += 2, j++) {
+                    hex_to_byteval(&buf[i], &key[j]);
+                }
+                fputs(buf, resp);
+                continue;
+            }
+        }
+
+        /* IV = ... */
+        if (strncmp(buf, "IV", 2) == 0) {
+            mode = NSS_DES_EDE3_CBC;
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof iv; i += 2, j++) {
+                hex_to_byteval(&buf[i], &iv[j]);
+            }
+            fputs(buf, resp);
+            continue;
+        }
+
+        /* PLAINTEXT = ... */
+        if (strncmp(buf, "PLAINTEXT", 9) == 0) {
+            /* sanity check */
+            if (crypt != ENCRYPT) {
+                goto loser;
+            }
+            i = 9;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &plaintext[j]);
+            }
+            plaintextlen = j;
+            rv = tdea_encrypt_buf(mode, key,
+                                  (mode == NSS_DES_EDE3) ? NULL : iv,
+                                  ciphertext, &ciphertextlen, sizeof ciphertext,
+                                  plaintext, plaintextlen);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+
+            fputs(buf, resp);
+            fputs("CIPHERTEXT = ", resp);
+            to_hex_str(buf, ciphertext, ciphertextlen);
+            fputs(buf, resp);
+            fputc('\n', resp);
+            continue;
+        }
+        /* CIPHERTEXT = ... */
+        if (strncmp(buf, "CIPHERTEXT", 10) == 0) {
+            /* sanity check */
+            if (crypt != DECRYPT) {
+                goto loser;
+            }
+
+            i = 10;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j]);
+            }
+            ciphertextlen = j;
+
+            rv = tdea_decrypt_buf(mode, key,
+                                  (mode == NSS_DES_EDE3) ? NULL : iv,
+                                  plaintext, &plaintextlen, sizeof plaintext,
+                                  ciphertext, ciphertextlen);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+
+            fputs(buf, resp);
+            fputs("PLAINTEXT = ", resp);
+            to_hex_str(buf, plaintext, plaintextlen);
+            fputs(buf, resp);
+            fputc('\n', resp);
+            continue;
+        }
+    }
+
+loser:
+    fclose(req);
+}
+
+/*
+* Set the parity bit for the given byte
+*/
+BYTE
+odd_parity(BYTE in)
+{
+    BYTE out = in;
+    in ^= in >> 4;
+    in ^= in >> 2;
+    in ^= in >> 1;
+    return (BYTE)(out ^ !(in & 1));
+}
+
+/*
+ * Generate Keys [i+1] from Key[i], PT/CT[j-2], PT/CT[j-1], and PT/CT[j]
+ * for TDEA Monte Carlo Test (MCT) in ECB and CBC modes.
+ */
+void
+tdea_mct_next_keys(unsigned char *key,
+                   const unsigned char *text_2, const unsigned char *text_1,
+                   const unsigned char *text, unsigned int numKeys)
+{
+    int k;
+
+    /* key1[i+1] = key1[i] xor PT/CT[j] */
+    for (k = 0; k < 8; k++) {
+        key[k] ^= text[k];
+    }
+    /* key2 */
+    if (numKeys == 2 || numKeys == 3) {
+        /* key2 independent */
+        for (k = 8; k < 16; k++) {
+            /* key2[i+1] = KEY2[i] xor PT/CT[j-1] */
+            key[k] ^= text_1[k - 8];
+        }
+    } else {
+        /* key2 == key 1 */
+        for (k = 8; k < 16; k++) {
+            /* key2[i+1] = KEY2[i] xor PT/CT[j] */
+            key[k] = key[k - 8];
+        }
+    }
+    /* key3 */
+    if (numKeys == 1 || numKeys == 2) {
+        /* key3 == key 1 */
+        for (k = 16; k < 24; k++) {
+            /* key3[i+1] = KEY3[i] xor PT/CT[j] */
+            key[k] = key[k - 16];
+        }
+    } else {
+        /* key3 independent */
+        for (k = 16; k < 24; k++) {
+            /* key3[i+1] = KEY3[i] xor PT/CT[j-2] */
+            key[k] ^= text_2[k - 16];
+        }
+    }
+    /* set the parity bits */
+    for (k = 0; k < 24; k++) {
+        key[k] = odd_parity(key[k]);
+    }
+}
+
+/*
+ * Perform the Monte Carlo Test
+ *
+ * mode = NSS_DES_EDE3 or NSS_DES_EDE3_CBC
+ * crypt = ENCRYPT || DECRYPT
+ * inputtext = plaintext or Cyphertext depending on the value of crypt
+ * inputlength is expected to be size 8 bytes
+ * iv = needs to be set for NSS_DES_EDE3_CBC mode
+ * resp = is the output response file.
+ */
+void
+tdea_mct_test(int mode, unsigned char *key, unsigned int numKeys,
+              unsigned int crypt, unsigned char *inputtext,
+              unsigned int inputlength, unsigned char *iv, FILE *resp)
+{
+
+    int i, j;
+    unsigned char outputtext_1[8]; /* PT/CT[j-1] */
+    unsigned char outputtext_2[8]; /* PT/CT[j-2] */
+    char buf[80];                  /* holds one line from the input REQUEST file. */
+    unsigned int outputlen;
+    unsigned char outputtext[8];
+
+    SECStatus rv;
+
+    if (mode == NSS_DES_EDE3 && iv != NULL) {
+        printf("IV must be NULL for NSS_DES_EDE3 mode");
+        goto loser;
+    } else if (mode == NSS_DES_EDE3_CBC && iv == NULL) {
+        printf("IV must not be NULL for NSS_DES_EDE3_CBC mode");
+        goto loser;
+    }
+
+    /* loop 400 times */
+    for (i = 0; i < 400; i++) {
+        /* if i == 0 CV[0] = IV  not necessary */
+        /* record the count and key values and plainText */
+        sprintf(buf, "COUNT = %d\n", i);
+        fputs(buf, resp);
+        /* Output KEY1[i] */
+        fputs("KEY1 = ", resp);
+        to_hex_str(buf, key, 8);
+        fputs(buf, resp);
+        fputc('\n', resp);
+        /* Output KEY2[i] */
+        fputs("KEY2 = ", resp);
+        to_hex_str(buf, &key[8], 8);
+        fputs(buf, resp);
+        fputc('\n', resp);
+        /* Output KEY3[i] */
+        fputs("KEY3 = ", resp);
+        to_hex_str(buf, &key[16], 8);
+        fputs(buf, resp);
+        fputc('\n', resp);
+        if (mode == NSS_DES_EDE3_CBC) {
+            /* Output CV[i] */
+            fputs("IV = ", resp);
+            to_hex_str(buf, iv, 8);
+            fputs(buf, resp);
+            fputc('\n', resp);
+        }
+        if (crypt == ENCRYPT) {
+            /* Output PT[0] */
+            fputs("PLAINTEXT = ", resp);
+        } else {
+            /* Output CT[0] */
+            fputs("CIPHERTEXT = ", resp);
+        }
+
+        to_hex_str(buf, inputtext, inputlength);
+        fputs(buf, resp);
+        fputc('\n', resp);
+
+        /* loop 10,000 times */
+        for (j = 0; j < 10000; j++) {
+
+            outputlen = 0;
+            if (crypt == ENCRYPT) {
+                /* inputtext == ciphertext outputtext == plaintext*/
+                rv = tdea_encrypt_buf(mode, key,
+                                      (mode ==
+                                       NSS_DES_EDE3)
+                                          ? NULL
+                                          : iv,
+                                      outputtext, &outputlen, 8,
+                                      inputtext, 8);
+            } else {
+                /* inputtext == plaintext outputtext == ciphertext */
+                rv = tdea_decrypt_buf(mode, key,
+                                      (mode ==
+                                       NSS_DES_EDE3)
+                                          ? NULL
+                                          : iv,
+                                      outputtext, &outputlen, 8,
+                                      inputtext, 8);
+            }
+
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            if (outputlen != inputlength) {
+                goto loser;
+            }
+
+            if (mode == NSS_DES_EDE3_CBC) {
+                if (crypt == ENCRYPT) {
+                    if (j == 0) {
+                        /*P[j+1] = CV[0] */
+                        memcpy(inputtext, iv, 8);
+                    } else {
+                        /* p[j+1] = C[j-1] */
+                        memcpy(inputtext, outputtext_1, 8);
+                    }
+                    /* CV[j+1] = C[j] */
+                    memcpy(iv, outputtext, 8);
+                    if (j != 9999) {
+                        /* save C[j-1] */
+                        memcpy(outputtext_1, outputtext, 8);
+                    }
+                } else { /* DECRYPT */
+                    /* CV[j+1] = C[j] */
+                    memcpy(iv, inputtext, 8);
+                    /* C[j+1] = P[j] */
+                    memcpy(inputtext, outputtext, 8);
+                }
+            } else {
+                /* ECB mode PT/CT[j+1] = CT/PT[j] */
+                memcpy(inputtext, outputtext, 8);
+            }
+
+            /* Save PT/CT[j-2] and PT/CT[j-1] */
+            if (j == 9997)
+                memcpy(outputtext_2, outputtext, 8);
+            if (j == 9998)
+                memcpy(outputtext_1, outputtext, 8);
+            /* done at the end of the for(j) loop */
+        }
+
+        if (crypt == ENCRYPT) {
+            /* Output CT[j] */
+            fputs("CIPHERTEXT = ", resp);
+        } else {
+            /* Output PT[j] */
+            fputs("PLAINTEXT = ", resp);
+        }
+        to_hex_str(buf, outputtext, 8);
+        fputs(buf, resp);
+        fputc('\n', resp);
+
+        /* Key[i+1] = Key[i] xor ...  outputtext_2 == PT/CT[j-2]
+         *  outputtext_1 == PT/CT[j-1] outputtext == PT/CT[j]
+         */
+        tdea_mct_next_keys(key, outputtext_2,
+                           outputtext_1, outputtext, numKeys);
+
+        if (mode == NSS_DES_EDE3_CBC) {
+            /* taken care of in the j=9999 iteration */
+            if (crypt == ENCRYPT) {
+                /* P[i] = C[j-1] */
+                /* CV[i] = C[j] */
+            } else {
+                /* taken care of in the j=9999 iteration */
+                /* CV[i] = C[j] */
+                /* C[i] = P[j]  */
+            }
+        } else {
+            /* ECB PT/CT[i] = PT/CT[j]  */
+            memcpy(inputtext, outputtext, 8);
+        }
+        /* done at the end of the for(i) loop */
+        fputc('\n', resp);
+    }
+
+loser:
+    return;
+}
+
+/*
+ * Perform the TDEA Monte Carlo Test (MCT) in ECB/CBC modes.
+ * by gathering the input from the request file, and then
+ * calling tdea_mct_test.
+ *
+ * reqfn is the pathname of the input REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+tdea_mct(int mode, char *reqfn)
+{
+    int i, j;
+    char buf[80];           /* holds one line from the input REQUEST file. */
+    FILE *req;              /* input stream from the REQUEST file */
+    FILE *resp;             /* output stream to the RESPONSE file */
+    unsigned int crypt = 0; /* 1 means encrypt, 0 means decrypt */
+    unsigned char key[24];  /* TDEA 3 key bundle */
+    unsigned int numKeys = 0;
+    unsigned char plaintext[8];  /* PT[j] */
+    unsigned char ciphertext[8]; /* CT[j] */
+    unsigned char iv[8];
+
+    /* zeroize the variables for the test with this data set */
+    memset(key, 0, sizeof key);
+    memset(plaintext, 0, sizeof plaintext);
+    memset(ciphertext, 0, sizeof ciphertext);
+    memset(iv, 0, sizeof iv);
+
+    req = fopen(reqfn, "r");
+    resp = stdout;
+    while (fgets(buf, sizeof buf, req) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, resp);
+            continue;
+        }
+        /* [ENCRYPT] or [DECRYPT] */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "ENCRYPT", 7) == 0) {
+                crypt = ENCRYPT;
+            } else {
+                crypt = DECRYPT;
+            }
+            fputs(buf, resp);
+            continue;
+        }
+        /* NumKeys */
+        if (strncmp(&buf[0], "NumKeys", 7) == 0) {
+            i = 7;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            numKeys = atoi(&buf[i]);
+            continue;
+        }
+        /* KEY1 = ... */
+        if (strncmp(buf, "KEY1", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            continue;
+        }
+        /* KEY2 = ... */
+        if (strncmp(buf, "KEY2", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 8; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            continue;
+        }
+        /* KEY3 = ... */
+        if (strncmp(buf, "KEY3", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 16; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            continue;
+        }
+
+        /* IV = ... */
+        if (strncmp(buf, "IV", 2) == 0) {
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof iv; i += 2, j++) {
+                hex_to_byteval(&buf[i], &iv[j]);
+            }
+            continue;
+        }
+
+        /* PLAINTEXT = ... */
+        if (strncmp(buf, "PLAINTEXT", 9) == 0) {
+
+            /* sanity check */
+            if (crypt != ENCRYPT) {
+                goto loser;
+            }
+            /* PT[0] = PT */
+            i = 9;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof plaintext; i += 2, j++) {
+                hex_to_byteval(&buf[i], &plaintext[j]);
+            }
+
+            /* do the Monte Carlo test */
+            if (mode == NSS_DES_EDE3) {
+                tdea_mct_test(NSS_DES_EDE3, key, numKeys, crypt, plaintext, sizeof plaintext, NULL, resp);
+            } else {
+                tdea_mct_test(NSS_DES_EDE3_CBC, key, numKeys, crypt, plaintext, sizeof plaintext, iv, resp);
+            }
+            continue;
+        }
+        /* CIPHERTEXT = ... */
+        if (strncmp(buf, "CIPHERTEXT", 10) == 0) {
+            /* sanity check */
+            if (crypt != DECRYPT) {
+                goto loser;
+            }
+            /* CT[0] = CT */
+            i = 10;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j]);
+            }
+
+            /* do the Monte Carlo test */
+            if (mode == NSS_DES_EDE3) {
+                tdea_mct_test(NSS_DES_EDE3, key, numKeys, crypt, ciphertext, sizeof ciphertext, NULL, resp);
+            } else {
+                tdea_mct_test(NSS_DES_EDE3_CBC, key, numKeys, crypt, ciphertext, sizeof ciphertext, iv, resp);
+            }
+            continue;
+        }
+    }
+
+loser:
+    fclose(req);
+}
+
+SECStatus
+aes_encrypt_buf(
+    int mode,
+    const unsigned char *key, unsigned int keysize,
+    const unsigned char *iv,
+    unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
+    const unsigned char *input, unsigned int inputlen)
+{
+    SECStatus rv = SECFailure;
+    AESContext *cx;
+    unsigned char doublecheck[10 * 16]; /* 1 to 10 blocks */
+    unsigned int doublechecklen = 0;
+
+    cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = AES_Encrypt(cx, output, outputlen, maxoutputlen, input, inputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (*outputlen != inputlen) {
+        goto loser;
+    }
+    AES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+
+    /*
+     * Doublecheck our result by decrypting the ciphertext and
+     * compare the output with the input plaintext.
+     */
+    cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = AES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
+                     output, *outputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (doublechecklen != *outputlen) {
+        goto loser;
+    }
+    AES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+    if (memcmp(doublecheck, input, inputlen) != 0) {
+        goto loser;
+    }
+    rv = SECSuccess;
+
+loser:
+    if (cx != NULL) {
+        AES_DestroyContext(cx, PR_TRUE);
+    }
+    return rv;
+}
+
+SECStatus
+aes_decrypt_buf(
+    int mode,
+    const unsigned char *key, unsigned int keysize,
+    const unsigned char *iv,
+    unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
+    const unsigned char *input, unsigned int inputlen)
+{
+    SECStatus rv = SECFailure;
+    AESContext *cx;
+    unsigned char doublecheck[10 * 16]; /* 1 to 10 blocks */
+    unsigned int doublechecklen = 0;
+
+    cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = AES_Decrypt(cx, output, outputlen, maxoutputlen,
+                     input, inputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (*outputlen != inputlen) {
+        goto loser;
+    }
+    AES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+
+    /*
+     * Doublecheck our result by encrypting the plaintext and
+     * compare the output with the input ciphertext.
+     */
+    cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16);
+    if (cx == NULL) {
+        goto loser;
+    }
+    rv = AES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck,
+                     output, *outputlen);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (doublechecklen != *outputlen) {
+        goto loser;
+    }
+    AES_DestroyContext(cx, PR_TRUE);
+    cx = NULL;
+    if (memcmp(doublecheck, input, inputlen) != 0) {
+        goto loser;
+    }
+    rv = SECSuccess;
+
+loser:
+    if (cx != NULL) {
+        AES_DestroyContext(cx, PR_TRUE);
+    }
+    return rv;
+}
+/*
+ * Perform the AES GCM tests.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+aes_gcm(char *reqfn, int encrypt)
+{
+    char buf[512]; /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "CIPHERTEXT = <320 hex digits>\n".
+                         */
+    FILE *aesreq;  /* input stream from the REQUEST file */
+    FILE *aesresp; /* output stream to the RESPONSE file */
+    int i, j;
+    unsigned char key[32]; /* 128, 192, or 256 bits */
+    unsigned int keysize = 0;
+    unsigned char iv[128];            /* handle large gcm IV's */
+    unsigned char plaintext[10 * 16]; /* 1 to 10 blocks */
+    unsigned int plaintextlen;
+    unsigned char ciphertext[11 * 16]; /* 1 to 10 blocks + tag */
+    unsigned int ciphertextlen;
+    unsigned char aad[11 * 16]; /* 1 to 10 blocks + tag */
+    unsigned int aadlen = 0;
+    unsigned int tagbits;
+    unsigned int taglen = 0;
+    unsigned int ivlen;
+    CK_GCM_PARAMS params;
+    SECStatus rv;
+
+    aesreq = fopen(reqfn, "r");
+    aesresp = stdout;
+    while (fgets(buf, sizeof buf, aesreq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* [ENCRYPT] or [DECRYPT] */
+        if (buf[0] == '[') {
+            if (strncmp(buf, "[Taglen", 7) == 0) {
+                if (sscanf(buf, "[Taglen = %d]", &tagbits) != 1) {
+                    goto loser;
+                }
+                taglen = tagbits / 8;
+            }
+            if (strncmp(buf, "[IVlen", 6) == 0) {
+                if (sscanf(buf, "[IVlen = %d]", &ivlen) != 1) {
+                    goto loser;
+                }
+                ivlen = ivlen / 8;
+            }
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "Count", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            memset(key, 0, sizeof key);
+            keysize = 0;
+            memset(iv, 0, sizeof iv);
+            memset(plaintext, 0, sizeof plaintext);
+            plaintextlen = 0;
+            memset(ciphertext, 0, sizeof ciphertext);
+            ciphertextlen = 0;
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* KEY = ... */
+        if (strncmp(buf, "Key", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            keysize = j;
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* IV = ... */
+        if (strncmp(buf, "IV", 2) == 0) {
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof iv; i += 2, j++) {
+                hex_to_byteval(&buf[i], &iv[j]);
+            }
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* PLAINTEXT = ... */
+        if (strncmp(buf, "PT", 2) == 0) {
+            /* sanity check */
+            if (!encrypt) {
+                goto loser;
+            }
+
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &plaintext[j]);
+            }
+            plaintextlen = j;
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* CIPHERTEXT = ... */
+        if (strncmp(buf, "CT", 2) == 0) {
+            /* sanity check */
+            if (encrypt) {
+                goto loser;
+            }
+
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j]);
+            }
+            ciphertextlen = j;
+            fputs(buf, aesresp);
+            continue;
+        }
+        if (strncmp(buf, "AAD", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &aad[j]);
+            }
+            aadlen = j;
+            fputs(buf, aesresp);
+            if (encrypt) {
+                if (encrypt == 2) {
+                    rv = RNG_GenerateGlobalRandomBytes(iv, ivlen);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                }
+                params.pIv = iv;
+                params.ulIvLen = ivlen;
+                params.pAAD = aad;
+                params.ulAADLen = aadlen;
+                params.ulTagBits = tagbits;
+                rv = aes_encrypt_buf(NSS_AES_GCM, key, keysize,
+                                     (unsigned char *)&params,
+                                     ciphertext, &ciphertextlen, sizeof ciphertext,
+                                     plaintext, plaintextlen);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+
+                if (encrypt == 2) {
+                    fputs("IV = ", aesresp);
+                    to_hex_str(buf, iv, ivlen);
+                    fputs(buf, aesresp);
+                    fputc('\n', aesresp);
+                }
+                fputs("CT = ", aesresp);
+                j = ciphertextlen - taglen;
+                to_hex_str(buf, ciphertext, j);
+                fputs(buf, aesresp);
+                fputs("\nTag = ", aesresp);
+                to_hex_str(buf, ciphertext + j, taglen);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+            }
+            continue;
+        }
+        if (strncmp(buf, "Tag", 3) == 0) {
+            /* sanity check */
+            if (encrypt) {
+                goto loser;
+            }
+
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j + ciphertextlen]);
+            }
+            ciphertextlen += j;
+            params.pIv = iv;
+            params.ulIvLen = ivlen;
+            params.pAAD = aad;
+            params.ulAADLen = aadlen;
+            params.ulTagBits = tagbits;
+            rv = aes_decrypt_buf(NSS_AES_GCM, key, keysize,
+                                 (unsigned char *)&params,
+                                 plaintext, &plaintextlen, sizeof plaintext,
+                                 ciphertext, ciphertextlen);
+            fputs(buf, aesresp);
+            if (rv != SECSuccess) {
+                fprintf(aesresp, "FAIL\n");
+            } else {
+                fputs("PT = ", aesresp);
+                to_hex_str(buf, plaintext, plaintextlen);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+            }
+            continue;
+        }
+    }
+loser:
+    fclose(aesreq);
+}
+
+/*
+ * Perform the AES Known Answer Test (KAT) or Multi-block Message
+ * Test (MMT) in ECB or CBC mode.  The KAT (there are four types)
+ * and MMT have the same structure: given the key and IV (CBC mode
+ * only), encrypt the given plaintext or decrypt the given ciphertext.
+ * So we can handle them the same way.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+aes_kat_mmt(char *reqfn)
+{
+    char buf[512]; /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "CIPHERTEXT = <320 hex digits>\n".
+                         */
+    FILE *aesreq;  /* input stream from the REQUEST file */
+    FILE *aesresp; /* output stream to the RESPONSE file */
+    int i, j;
+    int mode = NSS_AES;    /* NSS_AES (ECB) or NSS_AES_CBC */
+    int encrypt = 0;       /* 1 means encrypt, 0 means decrypt */
+    unsigned char key[32]; /* 128, 192, or 256 bits */
+    unsigned int keysize = 0;
+    unsigned char iv[16];             /* for all modes except ECB */
+    unsigned char plaintext[10 * 16]; /* 1 to 10 blocks */
+    unsigned int plaintextlen;
+    unsigned char ciphertext[10 * 16]; /* 1 to 10 blocks */
+    unsigned int ciphertextlen;
+    SECStatus rv;
+
+    aesreq = fopen(reqfn, "r");
+    aesresp = stdout;
+    while (fgets(buf, sizeof buf, aesreq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* [ENCRYPT] or [DECRYPT] */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "ENCRYPT", 7) == 0) {
+                encrypt = 1;
+            } else {
+                encrypt = 0;
+            }
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            mode = NSS_AES;
+            /* zeroize the variables for the test with this data set */
+            memset(key, 0, sizeof key);
+            keysize = 0;
+            memset(iv, 0, sizeof iv);
+            memset(plaintext, 0, sizeof plaintext);
+            plaintextlen = 0;
+            memset(ciphertext, 0, sizeof ciphertext);
+            ciphertextlen = 0;
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* KEY = ... */
+        if (strncmp(buf, "KEY", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            keysize = j;
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* IV = ... */
+        if (strncmp(buf, "IV", 2) == 0) {
+            mode = NSS_AES_CBC;
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof iv; i += 2, j++) {
+                hex_to_byteval(&buf[i], &iv[j]);
+            }
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* PLAINTEXT = ... */
+        if (strncmp(buf, "PLAINTEXT", 9) == 0) {
+            /* sanity check */
+            if (!encrypt) {
+                goto loser;
+            }
+
+            i = 9;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &plaintext[j]);
+            }
+            plaintextlen = j;
+
+            rv = aes_encrypt_buf(mode, key, keysize,
+                                 (mode ==
+                                  NSS_AES)
+                                     ? NULL
+                                     : iv,
+                                 ciphertext, &ciphertextlen, sizeof ciphertext,
+                                 plaintext, plaintextlen);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+
+            fputs(buf, aesresp);
+            fputs("CIPHERTEXT = ", aesresp);
+            to_hex_str(buf, ciphertext, ciphertextlen);
+            fputs(buf, aesresp);
+            fputc('\n', aesresp);
+            continue;
+        }
+        /* CIPHERTEXT = ... */
+        if (strncmp(buf, "CIPHERTEXT", 10) == 0) {
+            /* sanity check */
+            if (encrypt) {
+                goto loser;
+            }
+
+            i = 10;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j]);
+            }
+            ciphertextlen = j;
+
+            rv = aes_decrypt_buf(mode, key, keysize,
+                                 (mode ==
+                                  NSS_AES)
+                                     ? NULL
+                                     : iv,
+                                 plaintext, &plaintextlen, sizeof plaintext,
+                                 ciphertext, ciphertextlen);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+
+            fputs(buf, aesresp);
+            fputs("PLAINTEXT = ", aesresp);
+            to_hex_str(buf, plaintext, plaintextlen);
+            fputs(buf, aesresp);
+            fputc('\n', aesresp);
+            continue;
+        }
+    }
+loser:
+    fclose(aesreq);
+}
+
+/*
+ * Generate Key[i+1] from Key[i], CT[j-1], and CT[j] for AES Monte Carlo
+ * Test (MCT) in ECB and CBC modes.
+ */
+void
+aes_mct_next_key(unsigned char *key, unsigned int keysize,
+                 const unsigned char *ciphertext_1, const unsigned char *ciphertext)
+{
+    int k;
+
+    switch (keysize) {
+        case 16: /* 128-bit key */
+            /* Key[i+1] = Key[i] xor CT[j] */
+            for (k = 0; k < 16; k++) {
+                key[k] ^= ciphertext[k];
+            }
+            break;
+        case 24: /* 192-bit key */
+            /*
+         * Key[i+1] = Key[i] xor (last 64-bits of
+         *            CT[j-1] || CT[j])
+         */
+            for (k = 0; k < 8; k++) {
+                key[k] ^= ciphertext_1[k + 8];
+            }
+            for (k = 8; k < 24; k++) {
+                key[k] ^= ciphertext[k - 8];
+            }
+            break;
+        case 32: /* 256-bit key */
+            /* Key[i+1] = Key[i] xor (CT[j-1] || CT[j]) */
+            for (k = 0; k < 16; k++) {
+                key[k] ^= ciphertext_1[k];
+            }
+            for (k = 16; k < 32; k++) {
+                key[k] ^= ciphertext[k - 16];
+            }
+            break;
+    }
+}
+
+/*
+ * Perform the AES Monte Carlo Test (MCT) in ECB mode.  MCT exercises
+ * our AES code in streaming mode because the plaintext or ciphertext
+ * is generated block by block as we go, so we can't collect all the
+ * plaintext or ciphertext in one buffer and encrypt or decrypt it in
+ * one shot.
+ *
+ * reqfn is the pathname of the input REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+aes_ecb_mct(char *reqfn)
+{
+    char buf[80];  /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "KEY = <64 hex digits>\n".
+                         */
+    FILE *aesreq;  /* input stream from the REQUEST file */
+    FILE *aesresp; /* output stream to the RESPONSE file */
+    int i, j;
+    int encrypt = 0;       /* 1 means encrypt, 0 means decrypt */
+    unsigned char key[32]; /* 128, 192, or 256 bits */
+    unsigned int keysize = 0;
+    unsigned char plaintext[16];    /* PT[j] */
+    unsigned char plaintext_1[16];  /* PT[j-1] */
+    unsigned char ciphertext[16];   /* CT[j] */
+    unsigned char ciphertext_1[16]; /* CT[j-1] */
+    unsigned char doublecheck[16];
+    unsigned int outputlen;
+    AESContext *cx = NULL;  /* the operation being tested */
+    AESContext *cx2 = NULL; /* the inverse operation done in parallel
+                                 * to doublecheck our result.
+                                 */
+    SECStatus rv;
+
+    aesreq = fopen(reqfn, "r");
+    aesresp = stdout;
+    while (fgets(buf, sizeof buf, aesreq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* [ENCRYPT] or [DECRYPT] */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "ENCRYPT", 7) == 0) {
+                encrypt = 1;
+            } else {
+                encrypt = 0;
+            }
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            memset(key, 0, sizeof key);
+            keysize = 0;
+            memset(plaintext, 0, sizeof plaintext);
+            memset(ciphertext, 0, sizeof ciphertext);
+            continue;
+        }
+        /* KEY = ... */
+        if (strncmp(buf, "KEY", 3) == 0) {
+            /* Key[0] = Key */
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            keysize = j;
+            continue;
+        }
+        /* PLAINTEXT = ... */
+        if (strncmp(buf, "PLAINTEXT", 9) == 0) {
+            /* sanity check */
+            if (!encrypt) {
+                goto loser;
+            }
+            /* PT[0] = PT */
+            i = 9;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof plaintext; i += 2, j++) {
+                hex_to_byteval(&buf[i], &plaintext[j]);
+            }
+
+            for (i = 0; i < 100; i++) {
+                sprintf(buf, "COUNT = %d\n", i);
+                fputs(buf, aesresp);
+                /* Output Key[i] */
+                fputs("KEY = ", aesresp);
+                to_hex_str(buf, key, keysize);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+                /* Output PT[0] */
+                fputs("PLAINTEXT = ", aesresp);
+                to_hex_str(buf, plaintext, sizeof plaintext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                cx = AES_CreateContext(key, NULL, NSS_AES,
+                                       PR_TRUE, keysize, 16);
+                if (cx == NULL) {
+                    goto loser;
+                }
+                /*
+                 * doublecheck our result by decrypting the result
+                 * and comparing the output with the plaintext.
+                 */
+                cx2 = AES_CreateContext(key, NULL, NSS_AES,
+                                        PR_FALSE, keysize, 16);
+                if (cx2 == NULL) {
+                    goto loser;
+                }
+                for (j = 0; j < 1000; j++) {
+                    /* Save CT[j-1] */
+                    memcpy(ciphertext_1, ciphertext, sizeof ciphertext);
+
+                    /* CT[j] = AES(Key[i], PT[j]) */
+                    outputlen = 0;
+                    rv = AES_Encrypt(cx,
+                                     ciphertext, &outputlen, sizeof ciphertext,
+                                     plaintext, sizeof plaintext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof plaintext) {
+                        goto loser;
+                    }
+
+                    /* doublecheck our result */
+                    outputlen = 0;
+                    rv = AES_Decrypt(cx2,
+                                     doublecheck, &outputlen, sizeof doublecheck,
+                                     ciphertext, sizeof ciphertext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof ciphertext) {
+                        goto loser;
+                    }
+                    if (memcmp(doublecheck, plaintext, sizeof plaintext)) {
+                        goto loser;
+                    }
+
+                    /* PT[j+1] = CT[j] */
+                    memcpy(plaintext, ciphertext, sizeof plaintext);
+                }
+                AES_DestroyContext(cx, PR_TRUE);
+                cx = NULL;
+                AES_DestroyContext(cx2, PR_TRUE);
+                cx2 = NULL;
+
+                /* Output CT[j] */
+                fputs("CIPHERTEXT = ", aesresp);
+                to_hex_str(buf, ciphertext, sizeof ciphertext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                /* Key[i+1] = Key[i] xor ... */
+                aes_mct_next_key(key, keysize, ciphertext_1, ciphertext);
+                /* PT[0] = CT[j] */
+                /* done at the end of the for(j) loop */
+
+                fputc('\n', aesresp);
+            }
+
+            continue;
+        }
+        /* CIPHERTEXT = ... */
+        if (strncmp(buf, "CIPHERTEXT", 10) == 0) {
+            /* sanity check */
+            if (encrypt) {
+                goto loser;
+            }
+            /* CT[0] = CT */
+            i = 10;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j]);
+            }
+
+            for (i = 0; i < 100; i++) {
+                sprintf(buf, "COUNT = %d\n", i);
+                fputs(buf, aesresp);
+                /* Output Key[i] */
+                fputs("KEY = ", aesresp);
+                to_hex_str(buf, key, keysize);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+                /* Output CT[0] */
+                fputs("CIPHERTEXT = ", aesresp);
+                to_hex_str(buf, ciphertext, sizeof ciphertext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                cx = AES_CreateContext(key, NULL, NSS_AES,
+                                       PR_FALSE, keysize, 16);
+                if (cx == NULL) {
+                    goto loser;
+                }
+                /*
+                 * doublecheck our result by encrypting the result
+                 * and comparing the output with the ciphertext.
+                 */
+                cx2 = AES_CreateContext(key, NULL, NSS_AES,
+                                        PR_TRUE, keysize, 16);
+                if (cx2 == NULL) {
+                    goto loser;
+                }
+                for (j = 0; j < 1000; j++) {
+                    /* Save PT[j-1] */
+                    memcpy(plaintext_1, plaintext, sizeof plaintext);
+
+                    /* PT[j] = AES(Key[i], CT[j]) */
+                    outputlen = 0;
+                    rv = AES_Decrypt(cx,
+                                     plaintext, &outputlen, sizeof plaintext,
+                                     ciphertext, sizeof ciphertext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof ciphertext) {
+                        goto loser;
+                    }
+
+                    /* doublecheck our result */
+                    outputlen = 0;
+                    rv = AES_Encrypt(cx2,
+                                     doublecheck, &outputlen, sizeof doublecheck,
+                                     plaintext, sizeof plaintext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof plaintext) {
+                        goto loser;
+                    }
+                    if (memcmp(doublecheck, ciphertext, sizeof ciphertext)) {
+                        goto loser;
+                    }
+
+                    /* CT[j+1] = PT[j] */
+                    memcpy(ciphertext, plaintext, sizeof ciphertext);
+                }
+                AES_DestroyContext(cx, PR_TRUE);
+                cx = NULL;
+                AES_DestroyContext(cx2, PR_TRUE);
+                cx2 = NULL;
+
+                /* Output PT[j] */
+                fputs("PLAINTEXT = ", aesresp);
+                to_hex_str(buf, plaintext, sizeof plaintext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                /* Key[i+1] = Key[i] xor ... */
+                aes_mct_next_key(key, keysize, plaintext_1, plaintext);
+                /* CT[0] = PT[j] */
+                /* done at the end of the for(j) loop */
+
+                fputc('\n', aesresp);
+            }
+
+            continue;
+        }
+    }
+loser:
+    if (cx != NULL) {
+        AES_DestroyContext(cx, PR_TRUE);
+    }
+    if (cx2 != NULL) {
+        AES_DestroyContext(cx2, PR_TRUE);
+    }
+    fclose(aesreq);
+}
+
+/*
+ * Perform the AES Monte Carlo Test (MCT) in CBC mode.  MCT exercises
+ * our AES code in streaming mode because the plaintext or ciphertext
+ * is generated block by block as we go, so we can't collect all the
+ * plaintext or ciphertext in one buffer and encrypt or decrypt it in
+ * one shot.
+ *
+ * reqfn is the pathname of the input REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+aes_cbc_mct(char *reqfn)
+{
+    char buf[80];  /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "KEY = <64 hex digits>\n".
+                         */
+    FILE *aesreq;  /* input stream from the REQUEST file */
+    FILE *aesresp; /* output stream to the RESPONSE file */
+    int i, j;
+    int encrypt = 0;       /* 1 means encrypt, 0 means decrypt */
+    unsigned char key[32]; /* 128, 192, or 256 bits */
+    unsigned int keysize = 0;
+    unsigned char iv[16];
+    unsigned char plaintext[16];    /* PT[j] */
+    unsigned char plaintext_1[16];  /* PT[j-1] */
+    unsigned char ciphertext[16];   /* CT[j] */
+    unsigned char ciphertext_1[16]; /* CT[j-1] */
+    unsigned char doublecheck[16];
+    unsigned int outputlen;
+    AESContext *cx = NULL;  /* the operation being tested */
+    AESContext *cx2 = NULL; /* the inverse operation done in parallel
+                                 * to doublecheck our result.
+                                 */
+    SECStatus rv;
+
+    aesreq = fopen(reqfn, "r");
+    aesresp = stdout;
+    while (fgets(buf, sizeof buf, aesreq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* [ENCRYPT] or [DECRYPT] */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "ENCRYPT", 7) == 0) {
+                encrypt = 1;
+            } else {
+                encrypt = 0;
+            }
+            fputs(buf, aesresp);
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            memset(key, 0, sizeof key);
+            keysize = 0;
+            memset(iv, 0, sizeof iv);
+            memset(plaintext, 0, sizeof plaintext);
+            memset(ciphertext, 0, sizeof ciphertext);
+            continue;
+        }
+        /* KEY = ... */
+        if (strncmp(buf, "KEY", 3) == 0) {
+            /* Key[0] = Key */
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            keysize = j;
+            continue;
+        }
+        /* IV = ... */
+        if (strncmp(buf, "IV", 2) == 0) {
+            /* IV[0] = IV */
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof iv; i += 2, j++) {
+                hex_to_byteval(&buf[i], &iv[j]);
+            }
+            continue;
+        }
+        /* PLAINTEXT = ... */
+        if (strncmp(buf, "PLAINTEXT", 9) == 0) {
+            /* sanity check */
+            if (!encrypt) {
+                goto loser;
+            }
+            /* PT[0] = PT */
+            i = 9;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof plaintext; i += 2, j++) {
+                hex_to_byteval(&buf[i], &plaintext[j]);
+            }
+
+            for (i = 0; i < 100; i++) {
+                sprintf(buf, "COUNT = %d\n", i);
+                fputs(buf, aesresp);
+                /* Output Key[i] */
+                fputs("KEY = ", aesresp);
+                to_hex_str(buf, key, keysize);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+                /* Output IV[i] */
+                fputs("IV = ", aesresp);
+                to_hex_str(buf, iv, sizeof iv);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+                /* Output PT[0] */
+                fputs("PLAINTEXT = ", aesresp);
+                to_hex_str(buf, plaintext, sizeof plaintext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                cx = AES_CreateContext(key, iv, NSS_AES_CBC,
+                                       PR_TRUE, keysize, 16);
+                if (cx == NULL) {
+                    goto loser;
+                }
+                /*
+                 * doublecheck our result by decrypting the result
+                 * and comparing the output with the plaintext.
+                 */
+                cx2 = AES_CreateContext(key, iv, NSS_AES_CBC,
+                                        PR_FALSE, keysize, 16);
+                if (cx2 == NULL) {
+                    goto loser;
+                }
+                /* CT[-1] = IV[i] */
+                memcpy(ciphertext, iv, sizeof ciphertext);
+                for (j = 0; j < 1000; j++) {
+                    /* Save CT[j-1] */
+                    memcpy(ciphertext_1, ciphertext, sizeof ciphertext);
+                    /*
+                     * If ( j=0 )
+                     *      CT[j] = AES(Key[i], IV[i], PT[j])
+                     *      PT[j+1] = IV[i] (= CT[j-1])
+                     * Else
+                     *      CT[j] = AES(Key[i], PT[j])
+                     *      PT[j+1] = CT[j-1]
+                     */
+                    outputlen = 0;
+                    rv = AES_Encrypt(cx,
+                                     ciphertext, &outputlen, sizeof ciphertext,
+                                     plaintext, sizeof plaintext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof plaintext) {
+                        goto loser;
+                    }
+
+                    /* doublecheck our result */
+                    outputlen = 0;
+                    rv = AES_Decrypt(cx2,
+                                     doublecheck, &outputlen, sizeof doublecheck,
+                                     ciphertext, sizeof ciphertext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof ciphertext) {
+                        goto loser;
+                    }
+                    if (memcmp(doublecheck, plaintext, sizeof plaintext)) {
+                        goto loser;
+                    }
+
+                    memcpy(plaintext, ciphertext_1, sizeof plaintext);
+                }
+                AES_DestroyContext(cx, PR_TRUE);
+                cx = NULL;
+                AES_DestroyContext(cx2, PR_TRUE);
+                cx2 = NULL;
+
+                /* Output CT[j] */
+                fputs("CIPHERTEXT = ", aesresp);
+                to_hex_str(buf, ciphertext, sizeof ciphertext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                /* Key[i+1] = Key[i] xor ... */
+                aes_mct_next_key(key, keysize, ciphertext_1, ciphertext);
+                /* IV[i+1] = CT[j] */
+                memcpy(iv, ciphertext, sizeof iv);
+                /* PT[0] = CT[j-1] */
+                /* done at the end of the for(j) loop */
+
+                fputc('\n', aesresp);
+            }
+
+            continue;
+        }
+        /* CIPHERTEXT = ... */
+        if (strncmp(buf, "CIPHERTEXT", 10) == 0) {
+            /* sanity check */
+            if (encrypt) {
+                goto loser;
+            }
+            /* CT[0] = CT */
+            i = 10;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j]);
+            }
+
+            for (i = 0; i < 100; i++) {
+                sprintf(buf, "COUNT = %d\n", i);
+                fputs(buf, aesresp);
+                /* Output Key[i] */
+                fputs("KEY = ", aesresp);
+                to_hex_str(buf, key, keysize);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+                /* Output IV[i] */
+                fputs("IV = ", aesresp);
+                to_hex_str(buf, iv, sizeof iv);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+                /* Output CT[0] */
+                fputs("CIPHERTEXT = ", aesresp);
+                to_hex_str(buf, ciphertext, sizeof ciphertext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                cx = AES_CreateContext(key, iv, NSS_AES_CBC,
+                                       PR_FALSE, keysize, 16);
+                if (cx == NULL) {
+                    goto loser;
+                }
+                /*
+                 * doublecheck our result by encrypting the result
+                 * and comparing the output with the ciphertext.
+                 */
+                cx2 = AES_CreateContext(key, iv, NSS_AES_CBC,
+                                        PR_TRUE, keysize, 16);
+                if (cx2 == NULL) {
+                    goto loser;
+                }
+                /* PT[-1] = IV[i] */
+                memcpy(plaintext, iv, sizeof plaintext);
+                for (j = 0; j < 1000; j++) {
+                    /* Save PT[j-1] */
+                    memcpy(plaintext_1, plaintext, sizeof plaintext);
+                    /*
+                     * If ( j=0 )
+                     *      PT[j] = AES(Key[i], IV[i], CT[j])
+                     *      CT[j+1] = IV[i] (= PT[j-1])
+                     * Else
+                     *      PT[j] = AES(Key[i], CT[j])
+                     *      CT[j+1] = PT[j-1]
+                     */
+                    outputlen = 0;
+                    rv = AES_Decrypt(cx,
+                                     plaintext, &outputlen, sizeof plaintext,
+                                     ciphertext, sizeof ciphertext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof ciphertext) {
+                        goto loser;
+                    }
+
+                    /* doublecheck our result */
+                    outputlen = 0;
+                    rv = AES_Encrypt(cx2,
+                                     doublecheck, &outputlen, sizeof doublecheck,
+                                     plaintext, sizeof plaintext);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    if (outputlen != sizeof plaintext) {
+                        goto loser;
+                    }
+                    if (memcmp(doublecheck, ciphertext, sizeof ciphertext)) {
+                        goto loser;
+                    }
+
+                    memcpy(ciphertext, plaintext_1, sizeof ciphertext);
+                }
+                AES_DestroyContext(cx, PR_TRUE);
+                cx = NULL;
+                AES_DestroyContext(cx2, PR_TRUE);
+                cx2 = NULL;
+
+                /* Output PT[j] */
+                fputs("PLAINTEXT = ", aesresp);
+                to_hex_str(buf, plaintext, sizeof plaintext);
+                fputs(buf, aesresp);
+                fputc('\n', aesresp);
+
+                /* Key[i+1] = Key[i] xor ... */
+                aes_mct_next_key(key, keysize, plaintext_1, plaintext);
+                /* IV[i+1] = PT[j] */
+                memcpy(iv, plaintext, sizeof iv);
+                /* CT[0] = PT[j-1] */
+                /* done at the end of the for(j) loop */
+
+                fputc('\n', aesresp);
+            }
+
+            continue;
+        }
+    }
+loser:
+    if (cx != NULL) {
+        AES_DestroyContext(cx, PR_TRUE);
+    }
+    if (cx2 != NULL) {
+        AES_DestroyContext(cx2, PR_TRUE);
+    }
+    fclose(aesreq);
+}
+
+void
+write_compact_string(FILE *out, unsigned char *hash, unsigned int len)
+{
+    unsigned int i;
+    int j, count = 0, last = -1, z = 0;
+    long start = ftell(out);
+    for (i = 0; i < len; i++) {
+        for (j = 7; j >= 0; j--) {
+            if (last < 0) {
+                last = (hash[i] & (1 << j)) ? 1 : 0;
+                fprintf(out, "%d ", last);
+                count = 1;
+            } else if (hash[i] & (1 << j)) {
+                if (last) {
+                    count++;
+                } else {
+                    last = 0;
+                    fprintf(out, "%d ", count);
+                    count = 1;
+                    z++;
+                }
+            } else {
+                if (!last) {
+                    count++;
+                } else {
+                    last = 1;
+                    fprintf(out, "%d ", count);
+                    count = 1;
+                    z++;
+                }
+            }
+        }
+    }
+    fprintf(out, "^\n");
+    fseek(out, start, SEEK_SET);
+    fprintf(out, "%d ", z);
+    fseek(out, 0, SEEK_END);
+}
+
+int
+get_next_line(FILE *req, char *key, char *val, FILE *rsp)
+{
+    int ignore = 0;
+    char *writeto = key;
+    int w = 0;
+    int c;
+    while ((c = fgetc(req)) != EOF) {
+        if (ignore) {
+            fprintf(rsp, "%c", c);
+            if (c == '\n')
+                return ignore;
+        } else if (c == '\n') {
+            break;
+        } else if (c == '#') {
+            ignore = 1;
+            fprintf(rsp, "%c", c);
+        } else if (c == '=') {
+            writeto[w] = '\0';
+            w = 0;
+            writeto = val;
+        } else if (c == ' ' || c == '[' || c == ']') {
+            continue;
+        } else {
+            writeto[w++] = c;
+        }
+    }
+    writeto[w] = '\0';
+    return (c == EOF) ? -1 : ignore;
+}
+
+#ifndef NSS_DISABLE_ECC
+typedef struct curveNameTagPairStr {
+    char *curveName;
+    SECOidTag curveOidTag;
+} CurveNameTagPair;
+
+#define DEFAULT_CURVE_OID_TAG SEC_OID_SECG_EC_SECP192R1
+/* #define DEFAULT_CURVE_OID_TAG  SEC_OID_SECG_EC_SECP160R1 */
+
+static CurveNameTagPair nameTagPair[] =
+    {
+      { "sect163k1", SEC_OID_SECG_EC_SECT163K1 },
+      { "nistk163", SEC_OID_SECG_EC_SECT163K1 },
+      { "sect163r1", SEC_OID_SECG_EC_SECT163R1 },
+      { "sect163r2", SEC_OID_SECG_EC_SECT163R2 },
+      { "nistb163", SEC_OID_SECG_EC_SECT163R2 },
+      { "sect193r1", SEC_OID_SECG_EC_SECT193R1 },
+      { "sect193r2", SEC_OID_SECG_EC_SECT193R2 },
+      { "sect233k1", SEC_OID_SECG_EC_SECT233K1 },
+      { "nistk233", SEC_OID_SECG_EC_SECT233K1 },
+      { "sect233r1", SEC_OID_SECG_EC_SECT233R1 },
+      { "nistb233", SEC_OID_SECG_EC_SECT233R1 },
+      { "sect239k1", SEC_OID_SECG_EC_SECT239K1 },
+      { "sect283k1", SEC_OID_SECG_EC_SECT283K1 },
+      { "nistk283", SEC_OID_SECG_EC_SECT283K1 },
+      { "sect283r1", SEC_OID_SECG_EC_SECT283R1 },
+      { "nistb283", SEC_OID_SECG_EC_SECT283R1 },
+      { "sect409k1", SEC_OID_SECG_EC_SECT409K1 },
+      { "nistk409", SEC_OID_SECG_EC_SECT409K1 },
+      { "sect409r1", SEC_OID_SECG_EC_SECT409R1 },
+      { "nistb409", SEC_OID_SECG_EC_SECT409R1 },
+      { "sect571k1", SEC_OID_SECG_EC_SECT571K1 },
+      { "nistk571", SEC_OID_SECG_EC_SECT571K1 },
+      { "sect571r1", SEC_OID_SECG_EC_SECT571R1 },
+      { "nistb571", SEC_OID_SECG_EC_SECT571R1 },
+      { "secp160k1", SEC_OID_SECG_EC_SECP160K1 },
+      { "secp160r1", SEC_OID_SECG_EC_SECP160R1 },
+      { "secp160r2", SEC_OID_SECG_EC_SECP160R2 },
+      { "secp192k1", SEC_OID_SECG_EC_SECP192K1 },
+      { "secp192r1", SEC_OID_SECG_EC_SECP192R1 },
+      { "nistp192", SEC_OID_SECG_EC_SECP192R1 },
+      { "secp224k1", SEC_OID_SECG_EC_SECP224K1 },
+      { "secp224r1", SEC_OID_SECG_EC_SECP224R1 },
+      { "nistp224", SEC_OID_SECG_EC_SECP224R1 },
+      { "secp256k1", SEC_OID_SECG_EC_SECP256K1 },
+      { "secp256r1", SEC_OID_SECG_EC_SECP256R1 },
+      { "nistp256", SEC_OID_SECG_EC_SECP256R1 },
+      { "secp384r1", SEC_OID_SECG_EC_SECP384R1 },
+      { "nistp384", SEC_OID_SECG_EC_SECP384R1 },
+      { "secp521r1", SEC_OID_SECG_EC_SECP521R1 },
+      { "nistp521", SEC_OID_SECG_EC_SECP521R1 },
+
+      { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+      { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+      { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+      { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+      { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+      { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+
+      { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+      { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+      { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+      { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+      { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+      { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+      { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+      { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+      { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+      { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+      { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+      { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+      { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+      { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+      { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+      { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+      { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+      { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+      { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+      { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+      { "secp112r1", SEC_OID_SECG_EC_SECP112R1 },
+      { "secp112r2", SEC_OID_SECG_EC_SECP112R2 },
+      { "secp128r1", SEC_OID_SECG_EC_SECP128R1 },
+      { "secp128r2", SEC_OID_SECG_EC_SECP128R2 },
+
+      { "sect113r1", SEC_OID_SECG_EC_SECT113R1 },
+      { "sect113r2", SEC_OID_SECG_EC_SECT113R2 },
+      { "sect131r1", SEC_OID_SECG_EC_SECT131R1 },
+      { "sect131r2", SEC_OID_SECG_EC_SECT131R2 },
+    };
+
+static SECItem *
+getECParams(const char *curve)
+{
+    SECItem *ecparams;
+    SECOidData *oidData = NULL;
+    SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
+    int i, numCurves;
+
+    if (curve != NULL) {
+        numCurves = sizeof(nameTagPair) / sizeof(CurveNameTagPair);
+        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN));
+             i++) {
+            if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+                curveOidTag = nameTagPair[i].curveOidTag;
+        }
+    }
+
+    /* Return NULL if curve name is not recognized */
+    if ((curveOidTag == SEC_OID_UNKNOWN) ||
+        (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) {
+        fprintf(stderr, "Unrecognized elliptic curve %s\n", curve);
+        return NULL;
+    }
+
+    ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len));
+
+    /*
+     * ecparams->data needs to contain the ASN encoding of an object ID (OID)
+     * representing the named curve. The actual OID is in
+     * oidData->oid.data so we simply prepend 0x06 and OID length
+     */
+    ecparams->data[0] = SEC_ASN1_OBJECT_ID;
+    ecparams->data[1] = oidData->oid.len;
+    memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
+
+    return ecparams;
+}
+
+/*
+ * HASH_ functions are available to full NSS apps and internally inside
+ * freebl, but not exported to users of freebl. Create short stubs to
+ * replace the functionality for fipstest.
+ */
+SECStatus
+fips_hashBuf(HASH_HashType type, unsigned char *hashBuf,
+             unsigned char *msg, int len)
+{
+    SECStatus rv = SECFailure;
+
+    switch (type) {
+        case HASH_AlgSHA1:
+            rv = SHA1_HashBuf(hashBuf, msg, len);
+            break;
+        case HASH_AlgSHA224:
+            rv = SHA224_HashBuf(hashBuf, msg, len);
+            break;
+        case HASH_AlgSHA256:
+            rv = SHA256_HashBuf(hashBuf, msg, len);
+            break;
+        case HASH_AlgSHA384:
+            rv = SHA384_HashBuf(hashBuf, msg, len);
+            break;
+        case HASH_AlgSHA512:
+            rv = SHA512_HashBuf(hashBuf, msg, len);
+            break;
+        default:
+            break;
+    }
+    return rv;
+}
+
+int
+fips_hashLen(HASH_HashType type)
+{
+    int len = 0;
+
+    switch (type) {
+        case HASH_AlgSHA1:
+            len = SHA1_LENGTH;
+            break;
+        case HASH_AlgSHA224:
+            len = SHA224_LENGTH;
+            break;
+        case HASH_AlgSHA256:
+            len = SHA256_LENGTH;
+            break;
+        case HASH_AlgSHA384:
+            len = SHA384_LENGTH;
+            break;
+        case HASH_AlgSHA512:
+            len = SHA512_LENGTH;
+            break;
+        default:
+            break;
+    }
+    return len;
+}
+
+SECOidTag
+fips_hashOid(HASH_HashType type)
+{
+    SECOidTag oid = SEC_OID_UNKNOWN;
+
+    switch (type) {
+        case HASH_AlgSHA1:
+            oid = SEC_OID_SHA1;
+            break;
+        case HASH_AlgSHA224:
+            oid = SEC_OID_SHA224;
+            break;
+        case HASH_AlgSHA256:
+            oid = SEC_OID_SHA256;
+            break;
+        case HASH_AlgSHA384:
+            oid = SEC_OID_SHA384;
+            break;
+        case HASH_AlgSHA512:
+            oid = SEC_OID_SHA512;
+            break;
+        default:
+            break;
+    }
+    return oid;
+}
+
+HASH_HashType
+sha_get_hashType(int hashbits)
+{
+    HASH_HashType hashType = HASH_AlgNULL;
+
+    switch (hashbits) {
+        case 1:
+        case (SHA1_LENGTH * PR_BITS_PER_BYTE):
+            hashType = HASH_AlgSHA1;
+            break;
+        case (SHA224_LENGTH * PR_BITS_PER_BYTE):
+            hashType = HASH_AlgSHA224;
+            break;
+        case (SHA256_LENGTH * PR_BITS_PER_BYTE):
+            hashType = HASH_AlgSHA256;
+            break;
+        case (SHA384_LENGTH * PR_BITS_PER_BYTE):
+            hashType = HASH_AlgSHA384;
+            break;
+        case (SHA512_LENGTH * PR_BITS_PER_BYTE):
+            hashType = HASH_AlgSHA512;
+            break;
+        default:
+            break;
+    }
+    return hashType;
+}
+
+/*
+ * Perform the ECDSA Key Pair Generation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+ecdsa_keypair_test(char *reqfn)
+{
+    char buf[256];   /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * needs to be large enough to hold the longest
+                         * line "Qx = <144 hex digits>\n".
+                         */
+    FILE *ecdsareq;  /* input stream from the REQUEST file */
+    FILE *ecdsaresp; /* output stream to the RESPONSE file */
+    char curve[16];  /* "nistxddd" */
+    ECParams *ecparams = NULL;
+    int N;
+    int i;
+    unsigned int len;
+
+    ecdsareq = fopen(reqfn, "r");
+    ecdsaresp = stdout;
+    strcpy(curve, "nist");
+    while (fgets(buf, sizeof buf, ecdsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* [X-ddd] */
+        if (buf[0] == '[') {
+            const char *src;
+            char *dst;
+            SECItem *encodedparams;
+
+            if (buf[1] == 'B') {
+                fputs(buf, ecdsaresp);
+                continue;
+            }
+            if (ecparams) {
+                PORT_FreeArena(ecparams->arena, PR_FALSE);
+                ecparams = NULL;
+            }
+
+            src = &buf[1];
+            dst = &curve[4];
+            *dst++ = tolower(*src);
+            src += 2; /* skip the hyphen */
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst = '\0';
+            encodedparams = getECParams(curve);
+            if (encodedparams == NULL) {
+                fprintf(stderr, "Unknown curve %s.", curve);
+                goto loser;
+            }
+            if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) {
+                fprintf(stderr, "Curve %s not supported.\n", curve);
+                goto loser;
+            }
+            SECITEM_FreeItem(encodedparams, PR_TRUE);
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* N = x */
+        if (buf[0] == 'N') {
+            if (sscanf(buf, "N = %d", &N) != 1) {
+                goto loser;
+            }
+            for (i = 0; i < N; i++) {
+                ECPrivateKey *ecpriv;
+
+                if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) {
+                    goto loser;
+                }
+                fputs("d = ", ecdsaresp);
+                to_hex_str(buf, ecpriv->privateValue.data,
+                           ecpriv->privateValue.len);
+                fputs(buf, ecdsaresp);
+                fputc('\n', ecdsaresp);
+                if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) !=
+                    SECSuccess) {
+                    goto loser;
+                }
+                len = ecpriv->publicValue.len;
+                if (len % 2 == 0) {
+                    goto loser;
+                }
+                len = (len - 1) / 2;
+                if (ecpriv->publicValue.data[0] !=
+                    EC_POINT_FORM_UNCOMPRESSED) {
+                    goto loser;
+                }
+                fputs("Qx = ", ecdsaresp);
+                to_hex_str(buf, &ecpriv->publicValue.data[1], len);
+                fputs(buf, ecdsaresp);
+                fputc('\n', ecdsaresp);
+                fputs("Qy = ", ecdsaresp);
+                to_hex_str(buf, &ecpriv->publicValue.data[1 + len], len);
+                fputs(buf, ecdsaresp);
+                fputc('\n', ecdsaresp);
+                fputc('\n', ecdsaresp);
+                PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE);
+            }
+            continue;
+        }
+    }
+loser:
+    if (ecparams) {
+        PORT_FreeArena(ecparams->arena, PR_FALSE);
+        ecparams = NULL;
+    }
+    fclose(ecdsareq);
+}
+
+/*
+ * Perform the ECDSA Public Key Validation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+ecdsa_pkv_test(char *reqfn)
+{
+    char buf[256];   /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "Qx = <144 hex digits>\n".
+                         */
+    FILE *ecdsareq;  /* input stream from the REQUEST file */
+    FILE *ecdsaresp; /* output stream to the RESPONSE file */
+    char curve[16];  /* "nistxddd" */
+    ECParams *ecparams = NULL;
+    SECItem pubkey;
+    unsigned int i;
+    unsigned int len = 0;
+    PRBool keyvalid = PR_TRUE;
+
+    ecdsareq = fopen(reqfn, "r");
+    ecdsaresp = stdout;
+    strcpy(curve, "nist");
+    pubkey.data = NULL;
+    while (fgets(buf, sizeof buf, ecdsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* [X-ddd] */
+        if (buf[0] == '[') {
+            const char *src;
+            char *dst;
+            SECItem *encodedparams;
+
+            src = &buf[1];
+            dst = &curve[4];
+            *dst++ = tolower(*src);
+            src += 2; /* skip the hyphen */
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst = '\0';
+            if (ecparams != NULL) {
+                PORT_FreeArena(ecparams->arena, PR_FALSE);
+                ecparams = NULL;
+            }
+            encodedparams = getECParams(curve);
+            if (encodedparams == NULL) {
+                fprintf(stderr, "Unknown curve %s.", curve);
+                goto loser;
+            }
+            if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) {
+                fprintf(stderr, "Curve %s not supported.\n", curve);
+                goto loser;
+            }
+            SECITEM_FreeItem(encodedparams, PR_TRUE);
+            len = (ecparams->fieldID.size + 7) >> 3;
+            if (pubkey.data != NULL) {
+                PORT_Free(pubkey.data);
+                pubkey.data = NULL;
+            }
+            SECITEM_AllocItem(NULL, &pubkey, EC_GetPointSize(ecparams));
+            if (pubkey.data == NULL) {
+                goto loser;
+            }
+            pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED;
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* Qx = ... */
+        if (strncmp(buf, "Qx", 2) == 0) {
+            fputs(buf, ecdsaresp);
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]);
+            continue;
+        }
+        /* Qy = ... */
+        if (strncmp(buf, "Qy", 2) == 0) {
+            fputs(buf, ecdsaresp);
+            if (!keyvalid) {
+                fputs("Result = F\n", ecdsaresp);
+                continue;
+            }
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            keyvalid = from_hex_str(&pubkey.data[1 + len], len, &buf[i]);
+            if (!keyvalid) {
+                fputs("Result = F\n", ecdsaresp);
+                continue;
+            }
+            if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) {
+                fputs("Result = P\n", ecdsaresp);
+            } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) {
+                fputs("Result = F\n", ecdsaresp);
+            } else {
+                goto loser;
+            }
+            continue;
+        }
+    }
+loser:
+    if (ecparams != NULL) {
+        PORT_FreeArena(ecparams->arena, PR_FALSE);
+    }
+    if (pubkey.data != NULL) {
+        PORT_Free(pubkey.data);
+    }
+    fclose(ecdsareq);
+}
+
+/*
+ * Perform the ECDSA Signature Generation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+ecdsa_siggen_test(char *reqfn)
+{
+    char buf[1024];  /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * needs to be large enough to hold the longest
+                         * line "Msg = <256 hex digits>\n".
+                         */
+    FILE *ecdsareq;  /* input stream from the REQUEST file */
+    FILE *ecdsaresp; /* output stream to the RESPONSE file */
+    char curve[16];  /* "nistxddd" */
+    ECParams *ecparams = NULL;
+    int i, j;
+    unsigned int len;
+    unsigned char msg[512]; /* message to be signed (<= 128 bytes) */
+    unsigned int msglen;
+    unsigned char sha[HASH_LENGTH_MAX];  /* SHA digest */
+    unsigned int shaLength = 0;          /* length of SHA */
+    HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
+    unsigned char sig[2 * MAX_ECKEY_LEN];
+    SECItem signature, digest;
+
+    ecdsareq = fopen(reqfn, "r");
+    ecdsaresp = stdout;
+    strcpy(curve, "nist");
+    while (fgets(buf, sizeof buf, ecdsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* [X-ddd] */
+        if (buf[0] == '[') {
+            const char *src;
+            char *dst;
+            SECItem *encodedparams;
+
+            src = &buf[1];
+            dst = &curve[4];
+            *dst++ = tolower(*src);
+            src += 2; /* skip the hyphen */
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst = '\0';
+            src++; /* skip the comma */
+            /* set the SHA Algorithm */
+            if (strncmp(src, "SHA-1", 5) == 0) {
+                shaAlg = HASH_AlgSHA1;
+            } else if (strncmp(src, "SHA-224", 7) == 0) {
+                shaAlg = HASH_AlgSHA224;
+            } else if (strncmp(src, "SHA-256", 7) == 0) {
+                shaAlg = HASH_AlgSHA256;
+            } else if (strncmp(src, "SHA-384", 7) == 0) {
+                shaAlg = HASH_AlgSHA384;
+            } else if (strncmp(src, "SHA-512", 7) == 0) {
+                shaAlg = HASH_AlgSHA512;
+            } else {
+                fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type");
+                goto loser;
+            }
+            if (ecparams != NULL) {
+                PORT_FreeArena(ecparams->arena, PR_FALSE);
+                ecparams = NULL;
+            }
+            encodedparams = getECParams(curve);
+            if (encodedparams == NULL) {
+                fprintf(stderr, "Unknown curve %s.", curve);
+                goto loser;
+            }
+            if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) {
+                fprintf(stderr, "Curve %s not supported.\n", curve);
+                goto loser;
+            }
+            SECITEM_FreeItem(encodedparams, PR_TRUE);
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* Msg = ... */
+        if (strncmp(buf, "Msg", 3) == 0) {
+            ECPrivateKey *ecpriv;
+
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+            msglen = j;
+            shaLength = fips_hashLen(shaAlg);
+            if (fips_hashBuf(shaAlg, sha, msg, msglen) != SECSuccess) {
+                if (shaLength == 0) {
+                    fprintf(ecdsaresp, "ERROR: SHAAlg not defined.");
+                }
+                fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x",
+                        shaLength == 160 ? 1 : shaLength);
+                goto loser;
+            }
+            fputs(buf, ecdsaresp);
+
+            if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) {
+                goto loser;
+            }
+            if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) !=
+                SECSuccess) {
+                goto loser;
+            }
+            len = ecpriv->publicValue.len;
+            if (len % 2 == 0) {
+                goto loser;
+            }
+            len = (len - 1) / 2;
+            if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
+                goto loser;
+            }
+            fputs("Qx = ", ecdsaresp);
+            to_hex_str(buf, &ecpriv->publicValue.data[1], len);
+            fputs(buf, ecdsaresp);
+            fputc('\n', ecdsaresp);
+            fputs("Qy = ", ecdsaresp);
+            to_hex_str(buf, &ecpriv->publicValue.data[1 + len], len);
+            fputs(buf, ecdsaresp);
+            fputc('\n', ecdsaresp);
+
+            digest.type = siBuffer;
+            digest.data = sha;
+            digest.len = shaLength;
+            signature.type = siBuffer;
+            signature.data = sig;
+            signature.len = sizeof sig;
+            if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) {
+                goto loser;
+            }
+            len = signature.len;
+            if (len % 2 != 0) {
+                goto loser;
+            }
+            len = len / 2;
+            fputs("R = ", ecdsaresp);
+            to_hex_str(buf, &signature.data[0], len);
+            fputs(buf, ecdsaresp);
+            fputc('\n', ecdsaresp);
+            fputs("S = ", ecdsaresp);
+            to_hex_str(buf, &signature.data[len], len);
+            fputs(buf, ecdsaresp);
+            fputc('\n', ecdsaresp);
+
+            PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE);
+            continue;
+        }
+    }
+loser:
+    if (ecparams != NULL) {
+        PORT_FreeArena(ecparams->arena, PR_FALSE);
+    }
+    fclose(ecdsareq);
+}
+
+/*
+ * Perform the ECDSA Signature Verification Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+ecdsa_sigver_test(char *reqfn)
+{
+    char buf[1024];  /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "Msg = <256 hex digits>\n".
+                         */
+    FILE *ecdsareq;  /* input stream from the REQUEST file */
+    FILE *ecdsaresp; /* output stream to the RESPONSE file */
+    char curve[16];  /* "nistxddd" */
+    ECPublicKey ecpub;
+    unsigned int i, j;
+    unsigned int flen = 0;  /* length in bytes of the field size */
+    unsigned int olen = 0;  /* length in bytes of the base point order */
+    unsigned char msg[512]; /* message that was signed (<= 128 bytes) */
+    unsigned int msglen = 0;
+    unsigned char sha[HASH_LENGTH_MAX];  /* SHA digest */
+    unsigned int shaLength = 0;          /* length of SHA */
+    HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
+    unsigned char sig[2 * MAX_ECKEY_LEN];
+    SECItem signature, digest;
+    PRBool keyvalid = PR_TRUE;
+    PRBool sigvalid = PR_TRUE;
+
+    ecdsareq = fopen(reqfn, "r");
+    ecdsaresp = stdout;
+    ecpub.ecParams.arena = NULL;
+    strcpy(curve, "nist");
+    while (fgets(buf, sizeof buf, ecdsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* [X-ddd] */
+        if (buf[0] == '[') {
+            const char *src;
+            char *dst;
+            SECItem *encodedparams;
+            ECParams *ecparams;
+
+            src = &buf[1];
+            dst = &curve[4];
+            *dst++ = tolower(*src);
+            src += 2; /* skip the hyphen */
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst++ = *src++;
+            *dst = '\0';
+            src++; /* skip the comma */
+            /* set the SHA Algorithm */
+            if (strncmp(src, "SHA-1", 5) == 0) {
+                shaAlg = HASH_AlgSHA1;
+            } else if (strncmp(src, "SHA-224", 7) == 0) {
+                shaAlg = HASH_AlgSHA224;
+            } else if (strncmp(src, "SHA-256", 7) == 0) {
+                shaAlg = HASH_AlgSHA256;
+            } else if (strncmp(src, "SHA-384", 7) == 0) {
+                shaAlg = HASH_AlgSHA384;
+            } else if (strncmp(src, "SHA-512", 7) == 0) {
+                shaAlg = HASH_AlgSHA512;
+            } else {
+                fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type");
+                goto loser;
+            }
+            encodedparams = getECParams(curve);
+            if (encodedparams == NULL) {
+                fprintf(stderr, "Unknown curve %s.", curve);
+                goto loser;
+            }
+            if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) {
+                fprintf(stderr, "Curve %s not supported.\n", curve);
+                goto loser;
+            }
+            SECITEM_FreeItem(encodedparams, PR_TRUE);
+            if (ecpub.ecParams.arena != NULL) {
+                PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE);
+            }
+            ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+            if (ecpub.ecParams.arena == NULL) {
+                goto loser;
+            }
+            if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) !=
+                SECSuccess) {
+                goto loser;
+            }
+            PORT_FreeArena(ecparams->arena, PR_FALSE);
+            flen = (ecpub.ecParams.fieldID.size + 7) >> 3;
+            olen = ecpub.ecParams.order.len;
+            if (2 * olen > sizeof sig) {
+                goto loser;
+            }
+            ecpub.publicValue.type = siBuffer;
+            ecpub.publicValue.data = NULL;
+            ecpub.publicValue.len = 0;
+            SECITEM_AllocItem(ecpub.ecParams.arena,
+                              &ecpub.publicValue, 2 * flen + 1);
+            if (ecpub.publicValue.data == NULL) {
+                goto loser;
+            }
+            ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED;
+            fputs(buf, ecdsaresp);
+            continue;
+        }
+        /* Msg = ... */
+        if (strncmp(buf, "Msg", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+            msglen = j;
+            shaLength = fips_hashLen(shaAlg);
+            if (fips_hashBuf(shaAlg, sha, msg, msglen) != SECSuccess) {
+                if (shaLength == 0) {
+                    fprintf(ecdsaresp, "ERROR: SHAAlg not defined.");
+                }
+                fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x",
+                        shaLength == 160 ? 1 : shaLength);
+                goto loser;
+            }
+            fputs(buf, ecdsaresp);
+
+            digest.type = siBuffer;
+            digest.data = sha;
+            digest.len = shaLength;
+
+            continue;
+        }
+        /* Qx = ... */
+        if (strncmp(buf, "Qx", 2) == 0) {
+            fputs(buf, ecdsaresp);
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen,
+                                    &buf[i]);
+            continue;
+        }
+        /* Qy = ... */
+        if (strncmp(buf, "Qy", 2) == 0) {
+            fputs(buf, ecdsaresp);
+            if (!keyvalid) {
+                continue;
+            }
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            keyvalid = from_hex_str(&ecpub.publicValue.data[1 + flen], flen,
+                                    &buf[i]);
+            if (!keyvalid) {
+                continue;
+            }
+            if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) !=
+                SECSuccess) {
+                if (PORT_GetError() == SEC_ERROR_BAD_KEY) {
+                    keyvalid = PR_FALSE;
+                } else {
+                    goto loser;
+                }
+            }
+            continue;
+        }
+        /* R = ... */
+        if (buf[0] == 'R') {
+            fputs(buf, ecdsaresp);
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            sigvalid = from_hex_str(sig, olen, &buf[i]);
+            continue;
+        }
+        /* S = ... */
+        if (buf[0] == 'S') {
+            fputs(buf, ecdsaresp);
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            if (sigvalid) {
+                sigvalid = from_hex_str(&sig[olen], olen, &buf[i]);
+            }
+            signature.type = siBuffer;
+            signature.data = sig;
+            signature.len = 2 * olen;
+
+            if (!keyvalid || !sigvalid) {
+                fputs("Result = F\n", ecdsaresp);
+            } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) ==
+                       SECSuccess) {
+                fputs("Result = P\n", ecdsaresp);
+            } else {
+                fputs("Result = F\n", ecdsaresp);
+            }
+            continue;
+        }
+    }
+loser:
+    if (ecpub.ecParams.arena != NULL) {
+        PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE);
+    }
+    fclose(ecdsareq);
+}
+#endif /* NSS_DISABLE_ECC */
+
+PRBool
+isblankline(char *b)
+{
+    while (isspace(*b))
+        b++;
+    if ((*b == '\n') || (*b == 0)) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+static int debug = 0;
+
+/*
+ * Perform the Hash_DRBG (CAVS) for the RNG algorithm
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+drbg(char *reqfn)
+{
+    char buf[2000]; /* test case has some very long lines, returned bits
+     * as high as 800 bytes (6400 bits). That 1600 byte
+     * plus a tag */
+    char buf2[2000];
+    FILE *rngreq;  /* input stream from the REQUEST file */
+    FILE *rngresp; /* output stream to the RESPONSE file */
+
+    unsigned int i, j;
+#ifdef HANDLE_PREDICTION_RESISTANCE
+    PRBool predictionResistance = PR_FALSE;
+#endif
+    unsigned char *nonce = NULL;
+    int nonceLen = 0;
+    unsigned char *personalizationString = NULL;
+    int personalizationStringLen = 0;
+    unsigned char *additionalInput = NULL;
+    int additionalInputLen = 0;
+    unsigned char *entropyInput = NULL;
+    int entropyInputLen = 0;
+    unsigned char *predictedreturn_bytes = NULL;
+    unsigned char *return_bytes = NULL;
+    int return_bytes_len = 0;
+    enum { NONE,
+           INSTANTIATE,
+           GENERATE,
+           RESEED,
+           RESULT } command =
+        NONE;
+    PRBool genResult = PR_FALSE;
+    SECStatus rv;
+
+    rngreq = fopen(reqfn, "r");
+    rngresp = stdout;
+    while (fgets(buf, sizeof buf, rngreq) != NULL) {
+        switch (command) {
+            case INSTANTIATE:
+                if (debug) {
+                    fputs("# PRNGTEST_Instantiate(", rngresp);
+                    to_hex_str(buf2, entropyInput, entropyInputLen);
+                    fputs(buf2, rngresp);
+                    fprintf(rngresp, ",%d,", entropyInputLen);
+                    to_hex_str(buf2, nonce, nonceLen);
+                    fputs(buf2, rngresp);
+                    fprintf(rngresp, ",%d,", nonceLen);
+                    to_hex_str(buf2, personalizationString,
+                               personalizationStringLen);
+                    fputs(buf2, rngresp);
+                    fprintf(rngresp, ",%d)\n", personalizationStringLen);
+                }
+                rv = PRNGTEST_Instantiate(entropyInput, entropyInputLen,
+                                          nonce, nonceLen,
+                                          personalizationString,
+                                          personalizationStringLen);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+                break;
+
+            case GENERATE:
+            case RESULT:
+                memset(return_bytes, 0, return_bytes_len);
+                if (debug) {
+                    fputs("# PRNGTEST_Generate(returnbytes", rngresp);
+                    fprintf(rngresp, ",%d,", return_bytes_len);
+                    to_hex_str(buf2, additionalInput, additionalInputLen);
+                    fputs(buf2, rngresp);
+                    fprintf(rngresp, ",%d)\n", additionalInputLen);
+                }
+                rv = PRNGTEST_Generate((PRUint8 *)return_bytes,
+                                       return_bytes_len,
+                                       (PRUint8 *)additionalInput,
+                                       additionalInputLen);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+
+                if (command == RESULT) {
+                    fputs("ReturnedBits = ", rngresp);
+                    to_hex_str(buf2, return_bytes, return_bytes_len);
+                    fputs(buf2, rngresp);
+                    fputc('\n', rngresp);
+                    if (debug) {
+                        fputs("# PRNGTEST_Uninstantiate()\n", rngresp);
+                    }
+                    rv = PRNGTEST_Uninstantiate();
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                } else if (debug) {
+                    fputs("#ReturnedBits = ", rngresp);
+                    to_hex_str(buf2, return_bytes, return_bytes_len);
+                    fputs(buf2, rngresp);
+                    fputc('\n', rngresp);
+                }
+
+                memset(additionalInput, 0, additionalInputLen);
+                break;
+
+            case RESEED:
+                if (entropyInput || additionalInput) {
+                    if (debug) {
+                        fputs("# PRNGTEST_Reseed(", rngresp);
+                        fprintf(rngresp, ",%d,", return_bytes_len);
+                        to_hex_str(buf2, entropyInput, entropyInputLen);
+                        fputs(buf2, rngresp);
+                        fprintf(rngresp, ",%d,", entropyInputLen);
+                        to_hex_str(buf2, additionalInput, additionalInputLen);
+                        fputs(buf2, rngresp);
+                        fprintf(rngresp, ",%d)\n", additionalInputLen);
+                    }
+                    rv = PRNGTEST_Reseed(entropyInput, entropyInputLen,
+                                         additionalInput, additionalInputLen);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                }
+                memset(entropyInput, 0, entropyInputLen);
+                memset(additionalInput, 0, additionalInputLen);
+                break;
+            case NONE:
+                break;
+        }
+        command = NONE;
+
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n' || buf[0] == '\r') {
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        /* [Hash - SHA256] */
+        if (strncmp(buf, "[SHA-256]", 9) == 0) {
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        if (strncmp(buf, "[PredictionResistance", 21) == 0) {
+#ifdef HANDLE_PREDICTION_RESISTANCE
+            i = 21;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            if (strncmp(buf, "False", 5) == 0) {
+                predictionResistance = PR_FALSE;
+            } else {
+                predictionResistance = PR_TRUE;
+            }
+#endif
+
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) {
+            if (return_bytes) {
+                PORT_ZFree(return_bytes, return_bytes_len);
+                return_bytes = NULL;
+            }
+            if (predictedreturn_bytes) {
+                PORT_ZFree(predictedreturn_bytes, return_bytes_len);
+                predictedreturn_bytes = NULL;
+            }
+            return_bytes_len = 0;
+            if (sscanf(buf, "[ReturnedBitsLen = %d]", &return_bytes_len) != 1) {
+                goto loser;
+            }
+            return_bytes_len = return_bytes_len / 8;
+            if (return_bytes_len > 0) {
+                return_bytes = PORT_Alloc(return_bytes_len);
+                predictedreturn_bytes = PORT_Alloc(return_bytes_len);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        if (strncmp(buf, "[EntropyInputLen", 16) == 0) {
+            if (entropyInput) {
+                PORT_ZFree(entropyInput, entropyInputLen);
+                entropyInput = NULL;
+                entropyInputLen = 0;
+            }
+            if (sscanf(buf, "[EntropyInputLen = %d]", &entropyInputLen) != 1) {
+                goto loser;
+            }
+            entropyInputLen = entropyInputLen / 8;
+            if (entropyInputLen > 0) {
+                entropyInput = PORT_Alloc(entropyInputLen);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        if (strncmp(buf, "[NonceLen", 9) == 0) {
+            if (nonce) {
+                PORT_ZFree(nonce, nonceLen);
+                nonce = NULL;
+                nonceLen = 0;
+            }
+
+            if (sscanf(buf, "[NonceLen = %d]", &nonceLen) != 1) {
+                goto loser;
+            }
+            nonceLen = nonceLen / 8;
+            if (nonceLen > 0) {
+                nonce = PORT_Alloc(nonceLen);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        if (strncmp(buf, "[PersonalizationStringLen", 16) == 0) {
+            if (personalizationString) {
+                PORT_ZFree(personalizationString, personalizationStringLen);
+                personalizationString = NULL;
+                personalizationStringLen = 0;
+            }
+
+            if (sscanf(buf, "[PersonalizationStringLen = %d]", &personalizationStringLen) != 1) {
+                goto loser;
+            }
+            personalizationStringLen = personalizationStringLen / 8;
+            if (personalizationStringLen > 0) {
+                personalizationString = PORT_Alloc(personalizationStringLen);
+            }
+            fputs(buf, rngresp);
+
+            continue;
+        }
+
+        if (strncmp(buf, "[AdditionalInputLen", 16) == 0) {
+            if (additionalInput) {
+                PORT_ZFree(additionalInput, additionalInputLen);
+                additionalInput = NULL;
+                additionalInputLen = 0;
+            }
+
+            if (sscanf(buf, "[AdditionalInputLen = %d]", &additionalInputLen) != 1) {
+                goto loser;
+            }
+            additionalInputLen = additionalInputLen / 8;
+            if (additionalInputLen > 0) {
+                additionalInput = PORT_Alloc(additionalInputLen);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            if (entropyInput) {
+                memset(entropyInput, 0, entropyInputLen);
+            }
+            if (nonce) {
+                memset(nonce, 0, nonceLen);
+            }
+            if (personalizationString) {
+                memset(personalizationString, 0, personalizationStringLen);
+            }
+            if (additionalInput) {
+                memset(additionalInput, 0, additionalInputLen);
+            }
+            genResult = PR_FALSE;
+
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        /* EntropyInputReseed = ... */
+        if (strncmp(buf, "EntropyInputReseed", 18) == 0) {
+            if (entropyInput) {
+                memset(entropyInput, 0, entropyInputLen);
+                i = 18;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+
+                for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<entropyInputLen*/
+                    hex_to_byteval(&buf[i], &entropyInput[j]);
+                }
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        /* AttionalInputReseed  = ... */
+        if (strncmp(buf, "AdditionalInputReseed", 21) == 0) {
+            if (additionalInput) {
+                memset(additionalInput, 0, additionalInputLen);
+                i = 21;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<additionalInputLen*/
+                    hex_to_byteval(&buf[i], &additionalInput[j]);
+                }
+            }
+            command = RESEED;
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        /* Entropy input = ... */
+        if (strncmp(buf, "EntropyInput", 12) == 0) {
+            i = 12;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<entropyInputLen*/
+                hex_to_byteval(&buf[i], &entropyInput[j]);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        /* nouce = ... */
+        if (strncmp(buf, "Nonce", 5) == 0) {
+            i = 5;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<nonceLen*/
+                hex_to_byteval(&buf[i], &nonce[j]);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        /* Personalization string = ... */
+        if (strncmp(buf, "PersonalizationString", 21) == 0) {
+            if (personalizationString) {
+                i = 21;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<personalizationStringLen*/
+                    hex_to_byteval(&buf[i], &personalizationString[j]);
+                }
+            }
+            fputs(buf, rngresp);
+            command = INSTANTIATE;
+            continue;
+        }
+
+        /* Additional input = ... */
+        if (strncmp(buf, "AdditionalInput", 15) == 0) {
+            if (additionalInput) {
+                i = 15;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<additionalInputLen*/
+                    hex_to_byteval(&buf[i], &additionalInput[j]);
+                }
+            }
+            if (genResult) {
+                command = RESULT;
+            } else {
+                command = GENERATE;
+                genResult = PR_TRUE; /* next time generate result */
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+
+        /* Returned bits = ... */
+        if (strncmp(buf, "ReturnedBits", 12) == 0) {
+            i = 12;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) { /*j<additionalInputLen*/
+                hex_to_byteval(&buf[i], &predictedreturn_bytes[j]);
+            }
+
+            if (memcmp(return_bytes,
+                       predictedreturn_bytes, return_bytes_len) != 0) {
+                if (debug) {
+                    fprintf(rngresp, "# Generate failed:\n");
+                    fputs("#   predicted=", rngresp);
+                    to_hex_str(buf, predictedreturn_bytes,
+                               return_bytes_len);
+                    fputs(buf, rngresp);
+                    fputs("\n#   actual  = ", rngresp);
+                    fputs(buf2, rngresp);
+                    fputc('\n', rngresp);
+
+                } else {
+                    fprintf(stderr, "Generate failed:\n");
+                    fputs("   predicted=", stderr);
+                    to_hex_str(buf, predictedreturn_bytes,
+                               return_bytes_len);
+                    fputs(buf, stderr);
+                    fputs("\n   actual  = ", stderr);
+                    fputs(buf2, stderr);
+                    fputc('\n', stderr);
+                }
+            }
+            memset(predictedreturn_bytes, 0, return_bytes_len);
+
+            continue;
+        }
+    }
+loser:
+    if (predictedreturn_bytes) {
+        PORT_Free(predictedreturn_bytes);
+    }
+    if (return_bytes) {
+        PORT_Free(return_bytes);
+    }
+    if (additionalInput) {
+        PORT_Free(additionalInput);
+    }
+    if (personalizationString) {
+        PORT_Free(personalizationString);
+    }
+    if (nonce) {
+        PORT_Free(nonce);
+    }
+    if (entropyInput) {
+        PORT_Free(entropyInput);
+    }
+    fclose(rngreq);
+}
+
+/*
+ * Perform the RNG Variable Seed Test (VST) for the RNG algorithm
+ * "DSA - Generation of X", used both as specified and as a generic
+ * purpose RNG.  The presence of "Q = ..." in the REQUEST file
+ * indicates we are using the algorithm as specified.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+rng_vst(char *reqfn)
+{
+    char buf[256]; /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "XSeed = <128 hex digits>\n".
+                         */
+    FILE *rngreq;  /* input stream from the REQUEST file */
+    FILE *rngresp; /* output stream to the RESPONSE file */
+    unsigned int i, j;
+    unsigned char Q[DSA1_SUBPRIME_LEN];
+    PRBool hasQ = PR_FALSE;
+    unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
+    unsigned char XKey[512 / 8];
+    unsigned char XSeed[512 / 8];
+    unsigned char GENX[DSA1_SIGNATURE_LEN];
+    unsigned char DSAX[DSA1_SUBPRIME_LEN];
+    SECStatus rv;
+
+    rngreq = fopen(reqfn, "r");
+    rngresp = stdout;
+    while (fgets(buf, sizeof buf, rngreq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* [Xchange - SHA1] */
+        if (buf[0] == '[') {
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* Q = ... */
+        if (buf[0] == 'Q') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof Q; i += 2, j++) {
+                hex_to_byteval(&buf[i], &Q[j]);
+            }
+            fputs(buf, rngresp);
+            hasQ = PR_TRUE;
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            b = 0;
+            memset(XKey, 0, sizeof XKey);
+            memset(XSeed, 0, sizeof XSeed);
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* b = ... */
+        if (buf[0] == 'b') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            b = atoi(&buf[i]);
+            if (b < 160 || b > 512 || b % 8 != 0) {
+                goto loser;
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* XKey = ... */
+        if (strncmp(buf, "XKey", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < b / 8; i += 2, j++) {
+                hex_to_byteval(&buf[i], &XKey[j]);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* XSeed = ... */
+        if (strncmp(buf, "XSeed", 5) == 0) {
+            i = 5;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < b / 8; i += 2, j++) {
+                hex_to_byteval(&buf[i], &XSeed[j]);
+            }
+            fputs(buf, rngresp);
+
+            rv = FIPS186Change_GenerateX(XKey, XSeed, GENX);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            fputs("X = ", rngresp);
+            if (hasQ) {
+                rv = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+                to_hex_str(buf, DSAX, sizeof DSAX);
+            } else {
+                to_hex_str(buf, GENX, sizeof GENX);
+            }
+            fputs(buf, rngresp);
+            fputc('\n', rngresp);
+            continue;
+        }
+    }
+loser:
+    fclose(rngreq);
+}
+
+/*
+ * Perform the RNG Monte Carlo Test (MCT) for the RNG algorithm
+ * "DSA - Generation of X", used both as specified and as a generic
+ * purpose RNG.  The presence of "Q = ..." in the REQUEST file
+ * indicates we are using the algorithm as specified.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+rng_mct(char *reqfn)
+{
+    char buf[256]; /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "XSeed = <128 hex digits>\n".
+                         */
+    FILE *rngreq;  /* input stream from the REQUEST file */
+    FILE *rngresp; /* output stream to the RESPONSE file */
+    unsigned int i, j;
+    unsigned char Q[DSA1_SUBPRIME_LEN];
+    PRBool hasQ = PR_FALSE;
+    unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
+    unsigned char XKey[512 / 8];
+    unsigned char XSeed[512 / 8];
+    unsigned char GENX[2 * SHA1_LENGTH];
+    unsigned char DSAX[DSA1_SUBPRIME_LEN];
+    SECStatus rv;
+
+    rngreq = fopen(reqfn, "r");
+    rngresp = stdout;
+    while (fgets(buf, sizeof buf, rngreq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* [Xchange - SHA1] */
+        if (buf[0] == '[') {
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* Q = ... */
+        if (buf[0] == 'Q') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof Q; i += 2, j++) {
+                hex_to_byteval(&buf[i], &Q[j]);
+            }
+            fputs(buf, rngresp);
+            hasQ = PR_TRUE;
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            b = 0;
+            memset(XKey, 0, sizeof XKey);
+            memset(XSeed, 0, sizeof XSeed);
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* b = ... */
+        if (buf[0] == 'b') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            b = atoi(&buf[i]);
+            if (b < 160 || b > 512 || b % 8 != 0) {
+                goto loser;
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* XKey = ... */
+        if (strncmp(buf, "XKey", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < b / 8; i += 2, j++) {
+                hex_to_byteval(&buf[i], &XKey[j]);
+            }
+            fputs(buf, rngresp);
+            continue;
+        }
+        /* XSeed = ... */
+        if (strncmp(buf, "XSeed", 5) == 0) {
+            unsigned int k;
+            i = 5;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < b / 8; i += 2, j++) {
+                hex_to_byteval(&buf[i], &XSeed[j]);
+            }
+            fputs(buf, rngresp);
+
+            for (k = 0; k < 10000; k++) {
+                rv = FIPS186Change_GenerateX(XKey, XSeed, GENX);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+            }
+            fputs("X = ", rngresp);
+            if (hasQ) {
+                rv = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+                to_hex_str(buf, DSAX, sizeof DSAX);
+            } else {
+                to_hex_str(buf, GENX, sizeof GENX);
+            }
+            fputs(buf, rngresp);
+            fputc('\n', rngresp);
+            continue;
+        }
+    }
+loser:
+    fclose(rngreq);
+}
+
+/*
+ * Calculate the SHA Message Digest
+ *
+ * MD = Message digest
+ * MDLen = length of Message Digest and SHA_Type
+ * msg = message to digest
+ * msgLen = length of message to digest
+ */
+SECStatus
+sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen)
+{
+    HASH_HashType hashType = sha_get_hashType(MDLen * PR_BITS_PER_BYTE);
+
+    return fips_hashBuf(hashType, MD, msg, msgLen);
+}
+
+/*
+ * Perform the SHA Monte Carlo Test
+ *
+ * MDLen = length of Message Digest and SHA_Type
+ * seed = input seed value
+ * resp = is the output response file.
+ */
+SECStatus
+sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp)
+{
+    int i, j;
+    unsigned int msgLen = MDLen * 3;
+    unsigned char MD_i3[HASH_LENGTH_MAX]; /* MD[i-3] */
+    unsigned char MD_i2[HASH_LENGTH_MAX]; /* MD[i-2] */
+    unsigned char MD_i1[HASH_LENGTH_MAX]; /* MD[i-1] */
+    unsigned char MD_i[HASH_LENGTH_MAX];  /* MD[i] */
+    unsigned char msg[HASH_LENGTH_MAX * 3];
+    char buf[HASH_LENGTH_MAX * 2 + 1]; /* MAX buf MD_i as a hex string */
+
+    for (j = 0; j < 100; j++) {
+        /* MD_0 = MD_1 = MD_2 = seed */
+        memcpy(MD_i3, seed, MDLen);
+        memcpy(MD_i2, seed, MDLen);
+        memcpy(MD_i1, seed, MDLen);
+
+        for (i = 3; i < 1003; i++) {
+            /* Mi = MD[i-3] || MD [i-2] || MD [i-1] */
+            memcpy(msg, MD_i3, MDLen);
+            memcpy(&msg[MDLen], MD_i2, MDLen);
+            memcpy(&msg[MDLen * 2], MD_i1, MDLen);
+
+            /* MDi = SHA(Msg) */
+            if (sha_calcMD(MD_i, MDLen,
+                           msg, msgLen) != SECSuccess) {
+                return SECFailure;
+            }
+
+            /* save MD[i-3] MD[i-2]  MD[i-1] */
+            memcpy(MD_i3, MD_i2, MDLen);
+            memcpy(MD_i2, MD_i1, MDLen);
+            memcpy(MD_i1, MD_i, MDLen);
+        }
+
+        /* seed = MD_i */
+        memcpy(seed, MD_i, MDLen);
+
+        sprintf(buf, "COUNT = %d\n", j);
+        fputs(buf, resp);
+
+        /* output MD_i */
+        fputs("MD = ", resp);
+        to_hex_str(buf, MD_i, MDLen);
+        fputs(buf, resp);
+        fputc('\n', resp);
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Perform the SHA Tests.
+ *
+ * reqfn is the pathname of the input REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+sha_test(char *reqfn)
+{
+    unsigned int i, j;
+    unsigned int MDlen = 0;              /* the length of the Message Digest in Bytes  */
+    unsigned int msgLen = 0;             /* the length of the input Message in Bytes */
+    unsigned char *msg = NULL;           /* holds the message to digest.*/
+    size_t bufSize = 256 * 128;          /*MAX buffer size */
+    char *buf = NULL;                    /* holds one line from the input REQUEST file.*/
+    unsigned char seed[HASH_LENGTH_MAX]; /* max size of seed 64 bytes */
+    unsigned char MD[HASH_LENGTH_MAX];   /* message digest */
+
+    FILE *req = NULL; /* input stream from the REQUEST file */
+    FILE *resp;       /* output stream to the RESPONSE file */
+
+    buf = PORT_ZAlloc(bufSize);
+    if (buf == NULL) {
+        goto loser;
+    }
+
+    /* zeroize the variables for the test with this data set */
+    memset(seed, 0, sizeof seed);
+
+    req = fopen(reqfn, "r");
+    resp = stdout;
+    while (fgets(buf, bufSize, req) != NULL) {
+
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, resp);
+            continue;
+        }
+        /* [L = Length of the Message Digest and sha_type */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "L ", 1) == 0) {
+                i = 2;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                MDlen = atoi(&buf[i]);
+                fputs(buf, resp);
+                continue;
+            }
+        }
+        /* Len = Length of the Input Message Length  ... */
+        if (strncmp(buf, "Len", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            if (msg) {
+                PORT_ZFree(msg, msgLen);
+                msg = NULL;
+            }
+            msgLen = atoi(&buf[i]); /* in bits */
+            if (msgLen % 8 != 0) {
+                fprintf(stderr, "SHA tests are incorrectly configured for "
+                                "BIT oriented implementations\n");
+                goto loser;
+            }
+            msgLen = msgLen / 8; /* convert to bytes */
+            fputs(buf, resp);
+            msg = PORT_ZAlloc(msgLen);
+            if (msg == NULL && msgLen != 0) {
+                goto loser;
+            }
+            continue;
+        }
+        /* MSG = ... */
+        if (strncmp(buf, "Msg", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < msgLen; i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+            fputs(buf, resp);
+            /* calculate the Message Digest */
+            memset(MD, 0, sizeof MD);
+            if (sha_calcMD(MD, MDlen,
+                           msg, msgLen) != SECSuccess) {
+                goto loser;
+            }
+
+            fputs("MD = ", resp);
+            to_hex_str(buf, MD, MDlen);
+            fputs(buf, resp);
+            fputc('\n', resp);
+
+            continue;
+        }
+        /* Seed = ... */
+        if (strncmp(buf, "Seed", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < sizeof seed; i += 2, j++) {
+                hex_to_byteval(&buf[i], &seed[j]);
+            }
+
+            fputs(buf, resp);
+            fputc('\n', resp);
+
+            /* do the Monte Carlo test */
+            if (sha_mct_test(MDlen, seed, resp) != SECSuccess) {
+                goto loser;
+            }
+
+            continue;
+        }
+    }
+loser:
+    if (req) {
+        fclose(req);
+    }
+    if (buf) {
+        PORT_ZFree(buf, bufSize);
+    }
+    if (msg) {
+        PORT_ZFree(msg, msgLen);
+    }
+}
+
+/****************************************************/
+/* HMAC SHA-X calc                                  */
+/* hmac_computed - the computed HMAC                */
+/* hmac_length - the length of the computed HMAC    */
+/* secret_key - secret key to HMAC                  */
+/* secret_key_length - length of secret key,        */
+/* message - message to HMAC                        */
+/* message_length - length ofthe message            */
+/****************************************************/
+static SECStatus
+hmac_calc(unsigned char *hmac_computed,
+          const unsigned int hmac_length,
+          const unsigned char *secret_key,
+          const unsigned int secret_key_length,
+          const unsigned char *message,
+          const unsigned int message_length,
+          const HASH_HashType hashAlg)
+{
+    SECStatus hmac_status = SECFailure;
+    HMACContext *cx = NULL;
+    SECHashObject *hashObj = NULL;
+    unsigned int bytes_hashed = 0;
+
+    hashObj = (SECHashObject *)HASH_GetRawHashObject(hashAlg);
+
+    if (!hashObj)
+        return (SECFailure);
+
+    cx = HMAC_Create(hashObj, secret_key,
+                     secret_key_length,
+                     PR_TRUE); /* PR_TRUE for in FIPS mode */
+
+    if (cx == NULL)
+        return (SECFailure);
+
+    HMAC_Begin(cx);
+    HMAC_Update(cx, message, message_length);
+    hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
+                              hmac_length);
+
+    HMAC_Destroy(cx, PR_TRUE);
+
+    return (hmac_status);
+}
+
+/*
+ * Perform the HMAC Tests.
+ *
+ * reqfn is the pathname of the input REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+hmac_test(char *reqfn)
+{
+    unsigned int i, j;
+    size_t bufSize = 400;                        /* MAX buffer size */
+    char *buf = NULL;                            /* holds one line from the input REQUEST file.*/
+    unsigned int keyLen = 0;                     /* Key Length */
+    unsigned char key[200];                      /* key MAX size = 184 */
+    unsigned int msgLen = 128;                   /* the length of the input  */
+                                                 /*  Message is always 128 Bytes */
+    unsigned char *msg = NULL;                   /* holds the message to digest.*/
+    unsigned int HMACLen = 0;                    /* the length of the HMAC Bytes  */
+    unsigned int TLen = 0;                       /* the length of the requested */
+                                                 /* truncated HMAC Bytes */
+    unsigned char HMAC[HASH_LENGTH_MAX];         /* computed HMAC */
+    unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */
+                                                 /* supplied known answer */
+    HASH_HashType hash_alg = HASH_AlgNULL;       /* HMAC type */
+
+    FILE *req = NULL; /* input stream from the REQUEST file */
+    FILE *resp;       /* output stream to the RESPONSE file */
+
+    buf = PORT_ZAlloc(bufSize);
+    if (buf == NULL) {
+        goto loser;
+    }
+    msg = PORT_ZAlloc(msgLen);
+    if (msg == NULL) {
+        goto loser;
+    }
+
+    req = fopen(reqfn, "r");
+    resp = stdout;
+    while (fgets(buf, bufSize, req) != NULL) {
+        if (strncmp(buf, "Mac", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            memset(expectedHMAC, 0, HASH_LENGTH_MAX);
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &expectedHMAC[j]);
+            }
+            if (memcmp(HMAC, expectedHMAC, TLen) != 0) {
+                fprintf(stderr, "Generate failed:\n");
+                fputs("   expected=", stderr);
+                to_hex_str(buf, expectedHMAC,
+                           TLen);
+                fputs(buf, stderr);
+                fputs("\n   generated=", stderr);
+                to_hex_str(buf, HMAC,
+                           TLen);
+                fputs(buf, stderr);
+                fputc('\n', stderr);
+            }
+        }
+
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, resp);
+            continue;
+        }
+        /* [L = Length of the MAC and HASH_type */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "L ", 1) == 0) {
+                i = 2;
+                while (isspace(buf[i]) || buf[i] == '=') {
+                    i++;
+                }
+                /* HMACLen will get reused for Tlen */
+                HMACLen = atoi(&buf[i]);
+                hash_alg = sha_get_hashType(HMACLen * PR_BITS_PER_BYTE);
+                if (hash_alg == HASH_AlgNULL) {
+                    goto loser;
+                }
+                fputs(buf, resp);
+                continue;
+            }
+        }
+        /* Count = test iteration number*/
+        if (strncmp(buf, "Count ", 5) == 0) {
+            /* count can just be put into resp file */
+            fputs(buf, resp);
+            /* zeroize the variables for the test with this data set */
+            keyLen = 0;
+            TLen = 0;
+            memset(key, 0, sizeof key);
+            memset(msg, 0, msgLen);
+            memset(HMAC, 0, sizeof HMAC);
+            continue;
+        }
+        /* KLen = Length of the Input Secret Key ... */
+        if (strncmp(buf, "Klen", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            keyLen = atoi(&buf[i]); /* in bytes */
+            fputs(buf, resp);
+            continue;
+        }
+        /* key = the secret key for the key to MAC */
+        if (strncmp(buf, "Key", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < keyLen; i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            fputs(buf, resp);
+        }
+        /* TLen = Length of the calculated HMAC */
+        if (strncmp(buf, "Tlen", 4) == 0) {
+            i = 4;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            TLen = atoi(&buf[i]); /* in bytes */
+            fputs(buf, resp);
+            continue;
+        }
+        /* MSG = to HMAC always 128 bytes for these tests */
+        if (strncmp(buf, "Msg", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < msgLen; i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+            fputs(buf, resp);
+            /* calculate the HMAC and output */
+            if (hmac_calc(HMAC, HMACLen, key, keyLen,
+                          msg, msgLen, hash_alg) != SECSuccess) {
+                goto loser;
+            }
+            fputs("Mac = ", resp);
+            to_hex_str(buf, HMAC, TLen);
+            fputs(buf, resp);
+            fputc('\n', resp);
+            continue;
+        }
+    }
+loser:
+    if (req) {
+        fclose(req);
+    }
+    if (buf) {
+        PORT_ZFree(buf, bufSize);
+    }
+    if (msg) {
+        PORT_ZFree(msg, msgLen);
+    }
+}
+
+/*
+ * Perform the DSA Key Pair Generation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+dsa_keypair_test(char *reqfn)
+{
+    char buf[800]; /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * 800 to hold (384 public key (x2 for HEX) + 1'\n'
+                         */
+    FILE *dsareq;  /* input stream from the REQUEST file */
+    FILE *dsaresp; /* output stream to the RESPONSE file */
+    int count;
+    int N;
+    int L;
+    int i;
+    PQGParams *pqg = NULL;
+    PQGVerify *vfy = NULL;
+    PRBool use_dsa1 = PR_FALSE;
+    int keySizeIndex; /* index for valid key sizes */
+
+    dsareq = fopen(reqfn, "r");
+    dsaresp = stdout;
+    while (fgets(buf, sizeof buf, dsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* [Mod = x] */
+        if (buf[0] == '[') {
+            if (pqg != NULL) {
+                PQG_DestroyParams(pqg);
+                pqg = NULL;
+            }
+            if (vfy != NULL) {
+                PQG_DestroyVerify(vfy);
+                vfy = NULL;
+            }
+
+            if (sscanf(buf, "[mod = L=%d, N=%d]", &L, &N) != 2) {
+                use_dsa1 = PR_TRUE;
+                if (sscanf(buf, "[mod = %d]", &L) != 1) {
+                    goto loser;
+                }
+            }
+            fputs(buf, dsaresp);
+            fputc('\n', dsaresp);
+
+            if (use_dsa1) {
+                /*************************************************************
+                 * PQG_ParamGenSeedLen doesn't take a key size, it takes an
+                 * index that points to a valid key size.
+                 */
+                keySizeIndex = PQG_PBITS_TO_INDEX(L);
+                if (keySizeIndex == -1 || L < 512 || L > 1024) {
+                    fprintf(dsaresp,
+                            "DSA key size must be a multiple of 64 between 512 "
+                            "and 1024, inclusive");
+                    goto loser;
+                }
+
+                /* Generate the parameters P, Q, and G */
+                if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES,
+                                        &pqg, &vfy) !=
+                    SECSuccess) {
+                    fprintf(dsaresp,
+                            "ERROR: Unable to generate PQG parameters");
+                    goto loser;
+                }
+            } else {
+                if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) {
+                    fprintf(dsaresp,
+                            "ERROR: Unable to generate PQG parameters");
+                    goto loser;
+                }
+            }
+
+            /* output P, Q, and G */
+            to_hex_str(buf, pqg->prime.data, pqg->prime.len);
+            fprintf(dsaresp, "P = %s\n", buf);
+            to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len);
+            fprintf(dsaresp, "Q = %s\n", buf);
+            to_hex_str(buf, pqg->base.data, pqg->base.len);
+            fprintf(dsaresp, "G = %s\n\n", buf);
+            continue;
+        }
+        /* N = ...*/
+        if (buf[0] == 'N') {
+
+            if (sscanf(buf, "N = %d", &count) != 1) {
+                goto loser;
+            }
+            /* Generate a DSA key, and output the key pair for N times */
+            for (i = 0; i < count; i++) {
+                DSAPrivateKey *dsakey = NULL;
+                if (DSA_NewKey(pqg, &dsakey) != SECSuccess) {
+                    fprintf(dsaresp, "ERROR: Unable to generate DSA key");
+                    goto loser;
+                }
+                to_hex_str(buf, dsakey->privateValue.data,
+                           dsakey->privateValue.len);
+                fprintf(dsaresp, "X = %s\n", buf);
+                to_hex_str(buf, dsakey->publicValue.data,
+                           dsakey->publicValue.len);
+                fprintf(dsaresp, "Y = %s\n\n", buf);
+                PORT_FreeArena(dsakey->params.arena, PR_TRUE);
+                dsakey = NULL;
+            }
+            continue;
+        }
+    }
+loser:
+    fclose(dsareq);
+}
+
+/*
+ * pqg generation type
+ */
+typedef enum {
+    FIPS186_1, /* Generate/Verify P,Q & G  according to FIPS 186-1 */
+    A_1_2_1,   /* Generate Provable P & Q */
+    A_1_1_3,   /* Verify Probable P & Q */
+    A_1_2_2,   /* Verify Provable P & Q */
+    A_2_1,     /* Generate Unverifiable G */
+    A_2_2,     /* Assure Unverifiable G */
+    A_2_3,     /* Generate Verifiable G */
+    A_2_4      /* Verify Verifiable G */
+} dsa_pqg_type;
+
+/*
+ * Perform the DSA Domain Parameter Validation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+dsa_pqgver_test(char *reqfn)
+{
+    char buf[800]; /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * 800 to hold (384 public key (x2 for HEX) + P = ...
+                         */
+    FILE *dsareq;  /* input stream from the REQUEST file */
+    FILE *dsaresp; /* output stream to the RESPONSE file */
+    int N;
+    int L;
+    unsigned int i, j;
+    PQGParams pqg;
+    PQGVerify vfy;
+    unsigned int pghSize = 0; /* size for p, g, and h */
+    dsa_pqg_type type = FIPS186_1;
+
+    dsareq = fopen(reqfn, "r");
+    dsaresp = stdout;
+    memset(&pqg, 0, sizeof(pqg));
+    memset(&vfy, 0, sizeof(vfy));
+
+    while (fgets(buf, sizeof buf, dsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* [A.xxxxx ] */
+        if (buf[0] == '[' && buf[1] == 'A') {
+
+            if (strncmp(&buf[1], "A.1.1.3", 7) == 0) {
+                type = A_1_1_3;
+            } else if (strncmp(&buf[1], "A.2.2", 5) == 0) {
+                type = A_2_2;
+            } else if (strncmp(&buf[1], "A.2.4", 5) == 0) {
+                type = A_2_4;
+            } else if (strncmp(&buf[1], "A.1.2.2", 7) == 0) {
+                type = A_1_2_2;
+                /* validate our output from PQGGEN */
+            } else if (strncmp(&buf[1], "A.1.1.2", 7) == 0) {
+                type = A_2_4; /* validate PQ and G together */
+            } else {
+                fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]);
+                exit(1);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* [Mod = x] */
+        if (buf[0] == '[') {
+
+            if (type == FIPS186_1) {
+                N = 160;
+                if (sscanf(buf, "[mod = %d]", &L) != 1) {
+                    goto loser;
+                }
+            } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) {
+                goto loser;
+            }
+
+            if (pqg.prime.data) { /* P */
+                SECITEM_ZfreeItem(&pqg.prime, PR_FALSE);
+            }
+            if (pqg.subPrime.data) { /* Q */
+                SECITEM_ZfreeItem(&pqg.subPrime, PR_FALSE);
+            }
+            if (pqg.base.data) { /* G */
+                SECITEM_ZfreeItem(&pqg.base, PR_FALSE);
+            }
+            if (vfy.seed.data) { /* seed */
+                SECITEM_ZfreeItem(&vfy.seed, PR_FALSE);
+            }
+            if (vfy.h.data) { /* H */
+                SECITEM_ZfreeItem(&vfy.h, PR_FALSE);
+            }
+
+            fputs(buf, dsaresp);
+
+            /*calculate the size of p, g, and h then allocate items  */
+            pghSize = L / 8;
+
+            pqg.base.data = vfy.h.data = NULL;
+            vfy.seed.len = pqg.base.len = vfy.h.len = 0;
+            SECITEM_AllocItem(NULL, &pqg.prime, pghSize);
+            SECITEM_AllocItem(NULL, &vfy.seed, pghSize * 3);
+            if (type == A_2_2) {
+                SECITEM_AllocItem(NULL, &vfy.h, pghSize);
+                vfy.h.len = pghSize;
+            } else if (type == A_2_4) {
+                SECITEM_AllocItem(NULL, &vfy.h, 1);
+                vfy.h.len = 1;
+            }
+            pqg.prime.len = pghSize;
+            /* q is always N bits */
+            SECITEM_AllocItem(NULL, &pqg.subPrime, N / 8);
+            pqg.subPrime.len = N / 8;
+            vfy.counter = -1;
+
+            continue;
+        }
+        /* P = ... */
+        if (buf[0] == 'P') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < pqg.prime.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pqg.prime.data[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* Q = ... */
+        if (buf[0] == 'Q') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < pqg.subPrime.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pqg.subPrime.data[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* G = ... */
+        if (buf[0] == 'G') {
+            i = 1;
+            if (pqg.base.data) {
+                SECITEM_ZfreeItem(&pqg.base, PR_FALSE);
+            }
+            SECITEM_AllocItem(NULL, &pqg.base, pghSize);
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < pqg.base.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pqg.base.data[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* Seed = ...  or domain_parameter_seed = ... */
+        if (strncmp(buf, "Seed", 4) == 0) {
+            i = 4;
+        } else if (strncmp(buf, "domain_parameter_seed", 21) == 0) {
+            i = 21;
+        } else if (strncmp(buf, "firstseed", 9) == 0) {
+            i = 9;
+        } else {
+            i = 0;
+        }
+        if (i) {
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &vfy.seed.data[j]);
+            }
+            vfy.seed.len = j;
+
+            fputs(buf, dsaresp);
+            if (type == A_2_4) {
+                SECStatus result;
+
+                /* Verify the Parameters */
+                SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+                if (result == SECSuccess) {
+                    fprintf(dsaresp, "Result = P\n");
+                } else {
+                    fprintf(dsaresp, "Result = F\n");
+                }
+            }
+            continue;
+        }
+        if ((strncmp(buf, "pseed", 5) == 0) ||
+            (strncmp(buf, "qseed", 5) == 0)) {
+            i = 5;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = vfy.seed.len; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &vfy.seed.data[j]);
+            }
+            vfy.seed.len = j;
+            fputs(buf, dsaresp);
+
+            continue;
+        }
+        if (strncmp(buf, "index", 4) == 0) {
+            i = 5;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            hex_to_byteval(&buf[i], &vfy.h.data[0]);
+            vfy.h.len = 1;
+            fputs(buf, dsaresp);
+        }
+
+        /* c = ...  or counter=*/
+        if (buf[0] == 'c') {
+            if (strncmp(buf, "counter", 7) == 0) {
+                if (sscanf(buf, "counter = %u", &vfy.counter) != 1) {
+                    goto loser;
+                }
+            } else {
+                if (sscanf(buf, "c = %u", &vfy.counter) != 1) {
+                    goto loser;
+                }
+            }
+
+            fputs(buf, dsaresp);
+            if (type == A_1_1_3) {
+                SECStatus result;
+                /* only verify P and Q, we have everything now. do it */
+                SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+                if (result == SECSuccess) {
+                    fprintf(dsaresp, "Result = P\n");
+                } else {
+                    fprintf(dsaresp, "Result = F\n");
+                }
+                fprintf(dsaresp, "\n");
+            }
+            continue;
+        }
+        if (strncmp(buf, "pgen_counter", 12) == 0) {
+            if (sscanf(buf, "pgen_counter = %u", &vfy.counter) != 1) {
+                goto loser;
+            }
+            fputs(buf, dsaresp);
+            continue;
+        }
+        if (strncmp(buf, "qgen_counter", 12) == 0) {
+            fputs(buf, dsaresp);
+            if (type == A_1_2_2) {
+                SECStatus result;
+                /* only verify P and Q, we have everything now. do it */
+                SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+                if (result == SECSuccess) {
+                    fprintf(dsaresp, "Result = P\n");
+                } else {
+                    fprintf(dsaresp, "Result = F\n");
+                }
+                fprintf(dsaresp, "\n");
+            }
+            continue;
+        }
+        /* H = ... */
+        if (buf[0] == 'H') {
+            SECStatus rv, result = SECFailure;
+
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &vfy.h.data[j]);
+            }
+            vfy.h.len = j;
+            fputs(buf, dsaresp);
+
+            /* this should be a byte value. Remove the leading zeros. If
+             * it doesn't reduce to a byte, PQG_VerifyParams will catch it
+            if (type == A_2_2) {
+                data_save = vfy.h.data;
+                while(vfy.h.data[0] && (vfy.h.len > 1)) {
+                        vfy.h.data++;
+                        vfy.h.len--;
+                }
+            } */
+
+            /* Verify the Parameters */
+            rv = PQG_VerifyParams(&pqg, &vfy, &result);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            if (result == SECSuccess) {
+                fprintf(dsaresp, "Result = P\n");
+            } else {
+                fprintf(dsaresp, "Result = F\n");
+            }
+            fprintf(dsaresp, "\n");
+            continue;
+        }
+    }
+loser:
+    fclose(dsareq);
+    if (pqg.prime.data) { /* P */
+        SECITEM_ZfreeItem(&pqg.prime, PR_FALSE);
+    }
+    if (pqg.subPrime.data) { /* Q */
+        SECITEM_ZfreeItem(&pqg.subPrime, PR_FALSE);
+    }
+    if (pqg.base.data) { /* G */
+        SECITEM_ZfreeItem(&pqg.base, PR_FALSE);
+    }
+    if (vfy.seed.data) { /* seed */
+        SECITEM_ZfreeItem(&vfy.seed, PR_FALSE);
+    }
+    if (vfy.h.data) { /* H */
+        SECITEM_ZfreeItem(&vfy.h, PR_FALSE);
+    }
+}
+
+/*
+ * Perform the DSA Public Key Validation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+dsa_pqggen_test(char *reqfn)
+{
+    char buf[800]; /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * 800 to hold seed = (384 public key (x2 for HEX)
+                         */
+    FILE *dsareq;  /* input stream from the REQUEST file */
+    FILE *dsaresp; /* output stream to the RESPONSE file */
+    int count;     /* number of times to generate parameters */
+    int N;
+    int L;
+    int i;
+    unsigned int j;
+    int output_g = 1;
+    PQGParams *pqg = NULL;
+    PQGVerify *vfy = NULL;
+    unsigned int keySizeIndex = 0;
+    dsa_pqg_type type = FIPS186_1;
+
+    dsareq = fopen(reqfn, "r");
+    dsaresp = stdout;
+    while (fgets(buf, sizeof buf, dsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* [A.xxxxx ] */
+        if (buf[0] == '[' && buf[1] == 'A') {
+            if (strncmp(&buf[1], "A.1.1.2", 7) == 0) {
+                fprintf(stderr, "NSS does Generate Probablistic Primes\n");
+                exit(1);
+            } else if (strncmp(&buf[1], "A.2.1", 5) == 0) {
+                type = A_1_2_1;
+                output_g = 1;
+                exit(1);
+            } else if (strncmp(&buf[1], "A.2.3", 5) == 0) {
+                fprintf(stderr, "NSS only Generates G with P&Q\n");
+                exit(1);
+            } else if (strncmp(&buf[1], "A.1.2.1", 7) == 0) {
+                type = A_1_2_1;
+                output_g = 0;
+            } else {
+                fprintf(stderr, "Unknown dsa pqggen test %s\n", &buf[1]);
+                exit(1);
+            }
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* [Mod = ... ] */
+        if (buf[0] == '[') {
+
+            if (type == FIPS186_1) {
+                N = 160;
+                if (sscanf(buf, "[mod = %d]", &L) != 1) {
+                    goto loser;
+                }
+            } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) {
+                goto loser;
+            }
+
+            fputs(buf, dsaresp);
+            fputc('\n', dsaresp);
+
+            if (type == FIPS186_1) {
+                /************************************************************
+                 * PQG_ParamGenSeedLen doesn't take a key size, it takes an
+                 * index that points to a valid key size.
+                 */
+                keySizeIndex = PQG_PBITS_TO_INDEX(L);
+                if (keySizeIndex == -1 || L < 512 || L > 1024) {
+                    fprintf(dsaresp,
+                            "DSA key size must be a multiple of 64 between 512 "
+                            "and 1024, inclusive");
+                    goto loser;
+                }
+            }
+            continue;
+        }
+        /* N = ... */
+        if (buf[0] == 'N') {
+            if (strncmp(buf, "Num", 3) == 0) {
+                if (sscanf(buf, "Num = %d", &count) != 1) {
+                    goto loser;
+                }
+            } else if (sscanf(buf, "N = %d", &count) != 1) {
+                goto loser;
+            }
+            for (i = 0; i < count; i++) {
+                SECStatus rv;
+
+                if (type == FIPS186_1) {
+                    rv = PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES,
+                                             &pqg, &vfy);
+                } else {
+                    rv = PQG_ParamGenV2(L, N, N, &pqg, &vfy);
+                }
+                if (rv != SECSuccess) {
+                    fprintf(dsaresp,
+                            "ERROR: Unable to generate PQG parameters");
+                    goto loser;
+                }
+                to_hex_str(buf, pqg->prime.data, pqg->prime.len);
+                fprintf(dsaresp, "P = %s\n", buf);
+                to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len);
+                fprintf(dsaresp, "Q = %s\n", buf);
+                if (output_g) {
+                    to_hex_str(buf, pqg->base.data, pqg->base.len);
+                    fprintf(dsaresp, "G = %s\n", buf);
+                }
+                if (type == FIPS186_1) {
+                    to_hex_str(buf, vfy->seed.data, vfy->seed.len);
+                    fprintf(dsaresp, "Seed = %s\n", buf);
+                    fprintf(dsaresp, "c = %d\n", vfy->counter);
+                    to_hex_str(buf, vfy->h.data, vfy->h.len);
+                    fputs("H = ", dsaresp);
+                    for (j = vfy->h.len; j < pqg->prime.len; j++) {
+                        fprintf(dsaresp, "00");
+                    }
+                    fprintf(dsaresp, "%s\n", buf);
+                } else {
+                    unsigned int seedlen = vfy->seed.len / 2;
+                    unsigned int pgen_counter = vfy->counter >> 16;
+                    unsigned int qgen_counter = vfy->counter & 0xffff;
+                    /*fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); */
+                    to_hex_str(buf, vfy->seed.data, seedlen);
+                    fprintf(dsaresp, "pseed = %s\n", buf);
+                    to_hex_str(buf, vfy->seed.data + seedlen, seedlen);
+                    fprintf(dsaresp, "qseed = %s\n", buf);
+                    fprintf(dsaresp, "pgen_counter = %d\n", pgen_counter);
+                    fprintf(dsaresp, "qgen_counter = %d\n", qgen_counter);
+                    if (output_g) {
+                        to_hex_str(buf, vfy->seed.data, vfy->seed.len);
+                        fprintf(dsaresp, "domain_parameter_seed = %s\n", buf);
+                        fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]);
+                    }
+                }
+                fputc('\n', dsaresp);
+                if (pqg != NULL) {
+                    PQG_DestroyParams(pqg);
+                    pqg = NULL;
+                }
+                if (vfy != NULL) {
+                    PQG_DestroyVerify(vfy);
+                    vfy = NULL;
+                }
+            }
+
+            continue;
+        }
+    }
+loser:
+    fclose(dsareq);
+    if (pqg != NULL) {
+        PQG_DestroyParams(pqg);
+    }
+    if (vfy != NULL) {
+        PQG_DestroyVerify(vfy);
+    }
+}
+
+/*
+ * Perform the DSA Signature Generation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+dsa_siggen_test(char *reqfn)
+{
+    char buf[800]; /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * max for Msg = ....
+                         */
+    FILE *dsareq;  /* input stream from the REQUEST file */
+    FILE *dsaresp; /* output stream to the RESPONSE file */
+    int modulus;
+    int L;
+    int N;
+    int i, j;
+    PRBool use_dsa1 = PR_FALSE;
+    PQGParams *pqg = NULL;
+    PQGVerify *vfy = NULL;
+    DSAPrivateKey *dsakey = NULL;
+    int keySizeIndex;                       /* index for valid key sizes */
+    unsigned char hashBuf[HASH_LENGTH_MAX]; /* SHA-x hash (160-512 bits) */
+    unsigned char sig[DSA_MAX_SIGNATURE_LEN];
+    SECItem digest, signature;
+    HASH_HashType hashType = HASH_AlgNULL;
+    int hashNum = 0;
+
+    dsareq = fopen(reqfn, "r");
+    dsaresp = stdout;
+
+    while (fgets(buf, sizeof buf, dsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* [Mod = x] */
+        if (buf[0] == '[') {
+            if (pqg != NULL) {
+                PQG_DestroyParams(pqg);
+                pqg = NULL;
+            }
+            if (vfy != NULL) {
+                PQG_DestroyVerify(vfy);
+                vfy = NULL;
+            }
+            if (dsakey != NULL) {
+                PORT_FreeArena(dsakey->params.arena, PR_TRUE);
+                dsakey = NULL;
+            }
+
+            if (sscanf(buf, "[mod = L=%d,  N=%d, SHA-%d]", &L, &N,
+                       &hashNum) != 3) {
+                use_dsa1 = PR_TRUE;
+                hashNum = 1;
+                if (sscanf(buf, "[mod = %d]", &modulus) != 1) {
+                    goto loser;
+                }
+            }
+            fputs(buf, dsaresp);
+            fputc('\n', dsaresp);
+
+            /****************************************************************
+            * PQG_ParamGenSeedLen doesn't take a key size, it takes an index
+            * that points to a valid key size.
+            */
+            if (use_dsa1) {
+                keySizeIndex = PQG_PBITS_TO_INDEX(modulus);
+                if (keySizeIndex == -1 || modulus < 512 || modulus > 1024) {
+                    fprintf(dsaresp,
+                            "DSA key size must be a multiple of 64 between 512 "
+                            "and 1024, inclusive");
+                    goto loser;
+                }
+                /* Generate PQG and output PQG */
+                if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES,
+                                        &pqg, &vfy) !=
+                    SECSuccess) {
+                    fprintf(dsaresp,
+                            "ERROR: Unable to generate PQG parameters");
+                    goto loser;
+                }
+            } else {
+                if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) {
+                    fprintf(dsaresp,
+                            "ERROR: Unable to generate PQG parameters");
+                    goto loser;
+                }
+            }
+            to_hex_str(buf, pqg->prime.data, pqg->prime.len);
+            fprintf(dsaresp, "P = %s\n", buf);
+            to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len);
+            fprintf(dsaresp, "Q = %s\n", buf);
+            to_hex_str(buf, pqg->base.data, pqg->base.len);
+            fprintf(dsaresp, "G = %s\n", buf);
+
+            /* create DSA Key */
+            if (DSA_NewKey(pqg, &dsakey) != SECSuccess) {
+                fprintf(dsaresp, "ERROR: Unable to generate DSA key");
+                goto loser;
+            }
+
+            hashType = sha_get_hashType(hashNum);
+            if (hashType == HASH_AlgNULL) {
+                fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)", hashNum);
+                goto loser;
+            }
+            continue;
+        }
+
+        /* Msg = ... */
+        if (strncmp(buf, "Msg", 3) == 0) {
+            unsigned char msg[128]; /* MAX msg 128 */
+            unsigned int len = 0;
+
+            if (hashType == HASH_AlgNULL) {
+                fprintf(dsaresp, "ERROR: Hash Alg not set");
+                goto loser;
+            }
+
+            memset(hashBuf, 0, sizeof hashBuf);
+            memset(sig, 0, sizeof sig);
+
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+            if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) {
+                fprintf(dsaresp, "ERROR: Unable to generate SHA% digest",
+                        hashNum);
+                goto loser;
+            }
+
+            digest.type = siBuffer;
+            digest.data = hashBuf;
+            digest.len = fips_hashLen(hashType);
+            signature.type = siBuffer;
+            signature.data = sig;
+            signature.len = sizeof sig;
+
+            if (DSA_SignDigest(dsakey, &signature, &digest) != SECSuccess) {
+                fprintf(dsaresp, "ERROR: Unable to generate DSA signature");
+                goto loser;
+            }
+            len = signature.len;
+            if (len % 2 != 0) {
+                goto loser;
+            }
+            len = len / 2;
+
+            /* output the orginal Msg, and generated Y, R, and S */
+            fputs(buf, dsaresp);
+            to_hex_str(buf, dsakey->publicValue.data,
+                       dsakey->publicValue.len);
+            fprintf(dsaresp, "Y = %s\n", buf);
+            to_hex_str(buf, &signature.data[0], len);
+            fprintf(dsaresp, "R = %s\n", buf);
+            to_hex_str(buf, &signature.data[len], len);
+            fprintf(dsaresp, "S = %s\n", buf);
+            fputc('\n', dsaresp);
+            continue;
+        }
+    }
+loser:
+    fclose(dsareq);
+    if (pqg != NULL) {
+        PQG_DestroyParams(pqg);
+        pqg = NULL;
+    }
+    if (vfy != NULL) {
+        PQG_DestroyVerify(vfy);
+        vfy = NULL;
+    }
+    if (dsakey) {
+        PORT_FreeArena(dsakey->params.arena, PR_TRUE);
+        dsakey = NULL;
+    }
+}
+
+/*
+ * Perform the DSA Signature Verification Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+dsa_sigver_test(char *reqfn)
+{
+    char buf[800]; /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * max for Msg = ....
+                         */
+    FILE *dsareq;  /* input stream from the REQUEST file */
+    FILE *dsaresp; /* output stream to the RESPONSE file */
+    int L;
+    int N;
+    unsigned int i, j;
+    SECItem digest, signature;
+    DSAPublicKey pubkey;
+    unsigned int pgySize;                   /* size for p, g, and y */
+    unsigned char hashBuf[HASH_LENGTH_MAX]; /* SHA-x hash (160-512 bits) */
+    unsigned char sig[DSA_MAX_SIGNATURE_LEN];
+    HASH_HashType hashType = HASH_AlgNULL;
+    int hashNum = 0;
+
+    dsareq = fopen(reqfn, "r");
+    dsaresp = stdout;
+    memset(&pubkey, 0, sizeof(pubkey));
+
+    while (fgets(buf, sizeof buf, dsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* [Mod = x] */
+        if (buf[0] == '[') {
+
+            if (sscanf(buf, "[mod = L=%d,  N=%d, SHA-%d]", &L, &N,
+                       &hashNum) != 3) {
+                N = 160;
+                hashNum = 1;
+                if (sscanf(buf, "[mod = %d]", &L) != 1) {
+                    goto loser;
+                }
+            }
+
+            if (pubkey.params.prime.data) { /* P */
+                SECITEM_ZfreeItem(&pubkey.params.prime, PR_FALSE);
+            }
+            if (pubkey.params.subPrime.data) { /* Q */
+                SECITEM_ZfreeItem(&pubkey.params.subPrime, PR_FALSE);
+            }
+            if (pubkey.params.base.data) { /* G */
+                SECITEM_ZfreeItem(&pubkey.params.base, PR_FALSE);
+            }
+            if (pubkey.publicValue.data) { /* Y */
+                SECITEM_ZfreeItem(&pubkey.publicValue, PR_FALSE);
+            }
+            fputs(buf, dsaresp);
+
+            /* calculate the size of p, g, and y then allocate items */
+            pgySize = L / 8;
+            SECITEM_AllocItem(NULL, &pubkey.params.prime, pgySize);
+            SECITEM_AllocItem(NULL, &pubkey.params.base, pgySize);
+            SECITEM_AllocItem(NULL, &pubkey.publicValue, pgySize);
+            pubkey.params.prime.len = pubkey.params.base.len = pgySize;
+            pubkey.publicValue.len = pgySize;
+
+            /* q always N/8 bytes */
+            SECITEM_AllocItem(NULL, &pubkey.params.subPrime, N / 8);
+            pubkey.params.subPrime.len = N / 8;
+
+            hashType = sha_get_hashType(hashNum);
+            if (hashType == HASH_AlgNULL) {
+                fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)", hashNum);
+                goto loser;
+            }
+
+            continue;
+        }
+        /* P = ... */
+        if (buf[0] == 'P') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            memset(pubkey.params.prime.data, 0, pubkey.params.prime.len);
+            for (j = 0; j < pubkey.params.prime.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pubkey.params.prime.data[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* Q = ... */
+        if (buf[0] == 'Q') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            memset(pubkey.params.subPrime.data, 0, pubkey.params.subPrime.len);
+            for (j = 0; j < pubkey.params.subPrime.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pubkey.params.subPrime.data[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* G = ... */
+        if (buf[0] == 'G') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            memset(pubkey.params.base.data, 0, pubkey.params.base.len);
+            for (j = 0; j < pubkey.params.base.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pubkey.params.base.data[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* Msg = ... */
+        if (strncmp(buf, "Msg", 3) == 0) {
+            unsigned char msg[128]; /* MAX msg 128 */
+            memset(hashBuf, 0, sizeof hashBuf);
+
+            if (hashType == HASH_AlgNULL) {
+                fprintf(dsaresp, "ERROR: Hash Alg not set");
+                goto loser;
+            }
+
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+            if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) {
+                fprintf(dsaresp, "ERROR: Unable to generate SHA-%d digest",
+                        hashNum);
+                goto loser;
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* Y = ... */
+        if (buf[0] == 'Y') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            memset(pubkey.publicValue.data, 0, pubkey.params.subPrime.len);
+            for (j = 0; j < pubkey.publicValue.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pubkey.publicValue.data[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* R = ... */
+        if (buf[0] == 'R') {
+            memset(sig, 0, sizeof sig);
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < pubkey.params.subPrime.len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &sig[j]);
+            }
+
+            fputs(buf, dsaresp);
+            continue;
+        }
+
+        /* S = ... */
+        if (buf[0] == 'S') {
+            if (hashType == HASH_AlgNULL) {
+                fprintf(dsaresp, "ERROR: Hash Alg not set");
+                goto loser;
+            }
+
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = pubkey.params.subPrime.len;
+                 j < pubkey.params.subPrime.len * 2; i += 2, j++) {
+                hex_to_byteval(&buf[i], &sig[j]);
+            }
+            fputs(buf, dsaresp);
+
+            digest.type = siBuffer;
+            digest.data = hashBuf;
+            digest.len = fips_hashLen(hashType);
+            signature.type = siBuffer;
+            signature.data = sig;
+            signature.len = pubkey.params.subPrime.len * 2;
+
+            if (DSA_VerifyDigest(&pubkey, &signature, &digest) == SECSuccess) {
+                fprintf(dsaresp, "Result = P\n");
+            } else {
+                fprintf(dsaresp, "Result = F\n");
+            }
+            fprintf(dsaresp, "\n");
+            continue;
+        }
+    }
+loser:
+    fclose(dsareq);
+    if (pubkey.params.prime.data) { /* P */
+        SECITEM_ZfreeItem(&pubkey.params.prime, PR_FALSE);
+    }
+    if (pubkey.params.subPrime.data) { /* Q */
+        SECITEM_ZfreeItem(&pubkey.params.subPrime, PR_FALSE);
+    }
+    if (pubkey.params.base.data) { /* G */
+        SECITEM_ZfreeItem(&pubkey.params.base, PR_FALSE);
+    }
+    if (pubkey.publicValue.data) { /* Y */
+        SECITEM_ZfreeItem(&pubkey.publicValue, PR_FALSE);
+    }
+}
+
+static void
+pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len)
+{
+    int offset = 0;
+    /* this shouldn't happen, fail right away rather than produce bad output */
+    if (pad_len < src_len) {
+        fprintf(stderr, "data bigger than expected! %d > %d\n", src_len, pad_len);
+        exit(1);
+    }
+
+    offset = pad_len - src_len;
+    memset(buf, 0, offset);
+    memcpy(buf + offset, src, src_len);
+    return;
+}
+
+/*
+ * Perform the DSA Key Pair Generation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+rsa_keypair_test(char *reqfn)
+{
+    char buf[800];           /* holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * 800 to hold (384 public key (x2 for HEX) + 1'\n'
+                         */
+    unsigned char buf2[400]; /* can't need more then 1/2 buf length */
+    FILE *rsareq;            /* input stream from the REQUEST file */
+    FILE *rsaresp;           /* output stream to the RESPONSE file */
+    int count;
+    int i;
+    int keySize = 1; /* key size in bits*/
+    int len = 0;     /* key size in bytes */
+    int len2 = 0;    /* key size in bytes/2 (prime size) */
+    SECItem e;
+    unsigned char default_e[] = { 0x1, 0x0, 0x1 };
+
+    e.data = default_e;
+    e.len = sizeof(default_e);
+
+    rsareq = fopen(reqfn, "r");
+    rsaresp = stdout;
+    while (fgets(buf, sizeof buf, rsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, rsaresp);
+            continue;
+        }
+
+        /* [Mod = x] */
+        if (buf[0] == '[') {
+            if (buf[1] == 'm') {
+                if (sscanf(buf, "[mod = %d]", &keySize) != 1) {
+                    goto loser;
+                }
+                len = keySize / 8;
+                len2 = keySize / 16;
+            }
+            fputs(buf, rsaresp);
+            continue;
+        }
+        /* N = ...*/
+        if (buf[0] == 'N') {
+
+            if (sscanf(buf, "N = %d", &count) != 1) {
+                goto loser;
+            }
+
+            /* Generate a DSA key, and output the key pair for N times */
+            for (i = 0; i < count; i++) {
+                RSAPrivateKey *rsakey = NULL;
+                if ((rsakey = RSA_NewKey(keySize, &e)) == NULL) {
+                    fprintf(rsaresp, "ERROR: Unable to generate RSA key");
+                    goto loser;
+                }
+                pad(buf2, len, rsakey->publicExponent.data,
+                    rsakey->publicExponent.len);
+                to_hex_str(buf, buf2, len);
+                fprintf(rsaresp, "e = %s\n", buf);
+                pad(buf2, len2, rsakey->prime1.data,
+                    rsakey->prime1.len);
+                to_hex_str(buf, buf2, len2);
+                fprintf(rsaresp, "p = %s\n", buf);
+                pad(buf2, len2, rsakey->prime2.data,
+                    rsakey->prime2.len);
+                to_hex_str(buf, buf2, len2);
+                fprintf(rsaresp, "q = %s\n", buf);
+                pad(buf2, len, rsakey->modulus.data,
+                    rsakey->modulus.len);
+                to_hex_str(buf, buf2, len);
+                fprintf(rsaresp, "n = %s\n", buf);
+                pad(buf2, len, rsakey->privateExponent.data,
+                    rsakey->privateExponent.len);
+                to_hex_str(buf, buf2, len);
+                fprintf(rsaresp, "d = %s\n", buf);
+                fprintf(rsaresp, "\n");
+                PORT_FreeArena(rsakey->arena, PR_TRUE);
+                rsakey = NULL;
+            }
+            continue;
+        }
+    }
+loser:
+    fclose(rsareq);
+}
+
+/*
+ * Perform the RSA Signature Generation Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+rsa_siggen_test(char *reqfn)
+{
+    char buf[2 * RSA_MAX_TEST_MODULUS_BYTES + 1];
+    /* buf holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * 2x for HEX output + 1 for \n
+                         */
+    FILE *rsareq;  /* input stream from the REQUEST file */
+    FILE *rsaresp; /* output stream to the RESPONSE file */
+    int i, j;
+    unsigned char sha[HASH_LENGTH_MAX];  /* SHA digest */
+    unsigned int shaLength = 0;          /* length of SHA */
+    HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */
+    SECOidTag shaOid = SEC_OID_UNKNOWN;
+    int modulus; /* the Modulus size */
+    int publicExponent = DEFAULT_RSA_PUBLIC_EXPONENT;
+    SECItem pe = { 0, 0, 0 };
+    unsigned char pubEx[4];
+    int peCount = 0;
+
+    RSAPrivateKey *rsaBlapiPrivKey = NULL;  /* holds RSA private and
+                                              * public keys */
+    RSAPublicKey *rsaBlapiPublicKey = NULL; /* hold RSA public key */
+
+    rsareq = fopen(reqfn, "r");
+    rsaresp = stdout;
+
+    /* calculate the exponent */
+    for (i = 0; i < 4; i++) {
+        if (peCount || (publicExponent &
+                        ((unsigned long)0xff000000L >> (i *
+                                                        8)))) {
+            pubEx[peCount] =
+                (unsigned char)((publicExponent >> (3 - i) * 8) & 0xff);
+            peCount++;
+        }
+    }
+    pe.len = peCount;
+    pe.data = &pubEx[0];
+    pe.type = siBuffer;
+
+    while (fgets(buf, sizeof buf, rsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, rsaresp);
+            continue;
+        }
+
+        /* [mod = ...] */
+        if (buf[0] == '[') {
+
+            if (sscanf(buf, "[mod = %d]", &modulus) != 1) {
+                goto loser;
+            }
+            if (modulus > RSA_MAX_TEST_MODULUS_BITS) {
+                fprintf(rsaresp, "ERROR: modulus greater than test maximum\n");
+                goto loser;
+            }
+
+            fputs(buf, rsaresp);
+
+            if (rsaBlapiPrivKey != NULL) {
+                PORT_FreeArena(rsaBlapiPrivKey->arena, PR_TRUE);
+                rsaBlapiPrivKey = NULL;
+                rsaBlapiPublicKey = NULL;
+            }
+
+            rsaBlapiPrivKey = RSA_NewKey(modulus, &pe);
+            if (rsaBlapiPrivKey == NULL) {
+                fprintf(rsaresp, "Error unable to create RSA key\n");
+                goto loser;
+            }
+
+            to_hex_str(buf, rsaBlapiPrivKey->modulus.data,
+                       rsaBlapiPrivKey->modulus.len);
+            fprintf(rsaresp, "\nn = %s\n\n", buf);
+            to_hex_str(buf, rsaBlapiPrivKey->publicExponent.data,
+                       rsaBlapiPrivKey->publicExponent.len);
+            fprintf(rsaresp, "e = %s\n", buf);
+            /* convert private key to public key.  Memory
+             * is freed with private key's arena  */
+            rsaBlapiPublicKey = (RSAPublicKey *)PORT_ArenaAlloc(
+                rsaBlapiPrivKey->arena,
+                sizeof(RSAPublicKey));
+
+            rsaBlapiPublicKey->modulus.len = rsaBlapiPrivKey->modulus.len;
+            rsaBlapiPublicKey->modulus.data = rsaBlapiPrivKey->modulus.data;
+            rsaBlapiPublicKey->publicExponent.len =
+                rsaBlapiPrivKey->publicExponent.len;
+            rsaBlapiPublicKey->publicExponent.data =
+                rsaBlapiPrivKey->publicExponent.data;
+            continue;
+        }
+
+        /* SHAAlg = ... */
+        if (strncmp(buf, "SHAAlg", 6) == 0) {
+            i = 6;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            /* set the SHA Algorithm */
+            if (strncmp(&buf[i], "SHA1", 4) == 0) {
+                shaAlg = HASH_AlgSHA1;
+            } else if (strncmp(&buf[i], "SHA224", 6) == 0) {
+                shaAlg = HASH_AlgSHA224;
+            } else if (strncmp(&buf[i], "SHA256", 6) == 0) {
+                shaAlg = HASH_AlgSHA256;
+            } else if (strncmp(&buf[i], "SHA384", 6) == 0) {
+                shaAlg = HASH_AlgSHA384;
+            } else if (strncmp(&buf[i], "SHA512", 6) == 0) {
+                shaAlg = HASH_AlgSHA512;
+            } else {
+                fprintf(rsaresp, "ERROR: Unable to find SHAAlg type");
+                goto loser;
+            }
+            fputs(buf, rsaresp);
+            continue;
+        }
+        /* Msg = ... */
+        if (strncmp(buf, "Msg", 3) == 0) {
+
+            unsigned char msg[128]; /* MAX msg 128 */
+            unsigned int rsa_bytes_signed;
+            unsigned char rsa_computed_signature[RSA_MAX_TEST_MODULUS_BYTES];
+            SECStatus rv = SECFailure;
+            NSSLOWKEYPublicKey *rsa_public_key;
+            NSSLOWKEYPrivateKey *rsa_private_key;
+            NSSLOWKEYPrivateKey low_RSA_private_key = { NULL,
+                                                        NSSLOWKEYRSAKey };
+            NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
+                                                      NSSLOWKEYRSAKey };
+
+            low_RSA_private_key.u.rsa = *rsaBlapiPrivKey;
+            low_RSA_public_key.u.rsa = *rsaBlapiPublicKey;
+
+            rsa_private_key = &low_RSA_private_key;
+            rsa_public_key = &low_RSA_public_key;
+
+            memset(sha, 0, sizeof sha);
+            memset(msg, 0, sizeof msg);
+            rsa_bytes_signed = 0;
+            memset(rsa_computed_signature, 0, sizeof rsa_computed_signature);
+
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]) && j < sizeof(msg); i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+            shaLength = fips_hashLen(shaAlg);
+            if (fips_hashBuf(shaAlg, sha, msg, j) != SECSuccess) {
+                if (shaLength == 0) {
+                    fprintf(rsaresp, "ERROR: SHAAlg not defined.");
+                }
+                fprintf(rsaresp, "ERROR: Unable to generate SHA%x",
+                        shaLength == 160 ? 1 : shaLength);
+                goto loser;
+            }
+            shaOid = fips_hashOid(shaAlg);
+
+            /* Perform RSA signature with the RSA private key. */
+            rv = RSA_HashSign(shaOid,
+                              rsa_private_key,
+                              rsa_computed_signature,
+                              &rsa_bytes_signed,
+                              nsslowkey_PrivateModulusLen(rsa_private_key),
+                              sha,
+                              shaLength);
+
+            if (rv != SECSuccess) {
+                fprintf(rsaresp, "ERROR: RSA_HashSign failed");
+                goto loser;
+            }
+
+            /* Output the signature */
+            fputs(buf, rsaresp);
+            to_hex_str(buf, rsa_computed_signature, rsa_bytes_signed);
+            fprintf(rsaresp, "S = %s\n", buf);
+
+            /* Perform RSA verification with the RSA public key. */
+            rv = RSA_HashCheckSign(shaOid,
+                                   rsa_public_key,
+                                   rsa_computed_signature,
+                                   rsa_bytes_signed,
+                                   sha,
+                                   shaLength);
+            if (rv != SECSuccess) {
+                fprintf(rsaresp, "ERROR: RSA_HashCheckSign failed");
+                goto loser;
+            }
+            continue;
+        }
+    }
+loser:
+    fclose(rsareq);
+
+    if (rsaBlapiPrivKey != NULL) {
+        /* frees private and public key */
+        PORT_FreeArena(rsaBlapiPrivKey->arena, PR_TRUE);
+        rsaBlapiPrivKey = NULL;
+        rsaBlapiPublicKey = NULL;
+    }
+}
+/*
+ * Perform the RSA Signature Verification Test.
+ *
+ * reqfn is the pathname of the REQUEST file.
+ *
+ * The output RESPONSE file is written to stdout.
+ */
+void
+rsa_sigver_test(char *reqfn)
+{
+    char buf[2 * RSA_MAX_TEST_MODULUS_BYTES + 7];
+    /* buf holds one line from the input REQUEST file
+                         * or to the output RESPONSE file.
+                         * s = 2x for HEX output + 1 for \n
+                         */
+    FILE *rsareq;  /* input stream from the REQUEST file */
+    FILE *rsaresp; /* output stream to the RESPONSE file */
+    int i, j;
+    unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
+    unsigned int shaLength = 0;         /* actual length of the digest */
+    HASH_HashType shaAlg = HASH_AlgNULL;
+    SECOidTag shaOid = SEC_OID_UNKNOWN;
+    int modulus = 0;                  /* the Modulus size */
+    unsigned char signature[513];     /* largest signature size + '\n' */
+    unsigned int signatureLength = 0; /* actual length of the signature */
+    PRBool keyvalid = PR_TRUE;
+
+    RSAPublicKey rsaBlapiPublicKey; /* hold RSA public key */
+
+    rsareq = fopen(reqfn, "r");
+    rsaresp = stdout;
+    memset(&rsaBlapiPublicKey, 0, sizeof(RSAPublicKey));
+
+    while (fgets(buf, sizeof buf, rsareq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, rsaresp);
+            continue;
+        }
+
+        /* [Mod = ...] */
+        if (buf[0] == '[') {
+            unsigned int flen; /* length in bytes of the field size */
+
+            if (rsaBlapiPublicKey.modulus.data) { /* n */
+                SECITEM_ZfreeItem(&rsaBlapiPublicKey.modulus, PR_FALSE);
+            }
+            if (sscanf(buf, "[mod = %d]", &modulus) != 1) {
+                goto loser;
+            }
+
+            if (modulus > RSA_MAX_TEST_MODULUS_BITS) {
+                fprintf(rsaresp, "ERROR: modulus greater than test maximum\n");
+                goto loser;
+            }
+
+            fputs(buf, rsaresp);
+
+            signatureLength = flen = modulus / 8;
+
+            SECITEM_AllocItem(NULL, &rsaBlapiPublicKey.modulus, flen);
+            if (rsaBlapiPublicKey.modulus.data == NULL) {
+                goto loser;
+            }
+            continue;
+        }
+
+        /* n = ... modulus */
+        if (buf[0] == 'n') {
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            keyvalid = from_hex_str(&rsaBlapiPublicKey.modulus.data[0],
+                                    rsaBlapiPublicKey.modulus.len,
+                                    &buf[i]);
+
+            if (!keyvalid) {
+                fprintf(rsaresp, "ERROR: rsa_sigver n not valid.\n");
+                goto loser;
+            }
+            fputs(buf, rsaresp);
+            continue;
+        }
+
+        /* SHAAlg = ... */
+        if (strncmp(buf, "SHAAlg", 6) == 0) {
+            i = 6;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            /* set the SHA Algorithm */
+            if (strncmp(&buf[i], "SHA1", 4) == 0) {
+                shaAlg = HASH_AlgSHA1;
+            } else if (strncmp(&buf[i], "SHA224", 6) == 0) {
+                shaAlg = HASH_AlgSHA224;
+            } else if (strncmp(&buf[i], "SHA256", 6) == 0) {
+                shaAlg = HASH_AlgSHA256;
+            } else if (strncmp(&buf[i], "SHA384", 6) == 0) {
+                shaAlg = HASH_AlgSHA384;
+            } else if (strncmp(&buf[i], "SHA512", 6) == 0) {
+                shaAlg = HASH_AlgSHA512;
+            } else {
+                fprintf(rsaresp, "ERROR: Unable to find SHAAlg type");
+                goto loser;
+            }
+            fputs(buf, rsaresp);
+            continue;
+        }
+
+        /* e = ... public Key */
+        if (buf[0] == 'e') {
+            unsigned char data[RSA_MAX_TEST_EXPONENT_BYTES];
+            unsigned char t;
+
+            memset(data, 0, sizeof data);
+
+            if (rsaBlapiPublicKey.publicExponent.data) { /* e */
+                SECITEM_ZfreeItem(&rsaBlapiPublicKey.publicExponent, PR_FALSE);
+            }
+
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            /* skip leading zero's */
+            while (isxdigit(buf[i])) {
+                hex_to_byteval(&buf[i], &t);
+                if (t == 0) {
+                    i += 2;
+                } else
+                    break;
+            }
+
+            /* get the exponent */
+            for (j = 0; isxdigit(buf[i]) && j < sizeof data; i += 2, j++) {
+                hex_to_byteval(&buf[i], &data[j]);
+            }
+
+            if (j == 0) {
+                j = 1;
+            } /* to handle 1 byte length exponents */
+
+            SECITEM_AllocItem(NULL, &rsaBlapiPublicKey.publicExponent, j);
+            if (rsaBlapiPublicKey.publicExponent.data == NULL) {
+                goto loser;
+            }
+
+            for (i = 0; i < j; i++) {
+                rsaBlapiPublicKey.publicExponent.data[i] = data[i];
+            }
+
+            fputs(buf, rsaresp);
+            continue;
+        }
+
+        /* Msg = ... */
+        if (strncmp(buf, "Msg", 3) == 0) {
+            unsigned char msg[128]; /* MAX msg 128 */
+
+            memset(sha, 0, sizeof sha);
+            memset(msg, 0, sizeof msg);
+
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+
+            for (j = 0; isxdigit(buf[i]) && j < sizeof msg; i += 2, j++) {
+                hex_to_byteval(&buf[i], &msg[j]);
+            }
+
+            shaLength = fips_hashLen(shaAlg);
+            if (fips_hashBuf(shaAlg, sha, msg, j) != SECSuccess) {
+                if (shaLength == 0) {
+                    fprintf(rsaresp, "ERROR: SHAAlg not defined.");
+                }
+                fprintf(rsaresp, "ERROR: Unable to generate SHA%x",
+                        shaLength == 160 ? 1 : shaLength);
+                goto loser;
+            }
+
+            fputs(buf, rsaresp);
+            continue;
+        }
+
+        /* S = ... */
+        if (buf[0] == 'S') {
+            SECStatus rv = SECFailure;
+            NSSLOWKEYPublicKey *rsa_public_key;
+            NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
+                                                      NSSLOWKEYRSAKey };
+
+            /* convert to a low RSA public key */
+            low_RSA_public_key.u.rsa = rsaBlapiPublicKey;
+            rsa_public_key = &low_RSA_public_key;
+
+            memset(signature, 0, sizeof(signature));
+            i = 1;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+
+            for (j = 0; isxdigit(buf[i]) && j < sizeof signature; i += 2, j++) {
+                hex_to_byteval(&buf[i], &signature[j]);
+            }
+
+            signatureLength = j;
+            fputs(buf, rsaresp);
+
+            shaOid = fips_hashOid(shaAlg);
+
+            /* Perform RSA verification with the RSA public key. */
+            rv = RSA_HashCheckSign(shaOid,
+                                   rsa_public_key,
+                                   signature,
+                                   signatureLength,
+                                   sha,
+                                   shaLength);
+            if (rv == SECSuccess) {
+                fputs("Result = P\n", rsaresp);
+            } else {
+                fputs("Result = F\n", rsaresp);
+            }
+            continue;
+        }
+    }
+loser:
+    fclose(rsareq);
+    if (rsaBlapiPublicKey.modulus.data) { /* n */
+        SECITEM_ZfreeItem(&rsaBlapiPublicKey.modulus, PR_FALSE);
+    }
+    if (rsaBlapiPublicKey.publicExponent.data) { /* e */
+        SECITEM_ZfreeItem(&rsaBlapiPublicKey.publicExponent, PR_FALSE);
+    }
+}
+
+void
+tls(char *reqfn)
+{
+    char buf[256]; /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "XSeed = <128 hex digits>\n".
+                         */
+    unsigned char *pms = NULL;
+    int pms_len;
+    unsigned char *master_secret = NULL;
+    unsigned char *key_block = NULL;
+    int key_block_len;
+    unsigned char serverHello_random[SSL3_RANDOM_LENGTH];
+    unsigned char clientHello_random[SSL3_RANDOM_LENGTH];
+    unsigned char server_random[SSL3_RANDOM_LENGTH];
+    unsigned char client_random[SSL3_RANDOM_LENGTH];
+    FILE *tlsreq = NULL; /* input stream from the REQUEST file */
+    FILE *tlsresp;       /* output stream to the RESPONSE file */
+    unsigned int i, j;
+    CK_SLOT_ID slotList[10];
+    CK_SLOT_ID slotID;
+    CK_ULONG slotListCount = sizeof(slotList) / sizeof(slotList[0]);
+    CK_ULONG count;
+    static const CK_C_INITIALIZE_ARGS pk11args = {
+        NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS,
+        (void *)"flags=readOnly,noCertDB,noModDB", NULL
+    };
+    static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY;
+    static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET;
+    static CK_BBOOL ck_true = CK_TRUE;
+    static CK_ULONG one = 1;
+    CK_ATTRIBUTE create_template[] = {
+        { CKA_VALUE, NULL, 0 },
+        { CKA_CLASS, &ck_secret, sizeof(ck_secret) },
+        { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) },
+        { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+    };
+    CK_ULONG create_template_count =
+        sizeof(create_template) / sizeof(create_template[0]);
+    CK_ATTRIBUTE derive_template[] = {
+        { CKA_CLASS, &ck_secret, sizeof(ck_secret) },
+        { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) },
+        { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+        { CKA_VALUE_LEN, &one, sizeof(one) },
+    };
+    CK_ULONG derive_template_count =
+        sizeof(derive_template) / sizeof(derive_template[0]);
+    CK_ATTRIBUTE master_template =
+        { CKA_VALUE, NULL, 0 };
+    CK_ATTRIBUTE kb1_template =
+        { CKA_VALUE, NULL, 0 };
+    CK_ATTRIBUTE kb2_template =
+        { CKA_VALUE, NULL, 0 };
+
+    CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE, NULL, 0 };
+    CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE, NULL, 0 };
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
+    CK_SSL3_KEY_MAT_PARAMS key_block_params;
+    CK_SSL3_KEY_MAT_OUT key_material;
+    CK_RV crv;
+
+    /* set up PKCS #11 parameters */
+    master_params.pVersion = NULL;
+    master_params.RandomInfo.pClientRandom = clientHello_random;
+    master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random);
+    master_params.RandomInfo.pServerRandom = serverHello_random;
+    master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random);
+    master_mech.pParameter = (void *)&master_params;
+    master_mech.ulParameterLen = sizeof(master_params);
+    key_block_params.ulMacSizeInBits = 0;
+    key_block_params.ulKeySizeInBits = 0;
+    key_block_params.ulIVSizeInBits = 0;
+    key_block_params.bIsExport = PR_FALSE; /* ignored anyway for TLS mech */
+    key_block_params.RandomInfo.pClientRandom = client_random;
+    key_block_params.RandomInfo.ulClientRandomLen = sizeof(client_random);
+    key_block_params.RandomInfo.pServerRandom = server_random;
+    key_block_params.RandomInfo.ulServerRandomLen = sizeof(server_random);
+    key_block_params.pReturnedKeyMaterial = &key_material;
+    key_block_mech.pParameter = (void *)&key_block_params;
+    key_block_mech.ulParameterLen = sizeof(key_block_params);
+
+    crv = NSC_Initialize((CK_VOID_PTR)&pk11args);
+    if (crv != CKR_OK) {
+        fprintf(stderr, "NSC_Initialize failed crv=0x%x\n", (unsigned int)crv);
+        goto loser;
+    }
+    count = slotListCount;
+    crv = NSC_GetSlotList(PR_TRUE, slotList, &count);
+    if (crv != CKR_OK) {
+        fprintf(stderr, "NSC_GetSlotList failed crv=0x%x\n", (unsigned int)crv);
+        goto loser;
+    }
+    if ((count > slotListCount) || count < 1) {
+        fprintf(stderr,
+                "NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n",
+                (int)count, (int)slotListCount);
+        goto loser;
+    }
+    slotID = slotList[0];
+    tlsreq = fopen(reqfn, "r");
+    tlsresp = stdout;
+    while (fgets(buf, sizeof buf, tlsreq) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            fputs(buf, tlsresp);
+            continue;
+        }
+        /* [Xchange - SHA1] */
+        if (buf[0] == '[') {
+            if (strncmp(buf, "[TLS", 4) == 0) {
+                if (buf[7] == '0') {
+                    master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE;
+                    key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE;
+                } else if (buf[7] == '2') {
+                    master_mech.mechanism =
+                        CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256;
+                    key_block_mech.mechanism =
+                        CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+                } else {
+                    fprintf(stderr, "Unknown TLS type %x\n",
+                            (unsigned int)buf[0]);
+                    goto loser;
+                }
+            }
+            if (strncmp(buf, "[pre-master", 11) == 0) {
+                if (sscanf(buf, "[pre-master secret length = %d]",
+                           &pms_len) != 1) {
+                    goto loser;
+                }
+                pms_len = pms_len / 8;
+                pms = malloc(pms_len);
+                master_secret = malloc(pms_len);
+                create_template[0].pValue = pms;
+                create_template[0].ulValueLen = pms_len;
+                master_template.pValue = master_secret;
+                master_template.ulValueLen = pms_len;
+            }
+            if (strncmp(buf, "[key", 4) == 0) {
+                if (sscanf(buf, "[key block length = %d]", &key_block_len) != 1) {
+                    goto loser;
+                }
+                key_block_params.ulKeySizeInBits = 8;
+                key_block_params.ulIVSizeInBits = key_block_len / 2 - 8;
+                key_block_len = key_block_len / 8;
+                key_block = malloc(key_block_len);
+                kb1_template.pValue = &key_block[0];
+                kb1_template.ulValueLen = 1;
+                kb2_template.pValue = &key_block[1];
+                kb2_template.ulValueLen = 1;
+                key_material.pIVClient = &key_block[2];
+                key_material.pIVServer = &key_block[2 + key_block_len / 2 - 1];
+            }
+            fputs(buf, tlsresp);
+            continue;
+        }
+        /* "COUNT = x" begins a new data set */
+        if (strncmp(buf, "COUNT", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            memset(pms, 0, pms_len);
+            memset(master_secret, 0, pms_len);
+            memset(key_block, 0, key_block_len);
+            fputs(buf, tlsresp);
+            continue;
+        }
+        /* pre_master_secret = ... */
+        if (strncmp(buf, "pre_master_secret", 17) == 0) {
+            i = 17;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < pms_len; i += 2, j++) {
+                hex_to_byteval(&buf[i], &pms[j]);
+            }
+            fputs(buf, tlsresp);
+            continue;
+        }
+        /* serverHello_random = ... */
+        if (strncmp(buf, "serverHello_random", 18) == 0) {
+            i = 18;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
+                hex_to_byteval(&buf[i], &serverHello_random[j]);
+            }
+            fputs(buf, tlsresp);
+            continue;
+        }
+        /* clientHello_random = ... */
+        if (strncmp(buf, "clientHello_random", 18) == 0) {
+            i = 18;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
+                hex_to_byteval(&buf[i], &clientHello_random[j]);
+            }
+            fputs(buf, tlsresp);
+            continue;
+        }
+        /* server_random = ... */
+        if (strncmp(buf, "server_random", 13) == 0) {
+            i = 13;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
+                hex_to_byteval(&buf[i], &server_random[j]);
+            }
+            fputs(buf, tlsresp);
+            continue;
+        }
+        /* client_random = ... */
+        if (strncmp(buf, "client_random", 13) == 0) {
+            CK_SESSION_HANDLE session;
+            CK_OBJECT_HANDLE pms_handle;
+            CK_OBJECT_HANDLE master_handle;
+            CK_OBJECT_HANDLE fake_handle;
+            i = 13;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; j < SSL3_RANDOM_LENGTH; i += 2, j++) {
+                hex_to_byteval(&buf[i], &client_random[j]);
+            }
+            fputs(buf, tlsresp);
+            crv = NSC_OpenSession(slotID, 0, NULL, NULL, &session);
+            if (crv != CKR_OK) {
+                fprintf(stderr, "NSC_OpenSession failed crv=0x%x\n",
+                        (unsigned int)crv);
+                goto loser;
+            }
+            crv = NSC_CreateObject(session, create_template,
+                                   create_template_count, &pms_handle);
+            if (crv != CKR_OK) {
+                fprintf(stderr, "NSC_CreateObject failed crv=0x%x\n",
+                        (unsigned int)crv);
+                goto loser;
+            }
+            crv = NSC_DeriveKey(session, &master_mech, pms_handle,
+                                derive_template, derive_template_count -
+                                                     1,
+                                &master_handle);
+            if (crv != CKR_OK) {
+                fprintf(stderr, "NSC_DeriveKey(master) failed crv=0x%x\n",
+                        (unsigned int)crv);
+                goto loser;
+            }
+            crv = NSC_GetAttributeValue(session, master_handle,
+                                        &master_template, 1);
+            if (crv != CKR_OK) {
+                fprintf(stderr, "NSC_GetAttribute failed crv=0x%x\n",
+                        (unsigned int)crv);
+                goto loser;
+            }
+            fputs("master_secret = ", tlsresp);
+            to_hex_str(buf, master_secret, pms_len);
+            fputs(buf, tlsresp);
+            fputc('\n', tlsresp);
+            crv = NSC_DeriveKey(session, &key_block_mech, master_handle,
+                                derive_template, derive_template_count, &fake_handle);
+            if (crv != CKR_OK) {
+                fprintf(stderr,
+                        "NSC_DeriveKey(keyblock) failed crv=0x%x\n",
+                        (unsigned int)crv);
+                goto loser;
+            }
+            crv = NSC_GetAttributeValue(session, key_material.hClientKey,
+                                        &kb1_template, 1);
+            if (crv != CKR_OK) {
+                fprintf(stderr, "NSC_GetAttribute failed crv=0x%x\n",
+                        (unsigned int)crv);
+                goto loser;
+            }
+            crv = NSC_GetAttributeValue(session, key_material.hServerKey,
+                                        &kb2_template, 1);
+            if (crv != CKR_OK) {
+                fprintf(stderr, "NSC_GetAttribute failed crv=0x%x\n",
+                        (unsigned int)crv);
+                goto loser;
+            }
+            fputs("key_block = ", tlsresp);
+            to_hex_str(buf, key_block, key_block_len);
+            fputs(buf, tlsresp);
+            fputc('\n', tlsresp);
+            crv = NSC_CloseSession(session);
+            continue;
+        }
+    }
+loser:
+    NSC_Finalize(NULL);
+    if (pms)
+        free(pms);
+    if (master_secret)
+        free(master_secret);
+    if (key_block)
+        free(key_block);
+    if (tlsreq)
+        fclose(tlsreq);
+}
+
+int
+main(int argc, char **argv)
+{
+    if (argc < 2)
+        exit(-1);
+
+    RNG_RNGInit();
+    SECOID_Init();
+
+    /*************/
+    /*   TDEA    */
+    /*************/
+    if (strcmp(argv[1], "tdea") == 0) {
+        /* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=<test name>.req */
+        if (strcmp(argv[2], "kat") == 0) {
+            /* Known Answer Test (KAT) */
+            tdea_kat_mmt(argv[4]);
+        } else if (strcmp(argv[2], "mmt") == 0) {
+            /* Multi-block Message Test (MMT) */
+            tdea_kat_mmt(argv[4]);
+        } else if (strcmp(argv[2], "mct") == 0) {
+            /* Monte Carlo Test (MCT) */
+            if (strcmp(argv[3], "ecb") == 0) {
+                /* ECB mode */
+                tdea_mct(NSS_DES_EDE3, argv[4]);
+            } else if (strcmp(argv[3], "cbc") == 0) {
+                /* CBC mode */
+                tdea_mct(NSS_DES_EDE3_CBC, argv[4]);
+            }
+        }
+        /*************/
+        /*   AES     */
+        /*************/
+    } else if (strcmp(argv[1], "aes") == 0) {
+        /* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=<test name>.req */
+        if (strcmp(argv[2], "kat") == 0) {
+            /* Known Answer Test (KAT) */
+            aes_kat_mmt(argv[4]);
+        } else if (strcmp(argv[2], "mmt") == 0) {
+            /* Multi-block Message Test (MMT) */
+            aes_kat_mmt(argv[4]);
+        } else if (strcmp(argv[2], "gcm") == 0) {
+            if (strcmp(argv[3], "decrypt") == 0) {
+                aes_gcm(argv[4], 0);
+            } else if (strcmp(argv[3], "encrypt_extiv") == 0) {
+                aes_gcm(argv[4], 1);
+            } else if (strcmp(argv[3], "encrypt_intiv") == 0) {
+                aes_gcm(argv[4], 2);
+            }
+        } else if (strcmp(argv[2], "mct") == 0) {
+            /* Monte Carlo Test (MCT) */
+            if (strcmp(argv[3], "ecb") == 0) {
+                /* ECB mode */
+                aes_ecb_mct(argv[4]);
+            } else if (strcmp(argv[3], "cbc") == 0) {
+                /* CBC mode */
+                aes_cbc_mct(argv[4]);
+            }
+        }
+        /*************/
+        /*   SHA     */
+        /*************/
+    } else if (strcmp(argv[1], "sha") == 0) {
+        sha_test(argv[2]);
+        /*************/
+        /*   RSA     */
+        /*************/
+    } else if (strcmp(argv[1], "rsa") == 0) {
+        /* argv[2]=siggen|sigver */
+        /* argv[3]=<test name>.req */
+        if (strcmp(argv[2], "siggen") == 0) {
+            /* Signature Generation Test */
+            rsa_siggen_test(argv[3]);
+        } else if (strcmp(argv[2], "sigver") == 0) {
+            /* Signature Verification Test */
+            rsa_sigver_test(argv[3]);
+        } else if (strcmp(argv[2], "keypair") == 0) {
+            /* Key Pair Generation Test */
+            rsa_keypair_test(argv[3]);
+        }
+        /*************/
+        /*   HMAC    */
+        /*************/
+    } else if (strcmp(argv[1], "hmac") == 0) {
+        hmac_test(argv[2]);
+        /*************/
+        /*   DSA     */
+        /*************/
+    } else if (strcmp(argv[1], "dsa") == 0) {
+        /* argv[2]=keypair|pqggen|pqgver|siggen|sigver */
+        /* argv[3]=<test name>.req */
+        if (strcmp(argv[2], "keypair") == 0) {
+            /* Key Pair Generation Test */
+            dsa_keypair_test(argv[3]);
+        } else if (strcmp(argv[2], "pqggen") == 0) {
+            /* Domain Parameter Generation Test */
+            dsa_pqggen_test(argv[3]);
+        } else if (strcmp(argv[2], "pqgver") == 0) {
+            /* Domain Parameter Validation Test */
+            dsa_pqgver_test(argv[3]);
+        } else if (strcmp(argv[2], "siggen") == 0) {
+            /* Signature Generation Test */
+            dsa_siggen_test(argv[3]);
+        } else if (strcmp(argv[2], "sigver") == 0) {
+            /* Signature Verification Test */
+            dsa_sigver_test(argv[3]);
+        }
+#ifndef NSS_DISABLE_ECC
+        /*************/
+        /*   ECDSA   */
+        /*************/
+    } else if (strcmp(argv[1], "ecdsa") == 0) {
+        /* argv[2]=keypair|pkv|siggen|sigver argv[3]=<test name>.req */
+        if (strcmp(argv[2], "keypair") == 0) {
+            /* Key Pair Generation Test */
+            ecdsa_keypair_test(argv[3]);
+        } else if (strcmp(argv[2], "pkv") == 0) {
+            /* Public Key Validation Test */
+            ecdsa_pkv_test(argv[3]);
+        } else if (strcmp(argv[2], "siggen") == 0) {
+            /* Signature Generation Test */
+            ecdsa_siggen_test(argv[3]);
+        } else if (strcmp(argv[2], "sigver") == 0) {
+            /* Signature Verification Test */
+            ecdsa_sigver_test(argv[3]);
+        }
+#endif /* NSS_DISABLE_ECC */
+        /*************/
+        /*   RNG     */
+        /*************/
+    } else if (strcmp(argv[1], "rng") == 0) {
+        /* argv[2]=vst|mct argv[3]=<test name>.req */
+        if (strcmp(argv[2], "vst") == 0) {
+            /* Variable Seed Test */
+            rng_vst(argv[3]);
+        } else if (strcmp(argv[2], "mct") == 0) {
+            /* Monte Carlo Test */
+            rng_mct(argv[3]);
+        }
+    } else if (strcmp(argv[1], "drbg") == 0) {
+        /* Variable Seed Test */
+        drbg(argv[2]);
+    } else if (strcmp(argv[1], "ddrbg") == 0) {
+        debug = 1;
+        drbg(argv[2]);
+    }
+    return 0;
+}
diff --git a/nss/cmd/fipstest/fipstest.gyp b/nss/cmd/fipstest/fipstest.gyp
new file mode 100644
index 0000000..41024ca
--- /dev/null
+++ b/nss/cmd/fipstest/fipstest.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'fipstest',
+      'type': 'executable',
+      'sources': [
+        'fipstest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/fipstest/hmac.sh b/nss/cmd/fipstest/hmac.sh
new file mode 100755
index 0000000..d29dbc2
--- /dev/null
+++ b/nss/cmd/fipstest/hmac.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST HMAC Algorithm Validation Suite
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/HMAC
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+                               
+hmac_requests="
+HMAC.req
+"
+
+if [ ${COMMAND} = "verify" ]; then
+    for request in $hmac_requests; do
+	sh ./validate1.sh ${TESTDIR} $request
+    done
+    exit 0
+fi
+for request in $hmac_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest hmac ${REQDIR}/$request > ${RSPDIR}/$response
+done
+
diff --git a/nss/cmd/fipstest/manifest.mn b/nss/cmd/fipstest/manifest.mn
new file mode 100644
index 0000000..1cebd79
--- /dev/null
+++ b/nss/cmd/fipstest/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+PROGRAM = fipstest
+
+USE_STATIC_LIBS = 1
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	fipstest.c \
+	$(NULL)
+
diff --git a/nss/cmd/fipstest/rng.sh b/nss/cmd/fipstest/rng.sh
new file mode 100644
index 0000000..1a313b4
--- /dev/null
+++ b/nss/cmd/fipstest/rng.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST RNG Validation Suite
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/DRBG800-90A
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+drbg_requests="
+Hash_DRBG.req
+"
+
+if [ ${COMMAND} = "verify" ]; then
+    for request in $drbg_requests; do
+	sh ./validate1.sh ${TESTDIR} $request
+    done
+    exit 0
+fi
+for request in $drbg_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest drbg ${REQDIR}/$request > ${RSPDIR}/$response
+done
diff --git a/nss/cmd/fipstest/rsa.sh b/nss/cmd/fipstest/rsa.sh
new file mode 100644
index 0000000..b86a739
--- /dev/null
+++ b/nss/cmd/fipstest/rsa.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST RSA Validation System
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/RSA2
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+if [ ${COMMAND} = "verify" ]; then
+#verify the signatures. The fax file does not have any known answers, so
+#use our own verify function.
+    name=SigGen15_186-3
+    echo ">>>>>  $name"
+    fipstest rsa sigver ${RSPDIR}/$name.rsp | grep ^Result.=.F
+#    fipstest rsa sigver ${REQDIR}/SigVer15_186-3.req | grep ^Result.=.F
+#The Fax file has the private exponent and the salt value, remove it
+#also remove the false reason
+    sh ./validate1.sh ${TESTDIR} SigVer15_186-3.req ' ' '-e /^SaltVal/d -e/^d.=/d -e /^p.=/d -e /^q.=/d -e /^EM.with/d -e /^Result.=.F/s;.(.*);;'
+#
+# currently don't have a way to verify the RSA keygen
+#
+    exit 0
+fi
+
+request=SigGen15_186-3.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest rsa siggen ${REQDIR}/$request > ${RSPDIR}/$response
+
+request=SigVer15_186-3.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest rsa sigver ${REQDIR}/$request > ${RSPDIR}/$response
+
+#request=KeyGen_186-3.req
+request=KeyGen_RandomProbablyPrime3_3.req
+response=`echo $request | sed -e "s/req/rsp/"`
+echo $request $response
+fipstest rsa keypair ${REQDIR}/$request > ${RSPDIR}/$response
diff --git a/nss/cmd/fipstest/runtest.sh b/nss/cmd/fipstest/runtest.sh
new file mode 100644
index 0000000..99cefed
--- /dev/null
+++ b/nss/cmd/fipstest/runtest.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+TESTDIR=${1-.}
+COMMAND=${2-run}
+TESTS="aes aesgcm dsa ecdsa hmac tls rng rsa sha tdea"
+if [ ${NSS_ENABLE_ECC}x = 1x ]; then
+   TESTS=${TESTS} ecdsa
+fi
+for i in $TESTS
+do
+    echo "********************Running $i tests"
+    sh ./${i}.sh ${TESTDIR} ${COMMAND}
+done
diff --git a/nss/cmd/fipstest/sha.sh b/nss/cmd/fipstest/sha.sh
new file mode 100644
index 0000000..ccc52d2
--- /dev/null
+++ b/nss/cmd/fipstest/sha.sh
@@ -0,0 +1,66 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST SHA Algorithm Validation Suite
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/SHA
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+                               
+sha_ShortMsg_requests="
+SHA1ShortMsg.req
+SHA224ShortMsg.req
+SHA256ShortMsg.req
+SHA384ShortMsg.req
+SHA512ShortMsg.req
+"
+
+sha_LongMsg_requests="
+SHA1LongMsg.req
+SHA224LongMsg.req
+SHA256LongMsg.req
+SHA384LongMsg.req
+SHA512LongMsg.req
+"
+
+sha_Monte_requests="
+SHA1Monte.req
+SHA224Monte.req
+SHA256Monte.req
+SHA384Monte.req
+SHA512Monte.req
+"
+
+if [ ${COMMAND} = "verify" ]; then
+    for request in $sha_ShortMsg_requests $sha_LongMsg_requests $sha_Monte_requests; do
+	sh ./validate1.sh ${TESTDIR} $request
+    done
+    exit 0
+fi
+
+for request in $sha_ShortMsg_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $sha_LongMsg_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $sha_Monte_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest sha ${REQDIR}/$request > ${RSPDIR}/$response
+done
+
diff --git a/nss/cmd/fipstest/tdea.sh b/nss/cmd/fipstest/tdea.sh
new file mode 100644
index 0000000..cbddad7
--- /dev/null
+++ b/nss/cmd/fipstest/tdea.sh
@@ -0,0 +1,106 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST tdea Algorithm Validation Suite
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/TDES
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+#CBC_Known_Answer_tests
+#Initial Permutation KAT  
+#Permutation Operation KAT 
+#Subsitution Table KAT    
+#Variable Key KAT         
+#Variable PlainText KAT   
+cbc_kat_requests="
+TCBCinvperm.req   
+TCBCpermop.req    
+TCBCsubtab.req    
+TCBCvarkey.req    
+TCBCvartext.req   
+"
+
+#CBC Monte Carlo KATs
+cbc_monte_requests="
+TCBCMonte1.req
+TCBCMonte2.req
+TCBCMonte3.req
+"
+#Multi-block Message KATs
+cbc_mmt_requests="
+TCBCMMT1.req
+TCBCMMT2.req
+TCBCMMT3.req
+"
+
+ecb_kat_requests="
+TECBinvperm.req   
+TECBpermop.req    
+TECBsubtab.req    
+TECBvarkey.req    
+TECBvartext.req   
+"
+
+ecb_monte_requests="
+TECBMonte1.req
+TECBMonte2.req
+TECBMonte3.req
+"
+
+ecb_mmt_requests="
+TECBMMT1.req
+TECBMMT2.req
+TECBMMT3.req
+"
+
+
+if [ ${COMMAND} = "verify" ]; then
+    for request in $cbc_kat_requests $cbc_monte_requests $cbc_mmt_requests $ecb_kat_requests $ecb_monte_requests $ecb_mmt_requests
+    do
+	sh ./validate1.sh ${TESTDIR} $request "-e /^NumKeys/d"
+    done
+    exit 0
+fi
+
+for request in $cbc_kat_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest tdea kat cbc ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $cbc_mmt_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest tdea mmt cbc ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $cbc_monte_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest tdea mct cbc ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $ecb_kat_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest tdea kat ecb ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $ecb_mmt_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest tdea mmt ecb ${REQDIR}/$request > ${RSPDIR}/$response
+done
+for request in $ecb_monte_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest tdea mct ecb ${REQDIR}/$request > ${RSPDIR}/$response
+done
diff --git a/nss/cmd/fipstest/tls.sh b/nss/cmd/fipstest/tls.sh
new file mode 100644
index 0000000..1c28245
--- /dev/null
+++ b/nss/cmd/fipstest/tls.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# A Bourne shell script for running the NIST RNG Validation Suite
+#
+# Before you run the script, set your PATH, LD_LIBRARY_PATH, ... environment
+# variables appropriately so that the fipstest command and the NSPR and NSS
+# shared libraries/DLLs are on the search path.  Then run this script in the
+# directory where the REQUEST (.req) files reside.  The script generates the
+# RESPONSE (.rsp) files in the same directory.
+BASEDIR=${1-.}
+TESTDIR=${BASEDIR}/KDF135
+COMMAND=${2-run}
+REQDIR=${TESTDIR}/req
+RSPDIR=${TESTDIR}/resp
+
+drbg_requests="
+tls.req
+"
+
+if [ ${COMMAND} = "verify" ]; then
+    for request in $drbg_requests; do
+	sh ./validate1.sh ${TESTDIR} $request
+    done
+    exit 0
+fi
+for request in $drbg_requests; do
+    response=`echo $request | sed -e "s/req/rsp/"`
+    echo $request $response
+    fipstest tls ${REQDIR}/$request > ${RSPDIR}/$response
+done
diff --git a/nss/cmd/fipstest/validate.sh b/nss/cmd/fipstest/validate.sh
new file mode 100644
index 0000000..d446dd5
--- /dev/null
+++ b/nss/cmd/fipstest/validate.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+sh ./runtest.sh ${1-.} verify
diff --git a/nss/cmd/fipstest/validate1.sh b/nss/cmd/fipstest/validate1.sh
new file mode 100644
index 0000000..1440af8
--- /dev/null
+++ b/nss/cmd/fipstest/validate1.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Validate1.sh is a helper shell script that each of the base test shell 
+# scripts call to help validate that the generated response (response) 
+# matches the known answer response (fax). Sometimes (depending on the 
+# individual tests) there are extraneous output in either or both response 
+# and fax files. These allow the caller to pass in additional sed commands 
+# to clear out those extraneous outputs before we compare the two files.
+# The sed line always clears out Windows line endings, replaces tabs with 
+# spaces, and removed comments.
+#
+TESTDIR=${1-.}
+request=${2}
+extraneous_response=${3}
+extraneous_fax=${4}
+name=`basename $request .req`
+echo ">>>>>  $name"
+sed -e 's;
;;g' -e 's;	; ;g' -e '/^#/d' $extraneous_response ${TESTDIR}/resp/${name}.rsp > /tmp/y1
+# if we didn't generate any output, flag that as an error 
+size=`sum /tmp/y1 | awk '{ print $NF }'`
+if [ $size -eq 0 ]; then
+   echo "${TESTDIR}/resp/${name}.rsp: empty"
+   exit 1;
+fi
+sed -e 's;
;;g' -e 's;	; ;g' -e '/^#/d' $extraneous_fax ${TESTDIR}/fax/${name}.fax > /tmp/y2
+diff -i -w -B /tmp/y1 /tmp/y2
diff --git a/nss/cmd/httpserv/Makefile b/nss/cmd/httpserv/Makefile
new file mode 100644
index 0000000..7b74b36
--- /dev/null
+++ b/nss/cmd/httpserv/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/httpserv/httpserv.c b/nss/cmd/httpserv/httpserv.c
new file mode 100644
index 0000000..7cf28c6
--- /dev/null
+++ b/nss/cmd/httpserv/httpserv.c
@@ -0,0 +1,1453 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "secutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#if defined(_WINDOWS)
+#include <process.h> /* for getpid() */
+#endif
+
+#include <signal.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+
+#include "nspr.h"
+#include "prio.h"
+#include "prerror.h"
+#include "prnetdb.h"
+#include "prclist.h"
+#include "plgetopt.h"
+#include "pk11func.h"
+#include "nss.h"
+#include "nssb64.h"
+#include "sechash.h"
+#include "cert.h"
+#include "certdb.h"
+#include "ocsp.h"
+#include "ocspti.h"
+#include "ocspi.h"
+
+#ifndef PORT_Sprintf
+#define PORT_Sprintf sprintf
+#endif
+
+#ifndef PORT_Strstr
+#define PORT_Strstr strstr
+#endif
+
+#ifndef PORT_Malloc
+#define PORT_Malloc PR_Malloc
+#endif
+
+static int handle_connection(PRFileDesc *, PRFileDesc *, int);
+
+/* data and structures for shutdown */
+static int stopping;
+
+static PRBool noDelay;
+static int verbose;
+
+static PRThread *acceptorThread;
+
+static PRLogModuleInfo *lm;
+
+#define PRINTF   \
+    if (verbose) \
+    printf
+#define FPRINTF  \
+    if (verbose) \
+    fprintf
+#define FLUSH           \
+    if (verbose) {      \
+        fflush(stdout); \
+        fflush(stderr); \
+    }
+#define VLOG(arg) PR_LOG(lm, PR_LOG_DEBUG, arg)
+
+static void
+Usage(const char *progName)
+{
+    fprintf(stderr,
+
+            "Usage: %s -p port [-Dbv]\n"
+            "         [-t threads] [-i pid_file]\n"
+            "         [-A nickname -C crl-filename]... [-O method]\n"
+            "         [-d dbdir] [-f password_file] [-w password] [-P dbprefix]\n"
+            "-D means disable Nagle delays in TCP\n"
+            "-b means try binding to the port and exit\n"
+            "-v means verbose output\n"
+            "-t threads -- specify the number of threads to use for connections.\n"
+            "-i pid_file file to write the process id of httpserv\n"
+            "Parameters -A, -C and -O are used to provide an OCSP server at /ocsp?\n"
+            "-A a nickname of a CA certificate\n"
+            "-C a CRL filename corresponding to the preceding CA nickname\n"
+            "-O allowed HTTP methods for OCSP requests: get, post, all, random, get-unknown\n"
+            "   random means: randomly fail if request method is GET, POST always works\n"
+            "   get-unknown means: status unknown for GET, correct status for POST\n"
+            "Multiple pairs of parameters -A and -C are allowed.\n"
+            "If status for a cert from an unknown CA is requested, the cert from the\n"
+            "first -A parameter will be used to sign the unknown status response.\n"
+            "NSS database parameters are used only if OCSP parameters are used.\n",
+            progName);
+}
+
+static const char *
+errWarn(char *funcString)
+{
+    PRErrorCode perr = PR_GetError();
+    const char *errString = SECU_Strerror(perr);
+
+    fprintf(stderr, "httpserv: %s returned error %d:\n%s\n",
+            funcString, perr, errString);
+    return errString;
+}
+
+static void
+errExit(char *funcString)
+{
+    errWarn(funcString);
+    exit(3);
+}
+
+#define MAX_VIRT_SERVER_NAME_ARRAY_INDEX 10
+
+/**************************************************************************
+** Begin thread management routines and data.
+**************************************************************************/
+#define MIN_THREADS 3
+#define DEFAULT_THREADS 8
+#define MAX_THREADS 4096
+#define MAX_PROCS 25
+static int maxThreads = DEFAULT_THREADS;
+
+typedef struct jobStr {
+    PRCList link;
+    PRFileDesc *tcp_sock;
+    PRFileDesc *model_sock;
+    int requestCert;
+} JOB;
+
+static PZLock *qLock;             /* this lock protects all data immediately below */
+static PRLock *lastLoadedCrlLock; /* this lock protects lastLoadedCrl variable */
+static PZCondVar *jobQNotEmptyCv;
+static PZCondVar *freeListNotEmptyCv;
+static PZCondVar *threadCountChangeCv;
+static int threadCount;
+static PRCList jobQ;
+static PRCList freeJobs;
+static JOB *jobTable;
+
+SECStatus
+setupJobs(int maxJobs)
+{
+    int i;
+
+    jobTable = (JOB *)PR_Calloc(maxJobs, sizeof(JOB));
+    if (!jobTable)
+        return SECFailure;
+
+    PR_INIT_CLIST(&jobQ);
+    PR_INIT_CLIST(&freeJobs);
+
+    for (i = 0; i < maxJobs; ++i) {
+        JOB *pJob = jobTable + i;
+        PR_APPEND_LINK(&pJob->link, &freeJobs);
+    }
+    return SECSuccess;
+}
+
+typedef int startFn(PRFileDesc *a, PRFileDesc *b, int c);
+
+typedef enum { rs_idle = 0,
+               rs_running = 1,
+               rs_zombie = 2 } runState;
+
+typedef struct perThreadStr {
+    PRFileDesc *a;
+    PRFileDesc *b;
+    int c;
+    int rv;
+    startFn *startFunc;
+    PRThread *prThread;
+    runState state;
+} perThread;
+
+static perThread *threads;
+
+void
+thread_wrapper(void *arg)
+{
+    perThread *slot = (perThread *)arg;
+
+    slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->c);
+
+    /* notify the thread exit handler. */
+    PZ_Lock(qLock);
+    slot->state = rs_zombie;
+    --threadCount;
+    PZ_NotifyAllCondVar(threadCountChangeCv);
+    PZ_Unlock(qLock);
+}
+
+int
+jobLoop(PRFileDesc *a, PRFileDesc *b, int c)
+{
+    PRCList *myLink = 0;
+    JOB *myJob;
+
+    PZ_Lock(qLock);
+    do {
+        myLink = 0;
+        while (PR_CLIST_IS_EMPTY(&jobQ) && !stopping) {
+            PZ_WaitCondVar(jobQNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
+        }
+        if (!PR_CLIST_IS_EMPTY(&jobQ)) {
+            myLink = PR_LIST_HEAD(&jobQ);
+            PR_REMOVE_AND_INIT_LINK(myLink);
+        }
+        PZ_Unlock(qLock);
+        myJob = (JOB *)myLink;
+        /* myJob will be null when stopping is true and jobQ is empty */
+        if (!myJob)
+            break;
+        handle_connection(myJob->tcp_sock, myJob->model_sock,
+                          myJob->requestCert);
+        PZ_Lock(qLock);
+        PR_APPEND_LINK(myLink, &freeJobs);
+        PZ_NotifyCondVar(freeListNotEmptyCv);
+    } while (PR_TRUE);
+    return 0;
+}
+
+SECStatus
+launch_threads(
+    startFn *startFunc,
+    PRFileDesc *a,
+    PRFileDesc *b,
+    int c,
+    PRBool local)
+{
+    int i;
+    SECStatus rv = SECSuccess;
+
+    /* create the thread management serialization structs */
+    qLock = PZ_NewLock(nssILockSelfServ);
+    jobQNotEmptyCv = PZ_NewCondVar(qLock);
+    freeListNotEmptyCv = PZ_NewCondVar(qLock);
+    threadCountChangeCv = PZ_NewCondVar(qLock);
+
+    /* create monitor for crl reload procedure */
+    lastLoadedCrlLock = PR_NewLock();
+
+    /* allocate the array of thread slots */
+    threads = PR_Calloc(maxThreads, sizeof(perThread));
+    if (NULL == threads) {
+        fprintf(stderr, "Oh Drat! Can't allocate the perThread array\n");
+        return SECFailure;
+    }
+    /* 5 is a little extra, intended to keep the jobQ from underflowing.
+    ** That is, from going empty while not stopping and clients are still
+    ** trying to contact us.
+    */
+    rv = setupJobs(maxThreads + 5);
+    if (rv != SECSuccess)
+        return rv;
+
+    PZ_Lock(qLock);
+    for (i = 0; i < maxThreads; ++i) {
+        perThread *slot = threads + i;
+
+        slot->state = rs_running;
+        slot->a = a;
+        slot->b = b;
+        slot->c = c;
+        slot->startFunc = startFunc;
+        slot->prThread = PR_CreateThread(PR_USER_THREAD,
+                                         thread_wrapper, slot, PR_PRIORITY_NORMAL,
+                                         (PR_TRUE ==
+                                          local)
+                                             ? PR_LOCAL_THREAD
+                                             : PR_GLOBAL_THREAD,
+                                         PR_JOINABLE_THREAD, 0);
+        if (slot->prThread == NULL) {
+            printf("httpserv: Failed to launch thread!\n");
+            slot->state = rs_idle;
+            rv = SECFailure;
+            break;
+        }
+
+        ++threadCount;
+    }
+    PZ_Unlock(qLock);
+
+    return rv;
+}
+
+#define DESTROY_CONDVAR(name)    \
+    if (name) {                  \
+        PZ_DestroyCondVar(name); \
+        name = NULL;             \
+    }
+#define DESTROY_LOCK(name)    \
+    if (name) {               \
+        PZ_DestroyLock(name); \
+        name = NULL;          \
+    }
+
+void
+terminateWorkerThreads(void)
+{
+    int i;
+
+    VLOG(("httpserv: server_thread: waiting on stopping"));
+    PZ_Lock(qLock);
+    PZ_NotifyAllCondVar(jobQNotEmptyCv);
+    PZ_Unlock(qLock);
+
+    /* Wait for worker threads to terminate. */
+    for (i = 0; i < maxThreads; ++i) {
+        perThread *slot = threads + i;
+        if (slot->prThread) {
+            PR_JoinThread(slot->prThread);
+        }
+    }
+
+    /* The worker threads empty the jobQ before they terminate. */
+    PZ_Lock(qLock);
+    PORT_Assert(threadCount == 0);
+    PORT_Assert(PR_CLIST_IS_EMPTY(&jobQ));
+    PZ_Unlock(qLock);
+
+    DESTROY_CONDVAR(jobQNotEmptyCv);
+    DESTROY_CONDVAR(freeListNotEmptyCv);
+    DESTROY_CONDVAR(threadCountChangeCv);
+
+    PR_DestroyLock(lastLoadedCrlLock);
+    DESTROY_LOCK(qLock);
+    PR_Free(jobTable);
+    PR_Free(threads);
+}
+
+/**************************************************************************
+** End   thread management routines.
+**************************************************************************/
+
+PRBool NoReuse = PR_FALSE;
+PRBool disableLocking = PR_FALSE;
+static secuPWData pwdata = { PW_NONE, 0 };
+
+struct caRevoInfoStr {
+    PRCList link;
+    char *nickname;
+    char *crlFilename;
+    CERTCertificate *cert;
+    CERTOCSPCertID *id;
+    CERTSignedCrl *crl;
+};
+typedef struct caRevoInfoStr caRevoInfo;
+/* Created during app init. No locks necessary,
+ * because later on, only read access will occur. */
+static caRevoInfo *caRevoInfos = NULL;
+
+static enum {
+    ocspGetOnly,
+    ocspPostOnly,
+    ocspGetAndPost,
+    ocspRandomGetFailure,
+    ocspGetUnknown
+} ocspMethodsAllowed = ocspGetAndPost;
+
+static const char stopCmd[] = { "GET /stop " };
+static const char getCmd[] = { "GET " };
+static const char outHeader[] = {
+    "HTTP/1.0 200 OK\r\n"
+    "Server: Generic Web Server\r\n"
+    "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
+    "Content-type: text/plain\r\n"
+    "\r\n"
+};
+static const char outOcspHeader[] = {
+    "HTTP/1.0 200 OK\r\n"
+    "Server: Generic OCSP Server\r\n"
+    "Content-type: application/ocsp-response\r\n"
+    "\r\n"
+};
+static const char outBadRequestHeader[] = {
+    "HTTP/1.0 400 Bad Request\r\n"
+    "Server: Generic OCSP Server\r\n"
+    "\r\n"
+};
+
+void
+stop_server()
+{
+    stopping = 1;
+    PR_Interrupt(acceptorThread);
+    PZ_TraceFlush();
+}
+
+/* Will only work if the original input to url encoding was
+ * a base64 encoded buffer. Will only decode the sequences used
+ * for encoding the special base64 characters, and fail if any
+ * other encoded chars are found.
+ * Will return SECSuccess if input could be processed.
+ * Coversion is done in place.
+ */
+static SECStatus
+urldecode_base64chars_inplace(char *buf)
+{
+    char *walk;
+    size_t remaining_bytes;
+
+    if (!buf || !*buf)
+        return SECFailure;
+
+    walk = buf;
+    remaining_bytes = strlen(buf) + 1; /* include terminator */
+
+    while (*walk) {
+        if (*walk == '%') {
+            if (!PL_strncasecmp(walk, "%2B", 3)) {
+                *walk = '+';
+            } else if (!PL_strncasecmp(walk, "%2F", 3)) {
+                *walk = '/';
+            } else if (!PL_strncasecmp(walk, "%3D", 3)) {
+                *walk = '=';
+            } else {
+                return SECFailure;
+            }
+            remaining_bytes -= 3;
+            ++walk;
+            memmove(walk, walk + 2, remaining_bytes);
+        } else {
+            ++walk;
+            --remaining_bytes;
+        }
+    }
+    return SECSuccess;
+}
+
+int
+handle_connection(
+    PRFileDesc *tcp_sock,
+    PRFileDesc *model_sock,
+    int requestCert)
+{
+    PRFileDesc *ssl_sock = NULL;
+    PRFileDesc *local_file_fd = NULL;
+    char *pBuf; /* unused space at end of buf */
+    const char *errString;
+    PRStatus status;
+    int bufRem;    /* unused bytes at end of buf */
+    int bufDat;    /* characters received in buf */
+    int newln = 0; /* # of consecutive newlns */
+    int firstTime = 1;
+    int reqLen;
+    int rv;
+    int numIOVs;
+    PRSocketOptionData opt;
+    PRIOVec iovs[16];
+    char msgBuf[160];
+    char buf[10240];
+    char fileName[513];
+    char *getData = NULL; /* inplace conversion */
+    SECItem postData;
+    PRBool isOcspRequest = PR_FALSE;
+    PRBool isPost;
+
+    postData.data = NULL;
+    postData.len = 0;
+
+    pBuf = buf;
+    bufRem = sizeof buf;
+
+    VLOG(("httpserv: handle_connection: starting"));
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    PR_SetSocketOption(tcp_sock, &opt);
+
+    VLOG(("httpserv: handle_connection: starting\n"));
+    ssl_sock = tcp_sock;
+
+    if (noDelay) {
+        opt.option = PR_SockOpt_NoDelay;
+        opt.value.no_delay = PR_TRUE;
+        status = PR_SetSocketOption(ssl_sock, &opt);
+        if (status != PR_SUCCESS) {
+            errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
+            if (ssl_sock) {
+                PR_Close(ssl_sock);
+            }
+            return SECFailure;
+        }
+    }
+
+    while (1) {
+        const char *post;
+        const char *foundStr = NULL;
+        const char *tmp = NULL;
+
+        newln = 0;
+        reqLen = 0;
+
+        rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
+        if (rv == 0 ||
+            (rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
+            if (verbose)
+                errWarn("HDX PR_Read hit EOF");
+            break;
+        }
+        if (rv < 0) {
+            errWarn("HDX PR_Read");
+            goto cleanup;
+        }
+        /* NULL termination */
+        pBuf[rv] = 0;
+        if (firstTime) {
+            firstTime = 0;
+        }
+
+        pBuf += rv;
+        bufRem -= rv;
+        bufDat = pBuf - buf;
+        /* Parse the input, starting at the beginning of the buffer.
+         * Stop when we detect two consecutive \n's (or \r\n's)
+         * as this signifies the end of the GET or POST portion.
+         * The posted data follows.
+         */
+        while (reqLen < bufDat && newln < 2) {
+            int octet = buf[reqLen++];
+            if (octet == '\n') {
+                newln++;
+            } else if (octet != '\r') {
+                newln = 0;
+            }
+        }
+
+        /* came to the end of the buffer, or second newln
+         * If we didn't get an empty line (CRLFCRLF) then keep on reading.
+         */
+        if (newln < 2)
+            continue;
+
+        /* we're at the end of the HTTP request.
+         * If the request is a POST, then there will be one more
+         * line of data.
+         * This parsing is a hack, but ok for SSL test purposes.
+         */
+        post = PORT_Strstr(buf, "POST ");
+        if (!post || *post != 'P')
+            break;
+
+        postData.data = (void *)(buf + reqLen);
+
+        tmp = "content-length: ";
+        foundStr = PL_strcasestr(buf, tmp);
+        if (foundStr) {
+            int expectedPostLen;
+            int havePostLen;
+
+            expectedPostLen = atoi(foundStr + strlen(tmp));
+            havePostLen = bufDat - reqLen;
+            if (havePostLen >= expectedPostLen) {
+                postData.len = expectedPostLen;
+                break;
+            }
+        } else {
+            /* use legacy hack */
+            /* It's a post, so look for the next and final CR/LF. */
+            while (reqLen < bufDat && newln < 3) {
+                int octet = buf[reqLen++];
+                if (octet == '\n') {
+                    newln++;
+                }
+            }
+            if (newln == 3)
+                break;
+        }
+    } /* read loop */
+
+    bufDat = pBuf - buf;
+    if (bufDat)
+        do { /* just close if no data */
+            /* Have either (a) a complete get, (b) a complete post, (c) EOF */
+            if (reqLen > 0) {
+                PRBool isGetOrPost = PR_FALSE;
+                unsigned skipChars = 0;
+                isPost = PR_FALSE;
+
+                if (!strncmp(buf, getCmd, sizeof getCmd - 1)) {
+                    isGetOrPost = PR_TRUE;
+                    skipChars = 4;
+                } else if (!strncmp(buf, "POST ", 5)) {
+                    isGetOrPost = PR_TRUE;
+                    isPost = PR_TRUE;
+                    skipChars = 5;
+                }
+
+                if (isGetOrPost) {
+                    char *fnBegin = buf;
+                    char *fnEnd;
+                    char *fnstart = NULL;
+                    PRFileInfo info;
+
+                    fnBegin += skipChars;
+
+                    fnEnd = strpbrk(fnBegin, " \r\n");
+                    if (fnEnd) {
+                        int fnLen = fnEnd - fnBegin;
+                        if (fnLen < sizeof fileName) {
+                            strncpy(fileName, fnBegin, fnLen);
+                            fileName[fnLen] = 0; /* null terminate */
+                            fnstart = fileName;
+                            /* strip initial / because our root is the current directory*/
+                            while (*fnstart && *fnstart == '/')
+                                ++fnstart;
+                        }
+                    }
+                    if (fnstart) {
+                        if (!strncmp(fnstart, "ocsp", 4)) {
+                            if (isPost) {
+                                if (postData.data) {
+                                    isOcspRequest = PR_TRUE;
+                                }
+                            } else {
+                                if (!strncmp(fnstart, "ocsp/", 5)) {
+                                    isOcspRequest = PR_TRUE;
+                                    getData = fnstart + 5;
+                                }
+                            }
+                        } else {
+                            /* try to open the file named.
+                             * If successful, then write it to the client.
+                             */
+                            status = PR_GetFileInfo(fnstart, &info);
+                            if (status == PR_SUCCESS &&
+                                info.type == PR_FILE_FILE &&
+                                info.size >= 0) {
+                                local_file_fd = PR_Open(fnstart, PR_RDONLY, 0);
+                            }
+                        }
+                    }
+                }
+            }
+
+            numIOVs = 0;
+
+            iovs[numIOVs].iov_base = (char *)outHeader;
+            iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
+            numIOVs++;
+
+            if (isOcspRequest && caRevoInfos) {
+                CERTOCSPRequest *request = NULL;
+                PRBool failThisRequest = PR_FALSE;
+                PLArenaPool *arena = NULL;
+
+                if (ocspMethodsAllowed == ocspGetOnly && postData.len) {
+                    failThisRequest = PR_TRUE;
+                } else if (ocspMethodsAllowed == ocspPostOnly && getData) {
+                    failThisRequest = PR_TRUE;
+                } else if (ocspMethodsAllowed == ocspRandomGetFailure && getData) {
+                    if (!(rand() % 2)) {
+                        failThisRequest = PR_TRUE;
+                    }
+                }
+
+                if (failThisRequest) {
+                    PR_Write(ssl_sock, outBadRequestHeader, strlen(outBadRequestHeader));
+                    break;
+                }
+                /* get is base64, post is binary.
+                 * If we have base64, convert into the (empty) postData array.
+                 */
+                if (getData) {
+                    if (urldecode_base64chars_inplace(getData) == SECSuccess) {
+                        /* The code below can handle a NULL arena */
+                        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                        NSSBase64_DecodeBuffer(arena, &postData, getData, strlen(getData));
+                    }
+                }
+                if (postData.len) {
+                    request = CERT_DecodeOCSPRequest(&postData);
+                }
+                if (arena) {
+                    PORT_FreeArena(arena, PR_FALSE);
+                }
+                if (!request || !request->tbsRequest ||
+                    !request->tbsRequest->requestList ||
+                    !request->tbsRequest->requestList[0]) {
+                    PORT_Sprintf(msgBuf, "Cannot decode OCSP request.\r\n");
+
+                    iovs[numIOVs].iov_base = msgBuf;
+                    iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                    numIOVs++;
+                } else {
+                    /* TODO: support more than one request entry */
+                    CERTOCSPCertID *reqid = request->tbsRequest->requestList[0]->reqCert;
+                    const caRevoInfo *revoInfo = NULL;
+                    PRBool unknown = PR_FALSE;
+                    PRBool revoked = PR_FALSE;
+                    PRTime nextUpdate = 0;
+                    PRTime revoDate = 0;
+                    PRCList *caRevoIter;
+
+                    caRevoIter = &caRevoInfos->link;
+                    do {
+                        CERTOCSPCertID *caid;
+
+                        revoInfo = (caRevoInfo *)caRevoIter;
+                        caid = revoInfo->id;
+
+                        if (SECOID_CompareAlgorithmID(&reqid->hashAlgorithm,
+                                                      &caid->hashAlgorithm) == SECEqual &&
+                            SECITEM_CompareItem(&reqid->issuerNameHash,
+                                                &caid->issuerNameHash) == SECEqual &&
+                            SECITEM_CompareItem(&reqid->issuerKeyHash,
+                                                &caid->issuerKeyHash) == SECEqual) {
+                            break;
+                        }
+                        revoInfo = NULL;
+                        caRevoIter = PR_NEXT_LINK(caRevoIter);
+                    } while (caRevoIter != &caRevoInfos->link);
+
+                    if (!revoInfo) {
+                        unknown = PR_TRUE;
+                        revoInfo = caRevoInfos;
+                    } else {
+                        CERTCrl *crl = &revoInfo->crl->crl;
+                        CERTCrlEntry *entry = NULL;
+                        DER_DecodeTimeChoice(&nextUpdate, &crl->nextUpdate);
+                        if (crl->entries) {
+                            int iv = 0;
+                            /* assign, not compare */
+                            while ((entry = crl->entries[iv++])) {
+                                if (SECITEM_CompareItem(&reqid->serialNumber,
+                                                        &entry->serialNumber) == SECEqual) {
+                                    break;
+                                }
+                            }
+                        }
+                        if (entry) {
+                            /* revoked status response */
+                            revoked = PR_TRUE;
+                            DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
+                        } else {
+                            /* else good status response */
+                            if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
+                                unknown = PR_TRUE;
+                                nextUpdate = PR_Now() + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /*tomorrow*/
+                                revoDate = PR_Now() - (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC;   /*yesterday*/
+                            }
+                        }
+                    }
+
+                    {
+                        PRTime now = PR_Now();
+                        PLArenaPool *arena = NULL;
+                        CERTOCSPSingleResponse *sr;
+                        CERTOCSPSingleResponse **singleResponses;
+                        SECItem *ocspResponse;
+
+                        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+                        if (unknown) {
+                            sr = CERT_CreateOCSPSingleResponseUnknown(arena, reqid, now,
+                                                                      &nextUpdate);
+                        } else if (revoked) {
+                            sr = CERT_CreateOCSPSingleResponseRevoked(arena, reqid, now,
+                                                                      &nextUpdate, revoDate, NULL);
+                        } else {
+                            sr = CERT_CreateOCSPSingleResponseGood(arena, reqid, now,
+                                                                   &nextUpdate);
+                        }
+
+                        /* meaning of value 2: one entry + one end marker */
+                        singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
+                        singleResponses[0] = sr;
+                        singleResponses[1] = NULL;
+                        ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
+                                                                             revoInfo->cert, ocspResponderID_byName, now,
+                                                                             singleResponses, &pwdata);
+
+                        if (!ocspResponse) {
+                            PORT_Sprintf(msgBuf, "Failed to encode response\r\n");
+                            iovs[numIOVs].iov_base = msgBuf;
+                            iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                            numIOVs++;
+                        } else {
+                            PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
+                            PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
+                            PORT_FreeArena(arena, PR_FALSE);
+                        }
+                    }
+                    CERT_DestroyOCSPRequest(request);
+                    break;
+                }
+            } else if (local_file_fd) {
+                PRInt32 bytes;
+                int errLen;
+                bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
+                                        sizeof outHeader - 1,
+                                        PR_TRANSMITFILE_KEEP_OPEN,
+                                        PR_INTERVAL_NO_TIMEOUT);
+                if (bytes >= 0) {
+                    bytes -= sizeof outHeader - 1;
+                    FPRINTF(stderr,
+                            "httpserv: PR_TransmitFile wrote %d bytes from %s\n",
+                            bytes, fileName);
+                    break;
+                }
+                errString = errWarn("PR_TransmitFile");
+                errLen = PORT_Strlen(errString);
+                errLen = PR_MIN(errLen, sizeof msgBuf - 1);
+                PORT_Memcpy(msgBuf, errString, errLen);
+                msgBuf[errLen] = 0;
+
+                iovs[numIOVs].iov_base = msgBuf;
+                iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                numIOVs++;
+            } else if (reqLen <= 0) { /* hit eof */
+                PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
+                             bufDat);
+
+                iovs[numIOVs].iov_base = msgBuf;
+                iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                numIOVs++;
+            } else if (reqLen < bufDat) {
+                PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
+                             bufDat - reqLen);
+
+                iovs[numIOVs].iov_base = msgBuf;
+                iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                numIOVs++;
+            }
+
+            if (reqLen > 0) {
+                if (verbose > 1)
+                    fwrite(buf, 1, reqLen, stdout); /* display it */
+
+                iovs[numIOVs].iov_base = buf;
+                iovs[numIOVs].iov_len = reqLen;
+                numIOVs++;
+            }
+
+            rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
+            if (rv < 0) {
+                errWarn("PR_Writev");
+                break;
+            }
+
+        } while (0);
+
+cleanup:
+    if (ssl_sock) {
+        PR_Close(ssl_sock);
+    } else if (tcp_sock) {
+        PR_Close(tcp_sock);
+    }
+    if (local_file_fd)
+        PR_Close(local_file_fd);
+    VLOG(("httpserv: handle_connection: exiting\n"));
+
+    /* do a nice shutdown if asked. */
+    if (!strncmp(buf, stopCmd, sizeof stopCmd - 1)) {
+        VLOG(("httpserv: handle_connection: stop command"));
+        stop_server();
+    }
+    VLOG(("httpserv: handle_connection: exiting"));
+    return SECSuccess; /* success */
+}
+
+#ifdef XP_UNIX
+
+void
+sigusr1_handler(int sig)
+{
+    VLOG(("httpserv: sigusr1_handler: stop server"));
+    stop_server();
+}
+
+#endif
+
+SECStatus
+do_accepts(
+    PRFileDesc *listen_sock,
+    PRFileDesc *model_sock,
+    int requestCert)
+{
+    PRNetAddr addr;
+    PRErrorCode perr;
+#ifdef XP_UNIX
+    struct sigaction act;
+#endif
+
+    VLOG(("httpserv: do_accepts: starting"));
+    PR_SetThreadPriority(PR_GetCurrentThread(), PR_PRIORITY_HIGH);
+
+    acceptorThread = PR_GetCurrentThread();
+#ifdef XP_UNIX
+    /* set up the signal handler */
+    act.sa_handler = sigusr1_handler;
+    sigemptyset(&act.sa_mask);
+    act.sa_flags = 0;
+    if (sigaction(SIGUSR1, &act, NULL)) {
+        fprintf(stderr, "Error installing signal handler.\n");
+        exit(1);
+    }
+#endif
+    while (!stopping) {
+        PRFileDesc *tcp_sock;
+        PRCList *myLink;
+
+        FPRINTF(stderr, "\n\n\nhttpserv: About to call accept.\n");
+        tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT);
+        if (tcp_sock == NULL) {
+            perr = PR_GetError();
+            if ((perr != PR_CONNECT_RESET_ERROR &&
+                 perr != PR_PENDING_INTERRUPT_ERROR) ||
+                verbose) {
+                errWarn("PR_Accept");
+            }
+            if (perr == PR_CONNECT_RESET_ERROR) {
+                FPRINTF(stderr,
+                        "Ignoring PR_CONNECT_RESET_ERROR error - continue\n");
+                continue;
+            }
+            stopping = 1;
+            break;
+        }
+
+        VLOG(("httpserv: do_accept: Got connection\n"));
+
+        PZ_Lock(qLock);
+        while (PR_CLIST_IS_EMPTY(&freeJobs) && !stopping) {
+            PZ_WaitCondVar(freeListNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
+        }
+        if (stopping) {
+            PZ_Unlock(qLock);
+            if (tcp_sock) {
+                PR_Close(tcp_sock);
+            }
+            break;
+        }
+        myLink = PR_LIST_HEAD(&freeJobs);
+        PR_REMOVE_AND_INIT_LINK(myLink);
+        /* could release qLock here and reaquire it 7 lines below, but
+        ** why bother for 4 assignment statements?
+        */
+        {
+            JOB *myJob = (JOB *)myLink;
+            myJob->tcp_sock = tcp_sock;
+            myJob->model_sock = model_sock;
+            myJob->requestCert = requestCert;
+        }
+
+        PR_APPEND_LINK(myLink, &jobQ);
+        PZ_NotifyCondVar(jobQNotEmptyCv);
+        PZ_Unlock(qLock);
+    }
+
+    FPRINTF(stderr, "httpserv: Closing listen socket.\n");
+    VLOG(("httpserv: do_accepts: exiting"));
+    if (listen_sock) {
+        PR_Close(listen_sock);
+    }
+    return SECSuccess;
+}
+
+PRFileDesc *
+getBoundListenSocket(unsigned short port)
+{
+    PRFileDesc *listen_sock;
+    int listenQueueDepth = 5 + (2 * maxThreads);
+    PRStatus prStatus;
+    PRNetAddr addr;
+    PRSocketOptionData opt;
+
+    addr.inet.family = PR_AF_INET;
+    addr.inet.ip = PR_INADDR_ANY;
+    addr.inet.port = PR_htons(port);
+
+    listen_sock = PR_NewTCPSocket();
+    if (listen_sock == NULL) {
+        errExit("PR_NewTCPSocket");
+    }
+
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    prStatus = PR_SetSocketOption(listen_sock, &opt);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
+    }
+
+    opt.option = PR_SockOpt_Reuseaddr;
+    opt.value.reuse_addr = PR_TRUE;
+    prStatus = PR_SetSocketOption(listen_sock, &opt);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)");
+    }
+
+#ifndef WIN95
+    /* Set PR_SockOpt_Linger because it helps prevent a server bind issue
+     * after clean shutdown . See bug 331413 .
+     * Don't do it in the WIN95 build configuration because clean shutdown is
+     * not implemented, and PR_SockOpt_Linger causes a hang in ssl.sh .
+     * See bug 332348 */
+    opt.option = PR_SockOpt_Linger;
+    opt.value.linger.polarity = PR_TRUE;
+    opt.value.linger.linger = PR_SecondsToInterval(1);
+    prStatus = PR_SetSocketOption(listen_sock, &opt);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_SetSocketOption(PR_SockOpt_Linger)");
+    }
+#endif
+
+    prStatus = PR_Bind(listen_sock, &addr);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_Bind");
+    }
+
+    prStatus = PR_Listen(listen_sock, listenQueueDepth);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_Listen");
+    }
+    return listen_sock;
+}
+
+void
+server_main(
+    PRFileDesc *listen_sock,
+    int requestCert,
+    SECKEYPrivateKey **privKey,
+    CERTCertificate **cert,
+    const char *expectedHostNameVal)
+{
+    PRFileDesc *model_sock = NULL;
+
+    /* Now, do the accepting, here in the main thread. */
+    do_accepts(listen_sock, model_sock, requestCert);
+
+    terminateWorkerThreads();
+
+    if (model_sock) {
+        PR_Close(model_sock);
+    }
+}
+
+int numChildren;
+PRProcess *child[MAX_PROCS];
+
+PRProcess *
+haveAChild(int argc, char **argv, PRProcessAttr *attr)
+{
+    PRProcess *newProcess;
+
+    newProcess = PR_CreateProcess(argv[0], argv, NULL, attr);
+    if (!newProcess) {
+        errWarn("Can't create new process.");
+    } else {
+        child[numChildren++] = newProcess;
+    }
+    return newProcess;
+}
+
+/* slightly adjusted version of ocsp_CreateCertID (not using issuer) */
+static CERTOCSPCertID *
+ocsp_CreateSelfCAID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
+{
+    CERTOCSPCertID *certID;
+    void *mark = PORT_ArenaMark(arena);
+    SECStatus rv;
+
+    PORT_Assert(arena != NULL);
+
+    certID = PORT_ArenaZNew(arena, CERTOCSPCertID);
+    if (certID == NULL) {
+        goto loser;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, &certID->hashAlgorithm, SEC_OID_SHA1,
+                               NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (CERT_GetSubjectNameDigest(arena, cert, SEC_OID_SHA1,
+                                  &(certID->issuerNameHash)) == NULL) {
+        goto loser;
+    }
+    certID->issuerSHA1NameHash.data = certID->issuerNameHash.data;
+    certID->issuerSHA1NameHash.len = certID->issuerNameHash.len;
+
+    if (CERT_GetSubjectNameDigest(arena, cert, SEC_OID_MD5,
+                                  &(certID->issuerMD5NameHash)) == NULL) {
+        goto loser;
+    }
+
+    if (CERT_GetSubjectNameDigest(arena, cert, SEC_OID_MD2,
+                                  &(certID->issuerMD2NameHash)) == NULL) {
+        goto loser;
+    }
+
+    if (CERT_GetSubjectPublicKeyDigest(arena, cert, SEC_OID_SHA1,
+                                       &certID->issuerKeyHash) == NULL) {
+        goto loser;
+    }
+    certID->issuerSHA1KeyHash.data = certID->issuerKeyHash.data;
+    certID->issuerSHA1KeyHash.len = certID->issuerKeyHash.len;
+    /* cache the other two hash algorithms as well */
+    if (CERT_GetSubjectPublicKeyDigest(arena, cert, SEC_OID_MD5,
+                                       &certID->issuerMD5KeyHash) == NULL) {
+        goto loser;
+    }
+    if (CERT_GetSubjectPublicKeyDigest(arena, cert, SEC_OID_MD2,
+                                       &certID->issuerMD2KeyHash) == NULL) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(arena, mark);
+    return certID;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+/* slightly adjusted version of CERT_CreateOCSPCertID */
+CERTOCSPCertID *
+cert_CreateSelfCAID(CERTCertificate *cert, PRTime time)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTOCSPCertID *certID;
+    PORT_Assert(arena != NULL);
+    if (!arena)
+        return NULL;
+
+    certID = ocsp_CreateSelfCAID(arena, cert, time);
+    if (!certID) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    certID->poolp = arena;
+    return certID;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName = NULL;
+    const char *dir = ".";
+    char *passwd = NULL;
+    char *pwfile = NULL;
+    const char *pidFile = NULL;
+    char *tmp;
+    PRFileDesc *listen_sock;
+    int optionsFound = 0;
+    unsigned short port = 0;
+    SECStatus rv;
+    PRStatus prStatus;
+    PRBool bindOnly = PR_FALSE;
+    PRBool useLocalThreads = PR_FALSE;
+    PLOptState *optstate;
+    PLOptStatus status;
+    char emptyString[] = { "" };
+    char *certPrefix = emptyString;
+    caRevoInfo *revoInfo = NULL;
+    PRCList *caRevoIter = NULL;
+    PRBool provideOcsp = PR_FALSE;
+
+    tmp = strrchr(argv[0], '/');
+    tmp = tmp ? tmp + 1 : argv[0];
+    progName = strrchr(tmp, '\\');
+    progName = progName ? progName + 1 : tmp;
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    /* please keep this list of options in ASCII collating sequence.
+    ** numbers, then capital letters, then lower case, alphabetical.
+    */
+    optstate = PL_CreateOptState(argc, argv,
+                                 "A:C:DO:P:bd:f:hi:p:t:vw:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        ++optionsFound;
+        switch (optstate->option) {
+            /* A first, must be followed by C. Any other order is an error.
+             * A creates the object. C completes and moves into list.
+             */
+            case 'A':
+                provideOcsp = PR_TRUE;
+                if (revoInfo) {
+                    Usage(progName);
+                    exit(0);
+                }
+                revoInfo = PORT_New(caRevoInfo);
+                revoInfo->nickname = PORT_Strdup(optstate->value);
+                break;
+            case 'C':
+                if (!revoInfo) {
+                    Usage(progName);
+                    exit(0);
+                }
+                revoInfo->crlFilename = PORT_Strdup(optstate->value);
+                if (!caRevoInfos) {
+                    PR_INIT_CLIST(&revoInfo->link);
+                    caRevoInfos = revoInfo;
+                } else {
+                    PR_APPEND_LINK(&revoInfo->link, &caRevoInfos->link);
+                }
+                revoInfo = NULL;
+                break;
+
+            case 'O':
+                if (!PL_strcasecmp(optstate->value, "all")) {
+                    ocspMethodsAllowed = ocspGetAndPost;
+                } else if (!PL_strcasecmp(optstate->value, "get")) {
+                    ocspMethodsAllowed = ocspGetOnly;
+                } else if (!PL_strcasecmp(optstate->value, "post")) {
+                    ocspMethodsAllowed = ocspPostOnly;
+                } else if (!PL_strcasecmp(optstate->value, "random")) {
+                    ocspMethodsAllowed = ocspRandomGetFailure;
+                } else if (!PL_strcasecmp(optstate->value, "get-unknown")) {
+                    ocspMethodsAllowed = ocspGetUnknown;
+                } else {
+                    Usage(progName);
+                    exit(0);
+                }
+                break;
+
+            case 'D':
+                noDelay = PR_TRUE;
+                break;
+
+            case 'P':
+                certPrefix = PORT_Strdup(optstate->value);
+                break;
+
+            case 'b':
+                bindOnly = PR_TRUE;
+                break;
+
+            case 'd':
+                dir = optstate->value;
+                break;
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = pwfile = PORT_Strdup(optstate->value);
+                break;
+
+            case 'h':
+                Usage(progName);
+                exit(0);
+                break;
+
+            case 'i':
+                pidFile = optstate->value;
+                break;
+
+            case 'p':
+                port = PORT_Atoi(optstate->value);
+                break;
+
+            case 't':
+                maxThreads = PORT_Atoi(optstate->value);
+                if (maxThreads > MAX_THREADS)
+                    maxThreads = MAX_THREADS;
+                if (maxThreads < MIN_THREADS)
+                    maxThreads = MIN_THREADS;
+                break;
+
+            case 'v':
+                verbose++;
+                break;
+
+            case 'w':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = passwd = PORT_Strdup(optstate->value);
+                break;
+
+            default:
+            case '?':
+                fprintf(stderr, "Unrecognized or bad option specified.\n");
+                fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+                exit(4);
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+    if (status == PL_OPT_BAD) {
+        fprintf(stderr, "Unrecognized or bad option specified.\n");
+        fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+        exit(5);
+    }
+    if (!optionsFound) {
+        Usage(progName);
+        exit(51);
+    }
+
+    /* The -b (bindOnly) option is only used by the ssl.sh test
+     * script on Linux to determine whether a previous httpserv
+     * process has fully died and freed the port.  (Bug 129701)
+     */
+    if (bindOnly) {
+        listen_sock = getBoundListenSocket(port);
+        if (!listen_sock) {
+            exit(1);
+        }
+        if (listen_sock) {
+            PR_Close(listen_sock);
+        }
+        exit(0);
+    }
+
+    if (port == 0) {
+        fprintf(stderr, "Required argument 'port' must be non-zero value\n");
+        exit(7);
+    }
+
+    if (pidFile) {
+        FILE *tmpfile = fopen(pidFile, "w+");
+
+        if (tmpfile) {
+            fprintf(tmpfile, "%d", getpid());
+            fclose(tmpfile);
+        }
+    }
+
+    tmp = PR_GetEnvSecure("TMP");
+    if (!tmp)
+        tmp = PR_GetEnvSecure("TMPDIR");
+    if (!tmp)
+        tmp = PR_GetEnvSecure("TEMP");
+    /* we're an ordinary single process server. */
+    listen_sock = getBoundListenSocket(port);
+    prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
+    if (prStatus != PR_SUCCESS)
+        errExit("PR_SetFDInheritable");
+
+    lm = PR_NewLogModule("TestCase");
+
+    /* set our password function */
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    if (provideOcsp) {
+        /* Call the NSS initialization routines */
+        rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
+        if (rv != SECSuccess) {
+            fputs("NSS_Init failed.\n", stderr);
+            exit(8);
+        }
+
+        if (caRevoInfos) {
+            caRevoIter = &caRevoInfos->link;
+            do {
+                PRFileDesc *inFile;
+                int rv = SECFailure;
+                SECItem crlDER;
+                crlDER.data = NULL;
+
+                revoInfo = (caRevoInfo *)caRevoIter;
+                revoInfo->cert = CERT_FindCertByNickname(
+                    CERT_GetDefaultCertDB(), revoInfo->nickname);
+                if (!revoInfo->cert) {
+                    fprintf(stderr, "cannot find cert with nickname %s\n",
+                            revoInfo->nickname);
+                    exit(1);
+                }
+                inFile = PR_Open(revoInfo->crlFilename, PR_RDONLY, 0);
+                if (inFile) {
+                    rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+                    PR_Close(inFile);
+                    inFile = NULL;
+                }
+                if (rv != SECSuccess) {
+                    fprintf(stderr, "unable to read crl file %s\n",
+                            revoInfo->crlFilename);
+                    exit(1);
+                }
+                revoInfo->crl =
+                    CERT_DecodeDERCrlWithFlags(NULL, &crlDER, SEC_CRL_TYPE,
+                                               CRL_DECODE_DEFAULT_OPTIONS);
+                SECITEM_FreeItem(&crlDER, PR_FALSE);
+                if (!revoInfo->crl) {
+                    fprintf(stderr, "unable to decode crl file %s\n",
+                            revoInfo->crlFilename);
+                    exit(1);
+                }
+                if (CERT_CompareName(&revoInfo->crl->crl.name,
+                                     &revoInfo->cert->subject) != SECEqual) {
+                    fprintf(stderr, "CRL %s doesn't match cert identified by preceding nickname %s\n",
+                            revoInfo->crlFilename, revoInfo->nickname);
+                    exit(1);
+                }
+                revoInfo->id = cert_CreateSelfCAID(revoInfo->cert, PR_Now());
+                caRevoIter = PR_NEXT_LINK(caRevoIter);
+            } while (caRevoIter != &caRevoInfos->link);
+        }
+    }
+
+    /* allocate the array of thread slots, and launch the worker threads. */
+    rv = launch_threads(&jobLoop, 0, 0, 0, useLocalThreads);
+
+    if (rv == SECSuccess) {
+        server_main(listen_sock, 0, 0, 0,
+                    0);
+    }
+
+    VLOG(("httpserv: server_thread: exiting"));
+
+    if (provideOcsp) {
+        if (caRevoInfos) {
+            PRCList *caRevoIter;
+
+            caRevoIter = &caRevoInfos->link;
+            do {
+                caRevoInfo *revoInfo = (caRevoInfo *)caRevoIter;
+                if (revoInfo->nickname)
+                    PORT_Free(revoInfo->nickname);
+                if (revoInfo->crlFilename)
+                    PORT_Free(revoInfo->crlFilename);
+                if (revoInfo->cert)
+                    CERT_DestroyCertificate(revoInfo->cert);
+                if (revoInfo->id)
+                    CERT_DestroyOCSPCertID(revoInfo->id);
+                if (revoInfo->crl)
+                    SEC_DestroyCrl(revoInfo->crl);
+
+                caRevoIter = PR_NEXT_LINK(caRevoIter);
+            } while (caRevoIter != &caRevoInfos->link);
+        }
+        if (NSS_Shutdown() != SECSuccess) {
+            SECU_PrintError(progName, "NSS_Shutdown");
+            PR_Cleanup();
+            exit(1);
+        }
+    }
+    if (passwd) {
+        PORT_Free(passwd);
+    }
+    if (pwfile) {
+        PORT_Free(pwfile);
+    }
+    if (certPrefix && certPrefix != emptyString) {
+        PORT_Free(certPrefix);
+    }
+    PR_Cleanup();
+    printf("httpserv: normal termination\n");
+    return 0;
+}
diff --git a/nss/cmd/httpserv/httpserv.gyp b/nss/cmd/httpserv/httpserv.gyp
new file mode 100644
index 0000000..0067066
--- /dev/null
+++ b/nss/cmd/httpserv/httpserv.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'httpserv',
+      'type': 'executable',
+      'sources': [
+        'httpserv.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/httpserv/manifest.mn b/nss/cmd/httpserv/manifest.mn
new file mode 100644
index 0000000..e969661
--- /dev/null
+++ b/nss/cmd/httpserv/manifest.mn
@@ -0,0 +1,20 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = httpserv.c
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+PROGRAM = httpserv
+
diff --git a/nss/cmd/lib/Makefile b/nss/cmd/lib/Makefile
new file mode 100644
index 0000000..0fb6c90
--- /dev/null
+++ b/nss/cmd/lib/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+
diff --git a/nss/cmd/lib/basicutil.c b/nss/cmd/lib/basicutil.c
new file mode 100644
index 0000000..8b491d7
--- /dev/null
+++ b/nss/cmd/lib/basicutil.c
@@ -0,0 +1,776 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+** secutil.c - various functions used by security stuff
+**
+*/
+
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+#include "prerror.h"
+#include "prprf.h"
+#include "plgetopt.h"
+#include "prenv.h"
+#include "prnetdb.h"
+
+#include "basicutil.h"
+#include <stdarg.h>
+#include <sys/stat.h>
+#include <errno.h>
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#endif
+
+#include "secoid.h"
+
+extern long DER_GetInteger(const SECItem *src);
+
+static PRBool wrapEnabled = PR_TRUE;
+
+void
+SECU_EnableWrap(PRBool enable)
+{
+    wrapEnabled = enable;
+}
+
+PRBool
+SECU_GetWrapEnabled(void)
+{
+    return wrapEnabled;
+}
+
+void
+SECU_PrintErrMsg(FILE *out, int level, const char *progName, const char *msg,
+                 ...)
+{
+    va_list args;
+    PRErrorCode err = PORT_GetError();
+    const char *errString = PORT_ErrorToString(err);
+
+    va_start(args, msg);
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s: ", progName);
+    vfprintf(out, msg, args);
+    if (errString != NULL && PORT_Strlen(errString) > 0)
+        fprintf(out, ": %s\n", errString);
+    else
+        fprintf(out, ": error %d\n", (int)err);
+
+    va_end(args);
+}
+
+void
+SECU_PrintError(const char *progName, const char *msg, ...)
+{
+    va_list args;
+    PRErrorCode err = PORT_GetError();
+    const char *errName = PR_ErrorToName(err);
+    const char *errString = PR_ErrorToString(err, 0);
+
+    va_start(args, msg);
+
+    fprintf(stderr, "%s: ", progName);
+    vfprintf(stderr, msg, args);
+
+    if (errName != NULL) {
+        fprintf(stderr, ": %s", errName);
+    } else {
+        fprintf(stderr, ": error %d", (int)err);
+    }
+
+    if (errString != NULL && PORT_Strlen(errString) > 0)
+        fprintf(stderr, ": %s\n", errString);
+
+    va_end(args);
+}
+
+void
+SECU_PrintSystemError(const char *progName, const char *msg, ...)
+{
+    va_list args;
+
+    va_start(args, msg);
+    fprintf(stderr, "%s: ", progName);
+    vfprintf(stderr, msg, args);
+    fprintf(stderr, ": %s\n", strerror(errno));
+    va_end(args);
+}
+
+SECStatus
+secu_StdinToItem(SECItem *dst)
+{
+    unsigned char buf[1000];
+    PRInt32 numBytes;
+    PRBool notDone = PR_TRUE;
+
+    dst->len = 0;
+    dst->data = NULL;
+
+    while (notDone) {
+        numBytes = PR_Read(PR_STDIN, buf, sizeof(buf));
+
+        if (numBytes < 0) {
+            return SECFailure;
+        }
+
+        if (numBytes == 0)
+            break;
+
+        if (dst->data) {
+            unsigned char *p = dst->data;
+            dst->data = (unsigned char *)PORT_Realloc(p, dst->len + numBytes);
+            if (!dst->data) {
+                PORT_Free(p);
+            }
+        } else {
+            dst->data = (unsigned char *)PORT_Alloc(numBytes);
+        }
+        if (!dst->data) {
+            return SECFailure;
+        }
+        PORT_Memcpy(dst->data + dst->len, buf, numBytes);
+        dst->len += numBytes;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SECU_FileToItem(SECItem *dst, PRFileDesc *src)
+{
+    PRFileInfo info;
+    PRInt32 numBytes;
+    PRStatus prStatus;
+
+    if (src == PR_STDIN)
+        return secu_StdinToItem(dst);
+
+    prStatus = PR_GetOpenFileInfo(src, &info);
+
+    if (prStatus != PR_SUCCESS) {
+        PORT_SetError(SEC_ERROR_IO);
+        return SECFailure;
+    }
+
+    /* XXX workaround for 3.1, not all utils zero dst before sending */
+    dst->data = 0;
+    if (!SECITEM_AllocItem(NULL, dst, info.size))
+        goto loser;
+
+    numBytes = PR_Read(src, dst->data, info.size);
+    if (numBytes != info.size) {
+        PORT_SetError(SEC_ERROR_IO);
+        goto loser;
+    }
+
+    return SECSuccess;
+loser:
+    SECITEM_FreeItem(dst, PR_FALSE);
+    dst->data = NULL;
+    return SECFailure;
+}
+
+SECStatus
+SECU_TextFileToItem(SECItem *dst, PRFileDesc *src)
+{
+    PRFileInfo info;
+    PRInt32 numBytes;
+    PRStatus prStatus;
+    unsigned char *buf;
+
+    if (src == PR_STDIN)
+        return secu_StdinToItem(dst);
+
+    prStatus = PR_GetOpenFileInfo(src, &info);
+
+    if (prStatus != PR_SUCCESS) {
+        PORT_SetError(SEC_ERROR_IO);
+        return SECFailure;
+    }
+
+    buf = (unsigned char *)PORT_Alloc(info.size);
+    if (!buf)
+        return SECFailure;
+
+    numBytes = PR_Read(src, buf, info.size);
+    if (numBytes != info.size) {
+        PORT_SetError(SEC_ERROR_IO);
+        goto loser;
+    }
+
+    if (buf[numBytes - 1] == '\n')
+        numBytes--;
+#ifdef _WINDOWS
+    if (buf[numBytes - 1] == '\r')
+        numBytes--;
+#endif
+
+    /* XXX workaround for 3.1, not all utils zero dst before sending */
+    dst->data = 0;
+    if (!SECITEM_AllocItem(NULL, dst, numBytes))
+        goto loser;
+
+    memcpy(dst->data, buf, numBytes);
+
+    PORT_Free(buf);
+    return SECSuccess;
+loser:
+    PORT_Free(buf);
+    return SECFailure;
+}
+
+#define INDENT_MULT 4
+void
+SECU_Indent(FILE *out, int level)
+{
+    int i;
+
+    for (i = 0; i < level; i++) {
+        fprintf(out, "    ");
+    }
+}
+
+void
+SECU_Newline(FILE *out)
+{
+    fprintf(out, "\n");
+}
+
+void
+SECU_PrintAsHex(FILE *out, const SECItem *data, const char *m, int level)
+{
+    unsigned i;
+    int column = 0;
+    PRBool isString = PR_TRUE;
+    PRBool isWhiteSpace = PR_TRUE;
+    PRBool printedHex = PR_FALSE;
+    unsigned int limit = 15;
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:", m);
+        level++;
+        if (wrapEnabled)
+            fprintf(out, "\n");
+    }
+
+    if (wrapEnabled) {
+        SECU_Indent(out, level);
+        column = level * INDENT_MULT;
+    }
+    if (!data->len) {
+        fprintf(out, "(empty)\n");
+        return;
+    }
+    /* take a pass to see if it's all printable. */
+    for (i = 0; i < data->len; i++) {
+        unsigned char val = data->data[i];
+        if (!val || !isprint(val)) {
+            isString = PR_FALSE;
+            break;
+        }
+        if (isWhiteSpace && !isspace(val)) {
+            isWhiteSpace = PR_FALSE;
+        }
+    }
+
+    /* Short values, such as bit strings (which are printed with this
+    ** function) often look like strings, but we want to see the bits.
+    ** so this test assures that short values will be printed in hex,
+    ** perhaps in addition to being printed as strings.
+    ** The threshold size (4 bytes) is arbitrary.
+    */
+    if (!isString || data->len <= 4) {
+        for (i = 0; i < data->len; i++) {
+            if (i != data->len - 1) {
+                fprintf(out, "%02x:", data->data[i]);
+                column += 3;
+            } else {
+                fprintf(out, "%02x", data->data[i]);
+                column += 2;
+                break;
+            }
+            if (wrapEnabled &&
+                (column > 76 || (i % 16 == limit))) {
+                SECU_Newline(out);
+                SECU_Indent(out, level);
+                column = level * INDENT_MULT;
+                limit = i % 16;
+            }
+        }
+        printedHex = PR_TRUE;
+    }
+    if (isString && !isWhiteSpace) {
+        if (printedHex != PR_FALSE) {
+            SECU_Newline(out);
+            SECU_Indent(out, level);
+            column = level * INDENT_MULT;
+        }
+        for (i = 0; i < data->len; i++) {
+            unsigned char val = data->data[i];
+
+            if (val) {
+                fprintf(out, "%c", val);
+                column++;
+            } else {
+                column = 77;
+            }
+            if (wrapEnabled && column > 76) {
+                SECU_Newline(out);
+                SECU_Indent(out, level);
+                column = level * INDENT_MULT;
+            }
+        }
+    }
+
+    if (column != level * INDENT_MULT) {
+        SECU_Newline(out);
+    }
+}
+
+const char *hex = "0123456789abcdef";
+
+const char printable[257] = {
+    "................"  /* 0x */
+    "................"  /* 1x */
+    " !\"#$%&'()*+,-./" /* 2x */
+    "0123456789:;<=>?"  /* 3x */
+    "@ABCDEFGHIJKLMNO"  /* 4x */
+    "PQRSTUVWXYZ[\\]^_" /* 5x */
+    "`abcdefghijklmno"  /* 6x */
+    "pqrstuvwxyz{|}~."  /* 7x */
+    "................"  /* 8x */
+    "................"  /* 9x */
+    "................"  /* ax */
+    "................"  /* bx */
+    "................"  /* cx */
+    "................"  /* dx */
+    "................"  /* ex */
+    "................"  /* fx */
+};
+
+void
+SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len)
+{
+    const unsigned char *cp = (const unsigned char *)vp;
+    char buf[80];
+    char *bp;
+    char *ap;
+
+    fprintf(out, "%s [Len: %d]\n", msg, len);
+    memset(buf, ' ', sizeof buf);
+    bp = buf;
+    ap = buf + 50;
+    while (--len >= 0) {
+        unsigned char ch = *cp++;
+        *bp++ = hex[(ch >> 4) & 0xf];
+        *bp++ = hex[ch & 0xf];
+        *bp++ = ' ';
+        *ap++ = printable[ch];
+        if (ap - buf >= 66) {
+            *ap = 0;
+            fprintf(out, "   %s\n", buf);
+            memset(buf, ' ', sizeof buf);
+            bp = buf;
+            ap = buf + 50;
+        }
+    }
+    if (bp > buf) {
+        *ap = 0;
+        fprintf(out, "   %s\n", buf);
+    }
+}
+
+/* This expents i->data[0] to be the MSB of the integer.
+** if you want to print a DER-encoded integer (with the tag and length)
+** call SECU_PrintEncodedInteger();
+*/
+void
+SECU_PrintInteger(FILE *out, const SECItem *i, const char *m, int level)
+{
+    int iv;
+
+    if (!i || !i->len || !i->data) {
+        SECU_Indent(out, level);
+        if (m) {
+            fprintf(out, "%s: (null)\n", m);
+        } else {
+            fprintf(out, "(null)\n");
+        }
+    } else if (i->len > 4) {
+        SECU_PrintAsHex(out, i, m, level);
+    } else {
+        if (i->type == siUnsignedInteger && *i->data & 0x80) {
+            /* Make sure i->data has zero in the highest bite
+             * if i->data is an unsigned integer */
+            SECItem tmpI;
+            char data[] = { 0, 0, 0, 0, 0 };
+
+            PORT_Memcpy(data + 1, i->data, i->len);
+            tmpI.len = i->len + 1;
+            tmpI.data = (void *)data;
+
+            iv = DER_GetInteger(&tmpI);
+        } else {
+            iv = DER_GetInteger(i);
+        }
+        SECU_Indent(out, level);
+        if (m) {
+            fprintf(out, "%s: %d (0x%x)\n", m, iv, iv);
+        } else {
+            fprintf(out, "%d (0x%x)\n", iv, iv);
+        }
+    }
+}
+
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1]  */
+static PRBool
+HasShortDuplicate(int i, secuCommandFlag *a, int count)
+{
+    char target = a[i].flag;
+    int j;
+
+    /* duplicate '\0' flags are okay, they are used with long forms */
+    for (j = i + 1; j < count; j++) {
+        if (a[j].flag && a[j].flag == target) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */
+static PRBool
+HasLongDuplicate(int i, secuCommandFlag *a, int count)
+{
+    int j;
+    char *target = a[i].longform;
+
+    if (!target)
+        return PR_FALSE;
+
+    for (j = i + 1; j < count; j++) {
+        if (a[j].longform && strcmp(a[j].longform, target) == 0) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+/* Returns true iff a has no short or long form duplicates
+ */
+PRBool
+HasNoDuplicates(secuCommandFlag *a, int count)
+{
+    int i;
+
+    for (i = 0; i < count; i++) {
+        if (a[i].flag && HasShortDuplicate(i, a, count)) {
+            return PR_FALSE;
+        }
+        if (a[i].longform && HasLongDuplicate(i, a, count)) {
+            return PR_FALSE;
+        }
+    }
+    return PR_TRUE;
+}
+#endif
+
+SECStatus
+SECU_ParseCommandLine(int argc, char **argv, char *progName,
+                      const secuCommand *cmd)
+{
+    PRBool found;
+    PLOptState *optstate;
+    PLOptStatus status;
+    char *optstring;
+    PLLongOpt *longopts = NULL;
+    int i, j;
+    int lcmd = 0, lopt = 0;
+
+    PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands));
+    PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions));
+
+    optstring = (char *)PORT_Alloc(cmd->numCommands + 2 * cmd->numOptions + 1);
+    if (optstring == NULL)
+        return SECFailure;
+
+    j = 0;
+    for (i = 0; i < cmd->numCommands; i++) {
+        if (cmd->commands[i].flag) /* single character option ? */
+            optstring[j++] = cmd->commands[i].flag;
+        if (cmd->commands[i].longform)
+            lcmd++;
+    }
+    for (i = 0; i < cmd->numOptions; i++) {
+        if (cmd->options[i].flag) {
+            optstring[j++] = cmd->options[i].flag;
+            if (cmd->options[i].needsArg)
+                optstring[j++] = ':';
+        }
+        if (cmd->options[i].longform)
+            lopt++;
+    }
+
+    optstring[j] = '\0';
+
+    if (lcmd + lopt > 0) {
+        longopts = PORT_NewArray(PLLongOpt, lcmd + lopt + 1);
+        if (!longopts) {
+            PORT_Free(optstring);
+            return SECFailure;
+        }
+
+        j = 0;
+        for (i = 0; j < lcmd && i < cmd->numCommands; i++) {
+            if (cmd->commands[i].longform) {
+                longopts[j].longOptName = cmd->commands[i].longform;
+                longopts[j].longOption = 0;
+                longopts[j++].valueRequired = cmd->commands[i].needsArg;
+            }
+        }
+        lopt += lcmd;
+        for (i = 0; j < lopt && i < cmd->numOptions; i++) {
+            if (cmd->options[i].longform) {
+                longopts[j].longOptName = cmd->options[i].longform;
+                longopts[j].longOption = 0;
+                longopts[j++].valueRequired = cmd->options[i].needsArg;
+            }
+        }
+        longopts[j].longOptName = NULL;
+    }
+
+    optstate = PL_CreateLongOptState(argc, argv, optstring, longopts);
+    if (!optstate) {
+        PORT_Free(optstring);
+        PORT_Free(longopts);
+        return SECFailure;
+    }
+    /* Parse command line arguments */
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        const char *optstatelong;
+        char option = optstate->option;
+
+        /*  positional parameter, single-char option or long opt? */
+        if (optstate->longOptIndex == -1) {
+            /* not a long opt */
+            if (option == '\0')
+                continue; /* it's a positional parameter */
+            optstatelong = "";
+        } else {
+            /* long opt */
+            if (option == '\0')
+                option = '\377'; /* force unequal with all flags */
+            optstatelong = longopts[optstate->longOptIndex].longOptName;
+        }
+
+        found = PR_FALSE;
+
+        for (i = 0; i < cmd->numCommands; i++) {
+            if (cmd->commands[i].flag == option ||
+                cmd->commands[i].longform == optstatelong) {
+                cmd->commands[i].activated = PR_TRUE;
+                if (optstate->value) {
+                    cmd->commands[i].arg = (char *)optstate->value;
+                }
+                found = PR_TRUE;
+                break;
+            }
+        }
+
+        if (found)
+            continue;
+
+        for (i = 0; i < cmd->numOptions; i++) {
+            if (cmd->options[i].flag == option ||
+                cmd->options[i].longform == optstatelong) {
+                cmd->options[i].activated = PR_TRUE;
+                if (optstate->value) {
+                    cmd->options[i].arg = (char *)optstate->value;
+                } else if (cmd->options[i].needsArg) {
+                    status = PL_OPT_BAD;
+                    goto loser;
+                }
+                found = PR_TRUE;
+                break;
+            }
+        }
+
+        if (!found) {
+            status = PL_OPT_BAD;
+            break;
+        }
+    }
+
+loser:
+    PL_DestroyOptState(optstate);
+    PORT_Free(optstring);
+    if (longopts)
+        PORT_Free(longopts);
+    if (status == PL_OPT_BAD)
+        return SECFailure;
+    return SECSuccess;
+}
+
+char *
+SECU_GetOptionArg(const secuCommand *cmd, int optionNum)
+{
+    if (optionNum < 0 || optionNum >= cmd->numOptions)
+        return NULL;
+    if (cmd->options[optionNum].activated)
+        return PL_strdup(cmd->options[optionNum].arg);
+    else
+        return NULL;
+}
+
+void
+SECU_PrintPRandOSError(const char *progName)
+{
+    char buffer[513];
+    PRInt32 errLen = PR_GetErrorTextLength();
+    if (errLen > 0 && errLen < sizeof buffer) {
+        PR_GetErrorText(buffer);
+    }
+    SECU_PrintError(progName, "function failed");
+    if (errLen > 0 && errLen < sizeof buffer) {
+        PR_fprintf(PR_STDERR, "\t%s\n", buffer);
+    }
+}
+
+SECOidTag
+SECU_StringToSignatureAlgTag(const char *alg)
+{
+    SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
+
+    if (alg) {
+        if (!PL_strcmp(alg, "MD2")) {
+            hashAlgTag = SEC_OID_MD2;
+        } else if (!PL_strcmp(alg, "MD4")) {
+            hashAlgTag = SEC_OID_MD4;
+        } else if (!PL_strcmp(alg, "MD5")) {
+            hashAlgTag = SEC_OID_MD5;
+        } else if (!PL_strcmp(alg, "SHA1")) {
+            hashAlgTag = SEC_OID_SHA1;
+        } else if (!PL_strcmp(alg, "SHA224")) {
+            hashAlgTag = SEC_OID_SHA224;
+        } else if (!PL_strcmp(alg, "SHA256")) {
+            hashAlgTag = SEC_OID_SHA256;
+        } else if (!PL_strcmp(alg, "SHA384")) {
+            hashAlgTag = SEC_OID_SHA384;
+        } else if (!PL_strcmp(alg, "SHA512")) {
+            hashAlgTag = SEC_OID_SHA512;
+        }
+    }
+    return hashAlgTag;
+}
+
+/* Caller ensures that dst is at least item->len*2+1 bytes long */
+void
+SECU_SECItemToHex(const SECItem *item, char *dst)
+{
+    if (dst && item && item->data) {
+        unsigned char *src = item->data;
+        unsigned int len = item->len;
+        for (; len > 0; --len, dst += 2) {
+            sprintf(dst, "%02x", *src++);
+        }
+        *dst = '\0';
+    }
+}
+
+static unsigned char
+nibble(char c)
+{
+    c = PORT_Tolower(c);
+    return (c >= '0' && c <= '9') ? c - '0' : (c >= 'a' && c <= 'f') ? c - 'a' + 10 : -1;
+}
+
+SECStatus
+SECU_SECItemHexStringToBinary(SECItem *srcdest)
+{
+    unsigned int i;
+
+    if (!srcdest) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (srcdest->len < 4 || (srcdest->len % 2)) {
+        /* too short to convert, or even number of characters */
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    if (PORT_Strncasecmp((const char *)srcdest->data, "0x", 2)) {
+        /* wrong prefix */
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+
+    /* 1st pass to check for hex characters */
+    for (i = 2; i < srcdest->len; i++) {
+        char c = PORT_Tolower(srcdest->data[i]);
+        if (!((c >= '0' && c <= '9') ||
+              (c >= 'a' && c <= 'f'))) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+    }
+
+    /* 2nd pass to convert */
+    for (i = 2; i < srcdest->len; i += 2) {
+        srcdest->data[(i - 2) / 2] = (nibble(srcdest->data[i]) << 4) +
+                                     nibble(srcdest->data[i + 1]);
+    }
+
+    /* adjust length */
+    srcdest->len -= 2;
+    srcdest->len /= 2;
+    return SECSuccess;
+}
+
+SECItem *
+SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
+{
+    int i = 0;
+    int byteval = 0;
+    int tmp = PORT_Strlen(str);
+
+    PORT_Assert(arena);
+    PORT_Assert(item);
+
+    if ((tmp % 2) != 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    item = SECITEM_AllocItem(arena, item, tmp / 2);
+    if (item == NULL) {
+        return NULL;
+    }
+
+    while (str[i]) {
+        if ((str[i] >= '0') && (str[i] <= '9')) {
+            tmp = str[i] - '0';
+        } else if ((str[i] >= 'a') && (str[i] <= 'f')) {
+            tmp = str[i] - 'a' + 10;
+        } else if ((str[i] >= 'A') && (str[i] <= 'F')) {
+            tmp = str[i] - 'A' + 10;
+        } else {
+            /* item is in arena and gets freed by the caller */
+            return NULL;
+        }
+
+        byteval = byteval * 16 + tmp;
+        if ((i % 2) != 0) {
+            item->data[i / 2] = byteval;
+            byteval = 0;
+        }
+        i++;
+    }
+
+    return item;
+}
diff --git a/nss/cmd/lib/basicutil.h b/nss/cmd/lib/basicutil.h
new file mode 100644
index 0000000..4b3d5ff
--- /dev/null
+++ b/nss/cmd/lib/basicutil.h
@@ -0,0 +1,138 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _BASIC_UTILS_H_
+#define _BASIC_UTILS_H_
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secoidt.h"
+#include "secport.h"
+#include "prerror.h"
+#include "base64.h"
+#include "secasn1.h"
+#include "secder.h"
+#include <stdio.h>
+
+#ifdef SECUTIL_NEW
+typedef int (*SECU_PPFunc)(PRFileDesc *out, SECItem *item,
+                           char *msg, int level);
+#else
+typedef int (*SECU_PPFunc)(FILE *out, SECItem *item, char *msg, int level);
+#endif
+
+/* print out an error message */
+extern void SECU_PrintError(const char *progName, const char *msg, ...);
+
+/* print out a system error message */
+extern void SECU_PrintSystemError(const char *progName, const char *msg, ...);
+
+/* print a formatted error message */
+extern void SECU_PrintErrMsg(FILE *out, int level, const char *progName,
+                             const char *msg, ...);
+
+/* Read the contents of a file into a SECItem */
+extern SECStatus SECU_FileToItem(SECItem *dst, PRFileDesc *src);
+extern SECStatus SECU_TextFileToItem(SECItem *dst, PRFileDesc *src);
+
+/* Indent based on "level" */
+extern void SECU_Indent(FILE *out, int level);
+
+/* Print a newline to out */
+extern void SECU_Newline(FILE *out);
+
+/* Print integer value and hex */
+extern void SECU_PrintInteger(FILE *out, const SECItem *i, const char *m,
+                              int level);
+
+/* Print SECItem as hex */
+extern void SECU_PrintAsHex(FILE *out, const SECItem *i, const char *m,
+                            int level);
+
+/* dump a buffer in hex and ASCII */
+extern void SECU_PrintBuf(FILE *out, const char *msg, const void *vp, int len);
+
+#ifdef HAVE_EPV_TEMPLATE
+/* Dump contents of private key */
+extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
+#endif
+
+/* Init PKCS11 stuff */
+extern SECStatus SECU_PKCS11Init(PRBool readOnly);
+
+/* Dump contents of signed data */
+extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+                                int level, SECU_PPFunc inner);
+
+extern void SECU_PrintString(FILE *out, const SECItem *si, const char *m,
+                             int level);
+extern void SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level);
+
+extern void SECU_PrintPRandOSError(const char *progName);
+
+/* Caller ensures that dst is at least item->len*2+1 bytes long */
+void
+SECU_SECItemToHex(const SECItem *item, char *dst);
+
+/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if
+ * successful */
+SECStatus
+SECU_SECItemHexStringToBinary(SECItem *srcdest);
+
+/*
+** Read a hex string into a SecItem.
+*/
+extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item,
+                                       const char *str);
+
+/*
+ *
+ *  Utilities for parsing security tools command lines
+ *
+ */
+
+/*  A single command flag  */
+typedef struct {
+    char flag;
+    PRBool needsArg;
+    char *arg;
+    PRBool activated;
+    char *longform;
+} secuCommandFlag;
+
+/*  A full array of command/option flags  */
+typedef struct
+{
+    int numCommands;
+    int numOptions;
+
+    secuCommandFlag *commands;
+    secuCommandFlag *options;
+} secuCommand;
+
+/*  fill the "arg" and "activated" fields for each flag  */
+SECStatus
+SECU_ParseCommandLine(int argc, char **argv, char *progName,
+                      const secuCommand *cmd);
+char *
+SECU_GetOptionArg(const secuCommand *cmd, int optionNum);
+
+/*
+ *
+ *  Error messaging
+ *
+ */
+
+void printflags(char *trusts, unsigned int flags);
+
+#if !defined(XP_UNIX) && !defined(XP_OS2)
+extern int ffs(unsigned int i);
+#endif
+
+#include "secerr.h"
+
+extern const char *hex;
+extern const char printable[];
+
+#endif /* _BASIC_UTILS_H_ */
diff --git a/nss/cmd/lib/berparse.c b/nss/cmd/lib/berparse.c
new file mode 100644
index 0000000..8cd1eba
--- /dev/null
+++ b/nss/cmd/lib/berparse.c
@@ -0,0 +1,388 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "secutil.h"
+
+typedef enum {
+    tagDone,
+    lengthDone,
+    leafDone,
+    compositeDone,
+    notDone,
+    parseError,
+    parseComplete
+} ParseState;
+
+typedef unsigned char Byte;
+typedef void (*ParseProc)(BERParse *h, unsigned char **buf, int *len);
+typedef struct {
+    SECArb arb;
+    int pos; /* length from global start to item start */
+    SECArb *parent;
+} ParseStackElem;
+
+struct BERParseStr {
+    PLArenaPool *his;
+    PLArenaPool *mine;
+    ParseProc proc;
+    int stackDepth;
+    ParseStackElem *stackPtr;
+    ParseStackElem *stack;
+    int pending; /* bytes remaining to complete this part */
+    int pos;     /* running length of consumed characters */
+    ParseState state;
+    PRBool keepLeaves;
+    PRBool derOnly;
+    BERFilterProc filter;
+    void *filterArg;
+    BERNotifyProc before;
+    void *beforeArg;
+    BERNotifyProc after;
+    void *afterArg;
+};
+
+#define UNKNOWN -1
+
+static unsigned char
+NextChar(BERParse *h, unsigned char **buf, int *len)
+{
+    unsigned char c = *(*buf)++;
+    (*len)--;
+    h->pos++;
+    if (h->filter)
+        (*h->filter)(h->filterArg, &c, 1);
+    return c;
+}
+
+static void
+ParseTag(BERParse *h, unsigned char **buf, int *len)
+{
+    SECArb *arb = &(h->stackPtr->arb);
+    arb->tag = NextChar(h, buf, len);
+
+    PORT_Assert(h->state == notDone);
+
+    /*
+     * NOTE: This does not handle the high-tag-number form
+     */
+    if ((arb->tag & DER_HIGH_TAG_NUMBER) == DER_HIGH_TAG_NUMBER) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        h->state = parseError;
+        return;
+    }
+
+    h->pending = UNKNOWN;
+    arb->length = UNKNOWN;
+    if (arb->tag & DER_CONSTRUCTED) {
+        arb->body.cons.numSubs = 0;
+        arb->body.cons.subs = NULL;
+    } else {
+        arb->body.item.len = UNKNOWN;
+        arb->body.item.data = NULL;
+    }
+
+    h->state = tagDone;
+}
+
+static void
+ParseLength(BERParse *h, unsigned char **buf, int *len)
+{
+    Byte b;
+    SECArb *arb = &(h->stackPtr->arb);
+
+    PORT_Assert(h->state == notDone);
+
+    if (h->pending == UNKNOWN) {
+        b = NextChar(h, buf, len);
+        if ((b & 0x80) == 0) { /* short form */
+            arb->length = b;
+            /*
+             * if the tag and the length are both zero bytes, then this
+             * should be the marker showing end of list for the
+             * indefinite length composite
+             */
+            if (arb->length == 0 && arb->tag == 0)
+                h->state = compositeDone;
+            else
+                h->state = lengthDone;
+            return;
+        }
+
+        h->pending = b & 0x7f;
+        /* 0 implies this is an indefinite length */
+        if (h->pending > 4) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            h->state = parseError;
+            return;
+        }
+        arb->length = 0;
+    }
+
+    while ((*len > 0) && (h->pending > 0)) {
+        b = NextChar(h, buf, len);
+        arb->length = (arb->length << 8) + b;
+        h->pending--;
+    }
+    if (h->pending == 0) {
+        if (h->derOnly && (arb->length == 0))
+            h->state = parseError;
+        else
+            h->state = lengthDone;
+    }
+    return;
+}
+
+static void
+ParseLeaf(BERParse *h, unsigned char **buf, int *len)
+{
+    int count;
+    SECArb *arb = &(h->stackPtr->arb);
+
+    PORT_Assert(h->state == notDone);
+    PORT_Assert(h->pending >= 0);
+
+    if (*len < h->pending)
+        count = *len;
+    else
+        count = h->pending;
+
+    if (h->keepLeaves)
+        memcpy(arb->body.item.data + arb->body.item.len, *buf, count);
+    if (h->filter)
+        (*h->filter)(h->filterArg, *buf, count);
+    *buf += count;
+    *len -= count;
+    arb->body.item.len += count;
+    h->pending -= count;
+    h->pos += count;
+    if (h->pending == 0) {
+        h->state = leafDone;
+    }
+    return;
+}
+
+static void
+CreateArbNode(BERParse *h)
+{
+    SECArb *arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
+
+    *arb = h->stackPtr->arb;
+
+    /*
+     * Special case closing the root
+     */
+    if (h->stackPtr == h->stack) {
+        PORT_Assert(arb->tag & DER_CONSTRUCTED);
+        h->state = parseComplete;
+    } else {
+        SECArb *parent = h->stackPtr->parent;
+        parent->body.cons.subs = DS_ArenaGrow(
+            h->his, parent->body.cons.subs,
+            (parent->body.cons.numSubs) * sizeof(SECArb *),
+            (parent->body.cons.numSubs + 1) * sizeof(SECArb *));
+        parent->body.cons.subs[parent->body.cons.numSubs] = arb;
+        parent->body.cons.numSubs++;
+        h->proc = ParseTag;
+        h->state = notDone;
+        h->pending = UNKNOWN;
+    }
+    if (h->after)
+        (*h->after)(h->afterArg, arb, h->stackPtr - h->stack, PR_FALSE);
+}
+
+SECStatus
+BER_ParseSome(BERParse *h, unsigned char *buf, int len)
+{
+    if (h->state == parseError)
+        return PR_TRUE;
+
+    while (len) {
+        (*h->proc)(h, &buf, &len);
+        if (h->state == parseComplete) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            h->state = parseError;
+            return PR_TRUE;
+        }
+        if (h->state == parseError)
+            return PR_TRUE;
+        PORT_Assert(h->state != parseComplete);
+
+        if (h->state <= compositeDone) {
+            if (h->proc == ParseTag) {
+                PORT_Assert(h->state == tagDone);
+                h->proc = ParseLength;
+                h->state = notDone;
+            } else if (h->proc == ParseLength) {
+                SECArb *arb = &(h->stackPtr->arb);
+                PORT_Assert(h->state == lengthDone || h->state == compositeDone);
+
+                if (h->before)
+                    (*h->before)(h->beforeArg, arb,
+                                 h->stackPtr - h->stack, PR_TRUE);
+
+                /*
+                 * Check to see if this is the end of an indefinite
+                 * length composite
+                 */
+                if (h->state == compositeDone) {
+                    SECArb *parent = h->stackPtr->parent;
+                    PORT_Assert(parent);
+                    PORT_Assert(parent->tag & DER_CONSTRUCTED);
+                    if (parent->length != 0) {
+                        PORT_SetError(SEC_ERROR_BAD_DER);
+                        h->state = parseError;
+                        return PR_TRUE;
+                    }
+                    /*
+                     * NOTE: This does not check for an indefinite length
+                     * composite being contained inside a definite length
+                     * composite. It is not clear that is legal.
+                     */
+                    h->stackPtr--;
+                    CreateArbNode(h);
+                } else {
+                    h->stackPtr->pos = h->pos;
+
+                    if (arb->tag & DER_CONSTRUCTED) {
+                        SECArb *parent;
+                        /*
+                         * Make sure there is room on the stack before we
+                         * stick anything else there.
+                         */
+                        PORT_Assert(h->stackPtr - h->stack < h->stackDepth);
+                        if (h->stackPtr - h->stack == h->stackDepth - 1) {
+                            int newDepth = h->stackDepth * 2;
+                            h->stack = DS_ArenaGrow(h->mine, h->stack,
+                                                    sizeof(ParseStackElem) *
+                                                        h->stackDepth,
+                                                    sizeof(ParseStackElem) *
+                                                        newDepth);
+                            h->stackPtr = h->stack + h->stackDepth + 1;
+                            h->stackDepth = newDepth;
+                        }
+                        parent = &(h->stackPtr->arb);
+                        h->stackPtr++;
+                        h->stackPtr->parent = parent;
+                        h->proc = ParseTag;
+                        h->state = notDone;
+                        h->pending = UNKNOWN;
+                    } else {
+                        if (arb->length < 0) {
+                            PORT_SetError(SEC_ERROR_BAD_DER);
+                            h->state = parseError;
+                            return PR_TRUE;
+                        }
+                        arb->body.item.len = 0;
+                        if (arb->length > 0 && h->keepLeaves) {
+                            arb->body.item.data =
+                                PORT_ArenaAlloc(h->his, arb->length);
+                        } else {
+                            arb->body.item.data = NULL;
+                        }
+                        h->proc = ParseLeaf;
+                        h->state = notDone;
+                        h->pending = arb->length;
+                    }
+                }
+            } else {
+                ParseStackElem *parent;
+                PORT_Assert(h->state = leafDone);
+                PORT_Assert(h->proc == ParseLeaf);
+
+                for (;;) {
+                    CreateArbNode(h);
+                    if (h->stackPtr == h->stack)
+                        break;
+                    parent = (h->stackPtr - 1);
+                    PORT_Assert(parent->arb.tag & DER_CONSTRUCTED);
+                    if (parent->arb.length == 0) /* need explicit end */
+                        break;
+                    if (parent->pos + parent->arb.length > h->pos)
+                        break;
+                    if (parent->pos + parent->arb.length < h->pos) {
+                        PORT_SetError(SEC_ERROR_BAD_DER);
+                        h->state = parseError;
+                        return PR_TRUE;
+                    }
+                    h->stackPtr = parent;
+                }
+            }
+        }
+    }
+    return PR_FALSE;
+}
+BERParse *
+BER_ParseInit(PLArenaPool *arena, PRBool derOnly)
+{
+    BERParse *h;
+    PLArenaPool *temp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (temp == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    h = PORT_ArenaAlloc(temp, sizeof(BERParse));
+    if (h == NULL) {
+        PORT_FreeArena(temp, PR_FALSE);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    h->his = arena;
+    h->mine = temp;
+    h->proc = ParseTag;
+    h->stackDepth = 20;
+    h->stack = PORT_ArenaZAlloc(h->mine,
+                                sizeof(ParseStackElem) * h->stackDepth);
+    h->stackPtr = h->stack;
+    h->state = notDone;
+    h->pos = 0;
+    h->keepLeaves = PR_TRUE;
+    h->before = NULL;
+    h->after = NULL;
+    h->filter = NULL;
+    h->derOnly = derOnly;
+    return h;
+}
+
+SECArb *
+BER_ParseFini(BERParse *h)
+{
+    PLArenaPool *myArena = h->mine;
+    SECArb *arb;
+
+    if (h->state != parseComplete) {
+        arb = NULL;
+    } else {
+        arb = PORT_ArenaAlloc(h->his, sizeof(SECArb));
+        *arb = h->stackPtr->arb;
+    }
+
+    PORT_FreeArena(myArena, PR_FALSE);
+
+    return arb;
+}
+
+void
+BER_SetFilter(BERParse *h, BERFilterProc proc, void *instance)
+{
+    h->filter = proc;
+    h->filterArg = instance;
+}
+
+void
+BER_SetLeafStorage(BERParse *h, PRBool keep)
+{
+    h->keepLeaves = keep;
+}
+
+void
+BER_SetNotifyProc(BERParse *h, BERNotifyProc proc, void *instance,
+                  PRBool beforeData)
+{
+    if (beforeData) {
+        h->before = proc;
+        h->beforeArg = instance;
+    } else {
+        h->after = proc;
+        h->afterArg = instance;
+    }
+}
diff --git a/nss/cmd/lib/config.mk b/nss/cmd/lib/config.mk
new file mode 100644
index 0000000..b8c03de
--- /dev/null
+++ b/nss/cmd/lib/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/cmd/lib/derprint.c b/nss/cmd/lib/derprint.c
new file mode 100644
index 0000000..08ef66d
--- /dev/null
+++ b/nss/cmd/lib/derprint.c
@@ -0,0 +1,594 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "secutil.h"
+#include "secoid.h"
+
+#ifdef __sun
+extern int fprintf(FILE *strm, const char *format, ... /* args */);
+extern int fflush(FILE *stream);
+#endif
+
+#define RIGHT_MARGIN 24
+/*#define RAW_BYTES 1 */
+
+static int prettyColumn = 0;
+
+static int
+getInteger256(const unsigned char *data, unsigned int nb)
+{
+    int val;
+
+    switch (nb) {
+        case 1:
+            val = data[0];
+            break;
+        case 2:
+            val = (data[0] << 8) | data[1];
+            break;
+        case 3:
+            val = (data[0] << 16) | (data[1] << 8) | data[2];
+            break;
+        case 4:
+            /* If the most significant bit of data[0] is 1, val would be negative.
+             * Treat it as an error.
+             */
+            if (data[0] & 0x80) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                return -1;
+            }
+            val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            return -1;
+    }
+
+    return val;
+}
+
+static int
+prettyNewline(FILE *out)
+{
+    int rv;
+
+    if (prettyColumn != -1) {
+        rv = fprintf(out, "\n");
+        prettyColumn = -1;
+        if (rv < 0) {
+            PORT_SetError(SEC_ERROR_IO);
+            return rv;
+        }
+    }
+    return 0;
+}
+
+static int
+prettyIndent(FILE *out, unsigned level)
+{
+    unsigned int i;
+    int rv;
+
+    if (prettyColumn == -1) {
+        prettyColumn = level;
+        for (i = 0; i < level; i++) {
+            rv = fprintf(out, "   ");
+            if (rv < 0) {
+                PORT_SetError(SEC_ERROR_IO);
+                return rv;
+            }
+        }
+    }
+
+    return 0;
+}
+
+static int
+prettyPrintByte(FILE *out, unsigned char item, unsigned int level)
+{
+    int rv;
+
+    rv = prettyIndent(out, level);
+    if (rv < 0)
+        return rv;
+
+    rv = fprintf(out, "%02x ", item);
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    prettyColumn++;
+    if (prettyColumn >= RIGHT_MARGIN) {
+        return prettyNewline(out);
+    }
+
+    return 0;
+}
+
+static int
+prettyPrintLeaf(FILE *out, const unsigned char *data,
+                unsigned int len, unsigned int lv)
+{
+    unsigned int i;
+    int rv;
+
+    for (i = 0; i < len; i++) {
+        rv = prettyPrintByte(out, *data++, lv);
+        if (rv < 0)
+            return rv;
+    }
+    return prettyNewline(out);
+}
+
+static int
+prettyPrintStringStart(FILE *out, const unsigned char *str,
+                       unsigned int len, unsigned int level)
+{
+#define BUF_SIZE 100
+    unsigned char buf[BUF_SIZE];
+    int rv;
+
+    if (len >= BUF_SIZE)
+        len = BUF_SIZE - 1;
+
+    rv = prettyNewline(out);
+    if (rv < 0)
+        return rv;
+
+    rv = prettyIndent(out, level);
+    if (rv < 0)
+        return rv;
+
+    memcpy(buf, str, len);
+    buf[len] = '\000';
+
+    rv = fprintf(out, "\"%s\"", buf);
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    return 0;
+#undef BUF_SIZE
+}
+
+static int
+prettyPrintString(FILE *out, const unsigned char *str,
+                  unsigned int len, unsigned int level, PRBool raw)
+{
+    int rv;
+
+    rv = prettyPrintStringStart(out, str, len, level);
+    if (rv < 0)
+        return rv;
+
+    rv = prettyNewline(out);
+    if (rv < 0)
+        return rv;
+
+    if (raw) {
+        rv = prettyPrintLeaf(out, str, len, level);
+        if (rv < 0)
+            return rv;
+    }
+
+    return 0;
+}
+
+static int
+prettyPrintTime(FILE *out, const unsigned char *str,
+                unsigned int len, unsigned int level, PRBool raw, PRBool utc)
+{
+    SECItem time_item;
+    int rv;
+
+    rv = prettyPrintStringStart(out, str, len, level);
+    if (rv < 0)
+        return rv;
+
+    time_item.data = (unsigned char *)str;
+    time_item.len = len;
+
+    rv = fprintf(out, " (");
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    if (utc)
+        SECU_PrintUTCTime(out, &time_item, NULL, 0);
+    else
+        SECU_PrintGeneralizedTime(out, &time_item, NULL, 0);
+
+    rv = fprintf(out, ")");
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    rv = prettyNewline(out);
+    if (rv < 0)
+        return rv;
+
+    if (raw) {
+        rv = prettyPrintLeaf(out, str, len, level);
+        if (rv < 0)
+            return rv;
+    }
+
+    return 0;
+}
+
+static int
+prettyPrintObjectID(FILE *out, const unsigned char *data,
+                    unsigned int len, unsigned int level, PRBool raw)
+{
+    SECOidData *oiddata;
+    SECItem oiditem;
+    unsigned int i;
+    unsigned long val;
+    int rv;
+
+    /*
+     * First print the Object Id in numeric format
+     */
+
+    rv = prettyIndent(out, level);
+    if (rv < 0)
+        return rv;
+
+    if (len == 0) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return -1;
+    }
+    val = data[0];
+    i = val % 40;
+    val = val / 40;
+    rv = fprintf(out, "%lu %u ", val, i);
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    val = 0;
+    for (i = 1; i < len; ++i) {
+        unsigned long j;
+
+        j = data[i];
+        val = (val << 7) | (j & 0x7f);
+        if (j & 0x80)
+            continue;
+        rv = fprintf(out, "%lu ", val);
+        if (rv < 0) {
+            PORT_SetError(SEC_ERROR_IO);
+            return rv;
+        }
+        val = 0;
+    }
+
+    /*
+     * Now try to look it up and print a symbolic version.
+     */
+    oiditem.data = (unsigned char *)data;
+    oiditem.len = len;
+    oiddata = SECOID_FindOID(&oiditem);
+    if (oiddata != NULL) {
+        i = PORT_Strlen(oiddata->desc);
+        if ((prettyColumn + 1 + (i / 3)) > RIGHT_MARGIN) {
+            rv = prettyNewline(out);
+            if (rv < 0)
+                return rv;
+        }
+
+        rv = prettyIndent(out, level);
+        if (rv < 0)
+            return rv;
+
+        rv = fprintf(out, "(%s)", oiddata->desc);
+        if (rv < 0) {
+            PORT_SetError(SEC_ERROR_IO);
+            return rv;
+        }
+    }
+
+    rv = prettyNewline(out);
+    if (rv < 0)
+        return rv;
+
+    if (raw) {
+        rv = prettyPrintLeaf(out, data, len, level);
+        if (rv < 0)
+            return rv;
+    }
+
+    return 0;
+}
+
+static char *prettyTagType[32] = {
+    "End of Contents",
+    "Boolean",
+    "Integer",
+    "Bit String",
+    "Octet String",
+    "NULL",
+    "Object Identifier",
+    "0x07",
+    "0x08",
+    "0x09",
+    "Enumerated",
+    "0x0B",
+    "UTF8 String",
+    "0x0D",
+    "0x0E",
+    "0x0F",
+    "Sequence",
+    "Set",
+    "0x12",
+    "Printable String",
+    "T61 String",
+    "0x15",
+    "IA5 String",
+    "UTC Time",
+    "Generalized Time",
+    "0x19",
+    "Visible String",
+    "0x1B",
+    "Universal String",
+    "0x1D",
+    "BMP String",
+    "High-Tag-Number"
+};
+
+static int
+prettyPrintTag(FILE *out, const unsigned char *src, const unsigned char *end,
+               unsigned char *codep, unsigned int level, PRBool raw)
+{
+    int rv;
+    unsigned char code, tagnum;
+
+    if (src >= end) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return -1;
+    }
+
+    code = *src;
+    tagnum = code & SEC_ASN1_TAGNUM_MASK;
+
+    /*
+     * NOTE: This code does not (yet) handle the high-tag-number form!
+     */
+    if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return -1;
+    }
+
+    if (raw)
+        rv = prettyPrintByte(out, code, level);
+    else
+        rv = prettyIndent(out, level);
+
+    if (rv < 0)
+        return rv;
+
+    if (code & SEC_ASN1_CONSTRUCTED) {
+        rv = fprintf(out, "C-");
+        if (rv < 0) {
+            PORT_SetError(SEC_ERROR_IO);
+            return rv;
+        }
+    }
+
+    switch (code & SEC_ASN1_CLASS_MASK) {
+        case SEC_ASN1_UNIVERSAL:
+            rv = fprintf(out, "%s ", prettyTagType[tagnum]);
+            break;
+        case SEC_ASN1_APPLICATION:
+            rv = fprintf(out, "Application: %d ", tagnum);
+            break;
+        case SEC_ASN1_CONTEXT_SPECIFIC:
+            rv = fprintf(out, "[%d] ", tagnum);
+            break;
+        case SEC_ASN1_PRIVATE:
+            rv = fprintf(out, "Private: %d ", tagnum);
+            break;
+    }
+
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    *codep = code;
+
+    return 1;
+}
+
+static int
+prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end,
+                  int *lenp, PRBool *indefinitep, unsigned int lv, PRBool raw)
+{
+    unsigned char lbyte;
+    int lenLen;
+    int rv;
+
+    if (data >= end) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return -1;
+    }
+
+    rv = fprintf(out, " ");
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    *indefinitep = PR_FALSE;
+
+    lbyte = *data++;
+    lenLen = 1;
+    if (lbyte >= 0x80) {
+        /* Multibyte length */
+        unsigned nb = (unsigned)(lbyte & 0x7f);
+        if (nb > 4) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            return -1;
+        }
+        if (nb > 0) {
+            int il;
+
+            if ((data + nb) > end) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                return -1;
+            }
+            il = getInteger256(data, nb);
+            if (il < 0)
+                return -1;
+            *lenp = (unsigned)il;
+        } else {
+            *lenp = 0;
+            *indefinitep = PR_TRUE;
+        }
+        lenLen += nb;
+        if (raw) {
+            unsigned int i;
+
+            rv = prettyPrintByte(out, lbyte, lv);
+            if (rv < 0)
+                return rv;
+            for (i = 0; i < nb; i++) {
+                rv = prettyPrintByte(out, data[i], lv);
+                if (rv < 0)
+                    return rv;
+            }
+        }
+    } else {
+        *lenp = lbyte;
+        if (raw) {
+            rv = prettyPrintByte(out, lbyte, lv);
+            if (rv < 0)
+                return rv;
+        }
+    }
+    if (*indefinitep)
+        rv = fprintf(out, "(indefinite)\n");
+    else
+        rv = fprintf(out, "(%d)\n", *lenp);
+    if (rv < 0) {
+        PORT_SetError(SEC_ERROR_IO);
+        return rv;
+    }
+
+    prettyColumn = -1;
+    return lenLen;
+}
+
+static int
+prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end,
+                unsigned int lv, PRBool raw)
+{
+    int slen;
+    int lenLen;
+    const unsigned char *orig = data;
+    int rv;
+
+    while (data < end) {
+        unsigned char code;
+        PRBool indefinite;
+
+        slen = prettyPrintTag(out, data, end, &code, lv, raw);
+        if (slen < 0)
+            return slen;
+        data += slen;
+
+        lenLen = prettyPrintLength(out, data, end, &slen, &indefinite, lv, raw);
+        if (lenLen < 0)
+            return lenLen;
+        data += lenLen;
+
+        /*
+         * Just quit now if slen more bytes puts us off the end.
+         */
+        if ((data + slen) > end) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            return -1;
+        }
+
+        if (code & SEC_ASN1_CONSTRUCTED) {
+            if (slen > 0 || indefinite) {
+                slen = prettyPrintItem(out, data,
+                                       slen == 0 ? end : data + slen,
+                                       lv + 1, raw);
+                if (slen < 0)
+                    return slen;
+                data += slen;
+            }
+        } else if (code == 0) {
+            if (slen != 0 || lenLen != 1) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                return -1;
+            }
+            break;
+        } else {
+            switch (code) {
+                case SEC_ASN1_PRINTABLE_STRING:
+                case SEC_ASN1_IA5_STRING:
+                case SEC_ASN1_VISIBLE_STRING:
+                    rv = prettyPrintString(out, data, slen, lv + 1, raw);
+                    if (rv < 0)
+                        return rv;
+                    break;
+                case SEC_ASN1_UTC_TIME:
+                    rv = prettyPrintTime(out, data, slen, lv + 1, raw, PR_TRUE);
+                    if (rv < 0)
+                        return rv;
+                    break;
+                case SEC_ASN1_GENERALIZED_TIME:
+                    rv = prettyPrintTime(out, data, slen, lv + 1, raw, PR_FALSE);
+                    if (rv < 0)
+                        return rv;
+                    break;
+                case SEC_ASN1_OBJECT_ID:
+                    rv = prettyPrintObjectID(out, data, slen, lv + 1, raw);
+                    if (rv < 0)
+                        return rv;
+                    break;
+                case SEC_ASN1_BOOLEAN:    /* could do nicer job */
+                case SEC_ASN1_INTEGER:    /* could do nicer job */
+                case SEC_ASN1_BIT_STRING: /* could do nicer job */
+                case SEC_ASN1_OCTET_STRING:
+                case SEC_ASN1_NULL:
+                case SEC_ASN1_ENUMERATED: /* could do nicer job, as INTEGER */
+                case SEC_ASN1_UTF8_STRING:
+                case SEC_ASN1_T61_STRING: /* print as printable string? */
+                case SEC_ASN1_UNIVERSAL_STRING:
+                case SEC_ASN1_BMP_STRING:
+                default:
+                    rv = prettyPrintLeaf(out, data, slen, lv + 1);
+                    if (rv < 0)
+                        return rv;
+                    break;
+            }
+            data += slen;
+        }
+    }
+
+    rv = prettyNewline(out);
+    if (rv < 0)
+        return rv;
+
+    return data - orig;
+}
+
+SECStatus
+DER_PrettyPrint(FILE *out, const SECItem *it, PRBool raw)
+{
+    int rv;
+
+    prettyColumn = -1;
+
+    rv = prettyPrintItem(out, it->data, it->data + it->len, 0, raw);
+    if (rv < 0)
+        return SECFailure;
+    return SECSuccess;
+}
diff --git a/nss/cmd/lib/exports.gyp b/nss/cmd/lib/exports.gyp
new file mode 100644
index 0000000..f6b4693
--- /dev/null
+++ b/nss/cmd/lib/exports.gyp
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'cmd_lib_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'basicutil.h',
+            'pk11table.h',
+            'secutil.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/cmd/lib/ffs.c b/nss/cmd/lib/ffs.c
new file mode 100644
index 0000000..d1cbf67
--- /dev/null
+++ b/nss/cmd/lib/ffs.c
@@ -0,0 +1,21 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#if !defined(XP_UNIX) && !defined(XP_OS2)
+
+int
+ffs(unsigned int i)
+{
+    int rv = 1;
+
+    if (!i)
+        return 0;
+
+    while (!(i & 1)) {
+        i >>= 1;
+        ++rv;
+    }
+
+    return rv;
+}
+#endif
diff --git a/nss/cmd/lib/lib.gyp b/nss/cmd/lib/lib.gyp
new file mode 100644
index 0000000..6b7da58
--- /dev/null
+++ b/nss/cmd/lib/lib.gyp
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'sectool',
+      'type': 'static_library',
+      'standalone_static_library': 1,
+      'sources': [
+        'basicutil.c',
+        'derprint.c',
+        'ffs.c',
+        'moreoids.c',
+        'pk11table.c',
+        'pppolicy.c',
+        'secpwd.c',
+        'secutil.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/lib/manifest.mn b/nss/cmd/lib/manifest.mn
new file mode 100644
index 0000000..87440c0
--- /dev/null
+++ b/nss/cmd/lib/manifest.mn
@@ -0,0 +1,39 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH	= ../..
+
+LIBRARY_NAME	= sectool
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE		= nss
+
+DEFINES		= -DNSPR20
+
+ifdef NSS_BUILD_SOFTOKEN_ONLY
+PRIVATE_EXPORTS = basicutil.h \
+		  pk11table.h \
+		  $(NULL)
+
+CSRCS = basicutil.c \
+	pk11table.c \
+	$(NULL)
+else
+PRIVATE_EXPORTS	= basicutil.h \
+		  secutil.h \
+		  pk11table.h \
+		  $(NULL)
+
+CSRCS	= basicutil.c \
+		secutil.c \
+		secpwd.c    \
+		derprint.c \
+		moreoids.c \
+		pppolicy.c \
+		ffs.c \
+		pk11table.c \
+		$(NULL)
+endif
+
+NO_MD_RELEASE	= 1
diff --git a/nss/cmd/lib/moreoids.c b/nss/cmd/lib/moreoids.c
new file mode 100644
index 0000000..ed5022c
--- /dev/null
+++ b/nss/cmd/lib/moreoids.c
@@ -0,0 +1,167 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secoid.h"
+#include "secmodt.h" /* for CKM_INVALID_MECHANISM */
+
+#define OI(x)                                  \
+    {                                          \
+        siDEROID, (unsigned char *)x, sizeof x \
+    }
+#define OD(oid, tag, desc, mech, ext) \
+    {                                 \
+        OI(oid)                       \
+        , tag, desc, mech, ext        \
+    }
+#define ODN(oid, desc)                                           \
+    {                                                            \
+        OI(oid)                                                  \
+        , 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION \
+    }
+
+#define OIDT static const unsigned char
+
+/* OIW Security Special Interest Group defined algorithms. */
+#define OIWSSIG 0x2B, 13, 3, 2
+
+OIDT oiwMD5RSA[] = { OIWSSIG, 3 };
+OIDT oiwDESCBC[] = { OIWSSIG, 7 };
+OIDT oiwRSAsig[] = { OIWSSIG, 11 };
+OIDT oiwDSA[] = { OIWSSIG, 12 };
+OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 };
+OIDT oiwSHA1[] = { OIWSSIG, 26 };
+OIDT oiwDSASHA1[] = { OIWSSIG, 27 };
+OIDT oiwDSASHA1param[] = { OIWSSIG, 28 };
+OIDT oiwSHA1RSA[] = { OIWSSIG, 29 };
+
+/* Microsoft OIDs.  (1 3 6 1 4 1 311 ... )   */
+#define MICROSOFT 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37
+
+OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */
+OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */
+OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */
+OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */
+OIDT mSMIME[] = { MICROSOFT, 16, 4 };  /* SMIME encryption key prefs */
+
+OIDT mECRTT[] = { MICROSOFT, 20, 2 };    /* Enrollment cert type xtn */
+OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent         */
+OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon       */
+OIDT mNTPN[] = { MICROSOFT, 20, 2, 3 };  /* NT Principal Name        */
+OIDT mCASRV[] = { MICROSOFT, 21, 1 };    /* CertServ CA version      */
+
+/* AOL OIDs     (1 3 6 1 4 1 1066 ... )   */
+#define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A
+
+/* PKIX IDs     (1 3 6 1 5 5 7 ...)  */
+#define ID_PKIX 0x2B, 6, 1, 5, 5, 7
+/* PKIX Access Descriptors (methods for Authority Info Access Extns) */
+#define ID_AD ID_PKIX, 48
+
+OIDT padOCSP[] = { ID_AD, 1 };      /* OCSP method */
+OIDT padCAissuer[] = { ID_AD, 2 };  /* URI (for CRL ?) */
+OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */
+
+/* ISO Cert Extension type OIDs (id-ce)  (2 5 29 ...) */
+#define X500 0x55
+#define X520_ATTRIBUTE_TYPE X500, 0x04
+#define X500_ALG X500, 0x08
+#define X500_ALG_ENCRYPTION X500_ALG, 0x01
+#define ID_CE X500, 29
+
+OIDT cePlcyObs[] = { ID_CE, 3 };  /* Cert policies, obsolete. */
+OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */
+
+/* US Company arc (2 16 840 1 ...) */
+#define USCOM 0x60, 0x86, 0x48, 0x01
+#define USGOV USCOM, 0x65
+#define USDOD USGOV, 2
+#define ID_INFOSEC USDOD, 1
+
+/* Verisign PKI OIDs (2 16 840 1 113733 1 ...) */
+#define VERISIGN_PKI USCOM, 0x86, 0xf8, 0x45, 1
+#define VERISIGN_XTN VERISIGN_PKI, 6
+#define VERISIGN_POL VERISIGN_PKI, 7   /* Cert policies */
+#define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */
+
+OIDT vcx7[] = { VERISIGN_XTN, 7 };  /* Cert Extension 7 (?) */
+OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */
+OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */
+OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */
+OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */
+
+/* ------------------------------------------------------------------- */
+static const SECOidData oids[] = {
+    /* OIW Security Special Interest Group OIDs */
+    ODN(oiwMD5RSA, "OIWSecSIG MD5 with RSA"),
+    ODN(oiwDESCBC, "OIWSecSIG DES CBC"),
+    ODN(oiwRSAsig, "OIWSecSIG RSA signature"),
+    ODN(oiwDSA, "OIWSecSIG DSA"),
+    ODN(oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"),
+    ODN(oiwSHA1, "OIWSecSIG SHA1"),
+    ODN(oiwDSASHA1, "OIWSecSIG DSA with SHA1"),
+    ODN(oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"),
+    ODN(oiwSHA1RSA, "OIWSecSIG MD5 with RSA"),
+
+    /* Microsoft OIDs */
+    ODN(mCTL, "Microsoft Cert Trust List signing"),
+    ODN(mTSS, "Microsoft Time Stamp signing"),
+    ODN(mSGC, "Microsoft SGC SSL server"),
+    ODN(mEFS, "Microsoft Encrypted File System"),
+    ODN(mSMIME, "Microsoft SMIME preferences"),
+    ODN(mECRTT, "Microsoft Enrollment Cert Type Extension"),
+    ODN(mEAGNT, "Microsoft Enrollment Agent"),
+    ODN(mKPSCL, "Microsoft KP SmartCard Logon"),
+    ODN(mNTPN, "Microsoft NT Principal Name"),
+    ODN(mCASRV, "Microsoft CertServ CA version"),
+
+    /* PKIX OIDs */
+    ODN(padOCSP, "PKIX OCSP method"),
+    ODN(padCAissuer, "PKIX CA Issuer method"),
+    ODN(padTimeStamp, "PKIX Time Stamping method"),
+
+    /* ID_CE OIDs. */
+    ODN(cePlcyObs, "Certificate Policies (Obsolete)"),
+    ODN(cePlcyCns, "Certificate Policy Constraints"),
+
+    /* Verisign OIDs. */
+    ODN(vcx7, "Verisign Cert Extension 7 (?)"),
+    ODN(vcp1, "Verisign Class 1 Certificate Policy"),
+    ODN(vcp2, "Verisign Class 2 Certificate Policy"),
+    ODN(vcp3, "Verisign Class 3 Certificate Policy"),
+    ODN(vcp4, "Verisign Class 4 Certificate Policy"),
+
+};
+
+static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]);
+
+/* Fetch and register an oid if it hasn't been done already */
+void
+SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src)
+{
+    if (*data == SEC_OID_UNKNOWN) {
+        /* AddEntry does the right thing if someone else has already
+         * added the oid. (that is return that oid tag) */
+        *data = SECOID_AddEntry(src);
+    }
+}
+
+SECStatus
+SECU_RegisterDynamicOids(void)
+{
+    unsigned int i;
+    SECStatus rv = SECSuccess;
+
+    for (i = 0; i < numOids; ++i) {
+        SECOidTag tag = SECOID_AddEntry(&oids[i]);
+        if (tag == SEC_OID_UNKNOWN) {
+            rv = SECFailure;
+#ifdef DEBUG_DYN_OIDS
+            fprintf(stderr, "Add OID[%d] failed\n", i);
+        } else {
+            fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag);
+#endif
+        }
+    }
+    return rv;
+}
diff --git a/nss/cmd/lib/pk11table.c b/nss/cmd/lib/pk11table.c
new file mode 100644
index 0000000..15c0a8d
--- /dev/null
+++ b/nss/cmd/lib/pk11table.c
@@ -0,0 +1,1517 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11table.h"
+
+const char *_valueString[] = {
+    "None",
+    "Variable",
+    "CK_ULONG",
+    "Data",
+    "UTF8",
+    "CK_INFO",
+    "CK_SLOT_INFO",
+    "CK_TOKEN_INFO",
+    "CK_SESSION_INFO",
+    "CK_ATTRIBUTE",
+    "CK_MECHANISM",
+    "CK_MECHANISM_INFO",
+    "CK_C_INITIALIZE_ARGS",
+    "CK_FUNCTION_LIST"
+};
+
+const char **valueString = &_valueString[0];
+const int valueCount = sizeof(_valueString) / sizeof(_valueString[0]);
+
+const char *_constTypeString[] = {
+    "None",
+    "Bool",
+    "InfoFlags",
+    "SlotFlags",
+    "TokenFlags",
+    "SessionFlags",
+    "MechanismFlags",
+    "InitializeFlags",
+    "Users",
+    "SessionState",
+    "Object",
+    "Hardware",
+    "KeyType",
+    "CertificateType",
+    "Attribute",
+    "Mechanism",
+    "Result",
+    "Trust",
+    "AvailableSizes",
+    "CurrentSize"
+};
+
+const char **constTypeString = &_constTypeString[0];
+const int constTypeCount = sizeof(_constTypeString) / sizeof(_constTypeString[0]);
+
+#define mkEntry(x, t)              \
+    {                              \
+        #x, x, Const##t, ConstNone \
+    }
+#define mkEntry2(x, t, t2)         \
+    {                              \
+        #x, x, Const##t, Const##t2 \
+    }
+
+const Constant _consts[] = {
+    mkEntry(CK_FALSE, Bool),
+    mkEntry(CK_TRUE, Bool),
+
+    mkEntry(CKF_TOKEN_PRESENT, SlotFlags),
+    mkEntry(CKF_REMOVABLE_DEVICE, SlotFlags),
+    mkEntry(CKF_HW_SLOT, SlotFlags),
+
+    mkEntry(CKF_RNG, TokenFlags),
+    mkEntry(CKF_WRITE_PROTECTED, TokenFlags),
+    mkEntry(CKF_LOGIN_REQUIRED, TokenFlags),
+    mkEntry(CKF_USER_PIN_INITIALIZED, TokenFlags),
+    mkEntry(CKF_RESTORE_KEY_NOT_NEEDED, TokenFlags),
+    mkEntry(CKF_CLOCK_ON_TOKEN, TokenFlags),
+    mkEntry(CKF_PROTECTED_AUTHENTICATION_PATH, TokenFlags),
+    mkEntry(CKF_DUAL_CRYPTO_OPERATIONS, TokenFlags),
+    mkEntry(CKF_TOKEN_INITIALIZED, TokenFlags),
+    mkEntry(CKF_SECONDARY_AUTHENTICATION, TokenFlags),
+    mkEntry(CKF_USER_PIN_COUNT_LOW, TokenFlags),
+    mkEntry(CKF_USER_PIN_FINAL_TRY, TokenFlags),
+    mkEntry(CKF_USER_PIN_LOCKED, TokenFlags),
+    mkEntry(CKF_USER_PIN_TO_BE_CHANGED, TokenFlags),
+    mkEntry(CKF_SO_PIN_COUNT_LOW, TokenFlags),
+    mkEntry(CKF_SO_PIN_FINAL_TRY, TokenFlags),
+    mkEntry(CKF_SO_PIN_LOCKED, TokenFlags),
+    mkEntry(CKF_SO_PIN_TO_BE_CHANGED, TokenFlags),
+
+    mkEntry(CKF_RW_SESSION, SessionFlags),
+    mkEntry(CKF_SERIAL_SESSION, SessionFlags),
+
+    mkEntry(CKF_HW, MechanismFlags),
+    mkEntry(CKF_ENCRYPT, MechanismFlags),
+    mkEntry(CKF_DECRYPT, MechanismFlags),
+    mkEntry(CKF_DIGEST, MechanismFlags),
+    mkEntry(CKF_SIGN, MechanismFlags),
+    mkEntry(CKF_SIGN_RECOVER, MechanismFlags),
+    mkEntry(CKF_VERIFY, MechanismFlags),
+    mkEntry(CKF_VERIFY_RECOVER, MechanismFlags),
+    mkEntry(CKF_GENERATE, MechanismFlags),
+    mkEntry(CKF_GENERATE_KEY_PAIR, MechanismFlags),
+    mkEntry(CKF_WRAP, MechanismFlags),
+    mkEntry(CKF_UNWRAP, MechanismFlags),
+    mkEntry(CKF_DERIVE, MechanismFlags),
+    mkEntry(CKF_EC_FP, MechanismFlags),
+    mkEntry(CKF_EC_F_2M, MechanismFlags),
+    mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags),
+    mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags),
+    mkEntry(CKF_EC_UNCOMPRESS, MechanismFlags),
+    mkEntry(CKF_EC_COMPRESS, MechanismFlags),
+
+    mkEntry(CKF_LIBRARY_CANT_CREATE_OS_THREADS, InitializeFlags),
+    mkEntry(CKF_OS_LOCKING_OK, InitializeFlags),
+
+    mkEntry(CKU_SO, Users),
+    mkEntry(CKU_USER, Users),
+
+    mkEntry(CKS_RO_PUBLIC_SESSION, SessionState),
+    mkEntry(CKS_RO_USER_FUNCTIONS, SessionState),
+    mkEntry(CKS_RW_PUBLIC_SESSION, SessionState),
+    mkEntry(CKS_RW_USER_FUNCTIONS, SessionState),
+    mkEntry(CKS_RW_SO_FUNCTIONS, SessionState),
+
+    mkEntry(CKO_DATA, Object),
+    mkEntry(CKO_CERTIFICATE, Object),
+    mkEntry(CKO_PUBLIC_KEY, Object),
+    mkEntry(CKO_PRIVATE_KEY, Object),
+    mkEntry(CKO_SECRET_KEY, Object),
+    mkEntry(CKO_HW_FEATURE, Object),
+    mkEntry(CKO_DOMAIN_PARAMETERS, Object),
+    mkEntry(CKO_KG_PARAMETERS, Object),
+    mkEntry(CKO_NSS_CRL, Object),
+    mkEntry(CKO_NSS_SMIME, Object),
+    mkEntry(CKO_NSS_TRUST, Object),
+    mkEntry(CKO_NSS_BUILTIN_ROOT_LIST, Object),
+
+    mkEntry(CKH_MONOTONIC_COUNTER, Hardware),
+    mkEntry(CKH_CLOCK, Hardware),
+
+    mkEntry(CKK_RSA, KeyType),
+    mkEntry(CKK_DSA, KeyType),
+    mkEntry(CKK_DH, KeyType),
+    mkEntry(CKK_ECDSA, KeyType),
+    mkEntry(CKK_EC, KeyType),
+    mkEntry(CKK_X9_42_DH, KeyType),
+    mkEntry(CKK_KEA, KeyType),
+    mkEntry(CKK_GENERIC_SECRET, KeyType),
+    mkEntry(CKK_RC2, KeyType),
+    mkEntry(CKK_RC4, KeyType),
+    mkEntry(CKK_DES, KeyType),
+    mkEntry(CKK_DES2, KeyType),
+    mkEntry(CKK_DES3, KeyType),
+    mkEntry(CKK_CAST, KeyType),
+    mkEntry(CKK_CAST3, KeyType),
+    mkEntry(CKK_CAST5, KeyType),
+    mkEntry(CKK_CAST128, KeyType),
+    mkEntry(CKK_RC5, KeyType),
+    mkEntry(CKK_IDEA, KeyType),
+    mkEntry(CKK_SKIPJACK, KeyType),
+    mkEntry(CKK_BATON, KeyType),
+    mkEntry(CKK_JUNIPER, KeyType),
+    mkEntry(CKK_CDMF, KeyType),
+    mkEntry(CKK_AES, KeyType),
+    mkEntry(CKK_CAMELLIA, KeyType),
+    mkEntry(CKK_NSS_PKCS8, KeyType),
+
+    mkEntry(CKC_X_509, CertType),
+    mkEntry(CKC_X_509_ATTR_CERT, CertType),
+
+    mkEntry2(CKA_CLASS, Attribute, Object),
+    mkEntry2(CKA_TOKEN, Attribute, Bool),
+    mkEntry2(CKA_PRIVATE, Attribute, Bool),
+    mkEntry2(CKA_LABEL, Attribute, None),
+    mkEntry2(CKA_APPLICATION, Attribute, None),
+    mkEntry2(CKA_VALUE, Attribute, None),
+    mkEntry2(CKA_OBJECT_ID, Attribute, None),
+    mkEntry2(CKA_CERTIFICATE_TYPE, Attribute, CertType),
+    mkEntry2(CKA_ISSUER, Attribute, None),
+    mkEntry2(CKA_SERIAL_NUMBER, Attribute, None),
+    mkEntry2(CKA_AC_ISSUER, Attribute, None),
+    mkEntry2(CKA_OWNER, Attribute, None),
+    mkEntry2(CKA_ATTR_TYPES, Attribute, None),
+    mkEntry2(CKA_TRUSTED, Attribute, Bool),
+    mkEntry2(CKA_KEY_TYPE, Attribute, KeyType),
+    mkEntry2(CKA_SUBJECT, Attribute, None),
+    mkEntry2(CKA_ID, Attribute, None),
+    mkEntry2(CKA_SENSITIVE, Attribute, Bool),
+    mkEntry2(CKA_ENCRYPT, Attribute, Bool),
+    mkEntry2(CKA_DECRYPT, Attribute, Bool),
+    mkEntry2(CKA_WRAP, Attribute, Bool),
+    mkEntry2(CKA_UNWRAP, Attribute, Bool),
+    mkEntry2(CKA_SIGN, Attribute, Bool),
+    mkEntry2(CKA_SIGN_RECOVER, Attribute, Bool),
+    mkEntry2(CKA_VERIFY, Attribute, Bool),
+    mkEntry2(CKA_VERIFY_RECOVER, Attribute, Bool),
+    mkEntry2(CKA_DERIVE, Attribute, Bool),
+    mkEntry2(CKA_START_DATE, Attribute, None),
+    mkEntry2(CKA_END_DATE, Attribute, None),
+    mkEntry2(CKA_MODULUS, Attribute, None),
+    mkEntry2(CKA_MODULUS_BITS, Attribute, None),
+    mkEntry2(CKA_PUBLIC_EXPONENT, Attribute, None),
+    mkEntry2(CKA_PRIVATE_EXPONENT, Attribute, None),
+    mkEntry2(CKA_PRIME_1, Attribute, None),
+    mkEntry2(CKA_PRIME_2, Attribute, None),
+    mkEntry2(CKA_EXPONENT_1, Attribute, None),
+    mkEntry2(CKA_EXPONENT_2, Attribute, None),
+    mkEntry2(CKA_COEFFICIENT, Attribute, None),
+    mkEntry2(CKA_PRIME, Attribute, None),
+    mkEntry2(CKA_SUBPRIME, Attribute, None),
+    mkEntry2(CKA_BASE, Attribute, None),
+    mkEntry2(CKA_PRIME_BITS, Attribute, None),
+    mkEntry2(CKA_SUB_PRIME_BITS, Attribute, None),
+    mkEntry2(CKA_VALUE_BITS, Attribute, None),
+    mkEntry2(CKA_VALUE_LEN, Attribute, None),
+    mkEntry2(CKA_EXTRACTABLE, Attribute, Bool),
+    mkEntry2(CKA_LOCAL, Attribute, Bool),
+    mkEntry2(CKA_NEVER_EXTRACTABLE, Attribute, Bool),
+    mkEntry2(CKA_ALWAYS_SENSITIVE, Attribute, Bool),
+    mkEntry2(CKA_KEY_GEN_MECHANISM, Attribute, Mechanism),
+    mkEntry2(CKA_MODIFIABLE, Attribute, Bool),
+    mkEntry2(CKA_ECDSA_PARAMS, Attribute, None),
+    mkEntry2(CKA_EC_PARAMS, Attribute, None),
+    mkEntry2(CKA_EC_POINT, Attribute, None),
+    mkEntry2(CKA_SECONDARY_AUTH, Attribute, None),
+    mkEntry2(CKA_AUTH_PIN_FLAGS, Attribute, None),
+    mkEntry2(CKA_HW_FEATURE_TYPE, Attribute, Hardware),
+    mkEntry2(CKA_RESET_ON_INIT, Attribute, Bool),
+    mkEntry2(CKA_HAS_RESET, Attribute, Bool),
+    mkEntry2(CKA_NSS_URL, Attribute, None),
+    mkEntry2(CKA_NSS_EMAIL, Attribute, None),
+    mkEntry2(CKA_NSS_SMIME_INFO, Attribute, None),
+    mkEntry2(CKA_NSS_SMIME_TIMESTAMP, Attribute, None),
+    mkEntry2(CKA_NSS_PKCS8_SALT, Attribute, None),
+    mkEntry2(CKA_NSS_PASSWORD_CHECK, Attribute, None),
+    mkEntry2(CKA_NSS_EXPIRES, Attribute, None),
+    mkEntry2(CKA_NSS_KRL, Attribute, None),
+    mkEntry2(CKA_NSS_PQG_COUNTER, Attribute, None),
+    mkEntry2(CKA_NSS_PQG_SEED, Attribute, None),
+    mkEntry2(CKA_NSS_PQG_H, Attribute, None),
+    mkEntry2(CKA_NSS_PQG_SEED_BITS, Attribute, None),
+    mkEntry2(CKA_TRUST_DIGITAL_SIGNATURE, Attribute, Trust),
+    mkEntry2(CKA_TRUST_NON_REPUDIATION, Attribute, Trust),
+    mkEntry2(CKA_TRUST_KEY_ENCIPHERMENT, Attribute, Trust),
+    mkEntry2(CKA_TRUST_DATA_ENCIPHERMENT, Attribute, Trust),
+    mkEntry2(CKA_TRUST_KEY_AGREEMENT, Attribute, Trust),
+    mkEntry2(CKA_TRUST_KEY_CERT_SIGN, Attribute, Trust),
+    mkEntry2(CKA_TRUST_CRL_SIGN, Attribute, Trust),
+    mkEntry2(CKA_TRUST_SERVER_AUTH, Attribute, Trust),
+    mkEntry2(CKA_TRUST_CLIENT_AUTH, Attribute, Trust),
+    mkEntry2(CKA_TRUST_CODE_SIGNING, Attribute, Trust),
+    mkEntry2(CKA_TRUST_EMAIL_PROTECTION, Attribute, Trust),
+    mkEntry2(CKA_TRUST_IPSEC_END_SYSTEM, Attribute, Trust),
+    mkEntry2(CKA_TRUST_IPSEC_TUNNEL, Attribute, Trust),
+    mkEntry2(CKA_TRUST_IPSEC_USER, Attribute, Trust),
+    mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust),
+    mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None),
+    mkEntry2(CKA_CERT_MD5_HASH, Attribute, None),
+    mkEntry2(CKA_NETSCAPE_DB, Attribute, None),
+    mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust),
+
+    mkEntry(CKM_RSA_PKCS, Mechanism),
+    mkEntry(CKM_RSA_9796, Mechanism),
+    mkEntry(CKM_RSA_X_509, Mechanism),
+    mkEntry(CKM_RSA_PKCS_KEY_PAIR_GEN, Mechanism),
+    mkEntry(CKM_MD2_RSA_PKCS, Mechanism),
+    mkEntry(CKM_MD5_RSA_PKCS, Mechanism),
+    mkEntry(CKM_SHA1_RSA_PKCS, Mechanism),
+    mkEntry(CKM_RIPEMD128_RSA_PKCS, Mechanism),
+    mkEntry(CKM_RIPEMD160_RSA_PKCS, Mechanism),
+    mkEntry(CKM_RSA_PKCS_OAEP, Mechanism),
+    mkEntry(CKM_RSA_X9_31_KEY_PAIR_GEN, Mechanism),
+    mkEntry(CKM_RSA_X9_31, Mechanism),
+    mkEntry(CKM_SHA1_RSA_X9_31, Mechanism),
+    mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
+    mkEntry(CKM_DSA, Mechanism),
+    mkEntry(CKM_DSA_SHA1, Mechanism),
+    mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
+    mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
+    mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
+    mkEntry(CKM_X9_42_DH_HYBRID_DERIVE, Mechanism),
+    mkEntry(CKM_X9_42_MQV_DERIVE, Mechanism),
+    mkEntry(CKM_SHA256_RSA_PKCS, Mechanism),
+    mkEntry(CKM_SHA384_RSA_PKCS, Mechanism),
+    mkEntry(CKM_SHA512_RSA_PKCS, Mechanism),
+    mkEntry(CKM_RC2_KEY_GEN, Mechanism),
+    mkEntry(CKM_RC2_ECB, Mechanism),
+    mkEntry(CKM_RC2_CBC, Mechanism),
+    mkEntry(CKM_RC2_MAC, Mechanism),
+    mkEntry(CKM_RC2_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_RC2_CBC_PAD, Mechanism),
+    mkEntry(CKM_RC4_KEY_GEN, Mechanism),
+    mkEntry(CKM_RC4, Mechanism),
+    mkEntry(CKM_DES_KEY_GEN, Mechanism),
+    mkEntry(CKM_DES_ECB, Mechanism),
+    mkEntry(CKM_DES_CBC, Mechanism),
+    mkEntry(CKM_DES_MAC, Mechanism),
+    mkEntry(CKM_DES_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_DES_CBC_PAD, Mechanism),
+    mkEntry(CKM_DES2_KEY_GEN, Mechanism),
+    mkEntry(CKM_DES3_KEY_GEN, Mechanism),
+    mkEntry(CKM_DES3_ECB, Mechanism),
+    mkEntry(CKM_DES3_CBC, Mechanism),
+    mkEntry(CKM_DES3_MAC, Mechanism),
+    mkEntry(CKM_DES3_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_DES3_CBC_PAD, Mechanism),
+    mkEntry(CKM_CDMF_KEY_GEN, Mechanism),
+    mkEntry(CKM_CDMF_ECB, Mechanism),
+    mkEntry(CKM_CDMF_CBC, Mechanism),
+    mkEntry(CKM_CDMF_MAC, Mechanism),
+    mkEntry(CKM_CDMF_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_CDMF_CBC_PAD, Mechanism),
+    mkEntry(CKM_MD2, Mechanism),
+    mkEntry(CKM_MD2_HMAC, Mechanism),
+    mkEntry(CKM_MD2_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_MD5, Mechanism),
+    mkEntry(CKM_MD5_HMAC, Mechanism),
+    mkEntry(CKM_MD5_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_SHA_1, Mechanism),
+    mkEntry(CKM_SHA_1_HMAC, Mechanism),
+    mkEntry(CKM_SHA_1_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_RIPEMD128, Mechanism),
+    mkEntry(CKM_RIPEMD128_HMAC, Mechanism),
+    mkEntry(CKM_RIPEMD128_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_RIPEMD160, Mechanism),
+    mkEntry(CKM_RIPEMD160_HMAC, Mechanism),
+    mkEntry(CKM_RIPEMD160_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_SHA256, Mechanism),
+    mkEntry(CKM_SHA256_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_SHA256_HMAC, Mechanism),
+    mkEntry(CKM_SHA384, Mechanism),
+    mkEntry(CKM_SHA384_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_SHA384_HMAC, Mechanism),
+    mkEntry(CKM_SHA512, Mechanism),
+    mkEntry(CKM_SHA512_HMAC_GENERAL, Mechanism),
+    mkEntry(CKM_SHA512_HMAC, Mechanism),
+    mkEntry(CKM_CAST_KEY_GEN, Mechanism),
+    mkEntry(CKM_CAST_ECB, Mechanism),
+    mkEntry(CKM_CAST_CBC, Mechanism),
+    mkEntry(CKM_CAST_MAC, Mechanism),
+    mkEntry(CKM_CAST_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_CAST_CBC_PAD, Mechanism),
+    mkEntry(CKM_CAST3_KEY_GEN, Mechanism),
+    mkEntry(CKM_CAST3_ECB, Mechanism),
+    mkEntry(CKM_CAST3_CBC, Mechanism),
+    mkEntry(CKM_CAST3_MAC, Mechanism),
+    mkEntry(CKM_CAST3_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_CAST3_CBC_PAD, Mechanism),
+    mkEntry(CKM_CAST5_KEY_GEN, Mechanism),
+    mkEntry(CKM_CAST128_KEY_GEN, Mechanism),
+    mkEntry(CKM_CAST5_ECB, Mechanism),
+    mkEntry(CKM_CAST128_ECB, Mechanism),
+    mkEntry(CKM_CAST5_CBC, Mechanism),
+    mkEntry(CKM_CAST128_CBC, Mechanism),
+    mkEntry(CKM_CAST5_MAC, Mechanism),
+    mkEntry(CKM_CAST128_MAC, Mechanism),
+    mkEntry(CKM_CAST5_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_CAST128_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_CAST5_CBC_PAD, Mechanism),
+    mkEntry(CKM_CAST128_CBC_PAD, Mechanism),
+    mkEntry(CKM_RC5_KEY_GEN, Mechanism),
+    mkEntry(CKM_RC5_ECB, Mechanism),
+    mkEntry(CKM_RC5_CBC, Mechanism),
+    mkEntry(CKM_RC5_MAC, Mechanism),
+    mkEntry(CKM_RC5_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_RC5_CBC_PAD, Mechanism),
+    mkEntry(CKM_IDEA_KEY_GEN, Mechanism),
+    mkEntry(CKM_IDEA_ECB, Mechanism),
+    mkEntry(CKM_IDEA_CBC, Mechanism),
+    mkEntry(CKM_IDEA_MAC, Mechanism),
+    mkEntry(CKM_IDEA_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_IDEA_CBC_PAD, Mechanism),
+    mkEntry(CKM_GENERIC_SECRET_KEY_GEN, Mechanism),
+    mkEntry(CKM_CONCATENATE_BASE_AND_KEY, Mechanism),
+    mkEntry(CKM_CONCATENATE_BASE_AND_DATA, Mechanism),
+    mkEntry(CKM_CONCATENATE_DATA_AND_BASE, Mechanism),
+    mkEntry(CKM_XOR_BASE_AND_DATA, Mechanism),
+    mkEntry(CKM_EXTRACT_KEY_FROM_KEY, Mechanism),
+    mkEntry(CKM_SSL3_PRE_MASTER_KEY_GEN, Mechanism),
+    mkEntry(CKM_SSL3_MASTER_KEY_DERIVE, Mechanism),
+    mkEntry(CKM_SSL3_KEY_AND_MAC_DERIVE, Mechanism),
+    mkEntry(CKM_SSL3_MASTER_KEY_DERIVE_DH, Mechanism),
+    mkEntry(CKM_TLS_PRE_MASTER_KEY_GEN, Mechanism),
+    mkEntry(CKM_TLS_MASTER_KEY_DERIVE, Mechanism),
+    mkEntry(CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, Mechanism),
+    mkEntry(CKM_TLS_KEY_AND_MAC_DERIVE, Mechanism),
+    mkEntry(CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, Mechanism),
+    mkEntry(CKM_TLS_MASTER_KEY_DERIVE_DH, Mechanism),
+    mkEntry(CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, Mechanism),
+    mkEntry(CKM_SSL3_MD5_MAC, Mechanism),
+    mkEntry(CKM_SSL3_SHA1_MAC, Mechanism),
+    mkEntry(CKM_MD5_KEY_DERIVATION, Mechanism),
+    mkEntry(CKM_MD2_KEY_DERIVATION, Mechanism),
+    mkEntry(CKM_SHA1_KEY_DERIVATION, Mechanism),
+    mkEntry(CKM_SHA256_KEY_DERIVATION, Mechanism),
+    mkEntry(CKM_SHA384_KEY_DERIVATION, Mechanism),
+    mkEntry(CKM_SHA512_KEY_DERIVATION, Mechanism),
+    mkEntry(CKM_PBE_MD2_DES_CBC, Mechanism),
+    mkEntry(CKM_PBE_MD5_DES_CBC, Mechanism),
+    mkEntry(CKM_PBE_MD5_CAST_CBC, Mechanism),
+    mkEntry(CKM_PBE_MD5_CAST3_CBC, Mechanism),
+    mkEntry(CKM_PBE_MD5_CAST5_CBC, Mechanism),
+    mkEntry(CKM_PBE_MD5_CAST128_CBC, Mechanism),
+    mkEntry(CKM_PBE_SHA1_CAST5_CBC, Mechanism),
+    mkEntry(CKM_PBE_SHA1_CAST128_CBC, Mechanism),
+    mkEntry(CKM_PBE_SHA1_RC4_128, Mechanism),
+    mkEntry(CKM_PBE_SHA1_RC4_40, Mechanism),
+    mkEntry(CKM_PBE_SHA1_DES3_EDE_CBC, Mechanism),
+    mkEntry(CKM_PBE_SHA1_DES2_EDE_CBC, Mechanism),
+    mkEntry(CKM_PBE_SHA1_RC2_128_CBC, Mechanism),
+    mkEntry(CKM_PBE_SHA1_RC2_40_CBC, Mechanism),
+    mkEntry(CKM_PKCS5_PBKD2, Mechanism),
+    mkEntry(CKM_PBA_SHA1_WITH_SHA1_HMAC, Mechanism),
+    mkEntry(CKM_KEY_WRAP_LYNKS, Mechanism),
+    mkEntry(CKM_KEY_WRAP_SET_OAEP, Mechanism),
+    mkEntry(CKM_SKIPJACK_KEY_GEN, Mechanism),
+    mkEntry(CKM_SKIPJACK_ECB64, Mechanism),
+    mkEntry(CKM_SKIPJACK_CBC64, Mechanism),
+    mkEntry(CKM_SKIPJACK_OFB64, Mechanism),
+    mkEntry(CKM_SKIPJACK_CFB64, Mechanism),
+    mkEntry(CKM_SKIPJACK_CFB32, Mechanism),
+    mkEntry(CKM_SKIPJACK_CFB16, Mechanism),
+    mkEntry(CKM_SKIPJACK_CFB8, Mechanism),
+    mkEntry(CKM_SKIPJACK_WRAP, Mechanism),
+    mkEntry(CKM_SKIPJACK_PRIVATE_WRAP, Mechanism),
+    mkEntry(CKM_SKIPJACK_RELAYX, Mechanism),
+    mkEntry(CKM_KEA_KEY_PAIR_GEN, Mechanism),
+    mkEntry(CKM_KEA_KEY_DERIVE, Mechanism),
+    mkEntry(CKM_FORTEZZA_TIMESTAMP, Mechanism),
+    mkEntry(CKM_BATON_KEY_GEN, Mechanism),
+    mkEntry(CKM_BATON_ECB128, Mechanism),
+    mkEntry(CKM_BATON_ECB96, Mechanism),
+    mkEntry(CKM_BATON_CBC128, Mechanism),
+    mkEntry(CKM_BATON_COUNTER, Mechanism),
+    mkEntry(CKM_BATON_SHUFFLE, Mechanism),
+    mkEntry(CKM_BATON_WRAP, Mechanism),
+    mkEntry(CKM_ECDSA_KEY_PAIR_GEN, Mechanism),
+    mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
+    mkEntry(CKM_ECDSA, Mechanism),
+    mkEntry(CKM_ECDSA_SHA1, Mechanism),
+    mkEntry(CKM_ECDH1_DERIVE, Mechanism),
+    mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism),
+    mkEntry(CKM_ECMQV_DERIVE, Mechanism),
+    mkEntry(CKM_JUNIPER_KEY_GEN, Mechanism),
+    mkEntry(CKM_JUNIPER_ECB128, Mechanism),
+    mkEntry(CKM_JUNIPER_CBC128, Mechanism),
+    mkEntry(CKM_JUNIPER_COUNTER, Mechanism),
+    mkEntry(CKM_JUNIPER_SHUFFLE, Mechanism),
+    mkEntry(CKM_JUNIPER_WRAP, Mechanism),
+    mkEntry(CKM_FASTHASH, Mechanism),
+    mkEntry(CKM_AES_KEY_GEN, Mechanism),
+    mkEntry(CKM_AES_ECB, Mechanism),
+    mkEntry(CKM_AES_CBC, Mechanism),
+    mkEntry(CKM_AES_MAC, Mechanism),
+    mkEntry(CKM_AES_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_AES_CBC_PAD, Mechanism),
+    mkEntry(CKM_CAMELLIA_KEY_GEN, Mechanism),
+    mkEntry(CKM_CAMELLIA_ECB, Mechanism),
+    mkEntry(CKM_CAMELLIA_CBC, Mechanism),
+    mkEntry(CKM_CAMELLIA_MAC, Mechanism),
+    mkEntry(CKM_CAMELLIA_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_CAMELLIA_CBC_PAD, Mechanism),
+    mkEntry(CKM_SEED_KEY_GEN, Mechanism),
+    mkEntry(CKM_SEED_ECB, Mechanism),
+    mkEntry(CKM_SEED_CBC, Mechanism),
+    mkEntry(CKM_SEED_MAC, Mechanism),
+    mkEntry(CKM_SEED_MAC_GENERAL, Mechanism),
+    mkEntry(CKM_SEED_CBC_PAD, Mechanism),
+    mkEntry(CKM_SEED_ECB_ENCRYPT_DATA, Mechanism),
+    mkEntry(CKM_SEED_CBC_ENCRYPT_DATA, Mechanism),
+    mkEntry(CKM_DSA_PARAMETER_GEN, Mechanism),
+    mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
+    mkEntry(CKM_NSS_AES_KEY_WRAP, Mechanism),
+    mkEntry(CKM_NSS_AES_KEY_WRAP_PAD, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism),
+    mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism),
+    mkEntry(CKM_TLS_PRF_GENERAL, Mechanism),
+    mkEntry(CKM_NSS_TLS_PRF_GENERAL_SHA256, Mechanism),
+
+    mkEntry(CKR_OK, Result),
+    mkEntry(CKR_CANCEL, Result),
+    mkEntry(CKR_HOST_MEMORY, Result),
+    mkEntry(CKR_SLOT_ID_INVALID, Result),
+    mkEntry(CKR_GENERAL_ERROR, Result),
+    mkEntry(CKR_FUNCTION_FAILED, Result),
+    mkEntry(CKR_ARGUMENTS_BAD, Result),
+    mkEntry(CKR_NO_EVENT, Result),
+    mkEntry(CKR_NEED_TO_CREATE_THREADS, Result),
+    mkEntry(CKR_CANT_LOCK, Result),
+    mkEntry(CKR_ATTRIBUTE_READ_ONLY, Result),
+    mkEntry(CKR_ATTRIBUTE_SENSITIVE, Result),
+    mkEntry(CKR_ATTRIBUTE_TYPE_INVALID, Result),
+    mkEntry(CKR_ATTRIBUTE_VALUE_INVALID, Result),
+    mkEntry(CKR_DATA_INVALID, Result),
+    mkEntry(CKR_DATA_LEN_RANGE, Result),
+    mkEntry(CKR_DEVICE_ERROR, Result),
+    mkEntry(CKR_DEVICE_MEMORY, Result),
+    mkEntry(CKR_DEVICE_REMOVED, Result),
+    mkEntry(CKR_ENCRYPTED_DATA_INVALID, Result),
+    mkEntry(CKR_ENCRYPTED_DATA_LEN_RANGE, Result),
+    mkEntry(CKR_FUNCTION_CANCELED, Result),
+    mkEntry(CKR_FUNCTION_NOT_PARALLEL, Result),
+    mkEntry(CKR_FUNCTION_NOT_SUPPORTED, Result),
+    mkEntry(CKR_KEY_HANDLE_INVALID, Result),
+    mkEntry(CKR_KEY_SIZE_RANGE, Result),
+    mkEntry(CKR_KEY_TYPE_INCONSISTENT, Result),
+    mkEntry(CKR_KEY_NOT_NEEDED, Result),
+    mkEntry(CKR_KEY_CHANGED, Result),
+    mkEntry(CKR_KEY_NEEDED, Result),
+    mkEntry(CKR_KEY_INDIGESTIBLE, Result),
+    mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result),
+    mkEntry(CKR_KEY_NOT_WRAPPABLE, Result),
+    mkEntry(CKR_KEY_UNEXTRACTABLE, Result),
+    mkEntry(CKR_KEY_PARAMS_INVALID, Result),
+    mkEntry(CKR_MECHANISM_INVALID, Result),
+    mkEntry(CKR_MECHANISM_PARAM_INVALID, Result),
+    mkEntry(CKR_OBJECT_HANDLE_INVALID, Result),
+    mkEntry(CKR_OPERATION_ACTIVE, Result),
+    mkEntry(CKR_OPERATION_NOT_INITIALIZED, Result),
+    mkEntry(CKR_PIN_INCORRECT, Result),
+    mkEntry(CKR_PIN_INVALID, Result),
+    mkEntry(CKR_PIN_LEN_RANGE, Result),
+    mkEntry(CKR_PIN_EXPIRED, Result),
+    mkEntry(CKR_PIN_LOCKED, Result),
+    mkEntry(CKR_SESSION_CLOSED, Result),
+    mkEntry(CKR_SESSION_COUNT, Result),
+    mkEntry(CKR_SESSION_HANDLE_INVALID, Result),
+    mkEntry(CKR_SESSION_PARALLEL_NOT_SUPPORTED, Result),
+    mkEntry(CKR_SESSION_READ_ONLY, Result),
+    mkEntry(CKR_SESSION_EXISTS, Result),
+    mkEntry(CKR_SESSION_READ_ONLY_EXISTS, Result),
+    mkEntry(CKR_SESSION_READ_WRITE_SO_EXISTS, Result),
+    mkEntry(CKR_SIGNATURE_INVALID, Result),
+    mkEntry(CKR_SIGNATURE_LEN_RANGE, Result),
+    mkEntry(CKR_TEMPLATE_INCOMPLETE, Result),
+    mkEntry(CKR_TEMPLATE_INCONSISTENT, Result),
+    mkEntry(CKR_TOKEN_NOT_PRESENT, Result),
+    mkEntry(CKR_TOKEN_NOT_RECOGNIZED, Result),
+    mkEntry(CKR_TOKEN_WRITE_PROTECTED, Result),
+    mkEntry(CKR_UNWRAPPING_KEY_HANDLE_INVALID, Result),
+    mkEntry(CKR_UNWRAPPING_KEY_SIZE_RANGE, Result),
+    mkEntry(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, Result),
+    mkEntry(CKR_USER_ALREADY_LOGGED_IN, Result),
+    mkEntry(CKR_USER_NOT_LOGGED_IN, Result),
+    mkEntry(CKR_USER_PIN_NOT_INITIALIZED, Result),
+    mkEntry(CKR_USER_TYPE_INVALID, Result),
+    mkEntry(CKR_USER_ANOTHER_ALREADY_LOGGED_IN, Result),
+    mkEntry(CKR_USER_TOO_MANY_TYPES, Result),
+    mkEntry(CKR_WRAPPED_KEY_INVALID, Result),
+    mkEntry(CKR_WRAPPED_KEY_LEN_RANGE, Result),
+    mkEntry(CKR_WRAPPING_KEY_HANDLE_INVALID, Result),
+    mkEntry(CKR_WRAPPING_KEY_SIZE_RANGE, Result),
+    mkEntry(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, Result),
+    mkEntry(CKR_RANDOM_SEED_NOT_SUPPORTED, Result),
+    mkEntry(CKR_RANDOM_NO_RNG, Result),
+    mkEntry(CKR_DOMAIN_PARAMS_INVALID, Result),
+    mkEntry(CKR_BUFFER_TOO_SMALL, Result),
+    mkEntry(CKR_SAVED_STATE_INVALID, Result),
+    mkEntry(CKR_INFORMATION_SENSITIVE, Result),
+    mkEntry(CKR_STATE_UNSAVEABLE, Result),
+    mkEntry(CKR_CRYPTOKI_NOT_INITIALIZED, Result),
+    mkEntry(CKR_CRYPTOKI_ALREADY_INITIALIZED, Result),
+    mkEntry(CKR_MUTEX_BAD, Result),
+    mkEntry(CKR_MUTEX_NOT_LOCKED, Result),
+    mkEntry(CKR_VENDOR_DEFINED, Result),
+
+    mkEntry(CKT_NSS_TRUSTED, Trust),
+    mkEntry(CKT_NSS_TRUSTED_DELEGATOR, Trust),
+    mkEntry(CKT_NSS_NOT_TRUSTED, Trust),
+    mkEntry(CKT_NSS_MUST_VERIFY_TRUST, Trust),
+    mkEntry(CKT_NSS_TRUST_UNKNOWN, Trust),
+    mkEntry(CKT_NSS_VALID_DELEGATOR, Trust),
+
+    mkEntry(CK_EFFECTIVELY_INFINITE, AvailableSizes),
+    mkEntry(CK_UNAVAILABLE_INFORMATION, CurrentSize),
+};
+
+const Constant *consts = &_consts[0];
+const unsigned int constCount = sizeof(_consts) / sizeof(_consts[0]);
+
+const Commands _commands[] = {
+    { "C_Initialize",
+      F_C_Initialize,
+      "C_Initialize pInitArgs\n\n"
+      "C_Initialize initializes the PKCS #11 library.\n"
+      "  pInitArgs  if this is not NULL_PTR it gets cast to and dereferenced\n",
+      { ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_Finalize",
+      F_C_Finalize,
+      "C_Finalize pReserved\n\n"
+      "C_Finalize indicates that an application is done with the PKCS #11 library.\n"
+      " pReserved  reserved. Should be NULL_PTR\n",
+      { ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_GetInfo",
+      F_C_GetInfo,
+      "C_GetInfo pInfo\n\n"
+      "C_GetInfo returns general information about PKCS #11.\n"
+      " pInfo   location that receives information\n",
+      { ArgInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_GetFunctionList",
+      F_C_GetFunctionList,
+      "C_GetFunctionList ppFunctionList\n\n"
+      "C_GetFunctionList returns the function list.\n"
+      " ppFunctionList   receives pointer to function list\n",
+      { ArgFunctionList | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_GetSlotList",
+      F_C_GetSlotList,
+      "C_GetSlotList tokenPresent pSlotList pulCount\n\n"
+      "C_GetSlotList obtains a list of slots in the system.\n"
+      " tokenPresent    only slots with tokens?\n"
+      " pSlotList       receives array of slot IDs\n"
+      " pulCount        receives number of slots\n",
+      { ArgULong, ArgULong | ArgArray | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_GetSlotInfo",
+      F_C_GetSlotInfo,
+      "C_GetSlotInfo slotID pInfo\n\n"
+      "C_GetSlotInfo obtains information about a particular slot in the system.\n"
+      " slotID    the ID of the slot\n"
+      " pInfo     receives the slot information\n",
+      { ArgULong, ArgSlotInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_GetTokenInfo",
+      F_C_GetTokenInfo,
+      "C_GetTokenInfo slotID pInfo\n\n"
+      "C_GetTokenInfo obtains information about a particular token in the system.\n"
+      " slotID    ID of the token's slot\n"
+      " pInfo     receives the token information\n",
+      { ArgULong, ArgTokenInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_GetMechanismList",
+      F_C_GetMechanismList,
+      "C_GetMechanismList slotID pMechanismList pulCount\n\n"
+      "C_GetMechanismList obtains a list of mechanism types supported by a token.\n"
+      " slotID            ID of token's slot\n"
+      " pMechanismList    gets mech. array\n"
+      " pulCount          gets # of mechs.\n",
+      { ArgULong, ArgULong | ArgArray | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_GetMechanismInfo",
+      F_C_GetMechanismInfo,
+      "C_GetMechanismInfo slotID type pInfo\n\n"
+      "C_GetMechanismInfo obtains information about a particular mechanism possibly\n"
+      "supported by a token.\n"
+      " slotID    ID of the token's slot\n"
+      " type      type of mechanism\n"
+      " pInfo     receives mechanism info\n",
+      { ArgULong, ArgULong, ArgMechanismInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_InitToken",
+      F_C_InitToken,
+      "C_InitToken slotID pPin ulPinLen pLabel\n\n"
+      "C_InitToken initializes a token.\n"
+      " slotID      ID of the token's slot\n"
+      " pPin        the SO's initial PIN\n"
+      " ulPinLen    length in bytes of the PIN\n"
+      " pLabel      32-byte token label (blank padded)\n",
+      { ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_InitPIN",
+      F_C_InitPIN,
+      "C_InitPIN hSession pPin ulPinLen\n\n"
+      "C_InitPIN initializes the normal user's PIN.\n"
+      " hSession    the session's handle\n"
+      " pPin        the normal user's PIN\n"
+      " ulPinLen    length in bytes of the PIN\n",
+      { ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_SetPIN",
+      F_C_SetPIN,
+      "C_SetPIN hSession pOldPin ulOldLen pNewPin ulNewLen\n\n"
+      "C_SetPIN modifies the PIN of the user who is logged in.\n"
+      " hSession    the session's handle\n"
+      " pOldPin     the old PIN\n"
+      " ulOldLen    length of the old PIN\n"
+      " pNewPin     the new PIN\n"
+      " ulNewLen    length of the new PIN\n",
+      { ArgULong, ArgUTF8, ArgULong, ArgUTF8, ArgULong, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_OpenSession",
+      F_C_OpenSession,
+      "C_OpenSession slotID flags phSession\n\n"
+      "C_OpenSession opens a session between an application and a token.\n"
+      " slotID          the slot's ID\n"
+      " flags           from\n"
+      " phSession       gets session handle\n",
+      { ArgULong, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_CloseSession",
+      F_C_CloseSession,
+      "C_CloseSession hSession\n\n"
+      "C_CloseSession closes a session between an application and a token.\n"
+      " hSession   the session's handle\n",
+      { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_CloseAllSessions",
+      F_C_CloseAllSessions,
+      "C_CloseAllSessions slotID\n\n"
+      "C_CloseAllSessions closes all sessions with a token.\n"
+      " slotID   the token's slot\n",
+      { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_GetSessionInfo",
+      F_C_GetSessionInfo,
+      "C_GetSessionInfo hSession pInfo\n\n"
+      "C_GetSessionInfo obtains information about the session.\n"
+      " hSession    the session's handle\n"
+      " pInfo       receives session info\n",
+      { ArgULong, ArgSessionInfo | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_GetOperationState",
+      F_C_GetOperationState,
+      "C_GetOperationState hSession pOpState pulOpStateLen\n\n"
+      "C_GetOperationState obtains the state of the cryptographic operation in a\n"
+      "session.\n"
+      " hSession        session's handle\n"
+      " pOpState        gets state\n"
+      " pulOpStateLen   gets state length\n",
+      { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_SetOperationState",
+      F_C_SetOperationState,
+      "C_SetOperationState hSession pOpState ulOpStateLen hEncKey hAuthKey\n\n"
+      "C_SetOperationState restores the state of the cryptographic operation in a\n"
+      "session.\n"
+      " hSession        session's handle\n"
+      " pOpState        holds state\n"
+      " ulOpStateLen    holds state length\n"
+      " hEncKey         en/decryption key\n"
+      " hAuthnKey       sign/verify key\n",
+      { ArgULong, ArgChar | ArgOut, ArgULong, ArgULong, ArgULong, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_Login",
+      F_C_Login,
+      "C_Login hSession userType pPin ulPinLen\n\n"
+      "C_Login logs a user into a token.\n"
+      " hSession    the session's handle\n"
+      " userType    the user type\n"
+      " pPin        the user's PIN\n"
+      " ulPinLen    the length of the PIN\n",
+      { ArgULong, ArgULong, ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_Logout",
+      F_C_Logout,
+      "C_Logout hSession\n\n"
+      "C_Logout logs a user out from a token.\n"
+      " hSession   the session's handle\n",
+      { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_CreateObject",
+      F_C_CreateObject,
+      "C_CreateObject hSession pTemplate ulCount phObject\n\n"
+      "C_CreateObject creates a new object.\n"
+      " hSession      the session's handle\n"
+      " pTemplate     the object's template\n"
+      " ulCount       attributes in template\n"
+      " phObject   gets new object's handle.\n",
+      { ArgULong, ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_CopyObject",
+      F_C_CopyObject,
+      "C_CopyObject hSession hObject pTemplate ulCount phNewObject\n\n"
+      "C_CopyObject copies an object creating a new object for the copy.\n"
+      " hSession      the session's handle\n"
+      " hObject       the object's handle\n"
+      " pTemplate     template for new object\n"
+      " ulCount       attributes in template\n"
+      " phNewObject   receives handle of copy\n",
+      { ArgULong, ArgULong, ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DestroyObject",
+      F_C_DestroyObject,
+      "C_DestroyObject hSession hObject\n\n"
+      "C_DestroyObject destroys an object.\n"
+      " hSession    the session's handle\n"
+      " hObject     the object's handle\n",
+      { ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_GetObjectSize",
+      F_C_GetObjectSize,
+      "C_GetObjectSize hSession hObject pulSize\n\n"
+      "C_GetObjectSize gets the size of an object in bytes.\n"
+      " hSession    the session's handle\n"
+      " hObject     the object's handle\n"
+      " pulSize     receives size of object\n",
+      { ArgULong, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_GetAttributeValue",
+      F_C_GetAttributeValue,
+      "C_GetAttributeValue hSession hObject pTemplate ulCount\n\n"
+      "C_GetAttributeValue obtains the value of one or more object attributes.\n"
+      " hSession     the session's handle\n"
+      " hObject      the object's handle\n"
+      " pTemplate    specifies attrs; gets vals\n"
+      " ulCount      attributes in template\n",
+      { ArgULong, ArgULong, ArgAttribute | ArgArray, ArgULong, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_SetAttributeValue",
+      F_C_SetAttributeValue,
+      "C_SetAttributeValue hSession hObject pTemplate ulCount\n\n"
+      "C_SetAttributeValue modifies the value of one or more object attributes\n"
+      " hSession     the session's handle\n"
+      " hObject      the object's handle\n"
+      " pTemplate    specifies attrs and values\n"
+      " ulCount      attributes in template\n",
+      { ArgULong, ArgULong, ArgAttribute | ArgArray, ArgULong, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_FindObjectsInit",
+      F_C_FindObjectsInit,
+      "C_FindObjectsInit hSession pTemplate ulCount\n\n"
+      "C_FindObjectsInit initializes a search for token and session objects that\n"
+      "match a template.\n"
+      " hSession     the session's handle\n"
+      " pTemplate    attribute values to match\n"
+      " ulCount      attrs in search template\n",
+      { ArgULong, ArgAttribute | ArgArray, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_FindObjectsFinal",
+      F_C_FindObjectsFinal,
+      "C_FindObjectsFinal hSession\n\n"
+      "C_FindObjectsFinal finishes a search for token and session objects.\n"
+      " hSession   the session's handle\n",
+      { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_FindObjects",
+      F_C_FindObjects,
+      "C_FindObjects hSession phObject ulMaxObjectCount pulObjectCount\n\n"
+      "C_FindObjects continues a search for token and session objects that match\n"
+      "a template obtaining additional object handles.\n"
+      " hSession            session's handle\n"
+      " phObject            gets obj. handles\n"
+      " ulMaxObjectCount    max handles to get\n"
+      " pulObjectCount      actual # returned\n",
+      { ArgULong, ArgULong | ArgOut, ArgULong, ArgULong | ArgOut, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_EncryptInit",
+      F_C_EncryptInit,
+      "C_EncryptInit hSession pMechanism hKey\n\n"
+      "C_EncryptInit initializes an encryption operation.\n"
+      " hSession      the session's handle\n"
+      " pMechanism    the encryption mechanism\n"
+      " hKey          handle of encryption key\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_EncryptUpdate",
+      F_C_EncryptUpdate,
+      "C_EncryptUpdate hSession pPart ulPartLen pEncryptedPart pulEncryptedPartLen\n"
+      "\n"
+      "C_EncryptUpdate continues a multiple-part encryption operation.\n"
+      " hSession             session's handle\n"
+      " pPart                the plaintext data\n"
+      " ulPartLen            plaintext data len\n"
+      " pEncryptedPart       gets ciphertext\n"
+      " pulEncryptedPartLen  gets c-text size\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_EncryptFinal",
+      F_C_EncryptFinal,
+      "C_EncryptFinal hSession pLastEncryptedPart pulLastEncryptedPartLen\n\n"
+      "C_EncryptFinal finishes a multiple-part encryption operation.\n"
+      " hSession                  session handle\n"
+      " pLastEncryptedPart        last c-text\n"
+      " pulLastEncryptedPartLen   gets last size\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_Encrypt",
+      F_C_Encrypt,
+      "C_Encrypt hSession pData ulDataLen pEncryptedData pulEncryptedDataLen\n\n"
+      "C_Encrypt encrypts single-part data.\n"
+      " hSession              session's handle\n"
+      " pData                 the plaintext data\n"
+      " ulDataLen             bytes of plaintext\n"
+      " pEncryptedData        gets ciphertext\n"
+      " pulEncryptedDataLen   gets c-text size\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DecryptInit",
+      F_C_DecryptInit,
+      "C_DecryptInit hSession pMechanism hKey\n\n"
+      "C_DecryptInit initializes a decryption operation.\n"
+      " hSession      the session's handle\n"
+      " pMechanism    the decryption mechanism\n"
+      " hKey          handle of decryption key\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_DecryptUpdate",
+      F_C_DecryptUpdate,
+      "C_DecryptUpdate hSession pEncryptedPart ulEncryptedPartLen pPart pulPartLen\n"
+      "\n"
+      "C_DecryptUpdate continues a multiple-part decryption operation.\n"
+      " hSession              session's handle\n"
+      " pEncryptedPart        encrypted data\n"
+      " ulEncryptedPartLen    input length\n"
+      " pPart                 gets plaintext\n"
+      " pulPartLen            p-text size\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DecryptFinal",
+      F_C_DecryptFinal,
+      "C_DecryptFinal hSession pLastPart pulLastPartLen\n\n"
+      "C_DecryptFinal finishes a multiple-part decryption operation.\n"
+      " hSession         the session's handle\n"
+      " pLastPart        gets plaintext\n"
+      " pulLastPartLen   p-text size\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_Decrypt",
+      F_C_Decrypt,
+      "C_Decrypt hSession pEncryptedData ulEncryptedDataLen pData pulDataLen\n\n"
+      "C_Decrypt decrypts encrypted data in a single part.\n"
+      " hSession             session's handle\n"
+      " pEncryptedData       ciphertext\n"
+      " ulEncryptedDataLen   ciphertext length\n"
+      " pData                gets plaintext\n"
+      " pulDataLen           gets p-text size\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DigestInit",
+      F_C_DigestInit,
+      "C_DigestInit hSession pMechanism\n\n"
+      "C_DigestInit initializes a message-digesting operation.\n"
+      " hSession     the session's handle\n"
+      " pMechanism   the digesting mechanism\n",
+      { ArgULong, ArgMechanism, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_DigestUpdate",
+      F_C_DigestUpdate,
+      "C_DigestUpdate hSession pPart ulPartLen\n\n"
+      "C_DigestUpdate continues a multiple-part message-digesting operation.\n"
+      " hSession    the session's handle\n"
+      " pPart       data to be digested\n"
+      " ulPartLen   bytes of data to be digested\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DigestKey",
+      F_C_DigestKey,
+      "C_DigestKey hSession hKey\n\n"
+      "C_DigestKey continues a multi-part message-digesting operation by digesting\n"
+      "the value of a secret key as part of the data already digested.\n"
+      " hSession    the session's handle\n"
+      " hKey        secret key to digest\n",
+      { ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_DigestFinal",
+      F_C_DigestFinal,
+      "C_DigestFinal hSession pDigest pulDigestLen\n\n"
+      "C_DigestFinal finishes a multiple-part message-digesting operation.\n"
+      " hSession       the session's handle\n"
+      " pDigest        gets the message digest\n"
+      " pulDigestLen   gets byte count of digest\n",
+      { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_Digest",
+      F_C_Digest,
+      "C_Digest hSession pData ulDataLen pDigest pulDigestLen\n\n"
+      "C_Digest digests data in a single part.\n"
+      " hSession       the session's handle\n"
+      " pData          data to be digested\n"
+      " ulDataLen      bytes of data to digest\n"
+      " pDigest        gets the message digest\n"
+      " pulDigestLen   gets digest length\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_SignInit",
+      F_C_SignInit,
+      "C_SignInit hSession pMechanism hKey\n\n"
+      "C_SignInit initializes a signature (private key encryption operation where\n"
+      "the signature is (will be) an appendix to the data and plaintext cannot be\n"
+      "recovered from the signature.\n"
+      " hSession      the session's handle\n"
+      " pMechanism    the signature mechanism\n"
+      " hKey          handle of signature key\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_SignUpdate",
+      F_C_SignUpdate,
+      "C_SignUpdate hSession pPart ulPartLen\n\n"
+      "C_SignUpdate continues a multiple-part signature operation where the\n"
+      "signature is (will be) an appendix to the data and plaintext cannot be\n"
+      "recovered from the signature.\n"
+      " hSession    the session's handle\n"
+      " pPart       the data to sign\n"
+      " ulPartLen   count of bytes to sign\n",
+      { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_SignFinal",
+      F_C_SignFinal,
+      "C_SignFinal hSession pSignature pulSignatureLen\n\n"
+      "C_SignFinal finishes a multiple-part signature operation returning the\n"
+      "signature.\n"
+      " hSession          the session's handle\n"
+      " pSignature        gets the signature\n"
+      " pulSignatureLen   gets signature length\n",
+      { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_SignRecoverInit",
+      F_C_SignRecoverInit,
+      "C_SignRecoverInit hSession pMechanism hKey\n\n"
+      "C_SignRecoverInit initializes a signature operation where the data can be\n"
+      "recovered from the signature.\n"
+      " hSession     the session's handle\n"
+      " pMechanism   the signature mechanism\n"
+      " hKey         handle of the signature key\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_SignRecover",
+      F_C_SignRecover,
+      "C_SignRecover hSession pData ulDataLen pSignature pulSignatureLen\n\n"
+      "C_SignRecover signs data in a single operation where the data can be\n"
+      "recovered from the signature.\n"
+      " hSession          the session's handle\n"
+      " pData             the data to sign\n"
+      " ulDataLen         count of bytes to sign\n"
+      " pSignature        gets the signature\n"
+      " pulSignatureLen   gets signature length\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_Sign",
+      F_C_Sign,
+      "C_Sign hSession pData ulDataLen pSignature pulSignatureLen\n\n"
+      "C_Sign signs (encrypts with private key) data in a single part where the\n"
+      "signature is (will be) an appendix to the data and plaintext cannot be\n"
+      "recovered from the signature.\n"
+      " hSession          the session's handle\n"
+      " pData             the data to sign\n"
+      " ulDataLen         count of bytes to sign\n"
+      " pSignature        gets the signature\n"
+      " pulSignatureLen   gets signature length\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_VerifyInit",
+      F_C_VerifyInit,
+      "C_VerifyInit hSession pMechanism hKey\n\n"
+      "C_VerifyInit initializes a verification operation where the signature is an\n"
+      "appendix to the data and plaintext cannot cannot be recovered from the\n"
+      "signature (e.g. DSA).\n"
+      " hSession      the session's handle\n"
+      " pMechanism    the verification mechanism\n"
+      " hKey          verification key\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_VerifyUpdate",
+      F_C_VerifyUpdate,
+      "C_VerifyUpdate hSession pPart ulPartLen\n\n"
+      "C_VerifyUpdate continues a multiple-part verification operation where the\n"
+      "signature is an appendix to the data and plaintext cannot be recovered from\n"
+      "the signature.\n"
+      " hSession    the session's handle\n"
+      " pPart       signed data\n"
+      " ulPartLen   length of signed data\n",
+      { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_VerifyFinal",
+      F_C_VerifyFinal,
+      "C_VerifyFinal hSession pSignature ulSignatureLen\n\n"
+      "C_VerifyFinal finishes a multiple-part verification operation checking the\n"
+      "signature.\n"
+      " hSession         the session's handle\n"
+      " pSignature       signature to verify\n"
+      " ulSignatureLen   signature length\n",
+      { ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "C_VerifyRecoverInit",
+      F_C_VerifyRecoverInit,
+      "C_VerifyRecoverInit hSession pMechanism hKey\n\n"
+      "C_VerifyRecoverInit initializes a signature verification operation where the\n"
+      "data is recovered from the signature.\n"
+      " hSession      the session's handle\n"
+      " pMechanism    the verification mechanism\n"
+      " hKey          verification key\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "C_VerifyRecover",
+      F_C_VerifyRecover,
+      "C_VerifyRecover hSession pSignature ulSignatureLen pData pulDataLen\n\n"
+      "C_VerifyRecover verifies a signature in a single-part operation where the\n"
+      "data is recovered from the signature.\n"
+      " hSession          the session's handle\n"
+      " pSignature        signature to verify\n"
+      " ulSignatureLen    signature length\n"
+      " pData             gets signed data\n"
+      " pulDataLen        gets signed data len\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_Verify",
+      F_C_Verify,
+      "C_Verify hSession pData ulDataLen pSignature ulSignatureLen\n\n"
+      "C_Verify verifies a signature in a single-part operation where the signature\n"
+      "is an appendix to the data and plaintext cannot be recovered from the\n"
+      "signature.\n"
+      " hSession         the session's handle\n"
+      " pData            signed data\n"
+      " ulDataLen        length of signed data\n"
+      " pSignature       signature\n"
+      " ulSignatureLen   signature length*/\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DigestEncryptUpdate",
+      F_C_DigestEncryptUpdate,
+      "C_DigestEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
+      "    pulEncryptedPartLen\n\n"
+      "C_DigestEncryptUpdate continues a multiple-part digesting and encryption\n"
+      "operation.\n"
+      " hSession              session's handle\n"
+      " pPart                 the plaintext data\n"
+      " ulPartLen             plaintext length\n"
+      " pEncryptedPart        gets ciphertext\n"
+      " pulEncryptedPartLen   gets c-text length\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DecryptDigestUpdate",
+      F_C_DecryptDigestUpdate,
+      "C_DecryptDigestUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
+      "    pulPartLen\n\n"
+      "C_DecryptDigestUpdate continues a multiple-part decryption and digesting\n"
+      "operation.\n"
+      " hSession              session's handle\n"
+      " pEncryptedPart        ciphertext\n"
+      " ulEncryptedPartLen    ciphertext length\n"
+      " pPart                 gets plaintext\n"
+      " pulPartLen            gets plaintext len\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_SignEncryptUpdate",
+      F_C_SignEncryptUpdate,
+      "C_SignEncryptUpdate hSession pPart ulPartLen pEncryptedPart \\\n"
+      "    pulEncryptedPartLen\n\n"
+      "C_SignEncryptUpdate continues a multiple-part signing and encryption\n"
+      "operation.\n"
+      " hSession              session's handle\n"
+      " pPart                 the plaintext data\n"
+      " ulPartLen             plaintext length\n"
+      " pEncryptedPart        gets ciphertext\n"
+      " pulEncryptedPartLen   gets c-text length\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_DecryptVerifyUpdate",
+      F_C_DecryptVerifyUpdate,
+      "C_DecryptVerifyUpdate hSession pEncryptedPart ulEncryptedPartLen pPart \\\n"
+      "    pulPartLen\n\n"
+      "C_DecryptVerifyUpdate continues a multiple-part decryption and verify\n"
+      "operation.\n"
+      " hSession              session's handle\n"
+      " pEncryptedPart        ciphertext\n"
+      " ulEncryptedPartLen    ciphertext length\n"
+      " pPart                 gets plaintext\n"
+      " pulPartLen            gets p-text length\n",
+      { ArgULong, ArgChar, ArgULong, ArgChar | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_GenerateKeyPair",
+      F_C_GenerateKeyPair,
+      "C_GenerateKeyPair hSession pMechanism pPublicKeyTemplate \\\n"
+      "    ulPublicKeyAttributeCount pPrivateKeyTemplate ulPrivateKeyAttributeCount \\\n"
+      "    phPublicKey phPrivateKey\n\n"
+      "C_GenerateKeyPair generates a public-key/private-key pair creating new key\n"
+      "objects.\n"
+      " hSession                      sessionhandle\n"
+      " pMechanism                    key-genmech.\n"
+      " pPublicKeyTemplate            templatefor pub. key\n"
+      " ulPublicKeyAttributeCount     # pub. attrs.\n"
+      " pPrivateKeyTemplate           templatefor priv. key\n"
+      " ulPrivateKeyAttributeCount    # priv. attrs.\n"
+      " phPublicKey                   gets pub. keyhandle\n"
+      " phPrivateKey                  getspriv. keyhandle\n",
+      { ArgULong, ArgMechanism, ArgAttribute | ArgArray, ArgULong,
+        ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut, ArgULong | ArgOut, ArgNone,
+        ArgNone } },
+    { "C_GenerateKey",
+      F_C_GenerateKey,
+      "C_GenerateKey hSession pMechanism pTemplate ulCount phKey\n\n"
+      "C_GenerateKey generates a secret key creating a new key object.\n"
+      " hSession      the session's handle\n"
+      " pMechanism    key generation mech.\n"
+      " pTemplate     template for new key\n"
+      " ulCount       # of attrs in template\n"
+      " phKey         gets handle of new key\n",
+      { ArgULong, ArgMechanism, ArgAttribute | ArgArray, ArgULong, ArgULong | ArgOut,
+        ArgNone, ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_WrapKey",
+      F_C_WrapKey,
+      "C_WrapKey hSession pMechanism hWrappingKey hKey pWrappedKey pulWrappedKeyLen\n\n"
+      "C_WrapKey wraps (i.e. encrypts) a key.\n"
+      " hSession          the session's handle\n"
+      " pMechanism        the wrapping mechanism\n"
+      " hWrappingKey      wrapping key\n"
+      " hKey              key to be wrapped\n"
+      " pWrappedKey       gets wrapped key\n"
+      " pulWrappedKeyLen  gets wrapped key size\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgULong, ArgULong, ArgChar | ArgOut,
+        ArgULong | ArgOut, ArgNone, ArgNone, ArgNone } },
+    { "C_UnwrapKey",
+      F_C_UnwrapKey,
+      "C_UnwrapKey hSession pMechanism hUnwrappingKey pWrappedKey ulWrappedKeyLen \\\n"
+      "    pTemplate ulAttributeCount phKey\n\n"
+      "C_UnwrapKey unwraps (decrypts) a wrapped key creating a new key object.\n"
+      " hSession            session's handle\n"
+      " pMechanism          unwrapping mech.\n"
+      " hUnwrappingKey      unwrapping key\n"
+      " pWrappedKey         the wrapped key\n"
+      " ulWrappedKeyLen     wrapped key len\n"
+      " pTemplate           new key template\n"
+      " ulAttributeCount    template length\n"
+      " phKey               gets new handle\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgChar, ArgULong, ArgAttribute | ArgArray,
+        ArgULong, ArgULong | ArgOut, ArgNone, ArgNone } },
+    { "C_DeriveKey",
+      F_C_DeriveKey,
+      "C_DeriveKey hSession pMechanism hBaseKey pTemplate ulAttributeCount phKey\n\n"
+      "C_DeriveKey derives a key from a base key creating a new key object.\n"
+      " hSession            session's handle\n"
+      " pMechanism          key deriv. mech.\n"
+      " hBaseKey            base key\n"
+      " pTemplate           new key template\n"
+      " ulAttributeCount    template length\n"
+      " phKey               gets new handle\n",
+      { ArgULong, ArgMechanism, ArgULong, ArgAttribute | ArgArray, ArgULong,
+        ArgULong | ArgOut, ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "C_SeedRandom",
+      F_C_SeedRandom,
+      "C_SeedRandom hSession pSeed ulSeedLen\n\n"
+      "C_SeedRandom mixes additional seed material into the token's random number\n"
+      "generator.\n"
+      " hSession    the session's handle\n"
+      " pSeed       the seed material\n"
+      " ulSeedLen   length of seed material\n",
+      { ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_GenerateRandom",
+      F_C_GenerateRandom,
+      "C_GenerateRandom hSession RandomData ulRandomLen\n\n"
+      "C_GenerateRandom generates random data.\n"
+      " hSession      the session's handle\n"
+      " RandomData    receives the random data\n"
+      " ulRandomLen   # of bytes to generate\n",
+      { ArgULong, ArgChar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_GetFunctionStatus",
+      F_C_GetFunctionStatus,
+      "C_GetFunctionStatus hSession\n\n"
+      "C_GetFunctionStatus is a legacy function; it obtains an updated status of\n"
+      "a function running in parallel with an application.\n"
+      " hSession   the session's handle\n",
+      { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_CancelFunction",
+      F_C_CancelFunction,
+      "C_CancelFunction hSession\n\n"
+      "C_CancelFunction is a legacy function; it cancels a function running in\n"
+      "parallel.\n"
+      " hSession   the session's handle\n",
+      { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "C_WaitForSlotEvent",
+      F_C_WaitForSlotEvent,
+      "C_WaitForSlotEvent flags pSlot pRserved\n\n"
+      "C_WaitForSlotEvent waits for a slot event (token insertion removal etc.)\n"
+      "to occur.\n"
+      " flags          blocking/nonblocking flag\n"
+      " pSlot    location that receives the slot ID\n"
+      " pRserved    reserved.  Should be NULL_PTR\n",
+      { ArgULong, ArgULong | ArgArray, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "NewArray",
+      F_NewArray,
+      "NewArray varName varType array size\n\n"
+      "Creates a new array variable.\n"
+      " varName     variable name of the new array\n"
+      " varType     data type of the new array\n"
+      " size        number of elements in the array\n",
+      { ArgVar | ArgNew, ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "NewInitArg",
+      F_NewInitializeArgs,
+      "NewInitArg varName flags string\n\n"
+      "Creates a new init variable.\n"
+      " varName     variable name of the new initArg\n"
+      " flags       value to set the flags field\n"
+      " string      string parameter for init arg\n",
+      { ArgVar | ArgNew, ArgULong, ArgVar | ArgNew, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "NewTemplate",
+      F_NewTemplate,
+      "NewTemplate varName attributeList\n\n"
+      "Create a new empty template and populate the attribute list\n"
+      " varName        variable name of the new template\n"
+      " attributeList  comma separated list of CKA_ATTRIBUTE types\n",
+      { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "NewMechanism",
+      F_NewMechanism,
+      "NewMechanism varName mechanismType\n\n"
+      "Create a new CK_MECHANISM object with type NULL parameters and specified type\n"
+      " varName        variable name of the new mechansim\n"
+      " mechanismType  CKM_ mechanism type value to set int the type field\n",
+      { ArgVar | ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "BuildTemplate",
+      F_BuildTemplate,
+      "BuildTemplate template\n\n"
+      "Allocates space for the value in a template which has the sizes filled in,\n"
+      "but no values allocated yet.\n"
+      " template        variable name of the template\n",
+      { ArgAttribute, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "SetTemplate",
+      F_SetTemplate,
+      "SetTemplate template index value\n\n"
+      "Sets a particular element of a template to a CK_ULONG\n"
+      " template        variable name of the template\n"
+      " index           index into the template to the element to change\n"
+      " value           32 bit value to set in the template\n",
+      { ArgAttribute, ArgULong, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "SetString",
+      F_SetStringVar,
+      "SetString varName string\n\n"
+      "Sets a particular variable to a string value\n"
+      " variable        variable name of new string\n"
+      " string          String to set the variable to\n",
+      { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "Set",
+      F_SetVar,
+      "Set varName value\n\n"
+      "Sets a particular variable to CK_ULONG\n"
+      " variable        name of the new variable\n"
+      " value           32 bit value to set variable to\n",
+      { ArgVar | ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "Print",
+      F_Print,
+      "Print varName\n\n"
+      "prints a variable\n"
+      " variable        name of the variable to print\n",
+      { ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "Delete",
+      F_Delete,
+      "Delete varName\n\n"
+      "delete a variable\n"
+      " variable        name of the variable to delete\n",
+      { ArgVar | ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "Load",
+      F_Load,
+      "load libraryName\n\n"
+      "load a pkcs #11 module\n"
+      " libraryName        Name of a shared library\n",
+      { ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "Save",
+      F_SaveVar,
+      "Save filename variable\n\n"
+      "Saves the binary value of 'variable' in file 'filename'\n"
+      " fileName        target file to save the variable in\n"
+      " variable        variable to save\n",
+      { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "Restore",
+      F_RestoreVar,
+      "Restore filename variable\n\n"
+      "Restores a variable from a file\n"
+      " fileName        target file to restore the variable from\n"
+      " variable        variable to restore\n",
+      { ArgVar | ArgNew, ArgVar, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "Increment",
+      F_Increment,
+      "Increment variable value\n\n"
+      "Increment a variable by value\n",
+      { ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "Decrement",
+      F_Decrement,
+      "Decrement variable value\n\n"
+      "Decrement a variable by value\n",
+      { ArgVar, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "List",
+      F_List,
+      "List all the variables\n",
+      { ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "Unload",
+      F_Unload,
+      "Unload the currrently loaded PKCS #11 library\n",
+      { ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "Run",
+      F_Run,
+      "Run filename\n\n"
+      "reads filename as script of commands to execute\n",
+      { ArgVar | ArgNew, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "Time",
+      F_Time,
+      "Time pkcs11 command\n\n"
+      "Execute a pkcs #11 command and time the results\n",
+      { ArgVar | ArgFull, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "System",
+      F_System,
+      "Set System Flag",
+      { ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+    { "LoopRun",
+      F_Loop,
+      "LoopRun filename var start end step\n\n"
+      "Run in a loop. Loop exit if scrip does and explicit quit (Quit QuitIf etc.)",
+      { ArgVar | ArgNew, ArgVar | ArgNew, ArgULong, ArgULong, ArgULong, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone } },
+    { "Help",
+      F_Help,
+      "Help [command]\n\n"
+      "print general help, or help for a specific command\n",
+      { ArgVar | ArgOpt, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "QuitIf",
+      F_QuitIf,
+      "QuitIf arg1 comparator arg2\n\n"
+      "Exit from this program if Condition is valid, valid comparators:\n"
+      "  < > <= >= = !=\n",
+      { ArgULong, ArgVar | ArgNew, ArgULong, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone } },
+    { "QuitIfString",
+      F_QuitIfString,
+      "QuitIfString arg1 comparator arg2\n\n"
+      "Exit from this program if Condition is valid, valid comparators:\n"
+      "  = !=\n",
+      { ArgVar | ArgNew, ArgVar | ArgNew, ArgVar | ArgNew, ArgNone, ArgNone, ArgNone,
+        ArgNone, ArgNone, ArgNone, ArgNone } },
+    { "Quit",
+      F_Quit,
+      "Exit from this program",
+      { ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone, ArgNone,
+        ArgNone } },
+};
+
+const Commands *commands = &_commands[0];
+const int commandCount = sizeof(_commands) / sizeof(_commands[0]);
+
+const Topics _topics[] = {
+    { "variables",
+      "Variables are random strings of characters. These should begin with alpha\n"
+      " characters, and should not contain any spaces, nor should they match any\n"
+      " built-in constants. There is some checking in the code for these things,\n"
+      " but it's not 100% and using invalid variable names can cause problems.\n"
+      " Variables are created by any 'OUT' parameter. If the variable does not\n"
+      " exist, it will be created. For in parameters variables must already exist.\n" },
+    { "constants",
+      "pk11util recognizes *lots* of constants. All CKA_, CKF_, CKO_, CKU_, CKS_,\n"
+      " CKC_, CKK_, CKH_, CKM_, CKT_ values from the PKCS #11 spec are recognized.\n"
+      " Constants can be specified with their fully qualified CK?_ value, or the\n"
+      " prefix can be dropped. Constants are matched case insensitve.\n" },
+    { "arrays",
+      "Arrays are special variables which represent 'C' arrays. Each array \n"
+      " variable can be referenced as a group (using just the name), or as \n"
+      " individual elements (with the [int] operator). Example:\n"
+      "      print myArray    # prints the full array.\n"
+      "      print myArray[3] # prints the 3rd elemement of the array \n" },
+    { "sizes",
+      "Size operaters returns the size in bytes of a variable, or the number of\n"
+      " elements in an array.\n"
+      "    size(var) and sizeof(var) return the size of var in bytes.\n"
+      "    sizea(var) and sizeofarray(var) return the number of elements in var.\n"
+      "       If var is not an array, sizea(var) returns 1.\n" },
+};
+
+const Topics *topics = &_topics[0];
+const int topicCount = sizeof(_topics) / sizeof(_topics[0]);
+
+const char *
+getName(CK_ULONG value, ConstType type)
+{
+    unsigned int i;
+
+    for (i = 0; i < constCount; i++) {
+        if (consts[i].type == type && consts[i].value == value) {
+            return consts[i].name;
+        }
+        if (type == ConstNone && consts[i].value == value) {
+            return consts[i].name;
+        }
+    }
+
+    return NULL;
+}
+
+const char *
+getNameFromAttribute(CK_ATTRIBUTE_TYPE type)
+{
+    return getName(type, ConstAttribute);
+}
+
+unsigned int
+totalKnownType(ConstType type)
+{
+    unsigned int count = 0;
+    unsigned int i;
+
+    for (i = 0; i < constCount; i++) {
+        if (consts[i].type == type)
+            count++;
+    }
+    return count;
+}
diff --git a/nss/cmd/lib/pk11table.h b/nss/cmd/lib/pk11table.h
new file mode 100644
index 0000000..3dea820
--- /dev/null
+++ b/nss/cmd/lib/pk11table.h
@@ -0,0 +1,178 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _PK11_TABLE_H_
+#define _PK11_TABLE_H_
+
+/*
+ * Supported functions..
+ */
+#include <pkcs11.h>
+#include "nspr.h"
+#include "prtypes.h"
+
+typedef enum {
+    F_No_Function,
+#undef CK_NEED_ARG_LIST
+#define CK_PKCS11_FUNCTION_INFO(func) F_##func,
+#include "pkcs11f.h"
+#undef CK_NEED_ARG_LISt
+#undef CK_PKCS11_FUNCTION_INFO
+    F_SetVar,
+    F_SetStringVar,
+    F_NewArray,
+    F_NewInitializeArgs,
+    F_NewTemplate,
+    F_NewMechanism,
+    F_BuildTemplate,
+    F_SetTemplate,
+    F_Print,
+    F_SaveVar,
+    F_RestoreVar,
+    F_Increment,
+    F_Decrement,
+    F_Delete,
+    F_List,
+    F_Run,
+    F_Load,
+    F_Unload,
+    F_System,
+    F_Loop,
+    F_Time,
+    F_Help,
+    F_Quit,
+    F_QuitIf,
+    F_QuitIfString
+} FunctionType;
+
+/*
+ * Supported Argument Types
+ */
+typedef enum {
+    ArgNone,
+    ArgVar,
+    ArgULong,
+    ArgChar,
+    ArgUTF8,
+    ArgInfo,
+    ArgSlotInfo,
+    ArgTokenInfo,
+    ArgSessionInfo,
+    ArgAttribute,
+    ArgMechanism,
+    ArgMechanismInfo,
+    ArgInitializeArgs,
+    ArgFunctionList,
+    /* Modifier Flags */
+    ArgMask = 0xff,
+    ArgOut = 0x100,
+    ArgArray = 0x200,
+    ArgNew = 0x400,
+    ArgFile = 0x800,
+    ArgStatic = 0x1000,
+    ArgOpt = 0x2000,
+    ArgFull = 0x4000
+} ArgType;
+
+typedef enum _constType {
+    ConstNone,
+    ConstBool,
+    ConstInfoFlags,
+    ConstSlotFlags,
+    ConstTokenFlags,
+    ConstSessionFlags,
+    ConstMechanismFlags,
+    ConstInitializeFlags,
+    ConstUsers,
+    ConstSessionState,
+    ConstObject,
+    ConstHardware,
+    ConstKeyType,
+    ConstCertType,
+    ConstAttribute,
+    ConstMechanism,
+    ConstResult,
+    ConstTrust,
+    ConstAvailableSizes,
+    ConstCurrentSize
+} ConstType;
+
+typedef struct _constant {
+    const char *name;
+    CK_ULONG value;
+    ConstType type;
+    ConstType attrType;
+} Constant;
+
+/*
+ * Values structures.
+ */
+typedef struct _values {
+    ArgType type;
+    ConstType constType;
+    int size;
+    char *filename;
+    void *data;
+    int reference;
+    int arraySize;
+} Value;
+
+/*
+ * Variables
+ */
+typedef struct _variable Variable;
+struct _variable {
+    Variable *next;
+    char *vname;
+    Value *value;
+};
+
+/* NOTE: if you change MAX_ARGS, you need to change the commands array
+ * below as well.
+ */
+
+#define MAX_ARGS 10
+/*
+ * structure for master command array
+ */
+typedef struct _commands {
+    char *fname;
+    FunctionType fType;
+    char *helpString;
+    ArgType args[MAX_ARGS];
+} Commands;
+
+typedef struct _module {
+    PRLibrary *library;
+    CK_FUNCTION_LIST *functionList;
+} Module;
+
+typedef struct _topics {
+    char *name;
+    char *helpString;
+} Topics;
+
+/*
+ * the command array itself. Make name to function and it's arguments
+ */
+
+extern const char **valueString;
+extern const int valueCount;
+extern const char **constTypeString;
+extern const int constTypeCount;
+extern const Constant *consts;
+extern const unsigned int constCount;
+extern const Commands *commands;
+extern const int commandCount;
+extern const Topics *topics;
+extern const int topicCount;
+
+extern const char *
+getName(CK_ULONG value, ConstType type);
+
+extern const char *
+getNameFromAttribute(CK_ATTRIBUTE_TYPE type);
+
+extern unsigned int totalKnownType(ConstType type);
+
+#endif /* _PK11_TABLE_H_ */
diff --git a/nss/cmd/lib/pppolicy.c b/nss/cmd/lib/pppolicy.c
new file mode 100644
index 0000000..aaf4559
--- /dev/null
+++ b/nss/cmd/lib/pppolicy.c
@@ -0,0 +1,263 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support for various policy related extensions
+ */
+
+#include "seccomon.h"
+#include "secport.h"
+#include "secder.h"
+#include "cert.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "nspr.h"
+#include "secutil.h"
+
+/* This implementation is derived from the one in nss/lib/certdb/policyxtn.c .
+** The chief difference is the addition of the OPTIONAL flag to many
+** parts.  The idea is to be able to parse and print as much of the
+** policy extension as possible, even if some parts are invalid.
+**
+** If this approach still is unable to decode policy extensions that
+** contain invalid parts, then the next approach will be to parse
+** the PolicyInfos as a SEQUENCE of ANYs, and then parse each of them
+** as PolicyInfos, with the PolicyQualifiers being ANYs, and finally
+** parse each of the PolicyQualifiers.
+*/
+
+static const SEC_ASN1Template secu_PolicyQualifierTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTPolicyQualifier) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(CERTPolicyQualifier, qualifierID) },
+    { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
+      offsetof(CERTPolicyQualifier, qualifierValue) },
+    { 0 }
+};
+
+static const SEC_ASN1Template secu_PolicyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTPolicyInfo) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(CERTPolicyInfo, policyID) },
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
+      offsetof(CERTPolicyInfo, policyQualifiers),
+      secu_PolicyQualifierTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template secu_CertificatePoliciesTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF,
+      offsetof(CERTCertificatePolicies, policyInfos),
+      secu_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
+};
+
+static CERTCertificatePolicies *
+secu_DecodeCertificatePoliciesExtension(SECItem *extnValue)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    CERTCertificatePolicies *policies;
+    CERTPolicyInfo **policyInfos, *policyInfo;
+    CERTPolicyQualifier **policyQualifiers, *policyQualifier;
+    SECItem newExtnValue;
+
+    /* make a new arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+
+    /* allocate the certifiate policies structure */
+    policies = PORT_ArenaZNew(arena, CERTCertificatePolicies);
+    if (policies == NULL) {
+        goto loser;
+    }
+
+    policies->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* decode the policy info */
+    rv = SEC_QuickDERDecodeItem(arena, policies,
+                                secu_CertificatePoliciesTemplate,
+                                &newExtnValue);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* initialize the oid tags */
+    policyInfos = policies->policyInfos;
+    while (policyInfos != NULL && *policyInfos != NULL) {
+        policyInfo = *policyInfos;
+        policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
+        policyQualifiers = policyInfo->policyQualifiers;
+        while (policyQualifiers && *policyQualifiers != NULL) {
+            policyQualifier = *policyQualifiers;
+            policyQualifier->oid =
+                SECOID_FindOIDTag(&policyQualifier->qualifierID);
+            policyQualifiers++;
+        }
+        policyInfos++;
+    }
+
+    return (policies);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+static char *
+itemToString(SECItem *item)
+{
+    char *string;
+
+    string = PORT_ZAlloc(item->len + 1);
+    if (string == NULL)
+        return NULL;
+    PORT_Memcpy(string, item->data, item->len);
+    string[item->len] = 0;
+    return string;
+}
+
+static SECStatus
+secu_PrintUserNoticeQualifier(FILE *out, SECItem *qualifierValue,
+                              char *msg, int level)
+{
+    CERTUserNotice *userNotice = NULL;
+    if (qualifierValue)
+        userNotice = CERT_DecodeUserNotice(qualifierValue);
+    if (userNotice) {
+        if (userNotice->noticeReference.organization.len != 0) {
+            char *string =
+                itemToString(&userNotice->noticeReference.organization);
+            SECItem **itemList = userNotice->noticeReference.noticeNumbers;
+
+            while (itemList && *itemList) {
+                SECU_PrintInteger(out, *itemList, string, level + 1);
+                itemList++;
+            }
+            PORT_Free(string);
+        }
+        if (userNotice->displayText.len != 0) {
+            SECU_PrintString(out, &userNotice->displayText,
+                             "Display Text", level + 1);
+        }
+        CERT_DestroyUserNotice(userNotice);
+        return SECSuccess;
+    }
+    return SECFailure; /* caller will print this value */
+}
+
+static SECStatus
+secu_PrintPolicyQualifier(FILE *out, CERTPolicyQualifier *policyQualifier,
+                          char *msg, int level)
+{
+    SECStatus rv;
+    SECItem *qualifierValue = &policyQualifier->qualifierValue;
+
+    SECU_PrintObjectID(out, &policyQualifier->qualifierID,
+                       "Policy Qualifier Name", level);
+    if (!qualifierValue->data) {
+        SECU_Indent(out, level);
+        fprintf(out, "Error: missing qualifier\n");
+    } else
+        switch (policyQualifier->oid) {
+            case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
+                rv = secu_PrintUserNoticeQualifier(out, qualifierValue, msg, level);
+                if (SECSuccess == rv)
+                    break;
+            /* fall through on error */
+            case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
+            default:
+                SECU_PrintAny(out, qualifierValue, "Policy Qualifier Data", level);
+                break;
+        }
+    return SECSuccess;
+}
+
+static SECStatus
+secu_PrintPolicyInfo(FILE *out, CERTPolicyInfo *policyInfo, char *msg, int level)
+{
+    CERTPolicyQualifier **policyQualifiers;
+
+    policyQualifiers = policyInfo->policyQualifiers;
+    SECU_PrintObjectID(out, &policyInfo->policyID, "Policy Name", level);
+
+    while (policyQualifiers && *policyQualifiers != NULL) {
+        secu_PrintPolicyQualifier(out, *policyQualifiers, "", level + 1);
+        policyQualifiers++;
+    }
+    return SECSuccess;
+}
+
+void
+SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTCertificatePolicies *policies = NULL;
+    CERTPolicyInfo **policyInfos;
+
+    if (msg) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s: \n", msg);
+        level++;
+    }
+    policies = secu_DecodeCertificatePoliciesExtension(value);
+    if (policies == NULL) {
+        SECU_PrintAny(out, value, "Invalid Policy Data", level);
+        return;
+    }
+
+    policyInfos = policies->policyInfos;
+    while (policyInfos && *policyInfos != NULL) {
+        secu_PrintPolicyInfo(out, *policyInfos, "", level);
+        policyInfos++;
+    }
+
+    CERT_DestroyCertificatePoliciesExtension(policies);
+}
+
+void
+SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
+                                      char *msg, int level)
+{
+    CERTPrivKeyUsagePeriod *prd;
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+    prd = CERT_DecodePrivKeyUsagePeriodExtension(arena, value);
+    if (!prd) {
+        goto loser;
+    }
+    if (prd->notBefore.data) {
+        SECU_PrintGeneralizedTime(out, &prd->notBefore, "Not Before", level);
+    }
+    if (prd->notAfter.data) {
+        SECU_PrintGeneralizedTime(out, &prd->notAfter, "Not After ", level);
+    }
+    if (!prd->notBefore.data && !prd->notAfter.data) {
+        SECU_Indent(out, level);
+        fprintf(out, "Error: notBefore or notAfter MUST be present.\n");
+    loser:
+        SECU_PrintAny(out, value, msg, level);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+}
diff --git a/nss/cmd/lib/secpwd.c b/nss/cmd/lib/secpwd.c
new file mode 100644
index 0000000..7e99b27
--- /dev/null
+++ b/nss/cmd/lib/secpwd.c
@@ -0,0 +1,168 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "secutil.h"
+
+/*
+ * NOTE:  The contents of this file are NOT used by the client.
+ * (They are part of the security library as a whole, but they are
+ * NOT USED BY THE CLIENT.)  Do not change things on behalf of the
+ * client (like localizing strings), or add things that are only
+ * for the client (put them elsewhere).
+ */
+
+#ifdef XP_UNIX
+#include <termios.h>
+#endif
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+#include <unistd.h> /* for isatty() */
+#endif
+
+#if defined(_WINDOWS)
+#include <conio.h>
+#include <io.h>
+#define QUIET_FGETS quiet_fgets
+static char *quiet_fgets(char *buf, int length, FILE *input);
+#else
+#define QUIET_FGETS fgets
+#endif
+
+static void
+echoOff(int fd)
+{
+#if defined(XP_UNIX)
+    if (isatty(fd)) {
+        struct termios tio;
+        tcgetattr(fd, &tio);
+        tio.c_lflag &= ~ECHO;
+        tcsetattr(fd, TCSAFLUSH, &tio);
+    }
+#endif
+}
+
+static void
+echoOn(int fd)
+{
+#if defined(XP_UNIX)
+    if (isatty(fd)) {
+        struct termios tio;
+        tcgetattr(fd, &tio);
+        tio.c_lflag |= ECHO;
+        tcsetattr(fd, TCSAFLUSH, &tio);
+    }
+#endif
+}
+
+char *
+SEC_GetPassword(FILE *input, FILE *output, char *prompt,
+                PRBool (*ok)(char *))
+{
+#if defined(_WINDOWS)
+    int isTTY = (input == stdin);
+#define echoOn(x)
+#define echoOff(x)
+#else
+    int infd = fileno(input);
+    int isTTY = isatty(infd);
+#endif
+    char phrase[200] = { '\0' }; /* ensure EOF doesn't return junk */
+
+    for (;;) {
+        /* Prompt for password */
+        if (isTTY) {
+            fprintf(output, "%s", prompt);
+            fflush(output);
+            echoOff(infd);
+        }
+
+        if (QUIET_FGETS(phrase, sizeof(phrase), input) == NULL) {
+            return NULL;
+        }
+
+        if (isTTY) {
+            fprintf(output, "\n");
+            echoOn(infd);
+        }
+
+        /* stomp on newline */
+        phrase[PORT_Strlen(phrase) - 1] = 0;
+
+        /* Validate password */
+        if (!(*ok)(phrase)) {
+            /* Not weird enough */
+            if (!isTTY)
+                return NULL;
+            fprintf(output, "Password must be at least 8 characters long with one or more\n");
+            fprintf(output, "non-alphabetic characters\n");
+            continue;
+        }
+        return (char *)PORT_Strdup(phrase);
+    }
+}
+
+PRBool
+SEC_CheckPassword(char *cp)
+{
+    int len;
+    char *end;
+
+    len = PORT_Strlen(cp);
+    if (len < 8) {
+        return PR_FALSE;
+    }
+    end = cp + len;
+    while (cp < end) {
+        unsigned char ch = *cp++;
+        if (!((ch >= 'A') && (ch <= 'Z')) &&
+            !((ch >= 'a') && (ch <= 'z'))) {
+            /* pass phrase has at least one non alphabetic in it */
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+PRBool
+SEC_BlindCheckPassword(char *cp)
+{
+    if (cp != NULL) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+/* Get a password from the input terminal, without echoing */
+
+#if defined(_WINDOWS)
+static char *
+quiet_fgets(char *buf, int length, FILE *input)
+{
+    int c;
+    char *end = buf;
+
+    /* fflush (input); */
+    memset(buf, 0, length);
+
+    if (!isatty(fileno(input))) {
+        return fgets(buf, length, input);
+    }
+
+    while (1) {
+        c = getch(); /* getch gets a character from the console */
+
+        if (c == '\b') {
+            if (end > buf)
+                end--;
+        }
+
+        else if (--length > 0)
+            *end++ = c;
+
+        if (!c || c == '\n' || c == '\r')
+            break;
+    }
+
+    return buf;
+}
+#endif
diff --git a/nss/cmd/lib/secutil.c b/nss/cmd/lib/secutil.c
new file mode 100644
index 0000000..cb4752d
--- /dev/null
+++ b/nss/cmd/lib/secutil.c
@@ -0,0 +1,3962 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+** secutil.c - various functions used by security stuff
+**
+*/
+
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+#include "prerror.h"
+#include "prprf.h"
+#include "plgetopt.h"
+#include "prenv.h"
+#include "prnetdb.h"
+
+#include "cryptohi.h"
+#include "secutil.h"
+#include "secpkcs7.h"
+#include "secpkcs5.h"
+#include <stdarg.h>
+#include <sys/stat.h>
+#include <errno.h>
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#endif
+
+/* for SEC_TraverseNames */
+#include "cert.h"
+#include "certt.h"
+#include "certdb.h"
+
+#include "secmod.h"
+#include "pk11func.h"
+#include "secoid.h"
+
+static char consoleName[] = {
+#ifdef XP_UNIX
+    "/dev/tty"
+#else
+#ifdef XP_OS2
+    "\\DEV\\CON"
+#else
+    "CON:"
+#endif
+#endif
+};
+
+#include "nssutil.h"
+#include "ssl.h"
+#include "sslproto.h"
+
+static PRBool utf8DisplayEnabled = PR_FALSE;
+
+void
+SECU_EnableUtf8Display(PRBool enable)
+{
+    utf8DisplayEnabled = enable;
+}
+
+PRBool
+SECU_GetUtf8DisplayEnabled(void)
+{
+    return utf8DisplayEnabled;
+}
+
+static void
+secu_ClearPassword(char *p)
+{
+    if (p) {
+        PORT_Memset(p, 0, PORT_Strlen(p));
+        PORT_Free(p);
+    }
+}
+
+char *
+SECU_GetPasswordString(void *arg, char *prompt)
+{
+#ifndef _WINDOWS
+    char *p = NULL;
+    FILE *input, *output;
+
+    /* open terminal */
+    input = fopen(consoleName, "r");
+    if (input == NULL) {
+        fprintf(stderr, "Error opening input terminal for read\n");
+        return NULL;
+    }
+
+    output = fopen(consoleName, "w");
+    if (output == NULL) {
+        fprintf(stderr, "Error opening output terminal for write\n");
+        fclose(input);
+        return NULL;
+    }
+
+    p = SEC_GetPassword(input, output, prompt, SEC_BlindCheckPassword);
+
+    fclose(input);
+    fclose(output);
+
+    return p;
+
+#else
+    /* Win32 version of above. opening the console may fail
+       on windows95, and certainly isn't necessary.. */
+
+    char *p = NULL;
+
+    p = SEC_GetPassword(stdin, stdout, prompt, SEC_BlindCheckPassword);
+    return p;
+
+#endif
+}
+
+/*
+ *  p a s s w o r d _ h a r d c o d e
+ *
+ *  A function to use the password passed in the -f(pwfile) argument
+ *  of the command line.
+ *  After use once, null it out otherwise PKCS11 calls us forever.?
+ *
+ */
+char *
+SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+    char *phrases, *phrase;
+    PRFileDesc *fd;
+    PRInt32 nb;
+    char *pwFile = arg;
+    int i;
+    const long maxPwdFileSize = 4096;
+    char *tokenName = NULL;
+    int tokenLen = 0;
+
+    if (!pwFile)
+        return 0;
+
+    if (retry) {
+        return 0; /* no good retrying - the files contents will be the same */
+    }
+
+    phrases = PORT_ZAlloc(maxPwdFileSize);
+
+    if (!phrases) {
+        return 0; /* out of memory */
+    }
+
+    fd = PR_Open(pwFile, PR_RDONLY, 0);
+    if (!fd) {
+        fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
+        PORT_Free(phrases);
+        return NULL;
+    }
+
+    nb = PR_Read(fd, phrases, maxPwdFileSize);
+
+    PR_Close(fd);
+
+    if (nb == 0) {
+        fprintf(stderr, "password file contains no data\n");
+        PORT_Free(phrases);
+        return NULL;
+    }
+
+    if (slot) {
+        tokenName = PK11_GetTokenName(slot);
+        if (tokenName) {
+            tokenLen = PORT_Strlen(tokenName);
+        }
+    }
+    i = 0;
+    do {
+        int startphrase = i;
+        int phraseLen;
+
+        /* handle the Windows EOL case */
+        while (phrases[i] != '\r' && phrases[i] != '\n' && i < nb)
+            i++;
+        /* terminate passphrase */
+        phrases[i++] = '\0';
+        /* clean up any EOL before the start of the next passphrase */
+        while ((i < nb) && (phrases[i] == '\r' || phrases[i] == '\n')) {
+            phrases[i++] = '\0';
+        }
+        /* now analyze the current passphrase */
+        phrase = &phrases[startphrase];
+        if (!tokenName)
+            break;
+        if (PORT_Strncmp(phrase, tokenName, tokenLen))
+            continue;
+        phraseLen = PORT_Strlen(phrase);
+        if (phraseLen < (tokenLen + 1))
+            continue;
+        if (phrase[tokenLen] != ':')
+            continue;
+        phrase = &phrase[tokenLen + 1];
+        break;
+
+    } while (i < nb);
+
+    phrase = PORT_Strdup((char *)phrase);
+    PORT_Free(phrases);
+    return phrase;
+}
+
+char *
+SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+    char prompt[255];
+    secuPWData *pwdata = (secuPWData *)arg;
+    secuPWData pwnull = { PW_NONE, 0 };
+    secuPWData pwxtrn = { PW_EXTERNAL, "external" };
+
+    if (pwdata == NULL)
+        pwdata = &pwnull;
+
+    if (PK11_ProtectedAuthenticationPath(slot)) {
+        pwdata = &pwxtrn;
+    }
+    if (retry && pwdata->source != PW_NONE) {
+        PR_fprintf(PR_STDERR, "Incorrect password/PIN entered.\n");
+        return NULL;
+    }
+
+    switch (pwdata->source) {
+        case PW_NONE:
+            sprintf(prompt, "Enter Password or Pin for \"%s\":",
+                    PK11_GetTokenName(slot));
+            return SECU_GetPasswordString(NULL, prompt);
+        case PW_FROMFILE:
+            return SECU_FilePasswd(slot, retry, pwdata->data);
+        case PW_EXTERNAL:
+            sprintf(prompt,
+                    "Press Enter, then enter PIN for \"%s\" on external device.\n",
+                    PK11_GetTokenName(slot));
+            (void)SECU_GetPasswordString(NULL, prompt);
+        /* Fall Through */
+        case PW_PLAINTEXT:
+            return PL_strdup(pwdata->data);
+        default:
+            break;
+    }
+
+    PR_fprintf(PR_STDERR, "Password check failed:  No password found.\n");
+    return NULL;
+}
+
+char *
+secu_InitSlotPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
+{
+    char *p0 = NULL;
+    char *p1 = NULL;
+    FILE *input, *output;
+    secuPWData *pwdata = arg;
+
+    if (pwdata->source == PW_FROMFILE) {
+        return SECU_FilePasswd(slot, retry, pwdata->data);
+    }
+    if (pwdata->source == PW_PLAINTEXT) {
+        return PL_strdup(pwdata->data);
+    }
+
+/* PW_NONE - get it from tty */
+/* open terminal */
+#ifdef _WINDOWS
+    input = stdin;
+#else
+    input = fopen(consoleName, "r");
+#endif
+    if (input == NULL) {
+        PR_fprintf(PR_STDERR, "Error opening input terminal for read\n");
+        return NULL;
+    }
+
+    /* we have no password, so initialize database with one */
+    PR_fprintf(PR_STDERR,
+               "Enter a password which will be used to encrypt your keys.\n"
+               "The password should be at least 8 characters long,\n"
+               "and should contain at least one non-alphabetic character.\n\n");
+
+    output = fopen(consoleName, "w");
+    if (output == NULL) {
+        PR_fprintf(PR_STDERR, "Error opening output terminal for write\n");
+#ifndef _WINDOWS
+        fclose(input);
+#endif
+        return NULL;
+    }
+
+    for (;;) {
+        if (p0)
+            PORT_Free(p0);
+        p0 = SEC_GetPassword(input, output, "Enter new password: ",
+                             SEC_BlindCheckPassword);
+
+        if (p1)
+            PORT_Free(p1);
+        p1 = SEC_GetPassword(input, output, "Re-enter password: ",
+                             SEC_BlindCheckPassword);
+        if (p0 && p1 && !PORT_Strcmp(p0, p1)) {
+            break;
+        }
+        PR_fprintf(PR_STDERR, "Passwords do not match. Try again.\n");
+    }
+
+    /* clear out the duplicate password string */
+    secu_ClearPassword(p1);
+
+    fclose(input);
+    fclose(output);
+
+    return p0;
+}
+
+SECStatus
+SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile)
+{
+    return SECU_ChangePW2(slot, passwd, 0, pwFile, 0);
+}
+
+SECStatus
+SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
+               char *oldPwFile, char *newPwFile)
+{
+    SECStatus rv;
+    secuPWData pwdata, newpwdata;
+    char *oldpw = NULL, *newpw = NULL;
+
+    if (oldPass) {
+        pwdata.source = PW_PLAINTEXT;
+        pwdata.data = oldPass;
+    } else if (oldPwFile) {
+        pwdata.source = PW_FROMFILE;
+        pwdata.data = oldPwFile;
+    } else {
+        pwdata.source = PW_NONE;
+        pwdata.data = NULL;
+    }
+
+    if (newPass) {
+        newpwdata.source = PW_PLAINTEXT;
+        newpwdata.data = newPass;
+    } else if (newPwFile) {
+        newpwdata.source = PW_FROMFILE;
+        newpwdata.data = newPwFile;
+    } else {
+        newpwdata.source = PW_NONE;
+        newpwdata.data = NULL;
+    }
+
+    if (PK11_NeedUserInit(slot)) {
+        newpw = secu_InitSlotPassword(slot, PR_FALSE, &pwdata);
+        rv = PK11_InitPin(slot, (char *)NULL, newpw);
+        goto done;
+    }
+
+    for (;;) {
+        oldpw = SECU_GetModulePassword(slot, PR_FALSE, &pwdata);
+
+        if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
+            if (pwdata.source == PW_NONE) {
+                PR_fprintf(PR_STDERR, "Invalid password.  Try again.\n");
+            } else {
+                PR_fprintf(PR_STDERR, "Invalid password.\n");
+                PORT_Memset(oldpw, 0, PL_strlen(oldpw));
+                PORT_Free(oldpw);
+                rv = SECFailure;
+                goto done;
+            }
+        } else
+            break;
+
+        PORT_Free(oldpw);
+    }
+
+    newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata);
+
+    rv = PK11_ChangePW(slot, oldpw, newpw);
+    if (rv != SECSuccess) {
+        PR_fprintf(PR_STDERR, "Failed to change password.\n");
+    } else {
+        PR_fprintf(PR_STDOUT, "Password changed successfully.\n");
+    }
+
+    PORT_Memset(oldpw, 0, PL_strlen(oldpw));
+    PORT_Free(oldpw);
+
+done:
+    if (newpw) {
+        PORT_Memset(newpw, 0, PL_strlen(newpw));
+        PORT_Free(newpw);
+    }
+    return rv;
+}
+
+struct matchobj {
+    SECItem index;
+    char *nname;
+    PRBool found;
+};
+
+char *
+SECU_DefaultSSLDir(void)
+{
+    char *dir;
+    static char sslDir[1000];
+
+    dir = PR_GetEnvSecure("SSL_DIR");
+    if (!dir)
+        return NULL;
+
+    if (strlen(dir) >= PR_ARRAY_SIZE(sslDir)) {
+        return NULL;
+    }
+    sprintf(sslDir, "%s", dir);
+
+    if (sslDir[strlen(sslDir) - 1] == '/')
+        sslDir[strlen(sslDir) - 1] = 0;
+
+    return sslDir;
+}
+
+char *
+SECU_AppendFilenameToDir(char *dir, char *filename)
+{
+    static char path[1000];
+
+    if (dir[strlen(dir) - 1] == '/')
+        sprintf(path, "%s%s", dir, filename);
+    else
+        sprintf(path, "%s/%s", dir, filename);
+    return path;
+}
+
+char *
+SECU_ConfigDirectory(const char *base)
+{
+    static PRBool initted = PR_FALSE;
+    const char *dir = ".netscape";
+    char *home;
+    static char buf[1000];
+
+    if (initted)
+        return buf;
+
+    if (base == NULL || *base == 0) {
+        home = PR_GetEnvSecure("HOME");
+        if (!home)
+            home = "";
+
+        if (*home && home[strlen(home) - 1] == '/')
+            sprintf(buf, "%.900s%s", home, dir);
+        else
+            sprintf(buf, "%.900s/%s", home, dir);
+    } else {
+        sprintf(buf, "%.900s", base);
+        if (buf[strlen(buf) - 1] == '/')
+            buf[strlen(buf) - 1] = 0;
+    }
+
+    initted = PR_TRUE;
+    return buf;
+}
+
+/*Turn off SSL for now */
+/* This gets called by SSL when server wants our cert & key */
+int
+SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
+                       struct CERTDistNamesStr *caNames,
+                       struct CERTCertificateStr **pRetCert,
+                       struct SECKEYPrivateKeyStr **pRetKey)
+{
+    SECKEYPrivateKey *key;
+    CERTCertificate *cert;
+    int errsave;
+
+    if (arg == NULL) {
+        fprintf(stderr, "no key/cert name specified for client auth\n");
+        return -1;
+    }
+    cert = PK11_FindCertFromNickname(arg, NULL);
+    errsave = PORT_GetError();
+    if (!cert) {
+        if (errsave == SEC_ERROR_BAD_PASSWORD)
+            fprintf(stderr, "Bad password\n");
+        else if (errsave > 0)
+            fprintf(stderr, "Unable to read cert (error %d)\n", errsave);
+        else if (errsave == SEC_ERROR_BAD_DATABASE)
+            fprintf(stderr, "Unable to get cert from database (%d)\n", errsave);
+        else
+            fprintf(stderr, "SECKEY_FindKeyByName: internal error %d\n", errsave);
+        return -1;
+    }
+
+    key = PK11_FindKeyByAnyCert(arg, NULL);
+    if (!key) {
+        fprintf(stderr, "Unable to get key (%d)\n", PORT_GetError());
+        return -1;
+    }
+
+    *pRetCert = cert;
+    *pRetKey = key;
+
+    return 0;
+}
+
+SECStatus
+SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
+                     PRBool warnOnPrivateKeyInAsciiFile)
+{
+    SECStatus rv;
+    if (ascii) {
+        /* First convert ascii to binary */
+        SECItem filedata;
+        char *asc, *body;
+
+        /* Read in ascii data */
+        rv = SECU_FileToItem(&filedata, inFile);
+        if (rv != SECSuccess)
+            return rv;
+        asc = (char *)filedata.data;
+        if (!asc) {
+            fprintf(stderr, "unable to read data from input file\n");
+            return SECFailure;
+        }
+
+        if (warnOnPrivateKeyInAsciiFile && strstr(asc, "PRIVATE KEY")) {
+            fprintf(stderr, "Warning: ignoring private key. Consider to use "
+                            "pk12util.\n");
+        }
+
+        /* check for headers and trailers and remove them */
+        if ((body = strstr(asc, "-----BEGIN")) != NULL) {
+            char *trailer = NULL;
+            asc = body;
+            body = PORT_Strchr(body, '\n');
+            if (!body)
+                body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
+            if (body)
+                trailer = strstr(++body, "-----END");
+            if (trailer != NULL) {
+                *trailer = '\0';
+            } else {
+                fprintf(stderr, "input has header but no trailer\n");
+                PORT_Free(filedata.data);
+                return SECFailure;
+            }
+        } else {
+            /* need one additional byte for zero terminator */
+            rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1);
+            if (rv != SECSuccess) {
+                PORT_Free(filedata.data);
+                return rv;
+            }
+            body = (char *)filedata.data;
+            body[filedata.len - 1] = '\0';
+        }
+
+        /* Convert to binary */
+        rv = ATOB_ConvertAsciiToItem(der, body);
+        if (rv != SECSuccess) {
+            fprintf(stderr, "error converting ascii to binary (%s)\n",
+                    SECU_Strerror(PORT_GetError()));
+            PORT_Free(filedata.data);
+            return SECFailure;
+        }
+
+        PORT_Free(filedata.data);
+    } else {
+        /* Read in binary der */
+        rv = SECU_FileToItem(der, inFile);
+        if (rv != SECSuccess) {
+            fprintf(stderr, "error converting der (%s)\n",
+                    SECU_Strerror(PORT_GetError()));
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+#define INDENT_MULT 4
+
+SECStatus
+SECU_StripTagAndLength(SECItem *i)
+{
+    unsigned int start;
+
+    if (!i || !i->data || i->len < 2) { /* must be at least tag and length */
+        return SECFailure;
+    }
+    start = ((i->data[1] & 0x80) ? (i->data[1] & 0x7f) + 2 : 2);
+    if (i->len < start) {
+        return SECFailure;
+    }
+    i->data += start;
+    i->len -= start;
+    return SECSuccess;
+}
+
+static void
+secu_PrintRawStringQuotesOptional(FILE *out, SECItem *si, const char *m,
+                                  int level, PRBool quotes)
+{
+    int column;
+    unsigned int i;
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s: ", m);
+        column = (level * INDENT_MULT) + strlen(m) + 2;
+        level++;
+    } else {
+        SECU_Indent(out, level);
+        column = level * INDENT_MULT;
+    }
+    if (quotes) {
+        fprintf(out, "\"");
+        column++;
+    }
+
+    for (i = 0; i < si->len; i++) {
+        unsigned char val = si->data[i];
+        unsigned char c;
+        if (SECU_GetWrapEnabled() && column > 76) {
+            SECU_Newline(out);
+            SECU_Indent(out, level);
+            column = level * INDENT_MULT;
+        }
+
+        if (utf8DisplayEnabled) {
+            if (val < 32)
+                c = '.';
+            else
+                c = val;
+        } else {
+            c = printable[val];
+        }
+        fprintf(out, "%c", c);
+        column++;
+    }
+
+    if (quotes) {
+        fprintf(out, "\"");
+        column++;
+    }
+    if (SECU_GetWrapEnabled() &&
+        (column != level * INDENT_MULT || column > 76)) {
+        SECU_Newline(out);
+    }
+}
+
+static void
+secu_PrintRawString(FILE *out, SECItem *si, const char *m, int level)
+{
+    secu_PrintRawStringQuotesOptional(out, si, m, level, PR_TRUE);
+}
+
+void
+SECU_PrintString(FILE *out, const SECItem *si, const char *m, int level)
+{
+    SECItem my = *si;
+
+    if (SECSuccess != SECU_StripTagAndLength(&my) || !my.len)
+        return;
+    secu_PrintRawString(out, &my, m, level);
+}
+
+/* print an unencoded boolean */
+static void
+secu_PrintBoolean(FILE *out, SECItem *i, const char *m, int level)
+{
+    int val = 0;
+
+    if (i->data && i->len) {
+        val = i->data[0];
+    }
+
+    if (!m) {
+        m = "Boolean";
+    }
+    SECU_Indent(out, level);
+    fprintf(out, "%s: %s\n", m, (val ? "True" : "False"));
+}
+
+/*
+ * Format and print "time".  If the tag message "m" is not NULL,
+ * do indent formatting based on "level" and add a newline afterward;
+ * otherwise just print the formatted time string only.
+ */
+static void
+secu_PrintTime(FILE *out, const PRTime time, const char *m, int level)
+{
+    PRExplodedTime printableTime;
+    char *timeString;
+
+    /* Convert to local time */
+    PR_ExplodeTime(time, PR_GMTParameters, &printableTime);
+
+    timeString = PORT_Alloc(256);
+    if (timeString == NULL)
+        return;
+
+    if (m != NULL) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s: ", m);
+    }
+
+    if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
+        fputs(timeString, out);
+    }
+
+    if (m != NULL)
+        fprintf(out, "\n");
+
+    PORT_Free(timeString);
+}
+
+/*
+ * Format and print the UTC Time "t".  If the tag message "m" is not NULL,
+ * do indent formatting based on "level" and add a newline afterward;
+ * otherwise just print the formatted time string only.
+ */
+void
+SECU_PrintUTCTime(FILE *out, const SECItem *t, const char *m, int level)
+{
+    PRTime time;
+    SECStatus rv;
+
+    rv = DER_UTCTimeToTime(&time, t);
+    if (rv != SECSuccess)
+        return;
+
+    secu_PrintTime(out, time, m, level);
+}
+
+/*
+ * Format and print the Generalized Time "t".  If the tag message "m"
+ * is not NULL, * do indent formatting based on "level" and add a newline
+ * afterward; otherwise just print the formatted time string only.
+ */
+void
+SECU_PrintGeneralizedTime(FILE *out, const SECItem *t, const char *m, int level)
+{
+    PRTime time;
+    SECStatus rv;
+
+    rv = DER_GeneralizedTimeToTime(&time, t);
+    if (rv != SECSuccess)
+        return;
+
+    secu_PrintTime(out, time, m, level);
+}
+
+/*
+ * Format and print the UTC or Generalized Time "t".  If the tag message
+ * "m" is not NULL, do indent formatting based on "level" and add a newline
+ * afterward; otherwise just print the formatted time string only.
+ */
+void
+SECU_PrintTimeChoice(FILE *out, const SECItem *t, const char *m, int level)
+{
+    switch (t->type) {
+        case siUTCTime:
+            SECU_PrintUTCTime(out, t, m, level);
+            break;
+
+        case siGeneralizedTime:
+            SECU_PrintGeneralizedTime(out, t, m, level);
+            break;
+
+        default:
+            PORT_Assert(0);
+            break;
+    }
+}
+
+/* This prints a SET or SEQUENCE */
+static void
+SECU_PrintSet(FILE *out, const SECItem *t, const char *m, int level)
+{
+    int type = t->data[0] & SEC_ASN1_TAGNUM_MASK;
+    int constructed = t->data[0] & SEC_ASN1_CONSTRUCTED;
+    const char *label;
+    SECItem my = *t;
+
+    if (!constructed) {
+        SECU_PrintAsHex(out, t, m, level);
+        return;
+    }
+    if (SECSuccess != SECU_StripTagAndLength(&my))
+        return;
+
+    SECU_Indent(out, level);
+    if (m) {
+        fprintf(out, "%s: ", m);
+    }
+
+    if (type == SEC_ASN1_SET)
+        label = "Set ";
+    else if (type == SEC_ASN1_SEQUENCE)
+        label = "Sequence ";
+    else
+        label = "";
+    fprintf(out, "%s{\n", label); /* } */
+
+    while (my.len >= 2) {
+        SECItem tmp = my;
+
+        if (tmp.data[1] & 0x80) {
+            unsigned int i;
+            unsigned int lenlen = tmp.data[1] & 0x7f;
+            if (lenlen > sizeof tmp.len)
+                break;
+            tmp.len = 0;
+            for (i = 0; i < lenlen; i++) {
+                tmp.len = (tmp.len << 8) | tmp.data[2 + i];
+            }
+            tmp.len += lenlen + 2;
+        } else {
+            tmp.len = tmp.data[1] + 2;
+        }
+        if (tmp.len > my.len) {
+            tmp.len = my.len;
+        }
+        my.data += tmp.len;
+        my.len -= tmp.len;
+        SECU_PrintAny(out, &tmp, NULL, level + 1);
+    }
+    SECU_Indent(out, level);
+    fprintf(out, /* { */ "}\n");
+}
+
+static void
+secu_PrintContextSpecific(FILE *out, const SECItem *i, const char *m, int level)
+{
+    int type = i->data[0] & SEC_ASN1_TAGNUM_MASK;
+    int constructed = i->data[0] & SEC_ASN1_CONSTRUCTED;
+    SECItem tmp;
+
+    if (constructed) {
+        char *m2;
+        if (!m)
+            m2 = PR_smprintf("[%d]", type);
+        else
+            m2 = PR_smprintf("%s: [%d]", m, type);
+        if (m2) {
+            SECU_PrintSet(out, i, m2, level);
+            PR_smprintf_free(m2);
+        }
+        return;
+    }
+
+    SECU_Indent(out, level);
+    if (m) {
+        fprintf(out, "%s: ", m);
+    }
+    fprintf(out, "[%d]\n", type);
+
+    tmp = *i;
+    if (SECSuccess == SECU_StripTagAndLength(&tmp))
+        SECU_PrintAsHex(out, &tmp, m, level + 1);
+}
+
+static void
+secu_PrintOctetString(FILE *out, const SECItem *i, const char *m, int level)
+{
+    SECItem tmp = *i;
+    if (SECSuccess == SECU_StripTagAndLength(&tmp))
+        SECU_PrintAsHex(out, &tmp, m, level);
+}
+
+static void
+secu_PrintBitString(FILE *out, const SECItem *i, const char *m, int level)
+{
+    int unused_bits;
+    SECItem tmp = *i;
+
+    if (SECSuccess != SECU_StripTagAndLength(&tmp) || tmp.len < 2)
+        return;
+
+    unused_bits = *tmp.data++;
+    tmp.len--;
+
+    SECU_PrintAsHex(out, &tmp, m, level);
+    if (unused_bits) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "(%d least significant bits unused)\n", unused_bits);
+    }
+}
+
+/* in a decoded bit string, the len member is a bit length. */
+static void
+secu_PrintDecodedBitString(FILE *out, const SECItem *i, const char *m, int level)
+{
+    int unused_bits;
+    SECItem tmp = *i;
+
+    unused_bits = (tmp.len & 0x7) ? 8 - (tmp.len & 7) : 0;
+    DER_ConvertBitString(&tmp); /* convert length to byte length */
+
+    SECU_PrintAsHex(out, &tmp, m, level);
+    if (unused_bits) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "(%d least significant bits unused)\n", unused_bits);
+    }
+}
+
+/* Print a DER encoded Boolean */
+void
+SECU_PrintEncodedBoolean(FILE *out, const SECItem *i, const char *m, int level)
+{
+    SECItem my = *i;
+    if (SECSuccess == SECU_StripTagAndLength(&my))
+        secu_PrintBoolean(out, &my, m, level);
+}
+
+/* Print a DER encoded integer */
+void
+SECU_PrintEncodedInteger(FILE *out, const SECItem *i, const char *m, int level)
+{
+    SECItem my = *i;
+    if (SECSuccess == SECU_StripTagAndLength(&my))
+        SECU_PrintInteger(out, &my, m, level);
+}
+
+/* Print a DER encoded OID */
+void
+SECU_PrintEncodedObjectID(FILE *out, const SECItem *i, const char *m, int level)
+{
+    SECItem my = *i;
+    if (SECSuccess == SECU_StripTagAndLength(&my))
+        SECU_PrintObjectID(out, &my, m, level);
+}
+
+static void
+secu_PrintBMPString(FILE *out, const SECItem *i, const char *m, int level)
+{
+    unsigned char *s;
+    unsigned char *d;
+    int len;
+    SECItem tmp = { 0, 0, 0 };
+    SECItem my = *i;
+
+    if (SECSuccess != SECU_StripTagAndLength(&my))
+        goto loser;
+    if (my.len % 2)
+        goto loser;
+    len = (int)(my.len / 2);
+    tmp.data = (unsigned char *)PORT_Alloc(len);
+    if (!tmp.data)
+        goto loser;
+    tmp.len = len;
+    for (s = my.data, d = tmp.data; len > 0; len--) {
+        PRUint32 bmpChar = (s[0] << 8) | s[1];
+        s += 2;
+        if (!isprint(bmpChar))
+            goto loser;
+        *d++ = (unsigned char)bmpChar;
+    }
+    secu_PrintRawString(out, &tmp, m, level);
+    PORT_Free(tmp.data);
+    return;
+
+loser:
+    SECU_PrintAsHex(out, i, m, level);
+    if (tmp.data)
+        PORT_Free(tmp.data);
+}
+
+static void
+secu_PrintUniversalString(FILE *out, const SECItem *i, const char *m, int level)
+{
+    unsigned char *s;
+    unsigned char *d;
+    int len;
+    SECItem tmp = { 0, 0, 0 };
+    SECItem my = *i;
+
+    if (SECSuccess != SECU_StripTagAndLength(&my))
+        goto loser;
+    if (my.len % 4)
+        goto loser;
+    len = (int)(my.len / 4);
+    tmp.data = (unsigned char *)PORT_Alloc(len);
+    if (!tmp.data)
+        goto loser;
+    tmp.len = len;
+    for (s = my.data, d = tmp.data; len > 0; len--) {
+        PRUint32 bmpChar = (s[0] << 24) | (s[1] << 16) | (s[2] << 8) | s[3];
+        s += 4;
+        if (!isprint(bmpChar))
+            goto loser;
+        *d++ = (unsigned char)bmpChar;
+    }
+    secu_PrintRawString(out, &tmp, m, level);
+    PORT_Free(tmp.data);
+    return;
+
+loser:
+    SECU_PrintAsHex(out, i, m, level);
+    if (tmp.data)
+        PORT_Free(tmp.data);
+}
+
+static void
+secu_PrintUniversal(FILE *out, const SECItem *i, const char *m, int level)
+{
+    switch (i->data[0] & SEC_ASN1_TAGNUM_MASK) {
+        case SEC_ASN1_ENUMERATED:
+        case SEC_ASN1_INTEGER:
+            SECU_PrintEncodedInteger(out, i, m, level);
+            break;
+        case SEC_ASN1_OBJECT_ID:
+            SECU_PrintEncodedObjectID(out, i, m, level);
+            break;
+        case SEC_ASN1_BOOLEAN:
+            SECU_PrintEncodedBoolean(out, i, m, level);
+            break;
+        case SEC_ASN1_UTF8_STRING:
+        case SEC_ASN1_PRINTABLE_STRING:
+        case SEC_ASN1_VISIBLE_STRING:
+        case SEC_ASN1_IA5_STRING:
+        case SEC_ASN1_T61_STRING:
+            SECU_PrintString(out, i, m, level);
+            break;
+        case SEC_ASN1_GENERALIZED_TIME:
+            SECU_PrintGeneralizedTime(out, i, m, level);
+            break;
+        case SEC_ASN1_UTC_TIME:
+            SECU_PrintUTCTime(out, i, m, level);
+            break;
+        case SEC_ASN1_NULL:
+            SECU_Indent(out, level);
+            if (m && m[0])
+                fprintf(out, "%s: NULL\n", m);
+            else
+                fprintf(out, "NULL\n");
+            break;
+        case SEC_ASN1_SET:
+        case SEC_ASN1_SEQUENCE:
+            SECU_PrintSet(out, i, m, level);
+            break;
+        case SEC_ASN1_OCTET_STRING:
+            secu_PrintOctetString(out, i, m, level);
+            break;
+        case SEC_ASN1_BIT_STRING:
+            secu_PrintBitString(out, i, m, level);
+            break;
+        case SEC_ASN1_BMP_STRING:
+            secu_PrintBMPString(out, i, m, level);
+            break;
+        case SEC_ASN1_UNIVERSAL_STRING:
+            secu_PrintUniversalString(out, i, m, level);
+            break;
+        default:
+            SECU_PrintAsHex(out, i, m, level);
+            break;
+    }
+}
+
+void
+SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level)
+{
+    if (i && i->len && i->data) {
+        switch (i->data[0] & SEC_ASN1_CLASS_MASK) {
+            case SEC_ASN1_CONTEXT_SPECIFIC:
+                secu_PrintContextSpecific(out, i, m, level);
+                break;
+            case SEC_ASN1_UNIVERSAL:
+                secu_PrintUniversal(out, i, m, level);
+                break;
+            default:
+                SECU_PrintAsHex(out, i, m, level);
+                break;
+        }
+    }
+}
+
+static int
+secu_PrintValidity(FILE *out, CERTValidity *v, char *m, int level)
+{
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintTimeChoice(out, &v->notBefore, "Not Before", level + 1);
+    SECU_PrintTimeChoice(out, &v->notAfter, "Not After ", level + 1);
+    return 0;
+}
+
+/* This function does NOT expect a DER type and length. */
+SECOidTag
+SECU_PrintObjectID(FILE *out, const SECItem *oid, const char *m, int level)
+{
+    SECOidData *oiddata;
+    char *oidString = NULL;
+
+    oiddata = SECOID_FindOID(oid);
+    if (oiddata != NULL) {
+        const char *name = oiddata->desc;
+        SECU_Indent(out, level);
+        if (m != NULL)
+            fprintf(out, "%s: ", m);
+        fprintf(out, "%s\n", name);
+        return oiddata->offset;
+    }
+    oidString = CERT_GetOidString(oid);
+    if (oidString) {
+        SECU_Indent(out, level);
+        if (m != NULL)
+            fprintf(out, "%s: ", m);
+        fprintf(out, "%s\n", oidString);
+        PR_smprintf_free(oidString);
+        return SEC_OID_UNKNOWN;
+    }
+    SECU_PrintAsHex(out, oid, m, level);
+    return SEC_OID_UNKNOWN;
+}
+
+typedef struct secuPBEParamsStr {
+    SECItem salt;
+    SECItem iterationCount;
+    SECItem keyLength;
+    SECAlgorithmID cipherAlg;
+    SECAlgorithmID kdfAlg;
+} secuPBEParams;
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+/* SECOID_PKCS5_PBKDF2 */
+const SEC_ASN1Template secuKDF2Params[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
+      { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
+      { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
+      { SEC_ASN1_INTEGER, offsetof(secuPBEParams, keyLength) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { 0 }
+    };
+
+/* PKCS5v1 & PKCS12 */
+const SEC_ASN1Template secuPBEParamsTemp[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
+      { SEC_ASN1_OCTET_STRING, offsetof(secuPBEParams, salt) },
+      { SEC_ASN1_INTEGER, offsetof(secuPBEParams, iterationCount) },
+      { 0 }
+    };
+
+/* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */
+const SEC_ASN1Template secuPBEV2Params[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(secuPBEParams) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, kdfAlg),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(secuPBEParams, cipherAlg),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { 0 }
+    };
+
+void
+secu_PrintRSAPSSParams(FILE *out, SECItem *value, char *m, int level)
+{
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    SECStatus rv;
+    SECKEYRSAPSSParams param;
+    SECAlgorithmID maskHashAlg;
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:\n", m);
+    }
+
+    if (!pool) {
+        SECU_Indent(out, level);
+        fprintf(out, "Out of memory\n");
+        return;
+    }
+
+    PORT_Memset(&param, 0, sizeof param);
+
+    rv = SEC_QuickDERDecodeItem(pool, &param,
+                                SEC_ASN1_GET(SECKEY_RSAPSSParamsTemplate),
+                                value);
+    if (rv == SECSuccess) {
+        if (!param.hashAlg) {
+            SECU_Indent(out, level + 1);
+            fprintf(out, "Hash algorithm: default, SHA-1\n");
+        } else {
+            SECU_PrintObjectID(out, &param.hashAlg->algorithm,
+                               "Hash algorithm", level + 1);
+        }
+        if (!param.maskAlg) {
+            SECU_Indent(out, level + 1);
+            fprintf(out, "Mask algorithm: default, MGF1\n");
+            SECU_Indent(out, level + 1);
+            fprintf(out, "Mask hash algorithm: default, SHA-1\n");
+        } else {
+            SECU_PrintObjectID(out, &param.maskAlg->algorithm,
+                               "Mask algorithm", level + 1);
+            rv = SEC_QuickDERDecodeItem(pool, &maskHashAlg,
+                                        SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
+                                        &param.maskAlg->parameters);
+            if (rv == SECSuccess) {
+                SECU_PrintObjectID(out, &maskHashAlg.algorithm,
+                                   "Mask hash algorithm", level + 1);
+            } else {
+                SECU_Indent(out, level + 1);
+                fprintf(out, "Invalid mask generation algorithm parameters\n");
+            }
+        }
+        if (!param.saltLength.data) {
+            SECU_Indent(out, level + 1);
+            fprintf(out, "Salt length: default, %i (0x%2X)\n", 20, 20);
+        } else {
+            SECU_PrintInteger(out, &param.saltLength, "Salt Length", level + 1);
+        }
+    } else {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Invalid RSA-PSS parameters\n");
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+void
+secu_PrintKDF2Params(FILE *out, SECItem *value, char *m, int level)
+{
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    SECStatus rv;
+    secuPBEParams param;
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:\n", m);
+    }
+
+    if (!pool) {
+        SECU_Indent(out, level);
+        fprintf(out, "Out of memory\n");
+        return;
+    }
+
+    PORT_Memset(&param, 0, sizeof param);
+    rv = SEC_QuickDERDecodeItem(pool, &param, secuKDF2Params, value);
+    if (rv == SECSuccess) {
+        SECU_PrintAsHex(out, &param.salt, "Salt", level + 1);
+        SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
+                          level + 1);
+        SECU_PrintInteger(out, &param.keyLength, "Key Length", level + 1);
+        SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF algorithm", level + 1);
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+void
+secu_PrintPKCS5V2Params(FILE *out, SECItem *value, char *m, int level)
+{
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    SECStatus rv;
+    secuPBEParams param;
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:\n", m);
+    }
+
+    if (!pool) {
+        SECU_Indent(out, level);
+        fprintf(out, "Out of memory\n");
+        return;
+    }
+
+    PORT_Memset(&param, 0, sizeof param);
+    rv = SEC_QuickDERDecodeItem(pool, &param, secuPBEV2Params, value);
+    if (rv == SECSuccess) {
+        SECU_PrintAlgorithmID(out, &param.kdfAlg, "KDF", level + 1);
+        SECU_PrintAlgorithmID(out, &param.cipherAlg, "Cipher", level + 1);
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+void
+secu_PrintPBEParams(FILE *out, SECItem *value, char *m, int level)
+{
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    SECStatus rv;
+    secuPBEParams param;
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:\n", m);
+    }
+
+    if (!pool) {
+        SECU_Indent(out, level);
+        fprintf(out, "Out of memory\n");
+        return;
+    }
+
+    PORT_Memset(&param, 0, sizeof(secuPBEParams));
+    rv = SEC_QuickDERDecodeItem(pool, &param, secuPBEParamsTemp, value);
+    if (rv == SECSuccess) {
+        SECU_PrintAsHex(out, &param.salt, "Salt", level + 1);
+        SECU_PrintInteger(out, &param.iterationCount, "Iteration Count",
+                          level + 1);
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+/* This function does NOT expect a DER type and length. */
+void
+SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m, int level)
+{
+    SECOidTag algtag;
+    SECU_PrintObjectID(out, &a->algorithm, m, level);
+
+    algtag = SECOID_GetAlgorithmTag(a);
+    if (SEC_PKCS5IsAlgorithmPBEAlgTag(algtag)) {
+        switch (algtag) {
+            case SEC_OID_PKCS5_PBKDF2:
+                secu_PrintKDF2Params(out, &a->parameters, "Parameters", level + 1);
+                break;
+            case SEC_OID_PKCS5_PBES2:
+                secu_PrintPKCS5V2Params(out, &a->parameters, "Encryption", level + 1);
+                break;
+            case SEC_OID_PKCS5_PBMAC1:
+                secu_PrintPKCS5V2Params(out, &a->parameters, "MAC", level + 1);
+                break;
+            default:
+                secu_PrintPBEParams(out, &a->parameters, "Parameters", level + 1);
+                break;
+        }
+        return;
+    }
+
+    if (algtag == SEC_OID_PKCS1_RSA_PSS_SIGNATURE) {
+        secu_PrintRSAPSSParams(out, &a->parameters, "Parameters", level + 1);
+        return;
+    }
+
+    if (a->parameters.len == 0 ||
+        (a->parameters.len == 2 &&
+         PORT_Memcmp(a->parameters.data, "\005\000", 2) == 0)) {
+        /* No arguments or NULL argument */
+    } else {
+        /* Print args to algorithm */
+        SECU_PrintAsHex(out, &a->parameters, "Args", level + 1);
+    }
+}
+
+static void
+secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level)
+{
+    SECItem *value;
+    int i;
+    char om[100];
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:\n", m);
+    }
+
+    /*
+     * Should make this smarter; look at the type field and then decode
+     * and print the value(s) appropriately!
+     */
+    SECU_PrintObjectID(out, &(attr->type), "Type", level + 1);
+    if (attr->values != NULL) {
+        i = 0;
+        while ((value = attr->values[i++]) != NULL) {
+            sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : "");
+            if (attr->encoded || attr->typeTag == NULL) {
+                SECU_PrintAny(out, value, om, level + 1);
+            } else {
+                switch (attr->typeTag->offset) {
+                    default:
+                        SECU_PrintAsHex(out, value, om, level + 1);
+                        break;
+                    case SEC_OID_PKCS9_CONTENT_TYPE:
+                        SECU_PrintObjectID(out, value, om, level + 1);
+                        break;
+                    case SEC_OID_PKCS9_SIGNING_TIME:
+                        SECU_PrintTimeChoice(out, value, om, level + 1);
+                        break;
+                }
+            }
+        }
+    }
+}
+
+#ifndef NSS_DISABLE_ECC
+static void
+secu_PrintECPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+{
+    SECItem curveOID = { siBuffer, NULL, 0 };
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &pk->u.ec.publicValue, "PublicValue", level + 1);
+    /* For named curves, the DEREncodedParams field contains an
+     * ASN Object ID (0x06 is SEC_ASN1_OBJECT_ID).
+     */
+    if ((pk->u.ec.DEREncodedParams.len > 2) &&
+        (pk->u.ec.DEREncodedParams.data[0] == 0x06)) {
+        curveOID.len = pk->u.ec.DEREncodedParams.data[1];
+        curveOID.data = pk->u.ec.DEREncodedParams.data + 2;
+        SECU_PrintObjectID(out, &curveOID, "Curve", level + 1);
+    }
+}
+#endif /* NSS_DISABLE_ECC */
+
+void
+SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+{
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &pk->u.rsa.modulus, "Modulus", level + 1);
+    SECU_PrintInteger(out, &pk->u.rsa.publicExponent, "Exponent", level + 1);
+    if (pk->u.rsa.publicExponent.len == 1 &&
+        pk->u.rsa.publicExponent.data[0] == 1) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Error: INVALID RSA KEY!\n");
+    }
+}
+
+void
+SECU_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level)
+{
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &pk->u.dsa.params.prime, "Prime", level + 1);
+    SECU_PrintInteger(out, &pk->u.dsa.params.subPrime, "Subprime", level + 1);
+    SECU_PrintInteger(out, &pk->u.dsa.params.base, "Base", level + 1);
+    SECU_PrintInteger(out, &pk->u.dsa.publicValue, "PublicValue", level + 1);
+}
+
+static void
+secu_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
+                               CERTSubjectPublicKeyInfo *i, char *msg, int level)
+{
+    SECKEYPublicKey *pk;
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", msg);
+    SECU_PrintAlgorithmID(out, &i->algorithm, "Public Key Algorithm", level + 1);
+
+    pk = SECKEY_ExtractPublicKey(i);
+    if (pk) {
+        switch (pk->keyType) {
+            case rsaKey:
+                SECU_PrintRSAPublicKey(out, pk, "RSA Public Key", level + 1);
+                break;
+
+            case dsaKey:
+                SECU_PrintDSAPublicKey(out, pk, "DSA Public Key", level + 1);
+                break;
+
+#ifndef NSS_DISABLE_ECC
+            case ecKey:
+                secu_PrintECPublicKey(out, pk, "EC Public Key", level + 1);
+                break;
+#endif
+
+            case dhKey:
+            case fortezzaKey:
+            case keaKey:
+                SECU_Indent(out, level);
+                fprintf(out, "unable to format this SPKI algorithm type\n");
+                goto loser;
+            default:
+                SECU_Indent(out, level);
+                fprintf(out, "unknown SPKI algorithm type\n");
+                goto loser;
+        }
+        PORT_FreeArena(pk->arena, PR_FALSE);
+    } else {
+        SECU_PrintErrMsg(out, level, "Error", "Parsing public key");
+    loser:
+        if (i->subjectPublicKey.data) {
+            SECU_PrintAny(out, &i->subjectPublicKey, "Raw", level);
+        }
+    }
+}
+
+static void
+printStringWithoutCRLF(FILE *out, const char *str)
+{
+    const char *c = str;
+    while (*c) {
+        if (*c != '\r' && *c != '\n') {
+            fputc(*c, out);
+        }
+        ++c;
+    }
+}
+
+int
+SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
+                                 int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTCertificate *c;
+    int rv = SEC_ERROR_NO_MEMORY;
+    char *derIssuerB64;
+    char *derSerialB64;
+
+    if (!arena)
+        return rv;
+
+    /* Decode certificate */
+    c = PORT_ArenaZNew(arena, CERTCertificate);
+    if (!c)
+        goto loser;
+    c->arena = arena;
+    rv = SEC_ASN1DecodeItem(arena, c,
+                            SEC_ASN1_GET(CERT_CertificateTemplate), der);
+    if (rv) {
+        SECU_PrintErrMsg(out, 0, "Error", "Parsing extension");
+        goto loser;
+    }
+
+    SECU_PrintName(out, &c->subject, "Subject", 0);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+    SECU_PrintName(out, &c->issuer, "Issuer", 0);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+    SECU_PrintInteger(out, &c->serialNumber, "Serial Number", 0);
+
+    derIssuerB64 = BTOA_ConvertItemToAscii(&c->derIssuer);
+    derSerialB64 = BTOA_ConvertItemToAscii(&c->serialNumber);
+
+    fprintf(out, "Issuer DER Base64:\n");
+    if (SECU_GetWrapEnabled()) {
+        fprintf(out, "%s\n", derIssuerB64);
+    } else {
+        printStringWithoutCRLF(out, derIssuerB64);
+        fputs("\n", out);
+    }
+
+    fprintf(out, "Serial DER Base64:\n");
+    if (SECU_GetWrapEnabled()) {
+        fprintf(out, "%s\n", derSerialB64);
+    } else {
+        printStringWithoutCRLF(out, derSerialB64);
+        fputs("\n", out);
+    }
+
+    PORT_Free(derIssuerB64);
+    PORT_Free(derSerialB64);
+
+    fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len);
+
+    {
+        unsigned int i;
+        for (i = 0; i < c->serialNumber.len; ++i) {
+            unsigned char *chardata = (unsigned char *)(c->serialNumber.data);
+            unsigned char c = *(chardata + i);
+
+            fprintf(out, "\\x%02x", c);
+        }
+        fprintf(out, "\" }\n");
+    }
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+static SECStatus
+secu_PrintX509InvalidDate(FILE *out, SECItem *value, char *msg, int level)
+{
+    SECItem decodedValue;
+    SECStatus rv;
+    PRTime invalidTime;
+    char *formattedTime = NULL;
+
+    decodedValue.data = NULL;
+    rv = SEC_ASN1DecodeItem(NULL, &decodedValue,
+                            SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+                            value);
+    if (rv == SECSuccess) {
+        rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
+        if (rv == SECSuccess) {
+            formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y");
+            SECU_Indent(out, level + 1);
+            fprintf(out, "%s: %s\n", msg, formattedTime);
+            PORT_Free(formattedTime);
+        }
+    }
+    PORT_Free(decodedValue.data);
+    return (rv);
+}
+
+static SECStatus
+PrintExtKeyUsageExtension(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTOidSequence *os;
+    SECItem **op;
+
+    os = CERT_DecodeOidSequence(value);
+    if ((CERTOidSequence *)NULL == os) {
+        return SECFailure;
+    }
+
+    for (op = os->oids; *op; op++) {
+        SECU_PrintObjectID(out, *op, msg, level + 1);
+    }
+    CERT_DestroyOidSequence(os);
+    return SECSuccess;
+}
+
+static SECStatus
+secu_PrintBasicConstraints(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTBasicConstraints constraints;
+    SECStatus rv;
+
+    SECU_Indent(out, level);
+    if (msg) {
+        fprintf(out, "%s: ", msg);
+    }
+    rv = CERT_DecodeBasicConstraintValue(&constraints, value);
+    if (rv == SECSuccess && constraints.isCA) {
+        if (constraints.pathLenConstraint >= 0) {
+            fprintf(out, "Is a CA with a maximum path length of %d.\n",
+                    constraints.pathLenConstraint);
+        } else {
+            fprintf(out, "Is a CA with no maximum path length.\n");
+        }
+    } else {
+        fprintf(out, "Is not a CA.\n");
+    }
+    return SECSuccess;
+}
+
+static const char *const nsTypeBits[] = {
+    "SSL Client",
+    "SSL Server",
+    "S/MIME",
+    "Object Signing",
+    "Reserved",
+    "SSL CA",
+    "S/MIME CA",
+    "ObjectSigning CA"
+};
+
+/* NSCertType is merely a bit string whose bits are displayed symbolically */
+static SECStatus
+secu_PrintNSCertType(FILE *out, SECItem *value, char *msg, int level)
+{
+    int unused;
+    int NS_Type;
+    int i;
+    int found = 0;
+    SECItem my = *value;
+
+    if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
+        SECSuccess != SECU_StripTagAndLength(&my)) {
+        SECU_PrintAny(out, value, "Data", level);
+        return SECSuccess;
+    }
+
+    unused = (my.len == 2) ? (my.data[0] & 0x0f) : 0;
+    NS_Type = my.data[1] & (0xff << unused);
+
+    SECU_Indent(out, level);
+    if (msg) {
+        fprintf(out, "%s: ", msg);
+    } else {
+        fprintf(out, "Netscape Certificate Type: ");
+    }
+    for (i = 0; i < 8; i++) {
+        if ((0x80 >> i) & NS_Type) {
+            fprintf(out, "%c%s", (found ? ',' : '<'), nsTypeBits[i]);
+            found = 1;
+        }
+    }
+    fprintf(out, (found ? ">\n" : "none\n"));
+    return SECSuccess;
+}
+
+static const char *const usageBits[] = {
+    "Digital Signature",   /* 0x80 */
+    "Non-Repudiation",     /* 0x40 */
+    "Key Encipherment",    /* 0x20 */
+    "Data Encipherment",   /* 0x10 */
+    "Key Agreement",       /* 0x08 */
+    "Certificate Signing", /* 0x04 */
+    "CRL Signing",         /* 0x02 */
+    "Encipher Only",       /* 0x01 */
+    "Decipher Only",       /* 0x0080 */
+    NULL
+};
+
+/* X509KeyUsage is merely a bit string whose bits are displayed symbolically */
+static void
+secu_PrintX509KeyUsage(FILE *out, SECItem *value, char *msg, int level)
+{
+    int unused;
+    int usage;
+    int i;
+    int found = 0;
+    SECItem my = *value;
+
+    if ((my.data[0] != SEC_ASN1_BIT_STRING) ||
+        SECSuccess != SECU_StripTagAndLength(&my)) {
+        SECU_PrintAny(out, value, "Data", level);
+        return;
+    }
+
+    unused = (my.len >= 2) ? (my.data[0] & 0x0f) : 0;
+    usage = (my.len == 2) ? (my.data[1] & (0xff << unused)) << 8
+                          : (my.data[1] << 8) |
+                                (my.data[2] & (0xff << unused));
+
+    SECU_Indent(out, level);
+    fprintf(out, "Usages: ");
+    for (i = 0; usageBits[i]; i++) {
+        if ((0x8000 >> i) & usage) {
+            if (found)
+                SECU_Indent(out, level + 2);
+            fprintf(out, "%s\n", usageBits[i]);
+            found = 1;
+        }
+    }
+    if (!found) {
+        fprintf(out, "(none)\n");
+    }
+}
+
+static void
+secu_PrintIPAddress(FILE *out, SECItem *value, char *msg, int level)
+{
+    PRStatus st;
+    PRNetAddr addr;
+    char addrBuf[80];
+
+    memset(&addr, 0, sizeof addr);
+    if (value->len == 4) {
+        addr.inet.family = PR_AF_INET;
+        memcpy(&addr.inet.ip, value->data, value->len);
+    } else if (value->len == 16) {
+        addr.ipv6.family = PR_AF_INET6;
+        memcpy(addr.ipv6.ip.pr_s6_addr, value->data, value->len);
+        if (PR_IsNetAddrType(&addr, PR_IpAddrV4Mapped)) {
+            /* convert to IPv4.  */
+            addr.inet.family = PR_AF_INET;
+            memcpy(&addr.inet.ip, &addr.ipv6.ip.pr_s6_addr[12], 4);
+            memset(&addr.inet.pad[0], 0, sizeof addr.inet.pad);
+        }
+    } else {
+        goto loser;
+    }
+
+    st = PR_NetAddrToString(&addr, addrBuf, sizeof addrBuf);
+    if (st == PR_SUCCESS) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s: %s\n", msg, addrBuf);
+    } else {
+    loser:
+        SECU_PrintAsHex(out, value, msg, level);
+    }
+}
+
+static void
+secu_PrintGeneralName(FILE *out, CERTGeneralName *gname, char *msg, int level)
+{
+    char label[40];
+    if (msg && msg[0]) {
+        SECU_Indent(out, level++);
+        fprintf(out, "%s: \n", msg);
+    }
+    switch (gname->type) {
+        case certOtherName:
+            SECU_PrintAny(out, &gname->name.OthName.name, "Other Name", level);
+            SECU_PrintObjectID(out, &gname->name.OthName.oid, "OID", level + 1);
+            break;
+        case certDirectoryName:
+            SECU_PrintName(out, &gname->name.directoryName, "Directory Name", level);
+            break;
+        case certRFC822Name:
+            secu_PrintRawString(out, &gname->name.other, "RFC822 Name", level);
+            break;
+        case certDNSName:
+            secu_PrintRawString(out, &gname->name.other, "DNS name", level);
+            break;
+        case certURI:
+            secu_PrintRawString(out, &gname->name.other, "URI", level);
+            break;
+        case certIPAddress:
+            secu_PrintIPAddress(out, &gname->name.other, "IP Address", level);
+            break;
+        case certRegisterID:
+            SECU_PrintObjectID(out, &gname->name.other, "Registered ID", level);
+            break;
+        case certX400Address:
+            SECU_PrintAny(out, &gname->name.other, "X400 Address", level);
+            break;
+        case certEDIPartyName:
+            SECU_PrintAny(out, &gname->name.other, "EDI Party", level);
+            break;
+        default:
+            PR_snprintf(label, sizeof label, "unknown type [%d]",
+                        (int)gname->type - 1);
+            SECU_PrintAsHex(out, &gname->name.other, label, level);
+            break;
+    }
+}
+
+static void
+secu_PrintGeneralNames(FILE *out, CERTGeneralName *gname, char *msg, int level)
+{
+    CERTGeneralName *name = gname;
+    do {
+        secu_PrintGeneralName(out, name, msg, level);
+        name = CERT_GetNextGeneralName(name);
+    } while (name && name != gname);
+}
+
+static void
+secu_PrintAuthKeyIDExtension(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTAuthKeyID *kid = NULL;
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!pool) {
+        SECU_PrintError("Error", "Allocating new ArenaPool");
+        return;
+    }
+    kid = CERT_DecodeAuthKeyID(pool, value);
+    if (!kid) {
+        SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+        SECU_PrintAny(out, value, "Data", level);
+    } else {
+        int keyIDPresent = (kid->keyID.data && kid->keyID.len);
+        int issuerPresent = kid->authCertIssuer != NULL;
+        int snPresent = (kid->authCertSerialNumber.data &&
+                         kid->authCertSerialNumber.len);
+
+        if (keyIDPresent)
+            SECU_PrintAsHex(out, &kid->keyID, "Key ID", level);
+        if (issuerPresent)
+            secu_PrintGeneralName(out, kid->authCertIssuer, "Issuer", level);
+        if (snPresent)
+            SECU_PrintInteger(out, &kid->authCertSerialNumber,
+                              "Serial Number", level);
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+static void
+secu_PrintAltNameExtension(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTGeneralName *nameList;
+    CERTGeneralName *current;
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!pool) {
+        SECU_PrintError("Error", "Allocating new ArenaPool");
+        return;
+    }
+    nameList = current = CERT_DecodeAltNameExtension(pool, value);
+    if (!current) {
+        if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
+            /* Decoder found empty sequence, which is invalid. */
+            PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+        }
+        SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+        SECU_PrintAny(out, value, "Data", level);
+    } else {
+        do {
+            secu_PrintGeneralName(out, current, msg, level);
+            current = CERT_GetNextGeneralName(current);
+        } while (current != nameList);
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+static void
+secu_PrintCRLDistPtsExtension(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTCrlDistributionPoints *dPoints;
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!pool) {
+        SECU_PrintError("Error", "Allocating new ArenaPool");
+        return;
+    }
+    dPoints = CERT_DecodeCRLDistributionPoints(pool, value);
+    if (dPoints && dPoints->distPoints && dPoints->distPoints[0]) {
+        CRLDistributionPoint **pPoints = dPoints->distPoints;
+        CRLDistributionPoint *pPoint;
+        while (NULL != (pPoint = *pPoints++)) {
+            SECU_Indent(out, level);
+            fputs("Distribution point:\n", out);
+            if (pPoint->distPointType == generalName &&
+                pPoint->distPoint.fullName != NULL) {
+                secu_PrintGeneralNames(out, pPoint->distPoint.fullName, NULL,
+                                       level + 1);
+            } else if (pPoint->distPointType == relativeDistinguishedName &&
+                       pPoint->distPoint.relativeName.avas) {
+                SECU_PrintRDN(out, &pPoint->distPoint.relativeName, "RDN",
+                              level + 1);
+            } else if (pPoint->derDistPoint.data) {
+                SECU_PrintAny(out, &pPoint->derDistPoint, "Point", level + 1);
+            }
+            if (pPoint->reasons.data) {
+                secu_PrintDecodedBitString(out, &pPoint->reasons, "Reasons",
+                                           level + 1);
+            }
+            if (pPoint->crlIssuer) {
+                secu_PrintGeneralName(out, pPoint->crlIssuer, "CRL issuer",
+                                      level + 1);
+            }
+        }
+    } else {
+        SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+        SECU_PrintAny(out, value, "Data", level);
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+static void
+secu_PrintNameConstraintSubtree(FILE *out, CERTNameConstraint *value,
+                                char *msg, int level)
+{
+    CERTNameConstraint *head = value;
+    SECU_Indent(out, level);
+    fprintf(out, "%s Subtree:\n", msg);
+    level++;
+    do {
+        secu_PrintGeneralName(out, &value->name, NULL, level);
+        if (value->min.data)
+            SECU_PrintInteger(out, &value->min, "Minimum", level + 1);
+        if (value->max.data)
+            SECU_PrintInteger(out, &value->max, "Maximum", level + 1);
+        value = CERT_GetNextNameConstraint(value);
+    } while (value != head);
+}
+
+static void
+secu_PrintNameConstraintsExtension(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTNameConstraints *cnstrnts;
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!pool) {
+        SECU_PrintError("Error", "Allocating new ArenaPool");
+        return;
+    }
+    cnstrnts = CERT_DecodeNameConstraintsExtension(pool, value);
+    if (!cnstrnts) {
+        SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+        SECU_PrintAny(out, value, "Raw", level);
+    } else {
+        if (cnstrnts->permited)
+            secu_PrintNameConstraintSubtree(out, cnstrnts->permited,
+                                            "Permitted", level);
+        if (cnstrnts->excluded)
+            secu_PrintNameConstraintSubtree(out, cnstrnts->excluded,
+                                            "Excluded", level);
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+static void
+secu_PrintAuthorityInfoAcess(FILE *out, SECItem *value, char *msg, int level)
+{
+    CERTAuthInfoAccess **infos = NULL;
+    PLArenaPool *pool = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!pool) {
+        SECU_PrintError("Error", "Allocating new ArenaPool");
+        return;
+    }
+    infos = CERT_DecodeAuthInfoAccessExtension(pool, value);
+    if (!infos) {
+        SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+        SECU_PrintAny(out, value, "Raw", level);
+    } else {
+        CERTAuthInfoAccess *info;
+        while (NULL != (info = *infos++)) {
+            if (info->method.data) {
+                SECU_PrintObjectID(out, &info->method, "Method", level);
+            } else {
+                SECU_Indent(out, level);
+                fprintf(out, "Error: missing method\n");
+            }
+            if (info->location) {
+                secu_PrintGeneralName(out, info->location, "Location", level);
+            } else {
+                SECU_PrintAny(out, &info->derLocation, "Location", level);
+            }
+        }
+    }
+    PORT_FreeArena(pool, PR_FALSE);
+}
+
+void
+SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
+                     char *msg, int level)
+{
+    SECOidTag oidTag;
+
+    if (extensions) {
+        if (msg && *msg) {
+            SECU_Indent(out, level++);
+            fprintf(out, "%s:\n", msg);
+        }
+
+        while (*extensions) {
+            SECItem *tmpitem;
+
+            tmpitem = &(*extensions)->id;
+            SECU_PrintObjectID(out, tmpitem, "Name", level);
+
+            tmpitem = &(*extensions)->critical;
+            if (tmpitem->len) {
+                secu_PrintBoolean(out, tmpitem, "Critical", level);
+            }
+
+            oidTag = SECOID_FindOIDTag(&((*extensions)->id));
+            tmpitem = &((*extensions)->value);
+
+            switch (oidTag) {
+                case SEC_OID_X509_INVALID_DATE:
+                case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME:
+                    secu_PrintX509InvalidDate(out, tmpitem, "Date", level);
+                    break;
+                case SEC_OID_X509_CERTIFICATE_POLICIES:
+                    SECU_PrintPolicy(out, tmpitem, "Data", level);
+                    break;
+                case SEC_OID_NS_CERT_EXT_BASE_URL:
+                case SEC_OID_NS_CERT_EXT_REVOCATION_URL:
+                case SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL:
+                case SEC_OID_NS_CERT_EXT_CA_CRL_URL:
+                case SEC_OID_NS_CERT_EXT_CA_CERT_URL:
+                case SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL:
+                case SEC_OID_NS_CERT_EXT_CA_POLICY_URL:
+                case SEC_OID_NS_CERT_EXT_HOMEPAGE_URL:
+                case SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL:
+                case SEC_OID_OCSP_RESPONDER:
+                    SECU_PrintString(out, tmpitem, "URL", level);
+                    break;
+                case SEC_OID_NS_CERT_EXT_COMMENT:
+                    SECU_PrintString(out, tmpitem, "Comment", level);
+                    break;
+                case SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME:
+                    SECU_PrintString(out, tmpitem, "ServerName", level);
+                    break;
+                case SEC_OID_NS_CERT_EXT_CERT_TYPE:
+                    secu_PrintNSCertType(out, tmpitem, "Data", level);
+                    break;
+                case SEC_OID_X509_BASIC_CONSTRAINTS:
+                    secu_PrintBasicConstraints(out, tmpitem, "Data", level);
+                    break;
+                case SEC_OID_X509_EXT_KEY_USAGE:
+                    PrintExtKeyUsageExtension(out, tmpitem, NULL, level);
+                    break;
+                case SEC_OID_X509_KEY_USAGE:
+                    secu_PrintX509KeyUsage(out, tmpitem, NULL, level);
+                    break;
+                case SEC_OID_X509_AUTH_KEY_ID:
+                    secu_PrintAuthKeyIDExtension(out, tmpitem, NULL, level);
+                    break;
+                case SEC_OID_X509_SUBJECT_ALT_NAME:
+                case SEC_OID_X509_ISSUER_ALT_NAME:
+                    secu_PrintAltNameExtension(out, tmpitem, NULL, level);
+                    break;
+                case SEC_OID_X509_CRL_DIST_POINTS:
+                    secu_PrintCRLDistPtsExtension(out, tmpitem, NULL, level);
+                    break;
+                case SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:
+                    SECU_PrintPrivKeyUsagePeriodExtension(out, tmpitem, NULL,
+                                                          level);
+                    break;
+                case SEC_OID_X509_NAME_CONSTRAINTS:
+                    secu_PrintNameConstraintsExtension(out, tmpitem, NULL, level);
+                    break;
+                case SEC_OID_X509_AUTH_INFO_ACCESS:
+                    secu_PrintAuthorityInfoAcess(out, tmpitem, NULL, level);
+                    break;
+
+                case SEC_OID_X509_CRL_NUMBER:
+                case SEC_OID_X509_REASON_CODE:
+
+                /* PKIX OIDs */
+                case SEC_OID_PKIX_OCSP:
+                case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
+                case SEC_OID_PKIX_OCSP_NONCE:
+                case SEC_OID_PKIX_OCSP_CRL:
+                case SEC_OID_PKIX_OCSP_RESPONSE:
+                case SEC_OID_PKIX_OCSP_NO_CHECK:
+                case SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF:
+                case SEC_OID_PKIX_OCSP_SERVICE_LOCATOR:
+                case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+                case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+                case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+                case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+                case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+                case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+                case SEC_OID_PKIX_REGINFO_UTF8_PAIRS:
+                case SEC_OID_PKIX_REGINFO_CERT_REQUEST:
+
+                /* Netscape extension OIDs. */
+                case SEC_OID_NS_CERT_EXT_NETSCAPE_OK:
+                case SEC_OID_NS_CERT_EXT_ISSUER_LOGO:
+                case SEC_OID_NS_CERT_EXT_SUBJECT_LOGO:
+                case SEC_OID_NS_CERT_EXT_ENTITY_LOGO:
+                case SEC_OID_NS_CERT_EXT_USER_PICTURE:
+
+                /* x.509 v3 Extensions */
+                case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
+                case SEC_OID_X509_SUBJECT_KEY_ID:
+                case SEC_OID_X509_POLICY_MAPPINGS:
+                case SEC_OID_X509_POLICY_CONSTRAINTS:
+
+                default:
+                    SECU_PrintAny(out, tmpitem, "Data", level);
+                    break;
+            }
+
+            SECU_Newline(out);
+            extensions++;
+        }
+    }
+}
+
+/* An RDN is a subset of a DirectoryName, and we already know how to
+ * print those, so make a directory name out of the RDN, and print it.
+ */
+void
+SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level)
+{
+    CERTName name;
+    CERTRDN *rdns[2];
+
+    name.arena = NULL;
+    name.rdns = rdns;
+    rdns[0] = rdn;
+    rdns[1] = NULL;
+    SECU_PrintName(out, &name, msg, level);
+}
+
+void
+SECU_PrintNameQuotesOptional(FILE *out, CERTName *name, const char *msg,
+                             int level, PRBool quotes)
+{
+    char *nameStr = NULL;
+    char *str;
+    SECItem my;
+
+    if (!name) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+    if (!name->rdns || !name->rdns[0]) {
+        str = "(empty)";
+    } else {
+        str = nameStr = CERT_NameToAscii(name);
+    }
+    if (!str) {
+        str = "!Invalid AVA!";
+    }
+    my.data = (unsigned char *)str;
+    my.len = PORT_Strlen(str);
+#if 1
+    secu_PrintRawStringQuotesOptional(out, &my, msg, level, quotes);
+#else
+    SECU_Indent(out, level);
+    fprintf(out, "%s: ", msg);
+    fprintf(out, str);
+    SECU_Newline(out);
+#endif
+    PORT_Free(nameStr);
+}
+
+void
+SECU_PrintName(FILE *out, CERTName *name, const char *msg, int level)
+{
+    SECU_PrintNameQuotesOptional(out, name, msg, level, PR_TRUE);
+}
+
+void
+printflags(char *trusts, unsigned int flags)
+{
+    if (flags & CERTDB_VALID_CA)
+        if (!(flags & CERTDB_TRUSTED_CA) &&
+            !(flags & CERTDB_TRUSTED_CLIENT_CA))
+            PORT_Strcat(trusts, "c");
+    if (flags & CERTDB_TERMINAL_RECORD)
+        if (!(flags & CERTDB_TRUSTED))
+            PORT_Strcat(trusts, "p");
+    if (flags & CERTDB_TRUSTED_CA)
+        PORT_Strcat(trusts, "C");
+    if (flags & CERTDB_TRUSTED_CLIENT_CA)
+        PORT_Strcat(trusts, "T");
+    if (flags & CERTDB_TRUSTED)
+        PORT_Strcat(trusts, "P");
+    if (flags & CERTDB_USER)
+        PORT_Strcat(trusts, "u");
+    if (flags & CERTDB_SEND_WARN)
+        PORT_Strcat(trusts, "w");
+    if (flags & CERTDB_INVISIBLE_CA)
+        PORT_Strcat(trusts, "I");
+    if (flags & CERTDB_GOVT_APPROVED_CA)
+        PORT_Strcat(trusts, "G");
+    return;
+}
+
+/* callback for listing certs through pkcs11 */
+SECStatus
+SECU_PrintCertNickname(CERTCertListNode *node, void *data)
+{
+    CERTCertTrust trust;
+    CERTCertificate *cert;
+    FILE *out;
+    char trusts[30];
+    char *name;
+
+    cert = node->cert;
+
+    PORT_Memset(trusts, 0, sizeof(trusts));
+    out = (FILE *)data;
+
+    name = node->appData;
+    if (!name || !name[0]) {
+        name = cert->nickname;
+    }
+    if (!name || !name[0]) {
+        name = cert->emailAddr;
+    }
+    if (!name || !name[0]) {
+        name = "(NULL)";
+    }
+
+    if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+        printflags(trusts, trust.sslFlags);
+        PORT_Strcat(trusts, ",");
+        printflags(trusts, trust.emailFlags);
+        PORT_Strcat(trusts, ",");
+        printflags(trusts, trust.objectSigningFlags);
+    } else {
+        PORT_Memcpy(trusts, ",,", 3);
+    }
+    fprintf(out, "%-60s %-5s\n", name, trusts);
+
+    return (SECSuccess);
+}
+
+int
+SECU_DecodeAndPrintExtensions(FILE *out, SECItem *any, char *m, int level)
+{
+    CERTCertExtension **extensions = NULL;
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    int rv = 0;
+
+    if (!arena)
+        return SEC_ERROR_NO_MEMORY;
+
+    rv = SEC_QuickDERDecodeItem(arena, &extensions,
+                                SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate), any);
+    if (!rv)
+        SECU_PrintExtensions(out, extensions, m, level);
+    else
+        SECU_PrintAny(out, any, m, level);
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+/* print a decoded SET OF or SEQUENCE OF Extensions */
+int
+SECU_PrintSetOfExtensions(FILE *out, SECItem **any, char *m, int level)
+{
+    int rv = 0;
+    if (m && *m) {
+        SECU_Indent(out, level++);
+        fprintf(out, "%s:\n", m);
+    }
+    while (any && any[0]) {
+        rv |= SECU_DecodeAndPrintExtensions(out, any[0], "", level);
+        any++;
+    }
+    return rv;
+}
+
+/* print a decoded SET OF or SEQUENCE OF "ANY" */
+int
+SECU_PrintSetOfAny(FILE *out, SECItem **any, char *m, int level)
+{
+    int rv = 0;
+    if (m && *m) {
+        SECU_Indent(out, level++);
+        fprintf(out, "%s:\n", m);
+    }
+    while (any && any[0]) {
+        SECU_PrintAny(out, any[0], "", level);
+        any++;
+    }
+    return rv;
+}
+
+int
+SECU_PrintCertAttribute(FILE *out, CERTAttribute *attr, char *m, int level)
+{
+    int rv = 0;
+    SECOidTag tag;
+    tag = SECU_PrintObjectID(out, &attr->attrType, "Attribute Type", level);
+    if (tag == SEC_OID_PKCS9_EXTENSION_REQUEST) {
+        rv = SECU_PrintSetOfExtensions(out, attr->attrValue, "Extensions", level);
+    } else {
+        rv = SECU_PrintSetOfAny(out, attr->attrValue, "Attribute Values", level);
+    }
+    return rv;
+}
+
+int
+SECU_PrintCertAttributes(FILE *out, CERTAttribute **attrs, char *m, int level)
+{
+    int rv = 0;
+    while (attrs[0]) {
+        rv |= SECU_PrintCertAttribute(out, attrs[0], m, level + 1);
+        attrs++;
+    }
+    return rv;
+}
+
+int /* sometimes a PRErrorCode, other times a SECStatus.  Sigh. */
+    SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m, int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTCertificateRequest *cr;
+    int rv = SEC_ERROR_NO_MEMORY;
+
+    if (!arena)
+        return rv;
+
+    /* Decode certificate request */
+    cr = PORT_ArenaZNew(arena, CERTCertificateRequest);
+    if (!cr)
+        goto loser;
+    cr->arena = arena;
+    rv = SEC_QuickDERDecodeItem(arena, cr,
+                                SEC_ASN1_GET(CERT_CertificateRequestTemplate), der);
+    if (rv)
+        goto loser;
+
+    /* Pretty print it out */
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &cr->version, "Version", level + 1);
+    SECU_PrintName(out, &cr->subject, "Subject", level + 1);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+    secu_PrintSubjectPublicKeyInfo(out, arena, &cr->subjectPublicKeyInfo,
+                                   "Subject Public Key Info", level + 1);
+    if (cr->attributes)
+        SECU_PrintCertAttributes(out, cr->attributes, "Attributes", level + 1);
+    rv = 0;
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+int
+SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m, int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTCertificate *c;
+    int rv = SEC_ERROR_NO_MEMORY;
+    int iv;
+
+    if (!arena)
+        return rv;
+
+    /* Decode certificate */
+    c = PORT_ArenaZNew(arena, CERTCertificate);
+    if (!c)
+        goto loser;
+    c->arena = arena;
+    rv = SEC_ASN1DecodeItem(arena, c,
+                            SEC_ASN1_GET(CERT_CertificateTemplate), der);
+    if (rv) {
+        SECU_Indent(out, level);
+        SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+        SECU_PrintAny(out, der, "Raw", level);
+        goto loser;
+    }
+    /* Pretty print it out */
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    iv = c->version.len ? DER_GetInteger(&c->version) : 0; /* version is optional */
+    SECU_Indent(out, level + 1);
+    fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
+
+    SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level + 1);
+    SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level + 1);
+    SECU_PrintName(out, &c->issuer, "Issuer", level + 1);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+    secu_PrintValidity(out, &c->validity, "Validity", level + 1);
+    SECU_PrintName(out, &c->subject, "Subject", level + 1);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+    secu_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo,
+                                   "Subject Public Key Info", level + 1);
+    if (c->issuerID.data)
+        secu_PrintDecodedBitString(out, &c->issuerID, "Issuer Unique ID", level + 1);
+    if (c->subjectID.data)
+        secu_PrintDecodedBitString(out, &c->subjectID, "Subject Unique ID", level + 1);
+    SECU_PrintExtensions(out, c->extensions, "Signed Extensions", level + 1);
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+int
+SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTCertificate *c;
+    int rv = SEC_ERROR_NO_MEMORY;
+
+    if (!arena)
+        return rv;
+
+    /* Decode certificate */
+    c = PORT_ArenaZNew(arena, CERTCertificate);
+    if (!c)
+        goto loser;
+    c->arena = arena;
+    rv = SEC_ASN1DecodeItem(arena, c,
+                            SEC_ASN1_GET(CERT_CertificateTemplate), der);
+    if (rv) {
+        SECU_Indent(out, level);
+        SECU_PrintErrMsg(out, level, "Error", "Parsing extension");
+        SECU_PrintAny(out, der, "Raw", level);
+        goto loser;
+    }
+    /* Pretty print it out */
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &c->serialNumber, "Serial Number", level + 1);
+    SECU_PrintAlgorithmID(out, &c->signature, "Signature Algorithm", level + 1);
+    SECU_PrintName(out, &c->issuer, "Issuer", level + 1);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+    secu_PrintValidity(out, &c->validity, "Validity", level + 1);
+    SECU_PrintName(out, &c->subject, "Subject", level + 1);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+int
+SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m, int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    int rv = SEC_ERROR_NO_MEMORY;
+    CERTSubjectPublicKeyInfo spki;
+
+    if (!arena)
+        return rv;
+
+    PORT_Memset(&spki, 0, sizeof spki);
+    rv = SEC_ASN1DecodeItem(arena, &spki,
+                            SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate),
+                            der);
+    if (!rv) {
+        if (m && *m) {
+            SECU_Indent(out, level);
+            fprintf(out, "%s:\n", m);
+        }
+        secu_PrintSubjectPublicKeyInfo(out, arena, &spki,
+                                       "Subject Public Key Info", level + 1);
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+#ifdef HAVE_EPV_TEMPLATE
+int
+SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    SECKEYEncryptedPrivateKeyInfo key;
+    int rv = SEC_ERROR_NO_MEMORY;
+
+    if (!arena)
+        return rv;
+
+    PORT_Memset(&key, 0, sizeof(key));
+    rv = SEC_ASN1DecodeItem(arena, &key,
+                            SEC_ASN1_GET(SECKEY_EncryptedPrivateKeyInfoTemplate), der);
+    if (rv)
+        goto loser;
+
+    /* Pretty print it out */
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintAlgorithmID(out, &key.algorithm, "Encryption Algorithm",
+                          level + 1);
+    SECU_PrintAsHex(out, &key.encryptedData, "Encrypted Data", level + 1);
+loser:
+    PORT_FreeArena(arena, PR_TRUE);
+    return rv;
+}
+#endif
+
+int
+SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m, int level)
+{
+    unsigned char fingerprint[SHA256_LENGTH];
+    char *fpStr = NULL;
+    int err = PORT_GetError();
+    SECStatus rv;
+    SECItem fpItem;
+
+    /* Print SHA-256 fingerprint */
+    memset(fingerprint, 0, sizeof fingerprint);
+    rv = PK11_HashBuf(SEC_OID_SHA256, fingerprint, derCert->data, derCert->len);
+    fpItem.data = fingerprint;
+    fpItem.len = SHA256_LENGTH;
+    fpStr = CERT_Hexify(&fpItem, 1);
+    SECU_Indent(out, level);
+    fprintf(out, "%s (SHA-256):", m);
+    if (SECU_GetWrapEnabled()) {
+        fprintf(out, "\n");
+        SECU_Indent(out, level + 1);
+    } else {
+        fprintf(out, " ");
+    }
+    fprintf(out, "%s\n", fpStr);
+    PORT_Free(fpStr);
+    fpStr = NULL;
+    if (rv != SECSuccess && !err)
+        err = PORT_GetError();
+
+    /* print SHA1 fingerprint */
+    memset(fingerprint, 0, sizeof fingerprint);
+    rv = PK11_HashBuf(SEC_OID_SHA1, fingerprint, derCert->data, derCert->len);
+    fpItem.data = fingerprint;
+    fpItem.len = SHA1_LENGTH;
+    fpStr = CERT_Hexify(&fpItem, 1);
+    SECU_Indent(out, level);
+    fprintf(out, "%s (SHA1):", m);
+    if (SECU_GetWrapEnabled()) {
+        fprintf(out, "\n");
+        SECU_Indent(out, level + 1);
+    } else {
+        fprintf(out, " ");
+    }
+    fprintf(out, "%s\n", fpStr);
+    PORT_Free(fpStr);
+    if (SECU_GetWrapEnabled())
+        fprintf(out, "\n");
+
+    if (err)
+        PORT_SetError(err);
+    if (err || rv != SECSuccess)
+        return SECFailure;
+
+    return 0;
+}
+
+/*
+** PKCS7 Support
+*/
+
+/* forward declaration */
+static int
+secu_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *, int);
+
+/*
+** secu_PrintPKCS7EncContent
+**   Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
+*/
+static void
+secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
+                          char *m, int level)
+{
+    if (src->contentTypeTag == NULL)
+        src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_Indent(out, level + 1);
+    fprintf(out, "Content Type: %s\n",
+            (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
+                                          : "Unknown");
+    SECU_PrintAlgorithmID(out, &(src->contentEncAlg),
+                          "Content Encryption Algorithm", level + 1);
+    SECU_PrintAsHex(out, &(src->encContent),
+                    "Encrypted Content", level + 1);
+}
+
+/*
+** secu_PrintRecipientInfo
+**   Prints a PKCS7RecipientInfo type
+*/
+static void
+secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
+                        int level)
+{
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &(info->version), "Version", level + 1);
+
+    SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
+                   level + 1);
+    SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+                      "Serial Number", level + 1);
+
+    /* Parse and display encrypted key */
+    SECU_PrintAlgorithmID(out, &(info->keyEncAlg),
+                          "Key Encryption Algorithm", level + 1);
+    SECU_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
+}
+
+/*
+** secu_PrintSignerInfo
+**   Prints a PKCS7SingerInfo type
+*/
+static void
+secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m, int level)
+{
+    SEC_PKCS7Attribute *attr;
+    int iv;
+    char om[100];
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &(info->version), "Version", level + 1);
+
+    SECU_PrintName(out, &(info->issuerAndSN->issuer), "Issuer",
+                   level + 1);
+    SECU_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+                      "Serial Number", level + 1);
+
+    SECU_PrintAlgorithmID(out, &(info->digestAlg), "Digest Algorithm",
+                          level + 1);
+
+    if (info->authAttr != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Authenticated Attributes:\n");
+        iv = 0;
+        while ((attr = info->authAttr[iv++]) != NULL) {
+            sprintf(om, "Attribute (%d)", iv);
+            secu_PrintAttribute(out, attr, om, level + 2);
+        }
+    }
+
+    /* Parse and display signature */
+    SECU_PrintAlgorithmID(out, &(info->digestEncAlg),
+                          "Digest Encryption Algorithm", level + 1);
+    SECU_PrintAsHex(out, &(info->encDigest), "Encrypted Digest", level + 1);
+
+    if (info->unAuthAttr != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Unauthenticated Attributes:\n");
+        iv = 0;
+        while ((attr = info->unAuthAttr[iv++]) != NULL) {
+            sprintf(om, "Attribute (%x)", iv);
+            secu_PrintAttribute(out, attr, om, level + 2);
+        }
+    }
+}
+
+/* callers of this function must make sure that the CERTSignedCrl
+   from which they are extracting the CERTCrl has been fully-decoded.
+   Otherwise it will not have the entries even though the CRL may have
+   some */
+
+void
+SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level)
+{
+    CERTCrlEntry *entry;
+    int iv;
+    char om[100];
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    /* version is optional */
+    iv = crl->version.len ? DER_GetInteger(&crl->version) : 0;
+    SECU_Indent(out, level + 1);
+    fprintf(out, "%s: %d (0x%x)\n", "Version", iv + 1, iv);
+    SECU_PrintAlgorithmID(out, &(crl->signatureAlg), "Signature Algorithm",
+                          level + 1);
+    SECU_PrintName(out, &(crl->name), "Issuer", level + 1);
+    SECU_PrintTimeChoice(out, &(crl->lastUpdate), "This Update", level + 1);
+    if (crl->nextUpdate.data && crl->nextUpdate.len) /* is optional */
+        SECU_PrintTimeChoice(out, &(crl->nextUpdate), "Next Update", level + 1);
+
+    if (crl->entries != NULL) {
+        iv = 0;
+        while ((entry = crl->entries[iv++]) != NULL) {
+            sprintf(om, "Entry %d (0x%x):\n", iv, iv);
+            SECU_Indent(out, level + 1);
+            fputs(om, out);
+            SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number",
+                              level + 2);
+            SECU_PrintTimeChoice(out, &(entry->revocationDate),
+                                 "Revocation Date", level + 2);
+            SECU_PrintExtensions(out, entry->extensions,
+                                 "Entry Extensions", level + 2);
+        }
+    }
+    SECU_PrintExtensions(out, crl->extensions, "CRL Extensions", level + 1);
+}
+
+/*
+** secu_PrintPKCS7Signed
+**   Pretty print a PKCS7 signed data type (up to version 1).
+*/
+static int
+secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src,
+                      const char *m, int level)
+{
+    SECAlgorithmID *digAlg;       /* digest algorithms */
+    SECItem *aCert;               /* certificate */
+    CERTSignedCrl *aCrl;          /* certificate revocation list */
+    SEC_PKCS7SignerInfo *sigInfo; /* signer information */
+    int rv, iv;
+    char om[100];
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    /* Parse and list digest algorithms (if any) */
+    if (src->digestAlgorithms != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Digest Algorithm List:\n");
+        iv = 0;
+        while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+            sprintf(om, "Digest Algorithm (%x)", iv);
+            SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
+        }
+    }
+
+    /* Now for the content */
+    rv = secu_PrintPKCS7ContentInfo(out, &(src->contentInfo),
+                                    "Content Information", level + 1);
+    if (rv != 0)
+        return rv;
+
+    /* Parse and list certificates (if any) */
+    if (src->rawCerts != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Certificate List:\n");
+        iv = 0;
+        while ((aCert = src->rawCerts[iv++]) != NULL) {
+            sprintf(om, "Certificate (%x)", iv);
+            rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+                                      (SECU_PPFunc)SECU_PrintCertificate);
+            if (rv)
+                return rv;
+        }
+    }
+
+    /* Parse and list CRL's (if any) */
+    if (src->crls != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Signed Revocation Lists:\n");
+        iv = 0;
+        while ((aCrl = src->crls[iv++]) != NULL) {
+            sprintf(om, "Signed Revocation List (%x)", iv);
+            SECU_Indent(out, level + 2);
+            fprintf(out, "%s:\n", om);
+            SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+                                  "Signature Algorithm", level + 3);
+            DER_ConvertBitString(&aCrl->signatureWrap.signature);
+            SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+                            level + 3);
+            SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+                              level + 3);
+        }
+    }
+
+    /* Parse and list signatures (if any) */
+    if (src->signerInfos != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Signer Information List:\n");
+        iv = 0;
+        while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+            sprintf(om, "Signer Information (%x)", iv);
+            secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+        }
+    }
+
+    return 0;
+}
+
+/*
+** secu_PrintPKCS7Enveloped
+**  Pretty print a PKCS7 enveloped data type (up to version 1).
+*/
+static void
+secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
+                         const char *m, int level)
+{
+    SEC_PKCS7RecipientInfo *recInfo; /* pointer for signer information */
+    int iv;
+    char om[100];
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    /* Parse and list recipients (this is not optional) */
+    if (src->recipientInfos != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Recipient Information List:\n");
+        iv = 0;
+        while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+            sprintf(om, "Recipient Information (%x)", iv);
+            secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+        }
+    }
+
+    secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+                              "Encrypted Content Information", level + 1);
+}
+
+/*
+** secu_PrintPKCS7SignedEnveloped
+**   Pretty print a PKCS7 singed and enveloped data type (up to version 1).
+*/
+static int
+secu_PrintPKCS7SignedAndEnveloped(FILE *out,
+                                  SEC_PKCS7SignedAndEnvelopedData *src,
+                                  const char *m, int level)
+{
+    SECAlgorithmID *digAlg;          /* pointer for digest algorithms */
+    SECItem *aCert;                  /* pointer for certificate */
+    CERTSignedCrl *aCrl;             /* pointer for certificate revocation list */
+    SEC_PKCS7SignerInfo *sigInfo;    /* pointer for signer information */
+    SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
+    int rv, iv;
+    char om[100];
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    /* Parse and list recipients (this is not optional) */
+    if (src->recipientInfos != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Recipient Information List:\n");
+        iv = 0;
+        while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+            sprintf(om, "Recipient Information (%x)", iv);
+            secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+        }
+    }
+
+    /* Parse and list digest algorithms (if any) */
+    if (src->digestAlgorithms != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Digest Algorithm List:\n");
+        iv = 0;
+        while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+            sprintf(om, "Digest Algorithm (%x)", iv);
+            SECU_PrintAlgorithmID(out, digAlg, om, level + 2);
+        }
+    }
+
+    secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+                              "Encrypted Content Information", level + 1);
+
+    /* Parse and list certificates (if any) */
+    if (src->rawCerts != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Certificate List:\n");
+        iv = 0;
+        while ((aCert = src->rawCerts[iv++]) != NULL) {
+            sprintf(om, "Certificate (%x)", iv);
+            rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+                                      (SECU_PPFunc)SECU_PrintCertificate);
+            if (rv)
+                return rv;
+        }
+    }
+
+    /* Parse and list CRL's (if any) */
+    if (src->crls != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Signed Revocation Lists:\n");
+        iv = 0;
+        while ((aCrl = src->crls[iv++]) != NULL) {
+            sprintf(om, "Signed Revocation List (%x)", iv);
+            SECU_Indent(out, level + 2);
+            fprintf(out, "%s:\n", om);
+            SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+                                  "Signature Algorithm", level + 3);
+            DER_ConvertBitString(&aCrl->signatureWrap.signature);
+            SECU_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+                            level + 3);
+            SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+                              level + 3);
+        }
+    }
+
+    /* Parse and list signatures (if any) */
+    if (src->signerInfos != NULL) {
+        SECU_Indent(out, level + 1);
+        fprintf(out, "Signer Information List:\n");
+        iv = 0;
+        while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+            sprintf(om, "Signer Information (%x)", iv);
+            secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+        }
+    }
+
+    return 0;
+}
+
+int
+SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTCrl *c = NULL;
+    int rv = SEC_ERROR_NO_MEMORY;
+
+    if (!arena)
+        return rv;
+    do {
+        /* Decode CRL */
+        c = PORT_ArenaZNew(arena, CERTCrl);
+        if (!c)
+            break;
+
+        rv = SEC_QuickDERDecodeItem(arena, c, SEC_ASN1_GET(CERT_CrlTemplate), der);
+        if (rv != SECSuccess)
+            break;
+        SECU_PrintCRLInfo(out, c, m, level);
+    } while (0);
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+/*
+** secu_PrintPKCS7Encrypted
+**   Pretty print a PKCS7 encrypted data type (up to version 1).
+*/
+static void
+secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
+                         const char *m, int level)
+{
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+                              "Encrypted Content Information", level + 1);
+}
+
+/*
+** secu_PrintPKCS7Digested
+**   Pretty print a PKCS7 digested data type (up to version 1).
+*/
+static void
+secu_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src,
+                        const char *m, int level)
+{
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    SECU_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm",
+                          level + 1);
+    secu_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
+                               level + 1);
+    SECU_PrintAsHex(out, &src->digest, "Digest", level + 1);
+}
+
+/*
+** secu_PrintPKCS7ContentInfo
+**   Takes a SEC_PKCS7ContentInfo type and sends the contents to the
+** appropriate function
+*/
+static int
+secu_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src,
+                           char *m, int level)
+{
+    const char *desc;
+    SECOidTag kind;
+    int rv;
+
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    level++;
+
+    if (src->contentTypeTag == NULL)
+        src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+
+    if (src->contentTypeTag == NULL) {
+        desc = "Unknown";
+        kind = SEC_OID_PKCS7_DATA;
+    } else {
+        desc = src->contentTypeTag->desc;
+        kind = src->contentTypeTag->offset;
+    }
+
+    if (src->content.data == NULL) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:\n", desc);
+        level++;
+        SECU_Indent(out, level);
+        fprintf(out, "<no content>\n");
+        return 0;
+    }
+
+    rv = 0;
+    switch (kind) {
+        case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
+            rv = secu_PrintPKCS7Signed(out, src->content.signedData, desc, level);
+            break;
+
+        case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
+            secu_PrintPKCS7Enveloped(out, src->content.envelopedData, desc, level);
+            break;
+
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
+            rv = secu_PrintPKCS7SignedAndEnveloped(out,
+                                                   src->content.signedAndEnvelopedData,
+                                                   desc, level);
+            break;
+
+        case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
+            secu_PrintPKCS7Digested(out, src->content.digestedData, desc, level);
+            break;
+
+        case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
+            secu_PrintPKCS7Encrypted(out, src->content.encryptedData, desc, level);
+            break;
+
+        default:
+            SECU_PrintAsHex(out, src->content.data, desc, level);
+            break;
+    }
+
+    return rv;
+}
+
+/*
+** SECU_PrintPKCS7ContentInfo
+**   Decode and print any major PKCS7 data type (up to version 1).
+*/
+int
+SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m, int level)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    int rv;
+
+    cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+    if (cinfo != NULL) {
+        /* Send it to recursive parsing and printing module */
+        rv = secu_PrintPKCS7ContentInfo(out, cinfo, m, level);
+        SEC_PKCS7DestroyContentInfo(cinfo);
+    } else {
+        rv = -1;
+    }
+
+    return rv;
+}
+
+/*
+** End of PKCS7 functions
+*/
+
+void
+printFlags(FILE *out, unsigned int flags, int level)
+{
+    if (flags & CERTDB_TERMINAL_RECORD) {
+        SECU_Indent(out, level);
+        fprintf(out, "Terminal Record\n");
+    }
+    if (flags & CERTDB_TRUSTED) {
+        SECU_Indent(out, level);
+        fprintf(out, "Trusted\n");
+    }
+    if (flags & CERTDB_SEND_WARN) {
+        SECU_Indent(out, level);
+        fprintf(out, "Warn When Sending\n");
+    }
+    if (flags & CERTDB_VALID_CA) {
+        SECU_Indent(out, level);
+        fprintf(out, "Valid CA\n");
+    }
+    if (flags & CERTDB_TRUSTED_CA) {
+        SECU_Indent(out, level);
+        fprintf(out, "Trusted CA\n");
+    }
+    if (flags & CERTDB_NS_TRUSTED_CA) {
+        SECU_Indent(out, level);
+        fprintf(out, "Netscape Trusted CA\n");
+    }
+    if (flags & CERTDB_USER) {
+        SECU_Indent(out, level);
+        fprintf(out, "User\n");
+    }
+    if (flags & CERTDB_TRUSTED_CLIENT_CA) {
+        SECU_Indent(out, level);
+        fprintf(out, "Trusted Client CA\n");
+    }
+    if (flags & CERTDB_GOVT_APPROVED_CA) {
+        SECU_Indent(out, level);
+        fprintf(out, "Step-up\n");
+    }
+}
+
+void
+SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m, int level)
+{
+    SECU_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    SECU_Indent(out, level + 1);
+    fprintf(out, "SSL Flags:\n");
+    printFlags(out, trust->sslFlags, level + 2);
+    SECU_Indent(out, level + 1);
+    fprintf(out, "Email Flags:\n");
+    printFlags(out, trust->emailFlags, level + 2);
+    SECU_Indent(out, level + 1);
+    fprintf(out, "Object Signing Flags:\n");
+    printFlags(out, trust->objectSigningFlags, level + 2);
+}
+
+int
+SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTName *name;
+    int rv = SEC_ERROR_NO_MEMORY;
+
+    if (!arena)
+        return rv;
+
+    name = PORT_ArenaZNew(arena, CERTName);
+    if (!name)
+        goto loser;
+
+    rv = SEC_ASN1DecodeItem(arena, name, SEC_ASN1_GET(CERT_NameTemplate), der);
+    if (rv)
+        goto loser;
+
+    SECU_PrintName(out, name, m, level);
+    if (!SECU_GetWrapEnabled()) /*SECU_PrintName didn't add newline*/
+        SECU_Newline(out);
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+typedef enum {
+    noSignature = 0,
+    withSignature = 1
+} SignatureOptionType;
+
+static int
+secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m,
+                           int level, SECU_PPFunc inner,
+                           SignatureOptionType withSignature)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTSignedData *sd;
+    int rv = SEC_ERROR_NO_MEMORY;
+
+    if (!arena)
+        return rv;
+
+    /* Strip off the signature */
+    sd = PORT_ArenaZNew(arena, CERTSignedData);
+    if (!sd)
+        goto loser;
+
+    rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
+                            der);
+    if (rv)
+        goto loser;
+
+    if (m) {
+        SECU_Indent(out, level);
+        fprintf(out, "%s:\n", m);
+    } else {
+        level -= 1;
+    }
+    rv = (*inner)(out, &sd->data, "Data", level + 1);
+
+    if (withSignature) {
+        SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
+                              level + 1);
+        DER_ConvertBitString(&sd->signature);
+        SECU_PrintAsHex(out, &sd->signature, "Signature", level + 1);
+    }
+    SECU_PrintFingerprints(out, der, "Fingerprint", level + 1);
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+int
+SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+                     int level, SECU_PPFunc inner)
+{
+    return secu_PrintSignedDataSigOpt(out, der, m, level, inner,
+                                      withSignature);
+}
+
+int
+SECU_PrintSignedContent(FILE *out, SECItem *der, char *m,
+                        int level, SECU_PPFunc inner)
+{
+    return secu_PrintSignedDataSigOpt(out, der, m, level, inner,
+                                      noSignature);
+}
+
+SECStatus
+SEC_PrintCertificateAndTrust(CERTCertificate *cert,
+                             const char *label,
+                             CERTCertTrust *trust)
+{
+    SECStatus rv;
+    SECItem data;
+    CERTCertTrust certTrust;
+    PK11SlotList *slotList;
+    PRBool falseAttributeFound = PR_FALSE;
+    PRBool trueAttributeFound = PR_FALSE;
+    const char *moz_policy_ca_info = NULL;
+
+    data.data = cert->derCert.data;
+    data.len = cert->derCert.len;
+
+    rv = SECU_PrintSignedData(stdout, &data, label, 0,
+                              (SECU_PPFunc)SECU_PrintCertificate);
+    if (rv) {
+        return (SECFailure);
+    }
+
+    slotList = PK11_GetAllSlotsForCert(cert, NULL);
+    if (slotList) {
+        PK11SlotListElement *se = PK11_GetFirstSafe(slotList);
+        for (; se; se = PK11_GetNextSafe(slotList, se, PR_FALSE)) {
+            CK_OBJECT_HANDLE handle = PK11_FindCertInSlot(se->slot, cert, NULL);
+            if (handle != CK_INVALID_HANDLE) {
+                PORT_SetError(0);
+                if (PK11_HasAttributeSet(se->slot, handle,
+                                         CKA_NSS_MOZILLA_CA_POLICY, PR_FALSE)) {
+                    trueAttributeFound = PR_TRUE;
+                } else if (!PORT_GetError()) {
+                    falseAttributeFound = PR_TRUE;
+                }
+            }
+        }
+        PK11_FreeSlotList(slotList);
+    }
+
+    if (trueAttributeFound) {
+        moz_policy_ca_info = "true (attribute present)";
+    } else if (falseAttributeFound) {
+        moz_policy_ca_info = "false (attribute present)";
+    } else {
+        moz_policy_ca_info = "false (attribute missing)";
+    }
+    SECU_Indent(stdout, 1);
+    printf("Mozilla-CA-Policy: %s\n", moz_policy_ca_info);
+
+    if (trust) {
+        SECU_PrintTrustFlags(stdout, trust,
+                             "Certificate Trust Flags", 1);
+    } else if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
+        SECU_PrintTrustFlags(stdout, &certTrust,
+                             "Certificate Trust Flags", 1);
+    }
+
+    printf("\n");
+
+    return (SECSuccess);
+}
+
+static char *
+bestCertName(CERTCertificate *cert)
+{
+    if (cert->nickname) {
+        return cert->nickname;
+    }
+    if (cert->emailAddr && cert->emailAddr[0]) {
+        return cert->emailAddr;
+    }
+    return cert->subjectName;
+}
+
+void
+SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
+                             CERTCertificate *cert, PRBool checksig,
+                             SECCertificateUsage certUsage, void *pinArg, PRBool verbose,
+                             PRTime datetime)
+{
+    CERTVerifyLog log;
+    CERTVerifyLogNode *node;
+
+    PRErrorCode err = PORT_GetError();
+
+    log.arena = PORT_NewArena(512);
+    log.head = log.tail = NULL;
+    log.count = 0;
+    CERT_VerifyCertificate(handle, cert, checksig, certUsage, datetime, pinArg, &log, NULL);
+
+    SECU_displayVerifyLog(outfile, &log, verbose);
+
+    for (node = log.head; node; node = node->next) {
+        if (node->cert)
+            CERT_DestroyCertificate(node->cert);
+    }
+    PORT_FreeArena(log.arena, PR_FALSE);
+
+    PORT_SetError(err); /* restore original error code */
+}
+
+void
+SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
+                      PRBool verbose)
+{
+    CERTVerifyLogNode *node = NULL;
+    unsigned int depth = (unsigned int)-1;
+    unsigned int flags = 0;
+    char *errstr = NULL;
+
+    if (log->count > 0) {
+        fprintf(outfile, "PROBLEM WITH THE CERT CHAIN:\n");
+        for (node = log->head; node; node = node->next) {
+            if (depth != node->depth) {
+                depth = node->depth;
+                fprintf(outfile, "CERT %d. %s %s:\n", depth,
+                        bestCertName(node->cert),
+                        depth ? "[Certificate Authority]" : "");
+                if (verbose) {
+                    const char *emailAddr;
+                    emailAddr = CERT_GetFirstEmailAddress(node->cert);
+                    if (emailAddr) {
+                        fprintf(outfile, "Email Address(es): ");
+                        do {
+                            fprintf(outfile, "%s\n", emailAddr);
+                            emailAddr = CERT_GetNextEmailAddress(node->cert,
+                                                                 emailAddr);
+                        } while (emailAddr);
+                    }
+                }
+            }
+            fprintf(outfile, "  ERROR %ld: %s\n", node->error,
+                    SECU_Strerror(node->error));
+            errstr = NULL;
+            switch (node->error) {
+                case SEC_ERROR_INADEQUATE_KEY_USAGE:
+                    flags = (unsigned int)((char *)node->arg - (char *)NULL);
+                    switch (flags) {
+                        case KU_DIGITAL_SIGNATURE:
+                            errstr = "Cert cannot sign.";
+                            break;
+                        case KU_KEY_ENCIPHERMENT:
+                            errstr = "Cert cannot encrypt.";
+                            break;
+                        case KU_KEY_CERT_SIGN:
+                            errstr = "Cert cannot sign other certs.";
+                            break;
+                        default:
+                            errstr = "[unknown usage].";
+                            break;
+                    }
+                    break;
+                case SEC_ERROR_INADEQUATE_CERT_TYPE:
+                    flags = (unsigned int)((char *)node->arg - (char *)NULL);
+                    switch (flags) {
+                        case NS_CERT_TYPE_SSL_CLIENT:
+                        case NS_CERT_TYPE_SSL_SERVER:
+                            errstr = "Cert cannot be used for SSL.";
+                            break;
+                        case NS_CERT_TYPE_SSL_CA:
+                            errstr = "Cert cannot be used as an SSL CA.";
+                            break;
+                        case NS_CERT_TYPE_EMAIL:
+                            errstr = "Cert cannot be used for SMIME.";
+                            break;
+                        case NS_CERT_TYPE_EMAIL_CA:
+                            errstr = "Cert cannot be used as an SMIME CA.";
+                            break;
+                        case NS_CERT_TYPE_OBJECT_SIGNING:
+                            errstr = "Cert cannot be used for object signing.";
+                            break;
+                        case NS_CERT_TYPE_OBJECT_SIGNING_CA:
+                            errstr = "Cert cannot be used as an object signing CA.";
+                            break;
+                        default:
+                            errstr = "[unknown usage].";
+                            break;
+                    }
+                    break;
+                case SEC_ERROR_UNKNOWN_ISSUER:
+                case SEC_ERROR_UNTRUSTED_ISSUER:
+                case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+                    errstr = node->cert->issuerName;
+                    break;
+                default:
+                    break;
+            }
+            if (errstr) {
+                fprintf(stderr, "    %s\n", errstr);
+            }
+        }
+    }
+}
+
+void
+SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
+                       CERTCertificate *cert, PRBool checksig,
+                       SECCertificateUsage certUsage, void *pinArg, PRBool verbose)
+{
+    SECU_printCertProblemsOnDate(outfile, handle, cert, checksig,
+                                 certUsage, pinArg, verbose, PR_Now());
+}
+
+SECStatus
+SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl, PRFileDesc *outFile,
+              PRBool ascii, char *url)
+{
+    PORT_Assert(derCrl != NULL);
+    if (!derCrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (outFile != NULL) {
+        if (ascii) {
+            PR_fprintf(outFile, "%s\n%s\n%s\n", NS_CRL_HEADER,
+                       BTOA_DataToAscii(derCrl->data, derCrl->len),
+                       NS_CRL_TRAILER);
+        } else {
+            if (PR_Write(outFile, derCrl->data, derCrl->len) != derCrl->len) {
+                return SECFailure;
+            }
+        }
+    }
+    if (slot) {
+        CERTSignedCrl *newCrl = PK11_ImportCRL(slot, derCrl, url,
+                                               SEC_CRL_TYPE, NULL, 0, NULL, 0);
+        if (newCrl != NULL) {
+            SEC_DestroyCrl(newCrl);
+            return SECSuccess;
+        }
+        return SECFailure;
+    }
+    if (!outFile && !slot) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
+                      SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode)
+{
+    SECItem der;
+    SECKEYPrivateKey *caPrivateKey = NULL;
+    SECStatus rv;
+    PLArenaPool *arena;
+    SECOidTag algID;
+    void *dummy;
+
+    PORT_Assert(issuer != NULL && signCrl != NULL);
+    if (!issuer || !signCrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    arena = signCrl->arena;
+
+    caPrivateKey = PK11_FindKeyByAnyCert(issuer, NULL);
+    if (caPrivateKey == NULL) {
+        *resCode = noKeyFound;
+        return SECFailure;
+    }
+
+    algID = SEC_GetSignatureAlgorithmOidTag(caPrivateKey->keyType, hashAlgTag);
+    if (algID == SEC_OID_UNKNOWN) {
+        *resCode = noSignatureMatch;
+        rv = SECFailure;
+        goto done;
+    }
+
+    if (!signCrl->crl.signatureAlg.parameters.data) {
+        rv = SECOID_SetAlgorithmID(arena, &signCrl->crl.signatureAlg, algID, 0);
+        if (rv != SECSuccess) {
+            *resCode = failToEncode;
+            goto done;
+        }
+    }
+
+    der.len = 0;
+    der.data = NULL;
+    dummy = SEC_ASN1EncodeItem(arena, &der, &signCrl->crl,
+                               SEC_ASN1_GET(CERT_CrlTemplate));
+    if (!dummy) {
+        *resCode = failToEncode;
+        rv = SECFailure;
+        goto done;
+    }
+
+    rv = SECU_DerSignDataCRL(arena, &signCrl->signatureWrap,
+                             der.data, der.len, caPrivateKey, algID);
+    if (rv != SECSuccess) {
+        *resCode = failToSign;
+        goto done;
+    }
+
+    signCrl->derCrl = PORT_ArenaZNew(arena, SECItem);
+    if (signCrl->derCrl == NULL) {
+        *resCode = noMem;
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
+        goto done;
+    }
+
+    signCrl->derCrl->len = 0;
+    signCrl->derCrl->data = NULL;
+    dummy = SEC_ASN1EncodeItem(arena, signCrl->derCrl, signCrl,
+                               SEC_ASN1_GET(CERT_SignedCrlTemplate));
+    if (!dummy) {
+        *resCode = failToEncode;
+        rv = SECFailure;
+        goto done;
+    }
+
+done:
+    SECKEY_DestroyPrivateKey(caPrivateKey);
+    return rv;
+}
+
+SECStatus
+SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl)
+{
+    void *dummy;
+    SECStatus rv = SECSuccess;
+    SECItem der;
+
+    PORT_Assert(destArena && srcCrl && destCrl);
+    if (!destArena || !srcCrl || !destCrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    der.len = 0;
+    der.data = NULL;
+    dummy = SEC_ASN1EncodeItem(destArena, &der, srcCrl,
+                               SEC_ASN1_GET(CERT_CrlTemplate));
+    if (!dummy) {
+        return SECFailure;
+    }
+
+    rv = SEC_QuickDERDecodeItem(destArena, destCrl,
+                                SEC_ASN1_GET(CERT_CrlTemplate), &der);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    destCrl->arena = destArena;
+
+    return rv;
+}
+
+SECStatus
+SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
+                    unsigned char *buf, int len, SECKEYPrivateKey *pk,
+                    SECOidTag algID)
+{
+    SECItem it;
+    SECStatus rv;
+
+    it.data = 0;
+
+    /* XXX We should probably have some asserts here to make sure the key type
+     * and algID match
+     */
+
+    /* Sign input buffer */
+    rv = SEC_SignData(&it, buf, len, pk, algID);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* Fill out SignedData object */
+    PORT_Memset(sd, 0, sizeof(*sd));
+    sd->data.data = buf;
+    sd->data.len = len;
+    rv = SECITEM_CopyItem(arena, &sd->signature, &it);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    sd->signature.len <<= 3; /* convert to bit string */
+    rv = SECOID_SetAlgorithmID(arena, &sd->signatureAlgorithm, algID, 0);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+loser:
+    PORT_Free(it.data);
+    return rv;
+}
+
+#if 0
+
+/* we need access to the private function cert_FindExtension for this code to work */
+
+CERTAuthKeyID *
+SECU_FindCRLAuthKeyIDExten (PLArenaPool *arena, CERTSignedCrl *scrl)
+{
+    SECItem encodedExtenValue;
+    SECStatus rv;
+    CERTAuthKeyID *ret;
+    CERTCrl* crl;
+
+    if (!scrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    crl = &scrl->crl;
+
+    encodedExtenValue.data = NULL;
+    encodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_AUTH_KEY_ID,
+                            &encodedExtenValue);
+    if ( rv != SECSuccess ) {
+        return (NULL);
+    }
+
+    ret = CERT_DecodeAuthKeyID (arena, &encodedExtenValue);
+
+    PORT_Free(encodedExtenValue.data);
+    encodedExtenValue.data = NULL;
+
+    return(ret);
+}
+
+#endif
+
+/*
+ * Find the issuer of a Crl.  Use the authorityKeyID if it exists.
+ */
+CERTCertificate *
+SECU_FindCrlIssuer(CERTCertDBHandle *dbhandle, SECItem *subject,
+                   CERTAuthKeyID *authorityKeyID, PRTime validTime)
+{
+    CERTCertificate *issuerCert = NULL;
+    CERTCertList *certList = NULL;
+    CERTCertTrust trust;
+
+    if (!subject) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    certList =
+        CERT_CreateSubjectCertList(NULL, dbhandle, subject,
+                                   validTime, PR_TRUE);
+    if (certList) {
+        CERTCertListNode *node = CERT_LIST_HEAD(certList);
+
+        /* XXX and authoritykeyid in the future */
+        while (!CERT_LIST_END(node, certList)) {
+            CERTCertificate *cert = node->cert;
+            /* check cert CERTCertTrust data is allocated, check cert
+               usage extension, check that cert has pkey in db. Select
+               the first (newest) user cert */
+            if (CERT_GetCertTrust(cert, &trust) == SECSuccess &&
+                CERT_CheckCertUsage(cert, KU_CRL_SIGN) == SECSuccess &&
+                CERT_IsUserCert(cert)) {
+
+                issuerCert = CERT_DupCertificate(cert);
+                break;
+            }
+            node = CERT_LIST_NEXT(node);
+        }
+        CERT_DestroyCertList(certList);
+    }
+    return (issuerCert);
+}
+
+/* Encodes and adds extensions to the CRL or CRL entries. */
+SECStatus
+SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
+                                void *value, PRBool criticality, int extenType,
+                                EXTEN_EXT_VALUE_ENCODER EncodeValueFn)
+{
+    SECItem encodedValue;
+    SECStatus rv;
+
+    encodedValue.data = NULL;
+    encodedValue.len = 0;
+    do {
+        rv = (*EncodeValueFn)(arena, value, &encodedValue);
+        if (rv != SECSuccess)
+            break;
+
+        rv = CERT_AddExtension(extHandle, extenType, &encodedValue,
+                               criticality, PR_TRUE);
+        if (rv != SECSuccess)
+            break;
+    } while (0);
+
+    return (rv);
+}
+
+CERTCertificate *
+SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
+                                  char *name, PRBool ascii,
+                                  void *pwarg)
+{
+    CERTCertificate *the_cert;
+    the_cert = CERT_FindCertByNicknameOrEmailAddr(handle, name);
+    if (the_cert) {
+        return the_cert;
+    }
+    the_cert = PK11_FindCertFromNickname(name, pwarg);
+    if (!the_cert) {
+        /* Don't have a cert with name "name" in the DB. Try to
+         * open a file with such name and get the cert from there.*/
+        SECStatus rv;
+        SECItem item = { 0, NULL, 0 };
+        PRFileDesc *fd = PR_Open(name, PR_RDONLY, 0777);
+        if (!fd) {
+            return NULL;
+        }
+        rv = SECU_ReadDERFromFile(&item, fd, ascii, PR_FALSE);
+        PR_Close(fd);
+        if (rv != SECSuccess || !item.len) {
+            PORT_Free(item.data);
+            return NULL;
+        }
+        the_cert = CERT_NewTempCertificate(handle, &item,
+                                           NULL /* nickname */,
+                                           PR_FALSE /* isPerm */,
+                                           PR_TRUE /* copyDER */);
+        PORT_Free(item.data);
+    }
+    return the_cert;
+}
+
+/* Convert a SSL/TLS protocol version string into the respective numeric value
+ * defined by the SSL_LIBRARY_VERSION_* constants,
+ * while accepting a flexible set of case-insensitive identifiers.
+ *
+ * Caller must specify bufLen, allowing the function to operate on substrings.
+ */
+static SECStatus
+SECU_GetSSLVersionFromName(const char *buf, size_t bufLen, PRUint16 *version)
+{
+    if (!buf || !version) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!PL_strncasecmp(buf, "ssl3", bufLen)) {
+        *version = SSL_LIBRARY_VERSION_3_0;
+        return SECSuccess;
+    }
+    if (!PL_strncasecmp(buf, "tls1.0", bufLen)) {
+        *version = SSL_LIBRARY_VERSION_TLS_1_0;
+        return SECSuccess;
+    }
+    if (!PL_strncasecmp(buf, "tls1.1", bufLen)) {
+        *version = SSL_LIBRARY_VERSION_TLS_1_1;
+        return SECSuccess;
+    }
+    if (!PL_strncasecmp(buf, "tls1.2", bufLen)) {
+        *version = SSL_LIBRARY_VERSION_TLS_1_2;
+        return SECSuccess;
+    }
+
+    if (!PL_strncasecmp(buf, "tls1.3", bufLen)) {
+        *version = SSL_LIBRARY_VERSION_TLS_1_3;
+        return SECSuccess;
+    }
+
+    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    return SECFailure;
+}
+
+SECStatus
+SECU_ParseSSLVersionRangeString(const char *input,
+                                const SSLVersionRange defaultVersionRange,
+                                SSLVersionRange *vrange)
+{
+    const char *colonPos;
+    size_t colonIndex;
+    const char *maxStr;
+
+    if (!input || !vrange) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    // We don't support SSL2 any longer.
+    if (defaultVersionRange.min < SSL_LIBRARY_VERSION_3_0 ||
+        defaultVersionRange.max < SSL_LIBRARY_VERSION_3_0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!strcmp(input, ":")) {
+        /* special value, use default */
+        *vrange = defaultVersionRange;
+        return SECSuccess;
+    }
+
+    colonPos = strchr(input, ':');
+    if (!colonPos) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    colonIndex = colonPos - input;
+    maxStr = colonPos + 1;
+
+    if (!colonIndex) {
+        /* colon was first character, min version is empty */
+        vrange->min = defaultVersionRange.min;
+    } else {
+        PRUint16 version;
+        /* colonIndex is equivalent to the length of the min version substring */
+        if (SECU_GetSSLVersionFromName(input, colonIndex, &version) != SECSuccess) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+
+        vrange->min = version;
+    }
+
+    if (!*maxStr) {
+        vrange->max = defaultVersionRange.max;
+    } else {
+        PRUint16 version;
+        /* if max version is empty, then maxStr points to the string terminator */
+        if (SECU_GetSSLVersionFromName(maxStr, strlen(maxStr), &version) !=
+            SECSuccess) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+
+        vrange->max = version;
+    }
+
+    if (vrange->min > vrange->max) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SSLNamedGroup
+groupNameToNamedGroup(char *name)
+{
+    if (PL_strlen(name) == 4) {
+        if (!strncmp(name, "P256", 4)) {
+            return ssl_grp_ec_secp256r1;
+        }
+        if (!strncmp(name, "P384", 4)) {
+            return ssl_grp_ec_secp384r1;
+        }
+        if (!strncmp(name, "P521", 4)) {
+            return ssl_grp_ec_secp521r1;
+        }
+    }
+    if (PL_strlen(name) == 6) {
+        if (!strncmp(name, "x25519", 6)) {
+            return ssl_grp_ec_curve25519;
+        }
+        if (!strncmp(name, "FF2048", 6)) {
+            return ssl_grp_ffdhe_2048;
+        }
+        if (!strncmp(name, "FF3072", 6)) {
+            return ssl_grp_ffdhe_3072;
+        }
+        if (!strncmp(name, "FF4096", 6)) {
+            return ssl_grp_ffdhe_4096;
+        }
+        if (!strncmp(name, "FF6144", 6)) {
+            return ssl_grp_ffdhe_6144;
+        }
+        if (!strncmp(name, "FF8192", 6)) {
+            return ssl_grp_ffdhe_8192;
+        }
+    }
+
+    return ssl_grp_none;
+}
+
+SECStatus
+parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
+               unsigned int *enabledGroupsCount)
+{
+    SSLNamedGroup *groups;
+    char *str;
+    char *p;
+    unsigned int numValues = 0;
+    unsigned int count = 0;
+
+    /* Count the number of groups. */
+    str = PORT_Strdup(arg);
+    if (!str) {
+        return SECFailure;
+    }
+    p = strtok(str, ",");
+    while (p) {
+        ++numValues;
+        p = strtok(NULL, ",");
+    }
+    PORT_Free(str);
+    str = NULL;
+    groups = PORT_ZNewArray(SSLNamedGroup, numValues);
+    if (!groups) {
+        goto done;
+    }
+
+    /* Get group names. */
+    str = PORT_Strdup(arg);
+    if (!str) {
+        goto done;
+    }
+    p = strtok(str, ",");
+    while (p) {
+        SSLNamedGroup group = groupNameToNamedGroup(p);
+        if (group == ssl_grp_none) {
+            count = 0;
+            goto done;
+        }
+        groups[count++] = group;
+        p = strtok(NULL, ",");
+    }
+
+done:
+    if (str) {
+        PORT_Free(str);
+    }
+    if (!count) {
+        PORT_Free(groups);
+        return SECFailure;
+    }
+
+    *enabledGroupsCount = count;
+    *enabledGroups = groups;
+    return SECSuccess;
+}
diff --git a/nss/cmd/lib/secutil.h b/nss/cmd/lib/secutil.h
new file mode 100644
index 0000000..c121c55
--- /dev/null
+++ b/nss/cmd/lib/secutil.h
@@ -0,0 +1,436 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _SEC_UTIL_H_
+#define _SEC_UTIL_H_
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "secport.h"
+#include "prerror.h"
+#include "base64.h"
+#include "key.h"
+#include "secpkcs7.h"
+#include "secasn1.h"
+#include "secder.h"
+#include <stdio.h>
+
+#include "basicutil.h"
+#include "sslerr.h"
+#include "sslt.h"
+
+#define SEC_CT_PRIVATE_KEY "private-key"
+#define SEC_CT_PUBLIC_KEY "public-key"
+#define SEC_CT_CERTIFICATE "certificate"
+#define SEC_CT_CERTIFICATE_REQUEST "certificate-request"
+#define SEC_CT_CERTIFICATE_ID "certificate-identity"
+#define SEC_CT_PKCS7 "pkcs7"
+#define SEC_CT_CRL "crl"
+#define SEC_CT_NAME "name"
+
+#define NS_CERTREQ_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----"
+#define NS_CERTREQ_TRAILER "-----END NEW CERTIFICATE REQUEST-----"
+
+#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
+#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
+
+#define NS_CRL_HEADER "-----BEGIN CRL-----"
+#define NS_CRL_TRAILER "-----END CRL-----"
+
+#define SECU_Strerror PORT_ErrorToString
+
+typedef struct {
+    enum {
+        PW_NONE = 0,
+        PW_FROMFILE = 1,
+        PW_PLAINTEXT = 2,
+        PW_EXTERNAL = 3
+    } source;
+    char *data;
+} secuPWData;
+
+/*
+** Change a password on a token, or initialize a token with a password
+** if it does not already have one.
+** Use passwd to send the password in plaintext, pwFile to specify a
+** file containing the password, or NULL for both to prompt the user.
+*/
+SECStatus SECU_ChangePW(PK11SlotInfo *slot, char *passwd, char *pwFile);
+
+/*
+** Change a password on a token, or initialize a token with a password
+** if it does not already have one.
+** In this function, you can specify both the old and new passwords
+** as either a string or file. NOTE: any you don't specify will
+** be prompted for
+*/
+SECStatus SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass,
+                         char *oldPwFile, char *newPwFile);
+
+/*  These were stolen from the old sec.h... */
+/*
+** Check a password for legitimacy. Passwords must be at least 8
+** characters long and contain one non-alphabetic. Return DSTrue if the
+** password is ok, DSFalse otherwise.
+*/
+extern PRBool SEC_CheckPassword(char *password);
+
+/*
+** Blind check of a password. Complement to SEC_CheckPassword which
+** ignores length and content type, just retuning DSTrue is the password
+** exists, DSFalse if NULL
+*/
+extern PRBool SEC_BlindCheckPassword(char *password);
+
+/*
+** Get a password.
+** First prompt with "msg" on "out", then read the password from "in".
+** The password is then checked using "chkpw".
+*/
+extern char *SEC_GetPassword(FILE *in, FILE *out, char *msg,
+                             PRBool (*chkpw)(char *));
+
+char *SECU_FilePasswd(PK11SlotInfo *slot, PRBool retry, void *arg);
+
+char *SECU_GetPasswordString(void *arg, char *prompt);
+
+/*
+** Write a dongle password.
+** Uses MD5 to hash constant system data (hostname, etc.), and then
+** creates RC4 key to encrypt a password "pw" into a file "fd".
+*/
+extern SECStatus SEC_WriteDongleFile(int fd, char *pw);
+
+/*
+** Get a dongle password.
+** Uses MD5 to hash constant system data (hostname, etc.), and then
+** creates RC4 key to decrypt and return a password from file "fd".
+*/
+extern char *SEC_ReadDongleFile(int fd);
+
+/* End stolen headers */
+
+/* Just sticks the two strings together with a / if needed */
+char *SECU_AppendFilenameToDir(char *dir, char *filename);
+
+/* Returns result of PR_GetEnvSecure("SSL_DIR") or NULL */
+extern char *SECU_DefaultSSLDir(void);
+
+/*
+** Should be called once during initialization to set the default
+**    directory for looking for cert.db, key.db, and cert-nameidx.db files
+** Removes trailing '/' in 'base'
+** If 'base' is NULL, defaults to set to .netscape in home directory.
+*/
+extern char *SECU_ConfigDirectory(const char *base);
+
+/*
+** Basic callback function for SSL_GetClientAuthDataHook
+*/
+extern int
+SECU_GetClientAuthData(void *arg, PRFileDesc *fd,
+                       struct CERTDistNamesStr *caNames,
+                       struct CERTCertificateStr **pRetCert,
+                       struct SECKEYPrivateKeyStr **pRetKey);
+
+extern PRBool SECU_GetWrapEnabled(void);
+extern void SECU_EnableWrap(PRBool enable);
+
+extern PRBool SECU_GetUtf8DisplayEnabled(void);
+extern void SECU_EnableUtf8Display(PRBool enable);
+
+/* revalidate the cert and print information about cert verification
+ * failure at time == now */
+extern void
+SECU_printCertProblems(FILE *outfile, CERTCertDBHandle *handle,
+                       CERTCertificate *cert, PRBool checksig,
+                       SECCertificateUsage certUsage, void *pinArg, PRBool verbose);
+
+/* revalidate the cert and print information about cert verification
+ * failure at specified time */
+extern void
+SECU_printCertProblemsOnDate(FILE *outfile, CERTCertDBHandle *handle,
+                             CERTCertificate *cert, PRBool checksig, SECCertificateUsage certUsage,
+                             void *pinArg, PRBool verbose, PRTime datetime);
+
+/* print out CERTVerifyLog info. */
+extern void
+SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log,
+                      PRBool verbose);
+
+/* Read in a DER from a file, may be ascii  */
+extern SECStatus
+SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
+                     PRBool warnOnPrivateKeyInAsciiFile);
+
+/* Print integer value and hex */
+extern void SECU_PrintInteger(FILE *out, const SECItem *i, const char *m,
+                              int level);
+
+/* Print ObjectIdentifier symbolically */
+extern SECOidTag SECU_PrintObjectID(FILE *out, const SECItem *oid,
+                                    const char *m, int level);
+
+/* Print AlgorithmIdentifier symbolically */
+extern void SECU_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m,
+                                  int level);
+
+/*
+ * Format and print the UTC Time "t".  If the tag message "m" is not NULL,
+ * do indent formatting based on "level" and add a newline afterward;
+ * otherwise just print the formatted time string only.
+ */
+extern void SECU_PrintUTCTime(FILE *out, const SECItem *t, const char *m,
+                              int level);
+
+/*
+ * Format and print the Generalized Time "t".  If the tag message "m"
+ * is not NULL, * do indent formatting based on "level" and add a newline
+ * afterward; otherwise just print the formatted time string only.
+ */
+extern void SECU_PrintGeneralizedTime(FILE *out, const SECItem *t,
+                                      const char *m, int level);
+
+/*
+ * Format and print the UTC or Generalized Time "t".  If the tag message
+ * "m" is not NULL, do indent formatting based on "level" and add a newline
+ * afterward; otherwise just print the formatted time string only.
+ */
+extern void SECU_PrintTimeChoice(FILE *out, const SECItem *t, const char *m,
+                                 int level);
+
+/* callback for listing certs through pkcs11 */
+extern SECStatus SECU_PrintCertNickname(CERTCertListNode *cert, void *data);
+
+/* Dump all certificate nicknames in a database */
+extern SECStatus
+SECU_PrintCertificateNames(CERTCertDBHandle *handle, PRFileDesc *out,
+                           PRBool sortByName, PRBool sortByTrust);
+
+/* See if nickname already in database. Return 1 true, 0 false, -1 error */
+int SECU_CheckCertNameExists(CERTCertDBHandle *handle, char *nickname);
+
+/* Dump contents of cert req */
+extern int SECU_PrintCertificateRequest(FILE *out, SECItem *der, char *m,
+                                        int level);
+
+/* Dump contents of certificate */
+extern int SECU_PrintCertificate(FILE *out, const SECItem *der, const char *m,
+                                 int level);
+
+extern int SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m,
+                                          int level);
+
+extern int SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
+                                            int level);
+
+/* Dump contents of a DER certificate name (issuer or subject) */
+extern int SECU_PrintDERName(FILE *out, SECItem *der, const char *m, int level);
+
+/* print trust flags on a cert */
+extern void SECU_PrintTrustFlags(FILE *out, CERTCertTrust *trust, char *m,
+                                 int level);
+
+extern int SECU_PrintSubjectPublicKeyInfo(FILE *out, SECItem *der, char *m,
+                                          int level);
+
+#ifdef HAVE_EPV_TEMPLATE
+/* Dump contents of private key */
+extern int SECU_PrintPrivateKey(FILE *out, SECItem *der, char *m, int level);
+#endif
+
+/* Dump contents of an RSA public key */
+extern void SECU_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level);
+
+/* Dump contents of a DSA public key */
+extern void SECU_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m, int level);
+
+/* Print the MD5 and SHA1 fingerprints of a cert */
+extern int SECU_PrintFingerprints(FILE *out, SECItem *derCert, char *m,
+                                  int level);
+
+/* Pretty-print any PKCS7 thing */
+extern int SECU_PrintPKCS7ContentInfo(FILE *out, SECItem *der, char *m,
+                                      int level);
+
+/* Init PKCS11 stuff */
+extern SECStatus SECU_PKCS11Init(PRBool readOnly);
+
+/* Dump contents of signed data */
+extern int SECU_PrintSignedData(FILE *out, SECItem *der, const char *m,
+                                int level, SECU_PPFunc inner);
+
+/* Dump contents of signed data, excluding the signature */
+extern int SECU_PrintSignedContent(FILE *out, SECItem *der, char *m, int level,
+                                   SECU_PPFunc inner);
+
+/* Print cert data and its trust flags */
+extern SECStatus SEC_PrintCertificateAndTrust(CERTCertificate *cert,
+                                              const char *label,
+                                              CERTCertTrust *trust);
+
+extern int SECU_PrintCrl(FILE *out, SECItem *der, char *m, int level);
+
+extern void
+SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level);
+
+extern void SECU_PrintString(FILE *out, const SECItem *si, const char *m,
+                             int level);
+extern void SECU_PrintAny(FILE *out, const SECItem *i, const char *m, int level);
+
+extern void SECU_PrintPolicy(FILE *out, SECItem *value, char *msg, int level);
+extern void SECU_PrintPrivKeyUsagePeriodExtension(FILE *out, SECItem *value,
+                                                  char *msg, int level);
+
+extern void SECU_PrintExtensions(FILE *out, CERTCertExtension **extensions,
+                                 char *msg, int level);
+
+extern void SECU_PrintNameQuotesOptional(FILE *out, CERTName *name,
+                                         const char *msg, int level,
+                                         PRBool quotes);
+extern void SECU_PrintName(FILE *out, CERTName *name, const char *msg,
+                           int level);
+extern void SECU_PrintRDN(FILE *out, CERTRDN *rdn, const char *msg, int level);
+
+#ifdef SECU_GetPassword
+/* Convert a High public Key to a Low public Key */
+extern SECKEYLowPublicKey *SECU_ConvHighToLow(SECKEYPublicKey *pubHighKey);
+#endif
+
+extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
+
+extern SECStatus DER_PrettyPrint(FILE *out, const SECItem *it, PRBool raw);
+
+extern char *SECU_SECModDBName(void);
+
+/* Fetch and register an oid if it hasn't been done already */
+extern void SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src);
+
+extern SECStatus SECU_RegisterDynamicOids(void);
+
+/* Identifies hash algorithm tag by its string representation. */
+extern SECOidTag SECU_StringToSignatureAlgTag(const char *alg);
+
+/* Store CRL in output file or pk11 db. Also
+ * encodes with base64 and exports to file if ascii flag is set
+ * and file is not NULL. */
+extern SECStatus SECU_StoreCRL(PK11SlotInfo *slot, SECItem *derCrl,
+                               PRFileDesc *outFile, PRBool ascii, char *url);
+
+/*
+** DER sign a single block of data using private key encryption and the
+** MD5 hashing algorithm. This routine first computes a digital signature
+** using SEC_SignData, then wraps it with an CERTSignedData and then der
+** encodes the result.
+**     "arena" is the memory arena to use to allocate data from
+**     "sd" returned CERTSignedData
+**     "result" the final der encoded data (memory is allocated)
+**     "buf" the input data to sign
+**     "len" the amount of data to sign
+**     "pk" the private key to encrypt with
+*/
+extern SECStatus SECU_DerSignDataCRL(PLArenaPool *arena, CERTSignedData *sd,
+                                     unsigned char *buf, int len,
+                                     SECKEYPrivateKey *pk, SECOidTag algID);
+
+typedef enum {
+    noKeyFound = 1,
+    noSignatureMatch = 2,
+    failToEncode = 3,
+    failToSign = 4,
+    noMem = 5
+} SignAndEncodeFuncExitStat;
+
+extern SECStatus
+SECU_SignAndEncodeCRL(CERTCertificate *issuer, CERTSignedCrl *signCrl,
+                      SECOidTag hashAlgTag, SignAndEncodeFuncExitStat *resCode);
+
+extern SECStatus
+SECU_CopyCRL(PLArenaPool *destArena, CERTCrl *destCrl, CERTCrl *srcCrl);
+
+/*
+** Finds the crl Authority Key Id extension. Returns NULL if no such extension
+** was found.
+*/
+CERTAuthKeyID *
+SECU_FindCRLAuthKeyIDExten(PLArenaPool *arena, CERTSignedCrl *crl);
+
+/*
+ * Find the issuer of a crl. Cert usage should be checked before signing a crl.
+ */
+CERTCertificate *
+SECU_FindCrlIssuer(CERTCertDBHandle *dbHandle, SECItem *subject,
+                   CERTAuthKeyID *id, PRTime validTime);
+
+/* call back function used in encoding of an extension. Called from
+ * SECU_EncodeAndAddExtensionValue */
+typedef SECStatus (*EXTEN_EXT_VALUE_ENCODER)(PLArenaPool *extHandleArena,
+                                             void *value, SECItem *encodedValue);
+
+/* Encodes and adds extensions to the CRL or CRL entries. */
+SECStatus
+SECU_EncodeAndAddExtensionValue(PLArenaPool *arena, void *extHandle,
+                                void *value, PRBool criticality, int extenType,
+                                EXTEN_EXT_VALUE_ENCODER EncodeValueFn);
+
+/* Caller ensures that dst is at least item->len*2+1 bytes long */
+void
+SECU_SECItemToHex(const SECItem *item, char *dst);
+
+/* Requires 0x prefix. Case-insensitive. Will do in-place replacement if
+ * successful */
+SECStatus
+SECU_SECItemHexStringToBinary(SECItem *srcdest);
+
+/* Parse a version range string, with "min" and "max" version numbers,
+ * separated by colon (":"), and return the result in vr and v2.
+ *
+ * Both min and max values are optional.
+ * The following syntax is used to specify the enabled protocol versions:
+ * A string with only a max value is expected as ":{max}",
+ * and all implemented versions less than or equal to max will be enabled.
+ * A string with only a min value is expected as "{min}:",
+ * and all implemented versions greater than or equal to min will be enabled.
+ * A string consisting of a colon only means "all versions enabled".
+ *
+ * In order to avoid a link dependency from libsectool to libssl,
+ * the caller must provide the desired default values for the min/max values,
+ * by providing defaultVersionRange (which can be obtained from libssl by
+ * calling SSL_VersionRangeGetSupported).
+ */
+SECStatus
+SECU_ParseSSLVersionRangeString(const char *input,
+                                const SSLVersionRange defaultVersionRange,
+                                SSLVersionRange *vrange);
+/*
+** Read a hex string into a SecItem.
+*/
+extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item,
+                                       const char *str);
+
+SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
+                         unsigned int *enabledGroupsCount);
+SSLNamedGroup groupNameToNamedGroup(char *name);
+
+/*
+ *
+ *  Error messaging
+ *
+ */
+
+void printflags(char *trusts, unsigned int flags);
+
+#if !defined(XP_UNIX) && !defined(XP_OS2)
+extern int ffs(unsigned int i);
+#endif
+
+/* Finds certificate by searching it in the DB or by examinig file
+ * in the local directory. */
+CERTCertificate *
+SECU_FindCertByNicknameOrFilename(CERTCertDBHandle *handle,
+                                  char *name, PRBool ascii,
+                                  void *pwarg);
+#include "secerr.h"
+#include "sslerr.h"
+
+#endif /* _SEC_UTIL_H_ */
diff --git a/nss/cmd/libpkix/Makefile b/nss/cmd/libpkix/Makefile
new file mode 100755
index 0000000..1de5ef2
--- /dev/null
+++ b/nss/cmd/libpkix/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
+
diff --git a/nss/cmd/libpkix/config.mk b/nss/cmd/libpkix/config.mk
new file mode 100644
index 0000000..672f6ff
--- /dev/null
+++ b/nss/cmd/libpkix/config.mk
@@ -0,0 +1,9 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TARGETS = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
diff --git a/nss/cmd/libpkix/manifest.mn b/nss/cmd/libpkix/manifest.mn
new file mode 100755
index 0000000..4f232a5
--- /dev/null
+++ b/nss/cmd/libpkix/manifest.mn
@@ -0,0 +1,11 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = .
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../..
+
+DIRS =  testutil  pkix_pl  pkix  sample_apps  perf  pkixutil \
+	$(NULL)
diff --git a/nss/cmd/libpkix/perf/Makefile b/nss/cmd/libpkix/perf/Makefile
new file mode 100755
index 0000000..b724102
--- /dev/null
+++ b/nss/cmd/libpkix/perf/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
+
diff --git a/nss/cmd/libpkix/perf/libpkix_buildthreads.c b/nss/cmd/libpkix/perf/libpkix_buildthreads.c
new file mode 100644
index 0000000..4b8d438
--- /dev/null
+++ b/nss/cmd/libpkix/perf/libpkix_buildthreads.c
@@ -0,0 +1,337 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * libpkixBuildThreads.c
+ *
+ * libpkix Builder Performance Evaluation application (multi-threaded)
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "secutil.h"
+
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "nss.h"
+
+#include "pkix.h"
+#include "pkix_tools.h"
+#include "pkix_pl_cert.h"
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+#undef pkixTempResult
+#define PERF_DECREF(obj)                                                                \
+    {                                                                                   \
+        PKIX_Error *pkixTempResult = NULL;                                              \
+        if (obj) {                                                                      \
+            pkixTempResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext); \
+            obj = NULL;                                                                 \
+        }                                                                               \
+    }
+
+static void finish(char *message, int code);
+
+typedef struct ThreadDataStr tData;
+
+struct ThreadDataStr {
+    CERTCertificate *anchor;
+    char *eecertName;
+    PRIntervalTime duration;
+    CERTCertDBHandle *handle;
+    PRUint32 iterations;
+};
+
+#define PKIX_LOGGER_ON 1
+
+#ifdef PKIX_LOGGER_ON
+
+char *logLevels[] = {
+    "None",
+    "Fatal Error",
+    "Error",
+    "Warning",
+    "Debug",
+    "Trace"
+};
+
+static PKIX_Error *
+loggerCallback(
+    PKIX_Logger *logger,
+    PKIX_PL_String *message,
+    PKIX_UInt32 logLevel,
+    PKIX_ERRORCLASS logComponent,
+    void *plContext)
+{
+    char *msg = NULL;
+    static int callCount = 0;
+
+    msg = PKIX_String2ASCII(message, plContext);
+    printf("Logging %s (%s): %s\n",
+           logLevels[logLevel],
+           PKIX_ERRORCLASSNAMES[logComponent],
+           msg);
+    PR_Free((void *)msg);
+
+    return (NULL);
+}
+
+#endif /* PKIX_LOGGER_ON */
+
+static void
+ThreadEntry(void *data)
+{
+    tData *tdata = (tData *)data;
+    PRIntervalTime duration = tdata->duration;
+    PRIntervalTime start = PR_IntervalNow();
+
+    PKIX_List *anchors = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_BuildResult *buildResult = NULL;
+    CERTCertificate *nsseecert;
+    PKIX_PL_Cert *eeCert = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_List *certStores = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_PL_Date *nowDate = NULL;
+    void *state = NULL;       /* only relevant with non-blocking I/O */
+    void *nbioContext = NULL; /* only relevant with non-blocking I/O */
+
+    PR_ASSERT(duration);
+    if (!duration) {
+        return;
+    }
+
+    do {
+
+        /* libpkix code */
+
+        /* keep more update time, testing cache */
+        PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext);
+
+        /* CertUsage is 0x10 and no NSS arena */
+        /* We haven't determined how we obtain the value of wincx */
+
+        nsseecert = CERT_FindCertByNicknameOrEmailAddr(tdata->handle,
+                                                       tdata->eecertName);
+        if (!nsseecert)
+            finish("Unable to find eecert.\n", 1);
+
+        pkix_pl_Cert_CreateWithNSSCert(nsseecert, &eeCert, plContext);
+
+        PKIX_List_Create(&anchors, plContext);
+
+        /*
+         * This code is retired.
+         *      pkix_pl_Cert_CreateWithNSSCert
+         *              (tdata->anchor, &anchorCert, NULL);
+         *      PKIX_TrustAnchor_CreateWithCert(anchorCert, &anchor, NULL);
+         *      PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, NULL);
+         */
+
+        PKIX_ProcessingParams_Create(anchors, &procParams, plContext);
+
+        PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext);
+
+        PKIX_ProcessingParams_SetDate(procParams, nowDate, plContext);
+
+        /* create CertSelector with target certificate in params */
+
+        PKIX_ComCertSelParams_Create(&certSelParams, plContext);
+
+        PKIX_ComCertSelParams_SetCertificate(certSelParams, eeCert, plContext);
+
+        PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext);
+
+        PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext);
+
+        PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext);
+
+        PKIX_PL_Pk11CertStore_Create(&certStore, plContext);
+
+        PKIX_List_Create(&certStores, plContext);
+        PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext);
+        PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext);
+
+        PKIX_BuildChain(procParams,
+                        &nbioContext,
+                        &state,
+                        &buildResult,
+                        NULL,
+                        plContext);
+
+        /*
+                 * As long as we use only CertStores with blocking I/O, we
+                 * know we must be done at this point.
+                 */
+
+        if (!buildResult) {
+            (void)fprintf(stderr, "libpkix BuildChain failed.\n");
+            PORT_Assert(0);
+            return;
+        }
+
+        tdata->iterations++;
+
+        PERF_DECREF(nowDate);
+        PERF_DECREF(anchors);
+        PERF_DECREF(procParams);
+        PERF_DECREF(buildResult);
+        PERF_DECREF(certStore);
+        PERF_DECREF(certStores);
+        PERF_DECREF(certSelParams);
+        PERF_DECREF(certSelector);
+        PERF_DECREF(eeCert);
+
+    } while ((PR_IntervalNow() - start) < duration);
+}
+
+static void
+Test(
+    CERTCertificate *anchor,
+    char *eecertName,
+    PRIntervalTime duration,
+    CERTCertDBHandle *handle,
+    PRUint32 threads)
+{
+    tData data;
+    tData **alldata;
+    PRIntervalTime starttime, endtime, elapsed;
+    PRUint32 msecs;
+    float total = 0;
+    PRThread **pthreads = NULL;
+    PRUint32 i = 0;
+
+    data.duration = duration;
+    data.anchor = anchor;
+    data.eecertName = eecertName;
+    data.handle = handle;
+
+    data.iterations = 0;
+
+    starttime = PR_IntervalNow();
+    pthreads = (PRThread **)PR_Malloc(threads * sizeof(PRThread *));
+    alldata = (tData **)PR_Malloc(threads * sizeof(tData *));
+    for (i = 0; i < threads; i++) {
+        alldata[i] = (tData *)PR_Malloc(sizeof(tData));
+        *alldata[i] = data;
+        pthreads[i] =
+            PR_CreateThread(PR_USER_THREAD,
+                            ThreadEntry,
+                            (void *)alldata[i],
+                            PR_PRIORITY_NORMAL,
+                            PR_GLOBAL_THREAD,
+                            PR_JOINABLE_THREAD,
+                            0);
+    }
+
+    for (i = 0; i < threads; i++) {
+        tData *args = alldata[i];
+        PR_JoinThread(pthreads[i]);
+        total += args->iterations;
+        PR_Free((void *)args);
+    }
+
+    PR_Free((void *)pthreads);
+    PR_Free((void *)alldata);
+    endtime = PR_IntervalNow();
+
+    endtime = PR_IntervalNow();
+    elapsed = endtime - starttime;
+    msecs = PR_IntervalToMilliseconds(elapsed);
+    total /= msecs;
+    total *= 1000;
+    (void)fprintf(stdout, "%f operations per second.\n", total);
+}
+
+static void
+finish(char *message, int code)
+{
+    (void)printf(message);
+    exit(code);
+}
+
+static void
+usage(char *progname)
+{
+    (void)printf("Usage : %s <-d certStoreDirectory> <duration> <threads> "
+                 "<anchorNickname> <eecertNickname>\n\n",
+                 progname);
+    finish("", 0);
+}
+
+int
+libpkix_buildthreads(int argc, char **argv)
+{
+    CERTCertDBHandle *handle = NULL;
+    CERTCertificate *eecert = NULL;
+    PRIntervalTime duration = PR_SecondsToInterval(1);
+    PRUint32 threads = 1;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    PKIX_Logger *logger = NULL;
+    void *wincx = NULL;
+
+    /* if (argc != 5) -- when TrustAnchor used to be on command line */
+    if (argc != 4) {
+        usage(argv[0]);
+    }
+    if (atoi(argv[1]) > 0) {
+        duration = PR_SecondsToInterval(atoi(argv[1]));
+    }
+    if (atoi(argv[2]) > 0) {
+        threads = atoi(argv[2]);
+    }
+
+    PKIX_PL_NssContext_Create(certificateUsageEmailSigner, PKIX_FALSE,
+                              NULL, &plContext);
+
+    handle = CERT_GetDefaultCertDB();
+    PR_ASSERT(handle);
+
+#ifdef PKIX_LOGGER_ON
+
+    /* set logger to log trace and up */
+    PKIX_SetLoggers(NULL, plContext);
+    PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext);
+    PKIX_Logger_SetMaxLoggingLevel(logger, PKIX_LOGGER_LEVEL_WARNING, plContext);
+    PKIX_AddLogger(logger, plContext);
+
+#endif /* PKIX_LOGGER_ON */
+
+    /*
+         * This code is retired
+         *      anchor = CERT_FindCertByNicknameOrEmailAddr(handle, argv[3]);
+         *      if (!anchor) finish("Unable to find anchor.\n", 1);
+         *
+         *      eecert = CERT_FindCertByNicknameOrEmailAddr(handle, argv[4]);
+
+         *      if (!eecert) finish("Unable to find eecert.\n", 1);
+         *
+         *      Test(anchor, eecert, duration, threads);
+         */
+
+    Test(NULL, argv[3], duration, handle, threads);
+
+    PERF_DECREF(logger);
+
+    PKIX_Shutdown(plContext);
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/perf/manifest.mn b/nss/cmd/libpkix/perf/manifest.mn
new file mode 100755
index 0000000..005c96c
--- /dev/null
+++ b/nss/cmd/libpkix/perf/manifest.mn
@@ -0,0 +1,21 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = libpkix_buildthreads.c \
+	nss_threads.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixtoolperf
+
+SOURCE_LIB_DIR = $(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/perf/nss_threads.c b/nss/cmd/libpkix/perf/nss_threads.c
new file mode 100644
index 0000000..202f128
--- /dev/null
+++ b/nss/cmd/libpkix/perf/nss_threads.c
@@ -0,0 +1,158 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * nssThreads.c
+ *
+ * NSS Performance Evaluation application (multi-threaded)
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "secutil.h"
+
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "nss.h"
+
+typedef struct ThreadDataStr tData;
+
+struct ThreadDataStr {
+    CERTCertificate* cert;
+    PRIntervalTime duration;
+    PRUint32 iterations;
+};
+
+static void
+ThreadEntry(void* data)
+{
+    tData* tdata = (tData*)data;
+    PRIntervalTime duration = tdata->duration;
+    PRTime now = PR_Now();
+    PRIntervalTime start = PR_IntervalNow();
+
+    PR_ASSERT(duration);
+    if (!duration) {
+        return;
+    }
+    do {
+        SECStatus rv = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+                                              tdata->cert,
+                                              PR_TRUE,
+                                              certificateUsageEmailSigner,
+                                              now,
+                                              NULL,
+                                              NULL,
+                                              NULL);
+        if (rv != SECSuccess) {
+            (void)fprintf(stderr, "Validation failed.\n");
+            PORT_Assert(0);
+            return;
+        }
+        tdata->iterations++;
+    } while ((PR_IntervalNow() - start) < duration);
+}
+
+static void
+Test(CERTCertificate* cert, PRIntervalTime duration, PRUint32 threads)
+{
+    tData data;
+    tData** alldata;
+    PRIntervalTime starttime, endtime, elapsed;
+    PRUint32 msecs;
+    float total = 0;
+    PRThread** pthreads = NULL;
+    PRUint32 i = 0;
+
+    data.duration = duration;
+    data.cert = cert;
+    data.iterations = 0;
+
+    starttime = PR_IntervalNow();
+    pthreads = (PRThread**)PR_Malloc(threads * sizeof(PRThread*));
+    alldata = (tData**)PR_Malloc(threads * sizeof(tData*));
+    for (i = 0; i < threads; i++) {
+        alldata[i] = (tData*)PR_Malloc(sizeof(tData));
+        *alldata[i] = data;
+        pthreads[i] =
+            PR_CreateThread(PR_USER_THREAD,
+                            ThreadEntry,
+                            (void*)alldata[i],
+                            PR_PRIORITY_NORMAL,
+                            PR_GLOBAL_THREAD,
+                            PR_JOINABLE_THREAD,
+                            0);
+    }
+    for (i = 0; i < threads; i++) {
+        tData* args = alldata[i];
+        PR_JoinThread(pthreads[i]);
+        total += args->iterations;
+        PR_Free((void*)args);
+    }
+    PR_Free((void*)pthreads);
+    PR_Free((void*)alldata);
+    endtime = PR_IntervalNow();
+
+    endtime = PR_IntervalNow();
+    elapsed = endtime - starttime;
+    msecs = PR_IntervalToMilliseconds(elapsed);
+    total /= msecs;
+    total *= 1000;
+    (void)fprintf(stdout, "%f operations per second.\n", total);
+}
+
+static void
+finish(char* message, int code)
+{
+    (void)printf(message);
+    exit(code);
+}
+
+static void
+usage(char* progname)
+{
+    (void)printf("Usage : %s <duration> <threads> <certnickname>\n\n",
+                 progname);
+    finish("", 0);
+}
+
+int
+nss_threads(int argc, char** argv)
+{
+    SECStatus rv = SECSuccess;
+    CERTCertDBHandle* handle = NULL;
+    CERTCertificate* cert = NULL;
+    PRIntervalTime duration = PR_SecondsToInterval(1);
+    PRUint32 threads = 1;
+    if (argc != 4) {
+        usage(argv[0]);
+    }
+    if (atoi(argv[1]) > 0) {
+        duration = PR_SecondsToInterval(atoi(argv[1]));
+    }
+    if (atoi(argv[2]) > 0) {
+        threads = atoi(argv[2]);
+    }
+
+    handle = CERT_GetDefaultCertDB();
+    PR_ASSERT(handle);
+    cert = CERT_FindCertByNicknameOrEmailAddr(handle, argv[3]);
+    if (!cert) {
+        finish("Unable to find certificate.\n", 1);
+    }
+    Test(cert, duration, threads);
+
+    CERT_DestroyCertificate(cert);
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/Makefile b/nss/cmd/libpkix/pkix/Makefile
new file mode 100755
index 0000000..ab4ffbd
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
+
diff --git a/nss/cmd/libpkix/pkix/certsel/Makefile b/nss/cmd/libpkix/pkix/certsel/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/certsel/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/certsel/manifest.mn b/nss/cmd/libpkix/pkix/certsel/manifest.mn
new file mode 100755
index 0000000..2e8198c
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/certsel/manifest.mn
@@ -0,0 +1,21 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_certselector.c \
+	test_comcertselparams.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolcertsel
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/certsel/test_certselector.c b/nss/cmd/libpkix/pkix/certsel/test_certselector.c
new file mode 100644
index 0000000..cbe7737
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/certsel/test_certselector.c
@@ -0,0 +1,1683 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_certselector.c
+ *
+ * Test Cert Selector
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS 5
+#define PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS 2
+#define PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS 2
+#define PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS 4
+#define PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS 1
+
+static void *plContext = NULL;
+
+/*
+ * The first three certs are used to obtain policies to test
+ * policy matching. Changing the table could break tests.
+ */
+static char *certList[] = {
+#define POLICY1CERT 0
+    "GoodCACert.crt",
+#define ANYPOLICYCERT 1
+    "anyPolicyCACert.crt",
+#define POLICY2CERT 2
+    "PoliciesP12CACert.crt",
+#define SUBJECTCERT 3
+    "PoliciesP3CACert.crt",
+    "PoliciesP1234CACert.crt",
+    "pathLenConstraint0CACert.crt",
+    "pathLenConstraint1CACert.crt",
+    "pathLenConstraint6CACert.crt",
+    "TrustAnchorRootCertificate.crt",
+    "GoodsubCACert.crt",
+    "AnyPolicyTest14EE.crt",
+    "UserNoticeQualifierTest16EE.crt"
+};
+#define NUMCERTS (sizeof(certList) / sizeof(certList[0]))
+
+/*
+ * Following are Certs values for NameConstraints tests
+ *
+ * Cert0:nameConstraintsDN1subCA1Cert.crt:
+ * Subject:CN=nameConstraints DN1 subCA1,OU=permittedSubtree1,
+ *              O=Test Certificates,C=US
+ *      Permitted Name:(OU=permittedSubtree2,OU=permittedSubtree1,
+ *              O=Test Certificates,C=US)
+ *      Excluded Name: (EMPTY)
+ * Cert1:nameConstraintsDN3subCA2Cert.crt:
+ *      Subject:CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US
+ *      Permitted Name:(O=Test Certificates,C=US)
+ *      Excluded Name:(EMPTY)
+ * Cert2:nameConstraintsDN2CACert.crt
+ *      Subject:CN=nameConstraints DN2 CA,O=Test Certificates,C=US
+ *      Permitted Name:(OU=permittedSubtree1,O=Test Certificates,C=US,
+ *              OU=permittedSubtree2,O=Test Certificates,C=US)
+ *      Excluded Name:(EMPTY)
+ * Cert3:nameConstraintsDN3subCA1Cert.crt
+ *      Subject:CN=nameConstraints DN3 subCA1,O=Test Certificates,C=US
+ *      Permitted Name:(EMPTY)
+ *      Excluded Name:(OU=excludedSubtree2,O=Test Certificates,C=US)
+ * Cert4:nameConstraintsDN4CACert.crt
+ *      Subject:CN=nameConstraints DN4 CA,O=Test Certificates,C=US
+ *      Permitted Name:(EMPTY)
+ *      Excluded Name:(OU=excludedSubtree1,O=Test Certificates,C=US,
+ *              OU=excludedSubtree2,O=Test Certificates,C=US)
+ * Cert5:nameConstraintsDN5CACert.crt
+ *      Subject:CN=nameConstraints DN5 CA,O=Test Certificates,C=US
+ *      Permitted Name:(OU=permittedSubtree1,O=Test Certificates,C=US)
+ *      Excluded Name:(OU=excludedSubtree1,OU=permittedSubtree1,
+ *              O=Test Certificates,C=US)
+ * Cert6:ValidDNnameConstraintsTest1EE.crt
+ *      Subject:CN=Valid DN nameConstraints EE Certificate Test1,
+ *      OU=permittedSubtree1,O=Test Certificates,C=US
+ *
+ */
+static char *ncCertList[] = {
+    "nameConstraintsDN1subCA1Cert.crt",
+    "nameConstraintsDN3subCA2Cert.crt",
+    "nameConstraintsDN2CACert.crt",
+    "nameConstraintsDN3subCA1Cert.crt",
+    "nameConstraintsDN4CACert.crt",
+    "nameConstraintsDN5CACert.crt",
+    "ValidDNnameConstraintsTest1EE.crt"
+};
+#define NUMNCCERTS (sizeof(ncCertList) / sizeof(ncCertList[0]))
+
+static char *sanCertList[] = {
+    "InvalidDNnameConstraintsTest3EE.crt",
+    "InvalidDNSnameConstraintsTest38EE.crt"
+};
+#define NUMSANCERTS (sizeof(sanCertList) / sizeof(sanCertList[0]))
+
+/*
+ * This function calls the CertSelector pointed to by "selector" for each
+ * cert in the List pointed to by "certs", and compares the results against
+ * the bit array given by the UInt32 "expectedResults". If the first cert is
+ * expected to pass, the lower-order bit of "expectedResults" should be 1.
+ * If the second cert is expected to pass, the second bit of "expectedResults"
+ * should be 1, and so on. If more than 32 certs are provided, only the first
+ * 32 will be checked. It is not an error to provide more bits than needed.
+ * (For example, if you expect every cert to pass, "expectedResult" can be
+ * set to 0xFFFFFFFF, even if the chain has fewer than 32 certs.)
+ */
+static void
+testSelector(
+    PKIX_CertSelector *selector,
+    PKIX_List *certs,
+    PKIX_UInt32 expectedResults)
+{
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 numCerts = 0;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_CertSelector_MatchCallback callback = NULL;
+    PKIX_Error *errReturn = NULL;
+    PKIX_Boolean result = PKIX_TRUE;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &callback, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+    if (numCerts > 32) {
+        numCerts = 32;
+    }
+
+    for (i = 0; i < numCerts; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext));
+        errReturn = callback(selector, cert, &result, plContext);
+
+        if (errReturn || result == PKIX_FALSE) {
+            if ((expectedResults & 1) == 1) {
+                testError("selector unexpectedly failed");
+                (void)printf("    processing cert:\t%d\n", i);
+            }
+        } else {
+            if ((expectedResults & 1) == 0) {
+                testError("selector unexpectedly passed");
+                (void)printf("    processing cert:\t%d\n", i);
+            }
+        }
+
+        expectedResults = expectedResults >> 1;
+        PKIX_TEST_DECREF_BC(cert);
+        PKIX_TEST_DECREF_BC(errReturn);
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(errReturn);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function gets a policy from the Cert pointed to by "cert", according
+ * to the index provided by "index", creates an immutable List containing the
+ * OID of that policy, and stores the result at "pPolicyList".
+ */
+static void
+testGetPolicyFromCert(
+    PKIX_PL_Cert *cert,
+    PKIX_UInt32 index,
+    PKIX_List **pPolicyList)
+{
+    PKIX_List *policyInfo = NULL;
+    PKIX_PL_CertPolicyInfo *firstPolicy = NULL;
+    PKIX_PL_OID *policyOID = NULL;
+    PKIX_List *list = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &policyInfo, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(policyInfo,
+                                                index,
+                                                (PKIX_PL_Object **)&firstPolicy,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(firstPolicy, &policyOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)policyOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(list, plContext));
+
+    *pPolicyList = list;
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(policyInfo);
+    PKIX_TEST_DECREF_AC(firstPolicy);
+    PKIX_TEST_DECREF_AC(policyOID);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This custom matchCallback will pass any Certificate which has no
+ * CertificatePolicies extension and any Certificate whose Policies
+ * extension include a CertPolicyQualifier.
+ */
+static PKIX_Error *
+custom_CertSelector_MatchCallback(
+    PKIX_CertSelector *selector,
+    PKIX_PL_Cert *cert,
+    PKIX_Boolean *pResult,
+    void *plContext)
+{
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 numPolicies = 0;
+    PKIX_List *certPolicies = NULL;
+    PKIX_List *quals = NULL;
+    PKIX_PL_CertPolicyInfo *policy = NULL;
+    PKIX_Error *error = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    *pResult = PKIX_TRUE;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext));
+
+    if (certPolicies) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext));
+
+        for (i = 0; i < numPolicies; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies,
+                                                        i,
+                                                        (PKIX_PL_Object **)&policy,
+                                                        plContext));
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(policy, &quals, plContext));
+            if (quals) {
+                goto cleanup;
+            }
+            PKIX_TEST_DECREF_BC(policy);
+        }
+        PKIX_TEST_DECREF_BC(certPolicies);
+        *pResult = PKIX_FALSE;
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR,
+                                                    NULL,
+                                                    NULL,
+                                                    PKIX_TESTPOLICYEXTWITHNOPOLICYQUALIFIERS,
+                                                    &error,
+                                                    plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(certPolicies);
+    PKIX_TEST_DECREF_AC(policy);
+    PKIX_TEST_DECREF_AC(quals);
+
+    return (error);
+}
+
+/*
+ * This custom matchCallback will pass any Certificate whose
+ * CertificatePolicies extension asserts the Policy specified by
+ * the OID in the CertSelectorContext object.
+ */
+static PKIX_Error *
+custom_CertSelector_MatchOIDCallback(
+    PKIX_CertSelector *selector,
+    PKIX_PL_Cert *cert,
+    PKIX_Boolean *pResult,
+    void *plContext)
+{
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 numPolicies = 0;
+    PKIX_Boolean match = PKIX_FALSE;
+    PKIX_PL_Object *certSelectorContext = NULL;
+    PKIX_PL_OID *constraintOID = NULL;
+    PKIX_List *certPolicies = NULL;
+    PKIX_PL_CertPolicyInfo *policy = NULL;
+    PKIX_PL_OID *policyOID = NULL;
+    PKIX_PL_String *errorDesc = NULL;
+    PKIX_Error *error = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    *pResult = PKIX_TRUE;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCertSelectorContext(selector, &certSelectorContext, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(certSelectorContext, PKIX_OID_TYPE, plContext));
+
+    constraintOID = (PKIX_PL_OID *)certSelectorContext;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &certPolicies, plContext));
+
+    if (certPolicies) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicies, &numPolicies, plContext));
+
+        for (i = 0; i < numPolicies; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicies,
+                                                        i,
+                                                        (PKIX_PL_Object **)&policy,
+                                                        plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(policy, &policyOID, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)policyOID,
+                                                            (PKIX_PL_Object *)constraintOID,
+                                                            &match,
+                                                            plContext));
+
+            if (match) {
+                goto cleanup;
+            }
+            PKIX_TEST_DECREF_BC(policy);
+            PKIX_TEST_DECREF_BC(policyOID);
+        }
+    }
+
+    PKIX_TEST_DECREF_BC(certSelectorContext);
+    PKIX_TEST_DECREF_BC(certPolicies);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_CERTSELECTOR_ERROR,
+                                                NULL,
+                                                NULL,
+                                                PKIX_TESTNOMATCHINGPOLICY,
+                                                &error,
+                                                plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(certSelectorContext);
+    PKIX_TEST_DECREF_AC(certPolicies);
+    PKIX_TEST_DECREF_AC(policy);
+    PKIX_TEST_DECREF_AC(policyOID);
+    PKIX_TEST_DECREF_AC(errorDesc);
+
+    return (error);
+}
+
+static void
+testSubjectMatch(
+    PKIX_List *certs,
+    PKIX_PL_Cert *certNameToMatch)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *subjParams = NULL;
+    PKIX_PL_X500Name *subjectName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Subject name match");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext));
+    testSelector(selector, certs, 0x008);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(subjParams);
+    PKIX_TEST_DECREF_AC(subjectName);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testBasicConstraintsMatch(
+    PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *bcParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Basic Constraints match");
+    subTest("    pathLenContraint = -2: pass only EE's");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&bcParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -2, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+    testSelector(selector, certs, 0xC00);
+
+    subTest("    pathLenContraint = -1: pass all certs");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, -1, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+    testSelector(selector, certs, 0xFFF);
+
+    subTest("    pathLenContraint = 1: pass only certs with pathLen >= 1");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 1, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+    testSelector(selector, certs, 0x3DF);
+
+    subTest("    pathLenContraint = 2: pass only certs with  pathLen >= 2");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(bcParams, 2, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, bcParams, plContext));
+    testSelector(selector, certs, 0x39F);
+
+cleanup:
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(bcParams);
+
+    PKIX_TEST_RETURN();
+}
+
+static void testPolicyMatch(
+    PKIX_List *certs,
+    PKIX_PL_Cert *NIST1Cert,     /* a source for policy NIST1 */
+    PKIX_PL_Cert *NIST2Cert,     /* a source for policy NIST2 */
+    PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_List *emptyList = NULL;     /* no members */
+    PKIX_List *policy1List = NULL;   /* OIDs */
+    PKIX_List *policy2List = NULL;   /* OIDs */
+    PKIX_List *anyPolicyList = NULL; /* OIDs */
+    PKIX_ComCertSelParams *polParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Policy match");
+    testGetPolicyFromCert(NIST1Cert, 0, &policy1List);
+    testGetPolicyFromCert(NIST2Cert, 1, &policy2List);
+    testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList);
+
+    subTest("    Pass certs with any CertificatePolicies extension");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, emptyList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+    testSelector(selector, certs, 0xEFF);
+    PKIX_TEST_DECREF_BC(polParams);
+
+    subTest("    Pass only certs with policy NIST1");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy1List, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+    testSelector(selector, certs, 0xEF5);
+    PKIX_TEST_DECREF_BC(polParams);
+
+    subTest("    Pass only certs with policy NIST2");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, policy2List, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+    testSelector(selector, certs, 0x814);
+    PKIX_TEST_DECREF_BC(polParams);
+
+    subTest("    Pass only certs with policy anyPolicy");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&polParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(polParams, anyPolicyList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, polParams, plContext));
+    testSelector(selector, certs, 0x002);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(emptyList);
+    PKIX_TEST_DECREF_AC(policy1List);
+    PKIX_TEST_DECREF_AC(policy2List);
+    PKIX_TEST_DECREF_AC(anyPolicyList);
+    PKIX_TEST_DECREF_AC(polParams);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertificateMatch(
+    PKIX_List *certs,
+    PKIX_PL_Cert *certToMatch)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Certificate match");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(params, certToMatch, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+    testSelector(selector, certs, 0x008);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(params);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testNameConstraintsMatch(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_CertNameConstraints *permitNameConstraints1 = NULL;
+    PKIX_PL_CertNameConstraints *permitNameConstraints2 = NULL;
+    PKIX_PL_CertNameConstraints *permitNameConstraints3 = NULL;
+    PKIX_PL_CertNameConstraints *excludeNameConstraints1 = NULL;
+    PKIX_PL_CertNameConstraints *excludeNameConstraints2 = NULL;
+    PKIX_PL_CertNameConstraints *excludeNameConstraints3 = NULL;
+    PKIX_UInt32 numCerts = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test NameConstraints Cert Selector");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+    subTest("    PKIX_PL_Cert_GetNameConstraints <cert0-permitted>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 0, (PKIX_PL_Object **)&cert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints1, plContext));
+    PKIX_TEST_DECREF_BC(cert);
+
+    subTest("    PKIX_PL_Cert_GetNameConstraints <cert1-permitted>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 1, (PKIX_PL_Object **)&cert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints2, plContext));
+    PKIX_TEST_DECREF_BC(cert);
+
+    subTest("    PKIX_PL_Cert_GetNameConstraints <cert2-permitted>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 2, (PKIX_PL_Object **)&cert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &permitNameConstraints3, plContext));
+    PKIX_TEST_DECREF_BC(cert);
+
+    subTest("    PKIX_PL_Cert_GetNameConstraints <cert3-excluded>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 3, (PKIX_PL_Object **)&cert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints1, plContext));
+    PKIX_TEST_DECREF_BC(cert);
+
+    subTest("    PKIX_PL_Cert_GetNameConstraints <cert4-excluded>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 4, (PKIX_PL_Object **)&cert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints2, plContext));
+    PKIX_TEST_DECREF_BC(cert);
+
+    subTest("    PKIX_PL_Cert_GetNameConstraints <cert5-excluded>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, 5, (PKIX_PL_Object **)&cert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &excludeNameConstraints3, plContext));
+    PKIX_TEST_DECREF_BC(cert);
+
+    subTest("    Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    CertNameConstraints testing permitted NONE");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints1, plContext));
+    testSelector(selector, certs, 0x0);
+
+    subTest("    PKIX_ComCertSelParams_SetNameConstraint Reset");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    CertNameConstraints testing permitted ALL");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints2, plContext));
+    testSelector(selector, certs, 0x07F);
+
+    subTest("    CertNameConstraints testing permitted TWO");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, permitNameConstraints3, plContext));
+    testSelector(selector, certs, 0x0041);
+
+    subTest("    PKIX_ComCertSelParams_SetNameConstraint Reset");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, NULL, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    CertNameConstraints testing excluded");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints1, plContext));
+    testSelector(selector, certs, 0x07F);
+
+    subTest("    CertNameConstraints testing excluded");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints2, plContext));
+    testSelector(selector, certs, 0x07F);
+
+    subTest("    CertNameConstraints testing excluded");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(params, excludeNameConstraints3, plContext));
+    testSelector(selector, certs, 0x41);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(permitNameConstraints1);
+    PKIX_TEST_DECREF_AC(permitNameConstraints2);
+    PKIX_TEST_DECREF_AC(permitNameConstraints3);
+    PKIX_TEST_DECREF_AC(excludeNameConstraints1);
+    PKIX_TEST_DECREF_AC(excludeNameConstraints2);
+    PKIX_TEST_DECREF_AC(excludeNameConstraints3);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testPathToNamesMatch(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_List *nameList = NULL;
+    PKIX_PL_GeneralName *name = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test PathToName Cert Selector");
+
+    subTest("    PKIX_PL_GeneralName List create");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
+
+    subTest("    Add directory name <O=NotATest Certificates,C=US>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME,
+                             "O=NotATest Certificates,C=US",
+                             plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+
+    subTest("    Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+    subTest("    Permitting THREE");
+    testSelector(selector, certs, 0x58);
+
+    subTest("    Remove directory name <O=NotATest Certificates,C=US...>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    PKIX_ComCertSelParams_SetPathToNames Reset");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    Add directory name <OU=permittedSubtree1,O=Test...>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME,
+                             "OU=permittedSubtree1,O=Test Certificates,C=US",
+                             plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+    subTest("    Permitting SIX");
+    testSelector(selector, certs, 0x5F);
+
+    subTest("    Remove directory name <OU=permittedSubtree1,O=Test...>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(nameList, 0, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    PKIX_ComCertSelParams_SetNameConstraint Reset");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    Add directory name <O=Test Certificates,C=US...>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME,
+                             "O=Test Certificates,C=US",
+                             plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    PKIX_ComCertSelParams_SetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+    subTest("    Permitting FOUR");
+    testSelector(selector, certs, 0x47);
+
+    subTest("    Only directory name <OU=permittedSubtree1,O=Test ...>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME,
+                             "OU=permittedSubtree1,O=Test Certificates,C=US",
+                             plContext);
+
+    subTest("    PKIX_ComCertSelParams_AddPathToName");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    Permitting FOUR");
+    testSelector(selector, certs, 0x47);
+
+    subTest("    PKIX_ComCertSelParams_SetNameConstraint Reset");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+    PKIX_TEST_DECREF_BC(nameList);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
+
+    subTest("    Add directory name <CN=Valid DN nameConstraints EE...>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME, "CN=Valid DN nameConstraints EE "
+                                                  "Certificate Test1,OU=permittedSubtree1,"
+                                                  "O=Test Certificates,C=US",
+                             plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    PKIX_ComCertSelParams_SetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+    subTest("    Permitting SIX");
+    testSelector(selector, certs, 0x7e);
+
+    subTest("    Add directory name <OU=permittedSubtree1,O=Test>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME,
+                             "OU=permittedSubtree1,O=Test",
+                             plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    PKIX_ComCertSelParams_SetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, nameList, plContext));
+
+    subTest("    Permitting SIX");
+    testSelector(selector, certs, 0x58);
+
+    subTest("    Add directory name <O=Test Certificates,C=US>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME, "O=Test Certificates,C=US", plContext);
+
+    subTest("    PKIX_ComCertSelParams_SetPathToNames Reset");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(params, NULL, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(params, name, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    Permitting FOUR");
+    testSelector(selector, certs, 0x47);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(nameList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testSubjAltNamesMatch(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_List *nameList = NULL;
+    PKIX_PL_GeneralName *name = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test SubjAltNames Cert Selector");
+
+    subTest("    PKIX_PL_GeneralName List create");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameList, plContext));
+
+    subTest("    Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    Add directory name <CN=Invalid DN nameConstraints EE...>");
+    name = createGeneralName(PKIX_DIRECTORY_NAME,
+                             "CN=Invalid DN nameConstraints EE Certificate Test3,"
+                             "OU=excludedSubtree1,O=Test Certificates,C=US",
+                             plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameList, (PKIX_PL_Object *)name, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetSubjAltNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(params, nameList, plContext));
+
+    PKIX_TEST_DECREF_BC(name);
+    PKIX_TEST_DECREF_BC(nameList);
+
+    subTest("    Permitting ONE");
+    testSelector(selector, certs, 0x1);
+
+    subTest("    Add DNS name <mytestcertificates.gov>");
+    name = createGeneralName(PKIX_DNS_NAME,
+                             "mytestcertificates.gov",
+                             plContext);
+
+    subTest("    PKIX_ComCertSelParams_AddSubjAltName");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(params, name, plContext));
+    PKIX_TEST_DECREF_BC(name);
+
+    subTest("    Permitting NONE");
+    testSelector(selector, certs, 0x0);
+
+    subTest("    PKIX_ComCertSelParams_SetMatchAllSubjAltNames to FALSE");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(params, PKIX_FALSE, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    Permitting TWO");
+    testSelector(selector, certs, 0x3);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(name);
+    PKIX_TEST_DECREF_AC(nameList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertificateValidMatch(
+    PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_PL_String *stringRep = NULL;
+    PKIX_PL_Date *testDate = NULL;
+    char *asciiRep = "050501000000Z";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("CertificateValid match");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(params, testDate, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+    testSelector(selector, certs, 0xFFFFFFFF);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(stringRep);
+    PKIX_TEST_DECREF_AC(testDate);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_customCallback1(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("custom matchCallback");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchCallback,
+                                                       NULL,
+                                                       &selector,
+                                                       plContext));
+
+    testSelector(selector, certs, 0x900);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+
+    PKIX_TEST_RETURN();
+}
+
+static void test_customCallback2(PKIX_List *certs,
+                                 PKIX_PL_Cert *anyPolicyCert) /* a source for policy anyPolicy */
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_List *anyPolicyList = NULL; /* OIDs */
+    PKIX_PL_OID *policyOID = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("custom matchCallback with CertSelectorContext");
+
+    testGetPolicyFromCert(anyPolicyCert, 0, &anyPolicyList);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(anyPolicyList, 0, (PKIX_PL_Object **)&policyOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(custom_CertSelector_MatchOIDCallback,
+                                                       (PKIX_PL_Object *)policyOID,
+                                                       &selector,
+                                                       plContext));
+
+    testSelector(selector, certs, (1 << ANYPOLICYCERT));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(anyPolicyList);
+    PKIX_TEST_DECREF_AC(policyOID);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testExtendedKeyUsageMatch(char *certDir)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_OID *ekuOid = NULL;
+    PKIX_List *ekuOidList = NULL;
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore_CertCallback certCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    PKIX_UInt32 numCert = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test Extended KeyUsage Cert Selector");
+
+    subTest("    PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("    Create Extended Key Usage OID List");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuOidList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.2", &ekuOid, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext));
+
+    PKIX_TEST_DECREF_BC(ekuOid);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.3", &ekuOid, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuOidList, (PKIX_PL_Object *)ekuOid, plContext));
+
+    PKIX_TEST_DECREF_BC(ekuOid);
+
+    subTest("    PKIX_ComCertSelParams_SetExtendedKeyUsage");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, ekuOidList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+
+    subTest("    PKIX_PL_CollectionCertStoreContext_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
+
+    subTest("    PKIX_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
+
+    subTest("    PKIX_CertStore_GetCertCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+    subTest("    Getting data from Cert Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+    if (numCert != PKIX_TEST_CERTSELECTOR_EXTKEYUSAGE_NUM_CERTS) {
+        pkixTestErrorMsg = "unexpected Cert number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(ekuOid);
+    PKIX_TEST_DECREF_AC(ekuOidList);
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(certList);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testKeyUsageMatch(char *certDir)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore_CertCallback certCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    PKIX_UInt32 numCert = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test KeyUsage Cert Selector");
+
+    subTest("    PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetKeyUsage");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, PKIX_CRL_SIGN, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+
+    subTest("    PKIX_PL_CollectionCertStoreContext_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
+
+    subTest("    PKIX_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
+
+    subTest("    PKIX_CertStore_GetCertCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+    subTest("    Getting data from Cert Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+    if (numCert != PKIX_TEST_CERTSELECTOR_KEYUSAGE_NUM_CERTS) {
+        pkixTestErrorMsg = "unexpected Cert number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(certList);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertValidMatch(char *certDir)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_Date *validDate = NULL;
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore_CertCallback certCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    PKIX_UInt32 numCert = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test CertValid Cert Selector");
+
+    subTest("    PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    validDate = createDate("050601000000Z", plContext);
+
+    subTest("    PKIX_ComCertSelParams_SetCertificateValid");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, validDate, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+
+    subTest("    PKIX_PL_CollectionCertStoreContext_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
+
+    subTest("    PKIX_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
+
+    subTest("    PKIX_CertStore_GetCertCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+    subTest("    Getting data from Cert Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+    if (numCert != PKIX_TEST_CERTSELECTOR_CERTVALID_NUM_CERTS) {
+        pkixTestErrorMsg = "unexpected Cert number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(validDate);
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(certList);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testIssuerMatch(char *certDir)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_X500Name *issuer = NULL;
+    PKIX_PL_String *issuerStr = NULL;
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore_CertCallback certCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    char *issuerName = "CN=science,O=mit,C=US";
+    PKIX_UInt32 numCert = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test Issuer Cert Selector");
+
+    subTest("    PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, issuerName, 0, &issuerStr, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerStr, &issuer, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetIssuer");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, issuer, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+
+    subTest("    PKIX_PL_CollectionCertStoreContext_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
+
+    subTest("    PKIX_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
+
+    subTest("    PKIX_CertStore_GetCertCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+    subTest("    Getting data from Cert Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+    if (numCert != PKIX_TEST_CERTSELECTOR_ISSUER_NUM_CERTS) {
+        pkixTestErrorMsg = "unexpected Cert number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(issuer);
+    PKIX_TEST_DECREF_AC(issuerStr);
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(certList);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testSerialNumberVersionMatch(char *certDir)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_BigInt *serialNumber = NULL;
+    PKIX_PL_String *serialNumberStr = NULL;
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore_CertCallback certCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    PKIX_UInt32 numCert = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test Serial Number Cert Selector");
+
+    subTest("    PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "01", 0, &serialNumberStr, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(serialNumberStr, &serialNumber, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetSerialNumber");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, serialNumber, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetVersion");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 0, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, certDir, 0, &dirString, plContext));
+
+    subTest("    PKIX_PL_CollectionCertStoreContext_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
+
+    subTest("    PKIX_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, goodParams, plContext));
+
+    subTest("    PKIX_CertStore_GetCertCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+    subTest("    Getting data from Cert Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+    PKIX_TEST_DECREF_BC(certList);
+
+    if (numCert != 0) {
+        pkixTestErrorMsg = "unexpected Version mismatch";
+    }
+
+    subTest("    PKIX_ComCertSelParams_SetVersion");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext));
+
+    subTest("    Getting data from Cert Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore, certSelector, &nbioContext, &certList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+    if (numCert != PKIX_TEST_CERTSELECTOR_SERIALNUMBER_NUM_CERTS) {
+        pkixTestErrorMsg = "unexpected Serial Number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(serialNumber);
+    PKIX_TEST_DECREF_AC(serialNumberStr);
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(certList);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testSubjKeyIdMatch(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_ByteArray *selSubjKeyId = NULL;
+    PKIX_UInt32 item = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test Subject Key Id Cert Selector");
+
+    item = 2;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
+
+    subTest("    PKIX_PL_Cert_GetSubjectKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &selSubjKeyId, plContext));
+
+    subTest("    Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetSubjKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(params, selSubjKeyId, plContext));
+
+    subTest("    Select One");
+    testSelector(selector, certs, 1 << item);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selSubjKeyId);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(selector);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAuthKeyIdMatch(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_ByteArray *selAuthKeyId = NULL;
+    PKIX_UInt32 item = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test Auth Key Id Cert Selector");
+
+    item = 3;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
+
+    subTest("    PKIX_PL_Cert_GetAuthorityKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &selAuthKeyId, plContext));
+
+    subTest("    Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(params, selAuthKeyId, plContext));
+
+    subTest("    Select TWO");
+    testSelector(selector, certs, (1 << item) | (1 << 1));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selAuthKeyId);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(selector);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testSubjPKAlgIdMatch(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_OID *selAlgId = NULL;
+    PKIX_UInt32 item = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test Subject Public Key Algorithm Id Cert Selector");
+
+    item = 0;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
+
+    subTest("    PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(cert, &selAlgId, plContext));
+
+    subTest("    Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetSubjPKAlgId");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(params, selAlgId, plContext));
+
+    subTest("    Select All");
+    testSelector(selector, certs, 0x7F);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selAlgId);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(selector);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testSubjPublicKeyMatch(PKIX_List *certs)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *params = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_PublicKey *selPublicKey = NULL;
+    PKIX_UInt32 item = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test Subject Public Key Cert Selector");
+
+    item = 5;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, item, (PKIX_PL_Object **)&cert, plContext));
+
+    subTest("    PKIX_PL_Cert_GetSubjectPublicKey");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &selPublicKey, plContext));
+
+    subTest("    Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&params, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, params, plContext));
+
+    subTest("    PKIX_ComCertSelParams_SetSubjPubKey");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(params, selPublicKey, plContext));
+
+    subTest("    Select ONE");
+    testSelector(selector, certs, 1 << item);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selPublicKey);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(params);
+    PKIX_TEST_DECREF_AC(selector);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_CertSelector_Duplicate(PKIX_CertSelector *selector)
+{
+    PKIX_Int32 goodBasicConstraints = 0;
+    PKIX_Int32 equalBasicConstraints = 0;
+    PKIX_CertSelector *dupSelector = NULL;
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_ComCertSelParams *equalParams = NULL;
+    PKIX_CertSelector_MatchCallback goodCallback = NULL;
+    PKIX_CertSelector_MatchCallback equalCallback = NULL;
+    PKIX_PL_X500Name *goodSubject = NULL;
+    PKIX_PL_X500Name *equalSubject = NULL;
+    PKIX_List *goodPolicy = NULL;
+    PKIX_List *equalPolicy = NULL;
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Date *goodDate = NULL;
+    PKIX_PL_Date *equalDate = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("test_CertSelector_Duplicate");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)selector,
+                                                       (PKIX_PL_Object **)&dupSelector,
+                                                       plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(selector, &goodParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetCommonCertSelectorParams(dupSelector, &equalParams, plContext));
+    /* There is no equals function, so look at components separately. */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
+    if (goodSubject && equalSubject) {
+        testEqualsHelper((PKIX_PL_Object *)goodSubject,
+                         (PKIX_PL_Object *)equalSubject,
+                         PKIX_TRUE,
+                         plContext);
+    } else {
+        if
+            PKIX_EXACTLY_ONE_NULL(goodSubject, equalSubject)
+            {
+                pkixTestErrorMsg = "Subject Names are not equal!";
+                goto cleanup;
+            }
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicy, plContext));
+    if (goodPolicy && equalPolicy) {
+        testEqualsHelper((PKIX_PL_Object *)goodPolicy,
+                         (PKIX_PL_Object *)equalPolicy,
+                         PKIX_TRUE,
+                         plContext);
+    } else {
+        if
+            PKIX_EXACTLY_ONE_NULL(goodPolicy, equalPolicy)
+            {
+                pkixTestErrorMsg = "Policy Lists are not equal!";
+                goto cleanup;
+            }
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext));
+    if (goodCert && equalCert) {
+        testEqualsHelper((PKIX_PL_Object *)goodCert,
+                         (PKIX_PL_Object *)equalCert,
+                         PKIX_TRUE,
+                         plContext);
+    } else {
+        if
+            PKIX_EXACTLY_ONE_NULL(goodCert, equalCert)
+            {
+                pkixTestErrorMsg = "Cert Lists are not equal!";
+                goto cleanup;
+            }
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext));
+    if (goodCert && equalCert) {
+        testEqualsHelper((PKIX_PL_Object *)goodDate,
+                         (PKIX_PL_Object *)equalDate,
+                         PKIX_TRUE,
+                         plContext);
+    } else {
+        if
+            PKIX_EXACTLY_ONE_NULL(goodDate, equalDate)
+            {
+                pkixTestErrorMsg = "Date Lists are not equal!";
+                goto cleanup;
+            }
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodBasicConstraints, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalBasicConstraints, plContext));
+    if (goodBasicConstraints != equalBasicConstraints) {
+        pkixTestErrorMsg = "BasicConstraints are not equal!";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(selector, &goodCallback, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_GetMatchCallback(dupSelector, &equalCallback, plContext));
+    if (goodCallback != equalCallback) {
+        pkixTestErrorMsg = "MatchCallbacks are not equal!";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dupSelector);
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(equalParams);
+    PKIX_TEST_DECREF_AC(goodSubject);
+    PKIX_TEST_DECREF_AC(equalSubject);
+    PKIX_TEST_DECREF_AC(goodPolicy);
+    PKIX_TEST_DECREF_AC(equalPolicy);
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(equalCert);
+    PKIX_TEST_DECREF_AC(goodDate);
+    PKIX_TEST_DECREF_AC(equalDate);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_certselector <NIST_FILES_DIR> <cert-dir>\n\n");
+}
+
+int
+test_certselector(int argc, char *argv[])
+{
+
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 actualMinorVersion;
+
+    PKIX_CertSelector *emptySelector = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_List *nameConstraintsCerts = NULL;
+    PKIX_List *subjAltNamesCerts = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_Cert *policy1Cert = NULL;
+    PKIX_PL_Cert *policy2Cert = NULL;
+    PKIX_PL_Cert *anyPolicyCert = NULL;
+    PKIX_PL_Cert *subjectCert = NULL;
+    PKIX_ComCertSelParams *selParams = NULL;
+    char *certDir = NULL;
+    char *dirName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("CertSelector");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 3) {
+        printUsage();
+        return (0);
+    }
+
+    dirName = argv[j + 1];
+    certDir = argv[j + 3];
+
+    /* Create a List of certs to use in testing the selector */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
+
+    for (i = 0; i < NUMCERTS; i++) {
+
+        cert = createCert(dirName, certList[i], plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)cert, plContext));
+        if (i == POLICY1CERT) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+            policy1Cert = cert;
+        }
+        if (i == ANYPOLICYCERT) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+            anyPolicyCert = cert;
+        }
+        if (i == POLICY2CERT) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+            policy2Cert = cert;
+        }
+        if (i == SUBJECTCERT) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)cert, plContext));
+            subjectCert = cert;
+        }
+        PKIX_TEST_DECREF_BC(cert);
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&nameConstraintsCerts, plContext));
+
+    for (i = 0; i < NUMNCCERTS; i++) {
+
+        cert = createCert(dirName, ncCertList[i], plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(nameConstraintsCerts,
+                                                       (PKIX_PL_Object *)cert,
+                                                       plContext));
+
+        PKIX_TEST_DECREF_BC(cert);
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&subjAltNamesCerts, plContext));
+
+    for (i = 0; i < NUMSANCERTS; i++) {
+
+        cert = createCert(dirName, sanCertList[i], plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(subjAltNamesCerts,
+                                                       (PKIX_PL_Object *)cert,
+                                                       plContext));
+
+        PKIX_TEST_DECREF_BC(cert);
+    }
+
+    subTest("test_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &emptySelector, plContext));
+
+    subTest("Default Match, no parameters set");
+    testSelector(emptySelector, certs, 0xFFFFFFFF);
+
+    testSubjectMatch(certs, subjectCert);
+
+    testBasicConstraintsMatch(certs);
+
+    testPolicyMatch(certs, policy1Cert, policy2Cert, anyPolicyCert);
+
+    testCertificateMatch(certs, subjectCert);
+
+    testCertificateValidMatch(certs);
+
+    subTest("Combination: pass only EE certs that assert some policy");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(selParams, -2, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(emptySelector, selParams, plContext));
+    testSelector(emptySelector, certs, 0xC00);
+
+    testNameConstraintsMatch(nameConstraintsCerts);
+
+    testPathToNamesMatch(nameConstraintsCerts);
+
+    testSubjAltNamesMatch(subjAltNamesCerts);
+
+    testExtendedKeyUsageMatch(certDir);
+
+    testKeyUsageMatch(certDir);
+
+    testIssuerMatch(certDir);
+
+    testSerialNumberVersionMatch(certDir);
+
+    testCertValidMatch(certDir);
+
+    testSubjKeyIdMatch(nameConstraintsCerts);
+
+    testAuthKeyIdMatch(nameConstraintsCerts);
+
+    testSubjPKAlgIdMatch(nameConstraintsCerts);
+
+    testSubjPublicKeyMatch(nameConstraintsCerts);
+
+    test_CertSelector_Duplicate(emptySelector);
+
+    test_customCallback1(certs);
+
+    test_customCallback2(certs, anyPolicyCert);
+
+    subTest("test_CertSelector_Destroy");
+
+    PKIX_TEST_DECREF_BC(emptySelector);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(emptySelector);
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(policy1Cert);
+    PKIX_TEST_DECREF_AC(policy2Cert);
+    PKIX_TEST_DECREF_AC(anyPolicyCert);
+    PKIX_TEST_DECREF_AC(subjectCert);
+    PKIX_TEST_DECREF_AC(selParams);
+    PKIX_TEST_DECREF_AC(nameConstraintsCerts);
+    PKIX_TEST_DECREF_AC(subjAltNamesCerts);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CertSelector");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c b/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c
new file mode 100644
index 0000000..57f192a
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/certsel/test_comcertselparams.c
@@ -0,0 +1,800 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_comcertselparams.c
+ *
+ * Test Common Cert Selector Params
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+test_CreateOIDList(PKIX_List *certPolicyInfos, PKIX_List **pPolicyOIDs)
+{
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 numInfos = 0;
+    PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL;
+    PKIX_PL_OID *policyOID = NULL;
+    PKIX_List *certPolicies = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    /* Convert from List of CertPolicyInfos to List of OIDs */
+    if (certPolicyInfos) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certPolicyInfos, &numInfos, plContext));
+    }
+
+    if (numInfos > 0) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certPolicies, plContext));
+    }
+    for (i = 0; i < numInfos; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certPolicyInfos,
+                                                    i,
+                                                    (PKIX_PL_Object **)&certPolicyInfo,
+                                                    plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(certPolicyInfo, &policyOID, plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certPolicies, (PKIX_PL_Object *)policyOID, plContext));
+        PKIX_TEST_DECREF_BC(certPolicyInfo);
+        PKIX_TEST_DECREF_BC(policyOID);
+    }
+
+    *pPolicyOIDs = certPolicies;
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(certPolicyInfo);
+    PKIX_TEST_DECREF_AC(policyOID);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_NameConstraints(char *dirName)
+{
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_CertNameConstraints *getNameConstraints = NULL;
+    PKIX_PL_CertNameConstraints *setNameConstraints = NULL;
+    PKIX_ComCertSelParams *goodParams = NULL;
+    char *expectedAscii =
+        "[\n"
+        "\t\tPermitted Name:  (OU=permittedSubtree1,"
+        "O=Test Certificates,C=US, OU=permittedSubtree2,"
+        "O=Test Certificates,C=US)\n"
+        "\t\tExcluded Name:   (EMPTY)\n"
+        "\t]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Create Cert for NameConstraints test");
+
+    goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext);
+
+    subTest("PKIX_PL_Cert_GetNameConstraints");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &setNameConstraints, plContext));
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetNameConstraints");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetNameConstraints(goodParams, setNameConstraints, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetNameConstraints");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetNameConstraints(goodParams, &getNameConstraints, plContext));
+
+    subTest("Compare NameConstraints");
+    testEqualsHelper((PKIX_PL_Object *)setNameConstraints,
+                     (PKIX_PL_Object *)getNameConstraints,
+                     PKIX_TRUE,
+                     plContext);
+
+    subTest("Compare NameConstraints with canned string");
+    testToStringHelper((PKIX_PL_Object *)getNameConstraints,
+                       expectedAscii,
+                       plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(getNameConstraints);
+    PKIX_TEST_DECREF_AC(setNameConstraints);
+    PKIX_TEST_DECREF_AC(goodParams);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_PathToNames(void)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_List *setGenNames = NULL;
+    PKIX_List *getGenNames = NULL;
+    PKIX_PL_GeneralName *rfc822GenName = NULL;
+    PKIX_PL_GeneralName *dnsGenName = NULL;
+    PKIX_PL_GeneralName *dirGenName = NULL;
+    PKIX_PL_GeneralName *uriGenName = NULL;
+    PKIX_PL_GeneralName *oidGenName = NULL;
+    char *rfc822Name = "john.doe@labs.com";
+    char *dnsName = "comcast.net";
+    char *dirName = "cn=john, ou=labs, o=sun, c=us";
+    char *uriName = "http://comcast.net";
+    char *oidName = "1.2.840.11";
+    char *expectedAscii =
+        "(john.doe@labs.com, "
+        "comcast.net, "
+        "CN=john,OU=labs,O=sun,C=us, "
+        "http://comcast.net)";
+    char *expectedAsciiAll =
+        "(john.doe@labs.com, "
+        "comcast.net, "
+        "CN=john,OU=labs,O=sun,C=us, "
+        "http://comcast.net, "
+        "1.2.840.11)";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_GeneralName_Create");
+    dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
+    uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
+    oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
+    dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
+    rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
+                                      rfc822Name,
+                                      plContext);
+
+    subTest("PKIX_PL_GeneralName List create and append");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPathToNames(goodParams, setGenNames, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext));
+
+    subTest("Compare GeneralName List");
+    testEqualsHelper((PKIX_PL_Object *)setGenNames,
+                     (PKIX_PL_Object *)getGenNames,
+                     PKIX_TRUE,
+                     plContext);
+
+    subTest("Compare GeneralName List with canned string");
+    testToStringHelper((PKIX_PL_Object *)getGenNames,
+                       expectedAscii,
+                       plContext);
+
+    subTest("PKIX_ComCertSelParams_AddPathToName");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddPathToName(goodParams, oidGenName, plContext));
+
+    PKIX_TEST_DECREF_BC(getGenNames);
+
+    subTest("PKIX_ComCertSelParams_GetPathToNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPathToNames(goodParams, &getGenNames, plContext));
+
+    subTest("Compare GeneralName List with canned string");
+    testToStringHelper((PKIX_PL_Object *)getGenNames,
+                       expectedAsciiAll,
+                       plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(setGenNames);
+    PKIX_TEST_DECREF_AC(getGenNames);
+    PKIX_TEST_DECREF_AC(rfc822GenName);
+    PKIX_TEST_DECREF_AC(dnsGenName);
+    PKIX_TEST_DECREF_AC(dirGenName);
+    PKIX_TEST_DECREF_AC(uriGenName);
+    PKIX_TEST_DECREF_AC(oidGenName);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_SubjAltNames(void)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_List *setGenNames = NULL;
+    PKIX_List *getGenNames = NULL;
+    PKIX_PL_GeneralName *rfc822GenName = NULL;
+    PKIX_PL_GeneralName *dnsGenName = NULL;
+    PKIX_PL_GeneralName *dirGenName = NULL;
+    PKIX_PL_GeneralName *uriGenName = NULL;
+    PKIX_PL_GeneralName *oidGenName = NULL;
+    PKIX_Boolean matchAll = PKIX_TRUE;
+    char *rfc822Name = "john.doe@labs.com";
+    char *dnsName = "comcast.net";
+    char *dirName = "cn=john, ou=labs, o=sun, c=us";
+    char *uriName = "http://comcast.net";
+    char *oidName = "1.2.840.11";
+    char *expectedAscii =
+        "(john.doe@labs.com, "
+        "comcast.net, "
+        "CN=john,OU=labs,O=sun,C=us, "
+        "http://comcast.net)";
+    char *expectedAsciiAll =
+        "(john.doe@labs.com, "
+        "comcast.net, "
+        "CN=john,OU=labs,O=sun,C=us, "
+        "http://comcast.net, "
+        "1.2.840.11)";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_GeneralName_Create");
+    dnsGenName = createGeneralName(PKIX_DNS_NAME, dnsName, plContext);
+    uriGenName = createGeneralName(PKIX_URI_NAME, uriName, plContext);
+    oidGenName = createGeneralName(PKIX_OID_NAME, oidName, plContext);
+    dirGenName = createGeneralName(PKIX_DIRECTORY_NAME, dirName, plContext);
+    rfc822GenName = createGeneralName(PKIX_RFC822_NAME,
+                                      rfc822Name,
+                                      plContext);
+
+    subTest("PKIX_PL_GeneralName List create and append");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setGenNames, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)rfc822GenName, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dnsGenName, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)dirGenName, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setGenNames, (PKIX_PL_Object *)uriGenName, plContext));
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetSubjAltNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjAltNames(goodParams, setGenNames, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetSubjAltNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
+
+    subTest("Compare GeneralName List");
+    testEqualsHelper((PKIX_PL_Object *)setGenNames,
+                     (PKIX_PL_Object *)getGenNames,
+                     PKIX_TRUE,
+                     plContext);
+
+    subTest("Compare GeneralName List with canned string");
+    testToStringHelper((PKIX_PL_Object *)getGenNames,
+                       expectedAscii,
+                       plContext);
+
+    subTest("PKIX_ComCertSelParams_AddSubjAltName");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(goodParams, oidGenName, plContext));
+
+    PKIX_TEST_DECREF_BC(getGenNames);
+
+    subTest("PKIX_ComCertSelParams_GetSubjAltNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjAltNames(goodParams, &getGenNames, plContext));
+
+    subTest("Compare GeneralName List with canned string");
+    testToStringHelper((PKIX_PL_Object *)getGenNames,
+                       expectedAsciiAll,
+                       plContext);
+
+    subTest("PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
+    if (matchAll != PKIX_TRUE) {
+        testError("unexpected mismatch <expect TRUE>");
+    }
+
+    subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(goodParams, PKIX_FALSE, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetMatchAllSubjAltNames(goodParams, &matchAll, plContext));
+    if (matchAll != PKIX_FALSE) {
+        testError("unexpected mismatch <expect FALSE>");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(setGenNames);
+    PKIX_TEST_DECREF_AC(getGenNames);
+    PKIX_TEST_DECREF_AC(rfc822GenName);
+    PKIX_TEST_DECREF_AC(dnsGenName);
+    PKIX_TEST_DECREF_AC(dirGenName);
+    PKIX_TEST_DECREF_AC(uriGenName);
+    PKIX_TEST_DECREF_AC(oidGenName);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_KeyUsages(void)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_OID *ekuOid = NULL;
+    PKIX_List *setExtKeyUsage = NULL;
+    PKIX_List *getExtKeyUsage = NULL;
+    PKIX_UInt32 getKeyUsage = 0;
+    PKIX_UInt32 setKeyUsage = 0x1FF;
+    PKIX_Boolean isEqual = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetKeyUsage");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetKeyUsage(goodParams, setKeyUsage, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetKeyUsage");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetKeyUsage(goodParams, &getKeyUsage, plContext));
+
+    if (setKeyUsage != getKeyUsage) {
+        testError("unexpected KeyUsage mismatch <expect equal>");
+    }
+
+    subTest("PKIX_PL_OID List create and append");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setExtKeyUsage, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.1", &ekuOid, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
+    PKIX_TEST_DECREF_BC(ekuOid);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.3.6.1.5.5.7.3.8", &ekuOid, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setExtKeyUsage, (PKIX_PL_Object *)ekuOid, plContext));
+    PKIX_TEST_DECREF_BC(ekuOid);
+
+    subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(goodParams, setExtKeyUsage, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetExtendedKeyUsage");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetExtendedKeyUsage(goodParams, &getExtKeyUsage, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setExtKeyUsage,
+                                                    (PKIX_PL_Object *)getExtKeyUsage,
+                                                    &isEqual,
+                                                    plContext));
+
+    if (isEqual == PKIX_FALSE) {
+        testError("unexpected ExtKeyUsage mismatch <expect equal>");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(ekuOid);
+    PKIX_TEST_DECREF_AC(setExtKeyUsage);
+    PKIX_TEST_DECREF_AC(getExtKeyUsage);
+    PKIX_TEST_DECREF_AC(goodParams);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_Version_Issuer_SerialNumber(void)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_UInt32 version = 0;
+    PKIX_PL_X500Name *setIssuer = NULL;
+    PKIX_PL_X500Name *getIssuer = NULL;
+    PKIX_PL_String *str = NULL;
+    PKIX_PL_BigInt *setSerialNumber = NULL;
+    PKIX_PL_BigInt *getSerialNumber = NULL;
+    PKIX_Boolean isEqual = PKIX_FALSE;
+    char *bigInt = "999999999999999999";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    /* Version */
+    subTest("PKIX_ComCertSelParams_SetVersion");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetVersion(goodParams, 2, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetVersion");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetVersion(goodParams, &version, plContext));
+
+    if (version != 2) {
+        testError("unexpected Version mismatch <expect 2>");
+    }
+
+    /* Issuer */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "CN=Test,O=Sun,C=US", 0, &str, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(str, &setIssuer, plContext));
+
+    PKIX_TEST_DECREF_BC(str);
+
+    subTest("PKIX_ComCertSelParams_SetIssuer");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetIssuer(goodParams, setIssuer, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetIssuer");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetIssuer(goodParams, &getIssuer, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuer,
+                                                    (PKIX_PL_Object *)getIssuer,
+                                                    &isEqual,
+                                                    plContext));
+
+    if (isEqual == PKIX_FALSE) {
+        testError("unexpected Issuer mismatch <expect equal>");
+    }
+
+    /* Serial Number */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, bigInt, PL_strlen(bigInt), &str, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(str, &setSerialNumber, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetSerialNumber");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSerialNumber(goodParams, setSerialNumber, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetSerialNumber");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSerialNumber(goodParams, &getSerialNumber, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setSerialNumber,
+                                                    (PKIX_PL_Object *)getSerialNumber,
+                                                    &isEqual,
+                                                    plContext));
+
+    if (isEqual == PKIX_FALSE) {
+        testError("unexpected Serial Number mismatch <expect equal>");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(str);
+    PKIX_TEST_DECREF_AC(setIssuer);
+    PKIX_TEST_DECREF_AC(getIssuer);
+    PKIX_TEST_DECREF_AC(setSerialNumber);
+    PKIX_TEST_DECREF_AC(getSerialNumber);
+    PKIX_TEST_DECREF_AC(goodParams);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_SubjKeyId_AuthKeyId(void)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_ByteArray *setKeyId = NULL;
+    PKIX_PL_ByteArray *getKeyId = NULL;
+    PKIX_Boolean isEqual = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    /* Subject Key Identifier */
+    subTest("PKIX_PL_ByteArray_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"66099", 1, &setKeyId, plContext));
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetSubjectKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjKeyIdentifier(goodParams, setKeyId, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetSubjectKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjKeyIdentifier(goodParams, &getKeyId, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
+                                                    (PKIX_PL_Object *)getKeyId,
+                                                    &isEqual,
+                                                    plContext));
+
+    if (isEqual == PKIX_FALSE) {
+        testError("unexpected Subject Key Id mismatch <expect equal>");
+    }
+
+    PKIX_TEST_DECREF_BC(setKeyId);
+    PKIX_TEST_DECREF_BC(getKeyId);
+
+    /* Authority Key Identifier */
+    subTest("PKIX_PL_ByteArray_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)"11022", 1, &setKeyId, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetAuthorityKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(goodParams, setKeyId, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetAuthorityKeyIdentifier");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(goodParams, &getKeyId, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setKeyId,
+                                                    (PKIX_PL_Object *)getKeyId,
+                                                    &isEqual,
+                                                    plContext));
+
+    if (isEqual == PKIX_FALSE) {
+        testError("unexpected Auth Key Id mismatch <expect equal>");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setKeyId);
+    PKIX_TEST_DECREF_AC(getKeyId);
+    PKIX_TEST_DECREF_AC(goodParams);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_SubjAlgId_SubjPublicKey(char *dirName)
+{
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_PL_OID *setAlgId = NULL;
+    PKIX_PL_OID *getAlgId = NULL;
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_PublicKey *setPublicKey = NULL;
+    PKIX_PL_PublicKey *getPublicKey = NULL;
+    PKIX_Boolean isEqual = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    /* Subject Algorithm Identifier */
+    subTest("PKIX_PL_OID_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create("1.1.2.3", &setAlgId, plContext));
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetSubjPKAlgId");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPKAlgId(goodParams, setAlgId, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetSubjPKAlgId");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPKAlgId(goodParams, &getAlgId, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setAlgId,
+                                                    (PKIX_PL_Object *)getAlgId,
+                                                    &isEqual,
+                                                    plContext));
+
+    if (isEqual == PKIX_FALSE) {
+        testError("unexpected Subject Public Key Alg mismatch "
+                  "<expect equal>");
+    }
+
+    /* Subject Public Key */
+    subTest("Getting Cert for Subject Public Key");
+
+    goodCert = createCert(dirName, "nameConstraintsDN2CACert.crt", plContext);
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodCert, &setPublicKey, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetSubjPubKey");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubjPubKey(goodParams, setPublicKey, plContext));
+
+    subTest("PKIX_ComCertSelParams_GetSubjPubKey");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubjPubKey(goodParams, &getPublicKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setPublicKey,
+                                                    (PKIX_PL_Object *)getPublicKey,
+                                                    &isEqual,
+                                                    plContext));
+
+    if (isEqual == PKIX_FALSE) {
+        testError("unexpected Subject Public Key mismatch "
+                  "<expect equal>");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setAlgId);
+    PKIX_TEST_DECREF_AC(getAlgId);
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(setPublicKey);
+    PKIX_TEST_DECREF_AC(getPublicKey);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_comcertselparams <NIST_FILES_DIR> \n\n");
+}
+
+int
+test_comcertselparams(int argc, char *argv[])
+{
+
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_PL_Cert *testCert = NULL;
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+    PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+    PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+    PKIX_List *testPolicyInfos = NULL;  /* CertPolicyInfos */
+    PKIX_List *cert2PolicyInfos = NULL; /* CertPolicyInfos */
+
+    PKIX_ComCertSelParams *goodParams = NULL;
+    PKIX_ComCertSelParams *equalParams = NULL;
+    PKIX_PL_X500Name *goodSubject = NULL;
+    PKIX_PL_X500Name *equalSubject = NULL;
+    PKIX_PL_X500Name *diffSubject = NULL;
+    PKIX_PL_X500Name *testSubject = NULL;
+    PKIX_Int32 goodMinPathLength = 0;
+    PKIX_Int32 equalMinPathLength = 0;
+    PKIX_Int32 diffMinPathLength = 0;
+    PKIX_Int32 testMinPathLength = 0;
+    PKIX_List *goodPolicies = NULL;  /* OIDs */
+    PKIX_List *equalPolicies = NULL; /* OIDs */
+    PKIX_List *testPolicies = NULL;  /* OIDs */
+    PKIX_List *cert2Policies = NULL; /* OIDs */
+
+    PKIX_PL_Date *testDate = NULL;
+    PKIX_PL_Date *goodDate = NULL;
+    PKIX_PL_Date *equalDate = NULL;
+    PKIX_PL_String *stringRep = NULL;
+    char *asciiRep = NULL;
+    char *dirName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 2) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("ComCertSelParams");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    dirName = argv[j + 1];
+
+    asciiRep = "050501000000Z";
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiRep, 0, &stringRep, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(stringRep, &testDate, plContext));
+
+    testCert = createCert(dirName, "PoliciesP1234CACert.crt", plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(testCert, &testSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(testCert, &goodBasicConstraints, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &testMinPathLength, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(testCert, &testPolicyInfos, plContext));
+
+    /* Convert from List of CertPolicyInfos to List of OIDs */
+    test_CreateOIDList(testPolicyInfos, &testPolicies);
+
+    subTest("Create goodParams and set its fields");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&goodParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(goodParams, testSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(goodParams, testMinPathLength, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(goodParams, testDate, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(goodParams, testPolicies, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(goodParams, testCert, plContext));
+
+    subTest("Duplicate goodParams and verify copy");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodParams,
+                                                       (PKIX_PL_Object **)&equalParams,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(goodParams, &goodSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(goodParams, &goodMinPathLength, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(goodParams, &goodCert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(goodParams, &goodDate, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(goodParams, &goodPolicies, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificate(equalParams, &equalCert, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetCertificateValid(equalParams, &equalDate, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)goodSubject,
+                     (PKIX_PL_Object *)equalSubject,
+                     PKIX_TRUE,
+                     plContext);
+
+    if (goodMinPathLength != equalMinPathLength) {
+        testError("unexpected mismatch");
+        (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
+        (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
+    }
+
+    testEqualsHelper((PKIX_PL_Object *)goodPolicies,
+                     (PKIX_PL_Object *)equalPolicies,
+                     PKIX_TRUE,
+                     plContext);
+
+    testEqualsHelper((PKIX_PL_Object *)goodCert,
+                     (PKIX_PL_Object *)equalCert,
+                     PKIX_TRUE,
+                     plContext);
+
+    testEqualsHelper((PKIX_PL_Object *)goodDate,
+                     (PKIX_PL_Object *)equalDate,
+                     PKIX_TRUE,
+                     plContext);
+
+    PKIX_TEST_DECREF_BC(equalSubject);
+    PKIX_TEST_DECREF_BC(equalPolicies);
+    PKIX_TEST_DECREF_BC(equalCert);
+    PKIX_TEST_DECREF_AC(equalDate);
+
+    subTest("Set different values and verify differences");
+
+    diffCert = createCert(dirName, "pathLenConstraint6CACert.crt", plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, &diffBasicConstraints, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffMinPathLength, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &cert2PolicyInfos, plContext));
+    test_CreateOIDList(cert2PolicyInfos, &cert2Policies);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(
+        equalParams, diffSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(equalParams, diffMinPathLength, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetPolicy(equalParams, cert2Policies, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetSubject(equalParams, &equalSubject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetBasicConstraints(equalParams, &equalMinPathLength, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_GetPolicy(equalParams, &equalPolicies, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)goodSubject,
+                     (PKIX_PL_Object *)equalSubject,
+                     PKIX_FALSE,
+                     plContext);
+
+    if (goodMinPathLength == equalMinPathLength) {
+        testError("unexpected match");
+        (void)printf("goodMinPathLength:\t%d\n", goodMinPathLength);
+        (void)printf("equalMinPathLength:\t%d\n", equalMinPathLength);
+    }
+
+    testEqualsHelper((PKIX_PL_Object *)goodPolicies,
+                     (PKIX_PL_Object *)equalPolicies,
+                     PKIX_FALSE,
+                     plContext);
+
+    test_NameConstraints(dirName);
+    test_PathToNames();
+    test_SubjAltNames();
+    test_KeyUsages();
+    test_Version_Issuer_SerialNumber();
+    test_SubjKeyId_AuthKeyId();
+    test_SubjAlgId_SubjPublicKey(dirName);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(testSubject);
+    PKIX_TEST_DECREF_AC(goodSubject);
+    PKIX_TEST_DECREF_AC(equalSubject);
+    PKIX_TEST_DECREF_AC(diffSubject);
+    PKIX_TEST_DECREF_AC(testSubject);
+    PKIX_TEST_DECREF_AC(goodPolicies);
+    PKIX_TEST_DECREF_AC(equalPolicies);
+    PKIX_TEST_DECREF_AC(testPolicies);
+    PKIX_TEST_DECREF_AC(cert2Policies);
+    PKIX_TEST_DECREF_AC(goodParams);
+    PKIX_TEST_DECREF_AC(equalParams);
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(diffCert);
+    PKIX_TEST_DECREF_AC(testCert);
+    PKIX_TEST_DECREF_AC(goodBasicConstraints);
+    PKIX_TEST_DECREF_AC(diffBasicConstraints);
+    PKIX_TEST_DECREF_AC(testPolicyInfos);
+    PKIX_TEST_DECREF_AC(cert2PolicyInfos);
+    PKIX_TEST_DECREF_AC(stringRep);
+    PKIX_TEST_DECREF_AC(testDate);
+    PKIX_TEST_DECREF_AC(goodDate);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ComCertSelParams");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/checker/Makefile b/nss/cmd/libpkix/pkix/checker/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/checker/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/checker/manifest.mn b/nss/cmd/libpkix/pkix/checker/manifest.mn
new file mode 100755
index 0000000..3101e02
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/checker/manifest.mn
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_certchainchecker.c
+
+LIBRARY_NAME=pkixtoolchecker
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c b/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c
new file mode 100644
index 0000000..5fab3a6
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/checker/test_certchainchecker.c
@@ -0,0 +1,185 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_certchainchecker.c
+ *
+ * Test Cert Chain Checker
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static PKIX_Error *
+dummyChecker_Check(
+    PKIX_CertChainChecker *checker,
+    PKIX_PL_Cert *cert,
+    PKIX_List *unresolvedCriticalExtensions,
+    void **pNBIOContext,
+    void *plContext)
+{
+    goto cleanup;
+
+cleanup:
+
+    return (NULL);
+}
+
+static void
+test_CertChainChecker_Duplicate(PKIX_CertChainChecker *original)
+{
+    PKIX_Boolean originalForward = PKIX_FALSE;
+    PKIX_Boolean copyForward = PKIX_FALSE;
+    PKIX_Boolean originalForwardDir = PKIX_FALSE;
+    PKIX_Boolean copyForwardDir = PKIX_FALSE;
+    PKIX_CertChainChecker *copy = NULL;
+    PKIX_CertChainChecker_CheckCallback originalCallback = NULL;
+    PKIX_CertChainChecker_CheckCallback copyCallback = NULL;
+    PKIX_PL_Object *originalState = NULL;
+    PKIX_PL_Object *copyState = NULL;
+    PKIX_List *originalList = NULL;
+    PKIX_List *copyList = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("CertChainChecker_Duplicate");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)original,
+                                                       (PKIX_PL_Object **)&copy,
+                                                       plContext));
+
+    subTest("CertChainChecker_GetCheckCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(original, &originalCallback, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCheckCallback(copy, &copyCallback, plContext));
+    if (originalCallback != copyCallback) {
+        pkixTestErrorMsg = "CheckCallback functions are not equal!";
+        goto cleanup;
+    }
+
+    subTest("CertChainChecker_IsForwardCheckingSupported");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(original, &originalForward, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardCheckingSupported(copy, &copyForward, plContext));
+    if (originalForward != copyForward) {
+        pkixTestErrorMsg = "ForwardChecking booleans are not equal!";
+        goto cleanup;
+    }
+
+    subTest("CertChainChecker_IsForwardDirectionExpected");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(original, &originalForwardDir, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_IsForwardDirectionExpected(copy, &copyForwardDir, plContext));
+    if (originalForwardDir != copyForwardDir) {
+        pkixTestErrorMsg = "ForwardDirection booleans are not equal!";
+        goto cleanup;
+    }
+
+    subTest("CertChainChecker_GetCertChainCheckerState");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(original, &originalState, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetCertChainCheckerState(copy, &copyState, plContext));
+    testEqualsHelper(originalState, copyState, PKIX_TRUE, plContext);
+
+    subTest("CertChainChecker_GetSupportedExtensions");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(original, &originalList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_GetSupportedExtensions(copy, &copyList, plContext));
+    testEqualsHelper((PKIX_PL_Object *)originalList,
+                     (PKIX_PL_Object *)copyList,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(copy);
+    PKIX_TEST_DECREF_AC(originalState);
+    PKIX_TEST_DECREF_AC(copyState);
+    PKIX_TEST_DECREF_AC(originalList);
+    PKIX_TEST_DECREF_AC(copyList);
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_certchainchecker(int argc, char *argv[])
+{
+
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_PL_OID *bcOID = NULL;
+    PKIX_PL_OID *ncOID = NULL;
+    PKIX_PL_OID *cpOID = NULL;
+    PKIX_PL_OID *pmOID = NULL;
+    PKIX_PL_OID *pcOID = NULL;
+    PKIX_PL_OID *iaOID = NULL;
+    PKIX_CertChainChecker *dummyChecker = NULL;
+    PKIX_List *supportedExtensions = NULL;
+    PKIX_PL_Object *initialState = NULL;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("CertChainChecker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&supportedExtensions, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_BASICCONSTRAINTS_OID, &bcOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)bcOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_NAMECONSTRAINTS_OID, &ncOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)ncOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_CERTIFICATEPOLICIES_OID, &cpOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)cpOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYMAPPINGS_OID, &pmOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pmOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_POLICYCONSTRAINTS_OID, &pcOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)pcOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(PKIX_INHIBITANYPOLICY_OID, &iaOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(supportedExtensions, (PKIX_PL_Object *)iaOID, plContext));
+
+    PKIX_TEST_DECREF_BC(bcOID);
+    PKIX_TEST_DECREF_BC(ncOID);
+    PKIX_TEST_DECREF_BC(cpOID);
+    PKIX_TEST_DECREF_BC(pmOID);
+    PKIX_TEST_DECREF_BC(pcOID);
+    PKIX_TEST_DECREF_BC(iaOID);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)supportedExtensions, plContext));
+
+    initialState = (PKIX_PL_Object *)supportedExtensions;
+
+    subTest("CertChainChecker_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(dummyChecker_Check, /* PKIX_CertChainChecker_CheckCallback */
+                                                           PKIX_FALSE,         /* forwardCheckingSupported */
+                                                           PKIX_FALSE,         /* forwardDirectionExpected */
+                                                           supportedExtensions,
+                                                           NULL, /* PKIX_PL_Object *initialState */
+                                                           &dummyChecker,
+                                                           plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_SetCertChainCheckerState(dummyChecker, initialState, plContext));
+
+    test_CertChainChecker_Duplicate(dummyChecker);
+
+    subTest("CertChainChecker_Destroy");
+    PKIX_TEST_DECREF_BC(dummyChecker);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dummyChecker);
+    PKIX_TEST_DECREF_AC(initialState);
+    PKIX_TEST_DECREF_AC(supportedExtensions);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CertChainChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/crlsel/Makefile b/nss/cmd/libpkix/pkix/crlsel/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/crlsel/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/crlsel/manifest.mn b/nss/cmd/libpkix/pkix/crlsel/manifest.mn
new file mode 100755
index 0000000..dfac43b
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/crlsel/manifest.mn
@@ -0,0 +1,21 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_crlselector.c \
+	test_comcrlselparams.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolcrlsel
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c b/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c
new file mode 100644
index 0000000..fcc5ef5
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/crlsel/test_comcrlselparams.c
@@ -0,0 +1,406 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_comcrlselparams.c
+ *
+ * Test ComCRLSelParams Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testIssuer(PKIX_ComCRLSelParams *goodObject)
+{
+    PKIX_PL_String *issuer1String = NULL;
+    PKIX_PL_String *issuer2String = NULL;
+    PKIX_PL_String *issuer3String = NULL;
+    PKIX_PL_X500Name *issuerName1 = NULL;
+    PKIX_PL_X500Name *issuerName2 = NULL;
+    PKIX_PL_X500Name *issuerName3 = NULL;
+    PKIX_List *setIssuerList = NULL;
+    PKIX_List *getIssuerList = NULL;
+    PKIX_PL_String *issuerListString = NULL;
+    char *name1 = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
+    char *name2 = "CN=richard,OU=bcn,OU=east,O=sun,C=us";
+    char *name3 = "CN=hanfei,OU=bcn,OU=east,O=sun,C=us";
+    PKIX_Int32 length;
+    PKIX_Boolean result = PKIX_FALSE;
+    char *expectedAscii =
+        "(CN=yassir,OU=bcn,OU=east,O=sun,"
+        "C=us, CN=richard,OU=bcn,OU=east,O=sun,C=us, "
+        "CN=hanfei,OU=bcn,OU=east,O=sun,C=us)";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCRLSelParams Create Issuers");
+
+    length = PL_strlen(name1);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+                                                    name1,
+                                                    length,
+                                                    &issuer1String,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer1String,
+                                                      &issuerName1,
+                                                      plContext));
+
+    length = PL_strlen(name2);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+                                                    name2,
+                                                    length,
+                                                    &issuer2String,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer2String,
+                                                      &issuerName2,
+                                                      plContext));
+
+    length = PL_strlen(name3);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+                                                    name3,
+                                                    length,
+                                                    &issuer3String,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuer3String,
+                                                      &issuerName3,
+                                                      plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setIssuerList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList,
+                                                   (PKIX_PL_Object *)issuerName1,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setIssuerList,
+                                                   (PKIX_PL_Object *)issuerName2,
+                                                   plContext));
+
+    subTest("PKIX_ComCRLSelParams_AddIssuerName");
+
+    /* Test adding an issuer to an empty list */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext));
+
+    subTest("PKIX_ComCRLSelParams_GetIssuerNames");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext));
+
+    /* DECREF for GetIssuerNames */
+    PKIX_TEST_DECREF_BC(getIssuerList);
+    /* DECREF for AddIssuerName so next SetIssuerName start clean */
+    PKIX_TEST_DECREF_BC(getIssuerList);
+
+    /* Test setting issuer names on the list */
+    subTest("PKIX_ComCRLSelParams_SetIssuerNames");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(goodObject, setIssuerList, plContext));
+
+    subTest("PKIX_ComCRLSelParams_GetIssuerNames");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setIssuerList,
+                                                    (PKIX_PL_Object *)getIssuerList,
+                                                    &result,
+                                                    plContext));
+
+    if (result != PKIX_TRUE) {
+        pkixTestErrorMsg = "unexpected Issuers mismatch";
+    }
+
+    /* Test adding an issuer to existing list */
+    subTest("PKIX_ComCRLSelParams_AddIssuerName");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(goodObject, issuerName3, plContext));
+
+    subTest("PKIX_ComCRLSelParams_GetIssuerNames");
+    PKIX_TEST_DECREF_BC(getIssuerList);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(goodObject, &getIssuerList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)getIssuerList,
+                                                      &issuerListString,
+                                                      plContext));
+
+    testToStringHelper((PKIX_PL_Object *)getIssuerList,
+                       expectedAscii, plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(issuer1String);
+    PKIX_TEST_DECREF_AC(issuer2String);
+    PKIX_TEST_DECREF_AC(issuer3String);
+    PKIX_TEST_DECREF_AC(issuerListString);
+    PKIX_TEST_DECREF_AC(issuerName1);
+    PKIX_TEST_DECREF_AC(issuerName2);
+    PKIX_TEST_DECREF_AC(issuerName3);
+    PKIX_TEST_DECREF_AC(setIssuerList);
+    PKIX_TEST_DECREF_AC(getIssuerList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertificateChecking(
+    char *dataCentralDir,
+    char *goodInput,
+    PKIX_ComCRLSelParams *goodObject)
+{
+    PKIX_PL_Cert *setCert = NULL;
+    PKIX_PL_Cert *getCert = NULL;
+    PKIX_Boolean result = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Test CertificateChecking Cert Create");
+    setCert = createCert(dataCentralDir, goodInput, plContext);
+    if (setCert == NULL) {
+        pkixTestErrorMsg = "create certificate failed";
+        goto cleanup;
+    }
+
+    subTest("PKIX_ComCRLSelParams_SetCertificateChecking");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetCertificateChecking(goodObject, setCert, plContext));
+
+    subTest("PKIX_ComCRLSelParams_GetCertificateChecking");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetCertificateChecking(goodObject, &getCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setCert,
+                                                    (PKIX_PL_Object *)getCert,
+                                                    &result, plContext));
+
+    if (result != PKIX_TRUE) {
+        pkixTestErrorMsg = "unexpected Cert mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setCert);
+    PKIX_TEST_DECREF_AC(getCert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDateAndTime(PKIX_ComCRLSelParams *goodObject)
+{
+
+    PKIX_PL_Date *setDate = NULL;
+    PKIX_PL_Date *getDate = NULL;
+    char *asciiDate = "040329134847Z";
+    PKIX_Boolean result = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCRLSelParams_Date Create");
+    setDate = createDate(asciiDate, plContext);
+
+    subTest("PKIX_ComCRLSelParams_SetDateAndTime");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(goodObject, setDate, plContext));
+
+    subTest("PKIX_ComCRLSelParams_GetDateAndTime");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetDateAndTime(goodObject, &getDate, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setDate,
+                                                    (PKIX_PL_Object *)getDate,
+                                                    &result, plContext));
+
+    if (result != PKIX_TRUE) {
+        pkixTestErrorMsg = "unexpected DateAndTime mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setDate);
+    PKIX_TEST_DECREF_AC(getDate);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testMaxMinCRLNumbers(PKIX_ComCRLSelParams *goodObject)
+{
+    PKIX_PL_BigInt *setMaxCrlNumber = NULL;
+    PKIX_PL_BigInt *getMaxCrlNumber = NULL;
+    PKIX_PL_BigInt *setMinCrlNumber = NULL;
+    PKIX_PL_BigInt *getMinCrlNumber = NULL;
+    char *asciiCrlNumber1 = "01";
+    char *asciiCrlNumber99999 = "0909090909";
+    PKIX_PL_String *crlNumber1String = NULL;
+    PKIX_PL_String *crlNumber99999String = NULL;
+
+    PKIX_Boolean result = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCRLSelParams_SetMinCRLNumber");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    asciiCrlNumber1,
+                                                    PL_strlen(asciiCrlNumber1),
+                                                    &crlNumber1String,
+                                                    NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber1String, &setMinCrlNumber, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMinCRLNumber(goodObject, setMinCrlNumber, NULL));
+
+    subTest("PKIX_ComCRLSelParams_GetMinCRLNumber");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMinCRLNumber(goodObject, &getMinCrlNumber, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMinCrlNumber,
+                                                    (PKIX_PL_Object *)getMinCrlNumber,
+                                                    &result, NULL));
+
+    if (result != PKIX_TRUE) {
+        pkixTestErrorMsg = "unexpected Minimum CRL Number mismatch";
+    }
+
+    subTest("PKIX_ComCRLSelParams_SetMaxCRLNumber");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    asciiCrlNumber99999,
+                                                    PL_strlen(asciiCrlNumber99999),
+                                                    &crlNumber99999String,
+                                                    NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(crlNumber99999String, &setMaxCrlNumber, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetMaxCRLNumber(goodObject, setMaxCrlNumber, NULL));
+
+    subTest("PKIX_ComCRLSelParams_GetMaxCRLNumber");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetMaxCRLNumber(goodObject, &getMaxCrlNumber, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)setMaxCrlNumber,
+                                                    (PKIX_PL_Object *)getMaxCrlNumber,
+                                                    &result, NULL));
+
+    if (result != PKIX_TRUE) {
+        pkixTestErrorMsg = "unexpected Maximum CRL Number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setMaxCrlNumber);
+    PKIX_TEST_DECREF_AC(getMaxCrlNumber);
+    PKIX_TEST_DECREF_AC(setMinCrlNumber);
+    PKIX_TEST_DECREF_AC(getMinCrlNumber);
+    PKIX_TEST_DECREF_AC(crlNumber1String);
+    PKIX_TEST_DECREF_AC(crlNumber99999String);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDuplicate(PKIX_ComCRLSelParams *goodObject)
+{
+
+    PKIX_ComCRLSelParams *dupObject = NULL;
+    PKIX_Boolean result = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCRLSelParams_Duplicate");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)goodObject,
+                                                       (PKIX_PL_Object **)&dupObject,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)goodObject,
+                                                    (PKIX_PL_Object *)dupObject,
+                                                    &result, plContext));
+
+    if (result != PKIX_TRUE) {
+        pkixTestErrorMsg =
+            "unexpected Duplicate ComCRLSelParams mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dupObject);
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+}
+
+/* Functional tests for ComCRLSelParams public functions */
+
+int
+test_comcrlselparams(int argc, char *argv[])
+{
+
+    char *dataCentralDir = NULL;
+    char *goodInput = "yassir2yassir";
+    PKIX_ComCRLSelParams *goodObject = NULL;
+    PKIX_ComCRLSelParams *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("ComCRLSelParams");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 2) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    dataCentralDir = argv[j + 1];
+
+    subTest("PKIX_ComCRLSelParams_Create");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&goodObject,
+                                                          plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&diffObject,
+                                                          plContext));
+
+    testIssuer(goodObject);
+
+    testCertificateChecking(dataCentralDir, goodInput, goodObject);
+
+    testDateAndTime(goodObject);
+
+    testMaxMinCRLNumbers(goodObject);
+
+    testDuplicate(goodObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                goodObject,
+                                diffObject,
+                                NULL,
+                                ComCRLSelParams,
+                                PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodObject);
+    PKIX_TEST_DECREF_AC(diffObject);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ComCRLSelParams");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c b/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c
new file mode 100644
index 0000000..f17406b
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/crlsel/test_crlselector.c
@@ -0,0 +1,168 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_crlselector.c
+ *
+ * Test CRLSelector Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testGetMatchCallback(PKIX_CRLSelector *goodObject)
+{
+    PKIX_CRLSelector_MatchCallback mCallback = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("testGetMatchCallback");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetMatchCallback(goodObject, &mCallback, plContext));
+
+    if (mCallback == NULL) {
+        pkixTestErrorMsg = "MatchCallback is NULL";
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCRLSelectorContext(PKIX_CRLSelector *goodObject)
+{
+    PKIX_PL_Object *context = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("testGetCRLSelectorContext");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCRLSelectorContext(goodObject, (void *)&context, plContext));
+
+    if (context == NULL) {
+        pkixTestErrorMsg = "CRLSelectorContext is NULL";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(context);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCommonCRLSelectorParams(PKIX_CRLSelector *goodObject)
+{
+    PKIX_ComCRLSelParams *setParams = NULL;
+    PKIX_ComCRLSelParams *getParams = NULL;
+    PKIX_PL_Date *setDate = NULL;
+    char *asciiDate = "040329134847Z";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCRLSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&setParams,
+                                                          plContext));
+
+    subTest("PKIX_ComCRLSelParams_Date Create");
+
+    setDate = createDate(asciiDate, plContext);
+
+    subTest("PKIX_ComCRLSelParams_SetDateAndTime");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(setParams, setDate, plContext));
+
+    subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(
+        goodObject, setParams, plContext));
+
+    subTest("PKIX_CRLSelector_GetCommonCRLSelectorParams");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams(
+        goodObject, &getParams, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)setParams,
+                     (PKIX_PL_Object *)getParams,
+                     PKIX_TRUE,
+                     plContext);
+
+    testHashcodeHelper((PKIX_PL_Object *)setParams,
+                       (PKIX_PL_Object *)getParams,
+                       PKIX_TRUE,
+                       plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setDate);
+    PKIX_TEST_DECREF_AC(setParams);
+    PKIX_TEST_DECREF_AC(getParams);
+
+    PKIX_TEST_RETURN();
+}
+
+/* Functional tests for CRLSelector public functions */
+
+int
+test_crlselector(int argc, char *argv[])
+{
+
+    PKIX_PL_Date *context = NULL;
+    PKIX_CRLSelector *goodObject = NULL;
+    PKIX_CRLSelector *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    char *asciiDate = "040329134847Z";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("CRLSelector");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    context = createDate(asciiDate, plContext);
+
+    subTest("PKIX_CRLSelector_Create");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL,
+                                                      (PKIX_PL_Object *)context,
+                                                      &goodObject,
+                                                      plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL,
+                                                      (PKIX_PL_Object *)context,
+                                                      &diffObject,
+                                                      plContext));
+
+    testGetMatchCallback(goodObject);
+
+    testGetCRLSelectorContext(goodObject);
+
+    testCommonCRLSelectorParams(goodObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                goodObject,
+                                diffObject,
+                                NULL,
+                                CRLSelector,
+                                PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodObject);
+    PKIX_TEST_DECREF_AC(diffObject);
+    PKIX_TEST_DECREF_AC(context);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CRLSelector");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/manifest.mn b/nss/cmd/libpkix/pkix/manifest.mn
new file mode 100755
index 0000000..895bf52
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/manifest.mn
@@ -0,0 +1,11 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+DIRS =  certsel checker crlsel params results store top util \
+	$(NULL)
diff --git a/nss/cmd/libpkix/pkix/params/Makefile b/nss/cmd/libpkix/pkix/params/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/params/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/params/manifest.mn b/nss/cmd/libpkix/pkix/params/manifest.mn
new file mode 100755
index 0000000..a2e7e67
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/params/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_procparams.c \
+	test_trustanchor.c \
+	test_valparams.c \
+	test_resourcelimits.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolparams
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/params/test_procparams.c b/nss/cmd/libpkix/pkix/params/test_procparams.c
new file mode 100644
index 0000000..419322a
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/params/test_procparams.c
@@ -0,0 +1,478 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_procparams.c
+ *
+ * Test ProcessingParams Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ProcessingParams_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetAnchors(
+    PKIX_ProcessingParams *goodObject,
+    PKIX_ProcessingParams *equalObject)
+{
+
+    PKIX_List *goodAnchors = NULL;
+    PKIX_List *equalAnchors = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_GetTrustAnchors");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(goodObject, &goodAnchors, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTrustAnchors(equalObject, &equalAnchors, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)goodAnchors,
+                     (PKIX_PL_Object *)equalAnchors,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodAnchors);
+    PKIX_TEST_DECREF_AC(equalAnchors);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSetDate(
+    PKIX_ProcessingParams *goodObject,
+    PKIX_ProcessingParams *equalObject)
+{
+
+    PKIX_PL_Date *setDate = NULL;
+    PKIX_PL_Date *getDate = NULL;
+    char *asciiDate = "040329134847Z";
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_Get/SetDate");
+
+    setDate = createDate(asciiDate, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(goodObject, setDate, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetDate(goodObject, &getDate, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)setDate,
+                     (PKIX_PL_Object *)getDate,
+                     PKIX_TRUE,
+                     plContext);
+
+    /* we want to make sure that goodObject and equalObject are "equal" */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(equalObject, setDate, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setDate);
+    PKIX_TEST_DECREF_AC(getDate);
+
+    PKIX_TEST_RETURN();
+}
+
+static PKIX_Error *
+userChecker1cb(
+    PKIX_CertChainChecker *checker,
+    PKIX_PL_Cert *cert,
+    PKIX_List *unresolvedCriticalExtensions, /* list of PKIX_PL_OID */
+    void **pNBIOContext,
+    void *plContext)
+{
+    return (NULL);
+}
+
+static void
+testGetSetCertChainCheckers(
+    PKIX_ProcessingParams *goodObject,
+    PKIX_ProcessingParams *equalObject)
+{
+
+    PKIX_CertChainChecker *checker = NULL;
+    PKIX_List *setCheckersList = NULL;
+    PKIX_List *getCheckersList = NULL;
+    PKIX_PL_Date *date = NULL;
+    char *asciiDate = "040329134847Z";
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_Get/SetCertChainCheckers");
+
+    date = createDate(asciiDate, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb,
+                                                           PKIX_FALSE,
+                                                           PKIX_FALSE,
+                                                           NULL,
+                                                           (PKIX_PL_Object *)date,
+                                                           &checker,
+                                                           plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList, (PKIX_PL_Object *)checker, plContext));
+    PKIX_TEST_DECREF_BC(checker);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertChainCheckers(goodObject, setCheckersList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(userChecker1cb,
+                                                           PKIX_FALSE,
+                                                           PKIX_FALSE,
+                                                           NULL,
+                                                           (PKIX_PL_Object *)date,
+                                                           &checker,
+                                                           plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(goodObject, checker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetCertChainCheckers(goodObject, &getCheckersList, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setCheckersList);
+    PKIX_TEST_DECREF_AC(getCheckersList);
+    PKIX_TEST_DECREF_AC(date);
+    PKIX_TEST_DECREF_BC(checker);
+
+    PKIX_TEST_RETURN();
+}
+
+static PKIX_Error *
+userChecker2cb(
+    PKIX_RevocationChecker *checker,
+    PKIX_PL_Cert *cert,
+    PKIX_UInt32 *pResult,
+    void *plContext)
+{
+    return (NULL);
+}
+
+static void
+testGetSetRevocationCheckers(
+    PKIX_ProcessingParams *goodObject,
+    PKIX_ProcessingParams *equalObject)
+{
+
+    PKIX_RevocationChecker *checker = NULL;
+    PKIX_List *setCheckersList = NULL;
+    PKIX_List *getCheckersList = NULL;
+    PKIX_PL_Date *date = NULL;
+    char *asciiDate = "040329134847Z";
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_Get/SetRevocationCheckers");
+
+    date = createDate(asciiDate, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb,
+                                                            (PKIX_PL_Object *)date,
+                                                            &checker,
+                                                            plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setCheckersList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setCheckersList,
+                                                   (PKIX_PL_Object *)checker,
+                                                   plContext));
+    PKIX_TEST_DECREF_BC(checker);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(goodObject, setCheckersList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_Create(userChecker2cb,
+                                                            (PKIX_PL_Object *)date,
+                                                            &checker,
+                                                            plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddRevocationChecker(goodObject, checker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetRevocationCheckers(goodObject, &getCheckersList, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setCheckersList);
+    PKIX_TEST_DECREF_AC(getCheckersList);
+    PKIX_TEST_DECREF_AC(date);
+    PKIX_TEST_DECREF_BC(checker);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSetResourceLimits(
+    PKIX_ProcessingParams *goodObject,
+    PKIX_ProcessingParams *equalObject)
+
+{
+    PKIX_ResourceLimits *resourceLimits1 = NULL;
+    PKIX_ResourceLimits *resourceLimits2 = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_Get/SetResourceLimits");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits1, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits1, 3, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits1, 3, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits1, 2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(goodObject, resourceLimits1, plContext));
+
+    PKIX_TEST_DECREF_BC(resourceLimits2);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetResourceLimits(goodObject, &resourceLimits2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(equalObject, resourceLimits2, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(resourceLimits1);
+    PKIX_TEST_DECREF_AC(resourceLimits2);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSetConstraints(PKIX_ProcessingParams *goodObject)
+{
+
+    PKIX_CertSelector *setConstraints = NULL;
+    PKIX_CertSelector *getConstraints = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_Get/SetTargetCertConstraints");
+
+    /*
+        * After createConstraints is implemented
+        * setConstraints = createConstraints();
+        */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(goodObject, setConstraints, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetTargetCertConstraints(goodObject, &getConstraints, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)setConstraints,
+                     (PKIX_PL_Object *)getConstraints,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(setConstraints);
+    PKIX_TEST_DECREF_AC(getConstraints);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSetInitialPolicies(
+    PKIX_ProcessingParams *goodObject,
+    char *asciiPolicyOID)
+{
+    PKIX_PL_OID *policyOID = NULL;
+    PKIX_List *setPolicyList = NULL;
+    PKIX_List *getPolicyList = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_Get/SetInitialPolicies");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiPolicyOID, &policyOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&setPolicyList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(setPolicyList, (PKIX_PL_Object *)policyOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(setPolicyList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(goodObject, setPolicyList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetInitialPolicies(goodObject, &getPolicyList, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)setPolicyList,
+                     (PKIX_PL_Object *)getPolicyList,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+    PKIX_TEST_DECREF_AC(policyOID);
+    PKIX_TEST_DECREF_AC(setPolicyList);
+    PKIX_TEST_DECREF_AC(getPolicyList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSetPolicyQualifiersRejected(
+    PKIX_ProcessingParams *goodObject,
+    PKIX_Boolean rejected)
+{
+    PKIX_Boolean getRejected = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ProcessingParams_Get/SetPolicyQualifiersRejected");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyQualifiersRejected(goodObject, rejected, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_GetPolicyQualifiersRejected(goodObject, &getRejected, plContext));
+
+    if (rejected != getRejected) {
+        testError("GetPolicyQualifiersRejected returned unexpected value");
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+}
+
+int
+test_procparams(int argc, char *argv[])
+{
+
+    PKIX_ProcessingParams *goodObject = NULL;
+    PKIX_ProcessingParams *equalObject = NULL;
+    PKIX_ProcessingParams *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    char *dataCentralDir = NULL;
+    PKIX_UInt32 j = 0;
+
+    char *oidAnyPolicy = PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID;
+    char *oidNist1Policy = "2.16.840.1.101.3.2.1.48.2";
+
+    char *goodInput = "yassir2yassir";
+    char *diffInput = "yassir2bcn";
+
+    char *expectedAscii =
+        "[\n"
+        "\tTrust Anchors: \n"
+        "\t********BEGIN LIST OF TRUST ANCHORS********\n"
+        "\t\t"
+        "([\n"
+        "\tTrusted CA Name:         "
+        "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
+        "\tInitial Name Constraints:(null)\n"
+        "]\n"
+        ", [\n"
+        "\tTrusted CA Name:         OU=bcn,OU=east,O=sun,C=us\n"
+        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
+        "\tInitial Name Constraints:(null)\n"
+        "]\n"
+        ")\n"
+        "\t********END LIST OF TRUST ANCHORS********\n"
+        "\tDate:    \t\tMon Mar 29 08:48:47 2004\n"
+        "\tTarget Constraints:    (null)\n"
+        "\tInitial Policies:      (2.5.29.32.0)\n"
+        "\tQualifiers Rejected:   FALSE\n"
+        "\tCert Stores:           (EMPTY)\n"
+        "\tResource Limits:       [\n"
+        "\tMaxTime:                     2\n"
+        "\tMaxFanout:                   3\n"
+        "\tMaxDepth:                    3\n"
+        "]\n\n"
+        "\tCRL Checking Enabled:  0\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("ProcessingParams");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 2) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    dataCentralDir = argv[j + 1];
+
+    subTest("PKIX_ProcessingParams_Create");
+    goodObject = createProcessingParams(dataCentralDir,
+                                        goodInput,
+                                        diffInput,
+                                        NULL,
+                                        NULL,
+                                        PKIX_FALSE,
+                                        plContext);
+
+    equalObject = createProcessingParams(dataCentralDir,
+                                         goodInput,
+                                         diffInput,
+                                         NULL,
+                                         NULL,
+                                         PKIX_FALSE,
+                                         plContext);
+
+    diffObject = createProcessingParams(dataCentralDir,
+                                        diffInput,
+                                        goodInput,
+                                        NULL,
+                                        NULL,
+                                        PKIX_FALSE,
+                                        plContext);
+
+    testGetAnchors(goodObject, equalObject);
+    testGetSetDate(goodObject, equalObject);
+    testGetSetCertChainCheckers(goodObject, equalObject);
+    testGetSetRevocationCheckers(goodObject, equalObject);
+    testGetSetResourceLimits(goodObject, equalObject);
+
+    /*
+        * XXX testGetSetConstraints(goodObject);
+        */
+
+    testGetSetInitialPolicies(goodObject, oidAnyPolicy);
+    testGetSetInitialPolicies(equalObject, oidAnyPolicy);
+    testGetSetInitialPolicies(diffObject, oidNist1Policy);
+    testGetSetPolicyQualifiersRejected(goodObject, PKIX_FALSE);
+    testGetSetPolicyQualifiersRejected(equalObject, PKIX_FALSE);
+    testGetSetPolicyQualifiersRejected(diffObject, PKIX_TRUE);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                NULL, /* expectedAscii, */
+                                ProcessingParams,
+                                PKIX_FALSE);
+
+    testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ProcessingParams");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/params/test_resourcelimits.c b/nss/cmd/libpkix/pkix/params/test_resourcelimits.c
new file mode 100644
index 0000000..f52c3ef
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/params/test_resourcelimits.c
@@ -0,0 +1,99 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_resourcelimits.c
+ *
+ * Test ResourceLimits Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ResourceLimits_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_resourcelimits(int argc, char *argv[])
+{
+
+    PKIX_ResourceLimits *goodObject = NULL;
+    PKIX_ResourceLimits *equalObject = NULL;
+    PKIX_ResourceLimits *diffObject = NULL;
+    PKIX_UInt32 maxTime = 0;
+    PKIX_UInt32 maxFanout = 0;
+    PKIX_UInt32 maxDepth = 0;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    char *expectedAscii =
+        "[\n"
+        "\tMaxTime:           		10\n"
+        "\tMaxFanout:         		5\n"
+        "\tMaxDepth:         		5\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("ResourceLimits");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_ResourceLimits_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&goodObject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&diffObject, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&equalObject, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(goodObject, 10, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxTime(goodObject, &maxTime, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(equalObject, maxTime, plContext));
+    maxTime++;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(diffObject, maxTime, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(goodObject, 5, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxFanout(goodObject, &maxFanout, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(equalObject, maxFanout, plContext));
+    maxFanout++;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(diffObject, maxFanout, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(goodObject, 5, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_GetMaxDepth(goodObject, &maxDepth, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(equalObject, maxDepth, plContext));
+    maxDepth++;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(diffObject, maxDepth, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                expectedAscii,
+                                ResourceLimits,
+                                PKIX_FALSE);
+
+    testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ResourceLimits");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/params/test_trustanchor.c b/nss/cmd/libpkix/pkix/params/test_trustanchor.c
new file mode 100644
index 0000000..4bd9d17
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/params/test_trustanchor.c
@@ -0,0 +1,251 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_trustanchor.c
+ *
+ * Test TrustAnchor Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createTrustAnchors(
+    char *dirName,
+    char *goodInput,
+    PKIX_TrustAnchor **goodObject,
+    PKIX_TrustAnchor **equalObject,
+    PKIX_TrustAnchor **diffObject)
+{
+    subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <goodObject>");
+    *goodObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext);
+
+    subTest("PKIX_TrustAnchor_CreateWithNameKeyPair <equalObject>");
+    *equalObject = createTrustAnchor(dirName, goodInput, PKIX_FALSE, plContext);
+
+    subTest("PKIX_TrustAnchor_CreateWithCert <diffObject>");
+    *diffObject = createTrustAnchor(dirName, goodInput, PKIX_TRUE, plContext);
+}
+
+static void
+testGetCAName(
+    PKIX_PL_Cert *diffCert,
+    PKIX_TrustAnchor *equalObject)
+{
+
+    PKIX_PL_X500Name *diffCAName = NULL;
+    PKIX_PL_X500Name *equalCAName = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_TrustAnchor_GetCAName");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffCert, &diffCAName, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAName(equalObject, &equalCAName, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)diffCAName,
+                     (PKIX_PL_Object *)equalCAName,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(diffCAName);
+    PKIX_TEST_DECREF_AC(equalCAName);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCAPublicKey(
+    PKIX_PL_Cert *diffCert,
+    PKIX_TrustAnchor *equalObject)
+{
+
+    PKIX_PL_PublicKey *diffPubKey = NULL;
+    PKIX_PL_PublicKey *equalPubKey = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_TrustAnchor_GetCAPublicKey");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffCert, &diffPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetCAPublicKey(equalObject, &equalPubKey, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)diffPubKey,
+                     (PKIX_PL_Object *)equalPubKey,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(diffPubKey);
+    PKIX_TEST_DECREF_AC(equalPubKey);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetNameConstraints(char *dirName)
+{
+    PKIX_TrustAnchor *goodObject = NULL;
+    PKIX_TrustAnchor *equalObject = NULL;
+    PKIX_TrustAnchor *diffObject = NULL;
+    PKIX_PL_Cert *diffCert;
+    PKIX_PL_CertNameConstraints *diffNC = NULL;
+    PKIX_PL_CertNameConstraints *equalNC = NULL;
+    char *goodInput = "nameConstraintsDN5CACert.crt";
+    char *expectedAscii =
+        "[\n"
+        "\tTrusted CA Name:         CN=nameConstraints DN5 CA,"
+        "O=Test Certificates,C=US\n"
+        "\tTrusted CA PublicKey:    PKCS #1 RSA Encryption\n"
+        "\tInitial Name Constraints:[\n"
+        "\t\tPermitted Name:  (OU=permittedSubtree1,"
+        "O=Test Certificates,C=US)\n"
+        "\t\tExcluded Name:   (OU=excludedSubtree1,"
+        "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+        "\t]\n"
+        "\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Create TrustAnchors and compare");
+
+    createTrustAnchors(dirName, goodInput, &goodObject, &equalObject, &diffObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                expectedAscii,
+                                TrustAnchor,
+                                PKIX_TRUE);
+
+    subTest("PKIX_TrustAnchor_GetTrustedCert");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext));
+
+    subTest("PKIX_PL_Cert_GetNameConstraints");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(diffCert, &diffNC, plContext));
+
+    subTest("PKIX_TrustAnchor_GetNameConstraints");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetNameConstraints(equalObject, &equalNC, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)diffNC,
+                     (PKIX_PL_Object *)equalNC,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(diffNC);
+    PKIX_TEST_DECREF_AC(equalNC);
+    PKIX_TEST_DECREF_BC(diffCert);
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_TrustAnchor_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_trustanchor <NIST_FILES_DIR> <central-data-dir>\n\n");
+}
+
+int
+test_trustanchor(int argc, char *argv[])
+{
+
+    PKIX_TrustAnchor *goodObject = NULL;
+    PKIX_TrustAnchor *equalObject = NULL;
+    PKIX_TrustAnchor *diffObject = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    char *goodInput = "yassir2yassir";
+    char *expectedAscii =
+        "[\n"
+        "\tTrusted CA Name:         "
+        "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
+        "\tInitial Name Constraints:(null)\n"
+        "]\n";
+    char *dirName = NULL;
+    char *dataCentralDir = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("TrustAnchor");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 3) {
+        printUsage();
+        return (0);
+    }
+
+    dirName = argv[j + 1];
+    dataCentralDir = argv[j + 2];
+
+    createTrustAnchors(dataCentralDir,
+                       goodInput,
+                       &goodObject,
+                       &equalObject,
+                       &diffObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                expectedAscii,
+                                TrustAnchor,
+                                PKIX_TRUE);
+
+    subTest("PKIX_TrustAnchor_GetTrustedCert");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_GetTrustedCert(diffObject, &diffCert, plContext));
+
+    testGetCAName(diffCert, equalObject);
+    testGetCAPublicKey(diffCert, equalObject);
+
+    testGetNameConstraints(dirName);
+
+    testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(diffCert);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("TrustAnchor");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/params/test_valparams.c b/nss/cmd/libpkix/pkix/params/test_valparams.c
new file mode 100644
index 0000000..6419062
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/params/test_valparams.c
@@ -0,0 +1,261 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_valparams.c
+ *
+ * Test ValidateParams Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ValidateParams_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetProcParams(
+    PKIX_ValidateParams *goodObject,
+    PKIX_ValidateParams *equalObject)
+{
+
+    PKIX_ProcessingParams *goodProcParams = NULL;
+    PKIX_ProcessingParams *equalProcParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ValidateParams_GetProcessingParams");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(goodObject, &goodProcParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(equalObject, &equalProcParams, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)goodProcParams,
+                     (PKIX_PL_Object *)equalProcParams,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodProcParams);
+    PKIX_TEST_DECREF_AC(equalProcParams);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCertChain(
+    PKIX_ValidateParams *goodObject,
+    PKIX_ValidateParams *equalObject)
+{
+
+    PKIX_List *goodChain = NULL;
+    PKIX_List *equalChain = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ValidateParams_GetCertChain");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(goodObject, &goodChain, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetCertChain(equalObject, &equalChain, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)goodChain,
+                     (PKIX_PL_Object *)equalChain,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodChain);
+    PKIX_TEST_DECREF_AC(equalChain);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+}
+
+int
+test_valparams(int argc, char *argv[])
+{
+
+    PKIX_ValidateParams *goodObject = NULL;
+    PKIX_ValidateParams *equalObject = NULL;
+    PKIX_ValidateParams *diffObject = NULL;
+    PKIX_List *chain = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    char *dirName = NULL;
+
+    char *goodInput = "yassir2yassir";
+    char *diffInput = "yassir2bcn";
+
+    char *expectedAscii =
+        "[\n"
+        "\tProcessing Params: \n"
+        "\t********BEGIN PROCESSING PARAMS********\n"
+        "\t\t"
+        "[\n"
+        "\tTrust Anchors: \n"
+        "\t********BEGIN LIST OF TRUST ANCHORS********\n"
+        "\t\t"
+        "([\n"
+        "\tTrusted CA Name:         "
+        "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
+        "\tInitial Name Constraints:(null)\n"
+        "]\n"
+        ", [\n"
+        "\tTrusted CA Name:         OU=bcn,OU=east,O=sun,C=us\n"
+        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
+        "\tInitial Name Constraints:(null)\n"
+        "]\n"
+        ")\n"
+        "\t********END LIST OF TRUST ANCHORS********\n"
+        "\tDate:    \t\t(null)\n"
+        "\tTarget Constraints:    (null)\n"
+        "\tInitial Policies:      (null)\n"
+        "\tQualifiers Rejected:   FALSE\n"
+        "\tCert Stores:           (EMPTY)\n"
+        "\tCRL Checking Enabled:  0\n"
+        "]\n"
+        "\n"
+        "\t********END PROCESSING PARAMS********\n"
+        "\tChain:    \t\t"
+        "([\n"
+        "\tVersion:         v3\n"
+        "\tSerialNumber:    37bc66ec\n"
+        "\tIssuer:          CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tSubject:         OU=bcn,OU=east,O=sun,C=us\n"
+        "\tValidity: [From: Thu Aug 19 16:19:56 1999\n"
+        "\t           To:   Fri Aug 18 16:19:56 2000]\n"
+        "\tSubjectAltNames: (null)\n"
+        "\tAuthorityKeyId:  (null)\n"
+        "\tSubjectKeyId:    (null)\n"
+        "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+        "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+        "\tExtKeyUsages:    (null)\n"
+        "\tBasicConstraint: CA(0)\n"
+        "\tCertPolicyInfo:  (null)\n"
+        "\tPolicyMappings:  (null)\n"
+        "\tExplicitPolicy:  -1\n"
+        "\tInhibitMapping:  -1\n"
+        "\tInhibitAnyPolicy:-1\n"
+        "\tNameConstraints: (null)\n"
+        "]\n"
+        ", [\n"
+        "\tVersion:         v3\n"
+        "\tSerialNumber:    37bc65af\n"
+        "\tIssuer:          CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tSubject:         CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tValidity: [From: Thu Aug 19 16:14:39 1999\n"
+        "\t           To:   Fri Aug 18 16:14:39 2000]\n"
+        "\tSubjectAltNames: (null)\n"
+        "\tAuthorityKeyId:  (null)\n"
+        "\tSubjectKeyId:    (null)\n"
+        "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+        "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+        "\tExtKeyUsages:    (null)\n"
+        "\tBasicConstraint: CA(0)\n"
+        "\tCertPolicyInfo:  (null)\n"
+        "\tPolicyMappings:  (null)\n"
+        "\tExplicitPolicy:  -1\n"
+        "\tInhibitMapping:  -1\n"
+        "\tInhibitAnyPolicy:-1\n"
+        "\tNameConstraints: (null)\n"
+        "]\n"
+        ")\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("ValidateParams");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 2) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    dirName = argv[j + 1];
+
+    subTest("PKIX_ValidateParams_Create");
+    chain = createCertChain(dirName, diffInput, goodInput, plContext);
+    goodObject = createValidateParams(dirName,
+                                      goodInput,
+                                      diffInput,
+                                      NULL,
+                                      NULL,
+                                      PKIX_FALSE,
+                                      PKIX_FALSE,
+                                      PKIX_FALSE,
+                                      PKIX_FALSE,
+                                      chain,
+                                      plContext);
+    equalObject = createValidateParams(dirName,
+                                       goodInput,
+                                       diffInput,
+                                       NULL,
+                                       NULL,
+                                       PKIX_FALSE,
+                                       PKIX_FALSE,
+                                       PKIX_FALSE,
+                                       PKIX_FALSE,
+                                       chain,
+                                       plContext);
+    diffObject = createValidateParams(dirName,
+                                      diffInput,
+                                      goodInput,
+                                      NULL,
+                                      NULL,
+                                      PKIX_FALSE,
+                                      PKIX_FALSE,
+                                      PKIX_FALSE,
+                                      PKIX_FALSE,
+                                      chain,
+                                      plContext);
+
+    testGetProcParams(goodObject, equalObject);
+    testGetCertChain(goodObject, equalObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                NULL, /* expectedAscii, */
+                                ValidateParams,
+                                PKIX_FALSE);
+
+    testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(chain);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ValidateParams");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/results/Makefile b/nss/cmd/libpkix/pkix/results/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/results/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/results/manifest.mn b/nss/cmd/libpkix/pkix/results/manifest.mn
new file mode 100755
index 0000000..5a8b936
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/results/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH      = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_buildresult.c \
+	test_policynode.c \
+	test_verifynode.c \
+	test_valresult.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolresults
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/results/test_buildresult.c b/nss/cmd/libpkix/pkix/results/test_buildresult.c
new file mode 100644
index 0000000..8b13e8e
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/results/test_buildresult.c
@@ -0,0 +1,212 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_buildresult.c
+ *
+ * Test BuildResult Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_BuildResult_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetValidateResult(
+    PKIX_BuildResult *goodObject,
+    PKIX_BuildResult *equalObject)
+{
+
+    PKIX_ValidateResult *goodValResult = NULL;
+    PKIX_ValidateResult *equalValResult = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_BuildResult_GetValidateResult");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(goodObject, &goodValResult, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetValidateResult(equalObject, &equalValResult, NULL));
+
+    testEqualsHelper((PKIX_PL_Object *)goodValResult,
+                     (PKIX_PL_Object *)equalValResult,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodValResult);
+    PKIX_TEST_DECREF_AC(equalValResult);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCertChain(
+    PKIX_BuildResult *goodObject,
+    PKIX_BuildResult *equalObject)
+{
+
+    PKIX_List *goodChain = NULL;
+    PKIX_List *equalChain = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_BuildResult_GetCertChain");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(goodObject, &goodChain, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(equalObject, &equalChain, NULL));
+
+    testEqualsHelper((PKIX_PL_Object *)goodChain,
+                     (PKIX_PL_Object *)equalChain,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodChain);
+    PKIX_TEST_DECREF_AC(equalChain);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+}
+
+int
+test_buildresult(int argc, char *argv[])
+{
+
+    PKIX_BuildResult *goodObject = NULL;
+    PKIX_BuildResult *equalObject = NULL;
+    PKIX_BuildResult *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    char *dirName = NULL;
+    PKIX_UInt32 j = 0;
+
+    char *goodInput = "yassir2yassir";
+    char *diffInput = "yassir2bcn";
+
+    char *expectedAscii =
+        "[\n"
+        "\tValidateResult: \t\t"
+        "[\n"
+        "\tTrustAnchor: \t\t"
+        "[\n"
+        "\tTrusted CA Name:         "
+        "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
+        "\tInitial Name Constraints:(null)\n"
+        "]\n"
+        "\tPubKey:    \t\t"
+        "ANSI X9.57 DSA Signature\n"
+        "\tPolicyTree:  \t\t(null)\n"
+        "]\n"
+        "\tCertChain:    \t\t("
+        "[\n"
+        "\tVersion:         v3\n"
+        "\tSerialNumber:    37bc65af\n"
+        "\tIssuer:          CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tSubject:         CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tValidity: [From: Thu Aug 19 16:14:39 1999\n"
+        "\t           To:   Fri Aug 18 16:14:39 2000]\n"
+        "\tSubjectAltNames: (null)\n"
+        "\tAuthorityKeyId:  (null)\n"
+        "\tSubjectKeyId:    (null)\n"
+        "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+        "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+        "\tExtKeyUsages:    (null)\n"
+        "\tBasicConstraint: CA(0)\n"
+        "\tCertPolicyInfo:  (null)\n"
+        "\tPolicyMappings:  (null)\n"
+        "\tExplicitPolicy:  -1\n"
+        "\tInhibitMapping:  -1\n"
+        "\tInhibitAnyPolicy:-1\n"
+        "\tNameConstraints: (null)\n"
+        "]\n"
+        ", [\n"
+        "\tVersion:         v3\n"
+        "\tSerialNumber:    37bc66ec\n"
+        "\tIssuer:          CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tSubject:         OU=bcn,OU=east,O=sun,C=us\n"
+        "\tValidity: [From: Thu Aug 19 16:19:56 1999\n"
+        "\t           To:   Fri Aug 18 16:19:56 2000]\n"
+        "\tSubjectAltNames: (null)\n"
+        "\tAuthorityKeyId:  (null)\n"
+        "\tSubjectKeyId:    (null)\n"
+        "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+        "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+        "\tExtKeyUsages:    (null)\n"
+        "\tBasicConstraint: CA(0)\n"
+        "\tCertPolicyInfo:  (null)\n"
+        "\tPolicyMappings:  (null)\n"
+        "\tExplicitPolicy:  -1\n"
+        "\tInhibitMapping:  -1\n"
+        "\tInhibitAnyPolicy:-1\n"
+        "\tNameConstraints: (null)\n"
+        "]\n"
+        ")\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("BuildResult");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 2) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    dirName = argv[j + 1];
+
+    subTest("pkix_BuildResult_Create");
+
+    goodObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext);
+    equalObject = createBuildResult(dirName, goodInput, diffInput, goodInput, diffInput, plContext);
+    diffObject = createBuildResult(dirName, diffInput, goodInput, diffInput, goodInput, plContext);
+
+    testGetValidateResult(goodObject, equalObject);
+    testGetCertChain(goodObject, equalObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                NULL, /* expectedAscii, */
+                                BuildResult,
+                                PKIX_FALSE);
+
+    testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("BuildResult");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/results/test_policynode.c b/nss/cmd/libpkix/pkix/results/test_policynode.c
new file mode 100644
index 0000000..38ac1d9
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/results/test_policynode.c
@@ -0,0 +1,612 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_policynode.c
+ *
+ * Test PolicyNode Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+test_GetChildren(
+    PKIX_PolicyNode *goodNode,
+    PKIX_PolicyNode *equalNode,
+    PKIX_PolicyNode *diffNode)
+{
+
+    /*
+ * Caution: be careful where you insert this test. PKIX_PolicyNode_GetChildren
+ * is required by the API to return an immutable List, and it does it by setting
+ * the List immutable. We don't make a copy because the assumption is that
+ * certificate and policy processing have been completed before the user gets at
+ * the public API. So subsequent tests of functions that modify the policy tree,
+ * such as Prune, will fail if called after the execution of this test.
+ */
+
+    PKIX_Boolean isImmutable = PKIX_FALSE;
+    PKIX_List *goodList = NULL;
+    PKIX_List *equalList = NULL;
+    PKIX_List *diffList = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PolicyNode_GetChildren");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(goodNode, &goodList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(equalNode, &equalList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetChildren(diffNode, &diffList, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, NULL, List, NULL);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext));
+
+    if (isImmutable != PKIX_TRUE) {
+        testError("PKIX_PolicyNode_GetChildren returned a mutable List");
+    }
+
+cleanup:
+    PKIX_TEST_DECREF_AC(goodList);
+    PKIX_TEST_DECREF_AC(equalList);
+    PKIX_TEST_DECREF_AC(diffList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_GetParent(
+    PKIX_PolicyNode *goodNode,
+    PKIX_PolicyNode *equalNode,
+    PKIX_PolicyNode *diffNode,
+    char *expectedAscii)
+{
+    PKIX_PolicyNode *goodParent = NULL;
+    PKIX_PolicyNode *equalParent = NULL;
+    PKIX_PolicyNode *diffParent = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PolicyNode_GetParent");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(goodNode, &goodParent, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(equalNode, &equalParent, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetParent(diffNode, &diffParent, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodParent,
+                                equalParent,
+                                diffParent,
+                                expectedAscii,
+                                CertPolicyNode,
+                                NULL);
+
+cleanup:
+    PKIX_TEST_DECREF_AC(goodParent);
+    PKIX_TEST_DECREF_AC(equalParent);
+    PKIX_TEST_DECREF_AC(diffParent);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This test is the same as testDuplicateHelper, except that it
+ * produces a more useful "Actual value" and "Expected value"
+ * in the case of an unexpected mismatch.
+ */
+static void
+test_DuplicateHelper(PKIX_PolicyNode *object, void *plContext)
+{
+    PKIX_PolicyNode *newObject = NULL;
+    PKIX_Boolean cmpResult;
+    PKIX_PL_String *original = NULL;
+    PKIX_PL_String *copy = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("testing pkix_PolicyNode_Duplicate");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)object,
+                                                       (PKIX_PL_Object **)&newObject,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)object,
+                                                    (PKIX_PL_Object *)newObject,
+                                                    &cmpResult,
+                                                    plContext));
+
+    if (!cmpResult) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)object, &original, plContext));
+        testError("unexpected mismatch");
+        (void)printf("original value:\t%s\n", original->escAsciiString);
+
+        if (newObject) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)newObject, &copy, plContext));
+            (void)printf("copy value:\t%s\n", copy->escAsciiString);
+        } else {
+            (void)printf("copy value:\t(NULL)\n");
+        }
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(newObject);
+    PKIX_TEST_DECREF_AC(original);
+    PKIX_TEST_DECREF_AC(copy);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_GetValidPolicy(
+    PKIX_PolicyNode *goodNode,
+    PKIX_PolicyNode *equalNode,
+    PKIX_PolicyNode *diffNode,
+    char *expectedAscii)
+{
+    PKIX_PL_OID *goodPolicy = NULL;
+    PKIX_PL_OID *equalPolicy = NULL;
+    PKIX_PL_OID *diffPolicy = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PolicyNode_GetValidPolicy");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(goodNode, &goodPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(equalNode, &equalPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetValidPolicy(diffNode, &diffPolicy, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy, equalPolicy, diffPolicy, expectedAscii, OID, NULL);
+
+cleanup:
+    PKIX_TEST_DECREF_AC(goodPolicy);
+    PKIX_TEST_DECREF_AC(equalPolicy);
+    PKIX_TEST_DECREF_AC(diffPolicy);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_GetPolicyQualifiers(
+    PKIX_PolicyNode *goodNode,
+    PKIX_PolicyNode *equalNode,
+    PKIX_PolicyNode *diffNode,
+    char *expectedAscii)
+{
+    PKIX_Boolean isImmutable = PKIX_FALSE;
+    PKIX_List *goodList = NULL;
+    PKIX_List *equalList = NULL;
+    PKIX_List *diffList = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PolicyNode_GetPolicyQualifiers");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(goodNode, &goodList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(equalNode, &equalList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetPolicyQualifiers(diffNode, &diffList, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext));
+
+    if (isImmutable != PKIX_TRUE) {
+        testError("PKIX_PolicyNode_GetPolicyQualifiers returned a mutable List");
+    }
+cleanup:
+    PKIX_TEST_DECREF_AC(goodList);
+    PKIX_TEST_DECREF_AC(equalList);
+    PKIX_TEST_DECREF_AC(diffList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_GetExpectedPolicies(
+    PKIX_PolicyNode *goodNode,
+    PKIX_PolicyNode *equalNode,
+    PKIX_PolicyNode *diffNode,
+    char *expectedAscii)
+{
+    PKIX_Boolean isImmutable = PKIX_FALSE;
+    PKIX_List *goodList = NULL;
+    PKIX_List *equalList = NULL;
+    PKIX_List *diffList = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PolicyNode_GetExpectedPolicies");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(goodNode, &goodList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(equalNode, &equalList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetExpectedPolicies(diffNode, &diffList, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodList, equalList, diffList, expectedAscii, List, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodList, &isImmutable, plContext));
+
+    if (isImmutable != PKIX_TRUE) {
+        testError("PKIX_PolicyNode_GetExpectedPolicies returned a mutable List");
+    }
+cleanup:
+    PKIX_TEST_DECREF_AC(goodList);
+    PKIX_TEST_DECREF_AC(equalList);
+    PKIX_TEST_DECREF_AC(diffList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_IsCritical(
+    PKIX_PolicyNode *goodNode,
+    PKIX_PolicyNode *equalNode,
+    PKIX_PolicyNode *diffNode)
+{
+    PKIX_Boolean goodBool = PKIX_FALSE;
+    PKIX_Boolean equalBool = PKIX_FALSE;
+    PKIX_Boolean diffBool = PKIX_FALSE;
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PolicyNode_IsCritical");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(goodNode, &goodBool, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(equalNode, &equalBool, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_IsCritical(diffNode, &diffBool, plContext));
+
+    if ((!goodBool) || (!equalBool) || (diffBool)) {
+        testError("IsCritical returned unexpected value");
+    }
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+test_GetDepth(
+    PKIX_PolicyNode *depth1Node,
+    PKIX_PolicyNode *depth2Node,
+    PKIX_PolicyNode *depth3Node)
+{
+    PKIX_UInt32 depth1 = 0;
+    PKIX_UInt32 depth2 = 0;
+    PKIX_UInt32 depth3 = 0;
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PolicyNode_GetDepth");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth1Node, &depth1, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth2Node, &depth2, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PolicyNode_GetDepth(depth3Node, &depth3, plContext));
+
+    if ((depth1 != 1) || (depth2 != 2) || (depth3 != 3)) {
+        testError("GetDepth returned unexpected value");
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_policynode <NIST_FILES_DIR> \n\n");
+}
+
+int
+test_policynode(int argc, char *argv[])
+{
+
+    /*
+         * Create a tree with parent = anyPolicy,
+         * child1 with Nist1+Nist2, child2 with Nist1.
+         * Give each child another child, with policies Nist2
+         * and Nist1, respectively. Pruning with a depth of two
+         * should have no effect. Give one of the children
+         * another child. Then pruning with a depth of three
+         * should reduce the tree to a single strand, as child1
+         * and child3 are removed.
+         *
+         *              parent (anyPolicy)
+         *          /                   \
+         *      child1(Nist1+Nist2)     child2(Nist1)
+         *          |                       |
+         *      child3(Nist2)           child4(Nist1)
+         *                                  |
+         *                              child5(Nist1)
+         *
+         */
+    char *asciiAnyPolicy = "2.5.29.32.0";
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_CertPolicyInfo *nist1Policy = NULL;
+    PKIX_PL_CertPolicyInfo *nist2Policy = NULL;
+    PKIX_List *policyQualifierList = NULL;
+    PKIX_PL_OID *oidAnyPolicy = NULL;
+    PKIX_PL_OID *oidNist1Policy = NULL;
+    PKIX_PL_OID *oidNist2Policy = NULL;
+    PKIX_List *expectedAnyList = NULL;
+    PKIX_List *expectedNist1List = NULL;
+    PKIX_List *expectedNist2List = NULL;
+    PKIX_List *expectedNist1Nist2List = NULL;
+    PKIX_List *emptyList = NULL;
+    PKIX_PolicyNode *parentNode = NULL;
+    PKIX_PolicyNode *childNode1 = NULL;
+    PKIX_PolicyNode *childNode2 = NULL;
+    PKIX_PolicyNode *childNode3 = NULL;
+    PKIX_PolicyNode *childNode4 = NULL;
+    PKIX_PolicyNode *childNode5 = NULL;
+    PKIX_PL_String *parentString = NULL;
+    PKIX_Boolean pDelete = PKIX_FALSE;
+    char *expectedParentAscii =
+        "{2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5C "
+        "1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 65"
+        " 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D 2"
+        "0 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 69 "
+        "73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 66"
+        " 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20 6"
+        "F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1.3"
+        ".6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69 7"
+        "3 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 69 "
+        "63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 20"
+        " 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63 6"
+        "1 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 75 "
+        "72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101.3"
+        ".2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A 20"
+        " 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72 2"
+        "0 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 "
+        "66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 72"
+        " 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F 7"
+        "4 20 62 65 20 64 69 73 70 6C 61 79 65 64])]),1}\n"
+        ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
+        "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+        "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+        " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+        "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+        "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+        " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2),2}";
+    char *expectedValidAscii =
+        "2.16.840.1.101.3.2.1.48.2";
+    char *expectedQualifiersAscii =
+        /* "(1.3.6.1.5.5.7.2.2)"; */
+        "(1.3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 "
+        "69 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74"
+        " 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 7"
+        "2 20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 "
+        "63 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70"
+        " 75 72 70 6F 73 65 73 20 6F 6E 6C 79])";
+    char *expectedPoliciesAscii =
+        "(2.16.840.1.101.3.2.1.48.1)";
+    char *expectedTree =
+        "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
+        ". {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30 5"
+        "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+        "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+        " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+        "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+        "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+        " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1[(1"
+        ".3.6.1.5.5.7.2.2:[30 5C 1A 5A 71 31 3A 20 20 54 68 69"
+        " 73 20 69 73 20 74 68 65 20 75 73 65 72 20 6E 6F 74 6"
+        "9 63 65 20 66 72 6F 6D 20 71 75 61 6C 69 66 69 65 72 "
+        "20 31 2E 20 20 54 68 69 73 20 63 65 72 74 69 66 69 63"
+        " 61 74 65 20 69 73 20 66 6F 72 20 74 65 73 74 20 70 7"
+        "5 72 70 6F 73 65 73 20 6F 6E 6C 79])], 2.16.840.1.101"
+        ".3.2.1.48.2[(1.3.6.1.5.5.7.2.2:[30 5A 1A 58 71 32 3A "
+        "20 20 54 68 69 73 20 69 73 20 74 68 65 20 75 73 65 72"
+        " 20 6E 6F 74 69 63 65 20 66 72 6F 6D 20 71 75 61 6C 6"
+        "9 66 69 65 72 20 32 2E 20 20 54 68 69 73 20 75 73 65 "
+        "72 20 6E 6F 74 69 63 65 20 73 68 6F 75 6C 64 20 6E 6F"
+        " 74 20 62 65 20 64 69 73 70 6C 61 79 65 64])]"
+        "),1}\n"
+        ". . {2.16.840.1.101.3.2.1.48.2,(1.3.6.1.5.5.7.2.2:[30"
+        " 5C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 6"
+        "8 65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F "
+        "6D 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68"
+        " 69 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 2"
+        "0 66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 "
+        "20 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.2)"
+        ",2}\n"
+        ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
+        "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+        "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+        " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+        "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+        "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+        " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
+        ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
+        "(2.16.840.1.101.3.2.1.48.1),2}\n"
+        ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
+        "0.1.101.3.2.1.48.1),3}";
+    char *expectedPrunedTree =
+        "{2.5.29.32.0,{},Critical,(2.5.29.32.0),0}\n"
+        ". {2.16.840.1.101.3.2.1.48.1,(1.3.6.1.5.5.7.2.2:[30 5"
+        "C 1A 5A 71 31 3A 20 20 54 68 69 73 20 69 73 20 74 68 "
+        "65 20 75 73 65 72 20 6E 6F 74 69 63 65 20 66 72 6F 6D"
+        " 20 71 75 61 6C 69 66 69 65 72 20 31 2E 20 20 54 68 6"
+        "9 73 20 63 65 72 74 69 66 69 63 61 74 65 20 69 73 20 "
+        "66 6F 72 20 74 65 73 74 20 70 75 72 70 6F 73 65 73 20"
+        " 6F 6E 6C 79]),Critical,(2.16.840.1.101.3.2.1.48.1),1}\n"
+        ". . {2.16.840.1.101.3.2.1.48.1,(EMPTY),Not Critical,"
+        "(2.16.840.1.101.3.2.1.48.1),2}\n"
+        ". . . {2.16.840.1.101.3.2.1.48.1,{},Critical,(2.16.84"
+        "0.1.101.3.2.1.48.1),3}";
+
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    char *dirName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 2) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("PolicyNode");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    dirName = argv[j + 1];
+
+    subTest("Creating OID objects");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &oidAnyPolicy, plContext));
+
+    /* Read certificates to get real policies, qualifiers */
+
+    cert = createCert(dirName, "UserNoticeQualifierTest16EE.crt", plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(cert, &expectedNist1Nist2List, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List,
+                                                0,
+                                                (PKIX_PL_Object **)&nist1Policy,
+                                                plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(expectedNist1Nist2List,
+                                                1,
+                                                (PKIX_PL_Object **)&nist2Policy,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(nist1Policy, &policyQualifierList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist1Policy, &oidNist1Policy, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(nist2Policy, &oidNist2Policy, plContext));
+
+    subTest("Creating expectedPolicy List objects");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedAnyList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist1List, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedNist2List, plContext));
+
+    subTest("Populating expectedPolicy List objects");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedAnyList, (PKIX_PL_Object *)oidAnyPolicy, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist1List,
+                                                   (PKIX_PL_Object *)oidNist1Policy,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedNist2List,
+                                                   (PKIX_PL_Object *)oidNist2Policy,
+                                                   plContext));
+
+    subTest("Creating PolicyNode objects");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&emptyList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidAnyPolicy,
+                                                     NULL,
+                                                     PKIX_TRUE,
+                                                     expectedAnyList,
+                                                     &parentNode,
+                                                     plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy,
+                                                     policyQualifierList,
+                                                     PKIX_TRUE,
+                                                     expectedNist1Nist2List,
+                                                     &childNode1,
+                                                     plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy,
+                                                     policyQualifierList,
+                                                     PKIX_TRUE,
+                                                     expectedNist1List,
+                                                     &childNode2,
+                                                     plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist2Policy,
+                                                     policyQualifierList,
+                                                     PKIX_TRUE,
+                                                     expectedNist2List,
+                                                     &childNode3,
+                                                     plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy,
+                                                     emptyList,
+                                                     PKIX_FALSE,
+                                                     expectedNist1List,
+                                                     &childNode4,
+                                                     plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Create(oidNist1Policy,
+                                                     NULL,
+                                                     PKIX_TRUE,
+                                                     expectedNist1List,
+                                                     &childNode5,
+                                                     plContext));
+
+    subTest("Creating the PolicyNode tree");
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode1, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(parentNode, childNode2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode1, childNode3, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode2, childNode4, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_AddToParent(childNode4, childNode5, plContext));
+
+    subTest("Displaying PolicyNode objects");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext));
+    (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString);
+
+    testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext);
+
+    test_DuplicateHelper(parentNode, plContext);
+
+    test_GetParent(childNode3, childNode3, childNode4, expectedParentAscii);
+    test_GetValidPolicy(childNode1, childNode3, parentNode, expectedValidAscii);
+    test_GetPolicyQualifiers(childNode1, childNode3, childNode4, expectedQualifiersAscii);
+    test_GetExpectedPolicies(childNode2, childNode4, childNode3, expectedPoliciesAscii);
+    test_IsCritical(childNode1, childNode2, childNode4);
+    test_GetDepth(childNode2, childNode4, childNode5);
+
+    subTest("pkix_PolicyNode_Prune");
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 2, &pDelete, plContext));
+
+    testToStringHelper((PKIX_PL_Object *)parentNode, expectedTree, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_PolicyNode_Prune(parentNode, 3, &pDelete, plContext));
+
+    testToStringHelper((PKIX_PL_Object *)parentNode, expectedPrunedTree, plContext);
+
+    test_GetChildren(parentNode, parentNode, childNode2);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(nist1Policy);
+    PKIX_TEST_DECREF_AC(nist2Policy);
+    PKIX_TEST_DECREF_AC(policyQualifierList);
+    PKIX_TEST_DECREF_AC(oidAnyPolicy);
+    PKIX_TEST_DECREF_AC(oidNist1Policy);
+    PKIX_TEST_DECREF_AC(oidNist2Policy);
+    PKIX_TEST_DECREF_AC(expectedAnyList);
+    PKIX_TEST_DECREF_AC(expectedNist1List);
+    PKIX_TEST_DECREF_AC(expectedNist2List);
+    PKIX_TEST_DECREF_AC(expectedNist1Nist2List);
+    PKIX_TEST_DECREF_AC(emptyList);
+    PKIX_TEST_DECREF_AC(parentNode);
+    PKIX_TEST_DECREF_AC(childNode1);
+    PKIX_TEST_DECREF_AC(childNode2);
+    PKIX_TEST_DECREF_AC(childNode3);
+    PKIX_TEST_DECREF_AC(childNode4);
+    PKIX_TEST_DECREF_AC(childNode5);
+    PKIX_TEST_DECREF_AC(parentString);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("PolicyNode");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/results/test_valresult.c b/nss/cmd/libpkix/pkix/results/test_valresult.c
new file mode 100644
index 0000000..7760a43
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/results/test_valresult.c
@@ -0,0 +1,199 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_valresult.c
+ *
+ * Test ValidateResult Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ValidateResult_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetPublicKey(
+    PKIX_ValidateResult *goodObject,
+    PKIX_ValidateResult *equalObject)
+{
+
+    PKIX_PL_PublicKey *goodPubKey = NULL;
+    PKIX_PL_PublicKey *equalPubKey = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ValidateResult_GetPublicKey");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(goodObject, &goodPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPublicKey(equalObject, &equalPubKey, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)goodPubKey,
+                     (PKIX_PL_Object *)equalPubKey,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodPubKey);
+    PKIX_TEST_DECREF_AC(equalPubKey);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetTrustAnchor(
+    PKIX_ValidateResult *goodObject,
+    PKIX_ValidateResult *equalObject)
+{
+
+    PKIX_TrustAnchor *goodAnchor = NULL;
+    PKIX_TrustAnchor *equalAnchor = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ValidateResult_GetTrustAnchor");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(goodObject, &goodAnchor, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetTrustAnchor(equalObject, &equalAnchor, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)goodAnchor,
+                     (PKIX_PL_Object *)equalAnchor,
+                     PKIX_TRUE,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodAnchor);
+    PKIX_TEST_DECREF_AC(equalAnchor);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetPolicyTree(
+    PKIX_ValidateResult *goodObject,
+    PKIX_ValidateResult *equalObject)
+{
+
+    PKIX_PolicyNode *goodTree = NULL;
+    PKIX_PolicyNode *equalTree = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_ValidateResult_GetPolicyTree");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(goodObject, &goodTree, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(equalObject, &equalTree, plContext));
+
+    if (goodTree) {
+        testEqualsHelper((PKIX_PL_Object *)goodTree,
+                         (PKIX_PL_Object *)equalTree,
+                         PKIX_TRUE,
+                         plContext);
+    } else if (equalTree) {
+        pkixTestErrorMsg = "Mismatch: NULL and non-NULL Policy Trees";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodTree);
+    PKIX_TEST_DECREF_AC(equalTree);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+}
+
+int
+test_valresult(int argc, char *argv[])
+{
+
+    PKIX_ValidateResult *goodObject = NULL;
+    PKIX_ValidateResult *equalObject = NULL;
+    PKIX_ValidateResult *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    char *goodInput = "yassir2yassir";
+    char *diffInput = "yassir2bcn";
+    char *dirName = NULL;
+
+    char *expectedAscii =
+        "[\n"
+        "\tTrustAnchor: \t\t"
+        "[\n"
+        "\tTrusted CA Name:         "
+        "CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tTrusted CA PublicKey:    ANSI X9.57 DSA Signature\n"
+        "\tInitial Name Constraints:(null)\n"
+        "]\n"
+        "\tPubKey:    \t\t"
+        "ANSI X9.57 DSA Signature\n"
+        "\tPolicyTree:  \t\t(null)\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("ValidateResult");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 2) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    dirName = argv[j + 1];
+
+    subTest("pkix_ValidateResult_Create");
+
+    goodObject = createValidateResult(dirName, goodInput, diffInput, plContext);
+    equalObject = createValidateResult(dirName, goodInput, diffInput, plContext);
+    diffObject = createValidateResult(dirName, diffInput, goodInput, plContext);
+
+    testGetPublicKey(goodObject, equalObject);
+    testGetTrustAnchor(goodObject, equalObject);
+    testGetPolicyTree(goodObject, equalObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                expectedAscii,
+                                ValidateResult,
+                                PKIX_FALSE);
+
+    testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ValidateResult");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/results/test_verifynode.c b/nss/cmd/libpkix/pkix/results/test_verifynode.c
new file mode 100644
index 0000000..21c61aa
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/results/test_verifynode.c
@@ -0,0 +1,112 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_verifynode.c
+ *
+ * Test VerifyNode Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_verifynode path cert1 cert2 cert3\n\n");
+}
+
+int
+test_verifynode(int argc, char *argv[])
+{
+
+    /*
+         * Create a tree with parent = cert1, child=cert2, grandchild=cert3
+         */
+    PKIX_PL_Cert *cert1 = NULL;
+    PKIX_PL_Cert *cert2 = NULL;
+    PKIX_PL_Cert *cert3 = NULL;
+    PKIX_VerifyNode *parentNode = NULL;
+    PKIX_VerifyNode *childNode = NULL;
+    PKIX_VerifyNode *grandChildNode = NULL;
+    PKIX_PL_String *parentString = NULL;
+
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    char *dirName = NULL;
+    char *twoNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Cert"
+                         "ificates,C=US, Subject:CN=Trust Anchor,O=Test Certif"
+                         "icates,C=US], depth=0, error=(null)\n. CERT[Issuer:C"
+                         "N=Trust Anchor,O=Test Certificates,C=US, Subject:CN="
+                         "Good CA,O=Test Certificates,C=US], depth=1, error=(null)";
+    char *threeNodeAscii = "CERT[Issuer:CN=Trust Anchor,O=Test Ce"
+                           "rtificates,C=US, Subject:CN=Trust Anchor,O=Test Cert"
+                           "ificates,C=US], depth=0, error=(null)\n. CERT[Issuer"
+                           ":CN=Trust Anchor,O=Test Certificates,C=US, Subject:C"
+                           "N=Good CA,O=Test Certificates,C=US], depth=1, error="
+                           "(null)\n. . CERT[Issuer:CN=Good CA,O=Test Certificat"
+                           "es,C=US, Subject:CN=Valid EE Certificate Test1,O=Tes"
+                           "t Certificates,C=US], depth=2, error=(null)";
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 3) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("VerifyNode");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    dirName = argv[++j];
+
+    subTest("Creating Certs");
+
+    cert1 = createCert(dirName, argv[++j], plContext);
+
+    cert2 = createCert(dirName, argv[++j], plContext);
+
+    cert3 = createCert(dirName, argv[++j], plContext);
+
+    subTest("Creating VerifyNode objects");
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert1, 0, NULL, &parentNode, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert2, 1, NULL, &childNode, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_Create(cert3, 2, NULL, &grandChildNode, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, childNode, plContext));
+
+    subTest("Creating VerifyNode ToString objects");
+
+    testToStringHelper((PKIX_PL_Object *)parentNode, twoNodeAscii, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_VerifyNode_AddToChain(parentNode, grandChildNode, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parentNode, &parentString, plContext));
+    (void)printf("parentNode is\n\t%s\n", parentString->escAsciiString);
+
+    testToStringHelper((PKIX_PL_Object *)parentNode, threeNodeAscii, plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(cert1);
+    PKIX_TEST_DECREF_AC(cert2);
+    PKIX_TEST_DECREF_AC(parentNode);
+    PKIX_TEST_DECREF_AC(childNode);
+    PKIX_TEST_DECREF_AC(parentString);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("VerifyNode");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/store/Makefile b/nss/cmd/libpkix/pkix/store/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/store/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/store/manifest.mn b/nss/cmd/libpkix/pkix/store/manifest.mn
new file mode 100755
index 0000000..566a346
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/store/manifest.mn
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_store.c
+
+LIBRARY_NAME=pkixtoolstore
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/store/test_store.c b/nss/cmd/libpkix/pkix/store/test_store.c
new file mode 100644
index 0000000..59606b8
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/store/test_store.c
@@ -0,0 +1,194 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_certstore.c
+ *
+ * Test CertStore Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static PKIX_Error *
+testCRLCallback(
+    PKIX_CertStore *store,
+    PKIX_CRLSelector *selector,
+    void **pNBIOContext,
+    PKIX_List **pCrls, /* list of PKIX_PL_Crl */
+    void *plContext)
+{
+    return (0);
+}
+
+static PKIX_Error *
+testCRLContinue(
+    PKIX_CertStore *store,
+    PKIX_CRLSelector *selector,
+    void **pNBIOContext,
+    PKIX_List **pCrls, /* list of PKIX_PL_Crl */
+    void *plContext)
+{
+    return (0);
+}
+
+static PKIX_Error *
+testCertCallback(
+    PKIX_CertStore *store,
+    PKIX_CertSelector *selector,
+    void **pNBIOContext,
+    PKIX_List **pCerts, /* list of PKIX_PL_Cert */
+    void *plContext)
+{
+    return (0);
+}
+
+static PKIX_Error *
+testCertContinue(
+    PKIX_CertStore *store,
+    PKIX_CertSelector *selector,
+    void **pNBIOContext,
+    PKIX_List **pCerts, /* list of PKIX_PL_Cert */
+    void *plContext)
+{
+    return (0);
+}
+
+static char *
+catDirName(char *platform, char *dir, void *plContext)
+{
+    char *pathName = NULL;
+    PKIX_UInt32 dirLen;
+    PKIX_UInt32 platformLen;
+
+    PKIX_TEST_STD_VARS();
+
+    dirLen = PL_strlen(dir);
+    platformLen = PL_strlen(platform);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+                                                 dirLen +
+                                                 2,
+                                             (void **)&pathName, plContext));
+
+    PL_strcpy(pathName, platform);
+    PL_strcat(pathName, "/");
+    PL_strcat(pathName, dir);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (pathName);
+}
+
+static void
+testCertStore(char *crlDir)
+{
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_PL_Object *getCertStoreContext = NULL;
+    PKIX_CertStore_CertCallback certCallback = NULL;
+    PKIX_CertStore_CRLCallback crlCallback = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    crlDir,
+                                                    0,
+                                                    &dirString,
+                                                    plContext));
+
+    subTest("PKIX_CertStore_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(testCertCallback,
+                                                    testCRLCallback,
+                                                    testCertContinue,
+                                                    testCRLContinue,
+                                                    NULL, /* trustCallback */
+                                                    (PKIX_PL_Object *)dirString,
+                                                    PKIX_TRUE, /* cacheFlag */
+                                                    PKIX_TRUE, /* local */
+                                                    &certStore,
+                                                    plContext));
+
+    subTest("PKIX_CertStore_GetCertCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, plContext));
+
+    if (certCallback != testCertCallback) {
+        testError("PKIX_CertStore_GetCertCallback unexpected mismatch");
+    }
+
+    subTest("PKIX_CertStore_GetCRLCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, plContext));
+
+    if (crlCallback != testCRLCallback) {
+        testError("PKIX_CertStore_GetCRLCallback unexpected mismatch");
+    }
+
+    subTest("PKIX_CertStore_GetCertStoreContext");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertStoreContext(certStore, &getCertStoreContext, plContext));
+
+    if ((PKIX_PL_Object *)dirString != getCertStoreContext) {
+        testError("PKIX_CertStore_GetCertStoreContext unexpected mismatch");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(getCertStoreContext);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s testName <data-dir> <platform-dir>\n\n", pName);
+}
+
+/* Functional tests for CertStore public functions */
+
+int
+test_store(int argc, char *argv[])
+{
+
+    char *platformDir = NULL;
+    char *dataDir = NULL;
+    char *combinedDir = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < (3 + j)) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    startTests(argv[1 + j]);
+
+    dataDir = argv[2 + j];
+    platformDir = argv[3 + j];
+    combinedDir = catDirName(platformDir, dataDir, plContext);
+
+    testCertStore(combinedDir);
+
+cleanup:
+
+    pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CertStore");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/Makefile b/nss/cmd/libpkix/pkix/top/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/top/manifest.mn b/nss/cmd/libpkix/pkix/top/manifest.mn
new file mode 100755
index 0000000..a7d997d
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/manifest.mn
@@ -0,0 +1,33 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_basicchecker.c \
+	test_basicconstraintschecker.c \
+	test_buildchain.c \
+	test_buildchain_uchecker.c \
+	test_buildchain_partialchain.c \
+	test_buildchain_resourcelimits.c \
+	test_customcrlchecker.c \
+	test_defaultcrlchecker2stores.c \
+	test_ocsp.c \
+	test_policychecker.c \
+	test_subjaltnamechecker.c \
+	test_validatechain.c \
+	test_validatechain_bc.c \
+	test_validatechain_NB.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtooltop
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/top/test_basicchecker.c b/nss/cmd/libpkix/pkix/top/test_basicchecker.c
new file mode 100644
index 0000000..658bf67
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_basicchecker.c
@@ -0,0 +1,238 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_basicchecker.c
+ *
+ * Test Basic Checking
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii)
+{
+
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Basic-Common-Fields <pass>");
+    /*
+         * Tests the Expiration, NameChaining, and Signature Checkers
+         */
+
+    chain = createCertChain(dirName, goodInput, diffInput, plContext);
+
+    valParams = createValidateParams(dirName,
+                                     goodInput,
+                                     diffInput,
+                                     dateAscii,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testNameChainingFail(
+    char *dirName,
+    char *goodInput,
+    char *diffInput,
+    char *dateAscii)
+{
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("NameChaining <fail>");
+
+    chain = createCertChain(dirName, diffInput, goodInput, plContext);
+
+    valParams = createValidateParams(dirName,
+                                     goodInput,
+                                     diffInput,
+                                     dateAscii,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDateFail(char *dirName, char *goodInput, char *diffInput)
+{
+
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    chain = createCertChain(dirName, goodInput, diffInput, plContext);
+
+    subTest("Expiration <fail>");
+    valParams = createValidateParams(dirName,
+                                     goodInput,
+                                     diffInput,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testSignatureFail(
+    char *dirName,
+    char *goodInput,
+    char *diffInput,
+    char *dateAscii)
+{
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Signature <fail>");
+
+    chain = createCertChain(dirName, diffInput, goodInput, plContext);
+
+    valParams = createValidateParams(dirName,
+                                     goodInput,
+                                     diffInput,
+                                     dateAscii,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s <central-data-dir>\n\n", pName);
+}
+
+int
+test_basicchecker(int argc, char *argv[])
+{
+
+    char *goodInput = "yassir2yassir";
+    char *diffInput = "yassir2bcn";
+    char *dateAscii = "991201000000Z";
+    char *dirName = NULL;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 actualMinorVersion;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("SignatureChecker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 2) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    dirName = argv[j + 1];
+
+    /* The NameChaining, Expiration, and Signature Checkers all pass */
+    testPass(dirName, goodInput, diffInput, dateAscii);
+
+    /* Individual Checkers fail */
+    testNameChainingFail(dirName, goodInput, diffInput, dateAscii);
+    testDateFail(dirName, goodInput, diffInput);
+
+/*
+         * XXX
+         * since the signature check is done last, we need to create
+         * certs whose name chaining passes, but their signatures fail;
+         * we currently don't have any such certs.
+         */
+/* testSignatureFail(goodInput, diffInput, dateAscii); */
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("SignatureChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c b/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c
new file mode 100644
index 0000000..eba5153
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_basicconstraintschecker.c
@@ -0,0 +1,145 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_basicconstraintschecker.c
+ *
+ * Test Basic Constraints Checking
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_MAX_CERTS 10
+
+static void *plContext = NULL;
+
+static void
+printUsage1(char *pName)
+{
+    printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
+    printf("cert [certs].\n");
+}
+
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+           numCerts, PKIX_TEST_MAX_CERTS);
+}
+
+int
+test_basicconstraintschecker(int argc, char *argv[])
+{
+
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    char *certNames[PKIX_TEST_MAX_CERTS];
+    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_Boolean testValid = PKIX_FALSE;
+    char *dirName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 4) {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    startTests("BasicConstraintsChecker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    dirName = argv[3 + j];
+
+    chainLength = (argc - j) - 4;
+    if (chainLength > PKIX_TEST_MAX_CERTS) {
+        printUsageMax(chainLength);
+    }
+
+    for (i = 0; i < chainLength; i++) {
+        certNames[i] = argv[(4 + j) + i];
+        certs[i] = NULL;
+    }
+
+    subTest(argv[1 + j]);
+
+    subTest("Basic-Constraints - Create Cert Chain");
+
+    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+    /*
+         * Error occurs when creating Cert, this is critical and test
+         * should not continue. Since we expect error, we assume this
+         * error is the one that is expected, so undo the error count.
+         *
+         * This work needs future enhancement. We will introduce another
+         * flag ESE, in addition to the existing EE(expect validation
+         * error) and ENE(expect no validation error). ESE stands for
+         * "expect setup error". When running with ESE, if any of the setup
+         * calls such creating Cert Chain fails, the test can end and
+         * considered to be successful.
+         */
+    if (testValid == PKIX_FALSE && chain == NULL) {
+        testErrorUndo("Cert Error - Create failed");
+        goto cleanup;
+    }
+
+    subTest("Basic-Constraints - Create Params");
+
+    valParams = createValidateParams(dirName,
+                                     argv[4 +
+                                          j],
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    subTest("Basic-Constraints - Validate Chain");
+
+    if (testValid == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    } else {
+        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("BasicConstraintsChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_buildchain.c b/nss/cmd/libpkix/pkix/top/test_buildchain.c
new file mode 100644
index 0000000..5c9ec59
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_buildchain.c
@@ -0,0 +1,418 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_buildchain.c
+ *
+ * Test BuildChain function
+ *
+ */
+
+/* #define debuggingWithoutRevocation */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define LDAP_PORT 389
+static PKIX_Boolean usebind = PKIX_FALSE;
+static PKIX_Boolean useLDAP = PKIX_FALSE;
+static char buf[PR_NETDB_BUF_SIZE];
+static char *serverName = NULL;
+static char *sepPtr = NULL;
+static PRNetAddr netAddr;
+static PRHostEnt hostent;
+static PKIX_UInt32 portNum = 0;
+static PRIntn hostenum = 0;
+static PRStatus prstatus = PR_FAILURE;
+static void *ipaddr = NULL;
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] "
+                 "servername[:port] <testName> [ENE|EE]\n"
+                 "\t <certStoreDirectory> <targetCert>"
+                 " <intermediate Certs...> <trustedCert>\n\n");
+    (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
+                 "using the certs and CRLs in <certStoreDirectory>. "
+                 "servername[:port] gives\n"
+                 "the address of an LDAP server. If port is not"
+                 " specified, port 389 is used. \"-\" means no LDAP server.\n"
+                 "If ENE is specified, then an Error is Not Expected. "
+                 "EE indicates an Error is Expected.\n");
+}
+
+static PKIX_Error *
+createLdapCertStore(
+    char *hostname,
+    PRIntervalTime timeout,
+    PKIX_CertStore **pLdapCertStore,
+    void *plContext)
+{
+    PRIntn backlog = 0;
+
+    char *bindname = "";
+    char *auth = "";
+
+    LDAPBindAPI bindAPI;
+    LDAPBindAPI *bindPtr = NULL;
+    PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+    PKIX_CertStore *ldapCertStore = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (usebind) {
+        bindPtr = &bindAPI;
+        bindAPI.selector = SIMPLE_AUTH;
+        bindAPI.chooser.simple.bindName = bindname;
+        bindAPI.chooser.simple.authentication = auth;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient,
+                                                           &ldapCertStore,
+                                                           plContext));
+
+    *pLdapCertStore = ldapCertStore;
+cleanup:
+
+    PKIX_TEST_DECREF_AC(ldapClient);
+
+    PKIX_TEST_RETURN();
+
+    return (pkixTestErrorResult);
+}
+
+int
+test_buildchain(int argc, char *argv[])
+{
+    PKIX_BuildResult *buildResult = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_PL_PublicKey *trustedPubKey = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_RevocationChecker *revChecker = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    char *dirName = NULL;
+    PKIX_PL_String *dirNameString = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_PL_Cert *targetCert = NULL;
+    PKIX_UInt32 actualMinorVersion = 0;
+    PKIX_UInt32 numCerts = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 k = 0;
+    PKIX_CertStore *ldapCertStore = NULL;
+    PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
+    /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
+    PKIX_CertStore *certStore = NULL;
+    PKIX_List *certStores = NULL;
+    PKIX_List *revCheckers = NULL;
+    char *asciiResult = NULL;
+    PKIX_Boolean result = PKIX_FALSE;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    PKIX_List *expectedCerts = NULL;
+    PKIX_PL_Cert *dirCert = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+    PKIX_PL_String *actualCertsString = NULL;
+    PKIX_PL_String *expectedCertsString = NULL;
+    void *state = NULL;
+    char *actualCertsAscii = NULL;
+    char *expectedCertsAscii = NULL;
+    PRPollDesc *pollDesc = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("BuildChain");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /*
+         * arguments:
+         * [optional] -arenas
+         * [optional] usebind
+         *            servername or servername:port ( - for no server)
+         *            testname
+         *            EE or ENE
+         *            cert directory
+         *            target cert (end entity)
+         *            intermediate certs
+         *            trust anchor
+         */
+
+    /* optional argument "usebind" for Ldap CertStore */
+    if (argv[j + 1]) {
+        if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
+            usebind = PKIX_TRUE;
+            j++;
+        }
+    }
+
+    if (PORT_Strcmp(argv[++j], "-") == 0) {
+        useLDAP = PKIX_FALSE;
+    } else {
+        serverName = argv[j];
+        useLDAP = PKIX_TRUE;
+    }
+
+    subTest(argv[++j]);
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[++j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage();
+        return (0);
+    }
+
+    dirName = argv[++j];
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
+
+    for (k = ++j; k < (PKIX_UInt32)argc; k++) {
+
+        dirCert = createCert(dirName, argv[k], plContext);
+
+        if (k == (PKIX_UInt32)(argc - 1)) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+            trustedCert = dirCert;
+        } else {
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
+                                                           (PKIX_PL_Object *)dirCert,
+                                                           plContext));
+
+            if (k == j) {
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+                targetCert = dirCert;
+            }
+        }
+
+        PKIX_TEST_DECREF_BC(dirCert);
+    }
+
+    /* create processing params with list of trust anchors */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with target certificate in params */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    /* create CertStores */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+
+    if (useLDAP == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
+                                                       (PKIX_PL_Object *)ldapCertStore,
+                                                       plContext));
+    } else {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(expectedCerts, &numCerts, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+                                                                NULL, /* testDate, may be NULL */
+                                                                trustedPubKey,
+                                                                numCerts,
+                                                                &revChecker,
+                                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
+
+#ifdef debuggingWithoutRevocation
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+#endif
+
+    /* build cert chain using processing params and return buildResult */
+
+    pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                          (void **)&pollDesc,
+                                          &state,
+                                          &buildResult,
+                                          &verifyTree,
+                                          plContext);
+
+    while (pollDesc != NULL) {
+
+        if (PR_Poll(pollDesc, 1, 0) < 0) {
+            testError("PR_Poll failed");
+        }
+
+        pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                              (void **)&pollDesc,
+                                              &state,
+                                              &buildResult,
+                                              &verifyTree,
+                                              plContext);
+    }
+
+    if (pkixTestErrorResult) {
+        if (testValid == PKIX_FALSE) { /* EE */
+            (void)printf("EXPECTED ERROR RECEIVED!\n");
+        } else { /* ENE */
+            testError("UNEXPECTED ERROR RECEIVED");
+        }
+    } else {
+        if (testValid == PKIX_TRUE) { /* ENE */
+            (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+        } else { /* EE */
+            (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+        }
+    }
+
+    subTest("Displaying VerifyNode objects");
+
+    if (verifyTree == NULL) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, &verifyString, plContext));
+    } else {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+    }
+
+    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+
+    if (pkixTestErrorResult) {
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+        goto cleanup;
+    }
+
+    if (buildResult) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+        printf("\n");
+
+        for (i = 0; i < numCerts; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+                                                        i,
+                                                        (PKIX_PL_Object **)&cert,
+                                                        plContext));
+
+            asciiResult = PKIX_Cert2ASCII(cert);
+
+            printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+            /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+            asciiResult = NULL;
+
+            PKIX_TEST_DECREF_BC(cert);
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
+                                                        (PKIX_PL_Object *)expectedCerts,
+                                                        &result,
+                                                        plContext));
+
+        if (!result) {
+            testError("BUILT CERTCHAIN IS "
+                      "NOT THE ONE THAT WAS EXPECTED");
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
+                                                              &actualCertsString,
+                                                              plContext));
+
+            actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
+            if (actualCertsAscii == NULL) {
+                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+                goto cleanup;
+            }
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
+                                                              &expectedCertsString,
+                                                              plContext));
+
+            expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
+            if (expectedCertsAscii == NULL) {
+                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+                goto cleanup;
+            }
+
+            (void)printf("Actual value:\t%s\n", actualCertsAscii);
+            (void)printf("Expected value:\t%s\n",
+                         expectedCertsAscii);
+        }
+    }
+
+cleanup:
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+
+    PKIX_PL_Free(asciiResult, NULL);
+    PKIX_PL_Free(actualCertsAscii, plContext);
+    PKIX_PL_Free(expectedCertsAscii, plContext);
+
+    PKIX_TEST_DECREF_AC(state);
+    PKIX_TEST_DECREF_AC(actualCertsString);
+    PKIX_TEST_DECREF_AC(expectedCertsString);
+    PKIX_TEST_DECREF_AC(expectedCerts);
+    PKIX_TEST_DECREF_AC(buildResult);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certStores);
+    PKIX_TEST_DECREF_AC(revCheckers);
+    PKIX_TEST_DECREF_AC(revChecker);
+    PKIX_TEST_DECREF_AC(ldapCertStore);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(dirNameString);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(trustedCert);
+    PKIX_TEST_DECREF_AC(trustedPubKey);
+
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(targetCert);
+
+    PKIX_TEST_RETURN();
+
+    PKIX_Shutdown(plContext);
+
+    endTests("BuildChain");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c b/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c
new file mode 100644
index 0000000..4861a8e
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_buildchain_partialchain.c
@@ -0,0 +1,725 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_buildchain_partialchain.c
+ *
+ * Test BuildChain function
+ *
+ */
+
+#define debuggingWithoutRevocation
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define LDAP_PORT 389
+static PKIX_Boolean usebind = PKIX_FALSE;
+static PKIX_Boolean useLDAP = PKIX_FALSE;
+static char buf[PR_NETDB_BUF_SIZE];
+static char *serverName = NULL;
+static char *sepPtr = NULL;
+static PRNetAddr netAddr;
+static PRHostEnt hostent;
+static PKIX_UInt32 portNum = 0;
+static PRIntn hostenum = 0;
+static PRStatus prstatus = PR_FAILURE;
+static void *ipaddr = NULL;
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_buildchain [-arenas] [usebind] "
+                 "servername[:port] <testName> [ENE|EE]\n"
+                 "\t <certStoreDirectory> <targetCert>"
+                 " <intermediate Certs...> <trustedCert>\n\n");
+    (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
+                 "using the certs and CRLs in <certStoreDirectory>. "
+                 "servername[:port] gives\n"
+                 "the address of an LDAP server. If port is not"
+                 " specified, port 389 is used. \"-\" means no LDAP server.\n"
+                 "If ENE is specified, then an Error is Not Expected. "
+                 "EE indicates an Error is Expected.\n");
+}
+
+static PKIX_Error *
+createLdapCertStore(
+    char *hostname,
+    PRIntervalTime timeout,
+    PKIX_CertStore **pLdapCertStore,
+    void *plContext)
+{
+    PRIntn backlog = 0;
+
+    char *bindname = "";
+    char *auth = "";
+
+    LDAPBindAPI bindAPI;
+    LDAPBindAPI *bindPtr = NULL;
+    PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+    PKIX_CertStore *ldapCertStore = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (usebind) {
+        bindPtr = &bindAPI;
+        bindAPI.selector = SIMPLE_AUTH;
+        bindAPI.chooser.simple.bindName = bindname;
+        bindAPI.chooser.simple.authentication = auth;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient,
+                                                           &ldapCertStore,
+                                                           plContext));
+
+    *pLdapCertStore = ldapCertStore;
+cleanup:
+
+    PKIX_TEST_DECREF_AC(ldapClient);
+
+    PKIX_TEST_RETURN();
+
+    return (pkixTestErrorResult);
+}
+
+/* Test with all Certs in the partial list, no leaf */
+static PKIX_Error *
+testWithNoLeaf(
+    PKIX_PL_Cert *trustedCert,
+    PKIX_List *listOfCerts,
+    PKIX_PL_Cert *targetCert,
+    PKIX_List *certStores,
+    PKIX_Boolean testValid,
+    void *plContext)
+{
+    PKIX_UInt32 numCerts = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *hintCerts = NULL;
+    PKIX_List *revCheckers = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_PL_PublicKey *trustedPubKey = NULL;
+    PKIX_RevocationChecker *revChecker = NULL;
+    PKIX_BuildResult *buildResult = NULL;
+    PRPollDesc *pollDesc = NULL;
+    void *state = NULL;
+    char *asciiResult = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    /* create processing params with list of trust anchors */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with no target certificate in params */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    /* create hintCerts */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts,
+                                                       (PKIX_PL_Object **)&hintCerts,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+                                                                NULL, /* testDate, may be NULL */
+                                                                trustedPubKey,
+                                                                numCerts,
+                                                                &revChecker,
+                                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
+
+#ifdef debuggingWithoutRevocation
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+#endif
+
+    /* build cert chain using processing params and return buildResult */
+
+    pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                          (void **)&pollDesc,
+                                          &state,
+                                          &buildResult,
+                                          NULL,
+                                          plContext);
+
+    while (pollDesc != NULL) {
+
+        if (PR_Poll(pollDesc, 1, 0) < 0) {
+            testError("PR_Poll failed");
+        }
+
+        pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                              (void **)&pollDesc,
+                                              &state,
+                                              &buildResult,
+                                              NULL,
+                                              plContext);
+    }
+
+    if (pkixTestErrorResult) {
+        if (testValid == PKIX_FALSE) { /* EE */
+            (void)printf("EXPECTED ERROR RECEIVED!\n");
+        } else { /* ENE */
+            testError("UNEXPECTED ERROR RECEIVED");
+        }
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+        goto cleanup;
+    }
+
+    if (testValid == PKIX_TRUE) { /* ENE */
+        (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+    } else { /* EE */
+        (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+    }
+
+    if (buildResult) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+        printf("\n");
+
+        for (i = 0; i < numCerts; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+                                                        i,
+                                                        (PKIX_PL_Object **)&cert,
+                                                        plContext));
+
+            asciiResult = PKIX_Cert2ASCII(cert);
+
+            printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+            /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+            asciiResult = NULL;
+
+            PKIX_TEST_DECREF_BC(cert);
+        }
+    }
+
+cleanup:
+    PKIX_PL_Free(asciiResult, NULL);
+
+    PKIX_TEST_DECREF_AC(state);
+    PKIX_TEST_DECREF_AC(buildResult);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(revCheckers);
+    PKIX_TEST_DECREF_AC(revChecker);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(hintCerts);
+    PKIX_TEST_DECREF_AC(trustedPubKey);
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_RETURN();
+
+    return (pkixTestErrorResult);
+}
+
+/* Test with all Certs in the partial list, leaf duplicates the first one */
+static PKIX_Error *
+testWithDuplicateLeaf(
+    PKIX_PL_Cert *trustedCert,
+    PKIX_List *listOfCerts,
+    PKIX_PL_Cert *targetCert,
+    PKIX_List *certStores,
+    PKIX_Boolean testValid,
+    void *plContext)
+{
+    PKIX_UInt32 numCerts = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *hintCerts = NULL;
+    PKIX_List *revCheckers = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_PL_PublicKey *trustedPubKey = NULL;
+    PKIX_RevocationChecker *revChecker = NULL;
+    PKIX_BuildResult *buildResult = NULL;
+    PRPollDesc *pollDesc = NULL;
+    void *state = NULL;
+    char *asciiResult = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    /* create processing params with list of trust anchors */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with target certificate in params */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    /* create hintCerts */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts,
+                                                       (PKIX_PL_Object **)&hintCerts,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+                                                                NULL, /* testDate, may be NULL */
+                                                                trustedPubKey,
+                                                                numCerts,
+                                                                &revChecker,
+                                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
+
+#ifdef debuggingWithoutRevocation
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+#endif
+
+    /* build cert chain using processing params and return buildResult */
+
+    pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                          (void **)&pollDesc,
+                                          &state,
+                                          &buildResult,
+                                          NULL,
+                                          plContext);
+
+    while (pollDesc != NULL) {
+
+        if (PR_Poll(pollDesc, 1, 0) < 0) {
+            testError("PR_Poll failed");
+        }
+
+        pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                              (void **)&pollDesc,
+                                              &state,
+                                              &buildResult,
+                                              NULL,
+                                              plContext);
+    }
+
+    if (pkixTestErrorResult) {
+        if (testValid == PKIX_FALSE) { /* EE */
+            (void)printf("EXPECTED ERROR RECEIVED!\n");
+        } else { /* ENE */
+            testError("UNEXPECTED ERROR RECEIVED");
+        }
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+        goto cleanup;
+    }
+
+    if (testValid == PKIX_TRUE) { /* ENE */
+        (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+    } else { /* EE */
+        (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+    }
+
+    if (buildResult) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+        printf("\n");
+
+        for (i = 0; i < numCerts; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+                                                        i,
+                                                        (PKIX_PL_Object **)&cert,
+                                                        plContext));
+
+            asciiResult = PKIX_Cert2ASCII(cert);
+
+            printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+            /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+            asciiResult = NULL;
+
+            PKIX_TEST_DECREF_BC(cert);
+        }
+    }
+
+cleanup:
+    PKIX_PL_Free(asciiResult, NULL);
+
+    PKIX_TEST_DECREF_AC(state);
+    PKIX_TEST_DECREF_AC(buildResult);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(revCheckers);
+    PKIX_TEST_DECREF_AC(revChecker);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(hintCerts);
+    PKIX_TEST_DECREF_AC(trustedPubKey);
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_RETURN();
+
+    return (pkixTestErrorResult);
+}
+
+/* Test with all Certs except the leaf in the partial list */
+static PKIX_Error *
+testWithLeafAndChain(
+    PKIX_PL_Cert *trustedCert,
+    PKIX_List *listOfCerts,
+    PKIX_PL_Cert *targetCert,
+    PKIX_List *certStores,
+    PKIX_Boolean testValid,
+    void *plContext)
+{
+    PKIX_UInt32 numCerts = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *hintCerts = NULL;
+    PKIX_List *revCheckers = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_PL_PublicKey *trustedPubKey = NULL;
+    PKIX_RevocationChecker *revChecker = NULL;
+    PKIX_BuildResult *buildResult = NULL;
+    PRPollDesc *pollDesc = NULL;
+    void *state = NULL;
+    char *asciiResult = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    /* create processing params with list of trust anchors */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with target certificate in params */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    /* create hintCerts */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate((PKIX_PL_Object *)listOfCerts,
+                                                       (PKIX_PL_Object **)&hintCerts,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(hintCerts, 0, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetHintCerts(procParams, hintCerts, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(trustedCert, &trustedPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(listOfCerts, &numCerts, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_DefaultRevChecker_Initialize(certStores,
+                                                                NULL, /* testDate, may be NULL */
+                                                                trustedPubKey,
+                                                                numCerts,
+                                                                &revChecker,
+                                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
+
+#ifdef debuggingWithoutRevocation
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+#endif
+
+    /* build cert chain using processing params and return buildResult */
+
+    pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                          (void **)&pollDesc,
+                                          &state,
+                                          &buildResult,
+                                          NULL,
+                                          plContext);
+
+    while (pollDesc != NULL) {
+
+        if (PR_Poll(pollDesc, 1, 0) < 0) {
+            testError("PR_Poll failed");
+        }
+
+        pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                              (void **)&pollDesc,
+                                              &state,
+                                              &buildResult,
+                                              NULL,
+                                              plContext);
+    }
+
+    if (pkixTestErrorResult) {
+        if (testValid == PKIX_FALSE) { /* EE */
+            (void)printf("EXPECTED ERROR RECEIVED!\n");
+        } else { /* ENE */
+            testError("UNEXPECTED ERROR RECEIVED");
+        }
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+        goto cleanup;
+    }
+
+    if (testValid == PKIX_TRUE) { /* ENE */
+        (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+    } else { /* EE */
+        (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+    }
+
+    if (buildResult) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+        printf("\n");
+
+        for (i = 0; i < numCerts; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+                                                        i,
+                                                        (PKIX_PL_Object **)&cert,
+                                                        plContext));
+
+            asciiResult = PKIX_Cert2ASCII(cert);
+
+            printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+            /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+            asciiResult = NULL;
+
+            PKIX_TEST_DECREF_BC(cert);
+        }
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(state);
+    PKIX_TEST_DECREF_AC(buildResult);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(revCheckers);
+    PKIX_TEST_DECREF_AC(revChecker);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(hintCerts);
+    PKIX_TEST_DECREF_AC(trustedPubKey);
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+
+    PKIX_TEST_RETURN();
+
+    return (pkixTestErrorResult);
+}
+
+int
+test_buildchain_partialchain(int argc, char *argv[])
+{
+    PKIX_UInt32 actualMinorVersion = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 k = 0;
+    PKIX_Boolean ene = PKIX_TRUE; /* expect no error */
+    PKIX_List *listOfCerts = NULL;
+    PKIX_List *certStores = NULL;
+    PKIX_PL_Cert *dirCert = NULL;
+    PKIX_PL_Cert *trusted = NULL;
+    PKIX_PL_Cert *target = NULL;
+    PKIX_CertStore *ldapCertStore = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_PL_String *dirNameString = NULL;
+    char *dirName = NULL;
+
+    PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT; /* blocking */
+    /* PRIntervalTime timeout = PR_INTERVAL_NO_WAIT; =0 for non-blocking */
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("BuildChain");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /*
+         * arguments:
+         * [optional] -arenas
+         * [optional] usebind
+         *            servername or servername:port ( - for no server)
+         *            testname
+         *            EE or ENE
+         *            cert directory
+         *            target cert (end entity)
+         *            intermediate certs
+         *            trust anchor
+         */
+
+    /* optional argument "usebind" for Ldap CertStore */
+    if (argv[j + 1]) {
+        if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
+            usebind = PKIX_TRUE;
+            j++;
+        }
+    }
+
+    if (PORT_Strcmp(argv[++j], "-") == 0) {
+        useLDAP = PKIX_FALSE;
+    } else {
+        serverName = argv[j];
+        useLDAP = PKIX_TRUE;
+    }
+
+    subTest(argv[++j]);
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[++j], "ENE") == 0) {
+        ene = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[j], "EE") == 0) {
+        ene = PKIX_FALSE;
+    } else {
+        printUsage();
+        return (0);
+    }
+
+    dirName = argv[++j];
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&listOfCerts, plContext));
+
+    for (k = ++j; k < ((PKIX_UInt32)argc); k++) {
+
+        dirCert = createCert(dirName, argv[k], plContext);
+
+        if (k == ((PKIX_UInt32)(argc - 1))) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+            trusted = dirCert;
+        } else {
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(listOfCerts,
+                                                           (PKIX_PL_Object *)dirCert,
+                                                           plContext));
+
+            if (k == j) {
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+                target = dirCert;
+            }
+        }
+
+        PKIX_TEST_DECREF_BC(dirCert);
+    }
+
+    /* create CertStores */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, dirName, 0, &dirNameString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+
+    if (useLDAP == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
+                                                       (PKIX_PL_Object *)ldapCertStore,
+                                                       plContext));
+    } else {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+    }
+
+    subTest("testWithNoLeaf");
+    PKIX_TEST_EXPECT_NO_ERROR(testWithNoLeaf(trusted, listOfCerts, target, certStores, ene, plContext));
+
+    subTest("testWithDuplicateLeaf");
+    PKIX_TEST_EXPECT_NO_ERROR(testWithDuplicateLeaf(trusted, listOfCerts, target, certStores, ene, plContext));
+
+    subTest("testWithLeafAndChain");
+    PKIX_TEST_EXPECT_NO_ERROR(testWithLeafAndChain(trusted, listOfCerts, target, certStores, ene, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(listOfCerts);
+    PKIX_TEST_DECREF_AC(certStores);
+    PKIX_TEST_DECREF_AC(ldapCertStore);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(dirNameString);
+    PKIX_TEST_DECREF_AC(trusted);
+    PKIX_TEST_DECREF_AC(target);
+
+    PKIX_TEST_RETURN();
+
+    PKIX_Shutdown(plContext);
+
+    endTests("BuildChain");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c b/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c
new file mode 100644
index 0000000..1b28435
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_buildchain_resourcelimits.c
@@ -0,0 +1,438 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_buildchain_resourcelimits.c
+ *
+ * Test BuildChain function with constraints on resources
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TESTUSERCHECKER_TYPE (PKIX_NUMTYPES + 30)
+
+static void *plContext = NULL;
+static PKIX_Boolean usebind = PKIX_FALSE;
+static PKIX_Boolean useLDAP = PKIX_FALSE;
+static char buf[PR_NETDB_BUF_SIZE];
+static char *serverName = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_buildchain_resourcelimits [-arenas] "
+                 "[usebind] servername[:port]\\\n\t\t<testName> [ENE|EE]"
+                 " <certStoreDirectory>\\\n\t\t<targetCert>"
+                 " <intermediate Certs...> <trustedCert>\n\n");
+    (void)printf("Builds a chain of certificates from <targetCert> to <trustedCert>\n"
+                 "using the certs and CRLs in <certStoreDirectory>. "
+                 "servername[:port] gives\n"
+                 "the address of an LDAP server. If port is not"
+                 " specified, port 389 is used.\n\"-\" means no LDAP server.\n\n"
+                 "If ENE is specified, then an Error is Not Expected.\n"
+                 "EE indicates an Error is Expected.\n");
+}
+
+static PKIX_Error *
+createLdapCertStore(
+    char *hostname,
+    PRIntervalTime timeout,
+    PKIX_CertStore **pLdapCertStore,
+    void *plContext)
+{
+    PRIntn backlog = 0;
+
+    char *bindname = "";
+    char *auth = "";
+
+    LDAPBindAPI bindAPI;
+    LDAPBindAPI *bindPtr = NULL;
+    PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+    PKIX_CertStore *ldapCertStore = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (usebind) {
+        bindPtr = &bindAPI;
+        bindAPI.selector = SIMPLE_AUTH;
+        bindAPI.chooser.simple.bindName = bindname;
+        bindAPI.chooser.simple.authentication = auth;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient, &ldapCertStore, plContext));
+
+    *pLdapCertStore = ldapCertStore;
+cleanup:
+
+    PKIX_TEST_DECREF_AC(ldapClient);
+
+    PKIX_TEST_RETURN();
+
+    return (pkixTestErrorResult);
+}
+
+static void
+Test_BuildResult(
+    PKIX_ProcessingParams *procParams,
+    PKIX_Boolean testValid,
+    PKIX_List *expectedCerts,
+    void *plContext)
+{
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_PL_String *actualCertsString = NULL;
+    PKIX_PL_String *expectedCertsString = NULL;
+    PKIX_BuildResult *buildResult = NULL;
+    PKIX_Boolean result;
+    PKIX_Boolean supportForward = PKIX_FALSE;
+    PKIX_UInt32 numCerts, i;
+    char *asciiResult = NULL;
+    char *actualCertsAscii = NULL;
+    char *expectedCertsAscii = NULL;
+    void *state = NULL;
+    PRPollDesc *pollDesc = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                          (void **)&pollDesc,
+                                          &state,
+                                          &buildResult,
+                                          NULL,
+                                          plContext);
+
+    while (pollDesc != NULL) {
+
+        if (PR_Poll(pollDesc, 1, 0) < 0) {
+            testError("PR_Poll failed");
+        }
+
+        pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                              (void **)&pollDesc,
+                                              &state,
+                                              &buildResult,
+                                              NULL,
+                                              plContext);
+    }
+
+    if (pkixTestErrorResult) {
+        if (testValid == PKIX_FALSE) { /* EE */
+            (void)printf("EXPECTED ERROR RECEIVED!\n");
+        } else { /* ENE */
+            testError("UNEXPECTED ERROR RECEIVED!\n");
+        }
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+        goto cleanup;
+    }
+
+    if (testValid == PKIX_TRUE) { /* ENE */
+        (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+    } else { /* EE */
+        testError("UNEXPECTED NON-ERROR RECEIVED!\n");
+    }
+
+    if (buildResult) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+        printf("\n");
+
+        for (i = 0; i < numCerts; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+                                                        i,
+                                                        (PKIX_PL_Object **)&cert,
+                                                        plContext));
+
+            asciiResult = PKIX_Cert2ASCII(cert);
+
+            printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+            /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+            asciiResult = NULL;
+
+            PKIX_TEST_DECREF_BC(cert);
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
+                                                        (PKIX_PL_Object *)expectedCerts,
+                                                        &result,
+                                                        plContext));
+
+        if (!result) {
+            testError("BUILT CERTCHAIN IS "
+                      "NOT THE ONE THAT WAS EXPECTED");
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
+                                                              &actualCertsString,
+                                                              plContext));
+
+            actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
+            if (actualCertsAscii == NULL) {
+                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+                goto cleanup;
+            }
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
+                                                              &expectedCertsString,
+                                                              plContext));
+
+            expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
+            if (expectedCertsAscii == NULL) {
+                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+                goto cleanup;
+            }
+
+            (void)printf("Actual value:\t%s\n", actualCertsAscii);
+            (void)printf("Expected value:\t%s\n",
+                         expectedCertsAscii);
+        }
+    }
+
+cleanup:
+
+    PKIX_PL_Free(asciiResult, NULL);
+    PKIX_PL_Free(actualCertsAscii, plContext);
+    PKIX_PL_Free(expectedCertsAscii, plContext);
+    PKIX_TEST_DECREF_AC(state);
+    PKIX_TEST_DECREF_AC(buildResult);
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(actualCertsString);
+    PKIX_TEST_DECREF_AC(expectedCertsString);
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_buildchain_resourcelimits(int argc, char *argv[])
+{
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_CertChainChecker *checker = NULL;
+    PKIX_ResourceLimits *resourceLimits = NULL;
+    char *dirName = NULL;
+    PKIX_PL_String *dirNameString = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_PL_Cert *targetCert = NULL;
+    PKIX_PL_Cert *dirCert = NULL;
+    PKIX_UInt32 actualMinorVersion = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 k = 0;
+    PKIX_CertStore *ldapCertStore = NULL;
+    PRIntervalTime timeout = 0; /* 0 for non-blocking */
+    PKIX_CertStore *certStore = NULL;
+    PKIX_List *certStores = NULL;
+    PKIX_List *expectedCerts = NULL;
+    PKIX_Boolean testValid = PKIX_FALSE;
+    PKIX_Boolean usebind = PKIX_FALSE;
+    PKIX_Boolean useLDAP = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("BuildChain_ResourceLimits");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /*
+         * arguments:
+         * [optional] -arenas
+         * [optional] usebind
+         *            servername or servername:port ( - for no server)
+         *            testname
+         *            EE or ENE
+         *            cert directory
+         *            target cert (end entity)
+         *            intermediate certs
+         *            trust anchor
+         */
+
+    /* optional argument "usebind" for Ldap CertStore */
+    if (argv[j + 1]) {
+        if (PORT_Strcmp(argv[j + 1], "usebind") == 0) {
+            usebind = PKIX_TRUE;
+            j++;
+        }
+    }
+
+    if (PORT_Strcmp(argv[++j], "-") == 0) {
+        useLDAP = PKIX_FALSE;
+    } else {
+        serverName = argv[j];
+    }
+
+    subTest(argv[++j]);
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[++j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage();
+        return (0);
+    }
+
+    dirName = argv[++j];
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
+
+    for (k = ++j; k < argc; k++) {
+
+        dirCert = createCert(dirName, argv[k], plContext);
+
+        if (k == (argc - 1)) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+            trustedCert = dirCert;
+        } else {
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
+                                                           (PKIX_PL_Object *)dirCert,
+                                                           plContext));
+
+            if (k == j) {
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+                targetCert = dirCert;
+            }
+        }
+
+        PKIX_TEST_DECREF_BC(dirCert);
+    }
+
+    /* create processing params with list of trust anchors */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with target certificate in params */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    /* create CertStores */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    dirName,
+                                                    0,
+                                                    &dirNameString,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
+
+#if 0
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
+                                    (&certStore, plContext));
+#endif
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+
+    if (useLDAP == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(createLdapCertStore(serverName, timeout, &ldapCertStore, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores,
+                                                       (PKIX_PL_Object *)ldapCertStore,
+                                                       plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+    /* set resource limits */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_Create(&resourceLimits, plContext));
+
+    /* need longer time when running dbx for memory leak checking */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 60, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetResourceLimits(procParams, resourceLimits, plContext));
+
+    /* build cert chain using processing params and return buildResult */
+
+    subTest("Testing ResourceLimits MaxFanout & MaxDepth - <pass>");
+    Test_BuildResult(procParams,
+                     testValid,
+                     expectedCerts,
+                     plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 1, plContext));
+
+    subTest("Testing ResourceLimits MaxFanout - <fail>");
+    Test_BuildResult(procParams,
+                     PKIX_FALSE,
+                     expectedCerts,
+                     plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 2, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 1, plContext));
+
+    subTest("Testing ResourceLimits MaxDepth - <fail>");
+    Test_BuildResult(procParams,
+                     PKIX_FALSE,
+                     expectedCerts,
+                     plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxFanout(resourceLimits, 0, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxDepth(resourceLimits, 0, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ResourceLimits_SetMaxTime(resourceLimits, 0, plContext));
+
+    subTest("Testing ResourceLimits No checking - <pass>");
+    Test_BuildResult(procParams,
+                     testValid,
+                     expectedCerts,
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(expectedCerts);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certStores);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(ldapCertStore);
+    PKIX_TEST_DECREF_AC(dirNameString);
+    PKIX_TEST_DECREF_AC(trustedCert);
+    PKIX_TEST_DECREF_AC(targetCert);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(checker);
+    PKIX_TEST_DECREF_AC(resourceLimits);
+
+    PKIX_TEST_RETURN();
+
+    PKIX_Shutdown(plContext);
+
+    endTests("BuildChain_UserChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c b/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c
new file mode 100644
index 0000000..43f06ec
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_buildchain_uchecker.c
@@ -0,0 +1,327 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_buildchain_uchecker.c
+ *
+ * Test BuildChain User Checker function
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+static PKIX_UInt32 numUserCheckerCalled = 0;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_buildchain_uchecker [ENE|EE] "
+                 "[-|[F]<userOID>] "
+                 "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
+    (void)printf("Builds a chain of certificates between "
+                 "<trustedCert> and <targetCert>\n"
+                 "using the certs and CRLs in <certStoreDirectory>.\n"
+                 "If <userOID> is not an empty string, its value is used as\n"
+                 "user defined checker's critical extension OID.\n"
+                 "A - for <userOID> is no OID and F is for supportingForward.\n"
+                 "If ENE is specified, then an Error is Not Expected.\n"
+                 "If EE is specified, an Error is Expected.\n");
+}
+
+static PKIX_Error *
+testUserChecker(
+    PKIX_CertChainChecker *checker,
+    PKIX_PL_Cert *cert,
+    PKIX_List *unresExtOIDs,
+    void **pNBIOContext,
+    void *plContext)
+{
+    numUserCheckerCalled++;
+    return (0);
+}
+
+int
+test_buildchain_uchecker(int argc, char *argv[])
+{
+    PKIX_BuildResult *buildResult = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_CertChainChecker *checker = NULL;
+    char *dirName = NULL;
+    PKIX_PL_String *dirNameString = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_PL_Cert *targetCert = NULL;
+    PKIX_UInt32 numCerts = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 k = 0;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_List *certStores = NULL;
+    char *asciiResult = NULL;
+    PKIX_Boolean result;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    PKIX_Boolean supportForward = PKIX_FALSE;
+    PKIX_List *expectedCerts = NULL;
+    PKIX_List *userOIDs = NULL;
+    PKIX_PL_OID *oid = NULL;
+    PKIX_PL_Cert *dirCert = NULL;
+    PKIX_PL_String *actualCertsString = NULL;
+    PKIX_PL_String *expectedCertsString = NULL;
+    char *actualCertsAscii = NULL;
+    char *expectedCertsAscii = NULL;
+    char *oidString = NULL;
+    void *buildState = NULL;  /* needed by pkix_build for non-blocking I/O */
+    void *nbioContext = NULL; /* needed by pkix_build for non-blocking I/O */
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("BuildChain_UserChecker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage();
+        return (0);
+    }
+
+    /* OID specified at argv[3+j] */
+
+    if (*argv[3 + j] != '-') {
+
+        if (*argv[3 + j] == 'F') {
+            supportForward = PKIX_TRUE;
+            oidString = argv[3 + j] + 1;
+        } else {
+            oidString = argv[3 + j];
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&userOIDs, plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidString, &oid, plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(userOIDs, (PKIX_PL_Object *)oid, plContext));
+        PKIX_TEST_DECREF_BC(oid);
+    }
+
+    subTest(argv[1 + j]);
+
+    dirName = argv[4 + j];
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&expectedCerts, plContext));
+
+    chainLength = argc - j - 5;
+
+    for (k = 0; k < chainLength; k++) {
+
+        dirCert = createCert(dirName, argv[5 + k + j], plContext);
+
+        if (k == (chainLength - 1)) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+            trustedCert = dirCert;
+        } else {
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(expectedCerts,
+                                                           (PKIX_PL_Object *)dirCert,
+                                                           plContext));
+
+            if (k == 0) {
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert,
+                                                                plContext));
+                targetCert = dirCert;
+            }
+        }
+
+        PKIX_TEST_DECREF_BC(dirCert);
+    }
+
+    /* create processing params with list of trust anchors */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with target certificate in params */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertChainChecker_Create(testUserChecker,
+                                                           supportForward,
+                                                           PKIX_FALSE,
+                                                           userOIDs,
+                                                           NULL,
+                                                           &checker,
+                                                           plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertChainChecker(procParams, checker, plContext));
+
+    /* create CertStores */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    dirName,
+                                                    0,
+                                                    &dirNameString,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirNameString, &certStore, plContext));
+
+#if 0
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create
+                                    (&certStore, plContext));
+#endif
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+    /* build cert chain using processing params and return buildResult */
+
+    pkixTestErrorResult = PKIX_BuildChain(procParams,
+                                          &nbioContext,
+                                          &buildState,
+                                          &buildResult,
+                                          NULL,
+                                          plContext);
+
+    if (testValid == PKIX_TRUE) { /* ENE */
+        if (pkixTestErrorResult) {
+            (void)printf("UNEXPECTED RESULT RECEIVED!\n");
+        } else {
+            (void)printf("EXPECTED RESULT RECEIVED!\n");
+            PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+        }
+    } else { /* EE */
+        if (pkixTestErrorResult) {
+            (void)printf("EXPECTED RESULT RECEIVED!\n");
+            PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+        } else {
+            testError("UNEXPECTED RESULT RECEIVED");
+        }
+    }
+
+    if (buildResult) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, NULL));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+        printf("\n");
+
+        for (i = 0; i < numCerts; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+                                                        i,
+                                                        (PKIX_PL_Object **)&cert,
+                                                        plContext));
+
+            asciiResult = PKIX_Cert2ASCII(cert);
+
+            printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
+            asciiResult = NULL;
+
+            PKIX_TEST_DECREF_BC(cert);
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)certs,
+                                                        (PKIX_PL_Object *)expectedCerts,
+                                                        &result,
+                                                        plContext));
+
+        if (!result) {
+            testError("BUILT CERTCHAIN IS "
+                      "NOT THE ONE THAT WAS EXPECTED");
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)certs,
+                                                              &actualCertsString,
+                                                              plContext));
+
+            actualCertsAscii = PKIX_String2ASCII(actualCertsString, plContext);
+            if (actualCertsAscii == NULL) {
+                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+                goto cleanup;
+            }
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)expectedCerts,
+                                                              &expectedCertsString,
+                                                              plContext));
+
+            expectedCertsAscii = PKIX_String2ASCII(expectedCertsString, plContext);
+            if (expectedCertsAscii == NULL) {
+                pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+                goto cleanup;
+            }
+
+            (void)printf("Actual value:\t%s\n", actualCertsAscii);
+            (void)printf("Expected value:\t%s\n",
+                         expectedCertsAscii);
+
+            if (chainLength - 1 != numUserCheckerCalled) {
+                pkixTestErrorMsg =
+                    "PKIX user defined checker not called";
+            }
+
+            goto cleanup;
+        }
+    }
+
+cleanup:
+    PKIX_PL_Free(asciiResult, plContext);
+    PKIX_PL_Free(actualCertsAscii, plContext);
+    PKIX_PL_Free(expectedCertsAscii, plContext);
+
+    PKIX_TEST_DECREF_AC(actualCertsString);
+    PKIX_TEST_DECREF_AC(expectedCertsString);
+    PKIX_TEST_DECREF_AC(expectedCerts);
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(certStores);
+    PKIX_TEST_DECREF_AC(dirNameString);
+    PKIX_TEST_DECREF_AC(trustedCert);
+    PKIX_TEST_DECREF_AC(targetCert);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(buildResult);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(userOIDs);
+    PKIX_TEST_DECREF_AC(checker);
+
+    PKIX_TEST_RETURN();
+
+    PKIX_Shutdown(plContext);
+
+    endTests("BuildChain_UserChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c b/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c
new file mode 100644
index 0000000..d2c667a
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_customcrlchecker.c
@@ -0,0 +1,435 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_customcrlchecker.c
+ *
+ * Test Custom CRL Checking
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_MAX_CERTS 10
+#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 5
+
+static void *plContext = NULL;
+char *dirName = NULL; /* also used in callback */
+
+static void
+printUsage1(char *pName)
+{
+    printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
+    printf("cert [certs].\n");
+}
+
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+           numCerts, PKIX_TEST_MAX_CERTS);
+}
+
+static PKIX_Error *
+getCRLCallback(
+    PKIX_CertStore *store,
+    PKIX_CRLSelector *crlSelector,
+    void **pNBIOContext,
+    PKIX_List **pCrlList,
+    void *plContext)
+{
+    char *crlFileNames[] = { "chem.crl",
+                             "phys.crl",
+                             "prof.crl",
+                             "sci.crl",
+                             "test.crl",
+                             0 };
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_List *crlList = NULL;
+    PKIX_UInt32 i = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&crlList, plContext));
+
+    while (crlFileNames[i]) {
+
+        crl = createCRL(dirName, crlFileNames[i++], plContext);
+
+        if (crl != NULL) {
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(crlList, (PKIX_PL_Object *)crl, plContext));
+
+            PKIX_TEST_DECREF_BC(crl);
+        }
+    }
+
+    *pCrlList = crlList;
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (0); /* this function is called by libpkix */
+}
+
+static PKIX_Error *
+getCRLContinue(
+    PKIX_CertStore *store,
+    PKIX_CRLSelector *crlSelector,
+    void **pNBIOContext,
+    PKIX_List **pCrlList,
+    void *plContext)
+{
+    return (NULL);
+}
+
+static PKIX_Error *
+getCertCallback(
+    PKIX_CertStore *store,
+    PKIX_CertSelector *certSelector,
+    void **pNBIOContext,
+    PKIX_List **pCerts,
+    void *plContext)
+{
+    return (NULL);
+}
+
+static PKIX_Error *
+getCertContinue(
+    PKIX_CertStore *store,
+    PKIX_CertSelector *certSelector,
+    void **pNBIOContext,
+    PKIX_List **pCerts,
+    void *plContext)
+{
+    return (NULL);
+}
+
+static PKIX_Error *
+testCRLSelectorMatchCallback(
+    PKIX_CRLSelector *selector,
+    PKIX_PL_CRL *crl,
+    void *plContext)
+{
+    PKIX_ComCRLSelParams *comCrlSelParams = NULL;
+    PKIX_List *issuerList = NULL;
+    PKIX_PL_X500Name *issuer = NULL;
+    PKIX_PL_X500Name *crlIssuer = NULL;
+    PKIX_UInt32 numIssuers = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_Boolean result = PKIX_FALSE;
+    PKIX_Error *error = NULL;
+    char *errorText = "Not an error, CRL Select mismatch";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Custom_Selector_MatchCallback");
+
+    if (selector != NULL) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_GetCommonCRLSelectorParams(selector, &comCrlSelParams, plContext));
+    }
+
+    if (crl != NULL) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext));
+    }
+
+    if (comCrlSelParams != NULL) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_GetIssuerNames(comCrlSelParams, &issuerList, plContext));
+    }
+
+    if (issuerList != NULL) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(issuerList, &numIssuers, plContext));
+
+        for (i = 0; i < numIssuers; i++) {
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(issuerList,
+                                                        i, (PKIX_PL_Object **)&issuer,
+                                                        plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)crlIssuer,
+                                                            (PKIX_PL_Object *)issuer,
+                                                            &result,
+                                                            plContext));
+
+            if (result != PKIX_TRUE) {
+                break;
+            }
+
+            if (i == numIssuers - 1) {
+
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(0,
+                                                            NULL,
+                                                            NULL,
+                                                            PKIX_TESTNOTANERRORCRLSELECTMISMATCH,
+                                                            &error,
+                                                            plContext));
+
+                PKIX_TEST_DECREF_AC(issuer);
+                issuer = NULL;
+                break;
+            }
+
+            PKIX_TEST_DECREF_AC(issuer);
+        }
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(comCrlSelParams);
+    PKIX_TEST_DECREF_AC(crlIssuer);
+    PKIX_TEST_DECREF_AC(issuer);
+    PKIX_TEST_DECREF_AC(issuerList);
+
+    PKIX_TEST_RETURN();
+
+    return (error);
+}
+
+static PKIX_Error *
+testAddIssuerName(PKIX_ComCRLSelParams *comCrlSelParams, char *issuerName)
+{
+    PKIX_PL_String *issuerString = NULL;
+    PKIX_PL_X500Name *issuer = NULL;
+    PKIX_UInt32 length = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ComCRLSelParams_AddIssuerName");
+
+    length = PL_strlen(issuerName);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF8,
+                                                    issuerName,
+                                                    length,
+                                                    &issuerString,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(issuerString,
+                                                      &issuer,
+                                                      plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuer, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(issuerString);
+    PKIX_TEST_DECREF_AC(issuer);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+static PKIX_Error *
+testCustomCertStore(PKIX_ValidateParams *valParams)
+{
+    PKIX_CertStore_CRLCallback crlCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    char *issuerName1 = "cn=science,o=mit,c=us";
+    char *issuerName2 = "cn=physics,o=mit,c=us";
+    char *issuerName3 = "cn=prof noall,o=mit,c=us";
+    char *issuerName4 = "cn=testing CRL,o=test,c=us";
+    PKIX_ComCRLSelParams *comCrlSelParams = NULL;
+    PKIX_CRLSelector *crlSelector = NULL;
+    PKIX_List *crlList = NULL;
+    PKIX_UInt32 numCrl = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CollectionCertStore_Create");
+
+    /* Create CRLSelector, link in CollectionCertStore */
+
+    subTest("PKIX_ComCRLSelParams_AddIssuerNames");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext));
+
+    testAddIssuerName(comCrlSelParams, issuerName1);
+    testAddIssuerName(comCrlSelParams, issuerName2);
+    testAddIssuerName(comCrlSelParams, issuerName3);
+    testAddIssuerName(comCrlSelParams, issuerName4);
+
+    subTest("PKIX_CRLSelector_SetCommonCRLSelectorParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback,
+                                                      NULL,
+                                                      &crlSelector,
+                                                      plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector, comCrlSelParams, plContext));
+
+    /* Create CertStore, link in CRLSelector */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    subTest("PKIX_CertStore_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_Create(getCertCallback,
+                                                    getCRLCallback,
+                                                    getCertContinue,
+                                                    getCRLContinue,
+                                                    NULL,                          /* trustCallback */
+                                                    (PKIX_PL_Object *)crlSelector, /* fake */
+                                                    PKIX_FALSE,                    /* cacheFlag */
+                                                    PKIX_TRUE,                     /* localFlag */
+                                                    &certStore,
+                                                    plContext));
+
+    subTest("PKIX_ProcessingParams_AddCertStore");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
+
+    subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
+
+    subTest("PKIX_CertStore_GetCRLCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore,
+                                                            &crlCallback,
+                                                            NULL));
+
+    subTest("Getting CRL by CRL Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore,
+                                          crlSelector,
+                                          &nbioContext,
+                                          &crlList,
+                                          plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList,
+                                                  &numCrl,
+                                                  plContext));
+
+    if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
+        pkixTestErrorMsg = "unexpected CRL number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(crlList);
+    PKIX_TEST_DECREF_AC(comCrlSelParams);
+    PKIX_TEST_DECREF_AC(crlSelector);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+/*
+ * Validate Certificate Chain with Certificate Revocation List
+ *      Certificate Chain is built based on input certs' sequence.
+ *      CRL is fetched from the directory specified in CollectionCertStore.
+ *      while CollectionCertStore is linked in CertStore Object which then
+ *      linked in ProcessParam. During validation, CRLChecker will invoke
+ *      the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL)
+ *      to get CRL data for revocation check.
+ *      This test set criteria in CRLSelector which is linked in
+ *      CommonCRLSelectorParam. When CRL data is fetched into cache for
+ *      revocation check, CRL's are filtered based on the criteria set.
+ */
+
+int
+test_customcrlchecker(int argc, char *argv[])
+{
+
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    char *certNames[PKIX_TEST_MAX_CERTS];
+    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    char *anchorName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    startTests("CRL Checker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    chainLength = (argc - j) - 5;
+    if (chainLength > PKIX_TEST_MAX_CERTS) {
+        printUsageMax(chainLength);
+    }
+
+    for (i = 0; i < chainLength; i++) {
+
+        certNames[i] = argv[(5 + j) + i];
+        certs[i] = NULL;
+    }
+
+    dirName = argv[3 + j];
+
+    subTest(argv[1 + j]);
+
+    subTest("Custom-CRL-Checker - Create Cert Chain");
+
+    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+    subTest("Custom-CRL-Checker - Create Params");
+
+    anchorName = argv[4 + j];
+
+    valParams = createValidateParams(dirName,
+                                     anchorName,
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    subTest("Custom-CRL-Checker - Set Processing Params for CertStore");
+
+    testCustomCertStore(valParams);
+
+    subTest("Custom-CRL-Checker - Validate Chain");
+
+    if (testValid == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    } else {
+        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CRL Checker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c b/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c
new file mode 100644
index 0000000..3ce4513
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_defaultcrlchecker2stores.c
@@ -0,0 +1,230 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_defaultcrlchecker2stores.c
+ *
+ * Test Default CRL with multiple CertStore Checking
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_MAX_CERTS 10
+
+static void *plContext = NULL;
+
+static void
+printUsage1(char *pName)
+{
+    printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
+    printf("crl-directory cert [certs].\n");
+}
+
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+           numCerts, PKIX_TEST_MAX_CERTS);
+}
+
+static PKIX_Error *
+getCertCallback(
+    PKIX_CertStore *store,
+    PKIX_CertSelector *certSelector,
+    PKIX_List **pCerts,
+    void *plContext)
+{
+    return (NULL);
+}
+
+static PKIX_Error *
+testDefaultMultipleCertStores(PKIX_ValidateParams *valParams,
+                              char *crlDir1,
+                              char *crlDir2)
+{
+    PKIX_PL_String *dirString1 = NULL;
+    PKIX_PL_String *dirString2 = NULL;
+    PKIX_CertStore *certStore1 = NULL;
+    PKIX_CertStore *certStore2 = NULL;
+    PKIX_List *certStoreList = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CollectionCertStore_Create");
+
+    /* Create CollectionCertStore */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    crlDir1,
+                                                    0,
+                                                    &dirString1,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString1,
+                                                                 &certStore1,
+                                                                 plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    crlDir2,
+                                                    0,
+                                                    &dirString2,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString2,
+                                                                 &certStore2,
+                                                                 plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    /* Add multiple CollectionCertStores */
+
+    subTest("PKIX_ProcessingParams_SetCertStores");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStoreList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStoreList, (PKIX_PL_Object *)certStore1, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStoreList, plContext));
+
+    subTest("PKIX_ProcessingParams_AddCertStore");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore2, plContext));
+
+    subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dirString1);
+    PKIX_TEST_DECREF_AC(dirString2);
+    PKIX_TEST_DECREF_AC(certStore1);
+    PKIX_TEST_DECREF_AC(certStore2);
+    PKIX_TEST_DECREF_AC(certStoreList);
+    PKIX_TEST_DECREF_AC(procParams);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+/*
+ * Validate Certificate Chain with Certificate Revocation List
+ *      Certificate Chain is build based on input certs' sequence.
+ *      CRL is fetched from the directory specified in CollectionCertStore.
+ *      while CollectionCertStore is linked in CertStore Object which then
+ *      linked in ProcessParam. During validation, CRLChecker will invoke
+ *      the crlCallback (this test uses PKIX_PL_CollectionCertStore_GetCRL)
+ *      to get CRL data for revocation check.
+ *      This test gets CRL's from two CertStores, each has a valid CRL
+ *      required for revocation check to pass.
+ */
+
+int
+test_defaultcrlchecker2stores(int argc, char *argv[])
+{
+
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    char *certNames[PKIX_TEST_MAX_CERTS];
+    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    char *dirName = NULL;
+    char *anchorName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 6) {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    startTests("CRL Checker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    chainLength = (argc - j) - 7;
+    if (chainLength > PKIX_TEST_MAX_CERTS) {
+        printUsageMax(chainLength);
+    }
+
+    for (i = 0; i < chainLength; i++) {
+
+        certNames[i] = argv[(7 + j) + i];
+        certs[i] = NULL;
+    }
+
+    subTest(argv[1 + j]);
+
+    subTest("Default-CRL-Checker");
+
+    subTest("Default-CRL-Checker - Create Cert Chain");
+
+    dirName = argv[3 + j];
+
+    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+    subTest("Default-CRL-Checker - Create Params");
+
+    anchorName = argv[6 + j];
+
+    valParams = createValidateParams(dirName,
+                                     anchorName,
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    subTest("Multiple-CertStores");
+
+    testDefaultMultipleCertStores(valParams, argv[4 + j], argv[5 + j]);
+
+    subTest("Default-CRL-Checker - Validate Chain");
+
+    if (testValid == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    } else {
+        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(chain);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CRL Checker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_ocsp.c b/nss/cmd/libpkix/pkix/top/test_ocsp.c
new file mode 100644
index 0000000..e97e570
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_ocsp.c
@@ -0,0 +1,288 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_ocspchecker.c
+ *
+ * Test OcspChecker function
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\nOcspChecker -d <certStoreDirectory> TestName "
+                 "[ENE|EE] <certLocationDirectory> <trustedCert> "
+                 "<targetCert>\n\n");
+    (void)printf("Validates a chain of certificates between "
+                 "<trustedCert> and <targetCert>\n"
+                 "using the certs and CRLs in <certLocationDirectory> and "
+                 "pkcs11 db from <certStoreDirectory>. "
+                 "If ENE is specified,\n"
+                 "then an Error is Not Expected. "
+                 "If EE is specified, an Error is Expected.\n");
+}
+
+static char *
+createFullPathName(
+    char *dirName,
+    char *certFile,
+    void *plContext)
+{
+    PKIX_UInt32 certFileLen;
+    PKIX_UInt32 dirNameLen;
+    char *certPathName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certFileLen = PL_strlen(certFile);
+    dirNameLen = PL_strlen(dirName);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen +
+                                                 certFileLen +
+                                                 2,
+                                             (void **)&certPathName,
+                                             plContext));
+
+    PL_strcpy(certPathName, dirName);
+    PL_strcat(certPathName, "/");
+    PL_strcat(certPathName, certFile);
+    printf("certPathName = %s\n", certPathName);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (certPathName);
+}
+
+static PKIX_Error *
+testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
+{
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_PL_Date *validity = NULL;
+    PKIX_List *revCheckers = NULL;
+    PKIX_RevocationChecker *revChecker = NULL;
+    PKIX_PL_Object *revCheckerContext = NULL;
+    PKIX_OcspChecker *ocspChecker = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CollectionCertStoreContext_Create");
+
+    /* Create CollectionCertStore */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
+
+    /* Create CertStore */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    subTest("PKIX_ProcessingParams_AddCertStore");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
+
+    subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+
+    /* create current Date */
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+    /* create revChecker */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity,
+                                                          NULL, /* pwArg */
+                                                          NULL, /* Use default responder */
+                                                          &revChecker,
+                                                          plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_RevocationChecker_GetRevCheckerContext(revChecker, &revCheckerContext, plContext));
+
+    /* Check that this object is a ocsp checker */
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_CheckType(revCheckerContext, PKIX_OCSPCHECKER_TYPE, plContext));
+
+    ocspChecker = (PKIX_OcspChecker *)revCheckerContext;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_SetVerifyFcn(ocspChecker,
+                                                            PKIX_PL_OcspResponse_UseBuildChain,
+                                                            plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)revChecker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(revCheckers);
+    PKIX_TEST_DECREF_AC(revChecker);
+    PKIX_TEST_DECREF_AC(ocspChecker);
+    PKIX_TEST_DECREF_AC(validity);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+int
+test_ocsp(int argc, char *argv[])
+{
+
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 k = 0;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    PKIX_List *chainCerts = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+    PKIX_PL_Cert *dirCert = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_PL_Cert *targetCert = NULL;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    char *dirCertName = NULL;
+    char *anchorCertName = NULL;
+    char *dirName = NULL;
+    char *databaseDir = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("OcspChecker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage();
+        return (0);
+    }
+
+    subTest(argv[1 + j]);
+
+    dirName = argv[3 + j];
+
+    chainLength = argc - j - 5;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
+
+    for (k = 0; k < chainLength; k++) {
+
+        dirCert = createCert(dirName, argv[5 + k + j], plContext);
+
+        if (k == 0) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)dirCert, plContext));
+            targetCert = dirCert;
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+
+        PKIX_TEST_DECREF_BC(dirCert);
+    }
+
+    /* create processing params with list of trust anchors */
+
+    anchorCertName = argv[4 + j];
+    trustedCert = createCert(dirName, anchorCertName, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with target certificate in params */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chainCerts, &valParams, plContext));
+
+    testDefaultCertStore(valParams, dirName);
+
+    pkixTestErrorResult = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext);
+
+    if (pkixTestErrorResult) {
+        if (testValid == PKIX_FALSE) { /* EE */
+            (void)printf("EXPECTED ERROR RECEIVED!\n");
+        } else { /* ENE */
+            testError("UNEXPECTED ERROR RECEIVED");
+        }
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+    } else {
+        if (testValid == PKIX_TRUE) { /* ENE */
+            (void)printf("EXPECTED SUCCESSFUL VALIDATION!\n");
+        } else { /* EE */
+            (void)printf("UNEXPECTED SUCCESSFUL VALIDATION!\n");
+        }
+    }
+
+    subTest("Displaying VerifyTree");
+
+    if (verifyTree == NULL) {
+        (void)printf("VerifyTree is NULL\n");
+    } else {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+        (void)printf("verifyTree is\n%s\n",
+                     verifyString->escAsciiString);
+        PKIX_TEST_DECREF_BC(verifyString);
+        PKIX_TEST_DECREF_BC(verifyTree);
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(chainCerts);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(trustedCert);
+    PKIX_TEST_DECREF_AC(targetCert);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("OcspChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_policychecker.c b/nss/cmd/libpkix/pkix/top/test_policychecker.c
new file mode 100644
index 0000000..1318f13
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_policychecker.c
@@ -0,0 +1,535 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_policychecker.c
+ *
+ * Test Policy Checking
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_MAX_CERTS 10
+
+static void *plContext = NULL;
+
+static void
+printUsage(char *testname)
+{
+    char *fmt =
+        "USAGE: %s testname"
+        " [ENE|EE] \"{OID[:OID]*}\" [A|E|P] cert [cert]*\n"
+        "(The quotes are needed around the OID argument for dbx.)\n"
+        "(The optional arg A indicates initialAnyPolicyInhibit.)\n"
+        "(The optional arg E indicates initialExplicitPolicy.)\n"
+        "(The optional arg P indicates initialPolicyMappingInhibit.)\n";
+    printf(fmt, testname);
+}
+
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+           numCerts, PKIX_TEST_MAX_CERTS);
+}
+
+static PKIX_List *
+policySetParse(char *policyString)
+{
+    char *p = NULL;
+    char *oid = NULL;
+    char c = '\0';
+    PKIX_Boolean validString = PKIX_FALSE;
+    PKIX_PL_OID *plOID = NULL;
+    PKIX_List *policySet = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    p = policyString;
+
+    /*
+         * There may or may not be quotes around the initial-policy-set
+         * string. If they are omitted, dbx will strip off the curly braces.
+         * If they are included, dbx will strip off the quotes, but if you
+         * are running directly from a script, without dbx, the quotes will
+         * not be stripped. We need to be able to handle both cases.
+         */
+    if (*p == '"') {
+        p++;
+    }
+
+    if ('{' != *p++) {
+        return (NULL);
+    }
+    oid = p;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&policySet, plContext));
+
+    /* scan to the end of policyString */
+    while (!validString) {
+        /* scan to the end of the current OID string */
+        c = *oid;
+        while ((c != '\0') && (c != ':') && (c != '}')) {
+            c = *++oid;
+        }
+
+        if ((c != ':') || (c != '}')) {
+            *oid = '\0'; /* store a null terminator */
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(p, &plOID, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(policySet,
+                                                           (PKIX_PL_Object *)plOID,
+                                                           plContext));
+
+            PKIX_TEST_DECREF_BC(plOID);
+            plOID = NULL;
+            if (c == '}') {
+                /*
+                                * Any exit but this one means
+                                * we were given a badly-formed string.
+                                */
+                validString = PKIX_TRUE;
+            }
+            p = ++oid;
+        }
+    }
+
+cleanup:
+    if (!validString) {
+        PKIX_TEST_DECREF_AC(plOID);
+        PKIX_TEST_DECREF_AC(policySet);
+        policySet = NULL;
+    }
+
+    PKIX_TEST_RETURN();
+
+    return (policySet);
+}
+
+/*
+ * FUNCTION: treeToStringHelper
+ *  This function obtains the string representation of a PolicyNode
+ *  Tree and compares it to the expected value.
+ * PARAMETERS:
+ *  "parent" - a PolicyNode, the root of a PolicyNodeTree;
+ *      must be non-NULL.
+ *  "expected" - the desired string.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads can safely call this function without worrying
+ *  about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Nothing.
+ */
+static void
+treeToStringHelper(PKIX_PolicyNode *parent, char *expected)
+{
+    PKIX_PL_String *stringRep = NULL;
+    char *actual = NULL;
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)parent, &stringRep, plContext));
+
+    actual = PKIX_String2ASCII(stringRep, plContext);
+    if (actual == NULL) {
+        pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+        goto cleanup;
+    }
+
+    if (PL_strcmp(actual, expected) != 0) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%s\n", actual);
+        (void)printf("Expected value:\t%s\n", expected);
+    }
+
+cleanup:
+
+    PKIX_PL_Free(actual, plContext);
+
+    PKIX_TEST_DECREF_AC(stringRep);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testPass(char *dirName, char *goodInput, char *diffInput, char *dateAscii)
+{
+
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Basic-Common-Fields <pass>");
+    /*
+         * Tests the Expiration, NameChaining, and Signature Checkers
+         */
+
+    chain = createCertChain(dirName, goodInput, diffInput, plContext);
+
+    valParams = createValidateParams(dirName,
+                                     goodInput,
+                                     diffInput,
+                                     dateAscii,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testNistTest1(char *dirName)
+{
+#define PKIX_TEST_NUM_CERTS 2
+    char *trustAnchor =
+        "TrustAnchorRootCertificate.crt";
+    char *intermediateCert =
+        "GoodCACert.crt";
+    char *endEntityCert =
+        "ValidCertificatePathTest1EE.crt";
+    char *certNames[PKIX_TEST_NUM_CERTS];
+    char *asciiAnyPolicy = "2.5.29.32.0";
+    PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL };
+
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_List *chain = NULL;
+    PKIX_PL_OID *anyPolicyOID = NULL;
+    PKIX_List *initialPolicies = NULL;
+    char *anchorName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("testNistTest1: Creating the cert chain");
+    /*
+         * Create a chain, but don't include the first certName.
+         * That's the anchor, and is supplied separately from
+         * the chain.
+         */
+    certNames[0] = intermediateCert;
+    certNames[1] = endEntityCert;
+    chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext);
+
+    subTest("testNistTest1: Creating the Validate Parameters");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiAnyPolicy, &anyPolicyOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)anyPolicyOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext));
+
+    valParams = createValidateParams(dirName,
+                                     trustAnchor,
+                                     NULL,
+                                     NULL,
+                                     initialPolicies,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    subTest("testNistTest1: Validating the chain");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+
+cleanup:
+
+    PKIX_PL_Free(anchorName, plContext);
+
+    PKIX_TEST_DECREF_AC(anyPolicyOID);
+    PKIX_TEST_DECREF_AC(initialPolicies);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(chain);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testNistTest2(char *dirName)
+{
+#define PKIX_TEST_NUM_CERTS 2
+    char *trustAnchor =
+        "TrustAnchorRootCertificate.crt";
+    char *intermediateCert =
+        "GoodCACert.crt";
+    char *endEntityCert =
+        "ValidCertificatePathTest1EE.crt";
+    char *certNames[PKIX_TEST_NUM_CERTS];
+    char *asciiNist1Policy = "2.16.840.1.101.3.2.1.48.1";
+    PKIX_PL_Cert *certs[PKIX_TEST_NUM_CERTS] = { NULL, NULL };
+
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_List *chain = NULL;
+    PKIX_PL_OID *Nist1PolicyOID = NULL;
+    PKIX_List *initialPolicies = NULL;
+    char *anchorName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("testNistTest2: Creating the cert chain");
+    /*
+         * Create a chain, but don't include the first certName.
+         * That's the anchor, and is supplied separately from
+         * the chain.
+         */
+    certNames[0] = intermediateCert;
+    certNames[1] = endEntityCert;
+    chain = createCertChainPlus(dirName, certNames, certs, PKIX_TEST_NUM_CERTS, plContext);
+
+    subTest("testNistTest2: Creating the Validate Parameters");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(asciiNist1Policy, &Nist1PolicyOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&initialPolicies, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(initialPolicies, (PKIX_PL_Object *)Nist1PolicyOID, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(initialPolicies, plContext));
+
+    valParams = createValidateParams(dirName,
+                                     trustAnchor,
+                                     NULL,
+                                     NULL,
+                                     initialPolicies,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    subTest("testNistTest2: Validating the chain");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+
+cleanup:
+
+    PKIX_PL_Free(anchorName, plContext);
+
+    PKIX_TEST_DECREF_AC(Nist1PolicyOID);
+    PKIX_TEST_DECREF_AC(initialPolicies);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(chain);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printValidPolicyTree(PKIX_ValidateResult *valResult)
+{
+    PKIX_PolicyNode *validPolicyTree = NULL;
+    PKIX_PL_String *treeString = NULL;
+
+    PKIX_TEST_STD_VARS();
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateResult_GetPolicyTree(valResult, &validPolicyTree, plContext));
+    if (validPolicyTree) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)validPolicyTree,
+                                                          &treeString,
+                                                          plContext));
+        (void)printf("validPolicyTree is\n\t%s\n",
+                     treeString->escAsciiString);
+    } else {
+        (void)printf("validPolicyTree is NULL\n");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(validPolicyTree);
+    PKIX_TEST_DECREF_AC(treeString);
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_policychecker(int argc, char *argv[])
+{
+
+    PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
+    PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
+    PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
+    PKIX_Boolean expectedResult = PKIX_FALSE;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 initArgs = 0;
+    PKIX_UInt32 firstCert = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_Int32 j = 0;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_ProcessingParams *procParams = NULL;
+    char *firstTrustAnchor = "yassir2yassir";
+    char *secondTrustAnchor = "yassir2bcn";
+    char *dateAscii = "991201000000Z";
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_List *userInitialPolicySet = NULL; /* List of PKIX_PL_OID */
+    char *certNames[PKIX_TEST_MAX_CERTS];
+    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+    PKIX_List *chain = NULL;
+    PKIX_Error *validationError = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+    char *dirName = NULL;
+    char *dataCentralDir = NULL;
+    char *anchorName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /*
+         * Perform hard-coded tests if no command line args.
+         * If command line args are provided, they must be:
+         * arg[1]: test name
+         * arg[2]: "ENE" or "EE", for "expect no error" or "expect error"
+         * arg[3]: directory for certificates
+         * arg[4]: user-initial-policy-set, consisting of braces
+         *      containing zero or more OID sequences, separated by commas
+         * arg[5]: (optional) "E", indicating initialExplicitPolicy
+         * arg[firstCert]: the path and filename of the trust anchor certificate
+         * arg[firstCert+1..(n-1)]: successive certificates in the chain
+         * arg[n]: the end entity certificate
+         *
+         * Example: test_policychecker test1EE ENE
+         *      {2.5.29.32.0,2.5.29.32.3.6} Anchor CA EndEntity
+         */
+
+    dirName = argv[3 + j];
+    dataCentralDir = argv[4 + j];
+
+    if (argc <= 5 || ((6 == argc) && (j))) {
+
+        testPass(dataCentralDir,
+                 firstTrustAnchor,
+                 secondTrustAnchor,
+                 dateAscii);
+
+        testNistTest1(dirName);
+
+        testNistTest2(dirName);
+
+        goto cleanup;
+    }
+
+    if (argc < (7 + j)) {
+        printUsage(argv[0]);
+        pkixTestErrorMsg = "Invalid command line arguments.";
+        goto cleanup;
+    }
+
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        expectedResult = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        expectedResult = PKIX_FALSE;
+    } else {
+        printUsage(argv[0]);
+        pkixTestErrorMsg = "Invalid command line arguments.";
+        goto cleanup;
+    }
+
+    userInitialPolicySet = policySetParse(argv[5 + j]);
+    if (!userInitialPolicySet) {
+        printUsage(argv[0]);
+        pkixTestErrorMsg = "Invalid command line arguments.";
+        goto cleanup;
+    }
+
+    for (initArgs = 0; initArgs < 3; initArgs++) {
+        if (PORT_Strcmp(argv[6 + j + initArgs], "A") == 0) {
+            initialAnyPolicyInhibit = PKIX_TRUE;
+        } else if (PORT_Strcmp(argv[6 + j + initArgs], "E") == 0) {
+            initialExplicitPolicy = PKIX_TRUE;
+        } else if (PORT_Strcmp(argv[6 + j + initArgs], "P") == 0) {
+            initialPolicyMappingInhibit = PKIX_TRUE;
+        } else {
+            break;
+        }
+    }
+
+    firstCert = initArgs + j + 6;
+    chainLength = argc - (firstCert + 1);
+    if (chainLength > PKIX_TEST_MAX_CERTS) {
+        printUsageMax(chainLength);
+        pkixTestErrorMsg = "Invalid command line arguments.";
+        goto cleanup;
+    }
+
+    /*
+         * Create a chain, but don't include the first certName.
+         * That's the anchor, and is supplied separately from
+         * the chain.
+         */
+    for (i = 0; i < chainLength; i++) {
+
+        certNames[i] = argv[i + (firstCert + 1)];
+        certs[i] = NULL;
+    }
+    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+    subTest(argv[1 + j]);
+
+    valParams = createValidateParams(dirName,
+                                     argv[firstCert],
+                                     NULL,
+                                     NULL,
+                                     userInitialPolicySet,
+                                     initialPolicyMappingInhibit,
+                                     initialAnyPolicyInhibit,
+                                     initialExplicitPolicy,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    if (expectedResult == PKIX_TRUE) {
+        subTest("   (expecting successful validation)");
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+
+        printValidPolicyTree(valResult);
+
+    } else {
+        subTest("   (expecting validation to fail)");
+        validationError = PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext);
+        if (!validationError) {
+            printValidPolicyTree(valResult);
+            pkixTestErrorMsg = "Should have thrown an error here.";
+        }
+        PKIX_TEST_DECREF_BC(validationError);
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+
+cleanup:
+
+    PKIX_PL_Free(anchorName, plContext);
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(userInitialPolicySet);
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(validationError);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("PolicyChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c b/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c
new file mode 100644
index 0000000..3f9711e
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_subjaltnamechecker.c
@@ -0,0 +1,261 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_subjaltnamechecker.c
+ *
+ * Test Subject Alternative Name Checking
+ *
+ */
+
+/*
+ * There is no subjaltnamechecker. Instead, targetcertchecker is doing
+ * the job for checking subject alternative names' validity. For testing,
+ * in order to enter names with various type, we create this test excutable
+ * to parse different scenario.
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_MAX_CERTS 10
+
+static void *plContext = NULL;
+
+static void
+printUsage1(char *pName)
+{
+    printf("\nUSAGE: %s test-name [ENE|EE] ", pName);
+    printf("cert [certs].\n");
+}
+
+static void
+printUsage2(char *name)
+{
+    printf("\ninvalid test-name syntax - %s", name);
+    printf("\ntest-name syntax: [01][DNORU]:<name>+...");
+    printf("\n             [01] 1 - match all; 0 - match one");
+    printf("\n    name - type can be specified as");
+    printf("\n          [DNORU] D-Directory name");
+    printf("\n                  N-DNS name");
+    printf("\n                  O-OID name");
+    printf("\n                  R-RFC822 name");
+    printf("\n                  U-URI name");
+    printf("\n                + separator for more names\n\n");
+}
+
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+           numCerts, PKIX_TEST_MAX_CERTS);
+}
+
+static PKIX_UInt32
+getNameType(char *name)
+{
+    PKIX_UInt32 nameType;
+
+    PKIX_TEST_STD_VARS();
+
+    switch (*name) {
+        case 'D':
+            nameType = PKIX_DIRECTORY_NAME;
+            break;
+        case 'N':
+            nameType = PKIX_DNS_NAME;
+            break;
+        case 'O':
+            nameType = PKIX_OID_NAME;
+            break;
+        case 'R':
+            nameType = PKIX_RFC822_NAME;
+            break;
+        case 'U':
+            nameType = PKIX_URI_NAME;
+            break;
+        default:
+            printUsage2(name);
+            nameType = 0xFFFF;
+    }
+
+    goto cleanup;
+
+cleanup:
+    PKIX_TEST_RETURN();
+    return (nameType);
+}
+
+int
+test_subjaltnamechecker(int argc, char *argv[])
+{
+
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *selParams = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_PL_GeneralName *name = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    char *certNames[PKIX_TEST_MAX_CERTS];
+    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    char *nameStr;
+    char *nameEnd;
+    char *names[PKIX_TEST_MAX_CERTS];
+    PKIX_UInt32 numNames = 0;
+    PKIX_UInt32 nameType;
+    PKIX_Boolean matchAll = PKIX_TRUE;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    char *dirName = NULL;
+    char *anchorName = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    startTests("SubjAltNameConstraintChecker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    j++; /* skip test-purpose string */
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    /* taking out leading and trailing ", if any */
+    nameStr = argv[1 + j];
+    subTest(nameStr);
+    if (*nameStr == '"') {
+        nameStr++;
+        nameEnd = nameStr;
+        while (*nameEnd != '"' && *nameEnd != '\0') {
+            nameEnd++;
+        }
+        *nameEnd = '\0';
+    }
+
+    /* extract first [0|1] inidcating matchAll or not */
+    matchAll = (*nameStr == '0') ? PKIX_FALSE : PKIX_TRUE;
+    nameStr++;
+
+    numNames = 0;
+    while (*nameStr != '\0') {
+        names[numNames++] = nameStr;
+        while (*nameStr != '+' && *nameStr != '\0') {
+            nameStr++;
+        }
+        if (*nameStr == '+') {
+            *nameStr = '\0';
+            nameStr++;
+        }
+    }
+
+    chainLength = (argc - j) - 4;
+    if (chainLength > PKIX_TEST_MAX_CERTS) {
+        printUsageMax(chainLength);
+    }
+
+    for (i = 0; i < chainLength; i++) {
+        certNames[i] = argv[(4 + j) + i];
+        certs[i] = NULL;
+    }
+
+    /* SubjAltName for validation */
+
+    subTest("Add Subject Alt Name for NameConstraint checking");
+
+    subTest("Create Selector and ComCertSelParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, selParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetMatchAllSubjAltNames(selParams, matchAll, plContext));
+
+    subTest("PKIX_ComCertSelParams_AddSubjAltName(s)");
+    for (i = 0; i < numNames; i++) {
+        nameType = getNameType(names[i]);
+        if (nameType == 0xFFFF) {
+            return (0);
+        }
+        nameStr = names[i] + 2;
+        name = createGeneralName(nameType, nameStr, plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_AddSubjAltName(selParams, name, plContext));
+        PKIX_TEST_DECREF_BC(name);
+    }
+
+    subTest("SubjAltName-Constraints - Create Cert Chain");
+
+    dirName = argv[3 + j];
+
+    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+    subTest("SubjAltName-Constraints - Create Params");
+
+    valParams = createValidateParams(dirName,
+                                     argv[4 +
+                                          j],
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    subTest("PKIX_ValidateParams_getProcessingParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, selector, plContext));
+
+    subTest("Subject Alt Name - Validate Chain");
+
+    if (testValid == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    } else {
+        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    }
+
+cleanup:
+
+    PKIX_PL_Free(anchorName, plContext);
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(selector);
+    PKIX_TEST_DECREF_AC(selParams);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(name);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("SubjAltNameConstraintsChecker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_validatechain.c b/nss/cmd/libpkix/pkix/top/test_validatechain.c
new file mode 100644
index 0000000..98cb7b0
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_validatechain.c
@@ -0,0 +1,221 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_validatechain.c
+ *
+ * Test ValidateChain function
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\nvalidateChain TestName [ENE|EE] "
+                 "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
+    (void)printf("Validates a chain of certificates between "
+                 "<trustedCert> and <targetCert>\n"
+                 "using the certs and CRLs in <certStoreDirectory>. "
+                 "If ENE is specified,\n"
+                 "then an Error is Not Expected. "
+                 "If EE is specified, an Error is Expected.\n");
+}
+
+static char *
+createFullPathName(
+    char *dirName,
+    char *certFile,
+    void *plContext)
+{
+    PKIX_UInt32 certFileLen;
+    PKIX_UInt32 dirNameLen;
+    char *certPathName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certFileLen = PL_strlen(certFile);
+    dirNameLen = PL_strlen(dirName);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen +
+                                                 certFileLen +
+                                                 2,
+                                             (void **)&certPathName,
+                                             plContext));
+
+    PL_strcpy(certPathName, dirName);
+    PL_strcat(certPathName, "/");
+    PL_strcat(certPathName, certFile);
+    printf("certPathName = %s\n", certPathName);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (certPathName);
+}
+
+static PKIX_Error *
+testDefaultCertStore(PKIX_ValidateParams *valParams, char *crlDir)
+{
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_PL_Date *validity = NULL;
+    PKIX_List *revCheckers = NULL;
+    PKIX_RevocationChecker *ocspChecker = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CollectionCertStoreContext_Create");
+
+    /* Create CollectionCertStore */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, crlDir, 0, &dirString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString, &certStore, plContext));
+
+    /* Create CertStore */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    subTest("PKIX_ProcessingParams_AddCertStore");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
+
+    subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
+
+    /* create current Date */
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validity, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&revCheckers, plContext));
+
+    /* create revChecker */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_OcspChecker_Initialize(validity,
+                                                          NULL, /* pwArg */
+                                                          NULL, /* Use default responder */
+                                                          &ocspChecker,
+                                                          plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(revCheckers, (PKIX_PL_Object *)ocspChecker, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationCheckers(procParams, revCheckers, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(revCheckers);
+    PKIX_TEST_DECREF_AC(ocspChecker);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+int
+test_validatechain(int argc, char *argv[])
+{
+
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 k = 0;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    PKIX_List *chainCerts = NULL;
+    PKIX_PL_Cert *dirCert = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+    char *dirCertName = NULL;
+    char *anchorCertName = NULL;
+    char *dirName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("ValidateChain");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage();
+        return (0);
+    }
+
+    subTest(argv[1 + j]);
+
+    dirName = argv[3 + j];
+
+    chainLength = argc - j - 5;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
+
+    for (k = 0; k < chainLength; k++) {
+
+        dirCert = createCert(dirName, argv[5 + k + j], plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+
+        PKIX_TEST_DECREF_BC(dirCert);
+    }
+
+    valParams = createValidateParams(dirName,
+                                     argv[4 +
+                                          j],
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chainCerts,
+                                     plContext);
+
+    testDefaultCertStore(valParams, dirName);
+
+    if (testValid == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    } else {
+        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+    }
+
+    subTest("Displaying VerifyNode objects");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+
+cleanup:
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+
+    PKIX_TEST_DECREF_AC(chainCerts);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ValidateChain");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c b/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c
new file mode 100644
index 0000000..ad73a5d
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_validatechain_NB.c
@@ -0,0 +1,351 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_validatechain_NB.c
+ *
+ * Test ValidateChain (nonblocking I/O) function
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ntest_validateChain_NB TestName [ENE|EE] "
+                 "<certStoreDirectory> <trustedCert> <targetCert>\n\n");
+    (void)printf("Validates a chain of certificates between "
+                 "<trustedCert> and <targetCert>\n"
+                 "using the certs and CRLs in <certStoreDirectory>. "
+                 "If ENE is specified,\n"
+                 "then an Error is Not Expected. "
+                 "If EE is specified, an Error is Expected.\n");
+}
+
+static char *
+createFullPathName(
+    char *dirName,
+    char *certFile,
+    void *plContext)
+{
+    PKIX_UInt32 certFileLen;
+    PKIX_UInt32 dirNameLen;
+    char *certPathName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certFileLen = PL_strlen(certFile);
+    dirNameLen = PL_strlen(dirName);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirNameLen +
+                                                 certFileLen +
+                                                 2,
+                                             (void **)&certPathName,
+                                             plContext));
+
+    PL_strcpy(certPathName, dirName);
+    PL_strcat(certPathName, "/");
+    PL_strcat(certPathName, certFile);
+    printf("certPathName = %s\n", certPathName);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (certPathName);
+}
+
+static PKIX_Error *
+testSetupCertStore(PKIX_ValidateParams *valParams, char *ldapName)
+{
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_PL_LdapDefaultClient *ldapClient = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CollectionCertStoreContext_Create");
+
+    /* Create LDAPCertStore */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(ldapName,
+                                                                     0,    /* timeout */
+                                                                     NULL, /* bindPtr */
+                                                                     &ldapClient,
+                                                                     plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient,
+                                                           &certStore,
+                                                           plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    subTest("PKIX_ProcessingParams_AddCertStore");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore(procParams, certStore, plContext));
+
+    subTest("PKIX_ProcessingParams_SetRevocationEnabled");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_TRUE, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(ldapClient);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+static char *levels[] = {
+    "None", "Fatal Error", "Error", "Warning", "Debug", "Trace"
+};
+
+static PKIX_Error *
+loggerCallback(
+    PKIX_Logger *logger,
+    PKIX_PL_String *message,
+    PKIX_UInt32 logLevel,
+    PKIX_ERRORCLASS logComponent,
+    void *plContext)
+{
+#define resultSize 150
+    char *msg = NULL;
+    char result[resultSize];
+
+    PKIX_TEST_STD_VARS();
+
+    msg = PKIX_String2ASCII(message, plContext);
+    PR_snprintf(result, resultSize,
+                "Logging %s (%s): %s",
+                levels[logLevel],
+                PKIX_ERRORCLASSNAMES[logComponent],
+                msg);
+    subTest(result);
+
+cleanup:
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
+    PKIX_TEST_RETURN();
+}
+
+static void
+testLogErrors(
+    PKIX_ERRORCLASS module,
+    PKIX_UInt32 loggingLevel,
+    PKIX_List *loggers,
+    void *plContext)
+{
+    PKIX_Logger *logger = NULL;
+    PKIX_PL_String *component = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(loggerCallback, NULL, &logger, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, module, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, loggingLevel, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggers, (PKIX_PL_Object *)logger, plContext));
+
+cleanup:
+    PKIX_TEST_DECREF_AC(logger);
+    PKIX_TEST_DECREF_AC(component);
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_validatechain_NB(int argc, char *argv[])
+{
+
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 k = 0;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_Boolean testValid = PKIX_TRUE;
+    PKIX_List *chainCerts = NULL;
+    PKIX_PL_Cert *dirCert = NULL;
+    char *dirCertName = NULL;
+    char *anchorCertName = NULL;
+    char *dirName = NULL;
+    PKIX_UInt32 certIndex = 0;
+    PKIX_UInt32 anchorIndex = 0;
+    PKIX_UInt32 checkerIndex = 0;
+    PKIX_Boolean revChecking = PKIX_FALSE;
+    PKIX_List *checkers = NULL;
+    PRPollDesc *pollDesc = NULL;
+    PRErrorCode errorCode = 0;
+    PKIX_PL_Socket *socket = NULL;
+    char *ldapName = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+
+    PKIX_List *loggers = NULL;
+    PKIX_Logger *logger = NULL;
+    char *logging = NULL;
+    PKIX_PL_String *component = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("ValidateChain_NB");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage();
+        return (0);
+    }
+
+    subTest(argv[1 + j]);
+
+    dirName = argv[3 + j];
+
+    chainLength = argc - j - 5;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&chainCerts, plContext));
+
+    for (k = 0; k < chainLength; k++) {
+
+        dirCert = createCert(dirName, argv[5 + k + j], plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(chainCerts, (PKIX_PL_Object *)dirCert, plContext));
+
+        PKIX_TEST_DECREF_BC(dirCert);
+    }
+
+    valParams = createValidateParams(dirName,
+                                     argv[4 +
+                                          j],
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chainCerts,
+                                     plContext);
+
+    ldapName = PR_GetEnvSecure("LDAP");
+    /* Is LDAP set in the environment? */
+    if ((ldapName == NULL) || (*ldapName == '\0')) {
+        testError("LDAP not set in environment");
+        goto cleanup;
+    }
+
+    pkixTestErrorResult = pkix_pl_Socket_CreateByName(PKIX_FALSE,               /* isServer */
+                                                      PR_SecondsToInterval(30), /* try 30 secs for connect */
+                                                      ldapName,
+                                                      &errorCode,
+                                                      &socket,
+                                                      plContext);
+
+    if (pkixTestErrorResult != NULL) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, plContext);
+        pkixTestErrorResult = NULL;
+        testError("Unable to connect to LDAP Server");
+        goto cleanup;
+    }
+
+    PKIX_TEST_DECREF_BC(socket);
+
+    testSetupCertStore(valParams, ldapName);
+
+    logging = PR_GetEnvSecure("LOGGING");
+    /* Is LOGGING set in the environment? */
+    if ((logging != NULL) && (*logging != '\0')) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggers, plContext));
+
+        testLogErrors(PKIX_VALIDATE_ERROR, 2, loggers, plContext);
+        testLogErrors(PKIX_CERTCHAINCHECKER_ERROR, 2, loggers, plContext);
+        testLogErrors(PKIX_LDAPDEFAULTCLIENT_ERROR, 2, loggers, plContext);
+        testLogErrors(PKIX_CERTSTORE_ERROR, 2, loggers, plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggers, plContext));
+    }
+
+    pkixTestErrorResult = PKIX_ValidateChain_NB(valParams,
+                                                &certIndex,
+                                                &anchorIndex,
+                                                &checkerIndex,
+                                                &revChecking,
+                                                &checkers,
+                                                (void **)&pollDesc,
+                                                &valResult,
+                                                &verifyTree,
+                                                plContext);
+
+    while (pollDesc != NULL) {
+
+        if (PR_Poll(pollDesc, 1, 0) < 0) {
+            testError("PR_Poll failed");
+        }
+
+        pkixTestErrorResult = PKIX_ValidateChain_NB(valParams,
+                                                    &certIndex,
+                                                    &anchorIndex,
+                                                    &checkerIndex,
+                                                    &revChecking,
+                                                    &checkers,
+                                                    (void **)&pollDesc,
+                                                    &valResult,
+                                                    &verifyTree,
+                                                    plContext);
+    }
+
+    if (pkixTestErrorResult) {
+        if (testValid == PKIX_FALSE) { /* EE */
+            (void)printf("EXPECTED ERROR RECEIVED!\n");
+        } else { /* ENE */
+            testError("UNEXPECTED ERROR RECEIVED");
+        }
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);
+    } else {
+
+        if (testValid == PKIX_TRUE) { /* ENE */
+            (void)printf("EXPECTED NON-ERROR RECEIVED!\n");
+        } else { /* EE */
+            (void)printf("UNEXPECTED NON-ERROR RECEIVED!\n");
+        }
+    }
+
+cleanup:
+
+    if (verifyTree) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+        (void)printf("verifyTree is\n%s\n",
+                     verifyString->escAsciiString);
+    }
+
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(checkers);
+    PKIX_TEST_DECREF_AC(chainCerts);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("ValidateChain_NB");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c b/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c
new file mode 100644
index 0000000..480ec26
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/top/test_validatechain_bc.c
@@ -0,0 +1,233 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * validateChainBasicConstraints.c
+ *
+ * Tests Cert Chain Validation
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stddef.h>
+
+#include "pkix_pl_generalname.h"
+#include "pkix_pl_cert.h"
+#include "pkix.h"
+#include "testutil.h"
+#include "prlong.h"
+#include "plstr.h"
+#include "prthread.h"
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "secitem.h"
+#include "keythi.h"
+#include "nss.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    printf("\nUSAGE: incorrect.\n");
+}
+
+static PKIX_PL_Cert *
+createCert(char *inFileName)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    void *buf = NULL;
+    PRFileDesc *inFile = NULL;
+    PKIX_UInt32 len;
+    SECItem certDER;
+    SECStatus rv;
+    /* default: NULL cert (failure case) */
+    PKIX_PL_Cert *cert = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certDER.data = NULL;
+
+    inFile = PR_Open(inFileName, PR_RDONLY, 0);
+
+    if (!inFile) {
+        pkixTestErrorMsg = "Unable to open cert file";
+        goto cleanup;
+    } else {
+        rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+        if (!rv) {
+            buf = (void *)certDER.data;
+            len = certDER.len;
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+            SECITEM_FreeItem(&certDER, PR_FALSE);
+        } else {
+            pkixTestErrorMsg = "Unable to read DER from cert file";
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    if (inFile) {
+        PR_Close(inFile);
+    }
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        SECITEM_FreeItem(&certDER, PR_FALSE);
+    }
+
+    PKIX_TEST_DECREF_AC(byteArray);
+
+    PKIX_TEST_RETURN();
+
+    return (cert);
+}
+
+int
+test_validatechain_bc(int argc, char *argv[])
+{
+
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_PL_X500Name *subject = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+
+    char *trustedCertFile = NULL;
+    char *chainCertFile = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_PL_Cert *chainCert = NULL;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 3) {
+        printUsage();
+        return (0);
+    }
+
+    startTests("ValidateChainBasicConstraints");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    chainLength = (argc - j) - 2;
+
+    /* create processing params with list of trust anchors */
+    trustedCertFile = argv[1 + j];
+    trustedCert = createCert(trustedCertFile);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, -1, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_DECREF_BC(subject);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    PKIX_TEST_DECREF_BC(certSelector);
+
+    /* create cert chain */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
+    for (i = 0; i < chainLength; i++) {
+        chainCertFile = argv[i + (2 + j)];
+        chainCert = createCert(chainCertFile);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs, (PKIX_PL_Object *)chainCert, plContext));
+
+        PKIX_TEST_DECREF_BC(chainCert);
+    }
+
+    /* create validate params with processing params and cert chain */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, certs, &valParams, plContext));
+
+    /* validate cert chain using processing params and return valResult */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+
+    if (valResult != NULL) {
+        printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
+        printf("Cert Selector minimum path length to be -1\n");
+        PKIX_TEST_DECREF_BC(valResult);
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+    PKIX_TEST_DECREF_BC(verifyString);
+    PKIX_TEST_DECREF_BC(verifyTree);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(certSelParams, 6, plContext));
+
+    /* validate cert chain using processing params and return valResult */
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+
+    if (valResult != NULL) {
+        printf("SUCCESSFULLY VALIDATED with Basic Constraint ");
+        printf("Cert Selector minimum path length to be 6\n");
+    }
+
+    PKIX_TEST_DECREF_BC(trustedCert);
+    PKIX_TEST_DECREF_BC(anchor);
+    PKIX_TEST_DECREF_BC(anchors);
+    PKIX_TEST_DECREF_BC(certs);
+    PKIX_TEST_DECREF_BC(procParams);
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        printf("FAILED TO VALIDATE\n");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext));
+    (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+    PKIX_TEST_DECREF_AC(verifyString);
+    PKIX_TEST_DECREF_AC(verifyTree);
+
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(valParams);
+
+    PKIX_TEST_RETURN();
+
+    PKIX_Shutdown(plContext);
+
+    endTests("ValidateChainBasicConstraints");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/util/Makefile b/nss/cmd/libpkix/pkix/util/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/util/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix/util/manifest.mn b/nss/cmd/libpkix/pkix/util/manifest.mn
new file mode 100755
index 0000000..7dbeb6d
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/util/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_error.c \
+	test_list.c \
+	test_list2.c \
+	test_logger.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolutil
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix/util/test_error.c b/nss/cmd/libpkix/pkix/util/test_error.c
new file mode 100644
index 0000000..9cddecc
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/util/test_error.c
@@ -0,0 +1,385 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_error.c
+ *
+ * Tests Error Object Creation, ToString, Callbacks and Destroy
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createErrors(
+    PKIX_Error **error,
+    PKIX_Error **error2,
+    PKIX_Error **error3,
+    PKIX_Error **error5,
+    PKIX_Error **error6,
+    PKIX_Error **error7,
+    char *infoChar)
+
+{
+    PKIX_PL_String *infoString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        infoChar,
+        PL_strlen(infoChar),
+        &infoString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR,
+                                                NULL,
+                                                NULL,
+                                                PKIX_TESTANOTHERERRORMESSAGE,
+                                                error2,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+                                                *error2,
+                                                (PKIX_PL_Object *)infoString,
+                                                PKIX_TESTERRORMESSAGE,
+                                                error,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+                                                *error2,
+                                                (PKIX_PL_Object *)infoString,
+                                                PKIX_TESTERRORMESSAGE,
+                                                error3,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+                                                NULL,
+                                                (PKIX_PL_Object *)infoString,
+                                                0,
+                                                error5,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_MEM_ERROR,
+                                                *error5,
+                                                (PKIX_PL_Object *)infoString,
+                                                0,
+                                                error6,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_Create(PKIX_OBJECT_ERROR,
+                                                *error6,
+                                                (PKIX_PL_Object *)infoString,
+                                                0,
+                                                error7,
+                                                plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(infoString);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetErrorClass(PKIX_Error *error, PKIX_Error *error2)
+{
+    PKIX_ERRORCLASS errClass;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error, &errClass, plContext));
+
+    if (errClass != PKIX_OBJECT_ERROR) {
+        testError("Incorrect Class Returned");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(error2, &errClass, plContext));
+
+    if (errClass != PKIX_MEM_ERROR) {
+        testError("Incorrect Class Returned");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetErrorClass(PKIX_ALLOC_ERROR(),
+                                                       &errClass, plContext));
+    if (errClass != PKIX_FATAL_ERROR) {
+        testError("Incorrect Class Returned");
+    }
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetDescription(
+    PKIX_Error *error,
+    PKIX_Error *error2,
+    PKIX_Error *error3,
+    char *descChar,
+    char *descChar2)
+{
+
+    PKIX_PL_String *targetString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error, &targetString, plContext));
+    temp = PKIX_String2ASCII(targetString, plContext);
+    PKIX_TEST_DECREF_BC(targetString);
+
+    if (temp) {
+        if (PL_strcmp(temp, descChar) != 0) {
+            testError("Incorrect description returned");
+        }
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error2, &targetString, plContext));
+    temp = PKIX_String2ASCII(targetString, plContext);
+    PKIX_TEST_DECREF_BC(targetString);
+
+    if (temp) {
+        if (PL_strcmp(temp, descChar2) != 0) {
+            testError("Incorrect description returned");
+        }
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetDescription(error3, &targetString, plContext));
+    temp = PKIX_String2ASCII(targetString, plContext);
+    PKIX_TEST_DECREF_BC(targetString);
+
+    if (temp) {
+        if (PL_strcmp(temp, descChar) != 0) {
+            testError("Incorrect description returned");
+        }
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCause(PKIX_Error *error, PKIX_Error *error2, PKIX_Error *error3)
+{
+
+    PKIX_Error *error4 = NULL;
+    PKIX_PL_String *targetString = NULL;
+    char *temp = NULL;
+    PKIX_Boolean boolResult;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error, &error4, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2,
+                                                    (PKIX_PL_Object *)error4,
+                                                    &boolResult, plContext));
+    if (!boolResult)
+        testError("Incorrect Cause returned");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error4,
+                                                      &targetString, plContext));
+
+    temp = PKIX_String2ASCII(targetString, plContext);
+    if (temp) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    PKIX_TEST_DECREF_BC(targetString);
+    PKIX_TEST_DECREF_BC(error4);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(error3, &error4, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)error2,
+                                                    (PKIX_PL_Object *)error4,
+                                                    &boolResult, plContext));
+    if (!boolResult)
+        testError("Incorrect Cause returned");
+
+    PKIX_TEST_DECREF_BC(error4);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSupplementaryInfo(PKIX_Error *error, char *infoChar)
+{
+
+    PKIX_PL_Object *targetString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetSupplementaryInfo(error, &targetString, plContext));
+    temp = PKIX_String2ASCII((PKIX_PL_String *)targetString, plContext);
+    PKIX_TEST_DECREF_BC(targetString);
+
+    if (temp) {
+        if (PL_strcmp(temp, infoChar) != 0) {
+            testError("Incorrect info returned");
+        }
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testPrimitiveError(void)
+{
+    PKIX_PL_String *targetString = NULL;
+    PKIX_PL_String *targetStringCopy = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)PKIX_ALLOC_ERROR(),
+                                                      &targetString, plContext));
+
+    temp = PKIX_String2ASCII(targetString, plContext);
+    if (temp) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    targetStringCopy = targetString;
+
+    PKIX_TEST_DECREF_BC(targetString);
+
+    /*
+         *  We need to DECREF twice, b/c the PKIX_ALLOC_ERROR object
+         *  which holds a cached copy of the stringRep can never be DECREF'd
+         */
+    PKIX_TEST_DECREF_BC(targetStringCopy);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testChaining(PKIX_Error *error7)
+{
+    PKIX_PL_String *targetString = NULL;
+    PKIX_Error *tempError = NULL;
+    char *temp = NULL;
+    PKIX_UInt32 i;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)error7,
+                                                      &targetString, plContext));
+
+    temp = PKIX_String2ASCII(targetString, plContext);
+    if (temp) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    for (i = 0, tempError = error7; i < 2; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_Error_GetCause(tempError, &tempError, plContext));
+        if (tempError == NULL) {
+            testError("Unexpected end to error chain");
+            break;
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)tempError, plContext));
+    }
+
+    PKIX_TEST_DECREF_BC(targetString);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(PKIX_Error *error)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(error);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_error(int argc, char *argv[])
+{
+
+    PKIX_Error *error, *error2, *error3, *error5, *error6, *error7;
+    char *descChar = "Error Message";
+    char *descChar2 = "Another Error Message";
+    char *infoChar = "Auxiliary Info";
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Errors");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_Error_Create");
+    createErrors(&error,
+                 &error2,
+                 &error3,
+                 &error5,
+                 &error6,
+                 &error7,
+                 infoChar);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(error,
+                                error,
+                                error2,
+                                NULL,
+                                Error,
+                                PKIX_TRUE);
+
+    subTest("PKIX_Error_GetErrorClass");
+    testGetErrorClass(error, error2);
+
+    subTest("PKIX_Error_GetDescription");
+    testGetDescription(error, error2, error3, descChar, descChar2);
+
+    subTest("PKIX_Error_GetCause");
+    testGetCause(error, error2, error3);
+
+    subTest("PKIX_Error_GetSupplementaryInfo");
+    testGetSupplementaryInfo(error, infoChar);
+
+    subTest("Primitive Error Type");
+    testPrimitiveError();
+
+    subTest("Error Chaining");
+    testChaining(error7);
+
+    subTest("PKIX_Error_Destroy");
+    testDestroy(error);
+    testDestroy(error2);
+    testDestroy(error3);
+    testDestroy(error5);
+    testDestroy(error6);
+    testDestroy(error7);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Errors");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/util/test_list.c b/nss/cmd/libpkix/pkix/util/test_list.c
new file mode 100644
index 0000000..e5e6e50
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/util/test_list.c
@@ -0,0 +1,765 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_list.c
+ *
+ * Tests List Objects
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createLists(PKIX_List **list, PKIX_List **list2)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(list2, plContext));
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testReverseList(void)
+{
+    PKIX_List *firstList = NULL;
+    PKIX_List *reverseList = NULL;
+    PKIX_UInt32 length, i;
+    char *testItemString = "one";
+    char *testItemString2 = "two";
+    PKIX_PL_String *testItem = NULL;
+    PKIX_PL_String *testItem2 = NULL;
+    PKIX_PL_Object *retrievedItem1 = NULL;
+    PKIX_PL_Object *retrievedItem2 = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&firstList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext));
+    if (length != 0) {
+        testError("Incorrect Length returned");
+    }
+
+    PKIX_TEST_DECREF_BC(reverseList);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString,
+                                                    0,
+                                                    &testItem,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString2,
+                                                    0,
+                                                    &testItem2,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+                                                   (PKIX_PL_Object *)testItem,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext));
+    if (length != 1) {
+        testError("Incorrect Length returned");
+    }
+
+    PKIX_TEST_DECREF_BC(reverseList);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+                                                   (PKIX_PL_Object *)testItem2,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+                                                   (PKIX_PL_Object *)testItem,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(firstList,
+                                                   (PKIX_PL_Object *)testItem2,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_ReverseList(firstList, &reverseList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(reverseList, &length, plContext));
+    if (length != 4) {
+        testError("Incorrect Length returned");
+    }
+
+    for (i = 0; i < length; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstList,
+                                                    i,
+                                                    &retrievedItem1,
+                                                    plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(reverseList,
+                                                    (length - 1) - i,
+                                                    &retrievedItem2,
+                                                    plContext));
+
+        testEqualsHelper(retrievedItem1, retrievedItem2, PKIX_TRUE, plContext);
+
+        PKIX_TEST_DECREF_BC(retrievedItem1);
+        PKIX_TEST_DECREF_BC(retrievedItem2);
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(firstList);
+    PKIX_TEST_DECREF_AC(reverseList);
+
+    PKIX_TEST_DECREF_AC(testItem);
+    PKIX_TEST_DECREF_AC(testItem2);
+
+    PKIX_TEST_DECREF_AC(retrievedItem1);
+    PKIX_TEST_DECREF_AC(retrievedItem2);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testZeroLengthList(PKIX_List *list)
+{
+    PKIX_UInt32 length;
+    PKIX_Boolean empty;
+    char *testItemString = "hello";
+    PKIX_PL_String *testItem = NULL;
+    PKIX_PL_String *retrievedItem = NULL;
+    PKIX_List *diffList = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&diffList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext));
+
+    if (length != 0) {
+        testError("Incorrect Length returned");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(list, &empty, plContext));
+    if (!empty) {
+        testError("Incorrect result for PKIX_List_IsEmpty");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString,
+                                                    0,
+                                                    &testItem,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)testItem, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list,
+                                             0,
+                                             (PKIX_PL_Object **)&retrievedItem,
+                                             plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 0, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(diffList,
+                                                   (PKIX_PL_Object *)testItem,
+                                                   plContext));
+
+    testDuplicateHelper((PKIX_PL_Object *)diffList, plContext);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(list, list, diffList, "(EMPTY)", List, PKIX_TRUE);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext));
+    if (length != 1) {
+        testError("Incorrect Length returned");
+    }
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 1, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(diffList, 0, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(diffList, &length, plContext));
+    if (length != 0) {
+        testError("Incorrect Length returned");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(testItem);
+    PKIX_TEST_DECREF_AC(diffList);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetLength(PKIX_List *list)
+{
+    PKIX_UInt32 length;
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length, plContext));
+
+    if (length != 3) {
+        testError("Incorrect Length returned");
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSetItem(
+    PKIX_List *list,
+    char *testItemString,
+    char *testItemString2,
+    char *testItemString3,
+    PKIX_PL_String **testItem,
+    PKIX_PL_String **testItem2,
+    PKIX_PL_String **testItem3)
+{
+    PKIX_PL_Object *tempItem = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString,
+                                                    PL_strlen(testItemString),
+                                                    testItem,
+                                                    plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString2,
+                                                    PL_strlen(testItemString2),
+                                                    testItem2,
+                                                    plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString3,
+                                                    PL_strlen(testItemString3),
+                                                    testItem3,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)*testItem, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 1, (PKIX_PL_Object *)*testItem2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 2, (PKIX_PL_Object *)*testItem3, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext));
+
+    temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+    if (temp) {
+        if (PL_strcmp(testItemString, temp) != 0)
+            testError("GetItem from list is incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    PKIX_TEST_DECREF_BC(tempItem);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 1, &tempItem, plContext));
+
+    temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+    if (temp) {
+        if (PL_strcmp(testItemString2, temp) != 0)
+            testError("GetItem from list is incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(tempItem);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 2, &tempItem, plContext));
+
+    temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+    if (temp) {
+        if (PL_strcmp(testItemString3, temp) != 0)
+            testError("GetItem from list is incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(tempItem);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, 0, (PKIX_PL_Object *)*testItem3, plContext));
+    temp = PKIX_String2ASCII(*testItem3, plContext);
+    if (temp) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext));
+
+    temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+    if (temp) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+    if (temp) {
+        if (PL_strcmp(testItemString3, temp) != 0)
+            testError("GetItem from list is incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(tempItem);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testInsertItem(
+    PKIX_List *list,
+    PKIX_PL_String *testItem,
+    char *testItemString)
+{
+    PKIX_PL_Object *tempItem = NULL;
+    PKIX_PL_String *outputString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 0, (PKIX_PL_Object *)testItem, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, 0, &tempItem, plContext));
+
+    temp = PKIX_String2ASCII((PKIX_PL_String *)tempItem, plContext);
+    if (temp) {
+        if (PL_strcmp(testItemString, temp) != 0)
+            testError("GetItem from list is incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(tempItem);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, c, b, c)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    PKIX_TEST_DECREF_BC(outputString);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAppendItem(PKIX_List *list, PKIX_PL_String *testItem)
+{
+    PKIX_UInt32 length2;
+    PKIX_PL_String *outputString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(list, &length2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list,
+                                                   (PKIX_PL_Object *)testItem,
+                                                   plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, c, b, c, a)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+    PKIX_TEST_DECREF_BC(outputString);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testNestedLists(
+    PKIX_List *list,
+    PKIX_List *list2,
+    PKIX_PL_String *testItem,
+    PKIX_PL_String *testItem2)
+{
+    PKIX_PL_String *outputString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2, (PKIX_PL_Object *)testItem, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+                                                   (PKIX_PL_Object *)NULL,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+                                                   (PKIX_PL_Object *)testItem,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, (null), a)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_InsertItem(list, 1,
+                                                   (PKIX_PL_Object *)list2,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, (a, (null), a), c, b, c, a)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDeleteItem(
+    PKIX_List *list,
+    PKIX_List *list2,
+    PKIX_PL_String *testItem2,
+    PKIX_PL_String *testItem3)
+{
+    PKIX_PL_String *outputString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 5, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, (a, (null), a), c, b, c)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 1, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, c, b, c)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list, 0, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(c, b, c)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 1, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+                                                      &outputString,
+                                                      plContext));
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, a)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+                                                   (PKIX_PL_Object *)testItem2,
+                                                   plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, a, b)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_DeleteItem(list2, 2, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+                                                      &outputString,
+                                                      plContext));
+
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, a)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list2,
+                                                   (PKIX_PL_Object *)testItem3,
+                                                   plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list2,
+                                                      &outputString,
+                                                      plContext));
+    temp = PKIX_String2ASCII(outputString, plContext);
+    if (temp) {
+        if (PL_strcmp("(a, a, c)", temp) != 0)
+            testError("List toString is Incorrect");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(outputString);
+
+    PKIX_TEST_DECREF_BC(list2);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+#if testContainsFunction
+/* This test requires pkix_List_Contains to be in nss.def */
+static void
+testContains(void)
+{
+
+    PKIX_List *list;
+    PKIX_PL_String *testItem, *testItem2, *testItem3, *testItem4;
+    char *testItemString = "a";
+    char *testItemString2 = "b";
+    char *testItemString3 = "c";
+    char *testItemString4 = "d";
+    PKIX_Boolean found = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+    subTest("pkix_ListContains");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString,
+                                                    PL_strlen(testItemString),
+                                                    &testItem,
+                                                    plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString2,
+                                                    PL_strlen(testItemString2),
+                                                    &testItem2,
+                                                    plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString3,
+                                                    PL_strlen(testItemString3),
+                                                    &testItem3,
+                                                    plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    testItemString4,
+                                                    PL_strlen(testItemString4),
+                                                    &testItem4,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem3, plContext));
+
+    subTest("pkix_List_Contains <object missing>");
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext));
+
+    if (found) {
+        testError("Contains found item that wasn't there!");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testItem4, plContext));
+
+    subTest("pkix_List_Contains <object present>");
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_List_Contains(list, (PKIX_PL_Object *)testItem4, &found, plContext));
+
+    if (!found) {
+        testError("Contains missed item that was present!");
+    }
+
+    PKIX_TEST_DECREF_BC(list);
+    PKIX_TEST_DECREF_BC(testItem);
+    PKIX_TEST_DECREF_BC(testItem2);
+    PKIX_TEST_DECREF_BC(testItem3);
+    PKIX_TEST_DECREF_BC(testItem4);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+#endif
+
+static void
+testErrorHandling(void)
+{
+    PKIX_List *emptylist = NULL;
+    PKIX_List *list = NULL;
+    PKIX_PL_Object *tempItem = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 4, &tempItem, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_GetItem(list, 1, NULL, plContext));
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(list, 4, tempItem, plContext));
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_SetItem(NULL, 1, tempItem, plContext));
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(list, 4, tempItem, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_InsertItem(NULL, 1, tempItem, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, tempItem, plContext));
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(list, 5, plContext));
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(NULL, 1, plContext));
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_GetLength(list, NULL, plContext));
+
+    PKIX_TEST_DECREF_BC(list);
+    PKIX_TEST_DECREF_BC(emptylist);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(PKIX_List *list)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(list);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_list(int argc, char *argv[])
+{
+
+    PKIX_List *list, *list2;
+    PKIX_PL_String *testItem, *testItem2, *testItem3;
+    char *testItemString = "a";
+    char *testItemString2 = "b";
+    char *testItemString3 = "c";
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Lists");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_List_Create");
+    createLists(&list, &list2);
+
+    subTest("pkix_List_ReverseList");
+    testReverseList();
+
+    subTest("Zero-length List");
+    testZeroLengthList(list);
+
+    subTest("PKIX_List_Get/SetItem");
+    testGetSetItem(list,
+                   testItemString,
+                   testItemString2,
+                   testItemString3,
+                   &testItem,
+                   &testItem2,
+                   &testItem3);
+
+    subTest("PKIX_List_GetLength");
+    testGetLength(list);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(list,
+                                list,
+                                list2,
+                                "(c, b, c)",
+                                List,
+                                PKIX_TRUE);
+
+    subTest("PKIX_List_InsertItem");
+    testInsertItem(list, testItem, testItemString);
+
+    subTest("PKIX_List_AppendItem");
+    testAppendItem(list, testItem);
+
+    subTest("Nested Lists");
+    testNestedLists(list, list2, testItem, testItem2);
+
+    subTest("PKIX_List_DeleteItem");
+    testDeleteItem(list, list2, testItem2, testItem3);
+
+    PKIX_TEST_DECREF_BC(testItem);
+    PKIX_TEST_DECREF_BC(testItem2);
+    PKIX_TEST_DECREF_BC(testItem3);
+
+#if testContainsFunction
+    /* This test requires pkix_List_Contains to be in nss.def */
+    testContains();
+#endif
+
+    subTest("PKIX_List Error Handling");
+    testErrorHandling();
+
+    subTest("PKIX_List_Destroy");
+    testDestroy(list);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Lists");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/util/test_list2.c b/nss/cmd/libpkix/pkix/util/test_list2.c
new file mode 100644
index 0000000..7e4114e
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/util/test_list2.c
@@ -0,0 +1,120 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_list2.c
+ *
+ * Performs an in-place sort on a list
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+int
+test_list2(int argc, char *argv[])
+{
+
+    PKIX_List *list;
+    char *temp;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_Int32 cmpResult;
+    PKIX_PL_OID *testOID;
+    PKIX_PL_String *testString;
+    PKIX_PL_Object *obj, *obj2;
+    PKIX_UInt32 size = 10;
+    char *testOIDString[10] = {
+        "2.9.999.1.20",
+        "1.2.3.4.5.6.7",
+        "0.1",
+        "1.2.3.5",
+        "0.39",
+        "1.2.3.4.7",
+        "1.2.3.4.6",
+        "0.39.1",
+        "1.2.3.4.5",
+        "0.39.1.300"
+    };
+    PKIX_UInt32 actualMinorVersion;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("List Sorting");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("Creating Unsorted Lists");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&list, plContext));
+    for (i = 0; i < size; i++) {
+        /* Create a new OID object */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(
+            testOIDString[i],
+            &testOID,
+            plContext));
+        /* Insert it into the list */
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(list, (PKIX_PL_Object *)testOID, plContext));
+        /* Decref the string object */
+        PKIX_TEST_DECREF_BC(testOID);
+    }
+
+    subTest("Outputting Unsorted List");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &testString,
+                                                      plContext));
+    temp = PKIX_String2ASCII(testString, plContext);
+    if (temp) {
+        (void)printf("%s \n", temp);
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+    PKIX_TEST_DECREF_BC(testString);
+
+    subTest("Performing Bubble Sort");
+
+    for (i = 0; i < size; i++)
+        for (j = 9; j > i; j--) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j, &obj, plContext));
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(list, j -
+                                                                  1,
+                                                        &obj2, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj, obj2, &cmpResult, plContext));
+            if (cmpResult < 0) {
+                /* Exchange the items */
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j, obj2, plContext));
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetItem(list, j -
+                                                                      1,
+                                                            obj, plContext));
+            }
+            /* DecRef objects */
+            PKIX_TEST_DECREF_BC(obj);
+            PKIX_TEST_DECREF_BC(obj2);
+        }
+
+    subTest("Outputting Sorted List");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)list,
+                                                      &testString,
+                                                      plContext));
+    temp = PKIX_String2ASCII(testString, plContext);
+    if (temp) {
+        (void)printf("%s \n", temp);
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(testString);
+    PKIX_TEST_DECREF_AC(list);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("List Sorting");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix/util/test_logger.c b/nss/cmd/libpkix/pkix/util/test_logger.c
new file mode 100644
index 0000000..3b7e516
--- /dev/null
+++ b/nss/cmd/libpkix/pkix/util/test_logger.c
@@ -0,0 +1,314 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_logger.c
+ *
+ * Tests Logger Objects
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static char *levels[] = {
+    "None",
+    "Fatal Error",
+    "Error",
+    "Warning",
+    "Debug",
+    "Trace"
+};
+
+static PKIX_Error *
+testLoggerCallback(
+    PKIX_Logger *logger,
+    PKIX_PL_String *message,
+    PKIX_UInt32 logLevel,
+    PKIX_ERRORCLASS logComponent,
+    void *plContext)
+{
+    char *comp = NULL;
+    char *msg = NULL;
+    char result[100];
+    static int callCount = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    msg = PKIX_String2ASCII(message, plContext);
+    PR_snprintf(result, 100, "Logging %s (%s): %s",
+                levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg);
+    subTest(result);
+
+    callCount++;
+    if (callCount > 1) {
+        testError("Incorrect number of Logger Callback <expect 1>");
+    }
+
+cleanup:
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
+    PKIX_TEST_RETURN();
+}
+
+static PKIX_Error *
+testLoggerCallback2(
+    PKIX_Logger *logger,
+    PKIX_PL_String *message,
+    PKIX_UInt32 logLevel,
+    PKIX_ERRORCLASS logComponent,
+    void *plContext)
+{
+    char *comp = NULL;
+    char *msg = NULL;
+    char result[100];
+
+    PKIX_TEST_STD_VARS();
+
+    msg = PKIX_String2ASCII(message, plContext);
+    PR_snprintf(result, 100, "Logging %s (%s): %s",
+                levels[logLevel], PKIX_ERRORCLASSNAMES[logComponent], msg);
+    subTest(result);
+
+cleanup:
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(msg, plContext));
+    PKIX_TEST_RETURN();
+}
+
+static void
+createLogger(PKIX_Logger **logger,
+             PKIX_PL_Object *context,
+             PKIX_Logger_LogCallback cb)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_Create(cb, context, logger, plContext));
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testContextCallback(PKIX_Logger *logger, PKIX_Logger *logger2)
+{
+    PKIX_Logger_LogCallback cb = NULL;
+    PKIX_PL_Object *context = NULL;
+    PKIX_Boolean cmpResult = PKIX_FALSE;
+    PKIX_UInt32 length;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_Logger_GetLoggerContext");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggerContext(logger2, &context, plContext));
+
+    testEqualsHelper((PKIX_PL_Object *)logger, context, PKIX_TRUE, plContext);
+
+    subTest("PKIX_Logger_GetLogCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLogCallback(logger, &cb, plContext));
+
+    if (cb != testLoggerCallback) {
+        testError("Incorrect Logger Callback returned");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(context);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testComponent(PKIX_Logger *logger)
+{
+    PKIX_ERRORCLASS compName = (PKIX_ERRORCLASS)NULL;
+    PKIX_ERRORCLASS compNameReturn = (PKIX_ERRORCLASS)NULL;
+    PKIX_Boolean cmpResult = PKIX_FALSE;
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_Logger_GetLoggingComponent");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compName, plContext));
+
+    if (compName != (PKIX_ERRORCLASS)NULL) {
+        testError("Incorrect Logger Component returned. expect <NULL>");
+    }
+
+    subTest("PKIX_Logger_SetLoggingComponent");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger, PKIX_LIST_ERROR, plContext));
+
+    subTest("PKIX_Logger_GetLoggingComponent");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetLoggingComponent(logger, &compNameReturn, plContext));
+
+    if (compNameReturn != PKIX_LIST_ERROR) {
+        testError("Incorrect Logger Component returned.");
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testMaxLoggingLevel(PKIX_Logger *logger)
+{
+    PKIX_UInt32 level = 0;
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_Logger_GetMaxLoggingLevel");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext));
+
+    if (level != 0) {
+        testError("Incorrect Logger MaxLoggingLevel returned");
+    }
+
+    subTest("PKIX_Logger_SetMaxLoggingLevel");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger, 3, plContext));
+
+    subTest("PKIX_Logger_GetMaxLoggingLevel");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_GetMaxLoggingLevel(logger, &level, plContext));
+
+    if (level != 3) {
+        testError("Incorrect Logger MaxLoggingLevel returned");
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testLogger(PKIX_Logger *logger, PKIX_Logger *logger2)
+{
+    PKIX_List *loggerList = NULL;
+    PKIX_List *checkList = NULL;
+    PKIX_UInt32 length;
+    PKIX_Boolean cmpResult = PKIX_FALSE;
+    char *expectedAscii = "[\n"
+                          "\tLogger: \n"
+                          "\tContext:          (null)\n"
+                          "\tMaximum Level:    3\n"
+                          "\tComponent Name:   LIST\n"
+                          "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_GetLoggers");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext));
+    if (length != 0) {
+        testError("Incorrect Logger List returned");
+    }
+    PKIX_TEST_DECREF_BC(loggerList);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&loggerList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(loggerList, (PKIX_PL_Object *)logger, plContext));
+
+    subTest("PKIX_SetLoggers");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_SetLoggers(loggerList, plContext));
+
+    subTest("PKIX_Logger_SetLoggingComponent");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetLoggingComponent(logger2, PKIX_MUTEX_ERROR, plContext));
+
+    subTest("PKIX_Logger_SetMaxLoggingLevel");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Logger_SetMaxLoggingLevel(logger2, 5, plContext));
+
+    subTest("PKIX_AddLogger");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_AddLogger(logger2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&checkList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(checkList, (PKIX_PL_Object *)logger2, plContext));
+
+    PKIX_TEST_DECREF_BC(loggerList);
+
+    subTest("PKIX_GetLoggers");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_GetLoggers(&loggerList, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(loggerList, &length, plContext));
+
+    subTest("pkix_Loggers_Equals");
+    testEqualsHelper((PKIX_PL_Object *)loggerList,
+                     (PKIX_PL_Object *)checkList,
+                     PKIX_TRUE,
+                     plContext);
+
+    subTest("pkix_Loggers_Duplicate");
+    testDuplicateHelper((PKIX_PL_Object *)logger, plContext);
+
+    subTest("pkix_Loggers_Hashcode");
+    testHashcodeHelper((PKIX_PL_Object *)logger,
+                       (PKIX_PL_Object *)logger,
+                       PKIX_TRUE,
+                       plContext);
+
+    subTest("pkix_Loggers_ToString");
+    testToStringHelper((PKIX_PL_Object *)logger, expectedAscii, plContext);
+
+    subTest("PKIX Logger Callback");
+    subTest("Expect to have ***Fatal Error (List): Null argument*** once");
+    PKIX_TEST_EXPECT_ERROR(PKIX_List_AppendItem(NULL, (PKIX_PL_Object *)NULL, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(loggerList);
+    PKIX_TEST_DECREF_AC(checkList);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(PKIX_Logger *logger)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(logger);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_logger(int argc, char *argv[])
+{
+
+    PKIX_Logger *logger, *logger2;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Loggers");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_Logger_Create");
+    createLogger(&logger, NULL, testLoggerCallback);
+    createLogger(&logger2, (PKIX_PL_Object *)logger, testLoggerCallback2);
+
+    subTest("Logger Context and Callback");
+    testContextCallback(logger, logger2);
+
+    subTest("Logger Component");
+    testComponent(logger);
+
+    subTest("Logger MaxLoggingLevel");
+    testMaxLoggingLevel(logger);
+
+    subTest("Logger List operations");
+    testLogger(logger, logger2);
+
+    subTest("PKIX_Logger_Destroy");
+    testDestroy(logger);
+    testDestroy(logger2);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Loggers");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/Makefile b/nss/cmd/libpkix/pkix_pl/Makefile
new file mode 100755
index 0000000..ab4ffbd
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
+
diff --git a/nss/cmd/libpkix/pkix_pl/manifest.mn b/nss/cmd/libpkix/pkix_pl/manifest.mn
new file mode 100755
index 0000000..84997cb
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/manifest.mn
@@ -0,0 +1,11 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ./..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+DIRS =  module  pki  system \
+	$(NULL)
diff --git a/nss/cmd/libpkix/pkix_pl/module/Makefile b/nss/cmd/libpkix/pkix_pl/module/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/module/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix_pl/module/manifest.mn b/nss/cmd/libpkix/pkix_pl/module/manifest.mn
new file mode 100755
index 0000000..eedc934
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/module/manifest.mn
@@ -0,0 +1,24 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_colcertstore.c \
+	test_ekuchecker.c \
+	test_pk11certstore.c \
+	test_socket.c \
+	test_httpcertstore.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolmodule
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c b/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c
new file mode 100644
index 0000000..37169d6
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/module/test_colcertstore.c
@@ -0,0 +1,247 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_colcertstore.c
+ *
+ * Test CollectionCertStore Type
+ *
+ */
+
+#include "testutil.h"
+
+#include "testutil_nss.h"
+
+/* When CRL IDP is supported, change NUM_CRLS to 9 */
+#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS 4
+#define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS 15
+
+static void *plContext = NULL;
+
+static PKIX_Error *
+testCRLSelectorMatchCallback(
+    PKIX_CRLSelector *selector,
+    PKIX_PL_CRL *crl,
+    PKIX_Boolean *pMatch,
+    void *plContext)
+{
+    *pMatch = PKIX_TRUE;
+
+    return (0);
+}
+
+static PKIX_Error *
+testCertSelectorMatchCallback(
+    PKIX_CertSelector *selector,
+    PKIX_PL_Cert *cert,
+    PKIX_Boolean *pResult,
+    void *plContext)
+{
+    *pResult = PKIX_TRUE;
+
+    return (0);
+}
+
+static PKIX_Error *
+getCertCallback(
+    PKIX_CertStore *store,
+    PKIX_CertSelector *certSelector,
+    PKIX_List **pCerts,
+    void *plContext)
+{
+    return (0);
+}
+
+static char *
+catDirName(char *platform, char *dir, void *plContext)
+{
+    char *pathName = NULL;
+    PKIX_UInt32 dirLen;
+    PKIX_UInt32 platformLen;
+
+    PKIX_TEST_STD_VARS();
+
+    dirLen = PL_strlen(dir);
+    platformLen = PL_strlen(platform);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+                                                 dirLen +
+                                                 2,
+                                             (void **)&pathName, plContext));
+
+    PL_strcpy(pathName, platform);
+    PL_strcat(pathName, "/");
+    PL_strcat(pathName, dir);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (pathName);
+}
+
+static void
+testGetCRL(char *crlDir)
+{
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore_CRLCallback crlCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CRLSelector *crlSelector = NULL;
+    PKIX_List *crlList = NULL;
+    PKIX_UInt32 numCrl = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    crlDir,
+                                                    0,
+                                                    &dirString,
+                                                    plContext));
+
+    subTest("PKIX_PL_CollectionCertStore_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString,
+                                                                 &certStore,
+                                                                 plContext));
+
+    subTest("PKIX_CRLSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(testCRLSelectorMatchCallback,
+                                                      NULL,
+                                                      &crlSelector,
+                                                      plContext));
+
+    subTest("PKIX_CertStore_GetCRLCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(certStore, &crlCallback, NULL));
+
+    subTest("Getting data from CRL Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(crlCallback(certStore,
+                                          crlSelector,
+                                          &nbioContext,
+                                          &crlList,
+                                          plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList,
+                                                  &numCrl,
+                                                  plContext));
+
+    if (numCrl != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS) {
+        pkixTestErrorMsg = "unexpected CRL number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(crlList);
+    PKIX_TEST_DECREF_AC(crlSelector);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCert(char *certDir)
+{
+    PKIX_PL_String *dirString = NULL;
+    PKIX_CertStore_CertCallback certCallback;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    PKIX_UInt32 numCert = 0;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    certDir,
+                                                    0,
+                                                    &dirString,
+                                                    plContext));
+
+    subTest("PKIX_PL_CollectionCertStore_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(dirString,
+                                                                 &certStore,
+                                                                 plContext));
+
+    subTest("PKIX_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
+                                                       NULL,
+                                                       &certSelector,
+                                                       plContext));
+
+    subTest("PKIX_CertStore_GetCertCallback");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &certCallback, NULL));
+
+    subTest("Getting data from Cert Callback");
+    PKIX_TEST_EXPECT_NO_ERROR(certCallback(certStore,
+                                           certSelector,
+                                           &nbioContext,
+                                           &certList,
+                                           plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList,
+                                                  &numCert,
+                                                  plContext));
+
+    if (numCert != PKIX_TEST_COLLECTIONCERTSTORE_NUM_CERTS) {
+        pkixTestErrorMsg = "unexpected Cert number mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dirString);
+    PKIX_TEST_DECREF_AC(certList);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certStore);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s test-purpose <data-dir> <platform-dir>\n\n", pName);
+}
+
+/* Functional tests for CollectionCertStore public functions */
+
+int
+test_colcertstore(int argc, char *argv[])
+{
+
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    char *platformDir = NULL;
+    char *dataDir = NULL;
+    char *combinedDir = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("CollectionCertStore");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < (3 + j)) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    dataDir = argv[2 + j];
+    platformDir = argv[3 + j];
+    combinedDir = catDirName(platformDir, dataDir, plContext);
+
+    testGetCRL(combinedDir);
+    testGetCert(combinedDir);
+
+cleanup:
+
+    pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CollectionCertStore");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c b/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
new file mode 100644
index 0000000..ccd05a5
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/module/test_ekuchecker.c
@@ -0,0 +1,275 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_ekuchecker.c
+ *
+ * Test Extend Key Usage Checker
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+#define PKIX_TEST_MAX_CERTS 10
+
+static void *plContext = NULL;
+
+static void
+printUsage1(char *pName)
+{
+    printf("\nUSAGE: %s test-purpose [ENE|EE] ", pName);
+    printf("[E]oid[,oid]* <data-dir> cert [certs].\n");
+}
+
+static void
+printUsageMax(PKIX_UInt32 numCerts)
+{
+    printf("\nUSAGE ERROR: number of certs %d exceed maximum %d\n",
+           numCerts, PKIX_TEST_MAX_CERTS);
+}
+
+static PKIX_Error *
+testCertSelectorMatchCallback(
+    PKIX_CertSelector *selector,
+    PKIX_PL_Cert *cert,
+    PKIX_Boolean *pResult,
+    void *plContext)
+{
+    *pResult = PKIX_TRUE;
+
+    return (0);
+}
+
+static PKIX_Error *
+testEkuSetup(
+    PKIX_ValidateParams *valParams,
+    char *ekuOidString,
+    PKIX_Boolean *only4EE)
+{
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_List *ekuList = NULL;
+    PKIX_PL_OID *ekuOid = NULL;
+    PKIX_ComCertSelParams *selParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_Boolean last_token = PKIX_FALSE;
+    PKIX_UInt32 i, tokeni;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_ValidateParams_GetProcessingParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    /* Get extended key usage OID(s) from command line, separated by ","  */
+
+    if (ekuOidString[0] == '"') {
+        /* erase doble quotes, if any */
+        i = 1;
+        while (ekuOidString[i] != '"' && ekuOidString[i] != '\0') {
+            ekuOidString[i - 1] = ekuOidString[i];
+            i++;
+        }
+        ekuOidString[i - 1] = '\0';
+    }
+
+    if (ekuOidString[0] == '\0') {
+        ekuList = NULL;
+    } else {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&ekuList, plContext));
+
+        /* if OID string start with E, only check for last cert */
+        if (ekuOidString[0] == 'E') {
+            *only4EE = PKIX_TRUE;
+            tokeni = 2;
+            i = 1;
+        } else {
+            *only4EE = PKIX_FALSE;
+            tokeni = 1;
+            i = 0;
+        }
+
+        while (last_token != PKIX_TRUE) {
+            while (ekuOidString[tokeni] != ',' &&
+                   ekuOidString[tokeni] != '\0') {
+                tokeni++;
+            }
+            if (ekuOidString[tokeni] == '\0') {
+                last_token = PKIX_TRUE;
+            } else {
+                ekuOidString[tokeni] = '\0';
+                tokeni++;
+            }
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(&ekuOidString[i], &ekuOid, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(ekuList, (PKIX_PL_Object *)ekuOid, plContext));
+
+            PKIX_TEST_DECREF_BC(ekuOid);
+            i = tokeni;
+        }
+    }
+
+    /* Set extended key usage link to processing params */
+
+    subTest("PKIX_ComCertSelParams_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&selParams, plContext));
+
+    subTest("PKIX_ComCertSelParams_SetExtendedKeyUsage");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetExtendedKeyUsage(selParams, ekuList, plContext));
+
+    subTest("PKIX_CertSelector_Create");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(testCertSelectorMatchCallback,
+                                                       NULL,
+                                                       &certSelector,
+                                                       plContext));
+
+    subTest("PKIX_CertSelector_SetCommonCertSelectorParams");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, selParams, plContext));
+
+    subTest("PKIX_ProcessingParams_SetTargetCertConstraints");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(selParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(ekuOid);
+    PKIX_TEST_DECREF_AC(ekuList);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+static PKIX_Error *
+testEkuChecker(
+    PKIX_ValidateParams *valParams,
+    PKIX_Boolean only4EE)
+{
+    PKIX_ProcessingParams *procParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams(valParams, &procParams, plContext));
+
+    subTest("PKIX_ProcessingParams_SetRevocationEnabled - disable");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, PKIX_FALSE, plContext));
+
+    if (only4EE == PKIX_FALSE) {
+        subTest("PKIX_PL_EkuChecker_Create");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_EkuChecker_Create(procParams, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(procParams);
+
+    PKIX_TEST_RETURN();
+
+    return (0);
+}
+
+int
+test_ekuchecker(int argc, char *argv[])
+{
+    PKIX_List *chain = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    char *certNames[PKIX_TEST_MAX_CERTS];
+    char *dirName = NULL;
+    PKIX_PL_Cert *certs[PKIX_TEST_MAX_CERTS];
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_Boolean testValid = PKIX_FALSE;
+    PKIX_Boolean only4EE = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 5) {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    startTests("EKU Checker");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ENE = expect no error; EE = expect error */
+    if (PORT_Strcmp(argv[2 + j], "ENE") == 0) {
+        testValid = PKIX_TRUE;
+    } else if (PORT_Strcmp(argv[2 + j], "EE") == 0) {
+        testValid = PKIX_FALSE;
+    } else {
+        printUsage1(argv[0]);
+        return (0);
+    }
+
+    dirName = argv[4 + j];
+
+    chainLength = (argc - j) - 6;
+    if (chainLength > PKIX_TEST_MAX_CERTS) {
+        printUsageMax(chainLength);
+    }
+
+    for (i = 0; i < chainLength; i++) {
+
+        certNames[i] = argv[6 + i + j];
+        certs[i] = NULL;
+    }
+
+    subTest(argv[1 + j]);
+
+    subTest("Extended-Key-Usage-Checker");
+
+    subTest("Extended-Key-Usage-Checker - Create Cert Chain");
+
+    chain = createCertChainPlus(dirName, certNames, certs, chainLength, plContext);
+
+    subTest("Extended-Key-Usage-Checker - Create Params");
+
+    valParams = createValidateParams(dirName,
+                                     argv[5 +
+                                          j],
+                                     NULL,
+                                     NULL,
+                                     NULL,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     PKIX_FALSE,
+                                     chain,
+                                     plContext);
+
+    subTest("Default CertStore");
+
+    testEkuSetup(valParams, argv[3 + j], &only4EE);
+
+    testEkuChecker(valParams, only4EE);
+
+    subTest("Extended-Key-Usage-Checker - Validate Chain");
+
+    if (testValid == PKIX_TRUE) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+    } else {
+        PKIX_TEST_EXPECT_ERROR(PKIX_ValidateChain(valParams, &valResult, NULL, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(chain);
+    PKIX_TEST_DECREF_AC(valParams);
+    PKIX_TEST_DECREF_AC(valResult);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("EKU Checker");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c b/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
new file mode 100644
index 0000000..62f8630
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/module/test_httpcertstore.c
@@ -0,0 +1,300 @@
+/*
+ * test_httpcertstore.c
+ *
+ * Test Httpcertstore Type
+ *
+ * Copyright 2004-2005 Sun Microsystems, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistribution of source code must retain the above copyright notice,
+ *      this list of conditions and the following disclaimer.
+ *
+ *   2. Redistribution in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear facility.
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+#include "pkix_pl_common.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(char *testname)
+{
+    char *fmt =
+        "USAGE: %s [-arenas] certDir certName\n";
+    printf(fmt, "test_httpcertstore");
+}
+
+/* Functional tests for Socket public functions */
+static void
+do_other_work(void)
+{ /* while waiting for nonblocking I/O to complete */
+    (void)PR_Sleep(2 * 60);
+}
+
+PKIX_Error *
+PKIX_PL_HttpCertStore_Create(
+    PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+    PKIX_PL_GeneralName *location,
+    PKIX_CertStore **pCertStore,
+    void *plContext);
+
+PKIX_Error *
+pkix_pl_HttpCertStore_CreateWithAsciiName(
+    PKIX_PL_HttpClient *client, /* if NULL, use default Client */
+    char *location,
+    PKIX_CertStore **pCertStore,
+    void *plContext);
+
+static PKIX_Error *
+getLocation(
+    PKIX_PL_Cert *certWithAia,
+    PKIX_PL_GeneralName **pLocation,
+    void *plContext)
+{
+    PKIX_List *aiaList = NULL;
+    PKIX_UInt32 size = 0;
+    PKIX_PL_InfoAccess *aia = NULL;
+    PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN;
+    PKIX_PL_GeneralName *location = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Getting Authority Info Access");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certWithAia, &aiaList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
+
+    if (size != 1) {
+        pkixTestErrorMsg = "unexpected number of AIA";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocationType(aia, &iaType, plContext));
+
+    if (iaType != PKIX_INFOACCESS_LOCATION_HTTP) {
+        pkixTestErrorMsg = "unexpected location type in AIA";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(aia, &location, plContext));
+
+    *pLocation = location;
+
+cleanup:
+    PKIX_TEST_DECREF_AC(aiaList);
+    PKIX_TEST_DECREF_AC(aia);
+
+    PKIX_TEST_RETURN();
+
+    return (NULL);
+}
+
+int
+test_httpcertstore(int argc, char *argv[])
+{
+
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 numCerts = 0;
+    PKIX_UInt32 numCrls = 0;
+    int j = 0;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 length = 0;
+
+    char *certName = NULL;
+    char *certDir = NULL;
+    PKIX_PL_Cert *cmdLineCert = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertStore *crlStore = NULL;
+    PKIX_PL_GeneralName *location = NULL;
+    PKIX_CertStore_CertCallback getCerts = NULL;
+    PKIX_List *certs = NULL;
+    char *asciiResult = NULL;
+    void *nbio = NULL;
+
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_CRLSelector *crlSelector = NULL;
+    char *crlLocation = "http://betty.nist.gov/pathdiscoverytestsuite/CRL"
+                        "files/BasicHTTPURIPeer2CACRL.crl";
+    PKIX_CertStore_CRLCallback getCrls = NULL;
+    PKIX_List *crls = NULL;
+    PKIX_PL_String *crlString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("HttpCertStore");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc != (j + 3)) {
+        printUsage(argv[0]);
+        pkixTestErrorMsg = "Missing command line argument.";
+        goto cleanup;
+    }
+
+    certDir = argv[++j];
+    certName = argv[++j];
+
+    cmdLineCert = createCert(certDir, certName, plContext);
+    if (cmdLineCert == NULL) {
+        pkixTestErrorMsg = "Unable to create Cert";
+        goto cleanup;
+    }
+
+    /* muster arguments to create HttpCertStore */
+    PKIX_TEST_EXPECT_NO_ERROR(getLocation(cmdLineCert, &location, plContext));
+
+    if (location == NULL) {
+        pkixTestErrorMsg = "Give me a cert with an HTTP URI!";
+        goto cleanup;
+    }
+
+    /* create HttpCertStore */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HttpCertStore_Create(NULL, location, &certStore, plContext));
+
+    /* get the GetCerts callback */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCerts, plContext));
+
+    /* create a CertSelector */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    /* Get the certs */
+    PKIX_TEST_EXPECT_NO_ERROR(getCerts(certStore, certSelector, &nbio, &certs, plContext));
+
+    while (nbio != NULL) {
+        /* poll for a completion */
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CertContinue(certStore, certSelector, &nbio, &certs, plContext));
+    }
+
+    if (certs) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+        if (numCerts == 0) {
+            printf("HttpCertStore returned an empty Cert list\n");
+            goto cleanup;
+        }
+
+        for (i = 0; i < numCerts; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs,
+                                                        i,
+                                                        (PKIX_PL_Object **)&cert,
+                                                        plContext));
+
+            asciiResult = PKIX_Cert2ASCII(cert);
+
+            printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+            /* PKIX_Cert2ASCII used PKIX_PL_Malloc(...,,NULL) */
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, NULL));
+            asciiResult = NULL;
+
+            PKIX_TEST_DECREF_BC(cert);
+        }
+    } else {
+        printf("HttpCertStore returned a NULL Cert list\n");
+    }
+
+    /* create HttpCertStore */
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_HttpCertStore_CreateWithAsciiName(NULL, crlLocation, &crlStore, plContext));
+
+    /* get the GetCrls callback */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrls, plContext));
+
+    /* create a CrlSelector */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &crlSelector, plContext));
+
+    /* Get the crls */
+    PKIX_TEST_EXPECT_NO_ERROR(getCrls(crlStore, crlSelector, &nbio, &crls, plContext));
+
+    while (nbio != NULL) {
+        /* poll for a completion */
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_CrlContinue(crlStore, crlSelector, &nbio, &crls, plContext));
+    }
+
+    if (crls) {
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crls, &numCrls, plContext));
+
+        if (numCrls == 0) {
+            printf("HttpCertStore returned an empty CRL list\n");
+            goto cleanup;
+        }
+
+        for (i = 0; i < numCrls; i++) {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(crls,
+                                                        i,
+                                                        (PKIX_PL_Object **)&crl,
+                                                        plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
+                (PKIX_PL_Object *)crl,
+                &crlString,
+                plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(crlString,
+                                                                PKIX_ESCASCII,
+                                                                (void **)&asciiResult,
+                                                                &length,
+                                                                plContext));
+
+            printf("CRL[%d]:\n%s\n", i, asciiResult);
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
+            PKIX_TEST_DECREF_BC(crlString);
+            PKIX_TEST_DECREF_BC(crl);
+        }
+    } else {
+        printf("HttpCertStore returned a NULL CRL list\n");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(cmdLineCert);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(crlStore);
+    PKIX_TEST_DECREF_AC(location);
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(crl);
+    PKIX_TEST_DECREF_AC(crlString);
+    PKIX_TEST_DECREF_AC(crls);
+
+    PKIX_TEST_RETURN();
+
+    endTests("HttpDefaultClient");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c b/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
new file mode 100644
index 0000000..58fceb1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/module/test_pk11certstore.c
@@ -0,0 +1,580 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_pk11certstore.c
+ *
+ * Test Pk11CertStore Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+/*
+ * This function creates a certSelector with ComCertSelParams set up to
+ * select entries whose Subject Name matches that in the given Cert and
+ * whose validity window includes the Date specified by "validityDate".
+ */
+static void
+test_makeSubjectCertSelector(
+    PKIX_PL_Cert *certNameToMatch,
+    PKIX_PL_Date *validityDate,
+    PKIX_CertSelector **pSelector,
+    void *plContext)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *subjParams = NULL;
+    PKIX_PL_X500Name *subjectName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&subjParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(certNameToMatch, &subjectName, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject(subjParams, subjectName, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificateValid(subjParams, validityDate, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, subjParams, plContext));
+    *pSelector = selector;
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(subjParams);
+    PKIX_TEST_DECREF_AC(subjectName);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function creates a certSelector with ComCertSelParams set up to
+ * select entries containing a Basic Constraints extension with a path
+ * length of at least the specified "minPathLength".
+ */
+static void
+test_makePathCertSelector(
+    PKIX_Int32 minPathLength,
+    PKIX_CertSelector **pSelector,
+    void *plContext)
+{
+    PKIX_CertSelector *selector = NULL;
+    PKIX_ComCertSelParams *pathParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&pathParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetBasicConstraints(pathParams, minPathLength, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(selector, pathParams, plContext));
+    *pSelector = selector;
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(pathParams);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function reads a directory-file cert specified by "desiredSubjectCert",
+ * and decodes the SubjectName. It uses that name to set up the CertSelector
+ * for a Subject Name match, and then queries the database for matching entries.
+ * It is intended to test a "smart" database query.
+ */
+static void
+testMatchCertSubject(
+    char *crlDir,
+    char *desiredSubjectCert,
+    char *expectedAscii,
+    PKIX_PL_Date *validityDate,
+    void *plContext)
+{
+    PKIX_UInt32 numCert = 0;
+    PKIX_PL_Cert *certWithDesiredSubject = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    PKIX_CertStore_CertCallback getCert = NULL;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certWithDesiredSubject = createCert(crlDir, desiredSubjectCert, plContext);
+
+    test_makeSubjectCertSelector(certWithDesiredSubject,
+                                 validityDate,
+                                 &certSelector,
+                                 plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore,
+                                      certSelector,
+                                      &nbioContext,
+                                      &certList,
+                                      plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certList, &numCert, plContext));
+
+    if (numCert > 0) {
+        /* List should be immutable */
+        PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(certList, 0, plContext));
+    }
+
+    if (expectedAscii) {
+        testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext);
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(certWithDesiredSubject);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certList);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function uses the minimum path length specified by "minPath" to set up
+ * a CertSelector for a BasicConstraints match, and then queries the database
+ * for matching entries. It is intended to test the case where there
+ * is no "smart" database query, so the database will be asked for all
+ * available certs and the filtering will be done by the interaction of the
+ * certstore and the selector.
+ */
+static void
+testMatchCertMinPath(
+    PKIX_Int32 minPath,
+    char *expectedAscii,
+    void *plContext)
+{
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certList = NULL;
+    PKIX_CertStore_CertCallback getCert = NULL;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Searching Certs for minPath");
+
+    test_makePathCertSelector(minPath, &certSelector, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&certStore, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCertCallback(certStore, &getCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(getCert(certStore,
+                                      certSelector,
+                                      &nbioContext,
+                                      &certList,
+                                      plContext));
+
+    if (expectedAscii) {
+        testToStringHelper((PKIX_PL_Object *)certList, expectedAscii, plContext);
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(certList);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function creates a crlSelector with ComCrlSelParams set up to
+ * select entries whose Issuer Name matches that in the given Crl.
+ */
+static void
+test_makeIssuerCRLSelector(
+    PKIX_PL_CRL *crlNameToMatch,
+    PKIX_CRLSelector **pSelector,
+    void *plContext)
+{
+    PKIX_CRLSelector *selector = NULL;
+    PKIX_ComCRLSelParams *issuerParams = NULL;
+    PKIX_PL_X500Name *issuerName = NULL;
+    PKIX_List *names = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&issuerParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetIssuer(crlNameToMatch, &issuerName, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&names, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(names, (PKIX_PL_Object *)issuerName, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetIssuerNames(issuerParams, names, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, issuerParams, plContext));
+    *pSelector = selector;
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(issuerParams);
+    PKIX_TEST_DECREF_AC(issuerName);
+    PKIX_TEST_DECREF_AC(names);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function creates a crlSelector with ComCrlSelParams set up to
+ * select entries that would be valid at the Date specified by the Date
+ * criterion.
+ */
+static void
+test_makeDateCRLSelector(
+    PKIX_PL_Date *dateToMatch,
+    PKIX_CRLSelector **pSelector,
+    void *plContext)
+{
+    PKIX_CRLSelector *selector = NULL;
+    PKIX_ComCRLSelParams *dateParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_Create(NULL, NULL, &selector, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_Create(&dateParams, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCRLSelParams_SetDateAndTime(dateParams, dateToMatch, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CRLSelector_SetCommonCRLSelectorParams(selector, dateParams, plContext));
+    *pSelector = selector;
+
+cleanup:
+    PKIX_TEST_DECREF_AC(dateParams);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function reads a directory-file crl specified by "desiredIssuerCrl",
+ * and decodes the IssuerName. It uses that name to set up the CrlSelector
+ * for a Issuer Name match, and then queries the database for matching entries.
+ * It is intended to test the case of a "smart" database query.
+ */
+static void
+testMatchCrlIssuer(
+    char *crlDir,
+    char *desiredIssuerCrl,
+    char *expectedAscii,
+    void *plContext)
+{
+    PKIX_UInt32 numCrl = 0;
+    PKIX_PL_CRL *crlWithDesiredIssuer = NULL;
+    PKIX_CertStore *crlStore = NULL;
+    PKIX_CRLSelector *crlSelector = NULL;
+    PKIX_List *crlList = NULL;
+    PKIX_CertStore_CRLCallback getCrl = NULL;
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Searching CRLs for matching Issuer");
+
+    crlWithDesiredIssuer = createCRL(crlDir, desiredIssuerCrl, plContext);
+
+    test_makeIssuerCRLSelector(crlWithDesiredIssuer, &crlSelector, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(getCrl(crlStore,
+                                     crlSelector,
+                                     &nbioContext,
+                                     &crlList,
+                                     plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(crlList, &numCrl, plContext));
+
+    if (numCrl > 0) {
+        /* List should be immutable */
+        PKIX_TEST_EXPECT_ERROR(PKIX_List_DeleteItem(crlList, 0, plContext));
+    }
+
+    if (expectedAscii) {
+        testToStringHelper((PKIX_PL_Object *)crlList, expectedAscii, plContext);
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(crlWithDesiredIssuer);
+    PKIX_TEST_DECREF_AC(crlStore);
+    PKIX_TEST_DECREF_AC(crlSelector);
+    PKIX_TEST_DECREF_AC(crlList);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * This function uses the date specified by "matchDate" to set up the
+ * CrlSelector for a Date match. It is intended to test the case where there
+ * is no "smart" database query, so the CertStore should throw an error
+ * rather than ask the database for all available CRLs and then filter the
+ * results using the selector.
+ */
+static void
+testMatchCrlDate(
+    char *dateMatch,
+    char *expectedAscii,
+    void *plContext)
+{
+    PKIX_PL_Date *dateCriterion = NULL;
+    PKIX_CertStore *crlStore = NULL;
+    PKIX_CRLSelector *crlSelector = NULL;
+    PKIX_List *crlList = NULL;
+    PKIX_CertStore_CRLCallback getCrl = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("Searching CRLs for matching Date");
+
+    dateCriterion = createDate(dateMatch, plContext);
+    test_makeDateCRLSelector(dateCriterion, &crlSelector, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Pk11CertStore_Create(&crlStore, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertStore_GetCRLCallback(crlStore, &getCrl, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(getCrl(crlStore, crlSelector, NULL, &crlList, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(dateCriterion);
+    PKIX_TEST_DECREF_AC(crlStore);
+    PKIX_TEST_DECREF_AC(crlSelector);
+    PKIX_TEST_DECREF_AC(crlList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(char *pName)
+{
+    printf("\nUSAGE: %s <-d data-dir> <database-dir>\n\n", pName);
+}
+
+/* Functional tests for Pk11CertStore public functions */
+
+int
+test_pk11certstore(int argc, char *argv[])
+{
+
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_PL_Date *validityDate = NULL;
+    PKIX_PL_Date *betweenDate = NULL;
+    char *crlDir = NULL;
+    char *expectedProfAscii = "([\n"
+                              "\tVersion:         v3\n"
+                              "\tSerialNumber:    00ca\n"
+                              "\tIssuer:          CN=chemistry,O=mit,C=us\n"
+                              "\tSubject:         CN=prof noall,O=mit,C=us\n"
+                              "\tValidity: [From: Fri Feb 11 14:14:06 2005\n"
+                              "\t           To:   Mon Jan 18, 2105]\n"
+                              "\tSubjectAltNames: (null)\n"
+                              "\tAuthorityKeyId:  (null)\n"
+                              "\tSubjectKeyId:    (null)\n"
+                              "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+                              "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+                              "\tExtKeyUsages:    (null)\n"
+                              "\tBasicConstraint: CA(6)\n"
+                              "\tCertPolicyInfo:  (null)\n"
+                              "\tPolicyMappings:  (null)\n"
+                              "\tExplicitPolicy:  -1\n"
+                              "\tInhibitMapping:  -1\n"
+                              "\tInhibitAnyPolicy:-1\n"
+                              "\tNameConstraints: (null)\n"
+                              "]\n"
+                              ", [\n"
+                              "\tVersion:         v3\n"
+                              "\tSerialNumber:    03\n"
+                              "\tIssuer:          CN=physics,O=mit,C=us\n"
+                              "\tSubject:         CN=prof noall,O=mit,C=us\n"
+                              "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
+                              "\t           To:   Mon Jan 18, 2105]\n"
+                              "\tSubjectAltNames: (null)\n"
+                              "\tAuthorityKeyId:  (null)\n"
+                              "\tSubjectKeyId:    (null)\n"
+                              "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+                              "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+                              "\tExtKeyUsages:    (null)\n"
+                              "\tBasicConstraint: CA(0)\n"
+                              "\tCertPolicyInfo:  (null)\n"
+                              "\tPolicyMappings:  (null)\n"
+                              "\tExplicitPolicy:  -1\n"
+                              "\tInhibitMapping:  -1\n"
+                              "\tInhibitAnyPolicy:-1\n"
+                              "\tNameConstraints: (null)\n"
+                              "]\n"
+                              ")";
+    char *expectedValidityAscii = "([\n"
+                                  "\tVersion:         v3\n"
+                                  "\tSerialNumber:    03\n"
+                                  "\tIssuer:          CN=physics,O=mit,C=us\n"
+                                  "\tSubject:         CN=prof noall,O=mit,C=us\n"
+                                  "\tValidity: [From: Fri Feb 11 12:52:26 2005\n"
+                                  "\t           To:   Mon Jan 18, 2105]\n"
+                                  "\tSubjectAltNames: (null)\n"
+                                  "\tAuthorityKeyId:  (null)\n"
+                                  "\tSubjectKeyId:    (null)\n"
+                                  "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+                                  "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+                                  "\tExtKeyUsages:    (null)\n"
+                                  "\tBasicConstraint: CA(0)\n"
+                                  "\tCertPolicyInfo:  (null)\n"
+                                  "\tPolicyMappings:  (null)\n"
+                                  "\tExplicitPolicy:  -1\n"
+                                  "\tInhibitMapping:  -1\n"
+                                  "\tInhibitAnyPolicy:-1\n"
+                                  "\tNameConstraints: (null)\n"
+                                  "]\n"
+                                  ")";
+    char *expectedMinPathAscii = "([\n"
+                                 "\tVersion:         v3\n"
+                                 "\tSerialNumber:    01\n"
+                                 "\tIssuer:          CN=science,O=mit,C=us\n"
+                                 "\tSubject:         CN=science,O=mit,C=us\n"
+                                 "\tValidity: [From: Fri Feb 11 12:47:58 2005\n"
+                                 "\t           To:   Mon Jan 18, 2105]\n"
+                                 "\tSubjectAltNames: (null)\n"
+                                 "\tAuthorityKeyId:  (null)\n"
+                                 "\tSubjectKeyId:    (null)\n"
+                                 "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+                                 "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+                                 "\tExtKeyUsages:    (null)\n"
+                                 "\tBasicConstraint: CA(10)\n"
+                                 "\tCertPolicyInfo:  (null)\n"
+                                 "\tPolicyMappings:  (null)\n"
+                                 "\tExplicitPolicy:  -1\n"
+                                 "\tInhibitMapping:  -1\n"
+                                 "\tInhibitAnyPolicy:-1\n"
+                                 "\tNameConstraints: (null)\n"
+                                 "]\n"
+                                 ")";
+    char *expectedIssuerAscii = "([\n"
+                                "\tVersion:         v2\n"
+                                "\tIssuer:          CN=physics,O=mit,C=us\n"
+                                "\tUpdate:   [Last: Fri Feb 11 13:51:38 2005\n"
+                                "\t           Next: Mon Jan 18, 2105]\n"
+                                "\tSignatureAlgId:  1.2.840.10040.4.3\n"
+                                "\tCRL Number     : (null)\n"
+                                "\n"
+                                "\tEntry List:      (\n"
+                                "\t[\n"
+                                "\tSerialNumber:    67\n"
+                                "\tReasonCode:      257\n"
+                                "\tRevocationDate:  Fri Feb 11 13:51:38 2005\n"
+                                "\tCritExtOIDs:     (EMPTY)\n"
+                                "\t]\n"
+                                "\t)\n"
+                                "\n"
+                                "\tCritExtOIDs:     (EMPTY)\n"
+                                "]\n"
+                                ")";
+    char *expectedDateAscii = "([\n"
+                              "\tVersion:         v2\n"
+                              "\tIssuer:          CN=science,O=mit,C=us\n"
+                              "\tUpdate:   [Last: Fri Feb 11 13:34:40 2005\n"
+                              "\t           Next: Mon Jan 18, 2105]\n"
+                              "\tSignatureAlgId:  1.2.840.10040.4.3\n"
+                              "\tCRL Number     : (null)\n"
+                              "\n"
+                              "\tEntry List:      (\n"
+                              "\t[\n"
+                              "\tSerialNumber:    65\n"
+                              "\tReasonCode:      260\n"
+                              "\tRevocationDate:  Fri Feb 11 13:34:40 2005\n"
+                              "\tCritExtOIDs:     (EMPTY)\n"
+                              "\t]\n"
+                              "\t)\n"
+                              "\n"
+                              "\tCritExtOIDs:     (EMPTY)\n"
+                              "]\n"
+                              ", [\n"
+                              "\tVersion:         v2\n"
+                              "\tIssuer:          CN=testing CRL,O=test,C=us\n"
+                              "\tUpdate:   [Last: Fri Feb 11 13:14:38 2005\n"
+                              "\t           Next: Mon Jan 18, 2105]\n"
+                              "\tSignatureAlgId:  1.2.840.10040.4.3\n"
+                              "\tCRL Number     : (null)\n"
+                              "\n"
+                              "\tEntry List:      (\n"
+                              "\t[\n"
+                              "\tSerialNumber:    67\n"
+                              "\tReasonCode:      258\n"
+                              "\tRevocationDate:  Fri Feb 11 13:14:38 2005\n"
+                              "\tCritExtOIDs:     (EMPTY)\n"
+                              "\t]\n"
+                              "\t)\n"
+                              "\n"
+                              "\tCritExtOIDs:     (EMPTY)\n"
+                              "]\n"
+                              ")";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Pk11CertStore");
+
+    if (argc < 3) {
+        printUsage(argv[0]);
+        return (0);
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    crlDir = argv[j + 2];
+
+    /* Two certs for prof should be valid now */
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Date_CreateFromPRTime(PR_Now(), &validityDate, plContext));
+
+    subTest("Searching Certs for Subject");
+
+    testMatchCertSubject(crlDir,
+                         "phy2prof.crt",
+                         NULL, /* expectedProfAscii, */
+                         validityDate,
+                         plContext);
+
+    /* One of the certs was not yet valid at this time. */
+    betweenDate = createDate("050210184000Z", plContext);
+
+    subTest("Searching Certs for Subject and Validity");
+
+    testMatchCertSubject(crlDir,
+                         "phy2prof.crt",
+                         NULL, /* expectedValidityAscii, */
+                         betweenDate,
+                         plContext);
+
+    testMatchCertMinPath(9,
+                         NULL, /* expectedMinPathAscii, */
+                         plContext);
+
+    testMatchCrlIssuer(crlDir,
+                       "phys.crl",
+                       NULL, /* expectedIssuerAscii, */
+                       plContext);
+
+    testMatchCrlDate("050211184000Z",
+                     NULL, /* expectedDateAscii, */
+                     plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(validityDate);
+    PKIX_TEST_DECREF_AC(betweenDate);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Pk11CertStore");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/module/test_socket.c b/nss/cmd/libpkix/pkix_pl/module/test_socket.c
new file mode 100644
index 0000000..8940025
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/module/test_socket.c
@@ -0,0 +1,571 @@
+/*
+ * test_socket.c
+ *
+ * Test Socket Type
+ *
+ * Copyright 2004-2005 Sun Microsystems, Inc.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   1. Redistribution of source code must retain the above copyright notice,
+ *      this list of conditions and the following disclaimer.
+ *
+ *   2. Redistribution in binary form must reproduce the above copyright
+ *      notice, this list of conditions and the following disclaimer in the
+ *      documentation and/or other materials provided with the distribution.
+ *
+ * Neither the name of Sun Microsystems, Inc. or the names of contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * This software is provided "AS IS," without a warranty of any kind. ALL
+ * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
+ * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
+ * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
+ * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
+ * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
+ * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
+ * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
+ * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
+ * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
+ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ *
+ * You acknowledge that this software is not designed or intended for use in
+ * the design, construction, operation or maintenance of any nuclear facility.
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+#include "pkix_pl_common.h"
+
+#define LDAP_PORT 389
+
+static void *plContext = NULL;
+
+typedef enum {
+    SERVER_LISTENING,
+    SERVER_RECV1,
+    SERVER_POLL1,
+    SERVER_SEND2,
+    SERVER_POLL2,
+    SERVER_RECV3,
+    SERVER_POLL3,
+    SERVER_SEND4,
+    SERVER_POLL4,
+    SERVER_DONE,
+    SERVER_FAILED
+} SERVER_STATE;
+
+typedef enum {
+    CLIENT_WAITFORCONNECT,
+    CLIENT_SEND1,
+    CLIENT_POLL1,
+    CLIENT_RECV2,
+    CLIENT_POLL2,
+    CLIENT_SEND3,
+    CLIENT_POLL3,
+    CLIENT_RECV4,
+    CLIENT_POLL4,
+    CLIENT_DONE,
+    CLIENT_FAILED
+} CLIENT_STATE;
+
+SERVER_STATE serverState;
+CLIENT_STATE clientState;
+PKIX_PL_Socket *sSock = NULL;
+PKIX_PL_Socket *cSock = NULL;
+PKIX_PL_Socket *rendezvousSock = NULL;
+PKIX_PL_Socket_Callback *sCallbackList;
+PKIX_PL_Socket_Callback *cCallbackList;
+PKIX_PL_Socket_Callback *rvCallbackList;
+PRNetAddr serverNetAddr;
+PRNetAddr clientNetAddr;
+PRIntn backlog = 0;
+PRIntervalTime timeout = 0;
+char *sendBuf1 = "Hello, world!";
+char *sendBuf2 = "Ack";
+char *sendBuf3 = "What do you mean, \"Ack\"?";
+char *sendBuf4 = "What do you mean, \"What do you mean, \'Ack\'?\"?";
+char rcvBuf1[100];
+char rcvBuf2[100];
+
+static void
+printUsage(char *testname)
+{
+    char *fmt = "USAGE: %s [-arenas] server:port\n";
+    printf(fmt, testname);
+}
+
+/* Functional tests for Socket public functions */
+static void
+do_other_work(void)
+{ /* while waiting for nonblocking I/O to complete */
+    (void)PR_Sleep(2 * 60);
+}
+
+static PKIX_Boolean
+server()
+{
+    PKIX_Int32 bytesRead = 0;
+    PKIX_Int32 bytesWritten = 0;
+    PKIX_Boolean keepGoing = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    switch (serverState) {
+        case SERVER_LISTENING:
+            subTest("SERVER_LISTENING");
+            PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->acceptCallback(sSock, &rendezvousSock, plContext));
+            if (rendezvousSock) {
+                PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(rendezvousSock, &rvCallbackList, plContext));
+
+                serverState = SERVER_RECV1;
+            }
+            break;
+        case SERVER_RECV1:
+            subTest("SERVER_RECV1");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock,
+                                                                   rcvBuf1,
+                                                                   sizeof(rcvBuf1),
+                                                                   &bytesRead,
+                                                                   plContext));
+
+            if (bytesRead > 0) {
+                /* confirm that rcvBuf1 = sendBuf1 */
+                if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
+                    (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
+                    testError("Receive buffer mismatch\n");
+                }
+
+                serverState = SERVER_SEND2;
+                keepGoing = PKIX_TRUE;
+            } else {
+                serverState = SERVER_POLL1;
+            }
+            break;
+        case SERVER_POLL1:
+            subTest("SERVER_POLL1");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext));
+
+            if (bytesRead > 0) {
+                /* confirm that rcvBuf1 = sendBuf1 */
+                if ((bytesRead != (PRInt32)PL_strlen(sendBuf1) + 1) ||
+                    (strncmp(sendBuf1, rcvBuf1, bytesRead) != 0)) {
+                    testError("Receive buffer mismatch\n");
+                }
+
+                serverState = SERVER_SEND2;
+                keepGoing = PKIX_TRUE;
+            }
+            break;
+        case SERVER_SEND2:
+            subTest("SERVER_SEND2");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock,
+                                                                   sendBuf2,
+                                                                   strlen(sendBuf2) +
+                                                                       1,
+                                                                   &bytesWritten,
+                                                                   plContext));
+            if (bytesWritten > 0) {
+                serverState = SERVER_RECV3;
+            } else {
+                serverState = SERVER_POLL2;
+            }
+            break;
+        case SERVER_POLL2:
+            subTest("SERVER_POLL2");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext));
+            if (bytesWritten > 0) {
+                serverState = SERVER_RECV3;
+            }
+            break;
+        case SERVER_RECV3:
+            subTest("SERVER_RECV3");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->recvCallback(rendezvousSock,
+                                                                   rcvBuf1,
+                                                                   sizeof(rcvBuf1),
+                                                                   &bytesRead,
+                                                                   plContext));
+
+            if (bytesRead > 0) {
+                serverState = SERVER_SEND4;
+                keepGoing = PKIX_TRUE;
+            } else {
+                serverState = SERVER_POLL3;
+            }
+            break;
+        case SERVER_POLL3:
+            subTest("SERVER_POLL3");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, NULL, &bytesRead, plContext));
+            if (bytesRead > 0) {
+                serverState = SERVER_SEND4;
+                keepGoing = PKIX_TRUE;
+            }
+            break;
+        case SERVER_SEND4:
+            subTest("SERVER_SEND4");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->sendCallback(rendezvousSock,
+                                                                   sendBuf4,
+                                                                   strlen(sendBuf4) +
+                                                                       1,
+                                                                   &bytesWritten,
+                                                                   plContext));
+
+            if (bytesWritten > 0) {
+                PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext));
+                PKIX_TEST_DECREF_BC(sSock);
+                PKIX_TEST_DECREF_BC(rendezvousSock);
+                serverState = SERVER_DONE;
+            } else {
+                serverState = SERVER_POLL4;
+            }
+            break;
+        case SERVER_POLL4:
+            subTest("SERVER_POLL4");
+            PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->pollCallback(rendezvousSock, &bytesWritten, NULL, plContext));
+            if (bytesWritten > 0) {
+                PKIX_TEST_EXPECT_NO_ERROR(rvCallbackList->shutdownCallback(rendezvousSock, plContext));
+                PKIX_TEST_DECREF_BC(sSock);
+                PKIX_TEST_DECREF_BC(rendezvousSock);
+                serverState = SERVER_DONE;
+            }
+            break;
+        case SERVER_DONE:
+        default:
+            subTest("SERVER_DONE");
+            break;
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (keepGoing);
+}
+
+static PKIX_Boolean
+client()
+{
+    PKIX_Boolean keepGoing = PKIX_FALSE;
+    PKIX_Int32 bytesRead = 0;
+    PKIX_Int32 bytesWritten = 0;
+    PRErrorCode cStat = 0;
+
+    /* At 2 seconds each cycle, this should suffice! */
+    PKIX_UInt32 giveUpCount = 10;
+
+    PKIX_TEST_STD_VARS();
+
+    switch (clientState) {
+        case CLIENT_WAITFORCONNECT:
+            subTest("CLIENT_WAITFORCONNECT");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->connectcontinueCallback(cSock, &cStat, plContext));
+            if (cStat == 0) {
+                clientState = CLIENT_SEND1;
+                keepGoing = PKIX_TRUE;
+            } else {
+                clientState = CLIENT_WAITFORCONNECT;
+                if (--giveUpCount == 0) {
+                    testError("Client unable to connect");
+                }
+            }
+            break;
+        case CLIENT_SEND1:
+            subTest("CLIENT_SEND1");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock,
+                                                                  sendBuf1,
+                                                                  strlen(sendBuf1) +
+                                                                      1,
+                                                                  &bytesWritten,
+                                                                  plContext));
+            if (bytesWritten > 0) {
+                clientState = CLIENT_RECV2;
+            } else {
+                clientState = CLIENT_POLL1;
+            }
+            break;
+        case CLIENT_POLL1:
+            subTest("CLIENT_POLL1");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext));
+            if (bytesWritten > 0) {
+                clientState = CLIENT_RECV2;
+            } else {
+                clientState = CLIENT_POLL1;
+            }
+            break;
+        case CLIENT_RECV2:
+            subTest("CLIENT_RECV2");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock,
+                                                                  rcvBuf2,
+                                                                  sizeof(rcvBuf2),
+                                                                  &bytesRead,
+                                                                  plContext));
+
+            if (bytesRead > 0) {
+                /* confirm that rcvBuf2 = sendBuf2 */
+                if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
+                    (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
+                    testError("Receive buffer mismatch\n");
+                }
+                clientState = CLIENT_SEND3;
+                keepGoing = PKIX_TRUE;
+            } else {
+                clientState = CLIENT_POLL2;
+            }
+            break;
+        case CLIENT_POLL2:
+            subTest("CLIENT_POLL2");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext));
+            if (bytesRead > 0) {
+                /* confirm that rcvBuf2 = sendBuf2 */
+                if ((bytesRead != (PRInt32)PL_strlen(sendBuf2) + 1) ||
+                    (strncmp(sendBuf2, rcvBuf2, bytesRead) != 0)) {
+                    testError("Receive buffer mismatch\n");
+                }
+                clientState = CLIENT_SEND3;
+            } else {
+                clientState = CLIENT_POLL2;
+            }
+            break;
+        case CLIENT_SEND3:
+            subTest("CLIENT_SEND3");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->sendCallback(cSock,
+                                                                  sendBuf3,
+                                                                  strlen(sendBuf3) +
+                                                                      1,
+                                                                  &bytesWritten,
+                                                                  plContext));
+
+            if (bytesWritten > 0) {
+                clientState = CLIENT_RECV4;
+            } else {
+                clientState = CLIENT_POLL3;
+            }
+            break;
+        case CLIENT_POLL3:
+            subTest("CLIENT_POLL3");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, &bytesWritten, NULL, plContext));
+            if (bytesWritten > 0) {
+                clientState = CLIENT_RECV4;
+            } else {
+                clientState = CLIENT_POLL3;
+            }
+            break;
+        case CLIENT_RECV4:
+            subTest("CLIENT_RECV4");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->recvCallback(cSock,
+                                                                  rcvBuf2,
+                                                                  sizeof(rcvBuf2),
+                                                                  &bytesRead,
+                                                                  plContext));
+
+            if (bytesRead > 0) {
+                PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext));
+                PKIX_TEST_DECREF_BC(cSock);
+                clientState = CLIENT_DONE;
+            } else {
+                clientState = CLIENT_POLL4;
+            }
+            break;
+        case CLIENT_POLL4:
+            subTest("CLIENT_POLL4");
+            clientState = CLIENT_FAILED;
+            PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->pollCallback(cSock, NULL, &bytesRead, plContext));
+            if (bytesRead > 0) {
+                PKIX_TEST_EXPECT_NO_ERROR(cCallbackList->shutdownCallback(cSock, plContext));
+                PKIX_TEST_DECREF_BC(cSock);
+                clientState = CLIENT_DONE;
+            } else {
+                clientState = CLIENT_POLL4;
+            }
+            break;
+        case CLIENT_DONE:
+        default:
+            subTest("CLIENT_DONE");
+            break;
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (keepGoing);
+}
+
+static void
+dispatcher()
+{
+    PKIX_Boolean keepGoing = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    do {
+        if (serverState < SERVER_DONE) {
+            do {
+                keepGoing = server();
+            } while (keepGoing == PKIX_TRUE);
+        }
+        if (clientState < CLIENT_DONE) {
+            do {
+                keepGoing = client();
+            } while (keepGoing == PKIX_TRUE);
+        }
+        do_other_work();
+
+    } while ((serverState < SERVER_DONE) || (clientState < CLIENT_DONE));
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_socket(int argc, char *argv[])
+{
+
+    int j = 0;
+    PKIX_UInt32 actualMinorVersion;
+    char buf[PR_NETDB_BUF_SIZE];
+    char *serverName = NULL;
+    char *sepPtr = NULL;
+    PRHostEnt hostent;
+    PRUint16 portNum = 0;
+    PRStatus prstatus = PR_FAILURE;
+    PRErrorCode cStat = 0;
+    void *ipaddr = NULL;
+    PKIX_Error *bindError = NULL;
+    PRIntn hostenum;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Socket");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc != (j + 2)) {
+        printUsage(argv[0]);
+        pkixTestErrorMsg = "Missing command line argument.";
+        goto cleanup;
+    }
+
+    serverName = argv[j + 1];
+
+    subTest("Using pkix_pl_Socket_CreateByName");
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_TRUE, timeout, serverName, &cStat, &sSock, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext));
+
+    serverState = SERVER_LISTENING;
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_CreateByName(PKIX_FALSE, timeout, serverName, &cStat, &cSock, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext));
+
+    if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
+        clientState = CLIENT_WAITFORCONNECT;
+    } else {
+        clientState = CLIENT_SEND1;
+    }
+
+    dispatcher();
+
+    subTest("Using pkix_pl_Socket_Create");
+
+    sepPtr = strchr(serverName, ':');
+    /* First strip off the portnum, if present, from the end of the name */
+    if (sepPtr) {
+        *sepPtr++ = '\0';
+        portNum = (PRUint16)atoi(sepPtr);
+    } else {
+        portNum = (PRUint16)LDAP_PORT;
+    }
+    /*
+         * The hostname may be a fully-qualified name. Just
+         * use the leftmost component in our lookup.
+         */
+    sepPtr = strchr(serverName, '.');
+    if (sepPtr) {
+        *sepPtr++ = '\0';
+    }
+    prstatus = PR_GetHostByName(serverName, buf, sizeof(buf), &hostent);
+
+    if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
+        printUsage(argv[0]);
+        pkixTestErrorMsg =
+            "PR_GetHostByName rejects command line argument.";
+        goto cleanup;
+    }
+
+    serverNetAddr.inet.family = PR_AF_INET;
+    serverNetAddr.inet.port = PR_htons(portNum);
+    serverNetAddr.inet.ip = PR_INADDR_ANY;
+
+    hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &clientNetAddr);
+    if (hostenum == -1) {
+        pkixTestErrorMsg =
+            "PR_EnumerateHostEnt failed.";
+        goto cleanup;
+    }
+
+    backlog = 5;
+
+    /* timeout = PR_INTERVAL_NO_TIMEOUT; */
+    /* timeout = 0; nonblocking */
+    timeout = 0;
+
+    bindError = pkix_pl_Socket_Create(PKIX_TRUE, timeout, &serverNetAddr, &cStat, &sSock, plContext);
+
+    /* If PR_Bind can't handle INADDR_ANY, try it with the real name */
+    if (bindError) {
+        PKIX_TEST_DECREF_BC(bindError);
+        serverNetAddr.inet.ip = PR_htonl(*(PRUint32 *)ipaddr);
+
+        PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_TRUE,
+                                                        timeout,
+                                                        &serverNetAddr,
+                                                        &cStat,
+                                                        &sSock,
+                                                        plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(sSock, &sCallbackList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(sCallbackList->listenCallback(sSock, backlog, plContext));
+
+    serverState = SERVER_LISTENING;
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_Create(PKIX_FALSE, timeout, &clientNetAddr, &cStat, &cSock, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_pl_Socket_GetCallbackList(cSock, &cCallbackList, plContext));
+
+    if ((timeout == 0) && (cStat == PR_IN_PROGRESS_ERROR)) {
+        clientState = CLIENT_WAITFORCONNECT;
+    } else {
+        clientState = CLIENT_SEND1;
+    }
+
+    dispatcher();
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(sSock);
+    PKIX_TEST_DECREF_AC(cSock);
+    PKIX_TEST_DECREF_AC(rendezvousSock);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Socket");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/Makefile b/nss/cmd/libpkix/pkix_pl/pki/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix_pl/pki/manifest.mn b/nss/cmd/libpkix/pkix_pl/pki/manifest.mn
new file mode 100755
index 0000000..7c6e0a7
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/manifest.mn
@@ -0,0 +1,28 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = test_cert.c \
+	test_crl.c \
+	test_crlentry.c \
+	test_date.c \
+	test_generalname.c \
+	test_nameconstraints.c \
+	test_x500name.c \
+	test_authorityinfoaccess.c \
+	test_subjectinfoaccess.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolpki
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c b/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
new file mode 100644
index 0000000..156b440
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_authorityinfoaccess.c
@@ -0,0 +1,105 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_authorityinfoaccess.c
+ *
+ * Test Authority InfoAccess Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+int
+test_authorityinfoaccess(int argc, char *argv[])
+{
+
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_Cert *certDiff = NULL;
+    PKIX_List *aiaList = NULL;
+    PKIX_List *siaList = NULL;
+    PKIX_PL_InfoAccess *aia = NULL;
+    PKIX_PL_InfoAccess *aiaDup = NULL;
+    PKIX_PL_InfoAccess *aiaDiff = NULL;
+    char *certPathName = NULL;
+    char *dirName = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 size, i;
+    PKIX_UInt32 j = 0;
+    char *expectedAscii = "[method:caIssuers, location:ldap:"
+                          "//betty.nist.gov/cn=CA,ou=Basic%20LDAP%20URI%20OU1,"
+                          "o=Test%20Certificates,c=US?cACertificate;binary,"
+                          "crossCertificatePair;binary]";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("AuthorityInfoAccess");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 5 + j) {
+        printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
+    }
+
+    dirName = argv[2 + j];
+    certPathName = argv[3 + j];
+
+    subTest("Creating Cert with Authority Info Access");
+    cert = createCert(dirName, certPathName, plContext);
+
+    certPathName = argv[4 + j];
+
+    subTest("Creating Cert with Subject Info Access");
+    certDiff = createCert(dirName, certPathName, plContext);
+
+    subTest("Getting Authority Info Access");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(cert, &aiaList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
+
+    if (size != 1) {
+        pkixTestErrorMsg = "unexpected number of AIA";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aia, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&aiaDup, plContext));
+
+    subTest("Getting Subject Info Access as difference comparison");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(certDiff, &siaList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext));
+
+    if (size != 1) {
+        pkixTestErrorMsg = "unexpected number of AIA";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&aiaDiff, plContext));
+
+    subTest("Checking: Equal, Hash and ToString");
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(aia, aiaDup, aiaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(aia);
+    PKIX_TEST_DECREF_AC(aiaDup);
+    PKIX_TEST_DECREF_AC(aiaDiff);
+    PKIX_TEST_DECREF_AC(aiaList);
+    PKIX_TEST_DECREF_AC(siaList);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(certDiff);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Authorityinfoaccess");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_cert.c b/nss/cmd/libpkix/pkix_pl/pki/test_cert.c
new file mode 100644
index 0000000..274f818
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_cert.c
@@ -0,0 +1,2088 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_cert.c
+ *
+ * Test Cert Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static PKIX_PL_Cert *altNameNoneCert = NULL;
+static PKIX_PL_Cert *altNameOtherCert = NULL;
+static PKIX_PL_Cert *altNameOtherCert_diff = NULL;
+static PKIX_PL_Cert *altNameRfc822Cert = NULL;
+static PKIX_PL_Cert *altNameRfc822Cert_diff = NULL;
+static PKIX_PL_Cert *altNameDnsCert = NULL;
+static PKIX_PL_Cert *altNameDnsCert_diff = NULL;
+static PKIX_PL_Cert *altNameX400Cert = NULL;
+static PKIX_PL_Cert *altNameX400Cert_diff = NULL;
+static PKIX_PL_Cert *altNameDnCert = NULL;
+static PKIX_PL_Cert *altNameDnCert_diff = NULL;
+static PKIX_PL_Cert *altNameEdiCert = NULL;
+static PKIX_PL_Cert *altNameEdiCert_diff = NULL;
+static PKIX_PL_Cert *altNameUriCert = NULL;
+static PKIX_PL_Cert *altNameUriCert_diff = NULL;
+static PKIX_PL_Cert *altNameIpCert = NULL;
+static PKIX_PL_Cert *altNameIpCert_diff = NULL;
+static PKIX_PL_Cert *altNameOidCert = NULL;
+static PKIX_PL_Cert *altNameOidCert_diff = NULL;
+static PKIX_PL_Cert *altNameMultipleCert = NULL;
+
+static void *plContext = NULL;
+
+static void
+createCerts(
+    char *dataCentralDir,
+    char *goodInput,
+    char *diffInput,
+    PKIX_PL_Cert **goodObject,
+    PKIX_PL_Cert **equalObject,
+    PKIX_PL_Cert **diffObject)
+{
+    subTest("PKIX_PL_Cert_Create <goodObject>");
+    *goodObject = createCert(dataCentralDir, goodInput, plContext);
+
+    subTest("PKIX_PL_Cert_Create <equalObject>");
+    *equalObject = createCert(dataCentralDir, goodInput, plContext);
+
+    subTest("PKIX_PL_Cert_Create <diffObject>");
+    *diffObject = createCert(dataCentralDir, diffInput, plContext);
+}
+
+static void
+createCertsWithSubjectAltNames(char *dataCentralDir)
+{
+    subTest("PKIX_PL_Cert_Create <altNameDNS>");
+    altNameDnsCert = createCert(dataCentralDir, "generalName/altNameDnsCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameDNS_diff>");
+    altNameDnsCert_diff = createCert(dataCentralDir, "generalName/altNameDnsCert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameRFC822>");
+    altNameRfc822Cert = createCert(dataCentralDir, "generalName/altNameRfc822Cert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameRFC822_diff>");
+    altNameRfc822Cert_diff = createCert(dataCentralDir, "generalName/altNameRfc822Cert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameX400Cert>");
+    altNameX400Cert = createCert(dataCentralDir, "generalName/altNameX400Cert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameX400_diff>");
+    altNameX400Cert_diff = createCert(dataCentralDir, "generalName/altNameX400Cert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameDN>");
+    altNameDnCert = createCert(dataCentralDir, "generalName/altNameDnCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameDN_diff>");
+    altNameDnCert_diff = createCert(dataCentralDir, "generalName/altNameDnCert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameEdiCert>");
+    altNameEdiCert = createCert(dataCentralDir, "generalName/altNameEdiCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameEdi_diff>");
+    altNameEdiCert_diff = createCert(dataCentralDir, "generalName/altNameEdiCert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameURI>");
+    altNameUriCert = createCert(dataCentralDir, "generalName/altNameUriCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameURI_diff>");
+    altNameUriCert_diff = createCert(dataCentralDir, "generalName/altNameUriCert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameIP>");
+    altNameIpCert = createCert(dataCentralDir, "generalName/altNameIpCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameIP_diff>");
+    altNameIpCert_diff = createCert(dataCentralDir, "generalName/altNameIpCert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameOID>");
+    altNameOidCert = createCert(dataCentralDir, "generalName/altNameOidCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameOID_diff>");
+    altNameOidCert_diff = createCert(dataCentralDir, "generalName/altNameOidCert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameOther>");
+    altNameOtherCert = createCert(dataCentralDir, "generalName/altNameOtherCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameOther_diff>");
+    altNameOtherCert_diff = createCert(dataCentralDir, "generalName/altNameOtherCert_diff", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameNone>");
+    altNameNoneCert = createCert(dataCentralDir, "generalName/altNameNoneCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <altNameMultiple>");
+    altNameMultipleCert = createCert(dataCentralDir, "generalName/altNameRfc822DnsCert", plContext);
+}
+
+static void
+testGetVersion(
+    PKIX_PL_Cert *goodObject)
+{
+    PKIX_UInt32 goodVersion;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetVersion");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetVersion(goodObject, &goodVersion, plContext));
+
+    if (goodVersion != 2) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", goodVersion);
+        (void)printf("Expected value:\t2\n");
+        goto cleanup;
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSerialNumber(
+    PKIX_PL_Cert *goodObject,
+    PKIX_PL_Cert *equalObject,
+    PKIX_PL_Cert *diffObject)
+{
+    PKIX_PL_BigInt *goodSN = NULL;
+    PKIX_PL_BigInt *equalSN = NULL;
+    PKIX_PL_BigInt *diffSN = NULL;
+    char *expectedAscii = "37bc66ec";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetSerialNumber");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(goodObject, &goodSN, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(equalObject, &equalSN, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSerialNumber(diffObject, &diffSN, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSN, equalSN, diffSN, expectedAscii, BigInt, PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodSN);
+    PKIX_TEST_DECREF_AC(equalSN);
+    PKIX_TEST_DECREF_AC(diffSN);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSubject(
+    PKIX_PL_Cert *goodObject,
+    PKIX_PL_Cert *equalObject,
+    PKIX_PL_Cert *diffObject)
+{
+    PKIX_PL_X500Name *goodSubject = NULL;
+    PKIX_PL_X500Name *equalSubject = NULL;
+    PKIX_PL_X500Name *diffSubject = NULL;
+    char *expectedAscii = "OU=bcn,OU=east,O=sun,C=us";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetSubject");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(goodObject, &goodSubject, plContext));
+
+    if (!goodSubject) {
+        testError("Certificate Subject should not be NULL");
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(equalObject, &equalSubject, plContext));
+
+    if (!equalSubject) {
+        testError("Certificate Subject should not be NULL");
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(diffObject, &diffSubject, plContext));
+
+    if (!diffSubject) {
+        testError("Certificate Subject should not be NULL");
+        goto cleanup;
+    }
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodSubject,
+                                equalSubject,
+                                diffSubject,
+                                expectedAscii,
+                                X500Name,
+                                PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodSubject);
+    PKIX_TEST_DECREF_AC(equalSubject);
+    PKIX_TEST_DECREF_AC(diffSubject);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetIssuer(
+    PKIX_PL_Cert *goodObject,
+    PKIX_PL_Cert *equalObject,
+    PKIX_PL_Cert *diffObject)
+{
+    PKIX_PL_X500Name *goodIssuer = NULL;
+    PKIX_PL_X500Name *equalIssuer = NULL;
+    PKIX_PL_X500Name *diffIssuer = NULL;
+    char *expectedAscii = "CN=yassir,OU=bcn,OU=east,O=sun,C=us";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetIssuer");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(goodObject, &goodIssuer, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(equalObject, &equalIssuer, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetIssuer(diffObject, &diffIssuer, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
+                                equalIssuer,
+                                diffIssuer,
+                                expectedAscii,
+                                X500Name,
+                                PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodIssuer);
+    PKIX_TEST_DECREF_AC(equalIssuer);
+    PKIX_TEST_DECREF_AC(diffIssuer);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAltNames(
+    PKIX_PL_Cert *goodCert,
+    PKIX_PL_Cert *diffCert,
+    char *expectedAscii)
+{
+    PKIX_List *goodAltNames = NULL;
+    PKIX_List *diffAltNames = NULL;
+    PKIX_PL_GeneralName *goodAltName = NULL;
+    PKIX_PL_GeneralName *diffAltName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(goodCert, &goodAltNames, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodAltNames,
+                                                0,
+                                                (PKIX_PL_Object **)&goodAltName,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(diffCert, &diffAltNames, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffAltNames,
+                                                0,
+                                                (PKIX_PL_Object **)&diffAltName,
+                                                plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodAltName, goodAltName, diffAltName,
+                                expectedAscii, GeneralName, PKIX_TRUE);
+
+cleanup:
+    PKIX_TEST_DECREF_AC(goodAltNames);
+    PKIX_TEST_DECREF_AC(goodAltName);
+    PKIX_TEST_DECREF_AC(diffAltNames);
+    PKIX_TEST_DECREF_AC(diffAltName);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAltNamesNone(PKIX_PL_Cert *cert)
+{
+
+    PKIX_List *altNames = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(cert, &altNames, plContext));
+
+    if (altNames != NULL) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%p\n", (void *)altNames);
+        (void)printf("Expected value:\tNULL\n");
+        goto cleanup;
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(altNames);
+    PKIX_TEST_RETURN();
+}
+static void
+testAltNamesMultiple()
+{
+    PKIX_List *altNames = NULL;
+    PKIX_PL_GeneralName *firstAltName = NULL;
+    PKIX_Int32 firstExpectedType = PKIX_RFC822_NAME;
+    PKIX_PL_GeneralName *secondAltName = NULL;
+    PKIX_Int32 secondExpectedType = PKIX_DNS_NAME;
+
+    char *expectedAscii =
+        "[\n"
+        "\tVersion:         v3\n"
+        "\tSerialNumber:    2d\n"
+        "\tIssuer:          OU=labs,O=sun,C=us\n"
+        "\tSubject:         CN=yassir,OU=labs,O=sun,C=us\n"
+        "\tValidity: [From: Mon Feb 09, 2004\n"
+        /*      "\tValidity: [From: Mon Feb 09 14:43:52 2004\n" */
+        "\t           To:   Mon Feb 09, 2004]\n"
+        /*      "\t           To:   Mon Feb 09 14:43:52 2004]\n" */
+        "\tSubjectAltNames: (yassir@sun.com, sunray.sun.com)\n"
+        "\tAuthorityKeyId:  (null)\n"
+        "\tSubjectKeyId:    (null)\n"
+        "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+        "\tCritExtOIDs:     (EMPTY)\n"
+        "\tExtKeyUsages:    (null)\n"
+        "\tBasicConstraint: (null)\n"
+        "\tCertPolicyInfo:  (null)\n"
+        "\tPolicyMappings:  (null)\n"
+        "\tExplicitPolicy:  -1\n"
+        "\tInhibitMapping:  -1\n"
+        "\tInhibitAnyPolicy:-1\n"
+        "\tNameConstraints: (null)\n"
+        "\tAuthorityInfoAccess: (null)\n"
+        "\tSubjectInfoAccess: (null)\n"
+        "\tCacheFlag:       0\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    testToStringHelper((PKIX_PL_Object *)altNameMultipleCert,
+                       expectedAscii,
+                       plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectAltNames(altNameMultipleCert, &altNames, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 0, (PKIX_PL_Object **)&firstAltName, plContext));
+
+    if (firstAltName->type != firstExpectedType) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", firstAltName->type);
+        (void)printf("Expected value:\t%d\n", firstExpectedType);
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(altNames, 1, (PKIX_PL_Object **)&secondAltName, plContext));
+
+    if (secondAltName->type != secondExpectedType) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", secondAltName->type);
+        (void)printf("Expected value:\t%d\n", secondExpectedType);
+        goto cleanup;
+    }
+
+cleanup:
+    PKIX_TEST_DECREF_AC(altNames);
+    PKIX_TEST_DECREF_AC(firstAltName);
+    PKIX_TEST_DECREF_AC(secondAltName);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSubjectAltNames(char *dataCentralDir)
+{
+
+    char *expectedAscii = NULL;
+
+    createCertsWithSubjectAltNames(dataCentralDir);
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <DNS>");
+    expectedAscii = "east.sun.com";
+    testAltNames(altNameDnsCert, altNameDnsCert_diff, expectedAscii);
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <RFC822>");
+    expectedAscii = "alice.barnes@bcn.east.sun.com";
+    testAltNames(altNameRfc822Cert, altNameRfc822Cert_diff, expectedAscii);
+
+    /*
+         *this should work once bugzilla bug #233586 is fixed.
+         *subTest("PKIX_PL_Cert_GetSubjectAltNames <X400Address>");
+         *expectedAscii = "X400Address: <DER-encoded value>";
+         *testAltNames(altNameX400Cert, altNameX400Cert_diff, expectedAscii);
+         */
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <DN>");
+    expectedAscii = "CN=elley,OU=labs,O=sun,C=us";
+    testAltNames(altNameDnCert, altNameDnCert_diff, expectedAscii);
+
+    /*
+         * this should work once bugzilla bug #233586 is fixed.
+         * subTest("PKIX_PL_Cert_GetSubjectAltNames <EdiPartyName>");
+         * expectedAscii = "EDIPartyName: <DER-encoded value>";
+         * testAltNames(altNameEdiCert, altNameEdiCert_diff, expectedAscii);
+         */
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <URI>");
+    expectedAscii = "http://www.sun.com";
+    testAltNames(altNameUriCert, altNameUriCert_diff, expectedAscii);
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <IP>");
+    expectedAscii = "1.2.3.4";
+    testAltNames(altNameIpCert, altNameIpCert_diff, expectedAscii);
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <OID>");
+    expectedAscii = "1.2.39";
+    testAltNames(altNameOidCert, altNameOidCert_diff, expectedAscii);
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <Other>");
+    expectedAscii = "1.7.26.97";
+    testAltNames(altNameOtherCert, altNameOtherCert_diff, expectedAscii);
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <none>");
+    testAltNamesNone(altNameNoneCert);
+
+    subTest("PKIX_PL_Cert_GetSubjectAltNames <Multiple>");
+    testAltNamesMultiple();
+}
+
+static void
+testGetSubjectPublicKey(
+    PKIX_PL_Cert *goodObject,
+    PKIX_PL_Cert *equalObject,
+    PKIX_PL_Cert *diffObject)
+{
+    PKIX_PL_PublicKey *goodPubKey = NULL;
+    PKIX_PL_PublicKey *equalPubKey = NULL;
+    PKIX_PL_PublicKey *diffPubKey = NULL;
+    char *expectedAscii = "ANSI X9.57 DSA Signature";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(goodObject, &goodPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(equalObject, &equalPubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(diffObject, &diffPubKey, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPubKey, equalPubKey, diffPubKey,
+                                expectedAscii, PublicKey, PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodPubKey);
+    PKIX_TEST_DECREF_AC(equalPubKey);
+    PKIX_TEST_DECREF_AC(diffPubKey);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetSubjectPublicKeyAlgId(PKIX_PL_Cert *goodObject)
+{
+    PKIX_PL_OID *pkixPubKeyOID = NULL;
+    char *expectedAscii = "1.2.840.10040.4.1";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKeyAlgId(goodObject, &pkixPubKeyOID, plContext));
+
+    testToStringHelper((PKIX_PL_Object *)pkixPubKeyOID, expectedAscii, plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(pkixPubKeyOID);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsPresent(PKIX_PL_Cert *cert)
+{
+    PKIX_List *critOIDList = NULL;
+    char *firstOIDAscii = "2.5.29.15";
+    PKIX_PL_OID *firstOID = NULL;
+    char *secondOIDAscii = "2.5.29.19";
+    PKIX_PL_OID *secondOID = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &critOIDList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 0, (PKIX_PL_Object **)&firstOID, plContext));
+    testToStringHelper((PKIX_PL_Object *)firstOID, firstOIDAscii, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(critOIDList, 1, (PKIX_PL_Object **)&secondOID, plContext));
+
+    testToStringHelper((PKIX_PL_Object *)secondOID, secondOIDAscii, plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(critOIDList);
+    PKIX_TEST_DECREF_AC(firstOID);
+    PKIX_TEST_DECREF_AC(secondOID);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsAbsent(PKIX_PL_Cert *cert)
+{
+    PKIX_List *oidList = NULL;
+    PKIX_Boolean empty;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
+
+    if (!empty) {
+        pkixTestErrorMsg = "unexpected mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(oidList);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAllExtensionsAbsent(char *dataCentralDir)
+{
+    PKIX_List *oidList = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_Boolean empty;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Create <noExtensionsCert>");
+    cert = createCert(dataCentralDir, "noExtensionsCert", plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetCriticalExtensionOIDs(cert, &oidList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsEmpty(oidList, &empty, plContext));
+
+    if (!empty) {
+        pkixTestErrorMsg = "unexpected mismatch";
+    }
+
+cleanup:
+    PKIX_TEST_DECREF_AC(oidList);
+    PKIX_TEST_DECREF_AC(cert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCriticalExtensionOIDs(char *dataCentralDir, PKIX_PL_Cert *goodObject)
+{
+    subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+            "<CritExtensionsPresent>");
+    testCritExtensionsPresent(goodObject);
+
+    subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+            "<CritExtensionsAbsent>");
+    testCritExtensionsAbsent(altNameOidCert);
+
+    subTest("PKIX_PL_Cert_GetCriticalExtensionOIDs "
+            "<AllExtensionsAbsent>");
+    testAllExtensionsAbsent(dataCentralDir);
+}
+
+static void
+testKeyIdentifiersMatching(char *dataCentralDir)
+{
+    PKIX_PL_Cert *subjKeyIDCert = NULL;
+    PKIX_PL_Cert *authKeyIDCert = NULL;
+    PKIX_PL_ByteArray *subjKeyID = NULL;
+    PKIX_PL_ByteArray *authKeyID = NULL;
+    PKIX_PL_ByteArray *subjKeyID_diff = NULL;
+
+    char *expectedAscii =
+        "[116, 021, 213, 036, 028, 189, 094, 101, 136, 031, 225,"
+        " 139, 009, 126, 127, 234, 025, 072, 078, 097]";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Create <subjKeyIDCert>");
+    subjKeyIDCert = createCert(dataCentralDir, "keyIdentifier/subjKeyIDCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <authKeyIDCert>");
+    authKeyIDCert = createCert(dataCentralDir, "keyIdentifier/authKeyIDCert", plContext);
+
+    subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <good>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(subjKeyIDCert, &subjKeyID, plContext));
+
+    subTest("PKIX_PL_Cert_GetAuthorityKeyIdentifier <equal>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(authKeyIDCert, &authKeyID, plContext));
+
+    subTest("PKIX_PL_Cert_GetSubjectKeyIdentifier <diff>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(authKeyIDCert, &subjKeyID_diff, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(subjKeyID,
+                                authKeyID,
+                                subjKeyID_diff,
+                                expectedAscii,
+                                ByteArray,
+                                PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(subjKeyIDCert);
+    PKIX_TEST_DECREF_AC(authKeyIDCert);
+    PKIX_TEST_DECREF_AC(subjKeyID);
+    PKIX_TEST_DECREF_AC(authKeyID);
+    PKIX_TEST_DECREF_AC(subjKeyID_diff);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testKeyIdentifierAbsent(PKIX_PL_Cert *cert)
+{
+    PKIX_PL_ByteArray *subjKeyID = NULL;
+    PKIX_PL_ByteArray *authKeyID = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectKeyIdentifier(cert, &subjKeyID, plContext));
+
+    if (subjKeyID != NULL) {
+        pkixTestErrorMsg = "unexpected mismatch";
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityKeyIdentifier(cert, &authKeyID, plContext));
+
+    if (authKeyID != NULL) {
+        pkixTestErrorMsg = "unexpected mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(subjKeyID);
+    PKIX_TEST_DECREF_AC(authKeyID);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetKeyIdentifiers(char *dataCentralDir, PKIX_PL_Cert *goodObject)
+{
+    testKeyIdentifiersMatching(dataCentralDir);
+    testKeyIdentifierAbsent(goodObject);
+}
+
+static void
+testVerifyKeyUsage(
+    char *dataCentralDir,
+    char *dataDir,
+    PKIX_PL_Cert *multiKeyUsagesCert)
+{
+    PKIX_PL_Cert *encipherOnlyCert = NULL;
+    PKIX_PL_Cert *decipherOnlyCert = NULL;
+    PKIX_PL_Cert *noKeyUsagesCert = NULL;
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Create <encipherOnlyCert>");
+    encipherOnlyCert = createCert(dataCentralDir, "keyUsage/encipherOnlyCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <decipherOnlyCert>");
+    decipherOnlyCert = createCert(dataCentralDir, "keyUsage/decipherOnlyCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <noKeyUsagesCert>");
+    noKeyUsagesCert = createCert(dataCentralDir, "keyUsage/noKeyUsagesCert", plContext);
+
+    subTest("PKIX_PL_Cert_VerifyKeyUsage <key_cert_sign>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert, PKIX_KEY_CERT_SIGN, plContext));
+
+    subTest("PKIX_PL_Cert_VerifyKeyUsage <multiKeyUsages>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(multiKeyUsagesCert,
+                                                          PKIX_KEY_CERT_SIGN |
+                                                              PKIX_DIGITAL_SIGNATURE,
+                                                          plContext));
+
+    subTest("PKIX_PL_Cert_VerifyKeyUsage <encipher_only>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(encipherOnlyCert, PKIX_ENCIPHER_ONLY, plContext));
+
+    subTest("PKIX_PL_Cert_VerifyKeyUsage <noKeyUsages>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifyKeyUsage(noKeyUsagesCert, PKIX_ENCIPHER_ONLY, plContext));
+
+    subTest("PKIX_PL_Cert_VerifyKeyUsage <decipher_only>");
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifyKeyUsage(decipherOnlyCert, PKIX_DECIPHER_ONLY, plContext));
+
+cleanup:
+    PKIX_TEST_DECREF_AC(encipherOnlyCert);
+    PKIX_TEST_DECREF_AC(decipherOnlyCert);
+    PKIX_TEST_DECREF_AC(noKeyUsagesCert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetExtendedKeyUsage(char *dataCentralDir)
+{
+
+    PKIX_PL_Cert *codeSigningEKUCert = NULL;
+    PKIX_PL_Cert *multiEKUCert = NULL;
+    PKIX_PL_Cert *noEKUCert = NULL;
+    PKIX_List *firstExtKeyUsage = NULL;
+    PKIX_List *secondExtKeyUsage = NULL;
+    PKIX_List *thirdExtKeyUsage = NULL;
+    PKIX_PL_OID *firstOID = NULL;
+    char *oidAscii = "1.3.6.1.5.5.7.3.3";
+    PKIX_PL_OID *secondOID = NULL;
+    char *secondOIDAscii = "1.3.6.1.5.5.7.3.1";
+    PKIX_PL_OID *thirdOID = NULL;
+    char *thirdOIDAscii = "1.3.6.1.5.5.7.3.2";
+    PKIX_PL_OID *fourthOID = NULL;
+    PKIX_UInt32 length = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Create <codeSigningEKUCert>");
+    codeSigningEKUCert = createCert(dataCentralDir, "extKeyUsage/codeSigningEKUCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <multiEKUCert>");
+    multiEKUCert = createCert(dataCentralDir, "extKeyUsage/multiEKUCert", plContext);
+
+    subTest("PKIX_PL_Cert_Create <noEKUCert>");
+    noEKUCert = createCert(dataCentralDir, "extKeyUsage/noEKUCert", plContext);
+
+    subTest("PKIX_PL_Cert_ExtendedKeyUsage <codeSigningEKU>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(codeSigningEKUCert, &firstExtKeyUsage, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(firstExtKeyUsage, 0, (PKIX_PL_Object **)&firstOID, plContext));
+    testToStringHelper((PKIX_PL_Object *)firstOID, oidAscii, plContext);
+
+    subTest("PKIX_PL_Cert_ExtendedKeyUsage <multiEKU>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(multiEKUCert, &secondExtKeyUsage, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(secondExtKeyUsage, &length, plContext));
+
+    if (length != 3) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", length);
+        (void)printf("Expected value:\t3\n");
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+                                                0,
+                                                (PKIX_PL_Object **)&secondOID,
+                                                plContext));
+
+    testToStringHelper((PKIX_PL_Object *)secondOID, oidAscii, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+                                                1,
+                                                (PKIX_PL_Object **)&thirdOID,
+                                                plContext));
+
+    testToStringHelper((PKIX_PL_Object *)thirdOID, secondOIDAscii, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(secondExtKeyUsage,
+                                                2,
+                                                (PKIX_PL_Object **)&fourthOID,
+                                                plContext));
+
+    testToStringHelper((PKIX_PL_Object *)fourthOID, thirdOIDAscii, plContext);
+
+    subTest("PKIX_PL_Cert_ExtendedKeyUsage <noEKU>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetExtendedKeyUsage(noEKUCert, &thirdExtKeyUsage, plContext));
+
+    if (thirdExtKeyUsage != NULL) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%p\n", (void *)thirdExtKeyUsage);
+        (void)printf("Expected value:\tNULL\n");
+        goto cleanup;
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(firstOID);
+    PKIX_TEST_DECREF_AC(secondOID);
+    PKIX_TEST_DECREF_AC(thirdOID);
+    PKIX_TEST_DECREF_AC(fourthOID);
+
+    PKIX_TEST_DECREF_AC(firstExtKeyUsage);
+    PKIX_TEST_DECREF_AC(secondExtKeyUsage);
+    PKIX_TEST_DECREF_AC(thirdExtKeyUsage);
+
+    PKIX_TEST_DECREF_AC(codeSigningEKUCert);
+    PKIX_TEST_DECREF_AC(multiEKUCert);
+    PKIX_TEST_DECREF_AC(noEKUCert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testMakeInheritedDSAPublicKey(char *dataCentralDir)
+{
+    PKIX_PL_PublicKey *firstKey = NULL;
+    PKIX_PL_PublicKey *secondKey = NULL;
+    PKIX_PL_PublicKey *resultKeyPositive = NULL;
+    PKIX_PL_PublicKey *resultKeyNegative = NULL;
+    PKIX_PL_Cert *firstCert = NULL;
+    PKIX_PL_Cert *secondCert = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Create <dsaWithoutParams>");
+    firstCert = createCert(dataCentralDir, "publicKey/dsaWithoutParams", plContext);
+
+    subTest("PKIX_PL_Cert_Create <dsaWithParams>");
+    secondCert = createCert(dataCentralDir, "publicKey/dsaWithParams", plContext);
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey <firstKey>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstKey, plContext));
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey <secondKey>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondKey, plContext));
+
+    subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <positive>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, secondKey, &resultKeyPositive, plContext));
+
+    if (resultKeyPositive == NULL) {
+        testError("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed");
+    }
+
+    subTest("PKIX_PL_PublicKey_MakeInheritedDSAPublicKey <negative>");
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(firstKey, firstKey, &resultKeyNegative, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(firstCert);
+    PKIX_TEST_DECREF_AC(secondCert);
+
+    PKIX_TEST_DECREF_AC(firstKey);
+    PKIX_TEST_DECREF_AC(secondKey);
+    PKIX_TEST_DECREF_AC(resultKeyPositive);
+    PKIX_TEST_DECREF_AC(resultKeyNegative);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testVerifySignature(char *dataCentralDir)
+{
+    PKIX_PL_Cert *firstCert = NULL;
+    PKIX_PL_Cert *secondCert = NULL;
+    PKIX_PL_PublicKey *firstPubKey = NULL;
+    PKIX_PL_PublicKey *secondPubKey = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Create <labs2yassir>");
+    firstCert = createCert(dataCentralDir, "publicKey/labs2yassir", plContext);
+
+    subTest("PKIX_PL_Cert_Create <yassir2labs>");
+    secondCert = createCert(dataCentralDir, "publicKey/yassir2labs", plContext);
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey <labs2yassir>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey <yassir2labs>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));
+
+    subTest("PKIX_PL_Cert_VerifySignature <positive>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, firstPubKey, plContext));
+
+    subTest("PKIX_PL_Cert_VerifySignature <negative>");
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_VerifySignature(secondCert, secondPubKey, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(firstCert);
+    PKIX_TEST_DECREF_AC(secondCert);
+    PKIX_TEST_DECREF_AC(firstPubKey);
+    PKIX_TEST_DECREF_AC(secondPubKey);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCheckValidity(
+    PKIX_PL_Cert *olderCert,
+    PKIX_PL_Cert *newerCert)
+{
+    /*
+         * olderCert has the following Validity:
+         *  notBefore = August 19, 1999: 20:19:56 GMT
+         *  notAfter  = August 18, 2000: 20:19:56 GMT
+         *
+         * newerCert has the following Validity:
+         *  notBefore = November 13, 2003: 16:46:03 GMT
+         *  notAfter  = February 13, 2009: 16:46:03 GMT
+         */
+
+    /*  olderDateAscii = March    29, 2000: 13:48:47 GMT */
+    char *olderAscii = "000329134847Z";
+    PKIX_PL_String *olderString = NULL;
+    PKIX_PL_Date *olderDate = NULL;
+
+    /*  newerDateAscii = March    29, 2004: 13:48:47 GMT */
+    char *newerAscii = "040329134847Z";
+    PKIX_PL_String *newerString = NULL;
+    PKIX_PL_Date *newerDate = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_CheckValidity <creating Dates>");
+
+    /* create newer date when newer cert is valid but older cert is not */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, newerAscii, 0, &newerString, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(newerString, &newerDate, plContext));
+
+    /* create older date when older cert is valid but newer cert is not */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, olderAscii, 0, &olderString, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(olderString, &olderDate, plContext));
+
+    /* check validity of both certificates using olderDate */
+    subTest("PKIX_PL_Cert_CheckValidity <olderDate:positive>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, olderDate, plContext));
+
+    subTest("PKIX_PL_Cert_CheckValidity <olderDate:negative>");
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, olderDate, plContext));
+
+    /* check validity of both certificates using newerDate */
+    subTest("PKIX_PL_Cert_CheckValidity <newerDate:positive>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, newerDate, plContext));
+
+    subTest("PKIX_PL_Cert_CheckValidity <newerDate:negative>");
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, newerDate, plContext));
+
+    /*
+         * check validity of both certificates using current time
+         * NOTE: these "now" tests will not work when the current
+         * time is after newerCert.notAfter (~ February 13, 2009)
+         */
+    subTest("PKIX_PL_Cert_CheckValidity <now:positive>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckValidity(newerCert, NULL, plContext));
+
+    subTest("PKIX_PL_Cert_CheckValidity <now:negative>");
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckValidity(olderCert, NULL, plContext));
+
+cleanup:
+    PKIX_TEST_DECREF_AC(olderString);
+    PKIX_TEST_DECREF_AC(newerString);
+    PKIX_TEST_DECREF_AC(olderDate);
+    PKIX_TEST_DECREF_AC(newerDate);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+readCertBasicConstraints(
+    char *dataDir,
+    char *goodCertName,
+    char *diffCertName,
+    PKIX_PL_CertBasicConstraints **goodBasicConstraints,
+    PKIX_PL_CertBasicConstraints **equalBasicConstraints,
+    PKIX_PL_CertBasicConstraints **diffBasicConstraints)
+{
+
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    createCerts(dataDir, goodCertName, diffCertName,
+                &goodCert, &equalCert, &diffCert);
+    /*
+         * Warning: pointer will be NULL if BasicConstraints
+         * extension is not present in the certificate. */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(goodCert, goodBasicConstraints, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(equalCert, equalBasicConstraints, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetBasicConstraints(diffCert, diffBasicConstraints, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(equalCert);
+    PKIX_TEST_DECREF_AC(diffCert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testBasicConstraintsHelper(
+    char *dataDir,
+    char *goodCertName,
+    char *diffCertName,
+    char *expectedAscii)
+{
+    PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+    PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+    PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    readCertBasicConstraints(dataDir,
+                             goodCertName,
+                             diffCertName,
+                             &goodBasicConstraints,
+                             &equalBasicConstraints,
+                             &diffBasicConstraints);
+
+    /*
+         * The standard test macro is applicable only
+         * if BasicConstraint extension is present
+         * in the certificate. Otherwise some
+         * pointers will be null.
+         */
+    if ((goodBasicConstraints) &&
+        (equalBasicConstraints) &&
+        (diffBasicConstraints)) {
+        PKIX_TEST_EQ_HASH_TOSTR_DUP(goodBasicConstraints,
+                                    equalBasicConstraints,
+                                    diffBasicConstraints,
+                                    expectedAscii,
+                                    BasicConstraints,
+                                    PKIX_TRUE);
+    } else {
+        /* Test what we can */
+        if (goodBasicConstraints) {
+            if (!equalBasicConstraints) {
+                testError("Unexpected NULL value of equalBasicConstraints");
+                goto cleanup;
+            }
+            subTest("PKIX_PL_BasicConstraints_Equals   <match>");
+            testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
+                             (PKIX_PL_Object *)(equalBasicConstraints),
+                             PKIX_TRUE,
+                             plContext);
+            subTest("PKIX_PL_BasicConstraints_Hashcode <match>");
+            testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
+                               (PKIX_PL_Object *)(equalBasicConstraints),
+                               PKIX_TRUE,
+                               plContext);
+            if (diffBasicConstraints) {
+                subTest("PKIX_PL_BasicConstraints_Equals   <non-match>");
+                testEqualsHelper((PKIX_PL_Object *)(goodBasicConstraints),
+                                 (PKIX_PL_Object *)(diffBasicConstraints),
+                                 PKIX_FALSE,
+                                 plContext);
+                subTest("PKIX_PL_BasicConstraints_Hashcode <non-match>");
+                testHashcodeHelper((PKIX_PL_Object *)(goodBasicConstraints),
+                                   (PKIX_PL_Object *)(diffBasicConstraints),
+                                   PKIX_FALSE,
+                                   plContext);
+            }
+            subTest("PKIX_PL_BasicConstraints_Duplicate");
+            testDuplicateHelper((PKIX_PL_Object *)goodBasicConstraints, plContext);
+        }
+        if (expectedAscii) {
+            subTest("PKIX_PL_BasicConstraints_ToString");
+            testToStringHelper((PKIX_PL_Object *)(goodBasicConstraints),
+                               expectedAscii,
+                               plContext);
+        }
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodBasicConstraints);
+    PKIX_TEST_DECREF_AC(equalBasicConstraints);
+    PKIX_TEST_DECREF_AC(diffBasicConstraints);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testBasicConstraints_GetCAFlag(char *dataCentralDir)
+{
+    /*
+         * XXX  When we have a certificate with a non-null Basic
+         * Constraints field and a value of FALSE for CAFlag,
+         * this test should be modified to use that
+         * certificate for diffCertName, and to verify that
+         * GetCAFlag returns a FALSE value. But our certificates for
+         * non-CAs are created with no BasicConstraints extension.
+         */
+    PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+    PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+    PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+    char *goodCertName = "yassir2yassir";
+    char *diffCertName = "nss2alice";
+    PKIX_Boolean goodCAFlag = PKIX_FALSE;
+    PKIX_Boolean diffCAFlag = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_BasicConstraints_GetCAFlag");
+
+    readCertBasicConstraints(dataCentralDir,
+                             goodCertName,
+                             diffCertName,
+                             &goodBasicConstraints,
+                             &equalBasicConstraints,
+                             &diffBasicConstraints);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(goodBasicConstraints, &goodCAFlag, plContext));
+    if (!goodCAFlag) {
+        testError("BasicConstraint CAFlag unexpectedly FALSE");
+        goto cleanup;
+    }
+
+    if (diffBasicConstraints) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetCAFlag(diffBasicConstraints, &diffCAFlag, plContext));
+        if (diffCAFlag) {
+            testError("BasicConstraint CAFlag unexpectedly TRUE");
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodBasicConstraints);
+    PKIX_TEST_DECREF_AC(equalBasicConstraints);
+    PKIX_TEST_DECREF_AC(diffBasicConstraints);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testBasicConstraints_GetPathLenConstraint(char *dataCentralDir)
+{
+    PKIX_PL_CertBasicConstraints *goodBasicConstraints = NULL;
+    PKIX_PL_CertBasicConstraints *equalBasicConstraints = NULL;
+    PKIX_PL_CertBasicConstraints *diffBasicConstraints = NULL;
+    char *goodCertName = "yassir2yassir";
+    char *diffCertName = "sun2sun";
+    PKIX_Int32 goodPathLen = 0;
+    PKIX_Int32 diffPathLen = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_BasicConstraints_GetPathLenConstraint");
+
+    readCertBasicConstraints(dataCentralDir,
+                             goodCertName,
+                             diffCertName,
+                             &goodBasicConstraints,
+                             &equalBasicConstraints,
+                             &diffBasicConstraints);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(goodBasicConstraints, &goodPathLen, plContext));
+    if (0 != goodPathLen) {
+        testError("unexpected basicConstraint pathLen");
+        (void)printf("Actual value:\t%d\n", goodPathLen);
+        (void)printf("Expected value:\t0\n");
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BasicConstraints_GetPathLenConstraint(diffBasicConstraints, &diffPathLen, plContext));
+    if (1 != diffPathLen) {
+        testError("unexpected basicConstraint pathLen");
+        (void)printf("Actual value:\t%d\n", diffPathLen);
+        (void)printf("Expected value:\t1\n");
+        goto cleanup;
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodBasicConstraints);
+    PKIX_TEST_DECREF_AC(equalBasicConstraints);
+    PKIX_TEST_DECREF_AC(diffBasicConstraints);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetBasicConstraints(char *dataCentralDir)
+{
+    char *goodCertName = NULL;
+    char *diffCertName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and non-CA>");
+    goodCertName = "yassir2yassir";
+    diffCertName = "nss2alice";
+    testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
+
+    subTest("PKIX_PL_Cert_GetBasicConstraints <non-CA and CA(1)>");
+    goodCertName = "nss2alice";
+    diffCertName = "sun2sun";
+    testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, NULL);
+
+    subTest("PKIX_PL_Cert_GetBasicConstraints <CA(0) and CA(1)>");
+    goodCertName = "yassir2bcn";
+    diffCertName = "sun2sun";
+    testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(0)");
+
+    subTest("PKIX_PL_Cert_GetBasicConstraints <CA(-1) and CA(1)>");
+    goodCertName = "anchor2dsa";
+    diffCertName = "sun2sun";
+    testBasicConstraintsHelper(dataCentralDir, goodCertName, diffCertName, "CA(-1)");
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetPolicyInformation(char *dataDir)
+{
+
+    char *goodCertName =
+        "UserNoticeQualifierTest15EE.crt";
+    char *equalCertName =
+        "UserNoticeQualifierTest15EE.crt";
+    char *diffCertName =
+        "UserNoticeQualifierTest17EE.crt";
+    PKIX_Boolean isImmutable = PKIX_FALSE;
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+    PKIX_List *goodPolicyInfo = NULL;
+    PKIX_List *equalPolicyInfo = NULL;
+    PKIX_List *diffPolicyInfo = NULL;
+    PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_PL_Cert_GetPolicyInformation");
+
+    /*
+         * Get the cert, then the list of policyInfos.
+         * Take the first policyInfo from the list.
+         */
+
+    /* Get the PolicyInfo objects */
+    goodCert = createCert(dataDir, goodCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+
+    equalCert = createCert(dataDir, equalCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+                                                0,
+                                                (PKIX_PL_Object **)&equalPolicy,
+                                                plContext));
+
+    diffCert = createCert(dataDir, diffCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodPolicy,
+                                equalPolicy,
+                                diffPolicy,
+                                NULL,
+                                CertPolicyInfo,
+                                PKIX_FALSE);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodPolicyInfo, &isImmutable, plContext));
+
+    if (isImmutable != PKIX_TRUE) {
+        testError("PolicyInfo List is not immutable");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodPolicy);
+    PKIX_TEST_DECREF_AC(equalPolicy);
+    PKIX_TEST_DECREF_AC(diffPolicy);
+    PKIX_TEST_DECREF_AC(goodPolicyInfo);
+    PKIX_TEST_DECREF_AC(equalPolicyInfo);
+    PKIX_TEST_DECREF_AC(diffPolicyInfo);
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(equalCert);
+    PKIX_TEST_DECREF_AC(diffCert);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicy_GetPolicyId(char *dataDir)
+{
+    char *goodCertName =
+        "UserNoticeQualifierTest15EE.crt";
+    char *equalCertName =
+        "UserNoticeQualifierTest16EE.crt";
+    char *diffCertName =
+        "UserNoticeQualifierTest17EE.crt";
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+    PKIX_List *goodPolicyInfo = NULL;
+    PKIX_List *equalPolicyInfo = NULL;
+    PKIX_List *diffPolicyInfo = NULL;
+    PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+    PKIX_PL_OID *goodID = NULL;
+    PKIX_PL_OID *equalID = NULL;
+    PKIX_PL_OID *diffID = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_PL_CertPolicyInfo_GetPolicyId");
+
+    /*
+         * Get the cert, then the list of policyInfos.
+         * Take the first policyInfo from the list.
+         * Finally, get the policyInfo's ID.
+         */
+
+    /* Get the PolicyInfo objects */
+    goodCert = createCert(dataDir, goodCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(goodPolicy, &goodID, plContext));
+
+    equalCert = createCert(dataDir, equalCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+                                                0,
+                                                (PKIX_PL_Object **)&equalPolicy,
+                                                plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(equalPolicy, &equalID, plContext));
+
+    diffCert = createCert(dataDir, diffCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolicyId(diffPolicy, &diffID, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodID);
+    PKIX_TEST_DECREF_AC(equalID);
+    PKIX_TEST_DECREF_AC(diffID);
+    PKIX_TEST_DECREF_AC(goodPolicy);
+    PKIX_TEST_DECREF_AC(equalPolicy);
+    PKIX_TEST_DECREF_AC(diffPolicy);
+    PKIX_TEST_DECREF_AC(goodPolicyInfo);
+    PKIX_TEST_DECREF_AC(equalPolicyInfo);
+    PKIX_TEST_DECREF_AC(diffPolicyInfo);
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(equalCert);
+    PKIX_TEST_DECREF_AC(diffCert);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicy_GetPolQualifiers(char *dataDir)
+{
+    char *goodCertName =
+        "UserNoticeQualifierTest15EE.crt";
+    char *equalCertName =
+        "UserNoticeQualifierTest16EE.crt";
+    char *diffCertName =
+        "UserNoticeQualifierTest18EE.crt";
+    PKIX_Boolean isImmutable = PKIX_FALSE;
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+    PKIX_List *goodPolicyInfo = NULL;
+    PKIX_List *equalPolicyInfo = NULL;
+    PKIX_List *diffPolicyInfo = NULL;
+    PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+    PKIX_List *goodQuals = NULL;
+    PKIX_List *equalQuals = NULL;
+    PKIX_List *diffQuals = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_PL_CertPolicyInfo_GetPolQualifiers");
+
+    /*
+         * Get the cert, then the list of policyInfos.
+         * Take the first policyInfo from the list.
+         * Get its list of PolicyQualifiers.
+         */
+
+    /* Get the PolicyInfo objects */
+    goodCert = createCert(dataDir, goodCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+
+    equalCert = createCert(dataDir, equalCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+                                                0,
+                                                (PKIX_PL_Object **)&equalPolicy,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+
+    diffCert = createCert(dataDir, diffCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodQuals,
+                                equalQuals,
+                                diffQuals,
+                                NULL,
+                                List,
+                                PKIX_FALSE);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_IsImmutable(goodQuals, &isImmutable, plContext));
+
+    if (isImmutable != PKIX_TRUE) {
+        testError("PolicyQualifier List is not immutable");
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(goodPolicyInfo);
+    PKIX_TEST_DECREF_AC(goodPolicy);
+    PKIX_TEST_DECREF_AC(goodQuals);
+    PKIX_TEST_DECREF_AC(equalCert);
+    PKIX_TEST_DECREF_AC(equalPolicyInfo);
+    PKIX_TEST_DECREF_AC(equalQuals);
+    PKIX_TEST_DECREF_AC(equalPolicy);
+    PKIX_TEST_DECREF_AC(diffCert);
+    PKIX_TEST_DECREF_AC(diffPolicyInfo);
+    PKIX_TEST_DECREF_AC(diffPolicy);
+    PKIX_TEST_DECREF_AC(diffQuals);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testPolicyQualifier_GetQualifier(char *dataDir)
+{
+    char *goodCertName =
+        "UserNoticeQualifierTest15EE.crt";
+    char *equalCertName =
+        "UserNoticeQualifierTest16EE.crt";
+    char *diffCertName =
+        "UserNoticeQualifierTest18EE.crt";
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+    PKIX_List *goodPolicyInfo = NULL;
+    PKIX_List *equalPolicyInfo = NULL;
+    PKIX_List *diffPolicyInfo = NULL;
+    PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+    PKIX_List *goodQuals = NULL;
+    PKIX_List *equalQuals = NULL;
+    PKIX_List *diffQuals = NULL;
+    PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
+    PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
+    PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
+    PKIX_PL_ByteArray *goodArray = NULL;
+    PKIX_PL_ByteArray *equalArray = NULL;
+    PKIX_PL_ByteArray *diffArray = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_PL_PolicyQualifier_GetQualifier");
+
+    /*
+         * Get the cert, then the list of policyInfos.
+         * Take the first policyInfo from the list.
+         * Get its list of PolicyQualifiers.
+         * Take the first policyQualifier from the list.
+         * Finally, get the policyQualifier's ByteArray.
+         */
+
+    /* Get the PolicyInfo objects */
+    goodCert = createCert(dataDir, goodCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
+                                                0,
+                                                (PKIX_PL_Object **)&goodPolQualifier,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(goodPolQualifier, &goodArray, plContext));
+
+    equalCert = createCert(dataDir, equalCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+                                                0,
+                                                (PKIX_PL_Object **)&equalPolicy,
+                                                plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
+                                                0,
+                                                (PKIX_PL_Object **)&equalPolQualifier,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(equalPolQualifier, &equalArray, plContext));
+
+    diffCert = createCert(dataDir, diffCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
+                                                0,
+                                                (PKIX_PL_Object **)&diffPolQualifier,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetQualifier(diffPolQualifier, &diffArray, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodArray, equalArray, diffArray, NULL, ByteArray, PKIX_FALSE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodArray);
+    PKIX_TEST_DECREF_AC(equalArray);
+    PKIX_TEST_DECREF_AC(diffArray);
+    PKIX_TEST_DECREF_AC(goodPolQualifier);
+    PKIX_TEST_DECREF_AC(equalPolQualifier);
+    PKIX_TEST_DECREF_AC(diffPolQualifier);
+    PKIX_TEST_DECREF_AC(goodQuals);
+    PKIX_TEST_DECREF_AC(equalQuals);
+    PKIX_TEST_DECREF_AC(diffQuals);
+    PKIX_TEST_DECREF_AC(goodPolicy);
+    PKIX_TEST_DECREF_AC(equalPolicy);
+    PKIX_TEST_DECREF_AC(diffPolicy);
+    PKIX_TEST_DECREF_AC(goodPolicyInfo);
+    PKIX_TEST_DECREF_AC(equalPolicyInfo);
+    PKIX_TEST_DECREF_AC(diffPolicyInfo);
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(equalCert);
+    PKIX_TEST_DECREF_AC(diffCert);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testPolicyQualifier_GetPolicyQualifierId(char *dataDir)
+{
+    char *goodCertName =
+        "UserNoticeQualifierTest15EE.crt";
+    char *equalCertName =
+        "UserNoticeQualifierTest16EE.crt";
+    char *diffCertName =
+        "CPSPointerQualifierTest20EE.crt";
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_Cert *equalCert = NULL;
+    PKIX_PL_Cert *diffCert = NULL;
+    PKIX_List *goodPolicyInfo = NULL;
+    PKIX_List *equalPolicyInfo = NULL;
+    PKIX_List *diffPolicyInfo = NULL;
+    PKIX_PL_CertPolicyInfo *goodPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *equalPolicy = NULL;
+    PKIX_PL_CertPolicyInfo *diffPolicy = NULL;
+    PKIX_List *goodQuals = NULL;
+    PKIX_List *equalQuals = NULL;
+    PKIX_List *diffQuals = NULL;
+    PKIX_PL_CertPolicyQualifier *goodPolQualifier = NULL;
+    PKIX_PL_CertPolicyQualifier *equalPolQualifier = NULL;
+    PKIX_PL_CertPolicyQualifier *diffPolQualifier = NULL;
+    PKIX_PL_OID *goodID = NULL;
+    PKIX_PL_OID *equalID = NULL;
+    PKIX_PL_OID *diffID = NULL;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_PL_PolicyQualifier_GetPolicyQualifierId");
+
+    /*
+         * Get the cert, then the list of policyInfos.
+         * Take the first policyInfo from the list.
+         * Get its list of PolicyQualifiers.
+         * Take the first policyQualifier from the list.
+         * Finally, get the policyQualifier's ID.
+         */
+
+    /* Get the PolicyQualifier objects */
+    goodCert = createCert(dataDir, goodCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(goodCert, &goodPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodPolicyInfo, 0, (PKIX_PL_Object **)&goodPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(goodPolicy, &goodQuals, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(goodQuals,
+                                                0,
+                                                (PKIX_PL_Object **)&goodPolQualifier,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(goodPolQualifier, &goodID, plContext));
+
+    equalCert = createCert(dataDir, equalCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(equalCert, &equalPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalPolicyInfo,
+                                                0,
+                                                (PKIX_PL_Object **)&equalPolicy,
+                                                plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(equalPolicy, &equalQuals, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(equalQuals,
+                                                0,
+                                                (PKIX_PL_Object **)&equalPolQualifier,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(equalPolQualifier, &equalID, plContext));
+
+    diffCert = createCert(dataDir, diffCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyInformation(diffCert, &diffPolicyInfo, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffPolicyInfo, 0, (PKIX_PL_Object **)&diffPolicy, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyInfo_GetPolQualifiers(diffPolicy, &diffQuals, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(diffQuals,
+                                                0,
+                                                (PKIX_PL_Object **)&diffPolQualifier,
+                                                plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_PolicyQualifier_GetPolicyQualifierId(diffPolQualifier, &diffID, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodID, equalID, diffID, NULL, OID, PKIX_FALSE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodID);
+    PKIX_TEST_DECREF_AC(equalID);
+    PKIX_TEST_DECREF_AC(diffID);
+    PKIX_TEST_DECREF_AC(goodPolQualifier);
+    PKIX_TEST_DECREF_AC(equalPolQualifier);
+    PKIX_TEST_DECREF_AC(diffPolQualifier);
+    PKIX_TEST_DECREF_AC(goodQuals);
+    PKIX_TEST_DECREF_AC(equalQuals);
+    PKIX_TEST_DECREF_AC(diffQuals);
+    PKIX_TEST_DECREF_AC(goodPolicy);
+    PKIX_TEST_DECREF_AC(equalPolicy);
+    PKIX_TEST_DECREF_AC(diffPolicy);
+    PKIX_TEST_DECREF_AC(goodPolicyInfo);
+    PKIX_TEST_DECREF_AC(equalPolicyInfo);
+    PKIX_TEST_DECREF_AC(diffPolicyInfo);
+    PKIX_TEST_DECREF_AC(goodCert);
+    PKIX_TEST_DECREF_AC(equalCert);
+    PKIX_TEST_DECREF_AC(diffCert);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAreCertPoliciesCritical(char *dataCentralDir, char *dataDir)
+{
+
+    char *trueCertName = "CertificatePoliciesCritical.crt";
+    char *falseCertName = "UserNoticeQualifierTest15EE.crt";
+    PKIX_PL_Cert *trueCert = NULL;
+    PKIX_PL_Cert *falseCert = NULL;
+    PKIX_Boolean trueVal = PKIX_FALSE;
+    PKIX_Boolean falseVal = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <true>");
+
+    trueCert = createCert(dataCentralDir, trueCertName, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(trueCert, &trueVal, plContext));
+
+    if (trueVal != PKIX_TRUE) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", trueVal);
+        (void)printf("Expected value:\t1\n");
+        goto cleanup;
+    }
+
+    subTest("PKIX_PL_Cert_AreCertPoliciesCritical - <false>");
+
+    falseCert = createCert(dataDir, falseCertName, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_AreCertPoliciesCritical(falseCert, &falseVal, plContext));
+
+    if (falseVal != PKIX_FALSE) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", falseVal);
+        (void)printf("Expected value:\t0\n");
+        goto cleanup;
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(trueCert);
+    PKIX_TEST_DECREF_AC(falseCert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicyConstraints(char *dataDir)
+{
+    char *requireExplicitPolicy2CertName =
+        "requireExplicitPolicy2CACert.crt";
+    char *inhibitPolicyMapping5CertName =
+        "inhibitPolicyMapping5CACert.crt";
+    char *inhibitAnyPolicy5CertName =
+        "inhibitAnyPolicy5CACert.crt";
+    char *inhibitAnyPolicy0CertName =
+        "inhibitAnyPolicy0CACert.crt";
+    PKIX_PL_Cert *requireExplicitPolicy2Cert = NULL;
+    PKIX_PL_Cert *inhibitPolicyMapping5Cert = NULL;
+    PKIX_PL_Cert *inhibitAnyPolicy5Cert = NULL;
+    PKIX_PL_Cert *inhibitAnyPolicy0Cert = NULL;
+    PKIX_Int32 skipCerts = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetRequireExplicitPolicy");
+    requireExplicitPolicy2Cert = createCert(dataDir, requireExplicitPolicy2CertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetRequireExplicitPolicy(requireExplicitPolicy2Cert, &skipCerts, NULL));
+    PR_ASSERT(skipCerts == 2);
+
+    subTest("PKIX_PL_Cert_GetPolicyMappingInhibited");
+    inhibitPolicyMapping5Cert = createCert(dataDir, inhibitPolicyMapping5CertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappingInhibited(inhibitPolicyMapping5Cert, &skipCerts, NULL));
+    PR_ASSERT(skipCerts == 5);
+
+    subTest("PKIX_PL_Cert_GetInhibitAnyPolicy");
+    inhibitAnyPolicy5Cert = createCert(dataDir, inhibitAnyPolicy5CertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy5Cert, &skipCerts, NULL));
+    PR_ASSERT(skipCerts == 5);
+
+    inhibitAnyPolicy0Cert = createCert(dataDir, inhibitAnyPolicy0CertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetInhibitAnyPolicy(inhibitAnyPolicy0Cert, &skipCerts, NULL));
+    PR_ASSERT(skipCerts == 0);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(requireExplicitPolicy2Cert);
+    PKIX_TEST_DECREF_AC(inhibitPolicyMapping5Cert);
+    PKIX_TEST_DECREF_AC(inhibitAnyPolicy5Cert);
+    PKIX_TEST_DECREF_AC(inhibitAnyPolicy0Cert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCertPolicyMaps(char *dataDir)
+{
+    char *policyMappingsCertName =
+        "P1Mapping1to234CACert.crt";
+    char *expectedAscii =
+        "2.16.840.1.101.3.2.1.48.1=>2.16.840.1.101.3.2.1.48.2";
+
+    PKIX_PL_Cert *policyMappingsCert = NULL;
+    PKIX_List *mappings = NULL;
+    PKIX_PL_CertPolicyMap *goodMap = NULL;
+    PKIX_PL_CertPolicyMap *equalMap = NULL;
+    PKIX_PL_CertPolicyMap *diffMap = NULL;
+    PKIX_PL_OID *goodOID = NULL;
+    PKIX_PL_OID *equalOID = NULL;
+    PKIX_PL_OID *diffOID = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_GetPolicyMappings");
+
+    policyMappingsCert = createCert(dataDir, policyMappingsCertName, plContext);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetPolicyMappings(policyMappingsCert, &mappings, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&goodMap, NULL));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 0, (PKIX_PL_Object **)&equalMap, NULL));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(mappings, 2, (PKIX_PL_Object **)&diffMap, NULL));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodMap,
+                                equalMap,
+                                diffMap,
+                                expectedAscii,
+                                CertPolicyMap,
+                                PKIX_TRUE);
+
+    subTest("PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(goodMap, &goodOID, NULL));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(diffMap, &equalOID, NULL));
+    subTest("PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(diffMap, &diffOID, NULL));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodOID,
+                                equalOID,
+                                diffOID,
+                                "2.16.840.1.101.3.2.1.48.1",
+                                OID,
+                                PKIX_FALSE);
+
+    subTest("pkix_pl_CertPolicyMap_Destroy");
+    PKIX_TEST_DECREF_BC(goodMap);
+    PKIX_TEST_DECREF_BC(equalMap);
+    PKIX_TEST_DECREF_BC(diffMap);
+
+cleanup:
+    PKIX_TEST_DECREF_AC(policyMappingsCert);
+    PKIX_TEST_DECREF_AC(mappings);
+    PKIX_TEST_DECREF_AC(goodOID);
+    PKIX_TEST_DECREF_AC(equalOID);
+    PKIX_TEST_DECREF_AC(diffOID);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testNameConstraints(char *dataDir)
+{
+    char *firstPname = "nameConstraintsDN3subCA2Cert.crt";
+    char *secondPname = "nameConstraintsDN4CACert.crt";
+    char *thirdPname = "nameConstraintsDN5CACert.crt";
+    char *lastPname = "InvalidDNnameConstraintsTest3EE.crt";
+    PKIX_PL_Cert *firstCert = NULL;
+    PKIX_PL_Cert *secondCert = NULL;
+    PKIX_PL_Cert *thirdCert = NULL;
+    PKIX_PL_Cert *lastCert = NULL;
+    PKIX_PL_CertNameConstraints *firstNC = NULL;
+    PKIX_PL_CertNameConstraints *secondNC = NULL;
+    PKIX_PL_CertNameConstraints *thirdNC = NULL;
+    PKIX_PL_CertNameConstraints *firstMergedNC = NULL;
+    PKIX_PL_CertNameConstraints *secondMergedNC = NULL;
+    char *firstExpectedAscii =
+        "[\n"
+        "\t\tPermitted Name:  (O=Test Certificates,C=US)\n"
+        "\t\tExcluded Name:   (OU=excludedSubtree1,O=Test Certificates,"
+        "C=US, OU=excludedSubtree2,O=Test Certificates,C=US)\n"
+        "\t]\n";
+    char *secondExpectedAscii =
+        "[\n"
+        "\t\tPermitted Name:  (O=Test Certificates,C=US, "
+        "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+        "\t\tExcluded Name:   (OU=excludedSubtree1,"
+        "O=Test Certificates,"
+        "C=US, OU=excludedSubtree2,O=Test Certificates,C=US, "
+        "OU=excludedSubtree1,OU=permittedSubtree1,"
+        "O=Test Certificates,C=US)\n"
+        "\t]\n";
+
+    PKIX_TEST_STD_VARS();
+    subTest("PKIX_PL_CertNameConstraints");
+
+    firstCert = createCert(dataDir, firstPname, plContext);
+    secondCert = createCert(dataDir, secondPname, plContext);
+    thirdCert = createCert(dataDir, thirdPname, plContext);
+    lastCert = createCert(dataDir, lastPname, plContext);
+
+    subTest("PKIX_PL_Cert_GetNameConstraints <total=3>");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(firstCert, &firstNC, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(secondCert, &secondNC, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(thirdCert, &thirdNC, NULL));
+
+    subTest("PKIX_PL_Cert_MergeNameConstraints <1st and 2nd>");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstNC, secondNC, &firstMergedNC, NULL));
+
+    subTest("PKIX_PL_Cert_MergeNameConstraints <1st+2nd and 3rd>");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_MergeNameConstraints(firstMergedNC, thirdNC, &secondMergedNC, NULL));
+
+    testToStringHelper((PKIX_PL_Object *)firstMergedNC,
+                       firstExpectedAscii,
+                       plContext);
+
+    testToStringHelper((PKIX_PL_Object *)secondMergedNC,
+                       secondExpectedAscii,
+                       plContext);
+
+    subTest("PKIX_PL_Cert_CheckNameConstraints <permitted>");
+
+    /* Subject: CN=nameConstraints DN3 subCA2,O=Test Certificates,C=US */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, firstMergedNC, NULL));
+
+    subTest("PKIX_PL_Cert_CheckNameConstraints <OU in excluded>");
+
+    /*
+         * Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
+         * OU=permittedSubtree1,O=Test Certificates,C=US
+         */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, secondMergedNC, NULL));
+
+    subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
+
+    /*
+         * Subject: CN=Invalid DN nameConstraints EE Certificate Test3,
+         * OU=permittedSubtree1,O=Test Certificates,C=US
+         * SubjectAltNames: CN=Invalid DN nameConstraints EE Certificate
+         * Test3,OU=excludedSubtree1,O=Test Certificates,C=US
+         */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(lastCert, firstMergedNC, NULL));
+
+    subTest("PKIX_PL_Cert_CheckNameConstraints <excluded>");
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Cert_CheckNameConstraints(firstCert, secondMergedNC, NULL));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(firstCert);
+    PKIX_TEST_DECREF_AC(secondCert);
+    PKIX_TEST_DECREF_AC(thirdCert);
+    PKIX_TEST_DECREF_AC(lastCert);
+    PKIX_TEST_DECREF_AC(firstNC);
+    PKIX_TEST_DECREF_AC(secondNC);
+    PKIX_TEST_DECREF_AC(thirdNC);
+    PKIX_TEST_DECREF_AC(firstMergedNC);
+    PKIX_TEST_DECREF_AC(secondMergedNC);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+    PKIX_TEST_DECREF_BC(altNameNoneCert);
+    PKIX_TEST_DECREF_BC(altNameOtherCert);
+    PKIX_TEST_DECREF_BC(altNameOtherCert_diff);
+    PKIX_TEST_DECREF_BC(altNameRfc822Cert);
+    PKIX_TEST_DECREF_BC(altNameRfc822Cert_diff);
+    PKIX_TEST_DECREF_BC(altNameDnsCert);
+    PKIX_TEST_DECREF_BC(altNameDnsCert_diff);
+    PKIX_TEST_DECREF_BC(altNameX400Cert);
+    PKIX_TEST_DECREF_BC(altNameX400Cert_diff);
+    PKIX_TEST_DECREF_BC(altNameDnCert);
+    PKIX_TEST_DECREF_BC(altNameDnCert_diff);
+    PKIX_TEST_DECREF_BC(altNameEdiCert);
+    PKIX_TEST_DECREF_BC(altNameEdiCert_diff);
+    PKIX_TEST_DECREF_BC(altNameUriCert);
+    PKIX_TEST_DECREF_BC(altNameUriCert_diff);
+    PKIX_TEST_DECREF_BC(altNameIpCert);
+    PKIX_TEST_DECREF_BC(altNameIpCert_diff);
+    PKIX_TEST_DECREF_BC(altNameOidCert);
+    PKIX_TEST_DECREF_BC(altNameOidCert_diff);
+    PKIX_TEST_DECREF_BC(altNameMultipleCert);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_cert <test-purpose> <data-central-dir> <data-dir>\n\n");
+}
+
+int
+test_cert(int argc, char *argv[])
+{
+
+    PKIX_PL_Cert *goodObject = NULL;
+    PKIX_PL_Cert *equalObject = NULL;
+    PKIX_PL_Cert *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    char *dataCentralDir = NULL;
+    char *dataDir = NULL;
+    char *goodInput = "yassir2bcn";
+    char *diffInput = "nss2alice";
+
+    char *expectedAscii =
+        "[\n"
+        "\tVersion:         v3\n"
+        "\tSerialNumber:    37bc66ec\n"
+        "\tIssuer:          CN=yassir,OU=bcn,OU=east,O=sun,C=us\n"
+        "\tSubject:         OU=bcn,OU=east,O=sun,C=us\n"
+        "\tValidity: [From: Thu Aug 19, 1999\n"
+        /*      "\tValidity: [From: Thu Aug 19 16:19:56 1999\n"  */
+        "\t           To:   Fri Aug 18, 2000]\n"
+        /*      "\t           To:   Fri Aug 18 16:19:56 2000]\n" */
+        "\tSubjectAltNames: (null)\n"
+        "\tAuthorityKeyId:  (null)\n"
+        "\tSubjectKeyId:    (null)\n"
+        "\tSubjPubKeyAlgId: ANSI X9.57 DSA Signature\n"
+        "\tCritExtOIDs:     (2.5.29.15, 2.5.29.19)\n"
+        "\tExtKeyUsages:    (null)\n"
+        "\tBasicConstraint: CA(0)\n"
+        "\tCertPolicyInfo:  (null)\n"
+        "\tPolicyMappings:  (null)\n"
+        "\tExplicitPolicy:  -1\n"
+        "\tInhibitMapping:  -1\n"
+        "\tInhibitAnyPolicy:-1\n"
+        "\tNameConstraints: (null)\n"
+        "\tAuthorityInfoAccess: (null)\n"
+        "\tSubjectInfoAccess: (null)\n"
+        "\tCacheFlag:       0\n"
+        "]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Cert");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 3 + j) {
+        printUsage();
+        return (0);
+    }
+
+    dataCentralDir = argv[2 + j];
+    dataDir = argv[3 + j];
+
+    createCerts(dataCentralDir,
+                goodInput,
+                diffInput,
+                &goodObject,
+                &equalObject,
+                &diffObject);
+
+    testToStringHelper((PKIX_PL_Object *)goodObject, expectedAscii, plContext);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                expectedAscii,
+                                Cert,
+                                PKIX_TRUE);
+
+    testVerifyKeyUsage(dataCentralDir, dataDir, goodObject);
+
+    testGetExtendedKeyUsage(dataCentralDir);
+    testGetKeyIdentifiers(dataCentralDir, goodObject);
+
+    testGetVersion(goodObject);
+    testGetSerialNumber(goodObject, equalObject, diffObject);
+
+    testGetSubject(goodObject, equalObject, diffObject);
+    testGetIssuer(goodObject, equalObject, diffObject);
+
+    testGetSubjectAltNames(dataCentralDir);
+    testGetCriticalExtensionOIDs(dataCentralDir, goodObject);
+
+    testGetSubjectPublicKey(goodObject, equalObject, diffObject);
+    testGetSubjectPublicKeyAlgId(goodObject);
+    testMakeInheritedDSAPublicKey(dataCentralDir);
+
+    testCheckValidity(goodObject, diffObject);
+
+    testBasicConstraints_GetCAFlag(dataCentralDir);
+    testBasicConstraints_GetPathLenConstraint(dataCentralDir);
+    testGetBasicConstraints(dataCentralDir);
+
+    /* Basic Policy Processing */
+    testGetPolicyInformation(dataDir);
+    testCertPolicy_GetPolicyId(dataDir);
+    testCertPolicy_GetPolQualifiers(dataDir);
+    testPolicyQualifier_GetPolicyQualifierId(dataDir);
+    testPolicyQualifier_GetQualifier(dataDir);
+    testAreCertPoliciesCritical(dataCentralDir, dataDir);
+
+    /* Advanced Policy Processing */
+    testCertPolicyConstraints(dataDir);
+    testCertPolicyMaps(dataDir);
+
+    testNameConstraints(dataDir);
+
+    testVerifySignature(dataCentralDir);
+
+    testDestroy(goodObject, equalObject, diffObject);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Cert");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_crl.c b/nss/cmd/libpkix/pkix_pl/pki/test_crl.c
new file mode 100644
index 0000000..6372c7a
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_crl.c
@@ -0,0 +1,302 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_crl.c
+ *
+ * Test CRL Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createCRLs(
+    char *dataDir,
+    char *goodInput,
+    char *diffInput,
+    PKIX_PL_CRL **goodObject,
+    PKIX_PL_CRL **equalObject,
+    PKIX_PL_CRL **diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CRL_Create <goodObject>");
+    *goodObject = createCRL(dataDir, goodInput, plContext);
+
+    subTest("PKIX_PL_CRL_Create <equalObject>");
+    *equalObject = createCRL(dataDir, goodInput, plContext);
+
+    subTest("PKIX_PL_CRL_Create <diffObject>");
+    *diffObject = createCRL(dataDir, diffInput, plContext);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCRLEntryForSerialNumber(
+    PKIX_PL_CRL *goodObject)
+{
+    PKIX_PL_BigInt *bigInt;
+    PKIX_PL_String *bigIntString = NULL;
+    PKIX_PL_CRLEntry *crlEntry = NULL;
+    PKIX_PL_String *crlEntryString = NULL;
+    char *snAscii = "3039";
+    char *expectedAscii =
+        "\n\t[\n"
+        "\tSerialNumber:    3039\n"
+        "\tReasonCode:      257\n"
+        "\tRevocationDate:  Fri Jan 07, 2005\n"
+        /*      "\tRevocationDate:  Fri Jan 07 15:09:10 2005\n" */
+        "\tCritExtOIDs:     (EMPTY)\n"
+        "\t]\n\t";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        snAscii,
+        PL_strlen(snAscii),
+        &bigIntString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+        bigIntString,
+        &bigInt,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+        goodObject, bigInt, &crlEntry, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(
+        (PKIX_PL_Object *)crlEntry,
+        &crlEntryString,
+        plContext));
+
+    testToStringHelper((PKIX_PL_Object *)crlEntryString,
+                       expectedAscii, plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(bigIntString);
+    PKIX_TEST_DECREF_AC(bigInt);
+    PKIX_TEST_DECREF_AC(crlEntryString);
+    PKIX_TEST_DECREF_AC(crlEntry);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetIssuer(
+    PKIX_PL_CRL *goodObject,
+    PKIX_PL_CRL *equalObject,
+    PKIX_PL_CRL *diffObject)
+{
+    PKIX_PL_X500Name *goodIssuer = NULL;
+    PKIX_PL_X500Name *equalIssuer = NULL;
+    PKIX_PL_X500Name *diffIssuer = NULL;
+    char *expectedAscii = "CN=hanfeiyu,O=sun,C=us";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CRL_GetIssuer");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_CRL_GetIssuer(goodObject, &goodIssuer, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_CRL_GetIssuer(equalObject, &equalIssuer, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_CRL_GetIssuer(diffObject, &diffIssuer, plContext));
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodIssuer,
+                                equalIssuer,
+                                diffIssuer,
+                                expectedAscii,
+                                X500Name,
+                                PKIX_TRUE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodIssuer);
+    PKIX_TEST_DECREF_AC(equalIssuer);
+    PKIX_TEST_DECREF_AC(diffIssuer);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsAbsent(PKIX_PL_CRL *crl)
+{
+    PKIX_List *oidList = NULL;
+    PKIX_UInt32 numOids = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCriticalExtensionOIDs(crl, &oidList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext));
+    if (numOids != 0) {
+        pkixTestErrorMsg = "unexpected mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(oidList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCriticalExtensionOIDs(PKIX_PL_CRL *goodObject)
+{
+    subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
+            "<0 element>");
+    testCritExtensionsAbsent(goodObject);
+}
+
+static void
+testVerifySignature(char *dataCentralDir, PKIX_PL_CRL *crl)
+{
+    PKIX_PL_Cert *firstCert = NULL;
+    PKIX_PL_Cert *secondCert = NULL;
+    PKIX_PL_PublicKey *firstPubKey = NULL;
+    PKIX_PL_PublicKey *secondPubKey = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Cert_Create <hanfeiyu2hanfeiyu>");
+    firstCert = createCert(dataCentralDir, "hanfeiyu2hanfeiyu", plContext);
+
+    subTest("PKIX_PL_Cert_Create <hy2hy-bc0>");
+    secondCert = createCert(dataCentralDir, "hy2hy-bc0", plContext);
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfeiyu2hanfeiyu>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(firstCert, &firstPubKey, plContext));
+
+    subTest("PKIX_PL_Cert_GetSubjectPublicKey <hanfei2hanfei>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(secondCert, &secondPubKey, plContext));
+
+    subTest("PKIX_PL_CRL_VerifySignature <positive>");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_VerifySignature(crl, firstPubKey, plContext));
+
+    subTest("PKIX_PL_CRL_VerifySignature <negative>");
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_CRL_VerifySignature(crl, secondPubKey, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(firstCert);
+    PKIX_TEST_DECREF_AC(secondCert);
+    PKIX_TEST_DECREF_AC(firstPubKey);
+    PKIX_TEST_DECREF_AC(secondPubKey);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_crl <test-purpose> <data-central-dir>\n\n");
+}
+
+/* Functional tests for CRL public functions */
+
+int
+test_crl(int argc, char *argv[])
+{
+    PKIX_PL_CRL *goodObject = NULL;
+    PKIX_PL_CRL *equalObject = NULL;
+    PKIX_PL_CRL *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    char *dataCentralDir = NULL;
+    char *goodInput = "crlgood.crl";
+    char *diffInput = "crldiff.crl";
+    char *expectedAscii =
+        "[\n"
+        "\tVersion:         v2\n"
+        "\tIssuer:          CN=hanfeiyu,O=sun,C=us\n"
+        "\tUpdate:   [Last: Fri Jan 07, 2005\n"
+        /*      "\tUpdate:   [Last: Fri Jan 07 15:09:10 2005\n" */
+        "\t           Next: Sat Jan 07, 2006]\n"
+        /*      "\t           Next: Sat Jan 07 15:09:10 2006]\n" */
+        "\tSignatureAlgId:  1.2.840.10040.4.3\n"
+        "\tCRL Number     : (null)\n"
+        "\n\tEntry List:      (\n"
+        "\t[\n"
+        "\tSerialNumber:    010932\n"
+        "\tReasonCode:      260\n"
+        "\tRevocationDate:  Fri Jan 07, 2005\n"
+        /*      "\tRevocationDate:  Fri Jan 07 15:09:10 2005\n" */
+        "\tCritExtOIDs:     (EMPTY)\n"
+        "\t]\n\t"
+        ", "
+        "\n\t[\n"
+        "\tSerialNumber:    3039\n"
+        "\tReasonCode:      257\n"
+        "\tRevocationDate:  Fri Jan 07, 2005\n"
+        /*      "\tRevocationDate:  Fri Jan 07 15:09:10 2005\n" */
+        "\tCritExtOIDs:     (EMPTY)\n"
+        "\t]\n\t"
+        ")"
+        "\n\n"
+        "\tCritExtOIDs:     (EMPTY)\n"
+        "]\n";
+    /* Note XXX serialnumber and reasoncode need debug */
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("CRL");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 3 + j) {
+        printUsage();
+        return (0);
+    }
+
+    dataCentralDir = argv[2 + j];
+
+    createCRLs(dataCentralDir,
+               goodInput,
+               diffInput,
+               &goodObject,
+               &equalObject,
+               &diffObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                expectedAscii,
+                                CRL,
+                                PKIX_TRUE);
+
+    testGetIssuer(goodObject, equalObject, diffObject);
+
+    testGetCriticalExtensionOIDs(goodObject);
+
+    testGetCRLEntryForSerialNumber(goodObject);
+
+    testVerifySignature(dataCentralDir, goodObject);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodObject);
+    PKIX_TEST_DECREF_AC(equalObject);
+    PKIX_TEST_DECREF_AC(diffObject);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CRL");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c b/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c
new file mode 100644
index 0000000..30a008b
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_crlentry.c
@@ -0,0 +1,208 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_crlentry.c
+ *
+ * Test CRLENTRY Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createCRLEntries(
+    char *dataDir,
+    char *crlInput,
+    PKIX_PL_CRL **pCrl,
+    PKIX_PL_CRLEntry **goodObject,
+    PKIX_PL_CRLEntry **equalObject,
+    PKIX_PL_CRLEntry **diffObject)
+{
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_PL_BigInt *firstSNBigInt = NULL;
+    PKIX_PL_BigInt *secondSNBigInt = NULL;
+    PKIX_PL_String *firstSNString = NULL;
+    PKIX_PL_String *secondSNString = NULL;
+    char *firstSNAscii = "010932";
+    char *secondSNAscii = "3039";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CRL_Create <crl>");
+    crl = createCRL(dataDir, crlInput, plContext);
+
+    subTest("PKIX_PL_CRL_GetCRLEntryForSerialNumber");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        firstSNAscii,
+        PL_strlen(firstSNAscii),
+        &firstSNString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+        firstSNString,
+        &firstSNBigInt,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+        crl, firstSNBigInt, goodObject, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+        crl, firstSNBigInt, equalObject, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        secondSNAscii,
+        PL_strlen(secondSNAscii),
+        &secondSNString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(
+        secondSNString,
+        &secondSNBigInt,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+        crl, secondSNBigInt, diffObject, plContext));
+
+    *pCrl = crl;
+
+cleanup:
+    PKIX_TEST_DECREF_AC(firstSNBigInt);
+    PKIX_TEST_DECREF_AC(secondSNBigInt);
+    PKIX_TEST_DECREF_AC(firstSNString);
+    PKIX_TEST_DECREF_AC(secondSNString);
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetReasonCode(
+    PKIX_PL_CRLEntry *goodObject)
+{
+    PKIX_Int32 reasonCode = 0;
+    PKIX_Int32 expectedReasonCode = 260;
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
+        goodObject, &reasonCode, plContext));
+
+    if (reasonCode != expectedReasonCode) {
+        testError("unexpected value of CRL Entry Reason Code");
+        (void)printf("Actual value:\t%d\n", reasonCode);
+        (void)printf("Expected value:\t%d\n", expectedReasonCode);
+        goto cleanup;
+    }
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCritExtensionsAbsent(PKIX_PL_CRLEntry *crlEntry)
+{
+    PKIX_List *oidList = NULL;
+    PKIX_UInt32 numOids = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(crlEntry, &oidList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(oidList, &numOids, plContext));
+    if (numOids != 0) {
+        pkixTestErrorMsg = "unexpected mismatch";
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(oidList);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetCriticalExtensionOIDs(PKIX_PL_CRLEntry *goodObject)
+{
+    subTest("PKIX_PL_CRL_GetCriticalExtensionOIDs "
+            "<CritExtensionsAbsent>");
+    testCritExtensionsAbsent(goodObject);
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_crlentry <data-dir>\n\n");
+}
+
+/* Functional tests for CRLENTRY public functions */
+
+int
+test_crlentry(int argc, char *argv[])
+{
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_PL_CRLEntry *goodObject = NULL;
+    PKIX_PL_CRLEntry *equalObject = NULL;
+    PKIX_PL_CRLEntry *diffObject = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    char *dataDir = NULL;
+    char *goodInput = "crlgood.crl";
+    char *expectedAscii =
+        "\n\t[\n"
+        "\tSerialNumber:    010932\n"
+        "\tReasonCode:      260\n"
+        "\tRevocationDate:  Fri Jan 07 15:09:10 2005\n"
+        "\tCritExtOIDs:     (EMPTY)\n"
+        "\t]\n\t";
+
+    /* Note XXX serialnumber and reasoncode need debug */
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("CRLEntry");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 1 + j) {
+        printUsage();
+        return (0);
+    }
+
+    dataDir = argv[1 + j];
+
+    createCRLEntries(dataDir, goodInput, &crl, &goodObject, &equalObject, &diffObject);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                NULL, /* expectedAscii, */
+                                CRLENTRY,
+                                PKIX_TRUE);
+
+    testGetReasonCode(goodObject);
+
+    testGetCriticalExtensionOIDs(goodObject);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(crl);
+    PKIX_TEST_DECREF_AC(goodObject);
+    PKIX_TEST_DECREF_AC(equalObject);
+    PKIX_TEST_DECREF_AC(diffObject);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("CRLEntry");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_date.c b/nss/cmd/libpkix/pkix_pl/pki/test_date.c
new file mode 100644
index 0000000..4fb3718
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_date.c
@@ -0,0 +1,106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_date.c
+ *
+ * Test Date Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createDates(char *goodInput, char *diffInput,
+            PKIX_PL_Date **goodDate,
+            PKIX_PL_Date **equalDate,
+            PKIX_PL_Date **diffDate)
+{
+
+    subTest("PKIX_PL_Date_Create <goodDate>");
+    *goodDate = createDate(goodInput, plContext);
+
+    subTest("PKIX_PL_Date_Create <equalDate>");
+    *equalDate = createDate(goodInput, plContext);
+
+    subTest("PKIX_PL_Date_Create <diffDate>");
+    *diffDate = createDate(diffInput, plContext);
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_Date_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDate(char *goodInput, char *diffInput)
+{
+
+    PKIX_PL_Date *goodDate = NULL;
+    PKIX_PL_Date *equalDate = NULL;
+    PKIX_PL_Date *diffDate = NULL;
+
+    /*
+         * The ASCII rep of the date will vary by platform and locale
+         * This particular string was generated on a SPARC running Solaris 9
+         * in an English locale
+         */
+    /* char *expectedAscii = "Mon Mar 29 08:48:47 2004"; */
+    char *expectedAscii = "Mon Mar 29, 2004";
+
+    PKIX_TEST_STD_VARS();
+
+    createDates(goodInput, diffInput,
+                &goodDate, &equalDate, &diffDate);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodDate, equalDate, diffDate, expectedAscii, Date, PKIX_TRUE);
+
+    testDestroy(goodDate, equalDate, diffDate);
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_date(int argc, char *argv[])
+{
+
+    char *goodInput = NULL;
+    char *diffInput = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Date");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    goodInput = "040329134847Z";
+    diffInput = "050329135847Z";
+    testDate(goodInput, diffInput);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Date");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c b/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c
new file mode 100644
index 0000000..9719cd9
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_generalname.c
@@ -0,0 +1,123 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_generalname.c
+ *
+ * Test GeneralName Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createGeneralNames(PKIX_UInt32 nameType, char *goodInput, char *diffInput,
+                   PKIX_PL_GeneralName **goodName,
+                   PKIX_PL_GeneralName **equalName,
+                   PKIX_PL_GeneralName **diffName)
+{
+
+    subTest("PKIX_PL_GeneralName_Create <goodName>");
+    *goodName = createGeneralName(nameType, goodInput, plContext);
+
+    subTest("PKIX_PL_GeneralName_Create <equalName>");
+    *equalName = createGeneralName(nameType, goodInput, plContext);
+
+    subTest("PKIX_PL_GeneralName_Create <diffName>");
+    *diffName = createGeneralName(nameType, diffInput, plContext);
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_GeneralName_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testNameType(PKIX_UInt32 nameType, char *goodInput, char *diffInput, char *expectedAscii)
+{
+
+    PKIX_PL_GeneralName *goodName = NULL;
+    PKIX_PL_GeneralName *equalName = NULL;
+    PKIX_PL_GeneralName *diffName = NULL;
+
+    createGeneralNames(nameType, goodInput, diffInput,
+                       &goodName, &equalName, &diffName);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodName,
+                                equalName,
+                                diffName,
+                                expectedAscii,
+                                GeneralName,
+                                PKIX_TRUE);
+
+    testDestroy(goodName, equalName, diffName);
+}
+
+int
+test_generalname(int argc, char *argv[])
+{
+
+    char *goodInput = NULL;
+    char *diffInput = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("GeneralName");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    goodInput = "john@sun.com";
+    diffInput = "john@labs.com";
+    testNameType(PKIX_RFC822_NAME, goodInput, diffInput, goodInput);
+
+    goodInput = "example1.com";
+    diffInput = "ex2.net";
+    testNameType(PKIX_DNS_NAME, goodInput, diffInput, goodInput);
+
+    goodInput = "cn=yassir, ou=labs, o=sun, c=us";
+    diffInput = "cn=alice, ou=labs, o=sun, c=us";
+    testNameType(PKIX_DIRECTORY_NAME,
+                 goodInput,
+                 diffInput,
+                 "CN=yassir,OU=labs,O=sun,C=us");
+
+    goodInput = "http://example1.com";
+    diffInput = "http://ex2.net";
+    testNameType(PKIX_URI_NAME, goodInput, diffInput, goodInput);
+
+    goodInput = "1.2.840.11";
+    diffInput = "1.2.840.115349";
+    testNameType(PKIX_OID_NAME, goodInput, diffInput, goodInput);
+
+/*
+         * We don't support creating PKIX_EDIPARTY_NAME,
+         * PKIX_IP_NAME, OTHER_NAME, X400_ADDRESS from strings
+         */
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("GeneralName");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c b/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
new file mode 100644
index 0000000..636ba3e
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_nameconstraints.c
@@ -0,0 +1,127 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_nameconstraints.c
+ *
+ * Test CERT Name Constraints Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static char *
+catDirName(char *platform, char *dir, void *plContext)
+{
+    char *pathName = NULL;
+    PKIX_UInt32 dirLen;
+    PKIX_UInt32 platformLen;
+
+    PKIX_TEST_STD_VARS();
+
+    dirLen = PL_strlen(dir);
+    platformLen = PL_strlen(platform);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(platformLen +
+                                                 dirLen +
+                                                 2,
+                                             (void **)&pathName, plContext));
+
+    PL_strcpy(pathName, platform);
+    PL_strcat(pathName, "/");
+    PL_strcat(pathName, dir);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (pathName);
+}
+
+static void
+testNameConstraints(char *dataDir)
+{
+    char *goodPname = "nameConstraintsDN5CACert.crt";
+    PKIX_PL_Cert *goodCert = NULL;
+    PKIX_PL_CertNameConstraints *goodNC = NULL;
+    char *expectedAscii =
+        "[\n"
+        "\t\tPermitted Name:  (OU=permittedSubtree1,"
+        "O=Test Certificates,C=US)\n"
+        "\t\tExcluded Name:   (OU=excludedSubtree1,"
+        "OU=permittedSubtree1,O=Test Certificates,C=US)\n"
+        "\t]\n";
+
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_CertNameConstraints");
+
+    goodCert = createCert(dataDir, goodPname, plContext);
+
+    subTest("PKIX_PL_Cert_GetNameConstraints");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(goodCert, &goodNC, plContext));
+
+    testToStringHelper((PKIX_PL_Object *)goodNC, expectedAscii, plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(goodNC);
+    PKIX_TEST_DECREF_AC(goodCert);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\ttest_nameconstraints <test-purpose>"
+                 " <data-dir> <platform-prefix>\n\n");
+}
+
+/* Functional tests for CRL public functions */
+
+int
+test_nameconstraints(int argc, char *argv[])
+{
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    char *platformDir = NULL;
+    char *dataDir = NULL;
+    char *combinedDir = NULL;
+
+    /* Note XXX serialnumber and reasoncode need debug */
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("NameConstraints");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 3 + j) {
+        printUsage();
+        return (0);
+    }
+
+    dataDir = argv[2 + j];
+    platformDir = argv[3 + j];
+    combinedDir = catDirName(platformDir, dataDir, plContext);
+
+    testNameConstraints(combinedDir);
+
+cleanup:
+
+    pkixTestErrorResult = PKIX_PL_Free(combinedDir, plContext);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("NameConstraints");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c b/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
new file mode 100644
index 0000000..8f2ff9e
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_subjectinfoaccess.c
@@ -0,0 +1,121 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_subjectinfoaccess.c
+ *
+ * Test Subject InfoAccess Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+int
+test_subjectinfoaccess(int argc, char *argv[])
+{
+
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_Cert *certDiff = NULL;
+    PKIX_List *aiaList = NULL;
+    PKIX_List *siaList = NULL;
+    PKIX_PL_InfoAccess *sia = NULL;
+    PKIX_PL_InfoAccess *siaDup = NULL;
+    PKIX_PL_InfoAccess *siaDiff = NULL;
+    PKIX_PL_GeneralName *location = NULL;
+    char *certPathName = NULL;
+    char *dirName = NULL;
+    PKIX_UInt32 method = 0;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 size, i;
+    PKIX_UInt32 j = 0;
+    char *expectedAscii = "[method:caRepository, "
+                          "location:http://betty.nist.gov/pathdiscoverytestsuite/"
+                          "p7cfiles/IssuedByTrustAnchor1.p7c]";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("SubjectInfoAccess");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    if (argc < 5 + j) {
+        printf("Usage: %s <test-purpose> <cert> <diff-cert>\n", argv[0]);
+    }
+
+    dirName = argv[2 + j];
+    certPathName = argv[3 + j];
+
+    subTest("Creating Cert with Subject Info Access");
+    cert = createCert(dirName, certPathName, plContext);
+
+    certPathName = argv[4 + j];
+
+    subTest("Creating Cert with Subject Info Access");
+    certDiff = createCert(dirName, certPathName, plContext);
+
+    subTest("Getting Subject Info Access");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectInfoAccess(cert, &siaList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(siaList, &size, plContext));
+
+    if (size != 1) {
+        pkixTestErrorMsg = "unexpected number of AIA";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&sia, plContext));
+
+    subTest("PKIX_PL_InfoAccess_GetMethod");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetMethod(sia, &method, plContext));
+    if (method != PKIX_INFOACCESS_CA_REPOSITORY) {
+        pkixTestErrorMsg = "unexpected method of AIA";
+        goto cleanup;
+    }
+
+    subTest("PKIX_PL_InfoAccess_GetLocation");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_InfoAccess_GetLocation(sia, &location, plContext));
+    if (!location) {
+        pkixTestErrorMsg = "Cannot get AIA location";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(siaList, 0, (PKIX_PL_Object **)&siaDup, plContext));
+
+    subTest("Getting Authority Info Access as difference comparison");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetAuthorityInfoAccess(certDiff, &aiaList, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(aiaList, &size, plContext));
+
+    if (size != 1) {
+        pkixTestErrorMsg = "unexpected number of AIA";
+        goto cleanup;
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(aiaList, 0, (PKIX_PL_Object **)&siaDiff, plContext));
+
+    subTest("Checking: Equal, Hash and ToString");
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(sia, siaDup, siaDiff, expectedAscii, InfoAccess, PKIX_FALSE);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(location);
+    PKIX_TEST_DECREF_AC(sia);
+    PKIX_TEST_DECREF_AC(siaDup);
+    PKIX_TEST_DECREF_AC(siaDiff);
+    PKIX_TEST_DECREF_AC(aiaList);
+    PKIX_TEST_DECREF_AC(siaList);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(certDiff);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Subjectinfoaccess");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c b/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c
new file mode 100644
index 0000000..91ff63f
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/pki/test_x500name.c
@@ -0,0 +1,169 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_x500name.c
+ *
+ * Test X500Name Type
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static PKIX_PL_X500Name *
+createX500Name(char *asciiName, PKIX_Boolean expectedToPass)
+{
+
+    PKIX_PL_X500Name *x500Name = NULL;
+    PKIX_PL_String *plString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext));
+
+    if (expectedToPass) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext));
+    } else {
+        PKIX_TEST_EXPECT_ERROR(PKIX_PL_X500Name_Create(plString, &x500Name, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(plString);
+
+    PKIX_TEST_RETURN();
+
+    return (x500Name);
+}
+
+static void
+createX500Names(char *goodInput, char *diffInput, char *diffInputMatch,
+                PKIX_PL_X500Name **goodObject,
+                PKIX_PL_X500Name **equalObject,
+                PKIX_PL_X500Name **diffObject,
+                PKIX_PL_X500Name **diffObjectMatch)
+{
+    char *badAscii = "cn=yas#sir,ou=labs,o=sun,c=us";
+    PKIX_PL_X500Name *badObject = NULL;
+
+    subTest("PKIX_PL_X500Name_Create <goodObject>");
+    *goodObject = createX500Name(goodInput, PKIX_TRUE);
+
+    subTest("PKIX_PL_X500Name_Create <equalObject>");
+    *equalObject = createX500Name(goodInput, PKIX_TRUE);
+
+    subTest("PKIX_PL_X500Name_Create <diffObject>");
+    *diffObject = createX500Name(diffInput, PKIX_TRUE);
+
+    subTest("PKIX_PL_X500Name_Create <diffObjectMatch>");
+    *diffObjectMatch = createX500Name(diffInputMatch, PKIX_TRUE);
+
+    subTest("PKIX_PL_X500Name_Create <negative>");
+    badObject = createX500Name(badAscii, PKIX_FALSE);
+}
+
+static void
+testMatchHelper(PKIX_PL_X500Name *goodName, PKIX_PL_X500Name *otherName, PKIX_Boolean match)
+{
+    PKIX_Boolean cmpResult;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_X500Name_Match(goodName,
+                                                     otherName,
+                                                     &cmpResult,
+                                                     plContext));
+
+    if ((match && !cmpResult) || (!match && cmpResult)) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", cmpResult);
+        (void)printf("Expected value:\t%d\n", match);
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testMatch(void *goodObject, void *diffObject, void *diffObjectMatch)
+{
+    subTest("PKIX_PL_X500Name_Match <match>");
+    testMatchHelper((PKIX_PL_X500Name *)diffObject,
+                    (PKIX_PL_X500Name *)diffObjectMatch,
+                    PKIX_TRUE);
+
+    subTest("PKIX_PL_X500Name_Match <non-match>");
+    testMatchHelper((PKIX_PL_X500Name *)goodObject,
+                    (PKIX_PL_X500Name *)diffObject,
+                    PKIX_FALSE);
+}
+
+static void
+testDestroy(void *goodObject, void *equalObject, void *diffObject, void *diffObjectMatch)
+{
+    PKIX_TEST_STD_VARS();
+
+    subTest("PKIX_PL_X500Name_Destroy");
+
+    PKIX_TEST_DECREF_BC(goodObject);
+    PKIX_TEST_DECREF_BC(equalObject);
+    PKIX_TEST_DECREF_BC(diffObject);
+    PKIX_TEST_DECREF_BC(diffObjectMatch);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_x500name(int argc, char *argv[])
+{
+
+    PKIX_PL_X500Name *goodObject = NULL;
+    PKIX_PL_X500Name *equalObject = NULL;
+    PKIX_PL_X500Name *diffObject = NULL;
+    PKIX_PL_X500Name *diffObjectMatch = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    /* goodInput is encoded in PKIX_ESCASCII */
+    char *goodInput = "cn=Strau&#x00Df;,ou=labs,o=sun,c=us";
+    char *diffInput = "cn=steve,ou=labs,o=sun,c=us";
+    char *diffInputMatch = "Cn=SteVe,Ou=lABs,o=SUn,c=uS";
+    char *expectedAscii = "CN=Strau&#x00DF;,OU=labs,O=sun,C=us";
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("X500Name");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    createX500Names(goodInput, diffInput, diffInputMatch,
+                    &goodObject, &equalObject, &diffObject, &diffObjectMatch);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObject,
+                                equalObject,
+                                diffObject,
+                                expectedAscii,
+                                X500Name,
+                                PKIX_TRUE);
+
+    testMatch(goodObject, diffObject, diffObjectMatch);
+
+    testDestroy(goodObject, equalObject, diffObject, diffObjectMatch);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("X500Name");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/Makefile b/nss/cmd/libpkix/pkix_pl/system/Makefile
new file mode 100755
index 0000000..09ca5f1
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkix_pl/system/manifest.mn b/nss/cmd/libpkix/pkix_pl/system/manifest.mn
new file mode 100755
index 0000000..edbf0cd
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/manifest.mn
@@ -0,0 +1,38 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+# test_rwlock.c is taken out, need to link to libpkix internals
+#
+# The test is using LIBPKIX PL call directly, which violates our
+# code convention.
+#
+CSRCS = test_bigint.c \
+	test_bytearray.c \
+	test_hashtable.c \
+	test_mem.c \
+	test_mutex.c \
+	test_mutex2.c \
+	test_mutex3.c \
+	test_monitorlock.c \
+	test_object.c \
+	test_oid.c \
+	stress_test.c \
+	test_string.c \
+	test_string2.c \
+	$(NULL)
+
+
+LIBRARY_NAME=pkixtoolsys
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+ 
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/pkix_pl/system/stress_test.c b/nss/cmd/libpkix/pkix_pl/system/stress_test.c
new file mode 100644
index 0000000..839dc06
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/stress_test.c
@@ -0,0 +1,146 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * stress_test.c
+ *
+ * Creates and deletes many objects
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+int
+stress_test(int argc, char *argv[])
+{
+
+    PKIX_UInt32 i, k, length, hashcode;
+    PKIX_UInt32 size = 17576;
+    char temp[4];
+    PKIX_Boolean result;
+    PKIX_PL_String *strings[17576], *tempString;
+    PKIX_PL_String *utf16strings[17576];
+    PKIX_PL_ByteArray *byteArrays[17576];
+    void *dest;
+    PKIX_PL_HashTable *ht = NULL;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Stress Test");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    /* ---------------------------- */
+    subTest("Create every three letter String");
+
+    for (i = 0; i < 26; i++)
+        for (j = 0; j < 26; j++)
+            for (k = 0; k < 26; k++) {
+                temp[0] = (char)('a' + i);
+                temp[1] = (char)('a' + j);
+                temp[2] = (char)('a' + k);
+                temp[3] = 0;
+                PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, temp, 3,
+                                                                &strings[26 * (i * 26 + j) + k],
+                                                                plContext));
+            }
+
+    /* ---------------------------- */
+    subTest("Create a bytearray from each string's UTF-16 encoding");
+    for (i = 0; i < size; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(strings[i],
+                                                            PKIX_UTF16,
+                                                            &dest,
+                                                            &length,
+                                                            plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(dest, length, &byteArrays[i], plContext));
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    }
+
+    /* ---------------------------- */
+    subTest("Create a copy string from each bytearray");
+    for (i = 0; i < size; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_UTF16, *(void **)byteArrays[i], 6,
+                                                        &utf16strings[i], plContext));
+    }
+
+    /* ---------------------------- */
+    subTest("Compare each original string with the copy");
+    for (i = 0; i < size; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)strings[i],
+                                                        (PKIX_PL_Object *)utf16strings[i],
+                                                        &result,
+                                                        plContext));
+        if (result == 0)
+            testError("Strings do not match");
+    }
+
+    /* ---------------------------- */
+    subTest("Put each string into a Hashtable");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(size /
+                                                           2,
+                                                       0, &ht, plContext));
+
+    for (i = 0; i < size; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)strings[i],
+                                                          &hashcode,
+                                                          plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+                                                        (void *)&hashcode,
+                                                        (void *)strings[i],
+                                                        plContext));
+    }
+
+    /* ---------------------------- */
+    subTest("Compare each copy string with the hashtable entries ");
+    for (i = 0; i < size; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)utf16strings[i],
+                                                          &hashcode,
+                                                          plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+                                                           (void *)&hashcode,
+                                                           (PKIX_PL_Object **)&tempString,
+                                                           plContext));
+
+        if (tempString == NULL)
+            testError("String not found in hashtable");
+        else {
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)tempString,
+                                                            (PKIX_PL_Object *)utf16strings[i],
+                                                            &result,
+                                                            plContext));
+            if (result == 0)
+                testError("Strings do not match");
+            PKIX_TEST_DECREF_BC(tempString);
+        }
+    }
+
+cleanup:
+
+    /* ---------------------------- */
+    subTest("Destroy All Objects");
+
+    PKIX_TEST_DECREF_AC(ht);
+
+    for (i = 0; i < size; i++) {
+        PKIX_TEST_DECREF_AC(strings[i]);
+        PKIX_TEST_DECREF_AC(utf16strings[i]);
+        PKIX_TEST_DECREF_AC(byteArrays[i]);
+    }
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Stress Test");
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_bigint.c b/nss/cmd/libpkix/pkix_pl/system/test_bigint.c
new file mode 100644
index 0000000..85b98ee
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_bigint.c
@@ -0,0 +1,190 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_bigint.c
+ *
+ * Tests BigInt Types
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createBigInt(
+    PKIX_PL_BigInt **bigInts,
+    char *bigIntAscii,
+    PKIX_Boolean errorHandling)
+{
+    PKIX_PL_String *bigIntString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                    bigIntAscii,
+                                                    PL_strlen(bigIntAscii),
+                                                    &bigIntString,
+                                                    plContext));
+
+    if (errorHandling) {
+        PKIX_TEST_EXPECT_ERROR(PKIX_PL_BigInt_Create(bigIntString,
+                                                     bigInts,
+                                                     plContext));
+    } else {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_BigInt_Create(bigIntString,
+                                                        bigInts,
+                                                        plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(bigIntString);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testToString(
+    PKIX_PL_BigInt *bigInt,
+    char *expAscii)
+{
+    PKIX_PL_String *bigIntString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)bigInt,
+                                                      &bigIntString, plContext));
+
+    temp = PKIX_String2ASCII(bigIntString, plContext);
+    if (temp == plContext) {
+        testError("PKIX_String2Ascii failed");
+        goto cleanup;
+    }
+
+    if (PL_strcmp(temp, expAscii) != 0) {
+        (void)printf("\tBigInt ToString: %s %s\n", temp, expAscii);
+        testError("Output string does not match source");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(bigIntString);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCompare(
+    PKIX_PL_BigInt *firstBigInt,
+    PKIX_PL_BigInt *secondBigInt,
+    PKIX_Int32 *cmpResult)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)firstBigInt,
+                                                     (PKIX_PL_Object *)secondBigInt,
+                                                     cmpResult, plContext));
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_BigInt *bigInt)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(bigInt);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_bigint(int argc, char *argv[])
+{
+
+    PKIX_UInt32 size = 4, badSize = 3, i = 0;
+    PKIX_PL_BigInt *testBigInt[4] = { NULL };
+    PKIX_Int32 cmpResult;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    char *bigIntValue[4] =
+        {
+          "03",
+          "ff",
+          "1010101010101010101010101010101010101010",
+          "1010101010101010101010101010101010101010",
+        };
+
+    char *badValue[3] = { "00ff", "fff", "-ff" };
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("BigInts");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    for (i = 0; i < badSize; i++) {
+        subTest("PKIX_PL_BigInt_Create <error_handling>");
+        createBigInt(&testBigInt[i], badValue[i], PKIX_TRUE);
+    }
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_BigInt_Create");
+        createBigInt(&testBigInt[i], bigIntValue[i], PKIX_FALSE);
+    }
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(testBigInt[2],
+                                testBigInt[3],
+                                testBigInt[1],
+                                bigIntValue[2],
+                                BigInt,
+                                PKIX_TRUE);
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_BigInt_ToString");
+        testToString(testBigInt[i], bigIntValue[i]);
+    }
+
+    subTest("PKIX_PL_BigInt_Compare <gt>");
+    testCompare(testBigInt[2], testBigInt[1], &cmpResult);
+    if (cmpResult <= 0) {
+        testError("Invalid Result from String Compare");
+    }
+
+    subTest("PKIX_PL_BigInt_Compare <lt>");
+    testCompare(testBigInt[1], testBigInt[2], &cmpResult);
+    if (cmpResult >= 0) {
+        testError("Invalid Result from String Compare");
+    }
+
+    subTest("PKIX_PL_BigInt_Compare <eq>");
+    testCompare(testBigInt[2], testBigInt[3], &cmpResult);
+    if (cmpResult != 0) {
+        testError("Invalid Result from String Compare");
+    }
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_BigInt_Destroy");
+        testDestroy(testBigInt[i]);
+    }
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    endTests("BigInt");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c b/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c
new file mode 100644
index 0000000..402685b
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_bytearray.c
@@ -0,0 +1,231 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_bytearray.c
+ *
+ * Tests ByteArray types.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createByteArray(
+    PKIX_PL_ByteArray **byteArray,
+    char *bytes,
+    PKIX_UInt32 length)
+{
+    PKIX_TEST_STD_VARS();
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create((void *)bytes,
+                                                       length,
+                                                       byteArray,
+                                                       plContext));
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testZeroLength(void)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    void *array = NULL;
+    PKIX_UInt32 length = 2;
+
+    PKIX_TEST_STD_VARS();
+
+    createByteArray(&byteArray, NULL, 0);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &length, plContext));
+    if (length != 0) {
+        testError("Length should be zero");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, &array, plContext));
+    if (array) {
+        testError("Array should be NULL");
+    }
+
+    testToStringHelper((PKIX_PL_Object *)byteArray, "[]", plContext);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(byteArray);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testToString(
+    PKIX_PL_ByteArray *byteArray,
+    char *expAscii)
+{
+    PKIX_PL_String *string = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)byteArray,
+                                                      &string, plContext));
+
+    temp = PKIX_String2ASCII(string, plContext);
+    if (temp == NULL) {
+        testError("PKIX_String2Ascii failed");
+        goto cleanup;
+    }
+
+    if (PL_strcmp(temp, expAscii) != 0) {
+        (void)printf("\tByteArray ToString: %s %s\n", temp, expAscii);
+        testError("Output string does not match source");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(string);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetLength(
+    PKIX_PL_ByteArray *byteArray,
+    PKIX_UInt32 expLength)
+{
+    PKIX_UInt32 arrayLength;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetLength(byteArray, &arrayLength, plContext));
+
+    if (arrayLength != expLength) {
+        (void)printf("\tByteArray GetLength: %d %d\n",
+                     arrayLength, expLength);
+        testError("Incorrect Array Length returned");
+    }
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetPointer(
+    PKIX_PL_ByteArray *byteArray,
+    char *expBytes,
+    PKIX_UInt32 arrayLength)
+{
+    char *temp = NULL;
+    PKIX_UInt32 j;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_GetPointer(byteArray, (void **)&temp, plContext));
+
+    for (j = 0; j < arrayLength; j++) {
+        if (temp[j] != expBytes[j]) {
+            testError("Incorrect Byte Array Contents");
+        }
+    }
+
+cleanup:
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    PKIX_TEST_RETURN();
+}
+
+void
+testDestroy(
+    PKIX_PL_ByteArray *byteArray)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(byteArray);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_bytearray(int argc, char *argv[])
+{
+
+    PKIX_PL_ByteArray *testByteArray[4];
+
+    PKIX_UInt32 i, size = 4;
+    PKIX_UInt32 lengths[4] = { 5, 6, 1, 5 };
+    char dArray0[5] = { 1, 2, 3, 4, 5 };
+    unsigned char dArray1[6] = { 127, 128, 129, 254, 255, 0 };
+    char dArray2[1] = { 100 };
+    char dArray3[5] = { 1, 2, 3, 4, 5 };
+
+    char *expected[4] = {
+        "[001, 002, 003, 004, 005]",
+        "[127, 128, 129, 254, 255, 000]",
+        "[100]",
+        "[001, 002, 003, 004, 005]"
+    };
+
+    char *dummyArray[4];
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    dummyArray[0] = dArray0;
+    dummyArray[1] = (char *)dArray1;
+    dummyArray[2] = dArray2;
+    dummyArray[3] = dArray3;
+
+    startTests("ByteArrays");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_ByteArray_Create <zero length>");
+    testZeroLength();
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_ByteArray_Create");
+        createByteArray(&testByteArray[i], dummyArray[i], lengths[i]);
+    }
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(testByteArray[0],
+                                testByteArray[3],
+                                testByteArray[1],
+                                "[001, 002, 003, 004, 005]",
+                                ByteArray,
+                                PKIX_TRUE);
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_ByteArray_ToString");
+        testToString(testByteArray[i], expected[i]);
+    }
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_ByteArray_GetLength");
+        testGetLength(testByteArray[i], lengths[i]);
+    }
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_ByteArray_GetPointer");
+        testGetPointer(testByteArray[i], dummyArray[i], lengths[i]);
+    }
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_ByteArray_Destroy");
+        testDestroy(testByteArray[i]);
+    }
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    endTests("ByteArray");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c b/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c
new file mode 100644
index 0000000..663bfc9
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_hashtable.c
@@ -0,0 +1,380 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_hashtable.c
+ *
+ * Tests Hashtables
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createHashTables(
+    PKIX_PL_HashTable **ht,
+    PKIX_PL_HashTable **ht2,
+    PKIX_PL_HashTable **ht3,
+    PKIX_PL_HashTable **ht4)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 0, ht, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(5, 0, ht2, plContext));
+
+    /* at most two entries per bucket */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Create(1, 2, ht4, plContext));
+
+    *ht3 = *ht;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*ht3, plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAdd(
+    PKIX_PL_HashTable *ht,
+    PKIX_PL_HashTable *ht2,
+    PKIX_PL_String **testString,
+    PKIX_PL_String **testString2,
+    PKIX_PL_String **testString3,
+    PKIX_PL_OID **testOID)
+{
+    char *dummyString = "test string 1";
+    char *dummyString2 = "test string 2";
+    char *dummyString3 = "test string 3";
+    char *dummyOID = "2.11.22222.33333";
+
+    PKIX_TEST_STD_VARS();
+
+    /* Make some dummy objects */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        dummyString,
+        PL_strlen(dummyString),
+        testString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        dummyString2,
+        PL_strlen(dummyString2),
+        testString2,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        dummyString3,
+        PL_strlen(dummyString3),
+        testString3,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(dummyOID, testOID, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+                                                    (PKIX_PL_Object *)*testString,
+                                                    (PKIX_PL_Object *)*testString2,
+                                                    plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+                                                    (PKIX_PL_Object *)*testString,
+                                                    (PKIX_PL_Object *)*testString2,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+                                                    (PKIX_PL_Object *)*testString2,
+                                                    (PKIX_PL_Object *)*testString,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+                                                    (PKIX_PL_Object *)*testString2,
+                                                    (PKIX_PL_Object *)*testString,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+                                                    (PKIX_PL_Object *)*testOID,
+                                                    (PKIX_PL_Object *)*testOID,
+                                                    plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht2,
+                                                    (PKIX_PL_Object *)*testOID,
+                                                    (PKIX_PL_Object *)*testOID,
+                                                    plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testAddFIFO(
+    PKIX_PL_HashTable *ht,
+    PKIX_PL_String **testString,
+    PKIX_PL_String **testString2,
+    PKIX_PL_String **testString3)
+{
+    PKIX_PL_String *targetString = NULL;
+    PKIX_Boolean cmpResult;
+
+    PKIX_TEST_STD_VARS();
+
+    /*
+         * ht is created as one bucket, two entries per bucket. Since we add
+         * three items to the ht, we expect the first one to be deleted.
+         */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+                                                    (PKIX_PL_Object *)*testString,
+                                                    (PKIX_PL_Object *)*testString,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+                                                    (PKIX_PL_Object *)*testString2,
+                                                    (PKIX_PL_Object *)*testString2,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Add(ht,
+                                                    (PKIX_PL_Object *)*testString3,
+                                                    (PKIX_PL_Object *)*testString3,
+                                                    plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+                                                       (PKIX_PL_Object *)*testString,
+                                                       (PKIX_PL_Object **)&targetString,
+                                                       plContext));
+    if (targetString != NULL) {
+        testError("HashTable_Lookup retrieved a supposed deleted item");
+        PKIX_TEST_DECREF_BC(targetString);
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+                                                       (PKIX_PL_Object *)*testString3,
+                                                       (PKIX_PL_Object **)&targetString,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+        (PKIX_PL_Object *)targetString,
+        (PKIX_PL_Object *)*testString3,
+        &cmpResult,
+        plContext));
+    if (cmpResult != PKIX_TRUE) {
+        testError("HashTable_Lookup failed");
+    }
+    PKIX_TEST_DECREF_BC(targetString);
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testLookup(
+    PKIX_PL_HashTable *ht,
+    PKIX_PL_HashTable *ht2,
+    PKIX_PL_String *testString,
+    PKIX_PL_String *testString2,
+    PKIX_PL_String *testString3,
+    PKIX_PL_OID *testOID)
+{
+    PKIX_PL_String *targetString = NULL;
+    PKIX_PL_String *targetOID = NULL;
+    PKIX_Boolean cmpResult;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+                                                       (PKIX_PL_Object *)testString,
+                                                       (PKIX_PL_Object **)&targetString,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+        (PKIX_PL_Object *)targetString,
+        (PKIX_PL_Object *)testString2,
+        &cmpResult,
+        plContext));
+    if (cmpResult != PKIX_TRUE) {
+        testError("HashTable_Lookup failed");
+    }
+    PKIX_TEST_DECREF_BC(targetString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+                                                       (PKIX_PL_Object *)testString,
+                                                       (PKIX_PL_Object **)&targetString,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+        (PKIX_PL_Object *)targetString,
+        (PKIX_PL_Object *)testString2,
+        &cmpResult,
+        plContext));
+    if (cmpResult != PKIX_TRUE) {
+        testError("HashTable_Lookup failed");
+    }
+    PKIX_TEST_DECREF_BC(targetString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+                                                       (PKIX_PL_Object *)testString2,
+                                                       (PKIX_PL_Object **)&targetString,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+        (PKIX_PL_Object *)targetString,
+        (PKIX_PL_Object *)testString,
+        &cmpResult,
+        plContext));
+    if (cmpResult != PKIX_TRUE) {
+        testError("HashTable_Lookup failed");
+    }
+    PKIX_TEST_DECREF_BC(targetString);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+                                                       (PKIX_PL_Object *)testOID,
+                                                       (PKIX_PL_Object **)&targetOID,
+                                                       plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+        (PKIX_PL_Object *)targetOID,
+        (PKIX_PL_Object *)testOID,
+        &cmpResult,
+        plContext));
+    if (cmpResult != PKIX_TRUE) {
+        testError("HashTable_Lookup failed");
+    }
+    PKIX_TEST_DECREF_BC(targetString);
+    PKIX_TEST_DECREF_BC(targetOID);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht2,
+                                                       (PKIX_PL_Object *)testOID,
+                                                       (PKIX_PL_Object **)&targetOID,
+                                                       plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)targetOID, &targetString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(
+        (PKIX_PL_Object *)targetOID,
+        (PKIX_PL_Object *)testOID,
+        &cmpResult,
+        plContext));
+    if (cmpResult != PKIX_TRUE) {
+        testError("HashTable_Lookup failed");
+    }
+    PKIX_TEST_DECREF_BC(targetString);
+    PKIX_TEST_DECREF_BC(targetOID);
+
+    (void)printf("Looking up item not in HashTable.\n");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Lookup(ht,
+                                                       (PKIX_PL_Object *)testString3,
+                                                       (PKIX_PL_Object **)&targetString,
+                                                       plContext));
+    if (targetString == NULL)
+        (void)printf("\tCorrectly returned NULL.\n");
+    else
+        testError("Hashtable did not return NULL value as expected");
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testRemove(
+    PKIX_PL_HashTable *ht,
+    PKIX_PL_HashTable *ht2,
+    PKIX_PL_String *testString,
+    PKIX_PL_String *testString2,
+    PKIX_PL_OID *testOID)
+{
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht,
+                                                       (PKIX_PL_Object *)testString,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht,
+                                                       (PKIX_PL_Object *)testOID,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_HashTable_Remove(ht2,
+                                                       (PKIX_PL_Object *)testString2,
+                                                       plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_HashTable_Remove(ht,
+                                                    (PKIX_PL_Object *)testString,
+                                                    plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_HashTable *ht,
+    PKIX_PL_HashTable *ht2,
+    PKIX_PL_HashTable *ht3,
+    PKIX_PL_HashTable *ht4)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(ht);
+    PKIX_TEST_DECREF_BC(ht2);
+    PKIX_TEST_DECREF_BC(ht3);
+    PKIX_TEST_DECREF_BC(ht4);
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+int
+test_hashtable(int argc, char *argv[])
+{
+
+    PKIX_PL_HashTable *ht, *ht2, *ht3, *ht4;
+    PKIX_PL_String *testString, *testString2, *testString3;
+    PKIX_PL_OID *testOID;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("HashTables");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_HashTable_Create");
+    createHashTables(&ht, &ht2, &ht3, &ht4);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(ht,
+                                ht3,
+                                ht2,
+                                NULL,
+                                HashTable,
+                                PKIX_FALSE);
+
+    subTest("PKIX_PL_HashTable_Add");
+    testAdd(ht, ht2, &testString, &testString2, &testString3, &testOID);
+
+    subTest("PKIX_PL_HashTable_ADD - with Bucket Size limit");
+    testAddFIFO(ht4, &testString, &testString2, &testString3);
+
+    subTest("PKIX_PL_HashTable_Lookup");
+    testLookup(ht, ht2, testString, testString2, testString3, testOID);
+
+    subTest("PKIX_PL_HashTable_Remove");
+    testRemove(ht, ht2, testString, testString2, testOID);
+
+    PKIX_TEST_DECREF_BC(testString);
+    PKIX_TEST_DECREF_BC(testString2);
+    PKIX_TEST_DECREF_BC(testString3);
+    PKIX_TEST_DECREF_BC(testOID);
+
+    subTest("PKIX_PL_HashTable_Destroy");
+    testDestroy(ht, ht2, ht3, ht4);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    endTests("BigInt");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_mem.c b/nss/cmd/libpkix/pkix_pl/system/test_mem.c
new file mode 100644
index 0000000..3a4e5f7
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_mem.c
@@ -0,0 +1,133 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mem.c
+ *
+ * Tests Malloc, Realloc and Free
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+testMalloc(PKIX_UInt32 **array)
+{
+    PKIX_UInt32 i, arraySize = 10;
+    PKIX_TEST_STD_VARS();
+
+    /* Create an integer array of size 10 */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
+        (PKIX_UInt32)(arraySize * sizeof(unsigned int)),
+        (void **)array, plContext));
+
+    /* Fill in some values */
+    (void)printf("Setting array[i] = i...\n");
+    for (i = 0; i < arraySize; i++) {
+        (*array)[i] = i;
+        if ((*array)[i] != i)
+            testError("Array has incorrect contents");
+    }
+
+    /* Memory now reflects changes */
+    (void)printf("\tArray: a[0] = %d, a[5] = %d, a[7] = %d.\n",
+                 (*array[0]), (*array)[5], (*array)[7]);
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testRealloc(PKIX_UInt32 **array)
+{
+    PKIX_UInt32 i, arraySize = 20;
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(*array,
+                                              (PKIX_UInt32)(arraySize *
+                                                            sizeof(unsigned int)),
+                                              (void **)array, plContext));
+
+    /* Fill in the new elements */
+    (void)printf("Setting new portion of array to a[i] = i...\n");
+    for (i = arraySize / 2; i < arraySize; i++) {
+        (*array)[i] = i;
+        if ((*array)[i] != i)
+            testError("Array has incorrect contents");
+    }
+
+    /* New elements should be reflected. The old should be the same */
+    (void)printf("\tArray: a[0] = %d, a[15] = %d, a[17] = %d.\n",
+                 (*array)[0], (*array)[15], (*array)[17]);
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testFree(PKIX_UInt32 *array)
+{
+
+    PKIX_TEST_STD_VARS();
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+int
+test_mem(int argc, char *argv[])
+{
+
+    unsigned int *array = NULL;
+    int arraySize = 10;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Memory Allocation");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_Malloc");
+    testMalloc(&array);
+
+    subTest("PKIX_PL_Realloc");
+    testRealloc(&array);
+
+    subTest("PKIX_PL_Free");
+    testFree(array);
+
+    /* --Negative Test Cases------------------- */
+    /* Create an integer array of size 10 */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(
+        (PKIX_UInt32)(arraySize * sizeof(unsigned int)),
+        (void **)&array, plContext));
+
+    (void)printf("Attempting to reallocate 0 sized memory...\n");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Realloc(array, 0, (void **)&array, plContext));
+
+    (void)printf("Attempting to allocate to null pointer...\n");
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Malloc(10, NULL, plContext));
+
+    (void)printf("Attempting to reallocate to null pointer...\n");
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Realloc(NULL, 10, NULL, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(array, plContext));
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    endTests("Memory Allocation");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c b/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c
new file mode 100644
index 0000000..2197425
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_monitorlock.c
@@ -0,0 +1,104 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_monitorlock.c
+ *
+ * Tests basic MonitorLock object functionality. No multi-threading.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createMonitorLockes(
+    PKIX_PL_MonitorLock **monitorLock,
+    PKIX_PL_MonitorLock **monitorLock2,
+    PKIX_PL_MonitorLock **monitorLock3)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Create(monitorLock2, plContext));
+
+    *monitorLock3 = *monitorLock;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*monitorLock3, plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testLock(PKIX_PL_MonitorLock *monitorLock)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Enter(monitorLock, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_MonitorLock_Exit(monitorLock, plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_MonitorLock *monitorLock,
+    PKIX_PL_MonitorLock *monitorLock2,
+    PKIX_PL_MonitorLock *monitorLock3)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(monitorLock);
+    PKIX_TEST_DECREF_BC(monitorLock2);
+    PKIX_TEST_DECREF_BC(monitorLock3);
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+int
+test_monitorlock(int argc, char *argv[])
+{
+
+    PKIX_PL_MonitorLock *monitorLock, *monitorLock2, *monitorLock3;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("MonitorLocks");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_MonitorLock_Create");
+    createMonitorLockes(&monitorLock, &monitorLock2, &monitorLock3);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(monitorLock,
+                                monitorLock3,
+                                monitorLock2,
+                                NULL,
+                                MonitorLock,
+                                PKIX_FALSE);
+
+    subTest("PKIX_PL_MonitorLock_Lock/Unlock");
+    testLock(monitorLock);
+
+    subTest("PKIX_PL_MonitorLock_Destroy");
+    testDestroy(monitorLock, monitorLock2, monitorLock3);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("MonitorLockes");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_mutex.c b/nss/cmd/libpkix/pkix_pl/system/test_mutex.c
new file mode 100644
index 0000000..bb0e7a0
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_mutex.c
@@ -0,0 +1,102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mutex.c
+ *
+ * Tests basic mutex object functionality. No multi-threading.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createMutexes(
+    PKIX_PL_Mutex **mutex,
+    PKIX_PL_Mutex **mutex2,
+    PKIX_PL_Mutex **mutex3)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(mutex2, plContext));
+
+    *mutex3 = *mutex;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef((PKIX_PL_Object *)*mutex3, plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testLock(PKIX_PL_Mutex *mutex)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Lock(mutex, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Unlock(mutex, plContext));
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_Mutex *mutex,
+    PKIX_PL_Mutex *mutex2,
+    PKIX_PL_Mutex *mutex3)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(mutex);
+    PKIX_TEST_DECREF_BC(mutex2);
+    PKIX_TEST_DECREF_BC(mutex3);
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+int
+test_mutex(int argc, char *argv[])
+{
+
+    PKIX_PL_Mutex *mutex, *mutex2, *mutex3;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Mutexes");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_Mutex_Create");
+    createMutexes(&mutex, &mutex2, &mutex3);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(mutex,
+                                mutex3,
+                                mutex2,
+                                NULL,
+                                Mutex,
+                                PKIX_FALSE);
+
+    subTest("PKIX_PL_Mutex_Lock/Unlock");
+    testLock(mutex);
+
+    subTest("PKIX_PL_Mutex_Destroy");
+    testDestroy(mutex, mutex2, mutex3);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Mutexes");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c b/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c
new file mode 100644
index 0000000..197eba2
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_mutex2.c
@@ -0,0 +1,166 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mutex2.c
+ *
+ * Tests multi-threaded functionality of Mutex
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static int box1 = 0, box2 = 0, box3 = 0;
+static PKIX_PL_Mutex *mutex;
+static PRCondVar *cv;
+static void *plContext = NULL;
+
+static void
+consumer(/* ARGSUSED */ void *arg)
+{
+    PRStatus status = PR_SUCCESS;
+    PKIX_Error *errorResult;
+    int i = 0;
+    for (i = 0; i < 5; i++) {
+        (void)PKIX_PL_Mutex_Lock(mutex, plContext);
+        while (((box1 == 0) ||
+                (box2 == 0) ||
+                (box3 == 0)) &&
+               (status == PR_SUCCESS))
+            status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
+
+        (void)printf("\tConsumer got Box1 = %d ", box1);
+        box1 = 0;
+        (void)printf("Box2 = %d ", box2);
+        box2 = 0;
+        (void)printf("Box3 = %d\n", box3);
+        box3 = 0;
+
+        status = PR_NotifyAllCondVar(cv);
+        if (status == PR_FAILURE)
+            (void)printf("Consumer error while notifying condvar\n");
+        errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+        if (errorResult)
+            testError("PKIX_PL_Mutex_Unlock failed");
+    }
+    (void)printf("Consumer exiting...\n");
+}
+
+static void
+producer(void *arg)
+{
+    PRStatus status = PR_SUCCESS;
+    int value = *(int *)arg;
+    int i = 0;
+    int *box;
+    PKIX_Error *errorResult;
+    if (value == 10)
+        box = &box1;
+    else if (value == 20)
+        box = &box2;
+    else if (value == 30)
+        box = &box3;
+
+    for (i = 0; i < 5; i++) {
+        (void)PKIX_PL_Mutex_Lock(mutex, plContext);
+        while ((*box != 0) && (status == PR_SUCCESS))
+            status = PR_WaitCondVar(cv, PR_INTERVAL_NO_TIMEOUT);
+
+        *box = i + 1;
+        (void)printf("\tProducer %d put value: %d\n", value, *box);
+
+        status = PR_NotifyAllCondVar(cv);
+        if (status == PR_FAILURE)
+            (void)printf("Producer %d error while notifying condvar\n",
+                         value);
+        errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+        if (errorResult)
+            testError("PKIX_PL_Mutex_Unlock failed");
+    }
+}
+
+int
+test_mutex2(int argc, char *argv[])
+{
+
+    PRThread *consThread, *prodThread, *prodThread2, *prodThread3;
+    int x = 10, y = 20, z = 30;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Mutex and Threads");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    (void)printf("Attempting to create new mutex...\n");
+    subTest("Mutex Creation");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
+
+    cv = PR_NewCondVar(*(PRLock **)mutex);
+
+    subTest("Starting consumer thread");
+    consThread = PR_CreateThread(PR_USER_THREAD,
+                                 consumer,
+                                 NULL,
+                                 PR_PRIORITY_NORMAL,
+                                 PR_LOCAL_THREAD,
+                                 PR_JOINABLE_THREAD,
+                                 0);
+
+    subTest("Starting producer thread 1");
+    prodThread = PR_CreateThread(PR_USER_THREAD,
+                                 producer,
+                                 &x,
+                                 PR_PRIORITY_NORMAL,
+                                 PR_LOCAL_THREAD,
+                                 PR_JOINABLE_THREAD,
+                                 0);
+
+    subTest("Starting producer thread 2");
+    prodThread2 = PR_CreateThread(PR_USER_THREAD,
+                                  producer,
+                                  &y,
+                                  PR_PRIORITY_NORMAL,
+                                  PR_LOCAL_THREAD,
+                                  PR_JOINABLE_THREAD,
+                                  0);
+
+    subTest("Starting producer thread 3");
+    prodThread3 = PR_CreateThread(PR_USER_THREAD,
+                                  producer,
+                                  &z,
+                                  PR_PRIORITY_NORMAL,
+                                  PR_LOCAL_THREAD,
+                                  PR_JOINABLE_THREAD,
+                                  0);
+
+    PR_JoinThread(consThread);
+
+    (void)PR_DestroyCondVar(cv);
+    PKIX_TEST_DECREF_BC(mutex);
+
+    /*
+         * Note: we should also be freeing each thread's stack, but we
+         * don't have access to the prodThread->stack variable (since
+         * it is not exported). As a result, we have 120 bytes of memory
+         * leakage.
+         */
+
+    PR_Free(prodThread);
+    PR_Free(prodThread2);
+    PR_Free(prodThread3);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Mutex and Threads");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c b/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c
new file mode 100644
index 0000000..9f42f62
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_mutex3.c
@@ -0,0 +1,104 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_mutex3.c
+ *
+ * Tests multi-threaded functionality of Mutex
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static PKIX_PL_Mutex *mutex;
+static void *plContext = NULL;
+
+static void
+t1(/* ARGSUSED */ void *arg)
+{
+    PKIX_Error *errorResult;
+
+    (void)printf("t1 acquiring lock...\n");
+    errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
+    if (errorResult)
+        testError("PKIX_PL_Mutex_Lock failed");
+
+    (void)printf("t1 sleeplng for 3 seconds\n");
+    PR_Sleep(PR_SecondsToInterval(3));
+    (void)printf("t1 releasing lock...\n");
+
+    errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+    if (errorResult)
+        testError("PKIX_PL_Mutex_Unlock failed");
+
+    (void)printf("t1 exiting...\n");
+}
+
+static void
+t2(/* ARGSUSED */ void *arg)
+{
+    PKIX_Error *errorResult;
+
+    (void)printf("t2 acquiring lock...\n");
+    errorResult = PKIX_PL_Mutex_Lock(mutex, plContext);
+    if (errorResult)
+        testError("PKIX_PL_Mutex_Lock failed");
+
+    (void)printf("t2 releasing lock...\n");
+    errorResult = PKIX_PL_Mutex_Unlock(mutex, plContext);
+    if (errorResult)
+        testError("PKIX_PL_Mutex_Unlock failed");
+
+    (void)printf("t2 exiting...\n");
+}
+
+int
+test_mutex3(int argc, char *argv[])
+{
+    PRThread *thread, *thread2;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Mutex and Threads");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("Mutex Creation");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Mutex_Create(&mutex, plContext));
+
+    subTest("Starting thread");
+    thread = PR_CreateThread(PR_USER_THREAD,
+                             t1,
+                             NULL,
+                             PR_PRIORITY_NORMAL,
+                             PR_LOCAL_THREAD,
+                             PR_JOINABLE_THREAD,
+                             0);
+
+    thread2 = PR_CreateThread(PR_USER_THREAD,
+                              t2,
+                              NULL,
+                              PR_PRIORITY_NORMAL,
+                              PR_LOCAL_THREAD,
+                              PR_JOINABLE_THREAD,
+                              0);
+
+    PR_JoinThread(thread2);
+    PR_JoinThread(thread);
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(mutex);
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Mutex and Threads");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_object.c b/nss/cmd/libpkix/pkix_pl/system/test_object.c
new file mode 100644
index 0000000..ebb691b
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_object.c
@@ -0,0 +1,281 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_object.c
+ *
+ * Test Object Allocation, toString, Equals, Destruction
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static PKIX_Error *
+destructor(
+    /* ARGSUSED */ PKIX_PL_Object *object,
+    /* ARGSUSED */ void *plContext)
+{
+    (void)printf("\tUser defined destructor called\n");
+    return (NULL);
+}
+
+static PKIX_Error *
+toStringCallback(
+    PKIX_PL_Object *obj,
+    PKIX_PL_String **pString,
+    /* ARGSUSED */ void *plContext)
+{
+
+    PKIX_Error *errorResult;
+    PKIX_UInt32 type;
+    char *format = "(addr: %x, type: %d)";
+    PKIX_PL_String *formatString = NULL;
+
+    errorResult = PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        format,
+        PL_strlen(format),
+        &formatString,
+        plContext);
+    if (errorResult)
+        testError("PKIX_PL_String_Create failed");
+
+    if (pString == plContext)
+        testError("Null String");
+
+    type = (unsigned int)0;
+
+    (void)PKIX_PL_Object_GetType(obj, &type, plContext);
+
+    errorResult = PKIX_PL_Sprintf(pString, plContext,
+                                  formatString,
+                                  (int)obj, type);
+    if (errorResult)
+        testError("PKIX_PL_Sprintf failed");
+
+    errorResult = PKIX_PL_Object_DecRef((PKIX_PL_Object *)formatString,
+                                        plContext);
+    if (errorResult)
+        testError("PKIX_PL_Object_DecRef failed");
+
+    return (NULL);
+}
+
+static PKIX_Error *
+comparator(
+    PKIX_PL_Object *first,
+    PKIX_PL_Object *second,
+    PKIX_Int32 *pValue,
+    /* ARGSUSED */ void *plContext)
+{
+    if (*(char *)first > *(char *)second)
+        *pValue = 1;
+    else if (*(char *)first < *(char *)second)
+        *pValue = -1;
+    else
+        *pValue = 0;
+    return (NULL);
+}
+
+static PKIX_Error *
+hashcodeCallback(
+    PKIX_PL_Object *object,
+    PKIX_UInt32 *pValue,
+    /* ARGSUSED */ void *plContext)
+{
+    *pValue = 123456789;
+    return (NULL);
+}
+
+static PKIX_Error *
+equalsCallback(
+    PKIX_PL_Object *first,
+    PKIX_PL_Object *second,
+    PKIX_Boolean *result,
+    void *plContext)
+{
+
+    PKIX_UInt32 firstType = 0, secondType = 0;
+
+    if ((first == plContext) || (second == plContext))
+        testError("Null Object");
+
+    (void)PKIX_PL_Object_GetType(first, &firstType, plContext);
+
+    (void)PKIX_PL_Object_GetType(second, &secondType, plContext);
+
+    *result = (firstType == secondType) ? PKIX_TRUE : PKIX_FALSE;
+
+    return (NULL);
+}
+
+static void
+createObjects(
+    PKIX_PL_Object **obj,
+    PKIX_PL_Object **obj2,
+    PKIX_PL_Object **obj3,
+    PKIX_PL_Object **obj4)
+{
+    PKIX_TEST_STD_VARS();
+
+#ifdef PKIX_USER_OBJECT_TYPE
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(1000,       /* type */
+                                                          "thousand", /* description */
+                                                          NULL,       /* destructor */
+                                                          NULL,       /* equals */
+                                                          (PKIX_PL_HashcodeCallback)hashcodeCallback,
+                                                          NULL, /* toString */
+                                                          NULL, /* Comparator */
+                                                          NULL,
+                                                          plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(1000, /* type */
+                                                   12,   /* size */
+                                                   obj,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_RegisterType(2000, /* type */
+                                                          "two thousand" /* description */,
+                                                          (PKIX_PL_DestructorCallback)destructor,
+                                                          (PKIX_PL_EqualsCallback)equalsCallback,
+                                                          NULL, /* hashcode */
+                                                          (PKIX_PL_ToStringCallback)toStringCallback,
+                                                          (PKIX_PL_ComparatorCallback)comparator,
+                                                          NULL,
+                                                          plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
+                                                   1,    /* size */
+                                                   obj2,
+                                                   plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Alloc(2000, /* type */
+                                                   1,    /* size */
+                                                   obj4,
+                                                   plContext));
+
+    *obj3 = *obj;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_IncRef(*obj3, plContext));
+
+cleanup:
+#endif /* PKIX_USER_OBJECT_TYPE */
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetType(
+    PKIX_PL_Object *obj,
+    PKIX_PL_Object *obj2,
+    PKIX_PL_Object *obj3)
+{
+    PKIX_UInt32 testType;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj, &testType, plContext));
+
+    if (testType != 1000)
+        testError("Object 1 returned the wrong type");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj2, &testType, plContext));
+    if (testType != 2000)
+        testError("Object 2 returned the wrong type");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_GetType(obj3, &testType, plContext));
+    if (testType != 1000)
+        testError("Object 3 returned the wrong type");
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCompare(
+    PKIX_PL_Object *obj2,
+    PKIX_PL_Object *obj4)
+{
+    PKIX_Int32 cmpResult;
+    PKIX_TEST_STD_VARS();
+
+    *(char *)obj2 = 0x20;
+    *(char *)obj4 = 0x10;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj2, obj4, &cmpResult, plContext));
+    if (cmpResult <= 0)
+        testError("Invalid Result from Object Compare");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj2, &cmpResult, plContext));
+    if (cmpResult >= 0)
+        testError("Invalid Result from Object Compare");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare(obj4, obj4, &cmpResult, plContext));
+
+    *(char *)obj2 = 0x10;
+    if (cmpResult != 0)
+        testError("Invalid Result from Object Compare");
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_Object *obj,
+    PKIX_PL_Object *obj2,
+    PKIX_PL_Object *obj3,
+    PKIX_PL_Object *obj4)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(obj);
+    PKIX_TEST_DECREF_BC(obj2);
+    PKIX_TEST_DECREF_BC(obj3);
+    PKIX_TEST_DECREF_BC(obj4);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_object(int argc, char *argv[])
+{
+
+#ifdef PKIX_USER_OBJECT_TYPE
+    PKIX_PL_Object *obj, *obj2, *obj3, *obj4;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Objects");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_Object_Create");
+    createObjects(&obj, &obj2, &obj3, &obj4);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(obj, obj3, obj2, NULL, Object, PKIX_FALSE);
+
+    subTest("PKIX_PL_Object_GetType");
+    testGetType(obj, obj2, obj3);
+
+    subTest("PKIX_PL_Object_Compare");
+    testCompare(obj2, obj4);
+
+    subTest("PKIX_PL_Object_Destroy");
+    testDestroy(obj, obj2, obj3, obj4);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    endTests("Objects");
+#endif /* PKIX_USER_OBJECT_TYPE */
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_oid.c b/nss/cmd/libpkix/pkix_pl/system/test_oid.c
new file mode 100644
index 0000000..09cddae
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_oid.c
@@ -0,0 +1,212 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_oid.c
+ *
+ * Test OID Types
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createOID(
+    PKIX_PL_OID **testOID,
+    char *oidAscii,
+    PKIX_Boolean errorHandling)
+{
+    PKIX_TEST_STD_VARS();
+
+    if (errorHandling) {
+        PKIX_TEST_EXPECT_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext));
+    } else {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_OID_Create(oidAscii, testOID, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testToString(
+    PKIX_PL_OID *oid,
+    char *expAscii)
+{
+    PKIX_PL_String *oidString = NULL;
+    char *temp = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)oid,
+                                                      &oidString, plContext));
+
+    temp = PKIX_String2ASCII(oidString, plContext);
+    if (temp == NULL) {
+        testError("PKIX_String2Ascii failed");
+        goto cleanup;
+    }
+
+    if (PL_strcmp(temp, expAscii) != 0) {
+        (void)printf("\tOid ToString: %s %s\n", temp, expAscii);
+        testError("Output string does not match source");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(oidString);
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testCompare(
+    PKIX_PL_OID *oid0,
+    PKIX_PL_OID *oid1,
+    PKIX_PL_OID *oid2,
+    PKIX_PL_OID *oid3)
+{
+    PKIX_Int32 cmpResult;
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid0,
+                                                     (PKIX_PL_Object *)oid1,
+                                                     &cmpResult, plContext));
+    if (cmpResult <= 0)
+        testError("Invalid Result from OID Compare");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+                                                     (PKIX_PL_Object *)oid0,
+                                                     &cmpResult, plContext));
+    if (cmpResult >= 0)
+        testError("Invalid Result from OID Compare");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+                                                     (PKIX_PL_Object *)oid2,
+                                                     &cmpResult, plContext));
+    if (cmpResult >= 0)
+        testError("Invalid Result from OID Compare");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid2,
+                                                     (PKIX_PL_Object *)oid1,
+                                                     &cmpResult, plContext));
+    if (cmpResult <= 0)
+        testError("Invalid Result from OID Compare");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Compare((PKIX_PL_Object *)oid1,
+                                                     (PKIX_PL_Object *)oid3,
+                                                     &cmpResult, plContext));
+    if (cmpResult != 0)
+        testError("Invalid Result from OID Compare");
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_OID *oid)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(oid);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_oid(int argc, char *argv[])
+{
+
+    PKIX_PL_OID *testOID[6] = { NULL };
+    PKIX_PL_OID *badTestOID = NULL;
+    PKIX_UInt32 i, size = 6;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    char *validOID[6] = {
+        "2.11.22222.33333",
+        "1.2.3.004.5.6.7",
+        "2.11.22222.33333",
+        "1.2.3.4.5.6.7",
+        "1.2.3",
+        "2.39.3"
+    };
+
+    char *expected[6] = {
+        "2.11.22222.33333",
+        "1.2.3.4.5.6.7",
+        "2.11.22222.33333",
+        "1.2.3.4.5.6.7",
+        "1.2.3",
+        "2.39.3"
+    };
+
+    char *badOID[11] = {
+        "1.2.4294967299",
+        "this. is. a. bad. oid",
+        "00a1000.002b",
+        "100.-5.10",
+        "1.2..3",
+        ".1.2.3",
+        "1.2.3.",
+        "00010.1.2.3",
+        "1.000041.2.3",
+        "000000000000000000000000000000000000000010.3.2",
+        "1"
+    };
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("OIDs");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_OID_Create");
+        createOID(&testOID[i], validOID[i], PKIX_FALSE);
+    }
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(testOID[0],
+                                testOID[2],
+                                testOID[1],
+                                NULL,
+                                OID,
+                                PKIX_FALSE);
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_OID_ToString");
+        testToString(testOID[i], expected[i]);
+    }
+
+    subTest("PKIX_PL_OID_Compare");
+    testCompare(testOID[0], testOID[1], testOID[2], testOID[3]);
+
+    for (i = 0; i < size; i++) {
+        subTest("PKIX_PL_OID_Destroy");
+        testDestroy(testOID[i]);
+    }
+
+    for (i = 0; i < 11; i++) {
+        subTest("PKIX_PL_OID Error Handling");
+        createOID(&badTestOID, badOID[i], PKIX_TRUE);
+    }
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    endTests("OIDs");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c b/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c
new file mode 100644
index 0000000..9c09d64
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_rwlock.c
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_rwlock.c
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static PKIX_PL_RWLock *rwlock = NULL, *rwlock2 = NULL, *rwlock3 = NULL;
+static PRThread *thread = NULL, *thread2 = NULL, *thread3 = NULL;
+static void *plContext = NULL;
+
+static void
+reader(void)
+{
+    PKIX_Error *errorResult;
+
+    errorResult = PKIX_PL_AcquireReaderLock(rwlock, NULL);
+    if (errorResult)
+        testError("PKIX_PL_AcquireReaderLock failed");
+
+    (void)printf("\t[Thread #1 Read Lock #1.]\n");
+    (void)printf("\t[Thread #1 Sleeplng for 1 seconds.]\n");
+    PR_Sleep(PR_SecondsToInterval(1));
+    PKIX_PL_ReleaseReaderLock(rwlock, NULL);
+    if (errorResult)
+        testError("PKIX_PL_ReleaseReaderLock failed");
+    (void)printf("\t[Thread #1 Read UNLock #1.]\n");
+}
+
+static void
+writer(void)
+{
+    PKIX_Error *errorResult;
+    /* This thread should stick here until lock 1 is released */
+    PKIX_PL_AcquireWriterLock(rwlock, NULL);
+    if (errorResult)
+        testError("PKIX_PL_AcquireWriterLock failed");
+
+    (void)printf("\t[Thread #2 Write Lock #1.]\n");
+
+    PKIX_PL_AcquireWriterLock(rwlock2, NULL);
+    if (errorResult)
+        testError("PKIX_PL_AcquireWriterLock failed");
+    (void)printf("\t[Thread #2 Write Lock #2.]\n");
+
+    (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
+    PR_Sleep(PR_SecondsToInterval(1));
+
+    PKIX_PL_ReleaseWriterLock(rwlock2, NULL);
+    if (errorResult)
+        testError("PKIX_PL_ReleaseWriterLock failed");
+    (void)printf("\t[Thread #2 Write UNLock #2.]\n");
+
+    (void)printf("\t[Thread #2 Sleeplng for 1 seconds.]\n");
+    PR_Sleep(PR_SecondsToInterval(1));
+
+    PKIX_PL_ReleaseWriterLock(rwlock, NULL);
+    if (errorResult)
+        testError("PKIX_PL_ReleaseWriterLock failed");
+    (void)printf("\t[Thread #2 Write UNLock #1.]\n");
+
+    PR_JoinThread(thread3);
+}
+
+static void
+reader2(void)
+{
+    PKIX_Error *errorResult;
+    /* Reader 2 should yield here until the writer is done */
+
+    PKIX_PL_AcquireReaderLock(rwlock2, NULL);
+    if (errorResult)
+        testError("PKIX_PL_AcquireReaderLock failed");
+
+    (void)printf("\t[Thread #3 Read Lock #2.]\n");
+
+    PKIX_PL_AcquireReaderLock(rwlock3, NULL);
+    if (errorResult)
+        testError("PKIX_PL_AcquireReaderLock failed");
+    (void)printf("\t[Thread #3 Read Lock #3.]\n");
+
+    (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
+    PR_Sleep(PR_SecondsToInterval(1));
+
+    PKIX_PL_ReleaseReaderLock(rwlock3, NULL);
+    if (errorResult)
+        testError("PKIX_PL_ReleaseReaderLock failed");
+    (void)printf("\t[Thread #3 Read UNLock #3.]\n");
+
+    (void)printf("\t[Thread #3 Sleeplng for 1 seconds.]\n");
+    PR_Sleep(PR_SecondsToInterval(1));
+
+    PKIX_PL_ReleaseReaderLock(rwlock2, NULL);
+    if (errorResult)
+        testError("PKIX_PL_ReleaseReaderLock failed");
+    (void)printf("\t[Thread #3 Read UNLock #2.]\n");
+}
+
+int
+test_rwlock()
+{
+    PKIX_PL_String *outputString = NULL;
+    PKIX_UInt32 j = 0;
+    PKIX_Boolean bool;
+    PKIX_UInt32 actualMinorVersion;
+
+    PKIX_TEST_STD_VARS();
+    startTests("RWLocks");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    (void)printf("Attempting to create new rwlock...\n");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock2, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_RWLock_Create(&rwlock3, plContext));
+
+    /* Test toString functionality */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString((PKIX_PL_Object *)rwlock, &outputString, plContext));
+
+    (void)printf("Testing RWLock toString: %s\n",
+                 PKIX_String2ASCII(outputString));
+
+    PKIX_TEST_DECREF_BC(outputString);
+
+    /* Call Equals on two different objects */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock,
+                                                    (PKIX_PL_Object *)rwlock2,
+                                                    &bool,
+                                                    plContext));
+
+    (void)printf("Testing RWLock Equals: %d (should be 0)\n", bool);
+
+    if (bool != 0)
+        testError("Error in RWLock_Equals");
+
+    /* Call Equals on two equal objects */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals((PKIX_PL_Object *)rwlock,
+                                                    (PKIX_PL_Object *)rwlock, &bool, plContext));
+
+    (void)printf("Testing RWLock Equals: %d (should be 1)\n", bool);
+    if (bool != 1)
+        testError("Error in RWLock_Equals");
+
+    subTest("Multi-Thread Read/Write Lock Testing");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_AcquireReaderLock(rwlock, plContext));
+    (void)printf("\t[Main Thread Read Lock #1.]\n");
+
+    thread = PR_CreateThread(PR_USER_THREAD,
+                             reader,
+                             NULL,
+                             PR_PRIORITY_NORMAL,
+                             PR_LOCAL_THREAD,
+                             PR_JOINABLE_THREAD,
+                             0);
+
+    thread2 = PR_CreateThread(PR_USER_THREAD,
+                              writer,
+                              NULL,
+                              PR_PRIORITY_NORMAL,
+                              PR_LOCAL_THREAD,
+                              PR_JOINABLE_THREAD,
+                              0);
+
+    thread3 = PR_CreateThread(PR_USER_THREAD,
+                              reader2,
+                              NULL,
+                              PR_PRIORITY_NORMAL,
+                              PR_LOCAL_THREAD,
+                              PR_JOINABLE_THREAD,
+                              0);
+
+    PR_JoinThread(thread);
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ReleaseReaderLock(rwlock, plContext));
+    (void)printf("\t[Main Thread Read Unlock #1.]\n");
+
+    PR_JoinThread(thread2);
+
+cleanup:
+
+    /* Test destructor */
+    subTest("Testing destructor...");
+    PKIX_TEST_DECREF_AC(rwlock);
+    PKIX_TEST_DECREF_AC(rwlock2);
+    PKIX_TEST_DECREF_AC(rwlock3);
+
+    pkixTestTempResult = PKIX_Shutdown(plContext);
+    if (pkixTestTempResult)
+        pkixTestErrorResult = pkixTestTempResult;
+
+    PKIX_TEST_RETURN();
+
+    endTests("RWLocks");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_string.c b/nss/cmd/libpkix/pkix_pl/system/test_string.c
new file mode 100644
index 0000000..9b84f94
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_string.c
@@ -0,0 +1,434 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_string.c
+ *
+ * Tests Strings.
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createString(
+    PKIX_PL_String **testString,
+    PKIX_UInt32 format,
+    char *stringAscii,
+    PKIX_UInt32 length)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(format, stringAscii, length, testString, plContext));
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+createStringOther(
+    PKIX_PL_String **testEscAscii,
+    PKIX_PL_String **testUtf16,
+    PKIX_PL_String **ampString,
+    PKIX_PL_String **testDebugAscii,
+    PKIX_PL_String **testNullString,
+    PKIX_UInt32 *utf16data)
+{
+    char *nullText = "Hi&#x0000; there!";
+
+    char *escAsciiString =
+        "&#x00A1;&#x00010000;&#x0FFF;&#x00100001;";
+
+    char *debugAsciiString =
+        "string with&#x000A;newlines and&#x0009;tabs";
+
+    char *utfAmp = "\x00&";
+
+    PKIX_TEST_STD_VARS();
+
+    createString(testEscAscii,
+                 PKIX_ESCASCII,
+                 escAsciiString,
+                 PL_strlen(escAsciiString));
+
+    createString(testUtf16, PKIX_UTF16, (char *)utf16data, 12);
+
+    createString(ampString, PKIX_UTF16, utfAmp, 2);
+
+    createString(testDebugAscii,
+                 PKIX_ESCASCII_DEBUG,
+                 debugAsciiString,
+                 PL_strlen(debugAsciiString));
+
+    createString(testNullString,
+                 PKIX_ESCASCII_DEBUG,
+                 nullText,
+                 PL_strlen(nullText));
+
+    goto cleanup;
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetEncoded(
+    PKIX_PL_String *testEscAscii,
+    PKIX_PL_String *testString0,
+    PKIX_PL_String *testDebugAscii,
+    PKIX_PL_String *testNullString,
+    PKIX_UInt32 *utf16data)
+{
+    char *temp = NULL;
+    void *dest = NULL;
+    void *dest2 = NULL;
+    char *plainText = "string with\nnewlines and\ttabs";
+    PKIX_UInt32 length, length2, i;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testEscAscii,
+                                                        PKIX_UTF16,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+    for (i = 0; i < length; i++) {
+        if (((char *)dest)[i] != ((char *)utf16data)[i]) {
+            testError("UTF-16 Data Differs from Source");
+            printf("%d-th char is different -%c-%c-\n", i,
+                   ((char *)dest)[i], ((char *)utf16data)[i]);
+        }
+    }
+
+    length = 0;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testNullString,
+                                                        PKIX_UTF16,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+
+    length = 0;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testString0,
+                                                        PKIX_ESCASCII_DEBUG,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testDebugAscii,
+                                                        PKIX_ESCASCII_DEBUG,
+                                                        &dest2,
+                                                        &length2,
+                                                        plContext));
+
+    for (i = 0; (i < length) && (i < length2); i++)
+        if (((char *)dest)[i] != ((char *)dest2)[i]) {
+            testError("Equivalent strings are unequal");
+            break;
+        }
+
+    length = 0;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    length2 = 0;
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest2, plContext));
+
+    temp = PKIX_String2ASCII(testDebugAscii, plContext);
+    if (temp) {
+        if (PL_strcmp(plainText, temp) != 0)
+            testError("Debugged ASCII does not match "
+                      "equivalent EscAscii");
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testSprintf(void)
+{
+    PKIX_Int32 x = 0xCAFE;
+    PKIX_Int32 y = -12345;
+    PKIX_PL_String *testString = NULL;
+    PKIX_PL_String *formatString = NULL;
+    PKIX_PL_String *sprintfString = NULL;
+    char *plainText = "Testing Sprintf";
+    char *format = "%s %x %u %d";
+    char *convertedFormat = "%s %lx %lu %ld";
+    char *temp = NULL;
+    char *temp2 = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        plainText,
+        PL_strlen(plainText),
+        &testString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        format,
+        11,
+        &formatString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Sprintf(&sprintfString,
+                                              plContext,
+                                              formatString,
+                                              testString, x, y, y));
+    PKIX_TEST_DECREF_BC(testString);
+
+    temp = PR_smprintf(convertedFormat, plainText, x, y, y);
+    temp2 = PKIX_String2ASCII(sprintfString, plContext);
+
+    if (PL_strcmp(temp, temp2) != 0)
+        testError("Sprintf produced incorrect output");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(temp2, plContext));
+
+    PKIX_TEST_DECREF_BC(sprintfString);
+
+    PKIX_TEST_DECREF_BC(formatString);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testErrorHandling(void)
+{
+    char *debugAsciiString =
+        "string with&#x000A;newlines and&#x0009;tabs";
+
+    PKIX_PL_String *testString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        NULL,
+        50,
+        &testString,
+        plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                 "blah", 4, NULL, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_Sprintf(&testString, plContext, NULL));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, NULL, &testString, plContext));
+
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_GetString(0, "blah", 0, plContext));
+
+    /* ---------------------------- */
+    subTest("Unicode Error Handling");
+
+    /* &#x must be followed by 4 hexadecimal digits */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "&#x003k;",
+        7,
+        &testString,
+        plContext));
+
+    /* &#x must be followed by 4 hexadecimal digits */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "abc&#x00",
+        8,
+        &testString,
+        plContext));
+
+    /* &#x must be between 00010000-0010FFFF */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "&#x00200101;",
+        11,
+        &testString,
+        plContext));
+
+    /* &#x must be followed by 8 hexadecimal digits */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "&#x001000",
+        10,
+        &testString,
+        plContext));
+
+    /* &#x must be followed by 8 hexadecimal digits */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "&#x0010m00;",
+        10,
+        &testString,
+        plContext));
+
+    /* Byte values D800-DFFF are reserved */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "&#xD800;",
+        7,
+        &testString,
+        plContext));
+
+    /* Can't use &#x for regular characters */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "&#x0032;",
+        7,
+        &testString,
+        plContext));
+
+    /* Can't use non-printable characters */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "\xA1",
+        1,
+        &testString,
+        plContext));
+
+    /* Only legal \\ characters are \\, u and U */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        "&blah",
+        5,
+        &testString,
+        plContext));
+
+    /* Surrogate pairs must be legal */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_UTF16,
+        "\xd8\x00\x0\x66",
+        4,
+        &testString,
+        plContext));
+
+    /* Debugged EscASCII should not be accepted as EscASCII */
+    PKIX_TEST_EXPECT_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        debugAsciiString,
+        PL_strlen(debugAsciiString),
+        &testString,
+        plContext));
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_String *string)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(string);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_string(int argc, char *argv[])
+{
+
+    PKIX_PL_String *testString[6] = { NULL };
+    PKIX_PL_String *testNullString = NULL;
+    PKIX_PL_String *testDebugAscii = NULL;
+    PKIX_PL_String *testEscAscii = NULL;
+    PKIX_PL_String *testUtf16 = NULL;
+    PKIX_PL_String *ampString = NULL;
+    unsigned char utf16Data[] = { 0x00, 0xA1, 0xD8, 0x00,
+                                  0xDC, 0x00, 0x0F, 0xFF,
+                                  0xDB, 0xC0, 0xDC, 0x01 };
+    PKIX_UInt32 i, size = 6;
+
+    char *plainText[6] = {
+        "string with\nnewlines and\ttabs",
+        "Not an escaped char: &amp;#x0012;",
+        "Encode &amp; with &amp;amp; in ASCII",
+        "&#x00A1;",
+        "&amp;",
+        "string with\nnewlines and\ttabs"
+    };
+
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Strings");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_String_Create <ascii format>");
+    for (i = 0; i < size; i++) {
+        testString[i] = NULL;
+        createString(&testString[i],
+                     PKIX_ESCASCII,
+                     plainText[i],
+                     PL_strlen(plainText[i]));
+    }
+
+    subTest("PKIX_PL_String_Create <other formats>");
+    createStringOther(&testEscAscii,
+                      &testUtf16,
+                      &ampString,
+                      &testDebugAscii,
+                      &testNullString,
+                      (PKIX_UInt32 *)utf16Data);
+
+    PKIX_TEST_EQ_HASH_TOSTR_DUP(testString[0],
+                                testString[5],
+                                testString[1],
+                                plainText[0],
+                                String,
+                                PKIX_TRUE);
+
+    subTest("PKIX_PL_String_GetEncoded");
+    testGetEncoded(testEscAscii,
+                   testString[0],
+                   testDebugAscii,
+                   testNullString,
+                   (PKIX_UInt32 *)utf16Data);
+
+    subTest("PKIX_PL_Sprintf");
+    testSprintf();
+
+    subTest("PKIX_PL_String_Create <error_handling>");
+    testErrorHandling();
+
+    subTest("PKIX_PL_String_Destroy");
+    for (i = 0; i < size; i++) {
+        testDestroy(testString[i]);
+    }
+    testDestroy(testEscAscii);
+    testDestroy(testUtf16);
+    testDestroy(ampString);
+    testDestroy(testDebugAscii);
+    testDestroy(testNullString);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("String");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkix_pl/system/test_string2.c b/nss/cmd/libpkix/pkix_pl/system/test_string2.c
new file mode 100644
index 0000000..c76d1e9
--- /dev/null
+++ b/nss/cmd/libpkix/pkix_pl/system/test_string2.c
@@ -0,0 +1,337 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * test_string2.c
+ *
+ * Tests International Strings
+ *
+ */
+
+#include "testutil.h"
+#include "testutil_nss.h"
+
+static void *plContext = NULL;
+
+static void
+createString(
+    PKIX_PL_String **vivaEspanaString,
+    PKIX_PL_String **straussString,
+    PKIX_PL_String **gorbachevString,
+    PKIX_PL_String **testUTF16String,
+    PKIX_PL_String **chineseString,
+    PKIX_PL_String **jeanRenoString)
+{
+    /* this is meant to fail - it highlights bug 0002 */
+    unsigned char utf16String[4] = { 0xF8, 0x60,
+                                     0xFC, 0x60 };
+
+    unsigned char chinese[16] = { 0xe7, 0xab, 0xa0,
+                                  0xe5, 0xad, 0x90,
+                                  0xe6, 0x80, 0xa1,
+                                  0x20,
+                                  0xe4, 0xb8, 0xad,
+                                  0xe5, 0x9b, 0xbd };
+
+    char *jeanReno = "Jean R\303\251no is an actor.";
+    char *gorbachev = /* This is the name "Gorbachev" in cyrllic */
+        "\xd0\x93\xd0\xbe\xd1\x80\xd0\xb1\xd0\xb0\xd1\x87\xd1\x91\xd0\xb2";
+
+    char *vivaEspana =
+        "&#x00A1;Viva Espa&#x00f1;a!";
+
+    char *strauss =
+        "Strau&#x00Df; was born in &#x00D6;sterreich";
+
+    PKIX_TEST_STD_VARS();
+
+    /* ---------------------------- */
+    subTest("String Creation");
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        vivaEspana,
+        PL_strlen(vivaEspana),
+        vivaEspanaString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_ESCASCII,
+        strauss,
+        PL_strlen(strauss),
+        straussString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_UTF8,
+        gorbachev,
+        PL_strlen(gorbachev),
+        gorbachevString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_UTF16,
+        utf16String,
+        4,
+        testUTF16String,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_UTF8,
+        chinese,
+        16,
+        chineseString,
+        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(
+        PKIX_UTF8,
+        jeanReno,
+        PL_strlen(jeanReno),
+        jeanRenoString,
+        plContext));
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testGetEncoded(PKIX_PL_String *string, PKIX_UInt32 format)
+{
+    void *dest = NULL;
+    PKIX_UInt32 length;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(string,
+                                                        format,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+
+    if (dest) {
+        (void)printf("\tResult: %s\n", (char *)dest);
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    }
+
+cleanup:
+    PKIX_TEST_RETURN();
+}
+
+static void
+testHTMLOutput(
+    PKIX_PL_String *vivaEspanaString,
+    PKIX_PL_String *straussString,
+    PKIX_PL_String *gorbachevString,
+    PKIX_PL_String *testUTF16String,
+    PKIX_PL_String *chineseString,
+    PKIX_PL_String *jeanRenoString)
+{
+    void *dest = NULL;
+    PKIX_UInt32 length;
+
+    FILE *htmlFile = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    /* Opening a file for output */
+    htmlFile = fopen("utf8.html", "w");
+
+    if (htmlFile != plContext) {
+        (void)fprintf(htmlFile, "<html><head>\n");
+        (void)fprintf(htmlFile, "<meta http-equiv=\"Content-Type\"");
+        (void)fprintf(htmlFile,
+                      "content = \"text/html; charset = UTF-8\">\n");
+        (void)fprintf(htmlFile, "</head><body>\n");
+        (void)fprintf(htmlFile, "<font size =\"+2\">\n");
+    } else
+        (void)printf("Could not open HTML file\n");
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(testUTF16String,
+                                                        PKIX_UTF8,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+    if (htmlFile != plContext) {
+        (void)printf("%d bytes written to HTML file\n",
+                     fwrite(dest, length, 1, htmlFile));
+        (void)fprintf(htmlFile, "<BR>\n");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    dest = NULL;
+    length = 0;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(chineseString,
+                                                        PKIX_UTF8,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+    if (htmlFile != plContext) {
+        (void)printf("%d bytes written to HTML file\n",
+                     fwrite(dest, length, 1, htmlFile));
+        (void)fprintf(htmlFile, "<BR>\n");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    dest = NULL;
+    length = 0;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(jeanRenoString,
+                                                        PKIX_UTF8,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+    if (htmlFile != plContext) {
+        (void)printf("%d bytes written to HTML file\n",
+                     fwrite(dest, length, 1, htmlFile));
+        (void)fprintf(htmlFile, "<BR>\n");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    dest = NULL;
+    length = 0;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(vivaEspanaString,
+                                                        PKIX_UTF8,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+    if (htmlFile != plContext) {
+        (void)printf("%d bytes written to HTML file\n",
+                     fwrite(dest, length, 1, htmlFile));
+        (void)fprintf(htmlFile, "<BR>\n");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    dest = NULL;
+    length = 0;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
+                                                        PKIX_UTF8,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+    if (htmlFile != plContext) {
+        (void)printf("%d bytes written to HTML file\n",
+                     fwrite(dest, length, 1, htmlFile));
+        (void)fprintf(htmlFile, "<BR>\n");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    dest = NULL;
+    length = 0;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(straussString,
+                                                        PKIX_UTF8,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    dest = NULL;
+    length = 0;
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_GetEncoded(gorbachevString,
+                                                        PKIX_UTF8,
+                                                        &dest,
+                                                        &length,
+                                                        plContext));
+    if (htmlFile != plContext) {
+        (void)printf("%d bytes written to HTML file\n",
+                     fwrite(dest, length, 1, htmlFile));
+        (void)fprintf(htmlFile, "<BR>\n");
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(dest, plContext));
+    dest = NULL;
+    length = 0;
+
+    if (htmlFile != plContext) {
+        (void)fprintf(htmlFile, "</font>\n");
+        (void)fprintf(htmlFile, "</body></html>\n");
+        (void)fclose(htmlFile);
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+static void
+testDestroy(
+    PKIX_PL_String *string)
+{
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_DECREF_BC(string);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+int
+test_string2(int argc, char *argv[])
+{
+
+    PKIX_PL_String *vivaEspanaString, *straussString, *testUTF16String;
+    PKIX_PL_String *chineseString, *jeanRenoString, *gorbachevString;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+
+    PKIX_TEST_STD_VARS();
+
+    startTests("Unicode Strings");
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    subTest("PKIX_PL_String_Create");
+    createString(&vivaEspanaString,
+                 &straussString,
+                 &gorbachevString,
+                 &testUTF16String,
+                 &chineseString,
+                 &jeanRenoString);
+
+    subTest("Converting UTF-16 to EscASCII");
+    testGetEncoded(testUTF16String, PKIX_ESCASCII);
+
+    subTest("Converting UTF-8 to EscASCII");
+    testGetEncoded(chineseString, PKIX_ESCASCII);
+
+    subTest("Converting UTF-8 to EscASCII");
+    testGetEncoded(jeanRenoString, PKIX_ESCASCII);
+
+    subTest("Converting EscASCII to UTF-16");
+    testGetEncoded(vivaEspanaString, PKIX_UTF16);
+
+    subTest("Converting UTF-8 to UTF-16");
+    testGetEncoded(chineseString, PKIX_UTF16);
+
+    subTest("Creating HTML Output File \'utf8.html\'");
+    testHTMLOutput(vivaEspanaString,
+                   straussString,
+                   gorbachevString,
+                   testUTF16String,
+                   chineseString,
+                   jeanRenoString);
+
+    subTest("Unicode Destructors");
+    testDestroy(testUTF16String);
+    testDestroy(chineseString);
+    testDestroy(jeanRenoString);
+    testDestroy(vivaEspanaString);
+    testDestroy(straussString);
+    testDestroy(gorbachevString);
+
+cleanup:
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("Unicode Strings");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/pkixlibs.mk b/nss/cmd/libpkix/pkixlibs.mk
new file mode 100755
index 0000000..2e1eb15
--- /dev/null
+++ b/nss/cmd/libpkix/pkixlibs.mk
@@ -0,0 +1,27 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-lpkixutil \
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(DIST)/lib/pkixutil.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib/ \
+	-lpkixutil \
+	$(NULL)
+
+endif
+
diff --git a/nss/cmd/libpkix/pkixrules.mk b/nss/cmd/libpkix/pkixrules.mk
new file mode 100755
index 0000000..bbaf85c
--- /dev/null
+++ b/nss/cmd/libpkix/pkixrules.mk
@@ -0,0 +1,7 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
diff --git a/nss/cmd/libpkix/pkixutil/Makefile b/nss/cmd/libpkix/pkixutil/Makefile
new file mode 100644
index 0000000..a2cfa73
--- /dev/null
+++ b/nss/cmd/libpkix/pkixutil/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/pkixutil/manifest.mn b/nss/cmd/libpkix/pkixutil/manifest.mn
new file mode 100644
index 0000000..180e995
--- /dev/null
+++ b/nss/cmd/libpkix/pkixutil/manifest.mn
@@ -0,0 +1,41 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = \
+	pkixutil.c \
+	$(NULL)
+
+PROGRAM = pkixutil
+
+TOOLS_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+EXTRA_LIBS += \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolperf.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolcertsel.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolparams.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolmodule.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolpki.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolsys.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolresults.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolstore.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtooltop.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolutil.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolsmplapps.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolchecker.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtoolcrlsel.$(LIB_SUFFIX) \
+	$(TOOLS_LIB_DIR)/$(LIB_PREFIX)pkixtooltestutil.$(LIB_SUFFIX) \
+	$(NULL)
+
+NO_MD_RELEASE = 1
+
+USE_STATIC_LIBS = 1
+
diff --git a/nss/cmd/libpkix/pkixutil/pkixutil.c b/nss/cmd/libpkix/pkixutil/pkixutil.c
new file mode 100644
index 0000000..158f458
--- /dev/null
+++ b/nss/cmd/libpkix/pkixutil/pkixutil.c
@@ -0,0 +1,299 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testwrapper.c
+ *
+ * Wrpper programm for libpkix tests.
+ *
+ */
+
+#include <stdio.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+
+#include "nss.h"
+#include "secport.h"
+
+typedef int (*mainTestFn)(int argc, char *argv[]);
+
+extern int libpkix_buildthreads(int argc, char *argv[]);
+extern int nss_threads(int argc, char *argv[]);
+extern int test_certselector(int argc, char *argv[]);
+extern int test_comcertselparams(int argc, char *argv[]);
+extern int test_certchainchecker(int argc, char *argv[]);
+extern int test_comcrlselparams(int argc, char *argv[]);
+extern int test_crlselector(int argc, char *argv[]);
+
+extern int test_procparams(int argc, char *argv[]);
+extern int test_resourcelimits(int argc, char *argv[]);
+extern int test_trustanchor(int argc, char *argv[]);
+extern int test_valparams(int argc, char *argv[]);
+extern int test_buildresult(int argc, char *argv[]);
+extern int test_policynode(int argc, char *argv[]);
+extern int test_valresult(int argc, char *argv[]);
+extern int test_verifynode(int argc, char *argv[]);
+extern int test_store(int argc, char *argv[]);
+extern int test_basicchecker(int argc, char *argv[]);
+extern int test_basicconstraintschecker(int argc, char *argv[]);
+extern int test_buildchain(int argc, char *argv[]);
+extern int test_buildchain_partialchain(int argc, char *argv[]);
+extern int test_buildchain_resourcelimits(int argc, char *argv[]);
+extern int test_buildchain_uchecker(int argc, char *argv[]);
+extern int test_customcrlchecker(int argc, char *argv[]);
+extern int test_defaultcrlchecker2stores(int argc, char *argv[]);
+extern int test_ocsp(int argc, char *argv[]);
+extern int test_policychecker(int argc, char *argv[]);
+extern int test_subjaltnamechecker(int argc, char *argv[]);
+extern int test_validatechain(int argc, char *argv[]);
+extern int test_validatechain_NB(int argc, char *argv[]);
+extern int test_validatechain_bc(int argc, char *argv[]);
+extern int test_error(int argc, char *argv[]);
+extern int test_list(int argc, char *argv[]);
+extern int test_list2(int argc, char *argv[]);
+extern int test_logger(int argc, char *argv[]);
+extern int test_colcertstore(int argc, char *argv[]);
+extern int test_ekuchecker(int argc, char *argv[]);
+extern int test_httpcertstore(int argc, char *argv[]);
+extern int test_pk11certstore(int argc, char *argv[]);
+extern int test_socket(int argc, char *argv[]);
+extern int test_authorityinfoaccess(int argc, char *argv[]);
+extern int test_cert(int argc, char *argv[]);
+extern int test_crl(int argc, char *argv[]);
+extern int test_crlentry(int argc, char *argv[]);
+extern int test_date(int argc, char *argv[]);
+extern int test_generalname(int argc, char *argv[]);
+extern int test_nameconstraints(int argc, char *argv[]);
+extern int test_subjectinfoaccess(int argc, char *argv[]);
+extern int test_x500name(int argc, char *argv[]);
+extern int stress_test(int argc, char *argv[]);
+extern int test_bigint(int argc, char *argv[]);
+extern int test_bytearray(int argc, char *argv[]);
+extern int test_hashtable(int argc, char *argv[]);
+extern int test_mem(int argc, char *argv[]);
+extern int test_monitorlock(int argc, char *argv[]);
+extern int test_mutex(int argc, char *argv[]);
+extern int test_mutex2(int argc, char *argv[]);
+extern int test_mutex3(int argc, char *argv[]);
+extern int test_object(int argc, char *argv[]);
+extern int test_oid(int argc, char *argv[]);
+
+/* Taken out. Problem with build                   */
+/* extern int test_rwlock(int argc, char *argv[]); */
+extern int test_string(int argc, char *argv[]);
+extern int test_string2(int argc, char *argv[]);
+extern int build_chain(int argc, char *argv[]);
+extern int dumpcert(int argc, char *argv[]);
+extern int dumpcrl(int argc, char *argv[]);
+extern int validate_chain(int argc, char *argv[]);
+
+typedef struct {
+    char *fnName;
+    mainTestFn fnPointer;
+} testFunctionRef;
+
+testFunctionRef testFnRefTable[] = {
+    { "libpkix_buildthreads", libpkix_buildthreads },
+    { "nss_threads", nss_threads },
+    { "test_certselector", test_certselector },
+    { "test_comcertselparams", test_comcertselparams },
+    { "test_certchainchecker", test_certchainchecker },
+    { "test_comcrlselparams", test_comcrlselparams },
+    { "test_crlselector", test_crlselector },
+    { "test_procparams", test_procparams },
+    { "test_resourcelimits", test_resourcelimits },
+    { "test_trustanchor", test_trustanchor },
+    { "test_valparams", test_valparams },
+    { "test_buildresult", test_buildresult },
+    { "test_policynode", test_policynode },
+    { "test_valresult", test_valresult },
+    { "test_verifynode", test_verifynode },
+    { "test_store", test_store },
+    { "test_basicchecker", test_basicchecker },
+    { "test_basicconstraintschecker", test_basicconstraintschecker },
+    { "test_buildchain", test_buildchain },
+    { "test_buildchain_partialchain", test_buildchain_partialchain },
+    { "test_buildchain_resourcelimits", test_buildchain_resourcelimits },
+    { "test_buildchain_uchecker", test_buildchain_uchecker },
+    { "test_customcrlchecker", test_customcrlchecker },
+    { "test_defaultcrlchecker2stores", test_defaultcrlchecker2stores },
+    { "test_ocsp", test_ocsp },
+    { "test_policychecker", test_policychecker },
+    { "test_subjaltnamechecker", test_subjaltnamechecker },
+    { "test_validatechain", test_validatechain },
+    { "test_validatechain_NB", test_validatechain_NB },
+    { "test_validatechain_bc", test_validatechain_bc },
+    { "test_error", test_error },
+    { "test_list", test_list },
+    { "test_list2", test_list2 },
+    { "test_logger", test_logger },
+    { "test_colcertstore", test_colcertstore },
+    { "test_ekuchecker", test_ekuchecker },
+    { "test_httpcertstore", test_httpcertstore },
+    { "test_pk11certstore", test_pk11certstore },
+    { "test_socket", test_socket },
+    { "test_authorityinfoaccess", test_authorityinfoaccess },
+    { "test_cert", test_cert },
+    { "test_crl", test_crl },
+    { "test_crlentry", test_crlentry },
+    { "test_date", test_date },
+    { "test_generalname", test_generalname },
+    { "test_nameconstraints", test_nameconstraints },
+    { "test_subjectinfoaccess", test_subjectinfoaccess },
+    { "test_x500name", test_x500name },
+    { "stress_test", stress_test },
+    { "test_bigint", test_bigint },
+    { "test_bytearray", test_bytearray },
+    { "test_hashtable", test_hashtable },
+    { "test_mem", test_mem },
+    { "test_monitorlock", test_monitorlock },
+    { "test_mutex", test_mutex },
+    { "test_mutex2", test_mutex2 },
+    { "test_mutex3", test_mutex3 },
+    { "test_object", test_object },
+    { "test_oid", test_oid },
+    /*  {"test_rwlock",                    test_rwlock }*/
+    { "test_string", test_string },
+    { "test_string2", test_string2 },
+    { "build_chain", build_chain },
+    { "dumpcert", dumpcert },
+    { "dumpcrl", dumpcrl },
+    { "validate_chain", validate_chain },
+    { NULL, NULL },
+};
+
+static void
+printUsage(char *cmdName)
+{
+    int fnCounter = 0;
+
+    fprintf(stderr, "Usage: %s [test name] [arg1]...[argN]\n\n", cmdName);
+    fprintf(stderr, "List of possible names for the tests:");
+    while (testFnRefTable[fnCounter].fnName != NULL) {
+        if (fnCounter % 2 == 0) {
+            fprintf(stderr, "\n");
+        }
+        fprintf(stderr, "  %-35s ", testFnRefTable[fnCounter].fnName);
+        fnCounter += 1;
+    }
+    fprintf(stderr, "\n");
+}
+
+static SECStatus
+getTestArguments(int argc,
+                 char **argv,
+                 mainTestFn *ptestFn,
+                 char **pdbPath,
+                 int *pargc,
+                 char ***pargv)
+{
+    PLOptState *optstate = NULL;
+    PLOptStatus status;
+    mainTestFn testFunction = NULL;
+    char **wArgv = NULL;
+    char *dbPath = NULL;
+    char *fnName = NULL;
+    int wArgc = 0;
+    int fnCounter = 0;
+
+    if (argc < 2) {
+        printf("ERROR: insufficient number of arguments: %s.\n", fnName);
+        return SECFailure;
+    }
+
+    fnName = argv[1];
+    while (testFnRefTable[fnCounter].fnName != NULL) {
+        if (!PORT_Strcmp(fnName, testFnRefTable[fnCounter].fnName)) {
+            testFunction = testFnRefTable[fnCounter].fnPointer;
+            break;
+        }
+        fnCounter += 1;
+    }
+    if (!testFunction) {
+        printf("ERROR: unknown name of the test: %s.\n", fnName);
+        return SECFailure;
+    }
+
+    wArgv = PORT_ZNewArray(char *, argc);
+    if (!wArgv) {
+        return SECFailure;
+    }
+
+    /* set name of the function as a first arg and increment arg count. */
+    wArgv[0] = fnName;
+    wArgc += 1;
+
+    optstate = PL_CreateOptState(argc - 1, argv + 1, "d:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'd':
+                dbPath = (char *)optstate->value;
+                break;
+
+            default:
+                wArgv[wArgc] = (char *)optstate->value;
+                wArgc += 1;
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    *ptestFn = testFunction;
+    *pdbPath = dbPath;
+    *pargc = wArgc;
+    *pargv = wArgv;
+
+    return SECSuccess;
+}
+
+static int
+runCmd(mainTestFn fnPointer,
+       int argc,
+       char **argv,
+       char *dbPath)
+{
+    int retStat = 0;
+
+    /*  Initialize NSPR and NSS.  */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    /* if using databases, use NSS_Init and not NSS_NoDB_Init */
+    if (dbPath && PORT_Strlen(dbPath) != 0) {
+        if (NSS_Init(dbPath) != SECSuccess)
+            return SECFailure;
+    } else {
+        if (NSS_NoDB_Init(NULL) != 0)
+            return SECFailure;
+    }
+    retStat = fnPointer(argc, argv);
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+    PR_Cleanup();
+    return retStat;
+}
+
+int
+main(int argc, char **argv)
+{
+    mainTestFn testFunction = NULL;
+    char *dbPath = NULL;
+    char **testArgv = NULL;
+    int testArgc = 0;
+    int rv = 0;
+
+    rv = getTestArguments(argc, argv, &testFunction, &dbPath,
+                          &testArgc, &testArgv);
+    if (rv != SECSuccess) {
+        printUsage(argv[0]);
+        return 1;
+    }
+
+    rv = runCmd(testFunction, testArgc, testArgv, dbPath);
+
+    PORT_Free(testArgv);
+
+    return rv;
+}
diff --git a/nss/cmd/libpkix/sample_apps/Makefile b/nss/cmd/libpkix/sample_apps/Makefile
new file mode 100755
index 0000000..daa8765
--- /dev/null
+++ b/nss/cmd/libpkix/sample_apps/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include $(PLAT_DEPTH)/platrules.mk
diff --git a/nss/cmd/libpkix/sample_apps/build_chain.c b/nss/cmd/libpkix/sample_apps/build_chain.c
new file mode 100644
index 0000000..38bf1d9
--- /dev/null
+++ b/nss/cmd/libpkix/sample_apps/build_chain.c
@@ -0,0 +1,242 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * buildChain.c
+ *
+ * Tests Cert Chain Building
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stddef.h>
+
+#include "pkix_pl_generalname.h"
+#include "pkix_pl_cert.h"
+#include "pkix.h"
+#include "testutil.h"
+#include "prlong.h"
+#include "plstr.h"
+#include "prthread.h"
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "secitem.h"
+#include "keythi.h"
+#include "nss.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\tbuildChain "
+                 "<trustedCert> <targetCert> <certStoreDirectory>\n\n");
+    (void)printf("Builds a chain of certificates between "
+                 "<trustedCert> and <targetCert>\n"
+                 "using the certs and CRLs in <certStoreDirectory>.\n");
+}
+
+static PKIX_PL_Cert *
+createCert(char *inFileName)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    void *buf = NULL;
+    PRFileDesc *inFile = NULL;
+    PKIX_UInt32 len;
+    SECItem certDER;
+    SECStatus rv;
+    /* default: NULL cert (failure case) */
+    PKIX_PL_Cert *cert = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certDER.data = NULL;
+
+    inFile = PR_Open(inFileName, PR_RDONLY, 0);
+
+    if (!inFile) {
+        pkixTestErrorMsg = "Unable to open cert file";
+        goto cleanup;
+    } else {
+        rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+        if (!rv) {
+            buf = (void *)certDER.data;
+            len = certDER.len;
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+            SECITEM_FreeItem(&certDER, PR_FALSE);
+        } else {
+            pkixTestErrorMsg = "Unable to read DER from cert file";
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    if (inFile) {
+        PR_Close(inFile);
+    }
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        SECITEM_FreeItem(&certDER, PR_FALSE);
+    }
+
+    PKIX_TEST_DECREF_AC(byteArray);
+
+    PKIX_TEST_RETURN();
+
+    return (cert);
+}
+
+int
+build_chain(int argc, char *argv[])
+{
+    PKIX_BuildResult *buildResult = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    char *trustedCertFile = NULL;
+    char *targetCertFile = NULL;
+    char *storeDirAscii = NULL;
+    PKIX_PL_String *storeDirString = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_PL_Cert *targetCert = NULL;
+    PKIX_UInt32 actualMinorVersion, numCerts, i;
+    PKIX_UInt32 j = 0;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_List *certStores = NULL;
+    char *asciiResult = NULL;
+    PKIX_Boolean useArenas = PKIX_FALSE;
+    void *buildState = NULL; /* needed by pkix_build for non-blocking I/O */
+    void *nbioContext = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 4) {
+        printUsage();
+        return (0);
+    }
+
+    useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */
+                                              useArenas,
+                                              PKIX_MAJOR_VERSION,
+                                              PKIX_MINOR_VERSION,
+                                              PKIX_MINOR_VERSION,
+                                              &actualMinorVersion,
+                                              &plContext));
+
+    /* create processing params with list of trust anchors */
+    trustedCertFile = argv[j + 1];
+    trustedCert = createCert(trustedCertFile);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    /* create CertSelector with target certificate in params */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+    targetCertFile = argv[j + 2];
+    targetCert = createCert(targetCertFile);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetCertificate(certSelParams, targetCert, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    /* create CertStores */
+
+    storeDirAscii = argv[j + 3];
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, storeDirAscii, 0, &storeDirString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_CollectionCertStore_Create(storeDirString, &certStore, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certStores, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext));
+
+    /* build cert chain using processing params and return buildResult */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildChain(procParams,
+                                              &nbioContext,
+                                              &buildState,
+                                              &buildResult,
+                                              NULL,
+                                              plContext));
+
+    /*
+         * As long as we use only CertStores with blocking I/O, we can omit
+         * checking for completion with nbioContext.
+         */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_BuildResult_GetCertChain(buildResult, &certs, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetLength(certs, &numCerts, plContext));
+
+    printf("\n");
+
+    for (i = 0; i < numCerts; i++) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_GetItem(certs, i, (PKIX_PL_Object **)&cert, plContext));
+
+        asciiResult = PKIX_Cert2ASCII(cert);
+
+        printf("CERT[%d]:\n%s\n", i, asciiResult);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(asciiResult, plContext));
+        asciiResult = NULL;
+
+        PKIX_TEST_DECREF_BC(cert);
+    }
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        (void)printf("FAILED TO BUILD CHAIN\n");
+    } else {
+        (void)printf("SUCCESSFULLY BUILT CHAIN\n");
+    }
+
+    PKIX_PL_Free(asciiResult, plContext);
+
+    PKIX_TEST_DECREF_AC(certs);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(certStore);
+    PKIX_TEST_DECREF_AC(certStores);
+    PKIX_TEST_DECREF_AC(storeDirString);
+    PKIX_TEST_DECREF_AC(trustedCert);
+    PKIX_TEST_DECREF_AC(targetCert);
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(anchors);
+    PKIX_TEST_DECREF_AC(procParams);
+    PKIX_TEST_DECREF_AC(certSelParams);
+    PKIX_TEST_DECREF_AC(certSelector);
+    PKIX_TEST_DECREF_AC(buildResult);
+
+    PKIX_TEST_RETURN();
+
+    PKIX_Shutdown(plContext);
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/sample_apps/dumpcert.c b/nss/cmd/libpkix/sample_apps/dumpcert.c
new file mode 100644
index 0000000..6ff5f83
--- /dev/null
+++ b/nss/cmd/libpkix/sample_apps/dumpcert.c
@@ -0,0 +1,182 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * dumpcert.c
+ *
+ * dump certificate sample application
+ *
+ */
+
+#include <stdio.h>
+
+#include "pkix.h"
+#include "testutil.h"
+#include "prlong.h"
+#include "plstr.h"
+#include "prthread.h"
+#include "plarena.h"
+#include "seccomon.h"
+#include "secdert.h"
+#include "secasn1t.h"
+#include "certt.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\tdumpcert <certFile>\n");
+    (void)printf("\tParses a certificate located at <certFile> "
+                 "and displays it.\n");
+}
+
+static void
+printFailure(char *msg)
+{
+    (void)printf("FAILURE: %s\n", msg);
+}
+
+static PKIX_PL_Cert *
+createCert(char *inFileName)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_Error *error = NULL;
+    PRFileDesc *inFile = NULL;
+    SECItem certDER;
+    void *buf = NULL;
+    PKIX_UInt32 len;
+    SECStatus rv = SECFailure;
+
+    certDER.data = NULL;
+
+    inFile = PR_Open(inFileName, PR_RDONLY, 0);
+
+    if (!inFile) {
+        printFailure("Unable to open cert file");
+        goto cleanup;
+    } else {
+        rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+        if (!rv) {
+            buf = (void *)certDER.data;
+            len = certDER.len;
+
+            error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
+
+            if (error) {
+                printFailure("PKIX_PL_ByteArray_Create failed");
+                goto cleanup;
+            }
+
+            error = PKIX_PL_Cert_Create(byteArray, &cert, plContext);
+
+            if (error) {
+                printFailure("PKIX_PL_Cert_Create failed");
+                goto cleanup;
+            }
+        } else {
+            printFailure("Unable to read DER from cert file");
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    if (inFile) {
+        PR_Close(inFile);
+    }
+
+    if (rv == SECSuccess) {
+        SECITEM_FreeItem(&certDER, PR_FALSE);
+    }
+
+    if (byteArray) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext);
+    }
+
+    return (cert);
+}
+
+int
+dumpcert(int argc, char *argv[])
+{
+
+    PKIX_PL_String *string = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_Error *error = NULL;
+    char *ascii = NULL;
+    PKIX_UInt32 length = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_Boolean useArenas = PKIX_FALSE;
+    PKIX_UInt32 actualMinorVersion;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc == 1) {
+        printUsage();
+        return (0);
+    }
+
+    useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+
+    PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */
+                    useArenas,
+                    PKIX_MAJOR_VERSION,
+                    PKIX_MINOR_VERSION,
+                    PKIX_MINOR_VERSION,
+                    &actualMinorVersion,
+                    &plContext);
+
+    cert = createCert(argv[1 + j]);
+
+    if (cert) {
+
+        error = PKIX_PL_Object_ToString((PKIX_PL_Object *)cert, &string, plContext);
+
+        if (error) {
+            printFailure("Unable to get string representation "
+                         "of cert");
+            goto cleanup;
+        }
+
+        error = PKIX_PL_String_GetEncoded(string,
+                                          PKIX_ESCASCII,
+                                          (void **)&ascii,
+                                          &length,
+                                          plContext);
+
+        if (error || !ascii) {
+            printFailure("Unable to get ASCII encoding of string");
+            goto cleanup;
+        }
+
+        (void)printf("OUTPUT:\n%s\n", ascii);
+
+    } else {
+        printFailure("Unable to create certificate");
+        goto cleanup;
+    }
+
+cleanup:
+
+    if (cert) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)(cert), plContext);
+    }
+
+    if (string) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext);
+    }
+
+    if (ascii) {
+        PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext);
+    }
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("DUMPCERT");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/sample_apps/dumpcrl.c b/nss/cmd/libpkix/sample_apps/dumpcrl.c
new file mode 100644
index 0000000..6426014
--- /dev/null
+++ b/nss/cmd/libpkix/sample_apps/dumpcrl.c
@@ -0,0 +1,186 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * dumpcrl.c
+ *
+ * dump CRL sample application
+ *
+ */
+
+#include <stdio.h>
+
+#include "pkix.h"
+#include "testutil.h"
+#include "prlong.h"
+#include "plstr.h"
+#include "prthread.h"
+#include "plarena.h"
+#include "seccomon.h"
+#include "secdert.h"
+#include "secasn1t.h"
+#include "certt.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\tdumpcrl <crlFile>\n");
+    (void)printf("\tParses a CRL located at <crlFile> "
+                 "and displays it.\n");
+}
+
+static void
+printFailure(char *msg)
+{
+    (void)printf("FAILURE: %s\n", msg);
+}
+
+static PKIX_PL_CRL *
+createCRL(char *inFileName)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_Error *error = NULL;
+    PRFileDesc *inFile = NULL;
+    SECItem crlDER;
+    void *buf = NULL;
+    PKIX_UInt32 len;
+    SECStatus rv;
+
+    PKIX_TEST_STD_VARS();
+
+    crlDER.data = NULL;
+
+    inFile = PR_Open(inFileName, PR_RDONLY, 0);
+
+    if (!inFile) {
+        printFailure("Unable to open crl file");
+        goto cleanup;
+    } else {
+        rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+        if (!rv) {
+            buf = (void *)crlDER.data;
+            len = crlDER.len;
+
+            error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
+
+            if (error) {
+                printFailure("PKIX_PL_ByteArray_Create failed");
+                goto cleanup;
+            }
+
+            error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
+            if (error) {
+                printFailure("PKIX_PL_CRL_Create failed");
+                goto cleanup;
+            }
+
+            SECITEM_FreeItem(&crlDER, PR_FALSE);
+        } else {
+            printFailure("Unable to read DER from crl file");
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    if (inFile) {
+        PR_Close(inFile);
+    }
+
+    if (error) {
+        SECITEM_FreeItem(&crlDER, PR_FALSE);
+    }
+
+    if (byteArray) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)(byteArray), plContext);
+    }
+
+    PKIX_TEST_RETURN();
+
+    return (crl);
+}
+
+int
+dumpcrl(int argc, char *argv[])
+{
+
+    PKIX_PL_String *string = NULL;
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_Error *error = NULL;
+    char *ascii = NULL;
+    PKIX_UInt32 length;
+    PKIX_UInt32 actualMinorVersion;
+    PKIX_UInt32 j = 0;
+    PKIX_Boolean useArenas = PKIX_FALSE;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc == 1) {
+        printUsage();
+        return (0);
+    }
+
+    useArenas = PKIX_TEST_ARENAS_ARG(argv[1]);
+
+    PKIX_Initialize(PKIX_TRUE, /* nssInitNeeded */
+                    useArenas,
+                    PKIX_MAJOR_VERSION,
+                    PKIX_MINOR_VERSION,
+                    PKIX_MINOR_VERSION,
+                    &actualMinorVersion,
+                    &plContext);
+
+    crl = createCRL(argv[j + 1]);
+
+    if (crl) {
+
+        error = PKIX_PL_Object_ToString((PKIX_PL_Object *)crl, &string, plContext);
+
+        if (error) {
+            printFailure("Unable to get string representation "
+                         "of crl");
+            goto cleanup;
+        }
+
+        error = PKIX_PL_String_GetEncoded(string,
+                                          PKIX_ESCASCII,
+                                          (void **)&ascii,
+                                          &length,
+                                          plContext);
+        if (error || !ascii) {
+            printFailure("Unable to get ASCII encoding of string");
+            goto cleanup;
+        }
+
+        (void)printf("OUTPUT:\n%s\n", ascii);
+
+    } else {
+        printFailure("Unable to create CRL");
+        goto cleanup;
+    }
+
+cleanup:
+
+    if (crl) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)(crl), plContext);
+    }
+
+    if (string) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)(string), plContext);
+    }
+
+    if (ascii) {
+        PKIX_PL_Free((PKIX_PL_Object *)(ascii), plContext);
+    }
+
+    PKIX_Shutdown(plContext);
+
+    PKIX_TEST_RETURN();
+
+    endTests("DUMPCRL");
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/sample_apps/manifest.mn b/nss/cmd/libpkix/sample_apps/manifest.mn
new file mode 100755
index 0000000..32926cc
--- /dev/null
+++ b/nss/cmd/libpkix/sample_apps/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = dumpcert.c \
+	dumpcrl.c \
+	validate_chain.c \
+	build_chain.c \
+	$(NULL)
+
+LIBRARY_NAME=pkixtoolsmplapps
+
+SOURCE_LIB_DIR=$(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/sample_apps/validate_chain.c b/nss/cmd/libpkix/sample_apps/validate_chain.c
new file mode 100644
index 0000000..1ccf364
--- /dev/null
+++ b/nss/cmd/libpkix/sample_apps/validate_chain.c
@@ -0,0 +1,220 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * validateChain.c
+ *
+ * Tests Cert Chain Validation
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stddef.h>
+
+#include "pkix_pl_generalname.h"
+#include "pkix_pl_cert.h"
+#include "pkix.h"
+#include "testutil.h"
+#include "prlong.h"
+#include "plstr.h"
+#include "prthread.h"
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "secitem.h"
+#include "keythi.h"
+#include "nss.h"
+
+static void *plContext = NULL;
+
+static void
+printUsage(void)
+{
+    (void)printf("\nUSAGE:\tvalidateChain <trustedCert> "
+                 "<cert_1> <cert_2> ... <cert_n>\n");
+    (void)printf("\tValidates a chain of n certificates "
+                 "using the given trust anchor.\n");
+}
+
+static PKIX_PL_Cert *
+createCert(char *inFileName)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    void *buf = NULL;
+    PRFileDesc *inFile = NULL;
+    PKIX_UInt32 len;
+    SECItem certDER;
+    SECStatus rv;
+    /* default: NULL cert (failure case) */
+    PKIX_PL_Cert *cert = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certDER.data = NULL;
+
+    inFile = PR_Open(inFileName, PR_RDONLY, 0);
+
+    if (!inFile) {
+        pkixTestErrorMsg = "Unable to open cert file";
+        goto cleanup;
+    } else {
+        rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE, PR_FALSE);
+        if (!rv) {
+            buf = (void *)certDER.data;
+            len = certDER.len;
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+            SECITEM_FreeItem(&certDER, PR_FALSE);
+        } else {
+            pkixTestErrorMsg = "Unable to read DER from cert file";
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    if (inFile) {
+        PR_Close(inFile);
+    }
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        SECITEM_FreeItem(&certDER, PR_FALSE);
+    }
+
+    PKIX_TEST_DECREF_AC(byteArray);
+
+    PKIX_TEST_RETURN();
+
+    return (cert);
+}
+
+int
+validate_chain(int argc, char *argv[])
+{
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_List *anchors = NULL;
+    PKIX_List *certs = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_PL_X500Name *subject = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_VerifyNode *verifyTree = NULL;
+    PKIX_PL_String *verifyString = NULL;
+
+    char *trustedCertFile = NULL;
+    char *chainCertFile = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_PL_Cert *chainCert = NULL;
+    PKIX_UInt32 chainLength = 0;
+    PKIX_UInt32 i = 0;
+    PKIX_UInt32 j = 0;
+    PKIX_UInt32 actualMinorVersion;
+
+    PKIX_TEST_STD_VARS();
+
+    if (argc < 3) {
+        printUsage();
+        return (0);
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(
+        PKIX_PL_NssContext_Create(0, PKIX_FALSE, NULL, &plContext));
+
+    chainLength = (argc - j) - 2;
+
+    /* create processing params with list of trust anchors */
+    trustedCertFile = argv[1 + j];
+    trustedCert = createCert(trustedCertFile);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(trustedCert, &subject, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_Create(&certSelParams, plContext));
+
+#if 0
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ComCertSelParams_SetSubject
+                                    (certSelParams, subject, plContext));
+#endif
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext));
+
+    PKIX_TEST_DECREF_BC(subject);
+    PKIX_TEST_DECREF_BC(certSelParams);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(trustedCert, &anchor, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchors, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchors, (PKIX_PL_Object *)anchor, plContext));
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchors, &procParams, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext));
+
+    PKIX_TEST_DECREF_BC(certSelector);
+
+    /* create cert chain */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certs, plContext));
+    for (i = 0; i < chainLength; i++) {
+        chainCertFile = argv[(i + j) + 2];
+        chainCert = createCert(chainCertFile);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certs,
+                                                       (PKIX_PL_Object *)chainCert,
+                                                       plContext));
+
+        PKIX_TEST_DECREF_BC(chainCert);
+        chainCert = NULL;
+    }
+    /* create validate params with processing params and cert chain */
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, certs, &valParams, plContext));
+
+    PKIX_TEST_DECREF_BC(trustedCert);
+    trustedCert = NULL;
+    PKIX_TEST_DECREF_BC(anchor);
+    anchor = NULL;
+    PKIX_TEST_DECREF_BC(anchors);
+    anchors = NULL;
+    PKIX_TEST_DECREF_BC(certs);
+    certs = NULL;
+    PKIX_TEST_DECREF_BC(procParams);
+    procParams = NULL;
+
+    /* validate cert chain using processing params and return valResult */
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateChain(valParams, &valResult, &verifyTree, plContext));
+
+    if (valResult != NULL) {
+        (void)printf("SUCCESSFULLY VALIDATED\n");
+    }
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        (void)printf("FAILED TO VALIDATE\n");
+        (void)PKIX_PL_Object_ToString((PKIX_PL_Object *)verifyTree, &verifyString, plContext);
+        (void)printf("verifyTree is\n%s\n", verifyString->escAsciiString);
+        PKIX_TEST_DECREF_AC(verifyString);
+    }
+
+    PKIX_TEST_DECREF_AC(verifyTree);
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(valParams);
+
+    PKIX_TEST_RETURN();
+
+    PKIX_Shutdown(plContext);
+
+    return (0);
+}
diff --git a/nss/cmd/libpkix/testutil/Makefile b/nss/cmd/libpkix/testutil/Makefile
new file mode 100755
index 0000000..859aedd
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/Makefile
@@ -0,0 +1,51 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(PKIX_DEPTH)/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include $(PLAT_DEPTH)/platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include $(PLAT_DEPTH)/platrules.mk
+
+export:: private_export
+
diff --git a/nss/cmd/libpkix/testutil/config.mk b/nss/cmd/libpkix/testutil/config.mk
new file mode 100644
index 0000000..820dbb2
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/config.mk
@@ -0,0 +1,15 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# don't build the static library
+LIBRARY =
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+endif
diff --git a/nss/cmd/libpkix/testutil/manifest.mn b/nss/cmd/libpkix/testutil/manifest.mn
new file mode 100755
index 0000000..2f831fc
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/manifest.mn
@@ -0,0 +1,26 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+PKIX_DEPTH = ..
+CORE_DEPTH = $(PKIX_DEPTH)/../../..
+PLAT_DEPTH = $(PKIX_DEPTH)/..
+
+MODULE = nss
+
+PRIVATE_EXPORTS = \
+	testutil_nss.h \
+	testutil.h \
+	$(NULL)
+
+CSRCS = \
+	testutil_nss.c \
+	testutil.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixtooltestutil
+
+SOURCE_LIB_DIR = $(PKIX_DEPTH)/$(OBJDIR)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/libpkix/testutil/pkixutil.def b/nss/cmd/libpkix/testutil/pkixutil.def
new file mode 100644
index 0000000..407d40a
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/pkixutil.def
@@ -0,0 +1,48 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSS_3.12 {               # NSS 3.12 release
+;+    global:
+LIBRARY pkixutil ;-
+EXPORTS	;-
+createBuildResult;
+createCRL;
+createCert;
+createCertChain;
+createCertChainPlus;
+createDate;
+createGeneralName;
+createProcessingParams;
+createTrustAnchor;
+createValidateParams;
+createValidateResult;
+endTests;
+startTests;
+subTest;
+testDuplicateHelper;
+testEqualsHelper;
+testError;
+testErrorUndo;
+testHashcodeHelper;
+testToStringHelper;
+PKIX_Cert2ASCII;
+PKIX_Error2ASCII;
+PKIX_String2ASCII;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/cmd/libpkix/testutil/testutil.c b/nss/cmd/libpkix/testutil/testutil.c
new file mode 100644
index 0000000..0f438ba
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/testutil.c
@@ -0,0 +1,576 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil.c
+ *
+ * Utility error handling functions
+ *
+ */
+
+#include "testutil.h"
+
+/*
+ * static global variable to keep track of total number of errors for
+ * a particular test suite (eg. all the OID tests)
+ */
+static int errCount = 0;
+
+/*
+ * FUNCTION: startTests
+ * DESCRIPTION:
+ *
+ *  Prints standard message for starting the test suite with the name pointed
+ *  to by "testName". This function should be called in the beginning of every
+ *  test suite.
+ *
+ * PARAMETERS:
+ *  "testName"
+ *      Address of string representing name of test suite.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "errCount"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+startTests(char *testName)
+{
+    (void)printf("*START OF TESTS FOR %s:\n", testName);
+    errCount = 0;
+}
+
+/*
+ * FUNCTION: endTests
+ * DESCRIPTION:
+ *
+ *  Prints standard message for ending the test suite with the name pointed
+ *  to by "testName", followed by a success/failure message. This function
+ *  should be called at the end of every test suite.
+ *
+ * PARAMETERS:
+ *  "testName"
+ *      Address of string representing name of test suite.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "errCount"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+endTests(char *testName)
+{
+    char plural = ' ';
+
+    (void)printf("*END OF TESTS FOR %s: ", testName);
+    if (errCount > 0) {
+        if (errCount > 1)
+            plural = 's';
+        (void)printf("%d SUBTEST%c FAILED.\n\n", errCount, plural);
+    } else {
+        (void)printf("ALL TESTS COMPLETED SUCCESSFULLY.\n\n");
+    }
+}
+
+/*
+ * FUNCTION: subTest
+ * DESCRIPTION:
+ *
+ *  Prints standard message for starting the subtest with the name pointed to
+ *  by "subTestName". This function should be called at the beginning of each
+ *  subtest.
+ *
+ * PARAMETERS:
+ *  "subTestName"
+ *      Address of string representing name of subTest.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+subTest(char *subTestName)
+{
+    (void)printf("TESTING: %s ...\n", subTestName);
+}
+
+/*
+ * FUNCTION: testErrorUndo
+ * DESCRIPTION:
+ *
+ *  Decrements the global variable "errCount" and prints a test failure
+ *  expected message followed by the string pointed to by "msg". This function
+ *  should be called when an expected error condition is encountered in the
+ *  tests. Calling this function *correct* the previous errCount increment.
+ *  It should only be called ONCE per subtest.
+ *
+ * PARAMETERS:
+ *  "msg"
+ *      Address of text of error message.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "errCount"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+testErrorUndo(char *msg)
+{
+    --errCount;
+    (void)printf("TEST FAILURE *** EXPECTED *** :%s\n", msg);
+}
+
+/*
+ * FUNCTION: testError
+ * DESCRIPTION:
+ *
+ *  Increments the global variable "errCount" and prints a standard test
+ *  failure message followed by the string pointed to by "msg". This function
+ *  should be called when an unexpected error condition is encountered in the
+ *  tests. It should only be called ONCE per subtest.
+ *
+ * PARAMETERS:
+ *  "msg"
+ *      Address of text of error message.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "errCount"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+testError(char *msg)
+{
+    ++errCount;
+    (void)printf("TEST FAILURE: %s\n", msg);
+}
+
+/*
+ * FUNCTION: PKIX_String2ASCII
+ * DESCRIPTION:
+ *
+ *  Converts String object pointed to by "string" to its ASCII representation
+ *  and returns the converted value. Returns NULL upon failure.
+ *
+ *  XXX Might want to use ESCASCII_DEBUG to show control characters, etc.
+ *
+ * PARAMETERS:
+ *  "string"
+ *      Address of String to be converted to ASCII. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns the ASCII representation of "string" upon success;
+ *  NULL upon failure.
+ */
+char *
+PKIX_String2ASCII(PKIX_PL_String *string, void *plContext)
+{
+    PKIX_UInt32 length;
+    char *asciiString = NULL;
+    PKIX_Error *errorResult;
+
+    errorResult = PKIX_PL_String_GetEncoded(string,
+                                            PKIX_ESCASCII,
+                                            (void **)&asciiString,
+                                            &length,
+                                            plContext);
+
+    if (errorResult)
+        goto cleanup;
+
+cleanup:
+
+    if (errorResult) {
+        return (NULL);
+    }
+
+    return (asciiString);
+}
+
+/*
+ * FUNCTION: PKIX_Error2ASCII
+ * DESCRIPTION:
+ *
+ *  Converts Error pointed to by "error" to its ASCII representation and
+ *  returns the converted value. Returns NULL upon failure.
+ *
+ * PARAMETERS:
+ *  "error"
+ *      Address of Error to be converted to ASCII. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns the ASCII representation of "error" upon success;
+ *  NULL upon failure.
+ */
+char *
+PKIX_Error2ASCII(PKIX_Error *error, void *plContext)
+{
+    PKIX_UInt32 length;
+    char *asciiString = NULL;
+    PKIX_PL_String *pkixString = NULL;
+    PKIX_Error *errorResult = NULL;
+
+    errorResult = PKIX_PL_Object_ToString((PKIX_PL_Object *)error, &pkixString, plContext);
+    if (errorResult)
+        goto cleanup;
+
+    errorResult = PKIX_PL_String_GetEncoded(pkixString,
+                                            PKIX_ESCASCII,
+                                            (void **)&asciiString,
+                                            &length,
+                                            plContext);
+
+cleanup:
+
+    if (pkixString) {
+        if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, plContext)) {
+            return (NULL);
+        }
+    }
+
+    if (errorResult) {
+        return (NULL);
+    }
+
+    return (asciiString);
+}
+
+/*
+ * FUNCTION: PKIX_Object2ASCII
+ * DESCRIPTION:
+ *
+ *  Converts Object pointed to by "object" to its ASCII representation and
+ *  returns the converted value. Returns NULL upon failure.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object to be converted to ASCII. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns the ASCII representation of "object" upon success;
+ *  NULL upon failure.
+ */
+char *
+PKIX_Object2ASCII(PKIX_PL_Object *object)
+{
+    PKIX_UInt32 length;
+    char *asciiString = NULL;
+    PKIX_PL_String *pkixString = NULL;
+    PKIX_Error *errorResult = NULL;
+
+    errorResult = PKIX_PL_Object_ToString(object, &pkixString, NULL);
+    if (errorResult)
+        goto cleanup;
+
+    errorResult = PKIX_PL_String_GetEncoded(pkixString, PKIX_ESCASCII, (void **)&asciiString, &length, NULL);
+
+cleanup:
+
+    if (pkixString) {
+        if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixString, NULL)) {
+            return (NULL);
+        }
+    }
+
+    if (errorResult) {
+        return (NULL);
+    }
+
+    return (asciiString);
+}
+
+/*
+ * FUNCTION: PKIX_Cert2ASCII
+ * DESCRIPTION:
+ *
+ *  Converts Cert pointed to by "cert" to its partial ASCII representation and
+ *  returns the converted value. Returns NULL upon failure.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert to be converted to ASCII. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns the partial ASCII representation of "cert" upon success;
+ *  NULL upon failure.
+ */
+char *
+PKIX_Cert2ASCII(PKIX_PL_Cert *cert)
+{
+    PKIX_PL_X500Name *issuer = NULL;
+    void *issuerAscii = NULL;
+    PKIX_PL_X500Name *subject = NULL;
+    void *subjectAscii = NULL;
+    void *asciiString = NULL;
+    PKIX_Error *errorResult = NULL;
+    PKIX_UInt32 numChars;
+
+    /* Issuer */
+    errorResult = PKIX_PL_Cert_GetIssuer(cert, &issuer, NULL);
+    if (errorResult)
+        goto cleanup;
+
+    issuerAscii = PKIX_Object2ASCII((PKIX_PL_Object *)issuer);
+
+    /* Subject */
+    errorResult = PKIX_PL_Cert_GetSubject(cert, &subject, NULL);
+    if (errorResult)
+        goto cleanup;
+
+    if (subject) {
+        subjectAscii = PKIX_Object2ASCII((PKIX_PL_Object *)subject);
+    }
+
+    errorResult = PKIX_PL_Malloc(200, &asciiString, NULL);
+    if (errorResult)
+        goto cleanup;
+
+    numChars =
+        PR_snprintf(asciiString,
+                    200,
+                    "Issuer=%s\nSubject=%s\n",
+                    issuerAscii,
+                    subjectAscii);
+
+    if (!numChars)
+        goto cleanup;
+
+cleanup:
+
+    if (issuer) {
+        if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)issuer, NULL)) {
+            return (NULL);
+        }
+    }
+
+    if (subject) {
+        if (PKIX_PL_Object_DecRef((PKIX_PL_Object *)subject, NULL)) {
+            return (NULL);
+        }
+    }
+
+    if (PKIX_PL_Free((PKIX_PL_Object *)issuerAscii, NULL)) {
+        return (NULL);
+    }
+
+    if (PKIX_PL_Free((PKIX_PL_Object *)subjectAscii, NULL)) {
+        return (NULL);
+    }
+
+    if (errorResult) {
+        return (NULL);
+    }
+
+    return (asciiString);
+}
+
+/*
+ * FUNCTION: testHashcodeHelper
+ * DESCRIPTION:
+ *
+ *  Computes the hashcode of the Object pointed to by "goodObject" and the
+ *  Object pointed to by "otherObject" and compares them. If the result of the
+ *  comparison is not the desired match as specified by "match", an error
+ *  message is generated.
+ *
+ * PARAMETERS:
+ *  "goodObject"
+ *      Address of an object. Must be non-NULL.
+ *  "otherObject"
+ *      Address of another object. Must be non-NULL.
+ *  "match"
+ *      Boolean value representing the desired comparison result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+testHashcodeHelper(
+    PKIX_PL_Object *goodObject,
+    PKIX_PL_Object *otherObject,
+    PKIX_Boolean match,
+    void *plContext)
+{
+
+    PKIX_UInt32 goodHash;
+    PKIX_UInt32 otherHash;
+    PKIX_Boolean cmpResult;
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)goodObject, &goodHash, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Hashcode((PKIX_PL_Object *)otherObject, &otherHash, plContext));
+
+    cmpResult = (goodHash == otherHash);
+
+    if ((match && !cmpResult) || (!match && cmpResult)) {
+        testError("unexpected mismatch");
+        (void)printf("Hash1:\t%d\n", goodHash);
+        (void)printf("Hash2:\t%d\n", otherHash);
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * FUNCTION: testToStringHelper
+ * DESCRIPTION:
+ *
+ *  Calls toString on the Object pointed to by "goodObject" and compares the
+ *  result to the string pointed to by "expected". If the results are not
+ *  equal, an error message is generated.
+ *
+ * PARAMETERS:
+ *  "goodObject"
+ *      Address of Object. Must be non-NULL.
+ *  "expected"
+ *      Address of the desired string.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+testToStringHelper(
+    PKIX_PL_Object *goodObject,
+    char *expected,
+    void *plContext)
+{
+    PKIX_PL_String *stringRep = NULL;
+    char *actual = NULL;
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_ToString(goodObject, &stringRep, plContext));
+
+    actual = PKIX_String2ASCII(stringRep, plContext);
+    if (actual == NULL) {
+        pkixTestErrorMsg = "PKIX_String2ASCII Failed";
+        goto cleanup;
+    }
+
+    /*
+         * If you are having trouble matching the string, uncomment the
+         * PL_strstr function to figure out what's going on.
+         */
+
+    /*
+            if (PL_strstr(actual, expected) == NULL){
+                testError("PL_strstr failed");
+            }
+        */
+
+    if (PL_strcmp(actual, expected) != 0) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%s\n", actual);
+        (void)printf("Expected value:\t%s\n", expected);
+    }
+
+cleanup:
+
+    PKIX_PL_Free(actual, plContext);
+
+    PKIX_TEST_DECREF_AC(stringRep);
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * FUNCTION: testEqualsHelper
+ * DESCRIPTION:
+ *
+ *  Checks if the Object pointed to by "goodObject" is Equal to the Object
+ *  pointed to by "otherObject". If the result of the check is not the desired
+ *  match as specified by "match", an error message is generated.
+ *
+ * PARAMETERS:
+ *  "goodObject"
+ *      Address of an Object. Must be non-NULL.
+ *  "otherObject"
+ *      Address of another Object. Must be non-NULL.
+ *  "match"
+ *      Boolean value representing the desired comparison result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+testEqualsHelper(
+    PKIX_PL_Object *goodObject,
+    PKIX_PL_Object *otherObject,
+    PKIX_Boolean match,
+    void *plContext)
+{
+
+    PKIX_Boolean cmpResult;
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(goodObject, otherObject, &cmpResult, plContext));
+
+    if ((match && !cmpResult) || (!match && cmpResult)) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", cmpResult);
+        (void)printf("Expected value:\t%d\n", match);
+    }
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+}
+
+/*
+ * FUNCTION: testDuplicateHelper
+ * DESCRIPTION:
+ *  Checks if the Object pointed to by "object" is equal to its duplicate.
+ *  If the result of the check is not equality, an error message is generated.
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns nothing.
+ */
+void
+testDuplicateHelper(PKIX_PL_Object *object, void *plContext)
+{
+    PKIX_PL_Object *newObject = NULL;
+    PKIX_Boolean cmpResult;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Duplicate(object, &newObject, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_Equals(object, newObject, &cmpResult, plContext));
+
+    if (!cmpResult) {
+        testError("unexpected mismatch");
+        (void)printf("Actual value:\t%d\n", cmpResult);
+        (void)printf("Expected value:\t%d\n", PKIX_TRUE);
+    }
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(newObject);
+
+    PKIX_TEST_RETURN();
+}
diff --git a/nss/cmd/libpkix/testutil/testutil.h b/nss/cmd/libpkix/testutil/testutil.h
new file mode 100644
index 0000000..9c594fa
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/testutil.h
@@ -0,0 +1,292 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil.h
+ *
+ * Utility functions for handling test errors
+ *
+ */
+
+#ifndef _TESTUTIL_H
+#define _TESTUTIL_H
+
+#include "pkix.h"
+#include "plstr.h"
+#include "prprf.h"
+#include "prlong.h"
+#include "pkix_pl_common.h"
+#include "secutil.h"
+#include <stdio.h>
+#include <ctype.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * In order to have a consistent format for displaying test information,
+ * all tests are REQUIRED to use the functions provided by this library
+ * (libtestutil.a) for displaying their information.
+ *
+ * A test using this library begins with a call to startTests with the test
+ * name as the arg (which is used only for formatting). Before the first
+ * subtest, a call to subTest should be made with the subtest name as the arg
+ * (again, for formatting). If the subTest is successful, then no action
+ * is needed. However, if the subTest is not successful, then a call
+ * to testError should be made with a descriptive error message as the arg.
+ * Note that a subTest MUST NOT call testError more than once.
+ * Finally, a call to endTests is made with the test name as the arg (for
+ * formatting). Note that most of these macros assume that a variable named
+ * "plContext" of type (void *) has been defined by the test. As such, it
+ * is essential that the test satisfy this condition.
+ */
+
+/*
+ * PKIX_TEST_STD_VARS should be called at the beginning of every function
+ * that uses PKIX_TEST_RETURN (e.g. subTests), but it should be called only
+ * AFTER declaring local variables (so we don't get compiler warnings about
+ * declarations after statements). PKIX_TEST_STD_VARS declares and initializes
+ * several variables needed by the other test macros.
+ */
+#define PKIX_TEST_STD_VARS()                \
+    PKIX_Error *pkixTestErrorResult = NULL; \
+    char *pkixTestErrorMsg = NULL;
+
+/*
+ * PKIX_TEST_EXPECT_NO_ERROR should be used to wrap a standard PKIX function
+ * call (one which returns a pointer to PKIX_Error) that is expected to return
+ * NULL (i.e. to succeed). If "pkixTestErrorResult" is not NULL,
+ * "goto cleanup" is executed, where a testError call is made if there were
+ * unexpected results. This macro MUST NOT be called after the "cleanup" label.
+ *
+ * Example Usage: PKIX_TEST_EXPECT_NO_ERROR(pkixFunc_expected_to_succeed(...));
+ */
+
+#define PKIX_TEST_EXPECT_NO_ERROR(func) \
+    do {                                \
+        pkixTestErrorResult = (func);   \
+        if (pkixTestErrorResult) {      \
+            goto cleanup;               \
+        }                               \
+    } while (0)
+
+/*
+ * PKIX_TEST_EXPECT_ERROR should be used to wrap a standard PKIX function call
+ * (one which returns a pointer to PKIX_Error) that is expected to return
+ * a non-NULL value (i.e. to fail). If "pkixTestErrorResult" is NULL,
+ * "pkixTestErrorMsg" is set to a standard string and "goto cleanup"
+ * is executed, where a testError call is made if there were unexpected
+ * results. This macro MUST NOT be called after the "cleanup" label.
+ *
+ * Example Usage:  PKIX_TEST_EXPECT_ERROR(pkixFunc_expected_to_fail(...));
+ */
+
+#define PKIX_TEST_EXPECT_ERROR(func)                 \
+    do {                                             \
+        pkixTestErrorResult = (func);                \
+        if (!pkixTestErrorResult) {                  \
+            pkixTestErrorMsg =                       \
+                "Should have thrown an error here."; \
+            goto cleanup;                            \
+        }                                            \
+        PKIX_TEST_DECREF_BC(pkixTestErrorResult);    \
+    } while (0)
+
+/*
+ * PKIX_TEST_DECREF_BC is a convenience macro which should only be called
+ * BEFORE the "cleanup" label ("BC"). If the input parameter is non-NULL, it
+ * DecRefs the input parameter and wraps the function with
+ * PKIX_TEST_EXPECT_NO_ERROR, which executes "goto cleanup" upon error.
+ * This macro MUST NOT be called after the "cleanup" label.
+ */
+
+#define PKIX_TEST_DECREF_BC(obj)                                                                  \
+    do {                                                                                          \
+        if (obj) {                                                                                \
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext)); \
+            obj = NULL;                                                                           \
+        }                                                                                         \
+    } while (0)
+
+/*
+ * PKIX_TEST_DECREF_AC is a convenience macro which should only be called
+ * AFTER the "cleanup" label ("AC"). If the input parameter is non-NULL, it
+ * DecRefs the input parameter. A pkixTestTempResult variable is used to prevent
+ * incorrectly overwriting pkixTestErrorResult with NULL.
+ * In the case DecRef succeeds, pkixTestTempResult will be NULL, and we won't
+ * overwrite a previously set pkixTestErrorResult (if any). If DecRef fails,
+ * then we do want to overwrite a previously set pkixTestErrorResult since a
+ * DecRef failure is fatal and may be indicative of memory corruption.
+ */
+
+#define PKIX_TEST_DECREF_AC(obj)                                           \
+    do {                                                                   \
+        if (obj) {                                                         \
+            PKIX_Error *pkixTestTempResult = NULL;                         \
+            pkixTestTempResult =                                           \
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)(obj), plContext); \
+            if (pkixTestTempResult)                                        \
+                pkixTestErrorResult = pkixTestTempResult;                  \
+            obj = NULL;                                                    \
+        }                                                                  \
+    } while (0)
+
+/*
+ * PKIX_TEST_RETURN must always be AFTER the "cleanup" label. It does nothing
+ * if everything went as expected. However, if there were unexpected results,
+ * PKIX_TEST_RETURN calls testError, which displays a standard failure message
+ * and increments the number of subtests that have failed. In the case
+ * of an unexpected error, testError is called using the error's description
+ * as an input and the error is DecRef'd. In the case of unexpected success
+ * testError is called with a standard string.
+ */
+#define PKIX_TEST_RETURN()                                                   \
+    {                                                                        \
+        if (pkixTestErrorMsg) {                                              \
+            testError(pkixTestErrorMsg);                                     \
+        } else if (pkixTestErrorResult) {                                    \
+            pkixTestErrorMsg =                                               \
+                PKIX_Error2ASCII(pkixTestErrorResult, plContext);            \
+            if (pkixTestErrorMsg) {                                          \
+                testError(pkixTestErrorMsg);                                 \
+                PKIX_PL_Free((PKIX_PL_Object *)pkixTestErrorMsg,             \
+                             plContext);                                     \
+            } else {                                                         \
+                testError("PKIX_Error2ASCII Failed");                        \
+            }                                                                \
+            if (pkixTestErrorResult != PKIX_ALLOC_ERROR()) {                 \
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)pkixTestErrorResult, \
+                                      plContext);                            \
+                pkixTestErrorResult = NULL;                                  \
+            }                                                                \
+        }                                                                    \
+    }
+
+/*
+ * PKIX_TEST_EQ_HASH_TOSTR_DUP is a convenience macro which executes the
+ * standard set of operations that test the Equals, Hashcode, ToString, and
+ * Duplicate functions of an object type. The goodObj, equalObj, and diffObj
+ * are as the names suggest. The expAscii parameter is the expected result of
+ * calling ToString on the goodObj. If expAscii is NULL, then ToString will
+ * not be called on the goodObj. The checkDuplicate parameter is treated as
+ * a Boolean to indicate whether the Duplicate function should be tested. If
+ * checkDuplicate is NULL, then Duplicate will not be called on the goodObj.
+ * The type is the name of the function's family. For example, if the type is
+ * Cert, this macro will call PKIX_PL_Cert_Equals, PKIX_PL_Cert_Hashcode, and
+ * PKIX_PL_Cert_ToString.
+ *
+ * Note: If goodObj uses the default Equals and Hashcode functions, then
+ * for goodObj and equalObj to be equal, they must have the same pointer value.
+ */
+#define PKIX_TEST_EQ_HASH_TOSTR_DUP(goodObj, equalObj, diffObj,        \
+                                    expAscii, type, checkDuplicate)    \
+    do {                                                               \
+        subTest("PKIX_PL_" #type "_Equals   <match>");                 \
+        testEqualsHelper((PKIX_PL_Object *)(goodObj),                  \
+                         (PKIX_PL_Object *)(equalObj),                 \
+                         PKIX_TRUE,                                    \
+                         plContext);                                   \
+        subTest("PKIX_PL_" #type "_Hashcode <match>");                 \
+        testHashcodeHelper((PKIX_PL_Object *)(goodObj),                \
+                           (PKIX_PL_Object *)(equalObj),               \
+                           PKIX_TRUE,                                  \
+                           plContext);                                 \
+        subTest("PKIX_PL_" #type "_Equals   <non-match>");             \
+        testEqualsHelper((PKIX_PL_Object *)(goodObj),                  \
+                         (PKIX_PL_Object *)(diffObj),                  \
+                         PKIX_FALSE,                                   \
+                         plContext);                                   \
+        subTest("PKIX_PL_" #type "_Hashcode <non-match>");             \
+        testHashcodeHelper((PKIX_PL_Object *)(goodObj),                \
+                           (PKIX_PL_Object *)(diffObj),                \
+                           PKIX_FALSE,                                 \
+                           plContext);                                 \
+        if (expAscii) {                                                \
+            subTest("PKIX_PL_" #type "_ToString");                     \
+            testToStringHelper((PKIX_PL_Object *)(goodObj),            \
+                               (expAscii),                             \
+                               plContext);                             \
+        }                                                              \
+        if (checkDuplicate) {                                          \
+            subTest("PKIX_PL_" #type "_Duplicate");                    \
+            testDuplicateHelper((PKIX_PL_Object *)goodObj, plContext); \
+        }                                                              \
+    } while (0)
+
+/*
+ * PKIX_TEST_DECREF_BC is a convenience macro which should only be called
+ * BEFORE the "cleanup" label ("BC"). If the input parameter is non-NULL, it
+ * DecRefs the input parameter and wraps the function with
+ * PKIX_TEST_EXPECT_NO_ERROR, which executes "goto cleanup" upon error.
+ * This macro MUST NOT be called after the "cleanup" label.
+ */
+
+#define PKIX_TEST_ABORT_ON_NULL(obj) \
+    do {                             \
+        if (!obj) {                  \
+            goto cleanup;            \
+        }                            \
+    } while (0)
+
+#define PKIX_TEST_ARENAS_ARG(arena) \
+    (arena ? (PORT_Strcmp(arena, "arenas") ? PKIX_FALSE : (j++, PKIX_TRUE)) : PKIX_FALSE)
+
+#define PKIX_TEST_ERROR_RECEIVED (pkixTestErrorMsg || pkixTestErrorResult)
+
+/* see source file for function documentation */
+
+void startTests(char *testName);
+
+void endTests(char *testName);
+
+void subTest(char *subTestName);
+
+void testError(char *msg);
+
+extern PKIX_Error *
+_ErrorCheck(PKIX_Error *errorResult);
+
+extern PKIX_Error *
+_OutputError(PKIX_Error *errorResult);
+
+char *PKIX_String2ASCII(PKIX_PL_String *string, void *plContext);
+
+char *PKIX_Error2ASCII(PKIX_Error *error, void *plContext);
+
+char *PKIX_Object2ASCII(PKIX_PL_Object *object);
+
+char *PKIX_Cert2ASCII(PKIX_PL_Cert *cert);
+
+void
+testHashcodeHelper(
+    PKIX_PL_Object *goodObject,
+    PKIX_PL_Object *otherObject,
+    PKIX_Boolean match,
+    void *plContext);
+
+void
+testToStringHelper(
+    PKIX_PL_Object *goodObject,
+    char *expected,
+    void *plContext);
+
+void
+testEqualsHelper(
+    PKIX_PL_Object *goodObject,
+    PKIX_PL_Object *otherObject,
+    PKIX_Boolean match,
+    void *plContext);
+
+void
+testDuplicateHelper(
+    PKIX_PL_Object *object,
+    void *plContext);
+void
+testErrorUndo(char *msg);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TESTUTIL_H */
diff --git a/nss/cmd/libpkix/testutil/testutil_nss.c b/nss/cmd/libpkix/testutil/testutil_nss.c
new file mode 100644
index 0000000..3417d0a
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/testutil_nss.c
@@ -0,0 +1,579 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil_nss.c
+ *
+ * NSS-specific utility functions for handling test errors
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stddef.h>
+
+#include "pkix_pl_generalname.h"
+#include "pkix_pl_cert.h"
+#include "pkix.h"
+#include "testutil.h"
+#include "prlong.h"
+#include "plstr.h"
+#include "prthread.h"
+#include "secutil.h"
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "secitem.h"
+#include "keythi.h"
+#include "nss.h"
+
+static char *
+catDirName(char *dir, char *name, void *plContext)
+{
+    char *pathName = NULL;
+    PKIX_UInt32 nameLen;
+    PKIX_UInt32 dirLen;
+
+    PKIX_TEST_STD_VARS();
+
+    nameLen = PL_strlen(name);
+    dirLen = PL_strlen(dir);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Malloc(dirLen + nameLen + 2,
+                                             (void **)&pathName,
+                                             plContext));
+
+    PL_strcpy(pathName, dir);
+    PL_strcat(pathName, "/");
+    PL_strcat(pathName, name);
+    printf("pathName = %s\n", pathName);
+
+cleanup:
+
+    PKIX_TEST_RETURN();
+
+    return (pathName);
+}
+
+PKIX_PL_Cert *
+createCert(
+    char *dirName,
+    char *certFileName,
+    void *plContext)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    void *buf = NULL;
+    PRFileDesc *certFile = NULL;
+    PKIX_UInt32 len;
+    SECItem certDER;
+    SECStatus rv;
+    /* default: NULL cert (failure case) */
+    PKIX_PL_Cert *cert = NULL;
+    char *pathName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    certDER.data = NULL;
+
+    pathName = catDirName(dirName, certFileName, plContext);
+    certFile = PR_Open(pathName, PR_RDONLY, 0);
+
+    if (!certFile) {
+        pkixTestErrorMsg = "Unable to open cert file";
+        goto cleanup;
+    } else {
+        rv = SECU_ReadDERFromFile(&certDER, certFile, PR_FALSE, PR_FALSE);
+        if (!rv) {
+            buf = (void *)certDER.data;
+            len = certDER.len;
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext));
+
+            PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_Create(byteArray, &cert, plContext));
+
+            SECITEM_FreeItem(&certDER, PR_FALSE);
+        } else {
+            pkixTestErrorMsg = "Unable to read DER from cert file";
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    pkixTestErrorResult = PKIX_PL_Free(pathName, plContext);
+
+    if (certFile) {
+        PR_Close(certFile);
+    }
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        SECITEM_FreeItem(&certDER, PR_FALSE);
+    }
+
+    PKIX_TEST_DECREF_AC(byteArray);
+
+    PKIX_TEST_RETURN();
+
+    return (cert);
+}
+
+PKIX_PL_CRL *
+createCRL(
+    char *dirName,
+    char *crlFileName,
+    void *plContext)
+{
+    PKIX_PL_ByteArray *byteArray = NULL;
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_Error *error = NULL;
+    PRFileDesc *inFile = NULL;
+    SECItem crlDER;
+    void *buf = NULL;
+    PKIX_UInt32 len;
+    SECStatus rv;
+    char *pathName = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    crlDER.data = NULL;
+
+    pathName = catDirName(dirName, crlFileName, plContext);
+    inFile = PR_Open(pathName, PR_RDONLY, 0);
+
+    if (!inFile) {
+        pkixTestErrorMsg = "Unable to open crl file";
+        goto cleanup;
+    } else {
+        rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE, PR_FALSE);
+        if (!rv) {
+            buf = (void *)crlDER.data;
+            len = crlDER.len;
+
+            error = PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext);
+
+            if (error) {
+                pkixTestErrorMsg =
+                    "PKIX_PL_ByteArray_Create failed";
+                goto cleanup;
+            }
+
+            error = PKIX_PL_CRL_Create(byteArray, &crl, plContext);
+            if (error) {
+                pkixTestErrorMsg = "PKIX_PL_Crl_Create failed";
+                goto cleanup;
+            }
+
+            SECITEM_FreeItem(&crlDER, PR_FALSE);
+        } else {
+            pkixTestErrorMsg = "Unable to read DER from crl file";
+            goto cleanup;
+        }
+    }
+
+cleanup:
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Free(pathName, plContext));
+
+    if (inFile) {
+        PR_Close(inFile);
+    }
+
+    if (error) {
+        SECITEM_FreeItem(&crlDER, PR_FALSE);
+    }
+
+    PKIX_TEST_DECREF_AC(byteArray);
+
+    PKIX_TEST_RETURN();
+
+    return (crl);
+}
+
+PKIX_TrustAnchor *
+createTrustAnchor(
+    char *dirName,
+    char *certFileName,
+    PKIX_Boolean useCert,
+    void *plContext)
+{
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_X500Name *name = NULL;
+    PKIX_PL_PublicKey *pubKey = NULL;
+    PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    cert = createCert(dirName, certFileName, plContext);
+
+    if (useCert) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithCert(cert, &anchor, plContext));
+    } else {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubject(cert, &name, plContext));
+
+        if (name == NULL) {
+            goto cleanup;
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetNameConstraints(cert, &nameConstraints, NULL));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_TrustAnchor_CreateWithNameKeyPair(name, pubKey, nameConstraints, &anchor, plContext));
+    }
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        PKIX_TEST_DECREF_AC(anchor);
+    }
+
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(name);
+    PKIX_TEST_DECREF_AC(pubKey);
+    PKIX_TEST_DECREF_AC(nameConstraints);
+
+    PKIX_TEST_RETURN();
+
+    return (anchor);
+}
+
+PKIX_List *
+createCertChain(
+    char *dirName,
+    char *firstCertFileName,
+    char *secondCertFileName,
+    void *plContext)
+{
+    PKIX_PL_Cert *firstCert = NULL;
+    PKIX_PL_Cert *secondCert = NULL;
+    PKIX_List *certList = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
+
+    firstCert = createCert(dirName, firstCertFileName, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)firstCert, plContext));
+
+    if (secondCertFileName) {
+        secondCert = createCert(dirName, secondCertFileName, plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList, (PKIX_PL_Object *)secondCert, plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        PKIX_TEST_DECREF_AC(certList);
+    }
+
+    PKIX_TEST_DECREF_AC(firstCert);
+    PKIX_TEST_DECREF_AC(secondCert);
+
+    PKIX_TEST_RETURN();
+
+    return (certList);
+}
+
+PKIX_List *
+createCertChainPlus(
+    char *dirName,
+    char *certNames[],
+    PKIX_PL_Cert *certs[],
+    PKIX_UInt32 numCerts,
+    void *plContext)
+{
+    PKIX_List *certList = NULL;
+    PKIX_UInt32 i;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&certList, plContext));
+
+    for (i = 0; i < numCerts; i++) {
+
+        certs[i] = createCert(dirName, certNames[i], plContext);
+
+        /* Create Cert may fail */
+        if (certs[i] == NULL) {
+            PKIX_TEST_DECREF_BC(certList);
+            goto cleanup;
+        }
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(certList,
+                                                       (PKIX_PL_Object *)certs[i],
+                                                       plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_SetImmutable(certList, plContext));
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        PKIX_TEST_DECREF_AC(certList);
+    }
+
+    for (i = 0; i < numCerts; i++) {
+        PKIX_TEST_DECREF_AC(certs[i]);
+    }
+
+    PKIX_TEST_RETURN();
+
+    return (certList);
+}
+
+PKIX_PL_Date *
+createDate(
+    char *asciiDate,
+    void *plContext)
+{
+    PKIX_PL_Date *date = NULL;
+    PKIX_PL_String *plString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiDate, 0, &plString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(plString, &date, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(plString);
+
+    PKIX_TEST_RETURN();
+
+    return (date);
+}
+
+PKIX_ProcessingParams *
+createProcessingParams(
+    char *dirName,
+    char *firstAnchorFileName,
+    char *secondAnchorFileName,
+    char *dateAscii,
+    PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+    PKIX_Boolean isCrlEnabled,
+    void *plContext)
+{
+
+    PKIX_TrustAnchor *firstAnchor = NULL;
+    PKIX_TrustAnchor *secondAnchor = NULL;
+    PKIX_List *anchorsList = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_PL_String *dateString = NULL;
+    PKIX_PL_Date *testDate = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_Create(&anchorsList, plContext));
+
+    firstAnchor = createTrustAnchor(dirName, firstAnchorFileName, PKIX_FALSE, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
+                                                   (PKIX_PL_Object *)firstAnchor,
+                                                   plContext));
+
+    if (secondAnchorFileName) {
+        secondAnchor =
+            createTrustAnchor(dirName, secondAnchorFileName, PKIX_FALSE, plContext);
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_List_AppendItem(anchorsList,
+                                                       (PKIX_PL_Object *)secondAnchor,
+                                                       plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_Create(anchorsList, &procParams, plContext));
+
+    if (dateAscii) {
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                        dateAscii,
+                                                        0,
+                                                        &dateString,
+                                                        plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Date_Create_UTCTime(dateString, &testDate, plContext));
+
+        PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetDate(procParams, testDate, plContext));
+    }
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled(procParams, isCrlEnabled, plContext));
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        PKIX_TEST_DECREF_AC(procParams);
+    }
+
+    PKIX_TEST_DECREF_AC(dateString);
+    PKIX_TEST_DECREF_AC(testDate);
+    PKIX_TEST_DECREF_AC(anchorsList);
+    PKIX_TEST_DECREF_AC(firstAnchor);
+    PKIX_TEST_DECREF_AC(secondAnchor);
+
+    PKIX_TEST_RETURN();
+
+    return (procParams);
+}
+
+PKIX_ValidateParams *
+createValidateParams(
+    char *dirName,
+    char *firstAnchorFileName,
+    char *secondAnchorFileName,
+    char *dateAscii,
+    PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+    PKIX_Boolean initialPolicyMappingInhibit,
+    PKIX_Boolean initialAnyPolicyInhibit,
+    PKIX_Boolean initialExplicitPolicy,
+    PKIX_Boolean isCrlEnabled,
+    PKIX_List *chain,
+    void *plContext)
+{
+
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_ValidateParams *valParams = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    procParams =
+        createProcessingParams(dirName,
+                               firstAnchorFileName,
+                               secondAnchorFileName,
+                               dateAscii,
+                               NULL,
+                               isCrlEnabled,
+                               plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetInitialPolicies(procParams, initialPolicies, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, initialPolicyMappingInhibit, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, initialAnyPolicyInhibit, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, initialExplicitPolicy, NULL));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_Create(procParams, chain, &valParams, plContext));
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        PKIX_TEST_DECREF_AC(valParams);
+    }
+
+    PKIX_TEST_DECREF_AC(procParams);
+
+    PKIX_TEST_RETURN();
+
+    return (valParams);
+}
+
+PKIX_ValidateResult *
+createValidateResult(
+    char *dirName,
+    char *anchorFileName,
+    char *pubKeyCertFileName,
+    void *plContext)
+{
+
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_PL_Cert *cert = NULL;
+    PKIX_PL_PublicKey *pubKey = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    anchor = createTrustAnchor(dirName, anchorFileName, PKIX_FALSE, plContext);
+    cert = createCert(dirName, pubKeyCertFileName, plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_Cert_GetSubjectPublicKey(cert, &pubKey, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_ValidateResult_Create(pubKey, anchor, NULL, &valResult, plContext));
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        PKIX_TEST_DECREF_AC(valResult);
+    }
+
+    PKIX_TEST_DECREF_AC(anchor);
+    PKIX_TEST_DECREF_AC(cert);
+    PKIX_TEST_DECREF_AC(pubKey);
+
+    PKIX_TEST_RETURN();
+
+    return (valResult);
+}
+
+PKIX_PL_GeneralName *
+createGeneralName(
+    PKIX_UInt32 nameType,
+    char *asciiName,
+    void *plContext)
+{
+
+    PKIX_PL_GeneralName *generalName = NULL;
+    PKIX_PL_String *plString = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_String_Create(PKIX_ESCASCII, asciiName, 0, &plString, plContext));
+
+    PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_GeneralName_Create(nameType, plString, &generalName, plContext));
+
+cleanup:
+
+    PKIX_TEST_DECREF_AC(plString);
+
+    PKIX_TEST_RETURN();
+
+    return (generalName);
+}
+
+PKIX_BuildResult *
+createBuildResult(
+    char *dirName,
+    char *anchorFileName,
+    char *pubKeyCertFileName,
+    char *firstChainCertFileName,
+    char *secondChainCertFileName,
+    void *plContext)
+{
+    PKIX_BuildResult *buildResult = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_List *certChain = NULL;
+
+    PKIX_TEST_STD_VARS();
+
+    valResult = createValidateResult(dirName, anchorFileName, pubKeyCertFileName, plContext);
+    certChain = createCertChain(dirName,
+                                firstChainCertFileName,
+                                secondChainCertFileName,
+                                plContext);
+
+    PKIX_TEST_EXPECT_NO_ERROR(pkix_BuildResult_Create(valResult, certChain, &buildResult, plContext));
+
+cleanup:
+
+    if (PKIX_TEST_ERROR_RECEIVED) {
+        PKIX_TEST_DECREF_AC(buildResult);
+    }
+
+    PKIX_TEST_DECREF_AC(valResult);
+    PKIX_TEST_DECREF_AC(certChain);
+
+    PKIX_TEST_RETURN();
+
+    return (buildResult);
+}
diff --git a/nss/cmd/libpkix/testutil/testutil_nss.h b/nss/cmd/libpkix/testutil/testutil_nss.h
new file mode 100644
index 0000000..e1f24af
--- /dev/null
+++ b/nss/cmd/libpkix/testutil/testutil_nss.h
@@ -0,0 +1,119 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * testutil_nss.h
+ *
+ * NSS-specific utility functions for handling test errors
+ *
+ */
+
+#ifndef _TESTUTIL_NSS_H
+#define _TESTUTIL_NSS_H
+
+#include "pkix_tools.h"
+#include "plstr.h"
+#include "prprf.h"
+#include "prlong.h"
+#include "secutil.h"
+#include <stdio.h>
+#include <ctype.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "pkix_pl_generalname.h"
+
+/* see source file for function documentation */
+
+PKIX_PL_Cert *
+createCert(
+    char *dirName,
+    char *certFile,
+    void *plContext);
+
+PKIX_PL_CRL *
+createCRL(
+    char *dirName,
+    char *crlFileName,
+    void *plContext);
+
+PKIX_TrustAnchor *
+createTrustAnchor(
+    char *dirName,
+    char *taFileName,
+    PKIX_Boolean useCert,
+    void *plContext);
+
+PKIX_List *
+createCertChain(
+    char *dirName,
+    char *firstCertFileName,
+    char *secondCertFileName,
+    void *plContext);
+
+PKIX_List *
+createCertChainPlus(
+    char *dirName,
+    char *certNames[],
+    PKIX_PL_Cert *certs[],
+    PKIX_UInt32 numCerts,
+    void *plContext);
+
+PKIX_PL_Date *
+createDate(
+    char *asciiDate,
+    void *plContext);
+
+PKIX_ProcessingParams *
+createProcessingParams(
+    char *dirName,
+    char *firstAnchorFileName,
+    char *secondAnchorFileName,
+    char *dateAscii,
+    PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+    PKIX_Boolean isCrlEnabled,
+    void *plContext);
+
+PKIX_ValidateParams *
+createValidateParams(
+    char *dirName,
+    char *firstAnchorFileName,
+    char *secondAnchorFileName,
+    char *dateAscii,
+    PKIX_List *initialPolicies, /* List of PKIX_PL_OID */
+    PKIX_Boolean initialPolicyMappingInhibit,
+    PKIX_Boolean initialAnyPolicyInhibit,
+    PKIX_Boolean initialExplicitPolicy,
+    PKIX_Boolean isCrlEnabled,
+    PKIX_List *chain,
+    void *plContext);
+
+PKIX_ValidateResult *
+createValidateResult(
+    char *dirName,
+    char *anchorFileName,
+    char *pubKeyCertFileName,
+    void *plContext);
+
+PKIX_BuildResult *
+createBuildResult(
+    char *dirName,
+    char *anchorFileName,
+    char *pubKeyCertFileName,
+    char *firstChainCertFileName,
+    char *secondChainCertFileName,
+    void *plContext);
+
+PKIX_PL_GeneralName *
+createGeneralName(
+    PKIX_UInt32 nameType,
+    char *asciiName,
+    void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TESTUTIL_NSS_H */
diff --git a/nss/cmd/listsuites/Makefile b/nss/cmd/listsuites/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/listsuites/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/listsuites/listsuites.c b/nss/cmd/listsuites/listsuites.c
new file mode 100644
index 0000000..458130e
--- /dev/null
+++ b/nss/cmd/listsuites/listsuites.c
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This program demonstrates the use of SSL_GetCipherSuiteInfo to avoid
+ * all compiled-in knowledge of SSL cipher suites.
+ *
+ * Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include "secport.h"
+#include "ssl.h"
+
+int
+main(int argc, char **argv)
+{
+    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+    int i;
+    int errCount = 0;
+
+    fputs("This version of libSSL supports these cipher suites:\n\n", stdout);
+
+    /* disable all the SSL3 cipher suites */
+    for (i = 0; i < SSL_NumImplementedCiphers; i++) {
+        PRUint16 suite = cipherSuites[i];
+        SECStatus rv;
+        PRBool enabled;
+        PRErrorCode err;
+        SSLCipherSuiteInfo info;
+
+        rv = SSL_CipherPrefGetDefault(suite, &enabled);
+        if (rv != SECSuccess) {
+            err = PR_GetError();
+            ++errCount;
+            fprintf(stderr,
+                    "SSL_CipherPrefGetDefault didn't like value 0x%04x (i = %d): %s\n",
+                    suite, i, PORT_ErrorToString(err));
+            continue;
+        }
+        rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info));
+        if (rv != SECSuccess) {
+            err = PR_GetError();
+            ++errCount;
+            fprintf(stderr,
+                    "SSL_GetCipherSuiteInfo didn't like value 0x%04x (i = %d): %s\n",
+                    suite, i, PORT_ErrorToString(err));
+            continue;
+        }
+        fprintf(stdout,
+                "%s:\n" /* up to 37 spaces  */
+                "  0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s Domestic %-11s\n",
+                info.cipherSuiteName, info.cipherSuite,
+                info.keaTypeName, info.authAlgorithmName, info.symCipherName,
+                info.effectiveKeyBits, info.macAlgorithmName,
+                enabled ? "Enabled" : "Disabled",
+                info.isFIPS ? "FIPS" : "",
+                info.nonStandard ? "nonStandard" : "");
+    }
+    return errCount;
+}
diff --git a/nss/cmd/listsuites/listsuites.gyp b/nss/cmd/listsuites/listsuites.gyp
new file mode 100644
index 0000000..51f8d8f
--- /dev/null
+++ b/nss/cmd/listsuites/listsuites.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'listsuites',
+      'type': 'executable',
+      'sources': [
+        'listsuites.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/listsuites/manifest.mn b/nss/cmd/listsuites/manifest.mn
new file mode 100644
index 0000000..3e78dac
--- /dev/null
+++ b/nss/cmd/listsuites/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = listsuites.c  
+
+REQUIRES = seccmd 
+
+PROGRAM = listsuites
+
diff --git a/nss/cmd/lowhashtest/Makefile b/nss/cmd/lowhashtest/Makefile
new file mode 100644
index 0000000..cfac770
--- /dev/null
+++ b/nss/cmd/lowhashtest/Makefile
@@ -0,0 +1,65 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \
+#	-always-use-cache-dir $(CC)
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+EXTRA_LIBS += \
+	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+	$(NULL)
+
+
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-lfreebl3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/lowhashtest/lowhashtest.c b/nss/cmd/lowhashtest/lowhashtest.c
new file mode 100644
index 0000000..29d6ff4
--- /dev/null
+++ b/nss/cmd/lowhashtest/lowhashtest.c
@@ -0,0 +1,445 @@
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#include "nspr.h"
+
+/* nss headers */
+#include "prtypes.h"
+#include "plgetopt.h"
+#include "hasht.h"
+#include "nsslowhash.h"
+#include "secport.h"
+#include "hasht.h"
+#include "basicutil.h"
+
+static char *progName = NULL;
+
+static int
+test_long_message(NSSLOWInitContext *initCtx,
+                  HASH_HashType algoType, unsigned int hashLen,
+                  const PRUint8 expected[], PRUint8 results[])
+{
+    unsigned int len, i, rv = 0;
+    NSSLOWHASHContext *ctx;
+
+    /* The message is meant to be 'a' repeated 1,000,000 times.
+     * This is too much to allocate on the stack so we will use a 1,000 char
+     * buffer and call update 1,000 times.
+     */
+    unsigned char buf[1000];
+    (void)PORT_Memset(buf, 'a', sizeof(buf));
+
+    ctx = NSSLOWHASH_NewContext(initCtx, algoType);
+    if (ctx == NULL) {
+        SECU_PrintError(progName, "Couldn't get hash context\n");
+        return 1;
+    }
+
+    NSSLOWHASH_Begin(ctx);
+    for (i = 0; i < 1000; ++i) {
+        NSSLOWHASH_Update(ctx, buf, 1000);
+    }
+
+    NSSLOWHASH_End(ctx, results, &len, hashLen);
+    PR_ASSERT(len == hashLen);
+    PR_ASSERT(PORT_Memcmp(expected, results, hashLen) == 0);
+    if (PORT_Memcmp(expected, results, len) != 0) {
+        SECU_PrintError(progName, "Hash mismatch\n");
+        SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
+        SECU_PrintBuf(stdout, "Actual:   ", results, len);
+        rv = 1;
+    }
+
+    NSSLOWHASH_Destroy(ctx);
+    NSSLOW_Shutdown(initCtx);
+
+    return rv;
+}
+
+static int
+test_long_message_sha1(NSSLOWInitContext *initCtx)
+{
+    PRUint8 results[SHA1_LENGTH];
+    /* Test vector from FIPS 180-2: appendix B.3.  */
+
+    /* 34aa973c d4c4daa4 f61eeb2b dbad2731 6534016f. */
+    static const PRUint8 expected[SHA256_LENGTH] =
+        { 0x34, 0xaa, 0x97, 0x3c, 0xd4, 0xc4, 0xda, 0xa4, 0xf6, 0x1e, 0xeb, 0x2b,
+          0xdb, 0xad, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6f };
+    unsigned char buf[1000];
+    (void)PORT_Memset(buf, 'a', sizeof(buf));
+    return test_long_message(initCtx, HASH_AlgSHA1,
+                             SHA1_LENGTH, &expected[0], results);
+}
+
+static int
+test_long_message_sha256(NSSLOWInitContext *initCtx)
+{
+    PRUint8 results[SHA256_LENGTH];
+    /* cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0. */
+    static const PRUint8 expected[SHA256_LENGTH] =
+        { 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67,
+          0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e, 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0 };
+    unsigned char buf[1000];
+    (void)PORT_Memset(buf, 'a', sizeof(buf));
+    return test_long_message(initCtx, HASH_AlgSHA256,
+                             SHA256_LENGTH, &expected[0], results);
+}
+
+static int
+test_long_message_sha384(NSSLOWInitContext *initCtx)
+{
+    PRUint8 results[SHA384_LENGTH];
+    /* Test vector from FIPS 180-2: appendix B.3.  */
+    /*
+    9d0e1809716474cb
+    086e834e310a4a1c
+    ed149e9c00f24852
+    7972cec5704c2a5b
+    07b8b3dc38ecc4eb
+    ae97ddd87f3d8985.
+    */
+    static const PRUint8 expected[SHA384_LENGTH] =
+        { 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb,
+          0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c,
+          0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52,
+          0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b,
+          0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb,
+          0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85 };
+    unsigned char buf[1000];
+    (void)PORT_Memset(buf, 'a', sizeof(buf));
+
+    return test_long_message(initCtx, HASH_AlgSHA384,
+                             SHA384_LENGTH, &expected[0], results);
+}
+
+static int
+test_long_message_sha512(NSSLOWInitContext *initCtx)
+{
+    PRUint8 results[SHA512_LENGTH];
+    /* Test vector from FIPS 180-2: appendix B.3.  */
+    static const PRUint8 expected[SHA512_LENGTH] =
+        { 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64, 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63,
+          0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28, 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb,
+          0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a, 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
+          0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e, 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b };
+    unsigned char buf[1000];
+    (void)PORT_Memset(buf, 'a', sizeof(buf));
+
+    return test_long_message(initCtx, HASH_AlgSHA512,
+                             SHA512_LENGTH, &expected[0], results);
+}
+
+static int
+testMessageDigest(NSSLOWInitContext *initCtx,
+                  HASH_HashType algoType, unsigned int hashLen,
+                  const unsigned char *message,
+                  const PRUint8 expected[], PRUint8 results[])
+{
+    NSSLOWHASHContext *ctx;
+    unsigned int len;
+    int rv = 0;
+
+    ctx = NSSLOWHASH_NewContext(initCtx, algoType);
+    if (ctx == NULL) {
+        SECU_PrintError(progName, "Couldn't get hash context\n");
+        return 1;
+    }
+
+    NSSLOWHASH_Begin(ctx);
+    NSSLOWHASH_Update(ctx, message, PORT_Strlen((const char *)message));
+    NSSLOWHASH_End(ctx, results, &len, hashLen);
+    PR_ASSERT(len == hashLen);
+    PR_ASSERT(PORT_Memcmp(expected, results, len) == 0);
+
+    if (PORT_Memcmp(expected, results, len) != 0) {
+        SECU_PrintError(progName, "Hash mismatch\n");
+        SECU_PrintBuf(stdout, "Expected: ", expected, hashLen);
+        SECU_PrintBuf(stdout, "Actual:   ", results, len);
+        rv = 1;
+    }
+
+    NSSLOWHASH_Destroy(ctx);
+    NSSLOW_Shutdown(initCtx);
+
+    return rv;
+}
+
+static int
+testMD5(NSSLOWInitContext *initCtx)
+{
+    /* test vectors that glibc, our API main client, uses */
+
+    static const struct {
+        const unsigned char *input;
+        const PRUint8 result[MD5_LENGTH];
+    } md5tests[] = {
+        { (unsigned char *)"",
+          { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e } },
+        { (unsigned char *)"a",
+          { 0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 } },
+        { (unsigned char *)"abc",
+          { 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 } },
+        { (unsigned char *)"message digest",
+          { 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 } },
+        { (unsigned char *)"abcdefghijklmnopqrstuvwxyz",
+          { 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b } },
+        { (unsigned char *)"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+          { 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f } },
+        { (unsigned char *)"123456789012345678901234567890123456789012345678901234567890"
+                           "12345678901234567890",
+          { 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a } }
+    };
+    PRUint8 results[MD5_LENGTH];
+    int rv = 0, cnt, numTests;
+
+    numTests = sizeof(md5tests) / sizeof(md5tests[0]);
+    for (cnt = 0; cnt < numTests; cnt++) {
+        rv += testMessageDigest(initCtx, HASH_AlgMD5, MD5_LENGTH,
+                                (const unsigned char *)md5tests[cnt].input,
+                                md5tests[cnt].result, &results[0]);
+    }
+    return rv;
+}
+
+/*
+ * Tests with test vectors from FIPS 180-2 Appendixes B.1, B.2, B.3, C, and D
+ *
+ */
+
+static int
+testSHA1(NSSLOWInitContext *initCtx)
+{
+    static const struct {
+        const unsigned char *input;
+        const PRUint8 result[SHA1_LENGTH];
+    } sha1tests[] = {
+        /* one block messsage */
+        {
+            (const unsigned char *)"abc",
+            /* a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d. */
+
+            { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,  /* a9993e36 4706816a */
+              0xba, 0x3e, 0x25, 0x71,                          /* ba3e2571 */
+              0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d } /* 7850c26c 9cd0d89d */
+        },
+        { (const unsigned char *)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+          /* 84983e44 1c3bd26e baae4aa1 f95129e5 e54670f1. */
+          { 0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae, 0x4a, 0xa1,
+            0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1 } }
+    };
+
+    PRUint8 results[SHA1_LENGTH];
+    int rv = 0, cnt, numTests;
+
+    numTests = sizeof(sha1tests) / sizeof(sha1tests[0]);
+    for (cnt = 0; cnt < numTests; cnt++) {
+        rv += testMessageDigest(initCtx, HASH_AlgSHA1, SHA1_LENGTH,
+                                (const unsigned char *)sha1tests[cnt].input,
+                                sha1tests[cnt].result, &results[0]);
+    }
+
+    rv += test_long_message_sha1(initCtx);
+    return rv;
+}
+
+static int
+testSHA224(NSSLOWInitContext *initCtx)
+{
+    static const struct {
+        const unsigned char *input;
+        const PRUint8 result[SHA224_LENGTH];
+    } sha224tests[] = {
+        /* one block messsage */
+        { (const unsigned char *)"abc",
+          { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22, 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
+            0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7, 0xE3, 0x6C, 0x9D, 0xA7 } },
+        /* two block message */
+        { (const unsigned char *)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+          { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC, 0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
+            0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19, 0x52, 0x52, 0x25, 0x25 } }
+    };
+
+    PRUint8 results[SHA224_LENGTH];
+    int rv = 0, cnt, numTests;
+
+    numTests = sizeof(sha224tests) / sizeof(sha224tests[0]);
+    for (cnt = 0; cnt < numTests; cnt++) {
+        rv += testMessageDigest(initCtx, HASH_AlgSHA224, SHA224_LENGTH,
+                                (const unsigned char *)sha224tests[cnt].input,
+                                sha224tests[cnt].result, &results[0]);
+    }
+
+    return rv;
+}
+
+static int
+testSHA256(NSSLOWInitContext *initCtx)
+{
+    static const struct {
+        const unsigned char *input;
+        const PRUint8 result[SHA256_LENGTH];
+    } sha256tests[] = {
+        /* Test vectors from FIPS 180-2: appendix B.1.  */
+        { (unsigned char *)"abc",
+          { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
+            0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad } },
+        /* Test vectors from FIPS 180-2: appendix B.2.  */
+        { (unsigned char *)"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+          { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
+            0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 } }
+    };
+
+    PRUint8 results[SHA256_LENGTH];
+    int rv = 0, cnt, numTests;
+
+    numTests = sizeof(sha256tests) / sizeof(sha256tests[0]);
+    for (cnt = 0; cnt < numTests; cnt++) {
+        rv += testMessageDigest(initCtx, HASH_AlgSHA256, SHA256_LENGTH,
+                                (const unsigned char *)sha256tests[cnt].input,
+                                sha256tests[cnt].result, &results[0]);
+    }
+
+    rv += test_long_message_sha256(initCtx);
+    return rv;
+}
+
+static int
+testSHA384(NSSLOWInitContext *initCtx)
+{
+    static const struct {
+        const unsigned char *input;
+        const PRUint8 result[SHA384_LENGTH];
+    } sha384tests[] = {
+        /* Test vector from FIPS 180-2: appendix D, single-block message.  */
+        { (unsigned char *)"abc",
+          { 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
+            0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
+            0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
+            0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
+            0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
+            0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 } },
+
+        /* Test vectors from FIPS 180-2: appendix D, multi-block message.  */
+        { (unsigned char *)"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+                           "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+          /*
+        09330c33f71147e8
+        3d192fc782cd1b47
+        53111b173b3b05d2
+        2fa08086e3b0f712
+        fcc7c71a557e2db9
+        66c3e9fa91746039.
+        */
+          { 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
+            0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
+            0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
+            0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
+            0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
+            0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 } }
+    };
+
+    PRUint8 results[SHA384_LENGTH];
+    int rv = 0, cnt, numTests;
+
+    numTests = sizeof(sha384tests) / sizeof(sha384tests[0]);
+    for (cnt = 0; cnt < numTests; cnt++) {
+        rv += testMessageDigest(initCtx, HASH_AlgSHA384, SHA384_LENGTH,
+                                (const unsigned char *)sha384tests[cnt].input,
+                                sha384tests[cnt].result, &results[0]);
+    }
+    rv += test_long_message_sha384(initCtx);
+
+    return rv;
+}
+
+int
+testSHA512(NSSLOWInitContext *initCtx)
+{
+    static const struct {
+        const unsigned char *input;
+        const PRUint8 result[SHA512_LENGTH];
+    } sha512tests[] = {
+        /* Test vectors from FIPS 180-2: appendix C.1.  */
+        { (unsigned char *)"abc",
+          { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
+            0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
+            0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
+            0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f } },
+        /* Test vectors from FIPS 180-2: appendix C.2.  */
+        { (unsigned char *)"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+                           "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
+          { 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
+            0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
+            0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
+            0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 } }
+    };
+
+    PRUint8 results[SHA512_LENGTH];
+    int rv = 0, cnt, numTests;
+
+    numTests = sizeof(sha512tests) / sizeof(sha512tests[0]);
+    for (cnt = 0; cnt < numTests; cnt++) {
+        rv = testMessageDigest(initCtx, HASH_AlgSHA512, SHA512_LENGTH,
+                               (const unsigned char *)sha512tests[cnt].input,
+                               sha512tests[cnt].result, &results[0]);
+    }
+    rv += test_long_message_sha512(initCtx);
+    return rv;
+}
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr, "Usage: %s [algorithm]\n",
+            progName);
+    fprintf(stderr, "algorithm must be one of %s\n",
+            "{ MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 }");
+    fprintf(stderr, "default is to test all\n");
+    exit(-1);
+}
+
+int
+main(int argc, char **argv)
+{
+    NSSLOWInitContext *initCtx;
+    int rv = 0; /* counts the number of failures */
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    initCtx = NSSLOW_Init();
+    if (initCtx == NULL) {
+        SECU_PrintError(progName, "Couldn't initialize for hashing\n");
+        return 1;
+    }
+
+    if (argc || !argv[1] || strlen(argv[1]) == 0) {
+        rv += testMD5(initCtx);
+        rv += testSHA1(initCtx);
+        rv += testSHA224(initCtx);
+        rv += testSHA256(initCtx);
+        rv += testSHA384(initCtx);
+        rv += testSHA512(initCtx);
+    } else if (strcmp(argv[1], "MD5") == 0) {
+        rv += testMD5(initCtx);
+    } else if (strcmp(argv[1], "SHA1") == 0) {
+        rv += testSHA1(initCtx);
+    } else if (strcmp(argv[1], "SHA224") == 0) {
+        rv += testSHA224(initCtx);
+    } else if (strcmp(argv[1], "SHA226") == 0) {
+        rv += testSHA256(initCtx);
+    } else if (strcmp(argv[1], "SHA384") == 0) {
+        rv += testSHA384(initCtx);
+    } else if (strcmp(argv[1], "SHA512") == 0) {
+        rv += testSHA512(initCtx);
+    } else {
+        SECU_PrintError(progName, "Unsupported hash type %s\n", argv[0]);
+        Usage(progName);
+    }
+
+    NSSLOW_Shutdown(initCtx);
+
+    return (rv == 0) ? 0 : 1;
+}
diff --git a/nss/cmd/lowhashtest/lowhashtest.gyp b/nss/cmd/lowhashtest/lowhashtest.gyp
new file mode 100644
index 0000000..3b3e3c2
--- /dev/null
+++ b/nss/cmd/lowhashtest/lowhashtest.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lowhashtest',
+      'type': 'executable',
+      'sources': [
+        'lowhashtest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl3',
+        '<(DEPTH)/cmd/lib/lib.gyp:sectool'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../nss/lib/freebl'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/lowhashtest/manifest.mn b/nss/cmd/lowhashtest/manifest.mn
new file mode 100644
index 0000000..db10daa
--- /dev/null
+++ b/nss/cmd/lowhashtest/manifest.mn
@@ -0,0 +1,25 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+REQUIRES = seccmd dbm softoken
+
+INCLUDES += -I$(CORE_DEPTH)/nss/lib/freebl
+
+PROGRAM = lowhashtest
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	lowhashtest.c \
+	$(NULL)
+
+USE_STATIC_LIBS = 1
diff --git a/nss/cmd/makepqg/Makefile b/nss/cmd/makepqg/Makefile
new file mode 100644
index 0000000..8b239d2
--- /dev/null
+++ b/nss/cmd/makepqg/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
+
diff --git a/nss/cmd/makepqg/makepqg.c b/nss/cmd/makepqg/makepqg.c
new file mode 100644
index 0000000..85f8218
--- /dev/null
+++ b/nss/cmd/makepqg/makepqg.c
@@ -0,0 +1,349 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+
+#include "nss.h"
+#include "secutil.h"
+#include "secitem.h"
+#include "pk11func.h"
+#include "pk11pqg.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include "plgetopt.h"
+
+#define BPB 8 /* bits per byte. */
+
+char *progName;
+
+const SEC_ASN1Template seckey_PQGParamsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
+    { 0 }
+};
+
+void
+Usage(void)
+{
+    fprintf(stderr, "Usage:  %s\n", progName);
+    fprintf(stderr,
+            "-a   Output DER-encoded PQG params, BTOA encoded.\n"
+            "-b   Output DER-encoded PQG params in binary\n"
+            "-r   Output P, Q and G in ASCII hexadecimal. \n"
+            "  -l prime-length       Length of prime in bits (1024 is default)\n"
+            "  -n subprime-length    Length of subprime in bits\n"
+            "  -o file               Output to this file (default is stdout)\n"
+            "  -g bits               Generate SEED this many bits long.\n");
+    exit(-1);
+}
+
+SECStatus
+outputPQGParams(PQGParams *pqgParams, PRBool output_binary, PRBool output_raw,
+                FILE *outFile)
+{
+    PLArenaPool *arena = NULL;
+    char *PQG;
+    SECItem *pItem;
+    int cc;
+    SECStatus rv;
+    SECItem encodedParams;
+
+    if (output_raw) {
+        SECItem item;
+
+        rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item);
+        if (rv) {
+            SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
+            return rv;
+        }
+        SECU_PrintInteger(outFile, &item, "Prime", 1);
+        SECITEM_FreeItem(&item, PR_FALSE);
+
+        rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item);
+        if (rv) {
+            SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
+            return rv;
+        }
+        SECU_PrintInteger(outFile, &item, "Subprime", 1);
+        SECITEM_FreeItem(&item, PR_FALSE);
+
+        rv = PK11_PQG_GetBaseFromParams(pqgParams, &item);
+        if (rv) {
+            SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
+            return rv;
+        }
+        SECU_PrintInteger(outFile, &item, "Base", 1);
+        SECITEM_FreeItem(&item, PR_FALSE);
+
+        fprintf(outFile, "\n");
+        return SECSuccess;
+    }
+
+    encodedParams.data = NULL;
+    encodedParams.len = 0;
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        SECU_PrintError(progName, "PORT_NewArena");
+        return SECFailure;
+    }
+    pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams,
+                               seckey_PQGParamsTemplate);
+    if (!pItem) {
+        SECU_PrintError(progName, "SEC_ASN1EncodeItem");
+        PORT_FreeArena(arena, PR_FALSE);
+        return SECFailure;
+    }
+    if (output_binary) {
+        size_t len;
+        len = fwrite(encodedParams.data, 1, encodedParams.len, outFile);
+        PORT_FreeArena(arena, PR_FALSE);
+        if (len != encodedParams.len) {
+            fprintf(stderr, "%s: fwrite failed\n", progName);
+            return SECFailure;
+        }
+        return SECSuccess;
+    }
+
+    /* must be output ASCII */
+    PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
+    PORT_FreeArena(arena, PR_FALSE);
+    if (!PQG) {
+        SECU_PrintError(progName, "BTOA_DataToAscii");
+        return SECFailure;
+    }
+
+    cc = fprintf(outFile, "%s\n", PQG);
+    PORT_Free(PQG);
+    if (cc <= 0) {
+        fprintf(stderr, "%s: fprintf failed\n", progName);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+outputPQGVerify(PQGVerify *pqgVerify, PRBool output_binary, PRBool output_raw,
+                FILE *outFile)
+{
+    SECStatus rv = SECSuccess;
+    if (output_raw) {
+        SECItem item;
+        unsigned int counter;
+
+        rv = PK11_PQG_GetHFromVerify(pqgVerify, &item);
+        if (rv) {
+            SECU_PrintError(progName, "PK11_PQG_GetHFromVerify");
+            return rv;
+        }
+        SECU_PrintInteger(outFile, &item, "h", 1);
+        SECITEM_FreeItem(&item, PR_FALSE);
+
+        rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item);
+        if (rv) {
+            SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify");
+            return rv;
+        }
+        SECU_PrintInteger(outFile, &item, "SEED", 1);
+        fprintf(outFile, "    g:       %d\n", item.len * BPB);
+        SECITEM_FreeItem(&item, PR_FALSE);
+
+        counter = PK11_PQG_GetCounterFromVerify(pqgVerify);
+        fprintf(outFile, "    counter: %d\n", counter);
+        fprintf(outFile, "\n");
+    }
+    return rv;
+}
+
+int
+main(int argc, char **argv)
+{
+    FILE *outFile = NULL;
+    char *outFileName = NULL;
+    PQGParams *pqgParams = NULL;
+    PQGVerify *pqgVerify = NULL;
+    int keySizeInBits = 1024;
+    int j = 8;
+    int g = 0;
+    int gMax = 0;
+    int qSizeInBits = 0;
+    SECStatus rv = 0;
+    SECStatus passed = 0;
+    PRBool output_ascii = PR_FALSE;
+    PRBool output_binary = PR_FALSE;
+    PRBool output_raw = PR_FALSE;
+    PLOptState *optstate;
+    PLOptStatus status;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    /* Parse command line arguments */
+    optstate = PL_CreateOptState(argc, argv, "?abg:l:n:o:r");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+
+            case 'l':
+                keySizeInBits = atoi(optstate->value);
+                break;
+
+            case 'n':
+                qSizeInBits = atoi(optstate->value);
+                break;
+
+            case 'a':
+                output_ascii = PR_TRUE;
+                break;
+
+            case 'b':
+                output_binary = PR_TRUE;
+                break;
+
+            case 'r':
+                output_raw = PR_TRUE;
+                break;
+
+            case 'o':
+                if (outFileName) {
+                    PORT_Free(outFileName);
+                }
+                outFileName = PORT_Strdup(optstate->value);
+                if (!outFileName) {
+                    rv = -1;
+                }
+                break;
+
+            case 'g':
+                g = atoi(optstate->value);
+                break;
+
+            default:
+            case '?':
+                Usage();
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    if (status == PL_OPT_BAD) {
+        Usage();
+    }
+
+    /* exactly 1 of these options must be set. */
+    if (1 != ((output_ascii != PR_FALSE) +
+              (output_binary != PR_FALSE) +
+              (output_raw != PR_FALSE))) {
+        Usage();
+    }
+
+    gMax = 2 * keySizeInBits;
+    if (keySizeInBits < 1024) {
+        j = PQG_PBITS_TO_INDEX(keySizeInBits);
+        if (j < 0) {
+            fprintf(stderr, "%s: Illegal prime length, \n"
+                            "\tacceptable values are between 512 and 1024,\n"
+                            "\tand divisible by 64, or 2048 or 3072\n",
+                    progName);
+            return 2;
+        }
+        gMax = 2048;
+        if ((qSizeInBits != 0) && (qSizeInBits != 160)) {
+            fprintf(stderr, "%s: Illegal subprime length, \n"
+                            "\tonly 160 is acceptible for primes <= 1024\n",
+                    progName);
+            return 2;
+        }
+        /* this forces keysizes less than 1024 into the DSA1 generation
+	 * code. Whether 1024 uses DSA2 or not is triggered by qSizeInBits
+	 * being non-zero. All larger keysizes will use DSA2.
+	 */
+        qSizeInBits = 0;
+    }
+    if (g != 0 && (g < 160 || g >= gMax || g % 8 != 0)) {
+        fprintf(stderr, "%s: Illegal g bits, \n"
+                        "\tacceptable values are between 160 and %d,\n"
+                        "\tand divisible by 8\n",
+                progName, gMax);
+        return 3;
+    }
+
+    if (!rv && outFileName) {
+        outFile = fopen(outFileName, output_binary ? "wb" : "w");
+        if (!outFile) {
+            fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                    progName, outFileName);
+            rv = -1;
+        }
+    }
+    if (outFileName) {
+        PORT_Free(outFileName);
+    }
+    if (rv != 0) {
+        return 1;
+    }
+
+    if (outFile == NULL) {
+        outFile = stdout;
+    }
+
+    NSS_NoDB_Init(NULL);
+
+    if (keySizeInBits > 1024 || qSizeInBits != 0) {
+        rv = PK11_PQG_ParamGenV2((unsigned)keySizeInBits,
+                                 (unsigned)qSizeInBits, (unsigned)(g /
+                                                                   8),
+                                 &pqgParams, &pqgVerify);
+    } else if (g) {
+        rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g / 8),
+                                      &pqgParams, &pqgVerify);
+    } else {
+        rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
+    }
+    /* below here, must go to loser */
+
+    if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) {
+        SECU_PrintError(progName, "PQG parameter generation failed.\n");
+        goto loser;
+    }
+    fprintf(stderr, "%s: PQG parameter generation completed.\n", progName);
+
+    rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile);
+    if (rv) {
+        fprintf(stderr, "%s: failed to output PQG params.\n", progName);
+        goto loser;
+    }
+    rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile);
+    if (rv) {
+        fprintf(stderr, "%s: failed to output PQG Verify.\n", progName);
+        goto loser;
+    }
+
+    rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
+        goto loser;
+    }
+    if (passed != SECSuccess) {
+        fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
+        goto loser;
+    }
+    fprintf(stderr, "%s: PQG parameters passed verification.\n", progName);
+
+    PK11_PQG_DestroyParams(pqgParams);
+    PK11_PQG_DestroyVerify(pqgVerify);
+    return 0;
+
+loser:
+    PK11_PQG_DestroyParams(pqgParams);
+    PK11_PQG_DestroyVerify(pqgVerify);
+    return 1;
+}
diff --git a/nss/cmd/makepqg/makepqg.gyp b/nss/cmd/makepqg/makepqg.gyp
new file mode 100644
index 0000000..3ddc34a
--- /dev/null
+++ b/nss/cmd/makepqg/makepqg.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'makepqg',
+      'type': 'executable',
+      'sources': [
+        'makepqg.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/makepqg/manifest.mn b/nss/cmd/makepqg/manifest.mn
new file mode 100644
index 0000000..f424410
--- /dev/null
+++ b/nss/cmd/makepqg/manifest.mn
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+REQUIRES = dbm 
+
+# DIRS = 
+
+CSRCS	=  makepqg.c
+
+PROGRAM	= makepqg
+
+#USE_STATIC_LIBS = 1
+
diff --git a/nss/cmd/makepqg/testit.ksh b/nss/cmd/makepqg/testit.ksh
new file mode 100644
index 0000000..e2cdb02
--- /dev/null
+++ b/nss/cmd/makepqg/testit.ksh
@@ -0,0 +1,13 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+COUNTER=75
+while [ $COUNTER -ge "1" ] 
+do 
+	COUNTER=$(eval expr $COUNTER - 1)
+	echo $COUNTER
+    	*/makepqg.exe -r -l 640 -g 160 || exit 1
+done
+
diff --git a/nss/cmd/manifest.mn b/nss/cmd/manifest.mn
new file mode 100644
index 0000000..153384c
--- /dev/null
+++ b/nss/cmd/manifest.mn
@@ -0,0 +1,108 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH	= ..
+# MODULE	= seccmd
+
+SOFTOKEN_SRCDIRS=
+NSS_SRCDIRS=
+LIB_SRCDIRS=
+
+ifdef NSS_BUILD_UTIL_ONLY
+REQUIRES = nspr
+else
+REQUIRES = nss nspr libdbm
+LIB_SRCDIRS = \
+ lib \
+ $(NULL)
+endif
+
+ifndef NSS_BUILD_UTIL_ONLY
+SOFTOKEN_SRCDIRS = \
+ $(BLTEST_SRCDIR) \
+ $(ECPERF_SRCDIR) \
+ $(FREEBL_ECTEST_SRCDIR) \
+ $(FIPSTEST_SRCDIR)  \
+ $(LOWHASHTEST_SRCDIR)  \
+ $(SHLIBSIGN_SRCDIR) \
+ $(NULL)
+endif
+
+ifndef NSS_BUILD_SOFTOKEN_ONLY
+ifndef NSS_BUILD_UTIL_ONLY
+NSS_SRCDIRS = \
+ addbuiltin \
+ atob  \
+ btoa  \
+ certcgi \
+ certutil  \
+ chktest  \
+ crlutil  \
+ crmftest \
+ dbtest \
+ derdump  \
+ digest  \
+ httpserv  \
+ listsuites \
+ makepqg  \
+ multinit \
+ ocspclnt  \
+ ocspresp \
+ oidcalc  \
+ p7content  \
+ p7env  \
+ p7sign  \
+ p7verify  \
+ pk12util \
+ pk11ectest \
+ pk11gcmtest \
+ pk11mode \
+ pk1sign  \
+ pp  \
+ pwdecrypt \
+ rsaperf \
+ sdrtest \
+ selfserv  \
+ signtool \
+ signver \
+ smimetools  \
+ ssltap  \
+ strsclnt \
+ symkeyutil \
+ tests \
+ tstclnt  \
+ vfychain \
+ vfyserv \
+ modutil \
+ $(NULL)
+
+ifndef NSS_DISABLE_LIBPKIX
+NSS_SRCDIRS += \
+ pkix-errcodes \
+ $(NULL)
+endif
+
+endif
+endif
+
+DIRS = \
+ $(LIB_SRCDIRS) \
+ $(SOFTOKEN_SRCDIRS) \
+ $(NSS_SRCDIRS)
+
+TEMPORARILY_DONT_BUILD = \
+ $(NULL)
+
+# rsaperf  \
+#
+#       needs to look at what needs to happen to make jar build in
+# the binary release environment.
+#
+# perror requires lib/strerror.c which requires the client code installed 
+# to build (requires allxpstr.h)
+#
+DONT_BULD = jar \
+ perror \
+$(NULL)
diff --git a/nss/cmd/modutil/Makefile b/nss/cmd/modutil/Makefile
new file mode 100644
index 0000000..fc7b4b1
--- /dev/null
+++ b/nss/cmd/modutil/Makefile
@@ -0,0 +1,54 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+include $(CORE_DEPTH)/coreconf/zlib.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
+#
+# Cancel the built-in implicit yacc and lex rules.
+#
+
+%.c: %.y
+%.c: %.l
diff --git a/nss/cmd/modutil/README b/nss/cmd/modutil/README
new file mode 100644
index 0000000..12d192c
--- /dev/null
+++ b/nss/cmd/modutil/README
@@ -0,0 +1,7 @@
+                    CRYPTOGRAPHIC MODULE UTILITY (modutil)
+                                VERSION 1.0
+              ===============================================
+
+The file specification.html documentats the software.
+
+The file pk11jar.html documents the PKCS #11 JAR format.
diff --git a/nss/cmd/modutil/error.h b/nss/cmd/modutil/error.h
new file mode 100644
index 0000000..b328afe
--- /dev/null
+++ b/nss/cmd/modutil/error.h
@@ -0,0 +1,139 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MODUTIL_ERROR_H
+#define MODUTIL_ERROR_H
+
+/*
+ * The values of these enumerated constants are immutable and must not be
+ * changed.
+ */
+typedef enum {
+    NO_ERR = 0,
+    INVALID_USAGE_ERR,
+    UNEXPECTED_ARG_ERR,
+    UNKNOWN_OPTION_ERR,
+    MULTIPLE_COMMAND_ERR,
+    OPTION_NEEDS_ARG_ERR,
+    DUPLICATE_OPTION_ERR,
+    MISSING_PARAM_ERR,
+    INVALID_FIPS_ARG,
+    NO_COMMAND_ERR,
+    NO_DBDIR_ERR,
+    FIPS_SWITCH_FAILED_ERR,
+    FIPS_ALREADY_ON_ERR,
+    FIPS_ALREADY_OFF_ERR,
+    FILE_ALREADY_EXISTS_ERR,
+    FILE_DOESNT_EXIST_ERR,
+    FILE_NOT_READABLE_ERR,
+    FILE_NOT_WRITEABLE_ERR,
+    DIR_DOESNT_EXIST_ERR,
+    DIR_NOT_READABLE_ERR,
+    DIR_NOT_WRITEABLE_ERR,
+    INVALID_CONSTANT_ERR,
+    ADD_MODULE_FAILED_ERR,
+    UNUSED_ERR, /* reserved for future use */
+    OUT_OF_MEM_ERR,
+    DELETE_INTERNAL_ERR,
+    DELETE_FAILED_ERR,
+    NO_LIST_LOCK_ERR,
+    NO_MODULE_LIST_ERR,
+    NO_SUCH_MODULE_ERR,
+    MOD_INFO_ERR,
+    SLOT_INFO_ERR,
+    TOKEN_INFO_ERR,
+    NO_SUCH_TOKEN_ERR,
+    CHANGEPW_FAILED_ERR,
+    BAD_PW_ERR,
+    DB_ACCESS_ERR,
+    AUTHENTICATION_FAILED_ERR,
+    NO_SUCH_SLOT_ERR,
+    ENABLE_FAILED_ERR,
+    UPDATE_MOD_FAILED_ERR,
+    DEFAULT_FAILED_ERR,
+    UNDEFAULT_FAILED_ERR,
+    STDIN_READ_ERR,
+    UNSPECIFIED_ERR,
+    NOCERTDB_MISUSE_ERR,
+    NSS_INITIALIZE_FAILED_ERR,
+
+    LAST_ERR /* must be last */
+} Error;
+#define SUCCESS NO_ERR
+
+/* !!! Should move this into its own .c and un-static it. */
+static char *errStrings[] = {
+    "Operation completed successfully.\n",
+    "ERROR: Invalid command line.\n",
+    "ERROR: Not expecting argument \"%s\".\n",
+    "ERROR: Unknown option: %s.\n",
+    "ERROR: %s: multiple commands are not allowed on the command line.\n",
+    "ERROR: %s: option needs an argument.\n",
+    "ERROR: %s: option cannot be given more than once.\n",
+    "ERROR: Command \"%s\" requires parameter \"%s\".\n",
+    "ERROR: Argument to -fips must be \"true\" or \"false\".\n",
+    "ERROR: No command was specified.\n",
+    "ERROR: Cannot determine database directory: use the -dbdir option.\n",
+    "ERROR: Unable to switch FIPS modes.\n",
+    "FIPS mode already enabled.\n",
+    "FIPS mode already disabled.\n",
+    "ERROR: File \"%s\" already exists.\n",
+    "ERROR: File \"%s\" does not exist.\n",
+    "ERROR: File \"%s\" is not readable.\n",
+    "ERROR: File \"%s\" is not writeable.\n",
+    "ERROR: Directory \"%s\" does not exist.\n",
+    "ERROR: Directory \"%s\" is not readable.\n",
+    "ERROR: Directory \"%s\" is not writeable.\n",
+    "\"%s\" is not a recognized value.\n",
+    "ERROR: Failed to add module \"%s\". Probable cause : \"%s\".\n",
+    "Unused error string",
+    "ERROR: Out of memory.\n",
+    "ERROR: Cannot delete internal module.\n",
+    "ERROR: Failed to delete module \"%s\".\n",
+    "ERROR: Unable to obtain lock on module list.\n",
+    "ERROR: Unable to obtain module list.\n",
+    "ERROR: Module \"%s\" not found in database.\n",
+    "ERROR: Unable to get information about module \"%s\".\n",
+    "ERROR: Unable to get information about slot \"%s\".\n",
+    "ERROR: Unable to get information about token \"%s\".\n",
+    "ERROR: Token \"%s\" not found.\n",
+    "ERROR: Unable to change password on token \"%s\".\n",
+    "ERROR: Incorrect password.\n",
+    "ERROR: Unable to access database \"%s\".\n",
+    "ERROR: Unable to authenticate to token \"%s\".\n",
+    "ERROR: Slot \"%s\" not found.\n",
+    "ERROR: Failed to %s slot \"%s\".\n",
+    "ERROR: Failed to update module \"%s\".\n",
+    "ERROR: Failed to change defaults.\n",
+    "ERROR: Failed to change default.\n",
+    "ERROR: Unable to read from standard input.\n",
+    "ERROR: Unknown error occurred.\n",
+    "ERROR: -nocertdb option can only be used with the -jar command.\n"
+    "ERROR: NSS_Initialize() failed.\n"
+};
+
+typedef enum {
+    FIPS_ENABLED_MSG = 0,
+    FIPS_DISABLED_MSG,
+    USING_DBDIR_MSG,
+    CREATING_DB_MSG,
+    ADD_MODULE_SUCCESS_MSG,
+    DELETE_SUCCESS_MSG,
+    CHANGEPW_SUCCESS_MSG,
+    BAD_PW_MSG,
+    PW_MATCH_MSG,
+    DONE_MSG,
+    ENABLE_SUCCESS_MSG,
+    DEFAULT_SUCCESS_MSG,
+    UNDEFAULT_SUCCESS_MSG,
+    BROWSER_RUNNING_MSG,
+    ABORTING_MSG,
+
+    LAST_MSG /* must be last */
+} Message;
+
+/* defined in modutil.c */
+extern char *msgStrings[];
+
+#endif /* MODUTIL_ERROR_H */
diff --git a/nss/cmd/modutil/install-ds.c b/nss/cmd/modutil/install-ds.c
new file mode 100644
index 0000000..c8fef78
--- /dev/null
+++ b/nss/cmd/modutil/install-ds.c
@@ -0,0 +1,1525 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "install-ds.h"
+#include <prmem.h>
+#include <plstr.h>
+#include <prprf.h>
+#include <string.h>
+
+#define PORT_Strcasecmp PL_strcasecmp
+
+#define MODULE_FILE_STRING "ModuleFile"
+#define MODULE_NAME_STRING "ModuleName"
+#define MECH_FLAGS_STRING "DefaultMechanismFlags"
+#define CIPHER_FLAGS_STRING "DefaultCipherFlags"
+#define FILES_STRING "Files"
+#define FORWARD_COMPATIBLE_STRING "ForwardCompatible"
+#define PLATFORMS_STRING "Platforms"
+#define RELATIVE_DIR_STRING "RelativePath"
+#define ABSOLUTE_DIR_STRING "AbsolutePath"
+#define FILE_PERMISSIONS_STRING "FilePermissions"
+#define EQUIVALENT_PLATFORM_STRING "EquivalentPlatform"
+#define EXECUTABLE_STRING "Executable"
+
+#define DEFAULT_PERMISSIONS 0777
+
+#define PLATFORM_SEPARATOR_CHAR ':'
+
+/* Error codes */
+enum {
+    BOGUS_RELATIVE_DIR = 0,
+    BOGUS_ABSOLUTE_DIR,
+    BOGUS_FILE_PERMISSIONS,
+    NO_RELATIVE_DIR,
+    NO_ABSOLUTE_DIR,
+    EMPTY_PLATFORM_STRING,
+    BOGUS_PLATFORM_STRING,
+    REPEAT_MODULE_FILE,
+    REPEAT_MODULE_NAME,
+    BOGUS_MODULE_FILE,
+    BOGUS_MODULE_NAME,
+    REPEAT_MECH,
+    BOGUS_MECH_FLAGS,
+    REPEAT_CIPHER,
+    BOGUS_CIPHER_FLAGS,
+    REPEAT_FILES,
+    REPEAT_EQUIV,
+    BOGUS_EQUIV,
+    EQUIV_TOO_MUCH_INFO,
+    NO_FILES,
+    NO_MODULE_FILE,
+    NO_MODULE_NAME,
+    NO_PLATFORMS,
+    EQUIV_LOOP,
+    UNKNOWN_MODULE_FILE
+};
+
+/* Indexed by the above error codes */
+static const char* errString[] = {
+    "%s: Invalid relative directory",
+    "%s: Invalid absolute directory",
+    "%s: Invalid file permissions",
+    "%s: No relative directory specified",
+    "%s: No absolute directory specified",
+    "Empty string given for platform name",
+    "%s: invalid platform string",
+    "More than one ModuleFile entry given for platform %s",
+    "More than one ModuleName entry given for platform %s",
+    "Invalid ModuleFile specification for platform %s",
+    "Invalid ModuleName specification for platform %s",
+    "More than one DefaultMechanismFlags entry given for platform %s",
+    "Invalid DefaultMechanismFlags specification for platform %s",
+    "More than one DefaultCipherFlags entry given for platform %s",
+    "Invalid DefaultCipherFlags entry given for platform %s",
+    "More than one Files entry given for platform %s",
+    "More than one EquivalentPlatform entry given for platform %s",
+    "Invalid EquivalentPlatform specification for platform %s",
+    "Module %s uses an EquivalentPlatform but also specifies its own"
+    " information",
+    "No Files specification in module %s",
+    "No ModuleFile specification in module %s",
+    "No ModuleName specification in module %s",
+    "No Platforms specification in installer script",
+    "Platform %s has an equivalency loop",
+    "Module file \"%s\" in platform \"%s\" does not exist"
+};
+
+static char* PR_Strdup(const char* str);
+
+#define PAD(x)                  \
+    {                           \
+        int i;                  \
+        for (i = 0; i < x; i++) \
+            printf(" ");        \
+    }
+#define PADINC 4
+
+Pk11Install_File*
+Pk11Install_File_new()
+{
+    Pk11Install_File* new_this;
+    new_this = (Pk11Install_File*)PR_Malloc(sizeof(Pk11Install_File));
+    Pk11Install_File_init(new_this);
+    return new_this;
+}
+
+void
+Pk11Install_File_init(Pk11Install_File* _this)
+{
+    _this->jarPath = NULL;
+    _this->relativePath = NULL;
+    _this->absolutePath = NULL;
+    _this->executable = PR_FALSE;
+    _this->permissions = 0;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  ~Pk11Install_File
+// Class:   Pk11Install_File
+// Notes:   Destructor.
+*/
+void
+Pk11Install_File_delete(Pk11Install_File* _this)
+{
+    Pk11Install_File_Cleanup(_this);
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Cleanup
+// Class:   Pk11Install_File
+*/
+void
+Pk11Install_File_Cleanup(Pk11Install_File* _this)
+{
+    if (_this->jarPath) {
+        PR_Free(_this->jarPath);
+        _this->jarPath = NULL;
+    }
+    if (_this->relativePath) {
+        PR_Free(_this->relativePath);
+        _this->relativePath = NULL;
+    }
+    if (_this->absolutePath) {
+        PR_Free(_this->absolutePath);
+        _this->absolutePath = NULL;
+    }
+
+    _this->permissions = 0;
+    _this->executable = PR_FALSE;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Generate
+// Class:   Pk11Install_File
+// Notes:   Creates a file data structure from a syntax tree.
+// Returns: NULL for success, otherwise an error message.
+*/
+char*
+Pk11Install_File_Generate(Pk11Install_File* _this,
+                          const Pk11Install_Pair* pair)
+{
+    Pk11Install_ListIter* iter;
+    Pk11Install_Value* val;
+    Pk11Install_Pair* subpair;
+    Pk11Install_ListIter* subiter;
+    Pk11Install_Value* subval;
+    char* errStr;
+    char* endp;
+    PRBool gotPerms;
+
+    iter = NULL;
+    subiter = NULL;
+    errStr = NULL;
+    gotPerms = PR_FALSE;
+
+    /* Clear out old values */
+    Pk11Install_File_Cleanup(_this);
+
+    _this->jarPath = PR_Strdup(pair->key);
+
+    /* Go through all the pairs under this file heading */
+    iter = Pk11Install_ListIter_new(pair->list);
+    for (; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
+        if (val->type == PAIR_VALUE) {
+            subpair = val->pair;
+
+            /* Relative directory */
+            if (!PORT_Strcasecmp(subpair->key, RELATIVE_DIR_STRING)) {
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE)) {
+                    errStr = PR_smprintf(errString[BOGUS_RELATIVE_DIR],
+                                         _this->jarPath);
+                    goto loser;
+                }
+                _this->relativePath = PR_Strdup(subval->string);
+                Pk11Install_ListIter_delete(&subiter);
+
+                /* Absolute directory */
+            } else if (!PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) {
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE)) {
+                    errStr = PR_smprintf(errString[BOGUS_ABSOLUTE_DIR],
+                                         _this->jarPath);
+                    goto loser;
+                }
+                _this->absolutePath = PR_Strdup(subval->string);
+                Pk11Install_ListIter_delete(&subiter);
+
+                /* file permissions */
+            } else if (!PORT_Strcasecmp(subpair->key,
+                                        FILE_PERMISSIONS_STRING)) {
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE) ||
+                    !subval->string || !subval->string[0]) {
+                    errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
+                                         _this->jarPath);
+                    goto loser;
+                }
+                _this->permissions = (int)strtol(subval->string, &endp, 8);
+                if (*endp != '\0') {
+                    errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
+                                         _this->jarPath);
+                    goto loser;
+                }
+                gotPerms = PR_TRUE;
+                Pk11Install_ListIter_delete(&subiter);
+            }
+        } else {
+            if (!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) {
+                _this->executable = PR_TRUE;
+            }
+        }
+    }
+
+    /* Default permission value */
+    if (!gotPerms) {
+        _this->permissions = DEFAULT_PERMISSIONS;
+    }
+
+    /* Make sure we got all the information */
+    if (!_this->relativePath && !_this->absolutePath) {
+        errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
+        goto loser;
+    }
+#if 0
+    if(!_this->relativePath ) {
+        errStr = PR_smprintf(errString[NO_RELATIVE_DIR], _this->jarPath);
+        goto loser;
+    }
+    if(!_this->absolutePath) {
+        errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
+        goto loser;
+    }
+#endif
+
+loser:
+    if (iter) {
+        Pk11Install_ListIter_delete(&iter);
+    }
+    if (subiter) {
+        Pk11Install_ListIter_delete(&subiter);
+    }
+    return errStr;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Print
+// Class:   Pk11Install_File
+*/
+void
+Pk11Install_File_Print(Pk11Install_File* _this, int pad)
+{
+    PAD(pad);
+    printf("jarPath: %s\n",
+           _this->jarPath ? _this->jarPath : "<NULL>");
+    PAD(pad);
+    printf("relativePath: %s\n",
+           _this->relativePath ? _this->relativePath : "<NULL>");
+    PAD(pad);
+    printf("absolutePath: %s\n",
+           _this->absolutePath ? _this->absolutePath : "<NULL>");
+    PAD(pad);
+    printf("permissions: %o\n", _this->permissions);
+}
+
+Pk11Install_PlatformName*
+Pk11Install_PlatformName_new()
+{
+    Pk11Install_PlatformName* new_this;
+    new_this = (Pk11Install_PlatformName*)
+        PR_Malloc(sizeof(Pk11Install_PlatformName));
+    Pk11Install_PlatformName_init(new_this);
+    return new_this;
+}
+
+void
+Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this)
+{
+    _this->OS = NULL;
+    _this->verString = NULL;
+    _this->numDigits = 0;
+    _this->arch = NULL;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  ~Pk11Install_PlatformName
+// Class:   Pk11Install_PlatformName
+*/
+void
+Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this)
+{
+    Pk11Install_PlatformName_Cleanup(_this);
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Cleanup
+// Class:   Pk11Install_PlatformName
+*/
+void
+Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this)
+{
+    if (_this->OS) {
+        PR_Free(_this->OS);
+        _this->OS = NULL;
+    }
+    if (_this->verString) {
+        int i;
+        for (i = 0; i < _this->numDigits; i++) {
+            PR_Free(_this->verString[i]);
+        }
+        PR_Free(_this->verString);
+        _this->verString = NULL;
+    }
+    if (_this->arch) {
+        PR_Free(_this->arch);
+        _this->arch = NULL;
+    }
+    _this->numDigits = 0;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Generate
+// Class:   Pk11Install_PlatformName
+// Notes:   Extracts the information from a platform string.
+*/
+char*
+Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this,
+                                  const char* str)
+{
+    char* errStr;
+    char* copy;
+    char *end, *start;   /* start and end of a section (OS, version, arch)*/
+    char *pend, *pstart; /* start and end of one portion of version*/
+    char* endp;          /* used by strtol*/
+    int periods, i;
+
+    errStr = NULL;
+    copy = NULL;
+
+    if (!str) {
+        errStr = PR_smprintf(errString[EMPTY_PLATFORM_STRING]);
+        goto loser;
+    }
+    copy = PR_Strdup(str);
+
+    /*
+    // Get the OS
+    */
+    end = strchr(copy, PLATFORM_SEPARATOR_CHAR);
+    if (!end || end == copy) {
+        errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+        goto loser;
+    }
+    *end = '\0';
+
+    _this->OS = PR_Strdup(copy);
+
+    /*
+    // Get the digits of the version of form: x.x.x (arbitrary number of digits)
+    */
+
+    start = end + 1;
+    end = strchr(start, PLATFORM_SEPARATOR_CHAR);
+    if (!end) {
+        errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+        goto loser;
+    }
+    *end = '\0';
+
+    if (end != start) {
+        /* Find out how many periods*/
+        periods = 0;
+        pstart = start;
+        while ((pend = strchr(pstart, '.'))) {
+            periods++;
+            pstart = pend + 1;
+        }
+        _this->numDigits = 1 + periods;
+        _this->verString = (char**)PR_Malloc(sizeof(char*) * _this->numDigits);
+
+        pstart = start;
+        i = 0;
+        /* Get the digits before each period*/
+        while ((pend = strchr(pstart, '.'))) {
+            if (pend == pstart) {
+                errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+                goto loser;
+            }
+            *pend = '\0';
+            _this->verString[i] = PR_Strdup(pstart);
+            endp = pend;
+            if (endp == pstart || (*endp != '\0')) {
+                errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+                goto loser;
+            }
+            pstart = pend + 1;
+            i++;
+        }
+        /* Last digit comes after the last period*/
+        if (*pstart == '\0') {
+            errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+            goto loser;
+        }
+        _this->verString[i] = PR_Strdup(pstart);
+        /*
+        if(endp==pstart || (*endp != '\0')) {
+            errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+            goto loser;
+        }
+        */
+    } else {
+        _this->verString = NULL;
+        _this->numDigits = 0;
+    }
+
+    /*
+    // Get the architecture
+    */
+    start = end + 1;
+    if (strchr(start, PLATFORM_SEPARATOR_CHAR)) {
+        errStr = PR_smprintf(errString[BOGUS_PLATFORM_STRING], str);
+        goto loser;
+    }
+    _this->arch = PR_Strdup(start);
+
+    if (copy) {
+        PR_Free(copy);
+    }
+    return NULL;
+loser:
+    if (_this->OS) {
+        PR_Free(_this->OS);
+        _this->OS = NULL;
+    }
+    if (_this->verString) {
+        for (i = 0; i < _this->numDigits; i++) {
+            PR_Free(_this->verString[i]);
+        }
+        PR_Free(_this->verString);
+        _this->verString = NULL;
+    }
+    _this->numDigits = 0;
+    if (_this->arch) {
+        PR_Free(_this->arch);
+        _this->arch = NULL;
+    }
+    if (copy) {
+        PR_Free(copy);
+    }
+
+    return errStr;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  operator ==
+// Class:   Pk11Install_PlatformName
+// Returns: PR_TRUE if the platform have the same OS, arch, and version
+*/
+PRBool
+Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this,
+                               Pk11Install_PlatformName* cmp)
+{
+    int i;
+
+    if (!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
+        return PR_FALSE;
+    }
+
+    if (PORT_Strcasecmp(_this->OS, cmp->OS) ||
+        PORT_Strcasecmp(_this->arch, cmp->arch) ||
+        _this->numDigits != cmp->numDigits) {
+        return PR_FALSE;
+    }
+
+    for (i = 0; i < _this->numDigits; i++) {
+        if (PORT_Strcasecmp(_this->verString[i], cmp->verString[i])) {
+            return PR_FALSE;
+        }
+    }
+    return PR_TRUE;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  operator <=
+// Class:   Pk11Install_PlatformName
+// Returns: PR_TRUE if the platform have the same OS and arch and a lower
+//          or equal release.
+*/
+PRBool
+Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this,
+                              Pk11Install_PlatformName* cmp)
+{
+    return (Pk11Install_PlatformName_equal(_this, cmp) ||
+            Pk11Install_PlatformName_lt(_this, cmp))
+               ? PR_TRUE
+               : PR_FALSE;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  operator <
+// Class:   Pk11Install_PlatformName
+// Returns: PR_TRUE if the platform have the same OS and arch and a greater
+//          release.
+*/
+PRBool
+Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this,
+                            Pk11Install_PlatformName* cmp)
+{
+    int i, scmp;
+
+    if (!_this->OS || !_this->arch || !cmp->OS || !cmp->arch) {
+        return PR_FALSE;
+    }
+
+    if (PORT_Strcasecmp(_this->OS, cmp->OS)) {
+        return PR_FALSE;
+    }
+    if (PORT_Strcasecmp(_this->arch, cmp->arch)) {
+        return PR_FALSE;
+    }
+
+    for (i = 0; (i < _this->numDigits) && (i < cmp->numDigits); i++) {
+        scmp = PORT_Strcasecmp(_this->verString[i], cmp->verString[i]);
+        if (scmp > 0) {
+            return PR_FALSE;
+        } else if (scmp < 0) {
+            return PR_TRUE;
+        }
+    }
+    /* All the digits they have in common are the same. */
+    if (_this->numDigits < cmp->numDigits) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  GetString
+// Class:   Pk11Install_PlatformName
+// Returns: String composed of OS, release, and architecture separated
+//          by the separator char.  Memory is allocated by this function
+//          but is the responsibility of the caller to de-allocate.
+*/
+char*
+Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this)
+{
+    char* ret;
+    char* ver;
+    char* OS_;
+    char* arch_;
+
+    OS_ = NULL;
+    arch_ = NULL;
+
+    OS_ = _this->OS ? _this->OS : "";
+    arch_ = _this->arch ? _this->arch : "";
+
+    ver = Pk11Install_PlatformName_GetVerString(_this);
+    ret = PR_smprintf("%s%c%s%c%s", OS_, PLATFORM_SEPARATOR_CHAR, ver,
+                      PLATFORM_SEPARATOR_CHAR, arch_);
+
+    PR_Free(ver);
+
+    return ret;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  GetVerString
+// Class:   Pk11Install_PlatformName
+// Returns: The version string for this platform, in the form x.x.x with an
+//          arbitrary number of digits.  Memory allocated by function,
+//          must be de-allocated by caller.
+*/
+char*
+Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this)
+{
+    char* tmp;
+    char* ret;
+    int i;
+    char buf[80];
+
+    tmp = (char*)PR_Malloc(80 * _this->numDigits + 1);
+    tmp[0] = '\0';
+
+    for (i = 0; i < _this->numDigits - 1; i++) {
+        sprintf(buf, "%s.", _this->verString[i]);
+        strcat(tmp, buf);
+    }
+    if (i < _this->numDigits) {
+        sprintf(buf, "%s", _this->verString[i]);
+        strcat(tmp, buf);
+    }
+
+    ret = PR_Strdup(tmp);
+    free(tmp);
+
+    return ret;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Print
+// Class:   Pk11Install_PlatformName
+*/
+void
+Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad)
+{
+    char* str = NULL;
+    PAD(pad);
+    printf("OS: %s\n", _this->OS ? _this->OS : "<NULL>");
+    PAD(pad);
+    printf("Digits: ");
+    if (_this->numDigits == 0) {
+        printf("None\n");
+    } else {
+        str = Pk11Install_PlatformName_GetVerString(_this);
+        printf("%s\n", str);
+        PR_Free(str);
+    }
+    PAD(pad);
+    printf("arch: %s\n", _this->arch ? _this->arch : "<NULL>");
+}
+
+Pk11Install_Platform*
+Pk11Install_Platform_new()
+{
+    Pk11Install_Platform* new_this;
+    new_this = (Pk11Install_Platform*)PR_Malloc(sizeof(Pk11Install_Platform));
+    Pk11Install_Platform_init(new_this);
+    return new_this;
+}
+
+void
+Pk11Install_Platform_init(Pk11Install_Platform* _this)
+{
+    Pk11Install_PlatformName_init(&_this->name);
+    Pk11Install_PlatformName_init(&_this->equivName);
+    _this->equiv = NULL;
+    _this->usesEquiv = PR_FALSE;
+    _this->moduleFile = NULL;
+    _this->moduleName = NULL;
+    _this->modFile = -1;
+    _this->mechFlags = 0;
+    _this->cipherFlags = 0;
+    _this->files = NULL;
+    _this->numFiles = 0;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  ~Pk11Install_Platform
+// Class:   Pk11Install_Platform
+*/
+void
+Pk11Install_Platform_delete(Pk11Install_Platform* _this)
+{
+    Pk11Install_Platform_Cleanup(_this);
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Cleanup
+// Class:   Pk11Install_Platform
+*/
+void
+Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this)
+{
+    int i;
+    if (_this->moduleFile) {
+        PR_Free(_this->moduleFile);
+        _this->moduleFile = NULL;
+    }
+    if (_this->moduleName) {
+        PR_Free(_this->moduleName);
+        _this->moduleName = NULL;
+    }
+    if (_this->files) {
+        for (i = 0; i < _this->numFiles; i++) {
+            Pk11Install_File_delete(&_this->files[i]);
+        }
+        PR_Free(_this->files);
+        _this->files = NULL;
+    }
+    _this->equiv = NULL;
+    _this->usesEquiv = PR_FALSE;
+    _this->modFile = -1;
+    _this->numFiles = 0;
+    _this->mechFlags = _this->cipherFlags = 0;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:  Generate
+// Class:   Pk11Install_Platform
+// Notes:   Creates a platform data structure from a syntax tree.
+// Returns: NULL for success, otherwise an error message.
+*/
+char*
+Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
+                              const Pk11Install_Pair* pair)
+{
+    char* errStr;
+    char* endptr;
+    char* tmp;
+    int i;
+    Pk11Install_ListIter* iter;
+    Pk11Install_Value* val;
+    Pk11Install_Value* subval;
+    Pk11Install_Pair* subpair;
+    Pk11Install_ListIter* subiter;
+    PRBool gotModuleFile, gotModuleName, gotMech,
+        gotCipher, gotFiles, gotEquiv;
+
+    errStr = NULL;
+    iter = subiter = NULL;
+    val = subval = NULL;
+    subpair = NULL;
+    gotModuleFile = gotModuleName = gotMech = gotCipher = gotFiles = gotEquiv = PR_FALSE;
+    Pk11Install_Platform_Cleanup(_this);
+
+    errStr = Pk11Install_PlatformName_Generate(&_this->name, pair->key);
+    if (errStr) {
+        tmp = PR_smprintf("%s: %s", pair->key, errStr);
+        PR_smprintf_free(errStr);
+        errStr = tmp;
+        goto loser;
+    }
+
+    iter = Pk11Install_ListIter_new(pair->list);
+    for (; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
+        if (val->type == PAIR_VALUE) {
+            subpair = val->pair;
+
+            if (!PORT_Strcasecmp(subpair->key, MODULE_FILE_STRING)) {
+                if (gotModuleFile) {
+                    errStr = PR_smprintf(errString[REPEAT_MODULE_FILE],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE)) {
+                    errStr = PR_smprintf(errString[BOGUS_MODULE_FILE],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                _this->moduleFile = PR_Strdup(subval->string);
+                Pk11Install_ListIter_delete(&subiter);
+                gotModuleFile = PR_TRUE;
+            } else if (!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)) {
+                if (gotModuleName) {
+                    errStr = PR_smprintf(errString[REPEAT_MODULE_NAME],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE)) {
+                    errStr = PR_smprintf(errString[BOGUS_MODULE_NAME],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                _this->moduleName = PR_Strdup(subval->string);
+                Pk11Install_ListIter_delete(&subiter);
+                gotModuleName = PR_TRUE;
+            } else if (!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) {
+                endptr = NULL;
+
+                if (gotMech) {
+                    errStr = PR_smprintf(errString[REPEAT_MECH],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE)) {
+                    errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                _this->mechFlags = strtol(subval->string, &endptr, 0);
+                if (*endptr != '\0' || (endptr == subval->string)) {
+                    errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                Pk11Install_ListIter_delete(&subiter);
+                gotMech = PR_TRUE;
+            } else if (!PORT_Strcasecmp(subpair->key, CIPHER_FLAGS_STRING)) {
+                endptr = NULL;
+
+                if (gotCipher) {
+                    errStr = PR_smprintf(errString[REPEAT_CIPHER],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE)) {
+                    errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                _this->cipherFlags = strtol(subval->string, &endptr, 0);
+                if (*endptr != '\0' || (endptr == subval->string)) {
+                    errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                Pk11Install_ListIter_delete(&subiter);
+                gotCipher = PR_TRUE;
+            } else if (!PORT_Strcasecmp(subpair->key, FILES_STRING)) {
+                if (gotFiles) {
+                    errStr = PR_smprintf(errString[REPEAT_FILES],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                _this->numFiles = subpair->list->numPairs;
+                _this->files = (Pk11Install_File*)
+                    PR_Malloc(sizeof(Pk11Install_File) * _this->numFiles);
+                for (i = 0; i < _this->numFiles; i++,
+                    Pk11Install_ListIter_nextItem(subiter)) {
+                    Pk11Install_File_init(&_this->files[i]);
+                    val = subiter->current;
+                    if (val && (val->type == PAIR_VALUE)) {
+                        errStr = Pk11Install_File_Generate(&_this->files[i], val->pair);
+                        if (errStr) {
+                            tmp = PR_smprintf("%s: %s",
+                                              Pk11Install_PlatformName_GetString(&_this->name), errStr);
+                            PR_smprintf_free(errStr);
+                            errStr = tmp;
+                            goto loser;
+                        }
+                    }
+                }
+                gotFiles = PR_TRUE;
+            } else if (!PORT_Strcasecmp(subpair->key,
+                                        EQUIVALENT_PLATFORM_STRING)) {
+                if (gotEquiv) {
+                    errStr = PR_smprintf(errString[REPEAT_EQUIV],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                subiter = Pk11Install_ListIter_new(subpair->list);
+                subval = subiter->current;
+                if (!subval || (subval->type != STRING_VALUE)) {
+                    errStr = PR_smprintf(errString[BOGUS_EQUIV],
+                                         Pk11Install_PlatformName_GetString(&_this->name));
+                    goto loser;
+                }
+                errStr = Pk11Install_PlatformName_Generate(&_this->equivName,
+                                                           subval->string);
+                if (errStr) {
+                    tmp = PR_smprintf("%s: %s",
+                                      Pk11Install_PlatformName_GetString(&_this->name), errStr);
+                    tmp = PR_smprintf("%s: %s",
+                                      Pk11Install_PlatformName_GetString(&_this->name), errStr);
+                    PR_smprintf_free(errStr);
+                    errStr = tmp;
+                    goto loser;
+                }
+                _this->usesEquiv = PR_TRUE;
+            }
+        }
+    }
+
+    /* Make sure we either have an EquivalentPlatform or all the other info */
+    if (_this->usesEquiv &&
+        (gotFiles || gotModuleFile || gotModuleName || gotMech || gotCipher)) {
+        errStr = PR_smprintf(errString[EQUIV_TOO_MUCH_INFO],
+                             Pk11Install_PlatformName_GetString(&_this->name));
+        goto loser;
+    }
+    if (!gotFiles && !_this->usesEquiv) {
+        errStr = PR_smprintf(errString[NO_FILES],
+                             Pk11Install_PlatformName_GetString(&_this->name));
+        goto loser;
+    }
+    if (!gotModuleFile && !_this->usesEquiv) {
+        errStr = PR_smprintf(errString[NO_MODULE_FILE],
+                             Pk11Install_PlatformName_GetString(&_this->name));
+        goto loser;
+    }
+    if (!gotModuleName && !_this->usesEquiv) {
+        errStr = PR_smprintf(errString[NO_MODULE_NAME],
+                             Pk11Install_PlatformName_GetString(&_this->name));
+        goto loser;
+    }
+
+    /* Point the modFile pointer to the correct file */
+    if (gotModuleFile) {
+        for (i = 0; i < _this->numFiles; i++) {
+            if (!PORT_Strcasecmp(_this->moduleFile, _this->files[i].jarPath)) {
+                _this->modFile = i;
+                break;
+            }
+        }
+        if (_this->modFile == -1) {
+            errStr = PR_smprintf(errString[UNKNOWN_MODULE_FILE],
+                                 _this->moduleFile,
+                                 Pk11Install_PlatformName_GetString(&_this->name));
+            goto loser;
+        }
+    }
+
+loser:
+    if (iter) {
+        PR_Free(iter);
+    }
+    if (subiter) {
+        PR_Free(subiter);
+    }
+    return errStr;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:      Print
+// Class:       Pk11Install_Platform
+*/
+void
+Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad)
+{
+    int i;
+
+    PAD(pad);
+    printf("Name:\n");
+    Pk11Install_PlatformName_Print(&_this->name, pad + PADINC);
+    PAD(pad);
+    printf("equivName:\n");
+    Pk11Install_PlatformName_Print(&_this->equivName, pad + PADINC);
+    PAD(pad);
+    if (_this->usesEquiv) {
+        printf("Uses equiv, which points to:\n");
+        Pk11Install_Platform_Print(_this->equiv, pad + PADINC);
+    } else {
+        printf("Doesn't use equiv\n");
+    }
+    PAD(pad);
+    printf("Module File: %s\n", _this->moduleFile ? _this->moduleFile
+                                                  : "<NULL>");
+    PAD(pad);
+    printf("mechFlags: %lx\n", _this->mechFlags);
+    PAD(pad);
+    printf("cipherFlags: %lx\n", _this->cipherFlags);
+    PAD(pad);
+    printf("Files:\n");
+    for (i = 0; i < _this->numFiles; i++) {
+        Pk11Install_File_Print(&_this->files[i], pad + PADINC);
+        PAD(pad);
+        printf("--------------------\n");
+    }
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:      Pk11Install_Info
+// Class:       Pk11Install_Info
+*/
+Pk11Install_Info*
+Pk11Install_Info_new()
+{
+    Pk11Install_Info* new_this;
+    new_this = (Pk11Install_Info*)PR_Malloc(sizeof(Pk11Install_Info));
+    Pk11Install_Info_init(new_this);
+    return new_this;
+}
+
+void
+Pk11Install_Info_init(Pk11Install_Info* _this)
+{
+    _this->platforms = NULL;
+    _this->numPlatforms = 0;
+    _this->forwardCompatible = NULL;
+    _this->numForwardCompatible = 0;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:      ~Pk11Install_Info
+// Class:       Pk11Install_Info
+*/
+void
+Pk11Install_Info_delete(Pk11Install_Info* _this)
+{
+    Pk11Install_Info_Cleanup(_this);
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:      Cleanup
+// Class:       Pk11Install_Info
+*/
+void
+Pk11Install_Info_Cleanup(Pk11Install_Info* _this)
+{
+    int i;
+    if (_this->platforms) {
+        for (i = 0; i < _this->numPlatforms; i++) {
+            Pk11Install_Platform_delete(&_this->platforms[i]);
+        }
+        PR_Free(&_this->platforms);
+        _this->platforms = NULL;
+        _this->numPlatforms = 0;
+    }
+
+    if (_this->forwardCompatible) {
+        for (i = 0; i < _this->numForwardCompatible; i++) {
+            Pk11Install_PlatformName_delete(&_this->forwardCompatible[i]);
+        }
+        PR_Free(&_this->forwardCompatible);
+        _this->numForwardCompatible = 0;
+    }
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:      Generate
+// Class:       Pk11Install_Info
+// Takes:       Pk11Install_ValueList *list, the top-level list
+//              resulting from parsing an installer file.
+// Returns:     char*, NULL if successful, otherwise an error string.
+//              Caller is responsible for freeing memory.
+*/
+char*
+Pk11Install_Info_Generate(Pk11Install_Info* _this,
+                          const Pk11Install_ValueList* list)
+{
+    char* errStr;
+    Pk11Install_ListIter* iter;
+    Pk11Install_Value* val;
+    Pk11Install_Pair* pair;
+    Pk11Install_ListIter* subiter;
+    Pk11Install_Value* subval;
+    Pk11Install_Platform *first, *second;
+    int i, j;
+
+    errStr = NULL;
+    iter = subiter = NULL;
+    Pk11Install_Info_Cleanup(_this);
+
+    iter = Pk11Install_ListIter_new(list);
+    for (; (val = iter->current); Pk11Install_ListIter_nextItem(iter)) {
+        if (val->type == PAIR_VALUE) {
+            pair = val->pair;
+
+            if (!PORT_Strcasecmp(pair->key, FORWARD_COMPATIBLE_STRING)) {
+                subiter = Pk11Install_ListIter_new(pair->list);
+                _this->numForwardCompatible = pair->list->numStrings;
+                _this->forwardCompatible = (Pk11Install_PlatformName*)
+                    PR_Malloc(sizeof(Pk11Install_PlatformName) *
+                              _this->numForwardCompatible);
+                for (i = 0; i < _this->numForwardCompatible; i++,
+                    Pk11Install_ListIter_nextItem(subiter)) {
+                    subval = subiter->current;
+                    if (subval->type == STRING_VALUE) {
+                        errStr = Pk11Install_PlatformName_Generate(
+                            &_this->forwardCompatible[i], subval->string);
+                        if (errStr) {
+                            goto loser;
+                        }
+                    }
+                }
+                Pk11Install_ListIter_delete(&subiter);
+            } else if (!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) {
+                subiter = Pk11Install_ListIter_new(pair->list);
+                _this->numPlatforms = pair->list->numPairs;
+                _this->platforms = (Pk11Install_Platform*)
+                    PR_Malloc(sizeof(Pk11Install_Platform) *
+                              _this->numPlatforms);
+                for (i = 0; i < _this->numPlatforms; i++,
+                    Pk11Install_ListIter_nextItem(subiter)) {
+                    Pk11Install_Platform_init(&_this->platforms[i]);
+                    subval = subiter->current;
+                    if (subval->type == PAIR_VALUE) {
+                        errStr = Pk11Install_Platform_Generate(&_this->platforms[i], subval->pair);
+                        if (errStr) {
+                            goto loser;
+                        }
+                    }
+                }
+                Pk11Install_ListIter_delete(&subiter);
+            }
+        }
+    }
+
+    if (_this->numPlatforms == 0) {
+        errStr = PR_smprintf(errString[NO_PLATFORMS]);
+        goto loser;
+    }
+
+    /*
+    //
+    // Now process equivalent platforms
+    //
+
+    // First the naive pass
+    */
+    for (i = 0; i < _this->numPlatforms; i++) {
+        if (_this->platforms[i].usesEquiv) {
+            _this->platforms[i].equiv = NULL;
+            for (j = 0; j < _this->numPlatforms; j++) {
+                if (Pk11Install_PlatformName_equal(&_this->platforms[i].equivName,
+                                                   &_this->platforms[j].name)) {
+                    if (i == j) {
+                        errStr = PR_smprintf(errString[EQUIV_LOOP],
+                                             Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+                        goto loser;
+                    }
+                    _this->platforms[i].equiv = &_this->platforms[j];
+                    break;
+                }
+            }
+            if (_this->platforms[i].equiv == NULL) {
+                errStr = PR_smprintf(errString[BOGUS_EQUIV],
+                                     Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+                goto loser;
+            }
+        }
+    }
+
+    /*
+    // Now the intelligent pass, which will also detect loops.
+    // We will send two pointers through the linked list of equivalent
+    // platforms. Both start with the current node.  "first" traverses
+    // two nodes for each iteration.  "second" lags behind, only traversing
+    // one node per iteration.  Eventually one of two things will happen:
+    // first will hit the end of the list (a platform that doesn't use
+    // an equivalency), or first will equal second if there is a loop.
+    */
+    for (i = 0; i < _this->numPlatforms; i++) {
+        if (_this->platforms[i].usesEquiv) {
+            second = _this->platforms[i].equiv;
+            if (!second->usesEquiv) {
+                /* The first link is the terminal node */
+                continue;
+            }
+            first = second->equiv;
+            while (first->usesEquiv) {
+                if (first == second) {
+                    errStr = PR_smprintf(errString[EQUIV_LOOP],
+                                         Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+                    goto loser;
+                }
+                first = first->equiv;
+                if (!first->usesEquiv) {
+                    break;
+                }
+                if (first == second) {
+                    errStr = PR_smprintf(errString[EQUIV_LOOP],
+                                         Pk11Install_PlatformName_GetString(&_this->platforms[i].name));
+                    goto loser;
+                }
+                second = second->equiv;
+                first = first->equiv;
+            }
+            _this->platforms[i].equiv = first;
+        }
+    }
+
+loser:
+    if (iter) {
+        Pk11Install_ListIter_delete(&iter);
+    }
+    if (subiter) {
+        Pk11Install_ListIter_delete(&subiter);
+    }
+    return errStr;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:      GetBestPlatform
+// Class:       Pk11Install_Info
+// Takes:       char *myPlatform, the platform we are currently running
+//              on.
+*/
+Pk11Install_Platform*
+Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char* myPlatform)
+{
+    Pk11Install_PlatformName plat;
+    char* errStr;
+    int i, j;
+
+    errStr = NULL;
+
+    Pk11Install_PlatformName_init(&plat);
+    if ((errStr = Pk11Install_PlatformName_Generate(&plat, myPlatform))) {
+        PR_smprintf_free(errStr);
+        return NULL;
+    }
+
+    /* First try real platforms */
+    for (i = 0; i < _this->numPlatforms; i++) {
+        if (Pk11Install_PlatformName_equal(&_this->platforms[i].name, &plat)) {
+            if (_this->platforms[i].equiv) {
+                return _this->platforms[i].equiv;
+            } else {
+                return &_this->platforms[i];
+            }
+        }
+    }
+
+    /* Now try forward compatible platforms */
+    for (i = 0; i < _this->numForwardCompatible; i++) {
+        if (Pk11Install_PlatformName_lteq(&_this->forwardCompatible[i], &plat)) {
+            break;
+        }
+    }
+    if (i == _this->numForwardCompatible) {
+        return NULL;
+    }
+
+    /* Got a forward compatible name, find the actual platform. */
+    for (j = 0; j < _this->numPlatforms; j++) {
+        if (Pk11Install_PlatformName_equal(&_this->platforms[j].name,
+                                           &_this->forwardCompatible[i])) {
+            if (_this->platforms[j].equiv) {
+                return _this->platforms[j].equiv;
+            } else {
+                return &_this->platforms[j];
+            }
+        }
+    }
+
+    return NULL;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Method:      Print
+// Class:       Pk11Install_Info
+*/
+void
+Pk11Install_Info_Print(Pk11Install_Info* _this, int pad)
+{
+    int i;
+
+    PAD(pad);
+    printf("Forward Compatible:\n");
+    for (i = 0; i < _this->numForwardCompatible; i++) {
+        Pk11Install_PlatformName_Print(&_this->forwardCompatible[i], pad + PADINC);
+        PAD(pad);
+        printf("-------------------\n");
+    }
+    PAD(pad);
+    printf("Platforms:\n");
+    for (i = 0; i < _this->numPlatforms; i++) {
+        Pk11Install_Platform_Print(&_this->platforms[i], pad + PADINC);
+        PAD(pad);
+        printf("-------------------\n");
+    }
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+*/
+static char*
+PR_Strdup(const char* str)
+{
+    char* tmp;
+    tmp = (char*)PR_Malloc((unsigned int)(strlen(str) + 1));
+    strcpy(tmp, str);
+    return tmp;
+}
+
+/* The global value list, the top of the tree */
+Pk11Install_ValueList* Pk11Install_valueList = NULL;
+
+/****************************************************************************/
+void
+Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this,
+                              Pk11Install_Value* item)
+{
+    _this->numItems++;
+    if (item->type == STRING_VALUE) {
+        _this->numStrings++;
+    } else {
+        _this->numPairs++;
+    }
+    item->next = _this->head;
+    _this->head = item;
+}
+
+/****************************************************************************/
+Pk11Install_ListIter*
+Pk11Install_ListIter_new_default()
+{
+    Pk11Install_ListIter* new_this;
+    new_this = (Pk11Install_ListIter*)
+        PR_Malloc(sizeof(Pk11Install_ListIter));
+    Pk11Install_ListIter_init(new_this);
+    return new_this;
+}
+
+/****************************************************************************/
+void
+Pk11Install_ListIter_init(Pk11Install_ListIter* _this)
+{
+    _this->list = NULL;
+    _this->current = NULL;
+}
+
+/****************************************************************************/
+Pk11Install_ListIter*
+Pk11Install_ListIter_new(const Pk11Install_ValueList* _list)
+{
+    Pk11Install_ListIter* new_this;
+    new_this = (Pk11Install_ListIter*)
+        PR_Malloc(sizeof(Pk11Install_ListIter));
+    new_this->list = _list;
+    new_this->current = _list->head;
+    return new_this;
+}
+
+/****************************************************************************/
+void
+Pk11Install_ListIter_delete(Pk11Install_ListIter** _this)
+{
+    (*_this)->list = NULL;
+    (*_this)->current = NULL;
+    PR_Free(*_this);
+    *_this = NULL;
+}
+
+/****************************************************************************/
+void
+Pk11Install_ListIter_reset(Pk11Install_ListIter* _this)
+{
+    if (_this->list) {
+        _this->current = _this->list->head;
+    }
+}
+
+/*************************************************************************/
+Pk11Install_Value*
+Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this)
+{
+    if (_this->current) {
+        _this->current = _this->current->next;
+    }
+
+    return _this->current;
+}
+
+/****************************************************************************/
+Pk11Install_ValueList*
+Pk11Install_ValueList_new()
+{
+    Pk11Install_ValueList* new_this;
+    new_this = (Pk11Install_ValueList*)
+        PR_Malloc(sizeof(Pk11Install_ValueList));
+    new_this->numItems = 0;
+    new_this->numPairs = 0;
+    new_this->numStrings = 0;
+    new_this->head = NULL;
+    return new_this;
+}
+
+/****************************************************************************/
+void
+Pk11Install_ValueList_delete(Pk11Install_ValueList* _this)
+{
+
+    Pk11Install_Value* tmp;
+    Pk11Install_Value* list;
+    list = _this->head;
+
+    while (list != NULL) {
+        tmp = list;
+        list = list->next;
+        PR_Free(tmp);
+    }
+    PR_Free(_this);
+}
+
+/****************************************************************************/
+Pk11Install_Value*
+Pk11Install_Value_new_default()
+{
+    Pk11Install_Value* new_this;
+    new_this = (Pk11Install_Value*)PR_Malloc(sizeof(Pk11Install_Value));
+    new_this->type = STRING_VALUE;
+    new_this->string = NULL;
+    new_this->pair = NULL;
+    new_this->next = NULL;
+    return new_this;
+}
+
+/****************************************************************************/
+Pk11Install_Value*
+Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr)
+{
+    Pk11Install_Value* new_this;
+    new_this = Pk11Install_Value_new_default();
+    new_this->type = _type;
+    if (_type == STRING_VALUE) {
+        new_this->pair = NULL;
+        new_this->string = ptr.string;
+    } else {
+        new_this->string = NULL;
+        new_this->pair = ptr.pair;
+    }
+    return new_this;
+}
+
+/****************************************************************************/
+void
+Pk11Install_Value_delete(Pk11Install_Value* _this)
+{
+    if (_this->type == STRING_VALUE) {
+        PR_Free(_this->string);
+    } else {
+        PR_Free(_this->pair);
+    }
+}
+
+/****************************************************************************/
+Pk11Install_Pair*
+Pk11Install_Pair_new_default()
+{
+    return Pk11Install_Pair_new(NULL, NULL);
+}
+
+/****************************************************************************/
+Pk11Install_Pair*
+Pk11Install_Pair_new(char* _key, Pk11Install_ValueList* _list)
+{
+    Pk11Install_Pair* new_this;
+    new_this = (Pk11Install_Pair*)PR_Malloc(sizeof(Pk11Install_Pair));
+    new_this->key = _key;
+    new_this->list = _list;
+    return new_this;
+}
+
+/****************************************************************************/
+void
+Pk11Install_Pair_delete(Pk11Install_Pair* _this)
+{
+    PR_Free(_this->key);
+    Pk11Install_ValueList_delete(_this->list);
+}
+
+/*************************************************************************/
+void
+Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad)
+{
+    while (_this) {
+        /*PAD(pad); printf("**Pair\n");
+        PAD(pad); printf("***Key====\n");*/
+        PAD(pad);
+        printf("%s {\n", _this->key);
+        /*PAD(pad); printf("====\n");*/
+        /*PAD(pad); printf("***ValueList\n");*/
+        Pk11Install_ValueList_Print(_this->list, pad + PADINC);
+        PAD(pad);
+        printf("}\n");
+    }
+}
+
+/*************************************************************************/
+void
+Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad)
+{
+    Pk11Install_Value* v;
+
+    /*PAD(pad);printf("**Value List**\n");*/
+    for (v = _this->head; v != NULL; v = v->next) {
+        Pk11Install_Value_Print(v, pad);
+    }
+}
+
+/*************************************************************************/
+void
+Pk11Install_Value_Print(Pk11Install_Value* _this, int pad)
+{
+    /*PAD(pad); printf("**Value, type=%s\n",
+        type==STRING_VALUE ? "string" : "pair");*/
+    if (_this->type == STRING_VALUE) {
+        /*PAD(pad+PADINC); printf("====\n");*/
+        PAD(pad);
+        printf("%s\n", _this->string);
+        /*PAD(pad+PADINC); printf("====\n");*/
+    } else {
+        Pk11Install_Pair_Print(_this->pair, pad + PADINC);
+    }
+}
diff --git a/nss/cmd/modutil/install-ds.h b/nss/cmd/modutil/install-ds.h
new file mode 100644
index 0000000..70813f6
--- /dev/null
+++ b/nss/cmd/modutil/install-ds.h
@@ -0,0 +1,260 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef INSTALL_DS_H
+#define INSTALL_DS_H
+
+#include <stdio.h>
+#include <prio.h>
+#include <prmem.h>
+
+extern PRFileDesc* Pk11Install_FD;
+extern int Pk11Install_yylex();
+extern int Pk11Install_yylinenum;
+extern char* Pk11Install_yyerrstr;
+
+typedef enum { STRING_VALUE,
+               PAIR_VALUE } ValueType;
+
+typedef struct Pk11Install_Pair_str Pk11Install_Pair;
+typedef union Pk11Install_Pointer_str Pk11Install_Pointer;
+typedef struct Pk11Install_Value_str Pk11Install_Value;
+typedef struct Pk11Install_ValueList_str Pk11Install_ValueList;
+typedef struct Pk11Install_ListIter_str Pk11Install_ListIter;
+typedef struct Pk11Install_File_str Pk11Install_File;
+typedef struct Pk11Install_PlatformName_str Pk11Install_PlatformName;
+typedef struct Pk11Install_Platform_str Pk11Install_Platform;
+typedef struct Pk11Install_Info_str Pk11Install_Info;
+
+extern Pk11Install_Pointer Pk11Install_yylval;
+extern Pk11Install_ValueList* Pk11Install_valueList;
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Pk11Install_Pair
+//////////////////////////////////////////////////////////////////////////
+*/
+
+struct Pk11Install_Pair_str {
+    char* key;
+    Pk11Install_ValueList* list;
+};
+
+Pk11Install_Pair*
+Pk11Install_Pair_new_default();
+Pk11Install_Pair*
+Pk11Install_Pair_new(char* _key, Pk11Install_ValueList* _list);
+void
+Pk11Install_Pair_delete(Pk11Install_Pair* _this);
+void
+Pk11Install_Pair_Print(Pk11Install_Pair* _this, int pad);
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Pk11Install_Pointer
+//////////////////////////////////////////////////////////////////////////
+*/
+union Pk11Install_Pointer_str {
+    Pk11Install_ValueList* list;
+    Pk11Install_Value* value;
+    Pk11Install_Pair* pair;
+    char* string;
+};
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Pk11Install_Value
+//////////////////////////////////////////////////////////////////////////
+*/
+struct Pk11Install_Value_str {
+
+    ValueType type;
+    char* string;
+    Pk11Install_Pair* pair;
+    struct Pk11Install_Value_str* next;
+};
+
+Pk11Install_Value*
+Pk11Install_Value_new_default();
+Pk11Install_Value*
+Pk11Install_Value_new(ValueType _type, Pk11Install_Pointer ptr);
+void
+Pk11Install_Value_delete(Pk11Install_Value* _this);
+void
+Pk11Install_Value_Print(Pk11Install_Value* _this, int pad);
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Pk11Install_ValueList
+//////////////////////////////////////////////////////////////////////////
+*/
+struct Pk11Install_ValueList_str {
+    int numItems;
+    int numPairs;
+    int numStrings;
+    Pk11Install_Value* head;
+};
+
+Pk11Install_ValueList*
+Pk11Install_ValueList_new();
+void
+Pk11Install_ValueList_delete(Pk11Install_ValueList* _this);
+void
+Pk11Install_ValueList_AddItem(Pk11Install_ValueList* _this,
+                              Pk11Install_Value* item);
+void
+Pk11Install_ValueList_Print(Pk11Install_ValueList* _this, int pad);
+
+/*
+//////////////////////////////////////////////////////////////////////////
+// Pk11Install_ListIter
+//////////////////////////////////////////////////////////////////////////
+*/
+struct Pk11Install_ListIter_str {
+    const Pk11Install_ValueList* list;
+    Pk11Install_Value* current;
+};
+
+Pk11Install_ListIter*
+Pk11Install_ListIter_new_default();
+void
+Pk11Install_ListIter_init(Pk11Install_ListIter* _this);
+Pk11Install_ListIter*
+Pk11Install_ListIter_new(const Pk11Install_ValueList* _list);
+void
+Pk11Install_ListIter_delete(Pk11Install_ListIter** _this);
+void
+Pk11Install_ListIter_reset(Pk11Install_ListIter* _this);
+Pk11Install_Value*
+Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this);
+
+/************************************************************************
+ *
+ * Pk11Install_File
+ */
+struct Pk11Install_File_str {
+    char* jarPath;
+    char* relativePath;
+    char* absolutePath;
+    PRBool executable;
+    int permissions;
+};
+
+Pk11Install_File*
+Pk11Install_File_new();
+void
+Pk11Install_File_init(Pk11Install_File* _this);
+void
+Pk11Install_file_delete(Pk11Install_File* _this);
+/*// Parses a syntax tree to obtain all attributes.
+// Returns NULL for success, error message if parse error.*/
+char*
+Pk11Install_File_Generate(Pk11Install_File* _this,
+                          const Pk11Install_Pair* pair);
+void
+Pk11Install_File_Print(Pk11Install_File* _this, int pad);
+void
+Pk11Install_File_Cleanup(Pk11Install_File* _this);
+
+/************************************************************************
+ *
+ * Pk11Install_PlatformName
+ */
+struct Pk11Install_PlatformName_str {
+    char* OS;
+    char** verString;
+    int numDigits;
+    char* arch;
+};
+
+Pk11Install_PlatformName*
+Pk11Install_PlatformName_new();
+void
+Pk11Install_PlatformName_init(Pk11Install_PlatformName* _this);
+void
+Pk11Install_PlatformName_delete(Pk11Install_PlatformName* _this);
+char*
+Pk11Install_PlatformName_Generate(Pk11Install_PlatformName* _this,
+                                  const char* str);
+char*
+Pk11Install_PlatformName_GetString(Pk11Install_PlatformName* _this);
+char*
+Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this);
+void
+Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad);
+void
+Pk11Install_PlatformName_Cleanup(Pk11Install_PlatformName* _this);
+PRBool
+Pk11Install_PlatformName_equal(Pk11Install_PlatformName* _this,
+                               Pk11Install_PlatformName* cmp);
+PRBool
+Pk11Install_PlatformName_lteq(Pk11Install_PlatformName* _this,
+                              Pk11Install_PlatformName* cmp);
+PRBool
+Pk11Install_PlatformName_lt(Pk11Install_PlatformName* _this,
+                            Pk11Install_PlatformName* cmp);
+
+/************************************************************************
+ *
+ * Pk11Install_Platform
+ */
+struct Pk11Install_Platform_str {
+    Pk11Install_PlatformName name;
+    Pk11Install_PlatformName equivName;
+    struct Pk11Install_Platform_str* equiv;
+    PRBool usesEquiv;
+    char* moduleFile;
+    char* moduleName;
+    int modFile;
+    unsigned long mechFlags;
+    unsigned long cipherFlags;
+    Pk11Install_File* files;
+    int numFiles;
+};
+
+Pk11Install_Platform*
+Pk11Install_Platform_new();
+void
+Pk11Install_Platform_init(Pk11Install_Platform* _this);
+void
+Pk11Install_Platform_delete(Pk11Install_Platform* _this);
+/*// Returns NULL for success, error message if parse error.*/
+char*
+Pk11Install_Platform_Generate(Pk11Install_Platform* _this,
+                              const Pk11Install_Pair* pair);
+void
+Pk11Install_Platform_Print(Pk11Install_Platform* _this, int pad);
+void
+Pk11Install_Platform_Cleanup(Pk11Install_Platform* _this);
+
+/************************************************************************
+ *
+ * Pk11Install_Info
+ */
+struct Pk11Install_Info_str {
+    Pk11Install_Platform* platforms;
+    int numPlatforms;
+    Pk11Install_PlatformName* forwardCompatible;
+    int numForwardCompatible;
+};
+
+Pk11Install_Info*
+Pk11Install_Info_new();
+void
+Pk11Install_Info_init(Pk11Install_Info* _this);
+void
+Pk11Install_Info_delete(Pk11Install_Info* _this);
+/*// Returns NULL for success, error message if parse error.*/
+char*
+Pk11Install_Info_Generate(Pk11Install_Info* _this,
+                          const Pk11Install_ValueList* list);
+/*// Returns NULL if there is no matching platform*/
+Pk11Install_Platform*
+Pk11Install_Info_GetBestPlatform(Pk11Install_Info* _this, char* myPlatform);
+void
+Pk11Install_Info_Print(Pk11Install_Info* _this, int pad);
+void
+Pk11Install_Info_Cleanup(Pk11Install_Info* _this);
+
+#endif /* INSTALL_DS_H */
diff --git a/nss/cmd/modutil/install.c b/nss/cmd/modutil/install.c
new file mode 100644
index 0000000..ea4aeb7
--- /dev/null
+++ b/nss/cmd/modutil/install.c
@@ -0,0 +1,959 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "install.h"
+#include "install-ds.h"
+#include <prerror.h>
+#include <prlock.h>
+#include <prio.h>
+#include <prmem.h>
+#include <prprf.h>
+#include <prsystem.h>
+#include <prproces.h>
+
+#ifdef XP_UNIX
+/* for chmod */
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
+/*extern "C" {*/
+#include <jar.h>
+/*}*/
+
+extern /*"C"*/
+    int
+    Pk11Install_AddNewModule(char *moduleName, char *dllPath,
+                             unsigned long defaultMechanismFlags,
+                             unsigned long cipherEnableFlags);
+extern /*"C"*/
+    short
+    Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out,
+                              PRBool query);
+extern /*"C"*/
+    const char *
+    mySECU_ErrorString(PRErrorCode errnum);
+extern int Pk11Install_yyparse();
+
+#define INSTALL_METAINFO_TAG "Pkcs11_install_script"
+#define SCRIPT_TEMP_FILE "pkcs11inst.tmp"
+#define ROOT_MARKER "%root%"
+#define TEMP_MARKER "%temp%"
+#define PRINTF_ROOT_MARKER "%%root%%"
+#define TEMPORARY_DIRECTORY_NAME "pk11inst.dir"
+#define JAR_BASE_END (JAR_BASE + 100)
+
+static PRLock *errorHandlerLock = NULL;
+static Pk11Install_ErrorHandler errorHandler = NULL;
+static char *PR_Strdup(const char *str);
+static int rm_dash_r(char *path);
+static int make_dirs(char *path, int file_perms);
+static int dir_perms(int perms);
+
+static Pk11Install_Error DoInstall(JAR *jar, const char *installDir,
+                                   const char *tempDir, Pk11Install_Platform *platform,
+                                   PRFileDesc *feedback, PRBool noverify);
+
+static char *errorString[] = {
+    "Operation was successful",        /* PK11_INSTALL_NO_ERROR */
+    "Directory \"%s\" does not exist", /* PK11_INSTALL_DIR_DOESNT_EXIST */
+    "File \"%s\" does not exist",      /* PK11_INSTALL_FILE_DOESNT_EXIST */
+    "File \"%s\" is not readable",     /* PK11_INSTALL_FILE_NOT_READABLE */
+    "%s",                              /* PK11_INSTALL_ERROR_STRING */
+    "Error in JAR file %s: %s",        /* PK11_INSTALL_JAR_ERROR */
+    "No Pkcs11_install_script specified in JAR metainfo file",
+    /* PK11_INSTALL_NO_INSTALLER_SCRIPT */
+    "Could not delete temporary file \"%s\"",
+    /*PK11_INSTALL_DELETE_TEMP_FILE */
+    "Could not open temporary file \"%s\"", /*PK11_INSTALL_OPEN_SCRIPT_FILE*/
+    "%s: %s",                               /* PK11_INSTALL_SCRIPT_PARSE */
+    "Error in script: %s",
+    "Unable to obtain system platform information",
+    "Installer script has no information about the current platform (%s)",
+    "Relative directory \"%s\" does not contain " PRINTF_ROOT_MARKER,
+    "Module File \"%s\" not found",
+    "Error occurred installing module \"%s\" into database",
+    "Error extracting \"%s\" from JAR file: %s",
+    "Directory \"%s\" is not writeable",
+    "Could not create directory \"%s\"",
+    "Could not remove directory \"%s\"",
+    "Unable to execute \"%s\"",
+    "Unable to wait for process \"%s\"",
+    "\"%s\" returned error code %d",
+    "User aborted operation",
+    "Unspecified error"
+};
+
+enum {
+    INSTALLED_FILE_MSG = 0,
+    INSTALLED_MODULE_MSG,
+    INSTALLER_SCRIPT_NAME,
+    MY_PLATFORM_IS,
+    USING_PLATFORM,
+    PARSED_INSTALL_SCRIPT,
+    EXEC_FILE_MSG,
+    EXEC_SUCCESS,
+    INSTALLATION_COMPLETE_MSG,
+    USER_ABORT
+};
+
+static char *msgStrings[] = {
+    "Installed file %s to %s\n",
+    "Installed module \"%s\" into module database\n",
+    "Using installer script \"%s\"\n",
+    "Current platform is %s\n",
+    "Using installation parameters for platform %s\n",
+    "Successfully parsed installation script\n",
+    "Executing \"%s\"...\n",
+    "\"%s\" executed successfully\n",
+    "\nInstallation completed successfully\n",
+    "\nAborting...\n"
+};
+
+/**************************************************************************
+ * S t r i n g N o d e
+ */
+typedef struct StringNode_str {
+    char *str;
+    struct StringNode_str *next;
+} StringNode;
+
+StringNode *
+StringNode_new()
+{
+    StringNode *new_this;
+    new_this = (StringNode *)PR_Malloc(sizeof(StringNode));
+    PORT_Assert(new_this != NULL);
+    new_this->str = NULL;
+    new_this->next = NULL;
+    return new_this;
+}
+
+void
+StringNode_delete(StringNode *s)
+{
+    if (s->str) {
+        PR_Free(s->str);
+        s->str = NULL;
+    }
+}
+
+/*************************************************************************
+ * S t r i n g L i s t
+ */
+typedef struct StringList_str {
+    StringNode *head;
+    StringNode *tail;
+} StringList;
+
+void
+StringList_new(StringList *list)
+{
+    list->head = NULL;
+    list->tail = NULL;
+}
+
+void
+StringList_delete(StringList *list)
+{
+    StringNode *tmp;
+    while (list->head) {
+        tmp = list->head;
+        list->head = list->head->next;
+        StringNode_delete(tmp);
+    }
+}
+
+void
+StringList_Append(StringList *list, char *str)
+{
+    if (!str) {
+        return;
+    }
+
+    if (!list->tail) {
+        /* This is the first element */
+        list->head = list->tail = StringNode_new();
+    } else {
+        list->tail->next = StringNode_new();
+        list->tail = list->tail->next;
+    }
+
+    list->tail->str = PR_Strdup(str);
+    list->tail->next = NULL; /* just to be sure */
+}
+
+/**************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r
+ *
+ * Sets the error handler to be used by the library.  Returns the current
+ * error handler function.
+ */
+Pk11Install_ErrorHandler
+Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler)
+{
+    Pk11Install_ErrorHandler old;
+
+    if (!errorHandlerLock) {
+        errorHandlerLock = PR_NewLock();
+    }
+
+    PR_Lock(errorHandlerLock);
+
+    old = errorHandler;
+    errorHandler = handler;
+
+    PR_Unlock(errorHandlerLock);
+
+    return old;
+}
+
+/**************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ I n i t
+ *
+ * Does initialization that otherwise would be done on the fly.  Only
+ * needs to be called by multithreaded apps, before they make any calls
+ * to this library.
+ */
+void
+Pk11Install_Init()
+{
+    if (!errorHandlerLock) {
+        errorHandlerLock = PR_NewLock();
+    }
+}
+
+/**************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ R e l e a s e
+ *
+ * Releases static data structures used by the library.  Don't use the
+ * library after calling this, unless you call Pk11Install_Init()
+ * first.  This function doesn't have to be called at all unless you're
+ * really anal about freeing memory before your program exits.
+ */
+void
+Pk11Install_Release()
+{
+    if (errorHandlerLock) {
+        PR_Free(errorHandlerLock);
+        errorHandlerLock = NULL;
+    }
+}
+
+/*************************************************************************
+ *
+ * e r r o r
+ *
+ * Takes an error code and its arguments, creates the error string,
+ * and sends the string to the handler function if it exists.
+ */
+
+#ifdef OSF1
+/* stdarg has already been pulled in from NSPR */
+#undef va_start
+#undef va_end
+#undef va_arg
+#include <varargs.h>
+#else
+#include <stdarg.h>
+#endif
+
+#ifdef OSF1
+static void
+error(long va_alist, ...)
+#else
+static void
+error(PRErrorCode errcode, ...)
+#endif
+{
+
+    va_list ap;
+    char *errstr;
+    Pk11Install_ErrorHandler handler;
+
+    if (!errorHandlerLock) {
+        errorHandlerLock = PR_NewLock();
+    }
+
+    PR_Lock(errorHandlerLock);
+
+    handler = errorHandler;
+
+    PR_Unlock(errorHandlerLock);
+
+    if (handler) {
+#ifdef OSF1
+        va_start(ap);
+        errstr = PR_vsmprintf(errorString[va_arg(ap, Pk11Install_Error)], ap);
+#else
+        va_start(ap, errcode);
+        errstr = PR_vsmprintf(errorString[errcode], ap);
+#endif
+        handler(errstr);
+        PR_smprintf_free(errstr);
+        va_end(ap);
+    }
+}
+
+/*************************************************************************
+ *
+ * j a r _ c a l l b a c k
+ */
+static int
+jar_callback(int status, JAR *foo, const char *bar, char *pathname,
+             char *errortext)
+{
+    char *string;
+
+    string = PR_smprintf("JAR error %d: %s in file %s\n", status, errortext,
+                         pathname);
+    error(PK11_INSTALL_ERROR_STRING, string);
+    PR_smprintf_free(string);
+    return 0;
+}
+
+/*************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ D o I n s t a l l
+ *
+ * jarFile is the path of a JAR in the PKCS #11 module JAR format.
+ * installDir is the directory relative to which files will be
+ *   installed.
+ */
+Pk11Install_Error
+Pk11Install_DoInstall(char *jarFile, const char *installDir,
+                      const char *tempDir, PRFileDesc *feedback, short force, PRBool noverify)
+{
+    JAR *jar;
+    char *installer;
+    unsigned long installer_len;
+    int status;
+    Pk11Install_Error ret;
+    PRBool made_temp_file;
+    Pk11Install_Info installInfo;
+    Pk11Install_Platform *platform;
+    char *errMsg;
+    char sysname[SYS_INFO_BUFFER_LENGTH], release[SYS_INFO_BUFFER_LENGTH],
+        arch[SYS_INFO_BUFFER_LENGTH];
+    char *myPlatform;
+
+    jar = NULL;
+    ret = PK11_INSTALL_UNSPECIFIED;
+    made_temp_file = PR_FALSE;
+    errMsg = NULL;
+    Pk11Install_Info_init(&installInfo);
+
+    /*
+    printf("Inside DoInstall, jarFile=%s, installDir=%s, tempDir=%s\n",
+        jarFile, installDir, tempDir);
+    */
+
+    /*
+     * Check out jarFile and installDir for validity
+     */
+    if (PR_Access(installDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+        error(PK11_INSTALL_DIR_DOESNT_EXIST, installDir);
+        return PK11_INSTALL_DIR_DOESNT_EXIST;
+    }
+    if (!tempDir) {
+        tempDir = ".";
+    }
+    if (PR_Access(tempDir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+        error(PK11_INSTALL_DIR_DOESNT_EXIST, tempDir);
+        return PK11_INSTALL_DIR_DOESNT_EXIST;
+    }
+    if (PR_Access(tempDir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+        error(PK11_INSTALL_DIR_NOT_WRITEABLE, tempDir);
+        return PK11_INSTALL_DIR_NOT_WRITEABLE;
+    }
+    if ((PR_Access(jarFile, PR_ACCESS_EXISTS) != PR_SUCCESS)) {
+        error(PK11_INSTALL_FILE_DOESNT_EXIST, jarFile);
+        return PK11_INSTALL_FILE_DOESNT_EXIST;
+    }
+    if (PR_Access(jarFile, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+        error(PK11_INSTALL_FILE_NOT_READABLE, jarFile);
+        return PK11_INSTALL_FILE_NOT_READABLE;
+    }
+
+    /*
+     * Extract the JAR file
+     */
+    jar = JAR_new();
+    JAR_set_callback(JAR_CB_SIGNAL, jar, jar_callback);
+
+    if (noverify) {
+        status = JAR_pass_archive_unverified(jar, jarArchGuess, jarFile, "url");
+    } else {
+        status = JAR_pass_archive(jar, jarArchGuess, jarFile, "url");
+    }
+    if ((status < 0) || (jar->valid < 0)) {
+        if (status >= JAR_BASE && status <= JAR_BASE_END) {
+            error(PK11_INSTALL_JAR_ERROR, jarFile, JAR_get_error(status));
+        } else {
+            error(PK11_INSTALL_JAR_ERROR, jarFile,
+                  mySECU_ErrorString(PORT_GetError()));
+        }
+        ret = PK11_INSTALL_JAR_ERROR;
+        goto loser;
+    }
+    /*printf("passed the archive\n");*/
+
+    /*
+     * Show the user security information, allow them to abort or continue
+     */
+    if (Pk11Install_UserVerifyJar(jar, PR_STDOUT,
+                                  force ? PR_FALSE
+                                        : PR_TRUE) &&
+        !force) {
+        if (feedback) {
+            PR_fprintf(feedback, msgStrings[USER_ABORT]);
+        }
+        ret = PK11_INSTALL_USER_ABORT;
+        goto loser;
+    }
+
+    /*
+     * Get the name of the installation file
+     */
+    if (JAR_get_metainfo(jar, NULL, INSTALL_METAINFO_TAG, (void **)&installer,
+                         (unsigned long *)&installer_len)) {
+        error(PK11_INSTALL_NO_INSTALLER_SCRIPT);
+        ret = PK11_INSTALL_NO_INSTALLER_SCRIPT;
+        goto loser;
+    }
+    if (feedback) {
+        PR_fprintf(feedback, msgStrings[INSTALLER_SCRIPT_NAME], installer);
+    }
+
+    /*
+     * Extract the installation file
+     */
+    if (PR_Access(SCRIPT_TEMP_FILE, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+        if (PR_Delete(SCRIPT_TEMP_FILE) != PR_SUCCESS) {
+            error(PK11_INSTALL_DELETE_TEMP_FILE, SCRIPT_TEMP_FILE);
+            ret = PK11_INSTALL_DELETE_TEMP_FILE;
+            goto loser;
+        }
+    }
+    if (noverify) {
+        status = JAR_extract(jar, installer, SCRIPT_TEMP_FILE);
+    } else {
+        status = JAR_verified_extract(jar, installer, SCRIPT_TEMP_FILE);
+    }
+    if (status) {
+        if (status >= JAR_BASE && status <= JAR_BASE_END) {
+            error(PK11_INSTALL_JAR_EXTRACT, installer, JAR_get_error(status));
+        } else {
+            error(PK11_INSTALL_JAR_EXTRACT, installer,
+                  mySECU_ErrorString(PORT_GetError()));
+        }
+        ret = PK11_INSTALL_JAR_EXTRACT;
+        goto loser;
+    } else {
+        made_temp_file = PR_TRUE;
+    }
+
+    /*
+     * Parse the installation file into a syntax tree
+     */
+    Pk11Install_FD = PR_Open(SCRIPT_TEMP_FILE, PR_RDONLY, 0);
+    if (!Pk11Install_FD) {
+        error(PK11_INSTALL_OPEN_SCRIPT_FILE, SCRIPT_TEMP_FILE);
+        ret = PK11_INSTALL_OPEN_SCRIPT_FILE;
+        goto loser;
+    }
+    if (Pk11Install_yyparse()) {
+        error(PK11_INSTALL_SCRIPT_PARSE, installer,
+              Pk11Install_yyerrstr ? Pk11Install_yyerrstr : "");
+        ret = PK11_INSTALL_SCRIPT_PARSE;
+        goto loser;
+    }
+
+#if 0
+    /* for debugging */
+    Pk11Install_valueList->Print(0);
+#endif
+
+    /*
+     * From the syntax tree, build a semantic structure
+     */
+    errMsg = Pk11Install_Info_Generate(&installInfo, Pk11Install_valueList);
+    if (errMsg) {
+        error(PK11_INSTALL_SEMANTIC, errMsg);
+        ret = PK11_INSTALL_SEMANTIC;
+        goto loser;
+    }
+#if 0
+    installInfo.Print(0);
+#endif
+
+    if (feedback) {
+        PR_fprintf(feedback, msgStrings[PARSED_INSTALL_SCRIPT]);
+    }
+
+    /*
+     * Figure out which platform to use
+     */
+    {
+        sysname[0] = release[0] = arch[0] = '\0';
+
+        if ((PR_GetSystemInfo(PR_SI_SYSNAME, sysname, SYS_INFO_BUFFER_LENGTH) !=
+             PR_SUCCESS) ||
+            (PR_GetSystemInfo(PR_SI_RELEASE, release, SYS_INFO_BUFFER_LENGTH) !=
+             PR_SUCCESS) ||
+            (PR_GetSystemInfo(PR_SI_ARCHITECTURE, arch, SYS_INFO_BUFFER_LENGTH) !=
+             PR_SUCCESS)) {
+            error(PK11_INSTALL_SYSINFO);
+            ret = PK11_INSTALL_SYSINFO;
+            goto loser;
+        }
+        myPlatform = PR_smprintf("%s:%s:%s", sysname, release, arch);
+        platform = Pk11Install_Info_GetBestPlatform(&installInfo, myPlatform);
+        if (!platform) {
+            error(PK11_INSTALL_NO_PLATFORM, myPlatform);
+            PR_smprintf_free(myPlatform);
+            ret = PK11_INSTALL_NO_PLATFORM;
+            goto loser;
+        }
+        if (feedback) {
+            PR_fprintf(feedback, msgStrings[MY_PLATFORM_IS], myPlatform);
+            PR_fprintf(feedback, msgStrings[USING_PLATFORM],
+                       Pk11Install_PlatformName_GetString(&platform->name));
+        }
+        PR_smprintf_free(myPlatform);
+    }
+
+    /* Run the install for that platform */
+    ret = DoInstall(jar, installDir, tempDir, platform, feedback, noverify);
+    if (ret) {
+        goto loser;
+    }
+
+    ret = PK11_INSTALL_SUCCESS;
+loser:
+    if (Pk11Install_valueList) {
+        Pk11Install_ValueList_delete(Pk11Install_valueList);
+        Pk11Install_valueList = NULL;
+    }
+    if (jar) {
+        JAR_destroy(jar);
+    }
+    if (made_temp_file) {
+        PR_Delete(SCRIPT_TEMP_FILE);
+    }
+    if (errMsg) {
+        PR_smprintf_free(errMsg);
+    }
+    return ret;
+}
+
+/*
+/////////////////////////////////////////////////////////////////////////
+// actually run the installation, copying files to and fro
+*/
+static Pk11Install_Error
+DoInstall(JAR *jar, const char *installDir, const char *tempDir,
+          Pk11Install_Platform *platform, PRFileDesc *feedback, PRBool noverify)
+{
+    Pk11Install_File *file;
+    Pk11Install_Error ret;
+    char *modDest;
+    char *cp;
+    int i;
+    int status;
+    char *tempname, *temp;
+    StringList executables;
+    StringNode *execNode;
+    PRProcessAttr *attr;
+    PRProcess *proc;
+    char *argv[2];
+    char *envp[1];
+    int errcode;
+
+    ret = PK11_INSTALL_UNSPECIFIED;
+    modDest = NULL;
+    tempname = NULL;
+
+    StringList_new(&executables);
+    /*
+    // Create Temporary directory
+    */
+    tempname = PR_smprintf("%s/%s", tempDir, TEMPORARY_DIRECTORY_NAME);
+    if (PR_Access(tempname, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+        /* Left over from previous run?  Delete it. */
+        rm_dash_r(tempname);
+    }
+    if (PR_MkDir(tempname, 0700) != PR_SUCCESS) {
+        error(PK11_INSTALL_CREATE_DIR, tempname);
+        ret = PK11_INSTALL_CREATE_DIR;
+        goto loser;
+    }
+
+    /*
+    // Install all the files
+    */
+    for (i = 0; i < platform->numFiles; i++) {
+        char *dest;
+        file = &platform->files[i];
+
+        if (file->relativePath) {
+            PRBool foundMarker = PR_FALSE;
+            char *reldir = PR_Strdup(file->relativePath);
+
+            if (!reldir) {
+                error(PK11_INSTALL_UNSPECIFIED);
+                goto loser;
+            }
+
+            /* Replace all the markers with the directories for which they stand */
+            while (1) {
+                if ((cp = PL_strcasestr(reldir, ROOT_MARKER))) {
+                    /* Has a %root% marker  */
+                    *cp = '\0';
+                    temp = PR_smprintf("%s%s%s", reldir, installDir,
+                                       cp + strlen(ROOT_MARKER));
+                    PR_Free(reldir);
+                    reldir = temp;
+                    foundMarker = PR_TRUE;
+                } else if ((cp = PL_strcasestr(reldir, TEMP_MARKER))) {
+                    /* Has a %temp% marker */
+                    *cp = '\0';
+                    temp = PR_smprintf("%s%s%s", reldir, tempname,
+                                       cp + strlen(TEMP_MARKER));
+                    PR_Free(reldir);
+                    reldir = temp;
+                    foundMarker = PR_TRUE;
+                } else {
+                    break;
+                }
+            }
+            if (!foundMarker) {
+                /* Has no markers...this isn't really a relative directory */
+                error(PK11_INSTALL_BOGUS_REL_DIR, file->relativePath);
+                ret = PK11_INSTALL_BOGUS_REL_DIR;
+                PR_Free(reldir);
+                goto loser;
+            }
+            dest = reldir;
+        } else if (file->absolutePath) {
+            dest = PR_Strdup(file->absolutePath);
+        } else {
+            error(PK11_INSTALL_UNSPECIFIED);
+            goto loser;
+        }
+
+        /* Remember if this is the module file, we'll need to add it later */
+        if (i == platform->modFile) {
+            modDest = PR_Strdup(dest);
+        }
+
+        /* Remember is this is an executable, we'll need to run it later */
+        if (file->executable) {
+            StringList_Append(&executables, dest);
+            /*executables.Append(dest);*/
+        }
+
+        /* Make sure the directory we are targetting exists */
+        if (make_dirs(dest, file->permissions)) {
+            ret = PK11_INSTALL_CREATE_DIR;
+            goto loser;
+        }
+
+        /* Actually extract the file onto the filesystem */
+        if (noverify) {
+            status = JAR_extract(jar, (char *)file->jarPath, dest);
+        } else {
+            status = JAR_verified_extract(jar, (char *)file->jarPath, dest);
+        }
+        if (status) {
+            if (status >= JAR_BASE && status <= JAR_BASE_END) {
+                error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
+                      JAR_get_error(status));
+            } else {
+                error(PK11_INSTALL_JAR_EXTRACT, file->jarPath,
+                      mySECU_ErrorString(PORT_GetError()));
+            }
+            ret = PK11_INSTALL_JAR_EXTRACT;
+            goto loser;
+        }
+        if (feedback) {
+            PR_fprintf(feedback, msgStrings[INSTALLED_FILE_MSG],
+                       file->jarPath, dest);
+        }
+
+/* no NSPR command to change permissions? */
+#ifdef XP_UNIX
+        (void)chmod(dest, file->permissions);
+#endif
+
+        PR_Free(dest);
+    }
+    /* Make sure we found the module file */
+    if (!modDest) {
+        /* Internal problem here, since every platform is supposed to have
+           a module file */
+        error(PK11_INSTALL_NO_MOD_FILE, platform->moduleName);
+        ret = PK11_INSTALL_NO_MOD_FILE;
+        goto loser;
+    }
+
+    /*
+    // Execute any executable files
+    */
+    {
+        argv[1] = NULL;
+        envp[0] = NULL;
+        for (execNode = executables.head; execNode; execNode = execNode->next) {
+            attr = PR_NewProcessAttr();
+            argv[0] = PR_Strdup(execNode->str);
+
+            /* Announce our intentions */
+            if (feedback) {
+                PR_fprintf(feedback, msgStrings[EXEC_FILE_MSG], execNode->str);
+            }
+
+            /* start the process */
+            if (!(proc = PR_CreateProcess(execNode->str, argv, envp, attr))) {
+                PR_Free(argv[0]);
+                PR_DestroyProcessAttr(attr);
+                error(PK11_INSTALL_EXEC_FILE, execNode->str);
+                ret = PK11_INSTALL_EXEC_FILE;
+                goto loser;
+            }
+
+            /* wait for it to finish */
+            if (PR_WaitProcess(proc, &errcode) != PR_SUCCESS) {
+                PR_Free(argv[0]);
+                PR_DestroyProcessAttr(attr);
+                error(PK11_INSTALL_WAIT_PROCESS, execNode->str);
+                ret = PK11_INSTALL_WAIT_PROCESS;
+                goto loser;
+            }
+
+            /* What happened? */
+            if (errcode) {
+                /* process returned an error */
+                error(PK11_INSTALL_PROC_ERROR, execNode->str, errcode);
+            } else if (feedback) {
+                /* process ran successfully */
+                PR_fprintf(feedback, msgStrings[EXEC_SUCCESS], execNode->str);
+            }
+
+            PR_Free(argv[0]);
+            PR_DestroyProcessAttr(attr);
+        }
+    }
+
+    /*
+    // Add the module
+    */
+    status = Pk11Install_AddNewModule((char *)platform->moduleName,
+                                      (char *)modDest, platform->mechFlags, platform->cipherFlags);
+
+    if (status != SECSuccess) {
+        error(PK11_INSTALL_ADD_MODULE, platform->moduleName);
+        ret = PK11_INSTALL_ADD_MODULE;
+        goto loser;
+    }
+    if (feedback) {
+        PR_fprintf(feedback, msgStrings[INSTALLED_MODULE_MSG],
+                   platform->moduleName);
+    }
+
+    if (feedback) {
+        PR_fprintf(feedback, msgStrings[INSTALLATION_COMPLETE_MSG]);
+    }
+
+    ret = PK11_INSTALL_SUCCESS;
+
+loser:
+    if (modDest) {
+        PR_Free(modDest);
+    }
+    if (tempname) {
+        PRFileInfo info;
+        if (PR_GetFileInfo(tempname, &info) == PR_SUCCESS) {
+            if (info.type == PR_FILE_DIRECTORY) {
+                /* Recursively remove temporary directory */
+                if (rm_dash_r(tempname)) {
+                    error(PK11_INSTALL_REMOVE_DIR,
+                          tempname);
+                    ret = PK11_INSTALL_REMOVE_DIR;
+                }
+            }
+        }
+        PR_Free(tempname);
+    }
+    StringList_delete(&executables);
+    return ret;
+}
+
+/*
+//////////////////////////////////////////////////////////////////////////
+*/
+static char *
+PR_Strdup(const char *str)
+{
+    char *tmp = (char *)PR_Malloc(strlen(str) + 1);
+    strcpy(tmp, str);
+    return tmp;
+}
+
+/*
+ *  r m _ d a s h _ r
+ *
+ *  Remove a file, or a directory recursively.
+ *
+ */
+static int
+rm_dash_r(char *path)
+{
+    PRDir *dir;
+    PRDirEntry *entry;
+    PRFileInfo fileinfo;
+    char filename[240];
+
+    if (PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
+        /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
+        return -1;
+    }
+    if (fileinfo.type == PR_FILE_DIRECTORY) {
+
+        dir = PR_OpenDir(path);
+        if (!dir) {
+            return -1;
+        }
+
+        /* Recursively delete all entries in the directory */
+        while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
+            sprintf(filename, "%s/%s", path, entry->name);
+            if (rm_dash_r(filename)) {
+                PR_CloseDir(dir);
+                return -1;
+            }
+        }
+
+        if (PR_CloseDir(dir) != PR_SUCCESS) {
+            return -1;
+        }
+
+        /* Delete the directory itself */
+        if (PR_RmDir(path) != PR_SUCCESS) {
+            return -1;
+        }
+    } else {
+        if (PR_Delete(path) != PR_SUCCESS) {
+            return -1;
+        }
+    }
+    return 0;
+}
+
+/***************************************************************************
+ *
+ * m a k e _ d i r s
+ *
+ * Ensure that the directory portion of the path exists.  This may require
+ * making the directory, and its parent, and its parent's parent, etc.
+ */
+static int
+make_dirs(char *path, int file_perms)
+{
+    char *Path;
+    char *start;
+    char *sep;
+    int ret = 0;
+    PRFileInfo info;
+
+    if (!path) {
+        return 0;
+    }
+
+    Path = PR_Strdup(path);
+    start = strpbrk(Path, "/\\");
+    if (!start) {
+        return 0;
+    }
+    start++; /* start right after first slash */
+
+    /* Each time through the loop add one more directory. */
+    while ((sep = strpbrk(start, "/\\"))) {
+        *sep = '\0';
+
+        if (PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
+            /* No such dir, we have to create it */
+            if (PR_MkDir(Path, dir_perms(file_perms)) != PR_SUCCESS) {
+                error(PK11_INSTALL_CREATE_DIR, Path);
+                ret = PK11_INSTALL_CREATE_DIR;
+                goto loser;
+            }
+        } else {
+            /* something exists by this name, make sure it's a directory */
+            if (info.type != PR_FILE_DIRECTORY) {
+                error(PK11_INSTALL_CREATE_DIR, Path);
+                ret = PK11_INSTALL_CREATE_DIR;
+                goto loser;
+            }
+        }
+
+        /* If this is the lowest directory level, make sure it is writeable */
+        if (!strpbrk(sep + 1, "/\\")) {
+            if (PR_Access(Path, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+                error(PK11_INSTALL_DIR_NOT_WRITEABLE, Path);
+                ret = PK11_INSTALL_DIR_NOT_WRITEABLE;
+                goto loser;
+            }
+        }
+
+        start = sep + 1; /* start after the next slash */
+        *sep = '/';
+    }
+
+loser:
+    PR_Free(Path);
+    return ret;
+}
+
+/*************************************************************************
+ * d i r _ p e r m s
+ *
+ * Guesses the desired permissions on a directory based on the permissions
+ * of a file that will be stored in it. Give read, write, and
+ * execute to the owner (so we can create the file), read and
+ * execute to anyone who has read permissions on the file, and write
+ * to anyone who has write permissions on the file.
+ */
+static int
+dir_perms(int perms)
+{
+    int ret = 0;
+
+    /* owner */
+    ret |= 0700;
+
+    /* group */
+    if (perms & 0040) {
+        /* read on the file -> read and execute on the directory */
+        ret |= 0050;
+    }
+    if (perms & 0020) {
+        /* write on the file -> write on the directory */
+        ret |= 0020;
+    }
+
+    /* others */
+    if (perms & 0004) {
+        /* read on the file -> read and execute on the directory */
+        ret |= 0005;
+    }
+    if (perms & 0002) {
+        /* write on the file -> write on the directory */
+        ret |= 0002;
+    }
+
+    return ret;
+}
diff --git a/nss/cmd/modutil/install.h b/nss/cmd/modutil/install.h
new file mode 100644
index 0000000..5d6d3ea
--- /dev/null
+++ b/nss/cmd/modutil/install.h
@@ -0,0 +1,100 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PK11INSTALL_H
+#define PK11INSTALL_H
+
+#include <prio.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void (*Pk11Install_ErrorHandler)(char *);
+
+typedef enum {
+    PK11_INSTALL_NO_ERROR = 0,
+    PK11_INSTALL_DIR_DOESNT_EXIST,
+    PK11_INSTALL_FILE_DOESNT_EXIST,
+    PK11_INSTALL_FILE_NOT_READABLE,
+    PK11_INSTALL_ERROR_STRING,
+    PK11_INSTALL_JAR_ERROR,
+    PK11_INSTALL_NO_INSTALLER_SCRIPT,
+    PK11_INSTALL_DELETE_TEMP_FILE,
+    PK11_INSTALL_OPEN_SCRIPT_FILE,
+    PK11_INSTALL_SCRIPT_PARSE,
+    PK11_INSTALL_SEMANTIC,
+    PK11_INSTALL_SYSINFO,
+    PK11_INSTALL_NO_PLATFORM,
+    PK11_INSTALL_BOGUS_REL_DIR,
+    PK11_INSTALL_NO_MOD_FILE,
+    PK11_INSTALL_ADD_MODULE,
+    PK11_INSTALL_JAR_EXTRACT,
+    PK11_INSTALL_DIR_NOT_WRITEABLE,
+    PK11_INSTALL_CREATE_DIR,
+    PK11_INSTALL_REMOVE_DIR,
+    PK11_INSTALL_EXEC_FILE,
+    PK11_INSTALL_WAIT_PROCESS,
+    PK11_INSTALL_PROC_ERROR,
+    PK11_INSTALL_USER_ABORT,
+    PK11_INSTALL_UNSPECIFIED
+} Pk11Install_Error;
+#define PK11_INSTALL_SUCCESS PK11_INSTALL_NO_ERROR
+
+/**************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ I n i t
+ *
+ * Does initialization that otherwise would be done on the fly.  Only
+ * needs to be called by multithreaded apps, before they make any calls
+ * to this library.
+ */
+void
+Pk11Install_Init();
+
+/**************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ S e t E r r o r H a n d l e r
+ *
+ * Sets the error handler to be used by the library.  Returns the current
+ * error handler function.
+ */
+Pk11Install_ErrorHandler
+Pk11Install_SetErrorHandler(Pk11Install_ErrorHandler handler);
+
+/**************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ R e l e a s e
+ *
+ * Releases static data structures used by the library.  Don't use the
+ * library after calling this, unless you call Pk11Install_Init()
+ * first.  This function doesn't have to be called at all unless you're
+ * really anal about freeing memory before your program exits.
+ */
+void
+Pk11Install_Release();
+
+/*************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ D o I n s t a l l
+ *
+ * jarFile is the path of a JAR in the PKCS #11 module JAR format.
+ * installDir is the directory relative to which files will be
+ *   installed.
+ * feedback is a file descriptor to which to write informative (not error)
+ * status messages: what files are being installed, what modules are being
+ * installed.  If feedback==NULL, no messages will be displayed.
+ * If force != 0, interactive prompts will be suppressed.
+ * If noverify == PR_TRUE, signatures won't be checked on the JAR file.
+ */
+Pk11Install_Error
+Pk11Install_DoInstall(char *jarFile, const char *installDir,
+                      const char *tempDir, PRFileDesc *feedback, short force,
+                      PRBool noverify);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /*PK11INSTALL_H*/
diff --git a/nss/cmd/modutil/installparse.c b/nss/cmd/modutil/installparse.c
new file mode 100644
index 0000000..d35d048
--- /dev/null
+++ b/nss/cmd/modutil/installparse.c
@@ -0,0 +1,434 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef lint
+char yysccsid[] = "@(#)yaccpar	1.4 (Berkeley) 02/25/90";
+#endif
+#line 37 "installparse.y"
+
+#define yyparse Pk11Install_yyparse
+#define yylex Pk11Install_yylex
+#define yyerror Pk11Install_yyerror
+#define yychar Pk11Install_yychar
+#define yyval Pk11Install_yyval
+#define yylval Pk11Install_yylval
+#define yydebug Pk11Install_yydebug
+#define yynerrs Pk11Install_yynerrs
+#define yyerrflag Pk11Install_yyerrflag
+#define yyss Pk11Install_yyss
+#define yyssp Pk11Install_yyssp
+#define yyvs Pk11Install_yyvs
+#define yyvsp Pk11Install_yyvsp
+#define yylhs Pk11Install_yylhs
+#define yylen Pk11Install_yylen
+#define yydefred Pk11Install_yydefred
+#define yydgoto Pk11Install_yydgoto
+#define yysindex Pk11Install_yysindex
+#define yyrindex Pk11Install_yyrindex
+#define yygindex Pk11Install_yygindex
+#define yytable Pk11Install_yytable
+#define yycheck Pk11Install_yycheck
+#define yyname Pk11Install_yyname
+#define yyrule Pk11Install_yyrule
+
+/* C Stuff */
+#include "install-ds.h"
+#include <prprf.h>
+
+#define YYSTYPE Pk11Install_Pointer
+extern char *Pk11Install_yytext;
+char *Pk11Install_yyerrstr = NULL;
+
+#line 40 "ytab.c"
+#define OPENBRACE 257
+#define CLOSEBRACE 258
+#define STRING 259
+#define YYERRCODE 256
+/* clang-format on */
+short yylhs[] = {
+    -1,
+    0, 1, 1, 2, 2, 3, 4,
+};
+short yylen[] = {
+    2,
+    1, 2, 0, 1, 1, 4, 1,
+};
+short yydefred[] = {
+    0,
+    0, 0, 1, 0, 4, 0, 2, 0, 0, 6,
+};
+short yydgoto[] = {
+    2,
+    3, 4, 5, 6,
+};
+short yysindex[] = {
+    -257,
+    0, 0, 0, -257, 0, -252, 0, -257, -251, 0,
+};
+short yyrindex[] = {
+    6,
+    1, 0, 0, 3, 0, 0, 0, -250, 0, 0,
+};
+short yygindex[] = {
+    0,
+    -4, 0, 0, 0,
+};
+#define YYTABLESIZE 261
+short yytable[] = {
+    7,
+    5, 1, 3, 9, 8, 3, 10, 3, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 7, 5, 5,
+    3,
+};
+short yycheck[] = {
+    4,
+    0, 259, 0, 8, 257, 0, 258, 258, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, 257, 258, 259,
+    258,
+};
+/* clang-format on */
+#define YYFINAL 2
+#ifndef YYDEBUG
+#define YYDEBUG 0
+#endif
+#define YYMAXTOKEN 259
+#if YYDEBUG
+char *yyname[] = {
+    "end-of-file", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "OPENBRACE", "CLOSEBRACE", "STRING",
+};
+char *yyrule[] = {
+    "$accept : toplist",
+    "toplist : valuelist",
+    "valuelist : value valuelist",
+    "valuelist :",
+    "value : key_value_pair",
+    "value : STRING",
+    "key_value_pair : key OPENBRACE valuelist CLOSEBRACE",
+    "key : STRING",
+};
+#endif
+#ifndef YYSTYPE
+typedef int YYSTYPE;
+#endif
+#define yyclearin (yychar = (-1))
+#define yyerrok (yyerrflag = 0)
+#ifndef YYSTACKSIZE
+#ifdef YYMAXDEPTH
+#define YYSTACKSIZE YYMAXDEPTH
+#else
+#define YYSTACKSIZE 300
+#endif
+#endif
+int yydebug;
+int yynerrs;
+int yyerrflag;
+int yychar;
+short *yyssp;
+YYSTYPE *yyvsp;
+YYSTYPE yyval;
+YYSTYPE yylval;
+#define yystacksize YYSTACKSIZE
+short yyss[YYSTACKSIZE];
+YYSTYPE yyvs[YYSTACKSIZE];
+#line 118 "installparse.y"
+/*----------------------- Program Section --------------------------------*/
+
+/*************************************************************************/
+void
+Pk11Install_yyerror(char *message)
+{
+    char *tmp;
+    if (Pk11Install_yyerrstr) {
+        tmp = PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr,
+                          Pk11Install_yylinenum, message);
+        PR_smprintf_free(Pk11Install_yyerrstr);
+    } else {
+        tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message);
+    }
+    Pk11Install_yyerrstr = tmp;
+}
+#line 191 "ytab.c"
+#define YYABORT goto yyabort
+#define YYACCEPT goto yyaccept
+#define YYERROR goto yyerrlab
+int
+yyparse()
+{
+    register int yym, yyn, yystate;
+#if YYDEBUG
+    register char *yys;
+    extern char *PR_GetEnvSecure();
+
+    if ((yys = PR_GetEnvSecure("YYDEBUG")) != NULL) {
+        yyn = *yys;
+        if (yyn >= '0' && yyn <= '9')
+            yydebug = yyn - '0';
+    }
+#endif
+
+    yynerrs = 0;
+    yyerrflag = 0;
+    yychar = (-1);
+
+    yyssp = yyss;
+    yyvsp = yyvs;
+    *yyssp = yystate = 0;
+
+yyloop:
+    if ((yyn = yydefred[yystate]) != 0)
+        goto yyreduce;
+    if (yychar < 0) {
+        if ((yychar = yylex()) < 0)
+            yychar = 0;
+#if YYDEBUG
+        if (yydebug) {
+            yys = 0;
+            if (yychar <= YYMAXTOKEN)
+                yys = yyname[yychar];
+            if (!yys)
+                yys = "illegal-symbol";
+            printf("yydebug: state %d, reading %d (%s)\n", yystate,
+                   yychar, yys);
+        }
+#endif
+    }
+    if ((yyn = yysindex[yystate]) && (yyn += yychar) >= 0 &&
+        yyn <= YYTABLESIZE && yycheck[yyn] == yychar) {
+#if YYDEBUG
+        if (yydebug)
+            printf("yydebug: state %d, shifting to state %d\n",
+                   yystate, yytable[yyn]);
+#endif
+        if (yyssp >= yyss + yystacksize - 1) {
+            goto yyoverflow;
+        }
+        *++yyssp = yystate = yytable[yyn];
+        *++yyvsp = yylval;
+        yychar = (-1);
+        if (yyerrflag > 0)
+            --yyerrflag;
+        goto yyloop;
+    }
+    if ((yyn = yyrindex[yystate]) && (yyn += yychar) >= 0 &&
+        yyn <= YYTABLESIZE && yycheck[yyn] == yychar) {
+        yyn = yytable[yyn];
+        goto yyreduce;
+    }
+    if (yyerrflag)
+        goto yyinrecovery;
+#ifdef lint
+    goto yynewerror;
+yynewerror:
+#endif
+    yyerror("syntax error");
+#ifdef lint
+    goto yyerrlab;
+yyerrlab:
+#endif
+    ++yynerrs;
+yyinrecovery:
+    if (yyerrflag < 3) {
+        yyerrflag = 3;
+        for (;;) {
+            if ((yyn = yysindex[*yyssp]) && (yyn += YYERRCODE) >= 0 &&
+                yyn <= YYTABLESIZE && yycheck[yyn] == YYERRCODE) {
+#if YYDEBUG
+                if (yydebug)
+                    printf("yydebug: state %d, error recovery shifting\
+ to state %d\n",
+                           *yyssp, yytable[yyn]);
+#endif
+                if (yyssp >= yyss + yystacksize - 1) {
+                    goto yyoverflow;
+                }
+                *++yyssp = yystate = yytable[yyn];
+                *++yyvsp = yylval;
+                goto yyloop;
+            } else {
+#if YYDEBUG
+                if (yydebug)
+                    printf("yydebug: error recovery discarding state %d\n",
+                           *yyssp);
+#endif
+                if (yyssp <= yyss)
+                    goto yyabort;
+                --yyssp;
+                --yyvsp;
+            }
+        }
+    } else {
+        if (yychar == 0)
+            goto yyabort;
+#if YYDEBUG
+        if (yydebug) {
+            yys = 0;
+            if (yychar <= YYMAXTOKEN)
+                yys = yyname[yychar];
+            if (!yys)
+                yys = "illegal-symbol";
+            printf("yydebug: state %d, error recovery discards token %d (%s)\n",
+                   yystate, yychar, yys);
+        }
+#endif
+        yychar = (-1);
+        goto yyloop;
+    }
+yyreduce:
+#if YYDEBUG
+    if (yydebug)
+        printf("yydebug: state %d, reducing by rule %d (%s)\n",
+               yystate, yyn, yyrule[yyn]);
+#endif
+    yym = yylen[yyn];
+    yyval = yyvsp[1 - yym];
+    switch (yyn) {
+        case 1:
+#line 84 "installparse.y"
+        {
+            Pk11Install_valueList = yyvsp[0].list;
+        } break;
+        case 2:
+#line 89 "installparse.y"
+        {
+            Pk11Install_ValueList_AddItem(yyvsp[0].list, yyvsp[-1].value);
+            yyval.list = yyvsp[0].list;
+        } break;
+        case 3:
+#line 94 "installparse.y"
+        {
+            yyval.list = Pk11Install_ValueList_new();
+        } break;
+        case 4:
+#line 99 "installparse.y"
+        {
+            yyval.value = Pk11Install_Value_new(PAIR_VALUE, yyvsp[0]);
+        } break;
+        case 5:
+#line 103 "installparse.y"
+        {
+            yyval.value = Pk11Install_Value_new(STRING_VALUE, yyvsp[0]);
+        } break;
+        case 6:
+#line 108 "installparse.y"
+        {
+            yyval.pair = Pk11Install_Pair_new(yyvsp[-3].string, yyvsp[-1].list);
+        } break;
+        case 7:
+#line 113 "installparse.y"
+        {
+            yyval.string = yyvsp[0].string;
+        } break;
+#line 374 "ytab.c"
+    }
+    yyssp -= yym;
+    yystate = *yyssp;
+    yyvsp -= yym;
+    yym = yylhs[yyn];
+    if (yystate == 0 && yym == 0) {
+#ifdef YYDEBUG
+        if (yydebug)
+            printf("yydebug: after reduction, shifting from state 0 to\
+ state %d\n",
+                   YYFINAL);
+#endif
+        yystate = YYFINAL;
+        *++yyssp = YYFINAL;
+        *++yyvsp = yyval;
+        if (yychar < 0) {
+            if ((yychar = yylex()) < 0)
+                yychar = 0;
+#if YYDEBUG
+            if (yydebug) {
+                yys = 0;
+                if (yychar <= YYMAXTOKEN)
+                    yys = yyname[yychar];
+                if (!yys)
+                    yys = "illegal-symbol";
+                printf("yydebug: state %d, reading %d (%s)\n",
+                       YYFINAL, yychar, yys);
+            }
+#endif
+        }
+        if (yychar == 0)
+            goto yyaccept;
+        goto yyloop;
+    }
+    if ((yyn = yygindex[yym]) && (yyn += yystate) >= 0 &&
+        yyn <= YYTABLESIZE && yycheck[yyn] == yystate)
+        yystate = yytable[yyn];
+    else
+        yystate = yydgoto[yym];
+#ifdef YYDEBUG
+    if (yydebug)
+        printf("yydebug: after reduction, shifting from state %d \
+to state %d\n",
+               *yyssp, yystate);
+#endif
+    if (yyssp >= yyss + yystacksize - 1) {
+        goto yyoverflow;
+    }
+    *++yyssp = yystate;
+    *++yyvsp = yyval;
+    goto yyloop;
+yyoverflow:
+    yyerror("yacc stack overflow");
+yyabort:
+    return (1);
+yyaccept:
+    return (0);
+}
diff --git a/nss/cmd/modutil/installparse.h b/nss/cmd/modutil/installparse.h
new file mode 100644
index 0000000..2c02b57
--- /dev/null
+++ b/nss/cmd/modutil/installparse.h
@@ -0,0 +1,7 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#define OPENBRACE 257
+#define CLOSEBRACE 258
+#define STRING 259
diff --git a/nss/cmd/modutil/installparse.l b/nss/cmd/modutil/installparse.l
new file mode 100644
index 0000000..71fb561
--- /dev/null
+++ b/nss/cmd/modutil/installparse.l
@@ -0,0 +1,137 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+/* lex file for analyzing PKCS #11 Module installation instructions */
+
+/*----------------------------- Definitions ---------------------------*/
+%{
+#include <string.h>
+
+#include "install-ds.h"		/* defines tokens and data structures */
+#include "installparse.h"	/* produced by yacc -d */
+#include <prprf.h>
+static char *putSimpleString(char*);	/* return copy of string */
+static char *putComplexString(char*);	/* strip out quotes, deal with */
+											/* escaped characters */
+
+void Pk11Install_yyerror(char *);
+
+/* Overrides to use NSPR */
+#define malloc PR_Malloc
+#define realloc PR_Realloc
+#define free PR_Free
+
+int Pk11Install_yylinenum=1;
+static char *err;
+
+#define YY_NEVER_INTERACTIVE 1
+#define yyunput Pkcs11Install_yyunput
+
+/* This is the default YY_INPUT modified for NSPR */
+#define YY_INPUT(buf,result,max_size) \
+	if ( yy_current_buffer->yy_is_interactive ) { \
+		char c; \
+		int n; \
+		for ( n = 0; n < max_size && \
+		  PR_Read(Pk11Install_FD, &c, 1)==1 && c != '\n'; ++n ) { \
+			buf[n] = c; \
+		} \
+        if ( c == '\n' ) { \
+            buf[n++] = c; \
+		} \
+        result = n; \
+	} else { \
+		result = PR_Read(Pk11Install_FD, buf, max_size); \
+	}
+
+%}
+
+/*** Regular expression definitions ***/
+/* simple_string has no whitespace, quotes, or braces */
+simple_string		[^ \t\r\n\""{""}"]+
+
+/* complex_string is enclosed in quotes. Inside the quotes, quotes and
+   backslashes must be backslash-escaped. No newlines or carriage returns
+   are allowed inside the quotes. Otherwise, anything goes. */
+complex_string		\"([^\"\\\r\n]|(\\\")|(\\\\))+\"
+
+/* Standard whitespace */
+whitespace			[ \t\r]+
+
+other				.
+
+/*---------------------------- Actions --------------------------------*/
+%%
+
+"{"					return OPENBRACE;
+"}"					return CLOSEBRACE;
+{simple_string}		{Pk11Install_yylval.string =
+						putSimpleString(Pk11Install_yytext);
+						return STRING;}
+{complex_string}	{Pk11Install_yylval.string =
+						putComplexString(Pk11Install_yytext);
+						return STRING;}
+
+"\n"				Pk11Install_yylinenum++;
+
+{whitespace}		;
+
+{other}				{err = PR_smprintf("Invalid lexeme: %s",Pk11Install_yytext);
+						Pk11Install_yyerror(err);
+						PR_smprintf_free(err);
+						return 1;
+					}
+
+%%
+/*------------------------ Program Section ----------------------------*/
+
+PRFileDesc *Pk11Install_FD=NULL;
+
+/*************************************************************************/
+/* dummy function required by lex */
+int Pk11Install_yywrap(void) { return 1;}
+
+/*************************************************************************/
+/* Return a copy of the given string */
+static char*
+putSimpleString(char *str)
+{
+	char *tmp = (char*) PR_Malloc(strlen(str)+1);
+	strcpy(tmp, str);
+	return tmp;
+}
+
+/*************************************************************************/
+/* Strip out quotes, replace escaped characters with what they stand for.
+   This function assumes that what is passed in is actually a complex
+   string, so error checking is lax. */
+static char*
+putComplexString(char *str)
+{
+	int size, i,j;
+	char *tmp;
+
+	if(!str) {
+		return NULL;
+	}
+	size = strlen(str);
+
+	/* Allocate the new space.  This string will actually be too big, 
+		since quotes and backslashes will be stripped out.  But that's ok. */
+	tmp = (char*) PR_Malloc(size+1);
+
+	/* Copy it over */
+	for(i=0, j=0; i < size; i++) {
+		if(str[i]=='\"') {
+			continue;  /* skip un-escaped quotes */
+		} else if(str[i]=='\\') {
+			++i;       /* escaped character. skip the backslash */
+		}
+		tmp[j++] = str[i];
+	}
+	tmp[j] = '\0';
+
+	return tmp;
+}
diff --git a/nss/cmd/modutil/installparse.y b/nss/cmd/modutil/installparse.y
new file mode 100644
index 0000000..b6d7011
--- /dev/null
+++ b/nss/cmd/modutil/installparse.y
@@ -0,0 +1,104 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* yacc file for parsing PKCS #11 module installation instructions */
+/*------------------------ Definition Section ---------------------------*/
+
+%{ 
+#define yyparse Pk11Install_yyparse
+#define yylex Pk11Install_yylex
+#define yyerror Pk11Install_yyerror
+#define yychar Pk11Install_yychar
+#define yyval Pk11Install_yyval
+#define yylval Pk11Install_yylval
+#define yydebug Pk11Install_yydebug
+#define yynerrs Pk11Install_yynerrs
+#define yyerrflag Pk11Install_yyerrflag
+#define yyss Pk11Install_yyss
+#define yyssp Pk11Install_yyssp
+#define yyvs Pk11Install_yyvs
+#define yyvsp Pk11Install_yyvsp
+#define yylhs Pk11Install_yylhs
+#define yylen Pk11Install_yylen
+#define yydefred Pk11Install_yydefred
+#define yydgoto Pk11Install_yydgoto
+#define yysindex Pk11Install_yysindex
+#define yyrindex Pk11Install_yyrindex
+#define yygindex Pk11Install_yygindex
+#define yytable Pk11Install_yytable
+#define yycheck Pk11Install_yycheck
+#define yyname Pk11Install_yyname
+#define yyrule Pk11Install_yyrule
+
+/* C Stuff */
+#include "install-ds.h"
+#include <prprf.h>
+
+#define YYSTYPE Pk11Install_Pointer
+extern char *Pk11Install_yytext;
+char *Pk11Install_yyerrstr=NULL;
+
+%}
+
+/* Tokens */
+%token OPENBRACE
+%token CLOSEBRACE
+%token STRING
+%start toplist
+
+%%
+
+/*--------------------------- Productions -------------------------------*/
+
+toplist		: valuelist	
+{
+	Pk11Install_valueList = $1.list;
+}
+
+valuelist	: value valuelist
+{ 
+	Pk11Install_ValueList_AddItem($2.list,$1.value);
+	$$.list = $2.list; 
+}
+|
+{ 
+	$$.list = Pk11Install_ValueList_new(); 
+};
+
+value		: key_value_pair
+{
+	$$.value= Pk11Install_Value_new(PAIR_VALUE,$1);
+}
+| STRING
+{
+	$$.value= Pk11Install_Value_new(STRING_VALUE, $1);
+};
+
+key_value_pair	: key OPENBRACE valuelist CLOSEBRACE 
+{
+	$$.pair = Pk11Install_Pair_new($1.string,$3.list);
+};
+
+key			: STRING
+{
+	$$.string = $1.string;
+};
+
+%%
+/*----------------------- Program Section --------------------------------*/
+
+/*************************************************************************/
+void
+Pk11Install_yyerror(char *message)
+{
+	char *tmp;
+	if(Pk11Install_yyerrstr) {
+		tmp=PR_smprintf("%sline %d: %s\n", Pk11Install_yyerrstr,
+			Pk11Install_yylinenum, message);
+		PR_smprintf_free(Pk11Install_yyerrstr);
+	} else {
+		tmp = PR_smprintf("line %d: %s\n", Pk11Install_yylinenum, message);
+	}
+	Pk11Install_yyerrstr=tmp;
+}
diff --git a/nss/cmd/modutil/instsec.c b/nss/cmd/modutil/instsec.c
new file mode 100644
index 0000000..95191e7
--- /dev/null
+++ b/nss/cmd/modutil/instsec.c
@@ -0,0 +1,153 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <plarena.h>
+#include <prerror.h>
+#include <prio.h>
+#include <prprf.h>
+#include <seccomon.h>
+#include <secmod.h>
+#include <jar.h>
+#include <secutil.h>
+
+/* These are installation functions that make calls to the security library.
+ * We don't want to include security include files in the C++ code too much.
+ */
+
+static char *PR_fgets(char *buf, int size, PRFileDesc *file);
+
+/***************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ A d d N e w M o d u l e
+ */
+int
+Pk11Install_AddNewModule(char *moduleName, char *dllPath,
+                         unsigned long defaultMechanismFlags,
+                         unsigned long cipherEnableFlags)
+{
+    return (SECMOD_AddNewModule(moduleName, dllPath,
+                                SECMOD_PubMechFlagstoInternal(defaultMechanismFlags),
+                                SECMOD_PubCipherFlagstoInternal(cipherEnableFlags)) == SECSuccess)
+               ? 0
+               : -1;
+}
+
+/*************************************************************************
+ *
+ * P k 1 1 I n s t a l l _ U s e r V e r i f y J a r
+ *
+ * Gives the user feedback on the signatures of a JAR files, asks them
+ * whether they actually want to continue.
+ * Assumes the jar structure has already been created and is valid.
+ * Returns 0 if the user wants to continue the installation, nonzero
+ * if the user wishes to abort.
+ */
+short
+Pk11Install_UserVerifyJar(JAR *jar, PRFileDesc *out, PRBool query)
+{
+    JAR_Context *ctx;
+    JAR_Cert *fing;
+    JAR_Item *item;
+    char stdinbuf[80];
+    int count = 0;
+
+    CERTCertificate *cert, *prev = NULL;
+
+    PR_fprintf(out, "\nThis installation JAR file was signed by:\n");
+
+    ctx = JAR_find(jar, NULL, jarTypeSign);
+
+    while (JAR_find_next(ctx, &item) >= 0) {
+        fing = (JAR_Cert *)item->data;
+        cert = fing->cert;
+        if (cert == prev) {
+            continue;
+        }
+
+        count++;
+        PR_fprintf(out, "----------------------------------------------\n");
+        if (cert) {
+            if (cert->nickname) {
+                PR_fprintf(out, "**NICKNAME**\n%s\n", cert->nickname);
+            }
+            if (cert->subjectName) {
+                PR_fprintf(out, "**SUBJECT NAME**\n%s\n", cert->subjectName);
+            }
+            if (cert->issuerName) {
+                PR_fprintf(out, "**ISSUER NAME**\n%s\n", cert->issuerName);
+            }
+        } else {
+            PR_fprintf(out, "No matching certificate could be found.\n");
+        }
+        PR_fprintf(out, "----------------------------------------------\n\n");
+
+        prev = cert;
+    }
+
+    JAR_find_end(ctx);
+
+    if (count == 0) {
+        PR_fprintf(out, "No signatures found: JAR FILE IS UNSIGNED.\n");
+    }
+
+    if (query) {
+        PR_fprintf(out,
+                   "Do you wish to continue this installation? (y/n) ");
+
+        if (PR_fgets(stdinbuf, 80, PR_STDIN) != NULL) {
+            char *response;
+
+            if ((response = strtok(stdinbuf, " \t\n\r"))) {
+                if (!PL_strcasecmp(response, "y") ||
+                    !PL_strcasecmp(response, "yes")) {
+                    return 0;
+                }
+            }
+        }
+    }
+
+    return 1;
+}
+
+/**************************************************************************
+ *
+ * P R _ f g e t s
+ *
+ * fgets implemented with NSPR.
+ */
+static char *
+PR_fgets(char *buf, int size, PRFileDesc *file)
+{
+    int i;
+    int status;
+    char c;
+
+    i = 0;
+    while (i < size - 1) {
+        status = PR_Read(file, (void *)&c, 1);
+        if (status == -1) {
+            return NULL;
+        } else if (status == 0) {
+            break;
+        }
+        buf[i++] = c;
+        if (c == '\n') {
+            break;
+        }
+    }
+    buf[i] = '\0';
+
+    return buf;
+}
+
+/**************************************************************************
+ *
+ * m y S E C U _ E r r o r S t r i n g
+ *
+ */
+const char *
+mySECU_ErrorString(PRErrorCode errnum)
+{
+    return SECU_Strerror(errnum);
+}
diff --git a/nss/cmd/modutil/lex.Pk11Install_yy.c b/nss/cmd/modutil/lex.Pk11Install_yy.c
new file mode 100644
index 0000000..4fa3d76
--- /dev/null
+++ b/nss/cmd/modutil/lex.Pk11Install_yy.c
@@ -0,0 +1,1607 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#define yy_create_buffer Pk11Install_yy_create_buffer
+#define yy_delete_buffer Pk11Install_yy_delete_buffer
+#define yy_scan_buffer Pk11Install_yy_scan_buffer
+#define yy_scan_string Pk11Install_yy_scan_string
+#define yy_scan_bytes Pk11Install_yy_scan_bytes
+#define yy_flex_debug Pk11Install_yy_flex_debug
+#define yy_init_buffer Pk11Install_yy_init_buffer
+#define yy_flush_buffer Pk11Install_yy_flush_buffer
+#define yy_load_buffer_state Pk11Install_yy_load_buffer_state
+#define yy_switch_to_buffer Pk11Install_yy_switch_to_buffer
+#define yyin Pk11Install_yyin
+#define yyleng Pk11Install_yyleng
+#define yylex Pk11Install_yylex
+#define yyout Pk11Install_yyout
+#define yyrestart Pk11Install_yyrestart
+#define yytext Pk11Install_yytext
+#define yywrap Pk11Install_yywrap
+
+#line 20 "lex.Pk11Install_yy.c"
+/* A lexical scanner generated by flex */
+
+#define FLEX_SCANNER
+#define YY_FLEX_MAJOR_VERSION 2
+#define YY_FLEX_MINOR_VERSION 5
+
+#include <stdio.h>
+
+/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */
+#ifdef c_plusplus
+#ifndef __cplusplus
+#define __cplusplus
+#endif
+#endif
+
+#ifdef __cplusplus
+
+#include <stdlib.h>
+//#include <unistd.h>
+
+/* Use prototypes in function declarations. */
+#define YY_USE_PROTOS
+
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+#if __STDC__
+
+#define YY_USE_PROTOS
+#define YY_USE_CONST
+
+#endif /* __STDC__ */
+#endif /* ! __cplusplus */
+
+#ifdef __TURBOC__
+#pragma warn - rch
+#pragma warn - use
+#include <io.h>
+#include <stdlib.h>
+#define YY_USE_CONST
+#define YY_USE_PROTOS
+#endif
+
+#ifdef YY_USE_CONST
+#define yyconst const
+#else
+#define yyconst
+#endif
+
+#ifdef YY_USE_PROTOS
+#define YY_PROTO(proto) proto
+#else
+#define YY_PROTO(proto) ()
+#endif
+
+/* Returned upon end-of-file. */
+#define YY_NULL 0
+
+/* Promotes a possibly negative, possibly signed char to an unsigned
+ * integer for use as an array index.  If the signed char is negative,
+ * we want to instead treat it as an 8-bit unsigned char, hence the
+ * double cast.
+ */
+#define YY_SC_TO_UI(c) ((unsigned int)(unsigned char)c)
+
+/* Enter a start condition.  This macro really ought to take a parameter,
+ * but we do it the disgusting crufty way forced on us by the ()-less
+ * definition of BEGIN.
+ */
+#define BEGIN yy_start = 1 + 2 *
+
+/* Translate the current start state into a value that can be later handed
+ * to BEGIN to return to the state.  The YYSTATE alias is for lex
+ * compatibility.
+ */
+#define YY_START ((yy_start - 1) / 2)
+#define YYSTATE YY_START
+
+/* Action number for EOF rule of a given start state. */
+#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1)
+
+/* Special action meaning "start processing a new file". */
+#define YY_NEW_FILE yyrestart(yyin)
+
+#define YY_END_OF_BUFFER_CHAR 0
+
+/* Size of default input buffer. */
+#define YY_BUF_SIZE 16384
+
+typedef struct yy_buffer_state *YY_BUFFER_STATE;
+
+extern int yyleng;
+extern FILE *yyin, *yyout;
+
+#define EOB_ACT_CONTINUE_SCAN 0
+#define EOB_ACT_END_OF_FILE 1
+#define EOB_ACT_LAST_MATCH 2
+
+/* The funky do-while in the following #define is used to turn the definition
+ * int a single C statement (which needs a semi-colon terminator).  This
+ * avoids problems with code like:
+ *
+ *  if ( condition_holds )
+ *    yyless( 5 );
+ *  else
+ *    do_something_else();
+ *
+ * Prior to using the do-while the compiler would get upset at the
+ * "else" because it interpreted the "if" statement as being all
+ * done when it reached the ';' after the yyless() call.
+ */
+
+/* Return all but the first 'n' matched characters back to the input stream. */
+
+#define yyless(n)                                      \
+    do {                                               \
+        /* Undo effects of setting up yytext. */       \
+        *yy_cp = yy_hold_char;                         \
+        YY_RESTORE_YY_MORE_OFFSET                      \
+        yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ;  \
+        YY_DO_BEFORE_ACTION; /* set up yytext again */ \
+    } while (0)
+
+#define unput(c) yyunput(c, yytext_ptr)
+
+/* The following is because we cannot portably get our hands on size_t
+ * (without autoconf's help, which isn't available because we want
+ * flex-generated scanners to compile on their own).
+ */
+typedef unsigned int yy_size_t;
+
+struct yy_buffer_state {
+    FILE *yy_input_file;
+
+    char *yy_ch_buf;  /* input buffer */
+    char *yy_buf_pos; /* current position in input buffer */
+
+    /* Size of input buffer in bytes, not including room for EOB
+     * characters.
+     */
+    yy_size_t yy_buf_size;
+
+    /* Number of characters read into yy_ch_buf, not including EOB
+     * characters.
+     */
+    int yy_n_chars;
+
+    /* Whether we "own" the buffer - i.e., we know we created it,
+     * and can realloc() it to grow it, and should free() it to
+     * delete it.
+     */
+    int yy_is_our_buffer;
+
+    /* Whether this is an "interactive" input source; if so, and
+     * if we're using stdio for input, then we want to use getc()
+     * instead of fread(), to make sure we stop fetching input after
+     * each newline.
+     */
+    int yy_is_interactive;
+
+    /* Whether we're considered to be at the beginning of a line.
+     * If so, '^' rules will be active on the next match, otherwise
+     * not.
+     */
+    int yy_at_bol;
+
+    /* Whether to try to fill the input buffer when we reach the
+     * end of it.
+     */
+    int yy_fill_buffer;
+
+    int yy_buffer_status;
+#define YY_BUFFER_NEW 0
+#define YY_BUFFER_NORMAL 1
+/* When an EOF's been seen but there's still some text to process
+   * then we mark the buffer as YY_EOF_PENDING, to indicate that we
+   * shouldn't try reading from the input source any more.  We might
+   * still have a bunch of tokens to match, though, because of
+   * possible backing-up.
+   *
+   * When we actually see the EOF, we change the status to "new"
+   * (via yyrestart()), so that the user can continue scanning by
+   * just pointing yyin at a new input file.
+   */
+#define YY_BUFFER_EOF_PENDING 2
+};
+
+static YY_BUFFER_STATE yy_current_buffer = 0;
+
+/* We provide macros for accessing buffer states in case in the
+ * future we want to put the buffer states in a more general
+ * "scanner state".
+ */
+#define YY_CURRENT_BUFFER yy_current_buffer
+
+/* yy_hold_char holds the character lost when yytext is formed. */
+static char yy_hold_char;
+
+static int yy_n_chars; /* number of characters read into yy_ch_buf */
+
+int yyleng;
+
+/* Points to current character in buffer. */
+static char *yy_c_buf_p = (char *)0;
+static int yy_init = 1;  /* whether we need to initialize */
+static int yy_start = 0; /* start state number */
+
+/* Flag which is used to allow yywrap()'s to do buffer switches
+ * instead of setting up a fresh yyin.  A bit of a hack ...
+ */
+static int yy_did_buffer_switch_on_eof;
+
+void yyrestart YY_PROTO((FILE * input_file));
+
+void yy_switch_to_buffer YY_PROTO((YY_BUFFER_STATE new_buffer));
+void yy_load_buffer_state YY_PROTO((void));
+YY_BUFFER_STATE yy_create_buffer YY_PROTO((FILE * file, int size));
+void yy_delete_buffer YY_PROTO((YY_BUFFER_STATE b));
+void yy_init_buffer YY_PROTO((YY_BUFFER_STATE b, FILE *file));
+void yy_flush_buffer YY_PROTO((YY_BUFFER_STATE b));
+#define YY_FLUSH_BUFFER yy_flush_buffer(yy_current_buffer)
+
+YY_BUFFER_STATE yy_scan_buffer YY_PROTO((char *base, yy_size_t size));
+YY_BUFFER_STATE yy_scan_string YY_PROTO((yyconst char *yy_str));
+YY_BUFFER_STATE yy_scan_bytes YY_PROTO((yyconst char *bytes, int len));
+
+static void *yy_flex_alloc YY_PROTO((yy_size_t));
+static void *yy_flex_realloc YY_PROTO((void *, yy_size_t));
+static void yy_flex_free YY_PROTO((void *));
+
+#define yy_new_buffer yy_create_buffer
+
+#define yy_set_interactive(is_interactive)                           \
+    {                                                                \
+        if (!yy_current_buffer)                                      \
+            yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+        yy_current_buffer->yy_is_interactive = is_interactive;       \
+    }
+
+#define yy_set_bol(at_bol)                                           \
+    {                                                                \
+        if (!yy_current_buffer)                                      \
+            yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE); \
+        yy_current_buffer->yy_at_bol = at_bol;                       \
+    }
+
+#define YY_AT_BOL() (yy_current_buffer->yy_at_bol)
+
+typedef unsigned char YY_CHAR;
+FILE *yyin = (FILE *)0, *yyout = (FILE *)0;
+typedef int yy_state_type;
+extern char *yytext;
+#define yytext_ptr yytext
+
+static yy_state_type yy_get_previous_state YY_PROTO((void));
+static yy_state_type yy_try_NUL_trans YY_PROTO((yy_state_type current_state));
+static int yy_get_next_buffer YY_PROTO((void));
+static void yy_fatal_error YY_PROTO((yyconst char msg[]));
+
+/* Done after the current pattern has been matched and before the
+ * corresponding action - sets up yytext.
+ */
+#define YY_DO_BEFORE_ACTION        \
+    yytext_ptr = yy_bp;            \
+    yyleng = (int)(yy_cp - yy_bp); \
+    yy_hold_char = *yy_cp;         \
+    *yy_cp = '\0';                 \
+    yy_c_buf_p = yy_cp;
+
+#define YY_NUM_RULES 8
+#define YY_END_OF_BUFFER 9
+static yyconst short int yy_accept[16] =
+    { 0,
+      0, 0, 9, 3, 6, 5, 7, 1, 2, 3,
+      6, 0, 0, 4, 0 };
+
+static yyconst int yy_ec[256] =
+    { 0,
+      1, 1, 1, 1, 1, 1, 1, 1, 2, 3,
+      1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 2, 1, 5, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 6, 1, 1, 1, 1, 1, 1, 1, 1,
+
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 7, 1, 8, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+      1, 1, 1, 1, 1 };
+
+static yyconst int yy_meta[9] =
+    { 0,
+      1, 2, 3, 4, 3, 1, 5, 5 };
+
+static yyconst short int yy_base[19] =
+    { 0,
+      0, 0, 19, 0, 0, 21, 12, 21, 21, 0,
+      0, 4, 6, 21, 21, 13, 11, 15 };
+
+static yyconst short int yy_def[19] =
+    { 0,
+      15, 1, 15, 16, 17, 15, 18, 15, 15, 16,
+      17, 18, 15, 15, 0, 15, 15, 15 };
+
+static yyconst short int yy_nxt[30] =
+    { 0,
+      4, 5, 6, 5, 7, 4, 8, 9, 14, 13,
+      12, 12, 11, 10, 11, 12, 12, 13, 15, 12,
+      3, 15, 15, 15, 15, 15, 15, 15, 15 };
+
+static yyconst short int yy_chk[30] =
+    { 0,
+      1, 1, 1, 1, 1, 1, 1, 1, 12, 12,
+      13, 13, 17, 16, 17, 18, 18, 7, 3, 18,
+      15, 15, 15, 15, 15, 15, 15, 15, 15 };
+
+static yy_state_type yy_last_accepting_state;
+static char *yy_last_accepting_cpos;
+
+/* The intent behind this definition is that it'll catch
+ * any uses of REJECT which flex missed.
+ */
+#define REJECT reject_used_but_not_detected
+#define yymore() yymore_used_but_not_detected
+#define YY_MORE_ADJ 0
+#define YY_RESTORE_YY_MORE_OFFSET
+char *yytext;
+#line 1 "installparse.l"
+#define INITIAL 0
+/* lex file for analyzing PKCS #11 Module installation instructions */
+/*----------------------------- Definitions ---------------------------*/
+#line 5 "installparse.l"
+#include <string.h>
+
+#include "install-ds.h"   /* defines tokens and data structures */
+#include "installparse.h" /* produced by yacc -d */
+#include <prprf.h>
+static char *putSimpleString(char *);  /* return copy of string */
+static char *putComplexString(char *); /* strip out quotes, deal with */
+                                       /* escaped characters */
+
+void Pk11Install_yyerror(char *);
+
+/* Overrides to use NSPR */
+#define malloc PR_Malloc
+#define realloc PR_Realloc
+#define free PR_Free
+
+int Pk11Install_yylinenum = 1;
+static char *err;
+
+#define YY_NEVER_INTERACTIVE 1
+#define yyunput Pkcs11Install_yyunput
+
+/* This is the default YY_INPUT modified for NSPR */
+#define YY_INPUT(buf, result, max_size)                               \
+    if (yy_current_buffer->yy_is_interactive) {                       \
+        char c;                                                       \
+        int n;                                                        \
+        for (n = 0; n < max_size &&                                   \
+                    PR_Read(Pk11Install_FD, &c, 1) == 1 && c != '\n'; \
+             ++n) {                                                   \
+            buf[n] = c;                                               \
+        }                                                             \
+        if (c == '\n') {                                              \
+            buf[n++] = c;                                             \
+        }                                                             \
+        result = n;                                                   \
+    } else {                                                          \
+        result = PR_Read(Pk11Install_FD, buf, max_size);              \
+    }
+
+/*** Regular expression definitions ***/
+/* simple_string has no whitespace, quotes, or braces */
+/* complex_string is enclosed in quotes. Inside the quotes, quotes and
+   backslashes must be backslash-escaped. Otherwise, anything goes. */
+/* Standard whitespace */
+/*---------------------------- Actions --------------------------------*/
+#line 437 "lex.Pk11Install_yy.cpp"
+
+/* Macros after this point can all be overridden by user definitions in
+ * section 1.
+ */
+
+#ifndef YY_SKIP_YYWRAP
+#ifdef __cplusplus
+extern "C" int yywrap YY_PROTO((void));
+#else
+extern int yywrap YY_PROTO((void));
+#endif
+#endif
+
+#ifndef YY_NO_UNPUT
+static void yyunput YY_PROTO((int c, char *buf_ptr));
+#endif
+
+#ifndef yytext_ptr
+static void yy_flex_strncpy YY_PROTO((char *, yyconst char *, int));
+#endif
+
+#ifdef YY_NEED_STRLEN
+static int yy_flex_strlen YY_PROTO((yyconst char *));
+#endif
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+static int yyinput YY_PROTO((void));
+#else
+static int input YY_PROTO((void));
+#endif
+#endif
+
+#if YY_STACK_USED
+static int yy_start_stack_ptr = 0;
+static int yy_start_stack_depth = 0;
+static int *yy_start_stack = 0;
+#ifndef YY_NO_PUSH_STATE
+static void yy_push_state YY_PROTO((int new_state));
+#endif
+#ifndef YY_NO_POP_STATE
+static void yy_pop_state YY_PROTO((void));
+#endif
+#ifndef YY_NO_TOP_STATE
+static int yy_top_state YY_PROTO((void));
+#endif
+
+#else
+#define YY_NO_PUSH_STATE 1
+#define YY_NO_POP_STATE 1
+#define YY_NO_TOP_STATE 1
+#endif
+
+#ifdef YY_MALLOC_DECL
+YY_MALLOC_DECL
+#else
+#if __STDC__
+#ifndef __cplusplus
+#include <stdlib.h>
+#endif
+#else
+/* Just try to get by without declaring the routines.  This will fail
+ * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int)
+ * or sizeof(void*) != sizeof(int).
+ */
+#endif
+#endif
+
+/* Amount of stuff to slurp up with each read. */
+#ifndef YY_READ_BUF_SIZE
+#define YY_READ_BUF_SIZE 8192
+#endif
+
+/* Copy whatever the last rule matched to the standard output. */
+
+#ifndef ECHO
+/* This used to be an fputs(), but since the string might contain NUL's,
+ * we now use fwrite().
+ */
+#define ECHO (void)fwrite(yytext, yyleng, 1, yyout)
+#endif
+
+/* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+ * is returned in "result".
+ */
+#ifndef YY_INPUT
+#define YY_INPUT(buf, result, max_size)                           \
+    if (yy_current_buffer->yy_is_interactive) {                   \
+        int c = '*', n;                                           \
+        for (n = 0; n < max_size &&                               \
+                    (c = getc(yyin)) != EOF && c != '\n';         \
+             ++n)                                                 \
+            buf[n] = (char)c;                                     \
+        if (c == '\n')                                            \
+            buf[n++] = (char)c;                                   \
+        if (c == EOF && ferror(yyin))                             \
+            YY_FATAL_ERROR("input in flex scanner failed");       \
+        result = n;                                               \
+    } else if (((result = fread(buf, 1, max_size, yyin)) == 0) && \
+               ferror(yyin))                                      \
+        YY_FATAL_ERROR("input in flex scanner failed");
+#endif
+
+/* No semi-colon after return; correct usage is to write "yyterminate();" -
+ * we don't want an extra ';' after the "return" because that will cause
+ * some compilers to complain about unreachable statements.
+ */
+#ifndef yyterminate
+#define yyterminate() return YY_NULL
+#endif
+
+/* Number of entries by which start-condition stack grows. */
+#ifndef YY_START_STACK_INCR
+#define YY_START_STACK_INCR 25
+#endif
+
+/* Report a fatal error. */
+#ifndef YY_FATAL_ERROR
+#define YY_FATAL_ERROR(msg) yy_fatal_error(msg)
+#endif
+
+/* Default declaration of generated scanner - a define so the user can
+ * easily add parameters.
+ */
+#ifndef YY_DECL
+#define YY_DECL int yylex YY_PROTO((void))
+#endif
+
+/* Code executed at the beginning of each rule, after yytext and yyleng
+ * have been set up.
+ */
+#ifndef YY_USER_ACTION
+#define YY_USER_ACTION
+#endif
+
+/* Code executed at the end of each rule. */
+#ifndef YY_BREAK
+#define YY_BREAK break;
+#endif
+
+#define YY_RULE_SETUP \
+    YY_USER_ACTION
+
+YY_DECL
+{
+    register yy_state_type yy_current_state;
+    register char *yy_cp, *yy_bp;
+    register int yy_act;
+
+#line 60 "installparse.l"
+
+#line 591 "lex.Pk11Install_yy.cpp"
+
+    if (yy_init) {
+        yy_init = 0;
+
+#ifdef YY_USER_INIT
+        YY_USER_INIT;
+#endif
+
+        if (!yy_start)
+            yy_start = 1; /* first start state */
+
+        if (!yyin)
+            yyin = stdin;
+
+        if (!yyout)
+            yyout = stdout;
+
+        if (!yy_current_buffer)
+            yy_current_buffer =
+                yy_create_buffer(yyin, YY_BUF_SIZE);
+
+        yy_load_buffer_state();
+    }
+
+    while (1) /* loops until end-of-file is reached */
+    {
+        yy_cp = yy_c_buf_p;
+
+        /* Support of yytext. */
+        *yy_cp = yy_hold_char;
+
+        /* yy_bp points to the position in yy_ch_buf of the start of
+         * the current run.
+         */
+        yy_bp = yy_cp;
+
+        yy_current_state = yy_start;
+    yy_match:
+        do {
+            register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)];
+            if (yy_accept[yy_current_state]) {
+                yy_last_accepting_state = yy_current_state;
+                yy_last_accepting_cpos = yy_cp;
+            }
+            while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+                yy_current_state = (int)yy_def[yy_current_state];
+                if (yy_current_state >= 16)
+                    yy_c = yy_meta[(unsigned int)yy_c];
+            }
+            yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+            ++yy_cp;
+        } while (yy_base[yy_current_state] != 21);
+
+    yy_find_action:
+        yy_act = yy_accept[yy_current_state];
+        if (yy_act == 0) { /* have to back up */
+            yy_cp = yy_last_accepting_cpos;
+            yy_current_state = yy_last_accepting_state;
+            yy_act = yy_accept[yy_current_state];
+        }
+
+        YY_DO_BEFORE_ACTION;
+
+    do_action: /* This label is used only to access EOF actions. */
+
+        switch (yy_act) { /* beginning of action switch */
+            case 0:       /* must back up */
+                /* undo the effects of YY_DO_BEFORE_ACTION */
+                *yy_cp = yy_hold_char;
+                yy_cp = yy_last_accepting_cpos;
+                yy_current_state = yy_last_accepting_state;
+                goto yy_find_action;
+
+            case 1:
+                YY_RULE_SETUP
+#line 62 "installparse.l"
+                return OPENBRACE;
+                YY_BREAK
+            case 2:
+                YY_RULE_SETUP
+#line 63 "installparse.l"
+                return CLOSEBRACE;
+                YY_BREAK
+            case 3:
+                YY_RULE_SETUP
+#line 64 "installparse.l"
+                {
+                    Pk11Install_yylval.string =
+                        putSimpleString(Pk11Install_yytext);
+                    return STRING;
+                }
+                YY_BREAK
+            case 4:
+                YY_RULE_SETUP
+#line 67 "installparse.l"
+                {
+                    Pk11Install_yylval.string =
+                        putComplexString(Pk11Install_yytext);
+                    return STRING;
+                }
+                YY_BREAK
+            case 5:
+                YY_RULE_SETUP
+#line 71 "installparse.l"
+                Pk11Install_yylinenum++;
+                YY_BREAK
+            case 6:
+                YY_RULE_SETUP
+#line 73 "installparse.l"
+                    ;
+                YY_BREAK
+            case 7:
+                YY_RULE_SETUP
+#line 75 "installparse.l"
+                {
+                    err =
+                        PR_smprintf("Invalid lexeme: %s", Pk11Install_yytext);
+                    Pk11Install_yyerror(err);
+                    PR_smprintf_free(err);
+                    return 1;
+                }
+                YY_BREAK
+            case 8:
+                YY_RULE_SETUP
+#line 81 "installparse.l"
+                ECHO;
+                YY_BREAK
+#line 722 "lex.Pk11Install_yy.cpp"
+            case YY_STATE_EOF(INITIAL):
+                yyterminate();
+
+            case YY_END_OF_BUFFER: {
+                /* Amount of text matched not including the EOB char. */
+                int yy_amount_of_matched_text = (int)(yy_cp - yytext_ptr) - 1;
+
+                /* Undo the effects of YY_DO_BEFORE_ACTION. */
+                *yy_cp = yy_hold_char;
+                YY_RESTORE_YY_MORE_OFFSET
+
+                if (yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW) {
+                    /* We're scanning a new file or input source.  It's
+                     * possible that this happened because the user
+                     * just pointed yyin at a new source and called
+                     * yylex().  If so, then we have to assure
+                     * consistency between yy_current_buffer and our
+                     * globals.  Here is the right place to do so, because
+                     * this is the first action (other than possibly a
+                     * back-up) that will match for the new input source.
+                     */
+                    yy_n_chars = yy_current_buffer->yy_n_chars;
+                    yy_current_buffer->yy_input_file = yyin;
+                    yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL;
+                }
+
+                /* Note that here we test for yy_c_buf_p "<=" to the position
+                 * of the first EOB in the buffer, since yy_c_buf_p will
+                 * already have been incremented past the NUL character
+                 * (since all states make transitions on EOB to the
+                 * end-of-buffer state).  Contrast this with the test
+                 * in input().
+                 */
+                if (yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars]) { /* This was really a NUL. */
+                    yy_state_type yy_next_state;
+
+                    yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text;
+
+                    yy_current_state = yy_get_previous_state();
+
+                    /* Okay, we're now positioned to make the NUL
+                     * transition.  We couldn't have
+                     * yy_get_previous_state() go ahead and do it
+                     * for us because it doesn't know how to deal
+                     * with the possibility of jamming (and we don't
+                     * want to build jamming into it because then it
+                     * will run more slowly).
+                     */
+
+                    yy_next_state = yy_try_NUL_trans(yy_current_state);
+
+                    yy_bp = yytext_ptr + YY_MORE_ADJ;
+
+                    if (yy_next_state) {
+                        /* Consume the NUL. */
+                        yy_cp = ++yy_c_buf_p;
+                        yy_current_state = yy_next_state;
+                        goto yy_match;
+                    }
+
+                    else {
+                        yy_cp = yy_c_buf_p;
+                        goto yy_find_action;
+                    }
+                }
+
+                else
+                    switch (yy_get_next_buffer()) {
+                        case EOB_ACT_END_OF_FILE: {
+                            yy_did_buffer_switch_on_eof = 0;
+
+                            if (yywrap()) {
+                                /* Note: because we've taken care in
+                                 * yy_get_next_buffer() to have set up
+                                 * yytext, we can now set up
+                                 * yy_c_buf_p so that if some total
+                                 * hoser (like flex itself) wants to
+                                 * call the scanner after we return the
+                                 * YY_NULL, it'll still work - another
+                                 * YY_NULL will get returned.
+                                 */
+                                yy_c_buf_p = yytext_ptr + YY_MORE_ADJ;
+
+                                yy_act = YY_STATE_EOF(YY_START);
+                                goto do_action;
+                            }
+
+                            else {
+                                if (!yy_did_buffer_switch_on_eof)
+                                    YY_NEW_FILE;
+                            }
+                            break;
+                        }
+
+                        case EOB_ACT_CONTINUE_SCAN:
+                            yy_c_buf_p =
+                                yytext_ptr + yy_amount_of_matched_text;
+
+                            yy_current_state = yy_get_previous_state();
+
+                            yy_cp = yy_c_buf_p;
+                            yy_bp = yytext_ptr + YY_MORE_ADJ;
+                            goto yy_match;
+
+                        case EOB_ACT_LAST_MATCH:
+                            yy_c_buf_p =
+                                &yy_current_buffer->yy_ch_buf[yy_n_chars];
+
+                            yy_current_state = yy_get_previous_state();
+
+                            yy_cp = yy_c_buf_p;
+                            yy_bp = yytext_ptr + YY_MORE_ADJ;
+                            goto yy_find_action;
+                    }
+                break;
+            }
+
+            default:
+                YY_FATAL_ERROR(
+                    "fatal flex scanner internal error--no action found");
+        } /* end of action switch */
+    }     /* end of scanning one token */
+} /* end of yylex */
+
+/* yy_get_next_buffer - try to read in a new buffer
+ *
+ * Returns a code representing an action:
+ *  EOB_ACT_LAST_MATCH -
+ *  EOB_ACT_CONTINUE_SCAN - continue scanning from current position
+ *  EOB_ACT_END_OF_FILE - end of file
+ */
+
+static int
+yy_get_next_buffer()
+{
+    register char *dest = yy_current_buffer->yy_ch_buf;
+    register char *source = yytext_ptr;
+    register int number_to_move, i;
+    int ret_val;
+
+    if (yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1])
+        YY_FATAL_ERROR(
+            "fatal flex scanner internal error--end of buffer missed");
+
+    if (yy_current_buffer->yy_fill_buffer == 0) { /* Don't try to fill the buffer, so this is an EOF. */
+        if (yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1) {
+            /* We matched a single character, the EOB, so
+             * treat this as a final EOF.
+             */
+            return EOB_ACT_END_OF_FILE;
+        }
+
+        else {
+            /* We matched some text prior to the EOB, first
+             * process it.
+             */
+            return EOB_ACT_LAST_MATCH;
+        }
+    }
+
+    /* Try to read more data. */
+
+    /* First move last chars to start of buffer. */
+    number_to_move = (int)(yy_c_buf_p - yytext_ptr) - 1;
+
+    for (i = 0; i < number_to_move; ++i)
+        *(dest++) = *(source++);
+
+    if (yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING)
+        /* don't do the read, it's not guaranteed to return an EOF,
+         * just force an EOF
+         */
+        yy_current_buffer->yy_n_chars = yy_n_chars = 0;
+
+    else {
+        int num_to_read =
+            yy_current_buffer->yy_buf_size - number_to_move - 1;
+
+        while (num_to_read <= 0) { /* Not enough room in the buffer - grow it. */
+#ifdef YY_USES_REJECT
+            YY_FATAL_ERROR(
+                "input buffer overflow, can't enlarge buffer because scanner uses REJECT");
+#else
+
+            /* just a shorter name for the current buffer */
+            YY_BUFFER_STATE b = yy_current_buffer;
+
+            int yy_c_buf_p_offset =
+                (int)(yy_c_buf_p - b->yy_ch_buf);
+
+            if (b->yy_is_our_buffer) {
+                int new_size = b->yy_buf_size * 2;
+
+                if (new_size <= 0)
+                    b->yy_buf_size += b->yy_buf_size / 8;
+                else
+                    b->yy_buf_size *= 2;
+
+                b->yy_ch_buf = (char *)
+                    /* Include room in for 2 EOB chars. */
+                    yy_flex_realloc((void *)b->yy_ch_buf,
+                                    b->yy_buf_size + 2);
+            } else
+                /* Can't grow it, we don't own it. */
+                b->yy_ch_buf = 0;
+
+            if (!b->yy_ch_buf)
+                YY_FATAL_ERROR(
+                    "fatal error - scanner input buffer overflow");
+
+            yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset];
+
+            num_to_read = yy_current_buffer->yy_buf_size -
+                          number_to_move - 1;
+#endif
+        }
+
+        if (num_to_read > YY_READ_BUF_SIZE)
+            num_to_read = YY_READ_BUF_SIZE;
+
+        /* Read in more data. */
+        YY_INPUT((&yy_current_buffer->yy_ch_buf[number_to_move]),
+                 yy_n_chars, num_to_read);
+
+        yy_current_buffer->yy_n_chars = yy_n_chars;
+    }
+
+    if (yy_n_chars == 0) {
+        if (number_to_move == YY_MORE_ADJ) {
+            ret_val = EOB_ACT_END_OF_FILE;
+            yyrestart(yyin);
+        }
+
+        else {
+            ret_val = EOB_ACT_LAST_MATCH;
+            yy_current_buffer->yy_buffer_status =
+                YY_BUFFER_EOF_PENDING;
+        }
+    }
+
+    else
+        ret_val = EOB_ACT_CONTINUE_SCAN;
+
+    yy_n_chars += number_to_move;
+    yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR;
+    yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR;
+
+    yytext_ptr = &yy_current_buffer->yy_ch_buf[0];
+
+    return ret_val;
+}
+
+/* yy_get_previous_state - get the state just before the EOB char was reached */
+
+static yy_state_type
+yy_get_previous_state()
+{
+    register yy_state_type yy_current_state;
+    register char *yy_cp;
+
+    yy_current_state = yy_start;
+
+    for (yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp) {
+        register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1);
+        if (yy_accept[yy_current_state]) {
+            yy_last_accepting_state = yy_current_state;
+            yy_last_accepting_cpos = yy_cp;
+        }
+        while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+            yy_current_state = (int)yy_def[yy_current_state];
+            if (yy_current_state >= 16)
+                yy_c = yy_meta[(unsigned int)yy_c];
+        }
+        yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+    }
+
+    return yy_current_state;
+}
+
+/* yy_try_NUL_trans - try to make a transition on the NUL character
+ *
+ * synopsis
+ *  next_state = yy_try_NUL_trans( current_state );
+ */
+
+#ifdef YY_USE_PROTOS
+static yy_state_type
+yy_try_NUL_trans(yy_state_type yy_current_state)
+#else
+static yy_state_type yy_try_NUL_trans(yy_current_state)
+    yy_state_type yy_current_state;
+#endif
+{
+    register int yy_is_jam;
+    register char *yy_cp = yy_c_buf_p;
+
+    register YY_CHAR yy_c = 1;
+    if (yy_accept[yy_current_state]) {
+        yy_last_accepting_state = yy_current_state;
+        yy_last_accepting_cpos = yy_cp;
+    }
+    while (yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state) {
+        yy_current_state = (int)yy_def[yy_current_state];
+        if (yy_current_state >= 16)
+            yy_c = yy_meta[(unsigned int)yy_c];
+    }
+    yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int)yy_c];
+    yy_is_jam = (yy_current_state == 15);
+
+    return yy_is_jam ? 0 : yy_current_state;
+}
+
+#ifndef YY_NO_UNPUT
+#ifdef YY_USE_PROTOS
+static void
+yyunput(int c, register char *yy_bp)
+#else
+static void yyunput(c, yy_bp) int c;
+register char *yy_bp;
+#endif
+{
+    register char *yy_cp = yy_c_buf_p;
+
+    /* undo effects of setting up yytext */
+    *yy_cp = yy_hold_char;
+
+    if (yy_cp < yy_current_buffer->yy_ch_buf + 2) { /* need to shift things up to make room */
+        /* +2 for EOB chars. */
+        register int number_to_move = yy_n_chars + 2;
+        register char *dest = &yy_current_buffer->yy_ch_buf[yy_current_buffer->yy_buf_size +
+                                                            2];
+        register char *source =
+            &yy_current_buffer->yy_ch_buf[number_to_move];
+
+        while (source > yy_current_buffer->yy_ch_buf)
+            *--dest = *--source;
+
+        yy_cp += (int)(dest - source);
+        yy_bp += (int)(dest - source);
+        yy_current_buffer->yy_n_chars =
+            yy_n_chars = yy_current_buffer->yy_buf_size;
+
+        if (yy_cp < yy_current_buffer->yy_ch_buf + 2)
+            YY_FATAL_ERROR("flex scanner push-back overflow");
+    }
+
+    *--yy_cp = (char)c;
+
+    yytext_ptr = yy_bp;
+    yy_hold_char = *yy_cp;
+    yy_c_buf_p = yy_cp;
+}
+#endif /* ifndef YY_NO_UNPUT */
+
+#ifndef YY_NO_INPUT
+#ifdef __cplusplus
+static int
+yyinput()
+#else
+static int
+input()
+#endif
+{
+    int c;
+
+    *yy_c_buf_p = yy_hold_char;
+
+    if (*yy_c_buf_p == YY_END_OF_BUFFER_CHAR) {
+        /* yy_c_buf_p now points to the character we want to return.
+         * If this occurs *before* the EOB characters, then it's a
+         * valid NUL; if not, then we've hit the end of the buffer.
+         */
+        if (yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars])
+            /* This was really a NUL. */
+            *yy_c_buf_p = '\0';
+
+        else { /* need more input */
+            int offset = yy_c_buf_p - yytext_ptr;
+            ++yy_c_buf_p;
+
+            switch (yy_get_next_buffer()) {
+                case EOB_ACT_LAST_MATCH:
+                    /* This happens because yy_g_n_b()
+                     * sees that we've accumulated a
+                     * token and flags that we need to
+                     * try matching the token before
+                     * proceeding.  But for input(),
+                     * there's no matching to consider.
+                     * So convert the EOB_ACT_LAST_MATCH
+                     * to EOB_ACT_END_OF_FILE.
+                     */
+
+                    /* Reset buffer status. */
+                    yyrestart(yyin);
+
+                /* fall through */
+
+                case EOB_ACT_END_OF_FILE: {
+                    if (yywrap())
+                        return EOF;
+
+                    if (!yy_did_buffer_switch_on_eof)
+                        YY_NEW_FILE;
+#ifdef __cplusplus
+                    return yyinput();
+#else
+                    return input();
+#endif
+                }
+
+                case EOB_ACT_CONTINUE_SCAN:
+                    yy_c_buf_p = yytext_ptr + offset;
+                    break;
+            }
+        }
+    }
+
+    c = *(unsigned char *)yy_c_buf_p; /* cast for 8-bit char's */
+    *yy_c_buf_p = '\0';               /* preserve yytext */
+    yy_hold_char = *++yy_c_buf_p;
+
+    return c;
+}
+#endif /* ifndef YY_NO_INPUT */
+
+#ifdef YY_USE_PROTOS
+void
+yyrestart(FILE *input_file)
+#else
+void yyrestart(input_file)
+    FILE *input_file;
+#endif
+{
+    if (!yy_current_buffer)
+        yy_current_buffer = yy_create_buffer(yyin, YY_BUF_SIZE);
+
+    yy_init_buffer(yy_current_buffer, input_file);
+    yy_load_buffer_state();
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_switch_to_buffer(YY_BUFFER_STATE new_buffer)
+#else
+void yy_switch_to_buffer(new_buffer)
+    YY_BUFFER_STATE new_buffer;
+#endif
+{
+    if (yy_current_buffer == new_buffer)
+        return;
+
+    if (yy_current_buffer) {
+        /* Flush out information for old buffer. */
+        *yy_c_buf_p = yy_hold_char;
+        yy_current_buffer->yy_buf_pos = yy_c_buf_p;
+        yy_current_buffer->yy_n_chars = yy_n_chars;
+    }
+
+    yy_current_buffer = new_buffer;
+    yy_load_buffer_state();
+
+    /* We don't actually know whether we did this switch during
+     * EOF (yywrap()) processing, but the only time this flag
+     * is looked at is after yywrap() is called, so it's safe
+     * to go ahead and always set it.
+     */
+    yy_did_buffer_switch_on_eof = 1;
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_load_buffer_state(void)
+#else
+void
+yy_load_buffer_state()
+#endif
+{
+    yy_n_chars = yy_current_buffer->yy_n_chars;
+    yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos;
+    yyin = yy_current_buffer->yy_input_file;
+    yy_hold_char = *yy_c_buf_p;
+}
+
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_create_buffer(FILE *file, int size)
+#else
+YY_BUFFER_STATE yy_create_buffer(file, size)
+    FILE *file;
+int size;
+#endif
+{
+    YY_BUFFER_STATE b;
+
+    b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+    if (!b)
+        YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
+
+    b->yy_buf_size = size;
+
+    /* yy_ch_buf has to be 2 characters longer than the size given because
+     * we need to put in 2 end-of-buffer characters.
+     */
+    b->yy_ch_buf = (char *)yy_flex_alloc(b->yy_buf_size + 2);
+    if (!b->yy_ch_buf)
+        YY_FATAL_ERROR("out of dynamic memory in yy_create_buffer()");
+
+    b->yy_is_our_buffer = 1;
+
+    yy_init_buffer(b, file);
+
+    return b;
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_delete_buffer(YY_BUFFER_STATE b)
+#else
+void yy_delete_buffer(b)
+    YY_BUFFER_STATE b;
+#endif
+{
+    if (!b)
+        return;
+
+    if (b == yy_current_buffer)
+        yy_current_buffer = (YY_BUFFER_STATE)0;
+
+    if (b->yy_is_our_buffer)
+        yy_flex_free((void *)b->yy_ch_buf);
+
+    yy_flex_free((void *)b);
+}
+
+#ifndef YY_ALWAYS_INTERACTIVE
+#ifndef YY_NEVER_INTERACTIVE
+extern int isatty YY_PROTO((int));
+#endif
+#endif
+
+#ifdef YY_USE_PROTOS
+void
+yy_init_buffer(YY_BUFFER_STATE b, FILE *file)
+#else
+void yy_init_buffer(b, file)
+    YY_BUFFER_STATE b;
+FILE *file;
+#endif
+
+{
+    yy_flush_buffer(b);
+
+    b->yy_input_file = file;
+    b->yy_fill_buffer = 1;
+
+#if YY_ALWAYS_INTERACTIVE
+    b->yy_is_interactive = 1;
+#else
+#if YY_NEVER_INTERACTIVE
+    b->yy_is_interactive = 0;
+#else
+    b->yy_is_interactive = file ? (isatty(fileno(file)) > 0) : 0;
+#endif
+#endif
+}
+
+#ifdef YY_USE_PROTOS
+void
+yy_flush_buffer(YY_BUFFER_STATE b)
+#else
+void yy_flush_buffer(b)
+    YY_BUFFER_STATE b;
+#endif
+
+{
+    if (!b)
+        return;
+
+    b->yy_n_chars = 0;
+
+    /* We always need two end-of-buffer characters.  The first causes
+     * a transition to the end-of-buffer state.  The second causes
+     * a jam in that state.
+     */
+    b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR;
+    b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR;
+
+    b->yy_buf_pos = &b->yy_ch_buf[0];
+
+    b->yy_at_bol = 1;
+    b->yy_buffer_status = YY_BUFFER_NEW;
+
+    if (b == yy_current_buffer)
+        yy_load_buffer_state();
+}
+
+#ifndef YY_NO_SCAN_BUFFER
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_scan_buffer(char *base, yy_size_t size)
+#else
+YY_BUFFER_STATE yy_scan_buffer(base, size) char *base;
+yy_size_t size;
+#endif
+{
+    YY_BUFFER_STATE b;
+
+    if (size < 2 ||
+        base[size - 2] != YY_END_OF_BUFFER_CHAR ||
+        base[size - 1] != YY_END_OF_BUFFER_CHAR)
+        /* They forgot to leave room for the EOB's. */
+        return 0;
+
+    b = (YY_BUFFER_STATE)yy_flex_alloc(sizeof(struct yy_buffer_state));
+    if (!b)
+        YY_FATAL_ERROR("out of dynamic memory in yy_scan_buffer()");
+
+    b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
+    b->yy_buf_pos = b->yy_ch_buf = base;
+    b->yy_is_our_buffer = 0;
+    b->yy_input_file = 0;
+    b->yy_n_chars = b->yy_buf_size;
+    b->yy_is_interactive = 0;
+    b->yy_at_bol = 1;
+    b->yy_fill_buffer = 0;
+    b->yy_buffer_status = YY_BUFFER_NEW;
+
+    yy_switch_to_buffer(b);
+
+    return b;
+}
+#endif
+
+#ifndef YY_NO_SCAN_STRING
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_scan_string(yyconst char *yy_str)
+#else
+YY_BUFFER_STATE yy_scan_string(yy_str)
+    yyconst char *yy_str;
+#endif
+{
+    int len;
+    for (len = 0; yy_str[len]; ++len)
+        ;
+
+    return yy_scan_bytes(yy_str, len);
+}
+#endif
+
+#ifndef YY_NO_SCAN_BYTES
+#ifdef YY_USE_PROTOS
+YY_BUFFER_STATE
+yy_scan_bytes(yyconst char *bytes, int len)
+#else
+YY_BUFFER_STATE yy_scan_bytes(bytes, len)
+    yyconst char *bytes;
+int len;
+#endif
+{
+    YY_BUFFER_STATE b;
+    char *buf;
+    yy_size_t n;
+    int i;
+
+    /* Get memory for full buffer, including space for trailing EOB's. */
+    n = len + 2;
+    buf = (char *)yy_flex_alloc(n);
+    if (!buf)
+        YY_FATAL_ERROR("out of dynamic memory in yy_scan_bytes()");
+
+    for (i = 0; i < len; ++i)
+        buf[i] = bytes[i];
+
+    buf[len] = buf[len + 1] = YY_END_OF_BUFFER_CHAR;
+
+    b = yy_scan_buffer(buf, n);
+    if (!b)
+        YY_FATAL_ERROR("bad buffer in yy_scan_bytes()");
+
+    /* It's okay to grow etc. this buffer, and we should throw it
+     * away when we're done.
+     */
+    b->yy_is_our_buffer = 1;
+
+    return b;
+}
+#endif
+
+#ifndef YY_NO_PUSH_STATE
+#ifdef YY_USE_PROTOS
+static void
+yy_push_state(int new_state)
+#else
+static void yy_push_state(new_state) int new_state;
+#endif
+{
+    if (yy_start_stack_ptr >= yy_start_stack_depth) {
+        yy_size_t new_size;
+
+        yy_start_stack_depth += YY_START_STACK_INCR;
+        new_size = yy_start_stack_depth * sizeof(int);
+
+        if (!yy_start_stack)
+            yy_start_stack = (int *)yy_flex_alloc(new_size);
+
+        else
+            yy_start_stack = (int *)yy_flex_realloc(
+                (void *)yy_start_stack, new_size);
+
+        if (!yy_start_stack)
+            YY_FATAL_ERROR(
+                "out of memory expanding start-condition stack");
+    }
+
+    yy_start_stack[yy_start_stack_ptr++] = YY_START;
+
+    BEGIN(new_state);
+}
+#endif
+
+#ifndef YY_NO_POP_STATE
+static void
+yy_pop_state()
+{
+    if (--yy_start_stack_ptr < 0)
+        YY_FATAL_ERROR("start-condition stack underflow");
+
+    BEGIN(yy_start_stack[yy_start_stack_ptr]);
+}
+#endif
+
+#ifndef YY_NO_TOP_STATE
+static int
+yy_top_state()
+{
+    return yy_start_stack[yy_start_stack_ptr - 1];
+}
+#endif
+
+#ifndef YY_EXIT_FAILURE
+#define YY_EXIT_FAILURE 2
+#endif
+
+#ifdef YY_USE_PROTOS
+static void
+yy_fatal_error(yyconst char msg[])
+#else
+static void yy_fatal_error(msg) char msg[];
+#endif
+{
+    (void)fprintf(stderr, "%s\n", msg);
+    exit(YY_EXIT_FAILURE);
+}
+
+/* Redefine yyless() so it works in section 3 code. */
+
+#undef yyless
+#define yyless(n)                                \
+    do {                                         \
+        /* Undo effects of setting up yytext. */ \
+        yytext[yyleng] = yy_hold_char;           \
+        yy_c_buf_p = yytext + n;                 \
+        yy_hold_char = *yy_c_buf_p;              \
+        *yy_c_buf_p = '\0';                      \
+        yyleng = n;                              \
+    } while (0)
+
+/* Internal utility routines. */
+
+#ifndef yytext_ptr
+#ifdef YY_USE_PROTOS
+static void
+yy_flex_strncpy(char *s1, yyconst char *s2, int n)
+#else
+static void yy_flex_strncpy(s1, s2, n) char *s1;
+yyconst char *s2;
+int n;
+#endif
+{
+    register int i;
+    for (i = 0; i < n; ++i)
+        s1[i] = s2[i];
+}
+#endif
+
+#ifdef YY_NEED_STRLEN
+#ifdef YY_USE_PROTOS
+static int
+yy_flex_strlen(yyconst char *s)
+#else
+static int yy_flex_strlen(s)
+    yyconst char *s;
+#endif
+{
+    register int n;
+    for (n = 0; s[n]; ++n)
+        ;
+
+    return n;
+}
+#endif
+
+#ifdef YY_USE_PROTOS
+static void *
+yy_flex_alloc(yy_size_t size)
+#else
+static void *yy_flex_alloc(size)
+    yy_size_t size;
+#endif
+{
+    return (void *)malloc(size);
+}
+
+#ifdef YY_USE_PROTOS
+static void *
+yy_flex_realloc(void *ptr, yy_size_t size)
+#else
+static void *yy_flex_realloc(ptr, size) void *ptr;
+yy_size_t size;
+#endif
+{
+    /* The cast to (char *) in the following accommodates both
+     * implementations that use char* generic pointers, and those
+     * that use void* generic pointers.  It works with the latter
+     * because both ANSI C and C++ allow castless assignment from
+     * any pointer type to void*, and deal with argument conversions
+     * as though doing an assignment.
+     */
+    return (void *)realloc((char *)ptr, size);
+}
+
+#ifdef YY_USE_PROTOS
+static void
+yy_flex_free(void *ptr)
+#else
+static void yy_flex_free(ptr) void *ptr;
+#endif
+{
+    free(ptr);
+}
+
+#if YY_MAIN
+int
+main()
+{
+    yylex();
+    return 0;
+}
+#endif
+#line 81 "installparse.l"
+
+/*------------------------ Program Section ----------------------------*/
+
+PRFileDesc *Pk11Install_FD = NULL;
+
+/*************************************************************************/
+/* dummy function required by lex */
+int
+Pk11Install_yywrap(void)
+{
+    return 1;
+}
+
+/*************************************************************************/
+/* Return a copy of the given string */
+static char *
+putSimpleString(char *str)
+{
+    char *tmp = (char *)PR_Malloc(strlen(str) + 1);
+    strcpy(tmp, str);
+    return tmp;
+}
+
+/*************************************************************************/
+/* Strip out quotes, replace escaped characters with what they stand for.
+   This function assumes that what is passed in is actually a complex
+   string, so error checking is lax. */
+static char *
+putComplexString(char *str)
+{
+    int size, i, j;
+    char *tmp;
+
+    if (!str) {
+        return NULL;
+    }
+    size = strlen(str);
+
+    /* Allocate the new space.  This string will actually be too big,
+    since quotes and backslashes will be stripped out.  But that's ok. */
+    tmp = (char *)PR_Malloc(size + 1);
+
+    /* Copy it over */
+    for (i = 0, j = 0; i < size; i++) {
+        if (str[i] == '\"') {
+            continue; /* skip un-escaped quotes */
+        } else if (str[i] == '\\') {
+            ++i; /* escaped character. skip the backslash */
+        }
+        tmp[j++] = str[i];
+    }
+    tmp[j] = '\0';
+
+    return tmp;
+}
diff --git a/nss/cmd/modutil/manifest.mn b/nss/cmd/modutil/manifest.mn
new file mode 100644
index 0000000..a92ca68
--- /dev/null
+++ b/nss/cmd/modutil/manifest.mn
@@ -0,0 +1,34 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = sectools
+
+EXPORTS = 
+
+CSRCS = modutil.c		\
+		pk11.c			\
+		instsec.c		\
+		install.c		\
+		installparse.c		\
+		install-ds.c		\
+		lex.Pk11Install_yy.c	\
+		$(NULL)
+
+CPPSRCS = 
+
+PROGRAM =  modutil
+
+REQUIRES = seccmd nss dbm
+
+DEFINES = -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT
+
+# sigh
+#INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap
+
+# USE_STATIC_LIBS = 1 
+
+EXTRA_LIBS = $(JAR_LIBS)
diff --git a/nss/cmd/modutil/modutil.c b/nss/cmd/modutil/modutil.c
new file mode 100644
index 0000000..02972f7
--- /dev/null
+++ b/nss/cmd/modutil/modutil.c
@@ -0,0 +1,970 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* To edit this file, set TABSTOPS to 4 spaces.
+ * This is not the normal NSS convention.
+ */
+
+#include "modutil.h"
+#include "install.h"
+#include <plstr.h>
+#include "certdb.h" /* for CERT_DB_FILE_VERSION */
+#include "nss.h"
+
+static void install_error(char* message);
+static char* PR_fgets(char* buf, int size, PRFileDesc* file);
+static char* progName;
+
+/* This enum must be kept in sync with the commandNames list */
+typedef enum {
+    NO_COMMAND,
+    ADD_COMMAND,
+    CHANGEPW_COMMAND,
+    CREATE_COMMAND,
+    DEFAULT_COMMAND,
+    DELETE_COMMAND,
+    DISABLE_COMMAND,
+    ENABLE_COMMAND,
+    FIPS_COMMAND,
+    JAR_COMMAND,
+    LIST_COMMAND,
+    RAW_LIST_COMMAND,
+    RAW_ADD_COMMAND,
+    CHKFIPS_COMMAND,
+    UNDEFAULT_COMMAND
+} Command;
+
+/* This list must be kept in sync with the Command enum */
+static char* commandNames[] = {
+    "(no command)",
+    "-add",
+    "-changepw",
+    "-create",
+    "-default",
+    "-delete",
+    "-disable",
+    "-enable",
+    "-fips",
+    "-jar",
+    "-list",
+    "-rawlist",
+    "-rawadd",
+    "-chkfips",
+    "-undefault"
+};
+
+/* this enum must be kept in sync with the optionStrings list */
+typedef enum {
+    ADD_ARG = 0,
+    RAW_ADD_ARG,
+    CHANGEPW_ARG,
+    CIPHERS_ARG,
+    CREATE_ARG,
+    DBDIR_ARG,
+    DBPREFIX_ARG,
+    DEFAULT_ARG,
+    DELETE_ARG,
+    DISABLE_ARG,
+    ENABLE_ARG,
+    FIPS_ARG,
+    FORCE_ARG,
+    JAR_ARG,
+    LIBFILE_ARG,
+    LIST_ARG,
+    RAW_LIST_ARG,
+    MECHANISMS_ARG,
+    NEWPWFILE_ARG,
+    PWFILE_ARG,
+    SLOT_ARG,
+    UNDEFAULT_ARG,
+    INSTALLDIR_ARG,
+    TEMPDIR_ARG,
+    SECMOD_ARG,
+    NOCERTDB_ARG,
+    STRING_ARG,
+    CHKFIPS_ARG,
+
+    NUM_ARGS /* must be last */
+} Arg;
+
+/* This list must be kept in sync with the Arg enum */
+static char* optionStrings[] = {
+    "-add",
+    "-rawadd",
+    "-changepw",
+    "-ciphers",
+    "-create",
+    "-dbdir",
+    "-dbprefix",
+    "-default",
+    "-delete",
+    "-disable",
+    "-enable",
+    "-fips",
+    "-force",
+    "-jar",
+    "-libfile",
+    "-list",
+    "-rawlist",
+    "-mechanisms",
+    "-newpwfile",
+    "-pwfile",
+    "-slot",
+    "-undefault",
+    "-installdir",
+    "-tempdir",
+    "-secmod",
+    "-nocertdb",
+    "-string",
+    "-chkfips",
+};
+
+char* msgStrings[] = {
+    "FIPS mode enabled.\n",
+    "FIPS mode disabled.\n",
+    "Using database directory %s...\n",
+    "Creating \"%s\"...",
+    "Module \"%s\" added to database.\n",
+    "Module \"%s\" deleted from database.\n",
+    "Token \"%s\" password changed successfully.\n",
+    "Incorrect password, try again...\n",
+    "Passwords do not match, try again...\n",
+    "done.\n",
+    "Slot \"%s\" %s.\n",
+    "Successfully changed defaults.\n",
+    "Successfully changed defaults.\n",
+    "\nWARNING: Performing this operation while the browser is running could cause"
+    "\ncorruption of your security databases. If the browser is currently running,"
+    "\nyou should exit browser before continuing this operation. Type "
+    "\n'q <enter>' to abort, or <enter> to continue: ",
+    "\nAborting...\n"
+};
+
+/* Increment i if doing so would have i still be less than j.  If you
+   are able to do this, return 0.  Otherwise return 1. */
+#define TRY_INC(i, j) (((i + 1) < j) ? (++i, 0) : 1)
+
+/********************************************************************
+ *
+ * file-wide variables obtained from the command line
+ */
+static Command command = NO_COMMAND;
+static char* pwFile = NULL;
+static char* newpwFile = NULL;
+static char* moduleName = NULL;
+static char* moduleSpec = NULL;
+static char* slotName = NULL;
+static char* secmodName = NULL;
+static char* tokenName = NULL;
+static char* libFile = NULL;
+static char* dbdir = NULL;
+static char* dbprefix = "";
+static char* secmodString = NULL;
+static char* mechanisms = NULL;
+static char* ciphers = NULL;
+static char* fipsArg = NULL;
+static char* jarFile = NULL;
+static char* installDir = NULL;
+static char* tempDir = NULL;
+static short force = 0;
+static PRBool nocertdb = PR_FALSE;
+
+/*******************************************************************
+ *
+ * p a r s e _ a r g s
+ */
+static Error
+parse_args(int argc, char* argv[])
+{
+    int i;
+    char* arg;
+    int optionType;
+
+    /* Loop over all arguments */
+    for (i = 1; i < argc; i++) {
+        arg = argv[i];
+
+        /* Make sure this is an option and not some floating argument */
+        if (arg[0] != '-') {
+            PR_fprintf(PR_STDERR, errStrings[UNEXPECTED_ARG_ERR], argv[i]);
+            return UNEXPECTED_ARG_ERR;
+        }
+
+        /* Find which option this is */
+        for (optionType = 0; optionType < NUM_ARGS; optionType++) {
+            if (!strcmp(arg, optionStrings[optionType])) {
+                break;
+            }
+        }
+
+        /* Deal with this specific option */
+        switch (optionType) {
+            case NUM_ARGS:
+            default:
+                PR_fprintf(PR_STDERR, errStrings[UNKNOWN_OPTION_ERR], arg);
+                return UNKNOWN_OPTION_ERR;
+                break;
+            case ADD_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = ADD_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                moduleName = argv[i];
+                break;
+            case CHANGEPW_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = CHANGEPW_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                tokenName = argv[i];
+                break;
+            case CIPHERS_ARG:
+                if (ciphers != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                ciphers = argv[i];
+                break;
+            case CREATE_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = CREATE_COMMAND;
+                break;
+            case DBDIR_ARG:
+                if (dbdir != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                dbdir = argv[i];
+                break;
+            case DBPREFIX_ARG:
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                dbprefix = argv[i];
+                break;
+            case UNDEFAULT_ARG:
+            case DEFAULT_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                if (optionType == DEFAULT_ARG) {
+                    command = DEFAULT_COMMAND;
+                } else {
+                    command = UNDEFAULT_COMMAND;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                moduleName = argv[i];
+                break;
+            case DELETE_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = DELETE_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                moduleName = argv[i];
+                break;
+            case DISABLE_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = DISABLE_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                moduleName = argv[i];
+                break;
+            case ENABLE_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = ENABLE_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                moduleName = argv[i];
+                break;
+            case FIPS_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = FIPS_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                fipsArg = argv[i];
+                break;
+            case CHKFIPS_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = CHKFIPS_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                fipsArg = argv[i];
+                break;
+            case FORCE_ARG:
+                force = 1;
+                break;
+            case NOCERTDB_ARG:
+                nocertdb = PR_TRUE;
+                break;
+            case INSTALLDIR_ARG:
+                if (installDir != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                installDir = argv[i];
+                break;
+            case TEMPDIR_ARG:
+                if (tempDir != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                tempDir = argv[i];
+                break;
+            case JAR_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = JAR_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                jarFile = argv[i];
+                break;
+            case LIBFILE_ARG:
+                if (libFile != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                libFile = argv[i];
+                break;
+            case LIST_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = LIST_COMMAND;
+                /* This option may or may not have an argument */
+                if ((i + 1 < argc) && (argv[i + 1][0] != '-')) {
+                    moduleName = argv[++i];
+                }
+                break;
+            case RAW_LIST_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = RAW_LIST_COMMAND;
+                /* This option may or may not have an argument */
+                if ((i + 1 < argc) && (argv[i + 1][0] != '-')) {
+                    moduleName = argv[++i];
+                }
+                break;
+            case RAW_ADD_ARG:
+                if (command != NO_COMMAND) {
+                    PR_fprintf(PR_STDERR, errStrings[MULTIPLE_COMMAND_ERR], arg);
+                    return MULTIPLE_COMMAND_ERR;
+                }
+                command = RAW_ADD_COMMAND;
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                moduleSpec = argv[i];
+                break;
+            case MECHANISMS_ARG:
+                if (mechanisms != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                mechanisms = argv[i];
+                break;
+            case NEWPWFILE_ARG:
+                if (newpwFile != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                newpwFile = argv[i];
+                break;
+            case PWFILE_ARG:
+                if (pwFile != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                pwFile = argv[i];
+                break;
+            case SLOT_ARG:
+                if (slotName != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                slotName = argv[i];
+                break;
+            case SECMOD_ARG:
+                if (secmodName != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                secmodName = argv[i];
+                break;
+            case STRING_ARG:
+                if (secmodString != NULL) {
+                    PR_fprintf(PR_STDERR, errStrings[DUPLICATE_OPTION_ERR], arg);
+                    return DUPLICATE_OPTION_ERR;
+                }
+                if (TRY_INC(i, argc)) {
+                    PR_fprintf(PR_STDERR, errStrings[OPTION_NEEDS_ARG_ERR], arg);
+                    return OPTION_NEEDS_ARG_ERR;
+                }
+                secmodString = argv[i];
+                break;
+        }
+    }
+    return SUCCESS;
+}
+
+/************************************************************************
+ *
+ * v e r i f y _ p a r a m s
+ */
+static Error
+verify_params()
+{
+    switch (command) {
+        case ADD_COMMAND:
+            if (libFile == NULL) {
+                PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+                           commandNames[ADD_COMMAND], optionStrings[LIBFILE_ARG]);
+                return MISSING_PARAM_ERR;
+            }
+            break;
+        case CHANGEPW_COMMAND:
+            break;
+        case CREATE_COMMAND:
+            break;
+        case DELETE_COMMAND:
+            break;
+        case DISABLE_COMMAND:
+            break;
+        case ENABLE_COMMAND:
+            break;
+        case FIPS_COMMAND:
+        case CHKFIPS_COMMAND:
+            if (PL_strcasecmp(fipsArg, "true") &&
+                PL_strcasecmp(fipsArg, "false")) {
+                PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
+                return INVALID_FIPS_ARG;
+            }
+            break;
+        case JAR_COMMAND:
+            if (installDir == NULL) {
+                PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+                           commandNames[JAR_COMMAND], optionStrings[INSTALLDIR_ARG]);
+                return MISSING_PARAM_ERR;
+            }
+            break;
+        case LIST_COMMAND:
+        case RAW_LIST_COMMAND:
+            break;
+        case RAW_ADD_COMMAND:
+            break;
+        case UNDEFAULT_COMMAND:
+        case DEFAULT_COMMAND:
+            if (mechanisms == NULL) {
+                PR_fprintf(PR_STDERR, errStrings[MISSING_PARAM_ERR],
+                           commandNames[command], optionStrings[MECHANISMS_ARG]);
+                return MISSING_PARAM_ERR;
+            }
+            break;
+        default:
+            /* Ignore this here */
+            break;
+    }
+
+    return SUCCESS;
+}
+
+/********************************************************************
+ *
+ * i n i t _ c r y p t o
+ *
+ * Does crypto initialization that all commands will require.
+ * If -nocertdb option is specified, don't open key or cert db (we don't
+ * need them if we aren't going to be verifying signatures).  This is
+ * because serverland doesn't always have cert and key database files
+ * available.
+ *
+ * This function is ill advised. Names and locations of databases are
+ * private to NSS proper. Such functions only confuse other users.
+ *
+ */
+static Error
+check_crypto(PRBool create, PRBool readOnly)
+{
+    char* dir;
+    char* moddbname = NULL;
+    Error retval;
+    static const char multiaccess[] = { "multiaccess:" };
+
+    dir = SECU_ConfigDirectory(dbdir); /* dir is never NULL */
+    if (dir[0] == '\0') {
+        PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]);
+        retval = NO_DBDIR_ERR;
+        goto loser;
+    }
+    if (strncmp(dir, multiaccess, sizeof multiaccess - 1) == 0) {
+        /* won't attempt to handle the multiaccess case. */
+        return SUCCESS;
+    }
+#ifdef notdef
+    /* Make sure db directory exists and is readable */
+    if (PR_Access(dir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+        PR_fprintf(PR_STDERR, errStrings[DIR_DOESNT_EXIST_ERR], dir);
+        retval = DIR_DOESNT_EXIST_ERR;
+        goto loser;
+    } else if (PR_Access(dir, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+        PR_fprintf(PR_STDERR, errStrings[DIR_NOT_READABLE_ERR], dir);
+        retval = DIR_NOT_READABLE_ERR;
+        goto loser;
+    }
+
+    if (secmodName == NULL) {
+        secmodName = "secmod.db";
+    }
+
+    moddbname = PR_smprintf("%s/%s", dir, secmodName);
+    if (!moddbname)
+        return OUT_OF_MEM_ERR;
+
+    /* Check for the proper permissions on databases */
+    if (create) {
+        /* Make sure dbs don't already exist, and the directory is
+            writeable */
+        if (PR_Access(moddbname, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+            PR_fprintf(PR_STDERR, errStrings[FILE_ALREADY_EXISTS_ERR],
+                       moddbname);
+            retval = FILE_ALREADY_EXISTS_ERR;
+            goto loser;
+        } else if (PR_Access(dir, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+            PR_fprintf(PR_STDERR, errStrings[DIR_NOT_WRITEABLE_ERR], dir);
+            retval = DIR_NOT_WRITEABLE_ERR;
+            goto loser;
+        }
+    } else {
+        /* Make sure dbs are readable and writeable */
+        if (PR_Access(moddbname, PR_ACCESS_READ_OK) != PR_SUCCESS) {
+            PR_fprintf(PR_STDERR, errStrings[FILE_NOT_READABLE_ERR], moddbname);
+            retval = FILE_NOT_READABLE_ERR;
+            goto loser;
+        }
+
+        /* Check for write access if we'll be making changes */
+        if (!readOnly) {
+            if (PR_Access(moddbname, PR_ACCESS_WRITE_OK) != PR_SUCCESS) {
+                PR_fprintf(PR_STDERR, errStrings[FILE_NOT_WRITEABLE_ERR],
+                           moddbname);
+                retval = FILE_NOT_WRITEABLE_ERR;
+                goto loser;
+            }
+        }
+        PR_fprintf(PR_STDOUT, msgStrings[USING_DBDIR_MSG],
+                   SECU_ConfigDirectory(NULL));
+    }
+#endif
+    retval = SUCCESS;
+loser:
+    if (moddbname) {
+        PR_Free(moddbname);
+    }
+    return retval;
+}
+
+static Error
+init_crypto(PRBool create, PRBool readOnly)
+{
+
+    PRUint32 flags = 0;
+    SECStatus rv;
+    Error retval;
+    /* Open/create key database */
+
+    if (readOnly)
+        flags |= NSS_INIT_READONLY;
+    if (nocertdb)
+        flags |= NSS_INIT_NOCERTDB;
+    rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
+                        secmodName, flags);
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        retval = NSS_INITIALIZE_FAILED_ERR;
+    } else
+        retval = SUCCESS;
+
+    return retval;
+}
+
+/*************************************************************************
+ *
+ * u s a g e
+ */
+static void
+usage()
+{
+    PR_fprintf(PR_STDOUT,
+               "\nNetscape Cryptographic Module Utility\n"
+               "Usage: modutil [command] [options]\n\n"
+               "                            COMMANDS\n"
+               "---------------------------------------------------------------------------\n"
+               "-add MODULE_NAME                 Add the named module to the module database\n"
+               "   -libfile LIBRARY_FILE         The name of the file (.so or .dll)\n"
+               "                                 containing the implementation of PKCS #11\n"
+               "   [-ciphers CIPHER_LIST]        Enable the given ciphers on this module\n"
+               "   [-mechanisms MECHANISM_LIST]  Make the module a default provider of the\n"
+               "                                 given mechanisms\n"
+               "   [-string CONFIG_STRING]       Pass a configuration string to this module\n"
+               "-changepw TOKEN                  Change the password on the named token\n"
+               "   [-pwfile FILE]                The old password is in this file\n"
+               "   [-newpwfile FILE]             The new password is in this file\n"
+               "-chkfips [ true | false ]        If true, verify  FIPS mode.  If false,\n"
+               "                                 verify not FIPS mode\n"
+               "-create                          Create a new set of security databases\n"
+               "-default MODULE                  Make the given module a default provider\n"
+               "   -mechanisms MECHANISM_LIST    of the given mechanisms\n"
+               "   [-slot SLOT]                  limit change to only the given slot\n"
+               "-delete MODULE                   Remove the named module from the module\n"
+               "                                 database\n"
+               "-disable MODULE                  Disable the named module\n"
+               "   [-slot SLOT]                  Disable only the named slot on the module\n"
+               "-enable MODULE                   Enable the named module\n"
+               "   [-slot SLOT]                  Enable only the named slot on the module\n"
+               "-fips [ true | false ]           If true, enable FIPS mode.  If false,\n"
+               "                                 disable FIPS mode\n"
+               "-force                           Do not run interactively\n"
+               "-jar JARFILE                     Install a PKCS #11 module from the given\n"
+               "                                 JAR file in the PKCS #11 JAR format\n"
+               "   -installdir DIR               Use DIR as the root directory of the\n"
+               "                                 installation\n"
+               "   [-tempdir DIR]                Use DIR as the temporary installation\n"
+               "                                 directory. If not specified, the current\n"
+               "                                 directory is used\n"
+               "-list [MODULE]                   Lists information about the specified module\n"
+               "                                 or about all modules if none is specified\n"
+               "-rawadd MODULESPEC               Add module spec string to secmod DB\n"
+               "-rawlist [MODULE]                Display module spec(s) for one or all\n"
+               "                                 loadable modules\n"
+               "-undefault MODULE                The given module is NOT a default provider\n"
+               "   -mechanisms MECHANISM_LIST    of the listed mechanisms\n"
+               "   [-slot SLOT]                  limit change to only the given slot\n"
+               "---------------------------------------------------------------------------\n"
+               "\n"
+               "                             OPTIONS\n"
+               "---------------------------------------------------------------------------\n"
+               "-dbdir DIR                       Directory DIR contains the security databases\n"
+               "-dbprefix prefix                 Prefix for the security databases\n"
+               "-nocertdb                        Do not load certificate or key databases. No\n"
+               "                                 verification will be performed on JAR files.\n"
+               "-secmod secmodName               Name of the security modules file\n"
+               "---------------------------------------------------------------------------\n"
+               "\n"
+               "Mechanism lists are colon-separated.  The following mechanisms are recognized:\n"
+               "RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,\n"
+               "SSL, TLS, RANDOM, and FRIENDLY\n"
+               "\n"
+               "Cipher lists are colon-separated.  The following ciphers are recognized:\n"
+               "\n"
+               "\nQuestions or bug reports should be sent to modutil-support@netscape.com.\n");
+}
+
+/*************************************************************************
+ *
+ * m a i n
+ */
+int
+main(int argc, char* argv[])
+{
+    int errcode = SUCCESS;
+    PRBool createdb, readOnly;
+#define STDINBUF_SIZE 80
+    char stdinbuf[STDINBUF_SIZE];
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+
+    if (parse_args(argc, argv) != SUCCESS) {
+        usage();
+        errcode = INVALID_USAGE_ERR;
+        goto loser;
+    }
+
+    if (verify_params() != SUCCESS) {
+        usage();
+        errcode = INVALID_USAGE_ERR;
+        goto loser;
+    }
+
+    if (command == NO_COMMAND) {
+        PR_fprintf(PR_STDERR, errStrings[NO_COMMAND_ERR]);
+        usage();
+        errcode = INVALID_USAGE_ERR;
+        goto loser;
+    }
+
+    /* Set up crypto stuff */
+    createdb = command == CREATE_COMMAND;
+    readOnly = ((command == LIST_COMMAND) ||
+                (command == CHKFIPS_COMMAND) ||
+                (command == RAW_LIST_COMMAND));
+
+    /* Make sure browser is not running if we're writing to a database */
+    /* Do this before initializing crypto */
+    if (!readOnly && !force) {
+        char* response;
+
+        PR_fprintf(PR_STDOUT, msgStrings[BROWSER_RUNNING_MSG]);
+        if (!PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
+            PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
+            errcode = STDIN_READ_ERR;
+            goto loser;
+        }
+        if ((response = strtok(stdinbuf, " \r\n\t"))) {
+            if (!PL_strcasecmp(response, "q")) {
+                PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
+                errcode = SUCCESS;
+                goto loser;
+            }
+        }
+        PR_fprintf(PR_STDOUT, "\n");
+    }
+
+    errcode = check_crypto(createdb, readOnly);
+    if (errcode != SUCCESS) {
+        goto loser;
+    }
+
+    if ((command == RAW_LIST_COMMAND) || (command == RAW_ADD_COMMAND)) {
+        if (!moduleName) {
+            char *readOnlyStr, *noCertDBStr, *sep;
+            if (!secmodName)
+                secmodName = "secmod.db";
+            if (!dbprefix)
+                dbprefix = "";
+            sep = ((command == RAW_LIST_COMMAND) && nocertdb) ? "," : " ";
+            readOnlyStr = (command == RAW_LIST_COMMAND) ? "readOnly" : "";
+            noCertDBStr = nocertdb ? "noCertDB" : "";
+            SECU_ConfigDirectory(dbdir);
+
+            moduleName = PR_smprintf(
+                "name=\"NSS default Module DB\" parameters=\"configdir=%s certPrefix=%s "
+                "keyPrefix=%s secmod=%s flags=%s%s%s\" NSS=\"flags=internal,moduleDB,"
+                "moduleDBOnly,critical\"",
+                SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
+                secmodName, readOnlyStr, sep, noCertDBStr);
+        }
+        if (command == RAW_LIST_COMMAND) {
+            errcode = RawListModule(moduleName);
+        } else {
+            PORT_Assert(moduleSpec);
+            errcode = RawAddModule(moduleName, moduleSpec);
+        }
+        goto loser;
+    }
+
+    errcode = init_crypto(createdb, readOnly);
+    if (errcode != SUCCESS) {
+        goto loser;
+    }
+
+    errcode = LoadMechanismList();
+    if (errcode != SUCCESS) {
+        goto loser;
+    }
+
+    /* Execute the command */
+    switch (command) {
+        case ADD_COMMAND:
+            errcode = AddModule(moduleName, libFile, ciphers, mechanisms, secmodString);
+            break;
+        case CHANGEPW_COMMAND:
+            errcode = ChangePW(tokenName, pwFile, newpwFile);
+            break;
+        case CREATE_COMMAND:
+            /* The work was already done in init_crypto() */
+            break;
+        case DEFAULT_COMMAND:
+            errcode = SetDefaultModule(moduleName, slotName, mechanisms);
+            break;
+        case DELETE_COMMAND:
+            errcode = DeleteModule(moduleName);
+            break;
+        case DISABLE_COMMAND:
+            errcode = EnableModule(moduleName, slotName, PR_FALSE);
+            break;
+        case ENABLE_COMMAND:
+            errcode = EnableModule(moduleName, slotName, PR_TRUE);
+            break;
+        case FIPS_COMMAND:
+            errcode = FipsMode(fipsArg);
+            break;
+        case CHKFIPS_COMMAND:
+            errcode = ChkFipsMode(fipsArg);
+            break;
+        case JAR_COMMAND:
+            Pk11Install_SetErrorHandler(install_error);
+            errcode = Pk11Install_DoInstall(jarFile, installDir, tempDir,
+                                            PR_STDOUT, force, nocertdb);
+            break;
+        case LIST_COMMAND:
+            if (moduleName) {
+                errcode = ListModule(moduleName);
+            } else {
+                errcode = ListModules();
+            }
+            break;
+        case UNDEFAULT_COMMAND:
+            errcode = UnsetDefaultModule(moduleName, slotName, mechanisms);
+            break;
+        default:
+            PR_fprintf(PR_STDERR, "This command is not supported yet.\n");
+            errcode = INVALID_USAGE_ERR;
+            break;
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+loser:
+    PR_Cleanup();
+    return errcode;
+}
+
+/************************************************************************
+ *
+ * i n s t a l l _ e r r o r
+ *
+ * Callback function to handle errors in PK11 JAR file installation.
+ */
+static void
+install_error(char* message)
+{
+    PR_fprintf(PR_STDERR, "Install error: %s\n", message);
+}
+
+/*************************************************************************
+ *
+ * o u t _ o f _ m e m o r y
+ */
+void
+out_of_memory(void)
+{
+    PR_fprintf(PR_STDERR, errStrings[OUT_OF_MEM_ERR]);
+    exit(OUT_OF_MEM_ERR);
+}
+
+/**************************************************************************
+ *
+ * P R _ f g e t s
+ *
+ * fgets implemented with NSPR.
+ */
+static char*
+PR_fgets(char* buf, int size, PRFileDesc* file)
+{
+    int i;
+    int status;
+    char c;
+
+    i = 0;
+    while (i < size - 1) {
+        status = PR_Read(file, (void*)&c, 1);
+        if (status == -1) {
+            return NULL;
+        } else if (status == 0) {
+            break;
+        }
+        buf[i++] = c;
+        if (c == '\n') {
+            break;
+        }
+    }
+    buf[i] = '\0';
+
+    return buf;
+}
diff --git a/nss/cmd/modutil/modutil.gyp b/nss/cmd/modutil/modutil.gyp
new file mode 100644
index 0000000..5d0f87a
--- /dev/null
+++ b/nss/cmd/modutil/modutil.gyp
@@ -0,0 +1,44 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'modutil',
+      'type': 'executable',
+      'sources': [
+        'install-ds.c',
+        'install.c',
+        'installparse.c',
+        'instsec.c',
+        'lex.Pk11Install_yy.c',
+        'modutil.c',
+        'pk11.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/lib/jar/jar.gyp:jar',
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '<(nss_private_dist_dir)/nss',
+      '<(nss_private_dist_dir)/dbm'
+    ],
+    'defines': [
+      'NSPR20',
+      'YY_NO_UNPUT',
+      'YY_NO_INPUT'
+    ]
+  },
+  'variables': {
+    'module': 'sectools'
+  }
+}
diff --git a/nss/cmd/modutil/modutil.h b/nss/cmd/modutil/modutil.h
new file mode 100644
index 0000000..127d0d0
--- /dev/null
+++ b/nss/cmd/modutil/modutil.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MODUTIL_H
+#define MODUTIL_H
+
+#include <stdio.h>
+#include <string.h>
+
+#include <prio.h>
+#include <prprf.h>
+#include <prinit.h>
+#include <prlock.h>
+#include <prmem.h>
+#include <plarena.h>
+
+#include "seccomon.h"
+#include "secmod.h"
+#include "secutil.h"
+
+#include "error.h"
+
+Error LoadMechanismList(void);
+Error FipsMode(char *arg);
+Error ChkFipsMode(char *arg);
+Error AddModule(char *moduleName, char *libFile, char *ciphers,
+                char *mechanisms, char *modparms);
+Error DeleteModule(char *moduleName);
+Error ListModule(char *moduleName);
+Error ListModules();
+Error ChangePW(char *tokenName, char *pwFile, char *newpwFile);
+Error EnableModule(char *moduleName, char *slotName, PRBool enable);
+Error RawAddModule(char *dbmodulespec, char *modulespec);
+Error RawListModule(char *modulespec);
+Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
+Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
+void out_of_memory(void);
+
+#endif /*MODUTIL_H*/
diff --git a/nss/cmd/modutil/pk11.c b/nss/cmd/modutil/pk11.c
new file mode 100644
index 0000000..4bc2860
--- /dev/null
+++ b/nss/cmd/modutil/pk11.c
@@ -0,0 +1,960 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* To edit this file, set TABSTOPS to 4 spaces.
+ * This is not the normal NSS convention.
+ */
+
+#include "modutil.h"
+#include "pk11func.h"
+
+/*************************************************************************
+ *
+ * F i p s M o d e
+ * If arg=="true", enable FIPS mode on the internal module.  If arg=="false",
+ * disable FIPS mode on the internal module.
+ */
+Error
+FipsMode(char *arg)
+{
+    char *internal_name;
+
+    if (!PORT_Strcasecmp(arg, "true")) {
+        if (!PK11_IsFIPS()) {
+            internal_name = PR_smprintf("%s",
+                                        SECMOD_GetInternalModule()->commonName);
+            if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
+                PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
+                PR_smprintf_free(internal_name);
+                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+                return FIPS_SWITCH_FAILED_ERR;
+            }
+            PR_smprintf_free(internal_name);
+            if (!PK11_IsFIPS()) {
+                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+                return FIPS_SWITCH_FAILED_ERR;
+            }
+            PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+        } else {
+            PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
+            return FIPS_ALREADY_ON_ERR;
+        }
+    } else if (!PORT_Strcasecmp(arg, "false")) {
+        if (PK11_IsFIPS()) {
+            internal_name = PR_smprintf("%s",
+                                        SECMOD_GetInternalModule()->commonName);
+            if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
+                PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
+                PR_smprintf_free(internal_name);
+                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+                return FIPS_SWITCH_FAILED_ERR;
+            }
+            PR_smprintf_free(internal_name);
+            if (PK11_IsFIPS()) {
+                PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
+                return FIPS_SWITCH_FAILED_ERR;
+            }
+            PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
+        } else {
+            PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]);
+            return FIPS_ALREADY_OFF_ERR;
+        }
+    } else {
+        PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
+        return INVALID_FIPS_ARG;
+    }
+
+    return SUCCESS;
+}
+
+/*************************************************************************
+ *
+ * C h k F i p s M o d e
+ * If arg=="true", verify FIPS mode is enabled on the internal module.
+ * If arg=="false", verify FIPS mode is disabled on the internal module.
+ */
+Error
+ChkFipsMode(char *arg)
+{
+    if (!PORT_Strcasecmp(arg, "true")) {
+        if (PK11_IsFIPS()) {
+            PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+        } else {
+            PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
+            return FIPS_SWITCH_FAILED_ERR;
+        }
+
+    } else if (!PORT_Strcasecmp(arg, "false")) {
+        if (!PK11_IsFIPS()) {
+            PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]);
+        } else {
+            PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
+            return FIPS_SWITCH_FAILED_ERR;
+        }
+    } else {
+        PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]);
+        return INVALID_FIPS_ARG;
+    }
+
+    return SUCCESS;
+}
+
+/************************************************************************
+ * Cipher and Mechanism name-bitmask translation tables
+ */
+
+typedef struct {
+    const char *name;
+    unsigned long mask;
+} MaskString;
+
+static const MaskString cipherStrings[] = {
+    { "FORTEZZA", PUBLIC_CIPHER_FORTEZZA_FLAG }
+};
+static const int numCipherStrings =
+    sizeof(cipherStrings) / sizeof(cipherStrings[0]);
+
+/* Initialized by LoadMechanismList */
+static MaskString *mechanismStrings = NULL;
+static int numMechanismStrings = 0;
+const static PK11DefaultArrayEntry *pk11_DefaultArray = NULL;
+static int pk11_DefaultArraySize = 0;
+
+/* Maximum length of a colon-separated list of all the strings in an
+ * array. */
+#define MAX_STRING_LIST_LEN 240 /* or less */
+
+Error
+LoadMechanismList(void)
+{
+    int i;
+
+    if (pk11_DefaultArray == NULL) {
+        pk11_DefaultArray = PK11_GetDefaultArray(&pk11_DefaultArraySize);
+        if (pk11_DefaultArray == NULL) {
+            /* should assert. This shouldn't happen */
+            return UNSPECIFIED_ERR;
+        }
+    }
+    if (mechanismStrings != NULL) {
+        return SUCCESS;
+    }
+
+    /* build the mechanismStrings array */
+    mechanismStrings = PORT_NewArray(MaskString, pk11_DefaultArraySize);
+    if (mechanismStrings == NULL) {
+        return OUT_OF_MEM_ERR;
+    }
+    numMechanismStrings = pk11_DefaultArraySize;
+    for (i = 0; i < numMechanismStrings; i++) {
+        const char *name = pk11_DefaultArray[i].name;
+        unsigned long flag = pk11_DefaultArray[i].flag;
+        /* map new name to old */
+        switch (flag) {
+            case SECMOD_FORTEZZA_FLAG:
+                name = "FORTEZZA";
+                break;
+            case SECMOD_SHA1_FLAG:
+                name = "SHA1";
+                break;
+            case SECMOD_CAMELLIA_FLAG:
+                name = "CAMELLIA";
+                break;
+            case SECMOD_RANDOM_FLAG:
+                name = "RANDOM";
+                break;
+            case SECMOD_FRIENDLY_FLAG:
+                name = "FRIENDLY";
+                break;
+            default:
+                break;
+        }
+        mechanismStrings[i].name = name;
+        mechanismStrings[i].mask = SECMOD_InternaltoPubMechFlags(flag);
+    }
+    return SUCCESS;
+}
+
+/************************************************************************
+ *
+ * g e t F l a g s F r o m S t r i n g
+ *
+ * Parses a mechanism list passed on the command line and converts it
+ * to an unsigned long bitmask.
+ * string is a colon-separated string of constants
+ * array is an array of MaskStrings.
+ * elements is the number of elements in array.
+ */
+static unsigned long
+getFlagsFromString(char *string, const MaskString array[], int elements)
+{
+    unsigned long ret = 0;
+    short i = 0;
+    char *cp;
+    char *buf;
+    char *end;
+
+    if (!string || !string[0]) {
+        return ret;
+    }
+
+    /* Make a temporary copy of the string */
+    buf = PR_Malloc(strlen(string) + 1);
+    if (!buf) {
+        out_of_memory();
+    }
+    strcpy(buf, string);
+
+    /* Look at each element of the list passed in */
+    for (cp = buf; cp && *cp; cp = (end ? end + 1 : NULL)) {
+        /* Look at the string up to the next colon */
+        end = strchr(cp, ':');
+        if (end) {
+            *end = '\0';
+        }
+
+        /* Find which element this is */
+        for (i = 0; i < elements; i++) {
+            if (!PORT_Strcasecmp(cp, array[i].name)) {
+                break;
+            }
+        }
+        if (i == elements) {
+            /* Skip a bogus string, but print a warning message */
+            PR_fprintf(PR_STDERR, errStrings[INVALID_CONSTANT_ERR], cp);
+            continue;
+        }
+        ret |= array[i].mask;
+    }
+
+    PR_Free(buf);
+    return ret;
+}
+
+/**********************************************************************
+ *
+ * g e t S t r i n g F r o m F l a g s
+ *
+ * The return string's memory is owned by this function.  Copy it
+ * if you need it permanently or you want to change it.
+ */
+static char *
+getStringFromFlags(unsigned long flags, const MaskString array[], int elements)
+{
+    static char buf[MAX_STRING_LIST_LEN];
+    int i;
+    int count = 0;
+
+    buf[0] = '\0';
+    for (i = 0; i < elements; i++) {
+        if (flags & array[i].mask) {
+            ++count;
+            if (count != 1) {
+                strcat(buf, ":");
+            }
+            strcat(buf, array[i].name);
+        }
+    }
+    return buf;
+}
+
+/**********************************************************************
+ *
+ * A d d M o d u l e
+ *
+ * Add the named module, with the given library file, ciphers, and
+ * default mechanism flags
+ */
+Error
+AddModule(char *moduleName, char *libFile, char *cipherString,
+          char *mechanismString, char *modparms)
+{
+    unsigned long ciphers;
+    unsigned long mechanisms;
+    SECStatus status;
+
+    mechanisms =
+        getFlagsFromString(mechanismString, mechanismStrings,
+                           numMechanismStrings);
+    ciphers =
+        getFlagsFromString(cipherString, cipherStrings, numCipherStrings);
+
+    status =
+        SECMOD_AddNewModuleEx(moduleName, libFile,
+                              SECMOD_PubMechFlagstoInternal(mechanisms),
+                              SECMOD_PubCipherFlagstoInternal(ciphers),
+                              modparms, NULL);
+
+    if (status != SECSuccess) {
+        char *errtxt = NULL;
+        PRInt32 copied = 0;
+        if (PR_GetErrorTextLength()) {
+            errtxt = PR_Malloc(PR_GetErrorTextLength() + 1);
+            copied = PR_GetErrorText(errtxt);
+        }
+        if (copied && errtxt) {
+            PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
+                       moduleName, errtxt);
+            PR_Free(errtxt);
+        } else {
+            PR_fprintf(PR_STDERR, errStrings[ADD_MODULE_FAILED_ERR],
+                       moduleName, SECU_Strerror(PORT_GetError()));
+        }
+        return ADD_MODULE_FAILED_ERR;
+    } else {
+        PR_fprintf(PR_STDOUT, msgStrings[ADD_MODULE_SUCCESS_MSG], moduleName);
+        return SUCCESS;
+    }
+}
+
+/***********************************************************************
+ *
+ * D e l e t e M o d u l e
+ *
+ * Deletes the named module from the database.
+ */
+Error
+DeleteModule(char *moduleName)
+{
+    SECStatus status;
+    int type;
+
+    status = SECMOD_DeleteModule(moduleName, &type);
+
+    if (status != SECSuccess) {
+        if (type == SECMOD_FIPS || type == SECMOD_INTERNAL) {
+            PR_fprintf(PR_STDERR, errStrings[DELETE_INTERNAL_ERR]);
+            return DELETE_INTERNAL_ERR;
+        } else {
+            PR_fprintf(PR_STDERR, errStrings[DELETE_FAILED_ERR], moduleName);
+            return DELETE_FAILED_ERR;
+        }
+    }
+
+    PR_fprintf(PR_STDOUT, msgStrings[DELETE_SUCCESS_MSG], moduleName);
+    return SUCCESS;
+}
+
+/************************************************************************
+ *
+ * R a w L i s t M o d u l e s
+ *
+ * Lists all the modules in the database, along with their slots and tokens.
+ */
+Error
+RawListModule(char *modulespec)
+{
+    SECMODModule *module;
+    char **moduleSpecList;
+
+    module = SECMOD_LoadModule(modulespec, NULL, PR_FALSE);
+    if (module == NULL) {
+        /* handle error */
+        return NO_SUCH_MODULE_ERR;
+    }
+
+    moduleSpecList = SECMOD_GetModuleSpecList(module);
+    if (!moduleSpecList || !moduleSpecList[0]) {
+        SECU_PrintError("modutil",
+                        "no specs in secmod DB");
+        return NO_SUCH_MODULE_ERR;
+    }
+
+    for (; *moduleSpecList; moduleSpecList++) {
+        printf("%s\n\n", *moduleSpecList);
+    }
+
+    return SUCCESS;
+}
+
+Error
+RawAddModule(char *dbmodulespec, char *modulespec)
+{
+    SECMODModule *module;
+    SECMODModule *dbmodule;
+
+    dbmodule = SECMOD_LoadModule(dbmodulespec, NULL, PR_TRUE);
+    if (dbmodule == NULL) {
+        /* handle error */
+        return NO_SUCH_MODULE_ERR;
+    }
+
+    module = SECMOD_LoadModule(modulespec, dbmodule, PR_FALSE);
+    if (module == NULL) {
+        /* handle error */
+        return NO_SUCH_MODULE_ERR;
+    }
+
+    if (SECMOD_UpdateModule(module) != SECSuccess) {
+        PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], modulespec);
+        return UPDATE_MOD_FAILED_ERR;
+    }
+    return SUCCESS;
+}
+
+static void
+printModule(SECMODModule *module, int *count)
+{
+    int slotCount = module->loaded ? module->slotCount : 0;
+    int i;
+
+    if ((*count)++) {
+        PR_fprintf(PR_STDOUT, "\n");
+    }
+    PR_fprintf(PR_STDOUT, "%3d. %s\n", *count, module->commonName);
+
+    if (module->dllName) {
+        PR_fprintf(PR_STDOUT, "\tlibrary name: %s\n", module->dllName);
+    }
+
+    if (slotCount == 0) {
+        PR_fprintf(PR_STDOUT,
+                   "\t slots: There are no slots attached to this module\n");
+    } else {
+        PR_fprintf(PR_STDOUT, "\t slots: %d slot%s attached\n",
+                   slotCount, (slotCount == 1 ? "" : "s"));
+    }
+
+    if (module->loaded == 0) {
+        PR_fprintf(PR_STDOUT, "\tstatus: Not loaded\n");
+    } else {
+        PR_fprintf(PR_STDOUT, "\tstatus: loaded\n");
+    }
+
+    /* Print slot and token names */
+    for (i = 0; i < slotCount; i++) {
+        PK11SlotInfo *slot = module->slots[i];
+
+        PR_fprintf(PR_STDOUT, "\n");
+        PR_fprintf(PR_STDOUT, "\t slot: %s\n", PK11_GetSlotName(slot));
+        PR_fprintf(PR_STDOUT, "\ttoken: %s\n", PK11_GetTokenName(slot));
+    }
+    return;
+}
+
+/************************************************************************
+ *
+ * L i s t M o d u l e s
+ *
+ * Lists all the modules in the database, along with their slots and tokens.
+ */
+Error
+ListModules()
+{
+    SECMODListLock *lock;
+    SECMODModuleList *list;
+    SECMODModuleList *deadlist;
+    SECMODModuleList *mlp;
+    Error ret = UNSPECIFIED_ERR;
+    int count = 0;
+
+    lock = SECMOD_GetDefaultModuleListLock();
+    if (!lock) {
+        PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
+        return NO_LIST_LOCK_ERR;
+    }
+
+    SECMOD_GetReadLock(lock);
+
+    list = SECMOD_GetDefaultModuleList();
+    deadlist = SECMOD_GetDeadModuleList();
+    if (!list && !deadlist) {
+        PR_fprintf(PR_STDERR, errStrings[NO_MODULE_LIST_ERR]);
+        ret = NO_MODULE_LIST_ERR;
+        goto loser;
+    }
+
+    PR_fprintf(PR_STDOUT,
+               "\nListing of PKCS #11 Modules\n"
+               "-----------------------------------------------------------\n");
+
+    for (mlp = list; mlp != NULL; mlp = mlp->next) {
+        printModule(mlp->module, &count);
+    }
+    for (mlp = deadlist; mlp != NULL; mlp = mlp->next) {
+        printModule(mlp->module, &count);
+    }
+
+    PR_fprintf(PR_STDOUT,
+               "-----------------------------------------------------------\n");
+
+    ret = SUCCESS;
+
+loser:
+    SECMOD_ReleaseReadLock(lock);
+    return ret;
+}
+
+/* Strings describing PK11DisableReasons */
+static char *disableReasonStr[] = {
+    "no reason",
+    "user disabled",
+    "could not initialize token",
+    "could not verify token",
+    "token not present"
+};
+static size_t numDisableReasonStr =
+    sizeof(disableReasonStr) / sizeof(disableReasonStr[0]);
+
+/***********************************************************************
+ *
+ * L i s t M o d u l e
+ *
+ * Lists detailed information about the named module.
+ */
+Error
+ListModule(char *moduleName)
+{
+    SECMODModule *module = NULL;
+    PK11SlotInfo *slot;
+    int slotnum;
+    CK_INFO modinfo;
+    CK_SLOT_INFO slotinfo;
+    CK_TOKEN_INFO tokeninfo;
+    char *ciphers, *mechanisms;
+    size_t reasonIdx;
+    Error rv = SUCCESS;
+
+    if (!moduleName) {
+        return SUCCESS;
+    }
+
+    module = SECMOD_FindModule(moduleName);
+    if (!module) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+        rv = NO_SUCH_MODULE_ERR;
+        goto loser;
+    }
+
+    if ((module->loaded) &&
+        (PK11_GetModInfo(module, &modinfo) != SECSuccess)) {
+        PR_fprintf(PR_STDERR, errStrings[MOD_INFO_ERR], moduleName);
+        rv = MOD_INFO_ERR;
+        goto loser;
+    }
+
+    /* Module info */
+    PR_fprintf(PR_STDOUT,
+               "\n-----------------------------------------------------------\n");
+    PR_fprintf(PR_STDOUT, "Name: %s\n", module->commonName);
+    if (module->internal || !module->dllName) {
+        PR_fprintf(PR_STDOUT, "Library file: **Internal ONLY module**\n");
+    } else {
+        PR_fprintf(PR_STDOUT, "Library file: %s\n", module->dllName);
+    }
+
+    if (module->loaded) {
+        PR_fprintf(PR_STDOUT, "Manufacturer: %.32s\n", modinfo.manufacturerID);
+        PR_fprintf(PR_STDOUT, "Description: %.32s\n", modinfo.libraryDescription);
+        PR_fprintf(PR_STDOUT, "PKCS #11 Version %d.%d\n",
+                   modinfo.cryptokiVersion.major, modinfo.cryptokiVersion.minor);
+        PR_fprintf(PR_STDOUT, "Library Version: %d.%d\n",
+                   modinfo.libraryVersion.major, modinfo.libraryVersion.minor);
+    } else {
+        PR_fprintf(PR_STDOUT, "* Module not loaded\n");
+    }
+    /* Get cipher and mechanism flags */
+    ciphers = getStringFromFlags(module->ssl[0], cipherStrings,
+                                 numCipherStrings);
+    if (ciphers[0] == '\0') {
+        ciphers = "None";
+    }
+    PR_fprintf(PR_STDOUT, "Cipher Enable Flags: %s\n", ciphers);
+    mechanisms = NULL;
+    if (module->slotCount > 0) {
+        mechanisms = getStringFromFlags(
+            PK11_GetDefaultFlags(module->slots[0]),
+            mechanismStrings, numMechanismStrings);
+    }
+    if ((mechanisms == NULL) || (mechanisms[0] == '\0')) {
+        mechanisms = "None";
+    }
+    PR_fprintf(PR_STDOUT, "Default Mechanism Flags: %s\n", mechanisms);
+
+#define PAD "  "
+
+    /* Loop over each slot */
+    for (slotnum = 0; slotnum < module->slotCount; slotnum++) {
+        slot = module->slots[slotnum];
+        if (PK11_GetSlotInfo(slot, &slotinfo) != SECSuccess) {
+            PR_fprintf(PR_STDERR, errStrings[SLOT_INFO_ERR],
+                       PK11_GetSlotName(slot));
+            rv = SLOT_INFO_ERR;
+            continue;
+        }
+
+        /* Slot Info */
+        PR_fprintf(PR_STDOUT, "\n" PAD "Slot: %s\n", PK11_GetSlotName(slot));
+        mechanisms = getStringFromFlags(PK11_GetDefaultFlags(slot),
+                                        mechanismStrings, numMechanismStrings);
+        if (mechanisms[0] == '\0') {
+            mechanisms = "None";
+        }
+        PR_fprintf(PR_STDOUT, PAD "Slot Mechanism Flags: %s\n", mechanisms);
+        PR_fprintf(PR_STDOUT, PAD "Manufacturer: %.32s\n",
+                   slotinfo.manufacturerID);
+        if (PK11_IsHW(slot)) {
+            PR_fprintf(PR_STDOUT, PAD "Type: Hardware\n");
+        } else {
+            PR_fprintf(PR_STDOUT, PAD "Type: Software\n");
+        }
+        PR_fprintf(PR_STDOUT, PAD "Version Number: %d.%d\n",
+                   slotinfo.hardwareVersion.major, slotinfo.hardwareVersion.minor);
+        PR_fprintf(PR_STDOUT, PAD "Firmware Version: %d.%d\n",
+                   slotinfo.firmwareVersion.major, slotinfo.firmwareVersion.minor);
+        if (PK11_IsDisabled(slot)) {
+            reasonIdx = PK11_GetDisabledReason(slot);
+            if (reasonIdx < numDisableReasonStr) {
+                PR_fprintf(PR_STDOUT, PAD "Status: DISABLED (%s)\n",
+                           disableReasonStr[reasonIdx]);
+            } else {
+                PR_fprintf(PR_STDOUT, PAD "Status: DISABLED\n");
+            }
+        } else {
+            PR_fprintf(PR_STDOUT, PAD "Status: Enabled\n");
+        }
+
+        if (PK11_GetTokenInfo(slot, &tokeninfo) != SECSuccess) {
+            PR_fprintf(PR_STDERR, errStrings[TOKEN_INFO_ERR],
+                       PK11_GetTokenName(slot));
+            rv = TOKEN_INFO_ERR;
+            continue;
+        }
+
+        /* Token Info */
+        PR_fprintf(PR_STDOUT, PAD "Token Name: %.32s\n",
+                   tokeninfo.label);
+        PR_fprintf(PR_STDOUT, PAD "Token Manufacturer: %.32s\n",
+                   tokeninfo.manufacturerID);
+        PR_fprintf(PR_STDOUT, PAD "Token Model: %.16s\n", tokeninfo.model);
+        PR_fprintf(PR_STDOUT, PAD "Token Serial Number: %.16s\n",
+                   tokeninfo.serialNumber);
+        PR_fprintf(PR_STDOUT, PAD "Token Version: %d.%d\n",
+                   tokeninfo.hardwareVersion.major, tokeninfo.hardwareVersion.minor);
+        PR_fprintf(PR_STDOUT, PAD "Token Firmware Version: %d.%d\n",
+                   tokeninfo.firmwareVersion.major, tokeninfo.firmwareVersion.minor);
+        if (tokeninfo.flags & CKF_WRITE_PROTECTED) {
+            PR_fprintf(PR_STDOUT, PAD "Access: Write Protected\n");
+        } else {
+            PR_fprintf(PR_STDOUT, PAD "Access: NOT Write Protected\n");
+        }
+        if (tokeninfo.flags & CKF_LOGIN_REQUIRED) {
+            PR_fprintf(PR_STDOUT, PAD "Login Type: Login required\n");
+        } else {
+            PR_fprintf(PR_STDOUT, PAD
+                       "Login Type: Public (no login required)\n");
+        }
+        if (tokeninfo.flags & CKF_USER_PIN_INITIALIZED) {
+            PR_fprintf(PR_STDOUT, PAD "User Pin: Initialized\n");
+        } else {
+            PR_fprintf(PR_STDOUT, PAD "User Pin: NOT Initialized\n");
+        }
+    }
+    PR_fprintf(PR_STDOUT,
+               "\n-----------------------------------------------------------\n");
+loser:
+    if (module) {
+        SECMOD_DestroyModule(module);
+    }
+    return rv;
+}
+
+/************************************************************************
+ *
+ * C h a n g e P W
+ */
+Error
+ChangePW(char *tokenName, char *pwFile, char *newpwFile)
+{
+    char *oldpw = NULL, *newpw = NULL, *newpw2 = NULL;
+    PK11SlotInfo *slot;
+    Error ret = UNSPECIFIED_ERR;
+    PRBool matching;
+
+    slot = PK11_FindSlotByName(tokenName);
+    if (!slot) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_TOKEN_ERR], tokenName);
+        return NO_SUCH_TOKEN_ERR;
+    }
+
+    /* Get old password */
+    if (!PK11_NeedUserInit(slot)) {
+        if (pwFile) {
+            oldpw = SECU_FilePasswd(NULL, PR_FALSE, pwFile);
+            if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
+                PR_fprintf(PR_STDERR, errStrings[BAD_PW_ERR]);
+                ret = BAD_PW_ERR;
+                goto loser;
+            }
+        } else {
+            for (matching = PR_FALSE; !matching;) {
+                oldpw = SECU_GetPasswordString(NULL, "Enter old password: ");
+                if (PK11_CheckUserPassword(slot, oldpw) == SECSuccess) {
+                    matching = PR_TRUE;
+                } else {
+                    PR_fprintf(PR_STDOUT, msgStrings[BAD_PW_MSG]);
+                }
+            }
+        }
+    }
+
+    /* Get new password */
+    if (newpwFile) {
+        newpw = SECU_FilePasswd(NULL, PR_FALSE, newpwFile);
+    } else {
+        for (matching = PR_FALSE; !matching;) {
+            newpw = SECU_GetPasswordString(NULL, "Enter new password: ");
+            newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
+            if (strcmp(newpw, newpw2)) {
+                PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
+                PORT_ZFree(newpw, strlen(newpw));
+                PORT_ZFree(newpw2, strlen(newpw2));
+            } else {
+                matching = PR_TRUE;
+            }
+        }
+    }
+
+    /* Change the password */
+    if (PK11_NeedUserInit(slot)) {
+        if (PK11_InitPin(slot, NULL /*ssopw*/, newpw) != SECSuccess) {
+            PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
+            ret = CHANGEPW_FAILED_ERR;
+            goto loser;
+        }
+    } else {
+        if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
+            PR_fprintf(PR_STDERR, errStrings[CHANGEPW_FAILED_ERR], tokenName);
+            ret = CHANGEPW_FAILED_ERR;
+            goto loser;
+        }
+    }
+
+    PR_fprintf(PR_STDOUT, msgStrings[CHANGEPW_SUCCESS_MSG], tokenName);
+    ret = SUCCESS;
+
+loser:
+    if (oldpw) {
+        PORT_ZFree(oldpw, strlen(oldpw));
+    }
+    if (newpw) {
+        PORT_ZFree(newpw, strlen(newpw));
+    }
+    if (newpw2) {
+        PORT_ZFree(newpw2, strlen(newpw2));
+    }
+    PK11_FreeSlot(slot);
+
+    return ret;
+}
+
+/***********************************************************************
+ *
+ * E n a b l e M o d u l e
+ *
+ * If enable==PR_TRUE, enables the module or slot.
+ * If enable==PR_FALSE, disables the module or slot.
+ * moduleName is the name of the module.
+ * slotName is the name of the slot.  It is optional.
+ */
+Error
+EnableModule(char *moduleName, char *slotName, PRBool enable)
+{
+    int i;
+    SECMODModule *module = NULL;
+    PK11SlotInfo *slot = NULL;
+    PRBool found = PR_FALSE;
+    Error rv;
+
+    module = SECMOD_FindModule(moduleName);
+    if (!module) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+        rv = NO_SUCH_MODULE_ERR;
+        goto loser;
+    }
+
+    for (i = 0; i < module->slotCount; i++) {
+        slot = module->slots[i];
+        if (slotName && strcmp(PK11_GetSlotName(slot), slotName)) {
+            /* Not the right slot */
+            continue;
+        }
+        if (enable) {
+            if (!PK11_UserEnableSlot(slot)) {
+                PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
+                           "enable", PK11_GetSlotName(slot));
+                rv = ENABLE_FAILED_ERR;
+                goto loser;
+            } else {
+                found = PR_TRUE;
+                PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
+                           PK11_GetSlotName(slot), "enabled");
+            }
+        } else {
+            if (!PK11_UserDisableSlot(slot)) {
+                PR_fprintf(PR_STDERR, errStrings[ENABLE_FAILED_ERR],
+                           "disable", PK11_GetSlotName(slot));
+                rv = ENABLE_FAILED_ERR;
+                goto loser;
+            } else {
+                found = PR_TRUE;
+                PR_fprintf(PR_STDOUT, msgStrings[ENABLE_SUCCESS_MSG],
+                           PK11_GetSlotName(slot), "disabled");
+            }
+        }
+    }
+
+    if (slotName && !found) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
+        rv = NO_SUCH_SLOT_ERR;
+        goto loser;
+    }
+
+    /* Delete and re-add module to save changes */
+    if (SECMOD_UpdateModule(module) != SECSuccess) {
+        PR_fprintf(PR_STDERR, errStrings[UPDATE_MOD_FAILED_ERR], moduleName);
+        rv = UPDATE_MOD_FAILED_ERR;
+        goto loser;
+    }
+
+    rv = SUCCESS;
+loser:
+    if (module) {
+        SECMOD_DestroyModule(module);
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ * S e t D e f a u l t M o d u l e
+ *
+ */
+Error
+SetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
+{
+    SECMODModule *module = NULL;
+    PK11SlotInfo *slot;
+    int s, i;
+    unsigned long mechFlags = getFlagsFromString(mechanisms, mechanismStrings,
+                                                 numMechanismStrings);
+    PRBool found = PR_FALSE;
+    Error errcode = UNSPECIFIED_ERR;
+
+    mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
+
+    module = SECMOD_FindModule(moduleName);
+    if (!module) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+        errcode = NO_SUCH_MODULE_ERR;
+        goto loser;
+    }
+
+    /* Go through each slot */
+    for (s = 0; s < module->slotCount; s++) {
+        slot = module->slots[s];
+
+        if ((slotName != NULL) &&
+            !((strcmp(PK11_GetSlotName(slot), slotName) == 0) ||
+              (strcmp(PK11_GetTokenName(slot), slotName) == 0))) {
+            /* we are only interested in changing the one slot */
+            continue;
+        }
+
+        found = PR_TRUE;
+
+        /* Go through each mechanism */
+        for (i = 0; i < pk11_DefaultArraySize; i++) {
+            if (pk11_DefaultArray[i].flag & mechFlags) {
+                /* Enable this default mechanism */
+                PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
+                                         PR_TRUE);
+            }
+        }
+    }
+    if (slotName && !found) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
+        errcode = NO_SUCH_SLOT_ERR;
+        goto loser;
+    }
+
+    /* Delete and re-add module to save changes */
+    if (SECMOD_UpdateModule(module) != SECSuccess) {
+        PR_fprintf(PR_STDERR, errStrings[DEFAULT_FAILED_ERR],
+                   moduleName);
+        errcode = DEFAULT_FAILED_ERR;
+        goto loser;
+    }
+
+    PR_fprintf(PR_STDOUT, msgStrings[DEFAULT_SUCCESS_MSG]);
+
+    errcode = SUCCESS;
+loser:
+    if (module) {
+        SECMOD_DestroyModule(module);
+    }
+    return errcode;
+}
+
+/************************************************************************
+ *
+ * U n s e t D e f a u l t M o d u l e
+ */
+Error
+UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms)
+{
+    SECMODModule *module = NULL;
+    PK11SlotInfo *slot;
+    int s, i;
+    unsigned long mechFlags = getFlagsFromString(mechanisms,
+                                                 mechanismStrings, numMechanismStrings);
+    PRBool found = PR_FALSE;
+    Error rv;
+
+    mechFlags = SECMOD_PubMechFlagstoInternal(mechFlags);
+
+    module = SECMOD_FindModule(moduleName);
+    if (!module) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_MODULE_ERR], moduleName);
+        rv = NO_SUCH_MODULE_ERR;
+        goto loser;
+    }
+
+    for (s = 0; s < module->slotCount; s++) {
+        slot = module->slots[s];
+        if ((slotName != NULL) &&
+            !((strcmp(PK11_GetSlotName(slot), slotName) == 0) ||
+              (strcmp(PK11_GetTokenName(slot), slotName) == 0))) {
+            /* we are only interested in changing the one slot */
+            continue;
+        }
+        for (i = 0; i < pk11_DefaultArraySize; i++) {
+            if (pk11_DefaultArray[i].flag & mechFlags) {
+                PK11_UpdateSlotAttribute(slot, &(pk11_DefaultArray[i]),
+                                         PR_FALSE);
+            }
+        }
+    }
+    if (slotName && !found) {
+        PR_fprintf(PR_STDERR, errStrings[NO_SUCH_SLOT_ERR], slotName);
+        rv = NO_SUCH_SLOT_ERR;
+        goto loser;
+    }
+
+    /* Delete and re-add module to save changes */
+    if (SECMOD_UpdateModule(module) != SECSuccess) {
+        PR_fprintf(PR_STDERR, errStrings[UNDEFAULT_FAILED_ERR],
+                   moduleName);
+        rv = UNDEFAULT_FAILED_ERR;
+        goto loser;
+    }
+
+    PR_fprintf(PR_STDOUT, msgStrings[UNDEFAULT_SUCCESS_MSG]);
+    rv = SUCCESS;
+loser:
+    if (module) {
+        SECMOD_DestroyModule(module);
+    }
+    return rv;
+}
diff --git a/nss/cmd/modutil/pk11jar.html b/nss/cmd/modutil/pk11jar.html
new file mode 100644
index 0000000..bb50b8f
--- /dev/null
+++ b/nss/cmd/modutil/pk11jar.html
@@ -0,0 +1,279 @@
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<head>
+<title>PKCS #11 JAR Format</title>
+</head>
+<body bgcolor=white text=black link=blue vlink=purple alink=red>
+<center><h1>PKCS #11 JAR Format</h1></center>
+
+<p>PKCS #11 modules can be packaged into JAR files that support automatic
+installation onto the filesystem and into the security module database.
+The JAR file should contain:
+<ul>
+<li>All files that will be installed onto the target machine.  This will
+include at least the PKCS #11 module library file (.DLL or .so), and
+may also include any other file that should be installed (such as
+documentation).
+<li>A script to perform the installation.
+</ul>
+The script can be in one of two forms. If the JAR file is to be
+run by Communicator (or any program that interprets Javascript), the
+instructions will be in the form of a SmartUpdate script.
+<a href="http://devedge/library/documentation/security/jmpkcs/">Documentation
+</a> on creating this script can be found on DevEdge.
+
+<p>If the
+JAR file is to be run by a server, modutil, or any other program that
+doesn't interpret Javascript, a special information file must be included
+in the format described in this document.
+
+<h2>Declaring the Script in the Manifest File</h2>
+The script can have any name, but it must be declared in the manifest file
+of the JAR archive.  The metainfo tag for this is
+<code>Pkcs11_install_script</code>.  Meta-information is put in the manifest
+file by putting it in a file which is passed to
+<a href="http://developer.netscape.com/software/index_frame.html?content=signedobj/jarpack.html#signtool1.3">Signtool</a>.  For example,
+suppose the PKCS #11 installer script is in the file <code>pk11install</code>.
+In Signtool's metainfo file, you would have a line like this:
+<blockquote><pre>
++ Pkcs11_install_script: pk11install
+</pre></blockquote>
+
+<h2>Sample Script File</h2>
+<blockquote><pre>
+ForwardCompatible { IRIX:6.2:mips Solaris:5.5.1:sparc }
+Platforms {
+	WINNT::x86 {
+		ModuleName { "Fortezza Module" }
+		ModuleFile { win32/fort32.dll }
+		DefaultMechanismFlags{0x0001}
+		DefaultCipherFlags{0x0001}
+		Files {
+			win32/setup.exe {
+				Executable
+				RelativePath { %temp%/setup.exe }
+			}
+			win32/setup.hlp {
+				RelativePath { %temp%/setup.hlp }
+			}
+			win32/setup.cab {
+				RelativePath { %temp%/setup.cab }
+			}
+		}
+	}
+	WIN95::x86 {
+		EquivalentPlatform {WINNT::x86}
+	}
+	Solaris:5.5.1:sparc {
+		ModuleName { "Fortezza UNIX Module" }
+		ModuleFile { unix/fort.so }
+		DefaultMechanismFlags{0x0001}
+		CipherEnableFlags{0x0001}
+		Files {
+			unix/fort.so {
+				RelativePath{%root%/lib/fort.so}
+				AbsolutePath{/usr/local/netscape/lib/fort.so}
+				FilePermissions{555}
+			}
+			xplat/instr.html {
+				RelativePath{%root%/docs/inst.html}
+				AbsolutePath{/usr/local/netscape/docs/inst.html}
+				FilePermissions{555}
+			}
+		}
+	}
+	IRIX:6.2:mips {
+		EquivalentPlatform { Solaris:5.5.1:sparc }
+	}
+}
+</pre></blockquote>
+
+<hr>
+
+<h2>Script File Grammar</h2>
+<blockquote><pre>
+--> <i>valuelist</i>
+
+<i>valuelist</i> --> <i>value</i> <i>valuelist</i>
+<i>         </i>     <i>&lt;null&gt;</i>
+
+<i>value</i> --> <i>key_value_pair</i>
+<i>     </i>     <i>string</i>
+
+<i>key_value_pair</i> --> <i>key</i> { <i>valuelist</i> }
+
+<i>key</i> --> <i>string</i>
+
+<i>string</i> --> <i>simple_string</i>
+<i>      </i>     "<i>complex_string</i>"
+
+<i>simple_string</i> --> [^ \t\n\""{""}"]+ <font size=-1><i>(no whitespace, quotes, or braces)</i></font>
+
+<i>complex_string</i> --> ([^\"\\\r\n]|(\\\")|(\\\\))+ <font size=-1><i>(quotes and backslashes must be escaped with a backslash, no newlines or carriage returns are allowed in the string)</i></font>
+</pre></blockquote>
+Outside of complex strings, all whitespace (space, tab, newline) is considered
+equal and is used only to delimit tokens. 
+
+<hr>
+
+<h2>Keys</h2>
+Keys are case-insensitive.
+<h3>Global Keys</h3>
+<dl>
+<dt><code>ForwardCompatible</code>
+<dd>Gives a list of platforms that are forward compatible.  If the current
+platform cannot be found in the list of supported platforms, then the
+ForwardCompatible list will be checked for any platforms that have the same
+OS and architecture and an earlier version. If one is found, its
+attributes will be used for the current platform.
+<dt><code>Platforms</code> (<i>required</i>)
+<dd>Gives a list of platforms.  Each entry in the list is itself a key-value
+pair:
+the key is the name of the platform, and the valuelist contains various
+attributes of the platform. The ModuleName, ModuleFile, and Files attributes
+must be specified, unless an EquivalentPlatform attribute is specified. 
+The platform string is in the following
+format: <u><i>system name</i></u>:<u><i>os release</i></u>:<u><i>architecture</i></u>. The installer
+will obtain these values from NSPR. <u><i>os release</i></u> is an empty
+string on non-UNIX operating systems.  The following system names and platforms
+are currently defined by NSPR:<code>
+<ul>
+<li>AIX (rs6000)
+<li>BSDI (x86)
+<li>FREEBSD (x86)
+<li>HPUX (hppa1.1)
+<li>IRIX (mips)
+<li>LINUX (ppc, alpha, x86)
+<li>MacOS (PowerPC) </code>(<i>Note: NSPR actually defines the OS as
+"</i><code>Mac OS</code><i>".  The
+space makes the name unsuitable for being embedded in identifiers.  Until
+NSPR changes, you will have to add some special code to deal with this case.
+</i>)<code>
+<li>NCR (x86)
+<li>NEC (mips)
+<li>OS2 (x86)
+<li>OSF (alpha)
+<li>ReliantUNIX (mips)
+<li>SCO (x86)
+<li>SOLARIS (sparc)
+<li>SONY (mips)
+<li>SUNOS (sparc)
+<li>UnixWare (x86)
+<li>WIN95 (x86)
+<li>WINNT (x86)
+</ul>
+</code>
+Examples of valid platform strings: <code>IRIX:6.2:mips, Solaris:5.5.1:sparc,
+Linux:2.0.32:x86, WIN95::x86</code>.
+</dl>
+
+<h3>Per-Platform Keys</h3>
+These keys only have meaning within the value list of an entry in 
+the <code>Platforms</code> list.
+<dl>
+<dt><code>ModuleName</code> (<i>required</i>)
+<dd>Gives the common name for the module. This name will be used to 
+reference the module from Communicator, modutil, servers, or any other
+program that uses the Netscape security module database.
+<dt><code>ModuleFile</code> (<i>required</i>)
+<dd>Names the PKCS #11 module file (DLL or .so) for this platform.  The name
+is given as the relative path of the file within the JAR archive.
+<dt><code>Files</code> (<i>required</i>)
+<dd>Lists the files that should be installed for this module.  Each entry
+in the file list is a key-value pair: the key is the path of the file in
+the JAR archive, and 
+the valuelist contains attributes of the file.  At least RelativePath and
+AbsoluteDir must be specified in this valuelist.
+<dt><code>DefaultMechanismFlags</code>
+<dd>This key-value pair specifies
+of which mechanisms this module will be a default provider. It is a bitstring
+specified in hexadecimal (0x) format.  It is constructed as a bitwise OR
+of the following constants. If the <code>DefaultMechanismFlags</code>
+entry is omitted, the value will default to 0x0.
+<blockquote><pre>
+RSA:			0x0000 0001
+DSA:			0x0000 0002
+RC2:			0x0000 0004
+RC4:			0x0000 0008
+DES:			0x0000 0010
+DH:			0x0000 0020
+FORTEZZA:		0x0000 0040
+RC5:			0x0000 0080
+SHA1:			0x0000 0100
+MD5:			0x0000 0200
+MD2:			0x0000 0400
+RANDOM:			0x0800 0000
+FRIENDLY:		0x1000 0000
+OWN_PW_DEFAULTS:	0x2000 0000
+DISABLE:		0x4000 0000
+</pre></blockquote>
+<dt><code>CipherEnableFlags</code>
+<dd>This key-value pair specifies
+which SSL ciphers will be enabled.  It is a bitstring specified in
+hexadecimal (0x) format.  It is constructed as a bitwise OR of the following
+constants.  If the <code>CipherEnableFlags</code> entry is omitted, the
+value will default to 0x0.
+<blockquote><pre>
+FORTEZZA:		0x0000 0001
+</pre></blockquote>
+<dt><code>EquivalentPlatform</code>
+<dd>Specifies that the attributes of the named platform should also be used
+for the current platform. Saves typing when there is more than one platform
+that uses the same settings.
+</dl>
+
+<h3>Per-File Keys</h3>
+These keys only have meaning within the valuelist of an entry in a
+<code>Files</code> list. At least one of <code>RelativePath</code> and
+<code>AbsolutePath</code> must be specified.  If both are specified, the
+relative path will be tried first and the absolute path used only if no
+relative root directory is provided by the installer program.
+<dl>
+<dt><code>RelativePath</code>
+<dd>Specifies the destination directory of the file, relative to some directory
+decided at install-time.  Two variables can be used in the relative
+path, "%root%" and "%temp%".  "%root%" will be replaced at run-time with
+the directory relative to which files should be installed; for
+example, it may be the server's root directory or Communicator's root
+directory. "%temp%" is a directory that will be created at the beginning
+of the installation and destroyed at the end of the installation. Its purpose
+is to hold executable files (such as setup programs), or files that are
+used by these programs.  For example, a Windows installation might consist
+of a <code>setup.exe</code> installation program, a help file, and a .cab file
+containing compressed information. All these files could be installed into the
+temporary directory. Files destined for the temporary directory are guaranteed
+to be in place before any executable file is run, and will not be deleted
+until all executable files have finished.
+<dt><code>AbsoluteDir</code>
+<dd>Specifies the destination directory of the file as an absolute path.
+This will only be used if the installer is unable to determine a
+relative directory.
+<dt><code>Executable</code>
+<dd>This string specifies that the file is to be executed during the
+course of the
+installation.  Typically this would be used for a setup program provided
+by a module vendor, such as a self-extracting <code>setup.exe</code>.
+More than one file can be specified as executable, in which case they will
+be run in the order they are specified in the script file. 
+<dt><code>FilePermissions</code>
+<dd>This string is interpreted as a string of octal digits, according to the
+standard UNIX format. It is a bitwise OR of the following constants:
+<blockquote><pre>
+user read:         400
+user write:        200
+user execute:      100
+group read:        040
+group write:       020
+group execute:     010
+other read:        004
+other write:       002
+other execute:     001
+</pre></blockquote>
+Some platforms may not understand these permissions.  They will only be
+applied insofar as makes sense for the current platform. If this attribute
+is omitted, a default of 777 is assumed.
+
+</body>
+</html>
diff --git a/nss/cmd/modutil/rules.mk b/nss/cmd/modutil/rules.mk
new file mode 100644
index 0000000..3ad6a97
--- /dev/null
+++ b/nss/cmd/modutil/rules.mk
@@ -0,0 +1,26 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Some versions of yacc generate files that include platform-specific
+# system headers.  For example, the yacc in Solaris 2.6 inserts
+#     #include <values.h>
+# which does not exist on NT.  For portability, always use Berkeley
+# yacc (such as the yacc in Linux) to generate files.
+#
+
+generate: installparse.c installparse.l
+
+installparse.c:
+	yacc -p Pk11Install_yy -d installparse.y
+	mv y.tab.c installparse.c
+	mv y.tab.h installparse.h
+
+installparse.l:
+	lex -olex.Pk11Install_yy.c -PPk11Install_yy installparse.l
+	@echo
+	@echo "**YOU MUST COMMENT OUT UNISTD.H FROM lex.Pk11Install_yy.cpp**"
+
+install.c: install-ds.h install.h
diff --git a/nss/cmd/modutil/specification.html b/nss/cmd/modutil/specification.html
new file mode 100644
index 0000000..6477a37
--- /dev/null
+++ b/nss/cmd/modutil/specification.html
@@ -0,0 +1,322 @@
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<head>
+<title>Modutil Specification</title>
+</head>
+<body bgcolor=white fgcolor=black>
+<center><h1>PKCS #11 Module Management Utility
+<br><i>Specification</i></h1></center>
+
+<!---------------------------------------------------------------------->
+<!-------------------------- capabilities ------------------------------>
+<!---------------------------------------------------------------------->
+<h2>Capabilities</h2>
+<ul>
+<li>Add a PKCS #11 module, specifying a name and library file.
+(<a href="#add">-add</a>)
+<li>Add a PKCS #11 module from a server-formatted JAR file.
+(<a href="#jar">-jar</a>)
+<li>Change the password on or initialize a token.
+(<a href="#changepw">-changepw</a>)
+<li>Create databases (secmod[ule].db, key3.db, cert7.db) from scratch.
+(<a href="#create">-create</a>)
+<li>Switch to and from FIPS-140 compliant mode.
+(<a href="#fips">-fips</a>)
+<li>Delete a PKCS #11 module. (<a href="#delete">-delete</a>)
+<li>List installed PKCS #11 modules. (<a href="#list">-list</a>)
+<li>List detailed info on a particular module and its tokens, including 
+whether needs login, is hardware, needs user init
+(<a href="#list">-list</a>)
+<li>Specify which modules should be the default provider of various
+cryptographic operations.(<a href="#default">-default</a>,
+<a href="#undefault">-undefault</a>)
+<li>Disable and enable slots, find out whether and why they are disabled.
+(<a href="#disable">-disable</a>, <a href="#enable">-enable</a>,
+<a href="#list">-list</a>)
+</ul>
+
+<hr>
+
+<!---------------------------------------------------------------------->
+<!-------------------------- Usage ------------------------------------->
+<!---------------------------------------------------------------------->
+<h2>Usage</h2>
+<code>modutil [<i>command</i>] [<i>options</i>]</code>
+<p>At most one command can be specified. With no arguments,
+<code>modutil</code> prints a usage message.
+<h3>Commands:</h3>
+<table border>
+<tr bgcolor="#cccccc">
+<th>Command</th><th>Description</th>
+</tr>
+
+<!---------------------------- -add ------------------------------>
+<tr>
+<td> <a name="add"></a>
+<code>-add <u><i>module name</i></u> -libfile <u><i>library file</i></u>
+ [-ciphers <u><i>cipher enable list</i></u>]
+ [-mechanisms <u><i>default mechanism list</i></u>]
+</code></td>
+<td>Adds a new module to the database with the given name.
+
+<p><u><i>library file</i></u> is the path of the DLL or other library file
+containing the module's implementation of the PKCS #11 interface.
+
+<p><u><i>cipher enable flags</i></u> is a colon-separated list of ciphers
+that will be enabled on this module. The list should be enclosed within quotes
+if necessary to prevent shell interpretation. The following ciphers are
+currently available:
+<ul>
+<li>FORTEZZA
+</ul>
+
+<p><u><i>default mechanism flags</i></u> is a colon-separated list of
+mechanisms for which this module should be the default provider. The
+list should be enclosed within quotes if necessary to prevent shell
+interpretation. <b>This
+list does not enable the mechanisms; it only specifies that this module
+will be a default provider for the listed mechanisms.</b> If more than
+one module claims to be a default provider for a given mechanism, it is
+undefined which will actually be chosen to provide that mechanism. The 
+following mechanisms are currently available:
+<ul>
+<li>RSA
+<li>DSA
+<li>RC2
+<li>RC4
+<li>RC5
+<li>DES
+<li>DH
+<li>FORTEZZA
+<li>SHA1
+<li>MD5
+<li>MD2
+<li>RANDOM <i>(random number generation)</i>
+<li>FRIENDLY <i>(certificates are publicly-readable)</i>
+</ul>
+</td>
+</tr>
+
+<!-------------------------- -changepw ------------------------------------->
+<tr>
+<td><a name="changepw"></a><code>-changepw <u><i>token name</i></u>
+[-pwfile <u><i>old password file</i></u>]
+[-newpwfile <u><i>new password file</i></u>]</code></td>
+<td>Changes the password on the named token.  If the token has not been
+initialized, this command will initialize the PIN.
+If a password file is given, the password will be read from that file;
+otherwise, the password will be obtained interactively.
+<b>Storing passwords in a file is much less secure than supplying them
+interactively.</b>
+<p>The password on the Netscape internal module cannot be changed if
+the <code>-nocertdb</code> option is specified.
+</td>
+</tr>
+
+<!-------------------------- -create ------------------------------------->
+<tr>
+<td><a name="create"></a><code>-create</code></td>
+<td>Creates a new secmod[ule].db, key3.db, and cert7.db in the directory
+specified with the
+<code>-dbdir</code> option, if one is specified.  If no directory is
+specified, UNIX systems will use the user's .netscape directory, while other
+systems will return with an error message.  If any of these databases already
+exist in the chosen directory, an error message is returned.
+<p>If used with <code>-nocertdb</code>, only secmod[ule].db will be created;
+cert7.db and key3.db will not be created.
+</td>
+</tr>
+
+<!------------------------------ -default -------------------------------->
+<tr>
+<td> <a name="default"></a> <code>-default <u><i>module name</i></u>
+-mechanisms <u><i>mechanism list</i></u></code>
+</td>
+<td>Specifies that the given module will be a default provider of the
+listed mechanisms.  The mechanism list is the same as in the <code>-add</code>
+command.
+</td>
+</tr>
+
+<!-------------------------- -delete ------------------------------------->
+<tr>
+<td><a name="delete"></a><code>-delete <u><i>module name</i></u></code></td>
+<td>Deletes the named module from the database</td>
+</tr>
+
+<!-------------------------- -disable ------------------------------------->
+<tr>
+<td> <a name="disable"></a> <code>-disable <u><i>module name</i></u>
+[-slot <u><i>slot name</i></u>]</code></td>
+<td>Disables the named slot. If no slot is specified, all slots on
+the module are disabled.</td>
+</tr>
+
+<!-------------------------- -enable ------------------------------------->
+<tr>
+<td> <a name="enable"></a> <code>-enable <u><i>module name</i></u>
+[-slot <u><i>slot name</i></u>]</code></td>
+<td>Enables the named slot. If no slot is specified, all slots on
+the module are enabled.</td>
+</tr>
+
+<!-------------------------- -fips ------------------------------------->
+<tr>
+<td><a name="fips"></a><code>-fips [true | false]</code></td>
+<td>Enables or disables FIPS mode on the internal module.  Passing
+<code>true</code> enables FIPS mode, passing <code>false</code> disables
+FIPS mode.</td>
+</tr>
+
+<!-------------------------- -force ------------------------------------->
+<tr>
+<td><a name="force"></a><code>-force</code></td>
+<td>Disables interactive prompts, so modutil can be run in a script. 
+Should only be used by experts, since the prompts may relate to security
+or database integrity. Before using this option, test the command
+interactively once to see the warnings that are produced.</td>
+</tr>
+
+<!-------------------------- -jar ------------------------------------->
+<tr>
+<td><a name="jar"></a><code>-jar <u><i>JAR file</i></u>
+-installdir <u><i>root installation directory</i></u>
+[-tempdir <u><i>temporary directory</i></u>]</code></td>
+<td>Adds a new module from the given JAR file. The JAR file uses the 
+server <a href="pk11jar.html">PKCS #11 JAR format</a> to describe the names of
+any files that need to be installed, the name of the module, mechanism flags,
+and cipher flags.  The <u><i>root installation directory</i></u>
+is the directory relative to which files will be installed. This should be a
+ directory 
+under which it would be natural to store dynamic library files, such as
+a server's root directory, or Communicator's root directory.
+The <u><i>temporary directory</i></u> is where temporary modutil files
+will be created in the course of the installation.  If no temporary directory
+is specified, the current directory will be used.
+<p>If used with the <code>-nocertdb</code> option, the signatures on the JAR
+file will not be checked.</td>
+</tr>
+
+<!----------------------------- -list ------------------------------>
+<tr>
+<td><a name="list"></a><code>-list [<u><i>module name</i></u>]</code></td>
+<td>Without an argument, lists the PKCS #11 modules present in the module
+database.
+<blockquote>
+<pre>
+% <b>modutil -list</b>
+Using database directory /u/nicolson/.netscape...
+
+Listing of PKCS #11 Modules
+-----------------------------------------------------------
+  1. Netscape Internal PKCS #11 Module
+         slots: 2 slots attached
+        status: loaded
+
+         slot: Communicator Internal Cryptographic Services Version 4.0
+        token: Communicator Generic Crypto Svcs
+
+         slot: Communicator User Private Key and Certificate Services
+        token: Communicator Certificate DB
+-----------------------------------------------------------
+</pre>
+</blockquote>
+<p>With an argument, provides a detailed description of the named module
+and its slots and tokens.
+<blockquote>
+<pre>
+% <b>modutil -list "Netscape Internal PKCS #11 Module"</b>
+Using database directory /u/nicolson/.netscape...
+
+-----------------------------------------------------------
+Name: Netscape Internal PKCS #11 Module
+Library file: **Internal ONLY module**
+Manufacturer: Netscape Communications Corp    
+Description: Communicator Internal Crypto Svc
+PKCS #11 Version 2.0
+Library Version: 4.0
+Cipher Enable Flags: None
+Default Mechanism Flags: RSA:DSA:RC2:RC4:DES:SHA1:MD5:MD2
+
+  Slot: Communicator Internal Cryptographic Services Version 4.0
+  Manufacturer: Netscape Communications Corp    
+  Type: Software
+  Version Number: 4.1
+  Firmware Version: 0.0
+  Status: Enabled
+  Token Name: Communicator Generic Crypto Svcs
+  Token Manufacturer: Netscape Communications Corp    
+  Token Model: Libsec 4.0      
+  Token Serial Number: 0000000000000000
+  Token Version: 4.0
+  Token Firmware Version: 0.0
+  Access: Write Protected
+  Login Type: Public (no login required)
+  User Pin: NOT Initialized
+
+  Slot: Communicator User Private Key and Certificate Services
+  Manufacturer: Netscape Communications Corp    
+  Type: Software
+  Version Number: 3.0
+  Firmware Version: 0.0
+  Status: Enabled
+  Token Name: Communicator Certificate DB     
+  Token Manufacturer: Netscape Communications Corp    
+  Token Model: Libsec 4.0      
+  Token Serial Number: 0000000000000000
+  Token Version: 7.0
+  Token Firmware Version: 0.0
+  Access: NOT Write Protected
+  Login Type: Login required
+  User Pin: Initialized
+
+-----------------------------------------------------------
+</pre>
+</blockquote>
+</td>
+</tr>
+
+<!------------------------------ Undefault ------------------------------->
+<tr>
+<td><a name="undefault"></a><code>-undefault <u><i>module name</i></u>
+-mechanisms <u><i>mechanism list</i></u></code></td>
+<td>Specifies that the given module will NOT be a default provider of 
+the listed mechanisms. This command clears the default mechanism flags
+for the given module.</td>
+</tr>
+
+</table>
+
+<!------------------------------------------------------------------------>
+<!------------------------------ Options --------------------------------->
+<!------------------------------------------------------------------------>
+<h3>Options:</h3>
+<table border>
+<tr bgcolor="#cccccc"><th>Option</th><th>Description</th> </tr>
+
+<!------------------------------ -dbdir ---------------------------------->
+<tr>
+<td><code>-dbdir <u><i>directory</i></u></code></td>
+<td>Specifies which directory holds the module database. On UNIX systems,
+the user's netscape directory is the default. On other systems, there is
+no default, and this option must be used.</td>
+</tr>
+
+<!------------------------------ -dbdir ---------------------------------->
+<tr>
+<td><code>-nocertdb</code></td>
+<td>Do not open the certificate or key databases.  This has several effects.
+With the <code>-create</code> command, this means that only a secmod.db file
+will be created; cert7.db and key3.db will not be created.  With the
+<code>-jar</code> command, signatures on the JAR file will not be checked.
+With the <code>-changepw</code> command, the password on the Netscape internal 
+module cannot be set or changed, since this password is stored in key3.db.
+</td>
+</tr>
+
+</table>
+
+</body>
+</html>
diff --git a/nss/cmd/mpitests/mpi-test.c b/nss/cmd/mpitests/mpi-test.c
new file mode 100644
index 0000000..3a1f5d6
--- /dev/null
+++ b/nss/cmd/mpitests/mpi-test.c
@@ -0,0 +1,2127 @@
+/*
+ * mpi-test.c
+ *
+ * This is a general test suite for the MPI library, which tests
+ * all the functions in the library with known values.  The program
+ * exits with a zero (successful) status if the tests pass, or a
+ * nonzero status if the tests fail.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+#include "test-info.c"
+
+/* ZS means Zero Suppressed (no leading zeros) */
+#if MP_USE_LONG_DIGIT
+#define ZS_DIGIT_FMT "%lX"
+#elif MP_USE_LONG_LONG_DIGIT
+#define ZS_DIGIT_FMT "%llX"
+#elif MP_USE_UINT_DIGIT
+#define ZS_DIGIT_FMT "%X"
+#else
+#error "unknown type of digit"
+#endif
+
+/*
+  Test vectors
+
+  If you intend to change any of these values, you must also recompute
+  the corresponding solutions below.  Basically, these are just hex
+  strings (for the big integers) or integer values (for the digits).
+
+  The comparison tests think they know what relationships hold between
+  these values.  If you change that, you may have to adjust the code
+  for the comparison tests accordingly.  Most of the other tests
+  should be fine as long as you re-compute the solutions, though.
+ */
+const char *mp1 = "639A868CDA0C569861B";
+const char *mp2 = "AAFC0A3FE45E5E09DBE2C29";
+const char *mp3 = "B55AA8DF8A7E83241F38AC7A9E479CAEF2E4D7C5";
+const char *mp4 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char *mp5 = "F595CB42";
+const char *mp5a = "-4B597E";
+const char *mp6 = "0";
+const char *mp7 = "EBFA7121CD838CE6439CC59DDB4CBEF3";
+const char *mp8 = "5";
+const char *mp9 = "F74A2876A1432698923B0767DA19DCF3D71795EE";
+const char *mp10 = "9184E72A000";
+const char *mp11 = "54D79A3557E8";
+const char *mp12 = "10000000000000000";
+const char *mp13 =
+    "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342BDAB6163963C"
+    "D5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45F2B050D226E6DA88";
+const char *mp14 =
+    "AC3FA0EABAAC45724814D798942A1E28E14C81E0DE8055CED630E7689DA648683645DB6E"
+    "458D9F5338CC3D4E33A5D1C9BF42780133599E60DEE0049AFA8F9489501AE5C9AA2B8C13"
+    "FD21285A538B2CA87A626BB56E0A654C8707535E637FF4E39174157402BDE3AA30C9F134"
+    "0C1307BAA864B075A9CC828B6A5E2B2BF1AE406D920CC5E7657D7C0E697DEE5375773AF9"
+    "E200A1B8FAD7CD141F9EE47ABB55511FEB9A4D99EBA22F3A3FF6792FA7EE9E5DC0EE94F7"
+    "7A631EDF3D7DD7C2DAAAFDF234D60302AB63D5234CEAE941B9AF0ADDD9E6E3A940A94EE5"
+    "5DB45A7C66E61EDD0477419BBEFA44C325129601C4F45671C6A0E64665DF341D17FBC71F"
+    "77418BD9F4375DDB3B9D56126526D8E5E0F35A121FD4F347013DA880020A752324F31DDD"
+    "9BCDB13A3B86E207A2DE086825E6EEB87B3A64232CFD8205B799BC018634AAE193F19531"
+    "D6EBC19A75F27CFFAA03EB5974898F53FD569AA5CE60F431B53B0CDE715A5F382405C9C4"
+    "761A8E24888328F09F7BCE4E8D80C957DF177629C8421ACCD0C268C63C0DD47C3C0D954F"
+    "D79F7D7297C6788DF4B3E51381759864D880ACA246DF09533739B8BB6085EAF7AE8DC2D9"
+    "F224E6874926C8D24D34B457FD2C9A586C6B99582DC24F787A39E3942786CF1D494B6EB4"
+    "A513498CDA0B217C4E80BCE7DA1C704C35E071AC21E0DA9F57C27C3533F46A8D20B04137"
+    "C1B1384BE4B2EB46";
+const char *mp15 =
+    "39849CF7FD65AF2E3C4D87FE5526221103D90BA26A6642FFE3C3ECC0887BBBC57E011BF1"
+    "05D822A841653509C68F79EBE51C0099B8CBB04DEF31F36F5954208A3209AC122F0E11D8"
+    "4AE67A494D78336A2066D394D42E27EF6B03DDAF6D69F5112C93E714D27C94F82FC7EF77"
+    "445768C68EAE1C4A1407BE1B303243391D325090449764AE469CC53EC8012C4C02A72F37"
+    "07ED7275D2CC8D0A14B5BCC6BF264941520EBA97E3E6BAE4EE8BC87EE0DDA1F5611A6ECB"
+    "65F8AEF4F184E10CADBDFA5A2FEF828901D18C20785E5CC63473D638762DA80625003711"
+    "9E984AC43E707915B133543AF9D5522C3E7180DC58E1E5381C1FB7DC6A5F4198F3E88FA6"
+    "CBB6DFA8B2D1C763226B253E18BCCB79A29EE82D2DE735078C8AE3C3C86D476AAA08434C"
+    "09C274BDD40A1D8FDE38D6536C22F44E807EB73DE4FB36C9F51E0BC835DDBE3A8EFCF2FE"
+    "672B525769DC39230EE624D5EEDBD837C82A52E153F37378C3AD68A81A7ADBDF3345DBCE"
+    "8FA18CA1DE618EF94DF72EAD928D4F45B9E51632ACF158CF8332C51891D1D12C2A7E6684"
+    "360C4BF177C952579A9F442CFFEC8DAE4821A8E7A31C4861D8464CA9116C60866C5E72F7"
+    "434ADBED36D54ACDFDFF70A4EFB46E285131FE725F1C637D1C62115EDAD01C4189716327"
+    "BFAA79618B1656CBFA22C2C965687D0381CC2FE0245913C4D8D96108213680BD8E93E821"
+    "822AD9DDBFE4BD04";
+const char *mp16 = "4A724340668DB150339A70";
+const char *mp17 = "8ADB90F58";
+const char *mp18 = "C64C230AB20E5";
+const char *mp19 =
+    "F1C9DACDA287F2E3C88DCE2393B8F53DAAAC1196DC36510962B6B59454CFE64B";
+const char *mp20 =
+    "D445662C8B6FE394107B867797750C326E0F4A967E135FC430F6CD7207913AC7";
+const char *mp21 = "2";
+
+const mp_digit md1 = 0;
+const mp_digit md2 = 0x1;
+const mp_digit md3 = 0x80;
+const mp_digit md4 = 0x9C97;
+const mp_digit md5 = 0xF5BF;
+const mp_digit md6 = 0x14A0;
+const mp_digit md7 = 0x03E8;
+const mp_digit md8 = 0x0101;
+const mp_digit md9 = 0xA;
+
+/*
+   Solutions of the form x_mpABC, where:
+
+   x = (p)roduct, (s)um, (d)ifference, (q)uotient, (r)emainder, (g)cd,
+       (i)nverse, (e)xponent, square roo(t), (g)cd, (l)cm.  A
+       leading 'm' indicates a modular operation, e.g. ms_mp12 is the
+       modular sum of operands 1 and 2
+
+   ABC are the operand numbers involved in the computation.  If a 'd'
+   precedes the number, it is a digit operand; if a 'c' precedes it,
+   it is a constant; otherwise, it is a full integer.
+ */
+
+const char *p_mp12 = "4286AD72E095C9FE009938750743174ADDD7FD1E53";
+const char *p_mp34 = "-46BDBD66CA108C94A8CF46C325F7B6E2F2BA82D35"
+                     "A1BFD6934C441EE369B60CA29BADC26845E918B";
+const char *p_mp57 = "E260C265A0A27C17AD5F4E59D6E0360217A2EBA6";
+const char *p_mp22 = "7233B5C1097FFC77CCF55928FDC3A5D31B712FDE7A1E91";
+const char *p_mp1d4 = "3CECEA2331F4220BEF68DED";
+const char *p_mp8d6 = "6720";
+const char *p_mp1113 =
+    "11590FC3831C8C3C51813142C88E566408DB04F9E27642F6471A1822E0100B12F7F1"
+    "5699A127C0FA9D26DCBFF458522661F30C6ADA4A07C8C90F9116893F6DBFBF24C3A2"
+    "4340";
+const char *p_mp1415 =
+    "26B36540DE8B3586699CCEAE218A2842C7D5A01590E70C4A26E789107FBCDB06AA2C"
+    "6DDC39E6FA18B16FCB2E934C9A5F844DAD60EE3B1EA82199EC5E9608F67F860FB965"
+    "736055DF0E8F2540EB28D07F47E309B5F5D7C94FF190AB9C83A6970160CA700B1081"
+    "F60518132AF28C6CEE6B7C473E461ABAC52C39CED50A08DD4E7EA8BA18DAD545126D"
+    "A388F6983C29B6BE3F9DCBC15766E8E6D626A92C5296A9C4653CAE5788350C0E2107"
+    "F57E5E8B6994C4847D727FF1A63A66A6CEF42B9C9E6BD04C92550B85D5527DE8A132"
+    "E6BE89341A9285C7CE7FB929D871BBCBD0ED2863B6B078B0DBB30FCA66D6C64284D6"
+    "57F394A0271E15B6EC7A9D530EBAC6CA262EF6F97E1A29FCE7749240E4AECA591ECF"
+    "272122BC587370F9371B67BB696B3CDC1BC8C5B64B6280994EBA00CDEB8EB0F5D06E"
+    "18F401D65FDCECF23DD7B9BB5B4C5458AEF2CCC09BA7F70EACB844750ACFD027521E"
+    "2E047DE8388B35F8512D3DA46FF1A12D4260213602BF7BFFDB6059439B1BD0676449"
+    "8D98C74F48FB3F548948D5BA0C8ECFCD054465132DC43466D6BBD59FBAF8D6D4E157"
+    "2D612B40A956C7D3E140F3B8562EF18568B24D335707D5BAC7495014DF2444172426"
+    "FD099DED560D30D1F945386604AFC85C64BD1E5F531F5C7840475FC0CF0F79810012"
+    "4572BAF5A9910CDBD02B27FFCC3C7E5E88EF59F3AE152476E33EDA696A4F751E0AE4"
+    "A3D2792DEA78E25B9110E12A19EFD09EA47FF9D6594DA445478BEB6901EAF8A35B2D"
+    "FD59BEE9BF7AA8535B7D326EFA5AA2121B5EBE04DD85827A3D43BD04F4AA6D7B62A2"
+    "B6D7A3077286A511A431E1EF75FCEBA3FAE9D5843A8ED17AA02BBB1B571F904699C5"
+    "A6073F87DDD012E2322AB3F41F2A61F428636FE86914148E19B8EF8314ED83332F2F"
+    "8C2ADE95071E792C0A68B903E060DD322A75FD0C2B992059FCCBB58AFA06B50D1634"
+    "BBD93F187FCE0566609FCC2BABB269C66CEB097598AA17957BB4FDA3E64A1B30402E"
+    "851CF9208E33D52E459A92C63FBB66435BB018E155E2C7F055E0B7AB82CD58FC4889"
+    "372ED9EEAC2A07E8E654AB445B9298D2830D6D4DFD117B9C8ABE3968927DC24B3633"
+    "BAD6E6466DB45DDAE87A0AB00336AC2CCCE176704F7214FCAB55743AB76C2B6CA231"
+    "7984610B27B5786DE55C184DDF556EDFEA79A3652831940DAD941E243F482DC17E50"
+    "284BC2FB1AD712A92542C573E55678878F02DFD9E3A863C7DF863227AEDE14B47AD3"
+    "957190124820ADC19F5353878EDB6BF7D0C77352A6E3BDB53EEB88F5AEF6226D6E68"
+    "756776A8FB49B77564147A641664C2A54F7E5B680CCC6A4D22D894E464DF20537094"
+    "548F1732452F9E7F810C0B4B430C073C0FBCE03F0D03F82630654BCE166AA772E1EE"
+    "DD0C08D3E3EBDF0AF54203B43AFDFC40D8FC79C97A4B0A4E1BEB14D8FCEFDDED8758"
+    "6ED65B18";
+const char *p_mp2121 = "4";
+const char *mp_mp345 = "B9B6D3A3";
+const char *mp_mp335 = "16609C2D";
+
+const char *s_mp13 = "B55AA8DF8A7E83241F38B2B446B06A4FB84E5DE0";
+const char *s_mp34 = "517EE6B92EF65C965736EB6BF7C325F73504CEB6";
+const char *s_mp46 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char *s_mp5d4 = "F59667D9";
+const char *s_mp2d5 = "AAFC0A3FE45E5E09DBF21E8";
+const char *s_mp1415 =
+    "E5C43DE2B811F4A084625F96E9504039E5258D8348E698CEB9F4D4292622042DB446"
+    "F75F4B65C1FB7A317257FA354BB5A45E789AEC254EAECE11F80A53E3B513822491DB"
+    "D9399DEC4807A2A3A10360129AC93F4A42388D3BF20B310DD0E9E9F4BE07FC88D53A"
+    "78A26091E0AB506A70813712CCBFBDD440A69A906E650EE090FDD6A42A95AC1A414D"
+    "317F1A9F781E6A30E9EE142ECDA45A1E3454A1417A7B9A613DA90831CF88EA1F2E82"
+    "41AE88CC4053220903C2E05BCDD42F02B8CF8868F84C64C5858BAD356143C5494607"
+    "EE22E11650148BAF65A985F6FC4CA540A55697F2B5AA95D6B8CF96EF638416DE1DD6"
+    "3BA9E2C09E22D03E75B60BE456C642F86B82A709253E5E087B507DE3A45F8392423F"
+    "4DBC284E8DC88C43CA77BC8DCEFB6129A59025F80F90FF978116DEBB9209E306FBB9"
+    "1B6111F8B8CFACB7C7C9BC12691C22EE88303E1713F1DFCEB622B8EA102F6365678B"
+    "C580ED87225467AA78E875868BD53B17574BA59305BC1AC666E4B7E9ED72FCFC200E"
+    "189D98FC8C5C7533739C53F52DDECDDFA5A8668BFBD40DABC9640F8FCAE58F532940"
+    "8162261320A25589E9FB51B50F80056471F24B7E1AEC35D1356FC2747FFC13A04B34"
+    "24FCECE10880BD9D97CA8CDEB2F5969BF4F30256EB5ED2BCD1DC64BDC2EE65217848"
+    "48A37FB13F84ED4FB7ACA18C4639EE64309BDD3D552AEB4AAF44295943DC1229A497"
+    "A84A";
+
+const char *ms_mp345 = "1E71E292";
+
+const char *d_mp12 = "-AAFBA6A55DD183FD854A60E";
+const char *d_mp34 = "119366B05E606A9B1E73A6D8944CC1366B0C4E0D4";
+const char *d_mp5d4 = "F5952EAB";
+const char *d_mp6d2 = "-1";
+const char *md_mp345 = "26596B86";
+
+const char *q_mp42 = "-95825A1FFA1A155D5";
+const char *r_mp42 = "-6312E99D7700A3DCB32ADF2";
+const char *q_mp45a = "15344CDA3D841F661D2B61B6EDF7828CE36";
+const char *r_mp45a = "-47C47B";
+const char *q_mp7c2 = "75FD3890E6C1C67321CE62CEEDA65F79";
+const char *q_mp3d6 = "8CAFD53C272BD6FE8B0847BDC3B539EFAB5C3";
+const char *r_mp3d6 = "1E5";
+const char *r_mp5d5 = "1257";
+const char *r_mp47 = "B3A9018D970281A90FB729A181D95CB8";
+const char *q_mp1404 =
+    "-1B994D869142D3EF6123A3CBBC3C0114FA071CFCEEF4B7D231D65591D32501AD80F"
+    "FF49AE4EC80514CC071EF6B42521C2508F4CB2FEAD69A2D2EF3934087DCAF88CC4C4"
+    "659F1CA8A7F4D36817D802F778F1392337FE36302D6865BF0D4645625DF8BB044E19"
+    "930635BE2609FAC8D99357D3A9F81F2578DE15A300964188292107DAC980E0A08CD7"
+    "E938A2135FAD45D50CB1D8C2D4C4E60C27AB98B9FBD7E4DBF752C57D2674520E4BB2"
+    "7E42324C0EFE84FB3E38CF6950E699E86FD45FE40D428400F2F94EDF7E94FAE10B45"
+    "89329E1BF61E5A378C7B31C9C6A234F8254D4C24823B84D0BF8D671D8BC9154DFAC9"
+    "49BD8ACABD6BD32DD4DC587F22C86153CB3954BDF7C2A890D623642492C482CF3E2C"
+    "776FC019C3BBC61688B485E6FD35D6376089C1E33F880E84C4E51E8ABEACE1B3FB70"
+    "3EAD0E28D2D44E7F1C0A859C840775E94F8C1369D985A3C5E8114B21D68B3CBB75D2"
+    "791C586153C85B90CAA483E57A40E2D97950AAB84920A4396C950C87C7FFFE748358"
+    "42A0BF65445B26D40F05BE164B822CA96321F41D85A289C5F5CD5F438A78704C9683"
+    "422299D21899A22F853B0C93081CC9925E350132A0717A611DD932A68A0ACC6E4C7F"
+    "7F685EF8C1F4910AEA5DC00BB5A36FCA07FFEAA490C547F6E14A08FE87041AB803E1"
+    "BD9E23E4D367A2C35762F209073DFF48F3";
+const char *r_mp1404 = "12FF98621ABF63144BFFC3207AC8FC10D8D1A09";
+
+const char *q_mp13c =
+    "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342"
+    "BDAB6163963CD5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45";
+const char *r_mp13c = "F2B050D226E6DA88";
+const char *q_mp9c16 = "F74A2876A1432698923B0767DA19DCF3D71795E";
+const char *r_mp9c16 = "E";
+
+const char *e_mp5d9 = "A8FD7145E727A20E52E73D22990D35D158090307A"
+                      "13A5215AAC4E9AB1E96BD34E531209E03310400";
+const char *e_mp78 = "AA5F72C737DFFD8CCD108008BFE7C79ADC01A819B"
+                     "32B75FB82EC0FB8CA83311DA36D4063F1E57857A2"
+                     "1AB226563D84A15BB63CE975FF1453BD6750C58D9"
+                     "D113175764F5D0B3C89B262D4702F4D9640A3";
+const char *me_mp817 = "E504493ACB02F7F802B327AB13BF25";
+const char *me_mp5d47 = "1D45ED0D78F2778157992C951DD2734C";
+const char *me_mp1512 = "FB5B2A28D902B9D9";
+const char *me_mp161718 = "423C6AC6DBD74";
+const char *me_mp5114 =
+    "64F0F72807993578BBA3C7C36FFB184028F9EB9A810C92079E1498D8A80FC848E1F0"
+    "25F1DE43B7F6AC063F5CC29D8A7C2D7A66269D72BF5CDC327AF88AF8EF9E601DCB0A"
+    "3F35BFF3525FB1B61CE3A25182F17C0A0633B4089EA15BDC47664A43FEF639748AAC"
+    "19CF58E83D8FA32CD10661D2D4210CC84792937E6F36CB601851356622E63ADD4BD5"
+    "542412C2E0C4958E51FD2524AABDC7D60CFB5DB332EEC9DC84210F10FAE0BA2018F2"
+    "14C9D6867C9D6E49CF28C18D06CE009FD4D04BFC8837C3FAAA773F5CCF6DED1C22DE"
+    "181786AFE188540586F2D74BF312E595244E6936AE52E45742109BAA76C36F2692F5"
+    "CEF97AD462B138BE92721194B163254CBAAEE9B9864B21CCDD5375BCAD0D24132724"
+    "113D3374B4BCF9AA49BA5ACBC12288C0BCF46DCE6CB4A241A91BD559B130B6E9CD3D"
+    "D7A2C8B280C2A278BA9BF5D93244D563015C9484B86D9FEB602501DC16EEBC3EFF19"
+    "53D7999682BF1A1E3B2E7B21F4BDCA3C355039FEF55B9C0885F98DC355CA7A6D8ECF"
+    "5F7F1A6E11A764F2343C823B879B44616B56BF6AE3FA2ACF5483660E618882018E3F"
+    "C8459313BACFE1F93CECC37B2576A5C0B2714BD3EEDEEC22F0E7E3E77B11396B9B99"
+    "D683F2447A4004BBD4A57F6A616CDDFEC595C4FC19884CC2FC21CF5BF5B0B81E0F83"
+    "B9DDA0CF4DFF35BB8D31245912BF4497FD0BD95F0C604E26EA5A8EA4F5EAE870A5BD"
+    "FE8C";
+
+const char *e_mpc2d3 = "100000000000000000000000000000000";
+
+const char *t_mp9 = "FB9B6E32FF0452A34746";
+const char *i_mp27 = "B6AD8DCCDAF92B6FE57D062FFEE3A99";
+const char *i_mp2019 =
+    "BDF3D88DC373A63EED92903115B03FC8501910AF68297B4C41870AED3EA9F839";
+/* "15E3FE09E8AE5523AABA197BD2D16318D3CA148EDF4AE1C1C52FC96AFAF5680B"; */
+
+const char *t_mp15 =
+    "795853094E59B0008093BCA8DECF68587C64BDCA2F3F7F8963DABC12F1CFFFA9B8C4"
+    "365232FD4751870A0EF6CA619287C5D8B7F1747D95076AB19645EF309773E9EACEA0"
+    "975FA4AE16251A8DA5865349C3A903E3B8A2C0DEA3C0720B6020C7FED69AFF62BB72"
+    "10FAC443F9FFA2950776F949E819260C2AF8D94E8A1431A40F8C23C1973DE5D49AA2"
+    "0B3FF5DA5C1D5324E712A78FF33A9B1748F83FA529905924A31DF38643B3F693EF9B"
+    "58D846BB1AEAE4523ECC843FF551C1B300A130B65C1677402778F98C51C10813250E"
+    "2496882877B069E877B59740DC1226F18A5C0F66F64A5F59A9FAFC5E9FC45AEC0E7A"
+    "BEE244F7DD3AC268CF512A0E52E4F5BE5B94";
+
+const char *g_mp71 = "1";
+const char *g_mp25 = "7";
+const char *l_mp1011 = "C589E3D7D64A6942A000";
+
+/* mp9 in radices from 5 to 64 inclusive */
+#define LOW_RADIX 5
+#define HIGH_RADIX 64
+const char *v_mp9[] = {
+    "404041130042310320100141302000203430214122130002340212132414134210033",
+    "44515230120451152500101352430105520150025145320010504454125502",
+    "644641136612541136016610100564613624243140151310023515322",
+    "173512120732412062323044435407317550316717172705712756",
+    "265785018434285762514442046172754680368422060744852",
+    "1411774500397290569709059837552310354075408897518",
+    "184064268501499311A17746095910428222A241708032A",
+    "47706011B225950B02BB45602AA039893118A85950892",
+    "1A188C826B982353CB58422563AC602B783101671A86",
+    "105957B358B89B018958908A9114BC3DDC410B77982",
+    "CB7B3387E23452178846C55DD9D70C7CA9AEA78E8",
+    "F74A2876A1432698923B0767DA19DCF3D71795EE",
+    "17BF7C3673B76D7G7A5GA836277296F806E7453A",
+    "2EBG8HH3HFA6185D6H0596AH96G24C966DD3HG2",
+    "6G3HGBFEG8I3F25EAF61B904EIA40CFDH2124F",
+    "10AHC3D29EBHDF3HD97905CG0JA8061855C3FI",
+    "3BA5A55J5K699B2D09C38A4B237CH51IHA132",
+    "EDEA90DJ0B5CB3FGG1C8587FEB99D3C143CA",
+    "31M26JI1BBD56K3I028MML4EEDMAJK60LGLE",
+    "GGG5M3142FKKG82EJ28111D70EMHC241E4E",
+    "4446F4D5H10982023N297BF0DKBBHLLJB0I",
+    "12E9DEEOBMKAKEP0IM284MIP7FO1O521M46",
+    "85NN0HD48NN2FDDB1F5BMMKIB8CK20MDPK",
+    "2D882A7A0O0JPCJ4APDRIB77IABAKDGJP2",
+    "MFMCI0R7S27AAA3O3L2S8K44HKA7O02CN",
+    "7IGQS73FFSHC50NNH44B6PTTNLC3M6H78",
+    "2KLUB3U9850CSN6ANIDNIF1LB29MJ43LH",
+    "UT52GTL18CJ9H4HR0TJTK6ESUFBHF5FE",
+    "BTVL87QQBMUGF8PFWU4W3VU7U922QTMW",
+    "4OG10HW0MSWJBIDEE2PDH24GA7RIHIAA",
+    "1W8W9AX2DRUX48GXOLMK0PE42H0FEUWN",
+    "SVWI84VBH069WR15W1U2VTK06USY8Z2",
+    "CPTPNPDa5TYCPPNLALENT9IMX2GL0W2",
+    "5QU21UJMRaUYYYYYN6GHSMPOYOXEEUY",
+    "2O2Q7C6RPPB1SXJ9bR4035SPaQQ3H2W",
+    "18d994IbT4PHbD7cGIPCRP00bbQO0bc",
+    "NcDUEEWRO7XT76260WGeBHPVa72RdA",
+    "BbX2WCF9VfSB5LPdJAdeXKV1fd6LC2",
+    "60QDKW67P4JSQaTdQg7JE9ISafLaVU",
+    "33ba9XbDbRdNF4BeDB2XYMhAVDaBdA",
+    "1RIPZJA8gT5L5H7fTcaRhQ39geMMTc",
+    "d65j70fBATjcDiidPYXUGcaBVVLME",
+    "LKA9jhPabDG612TXWkhfT2gMXNIP2",
+    "BgNaYhjfT0G8PBcYRP8khJCR3C9QE",
+    "6Wk8RhJTAgDh10fYAiUVB1aM0HacG",
+    "3dOCjaf78kd5EQNViUZWj3AfFL90I",
+    "290VWkL3aiJoW4MBbHk0Z0bDo22Ni",
+    "1DbDZ1hpPZNUDBUp6UigcJllEdC26",
+    "dFSOLBUM7UZX8Vnc6qokGIOiFo1h",
+    "NcoUYJOg0HVmKI9fR2ag0S8R2hrK",
+    "EOpiJ5Te7oDe2pn8ZhAUKkhFHlZh",
+    "8nXK8rp8neV8LWta1WDgd1QnlWsU",
+    "5T3d6bcSBtHgrH9bCbu84tblaa7r",
+    "3PlUDIYUvMqOVCir7AtquK5dWanq",
+    "2A70gDPX2AtiicvIGGk9poiMtgvu",
+    "1MjiRxjk10J6SVAxFguv9kZiUnIc",
+    "rpre2vIDeb4h3sp50r1YBbtEx9L",
+    "ZHcoip0AglDAfibrsUcJ9M1C8fm",
+    "NHP18+eoe6uU54W49Kc6ZK7+bT2",
+    "FTAA7QXGoQOaZi7PzePtFFN5vNk"
+};
+
+const unsigned char b_mp4[] = {
+    0x01,
+#if MP_DIGIT_MAX > MP_32BIT_MAX
+    0x00, 0x00, 0x00, 0x00,
+#endif
+    0x63, 0xDB, 0xC2, 0x26,
+    0x5B, 0x88, 0x26, 0x8D,
+    0xC8, 0x01, 0xC1, 0x0E,
+    0xA6, 0x84, 0x76, 0xB7,
+    0xBD, 0xE0, 0x09, 0x0F
+};
+
+/* Search for a test suite name in the names table  */
+int find_name(char *name);
+void reason(char *fmt, ...);
+
+/*------------------------------------------------------------------------*/
+/*------------------------------------------------------------------------*/
+
+char g_intbuf[4096]; /* buffer for integer comparison   */
+char a_intbuf[4096]; /* buffer for integer comparison   */
+int g_verbose = 1;   /* print out reasons for failure?  */
+int res;
+
+#define IFOK(x)                                            \
+    {                                                      \
+        if (MP_OKAY > (res = (x))) {                       \
+            reason("test %s failed: error %d\n", #x, res); \
+            return 1;                                      \
+        }                                                  \
+    }
+
+int
+main(int argc, char *argv[])
+{
+    int which, res;
+
+    srand((unsigned int)time(NULL));
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <test-suite> | list\n"
+                        "Type '%s help' for assistance\n",
+                argv[0], argv[0]);
+        return 2;
+    } else if (argc > 2) {
+        if (strcmp(argv[2], "quiet") == 0)
+            g_verbose = 0;
+    }
+
+    if (strcmp(argv[1], "help") == 0) {
+        fprintf(stderr, "Help for mpi-test\n\n"
+                        "This program is a test driver for the MPI library, which\n"
+                        "tests all the various functions in the library to make sure\n"
+                        "they are working correctly.  The syntax is:\n"
+                        "    %s <suite-name>\n"
+                        "...where <suite-name> is the name of the test you wish to\n"
+                        "run.  To get a list of the tests, use '%s list'.\n\n"
+                        "The program exits with a status of zero if the test passes,\n"
+                        "or non-zero if it fails.  Ordinarily, failure is accompanied\n"
+                        "by a diagnostic message to standard error.  To suppress this\n"
+                        "add the keyword 'quiet' after the suite-name on the command\n"
+                        "line.\n\n",
+                argv[0], argv[0]);
+        return 0;
+    }
+
+    if ((which = find_name(argv[1])) < 0) {
+        fprintf(stderr, "%s: test suite '%s' is not known\n", argv[0], argv[1]);
+        return 2;
+    }
+
+    if ((res = (g_tests[which])()) < 0) {
+        fprintf(stderr, "%s: test suite not implemented yet\n", argv[0]);
+        return 2;
+    } else {
+        return res;
+    }
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+find_name(char *name)
+{
+    int ix = 0;
+
+    while (ix < g_count) {
+        if (strcmp(name, g_names[ix]) == 0)
+            return ix;
+
+        ++ix;
+    }
+
+    return -1;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_list(void)
+{
+    int ix;
+
+    fprintf(stderr, "There are currently %d test suites available\n",
+            g_count);
+
+    for (ix = 1; ix < g_count; ix++)
+        fprintf(stdout, "%-20s %s\n", g_names[ix], g_descs[ix]);
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_copy(void)
+{
+    mp_int a, b;
+    int ix;
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, mp3, 16);
+    mp_copy(&a, &b);
+
+    if (SIGN(&a) != SIGN(&b) || USED(&a) != USED(&b)) {
+        if (SIGN(&a) != SIGN(&b)) {
+            reason("error: sign of original is %d, sign of copy is %d\n",
+                   SIGN(&a), SIGN(&b));
+        } else {
+            reason("error: original precision is %d, copy precision is %d\n",
+                   USED(&a), USED(&b));
+        }
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    for (ix = 0; ix < USED(&b); ix++) {
+        if (DIGIT(&a, ix) != DIGIT(&b, ix)) {
+            reason("error: digit %d " DIGIT_FMT " != " DIGIT_FMT "\n",
+                   ix, DIGIT(&a, ix), DIGIT(&b, ix));
+            mp_clear(&a);
+            mp_clear(&b);
+            return 1;
+        }
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_exch(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp7, 16);
+    mp_read_radix(&b, mp1, 16);
+
+    mp_exch(&a, &b);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, mp1) != 0) {
+        mp_clear(&b);
+        reason("error: exchange failed\n");
+        return 1;
+    }
+
+    mp_toradix(&b, g_intbuf, 16);
+
+    mp_clear(&b);
+    if (strcmp(g_intbuf, mp7) != 0) {
+        reason("error: exchange failed\n");
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_zero(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp7, 16);
+    mp_zero(&a);
+
+    if (USED(&a) != 1 || DIGIT(&a, 1) != 0) {
+        mp_toradix(&a, g_intbuf, 16);
+        reason("error: result is %s\n", g_intbuf);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_set(void)
+{
+    mp_int a;
+
+    /* Test single digit set */
+    mp_init(&a);
+    mp_set(&a, 5);
+    if (DIGIT(&a, 0) != 5) {
+        mp_toradix(&a, g_intbuf, 16);
+        reason("error: result is %s, expected 5\n", g_intbuf);
+        mp_clear(&a);
+        return 1;
+    }
+
+    /* Test integer set */
+    mp_set_int(&a, -4938110);
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    if (strcmp(g_intbuf, mp5a) != 0) {
+        reason("error: result is %s, expected %s\n", g_intbuf, mp5a);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_abs(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp4, 16);
+    mp_abs(&a, &a);
+
+    if (SIGN(&a) != ZPOS) {
+        reason("error: sign of result is negative\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_neg(void)
+{
+    mp_int a;
+    mp_sign s;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp4, 16);
+
+    s = SIGN(&a);
+    mp_neg(&a, &a);
+    if (SIGN(&a) == s) {
+        reason("error: sign of result is same as sign of nonzero input\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_add_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+
+    mp_read_radix(&a, mp5, 16);
+    mp_add_d(&a, md4, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp5d4) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp5d4);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp2, 16);
+    mp_add_d(&a, md5, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp2d5) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp2d5);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_add(void)
+{
+    mp_int a, b;
+    int res = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp3, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp13) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp13);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp34) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp34);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&b, mp6, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp46) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp46);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp14, 16);
+    mp_read_radix(&b, mp15, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp1415) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp1415);
+        res = 1;
+    }
+
+CLEANUP:
+    mp_clear(&a);
+    mp_clear(&b);
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sub_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp5, 16);
+
+    mp_sub_d(&a, md4, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, d_mp5d4) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp5d4);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp6, 16);
+
+    mp_sub_d(&a, md2, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, d_mp6d2) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp6d2);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sub(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp2, 16);
+    mp_sub(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, d_mp12) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp12);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_sub(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, d_mp34) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp34);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mul_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp1, 16);
+
+    IFOK(mp_mul_d(&a, md4, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp1d4) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp1d4);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp8, 16);
+    IFOK(mp_mul_d(&a, md6, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, p_mp8d6) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp8d6);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mul(void)
+{
+    mp_int a, b;
+    int res = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp2, 16);
+
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp12) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp12);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp34) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp34);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&b, mp7, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp57) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp57);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp11, 16);
+    mp_read_radix(&b, mp13, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp1113) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp1113);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp14, 16);
+    mp_read_radix(&b, mp15, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp1415) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp1415);
+        res = 1;
+    }
+    mp_read_radix(&a, mp21, 10);
+    mp_read_radix(&b, mp21, 10);
+
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 10);
+
+    if (strcmp(g_intbuf, p_mp2121) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp2121);
+        res = 1;
+        goto CLEANUP;
+    }
+
+CLEANUP:
+    mp_clear(&a);
+    mp_clear(&b);
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sqr(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp2, 16);
+
+    mp_sqr(&a, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, p_mp22) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp22);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div_d(void)
+{
+    mp_int a, q;
+    mp_digit r;
+    int err = 0;
+
+    mp_init(&a);
+    mp_init(&q);
+    mp_read_radix(&a, mp3, 16);
+
+    IFOK(mp_div_d(&a, md6, &q, &r));
+    mp_toradix(&q, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp3d6) != 0) {
+        reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp3d6);
+        ++err;
+    }
+
+    sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+
+    if (strcmp(g_intbuf, r_mp3d6) != 0) {
+        reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp3d6);
+        ++err;
+    }
+
+    mp_read_radix(&a, mp9, 16);
+    IFOK(mp_div_d(&a, 16, &q, &r));
+    mp_toradix(&q, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp9c16) != 0) {
+        reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp9c16);
+        ++err;
+    }
+
+    sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+
+    if (strcmp(g_intbuf, r_mp9c16) != 0) {
+        reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp9c16);
+        ++err;
+    }
+
+    mp_clear(&a);
+    mp_clear(&q);
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div_2(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp7, 16);
+    IFOK(mp_div_2(&a, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, q_mp7c2) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, q_mp7c2);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div_2d(void)
+{
+    mp_int a, q, r;
+
+    mp_init(&q);
+    mp_init(&r);
+    mp_init(&a);
+    mp_read_radix(&a, mp13, 16);
+
+    IFOK(mp_div_2d(&a, 64, &q, &r));
+    mp_clear(&a);
+
+    mp_toradix(&q, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp13c) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, q_mp13c);
+        mp_clear(&q);
+        mp_clear(&r);
+        return 1;
+    }
+
+    mp_clear(&q);
+
+    mp_toradix(&r, g_intbuf, 16);
+    if (strcmp(g_intbuf, r_mp13c) != 0) {
+        reason("error, computed %s, expected %s\n", g_intbuf, r_mp13c);
+        mp_clear(&r);
+        return 1;
+    }
+
+    mp_clear(&r);
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div(void)
+{
+    mp_int a, b, r;
+    int err = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&r);
+
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&b, mp2, 16);
+    IFOK(mp_div(&a, &b, &a, &r));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp42) != 0) {
+        reason("error: test 1 computed quot %s, expected %s\n", g_intbuf, q_mp42);
+        ++err;
+    }
+
+    mp_toradix(&r, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, r_mp42) != 0) {
+        reason("error: test 1 computed rem %s, expected %s\n", g_intbuf, r_mp42);
+        ++err;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&b, mp5a, 16);
+    IFOK(mp_div(&a, &b, &a, &r));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp45a) != 0) {
+        reason("error: test 2 computed quot %s, expected %s\n", g_intbuf, q_mp45a);
+        ++err;
+    }
+
+    mp_toradix(&r, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, r_mp45a) != 0) {
+        reason("error: test 2 computed rem %s, expected %s\n", g_intbuf, r_mp45a);
+        ++err;
+    }
+
+    mp_read_radix(&a, mp14, 16);
+    mp_read_radix(&b, mp4, 16);
+    IFOK(mp_div(&a, &b, &a, &r));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp1404) != 0) {
+        reason("error: test 3 computed quot %s, expected %s\n", g_intbuf, q_mp1404);
+        ++err;
+    }
+
+    mp_toradix(&r, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, r_mp1404) != 0) {
+        reason("error: test 3 computed rem %s, expected %s\n", g_intbuf, r_mp1404);
+        ++err;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&r);
+
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_expt_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp5, 16);
+    mp_expt_d(&a, md9, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, e_mp5d9) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, e_mp5d9);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_expt(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp7, 16);
+    mp_read_radix(&b, mp8, 16);
+
+    mp_expt(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+
+    if (strcmp(g_intbuf, e_mp78) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, e_mp78);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_2expt(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_2expt(&a, md3);
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+
+    if (strcmp(g_intbuf, e_mpc2d3) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, e_mpc2d3);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mod_d(void)
+{
+    mp_int a;
+    mp_digit r;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp5, 16);
+    IFOK(mp_mod_d(&a, md5, &r));
+    sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+    mp_clear(&a);
+
+    if (strcmp(g_intbuf, r_mp5d5) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, r_mp5d5);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mod(void)
+{
+    mp_int a, m;
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&m, mp7, 16);
+    IFOK(mp_mod(&a, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, r_mp47) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, r_mp47);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_addmod(void)
+{
+    mp_int a, b, m;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_addmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, ms_mp345) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, ms_mp345);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_submod(void)
+{
+    mp_int a, b, m;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_submod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, md_mp345) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, md_mp345);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mulmod(void)
+{
+    mp_int a, b, m;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_mulmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, mp_mp345) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, mp_mp345);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sqrmod(void)
+{
+    mp_int a, m;
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_sqrmod(&a, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, mp_mp335) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, mp_mp335);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_exptmod(void)
+{
+    mp_int a, b, m;
+    int res = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp8, 16);
+    mp_read_radix(&b, mp1, 16);
+    mp_read_radix(&m, mp7, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp817) != 0) {
+        reason("case 1: error: computed %s, expected %s\n", g_intbuf, me_mp817);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp5, 16);
+    mp_read_radix(&m, mp12, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp1512) != 0) {
+        reason("case 2: error: computed %s, expected %s\n", g_intbuf, me_mp1512);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&b, mp1, 16);
+    mp_read_radix(&m, mp14, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp5114) != 0) {
+        reason("case 3: error: computed %s, expected %s\n", g_intbuf, me_mp5114);
+        res = 1;
+    }
+
+    mp_read_radix(&a, mp16, 16);
+    mp_read_radix(&b, mp17, 16);
+    mp_read_radix(&m, mp18, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp161718) != 0) {
+        reason("case 4: error: computed %s, expected %s\n", g_intbuf, me_mp161718);
+        res = 1;
+    }
+
+CLEANUP:
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_exptmod_d(void)
+{
+    mp_int a, m;
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&m, mp7, 16);
+
+    IFOK(mp_exptmod_d(&a, md4, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, me_mp5d47) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, me_mp5d47);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_invmod(void)
+{
+    mp_int a, m, c;
+    mp_int p1, p2, p3, p4, p5;
+    mp_int t1, t2, t3, t4;
+    mp_err res;
+
+    /* 5 128-bit primes. */
+    static const char ivp1[] = { "AAD8A5A2A2BEF644BAEE7DB0CA643719" };
+    static const char ivp2[] = { "CB371AD2B79A90BCC88D0430663E40B9" };
+    static const char ivp3[] = { "C6C818D4DF2618406CA09280C0400099" };
+    static const char ivp4[] = { "CE949C04512E68918006B1F0D7E93F27" };
+    static const char ivp5[] = { "F8EE999B6416645040687440E0B89F51" };
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp2, 16);
+    mp_read_radix(&m, mp7, 16);
+
+    IFOK(mp_invmod(&a, &m, &a));
+
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, i_mp27) != 0) {
+        reason("error: invmod test 1 computed %s, expected %s\n", g_intbuf, i_mp27);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp20, 16);
+    mp_read_radix(&m, mp19, 16);
+
+    IFOK(mp_invmod(&a, &m, &a));
+
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, i_mp2019) != 0) {
+        reason("error: invmod test 2 computed %s, expected %s\n", g_intbuf, i_mp2019);
+        return 1;
+    }
+
+    /* Need the following test cases:
+      Odd modulus
+        - a is odd,      relatively prime to m
+        - a is odd,  not relatively prime to m
+        - a is even,     relatively prime to m
+        - a is even, not relatively prime to m
+      Even modulus
+        - a is even  (should fail)
+        - a is odd,  not relatively prime to m
+        - a is odd,      relatively prime to m,
+          m is not a power of 2
+        - m has factor 2**k, k < 32
+        - m has factor 2**k, k > 32
+          m is a power of 2, 2**k
+        - k < 32
+        - k > 32
+    */
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_init(&c);
+    mp_init(&p1);
+    mp_init(&p2);
+    mp_init(&p3);
+    mp_init(&p4);
+    mp_init(&p5);
+    mp_init(&t1);
+    mp_init(&t2);
+    mp_init(&t3);
+    mp_init(&t4);
+
+    mp_read_radix(&p1, ivp1, 16);
+    mp_read_radix(&p2, ivp2, 16);
+    mp_read_radix(&p3, ivp3, 16);
+    mp_read_radix(&p4, ivp4, 16);
+    mp_read_radix(&p5, ivp5, 16);
+
+    IFOK(mp_2expt(&t2, 68));  /* t2 = 2**68 */
+    IFOK(mp_2expt(&t3, 128)); /* t3 = 2**128 */
+    IFOK(mp_2expt(&t4, 31));  /* t4 = 2**31 */
+
+    /* test 3: Odd modulus - a is odd, relatively prime to m */
+
+    IFOK(mp_mul(&p1, &p2, &a));
+    IFOK(mp_mul(&p3, &p4, &m));
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 3 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&a);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 4: Odd modulus - a is odd, NOT relatively prime to m */
+
+    IFOK(mp_mul(&p1, &p3, &a));
+    /* reuse same m as before */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP4;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP4:
+        reason("error: invmod test 4 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&a);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 5: Odd modulus - a is even, relatively prime to m */
+
+    IFOK(mp_mul(&p1, &t2, &a));
+    /* reuse m */
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 5 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&a);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 6: Odd modulus - a is odd, NOT relatively prime to m */
+
+    /* reuse t2 */
+    IFOK(mp_mul(&t2, &p3, &a));
+    /* reuse same m as before */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP6;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP6:
+        reason("error: invmod test 6 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&m);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_init(&a);
+    mp_init(&m);
+    mp_init(&c);
+    mp_init(&t1);
+
+    /* test 7: Even modulus, even a, should fail */
+
+    IFOK(mp_mul(&p3, &t3, &m)); /* even m */
+    /* reuse t2 */
+    IFOK(mp_mul(&p1, &t2, &a)); /* even a */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP7;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP7:
+        reason("error: invmod test 7 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_init(&a);
+    mp_init(&c);
+    mp_init(&t1);
+
+    /* test 8: Even modulus    - a is odd,  not relatively prime to m */
+
+    /* reuse m */
+    IFOK(mp_mul(&p3, &p1, &a)); /* even a */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP8;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP8:
+        reason("error: invmod test 8 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&m);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_init(&a);
+    mp_init(&m);
+    mp_init(&c);
+    mp_init(&t1);
+
+    /* test 9: Even modulus    - m has factor 2**k, k < 32
+     *                     - a is odd, relatively prime to m,
+     */
+    IFOK(mp_mul(&p3, &t4, &m)); /* even m */
+    IFOK(mp_mul(&p1, &p2, &a));
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 9 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&m);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&m);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 10: Even modulus    - m has factor 2**k, k > 32
+     *                      - a is odd, relatively prime to m,
+     */
+    IFOK(mp_mul(&p3, &t3, &m)); /* even m */
+    /* reuse a */
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 10 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 11: Even modulus    - m is a power of 2, 2**k | k < 32
+     *                          - a is odd, relatively prime to m,
+     */
+    IFOK(mp_invmod(&a, &t4, &t1));
+    IFOK(mp_invmod_xgcd(&a, &t4, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 11 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 12: Even modulus    - m is a power of 2, 2**k | k > 32
+     *                          - a is odd, relatively prime to m,
+     */
+    IFOK(mp_invmod(&a, &t3, &t1));
+    IFOK(mp_invmod_xgcd(&a, &t3, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 12 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&m);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_clear(&t2);
+    mp_clear(&t3);
+    mp_clear(&t4);
+    mp_clear(&p1);
+    mp_clear(&p2);
+    mp_clear(&p3);
+    mp_clear(&p4);
+    mp_clear(&p5);
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp8, 16);
+
+    if (mp_cmp_d(&a, md8) >= 0) {
+        reason("error: %s >= " DIGIT_FMT "\n", mp8, md8);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+
+    if (mp_cmp_d(&a, md8) <= 0) {
+        reason("error: %s <= " DIGIT_FMT "\n", mp5, md8);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp6, 16);
+
+    if (mp_cmp_d(&a, md1) != 0) {
+        reason("error: %s != " DIGIT_FMT "\n", mp6, md1);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp_z(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp6, 16);
+
+    if (mp_cmp_z(&a) != 0) {
+        reason("error: someone thinks a zero value is non-zero\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp1, 16);
+
+    if (mp_cmp_z(&a) <= 0) {
+        reason("error: someone thinks a positive value is non-positive\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+
+    if (mp_cmp_z(&a) >= 0) {
+        reason("error: someone thinks a negative value is non-negative\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+
+    if (mp_cmp(&a, &b) <= 0) {
+        reason("error: %s <= %s\n", mp3, mp4);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&b, mp3, 16);
+    if (mp_cmp(&a, &b) != 0) {
+        reason("error: %s != %s\n", mp3, mp3);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+    if (mp_cmp(&a, &b) >= 0) {
+        reason("error: %s >= %s\n", mp5, mp3);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp_mag(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&b, mp4, 16);
+
+    if (mp_cmp_mag(&a, &b) >= 0) {
+        reason("error: %s >= %s\n", mp5, mp4);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&b, mp5, 16);
+    if (mp_cmp_mag(&a, &b) != 0) {
+        reason("error: %s != %s\n", mp5, mp5);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp1, 16);
+    if (mp_cmp_mag(&b, &a) >= 0) {
+        reason("error: %s >= %s\n", mp5, mp1);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_parity(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp1, 16);
+
+    if (!mp_isodd(&a)) {
+        reason("error: expected operand to be odd, but it isn't\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp6, 16);
+
+    if (!mp_iseven(&a)) {
+        reason("error: expected operand to be even, but it isn't\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_gcd(void)
+{
+    mp_int a, b;
+    int out = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp7, 16);
+    mp_read_radix(&b, mp1, 16);
+
+    mp_gcd(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, g_mp71) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, g_mp71);
+        out = 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return out;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_lcm(void)
+{
+    mp_int a, b;
+    int out = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp10, 16);
+    mp_read_radix(&b, mp11, 16);
+
+    mp_lcm(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, l_mp1011) != 0) {
+        reason("error: computed %s, expected%s\n", g_intbuf, l_mp1011);
+        out = 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+
+    return out;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_convert(void)
+{
+    int ix;
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp9, 16);
+
+    for (ix = LOW_RADIX; ix <= HIGH_RADIX; ix++) {
+        mp_toradix(&a, g_intbuf, ix);
+
+        if (strcmp(g_intbuf, v_mp9[ix - LOW_RADIX]) != 0) {
+            reason("error: radix %d, computed %s, expected %s\n",
+                   ix, g_intbuf, v_mp9[ix - LOW_RADIX]);
+            mp_clear(&a);
+            return 1;
+        }
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_raw(void)
+{
+    int len, out = 0;
+    mp_int a;
+    char *buf;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp4, 16);
+
+    len = mp_raw_size(&a);
+    if (len != sizeof(b_mp4)) {
+        reason("error: test_raw: expected length %d, computed %d\n", sizeof(b_mp4),
+               len);
+        mp_clear(&a);
+        return 1;
+    }
+
+    buf = calloc(len, sizeof(char));
+    mp_toraw(&a, buf);
+
+    if (memcmp(buf, b_mp4, sizeof(b_mp4)) != 0) {
+        reason("error: test_raw: binary output does not match test vector\n");
+        out = 1;
+    }
+
+    free(buf);
+    mp_clear(&a);
+
+    return out;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_pprime(void)
+{
+    mp_int p;
+    int err = 0;
+    mp_err res;
+
+    mp_init(&p);
+    mp_read_radix(&p, mp7, 16);
+
+    if (mpp_pprime(&p, 5) != MP_YES) {
+        reason("error: %s failed Rabin-Miller test, but is prime\n", mp7);
+        err = 1;
+    }
+
+    IFOK(mp_set_int(&p, 9));
+    res = mpp_pprime(&p, 50);
+    if (res == MP_YES) {
+        reason("error: 9 is composite but passed Rabin-Miller test\n");
+        err = 1;
+    } else if (res != MP_NO) {
+        reason("test mpp_pprime(9, 50) failed: error %d\n", res);
+        err = 1;
+    }
+
+    IFOK(mp_set_int(&p, 15));
+    res = mpp_pprime(&p, 50);
+    if (res == MP_YES) {
+        reason("error: 15 is composite but passed Rabin-Miller test\n");
+        err = 1;
+    } else if (res != MP_NO) {
+        reason("test mpp_pprime(15, 50) failed: error %d\n", res);
+        err = 1;
+    }
+
+    mp_clear(&p);
+
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_fermat(void)
+{
+    mp_int p;
+    mp_err res;
+    int err = 0;
+
+    mp_init(&p);
+    mp_read_radix(&p, mp7, 16);
+
+    if ((res = mpp_fermat(&p, 2)) != MP_YES) {
+        reason("error: %s failed Fermat test on 2: %s\n", mp7,
+               mp_strerror(res));
+        ++err;
+    }
+
+    if ((res = mpp_fermat(&p, 3)) != MP_YES) {
+        reason("error: %s failed Fermat test on 3: %s\n", mp7,
+               mp_strerror(res));
+        ++err;
+    }
+
+    mp_clear(&p);
+
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+/* Like fprintf(), but only if we are behaving in a verbose manner        */
+
+void
+reason(char *fmt, ...)
+{
+    va_list ap;
+
+    if (!g_verbose)
+        return;
+
+    va_start(ap, fmt);
+    vfprintf(stderr, fmt, ap);
+    va_end(ap);
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/cmd/mpitests/mpitests.gyp b/nss/cmd/mpitests/mpitests.gyp
new file mode 100644
index 0000000..e594e17
--- /dev/null
+++ b/nss/cmd/mpitests/mpitests.gyp
@@ -0,0 +1,39 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'mpi_tests',
+      'type': 'executable',
+      'sources': [
+        'mpi-test.c',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '<(DEPTH)/lib/freebl/mpi',
+      '<(DEPTH)/lib/util',
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/cmd/mpitests/test-info.c b/nss/cmd/mpitests/test-info.c
new file mode 100644
index 0000000..66386ff
--- /dev/null
+++ b/nss/cmd/mpitests/test-info.c
@@ -0,0 +1,157 @@
+/*
+ *  test-info.c
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Table mapping test suite names to index numbers */
+const int g_count = 41;
+const char *g_names[] = {
+    "list",              /* print out a list of the available test suites */
+    "copy",              /* test assignment of mp-int structures          */
+    "exchange",          /* test exchange of mp-int structures            */
+    "zero",              /* test zeroing of an mp-int                     */
+    "set",               /* test setting an mp-int to a small constant    */
+    "absolute-value",    /* test the absolute value function              */
+    "negate",            /* test the arithmetic negation function         */
+    "add-digit",         /* test digit addition                           */
+    "add",               /* test full addition                            */
+    "subtract-digit",    /* test digit subtraction                        */
+    "subtract",          /* test full subtraction                         */
+    "multiply-digit",    /* test digit multiplication                     */
+    "multiply",          /* test full multiplication                      */
+    "square",            /* test full squaring function                   */
+    "divide-digit",      /* test digit division                           */
+    "divide-2",          /* test division by two                          */
+    "divide-2d",         /* test division & remainder by 2^d              */
+    "divide",            /* test full division                            */
+    "expt-digit",        /* test digit exponentiation                     */
+    "expt",              /* test full exponentiation                      */
+    "expt-2",            /* test power-of-two exponentiation              */
+    "modulo-digit",      /* test digit modular reduction                  */
+    "modulo",            /* test full modular reduction                   */
+    "mod-add",           /* test modular addition                         */
+    "mod-subtract",      /* test modular subtraction                      */
+    "mod-multiply",      /* test modular multiplication                   */
+    "mod-square",        /* test modular squaring function                */
+    "mod-expt",          /* test full modular exponentiation              */
+    "mod-expt-digit",    /* test digit modular exponentiation             */
+    "mod-inverse",       /* test modular inverse function                 */
+    "compare-digit",     /* test digit comparison function                */
+    "compare-zero",      /* test zero comparison function                 */
+    "compare",           /* test general signed comparison                */
+    "compare-magnitude", /* test general magnitude comparison             */
+    "parity",            /* test parity comparison functions              */
+    "gcd",               /* test greatest common divisor functions        */
+    "lcm",               /* test least common multiple function           */
+    "conversion",        /* test general radix conversion facilities      */
+    "binary",            /* test raw output format                        */
+    "pprime",            /* test probabilistic primality tester           */
+    "fermat"             /* test Fermat pseudoprimality tester            */
+};
+
+/* Test function prototypes */
+int test_list(void);
+int test_copy(void);
+int test_exch(void);
+int test_zero(void);
+int test_set(void);
+int test_abs(void);
+int test_neg(void);
+int test_add_d(void);
+int test_add(void);
+int test_sub_d(void);
+int test_sub(void);
+int test_mul_d(void);
+int test_mul(void);
+int test_sqr(void);
+int test_div_d(void);
+int test_div_2(void);
+int test_div_2d(void);
+int test_div(void);
+int test_expt_d(void);
+int test_expt(void);
+int test_2expt(void);
+int test_mod_d(void);
+int test_mod(void);
+int test_addmod(void);
+int test_submod(void);
+int test_mulmod(void);
+int test_sqrmod(void);
+int test_exptmod(void);
+int test_exptmod_d(void);
+int test_invmod(void);
+int test_cmp_d(void);
+int test_cmp_z(void);
+int test_cmp(void);
+int test_cmp_mag(void);
+int test_parity(void);
+int test_gcd(void);
+int test_lcm(void);
+int test_convert(void);
+int test_raw(void);
+int test_pprime(void);
+int test_fermat(void);
+
+/* Table mapping index numbers to functions */
+int (*g_tests[])(void) = {
+    test_list, test_copy, test_exch, test_zero,
+    test_set, test_abs, test_neg, test_add_d,
+    test_add, test_sub_d, test_sub, test_mul_d,
+    test_mul, test_sqr, test_div_d, test_div_2,
+    test_div_2d, test_div, test_expt_d, test_expt,
+    test_2expt, test_mod_d, test_mod,
+    test_addmod, test_submod, test_mulmod, test_sqrmod,
+    test_exptmod, test_exptmod_d, test_invmod, test_cmp_d,
+    test_cmp_z, test_cmp, test_cmp_mag, test_parity,
+    test_gcd, test_lcm, test_convert, test_raw,
+    test_pprime, test_fermat
+};
+
+/* Table mapping index numbers to descriptions */
+const char *g_descs[] = {
+    "print out a list of the available test suites",
+    "test assignment of mp-int structures",
+    "test exchange of mp-int structures",
+    "test zeroing of an mp-int",
+    "test setting an mp-int to a small constant",
+    "test the absolute value function",
+    "test the arithmetic negation function",
+    "test digit addition",
+    "test full addition",
+    "test digit subtraction",
+    "test full subtraction",
+    "test digit multiplication",
+    "test full multiplication",
+    "test full squaring function",
+    "test digit division",
+    "test division by two",
+    "test division & remainder by 2^d",
+    "test full division",
+    "test digit exponentiation",
+    "test full exponentiation",
+    "test power-of-two exponentiation",
+    "test digit modular reduction",
+    "test full modular reduction",
+    "test modular addition",
+    "test modular subtraction",
+    "test modular multiplication",
+    "test modular squaring function",
+    "test full modular exponentiation",
+    "test digit modular exponentiation",
+    "test modular inverse function",
+    "test digit comparison function",
+    "test zero comparison function",
+    "test general signed comparison",
+    "test general magnitude comparison",
+    "test parity comparison functions",
+    "test greatest common divisor functions",
+    "test least common multiple function",
+    "test general radix conversion facilities",
+    "test raw output format",
+    "test probabilistic primality tester",
+    "test Fermat pseudoprimality tester"
+};
diff --git a/nss/cmd/multinit/Makefile b/nss/cmd/multinit/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/multinit/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/multinit/manifest.mn b/nss/cmd/multinit/manifest.mn
new file mode 100644
index 0000000..a86adc8
--- /dev/null
+++ b/nss/cmd/multinit/manifest.mn
@@ -0,0 +1,13 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = multinit.c
+
+PROGRAM	= multinit
diff --git a/nss/cmd/multinit/multinit.c b/nss/cmd/multinit/multinit.c
new file mode 100644
index 0000000..a57c481
--- /dev/null
+++ b/nss/cmd/multinit/multinit.c
@@ -0,0 +1,881 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "nss.h"
+#include "secutil.h"
+#include "pk11pub.h"
+#include "cert.h"
+
+typedef struct commandDescriptStr {
+    int required;
+    char *arg;
+    char *des;
+} commandDescript;
+
+enum optionNames {
+    opt_liborder = 0,
+    opt_mainDB,
+    opt_lib1DB,
+    opt_lib2DB,
+    opt_mainRO,
+    opt_lib1RO,
+    opt_lib2RO,
+    opt_mainCMD,
+    opt_lib1CMD,
+    opt_lib2CMD,
+    opt_mainTokNam,
+    opt_lib1TokNam,
+    opt_lib2TokNam,
+    opt_oldStyle,
+    opt_verbose,
+    opt_summary,
+    opt_help,
+    opt_last
+};
+
+static const secuCommandFlag options_init[] =
+    {
+      { /* opt_liborder */ 'o', PR_TRUE, "1M2zmi", PR_TRUE, "order" },
+      { /* opt_mainDB */ 'd', PR_TRUE, 0, PR_FALSE, "main_db" },
+      { /* opt_lib1DB */ '1', PR_TRUE, 0, PR_FALSE, "lib1_db" },
+      { /* opt_lib2DB */ '2', PR_TRUE, 0, PR_FALSE, "lib2_db" },
+      { /* opt_mainRO */ 'r', PR_FALSE, 0, PR_FALSE, "main_readonly" },
+      { /* opt_lib1RO */ 0, PR_FALSE, 0, PR_FALSE, "lib1_readonly" },
+      { /* opt_lib2RO */ 0, PR_FALSE, 0, PR_FALSE, "lib2_readonly" },
+      { /* opt_mainCMD */ 'c', PR_TRUE, 0, PR_FALSE, "main_command" },
+      { /* opt_lib1CMD */ 0, PR_TRUE, 0, PR_FALSE, "lib1_command" },
+      { /* opt_lib2CMD */ 0, PR_TRUE, 0, PR_FALSE, "lib2_command" },
+      { /* opt_mainTokNam */ 't', PR_TRUE, 0, PR_FALSE, "main_token_name" },
+      { /* opt_lib1TokNam */ 0, PR_TRUE, 0, PR_FALSE, "lib1_token_name" },
+      { /* opt_lib2TokNam */ 0, PR_TRUE, 0, PR_FALSE, "lib2_token_name" },
+      { /* opt_oldStype */ 's', PR_FALSE, 0, PR_FALSE, "oldStype" },
+      { /* opt_verbose */ 'v', PR_FALSE, 0, PR_FALSE, "verbose" },
+      { /* opt_summary */ 'z', PR_FALSE, 0, PR_FALSE, "summary" },
+      { /* opt_help */ 'h', PR_FALSE, 0, PR_FALSE, "help" }
+    };
+
+static const commandDescript options_des[] =
+    {
+      { /* opt_liborder */ PR_FALSE, "initOrder",
+        " Specifies the order of NSS initialization and shutdown. Order is\n"
+        " given as a string where each character represents either an init or\n"
+        " a shutdown of the main program or one of the 2 test libraries\n"
+        " (library 1 and library 2). The valid characters are as follows:\n"
+        "   M Init the main program\n   1 Init library 1\n"
+        "   2 Init library 2\n"
+        "   m Shutdown the main program\n   i Shutdown library 1\n"
+        "   z Shutdown library 2\n" },
+      { /* opt_mainDB */ PR_TRUE, "nss_db",
+        " Specified the directory to open the nss database for the main\n"
+        " program. Must be specified if \"M\" is given in the order string\n" },
+      { /* opt_lib1DB */ PR_FALSE, "nss_db",
+        " Specified the directory to open the nss database for library 1.\n"
+        " Must be specified if \"1\" is given in the order string\n" },
+      { /* opt_lib2DB */ PR_FALSE, "nss_db",
+        " Specified the directory to open the nss database for library 2.\n"
+        " Must be specified if \"2\" is given in the order string\n" },
+      { /* opt_mainRO */ PR_FALSE, NULL,
+        " Open the main program's database read only.\n" },
+      { /* opt_lib1RO */ PR_FALSE, NULL,
+        " Open library 1's database read only.\n" },
+      { /* opt_lib2RO */ PR_FALSE, NULL,
+        " Open library 2's database read only.\n" },
+      { /* opt_mainCMD */ PR_FALSE, "nss_command",
+        " Specifies the NSS command to execute in the main program.\n"
+        " Valid commands are: \n"
+        "   key_slot, list_slots, list_certs, add_cert, none.\n"
+        " Default is \"none\".\n" },
+      { /* opt_lib1CMD */ PR_FALSE, "nss_command",
+        " Specifies the NSS command to execute in library 1.\n" },
+      { /* opt_lib2CMD */ PR_FALSE, "nss_command",
+        " Specifies the NSS command to execute in library 2.\n" },
+      { /* opt_mainTokNam */ PR_FALSE, "token_name",
+        " Specifies the name of PKCS11 token for the main program's "
+        "database.\n" },
+      { /* opt_lib1TokNam */ PR_FALSE, "token_name",
+        " Specifies the name of PKCS11 token for library 1's database.\n" },
+      { /* opt_lib2TokNam */ PR_FALSE, "token_name",
+        " Specifies the name of PKCS11 token for library 2's database.\n" },
+      { /* opt_oldStype */ PR_FALSE, NULL,
+        " Use NSS_Shutdown rather than NSS_ShutdownContext in the main\n"
+        " program.\n" },
+      { /* opt_verbose */ PR_FALSE, NULL,
+        " Noisily output status to standard error\n" },
+      { /* opt_summarize */ PR_FALSE, NULL,
+        "report a summary of the test results\n" },
+      { /* opt_help */ PR_FALSE, NULL, " give this message\n" }
+    };
+
+/*
+ * output our short help (table driven). (does not exit).
+ */
+static void
+short_help(const char *prog)
+{
+    int count = opt_last;
+    int i, words_found;
+
+    /* make sure all the tables are up to date before we allow compiles to
+     * succeed */
+    PR_STATIC_ASSERT(sizeof(options_init) / sizeof(secuCommandFlag) == opt_last);
+    PR_STATIC_ASSERT(sizeof(options_init) / sizeof(secuCommandFlag) ==
+                     sizeof(options_des) / sizeof(commandDescript));
+
+    /* print the base usage */
+    fprintf(stderr, "usage: %s ", prog);
+    for (i = 0, words_found = 0; i < count; i++) {
+        if (!options_des[i].required) {
+            fprintf(stderr, "[");
+        }
+        if (options_init[i].longform) {
+            fprintf(stderr, "--%s", options_init[i].longform);
+            words_found++;
+        } else {
+            fprintf(stderr, "-%c", options_init[i].flag);
+        }
+        if (options_init[i].needsArg) {
+            if (options_des[i].arg) {
+                fprintf(stderr, " %s", options_des[i].arg);
+            } else {
+                fprintf(stderr, " arg");
+            }
+            words_found++;
+        }
+        if (!options_des[i].required) {
+            fprintf(stderr, "]");
+        }
+        if (i < count - 1) {
+            if (words_found >= 5) {
+                fprintf(stderr, "\n      ");
+                words_found = 0;
+            } else {
+                fprintf(stderr, " ");
+            }
+        }
+    }
+    fprintf(stderr, "\n");
+}
+
+/*
+ * print out long help. like short_help, this does not exit
+ */
+static void
+long_help(const char *prog)
+{
+    int i;
+    int count = opt_last;
+
+    short_help(prog);
+    /* print the option descriptions */
+    fprintf(stderr, "\n");
+    for (i = 0; i < count; i++) {
+        fprintf(stderr, "        ");
+        if (options_init[i].flag) {
+            fprintf(stderr, "-%c", options_init[i].flag);
+            if (options_init[i].longform) {
+                fprintf(stderr, ",");
+            }
+        }
+        if (options_init[i].longform) {
+            fprintf(stderr, "--%s", options_init[i].longform);
+        }
+        if (options_init[i].needsArg) {
+            if (options_des[i].arg) {
+                fprintf(stderr, " %s", options_des[i].arg);
+            } else {
+                fprintf(stderr, " arg");
+            }
+            if (options_init[i].arg) {
+                fprintf(stderr, " (default = \"%s\")", options_init[i].arg);
+            }
+        }
+        fprintf(stderr, "\n%s", options_des[i].des);
+    }
+}
+
+/*
+ * record summary data
+ */
+struct bufferData {
+    char *data; /* lowest address of the buffer */
+    char *next; /* pointer to the next element on the buffer */
+    int len;    /* length of the buffer */
+};
+
+/* our actual buffer. If data is NULL, then all append ops
+ * except are noops */
+static struct bufferData buffer = { NULL, NULL, 0 };
+
+#define CHUNK_SIZE 1000
+
+/*
+ * get our initial data. and set the buffer variables up. on failure,
+ * just don't initialize the buffer.
+ */
+static void
+initBuffer(void)
+{
+    buffer.data = PORT_Alloc(CHUNK_SIZE);
+    if (!buffer.data) {
+        return;
+    }
+    buffer.next = buffer.data;
+    buffer.len = CHUNK_SIZE;
+}
+
+/*
+ * grow the buffer. If we can't get more data, record a 'D' in the second
+ * to last record and allow the rest of the data to overwrite the last
+ * element.
+ */
+static void
+growBuffer(void)
+{
+    char *new = PORT_Realloc(buffer.data, buffer.len + CHUNK_SIZE);
+    if (!new) {
+        buffer.data[buffer.len - 2] = 'D'; /* signal malloc failure in summary */
+        /* buffer must always point to good memory if it exists */
+        buffer.next = buffer.data + (buffer.len - 1);
+        return;
+    }
+    buffer.next = new + (buffer.next - buffer.data);
+    buffer.data = new;
+    buffer.len += CHUNK_SIZE;
+}
+
+/*
+ * append a label, doubles as appending a single character.
+ */
+static void
+appendLabel(char label)
+{
+    if (!buffer.data) {
+        return;
+    }
+
+    *buffer.next++ = label;
+    if (buffer.data + buffer.len >= buffer.next) {
+        growBuffer();
+    }
+}
+
+/*
+ * append a string onto the buffer. The result will be <string>
+ */
+static void
+appendString(char *string)
+{
+    if (!buffer.data) {
+        return;
+    }
+
+    appendLabel('<');
+    while (*string) {
+        appendLabel(*string++);
+    }
+    appendLabel('>');
+}
+
+/*
+ * append a bool, T= true, F=false
+ */
+static void
+appendBool(PRBool bool)
+{
+    if (!buffer.data) {
+        return;
+    }
+
+    if (bool) {
+        appendLabel('t');
+    } else {
+        appendLabel('f');
+    }
+}
+
+/*
+ * append a single hex nibble.
+ */
+static void
+appendHex(unsigned char nibble)
+{
+    if (nibble <= 9) {
+        appendLabel('0' + nibble);
+    } else {
+        appendLabel('a' + nibble - 10);
+    }
+}
+
+/*
+ * append a 32 bit integer (even on a 64 bit platform).
+ * for simplicity append it as a hex value, full extension with 0x prefix.
+ */
+static void
+appendInt(unsigned int value)
+{
+    int i;
+
+    if (!buffer.data) {
+        return;
+    }
+
+    appendLabel('0');
+    appendLabel('x');
+    value = value & 0xffffffff; /* only look at the buttom 8 bytes */
+    for (i = 0; i < 8; i++) {
+        appendHex(value >> 28);
+        value = value << 4;
+    }
+}
+
+/* append a trust flag */
+static void
+appendFlags(unsigned int flag)
+{
+    char trust[10];
+    char *cp = trust;
+
+    trust[0] = 0;
+    printflags(trust, flag);
+    while (*cp) {
+        appendLabel(*cp++);
+    }
+}
+
+/*
+ * dump our buffer out with a result= flag so we can find it easily.
+ * free the buffer as a side effect.
+ */
+static void
+dumpBuffer(void)
+{
+    if (!buffer.data) {
+        return;
+    }
+
+    appendLabel(0); /* terminate */
+    printf("\nresult=%s\n", buffer.data);
+    PORT_Free(buffer.data);
+    buffer.data = buffer.next = NULL;
+    buffer.len = 0;
+}
+
+/*
+ * usage, like traditional usage, automatically exit
+ */
+static void
+usage(const char *prog)
+{
+    short_help(prog);
+    dumpBuffer();
+    exit(1);
+}
+
+/*
+ * like usage, except prints the long version of help
+ */
+static void
+usage_long(const char *prog)
+{
+    long_help(prog);
+    dumpBuffer();
+    exit(1);
+}
+
+static const char *
+bool2String(PRBool bool)
+{
+    return bool ? "true" : "false";
+}
+
+/*
+ * print out interesting info about the given slot
+ */
+void
+print_slot(PK11SlotInfo *slot, int log)
+{
+    if (log) {
+        fprintf(stderr, "* Name=%s Token_Name=%s present=%s, ro=%s *\n",
+                PK11_GetSlotName(slot), PK11_GetTokenName(slot),
+                bool2String(PK11_IsPresent(slot)),
+                bool2String(PK11_IsReadOnly(slot)));
+    }
+    appendLabel('S');
+    appendString(PK11_GetTokenName(slot));
+    appendBool(PK11_IsPresent(slot));
+    appendBool(PK11_IsReadOnly(slot));
+}
+
+/*
+ * list all our slots
+ */
+void
+do_list_slots(const char *progName, int log)
+{
+    PK11SlotList *list;
+    PK11SlotListElement *le;
+
+    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, NULL);
+    if (list == NULL) {
+        fprintf(stderr, "ERROR: no tokens found %s\n",
+                SECU_Strerror(PORT_GetError()));
+        appendLabel('S');
+        appendString("none");
+        return;
+    }
+
+    for (le = PK11_GetFirstSafe(list); le;
+         le = PK11_GetNextSafe(list, le, PR_TRUE)) {
+        print_slot(le->slot, log);
+    }
+    PK11_FreeSlotList(list);
+}
+
+static PRBool
+sort_CN(CERTCertificate *certa, CERTCertificate *certb, void *arg)
+{
+    char *commonNameA, *commonNameB;
+    int ret;
+
+    commonNameA = CERT_GetCommonName(&certa->subject);
+    commonNameB = CERT_GetCommonName(&certb->subject);
+
+    if (commonNameA == NULL) {
+        PORT_Free(commonNameB);
+        return PR_TRUE;
+    }
+    if (commonNameB == NULL) {
+        PORT_Free(commonNameA);
+        return PR_FALSE;
+    }
+    ret = PORT_Strcmp(commonNameA, commonNameB);
+    PORT_Free(commonNameA);
+    PORT_Free(commonNameB);
+    return (ret < 0) ? PR_TRUE : PR_FALSE;
+}
+
+/*
+ * list all the certs
+ */
+void
+do_list_certs(const char *progName, int log)
+{
+    CERTCertList *list;
+    CERTCertList *sorted;
+    CERTCertListNode *node;
+    CERTCertTrust trust;
+    unsigned int i;
+
+    list = PK11_ListCerts(PK11CertListUnique, NULL);
+    if (list == NULL) {
+        fprintf(stderr, "ERROR: no certs found %s\n",
+                SECU_Strerror(PORT_GetError()));
+        appendLabel('C');
+        appendString("none");
+        return;
+    }
+
+    sorted = CERT_NewCertList();
+    if (sorted == NULL) {
+        fprintf(stderr, "ERROR: no certs found %s\n",
+                SECU_Strerror(PORT_GetError()));
+        appendLabel('C');
+        appendLabel('E');
+        appendInt(PORT_GetError());
+        return;
+    }
+
+    /* sort the list */
+    for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
+         node = CERT_LIST_NEXT(node)) {
+        CERT_AddCertToListSorted(sorted, node->cert, sort_CN, NULL);
+    }
+
+    for (node = CERT_LIST_HEAD(sorted); !CERT_LIST_END(node, sorted);
+         node = CERT_LIST_NEXT(node)) {
+        CERTCertificate *cert = node->cert;
+        char *commonName;
+
+        SECU_PrintCertNickname(node, stderr);
+        if (log) {
+            fprintf(stderr, "*	Slot=%s*\n", cert->slot ? PK11_GetTokenName(cert->slot)
+                                                        : "none");
+            fprintf(stderr, "*	Nickname=%s*\n", cert->nickname);
+            fprintf(stderr, "*	Subject=<%s>*\n", cert->subjectName);
+            fprintf(stderr, "*	Issuer=<%s>*\n", cert->issuerName);
+            fprintf(stderr, "*	SN=");
+            for (i = 0; i < cert->serialNumber.len; i++) {
+                if (i != 0)
+                    fprintf(stderr, ":");
+                fprintf(stderr, "%02x", cert->serialNumber.data[0]);
+            }
+            fprintf(stderr, " *\n");
+        }
+        appendLabel('C');
+        commonName = CERT_GetCommonName(&cert->subject);
+        appendString(commonName ? commonName : "*NoName*");
+        PORT_Free(commonName);
+        if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+            appendFlags(trust.sslFlags);
+            appendFlags(trust.emailFlags);
+            appendFlags(trust.objectSigningFlags);
+        }
+    }
+    CERT_DestroyCertList(list);
+}
+
+/*
+ * need to implement yet... try to add a new certificate
+ */
+void
+do_add_cert(const char *progName, int log)
+{
+    PORT_Assert(/* do_add_cert not implemented */ 0);
+}
+
+/*
+ * display the current key slot
+ */
+void
+do_key_slot(const char *progName, int log)
+{
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    if (!slot) {
+        fprintf(stderr, "ERROR: no internal key slot found %s\n",
+                SECU_Strerror(PORT_GetError()));
+        appendLabel('K');
+        appendLabel('S');
+        appendString("none");
+    }
+    print_slot(slot, log);
+    PK11_FreeSlot(slot);
+}
+
+/*
+ * execute some NSS command.
+ */
+void
+do_command(const char *label, int initialized, secuCommandFlag *command,
+           const char *progName, int log)
+{
+    char *command_string;
+    if (!initialized) {
+        return;
+    }
+
+    if (command->activated) {
+        command_string = command->arg;
+    } else {
+        command_string = "none";
+    }
+
+    if (log) {
+        fprintf(stderr, "*Executing nss command \"%s\" for %s*\n",
+                command_string, label);
+    }
+
+    /* do something */
+    if (PORT_Strcasecmp(command_string, "list_slots") == 0) {
+        do_list_slots(progName, log);
+    } else if (PORT_Strcasecmp(command_string, "list_certs") == 0) {
+        do_list_certs(progName, log);
+    } else if (PORT_Strcasecmp(command_string, "add_cert") == 0) {
+        do_add_cert(progName, log);
+    } else if (PORT_Strcasecmp(command_string, "key_slot") == 0) {
+        do_key_slot(progName, log);
+    } else if (PORT_Strcasecmp(command_string, "none") != 0) {
+        fprintf(stderr, ">> Unknown command (%s)\n", command_string);
+        appendLabel('E');
+        appendString("bc");
+        usage_long(progName);
+    }
+}
+
+/*
+ * functions do handle
+ * different library initializations.
+ */
+static int main_initialized;
+static int lib1_initialized;
+static int lib2_initialized;
+
+void
+main_Init(secuCommandFlag *db, secuCommandFlag *tokNam,
+          int readOnly, const char *progName, int log)
+{
+    SECStatus rv;
+    if (log) {
+        fprintf(stderr, "*NSS_Init for the main program*\n");
+    }
+    appendLabel('M');
+    if (!db->activated) {
+        fprintf(stderr, ">> No main_db has been specified\n");
+        usage(progName);
+    }
+    if (main_initialized) {
+        fprintf(stderr, "Warning: Second initialization of Main\n");
+        appendLabel('E');
+        appendString("2M");
+    }
+    if (tokNam->activated) {
+        PK11_ConfigurePKCS11(NULL, NULL, NULL, tokNam->arg,
+                             NULL, NULL, NULL, NULL, 0, 0);
+    }
+    rv = NSS_Initialize(db->arg, "", "", "",
+                        NSS_INIT_NOROOTINIT |
+                            (readOnly ? NSS_INIT_READONLY : 0));
+    if (rv != SECSuccess) {
+        appendLabel('E');
+        appendInt(PORT_GetError());
+        fprintf(stderr, ">> %s\n", SECU_Strerror(PORT_GetError()));
+        dumpBuffer();
+        exit(1);
+    }
+    main_initialized = 1;
+}
+
+void
+main_Do(secuCommandFlag *command, const char *progName, int log)
+{
+    do_command("main", main_initialized, command, progName, log);
+}
+
+void
+main_Shutdown(int old_style, const char *progName, int log)
+{
+    SECStatus rv;
+    appendLabel('N');
+    if (log) {
+        fprintf(stderr, "*NSS_Shutdown for the main program*\n");
+    }
+    if (!main_initialized) {
+        fprintf(stderr, "Warning: Main shutdown without corresponding init\n");
+    }
+    if (old_style) {
+        rv = NSS_Shutdown();
+    } else {
+        rv = NSS_ShutdownContext(NULL);
+    }
+    fprintf(stderr, "Shutdown main state = %d\n", rv);
+    if (rv != SECSuccess) {
+        appendLabel('E');
+        appendInt(PORT_GetError());
+        fprintf(stderr, "ERROR: %s\n", SECU_Strerror(PORT_GetError()));
+    }
+    main_initialized = 0;
+}
+
+/* common library init */
+NSSInitContext *
+lib_Init(const char *lableString, char label, int initialized,
+         secuCommandFlag *db, secuCommandFlag *tokNam, int readonly,
+         const char *progName, int log)
+{
+    NSSInitContext *ctxt;
+    NSSInitParameters initStrings;
+    NSSInitParameters *initStringPtr = NULL;
+
+    appendLabel(label);
+    if (log) {
+        fprintf(stderr, "*NSS_Init for %s*\n", lableString);
+    }
+
+    if (!db->activated) {
+        fprintf(stderr, ">> No %s_db has been specified\n", lableString);
+        usage(progName);
+    }
+    if (initialized) {
+        fprintf(stderr, "Warning: Second initialization of %s\n", lableString);
+    }
+    if (tokNam->activated) {
+        PORT_Memset(&initStrings, 0, sizeof(initStrings));
+        initStrings.length = sizeof(initStrings);
+        initStrings.dbTokenDescription = tokNam->arg;
+        initStringPtr = &initStrings;
+    }
+    ctxt = NSS_InitContext(db->arg, "", "", "", initStringPtr,
+                           NSS_INIT_NOROOTINIT |
+                               (readonly ? NSS_INIT_READONLY : 0));
+    if (ctxt == NULL) {
+        appendLabel('E');
+        appendInt(PORT_GetError());
+        fprintf(stderr, ">> %s\n", SECU_Strerror(PORT_GetError()));
+        dumpBuffer();
+        exit(1);
+    }
+    return ctxt;
+}
+
+/* common library shutdown */
+void
+lib_Shutdown(const char *labelString, char label, NSSInitContext *ctx,
+             int initialize, const char *progName, int log)
+{
+    SECStatus rv;
+    appendLabel(label);
+    if (log) {
+        fprintf(stderr, "*NSS_Shutdown for %s\n*", labelString);
+    }
+    if (!initialize) {
+        fprintf(stderr, "Warning: %s shutdown without corresponding init\n",
+                labelString);
+    }
+    rv = NSS_ShutdownContext(ctx);
+    fprintf(stderr, "Shutdown %s state = %d\n", labelString, rv);
+    if (rv != SECSuccess) {
+        appendLabel('E');
+        appendInt(PORT_GetError());
+        fprintf(stderr, "ERROR: %s\n", SECU_Strerror(PORT_GetError()));
+    }
+}
+
+static NSSInitContext *lib1_context;
+static NSSInitContext *lib2_context;
+void
+lib1_Init(secuCommandFlag *db, secuCommandFlag *tokNam,
+          int readOnly, const char *progName, int log)
+{
+    lib1_context = lib_Init("lib1", '1', lib1_initialized, db, tokNam,
+                            readOnly, progName, log);
+    lib1_initialized = 1;
+}
+
+void
+lib2_Init(secuCommandFlag *db, secuCommandFlag *tokNam,
+          int readOnly, const char *progName, int log)
+{
+    lib2_context = lib_Init("lib2", '2', lib2_initialized,
+                            db, tokNam, readOnly, progName, log);
+    lib2_initialized = 1;
+}
+
+void
+lib1_Do(secuCommandFlag *command, const char *progName, int log)
+{
+    do_command("lib1", lib1_initialized, command, progName, log);
+}
+
+void
+lib2_Do(secuCommandFlag *command, const char *progName, int log)
+{
+    do_command("lib2", lib2_initialized, command, progName, log);
+}
+
+void
+lib1_Shutdown(const char *progName, int log)
+{
+    lib_Shutdown("lib1", 'I', lib1_context, lib1_initialized, progName, log);
+    lib1_initialized = 0;
+    /* don't clear lib1_Context, so we can test multiple attempts to close
+      * the same context produces correct errors*/
+}
+
+void
+lib2_Shutdown(const char *progName, int log)
+{
+    lib_Shutdown("lib2", 'Z', lib2_context, lib2_initialized, progName, log);
+    lib2_initialized = 0;
+    /* don't clear lib2_Context, so we can test multiple attempts to close
+     * the same context produces correct errors*/
+}
+
+int
+main(int argc, char **argv)
+{
+    SECStatus rv;
+    secuCommand libinit;
+    char *progName;
+    char *order;
+    secuCommandFlag *options;
+    int log = 0;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    libinit.numCommands = 0;
+    libinit.commands = 0;
+    libinit.numOptions = opt_last;
+    options = (secuCommandFlag *)PORT_Alloc(sizeof(options_init));
+    if (options == NULL) {
+        fprintf(stderr, ">> %s:Not enough free memory to run command\n",
+                progName);
+        exit(1);
+    }
+    PORT_Memcpy(options, options_init, sizeof(options_init));
+    libinit.options = options;
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &libinit);
+    if (rv != SECSuccess) {
+        usage(progName);
+    }
+
+    if (libinit.options[opt_help].activated) {
+        long_help(progName);
+        exit(0);
+    }
+
+    log = libinit.options[opt_verbose].activated;
+    if (libinit.options[opt_summary].activated) {
+        initBuffer();
+    }
+
+    order = libinit.options[opt_liborder].arg;
+    if (!order) {
+        usage(progName);
+    }
+
+    if (log) {
+        fprintf(stderr, "* initializing with order \"%s\"*\n", order);
+    }
+
+    for (; *order; order++) {
+        switch (*order) {
+            case 'M':
+                main_Init(&libinit.options[opt_mainDB],
+                          &libinit.options[opt_mainTokNam],
+                          libinit.options[opt_mainRO].activated,
+                          progName, log);
+                break;
+            case '1':
+                lib1_Init(&libinit.options[opt_lib1DB],
+                          &libinit.options[opt_lib1TokNam],
+                          libinit.options[opt_lib1RO].activated,
+                          progName, log);
+                break;
+            case '2':
+                lib2_Init(&libinit.options[opt_lib2DB],
+                          &libinit.options[opt_lib2TokNam],
+                          libinit.options[opt_lib2RO].activated,
+                          progName, log);
+                break;
+            case 'm':
+                main_Shutdown(libinit.options[opt_oldStyle].activated,
+                              progName, log);
+                break;
+            case 'i':
+                lib1_Shutdown(progName, log);
+                break;
+            case 'z':
+                lib2_Shutdown(progName, log);
+                break;
+            default:
+                fprintf(stderr, ">> Unknown init/shutdown command \"%c\"", *order);
+                usage_long(progName);
+        }
+        main_Do(&libinit.options[opt_mainCMD], progName, log);
+        lib1_Do(&libinit.options[opt_lib1CMD], progName, log);
+        lib2_Do(&libinit.options[opt_lib2CMD], progName, log);
+    }
+
+    if (NSS_IsInitialized()) {
+        appendLabel('X');
+        fprintf(stderr, "Warning: NSS is initialized\n");
+    }
+    dumpBuffer();
+
+    exit(0);
+}
diff --git a/nss/cmd/multinit/multinit.gyp b/nss/cmd/multinit/multinit.gyp
new file mode 100644
index 0000000..b99c018
--- /dev/null
+++ b/nss/cmd/multinit/multinit.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'multinit',
+      'type': 'executable',
+      'sources': [
+        'multinit.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/ocspclnt/Makefile b/nss/cmd/ocspclnt/Makefile
new file mode 100644
index 0000000..265ea56
--- /dev/null
+++ b/nss/cmd/ocspclnt/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
diff --git a/nss/cmd/ocspclnt/manifest.mn b/nss/cmd/ocspclnt/manifest.mn
new file mode 100644
index 0000000..a2794a3
--- /dev/null
+++ b/nss/cmd/ocspclnt/manifest.mn
@@ -0,0 +1,24 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = \
+	ocspclnt.c \
+	$(NULL)
+
+# headers for the MODULE (defined above) are implicitly required.
+REQUIRES = dbm seccmd
+
+# WINNT uses EXTRA_LIBS as the list of libs to link in.
+# Unix uses     OS_LIBS for that purpose.
+# We can solve this via conditional makefile code, but 
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+# So, look in the local Makefile for the defines for the list of libs.
+
+PROGRAM = ocspclnt
diff --git a/nss/cmd/ocspclnt/ocspclnt.c b/nss/cmd/ocspclnt/ocspclnt.c
new file mode 100644
index 0000000..afcb7e1
--- /dev/null
+++ b/nss/cmd/ocspclnt/ocspclnt.c
@@ -0,0 +1,1243 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Test program for client-side OCSP.
+ */
+
+#include "secutil.h"
+#include "nspr.h"
+#include "plgetopt.h"
+#include "nss.h"
+#include "cert.h"
+#include "ocsp.h"
+#include "xconst.h" /*
+                      * XXX internal header file; needed to get at
+                      * cert_DecodeAuthInfoAccessExtension -- would be
+                      * nice to not need this, but that would require
+                      * better/different APIs.
+                      */
+
+#ifndef NO_PP       /*                                               \
+                     * Compile with this every once in a while to be \
+                     * sure that no dependencies on it get added     \
+                     * outside of the pretty-printing routines.      \
+                     */
+#include "ocspti.h" /* internals for pretty-printing routines *only* */
+#endif              /* NO_PP */
+
+#if defined(_WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+#define DEFAULT_DB_DIR "~/.netscape"
+
+/* global */
+char *program_name;
+
+static void
+synopsis(char *program_name)
+{
+    PRFileDesc *pr_stderr;
+
+    pr_stderr = PR_STDERR;
+    PR_fprintf(pr_stderr, "Usage:");
+    PR_fprintf(pr_stderr,
+               "\t%s -p [-d <dir>]\n",
+               program_name);
+    PR_fprintf(pr_stderr,
+               "\t%s -P [-d <dir>]\n",
+               program_name);
+    PR_fprintf(pr_stderr,
+               "\t%s -r <name> [-a] [-L] [-s <name>] [-d <dir>]\n",
+               program_name);
+    PR_fprintf(pr_stderr,
+               "\t%s -R <name> [-a] [-l <location>] [-s <name>] [-d <dir>]\n",
+               program_name);
+    PR_fprintf(pr_stderr,
+               "\t%s -S <name> [-a] [-l <location> -t <name>]\n",
+               program_name);
+    PR_fprintf(pr_stderr,
+               "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
+    PR_fprintf(pr_stderr,
+               "\t%s -V <name> [-a] -u <usage> [-l <location> -t <name>]\n",
+               program_name);
+    PR_fprintf(pr_stderr,
+               "\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
+}
+
+static void
+short_usage(char *program_name)
+{
+    PR_fprintf(PR_STDERR,
+               "Type %s -H for more detailed descriptions\n",
+               program_name);
+    synopsis(program_name);
+}
+
+static void
+long_usage(char *program_name)
+{
+    PRFileDesc *pr_stderr;
+
+    pr_stderr = PR_STDERR;
+    synopsis(program_name);
+    PR_fprintf(pr_stderr, "\nCommands (must specify exactly one):\n");
+    PR_fprintf(pr_stderr,
+               "  %-13s Pretty-print a binary request read from stdin\n",
+               "-p");
+    PR_fprintf(pr_stderr,
+               "  %-13s Pretty-print a binary response read from stdin\n",
+               "-P");
+    PR_fprintf(pr_stderr,
+               "  %-13s Create a request for cert \"nickname\" on stdout\n",
+               "-r nickname");
+    PR_fprintf(pr_stderr,
+               "  %-13s Get response for cert \"nickname\", dump to stdout\n",
+               "-R nickname");
+    PR_fprintf(pr_stderr,
+               "  %-13s Get status for cert \"nickname\"\n",
+               "-S nickname");
+    PR_fprintf(pr_stderr,
+               "  %-13s Fully verify cert \"nickname\", w/ status check\n",
+               "-V nickname");
+    PR_fprintf(pr_stderr,
+               "\n     %-10s also can be the name of the file with DER or\n"
+               "  %-13s PEM(use -a option) cert encoding\n",
+               "nickname", "");
+    PR_fprintf(pr_stderr, "Options:\n");
+    PR_fprintf(pr_stderr,
+               "  %-13s Decode input cert from PEM format. DER is default\n",
+               "-a");
+    PR_fprintf(pr_stderr,
+               "  %-13s Add the service locator extension to the request\n",
+               "-L");
+    PR_fprintf(pr_stderr,
+               "  %-13s Find security databases in \"dbdir\" (default %s)\n",
+               "-d dbdir", DEFAULT_DB_DIR);
+    PR_fprintf(pr_stderr,
+               "  %-13s Use \"location\" as URL of responder\n",
+               "-l location");
+    PR_fprintf(pr_stderr,
+               "  %-13s Trust cert \"nickname\" as response signer\n",
+               "-t nickname");
+    PR_fprintf(pr_stderr,
+               "  %-13s Sign requests with cert \"nickname\"\n",
+               "-s nickname");
+    PR_fprintf(pr_stderr,
+               "  %-13s Type of certificate usage for verification:\n",
+               "-u usage");
+    PR_fprintf(pr_stderr,
+               "%-17s c   SSL Client\n", "");
+    PR_fprintf(pr_stderr,
+               "%-17s s   SSL Server\n", "");
+    PR_fprintf(pr_stderr,
+               "%-17s e   Email Recipient\n", "");
+    PR_fprintf(pr_stderr,
+               "%-17s E   Email Signer\n", "");
+    PR_fprintf(pr_stderr,
+               "%-17s S   Object Signer\n", "");
+    PR_fprintf(pr_stderr,
+               "%-17s C   CA\n", "");
+    PR_fprintf(pr_stderr,
+               "  %-13s Validity time (default current time), one of:\n",
+               "-w time");
+    PR_fprintf(pr_stderr,
+               "%-17s %-25s (GMT)\n", "", "YYMMDDhhmm[ss]Z");
+    PR_fprintf(pr_stderr,
+               "%-17s %-25s (later than GMT)\n", "", "YYMMDDhhmm[ss]+hhmm");
+    PR_fprintf(pr_stderr,
+               "%-17s %-25s (earlier than GMT)\n", "", "YYMMDDhhmm[ss]-hhmm");
+}
+
+#if defined(WIN32)
+/* We're going to write binary data to stdout, or read binary from stdin.
+ * We must put stdout or stdin into O_BINARY mode or else
+   outgoing \n's will become \r\n's, and incoming \r\n's will become \n's.
+*/
+static SECStatus
+make_file_binary(FILE *binfile)
+{
+    int smrv = _setmode(_fileno(binfile), _O_BINARY);
+    if (smrv == -1) {
+        fprintf(stderr, "%s: Cannot change stdout to binary mode.\n",
+                program_name);
+    }
+    return smrv;
+}
+#define MAKE_FILE_BINARY make_file_binary
+#else
+#define MAKE_FILE_BINARY(file)
+#endif
+
+/*
+ * XXX This is a generic function that would probably make a good
+ * replacement for SECU_DER_Read (which is not at all specific to DER,
+ * despite its name), but that requires fixing all of the tools...
+ * Still, it should be done, whenenver I/somebody has the time.
+ * (Also, consider whether this actually belongs in the security
+ * library itself, not just in the command library.)
+ *
+ * This function takes an open file (a PRFileDesc *) and reads the
+ * entire file into a SECItem.  (Obviously, the file is intended to
+ * be small enough that such a thing is advisable.)  Both the SECItem
+ * and the buffer it points to are allocated from the heap; the caller
+ * is expected to free them.  ("SECITEM_FreeItem(item, PR_TRUE)")
+ */
+static SECItem *
+read_file_into_item(PRFileDesc *in_file, SECItemType si_type)
+{
+    PRStatus prv;
+    SECItem *item;
+    PRFileInfo file_info;
+    PRInt32 bytes_read;
+
+    prv = PR_GetOpenFileInfo(in_file, &file_info);
+    if (prv != PR_SUCCESS)
+        return NULL;
+
+    if (file_info.size == 0) {
+        /* XXX Need a better error; just grabbed this one for expediency. */
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return NULL;
+    }
+
+    if (file_info.size > 0xffff) { /* I think this is too big. */
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    item = PORT_Alloc(sizeof(SECItem));
+    if (item == NULL)
+        return NULL;
+
+    item->type = si_type;
+    item->len = (unsigned int)file_info.size;
+    item->data = PORT_Alloc((size_t)item->len);
+    if (item->data == NULL)
+        goto loser;
+
+    bytes_read = PR_Read(in_file, item->data, (PRInt32)item->len);
+    if (bytes_read < 0) {
+        /* Something went wrong; error is already set for us. */
+        goto loser;
+    } else if (bytes_read == 0) {
+        /* Something went wrong; we read nothing.  But no system/nspr error. */
+        /* XXX Need to set an error here. */
+        goto loser;
+    } else if (item->len != (unsigned int)bytes_read) {
+        /* Something went wrong; we read less (or more!?) than we expected. */
+        /* XXX Need to set an error here. */
+        goto loser;
+    }
+
+    return item;
+
+loser:
+    SECITEM_FreeItem(item, PR_TRUE);
+    return NULL;
+}
+
+/*
+ * Create a DER-encoded OCSP request (for the certificate whose nickname
+ * is "name") and dump it out.
+ */
+static SECStatus
+create_request(FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
+               PRBool add_service_locator, PRBool add_acceptable_responses)
+{
+    CERTCertList *certs = NULL;
+    CERTCertificate *myCert = NULL;
+    CERTOCSPRequest *request = NULL;
+    PRTime now = PR_Now();
+    SECItem *encoding = NULL;
+    SECStatus rv = SECFailure;
+
+    if (handle == NULL || cert == NULL)
+        return rv;
+
+    myCert = CERT_DupCertificate(cert);
+    if (myCert == NULL)
+        goto loser;
+
+    /*
+     * We need to create a list of one.
+     */
+    certs = CERT_NewCertList();
+    if (certs == NULL)
+        goto loser;
+
+    if (CERT_AddCertToListTail(certs, myCert) != SECSuccess)
+        goto loser;
+
+    /*
+     * Now that cert is included in the list, we need to be careful
+     * that we do not try to destroy it twice.  This will prevent that.
+     */
+    myCert = NULL;
+
+    request = CERT_CreateOCSPRequest(certs, now, add_service_locator, NULL);
+    if (request == NULL)
+        goto loser;
+
+    if (add_acceptable_responses) {
+        rv = CERT_AddOCSPAcceptableResponses(request,
+                                             SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    encoding = CERT_EncodeOCSPRequest(NULL, request, NULL);
+    if (encoding == NULL)
+        goto loser;
+
+    MAKE_FILE_BINARY(out_file);
+    if (fwrite(encoding->data, encoding->len, 1, out_file) != 1)
+        goto loser;
+
+    rv = SECSuccess;
+
+loser:
+    if (encoding != NULL)
+        SECITEM_FreeItem(encoding, PR_TRUE);
+    if (request != NULL)
+        CERT_DestroyOCSPRequest(request);
+    if (certs != NULL)
+        CERT_DestroyCertList(certs);
+    if (myCert != NULL)
+        CERT_DestroyCertificate(myCert);
+
+    return rv;
+}
+
+/*
+ * Create a DER-encoded OCSP request (for the certificate whose nickname is
+ * "cert_name"), then get and dump a corresponding response.  The responder
+ * location is either specified explicitly (as "responder_url") or found
+ * via the AuthorityInfoAccess URL in the cert.
+ */
+static SECStatus
+dump_response(FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
+              const char *responder_url)
+{
+    CERTCertList *certs = NULL;
+    CERTCertificate *myCert = NULL;
+    char *loc = NULL;
+    PRTime now = PR_Now();
+    SECItem *response = NULL;
+    SECStatus rv = SECFailure;
+    PRBool includeServiceLocator;
+
+    if (handle == NULL || cert == NULL)
+        return rv;
+
+    myCert = CERT_DupCertificate(cert);
+    if (myCert == NULL)
+        goto loser;
+
+    if (responder_url != NULL) {
+        loc = (char *)responder_url;
+        includeServiceLocator = PR_TRUE;
+    } else {
+        loc = CERT_GetOCSPAuthorityInfoAccessLocation(cert);
+        if (loc == NULL)
+            goto loser;
+        includeServiceLocator = PR_FALSE;
+    }
+
+    /*
+     * We need to create a list of one.
+     */
+    certs = CERT_NewCertList();
+    if (certs == NULL)
+        goto loser;
+
+    if (CERT_AddCertToListTail(certs, myCert) != SECSuccess)
+        goto loser;
+
+    /*
+     * Now that cert is included in the list, we need to be careful
+     * that we do not try to destroy it twice.  This will prevent that.
+     */
+    myCert = NULL;
+
+    response = CERT_GetEncodedOCSPResponse(NULL, certs, loc, now,
+                                           includeServiceLocator,
+                                           NULL, NULL, NULL);
+    if (response == NULL)
+        goto loser;
+
+    MAKE_FILE_BINARY(out_file);
+    if (fwrite(response->data, response->len, 1, out_file) != 1)
+        goto loser;
+
+    rv = SECSuccess;
+
+loser:
+    if (response != NULL)
+        SECITEM_FreeItem(response, PR_TRUE);
+    if (certs != NULL)
+        CERT_DestroyCertList(certs);
+    if (myCert != NULL)
+        CERT_DestroyCertificate(myCert);
+    if (loc != NULL && loc != responder_url)
+        PORT_Free(loc);
+
+    return rv;
+}
+
+/*
+ * Get the status for the specified certificate (whose nickname is "cert_name").
+ * Directly use the OCSP function rather than doing a full verification.
+ */
+static SECStatus
+get_cert_status(FILE *out_file, CERTCertDBHandle *handle,
+                CERTCertificate *cert, const char *cert_name,
+                PRTime verify_time)
+{
+    SECStatus rv = SECFailure;
+
+    if (handle == NULL || cert == NULL)
+        goto loser;
+
+    rv = CERT_CheckOCSPStatus(handle, cert, verify_time, NULL);
+
+    fprintf(out_file, "Check of certificate \"%s\" ", cert_name);
+    if (rv == SECSuccess) {
+        fprintf(out_file, "succeeded.\n");
+    } else {
+        const char *error_string = SECU_Strerror(PORT_GetError());
+        fprintf(out_file, "failed.  Reason:\n");
+        if (error_string != NULL && PORT_Strlen(error_string) > 0)
+            fprintf(out_file, "%s\n", error_string);
+        else
+            fprintf(out_file, "Unknown\n");
+    }
+
+    rv = SECSuccess;
+
+loser:
+
+    return rv;
+}
+
+/*
+ * Verify the specified certificate (whose nickname is "cert_name").
+ * OCSP is already turned on, so we just need to call the standard
+ * certificate verification API and let it do all the work.
+ */
+static SECStatus
+verify_cert(FILE *out_file, CERTCertDBHandle *handle, CERTCertificate *cert,
+            const char *cert_name, SECCertUsage cert_usage, PRTime verify_time)
+{
+    SECStatus rv = SECFailure;
+
+    if (handle == NULL || cert == NULL)
+        return rv;
+
+    rv = CERT_VerifyCert(handle, cert, PR_TRUE, cert_usage, verify_time,
+                         NULL, NULL);
+
+    fprintf(out_file, "Verification of certificate \"%s\" ", cert_name);
+    if (rv == SECSuccess) {
+        fprintf(out_file, "succeeded.\n");
+    } else {
+        const char *error_string = SECU_Strerror(PORT_GetError());
+        fprintf(out_file, "failed.  Reason:\n");
+        if (error_string != NULL && PORT_Strlen(error_string) > 0)
+            fprintf(out_file, "%s\n", error_string);
+        else
+            fprintf(out_file, "Unknown\n");
+    }
+
+    rv = SECSuccess;
+
+    return rv;
+}
+
+CERTCertificate *
+find_certificate(CERTCertDBHandle *handle, const char *name, PRBool ascii)
+{
+    CERTCertificate *cert = NULL;
+    SECItem der;
+    PRFileDesc *certFile;
+
+    if (handle == NULL || name == NULL)
+        return NULL;
+
+    if (ascii == PR_FALSE) {
+        /* by default need to check if there is cert nick is given */
+        cert = CERT_FindCertByNicknameOrEmailAddr(handle, (char *)name);
+        if (cert != NULL)
+            return cert;
+    }
+
+    certFile = PR_Open(name, PR_RDONLY, 0);
+    if (certFile == NULL) {
+        return NULL;
+    }
+
+    if (SECU_ReadDERFromFile(&der, certFile, ascii, PR_FALSE) == SECSuccess) {
+        cert = CERT_DecodeCertFromPackage((char *)der.data, der.len);
+        SECITEM_FreeItem(&der, PR_FALSE);
+    }
+    PR_Close(certFile);
+
+    return cert;
+}
+
+#ifdef NO_PP
+
+static SECStatus
+print_request(FILE *out_file, SECItem *data)
+{
+    fprintf(out_file, "Cannot pretty-print request compiled with NO_PP.\n");
+    return SECSuccess;
+}
+
+static SECStatus
+print_response(FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
+{
+    fprintf(out_file, "Cannot pretty-print response compiled with NO_PP.\n");
+    return SECSuccess;
+}
+
+#else /* NO_PP */
+
+static void
+print_ocsp_version(FILE *out_file, SECItem *version, int level)
+{
+    if (version->len > 0) {
+        SECU_PrintInteger(out_file, version, "Version", level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "Version: DEFAULT\n");
+    }
+}
+
+static void
+print_ocsp_cert_id(FILE *out_file, CERTOCSPCertID *cert_id, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Cert ID:\n");
+    level++;
+
+    SECU_PrintAlgorithmID(out_file, &(cert_id->hashAlgorithm),
+                          "Hash Algorithm", level);
+    SECU_PrintAsHex(out_file, &(cert_id->issuerNameHash),
+                    "Issuer Name Hash", level);
+    SECU_PrintAsHex(out_file, &(cert_id->issuerKeyHash),
+                    "Issuer Key Hash", level);
+    SECU_PrintInteger(out_file, &(cert_id->serialNumber),
+                      "Serial Number", level);
+    /* XXX lookup the cert; if found, print something nice (nickname?) */
+}
+
+static void
+print_raw_certificates(FILE *out_file, SECItem **raw_certs, int level)
+{
+    SECItem *raw_cert;
+    int i = 0;
+    char cert_label[50];
+
+    SECU_Indent(out_file, level);
+
+    if (raw_certs == NULL) {
+        fprintf(out_file, "No Certificates.\n");
+        return;
+    }
+
+    fprintf(out_file, "Certificate List:\n");
+    while ((raw_cert = raw_certs[i++]) != NULL) {
+        sprintf(cert_label, "Certificate (%d)", i);
+        (void)SECU_PrintSignedData(out_file, raw_cert, cert_label, level + 1,
+                                   (SECU_PPFunc)SECU_PrintCertificate);
+    }
+}
+
+static void
+print_ocsp_extensions(FILE *out_file, CERTCertExtension **extensions,
+                      char *msg, int level)
+{
+    if (extensions) {
+        SECU_PrintExtensions(out_file, extensions, msg, level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "No %s\n", msg);
+    }
+}
+
+static void
+print_single_request(FILE *out_file, ocspSingleRequest *single, int level)
+{
+    print_ocsp_cert_id(out_file, single->reqCert, level);
+    print_ocsp_extensions(out_file, single->singleRequestExtensions,
+                          "Single Request Extensions", level);
+}
+
+/*
+ * Decode the DER/BER-encoded item "data" as an OCSP request
+ * and pretty-print the subfields.
+ */
+static SECStatus
+print_request(FILE *out_file, SECItem *data)
+{
+    CERTOCSPRequest *request;
+    ocspTBSRequest *tbsRequest;
+    int level = 0;
+
+    PORT_Assert(out_file != NULL);
+    PORT_Assert(data != NULL);
+    if (out_file == NULL || data == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    request = CERT_DecodeOCSPRequest(data);
+    if (request == NULL || request->tbsRequest == NULL)
+        return SECFailure;
+
+    tbsRequest = request->tbsRequest;
+
+    fprintf(out_file, "TBS Request:\n");
+    level++;
+
+    print_ocsp_version(out_file, &(tbsRequest->version), level);
+
+    /*
+     * XXX Probably should be an interface to get the signer name
+     * without looking inside the tbsRequest at all.
+     */
+    if (tbsRequest->requestorName != NULL) {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "XXX print the requestorName\n");
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "No Requestor Name.\n");
+    }
+
+    if (tbsRequest->requestList != NULL) {
+        int i;
+
+        for (i = 0; tbsRequest->requestList[i] != NULL; i++) {
+            SECU_Indent(out_file, level);
+            fprintf(out_file, "Request %d:\n", i);
+            print_single_request(out_file, tbsRequest->requestList[i],
+                                 level + 1);
+        }
+    } else {
+        fprintf(out_file, "Request list is empty.\n");
+    }
+
+    print_ocsp_extensions(out_file, tbsRequest->requestExtensions,
+                          "Request Extensions", level);
+
+    if (request->optionalSignature != NULL) {
+        ocspSignature *whole_sig;
+        SECItem rawsig;
+
+        fprintf(out_file, "Signature:\n");
+
+        whole_sig = request->optionalSignature;
+        SECU_PrintAlgorithmID(out_file, &(whole_sig->signatureAlgorithm),
+                              "Signature Algorithm", level);
+
+        rawsig = whole_sig->signature;
+        DER_ConvertBitString(&rawsig);
+        SECU_PrintAsHex(out_file, &rawsig, "Signature", level);
+
+        print_raw_certificates(out_file, whole_sig->derCerts, level);
+
+        fprintf(out_file, "XXX verify the sig and print result\n");
+    } else {
+        fprintf(out_file, "No Signature\n");
+    }
+
+    CERT_DestroyOCSPRequest(request);
+    return SECSuccess;
+}
+
+static void
+print_revoked_info(FILE *out_file, ocspRevokedInfo *revoked_info, int level)
+{
+    SECU_PrintGeneralizedTime(out_file, &(revoked_info->revocationTime),
+                              "Revocation Time", level);
+
+    if (revoked_info->revocationReason != NULL) {
+        SECU_PrintAsHex(out_file, revoked_info->revocationReason,
+                        "Revocation Reason", level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "No Revocation Reason.\n");
+    }
+}
+
+static void
+print_cert_status(FILE *out_file, ocspCertStatus *status, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Status: ");
+
+    switch (status->certStatusType) {
+        case ocspCertStatus_good:
+            fprintf(out_file, "Cert is good.\n");
+            break;
+        case ocspCertStatus_revoked:
+            fprintf(out_file, "Cert has been revoked.\n");
+            print_revoked_info(out_file, status->certStatusInfo.revokedInfo,
+                               level + 1);
+            break;
+        case ocspCertStatus_unknown:
+            fprintf(out_file, "Cert is unknown to responder.\n");
+            break;
+        default:
+            fprintf(out_file, "Unrecognized status.\n");
+            break;
+    }
+}
+
+static void
+print_single_response(FILE *out_file, CERTOCSPSingleResponse *single,
+                      int level)
+{
+    print_ocsp_cert_id(out_file, single->certID, level);
+
+    print_cert_status(out_file, single->certStatus, level);
+
+    SECU_PrintGeneralizedTime(out_file, &(single->thisUpdate),
+                              "This Update", level);
+
+    if (single->nextUpdate != NULL) {
+        SECU_PrintGeneralizedTime(out_file, single->nextUpdate,
+                                  "Next Update", level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "No Next Update\n");
+    }
+
+    print_ocsp_extensions(out_file, single->singleExtensions,
+                          "Single Response Extensions", level);
+}
+
+static void
+print_responder_id(FILE *out_file, ocspResponderID *responderID, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Responder ID ");
+
+    switch (responderID->responderIDType) {
+        case ocspResponderID_byName:
+            fprintf(out_file, "(byName):\n");
+            SECU_PrintName(out_file, &(responderID->responderIDValue.name),
+                           "Name", level + 1);
+            break;
+        case ocspResponderID_byKey:
+            fprintf(out_file, "(byKey):\n");
+            SECU_PrintAsHex(out_file, &(responderID->responderIDValue.keyHash),
+                            "Key Hash", level + 1);
+            break;
+        default:
+            fprintf(out_file, "Unrecognized Responder ID Type\n");
+            break;
+    }
+}
+
+static void
+print_response_data(FILE *out_file, ocspResponseData *responseData, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Response Data:\n");
+    level++;
+
+    print_ocsp_version(out_file, &(responseData->version), level);
+
+    print_responder_id(out_file, responseData->responderID, level);
+
+    SECU_PrintGeneralizedTime(out_file, &(responseData->producedAt),
+                              "Produced At", level);
+
+    if (responseData->responses != NULL) {
+        int i;
+
+        for (i = 0; responseData->responses[i] != NULL; i++) {
+            SECU_Indent(out_file, level);
+            fprintf(out_file, "Response %d:\n", i);
+            print_single_response(out_file, responseData->responses[i],
+                                  level + 1);
+        }
+    } else {
+        fprintf(out_file, "Response list is empty.\n");
+    }
+
+    print_ocsp_extensions(out_file, responseData->responseExtensions,
+                          "Response Extensions", level);
+}
+
+static void
+print_basic_response(FILE *out_file, ocspBasicOCSPResponse *basic, int level)
+{
+    SECItem rawsig;
+
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Basic OCSP Response:\n");
+    level++;
+
+    print_response_data(out_file, basic->tbsResponseData, level);
+
+    SECU_PrintAlgorithmID(out_file,
+                          &(basic->responseSignature.signatureAlgorithm),
+                          "Signature Algorithm", level);
+
+    rawsig = basic->responseSignature.signature;
+    DER_ConvertBitString(&rawsig);
+    SECU_PrintAsHex(out_file, &rawsig, "Signature", level);
+
+    print_raw_certificates(out_file, basic->responseSignature.derCerts, level);
+}
+
+/*
+ * Note this must match (exactly) the enumeration ocspResponseStatus.
+ */
+static char *responseStatusNames[] = {
+    "successful (Response has valid confirmations)",
+    "malformedRequest (Illegal confirmation request)",
+    "internalError (Internal error in issuer)",
+    "tryLater (Try again later)",
+    "unused ((4) is not used)",
+    "sigRequired (Must sign the request)",
+    "unauthorized (Request unauthorized)"
+};
+
+/*
+ * Decode the DER/BER-encoded item "data" as an OCSP response
+ * and pretty-print the subfields.
+ */
+static SECStatus
+print_response(FILE *out_file, SECItem *data, CERTCertDBHandle *handle)
+{
+    CERTOCSPResponse *response;
+    int level = 0;
+
+    PORT_Assert(out_file != NULL);
+    PORT_Assert(data != NULL);
+    if (out_file == NULL || data == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    response = CERT_DecodeOCSPResponse(data);
+    if (response == NULL)
+        return SECFailure;
+
+    if (response->statusValue >= ocspResponse_min &&
+        response->statusValue <= ocspResponse_max) {
+        fprintf(out_file, "Response Status: %s\n",
+                responseStatusNames[response->statusValue]);
+    } else {
+        fprintf(out_file,
+                "Response Status: other (Status value %d out of defined range)\n",
+                (int)response->statusValue);
+    }
+
+    if (response->statusValue == ocspResponse_successful) {
+        ocspResponseBytes *responseBytes = response->responseBytes;
+        SECStatus sigStatus;
+        CERTCertificate *signerCert = NULL;
+
+        PORT_Assert(responseBytes != NULL);
+
+        level++;
+        fprintf(out_file, "Response Bytes:\n");
+        SECU_PrintObjectID(out_file, &(responseBytes->responseType),
+                           "Response Type", level);
+        switch (response->responseBytes->responseTypeTag) {
+            case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
+                print_basic_response(out_file,
+                                     responseBytes->decodedResponse.basic,
+                                     level);
+                break;
+            default:
+                SECU_Indent(out_file, level);
+                fprintf(out_file, "Unknown response syntax\n");
+                break;
+        }
+
+        sigStatus = CERT_VerifyOCSPResponseSignature(response, handle,
+                                                     NULL, &signerCert, NULL);
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "Signature verification ");
+        if (sigStatus != SECSuccess) {
+            fprintf(out_file, "failed: %s\n", SECU_Strerror(PORT_GetError()));
+        } else {
+            fprintf(out_file, "succeeded.\n");
+            if (signerCert != NULL) {
+                SECU_PrintName(out_file, &signerCert->subject, "Signer",
+                               level);
+                CERT_DestroyCertificate(signerCert);
+            } else {
+                SECU_Indent(out_file, level);
+                fprintf(out_file, "No signer cert returned?\n");
+            }
+        }
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "Unsuccessful response, no more information.\n");
+    }
+
+    CERT_DestroyOCSPResponse(response);
+    return SECSuccess;
+}
+
+#endif /* NO_PP */
+
+static SECStatus
+cert_usage_from_char(const char *cert_usage_str, SECCertUsage *cert_usage)
+{
+    PORT_Assert(cert_usage_str != NULL);
+    PORT_Assert(cert_usage != NULL);
+
+    if (PORT_Strlen(cert_usage_str) != 1)
+        return SECFailure;
+
+    switch (*cert_usage_str) {
+        case 'c':
+            *cert_usage = certUsageSSLClient;
+            break;
+        case 's':
+            *cert_usage = certUsageSSLServer;
+            break;
+        case 'e':
+            *cert_usage = certUsageEmailRecipient;
+            break;
+        case 'E':
+            *cert_usage = certUsageEmailSigner;
+            break;
+        case 'S':
+            *cert_usage = certUsageObjectSigner;
+            break;
+        case 'C':
+            *cert_usage = certUsageVerifyCA;
+            break;
+        default:
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+int
+main(int argc, char **argv)
+{
+    int retval;
+    PRFileDesc *in_file;
+    FILE *out_file; /* not PRFileDesc until SECU accepts it */
+    int crequest, dresponse;
+    int prequest, presponse;
+    int ccert, vcert;
+    const char *db_dir, *date_str, *cert_usage_str, *name;
+    const char *responder_name, *responder_url, *signer_name;
+    PRBool add_acceptable_responses, add_service_locator;
+    SECItem *data = NULL;
+    PLOptState *optstate;
+    SECStatus rv;
+    CERTCertDBHandle *handle = NULL;
+    SECCertUsage cert_usage = certUsageSSLClient;
+    PRTime verify_time;
+    CERTCertificate *cert = NULL;
+    PRBool ascii = PR_FALSE;
+
+    retval = -1; /* what we return/exit with on error */
+
+    program_name = PL_strrchr(argv[0], '/');
+    program_name = program_name ? (program_name + 1) : argv[0];
+
+    in_file = PR_STDIN;
+    out_file = stdout;
+
+    crequest = 0;
+    dresponse = 0;
+    prequest = 0;
+    presponse = 0;
+    ccert = 0;
+    vcert = 0;
+
+    db_dir = NULL;
+    date_str = NULL;
+    cert_usage_str = NULL;
+    name = NULL;
+    responder_name = NULL;
+    responder_url = NULL;
+    signer_name = NULL;
+
+    add_acceptable_responses = PR_FALSE;
+    add_service_locator = PR_FALSE;
+
+    optstate = PL_CreateOptState(argc, argv, "AHLPR:S:V:d:l:pr:s:t:u:w:");
+    if (optstate == NULL) {
+        SECU_PrintError(program_name, "PL_CreateOptState failed");
+        return retval;
+    }
+
+    while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                short_usage(program_name);
+                return retval;
+
+            case 'A':
+                add_acceptable_responses = PR_TRUE;
+                break;
+
+            case 'H':
+                long_usage(program_name);
+                return retval;
+
+            case 'L':
+                add_service_locator = PR_TRUE;
+                break;
+
+            case 'P':
+                presponse = 1;
+                break;
+
+            case 'R':
+                dresponse = 1;
+                name = optstate->value;
+                break;
+
+            case 'S':
+                ccert = 1;
+                name = optstate->value;
+                break;
+
+            case 'V':
+                vcert = 1;
+                name = optstate->value;
+                break;
+
+            case 'a':
+                ascii = PR_TRUE;
+                break;
+
+            case 'd':
+                db_dir = optstate->value;
+                break;
+
+            case 'l':
+                responder_url = optstate->value;
+                break;
+
+            case 'p':
+                prequest = 1;
+                break;
+
+            case 'r':
+                crequest = 1;
+                name = optstate->value;
+                break;
+
+            case 's':
+                signer_name = optstate->value;
+                break;
+
+            case 't':
+                responder_name = optstate->value;
+                break;
+
+            case 'u':
+                cert_usage_str = optstate->value;
+                break;
+
+            case 'w':
+                date_str = optstate->value;
+                break;
+        }
+    }
+
+    PL_DestroyOptState(optstate);
+
+    if ((crequest + dresponse + prequest + presponse + ccert + vcert) != 1) {
+        PR_fprintf(PR_STDERR, "%s: must specify exactly one command\n\n",
+                   program_name);
+        short_usage(program_name);
+        return retval;
+    }
+
+    if (vcert) {
+        if (cert_usage_str == NULL) {
+            PR_fprintf(PR_STDERR, "%s: verification requires cert usage\n\n",
+                       program_name);
+            short_usage(program_name);
+            return retval;
+        }
+
+        rv = cert_usage_from_char(cert_usage_str, &cert_usage);
+        if (rv != SECSuccess) {
+            PR_fprintf(PR_STDERR, "%s: invalid cert usage (\"%s\")\n\n",
+                       program_name, cert_usage_str);
+            long_usage(program_name);
+            return retval;
+        }
+    }
+
+    if (ccert + vcert) {
+        if (responder_url != NULL || responder_name != NULL) {
+            /*
+            * To do a full status check, both the URL and the cert name
+            * of the responder must be specified if either one is.
+            */
+            if (responder_url == NULL || responder_name == NULL) {
+                if (responder_url == NULL)
+                    PR_fprintf(PR_STDERR,
+                               "%s: must also specify responder location\n\n",
+                               program_name);
+                else
+                    PR_fprintf(PR_STDERR,
+                               "%s: must also specify responder name\n\n",
+                               program_name);
+                short_usage(program_name);
+                return retval;
+            }
+        }
+
+        if (date_str != NULL) {
+            rv = DER_AsciiToTime(&verify_time, (char *)date_str);
+            if (rv != SECSuccess) {
+                SECU_PrintError(program_name, "error converting time string");
+                PR_fprintf(PR_STDERR, "\n");
+                long_usage(program_name);
+                return retval;
+            }
+        } else {
+            verify_time = PR_Now();
+        }
+    }
+
+    retval = -2; /* errors change from usage to runtime */
+
+    /*
+     * Initialize the NSPR and Security libraries.
+     */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    db_dir = SECU_ConfigDirectory(db_dir);
+    rv = NSS_Init(db_dir);
+    if (rv != SECSuccess) {
+        SECU_PrintError(program_name, "NSS_Init failed");
+        goto prdone;
+    }
+    SECU_RegisterDynamicOids();
+
+    if (prequest + presponse) {
+        MAKE_FILE_BINARY(stdin);
+        data = read_file_into_item(in_file, siBuffer);
+        if (data == NULL) {
+            SECU_PrintError(program_name, "problem reading input");
+            goto nssdone;
+        }
+    }
+
+    if (crequest + dresponse + presponse + ccert + vcert) {
+        handle = CERT_GetDefaultCertDB();
+        if (handle == NULL) {
+            SECU_PrintError(program_name, "problem getting certdb handle");
+            goto nssdone;
+        }
+
+        /*
+        * It would be fine to do the enable for all of these commands,
+        * but this way we check that everything but an overall verify
+        * can be done without it.  That is, that the individual pieces
+        * work on their own.
+        */
+        if (vcert) {
+            rv = CERT_EnableOCSPChecking(handle);
+            if (rv != SECSuccess) {
+                SECU_PrintError(program_name, "error enabling OCSP checking");
+                goto nssdone;
+            }
+        }
+
+        if ((ccert + vcert) && (responder_name != NULL)) {
+            rv = CERT_SetOCSPDefaultResponder(handle, responder_url,
+                                              responder_name);
+            if (rv != SECSuccess) {
+                SECU_PrintError(program_name,
+                                "error setting default responder");
+                goto nssdone;
+            }
+
+            rv = CERT_EnableOCSPDefaultResponder(handle);
+            if (rv != SECSuccess) {
+                SECU_PrintError(program_name,
+                                "error enabling default responder");
+                goto nssdone;
+            }
+        }
+    }
+
+#define NOTYET(opt)                                         \
+    {                                                       \
+        PR_fprintf(PR_STDERR, "%s not yet working\n", opt); \
+        exit(-1);                                           \
+    }
+
+    if (name) {
+        cert = find_certificate(handle, name, ascii);
+    }
+
+    if (crequest) {
+        if (signer_name != NULL) {
+            NOTYET("-s");
+        }
+        rv = create_request(out_file, handle, cert, add_service_locator,
+                            add_acceptable_responses);
+    } else if (dresponse) {
+        if (signer_name != NULL) {
+            NOTYET("-s");
+        }
+        rv = dump_response(out_file, handle, cert, responder_url);
+    } else if (prequest) {
+        rv = print_request(out_file, data);
+    } else if (presponse) {
+        rv = print_response(out_file, data, handle);
+    } else if (ccert) {
+        if (signer_name != NULL) {
+            NOTYET("-s");
+        }
+        rv = get_cert_status(out_file, handle, cert, name, verify_time);
+    } else if (vcert) {
+        if (signer_name != NULL) {
+            NOTYET("-s");
+        }
+        rv = verify_cert(out_file, handle, cert, name, cert_usage, verify_time);
+    }
+
+    if (rv != SECSuccess)
+        SECU_PrintError(program_name, "error performing requested operation");
+    else
+        retval = 0;
+
+nssdone:
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+
+    if (data != NULL) {
+        SECITEM_FreeItem(data, PR_TRUE);
+    }
+
+    if (handle != NULL) {
+        CERT_DisableOCSPDefaultResponder(handle);
+        CERT_DisableOCSPChecking(handle);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        retval = 1;
+    }
+
+prdone:
+    PR_Cleanup();
+    return retval;
+}
diff --git a/nss/cmd/ocspclnt/ocspclnt.gyp b/nss/cmd/ocspclnt/ocspclnt.gyp
new file mode 100644
index 0000000..4ab7c5e
--- /dev/null
+++ b/nss/cmd/ocspclnt/ocspclnt.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'ocspclnt',
+      'type': 'executable',
+      'sources': [
+        'ocspclnt.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/ocspresp/Makefile b/nss/cmd/ocspresp/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/ocspresp/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/ocspresp/manifest.mn b/nss/cmd/ocspresp/manifest.mn
new file mode 100644
index 0000000..3608623
--- /dev/null
+++ b/nss/cmd/ocspresp/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = ocspresp.c
+
+REQUIRES = seccmd 
+
+PROGRAM = ocspresp
+
diff --git a/nss/cmd/ocspresp/ocspresp.c b/nss/cmd/ocspresp/ocspresp.c
new file mode 100644
index 0000000..632623c
--- /dev/null
+++ b/nss/cmd/ocspresp/ocspresp.c
@@ -0,0 +1,251 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * ocspresp - self test for OCSP response creation
+ */
+
+#include "nspr.h"
+#include "secutil.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "ocsp.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+secuPWData pwdata = { PW_NONE, 0 };
+
+static PRBool
+getCaAndSubjectCert(CERTCertDBHandle *certHandle,
+                    const char *caNick, const char *eeNick,
+                    CERTCertificate **outCA, CERTCertificate **outCert)
+{
+    *outCA = CERT_FindCertByNickname(certHandle, caNick);
+    *outCert = CERT_FindCertByNickname(certHandle, eeNick);
+    return *outCA && *outCert;
+}
+
+static SECItem *
+encode(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
+{
+    SECItem *response;
+    PRTime now = PR_Now();
+    PRTime nextUpdate;
+    CERTOCSPSingleResponse **responses;
+    CERTOCSPSingleResponse *sr;
+
+    if (!arena)
+        return NULL;
+
+    nextUpdate = now + 10 * PR_USEC_PER_SEC; /* in the future */
+
+    sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now, &nextUpdate);
+
+    /* meaning of value 2: one entry + one end marker */
+    responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
+    if (responses == NULL)
+        return NULL;
+
+    responses[0] = sr;
+    responses[1] = NULL;
+
+    response = CERT_CreateEncodedOCSPSuccessResponse(
+        arena, ca, ocspResponderID_byName, now, responses, &pwdata);
+
+    return response;
+}
+
+static SECItem *
+encodeRevoked(PLArenaPool *arena, CERTOCSPCertID *cid, CERTCertificate *ca)
+{
+    SECItem *response;
+    PRTime now = PR_Now();
+    PRTime revocationTime;
+    CERTOCSPSingleResponse **responses;
+    CERTOCSPSingleResponse *sr;
+
+    if (!arena)
+        return NULL;
+
+    revocationTime = now - 10 * PR_USEC_PER_SEC; /* in the past */
+
+    sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, NULL,
+                                              revocationTime, NULL);
+
+    /* meaning of value 2: one entry + one end marker */
+    responses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
+    if (responses == NULL)
+        return NULL;
+
+    responses[0] = sr;
+    responses[1] = NULL;
+
+    response = CERT_CreateEncodedOCSPSuccessResponse(
+        arena, ca, ocspResponderID_byName, now, responses, &pwdata);
+
+    return response;
+}
+
+int
+Usage(void)
+{
+    PRFileDesc *pr_stderr = PR_STDERR;
+    PR_fprintf(pr_stderr, "ocspresp runs an internal selftest for OCSP response creation");
+    PR_fprintf(pr_stderr, "Usage:");
+    PR_fprintf(pr_stderr,
+               "\tocspresp <dbdir> <CA-nick> <EE-nick> [-p <pass>] [-f <file>]\n");
+    PR_fprintf(pr_stderr,
+               "\tdbdir:   Find security databases in \"dbdir\"\n");
+    PR_fprintf(pr_stderr,
+               "\tCA-nick: nickname of a trusted CA certificate with private key\n");
+    PR_fprintf(pr_stderr,
+               "\tEE-nick: nickname of a entity cert issued by CA\n");
+    PR_fprintf(pr_stderr,
+               "\t-p:      a password for db\n");
+    PR_fprintf(pr_stderr,
+               "\t-f:      a filename containing the password for db\n");
+    return -1;
+}
+
+int
+main(int argc, char **argv)
+{
+    SECStatus rv;
+    int retval = -1;
+    CERTCertDBHandle *certHandle = NULL;
+    CERTCertificate *caCert = NULL, *cert = NULL;
+    CERTOCSPCertID *cid = NULL;
+    PLArenaPool *arena = NULL;
+    PRTime now = PR_Now();
+
+    SECItem *encoded = NULL;
+    CERTOCSPResponse *decoded = NULL;
+
+    SECItem *encodedRev = NULL;
+    CERTOCSPResponse *decodedRev = NULL;
+
+    SECItem *encodedFail = NULL;
+    CERTOCSPResponse *decodedFail = NULL;
+
+    CERTCertificate *obtainedSignerCert = NULL;
+
+    if (argc != 4 && argc != 6) {
+        return Usage();
+    }
+
+    if (argc == 6) {
+        if (!strcmp(argv[4], "-p")) {
+            pwdata.source = PW_PLAINTEXT;
+            pwdata.data = PORT_Strdup(argv[5]);
+        } else if (!strcmp(argv[4], "-f")) {
+            pwdata.source = PW_FROMFILE;
+            pwdata.data = PORT_Strdup(argv[5]);
+        } else
+            return Usage();
+    }
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    /*rv = NSS_Init(SECU_ConfigDirectory(NULL));*/
+    rv = NSS_Init(argv[1]);
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(argv[0]);
+        goto loser;
+    }
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    certHandle = CERT_GetDefaultCertDB();
+    if (!certHandle)
+        goto loser;
+
+    if (!getCaAndSubjectCert(certHandle, argv[2], argv[3], &caCert, &cert))
+        goto loser;
+
+    cid = CERT_CreateOCSPCertID(cert, now);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    encoded = encode(arena, cid, caCert);
+    PORT_Assert(encoded);
+    decoded = CERT_DecodeOCSPResponse(encoded);
+    PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded));
+
+    PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
+                                                       &obtainedSignerCert, caCert));
+    PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
+                                                  obtainedSignerCert, now));
+    CERT_DestroyCertificate(obtainedSignerCert);
+
+    encodedRev = encodeRevoked(arena, cid, caCert);
+    PORT_Assert(encodedRev);
+    decodedRev = CERT_DecodeOCSPResponse(encodedRev);
+    PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev));
+
+    PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
+                                                       &obtainedSignerCert, caCert));
+#ifdef DEBUG
+    {
+        SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
+                                                   obtainedSignerCert, now);
+        PORT_Assert(rv == SECFailure);
+        PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
+    }
+#else
+    (void)CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
+                                      obtainedSignerCert, now);
+#endif
+    CERT_DestroyCertificate(obtainedSignerCert);
+
+    encodedFail = CERT_CreateEncodedOCSPErrorResponse(
+        arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
+    PORT_Assert(encodedFail);
+    decodedFail = CERT_DecodeOCSPResponse(encodedFail);
+#ifdef DEBUG
+    {
+        SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail);
+        PORT_Assert(rv == SECFailure);
+        PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
+    }
+#else
+    (void)CERT_GetOCSPResponseStatus(decodedFail);
+#endif
+    retval = 0;
+loser:
+    if (retval != 0)
+        SECU_PrintError(argv[0], "tests failed");
+
+    if (cid)
+        CERT_DestroyOCSPCertID(cid);
+    if (cert)
+        CERT_DestroyCertificate(cert);
+    if (caCert)
+        CERT_DestroyCertificate(caCert);
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    if (decoded)
+        CERT_DestroyOCSPResponse(decoded);
+    if (decodedRev)
+        CERT_DestroyOCSPResponse(decodedRev);
+    if (decodedFail)
+        CERT_DestroyOCSPResponse(decodedFail);
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(argv[0], "NSS shutdown:");
+        if (retval == 0)
+            retval = -2;
+    }
+
+    return retval;
+}
diff --git a/nss/cmd/ocspresp/ocspresp.gyp b/nss/cmd/ocspresp/ocspresp.gyp
new file mode 100644
index 0000000..81f02df
--- /dev/null
+++ b/nss/cmd/ocspresp/ocspresp.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'ocspresp',
+      'type': 'executable',
+      'sources': [
+        'ocspresp.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/oidcalc/Makefile b/nss/cmd/oidcalc/Makefile
new file mode 100644
index 0000000..d7c879a
--- /dev/null
+++ b/nss/cmd/oidcalc/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/oidcalc/manifest.mn b/nss/cmd/oidcalc/manifest.mn
new file mode 100644
index 0000000..e7976c6
--- /dev/null
+++ b/nss/cmd/oidcalc/manifest.mn
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = oidcalc.c
+
+PROGRAM	= oidcalc
diff --git a/nss/cmd/oidcalc/oidcalc.c b/nss/cmd/oidcalc/oidcalc.c
new file mode 100644
index 0000000..46ef56c
--- /dev/null
+++ b/nss/cmd/oidcalc/oidcalc.c
@@ -0,0 +1,86 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int
+main(int argc, char **argv)
+{
+    char *curstr;
+    char *nextstr;
+    unsigned int firstval;
+    unsigned int secondval;
+    unsigned int val;
+    unsigned char buf[5];
+    int count;
+
+    if (argc != 2) {
+        fprintf(stderr, "wrong number of args\n");
+        exit(-1);
+    }
+
+    curstr = argv[1];
+
+    nextstr = strchr(curstr, '.');
+
+    if (nextstr == NULL) {
+        fprintf(stderr, "only one component\n");
+        exit(-1);
+    }
+
+    *nextstr = '\0';
+    firstval = atoi(curstr);
+
+    curstr = nextstr + 1;
+
+    nextstr = strchr(curstr, '.');
+
+    if (nextstr) {
+        *nextstr = '\0';
+    }
+
+    secondval = atoi(curstr);
+
+    if (firstval > 2) {
+        fprintf(stderr, "first component out of range\n");
+        exit(-1);
+    }
+
+    if (secondval > 39) {
+        fprintf(stderr, "second component out of range\n");
+        exit(-1);
+    }
+
+    printf("0x%x, ", (firstval * 40) + secondval);
+    while (nextstr) {
+        curstr = nextstr + 1;
+
+        nextstr = strchr(curstr, '.');
+
+        if (nextstr) {
+            *nextstr = '\0';
+        }
+
+        memset(buf, 0, sizeof(buf));
+        val = atoi(curstr);
+        count = 0;
+        while (val) {
+            buf[count] = (val & 0x7f);
+            val = val >> 7;
+            count++;
+        }
+
+        while (count--) {
+            if (count) {
+                printf("0x%x, ", buf[count] | 0x80);
+            } else {
+                printf("0x%x, ", buf[count]);
+            }
+        }
+    }
+    printf("\n");
+    return 0;
+}
diff --git a/nss/cmd/oidcalc/oidcalc.gyp b/nss/cmd/oidcalc/oidcalc.gyp
new file mode 100644
index 0000000..b02ab87
--- /dev/null
+++ b/nss/cmd/oidcalc/oidcalc.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'oidcalc',
+      'type': 'executable',
+      'sources': [
+        'oidcalc.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/p7content/Makefile b/nss/cmd/p7content/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/p7content/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/p7content/manifest.mn b/nss/cmd/p7content/manifest.mn
new file mode 100644
index 0000000..6fa632f
--- /dev/null
+++ b/nss/cmd/p7content/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+MODULE = nss
+
+CSRCS = p7content.c
+
+REQUIRES = seccmd 
+
+PROGRAM = p7content
+
diff --git a/nss/cmd/p7content/p7content.c b/nss/cmd/p7content/p7content.c
new file mode 100644
index 0000000..d8c4d65
--- /dev/null
+++ b/nss/cmd/p7content/p7content.c
@@ -0,0 +1,269 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * p7content -- A command to display pkcs7 content.
+ */
+
+#include "nspr.h"
+#include "secutil.h"
+#include "plgetopt.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "nss.h"
+#include "pk11pub.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
+extern int fwrite(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s [-d dbdir] [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr,
+            "%-20s Key/Cert database directory (default is ~/.netscape)\n",
+            "-d dbdir");
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    exit(-1);
+}
+
+static PRBool saw_content;
+static secuPWData pwdata = { PW_NONE, 0 };
+
+static void
+PrintBytes(void *arg, const char *buf, unsigned long len)
+{
+    FILE *out;
+
+    out = arg;
+    fwrite(buf, len, 1, out);
+
+    saw_content = PR_TRUE;
+}
+
+/*
+ * XXX Someday we may want to do real policy stuff here.  This allows
+ * anything to be decrypted, which is okay for a test program but does
+ * not set an example of how a real client with a real policy would
+ * need to do it.
+ */
+static PRBool
+decryption_allowed(SECAlgorithmID *algid, PK11SymKey *key)
+{
+    return PR_TRUE;
+}
+
+int
+DecodeAndPrintFile(FILE *out, PRFileDesc *in, char *progName)
+{
+    SECItem derdata;
+    SEC_PKCS7ContentInfo *cinfo = NULL;
+    SEC_PKCS7DecoderContext *dcx;
+
+    if (SECU_ReadDERFromFile(&derdata, in, PR_FALSE, PR_FALSE)) {
+        SECU_PrintError(progName, "error converting der");
+        return -1;
+    }
+
+    fprintf(out,
+            "Content printed between bars (newline added before second bar):");
+    fprintf(out, "\n---------------------------------------------\n");
+
+    saw_content = PR_FALSE;
+    dcx = SEC_PKCS7DecoderStart(PrintBytes, out, NULL, &pwdata,
+                                NULL, NULL, decryption_allowed);
+    if (dcx != NULL) {
+#if 0 /* Test that decoder works when data is really streaming in. */
+    {
+        unsigned long i;
+        for (i = 0; i < derdata.len; i++)
+        SEC_PKCS7DecoderUpdate(dcx, derdata.data + i, 1);
+    }
+#else
+        SEC_PKCS7DecoderUpdate(dcx, (char *)derdata.data, derdata.len);
+#endif
+        cinfo = SEC_PKCS7DecoderFinish(dcx);
+    }
+
+    fprintf(out, "\n---------------------------------------------\n");
+
+    if (cinfo == NULL)
+        return -1;
+
+    fprintf(out, "Content was%s encrypted.\n",
+            SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
+
+    if (SEC_PKCS7ContentIsSigned(cinfo)) {
+        char *signer_cname, *signer_ename;
+        SECItem *signing_time;
+
+        if (saw_content) {
+            fprintf(out, "Signature is ");
+            PORT_SetError(0);
+            if (SEC_PKCS7VerifySignature(cinfo, certUsageEmailSigner, PR_FALSE))
+                fprintf(out, "valid.\n");
+            else
+                fprintf(out, "invalid (Reason: %s).\n",
+                        SECU_Strerror(PORT_GetError()));
+        } else {
+            fprintf(out,
+                    "Content is detached; signature cannot be verified.\n");
+        }
+
+        signer_cname = SEC_PKCS7GetSignerCommonName(cinfo);
+        if (signer_cname != NULL) {
+            fprintf(out, "The signer's common name is %s\n", signer_cname);
+            PORT_Free(signer_cname);
+        } else {
+            fprintf(out, "No signer common name.\n");
+        }
+
+        signer_ename = SEC_PKCS7GetSignerEmailAddress(cinfo);
+        if (signer_ename != NULL) {
+            fprintf(out, "The signer's email address is %s\n", signer_ename);
+            PORT_Free(signer_ename);
+        } else {
+            fprintf(out, "No signer email address.\n");
+        }
+
+        signing_time = SEC_PKCS7GetSigningTime(cinfo);
+        if (signing_time != NULL) {
+            SECU_PrintTimeChoice(out, signing_time, "Signing time", 0);
+        } else {
+            fprintf(out, "No signing time included.\n");
+        }
+    } else {
+        fprintf(out, "Content was not signed.\n");
+    }
+
+    fprintf(out, "There were%s certs or crls included.\n",
+            SEC_PKCS7ContainsCertsOrCrls(cinfo) ? "" : " no");
+
+    SECITEM_FreeItem(&derdata, PR_FALSE);
+    SEC_PKCS7DestroyContentInfo(cinfo);
+    return 0;
+}
+
+/*
+ * Print the contents of a PKCS7 message, indicating signatures, etc.
+ */
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *outFile;
+    PRFileDesc *inFile;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+    int error = 0;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    inFile = NULL;
+    outFile = NULL;
+
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "d:i:o:p:f:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'i':
+                inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    error = -1;
+                    goto done;
+                }
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "w");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    error = -1;
+                    goto done;
+                }
+                break;
+
+            case 'p':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            default:
+                Usage(progName);
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    if (status == PL_OPT_BAD)
+        Usage(progName);
+
+    if (!inFile)
+        inFile = PR_STDIN;
+    if (!outFile)
+        outFile = stdout;
+
+    /* Call the initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        error = -1;
+        goto done;
+    }
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    if (DecodeAndPrintFile(outFile, inFile, progName)) {
+        SECU_PrintError(progName, "problem decoding data");
+        error = -1;
+        goto done;
+    }
+
+done:
+    if (inFile && inFile != PR_STDIN) {
+        PR_Close(inFile);
+    }
+    if (outFile && outFile != stdout) {
+        fclose(outFile);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        error = -1;
+    }
+
+    return error;
+}
diff --git a/nss/cmd/p7content/p7content.gyp b/nss/cmd/p7content/p7content.gyp
new file mode 100644
index 0000000..7380dfa
--- /dev/null
+++ b/nss/cmd/p7content/p7content.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'p7content',
+      'type': 'executable',
+      'sources': [
+        'p7content.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/p7env/Makefile b/nss/cmd/p7env/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/p7env/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/p7env/manifest.mn b/nss/cmd/p7env/manifest.mn
new file mode 100644
index 0000000..db385b2
--- /dev/null
+++ b/nss/cmd/p7env/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = p7env.c  
+
+REQUIRES = seccmd 
+
+PROGRAM = p7env
+
diff --git a/nss/cmd/p7env/p7env.c b/nss/cmd/p7env/p7env.c
new file mode 100644
index 0000000..b35bf9a
--- /dev/null
+++ b/nss/cmd/p7env/p7env.c
@@ -0,0 +1,261 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * p7env -- A command to create a pkcs7 enveloped data.
+ */
+
+#include "nspr.h"
+#include "secutil.h"
+#include "plgetopt.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "nss.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s -r recipient [-d dbdir] [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr, "%-20s Nickname of cert to use for encryption\n",
+            "-r recipient");
+    fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n",
+            "-d dbdir");
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    exit(-1);
+}
+
+struct recipient {
+    struct recipient *next;
+    char *nickname;
+    CERTCertificate *cert;
+};
+
+static void
+EncryptOut(void *arg, const char *buf, unsigned long len)
+{
+    FILE *out;
+
+    out = arg;
+    fwrite(buf, len, 1, out);
+}
+
+static int
+EncryptFile(FILE *outFile, FILE *inFile, struct recipient *recipients,
+            char *progName)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SEC_PKCS7EncoderContext *ecx;
+    struct recipient *rcpt;
+    SECStatus rv;
+
+    if (outFile == NULL || inFile == NULL || recipients == NULL)
+        return -1;
+
+    /* XXX Need a better way to handle that certUsage stuff! */
+    /* XXX keysize? */
+    cinfo = SEC_PKCS7CreateEnvelopedData(recipients->cert,
+                                         certUsageEmailRecipient,
+                                         NULL, SEC_OID_DES_EDE3_CBC, 0,
+                                         NULL, NULL);
+    if (cinfo == NULL)
+        return -1;
+
+    for (rcpt = recipients->next; rcpt != NULL; rcpt = rcpt->next) {
+        rv = SEC_PKCS7AddRecipient(cinfo, rcpt->cert, certUsageEmailRecipient,
+                                   NULL);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error adding recipient \"%s\"",
+                            rcpt->nickname);
+            return -1;
+        }
+    }
+
+    ecx = SEC_PKCS7EncoderStart(cinfo, EncryptOut, outFile, NULL);
+    if (ecx == NULL)
+        return -1;
+
+    for (;;) {
+        char ibuf[1024];
+        int nb;
+
+        if (feof(inFile))
+            break;
+        nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+        if (nb == 0) {
+            if (ferror(inFile)) {
+                PORT_SetError(SEC_ERROR_IO);
+                rv = SECFailure;
+            }
+            break;
+        }
+        rv = SEC_PKCS7EncoderUpdate(ecx, ibuf, nb);
+        if (rv != SECSuccess)
+            break;
+    }
+
+    if (SEC_PKCS7EncoderFinish(ecx, NULL, NULL) != SECSuccess)
+        rv = SECFailure;
+
+    SEC_PKCS7DestroyContentInfo(cinfo);
+
+    if (rv != SECSuccess)
+        return -1;
+
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *inFile, *outFile;
+    CERTCertDBHandle *certHandle;
+    struct recipient *recipients, *rcpt;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    inFile = NULL;
+    outFile = NULL;
+    recipients = NULL;
+    rcpt = NULL;
+
+    /*
+     * Parse command line arguments
+     * XXX This needs to be enhanced to allow selection of algorithms
+     * and key sizes (or to look up algorithms and key sizes for each
+     * recipient in the magic database).
+     */
+    optstate = PL_CreateOptState(argc, argv, "d:i:o:r:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'i':
+                inFile = fopen(optstate->value, "r");
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'r':
+                if (rcpt == NULL) {
+                    recipients = rcpt = PORT_Alloc(sizeof(struct recipient));
+                } else {
+                    rcpt->next = PORT_Alloc(sizeof(struct recipient));
+                    rcpt = rcpt->next;
+                }
+                if (rcpt == NULL) {
+                    fprintf(stderr, "%s: unable to allocate recipient struct\n",
+                            progName);
+                    return -1;
+                }
+                rcpt->nickname = PORT_Strdup(optstate->value);
+                rcpt->cert = NULL;
+                rcpt->next = NULL;
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    if (!recipients)
+        Usage(progName);
+
+    if (!inFile)
+        inFile = stdin;
+    if (!outFile)
+        outFile = stdout;
+
+    /* Call the NSS initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return -1;
+    }
+
+    /* open cert database */
+    certHandle = CERT_GetDefaultCertDB();
+    if (certHandle == NULL) {
+        return -1;
+    }
+
+    /* find certs */
+    for (rcpt = recipients; rcpt != NULL; rcpt = rcpt->next) {
+        rcpt->cert = CERT_FindCertByNickname(certHandle, rcpt->nickname);
+        if (rcpt->cert == NULL) {
+            SECU_PrintError(progName,
+                            "the cert for name \"%s\" not found in database",
+                            rcpt->nickname);
+            return -1;
+        }
+    }
+
+    if (EncryptFile(outFile, inFile, recipients, progName)) {
+        SECU_PrintError(progName, "problem encrypting data");
+        return -1;
+    }
+
+    /* free certs */
+    for (rcpt = recipients; rcpt != NULL;) {
+        struct recipient *next = rcpt->next;
+        CERT_DestroyCertificate(rcpt->cert);
+        PORT_Free(rcpt->nickname);
+        PORT_Free(rcpt);
+        rcpt = next;
+    }
+
+    if (inFile && inFile != stdin) {
+        fclose(inFile);
+    }
+    if (outFile && outFile != stdout) {
+        fclose(outFile);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS shutdown:");
+        return -1;
+    }
+
+    return 0;
+}
diff --git a/nss/cmd/p7env/p7env.gyp b/nss/cmd/p7env/p7env.gyp
new file mode 100644
index 0000000..e84eaab
--- /dev/null
+++ b/nss/cmd/p7env/p7env.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'p7env',
+      'type': 'executable',
+      'sources': [
+        'p7env.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/p7sign/Makefile b/nss/cmd/p7sign/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/p7sign/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/p7sign/manifest.mn b/nss/cmd/p7sign/manifest.mn
new file mode 100644
index 0000000..1f32e39
--- /dev/null
+++ b/nss/cmd/p7sign/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = p7sign.c  
+
+REQUIRES = seccmd 
+
+PROGRAM = p7sign
+
diff --git a/nss/cmd/p7sign/p7sign.c b/nss/cmd/p7sign/p7sign.c
new file mode 100644
index 0000000..3ac4620
--- /dev/null
+++ b/nss/cmd/p7sign/p7sign.c
@@ -0,0 +1,281 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * p7sign -- A command to create a *detached* pkcs7 signature (over a given
+ * input file).
+ */
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "secutil.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "sechash.h" /* for HASH_GetHashObject() */
+#include "nss.h"
+#include "pk11func.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+
+static secuPWData pwdata = { PW_NONE, 0 };
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s -k keyname [-d keydir] [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr, "%-20s Nickname of key to use for signature\n",
+            "-k keyname");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+            "-d keydir");
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    fprintf(stderr, "%-20s Encapsulate content in signature message\n",
+            "-e");
+    fprintf(stderr, "%-20s Password to the key databse\n", "-p");
+    fprintf(stderr, "%-20s password file\n", "-f");
+    exit(-1);
+}
+
+static void
+SignOut(void *arg, const char *buf, unsigned long len)
+{
+    FILE *out;
+
+    out = (FILE *)arg;
+    fwrite(buf, len, 1, out);
+}
+
+static int
+CreateDigest(SECItem *data, char *digestdata, unsigned int *len, unsigned int maxlen)
+{
+    const SECHashObject *hashObj;
+    void *hashcx;
+
+    /* XXX probably want to extend interface to allow other hash algorithms */
+    hashObj = HASH_GetHashObject(HASH_AlgSHA1);
+
+    hashcx = (*hashObj->create)();
+    if (hashcx == NULL)
+        return -1;
+
+    (*hashObj->begin)(hashcx);
+    (*hashObj->update)(hashcx, data->data, data->len);
+    (*hashObj->end)(hashcx, (unsigned char *)digestdata, len, maxlen);
+    (*hashObj->destroy)(hashcx, PR_TRUE);
+    return 0;
+}
+
+static int
+SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert,
+         PRBool encapsulated)
+{
+    char digestdata[32];
+    unsigned int len;
+    SECItem digest, data2sign;
+    SEC_PKCS7ContentInfo *cinfo;
+    SECStatus rv;
+
+    if (outFile == NULL || inFile == NULL || cert == NULL)
+        return -1;
+
+    /* suck the file in */
+    if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
+                             PR_FALSE) != SECSuccess)
+        return -1;
+
+    if (!encapsulated) {
+        /* unfortunately, we must create the digest ourselves */
+        /* SEC_PKCS7CreateSignedData should have a flag to not include */
+        /* the content for non-encapsulated content at encode time, but */
+        /* should always compute the hash itself */
+        if (CreateDigest(&data2sign, digestdata, &len, 32) < 0)
+            return -1;
+        digest.data = (unsigned char *)digestdata;
+        digest.len = len;
+    }
+
+    /* XXX Need a better way to handle that usage stuff! */
+    cinfo = SEC_PKCS7CreateSignedData(cert, certUsageEmailSigner, NULL,
+                                      SEC_OID_SHA1,
+                                      encapsulated ? NULL : &digest,
+                                      NULL, NULL);
+    if (cinfo == NULL)
+        return -1;
+
+    if (encapsulated) {
+        SEC_PKCS7SetContent(cinfo, (char *)data2sign.data, data2sign.len);
+    }
+
+    rv = SEC_PKCS7IncludeCertChain(cinfo, NULL);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return -1;
+    }
+
+    rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL,
+                         NULL, &pwdata);
+
+    SECITEM_FreeItem(&data2sign, PR_FALSE);
+    SEC_PKCS7DestroyContentInfo(cinfo);
+
+    if (rv != SECSuccess)
+        return -1;
+
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *outFile;
+    PRFileDesc *inFile;
+    char *keyName = NULL;
+    CERTCertDBHandle *certHandle;
+    CERTCertificate *cert = NULL;
+    PRBool encapsulated = PR_FALSE;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    inFile = NULL;
+    outFile = NULL;
+    keyName = NULL;
+
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+
+            case 'e':
+                /* create a message with the signed content encapsulated */
+                encapsulated = PR_TRUE;
+                break;
+
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'i':
+                inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'k':
+                keyName = strdup(optstate->value);
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+            case 'p':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = strdup(optstate->value);
+                break;
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    if (!keyName)
+        Usage(progName);
+
+    if (!inFile)
+        inFile = PR_STDIN;
+    if (!outFile)
+        outFile = stdout;
+
+    /* Call the initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        goto loser;
+    }
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /* open cert database */
+    certHandle = CERT_GetDefaultCertDB();
+    if (certHandle == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* find cert */
+    cert = CERT_FindCertByNickname(certHandle, keyName);
+    if (cert == NULL) {
+        SECU_PrintError(progName,
+                        "the corresponding cert for key \"%s\" does not exist",
+                        keyName);
+        rv = SECFailure;
+        goto loser;
+    }
+
+    if (SignFile(outFile, inFile, cert, encapsulated)) {
+        SECU_PrintError(progName, "problem signing data");
+        rv = SECFailure;
+        goto loser;
+    }
+
+loser:
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
+    }
+    if (keyName) {
+        PORT_Free(keyName);
+    }
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+    if (inFile && inFile != PR_STDIN) {
+        PR_Close(inFile);
+    }
+    if (outFile && outFile != stdout) {
+        fclose(outFile);
+    }
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS shutdown:");
+        exit(1);
+    }
+
+    return (rv != SECSuccess);
+}
diff --git a/nss/cmd/p7sign/p7sign.gyp b/nss/cmd/p7sign/p7sign.gyp
new file mode 100644
index 0000000..c2c672d
--- /dev/null
+++ b/nss/cmd/p7sign/p7sign.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'p7sign',
+      'type': 'executable',
+      'sources': [
+        'p7sign.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/p7verify/Makefile b/nss/cmd/p7verify/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/p7verify/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/p7verify/manifest.mn b/nss/cmd/p7verify/manifest.mn
new file mode 100644
index 0000000..565c74b
--- /dev/null
+++ b/nss/cmd/p7verify/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = p7verify.c  
+
+REQUIRES = seccmd 
+
+PROGRAM = p7verify
+
diff --git a/nss/cmd/p7verify/p7verify.c b/nss/cmd/p7verify/p7verify.c
new file mode 100644
index 0000000..ba38e11
--- /dev/null
+++ b/nss/cmd/p7verify/p7verify.c
@@ -0,0 +1,283 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * p7verify -- A command to do a verification of a *detached* pkcs7 signature.
+ */
+
+#include "nspr.h"
+#include "secutil.h"
+#include "plgetopt.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "secoid.h"
+#include "sechash.h" /* for HASH_GetHashObject() */
+#include "nss.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+
+static HASH_HashType
+AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
+{
+
+    SECOidTag tag;
+
+    tag = SECOID_GetAlgorithmTag(digestAlgorithms);
+
+    switch (tag) {
+        case SEC_OID_MD2:
+            return HASH_AlgMD2;
+        case SEC_OID_MD5:
+            return HASH_AlgMD5;
+        case SEC_OID_SHA1:
+            return HASH_AlgSHA1;
+        default:
+            fprintf(stderr, "should never get here\n");
+            return HASH_AlgNULL;
+    }
+}
+
+static int
+DigestFile(unsigned char *digest, unsigned int *len, unsigned int maxLen,
+           FILE *inFile, HASH_HashType hashType)
+{
+    int nb;
+    unsigned char ibuf[4096];
+    const SECHashObject *hashObj;
+    void *hashcx;
+
+    hashObj = HASH_GetHashObject(hashType);
+
+    hashcx = (*hashObj->create)();
+    if (hashcx == NULL)
+        return -1;
+
+    (*hashObj->begin)(hashcx);
+
+    for (;;) {
+        if (feof(inFile))
+            break;
+        nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+        if (nb != sizeof(ibuf)) {
+            if (nb == 0) {
+                if (ferror(inFile)) {
+                    PORT_SetError(SEC_ERROR_IO);
+                    (*hashObj->destroy)(hashcx, PR_TRUE);
+                    return -1;
+                }
+                /* eof */
+                break;
+            }
+        }
+        (*hashObj->update)(hashcx, ibuf, nb);
+    }
+
+    (*hashObj->end)(hashcx, digest, len, maxLen);
+    (*hashObj->destroy)(hashcx, PR_TRUE);
+
+    return 0;
+}
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s -c content -s signature [-d dbdir] [-u certusage]\n",
+            progName);
+    fprintf(stderr, "%-20s content file that was signed\n",
+            "-c content");
+    fprintf(stderr, "%-20s file containing signature for that content\n",
+            "-s signature");
+    fprintf(stderr,
+            "%-20s Key/Cert database directory (default is ~/.netscape)\n",
+            "-d dbdir");
+    fprintf(stderr, "%-20s Define the type of certificate usage (default is certUsageEmailSigner)\n",
+            "-u certusage");
+    fprintf(stderr, "%-25s  0 - certUsageSSLClient\n", " ");
+    fprintf(stderr, "%-25s  1 - certUsageSSLServer\n", " ");
+    fprintf(stderr, "%-25s  2 - certUsageSSLServerWithStepUp\n", " ");
+    fprintf(stderr, "%-25s  3 - certUsageSSLCA\n", " ");
+    fprintf(stderr, "%-25s  4 - certUsageEmailSigner\n", " ");
+    fprintf(stderr, "%-25s  5 - certUsageEmailRecipient\n", " ");
+    fprintf(stderr, "%-25s  6 - certUsageObjectSigner\n", " ");
+    fprintf(stderr, "%-25s  7 - certUsageUserCertImport\n", " ");
+    fprintf(stderr, "%-25s  8 - certUsageVerifyCA\n", " ");
+    fprintf(stderr, "%-25s  9 - certUsageProtectedObjectSigner\n", " ");
+    fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
+    fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
+
+    exit(-1);
+}
+
+static int
+HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature,
+                    SECCertUsage usage, char *progName)
+{
+    SECItem derdata;
+    SEC_PKCS7ContentInfo *cinfo;
+    SEC_PKCS7SignedData *signedData;
+    HASH_HashType digestType;
+    SECItem digest;
+    unsigned char buffer[32];
+
+    if (SECU_ReadDERFromFile(&derdata, signature, PR_FALSE,
+                             PR_FALSE) != SECSuccess) {
+        SECU_PrintError(progName, "error reading signature file");
+        return -1;
+    }
+
+    cinfo = SEC_PKCS7DecodeItem(&derdata, NULL, NULL, NULL, NULL,
+                                NULL, NULL, NULL);
+    if (cinfo == NULL)
+        return -1;
+
+    if (!SEC_PKCS7ContentIsSigned(cinfo)) {
+        fprintf(out, "Signature file is pkcs7 data, but not signed.\n");
+        return -1;
+    }
+
+    signedData = cinfo->content.signedData;
+
+    /* assume that there is only one digest algorithm for now */
+    digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]);
+    if (digestType == HASH_AlgNULL) {
+        fprintf(out, "Invalid hash algorithmID\n");
+        return -1;
+    }
+
+    digest.data = buffer;
+    if (DigestFile(digest.data, &digest.len, 32, content, digestType)) {
+        SECU_PrintError(progName, "problem computing message digest");
+        return -1;
+    }
+
+    fprintf(out, "Signature is ");
+    if (SEC_PKCS7VerifyDetachedSignature(cinfo, usage, &digest, digestType,
+                                         PR_FALSE))
+        fprintf(out, "valid.\n");
+    else
+        fprintf(out, "invalid (Reason: %s).\n",
+                SECU_Strerror(PORT_GetError()));
+
+    SECITEM_FreeItem(&derdata, PR_FALSE);
+    SEC_PKCS7DestroyContentInfo(cinfo);
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *contentFile, *outFile;
+    PRFileDesc *signatureFile;
+    SECCertUsage certUsage = certUsageEmailSigner;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    contentFile = NULL;
+    signatureFile = NULL;
+    outFile = NULL;
+
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "c:d:o:s:u:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+
+            case 'c':
+                contentFile = fopen(optstate->value, "r");
+                if (!contentFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "w");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 's':
+                signatureFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!signatureFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'u': {
+                int usageType;
+
+                usageType = atoi(strdup(optstate->value));
+                if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
+                    return -1;
+                certUsage = (SECCertUsage)usageType;
+                break;
+            }
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    if (!contentFile)
+        Usage(progName);
+    if (!signatureFile)
+        Usage(progName);
+    if (!outFile)
+        outFile = stdout;
+
+    /* Call the NSS initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return -1;
+    }
+
+    if (HashDecodeAndVerify(outFile, contentFile, signatureFile,
+                            certUsage, progName)) {
+        SECU_PrintError(progName, "problem decoding/verifying signature");
+        return -1;
+    }
+
+    fclose(contentFile);
+    PR_Close(signatureFile);
+    if (outFile && outFile != stdout) {
+        fclose(outFile);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+    return 0;
+}
diff --git a/nss/cmd/p7verify/p7verify.gyp b/nss/cmd/p7verify/p7verify.gyp
new file mode 100644
index 0000000..220a72a
--- /dev/null
+++ b/nss/cmd/p7verify/p7verify.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'p7verify',
+      'type': 'executable',
+      'sources': [
+        'p7verify.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/perfclient/Makefile b/nss/cmd/perfclient/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/perfclient/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/perfclient/client_db b/nss/cmd/perfclient/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/perfclient/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/perfclient/main.c b/nss/cmd/perfclient/main.c
new file mode 100644
index 0000000..94c2b48
--- /dev/null
+++ b/nss/cmd/perfclient/main.c
@@ -0,0 +1,147 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include <pk11func.h>
+/*Error handler*/
+void error(const char *msg)
+{
+    PRErrorCode perr = PR_GetError();
+    const char *errString = PORT_ErrorToString(perr);
+
+    printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+    exit(1);
+}
+
+
+
+int main(int argc, char *argv[])
+{
+	PRFileDesc* socketfd = NULL;
+	PRHostEnt host;
+	PRNetAddr addr;
+	SECStatus rv;
+	PRStatus pr;
+	char buf[16384];
+	char buffParam[256];
+	int n;
+	PRSocketOptionData  socketOption;
+	SSLVersionRange ver;
+	int i, j;
+	int rep;
+	const int repititions = 50;
+	const int stepsize = 64;
+
+	// 3 arguments are necessary for the client
+	if(argc < 3){
+		error("Specify host and port");
+	}
+
+	//Init
+	rv = NSS_Init("../client_db");
+	if(rv != SECSuccess) error("NSS_Init");
+
+	//Open
+	socketfd = PR_OpenTCPSocket(PR_AF_INET);
+	if (socketfd == NULL) error("PR_OpenTCPSocket");
+
+
+	//Set socket option
+	socketOption.option = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+	pr = PR_SetSocketOption(socketfd, &socketOption);
+	if (pr != PR_SUCCESS) error("PR_SetSocketOption");
+
+	//Import
+	socketfd = SSL_ImportFD(NULL, socketfd);
+	if (socketfd == NULL) error("SSL_ImportFD");
+
+	//Set server mode
+	rv = SSL_OptionSet(socketfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_HANDSHAKE_AS_CLIENT ");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(socketfd, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Set url for authentication
+	rv = SSL_SetURL(socketfd, "tls-n.testserver");
+	if(rv != SECSuccess) error("SSL_SetURL");
+
+	//Force TLS 1.3
+    ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+    ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+    rv = SSL_VersionRangeSet(socketfd,&ver);
+    if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	//Get host
+	pr = PR_GetHostByName(argv[1],buffParam,256,&host);
+	if (pr != PR_SUCCESS) error("PR_GetHostByName");
+	rv = PR_EnumerateHostEnt(0, &host, atoi(argv[2]), &addr);
+	if(rv < 0) error("PR_EnumerateHostEnt");
+
+	//Connect
+	pr = PR_Connect(socketfd, &addr, PR_INTERVAL_NO_TIMEOUT);
+	if(pr != PR_SUCCESS) error("PR_Connect");
+
+//	PRBool val = PR_FALSE;
+
+	PRBool first = PR_TRUE; 
+
+	srand (0);
+
+	for(i = 1; i < 16384; i += stepsize){
+		for(rep = 0; rep < repititions; ++rep){
+
+			for (j=0; j < i; ++j){
+				buf[j] = rand();
+			}
+
+			/*Send the previously typed message
+			* Note that when doing the first Write NSS will triger the Handshake
+			* n is the number of packet sent*/
+			n = PR_Write(socketfd,buf,i);
+			if (n < 0)
+				error("ERROR writing to socket");
+			PORT_Assert(i == n);
+
+//			//See if the negotiation of TLS proof was successful
+//			rv = SSL_TLSProofIsNegociated(socketfd,&val);
+//			if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+//
+//			//Get the TLS version used
+//			rv = SSL_VersionRangeGet(socketfd,&ver);
+//			if(rv != SECSuccess) error("SSL_VersionRangeGet");
+//
+//			/* Print the TLS version negotiated, for TLS 1.3 it should show [304:304] and if TLS proof was
+//			* successfully negotiated */
+//			printf("\nNew message ! Protocol[%x:%x], TLS Proof enable[%i] :\n",ver.min,ver.max,(int)val);
+			printf("\nBla\n");
+
+//			usleep(100000);
+			// Rerun the first batch because of cpu scaling
+		}
+		if(first){
+			first = PR_FALSE;
+			i -= stepsize;
+		}
+	}
+
+	PR_Close(socketfd);
+
+
+	printf("\nEND\n");
+	return 0;
+}
+
diff --git a/nss/cmd/perfclient/manifest.mn b/nss/cmd/perfclient/manifest.mn
new file mode 100644
index 0000000..8ff0650
--- /dev/null
+++ b/nss/cmd/perfclient/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= perfclient
+
diff --git a/nss/cmd/perfserver/Makefile b/nss/cmd/perfserver/Makefile
new file mode 100644
index 0000000..c7a02b8
--- /dev/null
+++ b/nss/cmd/perfserver/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/perfserver/main.c b/nss/cmd/perfserver/main.c
new file mode 100644
index 0000000..38bad14
--- /dev/null
+++ b/nss/cmd/perfserver/main.c
@@ -0,0 +1,189 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include <pk11func.h>
+#include <errno.h>
+#include "secitem.h"
+
+//Global variable
+SECKEYPrivateKey *privKey = NULL; //Private key of the server certificate
+CERTCertificate *cert = NULL; //Certificate of the server
+
+
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!!!!!ERROR function name: %s returned error %d:!!!!!\n%s\n",msg, perr, errString);
+    exit(1);
+}
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+/*Called when a client is connected to server*/
+int accept_connection(PRFileDesc * sock)
+{
+	char buffer[65536];
+	int n;
+	PRBool val;
+	SSLVersionRange ver;
+	SECStatus rv;
+
+	while(1)
+	{
+		bzero(buffer,sizeof(buffer));
+		//Read from a client
+		n = PR_Read(sock, buffer, sizeof(buffer)-1);
+		if(n < 0){
+			error("PR_Read");
+			PR_Close(sock);
+		}
+
+		if(n == 0) break;
+
+
+		//See if the negotiation of TLS proof was successful
+		rv = SSL_TLSProofIsNegociated(sock,&val);
+		if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+
+		//Get the TLS version used
+		rv = SSL_VersionRangeGet(sock,&ver);
+		if(rv != SECSuccess) error("SSL_VersionRangeGet");
+
+		/* Print the TLS version negotiated, for TLS 1.3 it should show [304:304] and if TLS proof was
+		* successfully negotiated */
+		printf("\nNew message ! Protocol[%x:%x], TLS Proof enable[%i] :\n",ver.min,ver.max,(int)val);
+	}
+
+	PR_Close(sock);
+
+	printf("END\n");
+	return 0;
+
+}
+
+
+int main(int argc, char *argv[])
+{
+
+
+	PRFileDesc* listenSocket = NULL;
+	PRStatus pr;
+	SECStatus rv;
+	char *tmp = NULL;
+	PRFileDesc* newSocket = NULL;
+	char* certName = "tls-n.testserver";
+	PRNetAddr addr, clientAddr;
+	SSLVersionRange ver;
+
+
+
+	if(argc < 2){
+			error("Specify port");
+	}
+
+	//Cache config
+	tmp = PR_GetEnvSecure("TMP");
+	if (!tmp){
+		tmp = PR_GetEnvSecure("TMPDIR");
+		tmp = PR_GetEnvSecure("TEMP");
+	}
+	rv = SSL_ConfigServerSessionIDCache(0,0, 0, tmp);
+	if (rv != SECSuccess)
+		error("SSL_ConfigServerSessionIDCache");
+
+	//Set Password
+	PK11_SetPasswordFunc(getPwd);
+
+	rv = NSS_Init("../server_db");
+	if(rv != SECSuccess)
+		error("NSS_Initialize");
+
+	//Retrieve certificate
+	cert = PK11_FindCertFromNickname(certName,NULL);
+	if (cert == NULL)
+	error("PK11_FindCertFromNickname");
+
+	//Retrieve private key
+	privKey = PK11_FindKeyByAnyCert(cert,NULL);
+	if (privKey == NULL)
+		error("PK11_FindKeyByAnyCert");
+
+	//New socket
+	listenSocket = PR_OpenTCPSocket(PR_AF_INET);
+	if (listenSocket == NULL) {
+		error("Error: PR_NewTCPSocket");
+	}
+
+	//Server parameters
+	addr.inet.ip = PR_INADDR_ANY;
+	addr.inet.port = PR_htons(atoi(argv[1]));
+	addr.inet.family = PR_AF_INET;
+
+	//Bind
+	pr = PR_Bind(listenSocket, &addr);
+	if (pr != PR_SUCCESS) {
+			error("PR_Bind");
+	}
+
+
+	//Listen
+	pr = PR_Listen(listenSocket, 5);
+	if (pr != PR_SUCCESS) {
+			error("PR_Listen");
+	}
+
+
+	//Import to SSL
+	listenSocket = SSL_ImportFD(NULL, listenSocket);
+	if (listenSocket == NULL) error("SSL_ImportFD");
+
+
+
+	//Set certificate and private key
+	rv = SSL_ConfigSecureServer(listenSocket,cert, privKey, NSS_FindCertKEAType(cert));
+	if (rv != SECSuccess) error("SSL_ConfigSecureServer");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(listenSocket, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Force TLS 1.3
+	ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+	ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+	rv = SSL_VersionRangeSet(listenSocket,&ver);
+	if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	printf("Server started ! \nListening ... \n");
+
+	//Accept
+	newSocket = PR_Accept(listenSocket, &clientAddr, PR_INTERVAL_NO_TIMEOUT);
+	PR_Close(listenSocket);
+	if(newSocket == 0){
+		error("PR_Accept");
+	}
+
+
+
+	//Continue
+	accept_connection(newSocket);
+
+
+	return 0;
+}
diff --git a/nss/cmd/perfserver/manifest.mn b/nss/cmd/perfserver/manifest.mn
new file mode 100644
index 0000000..b97d3d9
--- /dev/null
+++ b/nss/cmd/perfserver/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= perfserver 
+
diff --git a/nss/cmd/perfserver/server_db b/nss/cmd/perfserver/server_db
new file mode 120000
index 0000000..f1858d9
--- /dev/null
+++ b/nss/cmd/perfserver/server_db
@@ -0,0 +1 @@
+../../../ca/server_db
\ No newline at end of file
diff --git a/nss/cmd/pk11ectest/Makefile b/nss/cmd/pk11ectest/Makefile
new file mode 100644
index 0000000..d20daa4
--- /dev/null
+++ b/nss/cmd/pk11ectest/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/pk11ectest/manifest.mn b/nss/cmd/pk11ectest/manifest.mn
new file mode 100644
index 0000000..af814b5
--- /dev/null
+++ b/nss/cmd/pk11ectest/manifest.mn
@@ -0,0 +1,16 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH = ../..
+CORE_DEPTH = ../..
+
+# MODULE public and private header directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = pk11ectest.c
+
+PROGRAM = pk11ectest
+
+USE_STATIC_LIBS = 1
diff --git a/nss/cmd/pk11ectest/pk11ectest.c b/nss/cmd/pk11ectest/pk11ectest.c
new file mode 100644
index 0000000..ca6e2d0
--- /dev/null
+++ b/nss/cmd/pk11ectest/pk11ectest.c
@@ -0,0 +1,171 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "blapi.h"
+#include "nss.h"
+#include "secutil.h"
+#include "secitem.h"
+#include "nspr.h"
+#include "pk11pub.h"
+#include <stdio.h>
+
+void
+printBuf(const SECItem *item)
+{
+    int i;
+    if (!item || !item->len) {
+        printf("(null)\n");
+        return;
+    }
+
+    for (i = 0; i < item->len; i++) {
+        printf("%02x", item->data[i]);
+    }
+    printf("\n");
+}
+
+void
+PrintKey(PK11SymKey *symKey)
+{
+    char *name = PK11_GetSymKeyNickname(symKey);
+    int len = PK11_GetKeyLength(symKey);
+    int strength = PK11_GetKeyStrength(symKey, NULL);
+    SECItem *value = NULL;
+    CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
+    (void)PK11_ExtractKeyValue(symKey);
+
+    value = PK11_GetKeyData(symKey);
+    printf("%s %3d   %4d   %s  ", name ? name : "no-name", len, strength,
+           type == CKK_GENERIC_SECRET ? "generic" : "ERROR! UNKNOWN KEY TYPE");
+    printBuf(value);
+
+    PORT_Free(name);
+}
+
+SECStatus
+ectest_curve_pkcs11(SECOidTag oid)
+{
+    SECKEYECParams pk_11_ecParams = { siBuffer, NULL, 0 };
+    SECKEYPublicKey *pubKey = NULL;
+    SECKEYPrivateKey *privKey = NULL;
+    SECOidData *oidData = NULL;
+    CK_MECHANISM_TYPE target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+    PK11SymKey *symKey = NULL;
+    SECStatus rv = SECFailure;
+
+    oidData = SECOID_FindOIDByTag(oid);
+    if (oidData == NULL) {
+        printf(" >>> SECOID_FindOIDByTag failed.\n");
+        goto cleanup;
+    }
+    PORT_Assert(oidData->oid.len < 256);
+    SECITEM_AllocItem(NULL, &pk_11_ecParams, (2 + oidData->oid.len));
+    pk_11_ecParams.data[0] = SEC_ASN1_OBJECT_ID; /* we have to prepend 0x06 */
+    pk_11_ecParams.data[1] = oidData->oid.len;
+    memcpy(pk_11_ecParams.data + 2, oidData->oid.data, oidData->oid.len);
+
+    privKey = SECKEY_CreateECPrivateKey(&pk_11_ecParams, &pubKey, NULL);
+    if (!privKey || !pubKey) {
+        printf(" >>> SECKEY_CreateECPrivateKey failed.\n");
+        goto cleanup;
+    }
+
+    symKey = PK11_PubDeriveWithKDF(privKey, pubKey, PR_FALSE, NULL, NULL,
+                                   CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                                   CKD_NULL, NULL, NULL);
+    if (!symKey) {
+        printf(" >>> PK11_PubDeriveWithKDF failed.\n");
+        goto cleanup;
+    }
+    PrintKey(symKey);
+    rv = SECSuccess;
+
+cleanup:
+    if (privKey) {
+        SECKEY_DestroyPrivateKey(privKey);
+    }
+    if (pubKey) {
+        SECKEY_DestroyPublicKey(pubKey);
+    }
+    if (symKey) {
+        PK11_FreeSymKey(symKey);
+    }
+    SECITEM_FreeItem(&pk_11_ecParams, PR_FALSE);
+
+    return rv;
+}
+
+void
+printUsage(char *prog)
+{
+    printf("Usage: %s [-fp] [-nd]\n"
+           "\t-n: NIST curves\n"
+           "\t-d: non-NIST curves\n"
+           "You have to specify at at least one of n or d.\n"
+           "By default no tests are executed.\n",
+           prog);
+}
+
+/* Performs tests of elliptic curve cryptography over prime fields If
+ * tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+    SECStatus rv = SECSuccess;
+    int i = 0;
+    int nist = 0;
+    int nonnist = 0;
+    SECOidTag nistOids[3] = { SEC_OID_SECG_EC_SECP256R1,
+                              SEC_OID_SECG_EC_SECP384R1,
+                              SEC_OID_SECG_EC_SECP521R1 };
+
+    for (i = 1; i < argv; i++) {
+        if (PL_strcasecmp(argc[i], "-n") == 0) {
+            nist = 1;
+        } else if (PL_strcasecmp(argc[i], "-d") == 0) {
+            nonnist = 1;
+        } else {
+            printUsage(argc[0]);
+            return 1;
+        }
+    }
+    if (!nist && !nonnist) {
+        printUsage(argc[0]);
+        return 1;
+    }
+
+    rv = NSS_NoDB_Init(NULL);
+    if (rv != SECSuccess) {
+        SECU_PrintError("Error:", "NSS_NoDB_Init");
+        goto cleanup;
+    }
+
+    if (nonnist) {
+        if (ectest_curve_pkcs11(SEC_OID_CURVE25519) != SECSuccess) {
+            printf("not okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
+            rv = SECFailure;
+        } else {
+            printf("okay (OID %d) - PK11 test\n", SEC_OID_CURVE25519);
+        }
+    }
+    if (nist) {
+        for (i = 0; i < 3; ++i) {
+            if (ectest_curve_pkcs11(nistOids[i]) != SECSuccess) {
+                printf("not okay (OID %d) - PK11 test\n", nistOids[i]);
+                rv = SECFailure;
+            } else {
+                printf("okay (OID %d) - PK11 test\n", nistOids[i]);
+            }
+        }
+    }
+
+cleanup:
+    rv |= NSS_Shutdown();
+
+    if (rv != SECSuccess) {
+        printf("Error: exiting with error value\n");
+    }
+    return rv;
+}
diff --git a/nss/cmd/pk11ectest/pk11ectest.gyp b/nss/cmd/pk11ectest/pk11ectest.gyp
new file mode 100644
index 0000000..584bc07
--- /dev/null
+++ b/nss/cmd/pk11ectest/pk11ectest.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pk11ectest',
+      'type': 'executable',
+      'sources': [
+        'pk11ectest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/pk11gcmtest/Makefile b/nss/cmd/pk11gcmtest/Makefile
new file mode 100755
index 0000000..3ffa387
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/pk11gcmtest/manifest.mn b/nss/cmd/pk11gcmtest/manifest.mn
new file mode 100644
index 0000000..f5bc0ec
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/manifest.mn
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+PROGRAM = pk11gcmtest
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	pk11gcmtest.c \
+	$(NULL)
diff --git a/nss/cmd/pk11gcmtest/pk11gcmtest.c b/nss/cmd/pk11gcmtest/pk11gcmtest.c
new file mode 100644
index 0000000..1b8bff5
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/pk11gcmtest.c
@@ -0,0 +1,460 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+#include "pk11pub.h"
+#include "secerr.h"
+#include "nss.h"
+
+static SECStatus
+hex_to_byteval(const char *c2, unsigned char *byteval)
+{
+    int i;
+    unsigned char offset;
+    *byteval = 0;
+    for (i = 0; i < 2; i++) {
+        if (c2[i] >= '0' && c2[i] <= '9') {
+            offset = c2[i] - '0';
+            *byteval |= offset << 4 * (1 - i);
+        } else if (c2[i] >= 'a' && c2[i] <= 'f') {
+            offset = c2[i] - 'a';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else if (c2[i] >= 'A' && c2[i] <= 'F') {
+            offset = c2[i] - 'A';
+            *byteval |= (offset + 10) << 4 * (1 - i);
+        } else {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+aes_encrypt_buf(
+    const unsigned char *key, unsigned int keysize,
+    const unsigned char *iv, unsigned int ivsize,
+    unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
+    const unsigned char *input, unsigned int inputlen,
+    const unsigned char *aad, unsigned int aadlen, unsigned int tagsize)
+{
+    SECStatus rv = SECFailure;
+    SECItem key_item;
+    PK11SlotInfo *slot = NULL;
+    PK11SymKey *symKey = NULL;
+    CK_GCM_PARAMS gcm_params;
+    SECItem param;
+
+    /* Import key into NSS. */
+    key_item.type = siBuffer;
+    key_item.data = (unsigned char *)key; /* const cast */
+    key_item.len = keysize;
+    slot = PK11_GetInternalSlot();
+    symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
+                               CKA_ENCRYPT, &key_item, NULL);
+    PK11_FreeSlot(slot);
+    slot = NULL;
+    if (!symKey) {
+        fprintf(stderr, "PK11_ImportSymKey failed\n");
+        goto loser;
+    }
+
+    gcm_params.pIv = (unsigned char *)iv; /* const cast */
+    gcm_params.ulIvLen = ivsize;
+    gcm_params.pAAD = (unsigned char *)aad; /* const cast */
+    gcm_params.ulAADLen = aadlen;
+    gcm_params.ulTagBits = tagsize * 8;
+
+    param.type = siBuffer;
+    param.data = (unsigned char *)&gcm_params;
+    param.len = sizeof(gcm_params);
+
+    if (PK11_Encrypt(symKey, CKM_AES_GCM, &param,
+                     output, outputlen, maxoutputlen,
+                     input, inputlen) != SECSuccess) {
+        fprintf(stderr, "PK11_Encrypt failed\n");
+        goto loser;
+    }
+
+    rv = SECSuccess;
+
+loser:
+    if (symKey != NULL) {
+        PK11_FreeSymKey(symKey);
+    }
+    return rv;
+}
+
+static SECStatus
+aes_decrypt_buf(
+    const unsigned char *key, unsigned int keysize,
+    const unsigned char *iv, unsigned int ivsize,
+    unsigned char *output, unsigned int *outputlen, unsigned int maxoutputlen,
+    const unsigned char *input, unsigned int inputlen,
+    const unsigned char *aad, unsigned int aadlen,
+    const unsigned char *tag, unsigned int tagsize)
+{
+    SECStatus rv = SECFailure;
+    unsigned char concatenated[11 * 16]; /* 1 to 11 blocks */
+    SECItem key_item;
+    PK11SlotInfo *slot = NULL;
+    PK11SymKey *symKey = NULL;
+    CK_GCM_PARAMS gcm_params;
+    SECItem param;
+
+    if (inputlen + tagsize > sizeof(concatenated)) {
+        fprintf(stderr, "aes_decrypt_buf: local buffer too small\n");
+        goto loser;
+    }
+    memcpy(concatenated, input, inputlen);
+    memcpy(concatenated + inputlen, tag, tagsize);
+
+    /* Import key into NSS. */
+    key_item.type = siBuffer;
+    key_item.data = (unsigned char *)key; /* const cast */
+    key_item.len = keysize;
+    slot = PK11_GetInternalSlot();
+    symKey = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
+                               CKA_DECRYPT, &key_item, NULL);
+    PK11_FreeSlot(slot);
+    slot = NULL;
+    if (!symKey) {
+        fprintf(stderr, "PK11_ImportSymKey failed\n");
+        goto loser;
+    }
+
+    gcm_params.pIv = (unsigned char *)iv;
+    gcm_params.ulIvLen = ivsize;
+    gcm_params.pAAD = (unsigned char *)aad;
+    gcm_params.ulAADLen = aadlen;
+    gcm_params.ulTagBits = tagsize * 8;
+
+    param.type = siBuffer;
+    param.data = (unsigned char *)&gcm_params;
+    param.len = sizeof(gcm_params);
+
+    if (PK11_Decrypt(symKey, CKM_AES_GCM, &param,
+                     output, outputlen, maxoutputlen,
+                     concatenated, inputlen + tagsize) != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SECSuccess;
+
+loser:
+    if (symKey != NULL) {
+        PK11_FreeSymKey(symKey);
+    }
+    return rv;
+}
+
+/*
+ * Perform the AES Known Answer Test (KAT) in Galois Counter Mode (GCM).
+ *
+ * respfn is the pathname of the RESPONSE file.
+ */
+static void
+aes_gcm_kat(const char *respfn)
+{
+    char buf[512]; /* holds one line from the input REQUEST file.
+                         * needs to be large enough to hold the longest
+                         * line "CIPHERTEXT = <320 hex digits>\n".
+                         */
+    FILE *aesresp; /* input stream from the RESPONSE file */
+    int i, j;
+    unsigned int test_group = 0;
+    unsigned int num_tests = 0;
+    PRBool is_encrypt;
+    unsigned char key[32]; /* 128, 192, or 256 bits */
+    unsigned int keysize = 16;
+    unsigned char iv[10 * 16]; /* 1 to 10 blocks */
+    unsigned int ivsize = 12;
+    unsigned char plaintext[10 * 16]; /* 1 to 10 blocks */
+    unsigned int plaintextlen = 0;
+    unsigned char aad[10 * 16]; /* 1 to 10 blocks */
+    unsigned int aadlen = 0;
+    unsigned char ciphertext[10 * 16]; /* 1 to 10 blocks */
+    unsigned int ciphertextlen = 0;
+    unsigned char tag[16];
+    unsigned int tagsize = 16;
+    unsigned char output[10 * 16]; /* 1 to 10 blocks */
+    unsigned int outputlen = 0;
+
+    unsigned int expected_keylen = 0;
+    unsigned int expected_ivlen = 0;
+    unsigned int expected_ptlen = 0;
+    unsigned int expected_aadlen = 0;
+    unsigned int expected_taglen = 0;
+    SECStatus rv;
+
+    if (strstr(respfn, "Encrypt") != NULL) {
+        is_encrypt = PR_TRUE;
+    } else if (strstr(respfn, "Decrypt") != NULL) {
+        is_encrypt = PR_FALSE;
+    } else {
+        fprintf(stderr, "Input file name must contain Encrypt or Decrypt\n");
+        exit(1);
+    }
+    aesresp = fopen(respfn, "r");
+    if (aesresp == NULL) {
+        fprintf(stderr, "Cannot open input file %s\n", respfn);
+        exit(1);
+    }
+    while (fgets(buf, sizeof buf, aesresp) != NULL) {
+        /* a comment or blank line */
+        if (buf[0] == '#' || buf[0] == '\n') {
+            continue;
+        }
+        /* [Keylen = ...], [IVlen = ...], etc. */
+        if (buf[0] == '[') {
+            if (strncmp(&buf[1], "Keylen = ", 9) == 0) {
+                expected_keylen = atoi(&buf[10]);
+            } else if (strncmp(&buf[1], "IVlen = ", 8) == 0) {
+                expected_ivlen = atoi(&buf[9]);
+            } else if (strncmp(&buf[1], "PTlen = ", 8) == 0) {
+                expected_ptlen = atoi(&buf[9]);
+            } else if (strncmp(&buf[1], "AADlen = ", 9) == 0) {
+                expected_aadlen = atoi(&buf[10]);
+            } else if (strncmp(&buf[1], "Taglen = ", 9) == 0) {
+                expected_taglen = atoi(&buf[10]);
+
+                test_group++;
+                if (test_group > 1) {
+                    /* Report num_tests for the previous test group. */
+                    printf("%u tests\n", num_tests);
+                }
+                num_tests = 0;
+                printf("Keylen = %u, IVlen = %u, PTlen = %u, AADlen = %u, "
+                       "Taglen = %u: ",
+                       expected_keylen, expected_ivlen,
+                       expected_ptlen, expected_aadlen, expected_taglen);
+                /* Convert lengths in bits to lengths in bytes. */
+                PORT_Assert(expected_keylen % 8 == 0);
+                expected_keylen /= 8;
+                PORT_Assert(expected_ivlen % 8 == 0);
+                expected_ivlen /= 8;
+                PORT_Assert(expected_ptlen % 8 == 0);
+                expected_ptlen /= 8;
+                PORT_Assert(expected_aadlen % 8 == 0);
+                expected_aadlen /= 8;
+                PORT_Assert(expected_taglen % 8 == 0);
+                expected_taglen /= 8;
+            } else {
+                fprintf(stderr, "Unexpected input line: %s\n", buf);
+                exit(1);
+            }
+            continue;
+        }
+        /* "Count = x" begins a new data set */
+        if (strncmp(buf, "Count", 5) == 0) {
+            /* zeroize the variables for the test with this data set */
+            memset(key, 0, sizeof key);
+            keysize = 0;
+            memset(iv, 0, sizeof iv);
+            ivsize = 0;
+            memset(plaintext, 0, sizeof plaintext);
+            plaintextlen = 0;
+            memset(aad, 0, sizeof aad);
+            aadlen = 0;
+            memset(ciphertext, 0, sizeof ciphertext);
+            ciphertextlen = 0;
+            memset(output, 0, sizeof output);
+            outputlen = 0;
+            num_tests++;
+            continue;
+        }
+        /* Key = ... */
+        if (strncmp(buf, "Key", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &key[j]);
+            }
+            keysize = j;
+            if (keysize != expected_keylen) {
+                fprintf(stderr, "Unexpected key length: %u vs. %u\n",
+                        keysize, expected_keylen);
+                exit(1);
+            }
+            continue;
+        }
+        /* IV = ... */
+        if (strncmp(buf, "IV", 2) == 0) {
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &iv[j]);
+            }
+            ivsize = j;
+            if (ivsize != expected_ivlen) {
+                fprintf(stderr, "Unexpected IV length: %u vs. %u\n",
+                        ivsize, expected_ivlen);
+                exit(1);
+            }
+            continue;
+        }
+        /* PT = ... */
+        if (strncmp(buf, "PT", 2) == 0) {
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &plaintext[j]);
+            }
+            plaintextlen = j;
+            if (plaintextlen != expected_ptlen) {
+                fprintf(stderr, "Unexpected PT length: %u vs. %u\n",
+                        plaintextlen, expected_ptlen);
+                exit(1);
+            }
+
+            if (!is_encrypt) {
+                rv = aes_decrypt_buf(key, keysize, iv, ivsize,
+                                     output, &outputlen, sizeof output,
+                                     ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
+                if (rv != SECSuccess) {
+                    fprintf(stderr, "aes_decrypt_buf failed\n");
+                    goto loser;
+                }
+                if (outputlen != plaintextlen) {
+                    fprintf(stderr, "aes_decrypt_buf: wrong output size\n");
+                    goto loser;
+                }
+                if (memcmp(output, plaintext, plaintextlen) != 0) {
+                    fprintf(stderr, "aes_decrypt_buf: wrong plaintext\n");
+                    goto loser;
+                }
+            }
+            continue;
+        }
+        /* FAIL */
+        if (strncmp(buf, "FAIL", 4) == 0) {
+            plaintextlen = 0;
+
+            PORT_Assert(!is_encrypt);
+            rv = aes_decrypt_buf(key, keysize, iv, ivsize,
+                                 output, &outputlen, sizeof output,
+                                 ciphertext, ciphertextlen, aad, aadlen, tag, tagsize);
+            if (rv != SECFailure) {
+                fprintf(stderr, "aes_decrypt_buf succeeded unexpectedly\n");
+                goto loser;
+            }
+            if (PORT_GetError() != SEC_ERROR_BAD_DATA) {
+                fprintf(stderr, "aes_decrypt_buf failed with incorrect "
+                                "error code\n");
+                goto loser;
+            }
+            continue;
+        }
+        /* AAD = ... */
+        if (strncmp(buf, "AAD", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &aad[j]);
+            }
+            aadlen = j;
+            if (aadlen != expected_aadlen) {
+                fprintf(stderr, "Unexpected AAD length: %u vs. %u\n",
+                        aadlen, expected_aadlen);
+                exit(1);
+            }
+            continue;
+        }
+        /* CT = ... */
+        if (strncmp(buf, "CT", 2) == 0) {
+            i = 2;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &ciphertext[j]);
+            }
+            ciphertextlen = j;
+            if (ciphertextlen != expected_ptlen) {
+                fprintf(stderr, "Unexpected CT length: %u vs. %u\n",
+                        ciphertextlen, expected_ptlen);
+                exit(1);
+            }
+            continue;
+        }
+        /* Tag = ... */
+        if (strncmp(buf, "Tag", 3) == 0) {
+            i = 3;
+            while (isspace(buf[i]) || buf[i] == '=') {
+                i++;
+            }
+            for (j = 0; isxdigit(buf[i]); i += 2, j++) {
+                hex_to_byteval(&buf[i], &tag[j]);
+            }
+            tagsize = j;
+            if (tagsize != expected_taglen) {
+                fprintf(stderr, "Unexpected tag length: %u vs. %u\n",
+                        tagsize, expected_taglen);
+                exit(1);
+            }
+
+            if (is_encrypt) {
+                rv = aes_encrypt_buf(key, keysize, iv, ivsize,
+                                     output, &outputlen, sizeof output,
+                                     plaintext, plaintextlen, aad, aadlen, tagsize);
+                if (rv != SECSuccess) {
+                    fprintf(stderr, "aes_encrypt_buf failed\n");
+                    goto loser;
+                }
+                if (outputlen != plaintextlen + tagsize) {
+                    fprintf(stderr, "aes_encrypt_buf: wrong output size\n");
+                    goto loser;
+                }
+                if (memcmp(output, ciphertext, plaintextlen) != 0) {
+                    fprintf(stderr, "aes_encrypt_buf: wrong ciphertext\n");
+                    goto loser;
+                }
+                if (memcmp(output + plaintextlen, tag, tagsize) != 0) {
+                    fprintf(stderr, "aes_encrypt_buf: wrong tag\n");
+                    goto loser;
+                }
+            }
+            continue;
+        }
+    }
+    /* Report num_tests for the last test group. */
+    printf("%u tests\n", num_tests);
+    printf("%u test groups\n", test_group);
+    printf("PASS\n");
+loser:
+    fclose(aesresp);
+}
+
+int
+main(int argc, char **argv)
+{
+    if (argc < 2)
+        exit(1);
+
+    NSS_NoDB_Init(NULL);
+
+    /*************/
+    /*   AES     */
+    /*************/
+    if (strcmp(argv[1], "aes") == 0) {
+        /* argv[2]=kat argv[3]=gcm argv[4]=<test name>.rsp */
+        if (strcmp(argv[2], "kat") == 0) {
+            /* Known Answer Test (KAT) */
+            aes_gcm_kat(argv[4]);
+        }
+    }
+
+    NSS_Shutdown();
+    return 0;
+}
diff --git a/nss/cmd/pk11gcmtest/pk11gcmtest.gyp b/nss/cmd/pk11gcmtest/pk11gcmtest.gyp
new file mode 100644
index 0000000..fff80f8
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/pk11gcmtest.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pk11gcmtest',
+      'type': 'executable',
+      'sources': [
+        'pk11gcmtest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/pk11gcmtest/tests/README b/nss/cmd/pk11gcmtest/tests/README
new file mode 100644
index 0000000..9131b52
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/tests/README
@@ -0,0 +1,14 @@
+The GCM test vectors in this directory were downloaded from the NIST
+Cryptographic Algorithm Validation Program (CAVP) website
+(http://csrc.nist.gov/groups/STM/cavp/) on Mar 29, 2013 using the URL
+http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip.
+
+The original test files are about 3 MB each, which are too big to
+include in the NSS source tree.  I observed the following patterns in
+the test vectors:
+1. Taglen changes in a cycle of 7: 128, 120, 112, 104, 96, 64, 32.
+2. Then, AADlen changes in a cycle of 5: 0, 128, 160, 384, 720.
+
+To reduce the number of test vectors, I kept Taglen = 128, 96 from
+each cycle of 7, and kept AADlen = 0, 720, 160 from each two cycles
+of 10.
diff --git a/nss/cmd/pk11gcmtest/tests/gcmDecrypt128.rsp b/nss/cmd/pk11gcmtest/tests/gcmDecrypt128.rsp
new file mode 100644
index 0000000..49f264f
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/tests/gcmDecrypt128.rsp
@@ -0,0 +1,1016 @@
+# CAVS 14.0
+# GCM Decrypt with keysize 128 test information
+# Generated on Fri Aug 31 11:28:04 2012
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = cf063a34d4a9a76c2c86787d3f96db71
+IV = 113b9785971864c83b01c787
+CT = 
+AAD = 
+Tag = 72ac8493e3a5228b5d130a69d2510e42
+PT = 
+
+Count = 1
+Key = a49a5e26a2f8cb63d05546c2a62f5343
+IV = 907763b19b9b4ab6bd4f0281
+CT = 
+AAD = 
+Tag = a2be08210d8c470a8df6e8fbd79ec5cf
+FAIL
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 4c5a02440befba5820539ccf74b40355
+IV = 3852fd7da7a375a2a2227e9c
+CT = 
+AAD = 
+Tag = 9f45b723d14708dad1edd831
+FAIL
+
+Count = 1
+Key = d4e885208426247f27428ede3b318e68
+IV = 5513f9ec35e2e72be3470f57
+CT = 
+AAD = 
+Tag = 48d716f0f94ac7fbc291932e
+PT = 
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = c1e007d318d0e5c87d28fd890dfb04ba
+IV = d7bc58d494491ff57639b60b
+CT = 
+AAD = 10c68681c6d700ffc72ea9a790cdc9ddc1904c7e886e23ca166dbfa364a4c5f95205bdd1f22eeebefbbb9375f1a416ec7faed6cfdf706085f8fd2632c7a261a78875811f17fba19baf905f0aa623e67175f2158cda313a5047e3
+Tag = 2f1ede16f025bc8c5421854b5f0109d1
+FAIL
+
+Count = 1
+Key = 8dc7a59a71cd76499de67feac53c786a
+IV = beb45b75ea5b7750e69a409d
+CT = 
+AAD = 8bade18807ac5fe59cfd34d7eed8ae33dfeeb960d2a15693837f22dd98f68715079d358a49a04a7b231d486ae45f4cd6c0fe3cde6c0d967ce8d84bbf2e4be2db793afb72ea83c7b21a73f65742c214768f7e6133e3814059efb6
+Tag = 46e8457d8d409f2a0690e6502f8b7a87
+PT = 
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = e6121ca9c088109b2e06459b42f5a495
+IV = dee4fad3a3f9c9bfe6fef753
+CT = 
+AAD = 2a47d75ac2059be2b810e87240b09ca712aa819ec9c31ffb6dee5c2a828a8e735c3552d25e6edba53278a8d744cc97600967c75f9c8c96df22a724231661f085dac3cdfd15a9bda24f721805683699b3b369e1035e224604dcd2
+Tag = 3f577c08bb955e40dfd59b1b
+FAIL
+
+Count = 1
+Key = 3b7717cf63d8f5074507212006910ebc
+IV = 5e8a852f062eef137b46e3d6
+CT = 
+AAD = 33db774fef0358cc960d6344b791c514ce22b1931137a7a8afd308180549591208f183bc0557dbfe92deda9d0d4664cf6761fe7f03729bb29b213da1216ed0a30fbfa0a27e8fe5d7706fd9a6369d4ee3906ab6cdaf567d0346f4
+Tag = 2378397900d520970a0eadc2
+FAIL
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 4cf56dd7eb109452d7445e79bcad4f86
+IV = 5f3724b27c345ed5d1757e9e
+CT = 2d0581c040f4e2bb74423682113b818c
+AAD = 20fe2aa2641db7318aa5e339b1e303f952b05dc8
+Tag = f090c0cba2151af2e78ef407720233db
+FAIL
+
+Count = 1
+Key = d9529840200e1c17725ab52c9c927637
+IV = 6e9a639d4aecc25530a8ad75
+CT = 6c779895e78179783c51ade1926436b9
+AAD = 472a6f4e7771ca391e42065030db3ff418f3b636
+Tag = 4522bfdef4a635a38db5784b27d43661
+PT = 8ae823895ee4e7f08bc8bad04d63c220
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = a3020781d65fdc52ec13e8b38b5a9b37
+IV = 0c2879b8eaf5eef2a7700b96
+CT = 7f09589798ef2d198bc2f1fb7ab7609b
+AAD = 5dd3790c90b2632a6dd17b38082e5af15a4f8dc1
+Tag = 255a58f831e20812216e6ed2
+PT = 122da596d16a1a712ce69b7daf2db61a
+
+Count = 1
+Key = a0b4ba9f4b25d88b6d0b8e91beb686c2
+IV = 2c43f69a965f3ec1ad8df71b
+CT = 7ae02928e1aa2ff5af40309a910dd71c
+AAD = 668fc634fbfb6c217472020b90f9ff461eee9cb7
+Tag = 705568949e8df86420bdd22e
+FAIL
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 387218b246c1a8257748b56980e50c94
+IV = dd7e014198672be39f95b69d
+CT = cdba9e73eaf3d38eceb2b04a8d
+AAD = 
+Tag = ecf90f4a47c9c626d6fb2c765d201556
+PT = 48f5b426baca03064554cc2b30
+
+Count = 1
+Key = 294de463721e359863887c820524b3d4
+IV = 3338b35c9d57a5d28190e8c9
+CT = 2f46634e74b8e4c89812ac83b9
+AAD = 
+Tag = dabd506764e68b82a7e720aa18da0abe
+PT = 46a2e55c8e264df211bd112685
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 033ba96828eebb768454d2d225b7fac1
+IV = 8383c62761a3e886e5fcaa66
+CT = 6945831a7b5d69fc15b426ee47
+AAD = 
+Tag = 79d53fc98ab158957ee4b8f1
+PT = d44a350ff32bd4107541dba3bb
+
+Count = 1
+Key = 1b35e62ce6ff1483824a0c24364a649c
+IV = f945d4dc672cff48fa5ac9d2
+CT = 2e5d8fa49b501c95b405dcb5cb
+AAD = 
+Tag = fd6dac7b4840bcd955507ded
+PT = d9e0a171da3fab6fd2182790ca
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 3eeaa3b5aa99f6902d1d58421b53ddb1
+IV = 71240c996af69d590ccc8e8d
+CT = 9a50a33a9438f485e7c89caba7
+AAD = b1176b9e28794cb627c5cb3743846e6d11339ce6d0ce69789833b9f344e92e5360a0eb61b173687f74eae3184ef641f1c42c5b180014ca7e6b0edb00fbc35f2efa7aac7111dd8ec70e851a3ef2e2436ee07e4fba213425b1a8e4
+Tag = e2865b861f8d5e0af25757905dd0653d
+FAIL
+
+Count = 1
+Key = 9dbb962de535a9e77108cd049dea0481
+IV = 72d607c6dbc4fbbfeacb042a
+CT = 3c8ebab6a3c4ecdb1ed807c962
+AAD = 9127cb0deed0e5b43ea153b1c17b484225a49c13a5f5995f86ef28a65f9f82397dffb34d4191c3db60492473d5df839e234a537b5a1cce9dcba1b1d205c92c4b4daea01186737cef6d42829ef07f0b6b2920baf998f6ad0d384c
+Tag = 9f8dc7e66cea95d7915281301913d3d5
+FAIL
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 4f64f175ff74efbdf887a53d8d125896
+IV = d7e20930f58d330c305b345f
+CT = 945b94e983082adf44eaa43d15
+AAD = 2f3da0238114f702872505d8e124190ebd0fba662ac3336bfac5611828426ed4f3fcaedf71a2707822cb197d4fbcd07f5dee436e9bc7a4e39a3975b782fe828b0df4ecb8c2971747cc666f00a277600d6b54d4194f17d2183afe
+Tag = 50eaeb33e26053695397380f
+PT = 9dd4c24c799e62db4481f1d2d3
+
+Count = 1
+Key = 5bff7a77a6e200ceadc19defa7216023
+IV = 25a85521c14cd2e6c437279b
+CT = 596de174a18b9345f2167caabe
+AAD = d7664828e9adbdfa5d96fa31b214c8574fda239538531c85f74573dd9f8665f7fc678b825b3e9c35d34edc4eaa43ddd01f18581f43487568de65e199f9b35767f6766bfb359add68b8010d4c7e52559c558d87fad6b1a987df03
+Tag = c4f0f7491c5f0645a4985ace
+FAIL
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = f3e60720c7eff3af96a0e7b2a359c322
+IV = 8c9cb6af794f8c0fc4c8c06e
+CT = 73e308d968ead96cefc9337dea6952ac3afbe39d7d14d063b9f59ab89c3f6acc
+AAD = 5d15b60acc008f9308731ea0a3098644866fa862
+Tag = 658e311f9c9816dbf2567f811e905ab8
+PT = 7e299a25404311ee29eee9349f1e7f876dca42ba81f44295bb9b3a152a27a2af
+
+Count = 1
+Key = 4ea997187ee51b478f5e1ba48b57f0f8
+IV = bb6fed9776ed61ca321ecdad
+CT = d4d67723dc367cb453c5b8ede795ad2b7affcf9f42650c0ea1df91e23175a7cd
+AAD = abeeb5850efb796979bb55a1d255350d9faae4d8
+Tag = def8ab2eda15fe03abee6b2dc9f6e805
+PT = 87e9f743a7bdf04a2d97c4a6c5d243666bfb2bc80c9610bdb079792a3f724e04
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 2f180d97a4c471b4bdf0ea37651b6363
+IV = e76d1c1a2f0cac6dda3209c6
+CT = 7309f33afaffd896b44ee011434bc4fcaa732e3e0b54d11117ef8c008fab4491
+AAD = b1298aec2531450b6389e7d33d1c63e7e71097a9
+Tag = 148b6b1c62bd95144a9d589e
+PT = 8870797cad1aad60dc637b5dd1767ee50bfecc6aa6d2a495d8213f24e9b40970
+
+Count = 1
+Key = 52c00432fa454c4fbf2c9c9aae25cdff
+IV = 3a7090399b39c4e146f5ddcb
+CT = c4ffe026586bdd0a3726964f3d515ef76dafdbc9892aa15a9232a520aece014c
+AAD = 33723750df42614e72d495f468ed8ea8fc4d18a9
+Tag = fccd8b9fa0db8da5ea15e411
+FAIL
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = f3c4c058c7f0965a0328f0f011a128e0
+IV = e96098c39d9aa83522119355
+CT = b42c25155820564b41c525c6aa8ff4363c7c511917772b9bcd574b0be1f6b4ca2153869ddf0c4f76dfad3aef0a76ce056582f9
+AAD = 
+Tag = 44331e39b8a66a81591ed155d7d32372
+FAIL
+
+Count = 1
+Key = 93ae114052b7985d409a39a40df8c7ee
+IV = 8ad733a4a9b8330690238c42
+CT = bbb5b672a479afca2b11adb0a4c762b698dd565908fee1d101f6a01d63332c91b85d7f03ac48a477897d512b4572f9042cb7ea
+AAD = 
+Tag = 4d78bdcb1366fcba02fdccee57e1ff44
+PT = 3f3bb0644eac878b97d990d257f5b36e1793490dbc13fea4efe9822cebba7444cce4dee5a7f5dfdf285f96785792812200c279
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 6e32be23764748c31d22c03ef4e83636
+IV = db0182c451ce6aa166a58cdb
+CT = ed0aba935e577300cfa7c3ba0b63542a1b3da7360cd1dee2cb3ded6524a1d879485d828a88eaf79db824489e796c8c4f9c12d2
+AAD = 
+Tag = 103aad7626a2cb3ac74a80b0
+PT = 39851eab7ad6d708459bf0a1934f647b1fc3e1ee087316c51c3a8b808a95d7520104b2e842b85e197023109542ebdb8209e0ef
+
+Count = 1
+Key = 1023ab3b22d4dae2da53186595ab7faa
+IV = 210d0bf6d788ef1e39a5ab48
+CT = 491b76db8ac7da576f46d8ae749c0a4a5ecfda5e491b98e900f2de624c1cbf6510051731af973cabcab477af2cb63dd131139c
+AAD = 
+Tag = 15700bb55610cd6ec67ce3ee
+PT = c050fa3ef997d89ae4db7c4432c8d4bcab1d46e614fb708ed876bd11afd89e7d975d9a5e5647286b56065dc4d508d003604565
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = da2bb7d581493d692380c77105590201
+IV = 44aa3e7856ca279d2eb020c6
+CT = 9290d430c9e89c37f0446dbd620c9a6b34b1274aeb6f911f75867efcf95b6feda69f1af4ee16c761b3c9aeac3da03aa9889c88
+AAD = 4cd171b23bddb3a53cdf959d5c1710b481eb3785a90eb20a2345ee00d0bb7868c367ab12e6f4dd1dee72af4eee1d197777d1d6499cc541f34edbf45cda6ef90b3c024f9272d72ec1909fb8fba7db88a4d6f7d3d925980f9f9f72
+Tag = 9e3ac938d3eb0cadd6f5c9e35d22ba38
+PT = 9bbf4c1a2742f6ac80cb4e8a052e4a8f4f07c43602361355b717381edf9fabd4cb7e3ad65dbd1378b196ac270588dd0621f642
+
+Count = 1
+Key = d74e4958717a9d5c0e235b76a926cae8
+IV = 0b7471141e0c70b1995fd7b1
+CT = e701c57d2330bf066f9ff8cf3ca4343cafe4894651cd199bdaaa681ba486b4a65c5a22b0f1420be29ea547d42c713bc6af66aa
+AAD = 4a42b7aae8c245c6f1598a395316e4b8484dbd6e64648d5e302021b1d3fa0a38f46e22bd9c8080b863dc0016482538a8562a4bd0ba84edbe2697c76fd039527ac179ec5506cf34a6039312774cedebf4961f3978b14a26509f96
+Tag = e192c23cb036f0b31592989119eed55d
+PT = 840d9fb95e32559fb3602e48590280a172ca36d9b49ab69510f5bd552bfab7a306f85ff0a34bc305b88b804c60b90add594a17
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = f92632dd22b3300fbb498b5a6d62f86f
+IV = b51ce06f5ea5fc4b6f048899
+CT = 983713a7252e8bd37b06d489d33ddf1c323bac20f09a1e6459346a70a335d4d0e4833d62830ac0fb75e3ef459cea4f875855d6
+AAD = f3eb475f763b4e2de876fe8ef5c59387c28a6660533e575e8e32bdc363e8b9af8fc6c2daf067088031292d360f96755eb7b10cc6f37f0f97b03c4c05f20998592c6dde06e2b8d10996194fc882b235fd0c0d9840d060eb8af3f4
+Tag = 272eeb52b7e04803d954f493
+FAIL
+
+Count = 1
+Key = cd69b998a36aeba7feef6ac7d2c7c996
+IV = bd03275e41ebf178733ad44f
+CT = 2ac4239ca0be41e7b3d7678ec62624d29109c70128df0023a86993c961c39df24959ea1d55ee809fb097d324554560fc709885
+AAD = 8cf2e3102e6ecded3ee7dcf543ce7141930730d8b3017087e495b02d7f975aa11ed63ceb3a12c52793bae36bd0df3302ff1a431ee10a88963e2e621ee56e74bed0f9e0ec69351743340b76bf9cea0e6164c95f2447c3baef5a9b
+Tag = e5bf3fe77e916de794b037e0
+PT = 24411afa3527fe12543939a099c6cd7c906ccd81547d57581491a8d05ea6b3bd9fe4fd21b19c2bef2c6db6f1c49ff715e79b39
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 408f5edd36d7684ad7b5909ac3c04de0
+IV = 8b
+CT = 
+AAD = 48a4bb10a14255792c5edb39bdb056f4333b3cd1
+Tag = 5c34609612faca9ec1e60852f1bd7bb1
+FAIL
+
+Count = 1
+Key = 4015eb0551b8430139997bf0ec21449e
+IV = de
+CT = 
+AAD = d1c4c57dce37a40dbef0e79db870e3c063eeed6a
+Tag = 23b3df54453afaeb9659e1ff7b3f7810
+PT = 
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 42168f5168e4164493227ac0ee9342c8
+IV = 12
+CT = 
+AAD = 3bbb688e5014d822a9e930c8f1194073d99b1164
+Tag = 7ba600b43586bdaffe21f9ec
+PT = 
+
+Count = 1
+Key = 7a1bb047557818fc36bd0c16ad0a301b
+IV = 38
+CT = 
+AAD = 5ac690c013fa47f1f145d0af35dcb59c818c57d4
+Tag = 4a045119cbfb4d290273539b
+PT = 
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 475ad3a0ae4b9f5b475eede95cadc9a6
+IV = f1
+CT = 1f9e03adc858959ab2259e3f44d88d58
+AAD = 
+Tag = 3aa732fb202126c5f5ad56bf8bc59d38
+FAIL
+
+Count = 1
+Key = ef5185a3840e78fc0bfb258b49a1f69f
+IV = 82
+CT = 8f9763c61d758247deaa20c735fba84c
+AAD = 
+Tag = ab393cbf298503dc093e8936a41a5dff
+FAIL
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = d57564e8ffbee63c7aac30d4d68622cf
+IV = c9
+CT = 6f10924b9e76dbabeea8a140df7928a6
+AAD = 
+Tag = 2c1e95d96b653d28f8c762a3
+PT = 0a5015494ee77fb565e09fc1c8207803
+
+Count = 1
+Key = a630a0b8ef16257689f3e0e56320ddd7
+IV = a3
+CT = e7cf55c9768e621e4fa2b87c5dc42b6d
+AAD = 
+Tag = b8ba771ff17da4bc1fe60490
+FAIL
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 6b069c72fa5ab9f5f866e7a7b5d5069f
+IV = e9
+CT = 9561fdf67f3a160cd870d23674e86b0f
+AAD = 2be3fcc3f5a6659a6388826c4c904865a27e5d6b10f9f49bb9062c7a61d3a93f7367d1d04c1b9fd2d40d470e30c269d1e1ab81e9968862025eb8de0fc77d69d0f12ff4be23bad2d65943b500f19f02d97cff6c52d43c8c74f138
+Tag = b1874feae9a5fd3eb53d4e78007d6a45
+FAIL
+
+Count = 1
+Key = af18b65a1fd2a785903396aa7aa1b379
+IV = 17
+CT = a59baff3abc5871c1404f97d3fd35d72
+AAD = 4083e67ad2154adeec549bc4a105295d3656c528b6701e634b209a9decd09a2311cf6d275be52fee85aa38a4b2d524042c08d6e93e8479ad59226cbf7c7b72ad95ce1857af7c76cdbfd76f2426faddcd289fee76677c0494007d
+Tag = 8bf65e804ef240abb2c9e7238efcebe0
+PT = e506442671808c472bdf628be14b8500
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 0ea24ef6f8afde2eeb30cb2fd3e0aeda
+IV = ee
+CT = ee3eb76c7f3694c9ba61fdada617b552
+AAD = 1b6471d408c220195e910a7abc3546e24c59b3647f4d6fab3969cfb370efc071c12aaa17fbca500c5b0fb125962bf118fac1eb4607d6a0052511e67976cc4c42f90f6530bd5bb382afc3bd1ebb8ceb7d30b64cf073d53f813762
+Tag = f601230f3320eb38b7efb534
+PT = e1cc925abc55b8683a24f52a8dcee6b6
+
+Count = 1
+Key = 76436c607e69d0edaec22653872157a3
+IV = ea
+CT = 28b3f779d552bad3bb415865e06b1565
+AAD = db1f000d7bd44ac4757ea58b2e11828a000906e0449639d5472efbe82f278481121dfc3c7cc148f7bd9f9fb328f82ec8f274a698eb8076a2b1bcb9f04f3dead219bd5b1455cf1e656749531ca7f71cf8185508889353b5a49b4d
+Tag = a815e11c0673cfc367ff5c79
+PT = 0b1a482dde1f887d579f4d1ba8152c77
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = c90352c76b2d866fce51d209e441123f
+IV = 69
+CT = 99f01fb7f3f26dc2bfb838d715
+AAD = 2dd35bf7263390a86eddc0b1e693833bf49e835b
+Tag = cc67d27f63b7e9f8aa86122a5b6a6b17
+PT = c52a881d4467b44da233a76813
+
+Count = 1
+Key = 593302c520bf71263cd8c14b288c4e9a
+IV = 9a
+CT = 7339082a97c2c9793e0a9a1d3e
+AAD = b8dae0f244b799ce231310d4b2e3d07117cefc30
+Tag = 558ac93567be75df6f44de10e1bc48fe
+FAIL
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = ea5d372c66bbc0aaed9633f600a133b0
+IV = cb
+CT = e1fb6161c43145f6f91158648a
+AAD = 4a962b3a4e60c72406f14bf7ef4b26b605571892
+Tag = 5d270484ffa7e06431d0048b
+FAIL
+
+Count = 1
+Key = a9b206e48114b6aba83f267dc8b12270
+IV = 99
+CT = 49263c0674ccfbc9aa8294a44f
+AAD = 076104c07d9d62513c13479c3e44464376c1671e
+Tag = 3093c0135142273f7352f370
+FAIL
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 591e1b505e38fdd64e7019b049222ee8
+IV = bc
+CT = f5bdb5aed557e17be48a7afa3f64e35eb10dd08b88e01bc1d6036fbf08965452
+AAD = 
+Tag = 9027f3d3e90745c7ca3ae16211b176d1
+PT = 2093f75ec698204f94a571bd938629dd6b053b69fe89999750127dbb00edde33
+
+Count = 1
+Key = e8d2960b4db3ae1df79198de63b943fd
+IV = b0
+CT = a76f5160fd1e716455fec00901e80296e55a0fef8367baf0b59455279078e687
+AAD = 
+Tag = 7603dc3a1eba1f5d7e748b9b28ec16c3
+FAIL
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 64fc6bcb2736a15bcda0b059d553f855
+IV = 16
+CT = 403a56c954ca4e58dc9f402e2698dc66aeaa04368c1c3943bbd41e542a3be9be
+AAD = 
+Tag = 1027ea2730243a8fca26e605
+FAIL
+
+Count = 1
+Key = 18ad3c1b96c66d3775a5f0cf2e51e7ed
+IV = c5
+CT = c1aa8059c3eeb71cbdba4570855440b68c95cfcc7327ece4d56a6422fb864089
+AAD = 
+Tag = 6cfc1adbfd4dfd9bca0543da
+FAIL
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 200062755f9375072c72d3f4f36548e5
+IV = 94
+CT = 3ca7d9b392ea99073151e87527eaf439be824db5c1c9cc9c8394e7fd5d93648c
+AAD = bba497a9a4b74fcc9bc84b8effc5f5ff452f7777c21c2dece9fce2c5da1730821bdeeadee066ab4d474bcfb66a4c1f14c99a574a1023544ef1f85667f14487d2b2af82baefa81c9f3647c44e0279f7878b1ce68edba3d7bcd5c9
+Tag = 2620a07160e8eb486d63e389d371235e
+PT = 596b0b9f877201ba6d37cc001e4105e357a5cb9c41dc9adf2686c4c2cbcfa1c4
+
+Count = 1
+Key = ea00ab0c01c9f8930fd1dd09fe639d15
+IV = 54
+CT = 5f637603bf4f5d612d21cc3a79fea4faaef5b392f5669a6bea923df7c03fbe14
+AAD = 21e988c607bbc9ae3b797f1fcdc1c4476854bf4eb36ba2f4fd411148e0318fcb570ef66d780288fed1b19a88790c4cf07d21e33c129be5861d9e4eb668143df3410cb3a9197604ca82890abb00bb4d91a39bac9a62bd0d0d98cd
+Tag = fab0836fb5402c9cb2651ee8acd3c265
+PT = 8662a9ea34cfb3372b73aa0bf072b2eb03dcc5de82f71713499fb3dc3f867eca
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 1fd614d59bf7ccf46f07f1e229779977
+IV = 51
+CT = ff2c59d1494d476cb3188d8b9e0bee2bfd6fe6cfaac15961ed47180877a67b05
+AAD = 329cfef1a6a58e6f769ab1a8bcc7a42307b1f60c4da380b027ca7723772ebd13e2ee7c4a757ae5bf0af84af8083fe8429a7adf14ad8fa2e2e144c0a70d872de4dd1fa6f2ce5605a816436bd2b7c2bfd2be6882d1a20e957b84a5
+Tag = be8f454fe84cc88963d09aba
+PT = f79aa0dda8eebb70fb7cc4a31f830535896a3889062cd5b473603502a7583056
+
+Count = 1
+Key = 5949c2a5cf3343a29f30ad6de7483b46
+IV = a9
+CT = b2103bd5f226a71af62033a4b613aed0cd44de17c7de9e0ed054745e8f993c91
+AAD = 7a6fbc13757e8a1f07a34a502838d3b368c66d1b068a303a54c7703314e83b4a096e79e0223db29c9339c95d820dc20d2880a938e357ec3ddcc42f547db54140f17376431ff72dcbdf3460ae93bb3661db1b9c90040588c1d64a
+Tag = 0c3c301b99d2275d5e2c178d
+PT = a7c76fe049598a6ac49d11f1fba44cb05acaf79831161514c4f85ce59c46d611
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = b13f7e2d59a9ef4c77f5582efe936dc1
+IV = 8e
+CT = 8ba6bf238db4f90f9437691d78eb713410b0413908560fc8960c8b0f4d32423f8ba4d349e0f24566892a19df8f1ff6823584a9
+AAD = b1c8f38fb4f7546c213dc3d3502a8d7682ecd1a8
+Tag = 5f9257e938c9fb2137c1a15ada4822da
+FAIL
+
+Count = 1
+Key = d1c691eb3f0a5f302002d19bca6c5752
+IV = 2a
+CT = d2097c5443d0d31a1a8b1f71c2eaa590aaf6a20f9b8f7a09b270e0a2169804d30a936c3c2f25d3bef801e5357f00321547a405
+AAD = aabf99e8b334609c72f6c58f4a51cae13d48be45
+Tag = 99d7b28a928596769fe792d949a6e45f
+FAIL
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = e282bf130aa9d88b486f40c5d7d6b753
+IV = 1c
+CT = a14557e6ac2793fce4c76be30787085ec711162133fdd58a13bc7f718d8294db54c5833e883eff9e510cc3949f2c37da87f35d
+AAD = 44188b2f9726498f7a5059f30f6005fbd78f511a
+Tag = 1821c2dbaaf94a7d9480f8e3
+PT = 2d563231997a3d395a4468b7d1f0244bb4343e5070b3657a3be7f16c49874e0cc3975c6cec7b74df5d17576aeeb877a5551038
+
+Count = 1
+Key = d90e672f6b074262bff40acbe9e9bbf3
+IV = 0b
+CT = e230d1ec1ab2ae6f95d84b9bd773738b4e130a01211d50e5d85bc7914d78f3f15512822d06f4b6e173a18f34f957b9f73a6e24
+AAD = 9b425a15d2f69a0877a49c500878a7ff1f76ef0a
+Tag = ac05cd716ba5caf7e3619fae
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 2698eba4fb3a0f82434707b357f6f101
+IV = 19557bdaed00a43b536340d1bf9fb8a47522a2bc4bc53b008c9cfc570fcca3d8282292c5b55c4a2ccb94058aa3685dca772fee74b6236b733cacb0772717ea07002a6a50ed6ad17678f8ff00fb172e14a717af278211f55345e49eb68b12175d4ad1ba74e44bc06272f14a27ae1b1f89fa8bfd4851a90250c762fc0343f87494
+CT = 
+AAD = 
+Tag = abd6606a82f5ac876caab5150007aa49
+FAIL
+
+Count = 1
+Key = 86ca97ede9ab63b934f4b20896c22d74
+IV = 0fd1e4e0cf2724cda5242094826bd699d8ac2e58d39cef5cf0fa894ea45e0c95336b622f8a2eb4969c0564f2aede2eb1a5ffca9f7b0dd6bccec1770bd6c845d88e2a4143a73cf71ca7dcac4e4cd76f1c4ddc35ed0037a96b0d567d32dbe8805ad6fd3344e7fc9384e1a5d1eacbc8914f39179aff2170b0ca2d384a3e731f55be
+CT = 
+AAD = 
+Tag = a3e579d3a8f1d6eeb7854f55207ff863
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = b04804854da168cb2a9ee94c76b8d91c
+IV = 45a3d8c773235c001fadaaddfb9092984d745656dcc51b3e1898835c852e41e9fb371c74cb8eef5e6c4a6969c8bcf078f44caebce301cb16f08a1d14f2970aabaf78fa7c69bd3644147e17390d6f4f46a15ca6f85a436655a531aba19d30c4f08a16168f6dcf78d8526cfcb9df83082131f0b47ee582b8809260e7345dc90e72
+CT = 
+AAD = 
+Tag = 4e7442d97e58a2c9feb3dd19
+FAIL
+
+Count = 1
+Key = d9b009bf1a80b138d4a6c414faa645fc
+IV = 7e251808785b8c70dc2fa99339a8f082949a4f89ed8e941a177fe861ffba2d3b061cd8da8ed258c60db57f993f8353af3aa8489f5f61b88b72df5c8aae0f467fa0d431948248b5988fcf6c7e03a9f7db88fb13fa641972940d2f65270b5d0c405d0963e7009791ff0fd6fbe9547f00c12313cdf3dc18e6438644d63612953820
+CT = 
+AAD = 
+Tag = 415298a59afb0f719d8d7928
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 751bdbf1e0d207963ab8b786e02d19cf
+IV = 26a7c80ad370ff7a851526c7924f7c1b03d165be182cd17c5a8c779b134d9974b82b95df3c54377cb11015a16940d52fa741aec80236302f22aade01f0913cfba2fc5c0ef19099e3f01a590dee02e797b01e90a6d9f906caac020148d2013f61cbe16ed049778a44ca343dbc188b0a57482fd070008bb825a8b9d66979a8ead5
+CT = 
+AAD = 9f79b7cb90a13607f6b42c5d2a427fb1d6e14fe707ec9d6c5eb8efeb8a970bbe6bd4a0be70f6c17b9821d8c275fd4259843d1f6b23df0bbaf4b03f75e72d6326a81d4459e7ae97271fb5478944e2d507fb85f7006195d29ec03d
+Tag = ad4467d419b918756b940dcecf4570fe
+FAIL
+
+Count = 1
+Key = 65eae4340e30a5799e047cca4b490336
+IV = 8710f6e261af606afca727cf60cc3a9c55ac82329ff63427303c9a72b731b1bacfc05819b8ab905c56779065fb46f95943f1f09deb7aea30d18d663bbd79f67bf9964eee1c264dbfb97cd80da9169f04efbc60814d87eba3ca637d7658f12aeabd6ce8acbf36fb8eb4a13859051b7613a2672c3ba8ff486b90cedc86f2df73a9
+CT = 
+AAD = ff932fc948dd72b49bec6e539700dde1e600b2c256bdd714f0c26e9ec51456676297f828e31f75991ae174860e8ab33a082299272fd666458f4ef451594e1b9c1e4063bb0e3278eee09562621b425d4253dc207b766e71fac188
+Tag = 82ccd60156286c311bf97e7dcd5ed978
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 4d869dbd8ad8fe130df1612ce5524ca9
+IV = 57f728b1ba040c5bdb7dd191edbb4f7a678d86bce95ff4d2c424a818d1617a9a087cec3ace22d070748cb09bd3e13215608359f4bf90b27c3fceb1501ca78314c3138d05a10f3fda8fb7ebbe8968e6d59893c840b81f72241847f5b9ef0c97a52d0f5fe90374f043a28e6e33b1fb40775691ada7f1667daada1390b36a55878f
+CT = 
+AAD = 614cb9e1f6a526c97ddd750d8c665739cfd88bc59a087f28dda230c2c0f6e8bf4ed17ed0f387bd0514803f225f1fb52c4dffd69c4492b0eac301318885954a93d9dd3bbc7f6ad46b467d84083ffcb9a19c6bc82145f7e5a42509
+Tag = 757976e87ace9c58904fb50c
+PT = 
+
+Count = 1
+Key = 28bbbeaf17a174ed68273507fa459097
+IV = 249b6d805e8cf2c1f83f47d14b8e53673c6977f0a0fd8b4a8611f034aa1dcb634600116253d1eb9581050faa64339799e71e1ae86f04ae667e515c5811179eea6256738bf3c2f370881a805916242e9cf489ca953bee1444fd39030b0f676574763b799e3c67d263e86fa8fa5e6cf016d6e96f4c273ad875905b6241f54098d2
+CT = 
+AAD = 6ac473f84d30b521ac5b5837de9c8ce63fb90a6db62c72ca21481311b652bb7b85a435b16b9cd4c9a4a51cd2c76f00e5f12da9c3f2912a013d9d20d73742be65f76c4ccfb3ac6394cc2d99bd2a8cac7d328126cf3a5d88912842
+Tag = ae7cd481cd4b1220cba198fd
+PT = 
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = a52d0b98373071bdd795131cb584012f
+IV = ffdfa77372d73f75ec83529abe544cf48c4a98120d0f1cf913fdd3b7f628f85a16c30c3400486aa3a0ec0709b07f837cd747bc8d320fde5a0cac23d7ad53ddf849b23202e61f982ced39f523e1f11c9bcf7d783202e8ed7522dca4b1bcff78abe73d7de80314cf5f531a9b114eebbee27fc473157231b51d34f2dc6a5975e745
+CT = 4702702a0c03e798b29cbd89d6389106
+AAD = 69e3ccaef1a3325d55079614de99d66edf373a55
+Tag = 097d479b92824d417d01640289465a32
+FAIL
+
+Count = 1
+Key = 4a263926fb8898b707eb29f0822817d8
+IV = 5e26bca7e93566089e52e562ab87bfaa6b614a9750726e3d260f6ba7dfc96cf3d5f28d39395cd197eef76d0d87d6e9e976050562c55d6c20d147a447d52285b5fa2a6a240814a2f3cc7d3be451540493ee8c1addb827953ccbf9d6a3378ece3a6eff69362e1a5d2fe9f7b7f6a0ebe10b767a042e0d67eb7c3dbbf6aa941a182a
+CT = 2a8cfc4f58fe5b3dea3f3119eeaaa7e9
+AAD = c70148fa3c7219532fc07799e06927f08bc1d2f7
+Tag = 9b4f038cff3f70908f7f265a8c66e5ad
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 52c2b29fc9b47007c511f3b9fd814614
+IV = 811954546d570ff79051e04722addd135685960cc55b6a03c8a17d21c4fd40be3c3ff2e571f1aea4543d7a052c9c67ff18b0ff9aac7d8819c337c0e06a6104ae59d8b226af33f025fc97bf12c5f84f2a6c169caf75f5e736798ab664c0f589c0827d6a591bb2bafdad90410fdc12de401db764fe851eae5dc913918049d9e225
+CT = fe181ade5c03a94ff1999c9b1e915747
+AAD = 22e4875cdab4e47e46ceab73fe04294127f97743
+Tag = 6a7b1a3b508e66ddc65f110c
+FAIL
+
+Count = 1
+Key = 9a786ff733a8cd324162592e397cb64d
+IV = 73a3fffe30f961ee553ab6fbadef4cb6d71c34f61081fce314cb66685133c46effc9e3c665ae16192792ba689771dd55359c3aefa0c1a947e0a7abaadcbf7422b1a9c541d868bc62246d49ec780cbac23fe22d554092bc881b9baea21f266943a19c5b8b597a4dc52cb34839f1bfcc6d88ac94c3085ce4364f85d49ab9e75c31
+CT = 85b35b99ddd3b669c39cffeb112f1185
+AAD = b107672c794233e9ebe6866388201381b769ed82
+Tag = 530458769b8570a1848f9a31
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = de7b6af1a2d0a92f8f5bed0ed2a4c3a5
+IV = 7c648aa92cbe2467abc4aa77d9936cdc720b3ed607d88244adf2a96abcee5d925050355656115e7fae5ef64a5f3a70cbd103853b5b9a93223ecc947bfab2b3b33f0bcebfc1cac46f3ea4b87f1344171ab276feb5ab5cff7d3af059b11d0ddda90fa6e45300b46d702d6a2bc4994d87f013052059210565e87194daf86b0c1ff3
+CT = fecd59b042fe86d2069efc2531
+AAD = 
+Tag = b5e8a287aaa1545ef43cf5d1f6b8e8b2
+PT = 6b392c43cfb074ff6cbb92ef96
+
+Count = 1
+Key = f1bd519342c172af750d3f0922165bcb
+IV = d3ed68092b3cda7f4eaad71941b309cccca11fc42041f52eda959512e3fe0b7094d99e3f7ca4a675491d38f2b1c4f28c2f789d6bff3481d68a365159486e822384321a45e026c2a1bfecd0b8852f1895e09a213ee63ea5032ee22830d78ba990cbc60450435fcd97b501377d702f90d470ec566c883c2c979f815fc8da237cef
+CT = be5375072610b9999293113564
+AAD = 
+Tag = 52df8b8c7e5db92b3d7875b97b6a7cdc
+PT = 660982e7b79a100df1066f1560
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 546a49f3da4d0895ec41b8cb5a7ae115
+IV = 721bb8cce428ecf78e50db3f3152388a6df6210fa1723693d526e4ddd5dcf0f7f478f63729b02414a4e58778e97306083f4d01bfd564f2b2ec9b3f30cc1d51d079c6c08f6cf3c045c406c02d75863bbc1458286fedb40088e30601cc5f68871e5265359752fb23d817d53e109abbf6db00226c833a7921efd719a783cc89f989
+CT = 4aa1bb6e198c3b5a6a7992febf
+AAD = 
+Tag = 2fdb588edd95b285abb5a775
+PT = b326079a44d686343aa8abdf63
+
+Count = 1
+Key = 3ebd80d5c8b464424b90f587c42976d1
+IV = 5741462741f113fc99a3dadfed99578396102587128cdce9ed676781864d5b169dae6916c0fce5b13e7879e96b2538045d8b7471d96da1e12c880c5c6e25a2622f06c1faa983ae80446957ac2f4748565b7c88a6403d96f0e3186a53840cd2e237eeef8bcdddcad7eba02fd85c60f8fa1798c61a93537e022ab4bc2ca484ffd5
+CT = f6ba47edcc745d861464d589dc
+AAD = 
+Tag = 9d125cbdc491e497e06ca706
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = ed1022a97541386191d7f497fc028afe
+IV = ee42968bb03b625b46ea4519a0c793dce51f30f1f843b17dbf910c3bd5ac3935e18515e7c162ff5a7eda471469038bbe4ae597b5ac4e09dae2ad98b92b827ff2511427a38a1cf1ebe388bbd7ca9dd85c15fb464ae1d49babb1eb6577ed4210a77b37ba9a87d883721505222a37b0edd4c6f9a519da58becea04426dfb4ffd9de
+CT = dc51cec91f803f73655c23e2b7
+AAD = 2fdff5599ff34063d25610098df45a8d69fcba22deabc28085355a4fa420ec2702daead93e3b8fcbad5867f8287973cef3e4a323968302021182b5e3fe5d77413e2e36202477a62f9a7e64e78beaeaef8e575511d5b25e409aeb
+Tag = 502a4d8cdad446e96d7e5b4b04ac5bb7
+PT = d2720de7f3cc84f02e241b4e2d
+
+Count = 1
+Key = b4fb230481ade2a486061c93edc8e59b
+IV = 68bd51d2808567936d7d7947390e12b607b3ed4d2500da4b34c76a087d07a00de7292fe01f7a4472e2813d41fe2aa5db22a4197c7826bdf1f524ecb22163f58e45023b1a83c7bb70f57d83bf0475a65a3f64bd65662a0b0bbabe649153746a5581970f3e6426bc794fbcdb89db594f3e67356136b3a18309ca3137951da56fee
+CT = 26f7b519bd175f41bdbb78b3cb
+AAD = 479a584aad752e7755f7df00476ca202f97cabf79244229a916fa3438c7d4e1a57adccd6ef909f5b60b1a54e979ed367296b056dc90d680d2b2adc90709e3da858afe0417765b51a132e85f53c78e5708cdcb8fd8f5e1d318df3
+Tag = afe604d281b86dcee49d6efc9ed1207f
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 561e3bf46c3165a919f1505d229b3cd0
+IV = a767f94c56efae306bd1bd14f05f21963b7a643bd0cba88380d11f725e4e0ca45f1cf5e7ba710ac3bc1b8ba2d982d9007056f9ff59e0445148ce6c7e199a7996433f7c9758bde89ef2617f6979c83ef9afa6fa4f6198814f987ea010c9ff3aa792a27acace43e4bfbd3bd056a2aa9e66d95bc1e603bd9347c394384c8d878328
+CT = f89bf03b8c506e4fbf074c7a36
+AAD = 68277db43f4be6a2266ec8e4531c3a58bea4a183a869e4102826f97177756146db10cf36ca7987b1f93e4bed4bf5c794018ffc3b4e417da296c2b86a4da67fdf03998ec96fdfa289164fc56de0a00de3cd6488234f768ccab1b2
+Tag = 939226a74826e064e272071d
+PT = 19d495ff77475b9fa7afbe93fa
+
+Count = 1
+Key = a61139dd7554906d7c57e5ed7dfeb158
+IV = 851e54bc56cd28f64319d8bd643613257e31517481962f5bf021c58672e4255db27b308f5cf273fb2e70c14cf73479d7809089600c9ff3be7a2d81fb1b94908db6413ae58eecc4b399561ddc280117c0a8ec13c2d2fc0f99fe2553dd1cb67616515e60224af353864ef33bda2a63bc2cdce9389bd05bbc996f879866cdad19ac
+CT = b080e9fb5a6858d2e02ad4dc03
+AAD = 9c547e2d0bf65edd3136be3a7435a608c3e0ef64a809e8b2bd22088383f2b830530145b3d984822d18448b471b3a26c2963c008b6de4c6543a841d9ad94d53c6e657d2289823182ffcada496a5f02e831e4d4ea40dff2598ad0a
+Tag = 7156a22a93cd10369008bfc2
+PT = ef59b510a9d348c5cc1ab74114
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = f77c0a52984b31f839c2bdbc2cacbe2f
+IV = fe91dbf9568e8dd4f175762e36b4a28c198d4f2ff59ee7ef2c6a681c5618cf23fee9a5eefd693b54d167ad17f78efd8cf87af63d725b10fe88e71eed77274d999afeb1441585aca35f42e960cacc77a9a0d7fec9b30eb50d7b71d3724306e1b29cb1926b0602b3934908ff322ca0ec12f590999af1646b27c3266362d3ad5d97
+CT = 11f8a917d77eb1d14c14e821dc52afd0b1321eaf70704c24646f457a5b7f4f8e
+AAD = aa4ce8424831b72c15d21d857bae40c9400da2c0
+Tag = 670f962a59e390957cd944a43f287e46
+FAIL
+
+Count = 1
+Key = 9017d2c52253eb635452fcda24bf8e84
+IV = e8b24af11e7c39ecd0f8c5a523acba6f155782b0112fc91479f4dbec74406b7fe2d9eb974cba46be6afe57f53258cb98c44c26bdee22d97b9cc03fc6244f8aa183458f10f8707ca1e7f67c040394773006eef283fee4c6ca325c41f99a2f1fc06fb4b926b296084eb4f129ab197f78a36bb10dc446bff8262f95d9c940f569fa
+CT = 4408458f6df032957c80bbade4aebc11a6dca45652bee57580084913b884735f
+AAD = e5670d66b59cb7a03bbfe9b06674576c3639c876
+Tag = f7106b15615eecc5d436b56c9ef10bf0
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = d11f75f30d5bffc0cb9c2777b8e0a063
+IV = 8621d6e0fab3bd6ae4cb990bc7b6e79c7f3cd0f26540d5fd8ba416bf2a7bf31f6e715493a40635c0bc360a4c34ef3d5bb9fad552244f205b4780a8e9475233813b34611c6c41a26cd519ea89e24b1fa38eaed74e40d5cdc8a8cb37a33163b108f009448bb29325c3231c1fe79464ee74e3ab52bab0e736d38df38984c78cff2f
+CT = 9e96d1122881e720887c1a6b38a36d6c114c1c053c6ae0250c9cbd1b07096e9e
+AAD = b43e16e8da6d8a9532df8dfec1f333c0dcce1df3
+Tag = 8aab945cc54339f5799181e4
+FAIL
+
+Count = 1
+Key = d1f35ffab57b0ec7dbef22facea8ca99
+IV = 722b405af49a318ba3a2af9fed51208cb998d2e571e811e3d68614edf62b584c48434ced5371e67eacde22fa2c605cfc9e9f6d5c1ea903c4ab627ea47e0979f046698224f21e6478ff20dfb4183c2c4e53376fe6131dfbb014b9f49460e9ffbd7326e09d469ef63b216db27911d81ac5519672b3dab52736bef87018698af9b3
+CT = 031a69f6efe747a4b805313abf13e4f0c9094793544df3a078656061740c9a82
+AAD = e01ebb5cfba0fc6ed01618929f1c34851f4b46b0
+Tag = 85afd6bd8ce46c892a2c921c
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 24168b48b45759c8d4f9b061f0cbc16a
+IV = b8e5ede75254cc4542191c7e7b0319ad81651451b639caf81c81c98301a4a0af70e291a4e35b448917be1e400fc64a22edf32913162558c2591ee3e80f397d73dfbc68b82da49bda9bcbb6aaf26919e21c1773cf51f6c5b71784f47978cc0d593b4be0259ab22b0b48de733a884c50a8c148c495973a8f5f84f2e93755666bf5
+CT = be19c7e3d3e63f73d833c967d8d62f388ab9617a2adebe5abd99b5ec64599c46bc28bc62770e08995b0bbf27089e3e17b80424
+AAD = 
+Tag = 4aec633d4daed9ce76d697c11f66f34e
+PT = cb7f10bda7da8a2569ed1f3b667127a1e0fb197283aa16ab8cddd43186bd126b118e671cab3e325877fe0e79f1863f89122c8f
+
+Count = 1
+Key = 123e6d0e7a13ef97da011db953ec8675
+IV = e863681a4a672bdfefcd6689f9cab2eddee4d729ada28090a87ab2d9125e65e19cefbed73c7c2b1c81dd44e90a39ea0f17a498f89b50e3b305da66bcc4cb92433953f4e56a07d5cf866d850992fb6bc86af1e24cf292ca815e30272df7db7c64273fcf5be652b627271685a7ce6940e24f80f459132e4abbf1f17232f9b1bd1c
+CT = a76ce6b5feb1173f585117fea7988d51c71bcae1b19d9d083e67db988ac581a3a28db7ffc243719b73796d7c76a3efd75b16c8
+AAD = 
+Tag = 96e6f800457221aefb0764635c090c75
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 5d5a6980aba78c4c0197e2420ac58a9a
+IV = b83e10baa5c23984c861bdc60e53dd26c99a63d6c1a19a15fb2de3423f62d2c75577727859982c7d92a19e69f419f3a6247c719818254c7620793366d1b4b38fcbdd7f2546e3f281c5433c89a506eb4f2fabfdacfc801dbfc733ca3d161fd27a3da5a7c84da4e10282b14240266dccb4cfece933521385900bc4778c8a5ccc2e
+CT = 8788b68ed5b601fee7fd6f7ed16b31953ef5a7ec2505282707374ec9de8f9b388e35ad2c6ad987c62dc4ccca5fc134844e2aff
+AAD = 
+Tag = 93de86c6c80df02f09b19eeb
+FAIL
+
+Count = 1
+Key = e3a9aab8735f784cdc12d4a41aa7be4f
+IV = 3bb213adc907e2c7a71c6767380ad43a7257273f26c4c9887a2869dcfab5cc8bbd7b39bb2589fefba8afcec16266fa43b38bc4813f95bd613e1e7625b49e8fdb1929fd45cce41cf504a8e66cac81c80c8f1090a2dd09a02218df3756687efc2e594f0c30842ecd645cbb36e6c9a2e0b0414adf0bcfdc6bf7b6a7899b0a544eff
+CT = c0c1ea9364957655a2e555656ba36cb021289221d14ae8b1e65ff2535cae684143093653fc61825b31f4f286af47e8b1adcfd2
+AAD = 
+Tag = f516d379dbfc772dab40346e
+PT = feb05b4566a6be307f8373483492da1cc5c5486c08b19f0e34ace45e9bcc00a97f17d357cdcf5faedf53b4167ad4247e04308e
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = e9b0139be8b50b85dab4fc69186c520d
+IV = 047fa684f5e40b795d77aa204eba377ea6150165298252c953f48f010b7735691fcba74e7d9614f5d77741213300790303be2894d936b2a92cd3cc61b0e9d06cac3ef999e0aecad451fb7eb41a4cdcc757fb756fe8846598b699aed8aa067ba01c8d8dae91d4d8414f73ff8311a3e5255facba2f28a2fa2cf3a5340a2f1bd2b7
+CT = b31815639dc0f31436cd86434edb3fb38a831a5defc961279f3a423ab88908cced42c7e7231f79eafaadd8602aa6ba262dd645
+AAD = 7307226192d65dd58d17a000dfe6ed31a3c3463d444799e85569e6d0a8375f739e279c1f3e138a2eec64808a4beaa8e4cf6757a4091f34b6619fb4220c6d95770a21bb46ad9a32799453d36012b293d96ccb990fecff7bf5d326
+Tag = 4912ca9aa5b64c28918a4873eafc4925
+FAIL
+
+Count = 1
+Key = bc4c6e73acaad3efa1ee296fd11bacf5
+IV = 451d09540aee27418bf5c5e50c09c4fa4175ba73c51381ba70bc9ef4bae6571d6d5a73dfb348449192f7e470adbe11967164aa9d786e241852d90867ad38dac02e314046d57846ac3d1eba25d9f2c15a6640b942a8eedb135241c96e05851709feace5432494c6da5b79346ca3ebf0daf7b1a3d7555722add362447538d2a708
+CT = f16ca460f87fd066482f08b5e97e6aaba3b26bc0f105c5e1fe7fe2eb6709fb4f2b435a3a3c7e8f8e9546c1150f0c517ef47e90
+AAD = 943c196e89253832d90531aaafb7f14bf79332b8b1537d98e7bec893c75f21707994d0289265132228d88c9ef4be167e2ede50b6761c793ba10ddafc736c3c9ca82c3e3d02b3bcf04fdf63335d49f773d3892aa879eed14c2ec7
+Tag = fb03752c5fab7379fcb7d92054700fa0
+FAIL
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 3826b8a041da1bcf36f8cc3e04699f38
+IV = 998d1aa03f08fafb987984c04bd4ab38bd018aacf520fa1d78e9b450b2abf8aed2cea6894f64f5ac55fa9f1831a00197ec72b09eb339bf2b427d14b99c6ec7ae35188aae6067cee43393b3b8683cbcf835d5821c48b3d121073038160ef7a40a97ee397a16993e5236be48de74634091022ac0550f3e647bea9aa578d6c53d70
+CT = c15477cf0e1c4c6eef6b64063e891cded0c736985b4b01957156da9c32f394b9371ead2fc86622f6f7d4ba5b5a5e01dfcc3e4d
+AAD = c7314b536efb7f8a9e1063f4ea574a2640d2a60bb1a711ef0b41d7ecb977dc7eab9f8cefa12a07050778c3df84e6f95c02a6461ace36b8e5d6153f17cfb9d6399c2528ab0b71902dddabeb03c2cfce122c01f2587db5988c9180
+Tag = e54937deb8b547426515b608
+FAIL
+
+Count = 1
+Key = 0ee3d77868dfc10fb9d683a6c70ae47c
+IV = 08ef5026d810526a274f6f3c6668f6dc535789888b49a5605627a26dc8c1fb6fc196d0a75128b85b15a3e7fd5aba13c81368026d4123b1fa190791cb014efbc1cf1e8b60aa1e897a8b13645cb4b8fbf7c9b223487ceb10b406fc2e7fcc1916b75e8e616da6f8e424915d876e9824f6a1c365ba8cac39d426ad4d22c451086c3f
+CT = 1b06f30d2f87225a3d819521b03455437ce4986251866a5f85f5772e70694c0e4b60e1b672bc3ce9001ae38f5538f37a66350d
+AAD = 18bf637f94688d9cd3b96174d8bbcb6628eb3c04dbcbab53eeff7c618733a015eddcfe38dc4d2c6df7c7898bdd1ecabec3b78d5013bd3fe796155c61e1960d3871bde8ea7648f60d2aefbf012e8b1da124abb871e96aa0c8ca0a
+Tag = 427721503327ba2a08f4da89
+PT = 2463c81cdf2f265689310aad786870e0898458da3f214430eb09bef5abdf00a9eed5f46c3d245c916bbb8b5f29fff3746badbd
+
diff --git a/nss/cmd/pk11gcmtest/tests/gcmDecrypt192.rsp b/nss/cmd/pk11gcmtest/tests/gcmDecrypt192.rsp
new file mode 100644
index 0000000..8601670
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/tests/gcmDecrypt192.rsp
@@ -0,0 +1,1016 @@
+# CAVS 14.0
+# GCM Decrypt with keysize 192 test information
+# Generated on Fri Aug 31 11:29:44 2012
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 0e5d6e68f82f32bea3f0b69498c1a31ef6d955cd3d27a2a8
+IV = caf72ee1e62e1001e8cfbc63
+CT = 
+AAD = 
+Tag = db1a74ffb5f7de26f5742e0942b1b9cb
+PT = 
+
+Count = 1
+Key = f780e4089a6224b9db576b368149fc4f58e6c8f7061814e2
+IV = ae84a7ac9f89a70c92d566ec
+CT = 
+AAD = 
+Tag = cd65b48665146066b92b34b38ec3415e
+FAIL
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 30b6bd8bed8df0251c8c1e24318f4bf4dce7ecf636752b77
+IV = efbead2ccfe79bc4340227ce
+CT = 
+AAD = 
+Tag = 8b567322ec301d635f032420
+PT = 
+
+Count = 1
+Key = 9338ba6fb2309c9c94ce4658624c5e849811e993736ac309
+IV = ab574ab3a346b9b2d4183bc7
+CT = 
+AAD = 
+Tag = 80a127273fb9411096d046b6
+PT = 
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 0e08f05f4486ccd670514f4307d410ff313e250dc93ffca9
+IV = a990d1ea4d789072c1881ef9
+CT = 
+AAD = 66beb7044f4b32827834630d879a8a8d4e9d7b80bec3e93d937ec42a0f5ffc1a9801eb86e3db4852e09616b2312c5afc7eb1e39bcd92dce37e27c50b0d80e6ab7311e984acad89fd376e828062c018b82e7eb0c804b198d869ce
+Tag = caec2a7ab51dd049b08a024b92e28d76
+FAIL
+
+Count = 1
+Key = 25e97433491df9c8381eea524daab5a092db259edc34e4f9
+IV = 95ce1179ed9bd916acb7f7e9
+CT = 
+AAD = 411d77aec39759114b2adb69d2aacfcd639b321b74e99e47d0e3bb0565167ec44cbd5f7b86444174cb0a2231698e5089105698c9e2dfa3954f73a9db1e6831ff31f0edb43a621e59597d1407e19e0f4315fcbb3870b87a9729c4
+Tag = 83d0a4c8dcf476d294d3de882f09ff5c
+FAIL
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 99e1b7c9b574c5f0224fbd597b2b19626c425ec32398885e
+IV = 1cfd6fe618dd6a0007fd43d4
+CT = 
+AAD = a57dcde37ec42e1a0b9a169eb26425ae4ce1d98faaaf303f95b4f54295ae4ba77ebdf7fbee424dfc5b85607dc1eeeba210705ef017b94eeeb904368e48882722d16cbfac5e0c744dc746f6912896b6879ff663ee484b53a76311
+Tag = 954a9d6a7784520ae263a475
+PT = 
+
+Count = 1
+Key = a0692d8ac9191e50227aca7e66bfa62e6f9913390f4aebc8
+IV = a82d8a18f624392c34691539
+CT = 
+AAD = 3e0e9d0b83db49935ed0155909f7a6f6e4ce7fcba2ed7fa42a6ffc283945dca68c0e87fd1d61be60df6119bf6312eed60ade9d6e51156f0cb0bfc00ac86c9beff82621cef32bf34b83135ba58f0e4542ba4859718d9ca102e4e9
+Tag = 331bb460647e51ea147cec80
+PT = 
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = f4a35894f2aa76fb6d240dd93d3dfe99cea32cfac897c4c5
+IV = 5c2b8b3213dbfd79224086a0
+CT = edb662fbaebbea0381f60084b98585ee
+AAD = 6cf6ff50fbd7dfd2a0d9893bbd5baec626d185e5
+Tag = 84fd782b6e4de54badbecc1332d17465
+FAIL
+
+Count = 1
+Key = 7af6699f566e8e9892b349f2c72a32a5c94653348b25d3f4
+IV = b682ea9dc20528fdb9985a72
+CT = 7542cbb76464a9f3a1338e8ecf4b6ee8
+AAD = 4f3c752a024d47416a5213815bdc3449deb82a74
+Tag = ae837b07ddb51085bf99463d3faa5d20
+FAIL
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 2bc9e7b3893243492436ebdd74a0503c11e1497fab0bc793
+IV = c0a8883740ca3f55f133ca3e
+CT = e9b29b921a20fd9ef2faa9af1318b151
+AAD = 12c23f7c98a3b61bc1dc188d4cf97dd792e90cce
+Tag = 0c47605f8c429aa38b115f38
+FAIL
+
+Count = 1
+Key = e2743368ff0b18e2c49c624b3fe92c7c848c143df71308fe
+IV = 6ffae5d1b3c9f5d8ee88b090
+CT = 257892a519da5735f8157e811431f82d
+AAD = c3186b7b4040d1516bf9e5cfefb699066d3998cc
+Tag = afa15daf61d2c4540c08df2a
+FAIL
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 692dd36f933612bf3cc489d67a23e124d9b653278e2ff1c7
+IV = f09cb5f7d3ba81bb3bdc006b
+CT = f136f262e800c7ef2ddc33efbb
+AAD = 
+Tag = 4c1a4602965578460d6bc61e5ee81925
+PT = 7bac3bcf984a9f556f8d7e9fd9
+
+Count = 1
+Key = 8749302dfde89262edb67d36e7f5779e2d4eb4731ed48f33
+IV = 822c65d171b4ccfa00f86c62
+CT = 2e068703421318120945be4645
+AAD = 
+Tag = fd805bfefea01ae3713bb4b53449fecb
+FAIL
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = fa34d0b54e3d8f6dbebeb42f330e0fe54a65a2316acb8990
+IV = f4bd6e8a4aa6b1f2ac7df8ef
+CT = fbbec752927736a98c026eb089
+AAD = 
+Tag = ce02db92469bc5f4ffa9a6ab
+FAIL
+
+Count = 1
+Key = a220fdd9544b84244c767cf2794b0777e291ace05bfdab5e
+IV = fa50867e72d39dc4371b7651
+CT = 15737959a2622b783955ab15fb
+AAD = 
+Tag = 4b608d500aae04c740076810
+PT = eddd451d140e5fe46c150c6c91
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 519ddbcfb3411c7539df0b61ff2b3e3d2b6ad8f030cddcc2
+IV = 78ec3873bd8846ac42ff3a9b
+CT = f1fb8df28f5a8649d930b477e6
+AAD = 7b4d412302f3319653cced7dc6d7d845cf1071d3802cf09bcd2bf3077609a1dae1bf64e78820f368862b2c0daa17ff9b33d1a7e4f627507c5a916a800e6d349f72a45f8f76b01e63dfcb44f00a225741d172371eb96f964987eb
+Tag = f71b0198aee970e0cb9f835b4ee9f433
+PT = 16eaadec26204a644e2f24b1ee
+
+Count = 1
+Key = 93d02ef0f9360e965fb711e728cfcc7c323918df291f625c
+IV = 1652153b54951b0180af5863
+CT = 37b428d03edbed106587742f19
+AAD = 03d2918d0f23ded3cd793b9c00184fe1cf4c4546c0f6c83d1ec025c83777f93250b632d06cc5e96ec7d7c36240f7e3055bf1cddd0608d92a437be72738bf3e9c4958fe70a8672669fddddc5028181aaa04984509e1bb7bec2869
+Tag = 2055377cc020f111e49a7a3076331072
+PT = f52f71dcae794100222cc14278
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 4bbeace710677b723e15e2c619045be3631b392bc1c291d5
+IV = 15d2161c6d01e9328c7aa601
+CT = b9417e118d30058d097e9b8dfd
+AAD = 820ed107e867ebdf9861088e546452d6eaee06d1c7c116a07cba2a72b9a2fc974485a842e6c891ba2b08a3b773f3c92f56f97b934ec9e14c928f9ea040c0390535309cf49477b3a76cec40b6875238dfef2f4c86415e05220740
+Tag = 1187cb806d5e58af5ba9e914
+FAIL
+
+Count = 1
+Key = f9f4686a4a9519f903a1d63f0ae0d450414aaff622c6d3fd
+IV = bf048a6dd8070f9ec33e77cc
+CT = 2766c42019885def889f3d4e2b
+AAD = 54c4859b710dd15178b24c74e5825bb27c9acd0573fd2049aafc921676520f28e9cfbe211f8f7c855b9bcb02f5afa9f7c02581e30aacefb19d31246b82a187eda5e0f4ccef3717366c977d2cedbfbd5276a9559a60916ac053d8
+Tag = 92025305e06ffa9f05e2f18d
+PT = 7942b575fcbacbb11c3656327f
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = f78b20a748d3dd00b78df86efda81e495b42a1750b98b7f3
+IV = ea8dd7b69521b27b2e4ba9b6
+CT = 12062587ecd5b89d72030cfbddf8e13ede8c02c178885df2a41392e62014b9a4
+AAD = bc2de46f29deb1ad59260b7ba90f0c8ddbcaff0d
+Tag = 5fa0c38d6deee5ad5e8e3e88a26b1be7
+FAIL
+
+Count = 1
+Key = 147a68d29beba153067c66fa805ebda184d153db72cc1495
+IV = 0beb22c66583920822023fe3
+CT = 52a5da707ed72f194b82a22e502844820cdd3da737454842ed37bc1aed1493c8
+AAD = aa6e807af408f349918868afd9af9a16c6ecad5c
+Tag = c689653218b24320e5a3db5e591099f5
+FAIL
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 18309574c65df0b78da93285dbd43d11e1c988db97ca2bb8
+IV = 563af7bf4d35c531ec3561fe
+CT = c132c3a750c27ddf0196dd1c6606d51865663afa4ad2746bc558b97a7e99e164
+AAD = 676298c64bf4116f010fddde84a84c87067ad013
+Tag = 5d0ebb9c1e61676b76373f61
+FAIL
+
+Count = 1
+Key = f3da884d7536c33db74cd0e06d878bc7bd17c5b439761359
+IV = 1ecd1c1441d52a206a2c446b
+CT = d2673121cf14f9ec6945469ac177a5ffe91bc7a0beb3fde59b3722f15e67a3db
+AAD = 6003f684e04109eb54ca7dd26163ea139567861e
+Tag = b6b4f3b517a5694d5f470fdf
+PT = fe14ffc321da3def6dc638ff225025d99fa8a006eb3f5dd2e777d343c86c0d8e
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 117c607e01badcb6be05340ca91ba8031f30d7df206c70df
+IV = 17817f2823679496258868e2
+CT = 75ee0bd6fbc735d7a5c60fe2796ca9f14471955cdc260b61536ba475359dae522a3dff8095cb0ad61928ab91613bc1042457b4
+AAD = 
+Tag = 1d2509a73b0f3477a6e3730bcc3e5325
+FAIL
+
+Count = 1
+Key = de0d93038d219e7f97fc0b288984bfcfe4878acf59f2f599
+IV = 483751b037c6dca1ff6d4ff8
+CT = af691f13f645a14d42de6273d160ca44fb8a3bed24ff87257e463446e04f31432cc36c0603412adab063283c14e4ee78ab309b
+AAD = 
+Tag = fbfedfa8d93e1594457723bd50bcf63e
+PT = c7e167999d65346207016351ea0d862110d0609606db9d90fca8bf228059b7cf589378a5dbdb07310d7d09cb13816df00444bf
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 04b375376c88372a04406a184c0d51b78a7b6eba7561c399
+IV = d76f71b405311986e617067a
+CT = 79223102aba3412459e6a3a1ef6043ca0191585776fa41f4419841f090929d367953d13164c7922ec787586e1915f9486939e7
+AAD = 
+Tag = f055cc9dfa6bf5e542e28288
+PT = e24b989ad314f5da96df3c797fc28fd4427c2993f1b4b16bf4abae633bce44772e3aebdaefb4319fa8a1a092c0259a41b74a9a
+
+Count = 1
+Key = ea85fcb5853fea0df4a94fcde80c292c22e171418327d619
+IV = 2091688493235e018041b172
+CT = 27715d5408ecac994f4c812e738c155a36687b9f1afe127dbe3285b5d22966db7c554e80b8c6d0020f67c4cf34b4009d3137b7
+AAD = 
+Tag = 89b5ccfb0a01300249be9a2f
+PT = 660e459d33b0d7be3fac3a2c27c9be30775ccfb4284b2fa2787cc33662dc3d281eccec1170c7c059b9a45ff40da97b2c221d44
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 58b4c1ceb6e22434d86ff3ade5a654196318734612bb9bd7
+IV = 8928e4bb85f50941fec31453
+CT = 1d5ee768d791921000ebe0b9c3c85f1070fcc2c473c5ddf58a3e86aa2bff382f9d47d7f4023aa1017218e6fdd7dd6bb0a2ba79
+AAD = f99039c812d3522f81f8ec09ed79fa0dbdafeccaf0814cb8cea346d5928c245735285890b65c32e1591b811eae8cd261608da6cc8c3a0d1eb1b261f748fc0881f05dcc6b40f38711cbb084c0c30f7cb4ad4dbefe574b414b3454
+Tag = 36e0bacc9ec6f6ea386f1fe997011347
+PT = b0597cba878e78d7372b4938b25716a3c98fdc11ed12accd393d80a35a6be1d6efe40622217b384e15b57f006c9c47e0d31a4c
+
+Count = 1
+Key = 620eeff77dfb66e3160171115d86d140b4f463004983fd02
+IV = bae5528715e7d6023752d98f
+CT = a36515b7d4afa95e8d391f54556f6d0ab6e02f220eaf755d77de1d9f89f8f69728b0b85d28b9d948bee66aad9c526fdd6f461f
+AAD = df501e0630e27ad1dd8fa6288fd3109d8a416274f8cc31e4b9d3d58e14fe214b954c1e9aab1110e47cb2948a5ce958ebda33f405a425922c5b857af53beaaddd2cf0c0de29770536b6321e9bf59335583a88804749edc34eeaaf
+Tag = 394cacf0863f98234e90b887cff9e4dc
+PT = fde943daba34d2951ea9a73af6f213c46285b32c038b23420536a13280a237df0e6b67e5a7a62e282b4d6cc2df23a7fc7238d7
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 42a8d8ab84980e9adf0e0f4e74ef5a6f4b2a135b5e85e17f
+IV = 1d0ffb7628a16c8f173dbc2b
+CT = 9b3460f3d4f8257e8b47c2e1da2bfe40e4a0cf40ca1d50b8c3b2876dc2caf624e161aafbd5b268b1753cdff3b5346c9e74ff7f
+AAD = 4e1c1f2996a51fc445a56dc72e8c8685a89c4a316b89b4b83164e8c9975ac189f70ebe23a64f8a7b7049b26a6c1834eb3b9284b7eeb6926deb5c6d74f05935befb6fbe1de5301fd296127903466bb035577d9635dad41424c8f7
+Tag = b103bb7e9ff886d616a08e38
+FAIL
+
+Count = 1
+Key = 0be62bfe9db2d8282161730f940bdf400c8ccf03090251f3
+IV = 6243f382c59c5f2826b91b29
+CT = 0a4a2d736571d97a070b577abb8b3dc62eaa6300fb7ff5c92fc2abeacccff62280558946c79d6bb4e98c9069524d979c06cb66
+AAD = 2b5579b91e5a5d85ccfff3a58deeb35308a6c821d4459a48cc6ced6feaf2e2b2458682d5216ef9062a7ffd6050fa1322b4a6c428c094d1f9b11e323379370d8b96a5e2525c199fb51887a156e348f2ec6bb75ee1c787230897d5
+Tag = cdb3fdef84a963eb6b1bff11
+PT = d096c9d8de72011acbc9dcf1848ee328bcc5f73e9420adade41cb65f09e0ac0c478f8e3d56da696387df34932c5cb0dae94cd4
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 282bd6dff9f572026101bf3f4515051f5540cf17ca029b0d
+IV = d5
+CT = 
+AAD = 9f5c16f01b727650ced263865b2645dcfbb01535
+Tag = 6471fdec52c26404ba1e7dc2eff0e418
+FAIL
+
+Count = 1
+Key = 217cf34ae67599fc106645e7de80f64014af97e02bf9443b
+IV = f8
+CT = 
+AAD = eb31f104bfda2b58d69a9e94cc5fd6e0d3812086
+Tag = 2e7f05cdd31decf127540d53108fb3b4
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 9bf81228dd4c5a6242b1c45692461a4de3d8ce585abd6cfb
+IV = da
+CT = 
+AAD = 4546f07aee0d078dfecf1f31847bdbb2ce05a511
+Tag = 5620f3e98d80cbde78c0cc90
+FAIL
+
+Count = 1
+Key = 55173d57bd1468ee30ca7071eaa119a81053bc0696038933
+IV = ab
+CT = 
+AAD = a323144ba5c1d276d8f45a5a2f40afa6f9451bbd
+Tag = 25a869de10750961337c9427
+PT = 
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = d81df540d2ab3aad0c676bef2dc44246a1658d73d7060829
+IV = 7e
+CT = 24e2cd3f9bce737add2667326c884173
+AAD = 
+Tag = 5ae2508b3f269eea124e0248f9a0f2fa
+FAIL
+
+Count = 1
+Key = 3417d5f215536f8f4418ea6ee9a82d3a732c8fe8c1eca2b6
+IV = 60
+CT = c357b89ce02030db4ea09e5013db22b7
+AAD = 
+Tag = c2ddaa1cdfc8aa34baf9b69e1bf3b13e
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 041e136646a1ba3a7302ee54a84170da1158a55b2007e1d3
+IV = 75
+CT = bc864251987d297fe463f78674609607
+AAD = 
+Tag = dc2ab79d51b0d7af8ba9e04c
+FAIL
+
+Count = 1
+Key = 4176970dcbf581902383ea0cccdf665ae3c39e04d250eb82
+IV = 06
+CT = 755ab8ec9c0adfe70d3aa3bdaac790c3
+AAD = 
+Tag = 05e495f65af8b2cd3fa3299a
+PT = ad46bd041064efece5105478927cf23c
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = eefe79e261cf81df9d5bca29b87c61ba99dc626b4dbccba2
+IV = eb
+CT = 3126a5146f65849fa507a28f1736f548
+AAD = e0b6d6c03444084b0fe3646fd36b2b5527bc57ed783f238e584ae84283b21cc0074d6fd468d720953eb64a93341ad78cf13f82716f39a5faf1ae06a8a0651d8ccbcbe675c8b497d5f0012543c4f5ec9f1ed004cf64bc86edd75f
+Tag = c06bc2dbc668e5efdfffd42e12b59761
+FAIL
+
+Count = 1
+Key = 4baf5c20e789cbe16ba6518a3eb3db67068ade6079710860
+IV = 21
+CT = d17a16b9f59a8af1fae202527bac33ec
+AAD = efd143f001d7ec6434ceb65f0550c5ba20476488f8cd9399f644a1ee1a197a0b43a91c889a42a5466e6719f2bea779ab2b459650245bc1ea5eacd0365fe102c2f47aed839565ec69d7130ab65dff374c77651942dfc25cdcd376
+Tag = e8334fba87df3783881b5026802d6eba
+PT = 50990d4a64651871b61935f0469e7e96
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 7ef3287353497dbaa76b495702233538e6ffd159aa2d0b1c
+IV = 85
+CT = c3b77ded27aa90fff1bda9e89fc4cc31
+AAD = 9965479713a1e7434bdeb494f5681cebf21c01776aa92531fdedded229d05e58727fe76156cf4d06fcb6850ba883b1775b21cdbc5074edba8a31b2335e970c847ea5d58b4d6f5a3851cfc94014fb7147d0d76c657c8acc110e2a
+Tag = 2bbacee87e7789a49ffea5ce
+FAIL
+
+Count = 1
+Key = 7cef46408715eb1e1911286103f05e162724d5c9ee337043
+IV = 2a
+CT = 1965684b2b7954013f5f5446c96c1260
+AAD = 17787994ac497b42a465ab80adb06e944356466d53337a9ea6e1bbabf896f143da89f8fe21e4a351d9d6f9b768c2b10f5d4df1ca76a64c84943139f7c809187589ffeb382ddbcc3178a648b76953fc9ff8bae093331a56e2e764
+Tag = 69872e7c5b802c85c4f0b297
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 9ef5f29246647bb8576bfce2ef9f79a4ac9cec41937d119e
+IV = 0b
+CT = 121aa0b1be4e6766c202e4581a
+AAD = fb2c8792b79ab71c5032698ae39ad7434ece209d
+Tag = d54184f59168322357152dba099b634c
+PT = 292d1ac83d35f24c0b4f1b2bfb
+
+Count = 1
+Key = 815764a65132ea32c09e5426690b724d6bba9ff126dcfe81
+IV = 7d
+CT = 17e3000a3e380fbbf9b8fd7c42
+AAD = eeaedd13531eaa43b21316c041901f33ef316132
+Tag = 1550427350600a88f9e30d58a6a404cd
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = bb190c3b263a22cf0adff570ac9dbb7ed651a7a87ecf41be
+IV = 11
+CT = 89c047653feb0e32a71fdccab8
+AAD = 25a0546df41315a4c4f28709cbaa854f6762d413
+Tag = 217b4ff1244cad461c72c6e6
+PT = b1fd5da56a78b6305d42b47556
+
+Count = 1
+Key = beb7dc40237e5ea711e4f9ed3e524aa471ca789f46ff2aa0
+IV = d0
+CT = fa4acd2d5ef13236046d15f53a
+AAD = 286a61b9ac003ee7931f29978ea99c102559a8a9
+Tag = e5562dfc79cf86500ea15b22
+PT = 1df6aa2a90d48d78de7c663521
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 4928855392175e60fafd1872fba5b03b0ae2e5676e17f728
+IV = 34
+CT = a52d6ca81c0aa81fa5a31e47e7b1593cc85103c5fb1efb78ad2381ebc486b9b8
+AAD = 
+Tag = d07f250f984dcb0a58500f2d8991807e
+FAIL
+
+Count = 1
+Key = b13f5ba0ad5518a72bcd5627ddf74116f8141db915207395
+IV = bd
+CT = c32272c4985d8a6750be630aa3dd2717533d2896d0969fce780272becfdd8ac0
+AAD = 
+Tag = ec37e484d0d70b7567784c21cac01949
+PT = e2232d880799a4fff19ffac9eefca51b999b63bed5f7c7d57cef1b1cd2ef1484
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 814fa6960499ef272e6cfe5dce092e5feaf6cb82603715e8
+IV = 7d
+CT = e75c36699a964fad74fba8d69b8c6ca1cfa079fcfecf39c63dc3b5110ffeb245
+AAD = 
+Tag = ef8eef3b36226787288e1f7a
+PT = 689db3fb4cdb15618ed9e8f00583c7b9d2b61c7ff2fc99db5eb57cf1a4ae22cd
+
+Count = 1
+Key = 827b1732cb26ac82cefc9928746ab0a97d1a6b73e25bde69
+IV = 6c
+CT = 8b1c8da95d06fac734b3ff03f5c14964895f082f62cb3c002a4924b793837b14
+AAD = 
+Tag = 40d33b739227a4e282ceb290
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = c621098da9c0e9386e1e33d5b32b3ff677c0c2937ff24c29
+IV = 63
+CT = c9a475d570711f5774070d2f56042c09eefd2dfdfd8c0a7ed71aa5b62d2fc59f
+AAD = 6089d9b6fb5bbc2ba659ea25c52e4be743fe409d43a46555c52c4a6ab84b291f461f9c9fa18153b7dd30bdfa1ea4c64f14539efc0daf7f4720d341884a8dd008cfe7191ad706e571e452f9e15d34630f6fd9d5cb4f287061ade2
+Tag = 05f75f1333a8de721cad8d94ff564af8
+PT = 2d93c2f0ac37b2dcd7c034b843b8201be4c843e82c8f73cab4a232ca3f012c49
+
+Count = 1
+Key = d4381faf602b088dce355140c1e26eb6967b473aa0564d01
+IV = b1
+CT = 1c622ba1e1e10d7ed888ccb0ea4c407ae4c0645b9705927db59d3d04e0324463
+AAD = 519c145350e84f794433219ba1034d7306ebcd9f800af5ece139f3fba6b84b7ad5e9872dc6ba3ee37a54077f416a0d07421bf389ca4d9347d5ad89146b6d8d3fb8d7e52eb37c1394b385659fc27fe83a7cc3ec3f6cb74f39477b
+Tag = d139ae297c59a092a6e8d69425cdeaa3
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 6f058a93977fcebbf59d1969f4f199dcda536b3b30a4adbc
+IV = 43
+CT = bae112edaa6da5c7def45787e768362cca6eb9519fe94ade2283e1b4e46773e2
+AAD = 2f4891ec813536d271a9381bb2ca7dcd5dbaba1259d4f3c0e48dfa6a108a7c3003946a5b0d534f13a726cd91fac2519db0c63e796a625afc5e43af844d0a9d584c5ec04c54a3becdc8c9d75b8a17b0ee7b6cc4af0d4a29d840d7
+Tag = b238c72b20d80fb0a17cf7c7
+FAIL
+
+Count = 1
+Key = fde925cb4f198784998ab759276ea7f9f184161250a4bc9e
+IV = 95
+CT = bff8e471382f68d08d73509fd5e815e017bbd0256d1862601bd674ddd4c9dc1a
+AAD = 6819dd682c6798b7808b174b5c71ebf8c748e5ed95d456653d9218c13f894e36098687e7653da8f58cf0e3eefa40ea9afacb6ef0f83f25f6061ddd6dd589ec24c4a8fe68b7072eeab6216566e79f3bbb5a5790cc53aa35beba6f
+Tag = 8c695f084f0a0bde98445290
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = c7045b21450d74d28a220ec8671474f8dce28c9e584565b6
+IV = fb
+CT = 4f3053f9d0c172b4c11cd96956c66f91c500493344e924c506fc2b1f6f21024800558b07f99b448a496536dba62da661c5c93a
+AAD = 8640b9cc220d39a141412ec4181be7879d885144
+Tag = 78bbb2c81d7b319eb98c3031c3770f6c
+FAIL
+
+Count = 1
+Key = e951f4397ec4525683e845e12eb6003c156a3c9318a99e14
+IV = 09
+CT = e2d6282da935d8af6223319492ef71b845d19e21fccc515d9dcee98f9577a66fee107e2cb06923b0522c32e3de0f2ed7afe886
+AAD = 1ce33f28c7fb8cb28b4f64899ab7d32ebe72160b
+Tag = f82b3f0062909af8cdbb7a6aeb7e1cc1
+FAIL
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 382a27263547c4509db760e9915591fb3fca56f339edf8be
+IV = 74
+CT = cac98df2dfff7545b93ad5b57be290f750d7da2cc318a0736621d6af9fadc5f02237422a01228d6973e17ac710a32f76229832
+AAD = 2e6a2619b048d42b42e6fe2b9b58ea7ba7db303b
+Tag = a8f22caf10f9248c792020ee
+PT = 209cc24230dbe07b57b433538e65d0724c54ecde11eb716086075cce21ed0dd644dd9f2559c679e3362b6a2759a1fd99fddf34
+
+Count = 1
+Key = 9103743f080d9cb83b2e14521729fc2c29be43a5803ac832
+IV = 4d
+CT = 58e624e49d0e35239f191499ecc0e547215ba70321b34686f79d4e47fcb289c606bffab56b946b6cfdcf96ea01bad889a735bc
+AAD = 5d783d191d51147a215a46d4fee72dc5c72ead96
+Tag = 35d75d28ed3b26f1aa537c9b
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 89bb644ba7ef882d3f2bfa309e640c16cc378164c5a903f8
+IV = 1e8a0c46b3c581cb5d11e91b123af3a7878c9b9f6b8ff400c432bad8f1564f71dfe4caced06308d7967580cd930378aec11dcc641eda1ed37cb1129d65be141d30048c0347d634f4f142571f4a5bcd21db8dffd5b71f785adef344803def95bf0f8f6219e020d4f3b54783f3832ab3cc270412f7c5d00c8162c72dd3ebb60ad2
+CT = 
+AAD = 
+Tag = c30769bde1a45b3ab0a2a4ab7267ecf6
+FAIL
+
+Count = 1
+Key = 29b93cb8242387c8fb0393f3ebdd6d48fac61ce46d9cf83b
+IV = 5b3b08a6e2e3994619ee7e08d866e86a5f76dc6dae0f998d4ba61bf8d5daec636123fada73567c38966fe159f2d5fff16a7173239349f7df705630eafc597e07462c04f01f9440b5f9d19b200518e525b6b60117f5408fc560c85a0e2b5e13bd27c02c938288e25489adf9adecf13cc0dfc8b6ce55780527d3296118a1e21818
+CT = 
+AAD = 
+Tag = 68bfe2e12c62f574c857faa8a360ee43
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 1d583c6520a1164c74e218e669a3462e3ed59ef23db213c1
+IV = df7573622579733a45383fd52821490e27aaf06c93a969c17c0d2c67bc4e518f85970a1c443d929873be83b6b9cf6e7396704c4ae8c6d4ac55e334adbffcec2a02030c158c5b9941ed4759e2a6e79ef2718a8fc07e3892859ac2aba0a41686e0bb198bbaf8676d752f0e43c1622559d1eea0572081f81b567d141ccce05ecda0
+CT = 
+AAD = 
+Tag = 31b68bebd9cd93268c5a2938
+PT = 
+
+Count = 1
+Key = 18a5e8671e7c11cbbccfb2df340038f3aeadbe5a8bd6b4c8
+IV = f7f9d84791fd6480d98dd3c675b2e14a6acbe4f0699ea923eeab4dc5d68da21a1498b59068c49aec372787a922cfc649afacda1d73e7b9c41e3cc3774543ddda3b6839a88e9aa86787a6af078eefe506b7827c534ddd53763cf12643edc967512a8b1b3de714ca1da56830c9079b5345b940b2e5fd3ed1e2777f5a4c8f06e8bc
+CT = 
+AAD = 
+Tag = c9d5c3437aad1e7887ac8483
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 6d90cb45d5a1cb2c548066a49830b9160e3122ea2b36938d
+IV = 6ca69e8e4a65455211a3447c3e2b8eb396bd24cf43504425daba105b350b596f7a4865adedc12aaefcda5699af3a8301372dacacf62bc137f96e4a0add7b8644839546d263ec136dae3e87f8ec6f178041751bb78629a5f6b4f816f5750211bfbcb395eca883873c9bedb443320b3aa56ea84f2bc7678b8cefaa40e337e86c6b
+CT = 
+AAD = b7d5f9060a89d3e4c996aa061467ca57e8cb02eba0e5af9b35bdf900b210a7fc3252fdd94332e03f88568ce97fa14316baa7ac2893a51705216446b7d85cc704386b7e898729894c25095cbeab49e7ab0a2357f0ee462f206cdd
+Tag = d4f49c64ed18ab7495e4f5c9d312e4f6
+PT = 
+
+Count = 1
+Key = b4743c209c9f473f7ddc7722d3aa5e2627997bf6f4f6fa93
+IV = dd363ab51f476ff5a3e9f7e88b6f5e62fb54e8230a5b04d42090fb5272a0bb1eda0b17d8fce2f19fa544c48a0e0121abe8f5fccb725013d4d6d429ff2a6311fabb6bfa6bde9ee101590d9835249ff69a0541db296a3aa3258e7a435007a97b8e0808500191a2d2074fb0309f7a5ae45bfae276a81e6d1d4bc1de7f3559abdb2d
+CT = 
+AAD = 031288db3ffcaa33de04979003d1602fe81e7dfb43b9bd6edab4776bdb8b4bd7e7386d90050ecc1d78abc8655207bdfdb4570d0a40d66edd43b580f7393879ee01ff8a9cb5ce876d8cb0a32029ed1abffddbba5daf8bfe3638db
+Tag = faf00b97fc982fcf6570f016dd5a4770
+PT = 
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = da3d38ae1aeb9b7002f823920c09785db0c368d4b0f1a28c
+IV = f9a8d10d13347076ae1906c0c4014991ecbd982006c9aa71b6ee7aeafe627a322ad2b5f8e1ca22c81e8cc55309d9c17ab427c74cc96ee20cd6c1154761772c1b1057aac3b33c46f758c53060676fbf2e709a829a33e56ca6710d48c2e274a63234c911b28ec8b0aba47492e2782f8314d068e3dc6feaca1aff5399bc5d6a4234
+CT = 
+AAD = 0e2501b3d56115ceca1aaaf6f311dff8f09029922e88dc6e74a4e53bd3359d4c49acfdb72d73e5c357092b195785714a18cf158fc47ea20bb898eb2090af9ba44d7daee12afe7709820c8b0403cd28be80ef3f2d2168153fd937
+Tag = e67d90b1de432367654b8fc3
+PT = 
+
+Count = 1
+Key = fcdb9f33eb662d85b05e0519e692165b595d1da031430232
+IV = 15eebfa475af1ec10e72a3a7a95f103557476e55598e7e2186edd106021cf1d8f833541b2f173aab541343fb11f8f17fb28e726e046281160c6315261b9a25dbf2c6e682876f85708c8042b3dafec6659144ee231c2e46a8cd81d6561e1b03d6293ef7fe2e72eef841c642f5ea6d444e8307b5539af66c80e19e360d58bee556
+CT = 
+AAD = d23b14d66326fa95509270d9c817e777c5f1b81af887150e929b934dc7c9f0c3e5a87237dd7a01bf70c29d3dbc1deb6e3578a7823b554b8b7928d13e7a578ac22db686e517337ebc8a6a9962ce77b2b52697f67b17ae39feaf20
+Tag = 483e32c3e57f6ddd2e8e75cd
+PT = 
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 8a7a758ca57900825d3c6b66bd66097bd3465ff22a82f5a8
+IV = e721f1425f7014e0ff1d4d2d11505633c3fe6d0f642bf05ce9dea381613db36283441d5c480d4f88d403d8fc3526806fa61b3ecd0ab625b818ffdb05c2339ee4f7b79d2880115576519d55cfe31454c857ee540a92c59860e59e023d8b9e9e4be0d3b98a0cf1bf695472025bb645ddd7aadcadecefdd31e78daa8a658679d7fc
+CT = 5b31e389d98f3b39539e49724e1db4ea
+AAD = 3e65e5ef4c93156d4911d722fcc4272425444def
+Tag = edbd5da8702b677b6b8f4f893fcd5a5c
+FAIL
+
+Count = 1
+Key = deaf504e7f15c70c087cfa0fbd85f47a6de53d6b88bdcfaa
+IV = 54a1cd229fdfa0c14a28af8c616424f9dcbbd249d98aca615e53f57fa11181d53b8a77b6dc489a59183b5a7a6027f3d070e967cbcb03063130b00bd10e0f6e185b8f76121572008585adc26865e856ffbc1d92095f07899db2e6789ac26b418f743879695b5172a1b2a79575e39918d5a17c9cfdb3ae39b3a9c94632f0164807
+CT = 1d5e7c3a2477762a38d8fe7001748d37
+AAD = 1d4b73494d5248abf6941202b7413e4cff834cd1
+Tag = 016797ab44ef3bac283b192c0152d3fe
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 116fbef23a421d43110cf2ec2043a566ae01899724d48278
+IV = 586461f3bcf481bfa217ef0de106954483fed320eb415752d942963372731ad1fb2fb34aa3b40528fb6429ddb6a68b731a52f6e266c180b8b44e0909e1df81352d5281c15adb42edba413997614eca770eb0535ef991ef3bf7b3f75ee716b4d6c2620d0d897f5a00b630ac47282324a4caedceb1badc1108d49018d4d6f77ab9
+CT = 7c735121485165ddac8cbced8e869f66
+AAD = 101534cd0f9659bd81fae85e32c20831f1882ab4
+Tag = c7559c654f0c12eb42f5d074
+PT = 22eafee87341bb35ef8cf4448560c55d
+
+Count = 1
+Key = b59d3ffa7b11fa4dc39c69137af868e46b0745237cd13859
+IV = f44ba806033f27c6ced41fa73fa5f67bd79b8d3314036646e665a1c3bc6e69d09bd43bfd1b36a97d21d4870de6199540caaa02d9ac50ca77ed531934611f223983a5b80ca84e69088f0152411e09fd849e41555fd703a4dc9a0e297d10159e986424bb9db41dc816e4ed1fa03554f7dc81955c2ac0b55bbd47056cc8b9993898
+CT = e48e3c08cc5a7b09aad661526497334d
+AAD = 067ec49df158a103287003f71619f85a9c18864f
+Tag = 01428510eb9055555fd0a2f1
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 17c4df25cbf30a72ec6009addc5370aa13a04b407dc06064
+IV = c0d7c5fa0479b4bd9d8167ba75ea3d8b3dde7abf5432fdf868c7259a4df1bec702f0f6672f02f43e14a3724a31549e783d70eb5de0f0cf97ef046d61c58993adc7e673b8c6d983875a7d81e3704e42bf38899b8a5bfc17d5ab1c90468d0e519f347424ae5c575516e9af09a73246167504f28873c98afd0f2947c36f3c164a98
+CT = 1de45ae519150aa6a7cf99d12e
+AAD = 
+Tag = 1f4abdd369617e44dcc1d2d6ed57f779
+FAIL
+
+Count = 1
+Key = 743a916fd7ffe4a51b8be441ad7f8dd9df6023116df96954
+IV = 2f6ef13cbfa341cf553554fb137d756b161bab0ce0095c314ff7f2e8e1a494033ae66d99affb8f7974f09aba8298e62233578f63381b460be5bdaf6d52ba6e12939405312a00ca96ef81572b4c96b845aa61b349a1a2816bf20779a7c3faa81bee83347e807a42fda7005a9ce5a766f4bf40bbfc04c371dfb3731317924d9ea2
+CT = 9c179bf1a62b72bb99fe085927
+AAD = 
+Tag = 73175e58c09eda41f74333492244f810
+PT = 6daf295712e7e4d1f68885634e
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 526ae9a2035c671774b2f56c3da190bbfa710bc2ad85dc35
+IV = 3a6dd49a7caed1c4807c08cf39272228ee052fe034217bf11bef1433b9e90377ae72e848b3fda3d574564fea6df343e183a8bad8a3f4ffef8740919d1af0146dc693f4af8c7d98b908d50d203286d09b7ff9ab4ca5806a63512d5d77a42fe865b77a950252055f4da39832289626e01b7e7af740f062ecc721984f1ee6e252cb
+CT = f9cba21e9b0b2a6e31a4b6d82c
+AAD = 
+Tag = ca5dd4dde32a7d2267e6c4a5
+FAIL
+
+Count = 1
+Key = 5eb40a9cd4ab8e39853fdd60b83053c485050edba22fa1d0
+IV = 3c99c1a6a26f247d5e88589b1691765f91ae2a1015dcb8e07d87e0357805c2b8bf1bacf6eb67bf92ed43bdff6c3704f176b4215424fe7e23ccc49f55568d22eb5115e4445d1db9b249464c2b26e797335171e04f58623236cbf3d361c1d1a48a9f1f788f322c4eaf70394dfef35f727d3773c52f2874a7c755ef5ce0a2c15700
+CT = d8b1dfd1f2d875ac4d8cdf9688
+AAD = 
+Tag = f26b1c355c0e15ac7be37aaa
+PT = 16e33d92f4bb2604703b2cd32c
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 0ee4a60e925fb0bd7518b6e16e6d3f18135bebb867691587
+IV = 4d6d93f0a012d0e23dc6e7a2a66b66a511893ad3c410e50a94265cbb7c7afdb132d4df5d727848dbd9e4f456df9ddab892d29be9a2ed5ace4a521039f9669d0e762331ef7f3cc4d02b6983303b4d286a45ee8248fcb645652e10add7e07bebd3a4e5d2701c1a88bb4677cf18d34e3a9211d94d41b58e54cfd7c8f941777b7aee
+CT = 2fc3e10615885c56faec216208
+AAD = 7cc5b70275c66608a09ecc2d685cecd948f649fc34c3e1faef2685fe52de2103ca090084cf1cf3ed754ecdf5df0ac738af2bf676e562ee271490b1aa719b40736e95ed41739c1ad23ef0931fb30aee20a5ee1e307507affb7eab
+Tag = bd17fcfd0592205b8302711c78bb4376
+PT = 6d7cd93f7557af8b8ac6a8f01f
+
+Count = 1
+Key = 1b685f3587ae2e04b0d6d92593efe8d6e585e452d5ddbbfb
+IV = 27f3d9121f70c41b4f0ba166ffe1198041d78adb5975649f30ea7ebdb1ca86b8390e6d74e40432be3037b6e06432a1d37e57b3d1b867bffa01bc1b65fd1441093e09d5bf116a1b607a8df3833e6d51b6f8ba0999fbbaa98d3770f3e9d034053712c2e53bcde8e196bac797a3ec32c342816b97fcd7ad64a049bc50426ee0bfc7
+CT = b89ac3eca91e250fdaf17eddba
+AAD = 0b4ced65ea3ce50c6d124d98559aea03cc75803acba4c6182d5efbe556d77a098dfa24e820ec4a86f42e609b052f81a29439e8d8a0860b673d7ed4d60c2428e49e363164410504e76d9fa08bd86cfe02b5af911df15ebf58dd61
+Tag = 498dbcf337017d0463cae0441dfa1e6f
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 9298e2685ae2f3f880245ba78eaf5897496d00ef9690836c
+IV = a10fd52e70f8c84536beb798e18ad502cad1d22a4a63af9353faf02a05d1b11676171c6eb974e60b302e7a7bf0b7fb32d1f6c4ef3f3c038cd2700a617d16a62421165a6b339db897c3b3a9a9becbbca93338c309eb5810798b7837dc1e31c296b508df0d646f6b89bc6b75ad5f9def686064fd6e4a5b4e7ed583da01e95d68c5
+CT = c1f8d6f438b31ee1ce384278e4
+AAD = 5e005c01043360f039e6c1e24ad7e0a7be4499909c338e11f402c161f7abd385dcd0f1f7c464ce817a81aca61f7bd65ab6b6d1323ea701e7cb1e6ce02da1f300eccbce1a558aa9b15094ec32c195aadd3dc26fcb825a2cc07f1c
+Tag = dcdcc774e08370ade84e6d35
+PT = 0c9e410903b51b187c942224a8
+
+Count = 1
+Key = d14095ef7f54967bb13e400f044bc015e257f25e11e3561e
+IV = 44b01c8283d1dbc8817e0dbf01eb01b70bad8c583ef435979fe2401cf2f8b8ba9fb883d6af732416c9611f5481c34c1dde8db303e2be296c4fa2e5b3f28ab4753a4d35400ac7aac25634861227e6dbc9eb703734a6185776d1615b82f7728ae122db77faf475061a7cdd4d07d84fc5667912f8041108e362ec2bfc475e944bc9
+CT = ae1c5878c4bf35c866efad56b1
+AAD = 9a069c996dcd838f7a35644a362bb5aff932cf2855aeb2f1541d985a50f49f7e2c1d9e1668072865c85ff605d6080655c5f15fe5ba51339891e9fd355798b5060c5fa287babe3f975fb6ed2a8f75bf3d9c711c205cc2e3566829
+Tag = 5060971b8066a7b21f84399e
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 4bb714384bb40a193edb0a3662167a74f9fefbd974e231f8
+IV = b0bf5a9c2e32bfc4ef1b78336188d2aa1ba385d74a98d3ecdc8aae8fee1b76c65fcea2cfe0d8a70e63b7c16d287ce72b296a703b2a96ad5055b01d909a280adb6b9b461ab6b256b48740422d906eca0c25f763a336ebc04d00ad66a06e5340a53c9adc89475a1f8eea22554f25a04729f196ce1beb32244d531a0d3681f0a6fe
+CT = 4603c0f306298ca4d00d6ebc91455863e39955100ac625ee486057f13be57f74
+AAD = 15e75f7e0943dc621b93080bfc43f4ee7ec3f905
+Tag = 33c25cd8bddb47a1bd75479321c97a33
+PT = 84209f0f5032615996567613927077a0991150d0023cfda9e0e422fea5bdd486
+
+Count = 1
+Key = db13fe00dbf96cf77fa14556d173ebfc120324b9be35f8c5
+IV = 4f9f78178d1edad494d562b98a0e8152381e9e22f30f55c9fced5da6d35bf6a93d69f5ed50644563186f706ca0184d6cca0c1eff78b9071e798d5b9852402beab1cdd6031ff20acf8aaa1dff9b056a2b937adc609dcc34a3cd4560b2d2ff14cef58577fd79a5f724ef4adefdf8a0bf8696ab251da1c9d1ab0927f25276734d02
+CT = 4a5c13be2eaa67a5d62d16e52174cdc5e88c06401bd04baf7a5f7dd39b280cce
+AAD = ca68c1ce081d4357ec96262ed9e477329d1dc8d3
+Tag = 8c3d5f7c7f0a0f202558d0e51f3268ca
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 05ae5a7db4ebb55f2f445f234ec2bcacee0dede265c44c1b
+IV = acaaeaed17807a25c898cc657e951fc690ea91fb6bfec56ca8ab1a1f17ee93666cef72cbc5487e5778596434be8342decd64f18c5d8bf736115597bbc3df0c404d9537ddb52bd124f8430e6059c3bc48b2bc23a937396f0bad92d9966fd130462eb28bc7076ab107160714c21b29932b8fca29760eea0e8826fde7400e29d42b
+CT = f6c2c18addf8806ab136fc8c7280db25182d3852461425a78a9d430f8dba6db8
+AAD = a224cc3858fc7c51ee2141d00a4c2b1fccead0aa
+Tag = 9c4213fbcf453cc4fa249a59
+PT = 578ee6368ea924a0ab7f358697aa2a15771f43d4449e8edcc99189de4c7bc2a3
+
+Count = 1
+Key = e6d93ac7ce0ed433c5e0c1968b2502826cdf30410c7f13ed
+IV = 07627d40494dc5a9e4d64422639bd1023a5de3a64a4bc625638c5b90fa867c73b389e3d22bb5f164052218b48ddbe38063979336a575c1af98e172b1f180594e559eeb1dd22aa0dfa8554f93c061538b00801639a82ee1b4299cc116b9bcb55feb655dbbdc4162f95fbe4a7d6b51a6952cd89c810212c7d8b53392f51e4ded4d
+CT = 1ef9edb205f2370670da08e90e02dddb1fe03669883f1c0efe527498a9a7c23c
+AAD = 2fd8c823b19fc656048922af8385e0e1eb212cd5
+Tag = f8eecae8f06a0410ae3f883e
+PT = 2c44ff0bb14139c78ed280b252e5b6ed97cb5411ede0dd0f42436b0080f459e2
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 31b26efaf37ef4dcd95111955de944e6930db5ec089b00f9
+IV = b8098a4f5261be16e86fd652d1c0148266d3f7bf629612fc5e3e2619dab083ff484089223a83f961d112a4a88e6f90cfd13c0b48da5233411d6daa3b9b897b2ff900ad99e8f812b1bef7920f33308a3db32d67db10d219b414734c98b9256816b73327af9b044661d3d6c77d241da4da47588245294408d4b3548be9f74c741d
+CT = a02f54a533bf8c38ad3de4441c73bf7b5b1ee4276521403feb11b2dc124f70cdb5b7cd7c7b77ea5ca3746f046b3497cd9480f3
+AAD = 
+Tag = c4d17efeb1ea25219f1c3ee7ee1243d0
+PT = 64e43eea6fe24fe3ce62e028bb955989e8630d505ce5534ca4998e96fe4e0a8a2d8ad8f942a8af0e21229aa455e7f8130bee57
+
+Count = 1
+Key = a0d421ab37a80783e75d608a29ee9258ef6c0efcd5db3c8d
+IV = 09451cb8e2c6e35cc0cc06859e746e83302cf96648656559a696f492ab03ea6a512e1977c2da0d3ae2d34617963f8c839a010a77a0499002a2294638c8f1fefe4f0c4235e20010db9221f563a3f61afd514ee3ee0a93c3bb6d1832e59c5fb5009750545886ed30f9a663672dbcc8f92533a083fe03e2a5680fad4727c7f55941
+CT = 8e2b6a874233353ac793ba1c78f3f72456c4379cca9587093de9e08f5e5e0787d9b6b8facf05fb8c2ae2f8d709db2192c54809
+AAD = 
+Tag = 92c7ad3ca0c9f27a2b14f9da17556cab
+FAIL
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = d0327c62c42bf50e0ce96dc2f6663c03ebb5a8c411a6df10
+IV = 1e069fa5a005c147e9bd6a9ddc579c7bccb5169dd4edec81a02235f46ecc03a68d086b54d2a320de46b0baafc7693b2007a598561ca44d99cd6e0618024d7aa3faaf751ccc28dad9160283a57474038f036bb410f508e59bca860c95885fcee311b8e38fdb91ac3c02051645fa54342ed8e1a811733b0cb84696b7bbe1c2de1a
+CT = b0f58bcb2bc49373febfedfd6c5e0bafc6a2b51244ab7e7efe5dcb35608682082829d27a45520018a4dc34f5b812a15dd9722f
+AAD = 
+Tag = f79ecf8ea7e7866641b4d889
+PT = 9d05dcd834a7ffd165b1929e054f223b440e818d59e83709ab45dca571a6eed268d56f514de14c95cceccd5632d72f2f35355e
+
+Count = 1
+Key = 6f6afe9610cf1dcff5c8aaaa3b7a65294e4df642a486de09
+IV = 698ac8463514d1a7629ae2e66e6a0c2641db56ff30894b0bba50a574bb5e243a84b74594c4d6ba929ed6b5566df53a3d87218096a501ace2f15c2e7823b38fb3184c4127c54ced9bb8cd1a23a5125cb5fcd6cc5bacad4120c4edf40161024639c3f74ffab44f331f62ba730d90b4f184be8d888c115e78202be10536f21f2f3c
+CT = e1c7973300ded352c7d2dbd8a66633aa0ec027e492a292f38027749ca829bb570be5f141b3470c93a649ae356439306322b477
+AAD = 
+Tag = b5e5b0d881eb2da7fc6c1125
+PT = 094cd39bc84ef79165ea9c65068d3a59f0bcc145fb27c240e734772b34002eec7eca02bbf6dc583bf9650a9a2a979bf0cad238
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 74de63663fc428de3dfc1e90b121a4621bafe1c15fb78fe0
+IV = 3f83a4c5c163401d17c100b480524cdf1b9bbbdd35b2e9dae3b44daed778cc07cdc8c83147a9b73c5596d665f1e9b8045c5c1a450f3d3b1d98b359e256d294788bc5d14495871d939b9678a07c21f961922453e2751336b1e48873a1de9a4303e0febe08e046dd28615f7fcca069c99cdf652c52e26ff774605338e39bbc0ae7
+CT = dc7f7fd95af9eadbc795d15a4cf577e9561a43be790730d5ab136eaae94575d7b62f665e0ba676aaf18b34084a4e07108d8edd
+AAD = db90ef50ab01602f9594e023bc54e337c8d8b8d191f9fce05292e15877048b47de5be43b99c3408b9e7c8ea8a33c89192fd6be8506dd1ab06adc6e4c59f3de1f5449707a24ccba1004d2b9a0ce3197b0b52a5394b62caef06b84
+Tag = 0021d04e48b35732d89e10be08bd7aa4
+PT = 975b9861b00073a967d45083e4623662a26c9b87ce6436b072377d30ef6071bf8bc640fc1dd8bfd1e6094dc3f41084a80aa36a
+
+Count = 1
+Key = 2ab61d79d69ef2f67c50f1ac08eca6f09f7d6806ef425977
+IV = 83ae75f356cbe34e2edcf1c791a65c61361a0d797d4e1f40622be08fd677dc5edab70c066ef8c32d932ff4331dc25d7b1fbd77b566b918ae383cc61487851fd6a7fcd37a90bd8a17b24ac369d027cb8cce53ae9040ab22c5d1e498f9a7d61429f5c9c2af085710a56f0f474da2b63c91a4ab67658cf9296b896efec5fe89e383
+CT = afb627ab83bedd280ffdb9e08c70c8dbcb3fac772fe492dfe2a7e45f52a160361d5467ee9c52c678d102882a74f57b8cde94a6
+AAD = b1859cc11137c6e60729a6faef581832bca1483044d3bd4ff89881067571dba72ab3c425dc5fc3c717a864032741cf741be1c8bcfca9ced647433208c7dfe6bebfa71031a986155b8b591ebb2c04638e54e5506fa01ff0249333
+Tag = d6313a822e0463a8290048dac5e40208
+PT = a6259d2e3fce99b62d75bb8bca1b137794b92247492bffed4cae5bfaccd325fbed7b0ee10794dae732b071f49ebd9bd180db1c
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 73fd178cd562796f4d6e1ff755b7ed160beeb916c7bec22f
+IV = af793d93370dfa94428f84cbe9f80ecda00f610a8665bcaca57e9e23953822b9def350319a893d0928f4beda2501ba3588df29ac59341465d8b3341e32261103f360c7611c3f348f046a7bc80c4c1703f3a4ba4dc15155c033620adab1a91f4c88dd09cce6ec22386368666a76efdb2d2bca77a4b723dd26d00aea8dde21cd5d
+CT = a22663aa32e19676aa77b3ddf95bb2405a41bd5750367ccb58693ec364a5688fb4ed19453d8010841f40eab4e14d5df932b824
+AAD = f18aaee427ec51eda65dc72c80822ce80656a586fe10b9f84bafcaa59f996b3f1c27f4a5d42fea1b57ef61ab0463990f69b8f174e353a31997c78ac120c0b3bfbe6bde0846539e1eaac80b8acb6124aec6f3046dbfb947cc0b0b
+Tag = 5a73fa19e58a2ad64b96deaf
+FAIL
+
+Count = 1
+Key = ffb587200caa4bd650235fd2917d5cc4f4e2d7c396a45fb6
+IV = 1496480a264be1dbb4379739cdddb8d8e2dce2a2c94c5c2228b3bc07d12f64cd4e4e6bbf51a1349fe3a41f7ee94ddef60e137bee2c2beb06ca075777f96fc784e780a942a9dee0f9f67caf49984b31168cec7334063f0cfb9ae2f1daf290532b0f3d4ac2fb48eec5af390d2e07c06f368e6f404de84ed0b3ed4992a4fd02d092
+CT = a2dbd1a9876b8913047cfc28b705bec2eefa4e929bf35cf1d52a7d6339b44be4d3821ad092a9f51ac544e60450169eb9575866
+AAD = 4037993eaae236155e1446db421101b79e0b5f144c9977ddce2113fa9e8144c74bbf98e604785a24308e28a6cfdceb489595d62ccb3bf94812f6300a8b6cbd99fd94e39ef28aff3f74152e7f93599c211196f1831dc0e12da4d2
+Tag = cf9c5bc8d7a9cff1cd336535
+PT = 8b4c6487eec16b628fb55bb7c8d08aa4845336fb290ca5caf35ed2c9a3eb70d74f2c433783150917294bb7786ab19fc9689337
+
diff --git a/nss/cmd/pk11gcmtest/tests/gcmDecrypt256.rsp b/nss/cmd/pk11gcmtest/tests/gcmDecrypt256.rsp
new file mode 100644
index 0000000..7406a35
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/tests/gcmDecrypt256.rsp
@@ -0,0 +1,1016 @@
+# CAVS 14.0
+# GCM Decrypt with keysize 256 test information
+# Generated on Fri Aug 31 11:31:25 2012
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = f5a2b27c74355872eb3ef6c5feafaa740e6ae990d9d48c3bd9bb8235e589f010
+IV = 58d2240f580a31c1d24948e9
+CT = 
+AAD = 
+Tag = 15e051a5e4a5f5da6cea92e2ebee5bac
+PT = 
+
+Count = 1
+Key = e5a8123f2e2e007d4e379ba114a2fb66e6613f57c72d4e4f024964053028a831
+IV = 51e43385bf533e168427e1ad
+CT = 
+AAD = 
+Tag = 38fe845c66e66bdd884c2aecafd280e6
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 96ad13bf2492f4675340e65b455bd0b884574f5b6c4fea774462496b8a0925ad
+IV = 2ddf6aa50c2ea9106ce0a951
+CT = 
+AAD = 
+Tag = 10a471540cc7bae14273f2e2
+FAIL
+
+Count = 1
+Key = b1599e78f21b175a3038aacde9141f7198c301ff80276020c1974342baad1e55
+IV = abdd25c66d7821fde6ec0b76
+CT = 
+AAD = 
+Tag = ab077a703bfb6646d5aef26b
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = a4851117328a93bf528382f22f35ac94688259fd2f517e4fd27ee9cf9b8c8a2c
+IV = 44395ca4943aca24875a281a
+CT = 
+AAD = b9a63c85bd7cb93c9d2543572099ac0a0b1ab4dddbea4c75bacfab9755ae763cb1062a594dda9ca860134c74776752ad357cfda32d1c20e896370dac5808c147061ed1545a2a6ff26fe2e0e2e38ec887c1e210cecad4a8c9a86d
+Tag = 1b13e6132415fd70d9092e32ff2759be
+PT = 
+
+Count = 1
+Key = eb49e7065fd7f9b49d198b43d40653a20656fc44b304a716f4c5f9fb586ef073
+IV = 1301a9d18481ba7841d9ccce
+CT = 
+AAD = 71693a9e655ea0dc084a7bc9ae91a98743adcd77fa9185bd0adcb4c18e67ff752b6a476e8100bded46c7ac2327cf3e804cda520e535bc62ffe19f5f46b866d70cf99e8ce3dbbfd9f40c755859b48bdf2d967a501a58f1c739974
+Tag = 5be6d5030b8afb923e3f8ef2767f4e93
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 646b4641fceffe86b727cc530c49674fe5c797dc9f42ca75fd400168ee3e4a2d
+IV = 51da35627f1d60c21ee5df1f
+CT = 
+AAD = 5984910515db99bc8c6eb83cef7d9f8944a78c663a2bb64e3ab7c566e79fc499c3f4923424b201934d2f9a731087812df61b8157e94a14ce69fff15187892f5c7a3e239e52462e5b6d0d872cd8e762b45dcc129d3dd4ea3e9db7
+Tag = dec7cb53d0d5fc5603790a56
+FAIL
+
+Count = 1
+Key = df49b0461a01acf9e88304f437d426a9c75d2276c9ee8798cf1b03544ee55ee7
+IV = 52f88f518dc752fc73475dce
+CT = 
+AAD = 9ef85f9c82d575bfbd06ed2cd0ecef0413675fd9ee318dff60075f12488163f930b51b99b53bf5ccaf8e58f1284fba658762ad53b481608cf4481aadc2204175430ab1f38df50cebc74ab0370b6c4b563bb7fe122720ceda6480
+Tag = 9693d477780f6151ee36cfc6
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = aef220035cbb9e47ce605698aa28e3b0ba50b4ffcd473bb8da2017889b38055f
+IV = cde7af095360ea827778761d
+CT = bb1cdf25717445e5a77444d488387aee
+AAD = f269837306abbcee2da1722f28be35163e3d8567
+Tag = e72340deabc1589125e9e4a2755512c7
+PT = 9775db638e5d964fc9c70b5fe456ec14
+
+Count = 1
+Key = c4a274efbec1c6818e7e0ce44e4fe6ca4815cd2435995dd80ff0ac855eb612ac
+IV = 687305b573a5f56ce9d83a0a
+CT = 392bd3b883ac0705c5b33a43ebd911f2
+AAD = 9459fce3860b4823a1c20b98e7f4f46fcdc0fc1d
+Tag = 399ca7f1f6bb603c615378f9fe16e1e0
+PT = 87fe6e3efc6314bd99f56f84b11a01aa
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 1ec8d789f145854b60d7fcf35a1e0afbb3a7f1fc92595fecf71660732e044ab3
+IV = 70fcd19c5fa43155b57e51d9
+CT = ad531a60f128f0937455de379b406e4c
+AAD = 7550090bed33019135106e51984e4404226d1b14
+Tag = 7a37fd6a70a78f1a4617388a
+PT = 081ab5fd6715c606b1a9651312b8f7ea
+
+Count = 1
+Key = c6dc6e4c060f1a88aa0318c35d5c7d9c8cf1fb9f56aa114ccad47b568432b3d8
+IV = 5fbc321724e02a06065a95e0
+CT = 229aa9f49200802b63c67057d2706e6f
+AAD = bf15f99658290dbde9a32fed1c749775edb515f3
+Tag = 9bf0e07c5020f50ea6f7e418
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 8b37c4b8cf634704920059866ad96c49e9da502c63fca4a3a7a4dcec74cb0610
+IV = cb59344d2b06c4ae57cd0ea4
+CT = 66ab935c93555e786b775637a3
+AAD = 
+Tag = d8733acbb564d8afaa99d7ca2e2f92a9
+FAIL
+
+Count = 1
+Key = a71dac1377a3bf5d7fb1b5e36bee70d2e01de2a84a1c1009ba7448f7f26131dc
+IV = c5b60dda3f333b1146e9da7c
+CT = 43af49ec1ae3738a20755034d6
+AAD = 
+Tag = 6f80b6ef2d8830a55eb63680a8dff9e0
+PT = 5b87141335f2becac1a559e05f
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = f402d8b816da96a635a304b2c9310b6df8100065b631b83d188d4a1ee1efc13a
+IV = fc3a03f0740eae3e494e4330
+CT = 26c1454478bed05059e3583d93
+AAD = 
+Tag = d7c6a3d3487ee42c4f02fb47
+FAIL
+
+Count = 1
+Key = db8fded42d11e66bfdb3b1472aa8403c81bb9f16152b29cf72b4a947f7dd847b
+IV = ecba3e8e8756a6c8860cd8f1
+CT = f240980cf0847cc80e2151b808
+AAD = 
+Tag = cada5065cfd165ec8071cdf1
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 886bff628eea3114ed1c62301414327d7d565fc1a39fd27cc92560ed42911144
+IV = 147bdedaff607fc47e2309cf
+CT = 736f72611e2d132e6e1e5223a9
+AAD = 217e54b1416c1f4ac698272ba5fb95bf2e28ddfa809a4f774629db920336bbfdd9b926ad37547056ff3d8c73f0f930e658dd483b6a2265c92c594e9fd0964fa0da6d0211601387ce5def855c032370562e6c2b385cf5b9ae3364
+Tag = 5ada94656899a456638dbe120d741da6
+PT = 86a560da8d85631c31f979d250
+
+Count = 1
+Key = e7e85f27fbb7fb98b18827a475d9e436a232cb884448e6dc88fa91e7e62143d4
+IV = 53182059b753f2b8cd65d835
+CT = 63053970ac794cdcb541137bb0
+AAD = cd5b88000f5fa6ee680eb1f5a58f4b9e29b2b4447473abaee46c0100bcf47a932edfe5b06af570856e22f0eecd03e564bfd9b0e76aa7a0af7ec06670904d3788bbfad522cb2942d56298c0920844c72a49c01a383337acddce38
+Tag = d227696559f40986538278761db8e874
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 81f41f3d436f32f00612d6fc643ae7e629d39e07d284ea2ecbeb38394b8adbb0
+IV = c003949fec83247b4b81ea03
+CT = df1aaf1e657154f8907318a610
+AAD = 20027bcce2213e14fdc6930a941ca36622514da84ec61494cd56cb09101d40837328e701e3985452f10365849421865335a5044646309967223815fa1b663adace483166a71bc1b86324438b00bf5292b83e0a0caedf3e451676
+Tag = 71de80b9135827fa60fef4c6
+PT = 1486e6e649f98529df4127c1c8
+
+Count = 1
+Key = ba31584d7f4c722826bfcaa4d70d23fbea5435f68afe64a3dada2c641bce1a36
+IV = 7ff0475540399f032b9bd99e
+CT = f527c8627b075faa6cf13880d5
+AAD = 393ba973f51ccbf58a1324323aee15e67c8b275c3c598edd62b2f65b76c7317dbeb0161f442f8908eb8fb661ef1f2b2d2ca01779d91d8c0220a9cf5fb54fe01f5f4f901237cf12a24aed0417ee53f384a579be1f0c9d2d076d31
+Tag = 2fe6eb759df968a56b582ae0
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = c70fcbba915478f66315a15ffc3b11d92c24cbf213cc858f8740713ed9493182
+IV = 5b413f5dbfccc6a7c65ff5c4
+CT = 2ab2d676861b2281d3f740f637c997e25569ec7352e1767ce4c4c9ed5a6ab15a
+AAD = ee7b3521f1363c1fcbbb24c2c65f7ecee99d457c
+Tag = 9a4a3febec6413d461f26364b51237f3
+PT = f135e924c57ca538f72c700fb0c9c103a70fc1935797cfe08024397f1c1a8277
+
+Count = 1
+Key = c444d2bc6b0f14b306d7afbf9b0c84d9f2fcd2730df6d656402a184143a4eeb1
+IV = 89a840f9fede6fb08cce158e
+CT = ff15d0cdaf9b5390018a881a759183ae5cf702b9550cac2de78ad2c6d0da5af1
+AAD = aaade9efaed6435e3130b9c36d8a82d201cce2a8
+Tag = 8655bd8d3213f0873d530c326a2fc15c
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 7524e685058a2724365b4bcc34fb543ad6c312269aad9f636acb01a8f2f33073
+IV = 78eb27945f4466633e7520c6
+CT = 7593749905507d82598b565d57ef925aeb5be75e6c882b13ffd7b169daf07ccd
+AAD = 0a2d383fb4d57cbe75fbadf654552e8fddb89841
+Tag = 14d9657fc3e99371faa46aa9
+FAIL
+
+Count = 1
+Key = 2bcd503525b4603500e76cf0ffd22722a3dc2f963d6ba88c885c336ea0767968
+IV = 93c95c28ec095d974ec10205
+CT = d7b2e5be6922d01a5c74cfde35963240c7a5918cec61e91c6e3eeb677d4b2356
+AAD = cdb1d59ca2c2e0e63238385cfcb8651e4b58669a
+Tag = a3765f16fc46cb255e9b5760
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 4433db5fe066960bdd4e1d4d418b641c14bfcef9d574e29dcd0995352850f1eb
+IV = 0e396446655582838f27f72f
+CT = b0d254abe43bdb563ead669192c1e57e9a85c51dba0f1c8501d1ce92273f1ce7e140dcfac94757fabb128caad16912cead0607
+AAD = 
+Tag = ffd0b02c92dbfcfbe9d58f7ff9e6f506
+PT = d602c06b947abe06cf6aa2c5c1562e29062ad6220da9bc9c25d66a60bd85a80d4fbcc1fb4919b6566be35af9819aba836b8b47
+
+Count = 1
+Key = 28ae911ee685872d906de12d7696351df8ef2234a74a95efa4ea15b327338fe0
+IV = 2fe6a815d4865181fade5fac
+CT = 1168442ef64656ef6577fb42c1919c84aae856388e4db9945bb8c9b8412bbe6458bc400444d5d2bf2630f83468f66f9e46e790
+AAD = 
+Tag = b75f616fd1a3d6563b62b899e5a7e522
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = bd851828af0a4eae981654c3720828ca0a50d651bf028a6cd711819cfa75f4de
+IV = 7c72d4e59014721d4db74103
+CT = e4e814f0de98bcef0b0d0878a8aee9ac9fb57c00bbe26b9b4f4e641fe5f0cfa598c8cbc98e6657e417d95aa9a4062b3bf50846
+AAD = 
+Tag = 83749ffe2d740f5275221cf4
+PT = f71ae49ed7acdb91b55eff7efeb3f303942425a837a56728cb773a22c7b1d3e30771cf9b4d77cc347fc3689a766c3d5af3f7b5
+
+Count = 1
+Key = e10e77757d0e9d1e9e1a6972500b915191ba28a04581a3fe77e35f905a16ec0a
+IV = 700e3d03ca4d9a94ae2a3250
+CT = 8b1ef89c3e652ad8a77f20337c38cd65d7d23c6ca419d635297176c131abfb8985a05ee4a9d55ec3c141a065c0c410d79d61bc
+AAD = 
+Tag = 4d45e2fe715216f38f9d825c
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = e36aca93414b13f5313e76a7244588ee116551d1f34c32859166f2eb0ac1a9b7
+IV = e9e701b1ccef6bddd03391d8
+CT = 5b059ac6733b6de0e8cf5b88b7301c02c993426f71bb12abf692e9deeacfac1ff1644c87d4df130028f515f0feda636309a24d
+AAD = 6a08fe6e55a08f283cec4c4b37676e770f402af6102f548ad473ec6236da764f7076ffd41bbd9611b439362d899682b7b0f839fc5a68d9df54afd1e2b3c4e7d072454ee27111d52193d28b9c4f925d2a8b451675af39191a2cba
+Tag = 43c7c9c93cc265fc8e192000e0417b5b
+FAIL
+
+Count = 1
+Key = 8ce43539dc92ac0cae5333d1a672fdc15cff4e5b82c7571c9ae57d90b5f10bd3
+IV = 4db5773306c66e2be6c2e689
+CT = 83751e2ad6cc0c6ffb9cd5a09b2c4985cc8c29def9c51708d4b008b25719ee3db38ed8c775e0a58ec6611355520a55b6379ca8
+AAD = 944c4ac629c39e4ec21e497f46477cdcb092952cd9f7a86b499962a8aa1a246007a9f1d4cf7bdf9f477bccc226a2056b63785f397b74e8b816beb86fda7bf5a354c6caca4c97d606d463fb5cc486792069a625bdefa065b430e9
+Tag = c1cffde06139c4b356ec35b563bfd7b7
+FAIL
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 6965539ccdca3e97f17ad8eb9bb039544dfa5fee73556cdbfc6b8e0ce87dff9c
+IV = 41924fba540425003cf2ae92
+CT = 18a7635ba09868bee44a6502fd122c816f05a424f75f5b4c0cbc159523ab50484a97f013847fc5fc47e7591acc3dfce9bb08c5
+AAD = 270fd58d7f8b78ade72da1b07d196f90db853c62f4447b9b866854e2570d5c4c2dc0f17c52ce8e236ba96bfd82a8afcb97dc0c07140d5e0545cfdaa29a25f50ec11fff31c765409cec82acdbab2f5a7b30d06e85a065ad3d11b6
+Tag = 3ac26d6e1d8842a24796fc04
+PT = b118fb4b586bfa7c88ba4f8087593fb800efba76e7fdf6ca76cb9c7b5823d31cb4c882a2b658ec8ad29a3ad9e34b9c0b51f146
+
+Count = 1
+Key = 2fc63df4fa4ba9bfdb22959cc75ddcc9356c5d3e63a67ce00d054b60be33647e
+IV = 6eb3731207a1d277db7f91d6
+CT = 6c18f75cc2f98c2d1be13640a5a7bc6e6c0038a9e684bbe52425516e4c0c3cdfd4a698891495ebd18e53179388bccd58dc96ff
+AAD = 011e50ef514f7b8fa8f983fbe145dfc959e5a6ace112e016dd158ed75d63008bfd6fd323194154228634c45af9f8593dd429afefb01145a6c98b78869827c055763cdc93c47b1a47d9704e97cd70a7733174ca7d04502bf96a67
+Tag = 42ae7593632d2600d96e6b5d
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 3f776ff1a7c27ee003d88644754c762667371e9aae00dffd0ad0d27538ab2bbc
+IV = 5d
+CT = 
+AAD = 194799ce3d54ec524cab8a41afe8cd5c2f2b4018
+Tag = 8576ddb273bae6519f83a00126c6e514
+PT = 
+
+Count = 1
+Key = 9626b6ab95ee4a158ac7e4a01c06883b5810d0ee18ef7ff7894b2ee45a829358
+IV = bf
+CT = 
+AAD = f3e9597246eb8557f33b83845844ce70c18b84be
+Tag = da8c8410f94b68028b69371232703e51
+PT = 
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 42582276c66b7bcf2deb654c9f6b16db093a8963ef6ef196e064f36c3b09d207
+IV = 6b
+CT = 
+AAD = abb9198450f4f47be941775b3295f3e452b28212
+Tag = fa6d06623d558696bc5e3774
+PT = 
+
+Count = 1
+Key = 315e2572834cdc1c9784a7746f4fd119d02bd36622fd2daab2ca725b70acf232
+IV = 54
+CT = 
+AAD = e19433dfe11e725cfcebcb1c12c734ed145895d5
+Tag = 446a3986b1fbf8b494a80b60
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = c825ebe0188d645df9044b6e7ad0bd2e7d7979f66fe1079129bac89a3ef1e00c
+IV = be
+CT = f066b20f8f3112c22aaade13fa5d2130
+AAD = 
+Tag = 34b862a08c53aa8938bc3fd5ddfd5ea0
+FAIL
+
+Count = 1
+Key = be676f4f9507e719d5489d36fb65ab7f3f73db18a7124ddfc4c82ac7af18e128
+IV = 74
+CT = 8ef69c8f7114eb49e17ec3cac4c7988f
+AAD = 
+Tag = 4b1385fffed281cc946ad075c9939514
+PT = aabc367c582bd72df9107ef8b85cdcd0
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 4001b994dad4f75ba93bfe268cc996337eb1dc2082cdc9b376b15d0bb6dddf34
+IV = 90
+CT = ceb9076b98f0178efabf6bb36d1c3aa3
+AAD = 
+Tag = d449d75ee5b56c91f8d7f7cf
+PT = aca4c8891b86caa5bcb05f6692f15488
+
+Count = 1
+Key = 2edba3fc276d3a856b2b9d4cb613454fef1223295078b670a52a874efad49e23
+IV = e9
+CT = 5bbd4b34329e9be2351149b5652d2d0e
+AAD = 
+Tag = f38f9d84f2eb06159ec58523
+PT = d27b19d14ccb114affe88fb0629131d8
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 12a66e875a13e2e3ffe5b4271bd99618e98497b1a205e984ee5baa4bb31d007d
+IV = 58
+CT = a3c37616204fc161a8958f41e470ac80
+AAD = 6dbba1ef08503b809bcd68a19117c022988db9e2893600714f576e226efcfe4e1292d973ac4d738776fbe1d7885320b130f5468594ba525b509153d4ef6ec010c2a33cb1fc1aa1cf3fb1b0ec4d8beb182f9649aeed4ef198be40
+Tag = 39840879d0d9c233fcb220b10072d24d
+PT = fc2aa0162ec9b7f43585be5a8b5ddfe5
+
+Count = 1
+Key = bcf72ef101ca082fc3be63843064b48ca2fa613472b6161e23a9604a27694f3a
+IV = 9e
+CT = fafa047fab9c960a5c636b7570e180ff
+AAD = 7ac7daf7bce96a9f114fdd79924536890b11a57373c7029dc4c44865f0c95ebf979aea534923bd896a3c6cc57d3506bc49936349d354768b3ce6e1ee4306620862431a68af9fd8d44e73c4aa224ec69472f40bd0299f223205fc
+Tag = a9aadee87bef634da9486ea6766e7028
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 40b16434b9b6f6a665165b525203d0597d592e12ecae0abc09cb43be19cdeb95
+IV = 18
+CT = 5f80456370c25926aca9942a56c178ca
+AAD = 126d2b78f45ccbdeecacf15cda512161fe3267219eb893e2698586a30eaefc9fb98d2c298747b509e10fe2aa8d6fd7ee254543687823d86363e63188e9fda32cc0205033c319891b3de3d0cdf124bc712fb8a734ffcefc9b2f78
+Tag = 4a19c7ab1a75af2d0e0e1cb5
+FAIL
+
+Count = 1
+Key = b390f8a5eba8d1b2ae831f48b5b8ea8b2d54133e295f57801e0becb6f1957e6d
+IV = eb
+CT = d7f2502cbed1b5644dddc23a7796381f
+AAD = 4d90314abbb6abff60f38e9b29c27001997479ba43690f896eb06569b20c0fb001e04dd1f04ac0080afa681b16192057c1b8e3012abdc520d53f22a2262990215a3ee954e37d311b312a94bad3ddea5cb41ffa83ea53c8dd7f65
+Tag = 286eff8d4ead86b419fdb81b
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = f8a131cf0544a39cc0c82b93ace7a09377619fe91d73b8eec79f6ebccd7b6b71
+IV = f4
+CT = d84adac8b41906144899f360ac
+AAD = 1d582097e33cd54ee6b94be5af2b3d5d3ea354c8
+Tag = 9aa549f16afdd3bf556ad26d44197a53
+PT = 0f572ae50368c95caa3abd9cf8
+
+Count = 1
+Key = c7260179792734b209fcf7a17df921d9c09d9ec80dc5141aff7865f2fb174a36
+IV = 6d
+CT = 9d1427960aea1789139bb9bbc7
+AAD = c10ac2e50db6f027965c636c79cc94c5996b4068
+Tag = 3deb7c2b813dc1470278ac30eb3c0596
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = c3694a62a3dcd9a1befbaeaef4e353b91c768da746a171ba821533d7442c50d2
+IV = 43
+CT = aa6009ca040fce6ce2bb6700a7
+AAD = 0b94bf672df1d940bb661fdef56ef44652695628
+Tag = daa8ad83391541c4903926a7
+PT = 52c3f2bab3c73d324e17aa131e
+
+Count = 1
+Key = a72814a99c3a0f9577260d8e4f2d74817726c180c742058b1c63d8c0d76b6821
+IV = f8
+CT = d4270342460893967319033583
+AAD = 5182c3ad2d31600685e69cbb3082873cafce218a
+Tag = 71a570a7660be8efa69f1ab7
+PT = 421c56c6c75fd8cfdd4f8f51ee
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 6b0e0486fcafad208bc5c7e91e36f5667c35bc5ab4b593cf3bc182d928583c2e
+IV = 3c
+CT = d9b46d4ebae93a3a2f28dc643357676e752252ea13fd57807b2e7a8b581e4712
+AAD = 
+Tag = 5a484bcf56b75db1df505af1d0d73845
+PT = 8e9d2a27e989f7dfa232f7781dd2774528886e16fc1a69030415cd19cbb73831
+
+Count = 1
+Key = ee38f85a00776133b4b1d6ec881c4ed0cddd25e40353b1757cba4d64da035eae
+IV = 77
+CT = d0b46eaf797b95a3baaa96f85d583419ff46380fc4d2b59fb669e5842bcc9f9f
+AAD = 
+Tag = 6a99431d1d667c3aaee0b783e0e1d2b2
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 731a9de8dc00f42e091c58d5a2540b15d68552cf98258d17d357c4b4eba81796
+IV = 0c
+CT = 4692b8d3ed38ff5fb24a3d471bcf95f8d82c63391e7e5f81e0a19e8b767fdf60
+AAD = 
+Tag = aca211825f91f62255697622
+FAIL
+
+Count = 1
+Key = b6089a0871cd890b5bb22b867aa883d5bcee76749489db554f0297c934cc3186
+IV = 54
+CT = 4891582cb107a2a50a0561928fe86376657062b6dc9e44910162fe11e5156cce
+AAD = 
+Tag = 8e2c111780ad59ea5ddc3723
+PT = feea762e85da23317ee181ecf116c5a4e3a57d2e3c7e1e7ec49911180b8d2582
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = e0058c8ad1ac1cf7d4f20f51726bb3fcafca418fcc604fe8c93d3ca4ac23f607
+IV = 9a
+CT = dfbd22cd1061760419f1a8b700fa62c844eb10225a0e89d00a85e69e2dad46d9
+AAD = 1e9c794eb424842a4033141c751aad3914eefc98ee24550d92bc19eb7fc00fabd7233e63ad0097a20b584759ac607109de91ae1d2c5799e0ef9fa8ad43878462a9fe2dc14597760fbfea405646ead051d96740320abec79050bf
+Tag = ca7bbdfbc8b11b5198a038d518a5e294
+FAIL
+
+Count = 1
+Key = 5481e93ed1f68552fb47829b7a1129112cc0159d312f7ce522a08806a9373341
+IV = c4
+CT = 421abd8f5296c2ca44ea65a486c370b1ddf3d241ec250681261ed1f53f93fb08
+AAD = e527b6dfcc482e21365e007c4365c9763b7fd27f6ddf80f80a7d3253761a74849233d9df542f48a1383078f77228f1922768627f533d41da58b6f7e3e0d194c6859cf4c3fab6461a816abf10b2bea655152c5a3bcad19164f5fb
+Tag = 81b2ac3e24342faba9f68677988e2387
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 2209436bf83afd89fabb4e57622e50c29bffe50d752ce775306445e9c7d135eb
+IV = 78
+CT = 2c4c04c8a6cd65a56b47740cb795ce448c6be3a715060db0d169c9c57d5d242c
+AAD = d87fb0ada67532525f1d01f57173ccadadca7c3bfed3a618f0d59568e8d71b54ebb77eed9c2c15816d5286b2c764df0b390b97817f11f4c804423f883eb18d36d2ab9c365820bff39eb9cd9ca174dd509a8306b74b6ebe0de424
+Tag = 5ae40aeb2daa2e4b1c5048f3
+FAIL
+
+Count = 1
+Key = 0c2453d855cfb0291d0abf2a7e2fcd11a3b82f504dbe9e75da2b29f418b7bfbf
+IV = 28
+CT = 1f6cccab0dac90719986845092fcc01eeece2c4c61c785066346bdf6a6dff28d
+AAD = 5bde8b2a74bd32cd882aa885612974c824663501b281c9d8e6c4b760419706648c8ff825bf06edd7a3651ad2cec87fdadc0fa9257401f5c3aa581891fb1c2cdeae95718ddc8eb26bf3e3f81d54bbdc5967112815cc0041d80d4b
+Tag = 18c8fd2a383a76ec8ee43689
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = e0ad3e02ac344794dd68ce6738e760317e8e7c79e7ed751d68c126af7de05a71
+IV = a8
+CT = 927b0fb4f7238130e624a14ec411ca2da4d6dcf340caa64146ba9a23495ff9bd219f159832d6ef243e5d91cd64f16bb9cbc0e1
+AAD = 5ef5481fb1e605dde2515bf240e7a4e9ee2bdb63
+Tag = 8d88d96c2f5c95cb0885363a76e0331d
+FAIL
+
+Count = 1
+Key = 440d6ae5be5906c4c018661f546be718f1f269b6b5f01069e630e0a1d635d680
+IV = 6c
+CT = b185ba5409e7f35b3f6ba967bbefff4aa7d38f89eda5579c06063154b4f4e0f4ad714495ef123cc9528169aca24d9dc6d0a5df
+AAD = 1ffaad771256d61f3999980472dced52796af49b
+Tag = 7acc38bbe3c74b58006ba61dccf6c666
+FAIL
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 4152bd95c23d155804e11f0eb0ff0ab19e7ba2f28fbb480371d36c0b6143472f
+IV = 15
+CT = e60a3a7499a9ac9fb6a6d691af10cf252df1dc4088d55f246cb4726c53d2cc3a2ecda7f508321a855c2530e1a5b52f381d1246
+AAD = 44491a493748be854d4079dc127584b886e877d6
+Tag = dd46e1225a7b25b7c00e4ea5
+PT = f296860cb23a7c5f250f26d1dfd884bf6435066ab0ab04b6bd859a04b07115a779b5a2da2c59e69c762d48f7329a5d108e7f05
+
+Count = 1
+Key = 3358615bf36514855d9a454e7836fc4c5f914913f727d60d6b78d34237c1ee62
+IV = 68
+CT = 50dfd9731f9a1038c496519d9a5cd7c1aeb3c806bdaadd7950282f546965d969063442eddf73249f9559b5610bed5b0f40055e
+AAD = 7f34c89fd7bec45c876c9230d8caa1bca7fd34ca
+Tag = fdc5f0e9cc159f450f2212f2
+FAIL
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = d8889a3eb919d0d45d4c6b16a31957c2aa7c6c8c3aa704709b52e3552146cd90
+IV = ee69050b106bb38dc2262ecdef82ac5954860de6d6e4086cd1f72e5a9964af5d06e21fdaeceab1cb0c404b1adbc01da583ac077cef03fc6488d7162f7d02c217265352f493a77d9637940fd0a694be8bd9322d76d301c2733c4ea23113a93722b97e5a554cc0bb30a94c09e5ebf8b46de2e8be52c81463dda7cac44385a3f73b
+CT = 
+AAD = 
+Tag = 53f9b45aade7fecbf759c740b4167d8e
+FAIL
+
+Count = 1
+Key = 19c1058a587b6856aa897b226701eb3ce3fad5ae288a785e393274adc55fecc9
+IV = 8f6ebfb5e76f8c09222c2950e70eaa3324de28a6fbc5ba2ae49470665d9c665da5a98288cf442c5a05a2d932efec48b02304050ef306eda20f17442d67737c8774205906d40abcbde27af644ed3b1a080007a34516d28f50afebd156642eeb2187b4c044516d2e04264f3ea0fface9488d83e5123363245d7f4cf5cae0ecd95f
+CT = 
+AAD = 
+Tag = 76881360934e46c36e87eb40970a0776
+PT = 
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 6c663f093c7298eb54418e93c37cdc7858611eb12e5fbb82bd9a57598ca44932
+IV = a03bf161e18b628ca49f5b8712833d702e1d1619473b5eb5562f13fc95628319f092b142caa4bde3022abb67d0ec4bf10590a14627193862985e4abb22a9ae2a3f8e0fc7442eecb745ebebcc86a14b068eaf1da3a752d9ddec7f09f6aad7faf89c5deac5234f69a2da3af67497c0081d748b6c8abb6888dc7aa951c17a9a3554
+CT = 
+AAD = 
+Tag = 7afc1bbcc1e427f0e77f8d98
+FAIL
+
+Count = 1
+Key = fdf326903976d3031fc5eadaf319376289782384cbaeb917e2e261c8cbb044dd
+IV = b9674050a15d7f8efdc2e18f84a47ac7bd039e80c1389959361264b6b39f724813cc67de431d8198e07c83ec74354d73aa379ef463f6213b6d7001c84b2e5a91b14668fa1095e8afe1207bcf2c62a63175c73ee25b4fd869a542367d8cdb9a1c8a88f5325b09c941ef08d20ed90a2426f7e36753c094e8c93156920d5dde9a26
+CT = 
+AAD = 
+Tag = 0dd221d4f6b22308ed916675
+PT = 
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 24070ed39091c53fc012b33c700387fad697187dea43dd9d51f3b360daa7bdcb
+IV = 1f0b9935cfa74861e93555a7fa69f99418cc531bd893ae50690469077ffa1de7820c63c01fd293515e901bd9cf7489bc5fdf3baf254e75f68f3d645b5b435f0380b37660498a7849dcb3c619357961dc0383521a93e888314913731744a6af85cc37c9ff4cabea0a2c1e6fe76afa1cae0f0fbee42095910db17e134280f2bdd8
+CT = 
+AAD = 5d66fdc98f3f7a7c1b5a50f0d2be85f97adc81b4a267dd15bab41e8d3a13a2d28598b7e9ca0e250c7dde74b9d1d5c72c022db1d76def66e66410afb62e50bd1c000c1fdad67a4abdf99c19e0879790b722a13a5a141725a619a5
+Tag = ab5de5d42c724791a294e8815bff97c7
+PT = 
+
+Count = 1
+Key = 88a1deb30ab64c0b0895dc718aed864ad4e082269e1a0c8ba283e8aa30070d9a
+IV = 72568eac0736ddaed81c03d9ca30b584aa3b5cb65269b606a98edcfb5984406499dbf8d2a7db3cc853f1bfafce2f0e9a7d8f5c7790a4c584169ead385af1987e8980d8a71c1690c3b44d767eb0783504c737e31ec4ea86ce7ce1ff82242f6612f4ababadf891dfd0151b50dc615588668cb29e857474f2050af6bc86d9a81d73
+CT = 
+AAD = e63ff92df73673f1e4438240ad5594baecf595ffe23b0346217c8e144a68fb80337e9d918269c53fb057626ac99706ddfebdc32fb4577daee62744aeb524c04d1041a284e21562e64eb5312bdfefd85a6ba5a43eacbe11155aef
+Tag = 159d7235a01f9c2bce9abe5da9c258a6
+PT = 
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 706422ba143c5397dfefe3c990fa6c549a517f9d0d21a1e727d0404a330d8d09
+IV = 40dbc0fdb6e533a982056402ed75d252153baa942261afbe7deb9f43ec94bd58246dcc082760cea888f764c0497adc0560c1fefdf89256b3a4729c62dba995851d98559ee77e06881f983810c6ec853fae3973b34591c29a7a8ac39919c66031e559cbee826be1b66ac73b11c0089b376ea0e9fd349539be311ead17ab90435d
+CT = 
+AAD = b14821a83dca736f542f13bbc434c0c1838a0969274d00165cd316254d45f0b1256d0b3a6c7b31d5910386e79b7ddf815b260101000446287e787fe2a8942b12c295c48f3c7f61743bba6cf3ecb1afe2d504cb6ce904f28f1c19
+Tag = 9f4e8b225c79c1ac37d56b2c
+FAIL
+
+Count = 1
+Key = e1ddd19a5bbfe9a024252fcc009279d0d657a50efe6053c670a01091b3ed5451
+IV = 392729e24a538a6dc5021b917d19c257e0cd07b1c8959fe499f2989cbd72b609ffbbaca2a4779a0d51cc38f1794f646394668eb4155947b60c518ac0dc8d1735c74608c9b3e058eebd637f1f24eccddbb846ce31ce5252ba5eccaf6451aea17ee406dbd99dfd57d888bb4a737fa9a37b06049ac8a2d84f8d753d901cbdc5b569
+CT = 
+AAD = a504e71499fe66a8c0b182b8e7be437d01a731b0420aa94d946edbef58489dabf8e6a02f6edd2e1e5441b3dc9aa83379ad8b01895caac50164251fc0ca09270870496180008eae483997027cd4b842d63237a593e9bc298715b5
+Tag = 8a6805c119cab92e8c3f6737
+FAIL
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = a2f35d1f987369c69b195ba34bc06fe560935d3501de61f0778ca2ee754b23c9
+IV = ef5a30a64314a79627659ed40d9f3de54047739e9a07b098b8a492ec5ad1ac3e09edecfd512bf0b593142eea287e663568bca6551ad8583b2a08a780f68c6eee5ff331bf415d3dca547fe9493cdcee0186550bb2c8614e16ebd81694d39702df09d7e31c927d17d4c79633c566f06ea1ea59e07aaec4becd206de480adedb8bd
+CT = 6e888304b8d6085abbcb8e9083b71e89
+AAD = e105fe7a4ead5ef5b28ae19f123e3e2543a8c82d
+Tag = 51327b208dcf074e0f52a00029f1c603
+FAIL
+
+Count = 1
+Key = e5174600d7eedb75c5a3b5e8be62b2347441d04bd6588b84e47918609aef8883
+IV = 49d5138d0571178de7b239c56a3549eb18483b1df92d1bd5d267ce0ee51b15820d8a24559d7ced06fba62a2c6005e7fd96772d527047239ef278b1b140697dd16b7c3befcd4b15211305827f38aa64ade811e152634765b542a65040d85c6885f6a472da26594c1356f95a8fd1af0c883626bed4f9023b716f5c1e38be210445
+CT = 10765210f9066bbf141eed5b2654ea0a
+AAD = cc546788a6bd048711a93aa693cef2d9f74f9940
+Tag = 6337b8f0295d8539b9d746632ad2940c
+FAIL
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 30f3d2ba0b4c8259a6f900eaad2afbb283aa3cfda2ad7a1d80a4009fe1e18bb6
+IV = 80adfec2d4d8fd8ec4cb8deac3b2201d243614eadd43c18b289e99dd69a13cd811b660dfe8ef5cadda57763e4fa3a6ea5af29c898cb18da31a10c6aee2bd54f5aa9dc40db9d80c4be8693898e3cd9c1b8cd2180370d862ca094db9bf927aa97aa3995df4c966d5e29076747f501867b6a543b75318212e10d22a6e17d4ae1a30
+CT = 030ec395d19d9cae7b64ab93421c89b1
+AAD = d6109bbb723e2d896c82afe66a2db52b76d7d4f1
+Tag = 54c33117ad594bb792a956f0
+FAIL
+
+Count = 1
+Key = 27af2dd86f21db66f31a00d7726e9a64f5852bdf846f8acd1c15a6fd0a5c5f8a
+IV = 851acf249daf38a4f705bc053ac63eae37be1c8cdb820d2eba1eb7dc900db3237f7ea583a925c113969a137c7f20c755d31a73f8b3e758b52aa7dc56acd199607638059d666d7f1bb9c1a1d770859b064572d7b17221c08d920e5e3f3e14d1425cf34e128d4ed4306d8c8f37bc28f965f29160a368ecad9035162e125bc99be8
+CT = 177b99c6038854ed540afd313b9e04cb
+AAD = 1a83e839285d1b6cb48021d645bedc94d58d8d3f
+Tag = b29830271385283dc6ad8891
+PT = e62579bee002bc2e368b511f90fc2158
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 437b8739a582f162f558a947a30b0f0964cc742462e4d54d9fc3188f524f2e1a
+IV = c6916d0b98c5b036be2d26ecccee4f83698ea188bb9addc0909f0eaa1362de71afe6f0dbb2e830bdd5ceaf3506fd7997622a702896a815d842a1e38c47d8e7efda283921f96dcbbf593cfaeda4adf76fbdd9a9c1c181406da7c8bf64196b2f24a5587bc81303eeabcea54e1205c0899c7fbd80249afb86a788f11797d45b770a
+CT = 806f04fde04c24eeffcca79db7
+AAD = 
+Tag = 1be4dd6c4b0dc496f5b520066ac092ef
+FAIL
+
+Count = 1
+Key = 60c01a94489d0b197c3eddddbc3827f3745963c0ac3924d6f3f0521aa553012a
+IV = 8fb710642df085b938fa55d90c6d9fc9fbc9759cd0013707d4b81ffbfd34e948b95b478dc9769711f519eaeef959fe7ec95d089e7d6e4234d945cdc7ca6bfea9b87aeb5d065b3ae95997970f273e3ef3a8cd23e1f2439302148be425da6e936771534eb26f7dd32dde2f72beaa3bd3d0f853a459887c3f226d372f283dfd4533
+CT = fac5f71f800ebe4aca4d06a539
+AAD = 
+Tag = 63b121a9efc76792d41550457f5aa2d7
+FAIL
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = cafe97430cf59ebf0445987fd1ccd152ab8df7cc5be169e77812181d7cc3b0c7
+IV = b7e5f323f84df4a094194a2c6331b25542d5ce36b199d5e54decc7b155907a6dea622cdfa3d19359581525a9bec7a9d58a2ce9a2149fd61f1633062da83a88a368ee16d2ce8c5554cb3192867c46738ed0917c712ea88b0554dc816deb5a0a02a09287a04f98293871e0517f67e5d35726646110b03b8df3d36904fcdfc759f7
+CT = 0f6751b5fa29c70b848306fc9f
+AAD = 
+Tag = 19e3a9bd3d97ac6f27e587a3
+FAIL
+
+Count = 1
+Key = 6ee4af89a08ea0f360e87a953cd5a67f2dc2a37fc52b756784e09ca2a581fc04
+IV = 0fcf4ed9ae002eeb8b93cc09df647b5f88a80b3c1bfb86a7ada87d348e23401cf725a3897654df85941c06165c782f2f01fbed4643f07116c3689dc3160be98976691ced253e066472dd7ff0308c06a4d114030002b66e8ab18fdf389feed212d63c67153879edec4d75a4fb5c1df26084cf07f3651177155a0728a7363ec4f3
+CT = 7f9b4717827d517ea978e24897
+AAD = 
+Tag = 72eff58a805947fb59527ed9
+FAIL
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 252af4cc7b1fcadd3d7cf447f56c65661783eb84058c1e19424590b53d76112b
+IV = 172f5fc3f7b4ed7f905db3ea934a8fdeb398c8807bf5d804eda55cdde29d88ceede0dd00e198c59548ff5f6e551476cede090f27c873bc7204bebe69db7009336f112c37b91a9f955233aabf2d0e4c5463167bea3cddd4b79b36c1abdf71e38c09e70f952ee138a854cab3897f294d54408866d925e855a108f28ed1b74232d8
+CT = dc534a48719af2ecd0849cfd27
+AAD = e1f4d8794624df8f5af5f80d1276283163dd2fe711792c5e361d42dbd543029c098a9c06f2fcf8015a1659ae32ba88c4ec5405a2632b260971bf0c89d3f3dc24ec7a31530126bb66fd2b1964ac0043fc13b38dbb84fc0b523794
+Tag = 6aebb466d5d4bc53db23bb68e4269aad
+PT = 731df3c7179b75495d6c2fa457
+
+Count = 1
+Key = ea3e43c7eea572f2a1d8152970724deea0b5c5caffe54632f58d50e8e75a314e
+IV = b01bd5f10855d76b03afc274a495d1f693b51d84dded9279a4a12990c30a66e3be9869910f1c3c579967a50ebadf51d7011907f2317e813c857bdb29dfc4c78cd60ac4cd6d56820e2819c0ae0066c6788d78bac8ef3e2c65daa2d27b41809bb25ce173764f16895b48692bf2d329b26adafd72d684eaae4f486f507f07a8812c
+CT = a37b77fb9cfc80f4573b5ea0b2
+AAD = 3d8b232ccaf8e4eb547ffca7edba77b84f0f3a1cf29cc1f311a7eb636a550daded231299ac023b0cc32073d777c0fd1895a4eac29569bd400ec997a6ed34e6b9eb15ffcd27070e84d0ba7248216b371c83a93dd48c9f6c7795fb
+Tag = 7ef16e4e0387151be5ab87082fd41a58
+PT = c53ff02d0f1618186b94568cf5
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 72b6371844ed784c7635eb2716a91ec5d1a0ff56d436a75a4541cc2fde91dd18
+IV = 02216e5fd7d679620793303dcb1bdc4bab145bbff07d5256e0ecd03e23659aa3d84a1d979d4e025aa6e67216b6812e9d53aa1bd8b2e10c6e2712a9371b27476f1948d82f4c00df4c4d0b837a9587c195163027dc534b13eb1919bcf7ca426ab698dbcebb224cab23308eb1592e194b814d9aaf2d9b311cd234f9618bc8d8a62b
+CT = e6f13a3966d5f67954041430c6
+AAD = 925715913fc78045febc8f5e13ab3581ba8a8bb7d63a9d90ad76c51c8254fdedb74cc4f81196a5aac0e384c8a6ae7a0f98cd3d5e4b14d58e3c3a65f54ff030b367935209da7e3e7d6de3bf2dda4f801c0b0ca263dd93327a9ce1
+Tag = 4bcd2c418c50d5f7b86a1c87
+PT = 46f2bf732507f52d766bbefab7
+
+Count = 1
+Key = eb37fffe28a709c69998862d774f1eaefb462d70ca724a75f1bc18524210b8a8
+IV = 40844e3e078cab390407157fc975490a683338c48ba313579784343cc3f586fc5e2acee36b59b67bfaee35f5980340c0f0c7cc8702389ec3f00f19373fa5aeaf8771f5a5371ef928745e603fa67ac6249d9898a4ff2283ccd01566d647ef77b343da75e6d35ed02e1c3134893e44636b8bf26d97441697cbc4b4f261b6de7be4
+CT = 6d3b7de3edbe5a4d2dce786026
+AAD = 3c21ec1fb8d71ce6874c90a2b2ad207dd08632da7e7d2c934c8f05d8e3b65b3cc8825dc32b1890f9b586f9a3cf06781a1f577fda48f036d56e0588c643a39c987dc50c2bf6d5c7e92f5806ec72cf7ead18e7a02945b8e15e4043
+Tag = f5e12b6302a5280c93cbeb06
+FAIL
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 655c77f205c07b92bdbd8f085d652c9d4ba825dc5bb62eb0093fafd149ea6ae3
+IV = edf94065be8e25b8c59ac9112348da44817135d2db46d011709913718b784c800ef48267ab8193ef30c933fec20479ab018014b2e9a0300ff5bcc1070fb78f4bbd54cabf5f0bf096ece45f30e210ee4805de26c286f6b155432d2a88eab58898bfea15a64d72dfe76bbbe068d64e9ecb8c2b6463b595ab3deba79f21658bc609
+CT = fe2427aef5a420dc1ee37798007b59cb9d0a838df1af86b2e96f2d3451d4dddc
+AAD = 1104f621608787d8d0f65cdab10333eb597f1461
+Tag = 27eb72580097f5aad0fa91f50ba6f5f1
+FAIL
+
+Count = 1
+Key = 8307e3c68c0761e3ac4df14bd9166d44bd8ebc2fef255a61534f1e9df5278d93
+IV = 492669cb7099e340c31353faa1a96f1d43ffb39932c9370f5d119f4f5083b00ad2212e2a031a6e3ae23e98c5794b62741b9110eb85730e3c2e2ba1c2a3dfac490f18d498f466d0d793b8cbb5a5e8e9d140a89f1a2afb44afc7cbeff37d77e85852e51f84f9b2335a5243c835bea7adde286c4af0a90b6a553ae10e978e5d9b8b
+CT = 335875922c6cd3a84946ea961a06e90cbe74413a30fe5657a6bc845b25e91c44
+AAD = 17100c6e20d07f69fe1b3778c473417e299b4e7f
+Tag = 687a12d577694b096d81a68f49d6271e
+PT = e9b40cb4446bfa11f0f24c014cfea23c71e5f87c413e44d433777f33b30ebbad
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 9648ed8388ab79fb328edb50d7a4f433677c395b5d40bd186cdbf52d9e153fd8
+IV = 3c7ab72888991252c3eb78d48c4ac6cecd1def6fabbca666bf3abdee30d71688356ecf9a40d5e62c9bbfeefab6f7f539a0de07fa31372423e0f8097d0d49cf7387cdba0dcc247d2279bf564a0f313c72d9ea503d5df6054a95c6584ff4bb9fb4e0a8ba03dfefc85ac782b7920e598292016d2b576e8038fc564065619dfbd6c2
+CT = 25e66caba006543164858f03adaa9a0bf273659c9ae20bc7ad800ab9367a7d6c
+AAD = 763c19f15de186da96bd517124dc012792eee267
+Tag = 7e221eb78bff1a3acf2ccc18
+FAIL
+
+Count = 1
+Key = 1da1b0ff950abf7e68bb15c2a8aea3add33fed93e170c09b17632189ab9db031
+IV = e2fefb6f3c258598415748b2165ce187f96a7bbc04a3445b619ca2361c1604e88c921f1d209b2a57422686c2caace123f01ab65a9edefc304ac50911dca79c5419effe9151df78228f223f087d4449e4de63bda10b28553d5e968a033334e716c575442289b6dd077f40494ce5767517f7043a71b4030a110f4a53d1073a320a
+CT = c90a0e9f2d498a0856dca24c4acbdc8774b79643677d644ea1e135d8101fce33
+AAD = 2ea4746d16cb9088aba6cfd2beb26ca49c9551f3
+Tag = 5513db7d90ad3e77f8b21204
+PT = 7298e7e9ac4fbb933db72d996a2cb490deaba35433e14a584a9980fb9a439eb2
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = ab2e6a474f948e0f80de2b2342d89c39518f05308c4b4b5e87cd9c6642153773
+IV = 01be55437efa82c9036c797978b747469ef6b4abd5b495ca5aa817d76c7f55f4bf360a11042a3d17e8624cd48d9ef6bc9b2db3034fbcc2b6bb208dc6876c9afc2119b8d346d38ce3fe61cd1d119c25cac8173a1cc4053456420a8a56f9c1a752a0fb23b386b8267d411603568dfb7e254244b5b901b84cc212a0d4a79d95fb53
+CT = 97ce2f1d4e450d791a30d36e9f9df190d5cf9714b01c3d0562edbc35d7a6cff2f8758260426fc993fe58bd3b92d2040f187331
+AAD = 
+Tag = 4ff61cb030c0af3a2415ba5da07c0fcc
+FAIL
+
+Count = 1
+Key = 94ccf0279dd20f5a292f0aa1ac58e4821c408bfe5d362d81bbe42ba4d586aeb5
+IV = 3b76749d090d983ac602a56a7b845e755b2e7713f8bea102921c3d5644105dcdd4c44d6d7fd4118555ca25dfc4516a9a43a33edc309d8c3a94c6e2014780daae6ab4be4208f2d86bdad3d533d07bae383073be27f235e624fc75ea9ea38868390ae9775254d9a6a3e7e82c7f7f945c3820c696c08ea7155845630a751d2757d1
+CT = 141251168ec7cc64a84816eb390c436cf54a9fb1958436077f3ca58695041c28a32c51cd0099a2b59159645e319cf8b2a3a348
+AAD = 
+Tag = 7854686148d36addbbfe24b752aca26a
+PT = 0f7962ee0b74fd2f759be781dd399845ff7337dc690286d86d5d80f66261aaf9bafce9e86012f49ec44b20f3bca064247d1d03
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = f4a29f6d975f2ce0cca4e9a82a40e695a7793883e103f639ebe2e070d780f35d
+IV = 63366ff8a10805a158e02a91885507a3b4afe61b578231ba04bb1614498c83edb82f888258f241dba4d4339a99d17d854275ad446a76cb67a7426bd32a8bd1ad1f060c4a2407b50c585373c57ef227a067ef7d74382f411ff903c0a728b2503d9de2e7cda0900f3dd47ad2265fd54d947fd679beb60a698631a61320ca64eb60
+CT = abf2625f90886df52e7d851e735e5b31ed1720aca3bd80273f666956a59e320bc975a37fa3fae24bfd807301d08a672e9047fd
+AAD = 
+Tag = 53b7bfd200a6088c01feeb57
+PT = 08a2fe8d970c5789bf010779fffd5cbdc2819386ab5af5189d5ab5d41b10372347fb2108fa3de883b13cbe4eda0972804bcad2
+
+Count = 1
+Key = 2d5d46727cb754321d46d5dcc4b7ab20e6c870ee58c7be1403b6238615f41c3b
+IV = df376c1a1f4d1dddc66feb9572b39d9e9fa4c57b9bbea6072282662f3327489142564ce4656b9fd91d2f78d091707bd3042b9f6f9f833990501d57abd23a8b0e29a427d6ce368d673b7c4fc7a9c8a2ba6e7e22bae5def376d8a2c5ac974f2845c3116bf619f385f57082ea624df17c690b69aa74666b34e3dd1b3d14408ed4f9
+CT = 23d45d59069441e2a26dcfb0cea4d1a158226c1e4d8389313277f2e9aebf6a178790d6e1589a12235190a28b67fb4b79b707f7
+AAD = 
+Tag = c78945c9e1fa6598fcbd82a4
+FAIL
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 871ad37eebc6847944f7e42fff5a65ae62c50854486f63c08f6080f83c08d66a
+IV = f91b2d31617e9a52042044f57037b096477d90e6e9d6f40f6762ea48fac5a182502ef940d3d4c86a48f7e7c2c8d6ba55ddb32769dcc31010c044a80fa44f201cd8726270d6f70ed01378abe1d934d483536ba608e72381fd15234ad14c5c2cf083c0d070228342968ff5f66d6f23951c54c7f79c82e236e5517f264eaac093c5
+CT = 02101f8482052cb7706800e8310f5d444d672b6559de0b8792d7c64cb1bc587dedd631592ff6e9c8fa28895d36859b973a7224
+AAD = d5f7c1f68965d913abc6bb01b33d35a317a7fbe7ba2e53c73d6c44abe1c2160d545d2624f25450ad7513b2d32ffa8578c30e96d7ba49b3634d99a15ebfb37decd0f8efc32aab40a0594beba0dac6f8daa3ace91bd09549a1f5e1
+Tag = cc4d950b8c3330f048e3aa3e3cfbce21
+PT = 9089425f0d9d17516465990049f01a2e8e5f91c2faea8468973606c12b507ca072818b4fe2d611709638d21e034dbcdf47cf59
+
+Count = 1
+Key = 30d75f15b73361f062bbdb12a584b004b740e2fea40e49ea9686fa9c7605d139
+IV = 8ae19b2e82dc6ad1d07f31cc7cbf14c508e493253e86d649cf2d0048076cf2c59f1a769aa2de652aed8072d816ba6604a24f6be134c0d858728f8088b2a04337c103456c805e4b8efb1fd988fb66252ce2f0daed849b2d871560227c319bcf88446565781dda789f5c65460288c10e94dc0bf4ded61dfb19b331764845b362e3
+CT = 2cf0db85fc93bc584da1a4d95e30bb0e7ae5caa8f309f61d4ca4c759ee260777240855478fdd91ff859613077ed6e0f8235018
+AAD = 9b51b73e0c027725380c2e92dbbb30726c1cfa5ed8673382cb00c455b066f19d99c08002cad02734760ea3dcbbc08af59bf0884ede09e864aa5b35237c9dc9e57e367c4e247a136b4332a9958fd3ce103ab17fed5e76facc8c31
+Tag = 468c4129010a2d8164e75d957f518248
+PT = 7634ce717396d24cc5a6e3568310afb47b8b613f856c095672a598b72ba7b4204d1d886e99be78e42adf39c84e91b433437d4d
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = f74e8cc15bbc6002a47764bdb2c8a689c0fef784c83bf20db5b6e98f67c96023
+IV = 93574c8364c7553bb798ad6fadb689dd8d05fc251d8957e9fb37b7ed515540ee28406c1e34be4a35ad51170bacbcd524d466345af6f2ed7cc05bdd3649f7f30690a6f20447c464c4871d8de57e73fcb5b65dd89ad062b51010c453776b629d2f8cffb1547637de4407e7db20b2a9d2a363d2f4f3612d7bbd7df8f5622542800e
+CT = 6c969bf473b092e714ce384391ba9945cd513284743af384a7ff772e61c3067a3b2f64b366f73723b9263f9d30458a5acd9ef0
+AAD = 3f7c839a5e148ee440c55918ddc63b875c3a44e1df37abf8921188af269530afbce5fbf4a334ea5e71d428f2296d0742f1290fa2565fb3d7e8fdb78ca5954cb942492f1c617ef3539cf45bdb5830f3c7d0c95adf0a054f810e8e
+Tag = 02fcd9d624b3c6a3d2e709be
+FAIL
+
+Count = 1
+Key = 55680523b7056ac2c365393b9c7bdff3df75528e73baf67ffa615323b9e84543
+IV = 9369d44147e81bf35716e813702f67435d05901a16ff3540767c33db4bc6645fa3e3b144d7ff04beb2c086fff6b09190f101c5abae2bfb34abf893bceb2f621d29618e7a98f1ff53bc7033cac9f02eb84a5c9e91cff333448e8c4dde6b35327acf8c9675be03dde136ab1d91d02012af5c53b73c3a75c9e4c0e535bcc86a4ac6
+CT = 950931ba46c6c29ffd54f49eec850a5ce88a6b97a8d16ee36ffa2dd7b632250d140f4c2c265e06efed3c2a282d60cfb8158f31
+AAD = 78b8d7d0c2a6f368fc28e274054f65e08fbc1208233f461aa61bae6952952c0e730cb756c7d07d175a8aa58ca97e54a28f0d881e39f3d4c01f5c586f14254ba1bb2c9f829fbad1a4b270bb4f5a18fe0d8764d01bda85c6438d72
+Tag = 8aaa9e6b012f5ca26dd237a1
+FAIL
+
diff --git a/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV128.rsp b/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV128.rsp
new file mode 100644
index 0000000..e5ccc3e
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV128.rsp
@@ -0,0 +1,1016 @@
+# CAVS 14.0
+# GCM Encrypt with keysize 128 test information
+# Generated on Fri Aug 31 11:23:06 2012
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 11754cd72aec309bf52f7687212e8957
+IV = 3c819d9a9bed087615030b65
+PT = 
+AAD = 
+CT = 
+Tag = 250327c674aaf477aef2675748cf6971
+
+Count = 1
+Key = ca47248ac0b6f8372a97ac43508308ed
+IV = ffd2b598feabc9019262d2be
+PT = 
+AAD = 
+CT = 
+Tag = 60d20404af527d248d893ae495707d1a
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = b01e45cc3088aaba9fa43d81d481823f
+IV = 5a2c4a66468713456a4bd5e1
+PT = 
+AAD = 
+CT = 
+Tag = 014280f944f53c681164b2ff
+
+Count = 1
+Key = 6bc071acca8545c4f9e033e328bc1534
+IV = 068757f06776662b59afaf35
+PT = 
+AAD = 
+CT = 
+Tag = 9f44db9be016de5138534d32
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 20b5b6b854e187b058a84d57bc1538b6
+IV = 94c1935afc061cbf254b936f
+PT = 
+AAD = ca418e71dbf810038174eaa3719b3fcb80531c7110ad9192d105eeaafa15b819ac005668752b344ed1b22faf77048baf03dbddb3b47d6b00e95c4f005e0cc9b7627ccafd3f21b3312aa8d91d3fa0893fe5bff7d44ca46f23afe0
+CT = 
+Tag = b37286ebaf4a54e0ffc2a1deafc9f6db
+
+Count = 1
+Key = 7aa53188a9c597126a10d248603ebb62
+IV = aa45ca5dac41a825c45d36bf
+PT = 
+AAD = 417fd5147d56de0c74329597824ec2788a344fb60b403edf0187afa12e72a05009bb70f83ccad11efa487c1965cf84feac067c1ffdbf531fca97c554f875c4a1a1d3ab3c53c8a74ef3ee9415a87e231699c82d764debeda18132
+CT = 
+Tag = 997bf84654bb9616c0cc9b45f82c7673
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = d3da4c1b8a0da47207ee9384ce85d123
+IV = 02e07988f6e899465e64413a
+PT = 
+AAD = 5ac3c5f477a5486ade9619937c0b94b4567a6810f37481f08070cc7f6c6b83887b3f3b67511ecb01e94833648f9afcc7be1d30e75733f158e34611c95fa735678e3e20ddbef118375d25ac8f5abcf14329289ca5b8be04e051e7
+CT = 
+Tag = 0463ea5b69c9029fa48de21a
+
+Count = 1
+Key = bfe5bee51771729a8d947bd26bcfeb30
+IV = d9960803dca431e61bb10a5c
+PT = 
+AAD = 6a958607ed379337eb88689b31b24d2d2981dfd020f8d5c4e264aa79137bda9d393e5b520ccb658d5c77478a87e343cdbc0f4b5561331427758eec6d186016a901b047e0640978e8433313a856d00680f77398faf4300a26a769
+CT = 
+Tag = 84bf81b96e54321df209250a
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = d4a22488f8dd1d5c6c19a7d6ca17964c
+IV = f3d5837f22ac1a0425e0d1d5
+PT = 7b43016a16896497fb457be6d2a54122
+AAD = f1c5d424b83f96c6ad8cb28ca0d20e475e023b5a
+CT = c2bd67eef5e95cac27e3b06e3031d0a8
+Tag = f23eacf9d1cdf8737726c58648826e9c
+
+Count = 1
+Key = e8899345e4d89b76f7695ddf2a24bb3c
+IV = 9dfaeb5d73372ceb06ca7bbe
+PT = c2807e403e9babf645268c92bc9d1de6
+AAD = fed0b45a9a7b07c6da5474907f5890e317e74a42
+CT = 8e44bf07454255aa9e36eb34cdfd0036
+Tag = 2f501e5249aa595a53e1985e90346a22
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 90bf5dc928e91cc2f05f8c55dc1ffbc0
+IV = db658c4362e7d6a03faa8492
+PT = 99eac872b13b623f255bcdc0eeb1c529
+AAD = ee192a6b71e57f3f2b27efc9b1cb385d6c1be0c4
+CT = 93d95389595d76131b8b763e50a5fe79
+Tag = 0c37dd797b78bdecceb9c2a7
+
+Count = 1
+Key = 2c71838088181a6e222bd24da34d812d
+IV = 2fff9e8249fec06b9540653b
+PT = 559af4c059e9f676b2c7374328783d09
+AAD = a8306774375070242d5dae26c8af46a82dea2320
+CT = 3072e185e4b18114c8b7ff2f0c61daf8
+Tag = 128bc57c445789b46d93ee59
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = fe9bb47deb3a61e423c2231841cfd1fb
+IV = 4d328eb776f500a2f7fb47aa
+PT = f1cc3818e421876bb6b8bbd6c9
+AAD = 
+CT = b88c5c1977b35b517b0aeae967
+Tag = 43fd4727fe5cdb4b5b42818dea7ef8c9
+
+Count = 1
+Key = 6703df3701a7f54911ca72e24dca046a
+IV = 12823ab601c350ea4bc2488c
+PT = 793cd125b0b84a043e3ac67717
+AAD = 
+CT = b2051c80014f42f08735a7b0cd
+Tag = 38e6bcd29962e5f2c13626b85a877101
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 60f2c7ebe9d736763e58b4a33411bd1b
+IV = 75528a49a96a2e889d18d2fe
+PT = d64aeb92c924c4621577e0ae7c
+AAD = 
+CT = 441ff603ae77d1d6147aabf179
+Tag = 934b415f82e8b80bc83a9d8a
+
+Count = 1
+Key = 73777be1bb0e5af52c05aaa1244f3ffa
+IV = 43ca61d808da919290b1db88
+PT = 28879adf3396b98615c1e9d993
+AAD = 
+CT = be519fd784b7374e811be76bc4
+Tag = 1904a842b644425ee3d96a55
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = e5b1e7a94e9e1fda0873571eec713429
+IV = 5ddde829a81713346af8e5b7
+PT = 850069e5ed768b5dc9ed7ad485
+AAD = b0ce75da427fba93da6d3455b2b440a877599a6d8d6d2d66ee90b5cf9a33baaa8329a9ffaac290e8e33f2af2548c2a8a181b3d4d9f8fac860cc26b0d26b9cc53bc9f405afa73605ebeb376f2d1d7fcb065bab92f20f295556ade
+CT = c211d9079d5562659db01e17d1
+Tag = 884893fb035d3d7237d47c363de62bb3
+
+Count = 1
+Key = 1b96a8699f84058591f28590a5e63c0e
+IV = d437b28673240ddc63d22d2b
+PT = 802192b9c2d78e1df9ac223598
+AAD = 0f985a66d350c153a4882d0a4fc6e1b8b8450cd0825182358521b1be5fc734338af72a48170fde7512a8a92ac81d12e3a7fdcf7d98933732a9893d92d9435fcaee6033b726d28f73c5f76fd6b93d13bc8904d11cd4a713cd353f
+CT = 8c13cded61d08c1f2db878378e
+Tag = 43ee877c121d4a329e81e51d68a9d845
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 0ef21489e942ae5240e41749346a86a2
+IV = 431ae3f1a702cc34b55b90bf
+PT = 882deb960fd0f8c98c707ade59
+AAD = d6d20f982bdad4b70213bbc5f3921f068e7784c30070ffe5c06f0daa8019b6ed95b95ba294630c21008d749eb71e83e847fb6ca797aaa3035e714cdb13a867ad90b2ebaa652d50a5b6adc84e34afc1985449f45eed08cac3cb34
+CT = ec8fdf5f4afb96ebe0e845dc3b
+Tag = 45d4b03158be4e07953767ee
+
+Count = 1
+Key = 5aede6f412af376fa8f7772b478f8832
+IV = 1fc118659cf45fb2d175fd92
+PT = 3a27c27f50574f46816c518235
+AAD = 3a06bd01e85343e5951c5168dd69a741c736778da474adbc2709fa140b934ada6493b2c649778ae5bdf23507e5f2f55ae15c2906331cd94eba9811439920fc6298d3011a465083a6e96e411393f368cacee553cdeee8770120db
+CT = e9436a5dfff5c79044a68106dc
+Tag = 8e989c4b567fb918928b75ad
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = fedc7155192d00b23cdd98750db9ebba
+IV = a76b74f55c1a1756a08338b1
+PT = 6831435b8857daf1c513b148820d13b5a72cc490bda79a98a6f520d8763c39d1
+AAD = 2ad206c4176e7e552aa08836886816fafa77e759
+CT = 15823805da89a1923bfc1d6f87784d56bad1128b4dffdbdeefbb2fa562c35e68
+Tag = d23dc455ced49887c717e8eabeec2984
+
+Count = 1
+Key = 8bdec458a733c52cd994b7c2a37947d9
+IV = bf8d954df5f1ee51fc3f1890
+PT = 9d5f1c905df900111f2052a60913d8a9d83cd40e43ba88203b05e3dbf0e37fbe
+AAD = ffe26874a54bd38a026c5c729e2852a748457412
+CT = f056cf8ea6c4f353f08d54c27a8ef3324ab927a641563f9f5dc5f02c3b2204b1
+Tag = 2f8b9351426363f09f5d17f634a381a9
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = b4ad9a826ac50d244102f1f8ca9142c2
+IV = d7dd062d0981faf163f5e1e1
+PT = 06dbb7f7e3162f1014d1f63e02fd0240c87d7735229e5e4ca21d26335254ad2f
+AAD = bdbee42acbbc5efc021dbea63f7df5271763a75a
+CT = 3fdb1e150bcfaefdf74a30713d0842eadeab1e80149313fcc5ffda703c1ed4cf
+Tag = 5b1cf40cd64ea5a49893f7ff
+
+Count = 1
+Key = 53fc4bb58a5be78e3f4e13542b9fc757
+IV = 6a3a5ab3c572ee0ba1891971
+PT = caf1792e54e89a103c2504ad99340ac945a5e9166a959751e7663bcab590633d
+AAD = bac7adf6b4e8271aa7f870b06b1b46443ec01df0
+CT = 522ab5f721045cbc65a6523f766aee97090bf7020ca3c269e79353ea15b04732
+Tag = 62a00bc0b2ef3a17884a44af
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 594157ec4693202b030f33798b07176d
+IV = 49b12054082660803a1df3df
+PT = 3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c
+AAD = 
+CT = c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69
+Tag = ba92d3661ce8b04687e8788d55417dc2
+
+Count = 1
+Key = 7e6a5b6d296ac7a7494b72c93bad15ce
+IV = 5225c255bc82949a1cdb86c8
+PT = 8bd452633f9dae0639fe0e67e36401adf65b3edf6799ff9eec80d85c13c85e0ee09491d4f5acaf8ae920281801a2f5d12c9370
+AAD = 
+CT = 2348f512a3a8501be9eaa41d8a127fcd8f0368d5053981a5626f85405363d218af7ba52a2bdb87a1ff07329f21792f4c64fc39
+Tag = 8753cee020ac668e9e1a37f63231543e
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 9aa701eaf1146ae9a8aa14f36294e8e0
+IV = fd78280e023ff4cdcaab5e67
+PT = 806f21e96bcd6c8ec1b7f688978c0ffd24492cd38eb62361fd73eeffbee4d9f9d7ad32d408ffc6706647bc723c620c83020f06
+AAD = 
+CT = 010428fc5b03162f7e001fd2f4f2d1a8ab13ce97063c82cfe62e7cd5b26551b03a55358857159959ab021e7015f370b6fc1f16
+Tag = 87b981bdd2c37fcc6ff734a9
+
+Count = 1
+Key = cd02e8d9a48ff796b463ab3e770d2b25
+IV = 53704bfc548f3615141d7320
+PT = 90ba42f27c1aa89b07fc59788e13ab813c9d85c9232c1c68b486b9862db8111c2517e546218a259497866722ee818ce813ca6e
+AAD = 
+CT = fd956ba6be92cad86a7cddc5f9633a50baf53a53f6674e578dc36a8dc5bcbf2e32e28f7aa83b4f9a59b1dea60ad8796b37f460
+Tag = 77c940abfd23724fa816015b
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 2c1f21cf0f6fb3661943155c3e3d8492
+IV = 23cb5ff362e22426984d1907
+PT = 42f758836986954db44bf37c6ef5e4ac0adaf38f27252a1b82d02ea949c8a1a2dbc0d68b5615ba7c1220ff6510e259f06655d8
+AAD = 5d3624879d35e46849953e45a32a624d6a6c536ed9857c613b572b0333e701557a713e3f010ecdf9a6bd6c9e3e44b065208645aff4aabee611b391528514170084ccf587177f4488f33cfb5e979e42b6e1cfc0a60238982a7aec
+CT = 81824f0e0d523db30d3da369fdc0d60894c7a0a20646dd015073ad2732bd989b14a222b6ad57af43e1895df9dca2a5344a62cc
+Tag = 57a3ee28136e94c74838997ae9823f3a
+
+Count = 1
+Key = d9f7d2411091f947b4d6f1e2d1f0fb2e
+IV = e1934f5db57cc983e6b180e7
+PT = 73ed042327f70fe9c572a61545eda8b2a0c6e1d6c291ef19248e973aee6c312012f490c2c6f6166f4a59431e182663fcaea05a
+AAD = 0a8a18a7150e940c3d87b38e73baee9a5c049ee21795663e264b694a949822b639092d0e67015e86363583fcf0ca645af9f43375f05fdb4ce84f411dcbca73c2220dea03a20115d2e51398344b16bee1ed7c499b353d6c597af8
+CT = aaadbd5c92e9151ce3db7210b8714126b73e43436d242677afa50384f2149b831f1d573c7891c2a91fbc48db29967ec9542b23
+Tag = 21b51ca862cb637cdd03b99a0f93b134
+
+[Keylen = 128]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = ba607083a97b28d010e125bf11fd8222
+IV = a0613a75204fb40e36857f06
+PT = 27d87b349fa6c97c2658bb9f6ede0c6a5daa04f792546a27b25db925dae3cbb063fd937bad99c4d3ac36f44b5719019b9001b7
+AAD = 978420ddb8a95a2327e8af9243663f76e1f71badcd0b08a4bc6d05d2cb8c3c5aac500cc058dc134d58d2e2c979d769c43c092fadbb0a04291bf73f5507cfd7c981d821c57fdd208e9eacdacf85a63a04cf32446f899d18257df4
+CT = b31b1dee3aaf30d835ed50c10a64226f3cf97cdb4e4be4424fdb4455dd0684842558bc05cdfe8b9ba1ea2862014741605f0f1f
+Tag = a71bb977f4ff23034dbf7a62
+
+Count = 1
+Key = 8e2185b535c7290d176f942d75880695
+IV = db10a0a2d0bd6ec4f16ea4fd
+PT = 9e768023dbe0c02633aac2f4cc5d9126a717bb89d9679d0b6e108fc3e2efe8a5f6fe9227e9c879e8e9ff56f3c5fa3618de9be9
+AAD = 4b3e0cfd3064aca2d16d722abdab83bdb3538300af0a25bca6f8969ac2f30163938948d2c0ea47142c88ef1ed4fe6a459837c1d0f059c7c59e3ddeb8fa34709ee97ef24712297daa84c9e13f9af631cee5943831c3453c8a2dc9
+CT = 65ea620ba97f92d05cfed7ea3adc38f8c0205afcf6734045237c3ff0f915cbe8be325e07f0839d5e929a54b7ff2d66aa418d97
+Tag = 17653f1431298150cc3dc26a
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 3a087944c5803b9153c6646aa9a8a8c8
+IV = c3
+PT = 
+AAD = 55fe72708217df916429f1412c65e1f7b0613c10
+CT = 
+Tag = de5397caefb946bae7371ef46e7409d6
+
+Count = 1
+Key = 1f78771bd4b1dbc28f4f58ac9029e895
+IV = 3e
+PT = 
+AAD = 088d63f29fd4796714d43b720b35ad5b98a6f8f7
+CT = 
+Tag = dd3f1a398af192f6a614ea01880103dc
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 1e6d615b0ec87aa56ebadee379f1f91d
+IV = 9a
+PT = 
+AAD = e461e797e255a51cf95dd8590aed9750cddf2bc0
+CT = 
+Tag = c97be0d79341ef6588961def
+
+Count = 1
+Key = 364c60fe22affbc7bf300eb28c2cea3f
+IV = 6d
+PT = 
+AAD = 1ad485e28ae31ef5eb7c28abac7224dcf4499787
+CT = 
+Tag = 2e74623478a42efa95d504ef
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 15b2d414826453f9e1c7dd0b69d8d1eb
+IV = b6
+PT = 8cfa255530c6fbc19d51bd4aeb39c91b
+AAD = 
+CT = 4822cb98bd5f5d921ee19285c9032375
+Tag = 8a40670ebac98cf4e9cc1bf8f803167d
+
+Count = 1
+Key = 681587d2e2760cc7d3f1a1043a8ba2f2
+IV = 1d
+PT = 9e04a8f52e8d5c41c890a9cdaf7ec304
+AAD = 
+CT = 59b4e8151db527408d0c8494e86738ea
+Tag = 17295fcdc04abc7b68a6f2bf3a8d92f1
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 09664b34329537736de91b5038cb3494
+IV = 82
+PT = 5cdb11d15b927c59b9ee09bde8a08187
+AAD = 
+CT = ca7dda0ccb04c810833c5223e8596603
+Tag = fd35a123e31985065a49f256
+
+Count = 1
+Key = 79d93a6c7055d1c07c342ceae57a980b
+IV = 2a
+PT = eb7f45604e045b5fec5ac95f2b7c1bf3
+AAD = 
+CT = 784864b425c3eda0d816ab905238b77f
+Tag = 324eb3b291fcd29e54c06c9c
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = fa8c946ca8194795f4c41675f8711a6f
+IV = d8
+PT = 204fdb9e281a7032bf059ef8fb0a812c
+AAD = 01a35f9018178feb6979d68c8b156a9df8b66bb9f8e2ae1a3d8bedbcecbda35f28b46a05c1de802d4f8516494af23af710bc41d916d527d019a0ab72b542e12d7ae1636a70d3ca0f98f78c1acd490a6fb51d1ceb0c9c7210b687
+CT = c5cbab590a3bf2109609c5bb82271ef5
+Tag = fa40b8a8e5752498c63a4a59fd491c08
+
+Count = 1
+Key = 43675d215370c3f2c5da0aa58a41a92c
+IV = 31
+PT = 24c25202dfe9c4650d2ea34f789d975a
+AAD = 3aa2d547bb035bb412a493008853d4969c905f052dc0eea9a722936d5d37b5aa6378db0b77829e131b3546fee253eb36c22ae97e65f541f8a94d2decb1cf1a587a1b23beee95bcdf5617ce8712f4bf820a7bf1372f80f1987dd9
+CT = 1f4723cad96d3ffc09bd209e2bc54cd5
+Tag = 09856700b811f31bb9b3f65177d3e9bb
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = bc365f9fc37cf63e3675b3ed3d1d5fc4
+IV = a6
+PT = 40c0cd7b5ae0ce1b6bba336c95870075
+AAD = 57df4a58c3f626950148634e6e11e298615df621052aff83e0b4591d5205d0beeebbfb25ed297e6544036dace11429b1a7eaec6d6142922162f969fc2c7725b564d87c427e138fa8776dc4e1ff26ab0a90c04aa2fe7e6a133784
+CT = b70dba50eba7e400c68a7f78d07208e4
+Tag = 97093a1ee915b6764db72de7
+
+Count = 1
+Key = ae009a6de56ecdcede5f473e4ea8930d
+IV = 17
+PT = d1308a6109a1a2b33d9a6832c60ec5ed
+AAD = 2ebc327df0c552b73992aa392e9c848a10da1b60487e06fd00834baa4e91c1ae8f144ecdcb31d85239ac0ea2bdfa4f8364b926e70404ff079688ed1e7bace25f4761d84e31765321a190f7a71ca66c3d3b6dc4939ea103199ed3
+CT = 4aeef2c2b9c0bd3bf05c32a8415550fc
+Tag = 66b702fb4019f4a2a67db354
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = a5a10d0f6d323ca2b39596036afcdf7d
+IV = 52
+PT = f85be0138fb4c19717633a5f37
+AAD = 1b5f6c949cc5be523ae4732d12bb189ffaeadd91
+CT = 4ed45067f32cc97836908c6925
+Tag = 80359250836667494cd27631de910bfa
+
+Count = 1
+Key = af9778662beb8d2e0e24353f874c6701
+IV = d6
+PT = 1b09e2e181e856a1614eb30c85
+AAD = e6974ff9fb6ffae4ddb9d2e2431931f227b3980a
+CT = 765ba42925df6463ead7f0b8bf
+Tag = ab192e9d7ce36dd10979f367840f7b1e
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 857796ea4e589a9d3997ac369e0ccf77
+IV = 02
+PT = f7c2847119291b513ea4ad02d7
+AAD = 2649e6a7a7c0e34ab3e255f44ffd422af9e97ae7
+CT = 2fe17d995b0a1e151421cbe585
+Tag = df685996f0cf4ae8c57ecadc
+
+Count = 1
+Key = e1a2c198812132a881afe9084a34429e
+IV = a6
+PT = 181f2dd4511caf61389e89f0e9
+AAD = 21b0a3688ad96c636f7b1f0f016b7dbed87610b5
+CT = 116081788ad021d1ab87959944
+Tag = 49f2fce7163e7babd64eefa7
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 0d2d48af1de12eae099ad1de2351a603
+IV = 60
+PT = 7980e625031e4d769d4ae90727e65f58945fb72f04013cf1556ebf4b5123f523
+AAD = 
+CT = d45d35a8e3497c0aaa3ffcf361ec000c81b4dcc26ad2b0b16a176150abf4ca7f
+Tag = dda4b1d6d28b7c7d9c231710d77a27f9
+
+Count = 1
+Key = f74c65d66bd2b691b68065bcbc7a9b1e
+IV = b8
+PT = 7a7c0b416e4aab2ec0aa317994147960fdad68428d760c3fa1fb4b7d0cbab2d1
+AAD = 
+CT = 7f1895b667ec2f5ccbf8b8a67eb077e09b5f0325918da2246db9fbc067308bb2
+Tag = 6d1e52fba568ba416d694ff048be911e
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 3b1f852e6bfc788f32cbfd2859eebaf0
+IV = 57
+PT = d05f033b263ff2f797e5cd571f4341404f8c8700ea1ed77eb5d161c3222c4598
+AAD = 
+CT = a5053bc560ced2b677dc7f82e0c1cce3c7da3155b9ab6d9527856c0ce73353ef
+Tag = 17e6ede2c7a292b7d7d0c10e
+
+Count = 1
+Key = bea7c099f37a98b3df12162c4e38d9f4
+IV = 51
+PT = 91ed5aed5397a4d1b471db8331a3d7e7849b0aba593013c5ba8a57bf6e98205d
+AAD = 
+CT = a40419306306d3593f923625412cf5d3bf3abc49547e3f837b3ea74ebc23f75e
+Tag = dd6858c01aefea78f5868c8a
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = bce96a9991e1d9b4b9899063453a7877
+IV = d9
+PT = d7b3207aecb89ff38d84c023ace05ea5320e754f585b8cc56acd06b55a0f6fba
+AAD = 7690deec4091150ec040dbc1896e142f799f4a498c103c259d9b859c126af8db145dc5597bb528f03d8537a33eb9dd74a6f1fdb33cf4ff165552290a1f4c1f3272fe66d083bc7d5829fb7237a16dc3957180d88e75775d0f684b
+CT = 78629b55e76195c08a84f78485a04f27e957892ff31625b18f9baf57b6de0837
+Tag = d37805d9a9ed62f18efd7432e3d35fc6
+
+Count = 1
+Key = ac518a3541994768130fa8d83b0a961d
+IV = 2f
+PT = d86e36201581c23e1c270b7a30778a8aeb0e30370fc0e74efe129473e05b2a40
+AAD = b314f36c3f18ca53277790202615268a3c6639be60990ad8c1789508d80b0fd830f36d9c5f449c9ab24da526b1ee51359f871d47aa10338cf62890621671bdfd4ccaa4c69d134cde5b53ec9c7d036a5e06d44981ae807bb4d13a
+CT = bf6d9a617edff397210d5dc53654c9b4d6b5713c0a21a424b1f01c4b69cf24fd
+Tag = af802322b7cf41c805ca85f44dfe148c
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = a7bee2097d1d34b49386eeb8fae11278
+IV = f8
+PT = c1ff3b192e29eba2f84c137974859c7871f9e3d45e3b00f2e031fb51e8225e4e
+AAD = 6d1fa332ae15a3b63ab65b85fe5079dbdfd349d14453fd2978ffd552c5c7b40dd188dd103d60e1634025ddc420142f63f100a4b8d1bbbf884f417c9e7f71d70a75d654dd1aea1be4aa4f8ff9a13fd2a17de908ee5eb0e4b98bda
+CT = b82f93685e07319b02c90c04c5566c577805d73d4863a913caeb64ce6060849d
+Tag = eb4889a503017c1e4f78229c
+
+Count = 1
+Key = df9777614661141c5519c0ad76f179d9
+IV = 26
+PT = b10455cb31cc0b8bb1eec18a212110e50786ac931d57f72826c004d383c7aaa9
+AAD = f378fc7dfd37ff1646081ba4f04ee37bee206b37963ef5b92977625db4a9ae4e650eaf41c16cf070c3aeb354290bd6d1eae2356f20854a804d399b4c059d5ed8c4e14e310d320d20848cc1bb2c41e320355aa6554e0f79615fab
+CT = 829bc684090f5bd087a6b91bb3cd146fec217dbe8921ed0dd35bfb3e8650bf28
+Tag = 213629774dba79b7367781ae
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = f51cc8fac3fd1f633f40a0e1257065ef
+IV = 04
+PT = 5324b6cd24d40977f0db1ce4f66bb9353d57cb231b61e2c6cfea55d7a15717bf407c09511df414656aa7d5c014bf6dce5d1d6f
+AAD = 6289b938982b5273190ee6efdbd139f63d3d302a
+CT = 727a9e9cb895a37b6f50e0715fec00c4df0d509d97c2dabb1271324e882678facbddbf06ca14015b2a44be110daa9ed96b7651
+Tag = 3b9c859dc422f6338ad6c402b88793c1
+
+Count = 1
+Key = 7efa93fbe39969d5189b3688af64fe7c
+IV = 04
+PT = b3ff41c6a3d69a150054d1aab1fcb01c1f69fdc9b4cd756e103b3a4724296dd9402dbd382b0efb77d86028f33a39ff0178f16e
+AAD = 58d17f5985b680cec4cc0e86440f922d2544f577
+CT = 0c4e9daa242cfca43b46921a58abbf90798ed4211a3a6f540659399423fc06e47274d81dda294d7d6a4b71d12349fd2090ad2e
+Tag = 02cb2c35da2e837816474e88d197093d
+
+[Keylen = 128]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 7a393c4e7ebb0323457c829640f76dc7
+IV = ac
+PT = e215439f824cbe1274618bf54ba24fd99cfe652758620216c3331068a585750e2373a349610a1a6d038bcdff5d1584b1daf251
+AAD = 6fbc9f61f0cfaf5807ded36f185f7a6e6bc9a587
+CT = e8089296c6a697070370fecae4e2286009c12cda24abcbf02b1fc2a79c5bbad84af30bbdd1415f0f82c2f471acd3858ebbafed
+Tag = 42bdbaba272e19ce612e373f
+
+Count = 1
+Key = 7741a37346e46ae797710c8ead30008d
+IV = 49
+PT = 4ab973799c4f3cac7d5c4554d4fe7e3f169717d2651249328a021df258229934373044bb79b3c0ac1fb36753ad38ae76e42b5f
+AAD = 90afe1db67a4da0822a9c88877eaf14e7c020ef2
+CT = 0c2e360d855f8f1a9b5a31a6e06bad90aa70f7e51363290f4eadf7c60a0ce97be4adf2712a219dc596670987c01b88db58abbd
+Tag = 49371d01ea39042257391bc6
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = d0f1f4defa1e8c08b4b26d576392027c
+IV = 42b4f01eb9f5a1ea5b1eb73b0fb0baed54f387ecaa0393c7d7dffc6af50146ecc021abf7eb9038d4303d91f8d741a11743166c0860208bcc02c6258fd9511a2fa626f96d60b72fcff773af4e88e7a923506e4916ecbd814651e9f445adef4ad6a6b6c7290cc13b956130eef5b837c939fcac0cbbcc9656cd75b13823ee5acdac
+PT = 
+AAD = 
+CT = 
+Tag = 7ab49b57ddf5f62c427950111c5c4f0d
+
+Count = 1
+Key = 81d898349f3571891f10ff6f89497283
+IV = 33fbf5041554a778ed9f1a35d6d1049e3ca4c81c6adf0a4c22a8ccd3c4147f8b7314f05df65721f497a0bea27bbf28ec2a282e23642f7088bc7cb42fa4a4221412439801cbf54a93259e03fb85a3f1ffcd7030e33b383ea9e7b20ac6edd36cc22fd3f2f3db315e0ee7a444e332138aa4bb960d9080a7a89067ea155c8c609948
+PT = 
+AAD = 
+CT = 
+Tag = 2b1f4f4c75ea66914754f4a129b6edf1
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 4df2b84fbaac9a696398bd00fb4e0ef4
+IV = 06781fdab6e66d0b995be011e86c06f618ee3fe401a483645079bc483f435ef5e63b369ccb75a0179b4f497105e0129e5eb67fb8510771c758bebbe00018a18421ba9878083529cfae8d54913ce0029c33655021c5b4f04399a050dbd5997847cffe9b3cfde040fc0a19f50243b4b0e69d86579adb3dd3d5381b6a72f9e6404a
+PT = 
+AAD = 
+CT = 
+Tag = 86cdf6c393312e5e0becac9e
+
+Count = 1
+Key = 96e225d81e3ed5a69f1b9350002e2b03
+IV = a33828273c5ab2886c801ea0fd5e63c2c9b77fab541e00c6bb11e67ed5a4baeb227d49da9174906aa238ef3cebeb362ce55dfda5aa513ea1497b2a7da083b349d4809d5704241e0d48efbcdb488e9bac672977dd9336432fe3bcdd0433e2ae23417769391b847dabef7eca1f3f2a353e3e639602c93427a095e1943ccbc64220
+PT = 
+AAD = 
+CT = 
+Tag = c92cc1443006852d719af7c7
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 67debc1559c528df51728174d31798a5
+IV = 34777c1e5b8f9041069efea4654b59019669c5de0eab8944dbaa0cf3dec64348cd5c98c17dd93ba51b495c0fc0776b0ff37cbbe667bddde5b241158c113b6311eafe9314e33acdc7ba9014e1ce2aa99af75593e2dfdf00513e1cec83341fd27c437723d52fa191caf526fa926cf95ecdc0a26691744a5ea97e06d276f6ad8bf2
+PT = 
+AAD = 8d34d688111eb7e13f3b03ef1fb81b9441a7f6622a004e13965366c951a0152ab62c394504b2f3889c745d7676f8641f490f6c15445ef0f9b9ca7479da9ae9d35c581936fa400d28f828f1f08eb8187a5ef16734885a4a4d42e7
+CT = 
+Tag = 3c125dad456ab0a5830fba027690c68b
+
+Count = 1
+Key = 72a8998427aeef22855631bad2f4ef35
+IV = 6eb5effb95b901369e9813f78d00b0e84e6dca7082c93e59ce0a3aaa0250c5690eba3be464b06eea105f031f4de607eeb236a562c6b92ba2d9b70faad30e5d9b9d623fe48040d26805560915fe3d3742341e5504da195f5d73f57f0c5f5f035c1236050b5baef6bb391ec332be526069fc9d9339e09942eda2b90f1a4a0c153c
+PT = 
+AAD = e74208fe7b5f3a58e8928583ee00a59b57f9cc0dc47dcfe30133611f870d0e5ad6b43684b85be855051d11d74bfa79f8f0e71e40e310bf590d85abe62d8f71d8a55d6cb0630cd820ea8049c03931dcedfcb170694e87256808e9
+CT = 
+Tag = 84bf1eabae6b99f3216c97aa82f80504
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 3598d89be149e6f48a5449fd3ad9a1c7
+IV = 945fb7f9f2a97a1c0ccffab420f3da62eeb38fa97519d5fed3374ec0f7d39a986fec8ecd48e4f7d2a91951ec265d7a149b56e83e9381e61d9354a073d651a142279ae67a74b6b0b6c86c3703704db9b3ea8d15bfe05fa1323391918fdd6ce7caa616696620666054cf71ef78f6927616072a485718d27cfb5c3ca297ec02ee75
+PT = 
+AAD = 37cd1b81b2e953364b6c7535e612bdc02ddbe7ebf94d68e1f29373655e9bffa6fd7e967947b49e606c3bad4b7d3e838f81a42216c8ee7b938000d190bd1a398af41038ed70204c19e1e41c4fc4562622e3d0da866503cb57918a
+CT = 
+Tag = 034c20acb4ed77a299938a1b
+
+Count = 1
+Key = 8b263a7a94b0a7e86791d7bc03e6e52c
+IV = 33d71715a0f9b238da30b312b66ecf688fa08b306b1e7b98d47b43de24c186e2234498c21d60c520e491bb0c06f868ea1d352ba33795fd283a31721f3ca8006738dfb6cb95908664b08afab336354248a9fa58f4b19b0c3b78557f895cc6e7a2b295fc9b72572137c9f12c8b15260043f8f2381bb1c55e59765228097f194a47
+PT = 
+AAD = 27078f44bd46a606e433d9ece7f08b4282fe3ecbf86589cbbfd85328d36682d3efe1f886897d5813fe7e45d42b2f6c6e02195b185da3c34ac38ee750d5c4b25122c7bc5d2f56a95ae9a21d897a27ce27c605802af80c1f6fb79a
+CT = 
+Tag = 038cc9cd7f99f595abc328ee
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = f43378edf8b810602b753d647a40ccea
+IV = ab59967fc21429d7f4fa5dbc1ade96e7d3ea347c87f15b604b395ea78feb1872ba245c591e270d93d3d806e29eb9ed723399f5b382e96ac0f2c53fa64663eb2701fc39fd4433eed05fc3f55fabd30ca4161b296913ecb32fdac9272a20206c846fed470173ae1b2d45b9c4fc76b0ff1a5d35ae1906ae65963f66c2d3f9f1a771
+PT = 8d15a1eacb0790c032ff7adcffc77046
+AAD = a6984e7895dce7746d79c97aab83aa6de7b2efaa
+CT = f7c16036cf00fb3016561c5e01391446
+Tag = 66f0e9f65356cc789cc32919b168dff1
+
+Count = 1
+Key = e9bcb3fb2f7560cc6459b1b3e799354d
+IV = 9823edaf9f9a7bdea8b14f33303fe4536ab0d13be44f03d4c93209bf5a84dc53c119114c6b975ab8ea383c5932049570b3cc6ea3699c0afe951110d112fe5a78d05cf9de9aa28b7c887b388343a3f3bd2a20dcd18156769b82b9ad384c0c4c1b28bf9a60e7cd8a1f3e9c1181367e81908568a0c5b6d5787dd2990c1bbac4c4d9
+PT = e2607e6b8e40a9205f64ee9a64c13ba9
+AAD = f8793a271a3ce73865fbc9fe6d3dfb2d1e700cd7
+CT = 2ec146750592ad852c72a7333ade44af
+Tag = eaa35f90e107240ef3c746f53fa0038b
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = d41e1817fe18a1fd948280689a9a51aa
+IV = d349484c264f53326c560ab8aaab8966b7a711c80f95186f5838fedb7522f41c02c7808f2160fb3a31d6f7a1f14c1ca4dabc001f1a694f8ca1fcfa02262fcb76a8669fd57c3d9a61b344d1a03905395cc45cb368f4f76e87a92d2aeefd2671e3fd2215435152de5ccc23016c3213d500b3bfa8ff6c10890afaacfa02cb08e761
+PT = 84632e8c1910c7a869da609b53802137
+AAD = 5838374694f279458e45b8cdda527719f500e4ca
+CT = e8113f17ef8090c8e3d239cb18021df4
+Tag = 3df00b2774a4b7d0c338404b
+
+Count = 1
+Key = 30f45a09ff11908bc6ba0fa3fb06f530
+IV = 8d0623a4fdbcae68a2a5d140a5486945660222c6850bde2ef5644379cee190f6cf8c2c62fd7b3aaa0ac3ada5a94311fdcebe749eefb4d45ae718c39b7dae47f5e3c898ae19124501de587e6bd9542422d27d4a52f95f0ed0412d7ced32f3b8723ff03eb716fecd89e083652df095ed97dd21a19b81db4ad64b539f2cd6feea95
+PT = 138eb24c51143fb8db406d9e7fd39069
+AAD = cd57e709e9b24e4a9072d2f3d6b9a3d6d6cb9343
+CT = 2f22a2e1d880c40f00cd2ca280cb83ad
+Tag = 0e190a4e515964d0b94dc87a
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 7cc48990da9aa2afae8db0508c197701
+IV = 871144e7fa1e3b33544822707c86c9aa286ecbc588c1e6cb40ef4545ce524602c1c6242638e945cd5ea7e3ec68ed3949eeb7e230b0865f1e914410a9a31b855b51fdce9c43acf713089e2b441a980f6fd79a61cec3a23f01161c2dc78b3e536a798b3df75af37a68ea364a60793f4153dc54d7c3dddc83b5afa8621ce44ef9d8
+PT = 99284284bc26f2eb69d4815e58
+AAD = 
+CT = d44966f882183f954c756d90b0
+Tag = 832e618200ab496b35d5dbdc301e7eab
+
+Count = 1
+Key = a5f50ed6a1d7a45b1d6a58b53b725156
+IV = 725a6b2b5f2977f234beea242c53042eed7bfb97b58ba8b9a0e950a8fb6a1d58396090d4ff7cde0f71d902f25c812c3dfa2a25fdb7062cef2c66a090ec10517f7ff3bb2f47f2e32e07847cb70d0145f3c3cf25ea4afcdd54a54ea30752415b2182cd0f1f51d963a7f7ec1238dcc52f77bb7eba221fde93dab873a67132ac67fb
+PT = 5ff0c6d4fea494f9d59395d3f1
+AAD = 
+CT = 8d7e976bf7e1832b993879c50b
+Tag = dc1be5529513c62af82eca5fdaf8aae8
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = d3b2aaf7f9578208a9632a1ab3a91432
+IV = 96e1fd58e40b4c693a79e2d5dbba94797d1b7526f18213e87571796fb517f4fe4dc7e8f414c3ac04efb64660f338ca848493c5a50fe95a9cbd193d35416534ffe456193e7fbb33fba124a13ce1054f4e8b3b6625b7c84ba987b510a3750d08403b615097c671aedc836beaf9635af43fca064e30e1ea6419d99f90d17ba38c6d
+PT = c98d71abbd8e446e74ceb70d21
+AAD = 
+CT = 8961bce20b103520120dafda53
+Tag = 2e505da4c84892ba10562e44
+
+Count = 1
+Key = 4cf973d6a9b51b60ae79116cc9b8aae5
+IV = 8b43c8d30a42d5ad4cc094bdb218f4a614d179c5ff4dd713215f05c8b5ce57752bbe9e3fb6884ea30d39e3aca941cc42327516cf285f6f2e03dbf2d1813c7e67e79ca5bf81856e9b0dab05c75c1629560b78620281e0e4c9958b03ba74086193256fc4fc8d89566207ce3132c400323b27d3e3291050c3ca9bc3f13842e803bd
+PT = fc6208970ba0f2076ac0cc5367
+AAD = 
+CT = 4b338c27eae84f1fac666d59df
+Tag = 0069a28ea11c35c4614ab4a7
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 059b008bdc461943e486bd1800dd6eaf
+IV = ddde5e8bd48974bba74290fd8be30be0d7071d37f344fb9dbe7542dbcf1d44eec6a0c25674bff71e8307bf10a3b54f4acaf4e90d6e8a227506db53c6af77a4d9821bd55ca048c837a746fdfabfba1962bb95cb4f2b9e652e6ab06efc583cf9427ce61109e54c1bb2ea461837915cad3bee909e9cf2625c3d593feea8acf6be72
+PT = 4f9c13d39131a6c50092afe30b
+AAD = 191cb9c9509272ba0cc3613a9ee60b907ecbacc23c9a461e2aa1b460912930fcce6df11b658bd512b1586041f4f6fe0c9bed6270b4ecb510b72783678b7e81fadc006d442c6dfcb867b5c7281323e65e06b581d7027a1bc57b99
+CT = 5b2e0e36b812c9a8149d47bade
+Tag = 5834c34d07d7da7cb24e6f55e209de1d
+
+Count = 1
+Key = 3d5d729b45483d6a510dc8138f790161
+IV = 523212330f91b637686f6937b67bdb23d7f4c8af61c99d2a8a71398cf4c8049ae8883d73bb8c5041f9625e9e2c816285f2659621a1c695c2f1ec14ea2836ea657c7f96374513290a03dbb3e95683a7b1c9f30c3d175034a52a670a073909f923691627a7b449e89de51160d451ad4878e941d47a40f43378691ecf6ab98363cc
+PT = fa2ad1895f2a29d0abfcc41349
+AAD = 2e839c5e7be918d50c13b0714821cb00126723e19ab121aef592951c4de6136c10d20fd2336229a673b338e88b1fdd2dccfb92d1ba806137ad2202e4fb04a874524b71b95aa8dd7378bd92926b71186ce3c9f06903cb30a422c0
+CT = 94d4865440660400fad2e42658
+Tag = 424e2f311abe4f0745823509c1f245aa
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = aa56ecfa49a22d9ef0644c03378a93c1
+IV = 32e1811c8aa4bda36589eed3a6851c6a6948c31f2c4472857caebeba6907256bfac5555b4723683452428e9d5734e8baaf45273760b37908deb7b1aaf5401f75b4e24328ac56a018ebc575bf42402e6d6b8c281cafa485f4be68514c9ec6ed17c684bc22c7a12fd74ae87aa332870771ab6c5944b1131b40608487c5877cfce6
+PT = b7787fc32d97d70c6eed0cf35a
+AAD = fd07c12e57d34a062ffb0b30aed05b0ae7d82fb912796a4dd110b4767047663740eefba4c78456c072626206470202d2b1ed7c3f2e9c9fe8482c2e92c7aeaa85279156b2aa6dcbcb636c27eec79e34dcea65e5604978f33d4391
+CT = fe9a359709194e942b6004ce1b
+Tag = ecc851adde2dabe858dd7ce4
+
+Count = 1
+Key = cd9e83838940275fcf5fb2fb72069a6e
+IV = a807f34841cb4bbc17bf8e3539327b376f5cb7a5cd231079583ef24709fd03ec1f4aab3fe3b0c6b35ddb8782c2b3b99f3cf0a5a84ded74d38558b7e1ad5aec3e42a2ef06edfa5d1dad0aae54bab4ee5eaa29c580bde8db913b5387aa2c4e1cde6b3e579a67fa1fe15c848c0290d5c1319d37b1c27399de478be2881fe7afd9a5
+PT = d43f7f3cf8deca46d7fdfe26e7
+AAD = 50d26b4ee6a495b8a9e50dbca6ff60aca0d8dbe83bf2325f37c809f63057a57f471751d8540ede64684e5c0b8454fa6a2baad917e851a6743b8fcbc8a0b3763d6a98e81df94cafc94e964b16df89d9b23be559c6e1c374065d54
+CT = 62819817013e1aa0feb4f7a1b9
+Tag = efe6b2aedbbef2e5888a13ed
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 709aa4857ed67b465981770fe053d968
+IV = 08fd6a21f9f5815ba5d2785c27bfad3f6d697aa8d1d7557c5b590c9373ee43e05a4c9ffafaab7d3b91e95e01b17e04a013e5fb5a629c1864d4a680a34f7a6452e24a597ad06c4a374e192b756d1ecd9ab1a2ca24068258bedb01fd6e0a02050ac9f1f18f829bab91c9612e2fd9fe6f7c5ecfd0198c145d291906328b7743ce43
+PT = 1bbf8f33801d83d3de1c1c358c83987033342078b62c332a34e71d2970bdc7dc
+AAD = 36fe569aae9b339440ec8ea8c846dd22d47037f7
+CT = eae0a6f3f717ffb7a8f4f647c7b129feebdc047a29428492b43bc3092d0c51c9
+Tag = 0354c2903d4a3a0bc08b597a46dabb94
+
+Count = 1
+Key = aa198d0e6d5d9cee230095d83a80f83a
+IV = f630ddca297a961cae2f478b8735a1eb2d91f52dc74c7ca08a39c8e1430aaac518cf03ecb35de5100b599297380e8a9cbb99c2774c9ed8c2f607ab05db4aea81363facad340171dfdb52c106528cd8fd38d771dff07339b19c63e8310d393b9da3364ed02d68218cbb5af78e732423e9486bd32bff16ecce2ca3eafe63f6933a
+PT = f8b7af366937ad04134e00990c42eac88010d8d4204991d0a41fa11f890365de
+AAD = ce842d66f1d04de0bfe093c330a5939d2db96288
+CT = 322d65fbf574ae04019109171d545d833bda13ec51fbc19bb565cc7cbde1c06f
+Tag = d5cd64cfe9a6d2bb9118a78774a35535
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 8abd543675438a0fc7114ab81e5e96d7
+IV = 453904127e2ce4ccd3551f07362f7f2567045cb4468387942efc524680714faa09b77c23807d7eb9a37d886a1b70be8072ade83a51ed101f2739cfe77f5b5c8735582b109c4a9b0ff848f3296152d705a42e19790048af10e6dd0ec2aea81e065f36d9a67b1524eee4706bef2933a776166062d08d27c33cd1256f0a3dc1e6fc
+PT = b36a57460592ab94b89514fcb675978cf343c75c242cf1c0971072cccb1d9062
+AAD = 974fddc8c013c089e6bea6ca390a18a9565532f1
+CT = 4160795a1404e4dc4f99e092775d76a0afe9a8844ddb3c111ad3ed06dffb14b4
+Tag = 6379aa2f15187ac6a87e7e2c
+
+Count = 1
+Key = d95e15ab77accaf65382383f662f5eb1
+IV = 556f87a90666c913b509fb3c3492f505cd2095f6c7a28f2b459702ad9d969cb58b4e4871c69024f29156f70ea59df193b9405cac77ce81820f9e72714fc7cd3079ab06299c28ca0dfa92e42e5b9b5f164bcfe43900194d46406e9bb7d10026e3d7694ffeba8c548429d442303185c8c90583b5a43480c8b6f1fe6e53e280299a
+PT = 1d0fec20154fabb952cc4ab280777c61103b695d2a12e7ec59a1f99dd8a8a7a5
+AAD = 797d8c8923ed24be66bc7ccb0d159c642554d3a1
+CT = c1e64d16734b94f344f88700fb243c3d420cd1e3e41b818fdcbfd7f451fafd37
+Tag = 2935f85e7074cd90bcd52442
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 705f69e89bcaba68c4c26a9f7bf6944c
+IV = 15b3bea26780db690eb2f78354207209c6c6f70a1d18cb5ed654a81a6da3300d653cfb54b5ce8c324f5e78474d80de9380ca77a8037c2a7a160ff38a8b23a20a688fd8a5d1ffce5af7ba371e94de38b6658471d2ccaf684fad7aeae8b80df1a0956b1c767de3d686ef56ab7741b5f15bbf7bb0024b362ea97940d69378a9b1e4
+PT = 6a0006a35f11510d13fee5822bda908576ee9743b95eea9eaba2c457a8a5838e56f6ea6b85d332849dc66a02dec292556428af
+AAD = 
+CT = 8cfaaf97ff27aa73fdbabd03879b937f668dba79ed9d73c7ca46317516617c9b384d9338b1a087b2688765a0dde6387f6350c0
+Tag = 17cf37639932f4ce0e42df066353756c
+
+Count = 1
+Key = 54043f9804b0398127128e51f3b5922f
+IV = 76351b77e6d50b43671953b684d0ed4ce52a4c027f8cc0a18316f68673f704476461eabf4d41e652e15818a1b153fa5e4dd63f6afeea0c898c7db7e9375af458d727a8691bdd1cdb59caef53f7b63b48ac290d2541a5aba8b8ff28adb1aa798791bb997a3eee7a079ce74faaa47124f12df9e9cefbe006b7a17adf08531b1e68
+PT = e2e217ec7c6de831e73b05f026a9164845640fc93eb802599d0fc0b398fd224011384ed5d0a92a8cebc7a837b117473dfad34a
+AAD = 
+CT = fd6068e17e889f2e679e3bf1a3b1c40098625c6393afeface2b74f84a2bf7bbfd1dabeed517c4adc487bbcada01059665335d6
+Tag = a913b38aa1d1334d29ce48607975ad60
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 4134e4e0ccae23b736c2fdd7b5c86bd8
+IV = f4fcf751567f346d409c7575c63adc6789aded52a7776693505d3fa28889ffd98e7fa02690b6bec5f1a0c2e1ebd58ac20ab283c24edbb79bab023634be4054895ed24146bc10a31fe3aa7bb410a417b7c4442fa14a0d35b7b9b033b57c5880a4834bbddddcb88e92063afe5d52bc1fcf36de4f7845f627ae81b8249fac05c280
+PT = 9d60485713e7e0d51f06ab0f644456f2a9ad87f5f1d54d2324913ae52cac8d6556573c2954e59f949078683285e577b872b0ec
+AAD = 
+CT = 85ef2bbedcd06a7cc2a4646afc333ec9915944b572409c5db73140c24e453567d8d0cc7a82663b5bb28cfa48d53cdaed836f7e
+Tag = c6328218155ce81c65ee9112
+
+Count = 1
+Key = 8391af81760f12a7dfe5863c6d7ad878
+IV = d8c891dfd36f22b5a1fce0d148b9b8ef4b312f7e4fd7849ea8bca334dcba4c395f9b4996e783d5674fa3dd13ad0b337910aaea5af63555dfe7a07bf008ca4986adec40b482206e2c7610d52fbd3d8768958eee9873ea42e432b544720c7dce40c9d4f6117983211c816f6aa251e1fc681a0467b019535b8c8fcd9cf268530408
+PT = 9985ff9f3fe8c2afc5dcfccef9404561ef4ce372dbd02d4ea6c1150020fb3bbfd31d6214710a88f054330a93015c9fe7cc5692
+AAD = 
+CT = d4de8ef19524eb3d01bf4d7d3be59f6b14e98f687e1b19c9e8ab8164e531869e0403e3408b54d3c7e03c9ae8b30e5047ab67b9
+Tag = 77cb5cc5063b6cdf182e6e3c
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = c7d9358af0fd737b118dbf4347fd252a
+IV = 83de9fa52280522b55290ebe3b067286d87690560179554153cb3341a04e15c5f35390602fa07e5b5f16dc38cf082b11ad6dd3fab8552d2bf8d9c8981bbfc5f3b57e5e3066e3df23f078fa25bce63d3d6f86ce9fbc2c679655b958b09a991392eb93b453ba6e7bf8242f8f61329e3afe75d0f8536aa7e507d75891e540fb1d7e
+PT = 422f46223fddff25fc7a6a897d20dc8af6cc8a37828c90bd95fa9b943f460eb0a26f29ffc483592efb64835774160a1bb5c0cd
+AAD = 5d2b9a4f994ffaa03000149956c8932e85b1a167294514e388b73b10808f509ea73c075ecbf43cecfec13c202afed62110dabf8026d237f4e765853bc078f3afe081d0a1f8d8f7556b8e42acc3cce888262185048d67c55b2df1
+CT = 86eba4911578ac72ac30c25fe424da9ab625f29b5c00e36d2c24a2733dc40123dc57a8c9f17a24a26c09c73ad4efbcba3bab5b
+Tag = 492305190344618cab8b40f006a57186
+
+Count = 1
+Key = c4f397611fb798a5f508e2fcaa329a87
+IV = 86c87ef3f41c25df9eed5207a11aa5e620dcf371e8d337525fb3ab2a6751f4afffe9aa864952337095fbaa7e683a7770eea343d0decd7d338debfde65f3c857528f0d1bf82e5364b3156c60ef39ca3bde8d32efcd997835ecbe5d1076296b51a575a0d68331b1a192441caf1197f9f686e2ba9ac62be8495eaa8dd67ed086ced
+PT = 58d82337ff0d3d0cc2f23db1cbdafda5a1788d7026c3f075b046103bd2e4566913c2d0ea782aeb5b49aa8640055007007bc746
+AAD = 5de8c0e7c18d05469e4ab368230cc9c34dd293622bcf47cc0542ca88445d7f56e36154439c5deb987b2cf1ce7ae9cab49db5fd691d3827a7757ad8ab64b37e25e41f3e7fe5e8442b69196fadeadeb3881a1dac3b7de909d36561
+CT = 20da5c0890893eb2a4b00751db0138eaefc0bc80f20a0851146cbb79e862becf733da3073939c2419c58b293d3d1475c5cebdc
+Tag = c730a942740866a16b129e28e9f8575a
+
+[Keylen = 128]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 2301a2bba4f569826ca3cee802f53a7c
+IV = bed48d86e1ff4bff37286a5c428c719130200dce04011edb967f5aaff6a9fb4ad0fcf0dd474e12dcfbcca7fa1ff9bb66b2624aaf1a90f33ed2bab0ee5b465174a722eaa3353bcb354165a1a852468ece974a31429c6e1de7a34e6392f24225d539eaa6b8c1183bfb37627eb16dcd81bba9d65051ff84bd63ee814bea0e1c34d2
+PT = 6081f9455583c4a35ed9400799e209fb7e75a7887868aa4bb0c9f7b78f67125678e03c618e615bfad03ab077315b7787418f50
+AAD = a481e81c70e65eeb94cdf4e25b0a225a4f48b58b12cde148a3a9aa4db0d2988da27591d65827eed39ad6933f267e486c31dc586c36ebaa0c349b9c12ed33221a463737695743cebb456f0705a9895a5aac720f8a53981a231fde
+CT = 18eca8d7ec92b6209c8d3c82d10c876047b470e22b74346ad609f44cc338b38c881103636fd056634907c28e32efb32dcddb23
+Tag = de01691b9b99851636c7c8d5
+
+Count = 1
+Key = 4fa1ddc4914c1897957c3a79ce41890e
+IV = 3c3841febeef650e18d4cd427b8bf489ec0ea4c585fc081c7048a9bbaaccf949155cef3ec55d9eba5121f796a9196e781e25a8c1f8b5751e603cdeaaaf486789adc087755de0732eae845bbfb6124948de1089c46ca616dd9c2d3496cf43e5749342e2716e7faa79f484868d4afd78622942391bea116a643e611dc00b644ecf
+PT = 9f537022843aecb290ff5c080f75a6d423ebe9cbbbd0e8d20c1b1a5fa156dd93a9d021670ba0cd7b4e60d9a15238ea4a619543
+AAD = 453291d49a9a9a9da429b4e2d0203e8fbcde86b632241060c12bdd017ddc531eb721be504eb7f084dc576694e6bab1af2495cc6e0e55899b0f558b05d2d4a873e384ad4bd5da5c12629feee1c880992ee21d39104321d26f69e9
+CT = e38d61f92ab28c3b3040cd9e2b1477484d43670fa643496d52b1290b6e52976322bada36a6a4e4c55d56afd798fed0c8f9690c
+Tag = d5ef5fd39f40bfe244383675
+
diff --git a/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV192.rsp b/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV192.rsp
new file mode 100644
index 0000000..cda212f
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV192.rsp
@@ -0,0 +1,1016 @@
+# CAVS 14.0
+# GCM Encrypt with keysize 192 test information
+# Generated on Fri Aug 31 11:24:46 2012
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = aa740abfadcda779220d3b406c5d7ec09a77fe9d94104539
+IV = ab2265b4c168955561f04315
+PT = 
+AAD = 
+CT = 
+Tag = f149e2b5f0adaa9842ca5f45b768a8fc
+
+Count = 1
+Key = 1bb1d6a3bfc748786f3951e43c18054bfc8ce6ab3dc3d398
+IV = fea56a5ce5f7d4c81680195d
+PT = 
+AAD = 
+CT = 
+Tag = 0b0bc0768b02f126a29bcb144abc6e4b
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 155c8e5ee1c79f8ad4ee08bfa274cba676b6b25d76426744
+IV = 849ccd0db8689347c72ed803
+PT = 
+AAD = 
+CT = 
+Tag = 3f18a3a8014ee56f1ca69168
+
+Count = 1
+Key = f72029daeeb0cacb6db6f8e514310aedf02fa94de5d794b1
+IV = ea33cc69cfa5acbad62d8cf0
+PT = 
+AAD = 
+CT = 
+Tag = a8ee413654de5aa628771afa
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = c25d347ffb5b7ba079be2279a0a7f220f19c74bb9c5a15b6
+IV = b35f142182fea65c642368ed
+PT = 
+AAD = 1967a0bd80cf2c9c58e441e12cba788f9c072177e1ce02f30d58ae981ab37eac452c0d9f1c5f3485d7b16ae09366821d23d44479d52ccc4acd8fa6f5b9013845c629f69c612c9cbbcdca3bdf43855fa7c71bff458a7d4c019ad9
+CT = 
+Tag = f5a0d64924aeab15a636c7ce4db52243
+
+Count = 1
+Key = cb000fddd67bf5a24b03c8b08965fc568962d7b2a0b4e68e
+IV = acadc8f822b837b8fcd5ac53
+PT = 
+AAD = ce0e3e4e6ffeae66c535667e8a8cf12fca0e9dae6987835e8ec62fb95b38f31ec5e937bdfed5b55174834b038ba3322b4a2565ac413b6e204f88c3a93216b88106494eaa14a82068f00a3bf227b627075383682bd6bed6231eaf
+CT = 
+Tag = 2c1cdfc8afb7569b877ba5ae13d6235b
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 892b248a648135388ee27757022741086c26edc08e7303d3
+IV = 4bdf644cf876f2d65805f531
+PT = 
+AAD = c0f876f59850bcb852bd0d0b954177c7449646be8ad31cb8cf98ebf0c7d8a2cbb78bf1a5eba588ffd2516b13fd9e23bdbcae5048237d4789f3d23f0ef44559e521e89435ead89d3dd724cfb9af69b269304d0c6f965b8c8dff4d
+CT = 
+Tag = 88da6c81be2a0299f7dc570e
+
+Count = 1
+Key = 4cc1a587fb4ff4e4b3875380870eb309734fa41644139355
+IV = 40803afc4ad216b0594ac2ed
+PT = 
+AAD = d083d10da29551c8f63d5c30941bba4d7197a7d0e2372dfc0058039a232fc721185e7159ad5fabb90b0ed0d77cad354198e8de269dc4c1e9338db55cca2d3523c949ce1c36db992c92b88626628aa04238d40e6041ff407aebce
+CT = 
+Tag = c6a64fb84c0d946d405884f3
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 95e5c8dcee4ef17571e1becc3f2d4ac8d5aa73e74b3f1115
+IV = e3b91649120f92b4f712644b
+PT = eca3606b9e2a0c7a1c6c4b765176f643
+AAD = 68b093733bd1e77448fe5687b74796834d1797cf
+CT = 0ff6d858cf0f5309c0f4b2747f6b551f
+Tag = 94d6ac2796a9b9901933a0f9e5377979
+
+Count = 1
+Key = 48b82b72fc81be86860f72065efa62186f9da596bdf95158
+IV = 24da67aef74be3338589ccb6
+PT = f86a57a30c06efb10ecbeb3d5a9d97b5
+AAD = c1f7f5c8f8cc5137a53991941f388ffd2b27f0dd
+CT = 4be58cd06378c03878d4f1659443c5d1
+Tag = 84dd00b8b03acb9219ec5116e3de7362
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 783e8302c2ec8e36f3caf5e14e8c61dcc20bd2bb90a01702
+IV = 625e5690395df430d2b9f1d5
+PT = 847f039af1e9a880181e92be5c63bae0
+AAD = 8473751fa178265600c7ebcd9254da67ddd47433
+CT = 020e94cbc9a041c750d8c19a48c9e0a3
+Tag = b922bab3f43c8f6ec85fafb7
+
+Count = 1
+Key = 20e7883dea0c89585e3c167fb86391fa9f49e2b4892bab6f
+IV = 86bd72569d27458c717185bd
+PT = 4f581f8b01f8e22d1485454134741b1c
+AAD = 3bb6dff478c5f8e8f5bebec27cbc64e44ccdf939
+CT = 10d7c954bc75b5d7a89383c7ddadd698
+Tag = 5f1c1d90ba706878e37cbfd8
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 60991b595b0271efc87f21a979d61ca8fb11ccfcc4726819
+IV = 0ed37872b369e4fdc3ea4090
+PT = 786fd2bc953160d5fd30e4e8cb
+AAD = 
+CT = 685c7ebd80c7e2a5a586f10935
+Tag = f1712cc78b4b3ab7e79e7eda1efa2f72
+
+Count = 1
+Key = dac55319a3b7baccd67c84d6b8a40e69a3b275b5c87f1991
+IV = 14d586219807edfeb08218ee
+PT = b6b12ae71347924e073b95be15
+AAD = 
+CT = 10eabb3b045cf56d7c3a81c182
+Tag = b74a572207e89e68078c2083982de970
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = d855ec64eea47bc827f034713bb1342cb5b615dc9509fdb7
+IV = d282ad5dfc33ba679918a12f
+PT = 003edf10af9dc6217b1ebdfa5d
+AAD = 
+CT = 2a46856483646d494c2ec738fb
+Tag = dff5810e1b927d79cfc09566
+
+Count = 1
+Key = 83d11e19252800a50eebb51183725ff18bff68d43d639c6f
+IV = 22a76dc8ed4f53fda482bcd7
+PT = e7676e81e6a38ae1b94e5e838c
+AAD = 
+CT = f1ec8767b3ebe2244b2ab171a3
+Tag = 95f65879aa7c8a13fb2b83b0
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = ea319c2f397022a0d1b011e59b6524dffc609a2970c39c21
+IV = f88c737fd24ad5804c468bbb
+PT = c02dcc36a608b2d5e95f93821d
+AAD = f8ef7628b75b405a37a78959fedc0bd7f8d0b38ec66f0cbd2aed154cb9240e2102909855f0ddaa3f6805cba53b53826acc49b8d9e66d6ba0df26506bfc1570dd9634a56448568dd57a0a087b6f45f1448d956d90b1d0eed8d271
+CT = 7c7dbe434a8463e2779b12e430
+Tag = 54d21140bd173e64f5932fbc3817654f
+
+Count = 1
+Key = f8ec3d87425b1a2050f8701eae0057ee21e41a7f9545ce6d
+IV = 63be167b73a59e8440dc6ff5
+PT = c02d51c5f60f66858265f083ef
+AAD = d702f8f12448ac1699ac493551db8eb513537b34287f2894a53b600e444dd90b12996b8704aa87e4e329a5018fa1da0699c6977d7b7e49168b8ff390f05ee37c5b2e7f2323fe884f27c708ce776a56a7771c6ac2f29f76d1bdc9
+CT = 38e52dbd1ee3dfa91e915486d3
+Tag = a49bbc775a57319317fad5abe5617cfe
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = fbc8e0b1eaffd4f414a1651851b0593c849b5338e999d0bf
+IV = 245f34db8db0b82feb877ead
+PT = 1a73b7f8c60b464248c1b151b1
+AAD = d8515f552dc44f31ed8925eee759336768e52a254cf481838d2389d53374cf20093351ca83efdd820f2f7f5d1f3f50c71e3648565cce6c4a66b1283893e15c4d318cd6e3597d66363b8751fcee59f5b61e7ffc9847e87dbc28c3
+CT = 0e903ec27a56dfefc59faaec42
+Tag = 440acd58ff48d3b11017efe2
+
+Count = 1
+Key = 766910f57cb6e5bfd0e17531459f8bcf2f32e2136c0d6f4a
+IV = 9c365287dadcfae22b9e6c40
+PT = 0adbad5ad2d8c92cae8421271d
+AAD = 2ed313c45c801ec29b053f0380b02b40e9426855ee86d1963b058d28c43c66ff510e11f5dada25bd0661098c167b361968c2ae9a69c35bd8a87c77991bba753edb3b502216896030daed087c9e9ce9a1a087157d318b5aa9a11d
+CT = a1c35164b7a8aa3e7816cd7ce1
+Tag = a49f216540cb09b96ebd5863
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 0f8877b56237ebca4685abddf394ce662a9c012d88eeeda1
+IV = 1817a5ca06e3432b2e015db6
+PT = 2fa4c38377f66842ad546c043c9ee81b33e6b4cd5a6647520fd5589cba20e366
+AAD = 0bb495977ba3ea02e8020293817ce5c5eaba0c5d
+CT = 7c03dad4c8ac7fdf40453b1484a4db42839a0a06b69951a573123a0d8032d6b3
+Tag = 3fc49f14bee122324aef236546b301d9
+
+Count = 1
+Key = ef0cc2c32c305abc1a206f33ed65f7c44319eeb8b8df79e3
+IV = 2c67c1f1abdbf03db5a251f5
+PT = 3d78d56fea1ffbc31656c54f9995b10c0de51ea11eb916458f453078de753674
+AAD = a441f88d2601e176920985e917cf31c97a9226e3
+CT = 13711a949ace619adcbf27ec65e32574a4ef7cd20263f0f454e66d63c9db85ff
+Tag = 4a2aadb31063e9954387f132ddc95919
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = c6320eccdc268622378195e3196375ef7fa760c4d7cd403e
+IV = 637b850ea3174252d31efc25
+PT = bee694e901ef80b18380616277496a4d7318e37f5565a3f9c40356565ac45ea1
+AAD = 6c71c2cbf373663bb61fd265afa7c8b8fdcd1c29
+CT = 0fb76b38017613447cb11e57f70b16cce4d42e16b10642f9516db2e05083a396
+Tag = a5b14f6a0e0549305db7a72b
+
+Count = 1
+Key = d03ef5b85bfda2f7f378100b318cdd4973fcc8c7ca2cb53b
+IV = 29798f8cd897b6e87161261e
+PT = 7038e3e2241f274a1abd51867c77223494e9c4184caa68acaf8ca73e2e654fa1
+AAD = 2cef713149c1c02f28656e85aeefb354777b4d1e
+CT = 4f7842334c7e358ed3e3c4adfdae1b40a4ba41be048ccdadd19d275042c72468
+Tag = 090bd9e6cc61846c5d886908
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = b33a0d6ecb0a2c4e4deab7e065227f7a5b056f96ecab3761
+IV = 464e4ea75b77e7a1fa330372
+PT = a8beff90519d7e537b0f95f97b9ebcd4d71fce3e59f87cc43cc4f7453319c973a4dd47cf4d7062b001e52828ee545a0ae27e46
+AAD = 
+CT = a6f8564d9a4913fb366f83289ffebc7eeb3e240ac2f4030883a28e2778458894f7ad7d8f3e9a8ce32b27a0249f0c22454d7c0d
+Tag = d094b97785b7e0b09dc0008f4f0da9d7
+
+Count = 1
+Key = c9960d816f0e236ddfca65c767605678289ac9773f79fc33
+IV = 8b6ab5c9726761379c8daa5b
+PT = c6508c494f798af9b465c31cfa02851e5d9aba2d3af07c73f83fca27c3bbb46aef29ca772b69cc4ffa17a83d17b40cbe7c05fe
+AAD = 
+CT = cfcc496b6a5fb0162b86bacca436f55f4268c37ddd9ff80d1ac11def67bc57add9950abfc36dfffba6f265b62889fd247a508c
+Tag = fce4b2fe11e85e89ea7e30c54241bff8
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = dadfc574aa966f80c7198490a9e98e69fa6633170e412ad9
+IV = bd1eda0b03ef9ef433b99431
+PT = feaddf879825c96f828cc3c2ecc73c387b0f0c8d5c95a284154011033195413d79d487f4acaca2a8d7426cbb87c3f0dd55f7b6
+AAD = 
+CT = ddf55d027e2d63704c999638460f054aea29b456615ffc35081b52b8ec0d986069109dfe76f692087257dd427d11701c9c7b7a
+Tag = 9682008a019e73d3b6064af1
+
+Count = 1
+Key = 5114bfdbaeb09b72f7e0a952a59f086eb84d2ea0d7d9e029
+IV = 6ca1c99d7a07c3499cc2a97a
+PT = a728e2941389369e13457dcdb3dfbedacded9aaa1ed1f94406072a7550a1ccf05844b0dceb7fc1649d44a7a31576a59ce421b6
+AAD = 
+CT = 2dc859ce6e3847b004750a3dce767a34971c408b662b5ccaf734deea6f333e5f7fa9298c920a80b00d87c18cf68e1438ab8e2c
+Tag = c6ac2c769bd38e5fb7b6cdb9
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 50f5cc5e33774f383235c64e77c502ca6c5d06ab0af6be04
+IV = 9d4c766490224946d91a99a7
+PT = 35df59329eb5fc30c28791164bf9b374df228d2be467414727f457a9dd0f079f7342e23adb06929ce0ad607116ee11718ce320
+AAD = 4feca4174889298e992b765dfa67d33219f9b23898f8e869b7f1fbf5d71d87b44edd963d1055618b9db7bffe96b7856f3197868d6ce5e755a6c751661773e1def403a4cf036151ecae67b35f2891285420956604ef31c9aab341
+CT = 77670f6520a34dfc05819a10f322b30e397473fe51f8274bfb105c2eec37e24951abaef11e73c3c425a8c4b2d8c3ffeb8ed924
+Tag = 5349ef7a70499f2760123c0d5dcf5a6d
+
+Count = 1
+Key = 9639bbb115b2523376926420bbf523f9650e03d56fe0de4a
+IV = ffffdd2aeab6163d02622171
+PT = e790cd4eab2aadcc854fe4683b957bf10f13ab4868bdeeefa5d427ca0c674ddef13244718ff2dd70d8071c161e53ddcc022198
+AAD = d38a465502b5a9f5d48e9f17c24dd9c1b80d2ee404afb5c408c0e6573ad04ec339ee2575407fb982e5ab539986c1f8f2a591171ed017f514ff0ffd48bdae03d9bb7f3f740049937a46e22466def4d56ea43e5a12e520d7867200
+CT = c54b6d577269588d9d3250f21da402eaae45b78bfebcc6e0dfd2f723771e7811eda192722af0aae843305a7f17f00f2a91ae60
+Tag = 20099e1c1481be5d5963ebf9249378f2
+
+[Keylen = 192]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = b69c5391a6cbbb675218c54977bb189a6ab922c24fb54427
+IV = 826ff82be6986c3b647199f2
+PT = d8a0c720c73d759cc6e9bc15ef96fcea23e47b03547d7bccc9e5daea70df4fb2975bde6684981ccf9999ba04f993f595c8a155
+AAD = 37541c7efd8704ce9101fe2ee6e3a56c3c0a25074c0b0675dcadcbbd39114c448601e0af057ef9b6f88b92e5b5c6a79963f3404e1281f0a53204edba9867fae9b78090a2c8c4d0a885a6eed03a2152f33c06623c6af94c09cfcc
+CT = 7600d4ad3a00cfa91248cdb899beba509de0daf32a363690ba1b160e3befd4aab7dc50db784da79a0795932d29048dc1ca5c98
+Tag = 378fba671e3555be2902819a
+
+Count = 1
+Key = 83d03b555e339cf35473092e1bacde0dd7f0887dc81c11da
+IV = 8a5c1f94423397881dbaf560
+PT = 914471759e614acd9b081f2089a2763927fe7a31bd806e9a694d4964aaf03b86018f88bba24630d482c8d66034850b51a28490
+AAD = 5d061328de764511092231392b39b6c6effb7c580424fb732ef3cfcc7fd44f6c3635098ab5d6e5c7e846dedaf013604112ae374a1f5541dee6c1b683f9f6549e2a673eccc6d0a1c48ce266d7756f73c05f402c44ffa8a4f9786d
+CT = fe48dc7e93335711932c2788e4fdc41f1a4bc27080e398e891f83761d9114d7a6484484944ed7b88397bb8b297ea9074f390a5
+Tag = 935268daf579ca50cc260862
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 80b9b8e919a62c42dcff342c68bc765ce27700b41d4ba753
+IV = 2f
+PT = 
+AAD = cc4da3306a114cefdf8c0dfa15aa894d6fe66d64
+CT = 
+Tag = e8a3a8b6beaf8e87810a3bef7ce3974e
+
+Count = 1
+Key = f099c36e5e098f6f47aecebdd4f48130cf90615642434ae4
+IV = 5c
+PT = 
+AAD = 54203e9b489c70c263775407dc702a933f5374df
+CT = 
+Tag = e22ae3c0392c120c5248ba215da37223
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 1bdbeb824b0b6c368a36423de93ac756aa5885c6cd8a51c2
+IV = 83
+PT = 
+AAD = 9876f81a1d2fa1fc97eed3d629f8eb4f66322f5b
+CT = 
+Tag = 16560fb18532f8cddb9356c1
+
+Count = 1
+Key = d241202fc886960b45b99b2a669008c054a91ea67b2af55c
+IV = 08
+PT = 
+AAD = fc7cf85ece4a19aea636f7b49d2ee08664e58a4b
+CT = 
+Tag = e4dc915d70568b84a81a80ae
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = d4ba70cb3e8d246aa66ebfafd26266b5f08ec3a88000e770
+IV = 13
+PT = 0616236190652619ff51ad2775f2826e
+AAD = 
+CT = 52b5f106a01d1cef4c833099ce88a354
+Tag = d8acd529c97efbefb6102a4a9c3dafb2
+
+Count = 1
+Key = ad127ea7a80af4d011d9d3ec767f5c903983a3aab893e30d
+IV = ef
+PT = 1b5610cff4d5a3afa990b5a7ad6c6bbd
+AAD = 
+CT = 10146871faba82e779d680d346036e67
+Tag = 64214a51af61c070686b8e957aa89b44
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 0204ed5e0b900e8fa8aaaa2051fcb70e0f906fdc16ded2fc
+IV = b7
+PT = 776f4649f5e8a9181382b0d8f42c4037
+AAD = 
+CT = d78bbdd6dfe22123546f2e25dd5d32af
+Tag = dc1d336384a8514d80fe612e
+
+Count = 1
+Key = af9faa2419078c34615a9371fe6b73ad73ed7baaefd40774
+IV = 8f
+PT = 6868f28694c1e22e3c5e53965ce2a24d
+AAD = 
+CT = cae03c9a3aab73b52212e281013eb768
+Tag = 53ba759177a3dd9d9c010997
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 23916395a159be56d8f5933aef9741b1cb1fe67fabb4a889
+IV = 07
+PT = ff740c06d161cb487e5c519a148ad7e0
+AAD = 890b5344b69d4b3842e9f34a13e176ce51cce65f35b81b992a8ae2ef977e08c8b1e5a1c81d2c921e8a6bce86c2c1175e5e5f4b964c946e163dd0d958b41196ca3634dfd4ec9d4a4ebef18392f2a931ba338868dab12cb1345193
+CT = 229fe65070951a9645e6c026259a348b
+Tag = db2ae3f6924d2702a1498645cd2ef011
+
+Count = 1
+Key = fc9513e4e6050e1943b87f4672753493dc32e68802aa2b7d
+IV = 25
+PT = 7ca1b667c77517256b5f818b013f3c72
+AAD = c8b6107fa2cdbce7d233008e6533fc1c4d85e5b295ad1218d0aca484d0f67de6499d053c476707b62a679e60bfa989b92b82d2e73bfc4058a8e420d090e66215e078a6e1dd758bd32e5a6a1725daee0a90025965f1ca7749dbc6
+CT = 7d832569b2f144db9881e031c65fe740
+Tag = e6ee37e46a86f7129f7cd7311b9bb66e
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 9918048e1bca6decb3430adace1acea31273835a95c1b7bf
+IV = 82
+PT = 52855c9038d1e92defcfc1147dd22d5e
+AAD = 84c78f77d9116db0af69cd50de4a8fda143089fc2cf2c1ceed99dacd03368e1e158412257dd83168d9652fc35a6062f9bf5acf01b54d5ce49baf75e38dbbd8bc528cbdeee5059ac95a462b77ec6c00c09bebb852ffb89f1a2f42
+CT = 37fdb08f2f8ef7361cac8088993a445b
+Tag = 8969ac140527a9e784617079
+
+Count = 1
+Key = a9287ea55180bee233d05ca5155d2469a7df9ba3739977eb
+IV = cf
+PT = 360eb72abd99943a9152d161402d50fa
+AAD = eda98bf625376e12618940cbf972121e1e2f140e374aa4d7c409240e43a07c054f349378978b6b23ca533a654c796fb0794c19a11639794198c9174b51dd98ccba6eee8f7c5d3f7c9e439b1ff3304529bbc2ef48541d663d4d05
+CT = 4ff7eac84f93421dbddf8cca0da6d599
+Tag = 80a3114f039229ea893098db
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = cc5099551cdb9897abd3f419f0b1a87ea102bb1f9e7def91
+IV = 36
+PT = 527571c910718afa58c7d23754
+AAD = a20026630e50c24eeb98e07d23367b8dbf98c629
+CT = f16aa704406b2506228873215d
+Tag = 96c2d4468390f2de32c970ae8643ce8c
+
+Count = 1
+Key = 8af1a8181f03f1a4e6b06ce4042abf33ad496d04d0a046be
+IV = 7f
+PT = 2c66ed6d4d79ab9a88417c86ae
+AAD = 98e0ff359c106b48f5db7b72089f811e76b5ad7a
+CT = 9168df34fea2d4984087a5c337
+Tag = 79e36dbbf38265113f54db5535990d6e
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 2a5a02843cfaaee9acefec808e91b4d1d02fcedd25b8f184
+IV = 7b
+PT = 86d946a9dc6c2a3387ac38bdbf
+AAD = 6c2db1a79211861a41b5d2b9e38236de50fb4199
+CT = de7b662f7bf7fd3c44932db90c
+Tag = 0fb93e76451120578d694d2e
+
+Count = 1
+Key = 0b4b7c71742a0775ff0a7077bec016017ca511208b52fd0b
+IV = 74
+PT = 92fa784ce2bf812bf03b6ba6d2
+AAD = 9cdfbe68494547ded35fd4ae84c877d129afb05e
+CT = 34ca2958e29631a1886827175b
+Tag = 40079028899e5c3f4b7b9256
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = ab7cecedcdfc4846923b550ac20548e01cf0fe2ed753ef05
+IV = 54
+PT = 5c24947d8844ebd8cada537f087d875c59c1097bcbb8efd09406b2a60199d06f
+AAD = 
+CT = f20d35eae999e5fe9e1bca72531700d1a457733b61825832732b29065c8d77bc
+Tag = 68b0e5a6d127a0a782e09534be0f4d19
+
+Count = 1
+Key = 109a9dfda5917411055ddf9ec0e8b54db5d612caf50517a5
+IV = b4
+PT = 161a2b85051e014ceb29bc5beebcdf8eebcdfb549fb194f1bd0d31dd935ad5f7
+AAD = 
+CT = 90c938c59e51f118be75234a51a0f7a410b0e00ab01b2c604b49faae9018b12a
+Tag = 01f28ad644fcac8a663693972284caaf
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 93f774b4ec6b64a44cd730f877804400df87bbe050ed6076
+IV = da
+PT = 3ef6f158bd1d2d877acda7bffb8fa80675fd3dbbc4cad448348245a7e6482b36
+AAD = 
+CT = 01ed20a59a6cade446d11e41bb4e5ffceca069b219c3d5d36eb75be60f262b7f
+Tag = 75ecfc191857186398f6f3ba
+
+Count = 1
+Key = ff1d9d44d8b5945f5847630c50b97f0ad3dd396a79f80fd1
+IV = ca
+PT = 3d243353a6e9921924af392d31864a2703de5fc1941ad5983d8a73019f16cdfa
+AAD = 
+CT = a969397cbbddaf7f2f3b26e4d2e88fbd9dc81d03b355f1a0434864c1d8c83290
+Tag = 69d8fba560a15ca76f468d0e
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 61139fe8f857cdbcb24d393b23ef4bd3239158d81a89c1dc
+IV = f2
+PT = affde43ef500b589799d52d11c487897526bb41726418658336f1b93764675a0
+AAD = 264eba27eb0e738d22f06e6510963694f8be2807060e823f250d1f96de632e58ea73bb8526a31fca82388de2eff227805e64095ec9dbb0fd6f00df97729960307a4ff7734cf75fbcf1959f6ecbdffc33d76070696a1d002309bf
+CT = 221a30aa31c77f0e11530c17f50147db6ad0f864574f6d5c79e376ce5ff00a90
+Tag = f372d72f0a70b9d8a0049bf655763409
+
+Count = 1
+Key = 326adfd8cc7c1e85ca1830afc5302303297392e9077e975c
+IV = d6
+PT = 909f3d3471eaeed20dfc94ce32521b9dc4aba90d1ad1fdbb216370778a6bce42
+AAD = fd92a80b73c0815e425ff777a020d5e103e1e804fa6db9c36fde456102b5b734e2ed73d0b0aa8c8c10c0327ce9b2be1f44af393bb1967744cb4224b9c8cce585c773bfae0e3863edbf5c33628f05f035718d91b5be37cc070adb
+CT = 504638d9711a21b8c5dd626f60ac199ba1160fc41e8e5ddf085a7c8b345bddda
+Tag = 12fdefb0f9ada2deeddf6a2a9fa0ed85
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 1c1702e13089c0d5d08973d2371c7072b18f7c88f705a57c
+IV = d0
+PT = ce25b36392bb630ea820d721037b6a04fc465227afe253ea20ebdac2e2dc122a
+AAD = 31c9a7e3bee0bab389a063e8bb627ae62853d1e3bf3d55cf819ce5f164e4b1cb42f8aaa626c582317570913e2fae936334b151dcf48cf484e66df3a20401b6057b085aaf98d589b57a3204dbb2c6f20ee241fe41c8b05237a9db
+CT = f836c4deb0fb2196dd9c945974f28352943bc984cb5f076e3605a90e7bb92ea3
+Tag = 4cf6bc443be97d270985b6eb
+
+Count = 1
+Key = e6971d922b3a0a22b85b58e76a27fa643d833b8f789327b4
+IV = f2
+PT = 8813a49b08a31b4142dc06f9353c9cb8ce6297b790539b2df540386b6182dd1e
+AAD = 2aea6e3062bd58bc67547d674347b1636e05c8c48eddb33ab237f631660fcb57031a993243bb4f6b3ccac3345d9b600cb07d95c9021b739cd203452ca7bc0d6f03ad02c65a418a11a8c8808cf20b89e1f5596294bee76f8b3d96
+CT = 9a2d35a0ec3d3acbf75729a282962589b8f573bfffef8f6ced5809e215b81d9a
+Tag = 09693f4b5c679c644a698006
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 5239df04663a1cad2db6eca280cfda6a592baf88c49725c4
+IV = 28
+PT = f577fef731dba70d2859ec2b3177b03c1855660a016632a9968983a917a335d33191ccba85dcd844009da10ab9411f11ce84ff
+AAD = e7139e5c3698f3dc5c67dd4ef16dd991c9d60b7e
+CT = ecffc2c4f2c6798bcd61205b18f4453d5fec4676cd465549fbe576b32dec9a1fa41d91b3738ca3b54755ce225f71ab61a96e91
+Tag = 926b3cdcdfe6fd285526c1e52da7f30e
+
+Count = 1
+Key = 3d1f4210ba31ef31ddd1c2597e85b75dfa807e74607b1bc2
+IV = c6
+PT = deba508b03bc472bc84673687a38c2cc98dc2babd08fd679907dc3d88b9298e161532f5f0493971dfc2b1872e1ee3e7273e8fa
+AAD = 9b83da236baac3fa53fe9cc6c00877ef1405f57e
+CT = df9b2b5d5caa9849af0e48832ea10ff1cdb60d1356a73cac21a04c243e22b87721e8255ae7cdffbd2b685e8f2df7dc825e0e64
+Tag = 1a8cddfdc64113c9f2f9d5c1161632e3
+
+[Keylen = 192]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = c1928b65261eea1aca85a9d2a4c3c051d26f41f9b93c591e
+IV = 13
+PT = 1b46b97bd1223dabf9267911d6d17cd76b69feae9dfdc6a844f9263dc4ac504a42028cb4cc4b2e41279c1c9e4f49b6baa271ea
+AAD = 46445875d05a85b8ebeaa79ac57854c80c9d329f
+CT = 03bcad72fd1649e3b5aa68dcedf71d4fb3a1b2af430ea9096828f699ad5bdb3f43e0d60858f6c8d9ae5fcb7b3847f6ec5bd9d8
+Tag = b431b9ddb996f7a5a71bd9e0
+
+Count = 1
+Key = d057ed90b0b15296ba75b27592e68af16c34501652049acd
+IV = 00
+PT = d66ff03bff29fd6f0f715d7a3e89789098a68d56f6815d3f8a1febd8368276414747b06d27a64c2f68c55e5e88b3c6d2e8f342
+AAD = e4f2225ad4f20cc55fdb6c7c2e5aac8a7687ac48
+CT = fed615cf0830418915bc2dc998549b4f9230ce4e7361c0322c318ffed85c3337f34d94cf4bb5cc349c58c3ed2ef1aa74b1312f
+Tag = d0b9ccb83eb4e9a10a8b5e9d
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = e2a1ea08eaa9a1916851e5fbb9e9d4628bd704a77d306b40
+IV = 626d60630abd857fff553543754e9f3f353fc83545c1f727e58a3dfb5ee1b5f17972a9fb1ed36053f3902d42d3fb01fca552ef8b56e2b9790c0705b86f6b386181dab5d04b02179bf86797b2a079fe851f7b4ce248df03e8c1b613baea10e1192d39104902649c6c9c2a396865f4ff46919ee81beacb9f5e9ea85bbc883b6a75
+PT = 
+AAD = 
+CT = 
+Tag = 5848c439467188c8653e129ba86d96d8
+
+Count = 1
+Key = e0bb619b0cd5aea7ac51142e1f3a0c3082895fc6f018bdd8
+IV = b4194a138cabd880ec097e23aa579e48453f532b8a006bad9d66ca41cb64574652c6fddb04d9b0ffed141f9d34e34831e4f3cc2d7e98be030bb57ebdbe2a90496b65b8edbdb48c46b9a017fcc5f7136d425f36bc7f443599136094b7d323e64651b6d936ff55f782dfe912c8abd9a06f55bdc364f45cbd17b94c5e74a45b8ff4
+PT = 
+AAD = 
+CT = 
+Tag = 0c524c45c8350ec100024b6fc2df0150
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = bf1107662c9d3d2032360301aaad2949e253850e6d85bdbb
+IV = a23cb98c19be0d4768b16cd77fa4bdbffd9ebac5ccd6c920c25c8c061c45374e73110b8f6c6147c8b446d6fd3aa5d03d946017c466a81c677292118b0b05466b9369c6f434a5db5de1cb1265ab77f0ef8bcf3b36ac695b91535485b0ee8df815ffb0bc09d317eae863a0e9debc52f34ecd7cbf38ef2f7fae5df8f0ec4de6d063
+PT = 
+AAD = 
+CT = 
+Tag = b0f3ca0b16b1603a8873714c
+
+Count = 1
+Key = 6cc804e9a1a3fe6307d67a05bd5af859644056c64ffbdc50
+IV = 6bb46cf22eafccb74c2ad51e348b7436e1fab2a49674c0c2e7a6a9a43a4e53e9390e89d750620eca394b693cd858c81363bdb4b4ef783f197e0eefd70dc3d33195d1553ec50dfac00e4ee46b9853964631e295e3519d297a9a07772dbc082dd01a8a06094fd48d182e18a95e8e095d13b7c06665307256af8d2959d593bc2c02
+PT = 
+AAD = 
+CT = 
+Tag = 8550c2809d5cfa70b0acf1ae
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = afea1210b8f606fad4443424a2ccb0a2880f711e12543870
+IV = cb5e27f1e1e0949a8437d2f3a5e80e073d1a0503771291553287d59d51ac5681522058d825ea56b076434a0bf8c5b0f03ca42d70224e6687b0ec95e1bebac5c4d2c5401326ce99f4a2f0d408a41bf7c77bc16cd835fca9aeda7608b3f8e0828570bebd6bcf99066e4a306bd1f429a676a16dee9f92e58cf49ace42e559292bba
+PT = 
+AAD = ba03f799f15ff6f1787ae63597103c673e8fab3425f843a6e04f06a7b0ca0694cf2117aba3229ec284c2c8cbd1ef44915dda4738866c9b9867fc6523b0799f2c7115640405557a4aed7062d078e3f0bd81e11b930a6f6022b22d
+CT = 
+Tag = d8d0bc127e6a35a53ce2313c2de2771e
+
+Count = 1
+Key = e25f8d19754871bc4425cd7905dd997d82bd3d32aa4f07b9
+IV = 5e07e7bc2e56df7075551704a96fa26b8ae13fefc7123da22875bce45d780b7411b11994a1b71e5ea5a032cb2268fc8535a6084e93b4af5d564dc0162c855a4daf0422647f805f3e71fd606f7cf9e0af55d610eee038a9b8a80f25fdff0765f5f850e7705e4d1246bc3f0baef6cbef8c1b3daa40a671d8343c4fa6f286d7b0fe
+PT = 
+AAD = 64533cfb8842b0df6c6901df6f0e26a924de049aacf7543ea9632464390d832de38a72d34524f6037d193ea1008f172e528c9e6b578d6631f662594014c85a1f71a2f38ee0a68d1d5bad008ab43127820e3ba7352552825a6a18
+CT = 
+Tag = 46e89fbaf516ad0e0f2dbb73f2e57c51
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 0ffe86fc130ae9daaa8adfba6435af803e7d87169b91a497
+IV = b75104fcbe6b8d292697a0132b2b5165dc2961ebdd34984b9d884ce69199ca52fafb159393c55e9f2f273ba49a9a94096be9f72931a7840d1d18224b6553606270169c693808d9765fc337f8f203c42f97174b65e813da9708bed0cca008b194173da1a0224727a5650e4555a32a6997168769ee05db135651e871e0e6261da2
+PT = 
+AAD = 1ece3ab177d3e12535e17ef94b486ea96b808f0416327c3f0e8ef23d2987092440e3b86cc37690dd8876da6e858bed9a1ffd211473bc9f5105b702d5e75a49caf6ad532ce9b65028577e6f95e5898c366bcc20c482fb6047cd93
+CT = 
+Tag = 6a52bdf0a184b5020e8bc4ab
+
+Count = 1
+Key = 41f14f23ffaf57f6e37b1dd64c4f36b3befac884d1f87273
+IV = 6d13c7213b8d1c962620f232d486577329d7ecffac4c893dfd809eb4bcd943a4c1037b84ea48a1e6e03b140cba9278f294d253eb6efc2f7be997b37c40d7eafae8dafd1f5d60c4755f22b2f76ace887e57560aab88b6262caf63d476f4d78e93ed4301b9ee9c3579943c773481564670b8f47e4179ab8e6aa1e0580e021622da
+PT = 
+AAD = 3d148728396a46e1b2ae7ba8c5cdbecaed49af0e47f16ec57e2e48b9d5c2d8bc10bdf2d47e03b4b2ebd59a740286fe78255cd3899e241b492b1ad681f3416665f8656cb31759b1d72e842367167725b5580e5026fa035ee4a5bf
+CT = 
+Tag = 7cecc4c65ba04f4f7511b60a
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 35ad467d420d512584e65c91d9230a357af61f5f0532ee5c
+IV = 21fa76492a603a90b14b6d43eed4cbdc66afdbbaa7cf5b0502184ac8af7cb9b02c9447c2c36e9ed131124144a6f07e5bdb3fe2195a48ed46495e5c5ce1e79d05e5b56b491535d05f07f83f3cfa8809d14e46a4571974b0fdb076f1ba9395360fc1ab7e9bd5672b67d0816e885e52bc13375fedc5b83e25a3318a5a9cfb960017
+PT = 65a86bf404221ec8c3bbb9a5e8a23473
+AAD = 73e5399c0275346f1d091ec0ffe151ff4a2e23ff
+CT = fda5498b95c8061e20469d83507cc466
+Tag = 59f376f641caa13eaccb108ca894c7d4
+
+Count = 1
+Key = 4a0d30d2db900a0d7674ca1223d75b2b6deaf28a26d8099e
+IV = f6331fb3517bba755884be9fd28134eaf2ab404e26ead74c5b74fa2eb62700bad2cc0b95f0eebcf0a116f3265a8dc4cc7a77dbf5f312e6092b3c17695e825923b0b7718ca9dd16885066dd6b3c17c0e0121a0ae8323d826597e0cb87c82595b154e07e29ff21d8ef2fe76e6051e5b3f8386289c7ed986d95a8a3960c494de9d3
+PT = 8136dcc2e28da27f1fbff5c8e0db39ab
+AAD = 7f41212f3195ae49e7297691b637945ca94e41aa
+CT = c0cc6628d00dde676907dc835f451d94
+Tag = 2fe5f224c32982610326f0c0147df5e2
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = ff5c4b14c3e0e2cd4131d3d38374f6dc6c88a69b31af3228
+IV = 08709ef9ae66c10aa63482bd2f9a53362bf2f16de46abab29b1c7227a0fe1a421a93dc0a2fd2d084f113e041519080f5c69e81ddd718e30647b7ba22234e358c5069430e5e3035c2d534828677f696a9e786270a00a1676393ac75bdd565de45dff3019f7ed7f318db78563de90bcb5172cbdd1d4e0429c8d298b1a24a627672
+PT = 529c0cc1b0fe42005f2e3c791086236c
+AAD = f58f5bc9e1ee1d8877265710cca6e1761d9b4787
+CT = abef1880aad86d50236b27c836368475
+Tag = 99faafee1306f767f80ecb8c
+
+Count = 1
+Key = 4af71e8331c1976e7a0f45e6833ceb97333da44ea0dcfce0
+IV = cd76a14d3708210049d50d81f11ba875709f2ce9c6e0622c03fff805f420cd36d661871e79b95cedb12cd1372a3d1e447ea2bb01874c158ead8fd53ec826cb7b5235f1a68a44db184047768b97a72ed4b8f8c3b2cee773035c6150559520142308b8fe94f654496f892e5c709fc2ba3d117882aeef939d6b78a95a3c86be17ca
+PT = fd43af8c7d7fc4467254af6d3c9fb11a
+AAD = 4f1912d4fbed7b636484c497712f2a43e11812ed
+CT = 73b388e2afcb13088a85b83e9036089c
+Tag = 73b4612018d2355c8ab723e0
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = d8a2c8bbac785f20003416804acaba3d51a293f41935641e
+IV = a13fd29fb79b4a078e1dd4568c67afe29003565cb864aa7e78b48765b98a4ffda3de8163de39e21fbf832f250f23d0e688f9afbc6fb16d89cfed8da4707b9bd2620fd4c4d0f2bbd1b38aa9e1e3d8148650bc746299e34d5f602f455c97213c777f50abb2c6aa500da5b5916a166f8050bb56a4922bb41a27bfd212792dd02bb7
+PT = 9413325bf2c0a3c23bbb70f547
+AAD = 
+CT = 9589c64389826275ce2641e9e9
+Tag = b797881186afabc8ca1c778b8c98c83e
+
+Count = 1
+Key = 1c2038718deaefbb7f8c5a68a71fafb10976b9849989aca1
+IV = 75022e4eed66c7f85449f7172f104ce9c8dea213a45d3ed887781b052132533557b4e081e501203b0340fc126af43ce5eafb10847025267b1246dcf440d0d498b9ace5dc56e99c18457f88c3f5a3de91c288d544e2a125289a6a3e8e427fe13956efd0a806b5a5332b2a7f52f9f37cbf72774cb778d5dd0309570c2cf8fa38f8
+PT = b6ae24192726d4d7efaf83017e
+AAD = 
+CT = f2966740d814c04af7274ec136
+Tag = 2398e809868ade75a653e0666b8159ee
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 74313bc39f67721c93d70f309ca70220888d72ed0ff7881e
+IV = a678dcfbd3c0fe13a1d42ccdb52b43a216b0d1bae77cc4f308eebdef82d41e6794e8dd3e7e9eb5bdf232ed92fd28c0d2f468cb7864284bfcbbd57308e7877061a2fe0c30c5167b8a431710d2b1aebd367891ce80198537fed3598dda9993147455dd08762aec3945cda7c92a1032935e998935c26619683b69b3251e5349a94b
+PT = 3cb0af03b36fc809bd9a53272f
+AAD = 
+CT = 41e1d4021b5bba4a0f51db95c8
+Tag = 53bce7c8d7c77b862639acca
+
+Count = 1
+Key = efb8b5cfdf28e111574a41987906d52df41dcf295ff24838
+IV = 0d9c27ce31ec8e8c0b4f5d2c40c4d50ae35864b1462d31fabfcfc754cf13b475855f99a228d5ca44a5b63fc45f56994124d1fcc86991865b9902c9cdca5bf9fc561c5fd2c5286fb1078b58cd67aa95f7959a5a9b2fc6e51ebf3653888e6ad4d5d3a0b0a2e50f993e3c2a518c24e486860a43ac642e555e83a098f19d43c7aa52
+PT = f44d68d4027fea1f0abf51d320
+AAD = 
+CT = cca2ff1abd31401a9570453d81
+Tag = 5689aa30537db65ba40d048f
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = c627afee48fe8ad98dc0aaaea2f5748e744bf811fbd70d79
+IV = 5f10f4b21d14dd1d0968118713220a7563f49a8da078721a57ca7f9205dba685458f2b108d302216ad51be03fe6c9da7b45de9b2b4122dfa97a9768bf1a05f0715e3f5503eafccd847c807a622aec5971c0738fc28691479424a41c50f118993b98fbe506db939512d6e97e5c540610ef64245815fe642d81edc303acf926ad1
+PT = e65af9e54a6cf6baeb15d4ed83
+AAD = 2bd7d3cd339460ddfc3563a8ca96a7913a4a97237d39b8850d39e0e5cf0f9522fa935ecfeba5f048cf77daa8970830e3e134aacac21698c1edb3e4d64b99c280f44afd49ef7e225d6e93d62ed4cee2ac4df28a0bdb01834401ca
+CT = 596068b16b580c8e67abc42d77
+Tag = ab8c04bf37eb1ffa6f846caae6d3256f
+
+Count = 1
+Key = 0206bc3fbe5b992bc2cc5cfcc3221e211fab814b4502623f
+IV = c43fdeadb42b470f8571e856fafc779e7ba769b301dd06caa58da8e66832e45d2b04c5241879d8d0408195694f052d7fc9463f6682520ad747dd6710284a006967afdec03dc494441b76bb1d8b9c646970ffabc143ac9652d6c10975018457f584ec2f5ca2c2f7a479dcb38adb5f9c6de55adda975527b93561e9ed478bf539d
+PT = a50529b69d8f5e7223e91408c7
+AAD = 467beeefa0f4e17f7fb5f530c3ffe48cb9fb8856d5e2faaf6e24265081653b8210d8023c1f010190ea62102255bc8f38242d2c7646d7cea27bda40018571733353cc9e0980c03000efbe199aaa68c55d191d42b733ec3d60e24a
+CT = a6ae169fbf992f93a67ba42c25
+Tag = a819feb82633a49ccfc4c0e1bf436060
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 77f631e41d5356a8313982802855376a2fc898cf553b57d2
+IV = 90ba972b0c868244a189642cae4f065100591db1faaf0c9485cca7c4c1d7ea0733984a83d5642cd581e6200f0b606b77152e4424959a3d61cbbbf1a8f05712e48edfd86475566cc04e592fd143c5aba6051bdfdbb5e44a3efedbad9dd35b246cfca22a73699e404f7770721d6c8fe40e1e1a8d3dd1c901308d23fe61f8c65a1f
+PT = 6c3c27ab3b6446101968cde87b
+AAD = d6b8e5c5b4d19a3e06028a8af2aea20bc0c94638af100a0289cbd5e54718b4f803d3da83edb415ed285ff8f39c57efe18b8e4e4cd02e86ff9187c3fc7bbaba03bb80a049638b2fd86006369ab48de3c45930b7b9ad780bf30695
+CT = 8fdc39969d24cf23b0c91caf48
+Tag = bf17fa3e070ba09250608d9f
+
+Count = 1
+Key = d0e6dbb1d302f0d96405db1b7660d9d0d4138087fbb2eb4f
+IV = 938c08f1c5423c7802e8e0425cfab47e891825492567e5ca0789ce871f2ea059db31fd8adfd225347244a20508f62c6da62a19bd5c5f1caa291aa0184caea7462a8fd3b443d95f87435b6df5b58acabaf196ad0f2a86253c6373ee36e8f0b5ed64a70c1185052c6aff332ec1e71ebff002c38946f1511abb92eedbd69b208671
+PT = a397565f1aa0dd09509039e7c7
+AAD = aae36ef18429798dd9a3dd177767a0dd37735a5014bed7612ab7a3b79f28e29270b066639e1a8c85411220c7ebc9be80bf7867d204c489fc85df1482aceda857b9d718a15ca1eeb2e1fd233bb2d2ade0afa0bb5b3087c354a3ef
+CT = ab07436a63bd6bf4647dd40a75
+Tag = bf95c460de66f3f799e4f08f
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 21083f3cf33e0e24ec60a2c3afdc45f92752bdb2cd450e35
+IV = f396349841fef65c7c9cff065999d783b9edf8b6ee839d98d9e413752e6986a896a964e93e3d68dd1c1aec1d31bf393e84a1d2df2cf22c29959f66345771148282322a9b47ed4d3a8038fe6d6a6ebc36880bf3abc336dee9394c920bc8b42a76667591e83d19ed715c23621568c8de81eb0d60531cb50d6358410d3c7ccb8d9b
+PT = fbdefe689a27a20132eefb256b6c3f63901357c4cd5c5d2067abfe998dab2564
+AAD = ebc7a472fa20ecec375c799fcb0fbd3ed9addf03
+CT = a08e95862ca659d992d20951096c04992a68cc7110f2da5b3bf5689ff4c9575b
+Tag = 9c387e0044f12f6a2746a177e5ea5d7a
+
+Count = 1
+Key = ab2c01521998679bac06355b45cde2b1d8cf69cd48483500
+IV = 923ed41f4bf087f341d78efe76019342fc83c0659eb6f2b8fa0668b527e3129525e5303b45b01d92eb0a27e52ccb680536554aa41ff41acbe8476cf03dee87363a9efbf910e50d2d141a7ef301161f13f143dcf4266068611b2aa2317df28e83b4f836268c1380c4c228d5f0cc0b161228caa360fbd2a01d9fceb33fe669dc83
+PT = 90ac6c25a77ec7ce019074f4a1607d3758a213e0e19c4f741a3ade5996a014e1
+AAD = 435b5fe83e006a35cf63c134bcc2497925bf4fbb
+CT = 9d6fee7c74888ab4f830301661dee8472027206cfa2efa243f6998a455b8eb54
+Tag = 4897a9e2029732d9b2afb26d7e2d260d
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 90a298de1164693511fa0c728eb519bdec83d29a74404f1b
+IV = 44ce332e34b5712cb35dbd0d35ca9b9b1fb5f26baaf51610a6d3f9d4f9dd1e21d6ed41a0ed7e929bfdb8771734f32385d9ec502608bddeb28dccf23d8b085e6b8aff95fcc671f80bf7b8bc2ece86ed92e0ad85ccdcd0b73d2e60b85f670f25abcf2b76b5f1098b540e7115af525ea731ec7dfdcc6d3f02a09bf29b885dc77392
+PT = b5d9e025ed538e795361e05339029c2da732c77e6cc1bd9426ffb467ef78d44c
+AAD = ff5cc7223bbc81e4ade756d156d92e653ae1ab37
+CT = 2b52bab5a26ac1f30acbc96dfc74d4e027d82917905da9017d7193dfa9207f40
+Tag = 6953de60cf69300babb08ad4
+
+Count = 1
+Key = 4ada4aa319ca480709f657ff8a1d21cdf7b75953c6fe75a2
+IV = 0abfee5f0b6d952e3287bd5cf13b8060ab26149f3d523aeb21387f2eb7c769bbf8a3da2e2f0fcdf78bddff582ee10656b015322376b28879e18023032eb553232ad87e1261c8f804ce500c2b2cfa9c896b26e66ae38e546e304ae9b11b15cf1ca456c7600b94571ac35c1b16c25fb835828c05a27d6424ab4c039f004e7c52d6
+PT = 7ac61800b6050d7bf74d000006c4912613812d69fc747378b473bb25fa3b9cbb
+AAD = d181d92fdd4192770bda8aec5f230df77e163019
+CT = 88f1cbf437427271b21686f1b03ff5f0015bb949399d194648b49f489310e92a
+Tag = e807dd76ce5c74c8b3e86ee7
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = cfac7149777aa3c7d0830c0c5e57177e6179810c0b0342a1
+IV = 33afa54bcfd3d860e21f39ae624e9341f13deb307333e0194379d3b5afc9c08a31a0f31d3cbb10cbf70fcb3a36958a341301a0626223955808ef22fd83f75eb85209c52eb61ea65fef26a2c22fbc50bd9750862370ebecde410218ee847aa5d39960f83079f660303f70cf2c6f243a362e4e54628b648b83fced420fe2ee136c
+PT = 691d74a228e2976e81e7c80d5b80f9a0d6c4cf2efac39bb26a124f0c4887736261209599dff61962937e51a0271d61ed2ff03c
+AAD = 
+CT = 145beb0d35cff0e22aed593552476dc4a282b77ee3332eacc99909ff563eadf2c456ea130a1d112876cf32e331f6ed8d7be86a
+Tag = bb9211eb2591a5d0db729d5dda312a01
+
+Count = 1
+Key = d7e8f81fabee45e547ed9a0a5f4e98ba0da186e194445fdc
+IV = 20368cfa8af2ed9a66edf75b8392adb76de8b4bdbf025e6efd7cfeb8a1bfbc6551772a12242f018d6c8d302edf5146045a3f170ec6a24086e2c28f4d2378db618249a154640dd200cbe4bebf33693ff2063eaaf73a6682779b8c4ffb4e43228ccbee778c687f2597f480c8ffd66976421db783037706a97d631004648272b33a
+PT = 81bde22fe31cb78b989b2c4aff300e4800039b021bfc4f2c7e2e6c4650edf6197119517b902987af6efd2527268a554261cd92
+AAD = 
+CT = 7744ed5adedfdf1dcbb84a33308a6b95592f333cd5b3375a072a97dda1e0375fb88a56f27c2f6f172fb895a1ccea9b13109428
+Tag = a570278048683ec498ca656458caf539
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 4a46966379d369a1139e110e13660c642de80f0f5b5fe64d
+IV = ab8431c880081cec58186d5c15d2e602dfae46089dde3c205b168ee12af2b0de52a0ff7ecb02ff5f1f332590aea64c5961f5dd3dbbb74475b4b1271b3ed5688bfbee2939af0f9a2865357d9c9c6212ae8c020a968aa50ed4ac0a037149634e892320c81af54c362c143dac06dfadaed532fd1dcfcc1f98ee2a2924d437e81dfc
+PT = c9f0386ce298995f479e2127ba66b253ae111b47d9375fa4140908edc9d2c3f9bbff64bad065af084755dac27b99f684850234
+AAD = 
+CT = dfd7923f5af4593c70a507b606a6d9f786de7205abe4a04a4ebec37fc4ecbe539710103e645a55d4e9bd98a2318d090da0c9bf
+Tag = c221234d2c30a389c4ef427a
+
+Count = 1
+Key = 6c7469efbfca5f8d4dcd7d5fe4c968bc0ad6e2ee18da5375
+IV = 01042cb4554fad9494f60394e41850140259cb1528d3fe3bb82c6d1161373266920f98a895f227055931aa0f5d233f3306ac6820dd8a419a4d75014d355dd2fdc0aa21fb714cf9649cdd7f5c86c3e60401820b4bf8f7e3a5fdb945f505b4980015a5b990f15fdaeb6d1d1cfc55f482445fd6e3b90ce37a3a3359d6f83891f9a1
+PT = 490d288f8e94bb9a822d98a2d13c5b588b3bc52b2e3afcf1b2e3fc9f68a2734fa1ac07218ad33568e766e974a06a546c964a4b
+AAD = 
+CT = 306c1a7a2dd0319997a2370b39b732d544dcf0d5af2e9c9f727244b46747b736b99a6150d86cb80b0846877a76f33cd0a04ad9
+Tag = 024a3fe589288487ab0db4a0
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 9dfffa5bcb2c5a5e9e2ca7e2dcaa474763ccc6978b0c2c17
+IV = 4407dd3b93339b7f67fbf0471b7da6870536e979b30e1b8dfc6f1d4620c842b885fc44f07e80bb3bf62ac6684fb989ab56246deeedd7607d7be12dc2f1f7b1e68e4e49560a9c297d58d9da241474c866164528ce022bd6e48ebe4f0c3a27824d269869d4579dd98263252167464bae1b2972c7f3f942578d6a2592083aa421b9
+PT = a39e9b9a53dde1751d54be6a0191eba32ab631b3b830b27e0ab2282c25769ea551dfab10133ac174a74e71b9a0ec8f2842c123
+AAD = b0a54df5cc522dbe273a7e4aa9c6fa6d01e2071418f596015b7c0252b54a039dfcb2424a37fe47b735d195f2ebfbb66e5695e4437eb07efdfb5162a688c0ce42345d29f64299fada69eef182d6d99f20b0825bcd88e318cf949c
+CT = 3d48d2551e0203bf9a9ee7ffc30bfd3f3043eb98476b5a349d469fc8105d8abed6f6256ddf15d8decfb60b63e3252474bf5e9f
+Tag = 897e580db5d905febaa0289276c82948
+
+Count = 1
+Key = b88d5bff0007ed8e7605ab63db5fd5019559fcca5ee1bd90
+IV = efe26a67f614e64db29e2bf0e4aa5c6641946a7a4fb680ca9bc745508f573393ba8e33c661e9e82cf6f695053056124d7065665f6451161782975d2439c45725aa23d9b1e6635127cd71cfbb8935c1a0e51b832c689b3ffac11d2f27829eb6bb1c3a362c1aa5a81975159b0c25a41ad69e466803db514b2c66f7125dd00d746e
+PT = 9deb9aa6a958ac1bcb602c1190c7099af003dbe6d68a17dcf9f825f528bb0fa827529109204697877cb6e18d9e89c55de76656
+AAD = 582f0c8353a67b3c8a6b630db3599d1e10e39407ba0fdb1152b7e031efc64ace179c2f04a2bec5cb89ea941c5d082e54ce991c3bb79a6506ea0e5a21ebfcae05e34004c2cc7113298721dea42732a32ac7fe8607eaa7ca288399
+CT = e97b930acd8c80c942602dc46b0f2417422a605938dce7c0b81e4423a7364641456ce0cdaccf8c29f846f902fe60adfae97d40
+Tag = 3dd41a503bcdc84cb3150d5f294eab25
+
+[Keylen = 192]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = d1a313e7fb5ef359bf15be1768a5115c438faea304a1f38e
+IV = 9982f5f37697c852e72bc5f35394a6dfe93f3c69a003f7bab79fc374eb468e895de9ff099daa67f0550b874d6751525257b30654d9a906fa7b6db3751ca644b76f9e69e840adb0c71e4d38ce3f6e30f4fa803b63ec01599cdc14302d8fcaf54955f5716d1cfc01eb56657c974a29db8216c387f26722884a2811bbd2150995e3
+PT = f58079099dd7daf50c4026ca1dcdd54516fa7f2a006c1a4304bfcb91c2e89640b770be994d6aad9354798813d6dfd94a34f6fd
+AAD = a0d218ea6a5b0d5c5b33eb14cae62f6dbaf1d7ab95febed797ff0b343fafbc1e2f7f5eb23ef9c49178eedcfc2dcd3257d3abc1a4acaad4cc1963e4ed88b29a3c63a093d8fa94b0e195487a5626c562ac25f99342894426e8fa11
+CT = ac1533fc24949acb34663130ef48bcdcd49d27970f5189afff1260b8956380ba2eb340c57cf333606bf2319d714c5bb642c29d
+Tag = d9a24547a8d0d0ca7831bd8a
+
+Count = 1
+Key = 307743ab87c72bb49e21b4caeeefef993fd9eb2022f3cf35
+IV = 808bf8e1cca359d981cae88061defc9bc1ec908094eddd215eb0d0d15572ddfc5a594373318a2942b92c09b059c04534a810e228cd12627e7448130a06639f0118aeac07fca7c6307c99a7c1d034a1d59bef214b594f6b872064230963042c7a21e69e9b3debce00e25c52a6dccb3c1bd2b0cc83c9f1a92f9787689b36e000aa
+PT = 3bfc3293e71fd528bb5c409d5033a728aab59ed928edfa27a1be82dc3c037d292697cbbecdf76179f43acca35e3726a1ccdd8f
+AAD = 2722174ead9b8e5af53a83e79eb4503d990351c9f97ec2b915ef37f39820b7e54616cc2c65c5980c8892950c8505c8cd9ce97cb8a41142605c3c22e432b3810f3e8b86d9527c02ed77ee0e541ddbb1aeb89834138a1d469ba36f
+CT = 9806371706c8d114edb6b09156213e45dac929bfc284b921f119a27b692cb55a3a7e38ba01f745d6a6b9bd2eccd36cf3db4389
+Tag = 3b9d490f661849542b360f00
+
diff --git a/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV256.rsp b/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV256.rsp
new file mode 100644
index 0000000..1b10fa8
--- /dev/null
+++ b/nss/cmd/pk11gcmtest/tests/gcmEncryptExtIV256.rsp
@@ -0,0 +1,1016 @@
+# CAVS 14.0
+# GCM Encrypt with keysize 256 test information
+# Generated on Fri Aug 31 11:26:26 2012
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = b52c505a37d78eda5dd34f20c22540ea1b58963cf8e5bf8ffa85f9f2492505b4
+IV = 516c33929df5a3284ff463d7
+PT = 
+AAD = 
+CT = 
+Tag = bdc1ac884d332457a1d2664f168c76f0
+
+Count = 1
+Key = 5fe0861cdc2690ce69b3658c7f26f8458eec1c9243c5ba0845305d897e96ca0f
+IV = 770ac1a5a3d476d5d96944a1
+PT = 
+AAD = 
+CT = 
+Tag = 196d691e1047093ca4b3d2ef4baba216
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 98ebf7a58db8b8371d9069171190063cc1fdc1927e49a3385f890d41a838619c
+IV = 3e6db953bd4e641de644e50a
+PT = 
+AAD = 
+CT = 
+Tag = 2fb9c3e41fff24ef07437c47
+
+Count = 1
+Key = 01946bea150b705b889dd1673c195dcfb5d51d21b865e88d06db376b2346619c
+IV = e28c1b8a48d2c7b968e6492d
+PT = 
+AAD = 
+CT = 
+Tag = 5950a325bb35de833f22fc2c
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 03ccb7dbc7b8425465c2c3fc39ed0593929ffd02a45ff583bd89b79c6f646fe9
+IV = fd119985533bd5520b301d12
+PT = 
+AAD = 98e68c10bf4b5ae62d434928fc6405147c6301417303ef3a703dcfd2c0c339a4d0a89bd29fe61fecf1066ab06d7a5c31a48ffbfed22f749b17e9bd0dc1c6f8fbd6fd4587184db964d5456132106d782338c3f117ec05229b0899
+CT = 
+Tag = cf54e7141349b66f248154427810c87a
+
+Count = 1
+Key = 57e112cd45f2c57ddb819ea651c206763163ef016ceead5c4eae40f2bbe0e4b4
+IV = 188022c2125d2b1fcf9e4769
+PT = 
+AAD = 09c8f445ce5b71465695f838c4bb2b00624a1c9185a3d552546d9d2ee4870007aaf3007008f8ae9affb7588b88d09a90e58b457f88f1e3752e3fb949ce378670b67a95f8cf7f5c7ceb650efd735dbc652cae06e546a5dbd861bd
+CT = 
+Tag = 9efcddfa0be21582a05749f4050d29fe
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 7cb746fbd70e929a8efa65d16b1aa8a37f5b4478edc686b3a9d31631d5bf114b
+IV = 2f007847f97273c353af2b18
+PT = 
+AAD = 17e84902ef33808d450f6d19b19fb3f863ca6c5476fa44105ab09a34ad530b9e606ebd606529b6d088a513fdf8948ae78f44aff67b6f2429effc126d3c5de8cc2ca8b9bf7a5b4417c0a8a4f90742637d73acfbb615cde7352463
+CT = 
+Tag = 44ecc2383ae85a8cbad1f1b0
+
+Count = 1
+Key = 1e421486993c6d187649e3a4437f24f128f8d542050e27489ecc7b96c40e2879
+IV = 8515ac5d1c518db2a9919917
+PT = 
+AAD = bac577d3857524b2c06c69d5036aa08e93daba80d42b50ed6020bb1605980ebba87f10ff23e689d24d39baa91d032b063ad46858bb14e6d3c072dca252bfc8706232628e2d07d655c732fb19bf2d246565fecada410059e5dd6f
+CT = 
+Tag = 4421837d371b1d66384e8e4d
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 83688deb4af8007f9b713b47cfa6c73e35ea7a3aa4ecdb414dded03bf7a0fd3a
+IV = 0b459724904e010a46901cf3
+PT = 33d893a2114ce06fc15d55e454cf90c3
+AAD = 794a14ccd178c8ebfd1379dc704c5e208f9d8424
+CT = cc66bee423e3fcd4c0865715e9586696
+Tag = 0fb291bd3dba94a1dfd8b286cfb97ac5
+
+Count = 1
+Key = 013f549af9ecc2ee0259d5fc2311059cb6f10f6cd6ced3b543babe7438a88251
+IV = e45e759a3bfe4b652dc66d5b
+PT = 79490d4d233ba594ece1142e310a9857
+AAD = b5fe530a5bafce7ae79b3c15471fa68334ab378e
+CT = 619443034e4437b893a45a4c89fad851
+Tag = 6da8a991b690ff6a442087a356f8e9e3
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 02168b4fdd00870a8f9f443e79ee379b676c3c383c60a027b435722ae41af284
+IV = 62bbebbc68e5423d27fe5d59
+PT = 08422dd3e9d87ef50a0c989a1088dc1e
+AAD = 4bcc4045752634c528fd9450e56c960ffafdc7fb
+CT = 9b46212802e81fe366efdb4e279bc9b7
+Tag = 7106445c3261652764102b1d
+
+Count = 1
+Key = 3b8b863e448d6bd3a35da4b0b22832c22aa1b3023ecce7e8c75c6361c99c71e9
+IV = f45d758aeee8462e062d1173
+PT = 9fca76a286d69c97cab27c5d3e206d17
+AAD = b86e829f9513f1074a274c7b1e87f17448924316
+CT = 1f29a7a5d1852db29a82cea6b9e9513e
+Tag = 9f83c34536fdeb6e1f856a06
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 82c4f12eeec3b2d3d157b0f992d292b237478d2cecc1d5f161389b97f999057a
+IV = 7b40b20f5f397177990ef2d1
+PT = 982a296ee1cd7086afad976945
+AAD = 
+CT = ec8e05a0471d6b43a59ca5335f
+Tag = 113ddeafc62373cac2f5951bb9165249
+
+Count = 1
+Key = db4340af2f835a6c6d7ea0ca9d83ca81ba02c29b7410f221cb6071114e393240
+IV = 40e438357dd80a85cac3349e
+PT = 8ddb3397bd42853193cb0f80c9
+AAD = 
+CT = b694118c85c41abf69e229cb0f
+Tag = c07f1b8aafbd152f697eb67f2a85fe45
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = ac046f942a82a9dd041e4aaf27ac23a0af57d5914b9fa00224fecf64342b3b55
+IV = 8aaeb1c35bfb3931d0e627cf
+PT = 77a0a4a594d8de616b86bab558
+AAD = 
+CT = 178b93024040a2d2327b80c9b5
+Tag = 87a0dc4660668d217cd98b99
+
+Count = 1
+Key = 33e430677ad547f3724556617aeee86b2efa975a17d0ec841c2e482b8f07003e
+IV = f92a93991e00bc87926c237e
+PT = b7f03ee138c2f0eae63c57f5ad
+AAD = 
+CT = 4d3e998ce18b64578d269f49aa
+Tag = e3bff83c3e4f8ab7369a36d6
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = ff9506b4d46ba54128876fadfcc673a4c927c618ea7d95cfcaa508cbc8f7fc66
+IV = 3742ad2208a0484345eee1be
+PT = 7fd0d6cadc92cad27bb2d7d8c8
+AAD = f1360a27fdc244be8739d85af6491c762a693aafe668c449515fdeeedb6a90aeee3891bbc8b69adc6a6426cb12fcdebc32c9f58c5259d128b91efa28620a3a9a0168b0ff5e76951cb41647ba4aa1f87fac0d97ac580e42cffc7e
+CT = bdb8346b28eb4d7226493611a6
+Tag = 7484d827b767647f44c7f94a39f8175c
+
+Count = 1
+Key = b65b7e27d552395f5f444f031d5118fb4fb226deb0ac4e82784b901accd43c51
+IV = 2493026855dd1c1da3af7b7e
+PT = 8adb36d2c2358e505b5d214ad0
+AAD = b78e31b1793c2b758494e9c8ae7d3cee6e3697d40ffba04d3c6cbe25e12eeea365d5a2e7b46c4245771b7b2eb2062a640e6090d9f81caf63207865bb4f2c4cf6af81898560e3aeaa521dcd2c336e0ec57faffef58683a72710b9
+CT = e9f19548d66ef3c16b711b89e2
+Tag = e7efc91bbf2026c3519010d65628e85f
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 512903e96ba584dbef3a6e702b0adb51fb3bb62e89d39fd5d2490ae6a4e80c88
+IV = 056ee9b8c34e3549661d36da
+PT = e13300959560f2aea376ab3e96
+AAD = 0918b88fc87e640212448e7a3574428f65ce7fb0ce77462ee1735b6d22cc6c7c06a39e04a0147faeaa46925092359032156a5a7105373692f7f8ace4e697d0c810092a3a584dfe43d35c94e22dafc169b5d931bba17e5eab3299
+CT = bc869e464531babc2d2e94fa1b
+Tag = e01c6c9c01c15efb9dbc6bfe
+
+Count = 1
+Key = 1c77b8523467066c955ab54fc0c6368fc8f006f10a0064eddf0461985fef5e48
+IV = 6f07f3e9a945bcf800f8aa73
+PT = 0de7ac05bc9bdb907801d5995f
+AAD = 0a7203c0015ee44b308a81f67fe9866ace543ab9cb8db6bd2ca649f9edea2ebdc9eb4c1a45658d3edd1a28cc489ceeb071f93f4936672ff249349e77e279a42ee2eced1945f997bd4e49c26d3b479a47f048db7fb2c177a5acb4
+CT = 31ec1a5171e552e3d4e86b75b5
+Tag = e96c680fe71c15fa0a890f8e
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 5853c020946b35f2c58ec427152b840420c40029636adcbb027471378cfdde0f
+IV = eec313dd07cc1b3e6b068a47
+PT = ce7458e56aef9061cb0c42ec2315565e6168f5a6249ffd31610b6d17ab64935e
+AAD = 1389b522c24a774181700553f0246bbabdd38d6f
+CT = eadc3b8766a77ded1a58cb727eca2a9790496c298654cda78febf0da16b6903b
+Tag = 3d49a5b32fde7eafcce90079217ffb57
+
+Count = 1
+Key = 5019ac0617fea10517a2a2714e6cd369c681be340c2a24611306edcd9d5c3928
+IV = fd1fa6b5cab9aa8d56418abb
+PT = 4349221f6647a906a47e64b5a7a1deb2f7caf5c3fef16f0b968d625bca363dca
+AAD = 953bcbd731a139c5de3a2b75e9ffa4f48018266a
+CT = dbce650508dab5f499767651ee734692f7b157341977692d2ca879799e8f54aa
+Tag = 20239e97e2db4985f07e271ba545bbbf
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = f1dbae7f4e6978de87ca7d950daf402e58155a325bd4dba03a2473307ba14ef0
+IV = 4c6d21dfdaad3e0888b0177a
+PT = a4bb48e22a91c52ec5e0f8df31abf7af2f2032b2e1dbc8ad73c32cbcb8ed47ee
+AAD = c9d79aba7ef84c2f726aba61bfd5d07d4fc2fb41
+CT = 36795e4a034c96d6f2009845ae8c20a6b5318b62b41634f26a9e96ded6ec6490
+Tag = 0158ce9cd418eac9239e2691
+
+Count = 1
+Key = c802e06537548a47961af80395e6b93507a77373dd1909f463ea96bbbec4387b
+IV = 3ebe1a5e536a75b62d0f3a5a
+PT = d223ab519246dcf030a702b94c7f0086de17157e2fc513f0187a846ee0de1bd9
+AAD = 9e1053cd270cf5f77acdb689ca3eca186b6c35d4
+CT = 2b164f137dae285b92d577fe97c7e9437314efbbcd826a0d7bb6495a30712d36
+Tag = d1a0339eef5c73d136a4547a
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 1fded32d5999de4a76e0f8082108823aef60417e1896cf4218a2fa90f632ec8a
+IV = 1f3afa4711e9474f32e70462
+PT = 06b2c75853df9aeb17befd33cea81c630b0fc53667ff45199c629c8e15dce41e530aa792f796b8138eeab2e86c7b7bee1d40b0
+AAD = 
+CT = 91fbd061ddc5a7fcc9513fcdfdc9c3a7c5d4d64cedf6a9c24ab8a77c36eefbf1c5dc00bc50121b96456c8cd8b6ff1f8b3e480f
+Tag = 30096d340f3d5c42d82a6f475def23eb
+
+Count = 1
+Key = b405ac89724f8b555bfee1eaa369cd854003e9fae415f28c5a199d4d6efc83d6
+IV = cec71a13b14c4d9bd024ef29
+PT = ab4fd35bef66addfd2856b3881ff2c74fdc09c82abe339f49736d69b2bd0a71a6b4fe8fc53f50f8b7d6d6d6138ab442c7f653f
+AAD = 
+CT = 69a079bca9a6a26707bbfa7fd83d5d091edc88a7f7ff08bd8656d8f2c92144ff23400fcb5c370b596ad6711f386e18f2629e76
+Tag = 6d2b7861a3c59ba5a3e3a11c92bb2b14
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 9b68ca2ae9e68c34442bcd965b9409e6de074149b50d3905455e5192594d2555
+IV = 00f6ebb531cae6d76f319aea
+PT = 9aa0d8f8f09dedb4698348649e00ef409a3593de90b419b05795faad3717aa02d2a9b0a0080f5dbc97bb48b1ae556b95bffbfe
+AAD = 
+CT = 10fffecadb350845281380fdeeb27879567436a077580384b98f0c839be169588ecb67883137ef8cead0b7a7b6882891ea24a7
+Tag = a6e6694aa52b8cdd7d656d13
+
+Count = 1
+Key = 2fb35b38e56aebb73aa22bb40388032ff9a19b5b42c800a3901d428934c7c4fb
+IV = 58b60cb613a8d7b780bb7a3a
+PT = 075de076d096c216f2b8e7f633fb130dd0026dea1ce263571c6c4e1067e10eda418d84a48ba5a540a8d24eb25f1bc0a4fc7356
+AAD = 
+CT = 3e90eab0c26cc0482362ab1ef46c9b27da387b73357be4bba16fef94c8513d8259eecaafef74f2bff7a0707078ebb08eb46f49
+Tag = fc71faf3f6dd8aec9435c2ab
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 148579a3cbca86d5520d66c0ec71ca5f7e41ba78e56dc6eebd566fed547fe691
+IV = b08a5ea1927499c6ecbfd4e0
+PT = 9d0b15fdf1bd595f91f8b3abc0f7dec927dfd4799935a1795d9ce00c9b879434420fe42c275a7cd7b39d638fb81ca52b49dc41
+AAD = e4f963f015ffbb99ee3349bbaf7e8e8e6c2a71c230a48f9d59860a29091d2747e01a5ca572347e247d25f56ba7ae8e05cde2be3c97931292c02370208ecd097ef692687fecf2f419d3200162a6480a57dad408a0dfeb492e2c5d
+CT = 2097e372950a5e9383c675e89eea1c314f999159f5611344b298cda45e62843716f215f82ee663919c64002a5c198d7878fd3f
+Tag = adbecdb0d5c2224d804d2886ff9a5760
+
+Count = 1
+Key = e49af19182faef0ebeeba9f2d3be044e77b1212358366e4ef59e008aebcd9788
+IV = e7f37d79a6a487a5a703edbb
+PT = 461cd0caf7427a3d44408d825ed719237272ecd503b9094d1f62c97d63ed83a0b50bdc804ffdd7991da7a5b6dcf48d4bcd2cbc
+AAD = 19a9a1cfc647346781bef51ed9070d05f99a0e0192a223c5cd2522dbdf97d9739dd39fb178ade3339e68774b058aa03e9a20a9a205bc05f32381df4d63396ef691fefd5a71b49a2ad82d5ea428778ca47ee1398792762413cff4
+CT = 32ca3588e3e56eb4c8301b009d8b84b8a900b2b88ca3c21944205e9dd7311757b51394ae90d8bb3807b471677614f4198af909
+Tag = 3e403d035c71d88f1be1a256c89ba6ad
+
+[Keylen = 256]
+[IVlen = 96]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 54a2e564d9796ba66e7e4f1456782f08a921b097dfb0f62302b02f0473c770ca
+IV = 9efca71be89b11b857c9cc80
+PT = 50205d7a3fcc71ebd386e48a421bcdaf3287cf78df1c10921fe85855ccc07a701623260d7992aa48103865402efa12b0cb8a71
+AAD = 3debc7ce4501dea63152206eb8ca2f8c41824a0d4e7f95488497eec76230bdab0663f22c0b94b17f077ae914d661710fe93756f48ac02d378abf49c129889fc4beb502f61cfd2374a76d979e45f4630fd2a3ca7d3fb3574c98b9
+CT = 4b41f4e02f7e71eab4dfd1b3b4457e0c0459a9581f550cb8766ebc2c30e26847d95ef3fc6cec5d1cf5cbe1720f6936307ed7b8
+Tag = ba9821b0d7f4327db5228640
+
+Count = 1
+Key = c90ca34c70d2a4107cd1d8bfad898a5098ae3b6b7cbc2ca328d929e8f89b7d6a
+IV = dd1173a2dd5b42307e4a2afb
+PT = a6af02602f3be4aa25a981b42b771fb0dc689670efa7d07f2de96cbf95b272b896de6e3e4d299c64b44c06d83d228a0cc2dcc5
+AAD = c6f7d27b4ddd0d590f7d8e870812f44b05679a306d28cc8eef3745420707058e137a0b27b74d43c27d6224660e65e02f44e1d82a727ec8c9b8839e3cb3a9b385c830bd3b3c3642e194d59bb0d060f23ae71c68db04a1bab8789e
+CT = 5183cce3f2e454ffdda54c0741af7049befc577ae302f7815c66718c4e47969490b1d15738879b11ddb967aa9593aadb7a47dc
+Tag = a19fd8aade208dab1aa60355
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 15a414466a7f90ea32bfd7f6e58bfa06e907fc416689d9603945d79454d42317
+IV = ab
+PT = 
+AAD = 6114601190f6ef5e59235dc0428c09e3270b19ea
+CT = 
+Tag = 196e0e010f0856f982b4089241d62484
+
+Count = 1
+Key = 4c0446f3aee1d362e79be6f3efd551e04e9fa9bd9f523abaebd769eb5e32838b
+IV = 3d
+PT = 
+AAD = e7090e4176fb1cc97e41fb717cb48c857f6e816c
+CT = 
+Tag = 59b6e2d9501ff685348de644f38db6e4
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 0]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = e3507fa3174b08c6928756d6a05024b934d4de7f3be2345d695f4cc698a9db9d
+IV = d4
+PT = 
+AAD = 62916c2aecb81bb0a0a081050543f73e4a3bdc48
+CT = 
+Tag = 0b48d5a739bf93e903a3e18d
+
+Count = 1
+Key = 7efb4419bbd839e0c20a485578c9702b26d84afcf869f0f15e106ee9a918f76b
+IV = d6
+PT = 
+AAD = a56cc54933bd418e2ec68724ba2b00c259f5c437
+CT = 
+Tag = fa9db7ad6fd8f2a5c917a4ba
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 9473c28f6e978eb15e1967b888282aa6b078d320034fe5f40f8bb68674f1ecda
+IV = 0a
+PT = 2d2e2798c10bcfcce742e92d3c390fef
+AAD = 
+CT = c4e5ab2c6a4316e57c6c37d2c2acb42c
+Tag = 03337df7e1e68d77706abef9edaf5e07
+
+Count = 1
+Key = 5d0483b705f4274576dae512aa386684163c43a233b00dd5630d738b36740ab4
+IV = de
+PT = 3a2c9865f8bc51beac45831aa1dfc40f
+AAD = 
+CT = cebeb4b572b32429b31d22108e3082f6
+Tag = 8fccb050a44b782a30629cd1e5360343
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 17c8b1da812da9d949f9e1148cc71a4c953a0123e815896cb99fc2eed77592ed
+IV = 72
+PT = becd302fa4af8f02ef37380304c3cf29
+AAD = 
+CT = 1529417a4d85108e5a27d63f96653f7f
+Tag = 9f45c0a02f7e021e76d950b4
+
+Count = 1
+Key = bb6141d9c635d887ff2fe05b203ae169a61fde9be2374b0d0ae88c575e14ddb3
+IV = 65
+PT = 352e53c99cbee6e05f5c6b435a3be75e
+AAD = 
+CT = eee20e9bf1ec9d8e088523f2346bfda6
+Tag = 1b263046df7af03856749976
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 36d59c857226d2cbc94c7087bf899be6087457cf7de9d526f18c60c9923909d4
+IV = 1a
+PT = 026bf225e7ba1c6843c5d457aa29fd3b
+AAD = 29551b354353a5c86a43d472a044aacc62f237e6a6a2f67c3f097822d69143a5af753e010b149cc1e0b98b2c6b1958a264f23110f4a4c7677971f4464508e7d8558f24f54a49aa66dad06f085f8b88a31238bc5de1753421dae4
+CT = acb208e476ebd8af21a227331325065f
+Tag = 07382df97d7b876e6088036f6caada93
+
+Count = 1
+Key = 4bc9afa3946764142dc0ada84ec54a0fed838ce8a583e79720025896c7f3f89a
+IV = 69
+PT = 1e23353ac08199341f0991ab1c4fcb1b
+AAD = ca888a8fed9c7514157b4925ab390f5e430869e796f5ea43f5ffbbadeccc044c086092ea903d7b1c5aff5ca874a19d31d6d7235aa9a9b95144a9fbc2b7578fe652ba254605dcc6e78d622eea659d30e2186d5530e9194591fa93
+CT = c7e76264fd0be05dd1882632fbec15af
+Tag = 65ceb846c56e3747dab3927543ed9112
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 128]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 4e804187d0269e07d544f7612334b83bd73fd56b0ece528c9a1a91a2859688de
+IV = 69
+PT = 17e84f04d4a3a04d52e143a204f25a66
+AAD = 877b0666701ddb706092cec4cd1a97279453e588c4b1178a8b1c51ecc16a093b58cd06e619a0f8bf291ab530e98b1222e0ef58d4350b9db89ba40e292529be6ebf528a37073c95cde63d3ffd07f77a7226182128649cc3f2b451
+CT = 484a8f015cf0e67d1363c90b664ebc49
+Tag = 3214d9cd4b325f5f2937ab08
+
+Count = 1
+Key = 684d485ebbd8a7fce6e2bf25b05fe094e3e19d2c9bba24c0fdc95663693734ec
+IV = d6
+PT = cc155f72a44423632cb2d648a8988655
+AAD = 46d1bfb7d3bb9112441b3498d318c24e0bb9f4c5c16a2161aa740d51640175f0dd5830b929181c06619c5f187bf211962e6131d0d4b1a84c391fc4b396ac8a310cd364856016458e171e4a0b00e21227d45bceaa0d1f27bf733c
+CT = 87cec29d8727c26b79c42d2c14826f14
+Tag = 32e7a44159eeee71fb0374d3
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = bfe5a8faf6791bda313a6026beb91d8e23274c79276e807e25d30aa00d440da7
+IV = 9d
+PT = 616dd54e73c0139712a0231788
+AAD = 6175a08f4c1604545ad9e6ec6354b69a63b034ee
+CT = 28032774bc8507df0226b8427b
+Tag = 1f8d71d8b66e9db9a7903d85e8fc113d
+
+Count = 1
+Key = b5217feca15d6fb24e83bf1894affb606461278b81aa116862cd2766209f91bb
+IV = 7b
+PT = 341e0cdf7a2dd4939e8b738fa1
+AAD = ee96b628b52c08946a448195dd358590d73b3a96
+CT = 42031cbdc3c44ba4d60f60c132
+Tag = ce2dba09bacbb58498b9e78bc301cea1
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 104]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = e19effe6d0b85106c7915ba4752dbf09c402e2e1bf884dbe36753c7213c01d2f
+IV = 11
+PT = 2c8d62fbffb609fdcca4588f1c
+AAD = 6b559301123c890a7a3b8ed17eb061de68027167
+CT = e8c87a07cd2448c8f1aceb60e7
+Tag = ca8a4ce354abcfb6622d9b65
+
+Count = 1
+Key = ad977d20322e802a90768a0778ee305ba0c3d0ff3f2691dbd8eab8fd5cbb8005
+IV = 91
+PT = 5ff217c0121ebca4cd0f97a4a2
+AAD = 0461f0a1e4fcda423f3804a860eb67c8f2497f9e
+CT = fcf1c6e3c41492f97822e7b72e
+Tag = 7a7ff132bed7dfde89a57eec
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = e9424e1a669d35d840654711977ee9e7019ac3594787b7d0d96c426b1f04d270
+IV = e9
+PT = e2b3a24d2daa6506c940787788e81840d440334aa4406ff3355535c72ec0bbcf
+AAD = 
+CT = d517c37fc5fcedb3c0fc823c12d923f1169d1f82e2ed7f5206d30a39cc04002c
+Tag = b7ee2d91e7c03c39c5eb5ddfb47fbbc6
+
+Count = 1
+Key = 7a4d36a4aa7cd89ed1aa317c6f00b0578e4bcfa5e25717eb1b4d2e98e518c90d
+IV = d6
+PT = 2178a3735555ec8865943b48857ddc7f66af674f8c3f0d34391bdd07c62b7b51
+AAD = 
+CT = ab806b78e8a545b9a12108626a13eb0907c869c30940a19befea4a5ce3a977e2
+Tag = 8a2402879bd775806a1f3ebb646af917
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 647f3ede88d1408d62756158a5ae78bb3636628b7c2c285bdf1b09c0f138db1b
+IV = 08
+PT = 9b2cf2a24b84b417840bb481460a65abe15546133c44f2029bdd05808fad481b
+AAD = 
+CT = 9512a66c3ad612d2da3fa344be710da0ebad5443bb40f589eeed2d80a9597c20
+Tag = 079a3c15e6965a81d5608f80
+
+Count = 1
+Key = 2bb52734fe0d830b30f60aef362bdf6133041d51b593a4be4dff8acd2cdf9f80
+IV = 25
+PT = 53630759aef425c4d7419b9ee7362898bcd6b62fe400d950934151670236385b
+AAD = 
+CT = 2ef4393051db7cd7663d151f3a81249c8f00ab44041732e571cca60c1a9fe387
+Tag = 4dee37251636fe8562dd9576
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 13fffb686c2bb85388cf72b416b2c8e335e3785cd838a1607d18d30bed302637
+IV = 40
+PT = fb4e75a21fc8ea570d1e63b64d49db3384693da83d72f0736611c329fad9df76
+AAD = 0b188bfd773dbe90470adf015a721bc4d78c870f9f3b2c7fd4182976cb6a29ce5075ad85da4df2aecc760d72eaf881d6b937b624edb94c9f303fee14ea8f07ef5ced8bd789989bf1e50d87598ca82e588e41e353845ab76388fa
+CT = bb093d01614046593bca8157731737386b80716a83dd9096763b1e435fe609ee
+Tag = 53b6680823f5f189756528d07f75cee8
+
+Count = 1
+Key = fab2d52c5a492beddb6897838c22bc87d772f92bb15a0648dfeaadd9b03250a5
+IV = 5f
+PT = e3b1687619175016f8bd12e90e3372729e2fe5a10196508d12728d8103541c3f
+AAD = aedc49fa3e96a9970e1e545187c7c00584304e360835f686b1c24e439935a2404a6e82428aa1e337bb972aa5091cbbfc9ed80747b13ed143eada99acceffd3bf2ead9bf9f50fa2f25f009b1fd8ff2ca52c47d11d451b11f227f7
+CT = 90eec63261822fc77d72b2fb353fb962b2a0e686705efd38b42108225c91ebde
+Tag = 649211b84e0339597f44b677990da87a
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 256]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 4889c5fbdfea46a1e409fb9f49aefe3eb6c62db82a5e010008860c619415ad95
+IV = dd
+PT = c60d33a9d24951e039393b3bdfa9896d321c61f06c67fad5a9817019e374a6ac
+AAD = 002ca3bf0674f66d79267112d8a634bdd577c93d93e8437296cfdc0efbf7229790c09020ff57f675c271e1d4b970e6f72a317ffcd73818946682956aae546a3d07ff89c079544a008ed3699a7cc905cf3a9cbbed58c9f982716d
+CT = f83c7f6b350ff2e8d74fd351de4f6458ef9d7e4a87fd718c6226c2560f0a0a34
+Tag = 56644b80bb5c77479d0c59a9
+
+Count = 1
+Key = 5446634d5b37000bb57cc0a10dc05ee95e5f3de49fff8d77a6322dc27a3845e8
+IV = 99
+PT = 397ebf84a7f6fff993fcfdaf6a9fd970bfea92903747cea3348eefa2f473250f
+AAD = 87e390806ae40df05e1dc29709e25aa341530376f59b2b57a70ebefaa3dc20bc3a5e119ac3d27b44c48157db59d923bcab7de0c5f9d92566902445f681ca7d17bdcecf6185635dd8a2833f57aac4b4587d718da3660699e9512b
+CT = d3c540a72fa0360bf56024e1d0c5dcf0b9b475468aa3562e18fd7265281dd320
+Tag = 525dee83aa8fc097610d2c76
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 05f714021372ae1c8d72c98e6307fbddb26ee27615860a9fb48ba4c3ea360a00
+IV = c0
+PT = ec3afbaa1447e47ce068bffb787bd0cadc9f0deceb11fa78e981271390578ae95891f26664b5e62d1fd5fd0d0767a54da5f86f
+AAD = faf9fa457a8e70ea709da28545f18f041351e8d5
+CT = c8c5816ba9e7e0d20820dc0064a519a277889f5ac9661c9882b5a9896fd12836c6721514e885b1d34f5e888d1d85abce8c2ebb
+Tag = 0856f211fade7d26d64478ca46025a3c
+
+Count = 1
+Key = 52ff61cdeea89e018cfd9ffa092bf6a6c65ae23068906197d5be812c3c528068
+IV = 19
+PT = 3fddaf6c6802762bc0fa6c1b9df695002bbdf6a58593bdc8769cba9613eaa278c8914890eeab538d841062dcbd9da8a914b240
+AAD = 92d03668ca836920c2f33b35ff1fbd4e75db37cd
+CT = 5e9402238bdef857d0f24557d7bf7dc510cfe829f9e531d47a412f6278db17910f5b3e5dd06349564cc0e5a594e5f8408950fc
+Tag = ebda8445616bbd86e0bb417129f37c4d
+
+[Keylen = 256]
+[IVlen = 8]
+[PTlen = 408]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 3748a659f137394eec71eaa99f430337a3564be6cb9f0cd5411e52e2ca3dcdd4
+IV = a1
+PT = c5339b37eae811c3542d1b4dce361ad1a713f31ef03b4f7dc7abb8e65c482c2f5418aa00a7630bab9725361ab5f2a92291dc27
+AAD = 20d51f379d1da2bad92c183ee5f2c0feca985761
+CT = e620061d01a5b4ad8004da6bb6ad101317c2964b30af8a94255fc7c72a988db3160acd64ba887229e8eeb5efcadc4fac9207dc
+Tag = 0258a8602b1183d2226d881d
+
+Count = 1
+Key = c353e766dbd82177a2a6757f453f6064a29487e696166be2c189611472e429d9
+IV = a3
+PT = e25497f7a6cec20d50e1c47fb731da72e7254adcb3bf15f3955daed35b5d556ed0d8cf5ff09d2067e17018c97bd99da756f34f
+AAD = 54b20969a0de9731e7bf0817f10ab78e9f460143
+CT = 700b7f74b177ec88f891a45e216f1bfea17eb2510a822e1f14ba2def2270884c0e60c9e541d11cdcea68d4d0033dc31bc43997
+Tag = 6cb266212f9ec4ec3afdeef7
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 88768354df414ce4097f4d357837116685beee0d93aab343576b893088256260
+IV = f649d375e4e896397a8a96cbb847fbf45cb54132c76baf814f4e35e9f7737f16d5cd710370f143612b46724bbdded2a26264b90a91f5ed425d08d317f49a56828fcfeb9ebe1bc53117bb4156c2e99d70b238dd9166cc05906719818022c75957d25ad9c36c93ce2626248c783e0207c35db74996f47d096c3cafe701a38154ce
+PT = 
+AAD = 
+CT = 
+Tag = 905b22cd3fe77645e6a217dd1f993ec4
+
+Count = 1
+Key = 612955ff2036dbfda8adbfaf9f2e005059bd447d7075dfbcd7045a9bf00c85fd
+IV = 0bbf745774e2d189e9bad6e7e4d2c7e8bfeece9b4eb95646d24611eed4337279ebb82006a5f4d893e7d2dab0a36f947e545b3c352c696c33d5be38e9bd21d86b65e9e7080f7aec65d9c33d0495b1535263eafb436de129559ed43767d2dd9472a7be3734d75694f92b86aa27b1427639666ccf74999dfb8f1358609ab22b44ac
+PT = 
+AAD = 
+CT = 
+Tag = e62310999f2bf9c2c147f824d94842d4
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 86257e34d3ad89c5193748d70b48b52f689c1d51aadf16da7a50cee4af23d2db
+IV = fb76508ac2b5d9213ced37300d9c314eb282d56765b86bf71bb40f8d26396c4c6f2d4534e007a2fd522042f84572262ac6147172ef616b56dea10708b3e0435ff298860c66755d1f29a56c999d34598597a86803e8a55e79a6bdf96febe03527a1c36d8a1462dfece3dc42bdac7e886d545841b5ce5ad69d9f7a3116eba2b75a
+PT = 
+AAD = 
+CT = 
+Tag = 4bc88ea39369606b4be682d9
+
+Count = 1
+Key = d6bda4783d126e522902b6def6e57b532885f43680437776ab1bbc9d05effe93
+IV = 30cf59bacc784cef70002a89850cbcd602d6f7a2020d9dbe5e98cd943f52e069936086bb79da4fc07030cac4263ed61a48f66c84174796d8e3157812c7e6848bfe37200de1944203abbf3aa7518be10e9baef09808dec73175a8a2b8d9b4e4478feb0267a94b7fa66775d3a41c7c1aab88651e78a91655a30a54d18bd4620f01
+PT = 
+AAD = 
+CT = 
+Tag = 43cf52565a8c60de783c9eac
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 48da1e2727bf6b0340965729d6dd40c4372ad42cca4abb56620e828db8cc9c9f
+IV = 8c3e8bac3f74310ea0621052c8cb0dcabc0c359d0f99dd7fe2e377a2b96379636180bf034ab3e253034db6200fcb4b8faa226573cb8c21a47560f1ae54de0d41f8582d340c1625c0dfdf67f8b2b47ce7dd9cc6bdc5763b8fefb5e974672498c52ba29d86ce4c97aae826d26abed823a8c4b0256e0aa7ec8ce76cee1962cd9407
+PT = 
+AAD = ac4f0dcfb9f238749799b856abcd240f9474b6a751aad3a7a68c1b0d6f46c5405a1a86eb5d1d2cc48f050ce0b0ff612603806165bb0d10905c9a83f68db9ead74de1fa7a8df31e835b8c7dfa4c582dc63ff4c341a34d46c12a49
+CT = 
+Tag = e33be1793ffd98e7e848026f2acb5ce6
+
+Count = 1
+Key = 36993103c028fce6a0265bf1b08e90180c395b18152175a5ceb49a0671aa16a9
+IV = daea82201d2cd6052237aa1f0e6b805c6c50309ca42fdbc898d2fb9ab6fabbfe93b97227f37cefc68645466ab73f8864c4f5d44a1827973aaacc4ae1af33a0d630f870b885b49dc4d342243541fd68bfb1d6669ad7e3c4853817c7a2b79698b68bf2c089b5c264b519ae4b24bfe68ca4317ffc880d477347ea1b0037ecd8a34b
+PT = 
+AAD = b8a37d98f8b0e8feb3f10f7a6b25abed25ebcc11639202ab58a6c8190b3515ef5a75f121152bca539c1375100d094bb9564753fb067d43c6006877d9355252697fd4de9e61ce4978b49ce4a7c29488f6d23488e5d972e1f1f334
+CT = 
+Tag = c283c76b44f45856d4523b2e4ba24cb7
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 0]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 47cdb45916328e904e72d58c1ba70f70f6e723b706baf347d0ec51d578a7a1c5
+IV = 489ba0fced23d3e5c2b34345c15e7e8baabe8f8555edf470f31fa6b524c35cfdb3c2b3473c1fa598ed1a3355e1d167cd20715421d2645b373c148310f89bd18f7061fd3e43b9f519e1716c6767dcad1497b70b10ff168f4061bb261f2788ea389c776b9beb6bd239c83dec34e25bed8ede5b7bca152eb2ee88679b8ac28d061f
+PT = 
+AAD = 99a5fe00e12cf8d41a3b9e6f02aa37ddf47ce9269ee3a126263518dd2d21e9c8eef18fd959d8accd14524b9132b6bfad30e9d7b5bcf9fd8f974690a8d011b62a66decc1e93abdb964859dac0b900cf2afc438f4df5dc8206b3b5
+CT = 
+Tag = bcaeac4b465b664ed70037d7
+
+Count = 1
+Key = 2abd350a67ed0a76e1ff8d495a8541298b303c167fec8fccb53634819283446d
+IV = b4c3276db1d5dddaf457458bc7ebaf5bdf7c46021e97a22b3456f94e18d8904b1f724a5b2f75ca1a2a63eaf3ecfc60386f3340a9babc574e8994e5a1b4d5b13294e28d4cca064f968571a189cd93fbd1ff0868c85a68279096fb1f71350affccf6fb745ccadd0dca8ce74e251cbe5cd45f978841ba453c8cc02d1fdecd2e17ee
+PT = 
+AAD = 60669cdec7231b0aa6034580ef0a3005102c12afcb39313958bb4fcfcfebb795f783e55aed5995ae1799bb8c9e0ac2d4a265cc80c99609927136947c8928ea738a0d2bc4ee90b9bab9cb2a3f6ff40778ca28e7b5941f3a23d81f
+CT = 
+Tag = f9c2b3b1cde2781d4b8db6f3
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 5dd8dba0e10083f034744fc78e2206174c7f4ba6141a2e2cd2cc161566f2146a
+IV = d9a8a708f3876e0f4c1a6debe5f07cfdf473eedaa83309cdcc6eba7582555b0c3901743e1bc226df7f82ccd878000b41119eb5dc7a56018c3145f58b0e24464eaa87a349476d1670a4d61ee1772400680cdced958a82b50dbb1c738a2253d546716e84199d5be025e892f5ad28c5ff70c00cf10429767bd0a8eac20dfe0fd047
+PT = 1f8db298fe8f5e87d07f7931666dfe0e
+AAD = a483fa97fbc5ff6e067faeaafc599d234e5430fa
+CT = 5c21a4c4302687d0d0cbc5e0e416ea48
+Tag = 611b5761f702322573f7ea669c09c915
+
+Count = 1
+Key = 97f01c55117c54e2abcb765c238ed58d1f9be9dc8f4bbcfbd7a5033ca8bfe0fa
+IV = 5e4295e99b99f908123fe869f262c180b183b5e9557e2c0831e24e7e3e80f56e2cbfae20f27d98f2f17e174befcdad4c2069b4d1a06c60a4ed6d84382f766094a333a05a7a3b944bd76a353223e9a54f5f8b371b5af7ef7c029e14b5108f1da256aea0d0cc11f16bede864bf713bd7351c5515c2e152ca3209ad9541eacf5b76
+PT = 3ed7316ddf5c09020b3ba0a672ec782b
+AAD = 57dbf4feb780bd47697708338339d21e1459d550
+CT = 080cd471f2ca88c1a6192ee7c09068d2
+Tag = e21d381c492898ac5f9585e79b94545c
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 128]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = 912a41b56aa5b576f030ab577116625fd531d9504ae58af8c3012977be4d782b
+IV = 0a3a3016309cab76034d79d21ee4a1eff74041306625c4e9531427107a5a8529c8a0a36badc7560fb10c6eaa8e73b63b5d1a1caaabbb0bd1b5901bc2d0e87478567a4db3255fdca0f734d4fcd007e2af8efaa475a9150c5d5b36e2d6140f1886be7f2bf449567318b07a732b059e078280282f535b6954906540017ebec62200
+PT = 4492f2314ebb91fbf4975a9e9d6725be
+AAD = 33e78263d53cd12d2ced5089a285beeed497e8b7
+CT = 69611143b4687989d56ee2b7e1c25ec2
+Tag = a84c74ba96c5da1d28b19322
+
+Count = 1
+Key = 58d79336c6e6d202c861b2feb5773283c599558cf229194b39068317c242f662
+IV = 5c5a5eaf97742e6b23516ebf6adb7612659d8d252b21e5883e75d871affd74fdd0d3ceefcae03772390def5d4e36eb2858ac5142fe6b225e942190c94160ec5cb56f04347cef8c9c4b5eb5c3fc04686fdce97807ce8aa34fc8b1aa6d6848ccbfc31c75a0e923de4f97a8db0570de4479c779db2c434cf5698a9efd65782098db
+PT = ffca23b7fc15b3d11adc8cff7e4bc72f
+AAD = 6f535ec49cb57178221f7e89fe88d5214c6b6472
+CT = 379b8ea2b39863499ab74772d88d234d
+Tag = be9d0b43d1fd3bf7816d9f27
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 3e15864a469f71587b27b21992db5e08c903e953849cc0b1bde55aad26544d65
+IV = a267a71a7c8e9d4b9bb987c40bea4603a5fa6defe45d6ebffa6ed5591ebe370605f087b5c9527b44276fde31cf4b13c31af7c07667a9a5a3d48f73785f638cd1a3aac6feb9be7e553539a37b0fd15297aa6cb50d298abae46af61e658038a710c5331824705edd41093d6d8a45b07f77030714b1c9b0f10faaa3d1017ac9eefd
+PT = 348cc1ee9335c5ba599ff433fc
+AAD = 
+CT = ecc16152c2e414a54f4b04df08
+Tag = 3990d6c836f9b373d57527afeca26f25
+
+Count = 1
+Key = 99c64392f2c03e7af0d9d6420dba62909d78ef2b411948e723204b107bbcaef0
+IV = 5df34c3b42a118c077f2d1c0ce1e30378b022cbc64803f25f98cb546af2b3deaaaf4df414f03a83d3aa060da9cd231753b304f3b5aa861c3bbc955ccfc3f01783d48b47f52c8139959ea1a75967d12228414f9d5781560acafbcb880676b06b9d2087f4cd91b0f9b642da10b7e28e47c974634b55438cced705e2c7e6d6edb39
+PT = 7919ab9a581eefc954eb9ca8cb
+AAD = 
+CT = d90dd76109c1070cbec418e37c
+Tag = c4e08d020a7304f8705c03f3f3b4c5e7
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = ebbd24d9f41d6cf8113cc0a9721f7b3f743d42981b278c817e4087e582b76871
+IV = e072d944c85afed3581ae90d0ad88a87526a21709960419158151cd4d22bb08572c41327d91c71c2c2c5d312f4dcbe3021e4314a44bedc41aae83327b4edd5d390bd9a578b52fd0e00622bbfb28d306a3f7ffd1b19ed901ff8acfe15cbaf2911901c360dce23f65bb7e92d10b15aad043a53aed9a83d18a79b0d9fa58c8b65b1
+PT = b5c487e38fc82e97c1bdf6565e
+AAD = 
+CT = 1e10ad3d3f37452506461ddb14
+Tag = 7adcefced869e6549b34e797
+
+Count = 1
+Key = 1adeff752457447dc3e77c3c16020ac9a3ea3dc54bfeb34f01f2da8b2eff35e8
+IV = 449d907c4b93f5fbf247461551b40a4a4339d83ee13278cd121454c5b6b5287532a904ed2628eb0356a8880b19536639d072abb40018f433a6191b7d65e48eb8122407a5a4a7a0260bf89b0ffc3f9cbda01783493689d0500dfc0942554ad4982e302ca8e539a171b1986692492fad0f5abcfc3dbf6d136e436761985d0246a2
+PT = a38da1661112803f6f38a8b20c
+AAD = 
+CT = 005f7a27f0329eacb32e03d3eb
+Tag = 17f6356f9167a9856a4d505f
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = e6857b9f9743a4ec1593d2bbc2b7ee0e370bef76f1da3b2bf5bcc53e5446832f
+IV = cf71f928e74343043dfd56f9121072fb12ba9ea73580384f99357eab690d16254e4cee2e8447959d16bbece8e2a0696de90ea7f3da1d6e8a436d04cdf51006fedcb76d8566af25788c3af2f9f57ac64b5a67c12ffc2e0ffd339256361a2f8fe3d4e12f7c79ae647f5272b2089c34e19fbf1860ed133f8e5dbde5b68982729b6c
+PT = fcbcaf2defeca871815ad7b842
+AAD = 527c1059da318d5f9c555cb47d7ec21492397fde2486f65ad20e6cbeec50b234ce5dddf8a2c7adc637e214e3c7fe8a5754ebdfc913ed6a24d5e1bce495af18bc4aca0377d0ce60bcc8d4c9a49b72cfff53e14e3dbf02229027e6
+CT = 905b3ac1ab9c4c1aadb2b14924
+Tag = bd13e616d5f08632ee066936ae7f064a
+
+Count = 1
+Key = 42df96cb9aac2e4a4842dd158010c64a4a94af844f739884b5e9c4beb86776fa
+IV = 9ee2b9d35cdc3bc1f23c1e9544c676a938b4ccb2e07dc183c6ad1f8e077cf58360787f0dcfe0b57ba1ba721ed154c3ef72106f0485c98198395676e60d7772af01c4daff556467cfd59951ece48de37b50ae42214cf1affaf3fccfbe32027777c4a5cf5ad588fd91b9de4de2d3d21c501a56878f418bff8f3fb797cc33ee0887
+PT = 0f09b13a8eb5b8ad006b2b2907
+AAD = 0cece2c2a74aa9c24ed7b17eba8c2628bebbb6bc77852760ecf9828fcdd414d103da6cc27ec7f60d167293ca44cd85ff47d004b0940846ea9a9c45edd2e46fbabe196a9eeded3cc27f86e75a7349665c5033c20da72489c42dfd
+CT = a18711585bf70b4c536cdbaf01
+Tag = 6549b35eaac2fd0294393630b040f471
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 104]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 6b663811d439b70c7d3e3a107c9a3fa540b541d9e40c38efef8f848cd5405155
+IV = 92357a6b5a5aa9823cb2cc01d56c2d41cf4fa55ba633358856edd32c1033a8e1f253e1a12c7bf23b4c450b75fac148602ebebc8f04fc0d9a14542e71253ae8c2592fbd3629d5ad6826c99147c2bd838be1997eb111faab3e64fd4a3a62ac314b175732e87fb769f3079d9340644c45b9cf7b4739b79d81fb1f301930ce313287
+PT = b8e50f3b715f897a77980defb3
+AAD = f3ecb53267e0ecf16f705bc0ea3ca43608a3d0bbee999f89a06f0492e01af184aaa83ef4f215654a3b474ee49f2feec8bdb49c7e5b90d568cbc94ece6ee5536e08c9cffc2478a199a8866714d9b25bce244c52d3a784151850de
+CT = f1b802d8db8cd5665b89f436b3
+Tag = e52e1edfda323636e22fcd8d
+
+Count = 1
+Key = 110f5ababaaa9034fe11f20877abde6418a3f40231434cc1bfcddf3f2d324aa9
+IV = 2bf6feb5331ea09b1fac1615d19f784bc0c71ae9e06eda2d2ecd2a42f6fc84ba092da28b5551b233cd3751aae31e4f04965936f9754e69e7c8a5d31b016b7d67f3eb6708821e8e83102e84f8b3bfd402685f79f023af3caad984df5e0a17f8962f974d2510d659f65340b4a566eec6b295aa01cd1fdb01f9566509ae74212da4
+PT = ace48b684f6d72ac75ad31d447
+AAD = b1d30c9e0e0f2d1161623341e499ae2fabbafbcd314fb95b88223063db082796954829504d118a17220fb07be2cd13e88b1aa7689960cf4ac1f53f70cd9df3d7879b178a12135ddfa1f2b42af8d9fb16302037e257431ceb77c7
+CT = 53c8d8fe5d96c0c33919d3f3d3
+Tag = b5b848627797ce1733b542c9
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 128]
+
+Count = 0
+Key = 60faa64f4d9d51c3bad34a88a9d9ac1dc7845f2bd812ac769aa41fecb308364b
+IV = 0594cdab53529f6660a29945d6293e0038b54aa4e4cb93419776ba05b81d1c40288919511a48e08b9881ab01f79131d2f529da22c1e84b3a2ad2c2c74224cd5cfb18528f935df0b89e1c86c66aaa0c5c4aeb3b92ee578a2cd33c0d7d1b894f6b8ff4e5a52feadf32259d38b0f96be015ab974f79361ee507e1801716bbb51ec6
+PT = dd582e9bcc0c011ef6ae8ff92ed6f256d22cf8f4ef36fd92d0038b992b7fbd0a
+AAD = f3bf508d3e8782d5440a395324760686dfb02b11
+CT = ec354a69fb7f6c82e8a927774e914059bf6d702a578bc7acce8e9135d9308ccc
+Tag = ede691d21ed2da19dd0f049dd65ef741
+
+Count = 1
+Key = 6d28663c8e64a6862cab8891e17c1550fd90072d529559e6aeeb5008d3ae1538
+IV = 06f6f610407c055022c65f3fded31d8ad0fa4632f10cf53acb98ed4e3c422d7ea2f5820393783af736e4c814d47491e23cffefc01a24e285352162f95659a9a46fb0ae4a949c24bc0134c6cb715452c635614cf5d066d992f5874b305cd8e5fd6f01e91c7c2fd8820802e4c02f4e9c2a3b8545a1c7bb767709f2548c62632f1f
+PT = a611fa7c52dcb5fcb45df4e8105d441c19fd251e82229330e599391b70e20910
+AAD = 9d0b84c48a67df3f6b4c03c50245d56761f52b3d
+CT = 056de51a59ea543647ad345b87007826f35a559c18f450e6fc2b97d17028c170
+Tag = 819462412a1f1d90c0c3e4cb938eeb20
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 256]
+[AADlen = 160]
+[Taglen = 96]
+
+Count = 0
+Key = f845afd1e1227d9d347d72a22a858a5f406fdac07d63c44695ed8bbe0049785d
+IV = af69ee4adc06c33a85c1bb064c1687ad350fb49ca0a631cf4952364f9c8372f4eef93ddc068ad48c67113836064c3a6ee63a07ed8bd9482160375c3230d741c57a566100a423b4e20b625eb9304cad4616caeb14720f1ea9fdad92bd8057503e1d5c053f59f2bd327402c931129e3d35a4458bd03ac29a6e2d4fc373fe484b4d
+PT = ccfdb0d5d23009c53dc8e1ebd396410fa49175538d8c75f33452875c31b63896
+AAD = 7ccceb075a5a3074244898721f5cb341357a9380
+CT = 9991dbf2f99b429e51840250872a30ec8ece2cd2daaef32bcca2bd3f3ada9b3b
+Tag = 4f2d69d839445335024b877d
+
+Count = 1
+Key = 905cbf9cc91724e3e748d316adc2d1e33d3214a73c82156625e660c9f521fa18
+IV = 481cbcccc7132fd20c85bdc32f9e90c4c72735b32f56c4cc77f6a31327f992f60898149e2760eedd837c88c7441291bc4544d03f990a777ead6502f016970c99a82944eb4814cc3116336b8464e2547a2f66c347c9ccb1e84403538dbec7822417cb2c356e8609e41262d91ff6cdb9000dba28edb857b7bfc501e93e4abf2391
+PT = f01fe7bd439c6386ff4ca74d98d39424cc65ac071b79a422802528f02fe403fb
+AAD = d26ec1985da6172aa29d010981f6ca8e4b250a40
+CT = 32469f1189261e54e3040252813ed6df1cf9a7b059b410b9bac3a20b96423c7f
+Tag = 05e015e47dc4983a2725868f
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 128]
+
+Count = 0
+Key = 816458a5bdf7f937653d1bc1c79699c0e3291f03b3f6be8c76cfb92fd544d227
+IV = ee87abc85bc736b6e59b02eb36955c05cb2a0ffcc5d34091843a54ca0abedcb59ed215ca3ae3835fc42c3832cc6623dc6d07cb48198366d471a3a06f4ce93ebec04e2f0ea6aa92f07c4b21624b3aa3202279b95c19e94c3c3ec79a8310e7401e5b4548bd2a1e69b948f2c3b34c9c4e1154f4f0d287aeeab8388097a0cb9b1104
+PT = 61645d5f857d11756fc43f5fd7bdd003079a58a42287345e7c744dd88faf25154d02911f2b22e61408732ab4bdbec2e9b9d942
+AAD = 
+CT = 213cccac331229abd621eef68d632cb09bff705f8b02173d24a5038d89d287520ff26619a2ddccdca89fc254aa17856c27cb26
+Tag = 814dcb36d10ba5803c311a54d34735f6
+
+Count = 1
+Key = d4c4e275fd0b49c4871f5f121b12285bac6fe3e3244e526692efb4716284a252
+IV = cab8883fda9e546de3cc902303b7baab2ad4b928c6db226860183a0ff1c17578e2126b26f2e8e2534247a393284eba75b8b88d7b17d5b3aa7de213ea032ed52ebb8f3a35089dd69b1172b89af54df51337f4762c874d85988ec15fface23fb267dab17996a70fbb22c7a768d9f90af382639f8f40856ca92bd7d50e54821b669
+PT = 4f9ec23520b8a70e5d2edbabd0702bcd8aa3e5fcf99117ea50739309bae248bdb48c1bc65aa3d0225a76b561ea5ad28f85c6ea
+AAD = 
+CT = 4948fb1aefa17f56965778e65ddca703eaa6104cd9b6a8af176fcec5d73c8cf30d4653155c6c0bf7a17f3cf7ce7d4195e8b4db
+Tag = e980633d6f986ff59f9836c22e5c0d29
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 0]
+[Taglen = 96]
+
+Count = 0
+Key = 8c814a3705493e84583f1606717ef947f4e4497d5b4edd005887f25e64166655
+IV = 75b1b4df237efdff9af9b357c10728bd3cd163b21afdb09a8e3b993544b617b91e4b296d8a1dc6a979fb644c0cffa1c992371e7d3a9d5171fbb812ae056b82b7eb4746d4278981554b45b0a1c408793b50a88d02d088a2655a1aba830ce7392356725b65d8232e2678fdb08c6e60de46b3cf264dca8e1b1bd2f9cce287d0ca31
+PT = f454dafcf1af7db02b8abbcd02c08e90e93260f0c25079cd85270d5b8f6361bcbc495a35c8d12609130406b3db210dcfe2281e
+AAD = 
+CT = dcd6032609f10db88b1d5873ca1e9c8f53813bc236775811cb916fee3429fe6ae14b739ee47bd5f188a74f2c24603208ac190c
+Tag = 0fea60a5171d4c5e63807d68
+
+Count = 1
+Key = c8209f0cb2faf8f3b916203acb69601edc18e0457c0ee60fb04751daa34965dd
+IV = a66cfa1f52091d288927f579f8b7682b3b2792ef12379f389751ccfad0ec2b31bb41fa1188f9ef8994eb532a5d8ec86a66aefa58fe7a696569473e9526439498f12e5c9b3de1c16ae8509f6c08655d70077c17a4aad724726cb72c6878e0dc23b9f4c54d7a60e4ae436980736d0b8ff0c6c99a03141edc30b6116a0c0148a1bf
+PT = ee4e601b8b6319d73cf20b15b90cfb74c4552ee164c9e66ff0f4b2d617e006ee55ce02dadad54809e431d12a2b6c6e24f0fc80
+AAD = 
+CT = 99413cc2c04e0916e6ca79cd0a4ee4d9cb4d9427ecb9621569bbb7598834494309b0c30805de239075ff5f3b160ee53b2f78ef
+Tag = a001127ef0668e23d231e747
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 128]
+
+Count = 0
+Key = 65b7171b55b22edd711a076f2eb6a125e873993e8d54564cd62d03c665cd6374
+IV = 54d118d32a56138f04212684b1e47c5d6808c128996e1d6ebf739ef9ff138aac1181fcde820a5f68749e1fed791314c73c54169aee5556bf206998d95432719fc9ffe22fbbc4925f32774d31e075393c0907e27c3f40da02c424b402eff596f6300b881b8f561d5ae4535a1fa9d4bafe86dd6751b0da245ae7b74ddcc3f5033c
+PT = 0521e41d827d6104ecdab1f8e7fb70cd8abca87500ecd36e65906194327b1b61014fd310f4e1bf7d5bf356a5d731c0d0d47c7e
+AAD = 4a3b04decbec0a549666e87036e78433b896270792e7932810c38eb063139ade6a4befd4dfdb38d53cdb95accbdee7ad5478c3bc55a21226c2b0fa79fe7c30262fa5383de3d3b45e951d7ef955f3a18b9689783898bedb66f0b8
+CT = 2ecf7a3a35abb50d212588c2ef50880212b53c052738767c9ea215709208afae6e94acd68980207bf63382495be1acde784b92
+Tag = 49563e12797eefbee2fd75a1e844869b
+
+Count = 1
+Key = e175c46cb437fd92fbb91ef33b9c92545368a3068ab22ae48e97cb05c84231f5
+IV = 9ecac402b7342c2d55849b1068562ac78b2626e3346393b6587372afbac81cd7c13cf6dc3a479d61b9fc530b243ad80dd5516ea9b0c550b61fec571712cde93fa5265fb9a7f92eba7f846940e053a62324f002118867173490ccdbb04df41ca8e2c2c79f5ced7a815ab60e2b058f98e26c2a57424c02b923bea76bca75fc0d3a
+PT = d115a6e65ba9fb4435c059e675bedb73e28447e315727390f38c618e434e7056d2b92a53822e6b04dd3c71c274c1c00360f887
+AAD = 89d72ae1054e1b863d7188f462325d04d3a4afb2839a6c1d292d61c60980744b654fa2ac384cea33cdc5736395a606bc5be4e6ee9c0cb6c3e7b21eee8f599d773881ecce3c6ecca395cfbf226e3f36629f01d7fced0152dceec9
+CT = c66a5c6900a9c132b2375129841df87238c88f1c59278c22126f1a59c0018f6526d1745dce387d23aebfa66aab1c153d3d0e1d
+Tag = b56663e0d82c0363b999864ea3d65bc4
+
+[Keylen = 256]
+[IVlen = 1024]
+[PTlen = 408]
+[AADlen = 720]
+[Taglen = 96]
+
+Count = 0
+Key = 5f99cb75b5ee893151124c3c7c84311634c3f7b6af54a7acae102d960e993fc3
+IV = c8172405064313e1b584b468f045b487de1ed8174977b210f5d0b108752fa7b1b9adbd9f4df16b2a5b71f3c08a8e52fca080a70a5346f028911c5c3b9ca575ae2a1085a7dbe29b1e916bb0f48ecb61cca2c5525bef4e47931aac6782a09c9636f782a843a54d3ad8ab94b9535d67452e6f62abd8cf100c35d3cae8de9813a753
+PT = b1d2930b1540edd6bd0cb0df6e3250ea256b7539d6f47edf3a39f884aff850fc57571122e8278c1bdd5d56afa6f6747c09bedc
+AAD = e54240d7849a9f25741e899ae5526fc7fb8c8d66240cca78fbed553f9acb25344776e21f181dac6ea040ec3db31baf8791c74de0ca1cabbcf2ce087c26a61eec02371ef664fc179debae153b0f0778891a86ad09bf0e5fce641b
+CT = 0d73e28b9a1e27ed98f91b3a92b56531b0ece1db8ae2da4bad0e5bfb57867f27e66a510e3319bc0435b02cb563d8b041e7c836
+Tag = 5c6f64fea8c5cc7ef0fefd22
+
+Count = 1
+Key = bd8aec99ac04efe8ad86cf568e7a04c30a40bc675592aaba600f7a81884fad90
+IV = d6dea1c6f60a97423cef9c0151bcbff106b97aeaf5b1a5cfe93064cf1837386fbf18c1db9db5a6ebe77ac439ed5a3bfd5a7e7c75fe34371f37d5fdcc951c4d88186bea008f59e25f57d2ca403a3f3f5a76a4dc26fff56eaba58f36c62767250e384ecda4d2ee343e73d3584026177fdacff165db3f646e4df3b8c7f8930d05a5
+PT = 43776395457cd567f3694c8fb85a277d279062e84b7482b0addce541fd7e20afd16b2eb6ce84c9553e24c1b79c59f0b3288a7a
+AAD = d8dd2239b5f1baf7c25a88f3d33621dbd45827d80984c399e7a3042b4f665c454cdace7cfa084c333de5b520069cc1055d6050e955ce94f9afdc92ff5b9c3d183b406b179aa5800bc703879092a0160e8d8518636d05c07bec25
+CT = 108ff952eed143c439b7aba5dcf835f2386b54c80dd6c53c3e88fc07773a67b782115dab9f8356090fb1036c3e87102852f633
+Tag = 025b98721a1d31a1e55fdab0
+
diff --git a/nss/cmd/pk11mode/Makefile b/nss/cmd/pk11mode/Makefile
new file mode 100755
index 0000000..e9cbcac
--- /dev/null
+++ b/nss/cmd/pk11mode/Makefile
@@ -0,0 +1,65 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
+	$(NULL)
+
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/pk11mode/manifest.mn b/nss/cmd/pk11mode/manifest.mn
new file mode 100644
index 0000000..ed205cd
--- /dev/null
+++ b/nss/cmd/pk11mode/manifest.mn
@@ -0,0 +1,16 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+EXPORTS =
+
+CSRCS = pk11mode.c
+
+PROGRAM = pk11mode
+
+REQUIRES = seccmd
diff --git a/nss/cmd/pk11mode/pk11mode.c b/nss/cmd/pk11mode/pk11mode.c
new file mode 100644
index 0000000..2f1fa37
--- /dev/null
+++ b/nss/cmd/pk11mode/pk11mode.c
@@ -0,0 +1,5387 @@
+/*
+ * pk11mode.c - Test FIPS or NONFIPS Modes for the NSS PKCS11 api.
+ *              The goal of this program is to test every function
+ *              entry point of the PKCS11 api at least once.
+ *              To test in FIPS mode: pk11mode
+ *              To test in NONFIPS mode: pk11mode -n
+ *              usage: pk11mode -h
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
+#include <unistd.h>
+#include <sys/wait.h>
+#else
+#ifndef NO_FORK_CHECK
+#define NO_FORK_CHECK
+#endif
+#endif
+
+#ifdef _WIN32
+#include <windows.h>
+#define LIB_NAME "softokn3.dll"
+#endif
+#include "prlink.h"
+#include "prprf.h"
+#include "plgetopt.h"
+#include "prenv.h"
+
+#include "pk11table.h"
+
+#define NUM_ELEM(array) (sizeof(array) / sizeof(array[0]))
+
+#ifndef NULL_PTR
+#define NULL_PTR 0
+#endif
+
+/* Returns constant error string for "CRV".
+ * Returns "unknown error" if errNum is unknown.
+ */
+const char *
+PKM_CK_RVtoStr(CK_RV errNum)
+{
+    const char *err;
+
+    err = getName(errNum, ConstResult);
+
+    if (err)
+        return err;
+
+    return "unknown error";
+}
+
+#include "pkcs11p.h"
+
+typedef struct CK_C_INITIALIZE_ARGS_NSS {
+    CK_CREATEMUTEX CreateMutex;
+    CK_DESTROYMUTEX DestroyMutex;
+    CK_LOCKMUTEX LockMutex;
+    CK_UNLOCKMUTEX UnlockMutex;
+    CK_FLAGS flags;
+    /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
+     * a reserved field. NSS needs a way to pass instance-specific information
+     * to the library (like where to find its config files, etc). This
+     * information is usually provided by the installer and passed uninterpreted
+     * by NSS to the library, though NSS does know the specifics of the softoken
+     * version of this parameter. Most compliant PKCS#11 modules expect this
+     * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
+     * C_Initialize if Library parameters is supplied. */
+    CK_CHAR_PTR *LibraryParameters;
+    /* This field is only present if the LibraryParameters is not NULL. It must
+     * be NULL in all cases */
+    CK_VOID_PTR pReserved;
+} CK_C_INITIALIZE_ARGS_NSS;
+
+#include "pkcs11u.h"
+
+#define MAX_SIG_SZ 128
+#define MAX_CIPHER_SZ 128
+#define MAX_DATA_SZ 64
+#define MAX_DIGEST_SZ 64
+#define HMAC_MAX_LENGTH 64
+#define FIPSMODE 0
+#define NONFIPSMODE 1
+#define HYBRIDMODE 2
+#define NOMODE 3
+int MODE = FIPSMODE;
+
+CK_BBOOL true = CK_TRUE;
+CK_BBOOL false = CK_FALSE;
+static const CK_BYTE PLAINTEXT[] = { "Firefox  Rules!" };
+static const CK_BYTE PLAINTEXT_PAD[] =
+    { "Firefox and thunderbird rule the world!" };
+CK_ULONG NUMTESTS = 0;
+
+static const char *slotFlagName[] = {
+    "CKF_TOKEN_PRESENT",
+    "CKF_REMOVABLE_DEVICE",
+    "CKF_HW_SLOT",
+    "unknown token flag 0x00000008",
+    "unknown token flag 0x00000010",
+    "unknown token flag 0x00000020",
+    "unknown token flag 0x00000040",
+    "unknown token flag 0x00000080",
+    "unknown token flag 0x00000100",
+    "unknown token flag 0x00000200",
+    "unknown token flag 0x00000400",
+    "unknown token flag 0x00000800",
+    "unknown token flag 0x00001000",
+    "unknown token flag 0x00002000",
+    "unknown token flag 0x00004000",
+    "unknown token flag 0x00008000"
+    "unknown token flag 0x00010000",
+    "unknown token flag 0x00020000",
+    "unknown token flag 0x00040000",
+    "unknown token flag 0x00080000",
+    "unknown token flag 0x00100000",
+    "unknown token flag 0x00200000",
+    "unknown token flag 0x00400000",
+    "unknown token flag 0x00800000"
+    "unknown token flag 0x01000000",
+    "unknown token flag 0x02000000",
+    "unknown token flag 0x04000000",
+    "unknown token flag 0x08000000",
+    "unknown token flag 0x10000000",
+    "unknown token flag 0x20000000",
+    "unknown token flag 0x40000000",
+    "unknown token flag 0x80000000"
+};
+
+static const char *tokenFlagName[] = {
+    "CKF_PKM_RNG",
+    "CKF_WRITE_PROTECTED",
+    "CKF_LOGIN_REQUIRED",
+    "CKF_USER_PIN_INITIALIZED",
+    "unknown token flag 0x00000010",
+    "CKF_RESTORE_KEY_NOT_NEEDED",
+    "CKF_CLOCK_ON_TOKEN",
+    "unknown token flag 0x00000080",
+    "CKF_PROTECTED_AUTHENTICATION_PATH",
+    "CKF_DUAL_CRYPTO_OPERATIONS",
+    "CKF_TOKEN_INITIALIZED",
+    "CKF_SECONDARY_AUTHENTICATION",
+    "unknown token flag 0x00001000",
+    "unknown token flag 0x00002000",
+    "unknown token flag 0x00004000",
+    "unknown token flag 0x00008000",
+    "CKF_USER_PIN_COUNT_LOW",
+    "CKF_USER_PIN_FINAL_TRY",
+    "CKF_USER_PIN_LOCKED",
+    "CKF_USER_PIN_TO_BE_CHANGED",
+    "CKF_SO_PIN_COUNT_LOW",
+    "CKF_SO_PIN_FINAL_TRY",
+    "CKF_SO_PIN_LOCKED",
+    "CKF_SO_PIN_TO_BE_CHANGED",
+    "unknown token flag 0x01000000",
+    "unknown token flag 0x02000000",
+    "unknown token flag 0x04000000",
+    "unknown token flag 0x08000000",
+    "unknown token flag 0x10000000",
+    "unknown token flag 0x20000000",
+    "unknown token flag 0x40000000",
+    "unknown token flag 0x80000000"
+};
+
+static const unsigned char TLSClientRandom[] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0d, 0x90, 0xbb, 0x5e, 0xc6, 0xe1, 0x3f, 0x71,
+    0x0a, 0xa2, 0x70, 0x5a, 0x4f, 0xbc, 0x3f, 0x0d
+};
+static const unsigned char TLSServerRandom[] = {
+    0x00, 0x00, 0x1d, 0x4a, 0x7a, 0x0a, 0xa5, 0x01,
+    0x8e, 0x79, 0x72, 0xde, 0x9e, 0x2f, 0x8a, 0x0d,
+    0xed, 0xb2, 0x5d, 0xf1, 0x14, 0xc2, 0xc6, 0x66,
+    0x95, 0x86, 0xb0, 0x0d, 0x87, 0x2a, 0x2a, 0xc9
+};
+
+typedef enum {
+    CORRECT,
+    BOGUS_CLIENT_RANDOM,
+    BOGUS_CLIENT_RANDOM_LEN,
+    BOGUS_SERVER_RANDOM,
+    BOGUS_SERVER_RANDOM_LEN
+} enum_random_t;
+
+void
+dumpToHash64(const unsigned char *buf, unsigned int bufLen)
+{
+    unsigned int i;
+    for (i = 0; i < bufLen; i += 8) {
+        if (i % 32 == 0)
+            printf("\n");
+        printf(" 0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,0x%02x,",
+               buf[i], buf[i + 1], buf[i + 2], buf[i + 3],
+               buf[i + 4], buf[i + 5], buf[i + 6], buf[i + 7]);
+    }
+    printf("\n");
+}
+
+#ifdef _WIN32
+HMODULE hModule;
+#else
+PRLibrary *lib;
+#endif
+
+/*
+* All api that belongs to pk11mode.c layer start with the prefix PKM_
+*/
+void PKM_LogIt(const char *fmt, ...);
+void PKM_Error(const char *fmt, ...);
+CK_SLOT_ID *PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
+                            CK_ULONG slotID);
+CK_RV PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID);
+CK_RV PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
+                      CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                      CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
+                    CK_SLOT_ID *pSlotList, CK_ULONG slotID);
+CK_RV PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
+              CK_ULONG slotID);
+CK_RV PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
+                       CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                       CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
+                    CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
+                    CK_ULONG slotID, CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+                     CK_C_INITIALIZE_ARGS_NSS *initArgs);
+CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
+                         CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                         CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
+                                CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                                CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
+                           CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                           CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
+                          CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                          CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
+                         CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
+                         CK_ATTRIBUTE_PTR expected_attrs,
+                         CK_ULONG expected_attrs_count);
+CK_RV PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList,
+                    CK_SESSION_HANDLE hSession, CK_MECHANISM_TYPE mechType,
+                    CK_FLAGS flags, CK_BBOOL check_sizes,
+                    CK_ULONG minkeysize, CK_ULONG maxkeysize);
+CK_RV PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
+                             CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                             CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+                             CK_MECHANISM_TYPE mechType, enum_random_t rnd);
+CK_RV PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
+                             CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                             CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+                             CK_MECHANISM_TYPE mechType,
+                             enum_random_t rnd);
+CK_RV PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
+                   CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                   CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen);
+CK_RV PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
+                       CK_SESSION_HANDLE hRwSession,
+                       CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
+                       CK_MECHANISM *sigMech, CK_OBJECT_HANDLE secretKey,
+                       CK_MECHANISM *cryptMech,
+                       const CK_BYTE *pData, CK_ULONG pDataLen);
+CK_RV PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
+                         CK_SESSION_HANDLE hSession,
+                         CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
+                         CK_OBJECT_HANDLE hSecKeyDigest,
+                         CK_MECHANISM *digestMech,
+                         const CK_BYTE *pData, CK_ULONG pDataLen);
+CK_RV PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
+                     CK_SESSION_HANDLE hRwSession,
+                     CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
+                     CK_MECHANISM *signMech, const CK_BYTE *pData,
+                     CK_ULONG dataLen);
+CK_RV PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
+                      CK_SESSION_HANDLE hSession,
+                      CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
+                      const CK_BYTE *pData, CK_ULONG dataLen);
+CK_RV PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
+               CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
+               const CK_BYTE *pData, CK_ULONG pDataLen);
+CK_RV PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
+                 CK_SESSION_HANDLE hRwSession,
+                 CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
+                 const CK_BYTE *pData, CK_ULONG pDataLen);
+CK_RV PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
+                     CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hPublicKey,
+                     CK_OBJECT_HANDLE hPrivateKey,
+                     CK_MECHANISM *wrapMechanism,
+                     CK_OBJECT_HANDLE hSecretKey,
+                     CK_ATTRIBUTE *sKeyTemplate,
+                     CK_ULONG skeyTempSize);
+CK_RV PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
+                           CK_SESSION_HANDLE hSession,
+                           CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
+                           CK_MECHANISM *signMech, const CK_BYTE *pData,
+                           CK_ULONG pDataLen);
+CK_RV PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
+                    PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs);
+
+void PKM_Help();
+void PKM_CheckPath(char *string);
+char *PKM_FilePasswd(char *pwFile);
+static PRBool verbose = PR_FALSE;
+
+int
+main(int argc, char **argv)
+{
+    CK_C_GetFunctionList pC_GetFunctionList;
+    CK_FUNCTION_LIST_PTR pFunctionList;
+    CK_RV crv = CKR_OK;
+    CK_C_INITIALIZE_ARGS_NSS initArgs;
+    CK_SLOT_ID *pSlotList = NULL;
+    CK_TOKEN_INFO tokenInfo;
+    CK_ULONG slotID = 0; /* slotID == 0 for FIPSMODE */
+
+    CK_UTF8CHAR *pwd = NULL;
+    CK_ULONG pwdLen = 0;
+    char *moduleSpec = NULL;
+    char *configDir = NULL;
+    char *dbPrefix = NULL;
+    char *disableUnload = NULL;
+    PRBool doForkTests = PR_TRUE;
+
+    PLOptStatus os;
+    PLOptState *opt = PL_CreateOptState(argc, argv, "nvhf:Fd:p:");
+    while (PL_OPT_EOL != (os = PL_GetNextOpt(opt))) {
+        if (PL_OPT_BAD == os)
+            continue;
+        switch (opt->option) {
+            case 'F': /* disable fork tests */
+                doForkTests = PR_FALSE;
+                break;
+            case 'n': /* non fips mode */
+                MODE = NONFIPSMODE;
+                slotID = 1;
+                break;
+            case 'f': /* password file */
+                pwd = (CK_UTF8CHAR *)PKM_FilePasswd((char *)opt->value);
+                if (!pwd)
+                    PKM_Help();
+                break;
+            case 'd': /* opt_CertDir */
+                if (!opt->value)
+                    PKM_Help();
+                configDir = strdup(opt->value);
+                PKM_CheckPath(configDir);
+                break;
+            case 'p': /* opt_DBPrefix */
+                if (!opt->value)
+                    PKM_Help();
+                dbPrefix = strdup(opt->value);
+                break;
+            case 'v':
+                verbose = PR_TRUE;
+                break;
+            case 'h': /* help message */
+            default:
+                PKM_Help();
+                break;
+        }
+    }
+    PL_DestroyOptState(opt);
+
+    if (!pwd) {
+        pwd = (CK_UTF8CHAR *)strdup("1Mozilla");
+    }
+    pwdLen = strlen((const char *)pwd);
+    if (!configDir) {
+        configDir = strdup(".");
+    }
+    if (!dbPrefix) {
+        dbPrefix = strdup("");
+    }
+
+    if (doForkTests) {
+        /* first, try to fork without softoken loaded to make sure
+         * everything is OK */
+        crv = PKM_ForkCheck(123, NULL, PR_FALSE, NULL);
+        if (crv != CKR_OK)
+            goto cleanup;
+    }
+
+#ifdef _WIN32
+    hModule = LoadLibrary(LIB_NAME);
+    if (hModule == NULL) {
+        PKM_Error("cannot load %s\n", LIB_NAME);
+        goto cleanup;
+    }
+    if (MODE == FIPSMODE) {
+        /* FIPS mode == FC_GetFunctionList */
+        pC_GetFunctionList = (CK_C_GetFunctionList)
+            GetProcAddress(hModule, "FC_GetFunctionList");
+    } else {
+        /* NON FIPS mode  == C_GetFunctionList */
+        pC_GetFunctionList = (CK_C_GetFunctionList)
+            GetProcAddress(hModule, "C_GetFunctionList");
+    }
+    if (pC_GetFunctionList == NULL) {
+        PKM_Error("cannot load %s\n", LIB_NAME);
+        goto cleanup;
+    }
+#else
+    {
+        char *libname = NULL;
+        /* Get the platform-dependent library name of the NSS cryptographic module */
+        libname = PR_GetLibraryName(NULL, "softokn3");
+        assert(libname != NULL);
+        lib = PR_LoadLibrary(libname);
+        assert(lib != NULL);
+        PR_FreeLibraryName(libname);
+    }
+    if (MODE == FIPSMODE) {
+        pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+                                                                         "FC_GetFunctionList");
+        assert(pC_GetFunctionList != NULL);
+        slotID = 0;
+    } else {
+        pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+                                                                         "C_GetFunctionList");
+        assert(pC_GetFunctionList != NULL);
+        slotID = 1;
+    }
+#endif
+
+    if (MODE == FIPSMODE) {
+        printf("Loaded FC_GetFunctionList for FIPS MODE; slotID %d \n",
+               (int)slotID);
+    } else {
+        printf("loaded C_GetFunctionList for NON FIPS MODE; slotID %d \n",
+               (int)slotID);
+    }
+
+    crv = (*pC_GetFunctionList)(&pFunctionList);
+    assert(crv == CKR_OK);
+
+    if (doForkTests) {
+        /* now, try to fork with softoken loaded, but not initialized */
+        crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
+                            PR_TRUE, NULL);
+        if (crv != CKR_OK)
+            goto cleanup;
+    }
+
+    initArgs.CreateMutex = NULL;
+    initArgs.DestroyMutex = NULL;
+    initArgs.LockMutex = NULL;
+    initArgs.UnlockMutex = NULL;
+    initArgs.flags = CKF_OS_LOCKING_OK;
+    moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
+                             "keyPrefix='%s' secmod='secmod.db' flags= ",
+                             configDir, dbPrefix, dbPrefix);
+    initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
+    initArgs.pReserved = NULL;
+
+    /*DebugBreak();*/
+    /* FIPSMODE invokes FC_Initialize as pFunctionList->C_Initialize */
+    /* NSS cryptographic module library initialization for the FIPS  */
+    /* Approved mode when FC_Initialize is envoked will perfom       */
+    /* software integrity test, and power-up self-tests before       */
+    /* FC_Initialize returns                                         */
+    crv = pFunctionList->C_Initialize(&initArgs);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Initialize succeeded\n");
+    } else {
+        PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    if (doForkTests) {
+        /* Disable core on fork for this test, since we are testing the
+         * pathological case, and if enabled, the child process would dump
+         * core in C_GetTokenInfo .
+         * We can still differentiate the correct from incorrect behavior
+         * by the PKCS#11 return code.
+         */
+        /* try to fork with softoken both loaded and initialized */
+        crv = PKM_ForkCheck(CKR_DEVICE_ERROR, pFunctionList, PR_FALSE, NULL);
+        if (crv != CKR_OK)
+            goto cleanup;
+    }
+
+    if (doForkTests) {
+        /* In this next test, we fork and try to re-initialize softoken in
+         * the child. This should now work because softoken has the ability
+         * to hard reset.
+         */
+        /* try to fork with softoken both loaded and initialized */
+        crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
+        if (crv != CKR_OK)
+            goto cleanup;
+    }
+
+    crv = PKM_ShowInfo(pFunctionList, slotID);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_ShowInfo succeeded\n");
+    } else {
+        PKM_Error("PKM_ShowInfo failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    pSlotList = PKM_GetSlotList(pFunctionList, slotID);
+    if (pSlotList == NULL) {
+        PKM_Error("PKM_GetSlotList failed with \n");
+        goto cleanup;
+    }
+    crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GetTokenInfo succeeded\n\n");
+    } else {
+        PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    if (!(tokenInfo.flags & CKF_USER_PIN_INITIALIZED)) {
+        PKM_LogIt("Initing PW for DB\n");
+        crv = PKM_InitPWforDB(pFunctionList, pSlotList, slotID,
+                              pwd, pwdLen);
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_InitPWforDB succeeded\n\n");
+        } else {
+            PKM_Error("PKM_InitPWforDB failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            goto cleanup;
+        }
+    } else {
+        PKM_LogIt("using existing DB\n");
+    }
+
+    /* general mechanism by token */
+    crv = PKM_Mechanism(pFunctionList, pSlotList, slotID);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_Mechanism succeeded\n\n");
+    } else {
+        PKM_Error("PKM_Mechanism failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    /* RNG example without Login */
+    crv = PKM_RNG(pFunctionList, pSlotList, slotID);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_RNG succeeded\n\n");
+    } else {
+        PKM_Error("PKM_RNG failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    crv = PKM_SessionLogin(pFunctionList, pSlotList, slotID,
+                           pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_SessionLogin succeeded\n\n");
+    } else {
+        PKM_Error("PKM_SessionLogin failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    /*
+     * PKM_KeyTest creates RSA,DSA public keys
+     * and AES, DES3 secret keys.
+     * then does digest, hmac, encrypt/decrypt, signing operations.
+     */
+    crv = PKM_KeyTests(pFunctionList, pSlotList, slotID,
+                       pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_KeyTests succeeded\n\n");
+    } else {
+        PKM_Error("PKM_KeyTest failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    crv = PKM_SecretKey(pFunctionList, pSlotList, slotID, pwd,
+                        pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_SecretKey succeeded\n\n");
+    } else {
+        PKM_Error("PKM_SecretKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    crv = PKM_PublicKey(pFunctionList, pSlotList, slotID,
+                        pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_PublicKey succeeded\n\n");
+    } else {
+        PKM_Error("PKM_PublicKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = PKM_OperationalState(pFunctionList, pSlotList, slotID,
+                               pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_OperationalState succeeded\n\n");
+    } else {
+        PKM_Error("PKM_OperationalState failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = PKM_MultiObjectManagement(pFunctionList, pSlotList, slotID,
+                                    pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_MultiObjectManagement succeeded\n\n");
+    } else {
+        PKM_Error("PKM_MultiObjectManagement failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = PKM_LegacyFunctions(pFunctionList, pSlotList, slotID,
+                              pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_LegacyFunctions succeeded\n\n");
+    } else {
+        PKM_Error("PKM_LegacyFunctions failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = PKM_TLSKeyAndMacDerive(pFunctionList, pSlotList, slotID,
+                                 pwd, pwdLen,
+                                 CKM_TLS_KEY_AND_MAC_DERIVE, CORRECT);
+
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_TLSKeyAndMacDerive succeeded\n\n");
+    } else {
+        PKM_Error("PKM_TLSKeyAndMacDerive failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
+                                 pwd, pwdLen,
+                                 CKM_TLS_MASTER_KEY_DERIVE,
+                                 CORRECT);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
+    } else {
+        PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = PKM_TLSMasterKeyDerive(pFunctionList, pSlotList, slotID,
+                                 pwd, pwdLen,
+                                 CKM_TLS_MASTER_KEY_DERIVE_DH,
+                                 CORRECT);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_TLSMasterKeyDerive succeeded\n\n");
+    } else {
+        PKM_Error("PKM_TLSMasterKeyDerive failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = PKM_FindAllObjects(pFunctionList, pSlotList, slotID,
+                             pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_FindAllObjects succeeded\n\n");
+    } else {
+        PKM_Error("PKM_FindAllObjects failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+    crv = pFunctionList->C_Finalize(NULL);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Finalize succeeded\n");
+    } else {
+        PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    if (doForkTests) {
+        /* try to fork with softoken still loaded, but de-initialized */
+        crv = PKM_ForkCheck(CKR_CRYPTOKI_NOT_INITIALIZED, pFunctionList,
+                            PR_TRUE, NULL);
+        if (crv != CKR_OK)
+            goto cleanup;
+    }
+
+    free(pSlotList);
+
+    /* demonstrate how an application can be in Hybrid mode */
+    /* PKM_HybridMode shows how to switch between NONFIPS */
+    /* mode to FIPS mode */
+
+    PKM_LogIt("Testing Hybrid mode \n");
+    crv = PKM_HybridMode(pwd, pwdLen, &initArgs);
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_HybridMode succeeded\n");
+    } else {
+        PKM_Error("PKM_HybridMode failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        goto cleanup;
+    }
+
+    if (doForkTests) {
+        /* testing one more C_Initialize / C_Finalize to exercise getpid()
+         * fork check code */
+        crv = pFunctionList->C_Initialize(&initArgs);
+        if (crv == CKR_OK) {
+            PKM_LogIt("C_Initialize succeeded\n");
+        } else {
+            PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            goto cleanup;
+        }
+        crv = pFunctionList->C_Finalize(NULL);
+        if (crv == CKR_OK) {
+            PKM_LogIt("C_Finalize succeeded\n");
+        } else {
+            PKM_Error("C_Finalize failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            goto cleanup;
+        }
+        /* try to C_Initialize / C_Finalize in child. This should succeed */
+        crv = PKM_ForkCheck(CKR_OK, pFunctionList, PR_TRUE, &initArgs);
+    }
+
+    PKM_LogIt("unloading NSS PKCS # 11 softoken and exiting\n");
+
+cleanup:
+
+    if (pwd) {
+        free(pwd);
+    }
+    if (configDir) {
+        free(configDir);
+    }
+    if (dbPrefix) {
+        free(dbPrefix);
+    }
+    if (moduleSpec) {
+        PR_smprintf_free(moduleSpec);
+    }
+
+#ifdef _WIN32
+    FreeLibrary(hModule);
+#else
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+    if (!disableUnload) {
+        PR_UnloadLibrary(lib);
+    }
+#endif
+    if (CKR_OK == crv && doForkTests && !disableUnload) {
+        /* try to fork with softoken both de-initialized and unloaded */
+        crv = PKM_ForkCheck(123, NULL, PR_TRUE, NULL);
+    }
+
+    printf("**** Total number of TESTS ran in %s is %d. ****\n",
+           ((MODE == FIPSMODE) ? "FIPS MODE" : "NON FIPS MODE"), (int)NUMTESTS);
+    if (CKR_OK == crv) {
+        printf("**** ALL TESTS PASSED ****\n");
+    }
+
+    return crv;
+}
+
+/*
+*  PKM_KeyTests
+*
+*
+*/
+
+CK_RV
+PKM_KeyTests(CK_FUNCTION_LIST_PTR pFunctionList,
+             CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+             CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+    CK_SESSION_HANDLE hRwSession;
+
+    CK_RV crv = CKR_OK;
+
+    /*** DSA Key ***/
+    CK_MECHANISM dsaParamGenMech;
+    CK_ULONG primeBits = 1024;
+    CK_ATTRIBUTE dsaParamGenTemplate[1];
+    CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
+    CK_BYTE DSA_P[128];
+    CK_BYTE DSA_Q[20];
+    CK_BYTE DSA_G[128];
+    CK_MECHANISM dsaKeyPairGenMech;
+    CK_ATTRIBUTE dsaPubKeyTemplate[5];
+    CK_ATTRIBUTE dsaPrivKeyTemplate[5];
+    CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
+    CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
+
+    /**** RSA Key ***/
+    CK_KEY_TYPE rsatype = CKK_RSA;
+    CK_MECHANISM rsaKeyPairGenMech;
+    CK_BYTE subject[] = { "RSA Private Key" };
+    CK_ULONG modulusBits = 1024;
+    CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 };
+    CK_BYTE id[] = { "RSA123" };
+    CK_ATTRIBUTE rsaPubKeyTemplate[9];
+    CK_ATTRIBUTE rsaPrivKeyTemplate[11];
+    CK_OBJECT_HANDLE hRSApubKey = CK_INVALID_HANDLE;
+    CK_OBJECT_HANDLE hRSAprivKey = CK_INVALID_HANDLE;
+
+    /*** AES Key ***/
+    CK_MECHANISM sAESKeyMech = {
+        CKM_AES_KEY_GEN, NULL, 0
+    };
+    CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyAESType = CKK_AES;
+    CK_UTF8CHAR AESlabel[] = "An AES secret key object";
+    CK_ULONG AESvalueLen = 32;
+    CK_ATTRIBUTE sAESKeyTemplate[9];
+    CK_OBJECT_HANDLE hAESSecKey;
+
+    /*** DES3 Key ***/
+    CK_KEY_TYPE keyDES3Type = CKK_DES3;
+    CK_UTF8CHAR DES3label[] = "An Triple DES secret key object";
+    CK_ULONG DES3valueLen = 56;
+    CK_MECHANISM sDES3KeyGenMechanism = {
+        CKM_DES3_KEY_GEN, NULL, 0
+    };
+    CK_ATTRIBUTE sDES3KeyTemplate[9];
+    CK_OBJECT_HANDLE hDES3SecKey;
+
+    CK_MECHANISM dsaWithSha1Mech = {
+        CKM_DSA_SHA1, NULL, 0
+    };
+
+    CK_BYTE IV[16];
+    CK_MECHANISM mech_DES3_CBC;
+    CK_MECHANISM mech_DES3_CBC_PAD;
+    CK_MECHANISM mech_AES_CBC_PAD;
+    CK_MECHANISM mech_AES_CBC;
+    struct mech_str {
+        CK_ULONG mechanism;
+        const char *mechanismStr;
+    };
+
+    typedef struct mech_str mech_str;
+
+    mech_str digestMechs[] = {
+        { CKM_SHA_1, "CKM_SHA_1 " },
+        { CKM_SHA224, "CKM_SHA224" },
+        { CKM_SHA256, "CKM_SHA256" },
+        { CKM_SHA384, "CKM_SHA384" },
+        { CKM_SHA512, "CKM_SHA512" }
+    };
+    mech_str hmacMechs[] = {
+        { CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC" },
+        { CKM_SHA224_HMAC, "CKM_SHA224_HMAC" },
+        { CKM_SHA256_HMAC, "CKM_SHA256_HMAC" },
+        { CKM_SHA384_HMAC, "CKM_SHA384_HMAC" },
+        { CKM_SHA512_HMAC, "CKM_SHA512_HMAC" }
+    };
+    mech_str sigRSAMechs[] = {
+        { CKM_SHA1_RSA_PKCS, "CKM_SHA1_RSA_PKCS" },
+        { CKM_SHA224_RSA_PKCS, "CKM_SHA224_RSA_PKCS" },
+        { CKM_SHA256_RSA_PKCS, "CKM_SHA256_RSA_PKCS" },
+        { CKM_SHA384_RSA_PKCS, "CKM_SHA384_RSA_PKCS" },
+        { CKM_SHA512_RSA_PKCS, "CKM_SHA512_RSA_PKCS" }
+    };
+
+    CK_ULONG digestMechsSZ = NUM_ELEM(digestMechs);
+    CK_ULONG sigRSAMechsSZ = NUM_ELEM(sigRSAMechs);
+    CK_ULONG hmacMechsSZ = NUM_ELEM(hmacMechs);
+    CK_MECHANISM mech;
+
+    unsigned int i;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* DSA key init */
+    dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
+    dsaParamGenMech.pParameter = NULL_PTR;
+    dsaParamGenMech.ulParameterLen = 0;
+    dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
+    dsaParamGenTemplate[0].pValue = &primeBits;
+    dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
+    dsaPubKeyTemplate[0].type = CKA_PRIME;
+    dsaPubKeyTemplate[0].pValue = DSA_P;
+    dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
+    dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+    dsaPubKeyTemplate[1].pValue = DSA_Q;
+    dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
+    dsaPubKeyTemplate[2].type = CKA_BASE;
+    dsaPubKeyTemplate[2].pValue = DSA_G;
+    dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
+    dsaPubKeyTemplate[3].type = CKA_TOKEN;
+    dsaPubKeyTemplate[3].pValue = &true;
+    dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
+    dsaPubKeyTemplate[4].type = CKA_VERIFY;
+    dsaPubKeyTemplate[4].pValue = &true;
+    dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
+    dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
+    dsaKeyPairGenMech.pParameter = NULL_PTR;
+    dsaKeyPairGenMech.ulParameterLen = 0;
+    dsaPrivKeyTemplate[0].type = CKA_TOKEN;
+    dsaPrivKeyTemplate[0].pValue = &true;
+    dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
+    dsaPrivKeyTemplate[1].pValue = &true;
+    dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
+    dsaPrivKeyTemplate[2].pValue = &true;
+    dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[3].type = CKA_SIGN,
+    dsaPrivKeyTemplate[3].pValue = &true;
+    dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
+    dsaPrivKeyTemplate[4].pValue = &true;
+    dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
+
+    /* RSA key init */
+    rsaKeyPairGenMech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+    rsaKeyPairGenMech.pParameter = NULL_PTR;
+    rsaKeyPairGenMech.ulParameterLen = 0;
+
+    rsaPubKeyTemplate[0].type = CKA_KEY_TYPE;
+    rsaPubKeyTemplate[0].pValue = &rsatype;
+    rsaPubKeyTemplate[0].ulValueLen = sizeof(rsatype);
+    rsaPubKeyTemplate[1].type = CKA_PRIVATE;
+    rsaPubKeyTemplate[1].pValue = &true;
+    rsaPubKeyTemplate[1].ulValueLen = sizeof(true);
+    rsaPubKeyTemplate[2].type = CKA_ENCRYPT;
+    rsaPubKeyTemplate[2].pValue = &true;
+    rsaPubKeyTemplate[2].ulValueLen = sizeof(true);
+    rsaPubKeyTemplate[3].type = CKA_DECRYPT;
+    rsaPubKeyTemplate[3].pValue = &true;
+    rsaPubKeyTemplate[3].ulValueLen = sizeof(true);
+    rsaPubKeyTemplate[4].type = CKA_VERIFY;
+    rsaPubKeyTemplate[4].pValue = &true;
+    rsaPubKeyTemplate[4].ulValueLen = sizeof(true);
+    rsaPubKeyTemplate[5].type = CKA_SIGN;
+    rsaPubKeyTemplate[5].pValue = &true;
+    rsaPubKeyTemplate[5].ulValueLen = sizeof(true);
+    rsaPubKeyTemplate[6].type = CKA_WRAP;
+    rsaPubKeyTemplate[6].pValue = &true;
+    rsaPubKeyTemplate[6].ulValueLen = sizeof(true);
+    rsaPubKeyTemplate[7].type = CKA_MODULUS_BITS;
+    rsaPubKeyTemplate[7].pValue = &modulusBits;
+    rsaPubKeyTemplate[7].ulValueLen = sizeof(modulusBits);
+    rsaPubKeyTemplate[8].type = CKA_PUBLIC_EXPONENT;
+    rsaPubKeyTemplate[8].pValue = publicExponent;
+    rsaPubKeyTemplate[8].ulValueLen = sizeof(publicExponent);
+
+    rsaPrivKeyTemplate[0].type = CKA_KEY_TYPE;
+    rsaPrivKeyTemplate[0].pValue = &rsatype;
+    rsaPrivKeyTemplate[0].ulValueLen = sizeof(rsatype);
+    rsaPrivKeyTemplate[1].type = CKA_TOKEN;
+    rsaPrivKeyTemplate[1].pValue = &true;
+    rsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
+    rsaPrivKeyTemplate[2].type = CKA_PRIVATE;
+    rsaPrivKeyTemplate[2].pValue = &true;
+    rsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
+    rsaPrivKeyTemplate[3].type = CKA_SUBJECT;
+    rsaPrivKeyTemplate[3].pValue = subject;
+    rsaPrivKeyTemplate[3].ulValueLen = sizeof(subject);
+    rsaPrivKeyTemplate[4].type = CKA_ID;
+    rsaPrivKeyTemplate[4].pValue = id;
+    rsaPrivKeyTemplate[4].ulValueLen = sizeof(id);
+    rsaPrivKeyTemplate[5].type = CKA_SENSITIVE;
+    rsaPrivKeyTemplate[5].pValue = &true;
+    rsaPrivKeyTemplate[5].ulValueLen = sizeof(true);
+    rsaPrivKeyTemplate[6].type = CKA_ENCRYPT;
+    rsaPrivKeyTemplate[6].pValue = &true;
+    rsaPrivKeyTemplate[6].ulValueLen = sizeof(true);
+    rsaPrivKeyTemplate[7].type = CKA_DECRYPT;
+    rsaPrivKeyTemplate[7].pValue = &true;
+    rsaPrivKeyTemplate[7].ulValueLen = sizeof(true);
+    rsaPrivKeyTemplate[8].type = CKA_VERIFY;
+    rsaPrivKeyTemplate[8].pValue = &true;
+    rsaPrivKeyTemplate[8].ulValueLen = sizeof(true);
+    rsaPrivKeyTemplate[9].type = CKA_SIGN;
+    rsaPrivKeyTemplate[9].pValue = &true;
+    rsaPrivKeyTemplate[9].ulValueLen = sizeof(true);
+    rsaPrivKeyTemplate[10].type = CKA_UNWRAP;
+    rsaPrivKeyTemplate[10].pValue = &true;
+    rsaPrivKeyTemplate[10].ulValueLen = sizeof(true);
+
+    /* AES key template */
+    sAESKeyTemplate[0].type = CKA_CLASS;
+    sAESKeyTemplate[0].pValue = &class;
+    sAESKeyTemplate[0].ulValueLen = sizeof(class);
+    sAESKeyTemplate[1].type = CKA_KEY_TYPE;
+    sAESKeyTemplate[1].pValue = &keyAESType;
+    sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
+    sAESKeyTemplate[2].type = CKA_LABEL;
+    sAESKeyTemplate[2].pValue = AESlabel;
+    sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
+    sAESKeyTemplate[3].type = CKA_ENCRYPT;
+    sAESKeyTemplate[3].pValue = &true;
+    sAESKeyTemplate[3].ulValueLen = sizeof(true);
+    sAESKeyTemplate[4].type = CKA_DECRYPT;
+    sAESKeyTemplate[4].pValue = &true;
+    sAESKeyTemplate[4].ulValueLen = sizeof(true);
+    sAESKeyTemplate[5].type = CKA_SIGN;
+    sAESKeyTemplate[5].pValue = &true;
+    sAESKeyTemplate[5].ulValueLen = sizeof(true);
+    sAESKeyTemplate[6].type = CKA_VERIFY;
+    sAESKeyTemplate[6].pValue = &true;
+    sAESKeyTemplate[6].ulValueLen = sizeof(true);
+    sAESKeyTemplate[7].type = CKA_UNWRAP;
+    sAESKeyTemplate[7].pValue = &true;
+    sAESKeyTemplate[7].ulValueLen = sizeof(true);
+    sAESKeyTemplate[8].type = CKA_VALUE_LEN;
+    sAESKeyTemplate[8].pValue = &AESvalueLen;
+    sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
+
+    /* DES3 key template */
+    sDES3KeyTemplate[0].type = CKA_CLASS;
+    sDES3KeyTemplate[0].pValue = &class;
+    sDES3KeyTemplate[0].ulValueLen = sizeof(class);
+    sDES3KeyTemplate[1].type = CKA_KEY_TYPE;
+    sDES3KeyTemplate[1].pValue = &keyDES3Type;
+    sDES3KeyTemplate[1].ulValueLen = sizeof(keyDES3Type);
+    sDES3KeyTemplate[2].type = CKA_LABEL;
+    sDES3KeyTemplate[2].pValue = DES3label;
+    sDES3KeyTemplate[2].ulValueLen = sizeof(DES3label) - 1;
+    sDES3KeyTemplate[3].type = CKA_ENCRYPT;
+    sDES3KeyTemplate[3].pValue = &true;
+    sDES3KeyTemplate[3].ulValueLen = sizeof(true);
+    sDES3KeyTemplate[4].type = CKA_DECRYPT;
+    sDES3KeyTemplate[4].pValue = &true;
+    sDES3KeyTemplate[4].ulValueLen = sizeof(true);
+    sDES3KeyTemplate[5].type = CKA_UNWRAP;
+    sDES3KeyTemplate[5].pValue = &true;
+    sDES3KeyTemplate[5].ulValueLen = sizeof(true);
+    sDES3KeyTemplate[6].type = CKA_SIGN,
+    sDES3KeyTemplate[6].pValue = &true;
+    sDES3KeyTemplate[6].ulValueLen = sizeof(true);
+    sDES3KeyTemplate[7].type = CKA_VERIFY;
+    sDES3KeyTemplate[7].pValue = &true;
+    sDES3KeyTemplate[7].ulValueLen = sizeof(true);
+    sDES3KeyTemplate[8].type = CKA_VALUE_LEN;
+    sDES3KeyTemplate[8].pValue = &DES3valueLen;
+    sDES3KeyTemplate[8].ulValueLen = sizeof(DES3valueLen);
+
+    /* mech init */
+    memset(IV, 0x01, sizeof(IV));
+    mech_DES3_CBC.mechanism = CKM_DES3_CBC;
+    mech_DES3_CBC.pParameter = IV;
+    mech_DES3_CBC.ulParameterLen = sizeof(IV);
+    mech_DES3_CBC_PAD.mechanism = CKM_DES3_CBC_PAD;
+    mech_DES3_CBC_PAD.pParameter = IV;
+    mech_DES3_CBC_PAD.ulParameterLen = sizeof(IV);
+    mech_AES_CBC.mechanism = CKM_AES_CBC;
+    mech_AES_CBC.pParameter = IV;
+    mech_AES_CBC.ulParameterLen = sizeof(IV);
+    mech_AES_CBC_PAD.mechanism = CKM_AES_CBC_PAD;
+    mech_AES_CBC_PAD.pParameter = IV;
+    mech_AES_CBC_PAD.ulParameterLen = sizeof(IV);
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID],
+                                       CKF_RW_SESSION | CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hRwSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("Opening a read/write session succeeded\n");
+    } else {
+        PKM_Error("Opening a read/write session failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (MODE == FIPSMODE) {
+        crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
+                                           sAESKeyTemplate,
+                                           NUM_ELEM(sAESKeyTemplate),
+                                           &hAESSecKey);
+        if (crv == CKR_OK) {
+            PKM_Error("C_GenerateKey succeeded when not logged in.\n");
+            return CKR_GENERAL_ERROR;
+        } else {
+            PKM_LogIt("C_GenerateKey returned as EXPECTED with 0x%08X, %-26s\n"
+                      "since not logged in\n",
+                      crv, PKM_CK_RVtoStr(crv));
+        }
+        crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
+                                               rsaPubKeyTemplate,
+                                               NUM_ELEM(rsaPubKeyTemplate),
+                                               rsaPrivKeyTemplate,
+                                               NUM_ELEM(rsaPrivKeyTemplate),
+                                               &hRSApubKey, &hRSAprivKey);
+        if (crv == CKR_OK) {
+            PKM_Error("C_GenerateKeyPair succeeded when not logged in.\n");
+            return CKR_GENERAL_ERROR;
+        } else {
+            PKM_LogIt("C_GenerateKeyPair returned as EXPECTED with 0x%08X, "
+                      "%-26s\n since not logged in\n",
+                      crv,
+                      PKM_CK_RVtoStr(crv));
+        }
+    }
+
+    crv = pFunctionList->C_Login(hRwSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate an AES key ... \n");
+    /* generate an AES Secret Key */
+    crv = pFunctionList->C_GenerateKey(hRwSession, &sAESKeyMech,
+                                       sAESKeyTemplate,
+                                       NUM_ELEM(sAESKeyTemplate),
+                                       &hAESSecKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateKey AES succeeded\n");
+    } else {
+        PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate an 3DES key ...\n");
+    /* generate an 3DES Secret Key */
+    crv = pFunctionList->C_GenerateKey(hRwSession, &sDES3KeyGenMechanism,
+                                       sDES3KeyTemplate,
+                                       NUM_ELEM(sDES3KeyTemplate),
+                                       &hDES3SecKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateKey DES3 succeeded\n");
+    } else {
+        PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate DSA PQG domain parameters ... \n");
+    /* Generate DSA domain parameters PQG */
+    crv = pFunctionList->C_GenerateKey(hRwSession, &dsaParamGenMech,
+                                       dsaParamGenTemplate,
+                                       1,
+                                       &hDsaParams);
+    if (crv == CKR_OK) {
+        PKM_LogIt("DSA domain parameter generation succeeded\n");
+    } else {
+        PKM_Error("DSA domain parameter generation failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_GetAttributeValue(hRwSession, hDsaParams,
+                                             dsaPubKeyTemplate, 3);
+    if (crv == CKR_OK) {
+        PKM_LogIt("Getting DSA domain parameters succeeded\n");
+    } else {
+        PKM_Error("Getting DSA domain parameters failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_DestroyObject(hRwSession, hDsaParams);
+    if (crv == CKR_OK) {
+        PKM_LogIt("Destroying DSA domain parameters succeeded\n");
+    } else {
+        PKM_Error("Destroying DSA domain parameters failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate a DSA key pair ... \n");
+    /* Generate a persistent DSA key pair */
+    crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
+                                           dsaPubKeyTemplate,
+                                           NUM_ELEM(dsaPubKeyTemplate),
+                                           dsaPrivKeyTemplate,
+                                           NUM_ELEM(dsaPrivKeyTemplate),
+                                           &hDSApubKey, &hDSAprivKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("DSA key pair generation succeeded\n");
+    } else {
+        PKM_Error("DSA key pair generation failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate a RSA key pair ... \n");
+    /*** GEN RSA Key ***/
+    crv = pFunctionList->C_GenerateKeyPair(hRwSession, &rsaKeyPairGenMech,
+                                           rsaPubKeyTemplate,
+                                           NUM_ELEM(rsaPubKeyTemplate),
+                                           rsaPrivKeyTemplate,
+                                           NUM_ELEM(rsaPrivKeyTemplate),
+                                           &hRSApubKey, &hRSAprivKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateKeyPair created an RSA key pair. \n");
+    } else {
+        PKM_Error("C_GenerateKeyPair failed to create an RSA key pair.\n"
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("**** Generation of keys completed ***** \n");
+
+    mech.mechanism = CKM_RSA_PKCS;
+    mech.pParameter = NULL;
+    mech.ulParameterLen = 0;
+
+    crv = PKM_wrapUnwrap(pFunctionList,
+                         hRwSession,
+                         hRSApubKey, hRSAprivKey,
+                         &mech,
+                         hAESSecKey,
+                         sAESKeyTemplate,
+                         NUM_ELEM(sAESKeyTemplate));
+
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap AES key "
+                  "succeeded\n\n");
+    } else {
+        PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap AES key failed "
+                  "with 0x%08X, %-26s\n",
+                  crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = PKM_wrapUnwrap(pFunctionList,
+                         hRwSession,
+                         hRSApubKey, hRSAprivKey,
+                         &mech,
+                         hDES3SecKey,
+                         sDES3KeyTemplate,
+                         NUM_ELEM(sDES3KeyTemplate));
+
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
+                  "succeeded\n\n");
+    } else {
+        PKM_Error("PKM_wrapUnwrap using RSA keypair to wrap DES3 key "
+                  "failed with 0x%08X, %-26s\n",
+                  crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
+                          hAESSecKey, &mech_AES_CBC_PAD,
+                          PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_SecKeyCrypt succeeded \n\n");
+    } else {
+        PKM_Error("PKM_SecKeyCrypt failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
+                          hAESSecKey, &mech_AES_CBC,
+                          PLAINTEXT, sizeof(PLAINTEXT));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_SecKeyCrypt AES succeeded \n\n");
+    } else {
+        PKM_Error("PKM_SecKeyCrypt failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
+                          hDES3SecKey, &mech_DES3_CBC,
+                          PLAINTEXT, sizeof(PLAINTEXT));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n");
+    } else {
+        PKM_Error("PKM_SecKeyCrypt DES3 failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = PKM_SecKeyCrypt(pFunctionList, hRwSession,
+                          hDES3SecKey, &mech_DES3_CBC_PAD,
+                          PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_SecKeyCrypt DES3 succeeded \n\n");
+    } else {
+        PKM_Error("PKM_SecKeyCrypt DES3 failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    mech.mechanism = CKM_RSA_PKCS;
+    crv = PKM_RecoverFunctions(pFunctionList, hRwSession,
+                               hRSApubKey, hRSAprivKey,
+                               &mech,
+                               PLAINTEXT, sizeof(PLAINTEXT));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_RecoverFunctions for CKM_RSA_PKCS succeeded\n\n");
+    } else {
+        PKM_Error("PKM_RecoverFunctions failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    mech.pParameter = NULL;
+    mech.ulParameterLen = 0;
+
+    for (i = 0; i < sigRSAMechsSZ; i++) {
+
+        mech.mechanism = sigRSAMechs[i].mechanism;
+
+        crv = PKM_PubKeySign(pFunctionList, hRwSession,
+                             hRSApubKey, hRSAprivKey,
+                             &mech,
+                             PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_PubKeySign succeeded for %-10s\n\n",
+                      sigRSAMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_PubKeySign failed for %-10s  "
+                      "with 0x%08X, %-26s\n",
+                      sigRSAMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+        crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                               hRSApubKey, hRSAprivKey,
+                               &mech,
+                               hAESSecKey, &mech_AES_CBC,
+                               PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
+                      "for %-10s\n\n",
+                      sigRSAMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_DualFuncSign with AES secret key failed "
+                      "for %-10s  "
+                      "with 0x%08X, %-26s\n",
+                      sigRSAMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+        crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                               hRSApubKey, hRSAprivKey,
+                               &mech,
+                               hDES3SecKey, &mech_DES3_CBC,
+                               PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
+                      "for %-10s\n\n",
+                      sigRSAMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_DualFuncSign with DES3 secret key failed "
+                      "for %-10s  "
+                      "with 0x%08X, %-26s\n",
+                      sigRSAMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+        crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                               hRSApubKey, hRSAprivKey,
+                               &mech,
+                               hAESSecKey, &mech_AES_CBC_PAD,
+                               PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD "
+                      "succeeded for %-10s\n\n",
+                      sigRSAMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD "
+                      "failed for %-10s  "
+                      "with 0x%08X, %-26s\n",
+                      sigRSAMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+        crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                               hRSApubKey, hRSAprivKey,
+                               &mech,
+                               hDES3SecKey, &mech_DES3_CBC_PAD,
+                               PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD "
+                      "succeeded for %-10s\n\n",
+                      sigRSAMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD "
+                      "failed for %-10s  "
+                      "with 0x%08X, %-26s\n",
+                      sigRSAMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+
+    } /* end of RSA for loop */
+
+    crv = PKM_PubKeySign(pFunctionList, hRwSession,
+                         hDSApubKey, hDSAprivKey,
+                         &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_PubKeySign for DSAwithSHA1 succeeded \n\n");
+    } else {
+        PKM_Error("PKM_PubKeySign failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                           hDSApubKey, hDSAprivKey,
+                           &dsaWithSha1Mech,
+                           hAESSecKey, &mech_AES_CBC,
+                           PLAINTEXT, sizeof(PLAINTEXT));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_DualFuncSign with AES secret key succeeded "
+                  "for DSAWithSHA1\n\n");
+    } else {
+        PKM_Error("PKM_DualFuncSign with AES secret key failed "
+                  "for DSAWithSHA1 with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                           hDSApubKey, hDSAprivKey,
+                           &dsaWithSha1Mech,
+                           hDES3SecKey, &mech_DES3_CBC,
+                           PLAINTEXT, sizeof(PLAINTEXT));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_DualFuncSign with DES3 secret key succeeded "
+                  "for DSAWithSHA1\n\n");
+    } else {
+        PKM_Error("PKM_DualFuncSign with DES3 secret key failed "
+                  "for DSAWithSHA1 with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                           hDSApubKey, hDSAprivKey,
+                           &dsaWithSha1Mech,
+                           hAESSecKey, &mech_AES_CBC_PAD,
+                           PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_DualFuncSign with AES secret key CBC_PAD succeeded "
+                  "for DSAWithSHA1\n\n");
+    } else {
+        PKM_Error("PKM_DualFuncSign with AES secret key CBC_PAD failed "
+                  "for DSAWithSHA1 with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = PKM_DualFuncSign(pFunctionList, hRwSession,
+                           hDSApubKey, hDSAprivKey,
+                           &dsaWithSha1Mech,
+                           hDES3SecKey, &mech_DES3_CBC_PAD,
+                           PLAINTEXT_PAD, sizeof(PLAINTEXT_PAD));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_DualFuncSign with DES3 secret key CBC_PAD succeeded "
+                  "for DSAWithSHA1\n\n");
+    } else {
+        PKM_Error("PKM_DualFuncSign with DES3 secret key CBC_PAD failed "
+                  "for DSAWithSHA1 with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    for (i = 0; i < digestMechsSZ; i++) {
+        mech.mechanism = digestMechs[i].mechanism;
+        crv = PKM_Digest(pFunctionList, hRwSession,
+                         &mech, hAESSecKey,
+                         PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_Digest with AES secret key succeeded for %-10s\n\n",
+                      digestMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_Digest with AES secret key failed for "
+                      "%-10s with 0x%08X,  %-26s\n",
+                      digestMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+        crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
+                                 hAESSecKey, &mech_AES_CBC,
+                                 0, &mech,
+                                 PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_DualFuncDigest with AES secret key succeeded\n\n");
+        } else {
+            PKM_Error("PKM_DualFuncDigest with AES secret key "
+                      "failed with 0x%08X, %-26s\n",
+                      crv,
+                      PKM_CK_RVtoStr(crv));
+        }
+
+        crv = PKM_Digest(pFunctionList, hRwSession,
+                         &mech, hDES3SecKey,
+                         PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_Digest with DES3 secret key succeeded for %-10s\n\n",
+                      digestMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_Digest with DES3 secret key failed for "
+                      "%-10s with 0x%08X,  %-26s\n",
+                      digestMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+        crv = PKM_DualFuncDigest(pFunctionList, hRwSession,
+                                 hDES3SecKey, &mech_DES3_CBC,
+                                 0, &mech,
+                                 PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_DualFuncDigest DES3 secret key succeeded\n\n");
+        } else {
+            PKM_Error("PKM_DualFuncDigest DES3 secret key "
+                      "failed with 0x%08X, %-26s\n",
+                      crv,
+                      PKM_CK_RVtoStr(crv));
+        }
+
+        crv = PKM_Digest(pFunctionList, hRwSession,
+                         &mech, 0,
+                         PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_Digest with no secret key succeeded for %-10s\n\n",
+                      digestMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_Digest with no secret key failed for %-10s  "
+                      "with 0x%08X, %-26s\n",
+                      digestMechs[i].mechanismStr, crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+    } /* end of digest loop */
+
+    for (i = 0; i < hmacMechsSZ; i++) {
+        mech.mechanism = hmacMechs[i].mechanism;
+        crv = PKM_Hmac(pFunctionList, hRwSession,
+                       hAESSecKey, &mech,
+                       PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_Hmac with AES secret key succeeded for %-10s\n\n",
+                      hmacMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_Hmac with AES secret key failed for %-10s "
+                      "with 0x%08X, %-26s\n",
+                      hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+        if ((MODE == FIPSMODE) && (mech.mechanism == CKM_SHA512_HMAC))
+            break;
+        crv = PKM_Hmac(pFunctionList, hRwSession,
+                       hDES3SecKey, &mech,
+                       PLAINTEXT, sizeof(PLAINTEXT));
+        if (crv == CKR_OK) {
+            PKM_LogIt("PKM_Hmac with DES3 secret key succeeded for %-10s\n\n",
+                      hmacMechs[i].mechanismStr);
+        } else {
+            PKM_Error("PKM_Hmac with DES3 secret key failed for %-10s "
+                      "with 0x%08X,  %-26s\n",
+                      hmacMechs[i].mechanismStr, crv, PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+
+    } /* end of hmac loop */
+
+    crv = pFunctionList->C_Logout(hRwSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_CloseSession(hRwSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+void
+PKM_LogIt(const char *fmt, ...)
+{
+    va_list args;
+
+    if (verbose) {
+        va_start(args, fmt);
+        if (MODE == FIPSMODE) {
+            printf("FIPS MODE: ");
+        } else if (MODE == NONFIPSMODE) {
+            printf("NON FIPS MODE: ");
+        } else if (MODE == HYBRIDMODE) {
+            printf("Hybrid MODE: ");
+        }
+        vprintf(fmt, args);
+        va_end(args);
+    }
+}
+
+void
+PKM_Error(const char *fmt, ...)
+{
+    va_list args;
+    va_start(args, fmt);
+
+    if (MODE == FIPSMODE) {
+        fprintf(stderr, "\nFIPS MODE PKM_Error: ");
+    } else if (MODE == NONFIPSMODE) {
+        fprintf(stderr, "NON FIPS MODE PKM_Error: ");
+    } else if (MODE == HYBRIDMODE) {
+        fprintf(stderr, "Hybrid MODE PKM_Error: ");
+    } else
+        fprintf(stderr, "NOMODE PKM_Error: ");
+    vfprintf(stderr, fmt, args);
+    va_end(args);
+}
+CK_SLOT_ID *
+PKM_GetSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
+                CK_ULONG slotID)
+{
+    CK_RV crv = CKR_OK;
+    CK_SLOT_ID *pSlotList = NULL;
+    CK_ULONG slotCount;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* Get slot list */
+    crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
+                                       NULL, &slotCount);
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return NULL;
+    }
+    PKM_LogIt("C_GetSlotList reported there are %lu slots\n", slotCount);
+    pSlotList = (CK_SLOT_ID *)malloc(slotCount * sizeof(CK_SLOT_ID));
+    if (!pSlotList) {
+        PKM_Error("failed to allocate slot list\n");
+        return NULL;
+    }
+    crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
+                                       pSlotList, &slotCount);
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetSlotList failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        if (pSlotList)
+            free(pSlotList);
+        return NULL;
+    }
+    return pSlotList;
+}
+
+CK_RV
+PKM_InitPWforDB(CK_FUNCTION_LIST_PTR pFunctionList,
+                CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+    CK_RV crv = CKR_OK;
+    CK_SESSION_HANDLE hSession;
+    static const CK_UTF8CHAR testPin[] = { "0Mozilla" };
+    static const CK_UTF8CHAR weakPin[] = { "mozilla" };
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID],
+                                       CKF_RW_SESSION | CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
+
+    crv = pFunctionList->C_Login(hSession, CKU_SO, NULL, 0);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    if (MODE == FIPSMODE) {
+        crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)weakPin,
+                                       strlen((char *)weakPin));
+        if (crv == CKR_OK) {
+            PKM_Error("C_InitPIN with a weak password succeeded\n");
+            return crv;
+        } else {
+            PKM_LogIt("C_InitPIN with a weak password failed with "
+                      "0x%08X, %-26s\n",
+                      crv, PKM_CK_RVtoStr(crv));
+        }
+    }
+    crv = pFunctionList->C_InitPIN(hSession, (CK_UTF8CHAR *)testPin,
+                                   strlen((char *)testPin));
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_InitPIN succeeded\n");
+    } else {
+        PKM_Error("C_InitPIN failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID],
+                                       CKF_RW_SESSION | CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("CKU_USER 0x%08X \n", CKU_USER);
+
+    crv = pFunctionList->C_Login(hSession, CKU_USER, (CK_UTF8CHAR *)testPin,
+                                 strlen((const char *)testPin));
+    if (crv != CKR_OK) {
+        PKM_Error("C_Login failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    if (MODE == FIPSMODE) {
+        crv = pFunctionList->C_SetPIN(
+            hSession, (CK_UTF8CHAR *)testPin,
+            strlen((const char *)testPin),
+            (CK_UTF8CHAR *)weakPin,
+            strlen((const char *)weakPin));
+        if (crv == CKR_OK) {
+            PKM_Error("C_SetPIN with a weak password succeeded\n");
+            return crv;
+        } else {
+            PKM_LogIt("C_SetPIN with a weak password returned with "
+                      "0x%08X, %-26s\n",
+                      crv, PKM_CK_RVtoStr(crv));
+        }
+    }
+    crv = pFunctionList->C_SetPIN(
+        hSession, (CK_UTF8CHAR *)testPin,
+        strlen((const char *)testPin),
+        pwd, pwdLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CSetPin failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    return crv;
+}
+
+CK_RV
+PKM_ShowInfo(CK_FUNCTION_LIST_PTR pFunctionList, CK_ULONG slotID)
+{
+    CK_RV crv = CKR_OK;
+    CK_INFO info;
+    CK_SLOT_ID *pSlotList = NULL;
+    unsigned i;
+
+    CK_SLOT_INFO slotInfo;
+    CK_TOKEN_INFO tokenInfo;
+    CK_FLAGS bitflag;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    crv = pFunctionList->C_GetInfo(&info);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GetInfo succeeded\n");
+    } else {
+        PKM_Error("C_GetInfo failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_LogIt("General information about the PKCS #11 library:\n");
+    PKM_LogIt("    PKCS #11 version: %d.%d\n",
+              (int)info.cryptokiVersion.major,
+              (int)info.cryptokiVersion.minor);
+    PKM_LogIt("    manufacturer ID: %.32s\n", info.manufacturerID);
+    PKM_LogIt("    flags: 0x%08lX\n", info.flags);
+    PKM_LogIt("    library description: %.32s\n", info.libraryDescription);
+    PKM_LogIt("    library version: %d.%d\n",
+              (int)info.libraryVersion.major, (int)info.libraryVersion.minor);
+    PKM_LogIt("\n");
+
+    /* Get slot list */
+    pSlotList = PKM_GetSlotList(pFunctionList, slotID);
+    if (pSlotList == NULL) {
+        PKM_Error("PKM_GetSlotList failed with \n");
+        return crv;
+    }
+    crv = pFunctionList->C_GetSlotInfo(pSlotList[slotID], &slotInfo);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GetSlotInfo succeeded\n");
+    } else {
+        PKM_Error("C_GetSlotInfo failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_LogIt("Information about slot %lu:\n", pSlotList[slotID]);
+    PKM_LogIt("    slot description: %.64s\n", slotInfo.slotDescription);
+    PKM_LogIt("    slot manufacturer ID: %.32s\n", slotInfo.manufacturerID);
+    PKM_LogIt("    flags: 0x%08lX\n", slotInfo.flags);
+    bitflag = 1;
+    for (i = 0; i < sizeof(slotFlagName) / sizeof(slotFlagName[0]); i++) {
+        if (slotInfo.flags & bitflag) {
+            PKM_LogIt("           %s\n", slotFlagName[i]);
+        }
+        bitflag <<= 1;
+    }
+    PKM_LogIt("    slot's hardware version number: %d.%d\n",
+              (int)slotInfo.hardwareVersion.major,
+              (int)slotInfo.hardwareVersion.minor);
+    PKM_LogIt("    slot's firmware version number: %d.%d\n",
+              (int)slotInfo.firmwareVersion.major,
+              (int)slotInfo.firmwareVersion.minor);
+    PKM_LogIt("\n");
+
+    crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tokenInfo);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GetTokenInfo succeeded\n");
+    } else {
+        PKM_Error("C_GetTokenInfo failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_LogIt("Information about the token in slot %lu:\n",
+              pSlotList[slotID]);
+    PKM_LogIt("    label: %.32s\n", tokenInfo.label);
+    PKM_LogIt("    device manufacturer ID: %.32s\n",
+              tokenInfo.manufacturerID);
+    PKM_LogIt("    device model: %.16s\n", tokenInfo.model);
+    PKM_LogIt("    device serial number: %.16s\n", tokenInfo.serialNumber);
+    PKM_LogIt("    flags: 0x%08lX\n", tokenInfo.flags);
+    bitflag = 1;
+    for (i = 0; i < sizeof(tokenFlagName) / sizeof(tokenFlagName[0]); i++) {
+        if (tokenInfo.flags & bitflag) {
+            PKM_LogIt("           %s\n", tokenFlagName[i]);
+        }
+        bitflag <<= 1;
+    }
+    PKM_LogIt("    maximum session count: %lu\n",
+              tokenInfo.ulMaxSessionCount);
+    PKM_LogIt("    session count: %lu\n", tokenInfo.ulSessionCount);
+    PKM_LogIt("    maximum read/write session count: %lu\n",
+              tokenInfo.ulMaxRwSessionCount);
+    PKM_LogIt("    read/write session count: %lu\n",
+              tokenInfo.ulRwSessionCount);
+    PKM_LogIt("    maximum PIN length: %lu\n", tokenInfo.ulMaxPinLen);
+    PKM_LogIt("    minimum PIN length: %lu\n", tokenInfo.ulMinPinLen);
+    PKM_LogIt("    total public memory: %lu\n",
+              tokenInfo.ulTotalPublicMemory);
+    PKM_LogIt("    free public memory: %lu\n",
+              tokenInfo.ulFreePublicMemory);
+    PKM_LogIt("    total private memory: %lu\n",
+              tokenInfo.ulTotalPrivateMemory);
+    PKM_LogIt("    free private memory: %lu\n",
+              tokenInfo.ulFreePrivateMemory);
+    PKM_LogIt("    hardware version number: %d.%d\n",
+              (int)tokenInfo.hardwareVersion.major,
+              (int)tokenInfo.hardwareVersion.minor);
+    PKM_LogIt("    firmware version number: %d.%d\n",
+              (int)tokenInfo.firmwareVersion.major,
+              (int)tokenInfo.firmwareVersion.minor);
+    if (tokenInfo.flags & CKF_CLOCK_ON_TOKEN) {
+        PKM_LogIt("    current time: %.16s\n", tokenInfo.utcTime);
+    }
+    PKM_LogIt("PKM_ShowInfo done \n\n");
+    free(pSlotList);
+    return crv;
+}
+
+/* PKM_HybridMode                                                         */
+/* The NSS cryptographic module has two modes of operation: FIPS Approved */
+/* mode and NONFIPS Approved mode. The two modes of operation are         */
+/* independent of each other -- they have their own copies of data        */
+/* structures and they are even allowed to be active at the same time.    */
+/* The module is FIPS 140-2 compliant only when the NONFIPS mode          */
+/* is inactive.                                                           */
+/* PKM_HybridMode demostrates how an application can switch between the   */
+/* two modes: FIPS Approved mode and NONFIPS mode.                        */
+CK_RV
+PKM_HybridMode(CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+               CK_C_INITIALIZE_ARGS_NSS *initArgs)
+{
+
+    CK_C_GetFunctionList pC_GetFunctionList; /* NONFIPSMode */
+    CK_FUNCTION_LIST_PTR pC_FunctionList;
+    CK_SLOT_ID *pC_SlotList = NULL;
+    CK_ULONG slotID_C = 1;
+    CK_C_GetFunctionList pFC_GetFunctionList; /* FIPSMode */
+    CK_FUNCTION_LIST_PTR pFC_FunctionList;
+    CK_SLOT_ID *pFC_SlotList = NULL;
+    CK_ULONG slotID_FC = 0;
+    CK_RV crv = CKR_OK;
+    CK_SESSION_HANDLE hSession;
+    int origMode = MODE; /* remember the orginal MODE value */
+
+    NUMTESTS++; /* increment NUMTESTS */
+    MODE = NONFIPSMODE;
+#ifdef _WIN32
+    /* NON FIPS mode  == C_GetFunctionList */
+    pC_GetFunctionList = (CK_C_GetFunctionList)
+        GetProcAddress(hModule, "C_GetFunctionList");
+    if (pC_GetFunctionList == NULL) {
+        PKM_Error("cannot load %s\n", LIB_NAME);
+        return crv;
+    }
+#else
+    pC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+                                                                     "C_GetFunctionList");
+    assert(pC_GetFunctionList != NULL);
+#endif
+    PKM_LogIt("loading C_GetFunctionList for Non FIPS Mode; slotID %d \n",
+              slotID_C);
+    crv = (*pC_GetFunctionList)(&pC_FunctionList);
+    assert(crv == CKR_OK);
+
+    /* invoke C_Initialize as pC_FunctionList->C_Initialize */
+    crv = pC_FunctionList->C_Initialize(initArgs);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Initialize succeeded\n");
+    } else {
+        PKM_Error("C_Initialize failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    pC_SlotList = PKM_GetSlotList(pC_FunctionList, slotID_C);
+    if (pC_SlotList == NULL) {
+        PKM_Error("PKM_GetSlotList failed with \n");
+        return crv;
+    }
+    crv = pC_FunctionList->C_OpenSession(pC_SlotList[slotID_C],
+                                         CKF_SERIAL_SESSION,
+                                         NULL, NULL, &hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("NONFIPS C_OpenSession succeeded\n");
+    } else {
+        PKM_Error("C_OpenSession failed for NONFIPS token "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("able to login in NONFIPS token\n");
+    } else {
+        PKM_Error("Unable to login in to NONFIPS token "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pC_FunctionList->C_Logout(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_ShowInfo(pC_FunctionList, slotID_C);
+    MODE = HYBRIDMODE;
+
+    /* Now load the FIPS token */
+    /* FIPS mode == FC_GetFunctionList */
+    pFC_GetFunctionList = NULL;
+#ifdef _WIN32
+    pFC_GetFunctionList = (CK_C_GetFunctionList)
+        GetProcAddress(hModule, "FC_GetFunctionList");
+#else
+    pFC_GetFunctionList = (CK_C_GetFunctionList)PR_FindFunctionSymbol(lib,
+                                                                      "FC_GetFunctionList");
+    assert(pFC_GetFunctionList != NULL);
+#endif
+
+    PKM_LogIt("loading FC_GetFunctionList for FIPS Mode; slotID %d \n",
+              slotID_FC);
+    PKM_LogIt("pFC_FunctionList->C_Foo == pFC_FunctionList->FC_Foo\n");
+    if (pFC_GetFunctionList == NULL) {
+        PKM_Error("unable to load pFC_GetFunctionList\n");
+        return crv;
+    }
+
+    crv = (*pFC_GetFunctionList)(&pFC_FunctionList);
+    assert(crv == CKR_OK);
+
+    /* invoke FC_Initialize as pFunctionList->C_Initialize */
+    crv = pFC_FunctionList->C_Initialize(initArgs);
+    if (crv == CKR_OK) {
+        PKM_LogIt("FC_Initialize succeeded\n");
+    } else {
+        PKM_Error("FC_Initialize failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_ShowInfo(pFC_FunctionList, slotID_FC);
+
+    pFC_SlotList = PKM_GetSlotList(pFC_FunctionList, slotID_FC);
+    if (pFC_SlotList == NULL) {
+        PKM_Error("PKM_GetSlotList failed with \n");
+        return crv;
+    }
+
+    crv = pC_FunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv != CKR_OK) {
+        PKM_LogIt("NONFIPS token cannot log in when FIPS token is loaded\n");
+    } else {
+        PKM_Error("Able to login in to NONFIPS token\n");
+        return crv;
+    }
+    crv = pC_FunctionList->C_CloseSession(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("NONFIPS pC_CloseSession succeeded\n");
+    } else {
+        PKM_Error("pC_CloseSession failed for NONFIPS token "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("The module is FIPS 140-2 compliant\n"
+              "only when the NONFIPS Approved mode is inactive by \n"
+              "calling C_Finalize on the NONFIPS token.\n");
+
+    /* to go in FIPSMODE you must Finalize the NONFIPS mode pointer */
+    crv = pC_FunctionList->C_Finalize(NULL);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Finalize of NONFIPS Token succeeded\n");
+        MODE = FIPSMODE;
+    } else {
+        PKM_Error("C_Finalize of NONFIPS Token failed with "
+                  "0x%08X, %-26s\n",
+                  crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("*** In FIPS mode!  ***\n");
+
+    /* could do some operations in FIPS MODE */
+
+    crv = pFC_FunctionList->C_Finalize(NULL);
+    if (crv == CKR_OK) {
+        PKM_LogIt("Exiting FIPSMODE by caling FC_Finalize.\n");
+        MODE = NOMODE;
+    } else {
+        PKM_Error("FC_Finalize failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (pC_SlotList)
+        free(pC_SlotList);
+    if (pFC_SlotList)
+        free(pFC_SlotList);
+
+    MODE = origMode; /* set the mode back to the orginal Mode value */
+    PKM_LogIt("PKM_HybridMode test Completed\n\n");
+    return crv;
+}
+
+CK_RV
+PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
+              CK_SLOT_ID *pSlotList, CK_ULONG slotID)
+{
+
+    CK_RV crv = CKR_OK;
+    CK_MECHANISM_TYPE *pMechanismList;
+    CK_ULONG mechanismCount;
+    CK_ULONG i;
+    const char *mechName = NULL;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* Get the mechanism list */
+    crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
+                                            NULL, &mechanismCount);
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_LogIt("C_GetMechanismList reported there are %lu mechanisms\n",
+              mechanismCount);
+    pMechanismList = (CK_MECHANISM_TYPE *)
+        malloc(mechanismCount * sizeof(CK_MECHANISM_TYPE));
+    if (!pMechanismList) {
+        PKM_Error("failed to allocate mechanism list\n");
+        return crv;
+    }
+    crv = pFunctionList->C_GetMechanismList(pSlotList[slotID],
+                                            pMechanismList, &mechanismCount);
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetMechanismList failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_LogIt("C_GetMechanismList returned the mechanism types:\n");
+    if (verbose) {
+        for (i = 0; i < mechanismCount; i++) {
+            mechName = getName(pMechanismList[(i)], ConstMechanism);
+
+            /* output two mechanism name on each line */
+            /* currently the longest known mechansim name length is 37 */
+            if (mechName) {
+                printf("%-40s", mechName);
+            } else {
+                printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]);
+            }
+            if ((i % 2) == 1)
+                printf("\n");
+        }
+        printf("\n\n");
+    }
+
+    for (i = 0; i < mechanismCount; i++) {
+        CK_MECHANISM_INFO minfo;
+
+        memset(&minfo, 0, sizeof(CK_MECHANISM_INFO));
+        crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotID],
+                                                pMechanismList[i], &minfo);
+        if (CKR_OK != crv) {
+            PKM_Error("C_GetMechanismInfo(%lu, %lu) returned 0x%08X, %-26s\n",
+                      pSlotList[slotID], pMechanismList[i], crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+
+        mechName = getName(pMechanismList[i], ConstMechanism);
+        if (!mechName)
+            mechName = "Unknown mechanism";
+        PKM_LogIt("    [%lu]: CK_MECHANISM_TYPE = %s 0x%08lX\n", (i + 1),
+                  mechName,
+                  pMechanismList[i]);
+        PKM_LogIt("    ulMinKeySize = %lu\n", minfo.ulMinKeySize);
+        PKM_LogIt("    ulMaxKeySize = %lu\n", minfo.ulMaxKeySize);
+        PKM_LogIt("    flags = 0x%08x\n", minfo.flags);
+        PKM_LogIt("        -> HW = %s\n", minfo.flags & CKF_HW ? "TRUE"
+                                                               : "FALSE");
+        PKM_LogIt("        -> ENCRYPT = %s\n", minfo.flags & CKF_ENCRYPT ? "TRUE"
+                                                                         : "FALSE");
+        PKM_LogIt("        -> DECRYPT = %s\n", minfo.flags & CKF_DECRYPT ? "TRUE"
+                                                                         : "FALSE");
+        PKM_LogIt("        -> DIGEST = %s\n", minfo.flags & CKF_DIGEST ? "TRUE"
+                                                                       : "FALSE");
+        PKM_LogIt("        -> SIGN = %s\n", minfo.flags & CKF_SIGN ? "TRUE"
+                                                                   : "FALSE");
+        PKM_LogIt("        -> SIGN_RECOVER = %s\n", minfo.flags &
+                                                            CKF_SIGN_RECOVER
+                                                        ? "TRUE"
+                                                        : "FALSE");
+        PKM_LogIt("        -> VERIFY = %s\n", minfo.flags & CKF_VERIFY ? "TRUE"
+                                                                       : "FALSE");
+        PKM_LogIt("        -> VERIFY_RECOVER = %s\n",
+                  minfo.flags & CKF_VERIFY_RECOVER ? "TRUE" : "FALSE");
+        PKM_LogIt("        -> GENERATE = %s\n", minfo.flags & CKF_GENERATE ? "TRUE"
+                                                                           : "FALSE");
+        PKM_LogIt("        -> GENERATE_KEY_PAIR = %s\n",
+                  minfo.flags & CKF_GENERATE_KEY_PAIR ? "TRUE" : "FALSE");
+        PKM_LogIt("        -> WRAP = %s\n", minfo.flags & CKF_WRAP ? "TRUE"
+                                                                   : "FALSE");
+        PKM_LogIt("        -> UNWRAP = %s\n", minfo.flags & CKF_UNWRAP ? "TRUE"
+                                                                       : "FALSE");
+        PKM_LogIt("        -> DERIVE = %s\n", minfo.flags & CKF_DERIVE ? "TRUE"
+                                                                       : "FALSE");
+        PKM_LogIt("        -> EXTENSION = %s\n", minfo.flags & CKF_EXTENSION ? "TRUE"
+                                                                             : "FALSE");
+
+        PKM_LogIt("\n");
+    }
+
+    return crv;
+}
+
+CK_RV
+PKM_RNG(CK_FUNCTION_LIST_PTR pFunctionList, CK_SLOT_ID *pSlotList,
+        CK_ULONG slotID)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv = CKR_OK;
+    CK_BYTE randomData[16];
+    CK_BYTE seed[] = { 0x01, 0x03, 0x35, 0x55, 0xFF };
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_GenerateRandom(hSession,
+                                          randomData, sizeof randomData);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateRandom without login succeeded\n");
+    } else {
+        PKM_Error("C_GenerateRandom without login failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_SeedRandom(hSession, seed, sizeof(seed));
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_SeedRandom without login succeeded\n");
+    } else {
+        PKM_Error("C_SeedRandom without login failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_GenerateRandom(hSession,
+                                          randomData, sizeof randomData);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateRandom without login succeeded\n");
+    } else {
+        PKM_Error("C_GenerateRandom without login failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+CK_RV
+PKM_SessionLogin(CK_FUNCTION_LIST_PTR pFunctionList,
+                 CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                 CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv = CKR_OK;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)"netscape", 8);
+    if (crv == CKR_OK) {
+        PKM_Error("C_Login with wrong password succeeded\n");
+        return CKR_FUNCTION_FAILED;
+    } else {
+        PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
+                  "%-26s.\n ",
+                  crv, PKM_CK_RVtoStr(crv));
+    }
+    crv = pFunctionList->C_Login(hSession, CKU_USER, (unsigned char *)"red hat", 7);
+    if (crv == CKR_OK) {
+        PKM_Error("C_Login with wrong password succeeded\n");
+        return CKR_FUNCTION_FAILED;
+    } else {
+        PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
+                  "%-26s.\n ",
+                  crv, PKM_CK_RVtoStr(crv));
+    }
+    crv = pFunctionList->C_Login(hSession, CKU_USER,
+                                 (unsigned char *)"sun", 3);
+    if (crv == CKR_OK) {
+        PKM_Error("C_Login with wrong password succeeded\n");
+        return CKR_FUNCTION_FAILED;
+    } else {
+        PKM_LogIt("As expected C_Login with wrong password returned 0x%08X, "
+                  "%-26s.\n ",
+                  crv, PKM_CK_RVtoStr(crv));
+    }
+    crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+/*
+* PKM_LegacyFunctions
+*
+* Legacyfunctions exist only for backwards compatibility.
+* C_GetFunctionStatus and C_CancelFunction functions were
+* meant for managing parallel execution of cryptographic functions.
+*
+* C_GetFunctionStatus is a legacy function which should simply return
+* the value CKR_FUNCTION_NOT_PARALLEL.
+*
+* C_CancelFunction is a legacy function which should simply return the
+* value CKR_FUNCTION_NOT_PARALLEL.
+*
+*/
+CK_RV
+PKM_LegacyFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
+                    CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                    CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv = CKR_OK;
+    NUMTESTS++; /* increment NUMTESTS */
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_GetFunctionStatus(hSession);
+    if (crv == CKR_FUNCTION_NOT_PARALLEL) {
+        PKM_LogIt("C_GetFunctionStatus correctly"
+                  "returned CKR_FUNCTION_NOT_PARALLEL \n");
+    } else {
+        PKM_Error("C_GetFunctionStatus failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_CancelFunction(hSession);
+    if (crv == CKR_FUNCTION_NOT_PARALLEL) {
+        PKM_LogIt("C_CancelFunction correctly "
+                  "returned CKR_FUNCTION_NOT_PARALLEL \n");
+    } else {
+        PKM_Error("C_CancelFunction failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+/*
+*  PKM_DualFuncDigest - demostrates the Dual-function
+*  cryptograpic functions:
+*
+*   C_DigestEncryptUpdate - multi-part Digest and Encrypt
+*   C_DecryptDigestUpdate - multi-part Decrypt and Digest
+*
+*
+*/
+
+CK_RV
+PKM_DualFuncDigest(CK_FUNCTION_LIST_PTR pFunctionList,
+                   CK_SESSION_HANDLE hSession,
+                   CK_OBJECT_HANDLE hSecKey, CK_MECHANISM *cryptMech,
+                   CK_OBJECT_HANDLE hSecKeyDigest,
+                   CK_MECHANISM *digestMech,
+                   const CK_BYTE *pData, CK_ULONG pDataLen)
+{
+    CK_RV crv = CKR_OK;
+    CK_BYTE eDigest[MAX_DIGEST_SZ];
+    CK_BYTE dDigest[MAX_DIGEST_SZ];
+    CK_ULONG ulDigestLen;
+    CK_BYTE ciphertext[MAX_CIPHER_SZ];
+    CK_ULONG ciphertextLen, lastLen;
+    CK_BYTE plaintext[MAX_DATA_SZ];
+    CK_ULONG plaintextLen;
+    unsigned int i;
+
+    memset(eDigest, 0, sizeof(eDigest));
+    memset(dDigest, 0, sizeof(dDigest));
+    memset(ciphertext, 0, sizeof(ciphertext));
+    memset(plaintext, 0, sizeof(plaintext));
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /*
+     * First init the Digest and Ecrypt operations
+     */
+    crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSecKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_DigestInit(hSession, digestMech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    ciphertextLen = sizeof(ciphertext);
+    crv = pFunctionList->C_DigestEncryptUpdate(hSession, (CK_BYTE *)pData,
+                                               pDataLen,
+                                               ciphertext, &ciphertextLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestEncryptUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    ulDigestLen = sizeof(eDigest);
+    crv = pFunctionList->C_DigestFinal(hSession, eDigest, &ulDigestLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* get the last piece of ciphertext (length should be 0 */
+    lastLen = sizeof(ciphertext) - ciphertextLen;
+    crv = pFunctionList->C_EncryptFinal(hSession,
+                                        (CK_BYTE *)&ciphertext[ciphertextLen],
+                                        &lastLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    ciphertextLen = ciphertextLen + lastLen;
+    if (verbose) {
+        printf("ciphertext = ");
+        for (i = 0; i < ciphertextLen; i++) {
+            printf("%02x", (unsigned)ciphertext[i]);
+        }
+        printf("\n");
+        printf("eDigest = ");
+        for (i = 0; i < ulDigestLen; i++) {
+            printf("%02x", (unsigned)eDigest[i]);
+        }
+        printf("\n");
+    }
+
+    /* Decrypt the text */
+    crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSecKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_DigestInit(hSession, digestMech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    plaintextLen = sizeof(plaintext);
+    crv = pFunctionList->C_DecryptDigestUpdate(hSession, ciphertext,
+                                               ciphertextLen,
+                                               plaintext,
+                                               &plaintextLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptDigestUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    lastLen = sizeof(plaintext) - plaintextLen;
+
+    crv = pFunctionList->C_DecryptFinal(hSession,
+                                        (CK_BYTE *)&plaintext[plaintextLen],
+                                        &lastLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    plaintextLen = plaintextLen + lastLen;
+
+    ulDigestLen = sizeof(dDigest);
+    crv = pFunctionList->C_DigestFinal(hSession, dDigest, &ulDigestLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (plaintextLen != pDataLen) {
+        PKM_Error("plaintextLen is %lu\n", plaintextLen);
+        return crv;
+    }
+
+    if (verbose) {
+        printf("plaintext = ");
+        for (i = 0; i < plaintextLen; i++) {
+            printf("%02x", (unsigned)plaintext[i]);
+        }
+        printf("\n");
+        printf("dDigest = ");
+        for (i = 0; i < ulDigestLen; i++) {
+            printf("%02x", (unsigned)dDigest[i]);
+        }
+        printf("\n");
+    }
+
+    if (memcmp(eDigest, dDigest, ulDigestLen) == 0) {
+        PKM_LogIt("Encrypted Digest equals Decrypted Digest\n");
+    } else {
+        PKM_Error("Digests don't match\n");
+    }
+
+    if ((plaintextLen == pDataLen) &&
+        (memcmp(plaintext, pData, pDataLen)) == 0) {
+        PKM_LogIt("DualFuncDigest decrypt test case passed\n");
+    } else {
+        PKM_Error("DualFuncDigest derypt test case failed\n");
+    }
+
+    return crv;
+}
+
+/*
+* PKM_SecKeyCrypt - Symmetric key encrypt/decyprt
+*
+*/
+
+CK_RV
+PKM_SecKeyCrypt(CK_FUNCTION_LIST_PTR pFunctionList,
+                CK_SESSION_HANDLE hSession,
+                CK_OBJECT_HANDLE hSymKey, CK_MECHANISM *cryptMech,
+                const CK_BYTE *pData, CK_ULONG dataLen)
+{
+    CK_RV crv = CKR_OK;
+
+    CK_BYTE cipher1[MAX_CIPHER_SZ];
+    CK_BYTE cipher2[MAX_CIPHER_SZ];
+    CK_BYTE data1[MAX_DATA_SZ];
+    CK_BYTE data2[MAX_DATA_SZ];
+    CK_ULONG cipher1Len = 0, cipher2Len = 0, lastLen = 0;
+    CK_ULONG data1Len = 0, data2Len = 0;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    memset(cipher1, 0, sizeof(cipher1));
+    memset(cipher2, 0, sizeof(cipher2));
+    memset(data1, 0, sizeof(data1));
+    memset(data2, 0, sizeof(data2));
+
+    /* C_Encrypt */
+    crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    cipher1Len = sizeof(cipher1);
+    crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)pData, dataLen,
+                                   cipher1, &cipher1Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* C_EncryptUpdate */
+    crv = pFunctionList->C_EncryptInit(hSession, cryptMech, hSymKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    cipher2Len = sizeof(cipher2);
+    crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)pData,
+                                         dataLen,
+                                         cipher2, &cipher2Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    lastLen = sizeof(cipher2) - cipher2Len;
+
+    crv = pFunctionList->C_EncryptFinal(hSession,
+                                        (CK_BYTE *)&cipher2[cipher2Len],
+                                        &lastLen);
+    cipher2Len = cipher2Len + lastLen;
+
+    if ((cipher1Len == cipher2Len) &&
+        (memcmp(cipher1, cipher2, sizeof(cipher1Len)) == 0)) {
+        PKM_LogIt("encrypt test case passed\n");
+    } else {
+        PKM_Error("encrypt test case failed\n");
+        return CKR_GENERAL_ERROR;
+    }
+
+    /* C_Decrypt */
+    crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    data1Len = sizeof(data1);
+    crv = pFunctionList->C_Decrypt(hSession, cipher1, cipher1Len,
+                                   data1, &data1Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    /* now use C_DecryptUpdate the text */
+    crv = pFunctionList->C_DecryptInit(hSession, cryptMech, hSymKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    data2Len = sizeof(data2);
+    crv = pFunctionList->C_DecryptUpdate(hSession, cipher2,
+                                         cipher2Len,
+                                         data2, &data2Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    lastLen = sizeof(data2) - data2Len;
+    crv = pFunctionList->C_DecryptFinal(hSession,
+                                        (CK_BYTE *)&data2[data2Len],
+                                        &lastLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    data2Len = data2Len + lastLen;
+
+    /* Comparison of Decrypt data */
+
+    if ((data1Len == data2Len) && (dataLen == data1Len) &&
+        (memcmp(data1, pData, dataLen) == 0) &&
+        (memcmp(data2, pData, dataLen) == 0)) {
+        PKM_LogIt("decrypt test case passed\n");
+    } else {
+        PKM_Error("derypt test case failed\n");
+    }
+
+    return crv;
+}
+
+CK_RV
+PKM_SecretKey(CK_FUNCTION_LIST_PTR pFunctionList,
+              CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+              CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv = CKR_OK;
+    CK_MECHANISM sAESKeyMech = {
+        CKM_AES_KEY_GEN, NULL, 0
+    };
+    CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyAESType = CKK_AES;
+    CK_UTF8CHAR AESlabel[] = "An AES secret key object";
+    CK_ULONG AESvalueLen = 16;
+    CK_ATTRIBUTE sAESKeyTemplate[9];
+    CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
+
+    CK_BYTE KEY[16];
+    CK_BYTE IV[16];
+    static const CK_BYTE CIPHERTEXT[] = {
+        0x7e, 0x6a, 0x3f, 0x3b, 0x39, 0x3c, 0xf2, 0x4b,
+        0xce, 0xcc, 0x23, 0x6d, 0x80, 0xfd, 0xe0, 0xff
+    };
+    CK_BYTE ciphertext[64];
+    CK_BYTE ciphertext2[64];
+    CK_ULONG ciphertextLen, ciphertext2Len, lastLen;
+    CK_BYTE plaintext[32];
+    CK_BYTE plaintext2[32];
+    CK_ULONG plaintextLen, plaintext2Len;
+    CK_BYTE wrappedKey[16];
+    CK_ULONG wrappedKeyLen;
+    CK_MECHANISM aesEcbMech = {
+        CKM_AES_ECB, NULL, 0
+    };
+    CK_OBJECT_HANDLE hTestKey;
+    CK_MECHANISM mech_AES_CBC;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    memset(ciphertext, 0, sizeof(ciphertext));
+    memset(ciphertext2, 0, sizeof(ciphertext2));
+    memset(IV, 0x00, sizeof(IV));
+    memset(KEY, 0x00, sizeof(KEY));
+
+    mech_AES_CBC.mechanism = CKM_AES_CBC;
+    mech_AES_CBC.pParameter = IV;
+    mech_AES_CBC.ulParameterLen = sizeof(IV);
+
+    /* AES key template */
+    sAESKeyTemplate[0].type = CKA_CLASS;
+    sAESKeyTemplate[0].pValue = &class;
+    sAESKeyTemplate[0].ulValueLen = sizeof(class);
+    sAESKeyTemplate[1].type = CKA_KEY_TYPE;
+    sAESKeyTemplate[1].pValue = &keyAESType;
+    sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
+    sAESKeyTemplate[2].type = CKA_LABEL;
+    sAESKeyTemplate[2].pValue = AESlabel;
+    sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
+    sAESKeyTemplate[3].type = CKA_ENCRYPT;
+    sAESKeyTemplate[3].pValue = &true;
+    sAESKeyTemplate[3].ulValueLen = sizeof(true);
+    sAESKeyTemplate[4].type = CKA_DECRYPT;
+    sAESKeyTemplate[4].pValue = &true;
+    sAESKeyTemplate[4].ulValueLen = sizeof(true);
+    sAESKeyTemplate[5].type = CKA_SIGN;
+    sAESKeyTemplate[5].pValue = &true;
+    sAESKeyTemplate[5].ulValueLen = sizeof(true);
+    sAESKeyTemplate[6].type = CKA_VERIFY;
+    sAESKeyTemplate[6].pValue = &true;
+    sAESKeyTemplate[6].ulValueLen = sizeof(true);
+    sAESKeyTemplate[7].type = CKA_UNWRAP;
+    sAESKeyTemplate[7].pValue = &true;
+    sAESKeyTemplate[7].ulValueLen = sizeof(true);
+    sAESKeyTemplate[8].type = CKA_VALUE_LEN;
+    sAESKeyTemplate[8].pValue = &AESvalueLen;
+    sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate an AES key ... \n");
+    /* generate an AES Secret Key */
+    crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
+                                       sAESKeyTemplate,
+                                       NUM_ELEM(sAESKeyTemplate),
+                                       &hKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateKey AES succeeded\n");
+    } else {
+        PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_EncryptInit(hSession, &aesEcbMech, hKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    wrappedKeyLen = sizeof(wrappedKey);
+    crv = pFunctionList->C_Encrypt(hSession, KEY, sizeof(KEY),
+                                   wrappedKey, &wrappedKeyLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    if (wrappedKeyLen != sizeof(wrappedKey)) {
+        PKM_Error("wrappedKeyLen is %lu\n", wrappedKeyLen);
+        return crv;
+    }
+    /* Import an encrypted key */
+    crv = pFunctionList->C_UnwrapKey(hSession, &aesEcbMech, hKey,
+                                     wrappedKey, wrappedKeyLen,
+                                     sAESKeyTemplate,
+                                     NUM_ELEM(sAESKeyTemplate),
+                                     &hTestKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_UnwraPKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    /* AES Encrypt the text */
+    crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    ciphertextLen = sizeof(ciphertext);
+    crv = pFunctionList->C_Encrypt(hSession, (CK_BYTE *)PLAINTEXT,
+                                   sizeof(PLAINTEXT),
+                                   ciphertext, &ciphertextLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Encrypt failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if ((ciphertextLen == sizeof(CIPHERTEXT)) &&
+        (memcmp(ciphertext, CIPHERTEXT, ciphertextLen) == 0)) {
+        PKM_LogIt("AES CBCVarKey128 encrypt test case 1 passed\n");
+    } else {
+        PKM_Error("AES CBCVarKey128 encrypt test case 1 failed\n");
+        return crv;
+    }
+
+    /* now use EncryptUpdate the text */
+    crv = pFunctionList->C_EncryptInit(hSession, &mech_AES_CBC, hTestKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    ciphertext2Len = sizeof(ciphertext2);
+    crv = pFunctionList->C_EncryptUpdate(hSession, (CK_BYTE *)PLAINTEXT,
+                                         sizeof(PLAINTEXT),
+                                         ciphertext2, &ciphertext2Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    lastLen = sizeof(ciphertext2) - ciphertext2Len;
+
+    crv = pFunctionList->C_EncryptFinal(hSession,
+                                        (CK_BYTE *)&ciphertext2[ciphertext2Len],
+                                        &lastLen);
+    ciphertext2Len = ciphertext2Len + lastLen;
+
+    if ((ciphertextLen == ciphertext2Len) &&
+        (memcmp(ciphertext, ciphertext2, sizeof(CIPHERTEXT)) == 0) &&
+        (memcmp(ciphertext2, CIPHERTEXT, sizeof(CIPHERTEXT)) == 0)) {
+        PKM_LogIt("AES CBCVarKey128 encrypt test case 2 passed\n");
+    } else {
+        PKM_Error("AES CBCVarKey128 encrypt test case 2 failed\n");
+        return CKR_GENERAL_ERROR;
+    }
+
+    /* AES CBC Decrypt the text */
+    crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    plaintextLen = sizeof(plaintext);
+    crv = pFunctionList->C_Decrypt(hSession, ciphertext, ciphertextLen,
+                                   plaintext, &plaintextLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    if ((plaintextLen == sizeof(PLAINTEXT)) &&
+        (memcmp(plaintext, PLAINTEXT, plaintextLen) == 0)) {
+        PKM_LogIt("AES CBCVarKey128 decrypt test case 1 passed\n");
+    } else {
+        PKM_Error("AES CBCVarKey128 derypt test case 1 failed\n");
+    }
+    /* now use DecryptUpdate the text */
+    crv = pFunctionList->C_DecryptInit(hSession, &mech_AES_CBC, hTestKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    plaintext2Len = sizeof(plaintext2);
+    crv = pFunctionList->C_DecryptUpdate(hSession, ciphertext2,
+                                         ciphertext2Len,
+                                         plaintext2, &plaintext2Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    lastLen = sizeof(plaintext2) - plaintext2Len;
+    crv = pFunctionList->C_DecryptFinal(hSession,
+                                        (CK_BYTE *)&plaintext2[plaintext2Len],
+                                        &lastLen);
+    plaintext2Len = plaintext2Len + lastLen;
+
+    if ((plaintextLen == plaintext2Len) &&
+        (memcmp(plaintext, plaintext2, plaintext2Len) == 0) &&
+        (memcmp(plaintext2, PLAINTEXT, sizeof(PLAINTEXT)) == 0)) {
+        PKM_LogIt("AES CBCVarKey128 decrypt test case 2 passed\n");
+    } else {
+        PKM_Error("AES CBCVarKey128 decrypt test case 2 failed\n");
+        return CKR_GENERAL_ERROR;
+    }
+
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+CK_RV
+PKM_PubKeySign(CK_FUNCTION_LIST_PTR pFunctionList,
+               CK_SESSION_HANDLE hRwSession,
+               CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
+               CK_MECHANISM *signMech, const CK_BYTE *pData,
+               CK_ULONG pDataLen)
+{
+    CK_RV crv = CKR_OK;
+    CK_BYTE sig[MAX_SIG_SZ];
+    CK_ULONG sigLen = 0;
+
+    NUMTESTS++; /* increment NUMTESTS */
+    memset(sig, 0, sizeof(sig));
+
+    /* C_Sign  */
+    crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    sigLen = sizeof(sig);
+    crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)pData, pDataLen,
+                                sig, &sigLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* C_Verify the signature */
+    crv = pFunctionList->C_VerifyInit(hRwSession, signMech, hPubKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Verify(hRwSession, (CK_BYTE *)pData, pDataLen,
+                                  sig, sigLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Verify succeeded\n");
+    } else {
+        PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Check that the mechanism is Multi-part */
+    if (signMech->mechanism == CKM_DSA ||
+        signMech->mechanism == CKM_RSA_PKCS) {
+        return crv;
+    }
+
+    memset(sig, 0, sizeof(sig));
+    /* SignUpdate  */
+    crv = pFunctionList->C_SignInit(hRwSession, signMech, hPrivKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_SignInit failed with 0x%08lX %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_SignUpdate(hRwSession, (CK_BYTE *)pData, pDataLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Sign failed with 0x%08lX %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    sigLen = sizeof(sig);
+    crv = pFunctionList->C_SignFinal(hRwSession, sig, &sigLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* C_VerifyUpdate the signature  */
+    crv = pFunctionList->C_VerifyInit(hRwSession, signMech,
+                                      hPubKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyUpdate(hRwSession, (CK_BYTE *)pData,
+                                        pDataLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyFinal(hRwSession, sig, sigLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyFinal succeeded\n");
+    } else {
+        PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    return crv;
+}
+
+CK_RV
+PKM_PublicKey(CK_FUNCTION_LIST_PTR pFunctionList,
+              CK_SLOT_ID *pSlotList,
+              CK_ULONG slotID, CK_UTF8CHAR_PTR pwd,
+              CK_ULONG pwdLen)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv = CKR_OK;
+
+    /*** DSA Key ***/
+    CK_MECHANISM dsaParamGenMech;
+    CK_ULONG primeBits = 1024;
+    CK_ATTRIBUTE dsaParamGenTemplate[1];
+    CK_OBJECT_HANDLE hDsaParams = CK_INVALID_HANDLE;
+    CK_BYTE DSA_P[128];
+    CK_BYTE DSA_Q[20];
+    CK_BYTE DSA_G[128];
+    CK_MECHANISM dsaKeyPairGenMech;
+    CK_ATTRIBUTE dsaPubKeyTemplate[5];
+    CK_ATTRIBUTE dsaPrivKeyTemplate[5];
+    CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
+    CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
+
+    /* From SHA1ShortMsg.req, Len = 136 */
+    CK_BYTE MSG[] = {
+        0xba, 0x33, 0x95, 0xfb,
+        0x5a, 0xfa, 0x8e, 0x6a,
+        0x43, 0xdf, 0x41, 0x6b,
+        0x32, 0x7b, 0x74, 0xfa,
+        0x44
+    };
+    CK_BYTE MD[] = {
+        0xf7, 0x5d, 0x92, 0xa4,
+        0xbb, 0x4d, 0xec, 0xc3,
+        0x7c, 0x5c, 0x72, 0xfa,
+        0x04, 0x75, 0x71, 0x0a,
+        0x06, 0x75, 0x8c, 0x1d
+    };
+
+    CK_BYTE sha1Digest[20];
+    CK_ULONG sha1DigestLen;
+    CK_BYTE dsaSig[40];
+    CK_ULONG dsaSigLen;
+    CK_MECHANISM sha1Mech = {
+        CKM_SHA_1, NULL, 0
+    };
+    CK_MECHANISM dsaMech = {
+        CKM_DSA, NULL, 0
+    };
+    CK_MECHANISM dsaWithSha1Mech = {
+        CKM_DSA_SHA1, NULL, 0
+    };
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* DSA key init */
+    dsaParamGenMech.mechanism = CKM_DSA_PARAMETER_GEN;
+    dsaParamGenMech.pParameter = NULL_PTR;
+    dsaParamGenMech.ulParameterLen = 0;
+    dsaParamGenTemplate[0].type = CKA_PRIME_BITS;
+    dsaParamGenTemplate[0].pValue = &primeBits;
+    dsaParamGenTemplate[0].ulValueLen = sizeof(primeBits);
+    dsaPubKeyTemplate[0].type = CKA_PRIME;
+    dsaPubKeyTemplate[0].pValue = DSA_P;
+    dsaPubKeyTemplate[0].ulValueLen = sizeof(DSA_P);
+    dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+    dsaPubKeyTemplate[1].pValue = DSA_Q;
+    dsaPubKeyTemplate[1].ulValueLen = sizeof(DSA_Q);
+    dsaPubKeyTemplate[2].type = CKA_BASE;
+    dsaPubKeyTemplate[2].pValue = DSA_G;
+    dsaPubKeyTemplate[2].ulValueLen = sizeof(DSA_G);
+    dsaPubKeyTemplate[3].type = CKA_TOKEN;
+    dsaPubKeyTemplate[3].pValue = &true;
+    dsaPubKeyTemplate[3].ulValueLen = sizeof(true);
+    dsaPubKeyTemplate[4].type = CKA_VERIFY;
+    dsaPubKeyTemplate[4].pValue = &true;
+    dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
+    dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
+    dsaKeyPairGenMech.pParameter = NULL_PTR;
+    dsaKeyPairGenMech.ulParameterLen = 0;
+    dsaPrivKeyTemplate[0].type = CKA_TOKEN;
+    dsaPrivKeyTemplate[0].pValue = &true;
+    dsaPrivKeyTemplate[0].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
+    dsaPrivKeyTemplate[1].pValue = &true;
+    dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
+    dsaPrivKeyTemplate[2].pValue = &true;
+    dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[3].type = CKA_SIGN,
+    dsaPrivKeyTemplate[3].pValue = &true;
+    dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
+    dsaPrivKeyTemplate[4].pValue = &true;
+    dsaPrivKeyTemplate[4].ulValueLen = sizeof(true);
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID],
+                                       CKF_RW_SESSION | CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate DSA PQG domain parameters ... \n");
+    /* Generate DSA domain parameters PQG */
+    crv = pFunctionList->C_GenerateKey(hSession, &dsaParamGenMech,
+                                       dsaParamGenTemplate,
+                                       1,
+                                       &hDsaParams);
+    if (crv == CKR_OK) {
+        PKM_LogIt("DSA domain parameter generation succeeded\n");
+    } else {
+        PKM_Error("DSA domain parameter generation failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_GetAttributeValue(hSession, hDsaParams,
+                                             dsaPubKeyTemplate, 3);
+    if (crv == CKR_OK) {
+        PKM_LogIt("Getting DSA domain parameters succeeded\n");
+    } else {
+        PKM_Error("Getting DSA domain parameters failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_DestroyObject(hSession, hDsaParams);
+    if (crv == CKR_OK) {
+        PKM_LogIt("Destroying DSA domain parameters succeeded\n");
+    } else {
+        PKM_Error("Destroying DSA domain parameters failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate a DSA key pair ... \n");
+    /* Generate a persistent DSA key pair */
+    crv = pFunctionList->C_GenerateKeyPair(hSession, &dsaKeyPairGenMech,
+                                           dsaPubKeyTemplate,
+                                           NUM_ELEM(dsaPubKeyTemplate),
+                                           dsaPrivKeyTemplate,
+                                           NUM_ELEM(dsaPrivKeyTemplate),
+                                           &hDSApubKey, &hDSAprivKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("DSA key pair generation succeeded\n");
+    } else {
+        PKM_Error("DSA key pair generation failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Compute SHA-1 digest */
+    crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    sha1DigestLen = sizeof(sha1Digest);
+    crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
+                                  sha1Digest, &sha1DigestLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    if (sha1DigestLen != sizeof(sha1Digest)) {
+        PKM_Error("sha1DigestLen is %lu\n", sha1DigestLen);
+        return crv;
+    }
+
+    if (memcmp(sha1Digest, MD, sizeof(MD)) == 0) {
+        PKM_LogIt("SHA-1 SHA1ShortMsg test case Len = 136 passed\n");
+    } else {
+        PKM_Error("SHA-1 SHA1ShortMsg test case Len = 136 failed\n");
+    }
+
+    crv = PKM_PubKeySign(pFunctionList, hSession,
+                         hDSApubKey, hDSAprivKey,
+                         &dsaMech, sha1Digest, sizeof(sha1Digest));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_PubKeySign CKM_DSA succeeded \n");
+    } else {
+        PKM_Error("PKM_PubKeySign failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = PKM_PubKeySign(pFunctionList, hSession,
+                         hDSApubKey, hDSAprivKey,
+                         &dsaWithSha1Mech, PLAINTEXT, sizeof(PLAINTEXT));
+    if (crv == CKR_OK) {
+        PKM_LogIt("PKM_PubKeySign CKM_DSA_SHA1 succeeded \n");
+    } else {
+        PKM_Error("PKM_PubKeySign failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Sign with DSA */
+    crv = pFunctionList->C_SignInit(hSession, &dsaMech, hDSAprivKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    dsaSigLen = sizeof(dsaSig);
+    crv = pFunctionList->C_Sign(hSession, sha1Digest, sha1DigestLen,
+                                dsaSig, &dsaSigLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Verify the DSA signature */
+    crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
+                                  dsaSig, dsaSigLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Verify succeeded\n");
+    } else {
+        PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Verify the signature in a different way */
+    crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
+                                      hDSApubKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyFinal succeeded\n");
+    } else {
+        PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Verify the signature in a different way */
+    crv = pFunctionList->C_VerifyInit(hSession, &dsaWithSha1Mech,
+                                      hDSApubKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyUpdate(hSession, MSG, 1);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyUpdate(hSession, MSG + 1, sizeof(MSG) - 1);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyFinal(hSession, dsaSig, dsaSigLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyFinal of multi update succeeded.\n");
+    } else {
+        PKM_Error("C_VerifyFinal of multi update failed with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    /* Now modify the data */
+    MSG[0] += 1;
+    /* Compute SHA-1 digest */
+    crv = pFunctionList->C_DigestInit(hSession, &sha1Mech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    sha1DigestLen = sizeof(sha1Digest);
+    crv = pFunctionList->C_Digest(hSession, MSG, sizeof(MSG),
+                                  sha1Digest, &sha1DigestLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Digest failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyInit(hSession, &dsaMech, hDSApubKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Verify(hSession, sha1Digest, sha1DigestLen,
+                                  dsaSig, dsaSigLen);
+    if (crv != CKR_SIGNATURE_INVALID) {
+        PKM_Error("C_Verify of modified data succeeded\n");
+        return crv;
+    } else {
+        PKM_LogIt("C_Verify of modified data returned as EXPECTED "
+                  " with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+    }
+
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+CK_RV
+PKM_Hmac(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
+         CK_OBJECT_HANDLE sKey, CK_MECHANISM *hmacMech,
+         const CK_BYTE *pData, CK_ULONG pDataLen)
+{
+
+    CK_RV crv = CKR_OK;
+
+    CK_BYTE hmac1[HMAC_MAX_LENGTH];
+    CK_ULONG hmac1Len = 0;
+    CK_BYTE hmac2[HMAC_MAX_LENGTH];
+    CK_ULONG hmac2Len = 0;
+
+    memset(hmac1, 0, sizeof(hmac1));
+    memset(hmac2, 0, sizeof(hmac2));
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_SignInit succeeded\n");
+    } else {
+        PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    hmac1Len = sizeof(hmac1);
+    crv = pFunctionList->C_Sign(hSession, (CK_BYTE *)pData,
+                                pDataLen,
+                                (CK_BYTE *)hmac1, &hmac1Len);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Sign succeeded\n");
+    } else {
+        PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_SignInit(hSession, hmacMech, sKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_SignInit succeeded\n");
+    } else {
+        PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_SignUpdate(hSession, (CK_BYTE *)pData,
+                                      pDataLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_SignUpdate succeeded\n");
+    } else {
+        PKM_Error("C_SignUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    hmac2Len = sizeof(hmac2);
+    crv = pFunctionList->C_SignFinal(hSession, (CK_BYTE *)hmac2, &hmac2Len);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_SignFinal succeeded\n");
+    } else {
+        PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if ((hmac1Len == hmac2Len) && (memcmp(hmac1, hmac2, hmac1Len) == 0)) {
+        PKM_LogIt("hmacs are equal!\n");
+    } else {
+        PKM_Error("hmacs are not equal!\n");
+    }
+    crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Verify(hSession, (CK_BYTE *)pData,
+                                  pDataLen,
+                                  (CK_BYTE *)hmac2, hmac2Len);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Verify of hmac succeeded\n");
+    } else {
+        PKM_Error("C_Verify failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyInit(hSession, hmacMech, sKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyUpdate(hSession, (CK_BYTE *)pData,
+                                        pDataLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyUpdate of hmac succeeded\n");
+    } else {
+        PKM_Error("C_VerifyUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyFinal(hSession, (CK_BYTE *)hmac1,
+                                       hmac1Len);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyFinal of hmac succeeded\n");
+    } else {
+        PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    return crv;
+}
+
+CK_RV
+PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList,
+                   CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                   CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+    CK_RV crv = CKR_OK;
+
+    CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
+    CK_SESSION_INFO sinfo;
+    CK_ATTRIBUTE_PTR pTemplate;
+    CK_ULONG tnObjects = 0;
+    int curMode;
+    unsigned int i;
+    unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute);
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &h);
+    if (CKR_OK != crv) {
+        PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
+                  "returned 0x%08X, %-26s\n",
+                  pSlotList[slotID], crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    Opened a session: handle = 0x%08x\n", h);
+
+    (void)memset(&sinfo, 0, sizeof(CK_SESSION_INFO));
+    crv = pFunctionList->C_GetSessionInfo(h, &sinfo);
+    if (CKR_OK != crv) {
+        PKM_LogIt("C_GetSessionInfo(%lu, ) returned 0x%08X, %-26s\n", h, crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    SESSION INFO:\n");
+    PKM_LogIt("        slotID = %lu\n", sinfo.slotID);
+    PKM_LogIt("        state = %lu\n", sinfo.state);
+    PKM_LogIt("        flags = 0x%08x\n", sinfo.flags);
+#ifdef CKF_EXCLUSIVE_SESSION
+    PKM_LogIt("            -> EXCLUSIVE SESSION = %s\n", sinfo.flags &
+                                                                 CKF_EXCLUSIVE_SESSION
+                                                             ? "TRUE"
+                                                             : "FALSE");
+#endif /* CKF_EXCLUSIVE_SESSION */
+    PKM_LogIt("            -> RW SESSION = %s\n", sinfo.flags &
+                                                          CKF_RW_SESSION
+                                                      ? "TRUE"
+                                                      : "FALSE");
+    PKM_LogIt("            -> SERIAL SESSION = %s\n", sinfo.flags &
+                                                              CKF_SERIAL_SESSION
+                                                          ? "TRUE"
+                                                          : "FALSE");
+#ifdef CKF_INSERTION_CALLBACK
+    PKM_LogIt("            -> INSERTION CALLBACK = %s\n", sinfo.flags &
+                                                                  CKF_INSERTION_CALLBACK
+                                                              ? "TRUE"
+                                                              : "FALSE");
+#endif /* CKF_INSERTION_CALLBACK */
+    PKM_LogIt("        ulDeviceError = %lu\n", sinfo.ulDeviceError);
+    PKM_LogIt("\n");
+
+    crv = pFunctionList->C_FindObjectsInit(h, NULL, 0);
+    if (CKR_OK != crv) {
+        PKM_LogIt("C_FindObjectsInit(%lu, NULL, 0) returned "
+                  "0x%08X, %-26s\n",
+                  h, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    pTemplate = (CK_ATTRIBUTE_PTR)calloc(number_of_all_known_attribute_types,
+                                         sizeof(CK_ATTRIBUTE));
+    if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
+        PKM_Error("[pTemplate memory allocation of %lu bytes failed]\n",
+                  number_of_all_known_attribute_types *
+                      sizeof(CK_ATTRIBUTE));
+        return crv;
+    }
+
+    PKM_LogIt("    All objects:\n");
+    /* Printing table set to NOMODE */
+    curMode = MODE;
+    MODE = NOMODE;
+
+    while (1) {
+        CK_OBJECT_HANDLE o = (CK_OBJECT_HANDLE)0;
+        CK_ULONG nObjects = 0;
+        CK_ULONG k;
+        CK_ULONG nAttributes = 0;
+        CK_ATTRIBUTE_PTR pT2;
+        CK_ULONG l;
+        const char *attName = NULL;
+
+        crv = pFunctionList->C_FindObjects(h, &o, 1, &nObjects);
+        if (CKR_OK != crv) {
+            PKM_Error("C_FindObjects(%lu, , 1, ) returned 0x%08X, %-26s\n",
+                      h, crv, PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+
+        if (0 == nObjects) {
+            PKM_LogIt("\n");
+            break;
+        }
+
+        tnObjects++;
+
+        PKM_LogIt("        OBJECT HANDLE %lu:\n", o);
+
+        k = 0;
+        for (i = 0; i < constCount; i++) {
+            if (consts[i].type == ConstAttribute) {
+                pTemplate[k].type = consts[i].value;
+                pTemplate[k].pValue = (CK_VOID_PTR)NULL;
+                pTemplate[k].ulValueLen = 0;
+                k++;
+            }
+            assert(k <= number_of_all_known_attribute_types);
+        }
+
+        crv = pFunctionList->C_GetAttributeValue(h, o, pTemplate,
+                                                 number_of_all_known_attribute_types);
+        switch (crv) {
+            case CKR_OK:
+            case CKR_ATTRIBUTE_SENSITIVE:
+            case CKR_ATTRIBUTE_TYPE_INVALID:
+            case CKR_BUFFER_TOO_SMALL:
+                break;
+            default:
+                PKM_Error("C_GetAtributeValue(%lu, %lu, {all attribute types},"
+                          "%lu) returned 0x%08X, %-26s\n",
+                          h, o, number_of_all_known_attribute_types, crv,
+                          PKM_CK_RVtoStr(crv));
+                return crv;
+        }
+
+        for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types; k++) {
+            if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
+                nAttributes++;
+            }
+        }
+
+        PKM_LogIt("            %lu attributes:\n", nAttributes);
+        for (k = 0; k < (CK_ULONG)number_of_all_known_attribute_types;
+             k++) {
+            if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
+                attName = getNameFromAttribute(pTemplate[k].type);
+                if (!attName) {
+                    PKM_Error("Unable to find attribute name update pk11table.c\n");
+                }
+                PKM_LogIt("                %s 0x%08x (len = %lu)\n",
+                          attName,
+                          pTemplate[k].type,
+                          pTemplate[k].ulValueLen);
+            }
+        }
+        PKM_LogIt("\n");
+
+        pT2 = (CK_ATTRIBUTE_PTR)calloc(nAttributes, sizeof(CK_ATTRIBUTE));
+        if ((CK_ATTRIBUTE_PTR)NULL == pT2) {
+            PKM_Error("[pT2 memory allocation of %lu bytes failed]\n",
+                      nAttributes * sizeof(CK_ATTRIBUTE));
+            return crv;
+        }
+
+        /* allocate memory for the attribute values */
+        for (l = 0, k = 0; k < (CK_ULONG)number_of_all_known_attribute_types;
+             k++) {
+            if (-1 != (CK_LONG)pTemplate[k].ulValueLen) {
+                pT2[l].type = pTemplate[k].type;
+                pT2[l].ulValueLen = pTemplate[k].ulValueLen;
+                if (pT2[l].ulValueLen > 0) {
+                    pT2[l].pValue = (CK_VOID_PTR)malloc(pT2[l].ulValueLen);
+                    if ((CK_VOID_PTR)NULL == pT2[l].pValue) {
+                        PKM_Error("pValue memory allocation of %lu bytes failed]\n",
+                                  pT2[l].ulValueLen);
+                        return crv;
+                    }
+                } else
+                    pT2[l].pValue = (CK_VOID_PTR)NULL;
+                l++;
+            }
+        }
+
+        assert(l == nAttributes);
+
+        crv = pFunctionList->C_GetAttributeValue(h, o, pT2, nAttributes);
+        switch (crv) {
+            case CKR_OK:
+            case CKR_ATTRIBUTE_SENSITIVE:
+            case CKR_ATTRIBUTE_TYPE_INVALID:
+            case CKR_BUFFER_TOO_SMALL:
+                break;
+            default:
+                PKM_Error("C_GetAtributeValue(%lu, %lu, {existent attribute"
+                          " types}, %lu) returned 0x%08X, %-26s\n",
+                          h, o, nAttributes, crv, PKM_CK_RVtoStr(crv));
+                return crv;
+        }
+
+        for (l = 0; l < nAttributes; l++) {
+            attName = getNameFromAttribute(pT2[l].type);
+            if (!attName)
+                attName = "unknown attribute";
+            PKM_LogIt("            type = %s len = %ld",
+                      attName, (CK_LONG)pT2[l].ulValueLen);
+
+            if (-1 == (CK_LONG)pT2[l].ulValueLen) {
+                ;
+            } else {
+                CK_ULONG m;
+
+                if (pT2[l].ulValueLen <= 8) {
+                    PKM_LogIt(", value = ");
+                } else {
+                    PKM_LogIt(", value = \n                ");
+                }
+
+                for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) {
+                    PKM_LogIt("%02x", (CK_ULONG)(0xff &
+                                                 ((CK_CHAR_PTR)pT2[l].pValue)[m]));
+                }
+
+                PKM_LogIt(" ");
+
+                for (m = 0; (m < pT2[l].ulValueLen) && (m < 20); m++) {
+                    CK_CHAR c = ((CK_CHAR_PTR)pT2[l].pValue)[m];
+                    if ((c < 0x20) || (c >= 0x7f)) {
+                        c = '.';
+                    }
+                    PKM_LogIt("%c", c);
+                }
+            }
+
+            PKM_LogIt("\n");
+        }
+
+        PKM_LogIt("\n");
+
+        for (l = 0; l < nAttributes; l++) {
+            if (pT2[l].pValue) {
+                free(pT2[l].pValue);
+            }
+        }
+        free(pT2);
+    } /* while(1) */
+
+    MODE = curMode; /* reset the logging MODE */
+
+    crv = pFunctionList->C_FindObjectsFinal(h);
+    if (CKR_OK != crv) {
+        PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h, crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    (%lu objects total)\n", tnObjects);
+
+    crv = pFunctionList->C_CloseSession(h);
+    if (CKR_OK != crv) {
+        PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n", h, crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+/* session to create, find, and delete a couple session objects */
+CK_RV
+PKM_MultiObjectManagement(CK_FUNCTION_LIST_PTR pFunctionList,
+                          CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                          CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+
+    CK_RV crv = CKR_OK;
+
+    CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
+    CK_SESSION_HANDLE h2 = (CK_SESSION_HANDLE)0;
+    CK_ATTRIBUTE one[7], two[7], three[7], delta[1], mask[1];
+    CK_OBJECT_CLASS cko_data = CKO_DATA;
+    char *key = "TEST PROGRAM";
+    CK_ULONG key_len = 0;
+    CK_OBJECT_HANDLE hOneIn = (CK_OBJECT_HANDLE)0;
+    CK_OBJECT_HANDLE hTwoIn = (CK_OBJECT_HANDLE)0;
+    CK_OBJECT_HANDLE hThreeIn = (CK_OBJECT_HANDLE)0;
+    CK_OBJECT_HANDLE hDeltaIn = (CK_OBJECT_HANDLE)0;
+    CK_OBJECT_HANDLE found[10];
+    CK_ULONG nFound;
+    CK_ULONG hDeltaLen, hThreeLen = 0;
+
+    CK_TOKEN_INFO tinfo;
+
+    NUMTESTS++; /* increment NUMTESTS */
+    key_len = sizeof(key);
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID],
+                                       CKF_SERIAL_SESSION, NULL, NULL, &h);
+    if (CKR_OK != crv) {
+        PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
+                  "returned 0x%08X, %-26s\n",
+                  pSlotList[slotID], crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Login(h, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    (void)memset(&tinfo, 0, sizeof(CK_TOKEN_INFO));
+    crv = pFunctionList->C_GetTokenInfo(pSlotList[slotID], &tinfo);
+    if (CKR_OK != crv) {
+        PKM_Error("C_GetTokenInfo(%lu, ) returned 0x%08X, %-26s\n",
+                  pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    Opened a session: handle = 0x%08x\n", h);
+
+    one[0].type = CKA_CLASS;
+    one[0].pValue = &cko_data;
+    one[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
+    one[1].type = CKA_TOKEN;
+    one[1].pValue = &false;
+    one[1].ulValueLen = sizeof(CK_BBOOL);
+    one[2].type = CKA_PRIVATE;
+    one[2].pValue = &false;
+    one[2].ulValueLen = sizeof(CK_BBOOL);
+    one[3].type = CKA_MODIFIABLE;
+    one[3].pValue = &true;
+    one[3].ulValueLen = sizeof(CK_BBOOL);
+    one[4].type = CKA_LABEL;
+    one[4].pValue = "Test data object one";
+    one[4].ulValueLen = strlen(one[4].pValue);
+    one[5].type = CKA_APPLICATION;
+    one[5].pValue = key;
+    one[5].ulValueLen = key_len;
+    one[6].type = CKA_VALUE;
+    one[6].pValue = "Object one";
+    one[6].ulValueLen = strlen(one[6].pValue);
+
+    two[0].type = CKA_CLASS;
+    two[0].pValue = &cko_data;
+    two[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
+    two[1].type = CKA_TOKEN;
+    two[1].pValue = &false;
+    two[1].ulValueLen = sizeof(CK_BBOOL);
+    two[2].type = CKA_PRIVATE;
+    two[2].pValue = &false;
+    two[2].ulValueLen = sizeof(CK_BBOOL);
+    two[3].type = CKA_MODIFIABLE;
+    two[3].pValue = &true;
+    two[3].ulValueLen = sizeof(CK_BBOOL);
+    two[4].type = CKA_LABEL;
+    two[4].pValue = "Test data object two";
+    two[4].ulValueLen = strlen(two[4].pValue);
+    two[5].type = CKA_APPLICATION;
+    two[5].pValue = key;
+    two[5].ulValueLen = key_len;
+    two[6].type = CKA_VALUE;
+    two[6].pValue = "Object two";
+    two[6].ulValueLen = strlen(two[6].pValue);
+
+    three[0].type = CKA_CLASS;
+    three[0].pValue = &cko_data;
+    three[0].ulValueLen = sizeof(CK_OBJECT_CLASS);
+    three[1].type = CKA_TOKEN;
+    three[1].pValue = &false;
+    three[1].ulValueLen = sizeof(CK_BBOOL);
+    three[2].type = CKA_PRIVATE;
+    three[2].pValue = &false;
+    three[2].ulValueLen = sizeof(CK_BBOOL);
+    three[3].type = CKA_MODIFIABLE;
+    three[3].pValue = &true;
+    three[3].ulValueLen = sizeof(CK_BBOOL);
+    three[4].type = CKA_LABEL;
+    three[4].pValue = "Test data object three";
+    three[4].ulValueLen = strlen(three[4].pValue);
+    three[5].type = CKA_APPLICATION;
+    three[5].pValue = key;
+    three[5].ulValueLen = key_len;
+    three[6].type = CKA_VALUE;
+    three[6].pValue = "Object three";
+    three[6].ulValueLen = strlen(three[6].pValue);
+
+    crv = pFunctionList->C_CreateObject(h, one, 7, &hOneIn);
+    if (CKR_OK != crv) {
+        PKM_Error("C_CreateObject(%lu, one, 7, ) returned 0x%08X, %-26s\n",
+                  h, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    Created object one: handle = %lu\n", hOneIn);
+
+    crv = pFunctionList->C_CreateObject(h, two, 7, &hTwoIn);
+    if (CKR_OK != crv) {
+        PKM_Error("C_CreateObject(%lu, two, 7, ) returned 0x%08X, %-26s\n",
+                  h, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    Created object two: handle = %lu\n", hTwoIn);
+
+    crv = pFunctionList->C_CreateObject(h, three, 7, &hThreeIn);
+    if (CKR_OK != crv) {
+        PKM_Error("C_CreateObject(%lu, three, 7, ) returned 0x%08x\n",
+                  h, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_GetObjectSize(h, hThreeIn, &hThreeLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GetObjectSize succeeded\n");
+    } else {
+        PKM_Error("C_GetObjectSize failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    Created object three: handle = %lu\n", hThreeIn);
+
+    delta[0].type = CKA_VALUE;
+    delta[0].pValue = "Copied object";
+    delta[0].ulValueLen = strlen(delta[0].pValue);
+
+    crv = pFunctionList->C_CopyObject(h, hThreeIn, delta, 1, &hDeltaIn);
+    if (CKR_OK != crv) {
+        PKM_Error("C_CopyObject(%lu, %lu, delta, 1, ) returned "
+                  "0x%08X, %-26s\n",
+                  h, hThreeIn, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_GetObjectSize(h, hDeltaIn, &hDeltaLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GetObjectSize succeeded\n");
+    } else {
+        PKM_Error("C_GetObjectSize failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (hThreeLen == hDeltaLen) {
+        PKM_LogIt("Copied object size same as orginal\n");
+    } else {
+        PKM_Error("Copied object different from original\n");
+        return CKR_DEVICE_ERROR;
+    }
+
+    PKM_LogIt("    Copied object three: new handle = %lu\n", hDeltaIn);
+
+    mask[0].type = CKA_APPLICATION;
+    mask[0].pValue = key;
+    mask[0].ulValueLen = key_len;
+
+    crv = pFunctionList->C_FindObjectsInit(h, mask, 1);
+    if (CKR_OK != crv) {
+        PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
+                  h, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    (void)memset(&found, 0, sizeof(found));
+    nFound = 0;
+    crv = pFunctionList->C_FindObjects(h, found, 10, &nFound);
+    if (CKR_OK != crv) {
+        PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
+                  h, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (4 != nFound) {
+        PKM_Error("Found %lu objects, not 4.\n", nFound);
+        return crv;
+    }
+
+    PKM_LogIt("    Found 4 objects: %lu, %lu, %lu, %lu\n",
+              found[0], found[1], found[2], found[3]);
+
+    crv = pFunctionList->C_FindObjectsFinal(h);
+    if (CKR_OK != crv) {
+        PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n",
+                  h, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_DestroyObject(h, hThreeIn);
+    if (CKR_OK != crv) {
+        PKM_Error("C_DestroyObject(%lu, %lu) returned 0x%08X, %-26s\n", h,
+                  hThreeIn, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    Destroyed object three (handle = %lu)\n", hThreeIn);
+
+    delta[0].type = CKA_APPLICATION;
+    delta[0].pValue = "Changed application";
+    delta[0].ulValueLen = strlen(delta[0].pValue);
+
+    crv = pFunctionList->C_SetAttributeValue(h, hTwoIn, delta, 1);
+    if (CKR_OK != crv) {
+        PKM_Error("C_SetAttributeValue(%lu, %lu, delta, 1) returned "
+                  "0x%08X, %-26s\n",
+                  h, hTwoIn, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("    Changed object two (handle = %lu).\n", hTwoIn);
+
+    /* Can another session find these session objects? */
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &h2);
+    if (CKR_OK != crv) {
+        PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
+                  " returned 0x%08X, %-26s\n",
+                  pSlotList[slotID], crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    PKM_LogIt("    Opened a second session: handle = 0x%08x\n", h2);
+
+    /* mask is still the same */
+
+    crv = pFunctionList->C_FindObjectsInit(h2, mask, 1);
+    if (CKR_OK != crv) {
+        PKM_Error("C_FindObjectsInit(%lu, mask, 1) returned 0x%08X, %-26s\n",
+                  h2, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    (void)memset(&found, 0, sizeof(found));
+    nFound = 0;
+    crv = pFunctionList->C_FindObjects(h2, found, 10, &nFound);
+    if (CKR_OK != crv) {
+        PKM_Error("C_FindObjects(%lu,, 10, ) returned 0x%08X, %-26s\n",
+                  h2, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (2 != nFound) {
+        PKM_Error("Found %lu objects, not 2.\n", nFound);
+        return crv;
+    }
+
+    PKM_LogIt("    Found 2 objects: %lu, %lu\n",
+              found[0], found[1]);
+
+    crv = pFunctionList->C_FindObjectsFinal(h2);
+    if (CKR_OK != crv) {
+        PKM_Error("C_FindObjectsFinal(%lu) returned 0x%08X, %-26s\n", h2, crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Logout(h);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_CloseAllSessions(pSlotList[slotID]);
+    if (CKR_OK != crv) {
+        PKM_Error("C_CloseAllSessions(%lu) returned 0x%08X, %-26s\n",
+                  pSlotList[slotID], crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("\n");
+    return crv;
+}
+
+CK_RV
+PKM_OperationalState(CK_FUNCTION_LIST_PTR pFunctionList,
+                     CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                     CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv = CKR_OK;
+    CK_MECHANISM sAESKeyMech = {
+        CKM_AES_KEY_GEN, NULL, 0
+    };
+    CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyAESType = CKK_AES;
+    CK_UTF8CHAR AESlabel[] = "An AES secret key object";
+    CK_ULONG AESvalueLen = 16;
+    CK_ATTRIBUTE sAESKeyTemplate[9];
+    CK_OBJECT_HANDLE sKey = CK_INVALID_HANDLE;
+    CK_BYTE_PTR pstate = NULL;
+    CK_ULONG statelen, digestlen, plainlen, plainlen_1, plainlen_2, slen;
+
+    static const CK_UTF8CHAR *plaintext = (CK_UTF8CHAR *)"Firefox rules.";
+    static const CK_UTF8CHAR *plaintext_1 = (CK_UTF8CHAR *)"Thunderbird rules.";
+    static const CK_UTF8CHAR *plaintext_2 = (CK_UTF8CHAR *)"Firefox and Thunderbird.";
+
+    char digest[MAX_DIGEST_SZ], digest_1[MAX_DIGEST_SZ];
+    char sign[MAX_SIG_SZ];
+    CK_MECHANISM signmech;
+    CK_MECHANISM digestmech;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* AES key template */
+    sAESKeyTemplate[0].type = CKA_CLASS;
+    sAESKeyTemplate[0].pValue = &class;
+    sAESKeyTemplate[0].ulValueLen = sizeof(class);
+    sAESKeyTemplate[1].type = CKA_KEY_TYPE;
+    sAESKeyTemplate[1].pValue = &keyAESType;
+    sAESKeyTemplate[1].ulValueLen = sizeof(keyAESType);
+    sAESKeyTemplate[2].type = CKA_LABEL;
+    sAESKeyTemplate[2].pValue = AESlabel;
+    sAESKeyTemplate[2].ulValueLen = sizeof(AESlabel) - 1;
+    sAESKeyTemplate[3].type = CKA_ENCRYPT;
+    sAESKeyTemplate[3].pValue = &true;
+    sAESKeyTemplate[3].ulValueLen = sizeof(true);
+    sAESKeyTemplate[4].type = CKA_DECRYPT;
+    sAESKeyTemplate[4].pValue = &true;
+    sAESKeyTemplate[4].ulValueLen = sizeof(true);
+    sAESKeyTemplate[5].type = CKA_SIGN;
+    sAESKeyTemplate[5].pValue = &true;
+    sAESKeyTemplate[5].ulValueLen = sizeof(true);
+    sAESKeyTemplate[6].type = CKA_VERIFY;
+    sAESKeyTemplate[6].pValue = &true;
+    sAESKeyTemplate[6].ulValueLen = sizeof(true);
+    sAESKeyTemplate[7].type = CKA_UNWRAP;
+    sAESKeyTemplate[7].pValue = &true;
+    sAESKeyTemplate[7].ulValueLen = sizeof(true);
+    sAESKeyTemplate[8].type = CKA_VALUE_LEN;
+    sAESKeyTemplate[8].pValue = &AESvalueLen;
+    sAESKeyTemplate[8].ulValueLen = sizeof(AESvalueLen);
+
+    signmech.mechanism = CKM_SHA_1_HMAC;
+    signmech.pParameter = NULL;
+    signmech.ulParameterLen = 0;
+    digestmech.mechanism = CKM_SHA256;
+    digestmech.pParameter = NULL;
+    digestmech.ulParameterLen = 0;
+
+    plainlen = strlen((char *)plaintext);
+    plainlen_1 = strlen((char *)plaintext_1);
+    plainlen_2 = strlen((char *)plaintext_2);
+    digestlen = MAX_DIGEST_SZ;
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    PKM_LogIt("Generate an AES key ...\n");
+    /* generate an AES Secret Key */
+    crv = pFunctionList->C_GenerateKey(hSession, &sAESKeyMech,
+                                       sAESKeyTemplate,
+                                       NUM_ELEM(sAESKeyTemplate),
+                                       &sKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateKey AES succeeded\n");
+    } else {
+        PKM_Error("C_GenerateKey AES failed with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_SignInit(hSession, &signmech, sKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_SignInit failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    slen = sizeof(sign);
+    crv = pFunctionList->C_Sign(hSession, (CK_BYTE_PTR)plaintext, plainlen,
+                                (CK_BYTE_PTR)sign, &slen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Sign failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_DestroyObject(hSession, sKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DestroyObject failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    digestlen = MAX_DIGEST_SZ;
+    crv = pFunctionList->C_DigestInit(hSession, &digestmech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext,
+                                        plainlen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_GetOperationState(hSession, NULL, &statelen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    pstate = (CK_BYTE_PTR)malloc(statelen * sizeof(CK_BYTE_PTR));
+    crv = pFunctionList->C_GetOperationState(hSession, pstate, &statelen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetOperationState failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_1,
+                                        plainlen_1);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE_PTR)plaintext_2,
+                                        plainlen_2);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestUpdate failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /*
+     *      This will override/negate the above 2 digest_update
+     *      operations
+     */
+    crv = pFunctionList->C_SetOperationState(hSession, pstate, statelen,
+                                             0, 0);
+    if (crv != CKR_OK) {
+        PKM_Error("C_SetOperationState failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_DigestFinal(hSession, (CK_BYTE_PTR)digest,
+                                       &digestlen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestFinal failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    digestlen = MAX_DIGEST_SZ;
+    crv = pFunctionList->C_DigestInit(hSession, &digestmech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestInit failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Digest(hSession, (CK_BYTE_PTR)plaintext, plainlen,
+                                  (CK_BYTE_PTR)digest_1, &digestlen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Digest failed returned 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    if (memcmp(digest, digest_1, digestlen) == 0) {
+        PKM_LogIt("Digest and digest_1 are equal!\n");
+    } else {
+        PKM_Error("Digest and digest_1 are not equal!\n");
+    }
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (CKR_OK != crv) {
+        PKM_Error("C_CloseSession(%lu) returned 0x%08X, %-26s\n",
+                  hSession, crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+/*
+* Recover Functions
+*/
+CK_RV
+PKM_RecoverFunctions(CK_FUNCTION_LIST_PTR pFunctionList,
+                     CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hPubKey, CK_OBJECT_HANDLE hPrivKey,
+                     CK_MECHANISM *signMech, const CK_BYTE *pData,
+                     CK_ULONG pDataLen)
+{
+    CK_RV crv = CKR_OK;
+    CK_BYTE sig[MAX_SIG_SZ];
+    CK_ULONG sigLen = MAX_SIG_SZ;
+    CK_BYTE recover[MAX_SIG_SZ];
+    CK_ULONG recoverLen = MAX_SIG_SZ;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* initializes a signature operation,
+     *  where the data can be recovered from the signature
+     */
+    crv = pFunctionList->C_SignRecoverInit(hSession, signMech,
+                                           hPrivKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_SignRecoverInit succeeded. \n");
+    } else {
+        PKM_Error("C_SignRecoverInit failed.\n"
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* signs single-part data,
+     * where the data can be recovered from the signature
+     */
+    crv = pFunctionList->C_SignRecover(hSession, (CK_BYTE *)pData,
+                                       pDataLen,
+                                       (CK_BYTE *)sig, &sigLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_SignRecover succeeded. \n");
+    } else {
+        PKM_Error("C_SignRecoverInit failed to create an RSA key pair.\n"
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /*
+     * initializes a verification operation
+     *where the data is recovered from the signature
+     */
+    crv = pFunctionList->C_VerifyRecoverInit(hSession, signMech,
+                                             hPubKey);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyRecoverInit succeeded. \n");
+    } else {
+        PKM_Error("C_VerifyRecoverInit failed.\n"
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /*
+    * verifies a signature on single-part data,
+    * where the data is recovered from the signature
+    */
+    crv = pFunctionList->C_VerifyRecover(hSession, (CK_BYTE *)sig,
+                                         sigLen,
+                                         (CK_BYTE *)recover, &recoverLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyRecover succeeded. \n");
+    } else {
+        PKM_Error("C_VerifyRecover failed.\n"
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if ((recoverLen == pDataLen) &&
+        (memcmp(recover, pData, pDataLen) == 0)) {
+        PKM_LogIt("VerifyRecover test case passed\n");
+    } else {
+        PKM_Error("VerifyRecover test case failed\n");
+    }
+
+    return crv;
+}
+/*
+* wrapUnwrap
+* wrap the secretkey with the public key.
+* unwrap the secretkey with the private key.
+*/
+CK_RV
+PKM_wrapUnwrap(CK_FUNCTION_LIST_PTR pFunctionList,
+               CK_SESSION_HANDLE hSession,
+               CK_OBJECT_HANDLE hPublicKey,
+               CK_OBJECT_HANDLE hPrivateKey,
+               CK_MECHANISM *wrapMechanism,
+               CK_OBJECT_HANDLE hSecretKey,
+               CK_ATTRIBUTE *sKeyTemplate,
+               CK_ULONG skeyTempSize)
+{
+    CK_RV crv = CKR_OK;
+    CK_OBJECT_HANDLE hSecretKeyUnwrapped = CK_INVALID_HANDLE;
+    CK_BYTE wrappedKey[128];
+    CK_ULONG ulWrappedKeyLen = 0;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    ulWrappedKeyLen = sizeof(wrappedKey);
+    crv = pFunctionList->C_WrapKey(
+        hSession, wrapMechanism,
+        hPublicKey, hSecretKey,
+        wrappedKey, &ulWrappedKeyLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_WrapKey succeeded\n");
+    } else {
+        PKM_Error("C_WrapKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_UnwrapKey(
+        hSession, wrapMechanism, hPrivateKey,
+        wrappedKey, ulWrappedKeyLen, sKeyTemplate,
+        skeyTempSize,
+        &hSecretKeyUnwrapped);
+    if ((crv == CKR_OK) && (hSecretKeyUnwrapped != CK_INVALID_HANDLE)) {
+        PKM_LogIt("C_UnwrapKey succeeded\n");
+    } else {
+        PKM_Error("C_UnwrapKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return crv;
+}
+
+/*
+ * Tests if the object's attributes match the expected_attrs
+ */
+CK_RV
+PKM_AttributeCheck(CK_FUNCTION_LIST_PTR pFunctionList,
+                   CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE obj,
+                   CK_ATTRIBUTE_PTR expected_attrs,
+                   CK_ULONG expected_attrs_count)
+{
+    CK_RV crv;
+    CK_ATTRIBUTE_PTR tmp_attrs;
+    unsigned int i;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* First duplicate the themplate */
+    tmp_attrs = malloc(expected_attrs_count * sizeof(CK_ATTRIBUTE));
+
+    if (tmp_attrs == NULL) {
+        PKM_Error("Internal test memory failure\n");
+        return (CKR_HOST_MEMORY);
+    }
+
+    for (i = 0; i < expected_attrs_count; i++) {
+        tmp_attrs[i].type = expected_attrs[i].type;
+        tmp_attrs[i].ulValueLen = expected_attrs[i].ulValueLen;
+
+        /* Don't give away the expected one. just zeros */
+        tmp_attrs[i].pValue = calloc(expected_attrs[i].ulValueLen, 1);
+
+        if (tmp_attrs[i].pValue == NULL) {
+            unsigned int j;
+            for (j = 0; j < i; j++)
+                free(tmp_attrs[j].pValue);
+
+            free(tmp_attrs);
+            printf("Internal test memory failure\n");
+            return (CKR_HOST_MEMORY);
+        }
+    }
+
+    /* then get the attributes from the object */
+    crv = pFunctionList->C_GetAttributeValue(hSession, obj, tmp_attrs,
+                                             expected_attrs_count);
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetAttributeValue failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        crv = CKR_FUNCTION_FAILED;
+        goto out;
+    }
+
+    /* Finally compare with the expected ones */
+    for (i = 0; i < expected_attrs_count; i++) {
+
+        if (memcmp(tmp_attrs[i].pValue, expected_attrs[i].pValue,
+                   expected_attrs[i].ulValueLen) != 0) {
+            PKM_LogIt("comparing attribute type 0x%x with expected  0x%x\n",
+                      tmp_attrs[i].type, expected_attrs[i].type);
+            PKM_LogIt("comparing attribute type value 0x%x with expected 0x%x\n",
+                      tmp_attrs[i].pValue, expected_attrs[i].pValue);
+            /* don't report error at this time */
+        }
+    }
+
+out:
+    for (i = 0; i < expected_attrs_count; i++)
+        free(tmp_attrs[i].pValue);
+    free(tmp_attrs);
+    return (crv);
+}
+
+/*
+ * Check the validity of a mech
+ */
+CK_RV
+PKM_MechCheck(CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_TYPE mechType, CK_FLAGS flags,
+              CK_BBOOL check_sizes, CK_ULONG minkeysize, CK_ULONG maxkeysize)
+{
+    CK_SESSION_INFO sess_info;
+    CK_MECHANISM_INFO mech_info;
+    CK_RV crv;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    if ((crv = pFunctionList->C_GetSessionInfo(hSession, &sess_info)) !=
+        CKR_OK) {
+        PKM_Error("C_GetSessionInfo failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return (CKR_FUNCTION_FAILED);
+    }
+
+    crv = pFunctionList->C_GetMechanismInfo(0, mechType,
+                                            &mech_info);
+
+    crv = pFunctionList->C_GetMechanismInfo(sess_info.slotID, mechType,
+                                            &mech_info);
+
+    if (crv != CKR_OK) {
+        PKM_Error("C_GetMechanismInfo failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return (CKR_FUNCTION_FAILED);
+    }
+
+    if ((mech_info.flags & flags) == 0) {
+        PKM_Error("0x%x flag missing from mech\n", flags);
+        return (CKR_MECHANISM_INVALID);
+    }
+    if (!check_sizes)
+        return (CKR_OK);
+
+    if (mech_info.ulMinKeySize != minkeysize) {
+        PKM_Error("Bad MinKeySize %d expected %d\n", mech_info.ulMinKeySize,
+                  minkeysize);
+        return (CKR_MECHANISM_INVALID);
+    }
+    if (mech_info.ulMaxKeySize != maxkeysize) {
+        PKM_Error("Bad MaxKeySize %d expected %d\n", mech_info.ulMaxKeySize,
+                  maxkeysize);
+        return (CKR_MECHANISM_INVALID);
+    }
+    return (CKR_OK);
+}
+
+/*
+ * Can be called with a non-null premaster_key_len for the
+ * *_DH mechanisms. In that case, no checking for the matching of
+ * the expected results is done.
+ * The rnd argument tells which correct/bogus randomInfo to use.
+ */
+CK_RV
+PKM_TLSMasterKeyDerive(CK_FUNCTION_LIST_PTR pFunctionList,
+                       CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                       CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+                       CK_MECHANISM_TYPE mechType,
+                       enum_random_t rnd)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv;
+    CK_MECHANISM mk_mech;
+    CK_VERSION version;
+    CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+    CK_KEY_TYPE type = CKK_GENERIC_SECRET;
+    CK_BBOOL derive_bool = true;
+    CK_ATTRIBUTE attrs[4];
+    CK_ULONG attrs_count = 4;
+    CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE;
+    CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params;
+    CK_MECHANISM skmd_mech;
+
+    CK_BBOOL isDH = false;
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    attrs[0].type = CKA_CLASS;
+    attrs[0].pValue = &class;
+    attrs[0].ulValueLen = sizeof(class);
+    attrs[1].type = CKA_KEY_TYPE;
+    attrs[1].pValue = &type;
+    attrs[1].ulValueLen = sizeof(type);
+    attrs[2].type = CKA_DERIVE;
+    attrs[2].pValue = &derive_bool;
+    attrs[2].ulValueLen = sizeof(derive_bool);
+    attrs[3].type = CKA_VALUE;
+    attrs[3].pValue = NULL;
+    attrs[3].ulValueLen = 0;
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Before all, check if the mechanism is supported correctly */
+    if (MODE == FIPSMODE) {
+        crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE, false,
+                            0, 0);
+        if (crv != CKR_OK) {
+            PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            return (crv);
+        }
+    }
+
+    mk_mech.mechanism = mechType;
+    mk_mech.pParameter = &mkd_params;
+    mk_mech.ulParameterLen = sizeof(mkd_params);
+
+    switch (mechType) {
+        case CKM_TLS_MASTER_KEY_DERIVE_DH:
+            isDH = true;
+        /* FALLTHRU */
+        case CKM_TLS_MASTER_KEY_DERIVE:
+            attrs[3].pValue = NULL;
+            attrs[3].ulValueLen = 0;
+
+            mkd_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom;
+            mkd_params.RandomInfo.ulClientRandomLen =
+                sizeof(TLSClientRandom);
+            mkd_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom;
+            mkd_params.RandomInfo.ulServerRandomLen =
+                sizeof(TLSServerRandom);
+            break;
+    }
+    mkd_params.pVersion = (!isDH) ? &version : NULL;
+
+    /* First create the pre-master secret key */
+
+    skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
+    skmd_mech.pParameter = &mkd_params;
+    skmd_mech.ulParameterLen = sizeof(mkd_params);
+
+    crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
+                                       attrs,
+                                       attrs_count,
+                                       &pmk_obj);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateKey succeeded\n");
+    } else {
+        PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    /* Test the bad cases */
+    switch (rnd) {
+        case CORRECT:
+            goto correct;
+
+        case BOGUS_CLIENT_RANDOM:
+            mkd_params.RandomInfo.pClientRandom = NULL;
+            break;
+
+        case BOGUS_CLIENT_RANDOM_LEN:
+            mkd_params.RandomInfo.ulClientRandomLen = 0;
+            break;
+
+        case BOGUS_SERVER_RANDOM:
+            mkd_params.RandomInfo.pServerRandom = NULL;
+            break;
+
+        case BOGUS_SERVER_RANDOM_LEN:
+            mkd_params.RandomInfo.ulServerRandomLen = 0;
+            break;
+    }
+    crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
+                                     &mk_obj);
+    if (crv != CKR_MECHANISM_PARAM_INVALID) {
+        PKM_LogIt("C_DeriveKey returned as EXPECTED with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+    } else {
+        PKM_Error("C_DeriveKey did not fail  with  bad data \n");
+    }
+    goto out;
+
+correct:
+    /* Now derive the master secret key */
+    crv = pFunctionList->C_DeriveKey(hSession, &mk_mech, pmk_obj, NULL, 0,
+                                     &mk_obj);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_DeriveKey succeeded\n");
+    } else {
+        PKM_Error("C_DeriveKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+out:
+    if (pmk_obj != CK_INVALID_HANDLE)
+        (void)pFunctionList->C_DestroyObject(hSession, pmk_obj);
+    if (mk_obj != CK_INVALID_HANDLE)
+        (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
+    crv = pFunctionList->C_Logout(hSession);
+
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    return (crv);
+}
+
+CK_RV
+PKM_TLSKeyAndMacDerive(CK_FUNCTION_LIST_PTR pFunctionList,
+                       CK_SLOT_ID *pSlotList, CK_ULONG slotID,
+                       CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
+                       CK_MECHANISM_TYPE mechType, enum_random_t rnd)
+{
+    CK_SESSION_HANDLE hSession;
+    CK_RV crv;
+    CK_MECHANISM kmd_mech;
+    CK_MECHANISM skmd_mech;
+    CK_OBJECT_CLASS class = CKO_SECRET_KEY;
+    CK_KEY_TYPE type = CKK_GENERIC_SECRET;
+    CK_BBOOL derive_bool = true;
+    CK_BBOOL sign_bool = true, verify_bool = true;
+    CK_BBOOL encrypt_bool = true, decrypt_bool = true;
+    CK_ULONG value_len;
+
+    /*
+     * We arrange this template so that:
+     * . Attributes 0-6 are good for a MAC key comparison template.
+     * . Attributes 2-5 are good for the master key creation template.
+     * . Attributes 3-8 are good for a cipher key comparison template.
+     */
+    CK_ATTRIBUTE attrs[9];
+
+    CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
+    CK_SSL3_KEY_MAT_PARAMS km_params;
+    CK_SSL3_KEY_MAT_OUT kmo;
+    CK_BYTE IVClient[8];
+    CK_BYTE IVServer[8];
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    attrs[0].type = CKA_SIGN;
+    attrs[0].pValue = &sign_bool;
+    attrs[0].ulValueLen = sizeof(sign_bool);
+    attrs[1].type = CKA_VERIFY;
+    attrs[1].pValue = &verify_bool;
+    attrs[1].ulValueLen = sizeof(verify_bool);
+    attrs[2].type = CKA_KEY_TYPE;
+    attrs[2].pValue = &type;
+    attrs[2].ulValueLen = sizeof(type);
+    attrs[3].type = CKA_CLASS;
+    attrs[3].pValue = &class;
+    attrs[3].ulValueLen = sizeof(class);
+    attrs[4].type = CKA_DERIVE;
+    attrs[4].pValue = &derive_bool;
+    attrs[4].ulValueLen = sizeof(derive_bool);
+    attrs[5].type = CKA_VALUE;
+    attrs[5].pValue = NULL;
+    attrs[5].ulValueLen = 0;
+    attrs[6].type = CKA_VALUE_LEN;
+    attrs[6].pValue = &value_len;
+    attrs[6].ulValueLen = sizeof(value_len);
+    attrs[7].type = CKA_ENCRYPT;
+    attrs[7].pValue = &encrypt_bool;
+    attrs[7].ulValueLen = sizeof(encrypt_bool);
+    attrs[8].type = CKA_DECRYPT;
+    attrs[8].pValue = &decrypt_bool;
+    attrs[8].ulValueLen = sizeof(decrypt_bool);
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_OpenSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_Login(hSession, CKU_USER, pwd, pwdLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Login with correct password succeeded\n");
+    } else {
+        PKM_Error("C_Login with correct password failed "
+                  "with 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Before all, check if the mechanism is supported correctly */
+    if (MODE == FIPSMODE) {
+        crv = PKM_MechCheck(pFunctionList, hSession, mechType, CKF_DERIVE,
+                            CK_TRUE, 48, 48);
+
+        if (crv != CKR_OK) {
+            PKM_Error("PKM_MechCheck failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            return (crv);
+        }
+    }
+    kmd_mech.mechanism = mechType;
+    kmd_mech.pParameter = &km_params;
+    kmd_mech.ulParameterLen = sizeof(km_params);
+
+    km_params.ulMacSizeInBits = 128; /* an MD5 based MAC */
+    km_params.ulKeySizeInBits = 192; /* 3DES key size */
+    km_params.ulIVSizeInBits = 64;   /* 3DES block size */
+    km_params.pReturnedKeyMaterial = &kmo;
+    km_params.bIsExport = false;
+    kmo.hClientMacSecret = CK_INVALID_HANDLE;
+    kmo.hServerMacSecret = CK_INVALID_HANDLE;
+    kmo.hClientKey = CK_INVALID_HANDLE;
+    kmo.hServerKey = CK_INVALID_HANDLE;
+    kmo.pIVClient = IVClient;
+    kmo.pIVServer = IVServer;
+
+    skmd_mech.mechanism = CKM_SSL3_PRE_MASTER_KEY_GEN;
+    skmd_mech.pParameter = &km_params;
+    skmd_mech.ulParameterLen = sizeof(km_params);
+
+    crv = pFunctionList->C_GenerateKey(hSession, &skmd_mech,
+                                       &attrs[2],
+                                       4,
+                                       &mk_obj);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_GenerateKey succeeded\n");
+    } else {
+        PKM_Error("C_GenerateKey failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    attrs[5].pValue = NULL;
+    attrs[5].ulValueLen = 0;
+
+    km_params.RandomInfo.pClientRandom = (unsigned char *)TLSClientRandom;
+    km_params.RandomInfo.ulClientRandomLen =
+        sizeof(TLSClientRandom);
+    km_params.RandomInfo.pServerRandom = (unsigned char *)TLSServerRandom;
+    km_params.RandomInfo.ulServerRandomLen =
+        sizeof(TLSServerRandom);
+
+    /* Test the bad cases */
+    switch (rnd) {
+        case CORRECT:
+            goto correct;
+
+        case BOGUS_CLIENT_RANDOM:
+            km_params.RandomInfo.pClientRandom = NULL;
+            break;
+
+        case BOGUS_CLIENT_RANDOM_LEN:
+            km_params.RandomInfo.ulClientRandomLen = 0;
+            break;
+
+        case BOGUS_SERVER_RANDOM:
+            km_params.RandomInfo.pServerRandom = NULL;
+            break;
+
+        case BOGUS_SERVER_RANDOM_LEN:
+            km_params.RandomInfo.ulServerRandomLen = 0;
+            break;
+    }
+    crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
+                                     NULL);
+    if (crv != CKR_MECHANISM_PARAM_INVALID) {
+        PKM_Error("key materials derivation returned unexpected "
+                  "error 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
+        return (CKR_FUNCTION_FAILED);
+    }
+    return (CKR_OK);
+
+correct:
+    /*
+     * Then use the master key and the client 'n server random data to
+     * derive the key materials
+     */
+    crv = pFunctionList->C_DeriveKey(hSession, &kmd_mech, mk_obj, NULL, 0,
+                                     NULL);
+    if (crv != CKR_OK) {
+        PKM_Error("Cannot derive the key materials, crv 0x%08X, %-26s\n",
+                  crv, PKM_CK_RVtoStr(crv));
+        (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
+        return (crv);
+    }
+
+    if (mk_obj != CK_INVALID_HANDLE)
+        (void)pFunctionList->C_DestroyObject(hSession, mk_obj);
+    if (kmo.hClientMacSecret != CK_INVALID_HANDLE)
+        (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientMacSecret);
+    if (kmo.hServerMacSecret != CK_INVALID_HANDLE)
+        (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerMacSecret);
+    if (kmo.hClientKey != CK_INVALID_HANDLE)
+        (void)pFunctionList->C_DestroyObject(hSession, kmo.hClientKey);
+    if (kmo.hServerKey != CK_INVALID_HANDLE)
+        (void)pFunctionList->C_DestroyObject(hSession, kmo.hServerKey);
+
+    crv = pFunctionList->C_Logout(hSession);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_Logout succeeded\n");
+    } else {
+        PKM_Error("C_Logout failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_CloseSession(hSession);
+    if (crv != CKR_OK) {
+        PKM_Error("C_CloseSession failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    return (crv);
+}
+
+CK_RV
+PKM_DualFuncSign(CK_FUNCTION_LIST_PTR pFunctionList,
+                 CK_SESSION_HANDLE hRwSession,
+                 CK_OBJECT_HANDLE publicKey, CK_OBJECT_HANDLE privateKey,
+                 CK_MECHANISM *sigMech,
+                 CK_OBJECT_HANDLE secretKey, CK_MECHANISM *cryptMech,
+                 const CK_BYTE *pData, CK_ULONG pDataLen)
+{
+
+    CK_RV crv = CKR_OK;
+    CK_BYTE encryptedData[MAX_CIPHER_SZ];
+    CK_ULONG ulEncryptedDataLen = 0;
+    CK_ULONG ulLastUpdateSize = 0;
+    CK_BYTE sig[MAX_SIG_SZ];
+    CK_ULONG ulSigLen = 0;
+    CK_BYTE data[MAX_DATA_SZ];
+    CK_ULONG ulDataLen = 0;
+
+    memset(encryptedData, 0, sizeof(encryptedData));
+    memset(sig, 0, sizeof(sig));
+    memset(data, 0, sizeof(data));
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    /* Check that the mechanism is Multi-part */
+    if (sigMech->mechanism == CKM_DSA || sigMech->mechanism == CKM_RSA_PKCS) {
+        PKM_Error("PKM_DualFuncSign must be called with a Multi-part "
+                  "operation mechanism\n");
+        return CKR_DEVICE_ERROR;
+    }
+
+    /* Sign and Encrypt */
+    if (privateKey == 0 && publicKey == 0) {
+        crv = pFunctionList->C_SignInit(hRwSession, sigMech, secretKey);
+        if (crv != CKR_OK) {
+            PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+    } else {
+        crv = pFunctionList->C_SignInit(hRwSession, sigMech, privateKey);
+        if (crv != CKR_OK) {
+            PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+    }
+    crv = pFunctionList->C_EncryptInit(hRwSession, cryptMech, secretKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    ulEncryptedDataLen = sizeof(encryptedData);
+    crv = pFunctionList->C_SignEncryptUpdate(hRwSession, (CK_BYTE *)pData,
+                                             pDataLen,
+                                             encryptedData,
+                                             &ulEncryptedDataLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    ulLastUpdateSize = sizeof(encryptedData) - ulEncryptedDataLen;
+    crv = pFunctionList->C_EncryptFinal(hRwSession,
+                                        (CK_BYTE *)&encryptedData[ulEncryptedDataLen], &ulLastUpdateSize);
+    if (crv != CKR_OK) {
+        PKM_Error("C_EncryptFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    ulEncryptedDataLen = ulEncryptedDataLen + ulLastUpdateSize;
+    ulSigLen = sizeof(sig);
+    crv = pFunctionList->C_SignFinal(hRwSession, sig, &ulSigLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_SignFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Decrypt and Verify */
+
+    crv = pFunctionList->C_DecryptInit(hRwSession, cryptMech, secretKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    crv = pFunctionList->C_VerifyInit(hRwSession, sigMech,
+                                      publicKey);
+    if (crv != CKR_OK) {
+        PKM_Error("C_VerifyInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    ulDataLen = sizeof(data);
+    crv = pFunctionList->C_DecryptVerifyUpdate(hRwSession,
+                                               encryptedData,
+                                               ulEncryptedDataLen,
+                                               data, &ulDataLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptVerifyUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    ulLastUpdateSize = sizeof(data) - ulDataLen;
+    /* Get last little piece of plaintext.  Should have length 0 */
+    crv = pFunctionList->C_DecryptFinal(hRwSession, &data[ulDataLen],
+                                        &ulLastUpdateSize);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (ulLastUpdateSize != 0) {
+        crv = pFunctionList->C_VerifyUpdate(hRwSession, &data[ulDataLen],
+                                            ulLastUpdateSize);
+        if (crv != CKR_OK) {
+            PKM_Error("C_DecryptFinal failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+    }
+    ulDataLen = ulDataLen + ulLastUpdateSize;
+
+    /* input for the verify operation is the decrypted data */
+    crv = pFunctionList->C_VerifyFinal(hRwSession, sig, ulSigLen);
+    if (crv == CKR_OK) {
+        PKM_LogIt("C_VerifyFinal succeeded\n");
+    } else {
+        PKM_Error("C_VerifyFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* Comparison of Decrypted data with inputed data */
+    if ((ulDataLen == pDataLen) &&
+        (memcmp(data, pData, pDataLen) == 0)) {
+        PKM_LogIt("PKM_DualFuncSign decrypt test case passed\n");
+    } else {
+        PKM_Error("PKM_DualFuncSign derypt test case failed\n");
+    }
+
+    return crv;
+}
+
+CK_RV
+PKM_Digest(CK_FUNCTION_LIST_PTR pFunctionList,
+           CK_SESSION_HANDLE hSession,
+           CK_MECHANISM *digestMech, CK_OBJECT_HANDLE hSecretKey,
+           const CK_BYTE *pData, CK_ULONG pDataLen)
+{
+    CK_RV crv = CKR_OK;
+    CK_BYTE digest1[MAX_DIGEST_SZ];
+    CK_ULONG digest1Len = 0;
+    CK_BYTE digest2[MAX_DIGEST_SZ];
+    CK_ULONG digest2Len = 0;
+
+    /* Tested with CKM_SHA_1, CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512 */
+
+    memset(digest1, 0, sizeof(digest1));
+    memset(digest2, 0, sizeof(digest2));
+
+    NUMTESTS++; /* increment NUMTESTS */
+
+    crv = pFunctionList->C_DigestInit(hSession, digestMech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_SignInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+    digest1Len = sizeof(digest1);
+    crv = pFunctionList->C_Digest(hSession, (CK_BYTE *)pData, pDataLen,
+                                  digest1, &digest1Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_Sign failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_DigestInit(hSession, digestMech);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestInit failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    crv = pFunctionList->C_DigestUpdate(hSession, (CK_BYTE *)pData, pDataLen);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestUpdate failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    /* C_DigestKey continues a multiple-part message-digesting operation by*/
+    /* digesting the value of a secret key. (only used with C_DigestUpdate)*/
+    if (hSecretKey != 0) {
+        crv = pFunctionList->C_DigestKey(hSession, hSecretKey);
+        if (crv != CKR_OK) {
+            PKM_Error("C_DigestKey failed with 0x%08X, %-26s\n", crv,
+                      PKM_CK_RVtoStr(crv));
+            return crv;
+        }
+    }
+
+    digest2Len = sizeof(digest2);
+    crv = pFunctionList->C_DigestFinal(hSession, digest2, &digest2Len);
+    if (crv != CKR_OK) {
+        PKM_Error("C_DigestFinal failed with 0x%08X, %-26s\n", crv,
+                  PKM_CK_RVtoStr(crv));
+        return crv;
+    }
+
+    if (hSecretKey == 0) {
+        /* did not digest a secret key so digests should equal */
+        if ((digest1Len == digest2Len) &&
+            (memcmp(digest1, digest2, digest1Len) == 0)) {
+            PKM_LogIt("Single and Multiple-part message digest "
+                      "operations successful\n");
+        } else {
+            PKM_Error("Single and Multiple-part message digest "
+                      "operations failed\n");
+        }
+    } else {
+        if (digest1Len == digest2Len) {
+            PKM_LogIt("PKM_Digest Single and Multiple-part message digest "
+                      "operations successful\n");
+        } else {
+            PKM_Error("PKM_Digest Single and Multiple-part message digest "
+                      "operations failed\n");
+        }
+    }
+
+    return crv;
+}
+
+char *
+PKM_FilePasswd(char *pwFile)
+{
+    unsigned char phrase[200];
+    PRFileDesc *fd;
+    PRInt32 nb;
+    int i;
+
+    if (!pwFile)
+        return 0;
+
+    fd = PR_Open(pwFile, PR_RDONLY, 0);
+    if (!fd) {
+        fprintf(stderr, "No password file \"%s\" exists.\n", pwFile);
+        return NULL;
+    }
+
+    nb = PR_Read(fd, phrase, sizeof(phrase));
+
+    PR_Close(fd);
+    /* handle the Windows EOL case */
+    i = 0;
+    while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb)
+        i++;
+    phrase[i] = '\0';
+    if (nb == 0) {
+        fprintf(stderr, "password file contains no data\n");
+        return NULL;
+    }
+    return (char *)strdup((char *)phrase);
+}
+
+void
+PKM_Help()
+{
+    PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
+    PR_fprintf(debug_out, "pk11mode test program usage:\n");
+    PR_fprintf(debug_out, "\t-f <file>   Password File : echo pw > file \n");
+    PR_fprintf(debug_out, "\t-F          Disable Unix fork tests\n");
+    PR_fprintf(debug_out, "\t-n          Non Fips Mode \n");
+    PR_fprintf(debug_out, "\t-d <path>   Database path location\n");
+    PR_fprintf(debug_out, "\t-p <prefix> DataBase prefix\n");
+    PR_fprintf(debug_out, "\t-v          verbose\n");
+    PR_fprintf(debug_out, "\t-h          this help message\n");
+    exit(1);
+}
+
+void
+PKM_CheckPath(char *string)
+{
+    char *src;
+    char *dest;
+
+    /*
+   * windows support convert any back slashes to
+   * forward slashes.
+   */
+    for (src = string, dest = string; *src; src++, dest++) {
+        if (*src == '\\') {
+            *dest = '/';
+        }
+    }
+    dest--;
+    /* if the last char is a / set it to 0 */
+    if (*dest == '/')
+        *dest = 0;
+}
+
+CK_RV
+PKM_ForkCheck(int expected, CK_FUNCTION_LIST_PTR fList,
+              PRBool forkAssert, CK_C_INITIALIZE_ARGS_NSS *initArgs)
+{
+    CK_RV crv = CKR_OK;
+#ifndef NO_FORK_CHECK
+    int rc = -1;
+    pid_t child, ret;
+    NUMTESTS++; /* increment NUMTESTS */
+    if (forkAssert) {
+        putenv("NSS_STRICT_NOFORK=1");
+    } else {
+        putenv("NSS_STRICT_NOFORK=0");
+    }
+    child = fork();
+    switch (child) {
+        case -1:
+            PKM_Error("Fork failed.\n");
+            crv = CKR_DEVICE_ERROR;
+            break;
+        case 0:
+            if (fList) {
+                if (!initArgs) {
+                    /* If softoken is loaded, make a PKCS#11 call to C_GetTokenInfo
+                 * in the child. This call should always fail.
+                 * If softoken is uninitialized,
+                 * it fails with CKR_CRYPTOKI_NOT_INITIALIZED.
+                 * If it was initialized in the parent, the fork check should
+                 * kick in, and make it return CKR_DEVICE_ERROR.
+                 */
+                    CK_RV child_crv = fList->C_GetTokenInfo(0, NULL);
+                    exit(child_crv & 255);
+                } else {
+                    /* If softoken is loaded, make a PKCS#11 call to C_Initialize
+                 * in the child. This call should always fail.
+                 * If softoken is uninitialized, this should succeed.
+                 * If it was initialized in the parent, the fork check should
+                 * kick in, and make it return CKR_DEVICE_ERROR.
+                 */
+                    CK_RV child_crv = fList->C_Initialize(initArgs);
+                    if (CKR_OK == child_crv) {
+                        child_crv = fList->C_Finalize(NULL);
+                    }
+                    exit(child_crv & 255);
+                }
+            }
+            exit(expected & 255);
+        default:
+            PKM_LogIt("Fork succeeded.\n");
+            ret = wait(&rc);
+            if (ret != child || (!WIFEXITED(rc)) ||
+                ((expected & 255) != (WEXITSTATUS(rc) & 255))) {
+                int retStatus = -1;
+                if (WIFEXITED(rc)) {
+                    retStatus = WEXITSTATUS(rc);
+                }
+                PKM_Error("Child misbehaved.\n");
+                printf("Child return status : %d.\n", retStatus & 255);
+                crv = CKR_DEVICE_ERROR;
+            }
+            break;
+    }
+#endif
+    return crv;
+}
diff --git a/nss/cmd/pk11mode/pk11mode.gyp b/nss/cmd/pk11mode/pk11mode.gyp
new file mode 100644
index 0000000..ed042c1
--- /dev/null
+++ b/nss/cmd/pk11mode/pk11mode.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pk11mode',
+      'type': 'executable',
+      'sources': [
+        'pk11mode.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/pk11util/Makefile b/nss/cmd/pk11util/Makefile
new file mode 100644
index 0000000..74ae200
--- /dev/null
+++ b/nss/cmd/pk11util/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
diff --git a/nss/cmd/pk11util/manifest.mn b/nss/cmd/pk11util/manifest.mn
new file mode 100644
index 0000000..ca818aa
--- /dev/null
+++ b/nss/cmd/pk11util/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = pk11util.c
+#CSRCS = symkeytest.c 
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd
+
+PROGRAM = pk11util
+#PROGRAM = symkeytest
+
+#USE_STATIC_LIBS = 1
diff --git a/nss/cmd/pk11util/pk11util.c b/nss/cmd/pk11util/pk11util.c
new file mode 100644
index 0000000..bd1ea2b
--- /dev/null
+++ b/nss/cmd/pk11util/pk11util.c
@@ -0,0 +1,2240 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(WIN32)
+#undef __STDC__
+#include "fcntl.h"
+#include "io.h"
+#include <fcntl.h>
+#else
+#include <unistd.h>
+#include <fcntl.h>
+#endif
+
+#include "secutil.h"
+
+#include "nspr.h"
+#include "prtypes.h"
+#include "prtime.h"
+#include "prlong.h"
+#include "prinrval.h"
+#include "prenv.h"
+
+#include "pkcs11.h"
+
+#include "pk11table.h"
+
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
+CK_ULONG systemFlags;
+#define FLAG_NEGATE 0x80000000
+#define FLAG_Verify 0x00000001
+#define FLAG_VerifyFile 0x00000002
+#define CKR_QUIT 0x80000000
+
+int ArgSize(ArgType type);
+const char *constLookup(const char *bp, CK_ULONG *value, ConstType *type);
+
+int
+isNum(char c)
+{
+    return (c >= '0' && c <= '9');
+}
+
+int
+isConst(const char *c)
+{
+    CK_ULONG value;
+    ConstType type;
+
+    constLookup(c, &value, &type);
+    return type != ConstNone;
+}
+
+/*
+ * see if the variable is really a 'size' function. This
+ * function may modify var if it is a size function.
+ */
+char *
+isSize(char *var, int *isArray)
+{
+    char *ptr = NULL;
+    char *end;
+    int array = 0;
+
+    if (PL_strncasecmp(var, "sizeof(", /*)*/ 7) == 0) {
+        ptr = var + 7;
+    } else if (PL_strncasecmp(var, "size(", /*)*/ 5) == 0) {
+        ptr = var + 5;
+    } else if (PL_strncasecmp(var, "sizeofarray(", /*)*/ 12) == 0) {
+        ptr = var + 12;
+        array = 1;
+    } else if (PL_strncasecmp(var, "sizea(", /*)*/ 6) == 0) {
+        ptr = var + 6;
+        array = 1;
+    } else {
+        return NULL;
+    }
+    end = strchr(ptr, /*(*/ ')');
+    if (end == NULL) {
+        return NULL;
+    }
+    if (isArray)
+        *isArray = array;
+    *end = 0;
+    return ptr;
+}
+
+void
+printConst(CK_ULONG value, ConstType type, int newLine)
+{
+    int i;
+
+    for (i = 0; i < constCount; i++) {
+        if (consts[i].type == type && consts[i].value == value) {
+            printf("%s", consts[i].name);
+            break;
+        }
+        if (type == ConstNone && consts[i].value == value) {
+            printf("%s", consts[i].name);
+            break;
+        }
+    }
+    if (i == constCount) {
+        if ((type == ConstAvailableSizes) || (type == ConstCurrentSize)) {
+            printf("%lu", value);
+        } else {
+            printf("Unknown %s (%lu:0x%lx)", constTypeString[type], value, value);
+        }
+    }
+    if (newLine) {
+        printf("\n");
+    }
+}
+
+ConstType
+getConstFromAttribute(CK_ATTRIBUTE_TYPE type)
+{
+    int i;
+
+    for (i = 0; i < constCount; i++) {
+        if (consts[i].type == ConstAttribute && consts[i].value == type) {
+            return consts[i].attrType;
+        }
+    }
+    return ConstNone;
+}
+
+void
+printChars(const char *name, CK_ULONG size)
+{
+    CK_ULONG i;
+    for (i = 0; i < size; i++) {
+        if (name[i] == 0) {
+            break;
+        }
+        printf("%c", name[i]);
+    }
+    printf("\n");
+}
+
+#define DUMP_LEN 16
+void
+printDump(const unsigned char *buf, int size)
+{
+    int i, j;
+
+    for (i = 0; i < size; i += DUMP_LEN) {
+        printf(" ");
+        for (j = 0; j < DUMP_LEN; j++) {
+            if (i + j < size) {
+                printf("%02x ", buf[i + j]);
+            } else {
+                printf("   ");
+            }
+        }
+        for (j = 0; j < DUMP_LEN; j++) {
+            if (i + j < size) {
+                if (buf[i + j] < ' ' || buf[i + j] >= 0x7f) {
+                    printf(".");
+                } else {
+                    printf("%c", buf[i + j]);
+                }
+            } else {
+                printf(" ");
+            }
+        }
+        printf("\n");
+    }
+}
+
+/*
+ * free an argument structure
+ */
+void
+argFreeData(Value *arg)
+{
+    if (arg->data && ((arg->type & ArgStatic) == 0)) {
+        if ((arg->type & ArgMask) == ArgAttribute) {
+            int i;
+            CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)arg->data;
+
+            for (i = 0; i < arg->arraySize; i++) {
+                free(template[i].pValue);
+            }
+        }
+        if ((arg->type & ArgMask) == ArgInitializeArgs) {
+            CK_C_INITIALIZE_ARGS *init = (CK_C_INITIALIZE_ARGS *)arg->data;
+            if (init->LibraryParameters) {
+                free(init->LibraryParameters);
+            }
+        }
+        free(arg->data);
+    }
+    arg->type &= ~ArgStatic;
+    arg->data = NULL;
+}
+
+void
+argFree(Value *arg)
+{
+    if (arg == NULL)
+        return;
+
+    arg->reference--;
+    if (arg->reference == 0) {
+        if (arg->type & ArgFile) {
+            free(arg->filename);
+        }
+        argFreeData(arg);
+        free(arg);
+    }
+}
+
+/*
+ * free and argument list
+ */
+void
+parseFree(Value **ap)
+{
+    int i;
+    for (i = 0; i < MAX_ARGS; i++) {
+        argFree(ap[i]);
+    }
+}
+
+/*
+ * getEnd: how for to the end of this argmument list?
+ */
+int
+getEnd(const char *bp)
+{
+    int count = 0;
+
+    while (*bp) {
+        if (*bp == ' ' || *bp == '\t' || *bp == '\n')
+            return count;
+        count++;
+        bp++;
+    }
+    return (count);
+}
+
+/*
+ * strip: return the first none white space character
+ */
+const char *
+strip(const char *bp)
+{
+    while (*bp && (*bp == ' ' || *bp == '\t' || *bp == '\n'))
+        bp++;
+    return bp;
+}
+
+/*
+ * read in the next argument into dp ... don't overflow
+ */
+const char *
+readChars(const char *bp, char *dp, int max)
+{
+    int count = 1;
+    while (*bp) {
+        if (*bp == ' ' || *bp == '\t' || *bp == '\n') {
+            *dp = 0;
+            return bp;
+        }
+        *dp++ = *bp++;
+        if (++count == max)
+            break;
+    }
+    while (*bp && (*bp != ' ' && *bp != '\t' && *bp != '\n'))
+        bp++;
+    *dp = 0;
+    return (bp);
+}
+
+Value *varLookup(const char *bp, char *vname, int max, int *error);
+
+CK_ULONG
+getValue(const char *v, int *error)
+{
+    Value *varVal = NULL;
+    CK_ULONG retVal = 0;
+    ConstType type;
+    char tvar[512];
+
+    *error = 0;
+
+    varVal = varLookup(v, tvar, sizeof(tvar), error);
+
+    if (varVal) {
+        if ((varVal->type & ArgMask) == ArgULong) {
+            retVal = *(CK_ULONG *)varVal->data;
+        } else {
+            fprintf(stderr, "%s: is not a ulong\n", v);
+            *error = 1;
+        }
+        argFree(varVal);
+        return retVal;
+    }
+    constLookup(v, &retVal, &type);
+    return retVal;
+}
+
+Value *
+NewValue(ArgType type, CK_ULONG arraySize)
+{
+    Value *value;
+
+    value = (Value *)malloc(sizeof(Value));
+    if (!value)
+        return NULL;
+    value->size = ArgSize(type) * arraySize;
+    value->type = type;
+    value->filename = NULL;
+    value->constType = ConstNone;
+    value->data = (void *)malloc(value->size);
+    if (!value->data) {
+        free(value);
+        return NULL;
+    }
+    value->reference = 1;
+    value->arraySize = (type == ArgChar) ? 1 : arraySize;
+
+    memset(value->data, 0, value->size);
+    return value;
+}
+
+#define INVALID_INDEX 0xffffffff
+
+CK_ULONG
+handleArray(char *vname, int *error)
+{
+    char *bracket;
+    CK_ULONG index = INVALID_INDEX;
+
+    if ((bracket = strchr(vname, '[')) != 0) {
+        char *tmpv = bracket + 1;
+        *bracket = 0;
+        bracket = strchr(tmpv, ']');
+
+        if (bracket == 0) {
+            fprintf(stderr, "%s: missing closing brace\n", vname);
+            return INVALID_INDEX;
+        }
+        *bracket = 0;
+
+        index = getValue(tmpv, error);
+        if (*error == 1) {
+            return INVALID_INDEX;
+        } else if (index == INVALID_INDEX) {
+            fprintf(stderr, "%s: 0x%lx is an invalid index\n", vname, index);
+            *error = 1;
+        }
+    }
+    return index;
+}
+
+void *
+makeArrayTarget(const char *vname, const Value *value, CK_ULONG index)
+{
+    char *target;
+    CK_ULONG elementSize;
+
+    if (index >= (CK_ULONG)value->arraySize) {
+        fprintf(stderr, "%s[%lu]: index larger than array size (%d)\n",
+                vname, index, value->arraySize);
+        return NULL;
+    }
+
+    target = (char *)value->data;
+    elementSize = value->size / value->arraySize;
+    target += index * elementSize;
+    return target;
+}
+
+/*
+ * look up a variable from the variable chain
+ */
+static Variable *varHead = NULL;
+Value *
+varLookup(const char *bp, char *vname, int max, int *error)
+{
+    Variable *current;
+    CK_ULONG index = INVALID_INDEX;
+    int isArray = 0;
+    char *ptr;
+    *error = 0;
+
+    if (bp != NULL) {
+        readChars(bp, vname, max);
+    }
+
+    /* don't make numbers into variables */
+    if (isNum(vname[0])) {
+        return NULL;
+    }
+    /* nor consts */
+    if (isConst(vname)) {
+        return NULL;
+    }
+    /* handle sizeof() */
+    if ((ptr = isSize(vname, &isArray)) != NULL) {
+        CK_ULONG size;
+        Value *targetValue = NULL;
+        Value *sourceValue = varLookup(NULL, ptr, 0, error);
+        if (!sourceValue) {
+            if (*error == 0) {
+                /* just didn't find it */
+                *error = 1;
+                fprintf(stderr, "Couldn't find variable %s to take size of\n",
+                        ptr);
+                return NULL;
+            }
+        }
+        size = isArray ? sourceValue->arraySize : sourceValue->size;
+        targetValue = NewValue(ArgULong, 1);
+        memcpy(targetValue->data, &size, sizeof(size));
+
+        return targetValue;
+    }
+
+    /* modifies vname */
+    index = handleArray(vname, error);
+    if (*error == 1) {
+        return NULL;
+    }
+
+    for (current = varHead; current; current = current->next) {
+        if (PL_strcasecmp(current->vname, vname) == 0) {
+            char *target;
+            if (index == INVALID_INDEX) {
+                (current->value->reference)++;
+                return current->value;
+            }
+            target = makeArrayTarget(vname, current->value, index);
+            if (target) {
+                Value *element = NewValue(current->value->type, 1);
+                if (!element) {
+                    fprintf(stderr, "MEMORY ERROR!\n");
+                    *error = 1;
+                }
+                argFreeData(element);
+                element->data = target;
+                element->type |= ArgStatic;
+                return element;
+            }
+            *error = 1;
+            return NULL;
+        }
+    }
+    return NULL;
+}
+
+static CK_RV
+list(void)
+{
+    Variable *current;
+
+    if (varHead) {
+        printf(" %10s\t%16s\t%8s\tSize\tElements\n", "Name", "Type", "Const");
+    } else {
+        printf(" no variables set\n");
+    }
+
+    for (current = varHead; current; current = current->next) {
+        printf(" %10s\t%16s\t%8s\t%d\t%d\n", current->vname,
+               valueString[current->value->type & ArgMask],
+               constTypeString[current->value->constType],
+               current->value->size, current->value->arraySize);
+    }
+    return CKR_OK;
+}
+
+CK_RV
+printFlags(const char *s, CK_ULONG flags, ConstType type)
+{
+    CK_ULONG i;
+    int needComma = 0;
+
+    printf("%s", s);
+    for (i = 1; i; i = i << 1) {
+        if (flags & i) {
+            printf("%s", needComma ? "," : "");
+            printConst(i, type, 0);
+            needComma = 1;
+        }
+    }
+    if (!needComma) {
+        printf("Empty");
+    }
+    printf("\n");
+    return CKR_OK;
+}
+
+/*
+ * add a new variable to the chain
+ */
+const char *
+AddVariable(const char *bp, Value **ptr)
+{
+    char vname[512];
+    Variable *current;
+    int index = INVALID_INDEX;
+    int size;
+    int error = 0;
+
+    bp = readChars(bp, vname, sizeof(vname));
+
+    /* don't make numbers into variables */
+    if (isNum(vname[0])) {
+        return bp;
+    }
+    /* or consts */
+    if (isConst(vname)) {
+        return bp;
+    }
+    /* or NULLs */
+    if (vname[0] == 0) {
+        return bp;
+    }
+    /* or sizeof */
+    if (isSize(vname, NULL)) {
+        return bp;
+    }
+    /* arrays values should be written back to the original */
+    index = handleArray(vname, &error);
+    if (error == 1) {
+        return bp;
+    }
+
+    for (current = varHead; current; current = current->next) {
+        if (PL_strcasecmp(current->vname, vname) == 0) {
+            char *target;
+            /* found a complete object, return the found one */
+            if (index == INVALID_INDEX) {
+                argFree(*ptr);
+                *ptr = current->value;
+                return bp;
+            }
+            /* found an array, update the array element */
+            target = makeArrayTarget(vname, current->value, index);
+            if (target) {
+                memcpy(target, (*ptr)->data, (*ptr)->size);
+                argFreeData(*ptr);
+                (*ptr)->data = target;
+                (*ptr)->type |= ArgStatic;
+            }
+            return bp;
+        }
+    }
+
+    /* we are looking for an array and didn't find one */
+    if (index != INVALID_INDEX) {
+        return bp;
+    }
+
+    current = (Variable *)malloc(sizeof(Variable));
+    size = strlen(vname);
+    current->vname = (char *)malloc(size + 1);
+    strcpy(current->vname, vname);
+    current->value = *ptr;
+    (*ptr)->reference++;
+
+    current->next = varHead;
+    varHead = current;
+    return bp;
+}
+
+ArgType
+FindTypeByName(const char *typeName)
+{
+    int i;
+
+    for (i = 0; i < valueCount; i++) {
+        if (PL_strcasecmp(typeName, valueString[i]) == 0) {
+            return (ArgType)i;
+        }
+        if (valueString[i][0] == 'C' && valueString[i][1] == 'K' &&
+            valueString[i][2] == '_' &&
+            (PL_strcasecmp(typeName, &valueString[i][3]) == 0)) {
+            return (ArgType)i;
+        }
+    }
+    return ArgNone;
+}
+
+CK_RV
+ArrayVariable(const char *bp, const char *typeName, CK_ULONG count)
+{
+    ArgType type;
+    Value *value; /* new Value */
+
+    type = FindTypeByName(typeName);
+    if (type == ArgNone) {
+        fprintf(stderr, "Invalid type (%s)\n", typeName);
+        return CKR_FUNCTION_FAILED;
+    }
+    value = NewValue(type, count);
+    (void)AddVariable(bp, &value);
+    return CKR_OK;
+}
+
+#define MAX_TEMPLATE 25
+
+CK_RV
+ArrayTemplate(const char *bp, char *attributes)
+{
+    char aname[512];
+    CK_ULONG attributeTypes[MAX_TEMPLATE];
+    CK_ATTRIBUTE *template;
+    Value *value; /* new Value */
+    char *ap;
+    int i, count = 0;
+
+    memcpy(aname, attributes, strlen(attributes) + 1);
+
+    for (ap = aname, count = 0; ap && *ap && count < MAX_TEMPLATE; count++) {
+        char *cur = ap;
+        ConstType type;
+
+        ap = strchr(ap, ',');
+        if (ap) {
+            *ap++ = 0;
+        }
+
+        (void)constLookup(cur, &attributeTypes[count], &type);
+        if ((type != ConstAttribute) && (type != ConstNone)) {
+            fprintf(stderr, "Unknown Attribute %s\n", cur);
+            return CKR_FUNCTION_FAILED;
+        }
+    }
+
+    value = NewValue(ArgAttribute, count);
+
+    template = (CK_ATTRIBUTE *)value->data;
+    for (i = 0; i < count; i++) {
+        template[i].type = attributeTypes[i];
+    }
+    (void)AddVariable(bp, &value);
+    return CKR_OK;
+}
+
+CK_RV
+BuildTemplate(Value *vp)
+{
+    CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)vp->data;
+    int i;
+
+    for (i = 0; i < vp->arraySize; i++) {
+        if (((signed long)template[i].ulValueLen) > 0) {
+            if (template[i].pValue)
+                free(template[i].pValue);
+            template[i].pValue = malloc(template[i].ulValueLen);
+        }
+    }
+    return CKR_OK;
+}
+
+CK_RV
+SetTemplate(Value *vp, CK_ULONG index, CK_ULONG value)
+{
+    CK_ATTRIBUTE *template = (CK_ATTRIBUTE *)vp->data;
+    int isbool = 0;
+    CK_ULONG len;
+    ConstType attrType;
+
+    if (index >= (CK_ULONG)vp->arraySize) {
+        fprintf(stderr, "index (%lu) greater than array (%d)\n",
+                index, vp->arraySize);
+        return CKR_ARGUMENTS_BAD;
+    }
+    attrType = getConstFromAttribute(template[index].type);
+
+    if (attrType == ConstNone) {
+        fprintf(stderr, "can't set index (%lu) because ", index);
+        printConst(template[index].type, ConstAttribute, 0);
+        fprintf(stderr, " is not a CK_BBOOL or CK_ULONG\n");
+        return CKR_ARGUMENTS_BAD;
+    }
+    isbool = (attrType == ConstBool);
+    len = isbool ? sizeof(CK_BBOOL) : sizeof(CK_ULONG);
+    if ((template[index].ulValueLen != len) || (template[index].pValue)) {
+        free(template[index].pValue);
+        template[index].pValue = malloc(len);
+        template[index].ulValueLen = len;
+    }
+    if (isbool) {
+        *(CK_BBOOL *)template[index].pValue = (CK_BBOOL)value;
+    } else {
+        *(CK_ULONG *)template[index].pValue = (CK_ULONG)value;
+    }
+    return CKR_OK;
+}
+
+CK_RV
+NewMechanism(const char *bp, CK_ULONG mechType)
+{
+    Value *value; /* new Value */
+    CK_MECHANISM *mechanism;
+
+    value = NewValue(ArgMechanism, 1);
+    mechanism = (CK_MECHANISM *)value->data;
+    mechanism->mechanism = mechType;
+    mechanism->pParameter = NULL;
+    mechanism->ulParameterLen = 0;
+    (void)AddVariable(bp, &value);
+    return CKR_OK;
+}
+
+CK_RV
+NewInitializeArgs(const char *bp, CK_ULONG flags, const char *param)
+{
+    Value *value; /* new Value */
+    CK_C_INITIALIZE_ARGS *init;
+
+    value = NewValue(ArgInitializeArgs, 1);
+    init = (CK_C_INITIALIZE_ARGS *)value->data;
+    init->flags = flags;
+    if (strcmp(param, "null") != 0) {
+        init->LibraryParameters = (CK_CHAR_PTR *)strdup(param);
+    }
+    (void)AddVariable(bp, &value);
+    return CKR_OK;
+}
+
+/*
+ * add a new variable to the chain
+ */
+CK_RV
+DeleteVariable(const char *bp)
+{
+    char vname[512];
+    Variable **current;
+
+    bp = readChars(bp, vname, sizeof(vname));
+
+    for (current = &varHead; *current; current = &(*current)->next) {
+        if (PL_strcasecmp((*current)->vname, vname) == 0) {
+            argFree((*current)->value);
+            *current = (*current)->next;
+            break;
+        }
+    }
+    return CKR_OK;
+}
+
+/*
+ * convert an octal value to integer
+ */
+CK_ULONG
+otoi(const char *o)
+{
+    CK_ULONG value = 0;
+
+    while (*o) {
+        if ((*o >= '0') && (*o <= '7')) {
+            value = (value << 3) | (unsigned)(*o - '0');
+        } else {
+            break;
+        }
+    }
+    return value;
+}
+
+/*
+ * convert a hex value to integer
+ */
+CK_ULONG
+htoi(const char *x)
+{
+    CK_ULONG value = 0;
+
+    while (*x) {
+        if ((*x >= '0') && (*x <= '9')) {
+            value = (value << 4) | (unsigned)(*x - '0');
+        } else if ((*x >= 'a') && (*x <= 'f')) {
+            value = (value << 4) | (unsigned)(*x - 'a');
+        } else if ((*x >= 'A') && (*x <= 'F')) {
+            value = (value << 4) | (unsigned)(*x - 'A');
+        } else {
+            break;
+        }
+    }
+    return value;
+}
+
+/*
+ * look up or decode a constant value
+ */
+const char *
+constLookup(const char *bp, CK_ULONG *value, ConstType *type)
+{
+    char vname[512];
+    int i;
+
+    bp = readChars(bp, vname, sizeof(vname));
+
+    for (i = 0; i < constCount; i++) {
+        if ((PL_strcasecmp(consts[i].name, vname) == 0) ||
+            PL_strcasecmp(consts[i].name + 5, vname) == 0) {
+            *value = consts[i].value;
+            *type = consts[i].type;
+            return bp;
+        }
+    }
+
+    *type = ConstNone;
+    if (vname[0] == '0' && vname[1] == 'X') {
+        *value = htoi(&vname[2]);
+    } else if (vname[0] == '0') {
+        *value = otoi(&vname[1]);
+    } else {
+        *value = atoi(vname);
+    }
+    return bp;
+}
+
+int
+ArgSize(ArgType type)
+{
+    int size = 0;
+    type &= ArgMask;
+
+    switch (type) {
+        case ArgNone:
+            size = 0;
+            break;
+        case ArgULong:
+            size = sizeof(CK_ULONG);
+            break;
+        case ArgVar:
+            size = 1; /* get's changed later */
+            break;
+        case ArgChar:
+        case ArgUTF8:
+            size = 1;
+            break;
+        case ArgInfo:
+            size = sizeof(CK_INFO);
+            break;
+        case ArgSlotInfo:
+            size = sizeof(CK_SLOT_INFO);
+            break;
+        case ArgTokenInfo:
+            size = sizeof(CK_TOKEN_INFO);
+            break;
+        case ArgSessionInfo:
+            size = sizeof(CK_SESSION_INFO);
+            break;
+        case ArgAttribute:
+            size = sizeof(CK_ATTRIBUTE);
+            break;
+        case ArgMechanism:
+            size = sizeof(CK_MECHANISM);
+            break;
+        case ArgMechanismInfo:
+            size = sizeof(CK_MECHANISM_INFO);
+            break;
+        case ArgInitializeArgs:
+            size = sizeof(CK_C_INITIALIZE_ARGS);
+            break;
+        case ArgFunctionList:
+            size = sizeof(CK_FUNCTION_LIST);
+            break;
+        default:
+            break;
+    }
+
+    return (size);
+}
+
+CK_RV
+restore(const char *filename, Value *ptr)
+{
+    int fd, size;
+
+    fd = open(filename, O_RDONLY | O_BINARY);
+    if (fd < 0) {
+        perror(filename);
+        return CKR_FUNCTION_FAILED;
+    }
+
+    size = read(fd, ptr->data, ptr->size);
+    if (systemFlags & FLAG_VerifyFile) {
+        printDump(ptr->data, ptr->size);
+    }
+    if (size < 0) {
+        perror(filename);
+        return CKR_FUNCTION_FAILED;
+    } else if (size != ptr->size) {
+        fprintf(stderr, "%s: only read %d bytes, needed to read %d bytes\n",
+                filename, size, ptr->size);
+        return CKR_FUNCTION_FAILED;
+    }
+    close(fd);
+    return CKR_OK;
+}
+
+CK_RV
+save(const char *filename, Value *ptr)
+{
+    int fd, size;
+
+    fd = open(filename, O_WRONLY | O_BINARY | O_CREAT, 0666);
+    if (fd < 0) {
+        perror(filename);
+        return CKR_FUNCTION_FAILED;
+    }
+
+    size = write(fd, ptr->data, ptr->size);
+    if (size < 0) {
+        perror(filename);
+        return CKR_FUNCTION_FAILED;
+    } else if (size != ptr->size) {
+        fprintf(stderr, "%s: only wrote %d bytes, need to write %d bytes\n",
+                filename, size, ptr->size);
+        return CKR_FUNCTION_FAILED;
+    }
+    close(fd);
+    return CKR_OK;
+}
+
+static CK_RV
+increment(Value *ptr, CK_ULONG value)
+{
+    if ((ptr->type & ArgMask) != ArgULong) {
+        return CKR_ARGUMENTS_BAD;
+    }
+    *(CK_ULONG *)ptr->data += value;
+    return CKR_OK;
+}
+
+static CK_RV
+decrement(Value *ptr, CK_ULONG value)
+{
+    if ((ptr->type & ArgMask) != ArgULong) {
+        return CKR_ARGUMENTS_BAD;
+    }
+    *(CK_ULONG *)ptr->data -= value;
+    return CKR_OK;
+}
+
+CK_RV
+printArg(Value *ptr, int arg_number)
+{
+    ArgType type = ptr->type & ArgMask;
+    CK_INFO *info;
+    CK_SLOT_INFO *slotInfo;
+    CK_TOKEN_INFO *tokenInfo;
+    CK_SESSION_INFO *sessionInfo;
+    CK_ATTRIBUTE *attribute;
+    CK_MECHANISM *mechanism;
+    CK_MECHANISM_INFO *mechanismInfo;
+    CK_C_INITIALIZE_ARGS *initArgs;
+    CK_FUNCTION_LIST *functionList;
+    CK_RV ckrv = CKR_OK;
+    ConstType constType;
+
+    if (arg_number) {
+        printf("Arg %d: \n", arg_number);
+    }
+    if (ptr->arraySize > 1) {
+        Value element;
+        int i;
+        int elementSize = ptr->size / ptr->arraySize;
+        char *dp = (char *)ptr->data;
+
+        /* build a temporary Value to hold a single element */
+        element.type = type;
+        element.constType = ptr->constType;
+        element.size = elementSize;
+        element.filename = ptr->filename;
+        element.reference = 1;
+        element.arraySize = 1;
+        for (i = 0; i < ptr->arraySize; i++) {
+            printf(" -----[ %d ] -----\n", i);
+            element.data = (void *)&dp[i * elementSize];
+            (void)printArg(&element, 0);
+        }
+        return ckrv;
+    }
+    if (ptr->data == NULL) {
+        printf(" NULL ptr to a %s\n", valueString[type]);
+        return ckrv;
+    }
+    switch (type) {
+        case ArgNone:
+            printf(" None\n");
+            break;
+        case ArgULong:
+            printf(" %lu (0x%lx)\n", *((CK_ULONG *)ptr->data),
+                   *((CK_ULONG *)ptr->data));
+            if (ptr->constType != ConstNone) {
+                printf(" ");
+                printConst(*(CK_ULONG *)ptr->data, ptr->constType, 1);
+            }
+            break;
+        case ArgVar:
+            printf(" %s\n", (char *)ptr->data);
+            break;
+        case ArgUTF8:
+            printf(" %s\n", (char *)ptr->data);
+            break;
+        case ArgChar:
+            printDump(ptr->data, ptr->size);
+            break;
+        case ArgInfo:
+#define VERSION(x) (x).major, (x).minor
+            info = (CK_INFO *)ptr->data;
+            printf(" Cryptoki Version: %d.%02d\n",
+                   VERSION(info->cryptokiVersion));
+            printf(" Manufacturer ID: ");
+            printChars((char *)info->manufacturerID,
+                       sizeof(info->manufacturerID));
+            printFlags(" Flags: ", info->flags, ConstInfoFlags);
+            printf(" Library Description: ");
+            printChars((char *)info->libraryDescription,
+                       sizeof(info->libraryDescription));
+            printf(" Library Version: %d.%02d\n",
+                   VERSION(info->libraryVersion));
+            break;
+        case ArgSlotInfo:
+            slotInfo = (CK_SLOT_INFO *)ptr->data;
+            printf(" Slot Description: ");
+            printChars((char *)slotInfo->slotDescription,
+                       sizeof(slotInfo->slotDescription));
+            printf(" Manufacturer ID: ");
+            printChars((char *)slotInfo->manufacturerID,
+                       sizeof(slotInfo->manufacturerID));
+            printFlags(" Flags: ", slotInfo->flags, ConstSlotFlags);
+            printf(" Hardware Version: %d.%02d\n",
+                   VERSION(slotInfo->hardwareVersion));
+            printf(" Firmware Version: %d.%02d\n",
+                   VERSION(slotInfo->firmwareVersion));
+            break;
+        case ArgTokenInfo:
+            tokenInfo = (CK_TOKEN_INFO *)ptr->data;
+            printf(" Label: ");
+            printChars((char *)tokenInfo->label, sizeof(tokenInfo->label));
+            printf(" Manufacturer ID: ");
+            printChars((char *)tokenInfo->manufacturerID,
+                       sizeof(tokenInfo->manufacturerID));
+            printf(" Model: ");
+            printChars((char *)tokenInfo->model, sizeof(tokenInfo->model));
+            printf(" Serial Number: ");
+            printChars((char *)tokenInfo->serialNumber,
+                       sizeof(tokenInfo->serialNumber));
+            printFlags(" Flags: ", tokenInfo->flags, ConstTokenFlags);
+            printf(" Max Session Count: ");
+            printConst(tokenInfo->ulMaxSessionCount, ConstAvailableSizes, 1);
+            printf(" Session Count: ");
+            printConst(tokenInfo->ulSessionCount, ConstCurrentSize, 1);
+            printf(" RW Session Count: ");
+            printConst(tokenInfo->ulMaxRwSessionCount, ConstAvailableSizes, 1);
+            printf(" Max Pin Length : ");
+            printConst(tokenInfo->ulMaxPinLen, ConstCurrentSize, 1);
+            printf(" Min Pin Length : ");
+            printConst(tokenInfo->ulMinPinLen, ConstCurrentSize, 1);
+            printf(" Total Public Memory: ");
+            printConst(tokenInfo->ulTotalPublicMemory, ConstAvailableSizes, 1);
+            printf(" Free Public Memory: ");
+            printConst(tokenInfo->ulFreePublicMemory, ConstCurrentSize, 1);
+            printf(" Total Private Memory: ");
+            printConst(tokenInfo->ulTotalPrivateMemory, ConstAvailableSizes, 1);
+            printf(" Free Private Memory: ");
+            printConst(tokenInfo->ulFreePrivateMemory, ConstCurrentSize, 1);
+            printf(" Hardware Version: %d.%02d\n",
+                   VERSION(tokenInfo->hardwareVersion));
+            printf(" Firmware Version: %d.%02d\n",
+                   VERSION(tokenInfo->firmwareVersion));
+            printf(" UTC Time: ");
+            printChars((char *)tokenInfo->utcTime, sizeof(tokenInfo->utcTime));
+            break;
+        case ArgSessionInfo:
+            sessionInfo = (CK_SESSION_INFO *)ptr->data;
+            printf(" SlotID: 0x%08lx\n", sessionInfo->slotID);
+            printf(" State: ");
+            printConst(sessionInfo->state, ConstSessionState, 1);
+            printFlags(" Flags: ", sessionInfo->flags, ConstSessionFlags);
+            printf(" Device error: %lu 0x%08lx\n", sessionInfo->ulDeviceError,
+                   sessionInfo->ulDeviceError);
+            break;
+        case ArgAttribute:
+            attribute = (CK_ATTRIBUTE *)ptr->data;
+            printf(" Attribute Type: ");
+            printConst(attribute->type, ConstAttribute, 1);
+            printf(" Attribute Data: ");
+            if (attribute->pValue == NULL) {
+                printf("NULL\n");
+                printf("Attribute Len: %lu\n", attribute->ulValueLen);
+            } else {
+                constType = getConstFromAttribute(attribute->type);
+                if (constType != ConstNone) {
+                    CK_ULONG value = (constType == ConstBool) ? *(CK_BBOOL *)attribute->pValue
+                                                              : *(CK_ULONG *)attribute->pValue;
+                    printConst(value, constType, 1);
+                } else {
+                    printf("\n");
+                    printDump(attribute->pValue, attribute->ulValueLen);
+                }
+            }
+            break;
+        case ArgMechanism:
+            mechanism = (CK_MECHANISM *)ptr->data;
+            printf(" Mechanism Type: ");
+            printConst(mechanism->mechanism, ConstMechanism, 1);
+            printf(" Mechanism Data:\n");
+            printDump(mechanism->pParameter, mechanism->ulParameterLen);
+            break;
+        case ArgMechanismInfo:
+            mechanismInfo = (CK_MECHANISM_INFO *)ptr->data;
+            printf(" Minimum Key Size: %ld\n", mechanismInfo->ulMinKeySize);
+            printf(" Maximum Key Size: %ld\n", mechanismInfo->ulMaxKeySize);
+            printFlags(" Flags: ", mechanismInfo->flags, ConstMechanismFlags);
+            break;
+        case ArgInitializeArgs:
+            initArgs = (CK_C_INITIALIZE_ARGS *)ptr->data;
+            printFlags(" Flags: ", initArgs->flags, ConstInitializeFlags);
+            if (initArgs->LibraryParameters) {
+                printf("Params: %s\n", (char *)initArgs->LibraryParameters);
+            }
+        case ArgFunctionList:
+            functionList = (CK_FUNCTION_LIST *)ptr->data;
+            printf(" Version: %d.%02d\n", VERSION(functionList->version));
+#ifdef notdef
+#undef CK_NEED_ARG_LIST
+#define CK_PKCS11_FUNCTION_INFO(func) \
+    printf(" %s: 0x%08lx\n", #func, (unsigned long)functionList->func);
+#include "pkcs11f.h"
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+#endif
+        default:
+            ckrv = CKR_ARGUMENTS_BAD;
+            break;
+    }
+
+    return ckrv;
+}
+
+/*
+ * Feeling ambitious? turn this whole thing into lexx yacc parser
+ * with full expressions.
+ */
+Value **
+parseArgs(int index, const char *bp)
+{
+    const Commands *cp = &commands[index];
+    int size = strlen(cp->fname);
+    int i;
+    CK_ULONG value;
+    char vname[512];
+    Value **argList, *possible;
+    ConstType constType;
+
+    /*
+     * skip pass the command
+     */
+    if ((cp->fname[0] == 'C') && (cp->fname[1] == '_') && (bp[1] != '_')) {
+        size -= 2;
+    }
+    bp += size;
+
+    /*
+     * Initialize our argument list
+     */
+    argList = (Value **)malloc(sizeof(Value *) * MAX_ARGS);
+    for (i = 0; i < MAX_ARGS; i++) {
+        argList[i] = NULL;
+    }
+
+    /*
+     * Walk the argument list parsing it...
+     */
+    for (i = 0; i < MAX_ARGS; i++) {
+        ArgType type = cp->args[i] & ArgMask;
+        int error;
+
+        /* strip blanks */
+        bp = strip(bp);
+
+        /* if we hit ArgNone, we've nabbed all the arguments we need */
+        if (type == ArgNone) {
+            break;
+        }
+
+        /* if we run out of space in the line, we weren't given enough
+         * arguments... */
+        if (*bp == '\0') {
+            /* we're into optional arguments, ok to quit now */
+            if (cp->args[i] & ArgOpt) {
+                break;
+            }
+            fprintf(stderr, "%s: only %d args found,\n", cp->fname, i);
+            parseFree(argList);
+            return NULL;
+        }
+
+        /* collect all the rest of the command line and send
+         * it as a single argument */
+        if (cp->args[i] & ArgFull) {
+            int size = strlen(bp) + 1;
+            argList[i] = NewValue(type, size);
+            memcpy(argList[i]->data, bp, size);
+            break;
+        }
+
+        /*
+         * look up the argument in our variable list first... only
+         * exception is the new argument type for set...
+         */
+        error = 0;
+        if ((cp->args[i] != (ArgVar | ArgNew)) &&
+            (possible = varLookup(bp, vname, sizeof(vname), &error))) {
+            /* ints are only compatible with other ints... all other types
+            * are interchangeable... */
+            if (type != ArgVar) { /* ArgVar's match anyone */
+                if ((type == ArgULong) ^
+                    ((possible->type & ArgMask) == ArgULong)) {
+                    fprintf(stderr, "%s: Arg %d incompatible type with <%s>\n",
+                            cp->fname, i + 1, vname);
+                    argFree(possible);
+                    parseFree(argList);
+                    return NULL;
+                }
+                /*
+                 * ... that is as long as they are big enough...
+                 */
+                if (ArgSize(type) > possible->size) {
+                    fprintf(stderr,
+                            "%s: Arg %d %s is too small (%d bytes needs to be %d bytes)\n",
+                            cp->fname, i + 1, vname, possible->size, ArgSize(type));
+                    argFree(possible);
+                    parseFree(argList);
+                    return NULL;
+                }
+            }
+
+            /* everything looks kosher here, use it */
+            argList[i] = possible;
+
+            bp = readChars(bp, vname, sizeof(vname));
+            if (cp->args[i] & ArgOut) {
+                possible->type |= ArgOut;
+            }
+            continue;
+        }
+
+        if (error == 1) {
+            parseFree(argList);
+            return NULL;
+        }
+
+        /* create space for our argument */
+        argList[i] = NewValue(type, 1);
+
+        if ((PL_strncasecmp(bp, "null", 4) == 0) && ((bp[4] == 0) ||
+                                                     (bp[4] ==
+                                                      ' ') ||
+                                                     (bp[4] ==
+                                                      '\t') ||
+                                                     (bp[4] == '\n'))) {
+            if (cp->args[i] == ArgULong) {
+                fprintf(stderr, "%s: Arg %d CK_ULONG can't be NULL\n",
+                        cp->fname, i + 1);
+                parseFree(argList);
+                return NULL;
+            }
+            argFreeData(argList[i]);
+            argList[i]->data = NULL;
+            argList[i]->size = 0;
+            bp += 4;
+            if (*bp)
+                bp++;
+            continue;
+        }
+
+        /* if we're an output variable, we need to add it */
+        if (cp->args[i] & ArgOut) {
+            if (PL_strncasecmp(bp, "file(", 5) == 0 /* ) */) {
+                char filename[512];
+                bp = readChars(bp + 5, filename, sizeof(filename));
+                size = PL_strlen(filename);
+                if ((size > 0) && (/* ( */ filename[size - 1] == ')')) {
+                    filename[size - 1] = 0;
+                }
+                filename[size] = 0;
+                argList[i]->filename = (char *)malloc(size + 1);
+
+                PL_strcpy(argList[i]->filename, filename);
+
+                argList[i]->type |= ArgOut | ArgFile;
+                break;
+            }
+            bp = AddVariable(bp, &argList[i]);
+            argList[i]->type |= ArgOut;
+            continue;
+        }
+
+        if (PL_strncasecmp(bp, "file(", 5) == 0 /* ) */) {
+            char filename[512];
+
+            bp = readChars(bp + 5, filename, sizeof(filename));
+            size = PL_strlen(filename);
+            if ((size > 0) && (/* ( */ filename[size - 1] == ')')) {
+                filename[size - 1] = 0;
+            }
+
+            if (restore(filename, argList[i]) != CKR_OK) {
+                parseFree(argList);
+                return NULL;
+            }
+            continue;
+        }
+
+        switch (type) {
+            case ArgULong:
+                bp = constLookup(bp, &value, &constType);
+                *(int *)argList[i]->data = value;
+                argList[i]->constType = constType;
+                break;
+            case ArgVar:
+                argFreeData(argList[i]);
+                size = getEnd(bp) + 1;
+                argList[i]->data = (void *)malloc(size);
+                argList[i]->size = size;
+            /* fall through */
+            case ArgInfo:
+            case ArgSlotInfo:
+            case ArgTokenInfo:
+            case ArgSessionInfo:
+            case ArgAttribute:
+            case ArgMechanism:
+            case ArgMechanismInfo:
+            case ArgInitializeArgs:
+            case ArgUTF8:
+            case ArgChar:
+                bp = readChars(bp, (char *)argList[i]->data, argList[i]->size);
+            case ArgNone:
+            default:
+                break;
+        }
+    }
+
+    return argList;
+}
+
+/* lookup the command in the array */
+int
+lookup(const char *buf)
+{
+    int size, i;
+    int buflen;
+
+    buflen = PL_strlen(buf);
+
+    for (i = 0; i < commandCount; i++) {
+        size = PL_strlen(commands[i].fname);
+
+        if (size <= buflen) {
+            if (PL_strncasecmp(buf, commands[i].fname, size) == 0) {
+                return i;
+            }
+        }
+        if (size - 2 <= buflen) {
+            if (commands[i].fname[0] == 'C' && commands[i].fname[1] == '_' &&
+                (PL_strncasecmp(buf, &commands[i].fname[2], size - 2) == 0)) {
+                return i;
+            }
+        }
+    }
+    fprintf(stderr, "Can't find command %s\n", buf);
+    return -1;
+}
+
+void
+putOutput(Value **ptr)
+{
+    int i;
+
+    for (i = 0; i < MAX_ARGS; i++) {
+        ArgType type;
+
+        if (ptr[i] == NULL)
+            break;
+
+        type = ptr[i]->type;
+
+        ptr[i]->type &= ~ArgOut;
+        if (type == ArgNone) {
+            break;
+        }
+        if (type & ArgOut) {
+            (void)printArg(ptr[i], i + 1);
+        }
+        if (type & ArgFile) {
+            save(ptr[i]->filename, ptr[i]);
+            free(ptr[i]->filename);
+            ptr[i]->filename = NULL; /* paranoia */
+        }
+    }
+}
+
+CK_RV
+unloadModule(Module *module)
+{
+    char *disableUnload = NULL;
+
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+
+    if (module->library && !disableUnload) {
+        PR_UnloadLibrary(module->library);
+    }
+
+    module->library = NULL;
+    module->functionList = NULL;
+
+    return CKR_OK;
+}
+
+CK_RV
+loadModule(Module *module, char *library)
+{
+    PRLibrary *newLibrary;
+    CK_C_GetFunctionList getFunctionList;
+    CK_FUNCTION_LIST *functionList;
+    CK_RV ckrv;
+
+    newLibrary = PR_LoadLibrary(library);
+    if (!newLibrary) {
+        fprintf(stderr, "Couldn't load library %s\n", library);
+        return CKR_FUNCTION_FAILED;
+    }
+    getFunctionList = (CK_C_GetFunctionList)
+        PR_FindSymbol(newLibrary, "C_GetFunctionList");
+    if (!getFunctionList) {
+        fprintf(stderr, "Couldn't find \"C_GetFunctionList\" in %s\n", library);
+        return CKR_FUNCTION_FAILED;
+    }
+
+    ckrv = (*getFunctionList)(&functionList);
+    if (ckrv != CKR_OK) {
+        return ckrv;
+    }
+
+    if (module->library) {
+        PR_UnloadLibrary(module->library);
+    }
+
+    module->library = newLibrary;
+    module->functionList = functionList;
+
+    return CKR_OK;
+}
+
+static void
+printHelp(int index, int full)
+{
+    int j;
+    printf(" %s", commands[index].fname);
+    for (j = 0; j < MAX_ARGS; j++) {
+        ArgType type = commands[index].args[j] & ArgMask;
+        if (type == ArgNone) {
+            break;
+        }
+        printf(" %s", valueString[type]);
+    }
+    printf("\n");
+    printf(" %s\n", commands[index].helpString);
+}
+
+/* add Topical help here ! */
+static CK_RV
+printTopicHelp(char *topic)
+{
+    int size, i;
+    int topicLen;
+
+    topicLen = PL_strlen(topic);
+
+    for (i = 0; i < topicCount; i++) {
+        size = PL_strlen(topics[i].name);
+
+        if (size <= topicLen) {
+            if (PL_strncasecmp(topic, topics[i].name, size) == 0) {
+                break;
+            }
+        }
+    }
+
+    if (i == topicCount) {
+        fprintf(stderr, "Can't find topic '%s'\n", topic);
+        return CKR_DATA_INVALID;
+    }
+
+    printf(" %s", topic);
+    printf("\n");
+    printf(" %s\n", topics[i].helpString);
+    return CKR_OK;
+}
+
+static CK_RV
+printGeneralHelp(void)
+{
+    int i;
+    printf(" To get help on commands, select from the list below:");
+    for (i = 0; i < commandCount; i++) {
+        if (i % 5 == 0)
+            printf("\n");
+        printf("%s,", commands[i].fname);
+    }
+    printf("\n");
+    /* print help topics */
+    printf(" To get help on a topic, select from the list below:");
+    for (i = 0; i < topicCount; i++) {
+        if (i % 5 == 0)
+            printf("\n");
+        printf("%s,", topics[i].name);
+    }
+    printf("\n");
+    return CKR_OK;
+}
+
+static CK_RV
+quitIf(CK_ULONG a, const char *cmp, CK_ULONG b)
+{
+    if (strcmp(cmp, "<") == 0) {
+        return (a < b) ? CKR_QUIT : CKR_OK;
+    } else if (strcmp(cmp, ">") == 0) {
+        return (a > b) ? CKR_QUIT : CKR_OK;
+    } else if (strcmp(cmp, "<=") == 0) {
+        return (a <= b) ? CKR_QUIT : CKR_OK;
+    } else if (strcmp(cmp, ">=") == 0) {
+        return (a >= b) ? CKR_QUIT : CKR_OK;
+    } else if (strcmp(cmp, "=") == 0) {
+        return (a == b) ? CKR_QUIT : CKR_OK;
+    } else if (strcmp(cmp, "!=") == 0) {
+        return (a != b) ? CKR_QUIT : CKR_OK;
+    }
+    printf("Unkown integer comparator: '%s'\n", cmp);
+    return CKR_ARGUMENTS_BAD;
+}
+
+static CK_RV
+quitIfString(const char *a, const char *cmp, const char *b)
+{
+
+    if (strcmp(cmp, "=") == 0) {
+        return (strcmp(a, b) == 0) ? CKR_QUIT : CKR_OK;
+    } else if (strcmp(cmp, "!=") == 0) {
+        return (strcmp(a, b) != 0) ? CKR_QUIT : CKR_OK;
+    }
+    printf("Unkown string comparator: '%s'\n", cmp);
+    return CKR_ARGUMENTS_BAD;
+}
+
+CK_RV run(const char *);
+CK_RV timeCommand(const char *);
+CK_RV loop(const char *filename, const char *var,
+           CK_ULONG start, CK_ULONG end, CK_ULONG step);
+
+/*
+ * Actually dispatch the function... Bad things happen
+ * if these don't match the commands array.
+ */
+CK_RV
+do_func(int index, Value **a)
+{
+    int value, helpIndex;
+    static Module module = { NULL, NULL };
+    CK_FUNCTION_LIST *func = module.functionList;
+
+    switch (commands[index].fType) {
+        case F_C_Initialize:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Initialize((void *)a[0]->data);
+        case F_C_Finalize:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Finalize((void *)a[0]->data);
+        case F_C_GetInfo:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetInfo((CK_INFO *)a[0]->data);
+        case F_C_GetFunctionList:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetFunctionList((CK_FUNCTION_LIST **)a[0]->data);
+        case F_C_GetSlotList:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetSlotList((CK_BBOOL) * (CK_ULONG *)a[0]->data,
+                                       (CK_SLOT_ID *)a[1]->data,
+                                       (CK_ULONG *)a[2]->data);
+        case F_C_GetSlotInfo:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetSlotInfo(*(CK_ULONG *)a[0]->data,
+                                       (CK_SLOT_INFO *)a[1]->data);
+        case F_C_GetTokenInfo:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetTokenInfo(*(CK_ULONG *)a[0]->data,
+                                        (CK_TOKEN_INFO *)a[1]->data);
+        case F_C_GetMechanismList:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            if (a[1]->data) {
+                a[1]->constType = ConstMechanism;
+            }
+            return func->C_GetMechanismList(*(CK_ULONG *)a[0]->data,
+                                            (CK_MECHANISM_TYPE *)a[1]->data,
+                                            (CK_ULONG *)a[2]->data);
+        case F_C_GetMechanismInfo:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetMechanismInfo(*(CK_ULONG *)a[0]->data,
+                                            *(CK_ULONG *)a[1]->data,
+                                            (CK_MECHANISM_INFO *)a[2]->data);
+        case F_C_InitToken:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_InitToken(*(CK_ULONG *)a[0]->data,
+                                     (CK_CHAR *)a[1]->data,
+                                     *(CK_ULONG *)a[2]->data,
+                                     (CK_CHAR *)a[3]->data);
+        case F_C_InitPIN:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_InitPIN(*(CK_ULONG *)a[0]->data,
+                                   (CK_CHAR *)a[1]->data,
+                                   *(CK_ULONG *)a[2]->data);
+        case F_C_SetPIN:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SetPIN(*(CK_ULONG *)a[0]->data,
+                                  (CK_CHAR *)a[1]->data,
+                                  *(CK_ULONG *)a[2]->data,
+                                  (CK_CHAR *)a[3]->data,
+                                  *(CK_ULONG *)a[4]->data);
+        case F_C_OpenSession:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_OpenSession(*(CK_ULONG *)a[0]->data,
+                                       *(CK_ULONG *)a[1]->data,
+                                       (void *)NULL,
+                                       (CK_NOTIFY)NULL,
+                                       (CK_ULONG *)a[2]->data);
+        case F_C_CloseSession:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_CloseSession(*(CK_ULONG *)a[0]->data);
+        case F_C_CloseAllSessions:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_CloseAllSessions(*(CK_ULONG *)a[0]->data);
+        case F_C_GetSessionInfo:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetSessionInfo(*(CK_ULONG *)a[0]->data,
+                                          (CK_SESSION_INFO *)a[1]->data);
+        case F_C_GetOperationState:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetOperationState(*(CK_ULONG *)a[0]->data,
+                                             (CK_BYTE *)a[1]->data,
+                                             (CK_ULONG *)a[2]->data);
+        case F_C_SetOperationState:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SetOperationState(*(CK_ULONG *)a[0]->data,
+                                             (CK_CHAR *)a[1]->data,
+                                             *(CK_ULONG *)a[2]->data,
+                                             *(CK_ULONG *)a[3]->data,
+                                             *(CK_ULONG *)a[4]->data);
+        case F_C_Login:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Login(*(CK_ULONG *)a[0]->data,
+                                 *(CK_ULONG *)a[1]->data,
+                                 (CK_CHAR *)a[2]->data,
+                                 *(CK_ULONG *)a[3]->data);
+        case F_C_Logout:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Logout(*(CK_ULONG *)a[0]->data);
+        case F_C_CreateObject:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_CreateObject(*(CK_ULONG *)a[0]->data,
+                                        (CK_ATTRIBUTE *)a[1]->data,
+                                        *(CK_ULONG *)a[2]->data,
+                                        (CK_ULONG *)a[3]->data);
+        case F_C_CopyObject:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_CopyObject(*(CK_ULONG *)a[0]->data,
+                                      *(CK_ULONG *)a[0]->data,
+                                      (CK_ATTRIBUTE *)a[1]->data,
+                                      *(CK_ULONG *)a[2]->data,
+                                      (CK_ULONG *)a[3]->data);
+        case F_C_DestroyObject:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DestroyObject(*(CK_ULONG *)a[0]->data,
+                                         *(CK_ULONG *)a[1]->data);
+        case F_C_GetObjectSize:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetObjectSize(*(CK_ULONG *)a[0]->data,
+                                         *(CK_ULONG *)a[1]->data,
+                                         (CK_ULONG *)a[2]->data);
+        case F_C_GetAttributeValue:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetAttributeValue(*(CK_ULONG *)a[0]->data,
+                                             *(CK_ULONG *)a[1]->data,
+                                             (CK_ATTRIBUTE *)a[2]->data,
+                                             *(CK_ULONG *)a[3]->data);
+        case F_C_SetAttributeValue:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SetAttributeValue(*(CK_ULONG *)a[0]->data,
+                                             *(CK_ULONG *)a[1]->data,
+                                             (CK_ATTRIBUTE *)a[2]->data,
+                                             *(CK_ULONG *)a[3]->data);
+        case F_C_FindObjectsInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_FindObjectsInit(*(CK_ULONG *)a[0]->data,
+                                           (CK_ATTRIBUTE *)a[1]->data,
+                                           *(CK_ULONG *)a[2]->data);
+        case F_C_FindObjects:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_FindObjects(*(CK_ULONG *)a[0]->data,
+                                       (CK_ULONG *)a[1]->data,
+                                       *(CK_ULONG *)a[2]->data,
+                                       (CK_ULONG *)a[3]->data);
+        case F_C_FindObjectsFinal:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_FindObjectsFinal(*(CK_ULONG *)a[0]->data);
+        case F_C_EncryptInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_EncryptInit(*(CK_ULONG *)a[0]->data,
+                                       (CK_MECHANISM *)a[1]->data,
+                                       *(CK_ULONG *)a[2]->data);
+        case F_C_Encrypt:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Encrypt(*(CK_ULONG *)a[0]->data,
+                                   (CK_CHAR *)a[1]->data,
+                                   *(CK_ULONG *)a[2]->data,
+                                   (CK_CHAR *)a[3]->data,
+                                   (CK_ULONG *)a[4]->data);
+        case F_C_EncryptUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_EncryptUpdate(*(CK_ULONG *)a[0]->data,
+                                         (CK_CHAR *)a[1]->data,
+                                         *(CK_ULONG *)a[2]->data,
+                                         (CK_CHAR *)a[3]->data,
+                                         (CK_ULONG *)a[4]->data);
+        case F_C_EncryptFinal:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_EncryptFinal(*(CK_ULONG *)a[0]->data,
+                                        (CK_CHAR *)a[1]->data,
+                                        (CK_ULONG *)a[2]->data);
+        case F_C_DecryptInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DecryptInit(*(CK_ULONG *)a[0]->data,
+                                       (CK_MECHANISM *)a[1]->data,
+                                       *(CK_ULONG *)a[2]->data);
+        case F_C_Decrypt:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Decrypt(*(CK_ULONG *)a[0]->data,
+                                   (CK_CHAR *)a[1]->data,
+                                   *(CK_ULONG *)a[2]->data,
+                                   (CK_CHAR *)a[3]->data,
+                                   (CK_ULONG *)a[4]->data);
+        case F_C_DecryptUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DecryptUpdate(*(CK_ULONG *)a[0]->data,
+                                         (CK_CHAR *)a[1]->data,
+                                         *(CK_ULONG *)a[2]->data,
+                                         (CK_CHAR *)a[3]->data,
+                                         (CK_ULONG *)a[4]->data);
+        case F_C_DecryptFinal:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DecryptFinal(*(CK_ULONG *)a[0]->data,
+                                        (CK_CHAR *)a[1]->data,
+                                        (CK_ULONG *)a[2]->data);
+        case F_C_DigestInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DigestInit(*(CK_ULONG *)a[0]->data,
+                                      (CK_MECHANISM *)a[1]->data);
+        case F_C_Digest:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Digest(*(CK_ULONG *)a[0]->data,
+                                  (CK_CHAR *)a[1]->data,
+                                  *(CK_ULONG *)a[2]->data,
+                                  (CK_CHAR *)a[3]->data,
+                                  (CK_ULONG *)a[4]->data);
+        case F_C_DigestUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DigestUpdate(*(CK_ULONG *)a[0]->data,
+                                        (CK_CHAR *)a[1]->data,
+                                        *(CK_ULONG *)a[2]->data);
+        case F_C_DigestKey:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DigestKey(*(CK_ULONG *)a[0]->data,
+                                     *(CK_ULONG *)a[1]->data);
+        case F_C_DigestFinal:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DigestFinal(*(CK_ULONG *)a[0]->data,
+                                       (CK_CHAR *)a[1]->data,
+                                       (CK_ULONG *)a[2]->data);
+        case F_C_SignInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SignInit(*(CK_ULONG *)a[0]->data,
+                                    (CK_MECHANISM *)a[1]->data,
+                                    *(CK_ULONG *)a[2]->data);
+        case F_C_Sign:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Sign(*(CK_ULONG *)a[0]->data,
+                                (CK_CHAR *)a[1]->data,
+                                *(CK_ULONG *)a[2]->data,
+                                (CK_CHAR *)a[3]->data,
+                                (CK_ULONG *)a[4]->data);
+        case F_C_SignUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SignUpdate(*(CK_ULONG *)a[0]->data,
+                                      (CK_CHAR *)a[1]->data,
+                                      *(CK_ULONG *)a[2]->data);
+        case F_C_SignFinal:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SignFinal(*(CK_ULONG *)a[0]->data,
+                                     (CK_CHAR *)a[1]->data,
+                                     (CK_ULONG *)a[2]->data);
+
+        case F_C_SignRecoverInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SignRecoverInit(*(CK_ULONG *)a[0]->data,
+                                           (CK_MECHANISM *)a[1]->data,
+                                           *(CK_ULONG *)a[2]->data);
+        case F_C_SignRecover:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SignRecover(*(CK_ULONG *)a[0]->data,
+                                       (CK_CHAR *)a[1]->data,
+                                       *(CK_ULONG *)a[2]->data,
+                                       (CK_CHAR *)a[3]->data,
+                                       (CK_ULONG *)a[4]->data);
+        case F_C_VerifyInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_VerifyInit(*(CK_ULONG *)a[0]->data,
+                                      (CK_MECHANISM *)a[1]->data,
+                                      *(CK_ULONG *)a[2]->data);
+        case F_C_Verify:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_Verify(*(CK_ULONG *)a[0]->data,
+                                  (CK_CHAR *)a[1]->data,
+                                  *(CK_ULONG *)a[2]->data,
+                                  (CK_CHAR *)a[3]->data,
+                                  *(CK_ULONG *)a[4]->data);
+        case F_C_VerifyUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_VerifyUpdate(*(CK_ULONG *)a[0]->data,
+                                        (CK_CHAR *)a[1]->data,
+                                        *(CK_ULONG *)a[2]->data);
+        case F_C_VerifyFinal:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_VerifyFinal(*(CK_ULONG *)a[0]->data,
+                                       (CK_CHAR *)a[1]->data,
+                                       *(CK_ULONG *)a[2]->data);
+
+        case F_C_VerifyRecoverInit:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_VerifyRecoverInit(*(CK_ULONG *)a[0]->data,
+                                             (CK_MECHANISM *)a[1]->data,
+                                             *(CK_ULONG *)a[2]->data);
+        case F_C_VerifyRecover:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_VerifyRecover(*(CK_ULONG *)a[0]->data,
+                                         (CK_CHAR *)a[1]->data,
+                                         *(CK_ULONG *)a[2]->data,
+                                         (CK_CHAR *)a[3]->data,
+                                         (CK_ULONG *)a[4]->data);
+        case F_C_DigestEncryptUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DigestEncryptUpdate(*(CK_ULONG *)a[0]->data,
+                                               (CK_CHAR *)a[1]->data,
+                                               *(CK_ULONG *)a[2]->data,
+                                               (CK_CHAR *)a[3]->data,
+                                               (CK_ULONG *)a[4]->data);
+        case F_C_DecryptDigestUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DecryptDigestUpdate(*(CK_ULONG *)a[0]->data,
+                                               (CK_CHAR *)a[1]->data,
+                                               *(CK_ULONG *)a[2]->data,
+                                               (CK_CHAR *)a[3]->data,
+                                               (CK_ULONG *)a[4]->data);
+        case F_C_SignEncryptUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SignEncryptUpdate(*(CK_ULONG *)a[0]->data,
+                                             (CK_CHAR *)a[1]->data,
+                                             *(CK_ULONG *)a[2]->data,
+                                             (CK_CHAR *)a[3]->data,
+                                             (CK_ULONG *)a[4]->data);
+        case F_C_DecryptVerifyUpdate:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DecryptVerifyUpdate(*(CK_ULONG *)a[0]->data,
+                                               (CK_CHAR *)a[1]->data,
+                                               *(CK_ULONG *)a[2]->data,
+                                               (CK_CHAR *)a[3]->data,
+                                               (CK_ULONG *)a[4]->data);
+        case F_C_GenerateKey:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GenerateKey(*(CK_ULONG *)a[0]->data,
+                                       (CK_MECHANISM *)a[1]->data,
+                                       (CK_ATTRIBUTE *)a[2]->data,
+                                       *(CK_ULONG *)a[3]->data,
+                                       (CK_ULONG *)a[4]->data);
+        case F_C_GenerateKeyPair:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GenerateKeyPair(*(CK_ULONG *)a[0]->data,
+                                           (CK_MECHANISM *)a[1]->data,
+                                           (CK_ATTRIBUTE *)a[2]->data,
+                                           *(CK_ULONG *)a[3]->data,
+                                           (CK_ATTRIBUTE *)a[4]->data,
+                                           *(CK_ULONG *)a[5]->data,
+                                           (CK_ULONG *)a[6]->data,
+                                           (CK_ULONG *)a[7]->data);
+        case F_C_WrapKey:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_WrapKey(*(CK_ULONG *)a[0]->data,
+                                   (CK_MECHANISM *)a[1]->data,
+                                   *(CK_ULONG *)a[2]->data,
+                                   *(CK_ULONG *)a[3]->data,
+                                   (CK_CHAR *)a[5]->data,
+                                   (CK_ULONG *)a[6]->data);
+        case F_C_UnwrapKey:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_UnwrapKey(*(CK_ULONG *)a[0]->data,
+                                     (CK_MECHANISM *)a[1]->data,
+                                     *(CK_ULONG *)a[2]->data,
+                                     (CK_CHAR *)a[3]->data,
+                                     *(CK_ULONG *)a[4]->data,
+                                     (CK_ATTRIBUTE *)a[5]->data,
+                                     *(CK_ULONG *)a[6]->data,
+                                     (CK_ULONG *)a[7]->data);
+        case F_C_DeriveKey:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_DeriveKey(*(CK_ULONG *)a[0]->data,
+                                     (CK_MECHANISM *)a[1]->data,
+                                     *(CK_ULONG *)a[2]->data,
+                                     (CK_ATTRIBUTE *)a[3]->data,
+                                     *(CK_ULONG *)a[4]->data,
+                                     (CK_ULONG *)a[5]->data);
+        case F_C_SeedRandom:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_SeedRandom(*(CK_ULONG *)a[0]->data,
+                                      (CK_CHAR *)a[1]->data,
+                                      *(CK_ULONG *)a[2]->data);
+        case F_C_GenerateRandom:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GenerateRandom(*(CK_ULONG *)a[0]->data,
+                                          (CK_CHAR *)a[1]->data,
+                                          *(CK_ULONG *)a[2]->data);
+        case F_C_GetFunctionStatus:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_GetFunctionStatus(*(CK_ULONG *)a[0]->data);
+        case F_C_CancelFunction:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_CancelFunction(*(CK_ULONG *)a[0]->data);
+        case F_C_WaitForSlotEvent:
+            if (!func)
+                return CKR_CRYPTOKI_NOT_INITIALIZED;
+            return func->C_WaitForSlotEvent(*(CK_ULONG *)a[0]->data,
+                                            (CK_ULONG *)a[1]->data,
+                                            (void *)a[2]->data);
+        /* set a variable */
+        case F_SetVar:
+        case F_SetStringVar:
+            (void)DeleteVariable(a[0]->data);
+            (void)AddVariable(a[0]->data, &a[1]);
+            return CKR_OK;
+        /* print a value */
+        case F_Print:
+            return printArg(a[0], 0);
+        case F_SaveVar:
+            return save(a[0]->data, a[1]);
+        case F_RestoreVar:
+            return restore(a[0]->data, a[1]);
+        case F_Delete:
+            return DeleteVariable(a[0]->data);
+        case F_Increment:
+            return increment(a[0], *(CK_ULONG *)a[1]->data);
+        case F_Decrement:
+            return decrement(a[0], *(CK_ULONG *)a[1]->data);
+        case F_List:
+            return list();
+        case F_Run:
+            return run(a[0]->data);
+        case F_Time:
+            return timeCommand(a[0]->data);
+        case F_Load:
+            return loadModule(&module, a[0]->data);
+        case F_Unload:
+            return unloadModule(&module);
+        case F_NewArray:
+            (void)DeleteVariable(a[0]->data);
+            return ArrayVariable(a[0]->data, a[1]->data, *(CK_ULONG *)a[2]->data);
+        case F_NewTemplate:
+            (void)DeleteVariable(a[0]->data);
+            return ArrayTemplate(a[0]->data, a[1]->data);
+        case F_BuildTemplate:
+            return BuildTemplate(a[0]);
+        case F_SetTemplate:
+            return SetTemplate(a[0],
+                               *(CK_ULONG *)a[1]->data,
+                               *(CK_ULONG *)a[2]->data);
+        case F_NewMechanism:
+            (void)DeleteVariable(a[0]->data);
+            return NewMechanism(a[0]->data, *(CK_ULONG *)a[1]->data);
+        case F_NewInitializeArgs:
+            (void)DeleteVariable(a[0]->data);
+            return NewInitializeArgs(a[0]->data, *(CK_ULONG *)a[1]->data, a[2]->data);
+        case F_System:
+            value = *(int *)a[0]->data;
+            if (value & 0x80000000) {
+                systemFlags &= ~value;
+            } else {
+                systemFlags |= value;
+            }
+            return CKR_OK;
+        case F_Loop:
+            return loop(a[0]->data, a[1]->data, *(CK_ULONG *)a[2]->data,
+                        *(CK_ULONG *)a[3]->data, *(CK_ULONG *)a[4]->data);
+        case F_Help:
+            if (a[0]) {
+                helpIndex = lookup(a[0]->data);
+                if (helpIndex < 0) {
+                    return printTopicHelp(a[0]->data);
+                }
+                printHelp(helpIndex, 1);
+                return CKR_OK;
+            }
+            return printGeneralHelp();
+        case F_QuitIfString:
+            return quitIfString(a[0]->data, a[1]->data, a[2]->data);
+        case F_QuitIf:
+            return quitIf(*(CK_ULONG *)a[0]->data, a[1]->data, *(CK_ULONG *)a[2]->data);
+        case F_Quit:
+            return CKR_QUIT;
+        default:
+            fprintf(stderr,
+                    "Function %s not yet supported\n", commands[index].fname);
+            return CKR_OK;
+    }
+    /* Not Reached */
+    return CKR_OK;
+}
+
+CK_RV
+processCommand(const char *buf)
+{
+    CK_RV error = CKR_OK;
+    int index;
+    const char *bp;
+    Value **arglist;
+
+    bp = strip(buf);
+    /* allow comments and blank lines in scripts */
+    if ((*bp == '#') || (*bp == 0) || (*bp == '\n')) {
+        return CKR_OK;
+    }
+
+    index = lookup(bp);
+
+    if (index < 0) {
+        return CKR_OK;
+    }
+
+    arglist = parseArgs(index, bp);
+    if (arglist == NULL) {
+        return CKR_OK;
+    }
+
+    error = do_func(index, arglist);
+    if (error == CKR_OK) {
+        putOutput(arglist);
+    } else if (error != CKR_QUIT) {
+        printf(">> Error : ");
+        printConst(error, ConstResult, 1);
+    }
+
+    parseFree(arglist);
+    return error;
+}
+
+CK_RV
+timeCommand(const char *command)
+{
+    CK_RV ckrv;
+    PRIntervalTime startTime = PR_IntervalNow();
+    PRIntervalTime endTime;
+    PRIntervalTime elapsedTime;
+
+    ckrv = processCommand(command);
+
+    endTime = PR_IntervalNow();
+    elapsedTime = endTime - startTime;
+    printf("Time -- %d msec \n",
+           PR_IntervalToMilliseconds(elapsedTime));
+
+    return ckrv;
+}
+
+CK_RV
+process(FILE *inFile, int user)
+{
+    char buf[2048];
+    CK_RV error;
+    CK_RV ckrv = CKR_OK;
+
+    if (user) {
+        printf("pkcs11> ");
+        fflush(stdout);
+    }
+
+    while (fgets(buf, 2048, inFile) != NULL) {
+
+        if (!user)
+            printf("* %s", buf);
+        error = processCommand(buf);
+        if (error == CKR_QUIT) {
+            break;
+        } else if (error != CKR_OK) {
+            ckrv = error;
+        }
+        if (user) {
+            printf("pkcs11> ");
+            fflush(stdout);
+        }
+    }
+    return ckrv;
+}
+
+CK_RV
+run(const char *filename)
+{
+    FILE *infile;
+    CK_RV ckrv;
+
+    infile = fopen(filename, "r");
+
+    if (infile == NULL) {
+        perror(filename);
+        return CKR_FUNCTION_FAILED;
+    }
+
+    ckrv = process(infile, 0);
+
+    fclose(infile);
+    return ckrv;
+}
+
+CK_RV
+loop(const char *filename, const char *var,
+     CK_ULONG start, CK_ULONG end, CK_ULONG step)
+{
+    CK_ULONG i = 0;
+    Value *value = 0;
+    CK_RV ckrv;
+
+    for (i = start; i < end; i += step) {
+        value = NewValue(ArgULong, 1);
+        *(CK_ULONG *)value->data = i;
+        DeleteVariable(var);
+        AddVariable(var, &value);
+        ckrv = run(filename);
+        argFree(value);
+        if (ckrv == CKR_QUIT) {
+            break;
+        }
+    }
+    return ckrv;
+}
+
+int
+main(int argc, char **argv)
+{
+    /* I suppose that some day we could parse some arguments */
+    (void)process(stdin, 1);
+    return 0;
+}
diff --git a/nss/cmd/pk11util/scripts/dosign b/nss/cmd/pk11util/scripts/dosign
new file mode 100644
index 0000000..33e761f
--- /dev/null
+++ b/nss/cmd/pk11util/scripts/dosign
@@ -0,0 +1,162 @@
+Load nsscapi.dll
+C_Initialize NULL
+C_GetSlotList false NULL slotCount
+NewArray slotList CK_ULONG slotCount
+C_GetSlotList false slotList slotCount
+#change the following to the appropriate slot id
+set slotID 1
+#set slotID slotList[0]
+C_GetSlotInfo slotID slotInfo
+C_GetTokenInfo slotID tokenInfo
+C_OpenSession slotID CKF_SERIAL_SESSION session
+#
+#uncomment the following line and include the correct password
+#C_Login session CKU_USER 0000 4 
+#
+# build the search template
+#
+NewTemplate search CKA_CLASS
+SetTemplate search 0 CKO_CERTIFICATE
+NewArray certID CK_ULONG 10
+C_FindObjectsInit session search 1
+C_FindObjects session certID sizeA(certID) count
+C_FindObjectsFinal session
+#
+# now read the cert out
+#
+#NewTemplate derCert CKA_VALUE
+#NewTemplate certName CKA_LABEL,CKA_VALUE
+#C_GetAttributeValue session certID[0] certName sizeA(certName)
+#BuildTemplate certName
+#C_GetAttributeValue session certID[0] certName sizeA(certName)
+#print certName[0]
+Set countm1 count
+Decrement countm1 1
+LoopRun pLabel1 i 0 countm1 1
+Set i 1
+run pLabel1
+NewTemplate id CKA_CLASS,CKA_ID
+C_GetAttributeValue session certID[i] id sizeA(id)
+BuildTemplate id
+C_GetAttributeValue session certID[i] id sizeA(id)
+SetTemplate id 0 CKO_PRIVATE_KEY
+NewArray keyID CK_ULONG 10
+C_FindObjectsInit session id sizeA(id)
+C_FindObjects session keyID sizeA(keyID) count
+C_FindObjectsFinal session
+
+NewMechanism rsaParams CKM_RSA_PKCS
+NewArray sign data 256
+NewArray sdata data 36
+C_SignInit session rsaParams keyID[0]
+print sdata
+C_Sign session sdata sizeof(sdata) sign sizeof(sign)
+save signature sign
+save hash sdata
+NewTemplate privValue CKA_MODULUS,CKA_PUBLIC_EXPONENT
+C_GetAttributeValue session keyID[0] privValue sizeA(privValue)
+BuildTemplate privValue
+C_GetAttributeValue session keyID[0] privValue sizeA(privValue)
+print privValue[0]
+print privValue[1]
+
+# save the public key
+SetTemplate id 0 CKO_PUBLIC_KEY
+NewArray pubkeyID CK_ULONG 10
+C_FindObjectsInit session id sizeA(id)
+C_FindObjects session pubkeyID sizeA(pubkeyID) count
+C_FindObjectsFinal session
+NewTemplate pubkeyValue CKA_MODULUS,CKA_PUBLIC_EXPONENT
+C_GetAttributeValue session pubkeyID[0] pubkeyValue sizeA(pubkeyValue)
+BuildTemplate pubkeyValue
+C_GetAttributeValue session pubkeyID[0] pubkeyValue sizeA(pubkeyValue)
+print pubkeyValue[0]
+print pubkeyValue[1]
+
+
+C_Finalize null
+unload
+
+#
+# Now do the same for using softoken
+#
+load softokn3.dll
+NewInitArg init CKF_OS_LOCKING_OK configdir=./db
+C_Initialize init
+C_GetSlotList false NULL slotCount
+NewArray slotList CK_ULONG slotCount
+C_GetSlotList false slotList slotCount
+#change the following to the appropriate slot id
+set slotID slotList[1]
+#set slotID slotList[0]
+C_GetSlotInfo slotID slotInfo
+C_GetTokenInfo slotID tokenInfo
+C_OpenSession slotID CKF_SERIAL_SESSION session
+NewTemplate search CKA_CLASS
+SetTemplate search 0 CKO_CERTIFICATE
+NewArray certID CK_ULONG 10
+C_FindObjectsInit session search 1
+C_FindObjects session certID sizeA(certID) count
+C_FindObjectsFinal session
+#
+# now read the cert out
+#
+#NewTemplate derCert CKA_VALUE
+#NewTemplate certName CKA_LABEL,CKA_VALUE
+#C_GetAttributeValue session certID[0] certName sizeA(certName)
+#BuildTemplate certName
+#C_GetAttributeValue session certID[0] certName sizeA(certName)
+#print certName[0]
+#Set countm1 count
+#Decrement countm1 1
+#LoopRun pLabel1 i 0 countm1 1
+Set i 0
+run pLabel1
+NewTemplate id CKA_CLASS,CKA_ID
+C_GetAttributeValue session certID[i] id sizeA(id)
+BuildTemplate id
+C_GetAttributeValue session certID[i] id sizeA(id)
+SetTemplate id 0 CKO_PRIVATE_KEY
+NewArray keyID CK_ULONG 10
+C_FindObjectsInit session id sizeA(id)
+C_FindObjects session keyID sizeA(keyID) count
+C_FindObjectsFinal session
+
+NewMechanism rsaParams CKM_RSA_PKCS
+NewArray sign data 256
+NewArray sdata data 36
+C_SignInit session rsaParams keyID[0]
+C_Sign session sdata sizeof(sdata) sign sizeof(sign)
+save signature2 sign
+save hash2 sdata
+
+SetTemplate id 0 CKO_PUBLIC_KEY
+NewArray pubkeyID CK_ULONG 10
+C_FindObjectsInit session id sizeA(id)
+C_FindObjects session pubkeyID sizeA(pubkeyID) count
+C_FindObjectsFinal session
+
+#
+# OK now we use raw unwrap and see what we have...
+#
+NewMechanism rawRsaParams CKM_RSA_X_509
+NewArray vdata data 256
+C_VerifyRecoverInit session rawRsaParams pubkeyID[0]
+C_VerifyRecover session sign sizeof(sign) vdata sizeof(vdata)
+save verify2 vdata
+restore signature sign
+C_VerifyRecoverInit session rawRsaParams pubkeyID[0]
+C_VerifyRecover session sign sizeof(sign) vdata sizeof(vdata)
+save verify vdata
+
+NewTemplate pubkeyValue CKA_MODULUS,CKA_PUBLIC_EXPONENT
+C_GetAttributeValue session pubkeyID[0] pubkeyValue sizeA(pubkeyValue)
+BuildTemplate pubkeyValue
+C_GetAttributeValue session pubkeyID[0] pubkeyValue sizeA(pubkeyValue)
+print pubkeyValue[0]
+print pubkeyValue[1]
+
+
+C_Finalize null
+
+unload
diff --git a/nss/cmd/pk11util/scripts/hssign b/nss/cmd/pk11util/scripts/hssign
new file mode 100644
index 0000000..9bcf365
--- /dev/null
+++ b/nss/cmd/pk11util/scripts/hssign
@@ -0,0 +1,48 @@
+Load aolkeypk11.dll
+C_Initialize NULL
+C_GetSlotList false NULL slotCount
+NewArray slotList CK_ULONG slotCount
+C_GetSlotList false slotList slotCount
+#change the following to the appropriate slot id
+#set slotID slotList[0]
+set slotID 1
+C_GetSlotInfo slotID slotInfo
+C_GetTokenInfo slotID tokenInfo
+C_OpenSession slotID CK_SESSION_SERIAL session
+#
+#uncomment the following line and include the correct password
+#for authenticated tokens
+#C_Login session CKU_USER 0000 4
+#
+# build the search template
+#
+#NewTemplate search CKA_CLASS
+#SetTemplate search 0 CKO_CERTIFICATE
+#NewArray certID CK_ULONG 1
+#C_FindObjectsInit session search 1
+#C_FindObjects session certID 1 count
+#C_FindObjectsFinal session
+#
+# now read the cert out
+#
+#NewTemplate derCert CKA_VALUE
+#C_GetAttributeValue session certID derCert 1
+#BuildTemplate derCert
+#C_GetAttributeValue session certID derCert 1
+#
+# Do a signature
+#
+NewTemplate search CKA_CLASS
+SetTemplate search 0 CKO_PRIVATE_KEY
+NewArray privateKey CK_ULONG 1
+C_FindObjectsInit session search 1
+C_FindObjects session privateKey 1 count
+C_FindObjectsFinal session
+# sign
+NewMechanism rsaParams CKM_RSA_PKCS
+NewArray sign data 128
+NewArray sdata data 20
+C_SignInit session rsaParams privateKey
+C_Sign session sdata sizeof(sdata) sign sizeof(sign)
+#C_Logout session
+
diff --git a/nss/cmd/pk11util/scripts/lcert b/nss/cmd/pk11util/scripts/lcert
new file mode 100644
index 0000000..0f249c3
--- /dev/null
+++ b/nss/cmd/pk11util/scripts/lcert
@@ -0,0 +1,35 @@
+Load nsscapi.dll
+C_Initialize NULL
+C_GetSlotList false NULL slotCount
+NewArray slotList CK_ULONG slotCount
+C_GetSlotList false slotList slotCount
+#change the following to the appropriate slot id
+set slotID 1
+#set slotID slotList[0]
+C_GetSlotInfo slotID slotInfo
+C_GetTokenInfo slotID tokenInfo
+C_OpenSession slotID CKF_SERIAL_SESSION session
+#
+#uncomment the following line and include the correct password
+#C_Login session CKU_USER 0000 4 
+#
+# build the search template
+#
+NewTemplate search CKA_CLASS
+SetTemplate search 0 CKO_CERTIFICATE
+NewArray certID CK_ULONG 10
+C_FindObjectsInit session search 1
+C_FindObjects session certID sizeA(certID) count
+C_FindObjectsFinal session
+#
+# now read the cert out
+#
+#NewTemplate derCert CKA_VALUE
+#NewTemplate certName CKA_LABEL,CKA_VALUE
+#C_GetAttributeValue session certID[0] certName sizeA(certName)
+#BuildTemplate certName
+#C_GetAttributeValue session certID[0] certName sizeA(certName)
+#print certName[0]
+Set countm1 count
+Decrement countm1 1
+LoopRun pLabel1 i 0 countm1 1
diff --git a/nss/cmd/pk11util/scripts/mechanisms b/nss/cmd/pk11util/scripts/mechanisms
new file mode 100644
index 0000000..d103a9c
--- /dev/null
+++ b/nss/cmd/pk11util/scripts/mechanisms
@@ -0,0 +1,11 @@
+Load nsscapi.dll
+C_Initialize NULL
+C_GetSlotList false NULL slotCount
+NewArray slotList CK_ULONG slotCount
+C_GetSlotList false slotList slotCount
+
+LoopRun pMechanisms i 0 slotCount 1
+
+#C_Finalize
+#Unload
+
diff --git a/nss/cmd/pk11util/scripts/pLabel1 b/nss/cmd/pk11util/scripts/pLabel1
new file mode 100644
index 0000000..0be909b
--- /dev/null
+++ b/nss/cmd/pk11util/scripts/pLabel1
@@ -0,0 +1,6 @@
+NewTemplate certName CKA_LABEL,CKA_VALUE
+C_GetAttributeValue session certID[i] certName sizeA(certName)
+BuildTemplate certName
+C_GetAttributeValue session certID[i] certName sizeA(certName)
+print i
+print certName[0]
diff --git a/nss/cmd/pk11util/scripts/pMechanisms b/nss/cmd/pk11util/scripts/pMechanisms
new file mode 100644
index 0000000..82e8602
--- /dev/null
+++ b/nss/cmd/pk11util/scripts/pMechanisms
@@ -0,0 +1,8 @@
+#
+# print the mechanism list for a given token
+#
+set slotID slotList[i]
+C_GetMechanismList slotID NULL mechCount
+NewArray mechanismList CK_ULONG  mechcount
+C_GetMechanismList slotID mechanismList mechCount
+print mechanismList
diff --git a/nss/cmd/pk11util/scripts/pcert b/nss/cmd/pk11util/scripts/pcert
new file mode 100644
index 0000000..c322a8b
--- /dev/null
+++ b/nss/cmd/pk11util/scripts/pcert
@@ -0,0 +1,30 @@
+Load aolkeypk11.dll
+C_Initialize NULL
+C_GetSlotList false NULL slotCount
+NewArray slotList CK_ULONG slotCount
+C_GetSlotList false slotList slotCount
+#change the following to the appropriate slot id
+set slotID 1
+#set slotID slotList[0]
+C_GetSlotInfo slotID slotInfo
+C_GetTokenInfo slotID tokenInfo
+C_OpenSession slotID CK_SESSION_SERIAL session
+#
+#uncomment the following line and include the correct password
+#C_Login session CKU_USER 0000 4 
+#
+# build the search template
+#
+NewTemplate search CKA_CLASS
+SetTemplate search 0 CKO_CERTIFICATE
+NewArray certID CK_ULONG 1
+C_FindObjectsInit session search 1
+C_FindObjects session certID 1 count
+C_FindObjectsFinal session
+#
+# now read the cert out
+#
+NewTemplate derCert CKA_VALUE
+C_GetAttributeValue session certID derCert 1
+BuildTemplate derCert
+C_GetAttributeValue session certID derCert 1
diff --git a/nss/cmd/pk12util/Makefile b/nss/cmd/pk12util/Makefile
new file mode 100644
index 0000000..74ae200
--- /dev/null
+++ b/nss/cmd/pk12util/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
diff --git a/nss/cmd/pk12util/manifest.mn b/nss/cmd/pk12util/manifest.mn
new file mode 100644
index 0000000..5f7e0ab
--- /dev/null
+++ b/nss/cmd/pk12util/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = \
+	pk12util.c \
+	$(NULL)
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = dbm seccmd
+
+PROGRAM = pk12util
+
+# USE_STATIC_LIBS = 1
diff --git a/nss/cmd/pk12util/pk12util.c b/nss/cmd/pk12util/pk12util.c
new file mode 100644
index 0000000..33bc263
--- /dev/null
+++ b/nss/cmd/pk12util/pk12util.c
@@ -0,0 +1,1103 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef _CRTDBG_MAP_ALLOC
+#include <stdlib.h>
+#include <crtdbg.h>
+#endif
+
+#include "nspr.h"
+#include "secutil.h"
+#include "pk11func.h"
+#include "pkcs12.h"
+#include "p12plcy.h"
+#include "pk12util.h"
+#include "nss.h"
+#include "secport.h"
+#include "secpkcs5.h"
+#include "certdb.h"
+
+#define PKCS12_IN_BUFFER_SIZE 200
+
+static char *progName;
+PRBool pk12_debugging = PR_FALSE;
+PRBool dumpRawFile;
+
+PRIntn pk12uErrno = 0;
+
+static void
+Usage(char *progName)
+{
+#define FPS PR_fprintf(PR_STDERR,
+    FPS "Usage:	 %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname]\n",
+				 progName);
+    FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
+    FPS "\t\t [-v]\n");
+
+    FPS "Usage:	 %s -l listfile [-d certdir] [-P dbprefix] [-h tokenname]\n",
+				 progName);
+    FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
+    FPS "\t\t [-v]\n");
+
+    FPS "Usage:	 %s -o exportfile -n certname [-d certdir] [-P dbprefix]\n",
+		progName);
+    FPS "\t\t [-c key_cipher] [-C cert_cipher]\n"
+        "\t\t [-m | --key_len keyLen] [--cert_key_len certKeyLen] [-v]\n");
+    FPS "\t\t [-k slotpwfile | -K slotpw]\n"
+        "\t\t [-w p12filepwfile | -W p12filepw]\n");
+
+    exit(PK12UERR_USAGE);
+}
+
+static PRBool
+p12u_OpenFile(p12uContext *p12cxt, PRBool fileRead)
+{
+    if (!p12cxt || !p12cxt->filename) {
+        return PR_FALSE;
+    }
+
+    if (fileRead) {
+        p12cxt->file = PR_Open(p12cxt->filename,
+                               PR_RDONLY, 0400);
+    } else {
+        p12cxt->file = PR_Open(p12cxt->filename,
+                               PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
+                               0600);
+    }
+
+    if (!p12cxt->file) {
+        p12cxt->error = PR_TRUE;
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+static void
+p12u_DestroyContext(p12uContext **ppCtx, PRBool removeFile)
+{
+    if (!ppCtx || !(*ppCtx)) {
+        return;
+    }
+
+    if ((*ppCtx)->file != NULL) {
+        PR_Close((*ppCtx)->file);
+    }
+
+    if ((*ppCtx)->filename != NULL) {
+        if (removeFile) {
+            PR_Delete((*ppCtx)->filename);
+        }
+        PL_strfree((*ppCtx)->filename);
+        (*ppCtx)->filename = NULL;
+    }
+
+    PR_Free(*ppCtx);
+    *ppCtx = NULL;
+}
+
+static p12uContext *
+p12u_InitContext(PRBool fileImport, char *filename)
+{
+    p12uContext *p12cxt;
+
+    p12cxt = PORT_ZNew(p12uContext);
+    if (!p12cxt) {
+        return NULL;
+    }
+
+    p12cxt->error = PR_FALSE;
+    p12cxt->errorValue = 0;
+    p12cxt->filename = PL_strdup(filename);
+
+    if (!p12u_OpenFile(p12cxt, fileImport)) {
+        p12u_DestroyContext(&p12cxt, PR_FALSE);
+        return NULL;
+    }
+
+    return p12cxt;
+}
+
+SECItem *
+P12U_NicknameCollisionCallback(SECItem *old_nick, PRBool *cancel, void *wincx)
+{
+    char *nick = NULL;
+    SECItem *ret_nick = NULL;
+    CERTCertificate *cert = (CERTCertificate *)wincx;
+
+    if (!cancel || !cert) {
+        pk12uErrno = PK12UERR_USER_CANCELLED;
+        return NULL;
+    }
+
+    if (!old_nick)
+        fprintf(stdout, "pk12util: no nickname for cert in PKCS12 file.\n");
+
+#if 0
+    /* XXX not handled yet  */
+    *cancel = PR_TRUE;
+    return NULL;
+
+#else
+
+    nick = CERT_MakeCANickname(cert);
+    if (!nick) {
+        return NULL;
+    }
+
+    if (old_nick && old_nick->data && old_nick->len &&
+        PORT_Strlen(nick) == old_nick->len &&
+        !PORT_Strncmp((char *)old_nick->data, nick, old_nick->len)) {
+        PORT_Free(nick);
+        PORT_SetError(SEC_ERROR_IO);
+        return NULL;
+    }
+
+    fprintf(stdout, "pk12util: using nickname: %s\n", nick);
+    ret_nick = PORT_ZNew(SECItem);
+    if (ret_nick == NULL) {
+        PORT_Free(nick);
+        return NULL;
+    }
+
+    ret_nick->data = (unsigned char *)nick;
+    ret_nick->len = PORT_Strlen(nick);
+
+    return ret_nick;
+#endif
+}
+
+static SECStatus
+p12u_SwapUnicodeBytes(SECItem *uniItem)
+{
+    unsigned int i;
+    unsigned char a;
+    if ((uniItem == NULL) || (uniItem->len % 2)) {
+        return SECFailure;
+    }
+    for (i = 0; i < uniItem->len; i += 2) {
+        a = uniItem->data[i];
+        uniItem->data[i] = uniItem->data[i + 1];
+        uniItem->data[i + 1] = a;
+    }
+    return SECSuccess;
+}
+
+static PRBool
+p12u_ucs2_ascii_conversion_function(PRBool toUnicode,
+                                    unsigned char *inBuf,
+                                    unsigned int inBufLen,
+                                    unsigned char *outBuf,
+                                    unsigned int maxOutBufLen,
+                                    unsigned int *outBufLen,
+                                    PRBool swapBytes)
+{
+    SECItem it = { 0 };
+    SECItem *dup = NULL;
+    PRBool ret;
+
+#ifdef DEBUG_CONVERSION
+    if (pk12_debugging) {
+        int i;
+        printf("Converted from:\n");
+        for (i = 0; i < inBufLen; i++) {
+            printf("%2x ", inBuf[i]);
+            /*if (i%60 == 0) printf("\n");*/
+        }
+        printf("\n");
+    }
+#endif
+    it.data = inBuf;
+    it.len = inBufLen;
+    dup = SECITEM_DupItem(&it);
+    if (!dup) {
+        return PR_FALSE;
+    }
+    /* If converting Unicode to ASCII, swap bytes before conversion
+     * as neccessary.
+     */
+    if (!toUnicode && swapBytes) {
+        if (p12u_SwapUnicodeBytes(dup) != SECSuccess) {
+            SECITEM_ZfreeItem(dup, PR_TRUE);
+            return PR_FALSE;
+        }
+    }
+    /* Perform the conversion. */
+    ret = PORT_UCS2_UTF8Conversion(toUnicode, dup->data, dup->len,
+                                   outBuf, maxOutBufLen, outBufLen);
+    SECITEM_ZfreeItem(dup, PR_TRUE);
+
+#ifdef DEBUG_CONVERSION
+    if (pk12_debugging) {
+        int i;
+        printf("Converted to:\n");
+        for (i = 0; i < *outBufLen; i++) {
+            printf("%2x ", outBuf[i]);
+            /*if (i%60 == 0) printf("\n");*/
+        }
+        printf("\n");
+    }
+#endif
+    return ret;
+}
+
+SECStatus
+P12U_UnicodeConversion(PLArenaPool *arena, SECItem *dest, SECItem *src,
+                       PRBool toUnicode, PRBool swapBytes)
+{
+    unsigned int allocLen;
+    if (!dest || !src) {
+        return SECFailure;
+    }
+    allocLen = ((toUnicode) ? (src->len << 2) : src->len);
+    if (arena) {
+        dest->data = PORT_ArenaZAlloc(arena, allocLen);
+    } else {
+        dest->data = PORT_ZAlloc(allocLen);
+    }
+    if (PORT_UCS2_ASCIIConversion(toUnicode, src->data, src->len,
+                                  dest->data, allocLen, &dest->len,
+                                  swapBytes) == PR_FALSE) {
+        if (!arena) {
+            PORT_Free(dest->data);
+        }
+        dest->data = NULL;
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ *
+ */
+SECItem *
+P12U_GetP12FilePassword(PRBool confirmPw, secuPWData *p12FilePw)
+{
+    char *p0 = NULL;
+    SECItem *pwItem = NULL;
+
+    if (p12FilePw == NULL || p12FilePw->source == PW_NONE) {
+        char *p1 = NULL;
+        int rc;
+        for (;;) {
+            p0 = SECU_GetPasswordString(NULL,
+                                        "Enter password for PKCS12 file: ");
+            if (!confirmPw || p0 == NULL)
+                break;
+            p1 = SECU_GetPasswordString(NULL, "Re-enter password: ");
+            if (p1 == NULL) {
+                PORT_ZFree(p0, PL_strlen(p0));
+                p0 = NULL;
+                break;
+            }
+            rc = PL_strcmp(p0, p1);
+            PORT_ZFree(p1, PL_strlen(p1));
+            if (rc == 0)
+                break;
+            PORT_ZFree(p0, PL_strlen(p0));
+        }
+    } else if (p12FilePw->source == PW_FROMFILE) {
+        p0 = SECU_FilePasswd(NULL, PR_FALSE, p12FilePw->data);
+    } else { /* Plaintext */
+        p0 = PORT_Strdup(p12FilePw->data);
+    }
+
+    if (p0 == NULL) {
+        return NULL;
+    }
+    pwItem = SECITEM_AllocItem(NULL, NULL, PL_strlen(p0) + 1);
+    memcpy(pwItem->data, p0, pwItem->len);
+
+    PORT_ZFree(p0, PL_strlen(p0));
+
+    return pwItem;
+}
+
+SECStatus
+P12U_InitSlot(PK11SlotInfo *slot, secuPWData *slotPw)
+{
+    SECStatus rv;
+
+    /*	New databases, initialize keydb password. */
+    if (PK11_NeedUserInit(slot)) {
+        rv = SECU_ChangePW(slot,
+                           (slotPw->source == PW_PLAINTEXT) ? slotPw->data : 0,
+                           (slotPw->source == PW_FROMFILE) ? slotPw->data : 0);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "Failed to initialize slot \"%s\"",
+                            PK11_GetSlotName(slot));
+            return SECFailure;
+        }
+    }
+
+    if (PK11_Authenticate(slot, PR_TRUE, slotPw) != SECSuccess) {
+        SECU_PrintError(progName,
+                        "Failed to authenticate to PKCS11 slot");
+        PORT_SetError(SEC_ERROR_USER_CANCELLED);
+        pk12uErrno = PK12UERR_USER_CANCELLED;
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* This routine takes care of getting the PKCS12 file password, then reading and
+ * verifying the file. It returns the decoder context and a filled in password.
+ * (The password is needed by P12U_ImportPKCS12Object() to import the private
+ * key.)
+ */
+SEC_PKCS12DecoderContext *
+p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot,
+                    secuPWData *slotPw, secuPWData *p12FilePw)
+{
+    SEC_PKCS12DecoderContext *p12dcx = NULL;
+    p12uContext *p12cxt = NULL;
+    SECItem *pwitem = NULL;
+    SECItem p12file = { 0 };
+    SECStatus rv = SECFailure;
+    PRBool swapUnicode = PR_FALSE;
+    PRBool trypw;
+    int error;
+
+#ifdef IS_LITTLE_ENDIAN
+    swapUnicode = PR_TRUE;
+#endif
+
+    p12cxt = p12u_InitContext(PR_TRUE, in_file);
+    if (!p12cxt) {
+        SECU_PrintError(progName, "File Open failed: %s", in_file);
+        pk12uErrno = PK12UERR_INIT_FILE;
+        return NULL;
+    }
+
+    /* get the password */
+    pwitem = P12U_GetP12FilePassword(PR_FALSE, p12FilePw);
+    if (!pwitem) {
+        pk12uErrno = PK12UERR_USER_CANCELLED;
+        goto done;
+    }
+
+    if (P12U_UnicodeConversion(NULL, uniPwp, pwitem, PR_TRUE,
+                               swapUnicode) != SECSuccess) {
+        SECU_PrintError(progName, "Unicode conversion failed");
+        pk12uErrno = PK12UERR_UNICODECONV;
+        goto done;
+    }
+    rv = SECU_FileToItem(&p12file, p12cxt->file);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "Failed to read from import file");
+        goto done;
+    }
+
+    do {
+        trypw = PR_FALSE; /* normally we do this once */
+        rv = SECFailure;
+        /* init the decoder context */
+        p12dcx = SEC_PKCS12DecoderStart(uniPwp, slot, slotPw,
+                                        NULL, NULL, NULL, NULL, NULL);
+        if (!p12dcx) {
+            SECU_PrintError(progName, "PKCS12 decoder start failed");
+            pk12uErrno = PK12UERR_PK12DECODESTART;
+            break;
+        }
+
+        /* decode the item */
+        rv = SEC_PKCS12DecoderUpdate(p12dcx, p12file.data, p12file.len);
+
+        if (rv != SECSuccess) {
+            error = PR_GetError();
+            if (error == SEC_ERROR_DECRYPTION_DISALLOWED) {
+                PR_SetError(error, 0);
+                break;
+            }
+            SECU_PrintError(progName, "PKCS12 decoding failed");
+            pk12uErrno = PK12UERR_DECODE;
+        }
+
+        /* does the blob authenticate properly? */
+        rv = SEC_PKCS12DecoderVerify(p12dcx);
+        if (rv != SECSuccess) {
+            if (uniPwp->len == 2) {
+                /* this is a null PW, try once more with a zero-length PW
+                   instead of a null string */
+                SEC_PKCS12DecoderFinish(p12dcx);
+                uniPwp->len = 0;
+                trypw = PR_TRUE;
+            } else {
+                SECU_PrintError(progName, "PKCS12 decode not verified");
+                pk12uErrno = PK12UERR_DECODEVERIFY;
+                break;
+            }
+        }
+    } while (trypw == PR_TRUE);
+/* rv has been set at this point */
+
+done:
+    if (rv != SECSuccess) {
+        if (p12dcx != NULL) {
+            SEC_PKCS12DecoderFinish(p12dcx);
+            p12dcx = NULL;
+        }
+        if (uniPwp->data) {
+            SECITEM_ZfreeItem(uniPwp, PR_FALSE);
+            uniPwp->data = NULL;
+        }
+    }
+    PR_Close(p12cxt->file);
+    p12cxt->file = NULL;
+    /* PK11_FreeSlot(slot); */
+    p12u_DestroyContext(&p12cxt, PR_FALSE);
+
+    if (pwitem) {
+        SECITEM_ZfreeItem(pwitem, PR_TRUE);
+    }
+    SECITEM_ZfreeItem(&p12file, PR_FALSE);
+    return p12dcx;
+}
+
+/*
+ * given a filename for pkcs12 file, imports certs and keys
+ *
+ * Change: altitude
+ *  I've changed this function so that it takes the keydb and pkcs12 file
+ *  passwords from files.  The "pwdKeyDB" and "pwdP12File"
+ *  variables have been added for this purpose.
+ */
+PRIntn
+P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
+                        secuPWData *slotPw, secuPWData *p12FilePw)
+{
+    SEC_PKCS12DecoderContext *p12dcx = NULL;
+    SECItem uniPwitem = { 0 };
+    SECStatus rv = SECFailure;
+
+    rv = P12U_InitSlot(slot, slotPw);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "Failed to authenticate to \"%s\"",
+                        PK11_GetSlotName(slot));
+        pk12uErrno = PK12UERR_PK11GETSLOT;
+        return rv;
+    }
+
+    rv = SECFailure;
+    p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
+
+    if (p12dcx == NULL) {
+        goto loser;
+    }
+
+    /* make sure the bags are okey dokey -- nicknames correct, etc. */
+    rv = SEC_PKCS12DecoderValidateBags(p12dcx, P12U_NicknameCollisionCallback);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_PKCS12_DUPLICATE_DATA) {
+            pk12uErrno = PK12UERR_CERTALREADYEXISTS;
+        } else {
+            pk12uErrno = PK12UERR_DECODEVALIBAGS;
+        }
+        SECU_PrintError(progName, "PKCS12 decode validate bags failed");
+        goto loser;
+    }
+
+    /* stuff 'em in */
+    rv = SEC_PKCS12DecoderImportBags(p12dcx);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "PKCS12 decode import bags failed");
+        pk12uErrno = PK12UERR_DECODEIMPTBAGS;
+        goto loser;
+    }
+
+    fprintf(stdout, "%s: PKCS12 IMPORT SUCCESSFUL\n", progName);
+    rv = SECSuccess;
+
+loser:
+    if (p12dcx) {
+        SEC_PKCS12DecoderFinish(p12dcx);
+    }
+
+    if (uniPwitem.data) {
+        SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
+    }
+
+    return rv;
+}
+
+static void
+p12u_DoPKCS12ExportErrors()
+{
+    PRErrorCode error_value;
+
+    error_value = PORT_GetError();
+    if ((error_value == SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY) ||
+        (error_value == SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME) ||
+        (error_value == SEC_ERROR_PKCS12_UNABLE_TO_WRITE)) {
+        fputs(SECU_Strerror(error_value), stderr);
+    } else if (error_value == SEC_ERROR_USER_CANCELLED) {
+        ;
+    } else {
+        fputs(SECU_Strerror(SEC_ERROR_EXPORTING_CERTIFICATES), stderr);
+    }
+}
+
+static void
+p12u_WriteToExportFile(void *arg, const char *buf, unsigned long len)
+{
+    p12uContext *p12cxt = arg;
+    int writeLen;
+
+    if (!p12cxt || (p12cxt->error == PR_TRUE)) {
+        return;
+    }
+
+    if (p12cxt->file == NULL) {
+        p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
+        p12cxt->error = PR_TRUE;
+        return;
+    }
+
+    writeLen = PR_Write(p12cxt->file, (unsigned char *)buf, (PRInt32)len);
+
+    if (writeLen != (int)len) {
+        PR_Close(p12cxt->file);
+        PL_strfree(p12cxt->filename);
+        p12cxt->filename = NULL;
+        p12cxt->file = NULL;
+        p12cxt->errorValue = SEC_ERROR_PKCS12_UNABLE_TO_WRITE;
+        p12cxt->error = PR_TRUE;
+    }
+}
+
+void
+P12U_ExportPKCS12Object(char *nn, char *outfile, PK11SlotInfo *inSlot,
+                        SECOidTag cipher, SECOidTag certCipher,
+                        secuPWData *slotPw, secuPWData *p12FilePw)
+{
+    SEC_PKCS12ExportContext *p12ecx = NULL;
+    SEC_PKCS12SafeInfo *keySafe = NULL, *certSafe = NULL;
+    SECItem *pwitem = NULL;
+    p12uContext *p12cxt = NULL;
+    CERTCertList *certlist = NULL;
+    CERTCertListNode *node = NULL;
+    PK11SlotInfo *slot = NULL;
+
+    if (P12U_InitSlot(inSlot, slotPw) != SECSuccess) {
+        SECU_PrintError(progName, "Failed to authenticate to \"%s\"",
+                        PK11_GetSlotName(inSlot));
+        pk12uErrno = PK12UERR_PK11GETSLOT;
+        goto loser;
+    }
+    certlist = PK11_FindCertsFromNickname(nn, slotPw);
+    if (!certlist) {
+        SECU_PrintError(progName, "find user certs from nickname failed");
+        pk12uErrno = PK12UERR_FINDCERTBYNN;
+        return;
+    }
+
+    if ((SECSuccess != CERT_FilterCertListForUserCerts(certlist)) ||
+        CERT_LIST_EMPTY(certlist)) {
+        PR_fprintf(PR_STDERR, "%s: no user certs from given nickname\n",
+                   progName);
+        pk12uErrno = PK12UERR_FINDCERTBYNN;
+        goto loser;
+    }
+
+    /*	Password to use for PKCS12 file.  */
+    pwitem = P12U_GetP12FilePassword(PR_TRUE, p12FilePw);
+    if (!pwitem) {
+        goto loser;
+    }
+
+    p12cxt = p12u_InitContext(PR_FALSE, outfile);
+    if (!p12cxt) {
+        SECU_PrintError(progName, "Initialization failed: %s", outfile);
+        pk12uErrno = PK12UERR_INIT_FILE;
+        goto loser;
+    }
+
+    if (certlist) {
+        CERTCertificate *cert = CERT_LIST_HEAD(certlist)->cert;
+        if (cert) {
+            slot = cert->slot; /* use the slot from the first matching
+                certificate to create the context . This is for keygen */
+        }
+    }
+    if (!slot) {
+        SECU_PrintError(progName, "cert does not have a slot");
+        pk12uErrno = PK12UERR_FINDCERTBYNN;
+        goto loser;
+    }
+    p12ecx = SEC_PKCS12CreateExportContext(NULL, NULL, slot, slotPw);
+    if (!p12ecx) {
+        SECU_PrintError(progName, "export context creation failed");
+        pk12uErrno = PK12UERR_EXPORTCXCREATE;
+        goto loser;
+    }
+
+    if (SEC_PKCS12AddPasswordIntegrity(p12ecx, pwitem, SEC_OID_SHA1) !=
+        SECSuccess) {
+        SECU_PrintError(progName, "PKCS12 add password integrity failed");
+        pk12uErrno = PK12UERR_PK12ADDPWDINTEG;
+        goto loser;
+    }
+
+    for (node = CERT_LIST_HEAD(certlist);
+         !CERT_LIST_END(node, certlist);
+         node = CERT_LIST_NEXT(node)) {
+        CERTCertificate *cert = node->cert;
+        if (!cert->slot) {
+            SECU_PrintError(progName, "cert does not have a slot");
+            pk12uErrno = PK12UERR_FINDCERTBYNN;
+            goto loser;
+        }
+
+        keySafe = SEC_PKCS12CreateUnencryptedSafe(p12ecx);
+        if (certCipher == SEC_OID_UNKNOWN) {
+            certSafe = keySafe;
+        } else {
+            certSafe =
+                SEC_PKCS12CreatePasswordPrivSafe(p12ecx, pwitem, certCipher);
+        }
+
+        if (!certSafe || !keySafe) {
+            SECU_PrintError(progName, "key or cert safe creation failed");
+            pk12uErrno = PK12UERR_CERTKEYSAFE;
+            goto loser;
+        }
+
+        if (SEC_PKCS12AddCertAndKey(p12ecx, certSafe, NULL, cert,
+                                    CERT_GetDefaultCertDB(), keySafe, NULL, PR_TRUE, pwitem, cipher) !=
+            SECSuccess) {
+            SECU_PrintError(progName, "add cert and key failed");
+            pk12uErrno = PK12UERR_ADDCERTKEY;
+            goto loser;
+        }
+    }
+
+    CERT_DestroyCertList(certlist);
+    certlist = NULL;
+
+    if (SEC_PKCS12Encode(p12ecx, p12u_WriteToExportFile, p12cxt) !=
+        SECSuccess) {
+        SECU_PrintError(progName, "PKCS12 encode failed");
+        pk12uErrno = PK12UERR_ENCODE;
+        goto loser;
+    }
+
+    p12u_DestroyContext(&p12cxt, PR_FALSE);
+    SECITEM_ZfreeItem(pwitem, PR_TRUE);
+    fprintf(stdout, "%s: PKCS12 EXPORT SUCCESSFUL\n", progName);
+    SEC_PKCS12DestroyExportContext(p12ecx);
+
+    return;
+
+loser:
+    SEC_PKCS12DestroyExportContext(p12ecx);
+
+    if (certlist) {
+        CERT_DestroyCertList(certlist);
+        certlist = NULL;
+    }
+
+    p12u_DestroyContext(&p12cxt, PR_TRUE);
+    if (pwitem) {
+        SECITEM_ZfreeItem(pwitem, PR_TRUE);
+    }
+    p12u_DoPKCS12ExportErrors();
+    return;
+}
+
+PRIntn
+P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot,
+                    secuPWData *slotPw, secuPWData *p12FilePw)
+{
+    SEC_PKCS12DecoderContext *p12dcx = NULL;
+    SECItem uniPwitem = { 0 };
+    SECStatus rv = SECFailure;
+    const SEC_PKCS12DecoderItem *dip;
+
+    p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
+    /* did the blob authenticate properly? */
+    if (p12dcx == NULL) {
+        SECU_PrintError(progName, "PKCS12 decode not verified");
+        pk12uErrno = PK12UERR_DECODEVERIFY;
+        goto loser;
+    }
+    rv = SEC_PKCS12DecoderIterateInit(p12dcx);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "PKCS12 decode iterate bags failed");
+        pk12uErrno = PK12UERR_DECODEIMPTBAGS;
+        rv = SECFailure;
+    } else {
+        int fileCounter = 0;
+        while (SEC_PKCS12DecoderIterateNext(p12dcx, &dip) == SECSuccess) {
+            switch (dip->type) {
+                case SEC_OID_PKCS12_V1_CERT_BAG_ID:
+                    printf("Certificate");
+                    if (dumpRawFile) {
+                        PRFileDesc *fd;
+                        char fileName[20];
+                        sprintf(fileName, "file%04d.der", ++fileCounter);
+                        fd = PR_Open(fileName,
+                                     PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE,
+                                     0600);
+                        if (!fd) {
+                            SECU_PrintError(progName,
+                                            "Cannot create output file");
+                        } else {
+                            PR_Write(fd, dip->der->data, dip->der->len);
+                            PR_Close(fd);
+                        }
+                    } else if (SECU_PrintSignedData(stdout, dip->der,
+                                                    (dip->hasKey) ? "(has private key)"
+                                                                  : "",
+                                                    0, (SECU_PPFunc)SECU_PrintCertificate) !=
+                               0) {
+                        SECU_PrintError(progName, "PKCS12 print cert bag failed");
+                    }
+                    if (dip->friendlyName != NULL) {
+                        printf("    Friendly Name: %s\n\n",
+                               dip->friendlyName->data);
+                    }
+                    if (dip->shroudAlg) {
+                        SECU_PrintAlgorithmID(stdout, dip->shroudAlg,
+                                              "Encryption algorithm", 1);
+                    }
+                    break;
+                case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+                case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+                    printf("Key");
+                    if (dip->type == SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID)
+                        printf("(shrouded)");
+                    printf(":\n");
+                    if (dip->friendlyName != NULL) {
+                        printf("    Friendly Name: %s\n\n",
+                               dip->friendlyName->data);
+                    }
+                    if (dip->shroudAlg) {
+                        SECU_PrintAlgorithmID(stdout, dip->shroudAlg,
+                                              "Encryption algorithm", 1);
+                    }
+                    break;
+                default:
+                    printf("unknown bag type(%d): %s\n\n", dip->type,
+                           SECOID_FindOIDTagDescription(dip->type));
+                    break;
+            }
+        }
+        rv = SECSuccess;
+    }
+
+loser:
+
+    if (p12dcx) {
+        SEC_PKCS12DecoderFinish(p12dcx);
+    }
+
+    if (uniPwitem.data) {
+        SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
+    }
+
+    return rv;
+}
+
+/*
+ * use the oid table description to map a user input string to a particular
+ * oid.
+ */
+SECOidTag
+PKCS12U_MapCipherFromString(char *cipherString, int keyLen)
+{
+    SECOidTag tag;
+    SECOidData *oid;
+    SECOidTag cipher;
+
+    /* future enhancement: accept dotted oid spec? */
+
+    /* future enhancement: provide 'friendlier' typed in names for
+     * pbe mechanisms.
+     */
+
+    /* look for the oid tag by Description */
+    cipher = SEC_OID_UNKNOWN;
+    for (tag = 1; (oid = SECOID_FindOIDByTag(tag)) != NULL; tag++) {
+        /* only interested in oids that we actually understand */
+        if (oid->mechanism == CKM_INVALID_MECHANISM) {
+            continue;
+        }
+        if (PORT_Strcasecmp(oid->desc, cipherString) != 0) {
+            continue;
+        }
+        /* we found a match... get the PBE version of this
+	 * cipher... */
+        if (!SEC_PKCS5IsAlgorithmPBEAlgTag(tag)) {
+            cipher = SEC_PKCS5GetPBEAlgorithm(tag, keyLen);
+            /* no eqivalent PKCS5/PKCS12 cipher, use the raw
+	     * encryption tag we got and pass it directly in,
+	     * pkcs12 will use the pkcsv5 mechanism */
+            if (cipher == SEC_OID_PKCS5_PBES2) {
+                cipher = tag;
+            } else if (cipher == SEC_OID_PKCS5_PBMAC1) {
+                /* make sure we have not macing ciphers here */
+                cipher = SEC_OID_UNKNOWN;
+            }
+        } else {
+            cipher = tag;
+        }
+        break;
+    }
+    return cipher;
+}
+
+static void
+p12u_EnableAllCiphers()
+{
+    SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+    SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+    SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+    SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+    SEC_PKCS12EnableCipher(PKCS12_AES_CBC_128, 1);
+    SEC_PKCS12EnableCipher(PKCS12_AES_CBC_192, 1);
+    SEC_PKCS12EnableCipher(PKCS12_AES_CBC_256, 1);
+    SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+}
+
+static PRUintn
+P12U_Init(char *dir, char *dbprefix, PRBool listonly)
+{
+    SECStatus rv;
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    if (listonly && NSS_NoDB_Init("") == SECSuccess) {
+        rv = SECSuccess;
+    } else {
+        rv = NSS_Initialize(dir, dbprefix, dbprefix, "secmod.db", 0);
+    }
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        exit(-1);
+    }
+
+    /* setup unicode callback functions */
+    PORT_SetUCS2_ASCIIConversionFunction(p12u_ucs2_ascii_conversion_function);
+    /* use the defaults for UCS4-UTF8 and UCS2-UTF8 */
+
+    p12u_EnableAllCiphers();
+
+    return 0;
+}
+
+enum {
+    opt_CertDir = 0,
+    opt_TokenName,
+    opt_Import,
+    opt_SlotPWFile,
+    opt_SlotPW,
+    opt_List,
+    opt_Nickname,
+    opt_Export,
+    opt_Raw,
+    opt_P12FilePWFile,
+    opt_P12FilePW,
+    opt_DBPrefix,
+    opt_Debug,
+    opt_Cipher,
+    opt_CertCipher,
+    opt_KeyLength,
+    opt_CertKeyLength
+};
+
+static secuCommandFlag pk12util_options[] =
+    {
+      { /* opt_CertDir	       */ 'd', PR_TRUE, 0, PR_FALSE },
+      { /* opt_TokenName	       */ 'h', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Import	       */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SlotPWFile	       */ 'k', PR_TRUE, 0, PR_FALSE },
+      { /* opt_SlotPW	       */ 'K', PR_TRUE, 0, PR_FALSE },
+      { /* opt_List              */ 'l', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Nickname	       */ 'n', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Export	       */ 'o', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Raw   	       */ 'r', PR_FALSE, 0, PR_FALSE },
+      { /* opt_P12FilePWFile     */ 'w', PR_TRUE, 0, PR_FALSE },
+      { /* opt_P12FilePW	       */ 'W', PR_TRUE, 0, PR_FALSE },
+      { /* opt_DBPrefix	       */ 'P', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Debug	       */ 'v', PR_FALSE, 0, PR_FALSE },
+      { /* opt_Cipher	       */ 'c', PR_TRUE, 0, PR_FALSE },
+      { /* opt_CertCipher	       */ 'C', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeyLength         */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" },
+      { /* opt_CertKeyLength     */ 0, PR_TRUE, 0, PR_FALSE, "cert_key_len" }
+    };
+
+int
+main(int argc, char **argv)
+{
+    secuPWData slotPw = { PW_NONE, NULL };
+    secuPWData p12FilePw = { PW_NONE, NULL };
+    PK11SlotInfo *slot;
+    char *slotname = NULL;
+    char *import_file = NULL;
+    char *export_file = NULL;
+    char *dbprefix = "";
+    SECStatus rv;
+    SECOidTag cipher =
+        SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
+    SECOidTag certCipher;
+    int keyLen = 0;
+    int certKeyLen = 0;
+    secuCommand pk12util;
+
+#ifdef _CRTDBG_MAP_ALLOC
+    _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
+#endif
+
+    pk12util.numCommands = 0;
+    pk12util.commands = 0;
+    pk12util.numOptions = sizeof(pk12util_options) / sizeof(secuCommandFlag);
+    pk12util.options = pk12util_options;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &pk12util);
+
+    if (rv != SECSuccess)
+        Usage(progName);
+
+    pk12_debugging = pk12util.options[opt_Debug].activated;
+
+    if ((pk12util.options[opt_Import].activated +
+         pk12util.options[opt_Export].activated +
+         pk12util.options[opt_List].activated) != 1) {
+        Usage(progName);
+    }
+
+    if (pk12util.options[opt_Export].activated &&
+        !pk12util.options[opt_Nickname].activated) {
+        Usage(progName);
+    }
+
+    slotname = SECU_GetOptionArg(&pk12util, opt_TokenName);
+
+    import_file = (pk12util.options[opt_List].activated) ? SECU_GetOptionArg(&pk12util, opt_List)
+                                                         : SECU_GetOptionArg(&pk12util, opt_Import);
+    export_file = SECU_GetOptionArg(&pk12util, opt_Export);
+
+    if (pk12util.options[opt_P12FilePWFile].activated) {
+        p12FilePw.source = PW_FROMFILE;
+        p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePWFile].arg);
+    }
+
+    if (pk12util.options[opt_P12FilePW].activated) {
+        p12FilePw.source = PW_PLAINTEXT;
+        p12FilePw.data = PORT_Strdup(pk12util.options[opt_P12FilePW].arg);
+    }
+
+    if (pk12util.options[opt_SlotPWFile].activated) {
+        slotPw.source = PW_FROMFILE;
+        slotPw.data = PORT_Strdup(pk12util.options[opt_SlotPWFile].arg);
+    }
+
+    if (pk12util.options[opt_SlotPW].activated) {
+        slotPw.source = PW_PLAINTEXT;
+        slotPw.data = PORT_Strdup(pk12util.options[opt_SlotPW].arg);
+    }
+
+    if (pk12util.options[opt_CertDir].activated) {
+        SECU_ConfigDirectory(pk12util.options[opt_CertDir].arg);
+    }
+    if (pk12util.options[opt_DBPrefix].activated) {
+        dbprefix = pk12util.options[opt_DBPrefix].arg;
+    }
+    if (pk12util.options[opt_Raw].activated) {
+        dumpRawFile = PR_TRUE;
+    }
+    if (pk12util.options[opt_KeyLength].activated) {
+        keyLen = atoi(pk12util.options[opt_KeyLength].arg);
+    }
+    if (pk12util.options[opt_CertKeyLength].activated) {
+        certKeyLen = atoi(pk12util.options[opt_CertKeyLength].arg);
+    }
+
+    P12U_Init(SECU_ConfigDirectory(NULL), dbprefix,
+              pk12util.options[opt_List].activated);
+
+    if (!slotname || PL_strcmp(slotname, "internal") == 0)
+        slot = PK11_GetInternalKeySlot();
+    else
+        slot = PK11_FindSlotByName(slotname);
+
+    if (!slot) {
+        SECU_PrintError(progName, "Invalid slot \"%s\"", slotname);
+        pk12uErrno = PK12UERR_PK11GETSLOT;
+        goto done;
+    }
+
+    if (pk12util.options[opt_Cipher].activated) {
+        char *cipherString = pk12util.options[opt_Cipher].arg;
+
+        cipher = PKCS12U_MapCipherFromString(cipherString, keyLen);
+        /* We only want encryption PBE's. make sure we don't have
+	 * any MAC pbes */
+        if (cipher == SEC_OID_UNKNOWN) {
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
+            pk12uErrno = PK12UERR_INVALIDALGORITHM;
+            goto done;
+        }
+    }
+
+    certCipher = PK11_IsFIPS() ? SEC_OID_UNKNOWN : SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+    if (pk12util.options[opt_CertCipher].activated) {
+        char *cipherString = pk12util.options[opt_CertCipher].arg;
+
+        if (PORT_Strcasecmp(cipherString, "none") == 0) {
+            certCipher = SEC_OID_UNKNOWN;
+        } else {
+            certCipher = PKCS12U_MapCipherFromString(cipherString, certKeyLen);
+            /* If the user requested a cipher and we didn't find it, then
+	     * don't just silently not encrypt. */
+            if (cipher == SEC_OID_UNKNOWN) {
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                SECU_PrintError(progName, "Algorithm: \"%s\"", cipherString);
+                pk12uErrno = PK12UERR_INVALIDALGORITHM;
+                goto done;
+            }
+        }
+    }
+
+    if (pk12util.options[opt_Import].activated) {
+        P12U_ImportPKCS12Object(import_file, slot, &slotPw, &p12FilePw);
+
+    } else if (pk12util.options[opt_Export].activated) {
+        P12U_ExportPKCS12Object(pk12util.options[opt_Nickname].arg,
+                                export_file, slot, cipher, certCipher,
+                                &slotPw, &p12FilePw);
+
+    } else if (pk12util.options[opt_List].activated) {
+        P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw);
+
+    } else {
+        Usage(progName);
+        pk12uErrno = PK12UERR_USAGE;
+    }
+
+done:
+    if (import_file != NULL)
+        PORT_ZFree(import_file, PL_strlen(import_file));
+    if (export_file != NULL)
+        PORT_ZFree(export_file, PL_strlen(export_file));
+    if (slotPw.data != NULL)
+        PORT_ZFree(slotPw.data, PL_strlen(slotPw.data));
+    if (p12FilePw.data != NULL)
+        PORT_ZFree(p12FilePw.data, PL_strlen(p12FilePw.data));
+    if (slot)
+        PK11_FreeSlot(slot);
+    if (NSS_Shutdown() != SECSuccess) {
+        pk12uErrno = 1;
+    }
+    PL_ArenaFinish();
+    PR_Cleanup();
+    return pk12uErrno;
+}
diff --git a/nss/cmd/pk12util/pk12util.gyp b/nss/cmd/pk12util/pk12util.gyp
new file mode 100644
index 0000000..5eb59e0
--- /dev/null
+++ b/nss/cmd/pk12util/pk12util.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pk12util',
+      'type': 'executable',
+      'sources': [
+        'pk12util.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/pk12util/pk12util.h b/nss/cmd/pk12util/pk12util.h
new file mode 100644
index 0000000..d158881
--- /dev/null
+++ b/nss/cmd/pk12util/pk12util.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * ERROR codes in pk12util
+ * - should be organized better later
+ */
+#define PK12UERR_USER_CANCELLED 1
+#define PK12UERR_USAGE 2
+#define PK12UERR_CERTDB_OPEN 8
+#define PK12UERR_KEYDB_OPEN 9
+#define PK12UERR_INIT_FILE 10
+#define PK12UERR_UNICODECONV 11
+#define PK12UERR_TMPDIGCREATE 12
+#define PK12UERR_PK11GETSLOT 13
+#define PK12UERR_PK12DECODESTART 14
+#define PK12UERR_IMPORTFILEREAD 15
+#define PK12UERR_DECODE 16
+#define PK12UERR_DECODEVERIFY 17
+#define PK12UERR_DECODEVALIBAGS 18
+#define PK12UERR_DECODEIMPTBAGS 19
+#define PK12UERR_CERTALREADYEXISTS 20
+#define PK12UERR_PATCHDB 22
+#define PK12UERR_GETDEFCERTDB 23
+#define PK12UERR_FINDCERTBYNN 24
+#define PK12UERR_EXPORTCXCREATE 25
+#define PK12UERR_PK12ADDPWDINTEG 26
+#define PK12UERR_CERTKEYSAFE 27
+#define PK12UERR_ADDCERTKEY 28
+#define PK12UERR_ENCODE 29
+#define PK12UERR_INVALIDALGORITHM 30
+
+/* additions for importing and exporting PKCS 12 files */
+typedef struct p12uContextStr {
+    char *filename;   /* name of file */
+    PRFileDesc *file; /* pointer to file */
+    PRBool error;     /* error occurred? */
+    int errorValue;   /* which error occurred? */
+} p12uContext;
diff --git a/nss/cmd/pk1sign/Makefile b/nss/cmd/pk1sign/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/pk1sign/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/pk1sign/manifest.mn b/nss/cmd/pk1sign/manifest.mn
new file mode 100644
index 0000000..0094611
--- /dev/null
+++ b/nss/cmd/pk1sign/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = pk1sign.c  
+
+REQUIRES = seccmd 
+
+PROGRAM = pk1sign
+
diff --git a/nss/cmd/pk1sign/pk1sign.c b/nss/cmd/pk1sign/pk1sign.c
new file mode 100644
index 0000000..085aa16
--- /dev/null
+++ b/nss/cmd/pk1sign/pk1sign.c
@@ -0,0 +1,318 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * pk1sign
+ */
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "secutil.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "sechash.h" /* for HASH_GetHashObject() */
+#include "nss.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "plbase64.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#if (defined(XP_WIN) && !defined(WIN32)) || (defined(__sun) && !defined(SVR4))
+extern int fread(char *, size_t, size_t, FILE *);
+extern int fwrite(char *, size_t, size_t, FILE *);
+extern int fprintf(FILE *, char *, ...);
+#endif
+
+static secuPWData pwdata = { PW_NONE, 0 };
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+SEC_ASN1Template CERTSignatureDataTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE,
+        0, NULL, sizeof(CERTSignedData) },
+      { SEC_ASN1_INLINE,
+        offsetof(CERTSignedData, signatureAlgorithm),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { SEC_ASN1_BIT_STRING,
+        offsetof(CERTSignedData, signature) },
+      { 0 }
+    };
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s -k keyname [-d keydir] [-i input] [-o output]\n",
+            progName);
+    fprintf(stderr, "%-20s Nickname of key to use for signature\n",
+            "-k keyname");
+    fprintf(stderr, "%-20s Key database directory (default is ~/.netscape)\n",
+            "-d keydir");
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+            "-o output");
+    fprintf(stderr, "%-20s Password to the key databse\n", "-p");
+    fprintf(stderr, "%-20s password file\n", "-f");
+    exit(-1);
+}
+
+static int
+ExportPublicKey(FILE *outFile, CERTCertificate *cert)
+{
+    char *data;
+    SECKEYPublicKey *publicKey;
+    SECItem *item;
+
+    if (!cert)
+        return -1;
+
+    publicKey = CERT_ExtractPublicKey(cert);
+    if (!publicKey)
+        return -1;
+
+    item = SECKEY_EncodeDERSubjectPublicKeyInfo(publicKey);
+    SECKEY_DestroyPublicKey(publicKey);
+    if (!item)
+        return -1;
+
+    data = PL_Base64Encode((const char *)item->data, item->len, NULL);
+    SECITEM_FreeItem(item, PR_TRUE);
+    if (!data)
+        return -1;
+
+    fputs("pubkey:\n", outFile);
+    fputs(data, outFile);
+    fputs("\n", outFile);
+    PR_Free(data);
+
+    return 0;
+}
+
+static int
+SignFile(FILE *outFile, PRFileDesc *inFile, CERTCertificate *cert)
+{
+    SECItem data2sign;
+    SECStatus rv;
+    SECOidTag algID;
+    CERTSignedData sd;
+    SECKEYPrivateKey *privKey = NULL;
+    char *data = NULL;
+    PLArenaPool *arena = NULL;
+    SECItem *result = NULL;
+    int returnValue = 0;
+
+    if (outFile == NULL || inFile == NULL || cert == NULL) {
+        return -1;
+    }
+
+    /* suck the file in */
+    if (SECU_ReadDERFromFile(&data2sign, inFile, PR_FALSE,
+                             PR_FALSE) != SECSuccess) {
+        return -1;
+    }
+
+    privKey = NULL;
+    privKey = PK11_FindKeyByAnyCert(cert, NULL);
+    if (!privKey) {
+        returnValue = -1;
+        goto loser;
+    }
+
+    algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, SEC_OID_SHA1);
+    if (algID == SEC_OID_UNKNOWN) {
+        returnValue = -1;
+        goto loser;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    PORT_Memset(&sd, 0, sizeof(CERTSignedData));
+
+    rv = SEC_SignData(&(sd.signature), data2sign.data, data2sign.len, privKey, algID);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "Could not sign.\n");
+        returnValue = -1;
+        goto loser;
+    }
+    sd.signature.len = sd.signature.len << 3;
+
+    rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "Could not set alg id.\n");
+        returnValue = -1;
+        goto loser;
+    }
+
+    result = SEC_ASN1EncodeItem(arena, NULL, &sd, CERTSignatureDataTemplate);
+    SECITEM_FreeItem(&(sd.signature), PR_FALSE);
+
+    if (!result) {
+        fprintf(stderr, "Could not encode.\n");
+        returnValue = -1;
+        goto loser;
+    }
+
+    data = PL_Base64Encode((const char *)result->data, result->len, NULL);
+    if (!data) {
+        returnValue = -1;
+        goto loser;
+    }
+
+    fputs("signature:\n", outFile);
+    fputs(data, outFile);
+    fputs("\n", outFile);
+    ExportPublicKey(outFile, cert);
+
+loser:
+    if (privKey) {
+        SECKEY_DestroyPrivateKey(privKey);
+    }
+    if (data) {
+        PORT_Free(data);
+    }
+    PORT_FreeArena(arena, PR_FALSE);
+
+    return returnValue;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName;
+    FILE *outFile;
+    PRFileDesc *inFile;
+    char *keyName = NULL;
+    CERTCertDBHandle *certHandle;
+    CERTCertificate *cert = NULL;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    inFile = NULL;
+    outFile = NULL;
+    keyName = NULL;
+
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv, "ed:k:i:o:p:f:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'i':
+                inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'k':
+                keyName = strdup(optstate->value);
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+            case 'p':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = strdup(optstate->value);
+                break;
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+        }
+    }
+
+    if (!keyName)
+        Usage(progName);
+
+    if (!inFile)
+        inFile = PR_STDIN;
+    if (!outFile)
+        outFile = stdout;
+
+    /* Call the initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        goto loser;
+    }
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /* open cert database */
+    certHandle = CERT_GetDefaultCertDB();
+    if (certHandle == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* find cert */
+    cert = CERT_FindCertByNickname(certHandle, keyName);
+    if (cert == NULL) {
+        SECU_PrintError(progName,
+                        "the corresponding cert for key \"%s\" does not exist",
+                        keyName);
+        rv = SECFailure;
+        goto loser;
+    }
+
+    if (SignFile(outFile, inFile, cert)) {
+        SECU_PrintError(progName, "problem signing data");
+        rv = SECFailure;
+        goto loser;
+    }
+
+loser:
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
+    }
+    if (keyName) {
+        PORT_Free(keyName);
+    }
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+    if (inFile && inFile != PR_STDIN) {
+        PR_Close(inFile);
+    }
+    if (outFile && outFile != stdout) {
+        fclose(outFile);
+    }
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS shutdown:");
+        exit(1);
+    }
+
+    return (rv != SECSuccess);
+}
diff --git a/nss/cmd/pk1sign/pk1sign.gyp b/nss/cmd/pk1sign/pk1sign.gyp
new file mode 100644
index 0000000..ff77c55
--- /dev/null
+++ b/nss/cmd/pk1sign/pk1sign.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pk1sign',
+      'type': 'executable',
+      'sources': [
+        'pk1sign.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/pkix-errcodes/Makefile b/nss/cmd/pkix-errcodes/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/pkix-errcodes/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/pkix-errcodes/manifest.mn b/nss/cmd/pkix-errcodes/manifest.mn
new file mode 100644
index 0000000..bef0636
--- /dev/null
+++ b/nss/cmd/pkix-errcodes/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = pkix-errcodes.c  
+
+REQUIRES = seccmd 
+
+PROGRAM = pkix-errcodes
+
diff --git a/nss/cmd/pkix-errcodes/pkix-errcodes.c b/nss/cmd/pkix-errcodes/pkix-errcodes.c
new file mode 100644
index 0000000..ceff098
--- /dev/null
+++ b/nss/cmd/pkix-errcodes/pkix-errcodes.c
@@ -0,0 +1,35 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * dumpcert.c
+ *
+ * dump certificate sample application
+ *
+ */
+
+#include <stdio.h>
+
+#include "pkix.h"
+#include "pkixt.h"
+#include "pkix_error.h"
+
+#undef PKIX_ERRORENTRY
+#define PKIX_ERRORENTRY(name, desc, plerr) #name
+
+const char *const PKIX_ErrorNames[] =
+    {
+#include "pkix_errorstrings.h"
+    };
+
+#undef PKIX_ERRORENTRY
+
+int
+main(int argc, char **argv)
+{
+    int i = 0;
+    for (; i < PKIX_NUMERRORCODES; ++i) {
+        printf("code %d %s\n", i, PKIX_ErrorNames[i]);
+    }
+    return 0;
+}
diff --git a/nss/cmd/pkix-errcodes/pkix-errcodes.gyp b/nss/cmd/pkix-errcodes/pkix-errcodes.gyp
new file mode 100644
index 0000000..e305c07
--- /dev/null
+++ b/nss/cmd/pkix-errcodes/pkix-errcodes.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkix-errcodes',
+      'type': 'executable',
+      'sources': [
+        'pkix-errcodes.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/platlibs.gypi b/nss/cmd/platlibs.gypi
new file mode 100644
index 0000000..a945ab2
--- /dev/null
+++ b/nss/cmd/platlibs.gypi
@@ -0,0 +1,76 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'variables': {
+    'use_static_libs%': 0,
+  },
+  'target_defaults': {
+    'dependencies': [
+      '<(DEPTH)/cmd/lib/lib.gyp:sectool',
+    ],
+    'conditions': [
+      ['moz_fold_libs==0', {
+        'dependencies': [
+          '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        ],
+      }],
+      ['<(use_static_libs)==1', {
+        'defines': ['NSS_USE_STATIC_LIBS'],
+        'dependencies': [
+          '<(DEPTH)/lib/smime/smime.gyp:smime',
+          '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+          '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+          '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
+          '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
+          '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+          '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+          '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+          '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+          '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+          '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+          '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+          '<(DEPTH)/lib/base/base.gyp:nssb',
+          '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+          '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+        ],
+        'conditions': [
+          [ 'disable_dbm==0', {
+            'dependencies': [
+              '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
+              '<(DEPTH)/lib/softoken/legacydb/legacydb.gyp:nssdbm',
+            ],
+          }],
+          [ 'disable_libpkix==0', {
+            'dependencies': [
+              '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
+              '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
+              '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
+              '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
+              '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
+              '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
+              '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
+              '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
+              '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
+              '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
+              '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule'
+            ],
+          }],
+        ]},{ # !use_static_libs
+          'conditions': [
+            ['moz_fold_libs==0', {
+              'dependencies': [
+                '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
+                '<(DEPTH)/lib/smime/smime.gyp:smime3',
+                '<(DEPTH)/lib/nss/nss.gyp:nss3',
+              ],
+            }, {
+              'libraries': [
+                '<(moz_folded_library_name)',
+              ],
+            }]
+          ],
+        }],
+    ],
+  }
+}
diff --git a/nss/cmd/platlibs.mk b/nss/cmd/platlibs.mk
new file mode 100644
index 0000000..25b4bdf
--- /dev/null
+++ b/nss/cmd/platlibs.mk
@@ -0,0 +1,265 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifeq ($(BUILD_SUN_PKG), 1)
+
+# set RPATH-type linker instructions here so they can be used in the shared
+# version and in the mixed (static nss libs/shared NSPR libs) version.
+
+ifeq ($(OS_ARCH), SunOS) 
+ifeq ($(USE_64), 1)
+EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
+else
+EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1:/usr/lib/mps'
+endif
+endif
+
+ifeq ($(OS_ARCH), Linux)
+ifeq ($(USE_64), 1)
+EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib64:/opt/sun/private/lib64:$$ORIGIN/../lib'
+else
+EXTRA_SHARED_LIBS += -Wl,-rpath,'$$ORIGIN/../lib:/opt/sun/private/lib'
+endif
+endif
+
+endif # BUILD_SUN_PKG
+
+ifdef NSS_DISABLE_DBM
+DBMLIB = $(NULL)
+else
+DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) 
+endif
+
+ifdef USE_STATIC_LIBS
+
+DEFINES += -DNSS_USE_STATIC_LIBS
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+ifndef NSS_USE_SYSTEM_FREEBL
+CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
+SOFTOKENLIB=$(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
+else
+# Use the system installed freebl static library and set softoken one to empty.
+# Some tools need to link statically with freebl but none with softoken. Only
+# the softoken shared library, not the static one, is installed in the system.
+CRYPTOLIB=$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
+SOFTOKENLIB=
+EXTRA_SHARED_LIBS += \
+	-L$(SOFTOKEN_LIB_DIR) \
+	-lsoftokn3 \
+	$(NULL)
+endif
+
+ifndef NSS_DISABLE_LIBPKIX
+ifndef NSS_BUILD_SOFTOKEN_ONLY
+PKIXLIB = \
+	$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixutil.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixsystem.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixcrlsel.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixmodule.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixstore.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixparams.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixchecker.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixpki.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixresults.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX)
+endif
+endif
+
+NSS_LIBS_1=
+SECTOOL_LIB=
+NSS_LIBS_2=
+NSS_LIBS_3=
+NSS_LIBS_4=
+
+ifneq ($(NSS_BUILD_UTIL_ONLY),1)
+SECTOOL_LIB = \
+	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+	$(NULL)
+else
+SECTOOL_LIB = \
+	$(NULL)
+endif
+
+ifneq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
+ifeq ($(OS_ARCH), WINNT)
+# breakdown for windows
+NSS_LIBS_1 = \
+	$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
+	$(NULL)
+NSS_LIBS_2 = \
+	$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
+	$(NULL)
+NSS_LIBS_3 = \
+	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+	$(PKIXLIB) \
+	$(DBMLIB) \
+	$(NULL)
+NSS_LIBS_4 = \
+	$(SQLITE_LIB_DIR)/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \
+	$(NSSUTIL_LIB_DIR)/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
+	$(NULL)
+else
+# breakdown for others
+NSS_LIBS_1 = \
+	$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
+	$(NULL)
+SECTOOL_LIB = \
+	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+	$(NULL)
+NSS_LIBS_2 = \
+	$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
+	$(NULL)
+NSS_LIBS_3 = \
+	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+	$(NULL)
+NSS_LIBS_4 = \
+	$(DBMLIB) \
+	$(PKIXLIB) \
+	$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
+	$(NULL)
+endif
+endif
+
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+	$(NSS_LIBS_1) \
+	$(SECTOOL_LIB) \
+	$(NSS_LIBS_2) \
+	$(SOFTOKENLIB) \
+	$(CRYPTOLIB) \
+	$(NSS_LIBS_3) \
+	$(NSS_LIBS_4) \
+	$(NULL)
+
+# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS)
+#OS_LIBS += \
+	wsock32.lib \
+	winmm.lib \
+	$(NULL)
+else
+
+EXTRA_LIBS += \
+	$(NSS_LIBS_1) \
+	$(SECTOOL_LIB) \
+	$(NSS_LIBS_2) \
+	$(SOFTOKENLIB) \
+	$(NSS_LIBS_3) \
+	$(CRYPTOLIB) \
+	$(NSS_LIBS_4) \
+	$(NULL)
+
+ifeq ($(OS_ARCH), AIX) 
+EXTRA_SHARED_LIBS += -brtl 
+endif
+
+# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(SQLITE_LIB_DIR) \
+	-l$(SQLITE_LIB_NAME) \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+endif
+
+else # USE_STATIC_LIBS
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+ifeq ($(OS_ARCH), WINNT)
+
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+EXTRA_LIBS += \
+	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+	$(NSSUTIL_LIB_DIR)/$(IMPORT_LIB_PREFIX)nssutil3$(IMPORT_LIB_SUFFIX) \
+	$(DIST)/lib/$(IMPORT_LIB_PREFIX)smime3$(IMPORT_LIB_SUFFIX) \
+	$(DIST)/lib/$(IMPORT_LIB_PREFIX)ssl3$(IMPORT_LIB_SUFFIX) \
+	$(DIST)/lib/$(IMPORT_LIB_PREFIX)nss3$(IMPORT_LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4$(IMPORT_LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4$(IMPORT_LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4$(IMPORT_LIB_SUFFIX) \
+	$(NULL)
+
+# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS)
+#OS_LIBS += \
+	wsock32.lib \
+	winmm.lib \
+	$(NULL)
+else
+
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+EXTRA_LIBS += \
+	$(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+	$(NULL)
+
+ifeq ($(OS_ARCH), AIX) 
+EXTRA_SHARED_LIBS += -brtl 
+endif
+
+# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+ifndef NSS_BUILD_SOFTOKEN_ONLY
+EXTRA_SHARED_LIBS += \
+	-lssl3 \
+	-lsmime3 \
+	-lnss3
+endif
+endif
+
+ifdef SOFTOKEN_LIB_DIR
+ifdef NSS_USE_SYSTEM_FREEBL
+EXTRA_SHARED_LIBS += -L$(SOFTOKEN_LIB_DIR) -lsoftokn3
+endif
+endif
+
+endif # USE_STATIC_LIBS
+
+# If a platform has a system freebl, set USE_SYSTEM_FREEBL to 1 and
+# FREEBL_LIBS to the linker command-line arguments for the system nss-util
+# (for example, -lfreebl3 on fedora) in the platform's config file in coreconf.
+ifdef NSS_USE_SYSTEM_FREEBL
+FREEBL_LIBS = $(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
+EXTRA_LIBS += $(FREEBL_LIBS)
+endif
+
+JAR_LIBS = $(DIST)/lib/$(LIB_PREFIX)jar.$(LIB_SUFFIX)
diff --git a/nss/cmd/platrules.mk b/nss/cmd/platrules.mk
new file mode 100644
index 0000000..54586bf
--- /dev/null
+++ b/nss/cmd/platrules.mk
@@ -0,0 +1,19 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+show:
+	@echo "DEFINES 		= ${DEFINES}"
+	@echo "EXTRA_LIBS	= >$(EXTRA_LIBS)<"
+	@echo "IMPORT_LIBRARY 	= $(IMPORT_LIBRARY)"
+	@echo "LIBRARY 		= $(LIBRARY)"
+	@echo "OBJS 		= $(OBJS)"
+	@echo "OS_ARCH 		= $(OS_ARCH)"
+	@echo "PROGRAM 		= >$(PROGRAM)<"
+	@echo "PROGRAMS 	= $(PROGRAMS)"
+	@echo "SHARED_LIBRARY 	= $(SHARED_LIBRARY)"
+	@echo "TARGETS 		= >$(TARGETS)<"
+
+showplatform:
+	@echo $(PLATFORM)
diff --git a/nss/cmd/pp/Makefile b/nss/cmd/pp/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/pp/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/pp/manifest.mn b/nss/cmd/pp/manifest.mn
new file mode 100644
index 0000000..de6126a
--- /dev/null
+++ b/nss/cmd/pp/manifest.mn
@@ -0,0 +1,19 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = pp.c
+
+PROGRAM	= pp
diff --git a/nss/cmd/pp/pp.c b/nss/cmd/pp/pp.c
new file mode 100644
index 0000000..9f33d10
--- /dev/null
+++ b/nss/cmd/pp/pp.c
@@ -0,0 +1,196 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Pretty-print some well-known BER or DER encoded data (e.g. certificates,
+ * keys, pkcs7)
+ */
+
+#include "secutil.h"
+
+#if defined(__sun) && !defined(SVR4)
+extern int fprintf(FILE *, char *, ...);
+#endif
+
+#include "plgetopt.h"
+
+#include "pk11func.h"
+#include "nspr.h"
+#include "nss.h"
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n",
+            progName);
+    fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n");
+    fprintf(stderr, "%-14s Specify input and display type:", "-t type");
+#ifdef HAVE_EPV_TEMPLATE
+    fprintf(stderr, " %s (sk),", SEC_CT_PRIVATE_KEY);
+#endif
+    fprintf(stderr, "\n");
+    fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY,
+            SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST);
+    fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID,
+            SEC_CT_PKCS7, SEC_CT_CRL, SEC_CT_NAME);
+    fprintf(stderr, "%-14s (Use either the long type name or the shortcut.)\n", "");
+    fprintf(stderr, "%-14s Input is in ascii encoded form (RFC1113)\n",
+            "-a");
+    fprintf(stderr, "%-14s Define an input file to use (default is stdin)\n",
+            "-i input");
+    fprintf(stderr, "%-14s Define an output file to use (default is stdout)\n",
+            "-o output");
+    fprintf(stderr, "%-14s Don't wrap long output lines\n",
+            "-w");
+    fprintf(stderr, "%-14s Use UTF-8 (default is to show non-ascii as .)\n",
+            "-u");
+    exit(-1);
+}
+
+int
+main(int argc, char **argv)
+{
+    int rv, ascii;
+    char *progName;
+    FILE *outFile;
+    PRFileDesc *inFile;
+    SECItem der, data;
+    char *typeTag;
+    PLOptState *optstate;
+    PRBool wrap = PR_TRUE;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    ascii = 0;
+    inFile = 0;
+    outFile = 0;
+    typeTag = 0;
+    optstate = PL_CreateOptState(argc, argv, "at:i:o:uw");
+    while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+
+            case 'a':
+                ascii = 1;
+                break;
+
+            case 'i':
+                inFile = PR_Open(optstate->value, PR_RDONLY, 0);
+                if (!inFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 'o':
+                outFile = fopen(optstate->value, "w");
+                if (!outFile) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    return -1;
+                }
+                break;
+
+            case 't':
+                typeTag = strdup(optstate->value);
+                break;
+
+            case 'u':
+                SECU_EnableUtf8Display(PR_TRUE);
+                break;
+
+            case 'w':
+                wrap = PR_FALSE;
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+    if (!typeTag)
+        Usage(progName);
+
+    if (!inFile)
+        inFile = PR_STDIN;
+    if (!outFile)
+        outFile = stdout;
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_NoDB_Init(NULL);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: NSS_NoDB_Init failed (%s)\n",
+                progName, SECU_Strerror(PORT_GetError()));
+        exit(1);
+    }
+    SECU_RegisterDynamicOids();
+
+    rv = SECU_ReadDERFromFile(&der, inFile, ascii, PR_FALSE);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
+        exit(1);
+    }
+
+    /* Data is untyped, using the specified type */
+    data.data = der.data;
+    data.len = der.len;
+
+    SECU_EnableWrap(wrap);
+
+    /* Pretty print it */
+    if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 ||
+        PORT_Strcmp(typeTag, "c") == 0) {
+        rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
+                                  (SECU_PPFunc)SECU_PrintCertificate);
+    } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 ||
+               PORT_Strcmp(typeTag, "ci") == 0) {
+        rv = SECU_PrintSignedContent(outFile, &data, 0, 0,
+                                     SECU_PrintDumpDerIssuerAndSerial);
+    } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0 ||
+               PORT_Strcmp(typeTag, "cr") == 0) {
+        rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
+                                  SECU_PrintCertificateRequest);
+    } else if (PORT_Strcmp(typeTag, SEC_CT_CRL) == 0) {
+        rv = SECU_PrintSignedData(outFile, &data, "CRL", 0, SECU_PrintCrl);
+#ifdef HAVE_EPV_TEMPLATE
+    } else if (PORT_Strcmp(typeTag, SEC_CT_PRIVATE_KEY) == 0 ||
+               PORT_Strcmp(typeTag, "sk") == 0) {
+        rv = SECU_PrintPrivateKey(outFile, &data, "Private Key", 0);
+#endif
+    } else if (PORT_Strcmp(typeTag, SEC_CT_PUBLIC_KEY) == 0 ||
+               PORT_Strcmp(typeTag, "pk") == 0) {
+        rv = SECU_PrintSubjectPublicKeyInfo(outFile, &data, "Public Key", 0);
+    } else if (PORT_Strcmp(typeTag, SEC_CT_PKCS7) == 0 ||
+               PORT_Strcmp(typeTag, "p7") == 0) {
+        rv = SECU_PrintPKCS7ContentInfo(outFile, &data,
+                                        "PKCS #7 Content Info", 0);
+    } else if (PORT_Strcmp(typeTag, SEC_CT_NAME) == 0 ||
+               PORT_Strcmp(typeTag, "n") == 0) {
+        rv = SECU_PrintDERName(outFile, &data, "Name", 0);
+    } else {
+        fprintf(stderr, "%s: don't know how to print out '%s' files\n",
+                progName, typeTag);
+        SECU_PrintAny(outFile, &data, "File contains", 0);
+        return -1;
+    }
+
+    PORT_Free(typeTag);
+
+    if (inFile != PR_STDIN)
+        PR_Close(inFile);
+    PORT_Free(der.data);
+    if (rv) {
+        fprintf(stderr, "%s: problem converting data (%s)\n",
+                progName, SECU_Strerror(PORT_GetError()));
+    }
+    if (NSS_Shutdown() != SECSuccess) {
+        fprintf(stderr, "%s: NSS_Shutdown failed (%s)\n",
+                progName, SECU_Strerror(PORT_GetError()));
+        rv = SECFailure;
+    }
+    PR_Cleanup();
+    return rv;
+}
diff --git a/nss/cmd/pp/pp.gyp b/nss/cmd/pp/pp.gyp
new file mode 100644
index 0000000..c0fef6a
--- /dev/null
+++ b/nss/cmd/pp/pp.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pp',
+      'type': 'executable',
+      'sources': [
+        'pp.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/ppcertdata/Makefile b/nss/cmd/ppcertdata/Makefile
new file mode 100644
index 0000000..2aaef8f
--- /dev/null
+++ b/nss/cmd/ppcertdata/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/ppcertdata/manifest.mn b/nss/cmd/ppcertdata/manifest.mn
new file mode 100644
index 0000000..142a773
--- /dev/null
+++ b/nss/cmd/ppcertdata/manifest.mn
@@ -0,0 +1,22 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd 
+
+#DEFINES = -DNSPR20
+
+CSRCS = ppcertdata.c
+
+PROGRAM	= ppcertdata
+
diff --git a/nss/cmd/ppcertdata/ppcertdata.c b/nss/cmd/ppcertdata/ppcertdata.c
new file mode 100644
index 0000000..be12e93
--- /dev/null
+++ b/nss/cmd/ppcertdata/ppcertdata.c
@@ -0,0 +1,99 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include "secutil.h"
+#include "nss.h"
+
+unsigned char binary_line[64 * 1024];
+
+int
+main(int argc, const char** argv)
+{
+    int skip_count = 0;
+    int bytes_read;
+    char line[133];
+
+    if (argc > 1) {
+        skip_count = atoi(argv[1]);
+    }
+    if (argc > 2 || skip_count < 0) {
+        printf("Usage: %s [ skip_columns ] \n", argv[0]);
+        return 1;
+    }
+
+    NSS_NoDB_Init(NULL);
+
+    while (fgets(line, 132, stdin) && (bytes_read = strlen(line)) > 0) {
+        int bytes_written;
+        char* found;
+        char* in = line + skip_count;
+        int left = bytes_read - skip_count;
+        int is_cert;
+        int is_serial;
+        int is_name;
+        int is_hash;
+        int use_pp = 0;
+        int out = 0;
+        SECItem der = { siBuffer, NULL, 0 };
+
+        line[bytes_read] = 0;
+        if (bytes_read <= skip_count)
+            continue;
+        fwrite(in, 1, left, stdout);
+        found = strstr(in, "MULTILINE_OCTAL");
+        if (!found)
+            continue;
+        fflush(stdout);
+
+        is_cert = (NULL != strstr(in, "CKA_VALUE"));
+        is_serial = (NULL != strstr(in, "CKA_SERIAL_NUMBER"));
+        is_name = (NULL != strstr(in, "CKA_ISSUER")) ||
+                  (NULL != strstr(in, "CKA_SUBJECT"));
+        is_hash = (NULL != strstr(in, "_HASH"));
+        while (fgets(line, 132, stdin) &&
+               (bytes_read = strlen(line)) > 0) {
+            in = line + skip_count;
+            left = bytes_read - skip_count;
+
+            if ((left >= 3) && !strncmp(in, "END", 3))
+                break;
+            while (left >= 4) {
+                if (in[0] == '\\' && isdigit(in[1]) &&
+                    isdigit(in[2]) && isdigit(in[3])) {
+                    left -= 4;
+                    binary_line[out++] = ((in[1] - '0') << 6) |
+                                         ((in[2] - '0') << 3) |
+                                         (in[3] - '0');
+                    in += 4;
+                } else
+                    break;
+            }
+        }
+        der.data = binary_line;
+        der.len = out;
+        if (is_cert)
+            SECU_PrintSignedData(stdout, &der, "Certificate", 0,
+                                 SECU_PrintCertificate);
+        else if (is_name)
+            SECU_PrintDERName(stdout, &der, "Name", 0);
+        else if (is_serial) {
+            if (out > 2 && binary_line[0] == 2 &&
+                out == 2 + binary_line[1]) {
+                der.data += 2;
+                der.len -= 2;
+                SECU_PrintInteger(stdout, &der, "DER Serial Number", 0);
+            } else
+                SECU_PrintInteger(stdout, &der, "Raw Serial Number", 0);
+        } else if (is_hash)
+            SECU_PrintAsHex(stdout, &der, "Hash", 0);
+        else
+            SECU_PrintBuf(stdout, "Other", binary_line, out);
+    }
+    NSS_Shutdown();
+    return 0;
+}
diff --git a/nss/cmd/proofgen/.gitignore b/nss/cmd/proofgen/.gitignore
new file mode 100644
index 0000000..f1d55a6
--- /dev/null
+++ b/nss/cmd/proofgen/.gitignore
@@ -0,0 +1,2 @@
+.cproject
+
diff --git a/nss/cmd/proofgen/Makefile b/nss/cmd/proofgen/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/proofgen/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/proofgen/client_db b/nss/cmd/proofgen/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/proofgen/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/proofgen/main.c b/nss/cmd/proofgen/main.c
new file mode 100644
index 0000000..e6f2da2
--- /dev/null
+++ b/nss/cmd/proofgen/main.c
@@ -0,0 +1,188 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include <pk11func.h>
+#include <time.h>
+#include "tlsproofstr.h"
+
+#define SHA_256_LENGTH 32
+
+int evidenceReceived = 0;
+
+/*Error handler*/
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+	exit(1);
+}
+
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+	printf("Pass retrieved \n");
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+
+
+SECStatus fetchTLSProofCallBack(unsigned char *proof, unsigned int length){
+	int i;
+//	printf("GOT PROOF\n");
+	
+	for(i=0; i < length; ++i){
+		putchar(proof[i]);
+	}
+	return SECSuccess;
+}
+
+
+int main(int argc, char *argv[])
+{
+    PRFileDesc* socketfd = NULL;
+    PRHostEnt host;
+    PRNetAddr addr;
+    SECStatus rv;
+    PRStatus pr;
+    char buffer[65536];
+    char buffParam[256];
+    int n;
+    PRSocketOptionData  socketOption;
+    SSLVersionRange ver;
+	char* pathstr;
+	int proof_type;
+    
+    // 3 arguments are necessary for the client
+    if(argc < 3){
+        error("Specify URL and proof_type.");
+    }
+	pathstr = argv[1];
+	proof_type = atoi(argv[2]);
+	if(proof_type != 0 && proof_type != 1 && proof_type != 2){
+		error("Invalid proof_type.");
+	}
+
+    //Set the password callback
+    PK11_SetPasswordFunc(getPwd);
+    
+    //Init
+    rv = NSS_Init("../client_db");
+    if(rv != SECSuccess) error("NSS_Init");
+    
+     //Open
+	socketfd = PR_OpenTCPSocket(PR_AF_INET);
+	if (socketfd == NULL) error("PR_OpenTCPSocket");
+
+
+	//Set socket option
+	socketOption.option = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+	pr = PR_SetSocketOption(socketfd, &socketOption);
+	if (pr != PR_SUCCESS) error("PR_SetSocketOption");
+
+	//Import
+	socketfd = SSL_ImportFD(NULL, socketfd);
+	if (socketfd == NULL) error("SSL_ImportFD");
+
+	//Set server mode
+	rv = SSL_OptionSet(socketfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_HANDSHAKE_AS_CLIENT ");
+
+	rv = SSL_OptionSet(socketfd, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+	fprintf(stderr, "TLS-N enabled\n");
+	//Set the proof return callback
+	if(proof_type == 0){
+		rv = SSL_TLSProofSetReturnCallBack(socketfd, fetchTLSProofCallBack, hidden_plaintext_proof);
+	}else if(proof_type == 1){
+		rv = SSL_TLSProofSetReturnCallBack(socketfd, fetchTLSProofCallBack, plaintext_proof);
+	}else if(proof_type == 2){
+		rv = SSL_TLSProofSetReturnCallBack(socketfd, fetchTLSProofCallBack, plaintext_proof | omit_cert_chain);
+	}
+	if(rv != SECSuccess) error("SLL_TLSProofSetReturnCallBack");
+
+    //Set the chunk size
+    PRUint16 chunk_size;
+	if(proof_type == 0){
+		chunk_size = 8;
+	}else if(proof_type == 1 || proof_type == 2){
+		chunk_size = 65535;
+	}
+    rv = SSL_TLSProofSetChunkSize(socketfd, chunk_size);
+    if(rv != SECSuccess) error("SSL_TLSProofSetChunkSize");
+
+	//Set url for authentication
+	rv = SSL_SetURL(socketfd, "tls-n.org");
+	if(rv != SECSuccess) error("SSL_SetURL");
+
+	//Force TLS 1.3
+	ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+	ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+	rv = SSL_VersionRangeSet(socketfd,&ver);
+	if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	//Get host
+	pr = PR_GetHostByName("129.132.15.113",buffParam,256,&host);
+	if (pr != PR_SUCCESS) error("PR_GetHostByName");
+	rv = PR_EnumerateHostEnt(0, &host, 443, &addr);
+	if(rv < 0) error("PR_EnumerateHostEnt");
+
+	//Connect
+	pr = PR_Connect(socketfd, &addr, PR_INTERVAL_NO_TIMEOUT);
+	if(pr != PR_SUCCESS) error("PR_Connect");
+
+	PRBool val = PR_FALSE;
+
+	//Send one request to establish session
+	snprintf(buffer, sizeof(buffer), "GET %s HTTP/1.1\r\nHost: tls-n.org\r\nConnection: keep-alive\r\n\r\n", pathstr);
+//	printf("%s", buffer);
+	n = PR_Write(socketfd,buffer,strlen(buffer));
+	if (n < 0) {
+		error("ERROR writing to socket");
+	}
+	
+	//See if the negotiation of TLS proof was successful
+	rv = SSL_TLSProofIsNegociated(socketfd,&val);
+	if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+	
+	//Get the TLS version used
+	rv = SSL_VersionRangeGet(socketfd,&ver);
+	if(rv != SECSuccess) error("SSL_VersionRangeGet");
+	
+	n = 1;
+	while(n != 0){
+		n = PR_Read(socketfd, buffer, sizeof(buffer));
+//		printf("Reading...: %i\n", n);
+//		printf(buffer);
+
+	}
+
+    rv = SSL_TLSProofRequestProof(socketfd);
+    if(rv != SECSuccess) error("SSL_TLSProofRequestProof");
+
+
+//	printf("Reading...: %i\n", n);
+	PR_Read(socketfd, buffer, sizeof(buffer));
+
+//	printf("Done...\n");
+
+    PR_Close(socketfd);
+
+    return 0;
+}
+
diff --git a/nss/cmd/proofgen/manifest.mn b/nss/cmd/proofgen/manifest.mn
new file mode 100644
index 0000000..ddd5abd
--- /dev/null
+++ b/nss/cmd/proofgen/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= proofgen 
+
diff --git a/nss/cmd/pwdecrypt/Makefile b/nss/cmd/pwdecrypt/Makefile
new file mode 100644
index 0000000..265ea56
--- /dev/null
+++ b/nss/cmd/pwdecrypt/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
diff --git a/nss/cmd/pwdecrypt/manifest.mn b/nss/cmd/pwdecrypt/manifest.mn
new file mode 100644
index 0000000..51cb8c8
--- /dev/null
+++ b/nss/cmd/pwdecrypt/manifest.mn
@@ -0,0 +1,26 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = \
+	pwdecrypt.c \
+	$(NULL)
+
+# headers for the MODULE (defined above) are implicitly required.
+REQUIRES = dbm seccmd
+
+# WINNT uses EXTRA_LIBS as the list of libs to link in.
+# Unix uses     OS_LIBS for that purpose.
+# We can solve this via conditional makefile code, but 
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+# So, look in the local Makefile for the defines for the list of libs.
+
+PROGRAM = pwdecrypt
+
+#USE_STATIC_LIBS = 1
diff --git a/nss/cmd/pwdecrypt/pwdecrypt.c b/nss/cmd/pwdecrypt/pwdecrypt.c
new file mode 100644
index 0000000..02a676e
--- /dev/null
+++ b/nss/cmd/pwdecrypt/pwdecrypt.c
@@ -0,0 +1,330 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Test program for SDR (Secret Decoder Ring) functions.
+ */
+
+#include "nspr.h"
+#include "string.h"
+#include "nss.h"
+#include "secutil.h"
+#include "cert.h"
+#include "pk11func.h"
+#include "nssb64.h"
+
+#include "plgetopt.h"
+#include "pk11sdr.h"
+
+#define DEFAULT_VALUE "Test"
+
+static void
+synopsis(char *program_name)
+{
+    PRFileDesc *pr_stderr;
+
+    pr_stderr = PR_STDERR;
+    PR_fprintf(pr_stderr,
+               "Usage:\t%s [-i <input-file>] [-o <output-file>] [-d <dir>]\n"
+               "      \t[-l logfile] [-p pwd] [-f pwfile]\n",
+               program_name);
+}
+
+static void
+short_usage(char *program_name)
+{
+    PR_fprintf(PR_STDERR,
+               "Type %s -H for more detailed descriptions\n",
+               program_name);
+    synopsis(program_name);
+}
+
+static void
+long_usage(char *program_name)
+{
+    PRFileDesc *pr_stderr;
+
+    pr_stderr = PR_STDERR;
+    synopsis(program_name);
+    PR_fprintf(pr_stderr, "\nDecode encrypted passwords (and other data).\n");
+    PR_fprintf(pr_stderr,
+               "This program reads in standard configuration files looking\n"
+               "for base 64 encoded data. Data that looks like it's base 64 encode\n"
+               "is decoded an passed to the NSS SDR code. If the decode and decrypt\n"
+               "is successful, then decrypted data is outputted in place of the\n"
+               "original base 64 data. If the decode or decrypt fails, the original\n"
+               "data is written and the reason for failure is logged to the \n"
+               "optional logfile.\n");
+    PR_fprintf(pr_stderr,
+               "  %-13s Read stream including encrypted data from "
+               "\"read_file\"\n",
+               "-i read_file");
+    PR_fprintf(pr_stderr,
+               "  %-13s Write results to \"write_file\"\n",
+               "-o write_file");
+    PR_fprintf(pr_stderr,
+               "  %-13s Find security databases in \"dbdir\"\n",
+               "-d dbdir");
+    PR_fprintf(pr_stderr,
+               "  %-13s Log failed decrypt/decode attempts to \"log_file\"\n",
+               "-l log_file");
+    PR_fprintf(pr_stderr,
+               "  %-13s Token password\n",
+               "-p pwd");
+    PR_fprintf(pr_stderr,
+               "  %-13s Password file\n",
+               "-f pwfile");
+}
+
+/*
+ * base64 table only used to identify the end of a base64 string
+ */
+static unsigned char b64[256] = {
+    /*  00: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  08: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  10: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  18: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  20: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  28: */ 0, 0, 0, 1, 0, 0, 0, 1,
+    /*  30: */ 1, 1, 1, 1, 1, 1, 1, 1,
+    /*  38: */ 1, 1, 0, 0, 0, 0, 0, 0,
+    /*  40: */ 0, 1, 1, 1, 1, 1, 1, 1,
+    /*  48: */ 1, 1, 1, 1, 1, 1, 1, 1,
+    /*  50: */ 1, 1, 1, 1, 1, 1, 1, 1,
+    /*  58: */ 1, 1, 1, 0, 0, 0, 0, 0,
+    /*  60: */ 0, 1, 1, 1, 1, 1, 1, 1,
+    /*  68: */ 1, 1, 1, 1, 1, 1, 1, 1,
+    /*  70: */ 1, 1, 1, 1, 1, 1, 1, 1,
+    /*  78: */ 1, 1, 1, 0, 0, 0, 0, 0,
+};
+
+enum {
+    false = 0,
+    true = 1
+} bool;
+
+#define isatobchar(c) (b64[c])
+
+#define MAX_STRING 8192
+
+int
+isBase64(char *inString)
+{
+    unsigned int i;
+    unsigned char c;
+
+    for (i = 0; (c = inString[i]) != 0 && isatobchar(c); ++i)
+        ;
+    if (c == '=') {
+        while ((c = inString[++i]) == '=')
+            ; /* skip trailing '=' characters */
+    }
+    if (c && c != '\n' && c != '\r')
+        return false;
+    if (i == 0 || i % 4)
+        return false;
+    return true;
+}
+
+void
+doDecrypt(char *dataString, FILE *outFile, FILE *logFile, secuPWData *pwdata)
+{
+    int strLen = strlen(dataString);
+    SECItem *decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString, strLen);
+    SECStatus rv;
+    int err;
+    SECItem result = { siBuffer, NULL, 0 };
+
+    if ((decoded == NULL) || (decoded->len == 0)) {
+        if (logFile) {
+            err = PORT_GetError();
+            fprintf(logFile, "Base 64 decode failed on <%s>\n", dataString);
+            fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err));
+        }
+        fputs(dataString, outFile);
+        if (decoded)
+            SECITEM_FreeItem(decoded, PR_TRUE);
+        return;
+    }
+
+    rv = PK11SDR_Decrypt(decoded, &result, pwdata);
+    SECITEM_ZfreeItem(decoded, PR_TRUE);
+    if (rv == SECSuccess) {
+        /* result buffer has no extra space for a NULL */
+        fprintf(outFile, "Decrypted: \"%.*s\"\n", result.len, result.data);
+        SECITEM_ZfreeItem(&result, PR_FALSE);
+        return;
+    }
+    /* Encryption failed. output raw input. */
+    if (logFile) {
+        err = PORT_GetError();
+        fprintf(logFile, "SDR decrypt failed on <%s>\n", dataString);
+        fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err));
+    }
+    fputs(dataString, outFile);
+}
+
+void
+doDecode(char *dataString, FILE *outFile, FILE *logFile)
+{
+    int strLen = strlen(dataString + 1);
+    SECItem *decoded;
+
+    decoded = NSSBase64_DecodeBuffer(NULL, NULL, dataString + 1, strLen);
+    if ((decoded == NULL) || (decoded->len == 0)) {
+        if (logFile) {
+            int err = PORT_GetError();
+            fprintf(logFile, "Base 64 decode failed on <%s>\n", dataString + 1);
+            fprintf(logFile, " Error %d: %s\n", err, SECU_Strerror(err));
+        }
+        fputs(dataString, outFile);
+        if (decoded)
+            SECITEM_FreeItem(decoded, PR_TRUE);
+        return;
+    }
+    fprintf(outFile, "Decoded: \"%.*s\"\n", decoded->len, decoded->data);
+    SECITEM_ZfreeItem(decoded, PR_TRUE);
+}
+
+char dataString[MAX_STRING + 1];
+
+int
+main(int argc, char **argv)
+{
+    int retval = 0; /* 0 - test succeeded.  -1 - test failed */
+    SECStatus rv;
+    PLOptState *optstate;
+    char *program_name;
+    char *input_file = NULL;  /* read encrypted data from here (or create) */
+    char *output_file = NULL; /* write new encrypted data here */
+    char *log_file = NULL;    /* write new encrypted data here */
+    FILE *inFile = stdin;
+    FILE *outFile = stdout;
+    FILE *logFile = NULL;
+    PLOptStatus optstatus;
+    secuPWData pwdata = { PW_NONE, NULL };
+
+    program_name = PL_strrchr(argv[0], '/');
+    program_name = program_name ? (program_name + 1) : argv[0];
+
+    optstate = PL_CreateOptState(argc, argv, "Hd:f:i:o:l:p:?");
+    if (optstate == NULL) {
+        SECU_PrintError(program_name, "PL_CreateOptState failed");
+        return 1;
+    }
+
+    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                short_usage(program_name);
+                return 1;
+
+            case 'H':
+                long_usage(program_name);
+                return 1;
+
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'i':
+                input_file = PL_strdup(optstate->value);
+                break;
+
+            case 'o':
+                output_file = PL_strdup(optstate->value);
+                break;
+
+            case 'l':
+                log_file = PL_strdup(optstate->value);
+                break;
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PL_strdup(optstate->value);
+                break;
+
+            case 'p':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = PL_strdup(optstate->value);
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+    if (optstatus == PL_OPT_BAD) {
+        short_usage(program_name);
+        return 1;
+    }
+
+    if (input_file) {
+        inFile = fopen(input_file, "r");
+        if (inFile == NULL) {
+            perror(input_file);
+            return 1;
+        }
+        PR_Free(input_file);
+    }
+    if (output_file) {
+        outFile = fopen(output_file, "w+");
+        if (outFile == NULL) {
+            perror(output_file);
+            return 1;
+        }
+        PR_Free(output_file);
+    }
+    if (log_file) {
+        if (log_file[0] == '-')
+            logFile = stderr;
+        else
+            logFile = fopen(log_file, "w+");
+        if (logFile == NULL) {
+            perror(log_file);
+            return 1;
+        }
+        PR_Free(log_file);
+    }
+
+    /*
+     * Initialize the Security libraries.
+     */
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+        SECU_PrintError(program_name, "NSS_Init failed");
+        retval = 1;
+        goto prdone;
+    }
+
+    /* Get the encrypted result, either from the input file
+     * or from encrypting the plaintext value
+     */
+    while (fgets(dataString, sizeof dataString, inFile)) {
+        unsigned char c = dataString[0];
+
+        if (c == 'M' && isBase64(dataString)) {
+            doDecrypt(dataString, outFile, logFile, &pwdata);
+        } else if (c == '~' && isBase64(dataString + 1)) {
+            doDecode(dataString, outFile, logFile);
+        } else {
+            fputs(dataString, outFile);
+        }
+    }
+    if (pwdata.data)
+        PR_Free(pwdata.data);
+
+    fclose(outFile);
+    fclose(inFile);
+    if (logFile && logFile != stderr) {
+        fclose(logFile);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(program_name, "NSS_Shutdown failed");
+        exit(1);
+    }
+
+prdone:
+    PR_Cleanup();
+    return retval;
+}
diff --git a/nss/cmd/pwdecrypt/pwdecrypt.gyp b/nss/cmd/pwdecrypt/pwdecrypt.gyp
new file mode 100644
index 0000000..c3ae8ee
--- /dev/null
+++ b/nss/cmd/pwdecrypt/pwdecrypt.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pwdecrypt',
+      'type': 'executable',
+      'sources': [
+        'pwdecrypt.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/randtrafficClient/Makefile b/nss/cmd/randtrafficClient/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/randtrafficClient/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/randtrafficClient/client_db b/nss/cmd/randtrafficClient/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/randtrafficClient/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/randtrafficClient/main.c b/nss/cmd/randtrafficClient/main.c
new file mode 100644
index 0000000..29ba1db
--- /dev/null
+++ b/nss/cmd/randtrafficClient/main.c
@@ -0,0 +1,206 @@
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "tlsproofstr.h"
+#include <pk11func.h>
+#include "tlsproofstr.h"
+#include <time.h>
+
+#define SHA_256_LENGTH 32
+
+ #define max(a,b) \
+   ({ __typeof__ (a) _a = (a); \
+       __typeof__ (b) _b = (b); \
+     _a > _b ? _a : _b; })
+
+ #define min(a,b) \
+   ({ __typeof__ (a) _a = (a); \
+       __typeof__ (b) _b = (b); \
+     _a < _b ? _a : _b; })
+
+
+/*Global variables*/
+unsigned char merkleRoot[SHA_256_LENGTH]; //Merkle root
+FILE *messagesFile = NULL; // File to print the messages received and sent
+
+/*Error handler*/
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+	exit(1);
+}
+
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+	printf("Pass retrieved \n");
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+
+
+//*
+SECStatus fetchTLSProofCallBack(unsigned char *proof, unsigned int length){
+    unlink("/tmp/testproof");
+    int fd = open("/tmp/testproof", O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+    write(fd, proof, length);
+    close(fd);
+	printf("Got proof of size: %i\n", length);
+	if(SSL_TLSProofCheckProof(proof, length) == SECSuccess){
+		printf("Proof successfully verified!\n");
+	} else {
+		printf("Proof is incorrect\n");
+	}		
+	PORT_Free(proof);
+	return SECSuccess;
+}
+// */
+
+
+
+int main(int argc, char *argv[])
+{
+	PRFileDesc* socketfd = NULL;
+	PRHostEnt host;
+	PRNetAddr addr;
+	SECStatus rv;
+	PRStatus pr;
+	char buffer[2000];
+	char buffParam[256];
+	PRSocketOptionData  socketOption;
+	SSLVersionRange ver;
+
+	// 5 arguments are necessary for the client
+	if(argc < 5){
+		error("Specify host and port, traffic size, chunk size");
+	}
+
+	//Set the password callback
+	PK11_SetPasswordFunc(getPwd);
+
+	//Init
+	rv = NSS_Init("../client_db");
+	if(rv != SECSuccess) error("NSS_Init");
+
+	//Open
+	socketfd = PR_OpenTCPSocket(PR_AF_INET);
+	if (socketfd == NULL) error("PR_OpenTCPSocket");
+
+
+	//Set socket option
+	socketOption.option = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+	pr = PR_SetSocketOption(socketfd, &socketOption);
+	if (pr != PR_SUCCESS) error("PR_SetSocketOption");
+
+	//Import
+	socketfd = SSL_ImportFD(NULL, socketfd);
+	if (socketfd == NULL) error("SSL_ImportFD");
+
+	//Set server mode
+	rv = SSL_OptionSet(socketfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_HANDSHAKE_AS_CLIENT ");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(socketfd, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Set the proof return callback
+	rv = SSL_TLSProofSetReturnCallBack(socketfd, fetchTLSProofCallBack, plaintext_proof | omit_cert_chain);
+	if(rv != SECSuccess) error("SSL_TLSProofSetReturnCallBack");
+
+	//Set the proof return callback
+	PRUint16 chunk_size = atoi(argv[4]);
+	printf("Proposing chunk size: %i\n", chunk_size);
+	rv = SSL_TLSProofSetChunkSize(socketfd, chunk_size);
+	if(rv != SECSuccess) error("SSL_TLSProofSetChunkSize");
+
+		
+
+
+	//Set url for authentication
+	rv = SSL_SetURL(socketfd, "tls-n.testserver");
+	if(rv != SECSuccess) error("SSL_SetURL");
+
+	//Force TLS 1.3
+    ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+    ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+    rv = SSL_VersionRangeSet(socketfd,&ver);
+    if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	//Get host
+	pr = PR_GetHostByName(argv[1],buffParam,256,&host);
+	if (pr != PR_SUCCESS) error("PR_GetHostByName");
+	rv = PR_EnumerateHostEnt(0, &host, atoi(argv[2]), &addr);
+	if(rv < 0) error("PR_EnumerateHostEnt");
+
+	//Connect
+	pr = PR_Connect(socketfd, &addr, PR_INTERVAL_NO_TIMEOUT);
+	if(pr != PR_SUCCESS) error("PR_Connect");
+
+	int first = 1;
+	long int i;
+	PRBool val;
+	long int handled = 0;
+	srand(time(NULL));
+	long int traffic_size = atol(argv[3]);
+				while(handled < traffic_size){	
+	                for(i = 0; i < min(traffic_size-handled, sizeof(buffer)); ++i){
+						buffer[i] = rand();
+					}
+					
+					long int written = 0;
+					while(written < i){
+			            written += PR_Write(socketfd, buffer + written, i - written);
+					}
+					handled += written;
+				}
+
+            if(first){
+                first = 0;
+                //See if the negotiation of TLS proof was successful
+                rv = SSL_TLSProofIsNegociated(socketfd,&val);
+                if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+
+                //Get the TLS version used
+                rv = SSL_VersionRangeGet(socketfd,&ver);
+                if(rv != SECSuccess) error("SSL_VersionRangeGet");
+     
+            }
+
+
+
+	//Request the proof, NSS will call the associated callback when the proof arrive
+	rv = SSL_TLSProofRequestProof(socketfd);
+	if(rv != SECSuccess) error("SSL_TLSProofRequestProof");
+
+	//This is necessary to get the signature but will never return
+    PR_Write(socketfd, "a", 1);
+	PR_Read(socketfd,buffer,sizeof(buffer));
+
+	PR_Close(socketfd);
+
+
+	printf("\nEND\n");
+	return 0;
+}
+
diff --git a/nss/cmd/randtrafficClient/manifest.mn b/nss/cmd/randtrafficClient/manifest.mn
new file mode 100644
index 0000000..5a35b5f
--- /dev/null
+++ b/nss/cmd/randtrafficClient/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= randtrafficClient 
+
diff --git a/nss/cmd/randtrafficServer/Makefile b/nss/cmd/randtrafficServer/Makefile
new file mode 100644
index 0000000..c7a02b8
--- /dev/null
+++ b/nss/cmd/randtrafficServer/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/randtrafficServer/main.c b/nss/cmd/randtrafficServer/main.c
new file mode 100644
index 0000000..275c4e7
--- /dev/null
+++ b/nss/cmd/randtrafficServer/main.c
@@ -0,0 +1,190 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include <pk11func.h>
+#include <errno.h>
+#include "secitem.h"
+
+ #define max(a,b) \
+   ({ __typeof__ (a) _a = (a); \
+       __typeof__ (b) _b = (b); \
+     _a > _b ? _a : _b; })
+
+ #define min(a,b) \
+   ({ __typeof__ (a) _a = (a); \
+       __typeof__ (b) _b = (b); \
+     _a < _b ? _a : _b; })
+
+
+
+//Global variable
+SECKEYPrivateKey *privKey = NULL; //Private key of the server certificate
+CERTCertificate *cert = NULL; //Certificate of the server
+
+
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!!!!!ERROR function name: %s returned error %d:!!!!!\n%s\n",msg, perr, errString);
+    exit(1);
+}
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+/*Called when a client is connected to server*/
+int accept_connection(PRFileDesc * sock, long int traffic_size)
+{
+	char buffer[131072];
+	PRBool val;
+	SSLVersionRange ver;
+	SECStatus rv;
+	long int handled = 0;
+
+	while(handled < traffic_size){
+		handled += PR_Read(sock, buffer, min(traffic_size, sizeof(buffer)));
+	}
+				//See if the negotiation of TLS proof was successful
+				rv = SSL_TLSProofIsNegociated(sock,&val);
+				if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+
+				//Get the TLS version used
+				rv = SSL_VersionRangeGet(sock,&ver);
+				if(rv != SECSuccess) error("SSL_VersionRangeGet");
+
+    PR_Read(sock ,buffer,sizeof(buffer));
+    PR_Close(sock);
+
+    printf("END\n");
+    return 0;
+
+}
+
+
+int main(int argc, char *argv[])
+{
+
+
+	PRFileDesc* listenSocket = NULL;
+	PRStatus pr;
+	SECStatus rv;
+	char *tmp = NULL;
+	PRFileDesc* newSocket = NULL;
+	char* certName = "tls-n.testserver";
+	PRNetAddr addr, clientAddr;
+	SSLVersionRange ver;
+
+
+
+	if(argc < 3){
+			error("Specify port, traffic size");
+	}
+	long int traffic_size = atol(argv[2]);
+
+	//Cache config
+	tmp = PR_GetEnvSecure("TMP");
+	if (!tmp){
+		tmp = PR_GetEnvSecure("TMPDIR");
+		tmp = PR_GetEnvSecure("TEMP");
+	}
+	rv = SSL_ConfigServerSessionIDCache(0,0, 0, tmp);
+	if (rv != SECSuccess)
+		error("SSL_ConfigServerSessionIDCache");
+
+	//Set Password
+	PK11_SetPasswordFunc(getPwd);
+
+	rv = NSS_Init("../server_db");
+	if(rv != SECSuccess)
+		error("NSS_Initialize");
+
+	//Retrieve certificate
+	cert = PK11_FindCertFromNickname(certName,NULL);
+	if (cert == NULL)
+	error("PK11_FindCertFromNickname");
+
+	//Retrieve private key
+	privKey = PK11_FindKeyByAnyCert(cert,NULL);
+	if (privKey == NULL)
+		error("PK11_FindKeyByAnyCert");
+
+	//New socket
+	listenSocket = PR_OpenTCPSocket(PR_AF_INET);
+	if (listenSocket == NULL) {
+		error("Error: PR_NewTCPSocket");
+	}
+
+	//Server parameters
+	addr.inet.ip = PR_INADDR_ANY;
+	addr.inet.port = PR_htons(atoi(argv[1]));
+	addr.inet.family = PR_AF_INET;
+
+	//Bind
+	pr = PR_Bind(listenSocket, &addr);
+	if (pr != PR_SUCCESS) {
+			error("PR_Bind");
+	}
+
+
+	//Listen
+	pr = PR_Listen(listenSocket, 5);
+	if (pr != PR_SUCCESS) {
+			error("PR_Listen");
+	}
+
+
+	//Import to SSL
+	listenSocket = SSL_ImportFD(NULL, listenSocket);
+	if (listenSocket == NULL) error("SSL_ImportFD");
+
+
+
+	//Set certificate and private key
+	rv = SSL_ConfigSecureServer(listenSocket,cert, privKey, NSS_FindCertKEAType(cert));
+	if (rv != SECSuccess) error("SSL_ConfigSecureServer");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(listenSocket, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Force TLS 1.3
+	ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+	ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+	rv = SSL_VersionRangeSet(listenSocket,&ver);
+	if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	printf("Server started ! \nListening ... \n");
+
+	//Accept
+	newSocket = PR_Accept(listenSocket, &clientAddr, PR_INTERVAL_NO_TIMEOUT);
+	PR_Close(listenSocket);
+	if(newSocket == 0){
+		error("PR_Accept");
+	}
+
+
+
+	//Continue
+	accept_connection(newSocket, traffic_size);
+
+
+	return 0;
+}
diff --git a/nss/cmd/randtrafficServer/manifest.mn b/nss/cmd/randtrafficServer/manifest.mn
new file mode 100644
index 0000000..fd6cd90
--- /dev/null
+++ b/nss/cmd/randtrafficServer/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= randtrafficServer 
+
diff --git a/nss/cmd/randtrafficServer/server_db b/nss/cmd/randtrafficServer/server_db
new file mode 120000
index 0000000..f1858d9
--- /dev/null
+++ b/nss/cmd/randtrafficServer/server_db
@@ -0,0 +1 @@
+../../../ca/server_db
\ No newline at end of file
diff --git a/nss/cmd/replayClient/.gitignore b/nss/cmd/replayClient/.gitignore
new file mode 100644
index 0000000..f1d55a6
--- /dev/null
+++ b/nss/cmd/replayClient/.gitignore
@@ -0,0 +1,2 @@
+.cproject
+
diff --git a/nss/cmd/replayClient/Makefile b/nss/cmd/replayClient/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/replayClient/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/replayClient/client_db b/nss/cmd/replayClient/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/replayClient/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/replayClient/main.c b/nss/cmd/replayClient/main.c
new file mode 100644
index 0000000..448f035
--- /dev/null
+++ b/nss/cmd/replayClient/main.c
@@ -0,0 +1,213 @@
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "tlsproofstr.h"
+#include <pk11func.h>
+#include "tlsproofstr.h"
+
+#define SHA_256_LENGTH 32
+
+/*Global variables*/
+unsigned char merkleRoot[SHA_256_LENGTH]; //Merkle root
+FILE *messagesFile = NULL; // File to print the messages received and sent
+
+/*Error handler*/
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+	exit(1);
+}
+
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+	printf("Pass retrieved \n");
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+
+
+//*
+SECStatus fetchTLSProofCallBack(unsigned char *proof, unsigned int length){
+	unlink("/tmp/testproof");
+	int fd = open("/tmp/testproof", O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+	write(fd, proof, length);
+	close(fd);
+	printf("Got proof of size: %i\n", length);
+	if(SSL_TLSProofCheckProof(proof, length) == SECSuccess){
+		printf("Proof successfully verified!\n");
+		exit(0);
+	} else {
+		printf("Proof is incorrect\n");
+		exit(1);
+	}		
+	return SECSuccess;
+}
+// */
+
+
+
+int main(int argc, char *argv[])
+{
+	PRFileDesc* socketfd = NULL;
+	PRHostEnt host;
+	PRNetAddr addr;
+	SECStatus rv;
+	PRStatus pr;
+	char buffer[65536];
+	char buffParam[256];
+	int n;
+	PRSocketOptionData  socketOption;
+	SSLVersionRange ver;
+
+	// 3 arguments are necessary for the client
+	if(argc < 4){
+		error("Specify host and port and chunk size");
+	}
+
+	//Set the password callback
+	PK11_SetPasswordFunc(getPwd);
+
+	//Init
+	rv = NSS_Init("../client_db");
+	if(rv != SECSuccess) error("NSS_Init");
+
+	//Open
+	socketfd = PR_OpenTCPSocket(PR_AF_INET);
+	if (socketfd == NULL) error("PR_OpenTCPSocket");
+
+
+	//Set socket option
+	socketOption.option = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+	pr = PR_SetSocketOption(socketfd, &socketOption);
+	if (pr != PR_SUCCESS) error("PR_SetSocketOption");
+
+	//Import
+	socketfd = SSL_ImportFD(NULL, socketfd);
+	if (socketfd == NULL) error("SSL_ImportFD");
+
+	//Set server mode
+	rv = SSL_OptionSet(socketfd, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_HANDSHAKE_AS_CLIENT ");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(socketfd, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Set the proof return callback
+	rv = SSL_TLSProofSetReturnCallBack(socketfd, fetchTLSProofCallBack, plaintext_proof);
+	if(rv != SECSuccess) error("SSL_TLSProofSetReturnCallBack");
+
+	//Set url for authentication
+	rv = SSL_SetURL(socketfd, "tls-n.testserver");
+	if(rv != SECSuccess) error("SSL_SetURL");
+
+    //Set the proof return callback
+    PRUint16 chunk_size = atoi(argv[3]);
+    printf("Proposing chunk size: %i\n", chunk_size);
+    rv = SSL_TLSProofSetChunkSize(socketfd, chunk_size);
+    if(rv != SECSuccess) error("SSL_TLSProofSetChunkSize");
+
+
+	//Force TLS 1.3
+    ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+    ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+    rv = SSL_VersionRangeSet(socketfd,&ver);
+    if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	//Get host
+	pr = PR_GetHostByName(argv[1],buffParam,256,&host);
+	if (pr != PR_SUCCESS) error("PR_GetHostByName");
+	rv = PR_EnumerateHostEnt(0, &host, atoi(argv[2]), &addr);
+	if(rv < 0) error("PR_EnumerateHostEnt");
+
+	//Connect
+	pr = PR_Connect(socketfd, &addr, PR_INTERVAL_NO_TIMEOUT);
+	if(pr != PR_SUCCESS) error("PR_Connect");
+
+	char number[10];
+	int first = 1;
+	int i;
+	PRBool val;
+    while(1){
+#ifndef TRACE
+            getchar();
+#else
+            // Get Marker
+            char ch = getchar();
+            assert(ch == 'H');
+
+#endif
+
+            char rw = getchar();
+			if(rw == 'q'){
+				break;
+			}
+            fgets(number, 7, stdin);
+            int num = atoi(number);
+            assert(num <= sizeof(buffer));
+            // Read an incoming message
+            if(rw == 'r'){
+                n = PR_Read(socketfd, buffer, num);
+                assert(n == num);
+
+            }else if(rw == 'w'){
+                // Write
+                for(i = 0; i < num; ++i) buffer[i] = getchar();
+                n = PR_Write(socketfd, buffer, num);
+                assert(n == num);
+            }else{
+				assert(0);
+			}
+
+
+            if(first){
+                first = 0;
+                //See if the negotiation of TLS proof was successful
+                rv = SSL_TLSProofIsNegociated(socketfd,&val);
+                if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+
+                //Get the TLS version used
+                rv = SSL_VersionRangeGet(socketfd,&ver);
+                if(rv != SECSuccess) error("SSL_VersionRangeGet");
+     
+            }
+
+
+	}
+
+	//Request the proof, NSS will call the associated callback when the proof arrive
+	rv = SSL_TLSProofRequestProof(socketfd);
+	if(rv != SECSuccess) error("SSL_TLSProofRequestProof");
+
+	//This is necessary to get the signature but will never return
+//    PR_Write(socketfd, "a", 1);
+	n = PR_Read(socketfd,buffer,sizeof(buffer));
+
+	PR_Close(socketfd);
+
+
+	printf("\nEND: %i\n", n);
+	return 0;
+}
+
diff --git a/nss/cmd/replayClient/manifest.mn b/nss/cmd/replayClient/manifest.mn
new file mode 100644
index 0000000..0f1cbfa
--- /dev/null
+++ b/nss/cmd/replayClient/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= replayClient
+
diff --git a/nss/cmd/replayClient/messages.txt b/nss/cmd/replayClient/messages.txt
new file mode 100644
index 0000000..e69de29
diff --git a/nss/cmd/replayServer/Makefile b/nss/cmd/replayServer/Makefile
new file mode 100644
index 0000000..c7a02b8
--- /dev/null
+++ b/nss/cmd/replayServer/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/replayServer/main.c b/nss/cmd/replayServer/main.c
new file mode 100644
index 0000000..06ef19e
--- /dev/null
+++ b/nss/cmd/replayServer/main.c
@@ -0,0 +1,217 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <assert.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include <pk11func.h>
+#include <errno.h>
+#include "secitem.h"
+
+//Global variable
+SECKEYPrivateKey *privKey = NULL; //Private key of the server certificate
+CERTCertificate *cert = NULL; //Certificate of the server
+
+
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!!!!!ERROR function name: %s returned error %d:!!!!!\n%s\n",msg, perr, errString);
+    exit(1);
+}
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+/*Called when a client is connected to server*/
+int accept_connection(PRFileDesc * sock)
+{
+	char buffer[131072];
+	int n;
+	int i;
+	PRBool val;
+	SSLVersionRange ver;
+	SECStatus rv;
+    int first = 1;
+	char number[10];
+	while(1)
+	{
+#ifndef TRACE
+			getchar();
+#else
+			// Get Marker
+			char ch = getchar();
+			assert(ch == 'H');
+#endif
+
+			char rw = getchar();
+            if(rw == 'q'){
+                break;
+            }
+			char* res = fgets(number, 7, stdin);
+			if(res == NULL){
+				printf("Error in fgets.\n");
+				return 1;
+			}
+			int num = atoi(number);
+			assert(num <= sizeof(buffer));
+            // Read an incoming message
+			if(rw == 'r'){
+                n = PR_Read(sock, buffer, num);
+				assert(n == num);
+
+			}else if(rw == 'w'){
+				// Write
+				for(i = 0; i < num; ++i) buffer[i] = getchar();
+                n = PR_Write(sock, buffer, num);
+				assert(n == num);
+			}else{
+                assert(0);
+            }
+
+
+
+			if(first){
+				first = 0;
+				//See if the negotiation of TLS proof was successful
+				rv = SSL_TLSProofIsNegociated(sock,&val);
+				if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+
+				//Get the TLS version used
+				rv = SSL_VersionRangeGet(sock,&ver);
+				if(rv != SECSuccess) error("SSL_VersionRangeGet");
+
+			}
+	}
+    n = PR_Read(sock ,buffer,sizeof(buffer));
+    PR_Close(sock);
+
+    printf("END: %i\n", n);
+    return 0;
+
+}
+
+
+int main(int argc, char *argv[])
+{
+
+
+	PRFileDesc* listenSocket = NULL;
+	PRStatus pr;
+	SECStatus rv;
+	char *tmp = NULL;
+	PRFileDesc* newSocket = NULL;
+	char* certName = "tls-n.testserver";
+	PRNetAddr addr, clientAddr;
+	SSLVersionRange ver;
+
+
+
+	if(argc < 2){
+			error("Specify port");
+	}
+
+	//Cache config
+	tmp = PR_GetEnvSecure("TMP");
+	if (!tmp){
+		tmp = PR_GetEnvSecure("TMPDIR");
+		tmp = PR_GetEnvSecure("TEMP");
+	}
+	rv = SSL_ConfigServerSessionIDCache(0,0, 0, tmp);
+	if (rv != SECSuccess)
+		error("SSL_ConfigServerSessionIDCache");
+
+	//Set Password
+	PK11_SetPasswordFunc(getPwd);
+
+	rv = NSS_Init("../server_db");
+	if(rv != SECSuccess)
+		error("NSS_Initialize");
+
+	//Retrieve certificate
+	cert = PK11_FindCertFromNickname(certName,NULL);
+	if (cert == NULL)
+	error("PK11_FindCertFromNickname");
+
+	//Retrieve private key
+	privKey = PK11_FindKeyByAnyCert(cert,NULL);
+	if (privKey == NULL)
+		error("PK11_FindKeyByAnyCert");
+
+	//New socket
+	listenSocket = PR_OpenTCPSocket(PR_AF_INET);
+	if (listenSocket == NULL) {
+		error("Error: PR_NewTCPSocket");
+	}
+
+	//Server parameters
+	addr.inet.ip = PR_INADDR_ANY;
+	addr.inet.port = PR_htons(atoi(argv[1]));
+	addr.inet.family = PR_AF_INET;
+
+	//Bind
+	pr = PR_Bind(listenSocket, &addr);
+	if (pr != PR_SUCCESS) {
+			error("PR_Bind");
+	}
+
+
+	//Listen
+	pr = PR_Listen(listenSocket, 5);
+	if (pr != PR_SUCCESS) {
+			error("PR_Listen");
+	}
+
+
+	//Import to SSL
+	listenSocket = SSL_ImportFD(NULL, listenSocket);
+	if (listenSocket == NULL) error("SSL_ImportFD");
+
+
+
+	//Set certificate and private key
+	rv = SSL_ConfigSecureServer(listenSocket,cert, privKey, NSS_FindCertKEAType(cert));
+	if (rv != SECSuccess) error("SSL_ConfigSecureServer");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(listenSocket, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Force TLS 1.3
+	ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+	ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+	rv = SSL_VersionRangeSet(listenSocket,&ver);
+	if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	printf("Server started ! \nListening ... \n");
+
+	//Accept
+	newSocket = PR_Accept(listenSocket, &clientAddr, PR_INTERVAL_NO_TIMEOUT);
+	PR_Close(listenSocket);
+	if(newSocket == 0){
+		error("PR_Accept");
+	}
+
+
+
+	//Continue
+	accept_connection(newSocket);
+
+
+	return 0;
+}
diff --git a/nss/cmd/replayServer/manifest.mn b/nss/cmd/replayServer/manifest.mn
new file mode 100644
index 0000000..ae183d5
--- /dev/null
+++ b/nss/cmd/replayServer/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= replayServer
+
diff --git a/nss/cmd/replayServer/server_db b/nss/cmd/replayServer/server_db
new file mode 120000
index 0000000..f1858d9
--- /dev/null
+++ b/nss/cmd/replayServer/server_db
@@ -0,0 +1 @@
+../../../ca/server_db
\ No newline at end of file
diff --git a/nss/cmd/rsaperf/Makefile b/nss/cmd/rsaperf/Makefile
new file mode 100644
index 0000000..7b74b36
--- /dev/null
+++ b/nss/cmd/rsaperf/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/rsaperf/defkey.c b/nss/cmd/rsaperf/defkey.c
new file mode 100644
index 0000000..3ca366f
--- /dev/null
+++ b/nss/cmd/rsaperf/defkey.c
@@ -0,0 +1,293 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This key is the 1024-bit test key used for speed testing of RSA private 
+** key ops.
+*/
+#include "seccomon.h"
+#include "secoidt.h"
+#include "lowkeyti.h"
+
+#undef CONST
+#define CONST
+
+static CONST unsigned char default_n1024[128] = {
+    0xc2, 0xae, 0x96, 0x89, 0xaf, 0xce, 0xd0, 0x7b, 0x3b, 0x35, 0xfd, 0x0f, 0xb1, 0xf4, 0x7a, 0xd1,
+    0x3c, 0x7d, 0xb5, 0x86, 0xf2, 0x68, 0x36, 0xc9, 0x97, 0xe6, 0x82, 0x94, 0x86, 0xaa, 0x05, 0x39,
+    0xec, 0x11, 0x51, 0xcc, 0x5c, 0xa1, 0x59, 0xba, 0x29, 0x18, 0xf3, 0x28, 0xf1, 0x9d, 0xe3, 0xae,
+    0x96, 0x5d, 0x6d, 0x87, 0x73, 0xf6, 0xf6, 0x1f, 0xd0, 0x2d, 0xfb, 0x2f, 0x7a, 0x13, 0x7f, 0xc8,
+    0x0c, 0x7a, 0xe9, 0x85, 0xfb, 0xce, 0x74, 0x86, 0xf8, 0xef, 0x2f, 0x85, 0x37, 0x73, 0x0f, 0x62,
+    0x4e, 0x93, 0x17, 0xb7, 0x7e, 0x84, 0x9a, 0x94, 0x11, 0x05, 0xca, 0x0d, 0x31, 0x4b, 0x2a, 0xc8,
+    0xdf, 0xfe, 0xe9, 0x0c, 0x13, 0xc7, 0xf2, 0xad, 0x19, 0x64, 0x28, 0x3c, 0xb5, 0x6a, 0xc8, 0x4b,
+    0x79, 0xea, 0x7c, 0xce, 0x75, 0x92, 0x45, 0x3e, 0xa3, 0x9d, 0x64, 0x6f, 0x04, 0x69, 0x19, 0x17
+};
+
+static CONST unsigned char default_e1024[3] = { 0x01, 0x00, 0x01 };
+
+static CONST unsigned char default_d1024[128] = {
+    0x13, 0xcb, 0xbc, 0xf2, 0xf3, 0x35, 0x8c, 0x6d, 0x7b, 0x6f, 0xd9, 0xf3, 0xa6, 0x9c, 0xbd, 0x80,
+    0x59, 0x2e, 0x4f, 0x2f, 0x11, 0xa7, 0x17, 0x2b, 0x18, 0x8f, 0x0f, 0xe8, 0x1a, 0x69, 0x5f, 0x6e,
+    0xac, 0x5a, 0x76, 0x7e, 0xd9, 0x4c, 0x6e, 0xdb, 0x47, 0x22, 0x8a, 0x57, 0x37, 0x7a, 0x5e, 0x94,
+    0x7a, 0x25, 0xb5, 0xe5, 0x78, 0x1d, 0x3c, 0x99, 0xaf, 0x89, 0x7d, 0x69, 0x2e, 0x78, 0x9d, 0x1d,
+    0x84, 0xc8, 0xc1, 0xd7, 0x1a, 0xb2, 0x6d, 0x2d, 0x8a, 0xd9, 0xab, 0x6b, 0xce, 0xae, 0xb0, 0xa0,
+    0x58, 0x55, 0xad, 0x5c, 0x40, 0x8a, 0xd6, 0x96, 0x08, 0x8a, 0xe8, 0x63, 0xe6, 0x3d, 0x6c, 0x20,
+    0x49, 0xc7, 0xaf, 0x0f, 0x25, 0x73, 0xd3, 0x69, 0x43, 0x3b, 0xf2, 0x32, 0xf8, 0x3d, 0x5e, 0xee,
+    0x7a, 0xca, 0xd6, 0x94, 0x55, 0xe5, 0xbd, 0x25, 0x34, 0x8d, 0x63, 0x40, 0xb5, 0x8a, 0xc3, 0x01
+};
+
+static CONST unsigned char default_p1024[64] = {
+    0xf6, 0x3c, 0x3f, 0x56, 0x58, 0x4f, 0xb3, 0x82, 0x0c, 0xf0, 0x5b, 0x42, 0x36, 0x1c, 0x93, 0xde,
+    0x9b, 0x32, 0x01, 0xb1, 0x48, 0xf8, 0x00, 0x57, 0x9b, 0xc1, 0xbe, 0x66, 0xc2, 0xbb, 0xea, 0x7c,
+    0x75, 0x29, 0x2c, 0x22, 0xaa, 0x7c, 0xaf, 0xbd, 0x0d, 0x3f, 0xb0, 0x64, 0x97, 0xf0, 0x88, 0x25,
+    0xcb, 0x8d, 0xc7, 0x19, 0x0a, 0x75, 0x44, 0xa4, 0x5a, 0xc3, 0xb5, 0xb9, 0x85, 0xea, 0x27, 0xa7
+};
+
+static CONST unsigned char default_q1024[64] = {
+    0xca, 0x66, 0xfa, 0x18, 0x6a, 0x46, 0x36, 0x1c, 0x46, 0xfe, 0x47, 0xe9, 0x7e, 0x52, 0x83, 0x8a,
+    0xbb, 0x72, 0x13, 0xcc, 0x83, 0x56, 0x3d, 0x64, 0x22, 0xdd, 0xfa, 0x7c, 0x61, 0x99, 0xea, 0xa4,
+    0xb3, 0x0e, 0x8f, 0x79, 0x10, 0xab, 0xba, 0x4a, 0x73, 0xd1, 0x48, 0x40, 0x34, 0x34, 0xd3, 0xd2,
+    0x54, 0x92, 0xbe, 0xf5, 0xc8, 0xc4, 0x60, 0x5f, 0xd3, 0xf7, 0xce, 0xbe, 0x60, 0x3e, 0xb1, 0x11
+};
+
+static CONST unsigned char default_dModP1024[64] = {
+    0x8e, 0x80, 0xbf, 0x87, 0x11, 0x04, 0xcf, 0x36, 0x6c, 0x96, 0x8d, 0xb9, 0xfb, 0xe6, 0xfe, 0x0c,
+    0xce, 0x74, 0x5a, 0x56, 0x67, 0x8c, 0x5f, 0x66, 0x54, 0x56, 0x04, 0x03, 0x24, 0x9f, 0xec, 0x4c,
+    0xaa, 0xe1, 0x71, 0x11, 0x7e, 0xe9, 0x3a, 0x2b, 0x87, 0x07, 0x5c, 0xe6, 0x5a, 0xa8, 0x71, 0xa2,
+    0xad, 0xf3, 0x17, 0x4e, 0x7e, 0xa6, 0xef, 0x5a, 0xce, 0xcc, 0x84, 0xd7, 0x21, 0x91, 0x29, 0xf1
+};
+
+static CONST unsigned char default_dModQ1024[64] = {
+    0x87, 0x60, 0x1d, 0x02, 0xdb, 0x82, 0x1e, 0x8b, 0x07, 0x48, 0xe8, 0x5c, 0x59, 0xeb, 0x62, 0xa4,
+    0x15, 0xff, 0x95, 0x12, 0x82, 0xfd, 0xd9, 0x8d, 0xf2, 0x6c, 0x3a, 0x2f, 0x9b, 0x30, 0x51, 0x6a,
+    0xdb, 0x80, 0x6f, 0xa1, 0xef, 0xee, 0x8c, 0x69, 0x63, 0xd1, 0xa4, 0xdb, 0x9c, 0x8f, 0x80, 0xe5,
+    0xfb, 0x3f, 0x33, 0x8e, 0x3d, 0x3c, 0x6b, 0xa1, 0x6c, 0xab, 0x20, 0x92, 0xe0, 0xd8, 0xcd, 0xa1
+};
+
+static CONST unsigned char default_qInvModP1024[64] = {
+    0xce, 0xcf, 0x5a, 0xad, 0xc4, 0x8c, 0x44, 0x91, 0x3a, 0xbc, 0x7b, 0xf8, 0x80, 0xf8, 0x53, 0xf5,
+    0x12, 0x84, 0x8c, 0x9c, 0x6b, 0x33, 0x93, 0x0d, 0xa1, 0x11, 0xea, 0xfa, 0x4a, 0xc1, 0xeb, 0x48,
+    0xdc, 0x44, 0x86, 0x93, 0x1b, 0x98, 0xc7, 0x82, 0x22, 0x68, 0x30, 0x44, 0xd7, 0x62, 0x1b, 0x90,
+    0x54, 0x07, 0x4b, 0x66, 0xa7, 0xc5, 0x75, 0x5a, 0x72, 0x77, 0x92, 0xdd, 0x6c, 0xf3, 0x37, 0xab
+};
+
+static CONST unsigned char default_n2048[256] = {
+    0xb3, 0x9b, 0x57, 0x2c, 0x15, 0xdf, 0x6c, 0x6b, 0xfc, 0x04, 0x83, 0x02, 0xf5, 0xb3, 0x2c, 0x87,
+    0x1b, 0x9c, 0xbf, 0x6c, 0x46, 0x1d, 0xdd, 0xe2, 0xc0, 0x6d, 0xfe, 0xf9, 0x00, 0xd1, 0x85, 0x91,
+    0x17, 0x0d, 0x43, 0x67, 0xa1, 0x1f, 0x8b, 0xcd, 0x22, 0x8a, 0x93, 0xdc, 0x9f, 0xf0, 0x45, 0x9e,
+    0x58, 0x0f, 0x99, 0x87, 0xe6, 0x60, 0xdf, 0x8c, 0x1a, 0xa3, 0x8f, 0xc3, 0x6c, 0xa0, 0x49, 0x3a,
+    0xdb, 0x7f, 0xd0, 0xda, 0x48, 0x47, 0xe3, 0xd6, 0x1f, 0x29, 0xcb, 0xf2, 0x1d, 0xf3, 0x81, 0xd0,
+    0x4d, 0xf1, 0x64, 0xcf, 0x42, 0x8e, 0x0f, 0xe0, 0x10, 0x18, 0x4c, 0x75, 0xce, 0x96, 0x09, 0x2e,
+    0x52, 0xa6, 0x96, 0xa9, 0xe1, 0xab, 0x3e, 0x6f, 0xa5, 0xd3, 0xee, 0xd8, 0xb2, 0x4f, 0x17, 0x08,
+    0x6d, 0x43, 0xd4, 0xb3, 0x1c, 0x8a, 0x4a, 0x43, 0x06, 0xb5, 0xab, 0xfb, 0xf4, 0x34, 0x2f, 0x2f,
+    0xe1, 0x43, 0x7b, 0xe0, 0x93, 0xd0, 0xaa, 0x42, 0xa3, 0xb7, 0xb7, 0x43, 0x52, 0xeb, 0xf3, 0x64,
+    0x9a, 0xbc, 0xa7, 0xf2, 0x39, 0xad, 0xe4, 0x62, 0x7d, 0xbc, 0x31, 0x8f, 0xbf, 0x59, 0x93, 0x62,
+    0x88, 0xc5, 0xd1, 0x62, 0x2d, 0xe3, 0xc7, 0x75, 0xf9, 0xb8, 0x00, 0x96, 0xe0, 0x05, 0x87, 0x35,
+    0x86, 0x5d, 0xeb, 0x7c, 0x20, 0xf6, 0xb2, 0xb1, 0x65, 0x1f, 0xdc, 0x74, 0xec, 0xf4, 0x0e, 0xd1,
+    0xf2, 0x2d, 0x06, 0x47, 0x02, 0xc5, 0x18, 0xdb, 0x19, 0xb9, 0x1b, 0x40, 0x90, 0xc8, 0x74, 0x5c,
+    0xf6, 0xe8, 0x17, 0x64, 0xf4, 0xcf, 0xd3, 0x17, 0xeb, 0xd6, 0x0d, 0x2b, 0xec, 0x2a, 0x9b, 0xcf,
+    0xc4, 0xf5, 0xcc, 0x9a, 0xc3, 0x5c, 0x2e, 0xf1, 0x98, 0x25, 0x2b, 0xe4, 0x01, 0x02, 0x15, 0x36,
+    0xe1, 0xe0, 0x2b, 0xbe, 0xdf, 0x23, 0xf1, 0xde, 0x2f, 0x1b, 0xbb, 0x44, 0xa7, 0x12, 0x2c, 0x9d
+};
+
+static CONST unsigned char default_e2048[3] = { 0x01, 0x00, 0x01 };
+
+static CONST unsigned char default_d2048[256] = {
+    0x0f, 0x03, 0x3f, 0x08, 0x1a, 0x53, 0xf0, 0x96, 0x1e, 0x1c, 0xaa, 0x6e, 0xc6, 0xe6, 0xd1, 0x24,
+    0x01, 0xf4, 0xda, 0x33, 0x4c, 0xb1, 0x16, 0x68, 0xeb, 0xb8, 0xc6, 0x05, 0x3e, 0x42, 0x45, 0x2d,
+    0xd9, 0x85, 0x6c, 0x4a, 0xef, 0x36, 0xd9, 0xd2, 0xad, 0xbe, 0x73, 0x99, 0x8f, 0x6c, 0xe0, 0x04,
+    0xda, 0x4b, 0x83, 0x83, 0xce, 0x87, 0xee, 0x67, 0xa1, 0x9a, 0x66, 0x5b, 0xe9, 0x6a, 0x84, 0x74,
+    0x7d, 0x00, 0x74, 0x0e, 0xaa, 0xd8, 0x07, 0x7d, 0x50, 0x61, 0x88, 0x00, 0x96, 0xec, 0x51, 0xbf,
+    0x7d, 0xa4, 0x5d, 0xce, 0xcd, 0x3b, 0x5e, 0xac, 0x55, 0xec, 0x12, 0x08, 0x0e, 0xda, 0x8f, 0xad,
+    0xe5, 0x8e, 0xb3, 0x2d, 0x44, 0x05, 0xb2, 0x54, 0x56, 0xc2, 0x1e, 0x46, 0xd2, 0xb0, 0xb5, 0xb6,
+    0x28, 0x9b, 0xf0, 0xdd, 0x7f, 0xd7, 0x37, 0x59, 0xde, 0xe7, 0xb4, 0x96, 0x7c, 0xd5, 0x17, 0xd4,
+    0x7e, 0xe0, 0xcb, 0xb3, 0x3c, 0x5f, 0x72, 0x30, 0xbe, 0x3c, 0x81, 0x82, 0x8e, 0xb9, 0xc6, 0xa7,
+    0x23, 0x71, 0xf5, 0x6f, 0xd7, 0x56, 0xe4, 0xee, 0x3b, 0x2d, 0x8f, 0x3e, 0x43, 0x98, 0xc8, 0xe8,
+    0x95, 0xfd, 0xc3, 0x73, 0xd3, 0x8e, 0x38, 0x01, 0xa5, 0xc6, 0xbe, 0x0c, 0x6b, 0x6b, 0x4f, 0x13,
+    0x2f, 0x66, 0x8b, 0x85, 0xe3, 0x9e, 0x12, 0xc0, 0x52, 0x60, 0xec, 0x4a, 0xcb, 0xfa, 0x7e, 0x7c,
+    0x20, 0x9a, 0x11, 0x16, 0x1a, 0xb7, 0x96, 0xd6, 0x00, 0x7a, 0x04, 0x7b, 0x17, 0xcc, 0x4c, 0x43,
+    0xdc, 0xd0, 0x64, 0x45, 0x45, 0xd3, 0x21, 0x06, 0x8b, 0xd6, 0xb0, 0xf0, 0xbf, 0x20, 0x56, 0xfd,
+    0x11, 0x9c, 0x1d, 0x82, 0xcd, 0x34, 0x16, 0x75, 0x63, 0xac, 0x51, 0xd5, 0x55, 0xb4, 0x35, 0x0a,
+    0xc3, 0x8c, 0x47, 0x01, 0x8e, 0x99, 0x95, 0xc5, 0x99, 0x21, 0x79, 0x66, 0x1a, 0xa6, 0xb0, 0xe9
+};
+
+static CONST unsigned char default_p2048[128] = {
+    0xd7, 0xaa, 0xb4, 0x8d, 0xb1, 0x23, 0x67, 0x80, 0x7b, 0x98, 0xf7, 0xe6, 0xfd, 0x6d, 0x5c, 0x98,
+    0x34, 0x89, 0x97, 0xbd, 0xa8, 0x88, 0xdd, 0xb3, 0xe6, 0xbc, 0x5f, 0xb8, 0xd6, 0xa5, 0x14, 0x00,
+    0x4a, 0x54, 0x1a, 0xbf, 0x65, 0x64, 0x7d, 0x39, 0x55, 0xff, 0x27, 0x0f, 0x2f, 0x99, 0x57, 0xe6,
+    0x69, 0x89, 0x1c, 0xc4, 0x89, 0xff, 0xe4, 0x1f, 0xa5, 0x47, 0xea, 0x1e, 0x47, 0x07, 0xf7, 0x46,
+    0xa5, 0x3a, 0x25, 0x70, 0x9e, 0x6d, 0xe3, 0x83, 0xc1, 0x9d, 0x75, 0xf5, 0x67, 0xb5, 0x7f, 0x5c,
+    0xf8, 0x24, 0xff, 0x85, 0x11, 0x53, 0xff, 0x0e, 0xbc, 0x57, 0x6f, 0xc7, 0x2a, 0x36, 0xbd, 0xdd,
+    0x0b, 0xe5, 0x25, 0x04, 0x1f, 0x48, 0xbc, 0xdd, 0xd6, 0x13, 0xb8, 0xe9, 0xfd, 0x00, 0xba, 0x37,
+    0x13, 0x63, 0xc2, 0xd4, 0x70, 0xf8, 0x4b, 0x09, 0x71, 0xa8, 0xbe, 0xca, 0x0d, 0x68, 0x16, 0x5f
+};
+
+static CONST unsigned char default_q2048[128] = {
+    0xd5, 0x32, 0x38, 0x82, 0x14, 0xed, 0xd1, 0x90, 0x51, 0xef, 0x17, 0xa2, 0x9b, 0xc3, 0xb0, 0x45,
+    0x86, 0x64, 0xbe, 0xce, 0x8f, 0x85, 0x78, 0x18, 0x7a, 0xf8, 0x3a, 0xb7, 0x17, 0x7b, 0x5d, 0xf3,
+    0xe9, 0xd7, 0x9d, 0xb3, 0x2f, 0x96, 0x35, 0x96, 0x60, 0x38, 0xe7, 0x96, 0xc3, 0x08, 0xe6, 0xf1,
+    0xb8, 0x16, 0xc0, 0x1d, 0xc9, 0x6f, 0xd3, 0x99, 0x14, 0x8e, 0xd3, 0x6a, 0x2b, 0x6c, 0x4d, 0xd1,
+    0x71, 0x1c, 0x4c, 0x38, 0x72, 0x18, 0x23, 0xf9, 0xd1, 0x6c, 0xa2, 0x87, 0xfe, 0x33, 0xc2, 0x9d,
+    0x6e, 0xd0, 0x80, 0x62, 0x44, 0x7b, 0x3a, 0x4d, 0x2f, 0xff, 0x5f, 0x73, 0xe5, 0x53, 0x32, 0x18,
+    0x14, 0xb2, 0xdb, 0x6b, 0x25, 0x7b, 0xac, 0xb4, 0x3b, 0x1e, 0x5e, 0xcd, 0xec, 0x01, 0x99, 0xdb,
+    0x0c, 0x1f, 0xc2, 0xa6, 0x50, 0x1d, 0x6d, 0x7b, 0x58, 0x75, 0x04, 0x89, 0x5d, 0x87, 0x86, 0x83
+};
+
+static CONST unsigned char default_dModP2048[128] = {
+    0xc0, 0xba, 0x16, 0x1b, 0xc1, 0x3e, 0xc8, 0x51, 0xb3, 0x22, 0x21, 0xf7, 0x54, 0x66, 0x14, 0xa7,
+    0x17, 0xdc, 0x15, 0xb4, 0x31, 0x16, 0x0e, 0x39, 0xa4, 0x6a, 0x96, 0x88, 0x11, 0x98, 0xf7, 0xe4,
+    0xc2, 0x87, 0xa2, 0x57, 0x83, 0xfe, 0x67, 0x41, 0x83, 0xae, 0x3e, 0x73, 0x7d, 0xaf, 0xe5, 0x33,
+    0x4d, 0x00, 0x70, 0xaa, 0xda, 0x3f, 0xc8, 0xd6, 0xd6, 0xd7, 0x0b, 0x4a, 0xff, 0x63, 0x09, 0x01,
+    0x22, 0xca, 0x71, 0x86, 0xd0, 0xad, 0x96, 0xf1, 0xb9, 0x66, 0x43, 0x71, 0x88, 0xba, 0x53, 0x14,
+    0xfb, 0xd3, 0xe4, 0x5c, 0x3f, 0xfd, 0xf6, 0x22, 0x6f, 0x01, 0x1c, 0x2c, 0xb9, 0x76, 0xad, 0xf9,
+    0x09, 0x96, 0x3e, 0x9c, 0x0e, 0x70, 0xec, 0x06, 0xba, 0x36, 0x69, 0xbb, 0x00, 0x93, 0x53, 0xd5,
+    0xc0, 0x08, 0x18, 0xa5, 0xcc, 0x46, 0xb6, 0x97, 0xbb, 0xf0, 0x76, 0x7f, 0x0d, 0xb8, 0x04, 0xb5
+};
+
+static CONST unsigned char default_dModQ2048[128] = {
+    0xa9, 0x18, 0xfd, 0x43, 0x07, 0xf0, 0x9d, 0x50, 0x77, 0xfc, 0x48, 0xe5, 0xdb, 0xe0, 0x39, 0xd6,
+    0xdb, 0x42, 0xdb, 0x28, 0xa1, 0x23, 0x7e, 0xdf, 0x03, 0xe2, 0x11, 0x48, 0x19, 0xa2, 0xeb, 0x21,
+    0x44, 0xaf, 0x95, 0x50, 0x83, 0x85, 0x03, 0x99, 0xf3, 0x56, 0x0f, 0x32, 0x40, 0x1d, 0xb6, 0x77,
+    0xb0, 0xc8, 0xb2, 0xb6, 0xad, 0x88, 0x39, 0xef, 0xe8, 0x23, 0x64, 0xc2, 0x88, 0x10, 0x8e, 0x24,
+    0x7a, 0x2f, 0xb4, 0xb0, 0xec, 0xa6, 0x03, 0x1a, 0xe9, 0xa5, 0xdd, 0xc0, 0x39, 0xba, 0xba, 0x38,
+    0xfe, 0xa4, 0xf7, 0xbf, 0x79, 0x8b, 0xb7, 0xf1, 0x73, 0x09, 0x7d, 0x9f, 0x42, 0x1c, 0x5b, 0xd6,
+    0x47, 0xcc, 0x99, 0x46, 0x81, 0xe3, 0x77, 0x57, 0x38, 0xb0, 0xdd, 0x07, 0x3d, 0x93, 0x03, 0x82,
+    0x7f, 0x3a, 0x4d, 0xbc, 0x76, 0x3c, 0xf1, 0x12, 0x6d, 0x55, 0xdb, 0x34, 0x4c, 0xef, 0xea, 0x9b
+};
+
+static CONST unsigned char default_qInvModP2048[128] = {
+    0x77, 0xd9, 0x45, 0xd4, 0xd2, 0xd1, 0x46, 0xa8, 0xaf, 0x57, 0x8f, 0x5e, 0x4f, 0x6b, 0x24, 0x0f,
+    0xb4, 0xaa, 0xff, 0x92, 0x86, 0x78, 0xa8, 0xc1, 0x69, 0x9c, 0x54, 0xe9, 0x81, 0xa1, 0x9c, 0x26,
+    0x11, 0x5d, 0xfa, 0xff, 0x70, 0x9e, 0xa3, 0xf3, 0xe3, 0x78, 0x41, 0x2b, 0x31, 0x35, 0x09, 0xa2,
+    0x5c, 0x5f, 0x6e, 0x4d, 0xad, 0xeb, 0x4a, 0xe0, 0xb1, 0xce, 0x2c, 0x22, 0x59, 0x72, 0x4c, 0x17,
+    0xad, 0x71, 0x5c, 0x25, 0xca, 0x4f, 0x00, 0xc6, 0xee, 0x63, 0x10, 0x8e, 0xf7, 0xbe, 0xa4, 0x55,
+    0x22, 0x0d, 0x2c, 0xb9, 0xe5, 0xa9, 0x72, 0x07, 0xa2, 0xb1, 0x29, 0xf2, 0x4a, 0x9f, 0xde, 0x70,
+    0x0c, 0x28, 0xb7, 0x60, 0x12, 0x9d, 0x4b, 0x04, 0xd7, 0xe3, 0xd7, 0xc5, 0x71, 0xdf, 0x5c, 0xc0,
+    0x65, 0x75, 0x6e, 0xfb, 0xc6, 0x3e, 0x61, 0x4c, 0xc2, 0xdf, 0xb3, 0xd3, 0xba, 0x17, 0x36, 0x24
+};
+
+static struct NSSLOWKEYPrivateKeyStr rsaPriv;
+
+NSSLOWKEYPrivateKey*
+getDefaultRSAPrivateKey(int keysize)
+{
+    if (rsaPriv.keyType != NSSLOWKEYRSAKey) {
+
+        /* leaving arena uninitialized. It isn't used in this test. */
+
+        rsaPriv.keyType = NSSLOWKEYRSAKey;
+
+        /* leaving arena   uninitialized. It isn't used. */
+        /* leaving version uninitialized. It isn't used. */
+
+        if (keysize == 2048) {
+            rsaPriv.u.rsa.modulus.data = default_n2048;
+            rsaPriv.u.rsa.modulus.len = sizeof default_n2048;
+            rsaPriv.u.rsa.publicExponent.data = default_e2048;
+            rsaPriv.u.rsa.publicExponent.len = sizeof default_e2048;
+            rsaPriv.u.rsa.privateExponent.data = default_d2048;
+            rsaPriv.u.rsa.privateExponent.len = sizeof default_d2048;
+            rsaPriv.u.rsa.prime1.data = default_p2048;
+            rsaPriv.u.rsa.prime1.len = sizeof default_p2048;
+            rsaPriv.u.rsa.prime2.data = default_q2048;
+            rsaPriv.u.rsa.prime2.len = sizeof default_q2048;
+            rsaPriv.u.rsa.exponent1.data = default_dModP2048;
+            rsaPriv.u.rsa.exponent1.len = sizeof default_dModP2048;
+            rsaPriv.u.rsa.exponent2.data = default_dModQ2048;
+            rsaPriv.u.rsa.exponent2.len = sizeof default_dModQ2048;
+            rsaPriv.u.rsa.coefficient.data = default_qInvModP2048;
+            rsaPriv.u.rsa.coefficient.len = sizeof default_qInvModP2048;
+        } else {
+            rsaPriv.u.rsa.modulus.data = default_n1024;
+            rsaPriv.u.rsa.modulus.len = sizeof default_n1024;
+            rsaPriv.u.rsa.publicExponent.data = default_e1024;
+            rsaPriv.u.rsa.publicExponent.len = sizeof default_e1024;
+            rsaPriv.u.rsa.privateExponent.data = default_d1024;
+            rsaPriv.u.rsa.privateExponent.len = sizeof default_d1024;
+            rsaPriv.u.rsa.prime1.data = default_p1024;
+            rsaPriv.u.rsa.prime1.len = sizeof default_p1024;
+            rsaPriv.u.rsa.prime2.data = default_q1024;
+            rsaPriv.u.rsa.prime2.len = sizeof default_q1024;
+            rsaPriv.u.rsa.exponent1.data = default_dModP1024;
+            rsaPriv.u.rsa.exponent1.len = sizeof default_dModP1024;
+            rsaPriv.u.rsa.exponent2.data = default_dModQ1024;
+            rsaPriv.u.rsa.exponent2.len = sizeof default_dModQ1024;
+            rsaPriv.u.rsa.coefficient.data = default_qInvModP1024;
+            rsaPriv.u.rsa.coefficient.len = sizeof default_qInvModP1024;
+        }
+    }
+    return &rsaPriv;
+}
+
+static struct NSSLOWKEYPublicKeyStr rsaPub;
+
+NSSLOWKEYPublicKey*
+getDefaultRSAPublicKey(int keysize)
+{
+    if (rsaPub.keyType != NSSLOWKEYRSAKey) {
+
+        rsaPub.keyType = NSSLOWKEYRSAKey;
+
+        if (keysize == 2048) {
+            rsaPub.u.rsa.modulus.data = default_n2048;
+            rsaPub.u.rsa.modulus.len = sizeof default_n2048;
+
+            rsaPub.u.rsa.publicExponent.data = default_e2048;
+            rsaPub.u.rsa.publicExponent.len = sizeof default_e2048;
+        } else {
+            rsaPub.u.rsa.modulus.data = default_n1024;
+            rsaPub.u.rsa.modulus.len = sizeof default_n1024;
+
+            rsaPub.u.rsa.publicExponent.data = default_e1024;
+            rsaPub.u.rsa.publicExponent.len = sizeof default_e1024;
+        }
+    }
+    return &rsaPub;
+}
+
+/*  modPop = 536, privPop = 531, ex1Pop = 261, ex2Pop = 257
+ *  After 46 tries, found this key:
+ *  Version: 0 (0x0)
+ *  Modulus:
+ *      c2:ae:96:89:af:ce:d0:7b:3b:35:fd:0f:b1:f4:7a:d1:3c:7d:b5:
+ *      86:f2:68:36:c9:97:e6:82:94:86:aa:05:39:ec:11:51:cc:5c:a1:
+ *      59:ba:29:18:f3:28:f1:9d:e3:ae:96:5d:6d:87:73:f6:f6:1f:d0:
+ *      2d:fb:2f:7a:13:7f:c8:0c:7a:e9:85:fb:ce:74:86:f8:ef:2f:85:
+ *      37:73:0f:62:4e:93:17:b7:7e:84:9a:94:11:05:ca:0d:31:4b:2a:
+ *      c8:df:fe:e9:0c:13:c7:f2:ad:19:64:28:3c:b5:6a:c8:4b:79:ea:
+ *      7c:ce:75:92:45:3e:a3:9d:64:6f:04:69:19:17
+ *  Public Exponent: 65537 (0x10001)
+ *  Private Exponent:
+ *      13:cb:bc:f2:f3:35:8c:6d:7b:6f:d9:f3:a6:9c:bd:80:59:2e:4f:
+ *      2f:11:a7:17:2b:18:8f:0f:e8:1a:69:5f:6e:ac:5a:76:7e:d9:4c:
+ *      6e:db:47:22:8a:57:37:7a:5e:94:7a:25:b5:e5:78:1d:3c:99:af:
+ *      89:7d:69:2e:78:9d:1d:84:c8:c1:d7:1a:b2:6d:2d:8a:d9:ab:6b:
+ *      ce:ae:b0:a0:58:55:ad:5c:40:8a:d6:96:08:8a:e8:63:e6:3d:6c:
+ *      20:49:c7:af:0f:25:73:d3:69:43:3b:f2:32:f8:3d:5e:ee:7a:ca:
+ *      d6:94:55:e5:bd:25:34:8d:63:40:b5:8a:c3:01
+ *  Prime 1:
+ *      f6:3c:3f:56:58:4f:b3:82:0c:f0:5b:42:36:1c:93:de:9b:32:01:
+ *      b1:48:f8:00:57:9b:c1:be:66:c2:bb:ea:7c:75:29:2c:22:aa:7c:
+ *      af:bd:0d:3f:b0:64:97:f0:88:25:cb:8d:c7:19:0a:75:44:a4:5a:
+ *      c3:b5:b9:85:ea:27:a7
+ *  Prime 2:
+ *      ca:66:fa:18:6a:46:36:1c:46:fe:47:e9:7e:52:83:8a:bb:72:13:
+ *      cc:83:56:3d:64:22:dd:fa:7c:61:99:ea:a4:b3:0e:8f:79:10:ab:
+ *      ba:4a:73:d1:48:40:34:34:d3:d2:54:92:be:f5:c8:c4:60:5f:d3:
+ *      f7:ce:be:60:3e:b1:11
+ *  Exponent 1:
+ *      8e:80:bf:87:11:04:cf:36:6c:96:8d:b9:fb:e6:fe:0c:ce:74:5a:
+ *      56:67:8c:5f:66:54:56:04:03:24:9f:ec:4c:aa:e1:71:11:7e:e9:
+ *      3a:2b:87:07:5c:e6:5a:a8:71:a2:ad:f3:17:4e:7e:a6:ef:5a:ce:
+ *      cc:84:d7:21:91:29:f1
+ *  Exponent 2:
+ *      87:60:1d:02:db:82:1e:8b:07:48:e8:5c:59:eb:62:a4:15:ff:95:
+ *      12:82:fd:d9:8d:f2:6c:3a:2f:9b:30:51:6a:db:80:6f:a1:ef:ee:
+ *      8c:69:63:d1:a4:db:9c:8f:80:e5:fb:3f:33:8e:3d:3c:6b:a1:6c:
+ *      ab:20:92:e0:d8:cd:a1
+ *  Coefficient:
+ *      ce:cf:5a:ad:c4:8c:44:91:3a:bc:7b:f8:80:f8:53:f5:12:84:8c:
+ *      9c:6b:33:93:0d:a1:11:ea:fa:4a:c1:eb:48:dc:44:86:93:1b:98:
+ *      c7:82:22:68:30:44:d7:62:1b:90:54:07:4b:66:a7:c5:75:5a:72:
+ *      77:92:dd:6c:f3:37:ab
+ */
diff --git a/nss/cmd/rsaperf/manifest.mn b/nss/cmd/rsaperf/manifest.mn
new file mode 100644
index 0000000..14fce72
--- /dev/null
+++ b/nss/cmd/rsaperf/manifest.mn
@@ -0,0 +1,24 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH	= ../..
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+INCLUDES += -I$(CORE_DEPTH)/nss/lib/softoken
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+REQUIRES = dbm seccmd 
+
+# DIRS = 
+
+CSRCS	= rsaperf.c defkey.c 
+
+PROGRAM	= rsaperf
+
+USE_STATIC_LIBS = 1
diff --git a/nss/cmd/rsaperf/rsaperf.c b/nss/cmd/rsaperf/rsaperf.c
new file mode 100644
index 0000000..556030f
--- /dev/null
+++ b/nss/cmd/rsaperf/rsaperf.c
@@ -0,0 +1,696 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "cert.h"
+#include "secutil.h"
+#include "nspr.h"
+#include "nss.h"
+#include "blapi.h"
+#include "plgetopt.h"
+#include "lowkeyi.h"
+#include "pk11pub.h"
+
+#define DEFAULT_ITERS 10
+#define DEFAULT_DURATION 10
+#define DEFAULT_KEY_BITS 1024
+#define MIN_KEY_BITS 512
+#define MAX_KEY_BITS 65536
+#define BUFFER_BYTES MAX_KEY_BITS / 8
+#define DEFAULT_THREADS 1
+#define DEFAULT_EXPONENT 0x10001
+
+extern NSSLOWKEYPrivateKey *getDefaultRSAPrivateKey(void);
+extern NSSLOWKEYPublicKey *getDefaultRSAPublicKey(void);
+
+secuPWData pwData = { PW_NONE, NULL };
+
+typedef struct TimingContextStr TimingContext;
+
+struct TimingContextStr {
+    PRTime start;
+    PRTime end;
+    PRTime interval;
+
+    long days;
+    int hours;
+    int minutes;
+    int seconds;
+    int millisecs;
+};
+
+TimingContext *
+CreateTimingContext(void)
+{
+    return PORT_Alloc(sizeof(TimingContext));
+}
+
+void
+DestroyTimingContext(TimingContext *ctx)
+{
+    PORT_Free(ctx);
+}
+
+void
+TimingBegin(TimingContext *ctx, PRTime begin)
+{
+    ctx->start = begin;
+}
+
+static void
+timingUpdate(TimingContext *ctx)
+{
+    PRInt64 tmp, remaining;
+    PRInt64 L1000, L60, L24;
+
+    LL_I2L(L1000, 1000);
+    LL_I2L(L60, 60);
+    LL_I2L(L24, 24);
+
+    LL_DIV(remaining, ctx->interval, L1000);
+    LL_MOD(tmp, remaining, L1000);
+    LL_L2I(ctx->millisecs, tmp);
+    LL_DIV(remaining, remaining, L1000);
+    LL_MOD(tmp, remaining, L60);
+    LL_L2I(ctx->seconds, tmp);
+    LL_DIV(remaining, remaining, L60);
+    LL_MOD(tmp, remaining, L60);
+    LL_L2I(ctx->minutes, tmp);
+    LL_DIV(remaining, remaining, L60);
+    LL_MOD(tmp, remaining, L24);
+    LL_L2I(ctx->hours, tmp);
+    LL_DIV(remaining, remaining, L24);
+    LL_L2I(ctx->days, remaining);
+}
+
+void
+TimingEnd(TimingContext *ctx, PRTime end)
+{
+    ctx->end = end;
+    LL_SUB(ctx->interval, ctx->end, ctx->start);
+    PORT_Assert(LL_GE_ZERO(ctx->interval));
+    timingUpdate(ctx);
+}
+
+void
+TimingDivide(TimingContext *ctx, int divisor)
+{
+    PRInt64 tmp;
+
+    LL_I2L(tmp, divisor);
+    LL_DIV(ctx->interval, ctx->interval, tmp);
+
+    timingUpdate(ctx);
+}
+
+char *
+TimingGenerateString(TimingContext *ctx)
+{
+    char *buf = NULL;
+
+    if (ctx->days != 0) {
+        buf = PR_sprintf_append(buf, "%d days", ctx->days);
+    }
+    if (ctx->hours != 0) {
+        if (buf != NULL)
+            buf = PR_sprintf_append(buf, ", ");
+        buf = PR_sprintf_append(buf, "%d hours", ctx->hours);
+    }
+    if (ctx->minutes != 0) {
+        if (buf != NULL)
+            buf = PR_sprintf_append(buf, ", ");
+        buf = PR_sprintf_append(buf, "%d minutes", ctx->minutes);
+    }
+    if (buf != NULL)
+        buf = PR_sprintf_append(buf, ", and ");
+    if (!buf && ctx->seconds == 0) {
+        int interval;
+        LL_L2I(interval, ctx->interval);
+        if (ctx->millisecs < 100)
+            buf = PR_sprintf_append(buf, "%d microseconds", interval);
+        else
+            buf = PR_sprintf_append(buf, "%d milliseconds", ctx->millisecs);
+    } else if (ctx->millisecs == 0) {
+        buf = PR_sprintf_append(buf, "%d seconds", ctx->seconds);
+    } else {
+        buf = PR_sprintf_append(buf, "%d.%03d seconds",
+                                ctx->seconds, ctx->millisecs);
+    }
+    return buf;
+}
+
+void
+Usage(char *progName)
+{
+    fprintf(stderr, "Usage: %s [-s | -e] [-i iterations | -p period] "
+                    "[-t threads]\n[-n none [-k keylength] [ [-g] -x exponent] |\n"
+                    " -n token:nickname [-d certdir] [-w password] |\n"
+                    " -h token [-d certdir] [-w password] [-g] [-k keylength] "
+                    "[-x exponent] [-f pwfile]\n",
+            progName);
+    fprintf(stderr, "%-20s Cert database directory (default is ~/.netscape)\n",
+            "-d certdir");
+    fprintf(stderr, "%-20s How many operations to perform\n", "-i iterations");
+    fprintf(stderr, "%-20s How many seconds to run\n", "-p period");
+    fprintf(stderr, "%-20s Perform signing (private key) operations\n", "-s");
+    fprintf(stderr, "%-20s Perform encryption (public key) operations\n", "-e");
+    fprintf(stderr, "%-20s Nickname of certificate or key, prefixed "
+                    "by optional token name\n",
+            "-n nickname");
+    fprintf(stderr, "%-20s PKCS#11 token to perform operation with.\n",
+            "-h token");
+    fprintf(stderr, "%-20s key size in bits, from %d to %d\n", "-k keylength",
+            MIN_KEY_BITS, MAX_KEY_BITS);
+    fprintf(stderr, "%-20s token password\n", "-w password");
+    fprintf(stderr, "%-20s temporary key generation. Not for token keys.\n",
+            "-g");
+    fprintf(stderr, "%-20s set public exponent for keygen\n", "-x");
+    fprintf(stderr, "%-20s Number of execution threads (default 1)\n",
+            "-t threads");
+    exit(-1);
+}
+
+static void
+dumpBytes(unsigned char *b, int l)
+{
+    int i;
+    if (l <= 0)
+        return;
+    for (i = 0; i < l; ++i) {
+        if (i % 16 == 0)
+            printf("\t");
+        printf(" %02x", b[i]);
+        if (i % 16 == 15)
+            printf("\n");
+    }
+    if ((i % 16) != 0)
+        printf("\n");
+}
+
+static void
+dumpItem(SECItem *item, const char *description)
+{
+    if (item->len & 1 && item->data[0] == 0) {
+        printf("%s: (%d bytes)\n", description, item->len - 1);
+        dumpBytes(item->data + 1, item->len - 1);
+    } else {
+        printf("%s: (%d bytes)\n", description, item->len);
+        dumpBytes(item->data, item->len);
+    }
+}
+
+void
+printPrivKey(NSSLOWKEYPrivateKey *privKey)
+{
+    RSAPrivateKey *rsa = &privKey->u.rsa;
+
+    dumpItem(&rsa->modulus, "n");
+    dumpItem(&rsa->publicExponent, "e");
+    dumpItem(&rsa->privateExponent, "d");
+    dumpItem(&rsa->prime1, "P");
+    dumpItem(&rsa->prime2, "Q");
+    dumpItem(&rsa->exponent1, "d % (P-1)");
+    dumpItem(&rsa->exponent2, "d % (Q-1)");
+    dumpItem(&rsa->coefficient, "(Q ** -1) % P");
+    puts("");
+}
+
+typedef SECStatus (*RSAOp)(void *key,
+                           unsigned char *output,
+                           unsigned char *input);
+
+typedef struct {
+    SECKEYPublicKey *pubKey;
+    SECKEYPrivateKey *privKey;
+} PK11Keys;
+
+SECStatus
+PK11_PublicKeyOp(SECKEYPublicKey *key,
+                 unsigned char *output,
+                 unsigned char *input)
+{
+    return PK11_PubEncryptRaw(key, output, input, key->u.rsa.modulus.len,
+                              NULL);
+}
+
+SECStatus
+PK11_PrivateKeyOp(PK11Keys *keys,
+                  unsigned char *output,
+                  unsigned char *input)
+{
+    unsigned outLen = 0;
+    return PK11_PrivDecryptRaw(keys->privKey,
+                               output, &outLen,
+                               keys->pubKey->u.rsa.modulus.len, input,
+                               keys->pubKey->u.rsa.modulus.len);
+}
+typedef struct ThreadRunDataStr ThreadRunData;
+
+struct ThreadRunDataStr {
+    const PRBool *doIters;
+    const void *rsaKey;
+    const unsigned char *buf;
+    RSAOp fn;
+    int seconds;
+    long iters;
+    long iterRes;
+    PRErrorCode errNum;
+    SECStatus status;
+};
+
+void
+ThreadExecFunction(void *data)
+{
+    ThreadRunData *tdata = (ThreadRunData *)data;
+    unsigned char buf2[BUFFER_BYTES];
+
+    tdata->status = SECSuccess;
+    if (*tdata->doIters) {
+        long i = tdata->iters;
+        tdata->iterRes = 0;
+        while (i--) {
+            SECStatus rv = tdata->fn((void *)tdata->rsaKey, buf2,
+                                     (unsigned char *)tdata->buf);
+            if (rv != SECSuccess) {
+                tdata->errNum = PORT_GetError();
+                tdata->status = rv;
+                break;
+            }
+            tdata->iterRes++;
+        }
+    } else {
+        PRIntervalTime total = PR_SecondsToInterval(tdata->seconds);
+        PRIntervalTime start = PR_IntervalNow();
+        tdata->iterRes = 0;
+        while (PR_IntervalNow() - start < total) {
+            SECStatus rv = tdata->fn((void *)tdata->rsaKey, buf2,
+                                     (unsigned char *)tdata->buf);
+            if (rv != SECSuccess) {
+                tdata->errNum = PORT_GetError();
+                tdata->status = rv;
+                break;
+            }
+            tdata->iterRes++;
+        }
+    }
+}
+
+#define INT_ARG(arg, def) atol(arg) > 0 ? atol(arg) : def
+
+int
+main(int argc, char **argv)
+{
+    TimingContext *timeCtx = NULL;
+    SECKEYPublicKey *pubHighKey = NULL;
+    SECKEYPrivateKey *privHighKey = NULL;
+    NSSLOWKEYPrivateKey *privKey = NULL;
+    NSSLOWKEYPublicKey *pubKey = NULL;
+    CERTCertificate *cert = NULL;
+    char *progName = NULL;
+    char *secDir = NULL;
+    char *nickname = NULL;
+    char *slotname = NULL;
+    long keybits = 0;
+    RSAOp fn;
+    void *rsaKey = NULL;
+    PLOptState *optstate;
+    PLOptStatus optstatus;
+    long iters = DEFAULT_ITERS;
+    int i;
+    PRBool doPriv = PR_FALSE;
+    PRBool doPub = PR_FALSE;
+    int rv;
+    unsigned char buf[BUFFER_BYTES];
+    unsigned char buf2[BUFFER_BYTES];
+    int seconds = DEFAULT_DURATION;
+    PRBool doIters = PR_FALSE;
+    PRBool doTime = PR_FALSE;
+    PRBool useTokenKey = PR_FALSE;   /* use PKCS#11 token
+                                                       object key */
+    PRBool useSessionKey = PR_FALSE; /* use PKCS#11 session
+                                                       object key */
+    PRBool useBLKey = PR_FALSE;      /* use freebl */
+    PK11SlotInfo *slot = NULL;       /* slot for session
+                                                       object key operations */
+    PRBool doKeyGen = PR_FALSE;
+    int publicExponent = DEFAULT_EXPONENT;
+    PK11Keys keys;
+    int peCount = 0;
+    CK_BYTE pubEx[4];
+    SECItem pe;
+    RSAPublicKey pubKeyStr;
+    int threadNum = DEFAULT_THREADS;
+    ThreadRunData **runDataArr = NULL;
+    PRThread **threadsArr = NULL;
+    int calcThreads = 0;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    optstate = PL_CreateOptState(argc, argv, "d:ef:gh:i:k:n:p:st:w:x:");
+    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                Usage(progName);
+                break;
+            case 'd':
+                secDir = PORT_Strdup(optstate->value);
+                break;
+            case 'i':
+                iters = INT_ARG(optstate->value, DEFAULT_ITERS);
+                doIters = PR_TRUE;
+                break;
+            case 's':
+                doPriv = PR_TRUE;
+                break;
+            case 'e':
+                doPub = PR_TRUE;
+                break;
+            case 'g':
+                doKeyGen = PR_TRUE;
+                break;
+            case 'n':
+                nickname = PORT_Strdup(optstate->value);
+                /* for compatibility, nickname of "none" means go to freebl */
+                if (nickname && strcmp(nickname, "none")) {
+                    useTokenKey = PR_TRUE;
+                } else {
+                    useBLKey = PR_TRUE;
+                }
+                break;
+            case 'p':
+                seconds = INT_ARG(optstate->value, DEFAULT_DURATION);
+                doTime = PR_TRUE;
+                break;
+            case 'h':
+                slotname = PORT_Strdup(optstate->value);
+                useSessionKey = PR_TRUE;
+                break;
+            case 'k':
+                keybits = INT_ARG(optstate->value, DEFAULT_KEY_BITS);
+                break;
+            case 'w':
+                pwData.data = PORT_Strdup(optstate->value);
+                ;
+                pwData.source = PW_PLAINTEXT;
+                break;
+            case 'f':
+                pwData.data = PORT_Strdup(optstate->value);
+                pwData.source = PW_FROMFILE;
+                break;
+            case 'x':
+                /*  -x public exponent (for RSA keygen)  */
+                publicExponent = INT_ARG(optstate->value, DEFAULT_EXPONENT);
+                break;
+            case 't':
+                threadNum = INT_ARG(optstate->value, DEFAULT_THREADS);
+                break;
+        }
+    }
+    if (optstatus == PL_OPT_BAD)
+        Usage(progName);
+
+    if ((doPriv && doPub) || (doIters && doTime) ||
+        ((useTokenKey + useSessionKey + useBLKey) != PR_TRUE) ||
+        (useTokenKey && keybits) || (useTokenKey && doKeyGen) ||
+        (keybits && (keybits < MIN_KEY_BITS || keybits > MAX_KEY_BITS))) {
+        Usage(progName);
+    }
+
+    if (doIters && doTime)
+        Usage(progName);
+
+    if (!doTime) {
+        doIters = PR_TRUE;
+    }
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+    secDir = SECU_ConfigDirectory(secDir);
+
+    if (useTokenKey || useSessionKey) {
+        rv = NSS_Init(secDir);
+        if (rv != SECSuccess) {
+            fprintf(stderr, "NSS_Init failed.\n");
+            exit(1);
+        }
+    } else {
+        rv = NSS_NoDB_Init(NULL);
+        if (rv != SECSuccess) {
+            fprintf(stderr, "NSS_NoDB_Init failed.\n");
+            exit(1);
+        }
+    }
+
+    if (useTokenKey) {
+        CK_OBJECT_HANDLE kh = CK_INVALID_HANDLE;
+
+        cert = PK11_FindCertFromNickname(nickname, &pwData);
+        if (cert == NULL) {
+            fprintf(stderr,
+                    "Can't find certificate by name \"%s\"\n", nickname);
+            exit(1);
+        }
+        pubHighKey = CERT_ExtractPublicKey(cert);
+        if (pubHighKey == NULL) {
+            fprintf(stderr, "Can't extract public key from certificate");
+            exit(1);
+        }
+
+        if (doPub) {
+            /* do public key ops */
+            fn = (RSAOp)PK11_PublicKeyOp;
+            rsaKey = (void *)pubHighKey;
+
+            kh = PK11_ImportPublicKey(cert->slot, pubHighKey, PR_FALSE);
+            if (CK_INVALID_HANDLE == kh) {
+                fprintf(stderr,
+                        "Unable to import public key to certificate slot.");
+                exit(1);
+            }
+            pubHighKey->pkcs11Slot = PK11_ReferenceSlot(cert->slot);
+            pubHighKey->pkcs11ID = kh;
+            printf("Using PKCS#11 for RSA encryption with token %s.\n",
+                   PK11_GetTokenName(cert->slot));
+        } else {
+            /* do private key ops */
+            privHighKey = PK11_FindKeyByAnyCert(cert, &pwData);
+            if (privHighKey == NULL) {
+                fprintf(stderr,
+                        "Can't find private key by name \"%s\"\n", nickname);
+                exit(1);
+            }
+
+            SECKEY_CacheStaticFlags(privHighKey);
+            fn = (RSAOp)PK11_PrivateKeyOp;
+            keys.privKey = privHighKey;
+            keys.pubKey = pubHighKey;
+            rsaKey = (void *)&keys;
+            printf("Using PKCS#11 for RSA decryption with token %s.\n",
+                   PK11_GetTokenName(privHighKey->pkcs11Slot));
+        }
+    } else
+
+        if (useSessionKey) {
+        /* use PKCS#11 session key objects */
+        PK11RSAGenParams rsaparams;
+        void *params;
+
+        slot = PK11_FindSlotByName(slotname); /* locate target slot */
+        if (!slot) {
+            fprintf(stderr, "Can't find slot \"%s\"\n", slotname);
+            exit(1);
+        }
+
+        /* do a temporary keygen in selected slot */
+        if (!keybits) {
+            keybits = DEFAULT_KEY_BITS;
+        }
+
+        printf("Using PKCS#11 with %ld bits session key in token %s.\n",
+               keybits, PK11_GetTokenName(slot));
+
+        rsaparams.keySizeInBits = keybits;
+        rsaparams.pe = publicExponent;
+        params = &rsaparams;
+
+        fprintf(stderr, "\nGenerating RSA key. This may take a few moments.\n");
+
+        privHighKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
+                                           params, &pubHighKey, PR_FALSE,
+                                           PR_FALSE, (void *)&pwData);
+        if (!privHighKey) {
+            fprintf(stderr,
+                    "Key generation failed in token \"%s\"\n",
+                    PK11_GetTokenName(slot));
+            exit(1);
+        }
+
+        SECKEY_CacheStaticFlags(privHighKey);
+
+        fprintf(stderr, "Keygen completed.\n");
+
+        if (doPub) {
+            /* do public key operations */
+            fn = (RSAOp)PK11_PublicKeyOp;
+            rsaKey = (void *)pubHighKey;
+        } else {
+            /* do private key operations */
+            fn = (RSAOp)PK11_PrivateKeyOp;
+            keys.privKey = privHighKey;
+            keys.pubKey = pubHighKey;
+            rsaKey = (void *)&keys;
+        }
+    } else
+
+    {
+        /* use freebl directly */
+        if (!keybits) {
+            keybits = DEFAULT_KEY_BITS;
+        }
+        if (!doKeyGen) {
+            if (keybits != DEFAULT_KEY_BITS) {
+                doKeyGen = PR_TRUE;
+            }
+        }
+        printf("Using freebl with %ld bits key.\n", keybits);
+        if (doKeyGen) {
+            fprintf(stderr, "\nGenerating RSA key. "
+                            "This may take a few moments.\n");
+            for (i = 0; i < 4; i++) {
+                if (peCount || (publicExponent & ((unsigned long)0xff000000L >>
+                                                  (i * 8)))) {
+                    pubEx[peCount] = (CK_BYTE)((publicExponent >>
+                                                (3 - i) * 8) &
+                                               0xff);
+                    peCount++;
+                }
+            }
+            pe.len = peCount;
+            pe.data = &pubEx[0];
+            pe.type = siBuffer;
+
+            rsaKey = RSA_NewKey(keybits, &pe);
+            fprintf(stderr, "Keygen completed.\n");
+        } else {
+            /* use a hardcoded key */
+            printf("Using hardcoded %ld bits key.\n", keybits);
+            if (doPub) {
+                pubKey = getDefaultRSAPublicKey();
+            } else {
+                privKey = getDefaultRSAPrivateKey();
+            }
+        }
+
+        if (doPub) {
+            /* do public key operations */
+            fn = (RSAOp)RSA_PublicKeyOp;
+            if (rsaKey) {
+                /* convert the RSAPrivateKey to RSAPublicKey */
+                pubKeyStr.arena = NULL;
+                pubKeyStr.modulus = ((RSAPrivateKey *)rsaKey)->modulus;
+                pubKeyStr.publicExponent =
+                    ((RSAPrivateKey *)rsaKey)->publicExponent;
+                rsaKey = &pubKeyStr;
+            } else {
+                /* convert NSSLOWKeyPublicKey to RSAPublicKey */
+                rsaKey = (void *)(&pubKey->u.rsa);
+            }
+            PORT_Assert(rsaKey);
+        } else {
+            /* do private key operations */
+            fn = (RSAOp)RSA_PrivateKeyOp;
+            if (privKey) {
+                /* convert NSSLOWKeyPrivateKey to RSAPrivateKey */
+                rsaKey = (void *)(&privKey->u.rsa);
+            }
+            PORT_Assert(rsaKey);
+        }
+    }
+
+    memset(buf, 1, sizeof buf);
+    rv = fn(rsaKey, buf2, buf);
+    if (rv != SECSuccess) {
+        PRErrorCode errNum;
+        const char *errStr = NULL;
+
+        errNum = PORT_GetError();
+        if (errNum)
+            errStr = SECU_Strerror(errNum);
+        else
+            errNum = rv;
+        if (!errStr)
+            errStr = "(null)";
+        fprintf(stderr, "Error in RSA operation: %d : %s\n", errNum, errStr);
+        exit(1);
+    }
+
+    threadsArr = (PRThread **)PORT_Alloc(threadNum * sizeof(PRThread *));
+    runDataArr = (ThreadRunData **)PORT_Alloc(threadNum * sizeof(ThreadRunData *));
+    timeCtx = CreateTimingContext();
+    TimingBegin(timeCtx, PR_Now());
+    for (i = 0; i < threadNum; i++) {
+        runDataArr[i] = (ThreadRunData *)PORT_Alloc(sizeof(ThreadRunData));
+        runDataArr[i]->fn = fn;
+        runDataArr[i]->buf = buf;
+        runDataArr[i]->doIters = &doIters;
+        runDataArr[i]->rsaKey = rsaKey;
+        runDataArr[i]->seconds = seconds;
+        runDataArr[i]->iters = iters;
+        threadsArr[i] =
+            PR_CreateThread(PR_USER_THREAD,
+                            ThreadExecFunction,
+                            (void *)runDataArr[i],
+                            PR_PRIORITY_NORMAL,
+                            PR_GLOBAL_THREAD,
+                            PR_JOINABLE_THREAD,
+                            0);
+    }
+    iters = 0;
+    calcThreads = 0;
+    for (i = 0; i < threadNum; i++, calcThreads++) {
+        PR_JoinThread(threadsArr[i]);
+        if (runDataArr[i]->status != SECSuccess) {
+            const char *errStr = SECU_Strerror(runDataArr[i]->errNum);
+            fprintf(stderr, "Thread %d: Error in RSA operation: %d : %s\n",
+                    i, runDataArr[i]->errNum, errStr);
+            calcThreads -= 1;
+        } else {
+            iters += runDataArr[i]->iterRes;
+        }
+        PORT_Free((void *)runDataArr[i]);
+    }
+    PORT_Free(runDataArr);
+    PORT_Free(threadsArr);
+
+    TimingEnd(timeCtx, PR_Now());
+
+    printf("%ld iterations in %s\n",
+           iters, TimingGenerateString(timeCtx));
+    printf("%.2f operations/s .\n", ((double)(iters) * (double)1000000.0) /
+                                        (double)timeCtx->interval);
+    TimingDivide(timeCtx, iters);
+    printf("one operation every %s\n", TimingGenerateString(timeCtx));
+
+    if (pubHighKey) {
+        SECKEY_DestroyPublicKey(pubHighKey);
+    }
+
+    if (privHighKey) {
+        SECKEY_DestroyPrivateKey(privHighKey);
+    }
+
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+    return 0;
+}
diff --git a/nss/cmd/rsaperf/rsaperf.gyp b/nss/cmd/rsaperf/rsaperf.gyp
new file mode 100644
index 0000000..8ca4b4c
--- /dev/null
+++ b/nss/cmd/rsaperf/rsaperf.gyp
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'rsaperf',
+      'type': 'executable',
+      'sources': [
+        'defkey.c',
+        'rsaperf.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../nss/lib/softoken'
+    ],
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/rsapoptst/Makefile b/nss/cmd/rsapoptst/Makefile
new file mode 100644
index 0000000..a5e83ef
--- /dev/null
+++ b/nss/cmd/rsapoptst/Makefile
@@ -0,0 +1,54 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \
+#	-always-use-cache-dir $(CC)
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#EXTRA_SHARED_LIBS += \
+#	-L/usr/lib \
+#	-lposix4 \
+#	$(NULL)
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/rsapoptst/manifest.mn b/nss/cmd/rsapoptst/manifest.mn
new file mode 100644
index 0000000..18126cf
--- /dev/null
+++ b/nss/cmd/rsapoptst/manifest.mn
@@ -0,0 +1,22 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+REQUIRES = seccmd dbm softoken
+
+PROGRAM = rsapoptst
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	rsapoptst.c \
+	$(NULL)
+
diff --git a/nss/cmd/rsapoptst/rsapoptst.c b/nss/cmd/rsapoptst/rsapoptst.c
new file mode 100644
index 0000000..81ddcd6
--- /dev/null
+++ b/nss/cmd/rsapoptst/rsapoptst.c
@@ -0,0 +1,535 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "plgetopt.h"
+#include "nss.h"
+#include "secutil.h"
+#include "pk11table.h"
+#include "secmodt.h"
+#include "pk11pub.h"
+
+struct test_args {
+    char *arg;
+    int mask_value;
+    char *description;
+};
+
+static const struct test_args test_array[] = {
+    { "all", 0x1f, "run all the tests" },
+    { "e_n_p", 0x01, "public exponent, modulus, prime1" },
+    { "d_n_q", 0x02, "private exponent, modulus, prime2" },
+    { "d_p_q", 0x04, "private exponent, prime1, prime2" },
+    { "e_d_q", 0x08, "public exponent, private exponent, prime2" },
+    { "e_d_n", 0x10, "public exponent, private exponent, moduls" }
+};
+static const int test_array_size =
+    (sizeof(test_array) / sizeof(struct test_args));
+
+static void
+Usage(char *progName)
+{
+    int i;
+#define PRINTUSAGE(subject, option, predicate) \
+    fprintf(stderr, "%10s %s\t%s\n", subject, option, predicate);
+    fprintf(stderr, "%s [-k keysize] [-e exp] [-r rounds] [-t tests]\n "
+                    "Test creating RSA private keys from Partial components\n",
+            progName);
+    PRINTUSAGE("", "-k", "key size (in bit)");
+    PRINTUSAGE("", "-e", "rsa public exponent");
+    PRINTUSAGE("", "-r", "number times to repeat the test");
+    PRINTUSAGE("", "-t", "run the specified tests");
+    for (i = 0; i < test_array_size; i++) {
+        PRINTUSAGE("", test_array[i].arg, test_array[i].description);
+    }
+    fprintf(stderr, "\n");
+}
+
+/*
+ * Test the RSA populate command to see that it can really build
+ * keys from it's components.
+ */
+
+const static CK_ATTRIBUTE rsaTemplate[] = {
+    { CKA_CLASS, NULL, 0 },
+    { CKA_KEY_TYPE, NULL, 0 },
+    { CKA_TOKEN, NULL, 0 },
+    { CKA_SENSITIVE, NULL, 0 },
+    { CKA_PRIVATE, NULL, 0 },
+    { CKA_MODULUS, NULL, 0 },
+    { CKA_PUBLIC_EXPONENT, NULL, 0 },
+    { CKA_PRIVATE_EXPONENT, NULL, 0 },
+    { CKA_PRIME_1, NULL, 0 },
+    { CKA_PRIME_2, NULL, 0 },
+    { CKA_EXPONENT_1, NULL, 0 },
+    { CKA_EXPONENT_2, NULL, 0 },
+    { CKA_COEFFICIENT, NULL, 0 },
+};
+
+#define RSA_SIZE (sizeof(rsaTemplate))
+#define RSA_ATTRIBUTES (sizeof(rsaTemplate) / sizeof(CK_ATTRIBUTE))
+
+static void
+resetTemplate(CK_ATTRIBUTE *attribute, int start, int end)
+{
+    int i;
+    for (i = start; i < end; i++) {
+        if (attribute[i].pValue) {
+            PORT_Free(attribute[i].pValue);
+        }
+        attribute[i].pValue = NULL;
+        attribute[i].ulValueLen = 0;
+    }
+}
+
+static SECStatus
+copyAttribute(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template,
+              int offset, CK_ATTRIBUTE_TYPE attrType)
+{
+    SECItem attributeItem = { 0, 0, 0 };
+    SECStatus rv;
+
+    rv = PK11_ReadRawAttribute(objType, object, attrType, &attributeItem);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    template[offset].type = attrType;
+    template[offset].pValue = attributeItem.data;
+    template[offset].ulValueLen = attributeItem.len;
+    return SECSuccess;
+}
+
+static SECStatus
+readKey(PK11ObjectType objType, void *object, CK_ATTRIBUTE *template,
+        int start, int end)
+{
+    int i;
+    SECStatus rv;
+
+    for (i = start; i < end; i++) {
+        rv = copyAttribute(objType, object, template, i, template[i].type);
+        if (rv != SECSuccess) {
+            goto fail;
+        }
+    }
+    return SECSuccess;
+
+fail:
+    resetTemplate(template, start, i);
+    return rv;
+}
+
+#define ATTR_STRING(x) getNameFromAttribute(x)
+
+void
+dumpTemplate(CK_ATTRIBUTE *template, int start, int end)
+{
+    int i, j;
+    for (i = 0; i < end; i++) {
+        unsigned char cval;
+        CK_ULONG ulval;
+        unsigned char *cpval;
+
+        fprintf(stderr, "%s:", ATTR_STRING(template[i].type));
+        switch (template[i].ulValueLen) {
+            case 1:
+                cval = *(unsigned char *)template[i].pValue;
+                switch (cval) {
+                    case 0:
+                        fprintf(stderr, " false");
+                        break;
+                    case 1:
+                        fprintf(stderr, " true");
+                        break;
+                    default:
+                        fprintf(stderr, " %d (=0x%02x,'%c')", cval, cval, cval);
+                        break;
+                }
+                break;
+            case sizeof(CK_ULONG):
+                ulval = *(CK_ULONG *)template[i].pValue;
+                fprintf(stderr, " %ld (=0x%04lx)", ulval, ulval);
+                break;
+            default:
+                cpval = (unsigned char *)template[i].pValue;
+                for (j = 0; j < template[i].ulValueLen; j++) {
+                    if ((j % 16) == 0)
+                        fprintf(stderr, "\n ");
+                    fprintf(stderr, " %02x", cpval[j]);
+                }
+                break;
+        }
+        fprintf(stderr, "\n");
+    }
+}
+
+PRBool
+rsaKeysAreEqual(PK11ObjectType srcType, void *src,
+                PK11ObjectType destType, void *dest)
+{
+
+    CK_ATTRIBUTE srcTemplate[RSA_ATTRIBUTES];
+    CK_ATTRIBUTE destTemplate[RSA_ATTRIBUTES];
+    PRBool areEqual = PR_TRUE;
+    SECStatus rv;
+    int i;
+
+    memcpy(srcTemplate, rsaTemplate, RSA_SIZE);
+    memcpy(destTemplate, rsaTemplate, RSA_SIZE);
+
+    rv = readKey(srcType, src, srcTemplate, 0, RSA_ATTRIBUTES);
+    if (rv != SECSuccess) {
+        printf("Could read source key\n");
+        return PR_FALSE;
+    }
+    readKey(destType, dest, destTemplate, 0, RSA_ATTRIBUTES);
+    if (rv != SECSuccess) {
+        printf("Could read dest key\n");
+        return PR_FALSE;
+    }
+
+    for (i = 0; i < RSA_ATTRIBUTES; i++) {
+        if (srcTemplate[i].ulValueLen != destTemplate[i].ulValueLen) {
+            printf("key->%s not equal src_len = %ld, dest_len=%ld\n",
+                   ATTR_STRING(srcTemplate[i].type),
+                   srcTemplate[i].ulValueLen, destTemplate[i].ulValueLen);
+            areEqual = 0;
+        } else if (memcmp(srcTemplate[i].pValue, destTemplate[i].pValue,
+                          destTemplate[i].ulValueLen) != 0) {
+            printf("key->%s not equal.\n", ATTR_STRING(srcTemplate[i].type));
+            areEqual = 0;
+        }
+    }
+    if (!areEqual) {
+        fprintf(stderr, "original key:\n");
+        dumpTemplate(srcTemplate, 0, RSA_ATTRIBUTES);
+        fprintf(stderr, "created key:\n");
+        dumpTemplate(destTemplate, 0, RSA_ATTRIBUTES);
+    }
+    return areEqual;
+}
+
+static int exp_exp_prime_fail_count = 0;
+
+static int
+doRSAPopulateTest(unsigned int keySize, unsigned long exponent,
+                  int mask, void *pwarg)
+{
+    SECKEYPrivateKey *rsaPrivKey;
+    SECKEYPublicKey *rsaPubKey;
+    PK11GenericObject *tstPrivKey;
+    CK_ATTRIBUTE tstTemplate[RSA_ATTRIBUTES];
+    int tstHeaderCount;
+    PK11SlotInfo *slot = NULL;
+    PK11RSAGenParams rsaParams;
+    CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY;
+    CK_KEY_TYPE key_type = CKK_RSA;
+    CK_BBOOL ck_false = CK_FALSE;
+    int failed = 0;
+
+    rsaParams.pe = exponent;
+    rsaParams.keySizeInBits = keySize;
+
+    slot = PK11_GetInternalSlot();
+    if (slot == NULL) {
+        fprintf(stderr, "Couldn't get the internal slot for the test \n");
+        return -1;
+    }
+
+    rsaPrivKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
+                                      &rsaParams, &rsaPubKey, PR_FALSE,
+                                      PR_FALSE, pwarg);
+    if (rsaPrivKey == NULL) {
+        fprintf(stderr, "RSA Key Gen failed");
+        PK11_FreeSlot(slot);
+        return -1;
+    }
+
+    memcpy(tstTemplate, rsaTemplate, RSA_SIZE);
+
+    tstTemplate[0].pValue = &obj_class;
+    tstTemplate[0].ulValueLen = sizeof(obj_class);
+    tstTemplate[1].pValue = &key_type;
+    tstTemplate[1].ulValueLen = sizeof(key_type);
+    tstTemplate[2].pValue = &ck_false;
+    tstTemplate[2].ulValueLen = sizeof(ck_false);
+    tstTemplate[3].pValue = &ck_false;
+    tstTemplate[3].ulValueLen = sizeof(ck_false);
+    tstTemplate[4].pValue = &ck_false;
+    tstTemplate[4].ulValueLen = sizeof(ck_false);
+    tstHeaderCount = 5;
+
+    if (mask & 1) {
+        printf("%s\n", test_array[1].description);
+        resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount, CKA_PUBLIC_EXPONENT);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 1, CKA_MODULUS);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 2, CKA_PRIME_1);
+
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
+        if (tstPrivKey == NULL) {
+            fprintf(stderr, "RSA Populate failed: pubExp mod p\n");
+            failed = 1;
+        } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+                                    PK11_TypeGeneric, tstPrivKey)) {
+            fprintf(stderr, "RSA Populate key mismatch: pubExp mod p\n");
+            failed = 1;
+        }
+        if (tstPrivKey)
+            PK11_DestroyGenericObject(tstPrivKey);
+    }
+    if (mask & 2) {
+        printf("%s\n", test_array[2].description);
+        /* test the basic2 case, public exponent, modulus, prime2 */
+        resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount, CKA_PUBLIC_EXPONENT);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 1, CKA_MODULUS);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 2, CKA_PRIME_2);
+        /* test with q in the prime1 position */
+        tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
+
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
+        if (tstPrivKey == NULL) {
+            fprintf(stderr, "RSA Populate failed: pubExp mod q\n");
+            failed = 1;
+        } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+                                    PK11_TypeGeneric, tstPrivKey)) {
+            fprintf(stderr, "RSA Populate key mismatch: pubExp mod q\n");
+            failed = 1;
+        }
+        if (tstPrivKey)
+            PK11_DestroyGenericObject(tstPrivKey);
+    }
+    if (mask & 4) {
+        printf("%s\n", test_array[3].description);
+        /* test the medium case, private exponent, prime1, prime2 */
+        resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount, CKA_PRIVATE_EXPONENT);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 1, CKA_PRIME_1);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 2, CKA_PRIME_2);
+        /* test with p & q swapped. Underlying code should swap these back */
+        tstTemplate[tstHeaderCount + 2].type = CKA_PRIME_1;
+        tstTemplate[tstHeaderCount + 1].type = CKA_PRIME_2;
+
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
+        if (tstPrivKey == NULL) {
+            fprintf(stderr, "RSA Populate failed: privExp p q\n");
+            failed = 1;
+        } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+                                    PK11_TypeGeneric, tstPrivKey)) {
+            fprintf(stderr, "RSA Populate key mismatch: privExp p q\n");
+            failed = 1;
+        }
+        if (tstPrivKey)
+            PK11_DestroyGenericObject(tstPrivKey);
+    }
+    if (mask & 8) {
+        printf("%s\n", test_array[4].description);
+        /* test the advanced case, public exponent, private exponent, prime2 */
+        resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount, CKA_PRIVATE_EXPONENT);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 1, CKA_PUBLIC_EXPONENT);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 2, CKA_PRIME_2);
+
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
+        if (tstPrivKey == NULL) {
+            fprintf(stderr, "RSA Populate failed: pubExp privExp q\n");
+            fprintf(stderr, " this is expected periodically. It means we\n");
+            fprintf(stderr, " had more than one key that meets the "
+                            "specification\n");
+            exp_exp_prime_fail_count++;
+        } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+                                    PK11_TypeGeneric, tstPrivKey)) {
+            fprintf(stderr, "RSA Populate key mismatch: pubExp privExp q\n");
+            failed = 1;
+        }
+        if (tstPrivKey)
+            PK11_DestroyGenericObject(tstPrivKey);
+    }
+    if (mask & 16) {
+        printf("%s\n", test_array[5].description);
+        /* test the advanced case2, public exponent, private exponent, modulus
+         */
+        resetTemplate(tstTemplate, tstHeaderCount, RSA_ATTRIBUTES);
+
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount, CKA_PRIVATE_EXPONENT);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 1, CKA_PUBLIC_EXPONENT);
+        copyAttribute(PK11_TypePrivKey, rsaPrivKey, tstTemplate,
+                      tstHeaderCount + 2, CKA_MODULUS);
+
+        tstPrivKey = PK11_CreateGenericObject(slot, tstTemplate,
+                                              tstHeaderCount +
+                                                  3,
+                                              PR_FALSE);
+        if (tstPrivKey == NULL) {
+            fprintf(stderr, "RSA Populate failed: pubExp privExp mod\n");
+            failed = 1;
+        } else if (!rsaKeysAreEqual(PK11_TypePrivKey, rsaPrivKey,
+                                    PK11_TypeGeneric, tstPrivKey)) {
+            fprintf(stderr, "RSA Populate key mismatch: pubExp privExp mod\n");
+            failed = 1;
+        }
+        if (tstPrivKey)
+            PK11_DestroyGenericObject(tstPrivKey);
+    }
+
+    PK11_FreeSlot(slot);
+    return failed ? -1 : 0;
+}
+
+/* populate options */
+enum {
+    opt_Exponent = 0,
+    opt_KeySize,
+    opt_Repeat,
+    opt_Tests
+};
+
+static secuCommandFlag populate_options[] =
+    {
+      { /* opt_Exponent   */ 'e', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeySize    */ 'k', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Repeat     */ 'r', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Tests      */ 't', PR_TRUE, 0, PR_FALSE },
+    };
+
+int
+is_delimiter(char c)
+{
+    if ((c == '+') || (c == ',') || (c == '|')) {
+        return 1;
+    }
+    return 0;
+}
+
+int
+parse_tests(char *test_string)
+{
+    int mask = 0;
+    int i;
+
+    while (*test_string) {
+        if (is_delimiter(*test_string)) {
+            test_string++;
+        }
+        for (i = 0; i < test_array_size; i++) {
+            char *arg = test_array[i].arg;
+            int len = strlen(arg);
+            if (strncmp(test_string, arg, len) == 0) {
+                test_string += len;
+                mask |= test_array[i].mask_value;
+                break;
+            }
+        }
+        if (i == test_array_size) {
+            break;
+        }
+    }
+    return mask;
+}
+
+int
+main(int argc, char **argv)
+{
+    unsigned int keySize = 1024;
+    unsigned long exponent = 65537;
+    int i, repeat = 1, ret = 0;
+    SECStatus rv = SECFailure;
+    secuCommand populateArgs;
+    char *progName;
+    int mask = 0xff;
+
+    populateArgs.numCommands = 0;
+    populateArgs.numOptions = sizeof(populate_options) /
+                              sizeof(secuCommandFlag);
+    populateArgs.commands = NULL;
+    populateArgs.options = populate_options;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = NSS_NoDB_Init(NULL);
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return -1;
+    }
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &populateArgs);
+    if (rv == SECFailure) {
+        fprintf(stderr, "%s: command line parsing error!\n", progName);
+        Usage(progName);
+        return -1;
+    }
+    rv = SECFailure;
+
+    if (populateArgs.options[opt_KeySize].activated) {
+        keySize = PORT_Atoi(populateArgs.options[opt_KeySize].arg);
+    }
+    if (populateArgs.options[opt_Repeat].activated) {
+        repeat = PORT_Atoi(populateArgs.options[opt_Repeat].arg);
+    }
+    if (populateArgs.options[opt_Exponent].activated) {
+        exponent = PORT_Atoi(populateArgs.options[opt_Exponent].arg);
+    }
+    if (populateArgs.options[opt_Tests].activated) {
+        char *test_string = populateArgs.options[opt_Tests].arg;
+        mask = PORT_Atoi(test_string);
+        if (mask == 0) {
+            mask = parse_tests(test_string);
+        }
+        if (mask == 0) {
+            Usage(progName);
+            return -1;
+        }
+    }
+
+    exp_exp_prime_fail_count = 0;
+    for (i = 0; i < repeat; i++) {
+        printf("Running RSA Populate test run %d\n", i);
+        ret = doRSAPopulateTest(keySize, exponent, mask, NULL);
+        if (ret != 0) {
+            i++;
+            break;
+        }
+    }
+    if (ret != 0) {
+        fprintf(stderr, "RSA Populate test round %d: FAILED\n", i);
+    }
+    if (repeat > 1) {
+        printf(" pub priv prime test:  %d failures out of %d runs (%f %%)\n",
+               exp_exp_prime_fail_count, i,
+               (((double)exp_exp_prime_fail_count) * 100.0) / (double)i);
+    }
+    return ret;
+}
diff --git a/nss/cmd/samples/cert b/nss/cmd/samples/cert
new file mode 100644
index 0000000..3f8ec48
--- /dev/null
+++ b/nss/cmd/samples/cert
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIIB7TCCAVYCAgMaMA0GCSqGSIb3DQEBBAUAMEcxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQLEwdUZXN0IENBMSYwJAYDVQQKEx1OZXRzY2FwZSBDb21tdW5pY2F0aW9ucyBD
+b3JwLjAeFw05NTEyMDgwMjQwMjdaFw05NjAzMDcwMjQwMjdaMDgxFjAUBgNVBAMT
+DURhdmlkIGthcmx0b24xETAPBgNVBAoTCE5ldHNjYXBlMQswCQYDVQQGEwJVUzCB
+nTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAltV2TH+QxqlgfUFk+UyiYAjByxrC
+dCSIa/FwRaPceLvE7ycD9L6AC4JA6k58E6ICsr/Y8TsXT4UmZhhLNc50VgSo8cGQ
+lajqIDvntq8M1uCXiVOnXmIAqoB6E8GiqW+9evOkgkumMksSwXiXAhMM7vJt3IU6
+b+FwdF5cRs0u1FUCAQMwDQYJKoZIhvcNAQEEBQADgYEAkFdr3ypcvI2+Xgwfp7+d
+YtN7w4UnQ7LR9FKmlnBauTVLmUtichn/O3WMT9cYTtZm5QQVRaE3qrGh0Nr6Ko1E
+nIHowd36TN45zkFraWoATfCV/f+P37WaADp20l2ryEY0Jpe4gnoeZ0+/ffoxyajC
+LZEJL6Dv2Ed83cebLjYxKsI=
+
+-----END CERTIFICATE-----
+
diff --git a/nss/cmd/samples/cert0 b/nss/cmd/samples/cert0
new file mode 100644
index 0000000000000000000000000000000000000000..05cdc8553e37a60dd5200e7202531d2a9de098b3
GIT binary patch
literal 505
zcmXqLV*F~*#Ms5e$`ruBz+%A5#;Mij(e|B}k&%g&!64C)+klgeIh2J>m?<>aP}o2a
z#NiO;a!$<2Ov^9I%S<#BF%SX?atU)g=jZ087A2?prIr|~8>oUrxrOC|Q;W({ixiww
zi%K%nGLsWaGV}8k97{_w@{2M{Dh=esc`Z#1%#17yz#t09H3M?Zjf_n#O)aAg3Q?V)
zW1t1GO&MrQadKiosshN`(mbfi#XxRRL4Fa~8kpO-g}Ghx(lhf?Q;Rb5(hcPdWI$#x
z3yZ>BoR?an5RzJ40(PZA4RSCrvNAAdGZ<trB{D4k&}3MVc|NlHv-Xv#%jP7;R`&<j
zaj0-|wZ&F1R`@xQ{|Zx}@|6BYwk3*33cX&2F`fEm<Z#<A%7IlTEmJ$-nuEOXsatIy
zwEZR;*#$6ce!N2Bjb($ol8g1$PGi-#FP}3pGcqtD+YO8Y<}e1u=S%im6>x3VSQfc^
zbspn`sw-!ACoW(2?4Qno15R(#oHls5tbWs}bYjjukI0TQuNI}XCeJv<6cc{H=xkl*
dk=6-!Zg{#2X6m1QwSw>P9rFz~p;GDIrvYyOr8@us

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/cert1 b/nss/cmd/samples/cert1
new file mode 100644
index 0000000000000000000000000000000000000000..38a7d299a64e374923b556c380c6848f290f4e92
GIT binary patch
literal 515
zcmXqLV*GE=#F)dx%H+tvAZNhK#;Mij(e|B}k&%g&!64p{+klgeIh2J>m?<>aP{BYB
z#NiSa4+?fva7iplR0vK@E-lI|snk*M%uCiY)HBclso)k?1xus?<%`Nvixiwwi%K%n
zGLsWaGV}8k97{_w@<F-`<ivR`O%03<jSVe~ElkX!fLt>m*9girNJMpjuz?`Rcn)DM
z=fs@MwEUvH%tS*G10jg3xSjKJb5o0wQ~gp)4Al)(Auf?4;DiEXPcyPIFvl|(#4v^G
zM!ekr!SHM)TR_y+d3-w04t@W5>0D?^>&6MQCT%u5xaZXg<?XAjmZv0_$G0f;J>BMd
z*KHlwU4}#QyKb&MP@42(YSW^IjZK-q9<Hz7Q~Ri<?CKt^hTlxgj0}v(_5lN#xsHK#
zY3kg`?>nX+TYG9T^Tng@?dJaR*|feZ%=^OZjWO-^=H^nr?l2bLU}IXNAm`=beDLFR
z&qsxCwrJ=YC3k&$_ri)*V%oIgXH&vN?v-8m+g&l=#X%x#_jb3xciL`M<=l#1EbvU~
gjRO1rzgd&n56M~R^}Of5()eYS$11HA@0tDs0DL>Sp#T5?

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/cert2 b/nss/cmd/samples/cert2
new file mode 100644
index 0000000000000000000000000000000000000000..147c3eb9ee328e34c836692fdf474cf30dce87da
GIT binary patch
literal 528
zcmXqLV&XAqVw}dr%H+Vn;A+6j#;Mij(e|B}k&%g&!64p{+klgeIh2J>m?<>aP{BYB
z#NiSa4+?fva7iplR0vK@E-lI|snk*M%uCiY)HBclso)k?^~o<+a4aq^ElSKwPE~MD
zEh@=O%S=uz$;{7Fa4ap!$Oq{%kQ3*%G%++Zurx9@v@|h^0&*=4fov$35(j`?mI`!W
zQCVscP6ss3M)or!D+6<5Cxby_D^nfAq;pjV*EQQkt?FzJU!%%c#<O-^pN{#t*QOOI
zA<R!(90E`7@8@{b)x>d0tj#?1<wixOwPhKNvsf2-pY&EuQwq!JVDJCl7@6C`o?0MW
zSY|i7+~;vXXV?snowCa{rG)jo1S99jiC*;#(J8jdY}z>8a!zhRy2sPIy4Oy~RWmU&
zGB6@L4HzBFi44jXn(tau?z*ktV<*b!Z8Y0Ta#k%1zw@EDhu_%-A1*z|wfCy<tmwYY
zb6t!kFkdNMz)=?{AD+G?VD~1=gbh4%dxSTK%uM?8Qt8R$CEVOMI<{HgYJVNOWNZCT
L^VNM>A2|~McQLLo

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/pkcs7.ber b/nss/cmd/samples/pkcs7.ber
new file mode 100644
index 0000000000000000000000000000000000000000..6e3814c37fdd9546ebb104812da37c62fa1cb9da
GIT binary patch
literal 1771
zcmXqLVB^$k^Jx3d%gD~OpuwPliILHe&wz)G10u@A%F1AXq=u1!0jR2paUu|_F|jfQ
zGcYh3@WRbtWCAMJH{>?pWMd9xVH0Kw4K`FTkOOhJgvEn`9Ti*>OA-}=Q<F=JGD|9T
z6g=~i^$g_1c`Z#0EDVedEsf2M4WocuQy|v}%r%HI@FmeeLm2}pkd-{b!ays7T-_90
zGK))!GLuS6GV}8c@{k?O$jZPR%U}@26wEv=gT3!`09(%L@^;T_PrT&5d|M`;w=~sx
zqN%#_3T{p5++)%^{wQu#*{qoumLmAJtNq?j<uyNz&kB3F_^WuPOgUs~Tfo6LUrk<S
zt>(vX<*^%HGchw_1P^l<gI?2?jxDigs%m*e9)w6;({MStYf=E`KC@qG%P;i*^w_(}
z`04#?y8Ev@aCpm<>0&IEADnsc)q~JIjw=tJIdU#~!6AE2K}Od8kguEm9jG%ofAhcr
z>F~Y42ss7B=D<jCWMB|P_9G}#Vn_``Z39hE7;+0MIp^o*rWPe<CgvzOrxulDre!84
zf&x;(v9u&39~6)97&J39Gch$V0>z*uFa}MbT+)+70kZo+aTE{q0#m4g2fK63^`3h!
z6C_rCzq4ww(|n!XZ=Q=>h(7z6bKcHNmuyd0&v~`xUzVlju2pFh80(jZiSMa9xpdOZ
z`AO~3n%e?5J($z;W2SzC+7kQYcI`4VR`b1;4#gTvbqs0TZrAH%X0Nr~Cu^_cyz2g`
zPsbDftW?|h#pAtyPGd=?<7W5eR&~D~l$xgmG|0NnzP0?1?t?Oh(=$(pJb1VF=>a2k
z<>FcT$5tJ!(O-Ih_ae#t!G~{L&1=5@m*3H@>HVPui9M^71Hw<Zn#euW{`h{X>7=if
zY6oiyC#!y*`-6>vVPS(o<8gyH<ZvJ-bHTF~FgA?MKoMhNU}<1z2;>?WMWLAvOq)Wx
zbtOM`^IHjuoeN)I>LF;e$w8X&r$lOC(iefiyxqdxQ$H#g%*a!!xe>qQuOYi$v!#Bt
z_<jE)<s~ZFQx0#F`?e;_J#ta5f9<~5d_Vp4-iNjx6F7nCGTor@Dw=JyO_NZM8yXoI
zm>3~EZeVTz1W^Va24cXRqQStx22^NlU}0!vU|?iy0t^z6I4}qCfekP-1gbYNGckdS
z3xLJVjm(UUjV(>gF@ms;A$?!b^nX7m9dUO$aZKql-<B7awr<M<%DNL$>RF{-)FNIv
z-gy77ciH1t=NP*C6zBT7cP+PwxX`~in(?keh1%b}dYy6gu`!431ovNl>o`%1e?#E)
zy(SG;tTP@>Qr7trk}b2j@ut05pVcC9v53Wv+{{u%Dh;_z=T6LM{blrsfx!?|K63%f
zabN}{wJ3&_=qTm?f=B}icnQzRY{(7gurnISz&V_(hWyY#H#IUeG&cr@vOGeT#ZZVv
zU`FJPnPF;~kIqldjGdEn^ayf_0OoR*V1~m@-}i>!u@uan>-VGn?fZoJyTsX|>LZ?P
z`hL4IL$oW|XQPsJqO(Nhn&Kz659G=m?s88}^IiMqQSZY$K~-W40}f19NRZzC=*2Y#
Pd(HjtzaH{F$N&WZgn&2C

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/pkcs7bday.ber b/nss/cmd/samples/pkcs7bday.ber
new file mode 100644
index 0000000000000000000000000000000000000000..0ee6cfc1331fbbbe78767c8a135aeb6025da068b
GIT binary patch
literal 1881
zcmcIlc}x^n7@s{rch|)#tJKQzYCu=<cyC}2np!zZ0Si&w#oE<oGwuw#gY3?B4j07M
z1yh?A!FUr8g;rxddIXzVka$&yQQK%^6%*82kJds$j0e`*<IS#6wEc%a`ZANu`{sMU
z?|r}D_q_*$k(z01a@X|h6(f{QK^Rmj6etRgiX0iXDkCBYIK)TM6if`Ns}znb&g+*%
zh6lM6PX{QT(Q51-UJ^tvCCFxbp$*Ic*u;rqDFX^6ismVw2yEr}w^ySvCZZHLRjbL$
z1@n21mRzDBe}MT6O;e?UMjpmQD|XQihO%+RVmMR*<z`(Vi{kx^7z)Dx4@=XG4+J>A
zl$Mtp6G;=s$Gc($fFH^SD4GVG4~QHPJq+-MFkE2_H|50{6fiCi4#2Y<56FSF@-G=c
zko<m5U}$;0i^Dcf5@k5^tQ0sa&7{?4a@;aOtI22Fl&c&pEeAO~;|7@w#p5jsE|&4R
z7*Nc*M3(buwF_CA;jp_MZ)E}N_F!s6skm6HB|-yhfmz0{TB$Y=#8jvs6iT7QnoLJJ
zsEJe+sUxG6MK%-%C(09Tv?05U^7=93^LRJqV^>geG#DSFPa|O(Oe0BTg=PnyrVdU`
z4wyL{G-QBd<zT94ot+UxP$Xcz5nMcUi;4(BHJ5-n%5-gUd0b~*rRU0ugW`lktG+m@
z=$!K06hbmg&Ae7$v$pW8?ZEZ2X>m8Z9rt=}Z}P+_49!<>t?aI^zyB7q5FFa4R4E9>
zP-vXJDuc*=q50b00GR9i_Wtt7MrA*FoHJMG-}ul+->qMtkhA%!W>ad!n5J`A=Yp1!
zK>n#d=`lOge!O|($`NBGH#UsN%+}#|l2ZK|@h^Pne3}mc<HPL6EU;yOS1FMKHpV6K
ztXMuB<oR4P(M&j9_RvKq<#Pd$AqWz#b}V-m!;37|JR}3ikVFqBulh$2WHmu(8Wbcn
zO?3=Y-X%l%k*R;3fVs*HqT@|w{R97g>#DXR500K)eRJcaDBU+rqqi>Je(=-6{6NKL
zhNKw};UaNW%)9%y#qCNfNa^XivSIwrSoZt#tJm!;{7>#FLa6mtZGiVIC42J0eBB*e
z<_AH;qf_U)-p>8mIQGJw&Hm8|v6+^tk*c+iww%9MvG-9+clSz15IuI+merd&zPtTi
z?~Uv~t6LVepT1;NUhX|PxxM7Va{5H=%N-wi*NK}6qFJu~C|KD#G_hfq{Xo$p6GCK&
zV-g`;_Mzc`OW?RrZ%qvO;kH1QR0uKoVe^D1W(%^WAZQsd$A-<wG5{0ye({OfiY&-v
z!XQugE3ViYvE_H6ZYwqF`r>z-_DC|PQh(U6zhn=a<0>`O{&;N9qCcYU)Erp0X@_*A
zYi#UNnza3*Tj$*JerIxfPf~IlW<&)mYo7uB-%B-=7d|-<2_dq|g-Rm)HIV%?X;Or{
z<|lWw^H5`jm0#fQz1>&c(YCvF&gDX5^z4I<QAx?(>*>#zGdudn>+AadDpEHrGgoKq
z-qu)~Mg9uYjv)5@$E}yX>OZ~Wlk^|*PMz4MFF3RBa`xF0XH3H9XST;z6%hmq!pb^)
zPr=mTwaJr%^y#~8$o_HTsMALrJ2{U#tutSI@Gv=|p=?f)@ynAM-<69ne%#?#vd!0S
p?5gNF17>&jR`)65CIlvSnPY#;i*LQ*jJx~Nt*`BD`1B@-zX7G@L{0zz

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/pkcs7cnet.ber b/nss/cmd/samples/pkcs7cnet.ber
new file mode 100644
index 0000000000000000000000000000000000000000..df2bb2dd187db30c28135cb6539642e5d4968041
GIT binary patch
literal 3330
zcmchZ3s6&68h~#S!ka1^ACyXn2)l~lp8HC2p^G4(2n>Y=aKTs85FiQxl7Ogy1cd^2
z1Z#^{psPZa6+w{FP6ZZ3tCm*ly2w%%yIowVP!O?F7OUGmH}{gHOsC_Fv(3z%$@%Vo
z|NlS#>l~18Y2#TGQZ((rvEm-f2l-qM2StDx<sb;;1)M4PlydppNCdF}4#uxITs{Ki
zs2#Ae<i%K63b-*cQ~(_5g|)yoP@bYnOw*`Ua&!Us4GnDtc7bWBsY;DP8KKmnzXKjL
zwG#+sN==qhBMMY%bgD#^LatM#sYL;qy5uyCO1BdT7ducS5Mxqc_{GDe7%n9kPEsTl
z4>Er0f*0^)tSy69v<i8;Qbe20RI{43aH&a8(-_Rm`erAv3sxto)JmmBrA|VHU<s{*
zCs;V^v0AAUMJu&BgO?!3JPaH@!rP93WUd@J^`HRFR(%n-|GSmF@0_fXZ{A%d%d>X3
zu`SxXyGAr~a9%GrYT4Umddu3Smoh>}V!1uvWB&i}i}&X*NmQ+j?DKaO^b8a|SQ&8;
z^NU1U?$kMrQTglKf_z&`aF6kkZ@4@T!ZEiEQ^1QwmVQ&)>632TvixLRTfLg|^{(D)
zZSqr%!~gZ_>RL0NxTYyIsD7-(?P}FmA#uf@kDf>@R2=EyZrad=UCS%ER9HUPzkZ#g
z>i3_G*1d3XP}1~rjB`@hXE5nM!Y2hLJ^(?4bF6}`KaIKw2$`raepMDA3X<#OBAHT=
zNhi=tv|g=Pg{}f#Oujt~FO=~8Go&3yaa4*+2{Ds)9L3n>uTgpF=9{L|ycGePxG~;;
z9O-<3UfXFI8Gq}&7rchMr)O?nk4Y$OE<gHKi}*tO=+$K()%%=EQ0&;c&+Wk74})*7
zZM40Obi1DavY{*U_5Zw6a3a6CK=t@vXZN({4&`LsYWK|l;b&8uhw$H5Rv(%uK76^M
zr-t{}PbU1TpM;+~TN)d7qq2F^8>=M}=f{H_ZNDY=j7S(75_n<q@cN;Qu@9DeV~W!6
z@89#`J5^L@hu@A}@Kx50r~9-26y)!;t?i?=PX~(zcBKq#teHRTJSMX0e7fzBRku*O
z>dlFHz4}L|Lr#0vO>klQx%RLGDqsotBS^4$H0a)cjuHq@+aU_jYBM!*wF36%FLXYE
zqJYA1lp+Ya1Sk~#XP3|8z_Zn$zS4ZpbOq>35TGyQ<{@ug-*usJuV4J>lD!+wcyO}p
z8yXLINv?lOW+z1R?(XxC`n0pmdZ@I(`sSh{Nz6#|Qf@<5vi>OlMA)Zc9*J(TDaBT0
z)B3p7eOAhJK}MEe<&N+>ktMN5LOymmwZd7jD%3HqO1SXW`e-k$kE)>gFjbYBo)mKT
zws+rE;qIR;7CEv^y5fFe!tJ$Z+x-@D!mvu87mwyz%nR%uzj*%-vWuD5Z98rWj&3~A
zQXPbq^LjInS?5K$Zb<qdvh5u8T9bYCn}U|;cVB-p;`Z-DwRU#>#UJ_(yz%Yk+SWZY
zlKKPNCT(6rkmLD4{}|}Y&BOBR90SZD08mtl;uxSyfdmqINs2KdevUtICi3s)Jp4{D
z@gAs-`^#$Q(7rF%9^X3|lkIyKNzqZR{(b`C%=q#v<H6&;t;ZUYsf2}|+pnBoB!6|=
z#K#`4mF}ZAmJI)(^AWYWcWwN;)wsL;hUp2}8BkzR4IkS%=Kk-6$ZQ^i`voM^2ZqhV
z^AIKA30T0(28)<EZDA0_U|=K|fr;a1xedcn05DXH!*5vmc?`!0s0yQXvD}{JBmjgM
znw;e?8Mt986TnP<5z9%GLdB#>-r2;VJZjYA%5aRJ8ym+Nu0aq!%P9;13ChYt?#OT)
z`j4CMOJv}Lp%ie;B+pzL2tZ#NF#482?+fY)VB|3=Dxo7}<WdudHw%-Va04d+2IGd!
z#uMsEWH_uwihyZh^ejgZD+3n;45R0i)Tm!?<TyrR5+mQkatREM6tMY%`ZG+NloF&-
zzJTQvN&%QOBj3Srcv@0~m^Arc&2j=26C{oq<&U$Rgq4DmCjGe#huei=CQbU!vm8Sy
zOpKfSY%}A~vQdA#iQ_mh>F+S(64WIBXO`mtwl{9d%RwWT;Ha5Dl_pM*W^rz1If-Ee
z%)Zedt%;NHjgi-zacZ`1Vf?LGE-}=<$<GKQXIgR2B;e&C5v#A|j^$*<G<d6qdWL+!
zi%+VQVe`8m*-Hyg?!Syg2>U83W)iX;rJ~7uc=RhB5AXDg`nStQnr?PRmmw3=Hs?;t
z-ha5D-kGeJnrd8nZi~a%;6FR(ubBEmtBkGr+9KN8|AfWq!PNtgiu;qw_q*SJX`Q$x
z+&yng<7h=AJgr@TzHW|J&oiH%>7-_YVi-EG@{PmU(0#CmoDAIuuMk@df*9l|A%=o;
z{N%|Ii{K=pe^YqEl^?fbg=A-+uQ>UY3m&_-JP8U%i>h6EoB1718JCv4+%c7-oOHn|
zqa1#_IVpGNuKIw6BXxrtkK`4XUS9XE-E`9<-%q>}(KY*0?}a(lDqQ~dx%X7m;zO4a
K1kFd--~RyY%fUtf

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/pkcs7news.ber b/nss/cmd/samples/pkcs7news.ber
new file mode 100644
index 0000000000000000000000000000000000000000..c46a1786d7c248fb2eea5b2502dac5da99891b66
GIT binary patch
literal 255328
zcmagH$&w?>lBUOMvYX@)lFz^v;fj@j1f~F@cieGL;kpD<L?8px#gLJas}e5yIr{PV
z2Hf)de^oO#N9L)%a?=mO%-q}tHJw%M>0kfD|M<WE=l}CR|9}7UKmGUr?!Wx&)4%?^
zfBL7<|MK)d{fGY{O8?!z|M&mRQ`6?3{>#7qZ~yw={XhTh|9e=U4#V^1^nJU&UH{Yn
zIvULWa?$;|y<CUu{e3&w9nQ<$WxJs^>OS9hx9#9|Szh1u#`G`xI1f*kx8e5nb$Hx<
zx})*SJeqH|KZfh~?fPSPybia=H@!0&ji-O8U7wD(?eXRo&$DsY;<{bmFT2~9YM!Hb
zc|4x($Mu$?C|E5wgXQhEyWKY`9E_f`<!XCds^Dd^$d;Pc^~1f5CsC$3Y<YQiI;!nt
z@)G45{qlZ$KV5b)^k!6LR(fGNnLc%ItoOT|$9Ou*VR#)}K0GYf|FXKj{YQ;*G+O-j
z;_$HBFOO6|_Bj099qXI(mr+ir>H24>etCImKFoIh*j_Zy*))57-5s}s`(>}f@hp3K
z-Cf_;%Y(|Er?~`g+vE1KjCQ%F@At#$?(Sa7^rC2ZTwlG|lWe&=va&24u%so?lqa+C
z?Av5E$(8I{oKAbykH;^gZ#<s$YyNFK8Ry_?%MI|jzMU>#Ze9SbR=;oe=gs!|;g7`<
z*1FyC_2jokv$8(5?y$UkY;WiN(oi*c$$jbSPnT_de?ESk;eqPwa=*Q*|Iy?nk5Ya8
zv^@+D>z&qi^w_oPu5YgUZCzaV{jj~Py;YB|p6}Q9^L-yn_nezsKbiy5S=VP@X1_Hs
zWOzxQe}DTL-A*QXT)Td6%j0Hw*~DbWzx8@QpHG+E?%CszKewyH@_O4|yi$w0P?T)1
zH=t!uu*hVdK)BysZ{U{Ob-g@q|5I$L%dV&OM_{f=!g~~7_k-JV|Dh$D&GL}D=JP&y
zy`4Aubj2}I@%cGe-M_TMdTTOH0IiiR7Mecg_LngYKkl1T45T2QTJ@9D{B~cy1zyUf
zR4s_Kd#@l6Z<$W|HRpM~?z>hwsOxR{$_W-Wjm5aeiW@|FCC$m3KIc+r<E$FKZkM<F
zWjnZR|8ZvnVo!6^9-4x>3@c?A@zv51gZ7r@6d&IG={4^U&a38k9(t^c-ESX=OfO94
z4<n4KKThVizJ(2kL1`YABzu7-{xo_iQ~3g357*)Sxclif&g}<*4xv2dpQ=VrkN8R_
zcy$!C$7Jd$QpE;r^}hR?y4~9jDE4#{x_j>)Pd~Ok`E9>C>mXdCjeAE$493gX+kcF<
z@#p!x--`bK*li&A`p)w>m$hkNZorj`Tn<-4!r%h_p^DLTk&|}KdU+e{wzpST^(wy3
z@7v4yevC6a0wNdRM$`G|MbGiGp1pJY3abBH?)M(s^tq4~f93VZppL9iHCMdf4*S8U
z>Fc!D+wQPD$8eiP*qwnjl}?@#PTa}vrwPTVpeGmZVJ_6PhZ{H(@3)&fex9`pbXdOa
z)*!5Q$q%d3(OtY02FD#AcFWsRJ@-C$ymF$J=bcd*wauv6xS#jy0Mf6wM(t<MAke}d
zd9dwk)WOm1w}+(0qjt`EQ^V0)J){YUtPjgwKw=L<F3ZjC)cahEY%j~N>-%y8qrtiI
z9`;|}9tJRd0Vhw>7J-9{G>U1SGcVHRs&g`EKX6^X!i%nZN5pNfV*Awkr3aZ;?Nlsh
zvnp3e|E)~?rCpKR?s{gBG5qEY*im=h4)1fhyOy0A6pHD=K=1~u%jvT$LSdRpWgwkF
z@JG{jexDE}MzA%#N>mkZQE@-&tnbz*fU+5z-uZDkcugu7TweMYQAG_M=Bjz;XOhI;
zx3{ay{Rs1ybm#_c(3`X8N$~v8UQYSfaD5+ac5l=gGro-a5<w-y&$G$o+l=RoE@qRt
zf4}JWbgJLeXa9EjY^0LeR3$T)JU^-A*)5;la_*A(L~Z6Ts$KZ4#mv7KdcsBOso&2}
z8v65-dU$?P`SX*@N9yN!q;EZsp8b2F-(!vT8D>?_xl8nw=gC;VJ(uT+`<b|(sr#S0
zhpBs*y8X=k%rt9;q8^^z(sOx!cF)i5VeXc5_c_<BpBGPhYcck3j|AqJk{6HmB}(+}
z{7Eh6PpX|iseJC)%}4sye59V|BaLA`QqMxUJjYrM5U<L|E}6LfL|>dwG>iGf<x`h<
zr{<pHeCqGcw0iTIYiIuMv&ZnPb(nizbMMrA?%oz|zt9@a7ykM}D==U9D=+%`;z?~5
zPinJxdJb?BUv^C@41^C0h7-)q#`E!C%l&QmwmfXF!_5h)w$vNe7tgL<flV*FY++hG
z8;xeJLcqL$5(nEKJg>w3a`2D)^23;V^fGyR=w0tFW^*Kyhp+C;!z1;*xaRg__;c{O
zLnzQ2tUOYI-k^N7Tz&0N$H7cBlhG517^!9mBDxN*uT2X#SUf-JtWRfuUW|%fM^Ce-
zmp`}Zk$FS`FtH`~$AvxYt|o`0@d&cwCfm)O6$u{pIy{P746XzT)D84tmgo#_NO9NU
zd5u1Sm5*AsP14P9xj_`vevGD1u%dpm)}7D6e~gejdo{2bLH!rd@?Oo`WeMxFb}cYd
zuu^{Q9r5IIc?n`WVVisJ)>(oUauRhYooZn)dCpZT-x{9IC^3v%#|xyX^|GowMlVm<
z7^=Mi+Yin0&c=)9aeN%HhFy><WiWmMMCyokE7UOSVMt8lxwsj2Vfg*Dx(-jTugFCv
z0B}doupaRm68IWW_BTezn^7!14A20Zs)e3N+?Oy_kHZk^k7TwC<`;>tUn^?N*HEl@
zRcCcdW&Vca*>o}aHh-Ri19@_~=iu|Ho`p1&=ELRw4c*D@{ooTYT8s<W)fUKn+vR0#
zWfEBUueam9j@DnBF8*3Ahu1B@vrH!9<tag{ya)k!$!$~-$4K8qqhq0Y#A^R_UGJoS
zy0|Cixw%V+5WthbAs8PfH!&V_Tw_hO-iB^1DN9mRURM+~aaP6)P=vSTbRCunc>^Z%
zMeke}wB(tA4car`DIj##4Y+LgbH7b~@nwz#+Itx$J~nLvAoh{TWlLS?<rdRv?=@CM
zyX{jsd1ejUK5suX%-Pcz9aW;O{Rt-LI9TsdmguGFd=aP@l=i-RduIs|CG^_p`3WYd
z?e3FJLBXfj*uX_OuL;P;-Ku*=%IJZ3S>?&Bo|$|{;+VUek37Kl<@%!tG7|>P>1@<j
zqxpO`7c9j>58qGsD>Ae?7|mz!UH)o4ygev<M$N>VO>dJ06fn-|?)W3QpV8Cgg|Ybb
zM(OajUB4f9>(HQq-K1L7;m+#ot!gl4>|C$z^?uy=+>A$1^BA7k@ZsUUzwHKx?Pg~l
zcQj!W7~Ky2=>^4tW(3<5L~p~a7{q?de?8UFY*tWDE@Qw);FvLb2)cUZXrRpU3*+a}
z#2cC9b$i{tSxw4pVcKJ_z`Don&s$wIy*Zvw$|jfUx|frg6rWm%)#>yB;b@m>F+$Q4
z#9g;PhX+HpKnnZ<ciEBLpSR04p^y=J94tvW)o3uAlZue0Ax#$aTt|FB_;cw~K}&+D
z;WD6Vw3xzmjuvxHyx=&d4+aN!9Z<;maLh-~#!m@T>iW(uM7NU(+tvYGo%~|K!eqJ6
z`fd1Q3n?qw!^M<i?@<~holj_G)|cJcJNqoo3!X6N5dh)Iji&Id2-Q<P%Ep{tZv&Aw
z4kog+x8-G0D02cpp|Rb5Wkryk=ke&<NSyHKdCG!3PakMdEKKQSGA}Efom{Pk7@%vf
z*kF4(ft#%=9?hr_ay~APCqaQXWIp}tde4KZ0<Z~~)F2VPs&Ed^8q3rj+5;VjKskDX
zhsM-^a+{@Y5$|}4nB9TV+sa><!C#2@Y!T>TSh~+lVEN<IBAr9*A;;SarG(#_!dv>S
z^9j0Bc6bEe-5;6HrqQron^6C4GJnK5_4UPQ4B%n0=zw7T&;P79$K&bCSo-mC!_l0-
zfXH1aH5a-1H%_BRSW$;z+bTZH90t(w6KwytG2CaK6gT<Y{VJ;6`3#9dOotxRU=}1w
z`t4a^I=o{3)`SxpV-_?Fr>pB`cwevJfq$lAJSa)!#93x=TwOPm{cM*ft?>_EnU|3e
z81DJoWHH5b@WPqW=G8vVyEPmsyii%bm+2fz_UASzCAXIYB6H}JCesP?@&|QDVD2=J
zIih3~7L+>N?^c&(m>l4YJH+zi=jZA2;q`cV-1DFG7yOyXF5}Tz#|W@F9hdviox|9B
zpfDuY^X{@-e+|FC8mCRf$!iYF^=<cKcQx`J%N)Y)PoAeh!sHqI$QW4ibE1;@vwko9
z8}SfmLDbb#EvKWYpL3Or)X$WYt>;W7uycC4J?EU?Gxal_sn6+b;omR%{XEw1XSaX$
zyB-OOJk`!Mw&~nopZhBadXy~Oj}1H17xg3H(o<iVA+GWS?s<Z0czQgXO4TA_^PIXR
zLMXre^%=}3zY+g=E_6C(2+Ml9hlSs=JqaZMwa<u_JQ4Zz)S961^iwkuisK0dY}b7l
z%9m%!>+_^bOPRBV>`J9JV03RW9B<(M?Bw_sT9fItY^O?wKX<E>sGE;8h{qp9<h%q$
zhqunM%MIXkD-O0>U2m7u{`3~suV>6uF1@{P3ye$<=v}yi9lG3C0h})ZO{@5GF`bOQ
zEoKM+dYeL|Gq)RKBmyI7{~;#>9;`MjgC49Pb~ApVz~CXw@f?$O2dHVkt|u!(Uy@F%
zyc{7-Vmg6sEnlpNWW->ibQ?yYId~}wio|Y?r(t*kA^(m7yjQ3}UcR9PK`?omA(uQc
zULGK^C#(kkeCfC1j-*H$By*hSX8rzwY!^Vmx&Wjj)D$`Xrdyr$KuhJ7SMX%8R4?<%
zzdZ~nU$lhO{&~D$#x<%n@7X*d_V>}=WM_k`2oL~m^*T%B>ow!haU5ndwp<1?w?mJD
z={GoJq|zvaa-+i^d=GYUj;Nuw>!o{{B$V-|?B=H|M($&o7RZP^Aj<GJJW%rSP{r(J
zFshi4vjz8gjDvvW7E22Qy<fgBgKp6nR0C&*eb8Uu3@&j>K#8y)F54cjFtP8uQ27gd
zzm3KyHT;YjuHSe2%^>YmhEGBI6kHWuoCc?05XX!B&}kJ`YP6WyWRJ+rxs64H9rm~3
z0>Rt3B)ncw-iiTFwd?Z?yemy**G|L->UD)E8~UCwhQQ87KgZWy2q;hJF~5zTP#)^3
z+4E#6d6uCalY+Px#1mRhUSO`Gr)wGHG|%Q5Az~2BbwE9|8(5wvZ=`Cd>QIuy?Xp`B
zU@+c7wiv+>yVI|gSWCZM^k`qJFz~2w@x&Mw43P&~+y!`}ycdn|3|Zc;_mxd8SVX?P
z%yI!sH{$-Qu>u_WZHj&<zny&)o)M=K)&nHo)nCsT^EDEjKfb->DcOMO1{Y-2;9__I
zx`Zawui-eby}&RdL<H8IBKYZhZN>1Fvlr8b-J#ZWofcr`uOY`{h(_aPMi!Wl*O7EC
zJE<__W1=CUM2VTemM;(P4SE~sX>&=Xm&h@rW8&cB=`_K@)mHPwe&jb$(_wj|`{8DH
zU9R>i(9Hr;d$lNlVqstvJihG#S=f5NDT*{r7@a|wRmyH}e~M=x)P{vC-u^uAPa8RT
zd_dGRHRLpR@w#Lv%cE4OUxCgbpl#KU?Z2#+m*A=j-1()`{cXRz4wjp;GH@`QOE?Q2
zF(0)92_8QNzn15-<zSRcF?QFX(G41jWw8$D{e(`CBQHT&Llv)7E5D!KkAw4a57zTE
z&<tuN)Z1bAu^oIzf3ZJ>#clKi3Pau6wZMDnYjFO;S;#%Vpl+y@@SO3vC(Kc$&kL>_
z*xL@P<^9dTf}k1DqA%V~hkwB*2~jffLY_<2F$d6&QO;uAjX{V;jHCw7sS~D{Kk+NI
zBfO~=g-eFfj*$e5ns6=`pj3)XP)kRXeRAQW#R6{*zonufrm6itTZ3Ao=CuD{a9c*w
zh{9vE=+KwZi`c@^%ZpgYr>7T~t|v2NPiDrR5Hz%jV%sFW@iaU4WOfd$ND0b3KUF(|
ziP2LmC`u6hP7M57MsdHa>`R5@kKF|kqL6lI%-c2~<QXlgCWRckD$~J|n?(o~U;|^}
z*?czBS&ypIX=CNDmm8(+x6wTJ?+qFmr-?~sN63>0Hh{+Q_C+2XH=7aRu}Ya0+Qaki
z=l!-zMpDuj{C=$a8_41|*khXTE-z9jem@;faFh2?%fk@6Kit+XCxi0*35yOgXM9J_
zS{GdQmM9!F_`+<ye*vdOZd@e4i7p%QV?)=;U$TG!In>-idAs=N;$`}6fm4-MZFdP&
zGC@P;zik-Mr_d3*1W&8=``x5@lJw|f2VO38k|l{lYX!(Mq@Nl5JVrZr;BvE;a0cE1
zY{mMPE1(I+L^%gr;@t?j$E{pqIg1YCMNCK6-4a!u8cxvjM#CMY*u^zERm{*7=`)=O
zIYMZOqAM;y!%jcseo!8Kn@9`nm+n5Za|{RiQ^ep$=-4KCijU}5U6Od>ynGArh1~`Y
zM$eP{*m()=gGj~XCxxg}d^6TVGV(Vt9;2M}+)=v5;<L*jm1G_z-^J)^F)BH{yWTtw
zRcA-}QbizeQ~Ba)4<w^B>A(<gO??wiJU@vFOG_4L5Gmm48@e&1d5&;&f7$&&`qfL*
z1%^;2R4RaMkAHz(bF^rSg9}GhA6;C(*6$~a%Q@r1$zmu{5AgMI0Qh_Gw%G>HI>KzD
z-9R}7uMrpl_dT^V4^PD&M;yp%52L|ph}}pnYi(0?A;LBoVYBP(!Rq!~C%(;4V8yrb
z=)$Uo?a@<B4qS>^@r8NvpgFM@mv@%(Uv^huJ%~V3D%><a(9R<thJ|YMlJZ$oF~lsA
zCuTB9YW!RE@O``d;mv@fk4^r)jXT<-#)~1>cA&YmC?HP6(SSQwq4_<vMt_yK=(_x|
z?Xyf0zq}|?3L?K;PD2o-*QKm>@ecE*&R;M!BYx|Ffm>!mEoo_k{J9A^8=Y%Z>|f;s
zgWFTU)f1L)n4H+E>lR(2kv;0Un0bonDAYNDsIB4PdCFYAc!K5RnZ!cc>J?ld7%}00
zJjqpYReP!?iQiO#&N3vlk=#mSj6WgrsPnzO*!vM(19WK*DjqIZSowM&i}5Db`uefF
zd14^_=u8EJ)hUIPmt+X9xMZ`<MeI+!0!*z_|CEBo^?3R`oK~`8YrQ9BAnE-94)gxU
zX{|mX(2PCI4bs3Z?NTzBe_P<Xpa;?bqN5%N2Xa-gHN{iUeqZmFp4GRsSJUK0$_K7G
zt6K~aYLMCj<XPK9(S^PlC~-iD703#&CL&%ga+U^w=&aKfN{`+v-7es%o$Gm)8hCX-
zzHPnE*mU9*m*W;2z&gdu;t9DJc9x}B24rE5bj^*nm@tNGQS~GR<2lCFF+h#^q#T6X
z{k+4l5eE|2nRxrYTjRF}(%tViOV=UB<mfvGT!dNa-LQrDllP1KMzv^2#5oLE2ef1e
zIj|Al&1uR*wj8+beqRT<Mq~PIQYTm6RXw_K$a=uZIAvV*U^;D!uR5QgW}6g1r#9^a
zX!>ICJ*CA6S`o(((;<jZ9VBC29Fj)J(?MmdGv0iLK0hVj+q*&)JgG%O{%vpQNLEoU
z3m+hu;ZLdO-Eb^T1$q!YViReEXpqhZIPH5ev3VX?XgqoS);zH`#plZo3L9bsEFc^3
zg!%z>JE~FnK4>dwb_EU5&adMD7282MPS9TieNz3-X84Qc3pbF{;JjUi!g*Tg+oRe(
zXLi3r#AWn`b&C~1dX~fGb8_)=S@X~##bNb3`G`zqX~k$_2ZSOoNcF&h;;`8i`skd1
z;S-le8MO*F8_%VUo^v`}dOzN<oD9U7>zgn}E-!K?%!DnEa!Bx)fLPwMe}dc+iXOyo
zx%BOF3JwwxuC#=V=5D0v?VP+xOcTvDsNOt0&SLzEd5gm<=xvOL*hJt-mscHKj|RC%
z>QWU}u#=@%e?zw2(6YCuhNF*aI^2Q3*f+et2CShgIPNIX)OLo5FFW-H{-+WigdPkY
z7($kzNw6<ctO_!xi;q8cm(#JjadKYSSLxBFC|S}gWms28=FR1>zZS%vsIW|D!r|ag
zfs*Hd8L6EC$bv7Ry+S=Icin0)w^xt54(@FP>-3EWLwPCQGfR^Qm;vY~T6`XI)tks$
zjpNNj71a>4#8G2&*C03(EL)mlC_ZlGc|>?XYzp36ysX6*XNK8!cog?P_<&;J&2DrB
zu$D?>tNjTD^}BH;j%{f{<Gm|EBOz{0i{*#XV7@$%H2BE51U&7nm`ZgJeP?Os;lweE
zsukW9@3IXiOvCab{lYjBpaUw9TBmw0RrT$1js8=gMJb!z6vc8SZPG6I<K0_l{CdZJ
z?Wrt$R|%<Mnzjf^nc06e{EzhNNIIrJRR*gKzxp_$^j+#;{Y7CrF9=XPU_bkvWdMQH
zzz;R2tH(Z(z#Q+$f;h&4=y72;=t^Z*ROtjt-jx<aC8I=FD!L90nz@&<<?GYi0KBL&
z%wEx2uQYnt=@hytd^zCp@@)$H_ig&DUvtdC?tg>R_6oZ0y?uF+;ucHlV<prNUBe-c
z6+|~bXTOZsWmtfwQ)s?TY(Bn%X4eDG?i_X*O$RHRALjECbdk6uvZF;k9=D;bOFtyP
zErBaEi-<_bRO1O6ilzsV<~52*i^@>CwyyOU;f&@wZ%&quv3bV=oYr>S;H(uyIVuL=
z&DG~`gk3DpLLO@9Do{U@t#DTQrOMLP34>bdM-@5ekG!H-iv#y0KJW=e3lBB}15dQ5
zzGTZEZn!A+*;>I#mIC8fMbThg=<yWB(cdtlEZ&0nqDCot61106_NJp4QaV=XCqNt3
z*t6U==lmL3jLpSs+$jxRWl^O=*`g**hcPCBJ~uuioCWF#o`gQXO|jtd07p(yjsS#k
z$~;<^kmWg)9&(iN45E|kfw&lbcUI1e%e`qZHFIov(ttIutU-x-;icH!<AuHPZ#%&4
z4oAfJC>#j{px_w40EFMnVoVV)zR6{bM{zUhS}68WUn@wa)<8p5E{o1LTpJQ%qMA5Q
z0Yy>s;QoLcRXc4+Dasq(*ICDxD^Hl;#yvi`sB-k9bmN&6^jgXW=O3TQqZ$de>1LH+
zpn~~D*T{|+8sYa;XHE1kz1Le6R~;fe0k6Dv16>uAwzpLUiD4~g)2mB?zr=aI@0UiC
zBV4PS@kPx<13;b8x-*_u3hsqw4ZQHU(KN4}mju*#CCoy1fCN%;@mxmoxt!mcI-8&M
zDHOTwlrGz!p-PsR-nG9X5rh-R7<X<M!h!)kr>GqURP;uUml?sB-n<@=6Rok|7d;_d
zW8z!)_T#;5Y_HU(-;0A*FGq$rHh@h>#tvt#dMYBy1Xbp@7x7xc#rx~7SU6EL;{r9Q
z6Q@QTRFSEQYn{EawtL%<Cb0d{k4q(U7YDHdNa4h_Odn|66q@!GB80*Tw8B97f~|J?
zQXn8+#+aZPPKzg-OYsEW=!bU;0lew9$aC@#$>Ky#Qt+ZIu7i-XVKu$WL|kT5Sa;MQ
zI1|uO^b;VbPogk+`Swh(Z&u)(yj*)tAd@Vkq)0EY+?F>)c?T*&6;VrHcX-Q$nX9a#
z8t=9`>mh#w@o=2-Hmz@=w1py?+kwNc#n*_sp5fx~j4~0`FXxpJiWAm8tLN~Z9$qkh
z6T1}t<6^~KkD#0aGD2x7TAx5b8Bax5^oy0bt3AhrWihUAoDWFc+uJ(<4O*wJFD!(?
zD9m6wYWssV%b2;mKF`{I^g+38=$xY-1LQx72n#n~7O_+pI3fsPf-ScA($?4eifgQ?
zveb_iQo_?_^LgXt47)Zg1A4*xnhj74Lz$tf%Lifk&EJdeBjn>T(6xHe^pRN-GUYy9
zBTxa5!V6Mvvs-a`)8EP2JWDjg)3mAjxjUMC;b#z^lCpfiPY!9uU~v=3-9TfZhz}1#
z>QxU7^tU^|yAan~*`x}=${Gpy6?35F%_)`I>pGAKCl((REF;-1z7wal0wh?uz0|Ol
zgr`qMkYEe40bF$qsjNU#bv3_+i;f5(?omA0DOiQaub_kARQ-U{wXmoTaiRNDtDhK{
zRXr_n61~q2RgHD*Ml7afr*fvcR=8cG>PuFlFg9Iv0R@bA0xC>}vCehA$5*d5cy$3|
zSN9?7&BGHRQI2#%OV|JTZ1Vi_`|z*FgR46H(7knAp9kR{f)y2Iq*4t$j4PTDQUn$a
zR{RB*IUEfCrXl-w4qAq#=C@f2j}mtr144Xc*9z#M0W_M`F5r*}NJ~BE(UgFK;rHb^
z=%I9LQMJ3KWLa?R1rHV3V%*PDA>36NUff^}3kmILp<pWt-;GkkU8kZo8s=ds%2$AD
zyFZ<)_MwPSrM}VK*5iJ~5m_8|k-MHzA%J;bo<NrX1rHE0)?GcOP!8kKv1y3P0C7A}
z>o`KuJ6Vl1J`9LC<OlsPMznrK6_Fo0LXfNC@ndiA=jp<$Sy28p^~TA|=GiZ$ogn-?
z!FTQ%(JlvZ-mZ7Am`ln^R~8d9dRH?HHd6B~0C2r+f<Xdgz+H<%2wfg-!6QH)r9z?E
zsxgAX#Hg_&sG#>lI?bU_U5{i@pXi;#9fhP`C^DN0i%Lk^##qkJ5Y~<ra~7db5@l`*
zCbaT33PHcvR%0yaIinkuTerO2{J>Q#^hY}DQW}=6>l$TTmiMAy2z@a7U~hAAJp;7$
zc}SZ!ccPW`K8Ym?@YfC`%`>jVyQrujKj`fq$BL&+9F|xod`2Hz*d5-hj*Cx$j{2D*
zld6GT5*9eKeZ$&59`JxN%W-Rg{)7h}QShODs0@U$z;)vBdu^l}43~vG8QvZi8F(Q0
zjHss+ut!K~k8QdTBnv?c9ObdrK*V@3KB8WKd!tCSn8DEYa*UG;>{k83cT+*95LLWW
z=2+ez1_^RzffQZg1w>qt(Hk!0v0=tE#VS5lR+q5K4SO``Klk2#L{k)wl`W6Tsy%}q
zCn<G>QNv=jGw>3u@LOH*aQMauWM1%jYlf3}#aa@L6`%PQ`fu)ZBHTBTYa$QXMzAo#
z&x~a$!Fxb1ZFQN}!59#k()6?51kGuo4Y@aiTD_9ZO2cTY2z@<HaW8}|^Ju<6HOOIo
z@k&)bNlSq)6UQERR|yNnXrDIdPs5N1)kA-d8nGL4L7?ITyHe>5b=HY{jOcOoE6>Y1
z)zmB&M8*0D!XO(Dy`14S+cO{)qO>&4J_r|D2%0Dan+O#Y?6OYqSbz))In^ZHbVy*(
z8dXe;sTtBW3?{v}r~UGLOFvOG(rCBkYKoso11JY1U$eTE)77UaH3NuFP#Sgl6Uc3&
zE`aLcdOV0`{|<|IZGwfXYr9<67?;?gX8KU7%B<r#FM}W_s~sN==qhpFb7AB?NUFLG
zlKW-vn;o*lr=!^zeX_SH3XKDn<wxA>AT*e1n?@P?&_~^U4EycU&^@CgDT^ly-}vxe
zM}|=c<8DTn7A~kfi+0F!OXOA6EGj&%jeF!#QwQqMwmxpc+2G|HZuHH@xD{R0Kxd!}
z_wz+jI=FW!%CJ)T8||Qvgu+e6ArKUuhF*|AVgWDwHJa5!21&h24O8|DFwNUgdKETR
z#TU8nYOz`zepSk!Aj<@Dew()=b)-zJF4ij)jm>)8mhUHbRy5N3f^tGxJU~CzY*qLN
z%uUzZF0k^*bM%r{(#mnDC!5q1M;G5O8VY^oCt^mZnOaKti;(9~Kq@6!-M1(n{(_-a
zPl^L}9X-nzH%vYwkitVT!9_O{YJWc`Q(qe1ZeKGfohub)D&0WXp2<7LW~pLY)HANQ
zzGXrVj(O9bI(ITb!JozN+stf++6d%7!W7LTPaRf6YKLpARRj6gA2MwWQ7`T5!_C(b
zu4rAnv(cCLs->jHK!)$$_DAUd`t{c>E;1-X%KKHzY(sMeZyYkkbrJ=Vhajqp_XTGe
zFE85_wLnpM_k^d48pqy|lXlgbY%y94-ipDxG`ZN=sae&GxsD*@0BId?$a(WxK^v%g
z;K8x;Hg)}T49O`d!JXO^=nX{m(Y%Eg>=LROfC-fYPY$;dH|RIaRMYmS0`Mz`O+eOf
zb!l`#e8-@~LPP_^^iY9KXGPR0k&Psu>W}-S^0%c)v7Cc%;1hF4OQrG_4EBWDYHCmb
z#4aqld{$hcNh4`k;CmFyh)wGq{}!9a=E&+QlUqk{yv(MCNvbnRWwjt)(^;32pZ)D>
z-pcsk0@~7;v0{KiiP6<5lb?4&zNP5HVssIo`GcHVsm+6AcJELw=+<jQ(Df=jeEGnt
z_1i!HbLjwGdW=YA<(nhisj$t;T^Z{am_spUcq7-B@og#{;ME?*YoeKBP~&HU`~4lt
zN}pK5U^x(caefes2MUQco7xp25-bCGWuoH!gf`5Pzola`cSw@MKf%2prLNrKOo9&D
zn^7t*<c%or5D(|pIuwcxK+hUmNoRP~qtFHpW2>riy}X;{rGL2}=)-nTE^RO@anRAL
z{q>#HUK+;p7(I1_cLQP9JN&%ANN}C}U~nNB5A?()$&)Nf8d+`W$o$|lQOvL&3mD31
zgC#*|iL8aY%uz9t=Fjho4@CkDkWn6yC`H|lQ+F6?5x5Yf5Dk&Fz=>|qb8;b+3f(u(
zzj|c9Zh#VoSwtQe!j3cYzjy`1!6B=`y|EB_f)xp*nd2)l$7dOS5aqN#w%@)5!j*@F
z#Dy2R8u3INB4uZGtEPtF32#pb)r^-f@_tY`-qD$4;I_=bTEc_yrXY<$G%fqZp<!H4
zSk&|+$qsB7DSq@M&y`laW0c^65D3Je*}bNyisXW0`)HgW1VI3l)J!~PwA5K|6O7Or
zn9S`)7|gz|pOh(Le(Jzhmv+69K9%q$xN6)u^@LL-j2(H1=W`QwJUm|qBykJqh3dGQ
zvRVq0kyVw03jWk1UoAr#_JW@=k>==%Y6=GW?%b1J<2i8U{%f`U${6Y5q5Nng6)=!1
zS6?_5T_5>jAKpRVSFAu`n^#O6sbVq%M;8i8EaIpOoX0;Mnx7IpiUT=LGFKi=>JBvu
z?hL1em+s}&Y4e50p&?7T^lCW1Q!qsFLaRRKL?ae~uk;)2SX&a#6TZE$zfI}xdfb|L
zgWQ@AZZ4niM#UsWl-Ue@ep9OywE8H)(J<0Y1vH<C@v5jm<Jx_yY_>x9>!>1%4R_cY
zU@vZ<R-Z|R7{H5jSJM}HmLev``yB)bsi?juHr@W2g`&VIHYrVD#+Fpay5ZPW-@DmX
zp%4NidDsNj5Qk1Zn^nir?`~{KU>sOUsRnBopQqLKEt&YT|59FIhD_-MTd7;SRH;``
ztlBAt2<99M3?kXEI>$27JLK$LQ?w+wVrOaw7yqyiq%v~(0}3Ku6QzH{GhSz1NB9Lx
zqCURbWeQlrx3l#r{qIoXHYG?gn@t3p$Q{xzlM?uVe^NN%NY|+zv5qL-uoP=yFe2hf
zKLK~)imsR@M{?qR4>E%e2He9uzT(2UBE?0%OWv{=WL6cxdC4~-*(uR0ad_q2rvb=4
zaUdwqZeV>&1>rtx7^tkk2_pJ`RU8nj9Fz}3LM*0>>2Y@s(lbJZonN3m<fL`@$JiFD
z<+pxpy(oCM!3StiZD5l0M5U0>ByA7Xhk%ulvXSH)sw_U=MEJw-&EfhuOfu-n{rsUF
zQiVXd?7Ibf7PN?s#GKZ_&~@bp@xdYulo<1_zby%q@?a>tM_2J?Y=F_e&8Sj##$2?R
zA34bp@FYga8BK6bVBg`WAgDYcWzR1F2KvK<=NRkZz8MC?NOGB2&Zszt&I}o=9m{!l
zELl8cRc}TKqyJ-PcO1NF+Qt5%P}mUJ6bIDJ%g#Myog(Bn5HGHdG8@Y0Q%?n}p?c60
zRu&}))@MDHw_xsoHl;F&{w^CLmyH*R8;Y`f6p#fdVa^d;##&^=p+jR3p3?mi3L#1Y
z3ddtitEeZRdy#Jqb>uN1KOJlbPk3BZq~KpY<6{vVwkc;Fdw)Pwl#`O^7&1Pt(H`78
zs3DJpz05TUqN|J*3E`8$F^UKTz<0BF$KzgrZrwG>>@XaLfx8nrK$km7$1p<4a6F8S
zkWU*1R7Int7byHhj2y?~(`EhDWzoSZEO!$nFPJOH$-T;HVYqy~oQR@h;0F0bm=0|v
zf@670XJ9N&*|pzVkvU#DYV^*OkoKm-wNWpqD#z~j>v!D1nRWQEC`mv!0y1b3SeD*5
z0s`1#{Oo#70_zSx!4(-e1&cwj3t1F+kPC&JnWVpjM`}98<qwTcfG@Z<HYsMd`AUBp
zK}7Qk(aQVSRG8AHytrx;i`On5F!15#$V2Uy--u`oC$>V(<Fhr=3ME~jkSOoR50Y&X
z!)ig=(c(ayV{nondaTOb@>QHMCt9EFRi;Ud`tW`{aqr;Z!i2*<!*)PAq+ef1Gt~6}
zYnLHzC>`5XYPblpn>BCvko(Y~f`+Mw|5SI!k`$QiV&r9lSy!oCNpP-m^Enn27nV=~
zB=2}v1(5XgKLE&MjxNTj#G(v`I-ufw|MjbQsY_JQXUP2Hq)CJ=22%{5;R+|_#WaS|
z{(k9H5%9b*lwQ5)de4PB7bF_3Bc4J^Bz-apkC+!yVLV4&+*MqOI>peNu~pC`@qNlx
z)in7GAr05i^5$-TIn{7H<<!8DHlFyAOS=+u-@gMy7378s*ZNdb$=g5HUja!aN+Q2c
z%om||6(}79=&=z0l#QksZL;V~!LGrRfIwp@?c6V=$hOc6a%I4IOXkb>9O6R@aFW^t
z8xy)IcofWB8dmM6v?@R>#rYo_pz#p^aVkYFfas<fS^=Rz1DKMrG*z9KDZ1XSV|a_-
zMn^PCZw|Fh9UHohKXj2J8^gB+aK_}`PJ1Wc!j9j*_AYE47zU}VeW84Yj2`U_=zj1i
z9;t+5bA;PPBtOC`P*7n!;`=xttc&SzmK<HwbkRd1gwQ@IAmu9BO-`ZAw|A1V#u>+X
zpsV{KX!|PrPY`YZVTTfsn=mhs&IG;$DGqog$_);6A%V(q^Li#*670fSIT{9$WKk|w
z@x7=co^)G0%Lxp^RT@H$K}se<yoEHdXn5s-V_WAYf!mLZZ!SQogKyWLT4=HVQ}Xaw
zU;~;SyV<NFRVOCW*b!+EuU*&}gfCwFgzx<%_f<JWVwD`SiGu!!a=HXdLFl7gp`2b?
z*gDQO+(%Tb!X}Tz5Q*UU+xF69jgy7rcNg*`RS)DfMUjTk8>N@8%#4Rd;u}0O8XP6X
z!eBmk0|I-!r||e_M&~e-3(*MafucU5O)$YzmYG7G^@PaV^rRtJh9k(LWsk&mMFuAJ
zgj99TE!vC7L8CLnPY8srN;#)$;CK~aA5?TvDQ%p3$jKbVC-TO7p$LiuY7j})8dM%Z
zTqJ}Bq+lUqs49mD9R^Db8ehdgDHRsV<(QzGT)#*@kBfwQMjwQ#L`enQbA*{9Z$KQf
zfM}X9=mOHUjL;c)784qIH@RtYZ(uoS;+SP6VlS$?cpJwYdq&FGqt}|cB8HNyhE0`t
z77gmBP&7fm5d}4Egc#|caGH=5;BxXaOD>T9STcg1GFTB1%PC|^y$*-3ux0@c%0?lk
z3u~x?#r#!=kk{;5(0@)Is7!Um4a@V8n?BZ$m<(wD47jVp9y)OSnEhB0nn>S?f>|D_
za;C;RU8-M17X?wF9Mn#F&;)y`4KS-GyGOjKL?E6*DbPSYLFgKb6Wb8Abicu>dO!+l
z1^XeA$2x;|zS$q1RD!%ijYaFENpLB++0niAZeoB?0kd>uaO3f!)ZVaSNZo{L;sT%t
z_!8x)AHDtvG7G{D6U!oYA96+2oGieYQF+JFB0$Kq(F>Vs2(BEC*hdxjhH<p-*TK=?
zn^_tW%D_HLG;r6Y>1DZ!-N3`;p%-!u2RANM`hw|7j~O0hxYQyZf{@zrC?7=ci&MMz
zJ_$**?UV+C@RICWsVmxQ5|EJ12Jc)SU+X3j!*UUG%*ff?HQ)wVTw*KBvM}2c9U>(!
z428~K^L@;L34SoioZz;KWG=yk;-3wpjCp|#CO_H}QPnt&`8VR<lN^TH7q>X2DIY-y
z?6mFI-Y*!G3~9KQ^;eC2=R0I;zeuQH|3&g)5fJAW(WA0^h&=rdlaz(1n`rSOUGvim
ziuiVD<UonEulSEELF<$}t*FEo@YHQH^6<QU@XuXw9CV^&Lu%VV+H%)GDfp_hK1vb;
z&h2jxnHfn)mZMStO|KIid9xC|e1E>xWfP8HBe3f}Pb4@!K~p3?<a~qS`d|ExA}ayr
zN$IZJ4}M@YkHH{=l(i9EkBnWGYX^ByG<y;Y_eZ>klZAnI9dQJ`&XL_w636=2&ZFbQ
z_GdkM;D`QeNeAXwYTB_Lw>U7UH#yn&D?SImaC*gP<B#EQfr0JeSdifalaA^k`FP1`
z-8iQGp3ch;#O&N1G&%h(R?urKq;kXch9Iu}{>Gh0p|g2<IJZ|N9u5YZ;DUayAmGp)
zh>`4ddcEw>EF3@L)G3g<oi!oQ7+gGI-K@~BdyhC-VvPE0OCkhj7^en(e1G-?dAmE(
zCP7h<62K5V3s}U?X(D(8<V+b<f6u?}ZzmEzq|ysDJx&c8H5m(uN66HpSdv`$&SIyF
z0tZmUjCk_+9GVA>1q7C8sIvER`Bslza5x;AEj}OtVont&GGhbqmf?SHidmCT_Y>42
z`jlOVQ%djHG}KowoH?Mb6rqYca667(ME+CbnxLhplwmRB#aa#5U6d_^K*Wq|r82IV
z0cCw-iz1KQ(2;`r8sVGKVG~j=ge`w=`E)9tB0Bw{++G>pNe<-LkWVr$CYDh?MkV}b
zeGxQgm=Z~@tE9-dU+Am{_z4&ybh2ihR^$g|Bv{gba3V$L%ZgIsyDd~GZ94^T;c!8+
zV*MpErxy(2pFd^#(w{m`_iA6(&4`LyAOQ)7r+AX0*BM3eiWp07($I@?^M}7;x0pQ4
zy+l|-=JiCE4_gJlfx!zQ2>}`Rdp%*d7Q~ti^puAtfXWk{22a^Sc>=l~Kn68P*`=?6
zOcznXeFJalt52fWDNH!>(~Dx`U!2dIcxzaruA_z(E#OL)-Fb9Y0jj3t!&)_YsCz5=
zSri&5U`g30l@tyddP+Sz7i%l0X8-0|75!%3bH=6_Gruv-Stp*ni>I%Yx5^sqxz<sT
zgHZtL<;BfWTrRBTZ;kQ>4-(%&+BsIw13e-9GkLD?gw^D!qsJ4qE9A$uYz9YKd?8P`
zKI_uh3I!Zt-$!t=ah4~<wm-B6TLSM1C3WE8xTJC8X#f)`%O$X_U)%-5BR7xCObI*%
zqUz!6Hb;hCf4tUp$~+W*rBYeW48rm)u|OQ=06DP|iQq*HO&%vk^78ll8>upaV?b#i
z+8-&b;hpiO!eO(!BGND?qrbg(l%C^bxsUXRpa%V2=g#-&-J1rzj^r)eic!*rz!<AJ
zf;>D%;#vZ=qmR3DP=y{4uG5}oGA}!&`v<DF2)V&S4B3fW4E$DI7A0gX!VHjz`?yf7
zvlfxG=*f*Gno7A9WLAjVqfuHSAWiA>>M<wI3lg2lPcS@@!7bM}^bJ;9b~ZuMSsL{g
zK6d%~hKoi=s+D+6sJYZ*+T5+sz6S!-4WSxI?iB8{nPtb)qlH7^sDU9XQw)J@B8SRB
zX&B4QVRoaGt83HZOo29>v@dC#Q`mhUo@GQ&2SHr&V^x%U@jH1p2FK;c@_;vnpa4UV
z#;Md0C7)p4H*~vj)2z~dCIxF86LB@enNhFTJ5#(7BsC&QMOsgSP?Y5%|M;&G$(iYi
zVU#1$5nj=eBZf#f1!W9w+cY8}9>Ho#@!l@=>b`#~xu%IT>Q_Q|nTZ%P50Fa?`upf)
zUWFT$8A#K|twovF)`Pb@I7$=46(Hc%4v_ZaL#Ji+pe_vwP{yH?^gmtV3^;GOZjcnR
z@iTUdCi<hqvC19Pbr~3maRlZa|K@(@ts62fixSKEK;yToJ_>eu#zlzWN~jNyCbUCs
zI#(GORS-0?iyXrOc^FSrkAc?p9xY?43;S&v-vhLp`2S2q*F#<1Z&?Nh=L?Bs3c~yt
zf_VuE-6dAM5Y{4<Ln`X~eH1kdY7|``(X*z67{oQ6jZF%=9jCe)YuNI-OoVv1>d{c}
zlBbO@00VUiGpt!G;70%|Kugsa1+fgi6rahi(d%Yo{e^fy14vg@)}W{#Ynn6eZ4Asn
z)=AjBE{PxH)u5R!a&47-Euw$0t~C4HvsBYzqJ9a~qkzLM8Icf1V`9XSE?jBAx`9pF
zN;<20(O5=g>7D$KG=E+1p+i%%l%mrq*YH432=j(?>p{L-66w3`B*Y|P@ezqY$gTrt
zt4^%93dJ1J)!b=QG_Rz3h_7hhuD6MOO(5mn>5!9tFNukg8u}f4Q@U3OWh{kY7ZMEe
ziNo3Yca*U4!d}<d9Pq);X``qMNG=9jqR@+pr^fx%Z{xFxR3F4dl4V5>V(%h_saQ-G
zE9w{pm>j6^)h(%jP~Esz3McS_Z)<(aU=5{-@k&9|n#(P)Y{O%g<gaxv8a<ir9q^lg
zE;lydd0k9;pa#K17{vp0B0~-a{uoH{*3I?6bsvSS?hV#^DBX3|x2GY^+L$aw{P>G;
z>KHYL1`3?!G{lGCN@QMSZ9?`#D;>jZb2Kh9D2O~Z?hw43Q3q&2V)XG1_}{B#OYT<+
zu)L)8j$;~!Jou)cFet>M>`Sh>Fr)SAdeK`-5v64>1nhSIVS)+SSFv4P){6T(MLxEY
zCDj$ZTQW$+=vTt@$Q}^fZ~hIzDrZMpr!@S?xx}D=^HT)IpVx2O4BJ=mkTzgxx2a;q
zBG?{*1bk;G$xDqlDg3h|?bmfnN4Nl>%=ZgL6at8GD#|o{@^JT;@btzOk|sr66YnKK
z&f9#+yQXOUDt{xC(_HNYe=jC~jD{P33BAkF<a)yW(r#LaJucKm3+OpuRRc|+Csy0l
z>Fs{)(twqG)g+IUM=a}u`Vn=7!g-CCGLa?rlDr0PfWwPxa?d~|XXX#9lc8()!N~Qu
zt0pLc1f(lGyL_CHhCC9GV<NCvG&$=usy=jx8n2Q%Dzmj;m3>Hsg^|`ca5GYoa30(#
zsX>={g%ccwD|#t7i9iC2ao4ks7`cU0wn(^)oSfXPmltf{9po;~DdXo~$hoZJXAunK
z`{rgObKKguOyiOsL8UT$2O0yIZu`72OlRE-EbOb|Dr+kS4Hc=%ip#G07ZN{~+s52~
z39BU0jxOesL~`y#{>14C?!8lpAcLU!jL6v_eudVxY!L>KzYefrk;u#&&Q-9z5kN61
z$QzXL{Lo+5h=iuS{wfo|otr<L-&!gN9AACb-E00;FBikT2#o;OvZz(wuBL|4et>*&
zZo$=sNJwIj`7h~RSshw7SGS>%pr9@&d>wxlx{cO}zl1Dnb`dZ-MeTKh%$<^sxl_(o
zPOYzcL~CCHdZcy2H3)-CJ5c$1pdX1Wc((vX6_}SAuCHi2G#}}mo5GnR%4dJw$YEcS
ztB>`UWDqY@{FPq)2**;V|8>8^KoLtVqF_#{lyuB-mH;MqYpTGU@m3NV0cV!LtlliZ
z<==%vjFW`I<ACHEzSd&M4c{RF9S&cE)t!7$fdu4D?%Hxv<I)JULva+iI;W*03_b5{
zgBzFf8%;P0e4ed|zxZ3Ub}L;ou2ZH_ypbN$-E$*=3xg0{U&mTM$ZcTrpmE#dS7=GG
z;JWcOkvya%9R{$lyCz=1h!O0PKvSOt>vG4z=}MO7_-ab%x}980YN8@lfzCRIQ|bZ`
zRAMLR0ag=^1-KTh6<Ad!Z1tWmXib-ULbFbRf=Xie7?bV`@Z6NCt$q(DW=S20$+6fh
zBNW3<L#Bc{)3ks`$yh0+HFizMeRbLy>8sUse6d*X(DF8=4_XjeG^0Z#OkW61U}DMT
zU6aa5R*MS)n^=E|DlkQ@H0U-hYQkw6p-zcyJ?Prc!zh&1xZj|7;d{xXY^>Z@c!c!t
zaYKXRoe&|t-_POmq}+hHJrDP}6a<sh&0-3ET)r?<wmrQ?mJICj1`jSRSBc;jd&ZU+
zhEQ^J;7mLV5qTw7J8pz(AG`2D_L@`NMV#ztJ!dTgfudILTvy^Ln;?2c|F|O4R<t>K
z$@<DE6;2@*1DpZA$pq-Nh6YlkB*C#VC=5EN3Cr6J;#OjX?2}U19Eb|$*bM>F!Hp|-
zNj4C8h5p8}gsvgTnu^XDdo8-d3FG<+bJC>jsjnPPds;G)ZIM858p(IFj=xy>62=EB
z*00`j`$L?Gbmb<kY^+Yczr_m(UM>u0O2DbJ-fzO3F|DPfMH1NF`&l`>pZQF(35c_g
zpV4ZPIvW#Gp4hrzIgVIZvX^<A1>e8*L6%aLgZ=wMP|_(~f3sb_m8?fnwDlX&@r_k9
zK7m=!N+n-CHG--#A!OD0bk3w014{H^qIR;5H~3t~DS+tfp0-Dn;yO<U5J6M98t0nn
zH8C>L<1f)wT<weBTdxQe>LIN~rbuqC$kP^`-~$v~C1RvhR`03E;v!?866J5_&SiM{
zN@QW3;sn)fs`b_|g|Nt_Ik@g*?*FZ3m?mz!U*T_4a%lhFUeR^53lJGA(46FISO=!M
z9#1auL^;K96*ITqA@qx#*TT!&N~gUDU7`F?4YIv7U&$!j&#|g@rJ&MVLQqR&>%6Bs
zRlO?RqM705y67n7M3tX+c<ADKq-$^D6k~cUUEvD~ZTi5D8a992-?NTOX5tu4Qk6+|
zDFiq^fqyBE`KL(4oj5IIS81tZ0JsXdpDag(qjBMP6pK>!4s{4Yg4c$%(+$TOTy4=t
z5|Wvi<>j(l9&##{l}wG5`|h^XS=ZSY31`g-wm~(Km@r`{(6x^xpDp>^@jP%h_*2BK
z8vwSafwOolmC_s@HT8N~%?JvwPlM>cmY6ZTvK)cfrSpA7z{!&MpzB~4!DrazVrg3y
zfZ$#WqnyU-4OIhSTDp=6$*bz>a+9;NxbtCd>?A6&4;30ye3$f;<pKT5o~5r8E?|u(
z?S6nS>M8t(;Vjx}+^idHDkm$|!e$|m4RmvR+~UfGprzspP9g<qh><usx}1jOu;oi6
z?n@SrJ+4Q;x4$x9u&`ZarlisunQVbxB9tEoiOBadhwrWJl@ph8_?X*jzx);Y24Qc#
zS2C2ND^o!xSyAME{;8tEHgJGSX(S+vUX*%8E|ucU0X0L3iQ=zF#opWn&vlXt+Hf~T
zHHtqOJ}yGozmSljg`HSHwwGEg`jUa91WTf4R6-Eh@b&1LDPp`4e@Hg3`sjr#O!6Xc
z|6L?MjDjQ$Z!EJzUxZfEmj{O?7OM`q<{?z+ClLf;?uQ*qrczf4Dy$~s4kes<lk^aI
z(2?Z7zC+&F39V_g2&PP_5-^B`(#k#;e%+P3>n5%3HJ!GzKIp8Af$t@#C=6z+VJr#s
zxil@+epWgSO4NOu*b28g<%Ut%28T-ztlIcC#$X@bYjzGc#v|^xC=19{xANF4bM80l
z7(p+%@6aaKPbvcbwykbNh<nFHd;awGremf$vB>41<Ufq`y5;%`?+n@AYG=+L*@yxd
z9+hdf=>2QLx;js8T*3SgqvKB$BvZ7u^j|762OP4i_m=Y$Z;;8XJrJz{C^HSE1POw_
zZE?ZXa&bj7mK6fcu(;rrS%-%-(|hT1e)H;*<Fb73v598l0BDSLWw4KJUb!de9pmoq
zpq2<vCGVufp56z`RMZY7Xl9@Iz1c=iAKc@pc6deq?F3}JJNZ_3Y%iG6UgWt>JP!A7
zDk=x2DORx?2Q1xjgUxn>;wQ*EtX0{bKQ%LX6d>Tv@^7|FS2Bdd->21m)w|{HY6jb8
z`dz#B41ygKIg}InQ)j&<M<Rz;9*$ZsUID(O_&wuKtc%q6Hyy}X77rqMo8udc#ZdT<
z8?TqI`yhGDl0R293{w|ox#Z5hqba5!*U|<ND-7_;;K$!sW@M};xmFyV=n3*MIKQWc
z*X=CIicb8s*`S?!yP=mMQXvD|W-b-cp$L9ft3_ss4*$dBKoZ+~&wFr{nL3mgqgPJ6
zO37`}E5}K$mzAQUiu1pA+byzShu5N@9ZR;s>K4gB7tsXqv3+mw(iJyv=gSuk?&+wk
zkkJa(uzk5J>|TvBxQ9QqbZOTVF<z$_z7mTJz8WEEcf1}xZP}vUwrK!W{LVyXLch&{
zBw;?5Gz6+(1aTNgM+?PsJ-1yIZr<L7E(8iC@WDjJH9$z;7y@zP;Pi8v+(uHf#bezK
z><<%muYeJhEMp7>ZsZIU=5wl9f_MxVhiBy@B}*2T26za!734_Cdwa(}B%B>e;)ze0
zE{dy+B3Q92cS@=1n1Fjg7+eCkzFyFyG+1B3s(!1f?m$Gw^~c)KP<z=hgFe)5jy@Y;
zIeEEcaAMcB{pR{EJW9HOAs-?ktyj}DaS)4(%q54&cAPR^)GSD-sGFBv)l5P8X1cCb
zyV-rj<tDwUt43?CZ6kk{-2p-s7lTqg3vNN6DCt`3qu$HFwu}?xR;knV3OgCnhHeAX
zK*EN$k}Y<P2_^Rs2YA<pYOLyBk?^>U$sd(xklv3LHBL;Xiq7{Pm&rC}4(WwR@Qh3(
z`l0FI`nfycTxw4j-Pd4?4pJl_-Z}0(ftp;=rNfZ;?jitTxvfp{Zi-?Xh01+#ct<p)
z@Ank}S6V2Ly!uFg2LqF|qAokVkx49NH)*7!@Ngaw5L4o0aFFD6E)X$BCA<-bLQEn&
zv~h%f*LvbHWa{%rNv>92Q}}#1k`ngT6-tg#Q=&$?(nC^L2BXklS76V?aDb;x90Yl*
zGa!}nulhYHaEv(XSQ%BK{ULu?*I+EKW?n=ohU}f*PE$GmM&Wypv(~i?syHdw#UEA*
z1eFy2TiGeN!aWD21%XVuMFgx=@rS%&Q5=?f&6!llE+UHR#$6o)05?-g;vK6GU+%ve
z7gl++yQsy^;m1T~rpxkT9v%W(EGjY!%LNLl2E~tuh_5)#v1HD1MfI9nanHEDQ1Cgo
z)ux!*Anbk*Y$0P#EzT@2>||SdS^F@P{$Azbe5;iLjF4qw0IG@MerXfl2eGa;7I87h
z4aEv~h>Owk60yy9+FgkIgz5Tut9e@#`VcO=B{x!~dh(#q$9`*I=}Dqd4Kx(4qMOQ7
zNN6mg9ipb<Bli;Tt8xjoNQr#FyFcp73lvD84>pGAM24$5h{00%{Z1s77*iD%PnD|I
zhRmJZoIFxVw{}M?tLQKY85r;*ZSYu-aCzc30hv4+D-4?>0j?M@l(tI9%Pvt_SFkP7
zG>QX5<??%*pLK=hv5Tv&?&;Ajw}Pr_nD!(?`9Kt!r}s`;4h{mFMZ}%-bDE|iDmC}d
z(>|@la#1p0ZCOm$$4+^8oeC=*N$GHrAeVqDz&7&p2j88KpFK+?_=QWyDrR?M(6J8a
z`tns{8RcK2QQ)Wvx|O`4mR!2((oS!PA`smu3Z@bwBcCz7xW9An;2_elmDFaDEwiqO
zdX(0515NF?O;o%<(a(ogaJ(8K-j-Ze2a6+>UEwSglZLL7lhr`o`WG1SG`MmV_tKhn
z`^}Z$vka)Zk^eAE?j!~9uq$wpcm}7U5d49!*f8lbHPiu$leB6Uy9qkwP<B8fH2>@2
zbl;P_i9wPW{%!aR3yK#TT<-e&3Pqkb3j~55rXGoSUz$!akMfL?sOhtfnCX|-r$J9K
zMw-DW&v^k=sI9$YfT1pIa{@Rocz}}qNTC4{xm5s6qLJ?v>+xTT>cio&lkKue!@!`}
zFfVB4G8IsezO)m~@b34?veQn4hNK{q?3XLxAuk&)b+`SpFih~3n-lH~xDD1j$C+--
z7yRIf)Ht+`JBn2<4azaDXvM*<rL?y797<{I13mPKP4|h|3yj1BqdDP-_g5DhX@g<?
zweH@8lCZed3cYpCNXiL;ffUYq{)~+qzjrir1iO&Zjxwo+g_c5bEJToZ9m4?nOI-Dc
zwXmAuMI$wUUlI*HB#wre^zc6@^HaPzT&>d1;OgJD&>@IC>*QX*&yd5#Lmr3nA#1vl
zOi%Q4D7fL__1S_OFi7H)h6}Wz4!%;A!KUuNj*;Lqb?2S{q_X%Cgp#^g-{pS9fg_It
z7k}l1qJ{hqw>S)5w*$1}nR3jcyXZQ%qgB7nD^d9wzy-oFGA(8$NGp2!f=uAcqPmFo
zct96Jk`<@O(8~W*eN%MNjc{yL+<V2rlPxkz*I87<M3T7yVYRqxTw26826Lz=<f(c^
zB^OS3>539-_$GS^-j!9`P5?)?P>v}sKn<Vqj4Fq*9Fp+hjzt%tce$62hak5^Xl?A)
z3@8BcHXf=Ps{A4aeniVUYfiEjb-@)r-mgyqWdY07t7zO^!5951_#JPpt`6+gu#6hT
z3>4KXFX|)$m(%T_OY9?C9*G#d(9R*RG(1qfhnbbz+u!dOM+-~yfH5(QN?_UqlTZ~3
zJtxx&po<o1VUKtC8Lg|nMNa-W0lF|N+}kA)3hpa(*jS^+IETCDniuq9Bus`g4)qVr
zlwUA{YCFNL58*tGc0fH5k9L$EpnG;_&J0A-0(Z&9?AHtuOy@Y!Eo>~Z>yQBrzo5J|
z7N$9dm-nB7uUMtrKa`q;dZYOVELvb*ovz2_06W~Tw;vHUT#Pyp<y|-wF<^JB4;QzZ
z#(EfvrsCf)L;o=1@(y$g1(JD<(2TgR4aP6vn_yI2vgAB@w@9U<$KqNySLt@#CatiA
zQ0$TbSC`29@q+bF84sSYXW%4H>U<=3eks=~{2jlzN`!}Mb^S2$-ue^m2<ZxVz}N9m
zJ8&Tn)#6ys_UKRi{CVhI`Rie3(VuEe_&$#be@e$f$`2l-^<+colpsMRGxq+{7#}<S
zRDw%<BK3=bW6{+^`k5KM=x$UVdSk{n@QdRYbc2T)lktwgG_}((;2rq|qDQyGYtm5j
z;7`&>;s2zRN6e64D2j+TR|QUWJXA5^T@s7(Yf66#TjRmN716{)?UX2=P&OX8q4Ut6
z<S#MIw?HKm^o@<HXN7?*5MXtti{Eq{i$<vBrIL48aeZW6?RRYd=AsS>NNz2gzIuN6
zb~LaM^%Do$wi~hij@>EafoO7i;>5!QITwDTf||_;JXW$+51`uOtv|*Bgd74D)cA{o
z&<^ic&iciyXYoHSxm=J>5UJke4Pl;;APsGt`wl8k3_x&`>1ogTv(wb_C{Hb8HtDm4
zhF+z|E3zu1<i-a6k*HwtG<X5@2oUrt2kDiDu*sT9g7TQO1qh^y0a7Fhlk}%CkH8FX
zI4_LboNy&87(zGBCz`Bv)cd*}nXyuf?z;1Oz%7!vP>!C{YAQWA%uJ;GuGN!qR+DHY
zcg*j@noj=X|EjZ|W|2}l>xLsGd($Vc%!U`<Lg~frKq*9Z?_H*bI0cS6;gEpV&aKdv
zB6Om$@wN!m#H0>L?KW7Q4#Bx6^Dpyq22Z=kv_@B)6jy10aQfgYSDEv+8$PR<Ge-D;
zdA5`u`uJkrtH6r}owWEC$|SZ1;GVas1wxIC$1o>m%*C`NtcbvEL3@??8L9z85#6qM
zM+vpU=n%akg6nYB+TCj)-8i$gxWEE3_P3I-tX7^r<*^WJ((mm|09#Qjq7QtijBp3j
zJ`Ae8VdOnjC1?{E>sOP^vM3B6-|RT1;8^M~iC~nUhQ`SWSAQ9g0v!)sAaufer=(fR
zHV|i>j|*n%RrJ{3KZ0U&S4V$b$eD_)2+eG~MqK6vc5i)qzwh6ZE6kH-IqZx`IR<@&
zh?ZLnZjvfBTyn83VNM!w2DJ-?D{XX6jhldWTZ6r#ip6(ES*7I9w@Y?ib4O#P7DpV`
zr5H)!H-XEha5+i@6Xcen?t88}3SC}N7|4cHOcO|->QW8AE3*JcC$v;aBUGUjQC|aH
zy%*AU9JrBVUo<Q^8=y~6+yb8;u3zON+8C?+h4&MbBJ^Kz$~rCmUiX@Y<x<@xi&4ZB
zSaYyaF<b<J!D|>jJEq})B!57nTjz%8A|#&=){~H?y13j<2|xHXJinPQQ&{C3HrNaQ
zzCA*6-ZGj$8KffQtafj{^xiO!nq6<e=&jygo(Nx2{|3v*7+E6lhF!Q$d_&85STdpD
z%hEqcj4G?9$p<G_m6-Oq(6NsBpfD_qYIQ8jFbLfvag}cnfn8*VCw@cSH7;Jxm@rV5
zv7#9XE}+!|W!n3I327Fk<wRoaR4vLqTma@uei+nv1Z3z_u`}EQgL`%Qh`MFaOF1!d
zFhft+nrW6R9hWq8wTl>8BbyZji|WhK-|eu9lrT|97so4#A4p?r_hE{^ami3?eA(>4
z$S@8*<AGtKv;0&#rZpRx6|A|E?WYv+hc~ZZ*gUid*ymudq=D5?*=UsPDSHHdKveaa
zM?&B}YF{GRXlW9={N9L-F$|lG{9YZFiNE{8^}YiAX!r)Pq`<%T;_<{*{`MWw^%!p#
zVG$r*&MEpVf;oBJQ!k}#c_zS42em}1<dNTY3e?o?b<Sj<$ommArO_nE)-sN1@=<O2
z`?s~ENIT=lSTfFdJRDUa2+~fi(?a6n$^qa9r`~dHgx<wro=#`|7bnw+Y8&KVYm>VT
zkd8x`F`|0oF@XXn9Yt~|8guzV#l1foejw5^JtZU3PAYh1d+bz8H5=aQC;kAKoogkm
zY^v#_87D>|3=jVI0k^_Z#Kz;n_jV5<J*lghtn>Ztlbc1DUBH_o69`2c{t$DL5GKC&
zK`W<#PrX#I2hL|7Fi~11e5jN>DK*;Xn!T+-b}@_;FL0cEXY}|@f}+F~lr7#9n~PFA
zGq?L7r=b&LO<{DJV*Cn}yAh2{>a9Y2$gpozxL`l%IY<KoiAS3BN2HPoau<9tKdKhW
zrHL=Q)QJia0ePlg0#?-r3q(!f{b%L$tnw+Ai?kHODf*M4Zn4RO&5|JoeRVIY#}n!|
zNT#o+7JzAhjdY(Fvy4iU=dov=xht3V<#p}(-P@Fsgs-GNL^_0+Pf^AF9PWq&68|2%
zx=^|x7DQ%Jg>R9q3NSAFCI43>4%T>p;y64)V^}7lflTm=s1S3=1iP`_af722&v;aE
z{T%QGJLV4ub-rR2A;mFzm18gfoR)gt*}&swTrEpM@haK9%3z*ZJc3FVe0KaA+|Si+
zl>(`^1zS)Csy6O1`004ZA6f`schizCWB?-z0@d(iZ$L=cPf5^&WdLzB;^Buz^f4kN
zjSWghGsf5^j+}1S7JZiTo!}PV^;qZLPb0-12^RiwKQ->EMf4LQbSzIHK;~n)F=0=(
zN*+yEbK`5G<Tis8o-Tx-+JX~uKuP1TYm-F?lY#4aC+Nl7(riL<A@2wxS5)y|!?=;$
zE<2i45)BSSB>qgZT%D#8%w=quXUL~*&C|PZ<eGGC%PI%{Em2jrS`ZMS#sN-X{P5+<
zvsLI)^>HLhOx^(L0$mIngnP*VSB1!=FiY9_A;CeUN{R|fUr7&bWS7JSzD9ShXdLKv
zlna}@3n?jAH3wO;@(j9N%IzT$u!Em)eR$+%xJ4o%&(J)4<`a(%?7kOhrThGXOkYYP
zs=W&LleEhQ((4*>WTlSmdV;LB`bnwsm#ALC+?HvWy4G=GYI+<DLHmddAaQ0rG#g|?
zfj<CfXUlG%LSor$6<iwZW(l1)(!TAu!s3h7iW`?R`+^r^`DtYkzEOe=Yx&u90*gr+
z=>AFMuNt8=Ir{^{8D<sb@EF%)!aB-q8C99-Ko=VEx>re@zF2BxrFa#~kGteTAp=CR
z&ZrYqjH5@`+Y=`^K{dQhv3tgMyQRad4EvD7+<yV_8h1f%i9^<y!t4}&3{E)EiLGQz
zIv_0;`gQ_%@HDf4TT;Yi&@K!ty1&R78eBs?Oaczj83F09CMrO;Ci5NZA@YK3rm%#+
zBEZNsoG68!plmVZ$J~Esen{DKg!r(2niXEi-iXYZ0VhzM$78|*gcBQZLZ;P!{89{+
z^jnu9d4z5ql*k^B9v2!eTXn8UtT$}B-t9IS-eWUZai}Qv1h^k(xYI=)au{_9SYIm4
zusw#RJ3d_qNfWGD06y#(7!UKZFntu4nZ{;L=IV6XiI3<uw_$qmMEB&kfE6P@=eB^I
zmOe^F*9-Cru#56DCVNXd`e0PZjX&12oGyP*OA1=WQWvHH7ghvFa&Xiy-triX<m2t~
zgSOx&IRcf{p`wQ25)XtnLS%Yd{%IVs12iOml~Hr6B$Wf=`iraTJ>pO!1*3O4akN7+
z>|6L?;g+PE3ic;xq-Fyn1>71>L}7AYp<Cdb;dB9Hh3=_s@#AeNn<hxWCnhFrKNE3v
zsE;vPmgz2!U%IqOgN-guAT2p5#06+7R|eI998LMtCbj7EGh(*XD1{8gC&PlorAEy?
z2YvsFF5gIOX#u?B7m<sVgNgBwhGMWqJi4rX?S#IS0Aj5Imf}<edc)<w`p%U&Fg(cm
zLIPyb3cL|VS3yNYmE#Y<f0F7H$*N>M6ITKH7J+rAf;i%J@Aq{r>TVGt(Z@|ulIQnk
zu?fuG?N_=az(~uzZ1-68hgZ471Q@t9Wlj<;uW*F1_RCNjlV=NK)0Jhd9gan=Sa%(w
zXaolv$-0t*ATE{;hWEIvFiBr!Bx{;Vtg{j|#IFT)kJkl)AWQBl0wvq7iBo|xML&@m
zC|O_eU}zxzp^?N}k|KjyQ(2myl?wI?pBAssv(CEbUbfvHo@sLnz{(7u;KAi>u**2D
z*o+QU>jMD_T^UCL?bAB=V}B&nC}LvIXV9V#S)j|Pskx8cn#t_gNw)idFs?7efCyM5
zv@QTC8b$;<2kL~3VAW=f$2@iCJP?ebs!+_i&h-3Xw4G9m#2C6?!}0?FDK@$-(%6Z+
zr(3Q)d&!y=gkGH|Tc!QTAP#P6$;^G73>G+`m2Nw0v_j7s6@VvM0Magw12b0Lk~E9%
zl~heYZP`7Prwyb#za`=vNgYzl5KAjK`+nN)2d|jY)k*BBidomq@<RA)hAtGobB7Ax
zrX09o9%$B;OU<CfF%&U_7Ck$gcA(?Lqa>cS;vt~Y6V^$$#}GZZK%-dg2=F3$H29Ao
z;NcTR7%%ZO!l=G$FFxyy(?;MxazWy5EP=&$Uza*oO}nQYOVQ}mp_ACERaXH}84slI
z1dhE<HftsW6FyLP98Lygn?MHgq~b_2{5y`&2-yBqOaS<CYMyWhO$AtGlVr*#g5bWw
zza=<?)MXWwv(V!pQvs^iI8m9{im9QHf7`;`=&XMx-zh{@T4=m_uicQ}bQWn(iS3Ho
z2b~c3MZ4T<QEj@|GjXe*6K=p$c+0u)G2&xv!irC}`zNkX(DRwB`8@F?AWNy<(zR7Q
z)AOwD9<@FK?ZzA%rfhYEgBq`MO_qPFLp<U2Brz*bWk=)*^ZPW1rGFgnHE}j}UTpKU
zQF?x!>W7^Cdg>+so}L2!1^jkzx|>XE8mAid^4BqT*rlyoEFk<g^X3x~VEAO~WHi|i
z&p)h;e=uK*xs?8?L3la|VXt8mF;#i{GU7J&1|0$CHJ6{I^M1?!s$8B(0=KV05IhY=
zS(eqNLY+OG9wJ`cV!wOc26BX+`PG8KF;0lrDjXc@y7(+E$M&AIlUa2~Pv<tT!0WXV
zb5O4h<e*-7MCEJY8-?@DOsLoQ<u9j9$#Twj(X-yxX0|K3k#B&8YqHxR-ze?_@MCS`
zm=%~=GsjT}kn2?ZE!W*zpgi;BRm!z|u}-bL!Y4wK3Yj|fC0HdPC9&TMnAN^$$6;g)
z>V;1u&n&j(R6fd?C%INZqRx7;fhfQ~eCo=ZktQ4g;HqdJ-8iO2?%)?WYq=ia5e&3w
zi!<UqoOVr^mVrkK0bG5@(%yx&r7B)>m-e&nc>sjP#rGZhR0k4vn~3qJxIL#PAaECI
zD=Ssr7*fa$>Gk#}AcbTZrmWR~ED;mH2|2=O2Zibgoi47~Z$vN9IBJ>+$V(_3_Q25e
z$C4ofay!v>wXb4BP}c&j@`{1)0If$#-!%MbAWGZCDLq~}eMql9#W{u@hdPrNW~@Ps
zpn3@6P!s+M$@5o!kqaOp1{!lRf5IW+FPAGNKT|~vyp%VWmPADyMl`Bi8irOo!cz<a
zp-PnRugqjsr`Yw`*EOm<7Q?q6AOx{pp^ZrMR(I})hY!3~$PJk$hFFKDo{%=AEIZT0
zE{Zf><tcBA1~*?aA`BEOl1!9C$XC4K$%S<R$O#B0|6zltT~5?*G&Oxxppc=*7To|e
z<KOGyLN47E$84B8C@OEf0|QwGDiKdQM2<pfWq?5A-(r&chtgss7oPgc!k`yE(EH&-
ztFxZw&aLmh^fm@Z-67*R-xVIfvOT20Kp8=LImyTJxA4L^yl>?;jy`<3U(LsOp#?Fg
z6RPTjT$bFc)D|mizgH`ZyQQw`P*|QH2mBtvX@Jl0eArkJc`l{YNKFjK7%AMif)>Q4
z62oT@z~CLE6d-hPptLJq#L~xde-2a1tdzuBCj&PwrD52R?V^;_uiw_^!493n;SP4w
zV*XtV^LxDJ(fwT`dcz|rl@2+5V3xRFy;et=0SBd*5~^7K=6crs=}Un@&3Mu{;|Rpk
zFgL0EStnJN^zZ6(()YE^Idz$!E$9g{Mdfd$-iu~Hx3fHF%C}Rz2Z`mh`Og52S6GY!
zyn@y0^csfxa!THpBx^7S7AQ5g{-?c_w0Mc24~SW*DNBTzcPQe8e`u8YrCX#QX=Uw|
z(F0lUrzm3}<wlF49RwrR*vr6`Vhvt*7wjLlQETcVzZk&$)#5&;Y#0nAGvR>Hbk^l-
z*9o;OOeDV1v=S9w$$s$3oxIQ&!#`X^sYzZ5(wyWMuiTFF;pC+<++~47(!1dSMYan5
za`7be4I8PJz^_|Kt+!Hclnn_}Rlx;+>OfAx=LA)#irBb*Cw6TM*X}>mI_^;G5D}8P
z2@d*I6~0ykD~=N+a=gFdO@fn8a0T%K`U8oOaa%yd3D%v*R|flAcHZb(31oV|Y@Gq1
zV=dlKuQ0D0NWWePZI_vL5(=WfMAMJ0CS~JRhm0t8t=A5Qa2WA<%7)|%DUoDhYHrH`
zQI8Q;X25xDB@OU^zyheLA)xt)ZjsKukO0X(xW>NjMlt@!uB6C^PlflwGb_O9&ke~_
zyE$!0HWZEGls@)$eI2|(*plqUVF1LX1n2I7P!|&t{l`gRns<7!Oc?veHizTjCR!F7
zr8D*02sQ}I$~8ulIKxUhW7izX9D1>^kTvXtu;w6*`G)mI+~EL&ruKPUAzz(^ZHPlu
z$BU#)=N4jTgntJz9qIMH@*YF?_Sb#8cMd95|IOaL!vSKn;HJ|Y^PeV5zEP6k$+y6b
zl53Sn*?<AuBsmJO#1Ms0^i+T945K#a^55v_wESRYHh_x8{bwlA1uUq<dEy)Ec7NXN
z^X^6t1gBqitG@xK+a7Hqk}j-#3@m+N|LEqHA$w=8G}Zu<vq}Kr?8SwtfY6VfEY82r
zqP781lE3Ksj`XnMYS~!bHoCJIS_K9L<E6+e7e?okz`R5dFg7+8+uGiQqiWN<#zGcm
zv*^UHXQOqaGim6Hc)^^yGICP%{#Kw|>`KdNqQ0`nYOHRRFShFsU1}xZj#Gxlt=v00
z42ymAB@FHLgPSe)%`T4^_R^LWcoo9P9gy78lumUi)JDi@Xe88K29}^8QD-ViL=fuw
zlB_JwLl})%M;sYf+>D6uY&A&n9M_>{m#|lGKM-N+{=jnx+8JG3)y+w2g534h)5VYY
z!C{ki6Z@XjBh9cqs#14770cM{zvJc8>W>5axI%QD$}>r;jXu5VP8N&{6DrTs>!79%
z&O;0(ug><;h<+}=2t;|3j}Uht<&au!!-*_3apE$oLSFFc#Cb&JE%B>1$d~Iy%#+I_
z(>zSytDLYmp$Jn`C(cp^yf}d!t^@7hy;Q)TbO{Dek|Ycv%_VUGBW)qFWwEerOk>At
zh84$&-W5E|r^{V$#V?}cihhd50h4A)^ZY#4mT|SdpCs7?_3l3U$!j`2VOL+?4r3eg
z55fmP7`MO7aUAK6#wWXT0ZSMJ<2)UO|3w5;mZ{#wv2C<{gc5O;lb#CcBsHH(bej}U
z?#y~3?UbLcRXzjsET^-a+^T7tkPBPAm6M}|C^<yGqOX_bSD#KW5pQxIQ{d5|S`=h^
zHv>6WwV=!+&}j=_0f)V+u+zAcez{V;TmBHx^s4e!gVb;oowjuhQfiYNCx9{*G>&L@
z1!nMwJw7#k8O!Aunq?+@30AVXP$2VbL~i-ws!<}}QU#Tf*sP{Fe{AmRFjbq@WZ9=!
z$RG#WF#{ywaO)EPB7Fli-@3Ve{07(DCGp5MvM3h_D@m-Hs!l@oX!1I(x~?PuILBR{
z^}Z^hOB>M3CfCN=((9c>Eb6MEvNEV(y+fyE7TNHm=zg*Tzkh8w2<cxDFk{a(L<)J2
z;zt0$%gB)zS;V<FuD}E%rLLSW?ahcD-r%Bi*QCKctd<!!o<R(t2J3_61qFt}Ie8FX
zgK=upPYjMvt_g{bGn`sLeI&Q`fcyc6>xU_9I_)IKx!u3&k`|Mi7)C%6h6OD~6tQwr
z7xQl!1{yr!j2X2b=M!F6=P<*Ek|BVs3eU&0DG%lWzf(4jk>cCQDuEijg`EbZ1XV)~
zTfDemCiC4%6W>v5qW_1*_Y7k1G;1g~JQlOYch({csnkguNOFBFEy{qRQ%GV1C9Uw+
zV-M5USIL3~2s_rvd(;lKl7b7o!7;!wN^kWnG96;X5=c^H)8fpw5W=_pXz=AW?kLF>
z9yn1b&|tN{Z@=S%;T=fc7i%Q^X{sr^n=t^*uL17n<kjbk5z0_9X;gQU;%CYY9d+B@
z&ov2Lqa~!YP`h?dw9l$K-vjcR?Wee$(n5o>^})AKIA^qWv2s?e!u5AN`5G5G=T5SF
zT#wP2FSKjH6I@PcG81(2{6Mvo42^4|f79rqBjM~7IP=~Yw~!A=baA{7e!b!aNzWF{
zv=%9ge!w|<W1=lbL#a_n{7dGr5(F7lgih~v1Ms)rCb6XFiqypw9g$K*<r$MAkkzge
zRYU+LGL=8kgdBwzA8CSjF^M<=1?zK%8o??)v5x_JBKhxldB7V9+i)xL%QtdxkNJgx
zkH@oqan&rrxBMa#B98^Xlqq9O3@{J88414Su}}x3P2(}suLZwI6T^d>61l&TGHz5P
zc_iH{J{OxH9S~^DpYn+$idesRjj&ujR0cs`kg8q}y+&j*54u-;?t<IRco3nom~eR_
z4>i#UCK`c~qk1z_(FS+z#U^VjiD5FzUnM1%X~zIvHj%QB4X9@#eHF?H7_Kpm#F4@#
zTO<>X!f)-~%e4nMDgJ$Lse0!ktG{p5ou%fCJ$^4yYr*yHxqECX6JDlOC!o6}!@sp`
zQd2$6NN)GH6R~|&tICa>T`Th4+rDln1ado$F>SvPp`wgaYAQH3n>~C<*pR!H_OQcp
zTnafbd5;sZp=eO8h7Ltk=+{XI^k6W!kdGpg-okn6Om<AxZHG0{r;P;=yudweeU(7)
z>&bbU#yNZxZXa5!v*>e}adtkWa_E6hOW_!<Zb@q8!YN0>Jh}u;>O*lrxhIm|-j;ka
z?j6ctGyC<+%oNU*x_SMElV%`{BvBw1r8nlj;%j71ZggU32G>w;%j}vSMn`X25G#TU
zQg_}k;#EdvG9}YppURRf%&J=9nUFjpgJLgxkMfh1v=Nt*a0GAKmRz&#;VuYDYRh-m
z%d#v(sHUrTcFi-7LPJE&tDiY4%sbh~GT}a#xRvkhhlT+p1^wLD-@7+z)`}63xr7bi
zYd_?GV9?_huvkWvRR3^xml%FpV#O>jks>1!I(9=B`gjBKJalMAR-uh$FmFPHJ@o^B
zTX)TLtb++H>l-mX2#hH#8m#J!urP3IB@{TW5e%yNTkR<`BL4YZ-TJMC{$s5Jg#K6~
z9=?~iKd9b`2-iE_4tcVYn--tAIggyD)F5ixw4A*7%XmNos2B%4j`u9MAU$>)gbA==
zFUad;yh@R3Pei-KD{AeclwZZjCx^pYUNrweNQbAwZ)6hQG`dCPv8v}hl^Gv`vx`@e
z07#aCE(%aW!xegUt|9onBl%(pV4%UVxEMn|$&t&IDlT?mxJ0Ijtl*%+5w%g+(MOEr
zV7*?H1oqi%<s5atfJnQ(<#;M}{u%2_s!tQKz)pj$)G{zobYfI(`G^c5{m~Uafs7Op
zmLw1Wozwv(g8E6fOH$Ur*nCfaj}p9G#ogQOh;OIltw7cJl~9a>OMBu}5@Rc&(R1tw
zb5Bp7JiA7L?S5reJ^Q-hx@I{lCaGQSwoLxQhr9$TMC+b!e=5UV)_qcdWt~oQ3vZ|&
zRLZPv(n{q|L-kPlLt@tH&7Ur@#oj_vwSz^MB*k*!fwlHckF5)4C>R@OJxwe1ix2U6
z8J-*t{np8Ne?n|y9NPIdOs@#?I_sc4#E<hpLXgpg)-CYaqg^Zm@vML@i_~6-CHwP3
zC_C0jEh0pzW<*65xZeuoTvIf4Qi$xxprvwA*vJX1TTG-O3`a;!s$2eEdby(iW)AXw
z!35xQ7@!U_e^~w`9}vb7#0zy(7zTN-NWI~J0XZkXh7jj52;>nJNFI0+i5Cat@;Ewj
z*!&vEr&JxLmt0hlE$p%%kWN4~!OC`GlEd2Kc18DAP6~*HjIAYp)a*=>Ci17~nACvx
zR!AVg<^u)l>C0kiVv`sJ#}czuYCaPSfS?=)H6+n{nGVZy{5liQfuN!?0YLOnqQB93
z*9|MWIM^_Zv61?UO>XRlq{PiTTs%J_%g|xylE!+JV{$!XZ>TjJztf;F>C}fEN0Cli
z&S1b=?m*F|zOq%-fgv9)V+hk<sQtG=y>cze{g}#OU1QtRauNVH{J;k>SjBkfRmsS>
zzS?E+spB1$DoZ{5zyGiQLj!>H2;vJ|ixgsA#Fnb1ZI_7v?Y9s9q3&gB%6L)C!|^S%
ztw1uW-WYbu&H&|iOcn(7?3O@=z8N*#Wh-woIq#OdkV&Sci_lrOWsIb&GQ<v#ut?}q
z_JlcySei?h%Ob|zeJ7eKbQ|XM3w25fCMF^+$a^v2SZ|~pEwIdbA1dKMvhW}x%2Hft
zvVdq&jHS6_5v$$zEn#{!C`=V_wM2_y$^IaWCJh~daL_qJhlw_WjV@k@$)^^-@E&8U
z%P7Grm4y<Z6&XGq&DQ4FHROUG!!6$QSH;L<-O;#2-eU}3=~3jl`XgA0Sgb<>BZ)Aq
z2nbbFOeVh^)yExfc6Ko+G?cGNyNo+FjIa2hR1-buMQVtJhL9G42ZL?+5NXB2rNz@}
z?TKOOIw~!kcMUY#oapl%0OdMAGOp;&fY0LktL?8T*ppdU--$77*pk5JSSP(G<QMZo
zaVUHZ@9Go`dKB6o#by=8fCw6#uiRO>-94H$WwLx*p;NEXtr_rGQ0w*mOBhIFPxTx)
zkIP-5i+Q0_0I~Uw^Ox>`Qd<<YhV8#y%=Cd%+f)$HRG}1|B;PD}F?PZ<lhl=P$Mq&|
z9BCOzLo?(`xshuE!%X54o3uLpOcoRqhX68|)aHttvCewn<Z>907%Tooh}Y(}Rd%Ku
z&}a~@Mde7?$zRh;e)fUyV44HlGic(?^I5$LZSDueDSBao3kevvFG2<tmp$r2rIaob
z={2JYQcxB{dj@ysoKvxuDqgNkA{fCNoB5a@F+bkJwq%FB3^ZVNq)WO^j>IdPbOLfp
z2tvT7+?Wo_@23ktG!1mDLLe~>5)%;RGmxcUbr~!fbst|?|KX93vbT8w{2~Ac4*@TR
zUYo=o0{Buc-gU4$5+)n*l>au&6)H-`!9O%CT6p+9fU{&ZPT+K;1tDqBJCi((E^u1v
z$4NxK%X{iNViPxXaWuMczL+WZZ~fXiHl{~(t13dra>JaKSLO_w4#jt`?K>_yL_Qwh
z$;bU&F1zX0*w8IB)LkQ4Sn!HCW=5l=_U7;K%~;{{J@`7=?4P1#|L8WW17D}aecszV
z=G8d?3loMy<D|y9EK&+rYQV+8Y^Q=FWev*PvST%2Wo<F#ipDN?+MlX~>Jr>DNm%<P
z$3K<~kyTLJ3K+{b8AZjL>a54kv>01SrMKxe|De7><8Xj=C;%uO2TM$rw?_CdXm&L|
z$gy!<VdBo_SODPg%G{PIz)D;#MG3h;!Qdog;0q}8!{}z<mF3;S1}gtlbZ1UChj_j!
z!4w&wxcTQmF!eITtxRw3o6jE*WiE15Rd!QIGA>F#!7k@_iZHW5lB;AOB*Vvq&X^_)
z451w>oE_VPhDpoVE<8ceZ)s=k)6g!5idW1qB0kI-Ocxaa@#Bt%XX*>QN?oFlW{V2N
z=_=QDk(S^5!&?<){0U<yD-BXk&wadqYTQD}U-3~}3gP{2H~FEzt$)xfd6<9r7Ssq&
zHduVYQ408-n*>Lp=zfC!#Zrn>f25o3RW3pj*V`nV-MFl=W92$G9op-l>86V2T8e&d
z*~9jyNQIQTm1YEU83rt;ASS8%J?!amY64*r)RB1y+TAr{ER8NvCWwDZ->5_?3B8HB
z?bUqNSx1)AvT&7zX3%iR9sioH58+0v7&`L04GIBG<!RE%2Dc(3aa4<wV=+&jB|GSj
z`u9*;q<eAUthjztG1D4RqRI{)yL>dku*M<~503z#sJ%iD3<feTW+-Em4y?h7Rkw?h
z-3MA2f>-5VnMgPmCeCnZ%{tpHx$=zjda;0AHJpsDI?z0_|Hls8mU@32rh_C5@Onx|
zWG$?VgFz!W7^<erIU_d9(r!9i5Shd+4NoFFKJ!&Au!3WTBSUE_qel3cr4cLzGNmR3
zc_tql6w+^@=_cGwkyM0eXS%8YJ1H<u&{ZVE^vTtgZ5mIBwE))fXoEf@XQVwT_#arV
z+ZSoPy{73DQU}XoB9VKsQpW_B<}Sl^!k_3ku_AGbAppugl$FqgH;J@(ty}V02yqpz
ze{A2_;ZuR!j-)@Z*yXGQ$GC*|tSJxGS28#9$<vVYx}q%YT>iL;qG?_F%p9ZHnut}g
zAH@5|<YSq`G2$N36GjnP6Y#la#@ylKwy~M89bg#zjzc4Y+OJA=G5RW@>a170iF5(p
ziOdiN+;2Bu^0VJw-|!25httqkGMS28O1OXh%~T85Iq!#D6<@hh=5+X4LZdu`fTB2<
zU#Z%Uf%X$L6l^z$;&$>64Rx5MN(}#)%nhv7KqZDts3QaPI=)^W6=>NGx|Tpxfe(if
zf-MP3N1Tj*F@p8!MYUOCP4a8TBbKf@8O+~nPzl-^vu3D--^e72^1&Z&?=VQsSL!iB
z0tnS(Ds+Hh@J={prlVS01BYFV8G%XbzScd>l+56eM(RlmV%3>(ayi;|U+%oj$QgEX
z7BsC5RLGYik|;Y)t`0qGUDC4@m9dHsm%+!Y6{CTXcb7Gp%}~^^RxCk)iRJG-eoVi%
z%4J}OA=k)(GnA`EAR`qX5q9sXw{jyHAXe;XSUXdWOjOX54AAwG^b~OX45dKO&_Y+7
z@1SwxiQ8_Krv=}1?bdJ9rtwdg&y?Df#0P8?2r@LQMHGT9b!0O4dNoZ2J=Zt%)#4yk
zK7Mr46uyLKk2>LtLJH79#sLZh_8Sj*1?^VVJXBQgI*}2v`#S64Jf?nwvPT_>2|kL>
zItW{o7s)PYVU#`a!fo@yn2A#@OAJcuWeoN9C1Sbmmt;s$u;>J(_z90VAAz)qCm|;v
zY;lLmlwS|H0PII-Ocizi1O-r0D38G4xDKQIA9XJDB$XO0SI>SJXF7F(1i8h&dm{C`
zUDK2*ux51wNRy;4k3Z#thvtamtfh}*5u{(%407E+#TieDG=28C^6-W%5%eS#q<A~y
z$n_covt(+Q^WgCH90^lUg&Ie-7N3vZ>6*ka`D!bn4rJx=lH=i`&Ewwkdl<Kn)egGd
z=N%nO<r2x=WPma&oH}!@J`uAi?vU8OYe9l^-Frw#leA#y_Aq0R1H%+u7r%-LcFIEX
zj-{``K<4^JCCFR+-)q))10ZT6NK0x(f;c8*;QU!GYHILxx~#;qKR_`Ur2Q<fgYc4e
zH3;8Hc!rBi%pNEgZ!xYkBJUFTi9>dPSf;ATKw#Ok!_$Sa?bK1>+-yI-4mSP-!~`x8
z`@0uySHqt2qKESc5t{0(zw`!@1H9?-fxKhn-`w<`zBm2;eVEOv`|fp|968*<c?3T4
zxN(%t_$YZYXsmr16%D*n7NKiCt(7h(T9|)bo@JpJUS$gxW>8g7a7|m$ETj#AjIbxF
zii7kkY-a5Sl71S;2?Gux5Z=K@Ra*cmiclE*&d?A&+9XHjCDe=LT=H^91-fLRD|8I$
z+Y<-fyC*3rY#y8m&J5aD3}eK^W^_y0`ad)#>k9F<M4MTf``bR@YP;C4q-4=sBVb`{
z5i6@fw;eSt<Rp4nV$es|5!tXgC8WhW{pjw)O%U_S^?9KNNfP~e3QNj=4W0JGJ3ETm
zkkh7L^kR17=Ys2GxAN+F`1Io|1mW;@Fef4EmQFE-$|4J?`~ehUr}yL~^Sm;BY?t(1
zb|1`kN+YOc6JpW@kT3xewKF&_oyVbt4syD>b!rEV6Xh@W<#(bZ!!*EU)a%_S+L!h6
zyOX`TFesgki@EN4F-l2!CrHoJ-k}YV%^ZQwdTCJXW6A-($EdYbva1#jdO%9N1Nok~
z!0|KfkI^#yZS0g3vIqQgB+#+zTG%)ewN?_CilGFBT3ns@^BAJxftR!+KX_WBGmz<g
zgH90d47o0=#z5f_ai{X;4QdcC8Mzj&!>_bN&!XZvV~XR2Fuj<}pCb`ze%_i76m1bu
zl3*u+Vtu~;A?B#o$W>7L^Iz4IW3zw-@%A<e7yb<YDN{T)mOR>?lE|70FJDgSLjxU&
zgwdj{<0wBga<XyFpz8)@s^i3?U%q%d;o(9cI)=G6{X<doukm*{^gO>a7Ng&wj|1{^
z{U+rqGL5IKQq`A#60iFT2WNVLe#x^gZ=|Zh`rY80^8*UymgkAOY?y&Cjg>I@f@T1G
zIgd4qtR$ZBCZOgZCckm&%MCi0==_0$>d!Y7`3hwBr5bX!2+LK^aNULDGg_lJDWF2f
zCYMN^b-ciX1xRkpo-%>%s){*ZE;pLA_HcLGxGb&7+G$XW?t(uGYhN)PrcJuAz>VrG
z$$r?$(ZK)zq`k{>Tg{TTH{Vy`9`7JR0C*fb!b98P@LU0sAPJEK*aSg|x_UqFo0+w0
zEkN3z`;YFATd1t6RmZG6CuhWq5nOJ=!6ln95uysgeFWST5YY)76%ceP^xMbwPJ_oJ
zG1Fj4&eXkcI<!EeCzD0aticVPmp4%>up3SZFoGVH_`<Yg6{p!%iQ{$X4iOU&U4xSf
zpWT0LIZhdTEQa63Rxe8y%{uggorY!qX1k4M#5JaV9iC@f5<a!=NMl4}k7(=DPt>5&
zwXzT;yAG+c(3PYm#L5hdy&~z|tO?v2$u~p2g&0NgKQwHFBKmTxM=F+lNn=P20G}?~
zMAS3<%P(d|GRhZ@OrZ4F)}Q31Xl;z;LxvPjByTPmq2BRvMiyC7j`D$%7ZVOt+yJg6
zLA^A*5J<$i{qgk_oK%_(O7`$$y#u91JjfIk#CU9@q^v8DLq4`6=#S0o2J1UA;YHMp
z_)HwxAE>0mAu(Re<n(0wg>8%l>r5*J1m(LVk6KYHDbE3M8)IYuy)+Tigi;xyyKW%e
z5(iw6q}W}W#16+|=mv%BqckY7oXLxI_#snLm2OL^OkzSDwP<sUQ}TT+!xRVzIR<0G
z%y|k5C=)BiqRPHY%7ySq(V&^AuBQBLI2$}9MD-gkOdJQ@J986=wOcNaG0O)IyA8AH
zbZtvB0Fv-2I+4B<RFbH7I9Jd%oB?6Zi)0W{Wf=5vq=rw83iZk3qDUgSav7~!m67rw
zjXHb(N<*XcsE)Zx0vb2L#{f%x@e;T2hbCh5K}o9Czn(UffxyDFCe921=ojQU3P8{3
zM<)qN^6gCK2f4%{F12F<sb6FZ3jr7pT^f8eSv%ANN`8cDTiP12*8w#3Q&BeaF&v)v
z{i}UiLZFj=ffF`4uzkW5rAiUF3YX-AHHG3kj*(8Hl6ZT<5UaH(W(nbz<0yq{b=t=s
zj`45sFFY=M(&E{R&4Cujfhq%sVsO_n1#)--BWTfeGDYjNcPQ%Dk+l&ttOLuL+`PUX
zwq-rf421^^%?=?!O^OUFiK*KwnVRb2<fXNJS_?B5mv(>P65%|s(Ou6VV)1d<Ummy&
z45PVSq`*Y3siTK){AM64{Sjf@GhrLNK0STec(Bfh*D4O2SzSmNtf%o>#Dc=Gz;#Z5
zWgoUs!=&A3a9nqcjS)&YKyGZWrOtb!`<n!M;x2<?WK=IDXT8rx%CfC%9be28Tu%&y
zNI)O)Kr7gvP!ysoh#YWEH`#b2m@V$8Vvg|K^92dK5yysiwJbREYr4W2W*J$&!$EsP
zI+g+*{p{EErHYk{qkE=VCSp>DEGeIt<0bND(|EixZ3Rn)Pxw5<=tm=lZNaDL4Ot%8
z!qAayV8ro7^bjKUadBf3Mp8#ogzXOw1aY5TDV4b}fm%QeXmD3l<9uI=$Yfm+cbDX?
z{K~9h!Ge^A&<WvV1ySWUD;_o+V#38F1;4p57%TZw$7#?xW%1D$f{^v`98`<-NA@KP
zr36d!+St(5D`FEhG$cNp0W2O4a<`5-2HsQuB9?;){I^Ju_*x*Q5EofrlL#qp%H%+z
z1qd~uH#C9;gS0gOW}~~Vr-%>&?A&e}B9stw#gH9Jpb}ra!T0#~TDPS>;s*UUwk}~7
zq$3`$hfnHjdh(XQiNYlQJkx0HXJ2N&oy=+v0>C(`l=Ep@!?q(MFbAQJ$2bW>h&elC
z80lL`DiFH)q`9<Js1qDWJAI`U%wGC^9C=m;#1<i1jh&4tzkH$3_V^a~>+4W9s&a##
zAZ*;@+of8-`{9X*_uO)M)p>0BOv(ywMJ_#}mWSnK8jMPef!u@#lHiQQR#Thu*J3Zw
zwf*w{WM4j`yZ{@Hk6v#yaZM?UUEvY95I*5Sj$r6?)oUdywZ8}U(|DMpKqVOM+eS&u
zAdFON;6+5_Vb;WBpL<siQ;Xji*d{$4yCC*K`Io%u76&-)rY9W!jcs|$CLmyb%7Rd^
zXAIwQew>cyOQqOxrJ8>+=ceqX!IaIclxk94L`a^bKHSG0CbA}gylBi9C6@f4#AzWi
zfnA2JNC$%?jgKn@)f1ssywI@)#}(~I)ZXUY#XnU`j~P1rQ+I@r5fit;^@!u~jyqi`
zi`_zZol7>IQs1gp?T<qlRrc_0z8jb2pNwmm1-DmZP|y8)%!+gj&eFp1NS&-=U8&y*
zt;VEEFcBs9S2v+D>^{`0q%7c%y%b7PFG-9xm$>9sLYV!R3c02+%pf<h2#QxG`jk~T
zYR~lD59-kL`~B{bbLtRN7!YYm+{*yFCFRFw%7db>4hBvi40VR`#=%Yc8hAJ@=um$+
z6XS9otGlxI?Wv5xnD37lB)2%ED1SON;K1o|uBFufo;b-TTGR!AT>dAGYOa4A`REfR
z@Qcm=C;fM)Kk@SMeH?v4hr9(0Pr2QRCQbRlJL_@iuAiuf1Tj=dfBbr&q<&_9T)7?>
zH1mN!u3TR`kkfx$?7qopA^s71>gVvsl~X)zA$D!yAJ?P{J#aHVMnXjOIH-$w=$bJS
z+#C<4DaVnD6y#J=Ncki^k}4<Ux`9X2ob~w0GC?cZv%ZBmOBb>n7v<9gqw)T=C;XS-
z>GoT}BNPINAP^yuBG;SR1`kpbP=*F%=cKUmRHFM+Rb-}}BqzZ@`nwMUg{%%IEd&A{
z!+8cUKwO*|-EfS-_8|Goppi0z1p&8+$z%$&r&X02a($0kPLgE7>R3sFFdcUc^xRvA
zNU*5sG`K$uxo#3>!#2vPM{%&W3eSpxOvY9TOdHk(qe==vlEw&{VJzfm6HwKW^-4g9
zk71c%NC<8Ch&7#FW@~TT(;vcE5n^_v<sT*Uh5YI`xRk=O*DGgSF;I7XIC8O@u{{PC
ziE242TmFSz`5tq4LhXqL^HSRm757a7PrRdB@dKPP?m^qfs}&a|XkxLVpSv&22|Gy=
zY>|13IGSE!Ir_$?{(UXp56K7iXLGt}y_3+Obvct2(|r*BX%Ii!T{af6Gjj_qM^F`U
zvd152BHQTYRF&8`&MEACm>c%Gig9;|;c}qI8lAdpumsvR0+;GwjFdk0DtB%flNyCa
zk$nEClcrd!a97A$;e4Epw51wMGI#)u6Rf!J281DBzw8{|w?$vdA)c%g51)?PxSxtp
zquVlQ{bFpXdQ40+g|>LCg9bmEW#nqHZQ}kq(MkpkJH>7~LMaCobxl47$={8n5u2wl
zgG-H;&X_pT9j0SM>koS>I8~$N5%4Zus{V{qQ4Ke_WAtze^S<h?b3MIWq3{@Pe%P`I
zq)>}O8w0Ek39RB6fYc9-QOX@sjuBiiAq>D2Z&Fu8pTXA0f)rsa{Ul*Zkm_wn90bY;
zx;+<<<IEe5@#dC1Z>Un#Pi_M1CZlK$5eapTEOUd8S-Iu=J%fm-s;M14u2g|aJk$;c
zwEd|SKz3=-b&HMlg84Z_mQ+P<Tyc~T^WG~K)?owhZs%V8`_;!Q#i%7S!p_&xbZGC*
zj|EJNTBItEvOUXloY^$r5TALi5LAed_Kd(DTLcVc!6q-L4*A2G;&$bCHML-c+7$&-
zaeS~?O7REctA-4S)vAfb8{^<JjxIyuhQMEaRjos(bM}IyhDLGoP?#vVM;ZOe(7GLV
zz9;^gdslv}YQ6Z@pZQYdo|*f<>{l!Ed!xyuM=5X9Zb<zHzZRLBSrK$L>YA`Q{qhV3
zec0i7@^vOSg)*~9KZ3*;jk-c`gg%AONrc3|l3+_h7WYj14r2dk_MZx+EmyEpc22Lh
z13Vx?saHD=U>pN`KjP9%$ksE2y{R11v_{9|cJ=s1Hd#$9w_SG~Ii`Xz=DQEMf?ss3
zT})AWJd+HH9h@)rG8Ed;JA&o>s0SO{&n9ytt#a-Z#-r6-y+9J>mEgUf-R=+VT;xff
zD-xUmCBN~mTp{swX|qR>EOoVF5(mljw*U37)h+hgpm+aEND6W$4vWOnx6W7Lg^-o)
zZ3};;qWOisdQ0S@yN9zM2O5XCKT9}!P=g_a%p%-%Xc%o|ChuPK8T!z1?|$E68|xiV
zk{sao55?g6*Jl4LVQQc&;YzAJ;==!~bY9kpLM*B59jR@_-d92BI%*Wp-c)}U`WNsk
zaat6FBYv!3!^|{(?XlZ4o`@0Q=JDhaDrOW-Ghf7++z#{;AOEBn{9D0e^dT)HDZL}n
zV)siiV(P<!5(k^iYyLn?<>%%DkJoq}Sa*)whRr?5i4Xr>%YNKHqUV6I!ICZWQ*Nx-
zq2d+<CM`{$gr7hlqPAh3j>uC5+wDi1#rW3_AtN6(XtzHQs+`LeT#d_W+Ima~wOrFY
zUtBZnXPdqnnJc>*kraqWs&UwbK*MG2Fr2jgo<~nF&uuA}cHw}rdb#6nV}DJe3GD#S
zUliUgo-TIU?kEul5geIF<#=@SJYPww%ssbnyT9bH;UF|_E3*SeGMPKl+v={Xf<*ZE
z@1Q5sFDF0dCx*}PcFMhlDXMozj8g&XW$Vj!pH`l++K@rt{D7aQCPMzKPrudu`8SRD
zW45>qZBcMz7dNx3o7v5cYRuCM{(qN=AjjD5U1zBqiMYPP)(Y8BqgUP{++k9KE{vK_
z()ne0<*e?NV2UNfU5HL;dprD5FJyo7u&|o7`hAADw#*1Jip^@RV=7OM*&E5mGxEZ9
z(iU9=p~hh?E_5`QEbF$z+*cnW0Av<D5=1YuH>*4|QXwFgxp*Im`6ko^0r}+GqH)CX
z1~py(SACGCL+3-^dx7{3`?wlkSZQ6RlUdYKP5<X5NT>gFxttA7NatAhxuQLOS~ALc
zhWiLxvOTdr)J-OfTVdwNAx)k;H(d@^de3iHEzJY*F{AGS6~i}ABZO+xn-X7T6s>}p
zzc<FZ3DsW#P@G_@5iXGP)WsA`ni!%LVc!y#AGt4xSDfBdAq(~r+G|qF43~%38=IrE
z<l^}v!z*BJ0CUWIA^tNgZ>Fe99V+@GQG2szsotZ{1<|m)s#+&(qVmy|CYr>uMkR~X
zm_mt41NMM9g;ZXz<NwhB&qEJKMM>hrfw*#eNuZ#+&e?wrQA|b#X)#uDN@rv0EkD1>
zEiqxHtLr5=PqPz0VBFtt-#$Y+a#?4WA+q5z8|H|r&BZ)j<p>S0-}8+6j_3kcq4IgS
ztVNWej;cYUd0}k0lNw2tv+aQ{I6n%s6=FqvH&i>%6s{H^g7!zv@*v>`eh*O>TFB~W
z`y<SY$rYKsWRhr1yvVgunWFW-p1}20hM<zHUoV6_Wj@y!U<AYREhh}vQ^}MKGQN*X
zdGIAk)uM_YHzeW6`1|_Ab!O)jOlDq>1jX|#ZUUF698-DzC*~GwrBb~}S&Rc}T-mN%
z@b-8Tf6t3Xv*G!j=RH>=8zpL3o_0Dn8W7ZE;$vwQnp5E-k*J~waSfgc(7_{uxN>bm
zg&?s0CX?cfYVGb<2$6B{Rdz}q8>n5GO(o47XfKmFOgEy&U)I$19?chN_Hkrnpm`9v
zHy@-UFoMX8ic#xdT_2kvD7F&lIJm>}n%1A|!*+p4ypY$4WRJgJMh?9p$e(93Yt@l*
z${<#~Uj#1oUH|h3!j!|KDa8Jl%0$jKdL-^}?B3BdiCM5d6NW18#w(qn;*NV(W?=U?
zKd-xT)aB#m{UsuW2bx_bMmp|oiwj}AG4p!DTP5L_-wHQ;76H~PAkw4)qAiU$k(f9u
z`KYHzh7*(1mY5U+-`w@gXh}BWH4Hg+jo1(33wrkq@mf^5kW#@T0yXjovMhS`8QQ#6
zke!dL6ar7;Xy&U@fzc2kwBIv=bZCI?=2En*Kcv76VOg7YaTnj}tfe85$QRSIg&Rl~
zg>UZe(cesjAgfI+NA)Wa1sL7_tMIhDj~QA7Qdx3O8H8#UdOh6U66XxMY(~%?%zjuc
z3}}L|&q3lHSf2F+_RKkDVKOYMmow>gjHTx_fvN(^)me!{k>(xB-6G@rz^fIMfkL7x
zk(LRHJD%H|G>fxANd=o}f_SZTlEK+~9l3q`+5e%)82`6?_B6kF+VI|?^$a7tWxDrA
zgln)gF<`?Y2+2dt3ZpL@@y@VdoZZ9=nhzD2Z;wKpsMl#vF}pv6>0t&}k^wC^@!mmy
z(p(G@0aFf^Gg!%+#DC7`h8$>5nhV*UrA06S$KyE*i)O)^ZF7^Oq?t)qMdIK-w5(<y
z2XUx`j3i#hmJI@HqiLlzZnlroo&<}1nMil&MK+vRy6%037o={E#cwl_nO5j-yaP8$
z5eyx?5g#uObLM~OK+bfnb{Bbm1{iUNLB>*_h3tjXwkJ|D(LloP?>y5O4=tc+nuG-k
zD0jD9!wE1j1olh%l8~@SbmRHYcvh+8!Q_btHA76!Ao5;GWEHZ2yx=D*%Gh;v_OXgY
zOTo}oMNX1%Qj(O*MID!nY58$bETFhAi=<qtY4E}~`H-_DigiG6Aw}qp+r7Fkqu<M<
z7_(M$T=woH0w@^r!26(buF^R*A)j1q+0-SkpE2S9zB<P(VL{>BlCaKo)``R+e)IMu
z{vDQHQ3$c4N<JR{Um-ubK#u_qkgJOC?BX&r1_<QdWq^y}UW887uu)4yTY1#YHi!ej
zZCHG=bE|yv0wu~bYX~NBF28`V;#*cM-%$ll#Jh}1sfWjwzw|9HBlXgSlLXC3uD5K3
zku6!kYcQ<_bpC}RJ~Pl<487|SPs_~u@JF?3thShz$SW{t65Qbq*FVtnq?3>oA{O=u
zS$xZDC<*lIjt4LPQ}={Z$uFeI9d~GF^na5KX4&EyP>2$puNN8VQ)Ld<39zwkoXVT7
zilmNm0>xbM{k`NLY;OuAhuBVMh29zjhQisv9AV+iGLWGmF^M;3zUPyV{ocI2)zztc
zpj07UTI`q2@86s`g~z>FdOLz3m{>eM^H`k0<3-Hoi$Wvg&Yp4KLj@|t7xsFjX2|s!
zeH45h0sm%q1cLTDo!8|Z_ZW$Oi?qx`G^rAXcS{mL#kZ7WT^a0n67c;!+@ed-yfUuE
zJyt@5pnQBn&ve+1qI)iKR<e|a5_pF$fJ5}~63^YQ6+;uF$ZnzVh=LDDJx3s~%H(-}
z7bq=O6haO=U|AIK&^Bfi7Td!fpxm#Ir?%7!bQ?Ni1H4#)WZ6^EA1B2}xt<#!m^za>
zgwL|Yp2*@VpPKu3JWqQAQ`|Tb!Q=1$taxeTzn*g3)O!W1?d&ZaCkLq;ez5V^!??<6
zD+U46R@pfbvox8t-}RP4FCXFcJy9@JE$vK)U<HWH33BV}m~{6M3|<Re2287`nJDGB
zRxf$V19My{F|}tLJ37?Cew6!-?n6Qn&oe3Lp^B^-U=ZmAs|_2{s@_G4>biPe2!?o&
zOI;SrJk;ET=SD2(P~1;uevw4R0EQoyODYsSHj5ImFTO1->PR9IIt@9@jP&;8HkdM?
z^XrS;E8cV5*ApA&>A^MRU6CsSu`Uw}NA!YxTmmynTl{~64><J56}daJ|7ZOs!fBl0
zRMoJ_OC!+pTvC_bmxq4b{-F#_G-xj<ta$4>7>2UY#rOG;rBKjtti>Oo0FqP4C(aNH
zZ8*WxP-n@;sSZTpJ4rqfCz0viyP8r91Bs8eehH`NvplCRe;hDkC6{tJq{1Bp437yp
ziPT%{yJ7fHt0WnvC_2c!4~ZYq0gdi2Qb1|w;qikYIBpXdL!}6j!1i~tFGn^Om^QXG
zpd0L$WHBvivziW@#?y^50u=g|xGjZPZbw2L2y%>GXs2c*tr>={$$o5RU-*waqFLGe
zm)><MB_dM?#PcL*Pl}Kd^G7*>Hn{8VbJ*{Day_t{yu3=hG9G6zo-eDPo~K|*8M(hT
zzFKQUP`5~F1iMaN$G`{}lReH8of=YsLG$^FGHbvPv1BwV6*})G$iO#9{Z~9H0UuWI
z+A2(LD#}QFkZ;AX4-UY^RU`tJLrSSpKJjjZ(J4=+O1n0^f?sGmGuqsF-d5FrJbQ$}
zgX(|T+^5&yRkAP!<3p$r5+dY0Jc0lUDI50li;zWLs;&hlH3SNOCe%yZwj`F-09O%F
z4?^&o@q5cqJe;JbuY53*p;a@u+%NR&&(d5ntwh&`eB3>Ki7LQHO#d{v8=)cvlG7Is
z-GlES<V3@^VjBX6<eJo@vcNsRtPudmyoQnefQ1GfyaS8gE>jf}&7i`$06NVY1cJAC
z3k=+p<7};*yh%ga9@@bY@4NPHtsRN063=}UKXKe~=_!<vrXq&@v^FV;HkIJC^cXW(
zCN&+U&~nHaVM>B?4k}h4)&k6efgJopi<_GQX2V4Up>_;GYmw*yA;<_G6uyT^M@Kn_
zsyr5N${CAKIm9ut|9AVopt(o(+5Sv6SmuF>6$oaEHSFdnr5=*m`0%h#6o0W3hje#L
zNry)CiYSJtPZ?f+p6Ucc&>oXW2z6><<nA&n_sH4(>Irqew>G&-wX=8a8R9W$M1JnT
zV8b6(PKkHaRZ=JUqWli}yZZ#*fYABcfK+2&E|ZUROF}IO1wvH^RWnR>h_pC;l9QoS
z`@WI_PjK~$#_Ha>uGXW%C-cf=w555<_uSVrGJ*(2Sdxw?#_tEc^y<q_-9(cgo)s=V
zj|2QJ50^|25_{m1s?075kP`Q)e-<!)hbUqQJlcM}lE=}vBo0B#4k_)`NLEY`I~mPM
zI@dk|o<D<@0Ob(XF3`ib?v+&3Oz4%D^%{$Z6pam76Yd{h-vhLPvBxkY=X5M5)|$^z
zRIBskAT_c8&R&s(X*Kd49Bwzn_u2icMX!s_acY#u6H7OH+xZZ7Pt%^HoCqpkEjw9s
zch+vtw;>J3lBouY-QE+g<C76w_s&A*SR&yo*o~dF%gbGfgP0J8Pl};N_?^c?m@5}=
zqUmDOw({m&6WJ@it9M;ad#~V7@XyiHOxZJ6;N81ThRrry0AHlv<l)F+boUl>L7oSc
zp}v{RWXUuFL&V8oCt+YJgAIF$g|4B6!*`Q6FT1q`*$y8k*Nxbm?yr|>(Osg?7wj{L
z`ZfFgw86w@_nDbeQ|70yBQHTkz?j##YQ}>$5TsC|W&Ye@y5Gbj(x=*hm2OSu6WP8_
zj0D2cIm%cGLoZylO67c+y#50UQDxwGAOj7CnTqGu{q@PpV~#?RFxl*fgw&pAP16w3
z<QxFstqmsI-nQc4BPwyTP(+sWE)1HMS4I7~A5;MMm<F5aCQozhx*@Lz7pCYvx|A${
z6h|?hBCT8-`@|BLB`X;%-jrU#gR5PQ>I6wewiOmFspD$SqmQ^~u<<eN;x3SsBIo}^
zRvL_4(I-fSp!2<QIr`l$3sT_6I(R1MDc00)Hcz?wyspK8yWBxJq}3LvVGu`Iz_JjD
zis!y4`qO}z3zS&Kb)P5S<qn}s!d~q>O($HcFt>!9Ipc1|;M>^mQw2)GTZ~9z6iLeH
zV^AP5>UljdoFU0b6@b-a1HJ05`_?1kfme{FGis9l2!{_`Ouud|p|LPnONBoafo-;2
zrAWxA5i5`?BZSCmg)(Min*jrhohkwI7Z$>n4EqIO9}*d|&JpTrewCqN<%WyHEUp?{
zA~Yjm2Ow@!16kHd8E9;q;ORvZM?oH(j9GW9AS>;U+BPhq(5tu~m<TrcSu6;qIMSDK
zG+>z2q;PWqUJk}v5Q~Wj3cx7iP!?TZfRCMJ0a+aO%-rd6cJboo@+T0{BzOfOu*V!5
zpP)BFa(WM!qyC7YiTxv_DPdy|c{c)wL_7PmK;Xz{rSypN6aq&LMZNr3KZBCuqNbft
z0MS^!VWdSMm)%c=0Zd9hP-awt;#0DkAlNUGfl82+TU(f2xLX*nO0<~=D(irqf|5ui
z8O0n~$~lMf8i|{*EN|qfF^JtVQ*IQ0KBCBwY7?PhX;;0{L0LTRZfz<dn{1!fi*L!)
zn*81?kqHlIWJgX_Z!fE^gG6R_m@>}&qh5lPl>0j=V1e2qieJ)Jv0jP<f?8vP%n)e@
zW^K^KYI2^`CSqfSVwCk54=yJ)1)3pCDr4&};#91I2E4k|U5{gu;JXLq7U9MeYZ!-B
zo)&x!bIlJ(Wd0-3!ut;Glnm8I|I6YL%h%%yDgd`66d!i%4jY@YoOvQN6jE~hY7mPD
zeklR`(=#^9ccIJnqeARb$+tAy>{V`1@B`o(uUaY*oi<1XsS=4aLgS=xGvo6`K24x(
zy<(d?Fz4oBc8eJ_7LUVUb(SJw9%e#ZqD97A-@2G0Y4YTObFhSmybazN3%1xd;Ubt^
zFh{u9lyV}>T3J!qo~MmX+`R#UNf$ZD_7F<w8D(>ve}WQk^=y()dRVqSjzr+dF<e){
zI4enP1ynj;Xo7LJ^&8p_tHKy(K9VYa+I@T+B2V%~Qg<rmzfAvgk;hi0eS|Vp>Pfqy
zmJ%|FNNI_~e}F7`_eAwP?!A$*yD}}a1QBWtN-K9b*5+BFZk3#;+=T7p5<%-LE&A`m
zFj3jC!3ga#jrUZ1z>Z~hc)!Okdk3<J$Aw_>diszt3EOdz*Y%&5DLW1SFQu6h#RmV|
zIw+G!=+@usTasX9#G+KTA`OMz<n`cbRfo9|Wk$D5#45e^j3DD{=(h|HoMf{h6|0^k
z+wt)8LgR~+SSKaEa4NrG>WJ&Q+XQ#1yN-k`&A*7pshMIi!jmZz0`><Rf0Tx?+OZJ!
z)_R`7bENy=ytQ-mREauLI1@w326Ap=jYFK0*CRn6Uj$zDH?A^iw;Vkb834(&c-#1X
zUTAJP`(%_WixA@UJHLeLBqiz^+(aIsyQdCZ(Vci)W(08cAxa|Z^^PgagiZz^2pg>0
zOtNEuL1nSQMoh6(*kC9Gc)ER%csi#{dAbEBm8xh%YeFH}zso}nM4)o8C-GsOaxWuD
z$5jOe!z#4v{53d;#u^3wWdTZ+rQ*x0<On%{SUGIj<am59Qc_cjqsu%YuVh5>g&N3{
z9K0Qty*Sk+F(TiclLQNNabUg~q<xP?Ag-+*Mu)mO3%<c-)(UcZkKck{z7(UYq`YDC
zJW+xwwqKJBvyD}Bjz|Twa|I+05y5#HQHMhYcl>TG0}?R5hh1nOz!2|<AfF+Q#mgnV
zowzA$DCHsIn9P)vLj8h?yCMOj5zPELS+fM{QP9YXe$QgUuHg0>W4TDeHb8nMUe>?P
zz{*^Pm~=l$yS8w2QKO=#792J_H{7dG_&WLd=#>`%nStfUarfpoDJ2Xz$|~nySAST~
z#J0IRyv6*H>$DJ!`glJfa7VT)T1#*RHZg8+BOwLE8=+n)8?9*hNTX=b)hCH5-F>XS
zU<~7HNgzcV!tIgR_3Q&52sgb<@l-(-Pg;PRx?LW`@KCtR(Y}xy7DFmo!l14_Zptvu
zUO~Icl^VEZ^hFRL_DIAtfuuplAw&YbmcFog<~@XTM^lVJxwh#;i_tpPom(!Gxr!-q
z++|OvRE{3|c}iIW%9@Wfv&)ot29#uSZj++#C<J{lA(ZwZ@Lv{2_9$%$PL$1ZvPl#D
zY{`RCNoGM`-KLRYPo8NnGsX5H<lXwkS#3w_j3N|uaUQv4iu9sm+`|wjMEG+r%(9S)
z2Sv=GKu@ESfSv}<!*11Xvq-glbcxCT6T&^kGtP@X1|w_Xq@b(}yA*5!y6NDQTTt<F
z5OnoNU+Qa0P3er`@$6mJ3*m8p?C$RoA#U%v1A&e&l2?c^en5?#?apM_EQbvBol=5;
z+g%TX==2XAP2eZDN)3ugj21uF#9xE2_kvs|GxYjJQ~_lBPjHq#L!7%rBg#CfcioYP
zUirm}rc;1tnmug&ut2x2w>(Q3csa>CI2}w2A%XL&`C7yCp-*!si_9StMIOOba(NUv
z8<oc!d`1;1z{u<YUN--8m3*G41GRy<4vGYfHrgM5&ilw^T`M6uFD_(|#-HlP)E{BF
zM+nIZ^G$@|{5ZyR@Gg2rlU+z%rjza>^+F?|Xp8#Ld5Xl4<?y6H2^FOwU{X<&{1h0y
zaw-L%FH)K?sUZ;rE2=7&DV3Piz!@jj_40HM43JB9kUR_$DeprX6-YMmbjJU6EMDRV
zfj)MSQ0RYIwZJ#ndU!?gE5F^}d+>R!%hTNRO{55UBKsiX-1*tRT&7)`7-?vq7g^qm
z6H8>4oTs2VM{<nK@Ve@>814eU?PKkdBXF^#G;qx1jX@0bv?g;gI{|H}_K9PthjdVw
zdA}n|8hh)RE%UApS!N{AmK-p^sVNx1JaisaI;(U5yz%1IxlA%=fK}!iwOpPjb{=dx
zXFte~Eg1MT5NZdDYzAne;}KT25s0<GG+BA`i--}zBN@5lEHwbdFyr?P?S_N|?upOn
zuH#j9l@v{@1+@ublziuP9_$8%uuS8LX*+~3u<xE*@B^)l=uux2PC!tv4fMX2Y)y?8
z=%RCO$>6g^sQk>)L6m-!0R5(hq-Z2ILT!OkuvCe=8-bR&o#<OIq!d-6Z(JuAO?Yu-
zkC9g-TkN4-CDMNjVKXiUf!b{nHstAA<a_L5MV^p0^sHp{i_1~oku>Pim&;DTd@~Y7
zA)>h2$y)?~GFxQM?lOcyUJAJ=%Y-ATs+$~zig|V3NeIhX4qZkZhH?d*tvowO!C(!B
z@_XbIW)Vz&`<1vJz9ta~DK%o(^08@cM?S{O)R{ME^hYe1{D3z%wxt@%D|G3;6Y~v#
zmlwsChM!Wio4f}DxV(nX(}tx%2-?NXMo$3~rre}z9>}UyQGDuLrSrVE4YtP!3?oFf
zO2f?oMAi_r&hk*k9xBf2x5URoCA~Z4a$W>YgC?Rwrd>>UzU{3B5zub~rR3|=Aioh<
zgM#I7kYB$_Ch1+V9xz4ppzGl6P*RfRE)U8)54`TW^1#cc=diW#PpxqKi7WT+sNCmC
z`|q(;6N+4gjbuI+_^%<+$wQk)a4i*vf^Tq>6{1far`Jd(3X=1&jx~l3!NTS0%VobJ
zsK0@YA>ty?F5FV!iM|Hd(~Cb(J+ENm)45Hs;5Y}y_Tg3FH_Ae?2m>IR<aPL?0mkK)
zXyO0-zy4np%#&wV(W(!(Qfs1egd9pDz50dv(r>@7O&&$JL=>RjZt}TNnIwkc7bX2r
z`ng=CJ%B5OBa{Tp98bic-Lsc0oT{Pv=lqgDPalZe?Bb87!^@NL?q$k+R1D>imRlEH
zALSkeu0~veY&u0W%RDD)Sx?(#dT_bSuNrZOWi=j;PGa&73X<1b7ps}lu@3y;3xA%%
zm=OTQRNUBQnR<3$xbtBCE|S~nU})1LIZpUzM_la+%IokbKhs?4crpm}F@nJt3il<C
zxnF~ruf({XPhQvV%NUOBKXgmnG#)&I34r?1f=evZL_`p&v=IyoKc)0J2yeqGIei{`
zs!yz^=817s8=?l&kyIMsz7@z-5QS#eT^GYcOihn1pG1MldSZwYLu1N9f~_D2uagq)
z>qP7G)JYlADb^NO%Oq=ii0KMQtzkJz87Bc};)cuOT1PDldcH`VrJ*m<S;pIak$j5E
zk@2Qtsx+J~b+R?hxfp(xVpc*9+9Z|ElV~vjI@6oGNJdPBpSxeL>%egrNj|AK*ij!S
zuW5I^#l(NXW??raP<k_|(eK@`4S|x@ztFiLEG+F{JaV;MP~pg$EPBTFRwfJ9J2{_E
z>a+?KKkZ1^8=_<Pk#za~34My#P#vBbED?G-i<z!d?q%ni1z?da8g6|XeqG^^#YW*U
zfD~l2{%ry~S^Irg0q53qs5(zNq=ynbS%NBcp69!3x_QNpF+?Y+xbB-;zxE_?6cmlo
zT%AjGfh<MCbBLrkXv?Iq@w-7JiOGsZQt|5JcP|SKHw=U=r0rp)98+QRxryk_pqRZD
z^{7RBeF+yEZ<6;?A%J+yprAvqCkr#3&=)_#H6>~dQtp&JiIyeX-|P;143Pl}bQIFi
zi$#ihs|t^|tdKpXa?L21q}PxUp<(;4|4nzDO-%81RT47<?HO|F^2#fqT^0)~mI7HZ
z`5d_|JYq`xRHvh$ihd#WkXEZaiuYviXax2};UbhV=%J(%h^@+_z!Oej6kn8ib&kc~
zv#c$*=qKKFGaz*`ZhO5Iu3`%uiIL0vCoRjS5oBju;y6M=a?+Cb!^l1EpDr-(o08?F
zxp^KI1Mt1y6ODXzS6IC;oS}HBJSb(l=3ZFc01h91^`WLr8<7~&yP{(|^_$nLAHyCV
zE4ak#)E&ABY&H5$eT8*^R7C!QL5&Z>d5SxZ>OF1FekxGHe&@q|RrHF+*7xU(r<^Rv
zq&QiNBGM)`D}>mGvK>a%d2*f8k3ZiL#*&1-u63Dmx@jf!3W!b7<UW?za-Kqiqnf-)
zq;DmPPki=UN-d`Kl%EU=h8Hj&(jqn{Ga;1(_KT92XT|fvldWRK{@i?i@j6Ci`FTY>
z7`|K8bhJpgDB+LAi5_P~yEt8))DE27GgQM6cQG#lpbY2Hd(`)jI^rFh8}Wy(evw#C
zcm4DykUHPtuuN<;1RrtM(p=zl{mgs1J&*(?zEMJeKh^)h++Wj(0Ud30KYWY^I1~uU
zOTJhy;?bIGF(V%$=*+LtG9_%Mhw-X(nlGOzE}Eyz@pN4h71a8{O#EfFK@`X<cOA00
zDhA@@fZv{ep*SqUA=#(XV<27k{*B-b+7SX|{ACavXgQB#P^-+&-oa(jdnZRhuBj)a
z@4s#BO~{eI^!-y=AR<hZd!Ap6Hw3mqkydBifV`ys{?&NEu-Cbt`4YykFd>WFmR6Oi
z;YBj1xg@PZedd7>QubGu*`pdv_OUfUML@JD9HH<bxaAp-Ww}Zn+q8St#z|etbVWY6
z@_DgCld-yPT^ZPe7{*n~<4*RBl914Yn6?+LD_-G5*Rq<?jo*<4C;Glgp8izVU}TKc
zc~)Z-i5a@PK3b3;_7l$Nu(2Y=eV!Nz=o!?o4i*M~{q6;tq<BD8i6{&Gd-S=eXZ%E`
zt{SApb?OpN&1;L9iVXK+TIWT)pXiYEr6}_Lb3KT7`7!DF&t14qLG!8aV_*D+Oh?Hc
z3hNdl6l2KDrw9;2_LcI#>?@&|>B_>^2YYnM625(UK_BGpzJ13GD`rt1k>kExHxD%8
zCiq8ndtL0#XjH1p)}iWyvTb=dVRkxtMM2#Z?_#FPXk1=+>ze23e2kg8noo#n?jafA
z#$vZG(jMe^w6CNVc5VyIjXc=p#UDq@E-E31qBh37N<MHjFR`Z5jF%1I{5<80#{(b~
z>>01J4BTR6%jE53)p6Za3>?>lC?l`|$4ItC+JZ7{IIe2k2}LTQcMc#`S|{qFYeAfa
zlT@ANo=O~TmeevZ9a&R%U3l>Fk6Tvtp_22SjOd5l-1pQbojfBy<CM?Gl*i!dp>-%$
zKN(LIHA?LRI|*18jHAe~oz}o9gCZpvIu|);q%dTerbu|QlD<R%9niVSi9M~sZFlW|
z$0zb)$&Wye)rzkdSdlcfI;^U-NHKXD<zVeM#CgRoEM>L@MYF6ZayZ<wZ*hC``OS=c
z@QRohV~6TpEn#B;H^d=;phlM%V(2nds_xMTi<`0{RD-)Hf+#!SHD@jGOWEh>my1*&
zRSzf|kxInSmc?RM>t8skMOeDV;3nt?7oIx~cdXB*-n9BuOhQZm{M|_P)mW@-?pz(o
z^^RQF^EhQSbcFK$)h9|XR^Q<11jUfWFaM#a7^*i<^+MGnq(oRQH`Xir#%Fjfj~%T{
zsQ)jDRIM5x4pNhc>7rPLPf$=Aq+(q$U(CLk?iqnxXUK?5JQnR3`g+jk8WYUY)%#x_
zY3bcg2y$=gkP$2yL9D7TQXQ&r;4Oag?@SpwpQq=6q4#gsYH^u#DH+RgNh1o5bJ<!q
zv$W1Fr3}0)5=~(NrIdVL#pE94vEtv0eA_vT=tGs^{AUP3^qq@j^bFJ=6)y9QQ+Q43
z00uq(Jf*-uWSl2S3O2qL7GZx(JU^m*$kBtv#m&Z|?x-bl3hHn_`@uSgp)g~nIo1~M
z8qyw#RqkbZ11iidxU=bv6BnZ+xPhm$GdWd5^+4e*Mpp0p2Z>S6-r~9sFf@N6=os?>
z_rPYan0B<ZmOw@{6q1pQ^$DpHxGA7`X-bb6SG_d#fE2I*m5A1@Lb6bb#7q(>9zL&V
zS>^%3Wky@0`V~+{rQzCe_Pi~b+Wb5z>;XC(pots>3kLx8hnZ9$D2ktMEyhY^s0thi
zc`u<)h?$b?5=a)>QnDlOBSMIW76dxLXFMMtB9ug$_EQ)b_6&knmDvun4gj>1Lk_o_
zJof-3W5?A-)hiO7OYfddNjxaoqk-qihZqV=vrYB%Me3#~$C~I3CWq@KC*6^^?!_<^
ziI|*C4zlK};xxCT{fPvLtZ{7iFH1a1zd`q)U3|)jT%`P(8dG`z3G_*}cIi7k)QSiS
z03)&W;~_<H?b!Un+n;%j?WxK)gjT-}ze0bRqNT%w(hi%}(FbHmsCQi&BT{_9ULk_W
zvo^m>Av9YDkBYWQic*g@wl2$+1TtfEF7r)C`9kmo9!QZNVON+a>ww|A!u^yT#@KLr
zah>=%f_{g0LKmMa#ma^TaC!eN?wSQ|Ub7%QT?d&(XQ`NI>l0@JEC*2h68t<bTRbco
zD&kH~jEMNKrL6xv>*!d9aEh>Vmk!U#=uymDi}!`Ivo|6m-_xHMAQ2y8`q$$P6!Od0
zMhHYI?H1@UHd=4Uj2J$Sxf^5sjl;K^-w-Sv1E1O5-9w)yZzvPFLd8~qj@L(yX2=+E
zMVvijd9Z#Li#`+`-hcm;pKD*p`CAk4s8zydm1ROkueihtzGRz#+4{i0MkO`}P?e9v
zPe^pm7!t8iKwe06+5mWQY>B<0c`YT%1Ha*;%LTQ4zGTXAgC!Xc7+1S=x!BCILs87(
zNUt|_?_Pw0^0Bt+HA+i@e680mit3G8h=l%lfrQ(J38@U_`MrDj!oVSzHDPy(;F0hJ
z^4KnfTn@wo!P1(Oo;ckz5?`B;ZrJm0A_&Iiz9WizmD5#F-mLLs7Y^+gLd03d`<>a?
z&#R_&B9?KePQ;t0Gu?I2<2Nm?09~XW2N<F(lmBSMJc03HCvaEET+$XQDbAj2EG3*(
z0Zy4=av&;E1<c)5mNx0AlG#J}LW0ht$l<+Wnzr!kOR<vBN2J6W7ngMfA|h_X2-XIY
zD<N#-mFyx(o?qtt2cX>vJVUP8q)W^tFfr7{R)y&YQ60D)P9KwYyZu5CJMWFgD7}Xa
z%LJAA&IpLm&izRmI07Igc6aret^9w(ia}x!)y;TXvhFo<SS}@b=pa<UPBumr6KU~u
zRCtp|v=wq1Wb64;_6w?zqaEN|cuoT*z0Ka=JU!V!@qHetI1QM`Ma_Y)BH~C4GT1JH
zB+1?TZ72MruEn0J3-p&Y3_UXxH7iphXGa(DC=dlNos#=f<wurFpZhdLtS$yrH2>yM
z@Dw7@cnGV#i`>*7sNj4^Z!YzUPzPCLU@%8SSAi*yT);dO7!kzaUo%#UI5_IQ4*muj
z&HOq)V}n?gAk~a*_QNY{46pKhA)=iQTzp6PLKnwssO+8>MsbETN!|4`xtnDD2IKMF
zoCU{tDdPMHE;kO-V>13osNzC-tX-K%F_k%fLDm!76=5gzlv5}JO#<|*o|%-PNRM;a
zEp{~z2j8+>H)LrMdfJ9iG%bTXb$4@_cf>YnD&Y>sj)#>R9xy>1&#jfBd6X-kXRO?L
zu1}Qz#3nW_pHvyHo|9fyJ)&YhCUJItC4D@#l7_pH$*_LfHu9XP4*An6a_GQNabr4?
z%`$4`bz*YtLEA>hEG)c<dDW*xxskt(loDtFEBjReS$aP21`Cn)8cY|J(ScREGE*AR
zziv@)1?WeHZLu#HIk=ZZJ+;r!l|t`O63KnL7DR1(sx<~H<KV?8CiH%kNOm1X?f&OT
zRjq#&5h40$s=Qqbm@%)h3hVHli*}AaRiwo(A#LlRKQ+rM5%AF<SYByhG`uS*Y6DQp
z<M~35ewHQgdZQcgdyF~6U;m!%e;)Slj}glD=3i)y?q$g4nJ*B%P|$2_v+x^*ch8C<
zJn9cI5z19X#@v?uh?-N<<10?mzivr5akq6Y2+!f1$C9$H+VwY%2Sww>x!`%Eu!uoS
zyY&-wJ2a53jG%s00~!GXGVBSHQjVg|VUl^OQkGbWo+T|y*wO_#7yrAcF0h$e6AeRe
zsQ--=PTKg<&&Xb7a1m$dH9)CGgWX^_GmIz82}9g09l4rW%>USNzykW+C&3nEH0kX?
zBQ&XmR}2bs-w#C(m_WA+o{3+LSzDkznbg4U5lS)M3EA`x;LddJ5@l}!P`>i4qzoC-
zW+;B)pZTET-!Lhk-F>0R$tQvrzrasOFuw>6fUl6}AjUUgsMpiX)DXDn0w6iFIgkm6
zZqVyjOyt9tmhkjdor8v010j|yJc;lbizPKm_DBBd!?x|i@*BoV2@xfW!BUZ~mpaX{
zb?Nz}M^<s5k^T_jOk32oJ;;gHQD1$*<PnsuWstADSLpoLeoL0TL<QSm1Hr$`0u~(A
z4h$yNKxU8k_CJD9X^jE^91&i;WT5QoF@R8q5<Tx{S0AtY?{S{cSBxtm54B+Ah8JKA
zfx!#G7|~+;uGe=&zd``)^O-xVcU^u5Uoy0ebX*+HHVxieTi_!5!g)!OJ2f5-(*Va?
zm)yeX1wc6W8k5LV1goug41XF(@3AD3*e<6mkcTGcB2%M46NEGvnh@**g>hIFaoxhZ
zYxr0Xrlam+v>jz}hc50ODxz0g-Vq#k+O@wijElVif%!l$hPhOJPcYm%_WT?Jr<_Xz
zKHm8ZLH8Yj_F+7v<sGhmYq$>%3BGdL<<FlHts48_0)4z66buBZ#P-#PN2b{cL|)Oh
zVlH)emSc*IlcG{8<*k&9W5Ry%fN?lDa2aB5iSFulBOwmz51%HP8>pmvD&&o(BKGl-
z_X1&Qc)NOwDb_0h&oNu_`UgaYDsEAr8=ltyL352kt9#<huRL`kyJ&N}E-_{1t<09n
z6EcM&{R-&fTCc{aEhKNiE-)~gfFdLP(horYz0I#^axG7lahsQyMsQrPZqu=FJ@RX?
zA>)>Bh~9%|f$y1uUe=2M5<7o7gEt2a^$RXf+t$=~ofXH3D5vjODh;mPz;2>ofwcN*
za!YfbcrZ+wy|Pz63QGu|F>I9J#m3H4c-r_Q!9Lnb4CGTNeYGTT!noxx3?6TD9WH!r
zy5Zg`au$IdHL4}z$I1Gl(UVd%u;I1Hn*JD|_Cx=vrkBVGPk_S0Pw~daK)>?&QJFxD
zq4-yEAJi>kgDDJYb|@2-XkyZCw|{$zUg5HY1^S6@2r!!N&q$reF#5dTRzia5OypCW
zEAVYTU0qcCNd{b+nCZWG7#1Ea!ekBZ{#}-uqT7+9jYf3WF7^5J9zopPVMXp^B*tdk
z4mCU0Lf)@Hyxo8}BCAM;fc9`QONF7<3+~PQb`Ett?pMO5+?1Pmo%)U)(=yD$uTXhT
zr;6w<H~Z)wqR++rJD?oS=_S4+(g*$@eo*IVLZ&^x64T}_rz;Kic+e;(e2T72Z1n@)
zbHqwEcO|o~al^waOnr2FzCheOhW<Qr%w~0c;m4ux8KprqB+}fpTLlsiAl^5VGk6aH
z5VRBG<<a-<Zxf3x<g+sY@$^QIm(p~Pf$J5yVKqv0QW!i<fbcMJ;-{#QnB)*v*;1iK
zCJo6c96-+KbQ0^&=FzthH`CuhRJ$ZO&8D#O6DU4NysRE?J)Q0OL;Ozw*DvD)H0F~-
zf4^_|n4mY4e%EJ%i=M2KMne+&-y~eq@j@W_mfcJ*Cq9e0IydNR#vR_n_<~Tq>X#-*
zyTh^W#A%nPuP05Bmit(O5T<*%_WKxLMXxh%2=0Ou_9xG$+qK?)-mViV-e7n$Zs~w4
zx#m~!-DBuM%M(x;;*5Y2FV-TM;OeINARC$hat9`(RWP=MNq#%-6u0Jp5ffuFR=GUm
zwp8ZXCcL_DS_~O&2~;&55&6{ht|z7jK}}zP$NT%54nm~SpdQ!I^eA3pOU<M7-(3gI
z7uRfh%O0^$3Z>Nra>#MF(A{`?svU@J3j4g@6=`;UGo=+wWY!a~Bu?45<HLvTaon@g
zIgX%D%;h=OX)cA&7>KMbi8M)Tr!dUO)G1^DTKg&Rtz<epW>YEx!-ABM63<%MImV4q
zMppt6CD|AQzc7V}@!ntsHG*x<&^bk_SY&@wx>#wf;F-K{Om%Ye1r@^aDv_mTg5?C}
zw8XokNLu3$-@abWubgY-8ncQi?Bgz<Bq&Fm%f{gQ*L)x3B{2r!mB0p=le(OuM~EIc
zN2?={nonCIkU_$#xtz-_YuqiK{kh?Yc*mf(BIB__n$B_mmaoTT20vC<(&|%JQ^M`X
zdY>=V&6HvI!D8kvPSF=GE7;Mg!^QQKgnBvqe7*Y!-d+Ob(dgl9@FLBrE#yC5VBK}I
zO;IJCs`19jsGyS-!W|B)qdW@JCzcJt6FtYSv}*N{_<*3n?oZBv0tlfm^7%siIcc?h
zCXGY9%{O=uPM}3@E~d;?WXcQ&6>Lc?zv++>sRMD=DaoKeJuFI$7k={nGiHNV#^gLW
z6NN_wlQ9{UVA39_*K_!(@tAQ@j!scHOeXt!dq~jr1%^GNslML7J>^TWoKi~=5=f`R
z>lb6Q$>swcxSC5v;U9ObYz;}?V23e=fszkNhlR|wr&6GDW4KsRO&el<amZ(aTyc{N
z!wdbg36-0|hL1n_OVYpSchZcD0q0SRXPHO0qd*l&z-JStaPpQiMf}B@7;7?I>Gh*u
z;^a)$XS=(9eN5>2)pV~RC$Mu&8y!Rx(~c$FiJs?Ims7HdfX1mty!j?`=g~rJN&A{}
zmBZx-wtIb7gqS$CQ<%i~(eQk{@Ve`t=+}xy=2TC<x%-_ip7SYp0nV&>z}QVT<_&C|
z%QwAe0uiXmc<Dw4U!!@vt)AJFqyeX>n&cO8?}=$KIV5kd_l0Mah;ZB|f!Ta9QN4@-
z<B*p(#A%qo1AAUs>e`*GH_SC9k=JtLn>Sf+>4Ni$%tJ6XY6>tBFY3{0Q-W{sR=Hy`
zQ%?ys2SmjiL*KocqVz7l2noq1Qx&id!Q~MXz%6-E%yspv@Mfb`AY=l1qFBNC^>itS
zn-(CVBu&1_iL7Hcr7r|RQXI&C@;xOTMp78ei~<{tMgw&7R#$WS(4!qGT#9aGy13FE
zlItLFG)HK%_WLzqRShJ3!{j{gA8IC3<h@6H9jc7QkpKv@JhU}hROvFu(|E?3E9m0u
z^C>}%!T)<rQDGUzEeV0PN-FgFYD)d?u{JH-r1)V&Q{8pMZ~LwC-sU{7d*PjgbNk(%
zIC3GDg3F$~IEsN=;vBg*44tc~biHMJtvDiM=zk+7%G~OTfH($zJe6to5dy;W8T<G!
zB)pg|{>Sa64>w8F<H->ee;RW=1^HR0`kWw2;~~)y@7riPT_lux#l+92&s<aZT}=4{
zl+w}Ne98`fY>9iEV(5_RclbiS!AXMNoMYlOS~#A!!flGpcnq_S!v_%g<Pp3HBRKF=
zDbL3q1Kh9#RWjaD*N39frvkl0KGPjJY0Bw<6+&L1%ju!QgCQyYi_v-INP%{+0*O_d
zF7$zPFp1QsG|DHWPi`GPr;}U$`Fci7AGf?vPV~{l5WwJFXyEc_n?7InFZ(3_j+W%}
z^;f;kN66z-)Ku>MbeBGNh>|Qwzn;>5pCk+Xk<GqM(e7v6;nIsVanDag1iI^i$-Yem
zy%<Xrnw!(ss?qMa{d~h!y*Mxo@h8aV=NpEjIVLdd<XoUBg6Ht#H06MQ{vzIFc(`9G
zTIgumf1&BkPN#&#FXTnJm)BD%@Gp@Ass5Km)woY7vvIxjla^9C)%SVSBEZ3hz&78z
zF)(sCFQCHQEflk?Cg0>Jx1P~FA`@WZYOsukFo#h>Fjmj68hW2Nd5*Pnc!y*lDjUv@
zPgpTVWR&xi$Tl5Z#ILf3KFv*Y{e{MeHcU2^RanXqOi#W4p5a@d(ja3|w+a7srQ}jp
zeA8gXJ(u5M#zg#%yC=M2<2&<f>{``O7KS8IQT^d}8=nH5MORwv--L#^(|=)zs)hDC
zQ;v(ff(y4e)lnNHz!~Vv2|uUj-7NwZp?drg83PK&?Xk;*&s7Xd)Va#hqz0)JGQZzg
zZ>=4gqWiWYIIA0SGh-gOm1-*IAcPp@75OC&i%xZvcPi6`i9?DJ#t=(i#y`nkx%S6O
z!b?I?qi(w^RxhaA-w}}S1*hx~sD#qy_e}mSqtzfRsXH^ES9D%Tr1|prK_JqdT!3N%
zl6Ajqb=O-jL~;yeGIMwt?3+|POH+VTfKWBLyHQtB&iYOJ;%&5n<q6PlBG-p)kH$P1
zgMlZ%_V{3@YtC=q<|!kZPo^U+vLbH>zXKBQ+caQ&X96V!>3@yuQ{tNAQevssicRJb
zkX)L{zyzzcfyn8HC6KKJLJDvU{B4_d<)<69`<>|~IU4HDw$Z+8QQ#YE4LDLPW4rin
z+~hoQb7@m)?ZQk?uZN)(#WIU&sG_v%m0GBZn)Q`*2o#oW_gq{ozn^W-tFhVQhLV@{
zlboC&{G8|`Tq|-c0n=i^4t_X;n|sOf9Jvr$>&Vm`z4@BPH~sASchtip#T(as)S|{X
z1urMS%Qy}L2&9570tVEPVJVKdB76B%qbQ4ouiJd(yD0-d!t$aJX~wT2+!?yci*H>>
zzSzp*p^%s=i$o`AF1bQ#Df2)W;z)3})Lp-n;GYJ1S0*bPYbC&FS!IWm4QkL5s8hsf
zv9CyzznE4Lus1o)pSEezs1#@Pc1vh{<YdZxeO4*y{&h>N8mupR+l(t)cf2bb+rA06
zm)cEY(d=Gc*P-y_oBI9Q1mMDe%4fs8_X@UVSP*1AWKVeWB8`~J`)mi7U`|VBt^975
z4SJIJxxt(xu%;|kWH6+Mh%^ctUbHH3{s-dhBU1Gnaa6v2a|Sex#67eIw%T9atwLog
z#qziUW=p)aT19qy3}UN%0RlX<Y+X7-3g-82-r%eZr!-a(|B~z!5=GCG%+KG&d)C>H
zPYzIA46r#Hji&)WdB+rW(R*GU<7btm!ndUkc65lWYl9D<7giKRl&1Nr$19E{N_DWp
z_N__^pD_BbgPwEuv;5cH;@gZ!kl{VF_}AS^vuSQKH<&e0<X{&SWP-B_C8N87Z67IE
z{%iQDZb9VX<kKp-v@QdjYy+qd4@2M09_vb6QS{oq;%Y|x!>|Cyu|&VBE;<otwe$!P
zBduTj$CWn4!d)6l+D8$aMmbiHy6dH5`390ub#5G2!!NHw3#tf};Pws?ymkw&`@)4C
z?SM5Qw@x*MEN)kkl}<cLl_^1T=9ouG9_5AFudnmV&3}Msfj4f7Q$WVjl8d1_V^JGH
z1`1PAZ^?}11I(C8BYvgU0{btK);}y~;~1ZW?hOUaj-dqf5q>-nb_YB1>;lC0w_4Ga
zd>&8K`cT?|bYeoCa#UsgnqPq*o;C*-eIqQMz(i8V=y-BZz@i<z)&z(GnY<X$@@Vn_
zjHbEi!>VFMc_-iLXnWLeLZdM<*72A)W7+U%KLm<ah*-z1^x)K3r`u>)ehq2)xS>d*
zY?x<nn1^A}a1O6DX^3U)OD6Sz0679GBRDr7!@@u-(}TfLjVhQ{+~J{MWEl5!7y*W$
zdQM{@k${iClF(d|>CE;>$Vqz{hxarvS}woou1DXvGZ2UX_Z<yK5><V%kjgv{m(BKZ
zHFq5uzN^v!sf-G4a!2(WIv}-n3xp)9_4yKZ8A~V;FeP*Ej4ZpNfp;Safi^p;c8Fz;
zX-^dwCKbz8Wj%scD6cB7$#_GRJyNN|oZo@?Aw>Xbvl7;SQnm>VfCw4R3c5oA^8=_~
zv&V$vZsbqEoFK_?yho*|3Um;^-=2bAsDd;Q)}dDg{dx6E;$N@kPO>u*B?ytilx~UW
z&@G;nN<GYl<xAqS2neh1f;JhN`eKsUV(7f(Z;W^D@x3r<!J4Yh4nq&P$#B|@qCF{j
z@?XzHQAj?IbEW$GOn{z)7l~Fu^|&{xp`Zwi+iQeM#$}(cq)!OjjBJPmhj5M=iSVXo
z@fCT#5ZfvP-&6WL=^cLRX+FF%SfD3SymHCWr_dLu!~xf5D1Nq?)l7x^4SgvVq$(o5
ziK2eHg%Vv4Av-C0RZk8hoR%4$AHK0Ht14}J65(cvfJtRtUv`93S-ouYYhhywiZ++!
ztbbQjb-eOfCu*2jXm2#)E0-c#B^0A4`Ax^3igmQ-ey=I$+y$guQk|c=>x19Q`OSqc
zHL-h0Csp*Q)<d`2rT)v3>Ps^5%TlE(LzzKd1V~u(!IwhH(L_&9GH^Q2t?+$CybmaA
zuegY&glzY)Zb=_Yk{0EJ98EHCeiN(AAc+@&D9c-c;4CV(lx|LQ6J^*Qdc+Fi5+#mS
zQ_@xRAyF!KdDa#uL;E^lv7%-QkTZe*`W0rIaR4N0xr<||$K3Nk!jt(CQK)2*bo!=b
zMUc1_o8*Dj0NSQq3!!Bd#7pT!M#TCmeJAkMkC;2A3{kbPt`L*kej;FsI%I%S86iix
z$lj4;ob-7igM<yPWx7yNUq{YDuTDU88dz>ir=a<=)%iG8g%6>a58Hns>HIzxoQ=@M
zWM))u79-Yhn1ql<YjJ}hzj`vDCj${&Hdwl-`NPWW9wcE#!8N+6(#ZTykj)n9U7r|3
zwP;#fVTghZ0b}*v48@r5%U%fbz`N0bI;5clB14-YTUFoFkW0d+N-I*|eskWJN?bRZ
z4#EZEbh(8Vy;@XsdI7M?7yt-KI;V;b@Dn5Q+&+#ZJT0lGoQn{;M@iYrdtwY+%Y4f-
z2UU%l5eVifZlG>=*B|sGd@7<nyPO(?Jo=e%2hUFBlBNeepdSI2rRpu3a4w(a6PnSN
zV+7A12Ssq$|GO7Th)ofr{;_$Od`a~A0O>!aaP0$V{H=4$t_BzeaHQ>sVRXgY^<n*;
z8}O7QMXVic^%lbL@PT-Jn6jJopnfDV#14A9#uVHUqNnY~!;C@VGz;M}`BoJ6Ux|Hk
z`5$}PuAVSi@Ui0hv2L!epi}yX%44BjOiD!=RG%#Go1ijOSH#ZmM+v3V6{qXaP|}aQ
z>tH<cn36hvTq{Z&MvfX|926D5>a29rQQ6NG8K1WtAI!AcjL^5>o<LCO(GWfG4%81y
z(Y=_~038p_TSMT?d&V^CQ}4Ro3Yr$Q?^Y;r03p3Tgc!3g9e+uj_t1i9bWb{dkq82d
zy&gCKL~qdut6R~$0}AL%3AD>y)~*kw<4?yl+zFy(lBuC`fZcxZ3G$c060gLY=|6$g
zSN$bq)L~a1PeIDShw2g>9DLNZb)I>4gu;b=^<KN!DCqbio{4)@z{c*HcJmJ|W(*$<
zk>K{z_Ky)#%PZRVyV>9S%6Pg8$ndC@815-qBp68p^rOHEcLb8S7z_ke<_U^!8Cs6V
z7xSxLA9mo+h<DSqm@aPBh7~0%gFoRrRON?PqE=u;!6v8nMV;Y@`8LM3Uic~>&8LUJ
zaXg3R);WPUhMw;B4|?jl5^M-{pmer8C<#>BhsV?QuI8u1KXz1ETEoIr{aALAHj=uA
zm_PA_?gOk+EQW~8_E{r*)fGS2N_mt>>0!!K%uSYCHV5;G>2+PB2Rxm4G0;gp>aeOR
zqPfEugZoh*0R2jeKW~un5{M0IAX1e@P^~CiZ`R*gfLoEnPd^Jgc%+JhW;D>9OmY3{
zDj}l*<W~YT9zi^|)$IA+X>FGAmR9LIo?ah`s3lQ-5&IQd=I7Dv@OOGxKZ-z;9dtYp
zMfe%_jBA6Aug{TBQP&pH;)aAC+Enj!2b$g#BK1L)>dBwrH1A{w9goMS6DV>B1(rhI
z8#Zk|{(X5r$2dqGblhj$9r0O2FeFxU%q`AGmEPZa3u3}q^ZwcLA8{hAeHQY5a)6ne
zaus_ef)Z<R+1lB3A+AZRQ#EE!Q#*t`N7pM+MJzlS)fU;b|6Y3WzWQ4%3TeFhQiK#{
z=|`O?ik%|lYcyiehneid8U0*BiI>#0VQJ7&l3h939*LCbFr-~6ncp4exFh*OV@LX-
zDRrBGpDW$<rx*P9>stRfaE|WZOlOY{cHGl3xZigP4qk}&*fk%GA8UxC3eRK?=4tVI
z#N{2ecSMk9)3CX_MkAv-q_`vIofg!mlDsFcBkZnkW??^C@hb(G408ZXEmj7I42Sbd
zc`pZu40G1opX6&1AdaJAx*fKwm%NsvW%Z&QRTvG`=W1GIJm{GF<TI@9Z|pE*bv?pv
zxurDM3Ur5N27@X!iU)3>Ro<iF2JQ=8_!yVuRHMmwbU`y`qYgLuf@g6HuM-bom9o7a
zzw|+jHhM>Rk%E-KCa)`!FrcCBsTAL?2I$w*D_)TCK)sB@s}uSX(NwewkVs$_Nh8Y2
z<8J1Xe>52BM@<l7O*Is13R-7rbXrYf4YCEl>zRo;6IXzfw%!KImQ1FaN|L3fWAN}C
z9ziXe3+71e1L;lL2Q4D7T+fdCCz2nsR@-Go3dA7lCcVhZudCy`HmS1vO{~wLZBBf~
zOqz_p;v<r>9ZmIsb7xUrqhXECK`c@~>hZCS<2G(T-px2kqaM~T-_h89uI|IsEf}M5
zAF@7sCwqxslDIWy>qdi%X^Gn#4@y!b=4$|fF_l<JTM{FQ(*9`(_BN`oe@RD9?V$%=
z9eBjXRCc{6xFw`>aiIM$0U=)zAE+<;Ja@a=&q5y>f%?l9XSfHC7uVZUXJOjwP~LT^
z&o#iPvk?R|vwDAAlS0_2La=<)Mr{;C50Ed{cn>hiZGdr;I5N>Bc#O6=CE}Xm59~DD
zSp+Nt8p5w6)O`%PrjyS}14@S4-EZO%WBkx#If>DFP+KS6b=~oC({aa`4)%@XSzW!~
zDu$>Kz_{(t-P1N-VV|uS50NJbV%805=rTcVNIJk>mjRxP=m;*+AoP4&;0`eyeN}>;
zz!~G6j7~e~=%X5NBjo$R24*YJs7+kB0+I0-qNfe9iQIjFjHRYS&BFd`J|Iy({*-q(
zj#=MLAcHFJdy<P8b4n1h7-9g%Eslemfbm!28YCz<QNMUu^0ERQFvG6nm&3ycNP@TN
z6{%r<!Phz4ydnCB0P(`~ljsP5SRu3Nvm;`!2YzgbCmx5=L_>a}ky#!Wl77?Ygp7O%
znF==5T8Reu#L`BLIk9uyS*{ex2##L-xLHI`F=)J4K@2eYXDk3mn-X`XK}Oqxivoiw
z*to~Ir$j$zsG|<Oa8*9)&P#2G?z#dbPnd;lMP@<~^Oo(lGdjq;CRfE{?4b=E_!e~#
z44<~5OVp<kNe3H^1x3Fm-ht6gm^u!2xC3-Y!>6wU!NDM`7;aeyVo4c{MEm9gG*Hx3
zv(?+J1dN!3gFqskjYYB}n8KqY)flv9UDMWVj>kvWrx^ctBK2<}X#!JfFIu;+yU#Mh
z*18Pk1aWBU=%F|RfJ=#n&se3<7CLAxtI9n=&sOi>A4y=~oz&?*s-z6xneWx-^r*rE
zX5xy3IBv|CEzKVFiFEQVgHLKdT31ny=7O}|6?*IhoY)*b9XiC*wnCl)DsV{$MP<MG
z`rbta7=8D{ase}vt-mfz;;3$xhuW_HL;+;$j#KU_5YgAYz_kmLQ)J3n15mjlVIUT>
zP#%YzzDd6o_`M6EwN|l9gR=!`dT@~$Dm<V?$9X8a#S<<;y6gICZK594#kU3)2#o+S
zGD*a}dc=9c9Fwu#x$M*00ESxNIIP`}(t59~7^_hZmAcr}*OtN`RUur|kU(1M$m37l
z$_rEO9BEvFW7?@|EDhr)23x7nWRrK?+x`0&S0UXjZ4_}_$D&|M6cu;iL?;Slta;<K
zeF{7TVp3SH6YYsINTj$7EUG;3C+ZNw|L{QM&I8E@O-;{nn?6-<ql4s2ae5a>a=HEZ
zE|$~B6W{Gq-6$9AcchhNGgL=sbT$a<oI27!OpJ%<6Qd%ZKgH!ZG2RbC?q%e$1>qS^
z)sP3D_>s~>!teIW7zRWQ^(ERow~V?DSk@^cEL-8UjZR?c#&I_7hLOO)o?ccAP)~e5
zDu^+TWwrKc^7*V|_Bd}-zlWnwk?$mAm1ZGMca#`LaW;o_8~1Y1UEi-}+pjPpnoJJG
zOsdAo8$Oy<xkX@R(x1mj-Jo@_?ybg^gH`mE!k;=R2fB~fjYwks_S-$|JHDBjazVb8
zF@;1~XsJHe-^p4Y!6=5K(cpxO-~siHG@MsJ<(U3Xe$Z!&p{~qYYp4T!zyHpSsx+Pi
zc*xJc5E(bFPaT3N;h91vn5h8q+>OB&tlW*-Gn4?<fEjqJ7wx(htU_hmV#$XwA&MCb
zxdFKvh?^h?<L?Q#k)6PViupRtEgK)x6%A))4WYX_>n1h3*8Q7_3(IJh3FBb$x@z4m
zeC`_`Skmv7cY--oqdgY+>4B<QOy|@BG%7yx=)3V=FB@`rAr_%T9he$L!i={44YCi3
z&wSXZX!E{7<m&r**^X~EdPgs}Py4R+$OeqhZQu#EakDYtYKS%Ak<n2TUVIx)l0PXI
z1WvinAu)t%W(nf}@<83CNmio>qFZGNlM{*hwI0b!?UoO8x(PeM8$}4p_0nB8oS0H*
zTs=_?%Ij)Hx8(F&ZLF;`yEb%6hfkqxXdB?p@D?PGZf4selu^4F0o^LEuRnFIknTB@
zfbD+97%uQ}=mEo84`;|No;kkcM)L8(RejXxWw-xslccy7*K=8z#l3Ocm)!vuk{rv;
zaP$nsm?vbwji`v#09$@F-B`n21>5g2cZc))NOOs0!~9tTbr^b{U|-G&)X|Rzw;@;p
zLY-&>A?l`3wA1|m+ne{IA>ZnlJa0UVZc6OkamSLt$CAr*v0H+z;{WF1Us_x=Z0~lB
zs4>SfK8GNK?@u_v62K^NmCV^j-TwUkgLh)>eL2Uy<p}(`{*~sZR>Ab2{rUZ?OkKZS
zv}ZBqiA?X~={rJB!i>a>I%MaKiyHT<=Um9i(7(b#*=FC}h<8sJLH8T?V>H;^^9#p3
z5l6k7F&I2!AJa~hcn19fpp4n>zmU}y4&a`TSN{D8Q;_eGhf<q1IoEp<cn8i@B#XXl
zwt2DwlY<f!h6Tv$th)}<_Zp$LRMz&jQH5eB^&db<kZ6sloMTj=T)rBtB6;>r;Dw1W
zZVWy_g+wlXguq<=J8hyB_pxt@xBz3KM-0~8@3$$Kcj0^Wp&Hi24u^%{mU`PlA5C)1
zN#|cX?o`mWb@g$ac;Ec`Uhi2u^V?fkcig%?jB6XN=ra`GDrpd_B?$S8t0N%LD&@jO
zF7w(Z0d}9U7#9usQA!Lq^>Ou0eoa1m6b|%}Qs}i}o@-$mPr3VIXK{YDY)6J}lAgNm
z`yk!KHdW_}XwdpDAF(-pM^%d7P>TyqT!gHv(#~t4Jyo(P<@Iy+^R8~G@fwk!daQJ_
zhE=k=q3be=zixP0^=;hR#?sDa1J%wA?2JlaJ9DRHLLZCk;um>$+pMjzNv`j7waI7H
zg%3azz??4|Uu}rury<HCYMZvDz3Bmi41D?iuDp8gR6(J-VQ@$vu#EMgAk0ABs%W}<
z$2OqYPDR1!8@`i3ZnnB50ibHcfZH*T_F08huH&M+KCA)JedvR?;}8`Z-`+L<all?G
zjGxH!dpv?-gl^ge?Ha!xlp)h&yJ^gI2akC3_^Er{hBGHGLXR!er;r5a_{({+Low(p
zseO%hKcBGF{SL{*WTWrV&=CmAD$k%Byl4B)@81t0Jz2;PY*?(8*GT;hA~?^c!I1Sn
zR+0?ckhO7P8;uSw<!J+&bn^$ILx!Qzcn6Zni1nK+Fw*SsP3$fL(<gqYs}l>WAN*rx
zdsiycZcZd%=&W*)Iy7XUrToDkPquLe9xdc@hSa#W#c-RV0R)Ku!iLc8+T%a8!-o(p
zY9P~#M!6gQrsQ^!G-f_N$ZsH~{ZolIl~$~qLn*5CMIvjArVX1cQ^zK{>9Cz9IG|Yh
zunb$Br*5&Z9K6ksAX+6-QnsS5fvn%4qxXTv6^Xb92K&9ZxoS_K=Zk5^p{(yorZXTw
zMmDg!bFx>A&=9P;o{<!}p@Y-JCs@UGOv6WRPqG((moWRz?*@+Xqf<~l)>WQg$~$LR
zj)GT$n#NCF{h{6{(p#hCJ?ZMp@}Pg4=+O8H0Ceh$agCiIRJ91)bTqKc8gSKEkoFlM
zGXh$@W0>#8jm~N{xOJE`#$&4Bmff5?F)l6{O~mV_POjiC8-_4d)=Bm++tCh4<E7n<
zc!Ke%06rwKOhTcWUI02Wg2?}ML<3fvMKJfmjREjJd&U=bmGV9YNb*kKXhIQ<M$l3n
zD{^f=v~C$LAaM#N85-FDl}!VqWX);$O#yMU=@<-7s?;yUd_Af|wyo-f$T&^55sokV
zMpi&9hsQ!1t6el|tLnAKdBBqi8e`G6iZMt8uEXa+4|NEtZG!uc6J&QXi|VACX(KkW
zBa|dzg5KWH1VrL<Eg@ls8fHsiZ88V29nS(OO`K2DB{xiWeYE(Qh|*i5R0<<thxgh^
zjO7shAN)DF_$IANGDjfATBVPlGc>UzGr&8~pIX|0NEj0k{^r(6H)ooLGy#TNXA%eG
zf~b7~bic;6AZQl2qq-6R<W&jQ<Q?@XUS70C5pb(yC`}1=rQBaJYk-5`{ASrWvR2+K
zNs08?HLBGokz`>fnt%cZnfJUO!S;X~Y0?{tk<`A9S2GTTULg`Xb$zvkL#$D^hffT8
zt_wv%YW;LXK5?LXKs+(wU!>KyR5XKFX=4cHSD)=cSaFDFj9^!)hZ|;{?W~s}uV(l&
zC)2M~$T6goRYq*lKqsB9+nvOk&QZnp&FwA5SsEV4q4sB54Gfz>GX^X=sWV6xE*hGf
zRPlP~ONuc+nk4cd+?3l#l=ABs4#ygDk!7QH^8;%BM2_<BSV5ZaB#!lQ2Pn8w=ugPi
zqwX`FweGsH#fcF-BY8-V(?-j6BWTl8GUlWH4XtETL=`$Qz(@%1lhWR!=zq{^&l_tS
zkWf+}W+l~cV2Q~lW`*!*2#WKvi7rNcDAe!E!Lh}avY?+qcG7LpWy3|IJ~YA9++W_D
z?!;j}JXEAXCqEOJuuV-l@8*e-JYwt}cb;eM)KE8Q9dfrD9W@#$WI+iO=S?Cwt^rT%
zL6FPj)F&+R%E=N6`&1S3S*N0jFx}%F&m}$BTom`rlPdvf9wM5n#_z-sUkP5#Qu{I~
z6;!`O2_wMP>NbVT-)!GG;I68&L1*Wy-)N&z_cP$(%irXl6ZrmpmDzMJnv8Q?1x@I4
z2qaNmkH)#XlU1m%bP-I^Gy%%CDYTQ@*qD!TCA}D!m)2e?K8=a8to5#(Y`?9N^x<E?
zcT^42@WekXF%FVy4P-4<f2@i&bv<Okv>Uzrwf&x}%Jr3o_4?F1?Za*GJW<wBm?9%w
z1X~huEWj^RDIb2NgV%55EezaeLOcs4*d)~<5a&Zl*_;Uz>}-_0n!UezA9av-Ga`Lx
zZ1lKmVQUm#aeKdz<xqtPQLr<6bFYXmP*miFgfDXOR(Q7A`V~LV`$2*rKt&#$y_MUm
zWG8~)S%$KQw2kDIj8Oj9LIDQxSJ};!H?ZP@+cUlanK`b!TZPo-A@JIYUKG5GndEz-
zGTdG9S0-)-)X_7I_Os=^BItxX*`%<lA^anNmQ&Q1j>gQOV72xp8dSje9%py|{x`wi
zLIN*BegKd>7<mhtb_-NYrwzatGz94eEyi2`Q8@kBh3r&Ls6=hE!f*CsK5g9?iulTk
zr_VAJ63(5}DKg4YQ6{kc`VQShGW`<a3XWaD=PFoLy~0rhxeEiZpFJZ{mhVp|ebgzU
znS$`F2nmWW=3540sl6RQPXrRLWhT(Vv}GHs9=~y?dG1SWEMtdp1w;*Oxw5+ZXyg+6
z)0O;#R2)Mq*6uUXc00$?o$q?iBMyc7F=t;N%Cj>5(o*PRQlrAgsRyD8HgJYvMMON5
z5o%Y}gg@0wySuppat)Zh-KRt+_d}B6+3o&*Mp763Pq!V>%d|o*tn}LYN`uoH+qhvj
zPk~!wvHzpi%C$53{+Zsnla;EQr3lzjjRwi{-$uu#A9bJWG_6y8_^EEav;Ci}QNO_W
zSYwGs42~dmBs<@2Ik%90Jw7JDi)MQer!A?8B*l?;%V)EdKPVUD3ajfu)M1Q2w6v^c
zCPkJt8T+&Ah$pIt=wz+oQ<`i0QrA!SF{5Mhu-+cNzVFLX{8CH&e)z4Nse>-$LdPyj
z^EPQ+nB|^KrX+&pUdxy4KC(&bd~ME}ihx6Yx*A=bJ#pm`Q-|Ff6;WqBD$0q(a{31P
z1x^L;%Cq=4FFaG@;NHFN?=BbLR7Vw};Cg;78k67Pl8~5)p6AyqF4yF@6oyih^K+Rt
zMEP@iBO(Whmef@l!*lP-B9T?M8{PFiLA6UULPqNXl9n9*H#NC%FsSJLC;Bc;l-#T9
zv$yrGDWo(mUX^~CrDajN_s#(KY<V4}R-%AEeyr2aO-XL=KJH)gY0-BT)v+u3_rE<=
zNwiwMH<Go6<Plv_lpE0@P20e}ssT!OCae|>a;@^Ej$IWeJ~|ibKb*;dwm&W+9}YgV
zifX3DlJXtc0)^FAq(Sl)dG990Y=Mgza$lQ7+oy_`^NS00E+s=>eYrSyxuo3V^6M)P
zhKcm$7v$KZd{TIMR46-4vYg(ikI}$!t+_ovXXx&N`QbgNN{o*!<x|M_F#!p@;aE&A
zV-e+}nF0T=#X7ot|8CLTLd16z;CLC~g7wgMMYE5{EPG|CLIV)+?ce=NVuxTu4{aPu
zu1r@%rdHqZ0>pR{i4<C&g{b-ivYAIm4c(sYtj~gs`hmjCizv8UyW^TDDX0ntqyawV
zgi)lK^EzQik#DdBj?;1oqgWt;Qcfgmm_v(~qk9m)$`+Sj7@R(|nCV2FbsdIO>m`(X
zh={@pgw|%Sr}scWun0?OuK&<pP)DLX%yic)5*#P#=Wh0EK4-sBgrJ~~@ZVMXN@S=A
z2zK$Wdysm!4)Oq3QN7P7W$sDvzA2T&TzQEo8IZRk+EH-d>^RR6F}eiwRdkHx%2bk!
zy^4gqDJtR<LE5E$H@m6}HiX|{9iN0ecZ8yMvU)I{I-u7s!$cy5Usw1XP-_nX_k<T1
z7B;>Dhyy6Cd11sxUl5+kM%;y9wpnp2Z=s02ELFP#?VKxNT&vq&X2k+;r55FPga=8z
zSkdaq&<F~pF<xF1IBX28Udd-ZZ8y3zOC&|DCE>3tN+9`&T>jE2*g-fkLKVVUI_hi)
zBIby!)D4hZ=SF{c2%7{F$Ton?Y;mq50Nw6!HT+=)tqKw<MCDM*qDeD$R*YXgPoNP#
z6;p`%a=~Bs_tBQzp{Ie-6q&*iSn=e&@5h6BLlZ75b3L*fi+L_|uyWe<@m9-Rj%4<K
ztnom!-&iKh&HnPes&$^*+^<FZT<y3rN&n%Ce%EIXzNRUPXZ}M?X&+IQo)Ii0*dL`F
z`(xeao^V_Tsa+a#%t`ut)J1@EH?XIeeu9+k8YxC@Cm_)bo-Sc`O0KKwT*fvM_KFxm
zkC?Vu6m^;Boh3BnkaRAY(ONemkKr+Q`y1Xkyo|yT1p!ihM-}#~x3l-9PYTa|LKpxz
zQH58sk*`vWVsI(?x%#kF<Z6IC5Qg&>+hF`-4U)h<8wmtEh-<u@#y0mplvl%fHhhgQ
z9bjBf(@1vII-%PE3>VdP@42lZ+P1@k2nvkztp2yxbgoDknh{YFdl=b-^=UyakV{o7
zc{{sIj&)VIdwIr?GeX}HZrU`j;)6Cg2!X7O;kkH@gsC8ws?6SQ*Fk7V4Uug;ZwKiJ
zEImNb=7n~qZKz8SkCPNcL%U22&JlP$q$mP|vFw;<RXHnCG}uPML4C)-fA&Pk2D69i
zX$k$1%?e)V14TtaB<oUb5?l<0lC;Q89np;Ero^z-;BcGdMw>x<eXfzqXSI*dMl>L;
zkDk-ENgvZ)kAvxRF3#n4b<jAJSX7;~@{EoFO)M2nL9mo`Z7~s57BL=z7P^@S=5;qM
z4w9_vt9D@|vb78!tk(yZ%Xo;d;^~Onn1O3iV%A4HshEZ%MR@cN;Nwk2GI6e=$8AjU
z3NxoxW=WStf`kqp%0-hx{1eK~1Gz^2T1`TbrOp=@@K)pE;5cwV@|j`WDfnV5gAM3E
z;+`M}JW`QB835AdwLs_4_9H;Yz}z7A9>d6X;gNOY9Xf&(uiBt6j7>uy0rdbq+CiXR
z;t5*>;`20UQ9a4LsH;w1Kz;M#68dyhY&K!u4TU}=dr)n*ebh;ca+K@4>*E)kv8&6B
zs>(-_H*o0y$a~l_){2U3K{ex!`c8|sp8{%f!$#M&1=nlD@VV1AAcCW^nqYSpP1+#6
zi!=Q#P`nq_{H4elXhu>zrRb21Y8VN$k4ZQfb)3{AQD`@sR-xuVf|#~Ny6Y)nbSL#5
zU)~^$KK@1xpR`uP*&2pfaZIsinY1oLQ<C-?<G1;xi6{Y5<Be~C8tqNLh0LYU<dw`J
z`w_kc#eRk7Q(qkD7zxerT_k_rvK!g9Qg{7<uoxmN!k6J_<JD7XqsIA|+pDlfc5xLr
zPi1>zaq^nNE;=Tex+fi#M?zX4!VsWK!5>fMK@Rn$L5&23rt<oL4_g&PCH$BeupF37
zg@mMAy)tOum;e=vgHuqBK@C)z1e3BxwT|k07|{i(5}gc@2ri;FyhD>(E#jG~qS=2d
za97!DUXd|d-7BNjif2y)yol?jq71ovN$Rw!b^qYUI7lqjp&*AEGf>&u`4{L56Zz~t
z<8sL#w3S4=%b^IZMmU-#YoflC!H1sYCzlN?gAcD<yy>d;3p{B2@7-@DIW(_00V-w>
zt0z)e21S4!hR=`7$<f}n6U!5QOXWeGyuVpve(^1^y8y2^8CW6>h246o{gDw<b|8HS
zRzsQscA~xrZZ6}Q9LS||%v5#xMC+~(gOQ&>LUF%&4ppM`LRm;ew0#hyFxNhH`oR97
z^+05!HbRO~!MuN+$;dyrUz8ASSb)KD@0e$MEpM(7)9@Ju#h;kIU=Y+m&m;LcF`jxz
zD$`O&I}ct_9ny-$IeQMr5bv&vyC`nhQhJsyPA5LdhA7)<Gi5&)Yb$>pjg;bP+zuHD
zCTJ92OJdS0w^y(>>0DamEUoQCHfr>v&LP`=BML1JAYN_(I#+#=Zg9~mXETDhCdE!0
zhqZ8#P>j`ToktW04@35yIgE^upyI_hW#7nh1#?7O2+BHSw22Gy%?oN7Yv-^BPW9@z
zocci{e~YKvg+Ita5bxSG`Qck1E{;32l<d6vj&cGyZOw5(RW?v98irUt2JRlFtwb=0
zfQHJ=x>}lXb)G~yRzN=W2<7#pVwLN`A#0^pR~SPxGvU%fi$h5Dsya~2nt<wU-ez}i
zZ<4V1UK&?t`TZKztI`V@<eO0tIdm|TbY(QZnjn-B#Q~7US<5#D#KW&|VNNxM>aIgn
zhM0-7AG;s{_;DwaZL1T++DE{YW6#fhR41R`5jDmfnee~_7Wu)*d3<8nXoY+Elw}E%
z=8e!e$F{h2j)sY|ZyZ9d(Qdd2KqMGM0D|Rg)hu!6xI5Q2*A~hCH9A*fAa6~zb3vQ~
zKg=56h_p0E)|aBe4HI?UBmwHw;iSVH9<b!gbOTosJn*~4Y*!#N7YrGSE*Gc{RMtsK
zv15s{617FQH5<A4tA&0G-^Ssd%W7N2W#t@)Q*uNK#lcr*M?E7H)vzJSD0mKerO$_c
z)is}g!<3!hur7q7Uil#thxyzO_)=Kqxd~il^}x?(DLDwFB2tfjRaD>flfqB?vlqWl
zAFRDH_<HEwPn%R|Xq4?p00e#GUwTiqlpE|LU*0(UJ~B&DlKWTT+A{RG`WH&M)g2?@
z&1lZ^QcqD%yde@|M1m9-^jnd2&^V!y(=2E(82#~f^E+9Dgw`BIT>#VxKl{1C`#DXQ
zzp3;yw0dq{`cxCE;O+IjB3U;FtaDgn6*+g~WXlb3f){g-ygh47Yi@U$ZJeLbHeFw!
z4~b5ZYxL<ONB~~N2y<X}y}Gie2}ve2@0n9UXwjuFqu4Z>5?IQ!;jAcao@Zd3m7Qe=
zxsMbTT1UvQ8btrZJ5${)d2(F9S#G{j;BOU*5K*``<tS6#OP&ylaTZk)w7peEqzbH*
z7FaX@^@EY3{jg=^-BfuK*suY33_+fv%Tc$QrheBLc}t=IbJffv!VZWgoso^TogRr=
zqx2Sso7p+q-t5g)U093~G;vggcer~V#PSeaQBFQJ%t+K;j8k96O1~4$J6yAPH4>(<
z%RxoR;x!6~R~TV2N6X`Av(oDqMIa8&bMV00P1hT+OMS!mr6p4(fp6CA^(Kgez%bFn
za19h5JIZR+dChA;x|6x}|9W_OoNZn-?|(gP?su~V%+$9tWR3q7zmb!4zs^%;kK)0#
z%?}&Sx?OX&U3&K&!Q)>4X*n-J22p%>S5+?{QKD=xDY{_6Tm}~T?+V^?39aG6^(~Sy
zkXiMBk}t|%P(#b0`?(+@yaIHH6o)JDhN+w^7x3|bI5t~EZFC{4>f-#{)urC`fUp=c
zQqf!%7d$BLT!pn77d$GhaD_vTHx|lrC=|=D4zPUAS*in;Plh-GD2#nq9jDMVX+m>0
zlsmD4s*A=OiY1R|q=!tu29Q)hL{ADLTM04-P*Ee$bA5~8BD;Eo)A0x;Tpn6e`kq`1
z5A;yp-A_eAY5;8JLPjq#bSQ=CdkM=)Y~;K09dD2s1E~^+>cpwgSgyGWL*YjV8Q>;|
z!n^N~?H>0vIJwmwA5F;(2aqE9glZyBx3(xb=s7CIzAkQfA7>A%_;8(j*GFFYU2ma=
z3E?z!50(FE>Q5n&yJ7|AcV!6Pp?J6#m!PAeocGhWN(5D3`li&{DLjUn=s;+R!$}ok
z{!om|1qPnTiuGyKQHu`dGS<Bt{XLeFstI{IRJ@lRq)K@#TF;}~+b!AsL%N8Hcp7Sl
zcz6y$)5>5}^Gdt#3zWMJhQ@;&7{1N&e;&%~POFKsR1XmDb&Pz8?szD6uy=ppdak?P
z9jFH^n!N@KEH8#8m>6VCZZwLmBitq9o876#yi;X;EvSixhlGiT_EM?@)r5UaSFAwa
z9(a#(FbUuO#xp%W*?pk5O1!$@!EHS~Z618=F5t3;!ngD5eO{ZsIOdHT*-*8~4dJp{
zd&%X89Kpy{dXS9cL;nDyGc?IG4EP3iN4LG0gtO=d@=QLeNNlrQB5rG)Jo6AYtkZR)
zVAAVI$c!ykH+uvI`<6eTKQSpu&_W_H?^Y72zY8Jy+Gm@L9$(6CX^Ll)<65hW7%?vN
z2%*WY;C2@Trnr)>`mYUk5&EQj!iVx97`}`ShVspQ2wb}JCK**If~1@rs^Yl%vO2R?
zpdWQ7y24+#o4P~dXe3zr_uWfXfAK4iOV>ZLE}z^vu{8SnDi3~jf!?Q$hePol_FNz6
zQIzG(U9HY`y1)9nU7F-}Yn>{Oo0}dv4~m)PHT+=v{M+4kV$tZXCkE|dkFUY=$jEJI
zLEO!VLW9eFSIPov63UM{l-gz0%W*Ev*a+}DQc^77Du?n&p%S>itKZ~Jc-VA{_rA8^
z*WVSv+4>m-f!zD9I7FT@<ZM+j40L;igBS`!Mt}7Ul5r>mpAeBhL$ECR=K&&fd;i>U
zA;xCi>D&`sG=!x{vbxn#XhKZ7{B;>Wv=1fUA`W;c8<^6ea1gEG9n?*~<QKT|b(P;=
zR+S^Y8wKutanr8)T~6*#V>=&VvSJI1M!UlJp$)Qt`GECA7x+2li%SKNYE6D)GvyU1
z;#CC0@2_7W5r#5Myj8fo$Wi3KdFG!2KVKKcW$aniF43m=TY)^QSfPocIB;Yuzp52W
zR9Jw^+HGUKDpjl)cVqlkr7$m1s1Tu5r~qkEDnwAFC}Z<@4&D(rbw=XOR#gRta|bDt
zZRIr;-;pXMTx8VdcvqPcBR|+i7M=znWh<AI%U$p5gb$!xr#Qo{_!@<yTd?Cx<I-A*
zJOWiy61c3W{jcKdde*(uRf@zlPR13&fR_hs;hW{z0NAdd?{{%!bD^&Aq6|be&rwkF
zL_Db?A>w9Sp=G<@oplk^^2h;rAv=^#;Z>5$SJsiJM0Q|mcZE^QT_JFUz*UCdL;o?^
z{U+$}nnu!jbgr1qW5tH8c|zyDhJ|D{d)>{7NIyrA6n!-tL2>t8(d^}m;Gf3aiRP{>
zfAhfe^|`_xC|<j~-&eEu1F6B{ElQT@Y9w7u{!)d0-z4LYui6Mgy)W`vrq1qQwZ0_a
zS*iS%liRzR5s(4th}yOF{d`=Vk$#lt&%<x~i?I>%urm?X*<F>Kp_-Z$Ef>dyJj>^g
zk|azj5Ar5=BDu-KCX7Ot$`XqTR-zPKn_vJ?<e&zKmqC|i1VXy>oKg`JJ_dduSrnT0
zEX|*ei)UsPO#4j$q;L!?3!kb2?hj-Y|416B4S}zG5q#xs6OXNVDYcN%(`us>j5|zq
zw}fBNVqfT8*BNpZWyw+1_}{ayCzMzpAu~2N)d6L|g(Qs6Bf|V7y=}}&c<pqpABT*f
zXJ-0zo#!1+g>eXss!!LF;a<9O>8SUWh{KIf)BcMDM;iG~TJvp2+53-mH`t;P+5YUu
z>MZ-w3LQ6-bw3g|TjN|?{xBNCMscLI)$qlc(d`=sMbnWE)nExiC3cNEX)>RomdvX|
z_KMZ~U#jtK-y#!1e;Al<mFH#(`A?PbRqzpMCqK`HrsgSPFG@;^;AJmlKsz3M<lp0z
z{$Q~jRh7ViT$~?l@n5T=lIxb((vW_P<9><hspQ%kY2ASur;Q`pX@>d?<01@LCIjWH
zNVNMCn^0KQL^nv0$JHEf_hY?&MuR&ZqD5!@5Jy!v??1RGN&5b+&#bt8+HpI7_<jnj
z{<Y%|c7y(j@3=o4_Rl2D4q8cX%(S8IIuncusMQDQ)ISb~`{X)LG^y&b=4U%aZ`#Et
z&-%90<J~X7iMGDu)0_3@HfT{l&VDddxBJ_gjKB4^dcr8)3pwDyL~?)r+MYb?|9ODx
zhlfB_mJdvqx~<!RlZ<JNujCZZ_CvtGADs2V<$xl5U$HgM9D&am`>D;WFHl`^v;&=+
zEB(`0zVJ@Q^a9T?rB7ntN#Xp&-DGh!yy^ArM>jNmMeGtU$3Lr&u%9=g|IXjGPv23j
z4U%Ou%r);p+9a8B_}j#WR@*O6$0DeI)?z$HUdd;okVfGtv@%_o;nS0j^xBV>_@7UG
z+7lGi;Vh!)PO;bN;h0}%4JRGN&mRX;Sb{KOq5g91$NM1-73$bC<w^+2%k&KF2!*OB
zts;{UxNN-w6J&Yx6pk7_vFR{Y8lCXcr0sO>T~lJ-ps*lUJkR&*O1YFVDws4!n>EIY
zUHc&VqkYg1(03oJX%Eva?0R^{+MO0~0@Gptwb93Z2l1Y(Hhxzu59!Zv|FzL0ImN$S
z#g`4|nQ>`h5HWsY1i;z|i;sHv+qQrq&|9uPKCrl&&P|cs{<x^Gyb-!W)2Fl>o?;k$
zKqBCw_Vfc?)nr(Inb_N&;Naf#f8Ivhvp%`je;Hz8WK6b1y-z-NgqgazeR2J{5j;wI
zq<Pg3&q*jBk&UW{#xwSW%rBoSj9$12+<Wd4A^6R6oWj$)H{JEWx8Cu5viqw~#sC4}
zJvk!l{yK#5VX<s^dNBVu{6IQfXlQYeWd!a$BJ2M8`B=tys7{@?KYrU-<SZUZ2t_R*
z7L~^bw(Ec}uOAAS9cLYe;sb>vjDZ*b)G_%(+c??#9Z_CnTpJ&sKIM~H_ur<avc!Mp
zgET&O|9lG5ZhZOmg#Qn^xQCY_v0%*Qf6yM1^Lc`J{>Q!iugqh7noqqdf7sKunA$gJ
z1nD6Dmp7*GtIg_&9*dLWcfGL0$<u-vk~6WH4LtSW{imr#2h1&)mjA&9MGwY)*~t+b
z{ZG!l*Wy1OR18Wm^Kni;-O$j<{uwu6$oTP9<Q<sxh1Y-w5ptO4%^m!8!sF(hoS=zj
ziu)YTP{uHrtnM=K@!wHUN|wu~>#qZP-hZAwulAn=FBqM~f8J=H8iv20mC<+hc<=o{
z>@(%#$8$cy`+Jo3TRm*X!&c}0d83Y62PN_Ml|!hf01Jv!^YSc<JP1i=DhSMfiVz#F
z!_fHdZRLzre_xWJ{`w<s+dr+3==mc|%}<gKIV9b6Hg)*S=1fVZbV&ch8`d>}+=<ox
zr*q%D;$!2B@Q+*YKyoi=^VdT+4C=>$+<R}U4Tsi~`KKRxIqW_W&WR{eJ1a2$e1L}U
z@$lo*s_*^tF>b$zXvdrV52u8&-)5^|D!d3tnh3X0qS;dv?5Q&+Hc|r(&FNHDFuqyC
z)YK|Mj>6gh^Vxw~VN;3}#Czs%6w&ZC4DK)n_n!UJy>7BtwfZ~t^LD^NiGz`((vehc
zvIeTXJz!21h~YmBNVT;olB~t4v)=G8$44zl7xA>#Gpo^CS@Guvey%{>2+_}ovOz@1
zd{K@#BuTI_lNFYF|4>Yu?T7BVzcJZ~p{iaGRsb^Idlzzl+Z*&l`b+&Woq_@DKmXM1
z8KL^?*K-6c{QuF86ZX0bQRb9#9!C0fc=#ma=?78;asZ?>@`yhe>O=ml8gb#BY1))}
zd`FdgVe;Q<9u6<N?bBiRf~0r@*{_5C$GJWuKQr6fsuE9We2a!bkgsHoUSconVeRr1
zCk!?57vW^!_RdRr7Sha=pby`f(yK%3Ejd;`iG;?hhaej@h6L$D!#{6<?h!;$5fXct
z{Zz61aZdYHym?bhHH>Dz!h~{lwzH+zUyhp;Su5x;X@61LFz;IZBZSd)F6|dn)HX2i
zeC3X$7()YOSz7ufzE$IGDpOyK6{nEElB?LW>83H%_pc{#1ESh5Jd(DdbDo}pu3BiP
z{!4dV=;Z$+>`itX>y|9dxxYn>FDR&Qa+Y170#%ij$jBTAD2kHkqDWnlba(wvU*B40
zw)Z}yZUo>BkL|v<-i}-A^_lFC6MlkM_WH()z*5@rBIwzEfvl}IuMW!?Y~qs{Xf5lu
z{>l?*h12h=oJbgtch&E&O@!E9HF3nrHKjaY+(i{%G;VE|!L~!vC5`j<rr>K`LUpdE
zD*n+&x&f%Q>Zw~8DO!Jw1#5+R;%+536M_EMaE8>uH1Nv0RnvycbWpxO36nZ|jh33o
zq1VL40uw1^Z@K(vy<+5oOet1KBIT2mZMqgdPT-&rZfg_DP{)aSPBr2-+-m3(83R1G
zb-sg59@cuY2U&XE6ACV#y_!sHMPY5CNci@)4cor9MIvdpd`sVC?V9bBHmU+|yMtLF
zNUGE^E4FAVhfJK(;<Z%2gYD+EtLr#9ad@{vk{M*1wQ^ipaOv!`*(=)n5-GZFoY177
zSskV#DR#4}<xrU%oV&-?6O4qA>d|>g(%$Ct519SR)5sbSfVZX2I+t>=@%C@CP|aDr
zWpul`JPD13F)1O2YVcNoazjet8J+Exv(?_h)?DbQ6#^j`O)wW@xW~yyPi5g?O$fBd
zb}471ZP_8Q&kCU-tL_pY?ayjzWUw9gs&IufAq#<+S@qc?5uCePEJ)rbU#ha;8A?ej
zt&*(Qu5vQ=mKaa>?BT<r&ZrsF%q-lq@Ft)Lx${g|?P*#=SpCU#En4jbJND*Hf7@gQ
zM_K3qmXdkGYxz)>1*Mn!C;BQrZ)mL4boE6Cp@bJ0I7_>-hvcsm-e>pf2-i5{z0oeS
z5|PG+bdeg-_Hd=`9xV&gMkAGAA{fyFOS1_X^bW=j#?~pOCtetl3FwSi8^p(;UM}7k
zj4`+-B-H=3wm=P8ra3+_SyNv2xCC17LxA{T#eEH-(%Lqx`hO`iR}SJ4)n#QY6=*U~
zdE{~{wVpjCF+rtT?{Qj=`>$zRH$i_dY>^&e-D6T4q0lp6Q<DR<ZmKH(devFi)(*iD
z&iFpxh)ffQ(ppWCt!McqQRB#7ZujXZffCvcV)~0qIqyy31V3R5YjAiuW6t>+Y=AGN
z6AmaGZeX9*O@U?HHzqx87la`#od;?84CUC<<^(XiKf8;vQr|w8EyW10+`2_Zc)2Vi
ze#JK_Y0G@C12>fVqxdT49--`nNU30}IBIcLd*aX-l}V18$z+(UB?Y^%9&-ZGpgwC}
zw4_Qqz~!;i1@QJX!fX86sYCXU#rvXslaKJ-BJLe&^9|W~P5llF@hottbBQoa$O_Fr
z=d%0%f>s9*vh}P@)z2<TDr?j8w&H)*3iiu=8H%#FDr&8n<V<r_OsM+Q?LP3G9}YjI
zK$O*>ZTuQWJ2>Fz9Rch!F2|xR>nm|f)6hgf)bY__###70l@Jv{wZm(Gce;^V?)O9B
z>JPG=XwdY175k(G{?fWVNFMcbVh@XdQV$p9Dp^W<b#Z**jwTGxAL)bbLW+<o@4S7d
zT}pwt!?n3o(KW|QXMIQ_0xZ#T;?~!7@$<~4auX9)y;eVM`zbkWx`>j>*G~+CL4j2D
zP3Yt&B+a{}xCx|?CRYzr6Ql#5pLytR#hm!b3mM?wn_v@igcAHS?jbopQa(HLc8fUS
z0FWAC_}B0*<?{uzR$seP*LMaWzvG<fHcL>j3gzIaLBfla6m2sP6Pu2Yd*y;<gaHM-
zsH_OeJjeGjX!oPWcp<l3l@Z>q)wvXGqQSN(auJ6v%wyRCo^jU!4=e1T5fFG27`ofv
z`-+jnjjCk72xZkcaSD7R$B3RP?_2^2<CF;#ho>~;yOC}*BNZH?J%fd?P0nMkoiGMV
z!*C`FbYGx%G7|jRl$kMk^{Pm@8ERPSX>+iIu&TJ=2({dqsw>ZgGqYC}wIm1x2V$ch
z4Fi|Vo`Ioq*(LRkdzeEi2K0vrs3D)|+0Cq7CgSp{t%~n3s*Q9I1{6g+X;*TWt1`J!
zuO6~>zD4rj5n=8Xztv0n6E!?IV$IF+g$+CnJzKrc^39d#I$&0QIU~ehd(GofvI#I|
z+3uEbAZ3@O_V7yPGh(=X?GU%tT{Wb8bG5&@bD_6cNi!|JCwklz+TL6>d>LEQ)wztH
zC#A@1%cQn8J#x-6P02CKDfu)3ZGP2-MtdJ$G=t+9w;$Kq&_2#7lwgaO9E^9D>yaz$
zY5@lh&e#FDd>pFYbs?@1F5voJMq*iI`Z8+Ypl|WEUD}NIr#w(%8Ju?Km$tAou-l8t
zGauF2Yg_qH%gr@-a;r;TpoV0~cNj%K_OaPz0r0bXe`*trB|$uh%`sGS?solv`yUF)
zjDHek3ma)Kf)f->UJj)^cMfh<Me13>{wEHq^V@(63mVUpAdk!)Aw=TQIFD!1@VMx&
zdQMJv`3<>#5Q-mt6OKNEgX|ja;+j?k&v-WA_{B=Mkq|2_{6F0)#8Ot#Vtd@mh0X}n
zPKFnIhI&p#iR*(2_fWrJngl(7GmvRvCuJ3$Ai2_-R3AAA<LtK?UxY`^_w;bBA*V;o
zgDSJJK}^BW5n_3`C4!1qOX=s4*mm9onj5sUe7)a2h{%abpzxSU6~4UEyB_GJa<@zC
zUZij4mS-zZ`Q?3FM9wMez`mXgr!{HwKo_{V916(eRkV4F+mWhV&~nW>j|UF3`e`z6
z83wI5Z~YaWJ{Kb;J13`)fq!AZ)TSJB3wFet7mMq^HHSPTHcue_8py|Mn(5tK4L}^`
zs;|U$tCp-uD%f?O8u*Ov@+BSs+lJWLT^M%Y9n!;jCbFuAd*GZ~xlzmk1r#b1_8gJW
zz|nfxK-1_k?#w33>e{V1k#FPg$z#yNE14Kg%8#{Q-33n5`$qK7j3sy*i0P2@wp=|1
zwsaqe&ydD?{bs%PTyH*<*v+;T$et1U_A%JxfnN`$(H+w?-`~ayG^T79i?q>s=-0=7
zE0yE@F6<M;<BB1IZNa$kDxL>!tf~SEEos{VOwif_XG%k73hNk3IgXO|fcZGtjxRc#
z$47tV#LOPGmG3e~E+7h<0wwM)2sX+--!|R<Y42-Tp1S_P4V38>w&VsM0t?QY_ihpt
zN^9oTL2JlxJ*pA1r+SDE>Yb&`?{m}Z;pP|j9hFxoMTJ<n3!L5A3xBzf#S`q~^^4;g
zcY#9qW@{)WqUllYGZY|I3HU@?*xi~BEx741SV$%OZ71JlBNRFcuSk61R&X#>yOZ5@
zw32~Yp;COMs$ru^ngCm`MK(!KT0m9&(*+jc-1XMut~jQJDux)mxYuuul|N3LR(R*A
zJUi$4IW9N67G!Vjztn4aE;)<(FuF8-2wbIr$zup~Q~o<a-tZV_WF0ik<$(^50-n^O
zTEMSHUg%PE6A0G$@jT$_%C~~*{E2fH*I0}R0oR9&B$#6aR16PXj>Z@T%Q?Dy2=<GL
z3enOCsn(}1U_m3pa%^Qk77zEz_h4NmW`eSxJEFY0GuOGk0Cz7w`Zs|SD%<X0d;?SX
zR$FJ35Iw;&(*#<$lXOSQ*q1OIUJZSp4X&Mn=KBpRJ>ys5chr+v*19k6M)2chEnrQ7
zqU^Dr1-3mPzWD*Jr}(z~HvrnRKYHkN?OVro@tWzOjxVsUSVac9F4A1HhGR8XJxGe!
zdj^$%EeI^exo+eXxQFR=L0svbcE-9b*o{sb;ZkBpdI=4viM$qaO8|&=gX(c#!?z3^
z%O78dcmAlXMh?<W5YU6~U}0POUR)_vTwi}}-{tgwkI9=)JoBAk6LRh*i)UEBHpHqC
zXmtH0%qd`>?{UFvbb<_1^q@my829%UorCb7lU;rNf}CC)9s?Q8W|PI0y{{`YOTbhr
zn?$Bs6{FWHpKcmsb|}=n7@tptu^eUGy+52QS2nZz2nWUaS#vJu&92vs`4V)6bx3e#
ze>~#~DCs#It>L23?OZ(Q(i)Oh@AAaO=JxbY(>SswnOu@<U{a98!JX_RX*x8bpDUFY
zO@EP+`I*&e3E;2}TEGS@<d-cGFln<BvNn(?*D0RUI5^Y8_}39Q7DygqDIO5$c&-Vw
z^<&Pjb?Ic986LH0(P5W?c<Pg<NzeSi8$AZb!uIJ2joPxen+~sw=Hf=TXNRYIY@Lh*
z>N2w%EG-Jpa<ASg&B@ZGj@nSBch#2MLrUJ#(8)UM(^BP=Sw4uz+LC0r*7?t>#MES$
z`4%%%E#Y;&^$sYkUX`lU;OgD#kRO#(7g!jdYawe#$wa2{$%%=8E6+~CBsws5aZvC_
z2ykdU+7J-d@%%5L4yr*>$;qtCdC1L^?K(Jra$`26;A+9EQYov=0<sQ)fX^23V|Fl<
zKE;-C!Ja&@JSP>{tBSjFhlf`eh4FGvgaQK<ezAZuFDA$^dH`v_nH7=057eHl)B&LV
ztP%#eS6;^^PH{}3^YeztK-KUIp@UhEE~@CFK*DGjn0z%NPy&Yl_ikLmeJrTXv)mG;
z!y57GB0I<_Z-|zGm)8AL-RLJn=La-$?q;l;w7)?440qRrQi>-nz5-kcCB%)S1TGe|
z1M$Ktu=^+IV*9dLF<B1WnX@RK)TgoMNM*^CEA7FLiV9_R4`OzDoy4aOV$NH+!#`xH
zzi6Bf(U>$g*_z-h9#386#2D8}!4oclK0UzgBYwBktRx_nFt|Vyn<c@Im_siA4Nhq;
zVoO-CT!F)rT8xOEstdARFroyrzPKkJ<E7RTMYjy*3Xx*OE+k4?)ks7nLX<7_S0r%(
zD<*m^)i9RC+36rBN##6ES=o-@>?m6W<HHLa30ev_A}lT&`MEs&VgF!ChY1#LNmUmd
z)t-(i`YL#{L)X@?@q+j^kILH-;Tmx*Mwhddf#eZ~y`a0o>C|dmw^14LnY}#c#RDYY
z)~yWui<}SK**5TId-%1SGZY`-IFG#{=`XN%-K`7X(9sOit0tKgzMK6r`@>@A-0)ZO
zT7okIF1^ia23F;oB>flA7dlcf1&<AH?Dt~*e7@s3b9k69L}DHuN6^g=MK;*4XOBYs
zqEdlUPULlc0M`OERD>(Ydx6^SM_PopGx4q=voneUqiis|8H9K926{wMjA&B$O;a0p
z9lrlF!wsjP9d^La_R2n<8jQ^>J57%8m{VIkUDmdo<zB9LQL<1)rbds|q()C!exi!9
zm|+!SU(l_NXB->7e1bfxvrtzxuwhORxpXKr%o7TZ=&~FQg-R4mvQ1_$Be#=hk9yZB
zyWIVzv>NMu3u&7?gJ)VRi~m4;*4S0&kRNqShQrfV-3o;OUu(g3>pf0u3=hw%9c#Is
z6Gq%q^Z+-%>cNX8_f-rG&8rUH5kh@j4aryVY!;Kun^-w@tN^xeDnr+*eWs_V;oET?
zh63PE+mD&5_Y^&}thFKgto>f?|MIYq%fo5W`|{OL>aG<464_D-1-xFCr24kQITJzs
z$R4!iPSYA%R$pLqwiN7jW<y=KoYtOp`0KCYi^G*@a0m(PA5uKc6Jy7b-U#9~@uefS
zFaTFb3{wi$dEo9L-SxeIrN55&JoW8BSZ8>PG6n{ViUCB<mSXQXIJiAcF`fwFz*LN7
zaNuSdM?ON25`y?qK;mh_^;J?u6Yv$jwY-j+*0F`F`}1qI#R!7qa|*h?IL<}L4Rb0%
zP$tE15zQUty(PT8T4#30hVF3Cb(HgtAc#jG+?iY;jhvJuY|fR5=Ic|qUtNe97tmQ>
z1S9-Rg^V}r^o{*cLSS1BzFYimO^z23Z)z58UPfUB8ibmEEHr`YYO+SyWmec=cbb(b
zi@yyHjCXg=rXe8#tL_T)_!6)om!t*B5zhHlMnZ+HpI*@;4fn3v<{Gk+UJm(2o`cUc
zsMSG;=(sECsA#g5x+5^8R#3dK4t!n@{ojGuhh!)xL~Y?x39rG)dyb>zKA2;;n?dLq
zWsf?yoBhn3BYz?-?p(ou)C?oAI}i8GQ#e#!?jGEL$6~Obaxq3w&ie@Z6GLereEjOf
zOdEhA^D&BfYk5%~IBo>j$@fP!>fv0TU8#@EWb9m30hkbatt~vaN7vEI$y$dUh<DZ4
zf(l`(dSJR~L0*NsraEC%y;?4PDMw$874}eGS!%WWY7?c9yRK>g-qMFtASzX-z`NVi
zoNVyCNrpP_VQUV>``CKp=m*zyths6P{yeXhoWiUxsLNJootfyVD4L%C%(ez7d{tiq
z@U=B_J>`o0_$v#p3*4V?QY~tW`JI--hH;u5d6w5XmZxXFMZ4iRFR;8ahkQ6vJ;?{V
ze;z=HyVsf+q6^M*o(C}Qrn7<pcy)epIrjqv8LAEsX)wlpqjxyQI**dg_x<{=xIX>)
zjG1@`x0u@vxT%{cFSNcz<c&x3ovq!MTWAy=I3~ygx_$l3FitJfAcVT|qZW%BdeD+N
z#2+@eJ_FGYB{ea;;ffURLgAS1GGEISxHKFkrnI1W`iKjWa7_UcZ0TW!{3j|6ecK@D
z@RRF?EVHR~X(#F!YTRLCk{y<jI(VETSNRzHm_3qYXlNxQ)-gZFMV`Jdviu&5<Gb&=
z^YT6THNbyANEtaKyDq+iZaJXy=?@1am_NchO*$)4s1~RoR6k<f4IGu66oXkk(o=Bu
zjPIsk1M93~*%2wBkEDQx`nFU8ufs^={bZqp5e^j>+fPEkDaf^m-FVJ8<zV#-tc8Zn
zP>_K@6O*pM!xomdM1e7o^0gx6rh*l&e1UEkN=nix|5OKk=}QWu*eJm#xKV~3kwrI{
zF5uvdDGxwu5am}m@I_P-iO=gTrb7fh({|@&N$}7`5u}k9`;n(|D$D5)VB;3R2P_Cr
zHYl)a<h2iAW8t=fj?I#(SfoQQZE!n6p@MCn_thGhe^k@v1LZBcgGtd7Q=vF17J`B^
z8>Q4-e3xkTs_zqTTu?(jEqLQ{{~*n0=i54OJg2S3x*iZTC_xh#O|?O33YWx161f27
z><J`Wf(Df_)Y}rO#f8u_f0RnE3NE#CvbYM^5}A8gRvz#K@?S)UL?+Nd>y-!HnlG6a
zV#ds5M*bp{EWJOYpEVlL`pjsym^$j-(3xi#Ft9Gs2^Qo|n~~__c+Wel$UmS-v|PaF
zR}31$0j3<l7JN8fkXb$dP&aXMLgrRwn$og8xE2(t6XD3`p-w}PA-bMz4{?7KjkLfu
z$Qy8gf{k)Zq=^m8m@@p+)in~-*WIrk&`1(L1G;+fm11!THVgwnH`5NRR^bZHq`t=|
zL~cz58*jhs%vXpoGP>7Es3gwO3g%K*%)ivPg9rxpccpLNs!h%cZ6p|)BwD^3ef;i&
zB&OjHp^lu(&GX7c7Heh*{!-&crOaw-DsXMc^Zf7s<R8P>FAOjrA%02X?O%HN&B*JY
z_(kIKiSOx4?h@&R8-9!0=lYD>(_c9r{q_m$$E|^+;#MD}B*I)ofyH}EBSO+#DnJ@+
zB`b<k&%lRV0mHzG&Z<S_ILj!%V=0B{Lm{PsR(dGwi*RXhcH7q<xd;lTc)?QNu77?u
zMRe2yvh$^X*S_2FEJ!k@h}zj&8;w`mG}I1-m6LVzv~$$;@V1g`Txsip${cNRH4QMH
zhVj8F?AbmJXDc*3CjcTS5!<5GWZvAs6>bTs=2qXdr0vrRiU*gyksxxr`!#-toN>rt
z0b_lCB7~W78X#45Alg(QtZ0>lepUZO?1(PN48dR3(xmzY==TZBguX%$&^M@K>MO2n
z+T!>7@X=ydDWorniyd|Z70&8jknwD}{Azo6ny=z$!pUIa)@KB8&{*8^YWF!`u4hC@
zUm{xf5Ot!-<b)Jgaf<`e@^_^aRE`R^ebzf=ic>n61qK_#?#H(Rnm0hT1)jmqOW7Tc
znxRsfu17IO*8PxYpSiW*3M=Zj>vMnV-H-_f_0*+Bl<FU=_now_fWn_gug`@D*G4y5
z%J1L58x2AvGwNtbe=siQCWq%Bfuv?d9J}N6ci7ALx-)kOyzV$zDk#`M#Q1N2tcX>w
zNN1sn0Z}K&uwK_lp@E=JI_r9mG`eXIgD!kN>#hdt<cm0hr90#{Y8LQ}O{(`Y-B-b9
z4C!)~<LhztGMk)pg85d;#;b{br+Pri$ItZ)U0qLwbU_2Sds>0Z=NR!AuMsHo7jF`=
z2)G+!;@xo)o>A18r&$V`N!eOK#~05yJm{&XiINJy9<5*S{<;;I96Nii;fF$uxNnz;
zsD@N^PH-IRYrd%nw}i%3?qFYZ$l0sRI+PP;aLdOb2xWF6qYlu`PfPYZ|5+mnCwn7g
z#1PH7rtFjN429ctl|Qi|_}tF+hjp;cK^P2&T77?sU36J<!kU^_iE5kkyuY4lE4B&E
zQF5Z(>+1)Y+s?Ql&MXs>)^_646<DVaT}~fzz2lk<ato~c4UO=G9X_@m3t?z;*qbjc
z@+M4^P-u&c+fciO3+}o;@F8C@MDD;#0~j3FJJ2qFe?I%}xzdH84(!&U-~>UPL#k%r
z59QdQ*B+q*QhgdZPn1013unGT?LRl!%~dtR<1a>~XQoyeJPo6<RM0_w7M19H%ywZ}
z5)dLpl-VV^ZZ|)EZkKD%T*G+of4p5>%G>^4fqNywn5Q;0svoyK@h6ps@BJ$Rtv&Pv
z8ps4Dn6uQX+b<PAJ2vve17cF85D*dldv8rPQbHbi@=(Tz(<L%E;o=vfQlm#XC}%Vq
zS|NO@uJ^B4zWAhEVcwgiWIZH4>^hL-8}RB(5eG=Qv4@P2(VK>5gQ#9rM&3gaD#{D9
zul1bsGhW*mH?*!|28e~DPC}e@8E0mz`v|4UmT0*P$wkf|6J`n}CkDmGbC)$R!;jCf
z+;`V6(VA7oPQ;yfC7?GNGvEYEe(?|D5!{T8;OY*aG^W_DE^~pQpgwce0malvsfb;%
z*(}%RZWy_Y+8y9#uHEvQ9>ZOL+D{UK9mkZOq+F_vdoIJHx(vTm*x;jtD;2mw$bAIA
z7F@xTj^HM7FLN&pgK)S#L_^2<?^KThtsd25Jyh%%j^Pi=kB&_*fYkjbW@NFeAJ7?k
zLlBNN1uU@?t;g$s181g^CQJ?m>8=D&Kq4z-0reK4N3Y0jgXxHCXX+Fy?`X^K8CFEf
zajoSZkQ1mQKHCGVIsT1(xD4dus^{PUAdJWB(>#J2@PGnZeC*<a*GD6SVM_5ikh;FY
z1PT>g;XZr~NCH;ZY^vWpSGoYazX|iplKyU3!X5W9pIEYlKM4@3`ur6Jw(e247`fC$
zD`KvZ9Zx>5h9RMAoXKEmdMBI#yF*vo0PYocEUey`2^19Ge(T~KdQU%f)(y^(QR=#K
z)%n(v;Mw8G(uLZ;MmqEo^Fn&nU}401|6@IGlgopDt?yxWFYiI(01Z8QxP$8p$n=7@
zFXw>o3De*nEfZj&kC~5+w48wzwk5+tK08{kh(S0%5n~dDV(e&Ig1dOO|5(gE{lH#>
zq&YS-4o@Bl2B|H_xB_IOxzrb)>0Wt>z03_78Qxc)xTTyOJ|IaW>6Vm^A6|34>AU*K
z&RK5{<LD7L8N_?3rf<<ET}x%MdB9<exc=b%OQmytavR20zWHGUd!D=>@E(8j1j*f)
zEi`U)fC3F)FaK0f#s@A;13$j@uT3lOU5=U2#0o+S9UWF8VJ~G@1{$HF%J`|5*QZz^
z@eK3hr+*Z1k)#2-Ymu>BWGv7kPhCcS-t-~HAzS7;;d@!VZRVT5qFt07-72KdhL`@I
z;%nGj=;Sy9dLvA_QO2utl(Y<lKiK%K4|gCbh6=G!2d`L(28hjldC&S8M%0&BZd@JY
z7>OqR7m6vV04P&)=j35~B0jDO7?~3lknp~0g%`JH1l9vvUf+5(nP<O^Fe!*u=Z6JE
zbEu{q0^G9Od*%BK^QN;-GpG~8{B*L=311JF#1u?W2F<&_1=);D3Ro4_&=s6N!?qlx
zM2vD6qv|l$X4ybNZ|{R@<06alp}1vD3RzARaJ!2bd>3GZJu9J#<Pp=?>kY_N<t}Op
zoGSYoJUX{^2SpJ%rH}b|=sh05+AP19MyYZhmH9c%;RX<#|0ODUxO?!19jf5AERN3X
z;=Gnx)dV_Td%_UMd`s1>+2t)Z1|AD(>0Aj*y#l=;f|*04honBBFz=HPxvg^`HO;4;
z@2}dW0%_~^u#;f5Zb&K8HbQmS`#R@Rx|}U)T;@c_%v*yOE=Mbzqp4RC>M7UQU}?2d
zaqN>z84E>wDk8;hVq@>#_Cd#B4+~y!l>U4kx-f)|tiHCgoL02_)M4x*bDz3Z*E}9w
z-cBggqpB$!MAjY1)=?Vn@4{P)EQ62I9M&oW`(fNNnFhC943EpJhdPGpR)qmYLunXh
zaRsnI99ja()cA6i9bW4}X|IbYZ@|C9V!FK-k3e%FlesYo!pnOTbKxKFI_tWZ)gOvw
z5gf;4b>=d&nKICBuCSqpR7t%+67;@!feM+tQCix?20?#uAM$exx$!AKJ*k&_fgO@F
znj1@h^K-b7IWCc9v)FN=SqPH3LQ9{uR#T<@nUrM~VrUpW_&h>7Iivb-fNnFDlv5vz
zh&3}=b-6InC+g*m`zoFi^(@~%u(3nGdJ_m;gOIS^eu=*HPGlM~tNFrewm~?0vxb9q
z@X!{>P!&fazd(dspNaP+Hpw`$6+QZ07oN^1ywC~VGYRTw4?;#bF^dB_enaE<!~5~R
zY8WapS;;2;oNti_D0+Q~_pe!dK-R%`Asw<W;gc8qQ-%WMU_0|2I13MnzJ?w==q*^S
zCulR~V~k(GVquF2GobGD3&>A(ftx!>YdDn)DG^{kl{g<_eCIHpG2oScP*hY2(td@K
z7-T+rWR;pQ=h85Q-yFkT+Or^2+;=3_kB!5NO0jB^QVN$`7h&)Uu#FO~8daWX<_(sJ
ztHC+}WYwKK$M@$Wi?EaK3`Nu(A>zRXen3d~z7bWRG@)_wrf4iiXB~x$_uT}U1ebl^
zi{Ban-eB0epq>rD!*006MBT7z>IO9Q{eaS>F7;o_v%qMxbR<1)H&5Z<!8sA_Shd|B
zL)B2+s;DZKLfQrq`Y-O3<=BM_u=ma5R5u%RO}7lU`&wR$v593R@o2WG6L>#OPp-cv
z=iDg+gNTZTUI_`_AQ75SFnFX;?-p-|Cja!ewh=bUvRbjy!~=PN4b_RiZP;)jxeH{2
z=Un&546<;8W0^B<{3=}loGw5g{!@MK5!qk@=PM<O;MF7(pD?G8lLqq7Fu8?ESUJq>
zSb%lH<m$j|>Nu}wYse;EJ~MorjsDxLH|s--R+x3PIP7>$ibj^A&HVcKSmR8U9SzSa
zK!k|rrgL8XJbT__uu=6K!O?}8X5<122EqV;g|jVo;Fve)u!8h`mc^v$C=Hj@3&aCD
zk<o~uOga8lMu;NKY2#}zGC-?C&JkDjujYPWgoT%nNw&k&6VHmz>sT2M$C=~xObW_v
zYTZm)hR=$<7xn9`XENH?wfX@GlTn;T5;_Lf-_W5aIPz`cL#>pHw6=*$!zzHQIh1+b
zZ4Tdb3vW}iXXJ!^2Jn7*+Is|8wNYICc7ZPJPzc8vuiR|7Mjn984+XbDn{GRp7{8^L
zGnRtq0V90K!6gBKj(U8r1Q1WsY*2?A6D1g$SqXP6gC%cf>Y8u~KzNKm1^XI{hoc#c
zSy+H9f=GUP#sU1o=c{ElQOR<{eUaIxd0}SSA6X{qGauh5$$^@I$eVAPkmKgaAGpHt
z@#+b6zJQp;HfZBTr6O3u;3_*JK<!3eCl9;s4e{3XI!Vm?O@cAyNbpY`Dc!c5DR8)>
zxyt9_$7XrVc*1~*tH$8qwWD)?Ex<-W5~j>8ScYRtV`$y*YEwdL7mq>B-GkXD1g}}x
z<JFBsFLh~0W+&A`ks^d(OxgquHmzzTA)tB4KhYw&yu-{B;Hdcm)rz_fZ^wVuS^wvM
zWj_7+U;fWO|MP$UU-k80AI?qUweOzszomOet0tWNpJYd6E&uYrdmaDdU;m#f{y+a^
zQrrKWhY!KC{|UQ7UT0u!W(EK2zyIg|_W%C(`ubPJ+xWj_;gre$=YRamfBpYjpW94k
z>ReAk7!tM;T%hpdGDE01<;Rm0IdOxjL**$5y^j37{k{1&S){eHWWl^kwoH{jAg>?n
zm8{_zWRiUvh~Y4*zOI=Ok=^t9s*3RiQNV7=)c16DW*Ok_HF&3)hC~hIIQ8igR^Mk1
zr7gMXaYAto3%=*wt=0;Cs*OQROr9@kP-Sl6%naO8e`}{DyeyPam*;R`pe+<Z{~MRn
z!7=c2DON)mBTIJ@Fn+o)k3}{PO3(z#Fl8z&vdkV2;qVPSFAD`(F!Dz)5t)+6l(%E9
z(|->3&ULZ<B*^V%LWW85IHVL04#of_UdKu<KxQ}S6!g_YuxyAG9@Wf`jr>_|N;yhM
zCC(+K$Yat4e{hVqxqI}y!1U*2<IS;ChIj{K#pJ6GkuMs9<?V~&^r^ucz2SPqq3LO(
zgaG;DkYW-+XPy2cVPLkp=e&z+7_5Acx5kYW0D;xExR93xzB|nYkIYREnqm?SZY(%O
z`$XM?kCNZRZTA2}KA;+kvLSD3pwF+5Jzl7Y25OuL5;pT5&^S$RLbp&?0d1PDuofAE
z+cpe;z-ea)C7JM~lCDrfVD2OD;jdN1%R!u2zz_U^savpZBUj+DKrj@jj_&cd?7qwE
zOk`_wg%7X-ndu^jPa6bU<}Sfd(eE{`&bLtm%zZ;x^Y_(DID3L*OIY7nCSX())iN7X
z{=}Bj>=?QK%Iwb|Y+yXQo+b;mOnlis;qFtd7UY8^Kow~FGUF07)u%WHncXTWL<dEA
zh;R$20Gw;Y8eH^(MhKJ$oglENkpS<PFLF0zT{sdHuU#qV@pxLJuO?VgHBr(s6iM+S
z<FEHej&jVc>s-p`Geedmj^GxuFw!eo8`DL3gRkKrv6SxO>-?9<@3-W!$XzoTOA#uH
zrSns1`jGba6Ou<Q$7j=VzSav(cyoCex8|Gj2r1ZdTDcp>zG-h2_;d9fl(dWcV23`7
zlq{5MV(%=sjt1^<<L>dJpVR<nsIr4i(=ZGqpgBj#p#0HX8^jDb{<_B`bm{D=dLlQi
z%CC7*U0irkTl$>QdE3hPAR=J87aXi@1o+KJu|j2}#evMk{kegwAwY0zn5N(+xT*s7
zizD_IngB5If|;mmg5vU~GMP&For2?H<tY{3Vuxsh;RHS!kD08qcXf?eg+kJo=gFz1
zcLTg&OxmOgiT26eQfiun)^)Ig8T+D&*{R%bFr7iqH3hmmdj1`gr)5Z(1rXxnkfm`h
zVY&KK>SUf}IVuz+m)JYTB|STzPd)@<t#61n6jhS{7)}W0&s}hK)IcT+9X?aMGTHkR
z137~PAmSv;9y1Eb+hz6IE+Ba>IZYE6T%AS25{dCvx&K<M$rCHF9gxj#4-<(|hGs9N
z@0Imycrmq~zKT_*%H&GWd4^MsgDq#XT2gNQEBIBEED(p$%f!Z;0{sl@ff&FWTQN;R
z(s(Ky{u&-M`6rL!l}_8&L?|pp6F{~9kghRt$f!}q3f;9UIgBRg*97Cg@IwNy2{~bh
zDbqM$iTwo|Wzb@y30Cc03OCTZ{sl81PSDfYa@UyLn=iNtT<}dadwH%k0lF!5FZ!!S
z4rd>_$TatN^7v**2vRh>Kgg=%1YF>H^vC9}V%r647AcxRseGlI^)EN<wG<nc?_p%P
zHe)IOg78|Wvp#sme6y<3EeJQI_d=uon#}*DHpO3ZtKy1v=>Fo?N#19Epa=&u(iwDe
z{u-9TPJhvz<p@O$=ghFaYt3)aVAFTQMj7mO&UB?L9H9~!SW0xmnJOMuK1Q}LI~m9@
zR3mSIn#vp36`!?y7d#?-_T2)98uu@g8X)PmuSi1jQiY4D&va>sG>)&KK};4I)9V@f
zIPT)TK6?M@-z(m42kJowQoz<FWK`R?NtHZ9_5lqM2?jR9h=&lupJ%tXxBJ)GlFP*{
zArV4%cCs^gi46mX!CgD}zxRvKA?55CGDe6O1`Tt0f2p}4+b}q}l&5z9i=}^a2kIz5
zQ+*LmA;9i=wiXx1P0HJofskXV9(1Lk0fM!G%YBCchr`0x2oelB`Z+Ez8oU7;I(2i;
ztw6Tz&ljwg7ONeWzTSRx>~pezZ*FkV1gu)rb;3i8hUV_<5^GtO0>Zo?G9l&-sZTni
z3_9zoI7;2z$6c>#0|M$CdgZJ}g5=tQ+ZRz<fsmLts+l^q>mx4-;fF^}WerOxWK=g>
zU-XT7Yyak@om9vCtF}-9LHYMLnp|FmYaYFxgorGh|Nqz`RLCO*7U?fzVZ4a(!M5{(
z>wuESmPm+|Qza4^1yy_|cU#Lp;d7nq=DTF8iEE??Hk6*+P(h@VD-iM^a5Ozu2mDvX
zMvsI+`gZk@4Gg<N_D-sxt%o#d1we3{9)+V*&4Z*4w$eE&sd&h}DoE{h(X9GTUu*td
z0^jTa9=kSieS&2xZ)2rl1Z4nsY*TO7?M9w-lcQmKcXtp?;fq9K=;#r$)Tp-0LG=Eq
zlHHe>)T)Ec#CLi+L%^o5<_}b74iu~(eLO5uC7|KxW6iJ21mG~CcgP408;IOHNGD}G
zQXRX{K?dBfJqF76b^}K5KHfrK2{Q1+uH?2|FceYt8$?Yp8v0`BK<3`^GJRlURn`l<
z349K88kGYW26T4|3l7jQ98A%ji>{|eFPobzbvIn|F6*oV>aPQ6!v&d83PTUMso^<%
z!3XY%P_1qV94r=?a(_7JPde;&{FSfun1Hd(Ua~GHT}@KpqRq|dVNE9~BILSjERDW3
zgxoT!Vz>iv8v=7E<qkzQ7MH^L5pbXs$EuaT$%|p0Olvy(G^ITb+66%9ET>=$lQbB9
z<;om}(@<AQbG4I^`1h1&RGrPt8$jjxd>q#^O6!>Grt?jftIdOal7kPc=5am~9CX`h
zcI&C1=1)raB!B3&k3+)mcKQ_`C++7F-LX_*A8TJ@6Y=>h&AH=#mXsOIyFR9_QOa&^
zBW<@1&u)hj#}JW`7k#o5up}y1V?*wVHYU$Pug5`Vv=mI_q$1gE{ad%&;_m5%kjm`m
zM9Ivp4kg#qq(yPst$xSB4d|H}Lq%knfQi6;a)|oL1#8GEusQS&FLWs3I_sQ8wm8UV
z_z~*6B;nzAp|vWg=Ry<F#v^F6C2BJu=-x-9GUAGQDY`lh4YC^zS{f0myY@{>obn)R
z_qXKQDQy9I3aoLX-gUBC$}i$5ZU_jL_*!-+-0(MTh`Lo0{JDAxk5M%x0hiFvOHus}
zaP_L14(R8H_fbvMYPUOZND+N+7jSweE1GGO2th~X#KMpQrnjapcpr%@h||dMaTsWD
z6}5#OejMe8-UvpmP$Y~Ol49XSm6--{{dus@W3@P`kzfMim|34-nxJclUF;GyqplC*
z3EoFK5@$=~*3eqm-IQVkys9y+G*D{DuJ7o~O?old2|~jRRS|YMDA5tvPAJ69kQYh1
zvd17NDG2;ni%hvi-*G54-D;B_4+pk7Ro2&Fhxm^m#+)zkD%DcCPl=A<b+0*XX}R;V
z51)?RxJESqA<_F5HkxtU>S8Me_LAB!(Rb7`b;p1yD+Z2Qs%>8>3nH0CQZ`iyPkP8z
zq8h1$=M`47J}gHi-qN99tyvX-;lmVYn;sRIj<IFW^L~`MU#)Ej@lI=WHX^L+y*1O)
zCEcsxKsDyvR5Fh~p8iserggrh4$+lP6D1^?PG2iG9zsM-$Bl+qzWQ8Oec~P%2=Scm
zIF5O&j*Clu5C^Pr`i~Q>eV#T`xR^L<`E>oN%P+9%FgbIR$EBc2Lej{NsLQ5x7Ox$8
zCS$*x3>6*Ee?!Z5_2N@-GKaeRcEnxEp`P>?7k|kur~}m6MJKI=^EvKtUEL?$5&H4%
z5E}+^(!~#yrSbqBH&andPRms6lG7AaYQVg89FJ=wsyd6OcYX50v;lK@9SGH)3SUPH
zD`%L~(_ae<_4b6WYFyvdrrsUwBYKpQlY}8YNn7$LHO3}s<BOz<OVZXc!1C8g(7f;&
zOiO=yWIGHb^c@I7?E;8C0SAHzr?1de0{Ru!)r3&h-(4Vjr$94?Wq1^17y9ftr(|}9
z6k2hYSvsXB4Gm@aJZ$nbNGd7FK>I27kwIygYT}6;G0R9uoan);s{~~-#EQQWI!Gc^
zWh(Lw=8~rQ&l$>{X_cTIPjrOtSObESIe2*`1lvf3Nx59mZa${3VicpYN_PzCejj8E
zZ&>JIdO8C#P@D=%;arX6gy2;vse#Wr%QIT9fykZj$16s3g9I0MZ-$M5rey1<d?Ojm
zECFec54=r%*GTYjmfvk4D1|ah<f#L1J2wMrg~e<W0M~X;TbM~2t5|-5^=Cz)Ck3fd
z$V%Pc-B^uyCkFK=UrNNvG%gX-%_Q;iPiXfaA1h=qoddu?1<+YXfQ6!3@DHiZ`I>eC
zd&GcZOu+gGfEds*6d^dyGte1wAoa1qhLCW1;R{5AreDCuLv;>E*1)#H-q_@-1~0TL
z`Ig3hDpMDzrb<C5KhRqe2B*or6gLBuaIus>pJ6{q9y26}zo_gw*I0sKo`yE<%NlF2
zGyDJ+NZQA!GArjboTCE&eg~61zd#QgrCo04?&3nrja!GIUE#n$Hr6$cpTB*>-op)2
z3V(TP!#)QtT!K<$<oke3jeEi%_^i>R3lZNFD(`?CZ8@20#ijfR@X$4doB#Wi|4*NQ
zw8?}4%x4Id(x3G$Je|LzqgrG4EE+P@eEma8zGtY+tol*KV(d2H@}|((tlT|!0p5uR
zd!-8H_s%t>Jl3!Y<V?%=L+W=XLmd?tQ48F#GzjI=b85-)AI|R>O@Q!ies=xmI$Gjf
zcj)f$IRA9G64XTuPIv6wDEM1W9uRA)G_#LV0p?>p4;)0UZk3qCU7}*RbV1o?yp^uu
zP4;}~Kp^aVK^OAV3@|)}Cr-l?rEJC!G**y$o=#ce&mOm7zbm=oH+dknmb2IG=Vtf#
zrL(T#-ohN{SzlKlWbo;Sp&tW|hTiA$;~=$^V9#R}AH#}dUUUvE6hWXziV2`veWRTb
zc~m?HT<>ooo7Cz9Z&FW}-)z&)`QTo2i9km12s@Z2EM?Rdkauzo>}Rj&#~CqHMVU=Z
zLRAY_B+4C0ad<e6;NC4W*|N3-W)a6@Ay}*SV=w)kbq+j7{s*!EGx1h(H=^`4aNIf<
z_uSx>6D#e~DY)>gX=uVRWOjl~N;`7aB<t63satg|llAM1z(%~>hTe0GNIqePcpb9?
zLzXGQeNWip?{nb;M-zI7EJ(X@+F_wM*6PIqU+>vTx-O^S2l`4sPOle~>xS|t#g#0L
zk4<u2@q=<YAI`)9Oj8ext4{|aPWuuqC130)HGvi#cSTQ|Fj@`v68417@pQ0t^<7_n
zvnuj<0?Q!?_*<MOo_0c3E7A~F3k2T&rkl7IPfu@HWc%b!dqCWy@OgZBiG|%s2T{_k
zeMoefZ{~BWvtBOWPzO{f)#Fi`v(utuqQ7uDkdjP!AVje{t)z08{iJO7DBT^m1ZA+u
zg$1G0<ue_vbUjoS5y$Cr?YEC2u-%38`)?Lxj}DJZ-+{EBR1IC|8!5`4>#^*4WM#2J
zZJbL?=@Pk)i3&=^J>`4m0+!F1hS!1}<4O*yQ0FoA>G2&Jx*IC9jHl_(+dtf)?wFjY
zOv=N|i-c2n++*C;lM*lK5@gy-n?-|fg?AJ}QBKM@HI1OPbl~=5CwL&SFjhD2q>p`+
zlyQvYc;hG~)oWD{7cJ8PP-ki1GIrxYoRDd|Bb7P1JMny)`dU8TIMALnU5SN>gDtn7
z!67L3TA1+_*qXfIfCi^yZR#dSYdm`1u**M*k;PlrVb};DvG9WR>tOlkBi67jly#P#
z*SOtKR@^nTo;c<6fLATK;&Md_9FzU5)NsN_QG&1ymFldc3`OyjlzPJ=4sL5!6-do8
z%<S*chdQcV+R|$IO1g++8p2ScR!Y3V6VP$uVwN5_aTnb-gPWwJPJ#-8lTXJ(+JGz)
zGV-Ke3(P$i!zQbG5gX^jecg9pCHhuU$y@Zcj)t<|u5qyv=Uv(iN6F32g3LQJtr7eL
zd~WqAzERve_t0{gQ*TQsnDs4j)dxN#*PSQB_Ez{G;XJU(GY`t2RN|FrJt@ZL4G4Z_
z<76w(`1Ul_?`x!CnXShzyF<mXfJL|BYoO(1XB9zqeb=wa1mh3GN13Fmh1`uk$I(NZ
zOAxt_eEM!~J1#cSSrd~XJM)2TPr>vO>qe*ho0PZ_(JODoD2?IExWN<(JL^PyKM91k
zTcxBJzLN5~@0Y>u1Kr-BC)yOX#T$>qegPG%S!b8DX`th=|1Xf0XZuCC;e4!(=J!5@
z8*RpY7O!1uw|XwZU1y!c<Z~vlco&23UDaoB58>tW8nAWAcy%!d)I)lKBj_jys7>01
z@;;UwEX4|q(eGUY5B0za8mdWM4+!iLSn<hCp0!HE(^1thi-yc~E5$Y3GUw}4<8_~7
z#<a}Jwtn(r_-yJM=43`5gRv4>_}7t`hVHl7s<a-$4cS-}tM!vVGpJ3-?9b1?mYp8g
zTZy$)`7oR^V(@dXRQaCbfe=Fy8qYT*D<5zkMo|Vb&qk)51d<NzaWXhJ)-c*}?9AiD
zLJ+mbA`RZ4tYf-&O80X-d9n~Ea}7{e(+bZ(j|a3&!x`Yktq5phmf>ss>DP8q?%P;1
z10UBi2FMRNLsa+JSx!XrINkzU3Bd0C!vl~~bArA;R~RbA2fTnp%;<?r_!i6G8ULp>
zSKZbV?9A*PZ>S%iAFM|zKnfGn=fE5!aBaZEk)C3NY+N!U4MC5ew9vGtuOkownApd%
z_QV=&lJdEqX&Gk8mA%r=7)px3!#5yzgsqmCDP3<ZgU-5KwJqPRF~=0NqyQT?W9CON
z6ya<XmT1==rOWLQ9uP|+qJux=c*4|A#$Yp<Vd^-tnnN<d-<GqO2XR2glnMfe0X7q<
zvcj3i9H`yR<~3b6x61PG<#@O_@9S4<V0%>b#V0jC<ABDKqyW5QlS=S3p(`~>kXqFo
zZxr2G#!&_|eU}R&sBN_X?#6T`_rGS#uh`!BM;qG|*Txq49^bS-Y{~r$ZFmIr%yCRo
z*6R;6>Rc5IybH%4x+FD+iujm34>1H2mWtCt?3F1@ohMp>9EKsKtLo)mByM2n2xdDY
zbM{UcB!ve&?Oq2}pp6-1F{iC#x@$<Rs4aS>^!Z^Of#`FFzP!xl`821OizMCZh?-R)
z5~TH~>&o&b>5(ZxL<>BkJt4E+y)Ic`@_Y*=Brntk>wNITkVoq?IJxrcq#S(0RenJ|
zEle{4Sg4&0>68ofK-aX^Q<#h(Ay$G-g$X&r$55mZ<3x$_&{K9%u!RgPoZ$|`9A(ls
z9Klb#n9+2+>v9Cq(#q;5LD@qBGes6Di>AgR{C<^UZ^?!;IB)cI0EWDF3q#Gj3^nCm
z;AQ=21Fq<1R5J1ID=ovG{YWJwrV&)n!{DxuyhY@B>cyj*VEY`k-QezlX%!<}pxy7V
zhro@PzuTQo9Xssf6qW!Lk+@zixw;Zqw|Rbdk&Yq|MxJuUf!Wt>fx<b9;yFg1rr8Sd
z6%f<N#?7jpLZm?vBTGjSG%WQI_Raol*4@TwEP@M>4EONZsGfk5u+Ic5L=mt>Y*Z~~
zWG@=mobLd6BaN^49ZE1m5?H4dH?(_e3`PzrQ|_#5M3+&FJ-{^(PE@KYV1EWvc-2*-
za#D7zhGkf7c}?cx^?+}aH~fXMRi5Xs7_Inezp5k)k3>)vfMrHL;3y)rMq}XUT*pFr
z#lCA?8^zpI8aBM)KOEC8eIv^G<my6oh?Ls-T4~Y%pUJVqD`8*WlEEV#f2F~_12G0O
z)Qi86T7k(t<a(+XBR)iU<wp~)H6S)+?LT@dtlmKUYbN7djgl)vq3W!cP7<|7+9Zm3
zRxsSV7dMcquB4p^h_l_3b`>3zcVw+ElzYO=8BW|0UTQ$gqvtJHdP17XFYkPShVflp
zL%Rla?29~~1(c`JST+xR0=mObSg!#qb}D12a@^nQE>uKhX)K#6)5L+$rJ1F<+q(o8
zPFRtu7)k}Ch=^A6crfH@GqRzEx3tZ<dI262(9voM+&6(uh7MI4pjv`H4}(Wh9>~b`
z8{|AZ9kQHWs4lm~VyR$VxUT&d`OvW_v|nXml_ZBnrS!FfL{`_`r2yO-pkBxKgV8I@
zrW0^`D?I22`+C3UBo=vsOp`fJ;IQ<VKrvYfuL0kqys%s1t_8u&xFJA4!a+C2g)%r@
zuYPXj%Sc_6GrvqE_7p5r^yc^8G+3)0B@lAxfR%DGXO2@jsDxvscB39lvweaqqLpjK
zGtkp^e|W>p((Sfp_hv5R8-0NE_Zj4$Ef!Vn-@+?jOfB=$z>5##8rmui_Ph?_1wP{x
zc-Fh3vmV_U@+9&E`Pj>WLp`rBqV-dZ-ouc@tboPrw^+3ON`j`BYl$+6*l+98OWk@}
z(6e9jH4blBm2oOs>K9R)(ga;E^l9<0-CHVW_C)xVs2ZtG!~+9ZUf}0%+r#?sbBPD^
z)f*}}hd1{hcEFGkoOORdtw>cMBkU>bx%N`5=B2zzohFr8ik##RsfF{w?H|X{EKi{K
zdTt4H)Hb-+0K`3&aTi^SZ6e+ktlStBQP{>hbnR3``^k3L$`F^^jcp%O#CdGhMdFrq
zi)DrS?uoeNpSuk1CC1fCoDUbRLuME|EG-hpLz>cHC)2CaW31L6;HG!zub^rskQm$8
z+}C=IZd?RRul)+DzIbas_p$=Kf2j@K%^sk<f%S6`XP}ygufe-@l&UM+C7&_uK2C&t
z7l|;1aTSmTm&OuZrh(6Rwqwg+I$8T{OjV3OVnX{A;1a#MG-Q!%_HRu#E3L1irV-!f
zdSc(yQ+3v}b08|~pNR3ju72Z>dinHc_I8l=cwA=K?VWZ6q&+<R*0lhhT05k7ce&oa
z9l(Y>`8V*Vk2{Og0mYGv3~kr;3c&SM_8N-pxG3%lpbmZA_D$GJDsJ`10WJ7i4@j}&
zD&FRxe7Rg=x1Xes$6s;M|6vBamw*18x3PXVV{cVi`j{mW?@4{=E^`^hbX>P9s}G8+
zb`vp3<&gBaH{fkJ?9y!^#N=pE0~fl28+VcdqQWZ1c0iHvB!krH($@s^;&E~OUF7-+
zw>)aqiD#&8u3i0IyWIMiA`1vlc0m~Ox3x$>gsXx$9p9`Lj0+-=<oP<C+m8d!_vfo8
z2tMI)8z{cNEmvzlA+nV|Nk8Cr_HREAh)_JmT>2+@@T`E}B_)eveO$xglW6L>VQ)px
z9F3Ao(x)ZuwXv8y$pIl7<3nnGn!4g$&`Hu+CkD&up~Y1}9hr+>{o(LB_n5Bau{zo;
zE=he)(Hl0&X@Y`=e&!Y59;RLn8$}M|p*GTayWEB>+y-03V|o7($2)s7W<g~KZRrxZ
zoVRCb$n%Pi&3c+8sf-~VWkAVC3ng>Oll0Xquj20TS`R#S?B9%6!4O=>L)$Jx8^$i`
zZb41rq>=SJjvPka-*kb8t+p~;($m76*ySd*I1~`%B*#0b>g4`IU*wx!1PRhE@$&~!
zM&6jiSepM5Z<AZmn#Wl_=RYBOaXcUU6L;*Vd3MXUI33sL;&L2UL3GOxw8z3@%oT2h
zzRB|S`4f!9-Dr>b&{2qbXgr_Ko3{VQbZGNsu#T_c#GiEGfU6M@Rabx`qI%bd8rb7=
zk)`_;N|DYdpK>P^$@@BFQuI_2|Ne1~Ze7-J?y<e9D9z2-iFK}>OK06=2X?mmU0lTY
z{r{#*Uu<W&Im%95Uw^l2z6g~qvm8$Wv}`St^u^#CLN<X~&B6*CwU8K9BqDaP=EKDi
zTweZW7Cuh08%*4y6QBi}Q)tmL6X+0>tnaqy${QV=<mKIbQ_!?2R4qmDE^(PA1tO*s
ztlZ68hD;QB>Kz+R@C*k&I)%0vPZKbrIqQbZ2xEYEr%76ivvdq?fot1FkCqYT&MFGx
z*rTF@+l7blMkFcB-lCg2l?g${am&XDRr9E*pm@Cr=T+^Dw3OYJ@T^}!wALnTiR>PZ
z#BpUn?MA0|=T*DVs0?L&qi}WD_bBhb?ho``hwBmvX>_edhxf(0#e|}piYJgs<q`-b
z$+x8(ea1V|@irF#2OqKQqoV0Q1$jd@>k7r$Luk)=R;Su^9rg9ZGp@ilTzElN=EYyf
zr{{c|?>MNwIHsLeHIZl`w{kSvKa1<E_gp^_)y(6rt0%5E!w|P0AAgGlk%h)MoTt^(
z{EZ7N3HnCcL~%XBo;)!r;V>utH>u$nnPL^c5>v@1Bg(_RoFumu^i;miU&Vly^+;jf
zXhw|X@wjVOiJqf&mqgvKUm$t*yRFoQAV;ERue{wHjp=Rqie(TD?%!4@2uIbER^RYc
z7D!Ot)mf<?dH+-)@#u!3zO6v|i+sLs7<ra7zMuS^Ix3O0p2OHZbCYnLg|_7hZIp53
z(;ME}mXhDtxMZ{ZZR;Q}?vr%9|4@7wvN)qd?>Ax96Hd^O4vlG8*=&&<Ys}Ntr8|(9
zOPs*f`Zppo`aI2W2G>WcX%b&P)+db+V_vgY=eS{wRZ~wsIa-s7zV_|RpaXE6Bo|(J
z_e|TT*c(VUQ{)YC)H_ne<iXcMpfuCTBNaW_EpB+cFHR~JyUP2lQB0l~7Q5qZiulsz
z1J$og;~LmI#*-i6jt5ODK=`u$#nz+~?)<njhpIlmh+e+`n_iB%QSTdCHLY&4q$s9+
z*Du*;A^3O;cF}z!=Z|X2Ri#_s){>|Z|8ZTa@BKn&qi{WQH$)3}jY!fKI(z&2%IUsr
zG@=vUAuCkTT|@Z-O#bB8f`PSdtg7B435Kd)G6hPizA72LE_9%S)l0CRcId~nR`$G~
zOQqv&00-Ih24R0rqQLtvZtE2*t0cwb8`9|h0Z;C+kd&G_tdcS<KFF{mNjc8hO19Y0
znl8ZAK1sxoOAbvWiU!g6Hc70;e~<+0tK8WLEBLlJl7i#n8DfV~O-kr1IC(-OPLq5q
zFyKjw7=o_{#}yG8>$Hy$#B1&}+k!pL@Fm1Lf1O>T0+~d4*45LnP+;~sBq=95&44V*
z)z)x(*;NSqrj5xXP`eMNNnp;nxv@6jaTm=&LBnfh44D^kQc~~w*~cqyYRdmlh6v|l
zk*4T!3_2}-CYf`%FqFu}RkHzf;{DVmXopvSc+VhGxq6R>)!H^a5jZunEfz0F+0X#P
z!<)1WGY2zv_DoOXvtoIl!MK!5EVti)U9m0qMoU3K3bgn*e?URDo(M(Gx<qwLSdd4(
zBFEYD;|@PonFS4Mq&|x;u%bfDH4{kE_=}+r=z8QFWJBVfDwEm8vo1Copsp+XUa~@6
zODfjI@42D@_}kyKq0r9gnUGzvgcco1c+m<Yt`9-f2u!8-A)6FUcj!)h=)@23&*dK<
zp}Ye^%j64D%*VdWACHngkP2l55q<Lv2wTNIDk_1-pp)^j_r#{0iD*)X2j7%6HZjV(
zc16xgULk>GHP{&VP+t06CA-RcxY7>6-?d>n2bfeL-Nwd>5&3Xtewk=BZSOoJf~5gZ
zR3JcD>#OKc5?=DZS#iNt<~%AlMy$ki6*RjmpzX+<GdBr$T!kbjXD*n4b*g|0?bKWe
z49bBI3zK^V+OJ-8)^%LrYxk^7e{S0BRSA1#l;!Iwm$AWz+oC2@R+^|E;IuODimac;
ze`%N0r_9#cVcxB6JqgYKm&Phm)13v3F3oUiaJVS#2F2z<`rF1_*-7lvkU%+NM8Uzk
zJ{N0;+{LZaR)X*%B+uiYHbC=O^Qq_wJdJpCP=pkBu1G<#K-F1&qt#M(4_6^lTwTQ)
zQLdALc}eort61#3j1w<9V*sXp)Cj}(-7@{v4LQ-tQH**T5;4+iNNHZ($I({F|LZ{?
z_P*vLH(x*}I!f8OUnh6-FMQu&-3*%|u2PnWNFkc1_yy-3jYz_~2Hv67-C_;(As30!
zYh7)qjbtn!ly$MaFl6w@2O~`TS^>o6x}Uzv-KqgHy$cgdtc*0*2!gwo#ig)PKz){Q
z?r2E9p)x;HhEWmX4kcK_4ry?A^B|m+T)TMWq^0an9=N#bud&lMB;#56qqfOKAW(KE
zoMeb7c<R%wGs9{aPF<=y3JGA_ma5|N1@GzUp++8bCuvYFn;;n(!%zrv0}UNrCpzok
zdfXo*>)8PrdBHI+I{qQmCBiUcog{)lylz7?2UmH_=-=_?AAXKT<(?Z6dsvk}rFUYw
z5MQB35x=k42>g=%xfYG4_>yH4ha*l$fSPubXg#v*e^ISUs8)p-lLLJ(yO{R-iQhfC
z0ifnu$uAQ(gCXUf2Cur5KpaqePqCHKcijxaaQNgFcB5*dyB?4v93>O!YMssJm&8Sw
zeBa#%bGQQ+OSa~aiSPUS>G#7VT{_KIH*T7JS8Ykt_9}IqI}kNb!x&J@s90d;Y2n_M
zz7OzAtq!vMvDzI`fCXjhhMYHsAtfH6cuV!*ME&%<Xbi@XnY9Vjn_V>Z2#qijy5~pe
zgKMDvBXGRF;z|s;L-F}a$8>;Rxn_yN2Ve|MwwV*?l?MEvRUh+u%4G~Xfkua?^Kf&m
z3gk~~%o-swWGXsB!w>B7&>pVZr9E`v;mY{AJcf)_JY4xHQ6%XpIMi<3H=Xs^lqh>Y
zTzUPi(lx0*mSj3^HlJo=TJ^OTMBLA@yyjvGxmVfoNT5+3VFg5S^|DN>r);_%2%jb>
zp*<&gW1C8-HB@k^;P2iKlTINca2F;UipT@Rh?<nP!q;RUp`M_U;x&xT#Q7DLJVGC0
zCr)M#6EM%xjo#BC^YwXTmU_(y_TjsdC~kzh`!XDvK)oh+l97&iV^uE1u$+M1o_NM1
zG`6!?JR>wt$rKigC~ohVlZluD9yDEI<qo;xB#2HPfpKQ0y}b2}GVSEm`Q+l;;io}u
z=$7x*;XKyUJeeVY;vo#VE^dy$U5d!5N7;m)4CUBA)9<5tF7J*C#GN8n9b+}uUfsz&
zU@EH72nQM3yY{+>0W$(U?&*d>EUV%|3C5f(i_SVJ67f$`VjCRw%c~}Z%^~ZpJ0@ZK
z2)xsTO+fYvEuy4n!|YMLny&cuW%Pg2^mPn>d_tDEB^YL#aA+IFt?cy+0&aH%dGOX5
zM!S5%W_--_l#?~)Sz;97t_}x$x#aO13ob9N;s6ePfZC61X#%^Cw^K@ZH5*I6>{^Kl
z>@Kc4(M3bfyG!p!4EUx{FWRs?RLZnZGDXvJ#xN8Ocj7{kdLsk^@|Kyxyy1jFj~RXD
z$BS#Zyvl7c$$0CPowj`I!lEsP8gtasX6|CMOgkAq&M(I8N8>rj$@E;^`yLd_t+#ZY
zIfsjAxkQ+(ksraLpX1~rQMz~xSNa$xwORuup6sarjhiI|Ltj{Ycw3FHKlaYZ&mtPu
zaI)XogXhCqzO!NO^ziqV0bM-|S+<{7H{*%WS%;Dr5!(yxcx1;+VzpsIu5JxeEhuKc
z?(8sDxGN~%2s*6Q?l)|!)j4|6y%pkgfdCGGU%0l;qOl=Nj>{Ia8T3e}jHPM`@}5;;
z!=n!^38Ks$&Zn=zlXSJw%UBg8TlkmHRc-}}td(o;N#n9Fo@4YQ9lYSb=9Srsmhz{J
z94U&Z!fY766qTvSu;0Ib|0iuO@MeLZsq=mNmox_jzJwhoFw$8#MsTF?0Xjzq9M3?w
zZ<9sGnZ$<upa10S*g;v%Tx5pg8d%nK`GakwI+(YY4O}-kvQSLRjY8AJl4XVsY<}WC
z*z}6&|3bIixFeW#=D-gMmK{5MZD3y_ndYuk$IdGYwAi!kFOjKzoz0&YpWZ9#1U;Zh
zIUt0;wA=lC4I7TJ%3e!})&vlbj{Eu<Lsutqn@rO_A^Vd;y`Cn$%0wl@)}YonDJIWK
zPxd)-1ec8iLN7cE%+Vl?iZNVMVVR}8|IwsHKOwNS2NiGpY=t>z%Be2{DuOg^8_!tV
zW~{5#yhZ88MNcvvAdJPPJR`ih=0g7N{)3#a`}deO`MUoP^5SYmXC2Xr*BNEj|DZsb
zg(%|7w^<)Qx4&VevVh22v{8`={RbJ-?XMzt{RcUBv%!;zT*v+U`Tw{B|EOBAd&iDK
zJA7MR%a{F>+2g;Tanemi2>Exj*L84(&4x3Yp^nIZ>M!x(II)%jT*t-aVnf!mzEJ#+
zCFR61W*MX{61ki~%wqYGmmA>pw3CfT1uY%ZKBVd4haO7syDGY&)pyA_S9y7*UlDtQ
z=l7c`g4fb~wSAwb&Hi^al$LC4xuc=LXMG~v497U@xC7Upbfe|q!b*>+=t$;_*Nn7G
zO%YxGIw$qWlVRBjiH_=tJMTpZ5reeka>Ul8n_8mUe=V`Pd&A2xE!Nmsad(0q_H-5Z
zXiIXcy7LU`th@S_soJ>2LB>0kz$Zlp;*)WCuB(Y4>;gY8mrr<odXoz!c7(SSI(gHy
zl|&dyB7D^}WwY?gaLpaTQP)6X;4;LQpR^RcP!i9}QPSZ<Y<l-1i{V=m8v-s$B7J5j
zrMc(g3K`=HS|;+oGY9r3ca)T-Q1WXsE%W-J$_Qt#UbdR7x1#|Z!R1vBBS)V|R961!
zD0#EtapujXE_d;}WXrqbkvmGBI0}n2J&tgp_dn;q<}+gjQtzX~(s_25ox{nsGqk?B
zhCQ*$D)9<F#Zg&xifLBr1yo{B-QXuuPMc?CV+sS!sU@i}fpR~E8L4H9aWH)sp{xDQ
zF_rR>uPw(aacYGU(BrT0)%3v=hsoMBU6>74p0oFt_ZUAcJLf=C6O;_mIl>%kH{oh9
zoo2fxE(Pb4%raaiDo$0EQWlx<9%WI?Z!jVJMG#v{d8ByvZ637^S~{O?EOffy?)WaB
zFszR_5Y_SCA-ASd?l9Dqn8#r_c=ozND8Zg9cR4!i5d1?9w%csZJfbVu?`)mbZ}YTf
z&ShYaY>>^olH7o&MXd35U0=)ph|=Y&BRqZz^CL`odt7c|Pqr*Nry!V52%|PV9H-n6
zp5$4spDn4-aEVEFl1@)h2b$J%FSi2KootIZEjZZdDs*;Blsyhd(32^F$ZR!aa)lUH
zywF%@`6@onWeoLixIQm^>kGVSo#d*Sh0ejVLUlD8@_(}zOwhc)Z^oI+EQrcAyV;Se
z8#~aOj^<;zO&Pn*^o|=TPc*mVoGV1Ds0rZ&zq|u^cUnnO-*@{f%rS?(!;^KIp@w&h
zn8&H*tMzE#K-efb+_f$~?H?)5bj%8&GoIN|NXfo9U#MTtO|95%2<7a1l4u4*w@;@w
z3S+1myX#6sG{OJ4lyeD^0_$N{AkigK<(~-Jt-CC@L}XxZf3X1J_f?zk0d7DqZv+6(
zcN=%;7F1Yi;e&M!O`Z=VQlKamDe1g5NPK&MRn73Udg07MI1U2p#`6a8*wgK%#HGS<
zAYyDel|R#2m(K&43I#LYg?4XfS@I(CZaW@Akb4rpsme?}S`~Q#>50<e*0JulQf{^^
zT<Nvu;M(7mc9_pu-jbfqY($TVWOK9MRJ4a?e-WL#pYMV$wZ~C9>TD2h7Qz$dhft$0
ziId(!bh*WoJU|KMBlLD2<k0uEp>478X1}=04LNPDMrOB%$9>_f<T<sYx0B>8rUQwh
z!4JZd0aP-b-*Fq|HLb{JO0a8$-TWDvSQ8`{x8?bOIl>#T9GLpzk<woJMEHPnAgyH=
zxfW|n33}X!St8|tz9A$z9TSP*n$x0UgCKYHIsdzQATy8wOhD*e%7nRarbTwVJfHK~
zdI=LjMJ4DQitg|q<x_aWQ!^$IJ1T>noJ-q~BIOtZHIg^p5TiyR=Yg*Pg3vA>IcxB2
znC}&dyNK6waUXnV19=av6d(J^Y%0UCbMih6iA#Y3AFx<lj2VF+9UjQ~1&j<NIpK>1
zT%NPbu=$tSPh=19V~aJ!wPNm|s*1E1v|fVR4qm=f@WQn)c^|?y!@j_@;|;i#jzQFq
zj9q7a{<w~F&O$^2NRJ)uYE&}33FyRW3~^f<T&@6oDuM;2246ouX7i=oba|gu*41pm
zT*oe!zDQJDmU1ELRdMj7MA`29imlT!vo$=8RUIN>mEN*Y>iUIvJ=sRM4L2uHS>p4|
z*IV%14Bg_Uua)TG8A4Q`9J@tOz}GV1ir!<7?0wqTO`a!=-nae41;>*U8kr#qc4Z%1
z$mLegE@FJjU?^(_)sIsu6TO7}j@H`1c$DO@*l%43ELF9&hIYejhqyX|;E31c`SH>w
zESz2Hv=KScaeb^(5?g5i=BYaDX4nEe)y3ls73VVC<^uX8B;oMDTj&Q&9Jg>Nsi6WO
z_-)s<<g)PI0zP_*_4EQ0wh@PwuKpIIkr10=CC=9~zMLc}l#|rb;671Of5XS<=<-+`
z(9uWBwR~PU@1X1mjZ%3>-dg(RWj0-4lC=HcdiFW`CKb+|lC%L`va~s_b?F!a_r@a<
z*S7(fFA&wB<+xZ4PX?I|cYcT4FB_=_#Pm9Mp_=6RihSBE@g6tTO6T_eBxtyl)tO_(
z57+dnEL*Q<so0*i7%umF^^tico@tr)4cx}(&^M1sTFWfYnM0S!9lgJoeosI@zt(V6
z606fOF<38=4U#;S(n|_3y0IRTjXDAp-i4K~&F2o5RB>@{WKtP9Cmz1;q^#NCIM7oK
z(%tAVDPIa$dq8ZSAn|o~w0sB*%B6+g&<4-dyU}ypfbf4p#Yo4xK{G~%O@<6C#i4t!
z(#R%$jCyk+`H=H;&osBvsdr%1WXy=gVUle-fAuqV4Jm@f8=-6GJJ0oXem)Uj<Q73@
ze#&?zJaglf$OXW$<7s?|@9vchZu_G`pK<T*`Xby!wn205JR#i$6QZi@&hz1~zg+!Y
zWE#(<EIQqVmv-J*A43Q+|K9CG3+mX+jjNpfPhfLjnso*^U1f8HxZ1AU3d&=MCQ-AF
z>mPp;&uV>!f`woZwT3m6WD>az@w!uMB?)aD04?Oi5f7?=&gle<98`B!jUHp45yxqD
zP8_KYaCv(Ko!f3+=E1*gUzjYcpO8-YLc091e<Dsa&o|x_JSd)z{lwqyC4@1M?qOJ8
zwedIx`;9z^!b4-b=x03x@g>fJ6jC!$pTANq5``TXNEqGx{LG*_4=|7-Ew1_ef)x_B
zwoZJMW}wIr%?;0)3V<j_OOLR7aBdkuLes_AGLyd95-;<=0*UXrq*kZuGzkdf(qSa=
z7~;DyODDc7GvV#GM8@%T8NGx`<mh8ol8=G&ws%l-NyYY8zMu6_#L+;LV@1cGsH^|N
zh$fkSszPaqjEII#L$1`2m(|N0Uza)G2BrNgVWoSv?&*#zr&affJ&c?MbO^D2d4Gb{
z8qif7{FtELe=bf{v-~3qT9Z#qqe0K}zdI60`zAt!SK|VzPh~`R!vPYd4k|u?IM7-{
zmg54MP0zZ9pCkq64uNPhdOU!zMf>t*i5VXpV#%{;6b;XK{R6KI>e&FmYuv^}$gK{$
zJ4>Onmo>2r)-!IpkQak2^hEfKzD;90&@csLMXQ1MbaA{&H&~~XTKjpH$&Mf;HSp-8
zzpsu3AwjA*ea>aZ%LXSlp3s=ifF&Cs245h~DPmsJJ410E{R-iu)?%Ek$O`vGlh(+-
z+G}r5tH^u*8~C&E*lFf>$OUXUra<k!L~moYTOSg8%2U{ICl_av{ER)qlfuMF3Z`L1
z723LRH-hSq^i@XfLqy^H{^qD--y_CN>nssW=}otHaPIQ4s;7X)^m%qT1UetnUt;;p
zAo@Eg=9mLmNHK1HoUN|zQDSgSe7(!Cp?&SJgMvnJq8Qhm4H-l0G|}1Oi3mO#G+0IC
z&q%kiErXAQ4*_gcd-|CHXP94`&bZI(Au|7*|Ml1G8DBTCZO3}V<kBUPYYO^T?;#RJ
zwVsf(MZu$Vf!TrfQ#8qos~-11*08clDI~56J)BXsHU9eotBvNs%8#D2{Z8?aONFDa
zr~xDT>uVxe#YFJM?-@RlwGf)Xe9$5RV1Liro*L2=4>Y2p4F|BNgK$OnV^}=_X&K(0
zKFW6_f;f$?r~jOPm|n+HAx}w9`;)?KcefS9o7pcx+9=z5ovT6x9DUXtin&^=S3DMI
zFq26Dj^4y4g^!2-D;MImOVB&C*%4^B!T#n5_UA@QMH=12b^z69!NN7_yd#*%COUk*
z^3{=JV%w}|u=|Q@8yPX@a4cI^0iIR{l0dlQTAuU#fZl|WY#a|*M%YW8{e<;2e>t=R
ze*|Xbaj)o&KFjVN=K%Rwq4=VCM}baFRumn9pu7wci&1&vD@BmwhqY~(3j8apTpaIR
zWNc}5%Os)$*`d7Is)(4ju%bx15s8Auxf?(m@zEf4M1@tW`(!E&rPu?4Xy$eQ#5xKh
zgtQeXIwelOlK&#uc{mP$F{OGNzKd8QzA-zR8tOH$438p{oW}$YHfu3}?r26edN@WZ
z)@dF{Ed$^xZGWHPKm=~)euWj^03B38Vu1p1W<m;K9)zc5QflA^4Pt$FJ_ejW0S0se
z@d2#@t9R*A0!{&Ha_?Y==(}bCmCXRun(C~}(1AdF_-#aPw<NT<zKlG0Phi!<H;+^v
z2^Rk2tYLO^>f`L=3H7LFxFqWrbbt1*vL>6rZKySYI0(cDk)GT5?aeR(k~ng2szF~P
z&V&fG<Gu7qw*~wJKlQ}?;p`&e3%-O0z-AE-#ZA`ikN`cupSYQpI%z`Fs?Vzf4CeBS
zoS=Tb;KnMMyAa|-LcSpIej2bZr@}ooF!X-xT47~X^RUuL<xq(4DLvrnt+qv#5ONpS
zhPGpeDkicI?VYHb2Jcp3_%9tgiQ!QTl#D#Pm#BS)dDxI0{41HkVyd<3oBQ3%v5O%Q
z^v2T5T75ZUuAz<IlEVGPi~wF0-=33P<xo08s+F$OFR_I<O@T5~bD}m*O6ia$6MjtQ
zI+seJieYItOj)x_eHd4I2&sGH?UGv~;gg44e!^Qn!UMc}2dk-r!#++9csi^H8Gx_U
zz*1dsKks4AcW7!-jBV{d<6U=~YEmytO~|ixc>EeyYPj2UcUIQltG^UmQZ>N7Ou^q|
zh*;7UxX=*TMg=Op98a$LY{}vDjlLI>n+bI|(L~xG9!GkG*#XeIsTKZx_DI-7TmZj2
zZbt(YYd~*d=E*pm^}U#b7RRurpj7h+&6_M7nWYga-`-CI`(ijp#Wst*d0l!cqRA|^
z*#{G>b+^Go#M81%H4{WoIO9;epy@$Y7k5@IXpj8Ws}6XmlWEF@We!CYAYcLz5p#$T
z+<xSSyhwK<3<5&pv5tJ(bx{nt-&e-mM#ye>0FSy3-dzqYOq>tJIwM*%#*h#X!UWWq
z`BNw)EpcK)C$R4l3DqZPlXm}5f8nS)C<8d6drd%pVql)%Vd_f)p}Qg~7_M|Z-2og(
z@K*SBxfVhj8LVC@0gP~Rt>Gj=?w`VtRcyK}5oeun#`x)~Vts+E_0g+0rHWDzdQu8+
z)G8@BxBH4jHQhE`khg2A&zzLNqdVT|mR>oP5+RTs%R1MHSVL-el<={Y>e&%cN{(Xw
z6g((Jb8U*oZA%wvA6p@`l|QLEb*0T6DAGW^RZdCfHPp$socW5=>d9|2psXQmo#cj)
zpMJj<+aqQ`#n^e!3u7A<EqsJoin)i+V`6Pg!BU*qvXctT%Gw`@<uqml4+YVhj9cxm
zHt;izwM=qDR0!=IEAVqYg&fA)NVR<|gm<WszQYWM6ExOk&5vPKl&3wYZCwNfT?>B-
z6KJT$j5UI<CZ67wU&Z&oChc1JrMft&k&x#fl8)wfQ&~=OKLJhbQz{FsbW6dVirJEF
zTPOuyaFv+A#nlB34Xu_*iY&UUW!5^Qdb)5!4^wqhDQRTmmDO1v)7En{lKY`kfnp9#
zMj*yc1(_8B7&}ziwcW9VfH0qQXdu)l72#_Tac+&dErx0eZvd@ssabFxOObViy$GY7
z!6OLE67(*rGZc`|;ZUw@7o2o2Ucs*j3F3`6Nf_M}2yMt=QKV!eDl<von1M*-{VFuF
zm)Xz1O7WzDi?AMceBg4ZF71{nYn<j*3R2GR)1+Y&49KHG@5Jxc72t*Llj8QF>g1k}
zq$-q(tmCKjpi3>IzeCE1g9G%wGP=m5$j|MYk282?OoOwp=TBeXHLyldtnP_m9kT1v
z%9y-;C%PishAltvK{WKcY5xA${|OJoQiD4C1uFLl#T~prr8PO82oOG@@V37X!MtGA
z1o^DUDmQYw4rq8^iNC^A^rsQbQg}0<0`go42l&(IXM$hWr)fyzhnK>C{<OU$iA(ql
zLT?#(A*?szK=AnrnT6@id?Ue(E09eeDFfzuj+EhW^*B)b5O4yNGMB<~>sx1ikZ#JE
zhrp#Cd5!EbzC)Gz5)}O~Uq33A*f<X`T^d+tdPw_mAU8W^0L_?`!(s&7;*?epuJ4^B
za>1*W*ASqMrn+RZ`7UNel&R@aIOD_OQQDN@#FT|--`sC6uMzidJ^Sg+ABp7)Yq3RT
zy2BSGFH>A5)e<)TkMpow9Y706X_eE&wR`|C1@t(p@Z!SJPDD74Id89(lM8AD-nmYV
zzLyT8%p7I(XK|6d-lLrNZhTTDabf;xtd3B;$~2B{fq%Veo`=hyM}Yg8mDs0axDCsD
zZv3IYa;I^AZ8KZw&ZC5jODDihI!d?-+y0XRd0kJYPA#~aX>R~Wvyi|;?Gnj>B4Ug*
z8B&5TJ!RAWSSKxp%i-xOfib36_W_i93ieWBdpcQ;9a1_kvChs=%jKQHlS$iMYRa{9
zrg^W<<EEHYa2s<aF2z{y?YVV5;Qt@Nb=EIpBH^S?isU>__UqEd-aVU8iZszip<oJ6
zm4P^cu{V|d5{vFJ=hJ};Brf+6yhJFfK~IWrURImjq`WgjbA-@B_m})fz_jompwbXW
z|4>!?=BTqIWak1m6hqe4<HcPV(@%hxdA`Q+uAZ>ZJ!*fo+<wBI_R5X@`ibI5P1?Ap
zg*{!|KPdmWR|J;V8o+4a_c6aOV#JQ{FoGX3zE$pVr@t>Bw3&zE1Z>-d_m**ng_05H
zT*W8g!{ZEu2WM?c89R*_5A=Y3-zX(F7c_6U25Z_9r17A+m*Sj!yoOl_Z&bp3%d3hD
zJzNQV-=%;_4%`#AlaXlWv`}p}sy71F-d537p2R04D4+zhW}kL(jgJ%6h8}dBAY_C7
zW_QMOqmIBiG!XR%3;fTXGIDy1W4Y{Eudsb|UV@Gi8Stosk<<z3D?C&=_Xa9|J7Wfs
zxa*Pg3}zbIVUY<QGvp^2E^_xk5u@|k$I{NAWXVQVslZ}P7dSTQGfE4ah0Z!Q;IsJ(
zS&aD7TCwPPLwRJEsd@%{=IR!e#em6%d*~%sr`evDD3L0IzD0M&>MJ996D>h_S)e8`
zI}F7(3&)*lcBJe?DvsIZFb+wR1&`f#l;LTPjg%YAo=nR>iQ*EUUTtKTra8v(ep|)J
zvx*IR)P?u$^D}Xv)I`qVQ3hP`=Je&2dX)bA6)ZZ`YEU!R1c?<clQPudV_L#0A<T)?
z5DII`m*BzMn)Ew|l)~^X?{ceWiC_4_h8yFVy90xcB0(NWD4}l<OErbKFTW<MLA0_4
ze?(n}+{70K6^!jGtQ75R1P@Ktj*Ouydc`GRgaaV@THI|a0Ad&(`f2tyFKNLgV2KTc
z&X($sj^_L&_*J*4+ccP2vomS`5>Y7jMNFVe5K9q8vj)|xc?^U5ycv`&*e*@m8NOgu
zzX&yXglPjL-cat&27KAB5sA#+mZefuxiKc#w0aW{Qj6P#V@%82LS_A2Oh(cB0M%Q3
z?*WJqdL1g`I_n4(s-6SUkmHR_*bZ@gpreVQCDq+;qTGWcoqLz)b10qTmeVRt%wyr%
zp>I9I5OdZYX`=F@Zj`@D%{$>-VuyF(gklsr8_L*{bV+5UXyu1Qo}{SlG`3Vz_RquC
z(%y&)6Sq{3zoi@&JOX%%K>DaYXSWo$7YYyu3C8skuTY@^2ZM7s1jzMzSVANv>UWVG
zgvQl^Jh3r_?Rd1>C;)c)7edCCi%LLySRg6XLxy?>B}81~V4#JyVB`~YqGxb{g@|j=
zTBKHfgVgPz@M6le#6+kp6ta(cc7j344EUVr%=0?zu~~K3qv+deyL)Q{txwvMRAEuT
zU;p}Amu{PimR7?Zl6-ydHrwAe{7Bs=KdVn?Ceqo#>DR-vp)K(`zC6C(c3@}>Tx=dN
zmY`6)cGHBQj*MhX69NM>7C%YA8KVdV+8n?<M<^pDvu%>1sZuYEuv21qFz`qmwcvUN
zYzP<Vo=PnQ8Fh1+)2=-y5X@iclj@|UMAvsKaB**rh++&TTqJ3`_mA?VB-&kdkzjhA
z9iYT;OQszdX?R8izD)eguL21;IoPp3-A$uOz)*Zj4p27P^l9k0ZY1&)2=e>$BTQ4+
zAUIe(dwRB}$qZJQzZ*g!WJeibqaCoa?aUQDf@6Yqgtwgb<|H8*HzF`zCiAXqVFmF&
zUl;|FVPSn^EA=96Sxq`!%v^$63)*lNXn^B%M^Jh-0Htx@PH7zs4}_<R4u~kGx@;!p
zc_iv!z4Yhk@sB`pUv}a)Mbu)<vN9Q^UHA<?bTy2OrFv0qhX{}Tq#ogVDN4r95I6Yh
z{L14R;UaF0niE2B3dgaCN2YsMz0MuByMDOay}$8%9|JdDo*a4P=1Pg`$K1=^8f_1=
zOea-8e_mZ&`-PkIgh*(6Wcrf^MOD~S=g^6S#XFm`7QM(6Q@E!I!F8E*+XaHs&eh3^
z_ULG8QmPgi)t9!zCB4sKLc$CS-&X=nGUSxrM%u)lz>)1GuLIQ}@ZYg(^#Etq(tWtq
z%aE|rKMH`(`qN`tQ(<T3Tvnu}+kSdftaSr_NY0TFoh{@cBPMGGkCzx&enBBn*}uN-
zu7%&JN^YyBuc3QcFm?9~v=_@HXO=q^C!l%u>B~eol5!#pZ10J`iO4gqmx$cKFU#ev
zZg^$fEOzs=*E9pn%C?WCk?JhQ=^|=fb<7~bwrMRzo2aIQrT9JX1Oqo|o^qwPzh%X+
z)5QnS@1QZR#ayX;9K1nbp-Zh&7LS1^<^-y##UiXXM-Y0r)&k3^bGB~zI8?_Y2$54N
zt3y|rBA;Zv^R4l~iba2QklPvhzCgm^?Ot2ZjmNZ2KotXh7+nbyMX>iax`;_HYqgB@
zSeDjMdhX}Y&E?jwNZn0pAJF7@iDGFLkw!plg8sQ8G4sZxVLJ;)X-Q$v!u8l;dd|H)
zF6*SK?U!A+XBwB0V8%4oONwZDMATn=c3juCmKu6BwA4&Muj;s}CD8zBIjl#yx{AtM
zTpw7V9!#(2&Q(I=z}G=_MZ4z(D%V2|>CIbA>Q?QqAT4C0+<>FlUYzR6{Dzl>=FVF5
zcqIt6gB-D+Gxu_6p+tZ6ny71Oor$}RR)vIt%e1i`w<{NuS9It`#QwXe8^jfU9-ox=
zxK`>ub0)=F7t*5&hwYEdo)9?#qQTgEv<Yj5VGXEcR*24I<)N4&^R;9UH7h(BPY4QB
zu^9FR##7v{c&Wv<EvT?AcVP;GIKpPe^2(l7Itu;kHQb*RGNX~=<=?FilZNy!8yyC;
zTgO8)Y+@V_j+K8A=r9&QM1OU5{}^}nFo}S~UHXa1Q=Fb*Z3!`@?%dTAr!FQ{BV<*z
zj>IIsiL)@|A}YNE22}X)ZQQYNQ*(};Duk6=MEVF(k%|;oqajhws`SE<vH>E!!gO56
z9#b57*I_8tzCT8AtDG@`<qpO~Kn`87=g@J;Jue9IWK>a|FUKe7YUjOBcauOcAv7~6
zX|;y2eh{cGKI_eq^J9rD^2t>W4M{If4{R@vTXq%CmG2%B#6{6WOLYB+cFZ4mhF&P~
z6e>ZQA-M5KT&Iq{ioDFf@COq+q25x#e-gbSoDy833EnD#bM(k17B`mIw$(z`QJ1i)
zVClc+kPRMN9TX+-@b6gjUbqE{5S!37N)nCGbz6dM%o#ETS@6!mtJ^nQC=|#p3XR_V
z<|bl;!%}6+s`~)#8&WWNwThMuT`49~eJhgB)7IM4;(oY4zfnga^rDOA<G1^Ie=G(4
zY66jGhLn(7qbMp^MwEaHQtKxu#um#<FKTW?shX#a?nUh;!IpnM2xQcbf<WnntNI6I
z(2%d!LKy|Nl2z|cYStmu=&(|fZ;zwOrkUnNVLyh27O7q<%}g;t2o~BPo;vfzBF7(N
z*maMg_8e4S;Txbh$>+{#OntskV6Tg}?U8Ed_n+or3%_Q};M)|5xJOJ6>=6e2h`XD8
z8Q{82unbntBa9iZk<2b&dH%}{A5{i#-M6|-e91GY2iWQt(CRJND{`pgcO7m@#(9zT
zB{_^s`%oiqXXptTuxp}^u|x^)a{U`k<=Yw2SVKHu^?Lyl<re<?rnflo+1smVuZDYb
zeJ%{>t@ymwMUGGS%0Uxf>Mn4OCTD+;bpOprHP=b=8aKPS5e*Ot@M|UHpRR-`lB48_
zF`!%W>sF<!r(zr*l^mXF-GxV~qqU0ItZ$R|hd?3c?hEG||1+bN4uM6LTdG=%?r`K%
zv6TT2n%ICu6awqU;Fn^Y0?GIz?v|qEF-<z%xCqrH{npM3<f99iE7(jw;7+-7hqpuE
z9J(vs&>S<ut|0fAU5YO@OEO2>6NiLdGll4f)H@ne<8@R_gZH!7i-)+oG)_Kyl$Kkx
zxq(=}(Y?j;o^RgMra3Dv2Ns{DO>?33*0;~OhW37Tcwc-JJ4YHSfPROR3csiIdG`4J
zvPW{JW;B`=_aYp=$?;U<h7Xv%1Oo7II*~wg`QA%{;iRPmapO4`-rG}Pgceg+txwa$
z(>`PRmBO44rJQm_%6HH!PnU+TzPSTpDwsEig0-u=@bpj8ccf_wj>}=k7mnOTicG5{
zDSD?Zahha_wI1V>q;U4F1wQIRy79ggQ~or~BlEJI6ub7Izb%E~=Qnjpviu#~`_a2#
zoIFMvN&x87d{YXM_9+zK7vDh<b$^pLq}ICKj)#2{LjG^MbQ9uny{gBBZmmCX0%hL6
z$s4ZIYYCGJPb@tn(bwXCxFTB#bJ%38+x^!)=+cjLBJ#}<wqWv^fIUq2l9b^VP8soA
zu$<fkKGq2pCG0m@WKm|#1Eup9xhB$^Uge?D(dw@q6ci`%=G+WMgJFeCj-$>gZUTS~
z2Rj-Qur3$PKG{}7;RYEBYWX4?cx|CBqN)=LqEZfsI<VT1-(qK!a0M@?v+&cPjZNgA
z7^&`AnXi_zz9*j+6O3yLP5wq_J%EX7xssuJfy<CV3!haOkqRFeq7^6Lct!Nc7~Hh|
zg+~a2h41>wh;3FVNsw+ZViNe^S~w9oGXb3E|8jp-y1{NvU{^St_bkNH_RLoiDhB14
z99ygAs-hYl6~Pmd>oVm%cIHN2?bV35DAR;EH6CJg^5){f*93N3)2x@_>_4|}>*q~A
zE<$f6Ro|S)y`>X8){mCS(Y)Nyza!B7`Nf5pAbN+V<?mB8b0xfRte6BX#WC>VVFoIX
z&pS~kJI%sThlr|6ID)DQpBgKKQz18qlgdyPz|9kwM+yN;7hwtYi;fJZMPif$wv&HX
zJDLO8Jh4fuFftZf`ofo<r;PYNoJtErTFZv%LU4!LehkYJ!`ik8SVYIHJ?}WR3MUv0
ztTx2Fi$owqcgDL&XlO#=W!CSL!>v1|LIK*Hq`K4gh0_v)$(xa>?RT3W2oJjvBRcD<
zqs<8JO8O*cKjablX?KG?tg}v__t&8#TEir7_S)G{FB<Td0-@Eum)E)W?W2wd!Q8l%
z%Cmx>?VgK!N}f-8C&-r@r)nB@O{}N%o4W00OqF2TGp*)aiS~Uof<Yn6?L6-m6P4ds
zJ406?XNxVD4UfcDEPf@(5JjWOlh(maFB=ocX<Y-7i&r)6nJQJg`$jav0I!WG1+x*X
z*atqYv74)!jx*;)R0&<j!8rQnY$Y@1SSRki3v<Bp0Iv2NqN6K4VDhPx=il84XdV9;
zQNV_!jGhNLyQ66vb9+I3g~V_&bGrp%P6AppWjvd4xU>Cuk6GIRA3AH8XLSJTbPu0!
zgw(^as(ild<s3WTl5}T`wZw}r7iHf-g&iRV`Yt7&+oL9Q)`dW{_kT>Ut7e?NZ|<6L
zK;v~YR@E+?p=a&FiSA-{Qzsk-sb(s6`C5TL?1zY3d9j*Z>v*`DNs7E}!?2rK>mq9$
zO4>~|jIt$)g*cS;CeI6YtY!hveD;Kx=%fMIRhnF6RI?I*ORJdEGnSV^*bM%Px^IH<
zyJV?rV)pvoFkF6vZhjEMCP2TbLOIY;Q7ef8oOEIb7xw$^?dJ=8?goqW`y4Q;W*nZb
z25~gX<;UtzX<14u;y8K#x>+q|a6j?*p{w~MhYHK)Vy5wG6tTs|K}@osV|O|jvqNWg
zUX8lpHyI!zKJkJQF9e<uLspiU-PjffwZ+pGgY9TMO78TDJ(iwkNkQC$SWqYBf6EhR
zYWUsX<z+nSLGu=QCw<7H3YrK->mA2!EDZN@X1$wl=3r+Ri>^^;eNybOX_FGS>6ohJ
zSwywptzagvF?T%fZ6wJD^#L2)?^6+oTf*}Xl7|cZAN9<O%eDLc?ukAiG)c!Yr;8dn
zlJWbG8Yy2y-wy(Hs!u}e7L7Ey2%`F;suB-8onNt@piobyfd*$WN8cu;TdjPJ$7=0l
zY4*NOW9`$;_!}qZc*s3%@;5>{DDj5;kG1}}`uWiILcXyl=^AoWD~V}gVc7o!hGpPi
zTk9=JT*MxKZ#bQT7zStyF7OTQjCe)x{>17~+77!54LBV!-kzpgWM=t8G414VQ*HM=
z$M=Y?qu4J!&*$^v;p$@6U0B82q&sC6VM|7wmN8caJ$<6xC`PI~(bMa-y^vzVaT=cS
ziLRi%j<Qn>K#b(n4!g)ZO(5x(w%Co5LsOM`&dKkN+Xbo9)S@lgv@Khr*$=@D#MKj8
zO!+dy&lSG!N)4`qIzWQ*GC(r0j<PjS6=F1TnJHfpSJ4q5(u&l|VIrVcH}AGg7^;Yw
zPIzEVv6T{3^Qwxsxah$p(iu*q(ns_F9O|@8XS13Scwsk}dpEyQKRC{d<#Q1;+HAxh
zheNR1-3H%)HnvuUF+TNg=?O~9hNG~9+#q`iA&mCOFmVJD$5gw8DehXq7lb4f=!x1j
zG4*y`ifa?#aBhh5qX5grv$-=5|2q`lB<BgJ)Y$HB4Ao2BfR_<TbjY|Vm*jFAu8eTy
z#<rykgQ&7XsOu4v<gy!(y82-fZxz^^JcU}DY}xDJ$uU(k0lvDAj(L+V_vR7Cgz#j3
z;#V`Y3fy|FC1$2>Ug)N0lr6cRzm773OUWe#>rzu)mwU}<C;l$ZJ%KsRu8O71Y=c^u
z7zQd@V|nnz0gx!l!Vis}?@@z5T?C|?$N1)jh;2i-DTf)58!E$1RH_qq;u$IDAygxj
zE*<Bg=Ry-0{(NVf)&+9$uN}TYV+iW4)8Z^Ib_6b+d1fW!K20(v`At$N7)mU0R3-xQ
zYKEuH+?Yi#wV0!XyZc#ax+#3(BypMHc(uSoWlU^Fl_X~8G>PMQ73^(fkd-t{&8^qe
zb!k(*!FR4)Wx&p1<2k9I_tK^(24v&)F}fcIOr40=l@|(Y!Wsa2J=#9(m4Nn)QVjsM
zLT-twVCjYjj38h=l9j~LWDGC5UO4&zV22P~*PVV!A*?acBs@he04*TQ2k;!9dhzh!
z1P>kBj?zhn0(7Bs+;@Cr6|nW#*<M0{&6=Q;dRb3gyWHtSCfEe1yNA^<6S+*qY!;my
z{SvdN5eRqW_KNGq$@<_0(`ci6Ta*iu&nI@Z@~4qiO_f;w_~oF4oIg3o*n6=SDOG;0
z{lQA^F2ht%;zW`SiGaKRe{E+TBl%I?@!4J5;5BPvyul&(7$cc$nMu#|oG6D690M^)
zjB!F1qE*jK&#`lKGu=JCGv=_3LX?1wxGiG?PKXF#0y0vN!3u<6gn$Hy2r-I*5CaJT
z384T+gdCsmdsV+*RrhaV{6|*ab^oef-BqvNd-V=Xy3#aLOhDkvwk+T##|s5z?~@nz
z_a~wY7oZ44Z79-X4yEgLnIoc_ZL4byYxE@5MFs|_sk&7*p<^7A=I7crN<EN-wAnd5
z1lfnlLqx-CB4XW5H+_i(%FEVGC#_(z_}B-A+TwMK%7d@0Uo_+0R@)uRNKx2|8|!ZU
zk}8RkoDQk!;ZdKidt!OIuM`9==-*>aZauSPo{<UjsfuvOOF_TeaQ>^LA|>8*QiE|A
z3xVSl0Dz)&JRM)XG*e{AiGIxS9jcaMQXl4v7<cv}tE<DSP^$K;dSD9(JIdiRM5#v>
zpa||+j%P-Q+7inxDd`qT?#fgZ*$jv8NI7_-FgUv#n`9M<U&Q?mU%aFzdHOQEY#l*9
z*=z<X!{#&yEY)IN>OfT391kbSb_e%2ICK@7H7Mr!ra?G?c_12|lfkal`d_5#VZkah
zuw?6aFD$h{9KJ`E!BRGGUHAR;4xUzo29j_d6D~me0vTb8X$PH7+T{BtOq$~@!X|P>
z^o4<l^r5OP*S@!HfOZ8W-LA5AdG(`P7yCczTuw{K#B(UiW_D6neIMISlOOx`=0ii^
zEh1!P4xMosX>%R5VfA)Q1$ZQvV95o1p;Gy93UL!{Jx+G;D<f#^VANw#BmKhZu_NmZ
z+;7T*kTTYE*3Bco4PUwjq?&TM{UR)b&7F7^GW1#O)iR}AE1LzL=n^JI>Vl|+!HOFz
zCBHkHV&c@h37ouVnZnCs(NDybLT_c+n6)fI>G(R&OQ9vL+0VV-UuAnJl1P}w<ORnb
zlBlUz3}xon(KyEhwTbi;6ijABW4?Blq<>H<(;z}8fC~zo6M7-?qQvaAc@5vlru8XO
zlzb+kydM3c+FXXlj&_N4vn2*liT13d!qcXf5>hkGAK!uo9n+)C*T<rIN)Z!B)4HM5
zjBVuM)0a^>sSeQ0q~B@QM9hdyI4bk39BEGbCiJWVYfkwNw$yHG2`8VL6E)duiyrqi
zmVyn*YjUG&zw9E=FBa71(telfH8WCWCf8G7+Yt`pdQzZMv(oA)^9o_vlwYg^?k#<+
zx++Q+WD~ySxW1x06?vYd&eVM}O<6mrJD116R9Aq5{Pb-&>02M;bz|4&?d0i88ksg$
z`zY2OCn;*k63g@Ev)<mc+tOZ#0g?4Oq#KbGK!01hl3;ELtDv(Ej~(nBt>3v%C^?y>
z4fM83tu4QR^<W$HudJh;rQ%eG4)2e5R$IE|Y=>ISAtA#SF|Fvom5ee=-w?Jc<F@*?
zKf^ab7!X<YcHnfXTZA+TXWEW*r|+t_UT${@EhYYmukGIN-3`1!+VpnpCo31e5d0U4
zr82o?OsE^+dyLDW1c6($^>Wgov)gs`OK}hVk_j^nO1^`V7tDus8rDN2nDM3T!B24s
zptptxeaSoe{$vWZ6F)=zmKnX0lB*~nbgHnO^%LJKrc*DnfLS2YU6w?e_5I*f)^d0a
zakmA2O7Nf1MOk#rVt)9PTSKlxis(Ruk9zDUxNtyf&FCvb4?ZeSE{=If+(az|G#cx(
z>6J)R$5K5Lk;K&Md)Dz%zu6QyuFO+o?5v<PY8y2AIJfeq+l%8!RQuMA-osP|B9K{h
z-3V$3naFC04$tFbR8|~g>fOdsofv{*yW*di=bm+Rn1k~QbtnLa)g=MRO-hk)s|hTm
z21CV~-3m%e2oU&G4M?e5o#iFJ+UJc3QCh^Y+=vCaYqwSUR*p|E^}gj7D`v`DD`;v5
z8eSrWGHY#1R@ydeI<&A!1Eln%tVNX0HJtWS9B@pQEiN`h9#%!>4lx7W=uAGDWSJb@
zHj=hZs9%Cloo=@%L*GV+IOg@-IiwU@G?yV6rz^N;Q$^;8r$|P3x8v1JDm;A&AL;Hn
zsR0(?0YO@aP`E8~vNsUptwO_y@UyWQDH-#6sCXszjOIHiw$*RAJ;tmIRb!%gz1P-{
z(+4_rDXYWq$?lysftry(v}9?MuI_2uE2h<58wY7#QW&Y2jV_MCO4nU&H7tQAIZieH
zqNuQ5S6Mr`McR~el3^{p?DVYBzG3?%n%&;QN)s_<y*5|y7p?KNMx(HSRvW%lWo!_h
zGd(GoK7}p8S5{0?LgrG*QQ|I)(&F0hcQ%?*@d&8F0i$mQIG4b88r|O-Z*Ll#gaigI
zW_)pa+PG?8sgN{pmyVCflV+TIiG^lxhGdO<?yS$eFGfs~N+sQkpHkV%5{&;2`5{0d
zvlHsTn6ZEtq9}<SJ=0OG&U(CRrkEQ-b+?-Y+aYF?5wOwbESDQjM7RVWO@l8&>EOJQ
z;1|d?jd|4rK*$tzEfW}K4UuxILzG5m*yW<U3Z{wkAE){8Q&F^$RkMz&4`Z{fha0EL
zY7|g#Va$a{EJK9ZG5S>{ZS*PT!hw`}R9wYU!GZ$FKoAw|&~lc>jkn{07U5>3n8qiJ
zVJYImPsQPW=C7{~mLw&$(VF2Mh@@h1YJ7Dv7Y!0FT3TAHJ^>?Usj(#8A+G60)&WEe
z{S|_3NvTO=N7wgoe=WU;CTH>YNK(>m$&^VkWqHCtQH%+}T{zn0&H-DAJ&b#Th1Dc)
z&C17NU<>ZccET*!RB2n=(bj3+zU_7?4j(j8e`_~ULPCq%Qj+e})g6GML<aGJK4Ee@
z8?Lt>Qlh4m))+e?0TpwjmEc?C5y4Li&*z+RC6|^SvQM^@1t)?K@Ou|`dz<`clfito
zHkMb>j`x^l@hiwrV=i>HB3H)GWJI8>P^J@X8sc~8@8Nzsla&%7m?Tv9c`uEl(<gK~
zhDkx4nQoB=d#bY@J#0WIS!#SOfgIF#f=)w9;wV-vFfV|~h(8#mG3g}egogK7n+gVE
zsjl2yM<&tlF5uIpyy_13O`x5Qe&R5WSkb-1Gpzy}`Ij`1;d~?_3JIP1B;s!aMdXM_
zS&5&mRZolxYOKBixv+%J!!=n#+UA@m@mS?Q!jpONjymPZ(3>ScRzJMUt9UvXNen#=
zm#c<i0u1B8iGlTwsWT9#)ckkUGEitP%S^h4^T)$`*iK@593OS2QNImI*aHWumM7GZ
z7G42CWY8r_^NnZMnZihr6kNWHpMvFbDI)wU={UGI!cEi2<*gL+kY=KNn_CWwQVSC-
z9$J-9Jhx53h4PIX7PhWR@JwtFMX&U_1cb0<G;S&r!W}RVK@eb!c~eERiewrRIi~^7
zBZDR_#e9nFN0R$NvO!P5aw{cT_DrJ$$aiu0C;i)aqq3V!2qAoydt12Y!B;9$euPRk
z2aJcD_9jml-97o%T8CS(vC4cS&D&#y%0P>qPEn}qWlq3ptae>4CL_rti&z8f;}ArA
zlFKN~BR)5r$HvA=bCWPGR`YQF3L?Q+$nJG8bCc<4_T&?c-XQH{Cd=L|thSj9#2jTg
z#<jrvJTMA2P{hN@N^SI-3oZ1kT!<nkfJvQ;?x#@pl}Rf4WVjW>t=BrT)-JyKi7~WK
zej5{b-`bemRaZeOK5V5%nB^m_P&CneG{i6CP}z*32%i>c%7gtvW7WCTy7q55H4s4S
zimc}mWq8eHCndS)4W*wQl*JgET0zj2XVHkYE?I6;24{hIqsAY*9TqN=Bu`T`w$Ly^
za=sCuiwF0?Tvk%~zJOT|5n%Q}(c!6@cfF)Fiz>nELskH$afx8)5)tnu8!s;h>4vYW
zB%AR=5@dA;81$UBOrD7#G|87IYCA!7=$15NeXF(5+!(`~j~%@^bV`z9(q`>9p(D9Q
zlVr#(Vi;<+F})GODpySOes+EaPM`8OdD|Z>gD>ml5Lq}st}4)8#`4qp2k$%3STJ()
z#m^_jcn=~vH`;4fINMsA1W@1rGW*+lSKQnru8~u}GZ-SLjSxI>b9`_2R8wc&>Dp;X
zq69=}s?RPPMi`=*aJz;Eq$98l6X{MxI@WKjdaWX~l3Lp<14}NvTh4SAdut2{Uz#V`
zA};dbveq_wTj5~xMv=no(l7REIC_}Krn$%$SLvIKspCG^azm&mRctFR)K-V-4Q?l=
z_s>Vvg^hWCyD;`i>T%chdTM}lNYiC>lzxYRYTA8VHt|)32i_{E=H~JmGHbe>&0CDh
zrcCNK&R4X2MLQ-ES@O7Z^?7)r3Ye|M1+hqW80dc$2&;c0)FNe+ib|v*YhiR$4R>62
zwqu7+*@*Fe>Vx87RStU(x_3+AdZ}tUN4Bvh4cqX#T0<sL(W3~0b9+d_V|Z~x02%13
z>H;l{uNONfie<qNH(SggSe?!B&(1PDN^--)ek8rw*_oY6(8*Aib#5#6j`KGJ!G2rf
zb+}DHHYp`0b>rM-fumsyCu*oXS<*+>S#R|#aeP!)M}usQX|yHF_x)aTtqU^QhIR~i
zDH~OsTc~Tby5}Sd;Z&FCk9oHZcf>#rRrdU#Vb@(%6aq`VnL>_LQ8BsPf@rcf0-@}?
zEHt9`oGrBgWs)KAcqLcBt+*0k(pFjvc!7vwj<@RpamPwT(iQGf6)PaAW4W=q9fq1E
zTNGZ~Dpqp5vEIcMXz=Wcm&j~Nj2ZEb6`(VsP7&GDCI{=@l*3-Avt#Q^JGMgtT@v~~
zRJ+s1PMAoJIaK%1PGy~D=U_*MAS0VS8)%iR$*8tuo30)%stlsHi4a1&kA)P}OjXa>
z2RtZ?-o{Ix>w|($90z8#0l3~=bv{GV@wB%>4C&d^&O_Rjfi%~27Q&te0Ih<2$ebaE
zKy+bySL{xCD3)Wsi8go&u*H}cGgSqILX@om0={a9<gTjmdhC_xtQ)6Mv{rI5149nI
zwR~8YPA7yRK@kUE2339HEhDO6^DIya;X7<*pFwqZ^7A-3i%Mv9JtAaytMccr$+^H1
z#RZL1SvU!w50r8QC^)eNo?wh(!q;Y;B%h!hB=6V^ZZ)!w4FKn){@hgHT!vaN_&}@&
ztLrm}ym6c^<V#gF?!bBD^;w=wlR4yu0De_lwd7-_#SWLdEP+|avDvzy1I3rYo$PJ9
zx(TlWN%3_B+JNBH^ICf0&D78(+7Av26|?S*l7tKNQJAx=PTbV${_rlzQ}lk7vXXjY
z40;WQv9pUPt2F`(O&r6@VG#}1hpky6;GY4^nD>1v^B2?j7%C?=`whr>enW|PFWC=D
zqNZc^zP?L5CTE6Fe%=>eWck<zZ;MFC_N!Ac1Uj&@GM(?|bqm~Pol1)r(aiJhJ1>b-
zxz|dl;EHYxrT_Rai`XgaH9AL)J;XJ6jZz3tYAk>j+&>&rvZ`F<)Os%<G;me!N|Q}*
zGFTLNssK8TB9get#>x>D?eBz$WZ8J()Yce+W=kTqq*%hGi7p7_RG?YIF-Tdtbu{}S
z3><savB}@Bwtfr##zhi{(~~CS{i_H#Npf<-E5dk^6ImrwO~@Bvk}#(K2W$`^FzQL(
zZT77)Y6{uiN6@5fOnK|3R{}GuOUDK`GlesveQS=7*EaEUNRRi2ESS9MnVfdYJAk@^
zH$0bb(gI2@!177LF>W@~IcPaYfy)bvo<pTmq}LD|hwgQ!t#ja^NkW&ZYT(w@gks2c
zW?rQayRsH(qYMmq3e}FP1`V_vaP`6&P&(cLa=+-90S=9IBEQjd=yI?*)tEySYn+{%
z2(!2}w(V+2^MRQgSh2M4@&Hva6Q-t+672Fju^(VLVMHa{4=8PPX1@9WtJM%OV1{rM
z`&BhGrIYf8vCk;V8AU=}x$0`Qn9=#1iivY7n80@GsMcq51Q@}}#-wsz(IZLVRl$6a
z&?YO>MKcQtRwPaG9gDX3Ky5?dNEBdt)f1Nz3?1pg63wNZ5_)K62BE=d5Vo=Mq3Q1G
ztPhL;dY3CdlzF)RLuMhpkI-m(KFoLnV`Kx?j1CMJiD^*F;vqDtN`eTuE|gJ{2=5e^
z)j<`QKR2QjQklD?Ac<;yavy+|<p%O?e8n12WgVCb^@5^%kmQC<QFIjnF#>w40dH$n
zy~H|B4~gms+({+KcJq|&JZUc_RRpJT<Fy#ii3jtF>=QA6K#mZLX9A0f`J4eSfKUkL
z*@6cr;}I1;rlP5ZuJscqhS@-3B_fyo2xVI~W-m7^Q%=Gw>aG$3-~zr9Hay>GQgb3T
zHifrjCtpB6RgDFc=$yxkg;{l6?@~9<?G+uh>>LGPa+7V*tR@RH*l9O|i}Z<{y39c(
zNq2E+Wqsl^5zU3bnUxjktn(rnpRZ;sfp~D+XfB6+i@*PTn86tsdO>OWpzI`<W>g7H
z@?)DwOY#QM9t5`{lxg4<rGbMA3sUPxH|@YaaA761UU*jgSqeB;2mD;l=w=O=%9Wi3
z{1j*VAP0*vY5f&t7UjK7ln?P{%)h)&qOueu@$-jGDRH~CpnzVb^J3^LFspl9OjVz4
z17gaRmr5O8PFX<$Upe0_70WTKSzx4Ha654rh0(&=1FcW4(q?xngbTxXGViI3r#Gkz
zK8CR1Oi$hF@3zn)Cf>9$h0tc!A4&DcVNusMEIbvLw<YuL2aTXdd^<n0S*oC+INb%r
z^gtGSx{FPbtLIE*nQVGF0MKLxi~cYvp|wu4+iNE_L}^bvPm#TYtQG7xoL>li@?p3h
za^dSorq<YgjPpR=+O#mlNu!$SsMoNhmFH1%3oqhfBJ-Ih`uI40oVe_Sb$zO>S7;bp
zj0Lo|38w7o2;Sc;2V*bHmM$LES?5}D2*rS4ftQ*%^Vl*&z%cz;(RTBcyF?kPwyiha
zH4DpEnYW`2P?f`RYRHk9`y{T0!61oz5kFNmtRW6~xEdfDR=a&7aaT_ly;tTk$fKf_
zs8<oDs+bYjF`hWJv#KY%%*SvNl{3Ov`_ZcTFkESab&O9L`HAEWv9*oOWpr(&b8ag%
zjw}Gl75w`+moCexK}{ZxJ50($QRlJDkzTYRZVv*1QVx26i{VzWvV#y7(`pfvs(DX$
zs3zRKPEBX&oyAs{r`}-ObeP@F;X`w7L;D`mUa!K6;M2oJP-oFKo+4BiZH&btI(OWZ
z><!Uj*iH8E2&=)ANMW<H#1URPxze^%5;C|c7uS&JI8wuNx;;GmeCK&_&Gdf|?vk7v
z?P3bVHjWXTEX#BS&4oDe=of`ZydPQ)M8Y_>#!Lu?5DW>X)3Yt&BnNWbJOrdT?{*w2
ztB7K`S>FwVErf2f-bHD|*!cG405{$ByJKE!HfHIpv$<_n&^p%$W(F&0vedSt4Oc_<
z4m1#3p0<o~q~l8r+RAvtn-)RA+~o1d*XlRfjfgk#eV}I9GGId6Yw}$*CXFE+4Eda9
zHx7E8V{3+rrsFPQBPoD8^3_d#%I`ZhPQ~0s4uv3C%}x(x4Q18`t|=)_jV*2ST&G;!
zw_1K8FUr~*H>X^%PSV4dWm$3blX)^K9AFmf$BgF`TdCdKXpf-<frks+G+J}snWg3q
z`i;cFAXcH&1l1LrQ#OW_Ob8yxUABIbzbfSmRpfyYf}4@N3<wep9vN!p>7nC!qNz=c
zWgD?*pp8O{b$6iQ0)gdK*@KNHASQEMm$$K>=xuvHy&8Yl0p%seRlXOZdO8=+5~hmg
zq0p99y8)p)&P2545@a?*><^;8<M09O*M)3>2{Y87eW2)%_^CoEiR);=W2EHC%Sh2o
zg*xf3ZckaJjkkMyd)aa@7Tv~JX@If<F$8jPBHOpSO=1cacS<pRc_rY9Rm6xs#RyS#
z99&sMYTW1*;&ninN;8^bUD9{uea*K-nzPv;C}E>xOHaDd@a4QMFoPQw)4(S!>Klf;
z13H66F=F0#r)#`}PPV`X-DeJ*A0s{_y*t6Liz_ml^6xlIupnlsOr{YY0V?1-=%)=Q
zV*!IsRb`1bX6~n|%HWMg`U%683H7jjs<Kww`;CwO@?x+B3y7KGaGmJkoaEZ8oCC2<
zMm&UqeGn|J_3fI+;?T9oz%L@j3JyRMzR=a3;~8di&~GkGL5PWZR)m}7lctiYo5P=W
zAZPm0XIBoFWRP!-MIB>Oqo#!!p%tV9%tga(y-RW;;*UsPcnjPl9;s|L+oT{rwkUq7
zHdb9<BJH%iD+d>DNitMJ+l`mz28Pb9(QItmAj7QK;8(l2S>9TCreEs#06`rYJlojV
z<wD3wvBAuiTcHOIK%}RW7wpclrG-fyE$%&`12Y=O+*HyR)TBFWV{09IMXwKMFSNF8
zJ5V}MAyV#(h0*9!y>r9mBBDrWng(&r#zOGSaMJ{xbd-X(o6Rk_9Q019&yf#j{T#dK
z+vsm0#xpy8zn~kvE=wP-VYDhx4ur&^V=A5ECWL0X`oaV%*J%q!Y@Qo2WZ80>8@GrE
zhBRHB9b4E9Ue+orj@XEb4I!f^uW(2m44m~Shjk{Ze8IKP0L1pr7_`}rOFW#L^-G2|
zg&&mqKuI6l7H2H5P8z6!V!Kq$GD<sOvT@rOJV$EFCt09GQiygSTH)fsf)<w@<9siH
zn$bY%EFUuFB|TfLsX@57EBpi|%|k?VG$VmL<qdqG1&5VFWTWkuLEe9IJb;d$vkpNO
z+B#iGytQ%}-G=0H5zo@11FRV%*g8FweRm^qJBX<yt5|N?aYZ^XaCx(c35(8SLY`l`
z<K%5M&+4ro<I0W)td6Z-jv&`?U^Z?hyvQdE>5bT*cid3B>A-RRo_6rGqa!0vs~tJx
z%%{KV*{^!&$bka~Pamm0W8$pZnP(ij?zA(`J$T)<6BpE;sE@<v9=-Au^Rm$#{jKd4
z2ne?Vu3dQE5uD}|Nf;gIx!TNeK8XYsKBte@E`KDoO&qN~PK_Np_pBE{kB(jk!7@5g
zdr{iO1E-H1dhST=s)LsvUf#XnlegZu`qjM;b)WE&SA5`O2R`|fpL@zk@95Jm|N3n=
zzvi0HU;DuaPd)vDZ$5DR2jBVj8&}UeaP-cvee0zU+;-a!f4})VqaS(i!9xc|4y08x
z`a_qET=|Q4e*HcD(dVA{+aK<namT@jCO_Vqx&FxS{_)n*f86%Ei>`Xp*Uo(7)amEE
z;|pJV?&#eo`&WPZd%d5ojlbaIcfR4Jk2>eccf9rS%<QfFebT|xetl%9{@RIrK1OR7
z`s|+f{A({8eHMs!^x6=!>=~oa*;*W*7_U7;5NDlx$<?j?=w%)Dn)uVvE2Kvi8M@KS
zp!iyfbXG11ukp3obg>}zId%LIF7J!e`O(z>#z^hi2QM4B@AsOo`%(L@xmSGnqd)rC
z=U@5FH$3U=v;O8CkA2IF-u9vQU2}E+`oB1O$=Hu;FYLbJyqDi~`vreC|GfHl?*HoR
zAOFtt*Z%&CuYB!0uc@5-#z^Ou&6{3d`@!tVcV9jF+h=|M+ROjwhND0E^cU`b$+Q3U
zsgL{8_utfh>_z8aK6}%n5549mZ~o#xUjLq--2K1<FFk(4#7|dlId$9geSi1uKltu9
zuKe#;-~GaSKlA0M9{kF8KlS8$Pkw1<=@Ym7@_m1@`P%NAMn>+`?mxSB<2~uX9`Ux1
zn|=aE_LDZpILl|-+n?jL7uSB?&ejtRj$?s?h+2)w_v9yp<XIxDVYm>J&-dgB9I)w6
zOujfI&tVZZJxwL~d1c4m+`aohJGZ{2@t6l+^s*B#IAijv8;|_e(YsE*d+n;ljia~x
z^IyOFh5vQ-_iz5-`WxTg`{@0TJAYwm^4fnp>$NA|{D+@BcJFsCIrd>@<WTL#TLvor
zf8VM$E>Oh;qTq=+ZBz`8YW(M;9~fq1WaZ|6SvmK_NA9?OZu|Kw-~IOYUVYz(-*wNg
zedU^`p8G2wI{uhTj%_}8=`ZXy-~Q0!kKFpb|GDn8x315;`m%T3e#b3WO#XXq{-YCX
zU;NX1zWkRDeP-{^Fa3w-eEJi&A9>zq-}{v-KY#MXc^AF^vv0fbrt3yVCT^(Rc<aFf
z2WnG~?3e^Z`j|5w?TGZ?>EO|%{~VmtE<N-9_kHTZm;ci%-|(o*HV>Y8&DHOF@LQj{
z>7LQ;-fPZo{rG}!{O0H0f5p8cpS%8?sk5JTv~l(OuXz2-erc)xfxG6;eAEwq_4d=7
KZ+GlHGV;IFWf8vs

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/x509v3.der b/nss/cmd/samples/x509v3.der
new file mode 100644
index 0000000000000000000000000000000000000000..1ada57c56706f55643435fe32d462b9fb84eaa73
GIT binary patch
literal 463
zcmXqLVmxio#8|q3nTe5!iIKs8myJ`a&7<u*FC!xhD}#ZzA-4f18*?ZNn=n&ou%VcN
z2#CWa%o~<klo_0vo~PiMm#k+fVju((=N9I6%}dYBO9e{ir5o}Y@PI^_g;~84i}Ujg
z<ivR`O${u7(A)qBqJUg8FbBe=u4OUEUSVWqVD@G(@L+OeSiiI+<lEh|Hlgp2%=xzO
zP55IY%O?zWM|=G@FiMrlhzT4l6RL9i%*Fb^aq@xfg~#@o3u%4cJ;i}ZYF>kKX~tJa
zCT2zk#>FlMPN1MjOiE^C{LjLbT2YdkSDcxjX9yBaNlil)H3EsIXJn#^8Y8<97}(5?
z4B1R)BSK~v-PypjQYc~C*Txr5`&R6A;Py^wHru5?k<<8FkH@vAyDAp?2F7PJdVaMt
VyeN76!b^i2uUK|Hu-0|%2LRb)hphkr

literal 0
HcmV?d00001

diff --git a/nss/cmd/samples/x509v3.txt b/nss/cmd/samples/x509v3.txt
new file mode 100644
index 0000000..dde3076
--- /dev/null
+++ b/nss/cmd/samples/x509v3.txt
@@ -0,0 +1,10 @@
+MIIByzCCAXWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBLMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNVmVyaVNpZ24gSW5jLjEUMBIGA1UECxMLRW5naW5lZXJpbmcxDjAM
+BgNVBAMTBUphc29uMB4XDTk1MDgwODA3MDAwMFoXDTk2MDgwNzA3MDAwMFowSzEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAoTDVZlcmlTaWduIEluYy4xFDASBgNVBAsTC0Vu
+Z2luZWVyaW5nMQ4wDAYDVQQDEwVKYXNvbjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
+QQCvpXRU9t3NPFXvxJz2vuxX4zI55AA+xY1PsAEadhwWEMF2EnpG8woF4EGTwLdx
+xrw3Eirzu5RAAhqegCN1aPVBAgMBAAGjRDBCMBQGA2FiYwEB/wQKZXh0ZW5zaW9u
+MTAUBgNkZWYBAf8ECmV4dGVuc2lvbjIwFAYDZ2hpAQH/BApleHRlbnNpb24zMA0G
+CSqGSIb3DQEBBAUAA0EAawLNWFSYMtywAqkSYJb1gejljqi9QAtLZIM2ui+RCTP2
+jEjW5bp4oU1RX2iBSfU+MdEZx9DpMNjqBLrgOy1Djw==
diff --git a/nss/cmd/sdrtest/Makefile b/nss/cmd/sdrtest/Makefile
new file mode 100644
index 0000000..265ea56
--- /dev/null
+++ b/nss/cmd/sdrtest/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
diff --git a/nss/cmd/sdrtest/manifest.mn b/nss/cmd/sdrtest/manifest.mn
new file mode 100644
index 0000000..d0c6745
--- /dev/null
+++ b/nss/cmd/sdrtest/manifest.mn
@@ -0,0 +1,26 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = \
+	sdrtest.c \
+	$(NULL)
+
+# headers for the MODULE (defined above) are implicitly required.
+REQUIRES = dbm seccmd
+
+# WINNT uses EXTRA_LIBS as the list of libs to link in.
+# Unix uses     OS_LIBS for that purpose.
+# We can solve this via conditional makefile code, but 
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+# So, look in the local Makefile for the defines for the list of libs.
+
+PROGRAM = sdrtest
+
+#USE_STATIC_LIBS = 1
diff --git a/nss/cmd/sdrtest/sdrtest.c b/nss/cmd/sdrtest/sdrtest.c
new file mode 100644
index 0000000..651c63b
--- /dev/null
+++ b/nss/cmd/sdrtest/sdrtest.c
@@ -0,0 +1,427 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Test program for SDR (Secret Decoder Ring) functions.
+ */
+
+#include "nspr.h"
+#include "string.h"
+#include "nss.h"
+#include "secutil.h"
+#include "cert.h"
+#include "pk11func.h"
+
+#include "plgetopt.h"
+#include "pk11sdr.h"
+#include "nssb64.h"
+
+#define DEFAULT_VALUE "Test"
+static const char default_value[] = { DEFAULT_VALUE };
+
+PRFileDesc *pr_stderr;
+PRBool verbose = PR_FALSE;
+
+static void
+synopsis(char *program_name)
+{
+    PR_fprintf(pr_stderr,
+               "Usage: %s [<common>] -i <input-file>\n"
+               "       %s [<common>]  -o <output-file>\n"
+               "       <common> [-d dir] [-v] [-t text] [-a] [-f pwfile | -p pwd]\n",
+               program_name, program_name);
+}
+
+static void
+short_usage(char *program_name)
+{
+    PR_fprintf(pr_stderr,
+               "Type %s -H for more detailed descriptions\n",
+               program_name);
+    synopsis(program_name);
+}
+
+static void
+long_usage(char *program_name)
+{
+    synopsis(program_name);
+    PR_fprintf(pr_stderr, "\nSecret Decoder Test:\n");
+    PR_fprintf(pr_stderr,
+               "  %-13s Read encrypted data from \"file\"\n",
+               "-i file");
+    PR_fprintf(pr_stderr,
+               "  %-13s Write newly generated encrypted data to \"file\"\n",
+               "-o file");
+    PR_fprintf(pr_stderr,
+               "  %-13s Use \"text\" as the plaintext for encryption and verification\n",
+               "-t text");
+    PR_fprintf(pr_stderr,
+               "  %-13s Find security databases in \"dbdir\"\n",
+               "-d dbdir");
+    PR_fprintf(pr_stderr,
+               "  %-13s read the password from \"pwfile\"\n",
+               "-f pwfile");
+    PR_fprintf(pr_stderr,
+               "  %-13s supply \"password\" on the command line\n",
+               "-p password");
+}
+
+int
+readStdin(SECItem *result)
+{
+    unsigned int bufsize = 0;
+    int cc;
+    unsigned int wanted = 8192U;
+
+    result->len = 0;
+    result->data = NULL;
+    do {
+        if (bufsize < wanted) {
+            unsigned char *tmpData = (unsigned char *)PR_Realloc(result->data, wanted);
+            if (!tmpData) {
+                if (verbose)
+                    PR_fprintf(pr_stderr, "Allocation of buffer failed\n");
+                return -1;
+            }
+            result->data = tmpData;
+            bufsize = wanted;
+        }
+        cc = PR_Read(PR_STDIN, result->data + result->len, bufsize - result->len);
+        if (cc > 0) {
+            result->len += (unsigned)cc;
+            if (result->len >= wanted)
+                wanted *= 2;
+        }
+    } while (cc > 0);
+    return cc;
+}
+
+int
+readInputFile(const char *filename, SECItem *result)
+{
+    PRFileDesc *file /* = PR_OpenFile(input_file, 0) */;
+    PRFileInfo info;
+    PRStatus s;
+    PRInt32 count;
+    int retval = -1;
+
+    file = PR_Open(filename, PR_RDONLY, 0);
+    if (!file) {
+        if (verbose)
+            PR_fprintf(pr_stderr, "Open of file %s failed\n", filename);
+        goto loser;
+    }
+
+    s = PR_GetOpenFileInfo(file, &info);
+    if (s != PR_SUCCESS) {
+        if (verbose)
+            PR_fprintf(pr_stderr, "File info operation failed\n");
+        goto file_loser;
+    }
+
+    result->len = info.size;
+    result->data = (unsigned char *)PR_Malloc(result->len);
+    if (!result->data) {
+        if (verbose)
+            PR_fprintf(pr_stderr, "Allocation of buffer failed\n");
+        goto file_loser;
+    }
+
+    count = PR_Read(file, result->data, result->len);
+    if (count != result->len) {
+        if (verbose)
+            PR_fprintf(pr_stderr, "Read failed\n");
+        goto file_loser;
+    }
+    retval = 0;
+
+file_loser:
+    PR_Close(file);
+loser:
+    return retval;
+}
+
+int
+main(int argc, char **argv)
+{
+    int retval = 0; /* 0 - test succeeded.  -1 - test failed */
+    SECStatus rv;
+    PLOptState *optstate;
+    PLOptStatus optstatus;
+    char *program_name;
+    const char *input_file = NULL;     /* read encrypted data from here (or create) */
+    const char *output_file = NULL;    /* write new encrypted data here */
+    const char *value = default_value; /* Use this for plaintext */
+    SECItem data;
+    SECItem result = { 0, 0, 0 };
+    SECItem text;
+    PRBool ascii = PR_FALSE;
+    secuPWData pwdata = { PW_NONE, 0 };
+
+    pr_stderr = PR_STDERR;
+    result.data = 0;
+    text.data = 0;
+    text.len = 0;
+
+    program_name = PL_strrchr(argv[0], '/');
+    program_name = program_name ? (program_name + 1) : argv[0];
+
+    optstate = PL_CreateOptState(argc, argv, "?Had:i:o:t:vf:p:");
+    if (optstate == NULL) {
+        SECU_PrintError(program_name, "PL_CreateOptState failed");
+        return -1;
+    }
+
+    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+                short_usage(program_name);
+                return retval;
+
+            case 'H':
+                long_usage(program_name);
+                return retval;
+
+            case 'a':
+                ascii = PR_TRUE;
+                break;
+
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+
+            case 'i':
+                input_file = optstate->value;
+                break;
+
+            case 'o':
+                output_file = optstate->value;
+                break;
+
+            case 't':
+                value = optstate->value;
+                break;
+
+            case 'f':
+                if (pwdata.data) {
+                    PORT_Free(pwdata.data);
+                    short_usage(program_name);
+                    return -1;
+                }
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'p':
+                if (pwdata.data) {
+                    PORT_Free(pwdata.data);
+                    short_usage(program_name);
+                    return -1;
+                }
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'v':
+                verbose = PR_TRUE;
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+    if (optstatus == PL_OPT_BAD) {
+        short_usage(program_name);
+        return -1;
+    }
+    if (!output_file && !input_file && value == default_value) {
+        short_usage(program_name);
+        PR_fprintf(pr_stderr, "Must specify at least one of -t, -i or -o \n");
+        return -1;
+    }
+
+    /*
+     * Initialize the Security libraries.
+     */
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    if (output_file) {
+        rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
+    } else {
+        rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    }
+    if (rv != SECSuccess) {
+        SECU_PrintError(program_name, "NSS_Init failed");
+        retval = -1;
+        goto prdone;
+    }
+
+    /* Convert value into an item */
+    data.data = (unsigned char *)value;
+    data.len = strlen(value);
+
+    /* Get the encrypted result, either from the input file
+     * or from encrypting the plaintext value
+     */
+    if (input_file) {
+        if (verbose)
+            printf("Reading data from %s\n", input_file);
+
+        if (!strcmp(input_file, "-")) {
+            retval = readStdin(&result);
+            ascii = PR_TRUE;
+        } else {
+            retval = readInputFile(input_file, &result);
+        }
+        if (retval != 0)
+            goto loser;
+        if (ascii) {
+            /* input was base64 encoded.  Decode it. */
+            SECItem newResult = { 0, 0, 0 };
+            SECItem *ok = NSSBase64_DecodeBuffer(NULL, &newResult,
+                                                 (const char *)result.data, result.len);
+            if (!ok) {
+                SECU_PrintError(program_name, "Base 64 decode failed");
+                retval = -1;
+                goto loser;
+            }
+            SECITEM_ZfreeItem(&result, PR_FALSE);
+            result = *ok;
+        }
+    } else {
+        SECItem keyid = { 0, 0, 0 };
+        SECItem outBuf = { 0, 0, 0 };
+        PK11SlotInfo *slot = NULL;
+
+        /* sigh, initialize the key database */
+        slot = PK11_GetInternalKeySlot();
+        if (slot && PK11_NeedUserInit(slot)) {
+            switch (pwdata.source) {
+                case PW_FROMFILE:
+                    rv = SECU_ChangePW(slot, 0, pwdata.data);
+                    break;
+                case PW_PLAINTEXT:
+                    rv = SECU_ChangePW(slot, pwdata.data, 0);
+                    break;
+                default:
+                    rv = SECU_ChangePW(slot, "", 0);
+                    break;
+            }
+            if (rv != SECSuccess) {
+                SECU_PrintError(program_name, "Failed to initialize slot \"%s\"",
+                                PK11_GetSlotName(slot));
+                return SECFailure;
+            }
+        }
+        if (slot) {
+            PK11_FreeSlot(slot);
+        }
+
+        rv = PK11SDR_Encrypt(&keyid, &data, &result, &pwdata);
+        if (rv != SECSuccess) {
+            if (verbose)
+                SECU_PrintError(program_name, "Encrypt operation failed\n");
+            retval = -1;
+            goto loser;
+        }
+
+        if (verbose)
+            printf("Encrypted result is %d bytes long\n", result.len);
+
+        if (!strcmp(output_file, "-")) {
+            ascii = PR_TRUE;
+        }
+
+        if (ascii) {
+            /* base64 encode output. */
+            char *newResult = NSSBase64_EncodeItem(NULL, NULL, 0, &result);
+            if (!newResult) {
+                SECU_PrintError(program_name, "Base 64 encode failed\n");
+                retval = -1;
+                goto loser;
+            }
+            outBuf.data = (unsigned char *)newResult;
+            outBuf.len = strlen(newResult);
+            if (verbose)
+                printf("Base 64 encoded result is %d bytes long\n", outBuf.len);
+        } else {
+            outBuf = result;
+        }
+
+        /* -v printf("Result is %.*s\n", text.len, text.data); */
+        if (output_file) {
+            PRFileDesc *file;
+            PRInt32 count;
+
+            if (verbose)
+                printf("Writing result to %s\n", output_file);
+            if (!strcmp(output_file, "-")) {
+                file = PR_STDOUT;
+            } else {
+                /* Write to file */
+                file = PR_Open(output_file, PR_CREATE_FILE | PR_WRONLY, 0666);
+            }
+            if (!file) {
+                if (verbose)
+                    SECU_PrintError(program_name,
+                                    "Open of output file %s failed\n",
+                                    output_file);
+                retval = -1;
+                goto loser;
+            }
+
+            count = PR_Write(file, outBuf.data, outBuf.len);
+
+            if (file == PR_STDOUT) {
+                puts("");
+            } else {
+                PR_Close(file);
+            }
+
+            if (count != outBuf.len) {
+                if (verbose)
+                    SECU_PrintError(program_name, "Write failed\n");
+                retval = -1;
+                goto loser;
+            }
+            if (ascii) {
+                free(outBuf.data);
+            }
+        }
+    }
+
+    /* Decrypt the value */
+    rv = PK11SDR_Decrypt(&result, &text, &pwdata);
+    if (rv != SECSuccess) {
+        if (verbose)
+            SECU_PrintError(program_name, "Decrypt operation failed\n");
+        retval = -1;
+        goto loser;
+    }
+
+    if (verbose)
+        printf("Decrypted result is \"%.*s\"\n", text.len, text.data);
+
+    /* Compare to required value */
+    if (text.len != data.len || memcmp(data.data, text.data, text.len) != 0) {
+        if (verbose)
+            PR_fprintf(pr_stderr, "Comparison failed\n");
+        retval = -1;
+        goto loser;
+    }
+
+loser:
+    if (text.data)
+        SECITEM_ZfreeItem(&text, PR_FALSE);
+    if (result.data)
+        SECITEM_ZfreeItem(&result, PR_FALSE);
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+prdone:
+    PR_Cleanup();
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
+    }
+    return retval;
+}
diff --git a/nss/cmd/sdrtest/sdrtest.gyp b/nss/cmd/sdrtest/sdrtest.gyp
new file mode 100644
index 0000000..c544e17
--- /dev/null
+++ b/nss/cmd/sdrtest/sdrtest.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'sdrtest',
+      'type': 'executable',
+      'sources': [
+        'sdrtest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/selfserv/Makefile b/nss/cmd/selfserv/Makefile
new file mode 100644
index 0000000..7b74b36
--- /dev/null
+++ b/nss/cmd/selfserv/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/selfserv/manifest.mn b/nss/cmd/selfserv/manifest.mn
new file mode 100644
index 0000000..a170169
--- /dev/null
+++ b/nss/cmd/selfserv/manifest.mn
@@ -0,0 +1,20 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = selfserv.c
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+PROGRAM = selfserv
+
diff --git a/nss/cmd/selfserv/selfserv.c b/nss/cmd/selfserv/selfserv.c
new file mode 100644
index 0000000..b62482e
--- /dev/null
+++ b/nss/cmd/selfserv/selfserv.c
@@ -0,0 +1,2784 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* -r flag is interepreted as follows:
+ *  1 -r  means request, not require, on initial handshake.
+ *  2 -r's mean request  and require, on initial handshake.
+ *  3 -r's mean request, not require, on second handshake.
+ *  4 -r's mean request  and require, on second handshake.
+ */
+#include <stdio.h>
+#include <string.h>
+
+#include "secutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#if defined(_WINDOWS)
+#include <process.h> /* for getpid() */
+#endif
+
+#include <signal.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+
+#include "nspr.h"
+#include "prio.h"
+#include "prerror.h"
+#include "prnetdb.h"
+#include "prclist.h"
+#include "plgetopt.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "cert.h"
+#include "certt.h"
+#include "ocsp.h"
+
+#ifndef PORT_Sprintf
+#define PORT_Sprintf sprintf
+#endif
+
+#ifndef PORT_Strstr
+#define PORT_Strstr strstr
+#endif
+
+#ifndef PORT_Malloc
+#define PORT_Malloc PR_Malloc
+#endif
+
+int NumSidCacheEntries = 1024;
+
+static int handle_connection(PRFileDesc *, PRFileDesc *, int);
+
+static const char envVarName[] = { SSL_ENV_VAR_NAME };
+static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" };
+
+#define MAX_VIRT_SERVER_NAME_ARRAY_INDEX 10
+#define MAX_CERT_NICKNAME_ARRAY_INDEX 10
+
+#define DEFAULT_BULK_TEST 16384
+#define MAX_BULK_TEST 1048576 /* 1 MB */
+static PRBool testBulk;
+static PRUint32 testBulkSize = DEFAULT_BULK_TEST;
+static PRInt32 testBulkTotal;
+static char *testBulkBuf;
+static PRDescIdentity log_layer_id = PR_INVALID_IO_LAYER;
+static PRFileDesc *loggingFD;
+static PRIOMethods loggingMethods;
+
+static PRBool logStats;
+static PRBool loggingLayer;
+static int logPeriod = 30;
+static PRInt32 loggerOps;
+static PRInt32 loggerBytes;
+static PRInt32 loggerBytesTCP;
+static PRInt32 bulkSentChunks;
+static enum ocspStaplingModeEnum {
+    osm_disabled,  /* server doesn't support stapling */
+    osm_good,      /* supply a signed good status */
+    osm_revoked,   /* supply a signed revoked status */
+    osm_unknown,   /* supply a signed unknown status */
+    osm_failure,   /* supply a unsigned failure status, "try later" */
+    osm_badsig,    /* supply a good status response with a bad signature */
+    osm_corrupted, /* supply a corrupted data block as the status */
+    osm_random,    /* use a random response for each connection */
+    osm_ocsp       /* retrieve ocsp status from external ocsp server,
+              use empty status if server is unavailable */
+} ocspStaplingMode = osm_disabled;
+typedef enum ocspStaplingModeEnum ocspStaplingModeType;
+static char *ocspStaplingCA = NULL;
+static SECItemArray *certStatus[MAX_CERT_NICKNAME_ARRAY_INDEX] = { NULL };
+
+const int ssl3CipherSuites[] = {
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
+    0
+};
+
+/* data and structures for shutdown */
+static int stopping;
+
+static PRBool noDelay;
+static int requestCert;
+static int verbose;
+static SECItem bigBuf;
+static int configureDHE = -1;        /* -1: don't configure, 0 disable, >=1 enable*/
+static int configureReuseECDHE = -1; /* -1: don't configure, 0 refresh, >=1 reuse*/
+static int configureWeakDHE = -1;    /* -1: don't configure, 0 disable, >=1 enable*/
+
+static PRThread *acceptorThread;
+
+static PRLogModuleInfo *lm;
+
+#define PRINTF   \
+    if (verbose) \
+    printf
+#define FPRINTF  \
+    if (verbose) \
+    fprintf
+#define FLUSH           \
+    if (verbose) {      \
+        fflush(stdout); \
+        fflush(stderr); \
+    }
+#define VLOG(arg) PR_LOG(lm, PR_LOG_DEBUG, arg)
+
+static void
+PrintUsageHeader(const char *progName)
+{
+    fprintf(stderr,
+            "Usage: %s -n rsa_nickname -p port [-BDENRZbjlmrsuvx] [-w password]\n"
+            "         [-t threads] [-i pid_file] [-c ciphers] [-Y] [-d dbdir] [-g numblocks]\n"
+            "         [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n"
+            "         [-V [min-version]:[max-version]] [-a sni_name]\n"
+            "         [ T <good|revoked|unknown|badsig|corrupted|none|ocsp>] [-A ca]\n"
+            "         [-C SSLCacheEntries] [-S dsa_nickname] -Q [-I groups]"
+#ifndef NSS_DISABLE_ECC
+            " [-e ec_nickname]"
+#endif /* NSS_DISABLE_ECC */
+            "\n"
+            "         -U [0|1] -H [0|1|2] -W [0|1]\n",
+            progName);
+}
+
+static void
+PrintParameterUsage()
+{
+    fputs(
+        "-V [min]:[max] restricts the set of enabled SSL/TLS protocol versions.\n"
+        "   All versions are enabled by default.\n"
+        "   Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
+        "   Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
+        "-D means disable Nagle delays in TCP\n"
+        "-R means disable detection of rollback from TLS to SSL3\n"
+        "-a configure server for SNI.\n"
+        "-k expected name negotiated on server sockets\n"
+        "-b means try binding to the port and exit\n"
+        "-m means test the model-socket feature of SSL_ImportFD.\n"
+        "-r flag is interepreted as follows:\n"
+        "    1 -r  means request, not require, cert on initial handshake.\n"
+        "    2 -r's mean request  and require, cert on initial handshake.\n"
+        "    3 -r's mean request, not require, cert on second handshake.\n"
+        "    4 -r's mean request  and require, cert on second handshake.\n"
+        "-s means disable SSL socket locking for performance\n"
+        "-u means enable Session Ticket extension for TLS.\n"
+        "-v means verbose output\n"
+        "-z means enable compression.\n"
+        "-L seconds means log statistics every 'seconds' seconds (default=30).\n"
+        "-M maxProcs tells how many processes to run in a multi-process server\n"
+        "-N means do NOT use the server session cache.  Incompatible with -M.\n"
+        "-t threads -- specify the number of threads to use for connections.\n"
+        "-i pid_file file to write the process id of selfserve\n"
+        "-l means use local threads instead of global threads\n"
+        "-g numblocks means test throughput by sending total numblocks chunks\n"
+        "    of size 16kb to the client, 0 means unlimited (default=0)\n"
+        "-j means measure TCP throughput (for use with -g option)\n"
+        "-C SSLCacheEntries sets the maximum number of entries in the SSL\n"
+        "    session cache\n"
+        "-T <mode> enable OCSP stapling. Possible modes:\n"
+        "   none: don't send cert status (default)\n"
+        "   good, revoked, unknown: Include locally signed response. Requires: -A\n"
+        "   failure: return a failure response (try later, unsigned)\n"
+        "   badsig: use a good status but with an invalid signature\n"
+        "   corrupted: stapled cert status is an invalid block of data\n"
+        "   random: each connection uses a random status from this list:\n"
+        "           good, revoked, unknown, failure, badsig, corrupted\n"
+        "   ocsp: fetch from external OCSP server using AIA, or none\n"
+        "-A <ca> Nickname of a CA used to sign a stapled cert status\n"
+        "-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
+        "-H override default DHE server support, 0: disable, 1: enable, "
+        "   2: require DH named groups\n"
+        "-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
+        "-c Restrict ciphers\n"
+        "-Y prints cipher values allowed for parameter -c and exits\n"
+        "-G enables the extended master secret extension [RFC7627]\n"
+        "-Q enables ALPN for HTTP/1.1 [RFC7301]\n"
+        "-I comma separated list of enabled groups for TLS key exchange.\n"
+        "   The following values are valid:\n"
+        "   P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n"
+        "-Z enable 0-RTT (for TLS 1.3; also use -u)\n",
+        stderr);
+}
+
+static void
+Usage(const char *progName)
+{
+    PrintUsageHeader(progName);
+    PrintParameterUsage();
+}
+
+static void
+PrintCipherUsage(const char *progName)
+{
+    PrintUsageHeader(progName);
+    fputs(
+        "-c ciphers   Letter(s) chosen from the following list\n"
+        "c    SSL3 RSA WITH RC4 128 MD5\n"
+        "d    SSL3 RSA WITH 3DES EDE CBC SHA\n"
+        "e    SSL3 RSA WITH DES CBC SHA\n"
+        "f    SSL3 RSA EXPORT WITH RC4 40 MD5\n"
+        "g    SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
+        "i    SSL3 RSA WITH NULL MD5\n"
+        "j    SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
+        "k    SSL3 RSA FIPS WITH DES CBC SHA\n"
+        "l    SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
+        "m    SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
+        "n    SSL3 RSA WITH RC4 128 SHA\n"
+        "o    TLS_DHE_DSS_WITH_RC4_128_SHA\n"
+        "p    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n"
+        "q    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n"
+        "r    TLS_DHE_RSA_WITH_DES_CBC_SHA\n"
+        "s    TLS_DHE_DSS_WITH_DES_CBC_SHA\n"
+        "t    TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n"
+        "u    TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n"
+        "v    SSL3 RSA WITH AES 128 CBC SHA\n"
+        "w    TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n"
+        "x    TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n"
+        "y    SSL3 RSA WITH AES 256 CBC SHA\n"
+        "z    SSL3 RSA WITH NULL SHA\n"
+        "\n"
+        ":WXYZ  Use cipher with hex code { 0xWX , 0xYZ } in TLS\n",
+        stderr);
+}
+
+static const char *
+errWarn(char *funcString)
+{
+    PRErrorCode perr = PR_GetError();
+    const char *errString = SECU_Strerror(perr);
+
+    fprintf(stderr, "selfserv: %s returned error %d:\n%s\n",
+            funcString, perr, errString);
+    return errString;
+}
+
+static void
+errExit(char *funcString)
+{
+    errWarn(funcString);
+    exit(3);
+}
+
+/**************************************************************************
+**
+** Routines for disabling SSL ciphers.
+**
+**************************************************************************/
+
+/* disable all the SSL cipher suites */
+void
+disableAllSSLCiphers(void)
+{
+    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+    int i = SSL_NumImplementedCiphers;
+    SECStatus rv;
+
+    while (--i >= 0) {
+        PRUint16 suite = cipherSuites[i];
+        rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
+        if (rv != SECSuccess) {
+            printf("SSL_CipherPrefSetDefault rejected suite 0x%04x (i = %d)\n",
+                   suite, i);
+            errWarn("SSL_CipherPrefSetDefault");
+        }
+    }
+}
+
+static SECStatus
+mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
+                     PRBool isServer)
+{
+    SECStatus rv;
+    CERTCertificate *peerCert;
+
+    peerCert = SSL_PeerCertificate(fd);
+
+    if (peerCert) {
+        PRINTF("selfserv: Subject: %s\nselfserv: Issuer : %s\n",
+               peerCert->subjectName, peerCert->issuerName);
+        CERT_DestroyCertificate(peerCert);
+    }
+
+    rv = SSL_AuthCertificate(arg, fd, checkSig, isServer);
+
+    if (rv == SECSuccess) {
+        PRINTF("selfserv: -- SSL3: Certificate Validated.\n");
+    } else {
+        int err = PR_GetError();
+        FPRINTF(stderr, "selfserv: -- SSL3: Certificate Invalid, err %d.\n%s\n",
+                err, SECU_Strerror(err));
+    }
+    FLUSH;
+    return rv;
+}
+
+void
+printSSLStatistics()
+{
+    SSL3Statistics *ssl3stats = SSL_GetStatistics();
+
+    printf(
+        "selfserv: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
+        "          %ld stateless resumes, %ld ticket parse failures\n",
+        ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+        ssl3stats->hch_sid_cache_not_ok, ssl3stats->hch_sid_stateless_resumes,
+        ssl3stats->hch_sid_ticket_parse_failures);
+}
+
+void
+printSecurityInfo(PRFileDesc *fd)
+{
+    CERTCertificate *cert = NULL;
+    SECStatus result;
+    SSLChannelInfo channel;
+    SSLCipherSuiteInfo suite;
+
+    if (verbose)
+        printSSLStatistics();
+
+    result = SSL_GetChannelInfo(fd, &channel, sizeof channel);
+    if (result == SECSuccess &&
+        channel.length == sizeof channel &&
+        channel.cipherSuite) {
+        result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
+                                        &suite, sizeof suite);
+        if (result == SECSuccess) {
+            FPRINTF(stderr,
+                    "selfserv: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
+                    channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
+                    suite.effectiveKeyBits, suite.symCipherName,
+                    suite.macBits, suite.macAlgorithmName);
+            FPRINTF(stderr,
+                    "selfserv: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
+                    "          Compression: %s, Extended Master Secret: %s\n",
+                    channel.authKeyBits, suite.authAlgorithmName,
+                    channel.keaKeyBits, suite.keaTypeName,
+                    channel.compressionMethodName,
+                    channel.extendedMasterSecretUsed ? "Yes" : "No");
+        }
+    }
+    if (verbose) {
+        SECItem *hostInfo = SSL_GetNegotiatedHostInfo(fd);
+        if (hostInfo) {
+            char namePref[] = "selfserv: Negotiated server name: ";
+
+            fprintf(stderr, "%s", namePref);
+            fwrite(hostInfo->data, hostInfo->len, 1, stderr);
+            SECITEM_FreeItem(hostInfo, PR_TRUE);
+            hostInfo = NULL;
+            fprintf(stderr, "\n");
+        }
+    }
+    if (requestCert)
+        cert = SSL_PeerCertificate(fd);
+    else
+        cert = SSL_LocalCertificate(fd);
+    if (cert) {
+        char *ip = CERT_NameToAscii(&cert->issuer);
+        char *sp = CERT_NameToAscii(&cert->subject);
+        if (sp) {
+            FPRINTF(stderr, "selfserv: subject DN: %s\n", sp);
+            PORT_Free(sp);
+        }
+        if (ip) {
+            FPRINTF(stderr, "selfserv: issuer  DN: %s\n", ip);
+            PORT_Free(ip);
+        }
+        CERT_DestroyCertificate(cert);
+        cert = NULL;
+    }
+    FLUSH;
+}
+
+static int MakeCertOK;
+
+static SECStatus
+myBadCertHandler(void *arg, PRFileDesc *fd)
+{
+    int err = PR_GetError();
+    if (!MakeCertOK)
+        fprintf(stderr,
+                "selfserv: -- SSL: Client Certificate Invalid, err %d.\n%s\n",
+                err, SECU_Strerror(err));
+    return (MakeCertOK ? SECSuccess : SECFailure);
+}
+
+/* Simple SNI socket config function that does not use SSL_ReconfigFD.
+ * Only uses one server name but verifies that the names match. */
+PRInt32
+mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr,
+                     PRUint32 sniNameArrSize, void *arg)
+{
+    PRInt32 i = 0;
+    const SECItem *current = sniNameArr;
+    const char **nameArr = (const char **)arg;
+    secuPWData *pwdata;
+    CERTCertificate *cert = NULL;
+    SECKEYPrivateKey *privKey = NULL;
+
+    PORT_Assert(fd && sniNameArr);
+    if (!fd || !sniNameArr) {
+        return SSL_SNI_SEND_ALERT;
+    }
+
+    pwdata = SSL_RevealPinArg(fd);
+
+    for (; current && (PRUint32)i < sniNameArrSize; i++) {
+        unsigned int j = 0;
+        for (; j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j]; j++) {
+            if (!PORT_Strncmp(nameArr[j],
+                              (const char *)current[i].data,
+                              current[i].len) &&
+                PORT_Strlen(nameArr[j]) == current[i].len) {
+                const char *nickName = nameArr[j];
+                if (j == 0) {
+                    /* default cert */
+                    return 0;
+                }
+                /* if pwdata is NULL, then we would not get the key and
+                 * return an error status. */
+                cert = PK11_FindCertFromNickname(nickName, &pwdata);
+                if (cert == NULL) {
+                    goto loser; /* Send alert */
+                }
+                privKey = PK11_FindKeyByAnyCert(cert, &pwdata);
+                if (privKey == NULL) {
+                    goto loser; /* Send alert */
+                }
+                if (SSL_ConfigServerCert(fd, cert, privKey, NULL, 0) != SECSuccess) {
+                    goto loser; /* Send alert */
+                }
+                SECKEY_DestroyPrivateKey(privKey);
+                CERT_DestroyCertificate(cert);
+                return i;
+            }
+        }
+    }
+loser:
+    if (privKey) {
+        SECKEY_DestroyPrivateKey(privKey);
+    }
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+    return SSL_SNI_SEND_ALERT;
+}
+
+/**************************************************************************
+** Begin thread management routines and data.
+**************************************************************************/
+#define MIN_THREADS 3
+#define DEFAULT_THREADS 8
+#define MAX_THREADS 4096
+#define MAX_PROCS 25
+static int maxThreads = DEFAULT_THREADS;
+
+typedef struct jobStr {
+    PRCList link;
+    PRFileDesc *tcp_sock;
+    PRFileDesc *model_sock;
+    int requestCert;
+} JOB;
+
+static PZLock *qLock;             /* this lock protects all data immediately below */
+static PRLock *lastLoadedCrlLock; /* this lock protects lastLoadedCrl variable */
+static PZCondVar *jobQNotEmptyCv;
+static PZCondVar *freeListNotEmptyCv;
+static PZCondVar *threadCountChangeCv;
+static int threadCount;
+static PRCList jobQ;
+static PRCList freeJobs;
+static JOB *jobTable;
+
+SECStatus
+setupJobs(int maxJobs)
+{
+    int i;
+
+    jobTable = (JOB *)PR_Calloc(maxJobs, sizeof(JOB));
+    if (!jobTable)
+        return SECFailure;
+
+    PR_INIT_CLIST(&jobQ);
+    PR_INIT_CLIST(&freeJobs);
+
+    for (i = 0; i < maxJobs; ++i) {
+        JOB *pJob = jobTable + i;
+        PR_APPEND_LINK(&pJob->link, &freeJobs);
+    }
+    return SECSuccess;
+}
+
+typedef int startFn(PRFileDesc *a, PRFileDesc *b, int c);
+
+typedef enum { rs_idle = 0,
+               rs_running = 1,
+               rs_zombie = 2 } runState;
+
+typedef struct perThreadStr {
+    PRFileDesc *a;
+    PRFileDesc *b;
+    int c;
+    int rv;
+    startFn *startFunc;
+    PRThread *prThread;
+    runState state;
+} perThread;
+
+static perThread *threads;
+
+void
+thread_wrapper(void *arg)
+{
+    perThread *slot = (perThread *)arg;
+
+    slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->c);
+
+    /* notify the thread exit handler. */
+    PZ_Lock(qLock);
+    slot->state = rs_zombie;
+    --threadCount;
+    PZ_NotifyAllCondVar(threadCountChangeCv);
+    PZ_Unlock(qLock);
+}
+
+int
+jobLoop(PRFileDesc *a, PRFileDesc *b, int c)
+{
+    PRCList *myLink = 0;
+    JOB *myJob;
+
+    PZ_Lock(qLock);
+    do {
+        myLink = 0;
+        while (PR_CLIST_IS_EMPTY(&jobQ) && !stopping) {
+            PZ_WaitCondVar(jobQNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
+        }
+        if (!PR_CLIST_IS_EMPTY(&jobQ)) {
+            myLink = PR_LIST_HEAD(&jobQ);
+            PR_REMOVE_AND_INIT_LINK(myLink);
+        }
+        PZ_Unlock(qLock);
+        myJob = (JOB *)myLink;
+        /* myJob will be null when stopping is true and jobQ is empty */
+        if (!myJob)
+            break;
+        handle_connection(myJob->tcp_sock, myJob->model_sock,
+                          myJob->requestCert);
+        PZ_Lock(qLock);
+        PR_APPEND_LINK(myLink, &freeJobs);
+        PZ_NotifyCondVar(freeListNotEmptyCv);
+    } while (PR_TRUE);
+    return 0;
+}
+
+SECStatus
+launch_threads(
+    startFn *startFunc,
+    PRFileDesc *a,
+    PRFileDesc *b,
+    int c,
+    PRBool local)
+{
+    int i;
+    SECStatus rv = SECSuccess;
+
+    /* create the thread management serialization structs */
+    qLock = PZ_NewLock(nssILockSelfServ);
+    jobQNotEmptyCv = PZ_NewCondVar(qLock);
+    freeListNotEmptyCv = PZ_NewCondVar(qLock);
+    threadCountChangeCv = PZ_NewCondVar(qLock);
+
+    /* create monitor for crl reload procedure */
+    lastLoadedCrlLock = PR_NewLock();
+
+    /* allocate the array of thread slots */
+    threads = PR_Calloc(maxThreads, sizeof(perThread));
+    if (NULL == threads) {
+        fprintf(stderr, "Oh Drat! Can't allocate the perThread array\n");
+        return SECFailure;
+    }
+    /* 5 is a little extra, intended to keep the jobQ from underflowing.
+    ** That is, from going empty while not stopping and clients are still
+    ** trying to contact us.
+    */
+    rv = setupJobs(maxThreads + 5);
+    if (rv != SECSuccess)
+        return rv;
+
+    PZ_Lock(qLock);
+    for (i = 0; i < maxThreads; ++i) {
+        perThread *slot = threads + i;
+
+        slot->state = rs_running;
+        slot->a = a;
+        slot->b = b;
+        slot->c = c;
+        slot->startFunc = startFunc;
+        slot->prThread = PR_CreateThread(PR_USER_THREAD,
+                                         thread_wrapper, slot, PR_PRIORITY_NORMAL,
+                                         (PR_TRUE ==
+                                          local)
+                                             ? PR_LOCAL_THREAD
+                                             : PR_GLOBAL_THREAD,
+                                         PR_JOINABLE_THREAD, 0);
+        if (slot->prThread == NULL) {
+            printf("selfserv: Failed to launch thread!\n");
+            slot->state = rs_idle;
+            rv = SECFailure;
+            break;
+        }
+
+        ++threadCount;
+    }
+    PZ_Unlock(qLock);
+
+    return rv;
+}
+
+#define DESTROY_CONDVAR(name)    \
+    if (name) {                  \
+        PZ_DestroyCondVar(name); \
+        name = NULL;             \
+    }
+#define DESTROY_LOCK(name)    \
+    if (name) {               \
+        PZ_DestroyLock(name); \
+        name = NULL;          \
+    }
+
+void
+terminateWorkerThreads(void)
+{
+    int i;
+
+    VLOG(("selfserv: server_thread: waiting on stopping"));
+    PZ_Lock(qLock);
+    PZ_NotifyAllCondVar(jobQNotEmptyCv);
+    PZ_Unlock(qLock);
+
+    /* Wait for worker threads to terminate. */
+    for (i = 0; i < maxThreads; ++i) {
+        perThread *slot = threads + i;
+        if (slot->prThread) {
+            PR_JoinThread(slot->prThread);
+        }
+    }
+
+    /* The worker threads empty the jobQ before they terminate. */
+    PZ_Lock(qLock);
+    PORT_Assert(threadCount == 0);
+    PORT_Assert(PR_CLIST_IS_EMPTY(&jobQ));
+    PZ_Unlock(qLock);
+
+    DESTROY_CONDVAR(jobQNotEmptyCv);
+    DESTROY_CONDVAR(freeListNotEmptyCv);
+    DESTROY_CONDVAR(threadCountChangeCv);
+
+    PR_DestroyLock(lastLoadedCrlLock);
+    DESTROY_LOCK(qLock);
+    PR_Free(jobTable);
+    PR_Free(threads);
+}
+
+static void
+logger(void *arg)
+{
+    PRFloat64 seconds;
+    PRFloat64 opsPerSec;
+    PRIntervalTime period;
+    PRIntervalTime previousTime;
+    PRIntervalTime latestTime;
+    PRInt32 previousOps;
+    PRInt32 ops;
+    PRIntervalTime logPeriodTicks = PR_TicksPerSecond();
+    PRFloat64 secondsPerTick = 1.0 / (PRFloat64)logPeriodTicks;
+    int iterations = 0;
+    int secondsElapsed = 0;
+    static PRInt64 totalPeriodBytes = 0;
+    static PRInt64 totalPeriodBytesTCP = 0;
+
+    previousOps = loggerOps;
+    previousTime = PR_IntervalNow();
+
+    for (;;) {
+        /* OK, implementing a new sleep algorithm here... always sleep
+         * for 1 second but print out info at the user-specified interval.
+         * This way, we don't overflow all of our PR_Atomic* functions and
+         * we don't have to use locks.
+         */
+        PR_Sleep(logPeriodTicks);
+        secondsElapsed++;
+        totalPeriodBytes += PR_ATOMIC_SET(&loggerBytes, 0);
+        totalPeriodBytesTCP += PR_ATOMIC_SET(&loggerBytesTCP, 0);
+        if (secondsElapsed != logPeriod) {
+            continue;
+        }
+        /* when we reach the user-specified logging interval, print out all
+         * data
+         */
+        secondsElapsed = 0;
+        latestTime = PR_IntervalNow();
+        ops = loggerOps;
+        period = latestTime - previousTime;
+        seconds = (PRFloat64)period * secondsPerTick;
+        opsPerSec = (ops - previousOps) / seconds;
+
+        if (testBulk) {
+            if (iterations == 0) {
+                if (loggingLayer == PR_TRUE) {
+                    printf("Conn.--------App Data--------TCP Data\n");
+                } else {
+                    printf("Conn.--------App Data\n");
+                }
+            }
+            if (loggingLayer == PR_TRUE) {
+                printf("%4.d       %5.3f MB/s      %5.3f MB/s\n", ops,
+                       totalPeriodBytes / (seconds * 1048576.0),
+                       totalPeriodBytesTCP / (seconds * 1048576.0));
+            } else {
+                printf("%4.d       %5.3f MB/s\n", ops,
+                       totalPeriodBytes / (seconds * 1048576.0));
+            }
+            totalPeriodBytes = 0;
+            totalPeriodBytesTCP = 0;
+            /* Print the "legend" every 20 iterations */
+            iterations = (iterations + 1) % 20;
+        } else {
+            printf("%.2f ops/second, %d threads\n", opsPerSec, threadCount);
+        }
+
+        fflush(stdout);
+        previousOps = ops;
+        previousTime = latestTime;
+        if (stopping) {
+            break;
+        }
+    }
+}
+
+/**************************************************************************
+** End   thread management routines.
+**************************************************************************/
+
+PRBool useModelSocket = PR_FALSE;
+static SSLVersionRange enabledVersions;
+PRBool disableRollBack = PR_FALSE;
+PRBool NoReuse = PR_FALSE;
+PRBool hasSidCache = PR_FALSE;
+PRBool disableLocking = PR_FALSE;
+PRBool enableSessionTickets = PR_FALSE;
+PRBool enableCompression = PR_FALSE;
+PRBool failedToNegotiateName = PR_FALSE;
+PRBool enableExtendedMasterSecret = PR_FALSE;
+PRBool zeroRTT = PR_FALSE;
+PRBool enableALPN = PR_FALSE;
+SSLNamedGroup *enabledGroups = NULL;
+unsigned int enabledGroupsCount = 0;
+
+static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX];
+static int virtServerNameIndex = 1;
+
+static char *certNicknameArray[MAX_CERT_NICKNAME_ARRAY_INDEX];
+static int certNicknameIndex = 0;
+
+static const char stopCmd[] = { "GET /stop " };
+static const char getCmd[] = { "GET " };
+static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" };
+static const char outHeader[] = {
+    "HTTP/1.0 200 OK\r\n"
+    "Server: Generic Web Server\r\n"
+    "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
+    "Content-type: text/plain\r\n"
+    "\r\n"
+};
+static const char crlCacheErr[] = { "CRL ReCache Error: " };
+
+PRUint16 cipherlist[100];
+int nciphers;
+
+void
+savecipher(int c)
+{
+    if (nciphers < sizeof cipherlist / sizeof(cipherlist[0]))
+        cipherlist[nciphers++] = (PRUint16)c;
+}
+
+#ifdef FULL_DUPLEX_CAPABLE
+
+struct lockedVarsStr {
+    PZLock *lock;
+    int count;
+    int waiters;
+    PZCondVar *condVar;
+};
+
+typedef struct lockedVarsStr lockedVars;
+
+void
+lockedVars_Init(lockedVars *lv)
+{
+    lv->count = 0;
+    lv->waiters = 0;
+    lv->lock = PZ_NewLock(nssILockSelfServ);
+    lv->condVar = PZ_NewCondVar(lv->lock);
+}
+
+void
+lockedVars_Destroy(lockedVars *lv)
+{
+    PZ_DestroyCondVar(lv->condVar);
+    lv->condVar = NULL;
+
+    PZ_DestroyLock(lv->lock);
+    lv->lock = NULL;
+}
+
+void
+lockedVars_WaitForDone(lockedVars *lv)
+{
+    PZ_Lock(lv->lock);
+    while (lv->count > 0) {
+        PZ_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+    }
+    PZ_Unlock(lv->lock);
+}
+
+int /* returns count */
+    lockedVars_AddToCount(lockedVars *lv, int addend)
+{
+    int rv;
+
+    PZ_Lock(lv->lock);
+    rv = lv->count += addend;
+    if (rv <= 0) {
+        PZ_NotifyCondVar(lv->condVar);
+    }
+    PZ_Unlock(lv->lock);
+    return rv;
+}
+
+int
+do_writes(
+    PRFileDesc *ssl_sock,
+    PRFileDesc *model_sock,
+    int requestCert)
+{
+    int sent = 0;
+    int count = 0;
+    lockedVars *lv = (lockedVars *)model_sock;
+
+    VLOG(("selfserv: do_writes: starting"));
+    while (sent < bigBuf.len) {
+
+        count = PR_Write(ssl_sock, bigBuf.data + sent, bigBuf.len - sent);
+        if (count < 0) {
+            errWarn("PR_Write bigBuf");
+            break;
+        }
+        FPRINTF(stderr, "selfserv: PR_Write wrote %d bytes from bigBuf\n", count);
+        sent += count;
+    }
+    if (count >= 0) { /* last write didn't fail. */
+        PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
+    }
+
+    /* notify the reader that we're done. */
+    lockedVars_AddToCount(lv, -1);
+    FLUSH;
+    VLOG(("selfserv: do_writes: exiting"));
+    return (sent < bigBuf.len) ? SECFailure : SECSuccess;
+}
+
+static int
+handle_fdx_connection(
+    PRFileDesc *tcp_sock,
+    PRFileDesc *model_sock,
+    int requestCert)
+{
+    PRFileDesc *ssl_sock = NULL;
+    SECStatus result;
+    int firstTime = 1;
+    lockedVars lv;
+    PRSocketOptionData opt;
+    char buf[10240];
+
+    VLOG(("selfserv: handle_fdx_connection: starting"));
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    PR_SetSocketOption(tcp_sock, &opt);
+
+    if (useModelSocket && model_sock) {
+        SECStatus rv;
+        ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
+        if (!ssl_sock) {
+            errWarn("SSL_ImportFD with model");
+            goto cleanup;
+        }
+        rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
+        if (rv != SECSuccess) {
+            errWarn("SSL_ResetHandshake");
+            goto cleanup;
+        }
+    } else {
+        ssl_sock = tcp_sock;
+    }
+
+    lockedVars_Init(&lv);
+    lockedVars_AddToCount(&lv, 1);
+
+    /* Attempt to launch the writer thread. */
+    result = launch_thread(do_writes, ssl_sock, (PRFileDesc *)&lv,
+                           requestCert);
+
+    if (result == SECSuccess)
+        do {
+            /* do reads here. */
+            int count;
+            count = PR_Read(ssl_sock, buf, sizeof buf);
+            if (count < 0) {
+                errWarn("FDX PR_Read");
+                break;
+            }
+            FPRINTF(stderr, "selfserv: FDX PR_Read read %d bytes.\n", count);
+            if (firstTime) {
+                firstTime = 0;
+                printSecurityInfo(ssl_sock);
+            }
+        } while (lockedVars_AddToCount(&lv, 0) > 0);
+
+    /* Wait for writer to finish */
+    lockedVars_WaitForDone(&lv);
+    lockedVars_Destroy(&lv);
+    FLUSH;
+
+cleanup:
+    if (ssl_sock) {
+        PR_Close(ssl_sock);
+    } else if (tcp_sock) {
+        PR_Close(tcp_sock);
+    }
+
+    VLOG(("selfserv: handle_fdx_connection: exiting"));
+    return SECSuccess;
+}
+
+#endif
+
+static SECItem *lastLoadedCrl = NULL;
+
+static SECStatus
+reload_crl(PRFileDesc *crlFile)
+{
+    SECItem *crlDer;
+    CERTCertDBHandle *certHandle = CERT_GetDefaultCertDB();
+    SECStatus rv;
+
+    /* Read in the entire file specified with the -f argument */
+    crlDer = PORT_Malloc(sizeof(SECItem));
+    if (!crlDer) {
+        errWarn("Can not allocate memory.");
+        return SECFailure;
+    }
+
+    rv = SECU_ReadDERFromFile(crlDer, crlFile, PR_FALSE, PR_FALSE);
+    if (rv != SECSuccess) {
+        errWarn("Unable to read input file.");
+        PORT_Free(crlDer);
+        return SECFailure;
+    }
+
+    PR_Lock(lastLoadedCrlLock);
+    rv = CERT_CacheCRL(certHandle, crlDer);
+    if (rv == SECSuccess) {
+        SECItem *tempItem = crlDer;
+        if (lastLoadedCrl != NULL) {
+            rv = CERT_UncacheCRL(certHandle, lastLoadedCrl);
+            if (rv != SECSuccess) {
+                errWarn("Unable to uncache crl.");
+                goto loser;
+            }
+            crlDer = lastLoadedCrl;
+        } else {
+            crlDer = NULL;
+        }
+        lastLoadedCrl = tempItem;
+    }
+
+loser:
+    PR_Unlock(lastLoadedCrlLock);
+    SECITEM_FreeItem(crlDer, PR_TRUE);
+    return rv;
+}
+
+void
+stop_server()
+{
+    stopping = 1;
+    PR_Interrupt(acceptorThread);
+    PZ_TraceFlush();
+}
+
+SECItemArray *
+makeTryLaterOCSPResponse(PLArenaPool *arena)
+{
+    SECItemArray *result = NULL;
+    SECItem *ocspResponse = NULL;
+
+    ocspResponse = CERT_CreateEncodedOCSPErrorResponse(arena,
+                                                       SEC_ERROR_OCSP_TRY_SERVER_LATER);
+    if (!ocspResponse)
+        errExit("cannot created ocspResponse");
+
+    result = SECITEM_AllocArray(arena, NULL, 1);
+    if (!result)
+        errExit("cannot allocate multiOcspResponses");
+
+    result->items[0].data = ocspResponse->data;
+    result->items[0].len = ocspResponse->len;
+
+    return result;
+}
+
+SECItemArray *
+makeCorruptedOCSPResponse(PLArenaPool *arena)
+{
+    SECItemArray *result = NULL;
+    SECItem *ocspResponse = NULL;
+
+    ocspResponse = SECITEM_AllocItem(arena, NULL, 1);
+    if (!ocspResponse)
+        errExit("cannot created ocspResponse");
+
+    result = SECITEM_AllocArray(arena, NULL, 1);
+    if (!result)
+        errExit("cannot allocate multiOcspResponses");
+
+    result->items[0].data = ocspResponse->data;
+    result->items[0].len = ocspResponse->len;
+
+    return result;
+}
+
+SECItemArray *
+makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
+                       CERTCertificate *cert, secuPWData *pwdata)
+{
+    SECItemArray *result = NULL;
+    SECItem *ocspResponse = NULL;
+    CERTOCSPSingleResponse **singleResponses;
+    CERTOCSPSingleResponse *sr = NULL;
+    CERTOCSPCertID *cid = NULL;
+    CERTCertificate *ca;
+    PRTime now = PR_Now();
+    PRTime nextUpdate;
+
+    PORT_Assert(cert != NULL);
+
+    ca = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), ocspStaplingCA);
+    if (!ca)
+        errExit("cannot find CA");
+
+    cid = CERT_CreateOCSPCertID(cert, now);
+    if (!cid)
+        errExit("cannot created cid");
+
+    nextUpdate = now + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /* plus 1 day */
+
+    switch (osm) {
+        case osm_good:
+        case osm_badsig:
+            sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now,
+                                                   &nextUpdate);
+            break;
+        case osm_unknown:
+            sr = CERT_CreateOCSPSingleResponseUnknown(arena, cid, now,
+                                                      &nextUpdate);
+            break;
+        case osm_revoked:
+            sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now,
+                                                      &nextUpdate,
+                                                      now - (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC, /* minus 1 day */
+                                                      NULL);
+            break;
+        default:
+            PORT_Assert(0);
+            break;
+    }
+
+    if (!sr)
+        errExit("cannot create sr");
+
+    /* meaning of value 2: one entry + one end marker */
+    singleResponses = PORT_ArenaNewArray(arena, CERTOCSPSingleResponse *, 2);
+    if (singleResponses == NULL)
+        errExit("cannot allocate singleResponses");
+
+    singleResponses[0] = sr;
+    singleResponses[1] = NULL;
+
+    ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
+                                                         (osm == osm_badsig)
+                                                             ? NULL
+                                                             : ca,
+                                                         ocspResponderID_byName, now, singleResponses,
+                                                         &pwdata);
+    if (!ocspResponse)
+        errExit("cannot created ocspResponse");
+
+    CERT_DestroyCertificate(ca);
+    ca = NULL;
+
+    result = SECITEM_AllocArray(arena, NULL, 1);
+    if (!result)
+        errExit("cannot allocate multiOcspResponses");
+
+    result->items[0].data = ocspResponse->data;
+    result->items[0].len = ocspResponse->len;
+
+    CERT_DestroyOCSPCertID(cid);
+    cid = NULL;
+
+    return result;
+}
+
+void
+setupCertStatus(PLArenaPool *arena, enum ocspStaplingModeEnum ocspStaplingMode,
+                CERTCertificate *cert, int index, secuPWData *pwdata)
+{
+    if (ocspStaplingMode == osm_random) {
+        /* 6 different responses */
+        int r = rand() % 6;
+        switch (r) {
+            case 0:
+                ocspStaplingMode = osm_good;
+                break;
+            case 1:
+                ocspStaplingMode = osm_revoked;
+                break;
+            case 2:
+                ocspStaplingMode = osm_unknown;
+                break;
+            case 3:
+                ocspStaplingMode = osm_badsig;
+                break;
+            case 4:
+                ocspStaplingMode = osm_corrupted;
+                break;
+            case 5:
+                ocspStaplingMode = osm_failure;
+                break;
+            default:
+                PORT_Assert(0);
+                break;
+        }
+    }
+    if (ocspStaplingMode != osm_disabled) {
+        SECItemArray *multiOcspResponses = NULL;
+        switch (ocspStaplingMode) {
+            case osm_good:
+            case osm_revoked:
+            case osm_unknown:
+            case osm_badsig:
+                multiOcspResponses =
+                    makeSignedOCSPResponse(arena, ocspStaplingMode, cert,
+                                           pwdata);
+                break;
+            case osm_corrupted:
+                multiOcspResponses = makeCorruptedOCSPResponse(arena);
+                break;
+            case osm_failure:
+                multiOcspResponses = makeTryLaterOCSPResponse(arena);
+                break;
+            case osm_ocsp:
+                errExit("stapling mode \"ocsp\" not implemented");
+                break;
+                break;
+            default:
+                break;
+        }
+        if (multiOcspResponses) {
+            certStatus[index] = multiOcspResponses;
+        }
+    }
+}
+
+int
+handle_connection(
+    PRFileDesc *tcp_sock,
+    PRFileDesc *model_sock,
+    int requestCert)
+{
+    PRFileDesc *ssl_sock = NULL;
+    PRFileDesc *local_file_fd = NULL;
+    char *post;
+    char *pBuf; /* unused space at end of buf */
+    const char *errString;
+    PRStatus status;
+    int bufRem;    /* unused bytes at end of buf */
+    int bufDat;    /* characters received in buf */
+    int newln = 0; /* # of consecutive newlns */
+    int firstTime = 1;
+    int reqLen;
+    int rv;
+    int numIOVs;
+    PRSocketOptionData opt;
+    PRIOVec iovs[16];
+    char msgBuf[160];
+    char buf[10240] = { 0 };
+    char fileName[513];
+    char proto[128];
+    PRDescIdentity aboveLayer = PR_INVALID_IO_LAYER;
+
+    pBuf = buf;
+    bufRem = sizeof buf;
+
+    VLOG(("selfserv: handle_connection: starting"));
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    PR_SetSocketOption(tcp_sock, &opt);
+
+    VLOG(("selfserv: handle_connection: starting\n"));
+    if (useModelSocket && model_sock) {
+        SECStatus rv;
+        ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
+        if (!ssl_sock) {
+            errWarn("SSL_ImportFD with model");
+            goto cleanup;
+        }
+        rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 1);
+        if (rv != SECSuccess) {
+            errWarn("SSL_ResetHandshake");
+            goto cleanup;
+        }
+    } else {
+        ssl_sock = tcp_sock;
+    }
+
+    if (loggingLayer) {
+        /* find the layer where our new layer is to be pushed */
+        aboveLayer = PR_GetLayersIdentity(ssl_sock->lower);
+        if (aboveLayer == PR_INVALID_IO_LAYER) {
+            errExit("PRGetUniqueIdentity");
+        }
+        /* create the new layer - this is a very cheap operation */
+        loggingFD = PR_CreateIOLayerStub(log_layer_id, &loggingMethods);
+        if (!loggingFD)
+            errExit("PR_CreateIOLayerStub");
+        /* push the layer below ssl but above TCP */
+        rv = PR_PushIOLayer(ssl_sock, aboveLayer, loggingFD);
+        if (rv != PR_SUCCESS) {
+            errExit("PR_PushIOLayer");
+        }
+    }
+
+    if (noDelay) {
+        opt.option = PR_SockOpt_NoDelay;
+        opt.value.no_delay = PR_TRUE;
+        status = PR_SetSocketOption(ssl_sock, &opt);
+        if (status != PR_SUCCESS) {
+            errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
+            if (ssl_sock) {
+                PR_Close(ssl_sock);
+            }
+            return SECFailure;
+        }
+    }
+
+    while (1) {
+        newln = 0;
+        reqLen = 0;
+        rv = PR_Read(ssl_sock, pBuf, bufRem - 1);
+        if (rv == 0 ||
+            (rv < 0 && PR_END_OF_FILE_ERROR == PR_GetError())) {
+            if (verbose)
+                errWarn("HDX PR_Read hit EOF");
+            break;
+        }
+        if (rv < 0) {
+            errWarn("HDX PR_Read");
+            goto cleanup;
+        }
+        /* NULL termination */
+        pBuf[rv] = 0;
+        if (firstTime) {
+            firstTime = 0;
+            printSecurityInfo(ssl_sock);
+        }
+
+        pBuf += rv;
+        bufRem -= rv;
+        bufDat = pBuf - buf;
+        /* Parse the input, starting at the beginning of the buffer.
+         * Stop when we detect two consecutive \n's (or \r\n's)
+         * as this signifies the end of the GET or POST portion.
+         * The posted data follows.
+         */
+        while (reqLen < bufDat && newln < 2) {
+            int octet = buf[reqLen++];
+            if (octet == '\n') {
+                newln++;
+            } else if (octet != '\r') {
+                newln = 0;
+            }
+        }
+
+        /* came to the end of the buffer, or second newln
+         * If we didn't get an empty line (CRLFCRLF) then keep on reading.
+         */
+        if (newln < 2)
+            continue;
+
+        /* we're at the end of the HTTP request.
+         * If the request is a POST, then there will be one more
+         * line of data.
+         * This parsing is a hack, but ok for SSL test purposes.
+         */
+        post = PORT_Strstr(buf, "POST ");
+        if (!post || *post != 'P')
+            break;
+
+        /* It's a post, so look for the next and final CR/LF. */
+        /* We should parse content length here, but ... */
+        while (reqLen < bufDat && newln < 3) {
+            int octet = buf[reqLen++];
+            if (octet == '\n') {
+                newln++;
+            }
+        }
+        if (newln == 3)
+            break;
+    } /* read loop */
+
+    bufDat = pBuf - buf;
+    if (bufDat)
+        do { /* just close if no data */
+            /* Have either (a) a complete get, (b) a complete post, (c) EOF */
+            if (reqLen > 0 && !strncmp(buf, getCmd, sizeof getCmd - 1)) {
+                char *fnBegin = buf + 4;
+                char *fnEnd;
+                PRFileInfo info;
+                /* try to open the file named.
+                 * If successful, then write it to the client.
+                 */
+                fnEnd = strpbrk(fnBegin, " \r\n");
+                if (fnEnd) {
+                    int fnLen = fnEnd - fnBegin;
+                    if (fnLen < sizeof fileName) {
+                        char *real_fileName = fileName;
+                        char *protoEnd = NULL;
+                        strncpy(fileName, fnBegin, fnLen);
+                        fileName[fnLen] = 0; /* null terminate */
+                        if ((protoEnd = strstr(fileName, "://")) != NULL) {
+                            int protoLen = PR_MIN(protoEnd - fileName, sizeof(proto) - 1);
+                            PL_strncpy(proto, fileName, protoLen);
+                            proto[protoLen] = 0;
+                            real_fileName = protoEnd + 3;
+                        } else {
+                            proto[0] = 0;
+                        }
+                        status = PR_GetFileInfo(real_fileName, &info);
+                        if (status == PR_SUCCESS &&
+                            info.type == PR_FILE_FILE &&
+                            info.size >= 0) {
+                            local_file_fd = PR_Open(real_fileName, PR_RDONLY, 0);
+                        }
+                    }
+                }
+            }
+            /* if user has requested client auth in a subsequent handshake,
+             * do it here.
+             */
+            if (requestCert > 2) { /* request cert was 3 or 4 */
+                CERTCertificate *cert = SSL_PeerCertificate(ssl_sock);
+                if (cert) {
+                    CERT_DestroyCertificate(cert);
+                } else {
+                    rv = SSL_OptionSet(ssl_sock, SSL_REQUEST_CERTIFICATE, 1);
+                    if (rv < 0) {
+                        errWarn("second SSL_OptionSet SSL_REQUEST_CERTIFICATE");
+                        break;
+                    }
+                    rv = SSL_OptionSet(ssl_sock, SSL_REQUIRE_CERTIFICATE,
+                                       (requestCert == 4));
+                    if (rv < 0) {
+                        errWarn("second SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
+                        break;
+                    }
+                    rv = SSL_ReHandshake(ssl_sock, PR_TRUE);
+                    if (rv != 0) {
+                        errWarn("SSL_ReHandshake");
+                        break;
+                    }
+                    rv = SSL_ForceHandshake(ssl_sock);
+                    if (rv < 0) {
+                        errWarn("SSL_ForceHandshake");
+                        break;
+                    }
+                }
+            }
+
+            numIOVs = 0;
+
+            iovs[numIOVs].iov_base = (char *)outHeader;
+            iovs[numIOVs].iov_len = (sizeof(outHeader)) - 1;
+            numIOVs++;
+
+            if (local_file_fd) {
+                PRInt32 bytes;
+                int errLen;
+                if (!PL_strlen(proto) || !PL_strcmp(proto, "file")) {
+                    bytes = PR_TransmitFile(ssl_sock, local_file_fd, outHeader,
+                                            sizeof outHeader - 1,
+                                            PR_TRANSMITFILE_KEEP_OPEN,
+                                            PR_INTERVAL_NO_TIMEOUT);
+                    if (bytes >= 0) {
+                        bytes -= sizeof outHeader - 1;
+                        FPRINTF(stderr,
+                                "selfserv: PR_TransmitFile wrote %d bytes from %s\n",
+                                bytes, fileName);
+                        break;
+                    }
+                    errString = errWarn("PR_TransmitFile");
+                    errLen = PORT_Strlen(errString);
+                    errLen = PR_MIN(errLen, sizeof msgBuf - 1);
+                    PORT_Memcpy(msgBuf, errString, errLen);
+                    msgBuf[errLen] = 0;
+
+                    iovs[numIOVs].iov_base = msgBuf;
+                    iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                    numIOVs++;
+                }
+                if (!PL_strcmp(proto, "crl")) {
+                    if (reload_crl(local_file_fd) == SECFailure) {
+                        errString = errWarn("CERT_CacheCRL");
+                        if (!errString)
+                            errString = "Unknow error";
+                        PR_snprintf(msgBuf, sizeof(msgBuf), "%s%s ",
+                                    crlCacheErr, errString);
+
+                        iovs[numIOVs].iov_base = msgBuf;
+                        iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                        numIOVs++;
+                    } else {
+                        FPRINTF(stderr,
+                                "selfserv: CRL %s reloaded.\n",
+                                fileName);
+                        break;
+                    }
+                }
+            } else if (reqLen <= 0) { /* hit eof */
+                PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n",
+                             bufDat);
+
+                iovs[numIOVs].iov_base = msgBuf;
+                iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                numIOVs++;
+            } else if (reqLen < bufDat) {
+                PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n",
+                             bufDat - reqLen);
+
+                iovs[numIOVs].iov_base = msgBuf;
+                iovs[numIOVs].iov_len = PORT_Strlen(msgBuf);
+                numIOVs++;
+            }
+
+            if (reqLen > 0) {
+                if (verbose > 1)
+                    fwrite(buf, 1, reqLen, stdout); /* display it */
+
+                iovs[numIOVs].iov_base = buf;
+                iovs[numIOVs].iov_len = reqLen;
+                numIOVs++;
+            }
+
+            /* Don't add the EOF if we want to test bulk encryption */
+            if (!testBulk) {
+                iovs[numIOVs].iov_base = (char *)EOFmsg;
+                iovs[numIOVs].iov_len = sizeof EOFmsg - 1;
+                numIOVs++;
+            }
+
+            rv = PR_Writev(ssl_sock, iovs, numIOVs, PR_INTERVAL_NO_TIMEOUT);
+            if (rv < 0) {
+                errWarn("PR_Writev");
+                break;
+            }
+
+            /* Send testBulkTotal chunks to the client. Unlimited if 0. */
+            if (testBulk) {
+                while (0 < (rv = PR_Write(ssl_sock, testBulkBuf, testBulkSize))) {
+                    PR_ATOMIC_ADD(&loggerBytes, rv);
+                    PR_ATOMIC_INCREMENT(&bulkSentChunks);
+                    if ((bulkSentChunks > testBulkTotal) && (testBulkTotal != 0))
+                        break;
+                }
+
+                /* There was a write error, so close this connection. */
+                if (bulkSentChunks <= testBulkTotal) {
+                    errWarn("PR_Write");
+                }
+                PR_ATOMIC_DECREMENT(&loggerOps);
+                break;
+            }
+        } while (0);
+
+cleanup:
+    if (ssl_sock) {
+        PR_Close(ssl_sock);
+    } else if (tcp_sock) {
+        PR_Close(tcp_sock);
+    }
+    if (local_file_fd)
+        PR_Close(local_file_fd);
+    VLOG(("selfserv: handle_connection: exiting\n"));
+
+    /* do a nice shutdown if asked. */
+    if (!strncmp(buf, stopCmd, sizeof stopCmd - 1)) {
+        VLOG(("selfserv: handle_connection: stop command"));
+        stop_server();
+    }
+    VLOG(("selfserv: handle_connection: exiting"));
+    return SECSuccess; /* success */
+}
+
+#ifdef XP_UNIX
+
+void
+sigusr1_handler(int sig)
+{
+    VLOG(("selfserv: sigusr1_handler: stop server"));
+    stop_server();
+}
+
+#endif
+
+SECStatus
+do_accepts(
+    PRFileDesc *listen_sock,
+    PRFileDesc *model_sock,
+    int requestCert)
+{
+    PRNetAddr addr;
+    PRErrorCode perr;
+#ifdef XP_UNIX
+    struct sigaction act;
+#endif
+
+    VLOG(("selfserv: do_accepts: starting"));
+    PR_SetThreadPriority(PR_GetCurrentThread(), PR_PRIORITY_HIGH);
+
+    acceptorThread = PR_GetCurrentThread();
+#ifdef XP_UNIX
+    /* set up the signal handler */
+    act.sa_handler = sigusr1_handler;
+    sigemptyset(&act.sa_mask);
+    act.sa_flags = 0;
+    if (sigaction(SIGUSR1, &act, NULL)) {
+        fprintf(stderr, "Error installing signal handler.\n");
+        exit(1);
+    }
+#endif
+    while (!stopping) {
+        PRFileDesc *tcp_sock;
+        PRCList *myLink;
+
+        FPRINTF(stderr, "\n\n\nselfserv: About to call accept.\n");
+        tcp_sock = PR_Accept(listen_sock, &addr, PR_INTERVAL_NO_TIMEOUT);
+        if (tcp_sock == NULL) {
+            perr = PR_GetError();
+            if ((perr != PR_CONNECT_RESET_ERROR &&
+                 perr != PR_PENDING_INTERRUPT_ERROR) ||
+                verbose) {
+                errWarn("PR_Accept");
+            }
+            if (perr == PR_CONNECT_RESET_ERROR) {
+                FPRINTF(stderr,
+                        "Ignoring PR_CONNECT_RESET_ERROR error - continue\n");
+                continue;
+            }
+            stopping = 1;
+            break;
+        }
+
+        VLOG(("selfserv: do_accept: Got connection\n"));
+
+        if (logStats) {
+            PR_ATOMIC_INCREMENT(&loggerOps);
+        }
+
+        PZ_Lock(qLock);
+        while (PR_CLIST_IS_EMPTY(&freeJobs) && !stopping) {
+            PZ_WaitCondVar(freeListNotEmptyCv, PR_INTERVAL_NO_TIMEOUT);
+        }
+        if (stopping) {
+            PZ_Unlock(qLock);
+            if (tcp_sock) {
+                PR_Close(tcp_sock);
+            }
+            break;
+        }
+        myLink = PR_LIST_HEAD(&freeJobs);
+        PR_REMOVE_AND_INIT_LINK(myLink);
+        /* could release qLock here and reaquire it 7 lines below, but
+        ** why bother for 4 assignment statements?
+        */
+        {
+            JOB *myJob = (JOB *)myLink;
+            myJob->tcp_sock = tcp_sock;
+            myJob->model_sock = model_sock;
+            myJob->requestCert = requestCert;
+        }
+
+        PR_APPEND_LINK(myLink, &jobQ);
+        PZ_NotifyCondVar(jobQNotEmptyCv);
+        PZ_Unlock(qLock);
+    }
+
+    FPRINTF(stderr, "selfserv: Closing listen socket.\n");
+    VLOG(("selfserv: do_accepts: exiting"));
+    if (listen_sock) {
+        PR_Close(listen_sock);
+    }
+    return SECSuccess;
+}
+
+PRFileDesc *
+getBoundListenSocket(unsigned short port)
+{
+    PRFileDesc *listen_sock;
+    int listenQueueDepth = 5 + (2 * maxThreads);
+    PRStatus prStatus;
+    PRNetAddr addr;
+    PRSocketOptionData opt;
+
+    addr.inet.family = PR_AF_INET;
+    addr.inet.ip = PR_INADDR_ANY;
+    addr.inet.port = PR_htons(port);
+
+    listen_sock = PR_NewTCPSocket();
+    if (listen_sock == NULL) {
+        errExit("PR_NewTCPSocket");
+    }
+
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    prStatus = PR_SetSocketOption(listen_sock, &opt);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)");
+    }
+
+    opt.option = PR_SockOpt_Reuseaddr;
+    opt.value.reuse_addr = PR_TRUE;
+    prStatus = PR_SetSocketOption(listen_sock, &opt);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_SetSocketOption(PR_SockOpt_Reuseaddr)");
+    }
+
+#ifndef WIN95
+    /* Set PR_SockOpt_Linger because it helps prevent a server bind issue
+     * after clean shutdown . See bug 331413 .
+     * Don't do it in the WIN95 build configuration because clean shutdown is
+     * not implemented, and PR_SockOpt_Linger causes a hang in ssl.sh .
+     * See bug 332348 */
+    opt.option = PR_SockOpt_Linger;
+    opt.value.linger.polarity = PR_TRUE;
+    opt.value.linger.linger = PR_SecondsToInterval(1);
+    prStatus = PR_SetSocketOption(listen_sock, &opt);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_SetSocketOption(PR_SockOpt_Linger)");
+    }
+#endif
+
+    prStatus = PR_Bind(listen_sock, &addr);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_Bind");
+    }
+
+    prStatus = PR_Listen(listen_sock, listenQueueDepth);
+    if (prStatus < 0) {
+        PR_Close(listen_sock);
+        errExit("PR_Listen");
+    }
+    return listen_sock;
+}
+
+PRInt32 PR_CALLBACK
+logWritev(
+    PRFileDesc *fd,
+    const PRIOVec *iov,
+    PRInt32 size,
+    PRIntervalTime timeout)
+{
+    PRInt32 rv = (fd->lower->methods->writev)(fd->lower, iov, size,
+                                              timeout);
+    /* Add the amount written, but not if there's an error */
+    if (rv > 0)
+        PR_ATOMIC_ADD(&loggerBytesTCP, rv);
+    return rv;
+}
+
+PRInt32 PR_CALLBACK
+logWrite(
+    PRFileDesc *fd,
+    const void *buf,
+    PRInt32 amount)
+{
+    PRInt32 rv = (fd->lower->methods->write)(fd->lower, buf, amount);
+    /* Add the amount written, but not if there's an error */
+    if (rv > 0)
+        PR_ATOMIC_ADD(&loggerBytesTCP, rv);
+
+    return rv;
+}
+
+PRInt32 PR_CALLBACK
+logSend(
+    PRFileDesc *fd,
+    const void *buf,
+    PRInt32 amount,
+    PRIntn flags,
+    PRIntervalTime timeout)
+{
+    PRInt32 rv = (fd->lower->methods->send)(fd->lower, buf, amount,
+                                            flags, timeout);
+    /* Add the amount written, but not if there's an error */
+    if (rv > 0)
+        PR_ATOMIC_ADD(&loggerBytesTCP, rv);
+    return rv;
+}
+
+void
+initLoggingLayer(void)
+{
+    /* get a new layer ID */
+    log_layer_id = PR_GetUniqueIdentity("Selfserv Logging");
+    if (log_layer_id == PR_INVALID_IO_LAYER)
+        errExit("PR_GetUniqueIdentity");
+
+    /* setup the default IO methods with my custom write methods */
+    memcpy(&loggingMethods, PR_GetDefaultIOMethods(), sizeof(PRIOMethods));
+    loggingMethods.writev = logWritev;
+    loggingMethods.write = logWrite;
+    loggingMethods.send = logSend;
+}
+
+void
+handshakeCallback(PRFileDesc *fd, void *client_data)
+{
+    const char *handshakeName = (const char *)client_data;
+    if (handshakeName && !failedToNegotiateName) {
+        SECItem *hostInfo = SSL_GetNegotiatedHostInfo(fd);
+        if (!hostInfo || PORT_Strncmp(handshakeName, (char *)hostInfo->data,
+                                      hostInfo->len)) {
+            failedToNegotiateName = PR_TRUE;
+        }
+        if (hostInfo) {
+            SECITEM_FreeItem(hostInfo, PR_TRUE);
+        }
+    }
+}
+
+void
+server_main(
+    PRFileDesc *listen_sock,
+    int requestCert,
+    SECKEYPrivateKey **privKey,
+    CERTCertificate **cert,
+    const char *expectedHostNameVal)
+{
+    int i;
+    PRFileDesc *model_sock = NULL;
+    int rv;
+    SECStatus secStatus;
+
+    if (useModelSocket) {
+        model_sock = PR_NewTCPSocket();
+        if (model_sock == NULL) {
+            errExit("PR_NewTCPSocket on model socket");
+        }
+        model_sock = SSL_ImportFD(NULL, model_sock);
+        if (model_sock == NULL) {
+            errExit("SSL_ImportFD");
+        }
+    } else {
+        model_sock = listen_sock = SSL_ImportFD(NULL, listen_sock);
+        if (listen_sock == NULL) {
+            errExit("SSL_ImportFD");
+        }
+    }
+
+    /* do SSL configuration. */
+    rv = SSL_OptionSet(model_sock, SSL_SECURITY, enabledVersions.min != 0);
+    if (rv < 0) {
+        errExit("SSL_OptionSet SSL_SECURITY");
+    }
+
+    rv = SSL_VersionRangeSet(model_sock, &enabledVersions);
+    if (rv != SECSuccess) {
+        errExit("error setting SSL/TLS version range ");
+    }
+
+    rv = SSL_OptionSet(model_sock, SSL_ROLLBACK_DETECTION, !disableRollBack);
+    if (rv != SECSuccess) {
+        errExit("error enabling RollBack detection ");
+    }
+    if (disableLocking) {
+        rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, PR_TRUE);
+        if (rv != SECSuccess) {
+            errExit("error disabling SSL socket locking ");
+        }
+    }
+    if (enableSessionTickets) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+        if (rv != SECSuccess) {
+            errExit("error enabling Session Ticket extension ");
+        }
+    }
+
+    if (enableCompression) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+        if (rv != SECSuccess) {
+            errExit("error enabling compression ");
+        }
+    }
+
+    if (virtServerNameIndex > 1) {
+        rv = SSL_SNISocketConfigHook(model_sock, mySSLSNISocketConfig,
+                                     (void *)&virtServerNameArray);
+        if (rv != SECSuccess) {
+            errExit("error enabling SNI extension ");
+        }
+    }
+
+    if (configureDHE > -1) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0));
+        if (rv != SECSuccess) {
+            errExit("error configuring server side DHE support");
+        }
+        rv = SSL_OptionSet(model_sock, SSL_REQUIRE_DH_NAMED_GROUPS, (configureDHE > 1));
+        if (rv != SECSuccess) {
+            errExit("error configuring server side FFDHE support");
+        }
+        PORT_Assert(configureDHE <= 2);
+    }
+
+    if (configureReuseECDHE > -1) {
+        rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0));
+        if (rv != SECSuccess) {
+            errExit("error configuring server side reuse of ECDHE key");
+        }
+    }
+
+    if (configureWeakDHE > -1) {
+        rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0));
+        if (rv != SECSuccess) {
+            errExit("error configuring weak DHE prime group");
+        }
+    }
+
+    if (enableExtendedMasterSecret) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+        if (rv != SECSuccess) {
+            errExit("error enabling extended master secret ");
+        }
+    }
+
+    /* This uses the legacy certificate API.  See mySSLSNISocketConfig() for the
+     * new, prefered API. */
+    for (i = 0; i < certNicknameIndex; i++) {
+        if (cert[i] != NULL) {
+            const SSLExtraServerCertData ocspData = {
+                ssl_auth_null, NULL, certStatus[i], NULL
+            };
+
+            secStatus = SSL_ConfigServerCert(model_sock, cert[i],
+                                             privKey[i], &ocspData,
+                                             sizeof(ocspData));
+            if (secStatus != SECSuccess)
+                errExit("SSL_ConfigServerCert");
+        }
+    }
+
+    if (bigBuf.data) { /* doing FDX */
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
+        if (rv < 0) {
+            errExit("SSL_OptionSet SSL_ENABLE_FDX");
+        }
+    }
+
+    if (NoReuse) {
+        rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1);
+        if (rv < 0) {
+            errExit("SSL_OptionSet SSL_NO_CACHE");
+        }
+    }
+
+    if (zeroRTT) {
+        if (enabledVersions.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+            errExit("You tried enabling 0RTT without enabling TLS 1.3!");
+        }
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_0RTT_DATA, PR_TRUE);
+        if (rv != SECSuccess) {
+            errExit("error enabling 0RTT ");
+        }
+    }
+
+    if (enableALPN) {
+        PRUint8 alpnVal[] = { 0x08,
+                              0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 };
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_ALPN, PR_TRUE);
+        if (rv != SECSuccess) {
+            errExit("error enabling ALPN");
+        }
+
+        rv = SSL_SetNextProtoNego(model_sock, alpnVal, sizeof(alpnVal));
+        if (rv != SECSuccess) {
+            errExit("error enabling ALPN");
+        }
+    }
+
+    if (enabledGroups) {
+        rv = SSL_NamedGroupConfig(model_sock, enabledGroups, enabledGroupsCount);
+        if (rv < 0) {
+            errExit("SSL_NamedGroupConfig failed");
+        }
+    }
+
+    /* This cipher is not on by default. The Acceptance test
+     * would like it to be. Turn this cipher on.
+     */
+
+    secStatus = SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
+    if (secStatus != SECSuccess) {
+        errExit("SSL_CipherPrefSetDefault:TLS_RSA_WITH_NULL_MD5");
+    }
+
+    if (expectedHostNameVal) {
+        SSL_HandshakeCallback(model_sock, handshakeCallback,
+                              (void *)expectedHostNameVal);
+    }
+
+    if (requestCert) {
+        SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
+                                (void *)CERT_GetDefaultCertDB());
+        if (requestCert <= 2) {
+            rv = SSL_OptionSet(model_sock, SSL_REQUEST_CERTIFICATE, 1);
+            if (rv < 0) {
+                errExit("first SSL_OptionSet SSL_REQUEST_CERTIFICATE");
+            }
+            rv = SSL_OptionSet(model_sock, SSL_REQUIRE_CERTIFICATE,
+                               (requestCert == 2));
+            if (rv < 0) {
+                errExit("first SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
+            }
+        }
+    }
+
+    if (MakeCertOK)
+        SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
+
+    /* end of ssl configuration. */
+
+    /* Now, do the accepting, here in the main thread. */
+    rv = do_accepts(listen_sock, model_sock, requestCert);
+
+    terminateWorkerThreads();
+
+    if (useModelSocket && model_sock) {
+        if (model_sock) {
+            PR_Close(model_sock);
+        }
+    }
+}
+
+SECStatus
+readBigFile(const char *fileName)
+{
+    PRFileInfo info;
+    PRStatus status;
+    SECStatus rv = SECFailure;
+    int count;
+    int hdrLen;
+    PRFileDesc *local_file_fd = NULL;
+
+    status = PR_GetFileInfo(fileName, &info);
+
+    if (status == PR_SUCCESS &&
+        info.type == PR_FILE_FILE &&
+        info.size > 0 &&
+        NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
+
+        hdrLen = PORT_Strlen(outHeader);
+        bigBuf.len = hdrLen + info.size;
+        bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
+        if (!bigBuf.data) {
+            errWarn("PORT_Malloc");
+            goto done;
+        }
+
+        PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
+
+        count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
+        if (count != info.size) {
+            errWarn("PR_Read local file");
+            goto done;
+        }
+        rv = SECSuccess;
+    done:
+        if (local_file_fd) {
+            PR_Close(local_file_fd);
+        }
+    }
+    return rv;
+}
+
+int numChildren;
+PRProcess *child[MAX_PROCS];
+
+PRProcess *
+haveAChild(int argc, char **argv, PRProcessAttr *attr)
+{
+    PRProcess *newProcess;
+
+    newProcess = PR_CreateProcess(argv[0], argv, NULL, attr);
+    if (!newProcess) {
+        errWarn("Can't create new process.");
+    } else {
+        child[numChildren++] = newProcess;
+    }
+    return newProcess;
+}
+
+void
+beAGoodParent(int argc, char **argv, int maxProcs, PRFileDesc *listen_sock)
+{
+    PRProcess *newProcess;
+    PRProcessAttr *attr;
+    int i;
+    PRInt32 exitCode;
+    PRStatus rv;
+
+    rv = PR_SetFDInheritable(listen_sock, PR_TRUE);
+    if (rv != PR_SUCCESS)
+        errExit("PR_SetFDInheritable");
+
+    attr = PR_NewProcessAttr();
+    if (!attr)
+        errExit("PR_NewProcessAttr");
+
+    rv = PR_ProcessAttrSetInheritableFD(attr, listen_sock, inheritableSockName);
+    if (rv != PR_SUCCESS)
+        errExit("PR_ProcessAttrSetInheritableFD");
+
+    for (i = 0; i < maxProcs; ++i) {
+        newProcess = haveAChild(argc, argv, attr);
+        if (!newProcess)
+            break;
+    }
+
+    rv = PR_SetFDInheritable(listen_sock, PR_FALSE);
+    if (rv != PR_SUCCESS)
+        errExit("PR_SetFDInheritable");
+
+    while (numChildren > 0) {
+        newProcess = child[numChildren - 1];
+        PR_WaitProcess(newProcess, &exitCode);
+        fprintf(stderr, "Child %d exited with exit code %x\n",
+                numChildren, exitCode);
+        numChildren--;
+    }
+    exit(0);
+}
+
+#define HEXCHAR_TO_INT(c, i)                                              \
+    if (((c) >= '0') && ((c) <= '9')) {                                   \
+        i = (c) - '0';                                                    \
+    } else if (((c) >= 'a') && ((c) <= 'f')) {                            \
+        i = (c) - 'a' + 10;                                               \
+    } else if (((c) >= 'A') && ((c) <= 'F')) {                            \
+        i = (c) - 'A' + 10;                                               \
+    } else if ((c) == '\0') {                                             \
+        fprintf(stderr, "Invalid length of cipher string (-c :WXYZ).\n"); \
+        exit(9);                                                          \
+    } else {                                                              \
+        fprintf(stderr, "Non-hex char in cipher string (-c :WXYZ).\n");   \
+        exit(9);                                                          \
+    }
+
+SECStatus
+enableOCSPStapling(const char *mode)
+{
+    if (!strcmp(mode, "good")) {
+        ocspStaplingMode = osm_good;
+        return SECSuccess;
+    }
+    if (!strcmp(mode, "unknown")) {
+        ocspStaplingMode = osm_unknown;
+        return SECSuccess;
+    }
+    if (!strcmp(mode, "revoked")) {
+        ocspStaplingMode = osm_revoked;
+        return SECSuccess;
+    }
+    if (!strcmp(mode, "badsig")) {
+        ocspStaplingMode = osm_badsig;
+        return SECSuccess;
+    }
+    if (!strcmp(mode, "corrupted")) {
+        ocspStaplingMode = osm_corrupted;
+        return SECSuccess;
+    }
+    if (!strcmp(mode, "failure")) {
+        ocspStaplingMode = osm_failure;
+        return SECSuccess;
+    }
+    if (!strcmp(mode, "random")) {
+        ocspStaplingMode = osm_random;
+        return SECSuccess;
+    }
+    if (!strcmp(mode, "ocsp")) {
+        ocspStaplingMode = osm_ocsp;
+        return SECSuccess;
+    }
+    return SECFailure;
+}
+
+int
+main(int argc, char **argv)
+{
+    char *progName = NULL;
+    const char *fileName = NULL;
+    char *cipherString = NULL;
+    const char *dir = ".";
+    char *passwd = NULL;
+    char *pwfile = NULL;
+    const char *pidFile = NULL;
+    char *tmp;
+    char *envString;
+    PRFileDesc *listen_sock;
+    CERTCertificate *cert[MAX_CERT_NICKNAME_ARRAY_INDEX] = { NULL };
+    SECKEYPrivateKey *privKey[MAX_CERT_NICKNAME_ARRAY_INDEX] = { NULL };
+    int optionsFound = 0;
+    int maxProcs = 1;
+    unsigned short port = 0;
+    SECStatus rv = SECSuccess;
+    PRStatus prStatus;
+    PRBool bindOnly = PR_FALSE;
+    PRBool useLocalThreads = PR_FALSE;
+    PLOptState *optstate;
+    PLOptStatus status;
+    PRThread *loggerThread = NULL;
+    PRBool debugCache = PR_FALSE; /* bug 90518 */
+    char emptyString[] = { "" };
+    char *certPrefix = emptyString;
+    SSL3Statistics *ssl3stats;
+    PRUint32 i;
+    secuPWData pwdata = { PW_NONE, 0 };
+    char *expectedHostNameVal = NULL;
+    PLArenaPool *certStatusArena = NULL;
+
+    tmp = strrchr(argv[0], '/');
+    tmp = tmp ? tmp + 1 : argv[0];
+    progName = strrchr(tmp, '\\');
+    progName = progName ? progName + 1 : tmp;
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
+
+    /* please keep this list of options in ASCII collating sequence.
+    ** numbers, then capital letters, then lower case, alphabetical.
+    ** XXX: 'B', 'E', 'q', and 'x' were used in the past but removed
+    **      in 3.28, please leave some time before resuing those. */
+    optstate = PL_CreateOptState(argc, argv,
+                                 "2:A:C:DGH:I:L:M:NP:QRS:T:U:V:W:YZa:bc:d:e:f:g:hi:jk:lmn:op:rst:uvw:yz");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        ++optionsFound;
+        switch (optstate->option) {
+            case '2':
+                fileName = optstate->value;
+                break;
+
+            case 'A':
+                ocspStaplingCA = PORT_Strdup(optstate->value);
+                break;
+
+            case 'C':
+                if (optstate->value)
+                    NumSidCacheEntries = PORT_Atoi(optstate->value);
+                break;
+
+            case 'D':
+                noDelay = PR_TRUE;
+                break;
+            case 'H':
+                configureDHE = (PORT_Atoi(optstate->value) != 0);
+                break;
+
+            case 'G':
+                enableExtendedMasterSecret = PR_TRUE;
+                break;
+
+            case 'L':
+                logStats = PR_TRUE;
+                if (optstate->value == NULL) {
+                    logPeriod = 30;
+                } else {
+                    logPeriod = PORT_Atoi(optstate->value);
+                    if (logPeriod <= 0)
+                        logPeriod = 30;
+                }
+                break;
+
+            case 'M':
+                maxProcs = PORT_Atoi(optstate->value);
+                if (maxProcs < 1)
+                    maxProcs = 1;
+                if (maxProcs > MAX_PROCS)
+                    maxProcs = MAX_PROCS;
+                break;
+
+            case 'N':
+                NoReuse = PR_TRUE;
+                break;
+
+            case 'R':
+                disableRollBack = PR_TRUE;
+                break;
+
+            case 'S':
+                if (certNicknameIndex >= MAX_CERT_NICKNAME_ARRAY_INDEX) {
+                    Usage(progName);
+                    break;
+                }
+                certNicknameArray[certNicknameIndex++] = PORT_Strdup(optstate->value);
+                break;
+
+            case 'T':
+                if (enableOCSPStapling(optstate->value) != SECSuccess) {
+                    fprintf(stderr, "Invalid OCSP stapling mode.\n");
+                    fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+                    exit(53);
+                }
+                break;
+
+            case 'U':
+                configureReuseECDHE = (PORT_Atoi(optstate->value) != 0);
+                break;
+
+            case 'V':
+                if (SECU_ParseSSLVersionRangeString(optstate->value,
+                                                    enabledVersions, &enabledVersions) !=
+                    SECSuccess) {
+                    fprintf(stderr, "Bad version specified.\n");
+                    Usage(progName);
+                    exit(1);
+                }
+                break;
+
+            case 'W':
+                configureWeakDHE = (PORT_Atoi(optstate->value) != 0);
+                break;
+
+            case 'Y':
+                PrintCipherUsage(progName);
+                exit(0);
+                break;
+
+            case 'a':
+                if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) {
+                    Usage(progName);
+                    break;
+                }
+                virtServerNameArray[virtServerNameIndex++] =
+                    PORT_Strdup(optstate->value);
+                break;
+
+            case 'b':
+                bindOnly = PR_TRUE;
+                break;
+
+            case 'c':
+                cipherString = PORT_Strdup(optstate->value);
+                break;
+
+            case 'd':
+                dir = optstate->value;
+                break;
+
+#ifndef NSS_DISABLE_ECC
+            case 'e':
+                if (certNicknameIndex >= MAX_CERT_NICKNAME_ARRAY_INDEX) {
+                    Usage(progName);
+                    break;
+                }
+                certNicknameArray[certNicknameIndex++] = PORT_Strdup(optstate->value);
+                break;
+#endif /* NSS_DISABLE_ECC */
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = pwfile = PORT_Strdup(optstate->value);
+                break;
+
+            case 'g':
+                testBulk = PR_TRUE;
+                testBulkTotal = PORT_Atoi(optstate->value);
+                break;
+
+            case 'h':
+                Usage(progName);
+                exit(0);
+                break;
+
+            case 'i':
+                pidFile = optstate->value;
+                break;
+
+            case 'j':
+                initLoggingLayer();
+                loggingLayer = PR_TRUE;
+                break;
+
+            case 'k':
+                expectedHostNameVal = PORT_Strdup(optstate->value);
+                break;
+
+            case 'l':
+                useLocalThreads = PR_TRUE;
+                break;
+
+            case 'm':
+                useModelSocket = PR_TRUE;
+                break;
+
+            case 'n':
+                if (certNicknameIndex >= MAX_CERT_NICKNAME_ARRAY_INDEX) {
+                    Usage(progName);
+                    break;
+                }
+                certNicknameArray[certNicknameIndex++] = PORT_Strdup(optstate->value);
+                virtServerNameArray[0] = PORT_Strdup(optstate->value);
+                break;
+
+            case 'P':
+                certPrefix = PORT_Strdup(optstate->value);
+                break;
+
+            case 'o':
+                MakeCertOK = 1;
+                break;
+
+            case 'p':
+                port = PORT_Atoi(optstate->value);
+                break;
+
+            case 'r':
+                ++requestCert;
+                break;
+
+            case 's':
+                disableLocking = PR_TRUE;
+                break;
+
+            case 't':
+                maxThreads = PORT_Atoi(optstate->value);
+                if (maxThreads > MAX_THREADS)
+                    maxThreads = MAX_THREADS;
+                if (maxThreads < MIN_THREADS)
+                    maxThreads = MIN_THREADS;
+                break;
+
+            case 'u':
+                enableSessionTickets = PR_TRUE;
+                break;
+
+            case 'v':
+                verbose++;
+                break;
+
+            case 'w':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = passwd = PORT_Strdup(optstate->value);
+                break;
+
+            case 'y':
+                debugCache = PR_TRUE;
+                break;
+
+            case 'z':
+                enableCompression = PR_TRUE;
+                break;
+
+            case 'Z':
+                zeroRTT = PR_TRUE;
+                break;
+
+            case 'Q':
+                enableALPN = PR_TRUE;
+                break;
+
+            case 'I':
+                rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount);
+                if (rv != SECSuccess) {
+                    PL_DestroyOptState(optstate);
+                    fprintf(stderr, "Bad group specified.\n");
+                    fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+                    exit(5);
+                }
+                break;
+
+            default:
+            case '?':
+                fprintf(stderr, "Unrecognized or bad option specified.\n");
+                fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+                exit(4);
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+    if (status == PL_OPT_BAD) {
+        fprintf(stderr, "Unrecognized or bad option specified.\n");
+        fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+        exit(5);
+    }
+    if (!optionsFound) {
+        Usage(progName);
+        exit(51);
+    }
+    switch (ocspStaplingMode) {
+        case osm_good:
+        case osm_revoked:
+        case osm_unknown:
+        case osm_random:
+            if (!ocspStaplingCA) {
+                fprintf(stderr, "Selected stapling response requires the -A parameter.\n");
+                fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+                exit(52);
+            }
+            break;
+        default:
+            break;
+    }
+
+    /* The -b (bindOnly) option is only used by the ssl.sh test
+     * script on Linux to determine whether a previous selfserv
+     * process has fully died and freed the port.  (Bug 129701)
+     */
+    if (bindOnly) {
+        listen_sock = getBoundListenSocket(port);
+        if (!listen_sock) {
+            exit(1);
+        }
+        if (listen_sock) {
+            PR_Close(listen_sock);
+        }
+        exit(0);
+    }
+
+    if (certNicknameIndex == 0) {
+        fprintf(stderr, "Must specify at least one certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC).\n");
+        fprintf(stderr, "Run '%s -h' for usage information.\n", progName);
+        exit(6);
+    }
+
+    if (port == 0) {
+        fprintf(stderr, "Required argument 'port' must be non-zero value\n");
+        exit(7);
+    }
+
+    if (NoReuse && maxProcs > 1) {
+        fprintf(stderr, "-M and -N options are mutually exclusive.\n");
+        exit(14);
+    }
+
+    if (pidFile) {
+        FILE *tmpfile = fopen(pidFile, "w+");
+
+        if (tmpfile) {
+            fprintf(tmpfile, "%d", getpid());
+            fclose(tmpfile);
+        }
+    }
+
+    /* allocate and initialize app data for bulk encryption testing */
+    if (testBulk) {
+        testBulkBuf = PORT_Malloc(testBulkSize);
+        if (testBulkBuf == NULL)
+            errExit("Out of memory: testBulkBuf");
+        for (i = 0; i < testBulkSize; i++)
+            testBulkBuf[i] = i;
+    }
+
+    envString = PR_GetEnvSecure(envVarName);
+    tmp = PR_GetEnvSecure("TMP");
+    if (!tmp)
+        tmp = PR_GetEnvSecure("TMPDIR");
+    if (!tmp)
+        tmp = PR_GetEnvSecure("TEMP");
+    if (envString) {
+        /* we're one of the children in a multi-process server. */
+        listen_sock = PR_GetInheritedFD(inheritableSockName);
+        if (!listen_sock)
+            errExit("PR_GetInheritedFD");
+#ifndef WINNT
+        /* we can't do this on NT because it breaks NSPR and
+    PR_Accept will fail on the socket in the child process if
+    the socket state is change to non inheritable
+    It is however a security issue to leave it accessible,
+    but it is OK for a test server such as selfserv.
+    NSPR should fix it eventually . see bugzilla 101617
+    and 102077
+    */
+        prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
+        if (prStatus != PR_SUCCESS)
+            errExit("PR_SetFDInheritable");
+#endif
+        rv = SSL_InheritMPServerSIDCache(envString);
+        if (rv != SECSuccess)
+            errExit("SSL_InheritMPServerSIDCache");
+        hasSidCache = PR_TRUE;
+    } else if (maxProcs > 1) {
+        /* we're going to be the parent in a multi-process server.  */
+        listen_sock = getBoundListenSocket(port);
+        rv = SSL_ConfigMPServerSIDCache(NumSidCacheEntries, 0, 0, tmp);
+        if (rv != SECSuccess)
+            errExit("SSL_ConfigMPServerSIDCache");
+        hasSidCache = PR_TRUE;
+        beAGoodParent(argc, argv, maxProcs, listen_sock);
+        exit(99); /* should never get here */
+    } else {
+        /* we're an ordinary single process server. */
+        listen_sock = getBoundListenSocket(port);
+        prStatus = PR_SetFDInheritable(listen_sock, PR_FALSE);
+        if (prStatus != PR_SUCCESS)
+            errExit("PR_SetFDInheritable");
+        if (!NoReuse) {
+            rv = SSL_ConfigServerSessionIDCache(NumSidCacheEntries,
+                                                0, 0, tmp);
+            if (rv != SECSuccess)
+                errExit("SSL_ConfigServerSessionIDCache");
+            hasSidCache = PR_TRUE;
+        }
+    }
+
+    lm = PR_NewLogModule("TestCase");
+
+    if (fileName)
+        readBigFile(fileName);
+
+    /* set our password function */
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /* Call the NSS initialization routines */
+    rv = NSS_Initialize(dir, certPrefix, certPrefix, SECMOD_DB, NSS_INIT_READONLY);
+    if (rv != SECSuccess) {
+        fputs("NSS_Init failed.\n", stderr);
+        exit(8);
+    }
+
+    /* all SSL3 cipher suites are enabled by default. */
+    if (cipherString) {
+        char *cstringSaved = cipherString;
+        int ndx;
+
+        /* disable all the ciphers, then enable the ones we want. */
+        disableAllSSLCiphers();
+
+        while (0 != (ndx = *cipherString++)) {
+            int cipher = 0;
+
+            if (ndx == ':') {
+                int ctmp;
+
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 12);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 8);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 4);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= ctmp;
+                cipherString++;
+            } else {
+                if (!isalpha(ndx)) {
+                    fprintf(stderr,
+                            "Non-alphabetic char in cipher string (-c arg).\n");
+                    exit(9);
+                }
+                ndx = tolower(ndx) - 'a';
+                if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) {
+                    cipher = ssl3CipherSuites[ndx];
+                }
+            }
+            if (cipher > 0) {
+                SECStatus status;
+                status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
+                if (status != SECSuccess)
+                    SECU_PrintError(progName, "SSL_CipherPrefSet()");
+            } else {
+                fprintf(stderr,
+                        "Invalid cipher specification (-c arg).\n");
+                exit(9);
+            }
+        }
+        PORT_Free(cstringSaved);
+    }
+
+    certStatusArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!certStatusArena)
+        errExit("cannot allocate certStatusArena");
+
+    for (i = 0; i < certNicknameIndex; i++) {
+        cert[i] = PK11_FindCertFromNickname(certNicknameArray[i], &pwdata);
+        if (cert[i] == NULL) {
+            fprintf(stderr, "selfserv: Can't find certificate %s\n", certNicknameArray[i]);
+            exit(10);
+        }
+        privKey[i] = PK11_FindKeyByAnyCert(cert[i], &pwdata);
+        if (privKey[i] == NULL) {
+            fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n",
+                    certNicknameArray[i]);
+            exit(11);
+        }
+#ifdef NSS_DISABLE_ECC
+        if (privKey[i]->keyType != ecKey)
+#endif
+            setupCertStatus(certStatusArena, ocspStaplingMode, cert[i], i, &pwdata);
+    }
+
+    if (configureWeakDHE > 0) {
+        fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n");
+        rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n");
+    }
+
+    /* allocate the array of thread slots, and launch the worker threads. */
+    rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
+
+    if (rv == SECSuccess && logStats) {
+        loggerThread = PR_CreateThread(PR_SYSTEM_THREAD,
+                                       logger, NULL, PR_PRIORITY_NORMAL,
+                                       useLocalThreads ? PR_LOCAL_THREAD
+                                                       : PR_GLOBAL_THREAD,
+                                       PR_JOINABLE_THREAD, 0);
+        if (loggerThread == NULL) {
+            fprintf(stderr, "selfserv: Failed to launch logger thread!\n");
+            rv = SECFailure;
+        }
+    }
+
+    if (rv == SECSuccess) {
+        server_main(listen_sock, requestCert, privKey, cert,
+                    expectedHostNameVal);
+    }
+
+    VLOG(("selfserv: server_thread: exiting"));
+
+cleanup:
+    printSSLStatistics();
+    ssl3stats = SSL_GetStatistics();
+    if (ssl3stats->hch_sid_ticket_parse_failures != 0) {
+        fprintf(stderr, "selfserv: Experienced ticket parse failure(s)\n");
+        exit(1);
+    }
+    if (failedToNegotiateName) {
+        fprintf(stderr, "selfserv: Failed properly negotiate server name\n");
+        exit(1);
+    }
+
+    {
+        int i;
+        for (i = 0; i < certNicknameIndex; i++) {
+            if (cert[i]) {
+                CERT_DestroyCertificate(cert[i]);
+            }
+            if (privKey[i]) {
+                SECKEY_DestroyPrivateKey(privKey[i]);
+            }
+            PORT_Free(certNicknameArray[i]);
+        }
+        for (i = 0; virtServerNameArray[i]; i++) {
+            PORT_Free(virtServerNameArray[i]);
+        }
+    }
+
+    if (debugCache) {
+        nss_DumpCertificateCacheInfo();
+    }
+    if (expectedHostNameVal) {
+        PORT_Free(expectedHostNameVal);
+    }
+    if (passwd) {
+        PORT_Free(passwd);
+    }
+    if (pwfile) {
+        PORT_Free(pwfile);
+    }
+    if (certPrefix && certPrefix != emptyString) {
+        PORT_Free(certPrefix);
+    }
+
+    if (hasSidCache) {
+        SSL_ShutdownServerSessionIDCache();
+    }
+    if (certStatusArena) {
+        PORT_FreeArena(certStatusArena, PR_FALSE);
+    }
+    if (enabledGroups) {
+        PORT_Free(enabledGroups);
+    }
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS_Shutdown");
+        if (loggerThread) {
+            PR_JoinThread(loggerThread);
+        }
+        PR_Cleanup();
+        exit(1);
+    }
+    PR_Cleanup();
+    printf("selfserv: normal termination\n");
+    return 0;
+}
diff --git a/nss/cmd/selfserv/selfserv.gyp b/nss/cmd/selfserv/selfserv.gyp
new file mode 100644
index 0000000..783be84
--- /dev/null
+++ b/nss/cmd/selfserv/selfserv.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'selfserv',
+      'type': 'executable',
+      'sources': [
+        'selfserv.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/serverProof/.cproject b/nss/cmd/serverProof/.cproject
new file mode 100644
index 0000000..b51d0e6
--- /dev/null
+++ b/nss/cmd/serverProof/.cproject
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="0.1604593253">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="0.1604593253" moduleId="org.eclipse.cdt.core.settings" name="Default">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration buildProperties="" description="" id="0.1604593253" name="Default" parent="org.eclipse.cdt.build.core.prefbase.cfg">
+					<folderInfo id="0.1604593253." name="/" resourcePath="">
+						<toolChain id="org.eclipse.cdt.build.core.prefbase.toolchain.1923470177" name="No ToolChain" resourceTypeBasedDiscovery="false" superClass="org.eclipse.cdt.build.core.prefbase.toolchain">
+							<targetPlatform id="org.eclipse.cdt.build.core.prefbase.toolchain.1923470177.899434207" name=""/>
+							<builder id="org.eclipse.cdt.build.core.settings.default.builder.19782128" keepEnvironmentInBuildfile="false" managedBuildOn="false" name="Gnu Make Builder" superClass="org.eclipse.cdt.build.core.settings.default.builder"/>
+							<tool id="org.eclipse.cdt.build.core.settings.holder.libs.1070409250" name="holder for library settings" superClass="org.eclipse.cdt.build.core.settings.holder.libs"/>
+							<tool id="org.eclipse.cdt.build.core.settings.holder.2013824838" name="Assembly" superClass="org.eclipse.cdt.build.core.settings.holder">
+								<inputType id="org.eclipse.cdt.build.core.settings.holder.inType.707285634" languageId="org.eclipse.cdt.core.assembly" languageName="Assembly" sourceContentType="org.eclipse.cdt.core.asmSource" superClass="org.eclipse.cdt.build.core.settings.holder.inType"/>
+							</tool>
+							<tool id="org.eclipse.cdt.build.core.settings.holder.1631781479" name="GNU C++" superClass="org.eclipse.cdt.build.core.settings.holder">
+								<inputType id="org.eclipse.cdt.build.core.settings.holder.inType.2008852347" languageId="org.eclipse.cdt.core.g++" languageName="GNU C++" sourceContentType="org.eclipse.cdt.core.cxxSource,org.eclipse.cdt.core.cxxHeader" superClass="org.eclipse.cdt.build.core.settings.holder.inType"/>
+							</tool>
+							<tool id="org.eclipse.cdt.build.core.settings.holder.1548320010" name="GNU C" superClass="org.eclipse.cdt.build.core.settings.holder">
+								<option id="org.eclipse.cdt.build.core.settings.holder.incpaths.1978357764" superClass="org.eclipse.cdt.build.core.settings.holder.incpaths" valueType="includePath">
+									<listOptionValue builtIn="false" value="/home/felley/workspace/tlsproof/dist/Linux4.4_x86_64_cc_glibc_PTH_64_DBG.OBJ/include"/>
+									<listOptionValue builtIn="false" value="/home/felley/workspace/tlsproof/dist/public/nss"/>
+								</option>
+								<inputType id="org.eclipse.cdt.build.core.settings.holder.inType.660294916" languageId="org.eclipse.cdt.core.gcc" languageName="GNU C" sourceContentType="org.eclipse.cdt.core.cSource,org.eclipse.cdt.core.cHeader" superClass="org.eclipse.cdt.build.core.settings.holder.inType"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+		<project id="serverProof.null.546815181" name="serverProof"/>
+	</storageModule>
+	<storageModule moduleId="scannerConfiguration">
+		<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		<scannerConfigBuildInfo instanceId="0.1604593253">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="0.2061348114">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+</cproject>
diff --git a/nss/cmd/serverProof/.project b/nss/cmd/serverProof/.project
new file mode 100644
index 0000000..16e28b6
--- /dev/null
+++ b/nss/cmd/serverProof/.project
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>serverProof</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.core.ccnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+	</natures>
+</projectDescription>
diff --git a/nss/cmd/serverProof/Makefile b/nss/cmd/serverProof/Makefile
new file mode 100644
index 0000000..c7a02b8
--- /dev/null
+++ b/nss/cmd/serverProof/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/serverProof/main.c b/nss/cmd/serverProof/main.c
new file mode 100644
index 0000000..ca35199
--- /dev/null
+++ b/nss/cmd/serverProof/main.c
@@ -0,0 +1,192 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include <pk11func.h>
+#include <errno.h>
+#include "secitem.h"
+
+//Global variable
+SECKEYPrivateKey *privKey = NULL; //Private key of the server certificate
+CERTCertificate *cert = NULL; //Certificate of the server
+
+
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!!!!!ERROR function name: %s returned error %d:!!!!!\n%s\n",msg, perr, errString);
+    exit(1);
+}
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+/*Called when a client is connected to server*/
+int accept_connection(PRFileDesc * sock)
+{
+	char buffer[1024];
+	int n;
+	PRBool val;
+	SSLVersionRange ver;
+	SECStatus rv;
+
+	while(1)
+	{
+		bzero(buffer,sizeof(buffer));
+		//Read from a client
+		n = PR_Read(sock, buffer, sizeof(buffer)-1);
+		if(n < 0){
+			error("PR_Read");
+			PR_Close(sock);
+		}
+
+		if(n == 0) break;
+
+
+		//See if the negotiation of TLS proof was successful
+		rv = SSL_TLSProofIsNegociated(sock,&val);
+		if(rv != SECSuccess) error("SSL_TLSProofIsNegociated");
+
+		//Get the TLS version used
+		rv = SSL_VersionRangeGet(sock,&ver);
+		if(rv != SECSuccess) error("SSL_VersionRangeGet");
+
+		/* Print the TLS version negotiated, for TLS 1.3 it should show [304:304] and if TLS proof was
+		* successfully negotiated */
+		printf("\nNew message ! Protocol[%x:%x], TLS Proof enable[%i] :\n",ver.min,ver.max,(int)val);
+		printf("%s\n",buffer);
+
+		PR_Write(sock,"Message received !\n",19);
+	}
+
+	PR_Close(sock);
+
+	printf("END\n");
+	return 0;
+
+}
+
+
+int main(int argc, char *argv[])
+{
+
+
+	PRFileDesc* listenSocket = NULL;
+	PRStatus pr;
+	SECStatus rv;
+	char *tmp = NULL;
+	PRFileDesc* newSocket = NULL;
+	char* certName = "tls-n.testserver";
+	PRNetAddr addr, clientAddr;
+	SSLVersionRange ver;
+
+
+
+	if(argc < 2){
+			error("Specify port");
+	}
+
+	//Cache config
+	tmp = PR_GetEnvSecure("TMP");
+	if (!tmp){
+		tmp = PR_GetEnvSecure("TMPDIR");
+		tmp = PR_GetEnvSecure("TEMP");
+	}
+	rv = SSL_ConfigServerSessionIDCache(0,0, 0, tmp);
+	if (rv != SECSuccess)
+		error("SSL_ConfigServerSessionIDCache");
+
+	//Set Password
+	PK11_SetPasswordFunc(getPwd);
+
+	rv = NSS_Init("../server_db");
+	if(rv != SECSuccess)
+		error("NSS_Initialize");
+
+	//Retrieve certificate
+	cert = PK11_FindCertFromNickname(certName,NULL);
+	if (cert == NULL)
+	error("PK11_FindCertFromNickname");
+
+	//Retrieve private key
+	privKey = PK11_FindKeyByAnyCert(cert,NULL);
+	if (privKey == NULL)
+		error("PK11_FindKeyByAnyCert");
+
+	//New socket
+	listenSocket = PR_OpenTCPSocket(PR_AF_INET);
+	if (listenSocket == NULL) {
+		error("Error: PR_NewTCPSocket");
+	}
+
+	//Server parameters
+	addr.inet.ip = PR_INADDR_ANY;
+	addr.inet.port = PR_htons(atoi(argv[1]));
+	addr.inet.family = PR_AF_INET;
+
+	//Bind
+	pr = PR_Bind(listenSocket, &addr);
+	if (pr != PR_SUCCESS) {
+			error("PR_Bind");
+	}
+
+
+	//Listen
+	pr = PR_Listen(listenSocket, 5);
+	if (pr != PR_SUCCESS) {
+			error("PR_Listen");
+	}
+
+
+	//Import to SSL
+	listenSocket = SSL_ImportFD(NULL, listenSocket);
+	if (listenSocket == NULL) error("SSL_ImportFD");
+
+
+
+	//Set certificate and private key
+	rv = SSL_ConfigSecureServer(listenSocket,cert, privKey, NSS_FindCertKEAType(cert));
+	if (rv != SECSuccess) error("SSL_ConfigSecureServer");
+
+	//Enable TLS Proof extension for non-repudiation
+	rv = SSL_OptionSet(listenSocket, SSL_ENABLE_TLS_PROOF, PR_TRUE);
+	if(rv != SECSuccess) error("SSL_OptionSet, SSL_ENABLE_TLS_PROOF");
+
+	//Force TLS 1.3
+	ver.max= SSL_LIBRARY_VERSION_TLS_1_3;
+	ver.min= SSL_LIBRARY_VERSION_TLS_1_3;
+	rv = SSL_VersionRangeSet(listenSocket,&ver);
+	if(rv != SECSuccess) error("SSL_VersionRangeSet");
+
+	printf("Server started ! \nListening ... \n");
+
+	//Accept
+	newSocket = PR_Accept(listenSocket, &clientAddr, PR_INTERVAL_NO_TIMEOUT);
+	PR_Close(listenSocket);
+	if(newSocket == 0){
+		error("PR_Accept");
+	}
+
+
+
+	//Continue
+	accept_connection(newSocket);
+
+
+	return 0;
+}
diff --git a/nss/cmd/serverProof/manifest.mn b/nss/cmd/serverProof/manifest.mn
new file mode 100644
index 0000000..a9e6a5d
--- /dev/null
+++ b/nss/cmd/serverProof/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= serverProof
+
diff --git a/nss/cmd/serverProof/server_db b/nss/cmd/serverProof/server_db
new file mode 120000
index 0000000..f1858d9
--- /dev/null
+++ b/nss/cmd/serverProof/server_db
@@ -0,0 +1 @@
+../../../ca/server_db
\ No newline at end of file
diff --git a/nss/cmd/shlibsign/Makefile b/nss/cmd/shlibsign/Makefile
new file mode 100644
index 0000000..83f90fa
--- /dev/null
+++ b/nss/cmd/shlibsign/Makefile
@@ -0,0 +1,99 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
+	$(NULL)
+
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+
+# sign any and all shared libraries that contain the word freebl
+ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+CHECKLIBS =
+CHECKLOC =
+else
+CHECKLIBS = $(DIST)/lib/$(DLL_PREFIX)softokn3.$(DLL_SUFFIX)
+CHECKLIBS += $(wildcard $(DIST)/lib/$(DLL_PREFIX)freebl*3.$(DLL_SUFFIX))
+ifndef NSS_DISABLE_DBM
+CHECKLIBS += $(DIST)/lib/$(DLL_PREFIX)nssdbm3.$(DLL_SUFFIX)
+endif
+CHECKLOC = $(CHECKLIBS:.$(DLL_SUFFIX)=.chk)
+
+MD_LIB_RELEASE_FILES = $(CHECKLOC)
+ALL_TRASH += $(CHECKLOC)
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
+SRCDIR = $(call core_abspath,.)
+
+%.chk: %.$(DLL_SUFFIX) 
+ifeq ($(OS_TARGET), OS2)
+	cd $(OBJDIR) ; cmd.exe /c $(SRCDIR)/sign.cmd $(DIST) \
+	$(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+	$(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+else
+    ifeq ($(CROSS_COMPILE),1)
+	# do nothing
+    else
+	cd $(OBJDIR) ; sh $(SRCDIR)/sign.sh $(call core_abspath,$(DIST)) \
+	$(call core_abspath,$(OBJDIR)) $(OS_TARGET) \
+	$(call core_abspath,$(NSPR_LIB_DIR)) $(call core_abspath,$<)
+    endif
+endif
+
+libs install :: $(CHECKLOC)
+
diff --git a/nss/cmd/shlibsign/mangle/Makefile b/nss/cmd/shlibsign/mangle/Makefile
new file mode 100644
index 0000000..b52243e
--- /dev/null
+++ b/nss/cmd/shlibsign/mangle/Makefile
@@ -0,0 +1,65 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
+	$(NULL)
+
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../../platrules.mk
+
diff --git a/nss/cmd/shlibsign/mangle/mangle.c b/nss/cmd/shlibsign/mangle/mangle.c
new file mode 100644
index 0000000..e58bbee
--- /dev/null
+++ b/nss/cmd/shlibsign/mangle/mangle.c
@@ -0,0 +1,140 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Test program to mangle 1 bit in a binary
+ */
+
+#include "nspr.h"
+#include "plstr.h"
+#include "plgetopt.h"
+#include "prio.h"
+
+static PRFileDesc *pr_stderr;
+static void
+usage(char *program_name)
+{
+
+    PR_fprintf(pr_stderr, "Usage:");
+    PR_fprintf(pr_stderr, "%s -i shared_library_name -o byte_offset -b bit\n", program_name);
+}
+
+int
+main(int argc, char **argv)
+{
+    /* buffers and locals */
+    PLOptState *optstate;
+    char *programName;
+    char cbuf;
+
+    /* parameter set variables */
+    const char *libFile = NULL;
+    int bitOffset = -1;
+
+    /* return values */
+    int retval = 2; /* 0 - test succeeded.
+                     * 1 - illegal args
+                     * 2 - function failed */
+    PRFileDesc *fd = NULL;
+    int bytesRead;
+    int bytesWritten;
+    PROffset32 offset = -1;
+    PROffset32 pos;
+
+    programName = PL_strrchr(argv[0], '/');
+    programName = programName ? (programName + 1) : argv[0];
+
+    pr_stderr = PR_STDERR;
+
+    optstate = PL_CreateOptState(argc, argv, "i:o:b:");
+    if (optstate == NULL) {
+        return 1;
+    }
+
+    while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'i':
+                libFile = optstate->value;
+                break;
+
+            case 'o':
+                offset = atoi(optstate->value);
+                break;
+
+            case 'b':
+                bitOffset = atoi(optstate->value);
+                break;
+        }
+    }
+
+    if (libFile == NULL) {
+        usage(programName);
+        return 1;
+    }
+    if ((bitOffset >= 8) || (bitOffset < 0)) {
+        usage(programName);
+        return 1;
+    }
+
+    /* open the target signature file */
+    fd = PR_OpenFile(libFile, PR_RDWR, 0666);
+    if (fd == NULL) {
+        /* lperror(libFile); */
+        PR_fprintf(pr_stderr, "Couldn't Open %s\n", libFile);
+        goto loser;
+    }
+
+    if (offset < 0) { /* convert to positive offset */
+        pos = PR_Seek(fd, offset, PR_SEEK_END);
+        if (pos == -1) {
+            PR_fprintf(pr_stderr, "Seek for read on %s (to %d) failed\n",
+                       libFile, offset);
+            goto loser;
+        }
+        offset = pos;
+    }
+
+    /* read the byte */
+    pos = PR_Seek(fd, offset, PR_SEEK_SET);
+    if (pos != offset) {
+        PR_fprintf(pr_stderr, "Seek for read on %s (to %d) failed\n",
+                   libFile, offset);
+        goto loser;
+    }
+    bytesRead = PR_Read(fd, &cbuf, 1);
+    if (bytesRead != 1) {
+        PR_fprintf(pr_stderr, "Read on %s (to %d) failed\n", libFile, offset);
+        goto loser;
+    }
+
+    PR_fprintf(pr_stderr, "Changing byte 0x%08x (%d): from %02x (%d) to ",
+               offset, offset, (unsigned char)cbuf, (unsigned char)cbuf);
+    /* change it */
+    cbuf ^= 1 << bitOffset;
+    PR_fprintf(pr_stderr, "%02x (%d)\n",
+               (unsigned char)cbuf, (unsigned char)cbuf);
+
+    /* write it back out */
+    pos = PR_Seek(fd, offset, PR_SEEK_SET);
+    if (pos != offset) {
+        PR_fprintf(pr_stderr, "Seek for write on %s (to %d) failed\n",
+                   libFile, offset);
+        goto loser;
+    }
+    bytesWritten = PR_Write(fd, &cbuf, 1);
+    if (bytesWritten != 1) {
+        PR_fprintf(pr_stderr, "Write on %s (to %d) failed\n", libFile, offset);
+        goto loser;
+    }
+
+    retval = 0;
+
+loser:
+    if (fd)
+        PR_Close(fd);
+    PR_Cleanup();
+    return retval;
+}
+
+/*#DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" */
diff --git a/nss/cmd/shlibsign/mangle/mangle.gyp b/nss/cmd/shlibsign/mangle/mangle.gyp
new file mode 100644
index 0000000..1dd5c10
--- /dev/null
+++ b/nss/cmd/shlibsign/mangle/mangle.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi',
+    '../../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'mangle',
+      'type': 'executable',
+      'sources': [
+        'mangle.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+      'SHLIB_PREFIX=\"<(dll_prefix)\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/shlibsign/mangle/manifest.mn b/nss/cmd/shlibsign/mangle/manifest.mn
new file mode 100644
index 0000000..40b4841
--- /dev/null
+++ b/nss/cmd/shlibsign/mangle/manifest.mn
@@ -0,0 +1,24 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\"
+
+CSRCS = \
+	mangle.c \
+	$(NULL)
+
+
+# headers for the MODULE (defined above) are implicitly required.
+REQUIRES = 
+
+PROGRAM = mangle
+
+USE_STATIC_LIBS = 1
+
diff --git a/nss/cmd/shlibsign/manifest.mn b/nss/cmd/shlibsign/manifest.mn
new file mode 100644
index 0000000..95f8765
--- /dev/null
+++ b/nss/cmd/shlibsign/manifest.mn
@@ -0,0 +1,27 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\"
+
+CSRCS = \
+	shlibsign.c \
+	$(NULL)
+
+# WINNT uses EXTRA_LIBS as the list of libs to link in.
+# Unix uses     OS_LIBS for that purpose.
+# We can solve this via conditional makefile code, but 
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+# So, look in the local Makefile for the defines for the list of libs.
+
+PROGRAM = shlibsign
+
+DIRS = mangle
+
+#USE_STATIC_LIBS = 1
diff --git a/nss/cmd/shlibsign/shlibsign.c b/nss/cmd/shlibsign/shlibsign.c
new file mode 100644
index 0000000..d93fc42
--- /dev/null
+++ b/nss/cmd/shlibsign/shlibsign.c
@@ -0,0 +1,1332 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * shlibsign creates the checksum (.chk) files for the NSS libraries,
+ * libsoftokn3/softokn3 and libfreebl/freebl (platforms can have
+ * multiple freebl variants), that contain the NSS cryptograhic boundary.
+ *
+ * The generated .chk files must be put in the same directory as
+ * the NSS libraries they were generated for.
+ *
+ * When in FIPS 140 mode, the NSS Internal FIPS PKCS #11 Module will
+ * compute the checksum for the NSS cryptographic boundary libraries
+ * and compare the checksum with the value in .chk file.
+ */
+
+#ifdef XP_UNIX
+#define USES_LINKS 1
+#endif
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#ifdef USES_LINKS
+#include <unistd.h>
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
+/* nspr headers */
+#include "prlink.h"
+#include "prprf.h"
+#include "prenv.h"
+#include "plgetopt.h"
+#include "prinit.h"
+#include "prmem.h"
+#include "plstr.h"
+#include "prerror.h"
+
+/* softoken headers */
+#include "pkcs11.h"
+#include "pkcs11t.h"
+
+/* freebl headers */
+#include "shsign.h"
+
+#define NUM_ELEM(array) (sizeof(array) / sizeof(array[0]))
+CK_BBOOL true = CK_TRUE;
+CK_BBOOL false = CK_FALSE;
+static PRBool verbose = PR_FALSE;
+
+static void
+usage(const char *program_name)
+{
+    PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
+    PR_fprintf(debug_out,
+               "type %s -H for more detail information.\n", program_name);
+    PR_fprintf(debug_out,
+               "Usage: %s [-v] [-V] [-o outfile] [-d dbdir] [-f pwfile]\n"
+               "          [-F] [-p pwd] -[P dbprefix ] "
+               "-i shared_library_name\n",
+               program_name);
+    exit(1);
+}
+
+static void
+long_usage(const char *program_name)
+{
+    PRFileDesc *debug_out = PR_GetSpecialFD(PR_StandardError);
+    PR_fprintf(debug_out, "%s test program usage:\n", program_name);
+    PR_fprintf(debug_out, "\t-i <infile>  shared_library_name to process\n");
+    PR_fprintf(debug_out, "\t-o <outfile> checksum outfile\n");
+    PR_fprintf(debug_out, "\t-d <path>    database path location\n");
+    PR_fprintf(debug_out, "\t-P <prefix>  database prefix\n");
+    PR_fprintf(debug_out, "\t-f <file>    password File : echo pw > file \n");
+    PR_fprintf(debug_out, "\t-F           FIPS mode\n");
+    PR_fprintf(debug_out, "\t-p <pwd>     password\n");
+    PR_fprintf(debug_out, "\t-v           verbose output\n");
+    PR_fprintf(debug_out, "\t-V           perform Verify operations\n");
+    PR_fprintf(debug_out, "\t-?           short help message\n");
+    PR_fprintf(debug_out, "\t-h           short help message\n");
+    PR_fprintf(debug_out, "\t-H           this help message\n");
+    PR_fprintf(debug_out, "\n\n\tNote: Use of FIPS mode requires your ");
+    PR_fprintf(debug_out, "library path is using \n");
+    PR_fprintf(debug_out, "\t      pre-existing libraries with generated ");
+    PR_fprintf(debug_out, "checksum files\n");
+    PR_fprintf(debug_out, "\t      and database in FIPS mode \n");
+    exit(1);
+}
+
+static char *
+mkoutput(const char *input)
+{
+    int in_len = strlen(input);
+    char *output = PR_Malloc(in_len + sizeof(SGN_SUFFIX));
+    int index = in_len + 1 - sizeof("." SHLIB_SUFFIX);
+
+    if ((index > 0) &&
+        (PL_strncmp(&input[index],
+                    "." SHLIB_SUFFIX, sizeof("." SHLIB_SUFFIX)) == 0)) {
+        in_len = index;
+    }
+    memcpy(output, input, in_len);
+    memcpy(&output[in_len], SGN_SUFFIX, sizeof(SGN_SUFFIX));
+    return output;
+}
+
+static void
+lperror(const char *string)
+{
+    PRErrorCode errorcode;
+
+    errorcode = PR_GetError();
+    PR_fprintf(PR_STDERR, "%s: %d: %s\n", string, errorcode,
+               PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
+}
+
+static void
+encodeInt(unsigned char *buf, int val)
+{
+    buf[3] = (val >> 0) & 0xff;
+    buf[2] = (val >> 8) & 0xff;
+    buf[1] = (val >> 16) & 0xff;
+    buf[0] = (val >> 24) & 0xff;
+    return;
+}
+
+static PRStatus
+writeItem(PRFileDesc *fd, CK_VOID_PTR pValue,
+          CK_ULONG ulValueLen, char *file)
+{
+    unsigned char buf[4];
+    int bytesWritten;
+    if (ulValueLen == 0) {
+        PR_fprintf(PR_STDERR, "call to writeItem with 0 bytes of data.\n");
+        return PR_FAILURE;
+    }
+
+    encodeInt(buf, ulValueLen);
+    bytesWritten = PR_Write(fd, buf, 4);
+    if (bytesWritten != 4) {
+        lperror(file);
+        return PR_FAILURE;
+    }
+    bytesWritten = PR_Write(fd, pValue, ulValueLen);
+    if (bytesWritten != ulValueLen) {
+        lperror(file);
+        return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+}
+
+static const unsigned char prime[] = { 0x00,
+                                       0x97, 0x44, 0x1d, 0xcc, 0x0d, 0x39, 0x0d, 0x8d,
+                                       0xcb, 0x75, 0xdc, 0x24, 0x25, 0x6f, 0x01, 0x92,
+                                       0xa1, 0x11, 0x07, 0x6b, 0x70, 0xac, 0x73, 0xd7,
+                                       0x82, 0x28, 0xdf, 0xab, 0x82, 0x0c, 0x41, 0x0c,
+                                       0x95, 0xb3, 0x3c, 0x3d, 0xea, 0x8a, 0xe6, 0x44,
+                                       0x0a, 0xb8, 0xab, 0x90, 0x15, 0x41, 0x11, 0xe8,
+                                       0x48, 0x7b, 0x8d, 0xb0, 0x9c, 0xd3, 0xf2, 0x69,
+                                       0x66, 0xff, 0x66, 0x4b, 0x70, 0x2b, 0xbf, 0xfb,
+                                       0xd6, 0x68, 0x85, 0x76, 0x1e, 0x34, 0xaa, 0xc5,
+                                       0x57, 0x6e, 0x23, 0x02, 0x08, 0x60, 0x6e, 0xfd,
+                                       0x67, 0x76, 0xe1, 0x7c, 0xc8, 0xcb, 0x51, 0x77,
+                                       0xcf, 0xb1, 0x3b, 0x00, 0x2e, 0xfa, 0x21, 0xcd,
+                                       0x34, 0x76, 0x75, 0x01, 0x19, 0xfe, 0xf8, 0x5d,
+                                       0x43, 0xc5, 0x34, 0xf3, 0x7a, 0x95, 0xdc, 0xc2,
+                                       0x58, 0x07, 0x19, 0x2f, 0x1d, 0x6f, 0x9a, 0x77,
+                                       0x7e, 0x55, 0xaa, 0xe7, 0x5a, 0x50, 0x43, 0xd3 };
+
+static const unsigned char subprime[] = { 0x0,
+                                          0xd8, 0x16, 0x23, 0x34, 0x8a, 0x9e, 0x3a, 0xf5,
+                                          0xd9, 0x10, 0x13, 0x35, 0xaa, 0xf3, 0xf3, 0x54,
+                                          0x0b, 0x31, 0x24, 0xf1 };
+
+static const unsigned char base[] = {
+    0x03, 0x3a, 0xad, 0xfa, 0x3a, 0x0c, 0xea, 0x0a,
+    0x4e, 0x43, 0x32, 0x92, 0xbb, 0x87, 0xf1, 0x11,
+    0xc0, 0xad, 0x39, 0x38, 0x56, 0x1a, 0xdb, 0x23,
+    0x66, 0xb1, 0x08, 0xda, 0xb6, 0x19, 0x51, 0x42,
+    0x93, 0x4f, 0xc3, 0x44, 0x43, 0xa8, 0x05, 0xc1,
+    0xf8, 0x71, 0x62, 0x6f, 0x3d, 0xe2, 0xab, 0x6f,
+    0xd7, 0x80, 0x22, 0x6f, 0xca, 0x0d, 0xf6, 0x9f,
+    0x45, 0x27, 0x83, 0xec, 0x86, 0x0c, 0xda, 0xaa,
+    0xd6, 0xe0, 0xd0, 0x84, 0xfd, 0xb1, 0x4f, 0xdc,
+    0x08, 0xcd, 0x68, 0x3a, 0x77, 0xc2, 0xc5, 0xf1,
+    0x99, 0x0f, 0x15, 0x1b, 0x6a, 0x8c, 0x3d, 0x18,
+    0x2b, 0x6f, 0xdc, 0x2b, 0xd8, 0xb5, 0x9b, 0xb8,
+    0x2d, 0x57, 0x92, 0x1c, 0x46, 0x27, 0xaf, 0x6d,
+    0xe1, 0x45, 0xcf, 0x0b, 0x3f, 0xfa, 0x07, 0xcc,
+    0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36,
+    0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f
+};
+
+/*
+ * The constants h, seed, & counter aren't used in the code; they're provided
+ * here (commented-out) so that human readers can verify that our our PQG
+ * parameters were generated properly.
+static const unsigned char h[] = {
+    0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac,
+    0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6,
+    0xc2, 0x29, 0x93, 0x5e, 0xbd, 0xc7, 0xa9, 0x8f,
+    0x23, 0xa1, 0xc8, 0xee, 0x80, 0x64, 0xd5, 0x67,
+    0x3c, 0xba, 0x59, 0x9a, 0x06, 0x0c, 0xcc, 0x29,
+    0x56, 0xc0, 0xb2, 0x21, 0xe0, 0x5b, 0x52, 0xcd,
+    0x84, 0x73, 0x57, 0xfd, 0xd8, 0xc3, 0x5b, 0x13,
+    0x54, 0xd7, 0x4a, 0x06, 0x86, 0x63, 0x09, 0xa5,
+    0xb0, 0x59, 0xe2, 0x32, 0x9e, 0x09, 0xa3, 0x9f,
+    0x49, 0x62, 0xcc, 0xa6, 0xf9, 0x54, 0xd5, 0xb2,
+    0xc3, 0x08, 0x71, 0x7e, 0xe3, 0x37, 0x50, 0xd6,
+    0x7b, 0xa7, 0xc2, 0x60, 0xc1, 0xeb, 0x51, 0x32,
+    0xfa, 0xad, 0x35, 0x25, 0x17, 0xf0, 0x7f, 0x23,
+    0xe5, 0xa8, 0x01, 0x52, 0xcf, 0x2f, 0xd9, 0xa9,
+    0xf6, 0x00, 0x21, 0x15, 0xf1, 0xf7, 0x70, 0xb7,
+    0x57, 0x8a, 0xd0, 0x59, 0x6a, 0x82, 0xdc, 0x9c };
+
+static const unsigned char seed[] = { 0x00,
+    0xcc, 0x4c, 0x69, 0x74, 0xf6, 0x72, 0x24, 0x68,
+    0x24, 0x4f, 0xd7, 0x50, 0x11, 0x40, 0x81, 0xed,
+    0x19, 0x3c, 0x8a, 0x25, 0xbc, 0x78, 0x0a, 0x85,
+    0x82, 0x53, 0x70, 0x20, 0xf6, 0x54, 0xa5, 0x1b,
+    0xf4, 0x15, 0xcd, 0xff, 0xc4, 0x88, 0xa7, 0x9d,
+    0xf3, 0x47, 0x1c, 0x0a, 0xbe, 0x10, 0x29, 0x83,
+    0xb9, 0x0f, 0x4c, 0xdf, 0x90, 0x16, 0x83, 0xa2,
+    0xb3, 0xe3, 0x2e, 0xc1, 0xc2, 0x24, 0x6a, 0xc4,
+    0x9d, 0x57, 0xba, 0xcb, 0x0f, 0x18, 0x75, 0x00,
+    0x33, 0x46, 0x82, 0xec, 0xd6, 0x94, 0x77, 0xc3,
+    0x4f, 0x4c, 0x58, 0x1c, 0x7f, 0x61, 0x3c, 0x36,
+    0xd5, 0x2f, 0xa5, 0x66, 0xd8, 0x2f, 0xce, 0x6e,
+    0x8e, 0x20, 0x48, 0x4a, 0xbb, 0xe3, 0xe0, 0xb2,
+    0x50, 0x33, 0x63, 0x8a, 0x5b, 0x2d, 0x6a, 0xbe,
+    0x4c, 0x28, 0x81, 0x53, 0x5b, 0xe4, 0xf6, 0xfc,
+    0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c };
+
+static const unsigned int counter=1496;
+ */
+
+static const unsigned char prime2[] = { 0x00,
+                                        0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae,
+                                        0xa0, 0xb1, 0x47, 0x43, 0xa8, 0x15, 0xee, 0xad,
+                                        0xa3, 0x98, 0xa3, 0x29, 0x45, 0xae, 0x5c, 0xd9,
+                                        0x12, 0x99, 0x09, 0xdc, 0xef, 0x05, 0xb4, 0x98,
+                                        0x05, 0xaa, 0x07, 0xaa, 0x83, 0x89, 0xd7, 0xba,
+                                        0xd1, 0x25, 0x56, 0x58, 0xd1, 0x73, 0x3c, 0xd0,
+                                        0x91, 0x65, 0xbe, 0x27, 0x92, 0x94, 0x86, 0x95,
+                                        0xdb, 0xcf, 0x07, 0x13, 0xa0, 0x85, 0xd6, 0xaa,
+                                        0x6c, 0x1d, 0x63, 0xbf, 0xdd, 0xdf, 0xbc, 0x30,
+                                        0xeb, 0x42, 0x2f, 0x52, 0x11, 0xec, 0x6e, 0x65,
+                                        0xdf, 0x50, 0xbe, 0x28, 0x3d, 0xa4, 0xec, 0x45,
+                                        0x19, 0x4c, 0x13, 0x0f, 0x59, 0x74, 0x57, 0x69,
+                                        0x99, 0x4f, 0x4a, 0x74, 0x7f, 0x8c, 0x9e, 0xa2,
+                                        0xe7, 0x94, 0xc9, 0x70, 0x70, 0xd0, 0xc4, 0xda,
+                                        0x49, 0x5b, 0x7a, 0x7d, 0xd9, 0x71, 0x7c, 0x3b,
+                                        0xdc, 0xd2, 0x8a, 0x74, 0x5f, 0xce, 0x09, 0xa2,
+                                        0xdb, 0xec, 0xa4, 0xba, 0x75, 0xaa, 0x0a, 0x97,
+                                        0xa6, 0x82, 0x25, 0x90, 0x90, 0x37, 0xe4, 0x40,
+                                        0x05, 0x28, 0x8f, 0x98, 0x8e, 0x68, 0x01, 0xaf,
+                                        0x9b, 0x08, 0x2a, 0x9b, 0xd5, 0xb9, 0x8c, 0x14,
+                                        0xbf, 0xba, 0xcb, 0x5b, 0xda, 0x4c, 0x95, 0xb8,
+                                        0xdf, 0x67, 0xa6, 0x6b, 0x76, 0x8c, 0xad, 0x4f,
+                                        0xfd, 0x6a, 0xd6, 0xcc, 0x62, 0x71, 0x30, 0x30,
+                                        0xc1, 0x29, 0x84, 0xe4, 0x8e, 0x32, 0x51, 0xb6,
+                                        0xea, 0xfa, 0xba, 0x00, 0x99, 0x76, 0xea, 0x86,
+                                        0x90, 0xab, 0x2d, 0xe9, 0xfd, 0x1e, 0x8c, 0xcc,
+                                        0x3c, 0x2b, 0x5d, 0x13, 0x1b, 0x47, 0xb4, 0xf5,
+                                        0x09, 0x74, 0x1d, 0xd4, 0x78, 0xb2, 0x42, 0x19,
+                                        0xd6, 0x24, 0xd1, 0x68, 0xbf, 0x11, 0xf1, 0x38,
+                                        0xa0, 0x44, 0x9c, 0xc6, 0x51, 0x33, 0xaa, 0x42,
+                                        0x93, 0x9e, 0x30, 0x58, 0x9e, 0xc0, 0x70, 0xdf,
+                                        0x7e, 0x64, 0xb1, 0xd8, 0x68, 0x75, 0x98, 0xa7 };
+
+static const unsigned char subprime2[] = { 0x00,
+                                           0x8e, 0xab, 0xf4, 0xbe, 0x45, 0xeb, 0xa3, 0x58,
+                                           0x4e, 0x60, 0x15, 0x66, 0x5a, 0x4b, 0x25, 0xcf,
+                                           0x45, 0x77, 0x89, 0x3f, 0x73, 0x34, 0x4a, 0xe0,
+                                           0x9e, 0xac, 0xfd, 0xdc, 0xff, 0x9c, 0x8d, 0xe7 };
+
+static const unsigned char base2[] = { 0x00,
+                                       0x8d, 0x72, 0x32, 0x46, 0xa6, 0x5c, 0x80, 0xe3,
+                                       0x43, 0x0a, 0x9e, 0x94, 0x35, 0x86, 0xd4, 0x58,
+                                       0xa1, 0xca, 0x22, 0xb9, 0x73, 0x46, 0x0b, 0xfb,
+                                       0x3e, 0x33, 0xf1, 0xd5, 0xd3, 0xb4, 0x26, 0xbf,
+                                       0x50, 0xd7, 0xf2, 0x09, 0x33, 0x6e, 0xc0, 0x31,
+                                       0x1b, 0x6d, 0x07, 0x70, 0x86, 0xca, 0x57, 0xf7,
+                                       0x0b, 0x4a, 0x63, 0xf0, 0x6f, 0xc8, 0x8a, 0xed,
+                                       0x50, 0x60, 0xf3, 0x11, 0xc7, 0x44, 0xf3, 0xce,
+                                       0x4e, 0x50, 0x42, 0x2d, 0x85, 0x33, 0x54, 0x57,
+                                       0x03, 0x8d, 0xdc, 0x66, 0x4d, 0x61, 0x83, 0x17,
+                                       0x1c, 0x7b, 0x0d, 0x65, 0xbc, 0x8f, 0x2c, 0x19,
+                                       0x86, 0xfc, 0xe2, 0x9f, 0x5d, 0x67, 0xfc, 0xd4,
+                                       0xa5, 0xf8, 0x23, 0xa1, 0x1a, 0xa2, 0xe1, 0x11,
+                                       0x15, 0x84, 0x32, 0x01, 0xee, 0x88, 0xf1, 0x55,
+                                       0x30, 0xe9, 0x74, 0x3c, 0x1a, 0x2b, 0x54, 0x45,
+                                       0x2e, 0x39, 0xb9, 0x77, 0xe1, 0x32, 0xaf, 0x2d,
+                                       0x97, 0xe0, 0x21, 0xec, 0xf5, 0x58, 0xe1, 0xc7,
+                                       0x2e, 0xe0, 0x71, 0x3d, 0x29, 0xa4, 0xd6, 0xe2,
+                                       0x5f, 0x85, 0x9c, 0x05, 0x04, 0x46, 0x41, 0x89,
+                                       0x03, 0x3c, 0xfa, 0xb2, 0xcf, 0xfa, 0xd5, 0x67,
+                                       0xcc, 0xec, 0x68, 0xfc, 0x83, 0xd9, 0x1f, 0x2e,
+                                       0x4e, 0x9a, 0x5e, 0x77, 0xa1, 0xff, 0xe6, 0x6f,
+                                       0x04, 0x8b, 0xf9, 0x6b, 0x47, 0xc6, 0x49, 0xd2,
+                                       0x88, 0x6e, 0x29, 0xa3, 0x1b, 0xae, 0xe0, 0x4f,
+                                       0x72, 0x8a, 0x28, 0x94, 0x0c, 0x1d, 0x8c, 0x99,
+                                       0xa2, 0x6f, 0xf8, 0xba, 0x99, 0x90, 0xc7, 0xe5,
+                                       0xb1, 0x3c, 0x10, 0x34, 0x86, 0x6a, 0x6a, 0x1f,
+                                       0x39, 0x63, 0x58, 0xe1, 0x5e, 0x97, 0x95, 0x45,
+                                       0x40, 0x38, 0x45, 0x6f, 0x02, 0xb5, 0x86, 0x6e,
+                                       0xae, 0x2f, 0x32, 0x7e, 0xa1, 0x3a, 0x34, 0x2c,
+                                       0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa,
+                                       0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f };
+
+/*
+ * The constants h2, seed2, & counter2 aren't used in the code; they're provided
+ * here (commented-out) so that human readers can verify that our our PQG
+ * parameters were generated properly.
+static const unsigned char h2[] = {
+    0x30, 0x91, 0xa1, 0x2e, 0x40, 0xa5, 0x7d, 0xf7,
+    0xdc, 0xed, 0xee, 0x05, 0xc2, 0x31, 0x91, 0x37,
+    0xda, 0xc5, 0xe3, 0x47, 0xb5, 0x35, 0x4b, 0xfd,
+    0x18, 0xb2, 0x7e, 0x67, 0x1e, 0x92, 0x22, 0xe7,
+    0xf5, 0x00, 0x71, 0xc0, 0x86, 0x8d, 0x90, 0x31,
+    0x36, 0x3e, 0xd0, 0x94, 0x5d, 0x2f, 0x9a, 0x68,
+    0xd2, 0xf8, 0x3d, 0x5e, 0x84, 0x42, 0x35, 0xda,
+    0x75, 0xdd, 0x05, 0xf0, 0x03, 0x31, 0x39, 0xe5,
+    0xfd, 0x2f, 0x5a, 0x7d, 0x56, 0xd8, 0x26, 0xa0,
+    0x51, 0x5e, 0x32, 0xb4, 0xad, 0xee, 0xd4, 0x89,
+    0xae, 0x01, 0x7f, 0xac, 0x86, 0x98, 0x77, 0x26,
+    0x5c, 0x31, 0xd2, 0x5e, 0xbb, 0x7f, 0xf5, 0x4c,
+    0x9b, 0xf0, 0xa6, 0x37, 0x34, 0x08, 0x86, 0x6b,
+    0xce, 0xeb, 0x85, 0x66, 0x0a, 0x26, 0x8a, 0x14,
+    0x92, 0x12, 0x74, 0xf4, 0xf0, 0xcb, 0xb5, 0xfc,
+    0x38, 0xd5, 0x1e, 0xa1, 0x2f, 0x4a, 0x1a, 0xca,
+    0x66, 0xde, 0x6e, 0xe6, 0x6e, 0x1c, 0xef, 0x50,
+    0x41, 0x31, 0x09, 0xe7, 0x4a, 0xb8, 0xa3, 0xaa,
+    0x5a, 0x22, 0xbd, 0x63, 0x0f, 0xe9, 0x0e, 0xdb,
+    0xb3, 0xca, 0x7e, 0x8d, 0x40, 0xb3, 0x3e, 0x0b,
+    0x12, 0x8b, 0xb0, 0x80, 0x4d, 0x6d, 0xb0, 0x54,
+    0xbb, 0x4c, 0x1d, 0x6c, 0xa0, 0x5c, 0x9d, 0x91,
+    0xb3, 0xbb, 0xd9, 0xfc, 0x60, 0xec, 0xc1, 0xbc,
+    0xae, 0x72, 0x3f, 0xa5, 0x4f, 0x36, 0x2d, 0x2c,
+    0x81, 0x03, 0x86, 0xa2, 0x03, 0x38, 0x36, 0x8e,
+    0xad, 0x1d, 0x53, 0xc6, 0xc5, 0x9e, 0xda, 0x08,
+    0x35, 0x4f, 0xb2, 0x78, 0xba, 0xd1, 0x22, 0xde,
+    0xc4, 0x6b, 0xbe, 0x83, 0x71, 0x0f, 0xee, 0x38,
+    0x4a, 0x9f, 0xda, 0x90, 0x93, 0x6b, 0x9a, 0xf2,
+    0xeb, 0x23, 0xfe, 0x41, 0x3f, 0xf1, 0xfc, 0xee,
+    0x7f, 0x67, 0xa7, 0xb8, 0xab, 0x29, 0xf4, 0x75,
+    0x1c, 0xe9, 0xd1, 0x47, 0x7d, 0x86, 0x44, 0xe2 };
+
+static const unsigned char seed2[] = { 0x00,
+    0xbc, 0xae, 0xc4, 0xea, 0x4e, 0xd2, 0xed, 0x1c,
+    0x8d, 0x48, 0xed, 0xf2, 0xa5, 0xb4, 0x18, 0xba,
+    0x00, 0xcb, 0x9c, 0x75, 0x8a, 0x39, 0x94, 0x3b,
+    0xd0, 0xd6, 0x01, 0xf7, 0xc1, 0xf5, 0x9d, 0xe5,
+    0xe3, 0xb4, 0x1d, 0xf5, 0x30, 0xfe, 0x99, 0xe4,
+    0x01, 0xab, 0xc0, 0x88, 0x4e, 0x67, 0x8f, 0xc6,
+    0x72, 0x39, 0x2e, 0xac, 0x51, 0xec, 0x91, 0x41,
+    0x47, 0x71, 0x14, 0x8a, 0x1d, 0xca, 0x88, 0x15,
+    0xea, 0xc9, 0x48, 0x9a, 0x71, 0x50, 0x19, 0x38,
+    0xdb, 0x4e, 0x65, 0xd5, 0x13, 0xd8, 0x2a, 0xc4,
+    0xcd, 0xfd, 0x0c, 0xe3, 0xc3, 0x60, 0xae, 0x6d,
+    0x88, 0xf2, 0x3a, 0xd0, 0x64, 0x73, 0x32, 0x89,
+    0xcd, 0x0b, 0xb8, 0xc7, 0xa5, 0x27, 0x84, 0xd5,
+    0x83, 0x3f, 0x0e, 0x10, 0x63, 0x10, 0x78, 0xac,
+    0x6b, 0x56, 0xb2, 0x62, 0x3a, 0x44, 0x56, 0xc0,
+    0xe4, 0x33, 0xd7, 0x63, 0x4c, 0xc9, 0x6b, 0xae,
+    0xfb, 0xe2, 0x9b, 0xf4, 0x96, 0xc7, 0xf0, 0x2a,
+    0x50, 0xde, 0x86, 0x69, 0x4f, 0x42, 0x4b, 0x1c,
+    0x7c, 0xa8, 0x6a, 0xfb, 0x54, 0x47, 0x1b, 0x41,
+    0x31, 0x9e, 0x0a, 0xc6, 0xc0, 0xbc, 0x88, 0x7f,
+    0x5a, 0x42, 0xa9, 0x82, 0x58, 0x32, 0xb3, 0xeb,
+    0x54, 0x83, 0x84, 0x26, 0x92, 0xa6, 0xc0, 0x6e,
+    0x2b, 0xa6, 0x82, 0x82, 0x43, 0x58, 0x84, 0x53,
+    0x31, 0xcf, 0xd0, 0x0a, 0x11, 0x09, 0x44, 0xc8,
+    0x11, 0x36, 0xe0, 0x04, 0x85, 0x2e, 0xd1, 0x29,
+    0x6b, 0x7b, 0x00, 0x71, 0x5f, 0xef, 0x7b, 0x7a,
+    0x2d, 0x91, 0xf9, 0x84, 0x45, 0x4d, 0xc7, 0xe1,
+    0xee, 0xd4, 0xb8, 0x61, 0x3b, 0x13, 0xb7, 0xba,
+    0x95, 0x39, 0xf6, 0x3d, 0x89, 0xbd, 0xa5, 0x80,
+    0x93, 0xf7, 0xe5, 0x17, 0x05, 0xc5, 0x65, 0xb7,
+    0xde, 0xc9, 0x9f, 0x04, 0x87, 0xcf, 0x4f, 0x86,
+    0xc3, 0x29, 0x7d, 0xb7, 0x89, 0xbf, 0xe3, 0xde };
+
+static const unsigned int counter2=210;
+ */
+
+struct tuple_str {
+    CK_RV errNum;
+    const char *errString;
+};
+
+typedef struct tuple_str tuple_str;
+
+static const tuple_str errStrings[] = {
+    { CKR_OK, "CKR_OK                              " },
+    { CKR_CANCEL, "CKR_CANCEL                          " },
+    { CKR_HOST_MEMORY, "CKR_HOST_MEMORY                     " },
+    { CKR_SLOT_ID_INVALID, "CKR_SLOT_ID_INVALID                 " },
+    { CKR_GENERAL_ERROR, "CKR_GENERAL_ERROR                   " },
+    { CKR_FUNCTION_FAILED, "CKR_FUNCTION_FAILED                 " },
+    { CKR_ARGUMENTS_BAD, "CKR_ARGUMENTS_BAD                   " },
+    { CKR_NO_EVENT, "CKR_NO_EVENT                        " },
+    { CKR_NEED_TO_CREATE_THREADS, "CKR_NEED_TO_CREATE_THREADS          " },
+    { CKR_CANT_LOCK, "CKR_CANT_LOCK                       " },
+    { CKR_ATTRIBUTE_READ_ONLY, "CKR_ATTRIBUTE_READ_ONLY             " },
+    { CKR_ATTRIBUTE_SENSITIVE, "CKR_ATTRIBUTE_SENSITIVE             " },
+    { CKR_ATTRIBUTE_TYPE_INVALID, "CKR_ATTRIBUTE_TYPE_INVALID          " },
+    { CKR_ATTRIBUTE_VALUE_INVALID, "CKR_ATTRIBUTE_VALUE_INVALID         " },
+    { CKR_DATA_INVALID, "CKR_DATA_INVALID                    " },
+    { CKR_DATA_LEN_RANGE, "CKR_DATA_LEN_RANGE                  " },
+    { CKR_DEVICE_ERROR, "CKR_DEVICE_ERROR                    " },
+    { CKR_DEVICE_MEMORY, "CKR_DEVICE_MEMORY                   " },
+    { CKR_DEVICE_REMOVED, "CKR_DEVICE_REMOVED                  " },
+    { CKR_ENCRYPTED_DATA_INVALID, "CKR_ENCRYPTED_DATA_INVALID          " },
+    { CKR_ENCRYPTED_DATA_LEN_RANGE, "CKR_ENCRYPTED_DATA_LEN_RANGE        " },
+    { CKR_FUNCTION_CANCELED, "CKR_FUNCTION_CANCELED               " },
+    { CKR_FUNCTION_NOT_PARALLEL, "CKR_FUNCTION_NOT_PARALLEL           " },
+    { CKR_FUNCTION_NOT_SUPPORTED, "CKR_FUNCTION_NOT_SUPPORTED          " },
+    { CKR_KEY_HANDLE_INVALID, "CKR_KEY_HANDLE_INVALID              " },
+    { CKR_KEY_SIZE_RANGE, "CKR_KEY_SIZE_RANGE                  " },
+    { CKR_KEY_TYPE_INCONSISTENT, "CKR_KEY_TYPE_INCONSISTENT           " },
+    { CKR_KEY_NOT_NEEDED, "CKR_KEY_NOT_NEEDED                  " },
+    { CKR_KEY_CHANGED, "CKR_KEY_CHANGED                     " },
+    { CKR_KEY_NEEDED, "CKR_KEY_NEEDED                      " },
+    { CKR_KEY_INDIGESTIBLE, "CKR_KEY_INDIGESTIBLE                " },
+    { CKR_KEY_FUNCTION_NOT_PERMITTED, "CKR_KEY_FUNCTION_NOT_PERMITTED      " },
+    { CKR_KEY_NOT_WRAPPABLE, "CKR_KEY_NOT_WRAPPABLE               " },
+    { CKR_KEY_UNEXTRACTABLE, "CKR_KEY_UNEXTRACTABLE               " },
+    { CKR_MECHANISM_INVALID, "CKR_MECHANISM_INVALID               " },
+    { CKR_MECHANISM_PARAM_INVALID, "CKR_MECHANISM_PARAM_INVALID         " },
+    { CKR_OBJECT_HANDLE_INVALID, "CKR_OBJECT_HANDLE_INVALID           " },
+    { CKR_OPERATION_ACTIVE, "CKR_OPERATION_ACTIVE                " },
+    { CKR_OPERATION_NOT_INITIALIZED, "CKR_OPERATION_NOT_INITIALIZED       " },
+    { CKR_PIN_INCORRECT, "CKR_PIN_INCORRECT                   " },
+    { CKR_PIN_INVALID, "CKR_PIN_INVALID                     " },
+    { CKR_PIN_LEN_RANGE, "CKR_PIN_LEN_RANGE                   " },
+    { CKR_PIN_EXPIRED, "CKR_PIN_EXPIRED                     " },
+    { CKR_PIN_LOCKED, "CKR_PIN_LOCKED                      " },
+    { CKR_SESSION_CLOSED, "CKR_SESSION_CLOSED                  " },
+    { CKR_SESSION_COUNT, "CKR_SESSION_COUNT                   " },
+    { CKR_SESSION_HANDLE_INVALID, "CKR_SESSION_HANDLE_INVALID          " },
+    { CKR_SESSION_PARALLEL_NOT_SUPPORTED, "CKR_SESSION_PARALLEL_NOT_SUPPORTED  " },
+    { CKR_SESSION_READ_ONLY, "CKR_SESSION_READ_ONLY               " },
+    { CKR_SESSION_EXISTS, "CKR_SESSION_EXISTS                  " },
+    { CKR_SESSION_READ_ONLY_EXISTS, "CKR_SESSION_READ_ONLY_EXISTS        " },
+    { CKR_SESSION_READ_WRITE_SO_EXISTS, "CKR_SESSION_READ_WRITE_SO_EXISTS    " },
+    { CKR_SIGNATURE_INVALID, "CKR_SIGNATURE_INVALID               " },
+    { CKR_SIGNATURE_LEN_RANGE, "CKR_SIGNATURE_LEN_RANGE             " },
+    { CKR_TEMPLATE_INCOMPLETE, "CKR_TEMPLATE_INCOMPLETE             " },
+    { CKR_TEMPLATE_INCONSISTENT, "CKR_TEMPLATE_INCONSISTENT           " },
+    { CKR_TOKEN_NOT_PRESENT, "CKR_TOKEN_NOT_PRESENT               " },
+    { CKR_TOKEN_NOT_RECOGNIZED, "CKR_TOKEN_NOT_RECOGNIZED            " },
+    { CKR_TOKEN_WRITE_PROTECTED, "CKR_TOKEN_WRITE_PROTECTED           " },
+    { CKR_UNWRAPPING_KEY_HANDLE_INVALID, "CKR_UNWRAPPING_KEY_HANDLE_INVALID   " },
+    { CKR_UNWRAPPING_KEY_SIZE_RANGE, "CKR_UNWRAPPING_KEY_SIZE_RANGE       " },
+    { CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, "CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT" },
+    { CKR_USER_ALREADY_LOGGED_IN, "CKR_USER_ALREADY_LOGGED_IN          " },
+    { CKR_USER_NOT_LOGGED_IN, "CKR_USER_NOT_LOGGED_IN              " },
+    { CKR_USER_PIN_NOT_INITIALIZED, "CKR_USER_PIN_NOT_INITIALIZED        " },
+    { CKR_USER_TYPE_INVALID, "CKR_USER_TYPE_INVALID               " },
+    { CKR_USER_ANOTHER_ALREADY_LOGGED_IN, "CKR_USER_ANOTHER_ALREADY_LOGGED_IN  " },
+    { CKR_USER_TOO_MANY_TYPES, "CKR_USER_TOO_MANY_TYPES             " },
+    { CKR_WRAPPED_KEY_INVALID, "CKR_WRAPPED_KEY_INVALID             " },
+    { CKR_WRAPPED_KEY_LEN_RANGE, "CKR_WRAPPED_KEY_LEN_RANGE           " },
+    { CKR_WRAPPING_KEY_HANDLE_INVALID, "CKR_WRAPPING_KEY_HANDLE_INVALID     " },
+    { CKR_WRAPPING_KEY_SIZE_RANGE, "CKR_WRAPPING_KEY_SIZE_RANGE         " },
+    { CKR_WRAPPING_KEY_TYPE_INCONSISTENT, "CKR_WRAPPING_KEY_TYPE_INCONSISTENT  " },
+    { CKR_RANDOM_SEED_NOT_SUPPORTED, "CKR_RANDOM_SEED_NOT_SUPPORTED       " },
+    { CKR_RANDOM_NO_RNG, "CKR_RANDOM_NO_RNG                   " },
+    { CKR_DOMAIN_PARAMS_INVALID, "CKR_DOMAIN_PARAMS_INVALID           " },
+    { CKR_BUFFER_TOO_SMALL, "CKR_BUFFER_TOO_SMALL                " },
+    { CKR_SAVED_STATE_INVALID, "CKR_SAVED_STATE_INVALID             " },
+    { CKR_INFORMATION_SENSITIVE, "CKR_INFORMATION_SENSITIVE           " },
+    { CKR_STATE_UNSAVEABLE, "CKR_STATE_UNSAVEABLE                " },
+    { CKR_CRYPTOKI_NOT_INITIALIZED, "CKR_CRYPTOKI_NOT_INITIALIZED        " },
+    { CKR_CRYPTOKI_ALREADY_INITIALIZED, "CKR_CRYPTOKI_ALREADY_INITIALIZED    " },
+    { CKR_MUTEX_BAD, "CKR_MUTEX_BAD                       " },
+    { CKR_MUTEX_NOT_LOCKED, "CKR_MUTEX_NOT_LOCKED                " },
+    { CKR_FUNCTION_REJECTED, "CKR_FUNCTION_REJECTED               " },
+    { CKR_VENDOR_DEFINED, "CKR_VENDOR_DEFINED                  " },
+    { 0xCE534351, "CKR_NETSCAPE_CERTDB_FAILED          " },
+    { 0xCE534352, "CKR_NETSCAPE_KEYDB_FAILED           " }
+
+};
+
+static const CK_ULONG numStrings = sizeof(errStrings) / sizeof(tuple_str);
+
+/* Returns constant error string for "CRV".
+ * Returns "unknown error" if errNum is unknown.
+ */
+static const char *
+CK_RVtoStr(CK_RV errNum)
+{
+    CK_ULONG low = 1;
+    CK_ULONG high = numStrings - 1;
+    CK_ULONG i;
+    CK_RV num;
+    static int initDone;
+
+    /* make sure table is in  ascending order.
+     * binary search depends on it.
+     */
+    if (!initDone) {
+        CK_RV lastNum = CKR_OK;
+        for (i = low; i <= high; ++i) {
+            num = errStrings[i].errNum;
+            if (num <= lastNum) {
+                PR_fprintf(PR_STDERR,
+                           "sequence error in error strings at item %d\n"
+                           "error %d (%s)\n"
+                           "should come after \n"
+                           "error %d (%s)\n",
+                           (int)i, (int)lastNum, errStrings[i - 1].errString,
+                           (int)num, errStrings[i].errString);
+            }
+            lastNum = num;
+        }
+        initDone = 1;
+    }
+
+    /* Do binary search of table. */
+    while (low + 1 < high) {
+        i = low + (high - low) / 2;
+        num = errStrings[i].errNum;
+        if (errNum == num)
+            return errStrings[i].errString;
+        if (errNum < num)
+            high = i;
+        else
+            low = i;
+    }
+    if (errNum == errStrings[low].errNum)
+        return errStrings[low].errString;
+    if (errNum == errStrings[high].errNum)
+        return errStrings[high].errString;
+    return "unknown error";
+}
+
+static void
+pk11error(const char *string, CK_RV crv)
+{
+    PRErrorCode errorcode;
+
+    PR_fprintf(PR_STDERR, "%s: 0x%08lX, %-26s\n", string, crv, CK_RVtoStr(crv));
+
+    errorcode = PR_GetError();
+    if (errorcode) {
+        PR_fprintf(PR_STDERR, "NSPR error code: %d: %s\n", errorcode,
+                   PR_ErrorToString(errorcode, PR_LANGUAGE_I_DEFAULT));
+    }
+}
+
+static void
+logIt(const char *fmt, ...)
+{
+    va_list args;
+
+    if (verbose) {
+        va_start(args, fmt);
+        vprintf(fmt, args);
+        va_end(args);
+    }
+}
+
+static CK_RV
+softokn_Init(CK_FUNCTION_LIST_PTR pFunctionList, const char *configDir,
+             const char *dbPrefix)
+{
+
+    CK_RV crv = CKR_OK;
+    CK_C_INITIALIZE_ARGS initArgs;
+    char *moduleSpec = NULL;
+
+    initArgs.CreateMutex = NULL;
+    initArgs.DestroyMutex = NULL;
+    initArgs.LockMutex = NULL;
+    initArgs.UnlockMutex = NULL;
+    initArgs.flags = CKF_OS_LOCKING_OK;
+    if (configDir) {
+        moduleSpec = PR_smprintf("configdir='%s' certPrefix='%s' "
+                                 "keyPrefix='%s' secmod='secmod.db' flags=ReadOnly ",
+                                 configDir, dbPrefix, dbPrefix);
+    } else {
+        moduleSpec = PR_smprintf("configdir='' certPrefix='' keyPrefix='' "
+                                 "secmod='' flags=noCertDB, noModDB");
+    }
+    if (!moduleSpec) {
+        PR_fprintf(PR_STDERR, "softokn_Init: out of memory error\n");
+        return CKR_HOST_MEMORY;
+    }
+    logIt("moduleSpec %s\n", moduleSpec);
+    initArgs.LibraryParameters = (CK_CHAR_PTR *)moduleSpec;
+    initArgs.pReserved = NULL;
+
+    crv = pFunctionList->C_Initialize(&initArgs);
+    if (crv != CKR_OK) {
+        pk11error("C_Initialize failed", crv);
+        goto cleanup;
+    }
+
+cleanup:
+    if (moduleSpec) {
+        PR_smprintf_free(moduleSpec);
+    }
+
+    return crv;
+}
+
+static char *
+filePasswd(char *pwFile)
+{
+    unsigned char phrase[200];
+    PRFileDesc *fd;
+    PRInt32 nb;
+    int i;
+
+    if (!pwFile)
+        return 0;
+
+    fd = PR_Open(pwFile, PR_RDONLY, 0);
+    if (!fd) {
+        lperror(pwFile);
+        return NULL;
+    }
+
+    nb = PR_Read(fd, phrase, sizeof(phrase));
+
+    PR_Close(fd);
+    /* handle the Windows EOL case */
+    i = 0;
+    while (phrase[i] != '\r' && phrase[i] != '\n' && i < nb)
+        i++;
+    phrase[i] = '\0';
+    if (nb == 0) {
+        PR_fprintf(PR_STDERR, "password file contains no data\n");
+        return NULL;
+    }
+    return (char *)PL_strdup((char *)phrase);
+}
+
+static void
+checkPath(char *string)
+{
+    char *src;
+    char *dest;
+
+    /*
+     * windows support convert any back slashes to
+     * forward slashes.
+     */
+    for (src = string, dest = string; *src; src++, dest++) {
+        if (*src == '\\') {
+            *dest = '/';
+        }
+    }
+    dest--;
+    /* if the last char is a / set it to 0 */
+    if (*dest == '/')
+        *dest = 0;
+}
+
+static CK_SLOT_ID *
+getSlotList(CK_FUNCTION_LIST_PTR pFunctionList,
+            CK_ULONG slotIndex)
+{
+    CK_RV crv = CKR_OK;
+    CK_SLOT_ID *pSlotList = NULL;
+    CK_ULONG slotCount;
+
+    /* Get slot list */
+    crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
+                                       NULL, &slotCount);
+    if (crv != CKR_OK) {
+        pk11error("C_GetSlotList failed", crv);
+        return NULL;
+    }
+
+    if (slotIndex >= slotCount) {
+        PR_fprintf(PR_STDERR, "provided slotIndex is greater than the slot count.");
+        return NULL;
+    }
+
+    pSlotList = (CK_SLOT_ID *)PR_Malloc(slotCount * sizeof(CK_SLOT_ID));
+    if (!pSlotList) {
+        lperror("failed to allocate slot list");
+        return NULL;
+    }
+    crv = pFunctionList->C_GetSlotList(CK_FALSE /* all slots */,
+                                       pSlotList, &slotCount);
+    if (crv != CKR_OK) {
+        pk11error("C_GetSlotList failed", crv);
+        if (pSlotList)
+            PR_Free(pSlotList);
+        return NULL;
+    }
+    return pSlotList;
+}
+
+int
+main(int argc, char **argv)
+{
+    PLOptState *optstate;
+    char *program_name;
+    char *libname = NULL;
+    PRLibrary *lib = NULL;
+    PRFileDesc *fd;
+    PRStatus rv = PR_SUCCESS;
+    const char *input_file = NULL; /* read/create encrypted data from here */
+    char *output_file = NULL;      /* write new encrypted data here */
+    int bytesRead;
+    int bytesWritten;
+    unsigned char file_buf[512];
+    int count = 0;
+    unsigned int keySize = 0;
+    int i;
+    PRBool verify = PR_FALSE;
+    static PRBool FIPSMODE = PR_FALSE;
+    PRBool successful = PR_FALSE;
+
+#ifdef USES_LINKS
+    int ret;
+    struct stat stat_buf;
+    char link_buf[MAXPATHLEN + 1];
+    char *link_file = NULL;
+#endif
+
+    char *pwd = NULL;
+    char *configDir = NULL;
+    char *dbPrefix = NULL;
+    char *disableUnload = NULL;
+
+    CK_C_GetFunctionList pC_GetFunctionList;
+    CK_TOKEN_INFO tokenInfo;
+    CK_FUNCTION_LIST_PTR pFunctionList = NULL;
+    CK_RV crv = CKR_OK;
+    CK_SESSION_HANDLE hRwSession;
+    CK_SLOT_ID *pSlotList = NULL;
+    CK_ULONG slotIndex = 0;
+    CK_MECHANISM digestmech;
+    CK_ULONG digestLen = 0;
+    CK_BYTE digest[32]; /* SHA256_LENGTH */
+    CK_BYTE sign[64];   /* DSA SIGNATURE LENGTH */
+    CK_ULONG signLen = 0;
+    CK_MECHANISM signMech = {
+        CKM_DSA, NULL, 0
+    };
+
+    /*** DSA Key ***/
+
+    CK_MECHANISM dsaKeyPairGenMech;
+    CK_ATTRIBUTE dsaPubKeyTemplate[5];
+    CK_ATTRIBUTE dsaPrivKeyTemplate[5];
+    CK_OBJECT_HANDLE hDSApubKey = CK_INVALID_HANDLE;
+    CK_OBJECT_HANDLE hDSAprivKey = CK_INVALID_HANDLE;
+
+    CK_BYTE dsaPubKey[384];
+    CK_ATTRIBUTE dsaPubKeyValue;
+
+    program_name = strrchr(argv[0], '/');
+    program_name = program_name ? (program_name + 1) : argv[0];
+    optstate = PL_CreateOptState(argc, argv, "i:o:f:Fd:hH?k:p:P:vVs:");
+    if (optstate == NULL) {
+        lperror("PL_CreateOptState failed");
+        return 1;
+    }
+
+    while (PL_GetNextOpt(optstate) == PL_OPT_OK) {
+        switch (optstate->option) {
+
+            case 'd':
+                if (!optstate->value) {
+                    PL_DestroyOptState(optstate);
+                    usage(program_name);
+                }
+                configDir = PL_strdup(optstate->value);
+                checkPath(configDir);
+                break;
+
+            case 'i':
+                if (!optstate->value) {
+                    PL_DestroyOptState(optstate);
+                    usage(program_name);
+                }
+                input_file = optstate->value;
+                break;
+
+            case 'o':
+                if (!optstate->value) {
+                    PL_DestroyOptState(optstate);
+                    usage(program_name);
+                }
+                output_file = PL_strdup(optstate->value);
+                break;
+
+            case 'k':
+                if (!optstate->value) {
+                    PL_DestroyOptState(optstate);
+                    usage(program_name);
+                }
+                keySize = atoi(optstate->value);
+                break;
+
+            case 'f':
+                if (!optstate->value) {
+                    PL_DestroyOptState(optstate);
+                    usage(program_name);
+                }
+                pwd = filePasswd((char *)optstate->value);
+                if (!pwd)
+                    usage(program_name);
+                break;
+
+            case 'F':
+                FIPSMODE = PR_TRUE;
+                break;
+
+            case 'p':
+                if (!optstate->value) {
+                    PL_DestroyOptState(optstate);
+                    usage(program_name);
+                }
+                pwd = PL_strdup(optstate->value);
+                break;
+
+            case 'P':
+                if (!optstate->value) {
+                    PL_DestroyOptState(optstate);
+                    usage(program_name);
+                }
+                dbPrefix = PL_strdup(optstate->value);
+                break;
+
+            case 'v':
+                verbose = PR_TRUE;
+                break;
+
+            case 'V':
+                verify = PR_TRUE;
+                break;
+
+            case 'H':
+                PL_DestroyOptState(optstate);
+                long_usage(program_name);
+                return 1;
+                break;
+
+            case 'h':
+            case '?':
+            default:
+                PL_DestroyOptState(optstate);
+                usage(program_name);
+                return 1;
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    if (!input_file) {
+        usage(program_name);
+        return 1;
+    }
+
+    /* Get the platform-dependent library name of the
+     * NSS cryptographic module.
+     */
+    libname = PR_GetLibraryName(NULL, "softokn3");
+    assert(libname != NULL);
+    if (!libname) {
+        PR_fprintf(PR_STDERR, "getting softokn3 failed");
+        goto cleanup;
+    }
+    lib = PR_LoadLibrary(libname);
+    assert(lib != NULL);
+    if (!lib) {
+        PR_fprintf(PR_STDERR, "loading softokn3 failed");
+        goto cleanup;
+    }
+    PR_FreeLibraryName(libname);
+
+    if (FIPSMODE) {
+        /* FIPSMODE == FC_GetFunctionList */
+        /* library path must be set to an already signed softokn3/freebl */
+        pC_GetFunctionList = (CK_C_GetFunctionList)
+            PR_FindFunctionSymbol(lib, "FC_GetFunctionList");
+    } else {
+        /* NON FIPS mode  == C_GetFunctionList */
+        pC_GetFunctionList = (CK_C_GetFunctionList)
+            PR_FindFunctionSymbol(lib, "C_GetFunctionList");
+    }
+    assert(pC_GetFunctionList != NULL);
+    if (!pC_GetFunctionList) {
+        PR_fprintf(PR_STDERR, "getting function list failed");
+        goto cleanup;
+    }
+
+    crv = (*pC_GetFunctionList)(&pFunctionList);
+    assert(crv == CKR_OK);
+    if (crv != CKR_OK) {
+        PR_fprintf(PR_STDERR, "loading function list failed");
+        goto cleanup;
+    }
+
+    if (configDir) {
+        if (!dbPrefix) {
+            dbPrefix = PL_strdup("");
+        }
+        crv = softokn_Init(pFunctionList, configDir, dbPrefix);
+        if (crv != CKR_OK) {
+            logIt("Failed to use provided database directory "
+                  "will just initialize the volatile certdb.\n");
+            crv = softokn_Init(pFunctionList, NULL, NULL); /* NoDB Init */
+        }
+    } else {
+        crv = softokn_Init(pFunctionList, NULL, NULL); /* NoDB Init */
+    }
+
+    if (crv != CKR_OK) {
+        pk11error("Initiailzing softoken failed", crv);
+        goto cleanup;
+    }
+
+    pSlotList = getSlotList(pFunctionList, slotIndex);
+    if (pSlotList == NULL) {
+        PR_fprintf(PR_STDERR, "getSlotList failed");
+        goto cleanup;
+    }
+
+    if ((keySize == 0) || (keySize > 1024)) {
+        CK_MECHANISM_INFO mechInfo;
+        crv = pFunctionList->C_GetMechanismInfo(pSlotList[slotIndex],
+                                                CKM_DSA, &mechInfo);
+        if (crv != CKR_OK) {
+            pk11error("Couldn't get mechanism info for DSA", crv);
+            goto cleanup;
+        }
+
+        if (keySize && (mechInfo.ulMaxKeySize < keySize)) {
+            PR_fprintf(PR_STDERR,
+                       "token doesn't support DSA2 (Max key size=%d)\n",
+                       mechInfo.ulMaxKeySize);
+            goto cleanup;
+        }
+
+        if ((keySize == 0) && mechInfo.ulMaxKeySize >= 2048) {
+            keySize = 2048;
+        } else {
+            keySize = 1024;
+        }
+    }
+
+    /* DSA key init */
+    if (keySize == 1024) {
+        dsaPubKeyTemplate[0].type = CKA_PRIME;
+        dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime;
+        dsaPubKeyTemplate[0].ulValueLen = sizeof(prime);
+        dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+        dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime;
+        dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime);
+        dsaPubKeyTemplate[2].type = CKA_BASE;
+        dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base;
+        dsaPubKeyTemplate[2].ulValueLen = sizeof(base);
+        digestmech.mechanism = CKM_SHA_1;
+        digestmech.pParameter = NULL;
+        digestmech.ulParameterLen = 0;
+    } else if (keySize == 2048) {
+        dsaPubKeyTemplate[0].type = CKA_PRIME;
+        dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime2;
+        dsaPubKeyTemplate[0].ulValueLen = sizeof(prime2);
+        dsaPubKeyTemplate[1].type = CKA_SUBPRIME;
+        dsaPubKeyTemplate[1].pValue = (CK_VOID_PTR)&subprime2;
+        dsaPubKeyTemplate[1].ulValueLen = sizeof(subprime2);
+        dsaPubKeyTemplate[2].type = CKA_BASE;
+        dsaPubKeyTemplate[2].pValue = (CK_VOID_PTR)&base2;
+        dsaPubKeyTemplate[2].ulValueLen = sizeof(base2);
+        digestmech.mechanism = CKM_SHA256;
+        digestmech.pParameter = NULL;
+        digestmech.ulParameterLen = 0;
+    } else {
+        /* future - generate pqg */
+        PR_fprintf(PR_STDERR, "Only keysizes 1024 and 2048 are supported");
+        goto cleanup;
+    }
+    dsaPubKeyTemplate[3].type = CKA_TOKEN;
+    dsaPubKeyTemplate[3].pValue = &false; /* session object */
+    dsaPubKeyTemplate[3].ulValueLen = sizeof(false);
+    dsaPubKeyTemplate[4].type = CKA_VERIFY;
+    dsaPubKeyTemplate[4].pValue = &true;
+    dsaPubKeyTemplate[4].ulValueLen = sizeof(true);
+    dsaKeyPairGenMech.mechanism = CKM_DSA_KEY_PAIR_GEN;
+    dsaKeyPairGenMech.pParameter = NULL;
+    dsaKeyPairGenMech.ulParameterLen = 0;
+    dsaPrivKeyTemplate[0].type = CKA_TOKEN;
+    dsaPrivKeyTemplate[0].pValue = &false; /* session object */
+    dsaPrivKeyTemplate[0].ulValueLen = sizeof(false);
+    dsaPrivKeyTemplate[1].type = CKA_PRIVATE;
+    dsaPrivKeyTemplate[1].pValue = &true;
+    dsaPrivKeyTemplate[1].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[2].type = CKA_SENSITIVE;
+    dsaPrivKeyTemplate[2].pValue = &true;
+    dsaPrivKeyTemplate[2].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[3].type = CKA_SIGN,
+    dsaPrivKeyTemplate[3].pValue = &true;
+    dsaPrivKeyTemplate[3].ulValueLen = sizeof(true);
+    dsaPrivKeyTemplate[4].type = CKA_EXTRACTABLE;
+    dsaPrivKeyTemplate[4].pValue = &false;
+    dsaPrivKeyTemplate[4].ulValueLen = sizeof(false);
+
+    crv = pFunctionList->C_OpenSession(pSlotList[slotIndex],
+                                       CKF_RW_SESSION | CKF_SERIAL_SESSION,
+                                       NULL, NULL, &hRwSession);
+    if (crv != CKR_OK) {
+        pk11error("Opening a read/write session failed", crv);
+        goto cleanup;
+    }
+
+    /* check if a password is needed */
+    crv = pFunctionList->C_GetTokenInfo(pSlotList[slotIndex], &tokenInfo);
+    if (crv != CKR_OK) {
+        pk11error("C_GetTokenInfo failed", crv);
+        goto cleanup;
+    }
+    if (tokenInfo.flags & CKF_LOGIN_REQUIRED) {
+        if (pwd) {
+            int pwdLen = strlen((const char *)pwd);
+            crv = pFunctionList->C_Login(hRwSession, CKU_USER,
+                                         (CK_UTF8CHAR_PTR)pwd, (CK_ULONG)pwdLen);
+            if (crv != CKR_OK) {
+                pk11error("C_Login failed", crv);
+                goto cleanup;
+            }
+        } else {
+            PR_fprintf(PR_STDERR, "Please provide the password for the token");
+            goto cleanup;
+        }
+    } else if (pwd) {
+        logIt("A password was provided but the password was not used.\n");
+    }
+
+    /* Generate a DSA key pair */
+    logIt("Generate a DSA key pair ... \n");
+    crv = pFunctionList->C_GenerateKeyPair(hRwSession, &dsaKeyPairGenMech,
+                                           dsaPubKeyTemplate,
+                                           NUM_ELEM(dsaPubKeyTemplate),
+                                           dsaPrivKeyTemplate,
+                                           NUM_ELEM(dsaPrivKeyTemplate),
+                                           &hDSApubKey, &hDSAprivKey);
+    if (crv != CKR_OK) {
+        pk11error("DSA key pair generation failed", crv);
+        goto cleanup;
+    }
+
+    /* open the shared library */
+    fd = PR_OpenFile(input_file, PR_RDONLY, 0);
+    if (fd == NULL) {
+        lperror(input_file);
+        goto cleanup;
+    }
+#ifdef USES_LINKS
+    ret = lstat(input_file, &stat_buf);
+    if (ret < 0) {
+        perror(input_file);
+        goto cleanup;
+    }
+    if (S_ISLNK(stat_buf.st_mode)) {
+        char *dirpath, *dirend;
+        ret = readlink(input_file, link_buf, sizeof(link_buf) - 1);
+        if (ret < 0) {
+            perror(input_file);
+            goto cleanup;
+        }
+        link_buf[ret] = 0;
+        link_file = mkoutput(input_file);
+        /* get the dirname of input_file */
+        dirpath = PL_strdup(input_file);
+        dirend = strrchr(dirpath, '/');
+        if (dirend) {
+            *dirend = '\0';
+            ret = chdir(dirpath);
+            if (ret < 0) {
+                perror(dirpath);
+                goto cleanup;
+            }
+        }
+        PL_strfree(dirpath);
+        input_file = link_buf;
+        /* get the basename of link_file */
+        dirend = strrchr(link_file, '/');
+        if (dirend) {
+            char *tmp_file = NULL;
+            tmp_file = PL_strdup(dirend + 1);
+            PL_strfree(link_file);
+            link_file = tmp_file;
+        }
+    }
+#endif
+    if (output_file == NULL) {
+        output_file = mkoutput(input_file);
+    }
+
+    /* compute the digest */
+    memset(digest, 0, sizeof(digest));
+    crv = pFunctionList->C_DigestInit(hRwSession, &digestmech);
+    if (crv != CKR_OK) {
+        pk11error("C_DigestInit failed", crv);
+        goto cleanup;
+    }
+
+    /* Digest the file */
+    while ((bytesRead = PR_Read(fd, file_buf, sizeof(file_buf))) > 0) {
+        crv = pFunctionList->C_DigestUpdate(hRwSession, (CK_BYTE_PTR)file_buf,
+                                            bytesRead);
+        if (crv != CKR_OK) {
+            pk11error("C_DigestUpdate failed", crv);
+            goto cleanup;
+        }
+        count += bytesRead;
+    }
+
+    /* close the input_File */
+    PR_Close(fd);
+    fd = NULL;
+    if (bytesRead < 0) {
+        lperror("0 bytes read from input file");
+        goto cleanup;
+    }
+
+    digestLen = sizeof(digest);
+    crv = pFunctionList->C_DigestFinal(hRwSession, (CK_BYTE_PTR)digest,
+                                       &digestLen);
+    if (crv != CKR_OK) {
+        pk11error("C_DigestFinal failed", crv);
+        goto cleanup;
+    }
+
+    if (digestLen != sizeof(digest)) {
+        PR_fprintf(PR_STDERR, "digestLen has incorrect length %lu "
+                              "it should be %lu \n",
+                   digestLen, sizeof(digest));
+        goto cleanup;
+    }
+
+    /* sign the hash */
+    memset(sign, 0, sizeof(sign));
+    /* SignUpdate  */
+    crv = pFunctionList->C_SignInit(hRwSession, &signMech, hDSAprivKey);
+    if (crv != CKR_OK) {
+        pk11error("C_SignInit failed", crv);
+        goto cleanup;
+    }
+
+    signLen = sizeof(sign);
+    crv = pFunctionList->C_Sign(hRwSession, (CK_BYTE *)digest, digestLen,
+                                sign, &signLen);
+    if (crv != CKR_OK) {
+        pk11error("C_Sign failed", crv);
+        goto cleanup;
+    }
+
+    if (signLen != sizeof(sign)) {
+        PR_fprintf(PR_STDERR, "signLen has incorrect length %lu "
+                              "it should be %lu \n",
+                   signLen, sizeof(sign));
+        goto cleanup;
+    }
+
+    if (verify) {
+        crv = pFunctionList->C_VerifyInit(hRwSession, &signMech, hDSApubKey);
+        if (crv != CKR_OK) {
+            pk11error("C_VerifyInit failed", crv);
+            goto cleanup;
+        }
+        crv = pFunctionList->C_Verify(hRwSession, digest, digestLen,
+                                      sign, signLen);
+        if (crv != CKR_OK) {
+            pk11error("C_Verify failed", crv);
+            goto cleanup;
+        }
+    }
+
+    if (verbose) {
+        int j;
+        PR_fprintf(PR_STDERR, "Library File: %s %d bytes\n", input_file, count);
+        PR_fprintf(PR_STDERR, "Check File: %s\n", output_file);
+#ifdef USES_LINKS
+        if (link_file) {
+            PR_fprintf(PR_STDERR, "Link: %s\n", link_file);
+        }
+#endif
+        PR_fprintf(PR_STDERR, "  hash: %lu bytes\n", digestLen);
+#define STEP 10
+        for (i = 0; i < (int)digestLen; i += STEP) {
+            PR_fprintf(PR_STDERR, "   ");
+            for (j = 0; j < STEP && (i + j) < (int)digestLen; j++) {
+                PR_fprintf(PR_STDERR, " %02x", digest[i + j]);
+            }
+            PR_fprintf(PR_STDERR, "\n");
+        }
+        PR_fprintf(PR_STDERR, "  signature: %lu bytes\n", signLen);
+        for (i = 0; i < (int)signLen; i += STEP) {
+            PR_fprintf(PR_STDERR, "   ");
+            for (j = 0; j < STEP && (i + j) < (int)signLen; j++) {
+                PR_fprintf(PR_STDERR, " %02x", sign[i + j]);
+            }
+            PR_fprintf(PR_STDERR, "\n");
+        }
+    }
+
+    /* open the target signature file */
+    fd = PR_Open(output_file, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0666);
+    if (fd == NULL) {
+        lperror(output_file);
+        goto cleanup;
+    }
+
+    /*
+     * we write the key out in a straight binary format because very
+     * low level libraries need to read an parse this file. Ideally we should
+     * just derEncode the public key (which would be pretty simple, and be
+     * more general), but then we'd need to link the ASN.1 decoder with the
+     * freebl libraries.
+     */
+
+    file_buf[0] = NSS_SIGN_CHK_MAGIC1;
+    file_buf[1] = NSS_SIGN_CHK_MAGIC2;
+    file_buf[2] = NSS_SIGN_CHK_MAJOR_VERSION;
+    file_buf[3] = NSS_SIGN_CHK_MINOR_VERSION;
+    encodeInt(&file_buf[4], 12); /* offset to data start */
+    encodeInt(&file_buf[8], CKK_DSA);
+    bytesWritten = PR_Write(fd, file_buf, 12);
+    if (bytesWritten != 12) {
+        lperror(output_file);
+        goto cleanup;
+    }
+
+    /* get DSA Public KeyValue */
+    memset(dsaPubKey, 0, sizeof(dsaPubKey));
+    dsaPubKeyValue.type = CKA_VALUE;
+    dsaPubKeyValue.pValue = (CK_VOID_PTR)&dsaPubKey;
+    dsaPubKeyValue.ulValueLen = sizeof(dsaPubKey);
+
+    crv = pFunctionList->C_GetAttributeValue(hRwSession, hDSApubKey,
+                                             &dsaPubKeyValue, 1);
+    if (crv != CKR_OK && crv != CKR_ATTRIBUTE_TYPE_INVALID) {
+        pk11error("C_GetAttributeValue failed", crv);
+        goto cleanup;
+    }
+
+    /* CKA_PRIME */
+    rv = writeItem(fd, dsaPubKeyTemplate[0].pValue,
+                   dsaPubKeyTemplate[0].ulValueLen, output_file);
+    if (rv != PR_SUCCESS)
+        goto cleanup;
+    /* CKA_SUBPRIME */
+    rv = writeItem(fd, dsaPubKeyTemplate[1].pValue,
+                   dsaPubKeyTemplate[1].ulValueLen, output_file);
+    if (rv != PR_SUCCESS)
+        goto cleanup;
+    /* CKA_BASE */
+    rv = writeItem(fd, dsaPubKeyTemplate[2].pValue,
+                   dsaPubKeyTemplate[2].ulValueLen, output_file);
+    if (rv != PR_SUCCESS)
+        goto cleanup;
+    /* DSA Public Key value */
+    rv = writeItem(fd, dsaPubKeyValue.pValue,
+                   dsaPubKeyValue.ulValueLen, output_file);
+    if (rv != PR_SUCCESS)
+        goto cleanup;
+    /* DSA SIGNATURE */
+    rv = writeItem(fd, &sign, signLen, output_file);
+    if (rv != PR_SUCCESS)
+        goto cleanup;
+    PR_Close(fd);
+
+#ifdef USES_LINKS
+    if (link_file) {
+        (void)unlink(link_file);
+        ret = symlink(output_file, link_file);
+        if (ret < 0) {
+            perror(link_file);
+            goto cleanup;
+        }
+    }
+#endif
+
+    successful = PR_TRUE;
+
+cleanup:
+    if (pFunctionList) {
+        /* C_Finalize will automatically logout, close session, */
+        /* and delete the temp objects on the token */
+        crv = pFunctionList->C_Finalize(NULL);
+        if (crv != CKR_OK) {
+            pk11error("C_Finalize failed", crv);
+        }
+    }
+    if (pSlotList) {
+        PR_Free(pSlotList);
+    }
+    if (pwd) {
+        PL_strfree(pwd);
+    }
+    if (configDir) {
+        PL_strfree(configDir);
+    }
+    if (dbPrefix) {
+        PL_strfree(dbPrefix);
+    }
+    if (output_file) { /* allocated by mkoutput function */
+        PL_strfree(output_file);
+    }
+#ifdef USES_LINKS
+    if (link_file) { /* allocated by mkoutput function */
+        PL_strfree(link_file);
+    }
+#endif
+
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+    if (!disableUnload && lib) {
+        PR_UnloadLibrary(lib);
+    }
+    PR_Cleanup();
+
+    if (crv != CKR_OK)
+        return crv;
+
+    return (successful) ? 0 : 1;
+}
diff --git a/nss/cmd/shlibsign/shlibsign.gyp b/nss/cmd/shlibsign/shlibsign.gyp
new file mode 100644
index 0000000..75612c0
--- /dev/null
+++ b/nss/cmd/shlibsign/shlibsign.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'shlibsign',
+      'type': 'executable',
+      'sources': [
+        'shlibsign.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+      'SHLIB_PREFIX=\"<(dll_prefix)\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/shlibsign/sign.cmd b/nss/cmd/shlibsign/sign.cmd
new file mode 100644
index 0000000..db37411
--- /dev/null
+++ b/nss/cmd/shlibsign/sign.cmd
@@ -0,0 +1,25 @@
+rem This Source Code Form is subject to the terms of the Mozilla Public
+rem License, v. 2.0. If a copy of the MPL was not distributed with this
+rem file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+/* Equivalent to sign.sh for OS/2 */
+PARSE ARG dist objdir os_target nspr_lib_dir therest
+dist=forwardtoback(dist);
+objdir=forwardtoback(objdir);
+nspr_lib_dir=forwardtoback(nspr_lib_dir);
+'echo 'dist
+'echo 'objdir
+'echo 'nspr_lib_dir
+'set BEGINLIBPATH='dist'\lib;'nspr_lib_dir';'dist'\bin;%BEGINLIBPATH%'
+'set LIBPATHSTRICT=T'
+objdir'\shlibsign -v -i 'therest
+exit
+
+forwardtoback: procedure
+  arg pathname
+  parse var pathname pathname'/'rest
+  do while (rest <> "")
+    pathname = pathname'\'rest
+    parse var pathname pathname'/'rest
+  end
+  return pathname
diff --git a/nss/cmd/shlibsign/sign.sh b/nss/cmd/shlibsign/sign.sh
new file mode 100644
index 0000000..d8bd837
--- /dev/null
+++ b/nss/cmd/shlibsign/sign.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# arguments:
+# 1: full path to DIST/OBJDIR (parent dir of "lib")
+# 2: full path to shlibsign executable (DIST/OBJDIR/bin)
+# 3: OS_TARGET
+# 4: full path to DIST/OBJDIR/lib
+# 5: full path to library that is to be signed
+
+case "${3}" in
+WIN*)
+    if echo "${PATH}" | grep -c \; >/dev/null; then
+        PATH=${1}/lib\;${1}/bin\;${4}\;${PATH}
+    else
+        # ARG1 is ${1} with the drive letter escaped.
+        if echo "${1}" | grep -c : >/dev/null; then
+            ARG1=`(cd ${1}; pwd)`
+        else
+            ARG1=${1}
+        fi
+        if echo "${4}" | grep -c : >/dev/null; then
+            ARG4=`(cd ${4}; pwd)`
+        else
+            ARG4=${4}
+        fi
+        PATH=${ARG1}/lib:${ARG1}/bin:${ARG4}:${PATH}
+    fi
+    export PATH
+    echo "${2}"/shlibsign -v -i "${5}"
+    "${2}"/shlibsign -v -i "${5}"
+    ;;
+*)
+    LIBPATH=`(cd "${1}"/lib; pwd)`:`(cd "${4}"; pwd)`:$LIBPATH
+    export LIBPATH
+    SHLIB_PATH=${1}/lib:${4}:$SHLIB_PATH
+    export SHLIB_PATH
+    LD_LIBRARY_PATH=${1}/lib:${4}:$LD_LIBRARY_PATH
+    export LD_LIBRARY_PATH
+    DYLD_LIBRARY_PATH=${1}/lib:${4}:$DYLD_LIBRARY_PATH
+    export DYLD_LIBRARY_PATH
+    LIBRARY_PATH=${1}/lib:${4}:$LIBRARY_PATH
+    export LIBRARY_PATH
+    ADDON_PATH=${1}/lib:${4}:$ADDON_PATH
+    export ADDON_PATH
+    echo "${2}"/shlibsign -v -i "${5}"
+    "${2}"/shlibsign -v -i "${5}"
+    ;;
+esac
diff --git a/nss/cmd/signtool/Makefile b/nss/cmd/signtool/Makefile
new file mode 100644
index 0000000..408ee6d
--- /dev/null
+++ b/nss/cmd/signtool/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+include $(CORE_DEPTH)/coreconf/zlib.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/signtool/README b/nss/cmd/signtool/README
new file mode 100644
index 0000000..100fb27
--- /dev/null
+++ b/nss/cmd/signtool/README
@@ -0,0 +1,128 @@
+                      Signing Tool (signtool)
+                         3.10 Release Notes
+               ========================================
+
+Documentation is provided online at mozilla.org
+
+Problems or questions not covered by the online documentation can be
+discussed in the DevEdge Security Newsgroup.
+
+=== New Features in 3.10
+=======================
+One new option (-X) has been added to create a Mozilla aware signed XPI archive. 
+The option must be accompanied by the -Z option. This new option
+creates a JAR file with the META-INF/zigbert.rsa/dsa file as the first file in 
+the archive instead of the default third to last. This will enable the archive
+to be seen as signed by products incorporating XPInstall. i.e. .xpi extensions
+for FireFox or Mozilla.
+
+=== New Features in 1.3
+=======================
+
+The security library components have been upgraded to utilize NSS_2_7_1_RTM.
+This means that the maximum RSA keysize now supported should be 4096 bits.
+
+=== Zigbert 0.6 Support
+=======================
+This program was previously named Zigbert.  The last version of zigbert
+was Zigbert 0.6.  Because all the functionality of Zigbert is maintained in
+signtool 1.2, Zigbert is no longer supported.  If you have problems
+using Zigbert, please upgrade to signtool 1.2.
+
+=== New Features in 1.2
+=======================
+
+Certificate Generation Improvements
+-----------------------------------
+Two new options have been added to control generation of self-signed object
+signing certificates with the -G option. The -s option takes the size (in bits)
+of the generated RSA private key.  The -t option takes the name of the PKCS #11
+token on which to generate the keypair and install the certificate.  Both
+options are optional.  By default, the private key is 1024 bits and is generated
+on the internal software token.
+
+
+=== New Features in 1.1
+=======================
+
+File I/O
+--------
+Signtool can now read its options from a command file specified with the -f
+option on the command line. The format for the file is described in the
+documentation.
+Error messages and informational output can be redirected to an output file
+by supplying the "--outfile" option on the command line or the "outfile="
+option in the command file.
+
+New Options
+-----------
+"--norecurse" tells Signtool not to recurse into subdirectories when signing
+directories or parsing HTML with the -J option.
+"--leavearc" tells Signtool not to delete the temporary .arc directories
+produced by the -J option.  This can aid debugging.
+"--verbosity" tells Signtool how much information to display. 0 is the
+default. -1 suppresses most messages, except for errors.
+
+=== Bug Fixes in 1.1
+====================
+
+-J option revamped
+------------------
+The -J option, which parses HTML files, extracts Java and Javascript code,
+and stores them in signed JAR files, has been re-implemented. Several bugs
+have been fixed:
+- CODEBASE attribute is no longer ignored
+- CLASS and SRC attributes can be be paths ("xxx/xxx/x.class") rather than
+  just filenames ("x.class").
+- LINK tags are handled correctly
+- various HTML parsing bugs fixed
+- error messages are more informative
+
+No Password on Key Database
+---------------------------
+If you had not yet set a Communicator password (which locks key3.db, the
+key database), signtool would fail with a cryptic error message whenever it
+attempted to verify the password.  Now this condition is detected at the
+beginning of the program, and a more informative message is displayed.
+
+-x and -e Options
+-----------------
+Previously, only one of each of these options could be specified on the command
+line. Now arbitrarily many can be specified.  For example, to sign only files
+with .class or .js extensions, the arguments "-eclass -ejs" could both be
+specified. To exclude the directories "subdir1" and "subdir2" from signing,
+the arguments "-x subdir1 -x subdir2" could both be specified.
+
+New Features in 1.0
+===================
+
+Creation of JAR files
+----------------------
+The -Z option causes signtool to output a JAR file formed by storing the
+signed archive in ZIP format.  This eliminates the need to use a separate ZIP
+utility.  The -c option specifies the compression level of the resulting
+JAR file.
+
+Generation of Object-Signing Certificates and Keys
+--------------------------------------------------
+The -G option will create a new, self-signed object-signing certificate
+which can be used for testing purposes.  The generated certificate and 
+associated public and private keys will be installed in the cert7.db and
+key3.db files in the directory specified with the -d option (unless the key
+is generated on an external token using the -t option). On Unix systems,
+if no directory is specified, the user's Netscape directory (~/.netscape)
+will be used. In addition, the certificate is output in X509 format to the
+files x509.raw and x509.cacert in the current directory.  x509.cacert can
+be published on a web page and imported into browsers that visit that page.
+
+Extraction and Signing of JavaScript from HTML
+----------------------------------------------
+The -J option activates the same functionality provided by the signpages
+Perl script.  It will parse a directory of html files, creating archives
+of the JavaScript called from the HTML. These archives are then signed and
+made into JAR files.
+
+Enhanced Smart Card Support
+---------------------------
+Certificates that reside on smart cards are displayed when using the -L and
+-l options.
diff --git a/nss/cmd/signtool/certgen.c b/nss/cmd/signtool/certgen.c
new file mode 100644
index 0000000..e095a01
--- /dev/null
+++ b/nss/cmd/signtool/certgen.c
@@ -0,0 +1,713 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "signtool.h"
+
+#include "secoid.h"
+#include "cryptohi.h"
+#include "certdb.h"
+
+static char *GetSubjectFromUser(unsigned long serial);
+static CERTCertificate *GenerateSelfSignedObjectSigningCert(char *nickname,
+                                                            CERTCertDBHandle *db, char *subject, unsigned long serial, int keysize,
+                                                            char *token);
+static SECStatus ChangeTrustAttributes(CERTCertDBHandle *db,
+                                       CERTCertificate *cert, char *trusts);
+static SECStatus set_cert_type(CERTCertificate *cert, unsigned int type);
+static SECItem *sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk);
+static CERTCertificate *install_cert(CERTCertDBHandle *db, SECItem *derCert,
+                                     char *nickname);
+static SECStatus GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
+                                 SECKEYPrivateKey **privk, int keysize);
+static CERTCertificateRequest *make_cert_request(char *subject,
+                                                 SECKEYPublicKey *pubk);
+static CERTCertificate *make_cert(CERTCertificateRequest *req,
+                                  unsigned long serial, CERTName *ca_subject);
+static void output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db);
+
+/***********************************************************************
+ *
+ * G e n e r a t e C e r t
+ *
+ * Runs the whole process of creating a new cert, getting info from the
+ * user, etc.
+ */
+int
+GenerateCert(char *nickname, int keysize, char *token)
+{
+    CERTCertDBHandle *db;
+    CERTCertificate *cert;
+    char *subject;
+    unsigned long serial;
+    char stdinbuf[160];
+
+    /* Print warning about having the browser open */
+    PR_fprintf(PR_STDOUT /*always go to console*/,
+               "\nWARNING: Performing this operation while the browser is running could cause"
+               "\ncorruption of your security databases. If the browser is currently running,"
+               "\nyou should exit the browser before continuing this operation. Enter "
+               "\n\"y\" to continue, or anything else to abort: ");
+    pr_fgets(stdinbuf, 160, PR_STDIN);
+    PR_fprintf(PR_STDOUT, "\n");
+    if (tolower(stdinbuf[0]) != 'y') {
+        PR_fprintf(errorFD, "Operation aborted at user's request.\n");
+        errorCount++;
+        return -1;
+    }
+
+    db = CERT_GetDefaultCertDB();
+    if (!db) {
+        FatalError("Unable to open certificate database");
+    }
+
+    if (PK11_FindCertFromNickname(nickname, &pwdata)) {
+        PR_fprintf(errorFD,
+                   "ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
+                   "must choose a different nickname.\n",
+                   nickname);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    LL_L2UI(serial, PR_Now());
+
+    subject = GetSubjectFromUser(serial);
+    if (!subject) {
+        FatalError("Unable to get subject from user");
+    }
+
+    cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject,
+                                               serial, keysize, token);
+
+    if (cert) {
+        output_ca_cert(cert, db);
+        CERT_DestroyCertificate(cert);
+    }
+
+    PORT_Free(subject);
+    return 0;
+}
+
+#undef VERBOSE_PROMPTS
+
+/*********************************************************************8
+ * G e t S u b j e c t F r o m U s e r
+ *
+ * Construct the subject information line for a certificate by querying
+ * the user on stdin.
+ */
+static char *
+GetSubjectFromUser(unsigned long serial)
+{
+    char buf[STDIN_BUF_SIZE];
+    char common_name_buf[STDIN_BUF_SIZE];
+    char *common_name, *state, *orgunit, *country, *org, *locality;
+    char *email, *uid;
+    char *subject;
+    char *cp;
+    int subjectlen = 0;
+
+    common_name = state = orgunit = country = org = locality = email =
+        uid = subject = NULL;
+
+    /* Get subject information */
+    PR_fprintf(PR_STDOUT,
+               "\nEnter certificate information.  All fields are optional. Acceptable\n"
+               "characters are numbers, letters, spaces, and apostrophes.\n");
+
+#ifdef VERBOSE_PROMPTS
+    PR_fprintf(PR_STDOUT, "\nCOMMON NAME\n"
+                          "Enter the full name you want to give your certificate. (Example: Test-Only\n"
+                          "Object Signing Certificate)\n"
+                          "-->");
+#else
+    PR_fprintf(PR_STDOUT, "certificate common name: ");
+#endif
+    if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
+        return NULL;
+    }
+    cp = chop(buf);
+    if (*cp == '\0') {
+        sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME,
+                serial);
+        cp = common_name_buf;
+    }
+    common_name = PORT_ZAlloc(strlen(cp) + 6);
+    if (!common_name) {
+        out_of_memory();
+    }
+    sprintf(common_name, "CN=%s, ", cp);
+    subjectlen += strlen(common_name);
+
+#ifdef VERBOSE_PROMPTS
+    PR_fprintf(PR_STDOUT, "\nORGANIZATION NAME\n"
+                          "Enter the name of your organization. For example, this could be the name\n"
+                          "of your company.\n"
+                          "-->");
+#else
+    PR_fprintf(PR_STDOUT, "organization: ");
+#endif
+    if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
+        return NULL;
+    }
+    cp = chop(buf);
+    if (*cp != '\0') {
+        org = PORT_ZAlloc(strlen(cp) + 5);
+        if (!org) {
+            out_of_memory();
+        }
+        sprintf(org, "O=%s, ", cp);
+        subjectlen += strlen(org);
+    }
+
+#ifdef VERBOSE_PROMPTS
+    PR_fprintf(PR_STDOUT, "\nORGANIZATION UNIT\n"
+                          "Enter the name of your organization unit.  For example, this could be the\n"
+                          "name of your department.\n"
+                          "-->");
+#else
+    PR_fprintf(PR_STDOUT, "organization unit: ");
+#endif
+    if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
+        return NULL;
+    }
+    cp = chop(buf);
+    if (*cp != '\0') {
+        orgunit = PORT_ZAlloc(strlen(cp) + 6);
+        if (!orgunit) {
+            out_of_memory();
+        }
+        sprintf(orgunit, "OU=%s, ", cp);
+        subjectlen += strlen(orgunit);
+    }
+
+#ifdef VERBOSE_PROMPTS
+    PR_fprintf(PR_STDOUT, "\nSTATE\n"
+                          "Enter the name of your state or province.\n"
+                          "-->");
+#else
+    PR_fprintf(PR_STDOUT, "state or province: ");
+#endif
+    if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
+        return NULL;
+    }
+    cp = chop(buf);
+    if (*cp != '\0') {
+        state = PORT_ZAlloc(strlen(cp) + 6);
+        if (!state) {
+            out_of_memory();
+        }
+        sprintf(state, "ST=%s, ", cp);
+        subjectlen += strlen(state);
+    }
+
+#ifdef VERBOSE_PROMPTS
+    PR_fprintf(PR_STDOUT, "\nCOUNTRY\n"
+                          "Enter the 2-character abbreviation for the name of your country.\n"
+                          "-->");
+#else
+    PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): ");
+#endif
+    if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
+        return NULL;
+    }
+    cp = chop(cp);
+    if (strlen(cp) != 2) {
+        *cp = '\0'; /* country code must be 2 chars */
+    }
+    if (*cp != '\0') {
+        country = PORT_ZAlloc(strlen(cp) + 5);
+        if (!country) {
+            out_of_memory();
+        }
+        sprintf(country, "C=%s, ", cp);
+        subjectlen += strlen(country);
+    }
+
+#ifdef VERBOSE_PROMPTS
+    PR_fprintf(PR_STDOUT, "\nUSERNAME\n"
+                          "Enter your system username or UID\n"
+                          "-->");
+#else
+    PR_fprintf(PR_STDOUT, "username: ");
+#endif
+    if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
+        return NULL;
+    }
+    cp = chop(buf);
+    if (*cp != '\0') {
+        uid = PORT_ZAlloc(strlen(cp) + 7);
+        if (!uid) {
+            out_of_memory();
+        }
+        sprintf(uid, "UID=%s, ", cp);
+        subjectlen += strlen(uid);
+    }
+
+#ifdef VERBOSE_PROMPTS
+    PR_fprintf(PR_STDOUT, "\nEMAIL ADDRESS\n"
+                          "Enter your email address.\n"
+                          "-->");
+#else
+    PR_fprintf(PR_STDOUT, "email address: ");
+#endif
+    if (!fgets(buf, STDIN_BUF_SIZE, stdin)) {
+        return NULL;
+    }
+    cp = chop(buf);
+    if (*cp != '\0') {
+        email = PORT_ZAlloc(strlen(cp) + 5);
+        if (!email) {
+            out_of_memory();
+        }
+        sprintf(email, "E=%s,", cp);
+        subjectlen += strlen(email);
+    }
+
+    subjectlen++;
+
+    subject = PORT_ZAlloc(subjectlen);
+    if (!subject) {
+        out_of_memory();
+    }
+
+    sprintf(subject, "%s%s%s%s%s%s%s",
+            common_name ? common_name : "",
+            org ? org : "",
+            orgunit ? orgunit : "",
+            state ? state : "",
+            country ? country : "",
+            uid ? uid : "",
+            email ? email : "");
+    if ((strlen(subject) > 1) && (subject[strlen(subject) - 1] == ' ')) {
+        subject[strlen(subject) - 2] = '\0';
+    }
+
+    PORT_Free(common_name);
+    PORT_Free(org);
+    PORT_Free(orgunit);
+    PORT_Free(state);
+    PORT_Free(country);
+    PORT_Free(uid);
+    PORT_Free(email);
+
+    return subject;
+}
+
+/**************************************************************************
+ *
+ * G e n e r a t e S e l f S i g n e d O b j e c t S i g n i n g C e r t
+ *														   		  *phew*^
+ *
+ */
+static CERTCertificate *
+GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db,
+                                    char *subject, unsigned long serial, int keysize, char *token)
+{
+    CERTCertificate *cert, *temp_cert;
+    SECItem *derCert;
+    CERTCertificateRequest *req;
+
+    PK11SlotInfo *slot = NULL;
+    SECKEYPrivateKey *privk = NULL;
+    SECKEYPublicKey *pubk = NULL;
+
+    if (token) {
+        slot = PK11_FindSlotByName(token);
+    } else {
+        slot = PK11_GetInternalKeySlot();
+    }
+
+    if (slot == NULL) {
+        PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n",
+                   token ? token : "");
+        errorCount++;
+        exit(ERRX);
+    }
+
+    if (GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) {
+        FatalError("Error generating keypair.");
+    }
+    req = make_cert_request(subject, pubk);
+    temp_cert = make_cert(req, serial, &req->subject);
+    if (set_cert_type(temp_cert,
+                      NS_CERT_TYPE_OBJECT_SIGNING |
+                          NS_CERT_TYPE_OBJECT_SIGNING_CA) !=
+        SECSuccess) {
+        FatalError("Unable to set cert type");
+    }
+
+    derCert = sign_cert(temp_cert, privk);
+    cert = install_cert(db, derCert, nickname);
+    if (ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) {
+        FatalError("Unable to change trust on generated certificate");
+    }
+
+    /* !!! Free memory ? !!! */
+    PK11_FreeSlot(slot);
+    SECKEY_DestroyPrivateKey(privk);
+    SECKEY_DestroyPublicKey(pubk);
+    CERT_DestroyCertificate(temp_cert);
+    CERT_DestroyCertificateRequest(req);
+
+    return cert;
+}
+
+/**************************************************************************
+ *
+ * C h a n g e T r u s t A t t r i b u t e s
+ */
+static SECStatus
+ChangeTrustAttributes(CERTCertDBHandle *db, CERTCertificate *cert, char *trusts)
+{
+
+    CERTCertTrust *trust;
+
+    if (!db || !cert || !trusts) {
+        PR_fprintf(errorFD, "ChangeTrustAttributes got incomplete arguments.\n");
+        errorCount++;
+        return SECFailure;
+    }
+
+    trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
+    if (!trust) {
+        PR_fprintf(errorFD, "ChangeTrustAttributes unable to allocate "
+                            "CERTCertTrust\n");
+        errorCount++;
+        return SECFailure;
+    }
+
+    if (CERT_DecodeTrustString(trust, trusts)) {
+        return SECFailure;
+    }
+
+    if (CERT_ChangeCertTrust(db, cert, trust)) {
+        PR_fprintf(errorFD, "unable to modify trust attributes for cert %s\n",
+                   cert->nickname ? cert->nickname : "");
+        errorCount++;
+        return SECFailure;
+    }
+
+    PORT_Free(trust);
+    return SECSuccess;
+}
+
+/*************************************************************************
+ *
+ * s e t _ c e r t _ t y p e
+ */
+static SECStatus
+set_cert_type(CERTCertificate *cert, unsigned int type)
+{
+    void *context;
+    SECStatus status = SECSuccess;
+    SECItem certType;
+    char ctype;
+
+    context = CERT_StartCertExtensions(cert);
+
+    certType.type = siBuffer;
+    certType.data = (unsigned char *)&ctype;
+    certType.len = 1;
+    ctype = (unsigned char)type;
+    if (CERT_EncodeAndAddBitStrExtension(context, SEC_OID_NS_CERT_EXT_CERT_TYPE,
+                                         &certType, PR_TRUE /*critical*/) !=
+        SECSuccess) {
+        status = SECFailure;
+    }
+
+    if (CERT_FinishExtensions(context) != SECSuccess) {
+        status = SECFailure;
+    }
+
+    return status;
+}
+
+/********************************************************************
+ *
+ * s i g n _ c e r t
+ */
+static SECItem *
+sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk)
+{
+    SECStatus rv;
+
+    SECItem der2;
+    SECItem *result2;
+
+    SECOidTag alg = SEC_OID_UNKNOWN;
+
+    alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN);
+    if (alg == SEC_OID_UNKNOWN) {
+        FatalError("Unknown key type");
+    }
+
+    rv = SECOID_SetAlgorithmID(cert->arena, &cert->signature, alg, 0);
+
+    if (rv != SECSuccess) {
+        PR_fprintf(errorFD, "%s: unable to set signature alg id\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    der2.len = 0;
+    der2.data = NULL;
+
+    (void)SEC_ASN1EncodeItem(cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate));
+
+    if (rv != SECSuccess) {
+        PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    result2 = (SECItem *)PORT_ArenaZAlloc(cert->arena, sizeof(SECItem));
+    if (result2 == NULL)
+        out_of_memory();
+
+    rv = SEC_DerSignData(cert->arena, result2, der2.data, der2.len, privk, alg);
+
+    if (rv != SECSuccess) {
+        PR_fprintf(errorFD, "can't sign encoded certificate data\n");
+        errorCount++;
+        exit(ERRX);
+    } else if (verbosity >= 0) {
+        PR_fprintf(outputFD, "certificate has been signed\n");
+    }
+
+    cert->derCert = *result2;
+
+    return result2;
+}
+
+/*********************************************************************
+ *
+ * i n s t a l l _ c e r t
+ *
+ * Installs the cert in the permanent database.
+ */
+static CERTCertificate *
+install_cert(CERTCertDBHandle *db, SECItem *derCert, char *nickname)
+{
+    CERTCertificate *newcert;
+    PK11SlotInfo *newSlot;
+
+    newSlot = PK11_ImportDERCertForKey(derCert, nickname, &pwdata);
+    if (newSlot == NULL) {
+        PR_fprintf(errorFD, "Unable to install certificate\n");
+        errorCount++;
+        exit(ERRX);
+    }
+
+    newcert = PK11_FindCertFromDERCertItem(newSlot, derCert, &pwdata);
+    PK11_FreeSlot(newSlot);
+    if (newcert == NULL) {
+        PR_fprintf(errorFD, "%s: can't find new certificate\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "certificate \"%s\" added to database\n",
+                   nickname);
+    }
+
+    return newcert;
+}
+
+/******************************************************************
+ *
+ * G e n e r a t e K e y P a i r
+ */
+static SECStatus
+GenerateKeyPair(PK11SlotInfo *slot, SECKEYPublicKey **pubk,
+                SECKEYPrivateKey **privk, int keysize)
+{
+
+    PK11RSAGenParams rsaParams;
+
+    if (keysize == -1) {
+        rsaParams.keySizeInBits = DEFAULT_RSA_KEY_SIZE;
+    } else {
+        rsaParams.keySizeInBits = keysize;
+    }
+    rsaParams.pe = 0x10001;
+
+    if (PK11_Authenticate(slot, PR_FALSE /*loadCerts*/, &pwdata) !=
+        SECSuccess) {
+        SECU_PrintError(progName, "failure authenticating to key database.\n");
+        exit(ERRX);
+    }
+
+    *privk = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams,
+
+                                  pubk, PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, &pwdata);
+
+    if (*privk != NULL && *pubk != NULL) {
+        if (verbosity >= 0) {
+            PR_fprintf(outputFD, "generated public/private key pair\n");
+        }
+    } else {
+        SECU_PrintError(progName, "failure generating key pair\n");
+        exit(ERRX);
+    }
+
+    return SECSuccess;
+}
+
+/******************************************************************
+ *
+ * m a k e _ c e r t _ r e q u e s t
+ */
+static CERTCertificateRequest *
+make_cert_request(char *subject, SECKEYPublicKey *pubk)
+{
+    CERTName *subj;
+    CERTSubjectPublicKeyInfo *spki;
+
+    CERTCertificateRequest *req;
+
+    /* Create info about public key */
+    spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
+    if (!spki) {
+        SECU_PrintError(progName, "unable to create subject public key");
+        exit(ERRX);
+    }
+
+    subj = CERT_AsciiToName(subject);
+    if (subj == NULL) {
+        FatalError("Invalid data in certificate description");
+    }
+
+    /* Generate certificate request */
+    req = CERT_CreateCertificateRequest(subj, spki, 0);
+    if (!req) {
+        SECU_PrintError(progName, "unable to make certificate request");
+        exit(ERRX);
+    }
+
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+    CERT_DestroyName(subj);
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "certificate request generated\n");
+    }
+
+    return req;
+}
+
+/******************************************************************
+ *
+ * m a k e _ c e r t
+ */
+static CERTCertificate *
+make_cert(CERTCertificateRequest *req, unsigned long serial,
+          CERTName *ca_subject)
+{
+    CERTCertificate *cert;
+
+    CERTValidity *validity = NULL;
+
+    PRTime now, after;
+    PRExplodedTime printableTime;
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_GMTParameters, &printableTime);
+
+    printableTime.tm_month += 3;
+    after = PR_ImplodeTime(&printableTime);
+
+    validity = CERT_CreateValidity(now, after);
+
+    if (validity == NULL) {
+        PR_fprintf(errorFD, "%s: error creating certificate validity\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    cert = CERT_CreateCertificate(serial, ca_subject, validity, req);
+    CERT_DestroyValidity(validity);
+
+    if (cert == NULL) {
+        /* should probably be more precise here */
+        PR_fprintf(errorFD, "%s: error while generating certificate\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    return cert;
+}
+
+/*************************************************************************
+ *
+ * o u t p u t _ c a _ c e r t
+ */
+static void
+output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db)
+{
+    FILE *out;
+
+    SECItem *encodedCertChain;
+    SEC_PKCS7ContentInfo *certChain;
+    char *filename, *certData;
+
+    /* the raw */
+
+    filename = PORT_ZAlloc(strlen(DEFAULT_X509_BASENAME) + 8);
+    if (!filename)
+        out_of_memory();
+
+    sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME);
+    if ((out = fopen(filename, "wb")) == NULL) {
+        PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
+                   filename);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    certChain = SEC_PKCS7CreateCertsOnly(cert, PR_TRUE, db);
+    encodedCertChain =
+        SEC_PKCS7EncodeItem(NULL, NULL, certChain, NULL, NULL, NULL);
+    SEC_PKCS7DestroyContentInfo(certChain);
+
+    if (encodedCertChain) {
+        fprintf(out, "Content-type: application/x-x509-ca-cert\n\n");
+        fwrite(encodedCertChain->data, 1, encodedCertChain->len,
+               out);
+        SECITEM_FreeItem(encodedCertChain, PR_TRUE);
+    } else {
+        PR_fprintf(errorFD, "%s: Can't DER encode this certificate\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    fclose(out);
+
+    /* and the cooked */
+
+    sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME);
+    if ((out = fopen(filename, "wb")) == NULL) {
+        PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME,
+                   filename);
+        errorCount++;
+        return;
+    }
+
+    certData = BTOA_DataToAscii(cert->derCert.data, cert->derCert.len);
+    fprintf(out, "%s\n%s\n%s\n", NS_CERT_HEADER, certData, NS_CERT_TRAILER);
+    PORT_Free(certData);
+
+    PORT_Free(filename);
+    fclose(out);
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "Exported certificate to %s.raw and %s.cacert.\n",
+                   DEFAULT_X509_BASENAME, DEFAULT_X509_BASENAME);
+    }
+}
diff --git a/nss/cmd/signtool/javascript.c b/nss/cmd/signtool/javascript.c
new file mode 100644
index 0000000..746f724
--- /dev/null
+++ b/nss/cmd/signtool/javascript.c
@@ -0,0 +1,1817 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "signtool.h"
+#include <prmem.h>
+#include <prio.h>
+#include <prenv.h>
+
+static int javascript_fn(char *relpath, char *basedir, char *reldir,
+                         char *filename, void *arg);
+static int extract_js(char *filename);
+static int copyinto(char *from, char *to);
+static PRStatus ensureExists(char *base, char *path);
+static int make_dirs(char *path, PRInt32 file_perms);
+
+static char *jartree = NULL;
+static int idOrdinal;
+static PRBool dumpParse = PR_FALSE;
+
+static char *event_handlers[] = {
+    "onAbort",
+    "onBlur",
+    "onChange",
+    "onClick",
+    "onDblClick",
+    "onDragDrop",
+    "onError",
+    "onFocus",
+    "onKeyDown",
+    "onKeyPress",
+    "onKeyUp",
+    "onLoad",
+    "onMouseDown",
+    "onMouseMove",
+    "onMouseOut",
+    "onMouseOver",
+    "onMouseUp",
+    "onMove",
+    "onReset",
+    "onResize",
+    "onSelect",
+    "onSubmit",
+    "onUnload"
+};
+
+static int num_handlers = 23;
+
+/*
+ *  I n l i n e J a v a S c r i p t
+ *
+ *  Javascript signing. Instead of passing an archive to signtool,
+ *  a directory containing html files is given. Archives are created
+ *  from the archive= and src= tag attributes inside the html,
+ *  as appropriate. Then the archives are signed.
+ *
+ */
+int
+InlineJavaScript(char *dir, PRBool recurse)
+{
+    jartree = dir;
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n",
+                   dir);
+    }
+    if (PR_GetEnvSecure("SIGNTOOL_DUMP_PARSE")) {
+        dumpParse = PR_TRUE;
+    }
+
+    return foreach (dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/,
+                    (void *)NULL);
+}
+
+/************************************************************************
+ *
+ * j a v a s c r i p t _ f n
+ */
+static int
+javascript_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
+{
+    char fullname[FNSIZE];
+
+    /* only process inline scripts from .htm, .html, and .shtml*/
+
+    if (!(PL_strcaserstr(filename, ".htm") == filename + strlen(filename) - 4) &&
+        !(PL_strcaserstr(filename, ".html") == filename + strlen(filename) - 5) &&
+        !(PL_strcaserstr(filename, ".shtml") == filename + strlen(filename) - 6)) {
+        return 0;
+    }
+
+    /* don't process scripts that signtool has already
+     extracted (those that are inside .arc directories) */
+
+    if (PL_strcaserstr(filename, ".arc") == filename + strlen(filename) - 4)
+        return 0;
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "Processing HTML file: %s\n", relpath);
+    }
+
+    /* reset firstArchive at top of each HTML file */
+
+    /* skip directories that contain extracted scripts */
+
+    if (PL_strcaserstr(reldir, ".arc") == reldir + strlen(reldir) - 4)
+        return 0;
+
+    sprintf(fullname, "%s/%s", basedir, relpath);
+    return extract_js(fullname);
+}
+
+/*===========================================================================
+ =
+ = D A T A   S T R U C T U R E S
+ =
+*/
+typedef enum {
+    TEXT_HTML_STATE = 0,
+    SCRIPT_HTML_STATE
+}
+
+HTML_STATE;
+
+typedef enum {
+    /* we start in the start state */
+    START_STATE,
+
+    /* We are looking for or reading in an attribute */
+    GET_ATT_STATE,
+
+    /* We're burning ws before finding an attribute */
+    PRE_ATT_WS_STATE,
+
+    /* We're burning ws after an attribute.  Looking for an '='. */
+    POST_ATT_WS_STATE,
+
+    /* We're burning ws after an '=', waiting for a value */
+    PRE_VAL_WS_STATE,
+
+    /* We're reading in a value */
+    GET_VALUE_STATE,
+
+    /* We're reading in a value that's inside quotes */
+    GET_QUOTED_VAL_STATE,
+
+    /* We've encountered the closing '>' */
+    DONE_STATE,
+
+    /* Error state */
+    ERR_STATE
+}
+
+TAG_STATE;
+
+typedef struct AVPair_Str {
+    char *attribute;
+    char *value;
+    unsigned int valueLine; /* the line that the value ends on */
+    struct AVPair_Str *next;
+} AVPair;
+
+typedef enum {
+    APPLET_TAG,
+    SCRIPT_TAG,
+    LINK_TAG,
+    STYLE_TAG,
+    COMMENT_TAG,
+    OTHER_TAG
+}
+
+TAG_TYPE;
+
+typedef struct {
+    TAG_TYPE type;
+    AVPair *attList;
+    AVPair *attListTail;
+    char *text;
+} TagItem;
+
+typedef enum {
+    TAG_ITEM,
+    TEXT_ITEM
+}
+
+ITEM_TYPE;
+
+typedef struct HTMLItem_Str {
+    unsigned int startLine;
+    unsigned int endLine;
+    ITEM_TYPE type;
+    union {
+        TagItem *tag;
+        char *text;
+    } item;
+    struct HTMLItem_Str *next;
+} HTMLItem;
+
+typedef struct {
+    PRFileDesc *fd;
+    PRInt32 curIndex;
+    PRBool IsEOF;
+#define FILE_BUFFER_BUFSIZE 512
+    char buf[FILE_BUFFER_BUFSIZE];
+    PRInt32 startOffset;
+    PRInt32 maxIndex;
+    unsigned int lineNum;
+} FileBuffer;
+
+/*===========================================================================
+ =
+ = F U N C T I O N S
+ =
+*/
+static HTMLItem *CreateTextItem(char *text, unsigned int startline,
+                                unsigned int endline);
+static HTMLItem *CreateTagItem(TagItem *ti, unsigned int startline,
+                               unsigned int endline);
+static TagItem *ProcessTag(FileBuffer *fb, char **errStr);
+static void DestroyHTMLItem(HTMLItem *item);
+static void DestroyTagItem(TagItem *ti);
+static TAG_TYPE GetTagType(char *att);
+static FileBuffer *FB_Create(PRFileDesc *fd);
+static int FB_GetChar(FileBuffer *fb);
+static PRInt32 FB_GetPointer(FileBuffer *fb);
+static PRInt32 FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end,
+                           char **buf);
+static unsigned int FB_GetLineNum(FileBuffer *fb);
+static void FB_Destroy(FileBuffer *fb);
+static void PrintTagItem(PRFileDesc *fd, TagItem *ti);
+static void PrintHTMLStream(PRFileDesc *fd, HTMLItem *head);
+
+/************************************************************************
+ *
+ * C r e a t e T e x t I t e m
+ */
+static HTMLItem *
+CreateTextItem(char *text, unsigned int startline, unsigned int endline)
+{
+    HTMLItem *item;
+
+    item = PR_Malloc(sizeof(HTMLItem));
+    if (!item) {
+        return NULL;
+    }
+
+    item->type = TEXT_ITEM;
+    item->item.text = text;
+    item->next = NULL;
+    item->startLine = startline;
+    item->endLine = endline;
+
+    return item;
+}
+
+/************************************************************************
+ *
+ * C r e a t e T a g I t e m
+ */
+static HTMLItem *
+CreateTagItem(TagItem *ti, unsigned int startline, unsigned int endline)
+{
+    HTMLItem *item;
+
+    item = PR_Malloc(sizeof(HTMLItem));
+    if (!item) {
+        return NULL;
+    }
+
+    item->type = TAG_ITEM;
+    item->item.tag = ti;
+    item->next = NULL;
+    item->startLine = startline;
+    item->endLine = endline;
+
+    return item;
+}
+
+static PRBool
+isAttChar(int c)
+{
+    return (isalnum(c) || c == '/' || c == '-');
+}
+
+/************************************************************************
+ *
+ * P r o c e s s T a g
+ */
+static TagItem *
+ProcessTag(FileBuffer *fb, char **errStr)
+{
+    TAG_STATE state;
+    PRInt32 startText, startID, curPos;
+    PRBool firstAtt;
+    int curchar;
+    TagItem *ti = NULL;
+    AVPair *curPair = NULL;
+    char quotechar = '\0';
+    unsigned int linenum;
+    unsigned int startline;
+
+    state = START_STATE;
+
+    startID = FB_GetPointer(fb);
+    startText = startID;
+    firstAtt = PR_TRUE;
+
+    ti = (TagItem *)PR_Malloc(sizeof(TagItem));
+    if (!ti)
+        out_of_memory();
+    ti->type = OTHER_TAG;
+    ti->attList = NULL;
+    ti->attListTail = NULL;
+    ti->text = NULL;
+
+    startline = FB_GetLineNum(fb);
+
+    while (state != DONE_STATE && state != ERR_STATE) {
+        linenum = FB_GetLineNum(fb);
+        curchar = FB_GetChar(fb);
+        if (curchar == EOF) {
+            *errStr = PR_smprintf(
+                "line %d: Unexpected end-of-file while parsing tag starting at line %d.\n",
+                linenum, startline);
+            state = ERR_STATE;
+            continue;
+        }
+
+        switch (state) {
+            case START_STATE:
+                if (curchar == '!') {
+                    /*
+                     * SGML tag or comment
+                     * Here's the general rule for SGML tags.  Everything from
+                     * <! to > is the tag.  Inside the tag, comments are
+                     * delimited with --.  So we are looking for the first '>'
+                     * that is not commented out, that is, not inside a pair
+                     * of --: <!DOCTYPE --this is a comment >(psyche!)   -->
+                     */
+
+                    PRBool inComment = PR_FALSE;
+                    short hyphenCount = 0; /* number of consecutive hyphens */
+
+                    while (1) {
+                        linenum = FB_GetLineNum(fb);
+                        curchar = FB_GetChar(fb);
+                        if (curchar == EOF) {
+                            /* Uh oh, EOF inside comment */
+                            *errStr = PR_smprintf(
+                                "line %d: Unexpected end-of-file inside comment starting at line %d.\n",
+                                linenum, startline);
+                            state = ERR_STATE;
+                            break;
+                        }
+                        if (curchar == '-') {
+                            if (hyphenCount == 1) {
+                                /* This is a comment delimiter */
+                                inComment = !inComment;
+                                hyphenCount = 0;
+                            } else {
+                                /* beginning of a comment delimiter? */
+                                hyphenCount = 1;
+                            }
+                        } else if (curchar == '>') {
+                            if (!inComment) {
+                                /* This is the end of the tag */
+                                state = DONE_STATE;
+                                break;
+                            } else {
+                                /* The > is inside a comment, so it's not
+                                                         * really the end of the tag */
+                                hyphenCount = 0;
+                            }
+                        } else {
+                            hyphenCount = 0;
+                        }
+                    }
+                    ti->type = COMMENT_TAG;
+                    break;
+                }
+            /* fall through */
+            case GET_ATT_STATE:
+                if (isspace(curchar) || curchar == '=' || curchar == '>') {
+                    /* end of the current attribute */
+                    curPos = FB_GetPointer(fb) - 2;
+                    if (curPos >= startID) {
+                        /* We have an attribute */
+                        curPair = (AVPair *)PR_Malloc(sizeof(AVPair));
+                        if (!curPair)
+                            out_of_memory();
+                        curPair->value = NULL;
+                        curPair->next = NULL;
+                        FB_GetRange(fb, startID, curPos,
+                                    &curPair->attribute);
+
+                        /* Stick this attribute on the list */
+                        if (ti->attListTail) {
+                            ti->attListTail->next = curPair;
+                            ti->attListTail = curPair;
+                        } else {
+                            ti->attList = ti->attListTail =
+                                curPair;
+                        }
+
+                        /* If this is the first attribute, find the type of tag
+                         * based on it. Also, start saving the text of the tag. */
+                        if (firstAtt) {
+                            ti->type = GetTagType(curPair->attribute);
+                            startText = FB_GetPointer(fb) -
+                                        1;
+                            firstAtt = PR_FALSE;
+                        }
+                    } else {
+                        if (curchar == '=') {
+                            /* If we don't have any attribute but we do have an
+                         * equal sign, that's an error */
+                            *errStr = PR_smprintf("line %d: Malformed tag starting at line %d.\n",
+                                                  linenum, startline);
+                            state = ERR_STATE;
+                            break;
+                        }
+                    }
+
+                    /* Compute next state */
+                    if (curchar == '=') {
+                        startID = FB_GetPointer(fb);
+                        state = PRE_VAL_WS_STATE;
+                    } else if (curchar == '>') {
+                        state = DONE_STATE;
+                    } else if (curPair) {
+                        state = POST_ATT_WS_STATE;
+                    } else {
+                        state = PRE_ATT_WS_STATE;
+                    }
+                } else if (isAttChar(curchar)) {
+                    /* Just another char in the attribute. Do nothing */
+                    state = GET_ATT_STATE;
+                } else {
+                    /* bogus char */
+                    *errStr = PR_smprintf("line %d: Bogus chararacter '%c' in tag.\n",
+                                          linenum, curchar);
+                    state = ERR_STATE;
+                    break;
+                }
+                break;
+            case PRE_ATT_WS_STATE:
+                if (curchar == '>') {
+                    state = DONE_STATE;
+                } else if (isspace(curchar)) {
+                    /* more whitespace, do nothing */
+                } else if (isAttChar(curchar)) {
+                    /* starting another attribute */
+                    startID = FB_GetPointer(fb) - 1;
+                    state = GET_ATT_STATE;
+                } else {
+                    /* bogus char */
+                    *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
+                                          linenum, curchar);
+                    state = ERR_STATE;
+                    break;
+                }
+                break;
+            case POST_ATT_WS_STATE:
+                if (curchar == '>') {
+                    state = DONE_STATE;
+                } else if (isspace(curchar)) {
+                    /* more whitespace, do nothing */
+                } else if (isAttChar(curchar)) {
+                    /* starting another attribute */
+                    startID = FB_GetPointer(fb) - 1;
+                    state = GET_ATT_STATE;
+                } else if (curchar == '=') {
+                    /* there was whitespace between the attribute and its equal
+                     * sign, which means there's a value coming up */
+                    state = PRE_VAL_WS_STATE;
+                } else {
+                    /* bogus char */
+                    *errStr = PR_smprintf("line %d: Bogus character '%c' in tag.\n",
+                                          linenum, curchar);
+                    state = ERR_STATE;
+                    break;
+                }
+                break;
+            case PRE_VAL_WS_STATE:
+                if (curchar == '>') {
+                    /* premature end-of-tag (sounds like a personal problem). */
+                    *errStr = PR_smprintf(
+                        "line %d: End of tag while waiting for value.\n",
+                        linenum);
+                    state = ERR_STATE;
+                    break;
+                } else if (isspace(curchar)) {
+                    /* more whitespace, do nothing */
+                    break;
+                } else {
+                    /* this must be some sort of value. Fall through
+                                 * to GET_VALUE_STATE */
+                    startID = FB_GetPointer(fb) - 1;
+                    state = GET_VALUE_STATE;
+                }
+            /* Fall through if we didn't break on '>' or whitespace */
+            case GET_VALUE_STATE:
+                if (isspace(curchar) || curchar == '>') {
+                    /* end of value */
+                    curPos = FB_GetPointer(fb) - 2;
+                    if (curPos >= startID) {
+                        /* Grab the value */
+                        FB_GetRange(fb, startID, curPos,
+                                    &curPair->value);
+                        curPair->valueLine = linenum;
+                    } else {
+                        /* empty value, leave as NULL */
+                    }
+                    if (isspace(curchar)) {
+                        state = PRE_ATT_WS_STATE;
+                    } else {
+                        state = DONE_STATE;
+                    }
+                } else if (curchar == '\"' || curchar == '\'') {
+                    /* quoted value.  Start recording the value inside the quote*/
+                    startID = FB_GetPointer(fb);
+                    state = GET_QUOTED_VAL_STATE;
+                    PORT_Assert(quotechar == '\0');
+                    quotechar = curchar; /* look for matching quote type */
+                } else {
+                    /* just more value */
+                }
+                break;
+            case GET_QUOTED_VAL_STATE:
+                PORT_Assert(quotechar != '\0');
+                if (curchar == quotechar) {
+                    /* end of quoted value */
+                    curPos = FB_GetPointer(fb) - 2;
+                    if (curPos >= startID) {
+                        /* Grab the value */
+                        FB_GetRange(fb, startID, curPos,
+                                    &curPair->value);
+                        curPair->valueLine = linenum;
+                    } else {
+                        /* empty value, leave it as NULL */
+                    }
+                    state = GET_ATT_STATE;
+                    quotechar = '\0';
+                    startID = FB_GetPointer(fb);
+                } else {
+                    /* more quoted value, continue */
+                }
+                break;
+            case DONE_STATE:
+            case ERR_STATE:
+            default:; /* should never get here */
+        }
+    }
+
+    if (state == DONE_STATE) {
+        /* Get the text of the tag */
+        curPos = FB_GetPointer(fb) - 1;
+        FB_GetRange(fb, startText, curPos, &ti->text);
+
+        /* Return the tag */
+        return ti;
+    }
+
+    /* Uh oh, an error.  Kill the tag item*/
+    DestroyTagItem(ti);
+    return NULL;
+}
+
+/************************************************************************
+ *
+ * D e s t r o y H T M L I t e m
+ */
+static void
+DestroyHTMLItem(HTMLItem *item)
+{
+    if (item->type == TAG_ITEM) {
+        DestroyTagItem(item->item.tag);
+    } else {
+        if (item->item.text) {
+            PR_Free(item->item.text);
+        }
+    }
+}
+
+/************************************************************************
+ *
+ * D e s t r o y T a g I t e m
+ */
+static void
+DestroyTagItem(TagItem *ti)
+{
+    AVPair *temp;
+
+    if (ti->text) {
+        PR_Free(ti->text);
+        ti->text = NULL;
+    }
+
+    while (ti->attList) {
+        temp = ti->attList;
+        ti->attList = ti->attList->next;
+
+        if (temp->attribute) {
+            PR_Free(temp->attribute);
+            temp->attribute = NULL;
+        }
+        if (temp->value) {
+            PR_Free(temp->value);
+            temp->value = NULL;
+        }
+        PR_Free(temp);
+    }
+
+    PR_Free(ti);
+}
+
+/************************************************************************
+ *
+ * G e t T a g T y p e
+ */
+static TAG_TYPE
+GetTagType(char *att)
+{
+    if (!PORT_Strcasecmp(att, "APPLET")) {
+        return APPLET_TAG;
+    }
+    if (!PORT_Strcasecmp(att, "SCRIPT")) {
+        return SCRIPT_TAG;
+    }
+    if (!PORT_Strcasecmp(att, "LINK")) {
+        return LINK_TAG;
+    }
+    if (!PORT_Strcasecmp(att, "STYLE")) {
+        return STYLE_TAG;
+    }
+    return OTHER_TAG;
+}
+
+/************************************************************************
+ *
+ * F B _ C r e a t e
+ */
+static FileBuffer *
+FB_Create(PRFileDesc *fd)
+{
+    FileBuffer *fb;
+    PRInt32 amountRead;
+    PRInt32 storedOffset;
+
+    fb = (FileBuffer *)PR_Malloc(sizeof(FileBuffer));
+    fb->fd = fd;
+    storedOffset = PR_Seek(fd, 0, PR_SEEK_CUR);
+    PR_Seek(fd, 0, PR_SEEK_SET);
+    fb->startOffset = 0;
+    amountRead = PR_Read(fd, fb->buf, FILE_BUFFER_BUFSIZE);
+    if (amountRead == -1)
+        goto loser;
+    fb->maxIndex = amountRead - 1;
+    fb->curIndex = 0;
+    fb->IsEOF = (fb->curIndex > fb->maxIndex) ? PR_TRUE : PR_FALSE;
+    fb->lineNum = 1;
+
+    PR_Seek(fd, storedOffset, PR_SEEK_SET);
+    return fb;
+loser:
+    PR_Seek(fd, storedOffset, PR_SEEK_SET);
+    PR_Free(fb);
+    return NULL;
+}
+
+/************************************************************************
+ *
+ * F B _ G e t C h a r
+ */
+static int
+FB_GetChar(FileBuffer *fb)
+{
+    PRInt32 storedOffset;
+    PRInt32 amountRead;
+    int retval = -1;
+
+    if (fb->IsEOF) {
+        return EOF;
+    }
+
+    storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR);
+
+    retval = (unsigned char)fb->buf[fb->curIndex++];
+    if (retval == '\n')
+        fb->lineNum++;
+
+    if (fb->curIndex > fb->maxIndex) {
+        /* We're at the end of the buffer. Try to get some new data from the
+                 * file */
+        fb->startOffset += fb->maxIndex + 1;
+        PR_Seek(fb->fd, fb->startOffset, PR_SEEK_SET);
+        amountRead = PR_Read(fb->fd, fb->buf, FILE_BUFFER_BUFSIZE);
+        if (amountRead == -1)
+            goto loser;
+        fb->maxIndex = amountRead - 1;
+        fb->curIndex = 0;
+    }
+
+    fb->IsEOF = (fb->curIndex > fb->maxIndex) ? PR_TRUE : PR_FALSE;
+
+loser:
+    PR_Seek(fb->fd, storedOffset, PR_SEEK_SET);
+    return retval;
+}
+
+/************************************************************************
+ *
+ * F B _ G e t L i n e N u m
+ *
+ */
+static unsigned int
+FB_GetLineNum(FileBuffer *fb)
+{
+    return fb->lineNum;
+}
+
+/************************************************************************
+ *
+ * F B _ G e t P o i n t e r
+ *
+ */
+static PRInt32
+FB_GetPointer(FileBuffer *fb)
+{
+    return fb->startOffset + fb->curIndex;
+}
+
+/************************************************************************
+ *
+ * F B _ G e t R a n g e
+ *
+ */
+static PRInt32
+FB_GetRange(FileBuffer *fb, PRInt32 start, PRInt32 end, char **buf)
+{
+    PRInt32 amountRead;
+    PRInt32 storedOffset;
+
+    *buf = PR_Malloc(end - start + 2);
+    if (*buf == NULL) {
+        return 0;
+    }
+
+    storedOffset = PR_Seek(fb->fd, 0, PR_SEEK_CUR);
+    PR_Seek(fb->fd, start, PR_SEEK_SET);
+    amountRead = PR_Read(fb->fd, *buf, end - start + 1);
+    PR_Seek(fb->fd, storedOffset, PR_SEEK_SET);
+    if (amountRead == -1) {
+        PR_Free(*buf);
+        *buf = NULL;
+        return 0;
+    }
+
+    (*buf)[end - start + 1] = '\0';
+    return amountRead;
+}
+
+/************************************************************************
+ *
+ * F B _ D e s t r o y
+ *
+ */
+static void
+FB_Destroy(FileBuffer *fb)
+{
+    if (fb) {
+        PR_Free(fb);
+    }
+}
+
+/************************************************************************
+ *
+ * P r i n t T a g I t e m
+ *
+ */
+static void
+PrintTagItem(PRFileDesc *fd, TagItem *ti)
+{
+    AVPair *pair;
+
+    PR_fprintf(fd, "TAG:\n----\nType: ");
+    switch (ti->type) {
+        case APPLET_TAG:
+            PR_fprintf(fd, "applet\n");
+            break;
+        case SCRIPT_TAG:
+            PR_fprintf(fd, "script\n");
+            break;
+        case LINK_TAG:
+            PR_fprintf(fd, "link\n");
+            break;
+        case STYLE_TAG:
+            PR_fprintf(fd, "style\n");
+            break;
+        case COMMENT_TAG:
+            PR_fprintf(fd, "comment\n");
+            break;
+        case OTHER_TAG:
+        default:
+            PR_fprintf(fd, "other\n");
+            break;
+    }
+
+    PR_fprintf(fd, "Attributes:\n");
+    for (pair = ti->attList; pair; pair = pair->next) {
+        PR_fprintf(fd, "\t%s=%s\n", pair->attribute,
+                   pair->value ? pair->value : "");
+    }
+    PR_fprintf(fd, "Text:%s\n", ti->text ? ti->text : "");
+
+    PR_fprintf(fd, "---End of tag---\n");
+}
+
+/************************************************************************
+ *
+ * P r i n t H T M L S t r e a m
+ *
+ */
+static void
+PrintHTMLStream(PRFileDesc *fd, HTMLItem *head)
+{
+    while (head) {
+        if (head->type == TAG_ITEM) {
+            PrintTagItem(fd, head->item.tag);
+        } else {
+            PR_fprintf(fd, "\nTEXT:\n-----\n%s\n-----\n\n", head->item.text);
+        }
+        head = head->next;
+    }
+}
+
+/************************************************************************
+ *
+ * S a v e I n l i n e S c r i p t
+ *
+ */
+static int
+SaveInlineScript(char *text, char *id, char *basedir, char *archiveDir)
+{
+    char *filename = NULL;
+    PRFileDesc *fd = NULL;
+    int retval = -1;
+    PRInt32 writeLen;
+    char *ilDir = NULL;
+
+    if (!text || !id || !archiveDir) {
+        return -1;
+    }
+
+    if (dumpParse) {
+        PR_fprintf(outputFD, "SaveInlineScript: text=%s, id=%s, \n"
+                             "basedir=%s, archiveDir=%s\n",
+                   text, id, basedir, archiveDir);
+    }
+
+    /* Make sure the archive directory is around */
+    if (ensureExists(basedir, archiveDir) != PR_SUCCESS) {
+        PR_fprintf(errorFD,
+                   "ERROR: Unable to create archive directory %s.\n", archiveDir);
+        errorCount++;
+        return -1;
+    }
+
+    /* Make sure the inline script directory is around */
+    ilDir = PR_smprintf("%s/inlineScripts", archiveDir);
+    scriptdir = "inlineScripts";
+    if (ensureExists(basedir, ilDir) != PR_SUCCESS) {
+        PR_fprintf(errorFD,
+                   "ERROR: Unable to create directory %s.\n", ilDir);
+        errorCount++;
+        return -1;
+    }
+
+    filename = PR_smprintf("%s/%s/%s", basedir, ilDir, id);
+
+    /* If the file already exists, give a warning, then blow it away */
+    if (PR_Access(filename, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+        PR_fprintf(errorFD,
+                   "warning: file \"%s\" already exists--will overwrite.\n",
+                   filename);
+        warningCount++;
+        if (rm_dash_r(filename)) {
+            PR_fprintf(errorFD, "ERROR: Unable to delete %s.\n", filename);
+            errorCount++;
+            goto finish;
+        }
+    }
+
+    /* Write text into file with name id */
+    fd = PR_Open(filename, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777);
+    if (!fd) {
+        PR_fprintf(errorFD, "ERROR: Unable to create file \"%s\".\n",
+                   filename);
+        errorCount++;
+        goto finish;
+    }
+    writeLen = strlen(text);
+    if (PR_Write(fd, text, writeLen) != writeLen) {
+        PR_fprintf(errorFD, "ERROR: Unable to write to file \"%s\".\n",
+                   filename);
+        errorCount++;
+        goto finish;
+    }
+
+    retval = 0;
+finish:
+    if (filename) {
+        PR_smprintf_free(filename);
+    }
+    if (ilDir) {
+        PR_smprintf_free(ilDir);
+    }
+    if (fd) {
+        PR_Close(fd);
+    }
+    return retval;
+}
+
+/************************************************************************
+ *
+ * S a v e U n n a m a b l e S c r i p t
+ *
+ */
+static int
+SaveUnnamableScript(char *text, char *basedir, char *archiveDir,
+                    char *HTMLfilename)
+{
+    char *id = NULL;
+    char *ext = NULL;
+    char *start = NULL;
+    int retval = -1;
+
+    if (!text || !archiveDir || !HTMLfilename) {
+        return -1;
+    }
+
+    if (dumpParse) {
+        PR_fprintf(outputFD, "SaveUnnamableScript: text=%s, basedir=%s,\n"
+                             "archiveDir=%s, filename=%s\n",
+                   text, basedir, archiveDir,
+                   HTMLfilename);
+    }
+
+    /* Construct the filename */
+    ext = PL_strrchr(HTMLfilename, '.');
+    if (ext) {
+        *ext = '\0';
+    }
+    for (start = HTMLfilename; strpbrk(start, "/\\");
+         start = strpbrk(start, "/\\") + 1)
+        /* do nothing */;
+    if (*start == '\0')
+        start = HTMLfilename;
+    id = PR_smprintf("_%s%d", start, idOrdinal++);
+    if (ext) {
+        *ext = '.';
+    }
+
+    /* Now call SaveInlineScript to do the work */
+    retval = SaveInlineScript(text, id, basedir, archiveDir);
+
+    PR_Free(id);
+
+    return retval;
+}
+
+/************************************************************************
+ *
+ * S a v e S o u r c e
+ *
+ */
+static int
+SaveSource(char *src, char *codebase, char *basedir, char *archiveDir)
+{
+    char *from = NULL, *to = NULL;
+    int retval = -1;
+    char *arcDir = NULL;
+
+    if (!src || !archiveDir) {
+        return -1;
+    }
+
+    if (dumpParse) {
+        PR_fprintf(outputFD, "SaveSource: src=%s, codebase=%s, basedir=%s,\n"
+                             "archiveDir=%s\n",
+                   src, codebase, basedir, archiveDir);
+    }
+
+    if (codebase) {
+        arcDir = PR_smprintf("%s/%s/%s/", basedir, codebase, archiveDir);
+    } else {
+        arcDir = PR_smprintf("%s/%s/", basedir, archiveDir);
+    }
+
+    if (codebase) {
+        from = PR_smprintf("%s/%s/%s", basedir, codebase, src);
+        to = PR_smprintf("%s%s", arcDir, src);
+    } else {
+        from = PR_smprintf("%s/%s", basedir, src);
+        to = PR_smprintf("%s%s", arcDir, src);
+    }
+
+    if (make_dirs(to, 0777)) {
+        PR_fprintf(errorFD,
+                   "ERROR: Unable to create archive directory %s.\n", archiveDir);
+        errorCount++;
+        goto finish;
+    }
+
+    retval = copyinto(from, to);
+finish:
+    if (from)
+        PR_Free(from);
+    if (to)
+        PR_Free(to);
+    if (arcDir)
+        PR_Free(arcDir);
+    return retval;
+}
+
+/************************************************************************
+ *
+ * T a g T y p e T o S t r i n g
+ *
+ */
+char *
+TagTypeToString(TAG_TYPE type)
+{
+    switch (type) {
+        case APPLET_TAG:
+            return "APPLET";
+        case SCRIPT_TAG:
+            return "SCRIPT";
+        case LINK_TAG:
+            return "LINK";
+        case STYLE_TAG:
+            return "STYLE";
+        default:
+            break;
+    }
+    return "unknown";
+}
+
+/************************************************************************
+ *
+ * e x t r a c t _ j s
+ *
+ */
+static int
+extract_js(char *filename)
+{
+    PRFileDesc *fd = NULL;
+    FileBuffer *fb = NULL;
+    HTMLItem *head = NULL;
+    HTMLItem *tail = NULL;
+    HTMLItem *curitem = NULL;
+    HTMLItem *styleList = NULL;
+    HTMLItem *styleListTail = NULL;
+    HTMLItem *entityList = NULL;
+    HTMLItem *entityListTail = NULL;
+    TagItem *tagp = NULL;
+    char *text = NULL;
+    char *tagerr = NULL;
+    char *archiveDir = NULL;
+    char *firstArchiveDir = NULL;
+    char *basedir = NULL;
+    PRInt32 textStart;
+    PRInt32 curOffset;
+    HTML_STATE state;
+    int curchar;
+    int retval = -1;
+    unsigned int linenum, startLine;
+
+    /* Initialize the implicit ID counter for each file */
+    idOrdinal = 0;
+
+    /*
+     * First, parse the HTML into a stream of tags and text.
+     */
+
+    fd = PR_Open(filename, PR_RDONLY, 0);
+    if (!fd) {
+        PR_fprintf(errorFD, "Unable to open %s for reading.\n", filename);
+        errorCount++;
+        return -1;
+    }
+
+    /* Construct base directory of filename. */
+    {
+        char *cp;
+
+        basedir = PL_strdup(filename);
+
+        /* Remove trailing slashes */
+        while ((cp = PL_strprbrk(basedir, "/\\")) ==
+               (basedir + strlen(basedir) - 1)) {
+            *cp = '\0';
+        }
+
+        /* Now remove everything from the last slash (which will be followed
+         * by a filename) to the end */
+        cp = PL_strprbrk(basedir, "/\\");
+        if (cp) {
+            *cp = '\0';
+        }
+    }
+
+    state = TEXT_HTML_STATE;
+
+    fb = FB_Create(fd);
+
+    textStart = 0;
+    startLine = 0;
+    while (linenum = FB_GetLineNum(fb), (curchar = FB_GetChar(fb)) !=
+                                            EOF) {
+        switch (state) {
+            case TEXT_HTML_STATE:
+                if (curchar == '<') {
+                    /*
+                     * Found a tag
+                     */
+                    /* Save the text so far to a new text item */
+                    curOffset = FB_GetPointer(fb) - 2;
+                    if (curOffset >= textStart) {
+                        if (FB_GetRange(fb, textStart, curOffset,
+                                        &text) !=
+                            curOffset - textStart + 1) {
+                            PR_fprintf(errorFD,
+                                       "Unable to read from %s.\n",
+                                       filename);
+                            errorCount++;
+                            goto loser;
+                        }
+                        /* little fudge here.  If the first character on a line
+                         * is '<', meaning a new tag, the preceding text item
+                         * actually ends on the previous line.  In this case
+                         * we will be saying that the text segment ends on the
+                         * next line. I don't think this matters for text items. */
+                        curitem = CreateTextItem(text, startLine,
+                                                 linenum);
+                        text = NULL;
+                        if (tail == NULL) {
+                            head = tail = curitem;
+                        } else {
+                            tail->next = curitem;
+                            tail = curitem;
+                        }
+                    }
+
+                    /* Process the tag */
+                    tagp = ProcessTag(fb, &tagerr);
+                    if (!tagp) {
+                        if (tagerr) {
+                            PR_fprintf(errorFD, "Error in file %s: %s\n",
+                                       filename, tagerr);
+                            errorCount++;
+                        } else {
+                            PR_fprintf(errorFD,
+                                       "Error in file %s, in tag starting at line %d\n",
+                                       filename, linenum);
+                            errorCount++;
+                        }
+                        goto loser;
+                    }
+                    /* Add the tag to the list */
+                    curitem = CreateTagItem(tagp, linenum, FB_GetLineNum(fb));
+                    if (tail == NULL) {
+                        head = tail = curitem;
+                    } else {
+                        tail->next = curitem;
+                        tail = curitem;
+                    }
+
+                    /* What's the next state */
+                    if (tagp->type == SCRIPT_TAG) {
+                        state = SCRIPT_HTML_STATE;
+                    }
+
+                    /* Start recording text from the new offset */
+                    textStart = FB_GetPointer(fb);
+                    startLine = FB_GetLineNum(fb);
+                } else {
+                    /* regular character.  Next! */
+                }
+                break;
+            case SCRIPT_HTML_STATE:
+                if (curchar == '<') {
+                    char *cp;
+                    /*
+                     * If this is a </script> tag, then we're at the end of the
+                     * script.  Otherwise, ignore
+                     */
+                    curOffset = FB_GetPointer(fb) - 1;
+                    cp = NULL;
+                    if (FB_GetRange(fb, curOffset, curOffset + 8, &cp) != 9) {
+                        if (cp) {
+                            PR_Free(cp);
+                            cp = NULL;
+                        }
+                    } else {
+                        /* compare the strings */
+                        if (!PORT_Strncasecmp(cp, "</script>", 9)) {
+                            /* This is the end of the script. Record the text. */
+                            curOffset--;
+                            if (curOffset >= textStart) {
+                                if (FB_GetRange(fb, textStart, curOffset, &text) !=
+                                    curOffset - textStart + 1) {
+                                    PR_fprintf(errorFD, "Unable to read from %s.\n",
+                                               filename);
+                                    errorCount++;
+                                    goto loser;
+                                }
+                                curitem = CreateTextItem(text, startLine, linenum);
+                                text = NULL;
+                                if (tail == NULL) {
+                                    head = tail = curitem;
+                                } else {
+                                    tail->next = curitem;
+                                    tail = curitem;
+                                }
+                            }
+
+                            /* Now parse the /script tag and put it on the list */
+                            tagp = ProcessTag(fb, &tagerr);
+                            if (!tagp) {
+                                if (tagerr) {
+                                    PR_fprintf(errorFD, "Error in file %s: %s\n",
+                                               filename, tagerr);
+                                } else {
+                                    PR_fprintf(errorFD,
+                                               "Error in file %s, in tag starting at"
+                                               " line %d\n",
+                                               filename, linenum);
+                                }
+                                errorCount++;
+                                goto loser;
+                            }
+                            curitem = CreateTagItem(tagp, linenum,
+                                                    FB_GetLineNum(fb));
+                            if (tail == NULL) {
+                                head = tail = curitem;
+                            } else {
+                                tail->next = curitem;
+                                tail = curitem;
+                            }
+
+                            /* go back to text state */
+                            state = TEXT_HTML_STATE;
+
+                            textStart = FB_GetPointer(fb);
+                            startLine = FB_GetLineNum(fb);
+                        }
+                    }
+                }
+                break;
+        }
+    }
+
+    /* End of the file.  Wrap up any remaining text */
+    if (state == SCRIPT_HTML_STATE) {
+        if (tail && tail->type == TAG_ITEM) {
+            PR_fprintf(errorFD, "ERROR: <SCRIPT> tag at %s:%d is not followed "
+                                "by a </SCRIPT> tag.\n",
+                       filename, tail->startLine);
+        } else {
+            PR_fprintf(errorFD, "ERROR: <SCRIPT> tag in file %s is not followed"
+                                " by a </SCRIPT tag.\n",
+                       filename);
+        }
+        errorCount++;
+        goto loser;
+    }
+    curOffset = FB_GetPointer(fb) - 1;
+    if (curOffset >= textStart) {
+        text = NULL;
+        if (FB_GetRange(fb, textStart, curOffset, &text) !=
+            curOffset - textStart + 1) {
+            PR_fprintf(errorFD, "Unable to read from %s.\n", filename);
+            errorCount++;
+            goto loser;
+        }
+        curitem = CreateTextItem(text, startLine, linenum);
+        text = NULL;
+        if (tail == NULL) {
+            head = tail = curitem;
+        } else {
+            tail->next = curitem;
+            tail = curitem;
+        }
+    }
+
+    if (dumpParse) {
+        PrintHTMLStream(outputFD, head);
+    }
+
+    /*
+     * Now we have a stream of tags and text.  Go through and deal with each.
+     */
+    for (curitem = head; curitem; curitem = curitem->next) {
+        TagItem *tagp = NULL;
+        AVPair *pairp = NULL;
+        char *src = NULL, *id = NULL, *codebase = NULL;
+        PRBool hasEventHandler = PR_FALSE;
+        int i;
+
+        /* Reset archive directory for each tag */
+        if (archiveDir) {
+            PR_Free(archiveDir);
+            archiveDir = NULL;
+        }
+
+        /* We only analyze tags */
+        if (curitem->type != TAG_ITEM) {
+            continue;
+        }
+
+        tagp = curitem->item.tag;
+
+        /* go through the attributes to get information */
+        for (pairp = tagp->attList; pairp; pairp = pairp->next) {
+
+            /* ARCHIVE= */
+            if (!PL_strcasecmp(pairp->attribute, "archive")) {
+                if (archiveDir) {
+                    /* Duplicate attribute.  Print warning */
+                    PR_fprintf(errorFD,
+                               "warning: \"%s\" attribute overwrites previous attribute"
+                               " in tag starting at %s:%d.\n",
+                               pairp->attribute, filename, curitem->startLine);
+                    warningCount++;
+                    PR_Free(archiveDir);
+                }
+                archiveDir = PL_strdup(pairp->value);
+
+                /* Substiture ".arc" for ".jar" */
+                if ((PL_strlen(archiveDir) < 4) ||
+                    PL_strcasecmp((archiveDir + strlen(archiveDir) - 4),
+                                  ".jar")) {
+                    PR_fprintf(errorFD,
+                               "warning: ARCHIVE attribute should end in \".jar\" in tag"
+                               " starting on %s:%d.\n",
+                               filename, curitem->startLine);
+                    warningCount++;
+                    PR_Free(archiveDir);
+                    archiveDir = PR_smprintf("%s.arc", archiveDir);
+                } else {
+                    PL_strcpy(archiveDir + strlen(archiveDir) - 4, ".arc");
+                }
+
+                /* Record the first archive.  This will be used later if
+                 * the archive is not specified */
+                if (firstArchiveDir == NULL) {
+                    firstArchiveDir = PL_strdup(archiveDir);
+                }
+            }
+            /* CODEBASE= */
+            else if (!PL_strcasecmp(pairp->attribute, "codebase")) {
+                if (codebase) {
+                    /* Duplicate attribute.  Print warning */
+                    PR_fprintf(errorFD,
+                               "warning: \"%s\" attribute overwrites previous attribute"
+                               " in tag staring at %s:%d.\n",
+                               pairp->attribute, filename, curitem->startLine);
+                    warningCount++;
+                }
+                codebase = pairp->value;
+            }
+            /* SRC= and HREF= */
+            else if (!PORT_Strcasecmp(pairp->attribute, "src") ||
+                     !PORT_Strcasecmp(pairp->attribute, "href")) {
+                if (src) {
+                    /* Duplicate attribute.  Print warning */
+                    PR_fprintf(errorFD,
+                               "warning: \"%s\" attribute overwrites previous attribute"
+                               " in tag staring at %s:%d.\n",
+                               pairp->attribute, filename, curitem->startLine);
+                    warningCount++;
+                }
+                src = pairp->value;
+            }
+            /* CODE= */
+            else if (!PORT_Strcasecmp(pairp->attribute, "code")) {
+                /*!!!XXX Change PORT to PL all over this code !!! */
+                if (src) {
+                    /* Duplicate attribute.  Print warning */
+                    PR_fprintf(errorFD,
+                               "warning: \"%s\" attribute overwrites previous attribute"
+                               " ,in tag staring at %s:%d.\n",
+                               pairp->attribute, filename, curitem->startLine);
+                    warningCount++;
+                }
+                src = pairp->value;
+
+                /* Append a .class if one is not already present */
+                if ((PL_strlen(src) < 6) ||
+                    PL_strcasecmp((src + PL_strlen(src) - 6), ".class")) {
+                    src = PR_smprintf("%s.class", src);
+                    /* Put this string back into the data structure so it
+                     * will be deallocated properly */
+                    PR_Free(pairp->value);
+                    pairp->value = src;
+                }
+            }
+            /* ID= */
+            else if (!PL_strcasecmp(pairp->attribute, "id")) {
+                if (id) {
+                    /* Duplicate attribute.  Print warning */
+                    PR_fprintf(errorFD,
+                               "warning: \"%s\" attribute overwrites previous attribute"
+                               " in tag staring at %s:%d.\n",
+                               pairp->attribute, filename, curitem->startLine);
+                    warningCount++;
+                }
+                id = pairp->value;
+            }
+
+            /* STYLE= */
+            /* style= attributes, along with JS entities, are stored into
+             * files with dynamically generated names. The filenames are
+             * based on the order in which the text is found in the file.
+             * All JS entities on all lines up to and including the line
+             * containing the end of the tag that has this style= attribute
+             * will be processed before this style=attribute.  So we need
+             * to record the line that this _tag_ (not the attribute) ends on.
+             */
+            else if (!PL_strcasecmp(pairp->attribute, "style") && pairp->value) {
+                HTMLItem *styleItem;
+                /* Put this item on the style list */
+                styleItem = CreateTextItem(PL_strdup(pairp->value),
+                                           curitem->startLine, curitem->endLine);
+                if (styleListTail == NULL) {
+                    styleList = styleListTail = styleItem;
+                } else {
+                    styleListTail->next = styleItem;
+                    styleListTail = styleItem;
+                }
+            }
+            /* Event handlers */
+            else {
+                for (i = 0; i < num_handlers; i++) {
+                    if (!PL_strcasecmp(event_handlers[i], pairp->attribute)) {
+                        hasEventHandler = PR_TRUE;
+                        break;
+                    }
+                }
+            }
+
+            /* JS Entity */
+            {
+                char *entityStart, *entityEnd;
+                HTMLItem *entityItem;
+
+                /* go through each JavaScript entity ( &{...}; ) and store it
+                 * in the entityList.  The important thing is to record what
+                 * line number it's on, so we can get it in the right order
+                 * in relation to style= attributes.
+                 * Apparently, these can't flow across lines, so the start and
+                 * end line will be the same.  That helps matters.
+                 */
+                entityEnd = pairp->value;
+                while (entityEnd &&
+                       (entityStart = PL_strstr(entityEnd, "&{")) /*}*/ != NULL) {
+                    entityStart += 2; /* point at beginning of actual entity */
+                    entityEnd = PL_strchr(entityStart, '}');
+                    if (entityEnd) {
+                        /* Put this item on the entity list */
+                        *entityEnd = '\0';
+                        entityItem = CreateTextItem(PL_strdup(entityStart),
+                                                    pairp->valueLine, pairp->valueLine);
+                        *entityEnd = /* { */ '}';
+                        if (entityListTail) {
+                            entityListTail->next = entityItem;
+                            entityListTail = entityItem;
+                        } else {
+                            entityList = entityListTail = entityItem;
+                        }
+                    }
+                }
+            }
+        }
+
+        /* If no archive was supplied, we use the first one of the file */
+        if (!archiveDir && firstArchiveDir) {
+            archiveDir = PL_strdup(firstArchiveDir);
+        }
+
+        /* If we have an event handler, we need to archive this tag */
+        if (hasEventHandler) {
+            if (!id) {
+                PR_fprintf(errorFD,
+                           "warning: tag starting at %s:%d has event handler but"
+                           " no ID attribute.  The tag will not be signed.\n",
+                           filename, curitem->startLine);
+                warningCount++;
+            } else if (!archiveDir) {
+                PR_fprintf(errorFD,
+                           "warning: tag starting at %s:%d has event handler but"
+                           " no ARCHIVE attribute.  The tag will not be signed.\n",
+                           filename, curitem->startLine);
+                warningCount++;
+            } else {
+                if (SaveInlineScript(tagp->text, id, basedir, archiveDir)) {
+                    goto loser;
+                }
+            }
+        }
+
+        switch (tagp->type) {
+            case APPLET_TAG:
+                if (!src) {
+                    PR_fprintf(errorFD,
+                               "error: APPLET tag starting on %s:%d has no CODE "
+                               "attribute.\n",
+                               filename, curitem->startLine);
+                    errorCount++;
+                    goto loser;
+                } else if (!archiveDir) {
+                    PR_fprintf(errorFD,
+                               "error: APPLET tag starting on %s:%d has no ARCHIVE "
+                               "attribute.\n",
+                               filename, curitem->startLine);
+                    errorCount++;
+                    goto loser;
+                } else {
+                    if (SaveSource(src, codebase, basedir, archiveDir)) {
+                        goto loser;
+                    }
+                }
+                break;
+            case SCRIPT_TAG:
+            case LINK_TAG:
+            case STYLE_TAG:
+                if (!archiveDir) {
+                    PR_fprintf(errorFD,
+                               "error: %s tag starting on %s:%d has no ARCHIVE "
+                               "attribute.\n",
+                               TagTypeToString(tagp->type),
+                               filename, curitem->startLine);
+                    errorCount++;
+                    goto loser;
+                } else if (src) {
+                    if (SaveSource(src, codebase, basedir, archiveDir)) {
+                        goto loser;
+                    }
+                } else if (id) {
+                    /* Save the next text item */
+                    if (!curitem->next || (curitem->next->type !=
+                                           TEXT_ITEM)) {
+                        PR_fprintf(errorFD,
+                                   "warning: %s tag starting on %s:%d is not followed"
+                                   " by script text.\n",
+                                   TagTypeToString(tagp->type),
+                                   filename, curitem->startLine);
+                        warningCount++;
+                        /* just create empty file */
+                        if (SaveInlineScript("", id, basedir, archiveDir)) {
+                            goto loser;
+                        }
+                    } else {
+                        curitem = curitem->next;
+                        if (SaveInlineScript(curitem->item.text,
+                                             id, basedir,
+                                             archiveDir)) {
+                            goto loser;
+                        }
+                    }
+                } else {
+                    /* No src or id tag--warning */
+                    PR_fprintf(errorFD,
+                               "warning: %s tag starting on %s:%d has no SRC or"
+                               " ID attributes.  Will not sign.\n",
+                               TagTypeToString(tagp->type), filename, curitem->startLine);
+                    warningCount++;
+                }
+                break;
+            default:
+                /* do nothing for other tags */
+                break;
+        }
+    }
+
+    /* Now deal with all the unnamable scripts */
+    if (firstArchiveDir) {
+        HTMLItem *style, *entity;
+
+        /* Go through the lists of JS entities and style attributes.  Do them
+         * in chronological order within a list.  Pick the list with the lower
+         * endLine. In case of a tie, entities come first.
+         */
+        style = styleList;
+        entity = entityList;
+        while (style || entity) {
+            if (!entity || (style && (style->endLine < entity->endLine))) {
+                /* Process style */
+                SaveUnnamableScript(style->item.text, basedir, firstArchiveDir,
+                                    filename);
+                style = style->next;
+            } else {
+                /* Process entity */
+                SaveUnnamableScript(entity->item.text, basedir, firstArchiveDir,
+                                    filename);
+                entity = entity->next;
+            }
+        }
+    }
+
+    retval = 0;
+loser:
+    /* Blow away the stream */
+    while (head) {
+        curitem = head;
+        head = head->next;
+        DestroyHTMLItem(curitem);
+    }
+    while (styleList) {
+        curitem = styleList;
+        styleList = styleList->next;
+        DestroyHTMLItem(curitem);
+    }
+    while (entityList) {
+        curitem = entityList;
+        entityList = entityList->next;
+        DestroyHTMLItem(curitem);
+    }
+    if (text) {
+        PR_Free(text);
+        text = NULL;
+    }
+    if (fb) {
+        FB_Destroy(fb);
+        fb = NULL;
+    }
+    if (fd) {
+        PR_Close(fd);
+    }
+    if (tagerr) {
+        PR_smprintf_free(tagerr);
+        tagerr = NULL;
+    }
+    if (archiveDir) {
+        PR_Free(archiveDir);
+        archiveDir = NULL;
+    }
+    if (firstArchiveDir) {
+        PR_Free(firstArchiveDir);
+        firstArchiveDir = NULL;
+    }
+    if (entityListTail) {
+        PR_Free(entityListTail);
+    }
+    if (curitem) {
+        PR_Free(curitem);
+    }
+    if (basedir) {
+        PR_Free(basedir);
+    }
+    return retval;
+}
+
+/**********************************************************************
+ *
+ * e n s u r e E x i s t s
+ *
+ * Check for existence of indicated directory.  If it doesn't exist,
+ * it will be created.
+ * Returns PR_SUCCESS if the directory is present, PR_FAILURE otherwise.
+ */
+static PRStatus
+ensureExists(char *base, char *path)
+{
+    char fn[FNSIZE];
+    PRDir *dir;
+    sprintf(fn, "%s/%s", base, path);
+
+    /*PR_fprintf(outputFD, "Trying to open directory %s.\n", fn);*/
+
+    if ((dir = PR_OpenDir(fn))) {
+        PR_CloseDir(dir);
+        return PR_SUCCESS;
+    }
+    return PR_MkDir(fn, 0777);
+}
+
+/***************************************************************************
+ *
+ * m a k e _ d i r s
+ *
+ * Ensure that the directory portion of the path exists.  This may require
+ * making the directory, and its parent, and its parent's parent, etc.
+ */
+static int
+make_dirs(char *path, int file_perms)
+{
+    char *Path;
+    char *start;
+    char *sep;
+    int ret = 0;
+    PRFileInfo info;
+
+    if (!path) {
+        return 0;
+    }
+
+    Path = PL_strdup(path);
+    if (!Path) {
+        return 0;
+    }
+
+    start = strpbrk(Path, "/\\");
+    if (!start) {
+        goto loser;
+    }
+    start++; /* start right after first slash */
+
+    /* Each time through the loop add one more directory. */
+    while ((sep = strpbrk(start, "/\\"))) {
+        *sep = '\0';
+
+        if (PR_GetFileInfo(Path, &info) != PR_SUCCESS) {
+            /* No such dir, we have to create it */
+            if (PR_MkDir(Path, file_perms) != PR_SUCCESS) {
+                PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
+                           Path);
+                errorCount++;
+                ret = -1;
+                goto loser;
+            }
+        } else {
+            /* something exists by this name, make sure it's a directory */
+            if (info.type != PR_FILE_DIRECTORY) {
+                PR_fprintf(errorFD, "ERROR: Unable to create directory %s.\n",
+                           Path);
+                errorCount++;
+                ret = -1;
+                goto loser;
+            }
+        }
+
+        start = sep + 1; /* start after the next slash */
+        *sep = '/';
+    }
+
+loser:
+    PR_Free(Path);
+    return ret;
+}
+
+/*
+ *  c o p y i n t o
+ *
+ *  Function to copy file "from" to path "to".
+ *
+ */
+static int
+copyinto(char *from, char *to)
+{
+    PRInt32 num;
+    char buf[BUFSIZ];
+    PRFileDesc *infp = NULL, *outfp = NULL;
+    int retval = -1;
+
+    if ((infp = PR_Open(from, PR_RDONLY, 0777)) == NULL) {
+        PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for reading.\n",
+                   from);
+        errorCount++;
+        goto finish;
+    }
+
+    /* If to already exists, print a warning before deleting it */
+    if (PR_Access(to, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+        PR_fprintf(errorFD, "warning: %s already exists--will overwrite\n", to);
+        warningCount++;
+        if (rm_dash_r(to)) {
+            PR_fprintf(errorFD,
+                       "ERROR: Unable to remove %s.\n", to);
+            errorCount++;
+            goto finish;
+        }
+    }
+
+    if ((outfp = PR_Open(to, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777)) ==
+        NULL) {
+        char *errBuf = NULL;
+
+        errBuf = PR_Malloc(PR_GetErrorTextLength() + 1);
+        PR_fprintf(errorFD, "ERROR: Unable to open \"%s\" for writing.\n", to);
+        if (PR_GetErrorText(errBuf)) {
+            PR_fprintf(errorFD, "Cause: %s\n", errBuf);
+        }
+        if (errBuf) {
+            PR_Free(errBuf);
+        }
+        errorCount++;
+        goto finish;
+    }
+
+    while ((num = PR_Read(infp, buf, BUFSIZ)) > 0) {
+        if (PR_Write(outfp, buf, num) != num) {
+            PR_fprintf(errorFD, "ERROR: Error writing to %s.\n", to);
+            errorCount++;
+            goto finish;
+        }
+    }
+
+    retval = 0;
+finish:
+    if (infp)
+        PR_Close(infp);
+    if (outfp)
+        PR_Close(outfp);
+
+    return retval;
+}
diff --git a/nss/cmd/signtool/list.c b/nss/cmd/signtool/list.c
new file mode 100644
index 0000000..70f62d2
--- /dev/null
+++ b/nss/cmd/signtool/list.c
@@ -0,0 +1,215 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "signtool.h"
+#include "pk11func.h"
+#include "certdb.h"
+
+static int num_trav_certs = 0;
+static SECStatus cert_trav_callback(CERTCertificate *cert, SECItem *k,
+                                    void *data);
+
+/*********************************************************************
+ *
+ * L i s t C e r t s
+ */
+int
+ListCerts(char *key, int list_certs)
+{
+    int failed = 0;
+    SECStatus rv;
+    char *ugly_list;
+    CERTCertDBHandle *db;
+
+    CERTCertificate *cert;
+    CERTVerifyLog errlog;
+
+    errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (errlog.arena == NULL) {
+        out_of_memory();
+    }
+    errlog.head = NULL;
+    errlog.tail = NULL;
+    errlog.count = 0;
+
+    ugly_list = PORT_ZAlloc(16);
+
+    if (ugly_list == NULL) {
+        out_of_memory();
+    }
+
+    *ugly_list = 0;
+
+    db = CERT_GetDefaultCertDB();
+
+    if (list_certs == 2) {
+        PR_fprintf(outputFD, "\nS Certificates\n");
+        PR_fprintf(outputFD, "- ------------\n");
+    } else {
+        PR_fprintf(outputFD, "\nObject signing certificates\n");
+        PR_fprintf(outputFD, "---------------------------------------\n");
+    }
+
+    num_trav_certs = 0;
+
+    /* Traverse ALL tokens in all slots, authenticating to them all */
+    rv = PK11_TraverseSlotCerts(cert_trav_callback, (void *)&list_certs,
+                                &pwdata);
+
+    if (rv) {
+        PR_fprintf(outputFD, "**Traverse of ALL slots & tokens failed**\n");
+        return -1;
+    }
+
+    if (num_trav_certs == 0) {
+        PR_fprintf(outputFD,
+                   "You don't appear to have any object signing certificates.\n");
+    }
+
+    if (list_certs == 2) {
+        PR_fprintf(outputFD, "- ------------\n");
+    } else {
+        PR_fprintf(outputFD, "---------------------------------------\n");
+    }
+
+    if (list_certs == 1) {
+        PR_fprintf(outputFD,
+                   "For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
+    }
+
+    if (list_certs == 2) {
+        PR_fprintf(outputFD,
+                   "Certificates that can be used to sign objects have *'s to "
+                   "their left.\n");
+    }
+
+    if (key) {
+        /* Do an analysis of the given cert */
+
+        cert = PK11_FindCertFromNickname(key, &pwdata);
+
+        if (cert) {
+            PR_fprintf(outputFD,
+                       "\nThe certificate with nickname \"%s\" was found:\n",
+                       cert->nickname);
+            PR_fprintf(outputFD, "\tsubject name: %s\n", cert->subjectName);
+            PR_fprintf(outputFD, "\tissuer name: %s\n", cert->issuerName);
+
+            PR_fprintf(outputFD, "\n");
+
+            rv = CERT_CertTimesValid(cert);
+            if (rv != SECSuccess) {
+                PR_fprintf(outputFD, "**This certificate is expired**\n");
+            } else {
+                PR_fprintf(outputFD, "This certificate is not expired.\n");
+            }
+
+            rv = CERT_VerifyCert(db, cert, PR_TRUE,
+                                 certUsageObjectSigner, PR_Now(), &pwdata, &errlog);
+
+            if (rv != SECSuccess) {
+                failed = 1;
+                if (errlog.count > 0) {
+                    PR_fprintf(outputFD,
+                               "**Certificate validation failed for the "
+                               "following reason(s):**\n");
+                } else {
+                    PR_fprintf(outputFD, "**Certificate validation failed**");
+                }
+            } else {
+                PR_fprintf(outputFD, "This certificate is valid.\n");
+            }
+            displayVerifyLog(&errlog);
+
+        } else {
+            failed = 1;
+            PR_fprintf(outputFD,
+                       "The certificate with nickname \"%s\" was NOT FOUND\n", key);
+        }
+    }
+
+    if (errlog.arena != NULL) {
+        PORT_FreeArena(errlog.arena, PR_FALSE);
+    }
+
+    if (failed) {
+        return -1;
+    }
+    return 0;
+}
+
+/********************************************************************
+ *
+ * c e r t _ t r a v _ c a l l b a c k
+ */
+static SECStatus
+cert_trav_callback(CERTCertificate *cert, SECItem *k, void *data)
+{
+    int list_certs = 1;
+    char *name;
+
+    if (data) {
+        list_certs = *((int *)data);
+    }
+
+#define LISTING_USER_SIGNING_CERTS (list_certs == 1)
+#define LISTING_ALL_CERTS (list_certs == 2)
+
+    name = cert->nickname;
+    if (name) {
+        int isSigningCert;
+
+        isSigningCert = cert->nsCertType & NS_CERT_TYPE_OBJECT_SIGNING;
+        if (!isSigningCert && LISTING_USER_SIGNING_CERTS)
+            return (SECSuccess);
+
+        /* Display this name or email address */
+        num_trav_certs++;
+
+        if (LISTING_ALL_CERTS) {
+            PR_fprintf(outputFD, "%s ", isSigningCert ? "*" : " ");
+        }
+        PR_fprintf(outputFD, "%s\n", name);
+
+        if (LISTING_USER_SIGNING_CERTS) {
+            int rv = SECFailure;
+            if (rv) {
+                CERTCertificate *issuerCert;
+                issuerCert = CERT_FindCertIssuer(cert, PR_Now(),
+                                                 certUsageObjectSigner);
+                if (issuerCert) {
+                    if (issuerCert->nickname && issuerCert->nickname[0]) {
+                        PR_fprintf(outputFD, "    Issued by: %s\n",
+                                   issuerCert->nickname);
+                        rv = SECSuccess;
+                    }
+                    CERT_DestroyCertificate(issuerCert);
+                }
+            }
+            if (rv && cert->issuerName && cert->issuerName[0]) {
+                PR_fprintf(outputFD, "    Issued by: %s \n", cert->issuerName);
+            }
+            {
+                char *expires;
+                expires = DER_TimeChoiceDayToAscii(&cert->validity.notAfter);
+                if (expires) {
+                    PR_fprintf(outputFD, "    Expires: %s\n", expires);
+                    PORT_Free(expires);
+                }
+            }
+
+            rv = CERT_VerifyCertNow(cert->dbhandle, cert,
+                                    PR_TRUE, certUsageObjectSigner, &pwdata);
+
+            if (rv != SECSuccess) {
+                rv = PORT_GetError();
+                PR_fprintf(outputFD,
+                           "    ++ Error ++ THIS CERTIFICATE IS NOT VALID (%s)\n",
+                           secErrorString(rv));
+            }
+        }
+    }
+
+    return (SECSuccess);
+}
diff --git a/nss/cmd/signtool/manifest.mn b/nss/cmd/signtool/manifest.mn
new file mode 100644
index 0000000..40be262
--- /dev/null
+++ b/nss/cmd/signtool/manifest.mn
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+EXPORTS = 
+
+CSRCS = signtool.c		\
+		certgen.c	\
+		javascript.c	\
+		list.c		\
+		sign.c		\
+		util.c		\
+		verify.c	\
+		zip.c		\
+	$(NULL)
+
+PROGRAM =  signtool
+
+REQUIRES = seccmd
+
+EXTRA_LIBS = $(JAR_LIBS)
diff --git a/nss/cmd/signtool/sign.c b/nss/cmd/signtool/sign.c
new file mode 100644
index 0000000..6e77606
--- /dev/null
+++ b/nss/cmd/signtool/sign.c
@@ -0,0 +1,834 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "signtool.h"
+#include "zip.h"
+#include "prmem.h"
+#include "blapi.h"
+#include "sechash.h" /* for HASH_GetHashObject() */
+
+static int create_pk7(char *dir, char *keyName, int *keyType);
+static int jar_find_key_type(CERTCertificate *cert);
+static int manifesto(char *dirname, char *install_script, PRBool recurse);
+static int manifesto_fn(char *relpath, char *basedir, char *reldir,
+                        char *filename, void *arg);
+static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir,
+                            char *filename, void *arg);
+static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir,
+                           char *filename, void *arg);
+static int add_meta(FILE *fp, char *name);
+static int SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert);
+static int generate_SF_file(char *manifile, char *who);
+static int calculate_MD5_range(FILE *fp, long r1, long r2,
+                               JAR_Digest *dig);
+static void SignOut(void *arg, const char *buf, unsigned long len);
+
+static char *metafile = NULL;
+static int optimize = 0;
+static FILE *mf;
+static ZIPfile *zipfile = NULL;
+
+/*
+ *  S i g n A r c h i v e
+ *
+ *  Sign an individual archive tree. A directory
+ *  called META-INF is created underneath this.
+ *
+ */
+int
+SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
+            char *meta_file, char *install_script, int _optimize, PRBool recurse)
+{
+    int status;
+    char tempfn[FNSIZE], fullfn[FNSIZE];
+    int keyType = rsaKey;
+
+    metafile = meta_file;
+    optimize = _optimize;
+
+    /* To create XPI compatible Archive manifesto() must be run before
+     * the zipfile is opened. This is so the signed files are not added
+     * the archive before the crucial rsa/dsa file*/
+    if (xpi_arc) {
+        manifesto(tree, install_script, recurse);
+    }
+
+    if (zip_file) {
+        zipfile = JzipOpen(zip_file, NULL /*no comment*/);
+    }
+
+    /*Sign and add files to the archive normally with manifesto()*/
+    if (!xpi_arc) {
+        manifesto(tree, install_script, recurse);
+    }
+
+    if (keyName) {
+        status = create_pk7(tree, keyName, &keyType);
+        if (status < 0) {
+            PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
+                       tree);
+            errorCount++;
+            exit(ERRX);
+        }
+    }
+
+    /* Add the rsa/dsa file as the first file in the archive. This is crucial
+     * for a XPInstall compatible archive */
+    if (xpi_arc) {
+        if (verbosity >= 0) {
+            PR_fprintf(outputFD, "%s \n", XPI_TEXT);
+        }
+
+        /* rsa/dsa to zip */
+        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
+                                                                   : "rsa"));
+        sprintf(fullfn, "%s/%s", tree, tempfn);
+        JzipAdd(fullfn, tempfn, zipfile, compression_level);
+
+        /* Loop through all files & subdirectories, add to archive */
+        foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
+                 (void *)NULL)
+            ;
+    }
+    /* mf to zip */
+    strcpy(tempfn, "META-INF/manifest.mf");
+    sprintf(fullfn, "%s/%s", tree, tempfn);
+    JzipAdd(fullfn, tempfn, zipfile, compression_level);
+
+    /* sf to zip */
+    sprintf(tempfn, "META-INF/%s.sf", base);
+    sprintf(fullfn, "%s/%s", tree, tempfn);
+    JzipAdd(fullfn, tempfn, zipfile, compression_level);
+
+    /* Add the rsa/dsa file to the zip archive normally */
+    if (!xpi_arc) {
+        /* rsa/dsa to zip */
+        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
+                                                                   : "rsa"));
+        sprintf(fullfn, "%s/%s", tree, tempfn);
+        JzipAdd(fullfn, tempfn, zipfile, compression_level);
+    }
+
+    JzipClose(zipfile);
+
+    if (verbosity >= 0) {
+        if (javascript) {
+            PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n",
+                       zip_file);
+        } else {
+            PR_fprintf(outputFD, "tree \"%s\" signed successfully\n",
+                       tree);
+        }
+    }
+
+    return 0;
+}
+
+typedef struct {
+    char *keyName;
+    int javascript;
+    char *metafile;
+    char *install_script;
+    int optimize;
+} SignArcInfo;
+
+/*
+ *  S i g n A l l A r c
+ *
+ *  Javascript may generate multiple .arc directories, one
+ *  for each jar archive needed. Sign them all.
+ *
+ */
+int
+SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
+           char *install_script, int optimize, PRBool recurse)
+{
+    SignArcInfo info;
+
+    info.keyName = keyName;
+    info.javascript = javascript;
+    info.metafile = metafile;
+    info.install_script = install_script;
+    info.optimize = optimize;
+
+    return foreach (jartree, "", sign_all_arc_fn, recurse,
+                    PR_TRUE /*include dirs*/, (void *)&info);
+}
+
+static int
+sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
+                void *arg)
+{
+    char *zipfile = NULL;
+    char *arc = NULL, *archive = NULL;
+    int retval = 0;
+    SignArcInfo *infop = (SignArcInfo *)arg;
+
+    /* Make sure there is one and only one ".arc" in the relative path,
+     * and that it is at the end of the path (don't sign .arcs within .arcs) */
+    if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) &&
+        (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4)) {
+
+        if (!infop) {
+            PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+            errorCount++;
+            retval = -1;
+            goto finish;
+        }
+        archive = PR_smprintf("%s/%s", basedir, relpath);
+
+        zipfile = PL_strdup(archive);
+        arc = PORT_Strrchr(zipfile, '.');
+
+        if (arc == NULL) {
+            PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+            errorCount++;
+            retval = -1;
+            goto finish;
+        }
+
+        PL_strcpy(arc, ".jar");
+
+        if (verbosity >= 0) {
+            PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
+        }
+        retval = SignArchive(archive, infop->keyName, zipfile,
+                             infop->javascript, infop->metafile, infop->install_script,
+                             infop->optimize, PR_TRUE /* recurse */);
+    }
+finish:
+    if (archive)
+        PR_Free(archive);
+    if (zipfile)
+        PR_Free(zipfile);
+
+    return retval;
+}
+
+/*********************************************************************
+ *
+ * c r e a t e _ p k 7
+ */
+static int
+create_pk7(char *dir, char *keyName, int *keyType)
+{
+    int status = 0;
+    char *file_ext;
+
+    CERTCertificate *cert;
+    CERTCertDBHandle *db;
+
+    FILE *in, *out;
+
+    char sf_file[FNSIZE];
+    char pk7_file[FNSIZE];
+
+    /* open cert database */
+    db = CERT_GetDefaultCertDB();
+
+    if (db == NULL)
+        return -1;
+
+    /* find cert */
+    /*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
+    cert = PK11_FindCertFromNickname(keyName, &pwdata);
+
+    if (cert == NULL) {
+        SECU_PrintError(PROGRAM_NAME,
+                        "Cannot find the cert \"%s\"", keyName);
+        return -1;
+    }
+
+    /* determine the key type, which sets the extension for pkcs7 object */
+
+    *keyType = jar_find_key_type(cert);
+    file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
+
+    sprintf(sf_file, "%s/META-INF/%s.sf", dir, base);
+    sprintf(pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
+
+    if ((in = fopen(sf_file, "rb")) == NULL) {
+        PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
+                   sf_file);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    if ((out = fopen(pk7_file, "wb")) == NULL) {
+        PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
+                   sf_file);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    status = SignFile(out, in, cert);
+
+    CERT_DestroyCertificate(cert);
+    fclose(in);
+    fclose(out);
+
+    if (status) {
+        PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
+                   PROGRAM_NAME, SECU_Strerror(PORT_GetError()));
+        errorCount++;
+        return -1;
+    }
+
+    return 0;
+}
+
+/*
+ *  j a r _ f i n d _ k e y _ t y p e
+ *
+ *  Determine the key type for a given cert, which
+ * should be rsaKey or dsaKey. Any error return 0.
+ *
+ */
+static int
+jar_find_key_type(CERTCertificate *cert)
+{
+    SECKEYPrivateKey *privk = NULL;
+    KeyType keyType;
+
+    /* determine its type */
+    privk = PK11_FindKeyByAnyCert(cert, &pwdata);
+    if (privk == NULL) {
+        PR_fprintf(errorFD, "warning - can't find private key for this cert\n");
+        warningCount++;
+        return 0;
+    }
+
+    keyType = privk->keyType;
+    SECKEY_DestroyPrivateKey(privk);
+    return keyType;
+}
+
+/*
+ *  m a n i f e s t o
+ *
+ *  Run once for every subdirectory in which a
+ *  manifest is to be created -- usually exactly once.
+ *
+ */
+static int
+manifesto(char *dirname, char *install_script, PRBool recurse)
+{
+    char metadir[FNSIZE], sfname[FNSIZE];
+
+    /* Create the META-INF directory to hold signing info */
+
+    if (PR_Access(dirname, PR_ACCESS_READ_OK)) {
+        PR_fprintf(errorFD, "%s: unable to read your directory: %s\n",
+                   PROGRAM_NAME, dirname);
+        errorCount++;
+        perror(dirname);
+        exit(ERRX);
+    }
+
+    if (PR_Access(dirname, PR_ACCESS_WRITE_OK)) {
+        PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n",
+                   PROGRAM_NAME, dirname);
+        errorCount++;
+        perror(dirname);
+        exit(ERRX);
+    }
+
+    sprintf(metadir, "%s/META-INF", dirname);
+
+    strcpy(sfname, metadir);
+
+    PR_MkDir(metadir, 0777);
+
+    strcat(metadir, "/");
+    strcat(metadir, MANIFEST);
+
+    if ((mf = fopen(metadir, "wb")) == NULL) {
+        perror(MANIFEST);
+        PR_fprintf(errorFD, "%s: Probably, the directory you are trying to"
+                            " sign has\n",
+                   PROGRAM_NAME);
+        PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "Generating %s file..\n", metadir);
+    }
+
+    fprintf(mf, "Manifest-Version: 1.0\n");
+    fprintf(mf, "Created-By: %s\n", CREATOR);
+    fprintf(mf, "Comments: %s\n", BREAKAGE);
+
+    if (scriptdir) {
+        fprintf(mf, "Comments: --\n");
+        fprintf(mf, "Comments: --\n");
+        fprintf(mf, "Comments: -- This archive signs Javascripts which may not necessarily\n");
+        fprintf(mf, "Comments: -- be included in the physical jar file.\n");
+        fprintf(mf, "Comments: --\n");
+        fprintf(mf, "Comments: --\n");
+    }
+
+    if (install_script)
+        fprintf(mf, "Install-Script: %s\n", install_script);
+
+    if (metafile)
+        add_meta(mf, "+");
+
+    /* Loop through all files & subdirectories */
+    foreach (dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */,
+             (void *)NULL)
+        ;
+
+    fclose(mf);
+
+    strcat(sfname, "/");
+    strcat(sfname, base);
+    strcat(sfname, ".sf");
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "Generating %s.sf file..\n", base);
+    }
+    generate_SF_file(metadir, sfname);
+
+    return 0;
+}
+
+/*
+ *  m a n i f e s t o _ x p i _ f n
+ *
+ *  Called by pointer from SignArchive(), once for
+ *  each file within the directory. This function
+ *  is only used for adding to XPI compatible archive
+ *
+ */
+static int
+manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
+{
+    char fullname[FNSIZE];
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "--> %s\n", relpath);
+    }
+
+    /* extension matching */
+    if (extensionsGiven) {
+        char *ext = PL_strrchr(relpath, '.');
+        if (!ext)
+            return 0;
+        if (!PL_HashTableLookup(extensions, ext))
+            return 0;
+    }
+    sprintf(fullname, "%s/%s", basedir, relpath);
+    JzipAdd(fullname, relpath, zipfile, compression_level);
+
+    return 0;
+}
+
+/*
+ *  m a n i f e s t o _ f n
+ *
+ *  Called by pointer from manifesto(), once for
+ *  each file within the directory.
+ *
+ */
+static int
+manifesto_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
+{
+    int use_js;
+    char *md5, *sha1;
+
+    JAR_Digest dig;
+    char fullname[FNSIZE];
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "--> %s\n", relpath);
+    }
+
+    /* extension matching */
+    if (extensionsGiven) {
+        char *ext = PL_strrchr(relpath, '.');
+        if (!ext)
+            return 0;
+        if (!PL_HashTableLookup(extensions, ext))
+            return 0;
+    }
+
+    sprintf(fullname, "%s/%s", basedir, relpath);
+
+    fprintf(mf, "\n");
+
+    use_js = 0;
+
+    if (scriptdir && !PORT_Strcmp(scriptdir, reldir))
+        use_js++;
+
+    /* sign non-.js files inside .arc directories using the javascript magic */
+
+    if ((PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3) &&
+        (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename) - 4))
+        use_js++;
+
+    if (use_js) {
+        fprintf(mf, "Name: %s\n", filename);
+        fprintf(mf, "Magic: javascript\n");
+
+        if (optimize == 0)
+            fprintf(mf, "javascript.id: %s\n", filename);
+
+        if (metafile)
+            add_meta(mf, filename);
+    } else {
+        fprintf(mf, "Name: %s\n", relpath);
+        if (metafile)
+            add_meta(mf, relpath);
+    }
+
+    JAR_digest_file(fullname, &dig);
+
+    if (optimize == 0) {
+        fprintf(mf, "Digest-Algorithms: MD5 SHA1\n");
+
+        md5 = BTOA_DataToAscii(dig.md5, MD5_LENGTH);
+        fprintf(mf, "MD5-Digest: %s\n", md5);
+        PORT_Free(md5);
+    }
+
+    sha1 = BTOA_DataToAscii(dig.sha1, SHA1_LENGTH);
+    fprintf(mf, "SHA1-Digest: %s\n", sha1);
+    PORT_Free(sha1);
+
+    if (!use_js) {
+        JzipAdd(fullname, relpath, zipfile, compression_level);
+    }
+
+    return 0;
+}
+
+/*
+ *  a d d _ m e t a
+ *
+ *  Parse the metainfo file, and add any details
+ *  necessary to the manifest file. In most cases you
+ *  should be using the -i option (ie, for SmartUpdate).
+ *
+ */
+static int
+add_meta(FILE *fp, char *name)
+{
+    FILE *met;
+    char buf[BUFSIZ];
+
+    int place;
+    char *pattern, *meta;
+
+    int num = 0;
+
+    if ((met = fopen(metafile, "r")) != NULL) {
+        while (fgets(buf, BUFSIZ, met)) {
+            char *s;
+
+            for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
+                ;
+            *s = 0;
+
+            if (*buf == 0)
+                continue;
+
+            pattern = buf;
+
+            /* skip to whitespace */
+            for (s = buf; *s && *s != ' ' && *s != '\t'; s++)
+                ;
+
+            /* terminate pattern */
+            if (*s == ' ' || *s == '\t')
+                *s++ = 0;
+
+            /* eat through whitespace */
+            while (*s == ' ' || *s == '\t')
+                s++;
+
+            meta = s;
+
+            /* this will eventually be regexp matching */
+
+            place = 0;
+            if (!PORT_Strcmp(pattern, name))
+                place = 1;
+
+            if (place) {
+                num++;
+                if (verbosity >= 0) {
+                    PR_fprintf(outputFD, "[%s] %s\n", name, meta);
+                }
+                fprintf(fp, "%s\n", meta);
+            }
+        }
+        fclose(met);
+    } else {
+        PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME,
+                   metafile);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    return num;
+}
+
+/**********************************************************************
+ *
+ * S i g n F i l e
+ */
+static int
+SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert)
+{
+    int nb;
+    char ibuf[4096], digestdata[32];
+    const SECHashObject *hashObj;
+    void *hashcx;
+    unsigned int len;
+
+    SECItem digest;
+    SEC_PKCS7ContentInfo *cinfo;
+    SECStatus rv;
+
+    if (outFile == NULL || inFile == NULL || cert == NULL)
+        return -1;
+
+    /* XXX probably want to extend interface to allow other hash algorithms */
+    hashObj = HASH_GetHashObject(HASH_AlgSHA1);
+
+    hashcx = (*hashObj->create)();
+    if (hashcx == NULL)
+        return -1;
+
+    (*hashObj->begin)(hashcx);
+
+    for (;;) {
+        if (feof(inFile))
+            break;
+        nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+        if (nb == 0) {
+            if (ferror(inFile)) {
+                PORT_SetError(SEC_ERROR_IO);
+                (*hashObj->destroy)(hashcx, PR_TRUE);
+                return -1;
+            }
+            /* eof */
+            break;
+        }
+        (*hashObj->update)(hashcx, (unsigned char *)ibuf, nb);
+    }
+
+    (*hashObj->end)(hashcx, (unsigned char *)digestdata, &len, 32);
+    (*hashObj->destroy)(hashcx, PR_TRUE);
+
+    digest.data = (unsigned char *)digestdata;
+    digest.len = len;
+
+    cinfo = SEC_PKCS7CreateSignedData(cert, certUsageObjectSigner, NULL,
+                                      SEC_OID_SHA1, &digest, NULL, NULL);
+
+    if (cinfo == NULL)
+        return -1;
+
+    rv = SEC_PKCS7IncludeCertChain(cinfo, NULL);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return -1;
+    }
+
+    if (no_time == 0) {
+        rv = SEC_PKCS7AddSigningTime(cinfo);
+        if (rv != SECSuccess) {
+            /* don't check error */
+        }
+    }
+
+    rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, NULL, &pwdata);
+
+    SEC_PKCS7DestroyContentInfo(cinfo);
+
+    if (rv != SECSuccess)
+        return -1;
+
+    return 0;
+}
+
+/*
+ *  g e n e r a t e _ S F _ f i l e
+ *
+ *  From the supplied manifest file, calculates
+ *  digests on the various sections, creating a .SF
+ *  file in the process.
+ *
+ */
+static int
+generate_SF_file(char *manifile, char *who)
+{
+    FILE *sf;
+    FILE *mf;
+    long r1, r2, r3;
+    char whofile[FNSIZE];
+    char *buf, *name = NULL;
+    char *md5, *sha1;
+    JAR_Digest dig;
+    int line = 0;
+
+    strcpy(whofile, who);
+
+    if ((mf = fopen(manifile, "rb")) == NULL) {
+        perror(manifile);
+        exit(ERRX);
+    }
+
+    if ((sf = fopen(whofile, "wb")) == NULL) {
+        perror(who);
+        exit(ERRX);
+    }
+
+    buf = (char *)PORT_ZAlloc(BUFSIZ);
+
+    if (buf)
+        name = (char *)PORT_ZAlloc(BUFSIZ);
+
+    if (buf == NULL || name == NULL)
+        out_of_memory();
+
+    fprintf(sf, "Signature-Version: 1.0\n");
+    fprintf(sf, "Created-By: %s\n", CREATOR);
+    fprintf(sf, "Comments: %s\n", BREAKAGE);
+
+    if (fgets(buf, BUFSIZ, mf) == NULL) {
+        PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    if (strncmp(buf, "Manifest-Version:", 17)) {
+        PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    fseek(mf, 0L, SEEK_SET);
+
+    /* Process blocks of headers, and calculate their hashen */
+
+    while (1) {
+        /* Beginning range */
+        r1 = ftell(mf);
+
+        if (fgets(name, BUFSIZ, mf) == NULL)
+            break;
+
+        line++;
+
+        if (r1 != 0 && strncmp(name, "Name:", 5)) {
+            PR_fprintf(errorFD,
+                       "warning: unexpected input in manifest file \"%s\" at line %d:\n",
+                       manifile, line);
+            PR_fprintf(errorFD, "%s\n", name);
+            warningCount++;
+        }
+
+        r2 = r1;
+        while (fgets(buf, BUFSIZ, mf)) {
+            if (*buf == 0 || *buf == '\n' || *buf == '\r')
+                break;
+
+            line++;
+
+            /* Ending range for hashing */
+            r2 = ftell(mf);
+        }
+
+        r3 = ftell(mf);
+
+        if (r1) {
+            fprintf(sf, "\n");
+            fprintf(sf, "%s", name);
+        }
+
+        calculate_MD5_range(mf, r1, r2, &dig);
+
+        if (optimize == 0) {
+            fprintf(sf, "Digest-Algorithms: MD5 SHA1\n");
+
+            md5 = BTOA_DataToAscii(dig.md5, MD5_LENGTH);
+            fprintf(sf, "MD5-Digest: %s\n", md5);
+            PORT_Free(md5);
+        }
+
+        sha1 = BTOA_DataToAscii(dig.sha1, SHA1_LENGTH);
+        fprintf(sf, "SHA1-Digest: %s\n", sha1);
+        PORT_Free(sha1);
+
+        /* restore normalcy after changing offset position */
+        fseek(mf, r3, SEEK_SET);
+    }
+
+    PORT_Free(buf);
+    PORT_Free(name);
+
+    fclose(sf);
+    fclose(mf);
+
+    return 0;
+}
+
+/*
+ *  c a l c u l a t e _ M D 5 _ r a n g e
+ *
+ *  Calculate the MD5 digest on a range of bytes in
+ *  the specified fopen'd file. Returns base64.
+ *
+ */
+static int
+calculate_MD5_range(FILE *fp, long r1, long r2, JAR_Digest *dig)
+{
+    int num;
+    int range;
+    unsigned char *buf;
+    SECStatus rv;
+
+    range = r2 - r1;
+
+    /* position to the beginning of range */
+    fseek(fp, r1, SEEK_SET);
+
+    buf = (unsigned char *)PORT_ZAlloc(range);
+    if (buf == NULL)
+        out_of_memory();
+
+    if ((num = fread(buf, 1, range, fp)) != range) {
+        PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME,
+                   range, num);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range);
+    if (rv == SECSuccess) {
+        rv = PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range);
+    }
+    if (rv != SECSuccess) {
+        PR_fprintf(errorFD, "%s: can't generate digest context\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    PORT_Free(buf);
+
+    return 0;
+}
+
+static void
+SignOut(void *arg, const char *buf, unsigned long len)
+{
+    fwrite(buf, len, 1, (FILE *)arg);
+}
diff --git a/nss/cmd/signtool/signtool.c b/nss/cmd/signtool/signtool.c
new file mode 100644
index 0000000..51857d6
--- /dev/null
+++ b/nss/cmd/signtool/signtool.c
@@ -0,0 +1,1068 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  SIGNTOOL
+ *
+ *  A command line tool to create manifest files
+ *  from a directory hierarchy. It is assumed that
+ *  the tree will be equivalent to what resides
+ *  or will reside in an archive.
+ *
+ *
+ */
+
+#include "nss.h"
+#include "signtool.h"
+#include "prmem.h"
+#include "prio.h"
+
+/***********************************************************************
+ * Global Variable Definitions
+ */
+char *progName; /* argv[0] */
+
+/* password data */
+secuPWData pwdata = { PW_NONE, 0 };
+
+/* directories or files to exclude in descent */
+PLHashTable *excludeDirs = NULL;
+static PRBool exclusionsGiven = PR_FALSE;
+
+/* zatharus is the man who knows no time, dies tragic death */
+int no_time = 0;
+
+/* -b basename of .rsa, .sf files */
+char *base = DEFAULT_BASE_NAME;
+
+/* Only sign files with this extension */
+PLHashTable *extensions = NULL;
+PRBool extensionsGiven = PR_FALSE;
+
+char *scriptdir = NULL;
+
+int verbosity = 0;
+
+PRFileDesc *outputFD = NULL, *errorFD = NULL;
+
+int errorCount = 0, warningCount = 0;
+
+int compression_level = DEFAULT_COMPRESSION_LEVEL;
+PRBool compression_level_specified = PR_FALSE;
+
+int xpi_arc = 0;
+
+/* Command-line arguments */
+static char *genkey = NULL;
+static char *verify = NULL;
+static char *zipfile = NULL;
+static char *cert_dir = NULL;
+static int javascript = 0;
+static char *jartree = NULL;
+static char *keyName = NULL;
+static char *metafile = NULL;
+static char *install_script = NULL;
+static int list_certs = 0;
+static int list_modules = 0;
+static int optimize = 0;
+static int enableOCSP = 0;
+static char *tell_who = NULL;
+static char *outfile = NULL;
+static char *cmdFile = NULL;
+static PRBool noRecurse = PR_FALSE;
+static PRBool leaveArc = PR_FALSE;
+static int keySize = -1;
+static char *token = NULL;
+
+typedef enum {
+    UNKNOWN_OPT,
+    HELP_OPT,
+    LONG_HELP_OPT,
+    BASE_OPT,
+    COMPRESSION_OPT,
+    CERT_DIR_OPT,
+    EXTENSION_OPT,
+    INSTALL_SCRIPT_OPT,
+    SCRIPTDIR_OPT,
+    CERTNAME_OPT,
+    LIST_OBJSIGN_CERTS_OPT,
+    LIST_ALL_CERTS_OPT,
+    METAFILE_OPT,
+    OPTIMIZE_OPT,
+    ENABLE_OCSP_OPT,
+    PASSWORD_OPT,
+    VERIFY_OPT,
+    WHO_OPT,
+    EXCLUDE_OPT,
+    NO_TIME_OPT,
+    JAVASCRIPT_OPT,
+    ZIPFILE_OPT,
+    GENKEY_OPT,
+    MODULES_OPT,
+    NORECURSE_OPT,
+    SIGNDIR_OPT,
+    OUTFILE_OPT,
+    COMMAND_FILE_OPT,
+    LEAVE_ARC_OPT,
+    VERBOSITY_OPT,
+    KEYSIZE_OPT,
+    TOKEN_OPT,
+    XPI_ARC_OPT
+}
+
+OPT_TYPE;
+
+typedef enum {
+    DUPLICATE_OPTION_ERR = 0,
+    OPTION_NEEDS_ARG_ERR
+}
+
+Error;
+
+static char *errStrings[] = {
+    "warning: %s option specified more than once.\n"
+    "Only last specification will be used.\n",
+    "ERROR: option \"%s\" requires an argument.\n"
+};
+
+static int ProcessOneOpt(OPT_TYPE type, char *arg);
+
+/*********************************************************************
+ *
+ * P r o c e s s C o m m a n d F i l e
+ */
+int
+ProcessCommandFile()
+{
+    PRFileDesc *fd;
+#define CMD_FILE_BUFSIZE 1024
+    char buf[CMD_FILE_BUFSIZE];
+    char *equals;
+    int linenum = 0;
+    int retval = -1;
+    OPT_TYPE type;
+
+    fd = PR_Open(cmdFile, PR_RDONLY, 0777);
+    if (!fd) {
+        PR_fprintf(errorFD, "ERROR: Unable to open command file %s.\n");
+        errorCount++;
+        return -1;
+    }
+
+    while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd)) {
+        char *eol;
+        linenum++;
+
+        /* Chop off final newline */
+        eol = PL_strchr(buf, '\r');
+        if (!eol) {
+            eol = PL_strchr(buf, '\n');
+        }
+        if (eol)
+            *eol = '\0';
+
+        equals = PL_strchr(buf, '=');
+        if (!equals) {
+            continue;
+        }
+
+        *equals = '\0';
+        equals++;
+
+        /* Now buf points to the attribute, and equals points to the value. */
+
+        /* This is pretty straightforward, just deal with whatever attribute
+         * this is */
+        if (!PL_strcasecmp(buf, "basename")) {
+            type = BASE_OPT;
+        } else if (!PL_strcasecmp(buf, "compression")) {
+            type = COMPRESSION_OPT;
+        } else if (!PL_strcasecmp(buf, "certdir")) {
+            type = CERT_DIR_OPT;
+        } else if (!PL_strcasecmp(buf, "extension")) {
+            type = EXTENSION_OPT;
+        } else if (!PL_strcasecmp(buf, "generate")) {
+            type = GENKEY_OPT;
+        } else if (!PL_strcasecmp(buf, "installScript")) {
+            type = INSTALL_SCRIPT_OPT;
+        } else if (!PL_strcasecmp(buf, "javascriptdir")) {
+            type = SCRIPTDIR_OPT;
+        } else if (!PL_strcasecmp(buf, "htmldir")) {
+            type = JAVASCRIPT_OPT;
+            if (jartree) {
+                PR_fprintf(errorFD,
+                           "warning: directory to be signed specified more than once."
+                           " Only last specification will be used.\n");
+                warningCount++;
+                PR_Free(jartree);
+                jartree = NULL;
+            }
+            jartree = PL_strdup(equals);
+        } else if (!PL_strcasecmp(buf, "certname")) {
+            type = CERTNAME_OPT;
+        } else if (!PL_strcasecmp(buf, "signdir")) {
+            type = SIGNDIR_OPT;
+        } else if (!PL_strcasecmp(buf, "list")) {
+            type = LIST_OBJSIGN_CERTS_OPT;
+        } else if (!PL_strcasecmp(buf, "listall")) {
+            type = LIST_ALL_CERTS_OPT;
+        } else if (!PL_strcasecmp(buf, "metafile")) {
+            type = METAFILE_OPT;
+        } else if (!PL_strcasecmp(buf, "modules")) {
+            type = MODULES_OPT;
+        } else if (!PL_strcasecmp(buf, "optimize")) {
+            type = OPTIMIZE_OPT;
+        } else if (!PL_strcasecmp(buf, "ocsp")) {
+            type = ENABLE_OCSP_OPT;
+        } else if (!PL_strcasecmp(buf, "password")) {
+            type = PASSWORD_OPT;
+        } else if (!PL_strcasecmp(buf, "verify")) {
+            type = VERIFY_OPT;
+        } else if (!PL_strcasecmp(buf, "who")) {
+            type = WHO_OPT;
+        } else if (!PL_strcasecmp(buf, "exclude")) {
+            type = EXCLUDE_OPT;
+        } else if (!PL_strcasecmp(buf, "notime")) {
+            type = NO_TIME_OPT;
+        } else if (!PL_strcasecmp(buf, "jarfile")) {
+            type = ZIPFILE_OPT;
+        } else if (!PL_strcasecmp(buf, "outfile")) {
+            type = OUTFILE_OPT;
+        } else if (!PL_strcasecmp(buf, "leavearc")) {
+            type = LEAVE_ARC_OPT;
+        } else if (!PL_strcasecmp(buf, "verbosity")) {
+            type = VERBOSITY_OPT;
+        } else if (!PL_strcasecmp(buf, "keysize")) {
+            type = KEYSIZE_OPT;
+        } else if (!PL_strcasecmp(buf, "token")) {
+            type = TOKEN_OPT;
+        } else if (!PL_strcasecmp(buf, "xpi")) {
+            type = XPI_ARC_OPT;
+        } else {
+            PR_fprintf(errorFD,
+                       "warning: unknown attribute \"%s\" in command file, line %d.\n",
+                       buf, linenum);
+            warningCount++;
+            type = UNKNOWN_OPT;
+        }
+
+        /* Process the option, whatever it is */
+        if (type != UNKNOWN_OPT) {
+            if (ProcessOneOpt(type, equals) == -1) {
+                goto finish;
+            }
+        }
+    }
+
+    retval = 0;
+
+finish:
+    PR_Close(fd);
+    return retval;
+}
+
+/*********************************************************************
+ *
+ * p a r s e _ a r g s
+ */
+static int
+parse_args(int argc, char *argv[])
+{
+    char *opt;
+    char *arg;
+    int needsInc = 0;
+    int i;
+    OPT_TYPE type;
+
+    /* Loop over all arguments */
+    for (i = 1; i < argc; i++) {
+        opt = argv[i];
+        arg = NULL;
+
+        if (opt[0] == '-') {
+            if (opt[1] == '-') {
+                /* word option */
+                if (i < argc - 1) {
+                    needsInc = 1;
+                    arg = argv[i + 1];
+                } else {
+                    arg = NULL;
+                }
+
+                if (!PL_strcasecmp(opt + 2, "norecurse")) {
+                    type = NORECURSE_OPT;
+                } else if (!PL_strcasecmp(opt + 2, "leavearc")) {
+                    type = LEAVE_ARC_OPT;
+                } else if (!PL_strcasecmp(opt + 2, "verbosity")) {
+                    type = VERBOSITY_OPT;
+                } else if (!PL_strcasecmp(opt + 2, "outfile")) {
+                    type = OUTFILE_OPT;
+                } else if (!PL_strcasecmp(opt + 2, "keysize")) {
+                    type = KEYSIZE_OPT;
+                } else if (!PL_strcasecmp(opt + 2, "token")) {
+                    type = TOKEN_OPT;
+                } else {
+                    PR_fprintf(errorFD, "warning: unknown option: %s\n",
+                               opt);
+                    warningCount++;
+                    type = UNKNOWN_OPT;
+                }
+            } else {
+                /* char option */
+                if (opt[2] != '\0') {
+                    arg = opt + 2;
+                } else if (i < argc - 1) {
+                    needsInc = 1;
+                    arg = argv[i + 1];
+                } else {
+                    arg = NULL;
+                }
+
+                switch (opt[1]) {
+                    case 'b':
+                        type = BASE_OPT;
+                        break;
+                    case 'c':
+                        type = COMPRESSION_OPT;
+                        break;
+                    case 'd':
+                        type = CERT_DIR_OPT;
+                        break;
+                    case 'e':
+                        type = EXTENSION_OPT;
+                        break;
+                    case 'f':
+                        type = COMMAND_FILE_OPT;
+                        break;
+                    case 'h':
+                        type = HELP_OPT;
+                        break;
+                    case 'H':
+                        type = LONG_HELP_OPT;
+                        break;
+                    case 'i':
+                        type = INSTALL_SCRIPT_OPT;
+                        break;
+                    case 'j':
+                        type = SCRIPTDIR_OPT;
+                        break;
+                    case 'k':
+                        type = CERTNAME_OPT;
+                        break;
+                    case 'l':
+                        type = LIST_OBJSIGN_CERTS_OPT;
+                        break;
+                    case 'L':
+                        type = LIST_ALL_CERTS_OPT;
+                        break;
+                    case 'm':
+                        type = METAFILE_OPT;
+                        break;
+                    case 'o':
+                        type = OPTIMIZE_OPT;
+                        break;
+                    case 'O':
+                        type = ENABLE_OCSP_OPT;
+                        break;
+                    case 'p':
+                        type = PASSWORD_OPT;
+                        break;
+                    case 'v':
+                        type = VERIFY_OPT;
+                        break;
+                    case 'w':
+                        type = WHO_OPT;
+                        break;
+                    case 'x':
+                        type = EXCLUDE_OPT;
+                        break;
+                    case 'X':
+                        type = XPI_ARC_OPT;
+                        break;
+                    case 'z':
+                        type = NO_TIME_OPT;
+                        break;
+                    case 'J':
+                        type = JAVASCRIPT_OPT;
+                        break;
+                    case 'Z':
+                        type = ZIPFILE_OPT;
+                        break;
+                    case 'G':
+                        type = GENKEY_OPT;
+                        break;
+                    case 'M':
+                        type = MODULES_OPT;
+                        break;
+                    case 's':
+                        type = KEYSIZE_OPT;
+                        break;
+                    case 't':
+                        type = TOKEN_OPT;
+                        break;
+                    default:
+                        type = UNKNOWN_OPT;
+                        PR_fprintf(errorFD, "warning: unrecognized option: -%c.\n",
+                                   opt[1]);
+                        warningCount++;
+                        break;
+                }
+            }
+        } else {
+            type = UNKNOWN_OPT;
+            if (i == argc - 1) {
+                if (jartree) {
+                    PR_fprintf(errorFD,
+                               "warning: directory to be signed specified more than once.\n"
+                               " Only last specification will be used.\n");
+                    warningCount++;
+                    PR_Free(jartree);
+                    jartree = NULL;
+                }
+                jartree = PL_strdup(opt);
+            } else {
+                PR_fprintf(errorFD, "warning: unrecognized option: %s\n", opt);
+                warningCount++;
+            }
+        }
+
+        if (type != UNKNOWN_OPT) {
+            short ateArg = ProcessOneOpt(type, arg);
+            if (ateArg == -1) {
+                /* error */
+                return -1;
+            }
+            if (ateArg && needsInc) {
+                i++;
+            }
+        }
+    }
+
+    return 0;
+}
+
+/*********************************************************************
+ *
+ * P r o c e s s O n e O p t
+ *
+ * Since options can come from different places (command file, word options,
+ * char options), this is a central function that is called to deal with
+ * them no matter where they come from.
+ *
+ * type is the type of option.
+ * arg is the argument to the option, possibly NULL.
+ * Returns 1 if the argument was eaten, 0 if it wasn't, and -1 for error.
+ */
+static int
+ProcessOneOpt(OPT_TYPE type, char *arg)
+{
+    int ate = 0;
+
+    switch (type) {
+        case HELP_OPT:
+            Usage();
+            break;
+        case LONG_HELP_OPT:
+            LongUsage();
+            break;
+        case BASE_OPT:
+            if (base) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-b");
+                warningCount++;
+                PR_Free(base);
+                base = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-b");
+                errorCount++;
+                goto loser;
+            }
+            base = PL_strdup(arg);
+            ate = 1;
+            break;
+        case COMPRESSION_OPT:
+            if (compression_level_specified) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-c");
+                warningCount++;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-c");
+                errorCount++;
+                goto loser;
+            }
+            compression_level = atoi(arg);
+            compression_level_specified = PR_TRUE;
+            ate = 1;
+            break;
+        case CERT_DIR_OPT:
+            if (cert_dir) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-d");
+                warningCount++;
+                PR_Free(cert_dir);
+                cert_dir = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-d");
+                errorCount++;
+                goto loser;
+            }
+            cert_dir = PL_strdup(arg);
+            ate = 1;
+            break;
+        case EXTENSION_OPT:
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "extension (-e)");
+                errorCount++;
+                goto loser;
+            }
+            PL_HashTableAdd(extensions, arg, arg);
+            extensionsGiven = PR_TRUE;
+            ate = 1;
+            break;
+        case INSTALL_SCRIPT_OPT:
+            if (install_script) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "installScript (-i)");
+                warningCount++;
+                PR_Free(install_script);
+                install_script = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "installScript (-i)");
+                errorCount++;
+                goto loser;
+            }
+            install_script = PL_strdup(arg);
+            ate = 1;
+            break;
+        case SCRIPTDIR_OPT:
+            if (scriptdir) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "javascriptdir (-j)");
+                warningCount++;
+                PR_Free(scriptdir);
+                scriptdir = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "javascriptdir (-j)");
+                errorCount++;
+                goto loser;
+            }
+            scriptdir = PL_strdup(arg);
+            ate = 1;
+            break;
+        case CERTNAME_OPT:
+            if (keyName) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "keyName (-k)");
+                warningCount++;
+                PR_Free(keyName);
+                keyName = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "keyName (-k)");
+                errorCount++;
+                goto loser;
+            }
+            keyName = PL_strdup(arg);
+            ate = 1;
+            break;
+        case LIST_OBJSIGN_CERTS_OPT:
+        case LIST_ALL_CERTS_OPT:
+            if (list_certs != 0) {
+                PR_fprintf(errorFD,
+                           "warning: only one of -l and -L may be specified.\n");
+                warningCount++;
+            }
+            list_certs = (type == LIST_OBJSIGN_CERTS_OPT ? 1 : 2);
+            break;
+        case METAFILE_OPT:
+            if (metafile) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "metafile (-m)");
+                warningCount++;
+                PR_Free(metafile);
+                metafile = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "metafile (-m)");
+                errorCount++;
+                goto loser;
+            }
+            metafile = PL_strdup(arg);
+            ate = 1;
+            break;
+        case OPTIMIZE_OPT:
+            optimize = 1;
+            break;
+        case ENABLE_OCSP_OPT:
+            enableOCSP = 1;
+            break;
+        case PASSWORD_OPT:
+            if (pwdata.data) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "password (-p)");
+                warningCount++;
+                PR_Free(pwdata.data);
+                pwdata.data = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "password (-p)");
+                errorCount++;
+                goto loser;
+            }
+            pwdata.source = PW_PLAINTEXT;
+            pwdata.data = PL_strdup(arg);
+            ate = 1;
+            break;
+        case VERIFY_OPT:
+            if (verify) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "verify (-v)");
+                warningCount++;
+                PR_Free(verify);
+                verify = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "verify (-v)");
+                errorCount++;
+                goto loser;
+            }
+            verify = PL_strdup(arg);
+            ate = 1;
+            break;
+        case WHO_OPT:
+            if (tell_who) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "who (-v)");
+                warningCount++;
+                PR_Free(tell_who);
+                tell_who = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "who (-w)");
+                errorCount++;
+                goto loser;
+            }
+            tell_who = PL_strdup(arg);
+            ate = 1;
+            break;
+        case EXCLUDE_OPT:
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "exclude (-x)");
+                errorCount++;
+                goto loser;
+            }
+            PL_HashTableAdd(excludeDirs, arg, arg);
+            exclusionsGiven = PR_TRUE;
+            ate = 1;
+            break;
+        case NO_TIME_OPT:
+            no_time = 1;
+            break;
+        case JAVASCRIPT_OPT:
+            javascript++;
+            break;
+        case ZIPFILE_OPT:
+            if (zipfile) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "jarfile (-Z)");
+                warningCount++;
+                PR_Free(zipfile);
+                zipfile = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "jarfile (-Z)");
+                errorCount++;
+                goto loser;
+            }
+            zipfile = PL_strdup(arg);
+            ate = 1;
+            break;
+        case GENKEY_OPT:
+            if (genkey) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "generate (-G)");
+                warningCount++;
+                PR_Free(genkey);
+                genkey = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "generate (-G)");
+                errorCount++;
+                goto loser;
+            }
+            genkey = PL_strdup(arg);
+            ate = 1;
+            break;
+        case MODULES_OPT:
+            list_modules++;
+            break;
+        case SIGNDIR_OPT:
+            if (jartree) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "signdir");
+                warningCount++;
+                PR_Free(jartree);
+                jartree = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "signdir");
+                errorCount++;
+                goto loser;
+            }
+            jartree = PL_strdup(arg);
+            ate = 1;
+            break;
+        case OUTFILE_OPT:
+            if (outfile) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "outfile");
+                warningCount++;
+                PR_Free(outfile);
+                outfile = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "outfile");
+                errorCount++;
+                goto loser;
+            }
+            outfile = PL_strdup(arg);
+            ate = 1;
+            break;
+        case COMMAND_FILE_OPT:
+            if (cmdFile) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
+                           "-f");
+                warningCount++;
+                PR_Free(cmdFile);
+                cmdFile = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "-f");
+                errorCount++;
+                goto loser;
+            }
+            cmdFile = PL_strdup(arg);
+            ate = 1;
+            break;
+        case NORECURSE_OPT:
+            noRecurse = PR_TRUE;
+            break;
+        case LEAVE_ARC_OPT:
+            leaveArc = PR_TRUE;
+            break;
+        case VERBOSITY_OPT:
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
+                           "--verbosity");
+                errorCount++;
+                goto loser;
+            }
+            verbosity = atoi(arg);
+            ate = 1;
+            break;
+        case KEYSIZE_OPT:
+            if (keySize != -1) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-s");
+                warningCount++;
+            }
+            keySize = atoi(arg);
+            ate = 1;
+            if (keySize < 1 || keySize > MAX_RSA_KEY_SIZE) {
+                PR_fprintf(errorFD, "Invalid key size: %d.\n", keySize);
+                errorCount++;
+                goto loser;
+            }
+            break;
+        case TOKEN_OPT:
+            if (token) {
+                PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-t");
+                PR_Free(token);
+                token = NULL;
+            }
+            if (!arg) {
+                PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-t");
+                errorCount++;
+                goto loser;
+            }
+            token = PL_strdup(arg);
+            ate = 1;
+            break;
+        case XPI_ARC_OPT:
+            xpi_arc = 1;
+            break;
+        default:
+            PR_fprintf(errorFD, "warning: unknown option\n");
+            warningCount++;
+            break;
+    }
+
+    return ate;
+loser:
+    return -1;
+}
+
+/*********************************************************************
+ *
+ * m a i n
+ */
+int
+main(int argc, char *argv[])
+{
+    PRBool readOnly;
+    int retval = 0;
+
+    outputFD = PR_STDOUT;
+    errorFD = PR_STDERR;
+
+    progName = argv[0];
+
+    if (argc < 2) {
+        Usage();
+    }
+
+    excludeDirs = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
+                                  PL_CompareStrings, NULL, NULL);
+    extensions = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
+                                 PL_CompareStrings, NULL, NULL);
+
+    if (parse_args(argc, argv)) {
+        retval = -1;
+        goto cleanup;
+    }
+
+    /* Parse the command file if one was given */
+    if (cmdFile) {
+        if (ProcessCommandFile()) {
+            retval = -1;
+            goto cleanup;
+        }
+    }
+
+    /* Set up output redirection */
+    if (outfile) {
+        if (PR_Access(outfile, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+            /* delete the file if it is already present */
+            PR_fprintf(errorFD,
+                       "warning: %s already exists and will be overwritten.\n",
+                       outfile);
+            warningCount++;
+            if (PR_Delete(outfile) != PR_SUCCESS) {
+                PR_fprintf(errorFD, "ERROR: unable to delete %s.\n", outfile);
+                errorCount++;
+                exit(ERRX);
+            }
+        }
+        outputFD = PR_Open(outfile,
+                           PR_WRONLY |
+                               PR_CREATE_FILE | PR_TRUNCATE,
+                           0777);
+        if (!outputFD) {
+            PR_fprintf(errorFD, "ERROR: Unable to create %s.\n",
+                       outfile);
+            errorCount++;
+            exit(ERRX);
+        }
+        errorFD = outputFD;
+    }
+
+    /* This seems to be a fairly common user error */
+
+    if (verify && list_certs > 0) {
+        PR_fprintf(errorFD, "%s: Can't use -l and -v at the same time\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        retval = -1;
+        goto cleanup;
+    }
+
+    /* -J assumes -Z now */
+
+    if (javascript && zipfile) {
+        PR_fprintf(errorFD, "%s: Can't use -J and -Z at the same time\n",
+                   PROGRAM_NAME);
+        PR_fprintf(errorFD, "%s: -J option will create the jar files for you\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        retval = -1;
+        goto cleanup;
+    }
+
+    /* -X needs -Z */
+
+    if (xpi_arc && !zipfile) {
+        PR_fprintf(errorFD, "%s: option XPI (-X) requires option jarfile (-Z)\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        retval = -1;
+        goto cleanup;
+    }
+
+    /* Less common mixing of -L with various options */
+
+    if (list_certs > 0 &&
+        (tell_who || zipfile || javascript ||
+         scriptdir || extensionsGiven || exclusionsGiven || install_script)) {
+        PR_fprintf(errorFD, "%s: Can't use -l or -L with that option\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        retval = -1;
+        goto cleanup;
+    }
+
+    if (!cert_dir)
+        cert_dir = get_default_cert_dir();
+
+    VerifyCertDir(cert_dir, keyName);
+
+    if (compression_level < MIN_COMPRESSION_LEVEL ||
+        compression_level > MAX_COMPRESSION_LEVEL) {
+        PR_fprintf(errorFD, "Compression level must be between %d and %d.\n",
+                   MIN_COMPRESSION_LEVEL, MAX_COMPRESSION_LEVEL);
+        errorCount++;
+        retval = -1;
+        goto cleanup;
+    }
+
+    if (jartree && !keyName) {
+        PR_fprintf(errorFD, "You must specify a key with which to sign.\n");
+        errorCount++;
+        retval = -1;
+        goto cleanup;
+    }
+
+    readOnly = (genkey == NULL); /* only key generation requires write */
+    if (InitCrypto(cert_dir, readOnly)) {
+        PR_fprintf(errorFD, "ERROR: Cryptographic initialization failed.\n");
+        errorCount++;
+        retval = -1;
+        goto cleanup;
+    }
+
+    if (enableOCSP) {
+        SECStatus rv = CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
+        if (rv != SECSuccess) {
+            PR_fprintf(errorFD, "ERROR: Attempt to enable OCSP Checking failed.\n");
+            errorCount++;
+            retval = -1;
+        }
+    }
+
+    if (verify) {
+        if (VerifyJar(verify)) {
+            errorCount++;
+            retval = -1;
+            goto cleanup;
+        }
+    } else if (list_certs) {
+        if (ListCerts(keyName, list_certs)) {
+            errorCount++;
+            retval = -1;
+            goto cleanup;
+        }
+    } else if (list_modules) {
+        JarListModules();
+    } else if (genkey) {
+        if (GenerateCert(genkey, keySize, token)) {
+            errorCount++;
+            retval = -1;
+            goto cleanup;
+        }
+    } else if (tell_who) {
+        if (JarWho(tell_who)) {
+            errorCount++;
+            retval = -1;
+            goto cleanup;
+        }
+    } else if (javascript && jartree) {
+        /* make sure directory exists */
+        PRDir *dir;
+        dir = PR_OpenDir(jartree);
+        if (!dir) {
+            PR_fprintf(errorFD, "ERROR: unable to open directory %s.\n",
+                       jartree);
+            errorCount++;
+            retval = -1;
+            goto cleanup;
+        } else {
+            PR_CloseDir(dir);
+        }
+
+        /* undo junk from prior runs of signtool*/
+        if (RemoveAllArc(jartree)) {
+            PR_fprintf(errorFD, "Error removing archive directories under %s\n",
+                       jartree);
+            errorCount++;
+            retval = -1;
+            goto cleanup;
+        }
+
+        /* traverse all the htm|html files in the directory */
+        if (InlineJavaScript(jartree, !noRecurse)) {
+            retval = -1;
+            goto cleanup;
+        }
+
+        /* sign any resultant .arc directories created in above step */
+        if (SignAllArc(jartree, keyName, javascript, metafile, install_script,
+                       optimize, !noRecurse)) {
+            retval = -1;
+            goto cleanup;
+        }
+
+        if (!leaveArc) {
+            RemoveAllArc(jartree);
+        }
+
+        if (errorCount > 0 || warningCount > 0) {
+            PR_fprintf(outputFD, "%d error%s, %d warning%s.\n",
+                       errorCount,
+                       errorCount == 1 ? "" : "s", warningCount, warningCount == 1
+                                                                     ? ""
+                                                                     : "s");
+        } else {
+            PR_fprintf(outputFD, "Directory %s signed successfully.\n",
+                       jartree);
+        }
+    } else if (jartree) {
+        SignArchive(jartree, keyName, zipfile, javascript, metafile,
+                    install_script, optimize, !noRecurse);
+    } else
+        Usage();
+
+cleanup:
+    if (extensions) {
+        PL_HashTableDestroy(extensions);
+        extensions = NULL;
+    }
+    if (excludeDirs) {
+        PL_HashTableDestroy(excludeDirs);
+        excludeDirs = NULL;
+    }
+    if (outputFD != PR_STDOUT) {
+        PR_Close(outputFD);
+    }
+    rm_dash_r(TMP_OUTPUT);
+    if (retval == 0) {
+        if (NSS_Shutdown() != SECSuccess) {
+            exit(1);
+        }
+    }
+    return retval;
+}
diff --git a/nss/cmd/signtool/signtool.gyp b/nss/cmd/signtool/signtool.gyp
new file mode 100644
index 0000000..53465ac
--- /dev/null
+++ b/nss/cmd/signtool/signtool.gyp
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'signtool',
+      'type': 'executable',
+      'sources': [
+        'certgen.c',
+        'javascript.c',
+        'list.c',
+        'sign.c',
+        'signtool.c',
+        'util.c',
+        'verify.c',
+        'zip.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/jar/jar.gyp:jar',
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/cmd/signtool/signtool.h b/nss/cmd/signtool/signtool.h
new file mode 100644
index 0000000..bdb3b59
--- /dev/null
+++ b/nss/cmd/signtool/signtool.h
@@ -0,0 +1,113 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SIGNTOOL_H
+#define SIGNTOOL_H
+
+#define DJN_TEST
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include "prprf.h"
+#include "prio.h"
+#include "secutil.h"
+#include "ocsp.h"
+#include "jar.h"
+#include "jarfile.h"
+#include "secpkcs7.h"
+#include "pk11func.h"
+#include "secmod.h"
+#include "plhash.h"
+#include "nss.h"
+
+#ifdef _UNIX
+#include <unistd.h>
+#endif
+
+/**********************************************************************
+ * General Defines
+ */
+#define JAR_BASE_END JAR_BASE + 100
+#define ERRX (-1)  /* the exit code used on failure */
+#define FNSIZE 256 /* the maximum length for filenames */
+#define MAX_RSA_KEY_SIZE 4096
+#define DEFAULT_RSA_KEY_SIZE 1024
+#define MANIFEST "manifest.mf"
+#define DEFAULT_X509_BASENAME "x509"
+#define DEFAULT_COMMON_NAME "Signtool " NSS_VERSION " Testing Certificate"
+#define CREATOR "Signtool (signtool " NSS_VERSION ")"
+#define BREAKAGE "PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT."
+#define MIN_COMPRESSION_LEVEL (-1)
+#define MAX_COMPRESSION_LEVEL 9
+#define DEFAULT_COMPRESSION_LEVEL (-1) /* zlib understands this to be default*/
+#define STDIN_BUF_SIZE 160
+#define PROGRAM_NAME "signtool"
+#define LONG_PROGRAM_NAME "Signing Tool"
+#define DEFAULT_BASE_NAME "zigbert"
+#define TMP_OUTPUT "signtool.tmp"
+#define XPI_TEXT "Creating XPI Compatible Archive"
+
+/***************************************************************
+ * Main Task Functions
+ */
+int GenerateCert(char *nickname, int keysize, char *token);
+int ListCerts(char *key, int list_certs);
+int VerifyJar(char *filename);
+int SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
+                char *meta_file, char *install_script, int _optimize, PRBool recurse);
+int SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
+               char *install_script, int optimize, PRBool recurse);
+int InlineJavaScript(char *dir, PRBool recurse);
+int JarWho(char *filename);
+void JarListModules(void);
+
+/**************************************************************
+ * Utility Functions
+ */
+CERTCertDBHandle *OpenCertDB(PRBool readOnly);
+
+int RemoveAllArc(char *tree);
+void VerifyCertDir(char *dir, char *keyName);
+int InitCrypto(char *cert_dir, PRBool readOnly);
+int foreach (char *dirname, char *prefix,
+             int (*fn)(char *filename, char *dirname, char *basedir, char *base, void *arg),
+             PRBool recurse, PRBool includeDirs, void *arg);
+void print_error(int i);
+void give_help(int status);
+const char *secErrorString(long code);
+void displayVerifyLog(CERTVerifyLog *log);
+void Usage(void);
+void LongUsage(void);
+char *chop(char *);
+void out_of_memory(void);
+void FatalError(char *msg);
+char *get_default_cert_dir(void);
+SECItem *password_hardcode(void *arg, void *handle);
+char *pk11_password_hardcode(PK11SlotInfo *slot, PRBool retry, void *arg);
+int rm_dash_r(char *path);
+char *pr_fgets(char *buf, int size, PRFileDesc *file);
+
+/*****************************************************************
+ * Global Variables (*gag*)
+ */
+extern char *password;           /* the password passed in on the command line */
+extern PLHashTable *excludeDirs; /* directory entry to skip while recursing */
+extern int no_time;
+extern int xpi_arc;
+extern char *base; /* basename of ".rsa" and ".sf" files */
+extern long *mozilla_event_queue;
+extern char *progName;          /* argv[0] */
+extern PLHashTable *extensions; /* only sign files with this extension */
+extern PRBool extensionsGiven;
+extern char *scriptdir;
+extern int compression_level;
+extern PRFileDesc *outputFD, *errorFD;
+extern int verbosity;
+extern int errorCount;
+extern int warningCount;
+extern secuPWData pwdata;
+
+#endif /* SIGNTOOL_H */
diff --git a/nss/cmd/signtool/util.c b/nss/cmd/signtool/util.c
new file mode 100644
index 0000000..49b7f3b
--- /dev/null
+++ b/nss/cmd/signtool/util.c
@@ -0,0 +1,1086 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "signtool.h"
+#include "prio.h"
+#include "prmem.h"
+#include "prenv.h"
+#include "nss.h"
+
+static int is_dir(char *filename);
+
+/***********************************************************
+ * Nasty hackish function definitions
+ */
+
+long *mozilla_event_queue = 0;
+
+#ifndef XP_WIN
+char *
+XP_GetString(int i)
+{
+    /* nasty hackish cast to avoid changing the signature of
+     * JAR_init_callbacks() */
+    return (char *)SECU_Strerror(i);
+}
+#endif
+
+void
+FE_SetPasswordEnabled()
+{
+}
+
+void /*MWContext*/ *
+FE_GetInitContext(void)
+{
+    return 0;
+}
+
+void /*MWContext*/ *
+XP_FindSomeContext()
+{
+    /* No windows context in command tools */
+    return NULL;
+}
+
+void
+ET_moz_CallFunction()
+{
+}
+
+/*
+ *  R e m o v e A l l A r c
+ *
+ *  Remove .arc directories that are lingering
+ *  from a previous run of signtool.
+ *
+ */
+int
+RemoveAllArc(char *tree)
+{
+    PRDir *dir;
+    PRDirEntry *entry;
+    char *archive = NULL;
+    int retval = 0;
+
+    dir = PR_OpenDir(tree);
+    if (!dir)
+        return -1;
+
+    for (entry = PR_ReadDir(dir, 0); entry; entry = PR_ReadDir(dir,
+                                                               0)) {
+
+        if (entry->name[0] == '.') {
+            continue;
+        }
+
+        if (archive)
+            PR_Free(archive);
+        archive = PR_smprintf("%s/%s", tree, entry->name);
+
+        if (PL_strcaserstr(entry->name, ".arc") ==
+            (entry->name + strlen(entry->name) - 4)) {
+
+            if (verbosity >= 0) {
+                PR_fprintf(outputFD, "removing: %s\n", archive);
+            }
+
+            if (rm_dash_r(archive)) {
+                PR_fprintf(errorFD, "Error removing %s\n", archive);
+                errorCount++;
+                retval = -1;
+                goto finish;
+            }
+        } else if (is_dir(archive)) {
+            if (RemoveAllArc(archive)) {
+                retval = -1;
+                goto finish;
+            }
+        }
+    }
+
+finish:
+    PR_CloseDir(dir);
+    if (archive)
+        PR_Free(archive);
+
+    return retval;
+}
+
+/*
+ *  r m _ d a s h _ r
+ *
+ *  Remove a file, or a directory recursively.
+ *
+ */
+int
+rm_dash_r(char *path)
+{
+    PRDir *dir;
+    PRDirEntry *entry;
+    PRFileInfo fileinfo;
+    char filename[FNSIZE];
+
+    if (PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
+        /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
+        return -1;
+    }
+    if (fileinfo.type == PR_FILE_DIRECTORY) {
+
+        dir = PR_OpenDir(path);
+        if (!dir) {
+            PR_fprintf(errorFD, "Error: Unable to open directory %s.\n", path);
+            errorCount++;
+            return -1;
+        }
+
+        /* Recursively delete all entries in the directory */
+        while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
+            sprintf(filename, "%s/%s", path, entry->name);
+            if (rm_dash_r(filename))
+                return -1;
+        }
+
+        if (PR_CloseDir(dir) != PR_SUCCESS) {
+            PR_fprintf(errorFD, "Error: Could not close %s.\n", path);
+            errorCount++;
+            return -1;
+        }
+
+        /* Delete the directory itself */
+        if (PR_RmDir(path) != PR_SUCCESS) {
+            PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
+            errorCount++;
+            return -1;
+        }
+    } else {
+        if (PR_Delete(path) != PR_SUCCESS) {
+            PR_fprintf(errorFD, "Error: Unable to delete %s\n", path);
+            errorCount++;
+            return -1;
+        }
+    }
+    return 0;
+}
+
+/*
+ *  u s a g e
+ *
+ *  Print some useful help information
+ *
+ */
+
+void
+Usage(void)
+{
+#define FPS PR_fprintf(outputFD,
+    FPS "%s %s -a signing tool for jar files\n", LONG_PROGRAM_NAME,NSS_VERSION);
+    FPS "\n\nType %s -H for more detailed descriptions\n", PROGRAM_NAME);
+    FPS "\nUsage:  %s -k keyName [-b basename] [-c Compression Level]\n"
+        "\t\t [-d cert-dir] [-i installer script] [-m metafile] [-x name]\n"
+        "\t\t [-e extension] [-o] [-z] [-X] [--outfile] [--verbose value]\n"
+        "\t\t [--norecurse] [--leavearc] [-j directory] [-Z jarfile] [-O]\n"
+        "\t\t [-p password] directory-tree\n", PROGRAM_NAME);
+    FPS "\t%s -J -k keyName [-b basename] [-c Compression Level]\n"
+        "\t\t [-d cert-dir][-i installer script] [-m metafile] [-x name]\n"
+        "\t\t [-e extension] [-o] [-z] [-X] [--outfile] [--verbose value]\n"
+        "\t\t [--norecurse] [--leavearc] [-j directory] [-p password] [-O] \n"
+        "\t\t directory-tree\n", PROGRAM_NAME);
+    FPS "\t%s -h \n", PROGRAM_NAME);
+    FPS "\t%s -H \n", PROGRAM_NAME);
+    FPS "\t%s -l [-k keyName] [-d cert-dir] [--outfile] [-O] \n", PROGRAM_NAME);
+    FPS "\t%s -L [-k keyName] [-d cert-dir] [--outfile] [-O] \n", PROGRAM_NAME);
+    FPS "\t%s -M [--outfile] [-O] \n", PROGRAM_NAME);
+    FPS "\t%s -v [-d cert-dir] [--outfile] [-O] archive\n", PROGRAM_NAME);
+    FPS "\t%s -w [--outfile] [-O] archive\n" , PROGRAM_NAME);
+    FPS "\t%s -G nickname [--keysize|-s size] [-t |--token tokenname]\n"
+        "\t\t [--outfile] [-O] \n", PROGRAM_NAME);
+    FPS "\t%s -f filename\n" , PROGRAM_NAME);
+    exit(ERRX);
+}
+
+void
+LongUsage(void)
+{
+    FPS "%s %s -a signing tool for jar files\n", LONG_PROGRAM_NAME,NSS_VERSION);
+    FPS "\n%-20s  Signs the directory-tree\n",
+        "signtool directory-tree");
+    FPS "%-30s Nickname (key) of the certificate to sign with\n",
+        "   -k keyname");
+    FPS "%-30s Base filename for the .rsa and.sf files in the\n",
+        "   -b basename");
+    FPS "%-30s META-INF directory\n"," ");
+    FPS "%-30s Set the compression level. 0-9, 0=none\n",
+    "   -c CompressionLevel");
+    FPS "%-30s Certificate database directory containing cert*db\n",
+    "   -d certificate directory");
+    FPS "%-30s and key*db\n"," ");
+    FPS "%-30s Name of the installer script for SmartUpdate\n",
+    "   -i installer script");
+    FPS "%-30s Name of a metadata control file\n",
+    "   -m metafile");
+    FPS "%-30s For optimizing the archive for size.\n",
+    "   -o");
+    FPS "%-30s Omit Optional Headers\n"," ");
+    FPS "%-30s Excludes the specified directory or file from\n",
+    "   -x  directory or file name");
+    FPS "%-30s signing\n"," ");
+    FPS "%-30s To not store the signing time in digital\n",
+    "   -z  directory or file name");
+    FPS "%-30s signature\n"," ");
+    FPS "%-30s Create XPI Compatible Archive. It requires -Z\n",
+    "   -X  directory or file name");
+    FPS "%-30s option\n"," ");
+    FPS "%-30s Sign only files with the given extension\n",
+    "   -e");
+    FPS "%-30s Causes the specified directory to be signed and\n",
+    "   -j");
+    FPS "%-30s tags its entries as inline JavaScript\n"," ");
+    FPS "%-30s Creates a JAR file with the specified name.\n",
+    "   -Z");
+    FPS "%-30s -Z option cannot be used with -J option\n"," ");
+    FPS "%-30s Specifies a password for the private-key database\n",
+    "   -p");
+    FPS "%-30s (insecure)\n"," ");
+    FPS "%-30s File to receive redirected output\n",
+        "   --outfile filename");
+    FPS "%-30s Sets the quantity of information generated in\n",
+    "   --verbosity value");
+    FPS "%-30s operation\n"," ");
+    FPS "%-30s Blocks recursion into subdirectories\n",
+    "   --norecurse");
+    FPS "%-30s Retains the temporary .arc (archive) directories\n",
+    "   --leavearc");
+    FPS "%-30s -J option creates\n"," ");
+
+    FPS "\n%-20s Signs a directory of HTML files containing JavaScript and\n",
+    "-J" );
+    FPS "%-20s creates as many archive files as are in the HTML tags.\n"," ");
+
+    FPS "%-20s The options are same as without any command option given\n"," ");
+    FPS "%-20s above. -Z and -J options are not allowed together\n"," ");
+
+    FPS "\n%-20s Generates a new private-public key pair and corresponding\n",
+    "-G nickname");
+    FPS "%-20s object-signing certificates with the given nickname\n"," ");
+    FPS "%-30s Specifies the size of the key for generated \n",
+    "   --keysize|-s keysize");
+    FPS "%-30s certificate\n"," ");
+    FPS "%-30s Specifies which available token should generate\n",
+    "   --token|-t token name ");
+    FPS "%-30s the key and receive the certificate\n"," ");
+    FPS "%-30s Specifies a file to receive redirected output\n",
+    "   --outfile filename ");
+
+    FPS "\n%-20s Display signtool help\n",
+    "-h ");
+
+    FPS "\n%-20s Display signtool help(Detailed)\n",
+    "-H ");
+
+    FPS "\n%-20s Lists signing certificates, including issuing CAs\n",
+    "-l ");
+    FPS "%-30s Certificate database directory containing cert*db\n",
+    "   -d certificate directory");
+    FPS "%-30s and key*db\n"," ");
+
+    FPS "%-30s Specifies a file to receive redirected output\n",
+    "   --outfile filename ");
+    FPS "%-30s Specifies the nickname (key) of the certificate\n",
+    "   -k keyname");
+
+    FPS "\n%-20s Lists the certificates in your database\n",
+    "-L ");
+    FPS "%-30s Certificate database directory containing cert*db\n",
+    "   -d certificate directory");
+    FPS "%-30s and key*db\n"," ");
+
+    FPS "%-30s Specifies a file to receive redirected output\n",
+    "   --outfile filename ");
+    FPS "%-30s Specifies the nickname (key) of the certificate\n",
+    "   -k keyname");
+
+    FPS "\n%-20s Lists the PKCS #11 modules available to signtool\n",
+    "-M ");
+
+    FPS "\n%-20s Displays the contents of an archive and verifies\n",
+    "-v archive");
+    FPS "%-20s cryptographic integrity\n"," ");
+    FPS "%-30s Certificate database directory containing cert*db\n",
+    "   -d certificate directory");
+    FPS "%-30s and key*db\n"," ");
+    FPS "%-30s Specifies a file to receive redirected output\n",
+    "   --outfile filename ");
+
+    FPS "\n%-20s Displays the names of signers in the archive\n",
+    "-w archive");
+    FPS "%-30s Specifies a file to receive redirected output\n",
+    "   --outfile filename ");
+
+    FPS "\n%-30s Common option to all the above.\n",
+    "   -O");
+    FPS "%-30s Enable OCSP checking\n"," ");
+
+    FPS "\n%-20s Specifies a text file containing options and arguments in\n",
+    "-f command-file");
+    FPS "%-20s keyword=value format. Commands are taken from this file\n"," ");
+
+    FPS  "\n\n\n");
+    FPS  "Example:\n");
+    FPS  "%-10s -d \"certificate directory\" -k \"certnickname\" \\",
+         PROGRAM_NAME);
+    FPS  "\n%-10s -p \"password\"  -X -Z \"file.xpi\" directory-tree\n"," " );
+    FPS  "Common syntax to create an XPInstall compatible"
+         " signed archive\n\n"," ");
+    FPS  "\nCommand File Keywords and Example:\n");
+    FPS "\nKeyword\t\tValue\n");
+    FPS "basename\tSame as -b option\n");
+    FPS "compression\tSame as -c option\n");
+    FPS "certdir\t\tSame as -d option\n");
+    FPS "extension\tSame as -e option\n");
+    FPS "generate\tSame as -G option\n");
+    FPS "installscript\tSame as -i option\n");
+    FPS "javascriptdir\tSame as -j option\n");
+    FPS "htmldir\t\tSame as -J option\n");
+    FPS "certname\tNickname of certificate, as with -k  option\n");
+    FPS "signdir\t\tThe directory to be signed, as with -k option\n");
+    FPS "list\t\tSame as -l option. Value is ignored,\n"
+        "    \t\tbut = sign must be present\n");
+    FPS "listall\t\tSame as -L option. Value is ignored\n"
+        "       \t\tbut = sign must be present\n");
+    FPS "metafile\tSame as -m option\n");
+    FPS "modules\t\tSame as -M option. Value is ignored,\n"
+        "       \t\tbut = sign must be present\n");
+    FPS "optimize\tSame as -o option. Value is ignored,\n"
+        "        \tbut = sign must be present\n");
+    FPS "ocsp\t\tSame as -O option\n");
+    FPS "password\tSame as -p option\n");
+    FPS "verify\t\tSame as -v option\n");
+    FPS "who\t\tSame as -w option\n");
+    FPS "exclude\t\tSame as -x option\n");
+    FPS "notime\t\tSame as -z option. Value is ignored,\n"
+        "      \t\tbut = sign must be present\n");
+    FPS "jarfile\t\tSame as -Z option\n");
+    FPS "outfile\t\tSame as --outfile option. The argument\n");
+    FPS "       \t\tis the name of a file to which output\n");
+    FPS "       \t\tof a file and error messages will be  \n");
+    FPS "       \t\tredirected\n");
+    FPS "leavearc\tSame as --leavearc option\n");
+    FPS "verbosity\tSame as --verbosity option\n");
+    FPS "keysize\t\tSame as -s option\n");
+    FPS "token\t\tSame as -t option\n");
+    FPS "xpi\t\tSame as -X option\n");
+    FPS "\n\n");
+    FPS "Here's an example of the use of the command file. The command\n\n");
+    FPS "   signtool -d c:\\netscape\\users\\james -k mycert -Z myjar.jar \\\n"
+        "   signdir > output.txt\n\n");
+    FPS "becomes\n\n");
+    FPS "   signtool -f somefile\n\n");
+    FPS "where somefile contains the following lines:\n\n");
+    FPS "   certdir=c:\\netscape\\users\\james\n"," ");
+    FPS "   certname=mycert\n"," ");
+    FPS "   jarfile=myjar.jar\n"," ");
+    FPS "   signdir=signdir\n"," ");
+    FPS "   outfile=output.txt\n"," ");
+    exit(ERRX);
+#undef FPS
+}
+
+/*
+ *  p r i n t _ e r r o r
+ *
+ *  For the undocumented -E function. If an older version
+ *  of communicator gives you a numeric error, we can see what
+ *  really happened without doing hex math.
+ *
+ */
+
+void
+print_error(int err)
+{
+    PR_fprintf(errorFD, "Error %d: %s\n", err, JAR_get_error(err));
+    errorCount++;
+    give_help(err);
+}
+
+/*
+ *  o u t _ o f _ m e m o r y
+ *
+ *  Out of memory, exit Signtool.
+ *
+ */
+void
+out_of_memory(void)
+{
+    PR_fprintf(errorFD, "%s: out of memory\n", PROGRAM_NAME);
+    errorCount++;
+    exit(ERRX);
+}
+
+/*
+ *  V e r i f y C e r t D i r
+ *
+ *  Validate that the specified directory
+ *  contains a certificate database
+ *
+ */
+void
+VerifyCertDir(char *dir, char *keyName)
+{
+    char fn[FNSIZE];
+
+    /* don't try verifying if we don't have a local directory */
+    if (strncmp(dir, "multiaccess:", sizeof("multiaccess:") - 1) == 0) {
+        return;
+    }
+    /* this function is truly evil. Tools and applications should not have
+     * any knowledge of actual cert databases! */
+    return;
+
+    /* This code is really broken because it makes underlying assumptions about
+     * how the NSS profile directory is laid out, but these names can change
+     * from release to release. */
+    sprintf(fn, "%s/cert8.db", dir);
+
+    if (PR_Access(fn, PR_ACCESS_EXISTS)) {
+        PR_fprintf(errorFD, "%s: No certificate database in \"%s\"\n",
+                   PROGRAM_NAME, dir);
+        PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "using certificate directory: %s\n", dir);
+    }
+
+    if (keyName == NULL)
+        return;
+
+    /* if the user gave the -k key argument, verify that
+     a key database already exists */
+
+    sprintf(fn, "%s/key3.db", dir);
+
+    if (PR_Access(fn, PR_ACCESS_EXISTS)) {
+        PR_fprintf(errorFD, "%s: No private key database in \"%s\"\n",
+                   PROGRAM_NAME,
+                   dir);
+        PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+}
+
+/*
+ *  f o r e a c h
+ *
+ *  A recursive function to loop through all names in
+ *  the specified directory, as well as all subdirectories.
+ *
+ *  FIX: Need to see if all platforms allow multiple
+ *  opendir's to be called.
+ *
+ */
+
+int foreach (char *dirname, char *prefix,
+             int (*fn)(char *relpath, char *basedir, char *reldir, char *filename,
+                       void *arg),
+             PRBool recurse, PRBool includeDirs, void *arg)
+{
+    char newdir[FNSIZE];
+    int retval = 0;
+
+    PRDir *dir;
+    PRDirEntry *entry;
+
+    strcpy(newdir, dirname);
+    if (*prefix) {
+        strcat(newdir, "/");
+        strcat(newdir, prefix);
+    }
+
+    dir = PR_OpenDir(newdir);
+    if (!dir)
+        return -1;
+
+    for (entry = PR_ReadDir(dir, 0); entry; entry = PR_ReadDir(dir, 0)) {
+        if (strcmp(entry->name, ".") == 0 ||
+            strcmp(entry->name, "..") == 0) {
+            /* no infinite recursion, please */
+            continue;
+        }
+
+        /* can't sign self */
+        if (!strcmp(entry->name, "META-INF"))
+            continue;
+
+        /* -x option */
+        if (PL_HashTableLookup(excludeDirs, entry->name))
+            continue;
+
+        strcpy(newdir, dirname);
+        if (*dirname)
+            strcat(newdir, "/");
+
+        if (*prefix) {
+            strcat(newdir, prefix);
+            strcat(newdir, "/");
+        }
+        strcat(newdir, entry->name);
+
+        if (!is_dir(newdir) || includeDirs) {
+            char newpath[FNSIZE];
+
+            strcpy(newpath, prefix);
+            if (*newpath)
+                strcat(newpath, "/");
+            strcat(newpath, entry->name);
+
+            if ((*fn)(newpath, dirname, prefix, (char *)entry->name,
+                      arg)) {
+                retval = -1;
+                break;
+            }
+        }
+
+        if (is_dir(newdir)) {
+            if (recurse) {
+                char newprefix[FNSIZE];
+
+                strcpy(newprefix, prefix);
+                if (*newprefix) {
+                    strcat(newprefix, "/");
+                }
+                strcat(newprefix, entry->name);
+
+                if (foreach (dirname, newprefix, fn, recurse,
+                             includeDirs, arg)) {
+                    retval = -1;
+                    break;
+                }
+            }
+        }
+    }
+
+    PR_CloseDir(dir);
+
+    return retval;
+}
+
+/*
+ *  i s _ d i r
+ *
+ *  Return 1 if file is a directory.
+ *  Wonder if this runs on a mac, trust not.
+ *
+ */
+static int
+is_dir(char *filename)
+{
+    PRFileInfo finfo;
+
+    if (PR_GetFileInfo(filename, &finfo) != PR_SUCCESS) {
+        printf("Unable to get information about %s\n", filename);
+        return 0;
+    }
+
+    return (finfo.type == PR_FILE_DIRECTORY);
+}
+
+/***************************************************************
+ *
+ * s e c E r r o r S t r i n g
+ *
+ * Returns an error string corresponding to the given error code.
+ * Doesn't cover all errors; returns a default for many.
+ * Returned string is only valid until the next call of this function.
+ */
+const char *
+secErrorString(long code)
+{
+    static char errstring[80]; /* dynamically constructed error string */
+    char *c;                   /* the returned string */
+
+    switch (code) {
+        case SEC_ERROR_IO:
+            c = "io error";
+            break;
+        case SEC_ERROR_LIBRARY_FAILURE:
+            c = "security library failure";
+            break;
+        case SEC_ERROR_BAD_DATA:
+            c = "bad data";
+            break;
+        case SEC_ERROR_OUTPUT_LEN:
+            c = "output length";
+            break;
+        case SEC_ERROR_INPUT_LEN:
+            c = "input length";
+            break;
+        case SEC_ERROR_INVALID_ARGS:
+            c = "invalid args";
+            break;
+        case SEC_ERROR_EXPIRED_CERTIFICATE:
+            c = "expired certificate";
+            break;
+        case SEC_ERROR_REVOKED_CERTIFICATE:
+            c = "revoked certificate";
+            break;
+        case SEC_ERROR_INADEQUATE_KEY_USAGE:
+            c = "inadequate key usage";
+            break;
+        case SEC_ERROR_INADEQUATE_CERT_TYPE:
+            c = "inadequate certificate type";
+            break;
+        case SEC_ERROR_UNTRUSTED_CERT:
+            c = "untrusted cert";
+            break;
+        case SEC_ERROR_NO_KRL:
+            c = "no key revocation list";
+            break;
+        case SEC_ERROR_KRL_BAD_SIGNATURE:
+            c = "key revocation list: bad signature";
+            break;
+        case SEC_ERROR_KRL_EXPIRED:
+            c = "key revocation list expired";
+            break;
+        case SEC_ERROR_REVOKED_KEY:
+            c = "revoked key";
+            break;
+        case SEC_ERROR_CRL_BAD_SIGNATURE:
+            c = "certificate revocation list: bad signature";
+            break;
+        case SEC_ERROR_CRL_EXPIRED:
+            c = "certificate revocation list expired";
+            break;
+        case SEC_ERROR_CRL_NOT_YET_VALID:
+            c = "certificate revocation list not yet valid";
+            break;
+        case SEC_ERROR_UNKNOWN_ISSUER:
+            c = "unknown issuer";
+            break;
+        case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+            c = "expired issuer certificate";
+            break;
+        case SEC_ERROR_BAD_SIGNATURE:
+            c = "bad signature";
+            break;
+        case SEC_ERROR_BAD_KEY:
+            c = "bad key";
+            break;
+        case SEC_ERROR_NOT_FORTEZZA_ISSUER:
+            c = "not fortezza issuer";
+            break;
+        case SEC_ERROR_CA_CERT_INVALID:
+            c = "Certificate Authority certificate invalid";
+            break;
+        case SEC_ERROR_EXTENSION_NOT_FOUND:
+            c = "extension not found";
+            break;
+        case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
+            c = "certificate not in name space";
+            break;
+        case SEC_ERROR_UNTRUSTED_ISSUER:
+            c = "untrusted issuer";
+            break;
+        default:
+            sprintf(errstring, "security error %ld", code);
+            c = errstring;
+            break;
+    }
+
+    return c;
+}
+
+/***************************************************************
+ *
+ * d i s p l a y V e r i f y L o g
+ *
+ * Prints the log of a cert verification.
+ */
+void
+displayVerifyLog(CERTVerifyLog *log)
+{
+    CERTVerifyLogNode *node;
+    CERTCertificate *cert;
+    char *name;
+
+    if (!log || (log->count <= 0)) {
+        return;
+    }
+
+    for (node = log->head; node != NULL; node = node->next) {
+
+        if (!(cert = node->cert)) {
+            continue;
+        }
+
+        /* Get a name for this cert */
+        if (cert->nickname != NULL) {
+            name = cert->nickname;
+        } else if (cert->emailAddr && cert->emailAddr[0]) {
+            name = cert->emailAddr;
+        } else {
+            name = cert->subjectName;
+        }
+
+        printf("%s%s:\n", name,
+               (node->depth > 0) ? " [Certificate Authority]" : "");
+
+        printf("\t%s\n", secErrorString(node->error));
+    }
+}
+
+/*
+ *  J a r L i s t M o d u l e s
+ *
+ *  Print a list of the PKCS11 modules that are
+ *  available. This is useful for smartcard people to
+ *  make sure they have the drivers loaded.
+ *
+ */
+void
+JarListModules(void)
+{
+    int i;
+    int count = 0;
+
+    SECMODModuleList *modules = NULL;
+    static SECMODListLock *moduleLock = NULL;
+
+    SECMODModuleList *mlp;
+
+    if ((moduleLock = SECMOD_GetDefaultModuleListLock()) == NULL) {
+        /* this is the wrong text */
+        PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n",
+                   PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    SECMOD_GetReadLock(moduleLock);
+
+    modules = SECMOD_GetDefaultModuleList();
+
+    if (modules == NULL) {
+        SECMOD_ReleaseReadLock(moduleLock);
+        PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    PR_fprintf(outputFD, "\nListing of PKCS11 modules\n");
+    PR_fprintf(outputFD, "-----------------------------------------------\n");
+
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        count++;
+        PR_fprintf(outputFD, "%3d. %s\n", count, mlp->module->commonName);
+
+        if (mlp->module->internal)
+            PR_fprintf(outputFD, "          (this module is internally loaded)\n");
+        else
+            PR_fprintf(outputFD, "          (this is an external module)\n");
+
+        if (mlp->module->dllName)
+            PR_fprintf(outputFD, "          DLL name: %s\n",
+                       mlp->module->dllName);
+
+        if (mlp->module->slotCount == 0)
+            PR_fprintf(outputFD, "          slots: There are no slots attached to this module\n");
+        else
+            PR_fprintf(outputFD, "          slots: %d slots attached\n",
+                       mlp->module->slotCount);
+
+        if (mlp->module->loaded == 0)
+            PR_fprintf(outputFD, "          status: Not loaded\n");
+        else
+            PR_fprintf(outputFD, "          status: loaded\n");
+
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            PK11SlotInfo *slot = mlp->module->slots[i];
+
+            PR_fprintf(outputFD, "\n");
+            PR_fprintf(outputFD, "    slot: %s\n", PK11_GetSlotName(slot));
+            PR_fprintf(outputFD, "   token: %s\n", PK11_GetTokenName(slot));
+        }
+    }
+
+    PR_fprintf(outputFD, "-----------------------------------------------\n");
+
+    if (count == 0)
+        PR_fprintf(outputFD,
+                   "Warning: no modules were found (should have at least one)\n");
+
+    SECMOD_ReleaseReadLock(moduleLock);
+}
+
+/**********************************************************************
+ * c h o p
+ *
+ * Eliminates leading and trailing whitespace.  Returns a pointer to the
+ * beginning of non-whitespace, or an empty string if it's all whitespace.
+ */
+char *
+chop(char *str)
+{
+    char *start, *end;
+
+    if (str) {
+        start = str;
+
+        /* Nip leading whitespace */
+        while (isspace(*start)) {
+            start++;
+        }
+
+        /* Nip trailing whitespace */
+        if (*start) {
+            end = start + strlen(start) - 1;
+            while (isspace(*end) && end > start) {
+                end--;
+            }
+            *(end + 1) = '\0';
+        }
+
+        return start;
+    } else {
+        return NULL;
+    }
+}
+
+/***********************************************************************
+ *
+ * F a t a l E r r o r
+ *
+ * Outputs an error message and bails out of the program.
+ */
+void
+FatalError(char *msg)
+{
+    if (!msg)
+        msg = "";
+
+    PR_fprintf(errorFD, "FATAL ERROR: %s\n", msg);
+    errorCount++;
+    exit(ERRX);
+}
+
+/*************************************************************************
+ *
+ * I n i t C r y p t o
+ */
+int
+InitCrypto(char *cert_dir, PRBool readOnly)
+{
+    SECStatus rv;
+    static int prior = 0;
+    PK11SlotInfo *slotinfo;
+
+    if (prior == 0) {
+        /* some functions such as OpenKeyDB expect this path to be
+     * implicitly set prior to calling */
+        if (readOnly) {
+            rv = NSS_Init(cert_dir);
+        } else {
+            rv = NSS_InitReadWrite(cert_dir);
+        }
+        if (rv != SECSuccess) {
+            SECU_PrintPRandOSError(PROGRAM_NAME);
+            exit(-1);
+        }
+
+        SECU_ConfigDirectory(cert_dir);
+
+        /* Been there done that */
+        prior++;
+
+        PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+        /* Must login to FIPS before you do anything else */
+        if (PK11_IsFIPS()) {
+            slotinfo = PK11_GetInternalSlot();
+            if (!slotinfo) {
+                fprintf(stderr, "%s: Unable to get PKCS #11 Internal Slot."
+                                "\n",
+                        PROGRAM_NAME);
+                return -1;
+            }
+            if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
+                                  &pwdata) != SECSuccess) {
+                fprintf(stderr, "%s: Unable to authenticate to %s.\n",
+                        PROGRAM_NAME, PK11_GetSlotName(slotinfo));
+                PK11_FreeSlot(slotinfo);
+                return -1;
+            }
+            PK11_FreeSlot(slotinfo);
+        }
+
+        /* Make sure there is a password set on the internal key slot */
+        slotinfo = PK11_GetInternalKeySlot();
+        if (!slotinfo) {
+            fprintf(stderr, "%s: Unable to get PKCS #11 Internal Key Slot."
+                            "\n",
+                    PROGRAM_NAME);
+            return -1;
+        }
+        if (PK11_NeedUserInit(slotinfo)) {
+            PR_fprintf(errorFD,
+                       "\nWARNING: No password set on internal key database.  Most operations will fail."
+                       "\nYou must create a password.\n");
+            warningCount++;
+        }
+
+        /* Make sure we can authenticate to the key slot in FIPS mode */
+        if (PK11_IsFIPS()) {
+            if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
+                                  &pwdata) != SECSuccess) {
+                fprintf(stderr, "%s: Unable to authenticate to %s.\n",
+                        PROGRAM_NAME, PK11_GetSlotName(slotinfo));
+                PK11_FreeSlot(slotinfo);
+                return -1;
+            }
+        }
+        PK11_FreeSlot(slotinfo);
+    }
+
+    return 0;
+}
+
+/* Windows foolishness is now in the secutil lib */
+
+/*****************************************************************
+ *  g e t _ d e f a u l t _ c e r t _ d i r
+ *
+ *  Attempt to locate a certificate directory.
+ *  Failing that, complain that the user needs to
+ *  use the -d(irectory) parameter.
+ *
+ */
+char *
+get_default_cert_dir(void)
+{
+    char *home;
+
+    char *cd = NULL;
+    static char db[FNSIZE];
+
+#ifdef XP_UNIX
+    home = PR_GetEnvSecure("HOME");
+
+    if (home && *home) {
+        sprintf(db, "%s/.netscape", home);
+        cd = db;
+    }
+#endif
+
+#ifdef XP_PC
+    FILE *fp;
+
+    /* first check the environment override */
+
+    home = PR_GetEnvSecure("JAR_HOME");
+
+    if (home && *home) {
+        sprintf(db, "%s/cert7.db", home);
+
+        if ((fp = fopen(db, "r")) != NULL) {
+            fclose(fp);
+            cd = home;
+        }
+    }
+
+    /* try the old navigator directory */
+
+    if (cd == NULL) {
+        home = "c:/Program Files/Netscape/Navigator";
+
+        sprintf(db, "%s/cert7.db", home);
+
+        if ((fp = fopen(db, "r")) != NULL) {
+            fclose(fp);
+            cd = home;
+        }
+    }
+
+    /* Try the current directory, I wonder if this
+     is really a good idea. Remember, Windows only.. */
+
+    if (cd == NULL) {
+        home = ".";
+
+        sprintf(db, "%s/cert7.db", home);
+
+        if ((fp = fopen(db, "r")) != NULL) {
+            fclose(fp);
+            cd = home;
+        }
+    }
+
+#endif
+
+    if (!cd) {
+        PR_fprintf(errorFD,
+                   "You must specify the location of your certificate directory\n");
+        PR_fprintf(errorFD,
+                   "with the -d option. Example: -d ~/.netscape in many cases with Unix.\n");
+        errorCount++;
+        exit(ERRX);
+    }
+
+    return cd;
+}
+
+/************************************************************************
+ * g i v e _ h e l p
+ */
+void
+give_help(int status)
+{
+    if (status == SEC_ERROR_UNKNOWN_ISSUER) {
+        PR_fprintf(errorFD,
+                   "The Certificate Authority (CA) for this certificate\n");
+        PR_fprintf(errorFD,
+                   "does not appear to be in your database. You should contact\n");
+        PR_fprintf(errorFD,
+                   "the organization which issued this certificate to obtain\n");
+        PR_fprintf(errorFD, "a copy of its CA Certificate.\n");
+    }
+}
+
+/**************************************************************************
+ *
+ * p r _ f g e t s
+ *
+ * fgets implemented with NSPR.
+ */
+char *
+pr_fgets(char *buf, int size, PRFileDesc *file)
+{
+    int i;
+    int status;
+    char c;
+
+    i = 0;
+    while (i < size - 1) {
+        status = PR_Read(file, &c, 1);
+        if (status == -1) {
+            return NULL;
+        } else if (status == 0) {
+            if (i == 0) {
+                return NULL;
+            }
+            break;
+        }
+        buf[i++] = c;
+        if (c == '\n') {
+            break;
+        }
+    }
+    buf[i] = '\0';
+
+    return buf;
+}
diff --git a/nss/cmd/signtool/verify.c b/nss/cmd/signtool/verify.c
new file mode 100644
index 0000000..41656a1
--- /dev/null
+++ b/nss/cmd/signtool/verify.c
@@ -0,0 +1,337 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "signtool.h"
+
+static int jar_cb(int status, JAR *jar, const char *metafile,
+                  char *pathname, char *errortext);
+static int verify_global(JAR *jar);
+
+/*************************************************************************
+ *
+ * V e r i f y J a r
+ */
+int
+VerifyJar(char *filename)
+{
+    FILE *fp;
+
+    int ret;
+    int status;
+    int failed = 0;
+    char *err;
+
+    JAR *jar;
+    JAR_Context *ctx;
+
+    JAR_Item *it;
+
+    jar = JAR_new();
+
+    if ((fp = fopen(filename, "r")) == NULL) {
+        perror(filename);
+        exit(ERRX);
+    } else
+        fclose(fp);
+
+    JAR_set_callback(JAR_CB_SIGNAL, jar, jar_cb);
+
+    status = JAR_pass_archive(jar, jarArchGuess, filename, "some-url");
+
+    if (status < 0 || jar->valid < 0) {
+        failed = 1;
+        PR_fprintf(outputFD,
+                   "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
+                   filename);
+        if (status < 0) {
+            const char *errtext;
+
+            if (status >= JAR_BASE && status <= JAR_BASE_END) {
+                errtext = JAR_get_error(status);
+            } else {
+                errtext = SECU_Strerror(PORT_GetError());
+            }
+
+            PR_fprintf(outputFD, "  (reported reason: %s)\n\n",
+                       errtext);
+
+            /* corrupt files should not have their contents listed */
+
+            if (status == JAR_ERR_CORRUPT)
+                return -1;
+        }
+        PR_fprintf(outputFD,
+                   "entries shown below will have their digests checked only.\n");
+        jar->valid = 0;
+    } else
+        PR_fprintf(outputFD,
+                   "archive \"%s\" has passed crypto verification.\n", filename);
+
+    if (verify_global(jar))
+        failed = 1;
+
+    PR_fprintf(outputFD, "\n");
+    PR_fprintf(outputFD, "%16s   %s\n", "status", "path");
+    PR_fprintf(outputFD, "%16s   %s\n", "------------", "-------------------");
+
+    ctx = JAR_find(jar, NULL, jarTypeMF);
+
+    while (JAR_find_next(ctx, &it) >= 0) {
+        if (it && it->pathname) {
+            rm_dash_r(TMP_OUTPUT);
+            ret = JAR_verified_extract(jar, it->pathname, TMP_OUTPUT);
+            /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
+            if (ret < 0)
+                failed = 1;
+
+            if (ret == JAR_ERR_PNF)
+                err = "NOT PRESENT";
+            else if (ret == JAR_ERR_HASH)
+                err = "HASH FAILED";
+            else
+                err = "NOT VERIFIED";
+
+            PR_fprintf(outputFD, "%16s   %s\n",
+                       ret >= 0 ? "verified" : err, it->pathname);
+
+            if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
+                PR_fprintf(outputFD, "      (reason: %s)\n",
+                           JAR_get_error(ret));
+        }
+    }
+
+    JAR_find_end(ctx);
+
+    if (status < 0 || jar->valid < 0) {
+        failed = 1;
+        PR_fprintf(outputFD,
+                   "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
+                   filename);
+        give_help(status);
+    }
+
+    JAR_destroy(jar);
+
+    if (failed)
+        return -1;
+    return 0;
+}
+
+/***************************************************************************
+ *
+ * v e r i f y _ g l o b a l
+ */
+static int
+verify_global(JAR *jar)
+{
+    FILE *fp;
+    JAR_Context *ctx;
+    JAR_Item *it;
+    JAR_Digest *globaldig;
+    char *ext;
+    unsigned char *md5_digest, *sha1_digest;
+    unsigned int sha1_length, md5_length;
+    int retval = 0;
+    char buf[BUFSIZ];
+
+    ctx = JAR_find(jar, "*", jarTypePhy);
+
+    while (JAR_find_next(ctx, &it) >= 0) {
+        if (!PORT_Strncmp(it->pathname, "META-INF", 8)) {
+            for (ext = it->pathname; *ext; ext++)
+                ;
+            while (ext > it->pathname && *ext != '.')
+                ext--;
+
+            if (verbosity >= 0) {
+                if (!PORT_Strcasecmp(ext, ".rsa")) {
+                    PR_fprintf(outputFD, "found a RSA signature file: %s\n",
+                               it->pathname);
+                }
+
+                if (!PORT_Strcasecmp(ext, ".dsa")) {
+                    PR_fprintf(outputFD, "found a DSA signature file: %s\n",
+                               it->pathname);
+                }
+
+                if (!PORT_Strcasecmp(ext, ".mf")) {
+                    PR_fprintf(outputFD,
+                               "found a MF master manifest file: %s\n",
+                               it->pathname);
+                }
+            }
+
+            if (!PORT_Strcasecmp(ext, ".sf")) {
+                if (verbosity >= 0) {
+                    PR_fprintf(outputFD,
+                               "found a SF signature manifest file: %s\n",
+                               it->pathname);
+                }
+
+                rm_dash_r(TMP_OUTPUT);
+                if (JAR_extract(jar, it->pathname, TMP_OUTPUT) < 0) {
+                    PR_fprintf(errorFD, "%s: error extracting %s\n",
+                               PROGRAM_NAME, it->pathname);
+                    errorCount++;
+                    retval = -1;
+                    continue;
+                }
+
+                md5_digest = NULL;
+                sha1_digest = NULL;
+
+                if ((fp = fopen(TMP_OUTPUT, "rb")) != NULL) {
+                    while (fgets(buf, BUFSIZ, fp)) {
+                        char *s;
+
+                        if (*buf == 0 || *buf == '\n' || *buf == '\r')
+                            break;
+
+                        for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
+                            ;
+                        *s = 0;
+
+                        if (!PORT_Strncmp(buf, "MD5-Digest: ", 12)) {
+                            md5_digest =
+                                ATOB_AsciiToData(buf + 12, &md5_length);
+                        }
+                        if (!PORT_Strncmp(buf, "SHA1-Digest: ", 13)) {
+                            sha1_digest =
+                                ATOB_AsciiToData(buf + 13, &sha1_length);
+                        }
+                        if (!PORT_Strncmp(buf, "SHA-Digest: ", 12)) {
+                            sha1_digest =
+                                ATOB_AsciiToData(buf + 12, &sha1_length);
+                        }
+                    }
+
+                    globaldig = jar->globalmeta;
+
+                    if (globaldig && md5_digest && verbosity >= 0) {
+                        PR_fprintf(outputFD,
+                                   "  md5 digest on global metainfo: %s\n",
+                                   PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
+                                       ? "no match"
+                                       : "match");
+                    }
+
+                    if (globaldig && sha1_digest && verbosity >= 0) {
+                        PR_fprintf(outputFD,
+                                   "  sha digest on global metainfo: %s\n",
+                                   PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
+                                       ? "no match"
+                                       : "match");
+                    }
+
+                    if (globaldig == NULL && verbosity >= 0) {
+                        PR_fprintf(outputFD,
+                                   "global metadigest is not available, strange.\n");
+                    }
+
+                    PORT_Free(md5_digest);
+                    PORT_Free(sha1_digest);
+                    fclose(fp);
+                }
+            }
+        }
+    }
+
+    JAR_find_end(ctx);
+
+    return retval;
+}
+
+/************************************************************************
+ *
+ * J a r W h o
+ */
+int
+JarWho(char *filename)
+{
+    FILE *fp;
+
+    JAR *jar;
+    JAR_Context *ctx;
+
+    int status;
+    int retval = 0;
+
+    JAR_Item *it;
+    JAR_Cert *fing;
+
+    CERTCertificate *cert, *prev = NULL;
+
+    jar = JAR_new();
+
+    if ((fp = fopen(filename, "r")) == NULL) {
+        perror(filename);
+        exit(ERRX);
+    }
+    fclose(fp);
+
+    status = JAR_pass_archive(jar, jarArchGuess, filename, "some-url");
+
+    if (status < 0 || jar->valid < 0) {
+        PR_fprintf(outputFD,
+                   "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
+                   filename);
+        retval = -1;
+        if (jar->valid < 0 || status != -1) {
+            const char *errtext;
+
+            if (status >= JAR_BASE && status <= JAR_BASE_END) {
+                errtext = JAR_get_error(status);
+            } else {
+                errtext = SECU_Strerror(PORT_GetError());
+            }
+
+            PR_fprintf(outputFD, "  (reported reason: %s)\n\n", errtext);
+        }
+    }
+
+    PR_fprintf(outputFD, "\nSigner information:\n\n");
+
+    ctx = JAR_find(jar, NULL, jarTypeSign);
+
+    while (JAR_find_next(ctx, &it) >= 0) {
+        fing = (JAR_Cert *)it->data;
+        cert = fing->cert;
+
+        if (cert) {
+            if (prev == cert)
+                break;
+
+            if (cert->nickname)
+                PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
+            if (cert->subjectName)
+                PR_fprintf(outputFD, "subject name: %s\n",
+                           cert->subjectName);
+            if (cert->issuerName)
+                PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
+        } else {
+            PR_fprintf(outputFD, "no certificate could be found\n");
+            retval = -1;
+        }
+
+        prev = cert;
+    }
+
+    JAR_find_end(ctx);
+
+    JAR_destroy(jar);
+    return retval;
+}
+
+/************************************************************************
+ * j a r _ c b
+ */
+static int
+jar_cb(int status, JAR *jar, const char *metafile,
+       char *pathname, char *errortext)
+{
+    PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,
+               pathname);
+    errorCount++;
+    return 0;
+}
diff --git a/nss/cmd/signtool/zip.c b/nss/cmd/signtool/zip.c
new file mode 100644
index 0000000..35d5f57
--- /dev/null
+++ b/nss/cmd/signtool/zip.c
@@ -0,0 +1,676 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "signtool.h"
+#include "zip.h"
+#include "zlib.h"
+#include "prmem.h"
+
+static void inttox(int in, char *out);
+static void longtox(long in, char *out);
+
+/****************************************************************
+ *
+ * J z i p O p e n
+ *
+ * Opens a new ZIP file and creates a new ZIPfile structure to
+ * control the process of installing files into a zip.
+ */
+ZIPfile *
+JzipOpen(char *filename, char *comment)
+{
+    ZIPfile *zipfile;
+    PRExplodedTime prtime;
+
+    zipfile = PORT_ZAlloc(sizeof(ZIPfile));
+    if (!zipfile)
+        out_of_memory();
+
+    /* Construct time and date */
+    PR_ExplodeTime(PR_Now(), PR_LocalTimeParameters, &prtime);
+    zipfile->date = ((prtime.tm_year - 1980) << 9) |
+                    ((prtime.tm_month + 1) << 5) |
+                    prtime.tm_mday;
+    zipfile->time = (prtime.tm_hour << 11) |
+                    (prtime.tm_min << 5) |
+                    (prtime.tm_sec & 0x3f);
+
+    zipfile->fp = NULL;
+    if (filename &&
+        (zipfile->fp = PR_Open(filename,
+                               PR_WRONLY |
+                                   PR_CREATE_FILE |
+                                   PR_TRUNCATE,
+                               0777)) == NULL) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "%s: can't open output jar, %s.%s\n",
+                   PROGRAM_NAME,
+                   filename, nsprErr ? nsprErr : "");
+        if (nsprErr)
+            PR_Free(nsprErr);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    zipfile->list = NULL;
+    if (filename) {
+        zipfile->filename = PORT_ZAlloc(strlen(filename) + 1);
+        if (!zipfile->filename)
+            out_of_memory();
+        PORT_Strcpy(zipfile->filename, filename);
+    }
+    if (comment) {
+        zipfile->comment = PORT_ZAlloc(strlen(comment) + 1);
+        if (!zipfile->comment)
+            out_of_memory();
+        PORT_Strcpy(zipfile->comment, comment);
+    }
+
+    return zipfile;
+}
+
+static void *
+my_alloc_func(void *opaque, uInt items, uInt size)
+{
+    return PORT_Alloc(items * size);
+}
+
+static void
+my_free_func(void *opaque, void *address)
+{
+    PORT_Free(address);
+}
+
+static void
+handle_zerror(int err, char *msg)
+{
+    if (!msg) {
+        msg = "";
+    }
+
+    errorCount++; /* unless Z_OK...see below */
+
+    switch (err) {
+        case Z_OK:
+            PR_fprintf(errorFD, "No error: %s\n", msg);
+            errorCount--; /* this was incremented above */
+            break;
+        case Z_MEM_ERROR:
+            PR_fprintf(errorFD, "Deflation ran out of memory: %s\n", msg);
+            break;
+        case Z_STREAM_ERROR:
+            PR_fprintf(errorFD, "Invalid compression level: %s\n", msg);
+            break;
+        case Z_VERSION_ERROR:
+            PR_fprintf(errorFD, "Incompatible compression library version: %s\n",
+                       msg);
+            break;
+        case Z_DATA_ERROR:
+            PR_fprintf(errorFD, "Compression data error: %s\n", msg);
+            break;
+        default:
+            PR_fprintf(errorFD, "Unknown error in compression library: %s\n", msg);
+            break;
+    }
+}
+
+/****************************************************************
+ *
+ * J z i p A d d
+ *
+ * Adds a new file into a ZIP file.  The ZIP file must have already
+ * been opened with JzipOpen.
+ */
+int
+JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
+{
+    ZIPentry *entry;
+    PRFileDesc *readfp;
+    PRFileDesc *zipfp;
+    unsigned long crc;
+    unsigned long local_size_pos;
+    int num;
+    int err;
+    int deflate_percent;
+    z_stream zstream;
+    Bytef inbuf[BUFSIZ];
+    Bytef outbuf[BUFSIZ];
+
+    if (!fullname || !filename || !zipfile) {
+        return -1;
+    }
+
+    zipfp = zipfile->fp;
+    if (!zipfp)
+        return -1;
+
+    if ((readfp = PR_Open(fullname, PR_RDONLY, 0777)) == NULL) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "%s: %s\n", fullname, nsprErr ? nsprErr : "");
+        errorCount++;
+        if (nsprErr)
+            PR_Free(nsprErr);
+        exit(ERRX);
+    }
+
+    /*
+     * Make sure the input file is not the output file.
+     * Add a few bytes to the end of the JAR file and see if the input file
+     * twitches
+     */
+    {
+        PRInt32 endOfJar;
+        PRInt32 inputSize;
+        PRBool isSame;
+
+        inputSize = PR_Available(readfp);
+
+        endOfJar = PR_Seek(zipfp, 0L, PR_SEEK_CUR);
+
+        if (PR_Write(zipfp, "abcde", 5) < 5) {
+            char *nsprErr;
+
+            if (PR_GetErrorTextLength()) {
+                nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                PR_GetErrorText(nsprErr);
+            } else {
+                nsprErr = NULL;
+            }
+            PR_fprintf(errorFD, "Writing to zip file: %s\n",
+                       nsprErr ? nsprErr : "");
+            if (nsprErr)
+                PR_Free(nsprErr);
+            errorCount++;
+            exit(ERRX);
+        }
+
+        isSame = (PR_Available(readfp) != inputSize);
+
+        PR_Seek(zipfp, endOfJar, PR_SEEK_SET);
+
+        if (isSame) {
+            /* It's the same file! Forget it! */
+            PR_Close(readfp);
+            return 0;
+        }
+    }
+
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "adding %s to %s...", fullname, zipfile->filename);
+    }
+
+    entry = PORT_ZAlloc(sizeof(ZIPentry));
+    if (!entry)
+        out_of_memory();
+
+    entry->filename = PORT_Strdup(filename);
+    entry->comment = NULL;
+
+    /* Set up local file header */
+    longtox(LSIG, entry->local.signature);
+    inttox(strlen(filename), entry->local.filename_len);
+    inttox(zipfile->time, entry->local.time);
+    inttox(zipfile->date, entry->local.date);
+    inttox(Z_DEFLATED, entry->local.method);
+
+    /* Set up central directory entry */
+    longtox(CSIG, entry->central.signature);
+    inttox(strlen(filename), entry->central.filename_len);
+    if (entry->comment) {
+        inttox(strlen(entry->comment), entry->central.commentfield_len);
+    }
+    longtox(PR_Seek(zipfile->fp, 0, PR_SEEK_CUR),
+            entry->central.localhdr_offset);
+    inttox(zipfile->time, entry->central.time);
+    inttox(zipfile->date, entry->central.date);
+    inttox(Z_DEFLATED, entry->central.method);
+
+    /* Compute crc.  Too bad we have to process the whole file to do this*/
+    crc = crc32(0L, NULL, 0);
+    while ((num = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
+        crc = crc32(crc, inbuf, num);
+    }
+    PR_Seek(readfp, 0L, PR_SEEK_SET);
+
+    /* Store CRC */
+    longtox(crc, entry->local.crc32);
+    longtox(crc, entry->central.crc32);
+
+    /* Stick this entry onto the end of the list */
+    entry->next = NULL;
+    if (zipfile->list == NULL) {
+        /* First entry */
+        zipfile->list = entry;
+    } else {
+        ZIPentry *pe;
+
+        pe = zipfile->list;
+        while (pe->next != NULL) {
+            pe = pe->next;
+        }
+        pe->next = entry;
+    }
+
+    /*
+     * Start writing stuff out
+     */
+
+    local_size_pos = PR_Seek(zipfp, 0, PR_SEEK_CUR) + 18;
+    /* File header */
+    if (PR_Write(zipfp, &entry->local, sizeof(struct ZipLocal)) <
+        sizeof(struct ZipLocal)) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
+        if (nsprErr)
+            PR_Free(nsprErr);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    /* File Name */
+    if (PR_Write(zipfp, filename, strlen(filename)) < strlen(filename)) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
+        if (nsprErr)
+            PR_Free(nsprErr);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    /*
+     * File data
+     */
+    /* Initialize zstream */
+    zstream.zalloc = my_alloc_func;
+    zstream.zfree = my_free_func;
+    zstream.opaque = NULL;
+    zstream.next_in = inbuf;
+    zstream.avail_in = BUFSIZ;
+    zstream.next_out = outbuf;
+    zstream.avail_out = BUFSIZ;
+    /* Setting the windowBits to -MAX_WBITS is an undocumented feature of
+     * zlib (see deflate.c in zlib).  It is the same thing that Java does
+     * when you specify the nowrap option for deflation in java.util.zip.
+     * It causes zlib to leave out its headers and footers, which don't
+     * work in PKZIP files.
+     */
+    err = deflateInit2(&zstream, compression_level, Z_DEFLATED,
+                       -MAX_WBITS, 8 /*default*/, Z_DEFAULT_STRATEGY);
+    if (err != Z_OK) {
+        handle_zerror(err, zstream.msg);
+        exit(ERRX);
+    }
+
+    while ((zstream.avail_in = PR_Read(readfp, inbuf, BUFSIZ)) > 0) {
+        zstream.next_in = inbuf;
+        /* Process this chunk of data */
+        while (zstream.avail_in > 0) {
+            err = deflate(&zstream, Z_NO_FLUSH);
+            if (err != Z_OK) {
+                handle_zerror(err, zstream.msg);
+                exit(ERRX);
+            }
+            if (zstream.avail_out <= 0) {
+                if (PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
+                    char *nsprErr;
+                    if (PR_GetErrorTextLength()) {
+                        nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                        PR_GetErrorText(nsprErr);
+                    } else {
+                        nsprErr = NULL;
+                    }
+                    PR_fprintf(errorFD, "Writing zip data: %s\n",
+                               nsprErr ? nsprErr : "");
+                    if (nsprErr)
+                        PR_Free(nsprErr);
+                    errorCount++;
+                    exit(ERRX);
+                }
+                zstream.next_out = outbuf;
+                zstream.avail_out = BUFSIZ;
+            }
+        }
+    }
+
+    /* Now flush everything */
+    while (1) {
+        err = deflate(&zstream, Z_FINISH);
+        if (err == Z_STREAM_END) {
+            break;
+        } else if (err == Z_OK) {
+            /* output buffer full, repeat */
+        } else {
+            handle_zerror(err, zstream.msg);
+            exit(ERRX);
+        }
+        if (PR_Write(zipfp, outbuf, BUFSIZ) < BUFSIZ) {
+            char *nsprErr;
+            if (PR_GetErrorTextLength()) {
+                nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                PR_GetErrorText(nsprErr);
+            } else {
+                nsprErr = NULL;
+            }
+            PR_fprintf(errorFD, "Writing zip data: %s\n",
+                       nsprErr ? nsprErr : "");
+            if (nsprErr)
+                PR_Free(nsprErr);
+            errorCount++;
+            exit(ERRX);
+        }
+        zstream.avail_out = BUFSIZ;
+        zstream.next_out = outbuf;
+    }
+
+    /* If there's any output left, write it out. */
+    if (zstream.next_out != outbuf) {
+        if (PR_Write(zipfp, outbuf, zstream.next_out - outbuf) <
+            zstream.next_out - outbuf) {
+            char *nsprErr;
+            if (PR_GetErrorTextLength()) {
+                nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                PR_GetErrorText(nsprErr);
+            } else {
+                nsprErr = NULL;
+            }
+            PR_fprintf(errorFD, "Writing zip data: %s\n",
+                       nsprErr ? nsprErr : "");
+            if (nsprErr)
+                PR_Free(nsprErr);
+            errorCount++;
+            exit(ERRX);
+        }
+        zstream.avail_out = BUFSIZ;
+        zstream.next_out = outbuf;
+    }
+
+    /* Now that we know the compressed size, write this to the headers */
+    longtox(zstream.total_in, entry->local.orglen);
+    longtox(zstream.total_out, entry->local.size);
+    if (PR_Seek(zipfp, local_size_pos, PR_SEEK_SET) == -1) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "Accessing zip file: %s\n", nsprErr ? nsprErr : "");
+        if (nsprErr)
+            PR_Free(nsprErr);
+        errorCount++;
+        exit(ERRX);
+    }
+    if (PR_Write(zipfp, entry->local.size, 8) != 8) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "Writing zip data: %s\n", nsprErr ? nsprErr : "");
+        if (nsprErr)
+            PR_Free(nsprErr);
+        errorCount++;
+        exit(ERRX);
+    }
+    if (PR_Seek(zipfp, 0L, PR_SEEK_END) == -1) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "Accessing zip file: %s\n",
+                   nsprErr ? nsprErr : "");
+        if (nsprErr)
+            PR_Free(nsprErr);
+        errorCount++;
+        exit(ERRX);
+    }
+    longtox(zstream.total_in, entry->central.orglen);
+    longtox(zstream.total_out, entry->central.size);
+
+    /* Close out the deflation operation */
+    err = deflateEnd(&zstream);
+    if (err != Z_OK) {
+        handle_zerror(err, zstream.msg);
+        exit(ERRX);
+    }
+
+    PR_Close(readfp);
+
+    if ((zstream.total_in > zstream.total_out) && (zstream.total_in > 0)) {
+        deflate_percent = (int)((zstream.total_in -
+                                 zstream.total_out) *
+                                100 / zstream.total_in);
+    } else {
+        deflate_percent = 0;
+    }
+    if (verbosity >= 0) {
+        PR_fprintf(outputFD, "(deflated %d%%)\n", deflate_percent);
+    }
+
+    return 0;
+}
+
+/********************************************************************
+ * J z i p C l o s e
+ *
+ * Finishes the ZipFile. ALSO DELETES THE ZIPFILE STRUCTURE PASSED IN!!
+ */
+int
+JzipClose(ZIPfile *zipfile)
+{
+    ZIPentry *pe, *dead;
+    PRFileDesc *zipfp;
+    struct ZipEnd zipend;
+    unsigned int entrycount = 0;
+
+    if (!zipfile) {
+        return -1;
+    }
+
+    if (!zipfile->filename) {
+        /* bogus */
+        return 0;
+    }
+
+    zipfp = zipfile->fp;
+    zipfile->central_start = PR_Seek(zipfp, 0L, PR_SEEK_CUR);
+
+    /* Write out all the central directories */
+    pe = zipfile->list;
+    while (pe) {
+        entrycount++;
+
+        /* Write central directory info */
+        if (PR_Write(zipfp, &pe->central, sizeof(struct ZipCentral)) <
+            sizeof(struct ZipCentral)) {
+            char *nsprErr;
+            if (PR_GetErrorTextLength()) {
+                nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                PR_GetErrorText(nsprErr);
+            } else {
+                nsprErr = NULL;
+            }
+            PR_fprintf(errorFD, "Writing zip data: %s\n",
+                       nsprErr ? nsprErr : "");
+            if (nsprErr)
+                PR_Free(nsprErr);
+            errorCount++;
+            exit(ERRX);
+        }
+
+        /* Write filename */
+        if (PR_Write(zipfp, pe->filename, strlen(pe->filename)) <
+            strlen(pe->filename)) {
+            char *nsprErr;
+            if (PR_GetErrorTextLength()) {
+                nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                PR_GetErrorText(nsprErr);
+            } else {
+                nsprErr = NULL;
+            }
+            PR_fprintf(errorFD, "Writing zip data: %s\n",
+                       nsprErr ? nsprErr : "");
+            if (nsprErr)
+                PR_Free(nsprErr);
+            errorCount++;
+            exit(ERRX);
+        }
+
+        /* Write file comment */
+        if (pe->comment) {
+            if (PR_Write(zipfp, pe->comment, strlen(pe->comment)) <
+                strlen(pe->comment)) {
+                char *nsprErr;
+                if (PR_GetErrorTextLength()) {
+                    nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                    PR_GetErrorText(nsprErr);
+                } else {
+                    nsprErr = NULL;
+                }
+                PR_fprintf(errorFD, "Writing zip data: %s\n",
+                           nsprErr ? nsprErr : "");
+                if (nsprErr)
+                    PR_Free(nsprErr);
+                errorCount++;
+                exit(ERRX);
+            }
+        }
+
+        /* Delete the structure */
+        dead = pe;
+        pe = pe->next;
+        if (dead->filename) {
+            PORT_Free(dead->filename);
+        }
+        if (dead->comment) {
+            PORT_Free(dead->comment);
+        }
+        PORT_Free(dead);
+    }
+    zipfile->central_end = PR_Seek(zipfile->fp, 0L, PR_SEEK_CUR);
+
+    /* Create the ZipEnd structure */
+    PORT_Memset(&zipend, 0, sizeof(zipend));
+    longtox(ESIG, zipend.signature);
+    inttox(entrycount, zipend.total_entries_disk);
+    inttox(entrycount, zipend.total_entries_archive);
+    longtox(zipfile->central_end - zipfile->central_start,
+            zipend.central_dir_size);
+    longtox(zipfile->central_start, zipend.offset_central_dir);
+    if (zipfile->comment) {
+        inttox(strlen(zipfile->comment), zipend.commentfield_len);
+    }
+
+    /* Write out ZipEnd xtructure */
+    if (PR_Write(zipfp, &zipend, sizeof(zipend)) < sizeof(zipend)) {
+        char *nsprErr;
+        if (PR_GetErrorTextLength()) {
+            nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+            PR_GetErrorText(nsprErr);
+        } else {
+            nsprErr = NULL;
+        }
+        PR_fprintf(errorFD, "Writing zip data: %s\n",
+                   nsprErr ? nsprErr : "");
+        if (nsprErr)
+            PR_Free(nsprErr);
+        errorCount++;
+        exit(ERRX);
+    }
+
+    /* Write out Zipfile comment */
+    if (zipfile->comment) {
+        if (PR_Write(zipfp, zipfile->comment, strlen(zipfile->comment)) <
+            strlen(zipfile->comment)) {
+            char *nsprErr;
+            if (PR_GetErrorTextLength()) {
+                nsprErr = PR_Malloc(PR_GetErrorTextLength() + 1);
+                PR_GetErrorText(nsprErr);
+            } else {
+                nsprErr = NULL;
+            }
+            PR_fprintf(errorFD, "Writing zip data: %s\n",
+                       nsprErr ? nsprErr : "");
+            if (nsprErr)
+                PR_Free(nsprErr);
+            errorCount++;
+            exit(ERRX);
+        }
+    }
+
+    PR_Close(zipfp);
+
+    /* Free the memory of the zipfile structure */
+    if (zipfile->filename) {
+        PORT_Free(zipfile->filename);
+    }
+    if (zipfile->comment) {
+        PORT_Free(zipfile->comment);
+    }
+    PORT_Free(zipfile);
+
+    return 0;
+}
+
+/**********************************************
+ *  i n t t o x
+ *
+ *  Converts a two byte ugly endianed integer
+ *  to our platform's integer.
+ *
+ */
+
+static void
+inttox(int in, char *out)
+{
+    out[0] = (in & 0xFF);
+    out[1] = (in & 0xFF00) >> 8;
+}
+
+/*********************************************
+ *  l o n g t o x
+ *
+ *  Converts a four byte ugly endianed integer
+ *  to our platform's integer.
+ *
+ */
+
+static void
+longtox(long in, char *out)
+{
+    out[0] = (in & 0xFF);
+    out[1] = (in & 0xFF00) >> 8;
+    out[2] = (in & 0xFF0000) >> 16;
+    out[3] = (in & 0xFF000000) >> 24;
+}
diff --git a/nss/cmd/signtool/zip.h b/nss/cmd/signtool/zip.h
new file mode 100644
index 0000000..1c00762
--- /dev/null
+++ b/nss/cmd/signtool/zip.h
@@ -0,0 +1,69 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* zip.h
+ * Structures and functions for creating ZIP archives.
+ */
+#ifndef ZIP_H
+#define ZIP_H
+
+/* For general information on ZIP formats, you can look at jarfile.h
+ * in ns/security/lib/jar.  Or look it up on the web...
+ */
+
+/* One entry in a ZIPfile.  This corresponds to one file in the archive.
+ * We have to save this information because first all the files go into
+ * the archive with local headers; then at the end of the file we have to
+ * put the central directory entries for each file.
+ */
+typedef struct ZIPentry_s {
+    struct ZipLocal local;     /* local header info */
+    struct ZipCentral central; /* central directory info */
+    char *filename;            /* name of file */
+    char *comment;             /* comment for this file -- optional */
+
+    struct ZIPentry_s *next;
+} ZIPentry;
+
+/* This structure contains the necessary data for putting a ZIP file
+ * together.  Has some overall information and a list of ZIPentrys.
+ */
+typedef struct ZIPfile_s {
+    char *filename;              /* ZIP file name */
+    char *comment;               /* ZIP file comment -- may be NULL */
+    PRFileDesc *fp;              /* ZIP file pointer */
+    ZIPentry *list;              /* one entry for each file in the archive */
+    unsigned int time;           /* the GMT time of creation, in DOS format */
+    unsigned int date;           /* the GMT date of creation, in DOS format */
+    unsigned long central_start; /* starting offset of central directory */
+    unsigned long central_end;   /*index right after the last byte of central*/
+} ZIPfile;
+
+/* Open a new ZIP file.  Takes the name of the zip file and an optional
+ * comment to be included in the file.  Returns a new ZIPfile structure
+ * which is used by JzipAdd and JzipClose
+ */
+ZIPfile *JzipOpen(char *filename, char *comment);
+
+/* Add a file to a ZIP archive.  Fullname is the path relative to the
+ * current directory.  Filename is what the name will be stored as in the
+ * archive, and thus what it will be restored as.  zipfile is a structure
+ * returned from a previous call to JzipOpen.
+ *
+ * Non-zero return code means error (although usually the function will
+ * call exit() rather than return an error--gotta fix this).
+ */
+int JzipAdd(char *fullname, char *filename, ZIPfile *zipfile,
+            int compression_level);
+
+/* Finalize a ZIP archive.  Adds all the footer information to the end of
+ * the file and closes it.  Also DELETES THE ZIPFILE STRUCTURE that was
+ * passed in.  So you never have to allocate or free a ZIPfile yourself.
+ *
+ * Non-zero return code means error (although usually the function will
+ * call exit() rather than return an error--gotta fix this).
+ */
+int JzipClose(ZIPfile *zipfile);
+
+#endif /* ZIP_H */
diff --git a/nss/cmd/signver/Makefile b/nss/cmd/signver/Makefile
new file mode 100644
index 0000000..fc8358d
--- /dev/null
+++ b/nss/cmd/signver/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
diff --git a/nss/cmd/signver/examples/1/form.pl b/nss/cmd/signver/examples/1/form.pl
new file mode 100755
index 0000000..f2cfddc
--- /dev/null
+++ b/nss/cmd/signver/examples/1/form.pl
@@ -0,0 +1,22 @@
+#! /usr/bin/perl
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+print "Content-type: text/html\n\n";
+print "<B>Server Name:</B> ", $ENV{'SERVER_NAME'}, "<BR>", "\n";
+print "<B>Server Port:</B> ", $ENV{'SERVER_PORT'}, "<BR>", "\n";
+print "<B>Server Software:</B> ", $ENV{'SERVER_SOFTWARE'}, "<BR>", "\n";
+print "<B>Server Protocol:</B> ", $ENV{'SERVER_PROTOCOL'}, "<BR>", "\n";
+print "<B>CGI Revision:</B> ", $ENV{'GATEWAY_INTERFACE'}, "<BR>", "\n";
+print "<B>Browser:</B> ", $ENV{'HTTP_USER_AGENT'}, "<BR>", "\n";
+print "<B>Remote Address:</B> ", $ENV{'REMOTE_ADDR'}, "<BR>", "\n";
+print "<B>Remote Host:</B> ", $ENV{'REMOTE_HOST'}, "<BR>", "\n";
+print "<B>Remote User:</B> ", $ENV{'REMOTE_USER'}, "<BR>", "\n";
+print "You typed:\n";
+
+while( $_ = <STDIN>) {
+  print "$_";
+}
+
diff --git a/nss/cmd/signver/examples/1/signedForm.html b/nss/cmd/signver/examples/1/signedForm.html
new file mode 100644
index 0000000..ac48e3f
--- /dev/null
+++ b/nss/cmd/signver/examples/1/signedForm.html
@@ -0,0 +1,55 @@
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<head>
+<title>Form to sign</title>
+<script language="javascript">
+<!--
+function submitSigned(form){
+  var signature = "";
+  var dataToSign = "";
+  var i;
+
+  form.action='signedForm.pl';
+  for (i = 0; i < form.length; i++)
+    if (form.elements[i].type == "text")
+      dataToSign += form.elements[i].value;
+
+  // alert("Data to sign:\n" + dataToSign);
+  signature = crypto.signText(dataToSign, "ask");
+  /* alert("You cannot see this alert");
+  alert("Data signature:\n" + signature); */
+
+  if (signature != "error:userCancel") {
+    for (i = 0; i < form.length; i++) {
+      if (form.elements[i].type == "hidden") {
+        if (form.elements[i].name == "dataToSign")
+          form.elements[i].value = dataToSign;
+        if (form.elements[i].name == "dataSignature")
+          form.elements[i].value = signature;
+      }
+    }
+    form.submit();
+  }
+}
+//-->
+</script>
+</head>
+
+<body>
+<form method=post Action="form.pl">
+<input type=hidden size=30 name=dataSignature>
+<input type=hidden size=30 name=dataToSign>
+<input type=text size=30 name=p>
+<BR>
+<input type=text size=30 name=q>
+<BR>
+<input type=text size=30 name=r>
+<BR>
+<input type=submit value="Submit Data">
+<input type=button value="Sign and Submit Data" onclick=submitSigned(this.form)>
+<input type=reset value=Reset>
+</form>
+</body>
+</html>
diff --git a/nss/cmd/signver/examples/1/signedForm.nt.html b/nss/cmd/signver/examples/1/signedForm.nt.html
new file mode 100644
index 0000000..1a126d2
--- /dev/null
+++ b/nss/cmd/signver/examples/1/signedForm.nt.html
@@ -0,0 +1,55 @@
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<head>
+<title>Form to sign</title>
+<script language="javascript">
+<!--
+function submitSigned(form){
+  var signature = "";
+  var dataToSign = "";
+  var i;
+
+  form.action='cgi-bin/signedForm.pl';
+  for (i = 0; i < form.length; i++)
+    if (form.elements[i].type == "text")
+      dataToSign += form.elements[i].value;
+
+  // alert("Data to sign:\n" + dataToSign);
+  signature = crypto.signText(dataToSign, "ask");
+  /* alert("You cannot see this alert");
+  alert("Data signature:\n" + signature); */
+
+  if (signature != "error:userCancel") {
+    for (i = 0; i < form.length; i++) {
+      if (form.elements[i].type == "hidden") {
+        if (form.elements[i].name == "dataToSign")
+          form.elements[i].value = dataToSign;
+        if (form.elements[i].name == "dataSignature")
+          form.elements[i].value = signature;
+      }
+    }
+    form.submit();
+  }
+}
+//-->
+</script>
+</head>
+
+<body>
+<form method=post Action="cgi-bin/form.pl">
+<input type=hidden size=30 name=dataSignature>
+<input type=hidden size=30 name=dataToSign>
+<input type=text size=30 name=p>
+<BR>
+<input type=text size=30 name=q>
+<BR>
+<input type=text size=30 name=r>
+<BR>
+<input type=submit value="Submit Data">
+<input type=button value="Sign and Submit Data" onclick=submitSigned(this.form)>
+<input type=reset value=Reset>
+</form>
+</body>
+</html>
diff --git a/nss/cmd/signver/examples/1/signedForm.pl b/nss/cmd/signver/examples/1/signedForm.pl
new file mode 100755
index 0000000..847814c
--- /dev/null
+++ b/nss/cmd/signver/examples/1/signedForm.pl
@@ -0,0 +1,60 @@
+#! /usr/bin/perl
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+
+sub decode {
+    read (STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
+    @pairs = split(/&/, $buffer);
+    foreach $pair (@pairs)
+    {
+        ($name, $value) = split(/=/, $pair);
+        $value =~tr/+/ /;
+        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
+        $FORM{$name} = $value;
+#        print "name=$name  value=$value<BR>\n";
+    }
+}
+
+print "Content-type: text/html\n\n";
+
+&decode();
+
+$dataSignature = $FORM{'dataSignature'};
+$dataToSign = $FORM{'dataToSign'};
+
+unlink("signature");
+open(FILE1,">signature") || die("Cannot open file for writing\n");
+
+print FILE1 "$dataSignature";
+
+close(FILE1);
+
+
+unlink("data");
+open(FILE2,">data") || die("Cannot open file for writing\n");
+
+print FILE2 "$dataToSign";
+
+close(FILE2);
+
+
+print "<BR><B>Signed Data:</B><BR>", "$dataToSign", "<BR>";
+ 
+print "<BR><b>Verification Info:</b><BR>";
+ 
+$verInfo = `./signver -D . -s signature -d data -v`;
+print "<font color=red><b>$verInfo</b></font><BR>";
+
+print "<BR><B>Signature Data:</B><BR>", "$dataSignature", "<BR>";
+
+print "<BR><b>Signature Info:</b><BR>";
+
+foreach $line (`./signver -s signature -A`) {
+     print "$line<BR>\n";
+}
+
+print "<b>End of Info</b><BR>";
+
diff --git a/nss/cmd/signver/manifest.mn b/nss/cmd/signver/manifest.mn
new file mode 100644
index 0000000..7a1de14
--- /dev/null
+++ b/nss/cmd/signver/manifest.mn
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = signver.c	\
+        pk7print.c	\
+	$(NULL)
+
+REQUIRES = dbm seccmd
+
+PROGRAM = signver
+
+PACKAGE_FILES = README.txt signedForm.html signedForm.pl form.pl
+ifeq ($(subst /,_,$(shell uname -s)),WINNT)
+PACKAGE_FILES += signedForm.nt.pl signver.exe
+else
+PACKAGE_FILES += signver
+endif
+
+ARCHIVE_NAME  = signver
diff --git a/nss/cmd/signver/pk7print.c b/nss/cmd/signver/pk7print.c
new file mode 100644
index 0000000..deaaaf9
--- /dev/null
+++ b/nss/cmd/signver/pk7print.c
@@ -0,0 +1,872 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** secutil.c - various functions used by security stuff
+**
+*/
+
+/* pkcs #7 -related functions */
+
+#include "secutil.h"
+#include "secpkcs7.h"
+#include "secoid.h"
+#include <sys/stat.h>
+#include <stdarg.h>
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#endif
+
+/* for SEC_TraverseNames */
+#include "cert.h"
+#include "prtypes.h"
+#include "prtime.h"
+
+#include "prlong.h"
+#include "secmod.h"
+#include "pk11func.h"
+#include "prerror.h"
+
+/*
+** PKCS7 Support
+*/
+
+/* forward declaration */
+int
+sv_PrintPKCS7ContentInfo(FILE *, SEC_PKCS7ContentInfo *, char *);
+
+void
+sv_PrintAsHex(FILE *out, SECItem *data, char *m)
+{
+    unsigned i;
+
+    if (m)
+        fprintf(out, "%s", m);
+
+    for (i = 0; i < data->len; i++) {
+        if (i < data->len - 1) {
+            fprintf(out, "%02x:", data->data[i]);
+        } else {
+            fprintf(out, "%02x\n", data->data[i]);
+            break;
+        }
+    }
+}
+
+void
+sv_PrintInteger(FILE *out, SECItem *i, char *m)
+{
+    int iv;
+
+    if (i->len > 4) {
+        sv_PrintAsHex(out, i, m);
+    } else {
+        iv = DER_GetInteger(i);
+        fprintf(out, "%s%d (0x%x)\n", m, iv, iv);
+    }
+}
+
+int
+sv_PrintTime(FILE *out, SECItem *t, char *m)
+{
+    PRExplodedTime printableTime;
+    PRTime time;
+    char *timeString;
+    int rv;
+
+    rv = DER_DecodeTimeChoice(&time, t);
+    if (rv)
+        return rv;
+
+    /* Convert to local time */
+    PR_ExplodeTime(time, PR_LocalTimeParameters, &printableTime);
+
+    timeString = (char *)PORT_Alloc(256);
+
+    if (timeString) {
+        if (PR_FormatTime(timeString, 256, "%a %b %d %H:%M:%S %Y", &printableTime)) {
+            fprintf(out, "%s%s\n", m, timeString);
+        }
+        PORT_Free(timeString);
+        return 0;
+    }
+    return SECFailure;
+}
+
+int
+sv_PrintValidity(FILE *out, CERTValidity *v, char *m)
+{
+    int rv;
+
+    fprintf(out, "%s", m);
+    rv = sv_PrintTime(out, &v->notBefore, "notBefore=");
+    if (rv)
+        return rv;
+    fprintf(out, "%s", m);
+    sv_PrintTime(out, &v->notAfter, "notAfter=");
+    return rv;
+}
+
+void
+sv_PrintObjectID(FILE *out, SECItem *oid, char *m)
+{
+    const char *name;
+    SECOidData *oiddata;
+
+    oiddata = SECOID_FindOID(oid);
+    if (oiddata == NULL) {
+        sv_PrintAsHex(out, oid, m);
+        return;
+    }
+    name = oiddata->desc;
+
+    if (m != NULL)
+        fprintf(out, "%s", m);
+    fprintf(out, "%s\n", name);
+}
+
+void
+sv_PrintAlgorithmID(FILE *out, SECAlgorithmID *a, char *m)
+{
+    sv_PrintObjectID(out, &a->algorithm, m);
+
+    if ((a->parameters.len != 2) ||
+        (PORT_Memcmp(a->parameters.data, "\005\000", 2) != 0)) {
+        /* Print args to algorithm */
+        sv_PrintAsHex(out, &a->parameters, "Args=");
+    }
+}
+
+void
+sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m)
+{
+    SECItem *value;
+    int i;
+    char om[100];
+
+    fprintf(out, "%s", m);
+
+    /*
+     * XXX Make this smarter; look at the type field and then decode
+     * and print the value(s) appropriately!
+     */
+    sv_PrintObjectID(out, &(attr->type), "type=");
+    if (attr->values != NULL) {
+        i = 0;
+        while ((value = attr->values[i]) != NULL) {
+            sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : "");
+            if (attr->encoded || attr->typeTag == NULL) {
+                sv_PrintAsHex(out, value, om);
+            } else {
+                switch (attr->typeTag->offset) {
+                    default:
+                        sv_PrintAsHex(out, value, om);
+                        break;
+                    case SEC_OID_PKCS9_CONTENT_TYPE:
+                        sv_PrintObjectID(out, value, om);
+                        break;
+                    case SEC_OID_PKCS9_SIGNING_TIME:
+                        sv_PrintTime(out, value, om);
+                        break;
+                }
+            }
+        }
+    }
+}
+
+void
+sv_PrintName(FILE *out, CERTName *name, char *msg)
+{
+    char *str;
+
+    str = CERT_NameToAscii(name);
+    fprintf(out, "%s%s\n", msg, str);
+    PORT_Free(str);
+}
+
+#if 0
+/*
+** secu_PrintPKCS7EncContent
+**   Prints a SEC_PKCS7EncryptedContentInfo (without decrypting it)
+*/
+void
+secu_PrintPKCS7EncContent(FILE *out, SEC_PKCS7EncryptedContentInfo *src,
+              char *m, int level)
+{
+    if (src->contentTypeTag == NULL)
+    src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+
+    secu_Indent(out, level);
+    fprintf(out, "%s:\n", m);
+    secu_Indent(out, level + 1);
+    fprintf(out, "Content Type: %s\n",
+        (src->contentTypeTag != NULL) ? src->contentTypeTag->desc
+                      : "Unknown");
+    sv_PrintAlgorithmID(out, &(src->contentEncAlg),
+              "Content Encryption Algorithm");
+    sv_PrintAsHex(out, &(src->encContent),
+            "Encrypted Content", level+1);
+}
+
+/*
+** secu_PrintRecipientInfo
+**   Prints a PKCS7RecipientInfo type
+*/
+void
+secu_PrintRecipientInfo(FILE *out, SEC_PKCS7RecipientInfo *info, char *m,
+            int level)
+{
+    secu_Indent(out, level); fprintf(out, "%s:\n", m);
+    sv_PrintInteger(out, &(info->version), "Version");
+
+    sv_PrintName(out, &(info->issuerAndSN->issuer), "Issuer");
+    sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+              "Serial Number");
+
+    /* Parse and display encrypted key */
+    sv_PrintAlgorithmID(out, &(info->keyEncAlg),
+            "Key Encryption Algorithm");
+    sv_PrintAsHex(out, &(info->encKey), "Encrypted Key", level + 1);
+}
+#endif
+
+/*
+** secu_PrintSignerInfo
+**   Prints a PKCS7SingerInfo type
+*/
+void
+sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m)
+{
+    SEC_PKCS7Attribute *attr;
+    int iv;
+
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &(info->version), "version=");
+
+    fprintf(out, "%s", m);
+    sv_PrintName(out, &(info->issuerAndSN->issuer), "issuerName=");
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &(info->issuerAndSN->serialNumber),
+                    "serialNumber=");
+
+    fprintf(out, "%s", m);
+    sv_PrintAlgorithmID(out, &(info->digestAlg), "digestAlgorithm=");
+
+    if (info->authAttr != NULL) {
+        char mm[120];
+
+        iv = 0;
+        while (info->authAttr[iv] != NULL)
+            iv++;
+        fprintf(out, "%sauthenticatedAttributes=%d\n", m, iv);
+        iv = 0;
+        while ((attr = info->authAttr[iv]) != NULL) {
+            sprintf(mm, "%sattribute[%d].", m, iv++);
+            sv_PrintAttribute(out, attr, mm);
+        }
+    }
+
+    /* Parse and display signature */
+    fprintf(out, "%s", m);
+    sv_PrintAlgorithmID(out, &(info->digestEncAlg), "digestEncryptionAlgorithm=");
+    fprintf(out, "%s", m);
+    sv_PrintAsHex(out, &(info->encDigest), "encryptedDigest=");
+
+    if (info->unAuthAttr != NULL) {
+        char mm[120];
+
+        iv = 0;
+        while (info->unAuthAttr[iv] != NULL)
+            iv++;
+        fprintf(out, "%sunauthenticatedAttributes=%d\n", m, iv);
+        iv = 0;
+        while ((attr = info->unAuthAttr[iv]) != NULL) {
+            sprintf(mm, "%sattribute[%d].", m, iv++);
+            sv_PrintAttribute(out, attr, mm);
+        }
+    }
+}
+
+void
+sv_PrintRSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
+{
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &pk->u.rsa.modulus, "modulus=");
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &pk->u.rsa.publicExponent, "exponent=");
+}
+
+void
+sv_PrintDSAPublicKey(FILE *out, SECKEYPublicKey *pk, char *m)
+{
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &pk->u.dsa.params.prime, "prime=");
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &pk->u.dsa.params.subPrime, "subprime=");
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &pk->u.dsa.params.base, "base=");
+    fprintf(out, "%s", m);
+    sv_PrintInteger(out, &pk->u.dsa.publicValue, "publicValue=");
+}
+
+int
+sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena,
+                             CERTSubjectPublicKeyInfo *i, char *msg)
+{
+    SECKEYPublicKey *pk;
+    int rv;
+    char mm[200];
+
+    sprintf(mm, "%s.publicKeyAlgorithm=", msg);
+    sv_PrintAlgorithmID(out, &i->algorithm, mm);
+
+    pk = (SECKEYPublicKey *)PORT_ZAlloc(sizeof(SECKEYPublicKey));
+    if (!pk)
+        return PORT_GetError();
+
+    DER_ConvertBitString(&i->subjectPublicKey);
+    switch (SECOID_FindOIDTag(&i->algorithm.algorithm)) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            rv = SEC_ASN1DecodeItem(arena, pk,
+                                    SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate),
+                                    &i->subjectPublicKey);
+            if (rv)
+                return rv;
+            sprintf(mm, "%s.rsaPublicKey.", msg);
+            sv_PrintRSAPublicKey(out, pk, mm);
+            break;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            rv = SEC_ASN1DecodeItem(arena, pk,
+                                    SEC_ASN1_GET(SECKEY_DSAPublicKeyTemplate),
+                                    &i->subjectPublicKey);
+            if (rv)
+                return rv;
+            sprintf(mm, "%s.dsaPublicKey.", msg);
+            sv_PrintDSAPublicKey(out, pk, mm);
+            break;
+        default:
+            fprintf(out, "%s=bad SPKI algorithm type\n", msg);
+            return 0;
+    }
+
+    return 0;
+}
+
+SECStatus
+sv_PrintInvalidDateExten(FILE *out, SECItem *value, char *msg)
+{
+    SECItem decodedValue;
+    SECStatus rv;
+    PRTime invalidTime;
+    char *formattedTime = NULL;
+
+    decodedValue.data = NULL;
+    rv = SEC_ASN1DecodeItem(NULL, &decodedValue,
+                            SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+                            value);
+    if (rv == SECSuccess) {
+        rv = DER_GeneralizedTimeToTime(&invalidTime, &decodedValue);
+        if (rv == SECSuccess) {
+            formattedTime = CERT_GenTime2FormattedAscii(invalidTime, "%a %b %d %H:%M:%S %Y");
+            fprintf(out, "%s: %s\n", msg, formattedTime);
+            PORT_Free(formattedTime);
+        }
+    }
+    PORT_Free(decodedValue.data);
+
+    return (rv);
+}
+
+int
+sv_PrintExtensions(FILE *out, CERTCertExtension **extensions, char *msg)
+{
+    SECOidTag oidTag;
+
+    if (extensions) {
+
+        while (*extensions) {
+            SECItem *tmpitem;
+
+            fprintf(out, "%sname=", msg);
+
+            tmpitem = &(*extensions)->id;
+            sv_PrintObjectID(out, tmpitem, NULL);
+
+            tmpitem = &(*extensions)->critical;
+            if (tmpitem->len)
+                fprintf(out, "%scritical=%s\n", msg,
+                        (tmpitem->data && tmpitem->data[0]) ? "True" : "False");
+
+            oidTag = SECOID_FindOIDTag(&((*extensions)->id));
+
+            fprintf(out, "%s", msg);
+            tmpitem = &((*extensions)->value);
+            if (oidTag == SEC_OID_X509_INVALID_DATE)
+                sv_PrintInvalidDateExten(out, tmpitem, "invalidExt");
+            else
+                sv_PrintAsHex(out, tmpitem, "data=");
+
+            /*fprintf(out, "\n");*/
+            extensions++;
+        }
+    }
+
+    return 0;
+}
+
+/* callers of this function must make sure that the CERTSignedCrl
+   from which they are extracting the CERTCrl has been fully-decoded.
+   Otherwise it will not have the entries even though the CRL may have
+   some */
+void
+sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m)
+{
+    CERTCrlEntry *entry;
+    int iv;
+    char om[100];
+
+    fprintf(out, "%s", m);
+    sv_PrintAlgorithmID(out, &(crl->signatureAlg), "signatureAlgorithm=");
+    fprintf(out, "%s", m);
+    sv_PrintName(out, &(crl->name), "name=");
+    fprintf(out, "%s", m);
+    sv_PrintTime(out, &(crl->lastUpdate), "lastUpdate=");
+    fprintf(out, "%s", m);
+    sv_PrintTime(out, &(crl->nextUpdate), "nextUpdate=");
+
+    if (crl->entries != NULL) {
+        iv = 0;
+        while ((entry = crl->entries[iv]) != NULL) {
+            fprintf(out, "%sentry[%d].", m, iv);
+            sv_PrintInteger(out, &(entry->serialNumber), "serialNumber=");
+            fprintf(out, "%sentry[%d].", m, iv);
+            sv_PrintTime(out, &(entry->revocationDate), "revocationDate=");
+            sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++);
+            sv_PrintExtensions(out, entry->extensions, om);
+        }
+    }
+    sprintf(om, "%ssignedCRLEntriesExtensions.", m);
+    sv_PrintExtensions(out, crl->extensions, om);
+}
+
+int
+sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level)
+{
+    PLArenaPool *arena = NULL;
+    CERTCertificate *c;
+    int rv;
+    int iv;
+    char mm[200];
+
+    /* Decode certificate */
+    c = (CERTCertificate *)PORT_ZAlloc(sizeof(CERTCertificate));
+    if (!c)
+        return PORT_GetError();
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena)
+        return SEC_ERROR_NO_MEMORY;
+
+    rv = SEC_ASN1DecodeItem(arena, c, SEC_ASN1_GET(CERT_CertificateTemplate),
+                            der);
+    if (rv) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return rv;
+    }
+
+    /* Pretty print it out */
+    iv = DER_GetInteger(&c->version);
+    fprintf(out, "%sversion=%d (0x%x)\n", m, iv + 1, iv);
+    sprintf(mm, "%sserialNumber=", m);
+    sv_PrintInteger(out, &c->serialNumber, mm);
+    sprintf(mm, "%ssignatureAlgorithm=", m);
+    sv_PrintAlgorithmID(out, &c->signature, mm);
+    sprintf(mm, "%sissuerName=", m);
+    sv_PrintName(out, &c->issuer, mm);
+    sprintf(mm, "%svalidity.", m);
+    sv_PrintValidity(out, &c->validity, mm);
+    sprintf(mm, "%ssubject=", m);
+    sv_PrintName(out, &c->subject, mm);
+    sprintf(mm, "%ssubjectPublicKeyInfo", m);
+    rv = sv_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo, mm);
+    if (rv) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return rv;
+    }
+    sprintf(mm, "%ssignedExtensions.", m);
+    sv_PrintExtensions(out, c->extensions, mm);
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return 0;
+}
+
+int
+sv_PrintSignedData(FILE *out, SECItem *der, char *m, SECU_PPFunc inner)
+{
+    PLArenaPool *arena = NULL;
+    CERTSignedData *sd;
+    int rv;
+
+    /* Strip off the signature */
+    sd = (CERTSignedData *)PORT_ZAlloc(sizeof(CERTSignedData));
+    if (!sd)
+        return PORT_GetError();
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena)
+        return SEC_ERROR_NO_MEMORY;
+
+    rv = SEC_ASN1DecodeItem(arena, sd, SEC_ASN1_GET(CERT_SignedDataTemplate),
+                            der);
+    if (rv) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return rv;
+    }
+
+    /*    fprintf(out, "%s:\n", m); */
+    PORT_Strcat(m, "data.");
+
+    rv = (*inner)(out, &sd->data, m, 0);
+    if (rv) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return rv;
+    }
+
+    m[PORT_Strlen(m) - 5] = 0;
+    fprintf(out, "%s", m);
+    sv_PrintAlgorithmID(out, &sd->signatureAlgorithm, "signatureAlgorithm=");
+    DER_ConvertBitString(&sd->signature);
+    fprintf(out, "%s", m);
+    sv_PrintAsHex(out, &sd->signature, "signature=");
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return 0;
+}
+
+/*
+** secu_PrintPKCS7Signed
+**   Pretty print a PKCS7 signed data type (up to version 1).
+*/
+int
+sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src)
+{
+    SECAlgorithmID *digAlg;       /* digest algorithms */
+    SECItem *aCert;               /* certificate */
+    CERTSignedCrl *aCrl;          /* certificate revocation list */
+    SEC_PKCS7SignerInfo *sigInfo; /* signer information */
+    int rv, iv;
+    char om[120];
+
+    sv_PrintInteger(out, &(src->version), "pkcs7.version=");
+
+    /* Parse and list digest algorithms (if any) */
+    if (src->digestAlgorithms != NULL) {
+        iv = 0;
+        while (src->digestAlgorithms[iv] != NULL)
+            iv++;
+        fprintf(out, "pkcs7.digestAlgorithmListLength=%d\n", iv);
+        iv = 0;
+        while ((digAlg = src->digestAlgorithms[iv]) != NULL) {
+            sprintf(om, "pkcs7.digestAlgorithm[%d]=", iv++);
+            sv_PrintAlgorithmID(out, digAlg, om);
+        }
+    }
+
+    /* Now for the content */
+    rv = sv_PrintPKCS7ContentInfo(out, &(src->contentInfo),
+                                  "pkcs7.contentInformation=");
+    if (rv != 0)
+        return rv;
+
+    /* Parse and list certificates (if any) */
+    if (src->rawCerts != NULL) {
+        iv = 0;
+        while (src->rawCerts[iv] != NULL)
+            iv++;
+        fprintf(out, "pkcs7.certificateListLength=%d\n", iv);
+
+        iv = 0;
+        while ((aCert = src->rawCerts[iv]) != NULL) {
+            sprintf(om, "certificate[%d].", iv++);
+            rv = sv_PrintSignedData(out, aCert, om, sv_PrintCertificate);
+            if (rv)
+                return rv;
+        }
+    }
+
+    /* Parse and list CRL's (if any) */
+    if (src->crls != NULL) {
+        iv = 0;
+        while (src->crls[iv] != NULL)
+            iv++;
+        fprintf(out, "pkcs7.signedRevocationLists=%d\n", iv);
+        iv = 0;
+        while ((aCrl = src->crls[iv]) != NULL) {
+            sprintf(om, "signedRevocationList[%d].", iv);
+            fprintf(out, "%s", om);
+            sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+                                "signatureAlgorithm=");
+            DER_ConvertBitString(&aCrl->signatureWrap.signature);
+            fprintf(out, "%s", om);
+            sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "signature=");
+            sprintf(om, "certificateRevocationList[%d].", iv);
+            sv_PrintCRLInfo(out, &aCrl->crl, om);
+            iv++;
+        }
+    }
+
+    /* Parse and list signatures (if any) */
+    if (src->signerInfos != NULL) {
+        iv = 0;
+        while (src->signerInfos[iv] != NULL)
+            iv++;
+        fprintf(out, "pkcs7.signerInformationListLength=%d\n", iv);
+        iv = 0;
+        while ((sigInfo = src->signerInfos[iv]) != NULL) {
+            sprintf(om, "signerInformation[%d].", iv++);
+            sv_PrintSignerInfo(out, sigInfo, om);
+        }
+    }
+
+    return 0;
+}
+
+#if 0
+/*
+** secu_PrintPKCS7Enveloped
+**  Pretty print a PKCS7 enveloped data type (up to version 1).
+*/
+void
+secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src,
+             char *m, int level)
+{
+    SEC_PKCS7RecipientInfo *recInfo;   /* pointer for signer information */
+    int iv;
+    char om[100];
+
+    secu_Indent(out, level); fprintf(out, "%s:\n", m);
+    sv_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    /* Parse and list recipients (this is not optional) */
+    if (src->recipientInfos != NULL) {
+    secu_Indent(out, level + 1);
+    fprintf(out, "Recipient Information List:\n");
+    iv = 0;
+    while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+        sprintf(om, "Recipient Information (%x)", iv);
+        secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+    }
+    }
+
+    secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+                  "Encrypted Content Information", level + 1);
+}
+
+/*
+** secu_PrintPKCS7SignedEnveloped
+**   Pretty print a PKCS7 singed and enveloped data type (up to version 1).
+*/
+int
+secu_PrintPKCS7SignedAndEnveloped(FILE *out,
+                  SEC_PKCS7SignedAndEnvelopedData *src,
+                  char *m, int level)
+{
+    SECAlgorithmID *digAlg;  /* pointer for digest algorithms */
+    SECItem *aCert;           /* pointer for certificate */
+    CERTSignedCrl *aCrl;        /* pointer for certificate revocation list */
+    SEC_PKCS7SignerInfo *sigInfo;   /* pointer for signer information */
+    SEC_PKCS7RecipientInfo *recInfo; /* pointer for recipient information */
+    int rv, iv;
+    char om[100];
+
+    secu_Indent(out, level); fprintf(out, "%s:\n", m);
+    sv_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    /* Parse and list recipients (this is not optional) */
+    if (src->recipientInfos != NULL) {
+    secu_Indent(out, level + 1);
+    fprintf(out, "Recipient Information List:\n");
+    iv = 0;
+    while ((recInfo = src->recipientInfos[iv++]) != NULL) {
+        sprintf(om, "Recipient Information (%x)", iv);
+        secu_PrintRecipientInfo(out, recInfo, om, level + 2);
+    }
+    }
+
+    /* Parse and list digest algorithms (if any) */
+    if (src->digestAlgorithms != NULL) {
+    secu_Indent(out, level + 1);  fprintf(out, "Digest Algorithm List:\n");
+    iv = 0;
+    while ((digAlg = src->digestAlgorithms[iv++]) != NULL) {
+        sprintf(om, "Digest Algorithm (%x)", iv);
+        sv_PrintAlgorithmID(out, digAlg, om);
+    }
+    }
+
+    secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+                  "Encrypted Content Information", level + 1);
+
+    /* Parse and list certificates (if any) */
+    if (src->rawCerts != NULL) {
+    secu_Indent(out, level + 1);  fprintf(out, "Certificate List:\n");
+    iv = 0;
+    while ((aCert = src->rawCerts[iv++]) != NULL) {
+        sprintf(om, "Certificate (%x)", iv);
+        rv = SECU_PrintSignedData(out, aCert, om, level + 2,
+                      SECU_PrintCertificate);
+        if (rv)
+        return rv;
+    }
+    }
+
+    /* Parse and list CRL's (if any) */
+    if (src->crls != NULL) {
+    secu_Indent(out, level + 1);
+    fprintf(out, "Signed Revocation Lists:\n");
+    iv = 0;
+    while ((aCrl = src->crls[iv++]) != NULL) {
+        sprintf(om, "Signed Revocation List (%x)", iv);
+        secu_Indent(out, level + 2);  fprintf(out, "%s:\n", om);
+        sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm,
+                  "Signature Algorithm");
+        DER_ConvertBitString(&aCrl->signatureWrap.signature);
+        sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "Signature",
+                level+3);
+        SECU_PrintCRLInfo(out, &aCrl->crl, "Certificate Revocation List",
+              level + 3);
+    }
+    }
+
+    /* Parse and list signatures (if any) */
+    if (src->signerInfos != NULL) {
+    secu_Indent(out, level + 1);
+    fprintf(out, "Signer Information List:\n");
+    iv = 0;
+    while ((sigInfo = src->signerInfos[iv++]) != NULL) {
+        sprintf(om, "Signer Information (%x)", iv);
+        secu_PrintSignerInfo(out, sigInfo, om, level + 2);
+    }
+    }
+
+    return 0;
+}
+
+/*
+** secu_PrintPKCS7Encrypted
+**   Pretty print a PKCS7 encrypted data type (up to version 1).
+*/
+void
+secu_PrintPKCS7Encrypted(FILE *out, SEC_PKCS7EncryptedData *src,
+             char *m, int level)
+{
+    secu_Indent(out, level); fprintf(out, "%s:\n", m);
+    sv_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    secu_PrintPKCS7EncContent(out, &src->encContentInfo,
+                  "Encrypted Content Information", level + 1);
+}
+
+/*
+** secu_PrintPKCS7Digested
+**   Pretty print a PKCS7 digested data type (up to version 1).
+*/
+void
+sv_PrintPKCS7Digested(FILE *out, SEC_PKCS7DigestedData *src)
+{
+    secu_Indent(out, level); fprintf(out, "%s:\n", m);
+    sv_PrintInteger(out, &(src->version), "Version", level + 1);
+
+    sv_PrintAlgorithmID(out, &src->digestAlg, "Digest Algorithm");
+    sv_PrintPKCS7ContentInfo(out, &src->contentInfo, "Content Information",
+                   level + 1);
+    sv_PrintAsHex(out, &src->digest, "Digest", level + 1);
+}
+
+#endif
+
+/*
+** secu_PrintPKCS7ContentInfo
+**   Takes a SEC_PKCS7ContentInfo type and sends the contents to the
+** appropriate function
+*/
+int
+sv_PrintPKCS7ContentInfo(FILE *out, SEC_PKCS7ContentInfo *src, char *m)
+{
+    const char *desc;
+    SECOidTag kind;
+    int rv;
+
+    if (src->contentTypeTag == NULL)
+        src->contentTypeTag = SECOID_FindOID(&(src->contentType));
+
+    if (src->contentTypeTag == NULL) {
+        desc = "Unknown";
+        kind = SEC_OID_PKCS7_DATA;
+    } else {
+        desc = src->contentTypeTag->desc;
+        kind = src->contentTypeTag->offset;
+    }
+
+    fprintf(out, "%s%s\n", m, desc);
+
+    if (src->content.data == NULL) {
+        fprintf(out, "pkcs7.data=<no content>\n");
+        return 0;
+    }
+
+    rv = 0;
+    switch (kind) {
+        case SEC_OID_PKCS7_SIGNED_DATA: /* Signed Data */
+            rv = sv_PrintPKCS7Signed(out, src->content.signedData);
+            break;
+
+        case SEC_OID_PKCS7_ENVELOPED_DATA: /* Enveloped Data */
+            fprintf(out, "pkcs7EnvelopedData=<unsupported>\n");
+            /*sv_PrintPKCS7Enveloped(out, src->content.envelopedData);*/
+            break;
+
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: /* Signed and Enveloped */
+            fprintf(out, "pkcs7SignedEnvelopedData=<unsupported>\n");
+            /*rv = sv_PrintPKCS7SignedAndEnveloped(out,
+                                src->content.signedAndEnvelopedData);*/
+            break;
+
+        case SEC_OID_PKCS7_DIGESTED_DATA: /* Digested Data */
+            fprintf(out, "pkcs7DigestedData=<unsupported>\n");
+            /*sv_PrintPKCS7Digested(out, src->content.digestedData);*/
+            break;
+
+        case SEC_OID_PKCS7_ENCRYPTED_DATA: /* Encrypted Data */
+            fprintf(out, "pkcs7EncryptedData=<unsupported>\n");
+            /*sv_PrintPKCS7Encrypted(out, src->content.encryptedData);*/
+            break;
+
+        default:
+            fprintf(out, "pkcs7UnknownData=<unsupported>\n");
+            /*sv_PrintAsHex(out, src->content.data);*/
+            break;
+    }
+
+    return rv;
+}
+
+int
+SV_PrintPKCS7ContentInfo(FILE *out, SECItem *der)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    int rv = -1;
+
+    cinfo = SEC_PKCS7DecodeItem(der, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+
+    if (cinfo != NULL) {
+        rv = sv_PrintPKCS7ContentInfo(out, cinfo, "pkcs7.contentInfo=");
+        SEC_PKCS7DestroyContentInfo(cinfo);
+    }
+
+    return rv;
+}
+/*
+** End of PKCS7 functions
+*/
diff --git a/nss/cmd/signver/signver.c b/nss/cmd/signver/signver.c
new file mode 100644
index 0000000..4e89e9d
--- /dev/null
+++ b/nss/cmd/signver/signver.c
@@ -0,0 +1,315 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secutil.h"
+#include "secmod.h"
+#include "cert.h"
+#include "secoid.h"
+#include "nss.h"
+
+/* NSPR 2.0 header files */
+#include "prinit.h"
+#include "prprf.h"
+#include "prsystem.h"
+#include "prmem.h"
+/* Portable layer header files */
+#include "plstr.h"
+#include "sechash.h" /* for HASH_GetHashObject() */
+
+static PRBool debugInfo;
+static PRBool verbose;
+static PRBool doVerify;
+static PRBool displayAll;
+
+static const char *const usageInfo[] = {
+    "signver - verify a detached PKCS7 signature - Version " NSS_VERSION,
+    "Commands:",
+    " -A                    display all information from pkcs #7",
+    " -V                    verify the signed object and display result",
+    "Options:",
+    " -a                    signature file is ASCII",
+    " -d certdir            directory containing cert database",
+    " -i dataFileName       input file containing signed data (default stdin)",
+    " -o outputFileName     output file name, default stdout",
+    " -s signatureFileName  input file for signature (default stdin)",
+    " -v                    display verbose reason for failure"
+};
+static int nUsageInfo = sizeof(usageInfo) / sizeof(char *);
+
+extern int SV_PrintPKCS7ContentInfo(FILE *, SECItem *);
+
+static void
+Usage(char *progName, FILE *outFile)
+{
+    int i;
+    fprintf(outFile, "Usage:  %s [ commands ] options\n", progName);
+    for (i = 0; i < nUsageInfo; i++)
+        fprintf(outFile, "%s\n", usageInfo[i]);
+    exit(-1);
+}
+
+static HASH_HashType
+AlgorithmToHashType(SECAlgorithmID *digestAlgorithms)
+{
+    SECOidTag tag = SECOID_GetAlgorithmTag(digestAlgorithms);
+    HASH_HashType hash = HASH_GetHashTypeByOidTag(tag);
+    return hash;
+}
+
+static SECStatus
+DigestContent(SECItem *digest, SECItem *content, HASH_HashType hashType)
+{
+    unsigned int maxLen = digest->len;
+    unsigned int len = HASH_ResultLen(hashType);
+    SECStatus rv;
+
+    if (len > maxLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    rv = HASH_HashBuf(hashType, digest->data, content->data, content->len);
+    if (rv == SECSuccess)
+        digest->len = len;
+    return rv;
+}
+
+enum {
+    cmd_DisplayAllPCKS7Info = 0,
+    cmd_VerifySignedObj
+};
+
+enum {
+    opt_ASCII,
+    opt_CertDir,
+    opt_InputDataFile,
+    opt_OutputFile,
+    opt_InputSigFile,
+    opt_PrintWhyFailure,
+    opt_DebugInfo
+};
+
+static secuCommandFlag signver_commands[] =
+    {
+      { /* cmd_DisplayAllPCKS7Info*/ 'A', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_VerifySignedObj  */ 'V', PR_FALSE, 0, PR_FALSE }
+    };
+
+static secuCommandFlag signver_options[] =
+    {
+      { /* opt_ASCII            */ 'a', PR_FALSE, 0, PR_FALSE },
+      { /* opt_CertDir          */ 'd', PR_TRUE, 0, PR_FALSE },
+      { /* opt_InputDataFile    */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_OutputFile       */ 'o', PR_TRUE, 0, PR_FALSE },
+      { /* opt_InputSigFile     */ 's', PR_TRUE, 0, PR_FALSE },
+      { /* opt_PrintWhyFailure  */ 'v', PR_FALSE, 0, PR_FALSE },
+      { /* opt_DebugInfo                */ 0, PR_FALSE, 0, PR_FALSE, "debug" }
+    };
+
+int
+main(int argc, char **argv)
+{
+    PRFileDesc *contentFile = NULL;
+    PRFileDesc *signFile = PR_STDIN;
+    FILE *outFile = stdout;
+    char *progName;
+    SECStatus rv;
+    int result = 1;
+    SECItem pkcs7der, content;
+    secuCommand signver;
+
+    pkcs7der.data = NULL;
+    content.data = NULL;
+
+    signver.numCommands = sizeof(signver_commands) / sizeof(secuCommandFlag);
+    signver.numOptions = sizeof(signver_options) / sizeof(secuCommandFlag);
+    signver.commands = signver_commands;
+    signver.options = signver_options;
+
+#ifdef XP_PC
+    progName = strrchr(argv[0], '\\');
+#else
+    progName = strrchr(argv[0], '/');
+#endif
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &signver);
+    if (SECSuccess != rv) {
+        Usage(progName, outFile);
+    }
+    debugInfo = signver.options[opt_DebugInfo].activated;
+    verbose = signver.options[opt_PrintWhyFailure].activated;
+    doVerify = signver.commands[cmd_VerifySignedObj].activated;
+    displayAll = signver.commands[cmd_DisplayAllPCKS7Info].activated;
+    if (!doVerify && !displayAll)
+        doVerify = PR_TRUE;
+
+    /*  Set the certdb directory (default is ~/.netscape) */
+    rv = NSS_Init(SECU_ConfigDirectory(signver.options[opt_CertDir].arg));
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        return result;
+    }
+    /* below here, goto cleanup */
+    SECU_RegisterDynamicOids();
+
+    /*  Open the input content file. */
+    if (signver.options[opt_InputDataFile].activated &&
+        signver.options[opt_InputDataFile].arg) {
+        if (PL_strcmp("-", signver.options[opt_InputDataFile].arg)) {
+            contentFile = PR_Open(signver.options[opt_InputDataFile].arg,
+                                  PR_RDONLY, 0);
+            if (!contentFile) {
+                PR_fprintf(PR_STDERR,
+                           "%s: unable to open \"%s\" for reading.\n",
+                           progName, signver.options[opt_InputDataFile].arg);
+                goto cleanup;
+            }
+        } else
+            contentFile = PR_STDIN;
+    }
+
+    /*  Open the input signature file.  */
+    if (signver.options[opt_InputSigFile].activated &&
+        signver.options[opt_InputSigFile].arg) {
+        if (PL_strcmp("-", signver.options[opt_InputSigFile].arg)) {
+            signFile = PR_Open(signver.options[opt_InputSigFile].arg,
+                               PR_RDONLY, 0);
+            if (!signFile) {
+                PR_fprintf(PR_STDERR,
+                           "%s: unable to open \"%s\" for reading.\n",
+                           progName, signver.options[opt_InputSigFile].arg);
+                goto cleanup;
+            }
+        }
+    }
+
+    if (contentFile == PR_STDIN && signFile == PR_STDIN && doVerify) {
+        PR_fprintf(PR_STDERR,
+                   "%s: cannot read both content and signature from standard input\n",
+                   progName);
+        goto cleanup;
+    }
+
+    /*  Open|Create the output file.  */
+    if (signver.options[opt_OutputFile].activated) {
+        outFile = fopen(signver.options[opt_OutputFile].arg, "w");
+        if (!outFile) {
+            PR_fprintf(PR_STDERR, "%s: unable to open \"%s\" for writing.\n",
+                       progName, signver.options[opt_OutputFile].arg);
+            goto cleanup;
+        }
+    }
+
+    /* read in the input files' contents */
+    rv = SECU_ReadDERFromFile(&pkcs7der, signFile,
+                              signver.options[opt_ASCII].activated, PR_FALSE);
+    if (signFile != PR_STDIN)
+        PR_Close(signFile);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "problem reading PKCS7 input");
+        goto cleanup;
+    }
+    if (contentFile) {
+        rv = SECU_FileToItem(&content, contentFile);
+        if (contentFile != PR_STDIN)
+            PR_Close(contentFile);
+        if (rv != SECSuccess)
+            content.data = NULL;
+    }
+
+    /* Signature Verification */
+    if (doVerify) {
+        SEC_PKCS7ContentInfo *cinfo;
+        SEC_PKCS7SignedData *signedData;
+        HASH_HashType digestType;
+        PRBool contentIsSigned;
+
+        cinfo = SEC_PKCS7DecodeItem(&pkcs7der, NULL, NULL, NULL, NULL,
+                                    NULL, NULL, NULL);
+        if (cinfo == NULL) {
+            PR_fprintf(PR_STDERR, "Unable to decode PKCS7 data\n");
+            goto cleanup;
+        }
+        /* below here, goto done */
+
+        contentIsSigned = SEC_PKCS7ContentIsSigned(cinfo);
+        if (debugInfo) {
+            PR_fprintf(PR_STDERR, "Content is%s encrypted.\n",
+                       SEC_PKCS7ContentIsEncrypted(cinfo) ? "" : " not");
+        }
+        if (debugInfo || !contentIsSigned) {
+            PR_fprintf(PR_STDERR, "Content is%s signed.\n",
+                       contentIsSigned ? "" : " not");
+        }
+
+        if (!contentIsSigned)
+            goto done;
+
+        signedData = cinfo->content.signedData;
+
+        /* assume that there is only one digest algorithm for now */
+        digestType = AlgorithmToHashType(signedData->digestAlgorithms[0]);
+        if (digestType == HASH_AlgNULL) {
+            PR_fprintf(PR_STDERR, "Invalid hash algorithmID\n");
+            goto done;
+        }
+        if (content.data) {
+            SECCertUsage usage = certUsageEmailSigner;
+            SECItem digest;
+            unsigned char digestBuffer[HASH_LENGTH_MAX];
+
+            if (debugInfo)
+                PR_fprintf(PR_STDERR, "contentToVerify=%s\n", content.data);
+
+            digest.data = digestBuffer;
+            digest.len = sizeof digestBuffer;
+
+            if (DigestContent(&digest, &content, digestType)) {
+                SECU_PrintError(progName, "Message digest computation failure");
+                goto done;
+            }
+
+            if (debugInfo) {
+                unsigned int i;
+                PR_fprintf(PR_STDERR, "Data Digest=:");
+                for (i = 0; i < digest.len; i++)
+                    PR_fprintf(PR_STDERR, "%02x:", digest.data[i]);
+                PR_fprintf(PR_STDERR, "\n");
+            }
+
+            fprintf(outFile, "signatureValid=");
+            PORT_SetError(0);
+            if (SEC_PKCS7VerifyDetachedSignature(cinfo, usage,
+                                                 &digest, digestType, PR_FALSE)) {
+                fprintf(outFile, "yes");
+            } else {
+                fprintf(outFile, "no");
+                if (verbose) {
+                    fprintf(outFile, ":%s",
+                            SECU_Strerror(PORT_GetError()));
+                }
+            }
+            fprintf(outFile, "\n");
+            result = 0;
+        }
+    done:
+        SEC_PKCS7DestroyContentInfo(cinfo);
+    }
+
+    if (displayAll) {
+        if (SV_PrintPKCS7ContentInfo(outFile, &pkcs7der))
+            result = 1;
+    }
+
+cleanup:
+    SECITEM_FreeItem(&pkcs7der, PR_FALSE);
+    SECITEM_FreeItem(&content, PR_FALSE);
+
+    if (NSS_Shutdown() != SECSuccess) {
+        result = 1;
+    }
+
+    return result;
+}
diff --git a/nss/cmd/signver/signver.gyp b/nss/cmd/signver/signver.gyp
new file mode 100644
index 0000000..9aeb504
--- /dev/null
+++ b/nss/cmd/signver/signver.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'signver',
+      'type': 'executable',
+      'sources': [
+        'pk7print.c',
+        'signver.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/smimetools/Makefile b/nss/cmd/smimetools/Makefile
new file mode 100644
index 0000000..7413962
--- /dev/null
+++ b/nss/cmd/smimetools/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+ifdef NISCC_TEST
+DEFINES += -DNISCC_TEST
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include rules.mk
+
+include ../platrules.mk
diff --git a/nss/cmd/smimetools/cmsutil.c b/nss/cmd/smimetools/cmsutil.c
new file mode 100644
index 0000000..f3587d0
--- /dev/null
+++ b/nss/cmd/smimetools/cmsutil.c
@@ -0,0 +1,1628 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * cmsutil -- A command to work with CMS data
+ */
+
+#include "nspr.h"
+#include "secutil.h"
+#include "plgetopt.h"
+#include "secpkcs7.h"
+#include "cert.h"
+#include "certdb.h"
+#include "secoid.h"
+#include "cms.h"
+#include "nss.h"
+#include "smime.h"
+#include "pk11func.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#if defined(_WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+char *progName = NULL;
+static int cms_verbose = 0;
+static secuPWData pwdata = { PW_NONE, 0 };
+static PK11PasswordFunc pwcb = NULL;
+static void *pwcb_arg = NULL;
+
+/* XXX stolen from cmsarray.c
+ * nss_CMSArray_Count - count number of elements in array
+ */
+int
+nss_CMSArray_Count(void **array)
+{
+    int n = 0;
+    if (array == NULL)
+        return 0;
+    while (*array++ != NULL)
+        n++;
+    return n;
+}
+
+static SECStatus
+DigestFile(PLArenaPool *poolp, SECItem ***digests, SECItem *input,
+           SECAlgorithmID **algids)
+{
+    NSSCMSDigestContext *digcx;
+    SECStatus rv;
+
+    digcx = NSS_CMSDigestContext_StartMultiple(algids);
+    if (digcx == NULL)
+        return SECFailure;
+
+    NSS_CMSDigestContext_Update(digcx, input->data, input->len);
+
+    rv = NSS_CMSDigestContext_FinishMultiple(digcx, poolp, digests);
+    return rv;
+}
+
+static void
+Usage(char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s [-C|-D|-E|-O|-S] [<options>] [-d dbdir] [-u certusage]\n"
+            " -C            create a CMS encrypted data message\n"
+            " -D            decode a CMS message\n"
+            "  -b           decode a batch of files named in infile\n"
+            "  -c content   use this detached content\n"
+            "  -n           suppress output of content\n"
+            "  -h num       display num levels of CMS message info as email headers\n"
+            "  -k           keep decoded encryption certs in perm cert db\n"
+            " -E            create a CMS enveloped data message\n"
+            "  -r id,...    create envelope for these recipients,\n"
+            "               where id can be a certificate nickname or email address\n"
+            " -S            create a CMS signed data message\n"
+            "  -G           include a signing time attribute\n"
+            "  -H hash      use hash (default:SHA1)\n"
+            "  -N nick      use certificate named \"nick\" for signing\n"
+            "  -P           include a SMIMECapabilities attribute\n"
+            "  -T           do not include content in CMS message\n"
+            "  -Y nick      include a EncryptionKeyPreference attribute with cert\n"
+            "                 (use \"NONE\" to omit)\n"
+            " -O            create a CMS signed message containing only certificates\n"
+            " General Options:\n"
+            " -d dbdir      key/cert database directory (default: ~/.netscape)\n"
+            " -e envelope   enveloped data message in this file is used for bulk key\n"
+            " -i infile     use infile as source of data (default: stdin)\n"
+            " -o outfile    use outfile as destination of data (default: stdout)\n"
+            " -p password   use password as key db password (default: prompt)\n"
+            " -f pwfile     use password file to set password on all PKCS#11 tokens)\n"
+            " -u certusage  set type of certificate usage (default: certUsageEmailSigner)\n"
+            " -v            print debugging information\n"
+            "\n"
+            "Cert usage codes:\n",
+            progName);
+    fprintf(stderr, "%-25s  0 - certUsageSSLClient\n", " ");
+    fprintf(stderr, "%-25s  1 - certUsageSSLServer\n", " ");
+    fprintf(stderr, "%-25s  2 - certUsageSSLServerWithStepUp\n", " ");
+    fprintf(stderr, "%-25s  3 - certUsageSSLCA\n", " ");
+    fprintf(stderr, "%-25s  4 - certUsageEmailSigner\n", " ");
+    fprintf(stderr, "%-25s  5 - certUsageEmailRecipient\n", " ");
+    fprintf(stderr, "%-25s  6 - certUsageObjectSigner\n", " ");
+    fprintf(stderr, "%-25s  7 - certUsageUserCertImport\n", " ");
+    fprintf(stderr, "%-25s  8 - certUsageVerifyCA\n", " ");
+    fprintf(stderr, "%-25s  9 - certUsageProtectedObjectSigner\n", " ");
+    fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " ");
+    fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " ");
+
+    exit(-1);
+}
+
+struct optionsStr {
+    char *pwfile;
+    char *password;
+    SECCertUsage certUsage;
+    CERTCertDBHandle *certHandle;
+};
+
+struct decodeOptionsStr {
+    struct optionsStr *options;
+    SECItem content;
+    int headerLevel;
+    PRBool suppressContent;
+    NSSCMSGetDecryptKeyCallback dkcb;
+    PK11SymKey *bulkkey;
+    PRBool keepCerts;
+};
+
+struct signOptionsStr {
+    struct optionsStr *options;
+    char *nickname;
+    char *encryptionKeyPreferenceNick;
+    PRBool signingTime;
+    PRBool smimeProfile;
+    PRBool detached;
+    SECOidTag hashAlgTag;
+};
+
+struct envelopeOptionsStr {
+    struct optionsStr *options;
+    char **recipients;
+};
+
+struct certsonlyOptionsStr {
+    struct optionsStr *options;
+    char **recipients;
+};
+
+struct encryptOptionsStr {
+    struct optionsStr *options;
+    char **recipients;
+    NSSCMSMessage *envmsg;
+    SECItem *input;
+    FILE *outfile;
+    PRFileDesc *envFile;
+    PK11SymKey *bulkkey;
+    SECOidTag bulkalgtag;
+    int keysize;
+};
+
+static NSSCMSMessage *
+decode(FILE *out, SECItem *input, const struct decodeOptionsStr *decodeOptions)
+{
+    NSSCMSDecoderContext *dcx;
+    SECStatus rv;
+    NSSCMSMessage *cmsg;
+    int nlevels, i;
+    SECItem sitem = { 0, 0, 0 };
+
+    PORT_SetError(0);
+    dcx = NSS_CMSDecoder_Start(NULL,
+                               NULL, NULL,          /* content callback     */
+                               pwcb, pwcb_arg,      /* password callback    */
+                               decodeOptions->dkcb, /* decrypt key callback */
+                               decodeOptions->bulkkey);
+    if (dcx == NULL) {
+        fprintf(stderr, "%s: failed to set up message decoder.\n", progName);
+        return NULL;
+    }
+    rv = NSS_CMSDecoder_Update(dcx, (char *)input->data, input->len);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: failed to decode message.\n", progName);
+        NSS_CMSDecoder_Cancel(dcx);
+        return NULL;
+    }
+    cmsg = NSS_CMSDecoder_Finish(dcx);
+    if (cmsg == NULL) {
+        fprintf(stderr, "%s: failed to decode message.\n", progName);
+        return NULL;
+    }
+
+    if (decodeOptions->headerLevel >= 0) {
+        /*fprintf(out, "SMIME: ", decodeOptions->headerLevel, i);*/
+        fprintf(out, "SMIME: ");
+    }
+
+    nlevels = NSS_CMSMessage_ContentLevelCount(cmsg);
+    for (i = 0; i < nlevels; i++) {
+        NSSCMSContentInfo *cinfo;
+        SECOidTag typetag;
+
+        cinfo = NSS_CMSMessage_ContentLevel(cmsg, i);
+        typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+
+        if (decodeOptions->headerLevel >= 0)
+            fprintf(out, "\tlevel=%d.%d; ", decodeOptions->headerLevel, nlevels - i);
+
+        switch (typetag) {
+            case SEC_OID_PKCS7_SIGNED_DATA: {
+                NSSCMSSignedData *sigd = NULL;
+                SECItem **digests;
+                int nsigners;
+                int j;
+
+                if (decodeOptions->headerLevel >= 0)
+                    fprintf(out, "type=signedData; ");
+                sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo);
+                if (sigd == NULL) {
+                    SECU_PrintError(progName, "signedData component missing");
+                    goto loser;
+                }
+
+                /* if we have a content file, but no digests for this signedData */
+                if (decodeOptions->content.data != NULL &&
+                    !NSS_CMSSignedData_HasDigests(sigd)) {
+                    PLArenaPool *poolp;
+                    SECAlgorithmID **digestalgs;
+
+                    /* detached content: grab content file */
+                    sitem = decodeOptions->content;
+
+                    if ((poolp = PORT_NewArena(1024)) == NULL) {
+                        fprintf(stderr, "cmsutil: Out of memory.\n");
+                        goto loser;
+                    }
+                    digestalgs = NSS_CMSSignedData_GetDigestAlgs(sigd);
+                    if (DigestFile(poolp, &digests, &sitem, digestalgs) !=
+                        SECSuccess) {
+                        SECU_PrintError(progName,
+                                        "problem computing message digest");
+                        PORT_FreeArena(poolp, PR_FALSE);
+                        goto loser;
+                    }
+                    if (NSS_CMSSignedData_SetDigests(sigd, digestalgs, digests) !=
+                        SECSuccess) {
+                        SECU_PrintError(progName,
+                                        "problem setting message digests");
+                        PORT_FreeArena(poolp, PR_FALSE);
+                        goto loser;
+                    }
+                    PORT_FreeArena(poolp, PR_FALSE);
+                }
+
+                /* import the certificates */
+                if (NSS_CMSSignedData_ImportCerts(sigd,
+                                                  decodeOptions->options->certHandle,
+                                                  decodeOptions->options->certUsage,
+                                                  decodeOptions->keepCerts) !=
+                    SECSuccess) {
+                    SECU_PrintError(progName, "cert import failed");
+                    goto loser;
+                }
+
+                /* find out about signers */
+                nsigners = NSS_CMSSignedData_SignerInfoCount(sigd);
+                if (decodeOptions->headerLevel >= 0)
+                    fprintf(out, "nsigners=%d; ", nsigners);
+                if (nsigners == 0) {
+                    /* Might be a cert transport message
+                    ** or might be an invalid message, such as a QA test message
+                    ** or a message from an attacker.
+                    */
+                    SECStatus rv;
+                    rv = NSS_CMSSignedData_VerifyCertsOnly(sigd,
+                                                           decodeOptions->options->certHandle,
+                                                           decodeOptions->options->certUsage);
+                    if (rv != SECSuccess) {
+                        fprintf(stderr, "cmsutil: Verify certs-only failed!\n");
+                        goto loser;
+                    }
+                    return cmsg;
+                }
+
+                /* still no digests? */
+                if (!NSS_CMSSignedData_HasDigests(sigd)) {
+                    SECU_PrintError(progName, "no message digests");
+                    goto loser;
+                }
+
+                for (j = 0; j < nsigners; j++) {
+                    const char *svs;
+                    NSSCMSSignerInfo *si;
+                    NSSCMSVerificationStatus vs;
+                    SECStatus bad;
+
+                    si = NSS_CMSSignedData_GetSignerInfo(sigd, j);
+                    if (decodeOptions->headerLevel >= 0) {
+                        char *signercn;
+                        static char empty[] = { "" };
+
+                        signercn = NSS_CMSSignerInfo_GetSignerCommonName(si);
+                        if (signercn == NULL)
+                            signercn = empty;
+                        fprintf(out, "\n\t\tsigner%d.id=\"%s\"; ", j, signercn);
+                        if (signercn != empty)
+                            PORT_Free(signercn);
+                    }
+                    bad = NSS_CMSSignedData_VerifySignerInfo(sigd, j,
+                                                             decodeOptions->options->certHandle,
+                                                             decodeOptions->options->certUsage);
+                    vs = NSS_CMSSignerInfo_GetVerificationStatus(si);
+                    svs = NSS_CMSUtil_VerificationStatusToString(vs);
+                    if (decodeOptions->headerLevel >= 0) {
+                        fprintf(out, "signer%d.status=%s; ", j, svs);
+                        /* goto loser ? */
+                    } else if (bad && out) {
+                        fprintf(stderr, "signer %d status = %s\n", j, svs);
+                        goto loser;
+                    }
+                }
+            } break;
+            case SEC_OID_PKCS7_ENVELOPED_DATA: {
+                NSSCMSEnvelopedData *envd;
+                if (decodeOptions->headerLevel >= 0)
+                    fprintf(out, "type=envelopedData; ");
+                envd = (NSSCMSEnvelopedData *)NSS_CMSContentInfo_GetContent(cinfo);
+                if (envd == NULL) {
+                    SECU_PrintError(progName, "envelopedData component missing");
+                    goto loser;
+                }
+            } break;
+            case SEC_OID_PKCS7_ENCRYPTED_DATA: {
+                NSSCMSEncryptedData *encd;
+                if (decodeOptions->headerLevel >= 0)
+                    fprintf(out, "type=encryptedData; ");
+                encd = (NSSCMSEncryptedData *)NSS_CMSContentInfo_GetContent(cinfo);
+                if (encd == NULL) {
+                    SECU_PrintError(progName, "encryptedData component missing");
+                    goto loser;
+                }
+            } break;
+            case SEC_OID_PKCS7_DATA:
+                if (decodeOptions->headerLevel >= 0)
+                    fprintf(out, "type=data; ");
+                break;
+            default:
+                break;
+        }
+        if (decodeOptions->headerLevel >= 0)
+            fprintf(out, "\n");
+    }
+
+    if (!decodeOptions->suppressContent && out) {
+        SECItem *item = (sitem.data ? &sitem
+                                    : NSS_CMSMessage_GetContent(cmsg));
+        if (item && item->data && item->len) {
+            fwrite(item->data, item->len, 1, out);
+        }
+    }
+    return cmsg;
+
+loser:
+    if (cmsg)
+        NSS_CMSMessage_Destroy(cmsg);
+    return NULL;
+}
+
+/* example of a callback function to use with encoder */
+/*
+static void
+writeout(void *arg, const char *buf, unsigned long len)
+{
+    FILE *f = (FILE *)arg;
+
+    if (f != NULL && buf != NULL)
+        (void)fwrite(buf, len, 1, f);
+}
+*/
+
+static NSSCMSMessage *
+signed_data(struct signOptionsStr *signOptions)
+{
+    NSSCMSMessage *cmsg = NULL;
+    NSSCMSContentInfo *cinfo;
+    NSSCMSSignedData *sigd;
+    NSSCMSSignerInfo *signerinfo;
+    CERTCertificate *cert = NULL, *ekpcert = NULL;
+
+    if (cms_verbose) {
+        fprintf(stderr, "Input to signed_data:\n");
+        if (signOptions->options->password)
+            fprintf(stderr, "password [%s]\n", signOptions->options->password);
+        else if (signOptions->options->pwfile)
+            fprintf(stderr, "password file [%s]\n", signOptions->options->pwfile);
+        else
+            fprintf(stderr, "password [NULL]\n");
+        fprintf(stderr, "certUsage [%d]\n", signOptions->options->certUsage);
+        if (signOptions->options->certHandle)
+            fprintf(stderr, "certdb [%p]\n", signOptions->options->certHandle);
+        else
+            fprintf(stderr, "certdb [NULL]\n");
+        if (signOptions->nickname)
+            fprintf(stderr, "nickname [%s]\n", signOptions->nickname);
+        else
+            fprintf(stderr, "nickname [NULL]\n");
+    }
+    if (signOptions->nickname == NULL) {
+        fprintf(stderr,
+                "ERROR: please indicate the nickname of a certificate to sign with.\n");
+        return NULL;
+    }
+    if ((cert = CERT_FindUserCertByUsage(signOptions->options->certHandle,
+                                         signOptions->nickname,
+                                         signOptions->options->certUsage,
+                                         PR_FALSE,
+                                         &pwdata)) == NULL) {
+        SECU_PrintError(progName,
+                        "the corresponding cert for key \"%s\" does not exist",
+                        signOptions->nickname);
+        return NULL;
+    }
+    if (cms_verbose) {
+        fprintf(stderr, "Found certificate for %s\n", signOptions->nickname);
+    }
+    /*
+     * create the message object
+     */
+    cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
+    if (cmsg == NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS message.\n");
+        return NULL;
+    }
+    /*
+     * build chain of objects: message->signedData->data
+     */
+    if ((sigd = NSS_CMSSignedData_Create(cmsg)) == NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS signedData object.\n");
+        goto loser;
+    }
+    cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
+    if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n");
+        goto loser;
+    }
+    cinfo = NSS_CMSSignedData_GetContentInfo(sigd);
+    /* we're always passing data in and detaching optionally */
+    if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL,
+                                           signOptions->detached) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+        goto loser;
+    }
+    /*
+     * create & attach signer information
+     */
+    signerinfo = NSS_CMSSignerInfo_Create(cmsg, cert, signOptions->hashAlgTag);
+    if (signerinfo == NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS signerInfo object.\n");
+        goto loser;
+    }
+    if (cms_verbose) {
+        fprintf(stderr,
+                "Created CMS message, added signed data w/ signerinfo\n");
+    }
+    signerinfo->cmsg->pwfn_arg = pwcb_arg;
+    /* we want the cert chain included for this one */
+    if (NSS_CMSSignerInfo_IncludeCerts(signerinfo, NSSCMSCM_CertChain,
+                                       signOptions->options->certUsage) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot find cert chain.\n");
+        goto loser;
+    }
+    if (cms_verbose) {
+        fprintf(stderr, "imported certificate\n");
+    }
+    if (signOptions->signingTime) {
+        if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now()) !=
+            SECSuccess) {
+            fprintf(stderr, "ERROR: cannot add signingTime attribute.\n");
+            goto loser;
+        }
+    }
+    if (signOptions->smimeProfile) {
+        if (NSS_CMSSignerInfo_AddSMIMECaps(signerinfo) != SECSuccess) {
+            fprintf(stderr, "ERROR: cannot add SMIMECaps attribute.\n");
+            goto loser;
+        }
+    }
+
+    if (!signOptions->encryptionKeyPreferenceNick) {
+        /* check signing cert for fitness as encryption cert */
+        SECStatus FitForEncrypt = CERT_CheckCertUsage(cert,
+                                                      certUsageEmailRecipient);
+
+        if (SECSuccess == FitForEncrypt) {
+            /* if yes, add signing cert as EncryptionKeyPreference */
+            if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, cert,
+                                                      signOptions->options->certHandle) !=
+                SECSuccess) {
+                fprintf(stderr,
+                        "ERROR: cannot add default SMIMEEncKeyPrefs attribute.\n");
+                goto loser;
+            }
+            if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, cert,
+                                                        signOptions->options->certHandle) !=
+                SECSuccess) {
+                fprintf(stderr,
+                        "ERROR: cannot add default MS SMIMEEncKeyPrefs attribute.\n");
+                goto loser;
+            }
+        } else {
+            /* this is a dual-key cert case, we need to look for the encryption
+               certificate under the same nickname as the signing cert */
+            /* get the cert, add it to the message */
+            if ((ekpcert = CERT_FindUserCertByUsage(
+                     signOptions->options->certHandle,
+                     signOptions->nickname,
+                     certUsageEmailRecipient,
+                     PR_FALSE,
+                     &pwdata)) == NULL) {
+                SECU_PrintError(progName,
+                                "the corresponding cert for key \"%s\" does not exist",
+                                signOptions->encryptionKeyPreferenceNick);
+                goto loser;
+            }
+            if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
+                                                      signOptions->options->certHandle) !=
+                SECSuccess) {
+                fprintf(stderr,
+                        "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
+                goto loser;
+            }
+            if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
+                                                        signOptions->options->certHandle) !=
+                SECSuccess) {
+                fprintf(stderr,
+                        "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
+                goto loser;
+            }
+            if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
+                fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
+                goto loser;
+            }
+        }
+    } else if (PL_strcmp(signOptions->encryptionKeyPreferenceNick, "NONE") == 0) {
+        /* No action */
+    } else {
+        /* get the cert, add it to the message */
+        if ((ekpcert = CERT_FindUserCertByUsage(
+                 signOptions->options->certHandle,
+                 signOptions->encryptionKeyPreferenceNick,
+                 certUsageEmailRecipient, PR_FALSE, &pwdata)) ==
+            NULL) {
+            SECU_PrintError(progName,
+                            "the corresponding cert for key \"%s\" does not exist",
+                            signOptions->encryptionKeyPreferenceNick);
+            goto loser;
+        }
+        if (NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(signerinfo, ekpcert,
+                                                  signOptions->options->certHandle) !=
+            SECSuccess) {
+            fprintf(stderr, "ERROR: cannot add SMIMEEncKeyPrefs attribute.\n");
+            goto loser;
+        }
+        if (NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(signerinfo, ekpcert,
+                                                    signOptions->options->certHandle) !=
+            SECSuccess) {
+            fprintf(stderr, "ERROR: cannot add MS SMIMEEncKeyPrefs attribute.\n");
+            goto loser;
+        }
+        if (NSS_CMSSignedData_AddCertificate(sigd, ekpcert) != SECSuccess) {
+            fprintf(stderr, "ERROR: cannot add encryption certificate.\n");
+            goto loser;
+        }
+    }
+
+    if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess) {
+        fprintf(stderr, "ERROR: cannot add CMS signerInfo object.\n");
+        goto loser;
+    }
+    if (cms_verbose) {
+        fprintf(stderr, "created signed-data message\n");
+    }
+    if (ekpcert) {
+        CERT_DestroyCertificate(ekpcert);
+    }
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+    return cmsg;
+loser:
+    if (ekpcert) {
+        CERT_DestroyCertificate(ekpcert);
+    }
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+    NSS_CMSMessage_Destroy(cmsg);
+    return NULL;
+}
+
+static NSSCMSMessage *
+enveloped_data(struct envelopeOptionsStr *envelopeOptions)
+{
+    NSSCMSMessage *cmsg = NULL;
+    NSSCMSContentInfo *cinfo;
+    NSSCMSEnvelopedData *envd;
+    NSSCMSRecipientInfo *recipientinfo;
+    CERTCertificate **recipientcerts = NULL;
+    CERTCertDBHandle *dbhandle;
+    PLArenaPool *tmppoolp = NULL;
+    SECOidTag bulkalgtag;
+    int keysize, i = 0;
+    int cnt;
+    dbhandle = envelopeOptions->options->certHandle;
+    /* count the recipients */
+    if ((cnt = nss_CMSArray_Count((void **)envelopeOptions->recipients)) == 0) {
+        fprintf(stderr, "ERROR: please name at least one recipient.\n");
+        goto loser;
+    }
+    if ((tmppoolp = PORT_NewArena(1024)) == NULL) {
+        fprintf(stderr, "ERROR: out of memory.\n");
+        goto loser;
+    }
+    /* XXX find the recipient's certs by email address or nickname */
+    if ((recipientcerts =
+             (CERTCertificate **)PORT_ArenaZAlloc(tmppoolp,
+                                                  (cnt + 1) * sizeof(CERTCertificate *))) ==
+        NULL) {
+        fprintf(stderr, "ERROR: out of memory.\n");
+        goto loser;
+    }
+    for (i = 0; envelopeOptions->recipients[i] != NULL; i++) {
+        if ((recipientcerts[i] =
+                 CERT_FindCertByNicknameOrEmailAddr(dbhandle,
+                                                    envelopeOptions->recipients[i])) ==
+            NULL) {
+            SECU_PrintError(progName, "cannot find certificate for \"%s\"",
+                            envelopeOptions->recipients[i]);
+            i = 0;
+            goto loser;
+        }
+    }
+    recipientcerts[i] = NULL;
+    i = 0;
+    /* find a nice bulk algorithm */
+    if (NSS_SMIMEUtil_FindBulkAlgForRecipients(recipientcerts, &bulkalgtag,
+                                               &keysize) != SECSuccess) {
+        fprintf(stderr, "ERROR: cannot find common bulk algorithm.\n");
+        goto loser;
+    }
+    /*
+     * create the message object
+     */
+    cmsg = NSS_CMSMessage_Create(NULL); /* create a message on its own pool */
+    if (cmsg == NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS message.\n");
+        goto loser;
+    }
+    /*
+     * build chain of objects: message->envelopedData->data
+     */
+    if ((envd = NSS_CMSEnvelopedData_Create(cmsg, bulkalgtag, keysize)) ==
+        NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS envelopedData object.\n");
+        goto loser;
+    }
+    cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
+    if (NSS_CMSContentInfo_SetContent_EnvelopedData(cmsg, cinfo, envd) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS envelopedData object.\n");
+        goto loser;
+    }
+    cinfo = NSS_CMSEnvelopedData_GetContentInfo(envd);
+    /* we're always passing data in, so the content is NULL */
+    if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+        goto loser;
+    }
+    /*
+     * create & attach recipient information
+     */
+    for (i = 0; recipientcerts[i] != NULL; i++) {
+        if ((recipientinfo = NSS_CMSRecipientInfo_Create(cmsg,
+                                                         recipientcerts[i])) ==
+            NULL) {
+            fprintf(stderr, "ERROR: cannot create CMS recipientInfo object.\n");
+            goto loser;
+        }
+        if (NSS_CMSEnvelopedData_AddRecipient(envd, recipientinfo) !=
+            SECSuccess) {
+            fprintf(stderr, "ERROR: cannot add CMS recipientInfo object.\n");
+            goto loser;
+        }
+        CERT_DestroyCertificate(recipientcerts[i]);
+    }
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+    return cmsg;
+loser:
+    if (recipientcerts) {
+        for (; recipientcerts[i] != NULL; i++) {
+            CERT_DestroyCertificate(recipientcerts[i]);
+        }
+    }
+    if (cmsg)
+        NSS_CMSMessage_Destroy(cmsg);
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+    return NULL;
+}
+
+PK11SymKey *
+dkcb(void *arg, SECAlgorithmID *algid)
+{
+    return (PK11SymKey *)arg;
+}
+
+static SECStatus
+get_enc_params(struct encryptOptionsStr *encryptOptions)
+{
+    struct envelopeOptionsStr envelopeOptions;
+    SECStatus rv = SECFailure;
+    NSSCMSMessage *env_cmsg;
+    NSSCMSContentInfo *cinfo;
+    int i, nlevels;
+    /*
+     * construct an enveloped data message to obtain bulk keys
+     */
+    if (encryptOptions->envmsg) {
+        env_cmsg = encryptOptions->envmsg; /* get it from an old message */
+    } else {
+        SECItem dummyOut = { 0, 0, 0 };
+        SECItem dummyIn = { 0, 0, 0 };
+        char str[] = "Hello!";
+        PLArenaPool *tmparena = PORT_NewArena(1024);
+        dummyIn.data = (unsigned char *)str;
+        dummyIn.len = strlen(str);
+        envelopeOptions.options = encryptOptions->options;
+        envelopeOptions.recipients = encryptOptions->recipients;
+        env_cmsg = enveloped_data(&envelopeOptions);
+        NSS_CMSDEREncode(env_cmsg, &dummyIn, &dummyOut, tmparena);
+        PR_Write(encryptOptions->envFile, dummyOut.data, dummyOut.len);
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    /*
+     * get the content info for the enveloped data
+     */
+    nlevels = NSS_CMSMessage_ContentLevelCount(env_cmsg);
+    for (i = 0; i < nlevels; i++) {
+        SECOidTag typetag;
+        cinfo = NSS_CMSMessage_ContentLevel(env_cmsg, i);
+        typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+        if (typetag == SEC_OID_PKCS7_DATA) {
+            /*
+             * get the symmetric key
+             */
+            encryptOptions->bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo);
+            encryptOptions->keysize = NSS_CMSContentInfo_GetBulkKeySize(cinfo);
+            encryptOptions->bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
+            rv = SECSuccess;
+            break;
+        }
+    }
+    if (i == nlevels) {
+        fprintf(stderr, "%s: could not retrieve enveloped data.", progName);
+    }
+    if (env_cmsg)
+        NSS_CMSMessage_Destroy(env_cmsg);
+    return rv;
+}
+
+static NSSCMSMessage *
+encrypted_data(struct encryptOptionsStr *encryptOptions)
+{
+    SECStatus rv = SECFailure;
+    NSSCMSMessage *cmsg = NULL;
+    NSSCMSContentInfo *cinfo;
+    NSSCMSEncryptedData *encd;
+    NSSCMSEncoderContext *ecx = NULL;
+    PLArenaPool *tmppoolp = NULL;
+    SECItem derOut = { 0, 0, 0 };
+    /* arena for output */
+    tmppoolp = PORT_NewArena(1024);
+    if (!tmppoolp) {
+        fprintf(stderr, "%s: out of memory.\n", progName);
+        return NULL;
+    }
+    /*
+     * create the message object
+     */
+    cmsg = NSS_CMSMessage_Create(NULL);
+    if (cmsg == NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS message.\n");
+        goto loser;
+    }
+    /*
+     * build chain of objects: message->encryptedData->data
+     */
+    if ((encd = NSS_CMSEncryptedData_Create(cmsg, encryptOptions->bulkalgtag,
+                                            encryptOptions->keysize)) ==
+        NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS encryptedData object.\n");
+        goto loser;
+    }
+    cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
+    if (NSS_CMSContentInfo_SetContent_EncryptedData(cmsg, cinfo, encd) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS encryptedData object.\n");
+        goto loser;
+    }
+    cinfo = NSS_CMSEncryptedData_GetContentInfo(encd);
+    /* we're always passing data in, so the content is NULL */
+    if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+        goto loser;
+    }
+    ecx = NSS_CMSEncoder_Start(cmsg, NULL, NULL, &derOut, tmppoolp, NULL, NULL,
+                               dkcb, encryptOptions->bulkkey, NULL, NULL);
+    if (!ecx) {
+        fprintf(stderr, "%s: cannot create encoder context.\n", progName);
+        goto loser;
+    }
+    rv = NSS_CMSEncoder_Update(ecx, (char *)encryptOptions->input->data,
+                               encryptOptions->input->len);
+    if (rv) {
+        fprintf(stderr, "%s: failed to add data to encoder.\n", progName);
+        goto loser;
+    }
+    rv = NSS_CMSEncoder_Finish(ecx);
+    if (rv) {
+        fprintf(stderr, "%s: failed to encrypt data.\n", progName);
+        goto loser;
+    }
+    fwrite(derOut.data, derOut.len, 1, encryptOptions->outfile);
+    /*
+    if (bulkkey)
+        PK11_FreeSymKey(bulkkey);
+        */
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+    return cmsg;
+loser:
+    /*
+    if (bulkkey)
+        PK11_FreeSymKey(bulkkey);
+        */
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+    if (cmsg)
+        NSS_CMSMessage_Destroy(cmsg);
+    return NULL;
+}
+
+static NSSCMSMessage *
+signed_data_certsonly(struct certsonlyOptionsStr *certsonlyOptions)
+{
+    NSSCMSMessage *cmsg = NULL;
+    NSSCMSContentInfo *cinfo;
+    NSSCMSSignedData *sigd;
+    CERTCertificate **certs = NULL;
+    CERTCertDBHandle *dbhandle;
+    PLArenaPool *tmppoolp = NULL;
+    int i = 0, cnt;
+    dbhandle = certsonlyOptions->options->certHandle;
+    if ((cnt = nss_CMSArray_Count((void **)certsonlyOptions->recipients)) == 0) {
+        fprintf(stderr,
+                "ERROR: please indicate the nickname of a certificate to sign with.\n");
+        goto loser;
+    }
+    if (!(tmppoolp = PORT_NewArena(1024))) {
+        fprintf(stderr, "ERROR: out of memory.\n");
+        goto loser;
+    }
+    if (!(certs = PORT_ArenaZNewArray(tmppoolp, CERTCertificate *, cnt + 1))) {
+        fprintf(stderr, "ERROR: out of memory.\n");
+        goto loser;
+    }
+    for (i = 0; certsonlyOptions->recipients[i] != NULL; i++) {
+        if ((certs[i] =
+                 CERT_FindCertByNicknameOrEmailAddr(dbhandle,
+                                                    certsonlyOptions->recipients[i])) ==
+            NULL) {
+            SECU_PrintError(progName, "cannot find certificate for \"%s\"",
+                            certsonlyOptions->recipients[i]);
+            i = 0;
+            goto loser;
+        }
+    }
+    certs[i] = NULL;
+    i = 0;
+    /*
+     * create the message object
+     */
+    cmsg = NSS_CMSMessage_Create(NULL);
+    if (cmsg == NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS message.\n");
+        goto loser;
+    }
+    /*
+     * build chain of objects: message->signedData->data
+     */
+    if ((sigd = NSS_CMSSignedData_CreateCertsOnly(cmsg, certs[0], PR_TRUE)) ==
+        NULL) {
+        fprintf(stderr, "ERROR: cannot create CMS signedData object.\n");
+        goto loser;
+    }
+    CERT_DestroyCertificate(certs[0]);
+    for (i = 1; i < cnt; i++) {
+        if (NSS_CMSSignedData_AddCertChain(sigd, certs[i])) {
+            fprintf(stderr, "ERROR: cannot add cert chain for \"%s\".\n",
+                    certsonlyOptions->recipients[i]);
+            goto loser;
+        }
+        CERT_DestroyCertificate(certs[i]);
+    }
+    cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
+    if (NSS_CMSContentInfo_SetContent_SignedData(cmsg, cinfo, sigd) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS signedData object.\n");
+        goto loser;
+    }
+    cinfo = NSS_CMSSignedData_GetContentInfo(sigd);
+    if (NSS_CMSContentInfo_SetContent_Data(cmsg, cinfo, NULL, PR_FALSE) !=
+        SECSuccess) {
+        fprintf(stderr, "ERROR: cannot attach CMS data object.\n");
+        goto loser;
+    }
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+    return cmsg;
+loser:
+    if (certs) {
+        for (; i < cnt; i++) {
+            CERT_DestroyCertificate(certs[i]);
+        }
+    }
+    if (cmsg)
+        NSS_CMSMessage_Destroy(cmsg);
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+    return NULL;
+}
+
+static char *
+pl_fgets(char *buf, int size, PRFileDesc *fd)
+{
+    char *bp = buf;
+    int nb = 0;
+    ;
+
+    while (size > 1) {
+        nb = PR_Read(fd, bp, 1);
+        if (nb < 0) {
+            /* deal with error */
+            return NULL;
+        } else if (nb == 0) {
+            /* deal with EOF */
+            return NULL;
+        } else if (*bp == '\n') {
+            /* deal with EOL */
+            ++bp; /* keep EOL character */
+            break;
+        } else {
+            /* ordinary character */
+            ++bp;
+            --size;
+        }
+    }
+    *bp = '\0';
+    return buf;
+}
+
+typedef enum { UNKNOWN,
+               DECODE,
+               SIGN,
+               ENCRYPT,
+               ENVELOPE,
+               CERTSONLY } Mode;
+
+static int
+doBatchDecode(FILE *outFile, PRFileDesc *batchFile,
+              const struct decodeOptionsStr *decodeOptions)
+{
+    char *str;
+    int exitStatus = 0;
+    char batchLine[512];
+
+    while (NULL != (str = pl_fgets(batchLine, sizeof batchLine, batchFile))) {
+        NSSCMSMessage *cmsg = NULL;
+        PRFileDesc *inFile;
+        int len = strlen(str);
+        SECStatus rv;
+        SECItem input = { 0, 0, 0 };
+        char cc;
+
+        while (len > 0 &&
+               ((cc = str[len - 1]) == '\n' || cc == '\r')) {
+            str[--len] = '\0';
+        }
+        if (!len) /* skip empty line */
+            continue;
+        if (str[0] == '#')
+            continue; /* skip comment line */
+        fprintf(outFile, "========== %s ==========\n", str);
+        inFile = PR_Open(str, PR_RDONLY, 00660);
+        if (inFile == NULL) {
+            fprintf(outFile, "%s: unable to open \"%s\" for reading\n",
+                    progName, str);
+            exitStatus = 1;
+            continue;
+        }
+        rv = SECU_FileToItem(&input, inFile);
+        PR_Close(inFile);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "unable to read infile");
+            exitStatus = 1;
+            continue;
+        }
+        cmsg = decode(outFile, &input, decodeOptions);
+        SECITEM_FreeItem(&input, PR_FALSE);
+        if (cmsg)
+            NSS_CMSMessage_Destroy(cmsg);
+        else {
+            SECU_PrintError(progName, "problem decoding");
+            exitStatus = 1;
+        }
+    }
+    return exitStatus;
+}
+
+int
+main(int argc, char **argv)
+{
+    FILE *outFile;
+    NSSCMSMessage *cmsg = NULL;
+    PRFileDesc *inFile;
+    PLOptState *optstate;
+    PLOptStatus status;
+    Mode mode = UNKNOWN;
+    struct decodeOptionsStr decodeOptions = { 0 };
+    struct signOptionsStr signOptions = { 0 };
+    struct envelopeOptionsStr envelopeOptions = { 0 };
+    struct certsonlyOptionsStr certsonlyOptions = { 0 };
+    struct encryptOptionsStr encryptOptions = { 0 };
+    struct optionsStr options = { 0 };
+    int exitstatus;
+    static char *ptrarray[128] = { 0 };
+    int nrecipients = 0;
+    char *str, *tok;
+    char *envFileName;
+    SECItem input = { 0, 0, 0 };
+    SECItem envmsg = { 0, 0, 0 };
+    SECStatus rv;
+    PRFileDesc *contentFile = NULL;
+    PRBool batch = PR_FALSE;
+
+#ifdef NISCC_TEST
+    const char *ev = PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST");
+    PORT_Assert(ev);
+    ev = PR_GetEnvSecure("NSS_STRICT_SHUTDOWN");
+    PORT_Assert(ev);
+#endif
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    inFile = PR_STDIN;
+    outFile = stdout;
+    envFileName = NULL;
+    mode = UNKNOWN;
+    decodeOptions.content.data = NULL;
+    decodeOptions.content.len = 0;
+    decodeOptions.suppressContent = PR_FALSE;
+    decodeOptions.headerLevel = -1;
+    decodeOptions.keepCerts = PR_FALSE;
+    options.certUsage = certUsageEmailSigner;
+    options.password = NULL;
+    options.pwfile = NULL;
+    signOptions.nickname = NULL;
+    signOptions.detached = PR_FALSE;
+    signOptions.signingTime = PR_FALSE;
+    signOptions.smimeProfile = PR_FALSE;
+    signOptions.encryptionKeyPreferenceNick = NULL;
+    signOptions.hashAlgTag = SEC_OID_SHA1;
+    envelopeOptions.recipients = NULL;
+    encryptOptions.recipients = NULL;
+    encryptOptions.envmsg = NULL;
+    encryptOptions.envFile = NULL;
+    encryptOptions.bulkalgtag = SEC_OID_UNKNOWN;
+    encryptOptions.bulkkey = NULL;
+    encryptOptions.keysize = -1;
+
+    /*
+     * Parse command line arguments
+     */
+    optstate = PL_CreateOptState(argc, argv,
+                                 "CDEGH:N:OPSTY:bc:d:e:f:h:i:kno:p:r:s:u:v");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'C':
+                mode = ENCRYPT;
+                break;
+            case 'D':
+                mode = DECODE;
+                break;
+            case 'E':
+                mode = ENVELOPE;
+                break;
+            case 'G':
+                if (mode != SIGN) {
+                    fprintf(stderr,
+                            "%s: option -G only supported with option -S.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                signOptions.signingTime = PR_TRUE;
+                break;
+            case 'H':
+                if (mode != SIGN) {
+                    fprintf(stderr,
+                            "%s: option -H only supported with option -S.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                decodeOptions.suppressContent = PR_TRUE;
+                if (!strcmp(optstate->value, "MD2"))
+                    signOptions.hashAlgTag = SEC_OID_MD2;
+                else if (!strcmp(optstate->value, "MD4"))
+                    signOptions.hashAlgTag = SEC_OID_MD4;
+                else if (!strcmp(optstate->value, "MD5"))
+                    signOptions.hashAlgTag = SEC_OID_MD5;
+                else if (!strcmp(optstate->value, "SHA1"))
+                    signOptions.hashAlgTag = SEC_OID_SHA1;
+                else if (!strcmp(optstate->value, "SHA256"))
+                    signOptions.hashAlgTag = SEC_OID_SHA256;
+                else if (!strcmp(optstate->value, "SHA384"))
+                    signOptions.hashAlgTag = SEC_OID_SHA384;
+                else if (!strcmp(optstate->value, "SHA512"))
+                    signOptions.hashAlgTag = SEC_OID_SHA512;
+                else {
+                    fprintf(stderr,
+                            "%s: -H requires one of MD2,MD4,MD5,SHA1,SHA256,SHA384,SHA512\n",
+                            progName);
+                    exit(1);
+                }
+                break;
+            case 'N':
+                if (mode != SIGN) {
+                    fprintf(stderr,
+                            "%s: option -N only supported with option -S.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                signOptions.nickname = PORT_Strdup(optstate->value);
+                break;
+            case 'O':
+                mode = CERTSONLY;
+                break;
+            case 'P':
+                if (mode != SIGN) {
+                    fprintf(stderr,
+                            "%s: option -P only supported with option -S.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                signOptions.smimeProfile = PR_TRUE;
+                break;
+            case 'S':
+                mode = SIGN;
+                break;
+            case 'T':
+                if (mode != SIGN) {
+                    fprintf(stderr,
+                            "%s: option -T only supported with option -S.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                signOptions.detached = PR_TRUE;
+                break;
+            case 'Y':
+                if (mode != SIGN) {
+                    fprintf(stderr,
+                            "%s: option -Y only supported with option -S.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                signOptions.encryptionKeyPreferenceNick = strdup(optstate->value);
+                break;
+
+            case 'b':
+                if (mode != DECODE) {
+                    fprintf(stderr,
+                            "%s: option -b only supported with option -D.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                batch = PR_TRUE;
+                break;
+
+            case 'c':
+                if (mode != DECODE) {
+                    fprintf(stderr,
+                            "%s: option -c only supported with option -D.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                contentFile = PR_Open(optstate->value, PR_RDONLY, 006600);
+                if (contentFile == NULL) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading.\n",
+                            progName, optstate->value);
+                    exit(1);
+                }
+
+                rv = SECU_FileToItem(&decodeOptions.content, contentFile);
+                PR_Close(contentFile);
+                if (rv != SECSuccess) {
+                    SECU_PrintError(progName, "problem reading content file");
+                    exit(1);
+                }
+                if (!decodeOptions.content.data) {
+                    /* file was zero length */
+                    decodeOptions.content.data = (unsigned char *)PORT_Strdup("");
+                    decodeOptions.content.len = 0;
+                }
+
+                break;
+            case 'd':
+                SECU_ConfigDirectory(optstate->value);
+                break;
+            case 'e':
+                envFileName = PORT_Strdup(optstate->value);
+                encryptOptions.envFile = PR_Open(envFileName, PR_RDONLY, 00660);
+                break;
+
+            case 'h':
+                if (mode != DECODE) {
+                    fprintf(stderr,
+                            "%s: option -h only supported with option -D.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                decodeOptions.headerLevel = atoi(optstate->value);
+                if (decodeOptions.headerLevel < 0) {
+                    fprintf(stderr, "option -h cannot have a negative value.\n");
+                    exit(1);
+                }
+                break;
+            case 'i':
+                if (!optstate->value) {
+                    fprintf(stderr, "-i option requires filename argument\n");
+                    exit(1);
+                }
+                inFile = PR_Open(optstate->value, PR_RDONLY, 00660);
+                if (inFile == NULL) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+                            progName, optstate->value);
+                    exit(1);
+                }
+                break;
+
+            case 'k':
+                if (mode != DECODE) {
+                    fprintf(stderr,
+                            "%s: option -k only supported with option -D.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                decodeOptions.keepCerts = PR_TRUE;
+                break;
+
+            case 'n':
+                if (mode != DECODE) {
+                    fprintf(stderr,
+                            "%s: option -n only supported with option -D.\n",
+                            progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                decodeOptions.suppressContent = PR_TRUE;
+                break;
+            case 'o':
+                outFile = fopen(optstate->value, "wb");
+                if (outFile == NULL) {
+                    fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+                            progName, optstate->value);
+                    exit(1);
+                }
+                break;
+            case 'p':
+                if (!optstate->value) {
+                    fprintf(stderr, "%s: option -p must have a value.\n", progName);
+                    Usage(progName);
+                    exit(1);
+                }
+
+                options.password = strdup(optstate->value);
+                break;
+
+            case 'f':
+                if (!optstate->value) {
+                    fprintf(stderr, "%s: option -f must have a value.\n", progName);
+                    Usage(progName);
+                    exit(1);
+                }
+
+                options.pwfile = strdup(optstate->value);
+                break;
+
+            case 'r':
+                if (!optstate->value) {
+                    fprintf(stderr, "%s: option -r must have a value.\n", progName);
+                    Usage(progName);
+                    exit(1);
+                }
+                envelopeOptions.recipients = ptrarray;
+                str = (char *)optstate->value;
+                do {
+                    tok = strchr(str, ',');
+                    if (tok)
+                        *tok = '\0';
+                    envelopeOptions.recipients[nrecipients++] = strdup(str);
+                    if (tok)
+                        str = tok + 1;
+                } while (tok);
+                envelopeOptions.recipients[nrecipients] = NULL;
+                encryptOptions.recipients = envelopeOptions.recipients;
+                certsonlyOptions.recipients = envelopeOptions.recipients;
+                break;
+
+            case 'u': {
+                int usageType;
+
+                usageType = atoi(strdup(optstate->value));
+                if (usageType < certUsageSSLClient || usageType > certUsageAnyCA)
+                    return -1;
+                options.certUsage = (SECCertUsage)usageType;
+                break;
+            }
+            case 'v':
+                cms_verbose = 1;
+                break;
+        }
+    }
+    if (status == PL_OPT_BAD)
+        Usage(progName);
+    PL_DestroyOptState(optstate);
+
+    if (mode == UNKNOWN)
+        Usage(progName);
+
+    if (mode != CERTSONLY && !batch) {
+        rv = SECU_FileToItem(&input, inFile);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "unable to read infile");
+            exit(1);
+        }
+    }
+    if (cms_verbose) {
+        fprintf(stderr, "received commands\n");
+    }
+
+    /* Call the NSS initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
+    if (SECSuccess != rv) {
+        SECU_PrintError(progName, "NSS_Init failed");
+        exit(1);
+    }
+    if (cms_verbose) {
+        fprintf(stderr, "NSS has been initialized.\n");
+    }
+    options.certHandle = CERT_GetDefaultCertDB();
+    if (!options.certHandle) {
+        SECU_PrintError(progName, "No default cert DB");
+        exit(1);
+    }
+    if (cms_verbose) {
+        fprintf(stderr, "Got default certdb\n");
+    }
+    if (options.password) {
+        pwdata.source = PW_PLAINTEXT;
+        pwdata.data = options.password;
+    }
+    if (options.pwfile) {
+        pwdata.source = PW_FROMFILE;
+        pwdata.data = options.pwfile;
+    }
+    pwcb = SECU_GetModulePassword;
+    pwcb_arg = (void *)&pwdata;
+
+    PK11_SetPasswordFunc(&SECU_GetModulePassword);
+
+#if defined(_WIN32)
+    if (outFile == stdout) {
+        /* If we're going to write binary data to stdout, we must put stdout
+        ** into O_BINARY mode or else outgoing \n's will become \r\n's.
+        */
+        int smrv = _setmode(_fileno(stdout), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+                    progName);
+            return smrv;
+        }
+    }
+#endif
+
+    exitstatus = 0;
+    switch (mode) {
+        case DECODE: /* -D */
+            decodeOptions.options = &options;
+            if (encryptOptions.envFile) {
+                /* Decoding encrypted-data, so get the bulkkey from an
+                 * enveloped-data message.
+                 */
+                SECU_FileToItem(&envmsg, encryptOptions.envFile);
+                decodeOptions.options = &options;
+                encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions);
+                if (!encryptOptions.envmsg) {
+                    SECU_PrintError(progName, "problem decoding env msg");
+                    exitstatus = 1;
+                    break;
+                }
+                rv = get_enc_params(&encryptOptions);
+                decodeOptions.dkcb = dkcb;
+                decodeOptions.bulkkey = encryptOptions.bulkkey;
+            }
+            if (!batch) {
+                cmsg = decode(outFile, &input, &decodeOptions);
+                if (!cmsg) {
+                    SECU_PrintError(progName, "problem decoding");
+                    exitstatus = 1;
+                }
+            } else {
+                exitstatus = doBatchDecode(outFile, inFile, &decodeOptions);
+            }
+            break;
+        case SIGN: /* -S */
+            signOptions.options = &options;
+            cmsg = signed_data(&signOptions);
+            if (!cmsg) {
+                SECU_PrintError(progName, "problem signing");
+                exitstatus = 1;
+            }
+            break;
+        case ENCRYPT: /* -C */
+            if (!envFileName) {
+                fprintf(stderr, "%s: you must specify an envelope file with -e.\n",
+                        progName);
+                exit(1);
+            }
+            encryptOptions.options = &options;
+            encryptOptions.input = &input;
+            encryptOptions.outfile = outFile;
+            /* decode an enveloped-data message to get the bulkkey (create
+             * a new one if neccessary)
+             */
+            if (!encryptOptions.envFile) {
+                encryptOptions.envFile = PR_Open(envFileName,
+                                                 PR_WRONLY | PR_CREATE_FILE, 00660);
+                if (!encryptOptions.envFile) {
+                    fprintf(stderr, "%s: failed to create file %s.\n", progName,
+                            envFileName);
+                    exit(1);
+                }
+            } else {
+                SECU_FileToItem(&envmsg, encryptOptions.envFile);
+                decodeOptions.options = &options;
+                encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions);
+                if (encryptOptions.envmsg == NULL) {
+                    SECU_PrintError(progName, "problem decrypting env msg");
+                    exitstatus = 1;
+                    break;
+                }
+            }
+            rv = get_enc_params(&encryptOptions);
+            /* create the encrypted-data message */
+            cmsg = encrypted_data(&encryptOptions);
+            if (!cmsg) {
+                SECU_PrintError(progName, "problem encrypting");
+                exitstatus = 1;
+            }
+            if (encryptOptions.bulkkey) {
+                PK11_FreeSymKey(encryptOptions.bulkkey);
+                encryptOptions.bulkkey = NULL;
+            }
+            break;
+        case ENVELOPE: /* -E */
+            envelopeOptions.options = &options;
+            cmsg = enveloped_data(&envelopeOptions);
+            if (!cmsg) {
+                SECU_PrintError(progName, "problem enveloping");
+                exitstatus = 1;
+            }
+            break;
+        case CERTSONLY: /* -O */
+            certsonlyOptions.options = &options;
+            cmsg = signed_data_certsonly(&certsonlyOptions);
+            if (!cmsg) {
+                SECU_PrintError(progName, "problem with certs-only");
+                exitstatus = 1;
+            }
+            break;
+        default:
+            fprintf(stderr, "One of options -D, -S or -E must be set.\n");
+            Usage(progName);
+            exitstatus = 1;
+    }
+
+    if (signOptions.nickname) {
+        PORT_Free(signOptions.nickname);
+    }
+
+    if ((mode == SIGN || mode == ENVELOPE || mode == CERTSONLY) &&
+        (!exitstatus)) {
+        PLArenaPool *arena = PORT_NewArena(1024);
+        NSSCMSEncoderContext *ecx;
+        SECItem output = { 0, 0, 0 };
+
+        if (!arena) {
+            fprintf(stderr, "%s: out of memory.\n", progName);
+            exit(1);
+        }
+
+        if (cms_verbose) {
+            fprintf(stderr, "cmsg [%p]\n", cmsg);
+            fprintf(stderr, "arena [%p]\n", arena);
+            if (pwcb_arg && (PW_PLAINTEXT == ((secuPWData *)pwcb_arg)->source))
+                fprintf(stderr, "password [%s]\n",
+                        ((secuPWData *)pwcb_arg)->data);
+            else
+                fprintf(stderr, "password [NULL]\n");
+        }
+        ecx = NSS_CMSEncoder_Start(cmsg,
+                                   NULL, NULL,     /* DER output callback  */
+                                   &output, arena, /* destination storage  */
+                                   pwcb, pwcb_arg, /* password callback    */
+                                   NULL, NULL,     /* decrypt key callback */
+                                   NULL, NULL);    /* detached digests    */
+        if (!ecx) {
+            fprintf(stderr, "%s: cannot create encoder context.\n", progName);
+            exit(1);
+        }
+        if (cms_verbose) {
+            fprintf(stderr, "input len [%d]\n", input.len);
+            {
+                unsigned int j;
+                for (j = 0; j < input.len; j++)
+                    fprintf(stderr, "%2x%c", input.data[j], (j > 0 &&
+                                                             j % 35 == 0)
+                                                                ? '\n'
+                                                                : ' ');
+            }
+        }
+        if (input.len > 0) { /* skip if certs-only (or other zero content) */
+            rv = NSS_CMSEncoder_Update(ecx, (char *)input.data, input.len);
+            if (rv) {
+                fprintf(stderr,
+                        "%s: failed to add data to encoder.\n", progName);
+                exit(1);
+            }
+        }
+        rv = NSS_CMSEncoder_Finish(ecx);
+        if (rv) {
+            SECU_PrintError(progName, "failed to encode data");
+            exit(1);
+        }
+
+        if (cms_verbose) {
+            fprintf(stderr, "encoding passed\n");
+        }
+        fwrite(output.data, output.len, 1, outFile);
+        if (cms_verbose) {
+            fprintf(stderr, "wrote to file\n");
+        }
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    if (cmsg)
+        NSS_CMSMessage_Destroy(cmsg);
+    if (outFile != stdout)
+        fclose(outFile);
+
+    if (inFile != PR_STDIN) {
+        PR_Close(inFile);
+    }
+    if (envFileName) {
+        PORT_Free(envFileName);
+    }
+    if (encryptOptions.envFile) {
+        PR_Close(encryptOptions.envFile);
+    }
+
+    SECITEM_FreeItem(&decodeOptions.content, PR_FALSE);
+    SECITEM_FreeItem(&envmsg, PR_FALSE);
+    SECITEM_FreeItem(&input, PR_FALSE);
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS_Shutdown failed");
+        exitstatus = 1;
+    }
+    PR_Cleanup();
+    return exitstatus;
+}
diff --git a/nss/cmd/smimetools/manifest.mn b/nss/cmd/smimetools/manifest.mn
new file mode 100644
index 0000000..0e20ed7
--- /dev/null
+++ b/nss/cmd/smimetools/manifest.mn
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = cmsutil.c  
+
+MYLIB = $(DIST)/lib/libsmime.a
+
+REQUIRES = seccmd dbm
+
+PROGRAM = cmsutil
+SCRIPTS = smime
diff --git a/nss/cmd/smimetools/rules.mk b/nss/cmd/smimetools/rules.mk
new file mode 100644
index 0000000..1ed381e
--- /dev/null
+++ b/nss/cmd/smimetools/rules.mk
@@ -0,0 +1,7 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+install::
+	$(INSTALL) -m 755 $(SCRIPTS) $(SOURCE_BIN_DIR)
diff --git a/nss/cmd/smimetools/smime b/nss/cmd/smimetools/smime
new file mode 100755
index 0000000..634c3fb
--- /dev/null
+++ b/nss/cmd/smimetools/smime
@@ -0,0 +1,547 @@
+#!/usr/local/bin/perl
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# smime.pl - frontend for S/MIME message generation and parsing
+#
+
+use Getopt::Std;
+
+@boundarychars = ( "0" .. "9", "A" .. "F" );
+
+# path to cmsutil
+$cmsutilpath = "cmsutil";
+
+#
+# Thanks to Gisle Aas <gisle@aas.no> for the base64 functions
+# originally taken from MIME-Base64-2.11 at www.cpan.org
+#
+sub encode_base64($)
+{
+    my $res = "";
+    pos($_[0]) = 0;                          # ensure start at the beginning
+    while ($_[0] =~ /(.{1,45})/gs) {
+	$res .= substr(pack('u', $1), 1);    # get rid of length byte after packing
+	chop($res);
+    }
+    $res =~ tr|` -_|AA-Za-z0-9+/|;
+    # fix padding at the end
+    my $padding = (3 - length($_[0]) % 3) % 3;
+    $res =~ s/.{$padding}$/'=' x $padding/e if $padding;
+    # break encoded string into lines of no more than 76 characters each
+    $res =~ s/(.{1,76})/$1\n/g;
+    $res;
+}
+
+sub decode_base64($)
+{
+    local($^W) = 0; # unpack("u",...) gives bogus warning in 5.00[123]
+
+    my $str = shift;
+    my $res = "";
+
+    $str =~ tr|A-Za-z0-9+=/||cd;            # remove non-base64 chars
+    if (length($str) % 4) {
+	require Carp;
+	Carp::carp("Length of base64 data not a multiple of 4")
+    }
+    $str =~ s/=+$//;                        # remove padding
+    $str =~ tr|A-Za-z0-9+/| -_|;            # convert to uuencoded format
+    while ($str =~ /(.{1,60})/gs) {
+	my $len = chr(32 + length($1)*3/4); # compute length byte
+	$res .= unpack("u", $len . $1 );    # uudecode
+    }
+    $res;
+}
+
+#
+# parse headers into a hash
+#
+# %headers = parseheaders($headertext);
+#
+sub parseheaders($)
+{
+    my ($headerdata) = @_;
+    my $hdr;
+    my %hdrhash;
+    my $hdrname;
+    my $hdrvalue;
+    my @hdrvalues;
+    my $subhdrname;
+    my $subhdrvalue;
+
+    # the expression in split() correctly handles continuation lines
+    foreach $hdr (split(/\n(?=\S)/, $headerdata)) {
+	$hdr =~ s/\r*\n\s+/ /g;	# collapse continuation lines
+	($hdrname, $hdrvalue) = $hdr =~ m/^(\S+):\s+(.*)$/;
+
+	# ignore non-headers (or should we die horribly?)
+	next unless (defined($hdrname));
+	$hdrname =~ tr/A-Z/a-z/;			# lowercase the header name
+	@hdrvalues = split(/\s*;\s*/, $hdrvalue);	# split header values (XXXX quoting)
+
+	# there is guaranteed to be at least one value
+	$hdrvalue = shift @hdrvalues;
+	if ($hdrvalue =~ /^\s*\"(.*)\"\s*$/) {		# strip quotes if there
+	    $hdrvalue = $1;
+	}
+
+	$hdrhash{$hdrname}{MAIN} = $hdrvalue;
+	# print "XXX $hdrname = $hdrvalue\n";
+
+	# deal with additional name-value pairs
+	foreach $hdrvalue (@hdrvalues) {
+	    ($subhdrname, $subhdrvalue) = $hdrvalue =~ m/^(\S+)\s*=\s*(.*)$/;
+	    # ignore non-name-value pairs (or should we die?)
+	    next unless (defined($subhdrname));
+	    $subhdrname =~ tr/A-Z/a-z/;
+	    if ($subhdrvalue =~ /^\s*\"(.*)\"\s*$/) {	# strip quotes if there
+		$subhdrvalue = $1;
+	    }
+	    $hdrhash{$hdrname}{$subhdrname} = $subhdrvalue;
+	}
+
+    }
+    return %hdrhash;
+}
+
+#
+# encryptentity($entity, $options) - encrypt an S/MIME entity,
+#                                    creating a new application/pkcs7-smime entity
+#
+# entity  - string containing entire S/MIME entity to encrypt
+# options - options for cmsutil
+#
+# this will generate and return a new application/pkcs7-smime entity containing
+# the enveloped input entity.
+#
+sub encryptentity($$)
+{
+    my ($entity, $cmsutiloptions) = @_;
+    my $out = "";
+    my $boundary;
+
+    $tmpencfile = "/tmp/encryptentity.$$";
+
+    #
+    # generate a random boundary string
+    #
+    $boundary = "------------ms" . join("", @boundarychars[map{rand @boundarychars }( 1 .. 24 )]);
+
+    #
+    # tell cmsutil to generate a enveloped CMS message using our data
+    #
+    open(CMS, "|$cmsutilpath -E $cmsutiloptions -o $tmpencfile") or die "ERROR: cannot pipe to cmsutil";
+    print CMS $entity;
+    unless (close(CMS)) {
+	print STDERR "ERROR: encryption failed.\n";
+	unlink($tmpsigfile);
+	exit 1;
+    }
+
+    $out  = "Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name=smime.p7m\n";
+    $out .= "Content-Transfer-Encoding: base64\n";
+    $out .= "Content-Disposition: attachment; filename=smime.p7m\n";
+    $out .= "\n";			# end of entity header
+
+    open (ENC, $tmpencfile) or die "ERROR: cannot find newly generated encrypted content";
+    local($/) = undef;			# slurp whole file
+    $out .= encode_base64(<ENC>), "\n";	# entity body is base64-encoded CMS message
+    close(ENC);
+
+    unlink($tmpencfile);
+
+    $out;
+}
+
+#
+# signentity($entity, $options) - sign an S/MIME entity
+#
+# entity  - string containing entire S/MIME entity to sign
+# options - options for cmsutil
+#
+# this will generate and return a new multipart/signed entity consisting
+# of the canonicalized original content, plus a signature block.
+#
+sub signentity($$)
+{
+    my ($entity, $cmsutiloptions) = @_;
+    my $out = "";
+    my $boundary;
+
+    $tmpsigfile = "/tmp/signentity.$$";
+
+    #
+    # generate a random boundary string
+    #
+    $boundary = "------------ms" . join("", @boundarychars[map{rand @boundarychars }( 1 .. 24 )]);
+
+    #
+    # tell cmsutil to generate a signed CMS message using the canonicalized data
+    # The signedData has detached content (-T) and includes a signing time attribute (-G)
+    #
+    # if we do not provide a password on the command line, here's where we would be asked for it
+    #
+    open(CMS, "|$cmsutilpath -S -T -G $cmsutiloptions -o $tmpsigfile") or die "ERROR: cannot pipe to cmsutil";
+    print CMS $entity;
+    unless (close(CMS)) {
+	print STDERR "ERROR: signature generation failed.\n";
+	unlink($tmpsigfile);
+	exit 1;
+    }
+
+    open (SIG, $tmpsigfile) or die "ERROR: cannot find newly generated signature";
+
+    #
+    # construct a new multipart/signed MIME entity consisting of the original content and
+    # the signature
+    #
+    # (we assume that cmsutil generates a SHA1 digest)
+    $out .= "Content-Type: multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha1; boundary=\"${boundary}\"\n";
+    $out .= "\n";		# end of entity header
+    $out .= "This is a cryptographically signed message in MIME format.\n"; # explanatory comment
+    $out .= "\n--${boundary}\n";
+    $out .= $entity;
+    $out .= "\n--${boundary}\n";
+    $out .= "Content-Type: application/pkcs7-signature; name=smime.p7s\n";
+    $out .= "Content-Transfer-Encoding: base64\n";
+    $out .= "Content-Disposition: attachment; filename=smime.p7s\n";
+    $out .= "Content-Description: S/MIME Cryptographic Signature\n";
+    $out .= "\n";		# end of signature subentity header
+
+    local($/) = undef;		# slurp whole file
+    $out .= encode_base64(<SIG>);	# append base64-encoded signature
+    $out .= "\n--${boundary}--\n";
+
+    close(SIG);
+    unlink($tmpsigfile);
+
+    $out;
+}
+
+sub usage {
+    print STDERR "usage: smime [options]\n";
+    print STDERR " options:\n";
+    print STDERR " -S nick             generate signed message, use certificate named \"nick\"\n";
+    print STDERR "  -p passwd          use \"passwd\" as security module password\n";
+    print STDERR " -E rec1[,rec2...]   generate encrypted message for recipients\n";
+    print STDERR " -D                  decode a S/MIME message\n";
+    print STDERR "  -p passwd          use \"passwd\" as security module password\n";
+    print STDERR "                     (required for decrypting only)\n";
+    print STDERR " -C pathname         set pathname of \"cmsutil\"\n";
+    print STDERR " -d directory        set directory containing certificate db\n";
+    print STDERR "                     (default: ~/.netscape)\n";
+    print STDERR "\nWith -S or -E, smime will take a regular RFC822 message or MIME entity\n";
+    print STDERR "on stdin and generate a signed or encrypted S/MIME message with the same\n";
+    print STDERR "headers and content from it. The output can be used as input to a MTA.\n";
+    print STDERR "-D causes smime to strip off all S/MIME layers if possible and output\n";
+    print STDERR "the \"inner\" message.\n";
+}
+
+#
+# start of main procedures
+#
+
+#
+# process command line options
+#
+unless (getopts('S:E:p:d:C:D')) {
+    usage();
+    exit 1;
+}
+
+unless (defined($opt_S) or defined($opt_E) or defined($opt_D)) {
+    print STDERR "ERROR: -S and/or -E, or -D must be specified.\n";
+    usage();
+    exit 1;
+}
+
+$signopts = "";
+$encryptopts = "";
+$decodeopts = "";
+
+# pass -d option along
+if (defined($opt_d)) {
+    $signopts .= "-d \"$opt_d\" ";
+    $encryptopts .= "-d \"$opt_d\" ";
+    $decodeopts .= "-d \"$opt_d\" ";
+}
+
+if (defined($opt_S)) {
+    $signopts .= "-N \"$opt_S\" ";
+}
+
+if (defined($opt_p)) {
+    $signopts .= "-p \"$opt_p\" ";
+    $decodeopts .= "-p \"$opt_p\" ";
+}
+
+if (defined($opt_E)) {
+    @recipients = split(",", $opt_E);
+    $encryptopts .= "-r ";
+    $encryptopts .= join (" -r ", @recipients);
+}
+
+if (defined($opt_C)) {
+    $cmsutilpath = $opt_C;
+}
+
+#
+# split headers into mime entity headers and RFC822 headers
+# The RFC822 headers are preserved and stay on the outer layer of the message
+#
+$rfc822headers = "";
+$mimeheaders = "";
+$mimebody = "";
+$skippedheaders = "";
+while (<STDIN>) {
+    last if (/^$/);
+    if (/^content-\S+: /i) {
+	$lastref = \$mimeheaders;
+    } elsif (/^mime-version: /i) {
+	$lastref = \$skippedheaders;			# skip it
+    } elsif (/^\s/) {
+	;
+    } else {
+	$lastref = \$rfc822headers;
+    }
+    $$lastref .= $_;
+}
+
+#
+# if there are no MIME entity headers, generate some default ones
+#
+if ($mimeheaders eq "") {
+    $mimeheaders .= "Content-Type: text/plain; charset=us-ascii\n";
+    $mimeheaders .= "Content-Transfer-Encoding: 7bit\n";
+}
+
+#
+# slurp in the entity body
+#
+$saveRS = $/;
+$/ = undef;
+$mimebody = <STDIN>;
+$/ = $saveRS;
+chomp($mimebody);
+
+if (defined $opt_D) {
+    #
+    # decode
+    #
+    # possible options would be:
+    # - strip off only one layer
+    # - strip off outer signature (if present)
+    # - just print information about the structure of the message
+    # - strip n layers, then dump DER of CMS message
+
+    $layercounter = 1;
+
+    while (1) {
+	%hdrhash = parseheaders($mimeheaders);
+	unless (exists($hdrhash{"content-type"}{MAIN})) {
+	    print STDERR "ERROR: no content type header found in MIME entity\n";
+	    last;	# no content-type - we're done
+	}
+
+	$contenttype = $hdrhash{"content-type"}{MAIN};
+	if ($contenttype eq "application/pkcs7-mime") {
+	    #
+	    # opaque-signed or enveloped message
+	    #
+	    unless (exists($hdrhash{"content-type"}{"smime-type"})) {
+		print STDERR "ERROR: no smime-type attribute in application/pkcs7-smime entity.\n";
+		last;
+	    }
+	    $smimetype = $hdrhash{"content-type"}{"smime-type"};
+	    if ($smimetype eq "signed-data" or $smimetype eq "enveloped-data") {
+		# it's verification or decryption time!
+
+		# can handle only base64 encoding for now
+		# all other encodings are treated as binary (8bit)
+		if ($hdrhash{"content-transfer-encoding"}{MAIN} eq "base64") {
+		    $mimebody = decode_base64($mimebody);
+		}
+
+		# if we need to dump the DER, we would do it right here
+
+		# now write the DER
+		$tmpderfile = "/tmp/der.$$";
+		open(TMP, ">$tmpderfile") or die "ERROR: cannot write signature data to temporary file";
+		print TMP $mimebody;
+		unless (close(TMP)) {
+		    print STDERR "ERROR: writing signature data to temporary file.\n";
+		    unlink($tmpderfile);
+		    exit 1;
+		}
+
+		$mimeheaders = "";
+		open(TMP, "$cmsutilpath -D $decodeopts -h $layercounter -i $tmpderfile |") or die "ERROR: cannot open pipe to cmsutil";
+		$layercounter++;
+		while (<TMP>) {
+		    last if (/^\r?$/);			# empty lines mark end of header
+		    if (/^SMIME: /) {			# add all SMIME info to the rfc822 hdrs
+			$lastref = \$rfc822headers;
+		    } elsif (/^\s/) {
+			;				# continuation lines go to the last dest
+		    } else {
+			$lastref = \$mimeheaders;	# all other headers are mime headers
+		    }
+		    $$lastref .= $_;
+		}
+		# slurp in rest of the data to $mimebody
+		$saveRS = $/; $/ = undef; $mimebody = <TMP>; $/ = $saveRS;
+		close(TMP);
+
+		unlink($tmpderfile);
+
+	    } else {
+		print STDERR "ERROR: unknown smime-type \"$smimetype\" in application/pkcs7-smime entity.\n";
+		last;
+	    }
+	} elsif ($contenttype eq "multipart/signed") {
+	    #
+	    # clear signed message
+	    #
+	    unless (exists($hdrhash{"content-type"}{"protocol"})) {
+		print STDERR "ERROR: content type has no protocol attribute in multipart/signed entity.\n";
+		last;
+	    }
+	    if ($hdrhash{"content-type"}{"protocol"} ne "application/pkcs7-signature") {
+		# we cannot handle this guy
+		print STDERR "ERROR: unknown protocol \"", $hdrhash{"content-type"}{"protocol"},
+			"\" in multipart/signed entity.\n";
+		last;
+	    }
+	    unless (exists($hdrhash{"content-type"}{"boundary"})) {
+		print STDERR "ERROR: no boundary attribute in multipart/signed entity.\n";
+		last;
+	    }
+	    $boundary = $hdrhash{"content-type"}{"boundary"};
+
+	    # split $mimebody along \n--$boundary\n - gets you four parts
+	    # first (0), any comments the sending agent might have put in
+	    # second (1), the message itself
+	    # third (2), the signature as a mime entity
+	    # fourth (3), trailing data (there shouldn't be any)
+
+	    @multiparts = split(/\r?\n--$boundary(?:--)?\r?\n/, $mimebody);
+
+	    #
+	    # parse the signature headers
+	    ($submimeheaders, $submimebody) = split(/^$/m, $multiparts[2]);
+	    %sighdrhash = parseheaders($submimeheaders);
+	    unless (exists($sighdrhash{"content-type"}{MAIN})) {
+		print STDERR "ERROR: signature entity has no content type.\n";
+		last;
+	    }
+	    if ($sighdrhash{"content-type"}{MAIN} ne "application/pkcs7-signature") {
+		# we cannot handle this guy
+		print STDERR "ERROR: unknown content type \"", $sighdrhash{"content-type"}{MAIN},
+			"\" in signature entity.\n";
+		last;
+	    }
+	    if ($sighdrhash{"content-transfer-encoding"}{MAIN} eq "base64") {
+		$submimebody = decode_base64($submimebody);
+	    }
+
+	    # we would dump the DER at this point
+
+	    $tmpsigfile = "/tmp/sig.$$";
+	    open(TMP, ">$tmpsigfile") or die "ERROR: cannot write signature data to temporary file";
+	    print TMP $submimebody;
+	    unless (close(TMP)) {
+		print STDERR "ERROR: writing signature data to temporary file.\n";
+		unlink($tmpsigfile);
+		exit 1;
+	    }
+
+	    $tmpmsgfile = "/tmp/msg.$$";
+	    open(TMP, ">$tmpmsgfile") or die "ERROR: cannot write message data to temporary file";
+	    print TMP $multiparts[1];
+	    unless (close(TMP)) {
+		print STDERR "ERROR: writing message data to temporary file.\n";
+		unlink($tmpsigfile);
+		unlink($tmpmsgfile);
+		exit 1;
+	    }
+
+	    $mimeheaders = "";
+	    open(TMP, "$cmsutilpath -D $decodeopts -h $layercounter -c $tmpmsgfile -i $tmpsigfile |") or die "ERROR: cannot open pipe to cmsutil";
+	    $layercounter++;
+	    while (<TMP>) {
+		last if (/^\r?$/);
+		if (/^SMIME: /) {
+		    $lastref = \$rfc822headers;
+		} elsif (/^\s/) {
+		    ;
+		} else {
+		    $lastref = \$mimeheaders;
+		}
+		$$lastref .= $_;
+	    }
+	    $saveRS = $/; $/ = undef; $mimebody = <TMP>; $/ = $saveRS;
+	    close(TMP);
+	    unlink($tmpsigfile);
+	    unlink($tmpmsgfile);
+
+	} else {
+
+	    # not a content type we know - we're done
+	    last;
+
+	}
+    }
+
+    # so now we have the S/MIME parsing information in rfc822headers
+    # and the first mime entity we could not handle in mimeheaders and mimebody.
+    # dump 'em out and we're done.
+    print $rfc822headers;
+    print $mimeheaders . "\n" . $mimebody;
+
+} else {
+
+    #
+    # encode (which is much easier than decode)
+    #
+
+    $mimeentity = $mimeheaders . "\n" . $mimebody;
+
+    #
+    # canonicalize inner entity (rudimentary yet)
+    # convert single LFs to CRLF
+    # if no Content-Transfer-Encoding header present:
+    #  if 8 bit chars present, use Content-Transfer-Encoding: quoted-printable
+    #  otherwise, use Content-Transfer-Encoding: 7bit
+    #
+    $mimeentity =~ s/\r*\n/\r\n/mg;
+
+    #
+    # now do the wrapping
+    # we sign first, then encrypt because that's what Communicator needs
+    #
+    if (defined($opt_S)) {
+	$mimeentity = signentity($mimeentity, $signopts);
+    }
+
+    if (defined($opt_E)) {
+	$mimeentity = encryptentity($mimeentity, $encryptopts);	
+    }
+
+    #
+    # XXX sign again to do triple wrapping (RFC2634)
+    #
+
+    #
+    # now write out the RFC822 headers
+    # followed by the final $mimeentity
+    #
+    print $rfc822headers;
+    print "MIME-Version: 1.0 (NSS SMIME - http://www.mozilla.org/projects/security)\n";	# set up the flag
+    print $mimeentity;
+}
+
+exit 0;
diff --git a/nss/cmd/smimetools/smimetools.gyp b/nss/cmd/smimetools/smimetools.gyp
new file mode 100644
index 0000000..13d3679
--- /dev/null
+++ b/nss/cmd/smimetools/smimetools.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'cmsutil',
+      'type': 'executable',
+      'sources': [
+        'cmsutil.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/ssltap/Makefile b/nss/cmd/ssltap/Makefile
new file mode 100644
index 0000000..bc7d35d
--- /dev/null
+++ b/nss/cmd/ssltap/Makefile
@@ -0,0 +1,51 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+# Since ssltap doesn't use any of NSS, we'll skip NSS's link libs,
+# and just link with NSPR.
+#
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
+-include ../platrules.mk
+
diff --git a/nss/cmd/ssltap/manifest.mn b/nss/cmd/ssltap/manifest.mn
new file mode 100644
index 0000000..0c09c17
--- /dev/null
+++ b/nss/cmd/ssltap/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+EXPORTS = 
+
+CSRCS = ssltap.c	\
+	$(NULL)
+
+PROGRAM =  ssltap
+
+REQUIRES = seccmd dbm
+
+PACKAGE_FILES = ssltap-manual.html licence.doc ssltap.exe
+
+ARCHIVE_NAME = ssltap
+
diff --git a/nss/cmd/ssltap/ssltap-manual.html b/nss/cmd/ssltap/ssltap-manual.html
new file mode 100644
index 0000000..619c93f
--- /dev/null
+++ b/nss/cmd/ssltap/ssltap-manual.html
@@ -0,0 +1,170 @@
+<HTML>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<HEAD>
+   <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+   <META NAME="GENERATOR" CONTENT="Mozilla/4.05 [en] (WinNT; U) [Netscape]">
+   <META NAME="Author" CONTENT="Steve Parkinson">
+   <TITLE>SSLTap - manual</TITLE>
+</HEAD>
+<BODY>
+
+<H1>
+SSLTap Manual page</H1>
+
+<H3>
+Summary</H3>
+A command-line proxy which is SSL-aware. It snoops on TCP connections,
+and displays the data going by, including SSL records and handshaking&nbsp;
+if the connection is SSL.
+<H3>
+Synopsis</H3>
+<TT>ssltap [-vhfsxl] [-p port] hostname:port</TT>
+
+<P><TT>&nbsp;&nbsp; -v&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [prints version string]</TT>
+<BR><TT>&nbsp;&nbsp; -h&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [outputs hex instead
+of ASCII]</TT>
+<BR><TT>&nbsp;&nbsp; -f&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [turn on Fancy HTML
+coloring]</TT>
+<BR><TT>&nbsp;&nbsp; -s&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [turn on SSL decoding]</TT>
+<BR><TT>&nbsp;&nbsp; -x&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [turn on extra SSL
+hex dumps]</TT>
+<BR><TT>&nbsp;&nbsp; -p port [specify rendezvous port (default 1924)]</TT>
+<BR><TT>&nbsp;&nbsp; -l&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [loop - continue
+to wait for more connections]</TT>
+<H3>
+Description</H3>
+SSLTap opens a socket on a rendezvous port, and waits for an incoming connection
+(client side). Once this connection arrives, SSLTap makes another connection
+to hostname:port (server side). It passes any data sent by the client to
+the server, and vice versa. However, SSLTap will also display the data
+to the console. It can do this for plain HTTP connections, or any TCP protocol.
+However, SSLTap can also work with SSL streams, as detailed below.
+
+<P>Let's assume your development machine is called 'intercept'. The simplest
+usage of SSLTap is to run the command <TT>'ssltap www.netscape.com:80'</TT>
+on intercept. The program will wait for an incoming connection on port
+1924. Next you would want to go to your browser, and enter the URL http://intercept:1924.
+The page retrieved by the browser will actually be gotten from the server
+at www.netscape.com, but will go via SSLTap.
+
+<P>Data sent from the client to the server is surrounded by a '--> [ ]'
+symbol, and data sent from the server to the client, a '&lt;---[&nbsp;
+]' symbol.
+
+<P>You'll notice that the page retrieved with this example looks incomplete.
+This is because SSLTap by default closes down after the first connection
+is complete, so the browser is not able to load images. To make the SSLTap
+continue to accept connections, switch on looping mode with the -l option.
+
+<P>You can change the default rendezvous port to something else with the
+-p option.
+
+<P>The remaining options change the way the output is produced.
+
+<P>The -f option prints 'fancy' output - in colored HTML. Data sent from
+the client to the server is in blue. The server's reply is in red. This
+is designed so you can load the output up into a browser. When used with
+looping mode, the different connections are separated with horizontal lines.
+
+<P>-x will turn on HEX printing. Instead of being output as ascii, the
+data is shown as Hex, like this:
+<UL><TT>&lt;-- [</TT>
+<BR><TT>&nbsp;&nbsp; 0: 56 d5 16 3e&nbsp; a1 6b b1 4a&nbsp; 8f 67 c4 d7&nbsp;
+21 2f 6f dd&nbsp; | V..>.k.J.g..!/o.</TT>
+<BR><TT>&nbsp; 10: bb 22 c4 75&nbsp; 8c f4 ce 28&nbsp; 16 a6 20 aa&nbsp;
+fb 9a 59 a1&nbsp; | .".u...(.. ...Y.</TT>
+<BR><TT>&nbsp; 20: 51 91 14 d2&nbsp; fc 9f a7 ea&nbsp; 4d 9c f7 3a&nbsp;
+9d 83 62 4a&nbsp; | Q.......M..:..bJ</TT>
+<BR><TT>]</TT>
+<BR>&nbsp;</UL>
+
+<H4>
+SSL Parse mode</H4>
+The following options deal with SSL connections.
+<UL>-s will turn on SSL parsing. (SSLTap doesn't automatically detect SSL
+sessions.)
+<BR>-x will turn on extra SSL hexdumps. Mostly, if SSL can decode the data,
+it doesn't display the hex.</UL>
+The following SSL3 Data structures are parsed: Handshake, ClientHello,
+ServerHello, CertificateChain, Certificate. In addition, SSL2 ClientHello,
+ServerHello, ClientMasterKey are also partly parsed. NO DECRYPTION IS PERFORMED
+ON THE DATA. SSLTAP CANNOT DECRYPT the data.
+
+<P>If a certificate chain is detected, DER-encoded certificates will be
+saved into files in the current directory called 'cert.0x' where x is the
+sequence number of the certificate.
+<BR>&nbsp;
+<H3>
+Operation Hints</H3>
+Often, you'll find that the server certificate does not get transferred,
+or other parts of the handshake do not happen. This is because the browser
+is taking advantage of session-id-reuse (using the handshake results from
+a previous session). If you restart the browser, it'll clear the session
+id cache.
+
+<P>If you run the ssltap on a different machine that the ssl server you're
+trying to connect to, the browser will complain that the host name you're
+trying to connect to is different to the certificate, but it will still
+let you connect, after showing you a dialog.
+<H3>
+Bugs</H3>
+Please contact <A HREF="mailto:ssltap-support@netscape.com">ssltap-support@netscape.com</A>
+for bug reports.
+<H3>
+History</H3>
+2.1 - First public release (March 1998)
+<BR>&nbsp;
+<H3>
+Other</H3>
+For reference, here is a table of some well-known port numbers:
+<BR>&nbsp;
+<TABLE BORDER=2 >
+<TR>
+<TD>HTTP</TD>
+
+<TD>80</TD>
+</TR>
+
+<TR>
+<TD>SMTP</TD>
+
+<TD>25</TD>
+</TR>
+
+<TR>
+<TD>HTTPS</TD>
+
+<TD>443</TD>
+</TR>
+
+<TR>
+<TD>FTP</TD>
+
+<TD>21</TD>
+</TR>
+
+<TR>
+<TD>IMAPS</TD>
+
+<TD>993</TD>
+</TR>
+
+<TR>
+<TD>NNTP</TD>
+
+<TD>119</TD>
+</TR>
+
+<TR>
+<TD>NNTPS</TD>
+
+<TD>563</TD>
+</TR>
+</TABLE>
+&nbsp;
+
+<P>&nbsp;
+</BODY>
+</HTML>
diff --git a/nss/cmd/ssltap/ssltap.c b/nss/cmd/ssltap/ssltap.c
new file mode 100644
index 0000000..197b194
--- /dev/null
+++ b/nss/cmd/ssltap/ssltap.c
@@ -0,0 +1,2590 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * ssltap.c
+ *
+ * Version 1.0 : Frederick Roeber : 11 June 1997
+ * Version 2.0 : Steve Parkinson  : 13 November 1997
+ * Version 3.0 : Nelson Bolyard   : 22 July 1998
+ * Version 3.1 : Nelson Bolyard   : 24 May  1999
+ *
+ * changes in version 2.0:
+ *  Uses NSPR20
+ *  Shows structure of SSL negotiation, if enabled.
+ *
+ * This "proxies" a socket connection (like a socks tunnel), but displays the
+ * data is it flies by.
+ *
+ * In the code, the 'client' socket is the one on the client side of the
+ * proxy, and the server socket is on the server side.
+ *
+ */
+
+#include "nspr.h"
+#include "plstr.h"
+#include "secutil.h"
+#include <memory.h> /* for memcpy, etc. */
+#include <string.h>
+#include <time.h>
+
+#include "plgetopt.h"
+#include "nss.h"
+#include "cert.h"
+#include "sslproto.h"
+#include "ocsp.h"
+#include "ocspti.h" /* internals for pretty-printing routines *only* */
+
+struct _DataBufferList;
+struct _DataBuffer;
+
+typedef struct _DataBufferList {
+    struct _DataBuffer *first, *last;
+    unsigned int size;
+    int isEncrypted;
+    unsigned char *msgBuf;
+    unsigned int msgBufOffset;
+    unsigned int msgBufSize;
+    unsigned int hMACsize;
+} DataBufferList;
+
+typedef struct _DataBuffer {
+    unsigned char *buffer;
+    int length;
+    int offset; /* offset of first good byte */
+    struct _DataBuffer *next;
+} DataBuffer;
+
+struct sslhandshake {
+    PRUint8 type;
+    PRUint32 length;
+};
+
+typedef struct _SSLRecord {
+    PRUint8 type;
+    PRUint8 ver_maj, ver_min;
+
+    PRUint8 length[2];
+} SSLRecord;
+
+typedef struct _ClientHelloV2 {
+    PRUint8 length[2];
+    PRUint8 type;
+    PRUint8 version[2];
+    PRUint8 cslength[2];
+    PRUint8 sidlength[2];
+    PRUint8 rndlength[2];
+    PRUint8 csuites[1];
+} ClientHelloV2;
+
+typedef struct _ServerHelloV2 {
+    PRUint8 length[2];
+    PRUint8 type;
+    PRUint8 sidhit;
+    PRUint8 certtype;
+    PRUint8 version[2];
+    PRUint8 certlength[2];
+    PRUint8 cslength[2];
+    PRUint8 cidlength[2];
+} ServerHelloV2;
+
+typedef struct _ClientMasterKeyV2 {
+    PRUint8 length[2];
+    PRUint8 type;
+
+    PRUint8 cipherkind[3];
+    PRUint8 clearkey[2];
+    PRUint8 secretkey[2];
+
+} ClientMasterKeyV2;
+
+/* forward declaration */
+void showErr(const char *msg);
+
+#define TAPBUFSIZ 16384
+
+#define DEFPORT 1924
+#include <ctype.h>
+
+const char *progName;
+int hexparse = 0;
+int sslparse = 0;
+int sslhexparse = 0;
+int looparound = 0;
+int fancy = 0;
+int isV2Session = 0;
+int currentcipher = 0;
+DataBufferList clientstream, serverstream;
+
+#define PR_FPUTS(x) PR_fprintf(PR_STDOUT, x)
+
+#define GET_SHORT(x) ((PRUint16)(((PRUint16)((PRUint8 *)x)[0]) << 8) + ((PRUint16)((PRUint8 *)x)[1]))
+#define GET_24(x) ((PRUint32)(              \
+    (((PRUint32)((PRUint8 *)x)[0]) << 16) + \
+    (((PRUint32)((PRUint8 *)x)[1]) << 8) +  \
+    (((PRUint32)((PRUint8 *)x)[2]) << 0)))
+#define GET_32(x) ((PRUint32)(              \
+    (((PRUint32)((PRUint8 *)x)[0]) << 24) + \
+    (((PRUint32)((PRUint8 *)x)[1]) << 16) + \
+    (((PRUint32)((PRUint8 *)x)[2]) << 8) +  \
+    (((PRUint32)((PRUint8 *)x)[3]) << 0)))
+
+void print_hex(int amt, unsigned char *buf);
+void read_stream_bytes(unsigned char *d, DataBufferList *db, int length);
+
+void
+myhalt(int dblsize, int collectedsize)
+{
+
+    PR_fprintf(PR_STDERR, "HALTED\n");
+    PR_ASSERT(dblsize == collectedsize);
+    exit(13);
+}
+
+const char *
+get_error_text(int error)
+{
+    switch (error) {
+        case PR_IO_TIMEOUT_ERROR:
+            return "Timeout";
+            break;
+        case PR_CONNECT_REFUSED_ERROR:
+            return "Connection refused";
+            break;
+        case PR_NETWORK_UNREACHABLE_ERROR:
+            return "Network unreachable";
+            break;
+        case PR_BAD_ADDRESS_ERROR:
+            return "Bad address";
+            break;
+        case PR_CONNECT_RESET_ERROR:
+            return "Connection reset";
+            break;
+        case PR_PIPE_ERROR:
+            return "Pipe error";
+            break;
+    }
+
+    return "";
+}
+
+void
+check_integrity(DataBufferList *dbl)
+{
+    DataBuffer *db;
+    int i;
+
+    db = dbl->first;
+    i = 0;
+    while (db) {
+        i += db->length - db->offset;
+        db = db->next;
+    }
+    if (i != dbl->size) {
+        myhalt(dbl->size, i);
+    }
+}
+
+/* Free's the DataBuffer at the head of the list and returns the pointer
+ * to the new head of the list.
+ */
+DataBuffer *
+free_head(DataBufferList *dbl)
+{
+    DataBuffer *db = dbl->first;
+    PR_ASSERT(db->offset >= db->length);
+    if (db->offset >= db->length) {
+        dbl->first = db->next;
+        if (dbl->first == NULL) {
+            dbl->last = NULL;
+        }
+        PORT_Free(db->buffer);
+        PORT_Free(db);
+        db = dbl->first;
+    }
+    return db;
+}
+
+void
+read_stream_bytes(unsigned char *d, DataBufferList *dbl, int length)
+{
+    int copied = 0;
+    DataBuffer *db = dbl->first;
+
+    if (!db) {
+        PR_fprintf(PR_STDERR, "assert failed - dbl->first is null\n");
+        exit(8);
+    }
+    while (length) {
+        int toCopy;
+        /* find the number of bytes to copy from the head buffer */
+        /* if there's too many in this buffer, then only copy 'length' */
+        toCopy = PR_MIN(db->length - db->offset, length);
+
+        memcpy(d + copied, db->buffer + db->offset, toCopy);
+        copied += toCopy;
+        db->offset += toCopy;
+        length -= toCopy;
+        dbl->size -= toCopy;
+
+        /* if we emptied the head buffer */
+        if (db->offset >= db->length) {
+            db = free_head(dbl);
+        }
+    }
+
+    check_integrity(dbl);
+}
+
+void
+flush_stream(DataBufferList *dbl)
+{
+    DataBuffer *db = dbl->first;
+    check_integrity(dbl);
+    while (db) {
+        db->offset = db->length;
+        db = free_head(dbl);
+    }
+    dbl->size = 0;
+    check_integrity(dbl);
+    if (dbl->msgBuf) {
+        PORT_Free(dbl->msgBuf);
+        dbl->msgBuf = NULL;
+    }
+    dbl->msgBufOffset = 0;
+    dbl->msgBufSize = 0;
+    dbl->hMACsize = 0;
+}
+
+const char *
+V2CipherString(int cs_int)
+{
+    char *cs_str;
+    cs_str = NULL;
+    switch (cs_int) {
+
+        case 0x010080:
+            cs_str = "SSL2/RSA/RC4-128/MD5";
+            break;
+        case 0x020080:
+            cs_str = "SSL2/RSA/RC4-40/MD5";
+            break;
+        case 0x030080:
+            cs_str = "SSL2/RSA/RC2CBC128/MD5";
+            break;
+        case 0x040080:
+            cs_str = "SSL2/RSA/RC2CBC40/MD5";
+            break;
+        case 0x050080:
+            cs_str = "SSL2/RSA/IDEA128CBC/MD5";
+            break;
+        case 0x060040:
+            cs_str = "SSL2/RSA/DES56-CBC/MD5";
+            break;
+        case 0x0700C0:
+            cs_str = "SSL2/RSA/3DES192EDE-CBC/MD5";
+            break;
+
+        case 0x000001:
+            cs_str = "SSL3/RSA/NULL/MD5";
+            break;
+        case 0x000002:
+            cs_str = "SSL3/RSA/NULL/SHA";
+            break;
+        case 0x000003:
+            cs_str = "SSL3/RSA/RC4-40/MD5";
+            break;
+        case 0x000004:
+            cs_str = "SSL3/RSA/RC4-128/MD5";
+            break;
+        case 0x000005:
+            cs_str = "SSL3/RSA/RC4-128/SHA";
+            break;
+        case 0x000006:
+            cs_str = "SSL3/RSA/RC2CBC40/MD5";
+            break;
+        case 0x000007:
+            cs_str = "SSL3/RSA/IDEA128CBC/SHA";
+            break;
+        case 0x000008:
+            cs_str = "SSL3/RSA/DES40-CBC/SHA";
+            break;
+        case 0x000009:
+            cs_str = "SSL3/RSA/DES56-CBC/SHA";
+            break;
+        case 0x00000A:
+            cs_str = "SSL3/RSA/3DES192EDE-CBC/SHA";
+            break;
+
+        case 0x00000B:
+            cs_str = "SSL3/DH-DSS/DES40-CBC/SHA";
+            break;
+        case 0x00000C:
+            cs_str = "SSL3/DH-DSS/DES56-CBC/SHA";
+            break;
+        case 0x00000D:
+            cs_str = "SSL3/DH-DSS/DES192EDE3CBC/SHA";
+            break;
+        case 0x00000E:
+            cs_str = "SSL3/DH-RSA/DES40-CBC/SHA";
+            break;
+        case 0x00000F:
+            cs_str = "SSL3/DH-RSA/DES56-CBC/SHA";
+            break;
+        case 0x000010:
+            cs_str = "SSL3/DH-RSA/3DES192EDE-CBC/SHA";
+            break;
+
+        case 0x000011:
+            cs_str = "SSL3/DHE-DSS/DES40-CBC/SHA";
+            break;
+        case 0x000012:
+            cs_str = "SSL3/DHE-DSS/DES56-CBC/SHA";
+            break;
+        case 0x000013:
+            cs_str = "SSL3/DHE-DSS/DES192EDE3CBC/SHA";
+            break;
+        case 0x000014:
+            cs_str = "SSL3/DHE-RSA/DES40-CBC/SHA";
+            break;
+        case 0x000015:
+            cs_str = "SSL3/DHE-RSA/DES56-CBC/SHA";
+            break;
+        case 0x000016:
+            cs_str = "SSL3/DHE-RSA/3DES192EDE-CBC/SHA";
+            break;
+
+        case 0x000017:
+            cs_str = "SSL3/DH-anon/RC4-40/MD5";
+            break;
+        case 0x000018:
+            cs_str = "SSL3/DH-anon/RC4-128/MD5";
+            break;
+        case 0x000019:
+            cs_str = "SSL3/DH-anon/DES40-CBC/SHA";
+            break;
+        case 0x00001A:
+            cs_str = "SSL3/DH-anon/DES56-CBC/SHA";
+            break;
+        case 0x00001B:
+            cs_str = "SSL3/DH-anon/3DES192EDE-CBC/SHA";
+            break;
+
+        case 0x00001C:
+            cs_str = "SSL3/FORTEZZA-DMS/NULL/SHA";
+            break;
+        case 0x00001D:
+            cs_str = "SSL3/FORTEZZA-DMS/FORTEZZA-CBC/SHA";
+            break;
+        case 0x00001E:
+            cs_str = "SSL3/FORTEZZA-DMS/RC4-128/SHA";
+            break;
+
+        case 0x00002F:
+            cs_str = "TLS/RSA/AES128-CBC/SHA";
+            break;
+        case 0x000030:
+            cs_str = "TLS/DH-DSS/AES128-CBC/SHA";
+            break;
+        case 0x000031:
+            cs_str = "TLS/DH-RSA/AES128-CBC/SHA";
+            break;
+        case 0x000032:
+            cs_str = "TLS/DHE-DSS/AES128-CBC/SHA";
+            break;
+        case 0x000033:
+            cs_str = "TLS/DHE-RSA/AES128-CBC/SHA";
+            break;
+        case 0x000034:
+            cs_str = "TLS/DH-ANON/AES128-CBC/SHA";
+            break;
+
+        case 0x000035:
+            cs_str = "TLS/RSA/AES256-CBC/SHA";
+            break;
+        case 0x000036:
+            cs_str = "TLS/DH-DSS/AES256-CBC/SHA";
+            break;
+        case 0x000037:
+            cs_str = "TLS/DH-RSA/AES256-CBC/SHA";
+            break;
+        case 0x000038:
+            cs_str = "TLS/DHE-DSS/AES256-CBC/SHA";
+            break;
+        case 0x000039:
+            cs_str = "TLS/DHE-RSA/AES256-CBC/SHA";
+            break;
+        case 0x00003A:
+            cs_str = "TLS/DH-ANON/AES256-CBC/SHA";
+            break;
+
+        case 0x00003B:
+            cs_str = "TLS/RSA/NULL/SHA256";
+            break;
+        case 0x00003C:
+            cs_str = "TLS/RSA/AES128-CBC/SHA256";
+            break;
+        case 0x00003D:
+            cs_str = "TLS/RSA/AES256-CBC/SHA256";
+            break;
+        case 0x00003E:
+            cs_str = "TLS/DH-DSS/AES128-CBC/SHA256";
+            break;
+        case 0x00003F:
+            cs_str = "TLS/DH-RSA/AES128-CBC/SHA256";
+            break;
+        case 0x000040:
+            cs_str = "TLS/DHE-DSS/AES128-CBC/SHA256";
+            break;
+
+        case 0x000041:
+            cs_str = "TLS/RSA/CAMELLIA128-CBC/SHA";
+            break;
+        case 0x000042:
+            cs_str = "TLS/DH-DSS/CAMELLIA128-CBC/SHA";
+            break;
+        case 0x000043:
+            cs_str = "TLS/DH-RSA/CAMELLIA128-CBC/SHA";
+            break;
+        case 0x000044:
+            cs_str = "TLS/DHE-DSS/CAMELLIA128-CBC/SHA";
+            break;
+        case 0x000045:
+            cs_str = "TLS/DHE-RSA/CAMELLIA128-CBC/SHA";
+            break;
+        case 0x000046:
+            cs_str = "TLS/DH-ANON/CAMELLIA128-CBC/SHA";
+            break;
+
+        case 0x000060:
+            cs_str = "TLS/RSA-EXPORT1024/RC4-56/MD5";
+            break;
+        case 0x000061:
+            cs_str = "TLS/RSA-EXPORT1024/RC2CBC56/MD5";
+            break;
+        case 0x000062:
+            cs_str = "TLS/RSA-EXPORT1024/DES56-CBC/SHA";
+            break;
+        case 0x000064:
+            cs_str = "TLS/RSA-EXPORT1024/RC4-56/SHA";
+            break;
+        case 0x000063:
+            cs_str = "TLS/DHE-DSS_EXPORT1024/DES56-CBC/SHA";
+            break;
+        case 0x000065:
+            cs_str = "TLS/DHE-DSS_EXPORT1024/RC4-56/SHA";
+            break;
+        case 0x000066:
+            cs_str = "TLS/DHE-DSS/RC4-128/SHA";
+            break;
+
+        case 0x000067:
+            cs_str = "TLS/DHE-RSA/AES128-CBC/SHA256";
+            break;
+        case 0x000068:
+            cs_str = "TLS/DH-DSS/AES256-CBC/SHA256";
+            break;
+        case 0x000069:
+            cs_str = "TLS/DH-RSA/AES256-CBC/SHA256";
+            break;
+        case 0x00006A:
+            cs_str = "TLS/DHE-DSS/AES256-CBC/SHA256";
+            break;
+        case 0x00006B:
+            cs_str = "TLS/DHE-RSA/AES256-CBC/SHA256";
+            break;
+
+        case 0x000072:
+            cs_str = "TLS/DHE-DSS/3DESEDE-CBC/RMD160";
+            break;
+        case 0x000073:
+            cs_str = "TLS/DHE-DSS/AES128-CBC/RMD160";
+            break;
+        case 0x000074:
+            cs_str = "TLS/DHE-DSS/AES256-CBC/RMD160";
+            break;
+
+        case 0x000079:
+            cs_str = "TLS/DHE-RSA/AES256-CBC/RMD160";
+            break;
+
+        case 0x00007C:
+            cs_str = "TLS/RSA/3DESEDE-CBC/RMD160";
+            break;
+        case 0x00007D:
+            cs_str = "TLS/RSA/AES128-CBC/RMD160";
+            break;
+        case 0x00007E:
+            cs_str = "TLS/RSA/AES256-CBC/RMD160";
+            break;
+
+        case 0x000080:
+            cs_str = "TLS/GOST341094/GOST28147-OFB/GOST28147";
+            break;
+        case 0x000081:
+            cs_str = "TLS/GOST34102001/GOST28147-OFB/GOST28147";
+            break;
+        case 0x000082:
+            cs_str = "TLS/GOST341094/NULL/GOSTR3411";
+            break;
+        case 0x000083:
+            cs_str = "TLS/GOST34102001/NULL/GOSTR3411";
+            break;
+
+        case 0x000084:
+            cs_str = "TLS/RSA/CAMELLIA256-CBC/SHA";
+            break;
+        case 0x000085:
+            cs_str = "TLS/DH-DSS/CAMELLIA256-CBC/SHA";
+            break;
+        case 0x000086:
+            cs_str = "TLS/DH-RSA/CAMELLIA256-CBC/SHA";
+            break;
+        case 0x000087:
+            cs_str = "TLS/DHE-DSS/CAMELLIA256-CBC/SHA";
+            break;
+        case 0x000088:
+            cs_str = "TLS/DHE-RSA/CAMELLIA256-CBC/SHA";
+            break;
+        case 0x000089:
+            cs_str = "TLS/DH-ANON/CAMELLIA256-CBC/SHA";
+            break;
+        case 0x00008A:
+            cs_str = "TLS/PSK/RC4-128/SHA";
+            break;
+        case 0x00008B:
+            cs_str = "TLS/PSK/3DES-EDE-CBC/SHA";
+            break;
+        case 0x00008C:
+            cs_str = "TLS/PSK/AES128-CBC/SHA";
+            break;
+        case 0x00008D:
+            cs_str = "TLS/PSK/AES256-CBC/SHA";
+            break;
+        case 0x00008E:
+            cs_str = "TLS/DHE-PSK/RC4-128/SHA";
+            break;
+        case 0x00008F:
+            cs_str = "TLS/DHE-PSK/3DES-EDE-CBC/SHA";
+            break;
+        case 0x000090:
+            cs_str = "TLS/DHE-PSK/AES128-CBC/SHA";
+            break;
+        case 0x000091:
+            cs_str = "TLS/DHE-PSK/AES256-CBC/SHA";
+            break;
+        case 0x000092:
+            cs_str = "TLS/RSA-PSK/RC4-128/SHA";
+            break;
+        case 0x000093:
+            cs_str = "TLS/RSA-PSK/3DES-EDE-CBC/SHA";
+            break;
+        case 0x000094:
+            cs_str = "TLS/RSA-PSK/AES128-CBC/SHA";
+            break;
+        case 0x000095:
+            cs_str = "TLS/RSA-PSK/AES256-CBC/SHA";
+            break;
+        case 0x000096:
+            cs_str = "TLS/RSA/SEED-CBC/SHA";
+            break;
+        case 0x000097:
+            cs_str = "TLS/DH-DSS/SEED-CBC/SHA";
+            break;
+        case 0x000098:
+            cs_str = "TLS/DH-RSA/SEED-CBC/SHA";
+            break;
+        case 0x000099:
+            cs_str = "TLS/DHE-DSS/SEED-CBC/SHA";
+            break;
+        case 0x00009A:
+            cs_str = "TLS/DHE-RSA/SEED-CBC/SHA";
+            break;
+        case 0x00009B:
+            cs_str = "TLS/DH-ANON/SEED-CBC/SHA";
+            break;
+        case 0x00009C:
+            cs_str = "TLS/RSA/AES128-GCM/SHA256";
+            break;
+        case 0x00009E:
+            cs_str = "TLS/DHE-RSA/AES128-GCM/SHA256";
+            break;
+
+        case 0x0000FF:
+            cs_str = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
+            break;
+        case 0x005600:
+            cs_str = "TLS_FALLBACK_SCSV";
+            break;
+
+        case 0x00C001:
+            cs_str = "TLS/ECDH-ECDSA/NULL/SHA";
+            break;
+        case 0x00C002:
+            cs_str = "TLS/ECDH-ECDSA/RC4-128/SHA";
+            break;
+        case 0x00C003:
+            cs_str = "TLS/ECDH-ECDSA/3DES-EDE-CBC/SHA";
+            break;
+        case 0x00C004:
+            cs_str = "TLS/ECDH-ECDSA/AES128-CBC/SHA";
+            break;
+        case 0x00C005:
+            cs_str = "TLS/ECDH-ECDSA/AES256-CBC/SHA";
+            break;
+        case 0x00C006:
+            cs_str = "TLS/ECDHE-ECDSA/NULL/SHA";
+            break;
+        case 0x00C007:
+            cs_str = "TLS/ECDHE-ECDSA/RC4-128/SHA";
+            break;
+        case 0x00C008:
+            cs_str = "TLS/ECDHE-ECDSA/3DES-EDE-CBC/SHA";
+            break;
+        case 0x00C009:
+            cs_str = "TLS/ECDHE-ECDSA/AES128-CBC/SHA";
+            break;
+        case 0x00C00A:
+            cs_str = "TLS/ECDHE-ECDSA/AES256-CBC/SHA";
+            break;
+        case 0x00C00B:
+            cs_str = "TLS/ECDH-RSA/NULL/SHA";
+            break;
+        case 0x00C00C:
+            cs_str = "TLS/ECDH-RSA/RC4-128/SHA";
+            break;
+        case 0x00C00D:
+            cs_str = "TLS/ECDH-RSA/3DES-EDE-CBC/SHA";
+            break;
+        case 0x00C00E:
+            cs_str = "TLS/ECDH-RSA/AES128-CBC/SHA";
+            break;
+        case 0x00C00F:
+            cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA";
+            break;
+        case 0x00C010:
+            cs_str = "TLS/ECDHE-RSA/NULL/SHA";
+            break;
+        case 0x00C011:
+            cs_str = "TLS/ECDHE-RSA/RC4-128/SHA";
+            break;
+        case 0x00C012:
+            cs_str = "TLS/ECDHE-RSA/3DES-EDE-CBC/SHA";
+            break;
+        case 0x00C013:
+            cs_str = "TLS/ECDHE-RSA/AES128-CBC/SHA";
+            break;
+        case 0x00C014:
+            cs_str = "TLS/ECDHE-RSA/AES256-CBC/SHA";
+            break;
+        case 0x00C015:
+            cs_str = "TLS/ECDH-anon/NULL/SHA";
+            break;
+        case 0x00C016:
+            cs_str = "TLS/ECDH-anon/RC4-128/SHA";
+            break;
+        case 0x00C017:
+            cs_str = "TLS/ECDH-anon/3DES-EDE-CBC/SHA";
+            break;
+        case 0x00C018:
+            cs_str = "TLS/ECDH-anon/AES128-CBC/SHA";
+            break;
+        case 0x00C019:
+            cs_str = "TLS/ECDH-anon/AES256-CBC/SHA";
+            break;
+
+        case 0x00C023:
+            cs_str = "TLS/ECDHE-ECDSA/AES128-CBC/SHA256";
+            break;
+        case 0x00C024:
+            cs_str = "TLS/ECDHE-ECDSA/AES256-CBC/SHA384";
+            break;
+        case 0x00C025:
+            cs_str = "TLS/ECDH-ECDSA/AES128-CBC/SHA256";
+            break;
+        case 0x00C026:
+            cs_str = "TLS/ECDH-ECDSA/AES256-CBC/SHA384";
+            break;
+        case 0x00C027:
+            cs_str = "TLS/ECDHE-RSA/AES128-CBC/SHA256";
+            break;
+        case 0x00C028:
+            cs_str = "TLS/ECDHE-RSA/AES256-CBC/SHA384";
+            break;
+        case 0x00C029:
+            cs_str = "TLS/ECDH-RSA/AES128-CBC/SHA256";
+            break;
+        case 0x00C02A:
+            cs_str = "TLS/ECDH-RSA/AES256-CBC/SHA384";
+            break;
+        case 0x00C02B:
+            cs_str = "TLS/ECDHE-ECDSA/AES128-GCM/SHA256";
+            break;
+        case 0x00C02C:
+            cs_str = "TLS/ECDHE-ECDSA/AES256-GCM/SHA384";
+            break;
+        case 0x00C02F:
+            cs_str = "TLS/ECDHE-RSA/AES128-GCM/SHA256";
+            break;
+
+        case 0x00CCA8:
+            cs_str = "TLS/ECDHE-RSA/CHACHA20-POLY1305/SHA256";
+            break;
+        case 0x00CCA9:
+            cs_str = "TLS/ECDHE-ECDSA/CHACHA20-POLY1305/SHA256";
+            break;
+        case 0x00CCAA:
+            cs_str = "TLS/DHE-RSA/CHACHA20-POLY1305/SHA256";
+            break;
+
+        case 0x00FEFF:
+            cs_str = "SSL3/RSA-FIPS/3DESEDE-CBC/SHA";
+            break;
+        case 0x00FEFE:
+            cs_str = "SSL3/RSA-FIPS/DES-CBC/SHA";
+            break;
+        case 0x00FFE1:
+            cs_str = "SSL3/RSA-FIPS/DES56-CBC/SHA";
+            break;
+        case 0x00FFE0:
+            cs_str = "SSL3/RSA-FIPS/3DES192EDE-CBC/SHA";
+            break;
+
+        /* the string literal is broken up to avoid trigraphs */
+        default:
+            cs_str = "????"
+                     "/????????"
+                     "/?????????"
+                     "/???";
+            break;
+    }
+
+    return cs_str;
+}
+
+const char *
+CompressionMethodString(int cm_int)
+{
+    char *cm_str;
+    cm_str = NULL;
+    switch (cm_int) {
+        case 0:
+            cm_str = "NULL";
+            break;
+        case 1:
+            cm_str = "DEFLATE";
+            break; /* RFC 3749 */
+        case 64:
+            cm_str = "LZS";
+            break; /* RFC 3943 */
+        default:
+            cm_str = "???";
+            break;
+    }
+
+    return cm_str;
+}
+
+const char *
+helloExtensionNameString(int ex_num)
+{
+    const char *ex_name = NULL;
+    static char buf[10];
+
+    switch (ex_num) {
+        case 0:
+            ex_name = "server_name";
+            break;
+        case 1:
+            ex_name = "max_fragment_length";
+            break;
+        case 2:
+            ex_name = "client_certificate_url";
+            break;
+        case 3:
+            ex_name = "trusted_ca_keys";
+            break;
+        case 4:
+            ex_name = "truncated_hmac";
+            break;
+        case 5:
+            ex_name = "status_request";
+            break;
+        case 10:
+            ex_name = "elliptic_curves";
+            break;
+        case 11:
+            ex_name = "ec_point_formats";
+            break;
+        case 13:
+            ex_name = "signature_algorithms";
+            break;
+        case 35:
+            ex_name = "session_ticket";
+            break;
+        case 0xff01:
+            ex_name = "renegotiation_info";
+            break;
+        default:
+            sprintf(buf, "%d", ex_num);
+            ex_name = (const char *)buf;
+            break;
+    }
+
+    return ex_name;
+}
+
+static int
+isNULLmac(int cs_int)
+{
+    return (cs_int == TLS_NULL_WITH_NULL_NULL);
+}
+
+static int
+isNULLcipher(int cs_int)
+{
+    return ((cs_int == TLS_RSA_WITH_NULL_MD5) ||
+            (cs_int == TLS_RSA_WITH_NULL_SHA) ||
+            (cs_int == SSL_FORTEZZA_DMS_WITH_NULL_SHA) ||
+            (cs_int == TLS_ECDH_ECDSA_WITH_NULL_SHA) ||
+            (cs_int == TLS_ECDHE_ECDSA_WITH_NULL_SHA) ||
+            (cs_int == TLS_ECDH_RSA_WITH_NULL_SHA) ||
+            (cs_int == TLS_ECDHE_RSA_WITH_NULL_SHA));
+}
+
+void
+partial_packet(int thispacket, int size, int needed)
+{
+    PR_fprintf(PR_STDOUT, "(%u bytes", thispacket);
+    if (thispacket < needed) {
+        PR_fprintf(PR_STDOUT, ", making %u", size);
+    }
+    PR_fprintf(PR_STDOUT, " of %u", needed);
+    if (size > needed) {
+        PR_fprintf(PR_STDOUT, ", with %u left over", size - needed);
+    }
+    PR_fprintf(PR_STDOUT, ")\n");
+}
+
+char *
+get_time_string(void)
+{
+    char *cp;
+    char *eol;
+    time_t tt;
+
+    time(&tt);
+    cp = ctime(&tt);
+    eol = strchr(cp, '\n');
+    if (eol)
+        *eol = 0;
+    return cp;
+}
+
+void
+print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recordLen)
+{
+    ClientHelloV2 *chv2;
+    ServerHelloV2 *shv2;
+    unsigned char *pos;
+    unsigned int p;
+    unsigned int q;
+    PRUint32 len;
+
+    chv2 = (ClientHelloV2 *)recordBuf;
+    shv2 = (ServerHelloV2 *)recordBuf;
+    if (s->isEncrypted) {
+        PR_fprintf(PR_STDOUT, " [ssl2]  Encrypted {...}\n");
+        return;
+    }
+    PR_fprintf(PR_STDOUT, " [%s]", get_time_string());
+    switch (chv2->type) {
+        case 1:
+            PR_fprintf(PR_STDOUT, " [ssl2]  ClientHelloV2 {\n");
+            PR_fprintf(PR_STDOUT, "           version = {0x%02x, 0x%02x}\n",
+                       (PRUint32)chv2->version[0], (PRUint32)chv2->version[1]);
+            PR_fprintf(PR_STDOUT, "           cipher-specs-length = %d (0x%02x)\n",
+                       (PRUint32)(GET_SHORT((chv2->cslength))),
+                       (PRUint32)(GET_SHORT((chv2->cslength))));
+            PR_fprintf(PR_STDOUT, "           sid-length = %d (0x%02x)\n",
+                       (PRUint32)(GET_SHORT((chv2->sidlength))),
+                       (PRUint32)(GET_SHORT((chv2->sidlength))));
+            PR_fprintf(PR_STDOUT, "           challenge-length = %d (0x%02x)\n",
+                       (PRUint32)(GET_SHORT((chv2->rndlength))),
+                       (PRUint32)(GET_SHORT((chv2->rndlength))));
+            PR_fprintf(PR_STDOUT, "           cipher-suites = { \n");
+            for (p =
+                     0;
+                 p < (PRUint32)GET_SHORT((chv2->cslength)); p += 3) {
+                PRUint32 cs_int = GET_24((&chv2->csuites[p]));
+                const char *cs_str =
+                    V2CipherString(cs_int);
+
+                PR_fprintf(PR_STDOUT, "                (0x%06x) %s\n",
+                           cs_int, cs_str);
+            }
+            q = p;
+            PR_fprintf(PR_STDOUT, "                }\n");
+            if (GET_SHORT((chv2->sidlength))) {
+                PR_fprintf(PR_STDOUT, "           session-id = { ");
+                for (p = 0;
+                     p < (PRUint32)GET_SHORT((chv2->sidlength)); p += 2) {
+                    PR_fprintf(PR_STDOUT, "0x%04x ", (PRUint32)(GET_SHORT((&chv2->csuites[p + q]))));
+                }
+            }
+            q += p;
+            PR_fprintf(PR_STDOUT, "}\n");
+            if (GET_SHORT((chv2->rndlength))) {
+                PR_fprintf(PR_STDOUT, "           challenge = { ");
+                for (p = 0;
+                     p < (PRUint32)GET_SHORT((chv2->rndlength)); p += 2) {
+                    PR_fprintf(PR_STDOUT, "0x%04x ", (PRUint32)(GET_SHORT((&chv2->csuites[p + q]))));
+                }
+                PR_fprintf(PR_STDOUT, "}\n");
+            }
+            PR_fprintf(PR_STDOUT, "}\n");
+            break;
+        /* end of V2 CLientHello Parsing */
+
+        case 2: /* Client Master Key  */
+        {
+            const char *cs_str =
+                NULL;
+            PRUint32 cs_int =
+                0;
+            ClientMasterKeyV2 *cmkv2;
+            cmkv2 = (ClientMasterKeyV2 *)chv2;
+            isV2Session = 1;
+
+            PR_fprintf(PR_STDOUT, " [ssl2]  ClientMasterKeyV2 { \n");
+
+            cs_int = GET_24(&cmkv2->cipherkind[0]);
+            cs_str = V2CipherString(cs_int);
+            PR_fprintf(PR_STDOUT, "         cipher-spec-chosen = (0x%06x) %s\n",
+                       cs_int, cs_str);
+
+            PR_fprintf(PR_STDOUT, "         clear-portion = %d bits\n",
+                       8 *
+                           (PRUint32)(GET_SHORT((cmkv2->clearkey))));
+
+            PR_fprintf(PR_STDOUT, "      }\n");
+            clientstream.isEncrypted = 1;
+            serverstream.isEncrypted = 1;
+        } break;
+
+        case 3:
+            PR_fprintf(PR_STDOUT, " [ssl2]  Client Finished V2 {...}\n");
+            isV2Session = 1;
+            break;
+
+        case 4: /* V2 Server Hello */
+            isV2Session = 1;
+
+            PR_fprintf(PR_STDOUT, " [ssl2]  ServerHelloV2 {\n");
+            PR_fprintf(PR_STDOUT, "           sid hit = {0x%02x}\n",
+                       (PRUintn)shv2->sidhit);
+            PR_fprintf(PR_STDOUT, "           version = {0x%02x, 0x%02x}\n",
+                       (PRUint32)shv2->version[0], (PRUint32)shv2->version[1]);
+            PR_fprintf(PR_STDOUT, "           cipher-specs-length = %d (0x%02x)\n",
+                       (PRUint32)(GET_SHORT((shv2->cslength))),
+                       (PRUint32)(GET_SHORT((shv2->cslength))));
+            PR_fprintf(PR_STDOUT, "           sid-length = %d (0x%02x)\n",
+                       (PRUint32)(GET_SHORT((shv2->cidlength))),
+                       (PRUint32)(GET_SHORT((shv2->cidlength))));
+
+            pos = (unsigned char *)shv2;
+            pos += 2;  /* skip length header */
+            pos += 11; /* position pointer to Certificate data area */
+            q = GET_SHORT(&shv2->certlength);
+            if (q > recordLen) {
+                goto eosh;
+            }
+            pos += q; /* skip certificate */
+
+            PR_fprintf(PR_STDOUT, "           cipher-suites = { ");
+            len = GET_SHORT((shv2->cslength));
+            for (p = 0; p < len; p += 3) {
+                PRUint32 cs_int = GET_24((pos + p));
+                const char *cs_str =
+                    V2CipherString(cs_int);
+                PR_fprintf(PR_STDOUT, "\n              ");
+                PR_fprintf(PR_STDOUT, "(0x%06x) %s", cs_int, cs_str);
+            }
+            pos += len;
+            PR_fprintf(PR_STDOUT, "   }\n"); /* End of cipher suites */
+            len = (PRUint32)GET_SHORT((shv2->cidlength));
+            if (len) {
+                PR_fprintf(PR_STDOUT, "           connection-id = { ");
+                for (p =
+                         0;
+                     p < len; p += 2) {
+                    PR_fprintf(PR_STDOUT, "0x%04x ", (PRUint32)(GET_SHORT((pos +
+                                                                           p))));
+                }
+                PR_fprintf(PR_STDOUT, "   }\n"); /* End of connection id */
+            }
+        eosh:
+            PR_fprintf(PR_STDOUT, "\n              }\n"); /* end of ServerHelloV2 */
+            if (shv2->sidhit) {
+                clientstream.isEncrypted =
+                    1;
+                serverstream.isEncrypted =
+                    1;
+            }
+            break;
+
+        case 5:
+            PR_fprintf(PR_STDOUT, " [ssl2]  Server Verify V2 {...}\n");
+            isV2Session = 1;
+            break;
+
+        case 6:
+            PR_fprintf(PR_STDOUT, " [ssl2]  Server Finished V2 {...}\n");
+            isV2Session = 1;
+            break;
+
+        case 7:
+            PR_fprintf(PR_STDOUT, " [ssl2]  Request Certificate V2 {...}\n");
+            isV2Session = 1;
+            break;
+
+        case 8:
+            PR_fprintf(PR_STDOUT, " [ssl2]  Client Certificate V2 {...}\n");
+            isV2Session = 1;
+            break;
+
+        default:
+            PR_fprintf(PR_STDOUT, " [ssl2]  UnknownType 0x%02x {...}\n",
+                       (PRUint32)chv2->type);
+            break;
+    }
+}
+
+unsigned int
+print_hello_extension(unsigned char *hsdata,
+                      unsigned int length,
+                      unsigned int pos)
+{
+    /* pretty print extensions, if any */
+    if (pos < length) {
+        int exListLen = GET_SHORT((hsdata + pos));
+        pos += 2;
+        PR_fprintf(PR_STDOUT,
+                   "            extensions[%d] = {\n", exListLen);
+        while (exListLen > 0 && pos < length) {
+            int exLen;
+            int exType = GET_SHORT((hsdata + pos));
+            pos += 2;
+            exLen = GET_SHORT((hsdata + pos));
+            pos += 2;
+            /* dump the extension */
+            PR_fprintf(PR_STDOUT,
+                       "              extension type %s, length [%d]",
+                       helloExtensionNameString(exType), exLen);
+            if (exLen > 0) {
+                PR_fprintf(PR_STDOUT, " = {\n");
+                print_hex(exLen, hsdata + pos);
+                PR_fprintf(PR_STDOUT, "              }\n");
+            } else {
+                PR_fprintf(PR_STDOUT, "\n");
+            }
+            pos += exLen;
+            exListLen -= 2 + exLen;
+        }
+        PR_fprintf(PR_STDOUT, "            }\n");
+    }
+    return pos;
+}
+
+/*
+ * Note this must match (exactly) the enumeration ocspResponseStatus.
+ */
+static char *responseStatusNames[] = {
+    "successful (Response has valid confirmations)",
+    "malformedRequest (Illegal confirmation request)",
+    "internalError (Internal error in issuer)",
+    "tryLater (Try again later)",
+    "unused ((4) is not used)",
+    "sigRequired (Must sign the request)",
+    "unauthorized (Request unauthorized)",
+};
+
+static void
+print_ocsp_cert_id(FILE *out_file, CERTOCSPCertID *cert_id, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Cert ID:\n");
+    level++;
+    /*
+    SECU_PrintAlgorithmID (out_file, &(cert_id->hashAlgorithm),
+                           "Hash Algorithm", level);
+    SECU_PrintAsHex (out_file, &(cert_id->issuerNameHash),
+                     "Issuer Name Hash", level);
+    SECU_PrintAsHex (out_file, &(cert_id->issuerKeyHash),
+                     "Issuer Key Hash", level);
+*/
+    SECU_PrintInteger(out_file, &(cert_id->serialNumber),
+                      "Serial Number", level);
+    /* XXX lookup the cert; if found, print something nice (nickname?) */
+}
+
+static void
+print_ocsp_version(FILE *out_file, SECItem *version, int level)
+{
+    if (version->len > 0) {
+        SECU_PrintInteger(out_file, version, "Version", level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "Version: DEFAULT\n");
+    }
+}
+
+static void
+print_responder_id(FILE *out_file, ocspResponderID *responderID, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Responder ID ");
+
+    switch (responderID->responderIDType) {
+        case ocspResponderID_byName:
+            fprintf(out_file, "(byName):\n");
+            SECU_PrintName(out_file, &(responderID->responderIDValue.name),
+                           "Name", level + 1);
+            break;
+        case ocspResponderID_byKey:
+            fprintf(out_file, "(byKey):\n");
+            SECU_PrintAsHex(out_file, &(responderID->responderIDValue.keyHash),
+                            "Key Hash", level + 1);
+            break;
+        default:
+            fprintf(out_file, "Unrecognized Responder ID Type\n");
+            break;
+    }
+}
+
+static void
+print_ocsp_extensions(FILE *out_file, CERTCertExtension **extensions,
+                      char *msg, int level)
+{
+    if (extensions) {
+        SECU_PrintExtensions(out_file, extensions, msg, level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "No %s\n", msg);
+    }
+}
+
+static void
+print_revoked_info(FILE *out_file, ocspRevokedInfo *revoked_info, int level)
+{
+    SECU_PrintGeneralizedTime(out_file, &(revoked_info->revocationTime),
+                              "Revocation Time", level);
+
+    if (revoked_info->revocationReason != NULL) {
+        SECU_PrintAsHex(out_file, revoked_info->revocationReason,
+                        "Revocation Reason", level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "No Revocation Reason.\n");
+    }
+}
+
+static void
+print_cert_status(FILE *out_file, ocspCertStatus *status, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Status: ");
+
+    switch (status->certStatusType) {
+        case ocspCertStatus_good:
+            fprintf(out_file, "Cert is good.\n");
+            break;
+        case ocspCertStatus_revoked:
+            fprintf(out_file, "Cert has been revoked.\n");
+            print_revoked_info(out_file, status->certStatusInfo.revokedInfo,
+                               level + 1);
+            break;
+        case ocspCertStatus_unknown:
+            fprintf(out_file, "Cert is unknown to responder.\n");
+            break;
+        default:
+            fprintf(out_file, "Unrecognized status.\n");
+            break;
+    }
+}
+
+static void
+print_single_response(FILE *out_file, CERTOCSPSingleResponse *single,
+                      int level)
+{
+    print_ocsp_cert_id(out_file, single->certID, level);
+
+    print_cert_status(out_file, single->certStatus, level);
+
+    SECU_PrintGeneralizedTime(out_file, &(single->thisUpdate),
+                              "This Update", level);
+
+    if (single->nextUpdate != NULL) {
+        SECU_PrintGeneralizedTime(out_file, single->nextUpdate,
+                                  "Next Update", level);
+    } else {
+        SECU_Indent(out_file, level);
+        fprintf(out_file, "No Next Update\n");
+    }
+
+    print_ocsp_extensions(out_file, single->singleExtensions,
+                          "Single Response Extensions", level);
+}
+
+static void
+print_response_data(FILE *out_file, ocspResponseData *responseData, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Response Data:\n");
+    level++;
+
+    print_ocsp_version(out_file, &(responseData->version), level);
+
+    print_responder_id(out_file, responseData->responderID, level);
+
+    SECU_PrintGeneralizedTime(out_file, &(responseData->producedAt),
+                              "Produced At", level);
+
+    if (responseData->responses != NULL) {
+        int i;
+
+        for (i = 0; responseData->responses[i] != NULL; i++) {
+            SECU_Indent(out_file, level);
+            fprintf(out_file, "Response %d:\n", i);
+            print_single_response(out_file, responseData->responses[i],
+                                  level + 1);
+        }
+    } else {
+        fprintf(out_file, "Response list is empty.\n");
+    }
+
+    print_ocsp_extensions(out_file, responseData->responseExtensions,
+                          "Response Extensions", level);
+}
+
+static void
+print_basic_response(FILE *out_file, ocspBasicOCSPResponse *basic, int level)
+{
+    SECU_Indent(out_file, level);
+    fprintf(out_file, "Basic OCSP Response:\n");
+    level++;
+
+    print_response_data(out_file, basic->tbsResponseData, level);
+}
+
+static void
+print_status_response(SECItem *data)
+{
+    int level = 2;
+    CERTOCSPResponse *response;
+    response = CERT_DecodeOCSPResponse(data);
+    if (!response) {
+        SECU_Indent(stdout, level);
+        fprintf(stdout, "unable to decode certificate_status\n");
+        return;
+    }
+
+    SECU_Indent(stdout, level);
+    if (response->statusValue >= ocspResponse_min &&
+        response->statusValue <= ocspResponse_max) {
+        fprintf(stdout, "Response Status: %s\n",
+                responseStatusNames[response->statusValue]);
+    } else {
+        fprintf(stdout,
+                "Response Status: other (Status value %d out of defined range)\n",
+                (int)response->statusValue);
+    }
+
+    if (response->statusValue == ocspResponse_successful) {
+        ocspResponseBytes *responseBytes = response->responseBytes;
+        PORT_Assert(responseBytes != NULL);
+
+        level++;
+        SECU_PrintObjectID(stdout, &(responseBytes->responseType),
+                           "Response Type", level);
+        switch (response->responseBytes->responseTypeTag) {
+            case SEC_OID_PKIX_OCSP_BASIC_RESPONSE:
+                print_basic_response(stdout,
+                                     responseBytes->decodedResponse.basic,
+                                     level);
+                break;
+            default:
+                SECU_Indent(stdout, level);
+                fprintf(stdout, "Unknown response syntax\n");
+                break;
+        }
+    } else {
+        SECU_Indent(stdout, level);
+        fprintf(stdout, "Unsuccessful response, no more information.\n");
+    }
+
+    CERT_DestroyOCSPResponse(response);
+}
+
+/* In the case of renegotiation, handshakes that occur in an already MAC'ed
+ * channel, by the time of this call, the caller has already removed the MAC
+ * from input recordLen. The only MAC'ed record that will get here with its
+ * MAC intact (not removed) is the first Finished message on the connection.
+ */
+void
+print_ssl3_handshake(unsigned char *recordBuf,
+                     unsigned int recordLen,
+                     SSLRecord *sr,
+                     DataBufferList *s)
+{
+    struct sslhandshake sslh;
+    unsigned char *hsdata;
+    unsigned int offset = 0;
+
+    PR_fprintf(PR_STDOUT, "   handshake {\n");
+
+    if (s->msgBufOffset && s->msgBuf) {
+        /* append recordBuf to msgBuf, then use msgBuf */
+        if (s->msgBufOffset + recordLen > s->msgBufSize) {
+            int newSize = s->msgBufOffset + recordLen;
+            unsigned char *newBuf = PORT_Realloc(s->msgBuf, newSize);
+            if (!newBuf) {
+                PR_ASSERT(newBuf);
+                showErr("Realloc failed");
+                exit(10);
+            }
+            s->msgBuf = newBuf;
+            s->msgBufSize = newSize;
+        }
+        memcpy(s->msgBuf + s->msgBufOffset, recordBuf, recordLen);
+        s->msgBufOffset += recordLen;
+        recordLen = s->msgBufOffset;
+        recordBuf = s->msgBuf;
+    }
+    while (offset + 4 <= recordLen) {
+        sslh.type = recordBuf[offset];
+        sslh.length = GET_24(recordBuf + offset + 1);
+        if (offset + 4 + sslh.length > recordLen)
+            break;
+        /* finally have a complete message */
+        if (sslhexparse)
+            print_hex(4, recordBuf + offset);
+
+        hsdata = &recordBuf[offset + 4];
+
+        PR_fprintf(PR_STDOUT, "      type = %d (", sslh.type);
+        switch (sslh.type) {
+            case 0:
+                PR_FPUTS("hello_request)\n");
+                break;
+            case 1:
+                PR_FPUTS("client_hello)\n");
+                break;
+            case 2:
+                PR_FPUTS("server_hello)\n");
+                break;
+            case 4:
+                PR_FPUTS("new_session_ticket)\n");
+                break;
+            case 11:
+                PR_FPUTS("certificate)\n");
+                break;
+            case 12:
+                PR_FPUTS("server_key_exchange)\n");
+                break;
+            case 13:
+                PR_FPUTS("certificate_request)\n");
+                break;
+            case 14:
+                PR_FPUTS("server_hello_done)\n");
+                break;
+            case 15:
+                PR_FPUTS("certificate_verify)\n");
+                break;
+            case 16:
+                PR_FPUTS("client_key_exchange)\n");
+                break;
+            case 20:
+                PR_FPUTS("finished)\n");
+                break;
+            case 22:
+                PR_FPUTS("certificate_status)\n");
+                break;
+            default:
+                PR_FPUTS("unknown)\n");
+                break;
+        }
+
+        PR_fprintf(PR_STDOUT, "      length = %d (0x%06x)\n", sslh.length, sslh.length);
+        switch (sslh.type) {
+
+            case 0: /* hello_request */ /* not much to show here. */
+                break;
+
+            case 1: /* client hello */
+                switch (sr->ver_maj) {
+                    case 3: /* ssl version 3 */
+                    {
+                        unsigned int pos;
+                        int w;
+
+                        PR_fprintf(PR_STDOUT, "         ClientHelloV3 {\n");
+                        PR_fprintf(PR_STDOUT, "            client_version = {%d, %d}\n",
+                                   (PRUint8)hsdata[0], (PRUint8)hsdata[1]);
+                        PR_fprintf(PR_STDOUT, "            random = {...}\n");
+                        if (sslhexparse)
+                            print_hex(32, &hsdata[2]);
+
+                        /* pretty print Session ID */
+                        {
+                            int sidlength =
+                                (int)hsdata[2 + 32];
+                            PR_fprintf(PR_STDOUT, "            session ID = {\n");
+                            PR_fprintf(PR_STDOUT, "                length = %d\n", sidlength);
+                            PR_fprintf(PR_STDOUT, "                contents = {...}\n");
+                            if (sslhexparse)
+                                print_hex(sidlength, &hsdata[2 + 32 + 1]);
+                            PR_fprintf(PR_STDOUT, "            }\n");
+                            pos =
+                                2 +
+                                32 +
+                                1 +
+                                sidlength;
+                        }
+
+                        /* pretty print cipher suites */
+                        {
+                            int csuitelength =
+                                GET_SHORT((hsdata + pos));
+                            PR_fprintf(PR_STDOUT, "            cipher_suites[%d] = {\n",
+                                       csuitelength /
+                                           2);
+                            if (csuitelength %
+                                2) {
+                                PR_fprintf(PR_STDOUT,
+                                           "*error in protocol - csuitelength shouldn't be odd*\n");
+                            }
+                            for (w =
+                                     0;
+                                 w <
+                                 csuitelength;
+                                 w += 2) {
+                                PRUint32 cs_int =
+                                    GET_SHORT((hsdata + pos + 2 + w));
+                                const char *cs_str =
+                                    V2CipherString(cs_int);
+                                PR_fprintf(PR_STDOUT,
+                                           "                (0x%04x) %s\n", cs_int, cs_str);
+                            }
+                            pos +=
+                                2 +
+                                csuitelength;
+                            PR_fprintf(PR_STDOUT, "            }\n");
+                        }
+
+                        /* pretty print compression methods */
+                        {
+                            int complength =
+                                hsdata[pos];
+                            PR_fprintf(PR_STDOUT, "            compression[%d] = {\n",
+                                       complength);
+                            for (w =
+                                     0;
+                                 w <
+                                 complength;
+                                 w++) {
+                                PRUint32 cm_int =
+                                    hsdata[pos + 1 + w];
+                                const char *cm_str =
+                                    CompressionMethodString(cm_int);
+                                PR_fprintf(PR_STDOUT,
+                                           "                (%02x) %s\n", cm_int, cm_str);
+                            }
+                            pos +=
+                                1 +
+                                complength;
+                            PR_fprintf(PR_STDOUT, "            }\n");
+                        }
+
+                        /* pretty print extensions, if any */
+                        pos =
+                            print_hello_extension(hsdata, sslh.length, pos);
+
+                        PR_fprintf(PR_STDOUT, "         }\n");
+                    } /* end of ssl version 3 */
+                    break;
+                    default:
+                        PR_fprintf(PR_STDOUT, "         UNDEFINED VERSION %d.%d {...}\n",
+                                   sr->ver_maj, sr->ver_min);
+                        if (sslhexparse)
+                            print_hex(sslh.length, hsdata);
+                        break;
+                } /* end of switch sr->ver_maj */
+                break;
+
+            case 2: /* server hello */
+            {
+                unsigned int sidlength, pos;
+
+                PR_fprintf(PR_STDOUT, "         ServerHello {\n");
+
+                PR_fprintf(PR_STDOUT, "            server_version = {%d, %d}\n",
+                           (PRUint8)hsdata[0], (PRUint8)hsdata[1]);
+                PR_fprintf(PR_STDOUT, "            random = {...}\n");
+                if (sslhexparse)
+                    print_hex(32, &hsdata[2]);
+                PR_fprintf(PR_STDOUT, "            session ID = {\n");
+                sidlength = (int)hsdata[2 +
+                                        32];
+                PR_fprintf(PR_STDOUT, "                length = %d\n", sidlength);
+                PR_fprintf(PR_STDOUT, "                contents = {...}\n");
+                if (sslhexparse)
+                    print_hex(sidlength, &hsdata[2 + 32 + 1]);
+                PR_fprintf(PR_STDOUT, "            }\n");
+                pos = 2 +
+                      32 + 1 +
+                      sidlength;
+
+                /* pretty print chosen cipher suite */
+                {
+                    PRUint32 cs_int = GET_SHORT((hsdata + pos));
+                    const char *cs_str =
+                        V2CipherString(cs_int);
+                    PR_fprintf(PR_STDOUT, "            cipher_suite = (0x%04x) %s\n",
+                               cs_int, cs_str);
+                    currentcipher =
+                        cs_int;
+                    pos +=
+                        2;
+                }
+                /* pretty print chosen compression method */
+                {
+                    PRUint32 cm_int = hsdata[pos++];
+                    const char *cm_str =
+                        CompressionMethodString(cm_int);
+                    PR_fprintf(PR_STDOUT, "            compression method = (%02x) %s\n",
+                               cm_int, cm_str);
+                }
+
+                /* pretty print extensions, if any */
+                pos = print_hello_extension(hsdata, sslh.length, pos);
+
+                PR_fprintf(PR_STDOUT, "         }\n");
+            } break;
+
+            case 4: /* new session ticket */
+            {
+                PRUint32 lifetimehint;
+                PRUint16 ticketlength;
+                char lifetime[32];
+                lifetimehint = GET_32(hsdata);
+                if (lifetimehint) {
+                    PRExplodedTime et;
+                    PRTime t =
+                        lifetimehint;
+                    t *=
+                        PR_USEC_PER_SEC;
+                    PR_ExplodeTime(t, PR_GMTParameters, &et);
+                    /* use HTTP Cookie header's date format */
+                    PR_FormatTimeUSEnglish(lifetime, sizeof lifetime,
+                                           "%a, %d-%b-%Y %H:%M:%S GMT", &et);
+                } else {
+                    /* 0 means the lifetime of the ticket is unspecified */
+                    strcpy(lifetime, "unspecified");
+                }
+                ticketlength = GET_SHORT((hsdata +
+                                          4));
+                PR_fprintf(PR_STDOUT, "         NewSessionTicket {\n");
+                PR_fprintf(PR_STDOUT, "            ticket_lifetime_hint = %s\n",
+                           lifetime);
+                PR_fprintf(PR_STDOUT, "            ticket = {\n");
+                PR_fprintf(PR_STDOUT, "                length = %d\n", ticketlength);
+                PR_fprintf(PR_STDOUT, "                contents = {...}\n");
+                if (sslhexparse)
+                    print_hex(ticketlength, &hsdata[4 + 2]);
+                PR_fprintf(PR_STDOUT, "            }\n");
+                PR_fprintf(PR_STDOUT, "         }\n");
+            } break;
+
+            case 11: /* certificate */
+            {
+                PRFileDesc *cfd;
+                int pos;
+                int certslength;
+                int certlength;
+                int certbytesread = 0;
+                static int certFileNumber;
+                char certFileName[20];
+
+                PR_fprintf(PR_STDOUT, "         CertificateChain {\n");
+                certslength = GET_24(hsdata);
+                PR_fprintf(PR_STDOUT, "            chainlength = %d (0x%04x)\n",
+                           certslength, certslength);
+                pos = 3;
+                while (certbytesread < certslength) {
+                    certlength =
+                        GET_24((hsdata + pos));
+                    pos +=
+                        3;
+                    PR_fprintf(PR_STDOUT, "            Certificate {\n");
+                    PR_fprintf(PR_STDOUT, "               size = %d (0x%04x)\n",
+                               certlength, certlength);
+                    certbytesread +=
+                        certlength + 3;
+                    if (certbytesread <=
+                        certslength) {
+                        PR_snprintf(certFileName, sizeof certFileName, "cert.%03d",
+                                    ++certFileNumber);
+                        cfd =
+                            PR_Open(certFileName, PR_WRONLY |
+                                                      PR_CREATE_FILE | PR_TRUNCATE,
+                                    0664);
+                        if (!cfd) {
+                            PR_fprintf(PR_STDOUT,
+                                       "               data = { couldn't save file '%s' }\n",
+                                       certFileName);
+                        } else {
+                            PR_Write(cfd, (hsdata +
+                                           pos),
+                                     certlength);
+                            PR_fprintf(PR_STDOUT,
+                                       "               data = { saved in file '%s' }\n",
+                                       certFileName);
+                            PR_Close(cfd);
+                        }
+                    }
+
+                    PR_fprintf(PR_STDOUT, "            }\n");
+                    pos += certlength;
+                }
+                PR_fprintf(PR_STDOUT, "         }\n");
+            } break;
+
+            case 12: /* server_key_exchange */
+                if (sslhexparse)
+                    print_hex(sslh.length, hsdata);
+                break;
+
+            case 13: /* certificate request */
+            {
+                unsigned int pos = 0;
+                int w, reqLength;
+
+                PR_fprintf(PR_STDOUT, "         CertificateRequest {\n");
+
+                /* pretty print requested certificate types */
+                reqLength = hsdata[pos];
+                PR_fprintf(PR_STDOUT, "            certificate types[%d] = {",
+                           reqLength);
+                for (w =
+                         0;
+                     w < reqLength; w++) {
+                    PR_fprintf(PR_STDOUT, " %02x", hsdata[pos +
+                                                          1 + w]);
+                }
+                pos += 1 + reqLength;
+                PR_fprintf(PR_STDOUT, " }\n");
+
+                /* pretty print CA names, if any */
+                if (pos < sslh.length) {
+                    int exListLen =
+                        GET_SHORT((hsdata + pos));
+                    pos += 2;
+                    PR_fprintf(PR_STDOUT,
+                               "            certificate_authorities[%d] = {\n",
+                               exListLen);
+                    while (exListLen >
+                               0 &&
+                           pos < sslh.length) {
+                        char *ca_name;
+                        SECItem it;
+                        int dnLen = GET_SHORT((hsdata +
+                                               pos));
+                        pos += 2;
+
+                        /* dump the CA name */
+                        it.type =
+                            siBuffer;
+                        it.data =
+                            hsdata + pos;
+                        it.len =
+                            dnLen;
+                        ca_name =
+                            CERT_DerNameToAscii(&it);
+                        if (ca_name) {
+                            PR_fprintf(PR_STDOUT, "   %s\n", ca_name);
+                            PORT_Free(ca_name);
+                        } else {
+                            PR_fprintf(PR_STDOUT,
+                                       "              distinguished name [%d]", dnLen);
+                            if (dnLen >
+                                    0 &&
+                                sslhexparse) {
+                                PR_fprintf(PR_STDOUT, " = {\n");
+                                print_hex(dnLen, hsdata +
+                                                     pos);
+                                PR_fprintf(PR_STDOUT, "              }\n");
+                            } else {
+                                PR_fprintf(PR_STDOUT, "\n");
+                            }
+                        }
+                        pos +=
+                            dnLen;
+                        exListLen -=
+                            2 + dnLen;
+                    }
+                    PR_fprintf(PR_STDOUT, "            }\n");
+                }
+
+                PR_fprintf(PR_STDOUT, "         }\n");
+            } break;
+
+            case 14: /* server_hello_done */ /* not much to show here. */
+                break;
+
+            case 15: /* certificate_verify */
+                if (sslhexparse)
+                    print_hex(sslh.length, hsdata);
+                break;
+
+            case 16: /* client key exchange */
+            {
+                PR_fprintf(PR_STDOUT, "         ClientKeyExchange {\n");
+                PR_fprintf(PR_STDOUT, "            message = {...}\n");
+                PR_fprintf(PR_STDOUT, "         }\n");
+            } break;
+
+            case 20: /* finished */
+                PR_fprintf(PR_STDOUT, "         Finished {\n");
+                PR_fprintf(PR_STDOUT, "            verify_data = {...}\n");
+                if (sslhexparse)
+                    print_hex(sslh.length, hsdata);
+                PR_fprintf(PR_STDOUT, "         }\n");
+
+                if (!isNULLmac(currentcipher) &&
+                    !s->hMACsize) {
+                    /* To calculate the size of MAC, we subtract the number of known
+                     * bytes of message from the number of remaining bytes in the
+                     * record. This assumes that this is the first record on the
+                     * connection to have a MAC, and that the sender has not put another
+                     * message after the finished message in the handshake record.
+                     * This is only correct for the first transition from unMACed to
+                     * MACed. If the connection switches from one cipher suite to
+                     * another one with a different MAC, this logic will not track that
+                     * change correctly.
+                     */
+                    s->hMACsize =
+                        recordLen - (sslh.length + 4);
+                    sslh.length +=
+                        s->hMACsize; /* skip over the MAC data */
+                }
+                break;
+
+            case 22: /* certificate_status */
+            {
+                SECItem data;
+                PRFileDesc *ofd;
+                static int ocspFileNumber;
+                char ocspFileName[20];
+
+                /* skip 4 bytes with handshake numbers, as in ssl3_HandleCertificateStatus */
+                data.type = siBuffer;
+                data.data = hsdata + 4;
+                data.len = sslh.length - 4;
+                print_status_response(&data);
+
+                PR_snprintf(ocspFileName, sizeof ocspFileName, "ocsp.%03d",
+                            ++ocspFileNumber);
+                ofd = PR_Open(ocspFileName, PR_WRONLY |
+                                                PR_CREATE_FILE | PR_TRUNCATE,
+                              0664);
+                if (!ofd) {
+                    PR_fprintf(PR_STDOUT,
+                               "               data = { couldn't save file '%s' }\n",
+                               ocspFileName);
+                } else {
+                    PR_Write(ofd, data.data, data.len);
+                    PR_fprintf(PR_STDOUT,
+                               "               data = { saved in file '%s' }\n",
+                               ocspFileName);
+                    PR_Close(ofd);
+                }
+            } break;
+
+            default: {
+                PR_fprintf(PR_STDOUT, "         UNKNOWN MESSAGE TYPE %d [%d] {\n",
+                           sslh.type, sslh.length);
+                if (sslhexparse)
+                    print_hex(sslh.length, hsdata);
+                PR_fprintf(PR_STDOUT, "         }\n");
+            }
+        } /* end of switch sslh.type */
+        offset += sslh.length + 4;
+    }                         /* while */
+    if (offset < recordLen) { /* stuff left over */
+        unsigned int newMsgLen = recordLen - offset;
+        if (!s->msgBuf) {
+            s->msgBuf = PORT_Alloc(newMsgLen);
+            if (!s->msgBuf) {
+                PR_ASSERT(s->msgBuf);
+                showErr("Malloc failed");
+                exit(11);
+            }
+            s->msgBufSize = newMsgLen;
+            memcpy(s->msgBuf, recordBuf + offset, newMsgLen);
+        } else if (newMsgLen > s->msgBufSize) {
+            unsigned char *newBuf = PORT_Realloc(s->msgBuf, newMsgLen);
+            if (!newBuf) {
+                PR_ASSERT(newBuf);
+                showErr("Realloc failed");
+                exit(12);
+            }
+            s->msgBuf = newBuf;
+            s->msgBufSize = newMsgLen;
+        } else if (offset || s->msgBuf != recordBuf) {
+            memmove(s->msgBuf, recordBuf + offset, newMsgLen);
+        }
+        s->msgBufOffset = newMsgLen;
+        PR_fprintf(PR_STDOUT, "     [incomplete handshake message]\n");
+    } else {
+        s->msgBufOffset = 0;
+    }
+    PR_fprintf(PR_STDOUT, "   }\n");
+}
+
+void
+print_ssl(DataBufferList *s, int length, unsigned char *buffer)
+{
+    /* --------------------------------------------------------  */
+    /* first, create a new buffer object for this piece of data. */
+
+    DataBuffer *db;
+
+    if (s->size == 0 && length > 0 && buffer[0] >= 32 && buffer[0] < 128) {
+        /* Not an SSL record, treat entire buffer as plaintext */
+        PR_Write(PR_STDOUT, buffer, length);
+        return;
+    }
+
+    check_integrity(s);
+
+    db = PR_NEW(struct _DataBuffer);
+
+    if (!db) {
+        return;
+    }
+
+    db->buffer = (unsigned char *)PORT_Alloc(length);
+    db->length = length;
+    db->offset = 0;
+    memcpy(db->buffer, buffer, length);
+    db->next = NULL;
+
+    /* now, add it to the stream */
+
+    if (s->last != NULL)
+        s->last->next = db;
+    s->last = db;
+    s->size += length;
+    if (s->first == NULL)
+        s->first = db;
+
+    check_integrity(s);
+
+    /*------------------------------------------------------- */
+    /* now we look at the stream to see if we have enough data to
+     decode  */
+
+    while (s->size > 0) {
+        unsigned char *recordBuf = NULL;
+
+        SSLRecord sr;
+        unsigned recordLen;
+        unsigned recordsize;
+
+        check_integrity(s);
+
+        if (s->first == NULL) {
+            PR_fprintf(PR_STDOUT, "ERROR: s->first is null\n");
+            exit(9);
+        }
+
+        /* in the case of an SSL 2 client-hello  */
+        /* will have the high-bit set, whereas an SSL 3 client-hello will not  */
+        /* SSL2 can also send records that begin with the high bit clear.
+         * This code will incorrectly handle them. XXX
+         */
+        if (isV2Session || s->first->buffer[s->first->offset] & 0x80) {
+            /* it's an SSL 2 packet */
+            unsigned char lenbuf[3];
+
+            /* first, we check if there's enough data for it to be an SSL2-type
+             * record.  What a pain.*/
+            if (s->size < sizeof lenbuf) {
+                partial_packet(length, s->size, sizeof lenbuf);
+                return;
+            }
+
+            /* read the first two bytes off the stream. */
+            read_stream_bytes(lenbuf, s, sizeof(lenbuf));
+            recordLen = ((unsigned int)(lenbuf[0] & 0x7f) << 8) + lenbuf[1] +
+                        ((lenbuf[0] & 0x80) ? 2 : 3);
+            PR_fprintf(PR_STDOUT, "recordLen = %u bytes\n", recordLen);
+
+            /* put 'em back on the head of the stream. */
+            db = PR_NEW(struct _DataBuffer);
+
+            db->length = sizeof lenbuf;
+            db->buffer = (unsigned char *)PORT_Alloc(db->length);
+            db->offset = 0;
+            memcpy(db->buffer, lenbuf, sizeof lenbuf);
+
+            db->next = s->first;
+            s->first = db;
+            if (s->last == NULL)
+                s->last = db;
+            s->size += db->length;
+
+            /* if there wasn't enough, go back for more. */
+            if (s->size < recordLen) {
+                check_integrity(s);
+                partial_packet(length, s->size, recordLen);
+                return;
+            }
+            partial_packet(length, s->size, recordLen);
+
+            /* read in the whole record. */
+            recordBuf = PORT_Alloc(recordLen);
+            read_stream_bytes(recordBuf, s, recordLen);
+
+            print_sslv2(s, recordBuf, recordLen);
+            PR_FREEIF(recordBuf);
+            check_integrity(s);
+
+            continue;
+        }
+
+        /***********************************************************/
+        /* It's SSL v3 */
+        /***********************************************************/
+        check_integrity(s);
+
+        if (s->size < sizeof sr) {
+            partial_packet(length, s->size, sizeof(SSLRecord));
+            return;
+        }
+
+        read_stream_bytes((unsigned char *)&sr, s, sizeof sr);
+
+        /* we have read the stream bytes. Look at the length of
+       the ssl record. If we don't have enough data to satisfy this
+       request, then put the bytes we just took back at the head
+       of the queue */
+        recordsize = GET_SHORT(sr.length);
+
+        if (recordsize > s->size) {
+            db = PR_NEW(struct _DataBuffer);
+
+            db->length = sizeof sr;
+            db->buffer = (unsigned char *)PORT_Alloc(db->length);
+            db->offset = 0;
+            memcpy(db->buffer, &sr, sizeof sr);
+            db->next = s->first;
+
+            /* now, add it back on to the head of the stream */
+
+            s->first = db;
+            if (s->last == NULL)
+                s->last = db;
+            s->size += db->length;
+
+            check_integrity(s);
+            partial_packet(length, s->size, recordsize);
+            return;
+        }
+        partial_packet(length, s->size, recordsize);
+
+        PR_fprintf(PR_STDOUT, "SSLRecord { [%s]\n", get_time_string());
+        if (sslhexparse) {
+            print_hex(5, (unsigned char *)&sr);
+        }
+
+        check_integrity(s);
+
+        PR_fprintf(PR_STDOUT, "   type    = %d (", sr.type);
+        switch (sr.type) {
+            case 20:
+                PR_fprintf(PR_STDOUT, "change_cipher_spec)\n");
+                break;
+            case 21:
+                PR_fprintf(PR_STDOUT, "alert)\n");
+                break;
+            case 22:
+                PR_fprintf(PR_STDOUT, "handshake)\n");
+                break;
+            case 23:
+                PR_fprintf(PR_STDOUT, "application_data)\n");
+                break;
+            default:
+                PR_fprintf(PR_STDOUT, "unknown)\n");
+                break;
+        }
+        PR_fprintf(PR_STDOUT, "   version = { %d,%d }\n",
+                   (PRUint32)sr.ver_maj, (PRUint32)sr.ver_min);
+        PR_fprintf(PR_STDOUT, "   length  = %d (0x%x)\n",
+                   (PRUint32)GET_SHORT(sr.length), (PRUint32)GET_SHORT(sr.length));
+
+        recordLen = recordsize;
+        PR_ASSERT(s->size >= recordLen);
+        if (s->size >= recordLen) {
+            recordBuf = (unsigned char *)PORT_Alloc(recordLen);
+            read_stream_bytes(recordBuf, s, recordLen);
+
+            if (s->isEncrypted) {
+                PR_fprintf(PR_STDOUT, "            < encrypted >\n");
+            } else { /* not encrypted */
+
+                switch (sr.type) {
+                    case 20: /* change_cipher_spec */
+                        if (sslhexparse)
+                            print_hex(recordLen - s->hMACsize, recordBuf);
+                        /* mark to say we can only dump hex form now on
+                         * if it is not one on a null cipher */
+                        s->isEncrypted =
+                            isNULLcipher(currentcipher) ? 0 : 1;
+                        break;
+
+                    case 21: /* alert */
+                        switch (recordBuf[0]) {
+                            case 1:
+                                PR_fprintf(PR_STDOUT, "   warning: ");
+                                break;
+                            case 2:
+                                PR_fprintf(PR_STDOUT, "   fatal: ");
+                                break;
+                            default:
+                                PR_fprintf(PR_STDOUT, "   unknown level %d: ", recordBuf[0]);
+                                break;
+                        }
+
+                        switch (recordBuf[1]) {
+                            case 0:
+                                PR_FPUTS("close_notify\n");
+                                break;
+                            case 10:
+                                PR_FPUTS("unexpected_message\n");
+                                break;
+                            case 20:
+                                PR_FPUTS("bad_record_mac\n");
+                                break;
+                            case 21:
+                                PR_FPUTS("decryption_failed\n");
+                                break;
+                            case 22:
+                                PR_FPUTS("record_overflow\n");
+                                break;
+                            case 30:
+                                PR_FPUTS("decompression_failure\n");
+                                break;
+                            case 40:
+                                PR_FPUTS("handshake_failure\n");
+                                break;
+                            case 41:
+                                PR_FPUTS("no_certificate\n");
+                                break;
+                            case 42:
+                                PR_FPUTS("bad_certificate\n");
+                                break;
+                            case 43:
+                                PR_FPUTS("unsupported_certificate\n");
+                                break;
+                            case 44:
+                                PR_FPUTS("certificate_revoked\n");
+                                break;
+                            case 45:
+                                PR_FPUTS("certificate_expired\n");
+                                break;
+                            case 46:
+                                PR_FPUTS("certificate_unknown\n");
+                                break;
+                            case 47:
+                                PR_FPUTS("illegal_parameter\n");
+                                break;
+                            case 48:
+                                PR_FPUTS("unknown_ca\n");
+                                break;
+                            case 49:
+                                PR_FPUTS("access_denied\n");
+                                break;
+                            case 50:
+                                PR_FPUTS("decode_error\n");
+                                break;
+                            case 51:
+                                PR_FPUTS("decrypt_error\n");
+                                break;
+                            case 60:
+                                PR_FPUTS("export_restriction\n");
+                                break;
+                            case 70:
+                                PR_FPUTS("protocol_version\n");
+                                break;
+                            case 71:
+                                PR_FPUTS("insufficient_security\n");
+                                break;
+                            case 80:
+                                PR_FPUTS("internal_error\n");
+                                break;
+                            case 90:
+                                PR_FPUTS("user_canceled\n");
+                                break;
+                            case 100:
+                                PR_FPUTS("no_renegotiation\n");
+                                break;
+                            case 110:
+                                PR_FPUTS("unsupported_extension\n");
+                                break;
+                            case 111:
+                                PR_FPUTS("certificate_unobtainable\n");
+                                break;
+                            case 112:
+                                PR_FPUTS("unrecognized_name\n");
+                                break;
+                            case 113:
+                                PR_FPUTS("bad_certificate_status_response\n");
+                                break;
+                            case 114:
+                                PR_FPUTS("bad_certificate_hash_value\n");
+                                break;
+
+                            default:
+                                PR_fprintf(PR_STDOUT, "unknown alert %d\n", recordBuf[1]);
+                                break;
+                        }
+
+                        if (sslhexparse)
+                            print_hex(recordLen - s->hMACsize, recordBuf);
+                        break;
+
+                    case 22: /* handshake */
+                        print_ssl3_handshake(recordBuf, recordLen -
+                                                            s->hMACsize,
+                                             &sr, s);
+                        break;
+
+                    case 23: /* application data */
+                        print_hex(recordLen -
+                                      s->hMACsize,
+                                  recordBuf);
+                        break;
+
+                    default:
+                        print_hex(recordLen -
+                                      s->hMACsize,
+                                  recordBuf);
+                        break;
+                }
+                if (s->hMACsize) {
+                    PR_fprintf(PR_STDOUT, "      MAC = {...}\n");
+                    if (sslhexparse) {
+                        unsigned char *offset =
+                            recordBuf + (recordLen - s->hMACsize);
+                        print_hex(s->hMACsize, offset);
+                    }
+                }
+            } /* not encrypted */
+        }
+        PR_fprintf(PR_STDOUT, "}\n");
+        PR_FREEIF(recordBuf);
+        check_integrity(s);
+    }
+}
+
+void
+print_hex(int amt, unsigned char *buf)
+{
+    int i, j, k;
+    char t[20];
+    static char string[5000];
+
+    for (i = 0; i < amt; i++) {
+        t[1] = 0;
+
+        if (i % 16 == 0) {                    /* if we are at the beginning of a line */
+            PR_fprintf(PR_STDOUT, "%4x:", i); /* print the line number  */
+            strcpy(string, "");
+        }
+
+        if (i % 4 == 0) {
+            PR_fprintf(PR_STDOUT, " ");
+        }
+
+        j = buf[i];
+
+        t[0] = (j >= 0x20 && j < 0x80) ? j : '.';
+
+        if (fancy) {
+            switch (t[0]) {
+                case '<':
+                    strcpy(t, "&lt;");
+                    break;
+                case '>':
+                    strcpy(t, "&gt;");
+                    break;
+                case '&':
+                    strcpy(t, "&amp;");
+                    break;
+            }
+        }
+        strcat(string, t);
+
+        PR_fprintf(PR_STDOUT, "%02x ", (PRUint8)buf[i]);
+
+        /* if we've reached the end of the line - add the string */
+        if (i % 16 == 15)
+            PR_fprintf(PR_STDOUT, " | %s\n", string);
+    }
+    /* we reached the end of the buffer,*/
+    /* do we have buffer left over? */
+    j = i % 16;
+    if (j > 0) {
+        for (k = 0; k < (16 -
+                         j);
+             k++) {
+            /* print additional space after every four bytes */
+            if ((k + j) % 4 == 0) {
+                PR_fprintf(PR_STDOUT, " ");
+            }
+            PR_fprintf(PR_STDOUT, "   ");
+        }
+        PR_fprintf(PR_STDOUT, " | %s\n", string);
+    }
+}
+
+void
+Usage(void)
+{
+    PR_fprintf(PR_STDERR, "SSLTAP (C) 1997, 1998 Netscape Communications Corporation.\n");
+    PR_fprintf(PR_STDERR, "Usage: ssltap [-vhfsxl] [-p port] hostname:port\n");
+    PR_fprintf(PR_STDERR, "   -v      [prints version string]\n");
+    PR_fprintf(PR_STDERR, "   -h      [outputs hex instead of ASCII]\n");
+    PR_fprintf(PR_STDERR, "   -f      [turn on Fancy HTML coloring]\n");
+    PR_fprintf(PR_STDERR, "   -s      [turn on SSL decoding]\n");
+    PR_fprintf(PR_STDERR, "   -x      [turn on extra SSL hex dumps]\n");
+    PR_fprintf(PR_STDERR, "   -p port [specify rendezvous port (default 1924)]\n");
+    PR_fprintf(PR_STDERR, "   -l      [loop - continue to wait for more connections]\n");
+}
+
+void
+showErr(const char *msg)
+{
+    PRErrorCode err = PR_GetError();
+    const char *errString;
+
+    if (err == PR_UNKNOWN_ERROR)
+        err = PR_CONNECT_RESET_ERROR; /* bug in NSPR. */
+    errString = SECU_Strerror(err);
+
+    if (!errString)
+        errString = "(no text available)";
+    PR_fprintf(PR_STDERR, "%s: Error %d: %s: %s", progName, err, errString, msg);
+}
+
+int
+main(int argc, char *argv[])
+{
+    char *hostname = NULL;
+    PRUint16 rendport = DEFPORT, port;
+    PRAddrInfo *ai;
+    void *iter;
+    PRStatus r;
+    PRNetAddr na_client, na_server, na_rend;
+    PRFileDesc *s_server, *s_client, *s_rend; /*rendezvous */
+    int c_count = 0;
+    PLOptState *optstate;
+    PLOptStatus status;
+    SECStatus rv;
+
+    progName = argv[0];
+    optstate = PL_CreateOptState(argc, argv, "fxhslp:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'f':
+                fancy++;
+                break;
+            case 'h':
+                hexparse++;
+                break;
+            case 's':
+                sslparse++;
+                break;
+            case 'x':
+                sslhexparse++;
+                break;
+            case 'l':
+                looparound++;
+                break;
+            case 'p':
+                rendport =
+                    atoi(optstate->value);
+                break;
+            case '\0':
+                hostname =
+                    PL_strdup(optstate->value);
+        }
+    }
+    if (status == PL_OPT_BAD)
+        Usage();
+
+    if (fancy) {
+        if (!hexparse && !sslparse) {
+            PR_fprintf(PR_STDERR,
+                       "Note: use of -f without -s or -h not recommended, \n"
+                       "as the output looks a little strange. It may be useful, however\n");
+        }
+    }
+
+    if (!hostname)
+        Usage(), exit(2);
+
+    {
+        char *colon = (char *)strchr(hostname, ':');
+        if (!colon) {
+            PR_fprintf(PR_STDERR,
+                       "You must specify the host AND port you wish to connect to\n");
+            Usage(), exit(3);
+        }
+        port = atoi(&colon[1]);
+        *colon = '\0';
+
+        if (port == 0) {
+            PR_fprintf(PR_STDERR, "Port must be a nonzero number.\n");
+            exit(4);
+        }
+    }
+
+    /* find the 'server' IP address so we don't have to look it up later */
+
+    if (fancy) {
+        PR_fprintf(PR_STDOUT, "<HTML><HEAD><TITLE>SSLTAP output</TITLE></HEAD>\n");
+        PR_fprintf(PR_STDOUT, "<BODY><PRE>\n");
+    }
+    PR_fprintf(PR_STDERR, "Looking up \"%s\"...\n", hostname);
+    ai = PR_GetAddrInfoByName(hostname, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+    if (!ai) {
+        showErr("Host Name lookup failed\n");
+        exit(5);
+    }
+
+    iter = NULL;
+    iter = PR_EnumerateAddrInfo(iter, ai, port, &na_server);
+    /* set up the port which the client will connect to */
+
+    r = PR_InitializeNetAddr(PR_IpAddrAny, rendport, &na_rend);
+    if (r == PR_FAILURE) {
+        PR_fprintf(PR_STDERR,
+                   "PR_InitializeNetAddr(,%d,) failed with error %d\n", PR_GetError());
+        exit(0);
+    }
+
+    rv = NSS_NoDB_Init("");
+    if (rv != SECSuccess) {
+        PR_fprintf(PR_STDERR,
+                   "NSS_NoDB_Init() failed with error %d\n", PR_GetError());
+        exit(5);
+    }
+
+    s_rend = PR_NewTCPSocket();
+    if (!s_rend) {
+        showErr("Couldn't create socket\n");
+        exit(6);
+    }
+
+    if (PR_Bind(s_rend, &na_rend)) {
+        PR_fprintf(PR_STDERR, "Couldn't bind to port %d (error %d)\n", rendport, PR_GetError());
+        exit(-1);
+    }
+
+    if (PR_Listen(s_rend, 5)) {
+        showErr("Couldn't listen\n");
+        exit(-1);
+    }
+
+    PR_fprintf(PR_STDERR, "Proxy socket ready and listening\n");
+    do { /* accept one connection and process it. */
+        PRPollDesc pds[2];
+
+        s_client = PR_Accept(s_rend, &na_client, PR_SecondsToInterval(3600));
+        if (s_client == NULL) {
+            showErr("accept timed out\n");
+            exit(7);
+        }
+
+        s_server = PR_OpenTCPSocket(na_server.raw.family);
+        if (s_server == NULL) {
+            showErr("couldn't open new socket to connect to server \n");
+            exit(8);
+        }
+
+        r = PR_Connect(s_server, &na_server, PR_SecondsToInterval(5));
+
+        if (r == PR_FAILURE) {
+            showErr("Couldn't connect\n");
+            return -1;
+        }
+
+        if (looparound) {
+            if (fancy)
+                PR_fprintf(PR_STDOUT, "<p><HR><H2>");
+            PR_fprintf(PR_STDOUT, "Connection #%d [%s]\n", c_count + 1,
+                       get_time_string());
+            if (fancy)
+                PR_fprintf(PR_STDOUT, "</H2>");
+        }
+
+        PR_fprintf(PR_STDOUT, "Connected to %s:%d\n", hostname, port);
+
+#define PD_C 0
+#define PD_S 1
+
+        pds[PD_C].fd = s_client;
+        pds[PD_S].fd = s_server;
+        pds[PD_C].in_flags = PR_POLL_READ;
+        pds[PD_S].in_flags = PR_POLL_READ;
+
+        /* make sure the new connections don't start out encrypted. */
+        clientstream.isEncrypted = 0;
+        serverstream.isEncrypted = 0;
+        isV2Session = 0;
+
+        while ((pds[PD_C].in_flags & PR_POLL_READ) != 0 ||
+               (pds[PD_S].in_flags & PR_POLL_READ) != 0) { /* Handle all messages on the connection */
+            PRInt32 amt;
+            PRInt32 wrote;
+            unsigned char buffer[TAPBUFSIZ];
+
+            amt = PR_Poll(pds, 2, PR_INTERVAL_NO_TIMEOUT);
+            if (amt <= 0) {
+                if (amt)
+                    showErr("PR_Poll failed.\n");
+                else
+                    showErr("PR_Poll timed out.\n");
+                break;
+            }
+
+            if (pds[PD_C].out_flags & PR_POLL_EXCEPT) {
+                showErr("Exception on client-side socket.\n");
+                break;
+            }
+
+            if (pds[PD_S].out_flags & PR_POLL_EXCEPT) {
+                showErr("Exception on server-side socket.\n");
+                break;
+            }
+
+            /* read data, copy it to stdout, and write to other socket */
+
+            if ((pds[PD_C].in_flags & PR_POLL_READ) != 0 &&
+                (pds[PD_C].out_flags & PR_POLL_READ) != 0) {
+
+                amt = PR_Read(s_client, buffer, sizeof(buffer));
+
+                if (amt < 0) {
+                    showErr("Client socket read failed.\n");
+                    break;
+                }
+
+                if (amt == 0) {
+                    PR_fprintf(PR_STDOUT, "Read EOF on Client socket. [%s]\n",
+                               get_time_string());
+                    pds[PD_C].in_flags &= ~PR_POLL_READ;
+                    PR_Shutdown(s_server, PR_SHUTDOWN_SEND);
+                    continue;
+                }
+
+                PR_fprintf(PR_STDOUT, "--> [\n");
+                if (fancy)
+                    PR_fprintf(PR_STDOUT, "<font color=blue>");
+
+                if (hexparse)
+                    print_hex(amt, buffer);
+                if (sslparse)
+                    print_ssl(&clientstream, amt, buffer);
+                if (!hexparse && !sslparse)
+                    PR_Write(PR_STDOUT, buffer, amt);
+                if (fancy)
+                    PR_fprintf(PR_STDOUT, "</font>");
+                PR_fprintf(PR_STDOUT, "]\n");
+
+                wrote = PR_Write(s_server, buffer, amt);
+                if (wrote != amt) {
+                    if (wrote < 0) {
+                        showErr("Write to server socket failed.\n");
+                        break;
+                    } else {
+                        PR_fprintf(PR_STDERR, "Short write to server socket!\n");
+                    }
+                }
+            } /* end of read from client socket. */
+
+            /* read data, copy it to stdout, and write to other socket */
+            if ((pds[PD_S].in_flags & PR_POLL_READ) != 0 &&
+                (pds[PD_S].out_flags & PR_POLL_READ) != 0) {
+
+                amt = PR_Read(s_server, buffer, sizeof(buffer));
+
+                if (amt < 0) {
+                    showErr("error on server-side socket.\n");
+                    break;
+                }
+
+                if (amt == 0) {
+                    PR_fprintf(PR_STDOUT, "Read EOF on Server socket. [%s]\n",
+                               get_time_string());
+                    pds[PD_S].in_flags &= ~PR_POLL_READ;
+                    PR_Shutdown(s_client, PR_SHUTDOWN_SEND);
+                    continue;
+                }
+
+                PR_fprintf(PR_STDOUT, "<-- [\n");
+                if (fancy)
+                    PR_fprintf(PR_STDOUT, "<font color=red>");
+                if (hexparse)
+                    print_hex(amt, (unsigned char *)buffer);
+                if (sslparse)
+                    print_ssl(&serverstream, amt, (unsigned char *)buffer);
+                if (!hexparse && !sslparse)
+                    PR_Write(PR_STDOUT, buffer, amt);
+                if (fancy)
+                    PR_fprintf(PR_STDOUT, "</font>");
+                PR_fprintf(PR_STDOUT, "]\n");
+
+                wrote = PR_Write(s_client, buffer, amt);
+                if (wrote != amt) {
+                    if (wrote < 0) {
+                        showErr("Write to client socket failed.\n");
+                        break;
+                    } else {
+                        PR_fprintf(PR_STDERR, "Short write to client socket!\n");
+                    }
+                }
+
+            } /* end of read from server socket. */
+
+            /* Loop, handle next message. */
+
+        } /* handle messages during a connection loop */
+        PR_Close(s_client);
+        PR_Close(s_server);
+        flush_stream(&clientstream);
+        flush_stream(&serverstream);
+        /* Connection is closed, so reset the current cipher */
+        currentcipher = 0;
+        c_count++;
+        PR_fprintf(PR_STDERR, "Connection %d Complete [%s]\n", c_count,
+                   get_time_string());
+    } while (looparound); /* accept connection and process it. */
+    PR_Close(s_rend);
+    NSS_Shutdown();
+    return 0;
+}
diff --git a/nss/cmd/ssltap/ssltap.gyp b/nss/cmd/ssltap/ssltap.gyp
new file mode 100644
index 0000000..9743ac2
--- /dev/null
+++ b/nss/cmd/ssltap/ssltap.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'ssltap',
+      'type': 'executable',
+      'sources': [
+        'ssltap.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/strsclnt/Makefile b/nss/cmd/strsclnt/Makefile
new file mode 100644
index 0000000..6e1d4ec
--- /dev/null
+++ b/nss/cmd/strsclnt/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/nss/cmd/strsclnt/manifest.mn b/nss/cmd/strsclnt/manifest.mn
new file mode 100644
index 0000000..fc00b69
--- /dev/null
+++ b/nss/cmd/strsclnt/manifest.mn
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = strsclnt.c
+
+# the MODULE above is always implicitly REQUIREd
+REQUIRES = seccmd dbm 
+
+PROGRAM = strsclnt
+# PROGRAM = ./$(OBJDIR)/strsclnt.exe
+
diff --git a/nss/cmd/strsclnt/strsclnt.c b/nss/cmd/strsclnt/strsclnt.c
new file mode 100644
index 0000000..f65e319
--- /dev/null
+++ b/nss/cmd/strsclnt/strsclnt.c
@@ -0,0 +1,1554 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include <stdio.h>
+#include <string.h>
+
+#include "secutil.h"
+#include "basicutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+
+#include "plgetopt.h"
+
+#include "nspr.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "prerror.h"
+
+#include "pk11func.h"
+#include "secitem.h"
+#include "sslproto.h"
+#include "nss.h"
+#include "ssl.h"
+
+#ifndef PORT_Sprintf
+#define PORT_Sprintf sprintf
+#endif
+
+#ifndef PORT_Strstr
+#define PORT_Strstr strstr
+#endif
+
+#ifndef PORT_Malloc
+#define PORT_Malloc PR_Malloc
+#endif
+
+#define RD_BUF_SIZE (60 * 1024)
+
+/* Include these cipher suite arrays to re-use tstclnt's
+ * cipher selection code.
+ */
+
+int ssl3CipherSuites[] = {
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
+    0
+};
+
+#define NO_FULLHS_PERCENTAGE -1
+
+/* This global string is so that client main can see
+ * which ciphers to use.
+ */
+
+static const char *cipherString;
+
+static PRInt32 certsTested;
+static int MakeCertOK;
+static int NoReuse;
+static int fullhs = NO_FULLHS_PERCENTAGE; /* percentage of full handshakes to
+                                          ** perform */
+static PRInt32 globalconid = 0;           /* atomically set */
+static int total_connections;             /* total number of connections to perform */
+static int total_connections_rounded_down_to_hundreds;
+static int total_connections_modulo_100;
+
+static PRBool NoDelay;
+static PRBool QuitOnTimeout = PR_FALSE;
+static PRBool ThrottleUp = PR_FALSE;
+
+static PRLock *threadLock; /* protects the global variables below */
+static PRTime lastConnectFailure;
+static PRTime lastConnectSuccess;
+static PRTime lastThrottleUp;
+static PRInt32 remaining_connections; /* number of connections left */
+static int active_threads = 8;        /* number of threads currently trying to
+                               ** connect */
+static PRInt32 numUsed;
+/* end of variables protected by threadLock */
+
+static SSL3Statistics *ssl3stats;
+
+static int failed_already = 0;
+static SSLVersionRange enabledVersions;
+static PRBool disableLocking = PR_FALSE;
+static PRBool ignoreErrors = PR_FALSE;
+static PRBool enableSessionTickets = PR_FALSE;
+static PRBool enableCompression = PR_FALSE;
+static PRBool enableFalseStart = PR_FALSE;
+static PRBool enableCertStatus = PR_FALSE;
+
+PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
+
+char *progName;
+
+secuPWData pwdata = { PW_NONE, 0 };
+
+int stopping;
+int verbose;
+SECItem bigBuf;
+
+#define PRINTF   \
+    if (verbose) \
+    printf
+#define FPRINTF  \
+    if (verbose) \
+    fprintf
+
+static void
+Usage(const char *progName)
+{
+    fprintf(stderr,
+            "Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n"
+            "          [-BDNovqs] [-f filename] [-N | -P percentage]\n"
+            "          [-w dbpasswd] [-C cipher(s)] [-t threads] [-W pwfile]\n"
+            "          [-V [min-version]:[max-version]] [-a sniHostName] hostname\n"
+            " where -v means verbose\n"
+            "       -o flag is interpreted as follows:\n"
+            "          1 -o   means override the result of server certificate validation.\n"
+            "          2 -o's mean skip server certificate validation altogether.\n"
+            "       -D means no TCP delays\n"
+            "       -q means quit when server gone (timeout rather than retry forever)\n"
+            "       -s means disable SSL socket locking\n"
+            "       -N means no session reuse\n"
+            "       -P means do a specified percentage of full handshakes (0-100)\n"
+            "       -V [min]:[max] restricts the set of enabled SSL/TLS protocols versions.\n"
+            "          All versions are enabled by default.\n"
+            "          Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
+            "          Example: \"-V ssl3:\" enables SSL 3 and newer.\n"
+            "       -U means enable throttling up threads\n"
+            "       -T enable the cert_status extension (OCSP stapling)\n"
+            "       -u enable TLS Session Ticket extension\n"
+            "       -z enable compression\n"
+            "       -g enable false start\n",
+            progName);
+    exit(1);
+}
+
+static void
+errWarn(char *funcString)
+{
+    PRErrorCode perr = PR_GetError();
+    PRInt32 oserr = PR_GetOSError();
+    const char *errString = SECU_Strerror(perr);
+
+    fprintf(stderr, "strsclnt: %s returned error %d, OS error %d: %s\n",
+            funcString, perr, oserr, errString);
+}
+
+static void
+errExit(char *funcString)
+{
+    errWarn(funcString);
+    exit(1);
+}
+
+/**************************************************************************
+**
+** Routines for disabling SSL ciphers.
+**
+**************************************************************************/
+
+void
+disableAllSSLCiphers(void)
+{
+    const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
+    int i = SSL_GetNumImplementedCiphers();
+    SECStatus rv;
+
+    /* disable all the SSL3 cipher suites */
+    while (--i >= 0) {
+        PRUint16 suite = cipherSuites[i];
+        rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
+        if (rv != SECSuccess) {
+            printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
+                   suite, i);
+            errWarn("SSL_CipherPrefSetDefault");
+            exit(2);
+        }
+    }
+}
+
+/* This invokes the "default" AuthCert handler in libssl.
+** The only reason to use this one is that it prints out info as it goes.
+*/
+static SECStatus
+mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
+                     PRBool isServer)
+{
+    SECStatus rv;
+    CERTCertificate *peerCert;
+    const SECItemArray *csa;
+
+    if (MakeCertOK >= 2) {
+        return SECSuccess;
+    }
+    peerCert = SSL_PeerCertificate(fd);
+
+    PRINTF("strsclnt: Subject: %s\nstrsclnt: Issuer : %s\n",
+           peerCert->subjectName, peerCert->issuerName);
+    csa = SSL_PeerStapledOCSPResponses(fd);
+    if (csa) {
+        PRINTF("Received %d Cert Status items (OCSP stapled data)\n",
+               csa->len);
+    }
+    /* invoke the "default" AuthCert handler. */
+    rv = SSL_AuthCertificate(arg, fd, checkSig, isServer);
+
+    PR_ATOMIC_INCREMENT(&certsTested);
+    if (rv == SECSuccess) {
+        fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr);
+    }
+    CERT_DestroyCertificate(peerCert);
+    /* error, if any, will be displayed by the Bad Cert Handler. */
+    return rv;
+}
+
+static SECStatus
+myBadCertHandler(void *arg, PRFileDesc *fd)
+{
+    PRErrorCode err = PR_GetError();
+    if (!MakeCertOK)
+        fprintf(stderr,
+                "strsclnt: -- SSL: Server Certificate Invalid, err %d.\n%s\n",
+                err, SECU_Strerror(err));
+    return (MakeCertOK ? SECSuccess : SECFailure);
+}
+
+void
+printSecurityInfo(PRFileDesc *fd)
+{
+    CERTCertificate *cert = NULL;
+    SSL3Statistics *ssl3stats = SSL_GetStatistics();
+    SECStatus result;
+    SSLChannelInfo channel;
+    SSLCipherSuiteInfo suite;
+
+    static int only_once;
+
+    if (only_once && verbose < 2)
+        return;
+    only_once = 1;
+
+    result = SSL_GetChannelInfo(fd, &channel, sizeof channel);
+    if (result == SECSuccess &&
+        channel.length == sizeof channel &&
+        channel.cipherSuite) {
+        result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
+                                        &suite, sizeof suite);
+        if (result == SECSuccess) {
+            FPRINTF(stderr,
+                    "strsclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
+                    channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
+                    suite.effectiveKeyBits, suite.symCipherName,
+                    suite.macBits, suite.macAlgorithmName);
+            FPRINTF(stderr,
+                    "strsclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
+                    "          Compression: %s\n",
+                    channel.authKeyBits, suite.authAlgorithmName,
+                    channel.keaKeyBits, suite.keaTypeName,
+                    channel.compressionMethodName);
+        }
+    }
+
+    cert = SSL_LocalCertificate(fd);
+    if (!cert)
+        cert = SSL_PeerCertificate(fd);
+
+    if (verbose && cert) {
+        char *ip = CERT_NameToAscii(&cert->issuer);
+        char *sp = CERT_NameToAscii(&cert->subject);
+        if (sp) {
+            fprintf(stderr, "strsclnt: subject DN: %s\n", sp);
+            PORT_Free(sp);
+        }
+        if (ip) {
+            fprintf(stderr, "strsclnt: issuer  DN: %s\n", ip);
+            PORT_Free(ip);
+        }
+    }
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+        cert = NULL;
+    }
+    fprintf(stderr,
+            "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
+            "          %ld stateless resumes\n",
+            ssl3stats->hsh_sid_cache_hits,
+            ssl3stats->hsh_sid_cache_misses,
+            ssl3stats->hsh_sid_cache_not_ok,
+            ssl3stats->hsh_sid_stateless_resumes);
+}
+
+/**************************************************************************
+** Begin thread management routines and data.
+**************************************************************************/
+
+#define MAX_THREADS 128
+
+typedef SECStatus startFn(void *a, void *b, int c);
+
+static PRInt32 numConnected;
+static int max_threads; /* peak threads allowed */
+
+typedef struct perThreadStr {
+    void *a;
+    void *b;
+    int tid;
+    int rv;
+    startFn *startFunc;
+    PRThread *prThread;
+    PRBool inUse;
+} perThread;
+
+perThread threads[MAX_THREADS];
+
+void
+thread_wrapper(void *arg)
+{
+    perThread *slot = (perThread *)arg;
+    PRBool done = PR_FALSE;
+
+    do {
+        PRBool doop = PR_FALSE;
+        PRBool dosleep = PR_FALSE;
+        PRTime now = PR_Now();
+
+        PR_Lock(threadLock);
+        if (!(slot->tid < active_threads)) {
+            /* this thread isn't supposed to be running */
+            if (!ThrottleUp) {
+                /* we'll never need this thread again, so abort it */
+                done = PR_TRUE;
+            } else if (remaining_connections > 0) {
+                /* we may still need this thread, so just sleep for 1s */
+                dosleep = PR_TRUE;
+                /* the conditions to trigger a throttle up are :
+                ** 1. last PR_Connect failure must have happened more than
+                **    10s ago
+                ** 2. last throttling up must have happened more than 0.5s ago
+                ** 3. there must be a more recent PR_Connect success than
+                **    failure
+                */
+                if ((now - lastConnectFailure > 10 * PR_USEC_PER_SEC) &&
+                    ((!lastThrottleUp) || ((now - lastThrottleUp) >=
+                                           (PR_USEC_PER_SEC / 2))) &&
+                    (lastConnectSuccess > lastConnectFailure)) {
+                    /* try throttling up by one thread */
+                    active_threads = PR_MIN(max_threads, active_threads + 1);
+                    fprintf(stderr, "active_threads set up to %d\n",
+                            active_threads);
+                    lastThrottleUp = PR_MAX(now, lastThrottleUp);
+                }
+            } else {
+                /* no more connections left, we are done */
+                done = PR_TRUE;
+            }
+        } else {
+            /* this thread should run */
+            if (--remaining_connections >= 0) { /* protected by threadLock */
+                doop = PR_TRUE;
+            } else {
+                done = PR_TRUE;
+            }
+        }
+        PR_Unlock(threadLock);
+        if (doop) {
+            slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->tid);
+            PRINTF("strsclnt: Thread in slot %d returned %d\n",
+                   slot->tid, slot->rv);
+        }
+        if (dosleep) {
+            PR_Sleep(PR_SecondsToInterval(1));
+        }
+    } while (!done && (!failed_already || ignoreErrors));
+}
+
+SECStatus
+launch_thread(
+    startFn *startFunc,
+    void *a,
+    void *b,
+    int tid)
+{
+    PRUint32 i;
+    perThread *slot;
+
+    PR_Lock(threadLock);
+
+    PORT_Assert(numUsed < MAX_THREADS);
+    if (!(numUsed < MAX_THREADS)) {
+        PR_Unlock(threadLock);
+        return SECFailure;
+    }
+
+    i = numUsed++;
+    slot = &threads[i];
+    slot->a = a;
+    slot->b = b;
+    slot->tid = tid;
+
+    slot->startFunc = startFunc;
+
+    slot->prThread = PR_CreateThread(PR_USER_THREAD,
+                                     thread_wrapper, slot,
+                                     PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+                                     PR_JOINABLE_THREAD, 0);
+    if (slot->prThread == NULL) {
+        PR_Unlock(threadLock);
+        printf("strsclnt: Failed to launch thread!\n");
+        return SECFailure;
+    }
+
+    slot->inUse = 1;
+    PR_Unlock(threadLock);
+    PRINTF("strsclnt: Launched thread in slot %d \n", i);
+
+    return SECSuccess;
+}
+
+/* join all the threads */
+int
+reap_threads(void)
+{
+    int i;
+
+    for (i = 0; i < MAX_THREADS; ++i) {
+        if (threads[i].prThread) {
+            PR_JoinThread(threads[i].prThread);
+            threads[i].prThread = NULL;
+        }
+    }
+    return 0;
+}
+
+void
+destroy_thread_data(void)
+{
+    PORT_Memset(threads, 0, sizeof threads);
+
+    if (threadLock) {
+        PR_DestroyLock(threadLock);
+        threadLock = NULL;
+    }
+}
+
+void
+init_thread_data(void)
+{
+    threadLock = PR_NewLock();
+}
+
+/**************************************************************************
+** End   thread management routines.
+**************************************************************************/
+
+PRBool useModelSocket = PR_TRUE;
+
+static const char outHeader[] = {
+    "HTTP/1.0 200 OK\r\n"
+    "Server: Netscape-Enterprise/2.0a\r\n"
+    "Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
+    "Content-type: text/plain\r\n"
+    "\r\n"
+};
+
+struct lockedVarsStr {
+    PRLock *lock;
+    int count;
+    int waiters;
+    PRCondVar *condVar;
+};
+
+typedef struct lockedVarsStr lockedVars;
+
+void
+lockedVars_Init(lockedVars *lv)
+{
+    lv->count = 0;
+    lv->waiters = 0;
+    lv->lock = PR_NewLock();
+    lv->condVar = PR_NewCondVar(lv->lock);
+}
+
+void
+lockedVars_Destroy(lockedVars *lv)
+{
+    PR_DestroyCondVar(lv->condVar);
+    lv->condVar = NULL;
+
+    PR_DestroyLock(lv->lock);
+    lv->lock = NULL;
+}
+
+void
+lockedVars_WaitForDone(lockedVars *lv)
+{
+    PR_Lock(lv->lock);
+    while (lv->count > 0) {
+        PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+    }
+    PR_Unlock(lv->lock);
+}
+
+int /* returns count */
+    lockedVars_AddToCount(lockedVars *lv, int addend)
+{
+    int rv;
+
+    PR_Lock(lv->lock);
+    rv = lv->count += addend;
+    if (rv <= 0) {
+        PR_NotifyCondVar(lv->condVar);
+    }
+    PR_Unlock(lv->lock);
+    return rv;
+}
+
+SECStatus
+do_writes(
+    void *a,
+    void *b,
+    int c)
+{
+    PRFileDesc *ssl_sock = (PRFileDesc *)a;
+    lockedVars *lv = (lockedVars *)b;
+    unsigned int sent = 0;
+    int count = 0;
+
+    while (sent < bigBuf.len) {
+
+        count = PR_Send(ssl_sock, bigBuf.data + sent, bigBuf.len - sent,
+                        0, maxInterval);
+        if (count < 0) {
+            errWarn("PR_Send bigBuf");
+            break;
+        }
+        FPRINTF(stderr, "strsclnt: PR_Send wrote %d bytes from bigBuf\n",
+                count);
+        sent += count;
+    }
+    if (count >= 0) { /* last write didn't fail. */
+        PR_Shutdown(ssl_sock, PR_SHUTDOWN_SEND);
+    }
+
+    /* notify the reader that we're done. */
+    lockedVars_AddToCount(lv, -1);
+    return (sent < bigBuf.len) ? SECFailure : SECSuccess;
+}
+
+int
+handle_fdx_connection(PRFileDesc *ssl_sock, int connection)
+{
+    SECStatus result;
+    int firstTime = 1;
+    int countRead = 0;
+    lockedVars lv;
+    char *buf;
+
+    lockedVars_Init(&lv);
+    lockedVars_AddToCount(&lv, 1);
+
+    /* Attempt to launch the writer thread. */
+    result = launch_thread(do_writes, ssl_sock, &lv, connection);
+
+    if (result != SECSuccess)
+        goto cleanup;
+
+    buf = PR_Malloc(RD_BUF_SIZE);
+
+    if (buf) {
+        do {
+            /* do reads here. */
+            PRInt32 count;
+
+            count = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval);
+            if (count < 0) {
+                errWarn("PR_Recv");
+                break;
+            }
+            countRead += count;
+            FPRINTF(stderr,
+                    "strsclnt: connection %d read %d bytes (%d total).\n",
+                    connection, count, countRead);
+            if (firstTime) {
+                firstTime = 0;
+                printSecurityInfo(ssl_sock);
+            }
+        } while (lockedVars_AddToCount(&lv, 0) > 0);
+        PR_Free(buf);
+        buf = 0;
+    }
+
+    /* Wait for writer to finish */
+    lockedVars_WaitForDone(&lv);
+    lockedVars_Destroy(&lv);
+
+    FPRINTF(stderr,
+            "strsclnt: connection %d read %d bytes total. -----------------------\n",
+            connection, countRead);
+
+cleanup:
+    /* Caller closes the socket. */
+
+    return SECSuccess;
+}
+
+const char request[] = { "GET /abc HTTP/1.0\r\n\r\n" };
+
+SECStatus
+handle_connection(PRFileDesc *ssl_sock, int tid)
+{
+    int countRead = 0;
+    PRInt32 rv;
+    char *buf;
+
+    buf = PR_Malloc(RD_BUF_SIZE);
+    if (!buf)
+        return SECFailure;
+
+    /* compose the http request here. */
+
+    rv = PR_Send(ssl_sock, request, strlen(request), 0, maxInterval);
+    if (rv <= 0) {
+        errWarn("PR_Send");
+        PR_Free(buf);
+        buf = 0;
+        failed_already = 1;
+        return SECFailure;
+    }
+    printSecurityInfo(ssl_sock);
+
+    /* read until EOF */
+    while (1) {
+        rv = PR_Recv(ssl_sock, buf, RD_BUF_SIZE, 0, maxInterval);
+        if (rv == 0) {
+            break; /* EOF */
+        }
+        if (rv < 0) {
+            errWarn("PR_Recv");
+            failed_already = 1;
+            break;
+        }
+
+        countRead += rv;
+        FPRINTF(stderr,
+                "strsclnt: connection on thread %d read %d bytes (%d total).\n",
+                tid, rv, countRead);
+    }
+    PR_Free(buf);
+    buf = 0;
+
+    /* Caller closes the socket. */
+
+    FPRINTF(stderr,
+            "strsclnt: connection on thread %d read %d bytes total. ---------\n",
+            tid, countRead);
+
+    return SECSuccess; /* success */
+}
+
+#define USE_SOCK_PEER_ID 1
+
+#ifdef USE_SOCK_PEER_ID
+
+PRInt32 lastFullHandshakePeerID;
+
+void
+myHandshakeCallback(PRFileDesc *socket, void *arg)
+{
+    PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL));
+}
+
+#endif
+
+/* one copy of this function is launched in a separate thread for each
+** connection to be made.
+*/
+SECStatus
+do_connects(
+    void *a,
+    void *b,
+    int tid)
+{
+    PRNetAddr *addr = (PRNetAddr *)a;
+    PRFileDesc *model_sock = (PRFileDesc *)b;
+    PRFileDesc *ssl_sock = 0;
+    PRFileDesc *tcp_sock = 0;
+    PRStatus prStatus;
+    PRUint32 sleepInterval = 50; /* milliseconds */
+    SECStatus rv = SECSuccess;
+    PRSocketOptionData opt;
+
+retry:
+
+    tcp_sock = PR_OpenTCPSocket(addr->raw.family);
+    if (tcp_sock == NULL) {
+        errExit("PR_OpenTCPSocket");
+    }
+
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    prStatus = PR_SetSocketOption(tcp_sock, &opt);
+    if (prStatus != PR_SUCCESS) {
+        errWarn("PR_SetSocketOption(PR_SockOpt_Nonblocking, PR_FALSE)");
+        PR_Close(tcp_sock);
+        return SECSuccess;
+    }
+
+    if (NoDelay) {
+        opt.option = PR_SockOpt_NoDelay;
+        opt.value.no_delay = PR_TRUE;
+        prStatus = PR_SetSocketOption(tcp_sock, &opt);
+        if (prStatus != PR_SUCCESS) {
+            errWarn("PR_SetSocketOption(PR_SockOpt_NoDelay, PR_TRUE)");
+            PR_Close(tcp_sock);
+            return SECSuccess;
+        }
+    }
+
+    prStatus = PR_Connect(tcp_sock, addr, PR_INTERVAL_NO_TIMEOUT);
+    if (prStatus != PR_SUCCESS) {
+        PRErrorCode err = PR_GetError(); /* save error code */
+        PRInt32 oserr = PR_GetOSError();
+        if (ThrottleUp) {
+            PRTime now = PR_Now();
+            PR_Lock(threadLock);
+            lastConnectFailure = PR_MAX(now, lastConnectFailure);
+            PR_Unlock(threadLock);
+            PR_SetError(err, oserr); /* restore error code */
+        }
+        if ((err == PR_CONNECT_REFUSED_ERROR) ||
+            (err == PR_CONNECT_RESET_ERROR)) {
+            int connections = numConnected;
+
+            PR_Close(tcp_sock);
+            PR_Lock(threadLock);
+            if (connections > 2 && active_threads >= connections) {
+                active_threads = connections - 1;
+                fprintf(stderr, "active_threads set down to %d\n",
+                        active_threads);
+            }
+            PR_Unlock(threadLock);
+
+            if (QuitOnTimeout && sleepInterval > 40000) {
+                fprintf(stderr,
+                        "strsclnt: Client timed out waiting for connection to server.\n");
+                exit(1);
+            }
+            PR_Sleep(PR_MillisecondsToInterval(sleepInterval));
+            sleepInterval <<= 1;
+            goto retry;
+        }
+        errWarn("PR_Connect");
+        goto done;
+    } else {
+        if (ThrottleUp) {
+            PRTime now = PR_Now();
+            PR_Lock(threadLock);
+            lastConnectSuccess = PR_MAX(now, lastConnectSuccess);
+            PR_Unlock(threadLock);
+        }
+    }
+
+    ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
+    /* XXX if this import fails, close tcp_sock and return. */
+    if (!ssl_sock) {
+        PR_Close(tcp_sock);
+        return SECSuccess;
+    }
+    if (fullhs != NO_FULLHS_PERCENTAGE) {
+#ifdef USE_SOCK_PEER_ID
+        char sockPeerIDString[512];
+        static PRInt32 sockPeerID = 0; /* atomically incremented */
+        PRInt32 thisPeerID;
+#endif
+        PRInt32 savid = PR_ATOMIC_INCREMENT(&globalconid);
+        PRInt32 conid = 1 + (savid - 1) % 100;
+        /* don't change peer ID on the very first handshake, which is always
+           a full, so the session gets stored into the client cache */
+        if ((savid != 1) &&
+            (((savid <= total_connections_rounded_down_to_hundreds) &&
+              (conid <= fullhs)) ||
+             (conid * 100 <= total_connections_modulo_100 * fullhs)))
+#ifdef USE_SOCK_PEER_ID
+        {
+            /* force a full handshake by changing the socket peer ID */
+            thisPeerID = PR_ATOMIC_INCREMENT(&sockPeerID);
+        } else {
+            /* reuse previous sockPeerID for restart handhsake */
+            thisPeerID = lastFullHandshakePeerID;
+        }
+        PR_snprintf(sockPeerIDString, sizeof(sockPeerIDString), "ID%d",
+                    thisPeerID);
+        SSL_SetSockPeerID(ssl_sock, sockPeerIDString);
+        SSL_HandshakeCallback(ssl_sock, myHandshakeCallback,
+                              (char *)NULL + thisPeerID);
+#else
+            /* force a full handshake by setting the no cache option */
+            SSL_OptionSet(ssl_sock, SSL_NO_CACHE, 1);
+#endif
+    }
+    rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0);
+    if (rv != SECSuccess) {
+        errWarn("SSL_ResetHandshake");
+        goto done;
+    }
+
+    PR_ATOMIC_INCREMENT(&numConnected);
+
+    if (bigBuf.data != NULL) {
+        (void)handle_fdx_connection(ssl_sock, tid);
+    } else {
+        (void)handle_connection(ssl_sock, tid);
+    }
+
+    PR_ATOMIC_DECREMENT(&numConnected);
+
+done:
+    if (ssl_sock) {
+        PR_Close(ssl_sock);
+    } else if (tcp_sock) {
+        PR_Close(tcp_sock);
+    }
+    return rv;
+}
+
+typedef struct {
+    PRLock *lock;
+    char *nickname;
+    CERTCertificate *cert;
+    SECKEYPrivateKey *key;
+    void *wincx;
+} cert_and_key;
+
+PRBool
+FindCertAndKey(cert_and_key *Cert_And_Key)
+{
+    if ((NULL == Cert_And_Key->nickname) || (0 == strcmp(Cert_And_Key->nickname, "none"))) {
+        return PR_TRUE;
+    }
+    Cert_And_Key->cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                  Cert_And_Key->nickname, certUsageSSLClient,
+                                                  PR_FALSE, Cert_And_Key->wincx);
+    if (Cert_And_Key->cert) {
+        Cert_And_Key->key = PK11_FindKeyByAnyCert(Cert_And_Key->cert, Cert_And_Key->wincx);
+    }
+    if (Cert_And_Key->cert && Cert_And_Key->key) {
+        return PR_TRUE;
+    } else {
+        return PR_FALSE;
+    }
+}
+
+PRBool
+LoggedIn(CERTCertificate *cert, SECKEYPrivateKey *key)
+{
+    if ((cert->slot) && (key->pkcs11Slot) &&
+        (PR_TRUE == PK11_IsLoggedIn(cert->slot, NULL)) &&
+        (PR_TRUE == PK11_IsLoggedIn(key->pkcs11Slot, NULL))) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+SECStatus
+StressClient_GetClientAuthData(void *arg,
+                               PRFileDesc *socket,
+                               struct CERTDistNamesStr *caNames,
+                               struct CERTCertificateStr **pRetCert,
+                               struct SECKEYPrivateKeyStr **pRetKey)
+{
+    cert_and_key *Cert_And_Key = (cert_and_key *)arg;
+
+    if (!pRetCert || !pRetKey) {
+        /* bad pointers, can't return a cert or key */
+        return SECFailure;
+    }
+
+    *pRetCert = NULL;
+    *pRetKey = NULL;
+
+    if (Cert_And_Key && Cert_And_Key->nickname) {
+        while (PR_TRUE) {
+            if (Cert_And_Key && Cert_And_Key->lock) {
+                int timeout = 0;
+                PR_Lock(Cert_And_Key->lock);
+
+                if (Cert_And_Key->cert) {
+                    *pRetCert = CERT_DupCertificate(Cert_And_Key->cert);
+                }
+
+                if (Cert_And_Key->key) {
+                    *pRetKey = SECKEY_CopyPrivateKey(Cert_And_Key->key);
+                }
+                PR_Unlock(Cert_And_Key->lock);
+                if (!*pRetCert || !*pRetKey) {
+                    /* one or both of them failed to copy. Either the source was NULL, or there was
+                    ** an out of memory condition. Free any allocated copy and fail */
+                    if (*pRetCert) {
+                        CERT_DestroyCertificate(*pRetCert);
+                        *pRetCert = NULL;
+                    }
+                    if (*pRetKey) {
+                        SECKEY_DestroyPrivateKey(*pRetKey);
+                        *pRetKey = NULL;
+                    }
+                    break;
+                }
+                /* now check if those objects are valid */
+                if (PR_FALSE == LoggedIn(*pRetCert, *pRetKey)) {
+                    /* token is no longer logged in, it was removed */
+
+                    /* first, delete and clear our invalid local objects */
+                    CERT_DestroyCertificate(*pRetCert);
+                    SECKEY_DestroyPrivateKey(*pRetKey);
+                    *pRetCert = NULL;
+                    *pRetKey = NULL;
+
+                    PR_Lock(Cert_And_Key->lock);
+                    /* check if another thread already logged back in */
+                    if (PR_TRUE == LoggedIn(Cert_And_Key->cert, Cert_And_Key->key)) {
+                        /* yes : try again */
+                        PR_Unlock(Cert_And_Key->lock);
+                        continue;
+                    }
+                    /* this is the thread to retry */
+                    CERT_DestroyCertificate(Cert_And_Key->cert);
+                    SECKEY_DestroyPrivateKey(Cert_And_Key->key);
+                    Cert_And_Key->cert = NULL;
+                    Cert_And_Key->key = NULL;
+
+                    /* now look up the cert and key again */
+                    while (PR_FALSE == FindCertAndKey(Cert_And_Key)) {
+                        PR_Sleep(PR_SecondsToInterval(1));
+                        timeout++;
+                        if (timeout >= 60) {
+                            printf("\nToken pulled and not reinserted early enough : aborting.\n");
+                            exit(1);
+                        }
+                    }
+                    PR_Unlock(Cert_And_Key->lock);
+                    continue;
+                    /* try again to reduce code size */
+                }
+                return SECSuccess;
+            }
+        }
+        *pRetCert = NULL;
+        *pRetKey = NULL;
+        return SECFailure;
+    } else {
+        /* no cert configured, automatically find the right cert. */
+        CERTCertificate *cert = NULL;
+        SECKEYPrivateKey *privkey = NULL;
+        CERTCertNicknames *names;
+        int i;
+        void *proto_win = NULL;
+        SECStatus rv = SECFailure;
+
+        if (Cert_And_Key) {
+            proto_win = Cert_And_Key->wincx;
+        }
+
+        names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+                                      SEC_CERT_NICKNAMES_USER, proto_win);
+        if (names != NULL) {
+            for (i = 0; i < names->numnicknames; i++) {
+                cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                names->nicknames[i], certUsageSSLClient,
+                                                PR_FALSE, proto_win);
+                if (!cert)
+                    continue;
+                /* Only check unexpired certs */
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
+                    secCertTimeValid) {
+                    CERT_DestroyCertificate(cert);
+                    continue;
+                }
+                rv = NSS_CmpCertChainWCANames(cert, caNames);
+                if (rv == SECSuccess) {
+                    privkey = PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privkey)
+                        break;
+                }
+                rv = SECFailure;
+                CERT_DestroyCertificate(cert);
+            }
+            CERT_FreeNicknames(names);
+        }
+        if (rv == SECSuccess) {
+            *pRetCert = cert;
+            *pRetKey = privkey;
+        }
+        return rv;
+    }
+}
+
+int
+hexchar_to_int(int c)
+{
+    if (((c) >= '0') && ((c) <= '9'))
+        return (c) - '0';
+    if (((c) >= 'a') && ((c) <= 'f'))
+        return (c) - 'a' + 10;
+    if (((c) >= 'A') && ((c) <= 'F'))
+        return (c) - 'A' + 10;
+    failed_already = 1;
+    return -1;
+}
+
+void
+client_main(
+    unsigned short port,
+    int connections,
+    cert_and_key *Cert_And_Key,
+    const char *hostName,
+    const char *sniHostName)
+{
+    PRFileDesc *model_sock = NULL;
+    int i;
+    int rv;
+    PRStatus status;
+    PRNetAddr addr;
+
+    status = PR_StringToNetAddr(hostName, &addr);
+    if (status == PR_SUCCESS) {
+        addr.inet.port = PR_htons(port);
+    } else {
+        /* Lookup host */
+        PRAddrInfo *addrInfo;
+        void *enumPtr = NULL;
+
+        addrInfo = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC,
+                                        PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME);
+        if (!addrInfo) {
+            SECU_PrintError(progName, "error looking up host");
+            return;
+        }
+        do {
+            enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, port, &addr);
+        } while (enumPtr != NULL &&
+                 addr.raw.family != PR_AF_INET &&
+                 addr.raw.family != PR_AF_INET6);
+        PR_FreeAddrInfo(addrInfo);
+        if (enumPtr == NULL) {
+            SECU_PrintError(progName, "error looking up host address");
+            return;
+        }
+    }
+
+    /* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
+    NSS_SetDomesticPolicy();
+
+    /* all SSL3 cipher suites are enabled by default. */
+    if (cipherString) {
+        int ndx;
+
+        /* disable all the ciphers, then enable the ones we want. */
+        disableAllSSLCiphers();
+
+        while (0 != (ndx = *cipherString)) {
+            const char *startCipher = cipherString++;
+            int cipher = 0;
+            SECStatus rv;
+
+            if (ndx == ':') {
+                cipher = hexchar_to_int(*cipherString++);
+                cipher <<= 4;
+                cipher |= hexchar_to_int(*cipherString++);
+                cipher <<= 4;
+                cipher |= hexchar_to_int(*cipherString++);
+                cipher <<= 4;
+                cipher |= hexchar_to_int(*cipherString++);
+                if (cipher <= 0) {
+                    fprintf(stderr, "strsclnt: Invalid cipher value: %-5.5s\n",
+                            startCipher);
+                    failed_already = 1;
+                    return;
+                }
+            } else {
+                if (isalpha(ndx)) {
+                    ndx = tolower(ndx) - 'a';
+                    if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) {
+                        cipher = ssl3CipherSuites[ndx];
+                    }
+                }
+                if (cipher <= 0) {
+                    fprintf(stderr, "strsclnt: Invalid cipher letter: %c\n",
+                            *startCipher);
+                    failed_already = 1;
+                    return;
+                }
+            }
+            rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
+            if (rv != SECSuccess) {
+                fprintf(stderr,
+                        "strsclnt: SSL_CipherPrefSetDefault(0x%04x) failed\n",
+                        cipher);
+                failed_already = 1;
+                return;
+            }
+        }
+    }
+
+    /* configure model SSL socket. */
+
+    model_sock = PR_OpenTCPSocket(addr.raw.family);
+    if (model_sock == NULL) {
+        errExit("PR_OpenTCPSocket for model socket");
+    }
+
+    model_sock = SSL_ImportFD(NULL, model_sock);
+    if (model_sock == NULL) {
+        errExit("SSL_ImportFD");
+    }
+
+    /* do SSL configuration. */
+
+    rv = SSL_OptionSet(model_sock, SSL_SECURITY, enabledVersions.min != 0);
+    if (rv < 0) {
+        errExit("SSL_OptionSet SSL_SECURITY");
+    }
+
+    rv = SSL_VersionRangeSet(model_sock, &enabledVersions);
+    if (rv != SECSuccess) {
+        errExit("error setting SSL/TLS version range ");
+    }
+
+    if (bigBuf.data) { /* doing FDX */
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
+        if (rv < 0) {
+            errExit("SSL_OptionSet SSL_ENABLE_FDX");
+        }
+    }
+
+    if (NoReuse) {
+        rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1);
+        if (rv < 0) {
+            errExit("SSL_OptionSet SSL_NO_CACHE");
+        }
+    }
+
+    if (disableLocking) {
+        rv = SSL_OptionSet(model_sock, SSL_NO_LOCKS, 1);
+        if (rv < 0) {
+            errExit("SSL_OptionSet SSL_NO_LOCKS");
+        }
+    }
+
+    if (enableSessionTickets) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+        if (rv != SECSuccess)
+            errExit("SSL_OptionSet SSL_ENABLE_SESSION_TICKETS");
+    }
+
+    if (enableCompression) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_DEFLATE, PR_TRUE);
+        if (rv != SECSuccess)
+            errExit("SSL_OptionSet SSL_ENABLE_DEFLATE");
+    }
+
+    if (enableFalseStart) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_FALSE_START, PR_TRUE);
+        if (rv != SECSuccess)
+            errExit("SSL_OptionSet SSL_ENABLE_FALSE_START");
+    }
+
+    if (enableCertStatus) {
+        rv = SSL_OptionSet(model_sock, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+        if (rv != SECSuccess)
+            errExit("SSL_OptionSet SSL_ENABLE_OCSP_STAPLING");
+    }
+
+    SSL_SetPKCS11PinArg(model_sock, &pwdata);
+
+    SSL_SetURL(model_sock, hostName);
+
+    SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
+                            (void *)CERT_GetDefaultCertDB());
+    SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
+
+    SSL_GetClientAuthDataHook(model_sock, StressClient_GetClientAuthData, (void *)Cert_And_Key);
+
+    if (sniHostName) {
+        SSL_SetURL(model_sock, sniHostName);
+    }
+    /* I'm not going to set the HandshakeCallback function. */
+
+    /* end of ssl configuration. */
+
+    init_thread_data();
+
+    remaining_connections = total_connections = connections;
+    total_connections_modulo_100 = total_connections % 100;
+    total_connections_rounded_down_to_hundreds =
+        total_connections - total_connections_modulo_100;
+
+    if (!NoReuse) {
+        remaining_connections = 1;
+        launch_thread(do_connects, &addr, model_sock, 0);
+        /* wait for the first connection to terminate, then launch the rest. */
+        reap_threads();
+        remaining_connections = total_connections - 1;
+    }
+    if (remaining_connections > 0) {
+        active_threads = PR_MIN(active_threads, remaining_connections);
+        /* Start up the threads */
+        for (i = 0; i < active_threads; i++) {
+            launch_thread(do_connects, &addr, model_sock, i);
+        }
+        reap_threads();
+    }
+    destroy_thread_data();
+
+    PR_Close(model_sock);
+}
+
+SECStatus
+readBigFile(const char *fileName)
+{
+    PRFileInfo info;
+    PRStatus status;
+    SECStatus rv = SECFailure;
+    int count;
+    int hdrLen;
+    PRFileDesc *local_file_fd = NULL;
+
+    status = PR_GetFileInfo(fileName, &info);
+
+    if (status == PR_SUCCESS &&
+        info.type == PR_FILE_FILE &&
+        info.size > 0 &&
+        NULL != (local_file_fd = PR_Open(fileName, PR_RDONLY, 0))) {
+
+        hdrLen = PORT_Strlen(outHeader);
+        bigBuf.len = hdrLen + info.size;
+        bigBuf.data = PORT_Malloc(bigBuf.len + 4095);
+        if (!bigBuf.data) {
+            errWarn("PORT_Malloc");
+            goto done;
+        }
+
+        PORT_Memcpy(bigBuf.data, outHeader, hdrLen);
+
+        count = PR_Read(local_file_fd, bigBuf.data + hdrLen, info.size);
+        if (count != info.size) {
+            errWarn("PR_Read local file");
+            goto done;
+        }
+        rv = SECSuccess;
+    done:
+        PR_Close(local_file_fd);
+    }
+    return rv;
+}
+
+int
+main(int argc, char **argv)
+{
+    const char *dir = ".";
+    const char *fileName = NULL;
+    char *hostName = NULL;
+    char *nickName = NULL;
+    char *tmp = NULL;
+    int connections = 1;
+    int exitVal;
+    int tmpInt;
+    unsigned short port = 443;
+    SECStatus rv;
+    PLOptState *optstate;
+    PLOptStatus status;
+    cert_and_key Cert_And_Key;
+    char *sniHostName = NULL;
+
+    /* Call the NSPR initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
+
+    tmp = strrchr(argv[0], '/');
+    tmp = tmp ? tmp + 1 : argv[0];
+    progName = strrchr(tmp, '\\');
+    progName = progName ? progName + 1 : tmp;
+
+    /* XXX: 'B' was used in the past but removed in 3.28,
+     *      please leave some time before resuing it. */
+    optstate = PL_CreateOptState(argc, argv,
+                                 "C:DNP:TUV:W:a:c:d:f:gin:op:qst:uvw:z");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'C':
+                cipherString = optstate->value;
+                break;
+
+            case 'D':
+                NoDelay = PR_TRUE;
+                break;
+
+            case 'I': /* reserved for OCSP multi-stapling */
+                break;
+
+            case 'N':
+                NoReuse = 1;
+                break;
+
+            case 'P':
+                fullhs = PORT_Atoi(optstate->value);
+                break;
+
+            case 'T':
+                enableCertStatus = PR_TRUE;
+                break;
+
+            case 'U':
+                ThrottleUp = PR_TRUE;
+                break;
+
+            case 'V':
+                if (SECU_ParseSSLVersionRangeString(optstate->value,
+                                                    enabledVersions, &enabledVersions) !=
+                    SECSuccess) {
+                    fprintf(stderr, "Bad version specified.\n");
+                    Usage(progName);
+                }
+                break;
+
+            case 'a':
+                sniHostName = PL_strdup(optstate->value);
+                break;
+
+            case 'c':
+                connections = PORT_Atoi(optstate->value);
+                break;
+
+            case 'd':
+                dir = optstate->value;
+                break;
+
+            case 'f':
+                fileName = optstate->value;
+                break;
+
+            case 'g':
+                enableFalseStart = PR_TRUE;
+                break;
+
+            case 'i':
+                ignoreErrors = PR_TRUE;
+                break;
+
+            case 'n':
+                nickName = PL_strdup(optstate->value);
+                break;
+
+            case 'o':
+                MakeCertOK++;
+                break;
+
+            case 'p':
+                port = PORT_Atoi(optstate->value);
+                break;
+
+            case 'q':
+                QuitOnTimeout = PR_TRUE;
+                break;
+
+            case 's':
+                disableLocking = PR_TRUE;
+                break;
+
+            case 't':
+                tmpInt = PORT_Atoi(optstate->value);
+                if (tmpInt > 0 && tmpInt < MAX_THREADS)
+                    max_threads = active_threads = tmpInt;
+                break;
+
+            case 'u':
+                enableSessionTickets = PR_TRUE;
+                break;
+
+            case 'v':
+                verbose++;
+                break;
+
+            case 'w':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = PL_strdup(optstate->value);
+                break;
+
+            case 'W':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PL_strdup(optstate->value);
+                break;
+
+            case 'z':
+                enableCompression = PR_TRUE;
+                break;
+
+            case 0: /* positional parameter */
+                if (hostName) {
+                    Usage(progName);
+                }
+                hostName = PL_strdup(optstate->value);
+                break;
+
+            default:
+            case '?':
+                Usage(progName);
+                break;
+        }
+    }
+    PL_DestroyOptState(optstate);
+
+    if (!hostName || status == PL_OPT_BAD)
+        Usage(progName);
+
+    if (fullhs != NO_FULLHS_PERCENTAGE && (fullhs < 0 || fullhs > 100 || NoReuse))
+        Usage(progName);
+
+    if (port == 0)
+        Usage(progName);
+
+    if (fileName)
+        readBigFile(fileName);
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
+    if (tmp && tmp[0]) {
+        int sec = PORT_Atoi(tmp);
+        if (sec > 0) {
+            maxInterval = PR_SecondsToInterval(sec);
+        }
+    }
+
+    /* Call the NSS initialization routines */
+    rv = NSS_Initialize(dir, "", "", SECMOD_DB, NSS_INIT_READONLY);
+    if (rv != SECSuccess) {
+        fputs("NSS_Init failed.\n", stderr);
+        exit(1);
+    }
+    ssl3stats = SSL_GetStatistics();
+    Cert_And_Key.lock = PR_NewLock();
+    Cert_And_Key.nickname = nickName;
+    Cert_And_Key.wincx = &pwdata;
+    Cert_And_Key.cert = NULL;
+    Cert_And_Key.key = NULL;
+
+    if (PR_FALSE == FindCertAndKey(&Cert_And_Key)) {
+
+        if (Cert_And_Key.cert == NULL) {
+            fprintf(stderr, "strsclnt: Can't find certificate %s\n", Cert_And_Key.nickname);
+            exit(1);
+        }
+
+        if (Cert_And_Key.key == NULL) {
+            fprintf(stderr, "strsclnt: Can't find Private Key for cert %s\n",
+                    Cert_And_Key.nickname);
+            exit(1);
+        }
+    }
+
+    client_main(port, connections, &Cert_And_Key, hostName,
+                sniHostName);
+
+    /* clean up */
+    if (Cert_And_Key.cert) {
+        CERT_DestroyCertificate(Cert_And_Key.cert);
+    }
+    if (Cert_And_Key.key) {
+        SECKEY_DestroyPrivateKey(Cert_And_Key.key);
+    }
+
+    PR_DestroyLock(Cert_And_Key.lock);
+
+    if (pwdata.data) {
+        PL_strfree(pwdata.data);
+    }
+    if (Cert_And_Key.nickname) {
+        PL_strfree(Cert_And_Key.nickname);
+    }
+    if (sniHostName) {
+        PL_strfree(sniHostName);
+    }
+
+    PL_strfree(hostName);
+
+    /* some final stats. */
+    printf(
+        "strsclnt: %ld cache hits; %ld cache misses, %ld cache not reusable\n"
+        "          %ld stateless resumes\n",
+        ssl3stats->hsh_sid_cache_hits,
+        ssl3stats->hsh_sid_cache_misses,
+        ssl3stats->hsh_sid_cache_not_ok,
+        ssl3stats->hsh_sid_stateless_resumes);
+
+    if (!NoReuse) {
+        if (enableSessionTickets)
+            exitVal = (ssl3stats->hsh_sid_stateless_resumes == 0);
+        else
+            exitVal = (ssl3stats->hsh_sid_cache_misses > 1) ||
+                      (ssl3stats->hsh_sid_stateless_resumes != 0);
+        if (!exitVal)
+            exitVal = (ssl3stats->hsh_sid_cache_not_ok != 0) ||
+                      (certsTested > 1);
+    } else {
+        printf("strsclnt: NoReuse - %d server certificates tested.\n",
+               certsTested);
+        exitVal = (ssl3stats->hsh_sid_cache_misses != connections) ||
+                  (ssl3stats->hsh_sid_stateless_resumes != 0) ||
+                  (certsTested != connections);
+    }
+
+    exitVal = (exitVal || failed_already);
+    SSL_ClearSessionCache();
+    if (NSS_Shutdown() != SECSuccess) {
+        printf("strsclnt: NSS_Shutdown() failed.\n");
+        exit(1);
+    }
+
+    PR_Cleanup();
+    return exitVal;
+}
diff --git a/nss/cmd/strsclnt/strsclnt.gyp b/nss/cmd/strsclnt/strsclnt.gyp
new file mode 100644
index 0000000..4093017
--- /dev/null
+++ b/nss/cmd/strsclnt/strsclnt.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'strsclnt',
+      'type': 'executable',
+      'sources': [
+        'strsclnt.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/symkeyutil/Makefile b/nss/cmd/symkeyutil/Makefile
new file mode 100644
index 0000000..74ae200
--- /dev/null
+++ b/nss/cmd/symkeyutil/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
diff --git a/nss/cmd/symkeyutil/manifest.mn b/nss/cmd/symkeyutil/manifest.mn
new file mode 100644
index 0000000..f87480e
--- /dev/null
+++ b/nss/cmd/symkeyutil/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DEFINES += -DNSPR20
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = symkeyutil.c 
+#CSRCS = symkeytest.c 
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = dbm seccmd
+
+PROGRAM = symkeyutil
+#PROGRAM = symkeytest
+
+#USE_STATIC_LIBS = 1
diff --git a/nss/cmd/symkeyutil/symkey.man b/nss/cmd/symkeyutil/symkey.man
new file mode 100644
index 0000000..e3c2e4c
--- /dev/null
+++ b/nss/cmd/symkeyutil/symkey.man
@@ -0,0 +1,182 @@
+
+NAME
+    symkeyutil - manage fixed keys in the database
+
+SYNOPSIS
+    symkeyutil -H
+    symkeyutil -L [std_opts] [-r]
+    symkeyutil -K [-n name] -t type [-s size] [-i id |-j id_file] [std_opts]
+    symkeyutil -D <[-n name | -i id | -j id_file> [std_opts]
+    symkeyutil -I [-n name] [-t type] [-i id | -j id_file] -k data_file [std_opts]
+    symkeyutil -E  <-nname | -i id | -j id_file> [-t type] -k data_file [-r] [std_opts]
+    symkeyutil -U [-n name] [-t type] [-i id | -j id_file] -k data_file <wrap_opts> [std_opts]
+    symkeyutil -W <-n name | -i id | -j id_file> [-t type] -k data_file [-r] <wrap_opts> [std_opts]
+    symkeyutil -M <-n name | -i id | -j id_file> -g target_token [std_opts]
+      std_opts -> [-d certdir] [-P dbprefix] [-p password] [-f passwordFile] [-h token]
+      wrap_opts -> <-w wrap_name | -x wrap_id | -y id_file>
+
+DESCRIPTION
+
+    NSS can store fixed keys as well as asymetric keys in the database. The
+    symkeyutil command can be used to manage these keys. 
+
+    As with certutil, symkeyutil takes two types of arguments, commands and
+    options. Most commands fall into one of two catagories: commands which
+    create keys and commands which extract or destroy keys. 
+
+    Exceptions to these catagories are listed first:
+
+    -H    takes no additional options. It lists a more detailed help message.
+    -L    takes the standard set of options. It lists all the keys in the 
+          specified token (NSS Internal DB Token is the default).  Only the 
+          -L option accepts the all option for tokens to list all the fixed 
+          keys.
+
+    Key Creation commands:
+    For these commands, the key type (-t) option is always required. 
+    In addition, the -s option may be required for certain key types.
+    The standard set of options may be specified.
+
+    -K   Create a new key using the token key gen function.
+    -I   Import a new key from the raw data specified in the data file,
+         specified with the -k options (required). This command may fail on 
+         some tokens that don't support direct import of key material. 
+    -U   Unwrap a new key from an encrypted data file specified with the -k
+         option. The -w, -x, or -y option specifies the unwrapping key.
+         The unwrapping algorithm is selected based on the type of the 
+         unwrapping key.
+
+    Key extraction/destruction options:
+    For these keys, one and only of of the -n, -i, or -j options must be 
+    specified. If more than one key matches the -n option, the 'first' key
+    matching will be used.  The standard set of options may be specified.
+
+    -D   Delete the key specified by the -n, -i, or -j options.
+    -E   Export the key specified by the -n, -i, or -j options and store the
+         contents to a file specified by the -k file (required). 
+         This command will seldom work on any token since most keys are 
+         protected from export.
+    -W   Wrap the key specified by the -n, -i, or -j options and store the
+         encrypted contents to a file specified by the -k file (required). 
+         The -w, -x, or -y option specifies the key used to wrap the 
+         target key. 
+    -M   Move the key specified by the -n, -i, or -j options to the token
+         specified by the -g option (required). The new key will have the
+         same attributes as the source key.
+
+OPTIONS
+
+    Standard options are those options that may be used by any command, and
+    whose meaning is the same for all commands.
+
+    -h token         Specify the token which the command will operate on. 
+                     If -h is not specified the internal token is presumed. In
+                     addition the special value 'all' may be used to specify 
+                     that all tokens should be used. This is only valid for 
+                     the '-L' command.
+    -d certdir       Specify the location of the NSS databases. The default
+                     value is platform dependent.
+    -P dbprefix      Specify the prefix for the NSS database. The default value
+                     is NULL.
+    -p password      Specify the password for the token. On the command line. 
+                     The -p and -f options are mutually exclusive. If 
+                     neither option is specified, the password would be 
+                     prompted from the user.
+    -f passwordFile  Specify a file that contains the password for the token.
+                     This option is mutually exclusive to the -p option.
+
+    In addition to the standard options are the following command specific 
+    options are.
+
+    -r               Opens the NSS databases Read/Write. By default the -L,
+                     -E, and -W commands open the database read only. Other
+                     commands automatically opens the databases Read/Write and
+                     igore this option if it is specified.
+
+    -n name          Specifies the nickname for the key.
+
+                     For the -K, -I, or -U options, name is the name for 
+                     the new key.  If -n is not specified, no name is 
+                     assumed. There is not check for duplicate names.
+
+                     For the -D, -E, -W, or -M, the name specifies the key to
+                     operate on. In this case one andy only one of the -n, -i
+                     or -j options should be specifed. It is possible that
+                     the -n options specifies and ambiguous key. In that case
+                     the 'first' valid key is used.
+
+                     For the -M option, the nickname for the new key is copied
+                     from it's original key, even if the original key is
+                     specified using -i or -j.
+
+    -i key id
+    -j key id file   These options are equivalent and mutually exclusive. 
+                     They specify the key id for the file. The -i option
+                     specifies the key id on the command line using a hex 
+                     string. The -j specifies a file to read the raw key
+                     id from.
+
+                     For the -K, -I, or -U options, key id is the key id for 
+                     the new key.  If -i or -j is not specified, no key id 
+                     is assumed.  Some tokens may generate their own unique 
+                     id for the key in this case (but it is not guarrenteed).
+
+                     For the -D, -E, -W, or -M, the key id specifies the key to
+                     operate on. In this case one andy only one of the -n, -i
+                     or -j options should be specifed. 
+
+   -t type           Specifies the key Type for the new key. This option is
+                     required for the -K, -I, and -U commands. Valid values
+                     are:
+			generic, rc2, rc4, des, des2, des3, cast, cast3,
+                        cast5, cast128, rc5, idea, skipjack, baton, juniper,
+                        cdmf, aes, camellia
+
+                     Not all tokens support all key types. The generic key
+                     type is usually used in MACing and key derivation 
+                     algorithms. Neither generic nor rc4 keys may be used
+                     to wrap other keys. Fixed rc4 keys are dangerous since
+                     multiple use of the same stream cipher key to encrypted
+                     different data can compromise all data encrypted with
+                     that key.
+
+   -s size           Specifies the key size. For most situations the key size
+                     is already known and need not be specified. For some 
+                     algorithms, however, it is necessary to specify the key
+                     size when generation or unwrapping the key.
+
+   -k key file       Specifies the name of a file that contains key data to
+                     import or unwrap (-I or -U), or the location to store
+                     key data or encrypted key data (-E or -W).
+
+   -g target token   Specifies the target token when moving a key (-M). This
+                     option is required for the -M command. It is invalid for
+                     all other commands.
+
+
+
+   -w wrap name
+   -x wrap key id
+   -y wrap key id file Specifies the wrapping key used int the -U and -W
+                      command. Exactly one of these must be specified for the
+                      -U or -W commands. Same semantics as the -n, -i, and -j
+                      options above.
+
+BUGS
+
+   There is no way display the key id of a key.
+
+   The -p and -f options only specifies one password. Multiple passwords may
+   be needed for the -L -h all command and the -M command.
+
+   Perhaps RC4 should not be supported as a key type. Use of these keys as
+   fixed keys is exceedingly dangerous.
+
+   The handling of multiple keys with the same nickname should be more 
+   deterministic than 'the first one'
+
+   There is no way to specify, or display the operation flags of a key. The
+   operation flags are not copied with the -M option as they should be.
+
+   There is no way to change the attributes of a key (nickname, id, operation
+   flags).
diff --git a/nss/cmd/symkeyutil/symkeyutil.c b/nss/cmd/symkeyutil/symkeyutil.c
new file mode 100644
index 0000000..6170cc3
--- /dev/null
+++ b/nss/cmd/symkeyutil/symkeyutil.c
@@ -0,0 +1,1102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** symkeyutil.c
+**
+** utility for managing symetric keys in the database or the token
+**
+*/
+
+/*
+ * Wish List for this utility:
+ *  1) Display and Set the CKA_ operation flags for the key.
+ *  2) Modify existing keys
+ *  3) Copy keys
+ *  4) Read CKA_ID and display for keys.
+ *  5) Option to store CKA_ID in a file on key creation.
+ *  6) Encrypt, Decrypt, Hash, and Mac with generated keys.
+ *  7) Use asymetric keys to wrap and unwrap keys.
+ *  8) Derive.
+ *  9) PBE keys.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "secutil.h"
+
+#include "nspr.h"
+
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "cryptohi.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "nss.h"
+
+typedef struct _KeyTypes {
+    CK_KEY_TYPE keyType;
+    CK_MECHANISM_TYPE mechType;
+    CK_MECHANISM_TYPE wrapMech;
+    char *label;
+} KeyTypes;
+
+static KeyTypes keyArray[] = {
+#ifdef RECOGNIZE_ASYMETRIC_TYPES
+    { CKK_RSA, CKM_RSA_PKCS, CKM_RSA_PKCS, "rsa" },
+    { CKK_DSA, CKM_DSA, CKM_INVALID_MECHANISM, "dsa" },
+    { CKK_DH, CKM_DH_PKCS_DERIVE, CKM_INVALID_MECHANISM, "dh" },
+    { CKK_EC, CKM_ECDSA, CKM_INVALID_MECHANISM, "ec" },
+    { CKK_X9_42_DH, CKM_X9_42_DH_DERIVE, CKM_INVALID_MECHANISM, "x9.42dh" },
+    { CKK_KEA, CKM_KEA_KEY_DERIVE, CKM_INVALID_MECHANISM, "kea" },
+#endif
+    { CKK_GENERIC_SECRET, CKM_SHA_1_HMAC, CKM_INVALID_MECHANISM, "generic" },
+    { CKK_RC2, CKM_RC2_CBC, CKM_RC2_ECB, "rc2" },
+    /* don't define a wrap mech for RC-4 since it's note really safe */
+    { CKK_RC4, CKM_RC4, CKM_INVALID_MECHANISM, "rc4" },
+    { CKK_DES, CKM_DES_CBC, CKM_DES_ECB, "des" },
+    { CKK_DES2, CKM_DES2_KEY_GEN, CKM_DES3_ECB, "des2" },
+    { CKK_DES3, CKM_DES3_KEY_GEN, CKM_DES3_ECB, "des3" },
+    { CKK_CAST, CKM_CAST_CBC, CKM_CAST_ECB, "cast" },
+    { CKK_CAST3, CKM_CAST3_CBC, CKM_CAST3_ECB, "cast3" },
+    { CKK_CAST5, CKM_CAST5_CBC, CKM_CAST5_ECB, "cast5" },
+    { CKK_CAST128, CKM_CAST128_CBC, CKM_CAST128_ECB, "cast128" },
+    { CKK_RC5, CKM_RC5_CBC, CKM_RC5_ECB, "rc5" },
+    { CKK_IDEA, CKM_IDEA_CBC, CKM_IDEA_ECB, "idea" },
+    { CKK_SKIPJACK, CKM_SKIPJACK_CBC64, CKM_SKIPJACK_WRAP, "skipjack" },
+    { CKK_BATON, CKM_BATON_CBC128, CKM_BATON_WRAP, "baton" },
+    { CKK_JUNIPER, CKM_JUNIPER_CBC128, CKM_JUNIPER_WRAP, "juniper" },
+    { CKK_CDMF, CKM_CDMF_CBC, CKM_CDMF_ECB, "cdmf" },
+    { CKK_AES, CKM_AES_CBC, CKM_AES_ECB, "aes" },
+    { CKK_CAMELLIA, CKM_CAMELLIA_CBC, CKM_CAMELLIA_ECB, "camellia" },
+};
+
+static int keyArraySize = sizeof(keyArray) / sizeof(keyArray[0]);
+
+int
+GetLen(PRFileDesc *fd)
+{
+    PRFileInfo info;
+
+    if (PR_SUCCESS != PR_GetOpenFileInfo(fd, &info)) {
+        return -1;
+    }
+
+    return info.size;
+}
+
+int
+ReadBuf(char *inFile, SECItem *item)
+{
+    int len;
+    int ret;
+    PRFileDesc *fd = PR_Open(inFile, PR_RDONLY, 0);
+    if (NULL == fd) {
+        SECU_PrintError("symkeyutil", "PR_Open failed");
+        return -1;
+    }
+
+    len = GetLen(fd);
+    if (len < 0) {
+        SECU_PrintError("symkeyutil", "PR_GetOpenFileInfo failed");
+        return -1;
+    }
+    item->data = (unsigned char *)PORT_Alloc(len);
+    if (item->data == NULL) {
+        fprintf(stderr, "Failed to allocate %d to read file %s\n", len, inFile);
+        return -1;
+    }
+
+    ret = PR_Read(fd, item->data, item->len);
+    if (ret < 0) {
+        SECU_PrintError("symkeyutil", "PR_Read failed");
+        PORT_Free(item->data);
+        item->data = NULL;
+        return -1;
+    }
+    PR_Close(fd);
+    item->len = len;
+    return 0;
+}
+
+int
+WriteBuf(char *inFile, SECItem *item)
+{
+    int ret;
+    PRFileDesc *fd = PR_Open(inFile, PR_WRONLY | PR_CREATE_FILE, 0x200);
+    if (NULL == fd) {
+        SECU_PrintError("symkeyutil", "PR_Open failed");
+        return -1;
+    }
+
+    ret = PR_Write(fd, item->data, item->len);
+    if (ret < 0) {
+        SECU_PrintError("symkeyutil", "PR_Write failed");
+        return -1;
+    }
+    PR_Close(fd);
+    return 0;
+}
+
+CK_KEY_TYPE
+GetKeyTypeFromString(const char *keyString)
+{
+    int i;
+    for (i = 0; i < keyArraySize; i++) {
+        if (PL_strcasecmp(keyString, keyArray[i].label) == 0) {
+            return keyArray[i].keyType;
+        }
+    }
+    return (CK_KEY_TYPE)-1;
+}
+
+CK_MECHANISM_TYPE
+GetKeyMechFromString(const char *keyString)
+{
+    int i;
+    for (i = 0; i < keyArraySize; i++) {
+        if (PL_strcasecmp(keyString, keyArray[i].label) == 0) {
+            return keyArray[i].mechType;
+        }
+    }
+    return (CK_MECHANISM_TYPE)-1;
+}
+
+const char *
+GetStringFromKeyType(CK_KEY_TYPE type)
+{
+    int i;
+    for (i = 0; i < keyArraySize; i++) {
+        if (keyArray[i].keyType == type) {
+            return keyArray[i].label;
+        }
+    }
+    return "unmatched";
+}
+
+CK_MECHANISM_TYPE
+GetWrapFromKeyType(CK_KEY_TYPE type)
+{
+    int i;
+    for (i = 0; i < keyArraySize; i++) {
+        if (keyArray[i].keyType == type) {
+            return keyArray[i].wrapMech;
+        }
+    }
+    return CKM_INVALID_MECHANISM;
+}
+
+CK_MECHANISM_TYPE
+GetWrapMechanism(PK11SymKey *symKey)
+{
+    CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
+
+    return GetWrapFromKeyType(type);
+}
+
+int
+GetDigit(char c)
+{
+    if (c == 0) {
+        return -1;
+    }
+    if (c <= '9' && c >= '0') {
+        return c - '0';
+    }
+    if (c <= 'f' && c >= 'a') {
+        return c - 'a' + 0xa;
+    }
+    if (c <= 'F' && c >= 'A') {
+        return c - 'A' + 0xa;
+    }
+    return -1;
+}
+
+char
+ToDigit(unsigned char c)
+{
+    c = c & 0xf;
+    if (c <= 9) {
+        return (char)(c + '0');
+    }
+    return (char)(c + 'a' - 0xa);
+}
+
+char *
+BufToHex(SECItem *outbuf)
+{
+    int len = outbuf->len * 2 + 1;
+    char *string, *ptr;
+    unsigned int i;
+
+    string = PORT_Alloc(len);
+
+    ptr = string;
+    for (i = 0; i < outbuf->len; i++) {
+        *ptr++ = ToDigit(outbuf->data[i] >> 4);
+        *ptr++ = ToDigit(outbuf->data[i] & 0xf);
+    }
+    *ptr = 0;
+    return string;
+}
+
+int
+HexToBuf(char *inString, SECItem *outbuf)
+{
+    int len = strlen(inString);
+    int outlen = len + 1 / 2;
+    int trueLen = 0;
+
+    outbuf->data = PORT_Alloc(outlen);
+    if (outbuf->data) {
+        return -1;
+    }
+
+    while (*inString) {
+        int digit1, digit2;
+        digit1 = GetDigit(*inString++);
+        digit2 = GetDigit(*inString++);
+        if ((digit1 == -1) || (digit2 == -1)) {
+            PORT_Free(outbuf->data);
+            outbuf->data = NULL;
+            return -1;
+        }
+        outbuf->data[trueLen++] = digit1 << 4 | digit2;
+    }
+    outbuf->len = trueLen;
+    return 0;
+}
+
+void
+printBuf(unsigned char *data, int len)
+{
+    int i;
+
+    for (i = 0; i < len; i++) {
+        printf("%02x", data[i]);
+    }
+}
+
+void
+PrintKey(PK11SymKey *symKey)
+{
+    char *name = PK11_GetSymKeyNickname(symKey);
+    int len = PK11_GetKeyLength(symKey);
+    int strength = PK11_GetKeyStrength(symKey, NULL);
+    SECItem *value = NULL;
+    CK_KEY_TYPE type = PK11_GetSymKeyType(symKey);
+    (void)PK11_ExtractKeyValue(symKey);
+
+    value = PK11_GetKeyData(symKey);
+
+    printf("%-20s %3d   %4d   %10s  ", name ? name : " ", len, strength,
+           GetStringFromKeyType(type));
+    if (value && value->data) {
+        printBuf(value->data, value->len);
+    } else {
+        printf("<restricted>");
+    }
+    printf("\n");
+}
+
+SECStatus
+ListKeys(PK11SlotInfo *slot, int *printLabel, void *pwd)
+{
+    PK11SymKey *keyList;
+    SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd);
+    if (rv != SECSuccess) {
+        return rv;
+        ;
+    }
+
+    keyList = PK11_ListFixedKeysInSlot(slot, NULL, pwd);
+    if (keyList) {
+        if (*printLabel) {
+            printf("     Name            Len Strength     Type    Data\n");
+            *printLabel = 0;
+        }
+        printf("%s:\n", PK11_GetTokenName(slot));
+    }
+    while (keyList) {
+        PK11SymKey *freeKey = keyList;
+        PrintKey(keyList);
+        keyList = PK11_GetNextSymKey(keyList);
+        PK11_FreeSymKey(freeKey);
+    }
+    return SECSuccess;
+}
+
+PK11SymKey *
+FindKey(PK11SlotInfo *slot, char *name, SECItem *id, void *pwd)
+{
+    PK11SymKey *key = NULL;
+    SECStatus rv = PK11_Authenticate(slot, PR_FALSE, pwd);
+
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    if (id->data) {
+        key = PK11_FindFixedKey(slot, CKM_INVALID_MECHANISM, id, pwd);
+    }
+    if (name && !key) {
+        key = PK11_ListFixedKeysInSlot(slot, name, pwd);
+    }
+
+    if (key) {
+        printf("Found a key\n");
+        PrintKey(key);
+    }
+    return key;
+}
+
+PRBool
+IsKeyList(PK11SymKey *symKey)
+{
+    return (PRBool)(PK11_GetNextSymKey(symKey) != NULL);
+}
+
+void
+FreeKeyList(PK11SymKey *symKey)
+{
+    PK11SymKey *next, *current;
+
+    for (current = symKey; current; current = next) {
+        next = PK11_GetNextSymKey(current);
+        PK11_FreeSymKey(current);
+    }
+    return;
+}
+
+static void
+Usage(char *progName)
+{
+#define FPS fprintf(stderr,
+    FPS "Type %s -H for more detailed descriptions\n", progName);
+    FPS "Usage:");
+    FPS "\t%s -L [std_opts] [-r]\n", progName);
+    FPS "\t%s -K [-n name] -t type [-s size] [-i id |-j id_file] [std_opts]\n", progName);
+    FPS "\t%s -D <[-n name | -i id | -j id_file> [std_opts]\n", progName);
+    FPS "\t%s -I [-n name] [-t type] [-i id | -j id_file] -k data_file [std_opts]\n", progName);
+    FPS "\t%s -E  <-nname | -i id | -j id_file> [-t type] -k data_file [-r] [std_opts]\n", progName);
+    FPS "\t%s -U [-n name] [-t type] [-i id | -j id_file] -k data_file <wrap_opts> [std_opts]\n", progName);
+    FPS "\t%s -W <-n name | -i id | -j id_file> [-t type] -k data_file [-r] <wrap_opts> [std_opts]\n", progName);
+    FPS "\t%s -M <-n name | -i id | -j id_file> -g target_token [std_opts]\n", progName);
+    FPS "\t\t std_opts -> [-d certdir] [-P dbprefix] [-p password] [-f passwordFile] [-h token]\n");
+    FPS "\t\t wrap_opts -> <-w wrap_name | -x wrap_id | -y id_file>\n");
+    exit(1);
+}
+
+static void
+LongUsage(char *progName)
+{
+    int i;
+    FPS "%-15s List all the keys.\n", "-L");
+    FPS "%-15s Generate a new key.\n", "-K");
+    FPS "%-20s Specify the nickname of the new key\n",
+    "   -n name");
+    FPS "%-20s Specify the id in hex of the new key\n",
+    "   -i key id");
+    FPS "%-20s Specify a file to read the id of the new key\n",
+    "   -j key id file");
+    FPS "%-20s Specify the keyType of the new key\n",
+    "   -t type");
+    FPS "%-20s", "  valid types: ");
+    for (i = 0; i < keyArraySize; i++) {
+        FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
+    }
+    FPS "%-20s Specify the size of the new key in bytes (required by some types)\n",
+    "   -s size");
+    FPS "%-15s Delete a key.\n", "-D");
+    FPS "%-20s Specify the nickname of the key to delete\n",
+    "   -n name");
+    FPS "%-20s Specify the id in hex of the key to delete\n",
+    "   -i key id");
+    FPS "%-20s Specify a file to read the id of the key to delete\n",
+    "   -j key id file");
+    FPS "%-15s Import a new key from a data file.\n", "-I");
+    FPS "%-20s Specify the data file to read the key from.\n",
+    "   -k key file");
+    FPS "%-20s Specify the nickname of the new key\n",
+    "   -n name");
+    FPS "%-20s Specify the id in hex of the new key\n",
+    "   -i key id");
+    FPS "%-20s Specify a file to read the id of the new key\n",
+    "   -j key id file");
+    FPS "%-20s Specify the keyType of the new key\n",
+    "   -t type");
+    FPS "%-20s", "  valid types: ");
+    for (i = 0; i < keyArraySize; i++) {
+        FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
+    }
+    FPS "%-15s Export a key to a data file.\n", "-E");
+    FPS "%-20s Specify the data file to write the key to.\n",
+    "   -k key file");
+    FPS "%-20s Specify the nickname of the key to export\n",
+    "   -n name");
+    FPS "%-20s Specify the id in hex of the key to export\n",
+    "   -i key id");
+    FPS "%-20s Specify a file to read the id of the key to export\n",
+    "   -j key id file");
+    FPS "%-15s Move a key to a new token.\n", "-M");
+    FPS "%-20s Specify the nickname of the key to move\n",
+    "   -n name");
+    FPS "%-20s Specify the id in hex of the key to move\n",
+    "   -i key id");
+    FPS "%-20s Specify a file to read the id of the key to move\n",
+    "   -j key id file");
+    FPS "%-20s Specify the token to move the key to\n",
+    "   -g target token");
+    FPS "%-15s Unwrap a new key from a data file.\n", "-U");
+    FPS "%-20s Specify the data file to read the encrypted key from.\n",
+    "   -k key file");
+    FPS "%-20s Specify the nickname of the new key\n",
+    "   -n name");
+    FPS "%-20s Specify the id in hex of the new key\n",
+    "   -i key id");
+    FPS "%-20s Specify a file to read the id of the new key\n",
+    "   -j key id file");
+    FPS "%-20s Specify the keyType of the new key\n",
+    "   -t type");
+    FPS "%-20s", "  valid types: ");
+    for (i = 0; i < keyArraySize; i++) {
+        FPS "%s%c", keyArray[i].label, i == keyArraySize-1? '\n':',');
+    }
+    FPS "%-20s Specify the nickname of the wrapping key\n",
+    "   -w wrap name");
+    FPS "%-20s Specify the id in hex of the wrapping key\n",
+    "   -x wrap key id");
+    FPS "%-20s Specify a file to read the id of the wrapping key\n",
+    "   -y wrap key id file");
+    FPS "%-15s Wrap a new key to a data file. [not yet implemented]\n", "-W");
+    FPS "%-20s Specify the data file to write the encrypted key to.\n",
+    "   -k key file");
+    FPS "%-20s Specify the nickname of the key to wrap\n",
+    "   -n name");
+    FPS "%-20s Specify the id in hex of the key to wrap\n",
+    "   -i key id");
+    FPS "%-20s Specify a file to read the id of the key to wrap\n",
+    "   -j key id file");
+    FPS "%-20s Specify the nickname of the wrapping key\n",
+    "   -w wrap name");
+    FPS "%-20s Specify the id in hex of the wrapping key\n",
+    "   -x wrap key id");
+    FPS "%-20s Specify a file to read the id of the wrapping key\n",
+    "   -y wrap key id file");
+    FPS "%-15s Options valid for all commands\n", "std_opts");
+    FPS "%-20s The directory where the NSS db's reside\n",
+    "   -d certdir");
+    FPS "%-20s Prefix for the NSS db's\n",
+    "   -P db prefix");
+    FPS "%-20s Specify password on the command line\n",
+    "   -p password");
+    FPS "%-20s Specify password file on the command line\n",
+    "   -f password file");
+    FPS "%-20s Specify token to act on\n",
+    "   -h token");
+    exit(1);
+#undef FPS
+}
+
+/*  Certutil commands  */
+enum {
+    cmd_CreateNewKey = 0,
+    cmd_DeleteKey,
+    cmd_ImportKey,
+    cmd_ExportKey,
+    cmd_WrapKey,
+    cmd_UnwrapKey,
+    cmd_MoveKey,
+    cmd_ListKeys,
+    cmd_PrintHelp
+};
+
+/*  Certutil options */
+enum {
+    opt_CertDir = 0,
+    opt_PasswordFile,
+    opt_TargetToken,
+    opt_TokenName,
+    opt_KeyID,
+    opt_KeyIDFile,
+    opt_KeyType,
+    opt_Nickname,
+    opt_KeyFile,
+    opt_Password,
+    opt_dbPrefix,
+    opt_RW,
+    opt_KeySize,
+    opt_WrapKeyName,
+    opt_WrapKeyID,
+    opt_WrapKeyIDFile,
+    opt_NoiseFile
+};
+
+static secuCommandFlag symKeyUtil_commands[] =
+    {
+      { /* cmd_CreateNewKey        */ 'K', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_DeleteKey           */ 'D', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_ImportKey           */ 'I', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_ExportKey           */ 'E', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_WrapKey             */ 'W', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_UnwrapKey           */ 'U', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_MoveKey             */ 'M', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_ListKeys            */ 'L', PR_FALSE, 0, PR_FALSE },
+      { /* cmd_PrintHelp           */ 'H', PR_FALSE, 0, PR_FALSE },
+    };
+
+static secuCommandFlag symKeyUtil_options[] =
+    {
+      { /* opt_CertDir             */ 'd', PR_TRUE, 0, PR_FALSE },
+      { /* opt_PasswordFile        */ 'f', PR_TRUE, 0, PR_FALSE },
+      { /* opt_TargetToken         */ 'g', PR_TRUE, 0, PR_FALSE },
+      { /* opt_TokenName           */ 'h', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeyID               */ 'i', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeyIDFile           */ 'j', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeyType             */ 't', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Nickname            */ 'n', PR_TRUE, 0, PR_FALSE },
+      { /* opt_KeyFile             */ 'k', PR_TRUE, 0, PR_FALSE },
+      { /* opt_Password            */ 'p', PR_TRUE, 0, PR_FALSE },
+      { /* opt_dbPrefix            */ 'P', PR_TRUE, 0, PR_FALSE },
+      { /* opt_RW                  */ 'r', PR_FALSE, 0, PR_FALSE },
+      { /* opt_KeySize             */ 's', PR_TRUE, 0, PR_FALSE },
+      { /* opt_WrapKeyName         */ 'w', PR_TRUE, 0, PR_FALSE },
+      { /* opt_WrapKeyID           */ 'x', PR_TRUE, 0, PR_FALSE },
+      { /* opt_WrapKeyIDFile       */ 'y', PR_TRUE, 0, PR_FALSE },
+      { /* opt_NoiseFile           */ 'z', PR_TRUE, 0, PR_FALSE },
+    };
+
+int
+main(int argc, char **argv)
+{
+    PK11SlotInfo *slot = NULL;
+    char *slotname = "internal";
+    char *certPrefix = "";
+    CK_MECHANISM_TYPE keyType = CKM_SHA_1_HMAC;
+    int keySize = 0;
+    char *name = NULL;
+    char *wrapName = NULL;
+    secuPWData pwdata = { PW_NONE, 0 };
+    PRBool readOnly = PR_FALSE;
+    SECItem key;
+    SECItem keyID;
+    SECItem wrapKeyID;
+    int commandsEntered = 0;
+    int commandToRun = 0;
+    char *progName;
+    int i;
+    SECStatus rv = SECFailure;
+
+    secuCommand symKeyUtil;
+    symKeyUtil.numCommands = sizeof(symKeyUtil_commands) / sizeof(secuCommandFlag);
+    symKeyUtil.numOptions = sizeof(symKeyUtil_options) / sizeof(secuCommandFlag);
+    symKeyUtil.commands = symKeyUtil_commands;
+    symKeyUtil.options = symKeyUtil_options;
+
+    key.data = NULL;
+    key.len = 0;
+    keyID.data = NULL;
+    keyID.len = 0;
+    wrapKeyID.data = NULL;
+    wrapKeyID.len = 0;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName + 1 : argv[0];
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &symKeyUtil);
+
+    if (rv != SECSuccess)
+        Usage(progName);
+
+    rv = SECFailure;
+
+    /* -H print help */
+    if (symKeyUtil.commands[cmd_PrintHelp].activated)
+        LongUsage(progName);
+
+    /* -f password file, -p password */
+    if (symKeyUtil.options[opt_PasswordFile].arg) {
+        pwdata.source = PW_FROMFILE;
+        pwdata.data = symKeyUtil.options[opt_PasswordFile].arg;
+    } else if (symKeyUtil.options[opt_Password].arg) {
+        pwdata.source = PW_PLAINTEXT;
+        pwdata.data = symKeyUtil.options[opt_Password].arg;
+    }
+
+    /* -d directory */
+    if (symKeyUtil.options[opt_CertDir].activated)
+        SECU_ConfigDirectory(symKeyUtil.options[opt_CertDir].arg);
+
+    /* -s key size */
+    if (symKeyUtil.options[opt_KeySize].activated) {
+        keySize = PORT_Atoi(symKeyUtil.options[opt_KeySize].arg);
+    }
+
+    /*  -h specify token name  */
+    if (symKeyUtil.options[opt_TokenName].activated) {
+        if (PL_strcmp(symKeyUtil.options[opt_TokenName].arg, "all") == 0)
+            slotname = NULL;
+        else
+            slotname = PL_strdup(symKeyUtil.options[opt_TokenName].arg);
+    }
+
+    /* -t key type */
+    if (symKeyUtil.options[opt_KeyType].activated) {
+        keyType = GetKeyMechFromString(symKeyUtil.options[opt_KeyType].arg);
+        if (keyType == (CK_MECHANISM_TYPE)-1) {
+            PR_fprintf(PR_STDERR,
+                       "%s unknown key type (%s).\n",
+                       progName, symKeyUtil.options[opt_KeyType].arg);
+            return 255;
+        }
+    }
+
+    /* -k for import and unwrap, it specifies an input file to read from,
+     * for export and wrap it specifies an output file to write to */
+    if (symKeyUtil.options[opt_KeyFile].activated) {
+        if (symKeyUtil.commands[cmd_ImportKey].activated ||
+            symKeyUtil.commands[cmd_UnwrapKey].activated) {
+            int ret = ReadBuf(symKeyUtil.options[opt_KeyFile].arg, &key);
+            if (ret < 0) {
+                PR_fprintf(PR_STDERR,
+                           "%s Couldn't read key file (%s).\n",
+                           progName, symKeyUtil.options[opt_KeyFile].arg);
+                return 255;
+            }
+        }
+    }
+
+    /* -i specify the key ID */
+    if (symKeyUtil.options[opt_KeyID].activated) {
+        int ret = HexToBuf(symKeyUtil.options[opt_KeyID].arg, &keyID);
+        if (ret < 0) {
+            PR_fprintf(PR_STDERR,
+                       "%s invalid key ID (%s).\n",
+                       progName, symKeyUtil.options[opt_KeyID].arg);
+            return 255;
+        }
+    }
+
+    /* -i & -j are mutually exclusive */
+    if ((symKeyUtil.options[opt_KeyID].activated) &&
+        (symKeyUtil.options[opt_KeyIDFile].activated)) {
+        PR_fprintf(PR_STDERR,
+                   "%s -i and -j options are mutually exclusive.\n", progName);
+        return 255;
+    }
+
+    /* -x specify the Wrap key ID */
+    if (symKeyUtil.options[opt_WrapKeyID].activated) {
+        int ret = HexToBuf(symKeyUtil.options[opt_WrapKeyID].arg, &wrapKeyID);
+        if (ret < 0) {
+            PR_fprintf(PR_STDERR,
+                       "%s invalid key ID (%s).\n",
+                       progName, symKeyUtil.options[opt_WrapKeyID].arg);
+            return 255;
+        }
+    }
+
+    /* -x & -y are mutually exclusive */
+    if ((symKeyUtil.options[opt_KeyID].activated) &&
+        (symKeyUtil.options[opt_KeyIDFile].activated)) {
+        PR_fprintf(PR_STDERR,
+                   "%s -i and -j options are mutually exclusive.\n", progName);
+        return 255;
+    }
+
+    /* -y specify the key ID */
+    if (symKeyUtil.options[opt_WrapKeyIDFile].activated) {
+        int ret = ReadBuf(symKeyUtil.options[opt_WrapKeyIDFile].arg,
+                          &wrapKeyID);
+        if (ret < 0) {
+            PR_fprintf(PR_STDERR,
+                       "%s Couldn't read key ID file (%s).\n",
+                       progName, symKeyUtil.options[opt_WrapKeyIDFile].arg);
+            return 255;
+        }
+    }
+
+    /*  -P certdb name prefix */
+    if (symKeyUtil.options[opt_dbPrefix].activated)
+        certPrefix = symKeyUtil.options[opt_dbPrefix].arg;
+
+    /*  Check number of commands entered.  */
+    commandsEntered = 0;
+    for (i = 0; i < symKeyUtil.numCommands; i++) {
+        if (symKeyUtil.commands[i].activated) {
+            commandToRun = symKeyUtil.commands[i].flag;
+            commandsEntered++;
+        }
+        if (commandsEntered > 1)
+            break;
+    }
+    if (commandsEntered > 1) {
+        PR_fprintf(PR_STDERR, "%s: only one command at a time!\n", progName);
+        PR_fprintf(PR_STDERR, "You entered: ");
+        for (i = 0; i < symKeyUtil.numCommands; i++) {
+            if (symKeyUtil.commands[i].activated)
+                PR_fprintf(PR_STDERR, " -%c", symKeyUtil.commands[i].flag);
+        }
+        PR_fprintf(PR_STDERR, "\n");
+        return 255;
+    }
+    if (commandsEntered == 0) {
+        PR_fprintf(PR_STDERR, "%s: you must enter a command!\n", progName);
+        Usage(progName);
+    }
+
+    if (symKeyUtil.commands[cmd_ListKeys].activated ||
+        symKeyUtil.commands[cmd_PrintHelp].activated ||
+        symKeyUtil.commands[cmd_ExportKey].activated ||
+        symKeyUtil.commands[cmd_WrapKey].activated) {
+        readOnly = !symKeyUtil.options[opt_RW].activated;
+    }
+
+    if ((symKeyUtil.commands[cmd_ImportKey].activated ||
+         symKeyUtil.commands[cmd_ExportKey].activated ||
+         symKeyUtil.commands[cmd_WrapKey].activated ||
+         symKeyUtil.commands[cmd_UnwrapKey].activated) &&
+        !symKeyUtil.options[opt_KeyFile].activated) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: keyfile is required for this command (-k).\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  -E, -D, -W, and all require -n, -i, or -j to identify the key  */
+    if ((symKeyUtil.commands[cmd_ExportKey].activated ||
+         symKeyUtil.commands[cmd_DeleteKey].activated ||
+         symKeyUtil.commands[cmd_WrapKey].activated) &&
+        !(symKeyUtil.options[opt_Nickname].activated ||
+          symKeyUtil.options[opt_KeyID].activated ||
+          symKeyUtil.options[opt_KeyIDFile].activated)) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: nickname or id is required for this command (-n, -i, -j).\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  -W, -U, and all  -w, -x, or -y to identify the wrapping key  */
+    if ((symKeyUtil.commands[cmd_WrapKey].activated ||
+         symKeyUtil.commands[cmd_UnwrapKey].activated) &&
+        !(symKeyUtil.options[opt_WrapKeyName].activated ||
+          symKeyUtil.options[opt_WrapKeyID].activated ||
+          symKeyUtil.options[opt_WrapKeyIDFile].activated)) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: wrap key is required for this command (-w, -x, or -y).\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /* -M needs the target slot  (-g) */
+    if (symKeyUtil.commands[cmd_MoveKey].activated &&
+        !symKeyUtil.options[opt_TargetToken].activated) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: target token is required for this command (-g).\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    /*  Using slotname == NULL for listing keys and certs on all slots,
+     *  but only that. */
+    if (!(symKeyUtil.commands[cmd_ListKeys].activated) && slotname == NULL) {
+        PR_fprintf(PR_STDERR,
+                   "%s -%c: cannot use \"-h all\" for this command.\n",
+                   progName, commandToRun);
+        return 255;
+    }
+
+    name = SECU_GetOptionArg(&symKeyUtil, opt_Nickname);
+    wrapName = SECU_GetOptionArg(&symKeyUtil, opt_WrapKeyName);
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /*  Initialize NSPR and NSS.  */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+    rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix,
+                        "secmod.db", readOnly ? NSS_INIT_READONLY : 0);
+    if (rv != SECSuccess) {
+        SECU_PrintPRandOSError(progName);
+        goto shutdown;
+    }
+    rv = SECFailure;
+
+    if (PL_strcmp(slotname, "internal") == 0)
+        slot = PK11_GetInternalKeySlot();
+    else if (slotname != NULL)
+        slot = PK11_FindSlotByName(slotname);
+
+    /* generating a new key */
+    if (symKeyUtil.commands[cmd_CreateNewKey].activated) {
+        PK11SymKey *symKey;
+
+        symKey = PK11_TokenKeyGen(slot, keyType, NULL, keySize,
+                                  NULL, PR_TRUE, &pwdata);
+        if (!symKey) {
+            PR_fprintf(PR_STDERR, "%s: Token Key Gen Failed\n", progName);
+            goto shutdown;
+        }
+        if (symKeyUtil.options[opt_Nickname].activated) {
+            rv = PK11_SetSymKeyNickname(symKey, name);
+            if (rv != SECSuccess) {
+                PK11_DeleteTokenSymKey(symKey);
+                PK11_FreeSymKey(symKey);
+                PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
+                           progName);
+                goto shutdown;
+            }
+        }
+        rv = SECSuccess;
+        PrintKey(symKey);
+        PK11_FreeSymKey(symKey);
+    }
+    if (symKeyUtil.commands[cmd_DeleteKey].activated) {
+        PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
+
+        if (!symKey) {
+            char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
+            PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+                       progName, keyName, PK11_GetTokenName(slot));
+            PORT_Free(keyName);
+            goto shutdown;
+        }
+
+        rv = PK11_DeleteTokenSymKey(symKey);
+        FreeKeyList(symKey);
+        if (rv != SECSuccess) {
+            PR_fprintf(PR_STDERR, "%s: Couldn't Delete Key \n", progName);
+            goto shutdown;
+        }
+    }
+    if (symKeyUtil.commands[cmd_UnwrapKey].activated) {
+        PK11SymKey *wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata);
+        PK11SymKey *symKey;
+        CK_MECHANISM_TYPE mechanism;
+
+        if (!wrapKey) {
+            char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+                                           : PORT_Strdup(wrapName);
+            PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+                       progName, keyName, PK11_GetTokenName(slot));
+            PORT_Free(keyName);
+            goto shutdown;
+        }
+        mechanism = GetWrapMechanism(wrapKey);
+        if (mechanism == CKM_INVALID_MECHANISM) {
+            char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+                                           : PORT_Strdup(wrapName);
+            PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
+                       progName, keyName, PK11_GetTokenName(slot));
+            PORT_Free(keyName);
+            PK11_FreeSymKey(wrapKey);
+            goto shutdown;
+        }
+
+        symKey = PK11_UnwrapSymKeyWithFlagsPerm(wrapKey, mechanism, NULL,
+                                                &key, keyType, CKA_ENCRYPT, keySize, 0, PR_TRUE);
+        PK11_FreeSymKey(wrapKey);
+        if (!symKey) {
+            PR_fprintf(PR_STDERR, "%s: Unwrap Key Failed\n", progName);
+            goto shutdown;
+        }
+
+        if (symKeyUtil.options[opt_Nickname].activated) {
+            rv = PK11_SetSymKeyNickname(symKey, name);
+            if (rv != SECSuccess) {
+                PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n",
+                           progName);
+                PK11_DeleteTokenSymKey(symKey);
+                PK11_FreeSymKey(symKey);
+                goto shutdown;
+            }
+        }
+        rv = SECSuccess;
+        PrintKey(symKey);
+        PK11_FreeSymKey(symKey);
+    }
+
+#define MAX_KEY_SIZE 4098
+    if (symKeyUtil.commands[cmd_WrapKey].activated) {
+        PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
+        PK11SymKey *wrapKey;
+        CK_MECHANISM_TYPE mechanism;
+        SECItem data;
+        unsigned char buf[MAX_KEY_SIZE];
+        int ret;
+
+        if (!symKey) {
+            char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
+            PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+                       progName, keyName, PK11_GetTokenName(slot));
+            PORT_Free(keyName);
+            goto shutdown;
+        }
+
+        wrapKey = FindKey(slot, wrapName, &wrapKeyID, &pwdata);
+        if (!wrapKey) {
+            char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+                                           : PORT_Strdup(wrapName);
+            PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+                       progName, keyName, PK11_GetTokenName(slot));
+            PORT_Free(keyName);
+            PK11_FreeSymKey(symKey);
+            goto shutdown;
+        }
+
+        mechanism = GetWrapMechanism(wrapKey);
+        if (mechanism == CKM_INVALID_MECHANISM) {
+            char *keyName = wrapKeyID.data ? BufToHex(&wrapKeyID)
+                                           : PORT_Strdup(wrapName);
+            PR_fprintf(PR_STDERR, "%s: %s on %s is an invalid wrapping key\n",
+                       progName, keyName, PK11_GetTokenName(slot));
+            PORT_Free(keyName);
+            PK11_FreeSymKey(symKey);
+            PK11_FreeSymKey(wrapKey);
+            goto shutdown;
+        }
+
+        data.data = buf;
+        data.len = sizeof(buf);
+        rv = PK11_WrapSymKey(mechanism, NULL, wrapKey, symKey, &data);
+        PK11_FreeSymKey(symKey);
+        PK11_FreeSymKey(wrapKey);
+        if (rv != SECSuccess) {
+            PR_fprintf(PR_STDERR, "%s: Couldn't wrap key\n", progName);
+            goto shutdown;
+        }
+
+        /* WriteBuf outputs it's own error using SECU_PrintError */
+        ret = WriteBuf(symKeyUtil.options[opt_KeyFile].arg, &data);
+        if (ret < 0) {
+            goto shutdown;
+        }
+    }
+
+    if (symKeyUtil.commands[cmd_ImportKey].activated) {
+        PK11SymKey *symKey = PK11_ImportSymKey(slot, keyType,
+                                               PK11_OriginUnwrap, CKA_ENCRYPT, &key, &pwdata);
+        if (!symKey) {
+            PR_fprintf(PR_STDERR, "%s: Import Key Failed\n", progName);
+            goto shutdown;
+        }
+        if (symKeyUtil.options[opt_Nickname].activated) {
+            rv = PK11_SetSymKeyNickname(symKey, name);
+            if (rv != SECSuccess) {
+                PR_fprintf(PR_STDERR, "%s: Couldn't set name on key\n",
+                           progName);
+                PK11_DeleteTokenSymKey(symKey);
+                PK11_FreeSymKey(symKey);
+                goto shutdown;
+            }
+        }
+        rv = SECSuccess;
+        PrintKey(symKey);
+        PK11_FreeSymKey(symKey);
+    }
+
+    /*  List certs (-L)  */
+    if (symKeyUtil.commands[cmd_ListKeys].activated) {
+        int printLabel = 1;
+        if (slot) {
+            rv = ListKeys(slot, &printLabel, &pwdata);
+        } else {
+            /* loop over all the slots */
+            PK11SlotList *slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
+                                                       PR_FALSE, PR_FALSE, &pwdata);
+            if (slotList == NULL) {
+                PR_fprintf(PR_STDERR, "%s: No tokens found\n", progName);
+            } else {
+                PK11SlotListElement *se;
+                for (se = PK11_GetFirstSafe(slotList); se;
+                     se = PK11_GetNextSafe(slotList, se, PR_FALSE)) {
+                    rv = ListKeys(se->slot, &printLabel, &pwdata);
+                    if (rv != SECSuccess) {
+                        break;
+                    }
+                }
+                if (se) {
+                    PORT_CheckSuccess(PK11_FreeSlotListElement(slotList, se));
+                }
+                PK11_FreeSlotList(slotList);
+            }
+        }
+    }
+
+    /*  Move key (-M)  */
+    if (symKeyUtil.commands[cmd_MoveKey].activated) {
+        PK11SlotInfo *target;
+        char *targetName = symKeyUtil.options[opt_TargetToken].arg;
+        PK11SymKey *newKey;
+        PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
+        char *keyName = PK11_GetSymKeyNickname(symKey);
+
+        if (!symKey) {
+            char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
+            PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
+                       progName, keyName, PK11_GetTokenName(slot));
+            PORT_Free(keyName);
+            goto shutdown;
+        }
+        target = PK11_FindSlotByName(targetName);
+        if (!target) {
+            PR_fprintf(PR_STDERR, "%s: Couldn't find slot %s\n",
+                       progName, targetName);
+            goto shutdown;
+        }
+        rv = PK11_Authenticate(target, PR_FALSE, &pwdata);
+        if (rv != SECSuccess) {
+            PR_fprintf(PR_STDERR, "%s: Failed to log into %s\n",
+                       progName, targetName);
+            goto shutdown;
+        }
+        rv = SECFailure;
+        newKey = PK11_MoveSymKey(target, CKA_ENCRYPT, 0, PR_TRUE, symKey);
+        if (!newKey) {
+            PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n", progName);
+            goto shutdown;
+        }
+        if (keyName) {
+            rv = PK11_SetSymKeyNickname(newKey, keyName);
+            if (rv != SECSuccess) {
+                PK11_DeleteTokenSymKey(newKey);
+                PK11_FreeSymKey(newKey);
+                PR_fprintf(PR_STDERR, "%s: Couldn't set nickname on key\n",
+                           progName);
+                goto shutdown;
+            }
+        }
+        PK11_FreeSymKey(newKey);
+        rv = SECSuccess;
+    }
+
+shutdown:
+    if (rv != SECSuccess) {
+        PR_fprintf(PR_STDERR, "%s: %s\n", progName,
+                   SECU_Strerror(PORT_GetError()));
+    }
+
+    if (key.data) {
+        PORT_Free(key.data);
+    }
+
+    if (keyID.data) {
+        PORT_Free(keyID.data);
+    }
+
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+    if (rv == SECSuccess) {
+        return 0;
+    } else {
+        return 255;
+    }
+}
diff --git a/nss/cmd/symkeyutil/symkeyutil.gyp b/nss/cmd/symkeyutil/symkeyutil.gyp
new file mode 100644
index 0000000..c39be29
--- /dev/null
+++ b/nss/cmd/symkeyutil/symkeyutil.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'symkeyutil',
+      'type': 'executable',
+      'sources': [
+        'symkeyutil.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSPR20'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/test/Makefile b/nss/cmd/test/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/test/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/test/client_db b/nss/cmd/test/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/test/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/test/main.c b/nss/cmd/test/main.c
new file mode 100644
index 0000000..9a46e78
--- /dev/null
+++ b/nss/cmd/test/main.c
@@ -0,0 +1,179 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "tlsproofstr.h"
+
+#include "hasht.h"
+#include "alghmac.h"
+#include "sechash.h"
+#include <pk11func.h>
+
+#define SHA_256_LENGTH 32
+
+/*Error handler*/
+void error(const char *msg)
+{
+    PRErrorCode perr = PR_GetError();
+    const char *errString = PORT_ErrorToString(perr);
+
+    printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+    exit(1);
+}
+
+#define SHA512_BLOCK_LENGTH 128
+#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
+#define HMAC_PAD_SIZE HASH_BLOCK_LENGTH_MAX
+
+struct HMACContextStr {
+    void *hash;
+    const SECHashObject *hashobj;
+    PRBool wasAllocated;
+    unsigned char ipad[HMAC_PAD_SIZE];
+    unsigned char opad[HMAC_PAD_SIZE];
+};
+
+
+SECStatus
+my_HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
+          const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+{
+    unsigned int i;
+    unsigned char hashed_secret[HASH_LENGTH_MAX];
+
+    /* required by FIPS 198 Section 3 */
+    if (isFIPS && secret_len < hash_obj->length / 2) {
+        return SECFailure;
+    }
+    if (cx == NULL) {
+        return SECFailure;
+    }
+    cx->wasAllocated = PR_FALSE;
+    cx->hashobj = hash_obj;
+    cx->hash = cx->hashobj->create();
+    if (cx->hash == NULL)
+        goto loser;
+
+    if (secret_len > cx->hashobj->blocklength) {
+        cx->hashobj->begin(cx->hash);
+        cx->hashobj->update(cx->hash, secret, secret_len);
+        PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
+        cx->hashobj->end(cx->hash, hashed_secret, &secret_len,
+                         sizeof hashed_secret);
+        if (secret_len != cx->hashobj->length) {
+            goto loser;
+        }
+        secret = (const unsigned char *)&hashed_secret[0];
+    }
+
+    PORT_Memset(cx->ipad, 0x36, cx->hashobj->blocklength);
+    PORT_Memset(cx->opad, 0x5c, cx->hashobj->blocklength);
+
+    /* fold secret into padding */
+    for (i = 0; i < secret_len; i++) {
+        cx->ipad[i] ^= secret[i];
+        cx->opad[i] ^= secret[i];
+    }
+    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
+    return SECSuccess;
+
+loser:
+    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
+    if (cx->hash != NULL)
+        cx->hashobj->destroy(cx->hash, PR_TRUE);
+    return SECFailure;
+}
+
+
+HMACContext *
+my_HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
+            unsigned int secret_len, PRBool isFIPS)
+{
+    SECStatus rv;
+    HMACContext *cx = PORT_ZNew(HMACContext);
+    if (cx == NULL)
+        return NULL;
+    rv = my_HMAC_Init(cx, hash_obj, secret, secret_len, isFIPS);
+    cx->wasAllocated = PR_TRUE;
+    if (rv != SECSuccess) {
+        PORT_Free(cx); /* contains no secret info */
+        cx = NULL;
+    }
+    return cx;
+}
+
+
+
+int main(int argc, char *argv[])
+{
+	PRUint8 key_block[32];
+	PRUint32 len = sizeof(key_block);
+	char* prk = "01234567890abcdef01234567890abcdef";
+	char* prk2 = "11234567890abcdef01234567890abcdef";
+	PRUint32 prkLen =  32;
+	PRUint32 hashLen =  32;
+	char* message = "Huhu";
+	int i;
+
+    //Init
+    SECStatus rv = NSS_Init("../client_db");
+    if(rv != SECSuccess) error("NSS_Init");
+
+				printf("%i\n",HASH_GetHashObject(4)->length);
+		
+
+                HMACContext *hmac = PORT_ZNew(HMACContext);
+				
+				hmac->wasAllocated = PR_FALSE;
+                HMAC_Init(hmac, HASH_GetHashObject(4), (PRUint8 *) prk, prkLen, 0);
+                HMAC_Begin(hmac);
+                HMAC_Update(hmac, (PRUint8 *) message, strlen(message));
+                HMAC_Finish(hmac, key_block, &len, hashLen);
+
+        char hexbuf[2 *len+1];
+        for(i = 0; i < len; ++i){
+            snprintf(hexbuf + 2*i, sizeof(hexbuf), "%02x", key_block[i]);
+        }
+
+	printf("%s\n", hexbuf);
+
+				HMAC_Init(hmac, HASH_GetHashObject(4), (PRUint8 *) prk2, prkLen, 0);
+                HMAC_Begin(hmac);
+                HMAC_Update(hmac, (PRUint8 *) message, strlen(message));
+                HMAC_Finish(hmac, key_block, &len, hashLen);
+
+
+        for(i = 0; i < len; ++i){
+            snprintf(hexbuf + 2*i, sizeof(hexbuf), "%02x", key_block[i]);
+        }
+
+	printf("%s\n", hexbuf);
+
+				HMAC_Init(hmac, HASH_GetHashObject(4), (PRUint8 *) prk, prkLen, 0);
+                HMAC_Begin(hmac);
+                HMAC_Update(hmac, (PRUint8 *) message, strlen(message));
+                HMAC_Finish(hmac, key_block, &len, hashLen);
+
+
+        for(i = 0; i < len; ++i){
+            snprintf(hexbuf + 2*i, sizeof(hexbuf), "%02x", key_block[i]);
+        }
+
+	printf("%s\n", hexbuf);
+
+
+                HMAC_Destroy(hmac, PR_FALSE);
+				free(hmac);
+	printf("\nEND\n");
+	return 0;
+}
+
diff --git a/nss/cmd/test/manifest.mn b/nss/cmd/test/manifest.mn
new file mode 100644
index 0000000..69d165f
--- /dev/null
+++ b/nss/cmd/test/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\" -L../../../dist/Linux4.9_x86_64_cc_glibc_PTH_64_DBG.OBJ/lib  -lfreeblpriv3
+
+PROGRAM	= test 
+
diff --git a/nss/cmd/tests/Makefile b/nss/cmd/tests/Makefile
new file mode 100644
index 0000000..a263d41
--- /dev/null
+++ b/nss/cmd/tests/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
diff --git a/nss/cmd/tests/baddbdir.c b/nss/cmd/tests/baddbdir.c
new file mode 100644
index 0000000..b2bb2d6
--- /dev/null
+++ b/nss/cmd/tests/baddbdir.c
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "nss.h"
+#include "secerr.h"
+
+/*
+ * Regression test for bug 495097.
+ *
+ * NSS_InitReadWrite("sql:<dbdir>") should fail with SEC_ERROR_BAD_DATABASE
+ * if the directory <dbdir> doesn't exist.
+ */
+
+int
+main()
+{
+    SECStatus status;
+    int error;
+
+    status = NSS_InitReadWrite("sql:/no/such/db/dir");
+    if (status == SECSuccess) {
+        fprintf(stderr, "NSS_InitReadWrite succeeded unexpectedly\n");
+        exit(1);
+    }
+    error = PORT_GetError();
+    if (error != SEC_ERROR_BAD_DATABASE) {
+        fprintf(stderr, "NSS_InitReadWrite failed with the wrong error code: "
+                        "%d\n",
+                error);
+        exit(1);
+    }
+    printf("PASS\n");
+    return 0;
+}
diff --git a/nss/cmd/tests/conflict.c b/nss/cmd/tests/conflict.c
new file mode 100644
index 0000000..80a4ebb
--- /dev/null
+++ b/nss/cmd/tests/conflict.c
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This test verifies that NSS public headers don't conflict with common
+ * identifier names.
+ */
+
+#include "nssilckt.h"
+
+/*
+ * Bug 455424: nssilckt.h used to define the enumeration constant 'Lock',
+ * which conflicts with C++ code that defines a Lock class.  This is a
+ * reduced test case in C for that name conflict.
+ */
+typedef struct {
+    int dummy;
+} Lock;
+
+Lock lock;
+
+int
+main()
+{
+    return 0;
+}
diff --git a/nss/cmd/tests/dertimetest.c b/nss/cmd/tests/dertimetest.c
new file mode 100644
index 0000000..2deedbc
--- /dev/null
+++ b/nss/cmd/tests/dertimetest.c
@@ -0,0 +1,102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "secder.h"
+#include "secerr.h"
+
+int
+main()
+{
+    SECItem badTime;
+    PRTime prtime;
+    SECStatus rv;
+    int error;
+    PRBool failed = PR_FALSE;
+
+    /* A UTCTime string with an embedded null. */
+    badTime.type = siBuffer;
+    badTime.data = (unsigned char *)"091219000000Z\0junkjunkjunkjunkjunkjunk";
+    badTime.len = 38;
+    rv = DER_UTCTimeToTime(&prtime, &badTime);
+    if (rv == SECSuccess) {
+        fprintf(stderr, "DER_UTCTimeToTime should have failed but "
+                        "succeeded\n");
+        failed = PR_TRUE;
+    } else {
+        error = PORT_GetError();
+        if (error != SEC_ERROR_INVALID_TIME) {
+            fprintf(stderr, "DER_UTCTimeToTime failed with error %d, "
+                            "expected error %d\n",
+                    error, SEC_ERROR_INVALID_TIME);
+            failed = PR_TRUE;
+        }
+    }
+
+    /* A UTCTime string with junk after a valid date/time. */
+    badTime.type = siBuffer;
+    badTime.data = (unsigned char *)"091219000000Zjunk";
+    badTime.len = 17;
+    rv = DER_UTCTimeToTime(&prtime, &badTime);
+    if (rv == SECSuccess) {
+        fprintf(stderr, "DER_UTCTimeToTime should have failed but "
+                        "succeeded\n");
+        failed = PR_TRUE;
+    } else {
+        error = PORT_GetError();
+        if (error != SEC_ERROR_INVALID_TIME) {
+            fprintf(stderr, "DER_UTCTimeToTime failed with error %d, "
+                            "expected error %d\n",
+                    error, SEC_ERROR_INVALID_TIME);
+            failed = PR_TRUE;
+        }
+    }
+
+    /* A GeneralizedTime string with an embedded null. */
+    badTime.type = siBuffer;
+    badTime.data = (unsigned char *)"20091219000000Z\0junkjunkjunkjunkjunkjunk";
+    badTime.len = 40;
+    rv = DER_GeneralizedTimeToTime(&prtime, &badTime);
+    if (rv == SECSuccess) {
+        fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but "
+                        "succeeded\n");
+        failed = PR_TRUE;
+    } else {
+        error = PORT_GetError();
+        if (error != SEC_ERROR_INVALID_TIME) {
+            fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, "
+                            "expected error %d\n",
+                    error, SEC_ERROR_INVALID_TIME);
+            failed = PR_TRUE;
+        }
+    }
+
+    /* A GeneralizedTime string with junk after a valid date/time. */
+    badTime.type = siBuffer;
+    badTime.data = (unsigned char *)"20091219000000Zjunk";
+    badTime.len = 19;
+    rv = DER_GeneralizedTimeToTime(&prtime, &badTime);
+    if (rv == SECSuccess) {
+        fprintf(stderr, "DER_GeneralizedTimeToTime should have failed but "
+                        "succeeded\n");
+        failed = PR_TRUE;
+    } else {
+        error = PORT_GetError();
+        if (error != SEC_ERROR_INVALID_TIME) {
+            fprintf(stderr, "DER_GeneralizedTimeToTime failed with error %d, "
+                            "expected error %d\n",
+                    error, SEC_ERROR_INVALID_TIME);
+            failed = PR_TRUE;
+        }
+    }
+
+    if (failed) {
+        fprintf(stderr, "FAIL\n");
+        return 1;
+    }
+    printf("PASS\n");
+    return 0;
+}
diff --git a/nss/cmd/tests/encodeinttest.c b/nss/cmd/tests/encodeinttest.c
new file mode 100644
index 0000000..f0062ea
--- /dev/null
+++ b/nss/cmd/tests/encodeinttest.c
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+
+#include "secasn1.h"
+
+struct TestCase {
+    long value;
+    unsigned char data[5];
+    unsigned int len;
+};
+
+static struct TestCase testCase[] = {
+/* XXX NSS doesn't generate the shortest encoding for negative values. */
+#if 0
+    { -128, { 0x80 }, 1 },
+    { -129, { 0xFF, 0x7F }, 2 },
+#endif
+
+    { 0, { 0x00 }, 1 },
+    { 127, { 0x7F }, 1 },
+    { 128, { 0x00, 0x80 }, 2 },
+    { 256, { 0x01, 0x00 }, 2 },
+    { 32768, { 0x00, 0x80, 0x00 }, 3 }
+};
+
+int
+main()
+{
+    PRBool failed = PR_FALSE;
+    unsigned int i;
+    unsigned int j;
+
+    for (i = 0; i < sizeof(testCase) / sizeof(testCase[0]); i++) {
+        SECItem encoded;
+        if (SEC_ASN1EncodeInteger(NULL, &encoded, testCase[i].value) == NULL) {
+            fprintf(stderr, "SEC_ASN1EncodeInteger failed\n");
+            failed = PR_TRUE;
+            continue;
+        }
+        if (encoded.len != testCase[i].len ||
+            memcmp(encoded.data, testCase[i].data, encoded.len) != 0) {
+            fprintf(stderr, "Encoding of %ld is incorrect:",
+                    testCase[i].value);
+            for (j = 0; j < encoded.len; j++) {
+                fprintf(stderr, " 0x%02X", (unsigned int)encoded.data[j]);
+            }
+            fputs("\n", stderr);
+            failed = PR_TRUE;
+        }
+        PORT_Free(encoded.data);
+    }
+
+    if (failed) {
+        fprintf(stderr, "FAIL\n");
+        return 1;
+    }
+    printf("PASS\n");
+    return 0;
+}
diff --git a/nss/cmd/tests/manifest.mn b/nss/cmd/tests/manifest.mn
new file mode 100644
index 0000000..88b8347
--- /dev/null
+++ b/nss/cmd/tests/manifest.mn
@@ -0,0 +1,29 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+CSRCS = \
+	baddbdir.c \
+	conflict.c \
+	dertimetest.c \
+	encodeinttest.c \
+	nonspr10.c \
+	remtest.c \
+	secmodtest.c \
+	$(NULL)
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm
+
+PROGRAMS = $(CSRCS:.c=)
+
+TARGETS = $(PROGRAMS)
+
+NO_MD_RELEASE = 1
diff --git a/nss/cmd/tests/nonspr10.c b/nss/cmd/tests/nonspr10.c
new file mode 100644
index 0000000..295484a
--- /dev/null
+++ b/nss/cmd/tests/nonspr10.c
@@ -0,0 +1,90 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This test verifies that NSS public headers can be compiled with no
+ * NSPR 1.0 support.
+ */
+
+#define NO_NSPR_10_SUPPORT 1
+
+#include "base64.h"
+#include "blapit.h"
+#include "cert.h"
+#include "certdb.h"
+#include "certt.h"
+#include "ciferfam.h"
+#include "cmmf.h"
+#include "cmmft.h"
+#include "cms.h"
+#include "cmsreclist.h"
+#include "cmst.h"
+#include "crmf.h"
+#include "crmft.h"
+#include "cryptohi.h"
+#include "cryptoht.h"
+#include "ecl-exp.h"
+#include "hasht.h"
+#include "key.h"
+#include "keyhi.h"
+#include "keyt.h"
+#include "keythi.h"
+#include "nss.h"
+#include "nssb64.h"
+#include "nssb64t.h"
+#include "nssbase.h"
+#include "nssbaset.h"
+#include "nssckbi.h"
+#include "nssilckt.h"
+#include "nssilock.h"
+#include "nsslocks.h"
+#include "nssrwlk.h"
+#include "nssrwlkt.h"
+#include "ocsp.h"
+#include "ocspt.h"
+#include "p12.h"
+#include "p12plcy.h"
+#include "p12t.h"
+#include "pk11func.h"
+#include "pk11pqg.h"
+#include "pk11priv.h"
+#include "pk11pub.h"
+#include "pk11sdr.h"
+#include "pkcs11.h"
+#include "pkcs11t.h"
+#include "pkcs12.h"
+#include "pkcs12t.h"
+#include "pkcs7t.h"
+#include "portreg.h"
+#include "preenc.h"
+#include "secasn1.h"
+#include "secasn1t.h"
+#include "seccomon.h"
+#include "secder.h"
+#include "secdert.h"
+#include "secdig.h"
+#include "secdigt.h"
+#include "secerr.h"
+#include "sechash.h"
+#include "secitem.h"
+#include "secmime.h"
+#include "secmod.h"
+#include "secmodt.h"
+#include "secoid.h"
+#include "secoidt.h"
+#include "secpkcs5.h"
+#include "secpkcs7.h"
+#include "secport.h"
+#include "shsign.h"
+#include "smime.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+#include "sslt.h"
+
+int
+main()
+{
+    return 0;
+}
diff --git a/nss/cmd/tests/remtest.c b/nss/cmd/tests/remtest.c
new file mode 100644
index 0000000..175ba92
--- /dev/null
+++ b/nss/cmd/tests/remtest.c
@@ -0,0 +1,136 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+**
+** Sample client side test program that uses SSL and NSS
+**
+*/
+
+#include "secutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#else
+#include "ctype.h" /* for isalpha() */
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+
+#include "nspr.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "plgetopt.h"
+
+void
+Usage(char *progName)
+{
+    fprintf(stderr, "usage: %s [-d profiledir] -t tokenName [-r]\n", progName);
+    exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+    char *certDir = NULL;
+    PLOptState *optstate;
+    PLOptStatus optstatus;
+    SECStatus rv;
+    char *tokenName = NULL;
+    PRBool cont = PR_TRUE;
+    PK11TokenEvent event = PK11TokenPresentEvent;
+    PK11TokenStatus status;
+    char *progName;
+    PK11SlotInfo *slot;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    optstate = PL_CreateOptState(argc, argv, "rd:t:");
+    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+
+            case 'd':
+                certDir = strdup(optstate->value);
+                certDir = SECU_ConfigDirectory(certDir);
+                break;
+            case 't':
+                tokenName = strdup(optstate->value);
+                break;
+            case 'r':
+                event = PK11TokenRemovedOrChangedEvent;
+                break;
+        }
+    }
+    if (optstatus == PL_OPT_BAD)
+        Usage(progName);
+
+    if (tokenName == NULL) {
+        Usage(progName);
+    }
+
+    if (!certDir) {
+        certDir = SECU_DefaultSSLDir();          /* Look in $SSL_DIR */
+        certDir = SECU_ConfigDirectory(certDir); /* call even if it's NULL */
+    }
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /* open the cert DB, the key DB, and the secmod DB. */
+    rv = NSS_Init(certDir);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "unable to open cert database");
+        return 1;
+    }
+
+    printf("Looking up tokenNamed: <%s>\n", tokenName);
+    slot = PK11_FindSlotByName(tokenName);
+    if (slot == NULL) {
+        SECU_PrintError(progName, "unable to find token");
+        return 1;
+    }
+
+    do {
+        status =
+            PK11_WaitForTokenEvent(slot, event, PR_INTERVAL_NO_TIMEOUT, 0, 0);
+
+        switch (status) {
+            case PK11TokenNotRemovable:
+                cont = PR_FALSE;
+                printf("%s Token Not Removable\n", tokenName);
+                break;
+            case PK11TokenChanged:
+                event = PK11TokenRemovedOrChangedEvent;
+                printf("%s Token Changed\n", tokenName);
+                break;
+            case PK11TokenRemoved:
+                event = PK11TokenPresentEvent;
+                printf("%s Token Removed\n", tokenName);
+                break;
+            case PK11TokenPresent:
+                event = PK11TokenRemovedOrChangedEvent;
+                printf("%s Token Present\n", tokenName);
+                break;
+        }
+    } while (cont);
+
+    PK11_FreeSlot(slot);
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+    PR_Cleanup();
+    return 0;
+}
diff --git a/nss/cmd/tests/secmodtest.c b/nss/cmd/tests/secmodtest.c
new file mode 100644
index 0000000..2896ccf
--- /dev/null
+++ b/nss/cmd/tests/secmodtest.c
@@ -0,0 +1,126 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Regression test for bug 588269
+ *
+ * SECMOD_CloseUserDB should properly close the user DB, and it should
+ * be possible to later re-add that same user DB as a new slot
+ */
+
+#include "secutil.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "nspr.h"
+#include "nss.h"
+#include "secerr.h"
+#include "pk11pub.h"
+#include "plgetopt.h"
+
+void
+Usage(char *progName)
+{
+    fprintf(stderr, "Usage: %s -d dbDir\n", progName);
+    exit(1);
+}
+
+SECStatus
+TestOpenCloseUserDB(char *progName, char *configDir, char *tokenName)
+{
+    char *modspec = NULL;
+    SECStatus rv = SECSuccess;
+    PK11SlotInfo *userDbSlot = NULL;
+
+    printf("Loading database <%s> - %s\n", configDir, tokenName);
+    modspec = PR_smprintf("configDir='%s' tokenDescription='%s'",
+                          configDir, tokenName);
+    if (!modspec) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    userDbSlot = SECMOD_OpenUserDB(modspec);
+    PR_smprintf_free(modspec);
+    if (!userDbSlot) {
+        SECU_PrintError(progName, "couldn't open database");
+        rv = SECFailure;
+        goto loser;
+    }
+
+    printf("Closing database\n");
+    rv = SECMOD_CloseUserDB(userDbSlot);
+
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "couldn't close database");
+    }
+
+    PK11_FreeSlot(userDbSlot);
+
+loser:
+    return rv;
+}
+
+int
+main(int argc, char **argv)
+{
+    PLOptState *optstate;
+    PLOptStatus optstatus;
+    SECStatus rv = SECFailure;
+    char *progName;
+    char *dbDir = NULL;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName) {
+        progName = strrchr(argv[0], '\\');
+    }
+    progName = progName ? progName + 1 : argv[0];
+
+    optstate = PL_CreateOptState(argc, argv, "d:");
+    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'd':
+                dbDir = strdup(optstate->value);
+                break;
+        }
+    }
+    if (optstatus == PL_OPT_BAD || dbDir == NULL) {
+        Usage(progName);
+    }
+
+    rv = NSS_NoDB_Init(NULL);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "unable to initialize NSS");
+        goto loser;
+    }
+
+    printf("Open and Close Test 1\n");
+    rv = TestOpenCloseUserDB(progName, dbDir, "Test Slot 1");
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    printf("Open and Close Test 2\n");
+    rv = TestOpenCloseUserDB(progName, dbDir, "Test Slot 2");
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+loser:
+    if (dbDir)
+        free(dbDir);
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+    PR_Cleanup();
+
+    if (rv != SECSuccess) {
+        exit(1);
+    }
+
+    return 0;
+}
diff --git a/nss/cmd/tests/tests.gyp b/nss/cmd/tests/tests.gyp
new file mode 100644
index 0000000..148bb25
--- /dev/null
+++ b/nss/cmd/tests/tests.gyp
@@ -0,0 +1,91 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'baddbdir',
+      'type': 'executable',
+      'sources': [
+        'baddbdir.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    {
+      'target_name': 'conflict',
+      'type': 'executable',
+      'sources': [
+        'conflict.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    {
+      'target_name': 'dertimetest',
+      'type': 'executable',
+      'sources': [
+        'dertimetest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    {
+      'target_name': 'encodeinttest',
+      'type': 'executable',
+      'sources': [
+        'encodeinttest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    {
+      'target_name': 'nonspr10',
+      'type': 'executable',
+      'sources': [
+        'nonspr10.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    {
+      'target_name': 'remtest',
+      'type': 'executable',
+      'sources': [
+        'remtest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    {
+      'target_name': 'secmodtest',
+      'type': 'executable',
+      'sources': [
+        'secmodtest.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/tstclnt/Makefile b/nss/cmd/tstclnt/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/tstclnt/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/tstclnt/manifest.mn b/nss/cmd/tstclnt/manifest.mn
new file mode 100644
index 0000000..5c1e4f6
--- /dev/null
+++ b/nss/cmd/tstclnt/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= tstclnt.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= tstclnt
+
diff --git a/nss/cmd/tstclnt/tstclnt.c b/nss/cmd/tstclnt/tstclnt.c
new file mode 100644
index 0000000..e7d171d
--- /dev/null
+++ b/nss/cmd/tstclnt/tstclnt.c
@@ -0,0 +1,1927 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+**
+** Sample client side test program that uses SSL and NSS
+**
+*/
+
+#include "secutil.h"
+#include "basicutil.h"
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#else
+#include <ctype.h> /* for isalpha() */
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+
+#include "nspr.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "nss.h"
+#include "ocsp.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "pk11func.h"
+#include "secmod.h"
+#include "plgetopt.h"
+#include "plstr.h"
+
+#if defined(WIN32)
+#include <fcntl.h>
+#include <io.h>
+#endif
+
+#define PRINTF   \
+    if (verbose) \
+    printf
+#define FPRINTF  \
+    if (verbose) \
+    fprintf
+
+#define MAX_WAIT_FOR_SERVER 600
+#define WAIT_INTERVAL 100
+
+#define EXIT_CODE_HANDSHAKE_FAILED 254
+
+#define EXIT_CODE_SIDECHANNELTEST_GOOD 0
+#define EXIT_CODE_SIDECHANNELTEST_BADCERT 1
+#define EXIT_CODE_SIDECHANNELTEST_NODATA 2
+#define EXIT_CODE_SIDECHANNELTEST_REVOKED 3
+
+PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT;
+
+int ssl3CipherSuites[] = {
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
+    0
+};
+
+unsigned long __cmp_umuls;
+PRBool verbose;
+int dumpServerChain = 0;
+int renegotiationsToDo = 0;
+int renegotiationsDone = 0;
+
+static char *progName;
+
+secuPWData pwdata = { PW_NONE, 0 };
+
+SSLNamedGroup *enabledGroups = NULL;
+unsigned int enabledGroupsCount = 0;
+
+void
+printSecurityInfo(PRFileDesc *fd)
+{
+    CERTCertificate *cert;
+    const SECItemArray *csa;
+    const SECItem *scts;
+    SSL3Statistics *ssl3stats = SSL_GetStatistics();
+    SECStatus result;
+    SSLChannelInfo channel;
+    SSLCipherSuiteInfo suite;
+
+    result = SSL_GetChannelInfo(fd, &channel, sizeof channel);
+    if (result == SECSuccess &&
+        channel.length == sizeof channel &&
+        channel.cipherSuite) {
+        result = SSL_GetCipherSuiteInfo(channel.cipherSuite,
+                                        &suite, sizeof suite);
+        if (result == SECSuccess) {
+            FPRINTF(stderr,
+                    "tstclnt: SSL version %d.%d using %d-bit %s with %d-bit %s MAC\n",
+                    channel.protocolVersion >> 8, channel.protocolVersion & 0xff,
+                    suite.effectiveKeyBits, suite.symCipherName,
+                    suite.macBits, suite.macAlgorithmName);
+            FPRINTF(stderr,
+                    "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n"
+                    "         Compression: %s, Extended Master Secret: %s\n",
+                    channel.authKeyBits, suite.authAlgorithmName,
+                    channel.keaKeyBits, suite.keaTypeName,
+                    channel.compressionMethodName,
+                    channel.extendedMasterSecretUsed ? "Yes" : "No");
+        }
+    }
+    cert = SSL_RevealCert(fd);
+    if (cert) {
+        char *ip = CERT_NameToAscii(&cert->issuer);
+        char *sp = CERT_NameToAscii(&cert->subject);
+        if (sp) {
+            fprintf(stderr, "subject DN: %s\n", sp);
+            PORT_Free(sp);
+        }
+        if (ip) {
+            fprintf(stderr, "issuer  DN: %s\n", ip);
+            PORT_Free(ip);
+        }
+        CERT_DestroyCertificate(cert);
+        cert = NULL;
+    }
+    fprintf(stderr,
+            "%ld cache hits; %ld cache misses, %ld cache not reusable\n"
+            "%ld stateless resumes\n",
+            ssl3stats->hsh_sid_cache_hits, ssl3stats->hsh_sid_cache_misses,
+            ssl3stats->hsh_sid_cache_not_ok, ssl3stats->hsh_sid_stateless_resumes);
+
+    csa = SSL_PeerStapledOCSPResponses(fd);
+    if (csa) {
+        fprintf(stderr, "Received %d Cert Status items (OCSP stapled data)\n",
+                csa->len);
+    }
+    scts = SSL_PeerSignedCertTimestamps(fd);
+    if (scts && scts->len) {
+        fprintf(stderr, "Received a Signed Certificate Timestamp of length"
+                        " %u\n",
+                scts->len);
+    }
+}
+
+static void
+PrintUsageHeader(const char *progName)
+{
+    fprintf(stderr,
+            "Usage:  %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
+            "[-D | -d certdir] [-C] [-b | -R root-module] \n"
+            "[-n nickname] [-Bafosvx] [-c ciphers] [-Y] [-Z]\n"
+            "[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
+            "[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]] [-I groups]\n"
+            "[-A requestfile] [-L totalconnections]",
+            progName);
+}
+
+static void
+PrintParameterUsage(void)
+{
+    fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n"
+                    "%-20s handshake, 2nd_hs_name - at second handshake.\n"
+                    "%-20s Default is host from the -h argument.\n",
+            "-a name",
+            "", "");
+    fprintf(stderr, "%-20s Hostname to connect with\n", "-h host");
+    fprintf(stderr, "%-20s Port number for SSL server\n", "-p port");
+    fprintf(stderr,
+            "%-20s Directory with cert database (default is ~/.netscape)\n",
+            "-d certdir");
+    fprintf(stderr, "%-20s Run without a cert database\n", "-D");
+    fprintf(stderr, "%-20s Load the default \"builtins\" root CA module\n", "-b");
+    fprintf(stderr, "%-20s Load the given root CA module\n", "-R");
+    fprintf(stderr, "%-20s Print certificate chain information\n", "-C");
+    fprintf(stderr, "%-20s (use -C twice to print more certificate details)\n", "");
+    fprintf(stderr, "%-20s (use -C three times to include PEM format certificate dumps)\n", "");
+    fprintf(stderr, "%-20s Nickname of key and cert for client auth\n",
+            "-n nickname");
+    fprintf(stderr,
+            "%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
+            "%-20s All versions are enabled by default.\n"
+            "%-20s Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2 tls1.3\n"
+            "%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n",
+            "-V [min]:[max]", "", "", "");
+    fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K");
+    fprintf(stderr, "%-20s Prints only payload data. Skips HTTP header.\n", "-S");
+    fprintf(stderr, "%-20s Client speaks first. \n", "-f");
+    fprintf(stderr, "%-20s Use synchronous certificate validation\n", "-O");
+    fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o");
+    fprintf(stderr, "%-20s Disable SSL socket locking.\n", "-s");
+    fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v");
+    fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
+    fprintf(stderr, "%-20s Timeout for server ping (default: no timeout).\n", "-t seconds");
+    fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N");
+    fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
+    fprintf(stderr, "%-20s Enable compression.\n", "-z");
+    fprintf(stderr, "%-20s Enable false start.\n", "-g");
+    fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n", "-T");
+    fprintf(stderr, "%-20s Enable the signed_certificate_timestamp extension.\n", "-U");
+    fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n"
+                    "%-20s -F once means: require for server cert only\n"
+                    "%-20s -F twice means: require for intermediates, too\n"
+                    "%-20s (Connect, handshake with server, disable dynamic download\n"
+                    "%-20s  of OCSP/CRL, verify cert using CERT_PKIXVerifyCert.)\n"
+                    "%-20s Exit code:\n"
+                    "%-20s 0: have fresh and valid revocation data, status good\n"
+                    "%-20s 1: cert failed to verify, prior to revocation checking\n"
+                    "%-20s 2: missing, old or invalid revocation data\n"
+                    "%-20s 3: have fresh and valid revocation data, status revoked\n",
+            "-F", "", "", "", "", "", "", "", "", "");
+    fprintf(stderr, "%-20s Test -F allows 0=any (default), 1=only OCSP, 2=only CRL\n", "-M");
+    fprintf(stderr, "%-20s Restrict ciphers\n", "-c ciphers");
+    fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y");
+    fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4");
+    fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
+    fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
+    fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
+    fprintf(stderr, "%-20s Require the use of FFDHE supported groups "
+                    "[I-D.ietf-tls-negotiated-ff-dhe]\n",
+            "-H");
+    fprintf(stderr, "%-20s Read from a file instead of stdin\n", "-A");
+    fprintf(stderr, "%-20s Allow 0-RTT data (TLS 1.3 only)\n", "-Z");
+    fprintf(stderr, "%-20s Disconnect and reconnect up to N times total\n", "-L");
+    fprintf(stderr, "%-20s Comma separated list of enabled groups for TLS key exchange.\n"
+                    "%-20s The following values are valid:\n"
+                    "%-20s P256, P384, P521, x25519, FF2048, FF3072, FF4096, FF6144, FF8192\n",
+            "-I", "", "");
+}
+
+static void
+Usage(const char *progName)
+{
+    PrintUsageHeader(progName);
+    PrintParameterUsage();
+    exit(1);
+}
+
+static void
+PrintCipherUsage(const char *progName)
+{
+    PrintUsageHeader(progName);
+    fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
+            "-c ciphers");
+    fprintf(stderr,
+            "c    SSL3 RSA WITH RC4 128 MD5\n"
+            "d    SSL3 RSA WITH 3DES EDE CBC SHA\n"
+            "e    SSL3 RSA WITH DES CBC SHA\n"
+            "i    SSL3 RSA WITH NULL MD5\n"
+            "n    SSL3 RSA WITH RC4 128 SHA\n"
+            "o    SSL3 DHE DSS WITH RC4 128 SHA\n"
+            "p    SSL3 DHE RSA WITH 3DES EDE CBC SHA\n"
+            "q    SSL3 DHE DSS WITH 3DES EDE CBC SHA\n"
+            "r    SSL3 DHE RSA WITH DES CBC SHA\n"
+            "s    SSL3 DHE DSS WITH DES CBC SHA\n"
+            "t    SSL3 DHE DSS WITH AES 128 CBC SHA\n"
+            "u    SSL3 DHE RSA WITH AES 128 CBC SHA\n"
+            "v    SSL3 RSA WITH AES 128 CBC SHA\n"
+            "w    SSL3 DHE DSS WITH AES 256 CBC SHA\n"
+            "x    SSL3 DHE RSA WITH AES 256 CBC SHA\n"
+            "y    SSL3 RSA WITH AES 256 CBC SHA\n"
+            "z    SSL3 RSA WITH NULL SHA\n"
+            "\n"
+            ":WXYZ  Use cipher with hex code { 0xWX , 0xYZ } in TLS\n");
+    exit(1);
+}
+
+void
+milliPause(PRUint32 milli)
+{
+    PRIntervalTime ticks = PR_MillisecondsToInterval(milli);
+    PR_Sleep(ticks);
+}
+
+void
+disableAllSSLCiphers(void)
+{
+    const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
+    int i = SSL_GetNumImplementedCiphers();
+    SECStatus rv;
+
+    /* disable all the SSL3 cipher suites */
+    while (--i >= 0) {
+        PRUint16 suite = cipherSuites[i];
+        rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
+        if (rv != SECSuccess) {
+            PRErrorCode err = PR_GetError();
+            fprintf(stderr,
+                    "SSL_CipherPrefSet didn't like value 0x%04x (i = %d): %s\n",
+                    suite, i, SECU_Strerror(err));
+            exit(2);
+        }
+    }
+}
+
+typedef struct
+{
+    PRBool shouldPause; /* PR_TRUE if we should use asynchronous peer cert
+                        * authentication */
+    PRBool isPaused;    /* PR_TRUE if libssl is waiting for us to validate the
+                        * peer's certificate and restart the handshake. */
+    void *dbHandle;     /* Certificate database handle to use while
+                        * authenticating the peer's certificate. */
+    PRBool testFreshStatusFromSideChannel;
+    PRErrorCode sideChannelRevocationTestResultCode;
+    PRBool requireDataForIntermediates;
+    PRBool allowOCSPSideChannelData;
+    PRBool allowCRLSideChannelData;
+} ServerCertAuth;
+
+/*
+ * Callback is called when incoming certificate is not valid.
+ * Returns SECSuccess to accept the cert anyway, SECFailure to reject.
+ */
+static SECStatus
+ownBadCertHandler(void *arg, PRFileDesc *socket)
+{
+    PRErrorCode err = PR_GetError();
+    /* can log invalid cert here */
+    fprintf(stderr, "Bad server certificate: %d, %s\n", err,
+            SECU_Strerror(err));
+    return SECSuccess; /* override, say it's OK. */
+}
+
+#define EXIT_CODE_SIDECHANNELTEST_GOOD 0
+#define EXIT_CODE_SIDECHANNELTEST_BADCERT 1
+#define EXIT_CODE_SIDECHANNELTEST_NODATA 2
+#define EXIT_CODE_SIDECHANNELTEST_REVOKED 3
+
+static void
+verifyFromSideChannel(CERTCertificate *cert, ServerCertAuth *sca)
+{
+    PRUint64 revDoNotUse =
+        CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD;
+
+    PRUint64 revUseLocalOnlyAndSoftFail =
+        CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE |
+        CERT_REV_M_IGNORE_MISSING_FRESH_INFO |
+        CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
+
+    PRUint64 revUseLocalOnlyAndHardFail =
+        CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE |
+        CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
+        CERT_REV_M_STOP_TESTING_ON_FRESH_INFO;
+
+    PRUint64 methodFlagsDoNotUse[2];
+    PRUint64 methodFlagsCheckSoftFail[2];
+    PRUint64 methodFlagsCheckHardFail[2];
+    CERTRevocationTests revTestsDoNotCheck;
+    CERTRevocationTests revTestsOverallSoftFail;
+    CERTRevocationTests revTestsOverallHardFail;
+    CERTRevocationFlags rev;
+    CERTValInParam cvin[2];
+    CERTValOutParam cvout[1];
+    SECStatus rv;
+
+    methodFlagsDoNotUse[cert_revocation_method_crl] = revDoNotUse;
+    methodFlagsDoNotUse[cert_revocation_method_ocsp] = revDoNotUse;
+
+    methodFlagsCheckSoftFail[cert_revocation_method_crl] =
+        sca->allowCRLSideChannelData ? revUseLocalOnlyAndSoftFail : revDoNotUse;
+    methodFlagsCheckSoftFail[cert_revocation_method_ocsp] =
+        sca->allowOCSPSideChannelData ? revUseLocalOnlyAndSoftFail : revDoNotUse;
+
+    methodFlagsCheckHardFail[cert_revocation_method_crl] =
+        sca->allowCRLSideChannelData ? revUseLocalOnlyAndHardFail : revDoNotUse;
+    methodFlagsCheckHardFail[cert_revocation_method_ocsp] =
+        sca->allowOCSPSideChannelData ? revUseLocalOnlyAndHardFail : revDoNotUse;
+
+    revTestsDoNotCheck.cert_rev_flags_per_method = methodFlagsDoNotUse;
+    revTestsDoNotCheck.number_of_defined_methods = 2;
+    revTestsDoNotCheck.number_of_preferred_methods = 0;
+    revTestsDoNotCheck.cert_rev_method_independent_flags =
+        CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+        CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
+
+    revTestsOverallSoftFail.cert_rev_flags_per_method = 0; /* must define later */
+    revTestsOverallSoftFail.number_of_defined_methods = 2;
+    revTestsOverallSoftFail.number_of_preferred_methods = 0;
+    revTestsOverallSoftFail.cert_rev_method_independent_flags =
+        CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+        CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT;
+
+    revTestsOverallHardFail.cert_rev_flags_per_method = 0; /* must define later */
+    revTestsOverallHardFail.number_of_defined_methods = 2;
+    revTestsOverallHardFail.number_of_preferred_methods = 0;
+    revTestsOverallHardFail.cert_rev_method_independent_flags =
+        CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+        CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
+
+    rev.chainTests = revTestsDoNotCheck;
+    rev.leafTests = revTestsDoNotCheck;
+
+    cvin[0].type = cert_pi_revocationFlags;
+    cvin[0].value.pointer.revocation = &rev;
+    cvin[1].type = cert_pi_end;
+
+    cvout[0].type = cert_po_end;
+
+    /* Strategy:
+     *
+     * Verify with revocation checking disabled.
+     * On failure return 1.
+     *
+     * if result if "good", then continue testing.
+     *
+     * Verify with CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO.
+     * If result is good, return 0.
+     *
+     * On failure continue testing, find out why it failed.
+     *
+     * Verify with CERT_REV_M_IGNORE_MISSING_FRESH_INFO
+     *
+     * If result is "good", then our previous test failed,
+     * because we don't have fresh revocation info, return 2.
+     *
+     * If result is still bad, we do have revocation info,
+     * and it says "revoked" or something equivalent, return 3.
+     */
+
+    /* revocation checking disabled */
+    rv = CERT_PKIXVerifyCert(cert, certificateUsageSSLServer,
+                             cvin, cvout, NULL);
+    if (rv != SECSuccess) {
+        sca->sideChannelRevocationTestResultCode =
+            EXIT_CODE_SIDECHANNELTEST_BADCERT;
+        return;
+    }
+
+    /* revocation checking, hard fail */
+    if (sca->allowOCSPSideChannelData && sca->allowCRLSideChannelData) {
+        /* any method is allowed. use soft fail on individual checks,
+         * but use hard fail on the overall check
+         */
+        revTestsOverallHardFail.cert_rev_flags_per_method = methodFlagsCheckSoftFail;
+    } else {
+        /* only one method is allowed. use hard fail on the individual checks.
+         * hard/soft fail is irrelevant on overall flags.
+         */
+        revTestsOverallHardFail.cert_rev_flags_per_method = methodFlagsCheckHardFail;
+    }
+    rev.leafTests = revTestsOverallHardFail;
+    rev.chainTests =
+        sca->requireDataForIntermediates ? revTestsOverallHardFail : revTestsDoNotCheck;
+    rv = CERT_PKIXVerifyCert(cert, certificateUsageSSLServer,
+                             cvin, cvout, NULL);
+    if (rv == SECSuccess) {
+        sca->sideChannelRevocationTestResultCode =
+            EXIT_CODE_SIDECHANNELTEST_GOOD;
+        return;
+    }
+
+    /* revocation checking, soft fail */
+    revTestsOverallSoftFail.cert_rev_flags_per_method = methodFlagsCheckSoftFail;
+    rev.leafTests = revTestsOverallSoftFail;
+    rev.chainTests =
+        sca->requireDataForIntermediates ? revTestsOverallSoftFail : revTestsDoNotCheck;
+    rv = CERT_PKIXVerifyCert(cert, certificateUsageSSLServer,
+                             cvin, cvout, NULL);
+    if (rv == SECSuccess) {
+        sca->sideChannelRevocationTestResultCode =
+            EXIT_CODE_SIDECHANNELTEST_NODATA;
+        return;
+    }
+
+    sca->sideChannelRevocationTestResultCode =
+        EXIT_CODE_SIDECHANNELTEST_REVOKED;
+}
+
+static void
+dumpCertificatePEM(CERTCertificate *cert)
+{
+    SECItem data;
+    data.data = cert->derCert.data;
+    data.len = cert->derCert.len;
+    fprintf(stderr, "%s\n%s\n%s\n", NS_CERT_HEADER,
+            BTOA_DataToAscii(data.data, data.len), NS_CERT_TRAILER);
+}
+
+static void
+dumpServerCertificateChain(PRFileDesc *fd)
+{
+    CERTCertList *peerCertChain = NULL;
+    CERTCertListNode *node = NULL;
+    CERTCertificate *peerCert = NULL;
+    CERTCertificateList *foundChain = NULL;
+    SECU_PPFunc dumpFunction = NULL;
+    PRBool dumpCertPEM = PR_FALSE;
+
+    if (!dumpServerChain) {
+        return;
+    } else if (dumpServerChain == 1) {
+        dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo;
+    } else {
+        dumpFunction = (SECU_PPFunc)SECU_PrintCertificate;
+        if (dumpServerChain > 2) {
+            dumpCertPEM = PR_TRUE;
+        }
+    }
+
+    SECU_EnableWrap(PR_FALSE);
+
+    fprintf(stderr, "==== certificate(s) sent by server: ====\n");
+    peerCertChain = SSL_PeerCertificateChain(fd);
+    if (peerCertChain) {
+        node = CERT_LIST_HEAD(peerCertChain);
+        while (!CERT_LIST_END(node, peerCertChain)) {
+            CERTCertificate *cert = node->cert;
+            SECU_PrintSignedContent(stderr, &cert->derCert, "Certificate", 0,
+                                    dumpFunction);
+            if (dumpCertPEM) {
+                dumpCertificatePEM(cert);
+            }
+            node = CERT_LIST_NEXT(node);
+        }
+    }
+
+    if (peerCertChain) {
+        peerCert = SSL_RevealCert(fd);
+        if (peerCert) {
+            foundChain = CERT_CertChainFromCert(peerCert, certificateUsageSSLServer,
+                                                PR_TRUE);
+        }
+        if (foundChain) {
+            unsigned int count = 0;
+            fprintf(stderr, "==== locally found issuer certificate(s): ====\n");
+            for (count = 0; count < (unsigned int)foundChain->len; count++) {
+                CERTCertificate *c;
+                PRBool wasSentByServer = PR_FALSE;
+                c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &foundChain->certs[count]);
+
+                node = CERT_LIST_HEAD(peerCertChain);
+                while (!CERT_LIST_END(node, peerCertChain)) {
+                    CERTCertificate *cert = node->cert;
+                    if (CERT_CompareCerts(cert, c)) {
+                        wasSentByServer = PR_TRUE;
+                        break;
+                    }
+                    node = CERT_LIST_NEXT(node);
+                }
+
+                if (!wasSentByServer) {
+                    SECU_PrintSignedContent(stderr, &c->derCert, "Certificate", 0,
+                                            dumpFunction);
+                    if (dumpCertPEM) {
+                        dumpCertificatePEM(c);
+                    }
+                }
+                CERT_DestroyCertificate(c);
+            }
+            CERT_DestroyCertificateList(foundChain);
+        }
+        if (peerCert) {
+            CERT_DestroyCertificate(peerCert);
+        }
+
+        CERT_DestroyCertList(peerCertChain);
+        peerCertChain = NULL;
+    }
+
+    fprintf(stderr, "==== end of certificate chain information ====\n");
+    fflush(stderr);
+}
+
+static SECStatus
+ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
+                   PRBool isServer)
+{
+    ServerCertAuth *serverCertAuth = (ServerCertAuth *)arg;
+
+    if (dumpServerChain) {
+        dumpServerCertificateChain(fd);
+    }
+
+    if (!serverCertAuth->shouldPause) {
+        CERTCertificate *cert;
+        unsigned int i;
+        const SECItemArray *csa;
+
+        if (!serverCertAuth->testFreshStatusFromSideChannel) {
+            return SSL_AuthCertificate(serverCertAuth->dbHandle,
+                                       fd, checkSig, isServer);
+        }
+
+        /* No verification attempt must have happened before now,
+         * to ensure revocation data has been actively retrieved yet,
+         * or our test will produce incorrect results.
+         */
+
+        cert = SSL_RevealCert(fd);
+        if (!cert) {
+            exit(254);
+        }
+
+        csa = SSL_PeerStapledOCSPResponses(fd);
+        if (csa) {
+            for (i = 0; i < csa->len; ++i) {
+                PORT_SetError(0);
+                if (CERT_CacheOCSPResponseFromSideChannel(
+                        serverCertAuth->dbHandle, cert, PR_Now(),
+                        &csa->items[i], arg) != SECSuccess) {
+                    PORT_Assert(PR_GetError() != 0);
+                }
+            }
+        }
+
+        verifyFromSideChannel(cert, serverCertAuth);
+        CERT_DestroyCertificate(cert);
+        /* return success to ensure our caller will continue and we will
+         * reach the code that handles
+         * serverCertAuth->sideChannelRevocationTestResultCode
+         */
+        return SECSuccess;
+    }
+
+    FPRINTF(stderr, "%s: using asynchronous certificate validation\n",
+            progName);
+
+    PORT_Assert(!serverCertAuth->isPaused);
+    serverCertAuth->isPaused = PR_TRUE;
+    return SECWouldBlock;
+}
+
+SECStatus
+own_GetClientAuthData(void *arg,
+                      PRFileDesc *socket,
+                      struct CERTDistNamesStr *caNames,
+                      struct CERTCertificateStr **pRetCert,
+                      struct SECKEYPrivateKeyStr **pRetKey)
+{
+    if (verbose > 1) {
+        SECStatus rv;
+        fprintf(stderr, "Server requested Client Authentication\n");
+        if (caNames && caNames->nnames > 0) {
+            PLArenaPool *arena = caNames->arena;
+            if (!arena)
+                arena = PORT_NewArena(2048);
+            if (arena) {
+                int i;
+                for (i = 0; i < caNames->nnames; ++i) {
+                    char *nameString;
+                    CERTName dn;
+                    rv = SEC_QuickDERDecodeItem(arena,
+                                                &dn,
+                                                SEC_ASN1_GET(CERT_NameTemplate),
+                                                caNames->names + i);
+                    if (rv != SECSuccess)
+                        continue;
+                    nameString = CERT_NameToAscii(&dn);
+                    if (!nameString)
+                        continue;
+                    fprintf(stderr, "CA[%d]: %s\n", i + 1, nameString);
+                    PORT_Free(nameString);
+                }
+                if (!caNames->arena) {
+                    PORT_FreeArena(arena, PR_FALSE);
+                }
+            }
+        }
+        rv = NSS_GetClientAuthData(arg, socket, caNames, pRetCert, pRetKey);
+        if (rv == SECSuccess && *pRetCert) {
+            char *nameString = CERT_NameToAscii(&((*pRetCert)->subject));
+            if (nameString) {
+                fprintf(stderr, "sent cert: %s\n", nameString);
+                PORT_Free(nameString);
+            }
+        } else {
+            fprintf(stderr, "send no cert\n");
+        }
+        return rv;
+    }
+    return NSS_GetClientAuthData(arg, socket, caNames, pRetCert, pRetKey);
+}
+
+#if defined(WIN32) || defined(OS2)
+void
+thread_main(void *arg)
+{
+    PRFileDesc *ps = (PRFileDesc *)arg;
+    PRFileDesc *std_in = PR_GetSpecialFD(PR_StandardInput);
+    int wc, rc;
+    char buf[256];
+
+#ifdef WIN32
+    {
+        /* Put stdin into O_BINARY mode
+        ** or else incoming \r\n's will become \n's.
+        */
+        int smrv = _setmode(_fileno(stdin), _O_BINARY);
+        if (smrv == -1) {
+            fprintf(stderr,
+                    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+                    progName);
+            /* plow ahead anyway */
+        }
+    }
+#endif
+
+    do {
+        rc = PR_Read(std_in, buf, sizeof buf);
+        if (rc <= 0)
+            break;
+        wc = PR_Send(ps, buf, rc, 0, maxInterval);
+    } while (wc == rc);
+    PR_Close(ps);
+}
+
+#endif
+
+static void
+printHostNameAndAddr(const char *host, const PRNetAddr *addr)
+{
+    PRUint16 port = PR_NetAddrInetPort(addr);
+    char addrBuf[80];
+    PRStatus st = PR_NetAddrToString(addr, addrBuf, sizeof addrBuf);
+
+    if (st == PR_SUCCESS) {
+        port = PR_ntohs(port);
+        FPRINTF(stderr, "%s: connecting to %s:%hu (address=%s)\n",
+                progName, host, port, addrBuf);
+    }
+}
+
+/*
+ *  Prints output according to skipProtoHeader flag. If skipProtoHeader
+ *  is not set, prints without any changes, otherwise looking
+ *  for \n\r\n(empty line sequence: HTTP header separator) and
+ *  prints everything after it.
+ */
+static void
+separateReqHeader(const PRFileDesc *outFd, const char *buf, const int nb,
+                  PRBool *wrStarted, int *ptrnMatched)
+{
+
+    /* it is sufficient to look for only "\n\r\n". Hopping that
+     * HTTP response format satisfies the standard */
+    char *ptrnStr = "\n\r\n";
+    char *resPtr;
+
+    if (nb == 0) {
+        return;
+    }
+
+    if (*ptrnMatched > 0) {
+        /* Get here only if previous separateReqHeader call found
+         * only a fragment of "\n\r\n" in previous buffer. */
+        PORT_Assert(*ptrnMatched < 3);
+
+        /* the size of fragment of "\n\r\n" what we want to find in this
+         * buffer is equal to *ptrnMatched */
+        if (*ptrnMatched <= nb) {
+            /* move the pointer to the beginning of the fragment */
+            int strSize = *ptrnMatched;
+            char *tmpPtrn = ptrnStr + (3 - strSize);
+            if (PL_strncmp(buf, tmpPtrn, strSize) == 0) {
+                /* print the rest of the buffer(without the fragment) */
+                PR_Write((void *)outFd, buf + strSize, nb - strSize);
+                *wrStarted = PR_TRUE;
+                return;
+            }
+        } else {
+            /* we are here only when nb == 1 && *ptrnMatched == 2 */
+            if (*buf == '\r') {
+                *ptrnMatched = 1;
+            } else {
+                *ptrnMatched = 0;
+            }
+            return;
+        }
+    }
+    resPtr = PL_strnstr(buf, ptrnStr, nb);
+    if (resPtr != NULL) {
+        /* if "\n\r\n" was found in the buffer, calculate offset
+         * and print the rest of the buffer */
+        int newBn = nb - (resPtr - buf + 3); /* 3 is the length of "\n\r\n" */
+
+        PR_Write((void *)outFd, resPtr + 3, newBn);
+        *wrStarted = PR_TRUE;
+        return;
+    } else {
+        /* try to find a fragment of "\n\r\n" at the end of the buffer.
+         * if found, set *ptrnMatched to the number of chars left to find
+         * in the next buffer.*/
+        int i;
+        for (i = 1; i < 3; i++) {
+            char *bufPrt;
+            int strSize = 3 - i;
+
+            if (strSize > nb) {
+                continue;
+            }
+            bufPrt = (char *)(buf + nb - strSize);
+
+            if (PL_strncmp(bufPrt, ptrnStr, strSize) == 0) {
+                *ptrnMatched = i;
+                return;
+            }
+        }
+    }
+}
+
+#define SSOCK_FD 0
+#define STDIN_FD 1
+
+#define HEXCHAR_TO_INT(c, i)                   \
+    if (((c) >= '0') && ((c) <= '9')) {        \
+        i = (c) - '0';                         \
+    } else if (((c) >= 'a') && ((c) <= 'f')) { \
+        i = (c) - 'a' + 10;                    \
+    } else if (((c) >= 'A') && ((c) <= 'F')) { \
+        i = (c) - 'A' + 10;                    \
+    } else {                                   \
+        Usage(progName);                       \
+    }
+
+static SECStatus
+restartHandshakeAfterServerCertIfNeeded(PRFileDesc *fd,
+                                        ServerCertAuth *serverCertAuth,
+                                        PRBool override)
+{
+    SECStatus rv;
+    PRErrorCode error;
+
+    if (!serverCertAuth->isPaused)
+        return SECSuccess;
+
+    FPRINTF(stderr, "%s: handshake was paused by auth certificate hook\n",
+            progName);
+
+    serverCertAuth->isPaused = PR_FALSE;
+    rv = SSL_AuthCertificate(serverCertAuth->dbHandle, fd, PR_TRUE, PR_FALSE);
+    if (rv != SECSuccess) {
+        error = PR_GetError();
+        if (error == 0) {
+            PR_NOT_REACHED("SSL_AuthCertificate return SECFailure without "
+                           "setting error code.");
+            error = PR_INVALID_STATE_ERROR;
+        } else if (override) {
+            rv = ownBadCertHandler(NULL, fd);
+        }
+    }
+    if (rv == SECSuccess) {
+        error = 0;
+    }
+
+    if (SSL_AuthCertificateComplete(fd, error) != SECSuccess) {
+        rv = SECFailure;
+    } else {
+        /* restore the original error code, which could be reset by
+         * SSL_AuthCertificateComplete */
+        PORT_SetError(error);
+    }
+
+    return rv;
+}
+
+char *host = NULL;
+char *nickname = NULL;
+char *cipherString = NULL;
+int multiplier = 0;
+SSLVersionRange enabledVersions;
+int disableLocking = 0;
+int enableSessionTickets = 0;
+int enableCompression = 0;
+int enableFalseStart = 0;
+int enableCertStatus = 0;
+int enableSignedCertTimestamps = 0;
+int forceFallbackSCSV = 0;
+int enableExtendedMasterSecret = 0;
+PRBool requireDHNamedGroups = 0;
+PRSocketOptionData opt;
+PRNetAddr addr;
+PRBool allowIPv4 = PR_TRUE;
+PRBool allowIPv6 = PR_TRUE;
+PRBool pingServerFirst = PR_FALSE;
+int pingTimeoutSeconds = -1;
+PRBool clientSpeaksFirst = PR_FALSE;
+PRBool skipProtoHeader = PR_FALSE;
+ServerCertAuth serverCertAuth;
+char *hs1SniHostName = NULL;
+char *hs2SniHostName = NULL;
+PRUint16 portno = 443;
+int override = 0;
+char *requestString = NULL;
+PRInt32 requestStringLen = 0;
+PRBool requestSent = PR_FALSE;
+PRBool enableZeroRtt = PR_FALSE;
+
+static int
+writeBytesToServer(PRFileDesc *s, const char *buf, int nb)
+{
+    SECStatus rv;
+    const char *bufp = buf;
+    PRPollDesc pollDesc;
+
+    pollDesc.in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
+    pollDesc.out_flags = 0;
+    pollDesc.fd = s;
+
+    FPRINTF(stderr, "%s: Writing %d bytes to server\n",
+            progName, nb);
+    do {
+        PRInt32 cc = PR_Send(s, bufp, nb, 0, maxInterval);
+        if (cc < 0) {
+            PRErrorCode err = PR_GetError();
+            if (err != PR_WOULD_BLOCK_ERROR) {
+                SECU_PrintError(progName,
+                                "write to SSL socket failed");
+                return 254;
+            }
+            cc = 0;
+        }
+        bufp += cc;
+        nb -= cc;
+        if (nb <= 0)
+            break;
+
+        rv = restartHandshakeAfterServerCertIfNeeded(s,
+                                                     &serverCertAuth, override);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "authentication of server cert failed");
+            return EXIT_CODE_HANDSHAKE_FAILED;
+        }
+
+        pollDesc.in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
+        pollDesc.out_flags = 0;
+        FPRINTF(stderr,
+                "%s: about to call PR_Poll on writable socket !\n",
+                progName);
+        cc = PR_Poll(&pollDesc, 1, PR_INTERVAL_NO_TIMEOUT);
+        if (cc < 0) {
+            SECU_PrintError(progName,
+                            "PR_Poll failed");
+            return -1;
+        }
+        FPRINTF(stderr,
+                "%s: PR_Poll returned with writable socket !\n",
+                progName);
+    } while (1);
+
+    return 0;
+}
+
+void
+handshakeCallback(PRFileDesc *fd, void *client_data)
+{
+    const char *secondHandshakeName = (char *)client_data;
+    if (secondHandshakeName) {
+        SSL_SetURL(fd, secondHandshakeName);
+    }
+    printSecurityInfo(fd);
+    if (renegotiationsDone < renegotiationsToDo) {
+        SSL_ReHandshake(fd, (renegotiationsToDo < 2));
+        ++renegotiationsDone;
+    }
+    if (requestString && requestSent) {
+        /* This data was sent in 0-RTT. */
+        SSLChannelInfo info;
+        SECStatus rv;
+
+        rv = SSL_GetChannelInfo(fd, &info, sizeof(info));
+        if (rv != SECSuccess)
+            return;
+
+        if (!info.earlyDataAccepted) {
+            FPRINTF(stderr, "Early data rejected. Re-sending\n");
+            writeBytesToServer(fd, requestString, requestStringLen);
+        }
+    }
+}
+
+#define REQUEST_WAITING (requestString && !requestSent)
+
+static int
+run_client(void)
+{
+    int headerSeparatorPtrnId = 0;
+    int error = 0;
+    SECStatus rv;
+    PRStatus status;
+    PRInt32 filesReady;
+    int npds;
+    PRFileDesc *s = NULL;
+    PRFileDesc *std_out;
+    PRPollDesc pollset[2];
+    PRBool wrStarted = PR_FALSE;
+
+    requestSent = PR_FALSE;
+
+    /* Create socket */
+    s = PR_OpenTCPSocket(addr.raw.family);
+    if (s == NULL) {
+        SECU_PrintError(progName, "error creating socket");
+        error = 1;
+        goto done;
+    }
+
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_TRUE; /* default */
+    if (serverCertAuth.testFreshStatusFromSideChannel) {
+        opt.value.non_blocking = PR_FALSE;
+    }
+    status = PR_SetSocketOption(s, &opt);
+    if (status != PR_SUCCESS) {
+        SECU_PrintError(progName, "error setting socket options");
+        error = 1;
+        goto done;
+    }
+
+    s = SSL_ImportFD(NULL, s);
+    if (s == NULL) {
+        SECU_PrintError(progName, "error importing socket");
+        error = 1;
+        goto done;
+    }
+
+    SSL_SetPKCS11PinArg(s, &pwdata);
+
+    rv = SSL_OptionSet(s, SSL_SECURITY, 1);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error enabling socket");
+        error = 1;
+        goto done;
+    }
+
+    rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, 1);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error enabling client handshake");
+        error = 1;
+        goto done;
+    }
+
+    /* all SSL3 cipher suites are enabled by default. */
+    if (cipherString) {
+        char *cstringSaved = cipherString;
+        int ndx;
+
+        while (0 != (ndx = *cipherString++)) {
+            int cipher = 0;
+
+            if (ndx == ':') {
+                int ctmp = 0;
+
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 12);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 8);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 4);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= ctmp;
+                cipherString++;
+            } else {
+                if (!isalpha(ndx))
+                    Usage(progName);
+                ndx = tolower(ndx) - 'a';
+                if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) {
+                    cipher = ssl3CipherSuites[ndx];
+                }
+            }
+            if (cipher > 0) {
+                SECStatus status;
+                status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
+                if (status != SECSuccess)
+                    SECU_PrintError(progName, "SSL_CipherPrefSet()");
+            } else {
+                Usage(progName);
+            }
+        }
+        PORT_Free(cstringSaved);
+    }
+
+    rv = SSL_VersionRangeSet(s, &enabledVersions);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error setting SSL/TLS version range ");
+        error = 1;
+        goto done;
+    }
+
+    /* disable SSL socket locking */
+    rv = SSL_OptionSet(s, SSL_NO_LOCKS, disableLocking);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error disabling SSL socket locking");
+        error = 1;
+        goto done;
+    }
+
+    /* enable Session Ticket extension. */
+    rv = SSL_OptionSet(s, SSL_ENABLE_SESSION_TICKETS, enableSessionTickets);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error enabling Session Ticket extension");
+        error = 1;
+        goto done;
+    }
+
+    /* enable compression. */
+    rv = SSL_OptionSet(s, SSL_ENABLE_DEFLATE, enableCompression);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error enabling compression");
+        error = 1;
+        goto done;
+    }
+
+    /* enable false start. */
+    rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error enabling false start");
+        error = 1;
+        goto done;
+    }
+
+    if (forceFallbackSCSV) {
+        rv = SSL_OptionSet(s, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error forcing fallback scsv");
+            error = 1;
+            goto done;
+        }
+    }
+
+    /* enable cert status (OCSP stapling). */
+    rv = SSL_OptionSet(s, SSL_ENABLE_OCSP_STAPLING, enableCertStatus);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error enabling cert status (OCSP stapling)");
+        error = 1;
+        goto done;
+    }
+
+    /* enable extended master secret mode */
+    if (enableExtendedMasterSecret) {
+        rv = SSL_OptionSet(s, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error enabling extended master secret");
+            error = 1;
+            goto done;
+        }
+    }
+
+    /* enable 0-RTT (TLS 1.3 only) */
+    if (enableZeroRtt) {
+        rv = SSL_OptionSet(s, SSL_ENABLE_0RTT_DATA, PR_TRUE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error enabling 0-RTT");
+            error = 1;
+            goto done;
+        }
+    }
+
+    /* require the use of fixed finite-field DH groups */
+    if (requireDHNamedGroups) {
+        rv = SSL_OptionSet(s, SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error in requiring the use of fixed finite-field DH groups");
+            error = 1;
+            goto done;
+        }
+    }
+
+    /* enable Signed Certificate Timestamps. */
+    rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                       enableSignedCertTimestamps);
+    if (rv != SECSuccess) {
+        SECU_PrintError(progName, "error enabling signed cert timestamps");
+        error = 1;
+        goto done;
+    }
+
+    if (enabledGroups) {
+        rv = SSL_NamedGroupConfig(s, enabledGroups, enabledGroupsCount);
+        if (rv < 0) {
+            SECU_PrintError(progName, "SSL_NamedGroupConfig failed");
+            error = 1;
+            goto done;
+        }
+    }
+
+    serverCertAuth.dbHandle = CERT_GetDefaultCertDB();
+
+    SSL_AuthCertificateHook(s, ownAuthCertificate, &serverCertAuth);
+    if (override) {
+        SSL_BadCertHook(s, ownBadCertHandler, NULL);
+    }
+    SSL_GetClientAuthDataHook(s, own_GetClientAuthData, (void *)nickname);
+    SSL_HandshakeCallback(s, handshakeCallback, hs2SniHostName);
+    if (hs1SniHostName) {
+        SSL_SetURL(s, hs1SniHostName);
+    } else {
+        SSL_SetURL(s, host);
+    }
+
+    /* Try to connect to the server */
+    status = PR_Connect(s, &addr, PR_INTERVAL_NO_TIMEOUT);
+    if (status != PR_SUCCESS) {
+        if (PR_GetError() == PR_IN_PROGRESS_ERROR) {
+            if (verbose)
+                SECU_PrintError(progName, "connect");
+            milliPause(50 * multiplier);
+            pollset[SSOCK_FD].in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
+            pollset[SSOCK_FD].out_flags = 0;
+            pollset[SSOCK_FD].fd = s;
+            while (1) {
+                FPRINTF(stderr,
+                        "%s: about to call PR_Poll for connect completion!\n",
+                        progName);
+                filesReady = PR_Poll(pollset, 1, PR_INTERVAL_NO_TIMEOUT);
+                if (filesReady < 0) {
+                    SECU_PrintError(progName, "unable to connect (poll)");
+                    error = 1;
+                    goto done;
+                }
+                FPRINTF(stderr,
+                        "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
+                        progName, pollset[SSOCK_FD].out_flags);
+                if (filesReady == 0) { /* shouldn't happen! */
+                    FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
+                    error = 1;
+                    goto done;
+                }
+                status = PR_GetConnectStatus(pollset);
+                if (status == PR_SUCCESS) {
+                    break;
+                }
+                if (PR_GetError() != PR_IN_PROGRESS_ERROR) {
+                    SECU_PrintError(progName, "unable to connect (poll)");
+                    error = 1;
+                    goto done;
+                }
+                SECU_PrintError(progName, "poll");
+                milliPause(50 * multiplier);
+            }
+        } else {
+            SECU_PrintError(progName, "unable to connect");
+            error = 1;
+            goto done;
+        }
+    }
+
+    pollset[SSOCK_FD].fd = s;
+    pollset[SSOCK_FD].in_flags = PR_POLL_EXCEPT |
+                                 (clientSpeaksFirst ? 0 : PR_POLL_READ);
+    pollset[STDIN_FD].fd = PR_GetSpecialFD(PR_StandardInput);
+    if (!REQUEST_WAITING) {
+        pollset[STDIN_FD].in_flags = PR_POLL_READ;
+        npds = 2;
+    } else {
+        npds = 1;
+    }
+    std_out = PR_GetSpecialFD(PR_StandardOutput);
+
+#if defined(WIN32) || defined(OS2)
+    /* PR_Poll cannot be used with stdin on Windows or OS/2.  (sigh).
+    ** But use of PR_Poll and non-blocking sockets is a major feature
+    ** of this program.  So, we simulate a pollable stdin with a
+    ** TCP socket pair and a  thread that reads stdin and writes to
+    ** that socket pair.
+    */
+    {
+        PRFileDesc *fds[2];
+        PRThread *thread;
+
+        int nspr_rv = PR_NewTCPSocketPair(fds);
+        if (nspr_rv != PR_SUCCESS) {
+            SECU_PrintError(progName, "PR_NewTCPSocketPair failed");
+            error = 1;
+            goto done;
+        }
+        pollset[STDIN_FD].fd = fds[1];
+
+        thread = PR_CreateThread(PR_USER_THREAD, thread_main, fds[0],
+                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+                                 PR_UNJOINABLE_THREAD, 0);
+        if (!thread) {
+            SECU_PrintError(progName, "PR_CreateThread failed");
+            error = 1;
+            goto done;
+        }
+    }
+#endif
+
+    if (serverCertAuth.testFreshStatusFromSideChannel) {
+        SSL_ForceHandshake(s);
+        error = serverCertAuth.sideChannelRevocationTestResultCode;
+        goto done;
+    }
+
+    /*
+    ** Select on stdin and on the socket. Write data from stdin to
+    ** socket, read data from socket and write to stdout.
+    */
+    FPRINTF(stderr, "%s: ready...\n", progName);
+    while ((pollset[SSOCK_FD].in_flags | pollset[STDIN_FD].in_flags) ||
+           REQUEST_WAITING) {
+        char buf[4000]; /* buffer for stdin */
+        int nb;         /* num bytes read from stdin. */
+
+        rv = restartHandshakeAfterServerCertIfNeeded(s, &serverCertAuth,
+                                                     override);
+        if (rv != SECSuccess) {
+            error = EXIT_CODE_HANDSHAKE_FAILED;
+            SECU_PrintError(progName, "authentication of server cert failed");
+            goto done;
+        }
+
+        pollset[SSOCK_FD].out_flags = 0;
+        pollset[STDIN_FD].out_flags = 0;
+
+        FPRINTF(stderr, "%s: about to call PR_Poll !\n", progName);
+        filesReady = PR_Poll(pollset, npds, PR_INTERVAL_NO_TIMEOUT);
+        if (filesReady < 0) {
+            SECU_PrintError(progName, "select failed");
+            error = 1;
+            goto done;
+        }
+        if (filesReady == 0) { /* shouldn't happen! */
+            FPRINTF(stderr, "%s: PR_Poll returned zero!\n", progName);
+            error = 1;
+            goto done;
+        }
+        FPRINTF(stderr, "%s: PR_Poll returned!\n", progName);
+        if (pollset[STDIN_FD].in_flags) {
+            FPRINTF(stderr,
+                    "%s: PR_Poll returned 0x%02x for stdin out_flags.\n",
+                    progName, pollset[STDIN_FD].out_flags);
+        }
+        if (pollset[SSOCK_FD].in_flags) {
+            FPRINTF(stderr,
+                    "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
+                    progName, pollset[SSOCK_FD].out_flags);
+        }
+        if (REQUEST_WAITING) {
+            error = writeBytesToServer(s, requestString, requestStringLen);
+            if (error) {
+                goto done;
+            }
+            requestSent = PR_TRUE;
+            pollset[SSOCK_FD].in_flags = PR_POLL_READ;
+        }
+        if (pollset[STDIN_FD].out_flags & PR_POLL_READ) {
+            /* Read from stdin and write to socket */
+            nb = PR_Read(pollset[STDIN_FD].fd, buf, sizeof(buf));
+            FPRINTF(stderr, "%s: stdin read %d bytes\n", progName, nb);
+            if (nb < 0) {
+                if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
+                    SECU_PrintError(progName, "read from stdin failed");
+                    error = 1;
+                    break;
+                }
+            } else if (nb == 0) {
+                /* EOF on stdin, stop polling stdin for read. */
+                pollset[STDIN_FD].in_flags = 0;
+            } else {
+                error = writeBytesToServer(s, buf, nb);
+                if (error) {
+                    goto done;
+                }
+                pollset[SSOCK_FD].in_flags = PR_POLL_READ;
+            }
+        }
+
+        if (pollset[SSOCK_FD].in_flags) {
+            FPRINTF(stderr,
+                    "%s: PR_Poll returned 0x%02x for socket out_flags.\n",
+                    progName, pollset[SSOCK_FD].out_flags);
+        }
+        if ((pollset[SSOCK_FD].out_flags & PR_POLL_READ) ||
+            (pollset[SSOCK_FD].out_flags & PR_POLL_ERR)
+#ifdef PR_POLL_HUP
+            || (pollset[SSOCK_FD].out_flags & PR_POLL_HUP)
+#endif
+                ) {
+            /* Read from socket and write to stdout */
+            nb = PR_Recv(pollset[SSOCK_FD].fd, buf, sizeof buf, 0, maxInterval);
+            FPRINTF(stderr, "%s: Read from server %d bytes\n", progName, nb);
+            if (nb < 0) {
+                if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
+                    SECU_PrintError(progName, "read from socket failed");
+                    error = 1;
+                    goto done;
+                }
+            } else if (nb == 0) {
+                /* EOF from socket... stop polling socket for read */
+                pollset[SSOCK_FD].in_flags = 0;
+            } else {
+                if (skipProtoHeader != PR_TRUE || wrStarted == PR_TRUE) {
+                    PR_Write(std_out, buf, nb);
+                } else {
+                    separateReqHeader(std_out, buf, nb, &wrStarted,
+                                      &headerSeparatorPtrnId);
+                }
+                if (verbose)
+                    fputs("\n\n", stderr);
+            }
+        }
+        milliPause(50 * multiplier);
+    }
+
+done:
+    if (s) {
+        PR_Close(s);
+    }
+
+    return error;
+}
+
+PRInt32
+ReadFile(const char *filename, char **data)
+{
+    char *ret = NULL;
+    char buf[8192];
+    unsigned int len = 0;
+    PRStatus rv;
+
+    PRFileDesc *fd = PR_Open(filename, PR_RDONLY, 0);
+    if (!fd)
+        return -1;
+
+    for (;;) {
+        rv = PR_Read(fd, buf, sizeof(buf));
+        if (rv < 0) {
+            PR_Free(ret);
+            return rv;
+        }
+
+        if (!rv)
+            break;
+
+        ret = PR_Realloc(ret, len + rv);
+        if (!ret) {
+            return -1;
+        }
+        PORT_Memcpy(ret + len, buf, rv);
+        len += rv;
+    }
+
+    *data = ret;
+    return len;
+}
+
+int
+main(int argc, char **argv)
+{
+    PLOptState *optstate;
+    PLOptStatus optstatus;
+    PRStatus status;
+    PRStatus prStatus;
+    int error = 0;
+    char *tmp;
+    SECStatus rv;
+    char *certDir = NULL;
+    PRBool openDB = PR_TRUE;
+    PRBool loadDefaultRootCAs = PR_FALSE;
+    char *rootModule = NULL;
+    int numConnections = 1;
+    PRFileDesc *s = NULL;
+
+    serverCertAuth.shouldPause = PR_TRUE;
+    serverCertAuth.isPaused = PR_FALSE;
+    serverCertAuth.dbHandle = NULL;
+    serverCertAuth.testFreshStatusFromSideChannel = PR_FALSE;
+    serverCertAuth.sideChannelRevocationTestResultCode = EXIT_CODE_HANDSHAKE_FAILED;
+    serverCertAuth.requireDataForIntermediates = PR_FALSE;
+    serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
+    serverCertAuth.allowCRLSideChannelData = PR_TRUE;
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    tmp = PR_GetEnvSecure("NSS_DEBUG_TIMEOUT");
+    if (tmp && tmp[0]) {
+        int sec = PORT_Atoi(tmp);
+        if (sec > 0) {
+            maxInterval = PR_SecondsToInterval(sec);
+        }
+    }
+
+    SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
+
+    /* XXX: 'B' was used in the past but removed in 3.28,
+     *      please leave some time before resuing it. */
+    optstate = PL_CreateOptState(argc, argv,
+                                 "46A:CDFGHI:KL:M:OR:STUV:W:YZa:bc:d:fgh:m:n:op:qr:st:uvw:z");
+    while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case '?':
+            default:
+                Usage(progName);
+                break;
+
+            case '4':
+                allowIPv6 = PR_FALSE;
+                if (!allowIPv4)
+                    Usage(progName);
+                break;
+            case '6':
+                allowIPv4 = PR_FALSE;
+                if (!allowIPv6)
+                    Usage(progName);
+                break;
+
+            case 'A':
+                requestStringLen = ReadFile(optstate->value, &requestString);
+                if (requestStringLen < 0) {
+                    fprintf(stderr, "Couldn't read file %s\n", optstate->value);
+                    exit(1);
+                }
+                break;
+
+            case 'C':
+                ++dumpServerChain;
+                break;
+
+            case 'D':
+                openDB = PR_FALSE;
+                break;
+
+            case 'F':
+                if (serverCertAuth.testFreshStatusFromSideChannel) {
+                    /* parameter given twice or more */
+                    serverCertAuth.requireDataForIntermediates = PR_TRUE;
+                }
+                serverCertAuth.testFreshStatusFromSideChannel = PR_TRUE;
+                break;
+
+            case 'G':
+                enableExtendedMasterSecret = PR_TRUE;
+                break;
+
+            case 'H':
+                requireDHNamedGroups = PR_TRUE;
+                break;
+
+            case 'O':
+                serverCertAuth.shouldPause = PR_FALSE;
+                break;
+
+            case 'K':
+                forceFallbackSCSV = PR_TRUE;
+                break;
+
+            case 'L':
+                numConnections = atoi(optstate->value);
+                break;
+
+            case 'M':
+                switch (atoi(optstate->value)) {
+                    case 1:
+                        serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
+                        serverCertAuth.allowCRLSideChannelData = PR_FALSE;
+                        break;
+                    case 2:
+                        serverCertAuth.allowOCSPSideChannelData = PR_FALSE;
+                        serverCertAuth.allowCRLSideChannelData = PR_TRUE;
+                        break;
+                    case 0:
+                    default:
+                        serverCertAuth.allowOCSPSideChannelData = PR_TRUE;
+                        serverCertAuth.allowCRLSideChannelData = PR_TRUE;
+                        break;
+                };
+                break;
+
+            case 'R':
+                rootModule = PORT_Strdup(optstate->value);
+                break;
+
+            case 'S':
+                skipProtoHeader = PR_TRUE;
+                break;
+
+            case 'T':
+                enableCertStatus = 1;
+                break;
+
+            case 'U':
+                enableSignedCertTimestamps = 1;
+                break;
+
+            case 'V':
+                if (SECU_ParseSSLVersionRangeString(optstate->value,
+                                                    enabledVersions, &enabledVersions) !=
+                    SECSuccess) {
+                    fprintf(stderr, "Bad version specified.\n");
+                    Usage(progName);
+                }
+                break;
+
+            case 'Y':
+                PrintCipherUsage(progName);
+                exit(0);
+                break;
+
+            case 'Z':
+                enableZeroRtt = PR_TRUE;
+                break;
+
+            case 'a':
+                if (!hs1SniHostName) {
+                    hs1SniHostName = PORT_Strdup(optstate->value);
+                } else if (!hs2SniHostName) {
+                    hs2SniHostName = PORT_Strdup(optstate->value);
+                } else {
+                    Usage(progName);
+                }
+                break;
+
+            case 'b':
+                loadDefaultRootCAs = PR_TRUE;
+                break;
+
+            case 'c':
+                cipherString = PORT_Strdup(optstate->value);
+                break;
+
+            case 'g':
+                enableFalseStart = 1;
+                break;
+
+            case 'd':
+                certDir = PORT_Strdup(optstate->value);
+                break;
+
+            case 'f':
+                clientSpeaksFirst = PR_TRUE;
+                break;
+
+            case 'h':
+                host = PORT_Strdup(optstate->value);
+                break;
+
+            case 'm':
+                multiplier = atoi(optstate->value);
+                if (multiplier < 0)
+                    multiplier = 0;
+                break;
+
+            case 'n':
+                nickname = PORT_Strdup(optstate->value);
+                break;
+
+            case 'o':
+                override = 1;
+                break;
+
+            case 'p':
+                portno = (PRUint16)atoi(optstate->value);
+                break;
+
+            case 'q':
+                pingServerFirst = PR_TRUE;
+                break;
+
+            case 's':
+                disableLocking = 1;
+                break;
+
+            case 't':
+                pingTimeoutSeconds = atoi(optstate->value);
+                break;
+
+            case 'u':
+                enableSessionTickets = PR_TRUE;
+                break;
+
+            case 'v':
+                verbose++;
+                break;
+
+            case 'r':
+                renegotiationsToDo = atoi(optstate->value);
+                break;
+
+            case 'w':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'W':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'z':
+                enableCompression = 1;
+                break;
+
+            case 'I':
+                rv = parseGroupList(optstate->value, &enabledGroups, &enabledGroupsCount);
+                if (rv != SECSuccess) {
+                    PL_DestroyOptState(optstate);
+                    fprintf(stderr, "Bad group specified.\n");
+                    Usage(progName);
+                }
+                break;
+        }
+    }
+
+    PL_DestroyOptState(optstate);
+
+    if (optstatus == PL_OPT_BAD) {
+        Usage(progName);
+    }
+
+    if (!host || !portno) {
+        fprintf(stderr, "%s: parameters -h and -p are mandatory\n", progName);
+        Usage(progName);
+    }
+
+    if (serverCertAuth.testFreshStatusFromSideChannel &&
+        serverCertAuth.shouldPause) {
+        fprintf(stderr, "%s: -F requires the use of -O\n", progName);
+        exit(1);
+    }
+
+    if (certDir && !openDB) {
+        fprintf(stderr, "%s: Cannot combine parameters -D and -d\n", progName);
+        exit(1);
+    }
+
+    if (rootModule && loadDefaultRootCAs) {
+        fprintf(stderr, "%s: Cannot combine parameters -b and -R\n", progName);
+        exit(1);
+    }
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    status = PR_StringToNetAddr(host, &addr);
+    if (status == PR_SUCCESS) {
+        addr.inet.port = PR_htons(portno);
+    } else {
+        /* Lookup host */
+        PRAddrInfo *addrInfo;
+        void *enumPtr = NULL;
+
+        addrInfo = PR_GetAddrInfoByName(host, PR_AF_UNSPEC,
+                                        PR_AI_ADDRCONFIG | PR_AI_NOCANONNAME);
+        if (!addrInfo) {
+            SECU_PrintError(progName, "error looking up host");
+            error = 1;
+            goto done;
+        }
+        for (;;) {
+            enumPtr = PR_EnumerateAddrInfo(enumPtr, addrInfo, portno, &addr);
+            if (enumPtr == NULL)
+                break;
+            if (addr.raw.family == PR_AF_INET && allowIPv4)
+                break;
+            if (addr.raw.family == PR_AF_INET6 && allowIPv6)
+                break;
+        }
+        PR_FreeAddrInfo(addrInfo);
+        if (enumPtr == NULL) {
+            SECU_PrintError(progName, "error looking up host address");
+            error = 1;
+            goto done;
+        }
+    }
+
+    printHostNameAndAddr(host, &addr);
+
+    if (!certDir) {
+        certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
+        certDir = SECU_ConfigDirectory(certDir);
+    } else {
+        char *certDirTmp = certDir;
+        certDir = SECU_ConfigDirectory(certDirTmp);
+        PORT_Free(certDirTmp);
+    }
+
+    if (pingServerFirst) {
+        int iter = 0;
+        PRErrorCode err;
+
+        int max_attempts = MAX_WAIT_FOR_SERVER;
+        if (pingTimeoutSeconds >= 0) {
+            /* If caller requested a timeout, let's try just twice. */
+            max_attempts = 2;
+        }
+        do {
+            PRIntervalTime timeoutInterval = PR_INTERVAL_NO_TIMEOUT;
+            s = PR_OpenTCPSocket(addr.raw.family);
+            if (s == NULL) {
+                SECU_PrintError(progName, "Failed to create a TCP socket");
+                error = 1;
+                goto done;
+            }
+            opt.option = PR_SockOpt_Nonblocking;
+            opt.value.non_blocking = PR_FALSE;
+            prStatus = PR_SetSocketOption(s, &opt);
+            if (prStatus != PR_SUCCESS) {
+                SECU_PrintError(progName,
+                                "Failed to set blocking socket option");
+                error = 1;
+                goto done;
+            }
+            if (pingTimeoutSeconds >= 0) {
+                timeoutInterval = PR_SecondsToInterval(pingTimeoutSeconds);
+            }
+            prStatus = PR_Connect(s, &addr, timeoutInterval);
+            if (prStatus == PR_SUCCESS) {
+                PR_Shutdown(s, PR_SHUTDOWN_BOTH);
+                goto done;
+            }
+            err = PR_GetError();
+            if ((err != PR_CONNECT_REFUSED_ERROR) &&
+                (err != PR_CONNECT_RESET_ERROR)) {
+                SECU_PrintError(progName, "TCP Connection failed");
+                error = 1;
+                goto done;
+            }
+            PR_Close(s);
+            s = NULL;
+            PR_Sleep(PR_MillisecondsToInterval(WAIT_INTERVAL));
+        } while (++iter < max_attempts);
+        SECU_PrintError(progName,
+                        "Client timed out while waiting for connection to server");
+        error = 1;
+        goto done;
+    }
+
+    /* open the cert DB, the key DB, and the secmod DB. */
+    if (openDB) {
+        rv = NSS_Init(certDir);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "unable to open cert database");
+            error = 1;
+            goto done;
+        }
+    } else {
+        rv = NSS_NoDB_Init(NULL);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "failed to initialize NSS");
+            error = 1;
+            goto done;
+        }
+    }
+
+    if (loadDefaultRootCAs) {
+        SECMOD_AddNewModule("Builtins",
+                            DLL_PREFIX "nssckbi." DLL_SUFFIX, 0, 0);
+    } else if (rootModule) {
+        SECMOD_AddNewModule("Builtins", rootModule, 0, 0);
+    }
+
+    /* all SSL3 cipher suites are enabled by default. */
+    if (cipherString) {
+        /* disable all the ciphers, then enable the ones we want. */
+        disableAllSSLCiphers();
+    }
+
+    while (numConnections--) {
+        error = run_client();
+        if (error) {
+            goto done;
+        }
+    }
+
+done:
+    if (s) {
+        PR_Close(s);
+    }
+
+    if (hs1SniHostName) {
+        PORT_Free(hs1SniHostName);
+    }
+    if (hs2SniHostName) {
+        PORT_Free(hs2SniHostName);
+    }
+    if (nickname) {
+        PORT_Free(nickname);
+    }
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
+    }
+    PORT_Free(host);
+    PORT_Free(requestString);
+
+    if (enabledGroups) {
+        PORT_Free(enabledGroups);
+    }
+    if (NSS_IsInitialized()) {
+        SSL_ClearSessionCache();
+        if (NSS_Shutdown() != SECSuccess) {
+            error = 1;
+        }
+    }
+
+    FPRINTF(stderr, "tstclnt: exiting with return code %d\n", error);
+    PR_Cleanup();
+    return error;
+}
diff --git a/nss/cmd/tstclnt/tstclnt.gyp b/nss/cmd/tstclnt/tstclnt.gyp
new file mode 100644
index 0000000..81cbff3
--- /dev/null
+++ b/nss/cmd/tstclnt/tstclnt.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'tstclnt',
+      'type': 'executable',
+      'sources': [
+        'tstclnt.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'DLL_PREFIX=\"<(dll_prefix)\"',
+      'DLL_SUFFIX=\"<(dll_suffix)\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/verifier/.gitignore b/nss/cmd/verifier/.gitignore
new file mode 100644
index 0000000..f1d55a6
--- /dev/null
+++ b/nss/cmd/verifier/.gitignore
@@ -0,0 +1,2 @@
+.cproject
+
diff --git a/nss/cmd/verifier/Makefile b/nss/cmd/verifier/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/verifier/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/verifier/client_db b/nss/cmd/verifier/client_db
new file mode 120000
index 0000000..22ed056
--- /dev/null
+++ b/nss/cmd/verifier/client_db
@@ -0,0 +1 @@
+../../../ca/client_db
\ No newline at end of file
diff --git a/nss/cmd/verifier/main.c b/nss/cmd/verifier/main.c
new file mode 100644
index 0000000..ff20238
--- /dev/null
+++ b/nss/cmd/verifier/main.c
@@ -0,0 +1,76 @@
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <unistd.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+#include "nss.h"
+#include "ssl.h"
+#include "tlsproofstr.h"
+#include "prio.h"
+#include "pk11func.h"
+
+
+/*Error handler*/
+void error(const char *msg)
+{
+	PRErrorCode perr = PR_GetError();
+	const char *errString = PORT_ErrorToString(perr);
+
+	printf("!! ERROR function name: %s returned error %d:\n%s\n",msg, perr, errString);
+	exit(1);
+}
+
+/*Callback function that return the password of the certificate database.
+ * It is set when configuring NSS.*/
+char* getPwd(PK11SlotInfo *slot, PRBool retry, void *arg){
+	printf("Pass retrieved \n");
+
+	char *pwd= NULL;
+	pwd = PORT_Strdup("");
+
+	return pwd;
+}
+
+
+int main(int argc, char *argv[])
+{
+	unsigned char buffer[65536*16];
+
+	// Hack to enable environment variables
+	SSL_OptionSetDefault(SSL_ENABLE_TLS_PROOF, PR_TRUE);
+
+
+	// 2 arguments are necessary for the client
+	if(argc < 2){
+		error("Specify proof file.");
+	}
+
+	//Set the password callback
+	PK11_SetPasswordFunc(getPwd);
+
+	//Init
+	SECStatus rv = NSS_Init("../client_db");
+	if(rv != SECSuccess) error("NSS_Init");
+
+	PRFileDesc* fd = PR_Open(argv[1], PR_RDONLY, 0);
+	
+	int length = PR_Read(fd, buffer, sizeof(buffer));
+	assert(PR_Read(fd, buffer, sizeof(buffer)) == 0);
+
+	if(SSL_TLSProofCheckProof(buffer, length) == SECSuccess){
+		printf("Proof successfully verified!\n");
+	} else {
+		printf("Proof is incorrect\n");
+	}		
+	printf("\nEND\n");
+	return 0;
+}
+
diff --git a/nss/cmd/verifier/manifest.mn b/nss/cmd/verifier/manifest.mn
new file mode 100644
index 0000000..f9174e2
--- /dev/null
+++ b/nss/cmd/verifier/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= main.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= verifier 
+
diff --git a/nss/cmd/vfychain/Makefile b/nss/cmd/vfychain/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/vfychain/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/vfychain/manifest.mn b/nss/cmd/vfychain/manifest.mn
new file mode 100644
index 0000000..5b2ae25
--- /dev/null
+++ b/nss/cmd/vfychain/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd 
+
+# DIRS = 
+
+CSRCS	= vfychain.c  
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= vfychain
+
diff --git a/nss/cmd/vfychain/vfychain.c b/nss/cmd/vfychain/vfychain.c
new file mode 100644
index 0000000..d42274c
--- /dev/null
+++ b/nss/cmd/vfychain/vfychain.c
@@ -0,0 +1,820 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/****************************************************************************
+ *  Read in a cert chain from one or more files, and verify the chain for
+ *  some usage.
+ *                                                                          *
+ *  This code was modified from other code also kept in the NSS directory.
+ ****************************************************************************/
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include "prerror.h"
+
+#include "pk11func.h"
+#include "seccomon.h"
+#include "secutil.h"
+#include "secmod.h"
+#include "secitem.h"
+#include "cert.h"
+#include "ocsp.h"
+
+/* #include <stdlib.h> */
+/* #include <errno.h> */
+/* #include <fcntl.h> */
+/* #include <stdarg.h> */
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prio.h"
+#include "nss.h"
+
+/* #include "vfyutil.h" */
+
+#define RD_BUF_SIZE (60 * 1024)
+
+int verbose;
+
+secuPWData pwdata = { PW_NONE, 0 };
+
+static void
+Usage(const char *progName)
+{
+    fprintf(stderr,
+            "Usage: %s [options] [revocation options] certfile "
+            "[[options] certfile] ...\n"
+            "\tWhere options are:\n"
+            "\t-a\t\t Following certfile is base64 encoded\n"
+            "\t-b YYMMDDHHMMZ\t Validate date (default: now)\n"
+            "\t-d directory\t Database directory\n"
+            "\t-i number of consecutive verifications\n"
+            "\t-f \t\t Enable cert fetching from AIA URL\n"
+            "\t-o oid\t\t Set policy OID for cert validation(Format OID.1.2.3)\n"
+            "\t-p \t\t Use PKIX Library to validate certificate by calling:\n"
+            "\t\t\t   * CERT_VerifyCertificate if specified once,\n"
+            "\t\t\t   * CERT_PKIXVerifyCert if specified twice and more.\n"
+            "\t-r\t\t Following certfile is raw binary DER (default)\n"
+            "\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n"
+            "\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n"
+            "\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n"
+            "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n"
+            "\t-T\t\t Trust both explicit trust anchors (-t) and the database.\n"
+            "\t\t\t (Default is to only trust certificates marked -t, if there are any,\n"
+            "\t\t\t or to trust the database if there are certificates marked -t.)\n"
+            "\t-v\t\t Verbose mode. Prints root cert subject(double the\n"
+            "\t\t\t argument for whole root cert info)\n"
+            "\t-w password\t Database password.\n"
+            "\t-W pwfile\t Password file.\n\n"
+            "\tRevocation options for PKIX API(invoked with -pp options) is a\n"
+            "\tcollection of the following flags:\n"
+            "\t\t[-g type [-h flags] [-m type [-s flags]] ...] ...\n"
+            "\tWhere:\n"
+            "\t-g test type\t Sets status checking test type. Possible values\n"
+            "\t\t\tare \"leaf\" or \"chain\"\n"
+            "\t-h test flags\t Sets revocation flags for the test type it\n"
+            "\t\t\tfollows. Possible flags: \"testLocalInfoFirst\" and\n"
+            "\t\t\t\"requireFreshInfo\".\n"
+            "\t-m method type\t Sets method type for the test type it follows.\n"
+            "\t\t\tPossible types are \"crl\" and \"ocsp\".\n"
+            "\t-s method flags\t Sets revocation flags for the method it follows.\n"
+            "\t\t\tPossible types are \"doNotUse\", \"forbidFetching\",\n"
+            "\t\t\t\"ignoreDefaultSrc\", \"requireInfo\" and \"failIfNoInfo\".\n",
+            progName);
+    exit(1);
+}
+
+/**************************************************************************
+** 
+** Error and information routines.
+**
+**************************************************************************/
+
+void
+errWarn(char *function)
+{
+    fprintf(stderr, "Error in function %s: %s\n",
+            function, SECU_Strerror(PR_GetError()));
+}
+
+void
+exitErr(char *function)
+{
+    errWarn(function);
+    /* Exit gracefully. */
+    /* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/
+    (void)NSS_Shutdown();
+    PR_Cleanup();
+    exit(1);
+}
+
+typedef struct certMemStr {
+    struct certMemStr *next;
+    CERTCertificate *cert;
+} certMem;
+
+certMem *theCerts;
+CERTCertList *trustedCertList;
+
+void
+rememberCert(CERTCertificate *cert, PRBool trusted)
+{
+    if (trusted) {
+        if (!trustedCertList) {
+            trustedCertList = CERT_NewCertList();
+        }
+        CERT_AddCertToListTail(trustedCertList, cert);
+    } else {
+        certMem *newCertMem = PORT_ZNew(certMem);
+        if (newCertMem) {
+            newCertMem->next = theCerts;
+            newCertMem->cert = cert;
+            theCerts = newCertMem;
+        }
+    }
+}
+
+void
+forgetCerts(void)
+{
+    certMem *oldCertMem;
+    while (theCerts) {
+        oldCertMem = theCerts;
+        theCerts = theCerts->next;
+        CERT_DestroyCertificate(oldCertMem->cert);
+        PORT_Free(oldCertMem);
+    }
+    if (trustedCertList) {
+        CERT_DestroyCertList(trustedCertList);
+    }
+}
+
+CERTCertificate *
+getCert(const char *name, PRBool isAscii, const char *progName)
+{
+    CERTCertificate *cert;
+    CERTCertDBHandle *defaultDB;
+    PRFileDesc *fd;
+    SECStatus rv;
+    SECItem item = { 0, NULL, 0 };
+
+    defaultDB = CERT_GetDefaultCertDB();
+
+    /* First, let's try to find the cert in existing DB. */
+    cert = CERT_FindCertByNicknameOrEmailAddr(defaultDB, name);
+    if (cert) {
+        return cert;
+    }
+
+    /* Don't have a cert with name "name" in the DB. Try to
+     * open a file with such name and get the cert from there.*/
+    fd = PR_Open(name, PR_RDONLY, 0777);
+    if (!fd) {
+        PRErrorCode err = PR_GetError();
+        fprintf(stderr, "open of %s failed, %d = %s\n",
+                name, err, SECU_Strerror(err));
+        return cert;
+    }
+
+    rv = SECU_ReadDERFromFile(&item, fd, isAscii, PR_FALSE);
+    PR_Close(fd);
+    if (rv != SECSuccess) {
+        fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
+        return cert;
+    }
+
+    if (!item.len) { /* file was empty */
+        fprintf(stderr, "cert file %s was empty.\n", name);
+        return cert;
+    }
+
+    cert = CERT_NewTempCertificate(defaultDB, &item,
+                                   NULL /* nickname */,
+                                   PR_FALSE /* isPerm */,
+                                   PR_TRUE /* copyDER */);
+    if (!cert) {
+        PRErrorCode err = PR_GetError();
+        fprintf(stderr, "couldn't import %s, %d = %s\n",
+                name, err, SECU_Strerror(err));
+    }
+    PORT_Free(item.data);
+    return cert;
+}
+
+#define REVCONFIG_TEST_UNDEFINED 0
+#define REVCONFIG_TEST_LEAF 1
+#define REVCONFIG_TEST_CHAIN 2
+#define REVCONFIG_METHOD_CRL 1
+#define REVCONFIG_METHOD_OCSP 2
+
+#define REVCONFIG_TEST_LEAF_STR "leaf"
+#define REVCONFIG_TEST_CHAIN_STR "chain"
+#define REVCONFIG_METHOD_CRL_STR "crl"
+#define REVCONFIG_METHOD_OCSP_STR "ocsp"
+
+#define REVCONFIG_TEST_TESTLOCALINFOFIRST_STR "testLocalInfoFirst"
+#define REVCONFIG_TEST_REQUIREFRESHINFO_STR "requireFreshInfo"
+#define REVCONFIG_METHOD_DONOTUSEMETHOD_STR "doNotUse"
+#define REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR "forbidFetching"
+#define REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR "ignoreDefaultSrc"
+#define REVCONFIG_METHOD_REQUIREINFO_STR "requireInfo"
+#define REVCONFIG_METHOD_FAILIFNOINFO_STR "failIfNoInfo"
+
+#define REV_METHOD_INDEX_MAX 4
+
+typedef struct RevMethodsStruct {
+    unsigned int testType;
+    char *testTypeStr;
+    unsigned int testFlags;
+    char *testFlagsStr;
+    unsigned int methodType;
+    char *methodTypeStr;
+    unsigned int methodFlags;
+    char *methodFlagsStr;
+} RevMethods;
+
+RevMethods revMethodsData[REV_METHOD_INDEX_MAX];
+
+SECStatus
+parseRevMethodsAndFlags()
+{
+    int i;
+    unsigned int testType = 0;
+
+    for (i = 0; i < REV_METHOD_INDEX_MAX; i++) {
+        /* testType */
+        if (revMethodsData[i].testTypeStr) {
+            char *typeStr = revMethodsData[i].testTypeStr;
+
+            testType = 0;
+            if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_LEAF_STR)) {
+                testType = REVCONFIG_TEST_LEAF;
+            } else if (!PORT_Strcmp(typeStr, REVCONFIG_TEST_CHAIN_STR)) {
+                testType = REVCONFIG_TEST_CHAIN;
+            }
+        }
+        if (!testType) {
+            return SECFailure;
+        }
+        revMethodsData[i].testType = testType;
+        /* testFlags */
+        if (revMethodsData[i].testFlagsStr) {
+            char *flagStr = revMethodsData[i].testFlagsStr;
+            unsigned int testFlags = 0;
+
+            if (PORT_Strstr(flagStr, REVCONFIG_TEST_TESTLOCALINFOFIRST_STR)) {
+                testFlags |= CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST;
+            }
+            if (PORT_Strstr(flagStr, REVCONFIG_TEST_REQUIREFRESHINFO_STR)) {
+                testFlags |= CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE;
+            }
+            revMethodsData[i].testFlags = testFlags;
+        }
+        /* method type */
+        if (revMethodsData[i].methodTypeStr) {
+            char *methodStr = revMethodsData[i].methodTypeStr;
+            unsigned int methodType = 0;
+
+            if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_CRL_STR)) {
+                methodType = REVCONFIG_METHOD_CRL;
+            } else if (!PORT_Strcmp(methodStr, REVCONFIG_METHOD_OCSP_STR)) {
+                methodType = REVCONFIG_METHOD_OCSP;
+            }
+            if (!methodType) {
+                return SECFailure;
+            }
+            revMethodsData[i].methodType = methodType;
+        }
+        if (!revMethodsData[i].methodType) {
+            revMethodsData[i].testType = REVCONFIG_TEST_UNDEFINED;
+            continue;
+        }
+        /* method flags */
+        if (revMethodsData[i].methodFlagsStr) {
+            char *flagStr = revMethodsData[i].methodFlagsStr;
+            unsigned int methodFlags = 0;
+
+            if (!PORT_Strstr(flagStr, REVCONFIG_METHOD_DONOTUSEMETHOD_STR)) {
+                methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
+            }
+            if (PORT_Strstr(flagStr,
+                            REVCONFIG_METHOD_FORBIDNETWORKFETCHIN_STR)) {
+                methodFlags |= CERT_REV_M_FORBID_NETWORK_FETCHING;
+            }
+            if (PORT_Strstr(flagStr, REVCONFIG_METHOD_IGNOREDEFAULTSRC_STR)) {
+                methodFlags |= CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE;
+            }
+            if (PORT_Strstr(flagStr, REVCONFIG_METHOD_REQUIREINFO_STR)) {
+                methodFlags |= CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE;
+            }
+            if (PORT_Strstr(flagStr, REVCONFIG_METHOD_FAILIFNOINFO_STR)) {
+                methodFlags |= CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO;
+            }
+            revMethodsData[i].methodFlags = methodFlags;
+        } else {
+            revMethodsData[i].methodFlags |= CERT_REV_M_TEST_USING_THIS_METHOD;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+configureRevocationParams(CERTRevocationFlags *flags)
+{
+    int i;
+    unsigned int testType = REVCONFIG_TEST_UNDEFINED;
+    static CERTRevocationTests *revTests = NULL;
+    PRUint64 *revFlags = NULL;
+
+    for (i = 0; i < REV_METHOD_INDEX_MAX; i++) {
+        if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
+            continue;
+        }
+        if (revMethodsData[i].testType != testType) {
+            testType = revMethodsData[i].testType;
+            if (testType == REVCONFIG_TEST_CHAIN) {
+                revTests = &flags->chainTests;
+            } else {
+                revTests = &flags->leafTests;
+            }
+            revTests->number_of_preferred_methods = 0;
+            revTests->preferred_methods = 0;
+            revFlags = revTests->cert_rev_flags_per_method;
+        }
+        /* Set the number of the methods independently to the max number of
+        * methods. If method flags are not set it will be ignored due to
+        * default DO_NOT_USE flag. */
+        revTests->number_of_defined_methods = cert_revocation_method_count;
+        revTests->cert_rev_method_independent_flags |=
+            revMethodsData[i].testFlags;
+        if (revMethodsData[i].methodType == REVCONFIG_METHOD_CRL) {
+            revFlags[cert_revocation_method_crl] =
+                revMethodsData[i].methodFlags;
+        } else if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
+            revFlags[cert_revocation_method_ocsp] =
+                revMethodsData[i].methodFlags;
+        }
+    }
+    return SECSuccess;
+}
+
+void
+freeRevocationMethodData()
+{
+    int i = 0;
+    for (; i < REV_METHOD_INDEX_MAX; i++) {
+        if (revMethodsData[i].testTypeStr) {
+            PORT_Free(revMethodsData[i].testTypeStr);
+        }
+        if (revMethodsData[i].testFlagsStr) {
+            PORT_Free(revMethodsData[i].testFlagsStr);
+        }
+        if (revMethodsData[i].methodTypeStr) {
+            PORT_Free(revMethodsData[i].methodTypeStr);
+        }
+        if (revMethodsData[i].methodFlagsStr) {
+            PORT_Free(revMethodsData[i].methodFlagsStr);
+        }
+    }
+}
+
+PRBool
+isOCSPEnabled()
+{
+    int i;
+
+    for (i = 0; i < REV_METHOD_INDEX_MAX; i++) {
+        if (revMethodsData[i].methodType == REVCONFIG_METHOD_OCSP) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+int
+main(int argc, char *argv[], char *envp[])
+{
+    char *certDir = NULL;
+    char *progName = NULL;
+    char *oidStr = NULL;
+    CERTCertificate *cert;
+    CERTCertificate *firstCert = NULL;
+    CERTCertificate *issuerCert = NULL;
+    CERTCertDBHandle *defaultDB = NULL;
+    PRBool isAscii = PR_FALSE;
+    PRBool trusted = PR_FALSE;
+    SECStatus secStatus;
+    SECCertificateUsage certUsage = certificateUsageSSLServer;
+    PLOptState *optstate;
+    PRTime time = 0;
+    PLOptStatus status;
+    int usePkix = 0;
+    int rv = 1;
+    int usage;
+    CERTVerifyLog log;
+    CERTCertList *builtChain = NULL;
+    PRBool certFetching = PR_FALSE;
+    int revDataIndex = 0;
+    PRBool ocsp_fetchingFailureIsAFailure = PR_TRUE;
+    PRBool useDefaultRevFlags = PR_TRUE;
+    PRBool onlyTrustAnchors = PR_TRUE;
+    int vfyCounts = 1;
+
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    progName = PL_strdup(argv[0]);
+
+    optstate = PL_CreateOptState(argc, argv, "ab:c:d:efg:h:i:m:o:prs:tTu:vw:W:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 0: /* positional parameter */
+                goto breakout;
+            case 'a':
+                isAscii = PR_TRUE;
+                break;
+            case 'b':
+                secStatus = DER_AsciiToTime(&time, optstate->value);
+                if (secStatus != SECSuccess)
+                    Usage(progName);
+                break;
+            case 'd':
+                certDir = PL_strdup(optstate->value);
+                break;
+            case 'e':
+                ocsp_fetchingFailureIsAFailure = PR_FALSE;
+                break;
+            case 'f':
+                certFetching = PR_TRUE;
+                break;
+            case 'g':
+                if (revMethodsData[revDataIndex].testTypeStr ||
+                    revMethodsData[revDataIndex].methodTypeStr) {
+                    revDataIndex += 1;
+                    if (revDataIndex == REV_METHOD_INDEX_MAX) {
+                        fprintf(stderr, "Invalid revocation configuration"
+                                        "specified.\n");
+                        secStatus = SECFailure;
+                        break;
+                    }
+                }
+                useDefaultRevFlags = PR_FALSE;
+                revMethodsData[revDataIndex].testTypeStr =
+                    PL_strdup(optstate->value);
+                break;
+            case 'h':
+                revMethodsData[revDataIndex].testFlagsStr =
+                    PL_strdup(optstate->value);
+                break;
+            case 'i':
+                vfyCounts = PORT_Atoi(optstate->value);
+                break;
+                break;
+            case 'm':
+                if (revMethodsData[revDataIndex].methodTypeStr) {
+                    revDataIndex += 1;
+                    if (revDataIndex == REV_METHOD_INDEX_MAX) {
+                        fprintf(stderr, "Invalid revocation configuration"
+                                        "specified.\n");
+                        secStatus = SECFailure;
+                        break;
+                    }
+                }
+                useDefaultRevFlags = PR_FALSE;
+                revMethodsData[revDataIndex].methodTypeStr =
+                    PL_strdup(optstate->value);
+                break;
+            case 'o':
+                oidStr = PL_strdup(optstate->value);
+                break;
+            case 'p':
+                usePkix += 1;
+                break;
+            case 'r':
+                isAscii = PR_FALSE;
+                break;
+            case 's':
+                revMethodsData[revDataIndex].methodFlagsStr =
+                    PL_strdup(optstate->value);
+                break;
+            case 't':
+                trusted = PR_TRUE;
+                break;
+            case 'T':
+                onlyTrustAnchors = PR_FALSE;
+                break;
+            case 'u':
+                usage = PORT_Atoi(optstate->value);
+                if (usage < 0 || usage > 62)
+                    Usage(progName);
+                certUsage = ((SECCertificateUsage)1) << usage;
+                if (certUsage > certificateUsageHighest)
+                    Usage(progName);
+                break;
+            case 'w':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'W':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+            case 'v':
+                verbose++;
+                break;
+            default:
+                Usage(progName);
+                break;
+        }
+    }
+breakout:
+    if (status != PL_OPT_OK)
+        Usage(progName);
+
+    if (usePkix < 2) {
+        if (oidStr) {
+            fprintf(stderr, "Policy oid(-o) can be used only with"
+                            " CERT_PKIXVerifyCert(-pp) function.\n");
+            Usage(progName);
+        }
+        if (trusted) {
+            fprintf(stderr, "Cert trust flag can be used only with"
+                            " CERT_PKIXVerifyCert(-pp) function.\n");
+            Usage(progName);
+        }
+        if (!onlyTrustAnchors) {
+            fprintf(stderr, "Cert trust anchor exclusiveness can be"
+                            " used only with CERT_PKIXVerifyCert(-pp)"
+                            " function.\n");
+        }
+    }
+
+    if (!useDefaultRevFlags && parseRevMethodsAndFlags()) {
+        fprintf(stderr, "Invalid revocation configuration specified.\n");
+        goto punt;
+    }
+
+    /* Set our password function callback. */
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /* Initialize the NSS libraries. */
+    if (certDir) {
+        secStatus = NSS_Init(certDir);
+    } else {
+        secStatus = NSS_NoDB_Init(NULL);
+
+        /* load the builtins */
+        SECMOD_AddNewModule("Builtins", DLL_PREFIX "nssckbi." DLL_SUFFIX, 0, 0);
+    }
+    if (secStatus != SECSuccess) {
+        exitErr("NSS_Init");
+    }
+    SECU_RegisterDynamicOids();
+    if (isOCSPEnabled()) {
+        CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
+        CERT_DisableOCSPDefaultResponder(CERT_GetDefaultCertDB());
+        if (!ocsp_fetchingFailureIsAFailure) {
+            CERT_SetOCSPFailureMode(ocspMode_FailureIsNotAVerificationFailure);
+        }
+    }
+
+    while (status == PL_OPT_OK) {
+        switch (optstate->option) {
+            default:
+                Usage(progName);
+                break;
+            case 'a':
+                isAscii = PR_TRUE;
+                break;
+            case 'r':
+                isAscii = PR_FALSE;
+                break;
+            case 't':
+                trusted = PR_TRUE;
+                break;
+            case 0: /* positional parameter */
+                if (usePkix < 2 && trusted) {
+                    fprintf(stderr, "Cert trust flag can be used only with"
+                                    " CERT_PKIXVerifyCert(-pp) function.\n");
+                    Usage(progName);
+                }
+                cert = getCert(optstate->value, isAscii, progName);
+                if (!cert)
+                    goto punt;
+                rememberCert(cert, trusted);
+                if (!firstCert)
+                    firstCert = cert;
+                trusted = PR_FALSE;
+        }
+        status = PL_GetNextOpt(optstate);
+    }
+    PL_DestroyOptState(optstate);
+    if (status == PL_OPT_BAD || !firstCert)
+        Usage(progName);
+
+    /* Initialize log structure */
+    log.arena = PORT_NewArena(512);
+    log.head = log.tail = NULL;
+    log.count = 0;
+
+    do {
+        if (usePkix < 2) {
+            /* NOW, verify the cert chain. */
+            if (usePkix) {
+                /* Use old API with libpkix validation lib */
+                CERT_SetUsePKIXForValidation(PR_TRUE);
+            }
+            if (!time)
+                time = PR_Now();
+
+            defaultDB = CERT_GetDefaultCertDB();
+            secStatus = CERT_VerifyCertificate(defaultDB, firstCert,
+                                               PR_TRUE /* check sig */,
+                                               certUsage,
+                                               time,
+                                               &pwdata, /* wincx  */
+                                               &log,    /* error log */
+                                               NULL);   /* returned usages */
+        } else
+            do {
+                static CERTValOutParam cvout[4];
+                static CERTValInParam cvin[7];
+                SECOidTag oidTag;
+                int inParamIndex = 0;
+                static PRUint64 revFlagsLeaf[2];
+                static PRUint64 revFlagsChain[2];
+                static CERTRevocationFlags rev;
+
+                if (oidStr) {
+                    PLArenaPool *arena;
+                    SECOidData od;
+                    memset(&od, 0, sizeof od);
+                    od.offset = SEC_OID_UNKNOWN;
+                    od.desc = "User Defined Policy OID";
+                    od.mechanism = CKM_INVALID_MECHANISM;
+                    od.supportedExtension = INVALID_CERT_EXTENSION;
+
+                    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                    if (!arena) {
+                        fprintf(stderr, "out of memory");
+                        goto punt;
+                    }
+
+                    secStatus = SEC_StringToOID(arena, &od.oid, oidStr, 0);
+                    if (secStatus != SECSuccess) {
+                        PORT_FreeArena(arena, PR_FALSE);
+                        fprintf(stderr, "Can not encode oid: %s(%s)\n", oidStr,
+                                SECU_Strerror(PORT_GetError()));
+                        break;
+                    }
+
+                    oidTag = SECOID_AddEntry(&od);
+                    PORT_FreeArena(arena, PR_FALSE);
+                    if (oidTag == SEC_OID_UNKNOWN) {
+                        fprintf(stderr, "Can not add new oid to the dynamic "
+                                        "table: %s\n",
+                                oidStr);
+                        secStatus = SECFailure;
+                        break;
+                    }
+
+                    cvin[inParamIndex].type = cert_pi_policyOID;
+                    cvin[inParamIndex].value.arraySize = 1;
+                    cvin[inParamIndex].value.array.oids = &oidTag;
+
+                    inParamIndex++;
+                }
+
+                if (trustedCertList) {
+                    cvin[inParamIndex].type = cert_pi_trustAnchors;
+                    cvin[inParamIndex].value.pointer.chain = trustedCertList;
+
+                    inParamIndex++;
+                }
+
+                cvin[inParamIndex].type = cert_pi_useAIACertFetch;
+                cvin[inParamIndex].value.scalar.b = certFetching;
+                inParamIndex++;
+
+                rev.leafTests.cert_rev_flags_per_method = revFlagsLeaf;
+                rev.chainTests.cert_rev_flags_per_method = revFlagsChain;
+                secStatus = configureRevocationParams(&rev);
+                if (secStatus) {
+                    fprintf(stderr, "Can not config revocation parameters ");
+                    break;
+                }
+
+                cvin[inParamIndex].type = cert_pi_revocationFlags;
+                cvin[inParamIndex].value.pointer.revocation = &rev;
+                inParamIndex++;
+
+                if (time) {
+                    cvin[inParamIndex].type = cert_pi_date;
+                    cvin[inParamIndex].value.scalar.time = time;
+                    inParamIndex++;
+                }
+
+                if (!onlyTrustAnchors) {
+                    cvin[inParamIndex].type = cert_pi_useOnlyTrustAnchors;
+                    cvin[inParamIndex].value.scalar.b = onlyTrustAnchors;
+                    inParamIndex++;
+                }
+
+                cvin[inParamIndex].type = cert_pi_end;
+
+                cvout[0].type = cert_po_trustAnchor;
+                cvout[0].value.pointer.cert = NULL;
+                cvout[1].type = cert_po_certList;
+                cvout[1].value.pointer.chain = NULL;
+
+                /* setting pointer to CERTVerifyLog. Initialized structure
+                 * will be used CERT_PKIXVerifyCert */
+                cvout[2].type = cert_po_errorLog;
+                cvout[2].value.pointer.log = &log;
+
+                cvout[3].type = cert_po_end;
+
+                secStatus = CERT_PKIXVerifyCert(firstCert, certUsage,
+                                                cvin, cvout, &pwdata);
+                if (secStatus != SECSuccess) {
+                    break;
+                }
+                issuerCert = cvout[0].value.pointer.cert;
+                builtChain = cvout[1].value.pointer.chain;
+            } while (0);
+
+        /* Display validation results */
+        if (secStatus != SECSuccess || log.count > 0) {
+            CERTVerifyLogNode *node = NULL;
+            fprintf(stderr, "Chain is bad!\n");
+
+            SECU_displayVerifyLog(stderr, &log, verbose);
+            /* Have cert refs in the log only in case of failure.
+             * Destroy them. */
+            for (node = log.head; node; node = node->next) {
+                if (node->cert)
+                    CERT_DestroyCertificate(node->cert);
+            }
+            log.head = log.tail = NULL;
+            log.count = 0;
+            rv = 1;
+        } else {
+            fprintf(stderr, "Chain is good!\n");
+            if (issuerCert) {
+                if (verbose > 1) {
+                    rv = SEC_PrintCertificateAndTrust(issuerCert, "Root Certificate",
+                                                      NULL);
+                    if (rv != SECSuccess) {
+                        SECU_PrintError(progName, "problem printing certificate");
+                    }
+                } else if (verbose > 0) {
+                    SECU_PrintName(stdout, &issuerCert->subject, "Root "
+                                                                 "Certificate Subject:",
+                                   0);
+                }
+                CERT_DestroyCertificate(issuerCert);
+            }
+            if (builtChain) {
+                CERTCertListNode *node;
+                int count = 0;
+                char buff[256];
+
+                if (verbose) {
+                    for (node = CERT_LIST_HEAD(builtChain); !CERT_LIST_END(node, builtChain);
+                         node = CERT_LIST_NEXT(node), count++) {
+                        sprintf(buff, "Certificate %d Subject", count + 1);
+                        SECU_PrintName(stdout, &node->cert->subject, buff, 0);
+                    }
+                }
+                CERT_DestroyCertList(builtChain);
+            }
+            rv = 0;
+        }
+    } while (--vfyCounts > 0);
+
+    /* Need to destroy CERTVerifyLog arena at the end */
+    PORT_FreeArena(log.arena, PR_FALSE);
+
+punt:
+    forgetCerts();
+    if (NSS_Shutdown() != SECSuccess) {
+        SECU_PrintError(progName, "NSS_Shutdown");
+        rv = 1;
+    }
+    PORT_Free(progName);
+    PORT_Free(certDir);
+    PORT_Free(oidStr);
+    freeRevocationMethodData();
+    if (pwdata.data) {
+        PORT_Free(pwdata.data);
+    }
+    PL_ArenaFinish();
+    PR_Cleanup();
+    return rv;
+}
diff --git a/nss/cmd/vfychain/vfychain.gyp b/nss/cmd/vfychain/vfychain.gyp
new file mode 100644
index 0000000..775ba1f
--- /dev/null
+++ b/nss/cmd/vfychain/vfychain.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'vfychain',
+      'type': 'executable',
+      'sources': [
+        'vfychain.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'DLL_PREFIX=\"<(dll_prefix)\"',
+      'DLL_SUFFIX=\"<(dll_suffix)\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/vfyserv/Makefile b/nss/cmd/vfyserv/Makefile
new file mode 100644
index 0000000..a27a3ce
--- /dev/null
+++ b/nss/cmd/vfyserv/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#include ../platlibs.mk
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
+
diff --git a/nss/cmd/vfyserv/manifest.mn b/nss/cmd/vfyserv/manifest.mn
new file mode 100644
index 0000000..c925be9
--- /dev/null
+++ b/nss/cmd/vfyserv/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+# DIRS = 
+
+CSRCS	= vfyserv.c  vfyutil.c
+DEFINES += -DDLL_PREFIX=\"$(DLL_PREFIX)\" -DDLL_SUFFIX=\"$(DLL_SUFFIX)\"
+
+PROGRAM	= vfyserv
+
diff --git a/nss/cmd/vfyserv/vfyserv.c b/nss/cmd/vfyserv/vfyserv.c
new file mode 100644
index 0000000..aa648ad
--- /dev/null
+++ b/nss/cmd/vfyserv/vfyserv.c
@@ -0,0 +1,572 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/****************************************************************************
+ *  SSL client program that tests  a server for proper operation of SSL2,   *
+ *  SSL3, and TLS. Test propder certificate installation.                   *
+ *                                                                          *
+ *  This code was modified from the SSLSample code also kept in the NSS     *
+ *  directory.                                                              *
+ ****************************************************************************/
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include "prerror.h"
+
+#include "pk11func.h"
+#include "secmod.h"
+#include "secitem.h"
+
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "nss.h"
+#include "secutil.h"
+#include "ocsp.h"
+
+#include "vfyserv.h"
+
+#define RD_BUF_SIZE (60 * 1024)
+
+extern int ssl3CipherSuites[];
+extern int numSSL3CipherSuites;
+
+GlobalThreadMgr threadMGR;
+char *certNickname = NULL;
+char *hostName = NULL;
+secuPWData pwdata = { PW_NONE, 0 };
+unsigned short port = 0;
+PRBool dumpChain;
+
+static void
+Usage(const char *progName)
+{
+    PRFileDesc *pr_stderr;
+
+    pr_stderr = PR_STDERR;
+
+    PR_fprintf(pr_stderr, "Usage:\n"
+                          "   %s  [-c ] [-o] [-p port] [-d dbdir] [-w password] [-f pwfile]\n"
+                          "   \t\t[-C cipher(s)]  [-l <url> -t <nickname> ] hostname",
+               progName);
+    PR_fprintf(pr_stderr, "\nWhere:\n");
+    PR_fprintf(pr_stderr,
+               "  %-13s dump server cert chain into files\n",
+               "-c");
+    PR_fprintf(pr_stderr,
+               "  %-13s perform server cert OCSP check\n",
+               "-o");
+    PR_fprintf(pr_stderr,
+               "  %-13s server port to be used\n",
+               "-p");
+    PR_fprintf(pr_stderr,
+               "  %-13s use security databases in \"dbdir\"\n",
+               "-d dbdir");
+    PR_fprintf(pr_stderr,
+               "  %-13s key database password\n",
+               "-w password");
+    PR_fprintf(pr_stderr,
+               "  %-13s token password file\n",
+               "-f pwfile");
+    PR_fprintf(pr_stderr,
+               "  %-13s communication cipher list\n",
+               "-C cipher(s)");
+    PR_fprintf(pr_stderr,
+               "  %-13s OCSP responder location. This location is used to\n"
+               "  %-13s check  status  of a server  certificate.  If  not \n"
+               "  %-13s specified, location  will  be taken  from the AIA\n"
+               "  %-13s server certificate extension.\n",
+               "-l url", "", "", "");
+    PR_fprintf(pr_stderr,
+               "  %-13s OCSP Trusted Responder Cert nickname\n\n",
+               "-t nickname");
+
+    exit(1);
+}
+
+PRFileDesc *
+setupSSLSocket(PRNetAddr *addr)
+{
+    PRFileDesc *tcpSocket;
+    PRFileDesc *sslSocket;
+    PRSocketOptionData socketOption;
+    PRStatus prStatus;
+    SECStatus secStatus;
+
+    tcpSocket = PR_NewTCPSocket();
+    if (tcpSocket == NULL) {
+        errWarn("PR_NewTCPSocket");
+    }
+
+    /* Make the socket blocking. */
+    socketOption.option = PR_SockOpt_Nonblocking;
+    socketOption.value.non_blocking = PR_FALSE;
+
+    prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
+    if (prStatus != PR_SUCCESS) {
+        errWarn("PR_SetSocketOption");
+        goto loser;
+    }
+
+    /* Import the socket into the SSL layer. */
+    sslSocket = SSL_ImportFD(NULL, tcpSocket);
+    if (!sslSocket) {
+        errWarn("SSL_ImportFD");
+        goto loser;
+    }
+
+    /* Set configuration options. */
+    secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_OptionSet:SSL_SECURITY");
+        goto loser;
+    }
+
+    secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
+        goto loser;
+    }
+
+    /* Set SSL callback routines. */
+    secStatus = SSL_GetClientAuthDataHook(sslSocket,
+                                          (SSLGetClientAuthData)myGetClientAuthData,
+                                          (void *)certNickname);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_GetClientAuthDataHook");
+        goto loser;
+    }
+
+    secStatus = SSL_AuthCertificateHook(sslSocket,
+                                        (SSLAuthCertificate)myAuthCertificate,
+                                        (void *)CERT_GetDefaultCertDB());
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_AuthCertificateHook");
+        goto loser;
+    }
+
+    secStatus = SSL_BadCertHook(sslSocket,
+                                (SSLBadCertHandler)myBadCertHandler, NULL);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_BadCertHook");
+        goto loser;
+    }
+
+    secStatus = SSL_HandshakeCallback(sslSocket,
+                                      myHandshakeCallback,
+                                      NULL);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_HandshakeCallback");
+        goto loser;
+    }
+
+    return sslSocket;
+
+loser:
+
+    PR_Close(tcpSocket);
+    return NULL;
+}
+
+const char requestString[] = { "GET /testfile HTTP/1.0\r\n\r\n" };
+
+SECStatus
+handle_connection(PRFileDesc *sslSocket, int connection)
+{
+    int countRead = 0;
+    PRInt32 numBytes;
+    char *readBuffer;
+
+    readBuffer = PORT_Alloc(RD_BUF_SIZE);
+    if (!readBuffer) {
+        exitErr("PORT_Alloc");
+    }
+
+    /* compose the http request here. */
+
+    numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
+    if (numBytes <= 0) {
+        errWarn("PR_Write");
+        PR_Free(readBuffer);
+        readBuffer = NULL;
+        return SECFailure;
+    }
+
+    /* read until EOF */
+    while (PR_TRUE) {
+        numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
+        if (numBytes == 0) {
+            break; /* EOF */
+        }
+        if (numBytes < 0) {
+            errWarn("PR_Read");
+            break;
+        }
+        countRead += numBytes;
+    }
+
+    printSecurityInfo(stderr, sslSocket);
+
+    PR_Free(readBuffer);
+    readBuffer = NULL;
+
+    /* Caller closes the socket. */
+
+    fprintf(stderr,
+            "***** Connection %d read %d bytes total.\n",
+            connection, countRead);
+
+    return SECSuccess; /* success */
+}
+
+#define BYTE(n, i) (((i) >> ((n)*8)) & 0xff)
+
+/* one copy of this function is launched in a separate thread for each
+** connection to be made.
+*/
+SECStatus
+do_connects(void *a, int connection)
+{
+    PRNetAddr *addr = (PRNetAddr *)a;
+    PRFileDesc *sslSocket;
+    PRHostEnt hostEntry;
+    char buffer[PR_NETDB_BUF_SIZE];
+    PRStatus prStatus;
+    PRIntn hostenum;
+    PRInt32 ip;
+    SECStatus secStatus;
+
+    /* Set up SSL secure socket. */
+    sslSocket = setupSSLSocket(addr);
+    if (sslSocket == NULL) {
+        errWarn("setupSSLSocket");
+        return SECFailure;
+    }
+
+    secStatus = SSL_SetPKCS11PinArg(sslSocket, &pwdata);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_SetPKCS11PinArg");
+        return secStatus;
+    }
+
+    secStatus = SSL_SetURL(sslSocket, hostName);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_SetURL");
+        return secStatus;
+    }
+
+    /* Prepare and setup network connection. */
+    prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
+    if (prStatus != PR_SUCCESS) {
+        errWarn("PR_GetHostByName");
+        return SECFailure;
+    }
+
+    hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
+    if (hostenum == -1) {
+        errWarn("PR_EnumerateHostEnt");
+        return SECFailure;
+    }
+
+    ip = PR_ntohl(addr->inet.ip);
+    fprintf(stderr,
+            "Connecting to host %s (addr %d.%d.%d.%d) on port %d\n",
+            hostName, BYTE(3, ip), BYTE(2, ip), BYTE(1, ip),
+            BYTE(0, ip), PR_ntohs(addr->inet.port));
+
+    prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
+    if (prStatus != PR_SUCCESS) {
+        errWarn("PR_Connect");
+        return SECFailure;
+    }
+
+/* Established SSL connection, ready to send data. */
+#if 0
+    secStatus = SSL_ForceHandshake(sslSocket);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_ForceHandshake");
+        return secStatus;
+    }
+#endif
+
+    secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
+    if (secStatus != SECSuccess) {
+        errWarn("SSL_ResetHandshake");
+        prStatus = PR_Close(sslSocket);
+        if (prStatus != PR_SUCCESS) {
+            errWarn("PR_Close");
+        }
+        return secStatus;
+    }
+
+    secStatus = handle_connection(sslSocket, connection);
+    if (secStatus != SECSuccess) {
+        /* error already printed out in handle_connection */
+        /* errWarn("handle_connection"); */
+        prStatus = PR_Close(sslSocket);
+        if (prStatus != PR_SUCCESS) {
+            errWarn("PR_Close");
+        }
+        return secStatus;
+    }
+
+    PR_Close(sslSocket);
+    return SECSuccess;
+}
+
+void
+client_main(unsigned short port,
+            int connections,
+            const char *hostName)
+{
+    int i;
+    SECStatus secStatus;
+    PRStatus prStatus;
+    PRInt32 rv;
+    PRNetAddr addr;
+    PRHostEnt hostEntry;
+    char buffer[PR_NETDB_BUF_SIZE];
+
+    /* Setup network connection. */
+    prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
+    if (prStatus != PR_SUCCESS) {
+        exitErr("PR_GetHostByName");
+    }
+
+    rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
+    if (rv < 0) {
+        exitErr("PR_EnumerateHostEnt");
+    }
+
+    secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
+    if (secStatus != SECSuccess) {
+        exitErr("launch_thread");
+    }
+
+    if (connections > 1) {
+        /* wait for the first connection to terminate, then launch the rest. */
+        reap_threads(&threadMGR);
+        /* Start up the connections */
+        for (i = 2; i <= connections; ++i) {
+            secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
+            if (secStatus != SECSuccess) {
+                errWarn("launch_thread");
+            }
+        }
+    }
+
+    reap_threads(&threadMGR);
+    destroy_thread_data(&threadMGR);
+}
+
+#define HEXCHAR_TO_INT(c, i)                   \
+    if (((c) >= '0') && ((c) <= '9')) {        \
+        i = (c) - '0';                         \
+    } else if (((c) >= 'a') && ((c) <= 'f')) { \
+        i = (c) - 'a' + 10;                    \
+    } else if (((c) >= 'A') && ((c) <= 'F')) { \
+        i = (c) - 'A' + 10;                    \
+    } else {                                   \
+        Usage(progName);                       \
+    }
+
+int
+main(int argc, char **argv)
+{
+    char *certDir = NULL;
+    char *progName = NULL;
+    int connections = 1;
+    char *cipherString = NULL;
+    char *respUrl = NULL;
+    char *respCertName = NULL;
+    SECStatus secStatus;
+    PLOptState *optstate;
+    PLOptStatus status;
+    PRBool doOcspCheck = PR_FALSE;
+
+    /* Call the NSPR initialization routines */
+    PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+    progName = PORT_Strdup(argv[0]);
+
+    hostName = NULL;
+    optstate = PL_CreateOptState(argc, argv, "C:cd:f:l:n:p:ot:w:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+        switch (optstate->option) {
+            case 'C':
+                cipherString = PL_strdup(optstate->value);
+                break;
+            case 'c':
+                dumpChain = PR_TRUE;
+                break;
+            case 'd':
+                certDir = PL_strdup(optstate->value);
+                break;
+            case 'l':
+                respUrl = PL_strdup(optstate->value);
+                break;
+            case 'p':
+                port = PORT_Atoi(optstate->value);
+                break;
+            case 'o':
+                doOcspCheck = PR_TRUE;
+                break;
+            case 't':
+                respCertName = PL_strdup(optstate->value);
+                break;
+            case 'w':
+                pwdata.source = PW_PLAINTEXT;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+
+            case 'f':
+                pwdata.source = PW_FROMFILE;
+                pwdata.data = PORT_Strdup(optstate->value);
+                break;
+            case '\0':
+                hostName = PL_strdup(optstate->value);
+                break;
+            default:
+                Usage(progName);
+        }
+    }
+
+    if (port == 0) {
+        port = 443;
+    }
+
+    if (port == 0 || hostName == NULL)
+        Usage(progName);
+
+    if (doOcspCheck &&
+        ((respCertName != NULL && respUrl == NULL) ||
+         (respUrl != NULL && respCertName == NULL))) {
+        SECU_PrintError(progName, "options -l <url> and -t "
+                                  "<responder> must be used together");
+        Usage(progName);
+    }
+
+    PK11_SetPasswordFunc(SECU_GetModulePassword);
+
+    /* Initialize the NSS libraries. */
+    if (certDir) {
+        secStatus = NSS_Init(certDir);
+    } else {
+        secStatus = NSS_NoDB_Init(NULL);
+
+        /* load the builtins */
+        SECMOD_AddNewModule("Builtins",
+                            DLL_PREFIX "nssckbi." DLL_SUFFIX, 0, 0);
+    }
+    if (secStatus != SECSuccess) {
+        exitErr("NSS_Init");
+    }
+    SECU_RegisterDynamicOids();
+
+    if (doOcspCheck == PR_TRUE) {
+        SECStatus rv;
+        CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
+        if (handle == NULL) {
+            SECU_PrintError(progName, "problem getting certdb handle");
+            goto cleanup;
+        }
+
+        rv = CERT_EnableOCSPChecking(handle);
+        if (rv != SECSuccess) {
+            SECU_PrintError(progName, "error enabling OCSP checking");
+            goto cleanup;
+        }
+
+        if (respUrl != NULL) {
+            rv = CERT_SetOCSPDefaultResponder(handle, respUrl,
+                                              respCertName);
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName,
+                                "error setting default responder");
+                goto cleanup;
+            }
+
+            rv = CERT_EnableOCSPDefaultResponder(handle);
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName,
+                                "error enabling default responder");
+                goto cleanup;
+            }
+        }
+    }
+
+    /* All cipher suites except RSA_NULL_MD5 are enabled by
+     * Domestic Policy. */
+    NSS_SetDomesticPolicy();
+    SSL_CipherPrefSetDefault(TLS_RSA_WITH_NULL_MD5, PR_TRUE);
+
+    /* all the SSL2 and SSL3 cipher suites are enabled by default. */
+    if (cipherString) {
+        int ndx;
+
+        /* disable all the ciphers, then enable the ones we want. */
+        disableAllSSLCiphers();
+
+        while (0 != (ndx = *cipherString++)) {
+            int cipher = 0;
+
+            if (ndx == ':') {
+                int ctmp = 0;
+
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 12);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 8);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= (ctmp << 4);
+                cipherString++;
+                HEXCHAR_TO_INT(*cipherString, ctmp)
+                cipher |= ctmp;
+                cipherString++;
+            } else {
+                if (!isalpha(ndx))
+                    Usage(progName);
+                ndx = tolower(ndx) - 'a';
+                if (ndx < numSSL3CipherSuites) {
+                    cipher = ssl3CipherSuites[ndx];
+                }
+            }
+            if (cipher > 0) {
+                SSL_CipherPrefSetDefault(cipher, PR_TRUE);
+            } else {
+                Usage(progName);
+            }
+        }
+    }
+
+    client_main(port, connections, hostName);
+
+cleanup:
+    if (doOcspCheck) {
+        CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
+        CERT_DisableOCSPDefaultResponder(handle);
+        CERT_DisableOCSPChecking(handle);
+    }
+
+    if (NSS_Shutdown() != SECSuccess) {
+        exit(1);
+    }
+
+    PR_Cleanup();
+    PORT_Free(progName);
+    return 0;
+}
diff --git a/nss/cmd/vfyserv/vfyserv.gyp b/nss/cmd/vfyserv/vfyserv.gyp
new file mode 100644
index 0000000..85001a1
--- /dev/null
+++ b/nss/cmd/vfyserv/vfyserv.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../../cmd/platlibs.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'vfyserv',
+      'type': 'executable',
+      'sources': [
+        'vfyserv.c',
+        'vfyutil.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'DLL_PREFIX=\"<(dll_prefix)\"',
+      'DLL_SUFFIX=\"<(dll_suffix)\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/cmd/vfyserv/vfyserv.h b/nss/cmd/vfyserv/vfyserv.h
new file mode 100644
index 0000000..00afc80
--- /dev/null
+++ b/nss/cmd/vfyserv/vfyserv.h
@@ -0,0 +1,138 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SSLSAMPLE_H
+#define SSLSAMPLE_H
+
+/* Generic header files */
+
+#include <stdio.h>
+#include <string.h>
+
+/* NSPR header files */
+
+#include "nspr.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+/* NSS header files */
+
+#include "pk11func.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "certt.h"
+#include "nss.h"
+#include "secder.h"
+#include "key.h"
+#include "sslproto.h"
+
+/* Custom header files */
+
+/*
+#include "sslerror.h"
+*/
+
+#define BUFFER_SIZE 10240
+
+/* Declare SSL cipher suites. */
+
+extern int cipherSuites[];
+extern int ssl3CipherSuites[];
+
+/* Data buffer read from a socket. */
+typedef struct DataBufferStr {
+    char data[BUFFER_SIZE];
+    int index;
+    int remaining;
+    int dataStart;
+    int dataEnd;
+} DataBuffer;
+
+/* SSL callback routines. */
+
+char *myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
+
+SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
+                            PRBool checksig, PRBool isServer);
+
+SECStatus myBadCertHandler(void *arg, PRFileDesc *socket);
+
+void myHandshakeCallback(PRFileDesc *socket, void *arg);
+
+SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
+                              struct CERTDistNamesStr *caNames,
+                              struct CERTCertificateStr **pRetCert,
+                              struct SECKEYPrivateKeyStr **pRetKey);
+
+/* Disable all v2/v3 SSL ciphers. */
+
+void disableAllSSLCiphers(void);
+
+/* Error and information utilities. */
+
+void errWarn(char *function);
+
+void exitErr(char *function);
+
+void printSecurityInfo(FILE *outfile, PRFileDesc *fd);
+
+/* Some simple thread management routines. */
+
+#define MAX_THREADS 32
+
+typedef SECStatus startFn(void *a, int b);
+
+typedef enum { rs_idle = 0,
+               rs_running = 1,
+               rs_zombie = 2 } runState;
+
+typedef struct perThreadStr {
+    PRFileDesc *a;
+    int b;
+    int rv;
+    startFn *startFunc;
+    PRThread *prThread;
+    PRBool inUse;
+    runState running;
+} perThread;
+
+typedef struct GlobalThreadMgrStr {
+    PRLock *threadLock;
+    PRCondVar *threadStartQ;
+    PRCondVar *threadEndQ;
+    perThread threads[MAX_THREADS];
+    int index;
+    int numUsed;
+    int numRunning;
+} GlobalThreadMgr;
+
+void thread_wrapper(void *arg);
+
+SECStatus launch_thread(GlobalThreadMgr *threadMGR,
+                        startFn *startFunc, void *a, int b);
+
+SECStatus reap_threads(GlobalThreadMgr *threadMGR);
+
+void destroy_thread_data(GlobalThreadMgr *threadMGR);
+
+/* Management of locked variables. */
+
+struct lockedVarsStr {
+    PRLock *lock;
+    int count;
+    int waiters;
+    PRCondVar *condVar;
+};
+
+typedef struct lockedVarsStr lockedVars;
+
+void lockedVars_Init(lockedVars *lv);
+
+void lockedVars_Destroy(lockedVars *lv);
+
+void lockedVars_WaitForDone(lockedVars *lv);
+
+int lockedVars_AddToCount(lockedVars *lv, int addend);
+
+#endif
diff --git a/nss/cmd/vfyserv/vfyutil.c b/nss/cmd/vfyserv/vfyutil.c
new file mode 100644
index 0000000..2f1b532
--- /dev/null
+++ b/nss/cmd/vfyserv/vfyutil.c
@@ -0,0 +1,620 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "vfyserv.h"
+#include "secerr.h"
+#include "sslerr.h"
+#include "nspr.h"
+#include "secutil.h"
+
+extern PRBool dumpChain;
+extern void dumpCertChain(CERTCertificate *, SECCertUsage);
+
+/* Declare SSL cipher suites. */
+
+int ssl3CipherSuites[] = {
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA     * b */
+    TLS_RSA_WITH_RC4_128_MD5,          /* c */
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,     /* d */
+    TLS_RSA_WITH_DES_CBC_SHA,          /* e */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC4_40_MD5        * f */
+    -1,                                /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    * g */
+    -1,                                /* SSL_FORTEZZA_DMS_WITH_NULL_SHA        * h */
+    TLS_RSA_WITH_NULL_MD5,             /* i */
+    -1,                                /* SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA    * j */
+    -1,                                /* SSL_RSA_FIPS_WITH_DES_CBC_SHA         * k */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA   * l */
+    -1,                                /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA    * m */
+    TLS_RSA_WITH_RC4_128_SHA,          /* n */
+    TLS_DHE_DSS_WITH_RC4_128_SHA,      /* o */
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,      /* r */
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,      /* s */
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  /* t */
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  /* u */
+    TLS_RSA_WITH_AES_128_CBC_SHA,      /* v */
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  /* w */
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  /* x */
+    TLS_RSA_WITH_AES_256_CBC_SHA,      /* y */
+    TLS_RSA_WITH_NULL_SHA,             /* z */
+    0
+};
+int numSSL3CipherSuites = PR_ARRAY_SIZE(ssl3CipherSuites);
+
+/**************************************************************************
+**
+** SSL callback routines.
+**
+**************************************************************************/
+
+/* Function: char * myPasswd()
+ *
+ * Purpose: This function is our custom password handler that is called by
+ * SSL when retreiving private certs and keys from the database. Returns a
+ * pointer to a string that with a password for the database. Password pointer
+ * should point to dynamically allocated memory that will be freed later.
+ */
+char *
+myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
+{
+    char *passwd = NULL;
+
+    if ((!retry) && arg) {
+        passwd = PORT_Strdup((char *)arg);
+    }
+    return passwd;
+}
+
+/* Function: SECStatus myAuthCertificate()
+ *
+ * Purpose: This function is our custom certificate authentication handler.
+ *
+ * Note: This implementation is essentially the same as the default
+ *       SSL_AuthCertificate().
+ */
+SECStatus
+myAuthCertificate(void *arg, PRFileDesc *socket,
+                  PRBool checksig, PRBool isServer)
+{
+
+    SECCertificateUsage certUsage;
+    CERTCertificate *cert;
+    void *pinArg;
+    char *hostName;
+    SECStatus secStatus;
+
+    if (!arg || !socket) {
+        errWarn("myAuthCertificate");
+        return SECFailure;
+    }
+
+    /* Define how the cert is being used based upon the isServer flag. */
+
+    certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
+
+    cert = SSL_PeerCertificate(socket);
+
+    pinArg = SSL_RevealPinArg(socket);
+
+    if (dumpChain == PR_TRUE) {
+        dumpCertChain(cert, certUsage);
+    }
+
+    secStatus = CERT_VerifyCertificateNow((CERTCertDBHandle *)arg,
+                                          cert,
+                                          checksig,
+                                          certUsage,
+                                          pinArg,
+                                          NULL);
+
+    /* If this is a server, we're finished. */
+    if (isServer || secStatus != SECSuccess) {
+        SECU_printCertProblems(stderr, (CERTCertDBHandle *)arg, cert,
+                               checksig, certUsage, pinArg, PR_FALSE);
+        CERT_DestroyCertificate(cert);
+        return secStatus;
+    }
+
+    /* Certificate is OK.  Since this is the client side of an SSL
+     * connection, we need to verify that the name field in the cert
+     * matches the desired hostname.  This is our defense against
+     * man-in-the-middle attacks.
+     */
+
+    /* SSL_RevealURL returns a hostName, not an URL. */
+    hostName = SSL_RevealURL(socket);
+
+    if (hostName && hostName[0]) {
+        secStatus = CERT_VerifyCertName(cert, hostName);
+    } else {
+        PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
+        secStatus = SECFailure;
+    }
+
+    if (hostName)
+        PR_Free(hostName);
+
+    CERT_DestroyCertificate(cert);
+    return secStatus;
+}
+
+/* Function: SECStatus myBadCertHandler()
+ *
+ * Purpose: This callback is called when the incoming certificate is not
+ * valid. We define a certain set of parameters that still cause the
+ * certificate to be "valid" for this session, and return SECSuccess to cause
+ * the server to continue processing the request when any of these conditions
+ * are met. Otherwise, SECFailure is return and the server rejects the
+ * request.
+ */
+SECStatus
+myBadCertHandler(void *arg, PRFileDesc *socket)
+{
+
+    SECStatus secStatus = SECFailure;
+    PRErrorCode err;
+
+    /* log invalid cert here */
+
+    if (!arg) {
+        return secStatus;
+    }
+
+    *(PRErrorCode *)arg = err = PORT_GetError();
+
+    /* If any of the cases in the switch are met, then we will proceed   */
+    /* with the processing of the request anyway. Otherwise, the default */
+    /* case will be reached and we will reject the request.              */
+
+    switch (err) {
+        case SEC_ERROR_INVALID_AVA:
+        case SEC_ERROR_INVALID_TIME:
+        case SEC_ERROR_BAD_SIGNATURE:
+        case SEC_ERROR_EXPIRED_CERTIFICATE:
+        case SEC_ERROR_UNKNOWN_ISSUER:
+        case SEC_ERROR_UNTRUSTED_CERT:
+        case SEC_ERROR_CERT_VALID:
+        case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+        case SEC_ERROR_CRL_EXPIRED:
+        case SEC_ERROR_CRL_BAD_SIGNATURE:
+        case SEC_ERROR_EXTENSION_VALUE_INVALID:
+        case SEC_ERROR_CA_CERT_INVALID:
+        case SEC_ERROR_CERT_USAGES_INVALID:
+        case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
+            secStatus = SECSuccess;
+            break;
+        default:
+            secStatus = SECFailure;
+            break;
+    }
+
+    fprintf(stderr, "Bad certificate: %d, %s\n", err, SECU_Strerror(err));
+
+    return secStatus;
+}
+
+/* Function: SECStatus ownGetClientAuthData()
+ *
+ * Purpose: This callback is used by SSL to pull client certificate
+ * information upon server request.
+ */
+SECStatus
+myGetClientAuthData(void *arg,
+                    PRFileDesc *socket,
+                    struct CERTDistNamesStr *caNames,
+                    struct CERTCertificateStr **pRetCert,
+                    struct SECKEYPrivateKeyStr **pRetKey)
+{
+
+    CERTCertificate *cert;
+    SECKEYPrivateKey *privKey;
+    char *chosenNickName = (char *)arg;
+    void *proto_win = NULL;
+    SECStatus secStatus = SECFailure;
+
+    proto_win = SSL_RevealPinArg(socket);
+
+    if (chosenNickName) {
+        cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+        if (cert) {
+            privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+            if (privKey) {
+                secStatus = SECSuccess;
+            } else {
+                CERT_DestroyCertificate(cert);
+            }
+        }
+    } else { /* no nickname given, automatically find the right cert */
+        CERTCertNicknames *names;
+        int i;
+
+        names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+                                      SEC_CERT_NICKNAMES_USER, proto_win);
+
+        if (names != NULL) {
+            for (i = 0; i < names->numnicknames; i++) {
+
+                cert = PK11_FindCertFromNickname(names->nicknames[i],
+                                                 proto_win);
+                if (!cert) {
+                    continue;
+                }
+
+                /* Only check unexpired certs */
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) !=
+                    secCertTimeValid) {
+                    CERT_DestroyCertificate(cert);
+                    continue;
+                }
+
+                secStatus = NSS_CmpCertChainWCANames(cert, caNames);
+                if (secStatus == SECSuccess) {
+                    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privKey) {
+                        break;
+                    }
+                    secStatus = SECFailure;
+                }
+                CERT_DestroyCertificate(cert);
+            } /* for loop */
+            CERT_FreeNicknames(names);
+        }
+    }
+
+    if (secStatus == SECSuccess) {
+        *pRetCert = cert;
+        *pRetKey = privKey;
+    }
+
+    return secStatus;
+}
+
+/* Function: void myHandshakeCallback()
+ *
+ * Purpose: Called by SSL to inform application that the handshake is
+ * complete. This function is mostly used on the server side of an SSL
+ * connection, although it is provided for a client as well.
+ * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
+ * is used to initiate a handshake.
+ *
+ * A typical scenario would be:
+ *
+ * 1. Server accepts an SSL connection from the client without client auth.
+ * 2. Client sends a request.
+ * 3. Server determines that to service request it needs to authenticate the
+ * client and initiates another handshake requesting client auth.
+ * 4. While handshake is in progress, server can do other work or spin waiting
+ * for the handshake to complete.
+ * 5. Server is notified that handshake has been successfully completed by
+ * the custom handshake callback function and it can service the client's
+ * request.
+ *
+ * Note: This function is not implemented in this sample, as we are using
+ * blocking sockets.
+ */
+void
+myHandshakeCallback(PRFileDesc *socket, void *arg)
+{
+    fprintf(stderr, "Handshake Complete: SERVER CONFIGURED CORRECTLY\n");
+}
+
+/**************************************************************************
+**
+** Routines for disabling SSL ciphers.
+**
+**************************************************************************/
+
+void
+disableAllSSLCiphers(void)
+{
+    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+    int i = SSL_NumImplementedCiphers;
+    SECStatus rv;
+
+    /* disable all the SSL3 cipher suites */
+    while (--i >= 0) {
+        PRUint16 suite = cipherSuites[i];
+        rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
+        if (rv != SECSuccess) {
+            fprintf(stderr,
+                    "SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
+                    suite, i);
+            errWarn("SSL_CipherPrefSetDefault");
+            exit(2);
+        }
+    }
+}
+
+/**************************************************************************
+**
+** Error and information routines.
+**
+**************************************************************************/
+
+void
+errWarn(char *function)
+{
+    PRErrorCode errorNumber = PR_GetError();
+    const char *errorString = SECU_Strerror(errorNumber);
+
+    fprintf(stderr, "Error in function %s: %d\n - %s\n",
+            function, errorNumber, errorString);
+}
+
+void
+exitErr(char *function)
+{
+    errWarn(function);
+    /* Exit gracefully. */
+    /* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/
+    (void)NSS_Shutdown();
+    PR_Cleanup();
+    exit(1);
+}
+
+void
+printSecurityInfo(FILE *outfile, PRFileDesc *fd)
+{
+    char *cp; /* bulk cipher name */
+    char *ip; /* cert issuer DN */
+    char *sp; /* cert subject DN */
+    int op;   /* High, Low, Off */
+    int kp0;  /* total key bits */
+    int kp1;  /* secret key bits */
+    int result;
+    SSL3Statistics *ssl3stats = SSL_GetStatistics();
+
+    if (!outfile) {
+        outfile = stdout;
+    }
+
+    result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
+    if (result != SECSuccess)
+        return;
+    fprintf(outfile,
+            "   bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
+            "   subject DN:\n %s\n"
+            "   issuer  DN:\n %s\n",
+            cp, kp1, kp0, op, sp, ip);
+    PR_Free(cp);
+    PR_Free(ip);
+    PR_Free(sp);
+
+    fprintf(outfile,
+            "   %ld cache hits; %ld cache misses, %ld cache not reusable\n",
+            ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+            ssl3stats->hch_sid_cache_not_ok);
+}
+
+/**************************************************************************
+** Begin thread management routines and data.
+**************************************************************************/
+
+void
+thread_wrapper(void *arg)
+{
+    GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
+    perThread *slot = &threadMGR->threads[threadMGR->index];
+
+    /* wait for parent to finish launching us before proceeding. */
+    PR_Lock(threadMGR->threadLock);
+    PR_Unlock(threadMGR->threadLock);
+
+    slot->rv = (*slot->startFunc)(slot->a, slot->b);
+
+    PR_Lock(threadMGR->threadLock);
+    slot->running = rs_zombie;
+
+    /* notify the thread exit handler. */
+    PR_NotifyCondVar(threadMGR->threadEndQ);
+
+    PR_Unlock(threadMGR->threadLock);
+}
+
+SECStatus
+launch_thread(GlobalThreadMgr *threadMGR,
+              startFn *startFunc,
+              void *a,
+              int b)
+{
+    perThread *slot;
+    int i;
+
+    if (!threadMGR->threadStartQ) {
+        threadMGR->threadLock = PR_NewLock();
+        threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
+        threadMGR->threadEndQ = PR_NewCondVar(threadMGR->threadLock);
+    }
+    PR_Lock(threadMGR->threadLock);
+    while (threadMGR->numRunning >= MAX_THREADS) {
+        PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
+    }
+    for (i = 0; i < threadMGR->numUsed; ++i) {
+        slot = &threadMGR->threads[i];
+        if (slot->running == rs_idle)
+            break;
+    }
+    if (i >= threadMGR->numUsed) {
+        if (i >= MAX_THREADS) {
+            /* something's really wrong here. */
+            PORT_Assert(i < MAX_THREADS);
+            PR_Unlock(threadMGR->threadLock);
+            return SECFailure;
+        }
+        ++(threadMGR->numUsed);
+        PORT_Assert(threadMGR->numUsed == i + 1);
+        slot = &threadMGR->threads[i];
+    }
+
+    slot->a = a;
+    slot->b = b;
+    slot->startFunc = startFunc;
+
+    threadMGR->index = i;
+
+    slot->prThread = PR_CreateThread(PR_USER_THREAD,
+                                     thread_wrapper, threadMGR,
+                                     PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+                                     PR_JOINABLE_THREAD, 0);
+
+    if (slot->prThread == NULL) {
+        PR_Unlock(threadMGR->threadLock);
+        printf("Failed to launch thread!\n");
+        return SECFailure;
+    }
+
+    slot->inUse = 1;
+    slot->running = 1;
+    ++(threadMGR->numRunning);
+    PR_Unlock(threadMGR->threadLock);
+
+    return SECSuccess;
+}
+
+SECStatus
+reap_threads(GlobalThreadMgr *threadMGR)
+{
+    perThread *slot;
+    int i;
+
+    if (!threadMGR->threadLock)
+        return SECSuccess;
+    PR_Lock(threadMGR->threadLock);
+    while (threadMGR->numRunning > 0) {
+        PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
+        for (i = 0; i < threadMGR->numUsed; ++i) {
+            slot = &threadMGR->threads[i];
+            if (slot->running == rs_zombie) {
+                /* Handle cleanup of thread here. */
+
+                /* Now make sure the thread has ended OK. */
+                PR_JoinThread(slot->prThread);
+                slot->running = rs_idle;
+                --threadMGR->numRunning;
+
+                /* notify the thread launcher. */
+                PR_NotifyCondVar(threadMGR->threadStartQ);
+            }
+        }
+    }
+
+    /* Safety Sam sez: make sure count is right. */
+    for (i = 0; i < threadMGR->numUsed; ++i) {
+        slot = &threadMGR->threads[i];
+        if (slot->running != rs_idle) {
+            fprintf(stderr, "Thread in slot %d is in state %d!\n",
+                    i, slot->running);
+        }
+    }
+    PR_Unlock(threadMGR->threadLock);
+    return SECSuccess;
+}
+
+void
+destroy_thread_data(GlobalThreadMgr *threadMGR)
+{
+    PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
+
+    if (threadMGR->threadEndQ) {
+        PR_DestroyCondVar(threadMGR->threadEndQ);
+        threadMGR->threadEndQ = NULL;
+    }
+    if (threadMGR->threadStartQ) {
+        PR_DestroyCondVar(threadMGR->threadStartQ);
+        threadMGR->threadStartQ = NULL;
+    }
+    if (threadMGR->threadLock) {
+        PR_DestroyLock(threadMGR->threadLock);
+        threadMGR->threadLock = NULL;
+    }
+}
+
+/**************************************************************************
+** End	 thread management routines.
+**************************************************************************/
+
+void
+lockedVars_Init(lockedVars *lv)
+{
+    lv->count = 0;
+    lv->waiters = 0;
+    lv->lock = PR_NewLock();
+    lv->condVar = PR_NewCondVar(lv->lock);
+}
+
+void
+lockedVars_Destroy(lockedVars *lv)
+{
+    PR_DestroyCondVar(lv->condVar);
+    lv->condVar = NULL;
+
+    PR_DestroyLock(lv->lock);
+    lv->lock = NULL;
+}
+
+void
+lockedVars_WaitForDone(lockedVars *lv)
+{
+    PR_Lock(lv->lock);
+    while (lv->count > 0) {
+        PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+    }
+    PR_Unlock(lv->lock);
+}
+
+int /* returns count */
+    lockedVars_AddToCount(lockedVars *lv, int addend)
+{
+    int rv;
+
+    PR_Lock(lv->lock);
+    rv = lv->count += addend;
+    if (rv <= 0) {
+        PR_NotifyCondVar(lv->condVar);
+    }
+    PR_Unlock(lv->lock);
+    return rv;
+}
+
+/*
+ * Dump cert chain in to cert.* files. This function is will
+ * create collisions while dumping cert chains if called from
+ * multiple treads. But it should not be a problem since we
+ * consider vfyserv to be single threaded(see bug 353477).
+ */
+
+void
+dumpCertChain(CERTCertificate *cert, SECCertUsage usage)
+{
+    CERTCertificateList *certList;
+    unsigned int count = 0;
+
+    certList = CERT_CertChainFromCert(cert, usage, PR_TRUE);
+    if (certList == NULL) {
+        errWarn("CERT_CertChainFromCert");
+        return;
+    }
+
+    for (count = 0; count < (unsigned int)certList->len; count++) {
+        char certFileName[16];
+        PRFileDesc *cfd;
+
+        PR_snprintf(certFileName, sizeof certFileName, "cert.%03d",
+                    count);
+        cfd = PR_Open(certFileName, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                      0664);
+        if (!cfd) {
+            PR_fprintf(PR_STDOUT,
+                       "Error: couldn't save cert der in file '%s'\n",
+                       certFileName);
+        } else {
+            PR_Write(cfd, certList->certs[count].data, certList->certs[count].len);
+            PR_Close(cfd);
+            PR_fprintf(PR_STDOUT, "Cert file %s was created.\n", certFileName);
+        }
+    }
+    CERT_DestroyCertificateList(certList);
+}
diff --git a/nss/coreconf/AIX.mk b/nss/coreconf/AIX.mk
new file mode 100644
index 0000000..e158a6a
--- /dev/null
+++ b/nss/coreconf/AIX.mk
@@ -0,0 +1,67 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Config stuff for AIX.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+#
+# There are two implementation strategies available on AIX:
+# pthreads, and pthreads-user.  The default is pthreads.
+# In both strategies, we need to use pthread_user.c, instead of
+# aix.c.  The fact that aix.c is never used is somewhat strange.
+# 
+# So we need to do the following:
+# - Default (PTHREADS_USER not defined in the environment or on
+#   the command line):
+#   Set PTHREADS_USER=1, USE_PTHREADS=1
+# - PTHREADS_USER=1 set in the environment or on the command line:
+#   Do nothing.
+#
+ifeq ($(PTHREADS_USER),1)
+	USE_PTHREADS =            # just to be safe
+	IMPL_STRATEGY = _PTH_USER
+else
+	USE_PTHREADS = 1
+	PTHREADS_USER = 1
+endif
+
+DEFAULT_COMPILER = xlc_r
+
+CC		= xlc_r
+CCC		= xlC_r
+
+CPU_ARCH	= rs6000
+
+RANLIB		= ranlib
+
+OS_CFLAGS	= -DAIX -DSYSV
+OS_LIBS 	+= -blibpath:/usr/lib:/lib -lc -lm
+
+DSO_LDOPTS	= -brtl -bnortllib -bM:SRE -bnoentry
+MKSHLIB 	= $(LD) $(DSO_LDOPTS) -blibpath:/usr/lib:/lib -lc -lm
+
+AIX_WRAP	= $(DIST)/lib/aixwrap.o
+AIX_TMP		= $(OBJDIR)/_aix_tmp.o
+
+ifdef MAPFILE
+DSO_LDOPTS	+= -bexport:$(MAPFILE)
+else
+DSO_LDOPTS	+= -bexpall
+endif
+
+PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \
+                sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' > $@
+
+ifdef BUILD_OPT
+	OPTIMIZER += -qmaxmem=-1
+endif
+
+ifeq ($(USE_64), 1)
+	OS_CFLAGS	+= -DAIX_64BIT
+	OBJECT_MODE=64
+	export OBJECT_MODE
+endif
+
diff --git a/nss/coreconf/Android.mk b/nss/coreconf/Android.mk
new file mode 100644
index 0000000..415812a
--- /dev/null
+++ b/nss/coreconf/Android.mk
@@ -0,0 +1,6 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/Linux.mk
diff --git a/nss/coreconf/BSD_OS.mk b/nss/coreconf/BSD_OS.mk
new file mode 100644
index 0000000..81b2b25
--- /dev/null
+++ b/nss/coreconf/BSD_OS.mk
@@ -0,0 +1,56 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER	= gcc
+CC			= gcc
+CCC			= g++
+RANLIB			= ranlib
+
+ifeq ($(OS_TEST),i386)
+	OS_REL_CFLAGS	= -D__i386__
+	CPU_ARCH	= x86
+else
+ifeq ($(OS_TEST),ppc)
+	OS_REL_CFLAGS	= -D__ppc__
+	CPU_ARCH	= ppc
+else
+ifeq ($(OS_TEST),sparc)
+	OS_REL_CFLAGS	= -D__sparc__
+	CPU_ARCH	= sparc
+else
+# treat the ultrasparc like a regular sparc, at least for now!
+ifeq ($(OS_TEST),sparc_v9)
+	OS_REL_CFLAGS	= -D__sparc__
+	CPU_ARCH	= sparc
+endif
+endif
+endif
+endif
+
+DLL_SUFFIX		= so
+
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -DBSD_OS -DBSDI -Dunix -DHAVE_STRERROR -DHAVE_BSD_FLOCK
+
+ARCH			= bsdos
+
+DSO_CFLAGS		= -fPIC -DPIC
+DSO_LDOPTS		= -shared -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+
+ifdef LIBRUNPATH
+DSO_LDOPTS		+= -Wl,-R$(LIBRUNPATH)
+endif
+
+MKSHLIB			= $(CC) $(DSO_LDOPTS)
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+G++INCLUDES		= -I/usr/include/g++
+
+INCLUDES		+= -I/usr/X11R6/include
diff --git a/nss/coreconf/BeOS.mk b/nss/coreconf/BeOS.mk
new file mode 100644
index 0000000..750696d
--- /dev/null
+++ b/nss/coreconf/BeOS.mk
@@ -0,0 +1,47 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+XP_DEFINE := $(XP_DEFINE:-DXP_UNIX=-DXP_BEOS)
+
+USE_PTHREADS = 
+
+ifeq ($(USE_PTHREADS),1)
+	IMPL_STRATEGY = _PTH
+endif
+
+CC			= gcc
+CCC			= g++
+RANLIB			= ranlib
+
+DEFAULT_COMPILER = gcc
+
+ifeq ($(OS_TEST),ppc)
+	OS_REL_CFLAGS	= -Dppc
+	CPU_ARCH	= ppc
+else
+	OS_REL_CFLAGS	= -Di386
+	CPU_ARCH	= x86
+endif
+
+MKSHLIB		= $(CC) -nostart -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
+ifdef BUILD_OPT
+	OPTIMIZER	= -O2
+endif
+
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -pipe
+OS_LIBS			= -lbe
+
+DEFINES			+= -DBEOS
+
+ifdef USE_PTHREADS
+	DEFINES		+= -D_REENTRANT
+endif
+
+ARCH			= beos
+
+DSO_CFLAGS		= -fPIC
+DSO_LDOPTS		=
diff --git a/nss/coreconf/Darwin.mk b/nss/coreconf/Darwin.mk
new file mode 100644
index 0000000..0569e18
--- /dev/null
+++ b/nss/coreconf/Darwin.mk
@@ -0,0 +1,147 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CC     ?= gcc
+CCC    ?= g++
+RANLIB ?= ranlib
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+include $(CORE_DEPTH)/coreconf/Werror.mk
+
+DEFAULT_COMPILER = gcc
+
+ifndef CPU_ARCH
+# When cross-compiling, CPU_ARCH should already be defined as the target
+# architecture, set to powerpc or i386.
+CPU_ARCH	:= $(shell uname -p)
+endif
+
+ifeq (,$(filter-out i%86,$(CPU_ARCH)))
+ifdef USE_64
+CC              += -arch x86_64
+CCC             += -arch x86_64
+override CPU_ARCH	= x86_64
+else
+OS_REL_CFLAGS	= -Di386
+CC              += -arch i386
+CCC             += -arch i386
+override CPU_ARCH	= x86
+endif
+else
+ifeq (arm,$(CPU_ARCH))
+# Nothing set for arm currently.
+else
+OS_REL_CFLAGS	= -Dppc
+CC              += -arch ppc
+CCC             += -arch ppc
+endif
+endif
+
+ifneq (,$(MACOS_SDK_DIR))
+    GCC_VERSION_FULL := $(shell $(CC) -dumpversion)
+    GCC_VERSION_MAJOR := $(shell echo $(GCC_VERSION_FULL) | awk -F. '{ print $$1 }')
+    GCC_VERSION_MINOR := $(shell echo $(GCC_VERSION_FULL) | awk -F. '{ print $$2 }')
+    GCC_VERSION = $(GCC_VERSION_MAJOR).$(GCC_VERSION_MINOR)
+
+    ifeq (,$(filter-out 2 3,$(GCC_VERSION_MAJOR)))
+        # GCC <= 3
+        DARWIN_SDK_FRAMEWORKS = -F$(MACOS_SDK_DIR)/System/Library/Frameworks
+        ifneq (,$(shell find $(MACOS_SDK_DIR)/Library/Frameworks -maxdepth 0))
+            DARWIN_SDK_FRAMEWORKS += -F$(MACOS_SDK_DIR)/Library/Frameworks
+        endif
+        DARWIN_SDK_CFLAGS = -nostdinc -isystem $(MACOS_SDK_DIR)/usr/include/gcc/darwin/$(GCC_VERSION) -isystem $(MACOS_SDK_DIR)/usr/include $(DARWIN_SDK_FRAMEWORKS)
+        DARWIN_SDK_LDFLAGS = -L$(MACOS_SDK_DIR)/usr/lib/gcc/darwin -L$(MACOS_SDK_DIR)/usr/lib/gcc/darwin/$(GCC_VERSION_FULL) -L$(MACOS_SDK_DIR)/usr/lib
+        DARWIN_SDK_SHLIBFLAGS = $(DARWIN_SDK_LDFLAGS) $(DARWIN_SDK_FRAMEWORKS)
+        NEXT_ROOT = $(MACOS_SDK_DIR)
+        export NEXT_ROOT
+    else
+        # GCC >= 4
+        DARWIN_SDK_CFLAGS = -isysroot $(MACOS_SDK_DIR)
+        ifneq (4.0.0,$(GCC_VERSION_FULL))
+            # gcc > 4.0.0 passes -syslibroot to ld based on -isysroot.
+            # Don't add -isysroot to DARWIN_SDK_LDFLAGS, because the programs
+            # that are linked with those flags also get DARWIN_SDK_CFLAGS.
+            DARWIN_SDK_SHLIBFLAGS = -isysroot $(MACOS_SDK_DIR)
+        else
+            # gcc 4.0.0 doesn't pass -syslibroot to ld, it needs to be
+            # explicit.
+            DARWIN_SDK_LDFLAGS = -Wl,-syslibroot,$(MACOS_SDK_DIR)
+            DARWIN_SDK_SHLIBFLAGS = $(DARWIN_SDK_LDFLAGS)
+        endif
+    endif
+
+    LDFLAGS += $(DARWIN_SDK_LDFLAGS)
+endif
+
+# "Commons" are tentative definitions in a global scope, like this:
+#     int x;
+# The meaning of a common is ambiguous.  It may be a true definition:
+#     int x = 0;
+# or it may be a declaration of a symbol defined in another file:
+#     extern int x;
+# Use the -fno-common option to force all commons to become true
+# definitions so that the linker can catch multiply-defined symbols.
+# Also, common symbols are not allowed with Darwin dynamic libraries.
+
+OS_CFLAGS	= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS)
+
+ifdef BUILD_OPT
+ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+	OPTIMIZER       = -Oz
+else
+	OPTIMIZER	= -O2
+endif
+ifdef MOZ_DEBUG_SYMBOLS
+	ifdef MOZ_DEBUG_FLAGS
+		OPTIMIZER += $(MOZ_DEBUG_FLAGS)
+	else
+		OPTIMIZER += -gdwarf-2 -gfull
+	endif
+endif
+endif
+
+ARCH		= darwin
+
+DSO_CFLAGS	= -fPIC
+# May override this with different compatibility and current version numbers.
+DARWIN_DYLIB_VERSIONS = -compatibility_version 1 -current_version 1
+# May override this with -bundle to create a loadable module.
+DSO_LDOPTS	= -dynamiclib $(DARWIN_DYLIB_VERSIONS) -install_name @executable_path/$(notdir $@) -headerpad_max_install_names
+
+ifdef USE_GCOV
+   OS_CFLAGS += --coverage
+   LDFLAGS += --coverage
+   DSO_LDOPTS += --coverage
+endif
+
+MKSHLIB		= $(CC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
+DLL_SUFFIX	= dylib
+ifdef MAPFILE
+	MKSHLIB += -exported_symbols_list $(MAPFILE)
+endif
+PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \
+                sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,_,' > $@
+
+USE_SYSTEM_ZLIB = 1
+ZLIB_LIBS	= -lz
+
+# The system sqlite library in the latest version of Mac OS X often becomes
+# newer than the sqlite library in NSS. This may result in certain Mac OS X
+# system libraries having unresolved sqlite symbols during the shlibsign step
+# of the NSS build when we set DYLD_LIBRARY_PATH to the NSS lib directory and
+# the NSS libsqlite3.dylib is used instead of the system one. So just use the
+# system sqlite library on Mac, if it's sufficiently new.
+
+SYS_SQLITE3_VERSION_FULL := $(shell /usr/bin/sqlite3 -version | awk '{print $$1}')
+SYS_SQLITE3_VERSION_MAJOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$1 }')
+SYS_SQLITE3_VERSION_MINOR := $(shell echo $(SYS_SQLITE3_VERSION_FULL) | awk -F. '{ print $$2 }')
+
+ifeq (3,$(SYS_SQLITE3_VERSION_MAJOR))
+    ifeq (,$(filter-out 0 1 2 3 4,$(SYS_SQLITE3_VERSION_MINOR)))
+        # sqlite <= 3.4.x is too old, it doesn't provide sqlite3_file_control
+    else
+        NSS_USE_SYSTEM_SQLITE = 1
+    endif
+endif
diff --git a/nss/coreconf/FreeBSD.mk b/nss/coreconf/FreeBSD.mk
new file mode 100644
index 0000000..fcbf23f
--- /dev/null
+++ b/nss/coreconf/FreeBSD.mk
@@ -0,0 +1,58 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER	= gcc
+CC			= gcc
+CCC			= g++
+RANLIB			= ranlib
+
+CPU_ARCH		= $(OS_TEST)
+ifeq ($(CPU_ARCH),i386)
+CPU_ARCH		= x86
+endif
+ifeq ($(CPU_ARCH),pc98)
+CPU_ARCH		= x86
+endif
+ifeq ($(CPU_ARCH),amd64)
+CPU_ARCH		= x86_64
+endif
+
+OS_CFLAGS		= $(DSO_CFLAGS) -Wall -Wno-switch -DFREEBSD -DHAVE_STRERROR -DHAVE_BSD_FLOCK
+
+DSO_CFLAGS		= -fPIC
+DSO_LDOPTS		= -shared -Wl,-soname -Wl,$(notdir $@)
+
+#
+# The default implementation strategy for FreeBSD is pthreads.
+#
+ifndef CLASSIC_NSPR
+USE_PTHREADS		= 1
+DEFINES			+= -D_THREAD_SAFE -D_REENTRANT
+OS_LIBS			+= -pthread
+DSO_LDOPTS		+= -pthread
+endif
+
+ARCH			= freebsd
+
+MOZ_OBJFORMAT		:= $(shell test -x /usr/bin/objformat && /usr/bin/objformat || echo elf)
+
+ifeq ($(MOZ_OBJFORMAT),elf)
+DLL_SUFFIX		= so
+else
+DLL_SUFFIX		= so.1.0
+endif
+
+MKSHLIB			= $(CC) $(DSO_LDOPTS)
+ifdef MAPFILE
+	MKSHLIB += -Wl,--version-script,$(MAPFILE)
+endif
+PROCESS_MAP_FILE = grep -v ';-' $< | \
+        sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
+
+G++INCLUDES		= -I/usr/include/g++
+
+INCLUDES		+= -I/usr/X11R6/include
diff --git a/nss/coreconf/HP-UX.mk b/nss/coreconf/HP-UX.mk
new file mode 100644
index 0000000..d18fa14
--- /dev/null
+++ b/nss/coreconf/HP-UX.mk
@@ -0,0 +1,84 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Config stuff for HP-UX
+#
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = cc
+
+ifeq ($(OS_TEST),ia64)
+	CPU_ARCH = ia64
+	CPU_TAG = _$(CPU_ARCH)
+	ifneq ($(USE_64),1)
+		64BIT_TAG = _32
+	endif
+	DLL_SUFFIX = so
+else
+	CPU_ARCH = hppa
+	DLL_SUFFIX = sl
+endif
+CC         = cc
+CCC        = CC
+ifndef NS_USE_GCC
+OS_CFLAGS  += -Ae
+endif
+OS_CFLAGS  += $(DSO_CFLAGS) -DHPUX -D$(CPU_ARCH) -D_HPUX_SOURCE -D_USE_BIG_FDS
+
+ifeq ($(DEFAULT_IMPL_STRATEGY),_PTH)
+	USE_PTHREADS = 1
+	ifeq ($(CLASSIC_NSPR),1)
+		USE_PTHREADS =
+		IMPL_STRATEGY = _CLASSIC
+	endif
+	ifeq ($(PTHREADS_USER),1)
+		USE_PTHREADS =
+		IMPL_STRATEGY = _PTH_USER
+	endif
+endif
+
+ifdef PTHREADS_USER
+	OS_CFLAGS	+= -D_POSIX_C_SOURCE=199506L
+endif
+
+LDFLAGS			= -z -Wl,+s
+
+ifdef NS_USE_GCC
+LD = $(CC)
+endif
+MKSHLIB			= $(LD) $(DSO_LDOPTS) $(RPATH)
+ifdef MAPFILE
+ifndef NS_USE_GCC
+MKSHLIB += -c $(MAPFILE)
+else
+MKSHLIB += -Wl,-c,$(MAPFILE)
+endif
+endif
+PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \
+         sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,+e ,' > $@
+
+ifndef NS_USE_GCC
+DSO_LDOPTS		= -b +h $(notdir $@)
+RPATH			= +b '$$ORIGIN'
+else
+DSO_LDOPTS		= -shared -Wl,+h,$(notdir $@)
+RPATH			= -Wl,+b,'$$ORIGIN'
+endif
+ifneq ($(OS_TEST),ia64)
+# pa-risc
+ifndef USE_64
+RPATH			=
+endif
+endif
+
+# +Z generates position independent code for use in shared libraries.
+ifndef NS_USE_GCC
+DSO_CFLAGS = +Z
+else
+DSO_CFLAGS = -fPIC
+ASFLAGS   += -x assembler-with-cpp
+endif
diff --git a/nss/coreconf/HP-UXA.09.03.mk b/nss/coreconf/HP-UXA.09.03.mk
new file mode 100644
index 0000000..991b794
--- /dev/null
+++ b/nss/coreconf/HP-UXA.09.03.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# On HP-UX 9, the default (and only) implementation strategy is
+# classic nspr.
+#
+ifeq ($(OS_RELEASE),A.09.03)
+	DEFAULT_IMPL_STRATEGY	 = _CLASSIC
+endif
+
+#
+# Config stuff for HP-UXA.09.03
+#
+include $(CORE_DEPTH)/coreconf/HP-UXA.09.mk
diff --git a/nss/coreconf/HP-UXA.09.07.mk b/nss/coreconf/HP-UXA.09.07.mk
new file mode 100644
index 0000000..7c2266f
--- /dev/null
+++ b/nss/coreconf/HP-UXA.09.07.mk
@@ -0,0 +1,16 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 9, the default (and only) implementation strategy is
+# classic nspr.
+
+ifeq ($(OS_RELEASE),A.09.07)
+	DEFAULT_IMPL_STRATEGY	 = _CLASSIC
+endif
+
+#
+# Config stuff for HP-UXA.09.07
+#
+include $(CORE_DEPTH)/coreconf/HP-UXA.09.mk
diff --git a/nss/coreconf/HP-UXA.09.mk b/nss/coreconf/HP-UXA.09.mk
new file mode 100644
index 0000000..60bde35
--- /dev/null
+++ b/nss/coreconf/HP-UXA.09.mk
@@ -0,0 +1,11 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Config stuff for HP-UXA.09
+#
+include $(CORE_DEPTH)/coreconf/HP-UX.mk
+
+OS_CFLAGS += -DHPUX9
diff --git a/nss/coreconf/HP-UXB.10.01.mk b/nss/coreconf/HP-UXB.10.01.mk
new file mode 100644
index 0000000..d2429b2
--- /dev/null
+++ b/nss/coreconf/HP-UXB.10.01.mk
@@ -0,0 +1,12 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ifeq ($(OS_RELEASE),B.10.01)
+	DEFAULT_IMPL_STRATEGY	 = _CLASSIC
+endif
+
+#
+# Config stuff for HP-UXB.10.01
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
diff --git a/nss/coreconf/HP-UXB.10.10.mk b/nss/coreconf/HP-UXB.10.10.mk
new file mode 100644
index 0000000..c1b0990
--- /dev/null
+++ b/nss/coreconf/HP-UXB.10.10.mk
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.10 and 10.20, the default implementation strategy is
+# pthreads (actually DCE threads).  Classic nspr is also available.
+
+ifeq ($(OS_RELEASE),B.10.10)
+	DEFAULT_IMPL_STRATEGY 	 = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.10.10
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
+
+OS_CFLAGS += -DHPUX10_10
+
+ifeq ($(USE_PTHREADS),1)
+	OS_CFLAGS	+= -D_REENTRANT
+endif
diff --git a/nss/coreconf/HP-UXB.10.20.mk b/nss/coreconf/HP-UXB.10.20.mk
new file mode 100644
index 0000000..219ae7b
--- /dev/null
+++ b/nss/coreconf/HP-UXB.10.20.mk
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.10 and 10.20, the default implementation strategy is
+# pthreads (actually DCE threads).  Classic nspr is also available.
+
+ifeq ($(OS_RELEASE),B.10.20)
+	DEFAULT_IMPL_STRATEGY = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.10.20
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
+
+OS_CFLAGS		+= -DHPUX10_20
+
+ifeq ($(USE_PTHREADS),1)
+	OS_CFLAGS	+= -D_REENTRANT
+endif
diff --git a/nss/coreconf/HP-UXB.10.30.mk b/nss/coreconf/HP-UXB.10.30.mk
new file mode 100644
index 0000000..f09991a
--- /dev/null
+++ b/nss/coreconf/HP-UXB.10.30.mk
@@ -0,0 +1,28 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.30 and 11.00, the default implementation strategy is
+# pthreads.  Classic nspr and pthreads-user are also available.
+
+ifeq ($(OS_RELEASE),B.10.30)
+	DEFAULT_IMPL_STRATEGY	 = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.10.30.
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.10.mk
+
+OS_CFLAGS		+= -DHPUX10_30
+
+#
+# To use the true pthread (kernel thread) library on 10.30 and
+# 11.00, we should define _POSIX_C_SOURCE to be 199506L.
+# The _REENTRANT macro is deprecated.
+#
+
+ifdef USE_PTHREADS
+	OS_CFLAGS	+= -D_POSIX_C_SOURCE=199506L
+endif
diff --git a/nss/coreconf/HP-UXB.10.mk b/nss/coreconf/HP-UXB.10.mk
new file mode 100644
index 0000000..0224348
--- /dev/null
+++ b/nss/coreconf/HP-UXB.10.mk
@@ -0,0 +1,8 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/HP-UX.mk
+
+OS_CFLAGS += -DHPUX10
+OS_LIBS   += -lpthread -lm
diff --git a/nss/coreconf/HP-UXB.11.00.mk b/nss/coreconf/HP-UXB.11.00.mk
new file mode 100644
index 0000000..624ae97
--- /dev/null
+++ b/nss/coreconf/HP-UXB.11.00.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.30 and 11.00, the default implementation strategy is
+# pthreads.  Classic nspr and pthreads-user are also available.
+
+ifeq ($(OS_RELEASE),B.11.00)
+OS_CFLAGS		+= -DHPUX10
+DEFAULT_IMPL_STRATEGY = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.11.00.
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
diff --git a/nss/coreconf/HP-UXB.11.11.mk b/nss/coreconf/HP-UXB.11.11.mk
new file mode 100644
index 0000000..9c43ca2
--- /dev/null
+++ b/nss/coreconf/HP-UXB.11.11.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.30 and 11.x, the default implementation strategy is
+# pthreads.  Classic nspr and pthreads-user are also available.
+
+ifeq ($(OS_RELEASE),B.11.11)
+OS_CFLAGS		+= -DHPUX10
+DEFAULT_IMPL_STRATEGY = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.11.11.
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
diff --git a/nss/coreconf/HP-UXB.11.20.mk b/nss/coreconf/HP-UXB.11.20.mk
new file mode 100644
index 0000000..f7e32c9
--- /dev/null
+++ b/nss/coreconf/HP-UXB.11.20.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.30 and 11.x, the default implementation strategy is
+# pthreads.  Classic nspr and pthreads-user are also available.
+
+ifeq ($(OS_RELEASE),B.11.20)
+OS_CFLAGS		+= -DHPUX10
+DEFAULT_IMPL_STRATEGY = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.11.x.
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
diff --git a/nss/coreconf/HP-UXB.11.22.mk b/nss/coreconf/HP-UXB.11.22.mk
new file mode 100644
index 0000000..a29ef07
--- /dev/null
+++ b/nss/coreconf/HP-UXB.11.22.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.30 and 11.x, the default implementation strategy is
+# pthreads.  Classic nspr and pthreads-user are also available.
+
+ifeq ($(OS_RELEASE),B.11.22)
+OS_CFLAGS		+= -DHPUX10
+DEFAULT_IMPL_STRATEGY = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.11.x.
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
diff --git a/nss/coreconf/HP-UXB.11.23.mk b/nss/coreconf/HP-UXB.11.23.mk
new file mode 100644
index 0000000..1751b8d
--- /dev/null
+++ b/nss/coreconf/HP-UXB.11.23.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On HP-UX 10.30 and 11.x, the default implementation strategy is
+# pthreads.  Classic nspr and pthreads-user are also available.
+
+ifeq ($(OS_RELEASE),B.11.23)
+OS_CFLAGS		+= -DHPUX10
+DEFAULT_IMPL_STRATEGY = _PTH
+endif
+
+#
+# Config stuff for HP-UXB.11.x.
+#
+include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
diff --git a/nss/coreconf/HP-UXB.11.mk b/nss/coreconf/HP-UXB.11.mk
new file mode 100644
index 0000000..c61b3f6
--- /dev/null
+++ b/nss/coreconf/HP-UXB.11.mk
@@ -0,0 +1,48 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/HP-UX.mk
+
+ifndef NS_USE_GCC
+    CCC                 = /opt/aCC/bin/aCC -ext
+    ifeq ($(USE_64), 1)
+	ifeq ($(OS_TEST), ia64)
+	    ARCHFLAG	= -Aa +e +p +DD64
+	else
+	    # Our HP-UX build machine has a strange problem.  If
+	    # a 64-bit PA-RISC executable calls getcwd() in a
+	    # network-mounted directory, it fails with ENOENT.
+	    # We don't know why.  Since nsinstall calls getcwd(),
+	    # this breaks our 64-bit HP-UX nightly builds.  None
+	    # of our other HP-UX machines have this problem.
+	    #
+	    # We worked around this problem by building nsinstall
+	    # as a 32-bit PA-RISC executable for 64-bit PA-RISC
+	    # builds.  -- wtc 2003-06-03
+	    ifdef INTERNAL_TOOLS
+	    ARCHFLAG	= +DAportable +DS2.0
+	    else
+	    ARCHFLAG	= -Aa +e +DA2.0W +DS2.0 +DChpux
+	    endif
+	endif
+    else
+	ifeq ($(OS_TEST), ia64)
+	    ARCHFLAG	= -Aa +e +p +DD32
+	else
+	    ARCHFLAG	= +DAportable +DS2.0
+	endif
+    endif
+else
+    CCC = aCC
+endif
+
+#
+# To use the true pthread (kernel thread) library on HP-UX
+# 11.x, we should define _POSIX_C_SOURCE to be 199506L.
+# The _REENTRANT macro is deprecated.
+#
+
+OS_CFLAGS += $(ARCHFLAG) -DHPUX11 -D_POSIX_C_SOURCE=199506L
+OS_LIBS   += -lpthread -lm -lrt
+HPUX11	= 1
diff --git a/nss/coreconf/IRIX.mk b/nss/coreconf/IRIX.mk
new file mode 100644
index 0000000..1c91554
--- /dev/null
+++ b/nss/coreconf/IRIX.mk
@@ -0,0 +1,94 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+#
+# The default implementation strategy for Irix is classic nspr.
+#
+ifeq ($(USE_PTHREADS),1)
+	ifeq ($(USE_N32),1)
+		IMPL_STRATEGY = _n32_PTH
+	else
+		IMPL_STRATEGY = _PTH
+	endif
+endif
+
+DEFAULT_COMPILER = cc
+
+ifdef NS_USE_GCC
+	CC		= gcc
+	AS		= $(CC) -x assembler-with-cpp
+	ODD_CFLAGS	= -Wall -Wno-format -Wno-switch
+	ifdef BUILD_OPT
+		OPTIMIZER	= -O6
+	endif
+else
+	CC	= cc
+	CCC		= CC
+	ODD_CFLAGS	= -fullwarn -xansi -woff 1209
+	ifdef BUILD_OPT
+		ifeq ($(USE_N32),1)
+			OPTIMIZER	= -O -OPT:Olimit=4000
+		else
+			OPTIMIZER	= -O -Olimit 4000
+		endif
+	endif
+
+	# For 6.x machines, include this flag
+	ifeq (6., $(findstring 6., $(OS_RELEASE)))
+		ifeq ($(USE_N32),1)
+			ODD_CFLAGS	+= -n32 -mips3 -exceptions
+		else
+			ODD_CFLAGS	+= -32 -multigot
+		endif
+	else
+		ODD_CFLAGS		+= -xgot
+	endif
+	ifeq ($(USE_N32),1)
+		OS_CFLAGS	+= -dollar
+	endif
+endif
+
+ODD_CFLAGS	+= -DSVR4 -DIRIX 
+
+CPU_ARCH	= mips
+
+RANLIB		= /bin/true
+# For purify
+# NOTE: should always define _SGI_MP_SOURCE
+NOMD_OS_CFLAGS += $(ODD_CFLAGS) -D_SGI_MP_SOURCE
+
+OS_CFLAGS += $(NOMD_OS_CFLAGS)
+ifdef USE_MDUPDATE
+	OS_CFLAGS += -MDupdate $(DEPENDENCIES)
+endif
+
+ifeq ($(USE_N32),1)
+	SHLIB_LD_OPTS	+= -n32 -mips3
+endif
+
+MKSHLIB     += $(LD) $(SHLIB_LD_OPTS) -shared -soname $(@:$(OBJDIR)/%.so=%.so)
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+DSO_LDOPTS	= -elf -shared -all
+
+ifdef DSO_BACKEND
+	DSO_LDOPTS += -soname $(DSO_NAME)
+endif
+
+#
+# Revision notes:
+#
+# In the IRIX compilers prior to version 7.2, -n32 implied -mips3.
+# Beginning in the 7.2 compilers, -n32 implies -mips4 when the compiler
+# is running on a system with a mips4 CPU (e.g. R8K, R10K).
+# We want our code to explicitly be mips3 code, so we now explicitly
+# set -mips3 whenever we set -n32.
+#
diff --git a/nss/coreconf/IRIX5.2.mk b/nss/coreconf/IRIX5.2.mk
new file mode 100644
index 0000000..c2f5eb3
--- /dev/null
+++ b/nss/coreconf/IRIX5.2.mk
@@ -0,0 +1,5 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/IRIX5.mk
diff --git a/nss/coreconf/IRIX5.3.mk b/nss/coreconf/IRIX5.3.mk
new file mode 100644
index 0000000..0020ce9
--- /dev/null
+++ b/nss/coreconf/IRIX5.3.mk
@@ -0,0 +1,7 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/IRIX5.mk
+
+OS_CFLAGS += -DIRIX5_3
diff --git a/nss/coreconf/IRIX5.mk b/nss/coreconf/IRIX5.mk
new file mode 100644
index 0000000..80d3f8a
--- /dev/null
+++ b/nss/coreconf/IRIX5.mk
@@ -0,0 +1,10 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/IRIX.mk
+
+ifndef NS_USE_GCC
+	ODD_CFLAGS += -xgot
+endif
diff --git a/nss/coreconf/IRIX6.2.mk b/nss/coreconf/IRIX6.2.mk
new file mode 100644
index 0000000..a5760b9
--- /dev/null
+++ b/nss/coreconf/IRIX6.2.mk
@@ -0,0 +1,13 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+# catch unresolved symbols
+
+SHLIB_LD_OPTS += -no_unresolved
+
+include $(CORE_DEPTH)/coreconf/IRIX6.mk
+
+OS_CFLAGS += -DIRIX6_2
diff --git a/nss/coreconf/IRIX6.3.mk b/nss/coreconf/IRIX6.3.mk
new file mode 100644
index 0000000..7faaa7a
--- /dev/null
+++ b/nss/coreconf/IRIX6.3.mk
@@ -0,0 +1,12 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# catch unresolved symbols
+
+SHLIB_LD_OPTS += -no_unresolved
+
+include $(CORE_DEPTH)/coreconf/IRIX6.mk
+
+OS_CFLAGS += -DIRIX6_3
diff --git a/nss/coreconf/IRIX6.5.mk b/nss/coreconf/IRIX6.5.mk
new file mode 100644
index 0000000..c3ed17d
--- /dev/null
+++ b/nss/coreconf/IRIX6.5.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# catch unresolved symbols
+
+SHLIB_LD_OPTS += -no_unresolved
+
+include $(CORE_DEPTH)/coreconf/IRIX6.mk
+
+OS_CFLAGS += -DIRIX6_5
+ifndef NS_USE_GCC
+OS_CFLAGS += -mips3
+endif
diff --git a/nss/coreconf/IRIX6.mk b/nss/coreconf/IRIX6.mk
new file mode 100644
index 0000000..95b6f5e
--- /dev/null
+++ b/nss/coreconf/IRIX6.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/IRIX.mk
+
+ifndef NS_USE_GCC
+	ifneq ($(USE_N32),1)
+	OS_CFLAGS  += -32
+	endif
+	ODD_CFLAGS += -multigot
+endif
+
+ifeq ($(USE_PTHREADS),1)
+OS_LIBS += -lpthread
+endif
diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk
new file mode 100644
index 0000000..dde68c6
--- /dev/null
+++ b/nss/coreconf/Linux.mk
@@ -0,0 +1,209 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CC     ?= gcc
+CCC    ?= g++
+RANLIB ?= ranlib
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+#
+# The default implementation strategy for Linux is now pthreads
+#
+ifneq ($(OS_TARGET),Android)
+	USE_PTHREADS = 1
+endif
+
+ifeq ($(USE_PTHREADS),1)
+	IMPL_STRATEGY = _PTH
+endif
+
+DEFAULT_COMPILER = gcc
+
+ifeq ($(OS_TARGET),Android)
+ifndef ANDROID_NDK
+	$(error Must set ANDROID_NDK to the path to the android NDK first)
+endif
+ifndef ANDROID_TOOLCHAIN_VERSION
+	$(error Must set ANDROID_TOOLCHAIN_VERSION to the requested version number)
+endif
+	ANDROID_PREFIX=$(OS_TEST)-linux-androideabi
+	ANDROID_TARGET=$(ANDROID_PREFIX)-$(ANDROID_TOOLCHAIN_VERSION)
+	# should autodetect which linux we are on, currently android only
+	# supports linux-x86 prebuilts
+	ANDROID_TOOLCHAIN=$(ANDROID_NDK)/toolchains/$(ANDROID_TARGET)/prebuilt/linux-x86
+	ANDROID_SYSROOT=$(ANDROID_NDK)/platforms/android-$(OS_TARGET_RELEASE)/arch-$(OS_TEST)
+	ANDROID_CC=$(ANDROID_TOOLCHAIN)/bin/$(ANDROID_PREFIX)-gcc
+	ANDROID_CCC=$(ANDROID_TOOLCHAIN)/bin/$(ANDROID_PREFIX)-g++
+        NSS_DISABLE_GTESTS=1
+# internal tools need to be built with the native compiler
+ifndef INTERNAL_TOOLS
+	CC = $(ANDROID_CC) --sysroot=$(ANDROID_SYSROOT)
+	CCC = $(ANDROID_CCC) --sysroot=$(ANDROID_SYSROOT)
+	DEFAULT_COMPILER=$(ANDROID_PREFIX)-gcc
+	ARCHFLAG = --sysroot=$(ANDROID_SYSROOT)
+	DEFINES += -DNO_SYSINFO -DNO_FORK_CHECK -DANDROID
+	CROSS_COMPILE = 1
+endif
+endif
+ifeq (,$(filter-out ppc64 ppc64le,$(OS_TEST)))
+	CPU_ARCH	= ppc
+ifeq ($(USE_64),1)
+	ARCHFLAG	= -m64
+endif
+else
+ifeq ($(OS_TEST),alpha)
+        OS_REL_CFLAGS   = -D_ALPHA_
+	CPU_ARCH	= alpha
+else
+ifeq ($(OS_TEST),x86_64)
+ifeq ($(USE_64),1)
+	CPU_ARCH	= x86_64
+	ARCHFLAG	= -m64
+else
+ifeq ($(USE_X32),1)
+	CPU_ARCH	= x86_64
+	ARCHFLAG	= -mx32
+	64BIT_TAG	= _x32
+else
+	OS_REL_CFLAGS	= -Di386
+	CPU_ARCH	= x86
+	ARCHFLAG	= -m32
+endif
+endif
+else
+ifeq ($(OS_TEST),sparc64)
+	CPU_ARCH        = sparc
+else
+ifeq (,$(filter-out arm% sa110,$(OS_TEST)))
+	CPU_ARCH        = arm
+else
+ifeq (,$(filter-out parisc%,$(OS_TEST)))
+	CPU_ARCH        = hppa
+else
+ifeq (,$(filter-out i%86,$(OS_TEST)))
+	OS_REL_CFLAGS	= -Di386
+	CPU_ARCH	= x86
+else
+ifeq ($(OS_TEST),sh4a)
+	CPU_ARCH        = sh4
+else
+# $(OS_TEST) == m68k, ppc, ia64, sparc, s390, s390x, mips, sh3, sh4
+	CPU_ARCH	= $(OS_TEST)
+endif
+endif
+endif
+endif
+endif
+endif
+endif
+endif
+
+
+ifneq ($(OS_TARGET),Android)
+LIBC_TAG		= _glibc
+endif
+
+ifdef BUILD_OPT
+ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+	OPTIMIZER = -Os
+else
+	OPTIMIZER = -O2
+endif
+ifdef MOZ_DEBUG_SYMBOLS
+	ifdef MOZ_DEBUG_FLAGS
+		OPTIMIZER += $(MOZ_DEBUG_FLAGS)
+	else
+		OPTIMIZER += -gdwarf-2
+	endif
+endif
+endif
+
+ifndef COMPILER_TAG
+COMPILER_TAG := _$(CC_NAME)
+endif
+
+ifeq ($(USE_PTHREADS),1)
+OS_PTHREAD = -lpthread 
+endif
+
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -pipe -ffunction-sections -fdata-sections -DHAVE_STRERROR
+ifeq ($(KERNEL),Linux)
+	OS_CFLAGS	+= -DLINUX -Dlinux
+endif
+OS_LIBS			= $(OS_PTHREAD) -ldl -lc
+
+ifdef USE_PTHREADS
+	DEFINES		+= -D_REENTRANT
+endif
+
+DSO_CFLAGS		= -fPIC
+DSO_LDOPTS		= -shared $(ARCHFLAG) -Wl,--gc-sections
+# The linker on Red Hat Linux 7.2 and RHEL 2.1 (GNU ld version 2.11.90.0.8)
+# incorrectly reports undefined references in the libraries we link with, so
+# we don't use -z defs there.
+# Also, -z defs conflicts with Address Sanitizer, which emits relocations
+# against the libsanitizer runtime built into the main executable.
+ZDEFS_FLAG		= -Wl,-z,defs
+DSO_LDOPTS		+= $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
+LDFLAGS			+= $(ARCHFLAG)
+
+# On Maemo, we need to use the -rpath-link flag for even the standard system
+# library directories.
+ifdef _SBOX_DIR
+LDFLAGS			+= -Wl,-rpath-link,/usr/lib:/lib
+endif
+
+G++INCLUDES		= -I/usr/include/g++
+
+#
+# Always set CPU_TAG on Linux.
+#
+CPU_TAG = _$(CPU_ARCH)
+
+#
+# On Linux 2.6 or later, build libfreebl3.so with no NSPR and libnssutil3.so
+# dependencies by default.  Set FREEBL_NO_DEPEND to 0 in the environment to
+# override this.
+#
+ifneq ($(OS_TARGET),Android)
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
+ifndef FREEBL_NO_DEPEND
+FREEBL_NO_DEPEND = 1
+FREEBL_LOWHASH = 1
+endif
+endif
+endif
+
+USE_SYSTEM_ZLIB = 1
+ZLIB_LIBS = -lz
+
+# The -rpath '$$ORIGIN' linker option instructs this library to search for its
+# dependencies in the same directory where it resides.
+ifeq ($(BUILD_SUN_PKG), 1)
+ifeq ($(USE_64), 1)
+RPATH = -Wl,-rpath,'$$ORIGIN:/opt/sun/private/lib64:/opt/sun/private/lib'
+else
+RPATH = -Wl,-rpath,'$$ORIGIN:/opt/sun/private/lib'
+endif
+endif
+
+MKSHLIB         = $(CC) $(DSO_LDOPTS) -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so) $(RPATH)
+
+ifdef MAPFILE
+	MKSHLIB += -Wl,--version-script,$(MAPFILE)
+endif
+PROCESS_MAP_FILE = grep -v ';-' $< | \
+        sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
+
+ifeq ($(OS_RELEASE),2.4)
+DEFINES += -DNO_FORK_CHECK
+endif
+
+ifdef USE_GCOV
+OS_CFLAGS += --coverage
+LDFLAGS += --coverage
+DSO_LDOPTS += --coverage
+endif
diff --git a/nss/coreconf/Makefile b/nss/coreconf/Makefile
new file mode 100644
index 0000000..aca8882
--- /dev/null
+++ b/nss/coreconf/Makefile
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+DEPTH		= ..
+CORE_DEPTH	= ..
+
+MODULE		= coreconf
+
+DIRS		= nsinstall
+
+include $(DEPTH)/coreconf/config.mk
+include $(DEPTH)/coreconf/rules.mk
+
+export:: libs
diff --git a/nss/coreconf/NCR3.0.mk b/nss/coreconf/NCR3.0.mk
new file mode 100644
index 0000000..7b8e31b
--- /dev/null
+++ b/nss/coreconf/NCR3.0.mk
@@ -0,0 +1,65 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = cc
+
+###
+NS_USE_NATIVE = 1
+
+# NS_USE_GCC = 1
+
+export PATH:=$(PATH):/opt/ncc/bin
+###
+
+RANLIB           = true
+GCC_FLAGS_EXTRA += -pipe
+
+DEFINES		+= -DSVR4 -DSYSV -DHAVE_STRERROR -DNCR
+
+OS_CFLAGS	+= -Hnocopyr -DSVR4 -DSYSV -DHAVE_STRERROR -DNCR -DPRFSTREAMS_BROKEN
+
+ifdef NS_USE_NATIVE
+	CC       = cc
+	CCC      = ncc
+	CXX      = ncc
+#	OS_LIBS += -L/opt/ncc/lib 
+else
+#	OS_LIBS	+=
+endif
+
+#OS_LIBS    += -lsocket -lnsl -ldl -lc
+
+MKSHLIB     += $(LD) $(DSO_LDOPTS)
+#DSO_LDOPTS += -G -z defs
+DSO_LDOPTS += -G
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+CPU_ARCH    = x86
+ARCH        = ncr
+
+NOSUCHFILE  = /solaris-rm-f-sucks
+
+# now take care of default GCC (rus@5/5/97)
+ 
+ifdef NS_USE_GCC
+	# if gcc-settings are redefined already - don't touch it
+	#
+	ifeq (,$(findstring gcc, $(CC)))
+		CC   = gcc
+		CCC  = g++
+		CXX  = g++
+		# always use -fPIC - some makefiles are still broken and don't distinguish
+		# situation when they build shared and static libraries
+		CFLAGS  += -fPIC -Wall -Wno-switch $(GCC_FLAGS_EXTRA)
+#		OS_LIBS += -L/usr/local/lib -lstdc++ -lg++ -lgcc
+	endif
+endif
+###
diff --git a/nss/coreconf/NEC4.2.mk b/nss/coreconf/NEC4.2.mk
new file mode 100644
index 0000000..68cc146
--- /dev/null
+++ b/nss/coreconf/NEC4.2.mk
@@ -0,0 +1,36 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = $(CORE_DEPTH)/build/hcc
+
+CPU_ARCH		= mips
+
+ifdef NS_USE_GCC
+CC			= gcc
+CCC			= g++
+else
+CC			= $(CORE_DEPTH)/build/hcc
+OS_CFLAGS		= -Xa -KGnum=0 -KOlimit=4000
+CCC			= g++
+endif
+
+MKSHLIB			= $(LD) $(DSO_LDOPTS)
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+RANLIB			= /bin/true
+
+OS_CFLAGS		+= $(ODD_CFLAGS) -DSVR4 -D__SVR4 -DNEC -Dnec_ews -DHAVE_STRERROR
+OS_LIBS			= -lsocket -lnsl -ldl $(LDOPTIONS)
+LDOPTIONS		= -lc -L/usr/ucblib -lucb
+
+NOSUCHFILE		= /nec-rm-f-sucks
+
+DSO_LDOPTS		= -G
diff --git a/nss/coreconf/NetBSD.mk b/nss/coreconf/NetBSD.mk
new file mode 100644
index 0000000..654f1ae
--- /dev/null
+++ b/nss/coreconf/NetBSD.mk
@@ -0,0 +1,55 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER	= gcc
+CC			= gcc
+CCC			= g++
+RANLIB			= ranlib
+
+CPU_ARCH		:= $(shell uname -p)
+ifeq ($(CPU_ARCH),i386)
+OS_REL_CFLAGS		= -Di386
+CPU_ARCH		= x86
+endif
+
+ifndef OBJECT_FMT
+OBJECT_FMT		:= $(shell if echo __ELF__ | $${CC:-cc} -E - | grep -q __ELF__ ; then echo a.out ; else echo ELF ; fi)
+endif
+
+ifeq ($(OBJECT_FMT),ELF)
+DLL_SUFFIX		= so
+else
+DLL_SUFFIX		= so.1.0
+endif
+
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -pipe -DNETBSD -Dunix -DHAVE_STRERROR -DHAVE_BSD_FLOCK
+
+OS_LIBS			= -lcompat
+
+ARCH			= netbsd
+
+DSO_CFLAGS		= -fPIC -DPIC
+DSO_LDOPTS		= -shared
+ifeq ($(OBJECT_FMT),ELF)
+DSO_LDOPTS		+= -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+endif
+
+ifdef LIBRUNPATH
+DSO_LDOPTS		+= -Wl,-R$(LIBRUNPATH)
+endif
+
+MKSHLIB			= $(CC) $(DSO_LDOPTS)
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+
+G++INCLUDES		= -I/usr/include/g++
+
+INCLUDES		+= -I/usr/X11R6/include
diff --git a/nss/coreconf/OS2.mk b/nss/coreconf/OS2.mk
new file mode 100644
index 0000000..f23571c
--- /dev/null
+++ b/nss/coreconf/OS2.mk
@@ -0,0 +1,156 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOZ_WIDGET_TOOLKIT = os2
+
+# XP_PC is for Window and OS2 on Intel X86
+# XP_OS2 is strictly for OS2 only
+XP_DEFINE  += -DXP_PC=1  -DXP_OS2=1
+
+# Override prefix
+LIB_PREFIX  = $(NULL)
+
+# Override suffix in suffix.mk
+LIB_SUFFIX  = lib
+# the DLL_SUFFIX must be uppercase for FIPS mode to work. bugzilla 240784
+DLL_SUFFIX  = DLL
+PROG_SUFFIX = .exe
+
+
+CCC			= gcc
+LD  			= gcc
+AR                      = emxomfar r $@
+# Keep AR_FLAGS blank so that we do not have to change rules.mk
+AR_FLAGS                = 
+RANLIB 			= @echo OS2 RANLIB
+BSDECHO 		= @echo OS2 BSDECHO
+IMPLIB			= emximp -o
+FILTER			= emxexp -o
+
+# GCC for OS/2 currently predefines these, but we don't want them
+DEFINES 		+= -Uunix -U__unix -U__unix__
+
+DEFINES			+= -DTCPV40HDRS
+
+ifeq ($(MOZ_OS2_HIGH_MEMORY),1)
+HIGHMEM_LDFLAG          = -Zhigh-mem
+endif
+
+ifndef NO_SHARED_LIB
+WRAP_MALLOC_LIB         = 
+WRAP_MALLOC_CFLAGS      = 
+DSO_CFLAGS              = 
+DSO_PIC_CFLAGS          = 
+MKSHLIB                 = $(CXX) $(CXXFLAGS) $(DSO_LDOPTS) -o $@
+MKCSHLIB                = $(CC) $(CFLAGS) $(DSO_LDOPTS) -o $@
+MKSHLIB_FORCE_ALL       = 
+MKSHLIB_UNFORCE_ALL     = 
+DSO_LDOPTS              = -Zomf -Zdll -Zmap $(HIGHMEM_LDFLAG)
+SHLIB_LDSTARTFILE	= 
+SHLIB_LDENDFILE		= 
+ifdef MAPFILE
+MKSHLIB += $(MAPFILE)
+endif
+PROCESS_MAP_FILE = \
+	echo LIBRARY $(LIBRARY_NAME)$(LIBRARY_VERSION) INITINSTANCE TERMINSTANCE > $@; \
+	echo PROTMODE >> $@; \
+	echo CODE    LOADONCALL MOVEABLE DISCARDABLE >> $@; \
+	echo DATA    PRELOAD MOVEABLE MULTIPLE NONSHARED >> $@; \
+	echo EXPORTS >> $@; \
+	grep -v ';+' $< | grep -v ';-' | \
+	sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,\([\t ]*\),\1_,' | \
+	awk 'BEGIN {ord=1;} { print($$0 " @" ord " RESIDENTNAME"); ord++;}' >> $@
+
+endif   #NO_SHARED_LIB
+
+OS_CFLAGS          = -Wall -Wno-unused -Wpointer-arith -Wcast-align -Wno-switch -Zomf -DDEBUG -DTRACING -g
+
+ifdef BUILD_OPT
+ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+	OPTIMIZER += -Os -s
+else
+	OPTIMIZER += -O2 -s
+endif
+DEFINES 		+= -UDEBUG -U_DEBUG -DNDEBUG
+DLLFLAGS		= -DLL -OUT:$@ -MAP:$(@:.dll=.map) $(HIGHMEM_LDFLAG)
+EXEFLAGS    		= -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE $(HIGHMEM_LDFLAG)
+OBJDIR_TAG 		= _OPT
+else
+#OPTIMIZER		= -O+ -Oi
+DEFINES 		+= -DDEBUG -D_DEBUG -DDEBUGPRINTS     #HCT Need += to avoid overidding manifest.mn 
+DLLFLAGS		= -DEBUG -DLL -OUT:$@ -MAP:$(@:.dll=.map) $(HIGHMEM_LDFLAG)
+EXEFLAGS    		= -DEBUG -PMTYPE:VIO -OUT:$@ -MAP:$(@:.exe=.map) -nologo -NOE $(HIGHMEM_LDFLAG)
+OBJDIR_TAG 		= _DBG
+LDFLAGS 		= -DEBUG $(HIGHMEM_LDFLAG)
+endif   # BUILD_OPT
+
+# OS/2 use nsinstall that is included in the toolkit.
+# since we do not wish to support and maintain 3 version of nsinstall in mozilla, nspr and nss
+
+ifdef BUILD_TREE
+NSINSTALL_DIR  = $(BUILD_TREE)/nss
+else
+NSINSTALL_DIR  = $(CORE_DEPTH)/coreconf/nsinstall
+endif
+# NSINSTALL      = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall
+NSINSTALL 	= nsinstall             # HCT4OS2
+INSTALL		= $(NSINSTALL)
+
+MKDEPEND_DIR    = $(CORE_DEPTH)/coreconf/mkdepend
+MKDEPEND        = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend
+MKDEPENDENCIES  = $(OBJDIR_NAME)/depend.mk
+
+####################################################################
+#
+# One can define the makefile variable NSDISTMODE to control
+# how files are published to the 'dist' directory.  If not
+# defined, the default is "install using relative symbolic
+# links".  The two possible values are "copy", which copies files
+# but preserves source mtime, and "absolute_symlink", which
+# installs using absolute symbolic links.
+#   - THIS IS NOT PART OF THE NEW BINARY RELEASE PLAN for 9/30/97
+#   - WE'RE KEEPING IT ONLY FOR BACKWARDS COMPATIBILITY
+####################################################################
+
+ifeq ($(NSDISTMODE),copy)
+	# copy files, but preserve source mtime
+	INSTALL  = $(NSINSTALL)
+	INSTALL += -t
+else
+	ifeq ($(NSDISTMODE),absolute_symlink)
+		# install using absolute symbolic links
+		INSTALL  = $(NSINSTALL)
+		INSTALL += -L `pwd`
+	else
+		# install using relative symbolic links
+		INSTALL  = $(NSINSTALL)
+		INSTALL += -R
+	endif
+endif
+
+define MAKE_OBJDIR
+if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi
+endef
+
+#
+# override the definition of DLL_PREFIX in prefix.mk
+#
+
+ifndef DLL_PREFIX
+    DLL_PREFIX = $(NULL)
+endif
+
+#
+# override the TARGETS defined in ruleset.mk, adding IMPORT_LIBRARY
+#
+ifndef TARGETS
+    TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
+endif
+
+
+ifdef LIBRARY_NAME
+    IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)$(JDK_DEBUG_SUFFIX).lib
+endif
+
diff --git a/nss/coreconf/OSF1.mk b/nss/coreconf/OSF1.mk
new file mode 100644
index 0000000..4e411c1
--- /dev/null
+++ b/nss/coreconf/OSF1.mk
@@ -0,0 +1,48 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# The Bourne shell (sh) on OSF1 doesn't handle "set -e" correctly,
+# which we use to stop LOOP_OVER_DIRS submakes as soon as any
+# submake fails.  So we use the Korn shell instead.
+#
+SHELL = /usr/bin/ksh
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = cc
+
+CC         = cc
+OS_CFLAGS += $(NON_LD_FLAGS) -std1
+CCC        = cxx
+RANLIB     = /bin/true
+CPU_ARCH   = alpha
+
+ifdef BUILD_OPT
+	OPTIMIZER += -Olimit 4000
+endif
+
+NON_LD_FLAGS += -ieee_with_inexact
+OS_CFLAGS    += -DOSF1 -D_REENTRANT 
+
+ifeq ($(USE_PTHREADS),1)
+	OS_CFLAGS += -pthread
+endif
+
+# The command to build a shared library on OSF1.
+MKSHLIB    += ld -shared -expect_unresolved "*" -soname $(notdir $@)
+ifdef MAPFILE
+MKSHLIB += -hidden -input $(MAPFILE)
+endif
+PROCESS_MAP_FILE = grep -v ';+' $< | grep -v ';-' | \
+ sed -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,,' -e 's,^,-exported_symbol ,' > $@
+
+DSO_LDOPTS += -shared
+
+# required for freebl
+USE_64=1
+# this platform name does not use a bit tag due to only having a 64-bit ABI
+64BIT_TAG=
+
diff --git a/nss/coreconf/OSF1V2.0.mk b/nss/coreconf/OSF1V2.0.mk
new file mode 100644
index 0000000..e1e9f23
--- /dev/null
+++ b/nss/coreconf/OSF1V2.0.mk
@@ -0,0 +1,5 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/OSF1.mk
diff --git a/nss/coreconf/OSF1V3.0.mk b/nss/coreconf/OSF1V3.0.mk
new file mode 100644
index 0000000..e1e9f23
--- /dev/null
+++ b/nss/coreconf/OSF1V3.0.mk
@@ -0,0 +1,5 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/OSF1.mk
diff --git a/nss/coreconf/OSF1V3.2.mk b/nss/coreconf/OSF1V3.2.mk
new file mode 100644
index 0000000..17178e7
--- /dev/null
+++ b/nss/coreconf/OSF1V3.2.mk
@@ -0,0 +1,16 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On OSF1 V3.2, classic nspr is the default (and only) implementation
+# strategy.
+
+#
+# Config stuff for DEC OSF/1 V3.2
+#
+include $(CORE_DEPTH)/coreconf/OSF1.mk
+
+ifeq ($(OS_RELEASE),V3.2)
+	OS_CFLAGS += -DOSF1V3
+endif
diff --git a/nss/coreconf/OSF1V4.0.mk b/nss/coreconf/OSF1V4.0.mk
new file mode 100644
index 0000000..b563c72
--- /dev/null
+++ b/nss/coreconf/OSF1V4.0.mk
@@ -0,0 +1,24 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On OSF1 V4.0, pthreads is the default implementation strategy.
+# Classic nspr is also available.
+
+ifneq ($(OS_RELEASE),V3.2)
+	USE_PTHREADS = 1
+	ifeq ($(CLASSIC_NSPR), 1)
+		USE_PTHREADS =
+		IMPL_STRATEGY := _CLASSIC
+	endif
+endif
+
+#
+# Config stuff for DEC OSF/1 V4.0
+#
+include $(CORE_DEPTH)/coreconf/OSF1.mk
+
+ifeq ($(OS_RELEASE),V4.0)
+	OS_CFLAGS += -DOSF1V4
+endif
diff --git a/nss/coreconf/OSF1V4.0B.mk b/nss/coreconf/OSF1V4.0B.mk
new file mode 100644
index 0000000..7282ba7
--- /dev/null
+++ b/nss/coreconf/OSF1V4.0B.mk
@@ -0,0 +1,5 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/OSF1V4.0.mk
diff --git a/nss/coreconf/OSF1V4.0D.mk b/nss/coreconf/OSF1V4.0D.mk
new file mode 100644
index 0000000..6b0802e
--- /dev/null
+++ b/nss/coreconf/OSF1V4.0D.mk
@@ -0,0 +1,9 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/OSF1V4.0.mk
+DEFINES	+= -DOSF1V4D
+
+OS_LIBS += -lpthread -lrt
+
diff --git a/nss/coreconf/OSF1V5.0.mk b/nss/coreconf/OSF1V5.0.mk
new file mode 100644
index 0000000..02fc8d2
--- /dev/null
+++ b/nss/coreconf/OSF1V5.0.mk
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On OSF1 V5.0, pthreads is the default implementation strategy.
+# Classic nspr is also available.
+
+ifneq ($(OS_RELEASE),V3.2)
+	USE_PTHREADS = 1
+	ifeq ($(CLASSIC_NSPR), 1)
+		USE_PTHREADS =
+		IMPL_STRATEGY := _CLASSIC
+	endif
+endif
+
+#
+# Config stuff for DEC OSF/1 V5.0
+#
+include $(CORE_DEPTH)/coreconf/OSF1.mk
diff --git a/nss/coreconf/OSF1V5.1.mk b/nss/coreconf/OSF1V5.1.mk
new file mode 100644
index 0000000..854bb53
--- /dev/null
+++ b/nss/coreconf/OSF1V5.1.mk
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# On OSF1 V5.0, pthreads is the default implementation strategy.
+# Classic nspr is also available.
+
+ifneq ($(OS_RELEASE),V3.2)
+	USE_PTHREADS = 1
+	ifeq ($(CLASSIC_NSPR), 1)
+		USE_PTHREADS =
+		IMPL_STRATEGY := _CLASSIC
+	endif
+endif
+
+#
+# Config stuff for DEC OSF/1 V5.1
+#
+include $(CORE_DEPTH)/coreconf/OSF1.mk
diff --git a/nss/coreconf/OpenBSD.mk b/nss/coreconf/OpenBSD.mk
new file mode 100644
index 0000000..36a92d0
--- /dev/null
+++ b/nss/coreconf/OpenBSD.mk
@@ -0,0 +1,41 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+CC			?= gcc
+CXX			?= g++
+DEFAULT_COMPILER	= ${CC}
+CCC			= ${CXX}
+RANLIB			= ranlib
+
+CPU_ARCH		:= $(shell arch -s)
+ifeq ($(CPU_ARCH),i386)
+OS_REL_CFLAGS		= -Di386
+CPU_ARCH		= x86
+endif
+
+ifndef CLASSIC_NSPR
+USE_PTHREADS		= 1
+DEFINES			+= -pthread
+OS_LIBS			+= -pthread
+DSO_LDOPTS		+= -pthread
+endif
+
+DLL_SUFFIX		= so.1.0
+
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -Wno-switch -pipe -DOPENBSD
+
+OS_LIBS			= 
+
+ARCH			= openbsd
+
+DSO_CFLAGS		= -fPIC -DPIC
+DSO_LDOPTS		= -shared -fPIC -Wl,-soname,lib$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+
+MKSHLIB			= $(CC) $(DSO_LDOPTS)
+
+USE_SYSTEM_ZLIB		= 1
+ZLIB_LIBS		= -lz
diff --git a/nss/coreconf/OpenUNIX.mk b/nss/coreconf/OpenUNIX.mk
new file mode 100644
index 0000000..209ca41
--- /dev/null
+++ b/nss/coreconf/OpenUNIX.mk
@@ -0,0 +1,60 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = gcc
+
+CC         = gcc
+OS_CFLAGS += -fPIC
+CCC        = g++
+CCC       += -DPRFSTREAMS_BROKEN -I/usr/gnu/lib/g++-include
+# CCC      = $(CORE_DEPTH)/build/hcpp
+# CCC     += +.cpp +w
+RANLIB     = /bin/true
+
+#
+# -DSCO_PM - Policy Manager AKA: SCO Licensing
+# -DSCO - Changes to Netscape source (consistent with AIX, LINUX, etc..)
+# -Dsco - Needed for /usr/include/X11/*
+#
+OS_CFLAGS   += -DSCO_SV -DSYSV -D_SVID3 -DHAVE_STRERROR -DSW_THREADS -DSCO_PM -DSCO -Dsco
+#OS_LIBS     += -lpmapi -lsocket -lc
+MKSHLIB      = $(LD)
+MKSHLIB     += $(DSO_LDOPTS)
+XINC         = /usr/include/X11
+MOTIFLIB    += -lXm
+INCLUDES    += -I$(XINC)
+CPU_ARCH     = x86
+GFX_ARCH     = x
+ARCH         = sco
+LOCALE_MAP   = $(CORE_DEPTH)/cmd/xfe/intl/sco.lm
+EN_LOCALE    = C
+DE_LOCALE    = de_DE.ISO8859-1
+FR_LOCALE    = fr_FR.ISO8859-1
+JP_LOCALE    = ja
+SJIS_LOCALE  = ja_JP.SJIS
+KR_LOCALE    = ko_KR.EUC
+CN_LOCALE    = zh
+TW_LOCALE    = zh
+I2_LOCALE    = i2
+LOC_LIB_DIR  = /usr/lib/X11
+NOSUCHFILE   = /solaris-rm-f-sucks
+BSDECHO      = /bin/echo
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+#
+# These defines are for building unix plugins
+#
+BUILD_UNIX_PLUGINS  = 1
+#DSO_LDOPTS         += -b elf -G -z defs
+DSO_LDOPTS         += -G
+
+# Used for Java compiler
+EXPORT_FLAGS += -W l,-Bexport
diff --git a/nss/coreconf/QNX.mk b/nss/coreconf/QNX.mk
new file mode 100644
index 0000000..b1187cb
--- /dev/null
+++ b/nss/coreconf/QNX.mk
@@ -0,0 +1,39 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+USE_PTHREADS = 1
+
+ifeq ($(USE_PTHREADS),1)
+	IMPL_STRATEGY = _PTH
+endif
+
+CC			= qcc
+CCC			= qcc
+RANLIB			= ranlib
+
+DEFAULT_COMPILER = qcc
+ifeq ($(OS_TEST),mips)
+	CPU_ARCH	= mips
+else
+	CPU_ARCH	= x86
+endif
+
+MKSHLIB		= $(CC) -shared -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
+ifdef BUILD_OPT
+	OPTIMIZER	= -O2
+endif
+
+OS_CFLAGS		= $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Vgcc_ntox86 -Wall -pipe -DNTO -DHAVE_STRERROR -D_QNX_SOURCE -D_POSIX_C_SOURCE=199506 -D_XOPEN_SOURCE=500
+
+ifdef USE_PTHREADS
+	DEFINES		+= -D_REENTRANT
+endif
+
+ARCH			= QNX
+
+DSO_CFLAGS		= -Wc,-fPIC
+DSO_LDOPTS		= -shared
diff --git a/nss/coreconf/README b/nss/coreconf/README
new file mode 100644
index 0000000..4b1e410
--- /dev/null
+++ b/nss/coreconf/README
@@ -0,0 +1,555 @@
+OVERVIEW of "ns/coreconf":
+
+    This README file is an attempt to provide the reader with a simple
+    synopsis of the "ns/coreconf" build system which was originally
+    fundamentally designed and built to accomodate Netscape's binary
+    release model.  Wherever possible, an attempt has been made to
+    comply with the NSPR 2.0 build system, including mimicing the
+    compiler/linker flags, and directory naming structure.  The reader
+    should keep in mind that the system builds binary releases of
+    header files, class files, libraries, and executables on numerous
+    flavors of UNIX and Windows operating systems.  Unfortunately,
+    no serious attempt has ever been made to incorporate an ability to
+    generate cross-platform binaries on an Apple MacIntosh platform.
+
+    Note that this file will not attempt to redefine or document the
+    architecture of this system.  However, documents on this subject
+    are available at the following URL:
+
+        http://warp/hardcore/prj-ttools/specs/release/index.html
+
+
+
+DEPENDENCIES of "ns/coreconf":
+
+    The "ns/coreconf" build system requires the specified versions of
+    the following platform-dependent tools:
+
+        UNIX Platforms:
+        --------------
+        gmake (version 3.74 or later)
+        perl 4.0 (NOTE:  perl 5.003 or later recommended)
+        uname
+
+        Windows Platforms:
+        -----------------
+        gmake 3.74 (must use hacked Netscape version)
+        shmsdos.exe (contained in Netscape gmake.exe)
+        nsinstall.exe (contained in Netscape gmake.exe)
+        perl.exe (version 4.0 for everything except testing;
+                  NOTE:  MKS toolkit perl 5.002 is broken)
+        perl5.exe (for testing;
+                   NOTE:  perl 5.003 or later recommended;
+                          MKS toolkit perl 5.002 is broken)
+        uname.exe (use nstools version)
+
+ENHANCEMENTS to "ns/coreconf":
+
+    With the advent of Certificate Server 4.0 using the ns/coreconf
+    build system, several changes had to be made to enhance
+    ns/coreconf support for building Java/JNI classes/programs, as
+    well as libraries slated to be released as binaries.  While the
+    following may not represent an exhaustive list of these changes,
+    it does attempt to be at least somewhat comprehensive:
+
+        (1) During the course of these enhancements, a total of
+            four files have been modified, and four new files have
+            been added.
+
+            The following files have been modified:
+
+                - command.mk:    removed old definition of JAR
+
+                - config.mk:     added include statement of new
+                                 "jdk.mk" file
+
+                - ruleset.mk:    allowed the $(MKPROG) variable to be
+                                 overridden by supplying it with a
+                                 default value of $(CC); augmented
+                                 numerous definitions to enhance
+                                 ability of ns/coreconf to produce
+                                 a more robust set of libraries;
+                                 added some JNI definitions; PACKAGE
+                                 definition may be overridden by new
+                                 "jdk.mk" file
+
+                - rules.mk:      separated the compile phase of a
+                                 program from the link phase of a
+                                 program such that a developer can
+                                 now strictly override program linkage
+                                 by simply supplying a $(MKPROG)
+                                 variable; augmented NETLIBDEPTH
+                                 to use CORE_DEPTH but retain backward
+                                 compatibility; added JNI section;
+                                 modified .PRECIOUS rule;
+
+            The following files have been added:
+
+                - README:        this file; an ASCII-based text
+                                 document used to summarize the
+                                 ns/coreconf build system and
+                                 suitable (paginated) for printing
+
+                - jdk.mk:        a file comprising most (if not all)
+                                 of the default Java related build
+                                 information; the definitions in this
+                                 file are only included if NS_USE_JDK
+                                 has been defined
+
+                - jniregen.pl:   a perl script used to create a
+                                 dependency for when JNI files should
+                                 be regenerated (based upon any change
+                                 to the ".class" file from which the
+                                 ".h" file was originally generated)
+
+                - outofdate.pl:  a perl script used to create a
+                                 dependency for when ".class" files
+                                 should be regenerated (based upon
+                                 any change to the ".java" file
+                                 from which the ".class" file was
+                                 originally generated)
+
+        (2) As stated above, the ns/coreconf build system now separates
+            the link phase of a program from its compilation phase.
+            While ns/coreconf still works exactly as it used to because
+            the $(MKPROG) variable is assigned $(CC) by default, a developer
+            may now override this behavior by simply supplying their
+            own unique value for $(MKPROG) on every platform.  This allows
+            a program compiled with $(CC) to link with external libraries
+            that may contain "C++" linkage.  Before this change, a
+            programmer would need to reference their own local copy of
+            rules.mk (see the ns/sectools/cmd/pk12util program for
+            an example of how this used to be accomplished).
+
+        (3) Currently, the ns/coreconf build system differs from the
+            NSPR 2.0 build system which utilizes an "_s" to denote
+            static libraries from import libraries.  In fact, the
+            ns/coreconf build system adds no prefixes or suffixes to
+            distinguish one version of static libraries from another.
+            Note that both the ns/coreconf build system as well as the
+            NSPR 2.0 build system do nothing to provide a method of
+            distinguishing 16-bit from 32-bit static libraries on the
+            same machine, either, since:
+
+                a) this might only provide difficulty during
+                   development, since static libraries always
+                   need to be embedded within a program
+                   (note this is highly unlikely, since libraries
+                    for different platforms are subdivided via
+                    a well-known subdirectory structure, and
+                    a developer may use multiple trees for
+                    development),
+
+                b) this maintains backwards compatibility,
+                   something very important since no legacy
+                   programs will need to change their link phase, and
+
+                c) Netscape as a company has dropped any plans
+                   of future development of 16-bit products.
+
+        (4) Since several members of the Hardcore Security group did
+            not favor NSPR 2.0's solution of adding an "_s" to static
+            libraries on Windows platforms as a method to distinguish
+            them from their import library cousins, a different solution
+            was proposed and has been recently implemented for ns/coreconf:
+
+                - a 16 has been added as a suffix to both dynamic and
+                  import libraries built on 16-bit Windows platforms
+
+                - a 32 has been added as a suffix to both dynamic and
+                  import libraries built on 32-bit Windows platforms
+
+            Since the HCL release process currently only contains a
+            single instance of building a dynamic library,
+            ns/security/lib/fortcrypt/fort12.dll, the impact of this
+            change should be relatively small.  (Note: HCL was the
+            old name of NSS.)
+
+            It should be noted that although this would additionally
+            limit the 8.3 namespace on 16-bit platforms, it is highly
+            unlikely that any future development will be performed on
+            this platform.
+
+        (5) The $(LIBRARY_VERSION) tag has been added to all non-static
+            libraries created on UNIX operating systems to alleviate
+            any future confusion for binary releases which utilize this
+            tag.  Again, it should be noted that this tag is only
+            utilized on non-static libraries, since more than one
+            version of the library may need to exist simultaneously
+            if multiple products are utilized.
+
+            Currently, only one HCL released library utilizes this tag:
+
+                ns/security/lib/fortcrypt/fort12.a
+                (e. g. - in this library, the tag has been set to '12')
+
+            Again, it should be noted that although this would
+            additionally limit the 8.3 namespace on 16-bit platforms,
+            it is highly unlikely that any future development will be
+            performed on this platform.
+
+        (6) The $(JDK_DEBUG_SUFFIX) extension has been added to all
+            library and program names to support debug versions of
+            Java programs (e. g. - java_g, javac_g, etc).
+
+            Once again, it should be noted that although this would
+            additionally limit the 8.3 namespace on 16-bit platforms,
+            it is highly unlikely that any future Java development
+            will be performed on this platform.
+
+        (7) Most (if not all) default definitions for java have been
+            encapsulated within their own file, jdk.mk, which is
+            always included by default in ns/coreconf/config.mk.
+            However, the definitions within this file are only ever
+            activated if NS_USE_JDK has been set to be 1.
+
+
+        (8) Two perl scripts (jniregen.pl and outofdate.pl) have been
+            added to the system to foster a more robust development
+            environment for composing Java and JNI programs
+            utilizing the ns/coreconf build system.  Both of these
+            perl scripts are related to resolving dependencies which
+            can not be accomplished through normal makefile dependencies.
+
+        (9) This file, README, was created in an attempt to allow
+            developers who have familiarity with ns/coreconf a simple
+            roadmap for what has changed, as well as a top-level view of
+            what comprises ns/coreconf.  This file was written in
+            ASCII (rather than HTML) primarily to promote simple
+            paginated printing.
+
+OVERVIEW of "config.mk":
+
+    This file contains the configuration information necessary to
+    build each "Core Components" source module:
+
+        include file name       Purpose
+        ===================     =======================================
+        arch.mk                 source and release <architecture> tags
+
+        command.mk              default command macros 
+				(NOTE: may be overridden in $(OS_CONFIG).mk)
+
+        $(OS_CONFIG).mk         <architecture>-specific macros
+                                (dependent upon <architecture> tags)
+
+        tree.mk                 release <tree> tags 
+				(dependent upon <architecture> tags)
+
+        module.mk               source and release <component> tags 
+				(NOTE:  A component is also called a module 
+				or a subsystem.  This file is dependent upon
+                                $(MODULE) being defined on the command
+                                line, as an environment variable, or in
+                                individual makefiles, or more
+                                appropriately, manifest.mn)
+
+        version.mk              release <version> tags 
+				(dependent upon $(MODULE) being defined on 
+				the command line, as an environment variable, 
+				or in individual makefiles, or more
+                                appropriately, manifest.mn)
+
+        location.mk             macros to figure out binary code location
+                                (dependent upon <platform> tags)
+
+        source.mk               <component>-specific source path
+                                (dependent upon <user_source_tree>,
+                                <source_component>, <version>, and
+                                <platform> tags)
+
+        headers.mk              include switch for support header files 
+				(dependent upon <tree>, <component>, <version>,
+                                and <platform> tags)
+
+        prefix.mk               compute program prefixes
+
+        suffix.mk               compute program suffixes 
+				(dependent upon <architecture> tags)
+
+        jdk.mk                  define JDK 
+				(dependent upon <architecture>,
+                                <source>, and <suffix> tags)
+
+        ruleset.mk              Master "Core Components" rule set
+                                (should always be the last file
+                                included by config.mk)
+
+
+
+OVERVIEW of "rules.mk":
+
+    The "rules.mk" file consists of four sections.  The first section
+    contains the "master" build rules for all binary releases.  While
+    this section can (and should) largely be thought of as "language"
+    independent, it does utilize the "perl" scripting language to
+    perform both the "import" and "release" of binary modules.
+
+    The rules which dwell in this section and their purpose:
+
+
+        CATEGORY/rule::         Purpose
+        ===================     =======================================
+
+        GENERAL
+        -------
+        all::                   "default" all-encompassing rule which
+                                performs "export libs program install"
+
+        export::                recursively copy specified
+                                cross-platform header files to the
+                                $(SOURCE_XPHEADERS_DIR) directory;
+                                recursively copy specified
+                                machine-dependent header files to the
+                                $(SOURCE_MDHEADERS_DIR) directory;
+                                although all rules can be written to
+                                repetively "chain" into other sections,
+                                this rule is the most commonly used
+                                rule to "chain" into other sections
+                                such as Java providing a simple
+                                mechanism which allows no need for
+                                developers to memorize specialized
+                                rules
+
+        libs::                  recursively build
+                                static (archival) $(LIBRARY), shared
+                                (dynamic link) $(SHARED_LIBRARY),
+                                and/or import $(IMPORT_LIBRARY)
+                                libraries
+
+        program::               recursively build $(PROGRAM)
+                                executable
+
+        install::               recursively copy all libraries to
+                                $(SOURCE_LIB_DIR) directory;
+                                recursively copy all executables to
+                                $(SOURCE_BIN_DIR) directory
+
+        clean::                 remove all files specified in the
+                                $(ALL_TRASH) variable
+
+        clobber::               synonym for "clean::" rule
+
+        realclean::             remove all files specified by
+                                $(wildcard *.OBJ), dist, and in
+                                the $(ALL_TRASH) variable
+
+        clobber_all::           synonym for "realclean::" rule
+
+        private_export::        recursively copy specified
+                                cross-platform header files to the
+                                $(SOURCE_XPPRIVATE_DIR) directory
+
+
+        IMPORT
+        ------
+        import::                uses perl script to retrieve specified
+                                VERSION of the binary release from
+                                $(RELEASE_TREE)
+
+        RELEASE
+        -------
+        release_clean::         remove all files from the
+                                $(SOURCE_RELEASE_PREFIX) directory
+
+        release::               place specified VERSION of the
+                                binary release in the appropriate
+                                $(RELEASE_TREE) directory
+
+        release_export::        recursively copy specified
+                                cross-platform header files to the
+                                $(SOURCE_XPHEADERS_DIR)/include
+                                directory
+
+        release_md::            recursively copy all libraries to
+                                $(SOURCE_RELEASE_PREFIX)/
+                                $(SOURCE_RELEASE_LIB_DIR) directory;
+                                recursively copy all executables to
+                                $(SOURCE_RELEASE_PREFIX)/
+                                $(SOURCE_RELEASE_BIN_DIR) directory
+
+        release_jars::          use perl script to package appropriate
+                                files in the $(XPCLASS_JAR),
+                                $(XPHEADER_JAR), $(MDHEADER_JAR), and
+                                $(MDBINARY_JAR) jar files
+
+        release_cpdistdir::     use perl script to copy the
+                                $(XPCLASS_JAR), $(XPHEADER_JAR),
+                                $(MDHEADER_JAR), and $(MDBINARY_JAR)
+                                jar files to the specified VERSION
+                                of the $(RELEASE_TREE) directory
+
+
+
+        TOOLS and AUTOMATION
+        --------------------
+        platform::              tool used to display the platform name
+                                as composed within the "arch.mk" file
+
+        autobuild::             automation rule used by "Bonsai" and
+                                "Tinderbox" to automatically generate
+                                binary releases on various platforms
+
+        tests::                 automation tool used to run the
+                                "regress" and "reporter" tools 
+                                on various regression test suites
+
+    The second section of "rules.mk" primarily contains several
+    "language" dependent build rules for binary releases.  These are
+    generally "computed" rules (created on the "fly"), and include
+    rules used by "C", "C++", assembly, the preprocessor, perl, and
+    the shell.
+
+    The rules which dwell in this section and their purpose:
+
+
+        CATEGORY/rule::                   Purpose
+        ===================               =============================
+
+        LIBRARIES
+        ---------
+        $(LIBRARY):                       build the static library
+                                          specified by the $(LIBRARY)
+                                          variable
+
+        $(IMPORT_LIBRARY):                build the import library
+                                          specified by the
+                                          $(IMPORT_LIBRARY) variable
+
+        $(SHARED_LIBRARY):                build the shared
+                                          (dynamic link) library
+                                          specified by the
+                                          $(SHARED_LIBRARY) variable
+
+
+        PROGRAMS
+        --------
+        $(PROGRAM):                       build the binary executable
+                                          specified by the $(PROGRAM)
+                                          rule
+
+        $(OBJDIR)/
+        $(PROG_PREFIX)%.pure:             build the "purified" binary
+                                          executable specified by this
+                                          rule
+
+
+        OBJECTS
+        -------
+        $(OBJDIR)/
+        $(PROG_PREFIX)%$(OBJ_SUFFIX):     build the object file
+                                          associated with the
+                                          makefile rule dependency:
+
+                                              %.c   = C file
+                                              %.cpp = C++ file
+                                              %.cc  = C++ file
+                                              %.s   = assembly file
+                                              %.S   = assembly file
+
+        $(OBJDIR)/
+        $(PROG_PREFIX)%:                  (NOTE: deprecated rule)
+                                          build the object file
+                                          associated with the
+                                          makefile rule dependency:
+
+                                              %.cpp = C++ file
+
+        MISCELLANEOUS
+        -------------
+        %.i:                              build the preprocessor file
+                                          associated with the
+                                          makefile rule dependency:
+
+                                              %.c   = C file
+                                              %.cpp = C++ file
+
+        %:                                process the specified file
+                                          using the method associated
+                                          with the makefile rule
+                                          dependency:
+
+                                              %.pl = perl script
+                                              %.sh = shell script
+
+        alltags:                          tool used to recursively
+                                          create a "ctags"-style
+                                          file for reference
+
+    The third section of "rules.mk' primarily contains several JAVA
+    "language" build rules for binary releases.  These are also
+    generally "computed" rules (created on the "fly").
+
+    The rules which dwell in this section and their purpose:
+
+
+        CATEGORY/rule::                   Purpose
+        ===================               =============================
+        $(JAVA_DESTPATH)::                create directory specified
+                                          as the Java destination path
+                                          for where classes are
+                                          deposited
+
+        $(JAVA_DESTPATH)/$(PACKAGE)::     create directories specified
+                                          within the $(PACKAGE)
+                                          variable
+
+        $(JMCSRCDIR)::                    create directory specified
+                                          as the JMC destination path
+
+        $(JRI_HEADER_CFILES):             used to generate/regenerate
+                                          JRI header files for "C"
+
+        $(JRI_STUB_CFILES):               used to generate/regenerate
+                                          JRI stub files for "C"
+
+        $(JNI_HEADERS):                   used to generate/regenerate
+                                          JNI header files for "C"
+
+    The fourth section of "rules.mk" primarily contains miscellaneous
+    build rules for binary releases.  Many of these rules are here to
+    create new subdirectories, manage dependencies, and/or override
+    standard gmake "Makefile" rules.
+
+    The rules which dwell in this section and their purpose:
+
+
+        CATEGORY/rule::                   Purpose
+        ===================               =============================
+
+        $(PUBLIC_EXPORT_DIR)::            create directory used to
+                                          house public "C" header files
+
+        $(PRIVATE_EXPORT_DIR)::           create directory used to
+                                          house private "C" header
+                                          files
+
+        $(SOURCE_XP_DIR)/
+        release/include::                 create directory used to
+                                          house "C" header files
+                                          contained in a release
+
+        $(MKDEPENDENCIES)::               for UNIX systems, create
+                                          a directory used to house
+                                          dependencies and utilize
+                                          the $(MKDEPEND) rule to
+                                          create them
+
+        $(MKDEPEND)::                     cd to the dependency
+                                          directory and create them
+
+        depend::                          if $(OBJS) exist, perform the
+                                          $(MKDEPEND) rule followed by
+                                          the $(MKDEPENDENCIES) rule
+
+        dependclean::                     remove all files contained
+                                          in the dependency repository
+
+        .DEFAULT:                         standard gmake rule
+
+        .SUFFIXES:                        standard gmake rule
+
+        .PRECIOUS:                        standard gmake rule
+
+        .PHONY:                           standard gmake rule
+
diff --git a/nss/coreconf/RISCOS.mk b/nss/coreconf/RISCOS.mk
new file mode 100644
index 0000000..f8d9e2f
--- /dev/null
+++ b/nss/coreconf/RISCOS.mk
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+LIB_SUFFIX  = a
+DLL_SUFFIX  = so
+AR          = ar cr $@
+LDOPTS     += -L$(SOURCE_LIB_DIR)
+MKSHLIB     = $(CC) $(DSO_LDOPTS) -Wl,-soname -Wl,$(@:$(OBJDIR)/%.so=%.so)
+
+OS_RELEASE  =
+OS_TARGET   = RISCOS
+
+DSO_CFLAGS  = -fPIC
+DSO_LDOPTS  = -shared
+
+ifdef BUILD_OPT
+	OPTIMIZER = -O3
+endif
diff --git a/nss/coreconf/ReliantUNIX.mk b/nss/coreconf/ReliantUNIX.mk
new file mode 100644
index 0000000..8af2c3d
--- /dev/null
+++ b/nss/coreconf/ReliantUNIX.mk
@@ -0,0 +1,58 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = cc
+
+ifdef NS_USE_GCC
+	## gcc-2.7.2 homebrewn
+	CC          = gcc
+	CCC         = g++
+	AS          = $(CC)
+	ASFLAGS     += -x assembler-with-cpp
+	LD          = gld
+	ODD_CFLAGS  = -pipe -Wall -Wno-format -Wno-switch
+	ifdef BUILD_OPT
+		OPTIMIZER += -O6
+	endif
+	MKSHLIB     = $(LD)
+	MKSHLIB    += -G -h $(@:$(OBJDIR)/%.so=%.so)
+	DSO_LDOPTS += -G -Xlinker -Blargedynsym
+else
+	## native compiler (CDS++ 1.0)
+#	CC   = /usr/bin/cc
+	CC   = cc
+	CCC  = /usr/bin/CC
+	AS   = /usr/bin/cc
+	ODD_CFLAGS  = 
+	ifdef BUILD_OPT
+		OPTIMIZER += -O -F Olimit,4000
+	endif
+	MKSHLIB     = $(CC)
+	MKSHLIB    += -G -h $(@:$(OBJDIR)/%.so=%.so)
+	DSO_LDOPTS += -G -W l,-Blargedynsym
+endif
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+NOSUCHFILE  = /sni-rm-f-sucks
+ODD_CFLAGS += -DSVR4 -DSNI -DRELIANTUNIX
+CPU_ARCH    = mips
+RANLIB      = /bin/true
+
+# For purify
+NOMD_OS_CFLAGS += $(ODD_CFLAGS)
+
+# we do not have -MDupdate ...
+OS_CFLAGS   += $(NOMD_OS_CFLAGS)
+OS_LIBS     += -lsocket -lnsl -lresolv -lgen -ldl -lc /usr/ucblib/libucb.a
+
+ifdef DSO_BACKEND
+	DSO_LDOPTS += -h $(DSO_NAME)
+endif
diff --git a/nss/coreconf/ReliantUNIX5.4.mk b/nss/coreconf/ReliantUNIX5.4.mk
new file mode 100644
index 0000000..f52cb7f
--- /dev/null
+++ b/nss/coreconf/ReliantUNIX5.4.mk
@@ -0,0 +1,5 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+include $(CORE_DEPTH)/coreconf/ReliantUNIX.mk
diff --git a/nss/coreconf/SCOOS5.0.mk b/nss/coreconf/SCOOS5.0.mk
new file mode 100644
index 0000000..5d73220
--- /dev/null
+++ b/nss/coreconf/SCOOS5.0.mk
@@ -0,0 +1,6 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/SCO_SV3.2.mk
diff --git a/nss/coreconf/SCO_SV3.2.mk b/nss/coreconf/SCO_SV3.2.mk
new file mode 100644
index 0000000..e0b9fe8
--- /dev/null
+++ b/nss/coreconf/SCO_SV3.2.mk
@@ -0,0 +1,60 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = cc
+
+CC         = cc
+OS_CFLAGS += -b elf -KPIC
+CCC        = g++
+CCC       += -b elf -DPRFSTREAMS_BROKEN -I/usr/local/lib/g++-include
+# CCC      = $(CORE_DEPTH)/build/hcpp
+# CCC     += +.cpp +w
+RANLIB     = /bin/true
+
+#
+# -DSCO_PM - Policy Manager AKA: SCO Licensing
+# -DSCO - Changes to Netscape source (consistent with AIX, LINUX, etc..)
+# -Dsco - Needed for /usr/include/X11/*
+#
+OS_CFLAGS   += -DSCO_SV -DSYSV -D_SVID3 -DHAVE_STRERROR -DSW_THREADS -DSCO_PM -DSCO -Dsco
+#OS_LIBS     += -lpmapi -lsocket -lc
+MKSHLIB      = $(LD)
+MKSHLIB     += $(DSO_LDOPTS)
+XINC         = /usr/include/X11
+MOTIFLIB    += -lXm
+INCLUDES    += -I$(XINC)
+CPU_ARCH     = x86
+GFX_ARCH     = x
+ARCH         = sco
+LOCALE_MAP   = $(CORE_DEPTH)/cmd/xfe/intl/sco.lm
+EN_LOCALE    = C
+DE_LOCALE    = de_DE.ISO8859-1
+FR_LOCALE    = fr_FR.ISO8859-1
+JP_LOCALE    = ja
+SJIS_LOCALE  = ja_JP.SJIS
+KR_LOCALE    = ko_KR.EUC
+CN_LOCALE    = zh
+TW_LOCALE    = zh
+I2_LOCALE    = i2
+LOC_LIB_DIR  = /usr/lib/X11
+NOSUCHFILE   = /solaris-rm-f-sucks
+BSDECHO      = /bin/echo
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+#
+# These defines are for building unix plugins
+#
+BUILD_UNIX_PLUGINS  = 1
+#DSO_LDOPTS         += -b elf -G -z defs
+DSO_LDOPTS         += -b elf -G
+
+# Used for Java compiler
+EXPORT_FLAGS += -W l,-Bexport
diff --git a/nss/coreconf/SunOS4.1.3_U1.mk b/nss/coreconf/SunOS4.1.3_U1.mk
new file mode 100644
index 0000000..a3eb59f
--- /dev/null
+++ b/nss/coreconf/SunOS4.1.3_U1.mk
@@ -0,0 +1,28 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = cc
+
+INCLUDES += -I/usr/dt/include -I/usr/openwin/include -I/home/motif/usr/include
+
+# SunOS 4 _requires_ that shared libs have a version number.
+# XXX FIXME: Version number should use NSPR_VERSION_NUMBER?
+DLL_SUFFIX = so.1.0
+CC         = gcc
+RANLIB     = ranlib
+CPU_ARCH   = sparc
+
+# Purify doesn't like -MDupdate
+NOMD_OS_CFLAGS += -Wall -Wno-format -Wno-switch -DSUNOS4
+OS_CFLAGS      += $(DSO_CFLAGS) $(NOMD_OS_CFLAGS) -MDupdate $(DEPENDENCIES)
+MKSHLIB         = $(LD)
+MKSHLIB        += $(DSO_LDOPTS)
+NOSUCHFILE      = /solaris-rm-f-sucks
+DSO_LDOPTS      =
+
+# -fPIC generates position-independent code for use in a shared library.
+DSO_CFLAGS += -fPIC
diff --git a/nss/coreconf/SunOS5.mk b/nss/coreconf/SunOS5.mk
new file mode 100644
index 0000000..ce9e2cb
--- /dev/null
+++ b/nss/coreconf/SunOS5.mk
@@ -0,0 +1,144 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+# Sun's WorkShop defines v8, v8plus and v9 architectures.
+# gcc on Solaris defines v8 and v9 "cpus".  
+# gcc's v9 is equivalent to Workshop's v8plus.
+# gcc's -m64 is equivalent to Workshop's v9
+
+ifeq ($(USE_64), 1)
+  ifdef NS_USE_GCC
+      ARCHFLAG=-m64
+  else
+      ifeq ($(OS_TEST),i86pc)
+        ARCHFLAG=-xarch=amd64
+      else
+        ARCHFLAG=-xarch=v9
+      endif
+  endif
+else
+  ifneq ($(OS_TEST),i86pc)
+    ifdef NS_USE_GCC
+      ARCHFLAG=-mcpu=v9
+    else
+      ARCHFLAG=-xarch=v8plus
+    endif
+  endif
+endif
+
+DEFAULT_COMPILER = cc
+
+ifdef NS_USE_GCC
+	CC         = gcc
+	OS_CFLAGS += -Wall -Wno-format -Werror-implicit-function-declaration -Wno-switch
+	CCC        = g++
+	CCC       += -Wall -Wno-format
+	ASFLAGS	  += -x assembler-with-cpp
+	OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
+	ifdef USE_MDUPDATE
+		OS_CFLAGS += -MDupdate $(DEPENDENCIES)
+	endif
+	ifdef BUILD_OPT
+	    OPTIMIZER = -O2
+	    # Enable this for accurate dtrace profiling
+	    # OPTIMIZER += -mno-omit-leaf-frame-pointer -fno-omit-frame-pointer
+	endif
+else
+	CC         = cc
+	CCC        = CC
+	ASFLAGS   += -Wa,-P
+	OS_CFLAGS += $(NOMD_OS_CFLAGS) $(ARCHFLAG)
+	ifndef BUILD_OPT
+		OS_CFLAGS  += -xs
+	else
+		OPTIMIZER = -xO4
+	endif
+	ifdef USE_TCOV
+		CC += -xprofile=tcov
+		CCC += -xprofile=tcov
+	endif
+endif
+
+RANLIB      = echo
+CPU_ARCH    = sparc
+OS_DEFINES += -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT
+
+ifeq ($(OS_TEST),i86pc)
+ifeq ($(USE_64),1)
+    CPU_ARCH		= x86_64
+else
+    CPU_ARCH		= x86
+    OS_DEFINES		+= -Di386
+endif
+endif
+
+# Purify doesn't like -MDupdate
+NOMD_OS_CFLAGS += $(DSO_CFLAGS) $(OS_DEFINES) $(SOL_CFLAGS)
+
+MKSHLIB  = $(CC) $(DSO_LDOPTS) $(RPATH)
+ifdef NS_USE_GCC
+ifeq (GNU,$(findstring GNU,$(shell `$(CC) -print-prog-name=ld` -v 2>&1)))
+	GCC_USE_GNU_LD = 1
+endif
+endif
+ifdef MAPFILE
+ifdef NS_USE_GCC
+ifdef GCC_USE_GNU_LD
+    MKSHLIB += -Wl,--version-script,$(MAPFILE)
+else
+    MKSHLIB += -Wl,-M,$(MAPFILE)
+endif
+else
+    MKSHLIB += -M $(MAPFILE)
+endif
+endif
+PROCESS_MAP_FILE = grep -v ';-' $< | \
+         sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > $@
+
+# ld options:
+# -G: produce a shared object
+# -z defs: no unresolved symbols allowed
+ifdef NS_USE_GCC
+ifeq ($(USE_64), 1)
+	DSO_LDOPTS += -m64
+endif
+	DSO_LDOPTS += -shared -h $(notdir $@)
+else
+ifeq ($(USE_64), 1)
+	ifeq ($(OS_TEST),i86pc)
+	    DSO_LDOPTS +=-xarch=amd64
+	else
+	    DSO_LDOPTS +=-xarch=v9
+	endif
+endif
+	DSO_LDOPTS += -G -h $(notdir $@)
+endif
+DSO_LDOPTS += -z combreloc -z defs -z ignore
+
+# -KPIC generates position independent code for use in shared libraries.
+# (Similarly for -fPIC in case of gcc.)
+ifdef NS_USE_GCC
+	DSO_CFLAGS += -fPIC
+else
+	DSO_CFLAGS += -KPIC
+endif
+
+NOSUCHFILE   = /solaris-rm-f-sucks
+
+ifeq ($(BUILD_SUN_PKG), 1)
+# The -R '$ORIGIN' linker option instructs this library to search for its
+# dependencies in the same directory where it resides.
+ifeq ($(USE_64), 1)
+RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
+else
+RPATH = -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
+endif
+else
+RPATH = -R '$$ORIGIN'
+endif
+
+OS_LIBS += -lthread -lnsl -lsocket -lposix4 -ldl -lc
diff --git a/nss/coreconf/UNIX.mk b/nss/coreconf/UNIX.mk
new file mode 100644
index 0000000..b448e75
--- /dev/null
+++ b/nss/coreconf/UNIX.mk
@@ -0,0 +1,66 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+XP_DEFINE  += -DXP_UNIX
+LIB_SUFFIX  = a
+DLL_SUFFIX  = so
+AR          = ar cr $@
+LDOPTS     += -L$(SOURCE_LIB_DIR)
+
+ifdef BUILD_OPT
+	OPTIMIZER  += -O
+	DEFINES    += -UDEBUG -DNDEBUG
+else
+	OPTIMIZER  += -g
+	USERNAME   := $(shell whoami)
+	USERNAME   := $(subst -,_,$(USERNAME))
+	DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
+endif
+
+ifdef BUILD_TREE
+NSINSTALL_DIR  = $(BUILD_TREE)/nss
+NSINSTALL      = $(BUILD_TREE)/nss/nsinstall
+else
+NSINSTALL_DIR  = $(CORE_DEPTH)/coreconf/nsinstall
+NSINSTALL      = $(NSINSTALL_DIR)/$(OBJDIR_NAME)/nsinstall
+endif
+
+MKDEPEND_DIR    = $(CORE_DEPTH)/coreconf/mkdepend
+MKDEPEND        = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend
+MKDEPENDENCIES  = $(OBJDIR_NAME)/depend.mk
+
+####################################################################
+#
+# One can define the makefile variable NSDISTMODE to control
+# how files are published to the 'dist' directory.  If not
+# defined, the default is "install using relative symbolic
+# links".  The two possible values are "copy", which copies files
+# but preserves source mtime, and "absolute_symlink", which
+# installs using absolute symbolic links.
+#   - THIS IS NOT PART OF THE NEW BINARY RELEASE PLAN for 9/30/97
+#   - WE'RE KEEPING IT ONLY FOR BACKWARDS COMPATIBILITY
+####################################################################
+
+ifeq ($(NSDISTMODE),copy)
+	# copy files, but preserve source mtime
+	INSTALL  = $(NSINSTALL)
+	INSTALL += -t
+else
+	ifeq ($(NSDISTMODE),absolute_symlink)
+		# install using absolute symbolic links
+		INSTALL  = $(NSINSTALL)
+		INSTALL += -L `pwd`
+	else
+		# install using relative symbolic links
+		INSTALL  = $(NSINSTALL)
+		INSTALL += -R
+	endif
+endif
+
+define MAKE_OBJDIR
+if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi
+endef
+
+include $(CORE_DEPTH)/coreconf/Werror.mk
diff --git a/nss/coreconf/UNIXWARE2.1.mk b/nss/coreconf/UNIXWARE2.1.mk
new file mode 100644
index 0000000..f1cf8c9
--- /dev/null
+++ b/nss/coreconf/UNIXWARE2.1.mk
@@ -0,0 +1,29 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Config stuff for SCO Unixware 2.1
+#
+
+include $(CORE_DEPTH)/coreconf/UNIX.mk
+
+DEFAULT_COMPILER = $(CORE_DEPTH)/build/hcc
+
+CC         = $(CORE_DEPTH)/build/hcc
+CCC         = $(CORE_DEPTH)/build/hcpp
+RANLIB      = true
+OS_CFLAGS   = -KPIC -DSVR4 -DSYSV -DUNIXWARE
+MKSHLIB     = $(LD)
+MKSHLIB    += $(DSO_LDOPTS)
+DSO_LDOPTS += -G
+CPU_ARCH    = x86
+ARCH        = sco
+NOSUCHFILE  = /solaris-rm-f-sucks
+ifdef MAPFILE
+# Add LD options to restrict exported symbols to those in the map file
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
diff --git a/nss/coreconf/WIN32.mk b/nss/coreconf/WIN32.mk
new file mode 100644
index 0000000..be795f0
--- /dev/null
+++ b/nss/coreconf/WIN32.mk
@@ -0,0 +1,378 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Configuration common to all versions of Windows NT
+# and Windows 95
+#
+
+DEFAULT_COMPILER = cl
+
+ifdef NS_USE_GCC
+	CC           = gcc
+	CCC          = g++
+	LD           = ld
+	AR           = ar
+	AR          += cr $@
+	RANLIB       = ranlib
+	BSDECHO      = echo
+	RC           = windres.exe -O coff --use-temp-file
+	LINK_DLL      = $(CC) $(OS_DLLFLAGS) $(DLLFLAGS)
+else
+	CC           = cl
+	CCC          = cl
+	LD           = link
+        LDFLAGS += -nologo
+	AR           = lib
+	AR          += -nologo -OUT:$@
+	RANLIB       = echo
+	BSDECHO      = echo
+	RC           = rc.exe
+	MT           = mt.exe
+	# Check for clang-cl
+	CLANG_CL    := $(shell expr `$(CC) -? 2>&1 | grep -w clang | wc -l` \> 0)
+	# Determine compiler version
+	ifeq ($(CLANG_CL),1)
+	    # clang-cl pretends to be MSVC 2012.
+	    CC_VERSION  := 17.00.00.00
+	else
+	    CC_VERSION  := $(shell $(CC) 2>&1 | sed -ne \
+		's|.* \([0-9]\+\.[0-9]\+\.[0-9]\+\(\.[0-9]\+\)\?\).*|\1|p')
+	endif
+	# Change the dots to spaces.
+	_CC_VERSION_WORDS := $(subst ., ,$(CC_VERSION))
+	_CC_VMAJOR  := $(word 1,$(_CC_VERSION_WORDS))
+	_CC_VMINOR  := $(word 2,$(_CC_VERSION_WORDS))
+	_CC_RELEASE := $(word 3,$(_CC_VERSION_WORDS))
+	_CC_BUILD   := $(word 4,$(_CC_VERSION_WORDS))
+	_MSC_VER     = $(_CC_VMAJOR)$(_CC_VMINOR)
+	_MSC_VER_6   = 1200
+	# VC10 (2010) is 16.00.30319.01, VC10SP1 is 16.00.40219.01.
+	_MSC_VER_GE_10SP1 := $(shell expr $(_MSC_VER) \> 1600 \| \
+		$(_MSC_VER) = 1600 \& $(_CC_RELEASE) \>= 40219)
+	# VC11 (2012).
+	_MSC_VER_GE_11 := $(shell expr $(_MSC_VER) \>= 1700)
+	# VC12 (2013).
+	_MSC_VER_GE_12 := $(shell expr $(_MSC_VER) \>= 1800)
+	ifeq ($(_CC_VMAJOR),14)
+	    # -DYNAMICBASE is only supported on VC8SP1 or newer,
+	    # so be very specific here!
+	    # VC8 is 14.00.50727.42, VC8SP1 is 14.00.50727.762
+	    ifeq ($(_CC_RELEASE).$(_CC_BUILD),50727.42)
+		USE_DYNAMICBASE =
+	    else
+	    ifeq ($(_CC_RELEASE).$(_CC_BUILD),50727.762)
+		USE_DYNAMICBASE = 1
+	    else
+		_LOSER := $(error Unknown compiler version $(CC_VERSION))
+	    endif
+	    endif
+	endif
+	# if $(_CC_VMAJOR) >= 15
+	# NOTE: 'sort' sorts the words in lexical order, so this test works
+	# only if $(_CC_VMAJOR) is two digits.
+	ifeq ($(firstword $(sort $(_CC_VMAJOR) 15)),15)
+	    USE_DYNAMICBASE = 1
+	endif
+endif
+
+ifdef BUILD_TREE
+NSINSTALL_DIR  = $(BUILD_TREE)/nss
+else
+NSINSTALL_DIR  = $(CORE_DEPTH)/coreconf/nsinstall
+endif
+NSINSTALL      = nsinstall
+
+MKDEPEND_DIR    = $(CORE_DEPTH)/coreconf/mkdepend
+MKDEPEND        = $(MKDEPEND_DIR)/$(OBJDIR_NAME)/mkdepend.exe
+# Note: MKDEPENDENCIES __MUST__ be a relative pathname, not absolute.
+# If it is absolute, gmake will crash unless the named file exists.
+MKDEPENDENCIES  = $(OBJDIR_NAME)/depend.mk
+
+INSTALL      = $(NSINSTALL)
+MAKE_OBJDIR  = mkdir
+MAKE_OBJDIR += $(OBJDIR)
+GARBAGE     += $(OBJDIR)/vc20.pdb $(OBJDIR)/vc40.pdb
+XP_DEFINE   += -DXP_PC
+ifdef NS_USE_GCC
+LIB_SUFFIX   = a
+else
+LIB_SUFFIX   = lib
+endif
+DLL_SUFFIX   = dll
+
+ifdef NS_USE_GCC
+    OS_CFLAGS += -mwindows -mms-bitfields
+    _GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY)
+    DLLFLAGS  += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB))
+    ifdef BUILD_OPT
+	ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+		OPTIMIZER += -Os
+	else
+		OPTIMIZER += -O2
+	endif
+	DEFINES    += -UDEBUG -DNDEBUG
+    else
+	OPTIMIZER  += -g
+	NULLSTRING :=
+	SPACE      := $(NULLSTRING) # end of the line
+	USERNAME   := $(subst $(SPACE),_,$(USERNAME))
+	USERNAME   := $(subst -,_,$(USERNAME))
+	DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
+    endif
+else # !NS_USE_GCC
+    WARNING_CFLAGS = -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \
+                      -D_CRT_NONSTDC_NO_WARNINGS
+    OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS
+    ifndef NSS_ENABLE_WERROR
+        NSS_ENABLE_WERROR = 1
+    endif
+    ifeq ($(NSS_ENABLE_WERROR),1)
+        WARNING_CFLAGS += -WX
+    endif
+    ifeq ($(_MSC_VER),$(_MSC_VER_6))
+    ifndef MOZ_DEBUG_SYMBOLS
+	OS_DLLFLAGS += -PDB:NONE
+    endif
+    endif
+    ifdef USE_DYNAMICBASE
+	OS_DLLFLAGS += -DYNAMICBASE
+    endif
+    #
+    # Define USE_DEBUG_RTL if you want to use the debug runtime library
+    # (RTL) in the debug build.
+    # Define USE_STATIC_RTL if you want to use the static RTL.
+    #
+    ifdef USE_DEBUG_RTL
+	ifdef USE_STATIC_RTL
+		OS_CFLAGS += -MTd
+	else
+		OS_CFLAGS += -MDd
+	endif
+	OS_CFLAGS += -D_CRTDBG_MAP_ALLOC
+    else
+	ifdef USE_STATIC_RTL
+		OS_CFLAGS += -MT
+	else
+		OS_CFLAGS += -MD
+	endif
+    endif
+    ifdef BUILD_OPT
+	ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
+		OPTIMIZER += -O1
+	else
+		OPTIMIZER += -O2
+	endif
+	DEFINES    += -UDEBUG -DNDEBUG
+	DLLFLAGS   += -OUT:$@
+	ifdef MOZ_DEBUG_SYMBOLS
+		ifdef MOZ_DEBUG_FLAGS
+			OPTIMIZER += $(MOZ_DEBUG_FLAGS) -Fd$(OBJDIR)/
+		else
+			OPTIMIZER += -Zi -Fd$(OBJDIR)/
+		endif
+		DLLFLAGS += -DEBUG -OPT:REF
+		LDFLAGS += -DEBUG -OPT:REF
+	endif
+    else
+	OPTIMIZER += -Zi -Fd$(OBJDIR)/ -Od
+	NULLSTRING :=
+	SPACE      := $(NULLSTRING) # end of the line
+	USERNAME   := $(subst $(SPACE),_,$(USERNAME))
+	USERNAME   := $(subst -,_,$(USERNAME))
+	DEFINES    += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
+	DLLFLAGS   += -DEBUG -OUT:$@
+	LDFLAGS    += -DEBUG 
+ifeq ($(_MSC_VER),$(_MSC_VER_6))
+ifndef MOZ_DEBUG_SYMBOLS
+	LDFLAGS    += -PDB:NONE 
+endif
+endif
+	# Purify requires /FIXED:NO when linking EXEs.
+	LDFLAGS    += /FIXED:NO
+    endif
+ifneq ($(_MSC_VER),$(_MSC_VER_6))
+    # NSS has too many of these to fix, downgrade the warning
+    # Disable C4267: conversion from 'size_t' to 'type', possible loss of data
+    # Disable C4244: conversion from 'type1' to 'type2', possible loss of data
+    # Disable C4018: 'expression' : signed/unsigned mismatch
+    # Disable C4312: 'type cast': conversion from 'type1' to 'type2' of greater size
+    OS_CFLAGS += -w44267 -w44244 -w44018 -w44312
+    ifeq ($(_MSC_VER_GE_12),1)
+	OS_CFLAGS += -FS
+    endif
+endif # !MSVC6
+endif # NS_USE_GCC
+
+ifdef USE_64
+DEFINES += -DWIN64
+else
+DEFINES += -DWIN32
+endif
+
+ifeq (,$(filter-out x386 x86_64,$(CPU_ARCH)))
+ifdef USE_64
+	DEFINES += -D_AMD64_
+	# Use subsystem 5.02 to allow running on Windows XP.
+	ifeq ($(_MSC_VER_GE_11),1)
+		LDFLAGS += -SUBSYSTEM:CONSOLE,5.02
+	endif
+	CPU_ARCH = x86_64
+else
+	DEFINES += -D_X86_
+	# VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring
+	# SSE2. Clang-cl gets confused by -arch:IA32, so don't add it.
+	# (See https://llvm.org/bugs/show_bug.cgi?id=24335)
+	# Use subsystem 5.01 to allow running on Windows XP.
+	ifeq ($(_MSC_VER_GE_11),1)
+		ifneq ($(CLANG_CL),1)
+			OS_CFLAGS += -arch:IA32
+		endif
+		LDFLAGS += -SUBSYSTEM:CONSOLE,5.01
+	endif
+	CPU_ARCH = x386
+endif
+endif
+ifeq ($(CPU_ARCH), ALPHA)
+	DEFINES += -D_ALPHA_=1
+endif
+
+ifdef MAPFILE
+ifndef NS_USE_GCC
+DLLFLAGS += -DEF:$(MAPFILE)
+endif
+endif
+# Change PROCESS to put the mapfile in the correct format for this platform
+PROCESS_MAP_FILE = cp $< $@
+
+
+#
+#  The following is NOT needed for the NSPR 2.0 library.
+#
+
+DEFINES += -D_WINDOWS
+
+# override default, which is ASFLAGS = CFLAGS
+ifdef NS_USE_GCC
+	AS	= $(CC)
+	ASFLAGS = $(INCLUDES)
+else
+ifdef USE_64
+	AS	= ml64.exe
+	ASFLAGS = -nologo -Cp -Sn -Zi $(INCLUDES)
+else
+	AS	= ml.exe
+	ASFLAGS = -nologo -Cp -Sn -Zi -coff -safeseh $(INCLUDES)
+endif
+endif
+
+#
+# override the definitions of RELEASE_TREE found in tree.mk
+#
+ifndef RELEASE_TREE
+    ifdef BUILD_SHIP
+	ifdef USE_SHIPS
+	    RELEASE_TREE = $(NTBUILD_SHIP)
+	else
+	    RELEASE_TREE = //redbuild/components
+	endif
+    else
+	RELEASE_TREE = //redbuild/components
+    endif
+endif
+
+#
+# override the definitions of IMPORT_LIB_PREFIX, LIB_PREFIX, and
+# DLL_PREFIX in prefix.mk
+#
+
+ifndef IMPORT_LIB_PREFIX
+    ifdef NS_USE_GCC
+	IMPORT_LIB_PREFIX = lib
+    else
+	IMPORT_LIB_PREFIX = $(NULL)
+    endif
+endif
+
+ifndef LIB_PREFIX
+    ifdef NS_USE_GCC
+	LIB_PREFIX = lib
+    else
+	LIB_PREFIX = $(NULL)
+    endif
+endif
+
+ifndef DLL_PREFIX
+    DLL_PREFIX =  $(NULL)
+endif
+
+#
+# override the definitions of various _SUFFIX symbols in suffix.mk
+#
+
+#
+# Object suffixes
+#
+ifndef OBJ_SUFFIX
+    ifdef NS_USE_GCC
+	OBJ_SUFFIX = .o
+    else
+	OBJ_SUFFIX = .obj
+    endif
+endif
+
+#
+# Assembler source suffixes
+#
+ifndef ASM_SUFFIX
+    ifdef NS_USE_GCC
+	ASM_SUFFIX = .s
+    else
+	ASM_SUFFIX = .asm
+    endif
+endif
+
+#
+# Library suffixes
+#
+
+ifndef IMPORT_LIB_SUFFIX
+    IMPORT_LIB_SUFFIX = .$(LIB_SUFFIX)
+endif
+
+ifndef DYNAMIC_LIB_SUFFIX_FOR_LINKING
+    DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(IMPORT_LIB_SUFFIX)
+endif
+
+#
+# Program suffixes
+#
+ifndef PROG_SUFFIX
+    PROG_SUFFIX = .exe
+endif
+
+#
+# When the processor is NOT 386-based on Windows NT, override the
+# value of $(CPU_TAG).  For WinNT, 95, 16, not CE.
+#
+ifneq ($(CPU_ARCH),x386)
+    CPU_TAG = _$(CPU_ARCH)
+endif
+
+#
+# override ruleset.mk, removing the "lib" prefix for library names, and
+# adding the "32" after the LIBRARY_VERSION.
+#
+ifdef LIBRARY_NAME
+    SHARED_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).dll
+    IMPORT_LIBRARY = $(OBJDIR)/$(LIBRARY_NAME)$(LIBRARY_VERSION)32$(JDK_DEBUG_SUFFIX).lib
+endif
+
+#
+# override the TARGETS defined in ruleset.mk, adding IMPORT_LIBRARY
+#
+ifndef TARGETS
+    TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
+endif
diff --git a/nss/coreconf/WIN95.mk b/nss/coreconf/WIN95.mk
new file mode 100644
index 0000000..fe5b43d
--- /dev/null
+++ b/nss/coreconf/WIN95.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Config stuff for OS_TARGET=WIN95
+#
+
+include $(CORE_DEPTH)/coreconf/WIN32.mk
+
+DEFINES += -DWIN95
+
+# WINNT uses the lib prefix, Win95 doesn't
+NSPR31_LIB_PREFIX = $(NULL)
diff --git a/nss/coreconf/WINNT.mk b/nss/coreconf/WINNT.mk
new file mode 100644
index 0000000..6052e56
--- /dev/null
+++ b/nss/coreconf/WINNT.mk
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Config stuff for OS_TARGET=WINNT
+#
+
+include $(CORE_DEPTH)/coreconf/WIN32.mk
+
+DEFINES += -DWINNT
+
+#
+# Win NT needs -GT so that fibers can work
+#
+OS_CFLAGS += -GT
+
+# WINNT uses the lib prefix, Win95 doesn't
+NSPR31_LIB_PREFIX = lib
diff --git a/nss/coreconf/Werror.mk b/nss/coreconf/Werror.mk
new file mode 100644
index 0000000..69155eb
--- /dev/null
+++ b/nss/coreconf/Werror.mk
@@ -0,0 +1,105 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This sets WARNING_CFLAGS for gcc-like compilers.
+
+ifndef CC_IS_CLANG
+  CC_IS_CLANG := $(and $(findstring clang, $(shell $(CC) --version 2>&1)), 1)
+  # Export CC_IS_CLANG to save a shell invocation when recursing.
+  export CC_IS_CLANG
+endif
+
+ifdef CC_IS_CLANG
+  # Clang claims GCC 4.2.1 compatibility, see GCC_VERSION
+  CC_IS_GCC = 1
+  # Export CC_IS_GCC to save a shell invocation when recursing.
+  export CC_IS_GCC
+endif
+
+ifndef CC_IS_GCC
+  CC_IS_GCC := $(shell $(CC) -x c -E -Wall -Werror /dev/null >/dev/null 2>&1 && echo 1)
+  # Export CC_IS_GCC to save a shell invocation when recursing.
+  export CC_IS_GCC
+endif
+
+ifndef CC_NAME
+  ifeq (1,$(CC_IS_GCC))
+    CC_NAME := $(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')
+  else
+    CC_NAME := $(notdir $(CC))
+  endif
+  # Export CC_NAME to save a shell invocation when recursing.
+  export CC_NAME
+endif
+
+ifndef GCC_VERSION
+  ifeq (1,$(CC_IS_GCC))
+    GCC_VERSION := $(subst ., ,$(shell $(CC) -dumpversion || echo x.x.x))
+    # Export GCC_VERSION to save a shell invocation when recursing.
+    export GCC_VERSION
+  endif
+endif
+
+ifndef WARNING_CFLAGS
+  ifneq (1,$(CC_IS_GCC))
+    WARNING_CFLAGS = $(NULL)
+  else
+    # This tests to see if enabling the warning is possible before
+    # setting an option to disable it.
+    disable_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1))
+
+    WARNING_CFLAGS = -Wall
+    ifdef CC_IS_CLANG
+      # -Qunused-arguments : clang objects to arguments that it doesn't understand
+      #    and fixing this would require rearchitecture
+      WARNING_CFLAGS += -Qunused-arguments
+      # -Wno-parentheses-equality : because clang warns about macro expansions
+      WARNING_CFLAGS += $(call disable_warning,parentheses-equality)
+      ifdef BUILD_OPT
+        # clang is unable to handle glib's expansion of strcmp and similar for optimized
+        # builds, so ignore the resulting errors.
+        # See https://llvm.org/bugs/show_bug.cgi?id=20144
+        WARNING_CFLAGS += $(call disable_warning,array-bounds)
+        WARNING_CFLAGS += $(call disable_warning,unevaluated-expression)
+      endif
+    endif # if clang
+
+    ifndef NSS_ENABLE_WERROR
+      ifeq ($(OS_TARGET),Android)
+        # Android lollipop generates the following warning:
+        # error: call to 'sprintf' declared with attribute warning:
+        #   sprintf is often misused; please use snprintf [-Werror]
+        # So, just suppress -Werror entirely on Android
+        NSS_ENABLE_WERROR = 0
+        $(warning OS_TARGET is Android, disabling -Werror)
+      else
+        ifdef CC_IS_CLANG
+          # Clang reports its version as an older gcc, but it's OK
+          NSS_ENABLE_WERROR = 1
+        else
+          ifneq (,$(filter 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+            NSS_ENABLE_WERROR = 1
+          endif
+          ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            NSS_ENABLE_WERROR = 1
+          endif
+        endif
+        ifndef NSS_ENABLE_WERROR
+          $(warning Unable to find gcc 4.8 or greater, disabling -Werror)
+          NSS_ENABLE_WERROR = 0
+        endif
+      endif
+    endif #ndef NSS_ENABLE_WERROR
+
+    ifeq ($(NSS_ENABLE_WERROR),1)
+      WARNING_CFLAGS += -Werror
+    else
+      # Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions.
+      # Use this to disable use of that #pragma and the warnings it suppresses.
+      WARNING_CFLAGS += -DNSS_NO_GCC48
+    endif
+  endif
+  export WARNING_CFLAGS
+endif # ndef WARNING_CFLAGS
diff --git a/nss/coreconf/arch.mk b/nss/coreconf/arch.mk
new file mode 100644
index 0000000..79e56d5
--- /dev/null
+++ b/nss/coreconf/arch.mk
@@ -0,0 +1,323 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master "Core Components" macros for getting the OS architecture     #
+# defines these symbols:
+# OS_ARCH	(from uname -r)
+# OS_TEST	(from uname -m)
+# OS_RELEASE	(from uname -v and/or -r)
+# OS_TARGET	User defined, or set to OS_ARCH
+# CPU_ARCH  	(from unmame -m or -p, ONLY on WINNT)
+# OS_CONFIG	OS_TARGET + OS_RELEASE
+# OBJDIR_TAG    (uses GCOV_TAG, 64BIT_TAG)
+# OBJDIR_NAME
+#######################################################################
+
+#
+# Macros for getting the OS architecture
+#
+
+OS_ARCH := $(subst /,_,$(shell uname -s))
+
+#
+# Attempt to differentiate between sparc and x86 Solaris
+#
+
+OS_TEST := $(shell uname -m)
+ifeq ($(OS_TEST),i86pc)
+    OS_RELEASE := $(shell uname -r)_$(OS_TEST)
+else
+    OS_RELEASE := $(shell uname -r)
+endif
+
+#
+# Force the IRIX64 machines to use IRIX.
+#
+
+ifeq ($(OS_ARCH),IRIX64)
+    OS_ARCH = IRIX
+endif
+
+#
+# Force the older BSD/OS versions to use the new arch name.
+#
+
+ifeq ($(OS_ARCH),BSD_386)
+    OS_ARCH = BSD_OS
+endif
+
+#
+# Catch Deterim if SVR4 is NCR or UNIXWARE
+#
+
+ifeq ($(OS_ARCH),UNIX_SV)
+    ifneq ($(findstring NCR, $(shell grep NCR /etc/bcheckrc | head -1 )),)
+	OS_ARCH = NCR
+    else
+	# Make UnixWare something human readable
+	OS_ARCH = UNIXWARE
+    endif
+
+    # Get the OS release number, not 4.2
+    OS_RELEASE := $(shell uname -v)
+endif
+
+ifeq ($(OS_ARCH),UNIX_System_V)
+    OS_ARCH	= NEC
+endif
+
+ifeq ($(OS_ARCH),AIX)
+    OS_RELEASE := $(shell uname -v).$(shell uname -r)
+endif
+
+#
+# Distinguish between OSF1 V4.0B and V4.0D
+#
+
+ifeq ($(OS_ARCH)$(OS_RELEASE),OSF1V4.0)
+    OS_VERSION := $(shell uname -v)
+    ifeq ($(OS_VERSION),564)
+	OS_RELEASE := V4.0B
+    endif
+    ifeq ($(OS_VERSION),878)
+	OS_RELEASE := V4.0D
+    endif
+endif
+
+#
+# SINIX changes name to ReliantUNIX with 5.43
+#
+
+ifeq ($(OS_ARCH),ReliantUNIX-N)
+    OS_ARCH    = ReliantUNIX
+    OS_RELEASE = 5.4
+endif
+
+ifeq ($(OS_ARCH),SINIX-N)
+    OS_ARCH    = ReliantUNIX
+    OS_RELEASE = 5.4
+endif
+
+#
+# Handle FreeBSD 2.2-STABLE, Linux 2.0.30-osfmach3, and
+# IRIX 6.5-ALPHA-1289139620.
+#
+
+ifeq (,$(filter-out Linux FreeBSD IRIX,$(OS_ARCH)))
+    OS_RELEASE := $(shell echo $(OS_RELEASE) | sed 's/-.*//')
+endif
+
+ifeq ($(OS_ARCH),Linux)
+    OS_RELEASE := $(subst ., ,$(OS_RELEASE))
+    ifneq ($(words $(OS_RELEASE)),1)
+	OS_RELEASE := $(word 1,$(OS_RELEASE)).$(word 2,$(OS_RELEASE))
+    endif
+    KERNEL = Linux
+endif
+
+# Since all uses of OS_ARCH that follow affect only userland, we can
+# merge other Glibc systems with Linux here.
+ifeq ($(OS_ARCH),GNU)
+    OS_ARCH = Linux
+    OS_RELEASE = 2.6
+    KERNEL = GNU
+endif
+ifeq ($(OS_ARCH),GNU_kFreeBSD)
+    OS_ARCH = Linux
+    OS_RELEASE = 2.6
+    KERNEL = FreeBSD
+endif
+
+#
+# For OS/2
+#
+ifeq ($(OS_ARCH),OS_2)
+    OS_ARCH = OS2
+    OS_RELEASE := $(shell uname -v)
+endif
+
+#######################################################################
+# Master "Core Components" macros for getting the OS target           #
+#######################################################################
+
+#
+# Note: OS_TARGET should be specified on the command line for gmake.
+# When OS_TARGET=WIN95 is specified, then a Windows 95 target is built.
+# The difference between the Win95 target and the WinNT target is that
+# the WinNT target uses Windows NT specific features not available
+# in Windows 95. The Win95 target will run on Windows NT, but (supposedly)
+# at lesser performance (the Win95 target uses threads; the WinNT target
+# uses fibers).
+#
+# If OS_TARGET is not specified, it defaults to $(OS_ARCH), i.e., no
+# cross-compilation, except on Windows, where it defaults to WIN95.
+#
+
+#
+# On WIN32, we also define the variable CPU_ARCH, if it isn't already.
+#
+ifndef CPU_ARCH
+    ifeq ($(OS_ARCH), WINNT)
+	CPU_ARCH := $(shell uname -p)
+	ifeq ($(CPU_ARCH),I386)
+	    CPU_ARCH = x386
+	endif
+    endif
+endif
+
+# If uname -s returns "Windows_NT", we assume that we are using
+# the uname.exe in MKS toolkit.
+#
+# The -r option of MKS uname only returns the major version number.
+# So we need to use its -v option to get the minor version number.
+# Moreover, it doesn't have the -p option, so we need to use uname -m.
+#
+ifeq ($(OS_ARCH), Windows_NT)
+    OS_ARCH = WINNT
+    OS_MINOR_RELEASE := $(shell uname -v)
+    # strip leading 0
+    OS_MINOR_RELEASE := $(patsubst 0%,%,$(OS_MINOR_RELEASE))
+    OS_RELEASE := $(OS_RELEASE).$(OS_MINOR_RELEASE)
+    ifndef CPU_ARCH
+	CPU_ARCH := $(shell uname -m)
+	#
+	# MKS's uname -m returns "586" on a Pentium machine.
+	#
+	ifneq (,$(findstring 86,$(CPU_ARCH)))
+	    CPU_ARCH = x386
+	endif
+    endif
+endif
+#
+# If uname -s returns "CYGWIN_NT-*", we assume that we are using
+# the uname.exe in the Cygwin tools.
+#
+ifeq (CYGWIN_NT,$(findstring CYGWIN_NT,$(OS_ARCH)))
+    OS_RELEASE := $(patsubst CYGWIN_NT-%,%,$(OS_ARCH))
+    OS_ARCH = WINNT
+    ifndef CPU_ARCH
+    ifeq (WOW64,$(findstring WOW64,$(OS_RELEASE)))
+        OS_RELEASE := $(patsubst %-WOW64,%,$(OS_RELEASE))
+    endif    
+	CPU_ARCH := $(shell uname -m)
+	#
+	# Cygwin's uname -m returns "i686" on a Pentium Pro machine.
+	#
+	ifneq (,$(findstring 86,$(CPU_ARCH)))
+	    CPU_ARCH = x386
+	endif
+    endif
+endif
+#
+# If uname -s returns "MINGW*_NT-*", we assume that we are using
+# the uname.exe in the MSYS toolkit.
+#
+ifneq (,$(filter MINGW32_NT-% MINGW64_NT-%,$(OS_ARCH)))
+    OS_RELEASE := $(patsubst MINGW64_NT-%,%,$(patsubst MINGW32_NT-%,%,$(OS_ARCH)))
+    OS_ARCH = WINNT
+    USE_MSYS = 1
+    ifndef CPU_ARCH
+	CPU_ARCH := $(shell uname -m)
+	#
+	# MSYS's uname -m returns "i686" on a Pentium Pro machine.
+	#
+	ifneq (,$(filter i%86,$(CPU_ARCH)))
+	    CPU_ARCH = x386
+	endif
+    endif
+endif
+
+ifeq ($(OS_TARGET),Android)
+#
+# this should be  configurable from the user
+#
+   OS_TEST := arm
+   OS_ARCH = Android
+   ifndef OS_TARGET_RELEASE
+	OS_TARGET_RELEASE := 8
+   endif
+endif
+
+ifndef OS_TARGET
+ifeq ($(OS_ARCH), WINNT)
+    OS_TARGET = WIN95
+else
+    OS_TARGET = $(OS_ARCH)
+endif
+endif
+
+ifeq ($(OS_TARGET), WIN95)
+    OS_RELEASE = 4.0
+endif
+
+ifdef OS_TARGET_RELEASE
+    OS_RELEASE = $(OS_TARGET_RELEASE)
+endif
+
+#
+# This variable is used to get OS_CONFIG.mk.
+#
+
+OS_CONFIG = $(OS_TARGET)$(OS_RELEASE)
+
+#
+# OBJDIR_TAG depends on the predefined variable BUILD_OPT,
+# to distinguish between debug and release builds.
+#
+
+ifeq ($(USE_GCOV), 1)
+    GCOV_TAG = _GCOV
+else
+    GCOV_TAG =
+endif
+ifeq ($(USE_64), 1)
+    64BIT_TAG = _64
+else
+    64BIT_TAG =
+endif
+OBJDIR_TAG_BASE=$(GCOV_TAG)$(64BIT_TAG)
+
+ifdef BUILD_OPT
+    OBJDIR_TAG = $(OBJDIR_TAG_BASE)_OPT
+else
+    ifdef BUILD_IDG
+	OBJDIR_TAG = $(OBJDIR_TAG_BASE)_IDG
+    else
+	OBJDIR_TAG = $(OBJDIR_TAG_BASE)_DBG
+    endif
+endif
+
+#
+# The following flags are defined in the individual $(OS_CONFIG).mk
+# files.
+#
+# CPU_TAG is defined if the CPU is not the most common CPU.
+# COMPILER_TAG is defined if the compiler is not the default compiler.
+# IMPL_STRATEGY may be defined too.
+#
+
+ifdef CROSS_COMPILE
+    OBJDIR_NAME_COMPILER =
+else
+    OBJDIR_NAME_COMPILER = $(COMPILER_TAG)
+endif
+OBJDIR_NAME_BASE = $(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(OBJDIR_NAME_COMPILER)$(LIBC_TAG)$(IMPL_STRATEGY)$(OBJDIR_TAG)
+OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJ
+
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+ifndef BUILD_OPT
+#
+# Define USE_DEBUG_RTL if you want to use the debug runtime library
+# (RTL) in the debug build
+#
+ifdef USE_DEBUG_RTL
+    OBJDIR_NAME = $(OBJDIR_NAME_BASE).OBJD
+endif
+endif
+endif
+
+MK_ARCH = included
diff --git a/nss/coreconf/check_cc_clang.py b/nss/coreconf/check_cc_clang.py
new file mode 100644
index 0000000..4b95411
--- /dev/null
+++ b/nss/coreconf/check_cc_clang.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+
+import os
+import subprocess
+import sys
+
+def main():
+    if sys.platform == 'win32':
+        print(0)
+    else:
+        cc = os.environ.get('CC', 'cc')
+        try:
+            cc_is_clang = 'clang' in subprocess.check_output(
+              [cc, '--version'], universal_newlines=True)
+        except OSError:
+            # We probably just don't have CC/cc.
+            cc_is_clang = False
+        print(int(cc_is_clang))
+
+if __name__ == '__main__':
+    main()
diff --git a/nss/coreconf/command.mk b/nss/coreconf/command.mk
new file mode 100644
index 0000000..5e92748
--- /dev/null
+++ b/nss/coreconf/command.mk
@@ -0,0 +1,39 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master "Core Components" default command macros;                    #
+# can be overridden in <arch>.mk                                      #
+#######################################################################
+
+AS            = $(CC)
+ASFLAGS      += $(CFLAGS)
+CCF           = $(CC) $(CFLAGS)
+LINK_DLL      = $(LD) $(OS_DLLFLAGS) $(DLLFLAGS) $(XLDFLAGS)
+CFLAGS        = $(OPTIMIZER) $(OS_CFLAGS) $(WARNING_CFLAGS) $(XP_DEFINE) \
+                $(DEFINES) $(INCLUDES) $(XCFLAGS)
+PERL          = perl
+RANLIB        = echo
+TAR           = /bin/tar
+#
+# For purify
+#
+NOMD_CFLAGS  += $(OPTIMIZER) $(NOMD_OS_CFLAGS) $(XP_DEFINE) $(DEFINES) \
+		$(INCLUDES) $(XCFLAGS)
+
+# Optimization of code for size
+# OPT_CODE_SIZE
+# =1: The code can be optimized for size.
+#     The code is actually optimized for size only if ALLOW_OPT_CODE_SIZE=1
+#     in a given source code directory (in manifest.mn)
+# =0: Never optimize the code for size.
+#
+# Default value = 0 
+# Can be overridden from the make command line.
+ifndef OPT_CODE_SIZE
+OPT_CODE_SIZE = 0
+endif
+
+MK_COMMAND = included
diff --git a/nss/coreconf/config.gypi b/nss/coreconf/config.gypi
new file mode 100644
index 0000000..f338dd2
--- /dev/null
+++ b/nss/coreconf/config.gypi
@@ -0,0 +1,548 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'variables': {
+    'module%': '',
+    'variables': {
+      'variables': {
+        'variables': {
+          'python%': 'python',
+        },
+        # chromium uses pymod_do_main, but gyp doesn't set a sensible
+        # Python sys.path (gyp_chromium does).
+        'python%': '<(python)',
+        'host_arch%': '<!(<(python) <(DEPTH)/coreconf/detect_host_arch.py)',
+      },
+      'python%': '<(python)',
+      'host_arch%': '<(host_arch)',
+      'conditions': [
+        ['OS=="android"', {
+          'target_arch%': 'arm',
+        }, {
+          # Default architecture we're building for is the architecture we're
+          # building on.
+          'target_arch%': '<(host_arch)',
+        }],
+        ['OS=="linux"', {
+          # FIPS-140 LOWHASH
+          'freebl_name': 'freeblpriv3',
+        }, {
+          'freebl_name': 'freebl3',
+        }],
+        ['OS=="mac"', {
+          'use_system_sqlite%': 1,
+        },{
+          'use_system_sqlite%': 0,
+        }],
+        ['OS=="mac" or OS=="win"', {
+          'cc_use_gnu_ld%': 0,
+        }, {
+          'cc_use_gnu_ld%': 1,
+        }],
+        ['OS=="win"', {
+          'use_system_zlib%': 0,
+          'nspr_libs%': ['libnspr4.lib', 'libplc4.lib', 'libplds4.lib'],
+          'zlib_libs%': [],
+          #TODO
+          'moz_debug_flags%': '',
+          'dll_prefix': '',
+          'dll_suffix': 'dll',
+        }, {
+          'use_system_zlib%': 1,
+          'nspr_libs%': ['-lplds4', '-lplc4', '-lnspr4'],
+          'zlib_libs%': ['-lz'],
+          'dll_prefix': 'lib',
+          'conditions': [
+            ['OS=="mac"', {
+              'moz_debug_flags%': '-gdwarf-2 -gfull',
+              'dll_suffix': 'dylib',
+            }, {
+              'moz_debug_flags%': '-gdwarf-2',
+              'dll_suffix': 'so',
+            }],
+          ],
+        }],
+        ['"<(GENERATOR)"=="ninja"', {
+          'cc_is_clang%': '<!(<(python) <(DEPTH)/coreconf/check_cc_clang.py)',
+        }, {
+          'cc_is_clang%': '0',
+        }],
+      ],
+    },
+    # Copy conditionally-set variables out one scope.
+    'python%': '<(python)',
+    'host_arch%': '<(host_arch)',
+    'target_arch%': '<(target_arch)',
+    'use_system_zlib%': '<(use_system_zlib)',
+    'zlib_libs%': ['<@(zlib_libs)'],
+    'moz_debug_flags%': '<(moz_debug_flags)',
+    'nspr_libs%': ['<@(nspr_libs)'],
+    'nspr_lib_dir%': '<(nspr_lib_dir)',
+    'nspr_include_dir%': '<(nspr_include_dir)',
+    'use_system_sqlite%': '<(use_system_sqlite)',
+    'sqlite_libs%': ['-lsqlite3'],
+    'dll_prefix': '<(dll_prefix)',
+    'dll_suffix': '<(dll_suffix)',
+    'freebl_name': '<(freebl_name)',
+    'cc_is_clang%': '<(cc_is_clang)',
+    'cc_use_gnu_ld%': '<(cc_use_gnu_ld)',
+    # Some defaults
+    'disable_tests%': 0,
+    'disable_chachapoly%': 0,
+    'disable_dbm%': 0,
+    'disable_libpkix%': 1,
+    'disable_werror%': 0,
+    'mozilla_client%': 0,
+    'moz_fold_libs%': 0,
+    'moz_folded_library_name%': '',
+    'ssl_enable_zlib%': 1,
+    'sanitizer_flags%': 0,
+    'test_build%': 0,
+    'no_zdefs%': 0,
+    'fuzz%': 0,
+    'fuzz_tls%': 0,
+    'fuzz_oss%': 0,
+    'sign_libs%': 1,
+    'use_pprof%': 0,
+    'ct_verif%': 0,
+    'nss_public_dist_dir%': '<(nss_dist_dir)/public',
+    'nss_private_dist_dir%': '<(nss_dist_dir)/private',
+  },
+  'target_defaults': {
+    # Settings specific to targets should go here.
+    # This is mostly for linking to libraries.
+    'variables': {
+      'mapfile%': '',
+      'test_build%': 0,
+      'debug_optimization_level%': '0',
+      'release_optimization_level%': '2',
+    },
+    'standalone_static_library': 0,
+    'include_dirs': [
+      '<(nspr_include_dir)',
+      '<(nss_dist_dir)/private/<(module)',
+    ],
+    'conditions': [
+      [ 'OS!="android" and OS!="mac" and OS!="win"', {
+        'libraries': [
+          '-lpthread',
+        ],
+      }],
+      [ 'OS=="linux"', {
+        'libraries': [
+          '-ldl',
+          '-lc',
+        ],
+      }],
+      [ 'fuzz==1', {
+        'variables': {
+          'debug_optimization_level%': '1',
+        },
+      }],
+    ],
+    'target_conditions': [
+      # If we want to properly export a static library, and copy it to lib,
+      # we need to mark it as a 'standalone_static_library'. Otherwise,
+      # the relative paths in the thin archive will break linking.
+      [ '_type=="shared_library"', {
+        'product_dir': '<(nss_dist_obj_dir)/lib'
+      }, '_type=="executable"', {
+        'product_dir': '<(nss_dist_obj_dir)/bin'
+      }, '_standalone_static_library==1', {
+        'product_dir': '<(nss_dist_obj_dir)/lib'
+      }],
+      # mapfile handling
+      [ 'mapfile!=""', {
+        # Work around a gyp bug. Fixed upstream but not in Ubuntu packages:
+        # https://chromium.googlesource.com/external/gyp/+/b85ad3e578da830377dbc1843aa4fbc5af17a192%5E%21/
+        'sources': [
+          '<(DEPTH)/coreconf/empty.c',
+        ],
+        'xcode_settings': {
+          'OTHER_LDFLAGS': [
+            '-exported_symbols_list',
+            '<(INTERMEDIATE_DIR)/out.>(mapfile)',
+          ],
+        },
+        'conditions': [
+          [ 'cc_use_gnu_ld==1', {
+            'ldflags': [
+              '-Wl,--version-script,<(INTERMEDIATE_DIR)/out.>(mapfile)',
+            ],
+          }],
+          [ 'OS=="win"', {
+            # On Windows, .def files are used directly as sources.
+            'sources': [
+              '>(mapfile)',
+            ],
+          }, {
+            # On other platforms, .def files need processing.
+            'sources': [
+              '<(INTERMEDIATE_DIR)/out.>(mapfile)',
+            ],
+            'actions': [{
+              'action_name': 'generate_mapfile',
+              'inputs': [
+                '>(mapfile)',
+              ],
+              'outputs': [
+                '<(INTERMEDIATE_DIR)/out.>(mapfile)',
+              ],
+              'action': ['<@(process_map_file)'],
+            }],
+          }]
+        ],
+      }, 'test_build==1 and _type=="shared_library"', {
+        # When linking a shared lib against a static one, XCode doesn't
+        # export the latter's symbols by default. -all_load fixes that.
+        'xcode_settings': {
+          'OTHER_LDFLAGS': [
+            '-all_load',
+          ],
+        },
+      }],
+      [ '_type=="shared_library" or _type=="executable"', {
+        'libraries': [
+          '<@(nspr_libs)',
+        ],
+        'library_dirs': [
+          '<(nspr_lib_dir)',
+        ],
+      }],
+      # Shared library specific settings.
+      [ '_type=="shared_library"', {
+        'conditions': [
+          [ 'cc_use_gnu_ld==1', {
+            'ldflags': [
+              '-Wl,--gc-sections',
+            ],
+            'conditions': [
+              ['OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd"', {
+                # Bug 1321317 - unix_rand.c:880: undefined reference to `environ'
+                'ldflags': [
+                  '-Wl,--warn-unresolved-symbols',
+                ],
+              }],
+              ['no_zdefs==0', {
+                'ldflags': [
+                  '-Wl,-z,defs',
+                ],
+              }],
+            ],
+          }],
+        ],
+        'xcode_settings': {
+          'DYLIB_INSTALL_NAME_BASE': '@executable_path',
+          'DYLIB_COMPATIBILITY_VERSION': '1',
+          'DYLIB_CURRENT_VERSION': '1',
+          'OTHER_LDFLAGS': [
+            '-headerpad_max_install_names',
+          ],
+        },
+        'msvs_settings': {
+          'VCLinkerTool': {
+            'SubSystem': '2',
+          },
+        },
+      }],
+    ],
+    'default_configuration': 'Debug',
+    'configurations': {
+      # Common settings for Debug+Release should go here.
+      'Common': {
+        'abstract': 1,
+        'defines': [
+          'NSS_NO_INIT_SUPPORT',
+          'USE_UTIL_DIRECTLY',
+          'NO_NSPR_10_SUPPORT',
+          'SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES',
+        ],
+        'msvs_configuration_attributes': {
+          'OutputDirectory': '$(SolutionDir)$(ConfigurationName)',
+          'IntermediateDirectory': '$(OutDir)\\obj\\$(ProjectName)',
+        },
+        'msvs_settings': {
+          'VCCLCompilerTool': {
+            'AdditionalIncludeDirectories': ['<(nspr_include_dir)'],
+          },
+        },
+        'xcode_settings': {
+          'CLANG_CXX_LANGUAGE_STANDARD': 'c++0x',
+          'OTHER_CFLAGS': [
+            '-fPIC',
+            '-fno-common',
+            '-pipe',
+          ],
+        },
+        'conditions': [
+          [ 'OS=="linux" or OS=="android"', {
+            'defines': [
+              'LINUX2_1',
+              'LINUX',
+              'linux',
+            ],
+          }],
+          [ 'OS=="dragonfly" or OS=="freebsd"', {
+            'defines': [
+              'FREEBSD',
+            ],
+          }],
+          [ 'OS=="netbsd"', {
+            'defines': [
+              'NETBSD',
+            ],
+          }],
+          [ 'OS=="openbsd"', {
+            'defines': [
+              'OPENBSD',
+            ],
+          }],
+          ['OS=="mac" or OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd"', {
+            'defines': [
+              'HAVE_BSD_FLOCK',
+            ],
+          }],
+          [ 'OS!="win"', {
+            'defines': [
+              'HAVE_STRERROR',
+              'XP_UNIX',
+              '_REENTRANT',
+            ],
+          }],
+          [ 'OS!="mac" and OS!="win"', {
+            'cflags': [
+              '-fPIC',
+              '-pipe',
+              '-ffunction-sections',
+              '-fdata-sections',
+            ],
+            'cflags_cc': [
+              '-std=c++0x',
+            ],
+            'conditions': [
+              [ 'target_arch=="ia32"', {
+                'cflags': ['-m32'],
+                'ldflags': ['-m32'],
+              }],
+              [ 'target_arch=="x64"', {
+                'cflags': ['-m64'],
+                'ldflags': ['-m64'],
+              }],
+            ],
+          }],
+          [ 'use_pprof==1 and OS!="android" and OS!="win"', {
+            'conditions': [
+              [ 'OS=="mac"', {
+                'xcode_settings': {
+                  'OTHER_LDFLAGS': [ '-lprofiler' ],
+                },
+              }, {
+                'ldflags': [ '-lprofiler' ],
+              }],
+              [ 'OS!="linux"', {
+                'library_dirs': [
+                  '/usr/local/lib/',
+                ],
+              }],
+            ],
+          }],
+          [ 'disable_werror==0 and OS!="android" and OS!="win"', {
+            'cflags': [
+              '<!@(<(python) <(DEPTH)/coreconf/werror.py)',
+            ],
+            'xcode_settings': {
+              'OTHER_CFLAGS': [
+                '<!@(<(python) <(DEPTH)/coreconf/werror.py)',
+              ],
+            },
+          }],
+          [ 'fuzz_tls==1', {
+            'cflags': [
+              '-Wno-unused-function',
+            ],
+            'xcode_settings': {
+              'OTHER_CFLAGS': [
+                '-Wno-unused-function',
+              ],
+            },
+          }],
+          [ 'sanitizer_flags!=0', {
+            'cflags': ['<@(sanitizer_flags)'],
+            'ldflags': ['<@(sanitizer_flags)'],
+            'xcode_settings': {
+              'OTHER_CFLAGS': ['<@(sanitizer_flags)'],
+              # We want to pass -fsanitize=... to our final link call,
+              # but not to libtool. OTHER_LDFLAGS is passed to both.
+              # To trick GYP into doing what we want, we'll piggyback on
+              # LIBRARY_SEARCH_PATHS, producing "-L/usr/lib -fsanitize=...".
+              # The -L/usr/lib is redundant but innocuous: it's a default path.
+              'LIBRARY_SEARCH_PATHS': ['/usr/lib <(sanitizer_flags)'],
+            },
+          }],
+          [ 'OS=="android" and mozilla_client==0', {
+            'defines': [
+              'NO_SYSINFO',
+              'NO_FORK_CHECK',
+              'ANDROID',
+            ],
+          }],
+          [ 'OS=="mac"', {
+            'defines': [
+              'DARWIN',
+            ],
+            'conditions': [
+              [ 'target_arch=="ia32"', {
+                'xcode_settings': {
+                  'ARCHS': ['i386'],
+                },
+              }],
+              [ 'target_arch=="x64"', {
+                'xcode_settings': {
+                  'ARCHS': ['x86_64'],
+                },
+              }],
+            ],
+          }],
+          [ 'OS=="win"', {
+            'defines': [
+              '_WINDOWS',
+              'WIN95',
+              '_CRT_SECURE_NO_WARNINGS',
+              '_CRT_NONSTDC_NO_WARNINGS',
+            ],
+            'cflags': [
+              '-W3',
+              '-w44267', # Disable C4267: conversion from 'size_t' to 'type', possible loss of data
+              '-w44244', # Disable C4244: conversion from 'type1' to 'type2', possible loss of data
+              '-w44018', # Disable C4018: 'expression' : signed/unsigned mismatch
+              '-w44312', # Disable C4312: 'type cast': conversion from 'type1' to 'type2' of greater size
+            ],
+            'conditions': [
+              [ 'disable_werror==0', {
+                'cflags': ['-WX']
+              }],
+              [ 'target_arch=="ia32"', {
+                'msvs_configuration_platform': 'Win32',
+                'msvs_settings': {
+                  'VCLinkerTool': {
+                    'MinimumRequiredVersion': '5.01',  # XP.
+                    'TargetMachine': '1',
+                    'ImageHasSafeExceptionHandlers': 'false',
+                  },
+                  'VCCLCompilerTool': {
+                    'PreprocessorDefinitions': [
+                      'WIN32',
+                    ],
+                  },
+                },
+              }],
+              [ 'target_arch=="x64"', {
+                'msvs_configuration_platform': 'x64',
+                'msvs_settings': {
+                  'VCLinkerTool': {
+                    'TargetMachine': '17', # x86-64
+                  },
+                  'VCCLCompilerTool': {
+                    'PreprocessorDefinitions': [
+                      'WIN64',
+                      '_AMD64_',
+                    ],
+                  },
+                },
+              }],
+            ],
+          }],
+          [ 'disable_dbm==1', {
+            'defines': [
+              'NSS_DISABLE_DBM',
+            ],
+          }],
+          [ 'disable_libpkix==1', {
+            'defines': [
+              'NSS_DISABLE_LIBPKIX',
+            ],
+          }],
+        ],
+      },
+      # Common settings for debug should go here.
+      'Debug': {
+        'inherit_from': ['Common'],
+        'conditions': [
+          [ 'OS!="mac" and OS!="win"', {
+            'cflags': [
+              '-g',
+              '<(moz_debug_flags)',
+            ],
+          }]
+        ],
+        #TODO: DEBUG_$USER
+        'defines': ['DEBUG'],
+        'cflags': [ '-O<(debug_optimization_level)' ],
+        'xcode_settings': {
+          'COPY_PHASE_STRIP': 'NO',
+          'GCC_OPTIMIZATION_LEVEL': '<(debug_optimization_level)',
+          'GCC_GENERATE_DEBUGGING_SYMBOLS': 'YES',
+        },
+        'msvs_settings': {
+          'VCCLCompilerTool': {
+            'Optimization': '<(debug_optimization_level)',
+            'BasicRuntimeChecks': '3',
+            'RuntimeLibrary': '2', # /MD
+          },
+          'VCLinkerTool': {
+            'LinkIncremental': '1',
+          },
+          'VCResourceCompilerTool': {
+            'PreprocessorDefinitions': ['DEBUG'],
+          },
+        },
+      },
+      # Common settings for release should go here.
+      'Release': {
+        'inherit_from': ['Common'],
+        'defines': ['NDEBUG'],
+        'cflags': [ '-O<(release_optimization_level)' ],
+        'xcode_settings': {
+          'DEAD_CODE_STRIPPING': 'YES',  # -Wl,-dead_strip
+          'GCC_OPTIMIZATION_LEVEL': '<(release_optimization_level)',
+        },
+        'msvs_settings': {
+          'VCCLCompilerTool': {
+            'Optimization': '<(release_optimization_level)',
+            'RuntimeLibrary': '2', # /MD
+          },
+          'VCLinkerTool': {
+            'LinkIncremental': '1',
+          },
+        },
+      },
+      'conditions': [
+        [ 'OS=="win"', {
+          # The gyp ninja backend requires these.
+          # TODO: either we should support building both 32/64-bit as
+          # configurations from the same gyp build, or we should fix
+          # upstream gyp to not require these.
+          'Debug_x64': {
+            'inherit_from': ['Debug'],
+          },
+          'Release_x64': {
+            'inherit_from': ['Release'],
+          },
+        }],
+      ],
+    },
+  },
+  'conditions': [
+    [ 'cc_use_gnu_ld==1', {
+      'variables': {
+        'process_map_file': ['/bin/sh', '-c', '/usr/bin/env grep -v ";-" >(mapfile) | sed -e "s,;+,," -e "s; DATA ;;" -e "s,;;,," -e "s,;.*,;," > >@(_outputs)'],
+      },
+    }],
+    [ 'OS=="mac"', {
+      'variables': {
+        'process_map_file': ['/bin/sh', '-c', '/usr/bin/grep -v ";+" >(mapfile) | grep -v ";-" | sed -e "s; DATA ;;" -e "s,;;,," -e "s,;.*,," -e "s,^,_," > >@(_outputs)'],
+      },
+    }],
+  ],
+}
diff --git a/nss/coreconf/config.mk b/nss/coreconf/config.mk
new file mode 100644
index 0000000..09b733d
--- /dev/null
+++ b/nss/coreconf/config.mk
@@ -0,0 +1,210 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Configuration information for building in the "Core Components" source module
+
+#######################################################################
+# [1.0] Master "Core Components" source and release <architecture>    #
+#       tags                                                          #
+#######################################################################
+ifndef MK_ARCH
+include $(CORE_DEPTH)/coreconf/arch.mk
+endif
+
+#######################################################################
+# [2.0] Master "Core Components" default command macros               #
+#       (NOTE: may be overridden in $(OS_TARGET)$(OS_RELEASE).mk)     #
+#######################################################################
+ifndef MK_COMMAND
+include $(CORE_DEPTH)/coreconf/command.mk
+endif
+
+#######################################################################
+# [3.0] Master "Core Components" <architecture>-specific macros       #
+#       (dependent upon <architecture> tags)                          #
+#                                                                     #
+#       We are moving towards just having a $(OS_TARGET).mk file      #
+#       as opposed to multiple $(OS_TARGET)$(OS_RELEASE).mk files,    #
+#       one for each OS release.                                      #
+#######################################################################
+
+TARGET_OSES = FreeBSD BSD_OS NetBSD OpenUNIX OS2 QNX Darwin BeOS OpenBSD \
+              AIX RISCOS WINNT WIN95 Linux Android
+
+ifeq (,$(filter-out $(TARGET_OSES),$(OS_TARGET)))
+include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
+else
+ifeq ($(OS_TARGET),SunOS)
+include $(CORE_DEPTH)/coreconf/SunOS5.mk
+else
+include $(CORE_DEPTH)/coreconf/$(OS_TARGET)$(OS_RELEASE).mk
+endif
+endif
+
+#######################################################################
+# [4.0] Master "Core Components" source and release <platform> tags   #
+#       (dependent upon <architecture> tags)                          #
+#######################################################################
+PLATFORM = $(OBJDIR_NAME)
+
+#######################################################################
+# [5.0] Master "Core Components" release <tree> tags                  #
+#       (dependent upon <architecture> tags)                          #
+#######################################################################
+ifndef MK_TREE
+include $(CORE_DEPTH)/coreconf/tree.mk
+endif
+
+#######################################################################
+# [6.0] Master "Core Components" source and release <component> tags  #
+#       NOTE:  A component is also called a module or a subsystem.    #
+#       (dependent upon $(MODULE) being defined on the                #
+#        command line, as an environment variable, or in individual   #
+#        makefiles, or more appropriately, manifest.mn)               #
+#######################################################################
+ifndef MK_MODULE
+include $(CORE_DEPTH)/coreconf/module.mk
+endif
+
+#######################################################################
+# [7.0] Master "Core Components" release <version> tags               #
+#       (dependent upon $(MODULE) being defined on the                #
+#        command line, as an environment variable, or in individual   #
+#        makefiles, or more appropriately, manifest.mn)               #
+#######################################################################
+ifndef MK_VERSION
+include $(CORE_DEPTH)/coreconf/version.mk
+endif
+
+#######################################################################
+# [8.0] Master "Core Components" macros to figure out                 #
+#       binary code location                                          #
+#       (dependent upon <platform> tags)                              #
+#######################################################################
+ifndef MK_LOCATION
+include $(CORE_DEPTH)/coreconf/location.mk
+endif
+
+#######################################################################
+# [9.0] Master "Core Components" <component>-specific source path     #
+#       (dependent upon <user_source_tree>, <source_component>,       #
+#        <version>, and <platform> tags)                              #
+#######################################################################
+ifndef MK_SOURCE
+include $(CORE_DEPTH)/coreconf/source.mk
+endif
+
+#######################################################################
+# [10.0] Master "Core Components" include switch for support header   #
+#        files                                                        #
+#        (dependent upon <tree>, <component>, <version>,              #
+#         and <platform> tags)                                        #
+#######################################################################
+ifndef MK_HEADERS
+include $(CORE_DEPTH)/coreconf/headers.mk
+endif
+
+#######################################################################
+# [11.0] Master "Core Components" for computing program prefixes      #
+#######################################################################
+ifndef MK_PREFIX
+include $(CORE_DEPTH)/coreconf/prefix.mk
+endif
+
+#######################################################################
+# [12.0] Master "Core Components" for computing program suffixes      #
+#        (dependent upon <architecture> tags)                         #
+#######################################################################
+ifndef MK_SUFFIX
+include $(CORE_DEPTH)/coreconf/suffix.mk
+endif
+
+#######################################################################
+# [13.0] Master "Core Components" for defining JDK                    #
+#        (dependent upon <architecture>, <source>, and <suffix>  tags)#
+#######################################################################
+ifdef NS_USE_JDK
+include $(CORE_DEPTH)/coreconf/jdk.mk
+endif
+
+#######################################################################
+# [14.0] Master "Core Components" rule set                            #
+#######################################################################
+ifndef MK_RULESET
+include $(CORE_DEPTH)/coreconf/ruleset.mk
+endif
+
+#######################################################################
+# [15.0] Dependencies.
+#######################################################################
+
+-include $(MKDEPENDENCIES)
+
+#######################################################################
+# [16.0] Global environ ment defines
+#######################################################################
+
+ifdef NSS_DISABLE_ECC
+DEFINES += -DNSS_DISABLE_ECC
+endif
+
+ifdef NSS_ALLOW_UNSUPPORTED_CRITICAL
+DEFINES += -DNSS_ALLOW_UNSUPPORTED_CRITICAL
+endif
+
+ifdef BUILD_LIBPKIX_TESTS
+DEFINES += -DBUILD_LIBPKIX_TESTS
+endif
+
+ifdef NSS_DISABLE_LIBPKIX
+DEFINES += -DNSS_DISABLE_LIBPKIX
+endif
+
+ifdef NSS_DISABLE_DBM
+DEFINES += -DNSS_DISABLE_DBM
+endif
+
+ifdef NSS_DISABLE_CHACHAPOLY
+DEFINES += -DNSS_DISABLE_CHACHAPOLY
+endif
+
+ifdef NSS_PKIX_NO_LDAP
+DEFINES += -DNSS_PKIX_NO_LDAP
+endif
+
+# FIPS support requires startup tests to be executed at load time of shared modules.
+# For performance reasons, these tests are disabled by default.
+# When compiling binaries that must support FIPS mode, 
+# you should define NSS_FORCE_FIPS
+#
+# NSS_NO_INIT_SUPPORT is always defined on platforms that don't support
+# executing the startup tests at library load time.
+ifndef NSS_FORCE_FIPS
+DEFINES += -DNSS_NO_INIT_SUPPORT
+endif
+
+# Avoid building object leak test code for optimized library
+ifndef BUILD_OPT
+ifdef PKIX_OBJECT_LEAK_TEST
+DEFINES += -DPKIX_OBJECT_LEAK_TEST
+endif
+endif
+
+# This allows all library and tools code to use the util function
+# implementations directly from libnssutil3, rather than the wrappers
+# in libnss3 which are present for binary compatibility only
+DEFINES += -DUSE_UTIL_DIRECTLY
+USE_UTIL_DIRECTLY = 1
+
+# Build with NO_NSPR_10_SUPPORT to avoid using obsolete NSPR features
+DEFINES += -DNO_NSPR_10_SUPPORT
+
+# Hide old, deprecated, TLS cipher suite names when building NSS
+DEFINES += -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+
+# Mozilla's mozilla/modules/zlib/src/zconf.h adds the MOZ_Z_ prefix to zlib
+# exported symbols, which causes problem when NSS is built as part of Mozilla.
+# So we add a NSS_SSL_ENABLE_ZLIB variable to allow Mozilla to turn this off.
+NSS_SSL_ENABLE_ZLIB = 1
diff --git a/nss/coreconf/coreconf.dep b/nss/coreconf/coreconf.dep
new file mode 100644
index 0000000..590d1bf
--- /dev/null
+++ b/nss/coreconf/coreconf.dep
@@ -0,0 +1,13 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * A dummy header file that is a dependency for all the object files.
+ * Used to force a full recompilation of NSS in Mozilla's Tinderbox
+ * depend builds.  See comments in rules.mk.
+ */
+
+#error "Do not include this header file."
+
diff --git a/nss/coreconf/coreconf.pl b/nss/coreconf/coreconf.pl
new file mode 100644
index 0000000..7cf3e57
--- /dev/null
+++ b/nss/coreconf/coreconf.pl
@@ -0,0 +1,128 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+sub recursive_copy {
+    local($fromdir);
+    local($todir);
+    local(@dirlist);
+    $fromdir = shift;
+    $todir = shift;
+  
+    print STDERR "recursive copy called with $fromdir, $todir\n";
+
+#remove any trailing slashes.
+    $fromdir =~ s/\/$//;
+    $todir =~ s/\/$//;
+    
+    opendir(DIR, $fromdir);
+    @dirlist = readdir DIR;
+    close DIR;
+
+
+    foreach $file (@dirlist) {
+	if  (! (($file eq "." ) || ($file eq "..") )) {
+	    
+	    if (-d "$fromdir/$file") {
+		print STDERR "handling directory $todir/$file\n";
+		&rec_mkdir("$todir/$file");
+		&recursive_copy("$fromdir/$file","$todir/$file");
+	    }
+	    else {
+		print STDERR "handling file $fromdir/$file\n";
+		&my_copy("$fromdir/$file","$todir/$file");
+	    }
+	}
+    }
+}
+
+sub parse_argv {
+
+#    print STDERR "Parsing Variables\n";
+
+    foreach $q ( @ARGV ) {
+	if (! ($q =~ /=/)) {
+	    $var{$lastassigned} .= " $q";
+	}
+	else {
+	   $q =~ /^([^=]*)=(.*)/;
+	   $left = $1;
+	   $right = $2;
+	
+	   $right =~ s/ *$//;
+	   $var{$left} = $right;
+
+	   $lastassigned = $left;
+	
+	   }
+	print STDERR "Assigned $lastassigned = $var{$lastassigned}\n";
+    }
+}
+
+
+# usage: &my_copy("dir/fromfile","dir2/tofile");
+# do a 'copy' - files only, 'to' MUST be a filename, not a directory.
+
+# fix this to be able to use copy on win nt.
+
+sub my_copy {
+    local($from);
+    local($to);
+    local($cpcmd);
+
+    $from = shift;
+    $to = shift;
+
+    if ( ! defined $var{OS_ARCH}) {
+	die "OS_ARCH not defined!";
+    }
+    else {
+	if ($var{OS_ARCH} eq 'WINNT') {
+	    $cpcmd = 'cp';
+	    	}
+	else {
+	    $cpcmd = 'cp';
+	    }
+	print STDERR "COPYING: $cpcmd $from $to\n";
+	system("$cpcmd $from $to");
+    }
+}
+
+
+sub old_my_copy {
+    local($from);
+    local($to);
+
+    $from = shift;
+    $to = shift;
+    open(FIN, "<$from") || die("Can't read from file $from\n");
+    if ( ! open(FOUT,">$to")) {
+	close FIN;
+	die "Can't write to file $to\n";
+    }
+    while (read(FIN, $buf, 100000)) {
+	print FOUT $buf;
+    }
+    close (FIN);
+    close (FOUT);
+}
+
+sub rec_mkdir {
+    local($arg);
+    local($t);
+    local($q);
+
+    $arg = shift;
+    $t = "";
+    foreach $q (split(/\//,$arg)) {
+	$t .= $q;
+	if (! ($t =~ /\.\.$/)) {
+	    if ($t =~ /./) {
+		mkdir($t,0775);
+	    }
+	}
+	$t.= '/';
+    }
+}
+
+1;
diff --git a/nss/coreconf/cpdist.pl b/nss/coreconf/cpdist.pl
new file mode 100755
index 0000000..800edfb
--- /dev/null
+++ b/nss/coreconf/cpdist.pl
@@ -0,0 +1,167 @@
+#! /usr/local/bin/perl
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+require('coreconf.pl');
+
+#######-- read in variables on command line into %var
+
+&parse_argv;
+ 
+### do the copy
+
+print STDERR "RELEASE TREE / MODULE =  $var{RELEASE_TREE} $var{MODULE}\n";
+
+
+
+# 1
+if ($var{RELEASE} eq "") { exit; } # Can't do release here, so exit.
+
+# 2
+#if (! ($var{RELEASE} =~ /\//)) {   # if no specific version is specified in RELEASE variable
+#    $component = $var{RELEASE};
+#}
+#else {  # if a subcomponent/version is given in the RELEASE variable
+#        $var{RELEASE} =~ m|^([^/]*)/|;  
+#	$component = $1;           # everything before the first slash;
+#    }
+
+# 3
+$path = $var{RELEASE};
+
+
+# 4
+# find out what directory we would create for 'today'
+
+$year = (localtime)[5] + 1900;
+$month = (localtime)[4] + 1;
+$day = (localtime)[3];
+$today = sprintf( "%d%02d%02d", $year, $month, $day );
+
+# 5
+# if version is null, then set the version to today.
+if ($var{"RELEASE_VERSION"} eq "") {
+    $var{"RELEASE_VERSION"} = $today;
+}
+
+#6
+$version = $var{"RELEASE_VERSION"};  # set RELEASE_VERSION to passed in variable
+
+#7
+# if version is today, then we will want to make a 'current' link.
+
+if ($version eq $today) {
+    $create_current = 1;
+}
+
+#8
+# version can be a) passed in value from command line, b) value in manifest.mn
+# or c) computed value such as '19970909'
+
+
+$dir = "$var{'RELEASE_TREE'}/$path";
+
+#9
+if (! (-e "$dir/$version" && -d "$dir/$version")) {
+    print "making dir $dir \n";
+    &rec_mkdir("$dir/$version");
+}
+
+
+
+print "version = $version\n";
+print "path = $path\n";
+print "var{release_tree} = $var{'RELEASE_TREE'}\n";
+print "dir = $dir   = RELEASE_TREE/path\n";
+
+
+#10
+if ($create_current == 1) {
+
+# unlinking and linking always occurs, even if the link is correct
+    print "unlinking $dir/current\n";
+    unlink("$dir/current");
+    
+    print "putting version number $today into 'current' file..";
+
+    open(FILE,">$dir/current") || die " couldn't open current\n";
+    print FILE "$today\n";
+    close(FILE);
+    print " ..done\n"
+    
+}
+
+&rec_mkdir("$dir/$version/$var{'RELEASE_MD_DIR'}");
+&rec_mkdir("$dir/$version/$var{'RELEASE_XP_DIR'}");
+
+
+
+
+foreach $jarfile (split(/ /,$var{FILES}) ) {
+    print STDERR "---------------------------------------------\n";
+    
+    $jarinfo = $var{$jarfile};
+ 
+    ($jardir,$jaropts) = split(/\|/,$jarinfo);
+ 
+    if ($jaropts =~ /f/) {
+      print STDERR "Copying files $jardir....\n";
+    }
+    else {
+      print STDERR "Copying jar file $jarfile....\n";
+    }
+    
+    print "jaropts = $jaropts\n";
+    
+    if ($jaropts =~ /m/) {
+      $destdir = $var{"RELEASE_MD_DIR"};
+      print "found m, using MD dir $destdir\n";
+    }
+    elsif ($jaropts =~ /x/) {
+      $destdir = $var{"RELEASE_XP_DIR"};
+      print "found x, using XP dir $destdir\n";
+    }
+    else {
+      die "Error: must specify m or x in jar options in $jarinfo line\n";
+    }
+    
+    
+    $distdir = "$dir/$version/$destdir";
+    
+
+
+    if ($jaropts =~ /f/) {
+
+      print "splitting: \"$jardir\"\n";
+      for $srcfile (split(/ /,$jardir)) {
+
+#if srcfile has a slash
+	if ($srcfile =~ m|/|) {
+#pull out everything before the last slash into $1
+	  $srcfile =~ m|(.*)/|;
+	  $distsubdir = "/$1";
+	  print "making dir $distdir$distsubdir\n";
+	  &rec_mkdir("$distdir$distsubdir");
+	}
+	print "copy: from $srcfile\n";
+	print "      to   $distdir$distsubdir\n";
+	$srcprefix = "";
+	if ($jaropts =~/m/) {
+	  $srcprefix = "$var{'PLATFORM'}/";
+	}
+	system("cp $srcprefix$srcfile $distdir$distsubdir");
+      }
+    }
+    else {
+      $srcfile = "$var{SOURCE_RELEASE_PREFIX}/$jardir/$jarfile";
+      
+      print "copy: from $srcfile\n";
+      print "      to   $distdir\n";
+      
+      system("cp $srcfile $distdir");
+      
+    }
+    
+  }
+
diff --git a/nss/coreconf/detect_host_arch.py b/nss/coreconf/detect_host_arch.py
new file mode 100644
index 0000000..8b505a6
--- /dev/null
+++ b/nss/coreconf/detect_host_arch.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at http://mozilla.org/MPL/2.0/.
+
+from __future__ import print_function
+
+import fnmatch
+import platform
+
+def main():
+    host_arch = platform.machine().lower()
+    if host_arch in ('amd64', 'x86_64'):
+        host_arch = 'x64'
+    elif fnmatch.fnmatch(host_arch, 'i?86') or host_arch == 'i86pc':
+        host_arch = 'ia32'
+    elif host_arch.startswith('arm'):
+        host_arch = 'arm'
+    elif host_arch.startswith('mips'):
+        host_arch = 'mips'
+    print(host_arch)
+
+if __name__ == '__main__':
+    main()
diff --git a/nss/coreconf/empty.c b/nss/coreconf/empty.c
new file mode 100644
index 0000000..a8cf976
--- /dev/null
+++ b/nss/coreconf/empty.c
@@ -0,0 +1 @@
+/* This file is intentionally empty */
diff --git a/nss/coreconf/fuzz.sh b/nss/coreconf/fuzz.sh
new file mode 100644
index 0000000..d78cb77
--- /dev/null
+++ b/nss/coreconf/fuzz.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+# This file is used by build.sh to setup fuzzing.
+
+set +e
+
+# Default to clang if CC is not set.
+if [ -z "$CC" ]; then
+    command -v clang &> /dev/null 2>&1
+    if [ $? != 0 ]; then
+        echo "Fuzzing requires clang!"
+        exit 1
+    fi
+    export CC=clang
+    export CCC=clang++
+    export CXX=clang++
+fi
+
+gyp_params+=(-Dtest_build=1 -Dfuzz=1 -Dsign_libs=0)
+
+# Add debug symbols even for opt builds.
+nspr_params+=(--enable-debug-symbols)
+
+if [ "$fuzz_oss" = 1 ]; then
+  gyp_params+=(-Dno_zdefs=1 -Dfuzz_oss=1)
+else
+  enable_sanitizer asan
+  enable_ubsan
+  enable_sancov
+fi
+
+if [ "$fuzz_tls" = 1 ]; then
+  gyp_params+=(-Dfuzz_tls=1)
+fi
+
+if [ ! -f "/usr/lib/libFuzzingEngine.a" ]; then
+  echo "Cloning libFuzzer files ..."
+  run_verbose "$cwd"/fuzz/clone_libfuzzer.sh
+fi
diff --git a/nss/coreconf/headers.mk b/nss/coreconf/headers.mk
new file mode 100644
index 0000000..d34c5af
--- /dev/null
+++ b/nss/coreconf/headers.mk
@@ -0,0 +1,24 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master "Core Components" include switch for support header files    #
+#######################################################################
+
+#
+#  Always append source-side machine-dependent (md) and cross-platform
+#  (xp) include paths
+#
+
+INCLUDES += -I$(SOURCE_MDHEADERS_DIR) -I$(SOURCE_XPHEADERS_DIR)
+
+#
+#  Only append source-side private cross-platform include paths for
+#  sectools
+#
+
+INCLUDES += -I$(SOURCE_XPPRIVATE_DIR)
+
+MK_HEADERS = included
diff --git a/nss/coreconf/import.pl b/nss/coreconf/import.pl
new file mode 100755
index 0000000..dd2d177
--- /dev/null
+++ b/nss/coreconf/import.pl
@@ -0,0 +1,189 @@
+#! /usr/local/bin/perl
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+print STDERR "import.pl\n";
+
+require('coreconf.pl');
+
+
+$returncode =0;
+
+
+#######-- read in variables on command line into %var
+
+$var{UNZIP} = "unzip -o";
+
+&parse_argv;
+
+if (! ($var{IMPORTS} =~ /\w/)) {
+    print STDERR "nothing to import\n";
+}
+
+######-- Do the import!
+
+foreach $import (split(/ /,$var{IMPORTS}) ) {
+
+    print STDERR "\n\nIMPORTING .... $import\n-----------------------------\n";
+
+
+# if a specific version specified in IMPORT variable
+# (if $import has a slash in it)
+
+    if ($import =~ /\//) {
+        # $component=everything before the first slash of $import
+
+	$import =~ m|^([^/]*)/|; 
+	$component = $1;
+
+	$import =~ m|^(.*)/([^/]*)$|;
+
+	# $path=everything before the last slash of $import
+	$path = $1;
+
+	# $version=everything after the last slash of $import
+	$version = $2;
+
+	if ($var{VERSION} ne "current") {
+	    $version = $var{VERSION};
+	}
+    }
+    else {
+	$component = $import;
+	$path = $import;
+	$version = $var{VERSION};
+    }
+
+    $releasejardir = "$var{RELEASE_TREE}/$path";
+    if ($version eq "current") {
+	print STDERR "Current version specified. Reading 'current' file ... \n";
+	
+	open(CURRENT,"$releasejardir/current") || die "NO CURRENT FILE\n";
+	$version = <CURRENT>;
+	$version =~ s/(\r?\n)*$//; # remove any trailing [CR/]LF's
+	close(CURRENT);
+	print STDERR "Using version $version\n";
+	if ( $version eq "") {
+	    die "Current version file empty. Stopping\n";
+	}
+    }
+    
+    $releasejardir = "$releasejardir/$version";
+    if ( ! -d $releasejardir) {
+	die "$releasejardir doesn't exist (Invalid Version?)\n";
+    }
+    foreach $jarfile (split(/ /,$var{FILES})) {
+
+	($relpath,$distpath,$options) = split(/\|/, $var{$jarfile});
+
+	if ($var{'OVERRIDE_IMPORT_CHECK'} eq 'YES') {
+	    $options =~ s/v//g;
+	}
+
+	if ( $relpath ne "") { $releasejarpathname = "$releasejardir/$relpath";}
+	else { $releasejarpathname = $releasejardir; }
+
+# If a component doesn't have IDG versions, import the DBG ones
+    if( ! -e "$releasejarpathname/$jarfile" ) {
+        if( $relpath =~ /IDG\.OBJ$/ ) {
+            $relpath =~ s/IDG.OBJ/DBG.OBJ/;
+            $releasejarpathname = "$releasejardir/$relpath";
+        } elsif( $relpath =~ /IDG\.OBJD$/ ) {
+            $relpath =~ s/IDG.OBJD/DBG.OBJD/;
+            $releasejarpathname = "$releasejardir/$relpath";
+        }
+    }
+
+	if (-e "$releasejarpathname/$jarfile") {
+	    print STDERR "\nWorking on jarfile: $jarfile\n";
+	    
+	    if ($distpath =~ m|/$|) {
+		$distpathname = "$distpath$component";
+	    }
+	    else {
+		$distpathname = "$distpath"; 
+	    }
+	  
+	  
+#the block below is used to determine whether or not the xp headers have
+#already been imported for this component
+
+	    $doimport = 1;
+	  if ($options =~ /v/) {   # if we should check the imported version
+	      print STDERR "Checking if version file exists $distpathname/version\n";
+	      if (-e "$distpathname/version") {
+		  open( VFILE, "<$distpathname/version") ||
+		      die "Cannot open $distpathname/version for reading. Permissions?\n";
+		  $importversion = <VFILE>;
+		  close (VFILE);
+		  $importversion =~ s/\r?\n$//;   # Strip off any trailing CR/LF
+		  if ($version eq $importversion) {
+		      print STDERR "$distpathname version '$importversion' already imported. Skipping...\n";
+		      $doimport =0;
+		  }
+	      }
+	  }
+	  
+	  if ($doimport == 1) {
+	      if (! -d "$distpathname") {
+		  &rec_mkdir("$distpathname");
+	      }
+	      # delete the stuff in there already.
+	      # (this should really be recursive delete.)
+	      
+	      if ($options =~ /v/) {
+		  $remheader = "\nREMOVING files in '$distpathname/' :";
+		  opendir(DIR,"$distpathname") ||
+		      die ("Cannot read directory $distpathname\n");
+		  @filelist = readdir(DIR);
+		  closedir(DIR);
+		  foreach $file ( @filelist ) {
+		      if (! ($file =~ m!/.?.$!) ) {
+			  if (! (-d $file)) {
+			      $file =~ m!([^/]*)$!;
+			      print STDERR "$remheader $1";
+			      $remheader = " ";
+			      unlink "$distpathname/$file";
+			  }
+		      }
+		  }
+	      }
+
+
+	      print STDERR "\n\n";
+
+	      print STDERR "\nExtracting jarfile '$jarfile' to local directory $distpathname/\n";
+	      
+	      print STDERR "$var{UNZIP} $releasejarpathname/$jarfile -d $distpathname\n";
+	      system("$var{UNZIP} $releasejarpathname/$jarfile -d $distpathname");
+	      
+	      $r = $?;
+
+	      if ($options =~ /v/) {
+		  if ($r == 0) {
+		      unlink ("$distpathname/version");
+		      if (open(VFILE,">$distpathname/version")) {
+			  print VFILE "$version\n";
+			  close(VFILE);
+		      }
+		  }
+		  else {
+		      print STDERR "Could not create '$distpathname/version'. Permissions?\n";
+		      $returncode ++;
+		  }
+	      }
+	  }  # if (doimport)
+	} # if (-e releasejarpathname/jarfile)
+    } # foreach jarfile)
+} # foreach IMPORT
+
+
+
+exit($returncode);
+
+
+
+
+
diff --git a/nss/coreconf/jdk.mk b/nss/coreconf/jdk.mk
new file mode 100644
index 0000000..92eb0e6
--- /dev/null
+++ b/nss/coreconf/jdk.mk
@@ -0,0 +1,504 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef NS_USE_JDK
+#######################################################################
+# [1] Define preliminary JDK "Core Components" toolset options        #
+#######################################################################
+
+# set default JDK java threading model
+ifeq ($(JDK_THREADING_MODEL),)
+	JDK_THREADING_MODEL     = native_threads
+# no such thing as -native flag
+	JDK_THREADING_MODEL_OPT =
+endif
+
+#######################################################################
+# [2] Define platform-independent JDK "Core Components" options       #
+#######################################################################
+
+# set default location of the java classes repository
+ifeq ($(JAVA_DESTPATH),)
+ifdef BUILD_OPT
+	JAVA_DESTPATH  = $(SOURCE_CLASSES_DIR)
+else
+	JAVA_DESTPATH  = $(SOURCE_CLASSES_DBG_DIR)
+endif
+endif
+
+# set default location of the package under the java classes repository
+# note that this overrides the default package value in ruleset.mk
+ifeq ($(PACKAGE),)
+	PACKAGE = .
+endif
+
+# set default location of the java source code repository
+ifeq ($(JAVA_SOURCEPATH),)
+	JAVA_SOURCEPATH	= .
+endif
+
+# add JNI directory to default include search path
+ifneq ($(JNI_GEN),)
+	ifdef NSBUILDROOT
+		INCLUDES += -I$(JNI_GEN_DIR) -I$(SOURCE_XP_DIR)
+	else
+		INCLUDES += -I$(JNI_GEN_DIR)
+	endif
+endif
+
+#######################################################################
+# [3] Define platform-dependent JDK "Core Components" options         #
+#######################################################################
+
+# set [Microsoft Windows] platforms
+ifeq ($(OS_ARCH), WINNT)
+	JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/lib/rt.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = ;
+
+	# (2) specify "header" information
+	JAVA_ARCH = win32
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	#     currently, disable JIT option on this platform
+	JDK_JIT_OPT = -nojit
+endif
+
+# set [Sun Solaris] platforms
+ifeq ($(OS_ARCH), SunOS)
+	JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/lib/rt.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = solaris
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	#     currently, disable JIT option on this platform
+	JDK_JIT_OPT =
+endif
+
+# set [Hewlett Packard HP-UX] platforms
+ifeq ($(OS_ARCH), HP-UX)
+	JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/lib/rt.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = hp-ux
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	# no JIT option available on this platform
+	JDK_JIT_OPT =
+endif
+
+# set [Redhat Linux] platforms
+ifeq ($(OS_ARCH), Linux)
+	JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/lib/rt.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = linux
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	# no JIT option available on this platform
+	JDK_JIT_OPT =
+endif
+
+# set [Mac OS X] platforms
+ifeq ($(OS_ARCH), Darwin)
+	JAVA_CLASSES = $(JAVA_HOME)/../Classes/classes.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/../Classes/classes.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = darwin
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	# no JIT option available on this platform
+	JDK_JIT_OPT =
+endif
+
+# set [IBM AIX] platforms
+ifeq ($(OS_ARCH), AIX)
+	JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/lib/rt.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = aix
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	# no JIT option available on this platform
+	JDK_JIT_OPT =
+endif
+
+# set [Digital UNIX] platforms
+ifeq ($(OS_ARCH), OSF1)
+	JAVA_CLASSES = $(JAVA_HOME)/jre/lib/rt.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/lib/rt.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = alpha
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	# no JIT option available on this platform
+	JDK_JIT_OPT =
+endif
+
+# set [Silicon Graphics IRIX] platforms
+ifeq ($(OS_ARCH), IRIX)
+	JAVA_CLASSES = $(JAVA_HOME)/lib/dev.jar:$(JAVA_HOME)/lib/rt.jar
+
+	ifeq ($(JRE_HOME),)
+		JRE_HOME = $(JAVA_HOME)
+		JRE_CLASSES = $(JAVA_CLASSES)
+	else
+		ifeq ($(JRE_CLASSES),)
+			JRE_CLASSES = $(JRE_HOME)/lib/dev.jar:$(JRE_HOME)/lib/rt.jar
+		endif
+	endif
+
+	PATH_SEPARATOR = :
+
+	# (2) specify "header" information
+	JAVA_ARCH = irix
+
+	INCLUDES += -I$(JAVA_HOME)/include
+	INCLUDES += -I$(JAVA_HOME)/include/$(JAVA_ARCH)
+
+	# no JIT option available on this platform
+	JDK_JIT_OPT =
+endif
+
+#######################################################################
+# [4] Define remaining JDK "Core Components" default toolset options  #
+#######################################################################
+
+# set JDK optimization model
+ifeq ($(BUILD_OPT),1)
+	JDK_OPTIMIZER_OPT = -O
+else
+	JDK_OPTIMIZER_OPT = -g
+endif
+
+# set minimal JDK debugging model
+ifeq ($(JDK_DEBUG),1)
+	JDK_DEBUG_OPT    = -debug
+else
+	JDK_DEBUG_OPT    =
+endif
+
+# set default path to repository for JDK classes
+ifeq ($(JDK_CLASS_REPOSITORY_OPT),)
+	JDK_CLASS_REPOSITORY_OPT = -d $(JAVA_DESTPATH)
+endif
+
+# define a default JDK classpath
+ifeq ($(JDK_CLASSPATH),)
+	JDK_CLASSPATH = '$(JAVA_DESTPATH)$(PATH_SEPARATOR)$(JAVA_SOURCEPATH)$(PATH_SEPARATOR)$(JAVA_CLASSES)'
+endif
+
+# by default, override CLASSPATH environment variable using the JDK classpath option with $(JDK_CLASSPATH)
+ifeq ($(JDK_CLASSPATH_OPT),)
+	JDK_CLASSPATH_OPT = -classpath $(JDK_CLASSPATH)
+endif
+
+ifeq ($(USE_64), 1)
+	JDK_USE_64 = -d64
+endif
+
+endif
+
+
+#######################################################################
+# [5] Define JDK "Core Components" toolset;                           #
+#     (always allow a user to override these values)                  #
+#######################################################################
+
+#
+# (1) appletviewer
+#
+
+ifeq ($(APPLETVIEWER),)
+	APPLETVIEWER_PROG   = $(JAVA_HOME)/bin/appletviewer$(PROG_SUFFIX)
+	APPLETVIEWER_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	APPLETVIEWER_FLAGS += $(JDK_DEBUG_OPT)
+	APPLETVIEWER_FLAGS += $(JDK_JIT_OPT)
+	APPLETVIEWER        = $(APPLETVIEWER_PROG) $(APPLETVIEWER_FLAGS)
+endif
+
+#
+# (2) jar
+#
+
+ifeq ($(JAR),)
+	JAR_PROG   = $(JAVA_HOME)/bin/jar$(PROG_SUFFIX)
+	JAR_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAR        = $(JAR_PROG) $(JAR_FLAGS)
+endif
+
+#
+# (3) java
+#
+
+ifeq ($(JAVA),)
+	JAVA_PROG   = $(JAVA_HOME)/bin/java$(PROG_SUFFIX)
+	JAVA_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVA_FLAGS += $(JDK_DEBUG_OPT)
+	JAVA_FLAGS += $(JDK_CLASSPATH_OPT)
+	JAVA_FLAGS += $(JDK_JIT_OPT)
+	JAVA_FLAGS += $(JDK_USE_64)
+	JAVA        = $(JAVA_PROG) $(JAVA_FLAGS) 
+endif
+
+#
+# (4) javac
+#
+
+ifeq ($(JAVAC),)
+	JAVAC_PROG   = $(JAVA_HOME)/bin/javac$(PROG_SUFFIX)
+	JAVAC_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVAC_FLAGS += $(JDK_OPTIMIZER_OPT)
+	JAVAC_FLAGS += $(JDK_DEBUG_OPT)
+	JAVAC_FLAGS += $(JDK_CLASSPATH_OPT)
+	JAVAC_FLAGS += $(JDK_CLASS_REPOSITORY_OPT)
+	JAVAC_FLAGS += $(JDK_USE_64)
+	JAVAC        = $(JAVAC_PROG) $(JAVAC_FLAGS)
+endif
+
+#
+# (5) javadoc
+#
+
+ifeq ($(JAVADOC),)
+	JAVADOC_PROG   = $(JAVA_HOME)/bin/javadoc$(PROG_SUFFIX)
+	JAVADOC_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVADOC_FLAGS += $(JDK_CLASSPATH_OPT)
+	JAVADOC        = $(JAVADOC_PROG) $(JAVADOC_FLAGS)
+endif
+
+#
+# (6) javah
+#
+
+ifeq ($(JAVAH),)
+	JAVAH_PROG   = $(JAVA_HOME)/bin/javah$(PROG_SUFFIX)
+	JAVAH_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVAH_FLAGS += $(JDK_CLASSPATH_OPT)
+	JAVAH        = $(JAVAH_PROG) $(JAVAH_FLAGS)
+endif
+
+#
+# (7) javakey
+#
+
+ifeq ($(JAVAKEY),)
+	JAVAKEY_PROG   = $(JAVA_HOME)/bin/javakey$(PROG_SUFFIX)
+	JAVAKEY_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVAKEY        = $(JAVAKEY_PROG) $(JAVAKEY_FLAGS)
+endif
+
+#
+# (8) javap
+#
+
+ifeq ($(JAVAP),)
+	JAVAP_PROG   = $(JAVA_HOME)/bin/javap$(PROG_SUFFIX)
+	JAVAP_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVAP_FLAGS += $(JDK_CLASSPATH_OPT)
+	JAVAP        = $(JAVAP_PROG) $(JAVAP_FLAGS)
+endif
+
+#
+# (9) javat
+#
+
+ifeq ($(JAVAT),)
+	JAVAT_PROG   = $(JAVA_HOME)/bin/javat$(PROG_SUFFIX)
+	JAVAT_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVAT        = $(JAVAT_PROG) $(JAVAT_FLAGS)
+endif
+
+#
+# (10) javaverify
+#
+
+ifeq ($(JAVAVERIFY),)
+	JAVAVERIFY_PROG   = $(JAVA_HOME)/bin/javaverify$(PROG_SUFFIX)
+	JAVAVERIFY_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JAVAVERIFY        = $(JAVAVERIFY_PROG) $(JAVAVERIFY_FLAGS)
+endif
+
+#
+# (11) javaw
+#
+
+ifeq ($(JAVAW),)
+	jJAVAW_PROG   = $(JAVA_HOME)/bin/javaw$(PROG_SUFFIX)
+	jJAVAW_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	jJAVAW_FLAGS += $(JDK_DEBUG_OPT)
+	jJAVAW_FLAGS += $(JDK_CLASSPATH_OPT)
+	jJAVAW_FLAGS += $(JDK_JIT_OPT)
+	jJAVAW        = $(JAVAW_PROG) $(JAVAW_FLAGS)
+endif
+
+#
+# (12) jdb
+#
+
+ifeq ($(JDB),)
+	JDB_PROG   = $(JAVA_HOME)/bin/jdb$(PROG_SUFFIX)
+	JDB_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JDB_FLAGS += $(JDK_DEBUG_OPT)
+	JDB_FLAGS += $(JDK_CLASSPATH_OPT)
+	JDB_FLAGS += $(JDK_JIT_OPT)
+	JDB        = $(JDB_PROG) $(JDB_FLAGS)
+endif
+
+#
+# (13) jre
+#
+
+ifeq ($(JRE),)
+	JRE_PROG   = $(JAVA_HOME)/bin/jre$(PROG_SUFFIX)
+	JRE_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JRE_FLAGS += $(JDK_CLASSPATH_OPT)
+	JRE_FLAGS += $(JDK_JIT_OPT)
+	JRE        = $(JRE_PROG) $(JRE_FLAGS) 
+endif
+
+#
+# (14) jrew
+#
+
+ifeq ($(JREW),)
+	JREW_PROG   = $(JAVA_HOME)/bin/jrew$(PROG_SUFFIX)
+	JREW_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	JREW_FLAGS += $(JDK_CLASSPATH_OPT)
+	JREW_FLAGS += $(JDK_JIT_OPT)
+	JREW        = $(JREW_PROG) $(JREW_FLAGS) 
+endif
+
+#
+# (15) native2ascii
+#
+
+ifeq ($(NATIVE2ASCII),)
+	NATIVE2ASCII_PROG   = $(JAVA_HOME)/bin/native2ascii$(PROG_SUFFIX)
+	NATIVE2ASCII_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	NATIVE2ASCII        = $(NATIVE2ASCII_PROG) $(NATIVE2ASCII_FLAGS) 
+endif
+
+#
+# (16) rmic
+#
+
+ifeq ($(RMIC),)
+	RMIC_PROG   = $(JAVA_HOME)/bin/rmic$(PROG_SUFFIX)
+	RMIC_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	RMIC_FLAGS += $(JDK_OPTIMIZER_OPT)
+	RMIC_FLAGS += $(JDK_CLASSPATH_OPT)
+	RMIC        = $(RMIC_PROG) $(RMIC_FLAGS) 
+endif
+
+#
+# (17) rmiregistry
+#
+
+ifeq ($(RMIREGISTRY),)
+	RMIREGISTRY_PROG   = $(JAVA_HOME)/bin/rmiregistry$(PROG_SUFFIX)
+	RMIREGISTRY_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	RMIREGISTRY        = $(RMIREGISTRY_PROG) $(RMIREGISTRY_FLAGS) 
+endif
+
+#
+# (18) serialver
+#
+
+ifeq ($(SERIALVER),)
+	SERIALVER_PROG   = $(JAVA_HOME)/bin/serialver$(PROG_SUFFIX)
+	SERIALVER_FLAGS  = $(JDK_THREADING_MODEL_OPT)
+	SERIALVER        = $(SERIALVER_PROG) $(SERIALVER_FLAGS) 
+endif
diff --git a/nss/coreconf/jniregen.pl b/nss/coreconf/jniregen.pl
new file mode 100755
index 0000000..2039180
--- /dev/null
+++ b/nss/coreconf/jniregen.pl
@@ -0,0 +1,79 @@
+#!/usr/local/bin/perl
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Input: -d dir -j javahcmd foo1 foo2 . . .
+#        Compares generated "_jni/foo1.h" file with "foo1.class", and
+#        generated "_jni/foo2.h" file with "foo2.class", etc.
+#        (NOTE:  unlike its closely related cousin, outofdate.pl,
+#                the "-d dir" must always be specified)
+#        Runs the javahcmd on all files that are different.
+#
+# Returns: list of headers which are OLDER than corresponding class
+#          files (non-existent class files are considered to be real old :-)
+
+my $javah = "";
+my $classdir = "";
+
+while(1) {
+    if ($ARGV[0] eq '-d') {
+        $classdir = $ARGV[1];
+        $classdir .= "/";
+        shift;
+        shift;
+    } elsif($ARGV[0] eq '-j') {
+        $javah = $ARGV[1];
+        shift;
+        shift;
+    } else {
+        last;
+    }
+}
+
+if( $javah  eq "") {
+    die "Must specify -j <javah command>";
+}
+if( $classdir eq "") {
+    die "Must specify -d <classdir>";
+}
+
+foreach $filename (@ARGV)
+{
+    $headerfilename = "_jni/";
+    $headerfilename .= $filename;
+    $headerfilename =~ s/\./_/g;
+    $headerfilename .= ".h";
+
+    $classfilename = $filename;
+    $classfilename =~ s|\.|/|g;
+    $classfilename .= ".class";
+
+    $classfilename = $classdir . $classfilename;
+
+
+    ( $dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $headermtime,
+      $ctime, $blksize, $blocks ) = stat( $headerfilename );
+
+    ( $dev, $ino, $mode, $nlink, $uid, $gid, $rdev, $size, $atime, $classmtime,
+      $ctime, $blksize, $blocks ) = stat( $classfilename );
+
+    if( $headermtime < $classmtime )
+    {
+	# NOTE:  Since this is used by "javah", and "javah" refuses to overwrite
+	#        an existing file, we force an unlink from this script, since
+	#        we actually want to regenerate the header file at this time.
+        unlink $headerfilename;
+        push @filelist, $filename;
+    }
+}
+
+if( @filelist ) {
+    $cmd = "$javah " . join(" ",@filelist);
+    $cmd =~ s/\'/\"/g;  # because windows doesn't understand single quote
+    print "$cmd\n";
+    exit (system($cmd) >> 8);
+} else {
+    print "All JNI header files up to date.\n"
+}
diff --git a/nss/coreconf/location.mk b/nss/coreconf/location.mk
new file mode 100644
index 0000000..b11558a
--- /dev/null
+++ b/nss/coreconf/location.mk
@@ -0,0 +1,78 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master "Core Components" macros to figure out binary code location  #
+#######################################################################
+
+#
+# Figure out where the binary code lives.
+#
+
+ifdef BUILD_TREE
+ifdef LIBRARY_NAME
+BUILD         = $(BUILD_TREE)/nss/$(LIBRARY_NAME)
+OBJDIR        = $(BUILD_TREE)/nss/$(LIBRARY_NAME)
+DEPENDENCIES  = $(BUILD_TREE)/nss/$(LIBRARY_NAME)/.md
+else
+BUILD         = $(BUILD_TREE)/nss
+OBJDIR        = $(BUILD_TREE)/nss
+DEPENDENCIES  = $(BUILD_TREE)/nss/.md
+endif
+else
+BUILD         = $(PLATFORM)
+OBJDIR        = $(PLATFORM)
+DEPENDENCIES  = $(PLATFORM)/.md
+endif
+
+DIST          = $(SOURCE_PREFIX)/$(PLATFORM)
+
+ifdef BUILD_DEBUG_GC
+    DEFINES += -DDEBUG_GC
+endif
+
+GARBAGE += $(DEPENDENCIES) core $(wildcard core.[0-9]*)
+
+ifdef NSPR_INCLUDE_DIR
+    INCLUDES += -I$(NSPR_INCLUDE_DIR)
+endif
+
+ifndef NSPR_LIB_DIR
+    NSPR_LIB_DIR = $(DIST)/lib
+endif
+
+ifdef NSS_INCLUDE_DIR
+    INCLUDES += -I$(NSS_INCLUDE_DIR)
+endif
+
+ifndef NSS_LIB_DIR
+    NSS_LIB_DIR = $(DIST)/lib
+endif
+
+ifdef NSSUTIL_INCLUDE_DIR
+    INCLUDES += -I$(NSSUTIL_INCLUDE_DIR)
+endif
+
+ifndef NSSUTIL_LIB_DIR
+    NSSUTIL_LIB_DIR = $(DIST)/lib
+endif
+
+ifdef SOFTOKEN_INCLUDE_DIR
+    INCLUDES += -I$(SOFTOKEN_INCLUDE_DIR)
+endif
+
+ifndef SOFTOKEN_LIB_DIR
+    SOFTOKEN_LIB_DIR = $(DIST)/lib
+endif
+
+ifndef SQLITE_LIB_DIR
+    SQLITE_LIB_DIR = $(DIST)/lib
+endif
+
+ifndef SQLITE_LIB_NAME
+    SQLITE_LIB_NAME = sqlite3
+endif
+
+MK_LOCATION = included
diff --git a/nss/coreconf/mkdepend/Makefile b/nss/coreconf/mkdepend/Makefile
new file mode 100644
index 0000000..4621f2a
--- /dev/null
+++ b/nss/coreconf/mkdepend/Makefile
@@ -0,0 +1,60 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH		= ../..
+CORE_DEPTH	= ../..
+
+MODULE		= coreconf
+
+CSRCS		= \
+                cppsetup.c \
+                ifparser.c \
+                include.c \
+                main.c \
+                parse.c \
+                pr.c
+
+PROGRAM		= mkdepend
+
+# Indicate that this directory builds build tools.
+INTERNAL_TOOLS  = 1
+
+
+include $(DEPTH)/coreconf/config.mk
+
+TARGETS		= $(PROGRAM)
+ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET)))
+DEFINES		+= -DNO_X11
+else
+INSTALL		= true
+endif
+
+ifdef NATIVE_CC
+CC=$(NATIVE_CC)
+endif
+
+ifdef NATIVE_FLAGS
+OS_CFLAGS=$(NATIVE_FLAGS)
+endif
+
+include $(DEPTH)/coreconf/rules.mk
+
+ifdef GNU_CC
+OPTIMIZER = -O3
+else
+ifeq ($(OS_ARCH),SunOS)
+OPTIMIZER = -fast
+endif
+ifeq ($(OS_ARCH),WINNT)
+OPTIMIZER = -Ox
+endif
+endif
+
+DEFINES += -DINCLUDEDIR=\"/usr/include\" -DOBJSUFFIX=\".$(OBJ_SUFFIX)\"
+
+# Redefine MAKE_OBJDIR for just this directory
+define MAKE_OBJDIR
+if test ! -d $(@D); then rm -rf $(@D); mkdir $(@D); fi
+endef
+
diff --git a/nss/coreconf/mkdepend/cppsetup.c b/nss/coreconf/mkdepend/cppsetup.c
new file mode 100644
index 0000000..49a746a
--- /dev/null
+++ b/nss/coreconf/mkdepend/cppsetup.c
@@ -0,0 +1,233 @@
+/* $Xorg: cppsetup.c,v 1.5 2001/02/09 02:03:16 xorgcvs Exp $ */
+/*
+
+Copyright (c) 1993, 1994, 1998  The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+/* $XFree86: xc/config/makedepend/cppsetup.c,v 3.11 2001/12/17 20:52:22 dawes Exp $ */
+
+#include "def.h"
+
+#ifdef	CPP
+/*
+ * This file is strictly for the sake of cpy.y and yylex.c (if
+ * you indeed have the source for cpp).
+ */
+#define IB 1
+#define SB 2
+#define NB 4
+#define CB 8
+#define QB 16
+#define WB 32
+#define SALT '#'
+#if defined(pdp11) || defined(vax) || defined(ns16000) || defined(mc68000) || defined(ibm032)
+#define COFF 128
+#else
+#define COFF 0
+#endif
+/*
+ * These variables used by cpy.y and yylex.c
+ */
+extern char	*outp, *inp, *newp, *pend;
+extern char	*ptrtab;
+extern char	fastab[];
+extern char	slotab[];
+
+/*
+ * cppsetup
+ */
+struct filepointer	*currentfile;
+struct inclist		*currentinc;
+
+int
+cppsetup(char *line, struct filepointer *filep, struct inclist *inc)
+{
+	char *p, savec;
+	static boolean setupdone = FALSE;
+	boolean	value;
+
+	if (!setupdone) {
+		cpp_varsetup();
+		setupdone = TRUE;
+	}
+
+	currentfile = filep;
+	currentinc = inc;
+	inp = newp = line;
+	for (p=newp; *p; p++)
+		;
+
+	/*
+	 * put a newline back on the end, and set up pend, etc.
+	 */
+	*p++ = '\n';
+	savec = *p;
+	*p = '\0';
+	pend = p;
+
+	ptrtab = slotab+COFF;
+	*--inp = SALT; 
+	outp=inp; 
+	value = yyparse();
+	*p = savec;
+	return(value);
+}
+
+struct symtab **lookup(symbol)
+	char	*symbol;
+{
+	static struct symtab    *undefined;
+	struct symtab   **sp;
+
+	sp = isdefined(symbol, currentinc, NULL);
+	if (sp == NULL) {
+		sp = &undefined;
+		(*sp)->s_value = NULL;
+	}
+	return (sp);
+}
+
+pperror(tag, x0,x1,x2,x3,x4)
+	int	tag,x0,x1,x2,x3,x4;
+{
+	warning("\"%s\", line %d: ", currentinc->i_file, currentfile->f_line);
+	warning(x0,x1,x2,x3,x4);
+}
+
+
+yyerror(s)
+	register char	*s;
+{
+	fatalerr("Fatal error: %s\n", s);
+}
+#else /* not CPP */
+
+#include "ifparser.h"
+struct _parse_data {
+    struct filepointer *filep;
+    struct inclist *inc;
+    char *filename;
+    const char *line;
+};
+
+static const char *
+my_if_errors (IfParser *ip, const char *cp, const char *expecting)
+{
+    struct _parse_data *pd = (struct _parse_data *) ip->data;
+    int lineno = pd->filep->f_line;
+    char *filename = pd->filename;
+    char prefix[300];
+    int prefixlen;
+    int i;
+
+    sprintf (prefix, "\"%s\":%d", filename, lineno);
+    prefixlen = strlen(prefix);
+    fprintf (stderr, "%s:  %s", prefix, pd->line);
+    i = cp - pd->line;
+    if (i > 0 && pd->line[i-1] != '\n') {
+	putc ('\n', stderr);
+    }
+    for (i += prefixlen + 3; i > 0; i--) {
+	putc (' ', stderr);
+    }
+    fprintf (stderr, "^--- expecting %s\n", expecting);
+    return NULL;
+}
+
+
+#define MAXNAMELEN 256
+
+static struct symtab **
+lookup_variable (IfParser *ip, const char *var, int len)
+{
+    char tmpbuf[MAXNAMELEN + 1];
+    struct _parse_data *pd = (struct _parse_data *) ip->data;
+
+    if (len > MAXNAMELEN)
+	return 0;
+
+    strncpy (tmpbuf, var, len);
+    tmpbuf[len] = '\0';
+    return isdefined (tmpbuf, pd->inc, NULL);
+}
+
+
+static int
+my_eval_defined (IfParser *ip, const char *var, int len)
+{
+    if (lookup_variable (ip, var, len))
+	return 1;
+    else
+	return 0;
+}
+
+#define isvarfirstletter(ccc) (isalpha(ccc) || (ccc) == '_')
+
+static long
+my_eval_variable (IfParser *ip, const char *var, int len)
+{
+    long val;
+    struct symtab **s;
+
+    s = lookup_variable (ip, var, len);
+    if (!s)
+	return 0;
+    do {
+	var = (*s)->s_value;
+	if (!isvarfirstletter(*var) || !strcmp((*s)->s_name, var))
+	    break;
+	s = lookup_variable (ip, var, strlen(var));
+    } while (s);
+
+    var = ParseIfExpression(ip, var, &val);
+    if (var && *var) debug(4, ("extraneous: '%s'\n", var));
+    return val;
+}
+
+int
+cppsetup(char *filename,
+	 char *line,
+	 struct filepointer *filep,
+	 struct inclist *inc)
+{
+    IfParser ip;
+    struct _parse_data pd;
+    long val = 0;
+
+    pd.filep = filep;
+    pd.inc = inc;
+    pd.line = line;
+    pd.filename = filename;
+    ip.funcs.handle_error = my_if_errors;
+    ip.funcs.eval_defined = my_eval_defined;
+    ip.funcs.eval_variable = my_eval_variable;
+    ip.data = (char *) &pd;
+
+    (void) ParseIfExpression (&ip, line, &val);
+    if (val)
+	return IF;
+    else
+	return IFFALSE;
+}
+#endif /* CPP */
+
diff --git a/nss/coreconf/mkdepend/def.h b/nss/coreconf/mkdepend/def.h
new file mode 100644
index 0000000..d6e5f89
--- /dev/null
+++ b/nss/coreconf/mkdepend/def.h
@@ -0,0 +1,184 @@
+/* $Xorg: def.h,v 1.4 2001/02/09 02:03:16 xorgcvs Exp $ */
+/*
+
+Copyright (c) 1993, 1994, 1998 The Open Group.
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+/* $XFree86: xc/config/makedepend/def.h,v 3.14 2003/01/17 17:09:49 tsi Exp $ */
+
+#ifndef NO_X11
+#include <X11/Xos.h>
+#include <X11/Xfuncproto.h>
+#endif
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#if 0
+#ifndef X_NOT_POSIX
+#ifndef _POSIX_SOURCE
+#define _POSIX_SOURCE
+#endif
+#endif
+#endif
+#include <sys/types.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#define MAXDEFINES	512
+#define MAXFILES	1024
+#define MAXINCFILES	256	/* "-include" files */
+#define MAXDIRS		1024
+#define SYMTABINC	10	/* must be > 1 for define() to work right */
+#define	TRUE		1
+#define	FALSE		0
+
+/* the following must match the directives table in main.c */
+#define	IF		0
+#define	IFDEF		1
+#define	IFNDEF		2
+#define	ELSE		3
+#define	ENDIF		4
+#define	DEFINE		5
+#define	UNDEF		6
+#define	INCLUDE		7
+#define	LINE		8
+#define	PRAGMA		9
+#define ERROR           10
+#define IDENT           11
+#define SCCS            12
+#define ELIF            13
+#define EJECT           14
+#define WARNING         15
+#define INCLUDENEXT     16
+#define IFFALSE         17     /* pseudo value --- never matched */
+#define ELIFFALSE       18     /* pseudo value --- never matched */
+#define INCLUDEDOT      19     /* pseudo value --- never matched */
+#define IFGUESSFALSE    20     /* pseudo value --- never matched */
+#define ELIFGUESSFALSE  21     /* pseudo value --- never matched */
+#define INCLUDENEXTDOT  22     /* pseudo value --- never matched */
+
+#ifdef DEBUG
+extern int	_debugmask;
+/*
+ * debug levels are:
+ * 
+ *     0	show ifn*(def)*,endif
+ *     1	trace defined/!defined
+ *     2	show #include
+ *     3	show #include SYMBOL
+ *     4-6	unused
+ */
+#define debug(level,arg) { if (_debugmask & (1 << level)) warning arg; }
+#else
+#define	debug(level,arg) /**/
+#endif /* DEBUG */
+
+typedef	unsigned char boolean;
+
+struct symtab {
+	char	*s_name;
+	char	*s_value;
+};
+
+/* possible i_flag */
+#define DEFCHECKED	(1<<0)	/* whether defines have been checked */
+#define NOTIFIED	(1<<1)	/* whether we have revealed includes */
+#define MARKED		(1<<2)	/* whether it's in the makefile */
+#define SEARCHED	(1<<3)	/* whether we have read this */
+#define FINISHED	(1<<4)	/* whether we are done reading this */
+#define INCLUDED_SYM	(1<<5)	/* whether #include SYMBOL was found
+				   Can't use i_list if TRUE */
+struct	inclist {
+	char		*i_incstring;	/* string from #include line */
+	char		*i_file;	/* path name of the include file */
+	struct inclist	**i_list;	/* list of files it itself includes */
+	int		i_listlen;	/* length of i_list */
+	struct symtab	**i_defs;	/* symbol table for this file and its
+					   children when merged */
+	int		i_ndefs;	/* current # defines */
+	boolean		*i_merged;      /* whether we have merged child
+					   defines */
+	unsigned char   i_flags;
+};
+
+struct filepointer {
+	char	*f_name;
+	char	*f_p;
+	char	*f_base;
+	char	*f_end;
+	long	f_len;
+	long	f_line;
+	long	cmdinc_count;
+	char	**cmdinc_list;
+	long	cmdinc_line;
+};
+
+#include <stdlib.h>
+#if defined(macII) && !defined(__STDC__)  /* stdlib.h fails to define these */
+char *malloc(), *realloc();
+#endif /* macII */
+
+char			*copy(char *str);
+int                     match(char *str, char **list);
+char			*base_name(char *file);
+char			*getnextline(struct filepointer *fp);
+struct symtab		**slookup(char *symbol, struct inclist *file);
+struct symtab		**isdefined(char *symbol, struct inclist *file,
+				    struct inclist **srcfile);
+struct symtab		**fdefined(char *symbol, struct inclist *file,
+				   struct inclist **srcfile);
+struct filepointer	*getfile(char *file);
+void                    included_by(struct inclist *ip, 
+				    struct inclist *newfile);
+struct inclist		*newinclude(char *newfile, char *incstring);
+void                    inc_clean (void);
+struct inclist		*inc_path(char *file, char *include, int type);
+
+void                    freefile(struct filepointer *fp);
+
+void                    define2(char *name, char *val, struct inclist *file);
+void                    define(char *def, struct inclist *file);
+void                    undefine(char *symbol, struct inclist *file);
+int                     find_includes(struct filepointer *filep, 
+				      struct inclist *file, 
+				      struct inclist *file_red, 
+				      int recursion, boolean failOK);
+
+void                    recursive_pr_include(struct inclist *head, 
+					     char *file, char *base);
+void                    add_include(struct filepointer *filep, 
+				    struct inclist *file, 
+				    struct inclist *file_red, 
+				    char *include, int type,
+				    boolean failOK);
+
+int                     cppsetup(char *filename,
+				 char *line,
+				 struct filepointer *filep,
+				 struct inclist *inc);
+
+
+extern void fatalerr(char *, ...);
+extern void warning(char *, ...);
+extern void warning1(char *, ...);
diff --git a/nss/coreconf/mkdepend/ifparser.c b/nss/coreconf/mkdepend/ifparser.c
new file mode 100644
index 0000000..0b184c2
--- /dev/null
+++ b/nss/coreconf/mkdepend/ifparser.c
@@ -0,0 +1,551 @@
+/*
+ * $Xorg: ifparser.c,v 1.3 2000/08/17 19:41:50 cpqbld Exp $
+ *
+ * Copyright 1992 Network Computing Devices, Inc.
+ * 
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of Network Computing Devices may not be
+ * used in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission.  Network Computing Devices makes
+ * no representations about the suitability of this software for any purpose.
+ * It is provided ``as is'' without express or implied warranty.
+ * 
+ * NETWORK COMPUTING DEVICES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
+ * SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS,
+ * IN NO EVENT SHALL NETWORK COMPUTING DEVICES BE LIABLE FOR ANY SPECIAL,
+ * INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * Author:  Jim Fulton
+ *          Network Computing Devices, Inc.
+ * 
+ * Simple if statement processor
+ *
+ * This module can be used to evaluate string representations of C language
+ * if constructs.  It accepts the following grammar:
+ * 
+ *     EXPRESSION	:=	VALUE
+ * 			 |	VALUE  BINOP	EXPRESSION
+ *			 |	VALUE	'?'	EXPRESSION ':'	EXPRESSION
+ * 
+ *     VALUE		:=	'('  EXPRESSION  ')'
+ * 			 |	'!'  VALUE
+ * 			 |	'-'  VALUE
+ * 			 |	'+'  VALUE
+ *			 |	'~'  VALUE
+ * 			 |	'defined'  '('  variable  ')'
+ * 			 |	'defined'  variable
+ *			 |	# variable '(' variable-list ')'
+ * 			 |	variable
+ * 			 |	number
+ * 
+ *     BINOP		:=	'*'	|  '/'	|  '%'
+ * 			 |	'+'	|  '-'
+ * 			 |	'<<'	|  '>>'
+ * 			 |	'<'	|  '>'	|  '<='  |  '>='
+ * 			 |	'=='	|  '!='
+ * 			 |	'&'	|  '^'  |  '|'
+ * 			 |	'&&'	|  '||'
+ * 
+ * The normal C order of precedence is supported.
+ * 
+ * 
+ * External Entry Points:
+ * 
+ *     ParseIfExpression		parse a string for #if
+ */
+/* $XFree86: xc/config/makedepend/ifparser.c,v 3.11 2002/09/23 01:48:08 tsi Exp $ */
+
+#include "ifparser.h"
+#include <ctype.h>
+#include <stdlib.h>
+#include <string.h>
+
+/****************************************************************************
+		   Internal Macros and Utilities for Parser
+ ****************************************************************************/
+
+#define DO(val) if (!(val)) return NULL
+#define CALLFUNC(ggg,fff) (*((ggg)->funcs.fff))
+#define SKIPSPACE(ccc) while (isspace(*ccc)) ccc++
+#define isvarfirstletter(ccc) (isalpha(ccc) || (ccc) == '_')
+
+
+static const char *
+parse_variable (IfParser *g, const char *cp, const char **varp)
+{
+    SKIPSPACE (cp);
+
+    if (!isvarfirstletter (*cp))
+	return CALLFUNC(g, handle_error) (g, cp, "variable name");
+
+    *varp = cp;
+    /* EMPTY */
+    for (cp++; isalnum(*cp) || *cp == '_'; cp++) ;
+    return cp;
+}
+
+
+static const char *
+parse_number (IfParser *g, const char *cp, long *valp)
+{
+    long base = 10;
+    SKIPSPACE (cp);
+
+    if (!isdigit(*cp))
+	return CALLFUNC(g, handle_error) (g, cp, "number");
+
+    *valp = 0;
+
+    if (*cp == '0') {
+	cp++;
+	if ((*cp == 'x') || (*cp == 'X')) {
+	    base = 16;
+	    cp++;
+	} else {
+	    base = 8;
+	}
+    }
+
+    /* Ignore overflows and assume ASCII, what source is usually written in */
+    while (1) {
+	int increment = -1;
+	if (base == 8) {
+	    if ((*cp >= '0') && (*cp <= '7'))
+		increment = *cp++ - '0';
+	} else if (base == 16) {
+	    if ((*cp >= '0') && (*cp <= '9'))
+		increment = *cp++ - '0';
+	    else if ((*cp >= 'A') &&  (*cp <= 'F'))
+		increment = *cp++ - ('A' - 10);
+	    else if ((*cp >= 'a') && (*cp <= 'f'))
+		increment = *cp++ - ('a' - 10);
+	} else {	/* Decimal */
+	    if ((*cp >= '0') && (*cp <= '9'))
+		increment = *cp++ - '0';
+	}
+	if (increment < 0)
+	    break;
+	*valp = (*valp * base) + increment;
+    }
+
+    /* Skip trailing qualifiers */
+    while (*cp == 'U' || *cp == 'u' || *cp == 'L' || *cp == 'l') cp++;
+    return cp;
+}
+
+static const char *
+parse_character (IfParser *g, const char *cp, long *valp)
+{
+    char val;
+
+    SKIPSPACE (cp);
+    if (*cp == '\\')
+	switch (cp[1]) {
+	case 'n': val = '\n'; break;
+	case 't': val = '\t'; break;
+	case 'v': val = '\v'; break;
+	case 'b': val = '\b'; break;
+	case 'r': val = '\r'; break;
+	case 'f': val = '\f'; break;
+	case 'a': val = '\a'; break;
+	case '\\': val = '\\'; break;
+	case '?': val = '\?'; break;
+	case '\'': val = '\''; break;
+	case '\"': val = '\"'; break;
+	case 'x': val = (char) strtol (cp + 2, NULL, 16); break;
+	default: val = (char) strtol (cp + 1, NULL, 8); break;
+	}
+    else
+	val = *cp;
+    while (*cp != '\'') cp++;
+    *valp = (long) val;
+    return cp;
+}
+
+static const char *
+parse_value (IfParser *g, const char *cp, long *valp)
+{
+    const char *var, *varend;
+
+    *valp = 0;
+
+    SKIPSPACE (cp);
+    if (!*cp)
+	return cp;
+
+    switch (*cp) {
+      case '(':
+	DO (cp = ParseIfExpression (g, cp + 1, valp));
+	SKIPSPACE (cp);
+	if (*cp != ')') 
+	    return CALLFUNC(g, handle_error) (g, cp, ")");
+
+	return cp + 1;			/* skip the right paren */
+
+      case '!':
+	DO (cp = parse_value (g, cp + 1, valp));
+	*valp = !(*valp);
+	return cp;
+
+      case '-':
+	DO (cp = parse_value (g, cp + 1, valp));
+	*valp = -(*valp);
+	return cp;
+
+      case '+':
+	DO (cp = parse_value (g, cp + 1, valp));
+	return cp;
+
+      case '~':
+	DO (cp = parse_value (g, cp + 1, valp));
+	*valp = ~(*valp);
+	return cp;
+
+      case '#':
+	DO (cp = parse_variable (g, cp + 1, &var));
+	SKIPSPACE (cp);
+	if (*cp != '(')
+	    return CALLFUNC(g, handle_error) (g, cp, "(");
+	do {
+	    DO (cp = parse_variable (g, cp + 1, &var));
+	    SKIPSPACE (cp);
+	} while (*cp && *cp != ')');
+	if (*cp != ')')
+	    return CALLFUNC(g, handle_error) (g, cp, ")");
+	*valp = 1; /* XXX */
+	return cp + 1;
+
+      case '\'':
+	DO (cp = parse_character (g, cp + 1, valp));
+	if (*cp != '\'')
+	    return CALLFUNC(g, handle_error) (g, cp, "'");
+	return cp + 1;
+
+      case 'd':
+	if (strncmp (cp, "defined", 7) == 0 && !isalnum(cp[7])) {
+	    int paren = 0;
+	    int len;
+
+	    cp += 7;
+	    SKIPSPACE (cp);
+	    if (*cp == '(') {
+		paren = 1;
+		cp++;
+	    }
+	    DO (cp = parse_variable (g, cp, &var));
+	    len = cp - var;
+	    SKIPSPACE (cp);
+	    if (paren && *cp != ')')
+		return CALLFUNC(g, handle_error) (g, cp, ")");
+	    *valp = (*(g->funcs.eval_defined)) (g, var, len);
+	    return cp + paren;		/* skip the right paren */
+	}
+	/* fall out */
+    }
+
+    if (isdigit(*cp)) {
+	DO (cp = parse_number (g, cp, valp));
+    } else if (!isvarfirstletter(*cp))
+	return CALLFUNC(g, handle_error) (g, cp, "variable or number");
+    else {
+	DO (cp = parse_variable (g, cp, &var));
+	varend = cp;
+	SKIPSPACE(cp);
+	if (*cp != '(') {
+	    *valp = (*(g->funcs.eval_variable)) (g, var, varend - var);
+	} else {
+	    do {
+		long dummy;
+		DO (cp = ParseIfExpression (g, cp + 1, &dummy));
+		SKIPSPACE(cp);
+		if (*cp == ')')
+		    break;
+		if (*cp != ',')
+		    return CALLFUNC(g, handle_error) (g, cp, ",");
+	    } while (1);
+
+	    *valp = 1;	/* XXX */
+	    cp++;
+	}
+    }
+    
+    return cp;
+}
+
+
+
+static const char *
+parse_product (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_value (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '*':
+	DO (cp = parse_product (g, cp + 1, &rightval));
+	*valp = (*valp * rightval);
+	break;
+
+      case '/':
+	DO (cp = parse_product (g, cp + 1, &rightval));
+	if (rightval == 0)
+	  return CALLFUNC(g, handle_error) (g, cp, "0");
+	*valp = (*valp / rightval);
+	break;
+
+      case '%':
+	DO (cp = parse_product (g, cp + 1, &rightval));
+	*valp = (*valp % rightval);
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_sum (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_product (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '+':
+	DO (cp = parse_sum (g, cp + 1, &rightval));
+	*valp = (*valp + rightval);
+	break;
+
+      case '-':
+	DO (cp = parse_sum (g, cp + 1, &rightval));
+	*valp = (*valp - rightval);
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_shift (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_sum (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '<':
+	if (cp[1] == '<') {
+	    DO (cp = parse_shift (g, cp + 2, &rightval));
+	    *valp = (*valp << rightval);
+	}
+	break;
+
+      case '>':
+	if (cp[1] == '>') {
+	    DO (cp = parse_shift (g, cp + 2, &rightval));
+	    *valp = (*valp >> rightval);
+	}
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_inequality (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_shift (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '<':
+	if (cp[1] == '=') {
+	    DO (cp = parse_inequality (g, cp + 2, &rightval));
+	    *valp = (*valp <= rightval);
+	} else {
+	    DO (cp = parse_inequality (g, cp + 1, &rightval));
+	    *valp = (*valp < rightval);
+	}
+	break;
+
+      case '>':
+	if (cp[1] == '=') {
+	    DO (cp = parse_inequality (g, cp + 2, &rightval));
+	    *valp = (*valp >= rightval);
+	} else {
+	    DO (cp = parse_inequality (g, cp + 1, &rightval));
+	    *valp = (*valp > rightval);
+	}
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_equality (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_inequality (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '=':
+	if (cp[1] == '=')
+	    cp++;
+	DO (cp = parse_equality (g, cp + 1, &rightval));
+	*valp = (*valp == rightval);
+	break;
+
+      case '!':
+	if (cp[1] != '=')
+	    break;
+	DO (cp = parse_equality (g, cp + 2, &rightval));
+	*valp = (*valp != rightval);
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_band (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_equality (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '&':
+	if (cp[1] != '&') {
+	    DO (cp = parse_band (g, cp + 1, &rightval));
+	    *valp = (*valp & rightval);
+	}
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_bxor (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_band (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '^':
+	DO (cp = parse_bxor (g, cp + 1, &rightval));
+	*valp = (*valp ^ rightval);
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_bor (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_bxor (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '|':
+	if (cp[1] != '|') {
+	    DO (cp = parse_bor (g, cp + 1, &rightval));
+	    *valp = (*valp | rightval);
+	}
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_land (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_bor (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '&':
+	if (cp[1] != '&')
+	    return CALLFUNC(g, handle_error) (g, cp, "&&");
+	DO (cp = parse_land (g, cp + 2, &rightval));
+	*valp = (*valp && rightval);
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_lor (IfParser *g, const char *cp, long *valp)
+{
+    long rightval;
+
+    DO (cp = parse_land (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '|':
+	if (cp[1] != '|')
+	    return CALLFUNC(g, handle_error) (g, cp, "||");
+	DO (cp = parse_lor (g, cp + 2, &rightval));
+	*valp = (*valp || rightval);
+	break;
+    }
+    return cp;
+}
+
+
+static const char *
+parse_cond(IfParser *g, const char *cp, long *valp)
+{
+    long trueval, falseval;
+
+    DO (cp = parse_lor (g, cp, valp));
+    SKIPSPACE (cp);
+
+    switch (*cp) {
+      case '?':
+	DO (cp = parse_cond (g, cp + 1, &trueval));
+	SKIPSPACE (cp);
+	if (*cp != ':')
+	    return CALLFUNC(g, handle_error) (g, cp, ":");
+	DO (cp = parse_cond (g, cp + 1, &falseval));
+	*valp = (*valp ? trueval : falseval);
+	break;
+    }
+    return cp;
+}
+
+
+/****************************************************************************
+			     External Entry Points
+ ****************************************************************************/
+
+const char *
+ParseIfExpression (IfParser *g, const char *cp, long *valp)
+{
+    return parse_cond (g, cp, valp);
+}
diff --git a/nss/coreconf/mkdepend/ifparser.h b/nss/coreconf/mkdepend/ifparser.h
new file mode 100644
index 0000000..89d2a2f
--- /dev/null
+++ b/nss/coreconf/mkdepend/ifparser.h
@@ -0,0 +1,83 @@
+/*
+ * $Xorg: ifparser.h,v 1.3 2000/08/17 19:41:51 cpqbld Exp $
+ *
+ * Copyright 1992 Network Computing Devices, Inc.
+ * 
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of Network Computing Devices may not be
+ * used in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission.  Network Computing Devices makes
+ * no representations about the suitability of this software for any purpose.
+ * It is provided ``as is'' without express or implied warranty.
+ * 
+ * NETWORK COMPUTING DEVICES DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
+ * SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS,
+ * IN NO EVENT SHALL NETWORK COMPUTING DEVICES BE LIABLE FOR ANY SPECIAL,
+ * INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * Author:  Jim Fulton
+ *          Network Computing Devices, Inc.
+ * 
+ * Simple if statement processor
+ *
+ * This module can be used to evaluate string representations of C language
+ * if constructs.  It accepts the following grammar:
+ * 
+ *     EXPRESSION	:=	VALUE
+ * 			 |	VALUE  BINOP	EXPRESSION
+ *			 |	VALUE	'?'	EXPRESSION ':'	EXPRESSION
+ * 
+ *     VALUE		:=	'('  EXPRESSION  ')'
+ * 			 |	'!'  VALUE
+ * 			 |	'-'  VALUE
+ *			 |	'~'  VALUE
+ * 			 |	'defined'  '('  variable  ')'
+ * 			 |	variable
+ * 			 |	number
+ * 
+ *     BINOP		:=	'*'	|  '/'	|  '%'
+ * 			 |	'+'	|  '-'
+ * 			 |	'<<'	|  '>>'
+ * 			 |	'<'	|  '>'	|  '<='  |  '>='
+ * 			 |	'=='	|  '!='
+ * 			 |	'&'	|  '^'  |  '|'
+ * 			 |	'&&'	|  '||'
+ * 
+ * The normal C order of precedence is supported.
+ * 
+ * 
+ * External Entry Points:
+ * 
+ *     ParseIfExpression		parse a string for #if
+ */
+
+/* $XFree86: xc/config/makedepend/ifparser.h,v 3.5 2001/07/25 15:04:40 dawes Exp $ */
+
+#include <stdio.h>
+
+typedef int Bool;
+#define False 0
+#define True 1
+
+typedef struct _if_parser {
+    struct {				/* functions */
+	const char *(*handle_error) (struct _if_parser *, const char *,
+				     const char *);
+	long (*eval_variable) (struct _if_parser *, const char *, int);
+	int (*eval_defined) (struct _if_parser *, const char *, int);
+    } funcs;
+    char *data;
+} IfParser;
+
+const char *ParseIfExpression (
+    IfParser *, 
+    const char *, 
+    long *
+);
+
diff --git a/nss/coreconf/mkdepend/imakemdep.h b/nss/coreconf/mkdepend/imakemdep.h
new file mode 100644
index 0000000..7321972
--- /dev/null
+++ b/nss/coreconf/mkdepend/imakemdep.h
@@ -0,0 +1,782 @@
+
+/* $XConsortium: imakemdep.h,v 1.83 95/04/07 19:47:46 kaleb Exp $ */
+/* $XFree86: xc/config/imake/imakemdep.h,v 3.12 1995/07/08 10:22:17 dawes Exp $ */
+/*
+
+Copyright (c) 1993, 1994  X Consortium
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of the X Consortium shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from the X Consortium.
+
+*/
+
+
+/* 
+ * This file contains machine-dependent constants for the imake utility.
+ * When porting imake, read each of the steps below and add in any necessary
+ * definitions.  In general you should *not* edit ccimake.c or imake.c!
+ */
+
+#ifdef CCIMAKE
+/*
+ * Step 1:  imake_ccflags
+ *     Define any special flags that will be needed to get imake.c to compile.
+ *     These will be passed to the compile along with the contents of the
+ *     make variable BOOTSTRAPCFLAGS.
+ */
+#ifdef hpux
+#ifdef hp9000s800
+#define imake_ccflags "-DSYSV"
+#else
+#define imake_ccflags "-Wc,-Nd4000,-Ns3000 -DSYSV"
+#endif
+#endif
+
+#if defined(macII) || defined(_AUX_SOURCE)
+#define imake_ccflags "-DmacII -DSYSV"
+#endif
+
+#ifdef stellar
+#define imake_ccflags "-DSYSV"
+#endif
+
+#if defined(USL) || defined(Oki) || defined(NCR)
+#define imake_ccflags "-Xc -DSVR4"
+#endif
+
+#ifdef sony
+#if defined(SYSTYPE_SYSV) || defined(_SYSTYPE_SYSV)
+#define imake_ccflags "-DSVR4"
+#else
+#include <sys/param.h>
+#if NEWSOS < 41
+#define imake_ccflags "-Dbsd43 -DNOSTDHDRS"
+#else
+#if NEWSOS < 42
+#define imake_ccflags "-Dbsd43"
+#endif
+#endif
+#endif
+#endif
+
+#ifdef _CRAY
+#define imake_ccflags "-DSYSV -DUSG"
+#endif
+
+#if defined(_IBMR2) || defined(aix)
+#define imake_ccflags "-Daix -DSYSV"
+#endif
+
+#ifdef Mips
+#  if defined(SYSTYPE_BSD) || defined(BSD) || defined(BSD43)
+#    define imake_ccflags "-DBSD43"
+#  else 
+#    define imake_ccflags "-DSYSV"
+#  endif
+#endif 
+
+#ifdef is68k
+#define imake_ccflags "-Dluna -Duniosb"
+#endif
+
+#ifdef SYSV386
+# ifdef SVR4
+#  define imake_ccflags "-Xc -DSVR4"
+# else
+#  define imake_ccflags "-DSYSV"
+# endif
+#endif
+
+#ifdef SVR4
+# ifdef i386
+#  define imake_ccflags "-Xc -DSVR4"
+# endif
+#endif
+
+#ifdef SYSV
+# ifdef i386
+#  define imake_ccflags "-DSYSV"
+# endif
+#endif
+
+#ifdef __convex__
+#define imake_ccflags "-fn -tm c1"
+#endif
+
+#ifdef apollo
+#define imake_ccflags "-DX_NOT_POSIX"
+#endif
+
+#ifdef WIN32
+#define imake_ccflags "-nologo -batch -D__STDC__"
+#endif
+
+#ifdef __uxp__
+#define imake_ccflags "-DSVR4 -DANSICPP"
+#endif
+
+#ifdef __sxg__
+#define imake_ccflags "-DSYSV -DUSG -DNOSTDHDRS"
+#endif
+
+#ifdef sequent
+#define imake_ccflags "-DX_NOT_STDC_ENV -DX_NOT_POSIX"
+#endif
+
+#ifdef _SEQUENT_
+#define imake_ccflags "-DSYSV -DUSG"
+#endif
+
+#if defined(SX) || defined(PC_UX)
+#define imake_ccflags "-DSYSV"
+#endif
+
+#ifdef nec_ews_svr2
+#define imake_ccflags "-DUSG"
+#endif
+
+#if defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(_nec_up) || defined(_nec_ft)
+#define imake_ccflags "-DSVR4"
+#endif
+
+#ifdef	MACH
+#define imake_ccflags "-DNOSTDHDRS"
+#endif
+
+/* this is for OS/2 under EMX. This won't work with DOS */
+#if defined(__EMX__) 
+#define imake_ccflags "-DBSD43"
+#endif
+
+#else /* not CCIMAKE */
+#ifndef MAKEDEPEND
+/*
+ * Step 2:  dup2
+ *     If your OS doesn't have a dup2() system call to duplicate one file
+ *     descriptor onto another, define such a mechanism here (if you don't
+ *     already fall under the existing category(ies).
+ */
+#if defined(SYSV) && !defined(_CRAY) && !defined(Mips) && !defined(_SEQUENT_)
+#define	dup2(fd1,fd2)	((fd1 == fd2) ? fd1 : (close(fd2), \
+					       fcntl(fd1, F_DUPFD, fd2)))
+#endif
+
+
+/*
+ * Step 3:  FIXUP_CPP_WHITESPACE
+ *     If your cpp collapses tabs macro expansions into a single space and
+ *     replaces escaped newlines with a space, define this symbol.  This will
+ *     cause imake to attempt to patch up the generated Makefile by looking
+ *     for lines that have colons in them (this is why the rules file escapes
+ *     all colons).  One way to tell if you need this is to see whether or not
+ *     your Makefiles have no tabs in them and lots of @@ strings.
+ */
+#if defined(sun) || defined(SYSV) || defined(SVR4) || defined(hcx) || defined(WIN32) || (defined(AMOEBA) && defined(CROSS_COMPILE))
+#define FIXUP_CPP_WHITESPACE
+#endif
+#ifdef WIN32
+#define REMOVE_CPP_LEADSPACE
+#define INLINE_SYNTAX
+#define MAGIC_MAKE_VARS
+#endif
+#ifdef __minix_vmd
+#define FIXUP_CPP_WHITESPACE
+#endif
+
+/*
+ * Step 4:  USE_CC_E, DEFAULT_CC, DEFAULT_CPP
+ *     If you want to use cc -E instead of cpp, define USE_CC_E.
+ *     If use cc -E but want a different compiler, define DEFAULT_CC.
+ *     If the cpp you need is not in /lib/cpp, define DEFAULT_CPP.
+ */
+#ifdef hpux
+#define USE_CC_E
+#endif
+#ifdef WIN32
+#define USE_CC_E
+#define DEFAULT_CC "cl"
+#endif
+#ifdef apollo
+#define DEFAULT_CPP "/usr/lib/cpp"
+#endif
+#if defined(_IBMR2) && !defined(DEFAULT_CPP)
+#define DEFAULT_CPP "/usr/lpp/X11/Xamples/util/cpp/cpp"
+#endif
+#if defined(sun) && defined(SVR4)
+#define DEFAULT_CPP "/usr/ccs/lib/cpp"
+#endif
+#ifdef __bsdi__
+#define DEFAULT_CPP "/usr/bin/cpp"
+#endif
+#ifdef __uxp__
+#define DEFAULT_CPP "/usr/ccs/lib/cpp"
+#endif
+#ifdef __sxg__
+#define DEFAULT_CPP "/usr/lib/cpp"
+#endif
+#ifdef _CRAY
+#define DEFAULT_CPP "/lib/pcpp"
+#endif
+#if defined(__386BSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__OpenBSD__)
+#define DEFAULT_CPP "/usr/libexec/cpp"
+#endif
+#ifdef	MACH
+#define USE_CC_E
+#endif
+#ifdef __minix_vmd
+#define DEFAULT_CPP "/usr/lib/cpp"
+#endif
+#if defined(__EMX__)
+/* expects cpp in PATH */
+#define DEFAULT_CPP "cpp"
+#endif
+
+/*
+ * Step 5:  cpp_argv
+ *     The following table contains the flags that should be passed
+ *     whenever a Makefile is being generated.  If your preprocessor 
+ *     doesn't predefine any unique symbols, choose one and add it to the
+ *     end of this table.  Then, do the following:
+ * 
+ *         a.  Use this symbol in Imake.tmpl when setting MacroFile.
+ *         b.  Put this symbol in the definition of BootstrapCFlags in your
+ *             <platform>.cf file.
+ *         c.  When doing a make World, always add "BOOTSTRAPCFLAGS=-Dsymbol" 
+ *             to the end of the command line.
+ * 
+ *     Note that you may define more than one symbol (useful for platforms 
+ *     that support multiple operating systems).
+ */
+
+#define	ARGUMENTS 50	/* number of arguments in various arrays */
+char *cpp_argv[ARGUMENTS] = {
+	"cc",		/* replaced by the actual program to exec */
+	"-I.",		/* add current directory to include path */
+#ifdef unix
+	"-Uunix",	/* remove unix symbol so that filename unix.c okay */
+#endif
+#if defined(__386BSD__) || defined(__NetBSD__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(MACH)
+# ifdef __i386__
+	"-D__i386__",
+# endif
+# ifdef __x86_64__
+	"-D__x86_64__",
+# endif
+# ifdef __GNUC__
+	"-traditional",
+# endif
+#endif
+#ifdef M4330
+	"-DM4330",	/* Tektronix */
+#endif
+#ifdef M4310
+	"-DM4310",	/* Tektronix */
+#endif
+#if defined(macII) || defined(_AUX_SOURCE)
+	"-DmacII",	/* Apple A/UX */
+#endif
+#ifdef USL
+	"-DUSL",	/* USL */
+#endif
+#ifdef sony
+	"-Dsony",	/* Sony */
+#if !defined(SYSTYPE_SYSV) && !defined(_SYSTYPE_SYSV) && NEWSOS < 42
+	"-Dbsd43",
+#endif
+#endif
+#ifdef _IBMR2
+	"-D_IBMR2",	/* IBM RS-6000 (we ensured that aix is defined above */
+#ifndef aix
+#define aix		/* allow BOOTSTRAPCFLAGS="-D_IBMR2" */
+#endif
+#endif /* _IBMR2 */
+#ifdef aix
+	"-Daix",	/* AIX instead of AOS */
+#ifndef ibm
+#define ibm		/* allow BOOTSTRAPCFLAGS="-Daix" */
+#endif
+#endif /* aix */
+#ifdef ibm
+	"-Dibm",	/* IBM PS/2 and RT under both AOS and AIX */
+#endif
+#ifdef luna
+	"-Dluna",	/* OMRON luna 68K and 88K */
+#ifdef luna1
+	"-Dluna1",
+#endif
+#ifdef luna88k		/* need not on UniOS-Mach Vers. 1.13 */
+	"-traditional", /* for some older version            */
+#endif			/* instead of "-DXCOMM=\\#"          */
+#ifdef uniosb
+	"-Duniosb",
+#endif
+#ifdef uniosu
+	"-Duniosu",
+#endif
+#endif /* luna */
+#ifdef _CRAY		/* Cray */
+	"-Ucray",
+#endif
+#ifdef Mips
+	"-DMips",	/* Define and use Mips for Mips Co. OS/mach. */
+# if defined(SYSTYPE_BSD) || defined(BSD) || defined(BSD43)
+	"-DBSD43",	/* Mips RISCOS supports two environments */
+# else
+	"-DSYSV",	/* System V environment is the default */
+# endif
+#endif /* Mips */
+#ifdef MOTOROLA
+	"-DMOTOROLA",    /* Motorola Delta Systems */
+# ifdef SYSV
+	"-DSYSV", 
+# endif
+# ifdef SVR4
+	"-DSVR4",
+# endif
+#endif /* MOTOROLA */
+#ifdef i386
+	"-Di386",
+# ifdef SVR4
+	"-DSVR4",
+# endif
+# ifdef SYSV
+	"-DSYSV",
+#  ifdef ISC
+	"-DISC",
+#   ifdef ISC40
+	"-DISC40",       /* ISC 4.0 */
+#   else
+#    ifdef ISC202
+	"-DISC202",      /* ISC 2.0.2 */
+#    else
+#     ifdef ISC30
+	"-DISC30",       /* ISC 3.0 */
+#     else
+	"-DISC22",       /* ISC 2.2.1 */
+#     endif
+#    endif
+#   endif
+#  endif
+#  ifdef SCO
+	"-DSCO",
+#   ifdef SCO324
+	"-DSCO324",
+#   endif
+#  endif
+# endif
+# ifdef ESIX
+	"-DESIX",
+# endif
+# ifdef ATT
+	"-DATT",
+# endif
+# ifdef DELL
+	"-DDELL",
+# endif
+#endif
+#ifdef SYSV386           /* System V/386 folks, obsolete */
+	"-Di386",
+# ifdef SVR4
+	"-DSVR4",
+# endif
+# ifdef ISC
+	"-DISC",
+#  ifdef ISC40
+	"-DISC40",       /* ISC 4.0 */
+#  else
+#   ifdef ISC202
+	"-DISC202",      /* ISC 2.0.2 */
+#   else
+#    ifdef ISC30
+	"-DISC30",       /* ISC 3.0 */
+#    else
+	"-DISC22",       /* ISC 2.2.1 */
+#    endif
+#   endif
+#  endif
+# endif
+# ifdef SCO
+	"-DSCO",
+#  ifdef SCO324
+	"-DSCO324",
+#  endif
+# endif
+# ifdef ESIX
+	"-DESIX",
+# endif
+# ifdef ATT
+	"-DATT",
+# endif
+# ifdef DELL
+	"-DDELL",
+# endif
+#endif
+#ifdef __osf__
+	"-D__osf__",
+# ifdef __mips__
+	"-D__mips__",
+# endif
+# ifdef __alpha
+	"-D__alpha",
+# endif
+# ifdef __i386__
+	"-D__i386__",
+# endif
+# ifdef __GNUC__
+	"-traditional",
+# endif
+#endif
+#ifdef Oki
+	"-DOki",
+#endif
+#ifdef sun
+#ifdef SVR4
+	"-DSVR4",
+#endif
+#endif
+#ifdef WIN32
+	"-DWIN32",
+	"-nologo",
+	"-batch",
+	"-D__STDC__",
+#endif
+#ifdef NCR
+	"-DNCR",	/* NCR */
+#endif
+#ifdef linux
+        "-traditional",
+        "-Dlinux",
+#endif
+#ifdef __uxp__
+	"-D__uxp__",
+#endif
+#ifdef __sxg__
+	"-D__sxg__",
+#endif
+#ifdef nec_ews_svr2
+	"-Dnec_ews_svr2",
+#endif
+#ifdef AMOEBA
+	"-DAMOEBA",
+# ifdef CROSS_COMPILE
+	"-DCROSS_COMPILE",
+#  ifdef CROSS_i80386
+	"-Di80386",
+#  endif
+#  ifdef CROSS_sparc
+	"-Dsparc",
+#  endif
+#  ifdef CROSS_mc68000
+	"-Dmc68000",
+#  endif
+# else
+#  ifdef i80386
+	"-Di80386",
+#  endif
+#  ifdef sparc
+	"-Dsparc",
+#  endif
+#  ifdef mc68000
+	"-Dmc68000",
+#  endif
+# endif
+#endif
+#ifdef __minix_vmd
+        "-Dminix",
+#endif
+
+#if defined(__EMX__)
+	"-traditional",
+	"-Demxos2",
+#endif
+
+};
+#else /* else MAKEDEPEND */
+/*
+ * Step 6:  predefs
+ *     If your compiler and/or preprocessor define any specific symbols, add
+ *     them to the the following table.  The definition of struct symtab is
+ *     in util/makedepend/def.h.
+ */
+#define QUOTEIT(x) #x
+#define QUOTEEXPANSION(x) QUOTEIT(x)
+
+struct symtab	predefs[] = {
+#ifdef apollo
+	{"apollo", "1"},
+#endif
+#ifdef ibm032
+	{"ibm032", "1"},
+#endif
+#ifdef ibm
+	{"ibm", "1"},
+#endif
+#ifdef aix
+	{"aix", "1"},
+#endif
+#ifdef sun
+	{"sun", "1"},
+#endif
+#ifdef sun2
+	{"sun2", "1"},
+#endif
+#ifdef sun3
+	{"sun3", "1"},
+#endif
+#ifdef sun4
+	{"sun4", "1"},
+#endif
+#ifdef sparc
+	{"sparc", "1"},
+#endif
+#ifdef __sparc__
+	{"__sparc__", "1"},
+#endif
+#ifdef hpux
+	{"hpux", "1"},
+#endif
+#ifdef __hpux
+	{"__hpux", "1"},
+#endif
+#ifdef __hp9000s800
+	{"__hp9000s800", "1"},
+#endif
+#ifdef __hp9000s700
+	{"__hp9000s700", "1"},
+#endif
+#ifdef vax
+	{"vax", "1"},
+#endif
+#ifdef VMS
+	{"VMS", "1"},
+#endif
+#ifdef cray
+	{"cray", "1"},
+#endif
+#ifdef CRAY
+	{"CRAY", "1"},
+#endif
+#ifdef _CRAY
+	{"_CRAY", "1"},
+#endif
+#ifdef att
+	{"att", "1"},
+#endif
+#ifdef mips
+	{"mips", "1"},
+#endif
+#ifdef __mips__
+	{"__mips__", "1"},
+#endif
+#ifdef ultrix
+	{"ultrix", "1"},
+#endif
+#ifdef stellar
+	{"stellar", "1"},
+#endif
+#ifdef mc68000
+	{"mc68000", "1"},
+#endif
+#ifdef mc68020
+	{"mc68020", "1"},
+#endif
+#ifdef __GNUC__
+	{"__GNUC__", "1"},
+#endif
+#if __STDC__
+	{"__STDC__", "1"},
+#endif
+#ifdef __HIGHC__
+	{"__HIGHC__", "1"},
+#endif
+#ifdef CMU
+	{"CMU", "1"},
+#endif
+#ifdef luna
+	{"luna", "1"},
+#ifdef luna1
+	{"luna1", "1"},
+#endif
+#ifdef luna2
+	{"luna2", "1"},
+#endif
+#ifdef luna88k
+	{"luna88k", "1"},
+#endif
+#ifdef uniosb
+	{"uniosb", "1"},
+#endif
+#ifdef uniosu
+	{"uniosu", "1"},
+#endif
+#endif
+#ifdef ieeep754
+	{"ieeep754", "1"},
+#endif
+#ifdef is68k
+	{"is68k", "1"},
+#endif
+#ifdef m68k
+        {"m68k", "1"},
+#endif
+#ifdef m88k
+        {"m88k", "1"},
+#endif
+#ifdef __m88k__
+	{"__m88k__", "1"},
+#endif
+#ifdef bsd43
+	{"bsd43", "1"},
+#endif
+#ifdef hcx
+	{"hcx", "1"},
+#endif
+#ifdef sony
+	{"sony", "1"},
+#ifdef SYSTYPE_SYSV
+	{"SYSTYPE_SYSV", "1"},
+#endif
+#ifdef _SYSTYPE_SYSV
+	{"_SYSTYPE_SYSV", "1"},
+#endif
+#endif
+#ifdef __OSF__
+	{"__OSF__", "1"},
+#endif
+#ifdef __osf__
+	{"__osf__", "1"},
+#endif
+#ifdef __alpha
+	{"__alpha", "1"},
+#endif
+#ifdef __DECC
+	{"__DECC",  "1"},
+#endif
+#ifdef __decc
+	{"__decc",  "1"},
+#endif
+#ifdef __uxp__
+	{"__uxp__", "1"},
+#endif
+#ifdef __sxg__
+	{"__sxg__", "1"},
+#endif
+#ifdef _SEQUENT_
+	{"_SEQUENT_", "1"},
+	{"__STDC__", "1"},
+#endif
+#ifdef __bsdi__
+	{"__bsdi__", "1"},
+#endif
+#ifdef nec_ews_svr2
+	{"nec_ews_svr2", "1"},
+#endif
+#ifdef nec_ews_svr4
+	{"nec_ews_svr4", "1"},
+#endif
+#ifdef _nec_ews_svr4
+	{"_nec_ews_svr4", "1"},
+#endif
+#ifdef _nec_up
+	{"_nec_up", "1"},
+#endif
+#ifdef SX
+	{"SX", "1"},
+#endif
+#ifdef nec
+	{"nec", "1"},
+#endif
+#ifdef _nec_ft
+	{"_nec_ft", "1"},
+#endif
+#ifdef PC_UX
+	{"PC_UX", "1"},
+#endif
+#ifdef sgi
+	{"sgi", "1"},
+#endif
+#ifdef __sgi
+	{"__sgi", "1"},
+#endif
+#ifdef __FreeBSD__
+	{"__FreeBSD__", "1"},
+#endif
+#ifdef __NetBSD__
+	{"__NetBSD__", "1"},
+#endif
+#ifdef __OpenBSD__
+	{"__OpenBSD__", "1"},
+#endif
+#ifdef __EMX__
+	{"__EMX__", "1"},
+#endif
+	/* ADDED THE FOLLOWING SYMBOLS FOR WINDOWS */
+#ifdef _WIN32
+	{"_WIN32", QUOTEEXPANSION(_WIN32) },
+#endif
+#ifdef _WIN64
+	{"_WIN64", QUOTEEXPANSION(_WIN64) },
+#endif
+#ifdef _X86
+	{"_X86", QUOTEEXPANSION(_X86) },
+#endif
+#ifdef _X86_
+	{"_X86_", QUOTEEXPANSION(_X86_) },
+#endif
+#ifdef _X86_64
+	{"_X86_64", QUOTEEXPANSION(_X86_64) },
+#endif
+#ifdef _X86_64_
+	{"_X86_64_", QUOTEEXPANSION(_X86_64_) },
+#endif
+#ifdef _DEBUG
+	{"_DEBUG", QUOTEEXPANSION(_DEBUG) },
+#endif
+#ifdef _DLL
+	{"_DLL", QUOTEEXPANSION(_DLL) },
+#endif
+#ifdef _M_IX86
+	{"_M_IX86", QUOTEEXPANSION(_M_IX86) },
+#endif
+#ifdef _M_X64
+	{"_M_X64", QUOTEEXPANSION(_M_X64) },
+#endif
+#ifdef _MSC_FULL_VER
+	{"_MSC_FULL_VER", QUOTEEXPANSION(_MSC_FULL_VER) },
+#endif
+#ifdef _MSC_VER
+	{"_MSC_VER", QUOTEEXPANSION(_MSC_VER) },
+#endif
+#ifdef _MSVC_RUNTIME_CHECKS
+	{"_MSVC_RUNTIME_CHECKS", QUOTEEXPANSION(_MSVC_RUNTIME_CHECKS) },
+#endif
+#ifdef _MT
+	{"_MT", QUOTEEXPANSION(_MT) },
+#endif
+#ifdef _CHAR_UNSIGNED
+	{"_CHAR_UNSIGNED", QUOTEEXPANSION(_CHAR_UNSIGNED) },
+#endif
+	/* add any additional symbols before this line */
+	{NULL, NULL}
+};
+
+#endif /* MAKEDEPEND */
+#endif /* CCIMAKE */
diff --git a/nss/coreconf/mkdepend/include.c b/nss/coreconf/mkdepend/include.c
new file mode 100644
index 0000000..3b89f26
--- /dev/null
+++ b/nss/coreconf/mkdepend/include.c
@@ -0,0 +1,337 @@
+/* $Xorg: include.c,v 1.4 2001/02/09 02:03:16 xorgcvs Exp $ */
+/*
+
+Copyright (c) 1993, 1994, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+/* $XFree86: xc/config/makedepend/include.c,v 3.7 2001/12/14 19:53:20 dawes Exp $ */
+
+
+#include "def.h"
+
+#ifdef _MSC_VER
+#include <windows.h>
+static int
+does_file_exist(char *file)
+{
+  WIN32_FILE_ATTRIBUTE_DATA data;
+  BOOL b = GetFileAttributesExA(file, GetFileExInfoStandard, &data);
+  if (!b)
+    return 0;
+  return (data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == 0;
+}
+#else
+static int
+does_file_exist(char *file)
+{
+  struct stat sb;
+  return stat(file, &sb) == 0 && !S_ISDIR(sb.st_mode);
+}
+#endif
+
+extern struct	inclist	inclist[ MAXFILES ],
+			*inclistp, *inclistnext;
+extern char	*includedirs[ ],
+		**includedirsnext;
+extern char	*notdotdot[ ];
+extern boolean show_where_not;
+extern boolean warn_multiple;
+
+static boolean
+isdot(char *p)
+{
+	if(p && *p++ == '.' && *p++ == '\0')
+		return(TRUE);
+	return(FALSE);
+}
+
+static boolean
+isdotdot(char *p)
+{
+	if(p && *p++ == '.' && *p++ == '.' && *p++ == '\0')
+		return(TRUE);
+	return(FALSE);
+}
+
+static boolean
+issymbolic(char *dir, char *component)
+{
+#ifdef S_IFLNK
+	struct stat	st;
+	char	buf[ BUFSIZ ], **pp;
+
+	sprintf(buf, "%s%s%s", dir, *dir ? "/" : "", component);
+	for (pp=notdotdot; *pp; pp++)
+		if (strcmp(*pp, buf) == 0)
+			return (TRUE);
+	if (lstat(buf, &st) == 0
+	&& (st.st_mode & S_IFMT) == S_IFLNK) {
+		*pp++ = copy(buf);
+		if (pp >= &notdotdot[ MAXDIRS ])
+			fatalerr("out of .. dirs, increase MAXDIRS\n");
+		return(TRUE);
+	}
+#endif
+	return(FALSE);
+}
+
+/*
+ * Occasionally, pathnames are created that look like .../x/../y
+ * Any of the 'x/..' sequences within the name can be eliminated.
+ * (but only if 'x' is not a symbolic link!!)
+ */
+static void
+remove_dotdot(char *path)
+{
+	register char	*end, *from, *to, **cp;
+	char		*components[ MAXFILES ],
+			newpath[ BUFSIZ ];
+	boolean		component_copied;
+
+	/*
+	 * slice path up into components.
+	 */
+	to = newpath;
+	if (*path == '/')
+		*to++ = '/';
+	*to = '\0';
+	cp = components;
+	for (from=end=path; *end; end++)
+		if (*end == '/') {
+			while (*end == '/')
+				*end++ = '\0';
+			if (*from)
+				*cp++ = from;
+			from = end;
+		}
+	*cp++ = from;
+	*cp = NULL;
+
+	/*
+	 * Recursively remove all 'x/..' component pairs.
+	 */
+	cp = components;
+	while(*cp) {
+		if (!isdot(*cp) && !isdotdot(*cp) && isdotdot(*(cp+1))
+		    && !issymbolic(newpath, *cp))
+		{
+		    char **fp = cp + 2;
+		    char **tp = cp;
+
+		    do 
+			*tp++ = *fp; /* move all the pointers down */
+		    while (*fp++);
+		    if (cp != components)
+			cp--;	/* go back and check for nested ".." */
+		} else {
+		    cp++;
+		}
+	}
+	/*
+	 * Concatenate the remaining path elements.
+	 */
+	cp = components;
+	component_copied = FALSE;
+	while(*cp) {
+		if (component_copied)
+			*to++ = '/';
+		component_copied = TRUE;
+		for (from = *cp; *from; )
+			*to++ = *from++;
+		*to = '\0';
+		cp++;
+	}
+	*to++ = '\0';
+
+	/*
+	 * copy the reconstituted path back to our pointer.
+	 */
+	strcpy(path, newpath);
+}
+
+/*
+ * Add an include file to the list of those included by 'file'.
+ */
+struct inclist *
+newinclude(char *newfile, char *incstring)
+{
+	register struct inclist	*ip;
+
+	/*
+	 * First, put this file on the global list of include files.
+	 */
+	ip = inclistp++;
+	if (inclistp == inclist + MAXFILES - 1)
+		fatalerr("out of space: increase MAXFILES\n");
+	ip->i_file = copy(newfile);
+
+	if (incstring == NULL)
+		ip->i_incstring = ip->i_file;
+	else
+		ip->i_incstring = copy(incstring);
+
+	inclistnext = inclistp;
+	return(ip);
+}
+
+void
+included_by(struct inclist *ip, struct inclist *newfile)
+{
+	register int i;
+
+	if (ip == NULL)
+		return;
+	/*
+	 * Put this include file (newfile) on the list of files included
+	 * by 'file'.  If 'file' is NULL, then it is not an include
+	 * file itself (i.e. was probably mentioned on the command line).
+	 * If it is already on the list, don't stick it on again.
+	 */
+	if (ip->i_list == NULL) {
+		ip->i_list = (struct inclist **)
+			malloc(sizeof(struct inclist *) * ++ip->i_listlen);
+		ip->i_merged = (boolean *)
+		    malloc(sizeof(boolean) * ip->i_listlen);
+	} else {
+		for (i=0; i<ip->i_listlen; i++)
+			if (ip->i_list[ i ] == newfile) {
+			    i = strlen(newfile->i_file);
+			    if (!(ip->i_flags & INCLUDED_SYM) &&
+				!(i > 2 &&
+				  newfile->i_file[i-1] == 'c' &&
+				  newfile->i_file[i-2] == '.'))
+			    {
+				/* only bitch if ip has */
+				/* no #include SYMBOL lines  */
+				/* and is not a .c file */
+				if (warn_multiple)
+				{
+					warning("%s includes %s more than once!\n",
+						ip->i_file, newfile->i_file);
+					warning1("Already have\n");
+					for (i=0; i<ip->i_listlen; i++)
+						warning1("\t%s\n", ip->i_list[i]->i_file);
+				}
+			    }
+			    return;
+			}
+		ip->i_list = (struct inclist **) realloc(ip->i_list,
+			sizeof(struct inclist *) * ++ip->i_listlen);
+		ip->i_merged = (boolean *)
+		    realloc(ip->i_merged, sizeof(boolean) * ip->i_listlen);
+	}
+	ip->i_list[ ip->i_listlen-1 ] = newfile;
+	ip->i_merged[ ip->i_listlen-1 ] = FALSE;
+}
+
+void
+inc_clean (void)
+{
+	register struct inclist *ip;
+
+	for (ip = inclist; ip < inclistp; ip++) {
+		ip->i_flags &= ~MARKED;
+	}
+}
+
+struct inclist *
+inc_path(char *file, char *include, int type)
+{
+	static char		path[ BUFSIZ ];
+	register char		**pp, *p;
+	register struct inclist	*ip;
+
+	/*
+	 * Check all previously found include files for a path that
+	 * has already been expanded.
+	 */
+	if ((type == INCLUDE) || (type == INCLUDEDOT))
+		inclistnext = inclist;
+	ip = inclistnext;
+
+	for (; ip->i_file; ip++) {
+		if ((strcmp(ip->i_incstring, include) == 0) &&
+		    !(ip->i_flags & INCLUDED_SYM)) {
+			inclistnext = ip + 1;
+			return ip;
+		}
+	}
+
+	if (inclistnext == inclist) {
+		/*
+		 * If the path was surrounded by "" or is an absolute path,
+		 * then check the exact path provided.
+		 */
+		if ((type == INCLUDEDOT) ||
+		    (type == INCLUDENEXTDOT) ||
+		    (*include == '/')) {
+			if (does_file_exist(include))
+				return newinclude(include, include);
+			if (show_where_not)
+				warning1("\tnot in %s\n", include);
+		}
+
+		/*
+		 * If the path was surrounded by "" see if this include file is
+		 * in the directory of the file being parsed.
+		 */
+		if ((type == INCLUDEDOT) || (type == INCLUDENEXTDOT)) {
+			for (p=file+strlen(file); p>file; p--)
+				if (*p == '/')
+					break;
+			if (p == file) {
+				strcpy(path, include);
+			} else {
+				strncpy(path, file, (p-file) + 1);
+				path[ (p-file) + 1 ] = '\0';
+				strcpy(path + (p-file) + 1, include);
+			}
+			remove_dotdot(path);
+			if (does_file_exist(path))
+				return newinclude(path, include);
+			if (show_where_not)
+				warning1("\tnot in %s\n", path);
+		}
+	}
+
+	/*
+	 * Check the include directories specified.  Standard include dirs
+	 * should be at the end.
+	 */
+	if ((type == INCLUDE) || (type == INCLUDEDOT))
+		includedirsnext = includedirs;
+	pp = includedirsnext;
+
+	for (; *pp; pp++) {
+		sprintf(path, "%s/%s", *pp, include);
+		remove_dotdot(path);
+		if (does_file_exist(path)) {
+			includedirsnext = pp + 1;
+			return newinclude(path, include);
+		}
+		if (show_where_not)
+			warning1("\tnot in %s\n", path);
+	}
+
+	return NULL;
+}
diff --git a/nss/coreconf/mkdepend/main.c b/nss/coreconf/mkdepend/main.c
new file mode 100644
index 0000000..d5485f7
--- /dev/null
+++ b/nss/coreconf/mkdepend/main.c
@@ -0,0 +1,870 @@
+/* $Xorg: main.c,v 1.5 2001/02/09 02:03:16 xorgcvs Exp $ */
+/*
+
+Copyright (c) 1993, 1994, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+/* $XFree86: xc/config/makedepend/main.c,v 3.32 2003/03/26 20:43:48 tsi Exp $ */
+
+#include "def.h"
+#ifdef hpux
+#define sigvec sigvector
+#endif /* hpux */
+
+#ifdef X_POSIX_C_SOURCE
+#define _POSIX_C_SOURCE X_POSIX_C_SOURCE
+#include <signal.h>
+#undef _POSIX_C_SOURCE
+#else
+#if defined(X_NOT_POSIX) || defined(_POSIX_SOURCE)
+#include <signal.h>
+#else
+#define _POSIX_SOURCE
+#include <signal.h>
+#undef _POSIX_SOURCE
+#endif
+#endif
+
+#include <stdarg.h>
+#ifdef _WIN32
+#include <io.h>
+#endif
+
+#ifdef MINIX
+#define USE_CHMOD	1
+#endif
+
+#ifdef DEBUG
+int	_debugmask;
+#endif
+
+/* #define DEBUG_DUMP */
+#ifdef DEBUG_DUMP
+#define DBG_PRINT(file, fmt, args)   fprintf(file, fmt, args)
+#else
+#define DBG_PRINT(file, fmt, args)   /* empty */
+#endif
+
+#define DASH_INC_PRE    "#include \""
+#define DASH_INC_POST   "\""
+
+char *ProgramName;
+
+char	*directives[] = {
+	"if",
+	"ifdef",
+	"ifndef",
+	"else",
+	"endif",
+	"define",
+	"undef",
+	"include",
+	"line",
+	"pragma",
+	"error",
+	"ident",
+	"sccs",
+	"elif",
+	"eject",
+	"warning",
+	"include_next",
+	NULL
+};
+
+#define MAKEDEPEND
+#include "imakemdep.h"	/* from config sources */
+#undef MAKEDEPEND
+
+struct	inclist inclist[ MAXFILES ],
+		*inclistp = inclist,
+		*inclistnext = inclist,
+		maininclist;
+
+static char	*filelist[ MAXFILES ];
+char		*includedirs[ MAXDIRS + 1 ],
+		**includedirsnext = includedirs;
+char		*notdotdot[ MAXDIRS ];
+static int	cmdinc_count = 0;
+static char	*cmdinc_list[ 2 * MAXINCFILES ];
+char		*objprefix = "";
+char		*objsuffix = OBJSUFFIX;
+static char	*startat = "# DO NOT DELETE";
+int		width = 78;
+static boolean	append = FALSE;
+boolean		printed = FALSE;
+boolean		verbose = FALSE;
+boolean		show_where_not = FALSE;
+/* Warn on multiple includes of same file */
+boolean 	warn_multiple = FALSE;
+
+static void setfile_cmdinc(struct filepointer *filep, long count, char **list);
+static void redirect(char *line, char *makefile);
+
+static
+#ifdef SIGNALRETURNSINT
+int
+#else
+void
+#endif
+catch (int sig)
+{
+	fflush (stdout);
+	fatalerr ("got signal %d\n", sig);
+}
+
+#if defined(USG) || (defined(i386) && defined(SYSV)) || defined(WIN32) || defined(__UNIXOS2__) || defined(Lynx_22) || defined(__CYGWIN__)
+#define USGISH
+#endif
+
+#ifndef USGISH
+#ifdef X_NOT_POSIX
+#define sigaction sigvec
+#define sa_handler sv_handler
+#define sa_mask sv_mask
+#define sa_flags sv_flags
+#endif
+struct sigaction sig_act;
+#endif /* USGISH */
+
+int
+main(int argc, char *argv[])
+{
+	char	**fp = filelist;
+	char	**incp = includedirs;
+	char	*p;
+	struct inclist	*ip;
+	char	*makefile = NULL;
+	struct filepointer	*filecontent;
+	struct symtab *psymp = predefs;
+	char *endmarker = NULL;
+	char *defincdir = NULL;
+	char **undeflist = NULL;
+	int numundefs = 0, i;
+	register char offset;
+
+	ProgramName = argv[0];
+
+	while (psymp->s_name)
+	{
+	    define2(psymp->s_name, psymp->s_value, &maininclist);
+	    psymp++;
+	}
+	if (argc == 2 && argv[1][0] == '@') {
+	    struct stat ast;
+	    int afd;
+	    char *args;
+	    char **nargv;
+	    int nargc;
+	    char quotechar = '\0';
+
+	    nargc = 1;
+	    if ((afd = open(argv[1]+1, O_RDONLY)) < 0)
+		fatalerr("cannot open \"%s\"\n", argv[1]+1);
+	    fstat(afd, &ast);
+	    args = (char *)malloc(ast.st_size + 1);
+	    if ((ast.st_size = read(afd, args, ast.st_size)) < 0)
+		fatalerr("failed to read %s\n", argv[1]+1);
+	    args[ast.st_size] = '\0';
+	    close(afd);
+	    for (p = args; *p; p++) {
+		if (quotechar) {
+		    if (quotechar == '\\' ||
+			(*p == quotechar && p[-1] != '\\'))
+			quotechar = '\0';
+		    continue;
+		}
+		switch (*p) {
+		case '\\':
+		case '"':
+		case '\'':
+		    quotechar = *p;
+		    break;
+		case ' ':
+		case '\n':
+		    *p = '\0';
+		    if (p > args && p[-1])
+			nargc++;
+		    break;
+		}
+	    }
+	    if (p[-1])
+		nargc++;
+	    nargv = (char **)malloc(nargc * sizeof(char *));
+	    nargv[0] = argv[0];
+	    argc = 1;
+	    for (p = args; argc < nargc; p += strlen(p) + 1)
+		if (*p) nargv[argc++] = p;
+	    argv = nargv;
+	}
+	for(argc--, argv++; argc; argc--, argv++) {
+	    	/* if looking for endmarker then check before parsing */
+		if (endmarker && strcmp (endmarker, *argv) == 0) {
+		    endmarker = NULL;
+		    continue;
+		}
+		if (**argv != '-') {
+			/* treat +thing as an option for C++ */
+			if (endmarker && **argv == '+')
+				continue;
+			*fp++ = argv[0];
+			continue;
+		}
+		switch(argv[0][1]) {
+		case '-':
+			endmarker = &argv[0][2];
+			if (endmarker[0] == '\0') endmarker = "--";
+			break;
+		case 'D':
+			offset = 2;
+			if (argv[0][2] == '\0') {
+				argv++;
+				argc--;
+				offset = 0;
+			}
+			/* offset +1 here since first def letter
+			 * cannot be `=`
+			 */
+			for (p = argv[0] + offset + 1; *p; p++)
+				if (*p == '=') {
+					*p = ' ';
+					break;
+				}
+			define(argv[0] + offset, &maininclist);
+			break;
+		case 'I':
+			if (incp >= includedirs + MAXDIRS)
+			    fatalerr("Too many -I flags.\n");
+			*incp++ = argv[0]+2;
+			if (**(incp-1) == '\0') {
+				*(incp-1) = *(++argv);
+				argc--;
+			}
+			break;
+		case 'U':
+			/* Undef's override all -D's so save them up */
+			numundefs++;
+			if (numundefs == 1)
+			    undeflist = malloc(sizeof(char *));
+			else
+			    undeflist = realloc(undeflist,
+						numundefs * sizeof(char *));
+			offset = 2;
+			if (argv[0][2] == '\0') {
+				argv++;
+				argc--;
+				offset = 0;
+			}
+			undeflist[numundefs - 1] = argv[0] + offset;
+			break;
+		case 'Y':
+			defincdir = argv[0]+2;
+			break;
+		/* do not use if endmarker processing */
+		case 'a':
+			if (endmarker) break;
+			append = TRUE;
+			break;
+		case 'w':
+			if (endmarker) break;
+			if (argv[0][2] == '\0') {
+				argv++;
+				argc--;
+				width = atoi(argv[0]);
+			} else
+				width = atoi(argv[0]+2);
+			break;
+		case 'o':
+			if (endmarker) break;
+			if (argv[0][2] == '\0') {
+				argv++;
+				argc--;
+				objsuffix = argv[0];
+			} else
+				objsuffix = argv[0]+2;
+			break;
+		case 'p':
+			if (endmarker) break;
+			if (argv[0][2] == '\0') {
+				argv++;
+				argc--;
+				objprefix = argv[0];
+			} else
+				objprefix = argv[0]+2;
+			break;
+		case 'v':
+			if (endmarker) break;
+			verbose = TRUE;
+#ifdef DEBUG
+			if (argv[0][2])
+				_debugmask = atoi(argv[0]+2);
+#endif
+			break;
+		case 's':
+			if (endmarker) break;
+			startat = argv[0]+2;
+			if (*startat == '\0') {
+				startat = *(++argv);
+				argc--;
+			}
+			if (*startat != '#')
+				fatalerr("-s flag's value should start %s\n",
+					"with '#'.");
+			break;
+		case 'f':
+			if (endmarker) break;
+			makefile = argv[0]+2;
+			if (*makefile == '\0') {
+				makefile = *(++argv);
+				argc--;
+			}
+			break;
+
+		case 'm':
+			warn_multiple = TRUE;
+			break;
+			
+		/* Ignore -O, -g so we can just pass ${CFLAGS} to
+		   makedepend
+		 */
+		case 'O':
+		case 'g':
+			break;
+		case 'i':
+			if (strcmp(&argv[0][1],"include") == 0) {
+				char *buf;
+				if (argc<2)
+					fatalerr("option -include is a "
+						 "missing its parameter\n");
+				if (cmdinc_count >= MAXINCFILES)
+					fatalerr("Too many -include flags.\n");
+				argc--;
+				argv++;
+				buf = malloc(strlen(DASH_INC_PRE) +
+					     strlen(argv[0]) +
+					     strlen(DASH_INC_POST) + 1);
+                		if(!buf)
+					fatalerr("out of memory at "
+						 "-include string\n");
+				cmdinc_list[2 * cmdinc_count + 0] = argv[0];
+				cmdinc_list[2 * cmdinc_count + 1] = buf;
+				cmdinc_count++;
+				break;
+			}
+			/* intentional fall through */
+		default:
+			if (endmarker) break;
+	/*		fatalerr("unknown opt = %s\n", argv[0]); */
+			warning("ignoring option %s\n", argv[0]);
+		}
+	}
+	/* Now do the undefs from the command line */
+	for (i = 0; i < numundefs; i++)
+	    undefine(undeflist[i], &maininclist);
+	if (numundefs > 0)
+	    free(undeflist);
+
+	if (!defincdir) {
+#ifdef PREINCDIR
+	    if (incp >= includedirs + MAXDIRS)
+		fatalerr("Too many -I flags.\n");
+	    *incp++ = PREINCDIR;
+#endif
+#if defined(__UNIXOS2__) || defined(_MSC_VER)
+	    {
+#if defined(_MSC_VER)
+		char *includepath = getenv("INCLUDE");
+#else
+		char *includepath = getenv("C_INCLUDE_PATH");
+#endif
+		/* can have more than one component */
+		if (includepath) {
+		    char *beg, *end;
+		    beg= (char*)strdup(includepath);
+		    for (;;) {
+			end = (char*)strchr(beg,';');
+			if (end) *end = 0;
+		    	if (incp >= includedirs + MAXDIRS)
+				fatalerr("Too many include dirs\n");
+			*incp++ = beg;
+			if (!end) break;
+			beg = end+1;
+		    }
+		}
+	    }
+#else /* !__UNIXOS2__ && !_MSC_VER, does not use INCLUDEDIR at all */
+	    if (incp >= includedirs + MAXDIRS)
+		fatalerr("Too many -I flags.\n");
+	    *incp++ = INCLUDEDIR;
+#endif
+
+#ifdef EXTRAINCDIR
+	    if (incp >= includedirs + MAXDIRS)
+		fatalerr("Too many -I flags.\n");
+	    *incp++ = EXTRAINCDIR;
+#endif
+
+#ifdef POSTINCDIR
+	    if (incp >= includedirs + MAXDIRS)
+		fatalerr("Too many -I flags.\n");
+	    *incp++ = POSTINCDIR;
+#endif
+	} else if (*defincdir) {
+	    if (incp >= includedirs + MAXDIRS)
+		fatalerr("Too many -I flags.\n");
+	    *incp++ = defincdir;
+	}
+
+	redirect(startat, makefile);
+
+	/*
+	 * catch signals.
+	 */
+#ifdef USGISH
+/*  should really reset SIGINT to SIG_IGN if it was.  */
+#ifdef SIGHUP
+	signal (SIGHUP, catch);
+#endif
+	signal (SIGINT, catch);
+#ifdef SIGQUIT
+	signal (SIGQUIT, catch);
+#endif
+	signal (SIGILL, catch);
+#ifdef SIGBUS
+	signal (SIGBUS, catch);
+#endif
+	signal (SIGSEGV, catch);
+#ifdef SIGSYS
+	signal (SIGSYS, catch);
+#endif
+#else
+	sig_act.sa_handler = catch;
+#if defined(_POSIX_SOURCE) || !defined(X_NOT_POSIX)
+	sigemptyset(&sig_act.sa_mask);
+	sigaddset(&sig_act.sa_mask, SIGINT);
+	sigaddset(&sig_act.sa_mask, SIGQUIT);
+#ifdef SIGBUS
+	sigaddset(&sig_act.sa_mask, SIGBUS);
+#endif
+	sigaddset(&sig_act.sa_mask, SIGILL);
+	sigaddset(&sig_act.sa_mask, SIGSEGV);
+	sigaddset(&sig_act.sa_mask, SIGHUP);
+	sigaddset(&sig_act.sa_mask, SIGPIPE);
+#ifdef SIGSYS
+	sigaddset(&sig_act.sa_mask, SIGSYS);
+#endif
+#else
+	sig_act.sa_mask = ((1<<(SIGINT -1))
+			   |(1<<(SIGQUIT-1))
+#ifdef SIGBUS
+			   |(1<<(SIGBUS-1))
+#endif
+			   |(1<<(SIGILL-1))
+			   |(1<<(SIGSEGV-1))
+			   |(1<<(SIGHUP-1))
+			   |(1<<(SIGPIPE-1))
+#ifdef SIGSYS
+			   |(1<<(SIGSYS-1))
+#endif
+			   );
+#endif /* _POSIX_SOURCE */
+	sig_act.sa_flags = 0;
+	sigaction(SIGHUP, &sig_act, (struct sigaction *)0);
+	sigaction(SIGINT, &sig_act, (struct sigaction *)0);
+	sigaction(SIGQUIT, &sig_act, (struct sigaction *)0);
+	sigaction(SIGILL, &sig_act, (struct sigaction *)0);
+#ifdef SIGBUS
+	sigaction(SIGBUS, &sig_act, (struct sigaction *)0);
+#endif
+	sigaction(SIGSEGV, &sig_act, (struct sigaction *)0);
+#ifdef SIGSYS
+	sigaction(SIGSYS, &sig_act, (struct sigaction *)0);
+#endif
+#endif /* USGISH */
+
+	/*
+	 * now peruse through the list of files.
+	 */
+	for(fp=filelist; *fp; fp++) {
+		DBG_PRINT(stderr,"file: %s\n",*fp);
+		filecontent = getfile(*fp);
+		setfile_cmdinc(filecontent, cmdinc_count, cmdinc_list);
+		ip = newinclude(*fp, (char *)NULL);
+
+		find_includes(filecontent, ip, ip, 0, FALSE);
+		freefile(filecontent);
+		recursive_pr_include(ip, ip->i_file, base_name(*fp));
+		inc_clean();
+	}
+	if (printed)
+		printf("\n");
+	return 0;
+}
+
+#ifdef __UNIXOS2__
+/*
+ * eliminate \r chars from file
+ */
+static int 
+elim_cr(char *buf, int sz)
+{
+	int i,wp;
+	for (i= wp = 0; i<sz; i++) {
+		if (buf[i] != '\r')
+			buf[wp++] = buf[i];
+	}
+	return wp;
+}
+#endif
+
+struct filepointer *
+getfile(char *file)
+{
+	int	fd;
+	struct filepointer	*content;
+	struct stat	st;
+
+	content = (struct filepointer *)malloc(sizeof(struct filepointer));
+	content->f_name = file;
+	if ((fd = open(file, O_RDONLY)) < 0) {
+		warning("cannot open \"%s\"\n", file);
+		content->f_p = content->f_base = content->f_end = (char *)malloc(1);
+		*content->f_p = '\0';
+		return(content);
+	}
+	fstat(fd, &st);
+	content->f_base = (char *)malloc(st.st_size+1);
+	if (content->f_base == NULL)
+		fatalerr("cannot allocate mem\n");
+	if ((st.st_size = read(fd, content->f_base, st.st_size)) < 0)
+		fatalerr("failed to read %s\n", file);
+#ifdef __UNIXOS2__
+	st.st_size = elim_cr(content->f_base,st.st_size);
+#endif
+	close(fd);
+	content->f_len = st.st_size+1;
+	content->f_p = content->f_base;
+	content->f_end = content->f_base + st.st_size;
+	*content->f_end = '\0';
+	content->f_line = 0;
+	content->cmdinc_count = 0;
+	content->cmdinc_list = NULL;
+	content->cmdinc_line = 0;
+	return(content);
+}
+
+void
+setfile_cmdinc(struct filepointer* filep, long count, char** list)
+{
+	filep->cmdinc_count = count;
+	filep->cmdinc_list = list;
+	filep->cmdinc_line = 0;
+}
+
+void
+freefile(struct filepointer *fp)
+{
+	free(fp->f_base);
+	free(fp);
+}
+
+char *copy(char *str)
+{
+	char	*p = (char *)malloc(strlen(str) + 1);
+
+	strcpy(p, str);
+	return(p);
+}
+
+int
+match(char *str, char **list)
+{
+	int	i;
+
+	for (i=0; *list; i++, list++)
+		if (strcmp(str, *list) == 0)
+			return(i);
+	return(-1);
+}
+
+/*
+ * Get the next line.  We only return lines beginning with '#' since that
+ * is all this program is ever interested in.
+ */
+char *getnextline(struct filepointer *filep)
+{
+	char	*p,	/* walking pointer */
+		*eof,	/* end of file pointer */
+		*bol;	/* beginning of line pointer */
+	int	lineno;	/* line number */
+	boolean whitespace = FALSE;
+
+	/*
+	 * Fake the "-include" line files in form of #include to the
+	 * start of each file.
+	 */
+	if (filep->cmdinc_line < filep->cmdinc_count) {
+		char *inc = filep->cmdinc_list[2 * filep->cmdinc_line + 0];
+		char *buf = filep->cmdinc_list[2 * filep->cmdinc_line + 1];
+		filep->cmdinc_line++;
+		sprintf(buf,"%s%s%s",DASH_INC_PRE,inc,DASH_INC_POST);
+		DBG_PRINT(stderr,"%s\n",buf);
+		return(buf);
+	}
+
+	p = filep->f_p;
+	eof = filep->f_end;
+	if (p >= eof)
+		return((char *)NULL);
+	lineno = filep->f_line;
+
+	for (bol = p--; ++p < eof; ) {
+		if ((bol == p) && ((*p == ' ') || (*p == '\t')))
+		{
+			/* Consume leading white-spaces for this line */
+			while (((p+1) < eof) && ((*p == ' ') || (*p == '\t')))
+			{
+				p++;
+				bol++;
+			}
+			whitespace = TRUE;
+		}
+        
+		if (*p == '/' && (p+1) < eof && *(p+1) == '*') {
+			/* Consume C comments */
+			*(p++) = ' ';
+			*(p++) = ' ';
+			while (p < eof && *p) {
+				if (*p == '*' && (p+1) < eof && *(p+1) == '/') {
+					*(p++) = ' ';
+					*(p++) = ' ';
+					break;
+				}
+				if (*p == '\n')
+					lineno++;
+				*(p++) = ' ';
+			}
+			--p;
+		}
+		else if (*p == '/' && (p+1) < eof && *(p+1) == '/') {
+			/* Consume C++ comments */
+			*(p++) = ' ';
+			*(p++) = ' ';
+			while (p < eof && *p) {
+				if (*p == '\\' && (p+1) < eof &&
+				    *(p+1) == '\n') {
+					*(p++) = ' ';
+					lineno++;
+				}
+				else if (*p == '?' && (p+3) < eof &&
+					 *(p+1) == '?' && 
+					 *(p+2) == '/' &&
+					 *(p+3) == '\n') {
+					*(p++) = ' ';
+					*(p++) = ' ';
+					*(p++) = ' ';
+					lineno++;
+				}
+				else if (*p == '\n')
+					break;	/* to process end of line */
+				*(p++) = ' ';
+			}
+			--p;
+		}
+		else if (*p == '\\' && (p+1) < eof && *(p+1) == '\n') {
+			/* Consume backslash line terminations */
+			*(p++) = ' ';
+			*p = ' ';
+			lineno++;
+		}
+		else if (*p == '?' && (p+3) < eof &&
+			 *(p+1) == '?' && *(p+2) == '/' && *(p+3) == '\n') {
+			/* Consume trigraph'ed backslash line terminations */
+			*(p++) = ' ';
+			*(p++) = ' ';
+			*(p++) = ' ';
+			*p = ' ';
+			lineno++;
+		}
+		else if (*p == '\n') {
+			lineno++;
+			if (*bol == '#') {
+				char *cp;
+
+				*(p++) = '\0';
+				/* punt lines with just # (yacc generated) */
+				for (cp = bol+1; 
+				     *cp && (*cp == ' ' || *cp == '\t'); cp++);
+				if (*cp) goto done;
+				--p;
+			}
+			bol = p+1;
+			whitespace = FALSE;
+		}
+	}
+	if (*bol != '#')
+		bol = NULL;
+done:
+#if !defined(__UNIXOS2__) && !defined(_MSC_VER) && !defined(_WIN32)
+	/* Don't print warnings for system header files */
+	if (bol && whitespace && !strstr(filep->f_name, INCLUDEDIR)) {
+		warning("%s:  non-portable whitespace encountered at line %d\n",
+			filep->f_name, lineno);
+	}
+#endif
+	filep->f_p = p;
+	filep->f_line = lineno;
+#ifdef DEBUG_DUMP
+	if (bol)
+		DBG_PRINT(stderr,"%s\n",bol);
+#endif
+	return(bol);
+}
+
+/*
+ * Strip the file name down to what we want to see in the Makefile.
+ * It will have objprefix and objsuffix around it.
+ */
+char *base_name(char *file)
+{
+	char	*p;
+
+	file = copy(file);
+	for(p=file+strlen(file); p>file && *p != '.'; p--) ;
+
+	if (*p == '.')
+		*p = '\0';
+	return(file);
+}
+
+#if defined(USG) && !defined(CRAY) && !defined(SVR4) && !defined(__UNIXOS2__) && !defined(clipper) && !defined(__clipper__)
+int rename (char *from, char *to)
+{
+    (void) unlink (to);
+    if (link (from, to) == 0) {
+	unlink (from);
+	return 0;
+    } else {
+	return -1;
+    }
+}
+#endif /* USGISH */
+
+void
+redirect(char *line, char *makefile)
+{
+	struct stat	st;
+	FILE	*fdin, *fdout;
+	char	backup[ BUFSIZ ],
+		buf[ BUFSIZ ];
+	boolean	found = FALSE;
+	int	len;
+
+	/*
+	 * if makefile is "-" then let it pour onto stdout.
+	 */
+	if (makefile && *makefile == '-' && *(makefile+1) == '\0') {
+		puts(line);
+		return;
+	}
+
+	/*
+	 * use a default makefile is not specified.
+	 */
+	if (!makefile) {
+		if (stat("Makefile", &st) == 0)
+			makefile = "Makefile";
+		else if (stat("makefile", &st) == 0)
+			makefile = "makefile";
+		else
+			fatalerr("[mM]akefile is not present\n");
+	}
+	else
+	    stat(makefile, &st);
+	if ((fdin = fopen(makefile, "r")) == NULL)
+		fatalerr("cannot open \"%s\"\n", makefile);
+	sprintf(backup, "%s.bak", makefile);
+	unlink(backup);
+#if defined(WIN32) || defined(__UNIXOS2__) || defined(__CYGWIN__)
+	fclose(fdin);
+#endif
+	if (rename(makefile, backup) < 0)
+		fatalerr("cannot rename %s to %s\n", makefile, backup);
+#if defined(WIN32) || defined(__UNIXOS2__) || defined(__CYGWIN__)
+	if ((fdin = fopen(backup, "r")) == NULL)
+		fatalerr("cannot open \"%s\"\n", backup);
+#endif
+	if ((fdout = freopen(makefile, "w", stdout)) == NULL)
+		fatalerr("cannot open \"%s\"\n", backup);
+	len = strlen(line);
+	while (!found && fgets(buf, BUFSIZ, fdin)) {
+		if (*buf == '#' && strncmp(line, buf, len) == 0)
+			found = TRUE;
+		fputs(buf, fdout);
+	}
+	if (!found) {
+		if (verbose)
+		warning("Adding new delimiting line \"%s\" and dependencies...\n",
+			line);
+		puts(line); /* same as fputs(fdout); but with newline */
+	} else if (append) {
+	    while (fgets(buf, BUFSIZ, fdin)) {
+		fputs(buf, fdout);
+	    }
+	}
+	fflush(fdout);
+#if defined(USGISH) || defined(_SEQUENT_) || defined(USE_CHMOD)
+	chmod(makefile, st.st_mode);
+#else
+        fchmod(fileno(fdout), st.st_mode);
+#endif /* USGISH */
+}
+
+void
+fatalerr(char *msg, ...)
+{
+	va_list args;
+	fprintf(stderr, "%s: error:  ", ProgramName);
+	va_start(args, msg);
+	vfprintf(stderr, msg, args);
+	va_end(args);
+	exit (1);
+}
+
+void
+warning(char *msg, ...)
+{
+	va_list args;
+	fprintf(stderr, "%s: warning:  ", ProgramName);
+	va_start(args, msg);
+	vfprintf(stderr, msg, args);
+	va_end(args);
+}
+
+void
+warning1(char *msg, ...)
+{
+	va_list args;
+	va_start(args, msg);
+	vfprintf(stderr, msg, args);
+	va_end(args);
+}
diff --git a/nss/coreconf/mkdepend/mkdepend.man b/nss/coreconf/mkdepend/mkdepend.man
new file mode 100644
index 0000000..595c87e
--- /dev/null
+++ b/nss/coreconf/mkdepend/mkdepend.man
@@ -0,0 +1,382 @@
+.\" $Xorg: mkdepend.man,v 1.5 2001/02/09 02:03:16 xorgcvs Exp $
+.\" Copyright (c) 1993, 1994, 1998 The Open Group
+.\" 
+.\" Permission to use, copy, modify, distribute, and sell this software and its
+.\" documentation for any purpose is hereby granted without fee, provided that
+.\" the above copyright notice appear in all copies and that both that
+.\" copyright notice and this permission notice appear in supporting
+.\" documentation.
+.\" 
+.\" The above copyright notice and this permission notice shall be included in
+.\" all copies or substantial portions of the Software.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+.\" IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+.\" FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL 
+.\" THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 
+.\" WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF 
+.\" OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+.\" SOFTWARE.
+.\" 
+.\" Except as contained in this notice, the name of The Open Group shall not 
+.\" be used in advertising or otherwise to promote the sale, use or other 
+.\" dealing in this Software without prior written authorization from The
+.\" Open Group.
+.\"
+.\" $XFree86: xc/config/makedepend/mkdepend.man,v 1.7 2002/12/14 02:39:45 dawes Exp $
+.\"
+.TH MAKEDEPEND 1 __xorgversion__
+.UC 4
+.SH NAME
+makedepend \- create dependencies in makefiles
+.SH SYNOPSIS
+.B makedepend
+[
+.BI \-D name\fB=\fPdef
+] [
+.BI \-D name
+] [
+.BI \-I includedir
+] [
+.BI \-Y includedir
+] [
+.B \-a
+] [
+.BI \-f makefile
+] [
+.BI \-include \ file
+] [
+.BI \-o objsuffix
+] [
+.BI \-p objprefix
+] [
+.BI \-s string
+] [
+.BI \-w width
+] [
+.B \-v
+] [
+.B \-m
+] [
+\-\^\-
+.I otheroptions
+\-\^\-
+]
+.I sourcefile
+\&.\|.\|.
+.br
+.SH DESCRIPTION
+The
+.B makedepend
+program reads each
+.I sourcefile
+in sequence and parses it like a C-preprocessor,
+processing all
+.I #include,
+.I #define,
+.I #undef,
+.I #ifdef,
+.I #ifndef,
+.I #endif,
+.I #if,
+.I #elif
+and
+.I #else
+directives so that it can correctly tell which
+.I #include,
+directives would be used in a compilation.
+Any
+.I #include,
+directives can reference files having other
+.I #include
+directives, and parsing will occur in these files as well.
+.PP
+Every file that a
+.I sourcefile
+includes,
+directly or indirectly,
+is what
+.B makedepend
+calls a \fIdependency.\fP
+These dependencies are then written to a
+.I makefile
+in such a way that
+.B make(1)
+will know which object files must be recompiled when a dependency has changed.
+.PP
+By default,
+.B makedepend
+places its output in the file named
+.I makefile
+if it exists, otherwise
+.I Makefile.
+An alternate makefile may be specified with the
+.B \-f
+option.
+It first searches the makefile for
+the line
+.sp
+\&    # DO NOT DELETE THIS LINE \-\^\- make depend depends on it.
+.sp
+or one provided with the
+.B \-s
+option,
+as a delimiter for the dependency output.
+If it finds it, it will delete everything
+following this to the end of the makefile
+and put the output after this line.
+If it doesn't find it, the program
+will append the string to the end of the makefile
+and place the output following that.
+For each
+.I sourcefile
+appearing on the command line,
+.B makedepend
+puts lines in the makefile of the form
+.sp
+     sourcefile.o:\0dfile .\|.\|.
+.sp
+Where \fIsourcefile.o\fP is the name from the command
+line with its suffix replaced with ``.o'',
+and \fIdfile\fP is a dependency discovered in a
+.I #include
+directive while parsing
+.I sourcefile
+or one of the files it included.
+.SH EXAMPLE
+Normally,
+.B makedepend
+will be used in a makefile target so that typing ``make depend'' will
+bring the dependencies up to date for the makefile.
+For example,
+.nf
+    SRCS\0=\0file1.c\0file2.c\0.\|.\|.
+    CFLAGS\0=\0\-O\0\-DHACK\0\-I\^.\^.\^/foobar\0\-xyz
+    depend:
+            makedepend\0\-\^\-\0$(CFLAGS)\0\-\^\-\0$(SRCS)
+.fi
+.SH OPTIONS
+The program
+will ignore any option that it does not understand so that you may use
+the same arguments that you would for
+.B cc(1).
+.TP 5
+.B \-D\fIname\fP=\fIdef\fP \fRor\fP \-D\fIname\fP
+Define.
+This places a definition for
+.I name
+in
+.B makedepend's
+symbol table.
+Without 
+.I =def\|
+the symbol becomes defined as ``1''.
+.TP 5
+.B \-I\fIincludedir\fP
+Include directory.
+This option tells
+.B makedepend
+to prepend
+.I includedir
+to its list of directories to search when it encounters
+a
+.I #include
+directive.
+By default,
+.B makedepend
+only searches the standard include directories (usually /usr/include
+and possibly a compiler-dependent directory).
+.TP 5
+.B \-Y\fIincludedir\fP
+Replace all of the standard include directories with the single specified
+include directory; you can omit the
+.I includedir
+to simply prevent searching the standard include directories.
+.TP 5
+.B \-a
+Append the dependencies to the end of the file instead of replacing them. 
+.TP 5
+.B \-f\fImakefile\fP
+Filename.
+This allows you to specify an alternate makefile in which
+.B makedepend
+can place its output.
+Specifying ``\-'' as the file name (i.e., \fB\-f\-\fP) sends the
+output to standard output instead of modifying an existing file.
+.TP 5
+.B \-include \fIfile\fP
+Process file as input, and include all the resulting output
+before processing the regular input file. This has the same
+affect as if the specified file is an include statement that
+appears before the very first line of the regular input file.
+.TP 5
+.B \-o\fIobjsuffix\fP
+Object file suffix.
+Some systems may have object files whose suffix is something other
+than ``.o''.
+This option allows you to specify another suffix, such as
+``.b'' with
+.I \-o.b
+or ``:obj''
+with
+.I \-o:obj
+and so forth.
+.TP 5
+.B \-p\fIobjprefix\fP
+Object file prefix.
+The prefix is prepended to the name of the object file. This is
+usually used to designate a different directory for the object file.
+The default is the empty string.
+.TP 5
+.B \-s\fIstring\fP
+Starting string delimiter.
+This option permits you to specify
+a different string for
+.B makedepend
+to look for in the makefile.
+.TP 5
+.B \-w\fIwidth\fP
+Line width.
+Normally,
+.B makedepend
+will ensure that every output line that it writes will be no wider than
+78 characters for the sake of readability.
+This option enables you to change this width.
+.TP 5
+.B \-v
+Verbose operation.
+This option causes 
+.B makedepend
+to emit the list of files included by each input file.
+.TP 5
+.B \-m
+Warn about multiple inclusion.
+This option causes 
+.B makedepend
+to produce a warning if any input file includes another file more than
+once.  In previous versions of 
+.B makedepend
+this was the default behavior; the default has been changed to better
+match the behavior of the C compiler, which does not consider multiple
+inclusion to be an error.  This option is provided for backward 
+compatibility, and to aid in debugging problems related to multiple
+inclusion.
+.TP 5
+.B "\-\^\- \fIoptions\fP \-\^\-"
+If
+.B makedepend
+encounters a double hyphen (\-\^\-) in the argument list,
+then any unrecognized argument following it
+will be silently ignored; a second double hyphen terminates this
+special treatment.
+In this way,
+.B makedepend
+can be made to safely ignore esoteric compiler arguments that might
+normally be found in a CFLAGS
+.B make
+macro (see the
+.B EXAMPLE
+section above).
+All options that
+.B makedepend
+recognizes and appear between the pair of double hyphens
+are processed normally.
+.SH ALGORITHM
+The approach used in this program enables it to run an order of magnitude
+faster than any other ``dependency generator'' I have ever seen.
+Central to this performance are two assumptions:
+that all files compiled by a single
+makefile will be compiled with roughly the same
+.I \-I
+and
+.I \-D
+options;
+and that most files in a single directory will include largely the
+same files.
+.PP
+Given these assumptions,
+.B makedepend
+expects to be called once for each makefile, with
+all source files that are maintained by the
+makefile appearing on the command line.
+It parses each source and include
+file exactly once, maintaining an internal symbol table
+for each.
+Thus, the first file on the command line will take an amount of time
+proportional to the amount of time that a normal C preprocessor takes.
+But on subsequent files, if it encounters an include file
+that it has already parsed, it does not parse it again.
+.PP
+For example,
+imagine you are compiling two files,
+.I file1.c
+and
+.I file2.c,
+they each include the header file
+.I header.h,
+and the file
+.I header.h
+in turn includes the files
+.I def1.h
+and
+.I def2.h.
+When you run the command
+.sp
+    makedepend\0file1.c\0file2.c
+.sp
+.B makedepend
+will parse
+.I file1.c
+and consequently,
+.I header.h
+and then
+.I def1.h
+and
+.I def2.h.
+It then decides that the dependencies for this file are
+.sp
+    file1.o:\0header.h\0def1.h\0def2.h
+.sp
+But when the program parses
+.I file2.c
+and discovers that it, too, includes
+.I header.h,
+it does not parse the file,
+but simply adds
+.I header.h,
+.I def1.h
+and
+.I def2.h
+to the list of dependencies for
+.I file2.o.
+.SH "SEE ALSO"
+cc(1), make(1)
+.SH BUGS
+.B makedepend
+parses, but does not currently evaluate, the SVR4 #predicate(token-list)
+preprocessor expression; such expressions are simply assumed to be true.
+This may cause the wrong
+.I #include
+directives to be evaluated.
+.PP
+Imagine you are parsing two files,
+say
+.I file1.c
+and
+.I file2.c,
+each includes the file
+.I def.h.
+The list of files that
+.I def.h
+includes might truly be different when
+.I def.h
+is included by
+.I file1.c
+than when it is included by
+.I file2.c.
+But once
+.B makedepend
+arrives at a list of dependencies for a file,
+it is cast in concrete.
+.SH AUTHOR
+Todd Brunhoff, Tektronix, Inc. and MIT Project Athena
diff --git a/nss/coreconf/mkdepend/parse.c b/nss/coreconf/mkdepend/parse.c
new file mode 100644
index 0000000..5229d66
--- /dev/null
+++ b/nss/coreconf/mkdepend/parse.c
@@ -0,0 +1,693 @@
+/* $Xorg: parse.c,v 1.6 2001/02/09 02:03:16 xorgcvs Exp $ */
+/*
+
+Copyright (c) 1993, 1994, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+/* $XFree86: xc/config/makedepend/parse.c,v 1.12 2002/02/26 05:09:10 tsi Exp $ */
+
+#include "def.h"
+
+extern char	*directives[];
+extern struct inclist	inclist[ MAXFILES ],
+			*inclistnext,
+			maininclist;
+extern char	*includedirs[ ],
+		**includedirsnext;
+
+static int deftype (char *line, struct filepointer *filep,
+		    struct inclist *file_red, struct inclist *file,
+		    int parse_it);
+static int zero_value(char *filename, char *exp, struct filepointer *filep,
+		    struct inclist *file_red);
+static int merge2defines(struct inclist *file1, struct inclist *file2);
+
+static int
+gobble(struct filepointer *filep, struct inclist *file,
+       struct inclist *file_red)
+{
+	char	*line;
+	int	type;
+
+	while ((line = getnextline(filep))) {
+		switch(type = deftype(line, filep, file_red, file, FALSE)) {
+		case IF:
+		case IFFALSE:
+		case IFGUESSFALSE:
+		case IFDEF:
+		case IFNDEF:
+			type = gobble(filep, file, file_red);
+			while ((type == ELIF) || (type == ELIFFALSE) ||
+			       (type == ELIFGUESSFALSE))
+			    type = gobble(filep, file, file_red);
+			if (type == ELSE)
+			        (void)gobble(filep, file, file_red);
+			break;
+		case ELSE:
+		case ENDIF:
+			debug(0,("%s, line %d: #%s\n",
+				file->i_file, filep->f_line,
+				directives[type]));
+			return(type);
+		case DEFINE:
+		case UNDEF:
+		case INCLUDE:
+		case INCLUDEDOT:
+		case PRAGMA:
+		case ERROR:
+		case IDENT:
+		case SCCS:
+		case EJECT:
+		case WARNING:
+		case INCLUDENEXT:
+		case INCLUDENEXTDOT:
+			break;
+		case ELIF:
+		case ELIFFALSE:
+		case ELIFGUESSFALSE:
+			return(type);
+		case -1:
+			warning("%s", file_red->i_file);
+			if (file_red != file)
+				warning1(" (reading %s)", file->i_file);
+			warning1(", line %d: unknown directive == \"%s\"\n",
+				filep->f_line, line);
+			break;
+		}
+	}
+	return(-1);
+}
+
+/*
+ * Decide what type of # directive this line is.
+ */
+static int 
+deftype (char *line, struct filepointer *filep, 
+	     struct inclist *file_red, struct inclist *file, int parse_it)
+{
+	register char	*p;
+	char	*directive, savechar, *q;
+	register int	ret;
+
+	/*
+	 * Parse the directive...
+	 */
+	directive=line+1;
+	while (*directive == ' ' || *directive == '\t')
+		directive++;
+
+	p = directive;
+	while ((*p == '_') || (*p >= 'a' && *p <= 'z'))
+		p++;
+	savechar = *p;
+	*p = '\0';
+	ret = match(directive, directives);
+	*p = savechar;
+
+	/* If we don't recognize this compiler directive or we happen to just
+	 * be gobbling up text while waiting for an #endif or #elif or #else
+	 * in the case of an #elif we must check the zero_value and return an
+	 * ELIF or an ELIFFALSE.
+	 */
+
+	if (ret == ELIF && !parse_it)
+	{
+	    while (*p == ' ' || *p == '\t')
+		p++;
+	    /*
+	     * parse an expression.
+	     */
+	    debug(0,("%s, line %d: #elif %s ",
+		   file->i_file, filep->f_line, p));
+	    ret = zero_value(file->i_file, p, filep, file_red);
+	    if (ret != IF)
+	    {
+		debug(0,("false...\n"));
+		if (ret == IFFALSE)
+		    return(ELIFFALSE);
+		else
+		    return(ELIFGUESSFALSE);
+	    }
+	    else
+	    {
+		debug(0,("true...\n"));
+		return(ELIF);
+	    }
+	}
+
+	if (ret < 0 || ! parse_it)
+		return(ret);
+
+	/*
+	 * now decide how to parse the directive, and do it.
+	 */
+	while (*p == ' ' || *p == '\t')
+		p++;
+	q = p + strlen(p);
+	do {
+		q--;
+	} while (*q == ' ' || *q == '\t');
+	q[1] = '\0';
+	switch (ret) {
+	case IF:
+		/*
+		 * parse an expression.
+		 */
+		ret = zero_value(file->i_file, p, filep, file_red);
+		debug(0,("%s, line %d: %s #if %s\n",
+			 file->i_file, filep->f_line, ret?"false":"true", p));
+		break;
+	case IFDEF:
+	case IFNDEF:
+		debug(0,("%s, line %d: #%s %s\n",
+			file->i_file, filep->f_line, directives[ret], p));
+	case UNDEF:
+		/*
+		 * separate the name of a single symbol.
+		 */
+		while (isalnum(*p) || *p == '_')
+			*line++ = *p++;
+		*line = '\0';
+		break;
+	case INCLUDE:
+	case INCLUDENEXT:
+		debug(2,("%s, line %d: #include%s %s\n",
+			file->i_file, filep->f_line,
+			(ret == INCLUDE) ? "" : "_next", p));
+
+		/* Support ANSI macro substitution */
+		while (1) {
+			struct symtab **sym;
+
+			if (!*p || *p == '"' || *p == '<')
+				break;
+
+		    	sym = isdefined(p, file_red, NULL);
+			if (!sym)
+				break;
+
+			p = (*sym)->s_value;
+			debug(3,("%s : #includes SYMBOL %s = %s\n",
+			       file->i_incstring,
+			       (*sym) -> s_name,
+			       (*sym) -> s_value));
+			/* mark file as having included a 'soft include' */
+			file->i_flags |= INCLUDED_SYM; 
+		}
+
+		/*
+		 * Separate the name of the include file.
+		 */
+		while (*p && *p != '"' && *p != '<')
+			p++;
+		if (! *p)
+			return(-2);
+		if (*p++ == '"') {
+			if (ret == INCLUDE)
+				ret = INCLUDEDOT;
+			else
+				ret = INCLUDENEXTDOT;
+			while (*p && *p != '"')
+				*line++ = *p++;
+		} else
+			while (*p && *p != '>')
+				*line++ = *p++;
+		*line = '\0';
+		break;
+	case DEFINE:
+		/*
+		 * copy the definition back to the beginning of the line.
+		 */
+		strcpy (line, p);
+		break;
+	case ELSE:
+	case ENDIF:
+	case ELIF:
+	case PRAGMA:
+	case ERROR:
+	case IDENT:
+	case SCCS:
+	case EJECT:
+	case WARNING:
+		debug(0,("%s, line %d: #%s\n",
+			file->i_file, filep->f_line, directives[ret]));
+		/*
+		 * nothing to do.
+		 */
+		break;
+	}
+	return(ret);
+}
+
+struct symtab **
+fdefined(char *symbol, struct inclist *file, struct inclist **srcfile)
+{
+	struct inclist	**ip;
+	struct symtab	**val;
+	int	i;
+	static int	recurse_lvl = 0;
+
+	if (file->i_flags & DEFCHECKED)
+		return(NULL);
+	debug(2,("Looking for %s in %s\n", symbol, file->i_file));
+	file->i_flags |= DEFCHECKED;
+	if ((val = slookup(symbol, file)))
+		debug(1,("%s defined in %s as %s\n",
+			 symbol, file->i_file, (*val)->s_value));
+	if (val == NULL && file->i_list)
+	{
+		for (ip = file->i_list, i=0; i < file->i_listlen; i++, ip++)
+			if (file->i_merged[i]==FALSE) {
+				val = fdefined(symbol, *ip, srcfile);
+				file->i_merged[i]=merge2defines(file,*ip);
+				if (val!=NULL) break;
+			}
+	}
+	else if (val != NULL && srcfile != NULL) *srcfile = file;
+	recurse_lvl--;
+	file->i_flags &= ~DEFCHECKED;
+
+	return(val);
+}
+
+struct symtab **
+isdefined(char *symbol, struct inclist *file, struct inclist **srcfile)
+{
+	struct symtab	**val;
+
+	if ((val = slookup(symbol, &maininclist))) {
+		debug(1,("%s defined on command line\n", symbol));
+		if (srcfile != NULL) *srcfile = &maininclist;
+		return(val);
+	}
+	if ((val = fdefined(symbol, file, srcfile)))
+		return(val);
+	debug(1,("%s not defined in %s\n", symbol, file->i_file));
+	return(NULL);
+}
+
+/*
+ * Return type based on if the #if expression evaluates to 0
+ */
+static int
+zero_value(char *filename,
+	   char *exp,
+	   struct filepointer *filep,
+	   struct inclist *file_red)
+{
+	if (cppsetup(filename, exp, filep, file_red))
+	    return(IFFALSE);
+	else
+	    return(IF);
+}
+
+void
+define2(char *name, char *val, struct inclist *file)
+{
+    int first, last, below;
+    register struct symtab **sp = NULL, **dest;
+    struct symtab *stab;
+
+    /* Make space if it's needed */
+    if (file->i_defs == NULL)
+    {
+	file->i_defs = (struct symtab **)
+			malloc(sizeof (struct symtab*) * SYMTABINC);
+	file->i_ndefs = 0;
+    }
+    else if (!(file->i_ndefs % SYMTABINC))
+	file->i_defs = (struct symtab **)
+			realloc(file->i_defs,
+			   sizeof(struct symtab*)*(file->i_ndefs+SYMTABINC));
+
+    if (file->i_defs == NULL)
+	fatalerr("malloc()/realloc() failure in insert_defn()\n");
+
+    below = first = 0;
+    last = file->i_ndefs - 1;
+    while (last >= first)
+    {
+	/* Fast inline binary search */
+	register char *s1;
+	register char *s2;
+	register int middle = first + (last - first) / 2;
+
+	/* Fast inline strchr() */
+	s1 = name;
+	s2 = file->i_defs[middle]->s_name;
+	while (*s1++ == *s2++)
+	    if (s2[-1] == '\0') break;
+
+	/* If exact match, set sp and break */
+	if (*--s1 == *--s2) 
+	{
+	    sp = file->i_defs + middle;
+	    break;
+	}
+
+	/* If name > i_defs[middle] ... */
+	if (*s1 > *s2) 
+	{
+	    below = first;
+	    first = middle + 1;
+	}
+	/* else ... */
+	else
+	{
+	    below = last = middle - 1;
+	}
+    }
+
+    /* Search is done.  If we found an exact match to the symbol name,
+       just replace its s_value */
+    if (sp != NULL)
+    {
+	debug(1,("redefining %s from %s to %s in file %s\n",
+		name, (*sp)->s_value, val, file->i_file));
+	free((*sp)->s_value);
+	(*sp)->s_value = copy(val);
+	return;
+    }
+
+    sp = file->i_defs + file->i_ndefs++;
+    dest = file->i_defs + below + 1;
+    while (sp > dest)
+    {
+	*sp = sp[-1];
+	sp--;
+    }
+    stab = (struct symtab *) malloc(sizeof (struct symtab));
+    if (stab == NULL)
+	fatalerr("malloc()/realloc() failure in insert_defn()\n");
+
+    debug(1,("defining %s to %s in file %s\n", name, val, file->i_file));
+    stab->s_name = copy(name);
+    stab->s_value = copy(val);
+    *sp = stab;
+}
+
+void
+define(char *def, struct inclist *file)
+{
+    char *val;
+
+    /* Separate symbol name and its value */
+    val = def;
+    while (isalnum(*val) || *val == '_')
+	val++;
+    if (*val)
+	*val++ = '\0';
+    while (*val == ' ' || *val == '\t')
+	val++;
+
+    if (!*val)
+	val = "1";
+    define2(def, val, file);
+}
+
+struct symtab **
+slookup(char *symbol, struct inclist *file)
+{
+	register int first = 0;
+	register int last;
+
+	if (!file)
+	{
+	    return NULL;
+	}
+
+	last = file->i_ndefs - 1;
+
+	while (last >= first)
+	{
+	    /* Fast inline binary search */
+	    register char *s1;
+	    register char *s2;
+	    register int middle = first + (last - first) / 2;
+
+	    /* Fast inline strchr() */
+	    s1 = symbol;
+	    s2 = file->i_defs[middle]->s_name;
+	    while (*s1++ == *s2++)
+	        if (s2[-1] == '\0') break;
+
+	    /* If exact match, we're done */
+	    if (*--s1 == *--s2) 
+	    {
+	        return file->i_defs + middle;
+	    }
+
+	    /* If symbol > i_defs[middle] ... */
+	    if (*s1 > *s2) 
+	    {
+	        first = middle + 1;
+	    }
+	    /* else ... */
+	    else
+	    {
+	        last = middle - 1;
+	    }
+	}
+	return NULL;
+}
+
+static int 
+merge2defines(struct inclist *file1, struct inclist *file2)
+{
+	int i;
+
+	if ((file1==NULL) || (file2==NULL) ||
+	    !(file2->i_flags & FINISHED))
+		return 0;
+
+	for (i=0; i < file2->i_listlen; i++)
+		if (file2->i_merged[i]==FALSE)
+			return 0;
+
+	{
+		int first1 = 0;
+		int last1 = file1->i_ndefs - 1;
+
+		int first2 = 0;
+		int last2 = file2->i_ndefs - 1;
+
+                int first=0;
+                struct symtab** i_defs = NULL;
+		int deflen=file1->i_ndefs+file2->i_ndefs;
+
+		debug(2,("merging %s into %s\n",
+			file2->i_file, file1->i_file));
+
+                if (deflen>0)
+                { 
+                	/* make sure deflen % SYMTABINC == 0 is still true */
+                	deflen += (SYMTABINC - deflen % SYMTABINC) % SYMTABINC;
+                	i_defs=(struct symtab**)
+			    malloc(deflen*sizeof(struct symtab*));
+                	if (i_defs==NULL) return 0;
+        	}
+
+        	while ((last1 >= first1) && (last2 >= first2))
+        	{
+	    		char *s1=file1->i_defs[first1]->s_name;
+	    		char *s2=file2->i_defs[first2]->s_name;
+
+     			if (strcmp(s1,s2) < 0)
+                        	i_defs[first++]=file1->i_defs[first1++];
+     			else if (strcmp(s1,s2) > 0)
+                        	i_defs[first++]=file2->i_defs[first2++];
+                        else /* equal */
+                        {
+                        	i_defs[first++]=file2->i_defs[first2++];
+                                first1++;
+                        }
+        	}
+        	while (last1 >= first1)
+        	{
+                        i_defs[first++]=file1->i_defs[first1++];
+        	}
+        	while (last2 >= first2)
+        	{
+                        i_defs[first++]=file2->i_defs[first2++];
+        	}
+
+                if (file1->i_defs) free(file1->i_defs);
+                file1->i_defs=i_defs;
+                file1->i_ndefs=first;
+                
+		return 1;
+  	}
+}
+
+void
+undefine(char *symbol, struct inclist *file)
+{
+	register struct symtab **ptr;
+	struct inclist *srcfile;
+	while ((ptr = isdefined(symbol, file, &srcfile)) != NULL)
+	{
+	    srcfile->i_ndefs--;
+	    for (; ptr < srcfile->i_defs + srcfile->i_ndefs; ptr++)
+		*ptr = ptr[1];
+	}
+}
+
+int
+find_includes(struct filepointer *filep, struct inclist *file, 
+	      struct inclist *file_red, int recursion, boolean failOK)
+{
+	struct inclist	*inclistp;
+	char		**includedirsp;
+	register char	*line;
+	register int	type;
+	boolean recfailOK;
+
+	while ((line = getnextline(filep))) {
+		switch(type = deftype(line, filep, file_red, file, TRUE)) {
+		case IF:
+		doif:
+			type = find_includes(filep, file,
+				file_red, recursion+1, failOK);
+			while ((type == ELIF) || (type == ELIFFALSE) ||
+			       (type == ELIFGUESSFALSE))
+				type = gobble(filep, file, file_red);
+			if (type == ELSE)
+				gobble(filep, file, file_red);
+			break;
+		case IFFALSE:
+		case IFGUESSFALSE:
+		    doiffalse:
+			if (type == IFGUESSFALSE || type == ELIFGUESSFALSE)
+			    recfailOK = TRUE;
+			else
+			    recfailOK = failOK;
+			type = gobble(filep, file, file_red);
+			if (type == ELSE)
+			    find_includes(filep, file,
+					  file_red, recursion+1, recfailOK);
+			else
+			if (type == ELIF)
+			    goto doif;
+			else
+			if ((type == ELIFFALSE) || (type == ELIFGUESSFALSE))
+			    goto doiffalse;
+			break;
+		case IFDEF:
+		case IFNDEF:
+			if ((type == IFDEF && isdefined(line, file_red, NULL))
+			 || (type == IFNDEF && !isdefined(line, file_red, NULL))) {
+				debug(1,(type == IFNDEF ?
+				    "line %d: %s !def'd in %s via %s%s\n" : "",
+				    filep->f_line, line,
+				    file->i_file, file_red->i_file, ": doit"));
+				type = find_includes(filep, file,
+					file_red, recursion+1, failOK);
+				while (type == ELIF || type == ELIFFALSE || type == ELIFGUESSFALSE)
+					type = gobble(filep, file, file_red);
+				if (type == ELSE)
+					gobble(filep, file, file_red);
+			}
+			else {
+				debug(1,(type == IFDEF ?
+				    "line %d: %s !def'd in %s via %s%s\n" : "",
+				    filep->f_line, line,
+				    file->i_file, file_red->i_file, ": gobble"));
+				type = gobble(filep, file, file_red);
+				if (type == ELSE)
+					find_includes(filep, file,
+						file_red, recursion+1, failOK);
+				else if (type == ELIF)
+				    	goto doif;
+				else if (type == ELIFFALSE || type == ELIFGUESSFALSE)
+				    	goto doiffalse;
+			}
+			break;
+		case ELSE:
+		case ELIFFALSE:
+		case ELIFGUESSFALSE:
+		case ELIF:
+			if (!recursion)
+				gobble(filep, file, file_red);
+		case ENDIF:
+			if (recursion)
+				return(type);
+		case DEFINE:
+			define(line, file);
+			break;
+		case UNDEF:
+			if (!*line) {
+			    warning("%s", file_red->i_file);
+			    if (file_red != file)
+				warning1(" (reading %s)", file->i_file);
+			    warning1(", line %d: incomplete undef == \"%s\"\n",
+				filep->f_line, line);
+			    break;
+			}
+			undefine(line, file_red);
+			break;
+		case INCLUDE:
+		case INCLUDEDOT:
+		case INCLUDENEXT:
+		case INCLUDENEXTDOT:
+			inclistp = inclistnext;
+			includedirsp = includedirsnext;
+			debug(2,("%s, reading %s, includes %s\n",
+				file_red->i_file, file->i_file, line));
+			add_include(filep, file, file_red, line, type, failOK);
+			inclistnext = inclistp;
+			includedirsnext = includedirsp;
+			break;
+		case ERROR:
+		case WARNING:
+		    	warning("%s", file_red->i_file);
+			if (file_red != file)
+				warning1(" (reading %s)", file->i_file);
+			warning1(", line %d: %s\n",
+				 filep->f_line, line);
+		    	break;
+		    
+		case PRAGMA:
+		case IDENT:
+		case SCCS:
+		case EJECT:
+			break;
+		case -1:
+			warning("%s", file_red->i_file);
+			if (file_red != file)
+			    warning1(" (reading %s)", file->i_file);
+			warning1(", line %d: unknown directive == \"%s\"\n",
+				 filep->f_line, line);
+			break;
+		case -2:
+			warning("%s", file_red->i_file);
+			if (file_red != file)
+			    warning1(" (reading %s)", file->i_file);
+			warning1(", line %d: incomplete include == \"%s\"\n",
+				 filep->f_line, line);
+			break;
+		}
+	}
+	file->i_flags |= FINISHED;
+	debug(2,("finished with %s\n", file->i_file));
+	return(-1);
+}
diff --git a/nss/coreconf/mkdepend/pr.c b/nss/coreconf/mkdepend/pr.c
new file mode 100644
index 0000000..e864793
--- /dev/null
+++ b/nss/coreconf/mkdepend/pr.c
@@ -0,0 +1,124 @@
+/* $Xorg: pr.c,v 1.4 2001/02/09 02:03:16 xorgcvs Exp $ */
+/*
+
+Copyright (c) 1993, 1994, 1998 The Open Group
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of The Open Group shall not be
+used in advertising or otherwise to promote the sale, use or other dealings
+in this Software without prior written authorization from The Open Group.
+
+*/
+/* $XFree86: xc/config/makedepend/pr.c,v 1.5 2001/12/14 19:53:21 dawes Exp $ */
+
+#include "def.h"
+
+extern struct	inclist	inclist[ MAXFILES ],
+			*inclistp;
+extern char	*objprefix;
+extern char	*objsuffix;
+extern int	width;
+extern boolean	printed;
+extern boolean	verbose;
+extern boolean	show_where_not;
+
+void
+add_include(struct filepointer *filep, struct inclist *file, 
+	    struct inclist *file_red, char *include, int type,
+	    boolean failOK)
+{
+	register struct inclist	*newfile;
+	register struct filepointer	*content;
+
+	/*
+	 * First decide what the pathname of this include file really is.
+	 */
+	newfile = inc_path(file->i_file, include, type);
+	if (newfile == NULL) {
+		if (failOK)
+		    return;
+		if (file != file_red)
+			warning("%s (reading %s, line %d): ",
+				file_red->i_file, file->i_file, filep->f_line);
+		else
+			warning("%s, line %d: ", file->i_file, filep->f_line);
+		warning1("cannot find include file \"%s\"\n", include);
+		show_where_not = TRUE;
+		newfile = inc_path(file->i_file, include, type);
+		show_where_not = FALSE;
+	}
+
+	if (newfile) {
+		included_by(file, newfile);
+		if (!(newfile->i_flags & SEARCHED)) {
+			newfile->i_flags |= SEARCHED;
+			content = getfile(newfile->i_file);
+			find_includes(content, newfile, file_red, 0, failOK);
+			freefile(content);
+		}
+	}
+}
+
+static void
+pr(struct inclist *ip, char *file, char *base)
+{
+	static char	*lastfile;
+	static int	current_len;
+	register int	len, i;
+	char	buf[ BUFSIZ ];
+
+	printed = TRUE;
+	len = strlen(ip->i_file)+1;
+	if (current_len + len > width || file != lastfile) {
+		lastfile = file;
+		sprintf(buf, "\n%s%s%s: %s", objprefix, base, objsuffix,
+			ip->i_file);
+		len = current_len = strlen(buf);
+	}
+	else {
+		buf[0] = ' ';
+		strcpy(buf+1, ip->i_file);
+		current_len += len;
+	}
+	fwrite(buf, len, 1, stdout);
+
+	/*
+	 * If verbose is set, then print out what this file includes.
+	 */
+	if (! verbose || ip->i_list == NULL || ip->i_flags & NOTIFIED)
+		return;
+	ip->i_flags |= NOTIFIED;
+	lastfile = NULL;
+	printf("\n# %s includes:", ip->i_file);
+	for (i=0; i<ip->i_listlen; i++)
+		printf("\n#\t%s", ip->i_list[ i ]->i_incstring);
+}
+
+void
+recursive_pr_include(struct inclist *head, char *file, char *base)
+{
+	int	i;
+
+	if (head->i_flags & MARKED)
+		return;
+	head->i_flags |= MARKED;
+	if (head->i_file != file)
+		pr(head, file, base);
+	for (i=0; i<head->i_listlen; i++)
+		recursive_pr_include(head->i_list[ i ], file, base);
+}
diff --git a/nss/coreconf/module.mk b/nss/coreconf/module.mk
new file mode 100644
index 0000000..5f6d2cc
--- /dev/null
+++ b/nss/coreconf/module.mk
@@ -0,0 +1,37 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# The master "Core Components" source and release component directory #
+# names are ALWAYS identical and are the value of $(MODULE).          #
+# NOTE:  A component is also called a module or a subsystem.          #
+#######################################################################
+
+#
+#  All "Core Components" <component>-specific source-side tags must
+#  always be identified for compiling/linking purposes
+#
+
+ifndef JAVA_SOURCE_COMPONENT
+    JAVA_SOURCE_COMPONENT = java
+endif
+
+ifndef NETLIB_SOURCE_COMPONENT
+    NETLIB_SOURCE_COMPONENT = netlib
+endif
+
+ifndef NSPR_SOURCE_COMPONENT
+    NSPR_SOURCE_COMPONENT = nspr20
+endif
+
+ifndef SECTOOLS_SOURCE_COMPONENT
+    SECTOOLS_SOURCE_COMPONENT = sectools
+endif
+
+ifndef SECURITY_SOURCE_COMPONENT
+    SECURITY_SOURCE_COMPONENT = security
+endif
+
+MK_MODULE = included
diff --git a/nss/coreconf/nsinstall/Makefile b/nss/coreconf/nsinstall/Makefile
new file mode 100644
index 0000000..1850bcb
--- /dev/null
+++ b/nss/coreconf/nsinstall/Makefile
@@ -0,0 +1,42 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEPTH		= ../..
+CORE_DEPTH	= ../..
+
+MODULE		= coreconf
+
+CSRCS		= nsinstall.c pathsub.c
+
+PROGRAM		= nsinstall
+
+# Indicate that this directory builds build tools.
+INTERNAL_TOOLS  = 1
+
+
+include $(DEPTH)/coreconf/config.mk
+
+ifeq (,$(filter-out OS2 WIN%,$(OS_TARGET)))
+PROGRAM		=
+else
+TARGETS		= $(PROGRAM)
+INSTALL		= true
+endif
+
+ifdef NATIVE_CC
+CC=$(NATIVE_CC)
+endif
+
+ifdef NATIVE_FLAGS
+OS_CFLAGS=$(NATIVE_FLAGS)
+endif
+
+include $(DEPTH)/coreconf/rules.mk
+
+# Redefine MAKE_OBJDIR for just this directory
+define MAKE_OBJDIR
+if test ! -d $(@D); then rm -rf $(@D); mkdir $(@D); fi
+endef
+
diff --git a/nss/coreconf/nsinstall/nsinstall.c b/nss/coreconf/nsinstall/nsinstall.c
new file mode 100644
index 0000000..3df0ae6
--- /dev/null
+++ b/nss/coreconf/nsinstall/nsinstall.c
@@ -0,0 +1,407 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** Netscape portable install command.
+*/
+#include <stdio.h>  /* OSF/1 requires this before grp.h, so put it first */
+#include <assert.h>
+#include <fcntl.h>
+#include <string.h>
+#if defined(_WINDOWS)
+#include <windows.h>
+typedef unsigned int mode_t;
+#else
+#include <grp.h>
+#include <pwd.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <utime.h>
+#endif
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "pathsub.h"
+
+#define HAVE_LCHOWN
+
+#if defined(AIX) || defined(BSDI) || defined(HPUX) || defined(LINUX) || defined(SUNOS4) || defined(SCO) || defined(UNIXWARE) || defined(NTO) || defined(DARWIN) || defined(BEOS) || defined(__riscos__)
+#undef HAVE_LCHOWN
+#endif
+
+#define HAVE_FCHMOD
+
+#if defined(BEOS)
+#undef HAVE_FCHMOD
+#endif
+
+#ifdef LINUX
+#include <getopt.h>
+#endif
+
+#if defined(SCO) || defined(UNIXWARE) || defined(SNI) || defined(NCR) || defined(NEC)
+#if !defined(S_ISLNK) && defined(S_IFLNK)
+#define S_ISLNK(a)	(((a) & S_IFMT) == S_IFLNK)
+#endif
+#endif
+
+#if defined(SNI)
+extern int fchmod(int fildes, mode_t mode);
+#endif
+
+
+#ifdef GETCWD_CANT_MALLOC
+/*
+ * this should probably go into a utility library in case other applications
+ * need it.
+ */
+static char *
+getcwd_do_malloc(char *path, int len) {
+
+    if (!path) {
+	path = malloc(PATH_MAX +1);
+	if (!path) return NULL;
+    }
+    return getcwd(path, PATH_MAX);
+}
+#define GETCWD	getcwd_do_malloc
+#else
+#define GETCWD	getcwd
+#endif
+
+
+static void
+usage(void)
+{
+    fprintf(stderr,
+	"usage: %s [-C cwd] [-L linkprefix] [-m mode] [-o owner] [-g group]\n"
+	"       %*s [-DdltR] file [file ...] directory\n",
+	program, (int)strlen(program), "");
+    exit(2);
+}
+
+/* this is more-or-less equivalent to mkdir -p */
+static int
+mkdirs(char *path, mode_t mode)
+{
+    char *      cp;
+    int         rv;
+    struct stat sb;
+    
+    if (!path || !path[0]) 
+	fail("Null pointer or empty string passed to mkdirs()");
+    while (*path == '/' && path[1] == '/')
+	path++;
+    for (cp = strrchr(path, '/'); cp && cp != path && *(cp - 1) == '/'; cp--);
+    if (cp && cp != path) {
+	*cp = '\0';
+	if ((stat(path, &sb) < 0 || !S_ISDIR(sb.st_mode)) &&
+	    mkdirs(path, mode) < 0) {
+	    return -1;
+	}
+	*cp = '/';
+    }
+    rv = mkdir(path, mode);
+    if (rv) {
+	if (errno != EEXIST)
+	    fail("mkdirs cannot make %s", path);
+	fprintf(stderr, "directory creation race: %s\n", path);
+	if (!stat(path, &sb) && S_ISDIR(sb.st_mode)) 
+	    rv = 0;
+    }
+    return rv;
+}
+
+static uid_t
+touid(char *owner)
+{
+    struct passwd *pw;
+    uid_t uid;
+    char *cp;
+
+    if (!owner || !owner[0]) 
+	fail("Null pointer or empty string passed to touid()");
+    pw = getpwnam(owner);
+    if (pw)
+	return pw->pw_uid;
+    uid = strtol(owner, &cp, 0);
+    if (uid == 0 && cp == owner)
+	fail("cannot find uid for %s", owner);
+    return uid;
+}
+
+static gid_t
+togid(char *group)
+{
+    struct group *gr;
+    gid_t gid;
+    char *cp;
+
+    if (!group || !group[0]) 
+	fail("Null pointer or empty string passed to togid()");
+    gr = getgrnam(group);
+    if (gr)
+	return gr->gr_gid;
+    gid = strtol(group, &cp, 0);
+    if (gid == 0 && cp == group)
+	fail("cannot find gid for %s", group);
+    return gid;
+}
+
+void * const uninit = (void *)0xdeadbeef;
+
+int
+main(int argc, char **argv)
+{
+    char *	base		= uninit;
+    char *	bp		= uninit;
+    char *	cp		= uninit;
+    char *	cwd		= 0;
+    char *	group		= 0;
+    char *	linkname	= 0;
+    char *	linkprefix	= 0;
+    char *	name		= uninit;
+    char *	owner		= 0;
+    char *	todir		= uninit;
+    char *	toname		= uninit;
+
+    int 	bnlen		= -1;
+    int 	cc		= 0;
+    int 	dodir		= 0;
+    int 	dolink		= 0;
+    int 	dorelsymlink	= 0;
+    int 	dotimes		= 0;
+    int 	exists		= 0;
+    int 	fromfd		= -1;
+    int 	len		= -1;
+    int 	lplen		= 0;
+    int		onlydir		= 0;
+    int 	opt		= -1;
+    int 	tdlen		= -1;
+    int 	tofd		= -1;
+    int 	wc		= -1;
+
+    mode_t 	mode		= 0755;
+
+    uid_t 	uid		= -1;
+    gid_t 	gid		= -1;
+
+    struct stat sb;
+    struct stat tosb;
+    struct utimbuf utb;
+    char 	buf[BUFSIZ];
+
+    program = strrchr(argv[0], '/');
+    if (!program)
+	program = strrchr(argv[0], '\\');
+    program = program ? program+1 : argv[0];
+
+
+    while ((opt = getopt(argc, argv, "C:DdlL:Rm:o:g:t")) != EOF) {
+	switch (opt) {
+	  case 'C': cwd = optarg;	break;
+	  case 'D': onlydir = 1; 	break;
+	  case 'd': dodir = 1; 		break;
+	  case 'l': dolink = 1;		break;
+	  case 'L':
+	    linkprefix = optarg;
+	    lplen = strlen(linkprefix);
+	    dolink = 1;
+	    break;
+	  case 'R': dolink = dorelsymlink = 1; break;
+	  case 'm':
+	    mode = strtoul(optarg, &cp, 8);
+	    if (mode == 0 && cp == optarg)
+		usage();
+	    break;
+	  case 'o': owner = optarg; 	break;
+	  case 'g': group = optarg; 	break;
+	  case 't': dotimes = 1; 	break;
+	  default:  usage();
+	}
+    }
+
+    argc -= optind;
+    argv += optind;
+    if (argc < 2 - onlydir)
+	usage();
+
+    todir = argv[argc-1];
+    if ((stat(todir, &sb) < 0 || !S_ISDIR(sb.st_mode)) &&
+	mkdirs(todir, 0777) < 0) {
+	fail("cannot mkdir -p %s", todir);
+    }
+    if (onlydir)
+	return 0;
+
+    if (!cwd) {
+	cwd = GETCWD(0, PATH_MAX);
+	if (!cwd)
+	    fail("could not get CWD");
+    }
+
+    /* make sure we can get into todir. */
+    xchdir(todir);
+    todir = GETCWD(0, PATH_MAX);
+    if (!todir)
+	fail("could not get CWD in todir");
+    tdlen = strlen(todir);
+
+    /* back to original directory. */
+    xchdir(cwd);
+
+    uid = owner ? touid(owner) : -1;
+    gid = group ? togid(group) : -1;
+
+    while (--argc > 0) {
+	name   = *argv++;
+	len    = strlen(name);
+	base   = xbasename(name);
+	bnlen  = strlen(base);
+	toname = (char*)xmalloc(tdlen + 1 + bnlen + 1);
+	sprintf(toname, "%s/%s", todir, base);
+retry:
+	exists = (lstat(toname, &tosb) == 0);
+
+	if (dodir) {
+	    /* -d means create a directory, always */
+	    if (exists && !S_ISDIR(tosb.st_mode)) {
+		int rv = unlink(toname);
+		if (rv)
+		    fail("cannot unlink %s", toname);
+		exists = 0;
+	    }
+	    if (!exists && mkdir(toname, mode) < 0) {
+	    	/* we probably have two nsinstall programs in a race here. */
+		if (errno == EEXIST && !stat(toname, &sb) && 
+		    S_ISDIR(sb.st_mode)) {
+		    fprintf(stderr, "directory creation race: %s\n", toname);
+		    goto retry;
+	    	}
+		fail("cannot make directory %s", toname);
+	    }
+	    if ((owner || group) && chown(toname, uid, gid) < 0)
+		fail("cannot change owner of %s", toname);
+	} else if (dolink) {
+	    if (*name == '/') {
+		/* source is absolute pathname, link to it directly */
+		linkname = 0;
+	    } else {
+		if (linkprefix) {
+		    /* -L implies -l and prefixes names with a $cwd arg. */
+		    len += lplen + 1;
+		    linkname = (char*)xmalloc(len + 1);
+		    sprintf(linkname, "%s/%s", linkprefix, name);
+		} else if (dorelsymlink) {
+		    /* Symlink the relative path from todir to source name. */
+		    linkname = (char*)xmalloc(PATH_MAX);
+
+		    if (*todir == '/') {
+			/* todir is absolute: skip over common prefix. */
+			lplen = relatepaths(todir, cwd, linkname);
+			strcpy(linkname + lplen, name);
+		    } else {
+			/* todir is named by a relative path: reverse it. */
+			reversepath(todir, name, len, linkname);
+			xchdir(cwd);
+		    }
+
+		    len = strlen(linkname);
+		}
+		name = linkname;
+	    }
+
+	    /* Check for a pre-existing symlink with identical content. */
+	    if (exists &&
+		(!S_ISLNK(tosb.st_mode) ||
+		 readlink(toname, buf, sizeof buf) != len ||
+		 strncmp(buf, name, len) != 0)) {
+		int rmrv;
+		rmrv = (S_ISDIR(tosb.st_mode) ? rmdir : unlink)(toname);
+		if (rmrv < 0) {
+		    fail("destination exists, cannot remove %s", toname);
+		}
+		exists = 0;
+	    }
+	    if (!exists && symlink(name, toname) < 0) {
+		if (errno == EEXIST) {
+		    fprintf(stderr, "symlink creation race: %s\n", toname);
+                    fail("symlink was attempted in working directory %s "
+                         "from %s to %s.\n", cwd, name, toname);
+		    goto retry;
+		}
+		diagnosePath(toname);
+		fail("cannot make symbolic link %s", toname);
+	    }
+#ifdef HAVE_LCHOWN
+	    if ((owner || group) && lchown(toname, uid, gid) < 0)
+		fail("cannot change owner of %s", toname);
+#endif
+
+	    if (linkname) {
+		free(linkname);
+		linkname = 0;
+	    }
+	} else {
+	    /* Copy from name to toname, which might be the same file. */
+	    fromfd = open(name, O_RDONLY);
+	    if (fromfd < 0 || fstat(fromfd, &sb) < 0)
+		fail("cannot access %s", name);
+	    if (exists && 
+	        (!S_ISREG(tosb.st_mode) || access(toname, W_OK) < 0)) {
+		int rmrv;
+		rmrv = (S_ISDIR(tosb.st_mode) ? rmdir : unlink)(toname);
+		if (rmrv < 0) {
+		    fail("destination exists, cannot remove %s", toname);
+		}
+	    }
+	    tofd = open(toname, O_CREAT | O_WRONLY, 0666);
+	    if (tofd < 0)
+		fail("cannot create %s", toname);
+
+	    bp = buf;
+	    while ((cc = read(fromfd, bp, sizeof buf)) > 0) {
+		while ((wc = write(tofd, bp, cc)) > 0) {
+		    if ((cc -= wc) == 0)
+			break;
+		    bp += wc;
+		}
+		if (wc < 0)
+		    fail("cannot write to %s", toname);
+	    }
+	    if (cc < 0)
+		fail("cannot read from %s", name);
+
+	    if (ftruncate(tofd, sb.st_size) < 0)
+		fail("cannot truncate %s", toname);
+	    if (dotimes) {
+		utb.actime = sb.st_atime;
+		utb.modtime = sb.st_mtime;
+		if (utime(toname, &utb) < 0)
+		    fail("cannot set times of %s", toname);
+	    }
+#ifdef HAVE_FCHMOD
+	    if (fchmod(tofd, mode) < 0)
+#else
+	    if (chmod(toname, mode) < 0)
+#endif
+		fail("cannot change mode of %s", toname);
+
+	    if ((owner || group) && fchown(tofd, uid, gid) < 0)
+		fail("cannot change owner of %s", toname);
+
+	    /* Must check for delayed (NFS) write errors on close. */
+	    if (close(tofd) < 0)
+		fail("close reports write error on %s", toname);
+	    close(fromfd);
+	}
+
+	free(toname);
+    }
+
+    free(cwd);
+    free(todir);
+    return 0;
+}
+
diff --git a/nss/coreconf/nsinstall/nsinstall.gyp b/nss/coreconf/nsinstall/nsinstall.gyp
new file mode 100644
index 0000000..efff6bc
--- /dev/null
+++ b/nss/coreconf/nsinstall/nsinstall.gyp
@@ -0,0 +1,21 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nsinstall',
+      'type': 'executable',
+      'sources': [
+        'nsinstall.c',
+        'pathsub.c'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'coreconf'
+  }
+}
\ No newline at end of file
diff --git a/nss/coreconf/nsinstall/pathsub.c b/nss/coreconf/nsinstall/pathsub.c
new file mode 100644
index 0000000..a42a9f3
--- /dev/null
+++ b/nss/coreconf/nsinstall/pathsub.c
@@ -0,0 +1,272 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** Pathname subroutines.
+*/
+#if defined(FREEBSD) || defined(BSDI) || defined(DARWIN)
+#include <sys/types.h>
+#endif /* FREEBSD */
+#include <dirent.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "pathsub.h"
+#ifdef USE_REENTRANT_LIBC
+#include "libc_r.h"
+#endif /* USE_REENTRANT_LIBC */
+
+char *program;
+
+void
+fail(char *format, ...)
+{
+    int error;
+    va_list ap;
+
+#ifdef USE_REENTRANT_LIBC
+    R_STRERROR_INIT_R();
+#endif
+
+    error = errno;
+    fprintf(stderr, "%s: ", program);
+    va_start(ap, format);
+    vfprintf(stderr, format, ap);
+    va_end(ap);
+    if (error) {
+
+#ifdef USE_REENTRANT_LIBC
+    R_STRERROR_R(errno);
+	fprintf(stderr, ": %s", r_strerror_r);
+#else
+	fprintf(stderr, ": %s", strerror(errno));
+#endif
+    }
+ 
+    putc('\n', stderr);
+    abort();
+    exit(1);
+}
+
+char *
+getcomponent(char *path, char *name)
+{
+    if (*path == '\0')
+	return 0;
+    if (*path == '/') {
+	*name++ = '/';
+    } else {
+	do {
+	    *name++ = *path++;
+	} while (*path != '/' && *path != '\0');
+    }
+    *name = '\0';
+    while (*path == '/')
+	path++;
+    return path;
+}
+
+#ifdef UNIXWARE
+/* The static buffer in Unixware's readdir is too small. */
+struct dirent * readdir(DIR *d)
+{
+    static struct dirent *buf = NULL;
+#define MAX_PATH_LEN 1024
+
+    if (buf == NULL)
+	buf = (struct dirent *)xmalloc(sizeof(struct dirent) + MAX_PATH_LEN) ;
+    return readdir_r(d, buf);
+}
+#endif
+
+/* APPARENT BUG - ignores argument "dir", uses ".." instead. */
+char *
+ino2name(ino_t ino, char *dir)
+{
+    DIR *dp;
+    struct dirent *ep;
+    char *name;
+
+    dp = opendir("..");		/* XXX */
+    if (!dp)
+	fail("cannot read parent directory");
+    for (;;) {
+	if (!(ep = readdir(dp)))
+	    fail("cannot find current directory");
+	if (ep->d_ino == ino)
+	    break;
+    }
+    name = xstrdup(ep->d_name);
+    closedir(dp);
+    return name;
+}
+
+void *
+xmalloc(size_t size)
+{
+    void *p;
+
+    if (size <= 0)
+	fail("attempted to allocate %u bytes", size);
+    p = malloc(size);
+    if (!p)
+	fail("cannot allocate %u bytes", size);
+    return p;
+}
+
+char *
+xstrdup(char *s)
+{
+    if (!s || !s[0]) 
+	fail("Null pointer or empty string passed to xstrdup()");
+    return strcpy((char*)xmalloc(strlen(s) + 1), s);
+}
+
+char *
+xbasename(char *path)
+{
+    char *cp;
+
+    if (!path || !path[0]) 
+	fail("Null pointer or empty string passed to xbasename()");
+    while ((cp = strrchr(path, '/')) && cp[1] == '\0')
+	*cp = '\0';
+    if (!cp) return path;
+    return cp + 1;
+}
+
+void
+xchdir(char *dir)
+{
+    if (!dir || !dir[0]) 
+	fail("Null pointer or empty string passed to xchdir()");
+    if (chdir(dir) < 0)
+	fail("cannot change directory to %s", dir);
+}
+
+int
+relatepaths(char *from, char *to, char *outpath)
+{
+    char *cp, *cp2;
+    int len;
+    char buf[NAME_MAX];
+
+    if (!from || *from != '/')
+	fail("relatepaths: from path does not start with /");
+    if (!to || *to != '/')
+	fail("relatepaths: to   path does not start with /");
+
+    for (cp = to, cp2 = from; *cp == *cp2; cp++, cp2++)
+	if (*cp == '\0')
+	    break;
+    while (cp[-1] != '/')
+	cp--, cp2--;
+    if (cp - 1 == to) {
+	/* closest common ancestor is /, so use full pathname */
+	len = strlen(strcpy(outpath, to));
+	if (outpath[len] != '/') {
+	    outpath[len++] = '/';
+	    outpath[len] = '\0';
+	}
+    } else {
+	len = 0;
+	while ((cp2 = getcomponent(cp2, buf)) != 0) {
+	    strcpy(outpath + len, "../");
+	    len += 3;
+	}
+	while ((cp = getcomponent(cp, buf)) != 0) {
+	    sprintf(outpath + len, "%s/", buf);
+	    len += strlen(outpath + len);
+	}
+    }
+    return len;
+}
+
+void
+reversepath(char *inpath, char *name, int len, char *outpath)
+{
+    char *cp, *cp2;
+    char buf[NAME_MAX];
+    struct stat sb;
+
+    cp = strcpy(outpath + PATH_MAX - (len + 1), name);
+    cp2 = inpath;
+    while ((cp2 = getcomponent(cp2, buf)) != 0) {
+	if (strcmp(buf, ".") == 0)
+	    continue;
+	if (strcmp(buf, "..") == 0) {
+	    if (stat(".", &sb) < 0)
+		fail("cannot stat current directory");
+	    name = ino2name(sb.st_ino, "..");
+	    len = strlen(name);
+	    cp -= len + 1;
+	    strcpy(cp, name);
+	    cp[len] = '/';
+	    free(name);
+	    xchdir("..");
+	} else {
+	    cp -= 3;
+	    strncpy(cp, "../", 3);
+	    xchdir(buf);
+	}
+    }
+    strcpy(outpath, cp);
+}
+
+void
+diagnosePath(const char * path)
+{
+    char *	myPath;
+    char *      slash;
+    int		rv;
+    struct stat sb;
+    char 	buf[BUFSIZ];
+
+    if (!path || !path[0]) 
+	fail("Null pointer or empty string passed to mkdirs()");
+    myPath = strdup(path);
+    if (!myPath)
+	fail("strdup() failed!");
+    do {
+    	rv = lstat(myPath, &sb);
+	if (rv < 0) {
+	    perror(myPath);
+	} else if (S_ISLNK(sb.st_mode)) {
+	    rv = readlink(myPath, buf, sizeof(buf) - 1);
+	    if (rv < 0) {
+	    	perror("readlink");
+		buf[0] = 0;
+	    } else {
+	    	buf[rv] = 0;
+	    }
+	    fprintf(stderr, "%s is a link to %s\n", myPath, buf);
+	} else if (S_ISDIR(sb.st_mode)) {
+	    fprintf(stderr, "%s is a directory\n", myPath);
+	    rv = access(myPath, X_OK);
+	    if (rv < 0) {
+	    	fprintf(stderr, "%s: no search permission\n", myPath);
+	    }
+	} else {
+	    fprintf(stderr, "%s is a file !?!\n", myPath);
+	    rv = access(myPath, F_OK);
+	    if (rv < 0) {
+	    	fprintf(stderr, "%s does not exist\n", myPath);
+	    }
+	}
+
+	/* chop path off one level. */
+	slash = strrchr(myPath, '/');
+	if (!slash)
+	    slash = strrchr(myPath, '\\');
+	if (!slash)
+	    slash = myPath;
+	*slash = 0;
+    } while (myPath[0]);
+    free(myPath);
+}
diff --git a/nss/coreconf/nsinstall/pathsub.h b/nss/coreconf/nsinstall/pathsub.h
new file mode 100644
index 0000000..aea523b
--- /dev/null
+++ b/nss/coreconf/nsinstall/pathsub.h
@@ -0,0 +1,48 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef pathsub_h___
+#define pathsub_h___
+/*
+** Pathname subroutines.
+**
+** Brendan Eich, 8/29/95
+*/
+#include <limits.h>
+#include <sys/types.h>
+
+#if SUNOS4
+#include "sunos4.h"
+#endif
+
+#ifndef PATH_MAX
+#define PATH_MAX 1024
+#endif
+
+/*
+ * Just keep sane lengths
+ */
+#undef NAME_MAX
+#define NAME_MAX 256
+
+extern char *program;
+
+extern void fail(char *format, ...);
+extern char *getcomponent(char *path, char *name);
+extern char *ino2name(ino_t ino, char *dir);
+extern void *xmalloc(size_t size);
+extern char *xstrdup(char *s);
+extern char *xbasename(char *path);
+extern void xchdir(char *dir);
+
+/* Relate absolute pathnames from and to returning the result in outpath. */
+extern int relatepaths(char *from, char *to, char *outpath);
+
+/* NOTE: changes current working directory -- caveat emptor */
+extern void reversepath(char *inpath, char *name, int len, char *outpath);
+
+/* stats every directory in path, reports results. */
+extern void diagnosePath(const char * path);
+
+#endif /* pathsub_h___ */
diff --git a/nss/coreconf/nsinstall/sunos4.h b/nss/coreconf/nsinstall/sunos4.h
new file mode 100644
index 0000000..3ba064f
--- /dev/null
+++ b/nss/coreconf/nsinstall/sunos4.h
@@ -0,0 +1,134 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef pr_sunos4_h___
+#define pr_sunos4_h___
+
+#ifndef SVR4
+
+/*
+** Hodge podge of random missing prototypes for the Sunos4 system
+*/
+#include <stdio.h>
+#include <stdarg.h>
+#include <time.h>
+#include <limits.h>
+#include <sys/types.h>
+
+#define PATH_MAX _POSIX_PATH_MAX
+
+struct timeval;
+struct timezone;
+struct itimerval;
+struct sockaddr;
+struct stat;
+struct tm;
+
+/* ctype.h */
+extern int tolower(int);
+extern int toupper(int);
+
+/* errno.h */
+extern char *sys_errlist[];
+extern int sys_nerr;
+
+#define strerror(e) sys_errlist[((unsigned)(e) < sys_nerr) ? e : 0]
+
+extern void perror(const char *);
+
+/* getopt */
+extern char *optarg;
+extern int optind;
+extern int getopt(int argc, char **argv, char *spec);
+
+/* math.h */
+extern int srandom(long val);
+extern long random(void);
+
+/* memory.h */
+#define memmove(to,from,len) bcopy((char*)(from),(char*)(to),len)
+
+extern void bcopy(const char *, char *, int);
+
+/* signal.h */
+/*
+** SunOS4 sigaction hides interrupts by default, so we can safely define
+** SA_RESTART to 0 (HP-UX is a counter-example -- its sigaction does not
+** hide interrupts but lacks an SA_RESTART option; you must use sigvector
+** and tweak the sigcontext from within each signal handler!).
+*/
+#define SA_RESTART 0
+#define SA_SIGINFO 0
+
+/* stdio.h */
+extern int printf(const char *, ...);
+extern int fprintf(FILE *, const char *, ...);
+extern int vprintf(const char *, va_list);
+extern int vfprintf(FILE *, const char *, va_list);
+extern char *vsprintf(char *, const char *, va_list);
+extern int scanf(const char *, ...);
+extern int sscanf(const char *, const char *, ...);
+extern int fscanf(FILE *, const char *, ...);
+extern int fgetc(FILE *);
+extern int fputc(int, FILE *);
+extern int fputs(const char *, FILE *);
+extern int puts(const char *);
+extern int fread(void *, size_t, size_t, FILE *);
+extern int fwrite(const char *, int, int, FILE *);
+extern int fseek(FILE *, long, int);
+extern long ftell(FILE *);
+extern int rewind(FILE *);
+extern int fflush(FILE *);
+extern int _flsbuf(unsigned char, FILE *);
+extern int fclose(FILE *);
+extern int remove(const char *);
+extern int setvbuf(FILE *, char *, int, size_t);
+extern int system(const char *);
+extern FILE *popen(const char *, const char *);
+extern int pclose(FILE *);
+
+/* stdlib.h */
+#define strtoul strtol
+
+extern int isatty(int fildes);
+extern long strtol(const char *, char **, int);
+extern int putenv(const char *);
+extern void srand48(long);
+extern long lrand48(void);
+extern double drand48(void);
+
+/* string.h */
+extern int strcasecmp(const char *, const char *);
+extern int strncasecmp(const char *, const char *, size_t);
+extern int strcoll(const char *, const char *);
+
+/* time.h */
+extern time_t mktime(struct tm *);
+extern size_t strftime(char *, size_t, const char *, const struct tm *);
+extern int gettimeofday(struct timeval *, struct timezone *);
+extern int setitimer(int, struct itimerval *, struct itimerval *);
+extern time_t time(time_t *);
+extern time_t timegm(struct tm *);
+extern struct tm *localtime(const time_t *);
+extern struct tm *gmtime(const time_t *);
+
+/* unistd.h */
+extern int rename(const char *, const char *);
+extern int ioctl(int, int, int *arg);
+extern int connect(int, struct sockaddr *, int);
+extern int readlink(const char *, char *, int);
+extern int symlink(const char *, const char *);
+extern int ftruncate(int, off_t);
+extern int fchmod(int, mode_t);
+extern int fchown(int, uid_t, gid_t);
+extern int lstat(const char *, struct stat *);
+extern int fstat(int, struct stat *);
+extern int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
+extern int gethostname(char *, int);
+extern char *getwd(char *);
+extern int getpagesize(void);
+
+#endif /* SVR4 */
+
+#endif /* pr_sunos4_h___ */
diff --git a/nss/coreconf/nspr.sh b/nss/coreconf/nspr.sh
new file mode 100644
index 0000000..15f9f7f
--- /dev/null
+++ b/nss/coreconf/nspr.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# This script builds NSPR for NSS.
+#
+# This build system is still under development.  It does not yet support all
+# the features or platforms that the regular NSPR build supports.
+
+# variables
+nspr_cflags=
+nspr_cxxflags=
+nspr_ldflags=
+
+# Try to avoid bmake on OS X and BSD systems
+if hash gmake 2>/dev/null; then
+    make() { command gmake "$@"; }
+fi
+
+nspr_set_flags()
+{
+    nspr_cflags="$CFLAGS $@"
+    nspr_cxxflags="$CXXFLAGS $@"
+    nspr_ldflags="$LDFLAGS $@"
+}
+
+nspr_build()
+{
+    local nspr_dir="$cwd"/../nspr/$target
+    mkdir -p "$nspr_dir"
+
+    # These NSPR options are directory-specific, so they don't need to be
+    # included in nspr_opt and changing them doesn't force a rebuild of NSPR.
+    extra_params=(--prefix="$dist_dir"/$target)
+    if [ "$opt_build" = 1 ]; then
+        extra_params+=(--disable-debug --enable-optimize)
+    fi
+
+    echo "NSPR [1/3] configure ..."
+    pushd "$nspr_dir" >/dev/null
+    CFLAGS="$nspr_cflags" CXXFLAGS="$nspr_cxxflags" \
+          LDFLAGS="$nspr_ldflags" CC="$CC" CXX="$CCC" \
+          run_verbose ../configure "${extra_params[@]}" "$@"
+    popd >/dev/null
+    echo "NSPR [2/3] make ..."
+    run_verbose make -C "$nspr_dir"
+    echo "NSPR [3/3] install ..."
+    run_verbose make -C "$nspr_dir" install
+}
+
+nspr_clean()
+{
+    rm -rf "$cwd"/../nspr/$target
+}
diff --git a/nss/coreconf/outofdate.pl b/nss/coreconf/outofdate.pl
new file mode 100755
index 0000000..33d80bb
--- /dev/null
+++ b/nss/coreconf/outofdate.pl
@@ -0,0 +1,39 @@
+#!/usr/local/bin/perl
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#Input: [-d dir] foo1.java foo2.java
+#Compares with: foo1.class foo2.class (if -d specified, checks in 'dir', 
+#  otherwise assumes .class files in same directory as .java files)
+#Returns: list of input arguments which are newer than corresponding class
+#files (non-existent class files are considered to be real old :-)
+
+$found = 1;
+
+if ($ARGV[0] eq '-d') {
+    $classdir = $ARGV[1];
+    $classdir .= "/";
+    shift;
+    shift;
+} else {
+    $classdir = "./";
+}
+
+foreach $filename (@ARGV) {
+    $classfilename = $classdir;
+    $classfilename .= $filename;
+    $classfilename =~ s/.java$/.class/;
+    ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,
+     $ctime,$blksize,$blocks) = stat($filename);
+    ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$classmtime,
+     $ctime,$blksize,$blocks) = stat($classfilename);
+#    print $filename, " ", $mtime, ", ", $classfilename, " ", $classmtime, "\n";
+    if ($mtime > $classmtime) {
+        print $filename, " ";
+        $found = 0;
+    }
+}
+
+print "\n";
diff --git a/nss/coreconf/precommit.clang-format.sh b/nss/coreconf/precommit.clang-format.sh
new file mode 100755
index 0000000..11382c3
--- /dev/null
+++ b/nss/coreconf/precommit.clang-format.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+# This is a pre-commit hook for use with either mercurial or git.
+#
+# Install this by running the script with an argument of "install".
+#
+# All that does is add the following lines to .hg/hgrc:
+#
+# [hook]
+# pretxncommit.clang-format = [ ! -x ./coreconf/precommit.clang-format.sh ] || ./coreconf/precommit.clang-format.sh
+#
+# Or installs a symlink to .git/hooks/precommit:
+# $ ln -s ../../coreconf/precommit.clang-format.sh .git/hooks/pre-commit
+
+hash clang-format || exit 1
+[ "$(hg root 2>/dev/null)" = "$PWD" ] && hg=1 || hg=0
+[ "$(git rev-parse --show-toplevel 2>/dev/null)" = "$PWD" ] && git=1 || git=0
+
+if [ "$1" = "install" ]; then
+    if [ "$hg" -eq 1 ]; then
+        hgrc="$(hg root)"/.hg/hgrc
+        if ! grep -q '^pretxncommit.clang-format' "$hgrc"; then
+            echo '[hook]' >> "$hgrc"
+            echo 'pretxncommit.clang-format = [ ! -x ./coreconf/precommit.clang-format.sh ] || ./coreconf/precommit.clang-format.sh' >> "$hgrc"
+            echo "Installed mercurial pretxncommit hook"
+            exit
+        fi
+    fi
+    if [ "$git" -eq 1 ]; then
+        hook="$(git rev-parse --show-toplevel)"/.git/hooks/pre-commit
+        if [ ! -e "$hook" ]; then
+            ln -s ../../coreconf/precommit.clang-format.sh "$hook"
+            echo "Installed git pre-commit hook"
+            exit
+        fi
+    fi
+    echo "Hook already installed, or not in NSS repo"
+    exit 2
+fi
+
+err=0
+files=()
+if [ "$hg" -eq 1 ]; then
+    files=($(hg status -m -a --rev tip^:tip | cut -f 2 -d ' ' -))
+fi
+if [ "$git" -eq 1 ]; then
+    files=($(git status --porcelain | sed '/^[MACU]/{s/..//;p;};/^R/{s/^.* -> //;p;};d'))
+fi
+tmp=$(mktemp)
+trap 'rm -f "$tmp"' ERR EXIT
+for f in "${files[@]}"; do
+    ext="${f##*.}"
+    if [ "$ext" = "c" -o "$ext" = "h" -o "$ext" = "cc" ]; then
+        [ "$hg" -eq 1 ] && hg cat -r tip "$f" > "$tmp"
+        [ "$git" -eq 1 ] && git show :"$f" > "$tmp"
+        if ! cat "$tmp" | clang-format -assume-filename="$f" | \
+            diff -q "$tmp" - >/dev/null; then
+            [ "$err" -eq 0 ] && echo "Formatting errors found in:" 1>&2
+            echo "  $f" 1>&2
+            err=1
+        fi
+    fi
+done
+exit "$err"
diff --git a/nss/coreconf/prefix.mk b/nss/coreconf/prefix.mk
new file mode 100644
index 0000000..57e11e5
--- /dev/null
+++ b/nss/coreconf/prefix.mk
@@ -0,0 +1,44 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master "Core Components" for computing program prefixes             #
+#######################################################################
+
+#
+# Object prefixes
+#
+
+ifndef OBJ_PREFIX
+    OBJ_PREFIX = 
+endif
+
+#
+# Library suffixes
+#
+
+ifndef LIB_PREFIX
+    LIB_PREFIX = lib
+endif
+
+
+ifndef DLL_PREFIX
+    DLL_PREFIX = lib
+endif
+
+
+ifndef IMPORT_LIB_PREFIX
+    IMPORT_LIB_PREFIX = 
+endif
+
+#
+# Program prefixes
+#
+
+ifndef PROG_PREFIX
+    PROG_PREFIX = 
+endif
+
+MK_PREFIX = included
diff --git a/nss/coreconf/release.pl b/nss/coreconf/release.pl
new file mode 100755
index 0000000..7cde19d
--- /dev/null
+++ b/nss/coreconf/release.pl
@@ -0,0 +1,112 @@
+#! /usr/local/bin/perl
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+require('coreconf.pl');
+
+#######-- read in variables on command line into %var
+
+$use_jar = 1;
+$ZIP     = "$ENV{JAVA_HOME}/bin/jar";
+
+if ( $ENV{JAVA_HOME} eq "" ) {
+    $ZIP      = "zip";
+    $use_jar  = 0;
+}
+
+
+&parse_argv;
+
+ 
+######-- Do the packaging of jars.
+
+foreach $jarfile (split(/ /,$var{FILES}) ) {
+    print STDERR "---------------------------------------------\n";
+    print STDERR "Packaging jar file $jarfile....\n";
+
+    $jarinfo = $var{$jarfile};
+
+    ($jardir,$jaropts) = split(/\|/,$jarinfo);
+
+    if ( $use_jar ) {
+        $zipoptions = "-cvf";
+    } else {
+        $zipoptions = "-T -r";
+        if ($jaropts =~ /a/) {
+            if ($var{OS_ARCH} eq 'WINNT') {
+                $zipoptions .= ' -ll';
+            }
+        }
+    }
+
+# just in case the directory ends in a /, remove it
+    if ($jardir =~ /\/$/) {
+	chop $jardir;
+    }
+
+    $dirdepth --;
+    
+    print STDERR "jardir = $jardir\n";
+    system("ls $jardir");
+
+    if (-d $jardir) {
+
+
+# count the number of slashes
+
+	$slashes =0;
+	
+	foreach $i (split(//,$jardir)) {
+	    if ($i =~ /\//) {
+		$slashes++;
+	    }
+	}
+
+	$dotdots =0;
+	
+	foreach $i (split(m|/|,$jardir)) {
+	    if ($i eq '..') {
+		$dotdots ++;
+	    }
+	}
+
+	$dirdepth = ($slashes +1) - (2*$dotdots);
+
+	print STDERR "changing dir $jardir\n";
+	chdir($jardir);
+	print STDERR "making dir META-INF\n";
+	mkdir("META-INF",0755);
+
+	$filelist = "";
+	opendir(DIR,".");
+	while ($_ = readdir(DIR)) {
+	    if (! ( ($_ eq '.') || ($_ eq '..'))) {
+		if ( $jaropts =~ /i/) {
+		    if (! /^include$/) {
+			$filelist .= "$_ ";
+		    }
+		}
+		else {
+		    $filelist .= "$_ ";
+		}
+	    }
+	}
+	closedir(DIR);	
+
+	print STDERR "$ZIP $zipoptions $jarfile $filelist\n";
+	system("$ZIP $zipoptions $jarfile $filelist");
+	rmdir("META-INF");
+	    for $i (1 .. $dirdepth) {
+	    chdir("..");
+	    print STDERR "chdir ..\n";
+	}
+    }
+    else {
+        print STDERR "Directory $jardir doesn't exist\n";
+    }
+
+}
+
diff --git a/nss/coreconf/rules.mk b/nss/coreconf/rules.mk
new file mode 100644
index 0000000..3a80135
--- /dev/null
+++ b/nss/coreconf/rules.mk
@@ -0,0 +1,970 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+###                                                                 ###
+###              R U L E S   O F   E N G A G E M E N T              ###
+###                                                                 ###
+#######################################################################
+
+#######################################################################
+# Double-Colon rules for utilizing the binary release model.          #
+#######################################################################
+
+all:: export libs 
+
+ifeq ($(AUTOCLEAN),1)
+autobuild:: clean export private_export libs program install
+else
+autobuild:: export private_export libs program install
+endif
+
+platform::
+	@echo $(OBJDIR_NAME)
+
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+USE_NT_C_SYNTAX=1
+endif
+
+#
+# IMPORTS will always be associated with a component.  Therefore,
+# the "import" rule will always change directory to the top-level
+# of a component, and traverse the IMPORTS keyword from the
+# "manifest.mn" file located at this level only.
+#
+# note: if there is a trailing slash, the component will be appended
+#       (see import.pl - only used for xpheader.jar)
+
+import::
+	@echo "== import.pl =="
+	@$(PERL) -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/import.pl \
+		"RELEASE_TREE=$(RELEASE_TREE)"   \
+		"IMPORTS=$(IMPORTS)"             \
+		"VERSION=$(VERSION)" \
+		"OS_ARCH=$(OS_ARCH)"             \
+		"PLATFORM=$(PLATFORM)" \
+		"OVERRIDE_IMPORT_CHECK=$(OVERRIDE_IMPORT_CHECK)"   \
+		"ALLOW_VERSION_OVERRIDE=$(ALLOW_VERSION_OVERRIDE)" \
+		"SOURCE_RELEASE_PREFIX=$(SOURCE_RELEASE_XP_DIR)"   \
+		"SOURCE_MD_DIR=$(SOURCE_MD_DIR)"      \
+		"SOURCE_XP_DIR=$(SOURCE_XP_DIR)"      \
+		"FILES=$(IMPORT_XPCLASS_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR)" \
+		"$(IMPORT_XPCLASS_JAR)=$(IMPORT_XP_DIR)|$(IMPORT_XPCLASS_DIR)|"    \
+		"$(XPHEADER_JAR)=$(IMPORT_XP_DIR)|$(SOURCE_XP_DIR)/public/|v" \
+		"$(MDHEADER_JAR)=$(IMPORT_MD_DIR)|$(SOURCE_MD_DIR)/include|"        \
+		"$(MDBINARY_JAR)=$(IMPORT_MD_DIR)|$(SOURCE_MD_DIR)|"
+# On Mac OS X ranlib needs to be rerun after static libs are moved.
+ifeq ($(OS_TARGET),Darwin)
+	find $(SOURCE_MD_DIR)/lib -name "*.a" -exec $(RANLIB) {} \;
+endif
+
+export:: 
+	+$(LOOP_OVER_DIRS)
+
+private_export::
+	+$(LOOP_OVER_DIRS)
+
+release_export::
+	+$(LOOP_OVER_DIRS)
+
+release_classes::
+	+$(LOOP_OVER_DIRS)
+
+libs program install:: $(TARGETS)
+ifdef LIBRARY
+	$(INSTALL) -m 664 $(LIBRARY) $(SOURCE_LIB_DIR)
+endif
+ifdef SHARED_LIBRARY
+	$(INSTALL) -m 775 $(SHARED_LIBRARY) $(SOURCE_LIB_DIR)
+ifdef MOZ_DEBUG_SYMBOLS
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+	$(INSTALL) -m 644 $(SHARED_LIBRARY:$(DLL_SUFFIX)=pdb) $(SOURCE_LIB_DIR)
+endif
+endif
+endif
+ifdef IMPORT_LIBRARY
+	$(INSTALL) -m 775 $(IMPORT_LIBRARY) $(SOURCE_LIB_DIR)
+endif
+ifdef PROGRAM
+	$(INSTALL) -m 775 $(PROGRAM) $(SOURCE_BIN_DIR)
+ifdef MOZ_DEBUG_SYMBOLS
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+	$(INSTALL) -m 644 $(PROGRAM:$(PROG_SUFFIX)=.pdb) $(SOURCE_BIN_DIR)
+endif
+endif
+endif
+ifdef PROGRAMS
+	$(INSTALL) -m 775 $(PROGRAMS) $(SOURCE_BIN_DIR)
+endif
+	+$(LOOP_OVER_DIRS)
+
+tests::
+	+$(LOOP_OVER_DIRS)
+
+clean clobber::
+	rm -rf $(ALL_TRASH)
+	+$(LOOP_OVER_DIRS)
+
+realclean clobber_all::
+	rm -rf $(wildcard *.OBJ) dist $(ALL_TRASH)
+	+$(LOOP_OVER_DIRS)
+
+#######################################################################
+# Double-Colon rules for populating the binary release model.         #
+#######################################################################
+
+
+release_clean::
+	rm -rf $(SOURCE_XP_DIR)/release/$(RELEASE_MD_DIR)
+
+release:: release_clean release_export release_classes release_policy release_md release_jars release_cpdistdir
+
+release_cpdistdir::
+	@echo "== cpdist.pl =="
+	@$(PERL) -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/cpdist.pl \
+		"RELEASE_TREE=$(RELEASE_TREE)" \
+		"CORE_DEPTH=$(CORE_DEPTH)" \
+		"MODULE=${MODULE}" \
+		"OS_ARCH=$(OS_ARCH)" \
+		"RELEASE=$(RELEASE)" \
+		"PLATFORM=$(PLATFORM)" \
+		"RELEASE_VERSION=$(RELEASE_VERSION)" \
+		"SOURCE_RELEASE_PREFIX=$(SOURCE_RELEASE_XP_DIR)" \
+		"RELEASE_XP_DIR=$(RELEASE_XP_DIR)" \
+		"RELEASE_MD_DIR=$(RELEASE_MD_DIR)" \
+		"FILES=$(XPCLASS_JAR) $(XPCLASS_DBG_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR) XP_FILES MD_FILES" \
+		"$(XPCLASS_JAR)=$(SOURCE_RELEASE_CLASSES_DIR)|x"\
+		"$(XPCLASS_DBG_JAR)=$(SOURCE_RELEASE_CLASSES_DBG_DIR)|x"\
+		"$(XPHEADER_JAR)=$(SOURCE_RELEASE_XPHEADERS_DIR)|x" \
+		"$(MDHEADER_JAR)=$(SOURCE_RELEASE_MDHEADERS_DIR)|m" \
+		"$(MDBINARY_JAR)=$(SOURCE_RELEASE_MD_DIR)|m" \
+		"XP_FILES=$(XP_FILES)|xf" \
+		"MD_FILES=$(MD_FILES)|mf"
+
+
+# $(SOURCE_RELEASE_xxx_JAR) is a name like yyy.jar
+# $(SOURCE_RELEASE_xx_DIR)  is a name like 
+
+release_jars::
+	@echo "== release.pl =="
+	@$(PERL) -I$(CORE_DEPTH)/coreconf $(CORE_DEPTH)/coreconf/release.pl \
+		"RELEASE_TREE=$(RELEASE_TREE)" \
+		"PLATFORM=$(PLATFORM)" \
+		"OS_ARCH=$(OS_ARCH)" \
+		"RELEASE_VERSION=$(RELEASE_VERSION)" \
+		"SOURCE_RELEASE_DIR=$(SOURCE_RELEASE_DIR)" \
+		"FILES=$(XPCLASS_JAR) $(XPCLASS_DBG_JAR) $(XPHEADER_JAR) $(MDHEADER_JAR) $(MDBINARY_JAR)" \
+		"$(XPCLASS_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DIR)|b"\
+		"$(XPCLASS_DBG_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DBG_DIR)|b"\
+		"$(XPHEADER_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_XPHEADERS_DIR)|a" \
+		"$(MDHEADER_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_MDHEADERS_DIR)|a" \
+		"$(MDBINARY_JAR)=$(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_MD_DIR)|bi"
+
+# Rules for releasing classes.
+# We have to do some REALLY gross stuff to deal with multiple classes in one
+# file, as well as nested classes, which have a filename of the form
+# ContainingClass$NestedClass.class.
+# RELEASE_CLASSES simply performs a required patsubst on CLASSES
+# RELEASE_CLASS_PATH is RELEASE_CLASSES with the path (in ns/dist) prepended
+# RELEASE_NESTED is all the nested classes in RELEASE_CLASS_PATH.  We use a
+#   foreach and wildcard to get all the files that start out like one of the
+#   class files, then have a $.  So, for each class file, we look for file$*
+# RELEASE_FILES is the combination of RELEASE_NESTED and the class files
+#   specified by RELEASE_CLASSES which have .class appended to them.  Note that
+#   the RELEASE_NESTED don't need to have .class appended because they were
+#   read in from the wildcard as complete filenames.
+#
+# The _DBG versions are the debuggable ones.
+ifneq ($(CLASSES),)
+
+RELEASE_CLASSES := $(patsubst %,%,$(CLASSES))
+
+ifdef BUILD_OPT
+	RELEASE_CLASS_PATH := $(patsubst %,$(SOURCE_CLASSES_DIR)/$(PACKAGE)/%, $(RELEASE_CLASSES))
+	RELEASE_NESTED := $(foreach file,$(RELEASE_CLASS_PATH),$(wildcard $(file)$$*))
+	RELEASE_FILES := $(patsubst %,%.class,$(RELEASE_CLASS_PATH)) $(RELEASE_NESTED)
+else
+	RELEASE_DBG_CLASS_PATH:= $(patsubst %,$(SOURCE_CLASSES_DBG_DIR)/$(PACKAGE)/%, $(RELEASE_CLASSES))
+	RELEASE_DBG_NESTED := $(foreach file,$(RELEASE_DBG_CLASS_PATH),$(wildcard $(file)$$*))
+	RELEASE_DBG_FILES := $(patsubst %,%.class,$(RELEASE_DBG_CLASS_PATH)) $(RELEASE_DBG_NESTED)
+endif
+
+# Substitute \$ for $ so the shell doesn't choke
+ifdef BUILD_OPT
+release_classes::
+	$(INSTALL) -m 444 $(subst $$,\$$,$(RELEASE_FILES)) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DIR)/$(PACKAGE)
+else
+release_classes::
+	$(INSTALL) -m 444 $(subst $$,\$$,$(RELEASE_DBG_FILES)) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_CLASSES_DBG_DIR)/$(PACKAGE)
+endif
+
+endif
+
+release_policy::
+	+$(LOOP_OVER_DIRS)
+
+ifndef NO_MD_RELEASE
+    ifdef LIBRARY
+        MD_LIB_RELEASE_FILES +=  $(LIBRARY)
+    endif
+    ifdef SHARED_LIBRARY
+        MD_LIB_RELEASE_FILES +=  $(SHARED_LIBRARY)
+    endif
+    ifdef IMPORT_LIBRARY
+        MD_LIB_RELEASE_FILES +=  $(IMPORT_LIBRARY)
+    endif
+    ifdef PROGRAM
+        MD_BIN_RELEASE_FILES +=  $(PROGRAM)
+    endif
+    ifdef PROGRAMS
+        MD_BIN_RELEASE_FILES +=  $(PROGRAMS)
+    endif
+endif
+
+release_md::
+ifneq ($(MD_LIB_RELEASE_FILES),)
+	$(INSTALL) -m 444 $(MD_LIB_RELEASE_FILES) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)
+endif
+ifneq ($(MD_BIN_RELEASE_FILES),)
+	$(INSTALL) -m 555 $(MD_BIN_RELEASE_FILES) $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_BIN_DIR)
+endif
+	+$(LOOP_OVER_DIRS)
+
+
+alltags:
+	rm -f TAGS
+	find . -name dist -prune -o \( -name '*.[hc]' -o -name '*.cp' -o -name '*.cpp' \) -print | xargs etags -a
+	find . -name dist -prune -o \( -name '*.[hc]' -o -name '*.cp' -o -name '*.cpp' \) -print | xargs ctags -a
+
+$(PROGRAM): $(OBJS) $(EXTRA_LIBS)
+	@$(MAKE_OBJDIR)
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+	$(MKPROG) $(subst /,\\,$(OBJS)) -Fe$@ -link $(LDFLAGS) $(XLDFLAGS) $(subst /,\\,$(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS))
+ifdef MT
+	if test -f $@.manifest; then \
+		$(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \
+		rm -f $@.manifest; \
+	fi
+endif	# MSVC with manifest tool
+else
+	$(MKPROG) -o $@ $(CFLAGS) $(OBJS) $(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
+endif
+
+get_objs:
+	@echo $(OBJS)
+
+$(LIBRARY): $(OBJS)
+	@$(MAKE_OBJDIR)
+	rm -f $@
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+	$(AR) $(subst /,\\,$(OBJS))
+else
+	$(AR) $(OBJS)
+endif
+	$(RANLIB) $@
+
+
+ifeq ($(OS_TARGET),OS2)
+$(IMPORT_LIBRARY): $(MAPFILE)
+	rm -f $@
+	$(IMPLIB) $@ $<
+	$(RANLIB) $@
+endif
+ifeq ($(OS_ARCH),WINNT)
+$(IMPORT_LIBRARY): $(LIBRARY)
+	cp -f $< $@
+endif
+
+ifdef SHARED_LIBRARY_LIBS
+ifdef BUILD_TREE
+SUB_SHLOBJS = $(foreach dir,$(SHARED_LIBRARY_DIRS),$(shell $(MAKE) -C $(dir) --no-print-directory get_objs))
+else
+SUB_SHLOBJS = $(foreach dir,$(SHARED_LIBRARY_DIRS),$(addprefix $(dir)/,$(shell $(MAKE) -C $(dir) --no-print-directory get_objs)))
+endif
+endif
+
+$(SHARED_LIBRARY): $(OBJS) $(RES) $(MAPFILE) $(SUB_SHLOBJS)
+	@$(MAKE_OBJDIR)
+	rm -f $@
+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1)
+	echo "#!" > $(OBJDIR)/lib$(LIBRARY_NAME)_syms
+	nm -B -C -g $(OBJS) \
+	| awk '/ [T,D] / {print $$3}' \
+	| sed -e 's/^\.//' \
+	| sort -u >> $(OBJDIR)/lib$(LIBRARY_NAME)_syms
+	$(LD) $(XCFLAGS) -o $@ $(OBJS) -bE:$(OBJDIR)/lib$(LIBRARY_NAME)_syms \
+	-bM:SRE -bnoentry $(OS_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS)
+else
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+ifdef NS_USE_GCC
+	$(LINK_DLL) $(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES)
+else
+	$(LINK_DLL) -MAP $(DLLBASE) $(subst /,\\,$(OBJS) $(SUB_SHLOBJS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS) $(LD_LIBS) $(RES))
+ifdef MT
+	if test -f $@.manifest; then \
+		$(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;2; \
+		rm -f $@.manifest; \
+	fi
+endif	# MSVC with manifest tool
+endif
+else
+	$(MKSHLIB) -o $@ $(OBJS) $(SUB_SHLOBJS) $(LD_LIBS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
+	chmod +x $@
+endif
+endif
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+$(RES): $(RESNAME)
+	@$(MAKE_OBJDIR)
+# The resource compiler does not understand the -U option.
+ifdef NS_USE_GCC
+	$(RC) $(filter-out -U%,$(DEFINES)) $(INCLUDES:-I%=--include-dir %) -o $@ $<
+else
+	$(RC) $(filter-out -U%,$(DEFINES)) $(INCLUDES) -Fo$@ $<
+endif
+	@echo $(RES) finished
+endif
+
+$(MAPFILE): $(MAPFILE_SOURCE)
+	@$(MAKE_OBJDIR)
+	$(PROCESS_MAP_FILE)
+
+
+$(OBJDIR)/$(PROG_PREFIX)%$(PROG_SUFFIX): $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX)
+	@$(MAKE_OBJDIR)
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+	$(MKPROG) $< -Fe$@ -link \
+	$(LDFLAGS) $(XLDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
+ifdef MT
+	if test -f $@.manifest; then \
+		$(MT) -NOLOGO -MANIFEST $@.manifest -OUTPUTRESOURCE:$@\;1; \
+		rm -f $@.manifest; \
+	fi
+endif	# MSVC with manifest tool
+else
+	$(MKPROG) -o $@ $(CFLAGS) $< \
+	$(LDFLAGS) $(EXTRA_LIBS) $(EXTRA_SHARED_LIBS) $(OS_LIBS)
+endif
+
+WCCFLAGS1 := $(subst /,\\,$(CFLAGS))
+WCCFLAGS2 := $(subst -I,-i=,$(WCCFLAGS1))
+WCCFLAGS3 := $(subst -D,-d,$(WCCFLAGS2))
+
+# Translate source filenames to absolute paths. This is required for
+# debuggers under Windows & OS/2 to find source files automatically
+
+ifeq (,$(filter-out OS2 AIX,$(OS_TARGET)))
+# OS/2 and AIX
+NEED_ABSOLUTE_PATH := 1
+PWD := $(shell pwd)
+
+else
+# Windows
+ifeq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+NEED_ABSOLUTE_PATH := 1
+# CURDIR is always an absolute path. If it doesn't start with a /, it's a
+# Windows path meaning we're running under MINGW make (as opposed to MSYS
+# make), or pymake. In both cases, it's preferable to use a Windows path,
+# so use $(CURDIR) as is.
+ifeq (,$(filter /%,$(CURDIR)))
+PWD := $(CURDIR)
+else
+PWD := $(shell pwd)
+ifeq (,$(findstring ;,$(PATH)))
+ifndef USE_MSYS
+PWD := $(subst \,/,$(shell cygpath -w $(PWD)))
+endif
+endif
+endif
+
+else
+# everything else
+PWD := $(shell pwd)
+endif
+endif
+
+# The quotes allow absolute paths to contain spaces.
+core_abspath = '$(if $(findstring :,$(1)),$(1),$(if $(filter /%,$(1)),$(1),$(PWD)/$(1)))'
+
+$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
+	@$(MAKE_OBJDIR)
+ifdef USE_NT_C_SYNTAX
+	$(CC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<)
+else
+ifdef NEED_ABSOLUTE_PATH
+	$(CC) -o $@ -c $(CFLAGS) $(call core_abspath,$<)
+else
+	$(CC) -o $@ -c $(CFLAGS) $<
+endif
+endif
+
+$(PROG_PREFIX)%$(OBJ_SUFFIX): %.c
+ifdef USE_NT_C_SYNTAX
+	$(CC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<)
+else
+ifdef NEED_ABSOLUTE_PATH
+	$(CC) -o $@ -c $(CFLAGS) $(call core_abspath,$<)
+else
+	$(CC) -o $@ -c $(CFLAGS) $<
+endif
+endif
+
+ifneq (,$(filter-out _WIN%,$(NS_USE_GCC)_$(OS_TARGET)))
+$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.s
+	@$(MAKE_OBJDIR)
+	$(AS) -o $@ $(ASFLAGS) -c $<
+endif
+
+$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.asm
+	@$(MAKE_OBJDIR)
+	$(AS) -Fo$@ $(ASFLAGS) -c $<
+
+$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.S
+	@$(MAKE_OBJDIR)
+	$(AS) -o $@ $(ASFLAGS) -c $<
+
+$(OBJDIR)/$(PROG_PREFIX)%: %.cpp
+	@$(MAKE_OBJDIR)
+ifdef USE_NT_C_SYNTAX
+	$(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<)
+else
+ifdef NEED_ABSOLUTE_PATH
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<)
+else
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $<
+endif
+endif
+
+#
+# Please keep the next two rules in sync.
+#
+$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc
+	$(MAKE_OBJDIR)
+ifdef STRICT_CPLUSPLUS_SUFFIX
+	echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc
+	rm -f $(OBJDIR)/t_$*.cc
+else
+ifdef USE_NT_C_SYNTAX
+	$(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<)
+else
+ifdef NEED_ABSOLUTE_PATH
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<)
+else
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $<
+endif
+endif
+endif #STRICT_CPLUSPLUS_SUFFIX
+
+$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp
+	@$(MAKE_OBJDIR)
+ifdef STRICT_CPLUSPLUS_SUFFIX
+	echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc
+	rm -f $(OBJDIR)/t_$*.cc
+else
+ifdef USE_NT_C_SYNTAX
+	$(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<)
+else
+ifdef NEED_ABSOLUTE_PATH
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<)
+else
+	$(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $<
+endif
+endif
+endif #STRICT_CPLUSPLUS_SUFFIX
+
+%.i: %.cpp
+	$(CCC) -C -E $(CFLAGS) $(CXXFLAGS) $< > $@
+
+%.i: %.c
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+	$(CC) -C /P $(CFLAGS) $< 
+else
+	$(CC) -C -E $(CFLAGS) $< > $@
+endif
+
+ifneq (,$(filter-out WIN%,$(OS_TARGET)))
+%.i: %.s
+	$(CC) -C -E $(CFLAGS) $< > $@
+endif
+
+%: %.pl
+	rm -f $@; cp $< $@; chmod +x $@
+
+%: %.sh
+	rm -f $@; cp $< $@; chmod +x $@
+
+################################################################################
+# Bunch of things that extend the 'export' rule (in order):
+################################################################################
+
+$(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE) $(JMCSRCDIR)::
+	@if test ! -d $@; then	    \
+		echo Creating $@;   \
+		rm -rf $@;	    \
+		$(NSINSTALL) -D $@; \
+	fi
+
+################################################################################
+## IDL_GEN
+
+ifneq ($(IDL_GEN),)
+
+#export::
+#	$(IDL2JAVA) $(IDL_GEN)
+
+#all:: export
+
+#clobber::
+#	rm -f $(IDL_GEN:.idl=.class)	# XXX wrong!
+
+endif
+
+################################################################################
+### JSRCS -- for compiling java files
+###
+###          NOTE:  For backwards compatibility, if $(NETLIBDEPTH) is defined,
+###                 replace $(CORE_DEPTH) with $(NETLIBDEPTH).
+###
+
+ifneq ($(JSRCS),)
+ifneq ($(JAVAC),)
+ifdef NETLIBDEPTH
+	CORE_DEPTH := $(NETLIBDEPTH)
+endif
+
+JAVA_EXPORT_SRCS=$(shell $(PERL) $(CORE_DEPTH)/coreconf/outofdate.pl $(PERLARG)	-d $(JAVA_DESTPATH)/$(PACKAGE) $(JSRCS) $(PRIVATE_JSRCS))
+
+export:: $(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE)
+ifneq ($(JAVA_EXPORT_SRCS),)
+	$(JAVAC) $(JAVA_EXPORT_SRCS)
+endif
+
+all:: export
+
+clobber::
+	rm -f $(SOURCE_XP_DIR)/classes/$(PACKAGE)/*.class
+
+endif
+endif
+
+#
+# JDIRS -- like JSRCS, except you can give a list of directories and it will
+# compile all the out-of-date java files in those directories.
+#
+# NOTE: recursing through these can speed things up, but they also cause
+# some builds to run out of memory
+#
+# NOTE:  For backwards compatibility, if $(NETLIBDEPTH) is defined,
+#        replace $(CORE_DEPTH) with $(NETLIBDEPTH).
+#
+ifdef JDIRS
+ifneq ($(JAVAC),)
+ifdef NETLIBDEPTH
+	CORE_DEPTH := $(NETLIBDEPTH)
+endif
+
+# !!!!! THIS WILL CRASH SHMSDOS.EXE !!!!!
+# shmsdos does not support shell variables. It will crash when it tries
+# to parse the '=' character. A solution is to rewrite outofdate.pl so it
+# takes the Javac command as an argument and executes the command itself,
+# instead of returning a list of files.
+export:: $(JAVA_DESTPATH) $(JAVA_DESTPATH)/$(PACKAGE)
+	@echo "!!! THIS COMMAND IS BROKEN ON WINDOWS--SEE rules.mk FOR DETAILS !!!"
+	return -1
+	@for d in $(JDIRS); do							\
+		if test -d $$d; then						\
+			set $(EXIT_ON_ERROR);					\
+			files=`echo $$d/*.java`;				\
+			list=`$(PERL) $(CORE_DEPTH)/coreconf/outofdate.pl $(PERLARG)	\
+				    -d $(JAVA_DESTPATH)/$(PACKAGE) $$files`;	\
+			if test "$${list}x" != "x"; then			\
+			    echo Building all java files in $$d;		\
+			    echo $(JAVAC) $$list;				\
+			    $(JAVAC) $$list;					\
+			fi;							\
+			set +e;							\
+		else								\
+			echo "Skipping non-directory $$d...";			\
+		fi;								\
+		$(CLICK_STOPWATCH);						\
+	done
+endif
+endif
+
+#
+# JDK_GEN -- for generating "old style" native methods 
+#
+# Generate JDK Headers and Stubs into the '_gen' and '_stubs' directory
+#
+# NOTE:  For backwards compatibility, if $(NETLIBDEPTH) is defined,
+#        replace $(CORE_DEPTH) with $(NETLIBDEPTH).
+#
+ifneq ($(JDK_GEN),)
+ifneq ($(JAVAH),)
+ifdef NSBUILDROOT
+	INCLUDES += -I$(JDK_GEN_DIR) -I$(SOURCE_XP_DIR)
+else
+	INCLUDES += -I$(JDK_GEN_DIR)
+endif
+
+ifdef NETLIBDEPTH
+	CORE_DEPTH := $(NETLIBDEPTH)
+endif
+
+JDK_PACKAGE_CLASSES	:= $(JDK_GEN)
+JDK_PATH_CLASSES	:= $(subst .,/,$(JDK_PACKAGE_CLASSES))
+JDK_HEADER_CLASSFILES	:= $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JDK_PATH_CLASSES))
+JDK_STUB_CLASSFILES	:= $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JDK_PATH_CLASSES))
+JDK_HEADER_CFILES	:= $(patsubst %,$(JDK_GEN_DIR)/%.h,$(JDK_GEN))
+JDK_STUB_CFILES		:= $(patsubst %,$(JDK_STUB_DIR)/%.c,$(JDK_GEN))
+
+$(JDK_HEADER_CFILES): $(JDK_HEADER_CLASSFILES)
+$(JDK_STUB_CFILES): $(JDK_STUB_CLASSFILES)
+
+export::
+	@echo Generating/Updating JDK headers 
+	$(JAVAH) -d $(JDK_GEN_DIR) $(JDK_PACKAGE_CLASSES)
+	@echo Generating/Updating JDK stubs
+	$(JAVAH) -stubs -d $(JDK_STUB_DIR) $(JDK_PACKAGE_CLASSES)
+ifndef NO_MAC_JAVA_SHIT
+	@if test ! -d $(CORE_DEPTH)/lib/mac/Java/; then						\
+		echo "!!! You need to have a ns/lib/mac/Java directory checked out.";		\
+		echo "!!! This allows us to automatically update generated files for the mac.";	\
+		echo "!!! If you see any modified files there, please check them in.";		\
+	fi
+	@echo Generating/Updating JDK headers for the Mac
+	$(JAVAH) -mac -d $(CORE_DEPTH)/lib/mac/Java/_gen $(JDK_PACKAGE_CLASSES)
+	@echo Generating/Updating JDK stubs for the Mac
+	$(JAVAH) -mac -stubs -d $(CORE_DEPTH)/lib/mac/Java/_stubs $(JDK_PACKAGE_CLASSES)
+endif
+endif
+endif
+
+#
+# JRI_GEN -- for generating "old style" JRI native methods
+#
+# Generate JRI Headers and Stubs into the 'jri' directory
+#
+# NOTE:  For backwards compatibility, if $(NETLIBDEPTH) is defined,
+#        replace $(CORE_DEPTH) with $(NETLIBDEPTH).
+#
+ifneq ($(JRI_GEN),)
+ifneq ($(JAVAH),)
+ifdef NSBUILDROOT
+	INCLUDES += -I$(JRI_GEN_DIR) -I$(SOURCE_XP_DIR)
+else
+	INCLUDES += -I$(JRI_GEN_DIR)
+endif
+
+ifdef NETLIBDEPTH
+	CORE_DEPTH := $(NETLIBDEPTH)
+endif
+
+JRI_PACKAGE_CLASSES	:= $(JRI_GEN)
+JRI_PATH_CLASSES	:= $(subst .,/,$(JRI_PACKAGE_CLASSES))
+JRI_HEADER_CLASSFILES	:= $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JRI_PATH_CLASSES))
+JRI_STUB_CLASSFILES	:= $(patsubst %,$(JAVA_DESTPATH)/%.class,$(JRI_PATH_CLASSES))
+JRI_HEADER_CFILES	:= $(patsubst %,$(JRI_GEN_DIR)/%.h,$(JRI_GEN))
+JRI_STUB_CFILES		:= $(patsubst %,$(JRI_GEN_DIR)/%.c,$(JRI_GEN))
+
+$(JRI_HEADER_CFILES): $(JRI_HEADER_CLASSFILES)
+$(JRI_STUB_CFILES): $(JRI_STUB_CLASSFILES)
+
+export::
+	@echo Generating/Updating JRI headers 
+	$(JAVAH) -jri -d $(JRI_GEN_DIR) $(JRI_PACKAGE_CLASSES)
+	@echo Generating/Updating JRI stubs
+	$(JAVAH) -jri -stubs -d $(JRI_GEN_DIR) $(JRI_PACKAGE_CLASSES)
+ifndef NO_MAC_JAVA_SHIT
+	@if test ! -d $(CORE_DEPTH)/lib/mac/Java/; then						\
+		echo "!!! You need to have a ns/lib/mac/Java directory checked out.";		\
+		echo "!!! This allows us to automatically update generated files for the mac.";	\
+		echo "!!! If you see any modified files there, please check them in.";		\
+	fi
+	@echo Generating/Updating JRI headers for the Mac
+	$(JAVAH) -jri -mac -d $(CORE_DEPTH)/lib/mac/Java/_jri $(JRI_PACKAGE_CLASSES)
+	@echo Generating/Updating JRI stubs for the Mac
+	$(JAVAH) -jri -mac -stubs -d $(CORE_DEPTH)/lib/mac/Java/_jri $(JRI_PACKAGE_CLASSES)
+endif
+endif
+endif
+
+#
+# JNI_GEN -- for generating JNI native methods
+#
+# Generate JNI Headers into the 'jni' directory
+#
+ifneq ($(JNI_GEN),)
+ifneq ($(JAVAH),)
+JNI_HEADERS		:= $(patsubst %,$(JNI_GEN_DIR)/%.h,$(JNI_GEN))
+
+export::
+	@if test ! -d $(JNI_GEN_DIR); then						\
+		echo $(JAVAH) -jni -d $(JNI_GEN_DIR) $(JNI_GEN);			\
+		$(JAVAH) -jni -d $(JNI_GEN_DIR) $(JNI_GEN);				\
+	else										\
+		echo "Checking for out of date header files" ;                          \
+		$(PERL) $(CORE_DEPTH)/coreconf/jniregen.pl $(PERLARG)			\
+		 -d $(JAVA_DESTPATH) -j "$(JAVAH) -jni -d $(JNI_GEN_DIR)" $(JNI_GEN);\
+	fi
+endif
+endif
+
+#
+# JMC_EXPORT -- for declaring which java classes are to be exported for jmc
+#
+ifneq ($(JMC_EXPORT),)
+JMC_EXPORT_PATHS	:= $(subst .,/,$(JMC_EXPORT))
+JMC_EXPORT_FILES	:= $(patsubst %,$(JAVA_DESTPATH)/$(PACKAGE)/%.class,$(JMC_EXPORT_PATHS))
+
+#
+# We're doing NSINSTALL -t here (copy mode) because calling INSTALL will pick up 
+# your NSDISTMODE and make links relative to the current directory. This is a
+# problem because the source isn't in the current directory:
+#
+export:: $(JMC_EXPORT_FILES) $(JMCSRCDIR)
+	$(NSINSTALL) -t -m 444 $(JMC_EXPORT_FILES) $(JMCSRCDIR)
+endif
+
+#
+# JMC_GEN -- for generating java modules
+#
+# Provide default export & install rules when using JMC_GEN
+#
+ifneq ($(JMC_GEN),)
+ifneq ($(JMC),)
+	INCLUDES    += -I$(JMC_GEN_DIR) -I.
+	JMC_HEADERS := $(patsubst %,$(JMC_GEN_DIR)/%.h,$(JMC_GEN))
+	JMC_STUBS   := $(patsubst %,$(JMC_GEN_DIR)/%.c,$(JMC_GEN))
+	JMC_OBJS    := $(patsubst %,$(OBJDIR)/%$(OBJ_SUFFIX),$(JMC_GEN))
+
+$(JMC_GEN_DIR)/M%.h: $(JMCSRCDIR)/%.class
+	$(JMC) -d $(JMC_GEN_DIR) -interface $(JMC_GEN_FLAGS) $(?F:.class=)
+
+$(JMC_GEN_DIR)/M%.c: $(JMCSRCDIR)/%.class
+	$(JMC) -d $(JMC_GEN_DIR) -module $(JMC_GEN_FLAGS) $(?F:.class=)
+
+$(OBJDIR)/M%$(OBJ_SUFFIX): $(JMC_GEN_DIR)/M%.c $(JMC_GEN_DIR)/M%.h
+	@$(MAKE_OBJDIR)
+	$(CC) -o $@ -c $(CFLAGS) $<
+
+export:: $(JMC_HEADERS) $(JMC_STUBS)
+endif
+endif
+
+#
+# Copy each element of EXPORTS to $(SOURCE_XP_DIR)/public/$(MODULE)/
+#
+PUBLIC_EXPORT_DIR = $(SOURCE_XP_DIR)/public/$(MODULE)
+
+ifneq ($(EXPORTS),)
+$(PUBLIC_EXPORT_DIR)::
+	@if test ! -d $@; then	    \
+		echo Creating $@;   \
+		$(NSINSTALL) -D $@; \
+	fi
+
+export:: $(PUBLIC_EXPORT_DIR) 
+
+export:: $(EXPORTS) 
+	$(INSTALL) -m 444 $^ $(PUBLIC_EXPORT_DIR)
+
+export:: $(BUILT_SRCS)
+endif
+
+# Duplicate export rule for private exports, with different directories
+
+PRIVATE_EXPORT_DIR = $(SOURCE_XP_DIR)/private/$(MODULE)
+
+ifneq ($(PRIVATE_EXPORTS),)
+$(PRIVATE_EXPORT_DIR)::
+	@if test ! -d $@; then	    \
+		echo Creating $@;   \
+		$(NSINSTALL) -D $@; \
+	fi
+
+private_export:: $(PRIVATE_EXPORT_DIR)
+
+private_export:: $(PRIVATE_EXPORTS) 
+	$(INSTALL) -m 444 $^ $(PRIVATE_EXPORT_DIR)
+else
+private_export:: 
+	@echo There are no private exports.;
+endif
+
+##########################################################################
+###   RULES FOR RUNNING REGRESSION SUITE TESTS
+###   REQUIRES 'REGRESSION_SPEC' TO BE SET TO THE NAME OF A REGRESSION SPECFILE
+###   AND RESULTS_SUBDIR TO BE SET TO SOMETHING LIKE SECURITY/PKCS5
+##########################################################################
+
+TESTS_DIR = $(RESULTS_DIR)/$(RESULTS_SUBDIR)/$(OS_TARGET)$(OS_RELEASE)$(CPU_TAG)$(COMPILER_TAG)$(IMPL_STRATEGY)
+
+ifneq ($(REGRESSION_SPEC),)
+
+ifneq ($(BUILD_OPT),)
+REGDATE = $(subst \ ,, $(shell $(PERL)  $(CORE_DEPTH)/$(MODULE)/scripts/now))
+endif
+
+tests:: $(REGRESSION_SPEC) 
+	cd $(PLATFORM); \
+	../$(SOURCE_MD_DIR)/bin/regress$(PROG_SUFFIX) specfile=../$(REGRESSION_SPEC) progress $(EXTRA_REGRESS_OPTIONS); \
+	if test ! -d $(TESTS_DIR); then \
+		echo Creating $(TESTS_DIR);   \
+		$(NSINSTALL) -D $(TESTS_DIR); \
+	fi
+ifneq ($(BUILD_OPT),)
+	$(NSINSTALL) -m 664 $(PLATFORM)/$(REGDATE).sum $(TESTS_DIR); \
+	$(NSINSTALL) -m 664 $(PLATFORM)/$(REGDATE).htm $(TESTS_DIR); \
+	echo "Please now make sure your results files are copied to $(TESTS_DIR), "; \
+	echo "then run 'reporter specfile=$(RESULTS_DIR)/rptspec'"
+endif
+else
+tests:: 
+	@echo Error: you didn't specify REGRESSION_SPEC in your manifest.mn file!;
+endif
+
+
+# Duplicate export rule for releases, with different directories
+
+ifneq ($(EXPORTS),)
+$(SOURCE_RELEASE_XP_DIR)/include::
+	@if test ! -d $@; then	    \
+		echo Creating $@;   \
+		$(NSINSTALL) -D $@; \
+	fi
+
+release_export:: $(SOURCE_RELEASE_XP_DIR)/include
+
+release_export:: $(EXPORTS)
+	$(INSTALL) -m 444 $^ $(SOURCE_RELEASE_XP_DIR)/include
+endif
+
+
+
+
+################################################################################
+
+-include $(DEPENDENCIES)
+
+ifneq (,$(filter-out OS2 WIN%,$(OS_TARGET)))
+# Can't use sed because of its 4000-char line length limit, so resort to perl
+PERL_DEPENDENCIES_PROGRAM =                                                   \
+	    open(MD, "< $(DEPENDENCIES)");                                    \
+	    while (<MD>) {                                                    \
+		if (m@ \.*/*$< @) {                                           \
+		    $$found = 1;                                              \
+		    last;                                                     \
+		}                                                             \
+	    }                                                                 \
+	    if ($$found) {                                                    \
+		print "Removing stale dependency $< from $(DEPENDENCIES)\n";  \
+		seek(MD, 0, 0);                                               \
+		$$tmpname = "$(OBJDIR)/fix.md" . $$$$;                        \
+		open(TMD, "> " . $$tmpname);                                  \
+		while (<MD>) {                                                \
+		    s@ \.*/*$< @ @;                                           \
+		    if (!print TMD "$$_") {                                   \
+			unlink(($$tmpname));                                  \
+			exit(1);                                              \
+		    }                                                         \
+		}                                                             \
+		close(TMD);                                                   \
+		if (!rename($$tmpname, "$(DEPENDENCIES)")) {                  \
+		    unlink(($$tmpname));                                      \
+		}                                                             \
+	    } elsif ("$<" ne "$(DEPENDENCIES)") {                             \
+		print "$(MAKE): *** No rule to make target $<.  Stop.\n";     \
+		exit(1);                                                      \
+	    }
+
+.DEFAULT:
+	@$(PERL) -e '$(PERL_DEPENDENCIES_PROGRAM)'
+endif
+
+#############################################################################
+# X dependency system
+#############################################################################
+
+ifdef MKDEPENDENCIES
+
+# For Windows, $(MKDEPENDENCIES) must be -included before including rules.mk
+
+$(MKDEPENDENCIES)::
+	@$(MAKE_OBJDIR)
+	touch $(MKDEPENDENCIES) 
+	chmod u+w $(MKDEPENDENCIES) 
+#on NT, the preceding touch command creates a read-only file !?!?!
+#which is why we have to explicitly chmod it.
+	$(MKDEPEND) -p$(OBJDIR_NAME)/ -o'$(OBJ_SUFFIX)' -f$(MKDEPENDENCIES) \
+$(NOMD_CFLAGS) $(YOPT) $(CSRCS) $(CPPSRCS) $(ASFILES)
+
+$(MKDEPEND):: $(MKDEPEND_DIR)/*.c $(MKDEPEND_DIR)/*.h
+	$(MAKE) -C $(MKDEPEND_DIR)
+
+ifdef OBJS
+depend:: $(MKDEPEND) $(MKDEPENDENCIES)
+else
+depend::
+endif
+	+$(LOOP_OVER_DIRS)
+
+dependclean::
+	rm -f $(MKDEPENDENCIES)
+	+$(LOOP_OVER_DIRS)
+
+#-include $(NSINSTALL_DIR)/$(OBJDIR)/depend.mk
+
+else
+depend::
+endif
+
+#
+# HACK ALERT
+#
+# The only purpose of this rule is to pass Mozilla's Tinderbox depend
+# builds (http://tinderbox.mozilla.org/showbuilds.cgi).  Mozilla's
+# Tinderbox builds NSS continuously as part of the Mozilla client.
+# Because NSS's make depend is not implemented, whenever we change
+# an NSS header file, the depend build does not recompile the NSS
+# files that depend on the header.
+#
+# This rule makes all the objects depend on a dummy header file.
+# Check in a change to this dummy header file to force the depend
+# build to recompile everything.
+#
+# This rule should be removed when make depend is implemented.
+#
+
+DUMMY_DEPEND = $(CORE_DEPTH)/coreconf/coreconf.dep
+
+$(filter $(OBJDIR)/%$(OBJ_SUFFIX),$(OBJS)): $(OBJDIR)/%$(OBJ_SUFFIX): $(DUMMY_DEPEND)
+
+# END OF HACK
+
+################################################################################
+# Special gmake rules.
+################################################################################
+
+#
+# Re-define the list of default suffixes, so gmake won't have to churn through
+# hundreds of built-in suffix rules for stuff we don't need.
+#
+.SUFFIXES:
+.SUFFIXES: .out .a .ln .o .obj .c .cc .C .cpp .y .l .s .S .h .sh .i .pl .class .java .html .asm .dep
+
+#
+# Don't delete these files if we get killed.
+#
+.PRECIOUS: .java $(JDK_HEADERS) $(JDK_STUBS) $(JRI_HEADERS) $(JRI_STUBS) $(JMC_HEADERS) $(JMC_STUBS) $(JNI_HEADERS)
+
+#
+# Fake targets.  Always run these rules, even if a file/directory with that
+# name already exists.
+#
+.PHONY: all all_platforms alltags boot clean clobber clobber_all export install libs program realclean release $(OBJDIR)
+
diff --git a/nss/coreconf/ruleset.mk b/nss/coreconf/ruleset.mk
new file mode 100644
index 0000000..74d64e1
--- /dev/null
+++ b/nss/coreconf/ruleset.mk
@@ -0,0 +1,220 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+#                                                                     #
+# Parameters to this makefile (set these in this file):               #
+#                                                                     #
+# a)                                                                  #
+#	TARGETS	-- the target to create                               #
+#			(defaults to $LIBRARY $PROGRAM)               #
+# b)                                                                  #
+#	DIRS	-- subdirectories for make to recurse on              #
+#			(the 'all' rule builds $TARGETS $DIRS)        #
+# c)                                                                  #
+#	CSRCS, CPPSRCS -- .c and .cpp files to compile                #
+#			(used to define $OBJS)                        #
+# d)                                                                  #
+#	PROGRAM	-- the target program name to create from $OBJS       #
+#			($OBJDIR automatically prepended to it)       #
+# e)                                                                  #
+#	LIBRARY	-- the target library name to create from $OBJS       #
+#			($OBJDIR automatically prepended to it)       #
+# f)                                                                  #
+#	JSRCS	-- java source files to compile into class files      #
+#			(if you don't specify this it will default    #
+#			 to *.java)                                   #
+# g)                                                                  #
+#	PACKAGE	-- the package to put the .class files into           #
+#			(e.g. netscape/applet)                        #
+#			(NOTE: the default definition for this may be #
+#                              overridden if "jdk.mk" is included)    #
+# h)                                                                  #
+#	JMC_EXPORT -- java files to be exported for use by JMC_GEN    #
+#			(this is a list of Class names)               #
+# i)                                                                  #
+#	JRI_GEN	-- files to run through javah to generate headers     #
+#                  and stubs                                          #
+#			(output goes into the _jri sub-dir)           #
+# j)                                                                  #
+#	JMC_GEN	-- files to run through jmc to generate headers       #
+#                  and stubs                                          #
+#			(output goes into the _jmc sub-dir)           #
+# k)                                                                  #
+#	JNI_GEN	-- files to run through javah to generate headers     #
+#			(output goes into the _jni sub-dir)           #
+#                                                                     #
+#######################################################################
+
+#
+# CPU_TAG is now defined in the $(TARGET).mk files
+#
+
+ifndef COMPILER_TAG
+    ifneq ($(DEFAULT_COMPILER), $(notdir $(firstword $(CC))))
+#
+# Temporary define for the Client; to be removed when binary release is used
+#
+	ifdef MOZILLA_CLIENT
+	    COMPILER_TAG =
+	else
+	    COMPILER_TAG = _$(notdir $(firstword $(CC)))
+	endif
+    else
+	COMPILER_TAG =
+    endif
+endif
+
+ifeq ($(MKPROG),)
+    MKPROG = $(CC)
+endif
+
+#
+# This makefile contains rules for building the following kinds of
+# objects:
+# - (1) LIBRARY: a static (archival) library
+# - (2) SHARED_LIBRARY: a shared (dynamic link) library
+# - (3) IMPORT_LIBRARY: an import library, defined in $(OS_TARGET).mk
+# - (4) PROGRAM: an executable binary
+#
+# NOTE:  The names of libraries can be generated by simply specifying
+# LIBRARY_NAME (and LIBRARY_VERSION in the case of non-static libraries).
+# LIBRARY and SHARED_LIBRARY may be defined differently in $(OS_TARGET).mk
+#
+
+ifdef LIBRARY_NAME
+    ifndef LIBRARY
+	LIBRARY        = $(OBJDIR)/$(LIB_PREFIX)$(LIBRARY_NAME).$(LIB_SUFFIX)
+    endif
+    ifndef SHARED_LIBRARY
+	SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(JDK_DEBUG_SUFFIX).$(DLL_SUFFIX)
+    endif
+    ifndef MAPFILE_SOURCE
+	MAPFILE_SOURCE = $(LIBRARY_NAME).def
+    endif
+endif
+
+#
+# Common rules used by lots of makefiles...
+#
+
+ifdef PROGRAM
+    PROGRAM := $(addprefix $(OBJDIR)/, $(PROGRAM)$(JDK_DEBUG_SUFFIX)$(PROG_SUFFIX))
+endif
+
+ifdef PROGRAMS
+    PROGRAMS := $(addprefix $(OBJDIR)/, $(PROGRAMS:%=%$(JDK_DEBUG_SUFFIX)$(PROG_SUFFIX)))
+endif
+
+ifndef TARGETS
+    TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(PROGRAM)
+endif
+
+# Make both .cpp and .cc work.
+CPPSRCS1 = $(CPPSRCS:.cpp=$(OBJ_SUFFIX))
+CPPSRCS2 = $(CPPSRCS1:.cc=$(OBJ_SUFFIX))
+
+ifndef OBJS
+    SIMPLE_OBJS = $(JRI_STUB_CFILES) \
+		$(addsuffix $(OBJ_SUFFIX), $(JMC_GEN)) \
+		$(CSRCS:.c=$(OBJ_SUFFIX)) \
+		$(CPPSRCS2) \
+		$(ASFILES:$(ASM_SUFFIX)=$(OBJ_SUFFIX)) \
+		$(BUILT_CSRCS:.c=$(OBJ_SUFFIX)) \
+		$(BUILT_CPPSRCS:.cpp=$(OBJ_SUFFIX)) \
+		$(BUILT_ASFILES:$(ASM_SUFFIX)=$(OBJ_SUFFIX))
+    OBJS =	$(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
+endif
+
+ifndef BUILT_SRCS
+    BUILT_SRCS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), \
+		 $(BUILT_CSRCS) $(BUILT_CPPSRCS) $(BUILT_ASFILES))
+endif
+
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+    MAKE_OBJDIR = $(INSTALL) -D $(OBJDIR)
+else
+    define MAKE_OBJDIR
+	if test ! -d $(@D); then rm -rf $(@D); $(NSINSTALL) -D $(@D); fi
+    endef
+endif
+
+ifndef PACKAGE
+    PACKAGE = .
+endif
+
+ifdef NSBUILDROOT
+    JDK_GEN_DIR  = $(SOURCE_XP_DIR)/_gen
+    JMC_GEN_DIR  = $(SOURCE_XP_DIR)/_jmc
+    JNI_GEN_DIR  = $(SOURCE_XP_DIR)/_jni
+    JRI_GEN_DIR  = $(SOURCE_XP_DIR)/_jri
+    JDK_STUB_DIR = $(SOURCE_XP_DIR)/_stubs
+else
+    JDK_GEN_DIR  = _gen
+    JMC_GEN_DIR  = _jmc
+    JNI_GEN_DIR  = _jni
+    JRI_GEN_DIR  = _jri
+    JDK_STUB_DIR = _stubs
+endif
+
+ALL_TRASH =	$(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
+		so_locations $(BUILT_SRCS) $(NOSUCHFILE)
+
+ifdef NS_USE_JDK
+    ALL_TRASH += $(JDK_HEADER_CFILES) $(JDK_STUB_CFILES) \
+		 $(JMC_HEADERS) $(JMC_STUBS) $(JMC_EXPORT_FILES) \
+		 $(JNI_HEADERS) \
+		 $(JRI_HEADER_CFILES) $(JRI_STUB_CFILES) \
+		 $(JDK_GEN_DIR) $(JMC_GEN_DIR) $(JNI_GEN_DIR) \
+		 $(JRI_GEN_DIR) $(JDK_STUB_DIR)
+
+ifdef JAVA_DESTPATH
+    ALL_TRASH += $(wildcard $(JAVA_DESTPATH)/$(PACKAGE)/*.class)
+ifdef JDIRS
+    ALL_TRASH += $(addprefix $(JAVA_DESTPATH)/,$(JDIRS))
+endif
+else # !JAVA_DESTPATH
+    ALL_TRASH += $(wildcard $(PACKAGE)/*.class) $(JDIRS)
+endif
+
+endif #NS_USE_JDK
+
+ifdef NSS_BUILD_CONTINUE_ON_ERROR
+# Try to build everything. I.e., don't exit on errors.
+    EXIT_ON_ERROR		= +e
+    IGNORE_ERROR		= -
+    CLICK_STOPWATCH		= date
+else
+    EXIT_ON_ERROR		= -e
+    IGNORE_ERROR		=
+    CLICK_STOPWATCH		= true
+endif
+
+ifdef REQUIRES
+    MODULE_INCLUDES := $(addprefix -I$(SOURCE_XP_DIR)/public/, $(REQUIRES))
+    INCLUDES        += $(MODULE_INCLUDES)
+    ifeq ($(MODULE), sectools)
+	PRIVATE_INCLUDES := $(addprefix -I$(SOURCE_XP_DIR)/private/, $(REQUIRES))
+	INCLUDES         += $(PRIVATE_INCLUDES)
+    endif
+endif
+
+ifdef SYSTEM_INCL_DIR
+    YOPT = -Y$(SYSTEM_INCL_DIR)
+endif
+
+ifdef DIRS
+define SUBMAKE
++@echo "cd $2; $(MAKE) $1"
+$(IGNORE_ERROR)@$(MAKE) -C $(2) $(1)
+@$(CLICK_STOPWATCH)
+
+endef
+
+    LOOP_OVER_DIRS	= $(foreach dir,$(DIRS),$(call SUBMAKE,$@,$(dir)))
+endif
+
+MK_RULESET = included
diff --git a/nss/coreconf/sanitizers.mk b/nss/coreconf/sanitizers.mk
new file mode 100644
index 0000000..5979bd5
--- /dev/null
+++ b/nss/coreconf/sanitizers.mk
@@ -0,0 +1,19 @@
+# Address Sanitizer support; include this in OS-specific .mk files
+# *after* defining the variables that are appended to here.
+
+ifeq ($(USE_ASAN), 1)
+SANITIZER_FLAGS_COMMON = -fsanitize=address $(EXTRA_SANITIZER_FLAGS)
+SANITIZER_CFLAGS = $(SANITIZER_FLAGS_COMMON)
+SANITIZER_LDFLAGS = $(SANITIZER_FLAGS_COMMON)
+OS_CFLAGS += $(SANITIZER_CFLAGS)
+LDFLAGS += $(SANITIZER_LDFLAGS)
+
+# ASan needs frame pointers to save stack traces for allocation/free sites.
+# (Warning: some platforms, like ARM Linux in Thumb mode, don't have useful
+# frame pointers even with this option.)
+SANITIZER_CFLAGS += -fno-omit-frame-pointer -fno-optimize-sibling-calls
+
+# You probably want to be able to get debug info for failures, even with an
+# optimized build.
+OPTIMIZER += -g
+endif
diff --git a/nss/coreconf/sanitizers.py b/nss/coreconf/sanitizers.py
new file mode 100644
index 0000000..b1a77df
--- /dev/null
+++ b/nss/coreconf/sanitizers.py
@@ -0,0 +1,33 @@
+#!/usr/bin/env python2
+
+from __future__ import print_function
+import sys
+
+def main():
+    if len(sys.argv) < 2:
+        raise Exception('Specify either "asan", "msan", "sancov" or "ubsan" as argument.')
+
+    sanitizer = sys.argv[1]
+    if sanitizer == "ubsan":
+        if len(sys.argv) < 3:
+            raise Exception('ubsan requires another argument.')
+        print('-fsanitize='+sys.argv[2]+' -fno-sanitize-recover=undefined ', end='')
+        return
+    if sanitizer == "asan":
+        print('-fsanitize=address ', end='')
+        print('-fno-omit-frame-pointer -fno-optimize-sibling-calls ', end='')
+        return
+    if sanitizer == "msan":
+        print('-fsanitize=memory -fsanitize-memory-track-origins ', end='')
+        print('-fno-omit-frame-pointer -fno-optimize-sibling-calls ', end='')
+        return
+    if sanitizer == "sancov":
+        if len(sys.argv) < 3:
+            raise Exception('sancov requires another argument (edge|bb|func).')
+        print('-fsanitize-coverage='+sys.argv[2]+' ', end='')
+        return
+
+    raise Exception('Specify either "asan", "msan", "sancov" or "ubsan" as argument.')
+
+if __name__ == '__main__':
+    main()
diff --git a/nss/coreconf/sanitizers.sh b/nss/coreconf/sanitizers.sh
new file mode 100644
index 0000000..bd77571
--- /dev/null
+++ b/nss/coreconf/sanitizers.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+# This file is used by build.sh to setup sanitizers.
+
+sanitizer_flags=""
+sanitizers=()
+
+# This tracks what sanitizers are enabled so they don't get enabled twice.  This
+# means that doing things that enable the same sanitizer twice (such as enabling
+# both --asan and --fuzz) is order-dependent: only the first is used.
+enable_sanitizer()
+{
+    local san="$1"
+    for i in "${sanitizers[@]}"; do
+        [ "$san" = "$i" ] && return
+    done
+    sanitizers+=("$san")
+
+    if [ -z "$sanitizer_flags" ]; then
+        gyp_params+=(-Dno_zdefs=1)
+    fi
+
+    local cflags=$(python $cwd/coreconf/sanitizers.py "$@")
+    sanitizer_flags="$sanitizer_flags $cflags"
+}
+
+enable_sancov()
+{
+    local clang_version=$($CC --version | grep -oE '([0-9]{1,}\.)+[0-9]{1,}')
+    if [[ ${clang_version:0:1} -lt 4 && ${clang_version:0:1} -eq 3 && ${clang_version:2:1} -lt 9 ]]; then
+        echo "Need at least clang-3.9 (better 4.0) for sancov." 1>&2
+        exit 1
+    fi
+
+    local sancov
+    if [ -n "$1" ]; then
+        sancov="$1"
+    elif [ "${clang_version:0:3}" = "3.9" ]; then
+        sancov=edge,indirect-calls,8bit-counters
+    else
+        sancov=trace-pc-guard,trace-cmp
+    fi
+    enable_sanitizer sancov "$sancov"
+}
+
+enable_ubsan()
+{
+    local ubsan
+    if [ -n "$1" ]; then
+        ubsan="$1"
+    else
+        ubsan=bool,signed-integer-overflow,shift,vptr
+    fi
+    enable_sanitizer ubsan "$ubsan"
+}
+
+# Not strictly a sanitizer, but the pattern fits
+scanbuild=()
+enable_scanbuild()
+{
+    [ "${#scanbuild[@]}" -gt 0 ] && return
+
+    scanbuild=(scan-build)
+    if [ -n "$1" ]; then
+        scanbuild+=(-o "$1")
+    fi
+    # pass on CC and CCC to scanbuild
+    if [ -n "$CC" ]; then
+        scanbuild+=(--use-cc="$CC")
+    fi
+    if [ -n "$CCC" ]; then
+        scanbuild+=(--use-c++="$CCC")
+    fi
+}
+
+run_scanbuild()
+{
+    "${scanbuild[@]}" "$@"
+}
diff --git a/nss/coreconf/shlibsign.py b/nss/coreconf/shlibsign.py
new file mode 100644
index 0000000..dc40a8c
--- /dev/null
+++ b/nss/coreconf/shlibsign.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python2
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import os
+import subprocess
+import sys
+
+def main():
+    for lib_file in sys.argv[1:]:
+        if os.path.isfile(lib_file):
+            sign(lib_file)
+
+def sign(lib_file):
+    ld_lib_path = os.path.realpath(os.path.join(lib_file, '..'))
+    bin_path = os.path.realpath(os.path.join(ld_lib_path, '../bin'))
+
+    env = os.environ.copy()
+    if sys.platform == 'win32':
+        env['PATH'] = os.pathsep.join((env['PATH'], ld_lib_path))
+    else:
+        env['LD_LIBRARY_PATH'] = env['DYLD_LIBRARY_PATH'] = ld_lib_path
+
+    dev_null = open(os.devnull, 'wb')
+    subprocess.check_call([os.path.join(bin_path, 'shlibsign'), '-v', '-i', lib_file], env=env, stdout=dev_null, stderr=dev_null)
+
+if __name__ == '__main__':
+    main()
diff --git a/nss/coreconf/source.mk b/nss/coreconf/source.mk
new file mode 100644
index 0000000..14bb510
--- /dev/null
+++ b/nss/coreconf/source.mk
@@ -0,0 +1,162 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master <component>-specific source import/export directories        #
+#######################################################################
+
+#
+# <user_source_tree> master import/export directory prefix
+#
+
+ifndef SOURCE_PREFIX
+    ifndef BUILD_TREE
+	SOURCE_PREFIX = $(CORE_DEPTH)/../dist
+    else
+	SOURCE_PREFIX = $(BUILD_TREE)/dist
+    endif
+endif
+
+#
+# <user_source_tree> cross-platform (xp) master import/export directory
+#
+
+ifndef SOURCE_XP_DIR
+    SOURCE_XP_DIR        = $(SOURCE_PREFIX)
+endif
+
+#
+# <user_source_tree> cross-platform (xp) import/export directories
+#
+
+SOURCE_CLASSES_DIR     = $(SOURCE_XP_DIR)/classes
+SOURCE_CLASSES_DBG_DIR = $(SOURCE_XP_DIR)/classes_DBG
+SOURCE_XPHEADERS_DIR   = $(SOURCE_XP_DIR)/public/$(MODULE)
+SOURCE_XPPRIVATE_DIR   = $(SOURCE_XP_DIR)/private/$(MODULE)
+
+ifdef BUILD_OPT
+    IMPORT_XPCLASS_DIR = $(SOURCE_CLASSES_DIR)
+else
+    IMPORT_XPCLASS_DIR = $(SOURCE_CLASSES_DBG_DIR)
+endif
+
+#
+# <user_source_tree> machine-dependent (md) master import/export directory
+#
+
+ifndef SOURCE_MD_DIR
+    SOURCE_MD_DIR        = $(SOURCE_PREFIX)/$(PLATFORM)
+endif
+
+#
+# <user_source_tree> machine-dependent (md) import/export directories
+#
+
+#This is where we install built executables and (for Windows only) DLLs.
+ifndef SOURCE_BIN_DIR
+    SOURCE_BIN_DIR       = $(SOURCE_MD_DIR)/bin
+endif
+
+#This is where we install built libraries (.a, .so, .lib).
+ifndef SOURCE_LIB_DIR
+    SOURCE_LIB_DIR       = $(SOURCE_MD_DIR)/lib
+endif
+
+# This is where NSPR header files are found.
+ifndef SOURCE_MDHEADERS_DIR
+    SOURCE_MDHEADERS_DIR = $(SOURCE_MD_DIR)/include
+endif
+
+#######################################################################
+# Master <component>-specific source release directories and files    #
+#######################################################################
+
+#
+# <user_source_tree> source-side master release directory prefix
+# NOTE:  export control policy enforced for XP and MD files released to
+#        the staging area
+#
+
+ifeq ($(POLICY), domestic)
+    SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/domestic
+else
+    ifeq ($(POLICY), export)
+	SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/export
+    else
+	ifeq ($(POLICY), france)
+	    SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/france
+	else
+#We shouldn't have to put another directory under here, but without it the perl
+#script for releasing doesn't find the directory. It thinks it doesn't exist.
+#So we're adding this no-policy directory so that the script for releasing works
+#in all casese when policy is not set. This doesn't affect where the final jar
+#files land, only where they are placed in the local tree when building the jar
+#files. When there is no policy, the jar files will still land in
+#<dist>/<module>/<date>/<platform> like they used to.
+	    SOURCE_RELEASE_PREFIX = $(SOURCE_PREFIX)/release/no-policy
+	endif
+    endif
+endif
+
+#
+# <user_source_tree> cross-platform (xp) source-side master release directory
+#
+
+SOURCE_RELEASE_XP_DIR = $(SOURCE_RELEASE_PREFIX)
+
+#
+# <user_source_tree> cross-platform (xp) source-side release directories
+#
+
+SOURCE_RELEASE_CLASSES_DIR     = classes
+SOURCE_RELEASE_CLASSES_DBG_DIR = classes_DBG
+SOURCE_RELEASE_XPHEADERS_DIR   = include
+
+#
+# <user_source_tree> cross-platform (xp) JAR source-side release files
+#
+
+XPCLASS_JAR     = xpclass.jar
+XPCLASS_DBG_JAR = xpclass_dbg.jar
+XPHEADER_JAR    = xpheader.jar
+
+ifdef BUILD_OPT
+    SOURCE_RELEASE_XP_CLASSES_DIR = $(SOURCE_RELEASE_CLASSES_DIR)
+    IMPORT_XPCLASS_JAR = $(XPCLASS_JAR)
+else
+    SOURCE_RELEASE_XP_CLASSES_DIR = $(SOURCE_RELEASE_CLASSES_DBG_DIR)
+    IMPORT_XPCLASS_JAR = $(XPCLASS_DBG_JAR)
+endif
+
+#
+# <user_source_tree> machine-dependent (md) source-side master release directory
+#
+
+SOURCE_RELEASE_MD_DIR = $(PLATFORM)
+
+#
+# <user_source_tree> machine-dependent (md) source-side release directories
+#
+
+SOURCE_RELEASE_BIN_DIR       = $(PLATFORM)/bin
+SOURCE_RELEASE_LIB_DIR       = $(PLATFORM)/lib
+SOURCE_RELEASE_MDHEADERS_DIR = $(PLATFORM)/include
+SOURCE_RELEASE_SPEC_DIR      = $(SOURCE_RELEASE_MD_DIR)
+
+#
+# <user_source_tree> machine-dependent (md) JAR/tar source-side release files
+#
+
+MDBINARY_JAR = mdbinary.jar
+MDHEADER_JAR = mdheader.jar
+
+
+# Where to put the results
+
+ifneq ($(RESULTS_DIR),)
+    RESULTS_DIR = $(RELEASE_TREE)/sectools/results
+endif
+
+MK_SOURCE = included
diff --git a/nss/coreconf/suffix.mk b/nss/coreconf/suffix.mk
new file mode 100644
index 0000000..584bdf5
--- /dev/null
+++ b/nss/coreconf/suffix.mk
@@ -0,0 +1,67 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master "Core Components" suffixes                                   #
+#######################################################################
+
+#
+# Object suffixes   (OS2 and WIN% override this)
+#
+ifndef OBJ_SUFFIX
+    OBJ_SUFFIX = .o
+endif
+
+#
+# Assembler source suffixes (OS2 and WIN% override this)
+#
+ifndef ASM_SUFFIX
+    ASM_SUFFIX = .s
+endif
+
+#
+# Library suffixes
+#
+STATIC_LIB_EXTENSION =
+
+ifndef DYNAMIC_LIB_EXTENSION
+    DYNAMIC_LIB_EXTENSION =
+endif
+
+
+ifndef STATIC_LIB_SUFFIX
+    STATIC_LIB_SUFFIX = .$(LIB_SUFFIX)
+endif
+
+
+ifndef DYNAMIC_LIB_SUFFIX
+    DYNAMIC_LIB_SUFFIX = .$(DLL_SUFFIX)
+endif
+
+# WIN% overridese this
+ifndef IMPORT_LIB_SUFFIX
+    IMPORT_LIB_SUFFIX = 
+endif
+
+
+ifndef STATIC_LIB_SUFFIX_FOR_LINKING
+    STATIC_LIB_SUFFIX_FOR_LINKING = $(STATIC_LIB_SUFFIX)
+endif
+
+
+# WIN% overridese this
+ifndef DYNAMIC_LIB_SUFFIX_FOR_LINKING
+    DYNAMIC_LIB_SUFFIX_FOR_LINKING = $(DYNAMIC_LIB_SUFFIX)
+endif
+
+#
+# Program suffixes (OS2 and WIN% override this)
+#
+
+ifndef PROG_SUFFIX
+    PROG_SUFFIX =
+endif
+
+MK_SUFFIX = included
diff --git a/nss/coreconf/tree.mk b/nss/coreconf/tree.mk
new file mode 100644
index 0000000..f819abf
--- /dev/null
+++ b/nss/coreconf/tree.mk
@@ -0,0 +1,52 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Master "Core Components" file system "release" prefixes             #
+#######################################################################
+
+# Windows platforms override this.  See WIN32.mk.
+ifndef RELEASE_TREE
+    ifdef BUILD_SHIP
+	ifdef USE_SHIPS 
+	    RELEASE_TREE = $(BUILD_SHIP)
+	else
+	    RELEASE_TREE = /share/builds/components
+	endif
+    else
+	RELEASE_TREE = /share/builds/components
+    endif
+endif
+
+#
+# NOTE:  export control policy enforced for XP and MD files
+#        released to the binary release tree
+#
+
+ifeq ($(POLICY), domestic)
+    RELEASE_XP_DIR = domestic
+    RELEASE_MD_DIR = domestic/$(PLATFORM)
+else
+    ifeq ($(POLICY), export)
+	RELEASE_XP_DIR = export
+	RELEASE_MD_DIR = export/$(PLATFORM)
+    else
+	ifeq ($(POLICY), france)
+	    RELEASE_XP_DIR = france
+	    RELEASE_MD_DIR = france/$(PLATFORM)
+	else
+	    RELEASE_XP_DIR = 
+	    RELEASE_MD_DIR = $(PLATFORM)
+	endif
+    endif
+endif
+
+
+REPORTER_TREE = $(subst \,\\,$(RELEASE_TREE))
+
+IMPORT_XP_DIR = 
+IMPORT_MD_DIR = $(PLATFORM)
+
+MK_TREE = included
diff --git a/nss/coreconf/version.mk b/nss/coreconf/version.mk
new file mode 100644
index 0000000..c3e559c
--- /dev/null
+++ b/nss/coreconf/version.mk
@@ -0,0 +1,77 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# Build master "Core Components" release version directory name       #
+#######################################################################
+
+#
+# Always set CURRENT_VERSION_SYMLINK to the <current> symbolic link.
+#
+
+CURRENT_VERSION_SYMLINK = current
+
+
+#
+#  For the sake of backwards compatibility (*sigh*) ...
+#
+
+ifndef VERSION
+    ifdef BUILD_NUM
+	VERSION = $(BUILD_NUM)
+    endif
+endif
+
+ifndef RELEASE_VERSION
+    ifdef BUILD_NUM
+	RELEASE_VERSION = $(BUILD_NUM)
+    endif
+endif
+
+#
+# If VERSION has still NOT been set on the command line,
+# as an environment variable, by the individual Makefile, or
+# by the <component>-specific "version.mk" file, set VERSION equal
+# to $(CURRENT_VERSION_SYMLINK).
+
+ifndef VERSION
+    VERSION = $(CURRENT_VERSION_SYMLINK)
+endif
+
+# If RELEASE_VERSION has still NOT been set on the command line,
+# as an environment variable, by the individual Makefile, or
+# by the <component>-specific "version.mk" file, automatically
+# generate the next available version number via a perl script.
+# 
+
+ifndef RELEASE_VERSION
+    RELEASE_VERSION = 
+endif
+
+#
+# Set <component>-specific versions for compiliation and linkage.
+#
+
+ifndef JAVA_VERSION
+    JAVA_VERSION = $(CURRENT_VERSION_SYMLINK)
+endif
+
+ifndef NETLIB_VERSION
+    NETLIB_VERSION = $(CURRENT_VERSION_SYMLINK)
+endif
+
+ifndef NSPR_VERSION
+    NSPR_VERSION = $(CURRENT_VERSION_SYMLINK)
+endif
+
+ifndef SECTOOLS_VERSION
+    SECTOOLS_VERSION = $(CURRENT_VERSION_SYMLINK)
+endif
+
+ifndef SECURITY_VERSION
+    SECURITY_VERSION = $(CURRENT_VERSION_SYMLINK)
+endif
+
+MK_VERSION = included
diff --git a/nss/coreconf/version.pl b/nss/coreconf/version.pl
new file mode 100644
index 0000000..d2a4942
--- /dev/null
+++ b/nss/coreconf/version.pl
@@ -0,0 +1,48 @@
+#!/usr/sbin/perl
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Compose lowercase alphabet
+@alphabet = ( "a", "b", "c", "d", "e", "f", "g", "h",
+              "i", "j", "k", "l", "m", "n", "o", "p",
+              "q", "r", "s", "t", "u", "v", "w", "x",
+              "y", "z" );
+
+# Compute year
+$year = (localtime)[5] + 1900;
+
+# Compute month
+$month = (localtime)[4] + 1;
+
+# Compute day
+$day = (localtime)[3];
+
+# Compute base build number
+$version = sprintf( "%d%02d%02d", $year, $month, $day );
+$directory = sprintf( "%s\/%s\/%d%02d%02d", $ARGV[0], $ARGV[1], $year, $month, $day );
+
+# Print out the name of the first version directory which does not exist
+#if( ! -e  $directory )
+#{
+    print $version;
+#}
+#else
+#{
+#    # Loop through combinations
+#    foreach $ch1 (@alphabet)
+#    {
+#	foreach $ch2 (@alphabet)
+#	{
+#	    $version = sprintf( "%d%02d%02d%s%s", $year, $month, $day, $ch1, $ch2 );
+#	    $directory = sprintf( "%s\/%s\/%d%02d%02d%s%s", $ARGV[0], $ARGV[1], $year, $month, $day, $ch1, $ch2 );
+#	    if( ! -e  $directory )
+#	    {
+#		print STDOUT $version;
+#		exit;
+#	    }
+#	}
+#    }
+#}
+
diff --git a/nss/coreconf/werror.py b/nss/coreconf/werror.py
new file mode 100644
index 0000000..0d3843f
--- /dev/null
+++ b/nss/coreconf/werror.py
@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+
+import os
+import subprocess
+
+def main():
+    cc = os.environ.get('CC', 'cc')
+    sink = open(os.devnull, 'wb')
+    try:
+        cc_is_clang = 'clang' in subprocess.check_output(
+          [cc, '--version'], universal_newlines=True, stderr=sink)
+    except OSError:
+        # We probably just don't have CC/cc.
+        return
+
+    def warning_supported(warning):
+        return subprocess.call([cc, '-x', 'c', '-E', '-Werror',
+                                '-W%s' % warning, os.devnull], stdout=sink, stderr=sink) == 0
+    def can_enable():
+        # This would be a problem
+        if not warning_supported('all'):
+            return False
+
+        # If we aren't clang, make sure we have gcc 4.8 at least
+        if not cc_is_clang:
+            try:
+                v = subprocess.check_output([cc, '-dumpversion'], stderr=sink)
+                v = v.strip(' \r\n').split('.')
+                v = list(map(int, v))
+                if v[0] < 4 or (v[0] == 4 and v[1] < 8):
+                    # gcc 4.8 minimum
+                    return False
+            except OSError:
+                return False
+        return True
+
+    if not can_enable():
+        print('-DNSS_NO_GCC48')
+        return
+
+    print('-Werror')
+    print('-Wall')
+
+    def set_warning(warning, contra=''):
+        if warning_supported(warning):
+            print('-W%s%s' % (contra, warning))
+
+    if cc_is_clang:
+        # clang is unable to handle glib's expansion of strcmp and similar for
+        # optimized builds, so disable the resulting errors.
+        # See https://llvm.org/bugs/show_bug.cgi?id=20144
+        for w in ['array-bounds', 'unevaluated-expression',
+                  'parentheses-equality']:
+            set_warning(w, 'no-')
+        print('-Qunused-arguments')
+
+    # set_warning('shadow') # Bug 1309068
+
+if __name__ == '__main__':
+    main()
diff --git a/nss/coreconf/zlib.mk b/nss/coreconf/zlib.mk
new file mode 100644
index 0000000..a8504b7
--- /dev/null
+++ b/nss/coreconf/zlib.mk
@@ -0,0 +1,17 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Configuration information for linking against zlib.
+
+# If a platform has a system zlib, set USE_SYSTEM_ZLIB to 1 and
+# ZLIB_LIBS to the linker command-line arguments for the system zlib
+# (for example, -lz) in the platform's config file in coreconf.
+ifdef USE_SYSTEM_ZLIB
+OS_LIBS += $(ZLIB_LIBS)
+else
+ZLIB_LIBS = $(DIST)/lib/$(LIB_PREFIX)zlib.$(LIB_SUFFIX)
+EXTRA_LIBS += $(ZLIB_LIBS)
+endif
+
diff --git a/nss/cpputil/.clang-format b/nss/cpputil/.clang-format
new file mode 100644
index 0000000..06e3c51
--- /dev/null
+++ b/nss/cpputil/.clang-format
@@ -0,0 +1,4 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+...
diff --git a/nss/cpputil/README b/nss/cpputil/README
new file mode 100644
index 0000000..22297dd
--- /dev/null
+++ b/nss/cpputil/README
@@ -0,0 +1,11 @@
+######################################
+## PLEASE READ BEFORE USING CPPUTIL ##
+######################################
+
+This is a static library supposed to be mainly used by NSS internally. We use
+it for testing, fuzzing, and a few new tools written in C++ that we're
+experimenting with.
+
+You might find it handy to use for your own projects but please be aware that
+we will make no promises your application won't break in the future. We will
+provide no support if you decide to link against it.
diff --git a/nss/cpputil/cpputil.gyp b/nss/cpputil/cpputil.gyp
new file mode 100644
index 0000000..cf666fd
--- /dev/null
+++ b/nss/cpputil/cpputil.gyp
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../coreconf/config.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'cpputil',
+      'type': 'static_library',
+      'sources': [
+        'dummy_io.cc',
+        'dummy_io_fwd.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ],
+      'direct_dependent_settings': {
+        'include_dirs': [
+          '<(DEPTH)/cpputil',
+        ],
+      },
+    },
+  ],
+}
+
diff --git a/nss/cpputil/dummy_io.cc b/nss/cpputil/dummy_io.cc
new file mode 100644
index 0000000..a8daced
--- /dev/null
+++ b/nss/cpputil/dummy_io.cc
@@ -0,0 +1,221 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <assert.h>
+#include <iostream>
+
+#include "prerror.h"
+#include "prio.h"
+
+#include "dummy_io.h"
+
+#define UNIMPLEMENTED()                                        \
+  std::cerr << "Unimplemented: " << __FUNCTION__ << std::endl; \
+  assert(false);
+
+extern const struct PRIOMethods DummyMethodsForward;
+
+ScopedPRFileDesc DummyIOLayerMethods::CreateFD(PRDescIdentity id,
+                                               DummyIOLayerMethods *methods) {
+  ScopedPRFileDesc fd(PR_CreateIOLayerStub(id, &DummyMethodsForward));
+  fd->secret = reinterpret_cast<PRFilePrivate *>(methods);
+  return fd;
+}
+
+PRStatus DummyIOLayerMethods::Close(PRFileDesc *f) {
+  f->secret = nullptr;
+  f->dtor(f);
+  return PR_SUCCESS;
+}
+
+int32_t DummyIOLayerMethods::Read(PRFileDesc *f, void *buf, int32_t length) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int32_t DummyIOLayerMethods::Write(PRFileDesc *f, const void *buf,
+                                   int32_t length) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int32_t DummyIOLayerMethods::Available(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int64_t DummyIOLayerMethods::Available64(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+PRStatus DummyIOLayerMethods::Sync(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+int32_t DummyIOLayerMethods::Seek(PRFileDesc *f, int32_t offset,
+                                  PRSeekWhence how) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int64_t DummyIOLayerMethods::Seek64(PRFileDesc *f, int64_t offset,
+                                    PRSeekWhence how) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+PRStatus DummyIOLayerMethods::FileInfo(PRFileDesc *f, PRFileInfo *info) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+PRStatus DummyIOLayerMethods::FileInfo64(PRFileDesc *f, PRFileInfo64 *info) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+int32_t DummyIOLayerMethods::Writev(PRFileDesc *f, const PRIOVec *iov,
+                                    int32_t iov_size, PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+PRStatus DummyIOLayerMethods::Connect(PRFileDesc *f, const PRNetAddr *addr,
+                                      PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+PRFileDesc *DummyIOLayerMethods::Accept(PRFileDesc *sd, PRNetAddr *addr,
+                                        PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return nullptr;
+}
+
+PRStatus DummyIOLayerMethods::Bind(PRFileDesc *f, const PRNetAddr *addr) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+PRStatus DummyIOLayerMethods::Listen(PRFileDesc *f, int32_t depth) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+PRStatus DummyIOLayerMethods::Shutdown(PRFileDesc *f, int32_t how) {
+  return PR_SUCCESS;
+}
+
+int32_t DummyIOLayerMethods::Recv(PRFileDesc *f, void *buf, int32_t buflen,
+                                  int32_t flags, PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+// Note: this is always nonblocking and assumes a zero timeout.
+int32_t DummyIOLayerMethods::Send(PRFileDesc *f, const void *buf,
+                                  int32_t amount, int32_t flags,
+                                  PRIntervalTime to) {
+  return Write(f, buf, amount);
+}
+
+int32_t DummyIOLayerMethods::Recvfrom(PRFileDesc *f, void *buf, int32_t amount,
+                                      int32_t flags, PRNetAddr *addr,
+                                      PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int32_t DummyIOLayerMethods::Sendto(PRFileDesc *f, const void *buf,
+                                    int32_t amount, int32_t flags,
+                                    const PRNetAddr *addr, PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int16_t DummyIOLayerMethods::Poll(PRFileDesc *f, int16_t in_flags,
+                                  int16_t *out_flags) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int32_t DummyIOLayerMethods::AcceptRead(PRFileDesc *sd, PRFileDesc **nd,
+                                        PRNetAddr **raddr, void *buf,
+                                        int32_t amount, PRIntervalTime t) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int32_t DummyIOLayerMethods::TransmitFile(PRFileDesc *sd, PRFileDesc *f,
+                                          const void *headers, int32_t hlen,
+                                          PRTransmitFileFlags flags,
+                                          PRIntervalTime t) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+// TODO: Modify to return unique names for each channel
+// somehow, as opposed to always the same static address. The current
+// implementation messes up the session cache, which is why it's off
+// elsewhere
+PRStatus DummyIOLayerMethods::Getpeername(PRFileDesc *f, PRNetAddr *addr) {
+  addr->inet.family = PR_AF_INET;
+  addr->inet.port = 0;
+  addr->inet.ip = 0;
+
+  return PR_SUCCESS;
+}
+
+PRStatus DummyIOLayerMethods::Getsockname(PRFileDesc *f, PRNetAddr *addr) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+PRStatus DummyIOLayerMethods::Getsockoption(PRFileDesc *f,
+                                            PRSocketOptionData *opt) {
+  switch (opt->option) {
+    case PR_SockOpt_Nonblocking:
+      opt->value.non_blocking = PR_TRUE;
+      return PR_SUCCESS;
+    default:
+      UNIMPLEMENTED();
+      break;
+  }
+
+  return PR_FAILURE;
+}
+
+PRStatus DummyIOLayerMethods::Setsockoption(PRFileDesc *f,
+                                            const PRSocketOptionData *opt) {
+  switch (opt->option) {
+    case PR_SockOpt_Nonblocking:
+      return PR_SUCCESS;
+    case PR_SockOpt_NoDelay:
+      return PR_SUCCESS;
+    default:
+      UNIMPLEMENTED();
+      break;
+  }
+
+  return PR_FAILURE;
+}
+
+int32_t DummyIOLayerMethods::Sendfile(PRFileDesc *out, PRSendFileData *in,
+                                      PRTransmitFileFlags flags,
+                                      PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+PRStatus DummyIOLayerMethods::ConnectContinue(PRFileDesc *f, int16_t flags) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+int32_t DummyIOLayerMethods::Reserved(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return -1;
+}
diff --git a/nss/cpputil/dummy_io.h b/nss/cpputil/dummy_io.h
new file mode 100644
index 0000000..797ac61
--- /dev/null
+++ b/nss/cpputil/dummy_io.h
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef dummy_io_h__
+#define dummy_io_h__
+
+#include "prerror.h"
+#include "prio.h"
+
+#include "scoped_ptrs.h"
+
+class DummyIOLayerMethods {
+ public:
+  static ScopedPRFileDesc CreateFD(PRDescIdentity id,
+                                   DummyIOLayerMethods *methods);
+
+  virtual PRStatus Close(PRFileDesc *f);
+  virtual int32_t Read(PRFileDesc *f, void *buf, int32_t length);
+  virtual int32_t Write(PRFileDesc *f, const void *buf, int32_t length);
+  virtual int32_t Available(PRFileDesc *f);
+  virtual int64_t Available64(PRFileDesc *f);
+  virtual PRStatus Sync(PRFileDesc *f);
+  virtual int32_t Seek(PRFileDesc *f, int32_t offset, PRSeekWhence how);
+  virtual int64_t Seek64(PRFileDesc *f, int64_t offset, PRSeekWhence how);
+  virtual PRStatus FileInfo(PRFileDesc *f, PRFileInfo *info);
+  virtual PRStatus FileInfo64(PRFileDesc *f, PRFileInfo64 *info);
+  virtual int32_t Writev(PRFileDesc *f, const PRIOVec *iov, int32_t iov_size,
+                         PRIntervalTime to);
+  virtual PRStatus Connect(PRFileDesc *f, const PRNetAddr *addr,
+                           PRIntervalTime to);
+  virtual PRFileDesc *Accept(PRFileDesc *sd, PRNetAddr *addr,
+                             PRIntervalTime to);
+  virtual PRStatus Bind(PRFileDesc *f, const PRNetAddr *addr);
+  virtual PRStatus Listen(PRFileDesc *f, int32_t depth);
+  virtual PRStatus Shutdown(PRFileDesc *f, int32_t how);
+  virtual int32_t Recv(PRFileDesc *f, void *buf, int32_t buflen, int32_t flags,
+                       PRIntervalTime to);
+  virtual int32_t Send(PRFileDesc *f, const void *buf, int32_t amount,
+                       int32_t flags, PRIntervalTime to);
+  virtual int32_t Recvfrom(PRFileDesc *f, void *buf, int32_t amount,
+                           int32_t flags, PRNetAddr *addr, PRIntervalTime to);
+  virtual int32_t Sendto(PRFileDesc *f, const void *buf, int32_t amount,
+                         int32_t flags, const PRNetAddr *addr,
+                         PRIntervalTime to);
+  virtual int16_t Poll(PRFileDesc *f, int16_t in_flags, int16_t *out_flags);
+  virtual int32_t AcceptRead(PRFileDesc *sd, PRFileDesc **nd, PRNetAddr **raddr,
+                             void *buf, int32_t amount, PRIntervalTime t);
+  virtual int32_t TransmitFile(PRFileDesc *sd, PRFileDesc *f,
+                               const void *headers, int32_t hlen,
+                               PRTransmitFileFlags flags, PRIntervalTime t);
+  virtual PRStatus Getpeername(PRFileDesc *f, PRNetAddr *addr);
+  virtual PRStatus Getsockname(PRFileDesc *f, PRNetAddr *addr);
+  virtual PRStatus Getsockoption(PRFileDesc *f, PRSocketOptionData *opt);
+  virtual PRStatus Setsockoption(PRFileDesc *f, const PRSocketOptionData *opt);
+  virtual int32_t Sendfile(PRFileDesc *out, PRSendFileData *in,
+                           PRTransmitFileFlags flags, PRIntervalTime to);
+  virtual PRStatus ConnectContinue(PRFileDesc *f, int16_t flags);
+  virtual int32_t Reserved(PRFileDesc *f);
+};
+
+#endif  // dummy_io_h__
diff --git a/nss/cpputil/dummy_io_fwd.cc b/nss/cpputil/dummy_io_fwd.cc
new file mode 100644
index 0000000..5e53d9e
--- /dev/null
+++ b/nss/cpputil/dummy_io_fwd.cc
@@ -0,0 +1,162 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prio.h"
+
+#include "dummy_io.h"
+
+static DummyIOLayerMethods *ToMethods(PRFileDesc *f) {
+  return reinterpret_cast<DummyIOLayerMethods *>(f->secret);
+}
+
+static PRStatus DummyClose(PRFileDesc *f) { return ToMethods(f)->Close(f); }
+
+static int32_t DummyRead(PRFileDesc *f, void *buf, int32_t length) {
+  return ToMethods(f)->Read(f, buf, length);
+}
+
+static int32_t DummyWrite(PRFileDesc *f, const void *buf, int32_t length) {
+  return ToMethods(f)->Write(f, buf, length);
+}
+
+static int32_t DummyAvailable(PRFileDesc *f) {
+  return ToMethods(f)->Available(f);
+}
+
+static int64_t DummyAvailable64(PRFileDesc *f) {
+  return ToMethods(f)->Available64(f);
+}
+
+static PRStatus DummySync(PRFileDesc *f) { return ToMethods(f)->Sync(f); }
+
+static int32_t DummySeek(PRFileDesc *f, int32_t offset, PRSeekWhence how) {
+  return ToMethods(f)->Seek(f, offset, how);
+}
+
+static int64_t DummySeek64(PRFileDesc *f, int64_t offset, PRSeekWhence how) {
+  return ToMethods(f)->Seek64(f, offset, how);
+}
+
+static PRStatus DummyFileInfo(PRFileDesc *f, PRFileInfo *info) {
+  return ToMethods(f)->FileInfo(f, info);
+}
+
+static PRStatus DummyFileInfo64(PRFileDesc *f, PRFileInfo64 *info) {
+  return ToMethods(f)->FileInfo64(f, info);
+}
+
+static int32_t DummyWritev(PRFileDesc *f, const PRIOVec *iov, int32_t iov_size,
+                           PRIntervalTime to) {
+  return ToMethods(f)->Writev(f, iov, iov_size, to);
+}
+
+static PRStatus DummyConnect(PRFileDesc *f, const PRNetAddr *addr,
+                             PRIntervalTime to) {
+  return ToMethods(f)->Connect(f, addr, to);
+}
+
+static PRFileDesc *DummyAccept(PRFileDesc *f, PRNetAddr *addr,
+                               PRIntervalTime to) {
+  return ToMethods(f)->Accept(f, addr, to);
+}
+
+static PRStatus DummyBind(PRFileDesc *f, const PRNetAddr *addr) {
+  return ToMethods(f)->Bind(f, addr);
+}
+
+static PRStatus DummyListen(PRFileDesc *f, int32_t depth) {
+  return ToMethods(f)->Listen(f, depth);
+}
+
+static PRStatus DummyShutdown(PRFileDesc *f, int32_t how) {
+  return ToMethods(f)->Shutdown(f, how);
+}
+
+static int32_t DummyRecv(PRFileDesc *f, void *buf, int32_t buflen,
+                         int32_t flags, PRIntervalTime to) {
+  return ToMethods(f)->Recv(f, buf, buflen, flags, to);
+}
+
+static int32_t DummySend(PRFileDesc *f, const void *buf, int32_t amount,
+                         int32_t flags, PRIntervalTime to) {
+  return ToMethods(f)->Send(f, buf, amount, flags, to);
+}
+
+static int32_t DummyRecvfrom(PRFileDesc *f, void *buf, int32_t amount,
+                             int32_t flags, PRNetAddr *addr,
+                             PRIntervalTime to) {
+  return ToMethods(f)->Recvfrom(f, buf, amount, flags, addr, to);
+}
+
+static int32_t DummySendto(PRFileDesc *f, const void *buf, int32_t amount,
+                           int32_t flags, const PRNetAddr *addr,
+                           PRIntervalTime to) {
+  return ToMethods(f)->Sendto(f, buf, amount, flags, addr, to);
+}
+
+static int16_t DummyPoll(PRFileDesc *f, int16_t in_flags, int16_t *out_flags) {
+  return ToMethods(f)->Poll(f, in_flags, out_flags);
+}
+
+static int32_t DummyAcceptRead(PRFileDesc *f, PRFileDesc **nd,
+                               PRNetAddr **raddr, void *buf, int32_t amount,
+                               PRIntervalTime t) {
+  return ToMethods(f)->AcceptRead(f, nd, raddr, buf, amount, t);
+}
+
+static int32_t DummyTransmitFile(PRFileDesc *sd, PRFileDesc *f,
+                                 const void *headers, int32_t hlen,
+                                 PRTransmitFileFlags flags, PRIntervalTime t) {
+  return ToMethods(f)->TransmitFile(sd, f, headers, hlen, flags, t);
+}
+
+static PRStatus DummyGetpeername(PRFileDesc *f, PRNetAddr *addr) {
+  return ToMethods(f)->Getpeername(f, addr);
+}
+
+static PRStatus DummyGetsockname(PRFileDesc *f, PRNetAddr *addr) {
+  return ToMethods(f)->Getsockname(f, addr);
+}
+
+static PRStatus DummyGetsockoption(PRFileDesc *f, PRSocketOptionData *opt) {
+  return ToMethods(f)->Getsockoption(f, opt);
+}
+
+static PRStatus DummySetsockoption(PRFileDesc *f,
+                                   const PRSocketOptionData *opt) {
+  return ToMethods(f)->Setsockoption(f, opt);
+}
+
+static int32_t DummySendfile(PRFileDesc *f, PRSendFileData *in,
+                             PRTransmitFileFlags flags, PRIntervalTime to) {
+  return ToMethods(f)->Sendfile(f, in, flags, to);
+}
+
+static PRStatus DummyConnectContinue(PRFileDesc *f, int16_t flags) {
+  return ToMethods(f)->ConnectContinue(f, flags);
+}
+
+static int32_t DummyReserved(PRFileDesc *f) {
+  return ToMethods(f)->Reserved(f);
+}
+
+extern const struct PRIOMethods DummyMethodsForward = {
+    PR_DESC_LAYERED,    DummyClose,
+    DummyRead,          DummyWrite,
+    DummyAvailable,     DummyAvailable64,
+    DummySync,          DummySeek,
+    DummySeek64,        DummyFileInfo,
+    DummyFileInfo64,    DummyWritev,
+    DummyConnect,       DummyAccept,
+    DummyBind,          DummyListen,
+    DummyShutdown,      DummyRecv,
+    DummySend,          DummyRecvfrom,
+    DummySendto,        DummyPoll,
+    DummyAcceptRead,    DummyTransmitFile,
+    DummyGetsockname,   DummyGetpeername,
+    DummyReserved,      DummyReserved,
+    DummyGetsockoption, DummySetsockoption,
+    DummySendfile,      DummyConnectContinue,
+    DummyReserved,      DummyReserved,
+    DummyReserved,      DummyReserved};
diff --git a/nss/cpputil/scoped_ptrs.h b/nss/cpputil/scoped_ptrs.h
new file mode 100644
index 0000000..a235198
--- /dev/null
+++ b/nss/cpputil/scoped_ptrs.h
@@ -0,0 +1,63 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef scoped_ptrs_h__
+#define scoped_ptrs_h__
+
+#include <memory>
+#include "cert.h"
+#include "keyhi.h"
+#include "pk11pub.h"
+
+struct ScopedDelete {
+  void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
+  void operator()(CERTCertificateList* list) {
+    CERT_DestroyCertificateList(list);
+  }
+  void operator()(CERTCertList* list) { CERT_DestroyCertList(list); }
+  void operator()(CERTSubjectPublicKeyInfo* spki) {
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+  }
+  void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
+  void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
+  void operator()(PRFileDesc* fd) { PR_Close(fd); }
+  void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
+  void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
+  void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
+  void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
+  void operator()(SECKEYPrivateKeyList* list) {
+    SECKEY_DestroyPrivateKeyList(list);
+  }
+};
+
+template <class T>
+struct ScopedMaybeDelete {
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDelete del;
+      del(ptr);
+    }
+  }
+};
+
+#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
+
+SCOPED(CERTCertificate);
+SCOPED(CERTCertificateList);
+SCOPED(CERTCertList);
+SCOPED(CERTSubjectPublicKeyInfo);
+SCOPED(PK11SlotInfo);
+SCOPED(PK11SymKey);
+SCOPED(PRFileDesc);
+SCOPED(SECAlgorithmID);
+SCOPED(SECItem);
+SCOPED(SECKEYPublicKey);
+SCOPED(SECKEYPrivateKey);
+SCOPED(SECKEYPrivateKeyList);
+
+#undef SCOPED
+
+#endif  // scoped_ptrs_h__
diff --git a/nss/doc/.hgignore b/nss/doc/.hgignore
new file mode 100644
index 0000000..b3a4c42
--- /dev/null
+++ b/nss/doc/.hgignore
@@ -0,0 +1,3 @@
+date.xml
+version.xml
+
diff --git a/nss/doc/Makefile b/nss/doc/Makefile
new file mode 100644
index 0000000..444a81a
--- /dev/null
+++ b/nss/doc/Makefile
@@ -0,0 +1,69 @@
+#! gmake
+#
+# Creates man pages for the NSS security tools
+#
+# pk12util, certutil, modutil, ssltap, 
+# signtool, signver, cmsutil, crlutil,  
+# derdump, pp, vfychain, vfyserv
+#
+
+.SUFFIXES: .html .txt .1 .xml
+
+COMPILE.1 = xmlto -o nroff man
+COMPILE.html = xmlto -o html html
+
+# the name of the tar ball
+name = nss-man
+date = `date +"%Y%m%d"`
+
+all: prepare all-man all-html
+
+prepare: date-and-version
+	mkdir -p html
+	mkdir -p nroff
+	
+clean:
+	rm -f date.xml version.xml *.tar.bz2
+	rm -f html/*.proc
+	rm -fr $(name) ascii
+
+date-and-version: date.xml version.xml
+
+date.xml:
+	date +"%e %B %Y" | tr -d '\n' > $@
+
+version.xml:
+	echo -n ${VERSION} > $@
+
+.PHONY : $(MANPAGES)
+.PHONY : $(HTMLPAGES)
+.PHONY : $(TXTPAGES)
+
+#--------------------------------------------------------
+# manpages
+#--------------------------------------------------------
+
+nroff/%.1 : %.xml
+	$(COMPILE.1) $<
+	
+MANPAGES = \
+nroff/certutil.1 nroff/cmsutil.1 nroff/crlutil.1 nroff/pk12util.1 \
+nroff/modutil.1 nroff/ssltap.1 nroff/derdump.1 nroff/signtool.1 nroff/signver.1 \
+nroff/pp.1 nroff/vfychain.1 nroff/vfyserv.1
+
+all-man: prepare $(MANPAGES)
+
+#--------------------------------------------------------
+# html pages
+#--------------------------------------------------------
+
+html/%.html : %.xml
+	$(COMPILE.html) $<
+	mv html/index.html $@
+
+HTMLPAGES = \
+html/certutil.html html/cmsutil.html html/crlutil.html html/pk12util.html html/modutil.html \
+html/ssltap.html html/derdump.html html/signtool.html html/signver.html html/pp.html \
+html/vfychain.html html/vfyserv.html
+
+all-html: prepare $(HTMLPAGES)
diff --git a/nss/doc/README b/nss/doc/README
new file mode 100644
index 0000000..a579a2f
--- /dev/null
+++ b/nss/doc/README
@@ -0,0 +1,7 @@
+A convenient tool to edit these files is
+  https://sourceforge.net/projects/xml-copy-editor/
+
+Assuming the documentation text will remain plain US-ASCII,
+please disable the option
+  "Save UTF-8 byte order mark".
+
diff --git a/nss/doc/certutil.xml b/nss/doc/certutil.xml
new file mode 100644
index 0000000..461b213
--- /dev/null
+++ b/nss/doc/certutil.xml
@@ -0,0 +1,1243 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="certutil">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>CERTUTIL</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>certutil</refname>
+    <refpurpose>Manage keys and certificate in both NSS databases and other NSS tokens</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>certutil</command>
+      <arg><replaceable>options</replaceable></arg>
+      <arg>[<replaceable>arguments</replaceable>]</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+<refsection id="description">
+    <title>Description</title>
+
+    <para>The Certificate Database Tool, <command>certutil</command>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</para>
+    <para>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <command>modutil</command> manpage.</para>
+
+  </refsection>
+  
+  <refsection id="options">
+    <title>Command Options and Arguments</title>
+	<para>Running <command>certutil</command> always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <option>-H</option> will list all the command options and their relevant arguments.</para>
+   	<para><command>Command Options</command></para> 
+    <variablelist>
+
+      <varlistentry>
+        <term>-A </term>
+        <listitem><para>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-B</term>
+        <listitem><para>Run a series of commands from the specified batch file. This requires the <option>-i</option> argument.</para></listitem>
+      </varlistentry>
+    
+      <varlistentry>
+        <term>-C </term>
+        <listitem><para>Create a new binary certificate file from a binary certificate request file. Use the <option>-i</option> argument to specify the certificate request file. If this argument is not used, <command>certutil</command> prompts for a filename. </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-D </term>
+        <listitem><para>Delete a certificate from the certificate database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--rename </term>
+        <listitem><para>Change the database nickname of a certificate.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-E </term>
+        <listitem><para>Add an email certificate to the certificate database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-F</term>
+        <listitem><para>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the 
+<option>-d</option> argument. Use the <option>-k</option> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <option>-k</option> argument, the option looks for an RSA key matching the specified nickname. 
+</para>
+<para>
+When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname. </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-G </term>
+        <listitem><para>Generate a new public and private key pair within a key database. The key database should already exist; if one is not present, this command option will initialize one by default. Some smart cards can store only one key pair. If you create a new key pair for such a card, the previous pair is overwritten.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-H </term>
+        <listitem><para>Display a list of the command options and arguments.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-K </term>
+        <listitem><para>List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-L </term>
+        <listitem><para>List all the certificates, or display information about a named certificate, in a certificate database.
+Use the -h tokenname argument to specify the certificate database on a particular hardware or software token.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-M </term>
+        <listitem><para>Modify a certificate's trust attributes using the values of the -t argument.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-N</term>
+        <listitem><para>Create new certificate and key databases.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-O </term>
+        <listitem><para>Print the certificate chain.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-R</term>
+        <listitem><para>Create a certificate request file that can be submitted to a Certificate Authority (CA) for processing into a finished certificate. Output defaults to standard out unless you use -o output-file argument.
+
+Use the -a argument to specify ASCII output.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-S </term>
+        <listitem><para>Create an individual certificate and add it to a certificate database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-T </term>
+        <listitem><para>Reset the key database or token.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-U </term>
+        <listitem><para>List all available modules or print a single named module.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-V </term>
+        <listitem><para>Check the validity of a certificate and its attributes.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-W </term>
+        <listitem><para>Change the password to a key database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--merge</term>
+        <listitem><para>Merge two databases into one.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--upgrade-merge</term>
+        <listitem><para>Upgrade an old database and merge it into a new database. This is used to migrate legacy NSS databases (<filename>cert8.db</filename> and <filename>key3.db</filename>) into the newer SQLite databases (<filename>cert9.db</filename> and <filename>key4.db</filename>).</para></listitem>
+      </varlistentry>
+	</variablelist>
+
+	<para><command>Arguments</command></para>
+	<para>Arguments modify a command option and are usually lower case, numbers, or symbols.</para>
+	<variablelist>
+      <varlistentry>
+        <term>-a</term>
+        <listitem><para>Use ASCII format or allow the use of ASCII format for input or output. This formatting follows RFC 1113. 
+For certificate requests, ASCII output defaults to standard output unless redirected.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-b validity-time</term>
+        <listitem><para>Specify a time at which a certificate is required to be valid. Use when checking certificate validity with the <option>-V</option> option. The format of the <emphasis>validity-time</emphasis> argument is <emphasis>YYMMDDHHMMSS[+HHMM|-HHMM|Z]</emphasis>, which allows offsets to be set relative to the validity end time. Specifying seconds (<emphasis>SS</emphasis>) is optional. When specifying an explicit time, use a Z at the end of the term, <emphasis>YYMMDDHHMMSSZ</emphasis>, to close it. When specifying an offset time, use <emphasis>YYMMDDHHMMSS+HHMM</emphasis> or <emphasis>YYMMDDHHMMSS-HHMM</emphasis> for adding or subtracting time, respectively.
+</para>
+<para>
+If this option is not used, the validity check defaults to the current system time.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-c issuer</term>
+        <listitem><para>Identify the certificate of the CA from which a new certificate will derive its authenticity. 
+ Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string 
+ with quotation marks if it contains spaces. </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-d [prefix]directory</term>
+        <listitem>
+          <para>Specify the database directory containing the certificate and key database files.</para>
+          <para><command>certutil</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). </para>
+          <para>NSS recognizes the following prefixes:</para>
+          <itemizedlist>
+            <listitem><para><command>sql:</command> requests the newer database</para></listitem>
+	    <listitem><para><command>dbm:</command> requests the legacy database</para></listitem>
+          </itemizedlist>
+          <para>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <command>dbm:</command> is the default.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--dump-ext-val OID </term>
+        <listitem><para>For single cert, print binary DER encoding of extension OID.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-e </term>
+        <listitem><para>Check a certificate's signature during the process of validating a certificate.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--email email-address</term>
+        <listitem><para>Specify the email address of a certificate to list. Used with the -L command option.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]... </term>
+        <listitem>
+          <para>
+Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.
+           </para>
+	<itemizedlist>
+	<listitem>
+<para>OID (example): 1.2.3.4</para>
+	</listitem>
+	<listitem>
+<para>critical-flag: critical or not-critical</para>
+	</listitem>
+	<listitem>
+<para>filename: full path to a file containing an encoded extension</para>
+	</listitem>
+	</itemizedlist>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-f password-file</term>
+        <listitem><para>Specify a file that will automatically supply the password to include in a certificate 
+ or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent 
+ unauthorized access to this file.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-g keysize</term>
+        <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.</para></listitem>
+      </varlistentry>
+
+
+      <varlistentry>
+        <term>-h tokenname</term>
+        <listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para></listitem>
+      </varlistentry>
+
+     <varlistentry>
+        <term>-i input_file</term>
+        <listitem><para>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-k key-type-or-id</term>
+        <listitem>
+          <para>Specify the type or specific ID of a key.</para>
+          <para>
+           The valid key type options are rsa, dsa, ec, or all. The default 
+           value is rsa. Specifying the type of key can avoid mistakes caused by
+           duplicate nicknames. Giving a key type generates a new key pair; 
+           giving the ID of an existing key reuses that key pair (which is 
+           required to renew certificates).
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-l </term>
+        <listitem><para>Display detailed information when validating a certificate with the -V option.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-m serial-number</term>
+        <listitem><para>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-n nickname</term>
+        <listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-o output-file</term>
+        <listitem><para>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-P dbPrefix</term>
+        <listitem><para>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-p phone</term>
+        <listitem><para>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-q pqgfile or curve-name</term>
+        <listitem>
+        <para>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <command>certutil</command> generates its own PQG value. PQG files are created with a separate DSA utility.</para>
+        <para>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</para>
+        <para>
+           If a token is available that supports more curves, the foolowing curves are supported as well:
+           sect163k1, nistk163, sect163r1, sect163r2,
+           nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
+           sect233r1, nistb233, sect239k1, sect283k1, nistk283,
+           sect283r1, nistb283, sect409k1, nistk409, sect409r1,
+           nistb409,  sect571k1, nistk571, sect571r1, nistb571,
+           secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
+           nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
+           secp256r1, secp384r1, secp521r1,
+           prime192v1, prime192v2, prime192v3,
+           prime239v1, prime239v2, prime239v3, c2pnb163v1,
+           c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
+           c2tnb191v2, c2tnb191v3,
+           c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
+           c2pnb272w1, c2pnb304w1,
+           c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
+           secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
+           sect131r1, sect131r2
+        </para>
+        </listitem>
+        
+      </varlistentry>
+
+      <varlistentry>
+        <term>-r </term>
+        <listitem><para>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-s subject</term>
+        <listitem><para>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-t trustargs</term>
+        <listitem><para>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <emphasis>SSL, email, object signing</emphasis> for each trust setting. In each category position, use none, any, or all
+of the attribute codes: 
+	</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		<command>p</command> - Valid peer
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		<command>P</command> - Trusted peer (implies p)
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		<command>c</command> - Valid CA
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		<command>C</command> - Trusted CA (implies c)
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		<command>T</command> - trusted CA for client authentication (ssl server only)
+	</para>
+	</listitem>
+	</itemizedlist>
+	<para>
+		The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:
+	</para>
+<para><command>-t "TC,C,T"</command></para>
+	<para>
+	Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </para>
+	<para>
+	Note that the output of the -L option may include "u" flag, which means that there is a private key associated with the certificate. It is a dynamic flag and you cannot set it with certutil. </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-u certusage</term>
+        <listitem><para>Specify a usage context to apply when validating a certificate with the -V option.</para><para>The contexts are the following:</para>
+	<itemizedlist>
+	<listitem>
+<para><command>C</command> (as an SSL client)</para>
+	</listitem>
+	<listitem>
+<para><command>V</command> (as an SSL server)</para>
+	</listitem>
+	<listitem>
+<para><command>L</command> (as an SSL CA)</para>
+	</listitem>
+	<listitem>
+<para><command>A</command> (as Any CA)</para>
+	</listitem>
+	<listitem>
+<para><command>Y</command> (Verify CA)</para>
+	</listitem>
+	<listitem>
+<para><command>S</command> (as an email signer)</para>
+	</listitem>
+	<listitem>
+<para><command>R</command> (as an email recipient)</para>
+	</listitem>
+	<listitem>
+<para><command>O</command> (as an OCSP status responder)</para>
+	</listitem>
+	<listitem>
+<para><command>J</command> (as an object signer)</para>
+	</listitem>
+	</itemizedlist></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-v valid-months</term>
+        <listitem><para>Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the <option>-w</option> option. If this argument is not used, the default validity period is three months. </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-w offset-months</term>
+        <listitem><para>Set an offset from the current system time, in months, 
+ for the beginning of a certificate's validity period. Use when creating 
+ the certificate or adding it to a database. Express the offset in integers, 
+ using a minus sign (-) to indicate a negative offset. If this argument is 
+ not used, the validity period begins at the current system time. The length 
+ of the validity period is set with the -v argument. </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-X </term>
+        <listitem><para>Force the key and certificate database to open in read-write mode. This is used with the <option>-U</option> and <option>-L</option> command options.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-x </term>
+        <listitem><para>Use <command>certutil</command> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-y exp</term>
+        <listitem><para>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-z noise-file</term>
+        <listitem><para>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-Z hashAlg</term>
+        <listitem>
+        <para>Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:</para>
+        <itemizedlist>
+          <listitem><para>MD2</para></listitem>
+          <listitem><para>MD4</para></listitem>
+          <listitem><para>MD5</para></listitem>
+          <listitem><para>SHA1</para></listitem>
+          <listitem><para>SHA224</para></listitem>
+          <listitem><para>SHA256</para></listitem>
+          <listitem><para>SHA384</para></listitem>
+          <listitem><para>SHA512</para></listitem>
+        </itemizedlist>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-0 SSO_password</term>
+        <listitem><para>Set a site security officer password on a token.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-1 | --keyUsage keyword,keyword</term>
+        <listitem><para>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		digitalSignature
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		nonRepudiation
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		keyEncipherment
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		dataEncipherment
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		keyAgreement
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		certSigning
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		crlSigning
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		critical
+	</para>
+	</listitem>
+	</itemizedlist>
+</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-2 </term>
+        <listitem><para>Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. <command>certutil</command> prompts for the certificate constraint extension to select.</para>
+<para>X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-3 </term>
+        <listitem><para>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</para>
+<para>X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-4 </term>
+        <listitem><para>Add a CRL distribution point extension to a certificate that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). <command>certutil</command> prompts for the URL.</para>
+<para>X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-5 | --nsCertType keyword,keyword</term>
+        <listitem><para>Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		sslClient
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		sslServer
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		smime
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		objectSigning
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		sslCA
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		smimeCA
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		objectSigningCA
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		critical
+	</para>
+	</listitem>
+	</itemizedlist>
+
+<para>X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-6 | --extKeyUsage keyword,keyword</term>
+        <listitem><para>Add an extended key usage extension to a certificate that is being created or added to the database. Several keywords are available:</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		serverAuth
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		clientAuth
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		codeSigning
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		emailProtection
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		timeStamp
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		ocspResponder
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		stepUp
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		msTrustListSign
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		critical
+	</para>
+	</listitem>
+	</itemizedlist>
+<para>X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-7 emailAddrs</term>
+        <listitem><para>Add a comma-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-8 dns-names</term>
+        <listitem><para>Add a comma-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extAIA</term>
+        <listitem><para>Add the Authority Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extSIA</term>
+        <listitem><para>Add the Subject Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extCP</term>
+        <listitem><para>Add the Certificate Policies extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extPM</term>
+        <listitem><para>Add the Policy Mappings extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extPC</term>
+        <listitem><para>Add the Policy Constraints extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extIA</term>
+        <listitem><para>Add the Inhibit Any Policy Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extSKID</term>
+        <listitem><para>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extNC</term>
+        <listitem><para>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--extSAN type:name[,type:name]...</term>
+        <listitem><para>
+Create a Subject Alt Name extension with one or multiple names.
+          </para>
+          <para>
+-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr
+        </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--empty-password</term>
+        <listitem><para>Use empty password when creating new certificate database with -N.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--keyAttrFlags attrflags</term>
+        <listitem><para>
+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--keyOpFlagsOn opflags</term>
+        <term>--keyOpFlagsOff opflags</term>
+        <listitem><para>
+PKCS #11 key Operation Flags.
+Comma separated list of one or more of the following:
+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
+          </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--new-n nickname</term>
+        <listitem><para>A new nickname, used when renaming a certificate.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--source-dir certdir</term>
+        <listitem><para>Identify the certificate database directory to upgrade.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--source-prefix certdir</term>
+        <listitem><para>Give the prefix of the certificate and key databases to upgrade.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--upgrade-id uniqueID</term>
+        <listitem><para>Give the unique ID of the database to upgrade.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--upgrade-token-name name</term>
+        <listitem><para>Set the name of the token to use while it is being upgraded.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-@ pwfile</term>
+        <listitem><para>Give the name of a password file to use for the database being upgraded.</para></listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsection>
+
+  <refsection id="basic-usage">
+    <title>Usage and Examples</title>
+	<para>
+		Most of the command options in the examples listed here have more arguments available. The arguments included in these examples are the most common ones or are used to illustrate a specific scenario. Use the <option>-H</option> option to show the complete list of arguments for each command option.
+	</para>
+	<para><command>Creating New Security Databases</command></para>
+	<para>
+		Certificates, keys, and security modules related to managing certificates are stored in three related databases:
+	</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		cert8.db or cert9.db
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		key3.db or key4.db
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		secmod.db or pkcs11.txt
+	</para>
+	</listitem>
+	</itemizedlist>
+	<para>
+		These databases must be created before certificates or keys can be generated.
+	</para>
+<programlisting>certutil -N -d [sql:]directory</programlisting>
+
+	<para><command>Creating a Certificate Request</command></para>
+	<para>
+		A certificate request contains most or all of the information that is used to generate the final certificate. This request is submitted separately to a certificate authority and is then approved by some mechanism (automatically or by human review). Once the request is approved, then the certificate is generated.
+	</para>
+<programlisting>$ certutil -R -k key-type-or-id [-q pqgfile|curve-name] -g key-size -s subject [-h tokenname] -d [sql:]directory [-p phone] [-o output-file] [-a]</programlisting>
+	<para>
+		The <option>-R</option> command options requires four arguments:
+	</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		<option>-k</option> to specify either the key type to generate or, when renewing a certificate, the existing key pair to use
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		<option>-g</option> to set the keysize of the key to generate
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		<option>-s</option> to set the subject name of the certificate
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		<option>-d</option> to give the security database directory
+	</para>
+	</listitem>
+	</itemizedlist>
+	<para>
+		The new certificate request can be output in ASCII format (<option>-a</option>) or can be written to a specified file (<option>-o</option>).
+	</para>
+	<para>
+		For example:
+	</para>
+<programlisting>$ certutil -R -k rsa -g 1024 -s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" -d sql:$HOME/nssdb -p 650-555-0123 -a -o cert.cer
+
+Generating key.  This may take a few moments...
+
+</programlisting>
+
+	<para><command>Creating a Certificate</command></para>
+	<para>
+		A valid certificate must be issued by a trusted CA. This can be done by specifying a CA certificate (<option>-c</option>) that is stored in the certificate database. If a CA key pair is not available, you can create a self-signed certificate using the <option>-x</option> argument with the <option>-S</option> command option.
+	</para>
+<programlisting>$ certutil -S -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t trustargs -d [sql:]directory [-m serial-number] [-v valid-months] [-w offset-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA] [--extSKID]</programlisting>
+	<para>
+		The series of numbers and <option>--ext*</option> options set certificate extensions that can be added to the certificate when it is generated by the CA. Interactive prompts will result.
+	</para>
+	<para>
+		For example, this creates a self-signed certificate:
+	</para>
+<programlisting>$ certutil -S -s "CN=Example CA" -n my-ca-cert -x -t "C,C,C" -1 -2 -5 -m 3650</programlisting>
+	<para>
+The interative prompts for key usage and whether any extensions are critical and responses have been ommitted for brevity.
+	</para>
+	<para>
+		From there, new certificates can reference the self-signed certificate:
+	</para>
+<programlisting>$ certutil -S -s "CN=My Server Cert" -n my-server-cert -c "my-ca-cert" -t ",," -1 -5 -6 -8 -m 730</programlisting>
+
+	<para><command>Generating a Certificate from a Certificate Request</command></para>
+	<para>
+		When a certificate request is created, a certificate can be generated by using the request and then referencing a certificate authority signing certificate (the <emphasis>issuer</emphasis> specified in the <option>-c</option> argument). The issuing certificate must be in the certificate database in the specified directory.
+	</para>
+<programlisting>certutil -C -c issuer -i cert-request-file -o output-file [-m serial-number] [-v valid-months] [-w offset-months] -d [sql:]directory [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names]</programlisting>
+	<para>
+		For example:
+	</para>
+<programlisting>$ certutil -C -c "my-ca-cert" -i /home/certs/cert.req -o cert.cer -m 010 -v 12 -w 1 -d sql:$HOME/nssdb -1 nonRepudiation,dataEncipherment -5 sslClient -6 clientAuth -7 jsmith@example.com</programlisting>
+
+	<para><command>Listing Certificates</command></para>
+	<para>
+		The <option>-L</option> command option lists all of the certificates listed in the certificate database. The path to the directory (<option>-d</option>) is required.
+	</para>
+<programlisting>$ certutil -L -d sql:/home/my/sharednssdb
+
+Certificate Nickname                                         Trust Attributes
+                                                             SSL,S/MIME,JAR/XPI
+
+CA Administrator of Instance pki-ca1's Example Domain ID     u,u,u
+TPS Administrator's Example Domain ID                        u,u,u
+Google Internet Authority                                    ,,   
+Certificate Authority - Example Domain                       CT,C,C</programlisting>
+	<para>
+		Using additional arguments with <option>-L</option> can return and print the information for a single, specific certificate. For example, the <option>-n</option> argument passes the certificate name, while the <option>-a</option> argument prints the certificate in ASCII format:
+	</para>
+<programlisting>
+$ certutil -L -d sql:$HOME/nssdb -a -n my-ca-cert
+-----BEGIN CERTIFICATE-----
+MIIB1DCCAT2gAwIBAgICDkIwDQYJKoZIhvcNAQEFBQAwFTETMBEGA1UEAxMKRXhh
+bXBsZSBDQTAeFw0xMzAzMTMxOTEwMjlaFw0xMzA2MTMxOTEwMjlaMBUxEzARBgNV
+BAMTCkV4YW1wbGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4Kzqvz
+JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0Cul/6sO/gsCvnABHiH6unns6x
+XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
+0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
+AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
+AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
+XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
+ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
+-----END CERTIFICATE-----
+</programlisting>
+<para>For a human-readable display</para>
+<programlisting>$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3650 (0xe42)
+        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
+        Issuer: "CN=Example CA"
+        Validity:
+            Not Before: Wed Mar 13 19:10:29 2013
+            Not After : Thu Jun 13 19:10:29 2013
+        Subject: "CN=Example CA"
+        Subject Public Key Info:
+            Public Key Algorithm: PKCS #1 RSA Encryption
+            RSA Public Key:
+                Modulus:
+                    9e:0a:ce:ab:f3:27:20:55:80:5a:83:5d:16:12:c9:30:
+                    4d:c3:50:eb:c5:45:3f:dc:6b:d6:03:f9:e0:8c:0c:07:
+                    12:fd:02:ba:5f:fa:b0:ef:e0:b0:2b:e7:00:11:e2:1f:
+                    ab:a7:9e:ce:b1:5d:1c:cf:39:19:42:d9:66:37:82:49:
+                    3b:be:69:6c:2e:f6:29:c9:e7:0d:6b:30:22:fc:d0:30:
+                    56:75:3f:eb:a1:ce:b1:aa:15:15:61:3e:80:14:28:f7:
+                    d5:2b:37:6c:a4:d0:18:8a:fc:63:05:94:b9:b9:75:74:
+                    11:3a:00:3d:64:a2:b2:15:d2:34:2c:85:ed:7f:a4:9b
+                Exponent: 65537 (0x10001)
+        Signed Extensions:
+            Name: Certificate Type
+            Data: none
+
+            Name: Certificate Basic Constraints
+            Data: Is a CA with no maximum path length.
+
+            Name: Certificate Key Usage
+            Critical: True
+            Usages: Certificate Signing
+
+    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
+    Signature:
+        3a:72:19:33:90:00:8d:db:cd:5d:d6:32:8c:ad:cf:91:
+        1c:6d:94:31:a4:32:c6:2b:5e:68:b5:59:3b:e4:68:d6:
+        79:d1:52:fb:1e:0d:fd:3d:5c:a6:05:c0:f3:09:8d:60:
+        a2:85:59:2e:e9:bc:3f:8a:16:5f:b8:c1:e1:c4:ad:b6:
+        36:e7:ba:8a:73:50:e9:e0:ee:ed:69:ab:a8:bf:33:de:
+        25:2b:43:0c:6c:f9:68:85:a1:bd:ab:6f:c5:d1:55:52:
+        64:cd:77:57:c6:59:38:ba:8d:d4:b4:db:f0:f2:c0:33:
+        ee:c5:83:ef:5a:b1:29:a2:07:53:9a:b8:f7:38:a3:7e
+    Fingerprint (MD5):
+        86:D8:A5:8B:8A:26:BE:9E:17:A8:7B:66:10:6B:27:80
+    Fingerprint (SHA1):
+        48:78:09:EF:C5:D4:0C:BD:D2:64:45:59:EB:03:13:15:F7:A9:D6:F7
+
+    Certificate Trust Flags:
+        SSL Flags:
+            Valid CA
+            Trusted CA
+            User
+        Email Flags:
+            Valid CA
+            Trusted CA
+            User
+        Object Signing Flags:
+            Valid CA
+            Trusted CA
+            User
+
+</programlisting>
+
+	<para><command>Listing Keys</command></para>
+	<para>
+		Keys are the original material used to encrypt certificate data. The keys generated for certificates are stored separately, in the key database. 
+	</para>
+	<para>
+		To list all keys in the database, use the <option>-K</option> command option and the (required) <option>-d</option> argument to give the path to the directory.
+	</para>
+<programlisting>$ certutil -K -d sql:$HOME/nssdb
+certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services                  "
+&lt; 0> rsa      455a6673bde9375c2887ec8bf8016b3f9f35861d   Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+&lt; 1> rsa      40defeeb522ade11090eacebaaf1196a172127df   Example Domain Administrator Cert
+&lt; 2> rsa      1d0b06f44f6c03842f7d4f4a1dc78b3bcd1b85a5   John Smith user cert</programlisting>
+	<para>
+		There are ways to narrow the keys listed in the search results:
+	</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		To return a specific key, use the <option>-n</option> <emphasis>name</emphasis> argument with the name of the key.
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		If there are multiple security devices loaded, then the <option>-h</option> <emphasis>tokenname</emphasis> argument can search a specific token or all tokens.
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		If there are multiple key types available, then the <option>-k</option> <emphasis>key-type</emphasis> argument can search a specific type of key, like RSA, DSA, or ECC. 
+	</para>
+	</listitem>
+	</itemizedlist>
+
+	<para><command>Listing Security Modules</command></para>
+	<para>
+		The devices that can be used to store certificates -- both internal databases and external devices like smart cards -- are recognized and used by loading security modules. The <option>-U</option> command option lists all of the security modules listed in the <filename>secmod.db</filename> database. The path to the directory (<option>-d</option>) is required.
+	</para>
+<programlisting>$ certutil -U -d sql:/home/my/sharednssdb
+
+    slot: NSS User Private Key and Certificate Services                  
+   token: NSS Certificate DB
+
+    slot: NSS Internal Cryptographic Services                            
+   token: NSS Generic Crypto Services</programlisting>
+
+	<para><command>Adding Certificates to the Database</command></para>
+	<para>
+		Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere. This uses the <option>-A</option> command option.
+	</para>
+<programlisting>certutil -A -n certname -t trustargs -d [sql:]directory [-a] [-i input-file]</programlisting>
+	<para>
+		For example:
+	</para>
+<programlisting>$ certutil -A -n "CN=My SSL Certificate" -t ",," -d sql:/home/my/sharednssdb -i /home/example-certs/cert.cer</programlisting>
+	<para>
+		A related command option, <option>-E</option>, is used specifically to add email certificates to the certificate database. The <option>-E</option> command has the same arguments as the <option>-A</option> command. The trust arguments for certificates have the format <emphasis>SSL,S/MIME,Code-signing</emphasis>, so the middle trust settings relate most to email certificates (though the others can be set). For example:
+	</para>
+<programlisting>$ certutil -E -n "CN=John Smith Email Cert" -t ",P," -d sql:/home/my/sharednssdb -i /home/example-certs/email.cer</programlisting>
+
+	<para><command>Deleting Certificates to the Database</command></para>
+	<para>
+		Certificates can be deleted from a database using the <option>-D</option> option. The only required options are to give the security database directory and to identify the certificate nickname.
+	</para>
+<programlisting>certutil -D -d [sql:]directory -n "nickname"</programlisting>
+	<para>
+		For example:
+	</para>
+<programlisting>$ certutil -D -d sql:/home/my/sharednssdb -n "my-ssl-cert"</programlisting>
+
+	<para><command>Validating Certificates</command></para>
+	<para>
+		A certificate contains an expiration date in itself, and expired certificates are easily rejected. However, certificates can also be revoked before they hit their expiration date. Checking whether a certificate has been revoked requires validating the certificate. Validation can also be used to ensure that the certificate is only used for the purposes it was initially issued for. Validation is carried out by the <option>-V</option> command option.
+	</para>
+<programlisting>certutil -V -n certificate-name [-b time] [-e] [-u cert-usage] -d [sql:]directory</programlisting>
+	<para>
+		For example, to validate an email certificate:
+	</para>
+<programlisting>$ certutil -V -n "John Smith's Email Cert" -e -u S,R -d sql:/home/my/sharednssdb</programlisting>
+
+	<para><command>Modifying Certificate Trust Settings</command></para>
+	<para>
+		The trust settings (which relate to the operations that a certificate is allowed to be used for) can be changed after a certificate is created or added to the database. This is especially useful for CA certificates, but it can be performed for any type of certificate.
+	</para>
+<programlisting>certutil -M -n certificate-name -t trust-args -d [sql:]directory</programlisting>
+	<para>
+		For example:
+	</para>
+<programlisting>$ certutil -M -n "My CA Certificate" -d sql:/home/my/sharednssdb -t "CT,CT,CT"</programlisting>
+
+	<para><command>Printing the Certificate Chain</command></para>
+	<para>
+		Certificates can be issued in <emphasis>chains</emphasis> because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The <option>-O</option> prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain:
+	</para>
+<programlisting>$ certutil -d sql:/home/my/sharednssdb -O -n "jsmith@example.com"
+"Builtin Object Token:Thawte Personal Freemail CA" [E=personal-freemail@thawte.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA]
+
+  "Thawte Personal Freemail Issuing CA - Thawte Consulting" [CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA]
+
+    "(null)" [E=jsmith@example.com,CN=Thawte Freemail Member]</programlisting>
+
+	<para><command>Resetting a Token</command></para>
+	<para>
+		The device which stores certificates -- both external hardware devices and internal software databases -- can be blanked and reused. This operation is performed on the device which stores the data, not directly on the security databases, so the location must be referenced through the token name (<option>-h</option>) as well as any directory path. If there is no external token used, the default value is internal.
+	</para>
+<programlisting>certutil -T -d [sql:]directory -h token-name -0 security-officer-password</programlisting>
+	<para>
+		Many networks have dedicated personnel who handle changes to security tokens (the security officer). This person must supply the password to access the specified token. For example:
+	</para>
+<programlisting>$ certutil -T -d sql:/home/my/sharednssdb -h nethsm -0 secret</programlisting>
+
+	<para><command>Upgrading or Merging the Security Databases</command></para>
+	<para>
+		Many networks or applications may be using older BerkeleyDB versions of the certificate database (<filename>cert8.db</filename>). Databases can be upgraded to the new SQLite version of the database (<filename>cert9.db</filename>) using the <option>--upgrade-merge</option> command option or existing databases can be merged with the new <filename>cert9.db</filename> databases using the <option>---merge</option> command.
+	</para>
+	<para>
+		The <option>--upgrade-merge</option> command must give information about the original database and then use the standard arguments (like <option>-d</option>) to give the information about the new databases. The command also requires information that the tool uses for the process to upgrade and write over the original database.
+	</para>
+<programlisting>certutil --upgrade-merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix --upgrade-id id --upgrade-token-name name [-@ password-file]</programlisting>
+	<para>
+		For example:
+	</para>
+<programlisting>$ certutil --upgrade-merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- --upgrade-id 1 --upgrade-token-name internal</programlisting>
+	<para>
+		The <option>--merge</option> command only requires information about the location of the original database; since it doesn't change the format of the database, it can write over information without performing interim step.
+	</para>
+<programlisting>certutil --merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix [-@ password-file]</programlisting>
+	<para>
+		For example:
+	</para>
+<programlisting>$ certutil --merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp-</programlisting>
+
+	<para><command>Running certutil Commands from a Batch File</command></para>
+	<para>
+		A series of commands can be run sequentially from a text file with the <option>-B</option> command option. The only argument for this specifies the input file.
+	</para>
+<programlisting>$ certutil -B -i /path/to/batch-file</programlisting>
+  </refsection>
+
+<refsection id="databases"><title>NSS Database Types</title>
+<para>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <emphasis>legacy</emphasis> databases are:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert8.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key3.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			secmod.db for PKCS #11 module information
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</para>
+
+<para>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkeleyDB. These new databases provide more accessibility and performance:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert9.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key4.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			pkcs11.txt, a listing of all of the PKCS #11 modules, contained in a new subdirectory in the security databases directory
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
+
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <command>sql:</command> prefix with the given security directory. For example:</para>
+
+<programlisting>$ certutil -L -d sql:/home/my/sharednssdb</programlisting>
+
+<para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para>
+<programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting>
+
+<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para>
+
+<para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+	</listitem>
+</itemizedlist>
+<para>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</para>
+	</listitem>
+</itemizedlist>
+</refsection>
+
+
+  <refsection id="seealso">
+    <title>See Also</title>
+    <para>pk12util (1)</para>
+    <para>modutil (1)</para>
+    <para><command>certutil</command> has arguments or operations that use features defined in several IETF RFCs.</para>
+	<itemizedlist>
+	<listitem>
+	<para>
+		http://tools.ietf.org/html/rfc5280
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		http://tools.ietf.org/html/rfc1113
+	</para>
+	</listitem>
+	<listitem>
+	<para>
+		http://tools.ietf.org/html/rfc1485
+	</para>
+	</listitem>
+	</itemizedlist>
+
+	<para>The NSS wiki has information on the new database design and how to configure applications to use it.</para>
+        <itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+	</listitem>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</para>
+	</listitem>
+        </itemizedlist>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/cmsutil.xml b/nss/doc/cmsutil.xml
new file mode 100644
index 0000000..c7d2408
--- /dev/null
+++ b/nss/doc/cmsutil.xml
@@ -0,0 +1,299 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="cmsutil">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>CMSUTIL</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>cmsutil</refname>
+    <refpurpose>Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>cmsutil</command>
+      <arg><replaceable>options</replaceable></arg>
+      <arg>[<replaceable>arguments</replaceable>]</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+
+    <para>The <command>cmsutil</command> command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.
+	</para>
+	<para>
+To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. 
+Each command takes one option. Each option may take zero or more arguments. 
+To see a usage string, issue the command without options. 
+	</para>
+
+  </refsection>
+
+  <refsection id="options">
+    <title>Options and Arguments</title>
+	<para>
+	</para>
+   	<para><command>Options</command></para> 
+   	<para>
+Options specify an action. Option arguments modify an action. 
+The options and arguments for the cmsutil command are defined as follows:
+    </para>
+    <variablelist>
+      <varlistentry>
+        <term>-C</term>
+        <listitem><para>Encrypt a message.</para></listitem>
+      </varlistentry>
+    
+      <varlistentry>
+        <term>-D </term>
+        <listitem><para>Decode a message.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-E </term>
+        <listitem><para>Envelope a message.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-O </term>
+        <listitem><para>Create a certificates-only message.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-S </term>
+        <listitem><para>Sign a message.</para></listitem>
+      </varlistentry>
+
+    </variablelist>
+
+	<para><command>Arguments</command></para>
+	<para>Option arguments modify an action.</para>
+	<variablelist>
+      <varlistentry>
+        <term>-b </term>
+        <listitem>
+          <para>Decode a batch of files named in infile.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-c content </term>
+        <listitem>
+          <para>Use this detached content (decode only).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-d dbdir</term>
+        <listitem>
+          <para>Specify the key/certificate database directory (default is ".")</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-e envfile</term>
+        <listitem>
+          <para>Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-f pwfile</term>
+        <listitem>
+          <para>Use password file to set password on all PKCS#11 tokens.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-G</term>
+        <listitem>
+          <para>Include a signing time attribute (sign only).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-H hash</term>
+        <listitem>
+          <para>Use specified hash algorithm (default:SHA1).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-h num</term>
+        <listitem>
+          <para>Generate email headers with info about CMS message (decode only).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-i infile</term>
+        <listitem>
+          <para>Use infile as a source of data (default is stdin).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-k</term>
+        <listitem>
+          <para>Keep decoded encryption certs in permanent cert db.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-N nickname</term>
+        <listitem>
+          <para>Specify nickname of certificate to sign with (sign only).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-n </term>
+        <listitem>
+          <para>Suppress output of contents (decode only).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-o outfile</term>
+        <listitem>
+          <para>Use outfile as a destination of data (default is stdout).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-P</term>
+        <listitem>
+          <para>Include an S/MIME capabilities attribute.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-p password</term>
+        <listitem>
+          <para>Use password as key database password.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-r recipient1,recipient2, ...</term>
+        <listitem>
+          <para>
+Specify list of recipients (email addresses) for an encrypted or enveloped message. 
+For certificates-only message, list of certificates to send.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-T</term>
+        <listitem>
+          <para>Suppress content in CMS message (sign only).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-u certusage</term>
+        <listitem>
+          <para>Set type of cert usage (default is certUsageEmailSigner).</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-v</term>
+        <listitem>
+          <para>Print debugging information.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-Y ekprefnick</term>
+        <listitem>
+          <para>Specify an encryption key preference by nickname.</para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </refsection>
+
+  <refsection id="usage">
+    <title>Usage</title>
+    <para>Encrypt Example</para>
+      <programlisting>
+cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ." -e envfile
+      </programlisting>
+
+    <para>Decode Example</para>
+      <programlisting>
+cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num]
+      </programlisting>
+
+    <para>Envelope Example</para>
+      <programlisting>
+cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..."
+      </programlisting>
+
+    <para>Certificate-only Example</para>
+      <programlisting>
+cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."
+      </programlisting>
+
+    <para>Sign Message Example</para>
+      <programlisting>
+cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
+      </programlisting>
+
+  </refsection>
+
+  <refsection id="seealso">
+    <title>See also</title>
+    <para>certutil(1)</para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/crlutil.xml b/nss/doc/crlutil.xml
new file mode 100644
index 0000000..e77570e
--- /dev/null
+++ b/nss/doc/crlutil.xml
@@ -0,0 +1,525 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="crlutil">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>CRLUTIL</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>crlutil</refname>
+    <refpurpose>
+List, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>crlutil</command>
+      <arg><replaceable>options</replaceable></arg>
+      <arg>[<replaceable>arguments</replaceable>]</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+
+    <para>The Certificate Revocation List (CRL) Management Tool, <command>crlutil</command>, is a command-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.
+    </para>
+    <para>
+The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database(see certutil tool) and continues with certificates expiration or revocation.
+    </para>
+    <para>
+This document discusses certificate revocation list management. For information on security module database management, see Using the Security Module Database Tool. For information on certificate and key database management, see Using the Certificate Database Tool.
+    </para>
+
+    <para>
+To run the Certificate Revocation List Management Tool, type the command
+    </para>
+    <para>
+crlutil option [arguments]
+    </para>
+    <para>
+where options and arguments are combinations of the options and arguments listed in the following section. Each command takes one option. Each option may take zero or more arguments. To see a usage string, issue the command without options, or with the -H option.
+    </para>
+
+  </refsection>
+  
+  <refsection id="options">
+    <title>Options and Arguments</title>
+	<para>
+	</para>
+   	<para><command>Options</command></para> 
+   	<para>
+Options specify an action. Option arguments modify an action. 
+The options and arguments for the crlutil command are defined as follows:
+    </para>
+
+  <variablelist>
+    <varlistentry>
+      <term>-D </term>
+        <listitem>
+          <para>
+Delete Certificate Revocation List from cert database.
+          </para>
+        </listitem>
+      </varlistentry>
+
+    <varlistentry>
+      <term>-E </term>
+        <listitem>
+          <para>
+Erase all CRLs of specified type from the cert database
+          </para>
+        </listitem>
+      </varlistentry>
+
+    <varlistentry>
+      <term>-G </term>
+        <listitem>
+          <para>
+Create new Certificate Revocation List (CRL).
+          </para>
+        </listitem>
+      </varlistentry>
+
+    <varlistentry>
+      <term>-I </term>
+        <listitem>
+          <para>
+Import a CRL to the cert database
+          </para>
+        </listitem>
+      </varlistentry>
+
+    <varlistentry>
+      <term>-L </term>
+        <listitem>
+          <para>
+List existing CRL located in cert database file.
+          </para>
+        </listitem>
+      </varlistentry>
+
+    <varlistentry>
+      <term>-M </term>
+        <listitem>
+          <para>
+Modify existing CRL which can be located in cert db or in arbitrary file. If located in file it should be encoded in ASN.1 encode format.
+          </para>
+        </listitem>
+      </varlistentry>
+
+    <varlistentry>
+      <term>-S </term>
+        <listitem>
+          <para>
+Show contents of a CRL file which isn't stored in the database.
+          </para>
+        </listitem>
+      </varlistentry>
+  </variablelist>
+
+  <para><command>Arguments</command></para>
+  <para>Option arguments modify an action.</para>
+
+  <variablelist>
+
+      <varlistentry>
+        <term>-a </term>
+        <listitem>
+          <para>
+Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-B </term>
+        <listitem>
+          <para>
+Bypass CA signature checks.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-c crl-gen-file </term>
+        <listitem>
+          <para>
+Specify script file that will be used to control crl generation/modification. See crl-cript-file format below. If options -M|-G is used and -c crl-script-file is not specified, crlutil will read script data from standard input.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-d directory </term>
+        <listitem>
+          <para>
+Specify the database directory containing the certificate and key database files. On Unix the Certificate Database Tool defaults to $HOME/.netscape (that is, ~/.netscape). On Windows NT the default is the current directory.
+          </para>
+          <para>
+The NSS database files must reside in the same directory.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-f password-file </term>
+        <listitem>
+          <para>
+Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-i crl-file </term>
+        <listitem>
+          <para>
+Specify the file which contains the CRL to import or show.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-l algorithm-name </term>
+        <listitem>
+          <para>
+Specify a specific signature algorithm. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-n nickname </term>
+        <listitem>
+          <para>
+Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-o output-file </term>
+        <listitem>
+          <para>
+Specify the output file name for new CRL. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-P dbprefix </term>
+        <listitem>
+          <para>
+Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-t crl-type </term>
+        <listitem>
+          <para>
+Specify type of CRL. possible types are: 0 - SEC_KRL_TYPE, 1 - SEC_CRL_TYPE. This option is obsolete
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-u url </term>
+        <listitem>
+          <para>
+Specify the url.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-w pwd-string</term>
+        <listitem>
+          <para>Provide db password in command line.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-Z algorithm</term>
+        <listitem>
+          <para>Specify the hash algorithm to use for signing the CRL.</para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsection>
+
+  <refsection id="syntax">
+    <title>CRL Generation script syntax</title>
+    <para>CRL generation script file has the following syntax:</para>
+    <para>
+    * Line with comments should have # as a first symbol of a line</para>
+    <para>
+    * Set "this update" or "next update" CRL fields:
+    </para>
+    <para>           
+             update=YYYYMMDDhhmmssZ
+             nextupdate=YYYYMMDDhhmmssZ
+     </para>
+    <para>
+      Field "next update" is optional. Time should be in GeneralizedTime format (YYYYMMDDhhmmssZ).
+      For example: 20050204153000Z
+    </para>
+
+    <para>* Add an extension to a CRL or a crl certificate entry:</para>
+    <para>addext extension-name critical/non-critical [arg1[arg2 ...]]</para>
+    <para>Where:</para>
+    <para>
+          extension-name: string value of a name of known extensions.
+          critical/non-critical: is 1 when extension is critical and 0 otherwise.
+          arg1, arg2: specific to extension type extension parameters
+    </para>
+    <para>
+      addext uses the range that was set earlier by addcert and will install an extension to every cert entries within the range.
+    </para>
+    <para>
+    * Add certificate entries(s) to CRL:
+    </para>
+    <para>
+          addcert range date
+    </para>
+    <para>
+          range: two integer values separated by dash: range of certificates that will be added by this command. dash is used as a delimiter. Only one cert will be added if there is no delimiter.
+          date: revocation date of a cert. Date should be represented in GeneralizedTime format (YYYYMMDDhhmmssZ).
+    </para>
+    <para>
+    * Remove certificate entry(s) from CRL
+    </para>
+    <para>
+          rmcert range
+    </para>
+    <para>
+      Where:
+    </para>
+    <para>
+          range: two integer values separated by dash: range of certificates that will be added by this command. dash is used as a delimiter. Only one cert will be added if there is no delimiter.
+    </para>
+    <para>
+    * Change range of certificate entry(s) in CRL
+    </para>
+    <para>
+          range new-range
+    </para>
+    <para>
+      Where:
+    </para>
+    <para>
+          new-range: two integer values separated by dash: range of certificates that will be added by this command. dash is used as a delimiter. Only one cert will be added if there is no delimiter.
+    </para>
+    <para>
+Implemented Extensions
+     </para>
+     <para>
+      The extensions defined for CRL provide methods for associating additional attributes with CRLs of theirs entries. For more information see RFC #3280
+     </para>
+     <para>
+    * Add The Authority Key Identifier extension:
+     </para>
+     <para>
+The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.
+     </para>
+     <para>
+          authKeyId critical [key-id | dn cert-serial]
+     </para>
+     <para>
+      Where:
+     </para>
+     <para>
+          authKeyIdent: identifies the name of an extension
+          critical: value of 1 of 0. Should be set to 1 if this extension is critical or 0 otherwise.
+          key-id: key identifier represented in octet string. dn:: is a CA distinguished name cert-serial: authority certificate serial number. 
+     </para>
+     <para>
+    * Add Issuer Alternative Name extension:
+     </para>
+     <para>
+      The issuer alternative names extension allows additional identities to be associated with the issuer of the CRL. Defined options include an rfc822 name (electronic mail address), a DNS name, an IP address, and a URI.
+     </para>
+     <para>
+          issuerAltNames non-critical name-list
+     </para>
+     <para>
+      Where:
+     </para>
+     <para>
+          subjAltNames: identifies the name of an extension
+          should be set to 0 since this is non-critical extension
+          name-list: comma separated list of names
+     </para>
+     <para>
+    * Add CRL Number extension:
+     </para>
+     <para>
+      The CRL number is a non-critical CRL extension which conveys a monotonically increasing sequence number for a given CRL scope and CRL issuer. This extension allows users to easily determine when a particular CRL supersedes another CRL
+     </para>
+     <para>
+          crlNumber non-critical number
+     </para>
+     <para>
+      Where:
+     </para>
+     <para>
+          crlNumber: identifies the name of an extension
+          critical: should be set to 0 since this is non-critical extension
+          number: value of long which identifies the sequential number of a CRL.
+     </para>
+     <para>
+    * Add Revocation Reason Code extension:
+     </para>
+     <para>
+      The reasonCode is a non-critical CRL entry extension that identifies the reason for the certificate revocation.
+     </para>
+     <para>
+          reasonCode non-critical code
+     </para>
+     <para>
+      Where:
+     </para>
+     <para>
+          reasonCode: identifies the name of an extension
+          non-critical: should be set to 0 since this is non-critical extension
+          code: the following codes are available:
+     </para>
+     <para>
+              unspecified (0),
+              keyCompromise (1),
+              cACompromise (2),
+              affiliationChanged (3),
+              superseded (4),
+              cessationOfOperation (5),
+              certificateHold (6),
+              removeFromCRL (8),
+              privilegeWithdrawn (9),
+              aACompromise (10)
+     </para>
+     <para>
+    * Add Invalidity Date extension:
+     </para>
+     <para>
+      The invalidity date is a non-critical CRL entry extension that provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid.
+     </para>
+     <para>
+          invalidityDate non-critical date
+     </para>
+     <para>
+      Where:
+     </para>
+     <para>
+          crlNumber: identifies the name of an extension
+          non-critical: should be set to 0 since this is non-critical extension date: invalidity date of a cert. Date should be represented in GeneralizedTime format (YYYYMMDDhhmmssZ).
+     </para>
+  </refsection>
+
+  <refsection id="usage">
+    <title>Usage</title>
+    <para>
+The Certificate Revocation List Management Tool's capabilities are grouped as follows, using these combinations of options and arguments. Options and arguments in square brackets are optional, those without square brackets are required.
+    </para>
+    <para>See "Implemented extensions" for more information regarding extensions and their parameters.</para>
+    <para>
+    * Creating or modifying a CRL:
+    </para>
+      <programlisting>
+crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbprefix] [-l alg] [-a] [-B] 
+      </programlisting>
+    <para>
+    * Listing all CRls or a named CRL:
+    </para>
+      <programlisting>
+	crlutil -L [-n crl-name] [-d krydir] 
+      </programlisting>
+
+    <para>
+    * Deleting CRL from db:
+    </para>
+      <programlisting>
+	crlutil -D -n nickname [-d keydir] [-P dbprefix] 
+      </programlisting>
+
+    <para>
+    * Erasing CRLs from db:
+    </para>
+      <programlisting>
+	crlutil -E [-d keydir] [-P dbprefix] 
+      </programlisting>
+
+    <para>
+    * Deleting CRL from db: 
+    </para>
+    <programlisting>
+          crlutil -D -n nickname [-d keydir] [-P dbprefix]
+    </programlisting>
+
+    <para>
+    * Erasing CRLs from db:
+    </para>
+    <programlisting>
+          crlutil -E [-d keydir] [-P dbprefix] 
+    </programlisting>
+
+    <para>
+    * Import CRL from file:
+    </para>
+    <programlisting>
+          crlutil -I -i crl [-t crlType] [-u url] [-d keydir] [-P dbprefix] [-B] 
+    </programlisting>
+  </refsection>
+
+  <refsection id="seealso">
+    <title>See Also</title>
+    <para>certutil(1)</para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/derdump.xml b/nss/doc/derdump.xml
new file mode 100644
index 0000000..4e4a62a
--- /dev/null
+++ b/nss/doc/derdump.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="derdump">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>DERDUMP</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>derdump </refname>
+    <refpurpose>Dumps C-sequence strings from a DER encoded certificate file</refpurpose>
+  </refnamediv>
+
+ <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>derdump</command>
+      <arg><option>-r</option></arg>
+      <arg><option>-i <replaceable>input-file</replaceable></option></arg>
+      <arg><option>-o <replaceable>output-file</replaceable></option></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection>
+    <title>Description</title>
+
+    <para><command>derdump </command>dumps C-sequence strings from a DER encode certificate file </para>
+
+  </refsection>
+
+<refsection>
+    <title>Options</title>
+    
+    <variablelist>
+    
+    <varlistentry>
+        <term><option>-r </option></term>
+        <listitem><simpara>For formatted items, dump raw bytes as well</simpara></listitem>
+      </varlistentry>
+      
+      <varlistentry>
+        <term><option>-i </option> <replaceable>DER encoded file</replaceable></term>
+        <listitem><simpara>Define an input file to use (default is stdin)</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-o </option> <replaceable>output file</replaceable></term>
+        <listitem><simpara>Define an output file to use (default is stdout).</simpara></listitem>
+      </varlistentry>
+    
+        </variablelist>
+  </refsection>
+  
+  <refsection id="resources">
+    <title>Additional Resources</title>
+    <para>NSS is maintained in conjunction with PKI and security-related projects through Mozilla dn Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <ulink url="http://pki.fedoraproject.org/wiki/">PKI Wiki</ulink>. </para>
+	<para>For information specifically about NSS, the NSS project wiki is located at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">Mozilla NSS site</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: pki-devel@redhat.com and pki-users@redhat.com</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Gerhardus Geldenhuis &lt;gerhardus.geldenhuis@gmail.com>. Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com&gt;
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/html/.hgignore b/nss/doc/html/.hgignore
new file mode 100644
index 0000000..9c92a72
--- /dev/null
+++ b/nss/doc/html/.hgignore
@@ -0,0 +1 @@
+*.proc
diff --git a/nss/doc/html/certutil.html b/nss/doc/html/certutil.html
new file mode 100644
index 0000000..eb2e943
--- /dev/null
+++ b/nss/doc/html/certutil.html
@@ -0,0 +1,354 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CERTUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CERTUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CERTUTIL</th></tr></table><hr></div><div class="refentry"><a name="certutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>certutil — Manage keys and certificate in both NSS databases and other NSS tokens</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">certutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm139774553663312"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Database Tool, <span class="command"><strong>certutil</strong></span>, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.</p><p>Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the <span class="command"><strong>modutil</strong></span> manpage.</p></div><div class="refsection"><a name="options"></a><h2>Command Options and Arguments</h2><p>Running <span class="command"><strong>certutil</strong></span> always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option <code class="option">-H</code> will list all the command options and their relevant arguments.</p><p><span class="command"><strong>Command Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A </span></dt><dd><p>Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.</p></dd><dt><span class="term">-B</span></dt><dd><p>Run a series of commands from the specified batch file. This requires the <code class="option">-i</code> argument.</p></dd><dt><span class="term">-C </span></dt><dd><p>Create a new binary certificate file from a binary certificate request file. Use the <code class="option">-i</code> argument to specify the certificate request file. If this argument is not used, <span class="command"><strong>certutil</strong></span> prompts for a filename. </p></dd><dt><span class="term">-D </span></dt><dd><p>Delete a certificate from the certificate database.</p></dd><dt><span class="term">--rename </span></dt><dd><p>Change the database nickname of a certificate.</p></dd><dt><span class="term">-E </span></dt><dd><p>Add an email certificate to the certificate database.</p></dd><dt><span class="term">-F</span></dt><dd><p>Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the 
+<code class="option">-d</code> argument. Use the <code class="option">-k</code> argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the <code class="option">-k</code> argument, the option looks for an RSA key matching the specified nickname. 
+</p><p>
+When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname. </p></dd><dt><span class="term">-G </span></dt><dd><p>Generate a new public and private key pair within a key database. The key database should already exist; if one is not present, this command option will initialize one by default. Some smart cards can store only one key pair. If you create a new key pair for such a card, the previous pair is overwritten.</p></dd><dt><span class="term">-H </span></dt><dd><p>Display a list of the command options and arguments.</p></dd><dt><span class="term">-K </span></dt><dd><p>List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).</p></dd><dt><span class="term">-L </span></dt><dd><p>List all the certificates, or display information about a named certificate, in a certificate database.
+Use the -h tokenname argument to specify the certificate database on a particular hardware or software token.</p></dd><dt><span class="term">-M </span></dt><dd><p>Modify a certificate's trust attributes using the values of the -t argument.</p></dd><dt><span class="term">-N</span></dt><dd><p>Create new certificate and key databases.</p></dd><dt><span class="term">-O </span></dt><dd><p>Print the certificate chain.</p></dd><dt><span class="term">-R</span></dt><dd><p>Create a certificate request file that can be submitted to a Certificate Authority (CA) for processing into a finished certificate. Output defaults to standard out unless you use -o output-file argument.
+
+Use the -a argument to specify ASCII output.</p></dd><dt><span class="term">-S </span></dt><dd><p>Create an individual certificate and add it to a certificate database.</p></dd><dt><span class="term">-T </span></dt><dd><p>Reset the key database or token.</p></dd><dt><span class="term">-U </span></dt><dd><p>List all available modules or print a single named module.</p></dd><dt><span class="term">-V </span></dt><dd><p>Check the validity of a certificate and its attributes.</p></dd><dt><span class="term">-W </span></dt><dd><p>Change the password to a key database.</p></dd><dt><span class="term">--merge</span></dt><dd><p>Merge two databases into one.</p></dd><dt><span class="term">--upgrade-merge</span></dt><dd><p>Upgrade an old database and merge it into a new database. This is used to migrate legacy NSS databases (<code class="filename">cert8.db</code> and <code class="filename">key3.db</code>) into the newer SQLite databases (<code class="filename">cert9.db</code> and <code class="filename">key4.db</code>).</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Arguments modify a command option and are usually lower case, numbers, or symbols.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-a</span></dt><dd><p>Use ASCII format or allow the use of ASCII format for input or output. This formatting follows RFC 1113. 
+For certificate requests, ASCII output defaults to standard output unless redirected.</p></dd><dt><span class="term">-b validity-time</span></dt><dd><p>Specify a time at which a certificate is required to be valid. Use when checking certificate validity with the <code class="option">-V</code> option. The format of the <span class="emphasis"><em>validity-time</em></span> argument is <span class="emphasis"><em>YYMMDDHHMMSS[+HHMM|-HHMM|Z]</em></span>, which allows offsets to be set relative to the validity end time. Specifying seconds (<span class="emphasis"><em>SS</em></span>) is optional. When specifying an explicit time, use a Z at the end of the term, <span class="emphasis"><em>YYMMDDHHMMSSZ</em></span>, to close it. When specifying an offset time, use <span class="emphasis"><em>YYMMDDHHMMSS+HHMM</em></span> or <span class="emphasis"><em>YYMMDDHHMMSS-HHMM</em></span> for adding or subtracting time, respectively.
+</p><p>
+If this option is not used, the validity check defaults to the current system time.</p></dd><dt><span class="term">-c issuer</span></dt><dd><p>Identify the certificate of the CA from which a new certificate will derive its authenticity. 
+ Use the exact nickname or alias of the CA certificate, or use the CA's email address. Bracket the issuer string 
+ with quotation marks if it contains spaces. </p></dd><dt><span class="term">-d [prefix]directory</span></dt><dd><p>Specify the database directory containing the certificate and key database files.</p><p><span class="command"><strong>certutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). </p><p>NSS recognizes the following prefixes:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>sql:</strong></span> requests the newer database</p></li><li class="listitem"><p><span class="command"><strong>dbm:</strong></span> requests the legacy database</p></li></ul></div><p>If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE. If NSS_DEFAULT_DB_TYPE is not set then <span class="command"><strong>dbm:</strong></span> is the default.</p></dd><dt><span class="term">--dump-ext-val OID </span></dt><dd><p>For single cert, print binary DER encoding of extension OID.</p></dd><dt><span class="term">-e </span></dt><dd><p>Check a certificate's signature during the process of validating a certificate.</p></dd><dt><span class="term">--email email-address</span></dt><dd><p>Specify the email address of a certificate to list. Used with the -L command option.</p></dd><dt><span class="term">--extGeneric OID:critical-flag:filename[,OID:critical-flag:filename]... </span></dt><dd><p>
+Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files.
+           </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>OID (example): 1.2.3.4</p></li><li class="listitem"><p>critical-flag: critical or not-critical</p></li><li class="listitem"><p>filename: full path to a file containing an encoded extension</p></li></ul></div></dd><dt><span class="term">-f password-file</span></dt><dd><p>Specify a file that will automatically supply the password to include in a certificate 
+ or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent 
+ unauthorized access to this file.</p></dd><dt><span class="term">-g keysize</span></dt><dd><p>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 2048 bits. Any size between the minimum and maximum is allowed.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</p></dd><dt><span class="term">-i input_file</span></dt><dd><p>Pass an input file to the command. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands.</p></dd><dt><span class="term">-k key-type-or-id</span></dt><dd><p>Specify the type or specific ID of a key.</p><p>
+           The valid key type options are rsa, dsa, ec, or all. The default 
+           value is rsa. Specifying the type of key can avoid mistakes caused by
+           duplicate nicknames. Giving a key type generates a new key pair; 
+           giving the ID of an existing key reuses that key pair (which is 
+           required to renew certificates).
+          </p></dd><dt><span class="term">-l </span></dt><dd><p>Display detailed information when validating a certificate with the -V option.</p></dd><dt><span class="term">-m serial-number</span></dt><dd><p>Assign a unique serial number to a certificate being created. This operation should be performed by a CA. If no serial number is provided a default serial number is made from the current time. Serial numbers are limited to integers </p></dd><dt><span class="term">-n nickname</span></dt><dd><p>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-o output-file</span></dt><dd><p>Specify the output file name for new certificates or binary certificate requests. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.</p></dd><dt><span class="term">-P dbPrefix</span></dt><dd><p>Specify the prefix used on the certificate and key database file. This argument is provided to support legacy servers. Most applications do not use a database prefix.</p></dd><dt><span class="term">-p phone</span></dt><dd><p>Specify a contact telephone number to include in new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces.</p></dd><dt><span class="term">-q pqgfile or curve-name</span></dt><dd><p>Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, <span class="command"><strong>certutil</strong></span> generates its own PQG value. PQG files are created with a separate DSA utility.</p><p>Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.</p><p>If a token is available that supports more curves, the foolowing curves are supported as well:
+          sect163k1, nistk163, sect163r1, sect163r2,
+          nistb163,  sect193r1, sect193r2, sect233k1, nistk233,
+          sect233r1, nistb233, sect239k1, sect283k1, nistk283,
+          sect283r1, nistb283, sect409k1, nistk409, sect409r1,
+          nistb409,  sect571k1, nistk571, sect571r1, nistb571,
+          secp160k1, secp160r1, secp160r2, secp192k1, secp192r1,
+          nistp192,  secp224k1, secp224r1, nistp224, secp256k1,
+          secp256r1, secp384r1, secp521r1,
+          prime192v1, prime192v2, prime192v3,
+          prime239v1, prime239v2, prime239v3, c2pnb163v1,
+          c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1,
+          c2tnb191v2, c2tnb191v3,
+          c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3,
+          c2pnb272w1, c2pnb304w1,
+          c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1,
+          secp112r2, secp128r1, secp128r2, sect113r1, sect113r2,
+          sect131r1, sect131r2</p>
+          </dd><dt><span class="term">-r </span></dt><dd><p>Display a certificate's binary DER encoding when listing information about that certificate with the -L option.</p></dd><dt><span class="term">-s subject</span></dt><dd><p>Identify a particular certificate owner for new certificates or certificate requests. Bracket this string with quotation marks if it contains spaces. The subject identification format follows RFC #1485.</p></dd><dt><span class="term">-t trustargs</span></dt><dd><p>Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database. There are three available trust categories for each certificate, expressed in the order <span class="emphasis"><em>SSL, email, object signing</em></span> for each trust setting. In each category position, use none, any, or all
+of the attribute codes: 
+	</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		<span class="command"><strong>p</strong></span> - Valid peer
+	</p></li><li class="listitem"><p>
+		<span class="command"><strong>P</strong></span> - Trusted peer (implies p)
+	</p></li><li class="listitem"><p>
+		<span class="command"><strong>c</strong></span> - Valid CA
+	</p></li><li class="listitem"><p>
+		<span class="command"><strong>C</strong></span> - Trusted CA (implies c)
+	</p></li><li class="listitem"><p>
+		<span class="command"><strong>T</strong></span> - trusted CA for client authentication (ssl server only)
+	</p></li></ul></div><p>
+		The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example:
+	</p><p><span class="command"><strong>-t "TC,C,T"</strong></span></p><p>
+	Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </p><p>
+	Note that the output of the -L option may include "u" flag, which means that there is a private key associated with the certificate. It is a dynamic flag and you cannot set it with certutil. </p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Specify a usage context to apply when validating a certificate with the -V option.</p><p>The contexts are the following:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="command"><strong>C</strong></span> (as an SSL client)</p></li><li class="listitem"><p><span class="command"><strong>V</strong></span> (as an SSL server)</p></li><li class="listitem"><p><span class="command"><strong>L</strong></span> (as an SSL CA)</p></li><li class="listitem"><p><span class="command"><strong>A</strong></span> (as Any CA)</p></li><li class="listitem"><p><span class="command"><strong>Y</strong></span> (Verify CA)</p></li><li class="listitem"><p><span class="command"><strong>S</strong></span> (as an email signer)</p></li><li class="listitem"><p><span class="command"><strong>R</strong></span> (as an email recipient)</p></li><li class="listitem"><p><span class="command"><strong>O</strong></span> (as an OCSP status responder)</p></li><li class="listitem"><p><span class="command"><strong>J</strong></span> (as an object signer)</p></li></ul></div></dd><dt><span class="term">-v valid-months</span></dt><dd><p>Set the number of months a new certificate will be valid. The validity period begins at the current system time unless an offset is added or subtracted with the <code class="option">-w</code> option. If this argument is not used, the default validity period is three months. </p></dd><dt><span class="term">-w offset-months</span></dt><dd><p>Set an offset from the current system time, in months, 
+ for the beginning of a certificate's validity period. Use when creating 
+ the certificate or adding it to a database. Express the offset in integers, 
+ using a minus sign (-) to indicate a negative offset. If this argument is 
+ not used, the validity period begins at the current system time. The length 
+ of the validity period is set with the -v argument. </p></dd><dt><span class="term">-X </span></dt><dd><p>Force the key and certificate database to open in read-write mode. This is used with the <code class="option">-U</code> and <code class="option">-L</code> command options.</p></dd><dt><span class="term">-x </span></dt><dd><p>Use <span class="command"><strong>certutil</strong></span> to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA.</p></dd><dt><span class="term">-y exp</span></dt><dd><p>Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537. The available alternate values are 3 and 17.</p></dd><dt><span class="term">-z noise-file</span></dt><dd><p>Read a seed value from the specified file to generate a new private and public key pair. This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes.</p></dd><dt><span class="term">-Z hashAlg</span></dt><dd><p>Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>MD2</p></li><li class="listitem"><p>MD4</p></li><li class="listitem"><p>MD5</p></li><li class="listitem"><p>SHA1</p></li><li class="listitem"><p>SHA224</p></li><li class="listitem"><p>SHA256</p></li><li class="listitem"><p>SHA384</p></li><li class="listitem"><p>SHA512</p></li></ul></div></dd><dt><span class="term">-0 SSO_password</span></dt><dd><p>Set a site security officer password on a token.</p></dd><dt><span class="term">-1 | --keyUsage keyword,keyword</span></dt><dd><p>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		digitalSignature
+	</p></li><li class="listitem"><p>
+		nonRepudiation
+	</p></li><li class="listitem"><p>
+		keyEncipherment
+	</p></li><li class="listitem"><p>
+		dataEncipherment
+	</p></li><li class="listitem"><p>
+		keyAgreement
+	</p></li><li class="listitem"><p>
+		certSigning
+	</p></li><li class="listitem"><p>
+		crlSigning
+	</p></li><li class="listitem"><p>
+		critical
+	</p></li></ul></div></dd><dt><span class="term">-2 </span></dt><dd><p>Add a basic constraint extension to a certificate that is being created or added to a database. This extension supports the certificate chain verification process. <span class="command"><strong>certutil</strong></span> prompts for the certificate constraint extension to select.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-3 </span></dt><dd><p>Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. The Certificate Database Tool will prompt you to select the authority key ID extension.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-4 </span></dt><dd><p>Add a CRL distribution point extension to a certificate that is being created or added to a database. This extension identifies the URL of a certificate's associated certificate revocation list (CRL). <span class="command"><strong>certutil</strong></span> prompts for the URL.</p><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-5 | --nsCertType keyword,keyword</span></dt><dd><p>Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		sslClient
+	</p></li><li class="listitem"><p>
+		sslServer
+	</p></li><li class="listitem"><p>
+		smime
+	</p></li><li class="listitem"><p>
+		objectSigning
+	</p></li><li class="listitem"><p>
+		sslCA
+	</p></li><li class="listitem"><p>
+		smimeCA
+	</p></li><li class="listitem"><p>
+		objectSigningCA
+	</p></li><li class="listitem"><p>
+		critical
+	</p></li></ul></div><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-6 | --extKeyUsage keyword,keyword</span></dt><dd><p>Add an extended key usage extension to a certificate that is being created or added to the database. Several keywords are available:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		serverAuth
+	</p></li><li class="listitem"><p>
+		clientAuth
+	</p></li><li class="listitem"><p>
+		codeSigning
+	</p></li><li class="listitem"><p>
+		emailProtection
+	</p></li><li class="listitem"><p>
+		timeStamp
+	</p></li><li class="listitem"><p>
+		ocspResponder
+	</p></li><li class="listitem"><p>
+		stepUp
+	</p></li><li class="listitem"><p>
+		msTrustListSign
+	</p></li><li class="listitem"><p>
+		critical
+	</p></li></ul></div><p>X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">-7 emailAddrs</span></dt><dd><p>Add a comma-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</p></dd><dt><span class="term">-8 dns-names</span></dt><dd><p>Add a comma-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database. Subject alternative name extensions are described in Section 4.2.1.7 of RFC 3280.</p></dd><dt><span class="term">--extAIA</span></dt><dd><p>Add the Authority Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSIA</span></dt><dd><p>Add the Subject Information Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extCP</span></dt><dd><p>Add the Certificate Policies extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extPM</span></dt><dd><p>Add the Policy Mappings extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extPC</span></dt><dd><p>Add the Policy Constraints extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extIA</span></dt><dd><p>Add the Inhibit Any Policy Access extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSKID</span></dt><dd><p>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extNC</span></dt><dd><p>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</p></dd><dt><span class="term">--extSAN type:name[,type:name]...</span></dt><dd><p>
+Create a Subject Alt Name extension with one or multiple names.
+          </p><p>
+-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr
+        </p></dd><dt><span class="term">--empty-password</span></dt><dd><p>Use empty password when creating new certificate database with -N.</p></dd><dt><span class="term">--keyAttrFlags attrflags</span></dt><dd><p>
+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</p></dd><dt><span class="term">--keyOpFlagsOn opflags, </span><span class="term">--keyOpFlagsOff opflags</span></dt><dd><p>
+PKCS #11 key Operation Flags.
+Comma separated list of one or more of the following:
+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
+          </p></dd><dt><span class="term">--new-n nickname</span></dt><dd><p>A new nickname, used when renaming a certificate.</p></dd><dt><span class="term">--source-dir certdir</span></dt><dd><p>Identify the certificate database directory to upgrade.</p></dd><dt><span class="term">--source-prefix certdir</span></dt><dd><p>Give the prefix of the certificate and key databases to upgrade.</p></dd><dt><span class="term">--upgrade-id uniqueID</span></dt><dd><p>Give the unique ID of the database to upgrade.</p></dd><dt><span class="term">--upgrade-token-name name</span></dt><dd><p>Set the name of the token to use while it is being upgraded.</p></dd><dt><span class="term">-@ pwfile</span></dt><dd><p>Give the name of a password file to use for the database being upgraded.</p></dd></dl></div></div><div class="refsection"><a name="basic-usage"></a><h2>Usage and Examples</h2><p>
+		Most of the command options in the examples listed here have more arguments available. The arguments included in these examples are the most common ones or are used to illustrate a specific scenario. Use the <code class="option">-H</code> option to show the complete list of arguments for each command option.
+	</p><p><span class="command"><strong>Creating New Security Databases</strong></span></p><p>
+		Certificates, keys, and security modules related to managing certificates are stored in three related databases:
+	</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		cert8.db or cert9.db
+	</p></li><li class="listitem"><p>
+		key3.db or key4.db
+	</p></li><li class="listitem"><p>
+		secmod.db or pkcs11.txt
+	</p></li></ul></div><p>
+		These databases must be created before certificates or keys can be generated.
+	</p><pre class="programlisting">certutil -N -d [sql:]directory</pre><p><span class="command"><strong>Creating a Certificate Request</strong></span></p><p>
+		A certificate request contains most or all of the information that is used to generate the final certificate. This request is submitted separately to a certificate authority and is then approved by some mechanism (automatically or by human review). Once the request is approved, then the certificate is generated.
+	</p><pre class="programlisting">$ certutil -R -k key-type-or-id [-q pqgfile|curve-name] -g key-size -s subject [-h tokenname] -d [sql:]directory [-p phone] [-o output-file] [-a]</pre><p>
+		The <code class="option">-R</code> command options requires four arguments:
+	</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		<code class="option">-k</code> to specify either the key type to generate or, when renewing a certificate, the existing key pair to use
+	</p></li><li class="listitem"><p>
+		<code class="option">-g</code> to set the keysize of the key to generate
+	</p></li><li class="listitem"><p>
+		<code class="option">-s</code> to set the subject name of the certificate
+	</p></li><li class="listitem"><p>
+		<code class="option">-d</code> to give the security database directory
+	</p></li></ul></div><p>
+		The new certificate request can be output in ASCII format (<code class="option">-a</code>) or can be written to a specified file (<code class="option">-o</code>).
+	</p><p>
+		For example:
+	</p><pre class="programlisting">$ certutil -R -k rsa -g 1024 -s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" -d sql:$HOME/nssdb -p 650-555-0123 -a -o cert.cer
+
+Generating key.  This may take a few moments...
+
+</pre><p><span class="command"><strong>Creating a Certificate</strong></span></p><p>
+		A valid certificate must be issued by a trusted CA. This can be done by specifying a CA certificate (<code class="option">-c</code>) that is stored in the certificate database. If a CA key pair is not available, you can create a self-signed certificate using the <code class="option">-x</code> argument with the <code class="option">-S</code> command option.
+	</p><pre class="programlisting">$ certutil -S -k rsa|dsa|ec -n certname -s subject [-c issuer |-x] -t trustargs -d [sql:]directory [-m serial-number] [-v valid-months] [-w offset-months] [-p phone] [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names] [--extAIA] [--extSIA] [--extCP] [--extPM] [--extPC] [--extIA] [--extSKID]</pre><p>
+		The series of numbers and <code class="option">--ext*</code> options set certificate extensions that can be added to the certificate when it is generated by the CA. Interactive prompts will result.
+	</p><p>
+		For example, this creates a self-signed certificate:
+	</p><pre class="programlisting">$ certutil -S -s "CN=Example CA" -n my-ca-cert -x -t "C,C,C" -1 -2 -5 -m 3650</pre><p>
+The interative prompts for key usage and whether any extensions are critical and responses have been ommitted for brevity.
+	</p><p>
+		From there, new certificates can reference the self-signed certificate:
+	</p><pre class="programlisting">$ certutil -S -s "CN=My Server Cert" -n my-server-cert -c "my-ca-cert" -t ",," -1 -5 -6 -8 -m 730</pre><p><span class="command"><strong>Generating a Certificate from a Certificate Request</strong></span></p><p>
+		When a certificate request is created, a certificate can be generated by using the request and then referencing a certificate authority signing certificate (the <span class="emphasis"><em>issuer</em></span> specified in the <code class="option">-c</code> argument). The issuing certificate must be in the certificate database in the specified directory.
+	</p><pre class="programlisting">certutil -C -c issuer -i cert-request-file -o output-file [-m serial-number] [-v valid-months] [-w offset-months] -d [sql:]directory [-1] [-2] [-3] [-4] [-5 keyword] [-6 keyword] [-7 emailAddress] [-8 dns-names]</pre><p>
+		For example:
+	</p><pre class="programlisting">$ certutil -C -c "my-ca-cert" -i /home/certs/cert.req -o cert.cer -m 010 -v 12 -w 1 -d sql:$HOME/nssdb -1 nonRepudiation,dataEncipherment -5 sslClient -6 clientAuth -7 jsmith@example.com</pre><p><span class="command"><strong>Listing Certificates</strong></span></p><p>
+		The <code class="option">-L</code> command option lists all of the certificates listed in the certificate database. The path to the directory (<code class="option">-d</code>) is required.
+	</p><pre class="programlisting">$ certutil -L -d sql:/home/my/sharednssdb
+
+Certificate Nickname                                         Trust Attributes
+                                                             SSL,S/MIME,JAR/XPI
+
+CA Administrator of Instance pki-ca1's Example Domain ID     u,u,u
+TPS Administrator's Example Domain ID                        u,u,u
+Google Internet Authority                                    ,,   
+Certificate Authority - Example Domain                       CT,C,C</pre><p>
+		Using additional arguments with <code class="option">-L</code> can return and print the information for a single, specific certificate. For example, the <code class="option">-n</code> argument passes the certificate name, while the <code class="option">-a</code> argument prints the certificate in ASCII format:
+	</p><pre class="programlisting">
+$ certutil -L -d sql:$HOME/nssdb -a -n my-ca-cert
+-----BEGIN CERTIFICATE-----
+MIIB1DCCAT2gAwIBAgICDkIwDQYJKoZIhvcNAQEFBQAwFTETMBEGA1UEAxMKRXhh
+bXBsZSBDQTAeFw0xMzAzMTMxOTEwMjlaFw0xMzA2MTMxOTEwMjlaMBUxEzARBgNV
+BAMTCkV4YW1wbGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4Kzqvz
+JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0Cul/6sO/gsCvnABHiH6unns6x
+XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
+0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
+AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
+AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
+XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
+ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
+-----END CERTIFICATE-----
+</pre><p>For a human-readable display</p><pre class="programlisting">$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3650 (0xe42)
+        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
+        Issuer: "CN=Example CA"
+        Validity:
+            Not Before: Wed Mar 13 19:10:29 2013
+            Not After : Thu Jun 13 19:10:29 2013
+        Subject: "CN=Example CA"
+        Subject Public Key Info:
+            Public Key Algorithm: PKCS #1 RSA Encryption
+            RSA Public Key:
+                Modulus:
+                    9e:0a:ce:ab:f3:27:20:55:80:5a:83:5d:16:12:c9:30:
+                    4d:c3:50:eb:c5:45:3f:dc:6b:d6:03:f9:e0:8c:0c:07:
+                    12:fd:02:ba:5f:fa:b0:ef:e0:b0:2b:e7:00:11:e2:1f:
+                    ab:a7:9e:ce:b1:5d:1c:cf:39:19:42:d9:66:37:82:49:
+                    3b:be:69:6c:2e:f6:29:c9:e7:0d:6b:30:22:fc:d0:30:
+                    56:75:3f:eb:a1:ce:b1:aa:15:15:61:3e:80:14:28:f7:
+                    d5:2b:37:6c:a4:d0:18:8a:fc:63:05:94:b9:b9:75:74:
+                    11:3a:00:3d:64:a2:b2:15:d2:34:2c:85:ed:7f:a4:9b
+                Exponent: 65537 (0x10001)
+        Signed Extensions:
+            Name: Certificate Type
+            Data: none
+
+            Name: Certificate Basic Constraints
+            Data: Is a CA with no maximum path length.
+
+            Name: Certificate Key Usage
+            Critical: True
+            Usages: Certificate Signing
+
+    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
+    Signature:
+        3a:72:19:33:90:00:8d:db:cd:5d:d6:32:8c:ad:cf:91:
+        1c:6d:94:31:a4:32:c6:2b:5e:68:b5:59:3b:e4:68:d6:
+        79:d1:52:fb:1e:0d:fd:3d:5c:a6:05:c0:f3:09:8d:60:
+        a2:85:59:2e:e9:bc:3f:8a:16:5f:b8:c1:e1:c4:ad:b6:
+        36:e7:ba:8a:73:50:e9:e0:ee:ed:69:ab:a8:bf:33:de:
+        25:2b:43:0c:6c:f9:68:85:a1:bd:ab:6f:c5:d1:55:52:
+        64:cd:77:57:c6:59:38:ba:8d:d4:b4:db:f0:f2:c0:33:
+        ee:c5:83:ef:5a:b1:29:a2:07:53:9a:b8:f7:38:a3:7e
+    Fingerprint (MD5):
+        86:D8:A5:8B:8A:26:BE:9E:17:A8:7B:66:10:6B:27:80
+    Fingerprint (SHA1):
+        48:78:09:EF:C5:D4:0C:BD:D2:64:45:59:EB:03:13:15:F7:A9:D6:F7
+
+    Certificate Trust Flags:
+        SSL Flags:
+            Valid CA
+            Trusted CA
+            User
+        Email Flags:
+            Valid CA
+            Trusted CA
+            User
+        Object Signing Flags:
+            Valid CA
+            Trusted CA
+            User
+
+</pre><p><span class="command"><strong>Listing Keys</strong></span></p><p>
+		Keys are the original material used to encrypt certificate data. The keys generated for certificates are stored separately, in the key database. 
+	</p><p>
+		To list all keys in the database, use the <code class="option">-K</code> command option and the (required) <code class="option">-d</code> argument to give the path to the directory.
+	</p><pre class="programlisting">$ certutil -K -d sql:$HOME/nssdb
+certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services                  "
+&lt; 0&gt; rsa      455a6673bde9375c2887ec8bf8016b3f9f35861d   Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+&lt; 1&gt; rsa      40defeeb522ade11090eacebaaf1196a172127df   Example Domain Administrator Cert
+&lt; 2&gt; rsa      1d0b06f44f6c03842f7d4f4a1dc78b3bcd1b85a5   John Smith user cert</pre><p>
+		There are ways to narrow the keys listed in the search results:
+	</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		To return a specific key, use the <code class="option">-n</code> <span class="emphasis"><em>name</em></span> argument with the name of the key.
+	</p></li><li class="listitem"><p>
+		If there are multiple security devices loaded, then the <code class="option">-h</code> <span class="emphasis"><em>tokenname</em></span> argument can search a specific token or all tokens.
+	</p></li><li class="listitem"><p>
+		If there are multiple key types available, then the <code class="option">-k</code> <span class="emphasis"><em>key-type</em></span> argument can search a specific type of key, like RSA, DSA, or ECC. 
+	</p></li></ul></div><p><span class="command"><strong>Listing Security Modules</strong></span></p><p>
+		The devices that can be used to store certificates -- both internal databases and external devices like smart cards -- are recognized and used by loading security modules. The <code class="option">-U</code> command option lists all of the security modules listed in the <code class="filename">secmod.db</code> database. The path to the directory (<code class="option">-d</code>) is required.
+	</p><pre class="programlisting">$ certutil -U -d sql:/home/my/sharednssdb
+
+    slot: NSS User Private Key and Certificate Services                  
+   token: NSS Certificate DB
+
+    slot: NSS Internal Cryptographic Services                            
+   token: NSS Generic Crypto Services</pre><p><span class="command"><strong>Adding Certificates to the Database</strong></span></p><p>
+		Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere. This uses the <code class="option">-A</code> command option.
+	</p><pre class="programlisting">certutil -A -n certname -t trustargs -d [sql:]directory [-a] [-i input-file]</pre><p>
+		For example:
+	</p><pre class="programlisting">$ certutil -A -n "CN=My SSL Certificate" -t ",," -d sql:/home/my/sharednssdb -i /home/example-certs/cert.cer</pre><p>
+		A related command option, <code class="option">-E</code>, is used specifically to add email certificates to the certificate database. The <code class="option">-E</code> command has the same arguments as the <code class="option">-A</code> command. The trust arguments for certificates have the format <span class="emphasis"><em>SSL,S/MIME,Code-signing</em></span>, so the middle trust settings relate most to email certificates (though the others can be set). For example:
+	</p><pre class="programlisting">$ certutil -E -n "CN=John Smith Email Cert" -t ",P," -d sql:/home/my/sharednssdb -i /home/example-certs/email.cer</pre><p><span class="command"><strong>Deleting Certificates to the Database</strong></span></p><p>
+		Certificates can be deleted from a database using the <code class="option">-D</code> option. The only required options are to give the security database directory and to identify the certificate nickname.
+	</p><pre class="programlisting">certutil -D -d [sql:]directory -n "nickname"</pre><p>
+		For example:
+	</p><pre class="programlisting">$ certutil -D -d sql:/home/my/sharednssdb -n "my-ssl-cert"</pre><p><span class="command"><strong>Validating Certificates</strong></span></p><p>
+		A certificate contains an expiration date in itself, and expired certificates are easily rejected. However, certificates can also be revoked before they hit their expiration date. Checking whether a certificate has been revoked requires validating the certificate. Validation can also be used to ensure that the certificate is only used for the purposes it was initially issued for. Validation is carried out by the <code class="option">-V</code> command option.
+	</p><pre class="programlisting">certutil -V -n certificate-name [-b time] [-e] [-u cert-usage] -d [sql:]directory</pre><p>
+		For example, to validate an email certificate:
+	</p><pre class="programlisting">$ certutil -V -n "John Smith's Email Cert" -e -u S,R -d sql:/home/my/sharednssdb</pre><p><span class="command"><strong>Modifying Certificate Trust Settings</strong></span></p><p>
+		The trust settings (which relate to the operations that a certificate is allowed to be used for) can be changed after a certificate is created or added to the database. This is especially useful for CA certificates, but it can be performed for any type of certificate.
+	</p><pre class="programlisting">certutil -M -n certificate-name -t trust-args -d [sql:]directory</pre><p>
+		For example:
+	</p><pre class="programlisting">$ certutil -M -n "My CA Certificate" -d sql:/home/my/sharednssdb -t "CT,CT,CT"</pre><p><span class="command"><strong>Printing the Certificate Chain</strong></span></p><p>
+		Certificates can be issued in <span class="emphasis"><em>chains</em></span> because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint. The <code class="option">-O</code> prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate. For example, for an email certificate with two CAs in the chain:
+	</p><pre class="programlisting">$ certutil -d sql:/home/my/sharednssdb -O -n "jsmith@example.com"
+"Builtin Object Token:Thawte Personal Freemail CA" [E=personal-freemail@thawte.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA]
+
+  "Thawte Personal Freemail Issuing CA - Thawte Consulting" [CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA]
+
+    "(null)" [E=jsmith@example.com,CN=Thawte Freemail Member]</pre><p><span class="command"><strong>Resetting a Token</strong></span></p><p>
+		The device which stores certificates -- both external hardware devices and internal software databases -- can be blanked and reused. This operation is performed on the device which stores the data, not directly on the security databases, so the location must be referenced through the token name (<code class="option">-h</code>) as well as any directory path. If there is no external token used, the default value is internal.
+	</p><pre class="programlisting">certutil -T -d [sql:]directory -h token-name -0 security-officer-password</pre><p>
+		Many networks have dedicated personnel who handle changes to security tokens (the security officer). This person must supply the password to access the specified token. For example:
+	</p><pre class="programlisting">$ certutil -T -d sql:/home/my/sharednssdb -h nethsm -0 secret</pre><p><span class="command"><strong>Upgrading or Merging the Security Databases</strong></span></p><p>
+		Many networks or applications may be using older BerkeleyDB versions of the certificate database (<code class="filename">cert8.db</code>). Databases can be upgraded to the new SQLite version of the database (<code class="filename">cert9.db</code>) using the <code class="option">--upgrade-merge</code> command option or existing databases can be merged with the new <code class="filename">cert9.db</code> databases using the <code class="option">---merge</code> command.
+	</p><p>
+		The <code class="option">--upgrade-merge</code> command must give information about the original database and then use the standard arguments (like <code class="option">-d</code>) to give the information about the new databases. The command also requires information that the tool uses for the process to upgrade and write over the original database.
+	</p><pre class="programlisting">certutil --upgrade-merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix --upgrade-id id --upgrade-token-name name [-@ password-file]</pre><p>
+		For example:
+	</p><pre class="programlisting">$ certutil --upgrade-merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp- --upgrade-id 1 --upgrade-token-name internal</pre><p>
+		The <code class="option">--merge</code> command only requires information about the location of the original database; since it doesn't change the format of the database, it can write over information without performing interim step.
+	</p><pre class="programlisting">certutil --merge -d [sql:]directory [-P dbprefix] --source-dir directory --source-prefix dbprefix [-@ password-file]</pre><p>
+		For example:
+	</p><pre class="programlisting">$ certutil --merge -d sql:/home/my/sharednssdb --source-dir /opt/my-app/alias/ --source-prefix serverapp-</pre><p><span class="command"><strong>Running certutil Commands from a Batch File</strong></span></p><p>
+		A series of commands can be run sequentially from a text file with the <code class="option">-B</code> command option. The only argument for this specifies the input file.
+	</p><pre class="programlisting">$ certutil -B -i /path/to/batch-file</pre></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert8.db for certificates
+		</p></li><li class="listitem"><p>
+			key3.db for keys
+		</p></li><li class="listitem"><p>
+			secmod.db for PKCS #11 module information
+		</p></li></ul></div><p>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</p><p>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkeleyDB. These new databases provide more accessibility and performance:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert9.db for certificates
+		</p></li><li class="listitem"><p>
+			key4.db for keys
+		</p></li><li class="listitem"><p>
+			pkcs11.txt, a listing of all of the PKCS #11 modules, contained in a new subdirectory in the security databases directory
+		</p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting">$ certutil -L -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>pk12util (1)</p><p>modutil (1)</p><p><span class="command"><strong>certutil</strong></span> has arguments or operations that use features defined in several IETF RFCs.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+		http://tools.ietf.org/html/rfc5280
+	</p></li><li class="listitem"><p>
+		http://tools.ietf.org/html/rfc1113
+	</p></li><li class="listitem"><p>
+		http://tools.ietf.org/html/rfc1485
+	</p></li></ul></div><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</p></li></ul></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/cmsutil.html b/nss/doc/html/cmsutil.html
new file mode 100644
index 0000000..1bed3fe
--- /dev/null
+++ b/nss/doc/html/cmsutil.html
@@ -0,0 +1,27 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CMSUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CMSUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CMSUTIL</th></tr></table><hr></div><div class="refentry"><a name="cmsutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>cmsutil — Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">cmsutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233266717696"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The <span class="command"><strong>cmsutil</strong></span> command-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages.
+	</p><p>
+To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section. 
+Each command takes one option. Each option may take zero or more arguments. 
+To see a usage string, issue the command without options. 
+	</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p>
+	</p><p><span class="command"><strong>Options</strong></span></p><p>
+Options specify an action. Option arguments modify an action. 
+The options and arguments for the cmsutil command are defined as follows:
+    </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-C</span></dt><dd><p>Encrypt a message.</p></dd><dt><span class="term">-D </span></dt><dd><p>Decode a message.</p></dd><dt><span class="term">-E </span></dt><dd><p>Envelope a message.</p></dd><dt><span class="term">-O </span></dt><dd><p>Create a certificates-only message.</p></dd><dt><span class="term">-S </span></dt><dd><p>Sign a message.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b </span></dt><dd><p>Decode a batch of files named in infile.</p></dd><dt><span class="term">-c content </span></dt><dd><p>Use this detached content (decode only).</p></dd><dt><span class="term">-d dbdir</span></dt><dd><p>Specify the key/certificate database directory (default is ".")</p></dd><dt><span class="term">-e envfile</span></dt><dd><p>Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</p></dd><dt><span class="term">-f pwfile</span></dt><dd><p>Use password file to set password on all PKCS#11 tokens.</p></dd><dt><span class="term">-G</span></dt><dd><p>Include a signing time attribute (sign only).</p></dd><dt><span class="term">-H hash</span></dt><dd><p>Use specified hash algorithm (default:SHA1).</p></dd><dt><span class="term">-h num</span></dt><dd><p>Generate email headers with info about CMS message (decode only).</p></dd><dt><span class="term">-i infile</span></dt><dd><p>Use infile as a source of data (default is stdin).</p></dd><dt><span class="term">-k</span></dt><dd><p>Keep decoded encryption certs in permanent cert db.</p></dd><dt><span class="term">-N nickname</span></dt><dd><p>Specify nickname of certificate to sign with (sign only).</p></dd><dt><span class="term">-n </span></dt><dd><p>Suppress output of contents (decode only).</p></dd><dt><span class="term">-o outfile</span></dt><dd><p>Use outfile as a destination of data (default is stdout).</p></dd><dt><span class="term">-P</span></dt><dd><p>Include an S/MIME capabilities attribute.</p></dd><dt><span class="term">-p password</span></dt><dd><p>Use password as key database password.</p></dd><dt><span class="term">-r recipient1,recipient2, ...</span></dt><dd><p>
+Specify list of recipients (email addresses) for an encrypted or enveloped message. 
+For certificates-only message, list of certificates to send.
+          </p></dd><dt><span class="term">-T</span></dt><dd><p>Suppress content in CMS message (sign only).</p></dd><dt><span class="term">-u certusage</span></dt><dd><p>Set type of cert usage (default is certUsageEmailSigner).</p></dd><dt><span class="term">-v</span></dt><dd><p>Print debugging information.</p></dd><dt><span class="term">-Y ekprefnick</span></dt><dd><p>Specify an encryption key preference by nickname.</p></dd></dl></div></div><div class="refsection"><a name="usage"></a><h2>Usage</h2><p>Encrypt Example</p><pre class="programlisting">
+cmsutil -C [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, . . ." -e envfile
+      </pre><p>Decode Example</p><pre class="programlisting">
+cmsutil -D [-i infile] [-o outfile] [-d dbdir] [-p password] [-c content] [-n] [-h num]
+      </pre><p>Envelope Example</p><pre class="programlisting">
+cmsutil -E [-i infile] [-o outfile] [-d dbdir] [-p password] -r "recipient1,recipient2, ..."
+      </pre><p>Certificate-only Example</p><pre class="programlisting">
+cmsutil -O [-i infile] [-o outfile] [-d dbdir] [-p password] -r "cert1,cert2, . . ."
+      </pre><p>Sign Message Example</p><pre class="programlisting">
+cmsutil -S [-i infile] [-o outfile] [-d dbdir] [-p password] -N nickname[-TGP] [-Y ekprefnick]
+      </pre></div><div class="refsection"><a name="seealso"></a><h2>See also</h2><p>certutil(1)</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/crlutil.html b/nss/doc/html/crlutil.html
new file mode 100644
index 0000000..c27a06e
--- /dev/null
+++ b/nss/doc/html/crlutil.html
@@ -0,0 +1,204 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>CRLUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="CRLUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">CRLUTIL</th></tr></table><hr></div><div class="refentry"><a name="crlutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>crlutil — 
+List, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.
+    </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">crlutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233261315520"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Certificate Revocation List (CRL) Management Tool, <span class="command"><strong>crlutil</strong></span>, is a command-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL.
+    </p><p>
+The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database(see certutil tool) and continues with certificates expiration or revocation.
+    </p><p>
+This document discusses certificate revocation list management. For information on security module database management, see Using the Security Module Database Tool. For information on certificate and key database management, see Using the Certificate Database Tool.
+    </p><p>
+To run the Certificate Revocation List Management Tool, type the command
+    </p><p>
+crlutil option [arguments]
+    </p><p>
+where options and arguments are combinations of the options and arguments listed in the following section. Each command takes one option. Each option may take zero or more arguments. To see a usage string, issue the command without options, or with the -H option.
+    </p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p>
+	</p><p><span class="command"><strong>Options</strong></span></p><p>
+Options specify an action. Option arguments modify an action. 
+The options and arguments for the crlutil command are defined as follows:
+    </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-D </span></dt><dd><p>
+Delete Certificate Revocation List from cert database.
+          </p></dd><dt><span class="term">-E </span></dt><dd><p>
+Erase all CRLs of specified type from the cert database
+          </p></dd><dt><span class="term">-G </span></dt><dd><p>
+Create new Certificate Revocation List (CRL).
+          </p></dd><dt><span class="term">-I </span></dt><dd><p>
+Import a CRL to the cert database
+          </p></dd><dt><span class="term">-L </span></dt><dd><p>
+List existing CRL located in cert database file.
+          </p></dd><dt><span class="term">-M </span></dt><dd><p>
+Modify existing CRL which can be located in cert db or in arbitrary file. If located in file it should be encoded in ASN.1 encode format.
+          </p></dd><dt><span class="term">-S </span></dt><dd><p>
+Show contents of a CRL file which isn't stored in the database.
+          </p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><p>Option arguments modify an action.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-a </span></dt><dd><p>
+Use ASCII format or allow the use of ASCII format for input and output. This formatting follows RFC #1113.
+          </p></dd><dt><span class="term">-B </span></dt><dd><p>
+Bypass CA signature checks.
+          </p></dd><dt><span class="term">-c crl-gen-file </span></dt><dd><p>
+Specify script file that will be used to control crl generation/modification. See crl-cript-file format below. If options -M|-G is used and -c crl-script-file is not specified, crlutil will read script data from standard input.
+          </p></dd><dt><span class="term">-d directory </span></dt><dd><p>
+Specify the database directory containing the certificate and key database files. On Unix the Certificate Database Tool defaults to $HOME/.netscape (that is, ~/.netscape). On Windows NT the default is the current directory.
+          </p><p>
+The NSS database files must reside in the same directory.
+          </p></dd><dt><span class="term">-f password-file </span></dt><dd><p>
+Specify a file that will automatically supply the password to include in a certificate or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent unauthorized access to this file.
+          </p></dd><dt><span class="term">-i crl-file </span></dt><dd><p>
+Specify the file which contains the CRL to import or show.
+          </p></dd><dt><span class="term">-l algorithm-name </span></dt><dd><p>
+Specify a specific signature algorithm. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512
+          </p></dd><dt><span class="term">-n nickname </span></dt><dd><p>
+Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.
+          </p></dd><dt><span class="term">-o output-file </span></dt><dd><p>
+Specify the output file name for new CRL. Bracket the output-file string with quotation marks if it contains spaces. If this argument is not used the output destination defaults to standard output.
+          </p></dd><dt><span class="term">-P dbprefix </span></dt><dd><p>
+Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.
+          </p></dd><dt><span class="term">-t crl-type </span></dt><dd><p>
+Specify type of CRL. possible types are: 0 - SEC_KRL_TYPE, 1 - SEC_CRL_TYPE. This option is obsolete
+          </p></dd><dt><span class="term">-u url </span></dt><dd><p>
+Specify the url.
+          </p></dd><dt><span class="term">-w pwd-string</span></dt><dd><p>Provide db password in command line.</p></dd><dt><span class="term">-Z algorithm</span></dt><dd><p>Specify the hash algorithm to use for signing the CRL.</p></dd></dl></div></div><div class="refsection"><a name="syntax"></a><h2>CRL Generation script syntax</h2><p>CRL generation script file has the following syntax:</p><p>
+    * Line with comments should have # as a first symbol of a line</p><p>
+    * Set "this update" or "next update" CRL fields:
+    </p><p>           
+             update=YYYYMMDDhhmmssZ
+             nextupdate=YYYYMMDDhhmmssZ
+     </p><p>
+      Field "next update" is optional. Time should be in GeneralizedTime format (YYYYMMDDhhmmssZ).
+      For example: 20050204153000Z
+    </p><p>* Add an extension to a CRL or a crl certificate entry:</p><p>addext extension-name critical/non-critical [arg1[arg2 ...]]</p><p>Where:</p><p>
+          extension-name: string value of a name of known extensions.
+          critical/non-critical: is 1 when extension is critical and 0 otherwise.
+          arg1, arg2: specific to extension type extension parameters
+    </p><p>
+      addext uses the range that was set earlier by addcert and will install an extension to every cert entries within the range.
+    </p><p>
+    * Add certificate entries(s) to CRL:
+    </p><p>
+          addcert range date
+    </p><p>
+          range: two integer values separated by dash: range of certificates that will be added by this command. dash is used as a delimiter. Only one cert will be added if there is no delimiter.
+          date: revocation date of a cert. Date should be represented in GeneralizedTime format (YYYYMMDDhhmmssZ).
+    </p><p>
+    * Remove certificate entry(s) from CRL
+    </p><p>
+          rmcert range
+    </p><p>
+      Where:
+    </p><p>
+          range: two integer values separated by dash: range of certificates that will be added by this command. dash is used as a delimiter. Only one cert will be added if there is no delimiter.
+    </p><p>
+    * Change range of certificate entry(s) in CRL
+    </p><p>
+          range new-range
+    </p><p>
+      Where:
+    </p><p>
+          new-range: two integer values separated by dash: range of certificates that will be added by this command. dash is used as a delimiter. Only one cert will be added if there is no delimiter.
+    </p><p>
+Implemented Extensions
+     </p><p>
+      The extensions defined for CRL provide methods for associating additional attributes with CRLs of theirs entries. For more information see RFC #3280
+     </p><p>
+    * Add The Authority Key Identifier extension:
+     </p><p>
+The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL.
+     </p><p>
+          authKeyId critical [key-id | dn cert-serial]
+     </p><p>
+      Where:
+     </p><p>
+          authKeyIdent: identifies the name of an extension
+          critical: value of 1 of 0. Should be set to 1 if this extension is critical or 0 otherwise.
+          key-id: key identifier represented in octet string. dn:: is a CA distinguished name cert-serial: authority certificate serial number. 
+     </p><p>
+    * Add Issuer Alternative Name extension:
+     </p><p>
+      The issuer alternative names extension allows additional identities to be associated with the issuer of the CRL. Defined options include an rfc822 name (electronic mail address), a DNS name, an IP address, and a URI.
+     </p><p>
+          issuerAltNames non-critical name-list
+     </p><p>
+      Where:
+     </p><p>
+          subjAltNames: identifies the name of an extension
+          should be set to 0 since this is non-critical extension
+          name-list: comma separated list of names
+     </p><p>
+    * Add CRL Number extension:
+     </p><p>
+      The CRL number is a non-critical CRL extension which conveys a monotonically increasing sequence number for a given CRL scope and CRL issuer. This extension allows users to easily determine when a particular CRL supersedes another CRL
+     </p><p>
+          crlNumber non-critical number
+     </p><p>
+      Where:
+     </p><p>
+          crlNumber: identifies the name of an extension
+          critical: should be set to 0 since this is non-critical extension
+          number: value of long which identifies the sequential number of a CRL.
+     </p><p>
+    * Add Revocation Reason Code extension:
+     </p><p>
+      The reasonCode is a non-critical CRL entry extension that identifies the reason for the certificate revocation.
+     </p><p>
+          reasonCode non-critical code
+     </p><p>
+      Where:
+     </p><p>
+          reasonCode: identifies the name of an extension
+          non-critical: should be set to 0 since this is non-critical extension
+          code: the following codes are available:
+     </p><p>
+              unspecified (0),
+              keyCompromise (1),
+              cACompromise (2),
+              affiliationChanged (3),
+              superseded (4),
+              cessationOfOperation (5),
+              certificateHold (6),
+              removeFromCRL (8),
+              privilegeWithdrawn (9),
+              aACompromise (10)
+     </p><p>
+    * Add Invalidity Date extension:
+     </p><p>
+      The invalidity date is a non-critical CRL entry extension that provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid.
+     </p><p>
+          invalidityDate non-critical date
+     </p><p>
+      Where:
+     </p><p>
+          crlNumber: identifies the name of an extension
+          non-critical: should be set to 0 since this is non-critical extension date: invalidity date of a cert. Date should be represented in GeneralizedTime format (YYYYMMDDhhmmssZ).
+     </p></div><div class="refsection"><a name="usage"></a><h2>Usage</h2><p>
+The Certificate Revocation List Management Tool's capabilities are grouped as follows, using these combinations of options and arguments. Options and arguments in square brackets are optional, those without square brackets are required.
+    </p><p>See "Implemented extensions" for more information regarding extensions and their parameters.</p><p>
+    * Creating or modifying a CRL:
+    </p><pre class="programlisting">
+crlutil -G|-M -c crl-gen-file -n nickname [-i crl] [-u url] [-d keydir] [-P dbprefix] [-l alg] [-a] [-B] 
+      </pre><p>
+    * Listing all CRls or a named CRL:
+    </p><pre class="programlisting">
+	crlutil -L [-n crl-name] [-d krydir] 
+      </pre><p>
+    * Deleting CRL from db:
+    </p><pre class="programlisting">
+	crlutil -D -n nickname [-d keydir] [-P dbprefix] 
+      </pre><p>
+    * Erasing CRLs from db:
+    </p><pre class="programlisting">
+	crlutil -E [-d keydir] [-P dbprefix] 
+      </pre><p>
+    * Deleting CRL from db: 
+    </p><pre class="programlisting">
+          crlutil -D -n nickname [-d keydir] [-P dbprefix]
+    </pre><p>
+    * Erasing CRLs from db:
+    </p><pre class="programlisting">
+          crlutil -E [-d keydir] [-P dbprefix] 
+    </pre><p>
+    * Import CRL from file:
+    </p><pre class="programlisting">
+          crlutil -I -i crl [-t crlType] [-u url] [-d keydir] [-P dbprefix] [-B] 
+    </pre></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil(1)</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/derdump.html b/nss/doc/html/derdump.html
new file mode 100644
index 0000000..77e70be
--- /dev/null
+++ b/nss/doc/html/derdump.html
@@ -0,0 +1,7 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>DERDUMP</title><meta name="generator" content="DocBook XSL Stylesheets V1.77.1"><link rel="home" href="index.html" title="DERDUMP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">DERDUMP</th></tr></table><hr></div><div class="refentry"><a name="derdump"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>derdump  — Dumps C-sequence strings from a DER encoded certificate file</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">derdump</code>  [<code class="option">-r</code>] [<code class="option">-i <em class="replaceable"><code>input-file</code></em></code>] [<code class="option">-o <em class="replaceable"><code>output-file</code></em></code>]</p></div></div><div class="refsection"><a name="idp4817536"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="idp2658976"></a><h2>Description</h2><p><span class="command"><strong>derdump </strong></span>dumps C-sequence strings from a DER encode certificate file </p></div><div class="refsection"><a name="idp4859136"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-r </code></span></dt><dd>For formatted items, dump raw bytes as well</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>DER encoded file</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>output file</code></em></span></dt><dd>Define an output file to use (default is stdout).</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunction with PKI and security-related projects through Mozilla dn Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel@redhat.com and pki-users@redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape and now with Red Hat.</p><p>
+	Authors: Gerhardus Geldenhuis &lt;gerhardus.geldenhuis@gmail.com&gt;. Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, version 1.1,
+        and/or the GNU General Public License, version 2 or later,
+        and/or the GNU Lesser General Public License, version 2.1 or later.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/modutil.html b/nss/doc/html/modutil.html
new file mode 100644
index 0000000..5c53b0a
--- /dev/null
+++ b/nss/doc/html/modutil.html
@@ -0,0 +1,250 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>MODUTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="MODUTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">MODUTIL</th></tr></table><hr></div><div class="refentry"><a name="modutil"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>modutil — Manage PKCS #11 module information within the security module database.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">modutil</code>  [<em class="replaceable"><code>options</code></em>] [[<em class="replaceable"><code>arguments</code></em>]]</p></div></div><div class="refsection"><a name="idm233245929376"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Security Module Database Tool, <span class="command"><strong>modutil</strong></span>, is a command-line utility for managing PKCS #11 module information both within <code class="filename">secmod.db</code> files and within hardware tokens. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><p>
+		Running <span class="command"><strong>modutil</strong></span> always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments.
+	</p><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-add modulename</span></dt><dd><p>Add the named PKCS #11 module to the database. Use this option with the <code class="option">-libfile</code>, <code class="option">-ciphers</code>, and <code class="option">-mechanisms</code> arguments.</p></dd><dt><span class="term">-changepw tokenname</span></dt><dd><p>Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the <code class="option">-pwfile</code> and <code class="option">-newpwfile</code> arguments. A <span class="emphasis"><em>password</em></span> is equivalent to a personal identification number (PIN).</p></dd><dt><span class="term">-chkfips</span></dt><dd><p>Verify whether the module is in the given FIPS mode. <span class="command"><strong>true</strong></span> means to verify that the module is in FIPS mode, while <span class="command"><strong>false</strong></span> means to verify that the module is not in FIPS mode.</p></dd><dt><span class="term">-create</span></dt><dd><p>Create new certificate, key, and module databases. Use the <code class="option">-dbdir</code> directory argument to specify a directory. If any of these databases already exist in a specified directory, <span class="command"><strong>modutil</strong></span> returns an error message.</p></dd><dt><span class="term">-default modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd><dt><span class="term">-delete modulename</span></dt><dd><p>Delete the named module. The default NSS PKCS #11 module cannot be deleted.</p></dd><dt><span class="term">-disable modulename</span></dt><dd><p>Disable all slots on the named module. Use the <code class="option">-slot</code> argument to disable a specific slot.</p><p>The internal NSS PKCS #11 module cannot be disabled.</p></dd><dt><span class="term">-enable modulename</span></dt><dd><p>Enable all slots on the named module. Use the <code class="option">-slot</code> argument to enable a specific slot.</p></dd><dt><span class="term">-fips [true | false]</span></dt><dd><p>Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.</p></dd><dt><span class="term">-force</span></dt><dd><p>Disable <span class="command"><strong>modutil</strong></span>'s interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.</p></dd><dt><span class="term">-jar JAR-file</span></dt><dd><p>Add a new PKCS #11 module to the database using the named JAR file. Use this command with the <code class="option">-installdir</code> and <code class="option">-tempdir</code> arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with <span class="command"><strong>modutil</strong></span>. </p></dd><dt><span class="term">-list [modulename]</span></dt><dd><p>Display basic information about the contents of the <code class="filename">secmod.db</code> file. Specifying a <span class="emphasis"><em>modulename</em></span> displays detailed information about a particular module and its slots and tokens.</p></dd><dt><span class="term">-rawadd</span></dt><dd><p>Add the module spec string to the <code class="filename">secmod.db</code> database.</p></dd><dt><span class="term">-rawlist</span></dt><dd><p>Display the module specs for a specified module or for all loadable modules.</p></dd><dt><span class="term">-undefault modulename</span></dt><dd><p>Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the <code class="option">-mechanisms</code> argument.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">MODULE</span></dt><dd><p>Give the security module to access.</p></dd><dt><span class="term">MODULESPEC</span></dt><dd><p>Give the security module spec to load into the security database.</p></dd><dt><span class="term">-ciphers cipher-enable-list</span></dt><dd><p>Enable specific ciphers in a module that is being added to the database. The <span class="emphasis"><em>cipher-enable-list</em></span> is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.</p></dd><dt><span class="term">-dbdir [sql:]directory</span></dt><dd><p>Specify the database directory in which to access or create security module database files.</p><p><span class="command"><strong>modutil</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">--dbprefix prefix</span></dt><dd><p>Specify the prefix used on the database files, such as <code class="filename">my_</code> for <code class="filename">my_cert8.db</code>. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-installdir root-installation-directory</span></dt><dd><p>Specify the root installation directory relative to which files will be installed by the <code class="option">-jar</code> option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.</p></dd><dt><span class="term">-libfile library-file</span></dt><dd><p>Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.</p></dd><dt><span class="term">-mechanisms mechanism-list</span></dt><dd><p>Specify the security mechanisms for which a particular module will be flagged as a default provider. The <span class="emphasis"><em>mechanism-list</em></span> is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.</p><p>The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.</p><p><span class="command"><strong>modutil</strong></span> supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).</p></dd><dt><span class="term">-newpwfile new-password-file</span></dt><dd><p>Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the <code class="option">-changepw</code> option.</p></dd><dt><span class="term">-nocertdb</span></dt><dd><p>Do not open the certificate or key databases. This has several effects:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>With the <code class="option">-create</code> command, only a module security file is created; certificate and key databases are not created.</p></li><li class="listitem"><p>With the <code class="option">-jar</code> command, signatures on the JAR file are not checked.</p></li><li class="listitem"><p>With the <code class="option">-changepw</code> command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.</p></li></ul></div></dd><dt><span class="term">-pwfile old-password-file</span></dt><dd><p>Specify a text file containing a token's existing password so that a password can be entered automatically when the <code class="option">-changepw</code> option is used to change passwords.</p></dd><dt><span class="term">-secmod secmodname</span></dt><dd><p>Give the name of the security module database (like <code class="filename">secmod.db</code>) to load.</p></dd><dt><span class="term">-slot slotname</span></dt><dd><p>Specify a particular slot to be enabled or disabled with the <code class="option">-enable</code> or <code class="option">-disable</code> options.</p></dd><dt><span class="term">-string CONFIG_STRING</span></dt><dd><p>Pass a configuration string for the module being added to the database.</p></dd><dt><span class="term">-tempdir temporary-directory</span></dt><dd><p>Give a directory location where temporary files are created during the installation by the <code class="option">-jar</code> option. If no temporary directory is specified, the current directory is used.</p></dd></dl></div></div><div class="refsection"><a name="usage-and-examples"></a><h2>Usage and Examples</h2><p><span class="command"><strong>Creating Database Files</strong></span></p><p>Before any operations can be performed, there must be a set of security databases available. <span class="command"><strong>modutil</strong></span> can be used to create these files. The only required argument is the database that where the databases will be located.</p><pre class="programlisting">modutil -create -dbdir [sql:]directory</pre><p><span class="command"><strong>Adding a Cryptographic Module</strong></span></p><p>Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through <span class="command"><strong>modutil</strong></span> directly or by running a JAR file and install script. For the most basic case, simply upload the library:</p><pre class="programlisting">modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] </pre><p>For example:
+</p><pre class="programlisting">modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
+
+Using database directory ... 
+Module "Example PKCS #11 Module" added to database.</pre><p>
+        </p><p><span class="command"><strong>Installing a Cryptographic Module from a JAR File</strong></span></p><p>PKCS #11 modules can also be loaded using a JAR file, which contains all of the required libraries and an installation script that describes how to install the module. The JAR install script is described in more detail in <a class="xref" href="index.html#jar-install-file" title="JAR Installation File Format">the section called “JAR Installation File Format�</a>.</p><p>The JAR installation script defines the setup information for each platform that the module can be installed on. For example:</p><pre class="programlisting">Platforms { 
+   Linux:5.4.08:x86 { 
+      ModuleName { "Example PKCS #11 Module" } 
+      ModuleFile { crypto.so } 
+      DefaultMechanismFlags{0x0000} 
+      CipherEnableFlags{0x0000} 
+      Files { 
+         crypto.so { 
+            Path{ /tmp/crypto.so } 
+         } 
+         setup.sh { 
+            Executable 
+            Path{ /tmp/setup.sh } 
+         } 
+      } 
+   } 
+   Linux:6.0.0:x86 { 
+      EquivalentPlatform { Linux:5.4.08:x86 } 
+   } 
+} </pre><p>Both the install script and the required libraries must be bundled in a JAR file, which is specified with the <code class="option">-jar</code> argument.</p><pre class="programlisting">modutil -dbdir sql:/home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir sql:/home/my/sharednssdb
+
+This installation JAR file was signed by: 
+---------------------------------------------- 
+
+**SUBJECT NAME** 
+
+C=US, ST=California, L=Mountain View, CN=Cryptorific Inc., OU=Digital ID
+Class 3 - Netscape Object Signing, OU="www.verisign.com/repository/CPS
+Incorp. by Ref.,LIAB.LTD(c)9 6", OU=www.verisign.com/CPS Incorp.by Ref
+. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign Object Signing CA - Class 3
+Organization, OU="VeriSign, Inc.", O=VeriSign Trust Network **ISSUER
+NAME**, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
+VeriSign, OU=VeriSign Object Signing CA - Class 3 Organization,
+OU="VeriSign, Inc.", O=VeriSign Trust Network 
+---------------------------------------------- 
+
+Do you wish to continue this installation? (y/n) y 
+Using installer script "installer_script" 
+Successfully parsed installation script 
+Current platform is Linux:5.4.08:x86 
+Using installation parameters for platform Linux:5.4.08:x86 
+Installed file crypto.so to /tmp/crypto.so
+Installed file setup.sh to ./pk11inst.dir/setup.sh 
+Executing "./pk11inst.dir/setup.sh"... 
+"./pk11inst.dir/setup.sh" executed successfully 
+Installed module "Example PKCS #11 Module" into module database 
+
+Installation completed successfully </pre><p><span class="command"><strong>Adding Module Spec</strong></span></p><p>Each module has information stored in the security database about its configuration and parameters. These can be added or edited using the <code class="option">-rawadd</code> command. For the current settings or to see the format of the module spec in the database, use the <code class="option">-rawlist</code> option.</p><pre class="programlisting">modutil -rawadd modulespec</pre><p><span class="command"><strong>Deleting a Module</strong></span></p><p>A specific PKCS #11 module can be deleted from the <code class="filename">secmod.db</code> database:</p><pre class="programlisting">modutil -delete modulename -dbdir [sql:]directory </pre><p><span class="command"><strong>Displaying Module Information</strong></span></p><p>The <code class="filename">secmod.db</code> database contains information about the PKCS #11 modules that are available to an application or server to use. The list of all modules, information about specific modules, and database configuration specs for modules can all be viewed. </p><p>To simply get a list of modules in the database, use the <code class="option">-list</code> command.</p><pre class="programlisting">modutil -list [modulename] -dbdir [sql:]directory </pre><p>Listing the modules shows the module name, their status, and other associated security databases for certificates and keys. For example:</p><pre class="programlisting">modutil -list -dbdir sql:/home/my/sharednssdb 
+
+Listing of PKCS #11 Modules
+-----------------------------------------------------------
+  1. NSS Internal PKCS #11 Module
+         slots: 2 slots attached
+        status: loaded
+
+         slot: NSS Internal Cryptographic Services                            
+        token: NSS Generic Crypto Services
+
+         slot: NSS User Private Key and Certificate Services                  
+        token: NSS Certificate DB
+-----------------------------------------------------------</pre><p>Passing a specific module name with the <code class="option">-list</code> returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example:</p><pre class="programlisting"> modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/home/my/sharednssdb
+
+-----------------------------------------------------------
+Name: NSS Internal PKCS #11 Module
+Library file: **Internal ONLY module**
+Manufacturer: Mozilla Foundation              
+Description: NSS Internal Crypto Services    
+PKCS #11 Version 2.20
+Library Version: 3.11
+Cipher Enable Flags: None
+Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
+
+  Slot: NSS Internal Cryptographic Services                            
+  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
+  Manufacturer: Mozilla Foundation              
+  Type: Software
+  Version Number: 3.11
+  Firmware Version: 0.0
+  Status: Enabled
+  Token Name: NSS Generic Crypto Services     
+  Token Manufacturer: Mozilla Foundation              
+  Token Model: NSS 3           
+  Token Serial Number: 0000000000000000
+  Token Version: 4.0
+  Token Firmware Version: 0.0
+  Access: Write Protected
+  Login Type: Public (no login required)
+  User Pin: NOT Initialized
+
+  Slot: NSS User Private Key and Certificate Services                  
+  Slot Mechanism Flags: None
+  Manufacturer: Mozilla Foundation              
+  Type: Software
+  Version Number: 3.11
+  Firmware Version: 0.0
+  Status: Enabled
+  Token Name: NSS Certificate DB              
+  Token Manufacturer: Mozilla Foundation              
+  Token Model: NSS 3           
+  Token Serial Number: 0000000000000000
+  Token Version: 8.3
+  Token Firmware Version: 0.0
+  Access: NOT Write Protected
+  Login Type: Login required
+  User Pin: Initialized</pre><p>A related command, <code class="option">-rawlist</code> returns information about the database configuration for the modules. (This information can be edited by loading new specs using the <code class="option">-rawadd</code> command.)</p><pre class="programlisting"> modutil -rawlist -dbdir sql:/home/my/sharednssdb
+ name="NSS Internal PKCS #11 Module" parameters="configdir=. certPrefix= keyPrefix= secmod=secmod.db flags=readOnly " NSS="trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM askpw=any timeout=30 ] }  Flags=internal,critical"</pre><p><span class="command"><strong>Setting a Default Provider for Security Mechanisms</strong></span></p><p>Multiple security modules may provide support for the same security mechanisms. It is possible to set a specific security module as the default provider for a specific security mechanism (or, conversely, to prohibit a provider from supplying those mechanisms).</p><pre class="programlisting">modutil -default modulename -mechanisms mechanism-list </pre><p>To set a module as the default provider for mechanisms, use the <code class="option">-default</code> command with a colon-separated list of mechanisms. The available mechanisms depend on the module; NSS supplies almost all common mechanisms. For example:</p><pre class="programlisting">modutil -default "NSS Internal PKCS #11 Module" -dbdir -mechanisms RSA:DSA:RC2 
+
+Using database directory c:\databases...
+
+Successfully changed defaults.</pre><p>Clearing the default provider has the same format:</p><pre class="programlisting">modutil -undefault "NSS Internal PKCS #11 Module" -dbdir -mechanisms MD2:MD5</pre><p><span class="command"><strong>Enabling and Disabling Modules and Slots</strong></span></p><p>Modules, and specific slots on modules, can be selectively enabled or disabled using <span class="command"><strong>modutil</strong></span>. Both commands have the same format:</p><pre class="programlisting">modutil -enable|-disable modulename [-slot slotname] </pre><p>For example:</p><pre class="programlisting">modutil -enable "NSS Internal PKCS #11 Module" -slot "NSS Internal Cryptographic Services                            " -dbdir .
+
+Slot "NSS Internal Cryptographic Services                            " enabled.</pre><p>Be sure that the appropriate amount of trailing whitespace is after the slot name. Some slot names have a significant amount of whitespace that must be included, or the operation will fail.</p><p><span class="command"><strong>Enabling and Verifying FIPS Compliance</strong></span></p><p>The NSS modules can have FIPS 140-2 compliance enabled or disabled using <span class="command"><strong>modutil</strong></span> with the <code class="option">-fips</code> option. For example:</p><pre class="programlisting">modutil -fips true -dbdir sql:/home/my/sharednssdb/
+
+FIPS mode enabled.</pre><p>To verify that status of FIPS mode, run the <code class="option">-chkfips</code> command with either a true or false flag (it doesn't matter which). The tool returns the current FIPS setting.</p><pre class="programlisting">modutil -chkfips false -dbdir sql:/home/my/sharednssdb/
+
+FIPS mode enabled.</pre><p><span class="command"><strong>Changing the Password on a Token</strong></span></p><p>Initializing or changing a token's password:</p><pre class="programlisting">modutil -changepw tokenname [-pwfile old-password-file] [-newpwfile new-password-file] </pre><pre class="programlisting">modutil -dbdir sql:/home/my/sharednssdb -changepw "NSS Certificate DB" 
+
+Enter old password: 
+Incorrect password, try again... 
+Enter old password: 
+Enter new password: 
+Re-enter new password: 
+Token "Communicator Certificate DB" password changed successfully.</pre></div><div class="refsection"><a name="jar-install-file"></a><h2>JAR Installation File Format</h2><p>When a JAR file is run by a server, by <span class="command"><strong>modutil</strong></span>, or by any program that does not interpret JavaScript, a special information file must be included to install the libraries. There are several things to keep in mind with this file:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+				It must be declared in the JAR archive's manifest file. 
+			</p></li><li class="listitem"><p>
+				The script can have any name. 
+			</p></li><li class="listitem"><p>
+				The metainfo tag for this is <span class="command"><strong>Pkcs11_install_script</strong></span>. To declare meta-information in the manifest file, put it in a file that is passed to <span class="command"><strong>signtool</strong></span>.</p></li></ul></div><p><span class="command"><strong>Sample Script</strong></span></p><p>For example, the PKCS #11 installer script could be in the file pk11install. If so, the metainfo file for <span class="command"><strong>signtool</strong></span> includes a line such as this:</p><pre class="programlisting">+ Pkcs11_install_script: pk11install</pre><p>The script must define the platform and version number, the module name and file, and any optional information like supported ciphers and mechanisms. Multiple platforms can be defined in a single install file.</p><pre class="programlisting">ForwardCompatible { IRIX:6.2:mips SUNOS:5.5.1:sparc }
+Platforms {
+   WINNT::x86 {
+      ModuleName { "Example Module" }
+      ModuleFile { win32/fort32.dll }
+      DefaultMechanismFlags{0x0001}
+      DefaultCipherFlags{0x0001}
+      Files {
+         win32/setup.exe {
+            Executable
+            RelativePath { %temp%/setup.exe }
+         }
+         win32/setup.hlp {
+            RelativePath { %temp%/setup.hlp }
+         }
+         win32/setup.cab {
+            RelativePath { %temp%/setup.cab }
+         }
+      }
+   }
+   WIN95::x86 {
+      EquivalentPlatform {WINNT::x86}
+   }
+   SUNOS:5.5.1:sparc {
+      ModuleName { "Example UNIX Module" }
+      ModuleFile { unix/fort.so }
+      DefaultMechanismFlags{0x0001}
+      CipherEnableFlags{0x0001}
+      Files {
+         unix/fort.so {
+            RelativePath{%root%/lib/fort.so}
+            AbsolutePath{/usr/local/netscape/lib/fort.so}
+            FilePermissions{555}
+         }
+         xplat/instr.html {
+            RelativePath{%root%/docs/inst.html}
+            AbsolutePath{/usr/local/netscape/docs/inst.html}
+            FilePermissions{555}
+         }
+      }
+   }
+   IRIX:6.2:mips {
+      EquivalentPlatform { SUNOS:5.5.1:sparc }
+   }
+}</pre><p><span class="command"><strong>Script Grammar</strong></span></p><p>The script is basic Java, allowing lists, key-value pairs, strings, and combinations of all of them.</p><pre class="programlisting">--&gt; valuelist
+
+valuelist --&gt; value valuelist
+               &lt;null&gt;
+
+value ---&gt; key_value_pair
+            string
+
+key_value_pair --&gt; key { valuelist }
+
+key --&gt; string
+
+string --&gt; simple_string
+            "complex_string"
+
+simple_string --&gt; [^ \t\n\""{""}"]+ 
+
+complex_string --&gt; ([^\"\\\r\n]|(\\\")|(\\\\))+ </pre><p>Quotes and backslashes must be escaped with a backslash. A complex string must not include newlines or carriage returns.Outside of complex strings, all white space (for example, spaces, tabs, and carriage returns) is considered equal and is used only to delimit tokens.</p><p><span class="command"><strong>Keys</strong></span></p><p>The Java install file uses keys to define the platform and module information.</p><p><span class="command"><strong>ForwardCompatible</strong></span> gives a list of platforms that are forward compatible. If the current platform cannot be found in the list of supported platforms, then the <span class="command"><strong>ForwardCompatible</strong></span> list is checked for any platforms that have the same OS and architecture in an earlier version. If one is found, its attributes are used for the current platform. </p><p><span class="command"><strong>Platforms</strong></span> (required) Gives a list of platforms. Each entry in the list is itself a key-value pair: the key is the name of the platform and the value list contains various attributes of the platform. The platform string is in the format <span class="emphasis"><em>system name:OS release:architecture</em></span>. The installer obtains these values from NSPR. OS release is an empty string on non-Unix operating systems. NSPR supports these platforms:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>AIX (rs6000)</p></li><li class="listitem"><p>BSDI (x86)</p></li><li class="listitem"><p>FREEBSD (x86)</p></li><li class="listitem"><p>HPUX (hppa1.1)</p></li><li class="listitem"><p>IRIX (mips)</p></li><li class="listitem"><p>LINUX (ppc, alpha, x86)</p></li><li class="listitem"><p>MacOS (PowerPC)</p></li><li class="listitem"><p>NCR (x86)</p></li><li class="listitem"><p>NEC (mips)</p></li><li class="listitem"><p>OS2 (x86)</p></li><li class="listitem"><p>OSF (alpha)</p></li><li class="listitem"><p>ReliantUNIX (mips)</p></li><li class="listitem"><p>SCO (x86)</p></li><li class="listitem"><p>SOLARIS (sparc)</p></li><li class="listitem"><p>SONY (mips)</p></li><li class="listitem"><p>SUNOS (sparc)</p></li><li class="listitem"><p>UnixWare (x86)</p></li><li class="listitem"><p>WIN16 (x86)</p></li><li class="listitem"><p>WIN95 (x86)</p></li><li class="listitem"><p>WINNT (x86)</p></li></ul></div><p>For example:</p><pre class="programlisting">IRIX:6.2:mips
+SUNOS:5.5.1:sparc
+Linux:2.0.32:x86
+WIN95::x86</pre><p>The module information is defined independently for each platform in the <span class="command"><strong>ModuleName</strong></span>, <span class="command"><strong>ModuleFile</strong></span>, and <span class="command"><strong>Files</strong></span> attributes. These attributes must be given unless an <span class="command"><strong>EquivalentPlatform</strong></span> attribute is specified. </p><p><span class="command"><strong>Per-Platform Keys</strong></span></p><p>Per-platform keys have meaning only within the value list of an entry in the <span class="command"><strong>Platforms</strong></span> list.</p><p><span class="command"><strong>ModuleName</strong></span> (required) gives the common name for the module. This name is used to reference the module by servers and by the <span class="command"><strong>modutil</strong></span> tool. </p><p><span class="command"><strong>ModuleFile</strong></span> (required) names the PKCS #11 module file for this platform. The name is given as the relative path of the file within the JAR archive. </p><p><span class="command"><strong>Files</strong></span> (required) lists the files that need to be installed for this module. Each entry in the file list is a key-value pair. The key is the path of the file in the JAR archive, and the value list contains attributes of the file. At least <span class="command"><strong>RelativePath</strong></span> or <span class="command"><strong>AbsolutePath</strong></span> must be specified for each file.</p><p><span class="command"><strong>DefaultMechanismFlags</strong></span> specifies mechanisms for which this module is the default provider; this is equivalent to the <code class="option">-mechanism</code> option with the <code class="option">-add</code> command. This key-value pair is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the DefaultMechanismFlags entry is omitted, the value defaults to 0x0.</p><pre class="programlisting">RSA:                   0x00000001
+DSA:                   0x00000002
+RC2:                   0x00000004
+RC4:                   0x00000008
+DES:                   0x00000010
+DH:                    0x00000020
+FORTEZZA:              0x00000040
+RC5:                   0x00000080
+SHA1:                  0x00000100
+MD5:                   0x00000200
+MD2:                   0x00000400
+RANDOM:                0x08000000
+FRIENDLY:              0x10000000
+OWN_PW_DEFAULTS:       0x20000000
+DISABLE:               0x40000000</pre><p><span class="command"><strong>CipherEnableFlags</strong></span> specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the <code class="option">-cipher</code> argument with the <code class="option">-add</code> command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the <span class="command"><strong>CipherEnableFlags</strong></span> entry is omitted, the value defaults to 0x0.</p><p><span class="command"><strong>EquivalentPlatform</strong></span> specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.</p><p><span class="command"><strong>Per-File Keys</strong></span></p><p>Some keys have meaning only within the value list of an entry in a <span class="command"><strong>Files</strong></span> list.</p><p>Each file requires a path key the identifies where the file is. Either <span class="command"><strong>RelativePath</strong></span> or <span class="command"><strong>AbsolutePath</strong></span> must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.</p><p><span class="command"><strong>RelativePath</strong></span> specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: <span class="command"><strong>%root%</strong></span> and <span class="command"><strong>%temp%</strong></span>. <span class="command"><strong>%root%</strong></span> is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The <span class="command"><strong>%temp%</strong></span> directory is created at the beginning of the installation and destroyed at the end. The purpose of <span class="command"><strong>%temp%</strong></span> is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.</p><p><span class="command"><strong>AbsolutePath</strong></span> specifies the destination directory of the file as an absolute path. </p><p><span class="command"><strong>Executable</strong></span> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</p><p><span class="command"><strong>FilePermissions</strong></span> sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</p><pre class="programlisting">
+user read:                0400
+user write:               0200
+user execute:             0100
+group read:               0040
+group write:              0020
+group execute:            0010
+other read:               0004
+other write:              0002
+other execute:            0001
+</pre><p>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert8.db for certificates
+		</p></li><li class="listitem"><p>
+			key3.db for keys
+		</p></li><li class="listitem"><p>
+			secmod.db for PKCS #11 module information
+		</p></li></ul></div><p>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</p><p>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkleyDB. These new databases provide more accessibility and performance:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert9.db for certificates
+		</p></li><li class="listitem"><p>
+			key4.db for keys
+		</p></li><li class="listitem"><p>
+			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+		</p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting">modutil -create -dbdir sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be added to the <code class="filename">~/.bashrc</code> file to make the change permanent for the user.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>pk12util (1)</p><p>signtool (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</p></li></ul></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/pk12util.html b/nss/doc/html/pk12util.html
new file mode 100644
index 0000000..fe516dd
--- /dev/null
+++ b/nss/doc/html/pk12util.html
@@ -0,0 +1,77 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PK12UTIL</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PK12UTIL"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PK12UTIL</th></tr></table><hr></div><div class="refentry"><a name="pk12util"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pk12util — Export and import keys and certificate to or from a PKCS #12 file and the NSS database</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pk12util</code>  [-i p12File|-l p12File|-o p12File] [-d [sql:]directory] [-h tokenname] [-P dbprefix] [-r] [-v] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p></div></div><div class="refsection"><a name="idm233250345408"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The PKCS #12 utility, <span class="command"><strong>pk12util</strong></span>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</p></div><div class="refsection"><a name="options"></a><h2>Options and Arguments</h2><p><span class="command"><strong>Options</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-i p12file</span></dt><dd><p>Import keys and certificates from a PKCS#12 file into a security database.</p></dd><dt><span class="term">-l p12file</span></dt><dd><p>List the keys and certificates in PKCS#12 file.</p></dd><dt><span class="term">-o p12file</span></dt><dd><p>Export keys and certificates from the security database to a PKCS#12 file.</p></dd></dl></div><p><span class="command"><strong>Arguments</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">-c keyCipher</span></dt><dd><p>Specify the key encryption algorithm.</p></dd><dt><span class="term">-C certCipher</span></dt><dd><p>Specify the key cert (overall package) encryption algorithm.</p></dd><dt><span class="term">-d [sql:]directory</span></dt><dd><p>Specify the database directory into which to import to or export from certificates and keys.</p><p><span class="command"><strong>pk12util</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-h tokenname</span></dt><dd><p>Specify the name of the token to import into or export from.</p></dd><dt><span class="term">-k slotPasswordFile</span></dt><dd><p>Specify the text file containing the slot's password.</p></dd><dt><span class="term">-K slotPassword</span></dt><dd><p>Specify the slot's password.</p></dd><dt><span class="term">-m | --key-len  keyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the private key.</p></dd><dt><span class="term">-n | --cert-key-len  certKeyLength</span></dt><dd><p>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</p></dd><dt><span class="term">-n certname</span></dt><dd><p>Specify the nickname of the cert and private key to export.</p></dd><dt><span class="term">-P prefix</span></dt><dd><p>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+          Changing the names of the certificate and key databases is not recommended.</p></dd><dt><span class="term">-r</span></dt><dd><p>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</p></dd><dt><span class="term">-v </span></dt><dd><p>Enable debug logging when importing.</p></dd><dt><span class="term">-w p12filePasswordFile</span></dt><dd><p>Specify the text file containing the pkcs #12 file password.</p></dd><dt><span class="term">-W p12filePassword</span></dt><dd><p>Specify the pkcs #12 file password.</p></dd></dl></div></div><div class="refsection"><a name="return-codes"></a><h2>Return Codes</h2><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p> 0 - No error</p></li><li class="listitem"><p> 1 - User Cancelled</p></li><li class="listitem"><p> 2 - Usage error</p></li><li class="listitem"><p> 6 - NLS init error</p></li><li class="listitem"><p> 8 - Certificate DB open error</p></li><li class="listitem"><p> 9 - Key DB open error</p></li><li class="listitem"><p> 10 - File initialization error</p></li><li class="listitem"><p> 11 - Unicode conversion error</p></li><li class="listitem"><p> 12 - Temporary file creation error</p></li><li class="listitem"><p> 13 - PKCS11 get slot error</p></li><li class="listitem"><p> 14 - PKCS12 decoder start error</p></li><li class="listitem"><p> 15 - error read from import file</p></li><li class="listitem"><p> 16 - pkcs12 decode error</p></li><li class="listitem"><p> 17 - pkcs12 decoder verify error</p></li><li class="listitem"><p> 18 - pkcs12 decoder validate bags error</p></li><li class="listitem"><p> 19 - pkcs12 decoder import bags error</p></li><li class="listitem"><p> 20 - key db conversion version 3 to version 2 error</p></li><li class="listitem"><p> 21 - cert db conversion version 7 to version 5 error</p></li><li class="listitem"><p> 22 - cert and key dbs patch error</p></li><li class="listitem"><p> 23 - get default cert db error</p></li><li class="listitem"><p> 24 - find cert by nickname error</p></li><li class="listitem"><p> 25 - create export context error</p></li><li class="listitem"><p> 26 - PKCS12 add password itegrity error</p></li><li class="listitem"><p> 27 - cert and key Safes creation error</p></li><li class="listitem"><p> 28 - PKCS12 add cert and key error</p></li><li class="listitem"><p> 29 - PKCS12 encode error</p></li></ul></div></div><div class="refsection"><a name="examples"></a><h2>Examples</h2><p><span class="command"><strong>Importing Keys and Certificates</strong></span></p><p>The most basic usage of <span class="command"><strong>pk12util</strong></span> for importing a certificate or key is the PKCS#12 input file (<code class="option">-i</code>) and some way to specify the security database being accessed (either <code class="option">-d</code> for a directory or <code class="option">-h</code> for a token).
+    </p><p>
+    pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
+    </p><p>For example:</p><p> </p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
+
+Enter a password which will be used to encrypt your keys.
+The password should be at least 8 characters long,
+and should contain at least one non-alphabetic character.
+
+Enter new password: 
+Re-enter password: 
+Enter password for PKCS12 file: 
+pk12util: PKCS12 IMPORT SUCCESSFUL</pre><p><span class="command"><strong>Exporting Keys and Certificates</strong></span></p><p>Using the <span class="command"><strong>pk12util</strong></span> command to export certificates and keys requires both the name of the certificate to extract from the database (<code class="option">-n</code>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
+    </p><p>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example:</p><pre class="programlisting"># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
+Enter password for PKCS12 file: 
+Re-enter password: </pre><p><span class="command"><strong>Listing Keys and Certificates</strong></span></p><p>The information in a <code class="filename">.p12</code> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <code class="filename">.p12</code> file.
+    </p><p>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</p><p>For example, this prints the default ASCII output:</p><pre class="programlisting"># pk12util -l certs.p12
+
+Enter password for PKCS12 file: 
+Key(shrouded):
+    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+
+    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
+        Parameters:
+            Salt:
+                45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f
+            Iteration Count: 1 (0x1)
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
+        Issuer: "E=personal-freemail@thawte.com,CN=Thawte Personal Freemail C
+            A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
+            own,ST=Western Cape,C=ZA"
+    </pre><p>Alternatively, the <code class="option">-r</code> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <code class="filename">.p12</code> files. Each certificate is written to a sequentially-number file, beginning with <code class="filename">file0001.der</code> and continuing through <code class="filename">file000N.der</code>, incrementing the number for every certificate:</p><pre class="programlisting">pk12util -l test.p12 -r
+Enter password for PKCS12 file: 
+Key(shrouded):
+    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+
+    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
+        Parameters:
+            Salt:
+                45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f
+            Iteration Count: 1 (0x1)
+Certificate    Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
+
+Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+    </pre></div><div class="refsection"><a name="encryption"></a><h2>Password Encryption</h2><p>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</strong></span> for private key encryption. <span class="command"><strong>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</strong></span> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</p><p>The private key is always protected with strong encryption by default.</p><p>Several types of ciphers are supported.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Symmetric CBC ciphers for PKCS#5 V2</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>DES-CBC</p></li><li class="listitem"><p>RC2-CBC</p></li><li class="listitem"><p>RC5-CBCPad</p></li><li class="listitem"><p>DES-EDE3-CBC (the default for key encryption)</p></li><li class="listitem"><p>AES-128-CBC</p></li><li class="listitem"><p>AES-192-CBC</p></li><li class="listitem"><p>AES-256-CBC</p></li><li class="listitem"><p>CAMELLIA-128-CBC</p></li><li class="listitem"><p>CAMELLIA-192-CBC</p></li><li class="listitem"><p>CAMELLIA-256-CBC</p></li></ul></div></dd><dt><span class="term">PKCS#12 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC4</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and Triple DES CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</p></li><li class="listitem"><p>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</p></li></ul></div></dd><dt><span class="term">PKCS#5 PBE ciphers</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>PKCS #5 Password Based Encryption with MD2 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with MD5 and DES CBC</p></li><li class="listitem"><p>PKCS #5 Password Based Encryption with SHA1 and DES CBC</p></li></ul></div></dd></dl></div><p>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <span class="emphasis"><em>no security module can perform the requested operation</em></span>.</p></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert8.db for certificates
+		</p></li><li class="listitem"><p>
+			key3.db for keys
+		</p></li><li class="listitem"><p>
+			secmod.db for PKCS #11 module information
+		</p></li></ul></div><p>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</p><p>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkleyDB. These new databases provide more accessibility and performance:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert9.db for certificates
+		</p></li><li class="listitem"><p>
+			key4.db for keys
+		</p></li><li class="listitem"><p>
+			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+		</p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be set added to the <code class="filename">~/.bashrc</code> file to make the change permanent.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>certutil (1)</p><p>modutil (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</p></li></ul></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/pp.html b/nss/doc/html/pp.html
new file mode 100644
index 0000000..b9b8ed6
--- /dev/null
+++ b/nss/doc/html/pp.html
@@ -0,0 +1,7 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="PP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">PP</th></tr></table><hr></div><div class="refentry"><a name="pp"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>pp — Prints certificates, keys, crls, and pkcs7 files</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">pp -t type [-a] [-i input] [-o output] [-u] [-w]</code> </p></div></div><div class="refsection"><a name="idm226689875920"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="idm226686118544"></a><h2>Description</h2><p><span class="command"><strong>pp </strong></span>pretty-prints private and public key, certificate, certificate-request,
+                     pkcs7 or crl files
+    </p></div><div class="refsection"><a name="idm226686116608"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-t </code> <em class="replaceable"><code>type</code></em></span></dt><dd><p class="simpara">specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</p><p class="simpara"></p></dd><dt><span class="term"><code class="option">-a </code></span></dt><dd>Input is in ascii encoded form (RFC1113)</dd><dt><span class="term"><code class="option">-i </code> <em class="replaceable"><code>inputfile</code></em></span></dt><dd>Define an input file to use (default is stdin)</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>outputfile</code></em></span></dt><dd>Define an output file to use (default is stdout)</dd><dt><span class="term"><code class="option">-u </code> </span></dt><dd>Use UTF-8 (default is to show non-ascii as .)</dd><dt><span class="term"><code class="option">-w </code> </span></dt><dd>Don't wrap long output lines</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <a class="ulink" href="http://pki.fedoraproject.org/wiki/" target="_top">PKI Wiki</a>. </p><p>For information specifically about NSS, the NSS project wiki is located at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">Mozilla NSS site</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: pki-devel@redhat.com and pki-users@redhat.com</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/signtool.html b/nss/doc/html/signtool.html
new file mode 100644
index 0000000..84568e1
--- /dev/null
+++ b/nss/doc/html/signtool.html
@@ -0,0 +1,284 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>signtool</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="signtool"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">signtool</th></tr></table><hr></div><div class="refentry"><a name="signtool"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signtool — Digitally sign objects and files.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code>  [[-b basename]] [[-c Compression Level] ] [[-d cert-dir] ] [[-e extension] ] [[-f filename] ] [[-i installer script] ] [[-h]] [[-H]] [[-v]] [[-w]] [[-G nickname]] [[-J]] [[-j directory] ] [-k keyName] [[--keysize | -s size]] [[-l]] [[-L]] [[-M]] [[-m metafile] ] [[--norecurse] ] [[-O] ] [[-o] ] [[--outfile] ] [[-p password] ] [[-t|--token tokenname] ] [[-z] ] [[-X] ] [[-x name] ] [[--verbose value] ] [[--leavearc] ] [[-Z jarfile] ] [directory-tree] [archive]</p></div></div><div class="refsection"><a name="idm233257546416"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signing Tool, <span class="command"><strong>signtool</strong></span>, creates digital signatures and uses a Java Archive (JAR) file to associate the signatures with files in a directory. Electronic software distribution over any network involves potential security problems. To help address some of these problems, you can associate digital signatures with the files in a JAR archive. Digital signatures allow SSL-enabled clients to perform two important operations:</p><p>* Confirm the identity of the individual, company, or other entity whose digital signature is associated with the files</p><p>* Check whether the files have been tampered with since being signed</p><p>If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file. An object-signing certificate is a special kind of certificate that allows you to associate your digital signature with one or more files.</p><p>An individual file can potentially be signed with multiple digital signatures. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company. A network administrator manager might sign the same files with an additional digital signature based on a company-generated certificate to indicate that the product is approved for use within the company.</p><p>The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have signed a file, it is difficult to claim later that you didn't sign it. In some situations, a digital signature may be considered as legally binding as a handwritten signature. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute.</p><p>For example, if you are a software developer, you should test your code to make sure it is virus-free before signing it. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it.</p><p>Before you can use Netscape Signing Tool to sign files, you must have an object-signing certificate, which is a special certificate whose associated private key is used to create digital signatures. For testing purposes only, you can create an object-signing certificate with Netscape Signing Tool 1.3. When testing is finished and you are ready to disitribute your software, you should obtain an object-signing certificate from one of two kinds of sources:</p><p>* An independent certificate authority (CA) that authenticates your identity and charges you a fee. You typically get a certificate from an independent CA if you want to sign software that will be distributed over the Internet.</p><p>* CA server software running on your corporate intranet or extranet. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object-signing certificates.</p><p>You must also have a certificate for the CA that issues your signing certificate before you can sign files. If the certificate authority's certificate isn't already installed in your copy of Communicator, you typically install it by clicking the appropriate link on the certificate authority's web site, for example on the page from which you initiated enrollment for your signing certificate. This is the case for some test certificates, as well as certificates issued by Netscape Certificate Management System: you must download the the CA certificate in addition to obtaining your own signing certificate. CA certificates for several certificate authorities are preinstalled in the Communicator certificate database.</p><p>When you receive an object-signing certificate for your own use, it is automatically installed in your copy of the Communicator client software. Communicator supports the public-key cryptography standard known as PKCS #12, which governs key portability. You can, for example, move an object-signing certificate and its associated private key from one computer to another on a credit-card-sized device called a smart card.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-b basename</span></dt><dd><p>Specifies the base filename for the .rsa and .sf files in the META-INF directory to conform with the JAR format. For example, <span class="emphasis"><em>-b signatures</em></span> causes the files to be named signatures.rsa and signatures.sf. The default is signtool.</p></dd><dt><span class="term">-c#</span></dt><dd><p>
+	Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes.
+
+If the -c# option is not used with either the -J or the -Z option, the default compression value used by both the -J and -Z options is 6.
+</p></dd><dt><span class="term">-d certdir</span></dt><dd><p>
+	Specifies your certificate database directory; that is, the directory in which you placed your key3.db and cert7.db files. To specify the current directory, use "-d." (including the period).
+
+The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT version of signtool always requires the use of the -d option to specify where the database files are located.
+</p></dd><dt><span class="term">-e extension</span></dt><dd><p>
+	Tells signtool to sign only files with the given extension; for example, use -e".class" to sign only Java class files. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify multiple file types or classes to include.
+</p></dd><dt><span class="term">-f commandfile</span></dt><dd><p>
+	Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques".
+</p></dd><dt><span class="term">-G nickname</span></dt><dd><p>
+	Generates a new private-public key pair and corresponding object-signing certificate with the given nickname.
+
+The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert.
+
+Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects.
+
+The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token.
+        </p></dd><dt><span class="term">-i scriptname</span></dt><dd><p>
+Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script.
+        </p></dd><dt><span class="term">-J</span></dt><dd><p>
+Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once.
+
+The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option.
+
+If the -c# option is not used with the -J option, the default compression value is 6.
+
+Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages.
+          </p></dd><dt><span class="term">-j directory</span></dt><dd><p>
+	Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT.
+</p></dd><dt><span class="term">-k key ... directory</span></dt><dd><p>
+	Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write
+
+signtool -k MyCert -d . signdir
+
+You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform.
+
+It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate.
+</p></dd><dt><span class="term">-l</span></dt><dd><p>
+	Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate.
+
+The -l option is available in Netscape Signing Tool 1.0 and later versions only.
+</p></dd><dt><span class="term">-L</span></dt><dd><p>
+	Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool.
+</p></dd><dt><span class="term">--leavearc</span></dt><dd><p>
+	Retains the temporary .arc (archive) directories that the -J option creates. These directories are automatically erased by default. Retaining the temporary directories can be an aid to debugging.
+</p></dd><dt><span class="term">-m metafile</span></dt><dd><p>
+	Specifies the name of a metadata control file. Metadata is signed information attached either to the JAR archive itself or to files within the archive. This metadata can be any ASCII string, but is used mainly for specifying an installer script.
+
+The metadata file contains one entry per line, each with three fields:
+
+field #1: file specification, or + if you want to specify global metadata (that is, metadata about the JAR archive itself or all entries in the archive)
+field #2: the name of the data you are specifying; for example: Install-Script
+field #3: data corresponding to the name in field #2
+
+For example, the -i option uses the equivalent of this line:
+
++ Install-Script: script.js
+
+
+This example associates a MIME type with a file:
+
+movie.qt MIME-Type: video/quicktime
+
+For information about the way installer script information appears in the manifest file for a JAR archive, see The JAR Format on Netscape DevEdge.
+</p></dd><dt><span class="term">-M</span></dt><dd><p>
+	Lists the PKCS #11 modules available to signtool, including smart cards.
+
+The -M option is available in Netscape Signing Tool 1.0 and later versions only.
+
+For information on using Netscape Signing Tool with smart cards, see "Using Netscape Signing Tool with Smart Cards".
+
+For information on using the -M option to verify FIPS-140-1 validated mode, see "Netscape Signing Tool and FIPS-140-1".
+</p></dd><dt><span class="term">--norecurse</span></dt><dd><p>
+	Blocks recursion into subdirectories when signing a directory's contents or when parsing HTML.
+</p></dd><dt><span class="term">-o</span></dt><dd><p>
+	Optimizes the archive for size. Use this only if you are signing very large archives containing hundreds of files. This option makes the manifest files (required by the JAR format) considerably smaller, but they contain slightly less information.
+</p></dd><dt><span class="term">--outfile outputfile</span></dt><dd><p>
+	Specifies a file to receive redirected output from Netscape Signing Tool.
+</p></dd><dt><span class="term">-p password</span></dt><dd><p>
+	Specifies a password for the private-key database. Note that the password entered on the command line is displayed as plain text.
+</p></dd><dt><span class="term">-s keysize</span></dt><dd><p>
+	Specifies the size of the key for generated certificate. Use the -M option to find out what tokens are available.
+
+The -s option can be used with the -G option only.
+</p></dd><dt><span class="term">-t token</span></dt><dd><p>
+	Specifies which available token should generate the key and receive the certificate. Use the -M option to find out what tokens are available.
+
+The -t option can be used with the -G option only.
+</p></dd><dt><span class="term">-v archive</span></dt><dd><p>
+	Displays the contents of an archive and verifies the cryptographic integrity of the digital signatures it contains and the files with which they are associated. This includes checking that the certificate for the issuer of the object-signing certificate is listed in the certificate database, that the CA's digital signature on the object-signing certificate is valid, that the relevant certificates have not expired, and so on.
+</p></dd><dt><span class="term">--verbosity value</span></dt><dd><p>
+	Sets the quantity of information Netscape Signing Tool generates in operation. A value of 0 (zero) is the default and gives full information. A value of -1 suppresses most messages, but not error messages.
+</p></dd><dt><span class="term">-w archive</span></dt><dd><p>
+	Displays the names of signers of any files in the archive.
+</p></dd><dt><span class="term">-x directory</span></dt><dd><p>
+	Excludes the specified directory from signing. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify several particular directories to exclude.
+</p></dd><dt><span class="term">-z</span></dt><dd><p>
+	Tells signtool not to store the signing time in the digital signature. This option is useful if you want the expiration date of the signature checked against the current date and time rather than the time the files were signed.
+</p></dd><dt><span class="term">-Z jarfile</span></dt><dd><p>
+	Creates a JAR file with the specified name. You must specify this option if you want signtool to create the JAR file; it does not do so automatically. If you don't specify -Z, you must use an external ZIP tool to create the JAR file.
+
+The -Z option cannot be used at the same time as the -J option.
+
+If the -c# option is not used with the -Z option, the default compression value is 6.</p></dd></dl></div></div><div class="refsection"><a name="command-file"></a><h2>The Command File Format</h2><p>Entries in a Netscape Signing Tool command file have this general format:
+keyword=value
+
+Everything before the = sign on a single line is a keyword, and everything from the = sign to the end of line is a value. The value may include = signs; only the first = sign on a line is interpreted. Blank lines are ignored, but white space on a line with keywords and values is assumed to be part of the keyword (if it comes before the equal sign) or part of the value (if it comes after the first equal sign). Keywords are case insensitive, values are generally case sensitive. Since the = sign and newline delimit the value, it should not be quoted. </p><p><span class="command"><strong>Subsection</strong></span></p><div class="variablelist"><dl class="variablelist"><dt><span class="term">basename</span></dt><dd><p>Same as -b option.</p></dd><dt><span class="term">compression</span></dt><dd><p>
+	Same as -c option.
+</p></dd><dt><span class="term">certdir</span></dt><dd><p>
+	Same as -d option.
+</p></dd><dt><span class="term">extension</span></dt><dd><p>
+	Same as -e option.
+</p></dd><dt><span class="term">generate</span></dt><dd><p>
+	Same as -G option.
+</p></dd><dt><span class="term">installscript</span></dt><dd><p>
+	Same as -i option.
+</p></dd><dt><span class="term">javascriptdir</span></dt><dd><p>
+	Same as -j option.
+</p></dd><dt><span class="term">htmldir</span></dt><dd><p>
+	Same as -J option.
+</p></dd><dt><span class="term">certname</span></dt><dd><p>
+	Nickname of certificate, as with -k and -l -k options.
+</p></dd><dt><span class="term">signdir</span></dt><dd><p>
+	The directory to be signed, as with -k option.
+</p></dd><dt><span class="term">list</span></dt><dd><p>
+	Same as -l option. Value is ignored, but = sign must be present.
+</p></dd><dt><span class="term">listall</span></dt><dd><p>
+	Same as -L option. Value is ignored, but = sign must be present.
+</p></dd><dt><span class="term">metafile</span></dt><dd><p>
+	Same as -m option.
+</p></dd><dt><span class="term">modules</span></dt><dd><p>
+	Same as -M option. Value is ignored, but = sign must be present.
+</p></dd><dt><span class="term">optimize</span></dt><dd><p>
+	Same as -o option. Value is ignored, but = sign must be present.
+</p></dd><dt><span class="term">password</span></dt><dd><p>
+	Same as -p option.
+</p></dd><dt><span class="term">keysize</span></dt><dd><p>
+	Same as -s option.
+</p></dd><dt><span class="term">token</span></dt><dd><p>
+	Same as -t option.
+</p></dd><dt><span class="term">verify</span></dt><dd><p>
+	Same as -v option.
+</p></dd><dt><span class="term">who</span></dt><dd><p>
+	Same as -w option.
+</p></dd><dt><span class="term">exclude</span></dt><dd><p>
+	Same as -x option.
+</p></dd><dt><span class="term">notime</span></dt><dd><p>
+	Same as -z option. value is ignored, but = sign must be present.
+</p></dd><dt><span class="term">jarfile</span></dt><dd><p>
+	Same as -Z option.
+</p></dd><dt><span class="term">outfile</span></dt><dd><p>
+	Name of a file to which output and error messages will be redirected. This option has no command-line equivalent.
+	</p></dd></dl></div></div><div class="refsection"><a name="examples"></a><h2>Extended Examples</h2><p>The following example will do this and that
+    </p><p><span class="command"><strong>Listing Available Signing Certificates</strong></span></p><p>You use the -L option to list the nicknames for all available certificates and check which ones are signing certificates.</p><pre class="programlisting">signtool -L 
+
+using certificate directory: /u/jsmith/.netscape 
+S Certificates 
+- ------------ 
+  BBN Certificate Services CA Root 1 
+  IBM World Registry CA 
+  VeriSign Class 1 CA - Individual Subscriber - VeriSign, Inc. 
+  GTE CyberTrust Root CA 
+  Uptime Group Plc. Class 4 CA 
+* Verisign Object Signing Cert 
+  Integrion CA 
+  GTE CyberTrust Secure Server CA 
+  AT&amp;T Directory Services 
+* test object signing cert 
+  Uptime Group Plc. Class 1 CA 
+  VeriSign Class 1 Primary CA 
+- ------------
+
+Certificates that can be used to sign objects have *'s to their left. </pre><p>Two signing certificates are displayed: Verisign Object Signing Cert and test object signing cert.</p><p>You use the -l option to get a list of signing certificates only, including the signing CA for each.</p><pre class="programlisting">signtool -l
+
+using certificate directory: /u/jsmith/.netscape
+Object signing certificates
+---------------------------------------
+
+Verisign Object Signing Cert
+    Issued by: VeriSign, Inc. - Verisign, Inc.
+    Expires: Tue May 19, 1998
+test object signing cert
+    Issued by: test object signing cert (Signtool 1.0 Testing 
+Certificate (960187691))
+    Expires: Sun May 17, 1998
+---------------------------------------</pre><p>For a list including CAs, use the <code class="option">-L</code> option.</p><p><span class="command"><strong>Signing a File</strong></span></p><p>1. Create an empty directory.</p><pre class="programlisting">mkdir signdir</pre><p>2. Put some file into it.</p><pre class="programlisting">echo boo &gt; signdir/test.f</pre><p>3. Specify the name of your object-signing certificate and sign the directory.</p><pre class="programlisting">signtool -k MySignCert -Z testjar.jar signdir
+
+using key "MySignCert"
+using certificate directory: /u/jsmith/.netscape
+Generating signdir/META-INF/manifest.mf file..
+--&gt; test.f
+adding signdir/test.f to testjar.jar
+Generating signtool.sf file..
+Enter Password or Pin for "Communicator Certificate DB":
+
+adding signdir/META-INF/manifest.mf to testjar.jar
+adding signdir/META-INF/signtool.sf to testjar.jar
+adding signdir/META-INF/signtool.rsa to testjar.jar
+
+tree "signdir" signed successfully</pre><p>4. Test the archive you just created.</p><pre class="programlisting">signtool -v testjar.jar
+
+using certificate directory: /u/jsmith/.netscape
+archive "testjar.jar" has passed crypto verification.
+           status   path
+     ------------   -------------------
+         verified   test.f</pre><p><span class="command"><strong>Using Netscape Signing Tool with a ZIP Utility</strong></span></p><p>To use Netscape Signing Tool with a ZIP utility, you must have the utility in your path environment variable. You should use the zip.exe utility rather than pkzip.exe, which cannot handle long filenames. You can use a ZIP utility instead of the -Z option to package a signed archive into a JAR file after you have signed it:</p><pre class="programlisting">cd signdir 
+
+  zip -r ../myjar.jar * 
+  adding: META-INF/ (stored 0%) 
+  adding: META-INF/manifest.mf (deflated 15%) 
+  adding: META-INF/signtool.sf (deflated 28%) 
+  adding: META-INF/signtool.rsa (stored 0%) 
+  adding: text.txt (stored 0%)</pre><p><span class="command"><strong>Generating the Keys and Certificate</strong></span></p><p>The signtool option -G generates a new public-private key pair and certificate. It takes the nickname of the new certificate as an argument. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert.</p><p>Certificates contain standard information about the entity they identify, such as the common name and organization name. Netscape Signing Tool prompts you for this information when you run the command with the -G option. However, all of the requested fields are optional for test certificates. If you do not enter a common name, the tool provides a default name. In the following example, the user input is in boldface:</p><pre class="programlisting">signtool -G MyTestCert
+
+using certificate directory: /u/someuser/.netscape
+Enter certificate information. All fields are optional. Acceptable
+characters are numbers, letters, spaces, and apostrophes.
+certificate common name: Test Object Signing Certificate
+organization: Netscape Communications Corp.
+organization unit: Server Products Division
+state or province: California
+country (must be exactly 2 characters): US
+username: someuser
+email address: someuser@netscape.com
+Enter Password or Pin for "Communicator Certificate DB": [Password will not echo]
+generated public/private key pair
+certificate request generated
+certificate has been signed
+certificate "MyTestCert" added to database
+Exported certificate to x509.raw and x509.cacert.</pre><p>The certificate information is read from standard input. Therefore, the information can be read from a file using the redirection operator (&lt;) in some operating systems. To create a file for this purpose, enter each of the seven input fields, in order, on a separate line. Make sure there is a newline character at the end of the last line. Then run signtool with standard input redirected from your file as follows:</p><pre class="programlisting">signtool -G MyTestCert inputfile</pre><p>The prompts show up on the screen, but the responses will be automatically read from the file. The password will still be read from the console unless you use the -p option to give the password on the command line.</p><p><span class="command"><strong>Using the -M Option to List Smart Cards</strong></span></p><p>You can use the -M option to list the PKCS #11 modules, including smart cards, that are available to signtool:</p><pre class="programlisting">signtool -d "c:\netscape\users\jsmith" -M
+
+using certificate directory: c:\netscape\users\username
+Listing of PKCS11 modules 
+----------------------------------------------- 
+	1. Netscape Internal PKCS #11 Module 
+			  (this module is internally loaded) 
+			  slots: 2 slots attached 
+			  status: loaded 
+	  slot: Communicator Internal Cryptographic Services Version 4.0 
+	 token: Communicator Generic Crypto Svcs 
+	  slot: Communicator User Private Key and Certificate Services 
+	 token: Communicator Certificate DB 
+	2. CryptOS 
+			  (this is an external module) 
+ DLL name: core32 
+	 slots: 1 slots attached 
+	status: loaded 
+	  slot: Litronic 210 
+	 token: 
+	----------------------------------------------- </pre><p><span class="command"><strong>Using Netscape Signing Tool and a Smart Card to Sign Files</strong></span></p><p>The signtool command normally takes an argument of the -k option to specify a signing certificate. To sign with a smart card, you supply only the fully qualified name of the certificate.</p><p>To see fully qualified certificate names when you run Communicator, click the Security button in Navigator, then click Yours under Certificates in the left frame. Fully qualified names are of the format smart card:certificate, for example "MyCard:My Signing Cert". You use this name with the -k argument as follows:</p><pre class="programlisting">signtool -k "MyCard:My Signing Cert" directory</pre><p><span class="command"><strong>Verifying FIPS Mode</strong></span></p><p>Use the -M option to verify that you are using the FIPS-140-1 module.</p><pre class="programlisting">signtool -d "c:\netscape\users\jsmith" -M
+
+using certificate directory: c:\netscape\users\jsmith
+Listing of PKCS11 modules
+-----------------------------------------------
+  1. Netscape Internal PKCS #11 Module
+          (this module is internally loaded)
+          slots: 2 slots attached
+          status: loaded
+    slot: Communicator Internal Cryptographic Services Version 4.0
+   token: Communicator Generic Crypto Svcs
+    slot: Communicator User Private Key and Certificate Services
+   token: Communicator Certificate DB
+-----------------------------------------------</pre><p>This Unix example shows that Netscape Signing Tool is using a FIPS-140-1 module:</p><pre class="programlisting">signtool -d "c:\netscape\users\jsmith" -M
+using certificate directory: c:\netscape\users\jsmith
+Enter Password or Pin for "Communicator Certificate DB": [password will not echo]
+Listing of PKCS11 modules
+-----------------------------------------------
+1. Netscape Internal FIPS PKCS #11 Module
+(this module is internally loaded)
+slots: 1 slots attached
+status: loaded
+slot: Netscape Internal FIPS-140-1 Cryptographic Services
+token: Communicator Certificate DB
+-----------------------------------------------</pre></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>signver (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+				https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
+				https://wiki.mozilla.org/NSS_Shared_DB
+			</p></li></ul></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/signver.html b/nss/doc/html/signver.html
new file mode 100644
index 0000000..ade57de
--- /dev/null
+++ b/nss/doc/html/signver.html
@@ -0,0 +1,33 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SIGNVER</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SIGNVER"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SIGNVER</th></tr></table><hr></div><div class="refentry"><a name="signver"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>signver — Verify a detached PKCS#7 signature for a file.</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">signtool</code>    -A  |   -V    -d <em class="replaceable"><code>directory</code></em>  [-a] [-i <em class="replaceable"><code>input_file</code></em>] [-o <em class="replaceable"><code>output_file</code></em>] [-s <em class="replaceable"><code>signature_file</code></em>] [-v]</p></div></div><div class="refsection"><a name="idm233257229808"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The Signature Verification Tool, <span class="command"><strong>signver</strong></span>, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-A</span></dt><dd><p>Displays all of the information in the PKCS#7 signature.</p></dd><dt><span class="term">-V</span></dt><dd><p>Verifies the digital signature.</p></dd><dt><span class="term">-d [sql:]<span class="emphasis"><em>directory</em></span></span></dt><dd><p>Specify the database directory which contains the certificates and keys.</p><p><span class="command"><strong>signver</strong></span> supports two types of databases: the legacy security databases (<code class="filename">cert8.db</code>, <code class="filename">key3.db</code>, and <code class="filename">secmod.db</code>) and new SQLite databases (<code class="filename">cert9.db</code>, <code class="filename">key4.db</code>, and <code class="filename">pkcs11.txt</code>). If the prefix <span class="command"><strong>sql:</strong></span> is not used, then the tool assumes that the given databases are in the old format.</p></dd><dt><span class="term">-a</span></dt><dd><p>Sets that the given signature file is in ASCII format.</p></dd><dt><span class="term">-i <span class="emphasis"><em>input_file</em></span></span></dt><dd><p>Gives the input file for the object with signed data.</p></dd><dt><span class="term">-o <span class="emphasis"><em>output_file</em></span></span></dt><dd><p>Gives the output file to which to write the results.</p></dd><dt><span class="term">-s <span class="emphasis"><em>signature_file</em></span></span></dt><dd><p>Gives the input file for the digital signature.</p></dd><dt><span class="term">-v</span></dt><dd><p>Enables verbose output.</p></dd></dl></div></div><div class="refsection"><a name="examples"></a><h2>Extended Examples</h2><div class="refsection"><a name="idm233261091008"></a><h3>Verifying a Signature</h3><p>The <code class="option">-V</code> option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).</p><pre class="programlisting">signver -V -s <em class="replaceable"><code>signature_file</code></em> -i <em class="replaceable"><code>signed_file</code></em> -d sql:/home/my/sharednssdb
+
+signatureValid=yes</pre></div><div class="refsection"><a name="idm233261087840"></a><h3>Printing Signature Data</h3><p>
+			The <code class="option">-A</code> option prints all of the information contained in a signature file. Using the <code class="option">-o</code> option prints the signature file information to the given output file rather than stdout.
+		</p><pre class="programlisting">signver -A -s <em class="replaceable"><code>signature_file</code></em> -o <em class="replaceable"><code>output_file</code></em></pre></div></div><div class="refsection"><a name="databases"></a><h2>NSS Database Types</h2><p>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <span class="emphasis"><em>legacy</em></span> databases are:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert8.db for certificates
+		</p></li><li class="listitem"><p>
+			key3.db for keys
+		</p></li><li class="listitem"><p>
+			secmod.db for PKCS #11 module information
+		</p></li></ul></div><p>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</p><p>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkleyDB. These new databases provide more accessibility and performance:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			cert9.db for certificates
+		</p></li><li class="listitem"><p>
+			key4.db for keys
+		</p></li><li class="listitem"><p>
+			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+		</p></li></ul></div><p>Because the SQLite databases are designed to be shared, these are the <span class="emphasis"><em>shared</em></span> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</p><p>By default, the tools (<span class="command"><strong>certutil</strong></span>, <span class="command"><strong>pk12util</strong></span>, <span class="command"><strong>modutil</strong></span>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <span class="command"><strong>sql:</strong></span> prefix with the given security directory. For example:</p><pre class="programlisting"># signver -A -s <em class="replaceable"><code>signature</code></em> -d sql:/home/my/sharednssdb</pre><p>To set the shared database type as the default type for the tools, set the <code class="envar">NSS_DEFAULT_DB_TYPE</code> environment variable to <code class="envar">sql</code>:</p><pre class="programlisting">export NSS_DEFAULT_DB_TYPE="sql"</pre><p>This line can be added to the <code class="filename">~/.bashrc</code> file to make the change permanent for the user.</p><p>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li></ul></div><p>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</p></li></ul></div></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>signtool (1)</p><p>The NSS wiki has information on the new database design and how to configure applications to use it.</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Setting up the shared NSS database</p><p>https://wiki.mozilla.org/NSS_Shared_DB_Howto</p></li><li class="listitem"><p>
+				Engineering and technical information about the shared NSS database
+			</p><p>
+				https://wiki.mozilla.org/NSS_Shared_DB
+			</p></li></ul></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/ssltap.html b/nss/doc/html/ssltap.html
new file mode 100644
index 0000000..e69b375
--- /dev/null
+++ b/nss/doc/html/ssltap.html
@@ -0,0 +1,417 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SSLTAP</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="SSLTAP"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SSLTAP</th></tr></table><hr></div><div class="refentry"><a name="ssltap"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ssltap — Tap into SSL connections and display the data going by </p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">ssltap</code>  [-fhlsvx] [-p port] [hostname:port]</p></div></div><div class="refsection"><a name="idm233258230400"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The SSL Debugging Tool <span class="command"><strong>ssltap</strong></span> is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term">-f </span></dt><dd><p>
+Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. 
+        </p></dd><dt><span class="term">-h </span></dt><dd><p>
+Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. 
+        </p></dd><dt><span class="term">-l  prefix</span></dt><dd><p>
+Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete.
+          </p></dd><dt><span class="term">-p  port</span></dt><dd><p>Change the default rendezvous port (1924) to another port.</p><p>The following are well-known port numbers:</p><p>
+          * HTTP   80
+          </p><p>
+	      * HTTPS  443
+	      </p><p>
+          * SMTP   25
+          </p><p>
+          * FTP    21
+          </p><p>
+          * IMAP   143
+          </p><p>
+          * IMAPS  993 (IMAP over SSL)
+          </p><p>
+          * NNTP   119
+          </p><p>
+          * NNTPS  563 (NNTP over SSL) 
+          </p></dd><dt><span class="term">-s </span></dt><dd><p>
+Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures.
+	  </p><p>
+If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate.
+	  </p><p>
+If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output.
+          </p></dd><dt><span class="term">-v </span></dt><dd><p>Print a version string for the tool.</p></dd><dt><span class="term">-x </span></dt><dd><p>Turn on extra SSL hex dumps.</p></dd></dl></div></div><div class="refsection"><a name="basic-usage"></a><h2>Usage and Examples</h2><p>
+You can use the SSL Debugging Tool to intercept any connection information. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful. For example, assume your development machine is called intercept. The simplest way to use the debugging tool is to execute the following command from a command shell:
+      </p><pre class="programlisting">$ ssltap www.netscape.com</pre><p>
+The program waits for an incoming connection on the default port 1924. In your browser window, enter the URL http://intercept:1924. The browser retrieves the requested page from the server at www.netscape.com, but the page is intercepted and passed on to the browser by the debugging tool on intercept. On its way to the browser, the data is printed to the command shell from which you issued the command. Data sent from the client to the server is surrounded by the following symbols: --&gt; [ data ] Data sent from the server to the client is surrounded by the following symbols: 
+"left arrow"-- [ data ] The raw data stream is sent to standard output and is not interpreted in any way. This can result in peculiar effects, such as sounds, flashes, and even crashes of the command shell window. To output a basic, printable interpretation of the data, use the -h option, or, if you are looking at an SSL connection, the -s option. You will notice that the page you retrieved looks incomplete in the browser. This is because, by default, the tool closes down after the first connection is complete, so the browser is not able to load images. To make the tool 
+continue to accept connections, switch on looping mode with the -l option. The following examples show the output from commonly used combinations of options.
+      </p><p>Example 1 </p><pre class="programlisting">$ ssltap.exe -sx -p 444 interzone.mcom.com:443 &gt; sx.txt</pre><p>Output </p><pre class="programlisting">
+Connected to interzone.mcom.com:443
+--&gt;; [
+alloclen = 66 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher-specs-length = 39 (0x27)
+            sid-length = 0 (0x00)
+            challenge-length = 16 (0x10)
+            cipher-suites = {
+
+                (0x010080) SSL2/RSA/RC4-128/MD5
+                  (0x020080) SSL2/RSA/RC4-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x040080) SSL2/RSA/RC2CBC40/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4-128/MD5
+                  (0x00ffe0) SSL3/RSA-FIPS/3DES192EDE-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
+                  (0x00ffe1) SSL3/RSA-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4-40/MD5
+                  (0x000006) SSL3/RSA/RC2CBC40/MD5
+                  }
+            session-id = { }
+            challenge = { 0xec5d 0x8edb 0x37c9 0xb5c9 0x7b70 0x8fe9 0xd1d3
+
+0x2592 }
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 16 03 00 03  e5                                   |.....
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 997 (0x3e5)
+   handshake {
+   0: 02 00 00 46                                      |...F
+      type = 2 (server_hello)
+      length = 70 (0x000046)
+            ServerHello {
+            server_version = {3, 0}
+            random = {...}
+   0: 77 8c 6e 26  6c 0c ec c0  d9 58 4f 47  d3 2d 01 45  |
+wn&amp;l.ì..XOG.-.E
+   10: 5c 17 75 43  a7 4c 88 c7  88 64 3c 50  41 48 4f 7f  |
+
+\.uC§L.Ç.d&lt;PAHO.
+                  session ID = {
+                  length = 32
+
+                contents = {..}
+   0: 14 11 07 a8  2a 31 91 29  11 94 40 37  57 10 a7 32  | ...¨*1.)..@7W.§2
+   10: 56 6f 52 62  fe 3d b3 65  b1 e4 13 0f  52 a3 c8 f6  | VoRbþ=³e±...R£È.
+         }
+               cipher_suite = (0x0003) SSL3/RSA/RC4-40/MD5
+         }
+   0: 0b 00 02 c5                                      |...Ã…
+      type = 11 (certificate)
+      length = 709 (0x0002c5)
+            CertificateChain {
+            chainlength = 706 (0x02c2)
+               Certificate {
+            size = 703 (0x02bf)
+               data = { saved in file 'cert.001' }
+            }
+         }
+   0: 0c 00 00 ca                                      |....
+         type = 12 (server_key_exchange)
+         length = 202 (0x0000ca)
+   0: 0e 00 00 00                                      |....
+         type = 14 (server_hello_done)
+         length = 0 (0x000000)
+   }
+}
+]
+--&gt; [
+SSLRecord {
+   0: 16 03 00 00  44                                   |....D
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 68 (0x44)
+   handshake {
+   0: 10 00 00 40                                      |...@
+   type = 16 (client_key_exchange)
+   length = 64 (0x000040)
+         ClientKeyExchange {
+            message = {...}
+         }
+   }
+}
+]
+--&gt; [
+SSLRecord {
+   0: 14 03 00 00  01                                   |.....
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+   0: 01                                               |.
+}
+SSLRecord {
+   0: 16 03 00 00  38                                   |....8
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               &lt; encrypted &gt;
+
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 14 03 00 00  01                                   |.....
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+   0: 01                                               |.
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 16 03 00 00  38                                   |....8
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+                  &lt; encrypted &gt;
+
+}
+]
+--&gt; [
+SSLRecord {
+   0: 17 03 00 01  1f                                   |.....
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 287 (0x11f)
+               &lt; encrypted &gt;
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 17 03 00 00  a0                                   |....
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 160 (0xa0)
+               &lt; encrypted &gt;
+
+}
+]
+&lt;-- [
+SSLRecord {
+0: 17 03 00 00  df                                   |....ß
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 223 (0xdf)
+               &lt; encrypted &gt;
+
+}
+SSLRecord {
+   0: 15 03 00 00  12                                   |.....
+   type    = 21 (alert)
+   version = { 3,0 }
+   length  = 18 (0x12)
+               &lt; encrypted &gt;
+}
+]
+Server socket closed.
+</pre><p>Example 2</p><p>
+The -s option turns on SSL parsing. Because the -x option is not used in this example, undecoded values are output as raw data. The output is routed to a text file.
+    </p><pre class="programlisting">$ ssltap -s  -p 444 interzone.mcom.com:443 &gt; s.txt</pre><p>Output </p><pre class="programlisting">
+Connected to interzone.mcom.com:443
+--&gt; [
+alloclen = 63 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher-specs-length = 36 (0x24)
+            sid-length = 0 (0x00)
+            challenge-length = 16 (0x10)
+            cipher-suites = {
+                  (0x010080) SSL2/RSA/RC4-128/MD5
+                  (0x020080) SSL2/RSA/RC4-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4-128/MD5
+                  (0x00ffe0) SSL3/RSA-FIPS/3DES192EDE-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
+                  (0x00ffe1) SSL3/RSA-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4-40/MD5
+                  }
+               session-id = { }
+            challenge = { 0x713c 0x9338 0x30e1 0xf8d6 0xb934 0x7351 0x200c
+0x3fd0 }
+]
+&gt;-- [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 997 (0x3e5)
+   handshake {
+         type = 2 (server_hello)
+         length = 70 (0x000046)
+            ServerHello {
+            server_version = {3, 0}
+            random = {...}
+            session ID = {
+               length = 32
+               contents = {..}
+               }
+               cipher_suite = (0x0003) SSL3/RSA/RC4-40/MD5
+            }
+         type = 11 (certificate)
+         length = 709 (0x0002c5)
+            CertificateChain {
+               chainlength = 706 (0x02c2)
+               Certificate {
+                  size = 703 (0x02bf)
+                  data = { saved in file 'cert.001' }
+               }
+            }
+         type = 12 (server_key_exchange)
+         length = 202 (0x0000ca)
+         type = 14 (server_hello_done)
+         length = 0 (0x000000)
+   }
+}
+]
+--&gt; [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 68 (0x44)
+   handshake {
+         type = 16 (client_key_exchange)
+         length = 64 (0x000040)
+            ClientKeyExchange {
+               message = {...}
+            }
+   }
+}
+]
+--&gt; [
+SSLRecord {
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+}
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               &gt; encrypted &gt;
+}
+]
+&gt;-- [
+SSLRecord {
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+}
+]
+&gt;-- [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               &gt; encrypted &gt;
+}
+]
+--&gt; [
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 287 (0x11f)
+               &gt; encrypted &gt;
+}
+]
+[
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 160 (0xa0)
+               &gt; encrypted &gt;
+}
+]
+&gt;-- [
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 223 (0xdf)
+               &gt; encrypted &gt;
+}
+SSLRecord {
+   type    = 21 (alert)
+   version = { 3,0 }
+   length  = 18 (0x12)
+               &gt; encrypted &gt;
+}
+]
+Server socket closed.
+</pre><p>Example 3</p><p>
+In this example, the -h option turns hex/ASCII format. There is no SSL parsing or decoding. The output is routed to a text file.
+    </p><pre class="programlisting">$ ssltap -h  -p 444 interzone.mcom.com:443 &gt; h.txt</pre><p>Output </p><pre class="programlisting">
+Connected to interzone.mcom.com:443
+--&gt; [
+   0: 80 40 01 03  00 00 27 00  00 00 10 01  00 80 02 00  | .@....'.........
+   10: 80 03 00 80  04 00 80 06  00 40 07 00  c0 00 00 04  | .........@......
+   20: 00 ff e0 00  00 0a 00 ff  e1 00 00 09  00 00 03 00  | ........á.......
+   30: 00 06 9b fe  5b 56 96 49  1f 9f ca dd  d5 ba b9 52  | ..þ[V.I.\xd9 ...º¹R
+   40: 6f 2d                                            |o-
+]
+&lt;-- [
+   0: 16 03 00 03  e5 02 00 00  46 03 00 7f  e5 0d 1b 1d  | ........F.......
+   10: 68 7f 3a 79  60 d5 17 3c  1d 9c 96 b3  88 d2 69 3b  | h.:y`..&lt;..³.Òi;
+   20: 78 e2 4b 8b  a6 52 12 4b  46 e8 c2 20  14 11 89 05  | x.K.¦R.KFè. ...
+   30: 4d 52 91 fd  93 e0 51 48  91 90 08 96  c1 b6 76 77  | MR.ý..QH.....¶vw
+   40: 2a f4 00 08  a1 06 61 a2  64 1f 2e 9b  00 03 00 0b  | *ô..¡.a¢d......
+   50: 00 02 c5 00  02 c2 00 02  bf 30 82 02  bb 30 82 02  | ..Ã…......0...0..
+   60: 24 a0 03 02  01 02 02 02  01 36 30 0d  06 09 2a 86  | $ .......60...*.
+   70: 48 86 f7 0d  01 01 04 05  00 30 77 31  0b 30 09 06  | H.÷......0w1.0..
+   80: 03 55 04 06  13 02 55 53  31 2c 30 2a  06 03 55 04  | .U....US1,0*..U.
+   90: 0a 13 23 4e  65 74 73 63  61 70 65 20  43 6f 6d 6d  | ..#Netscape Comm
+   a0: 75 6e 69 63  61 74 69 6f  6e 73 20 43  6f 72 70 6f  | unications Corpo
+   b0: 72 61 74 69  6f 6e 31 11  30 0f 06 03  55 04 0b 13  | ration1.0...U...
+   c0: 08 48 61 72  64 63 6f 72  65 31 27 30  25 06 03 55  | .Hardcore1'0%..U
+   d0: 04 03 13 1e  48 61 72 64  63 6f 72 65  20 43 65 72  | ....Hardcore Cer
+   e0: 74 69 66 69  63 61 74 65  20 53 65 72  76 65 72 20  | tificate Server
+   f0: 49 49 30 1e  17 0d 39 38  30 35 31 36  30 31 30 33  | II0...9805160103
+&lt;additional data lines&gt;
+]
+&lt;additional records in same format&gt;
+Server socket closed.
+</pre><p>Example 4</p><p>
+In this example, the -s option turns on SSL parsing, and the -h option turns on hex/ASCII format. 
+Both formats are shown for each record. The output is routed to a text file.
+      </p><pre class="programlisting">$ ssltap -hs -p 444 interzone.mcom.com:443 &gt; hs.txt</pre><p>Output </p><pre class="programlisting">
+Connected to interzone.mcom.com:443
+--&gt; [
+   0: 80 3d 01 03  00 00 24 00  00 00 10 01  00 80 02 00  | .=....$.........
+   10: 80 03 00 80  04 00 80 06  00 40 07 00  c0 00 00 04  | .........@......
+   20: 00 ff e0 00  00 0a 00 ff  e1 00 00 09  00 00 03 03  | ........á.......
+   30: 55 e6 e4 99  79 c7 d7 2c  86 78 96 5d  b5 cf e9     |U..yÇ\xb0 ,.x.]µ�é
+alloclen = 63 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher-specs-length = 36 (0x24)
+            sid-length = 0 (0x00)
+            challenge-length = 16 (0x10)
+            cipher-suites = {
+                  (0x010080) SSL2/RSA/RC4-128/MD5
+                  (0x020080) SSL2/RSA/RC4-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x040080) SSL2/RSA/RC2CBC40/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4-128/MD5
+                  (0x00ffe0) SSL3/RSA-FIPS/3DES192EDE-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
+                  (0x00ffe1) SSL3/RSA-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4-40/MD5
+                  }
+            session-id = { }
+            challenge = { 0x0355 0xe6e4 0x9979 0xc7d7 0x2c86 0x7896 0x5db
+
+0xcfe9 }
+}
+]
+&lt;additional records in same formats&gt;
+Server socket closed.
+</pre></div><div class="refsection"><a name="usage-tips"></a><h2>Usage Tips</h2><p>
+When SSL restarts a previous session, it makes use of cached information to do a partial handshake. 
+If you wish to capture a full SSL handshake, restart the browser to clear the session id cache.
+      </p><p>
+If you run the tool on a machine other than the SSL server to which you are trying to connect, 
+the browser will complain that the host name you are trying to connect to is different from the certificate. 
+If you are using the default BadCert callback, you can still connect through a dialog. If you are not using 
+the default BadCert callback, the one you supply must allow for this possibility.
+      </p></div><div class="refsection"><a name="seealso"></a><h2>See Also</h2><p>The NSS Security Tools are also documented at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/tools" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>.</p></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/vfychain.html b/nss/doc/html/vfychain.html
new file mode 100644
index 0000000..a360836
--- /dev/null
+++ b/nss/doc/html/vfychain.html
@@ -0,0 +1,26 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYCHAIN</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYCHAIN"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYCHAIN</th></tr></table><hr></div><div class="refentry"><a name="vfychain"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfychain  — vfychain [options] [revocation options] certfile [[options] certfile] ...</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfychain</code> </p></div></div><div class="refsection"><a name="idm233261246224"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The verification Tool, <span class="command"><strong>vfychain</strong></span>, verifies certificate chains. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-a</code></span></dt><dd>the following certfile is base64 encoded</dd><dt><span class="term"><code class="option">-b </code> <em class="replaceable"><code>YYMMDDHHMMZ</code></em></span></dt><dd>Validate date (default: now)</dd><dt><span class="term"><code class="option">-d </code> <em class="replaceable"><code>directory</code></em></span></dt><dd>database directory</dd><dt><span class="term"><code class="option">-f </code> </span></dt><dd>Enable cert fetching from AIA URL</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>oid</code></em></span></dt><dd>Set policy OID for cert validation(Format OID.1.2.3)</dd><dt><span class="term"><code class="option">-p </code></span></dt><dd><p class="simpara">Use PKIX Library to validate certificate by calling:</p><p class="simpara">	   * CERT_VerifyCertificate if specified once,</p><p class="simpara">	   * CERT_PKIXVerifyCert if specified twice and more.</p></dd><dt><span class="term"><code class="option">-r </code></span></dt><dd>Following certfile is raw binary DER (default)</dd><dt><span class="term"><code class="option">-t</code></span></dt><dd>Following cert is explicitly trusted (overrides db trust)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>usage</code></em></span></dt><dd><p>
+	 	 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,
+	     4=Email signer, 5=Email recipient, 6=Object signer,
+		 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
+            </p></dd><dt><span class="term"><code class="option">-T </code></span></dt><dd>Trust both explicit trust anchors (-t) and the database. (Without this option, the default is to only trust certificates marked -t, if there are any, or to trust the database if there are certificates marked -t.)
+            </dd><dt><span class="term"><code class="option">-v </code></span></dt><dd>Verbose mode. Prints root cert subject(double the
+			 argument for whole root cert info)
+            </dd><dt><span class="term"><code class="option">-w </code> <em class="replaceable"><code>password</code></em></span></dt><dd>Database password</dd><dt><span class="term"><code class="option">-W </code> <em class="replaceable"><code>pwfile</code></em></span></dt><dd>Password file</dd><dt><span class="term"><code class="option"></code></span></dt><dd><p class="simpara">Revocation options for PKIX API (invoked with -pp options) is a
+	collection of the following flags:
+		[-g type [-h flags] [-m type [-s flags]] ...] ...</p><p class="simpara">Where: </p></dd><dt><span class="term"><code class="option">-g </code> <em class="replaceable"><code>test-type</code></em></span></dt><dd>Sets status checking test type. Possible values
+			are "leaf" or "chain"
+          </dd><dt><span class="term"><code class="option">-g </code> <em class="replaceable"><code>test type</code></em></span></dt><dd>Sets status checking test type. Possible values
+			are "leaf" or "chain".
+          </dd><dt><span class="term"><code class="option">-h </code> <em class="replaceable"><code>test flags</code></em></span></dt><dd>Sets revocation flags for the test type it
+			follows. Possible flags: "testLocalInfoFirst" and
+			"requireFreshInfo".
+          </dd><dt><span class="term"><code class="option">-m </code> <em class="replaceable"><code>method type</code></em></span></dt><dd>Sets method type for the test type it follows.
+			Possible types are "crl" and "ocsp".
+          </dd><dt><span class="term"><code class="option">-s </code> <em class="replaceable"><code>method flags</code></em></span></dt><dd>Sets revocation flags for the method it follows.
+			Possible types are "doNotUse", "forbidFetching",
+			"ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".
+          </dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/html/vfyserv.html b/nss/doc/html/vfyserv.html
new file mode 100644
index 0000000..dec6dcb
--- /dev/null
+++ b/nss/doc/html/vfyserv.html
@@ -0,0 +1,5 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYSERV</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYSERV"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYSERV</th></tr></table><hr></div><div class="refentry"><a name="vfyserv"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfyserv  — TBD</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfyserv</code> </p></div></div><div class="refsection"><a name="idm233266435200"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
+    </p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The <span class="command"><strong>vfyserv </strong></span> tool verifies a certificate chain</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option"></code> <em class="replaceable"><code></code></em></span></dt><dd><p class="simpara"></p><p class="simpara"></p></dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</p><p>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
+    </p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </p></div></div><div class="navfooter"><hr></div></body></html>
diff --git a/nss/doc/modutil.xml b/nss/doc/modutil.xml
new file mode 100644
index 0000000..142aa69
--- /dev/null
+++ b/nss/doc/modutil.xml
@@ -0,0 +1,761 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="modutil">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>MODUTIL</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>modutil</refname>
+    <refpurpose>Manage PKCS #11 module information within the security module database.</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>modutil</command>
+      <arg><replaceable>options</replaceable></arg>
+      <arg>[<replaceable>arguments</replaceable>]</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+    <para>The Security Module Database Tool, <command>modutil</command>, is a command-line utility for managing PKCS #11 module information both within <filename>secmod.db</filename> files and within hardware tokens. <command>modutil</command> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</para>
+
+	<para>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</para>
+  </refsection>
+  
+  <refsection id="options">
+    <title>Options</title>
+	<para>
+		Running <command>modutil</command> always requires one (and only one) option to specify the type of module operation. Each option may take arguments, anywhere from none to multiple arguments.
+	</para>
+   	<para><command>Options</command></para> 
+
+	<variablelist>
+
+      <varlistentry>
+        <term>-add modulename</term>
+	  <listitem><para>Add the named PKCS #11 module to the database. Use this option with the <option>-libfile</option>, <option>-ciphers</option>, and <option>-mechanisms</option> arguments.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-changepw tokenname</term>
+	  <listitem><para>Change the password on the named token. If the token has not been initialized, this option initializes the password. Use this option with the <option>-pwfile</option> and <option>-newpwfile</option> arguments. A <emphasis>password</emphasis> is equivalent to a personal identification number (PIN).</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-chkfips</term>
+	  <listitem><para>Verify whether the module is in the given FIPS mode. <command>true</command> means to verify that the module is in FIPS mode, while <command>false</command> means to verify that the module is not in FIPS mode.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-create</term>
+	<listitem><para>Create new certificate, key, and module databases. Use the <option>-dbdir</option> directory argument to specify a directory. If any of these databases already exist in a specified directory, <command>modutil</command> returns an error message.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-default modulename</term>
+	  <listitem><para>Specify the security mechanisms for which the named module will be a default provider. The security mechanisms are specified with the <option>-mechanisms</option> argument.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-delete modulename</term>
+	  <listitem><para>Delete the named module. The default NSS PKCS #11 module cannot be deleted.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-disable modulename</term>
+	  <listitem><para>Disable all slots on the named module. Use the <option>-slot</option> argument to disable a specific slot.</para><para>The internal NSS PKCS #11 module cannot be disabled.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-enable modulename</term>
+	  <listitem><para>Enable all slots on the named module. Use the <option>-slot</option> argument to enable a specific slot.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-fips [true | false]</term>
+	  <listitem><para>Enable (true) or disable (false) FIPS 140-2 compliance for the default NSS module.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-force</term>
+	  <listitem><para>Disable <command>modutil</command>'s interactive prompts so it can be run from a script. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-jar JAR-file</term>
+	  <listitem><para>Add a new PKCS #11 module to the database using the named JAR file. Use this command with the <option>-installdir</option> and <option>-tempdir</option> arguments. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module's name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with <command>modutil</command>. </para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+          <term>-list [modulename]</term>
+	  <listitem><para>Display basic information about the contents of the <filename>secmod.db</filename> file. Specifying a <emphasis>modulename</emphasis> displays detailed information about a particular module and its slots and tokens.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-rawadd</term>
+	  <listitem><para>Add the module spec string to the <filename>secmod.db</filename> database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-rawlist</term>
+	  <listitem><para>Display the module specs for a specified module or for all loadable modules.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-undefault modulename</term>
+	  <listitem><para>Specify the security mechanisms for which the named module will not be a default provider. The security mechanisms are specified with the <option>-mechanisms</option> argument.</para></listitem>
+      </varlistentry>
+	</variablelist>
+
+	<para><command>Arguments</command></para>
+    <variablelist>
+
+      <varlistentry>
+        <term>MODULE</term>
+	  <listitem><para>Give the security module to access.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>MODULESPEC</term>
+	  <listitem><para>Give the security module spec to load into the security database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-ciphers cipher-enable-list</term>
+	  <listitem><para>Enable specific ciphers in a module that is being added to the database. The <emphasis>cipher-enable-list</emphasis> is a colon-delimited list of cipher names. Enclose this list in quotation marks if it contains spaces.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-dbdir [sql:]directory</term>
+	  <listitem><para>Specify the database directory in which to access or create security module database files.</para>
+	<para><command>modutil</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>sql:</command> is not used, then the tool assumes that the given databases are in the old format.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>--dbprefix prefix</term>
+	  <listitem><para>Specify the prefix used on the database files, such as <filename>my_</filename> for <filename>my_cert8.db</filename>. This option is provided as a special case. Changing the names of the certificate and key databases is not recommended.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-installdir root-installation-directory</term>
+	  <listitem><para>Specify the root installation directory relative to which files will be installed by the <option>-jar</option> option. This directory should be one below which it is appropriate to store dynamic library files, such as a server's root directory.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-libfile library-file</term>
+	  <listitem><para>Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-mechanisms mechanism-list</term>
+	  <listitem><para>Specify the security mechanisms for which a particular module will be flagged as a default provider. The <emphasis>mechanism-list</emphasis> is a colon-delimited list of mechanism names. Enclose this list in quotation marks if it contains spaces.</para>
+	<para>The module becomes a default provider for the listed mechanisms when those mechanisms are enabled. If more than one module claims to be a particular mechanism's default provider, that mechanism's default provider is undefined.</para>
+	<para><command>modutil</command> supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable).</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-newpwfile new-password-file</term>
+	  <listitem><para>Specify a text file containing a token's new or replacement password so that a password can be entered automatically with the <option>-changepw</option> option.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-nocertdb</term>
+	  <listitem><para>Do not open the certificate or key databases. This has several effects:</para>
+		<itemizedlist>
+		<listitem>
+          <para>With the <option>-create</option> command, only a module security file is created; certificate and key databases are not created.</para>
+		</listitem>
+		<listitem>
+          <para>With the <option>-jar</option> command, signatures on the JAR file are not checked.</para>
+		</listitem>
+		<listitem>
+          <para>With the <option>-changepw</option> command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database.</para></listitem>
+		</itemizedlist>
+		</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-pwfile old-password-file</term>
+	  <listitem><para>Specify a text file containing a token's existing password so that a password can be entered automatically when the <option>-changepw</option> option is used to change passwords.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-secmod secmodname</term>
+	  <listitem><para>Give the name of the security module database (like <filename>secmod.db</filename>) to load.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-slot slotname</term>
+	  <listitem><para>Specify a particular slot to be enabled or disabled with the <option>-enable</option> or <option>-disable</option> options.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-string CONFIG_STRING</term>
+	  <listitem><para>Pass a configuration string for the module being added to the database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-tempdir temporary-directory</term>
+	  <listitem><para>Give a directory location where temporary files are created during the installation by the <option>-jar</option> option. If no temporary directory is specified, the current directory is used.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsection>
+
+  <refsection id="usage-and-examples">
+    <title>Usage and Examples</title>
+
+    <para><command>Creating Database Files</command></para>
+    <para>Before any operations can be performed, there must be a set of security databases available. <command>modutil</command> can be used to create these files. The only required argument is the database that where the databases will be located.</para>
+<programlisting>modutil -create -dbdir [sql:]directory</programlisting>
+
+	<para><command>Adding a Cryptographic Module</command></para>
+	<para>Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms. This can be done by supplying all of the information through <command>modutil</command> directly or by running a JAR file and install script. For the most basic case, simply upload the library:</para>
+<programlisting>modutil -add modulename -libfile library-file [-ciphers cipher-enable-list] [-mechanisms mechanism-list] </programlisting>
+	<para>For example:
+<programlisting>modutil -dbdir sql:/home/my/sharednssdb -add "Example PKCS #11 Module" -libfile "/tmp/crypto.so" -mechanisms RSA:DSA:RC2:RANDOM 
+
+Using database directory ... 
+Module "Example PKCS #11 Module" added to database.</programlisting>
+        </para>
+
+
+	<para><command>Installing a Cryptographic Module from a JAR File</command></para>
+	<para>PKCS #11 modules can also be loaded using a JAR file, which contains all of the required libraries and an installation script that describes how to install the module. The JAR install script is described in more detail in <xref linkend="jar-install-file" />.</para>
+	<para>The JAR installation script defines the setup information for each platform that the module can be installed on. For example:</para>
+<programlisting>Platforms { 
+   Linux:5.4.08:x86 { 
+      ModuleName { "Example PKCS #11 Module" } 
+      ModuleFile { crypto.so } 
+      DefaultMechanismFlags{0x0000} 
+      CipherEnableFlags{0x0000} 
+      Files { 
+         crypto.so { 
+            Path{ /tmp/crypto.so } 
+         } 
+         setup.sh { 
+            Executable 
+            Path{ /tmp/setup.sh } 
+         } 
+      } 
+   } 
+   Linux:6.0.0:x86 { 
+      EquivalentPlatform { Linux:5.4.08:x86 } 
+   } 
+} </programlisting>
+	<para>Both the install script and the required libraries must be bundled in a JAR file, which is specified with the <option>-jar</option> argument.</para>
+
+<programlisting>modutil -dbdir sql:/home/mt"jar-install-filey/sharednssdb -jar install.jar -installdir sql:/home/my/sharednssdb
+
+This installation JAR file was signed by: 
+---------------------------------------------- 
+
+**SUBJECT NAME** 
+
+C=US, ST=California, L=Mountain View, CN=Cryptorific Inc., OU=Digital ID
+Class 3 - Netscape Object Signing, OU="www.verisign.com/repository/CPS
+Incorp. by Ref.,LIAB.LTD(c)9 6", OU=www.verisign.com/CPS Incorp.by Ref
+. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign Object Signing CA - Class 3
+Organization, OU="VeriSign, Inc.", O=VeriSign Trust Network **ISSUER
+NAME**, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
+VeriSign, OU=VeriSign Object Signing CA - Class 3 Organization,
+OU="VeriSign, Inc.", O=VeriSign Trust Network 
+---------------------------------------------- 
+
+Do you wish to continue this installation? (y/n) y 
+Using installer script "installer_script" 
+Successfully parsed installation script 
+Current platform is Linux:5.4.08:x86 
+Using installation parameters for platform Linux:5.4.08:x86 
+Installed file crypto.so to /tmp/crypto.so
+Installed file setup.sh to ./pk11inst.dir/setup.sh 
+Executing "./pk11inst.dir/setup.sh"... 
+"./pk11inst.dir/setup.sh" executed successfully 
+Installed module "Example PKCS #11 Module" into module database 
+
+Installation completed successfully </programlisting>
+
+	<para><command>Adding Module Spec</command></para>
+	<para>Each module has information stored in the security database about its configuration and parameters. These can be added or edited using the <option>-rawadd</option> command. For the current settings or to see the format of the module spec in the database, use the <option>-rawlist</option> option.</para>
+<programlisting>modutil -rawadd modulespec</programlisting>
+
+
+	<para><command>Deleting a Module</command></para>
+    <para>A specific PKCS #11 module can be deleted from the <filename>secmod.db</filename> database:</para>
+<programlisting>modutil -delete modulename -dbdir [sql:]directory </programlisting>
+
+	<para><command>Displaying Module Information</command></para>
+	<para>The <filename>secmod.db</filename> database contains information about the PKCS #11 modules that are available to an application or server to use. The list of all modules, information about specific modules, and database configuration specs for modules can all be viewed. </para>
+    <para>To simply get a list of modules in the database, use the <option>-list</option> command.</para>
+<programlisting>modutil -list [modulename] -dbdir [sql:]directory </programlisting>
+	<para>Listing the modules shows the module name, their status, and other associated security databases for certificates and keys. For example:</para>
+   
+<programlisting>modutil -list -dbdir sql:/home/my/sharednssdb 
+
+Listing of PKCS #11 Modules
+-----------------------------------------------------------
+  1. NSS Internal PKCS #11 Module
+         slots: 2 slots attached
+        status: loaded
+
+         slot: NSS Internal Cryptographic Services                            
+        token: NSS Generic Crypto Services
+
+         slot: NSS User Private Key and Certificate Services                  
+        token: NSS Certificate DB
+-----------------------------------------------------------</programlisting>
+	<para>Passing a specific module name with the <option>-list</option> returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on. For example:</para>
+<programlisting> modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/home/my/sharednssdb
+
+-----------------------------------------------------------
+Name: NSS Internal PKCS #11 Module
+Library file: **Internal ONLY module**
+Manufacturer: Mozilla Foundation              
+Description: NSS Internal Crypto Services    
+PKCS #11 Version 2.20
+Library Version: 3.11
+Cipher Enable Flags: None
+Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
+
+  Slot: NSS Internal Cryptographic Services                            
+  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
+  Manufacturer: Mozilla Foundation              
+  Type: Software
+  Version Number: 3.11
+  Firmware Version: 0.0
+  Status: Enabled
+  Token Name: NSS Generic Crypto Services     
+  Token Manufacturer: Mozilla Foundation              
+  Token Model: NSS 3           
+  Token Serial Number: 0000000000000000
+  Token Version: 4.0
+  Token Firmware Version: 0.0
+  Access: Write Protected
+  Login Type: Public (no login required)
+  User Pin: NOT Initialized
+
+  Slot: NSS User Private Key and Certificate Services                  
+  Slot Mechanism Flags: None
+  Manufacturer: Mozilla Foundation              
+  Type: Software
+  Version Number: 3.11
+  Firmware Version: 0.0
+  Status: Enabled
+  Token Name: NSS Certificate DB              
+  Token Manufacturer: Mozilla Foundation              
+  Token Model: NSS 3           
+  Token Serial Number: 0000000000000000
+  Token Version: 8.3
+  Token Firmware Version: 0.0
+  Access: NOT Write Protected
+  Login Type: Login required
+  User Pin: Initialized</programlisting>
+	<para>A related command, <option>-rawlist</option> returns information about the database configuration for the modules. (This information can be edited by loading new specs using the <option>-rawadd</option> command.)</para>
+<programlisting> modutil -rawlist -dbdir sql:/home/my/sharednssdb
+ name="NSS Internal PKCS #11 Module" parameters="configdir=. certPrefix= keyPrefix= secmod=secmod.db flags=readOnly " NSS="trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM askpw=any timeout=30 ] }  Flags=internal,critical"</programlisting>
+
+	<para><command>Setting a Default Provider for Security Mechanisms</command></para>
+	<para>Multiple security modules may provide support for the same security mechanisms. It is possible to set a specific security module as the default provider for a specific security mechanism (or, conversely, to prohibit a provider from supplying those mechanisms).</para>
+<programlisting>modutil -default modulename -mechanisms mechanism-list </programlisting>
+	<para>To set a module as the default provider for mechanisms, use the <option>-default</option> command with a colon-separated list of mechanisms. The available mechanisms depend on the module; NSS supplies almost all common mechanisms. For example:</para>
+<programlisting>modutil -default "NSS Internal PKCS #11 Module" -dbdir -mechanisms RSA:DSA:RC2 
+
+Using database directory c:\databases...
+
+Successfully changed defaults.</programlisting>
+
+    <para>Clearing the default provider has the same format:</para>
+<programlisting>modutil -undefault "NSS Internal PKCS #11 Module" -dbdir -mechanisms MD2:MD5</programlisting>
+
+	<para><command>Enabling and Disabling Modules and Slots</command></para>
+	<para>Modules, and specific slots on modules, can be selectively enabled or disabled using <command>modutil</command>. Both commands have the same format:</para>
+<programlisting>modutil -enable|-disable modulename [-slot slotname] </programlisting>
+
+    <para>For example:</para>
+<programlisting>modutil -enable "NSS Internal PKCS #11 Module" -slot "NSS Internal Cryptographic Services                            " -dbdir .
+
+Slot "NSS Internal Cryptographic Services                            " enabled.</programlisting>
+	<para>Be sure that the appropriate amount of trailing whitespace is after the slot name. Some slot names have a significant amount of whitespace that must be included, or the operation will fail.</para>
+
+	<para><command>Enabling and Verifying FIPS Compliance</command></para>
+	<para>The NSS modules can have FIPS 140-2 compliance enabled or disabled using <command>modutil</command> with the <option>-fips</option> option. For example:</para>
+<programlisting>modutil -fips true -dbdir sql:/home/my/sharednssdb/
+
+FIPS mode enabled.</programlisting>
+	<para>To verify that status of FIPS mode, run the <option>-chkfips</option> command with either a true or false flag (it doesn't matter which). The tool returns the current FIPS setting.</para>
+<programlisting>modutil -chkfips false -dbdir sql:/home/my/sharednssdb/
+
+FIPS mode enabled.</programlisting>
+
+	<para><command>Changing the Password on a Token</command></para>
+
+    <para>Initializing or changing a token's password:</para>
+<programlisting>modutil -changepw tokenname [-pwfile old-password-file] [-newpwfile new-password-file] </programlisting>
+<programlisting>modutil -dbdir sql:/home/my/sharednssdb -changepw "NSS Certificate DB" 
+
+Enter old password: 
+Incorrect password, try again... 
+Enter old password: 
+Enter new password: 
+Re-enter new password: 
+Token "Communicator Certificate DB" password changed successfully.</programlisting>
+  </refsection>
+
+  <refsection id="jar-install-file"><title>JAR Installation File Format</title>
+     <para>When a JAR file is run by a server, by <command>modutil</command>, or by any program that does not interpret JavaScript, a special information file must be included to install the libraries. There are several things to keep in mind with this file:</para>
+	<itemizedlist>
+		<listitem>
+			<para>
+				It must be declared in the JAR archive's manifest file. 
+			</para>
+		</listitem>
+		<listitem>
+			<para>
+				The script can have any name. 
+			</para>
+		</listitem>
+		<listitem>
+			<para>
+				The metainfo tag for this is <command>Pkcs11_install_script</command>. To declare meta-information in the manifest file, put it in a file that is passed to <command>signtool</command>.</para>
+		</listitem>
+	</itemizedlist>
+
+	<para><command>Sample Script</command></para>
+	<para>For example, the PKCS #11 installer script could be in the file pk11install. If so, the metainfo file for <command>signtool</command> includes a line such as this:</para>
+<programlisting>+ Pkcs11_install_script: pk11install</programlisting>
+
+	<para>The script must define the platform and version number, the module name and file, and any optional information like supported ciphers and mechanisms. Multiple platforms can be defined in a single install file.</para>
+<programlisting>ForwardCompatible { IRIX:6.2:mips SUNOS:5.5.1:sparc }
+Platforms {
+   WINNT::x86 {
+      ModuleName { "Example Module" }
+      ModuleFile { win32/fort32.dll }
+      DefaultMechanismFlags{0x0001}
+      DefaultCipherFlags{0x0001}
+      Files {
+         win32/setup.exe {
+            Executable
+            RelativePath { %temp%/setup.exe }
+         }
+         win32/setup.hlp {
+            RelativePath { %temp%/setup.hlp }
+         }
+         win32/setup.cab {
+            RelativePath { %temp%/setup.cab }
+         }
+      }
+   }
+   WIN95::x86 {
+      EquivalentPlatform {WINNT::x86}
+   }
+   SUNOS:5.5.1:sparc {
+      ModuleName { "Example UNIX Module" }
+      ModuleFile { unix/fort.so }
+      DefaultMechanismFlags{0x0001}
+      CipherEnableFlags{0x0001}
+      Files {
+         unix/fort.so {
+            RelativePath{%root%/lib/fort.so}
+            AbsolutePath{/usr/local/netscape/lib/fort.so}
+            FilePermissions{555}
+         }
+         xplat/instr.html {
+            RelativePath{%root%/docs/inst.html}
+            AbsolutePath{/usr/local/netscape/docs/inst.html}
+            FilePermissions{555}
+         }
+      }
+   }
+   IRIX:6.2:mips {
+      EquivalentPlatform { SUNOS:5.5.1:sparc }
+   }
+}</programlisting>
+
+	<para><command>Script Grammar</command></para>
+	<para>The script is basic Java, allowing lists, key-value pairs, strings, and combinations of all of them.</para>
+<programlisting>--> valuelist
+
+valuelist --> value valuelist
+               &lt;null>
+
+value ---> key_value_pair
+            string
+
+key_value_pair --> key { valuelist }
+
+key --> string
+
+string --> simple_string
+            "complex_string"
+
+simple_string --> [^ \t\n\""{""}"]+ 
+
+complex_string --> ([^\"\\\r\n]|(\\\")|(\\\\))+ </programlisting>
+
+	<para>Quotes and backslashes must be escaped with a backslash. A complex string must not include newlines or carriage returns.Outside of complex strings, all white space (for example, spaces, tabs, and carriage returns) is considered equal and is used only to delimit tokens.</para>
+
+	<para><command>Keys</command></para>
+	<para>The Java install file uses keys to define the platform and module information.</para>
+	<para><command>ForwardCompatible</command> gives a list of platforms that are forward compatible. If the current platform cannot be found in the list of supported platforms, then the <command>ForwardCompatible</command> list is checked for any platforms that have the same OS and architecture in an earlier version. If one is found, its attributes are used for the current platform. </para>
+	<para><command>Platforms</command> (required) Gives a list of platforms. Each entry in the list is itself a key-value pair: the key is the name of the platform and the value list contains various attributes of the platform. The platform string is in the format <emphasis>system name:OS release:architecture</emphasis>. The installer obtains these values from NSPR. OS release is an empty string on non-Unix operating systems. NSPR supports these platforms:</para>
+	<itemizedlist>
+	<listitem>
+	<para>AIX (rs6000)</para>
+	</listitem>
+	<listitem>
+	<para>BSDI (x86)</para>
+	</listitem>
+	<listitem>
+	<para>FREEBSD (x86)</para>
+	</listitem>
+	<listitem>
+	<para>HPUX (hppa1.1)</para>
+	</listitem>
+	<listitem>
+	<para>IRIX (mips)</para>
+	</listitem>
+	<listitem>
+	<para>LINUX (ppc, alpha, x86)</para>
+	</listitem>
+	<listitem>
+	<para>MacOS (PowerPC)</para>
+	</listitem>
+	<listitem>
+	<para>NCR (x86)</para>
+	</listitem>
+	<listitem>
+	<para>NEC (mips)</para>
+	</listitem>
+	<listitem>
+	<para>OS2 (x86)</para>
+	</listitem>
+	<listitem>
+	<para>OSF (alpha)</para>
+	</listitem>
+	<listitem>
+	<para>ReliantUNIX (mips)</para>
+	</listitem>
+	<listitem>
+	<para>SCO (x86)</para>
+	</listitem>
+	<listitem>
+	<para>SOLARIS (sparc)</para>
+	</listitem>
+	<listitem>
+	<para>SONY (mips)</para>
+	</listitem>
+	<listitem>
+	<para>SUNOS (sparc)</para>
+	</listitem>
+	<listitem>
+	<para>UnixWare (x86)</para>
+	</listitem>
+	<listitem>
+	<para>WIN16 (x86)</para>
+	</listitem>
+	<listitem>
+	<para>WIN95 (x86)</para>
+	</listitem>
+	<listitem>
+	<para>WINNT (x86)</para>
+	</listitem>
+	</itemizedlist>
+
+	<para>For example:</para>
+<programlisting>IRIX:6.2:mips
+SUNOS:5.5.1:sparc
+Linux:2.0.32:x86
+WIN95::x86</programlisting>
+	<para>The module information is defined independently for each platform in the <command>ModuleName</command>, <command>ModuleFile</command>, and <command>Files</command> attributes. These attributes must be given unless an <command>EquivalentPlatform</command> attribute is specified. </para>
+
+	<para><command>Per-Platform Keys</command></para>
+	<para>Per-platform keys have meaning only within the value list of an entry in the <command>Platforms</command> list.</para>
+	<para><command>ModuleName</command> (required) gives the common name for the module. This name is used to reference the module by servers and by the <command>modutil</command> tool. </para>
+	<para><command>ModuleFile</command> (required) names the PKCS #11 module file for this platform. The name is given as the relative path of the file within the JAR archive. </para>
+	<para><command>Files</command> (required) lists the files that need to be installed for this module. Each entry in the file list is a key-value pair. The key is the path of the file in the JAR archive, and the value list contains attributes of the file. At least <command>RelativePath</command> or <command>AbsolutePath</command> must be specified for each file.</para>
+	<para><command>DefaultMechanismFlags</command> specifies mechanisms for which this module is the default provider; this is equivalent to the <option>-mechanism</option> option with the <option>-add</option> command. This key-value pair is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the DefaultMechanismFlags entry is omitted, the value defaults to 0x0.</para>
+
+<programlisting>RSA:                   0x00000001
+DSA:                   0x00000002
+RC2:                   0x00000004
+RC4:                   0x00000008
+DES:                   0x00000010
+DH:                    0x00000020
+FORTEZZA:              0x00000040
+RC5:                   0x00000080
+SHA1:                  0x00000100
+MD5:                   0x00000200
+MD2:                   0x00000400
+RANDOM:                0x08000000
+FRIENDLY:              0x10000000
+OWN_PW_DEFAULTS:       0x20000000
+DISABLE:               0x40000000</programlisting>
+
+	<para><command>CipherEnableFlags</command> specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS). This is equivalent to the <option>-cipher</option> argument with the <option>-add</option> command. This key is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR. If the <command>CipherEnableFlags</command> entry is omitted, the value defaults to 0x0.</para>
+
+	<para><command>EquivalentPlatform</command> specifies that the attributes of the named platform should also be used for the current platform. This makes it easier when more than one platform uses the same settings.</para>
+
+	<para><command>Per-File Keys</command></para>
+	<para>Some keys have meaning only within the value list of an entry in a <command>Files</command> list.</para>
+	<para>Each file requires a path key the identifies where the file is. Either <command>RelativePath</command> or <command>AbsolutePath</command> must be specified. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program.</para>
+	<para><command>RelativePath</command> specifies the destination directory of the file, relative to some directory decided at install time. Two variables can be used in the relative path: <command>%root%</command> and <command>%temp%</command>. <command>%root%</command> is replaced at run time with the directory relative to which files should be installed; for example, it may be the server's root directory. The <command>%temp%</command> directory is created at the beginning of the installation and destroyed at the end. The purpose of <command>%temp%</command> is to hold executable files (such as setup programs) or files that are used by these programs. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished.</para>
+	<para><command>AbsolutePath</command> specifies the destination directory of the file as an absolute path. </para>
+	<para><command>Executable</command> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</para>
+	<para><command>FilePermissions</command> sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</para>
+
+<programlisting>
+user read:                0400
+user write:               0200
+user execute:             0100
+group read:               0040
+group write:              0020
+group execute:            0010
+other read:               0004
+other write:              0002
+other execute:            0001
+</programlisting>
+
+<para>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</para>
+  </refsection>
+
+<refsection id="databases"><title>NSS Database Types</title>
+<para>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <emphasis>legacy</emphasis> databases are:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert8.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key3.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			secmod.db for PKCS #11 module information
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</para>
+
+<para>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkleyDB. These new databases provide more accessibility and performance:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert9.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key4.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
+
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <command>sql:</command> prefix with the given security directory. For example:</para>
+
+<programlisting>modutil -create -dbdir sql:/home/my/sharednssdb</programlisting>
+
+<para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para>
+<programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting>
+
+<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para>
+
+<para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+	</listitem>
+</itemizedlist>
+<para>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</para>
+	</listitem>
+</itemizedlist>
+</refsection>
+
+  <refsection id="seealso">
+    <title>See Also</title>
+    <para>certutil (1)</para>
+    <para>pk12util (1)</para>
+    <para>signtool (1)</para>
+
+	<para>The NSS wiki has information on the new database design and how to configure applications to use it.</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+	</listitem>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</para>
+	</listitem>
+</itemizedlist>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/nroff/certutil.1 b/nss/doc/nroff/certutil.1
new file mode 100644
index 0000000..b2a8bd2
--- /dev/null
+++ b/nss/doc/nroff/certutil.1
@@ -0,0 +1,2050 @@
+'\" t
+.\"     Title: CERTUTIL
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  8 September 2016
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "CERTUTIL" "1" "8 September 2016" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+certutil \- Manage keys and certificate in both NSS databases and other NSS tokens
+.SH "SYNOPSIS"
+.HP \w'\fBcertutil\fR\ 'u
+\fBcertutil\fR [\fIoptions\fR] [[\fIarguments\fR]]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The Certificate Database Tool,
+\fBcertutil\fR, is a command\-line utility that can create and modify certificate and key databases\&. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database\&.
+.PP
+Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database\&. This document discusses certificate and key database management\&. For information on the security module database management, see the
+\fBmodutil\fR
+manpage\&.
+.SH "COMMAND OPTIONS AND ARGUMENTS"
+.PP
+Running
+\fBcertutil\fR
+always requires one and only one command option to specify the type of certificate operation\&. Each command option may take zero or more arguments\&. The command option
+\fB\-H\fR
+will list all the command options and their relevant arguments\&.
+.PP
+\fBCommand Options\fR
+.PP
+\-A
+.RS 4
+Add an existing certificate to a certificate database\&. The certificate database should already exist; if one is not present, this command option will initialize one by default\&.
+.RE
+.PP
+\-B
+.RS 4
+Run a series of commands from the specified batch file\&. This requires the
+\fB\-i\fR
+argument\&.
+.RE
+.PP
+\-C
+.RS 4
+Create a new binary certificate file from a binary certificate request file\&. Use the
+\fB\-i\fR
+argument to specify the certificate request file\&. If this argument is not used,
+\fBcertutil\fR
+prompts for a filename\&.
+.RE
+.PP
+\-D
+.RS 4
+Delete a certificate from the certificate database\&.
+.RE
+.PP
+\-\-rename
+.RS 4
+Change the database nickname of a certificate\&.
+.RE
+.PP
+\-E
+.RS 4
+Add an email certificate to the certificate database\&.
+.RE
+.PP
+\-F
+.RS 4
+Delete a private key from a key database\&. Specify the key to delete with the \-n argument\&. Specify the database from which to delete the key with the
+\fB\-d\fR
+argument\&. Use the
+\fB\-k\fR
+argument to specify explicitly whether to delete a DSA, RSA, or ECC key\&. If you don\*(Aqt use the
+\fB\-k\fR
+argument, the option looks for an RSA key matching the specified nickname\&.
+.sp
+When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using \-D\&. Some smart cards do not let you remove a public key you have generated\&. In such a case, only the private key is deleted from the key pair\&. You can display the public key with the command certutil \-K \-h tokenname\&.
+.RE
+.PP
+\-G
+.RS 4
+Generate a new public and private key pair within a key database\&. The key database should already exist; if one is not present, this command option will initialize one by default\&. Some smart cards can store only one key pair\&. If you create a new key pair for such a card, the previous pair is overwritten\&.
+.RE
+.PP
+\-H
+.RS 4
+Display a list of the command options and arguments\&.
+.RE
+.PP
+\-K
+.RS 4
+List the key ID of keys in the key database\&. A key ID is the modulus of the RSA key or the publicValue of the DSA key\&. IDs are displayed in hexadecimal ("0x" is not shown)\&.
+.RE
+.PP
+\-L
+.RS 4
+List all the certificates, or display information about a named certificate, in a certificate database\&. Use the \-h tokenname argument to specify the certificate database on a particular hardware or software token\&.
+.RE
+.PP
+\-M
+.RS 4
+Modify a certificate\*(Aqs trust attributes using the values of the \-t argument\&.
+.RE
+.PP
+\-N
+.RS 4
+Create new certificate and key databases\&.
+.RE
+.PP
+\-O
+.RS 4
+Print the certificate chain\&.
+.RE
+.PP
+\-R
+.RS 4
+Create a certificate request file that can be submitted to a Certificate Authority (CA) for processing into a finished certificate\&. Output defaults to standard out unless you use \-o output\-file argument\&. Use the \-a argument to specify ASCII output\&.
+.RE
+.PP
+\-S
+.RS 4
+Create an individual certificate and add it to a certificate database\&.
+.RE
+.PP
+\-T
+.RS 4
+Reset the key database or token\&.
+.RE
+.PP
+\-U
+.RS 4
+List all available modules or print a single named module\&.
+.RE
+.PP
+\-V
+.RS 4
+Check the validity of a certificate and its attributes\&.
+.RE
+.PP
+\-W
+.RS 4
+Change the password to a key database\&.
+.RE
+.PP
+\-\-merge
+.RS 4
+Merge two databases into one\&.
+.RE
+.PP
+\-\-upgrade\-merge
+.RS 4
+Upgrade an old database and merge it into a new database\&. This is used to migrate legacy NSS databases (cert8\&.db
+and
+key3\&.db) into the newer SQLite databases (cert9\&.db
+and
+key4\&.db)\&.
+.RE
+.PP
+\fBArguments\fR
+.PP
+Arguments modify a command option and are usually lower case, numbers, or symbols\&.
+.PP
+\-a
+.RS 4
+Use ASCII format or allow the use of ASCII format for input or output\&. This formatting follows RFC 1113\&. For certificate requests, ASCII output defaults to standard output unless redirected\&.
+.RE
+.PP
+\-b validity\-time
+.RS 4
+Specify a time at which a certificate is required to be valid\&. Use when checking certificate validity with the
+\fB\-V\fR
+option\&. The format of the
+\fIvalidity\-time\fR
+argument is
+\fIYYMMDDHHMMSS[+HHMM|\-HHMM|Z]\fR, which allows offsets to be set relative to the validity end time\&. Specifying seconds (\fISS\fR) is optional\&. When specifying an explicit time, use a Z at the end of the term,
+\fIYYMMDDHHMMSSZ\fR, to close it\&. When specifying an offset time, use
+\fIYYMMDDHHMMSS+HHMM\fR
+or
+\fIYYMMDDHHMMSS\-HHMM\fR
+for adding or subtracting time, respectively\&.
+.sp
+If this option is not used, the validity check defaults to the current system time\&.
+.RE
+.PP
+\-c issuer
+.RS 4
+Identify the certificate of the CA from which a new certificate will derive its authenticity\&. Use the exact nickname or alias of the CA certificate, or use the CA\*(Aqs email address\&. Bracket the issuer string with quotation marks if it contains spaces\&.
+.RE
+.PP
+\-d [prefix]directory
+.RS 4
+Specify the database directory containing the certificate and key database files\&.
+.sp
+\fBcertutil\fR
+supports two types of databases: the legacy security databases (cert8\&.db,
+key3\&.db, and
+secmod\&.db) and new SQLite databases (cert9\&.db,
+key4\&.db, and
+pkcs11\&.txt)\&.
+.sp
+NSS recognizes the following prefixes:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBsql:\fR
+requests the newer database
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBdbm:\fR
+requests the legacy database
+.RE
+.sp
+If no prefix is specified the default type is retrieved from NSS_DEFAULT_DB_TYPE\&. If NSS_DEFAULT_DB_TYPE is not set then
+\fBdbm:\fR
+is the default\&.
+.RE
+.PP
+\-\-dump\-ext\-val OID
+.RS 4
+For single cert, print binary DER encoding of extension OID\&.
+.RE
+.PP
+\-e
+.RS 4
+Check a certificate\*(Aqs signature during the process of validating a certificate\&.
+.RE
+.PP
+\-\-email email\-address
+.RS 4
+Specify the email address of a certificate to list\&. Used with the \-L command option\&.
+.RE
+.PP
+\-\-extGeneric OID:critical\-flag:filename[,OID:critical\-flag:filename]\&.\&.\&.
+.RS 4
+Add one or multiple extensions that certutil cannot encode yet, by loading their encodings from external files\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+OID (example): 1\&.2\&.3\&.4
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+critical\-flag: critical or not\-critical
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+filename: full path to a file containing an encoded extension
+.RE
+.RE
+.PP
+\-f password\-file
+.RS 4
+Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&.
+.RE
+.PP
+\-g keysize
+.RS 4
+Set a key size to use when generating new public and private key pairs\&. The minimum is 512 bits and the maximum is 16384 bits\&. The default is 2048 bits\&. Any size between the minimum and maximum is allowed\&.
+.RE
+.PP
+\-h tokenname
+.RS 4
+Specify the name of a token to use or act on\&. If not specified the default token is the internal database slot\&.
+.RE
+.PP
+\-i input_file
+.RS 4
+Pass an input file to the command\&. Depending on the command option, an input file can be a specific certificate, a certificate request file, or a batch file of commands\&.
+.RE
+.PP
+\-k key\-type\-or\-id
+.RS 4
+Specify the type or specific ID of a key\&.
+.sp
+The valid key type options are rsa, dsa, ec, or all\&. The default value is rsa\&. Specifying the type of key can avoid mistakes caused by duplicate nicknames\&. Giving a key type generates a new key pair; giving the ID of an existing key reuses that key pair (which is required to renew certificates)\&.
+.RE
+.PP
+\-l
+.RS 4
+Display detailed information when validating a certificate with the \-V option\&.
+.RE
+.PP
+\-m serial\-number
+.RS 4
+Assign a unique serial number to a certificate being created\&. This operation should be performed by a CA\&. If no serial number is provided a default serial number is made from the current time\&. Serial numbers are limited to integers
+.RE
+.PP
+\-n nickname
+.RS 4
+Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate\&. Bracket the nickname string with quotation marks if it contains spaces\&.
+.RE
+.PP
+\-o output\-file
+.RS 4
+Specify the output file name for new certificates or binary certificate requests\&. Bracket the output\-file string with quotation marks if it contains spaces\&. If this argument is not used the output destination defaults to standard output\&.
+.RE
+.PP
+\-P dbPrefix
+.RS 4
+Specify the prefix used on the certificate and key database file\&. This argument is provided to support legacy servers\&. Most applications do not use a database prefix\&.
+.RE
+.PP
+\-p phone
+.RS 4
+Specify a contact telephone number to include in new certificates or certificate requests\&. Bracket this string with quotation marks if it contains spaces\&.
+.RE
+.PP
+\-q pqgfile or curve\-name
+.RS 4
+Read an alternate PQG value from the specified file when generating DSA key pairs\&. If this argument is not used,
+\fBcertutil\fR
+generates its own PQG value\&. PQG files are created with a separate DSA utility\&.
+.sp
+Elliptic curve name is one of the ones from nistp256, nistp384, nistp521, curve25519.
+.sp
+If a token is available that supports more curves, the foolowing curves are supported as well: sect163k1, nistk163, sect163r1, sect163r2, nistb163,  sect193r1, sect193r2, sect233k1, nistk233, sect233r1, nistb233, sect239k1, sect283k1, nistk283, sect283r1, nistb283, sect409k1, nistk409, sect409r1, nistb409,  sect571k1, nistk571, sect571r1, nistb571, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, nistp192,  secp224k1, secp224r1, nistp224, secp256k1, secp256r1, secp384r1, secp521r1, prime192v1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2
+.RE
+.PP
+\-r
+.RS 4
+Display a certificate\*(Aqs binary DER encoding when listing information about that certificate with the \-L option\&.
+.RE
+.PP
+\-s subject
+.RS 4
+Identify a particular certificate owner for new certificates or certificate requests\&. Bracket this string with quotation marks if it contains spaces\&. The subject identification format follows RFC #1485\&.
+.RE
+.PP
+\-t trustargs
+.RS 4
+Specify the trust attributes to modify in an existing certificate or to apply to a certificate when creating it or adding it to a database\&. There are three available trust categories for each certificate, expressed in the order
+\fISSL, email, object signing\fR
+for each trust setting\&. In each category position, use none, any, or all of the attribute codes:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBp\fR
+\- Valid peer
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBP\fR
+\- Trusted peer (implies p)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBc\fR
+\- Valid CA
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBC\fR
+\- Trusted CA (implies c)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBT\fR
+\- trusted CA for client authentication (ssl server only)
+.RE
+.sp
+The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks\&. For example:
+.sp
+\fB\-t "TC,C,T"\fR
+.sp
+Use the \-L option to see a list of the current certificates and trust attributes in a certificate database\&.
+.sp
+Note that the output of the \-L option may include "u" flag, which means that there is a private key associated with the certificate\&. It is a dynamic flag and you cannot set it with certutil\&.
+.RE
+.PP
+\-u certusage
+.RS 4
+Specify a usage context to apply when validating a certificate with the \-V option\&.
+.sp
+The contexts are the following:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBC\fR
+(as an SSL client)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBV\fR
+(as an SSL server)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBL\fR
+(as an SSL CA)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBA\fR
+(as Any CA)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBY\fR
+(Verify CA)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBS\fR
+(as an email signer)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBR\fR
+(as an email recipient)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBO\fR
+(as an OCSP status responder)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fBJ\fR
+(as an object signer)
+.RE
+.RE
+.PP
+\-v valid\-months
+.RS 4
+Set the number of months a new certificate will be valid\&. The validity period begins at the current system time unless an offset is added or subtracted with the
+\fB\-w\fR
+option\&. If this argument is not used, the default validity period is three months\&.
+.RE
+.PP
+\-w offset\-months
+.RS 4
+Set an offset from the current system time, in months, for the beginning of a certificate\*(Aqs validity period\&. Use when creating the certificate or adding it to a database\&. Express the offset in integers, using a minus sign (\-) to indicate a negative offset\&. If this argument is not used, the validity period begins at the current system time\&. The length of the validity period is set with the \-v argument\&.
+.RE
+.PP
+\-X
+.RS 4
+Force the key and certificate database to open in read\-write mode\&. This is used with the
+\fB\-U\fR
+and
+\fB\-L\fR
+command options\&.
+.RE
+.PP
+\-x
+.RS 4
+Use
+\fBcertutil\fR
+to generate the signature for a certificate being created or added to a database, rather than obtaining a signature from a separate CA\&.
+.RE
+.PP
+\-y exp
+.RS 4
+Set an alternate exponent value to use in generating a new RSA public key for the database, instead of the default value of 65537\&. The available alternate values are 3 and 17\&.
+.RE
+.PP
+\-z noise\-file
+.RS 4
+Read a seed value from the specified file to generate a new private and public key pair\&. This argument makes it possible to use hardware\-generated seed values or manually create a value from the keyboard\&. The minimum file size is 20 bytes\&.
+.RE
+.PP
+\-Z hashAlg
+.RS 4
+Specify the hash algorithm to use with the \-C, \-S or \-R command options\&. Possible keywords:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+MD2
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+MD4
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+MD5
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SHA1
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SHA224
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SHA256
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SHA384
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SHA512
+.RE
+.RE
+.PP
+\-0 SSO_password
+.RS 4
+Set a site security officer password on a token\&.
+.RE
+.PP
+\-1 | \-\-keyUsage keyword,keyword
+.RS 4
+Set an X\&.509 V3 Certificate Type Extension in the certificate\&. There are several available keywords:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+digitalSignature
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+nonRepudiation
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+keyEncipherment
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+dataEncipherment
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+keyAgreement
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+certSigning
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+crlSigning
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+critical
+.RE
+.RE
+.PP
+\-2
+.RS 4
+Add a basic constraint extension to a certificate that is being created or added to a database\&. This extension supports the certificate chain verification process\&.
+\fBcertutil\fR
+prompts for the certificate constraint extension to select\&.
+.sp
+X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-3
+.RS 4
+Add an authority key ID extension to a certificate that is being created or added to a database\&. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate\&. The Certificate Database Tool will prompt you to select the authority key ID extension\&.
+.sp
+X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-4
+.RS 4
+Add a CRL distribution point extension to a certificate that is being created or added to a database\&. This extension identifies the URL of a certificate\*(Aqs associated certificate revocation list (CRL)\&.
+\fBcertutil\fR
+prompts for the URL\&.
+.sp
+X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-5 | \-\-nsCertType keyword,keyword
+.RS 4
+Add an X\&.509 V3 certificate type extension to a certificate that is being created or added to the database\&. There are several available keywords:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+sslClient
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+sslServer
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+smime
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+objectSigning
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+sslCA
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+smimeCA
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+objectSigningCA
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+critical
+.RE
+.sp
+X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-6 | \-\-extKeyUsage keyword,keyword
+.RS 4
+Add an extended key usage extension to a certificate that is being created or added to the database\&. Several keywords are available:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+serverAuth
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+clientAuth
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+codeSigning
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+emailProtection
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+timeStamp
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+ocspResponder
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+stepUp
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+msTrustListSign
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+critical
+.RE
+.sp
+X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-7 emailAddrs
+.RS 4
+Add a comma\-separated list of email addresses to the subject alternative name extension of a certificate or certificate request that is being created or added to the database\&. Subject alternative name extensions are described in Section 4\&.2\&.1\&.7 of RFC 3280\&.
+.RE
+.PP
+\-8 dns\-names
+.RS 4
+Add a comma\-separated list of DNS names to the subject alternative name extension of a certificate or certificate request that is being created or added to the database\&. Subject alternative name extensions are described in Section 4\&.2\&.1\&.7 of RFC 3280\&.
+.RE
+.PP
+\-\-extAIA
+.RS 4
+Add the Authority Information Access extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extSIA
+.RS 4
+Add the Subject Information Access extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extCP
+.RS 4
+Add the Certificate Policies extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extPM
+.RS 4
+Add the Policy Mappings extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extPC
+.RS 4
+Add the Policy Constraints extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extIA
+.RS 4
+Add the Inhibit Any Policy Access extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extSKID
+.RS 4
+Add the Subject Key ID extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extNC
+.RS 4
+Add a Name Constraint extension to the certificate\&. X\&.509 certificate extensions are described in RFC 5280\&.
+.RE
+.PP
+\-\-extSAN type:name[,type:name]\&.\&.\&.
+.RS 4
+Create a Subject Alt Name extension with one or multiple names\&.
+.sp
+\-type: directory, dn, dns, edi, ediparty, email, ip, ipaddr, other, registerid, rfc822, uri, x400, x400addr
+.RE
+.PP
+\-\-empty\-password
+.RS 4
+Use empty password when creating new certificate database with \-N\&.
+.RE
+.PP
+\-\-keyAttrFlags attrflags
+.RS 4
+PKCS #11 key Attributes\&. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
+.RE
+.PP
+\-\-keyOpFlagsOn opflags, \-\-keyOpFlagsOff opflags
+.RS 4
+PKCS #11 key Operation Flags\&. Comma separated list of one or more of the following: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
+.RE
+.PP
+\-\-new\-n nickname
+.RS 4
+A new nickname, used when renaming a certificate\&.
+.RE
+.PP
+\-\-source\-dir certdir
+.RS 4
+Identify the certificate database directory to upgrade\&.
+.RE
+.PP
+\-\-source\-prefix certdir
+.RS 4
+Give the prefix of the certificate and key databases to upgrade\&.
+.RE
+.PP
+\-\-upgrade\-id uniqueID
+.RS 4
+Give the unique ID of the database to upgrade\&.
+.RE
+.PP
+\-\-upgrade\-token\-name name
+.RS 4
+Set the name of the token to use while it is being upgraded\&.
+.RE
+.PP
+\-@ pwfile
+.RS 4
+Give the name of a password file to use for the database being upgraded\&.
+.RE
+.SH "USAGE AND EXAMPLES"
+.PP
+Most of the command options in the examples listed here have more arguments available\&. The arguments included in these examples are the most common ones or are used to illustrate a specific scenario\&. Use the
+\fB\-H\fR
+option to show the complete list of arguments for each command option\&.
+.PP
+\fBCreating New Security Databases\fR
+.PP
+Certificates, keys, and security modules related to managing certificates are stored in three related databases:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert8\&.db or cert9\&.db
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key3\&.db or key4\&.db
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+secmod\&.db or pkcs11\&.txt
+.RE
+.PP
+These databases must be created before certificates or keys can be generated\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-N \-d [sql:]directory
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBCreating a Certificate Request\fR
+.PP
+A certificate request contains most or all of the information that is used to generate the final certificate\&. This request is submitted separately to a certificate authority and is then approved by some mechanism (automatically or by human review)\&. Once the request is approved, then the certificate is generated\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-R \-k key\-type\-or\-id [\-q pqgfile|curve\-name] \-g key\-size \-s subject [\-h tokenname] \-d [sql:]directory [\-p phone] [\-o output\-file] [\-a]
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The
+\fB\-R\fR
+command options requires four arguments:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fB\-k\fR
+to specify either the key type to generate or, when renewing a certificate, the existing key pair to use
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fB\-g\fR
+to set the keysize of the key to generate
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fB\-s\fR
+to set the subject name of the certificate
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fB\-d\fR
+to give the security database directory
+.RE
+.PP
+The new certificate request can be output in ASCII format (\fB\-a\fR) or can be written to a specified file (\fB\-o\fR)\&.
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-R \-k rsa \-g 1024 \-s "CN=John Smith,O=Example Corp,L=Mountain View,ST=California,C=US" \-d sql:$HOME/nssdb \-p 650\-555\-0123 \-a \-o cert\&.cer
+
+Generating key\&.  This may take a few moments\&.\&.\&.
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBCreating a Certificate\fR
+.PP
+A valid certificate must be issued by a trusted CA\&. This can be done by specifying a CA certificate (\fB\-c\fR) that is stored in the certificate database\&. If a CA key pair is not available, you can create a self\-signed certificate using the
+\fB\-x\fR
+argument with the
+\fB\-S\fR
+command option\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-S \-k rsa|dsa|ec \-n certname \-s subject [\-c issuer |\-x] \-t trustargs \-d [sql:]directory [\-m serial\-number] [\-v valid\-months] [\-w offset\-months] [\-p phone] [\-1] [\-2] [\-3] [\-4] [\-5 keyword] [\-6 keyword] [\-7 emailAddress] [\-8 dns\-names] [\-\-extAIA] [\-\-extSIA] [\-\-extCP] [\-\-extPM] [\-\-extPC] [\-\-extIA] [\-\-extSKID]
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The series of numbers and
+\fB\-\-ext*\fR
+options set certificate extensions that can be added to the certificate when it is generated by the CA\&. Interactive prompts will result\&.
+.PP
+For example, this creates a self\-signed certificate:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-S \-s "CN=Example CA" \-n my\-ca\-cert \-x \-t "C,C,C" \-1 \-2 \-5 \-m 3650
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The interative prompts for key usage and whether any extensions are critical and responses have been ommitted for brevity\&.
+.PP
+From there, new certificates can reference the self\-signed certificate:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-S \-s "CN=My Server Cert" \-n my\-server\-cert \-c "my\-ca\-cert" \-t ",," \-1 \-5 \-6 \-8 \-m 730
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBGenerating a Certificate from a Certificate Request\fR
+.PP
+When a certificate request is created, a certificate can be generated by using the request and then referencing a certificate authority signing certificate (the
+\fIissuer\fR
+specified in the
+\fB\-c\fR
+argument)\&. The issuing certificate must be in the certificate database in the specified directory\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-C \-c issuer \-i cert\-request\-file \-o output\-file [\-m serial\-number] [\-v valid\-months] [\-w offset\-months] \-d [sql:]directory [\-1] [\-2] [\-3] [\-4] [\-5 keyword] [\-6 keyword] [\-7 emailAddress] [\-8 dns\-names]
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-C \-c "my\-ca\-cert" \-i /home/certs/cert\&.req \-o cert\&.cer \-m 010 \-v 12 \-w 1 \-d sql:$HOME/nssdb \-1 nonRepudiation,dataEncipherment \-5 sslClient \-6 clientAuth \-7 jsmith@example\&.com
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBListing Certificates\fR
+.PP
+The
+\fB\-L\fR
+command option lists all of the certificates listed in the certificate database\&. The path to the directory (\fB\-d\fR) is required\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-L \-d sql:/home/my/sharednssdb
+
+Certificate Nickname                                         Trust Attributes
+                                                             SSL,S/MIME,JAR/XPI
+
+CA Administrator of Instance pki\-ca1\*(Aqs Example Domain ID     u,u,u
+TPS Administrator\*(Aqs Example Domain ID                        u,u,u
+Google Internet Authority                                    ,,   
+Certificate Authority \- Example Domain                       CT,C,C
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Using additional arguments with
+\fB\-L\fR
+can return and print the information for a single, specific certificate\&. For example, the
+\fB\-n\fR
+argument passes the certificate name, while the
+\fB\-a\fR
+argument prints the certificate in ASCII format:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-L \-d sql:$HOME/nssdb \-a \-n my\-ca\-cert
+\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+MIIB1DCCAT2gAwIBAgICDkIwDQYJKoZIhvcNAQEFBQAwFTETMBEGA1UEAxMKRXhh
+bXBsZSBDQTAeFw0xMzAzMTMxOTEwMjlaFw0xMzA2MTMxOTEwMjlaMBUxEzARBgNV
+BAMTCkV4YW1wbGUgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ4Kzqvz
+JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0Cul/6sO/gsCvnABHiH6unns6x
+XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
+0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
+AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
+AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
+XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
+ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
+\-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For a human\-readable display
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-L \-d sql:$HOME/nssdb \-n my\-ca\-cert
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3650 (0xe42)
+        Signature Algorithm: PKCS #1 SHA\-1 With RSA Encryption
+        Issuer: "CN=Example CA"
+        Validity:
+            Not Before: Wed Mar 13 19:10:29 2013
+            Not After : Thu Jun 13 19:10:29 2013
+        Subject: "CN=Example CA"
+        Subject Public Key Info:
+            Public Key Algorithm: PKCS #1 RSA Encryption
+            RSA Public Key:
+                Modulus:
+                    9e:0a:ce:ab:f3:27:20:55:80:5a:83:5d:16:12:c9:30:
+                    4d:c3:50:eb:c5:45:3f:dc:6b:d6:03:f9:e0:8c:0c:07:
+                    12:fd:02:ba:5f:fa:b0:ef:e0:b0:2b:e7:00:11:e2:1f:
+                    ab:a7:9e:ce:b1:5d:1c:cf:39:19:42:d9:66:37:82:49:
+                    3b:be:69:6c:2e:f6:29:c9:e7:0d:6b:30:22:fc:d0:30:
+                    56:75:3f:eb:a1:ce:b1:aa:15:15:61:3e:80:14:28:f7:
+                    d5:2b:37:6c:a4:d0:18:8a:fc:63:05:94:b9:b9:75:74:
+                    11:3a:00:3d:64:a2:b2:15:d2:34:2c:85:ed:7f:a4:9b
+                Exponent: 65537 (0x10001)
+        Signed Extensions:
+            Name: Certificate Type
+            Data: none
+
+            Name: Certificate Basic Constraints
+            Data: Is a CA with no maximum path length\&.
+
+            Name: Certificate Key Usage
+            Critical: True
+            Usages: Certificate Signing
+
+    Signature Algorithm: PKCS #1 SHA\-1 With RSA Encryption
+    Signature:
+        3a:72:19:33:90:00:8d:db:cd:5d:d6:32:8c:ad:cf:91:
+        1c:6d:94:31:a4:32:c6:2b:5e:68:b5:59:3b:e4:68:d6:
+        79:d1:52:fb:1e:0d:fd:3d:5c:a6:05:c0:f3:09:8d:60:
+        a2:85:59:2e:e9:bc:3f:8a:16:5f:b8:c1:e1:c4:ad:b6:
+        36:e7:ba:8a:73:50:e9:e0:ee:ed:69:ab:a8:bf:33:de:
+        25:2b:43:0c:6c:f9:68:85:a1:bd:ab:6f:c5:d1:55:52:
+        64:cd:77:57:c6:59:38:ba:8d:d4:b4:db:f0:f2:c0:33:
+        ee:c5:83:ef:5a:b1:29:a2:07:53:9a:b8:f7:38:a3:7e
+    Fingerprint (MD5):
+        86:D8:A5:8B:8A:26:BE:9E:17:A8:7B:66:10:6B:27:80
+    Fingerprint (SHA1):
+        48:78:09:EF:C5:D4:0C:BD:D2:64:45:59:EB:03:13:15:F7:A9:D6:F7
+
+    Certificate Trust Flags:
+        SSL Flags:
+            Valid CA
+            Trusted CA
+            User
+        Email Flags:
+            Valid CA
+            Trusted CA
+            User
+        Object Signing Flags:
+            Valid CA
+            Trusted CA
+            User
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBListing Keys\fR
+.PP
+Keys are the original material used to encrypt certificate data\&. The keys generated for certificates are stored separately, in the key database\&.
+.PP
+To list all keys in the database, use the
+\fB\-K\fR
+command option and the (required)
+\fB\-d\fR
+argument to give the path to the directory\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-K \-d sql:$HOME/nssdb
+certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services                  "
+< 0> rsa      455a6673bde9375c2887ec8bf8016b3f9f35861d   Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
+< 1> rsa      40defeeb522ade11090eacebaaf1196a172127df   Example Domain Administrator Cert
+< 2> rsa      1d0b06f44f6c03842f7d4f4a1dc78b3bcd1b85a5   John Smith user cert
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+There are ways to narrow the keys listed in the search results:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+To return a specific key, use the
+\fB\-n\fR\fIname\fR
+argument with the name of the key\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+If there are multiple security devices loaded, then the
+\fB\-h\fR\fItokenname\fR
+argument can search a specific token or all tokens\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+If there are multiple key types available, then the
+\fB\-k\fR\fIkey\-type\fR
+argument can search a specific type of key, like RSA, DSA, or ECC\&.
+.RE
+.PP
+\fBListing Security Modules\fR
+.PP
+The devices that can be used to store certificates \-\- both internal databases and external devices like smart cards \-\- are recognized and used by loading security modules\&. The
+\fB\-U\fR
+command option lists all of the security modules listed in the
+secmod\&.db
+database\&. The path to the directory (\fB\-d\fR) is required\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-U \-d sql:/home/my/sharednssdb
+
+    slot: NSS User Private Key and Certificate Services                  
+   token: NSS Certificate DB
+
+    slot: NSS Internal Cryptographic Services                            
+   token: NSS Generic Crypto Services
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBAdding Certificates to the Database\fR
+.PP
+Existing certificates or certificate requests can be added manually to the certificate database, even if they were generated elsewhere\&. This uses the
+\fB\-A\fR
+command option\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-A \-n certname \-t trustargs \-d [sql:]directory [\-a] [\-i input\-file]
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-A \-n "CN=My SSL Certificate" \-t ",," \-d sql:/home/my/sharednssdb \-i /home/example\-certs/cert\&.cer
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+A related command option,
+\fB\-E\fR, is used specifically to add email certificates to the certificate database\&. The
+\fB\-E\fR
+command has the same arguments as the
+\fB\-A\fR
+command\&. The trust arguments for certificates have the format
+\fISSL,S/MIME,Code\-signing\fR, so the middle trust settings relate most to email certificates (though the others can be set)\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-E \-n "CN=John Smith Email Cert" \-t ",P," \-d sql:/home/my/sharednssdb \-i /home/example\-certs/email\&.cer
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBDeleting Certificates to the Database\fR
+.PP
+Certificates can be deleted from a database using the
+\fB\-D\fR
+option\&. The only required options are to give the security database directory and to identify the certificate nickname\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-D \-d [sql:]directory \-n "nickname"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-D \-d sql:/home/my/sharednssdb \-n "my\-ssl\-cert"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBValidating Certificates\fR
+.PP
+A certificate contains an expiration date in itself, and expired certificates are easily rejected\&. However, certificates can also be revoked before they hit their expiration date\&. Checking whether a certificate has been revoked requires validating the certificate\&. Validation can also be used to ensure that the certificate is only used for the purposes it was initially issued for\&. Validation is carried out by the
+\fB\-V\fR
+command option\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-V \-n certificate\-name [\-b time] [\-e] [\-u cert\-usage] \-d [sql:]directory
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example, to validate an email certificate:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-V \-n "John Smith\*(Aqs Email Cert" \-e \-u S,R \-d sql:/home/my/sharednssdb
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBModifying Certificate Trust Settings\fR
+.PP
+The trust settings (which relate to the operations that a certificate is allowed to be used for) can be changed after a certificate is created or added to the database\&. This is especially useful for CA certificates, but it can be performed for any type of certificate\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-M \-n certificate\-name \-t trust\-args \-d [sql:]directory
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-M \-n "My CA Certificate" \-d sql:/home/my/sharednssdb \-t "CT,CT,CT"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBPrinting the Certificate Chain\fR
+.PP
+Certificates can be issued in
+\fIchains\fR
+because every certificate authority itself has a certificate; when a CA issues a certificate, it essentially stamps that certificate with its own fingerprint\&. The
+\fB\-O\fR
+prints the full chain of a certificate, going from the initial CA (the root CA) through ever intermediary CA to the actual certificate\&. For example, for an email certificate with two CAs in the chain:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-d sql:/home/my/sharednssdb \-O \-n "jsmith@example\&.com"
+"Builtin Object Token:Thawte Personal Freemail CA" [E=personal\-freemail@thawte\&.com,CN=Thawte Personal Freemail CA,OU=Certification Services Division,O=Thawte Consulting,L=Cape Town,ST=Western Cape,C=ZA]
+
+  "Thawte Personal Freemail Issuing CA \- Thawte Consulting" [CN=Thawte Personal Freemail Issuing CA,O=Thawte Consulting (Pty) Ltd\&.,C=ZA]
+
+    "(null)" [E=jsmith@example\&.com,CN=Thawte Freemail Member]
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBResetting a Token\fR
+.PP
+The device which stores certificates \-\- both external hardware devices and internal software databases \-\- can be blanked and reused\&. This operation is performed on the device which stores the data, not directly on the security databases, so the location must be referenced through the token name (\fB\-h\fR) as well as any directory path\&. If there is no external token used, the default value is internal\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-T \-d [sql:]directory \-h token\-name \-0 security\-officer\-password
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Many networks have dedicated personnel who handle changes to security tokens (the security officer)\&. This person must supply the password to access the specified token\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-T \-d sql:/home/my/sharednssdb \-h nethsm \-0 secret
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBUpgrading or Merging the Security Databases\fR
+.PP
+Many networks or applications may be using older BerkeleyDB versions of the certificate database (cert8\&.db)\&. Databases can be upgraded to the new SQLite version of the database (cert9\&.db) using the
+\fB\-\-upgrade\-merge\fR
+command option or existing databases can be merged with the new
+cert9\&.db
+databases using the
+\fB\-\-\-merge\fR
+command\&.
+.PP
+The
+\fB\-\-upgrade\-merge\fR
+command must give information about the original database and then use the standard arguments (like
+\fB\-d\fR) to give the information about the new databases\&. The command also requires information that the tool uses for the process to upgrade and write over the original database\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-\-upgrade\-merge \-d [sql:]directory [\-P dbprefix] \-\-source\-dir directory \-\-source\-prefix dbprefix \-\-upgrade\-id id \-\-upgrade\-token\-name name [\-@ password\-file]
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-\-upgrade\-merge \-d sql:/home/my/sharednssdb \-\-source\-dir /opt/my\-app/alias/ \-\-source\-prefix serverapp\- \-\-upgrade\-id 1 \-\-upgrade\-token\-name internal
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The
+\fB\-\-merge\fR
+command only requires information about the location of the original database; since it doesn\*(Aqt change the format of the database, it can write over information without performing interim step\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+certutil \-\-merge \-d [sql:]directory [\-P dbprefix] \-\-source\-dir directory \-\-source\-prefix dbprefix [\-@ password\-file]
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-\-merge \-d sql:/home/my/sharednssdb \-\-source\-dir /opt/my\-app/alias/ \-\-source\-prefix serverapp\-
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBRunning certutil Commands from a Batch File\fR
+.PP
+A series of commands can be run sequentially from a text file with the
+\fB\-B\fR
+command option\&. The only argument for this specifies the input file\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-B \-i /path/to/batch\-file
+.fi
+.if n \{\
+.RE
+.\}
+.SH "NSS DATABASE TYPES"
+.PP
+NSS originally used BerkeleyDB databases to store security information\&. The last versions of these
+\fIlegacy\fR
+databases are:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert8\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key3\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+secmod\&.db for PKCS #11 module information
+.RE
+.PP
+BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously\&. NSS has some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues\&. Still, NSS requires more flexibility to provide a truly shared security database\&.
+.PP
+In 2009, NSS introduced a new set of databases that are SQLite databases rather than BerkeleyDB\&. These new databases provide more accessibility and performance:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert9\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key4\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+pkcs11\&.txt, a listing of all of the PKCS #11 modules, contained in a new subdirectory in the security databases directory
+.RE
+.PP
+Because the SQLite databases are designed to be shared, these are the
+\fIshared\fR
+database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&.
+.PP
+By default, the tools (\fBcertutil\fR,
+\fBpk12util\fR,
+\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the
+\fBsql:\fR
+prefix with the given security directory\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ certutil \-L \-d sql:/home/my/sharednssdb
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+To set the shared database type as the default type for the tools, set the
+\fBNSS_DEFAULT_DB_TYPE\fR
+environment variable to
+\fBsql\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+export NSS_DEFAULT_DB_TYPE="sql"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This line can be set added to the
+~/\&.bashrc
+file to make the change permanent\&.
+.PP
+Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.PP
+For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "SEE ALSO"
+.PP
+pk12util (1)
+.PP
+modutil (1)
+.PP
+\fBcertutil\fR
+has arguments or operations that use features defined in several IETF RFCs\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+http://tools\&.ietf\&.org/html/rfc5280
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+http://tools\&.ietf\&.org/html/rfc1113
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+http://tools\&.ietf\&.org/html/rfc1485
+.RE
+.PP
+The NSS wiki has information on the new database design and how to configure applications to use it\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/cmsutil.1 b/nss/doc/nroff/cmsutil.1
new file mode 100644
index 0000000..9c0bb48
--- /dev/null
+++ b/nss/doc/nroff/cmsutil.1
@@ -0,0 +1,271 @@
+'\" t
+.\"     Title: CMSUTIL
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "CMSUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+cmsutil \- Performs basic cryptograpic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages\&.
+.SH "SYNOPSIS"
+.HP \w'\fBcmsutil\fR\ 'u
+\fBcmsutil\fR [\fIoptions\fR] [[\fIarguments\fR]]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The
+\fBcmsutil\fR
+command\-line uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages\&.
+.PP
+To run cmsutil, type the command cmsutil option [arguments] where option and arguments are combinations of the options and arguments listed in the following section\&. Each command takes one option\&. Each option may take zero or more arguments\&. To see a usage string, issue the command without options\&.
+.SH "OPTIONS AND ARGUMENTS"
+.PP
+.PP
+\fBOptions\fR
+.PP
+Options specify an action\&. Option arguments modify an action\&. The options and arguments for the cmsutil command are defined as follows:
+.PP
+\-C
+.RS 4
+Encrypt a message\&.
+.RE
+.PP
+\-D
+.RS 4
+Decode a message\&.
+.RE
+.PP
+\-E
+.RS 4
+Envelope a message\&.
+.RE
+.PP
+\-O
+.RS 4
+Create a certificates\-only message\&.
+.RE
+.PP
+\-S
+.RS 4
+Sign a message\&.
+.RE
+.PP
+\fBArguments\fR
+.PP
+Option arguments modify an action\&.
+.PP
+\-b
+.RS 4
+Decode a batch of files named in infile\&.
+.RE
+.PP
+\-c content
+.RS 4
+Use this detached content (decode only)\&.
+.RE
+.PP
+\-d dbdir
+.RS 4
+Specify the key/certificate database directory (default is "\&.")
+.RE
+.PP
+\-e envfile
+.RS 4
+Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message\&. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only)\&.
+.RE
+.PP
+\-f pwfile
+.RS 4
+Use password file to set password on all PKCS#11 tokens\&.
+.RE
+.PP
+\-G
+.RS 4
+Include a signing time attribute (sign only)\&.
+.RE
+.PP
+\-H hash
+.RS 4
+Use specified hash algorithm (default:SHA1)\&.
+.RE
+.PP
+\-h num
+.RS 4
+Generate email headers with info about CMS message (decode only)\&.
+.RE
+.PP
+\-i infile
+.RS 4
+Use infile as a source of data (default is stdin)\&.
+.RE
+.PP
+\-k
+.RS 4
+Keep decoded encryption certs in permanent cert db\&.
+.RE
+.PP
+\-N nickname
+.RS 4
+Specify nickname of certificate to sign with (sign only)\&.
+.RE
+.PP
+\-n
+.RS 4
+Suppress output of contents (decode only)\&.
+.RE
+.PP
+\-o outfile
+.RS 4
+Use outfile as a destination of data (default is stdout)\&.
+.RE
+.PP
+\-P
+.RS 4
+Include an S/MIME capabilities attribute\&.
+.RE
+.PP
+\-p password
+.RS 4
+Use password as key database password\&.
+.RE
+.PP
+\-r recipient1,recipient2, \&.\&.\&.
+.RS 4
+Specify list of recipients (email addresses) for an encrypted or enveloped message\&. For certificates\-only message, list of certificates to send\&.
+.RE
+.PP
+\-T
+.RS 4
+Suppress content in CMS message (sign only)\&.
+.RE
+.PP
+\-u certusage
+.RS 4
+Set type of cert usage (default is certUsageEmailSigner)\&.
+.RE
+.PP
+\-v
+.RS 4
+Print debugging information\&.
+.RE
+.PP
+\-Y ekprefnick
+.RS 4
+Specify an encryption key preference by nickname\&.
+.RE
+.SH "USAGE"
+.PP
+Encrypt Example
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+cmsutil \-C [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "recipient1,recipient2, \&. \&. \&." \-e envfile
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Decode Example
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+cmsutil \-D [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] [\-c content] [\-n] [\-h num]
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Envelope Example
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+cmsutil \-E [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "recipient1,recipient2, \&.\&.\&."
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Certificate\-only Example
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+cmsutil \-O [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-r "cert1,cert2, \&. \&. \&."
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Sign Message Example
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+cmsutil \-S [\-i infile] [\-o outfile] [\-d dbdir] [\-p password] \-N nickname[\-TGP] [\-Y ekprefnick]
+      
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+certutil(1)
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/crlutil.1 b/nss/doc/nroff/crlutil.1
new file mode 100644
index 0000000..866bded
--- /dev/null
+++ b/nss/doc/nroff/crlutil.1
@@ -0,0 +1,389 @@
+'\" t
+.\"     Title: CRLUTIL
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "CRLUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+crlutil \- List, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL\&.
+.SH "SYNOPSIS"
+.HP \w'\fBcrlutil\fR\ 'u
+\fBcrlutil\fR [\fIoptions\fR] [[\fIarguments\fR]]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The Certificate Revocation List (CRL) Management Tool,
+\fBcrlutil\fR, is a command\-line utility that can list, generate, modify, or delete CRLs within the NSS security database file(s) and list, create, modify or delete certificates entries in a particular CRL\&.
+.PP
+The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database(see certutil tool) and continues with certificates expiration or revocation\&.
+.PP
+This document discusses certificate revocation list management\&. For information on security module database management, see Using the Security Module Database Tool\&. For information on certificate and key database management, see Using the Certificate Database Tool\&.
+.PP
+To run the Certificate Revocation List Management Tool, type the command
+.PP
+crlutil option [arguments]
+.PP
+where options and arguments are combinations of the options and arguments listed in the following section\&. Each command takes one option\&. Each option may take zero or more arguments\&. To see a usage string, issue the command without options, or with the \-H option\&.
+.SH "OPTIONS AND ARGUMENTS"
+.PP
+.PP
+\fBOptions\fR
+.PP
+Options specify an action\&. Option arguments modify an action\&. The options and arguments for the crlutil command are defined as follows:
+.PP
+\-D
+.RS 4
+Delete Certificate Revocation List from cert database\&.
+.RE
+.PP
+\-E
+.RS 4
+Erase all CRLs of specified type from the cert database
+.RE
+.PP
+\-G
+.RS 4
+Create new Certificate Revocation List (CRL)\&.
+.RE
+.PP
+\-I
+.RS 4
+Import a CRL to the cert database
+.RE
+.PP
+\-L
+.RS 4
+List existing CRL located in cert database file\&.
+.RE
+.PP
+\-M
+.RS 4
+Modify existing CRL which can be located in cert db or in arbitrary file\&. If located in file it should be encoded in ASN\&.1 encode format\&.
+.RE
+.PP
+\-S
+.RS 4
+Show contents of a CRL file which isn\*(Aqt stored in the database\&.
+.RE
+.PP
+\fBArguments\fR
+.PP
+Option arguments modify an action\&.
+.PP
+\-a
+.RS 4
+Use ASCII format or allow the use of ASCII format for input and output\&. This formatting follows RFC #1113\&.
+.RE
+.PP
+\-B
+.RS 4
+Bypass CA signature checks\&.
+.RE
+.PP
+\-c crl\-gen\-file
+.RS 4
+Specify script file that will be used to control crl generation/modification\&. See crl\-cript\-file format below\&. If options \-M|\-G is used and \-c crl\-script\-file is not specified, crlutil will read script data from standard input\&.
+.RE
+.PP
+\-d directory
+.RS 4
+Specify the database directory containing the certificate and key database files\&. On Unix the Certificate Database Tool defaults to $HOME/\&.netscape (that is, ~/\&.netscape)\&. On Windows NT the default is the current directory\&.
+.sp
+The NSS database files must reside in the same directory\&.
+.RE
+.PP
+\-f password\-file
+.RS 4
+Specify a file that will automatically supply the password to include in a certificate or to access a certificate database\&. This is a plain\-text file containing one password\&. Be sure to prevent unauthorized access to this file\&.
+.RE
+.PP
+\-i crl\-file
+.RS 4
+Specify the file which contains the CRL to import or show\&.
+.RE
+.PP
+\-l algorithm\-name
+.RS 4
+Specify a specific signature algorithm\&. List of possible algorithms: MD2 | MD4 | MD5 | SHA1 | SHA256 | SHA384 | SHA512
+.RE
+.PP
+\-n nickname
+.RS 4
+Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate\&. Bracket the nickname string with quotation marks if it contains spaces\&.
+.RE
+.PP
+\-o output\-file
+.RS 4
+Specify the output file name for new CRL\&. Bracket the output\-file string with quotation marks if it contains spaces\&. If this argument is not used the output destination defaults to standard output\&.
+.RE
+.PP
+\-P dbprefix
+.RS 4
+Specify the prefix used on the NSS security database files (for example, my_cert8\&.db and my_key3\&.db)\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
+.RE
+.PP
+\-t crl\-type
+.RS 4
+Specify type of CRL\&. possible types are: 0 \- SEC_KRL_TYPE, 1 \- SEC_CRL_TYPE\&. This option is obsolete
+.RE
+.PP
+\-u url
+.RS 4
+Specify the url\&.
+.RE
+.PP
+\-w pwd\-string
+.RS 4
+Provide db password in command line\&.
+.RE
+.PP
+\-Z algorithm
+.RS 4
+Specify the hash algorithm to use for signing the CRL\&.
+.RE
+.SH "CRL GENERATION SCRIPT SYNTAX"
+.PP
+CRL generation script file has the following syntax:
+.PP
+* Line with comments should have # as a first symbol of a line
+.PP
+* Set "this update" or "next update" CRL fields:
+.PP
+update=YYYYMMDDhhmmssZ nextupdate=YYYYMMDDhhmmssZ
+.PP
+Field "next update" is optional\&. Time should be in GeneralizedTime format (YYYYMMDDhhmmssZ)\&. For example: 20050204153000Z
+.PP
+* Add an extension to a CRL or a crl certificate entry:
+.PP
+addext extension\-name critical/non\-critical [arg1[arg2 \&.\&.\&.]]
+.PP
+Where:
+.PP
+extension\-name: string value of a name of known extensions\&. critical/non\-critical: is 1 when extension is critical and 0 otherwise\&. arg1, arg2: specific to extension type extension parameters
+.PP
+addext uses the range that was set earlier by addcert and will install an extension to every cert entries within the range\&.
+.PP
+* Add certificate entries(s) to CRL:
+.PP
+addcert range date
+.PP
+range: two integer values separated by dash: range of certificates that will be added by this command\&. dash is used as a delimiter\&. Only one cert will be added if there is no delimiter\&. date: revocation date of a cert\&. Date should be represented in GeneralizedTime format (YYYYMMDDhhmmssZ)\&.
+.PP
+* Remove certificate entry(s) from CRL
+.PP
+rmcert range
+.PP
+Where:
+.PP
+range: two integer values separated by dash: range of certificates that will be added by this command\&. dash is used as a delimiter\&. Only one cert will be added if there is no delimiter\&.
+.PP
+* Change range of certificate entry(s) in CRL
+.PP
+range new\-range
+.PP
+Where:
+.PP
+new\-range: two integer values separated by dash: range of certificates that will be added by this command\&. dash is used as a delimiter\&. Only one cert will be added if there is no delimiter\&.
+.PP
+Implemented Extensions
+.PP
+The extensions defined for CRL provide methods for associating additional attributes with CRLs of theirs entries\&. For more information see RFC #3280
+.PP
+* Add The Authority Key Identifier extension:
+.PP
+The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL\&.
+.PP
+authKeyId critical [key\-id | dn cert\-serial]
+.PP
+Where:
+.PP
+authKeyIdent: identifies the name of an extension critical: value of 1 of 0\&. Should be set to 1 if this extension is critical or 0 otherwise\&. key\-id: key identifier represented in octet string\&. dn:: is a CA distinguished name cert\-serial: authority certificate serial number\&.
+.PP
+* Add Issuer Alternative Name extension:
+.PP
+The issuer alternative names extension allows additional identities to be associated with the issuer of the CRL\&. Defined options include an rfc822 name (electronic mail address), a DNS name, an IP address, and a URI\&.
+.PP
+issuerAltNames non\-critical name\-list
+.PP
+Where:
+.PP
+subjAltNames: identifies the name of an extension should be set to 0 since this is non\-critical extension name\-list: comma separated list of names
+.PP
+* Add CRL Number extension:
+.PP
+The CRL number is a non\-critical CRL extension which conveys a monotonically increasing sequence number for a given CRL scope and CRL issuer\&. This extension allows users to easily determine when a particular CRL supersedes another CRL
+.PP
+crlNumber non\-critical number
+.PP
+Where:
+.PP
+crlNumber: identifies the name of an extension critical: should be set to 0 since this is non\-critical extension number: value of long which identifies the sequential number of a CRL\&.
+.PP
+* Add Revocation Reason Code extension:
+.PP
+The reasonCode is a non\-critical CRL entry extension that identifies the reason for the certificate revocation\&.
+.PP
+reasonCode non\-critical code
+.PP
+Where:
+.PP
+reasonCode: identifies the name of an extension non\-critical: should be set to 0 since this is non\-critical extension code: the following codes are available:
+.PP
+unspecified (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), removeFromCRL (8), privilegeWithdrawn (9), aACompromise (10)
+.PP
+* Add Invalidity Date extension:
+.PP
+The invalidity date is a non\-critical CRL entry extension that provides the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid\&.
+.PP
+invalidityDate non\-critical date
+.PP
+Where:
+.PP
+crlNumber: identifies the name of an extension non\-critical: should be set to 0 since this is non\-critical extension date: invalidity date of a cert\&. Date should be represented in GeneralizedTime format (YYYYMMDDhhmmssZ)\&.
+.SH "USAGE"
+.PP
+The Certificate Revocation List Management Tool\*(Aqs capabilities are grouped as follows, using these combinations of options and arguments\&. Options and arguments in square brackets are optional, those without square brackets are required\&.
+.PP
+See "Implemented extensions" for more information regarding extensions and their parameters\&.
+.PP
+* Creating or modifying a CRL:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+crlutil \-G|\-M \-c crl\-gen\-file \-n nickname [\-i crl] [\-u url] [\-d keydir] [\-P dbprefix] [\-l alg] [\-a] [\-B] 
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+* Listing all CRls or a named CRL:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+	crlutil \-L [\-n crl\-name] [\-d krydir] 
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+* Deleting CRL from db:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+	crlutil \-D \-n nickname [\-d keydir] [\-P dbprefix] 
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+* Erasing CRLs from db:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+	crlutil \-E [\-d keydir] [\-P dbprefix] 
+      
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+* Deleting CRL from db:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+          crlutil \-D \-n nickname [\-d keydir] [\-P dbprefix]
+    
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+* Erasing CRLs from db:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+          crlutil \-E [\-d keydir] [\-P dbprefix] 
+    
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+* Import CRL from file:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+          crlutil \-I \-i crl [\-t crlType] [\-u url] [\-d keydir] [\-P dbprefix] [\-B] 
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+certutil(1)
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/derdump.1 b/nss/doc/nroff/derdump.1
new file mode 100644
index 0000000..56b07cc
--- /dev/null
+++ b/nss/doc/nroff/derdump.1
@@ -0,0 +1,92 @@
+'\" t
+.\"     Title: DERDUMP
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.77.1 <http://docbook.sf.net/>
+.\"      Date: 15 February 2013
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "DERDUMP" "1" "15 February 2013" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+derdump_ \- Dumps C\-sequence strings from a DER encoded certificate file
+.SH "SYNOPSIS"
+.HP \w'\fBderdump\fR\ 'u
+\fBderdump\fR [\fB\-r\fR] [\fB\-i\ \fR\fB\fIinput\-file\fR\fR] [\fB\-o\ \fR\fB\fIoutput\-file\fR\fR]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+\fBderdump \fRdumps C\-sequence strings from a DER encode certificate file
+.SH "OPTIONS"
+.PP
+\fB\-r \fR
+.RS 4
+For formatted items, dump raw bytes as well
+.RE
+.PP
+\fB\-i \fR \fIDER encoded file\fR
+.RS 4
+Define an input file to use (default is stdin)
+.RE
+.PP
+\fB\-o \fR \fIoutput file\fR
+.RS 4
+Define an output file to use (default is stdout)\&.
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+NSS is maintained in conjunction with PKI and security\-related projects through Mozilla dn Fedora\&. The most closely\-related project is Dogtag PKI, with a project wiki at
+\m[blue]\fBPKI Wiki\fR\m[]\&\s-2\u[2]\d\s+2\&.
+.PP
+For information specifically about NSS, the NSS project wiki is located at
+\m[blue]\fBMozilla NSS site\fR\m[]\&\s-2\u[3]\d\s+2\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: pki\-devel@redhat\&.com and pki\-users@redhat\&.com
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape and now with Red Hat\&.
+.PP
+Authors: Gerhardus Geldenhuis <gerhardus\&.geldenhuis@gmail\&.com>\&. Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, version 1\&.1, and/or the GNU General Public License, version 2 or later, and/or the GNU Lesser General Public License, version 2\&.1 or later\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
+.IP " 2." 4
+PKI Wiki
+.RS 4
+\%http://pki.fedoraproject.org/wiki/
+.RE
+.IP " 3." 4
+Mozilla NSS site
+.RS 4
+\%http://www.mozilla.org/projects/security/pki/nss/
+.RE
diff --git a/nss/doc/nroff/modutil.1 b/nss/doc/nroff/modutil.1
new file mode 100644
index 0000000..1ce9ab2
--- /dev/null
+++ b/nss/doc/nroff/modutil.1
@@ -0,0 +1,1452 @@
+'\" t
+.\"     Title: MODUTIL
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "MODUTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+modutil \- Manage PKCS #11 module information within the security module database\&.
+.SH "SYNOPSIS"
+.HP \w'\fBmodutil\fR\ 'u
+\fBmodutil\fR [\fIoptions\fR] [[\fIarguments\fR]]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The Security Module Database Tool,
+\fBmodutil\fR, is a command\-line utility for managing PKCS #11 module information both within
+secmod\&.db
+files and within hardware tokens\&.
+\fBmodutil\fR
+can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.
+.PP
+The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.
+.SH "OPTIONS"
+.PP
+Running
+\fBmodutil\fR
+always requires one (and only one) option to specify the type of module operation\&. Each option may take arguments, anywhere from none to multiple arguments\&.
+.PP
+\fBOptions\fR
+.PP
+\-add modulename
+.RS 4
+Add the named PKCS #11 module to the database\&. Use this option with the
+\fB\-libfile\fR,
+\fB\-ciphers\fR, and
+\fB\-mechanisms\fR
+arguments\&.
+.RE
+.PP
+\-changepw tokenname
+.RS 4
+Change the password on the named token\&. If the token has not been initialized, this option initializes the password\&. Use this option with the
+\fB\-pwfile\fR
+and
+\fB\-newpwfile\fR
+arguments\&. A
+\fIpassword\fR
+is equivalent to a personal identification number (PIN)\&.
+.RE
+.PP
+\-chkfips
+.RS 4
+Verify whether the module is in the given FIPS mode\&.
+\fBtrue\fR
+means to verify that the module is in FIPS mode, while
+\fBfalse\fR
+means to verify that the module is not in FIPS mode\&.
+.RE
+.PP
+\-create
+.RS 4
+Create new certificate, key, and module databases\&. Use the
+\fB\-dbdir\fR
+directory argument to specify a directory\&. If any of these databases already exist in a specified directory,
+\fBmodutil\fR
+returns an error message\&.
+.RE
+.PP
+\-default modulename
+.RS 4
+Specify the security mechanisms for which the named module will be a default provider\&. The security mechanisms are specified with the
+\fB\-mechanisms\fR
+argument\&.
+.RE
+.PP
+\-delete modulename
+.RS 4
+Delete the named module\&. The default NSS PKCS #11 module cannot be deleted\&.
+.RE
+.PP
+\-disable modulename
+.RS 4
+Disable all slots on the named module\&. Use the
+\fB\-slot\fR
+argument to disable a specific slot\&.
+.sp
+The internal NSS PKCS #11 module cannot be disabled\&.
+.RE
+.PP
+\-enable modulename
+.RS 4
+Enable all slots on the named module\&. Use the
+\fB\-slot\fR
+argument to enable a specific slot\&.
+.RE
+.PP
+\-fips [true | false]
+.RS 4
+Enable (true) or disable (false) FIPS 140\-2 compliance for the default NSS module\&.
+.RE
+.PP
+\-force
+.RS 4
+Disable
+\fBmodutil\fR\*(Aqs interactive prompts so it can be run from a script\&. Use this option only after manually testing each planned operation to check for warnings and to ensure that bypassing the prompts will cause no security lapses or loss of database integrity\&.
+.RE
+.PP
+\-jar JAR\-file
+.RS 4
+Add a new PKCS #11 module to the database using the named JAR file\&. Use this command with the
+\fB\-installdir\fR
+and
+\fB\-tempdir\fR
+arguments\&. The JAR file uses the NSS PKCS #11 JAR format to identify all the files to be installed, the module\*(Aqs name, the mechanism flags, and the cipher flags, as well as any files to be installed on the target machine, including the PKCS #11 module library file and other files such as documentation\&. This is covered in the JAR installation file section in the man page, which details the special script needed to perform an installation through a server or with
+\fBmodutil\fR\&.
+.RE
+.PP
+\-list [modulename]
+.RS 4
+Display basic information about the contents of the
+secmod\&.db
+file\&. Specifying a
+\fImodulename\fR
+displays detailed information about a particular module and its slots and tokens\&.
+.RE
+.PP
+\-rawadd
+.RS 4
+Add the module spec string to the
+secmod\&.db
+database\&.
+.RE
+.PP
+\-rawlist
+.RS 4
+Display the module specs for a specified module or for all loadable modules\&.
+.RE
+.PP
+\-undefault modulename
+.RS 4
+Specify the security mechanisms for which the named module will not be a default provider\&. The security mechanisms are specified with the
+\fB\-mechanisms\fR
+argument\&.
+.RE
+.PP
+\fBArguments\fR
+.PP
+MODULE
+.RS 4
+Give the security module to access\&.
+.RE
+.PP
+MODULESPEC
+.RS 4
+Give the security module spec to load into the security database\&.
+.RE
+.PP
+\-ciphers cipher\-enable\-list
+.RS 4
+Enable specific ciphers in a module that is being added to the database\&. The
+\fIcipher\-enable\-list\fR
+is a colon\-delimited list of cipher names\&. Enclose this list in quotation marks if it contains spaces\&.
+.RE
+.PP
+\-dbdir [sql:]directory
+.RS 4
+Specify the database directory in which to access or create security module database files\&.
+.sp
+\fBmodutil\fR
+supports two types of databases: the legacy security databases (cert8\&.db,
+key3\&.db, and
+secmod\&.db) and new SQLite databases (cert9\&.db,
+key4\&.db, and
+pkcs11\&.txt)\&. If the prefix
+\fBsql:\fR
+is not used, then the tool assumes that the given databases are in the old format\&.
+.RE
+.PP
+\-\-dbprefix prefix
+.RS 4
+Specify the prefix used on the database files, such as
+my_
+for
+my_cert8\&.db\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
+.RE
+.PP
+\-installdir root\-installation\-directory
+.RS 4
+Specify the root installation directory relative to which files will be installed by the
+\fB\-jar\fR
+option\&. This directory should be one below which it is appropriate to store dynamic library files, such as a server\*(Aqs root directory\&.
+.RE
+.PP
+\-libfile library\-file
+.RS 4
+Specify a path to a library file containing the implementation of the PKCS #11 interface module that is being added to the database\&.
+.RE
+.PP
+\-mechanisms mechanism\-list
+.RS 4
+Specify the security mechanisms for which a particular module will be flagged as a default provider\&. The
+\fImechanism\-list\fR
+is a colon\-delimited list of mechanism names\&. Enclose this list in quotation marks if it contains spaces\&.
+.sp
+The module becomes a default provider for the listed mechanisms when those mechanisms are enabled\&. If more than one module claims to be a particular mechanism\*(Aqs default provider, that mechanism\*(Aqs default provider is undefined\&.
+.sp
+\fBmodutil\fR
+supports several mechanisms: RSA, DSA, RC2, RC4, RC5, AES, DES, DH, SHA1, SHA256, SHA512, SSL, TLS, MD5, MD2, RANDOM (for random number generation), and FRIENDLY (meaning certificates are publicly readable)\&.
+.RE
+.PP
+\-newpwfile new\-password\-file
+.RS 4
+Specify a text file containing a token\*(Aqs new or replacement password so that a password can be entered automatically with the
+\fB\-changepw\fR
+option\&.
+.RE
+.PP
+\-nocertdb
+.RS 4
+Do not open the certificate or key databases\&. This has several effects:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+With the
+\fB\-create\fR
+command, only a module security file is created; certificate and key databases are not created\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+With the
+\fB\-jar\fR
+command, signatures on the JAR file are not checked\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+With the
+\fB\-changepw\fR
+command, the password on the NSS internal module cannot be set or changed, since this password is stored in the key database\&.
+.RE
+.RE
+.PP
+\-pwfile old\-password\-file
+.RS 4
+Specify a text file containing a token\*(Aqs existing password so that a password can be entered automatically when the
+\fB\-changepw\fR
+option is used to change passwords\&.
+.RE
+.PP
+\-secmod secmodname
+.RS 4
+Give the name of the security module database (like
+secmod\&.db) to load\&.
+.RE
+.PP
+\-slot slotname
+.RS 4
+Specify a particular slot to be enabled or disabled with the
+\fB\-enable\fR
+or
+\fB\-disable\fR
+options\&.
+.RE
+.PP
+\-string CONFIG_STRING
+.RS 4
+Pass a configuration string for the module being added to the database\&.
+.RE
+.PP
+\-tempdir temporary\-directory
+.RS 4
+Give a directory location where temporary files are created during the installation by the
+\fB\-jar\fR
+option\&. If no temporary directory is specified, the current directory is used\&.
+.RE
+.SH "USAGE AND EXAMPLES"
+.PP
+\fBCreating Database Files\fR
+.PP
+Before any operations can be performed, there must be a set of security databases available\&.
+\fBmodutil\fR
+can be used to create these files\&. The only required argument is the database that where the databases will be located\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-create \-dbdir [sql:]directory
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBAdding a Cryptographic Module\fR
+.PP
+Adding a PKCS #11 module means submitting a supporting library file, enabling its ciphers, and setting default provider status for various security mechanisms\&. This can be done by supplying all of the information through
+\fBmodutil\fR
+directly or by running a JAR file and install script\&. For the most basic case, simply upload the library:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-add modulename \-libfile library\-file [\-ciphers cipher\-enable\-list] [\-mechanisms mechanism\-list] 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-dbdir sql:/home/my/sharednssdb \-add "Example PKCS #11 Module" \-libfile "/tmp/crypto\&.so" \-mechanisms RSA:DSA:RC2:RANDOM 
+
+Using database directory \&.\&.\&. 
+Module "Example PKCS #11 Module" added to database\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBInstalling a Cryptographic Module from a JAR File\fR
+.PP
+PKCS #11 modules can also be loaded using a JAR file, which contains all of the required libraries and an installation script that describes how to install the module\&. The JAR install script is described in more detail in
+the section called \(lqJAR INSTALLATION FILE FORMAT\(rq\&.
+.PP
+The JAR installation script defines the setup information for each platform that the module can be installed on\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+Platforms { 
+   Linux:5\&.4\&.08:x86 { 
+      ModuleName { "Example PKCS #11 Module" } 
+      ModuleFile { crypto\&.so } 
+      DefaultMechanismFlags{0x0000} 
+      CipherEnableFlags{0x0000} 
+      Files { 
+         crypto\&.so { 
+            Path{ /tmp/crypto\&.so } 
+         } 
+         setup\&.sh { 
+            Executable 
+            Path{ /tmp/setup\&.sh } 
+         } 
+      } 
+   } 
+   Linux:6\&.0\&.0:x86 { 
+      EquivalentPlatform { Linux:5\&.4\&.08:x86 } 
+   } 
+} 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Both the install script and the required libraries must be bundled in a JAR file, which is specified with the
+\fB\-jar\fR
+argument\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-dbdir sql:/home/mt"jar\-install\-filey/sharednssdb \-jar install\&.jar \-installdir sql:/home/my/sharednssdb
+
+This installation JAR file was signed by: 
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- 
+
+**SUBJECT NAME** 
+
+C=US, ST=California, L=Mountain View, CN=Cryptorific Inc\&., OU=Digital ID
+Class 3 \- Netscape Object Signing, OU="www\&.verisign\&.com/repository/CPS
+Incorp\&. by Ref\&.,LIAB\&.LTD(c)9 6", OU=www\&.verisign\&.com/CPS Incorp\&.by Ref
+\&. LIABILITY LTD\&.(c)97 VeriSign, OU=VeriSign Object Signing CA \- Class 3
+Organization, OU="VeriSign, Inc\&.", O=VeriSign Trust Network **ISSUER
+NAME**, OU=www\&.verisign\&.com/CPS Incorp\&.by Ref\&. LIABILITY LTD\&.(c)97
+VeriSign, OU=VeriSign Object Signing CA \- Class 3 Organization,
+OU="VeriSign, Inc\&.", O=VeriSign Trust Network 
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- 
+
+Do you wish to continue this installation? (y/n) y 
+Using installer script "installer_script" 
+Successfully parsed installation script 
+Current platform is Linux:5\&.4\&.08:x86 
+Using installation parameters for platform Linux:5\&.4\&.08:x86 
+Installed file crypto\&.so to /tmp/crypto\&.so
+Installed file setup\&.sh to \&./pk11inst\&.dir/setup\&.sh 
+Executing "\&./pk11inst\&.dir/setup\&.sh"\&.\&.\&. 
+"\&./pk11inst\&.dir/setup\&.sh" executed successfully 
+Installed module "Example PKCS #11 Module" into module database 
+
+Installation completed successfully 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBAdding Module Spec\fR
+.PP
+Each module has information stored in the security database about its configuration and parameters\&. These can be added or edited using the
+\fB\-rawadd\fR
+command\&. For the current settings or to see the format of the module spec in the database, use the
+\fB\-rawlist\fR
+option\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-rawadd modulespec
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBDeleting a Module\fR
+.PP
+A specific PKCS #11 module can be deleted from the
+secmod\&.db
+database:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-delete modulename \-dbdir [sql:]directory 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBDisplaying Module Information\fR
+.PP
+The
+secmod\&.db
+database contains information about the PKCS #11 modules that are available to an application or server to use\&. The list of all modules, information about specific modules, and database configuration specs for modules can all be viewed\&.
+.PP
+To simply get a list of modules in the database, use the
+\fB\-list\fR
+command\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-list [modulename] \-dbdir [sql:]directory 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Listing the modules shows the module name, their status, and other associated security databases for certificates and keys\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-list \-dbdir sql:/home/my/sharednssdb 
+
+Listing of PKCS #11 Modules
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+  1\&. NSS Internal PKCS #11 Module
+         slots: 2 slots attached
+        status: loaded
+
+         slot: NSS Internal Cryptographic Services                            
+        token: NSS Generic Crypto Services
+
+         slot: NSS User Private Key and Certificate Services                  
+        token: NSS Certificate DB
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Passing a specific module name with the
+\fB\-list\fR
+returns details information about the module itself, like supported cipher mechanisms, version numbers, serial numbers, and other information about the module and the token it is loaded on\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ modutil \-list "NSS Internal PKCS #11 Module" \-dbdir sql:/home/my/sharednssdb
+
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+Name: NSS Internal PKCS #11 Module
+Library file: **Internal ONLY module**
+Manufacturer: Mozilla Foundation              
+Description: NSS Internal Crypto Services    
+PKCS #11 Version 2\&.20
+Library Version: 3\&.11
+Cipher Enable Flags: None
+Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
+
+  Slot: NSS Internal Cryptographic Services                            
+  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
+  Manufacturer: Mozilla Foundation              
+  Type: Software
+  Version Number: 3\&.11
+  Firmware Version: 0\&.0
+  Status: Enabled
+  Token Name: NSS Generic Crypto Services     
+  Token Manufacturer: Mozilla Foundation              
+  Token Model: NSS 3           
+  Token Serial Number: 0000000000000000
+  Token Version: 4\&.0
+  Token Firmware Version: 0\&.0
+  Access: Write Protected
+  Login Type: Public (no login required)
+  User Pin: NOT Initialized
+
+  Slot: NSS User Private Key and Certificate Services                  
+  Slot Mechanism Flags: None
+  Manufacturer: Mozilla Foundation              
+  Type: Software
+  Version Number: 3\&.11
+  Firmware Version: 0\&.0
+  Status: Enabled
+  Token Name: NSS Certificate DB              
+  Token Manufacturer: Mozilla Foundation              
+  Token Model: NSS 3           
+  Token Serial Number: 0000000000000000
+  Token Version: 8\&.3
+  Token Firmware Version: 0\&.0
+  Access: NOT Write Protected
+  Login Type: Login required
+  User Pin: Initialized
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+A related command,
+\fB\-rawlist\fR
+returns information about the database configuration for the modules\&. (This information can be edited by loading new specs using the
+\fB\-rawadd\fR
+command\&.)
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ modutil \-rawlist \-dbdir sql:/home/my/sharednssdb
+ name="NSS Internal PKCS #11 Module" parameters="configdir=\&. certPrefix= keyPrefix= secmod=secmod\&.db flags=readOnly " NSS="trustOrder=75 cipherOrder=100 slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM askpw=any timeout=30 ] }  Flags=internal,critical"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBSetting a Default Provider for Security Mechanisms\fR
+.PP
+Multiple security modules may provide support for the same security mechanisms\&. It is possible to set a specific security module as the default provider for a specific security mechanism (or, conversely, to prohibit a provider from supplying those mechanisms)\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-default modulename \-mechanisms mechanism\-list 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+To set a module as the default provider for mechanisms, use the
+\fB\-default\fR
+command with a colon\-separated list of mechanisms\&. The available mechanisms depend on the module; NSS supplies almost all common mechanisms\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-default "NSS Internal PKCS #11 Module" \-dbdir \-mechanisms RSA:DSA:RC2 
+
+Using database directory c:\edatabases\&.\&.\&.
+
+Successfully changed defaults\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Clearing the default provider has the same format:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-undefault "NSS Internal PKCS #11 Module" \-dbdir \-mechanisms MD2:MD5
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBEnabling and Disabling Modules and Slots\fR
+.PP
+Modules, and specific slots on modules, can be selectively enabled or disabled using
+\fBmodutil\fR\&. Both commands have the same format:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-enable|\-disable modulename [\-slot slotname] 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-enable "NSS Internal PKCS #11 Module" \-slot "NSS Internal Cryptographic Services                            " \-dbdir \&.
+
+Slot "NSS Internal Cryptographic Services                            " enabled\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Be sure that the appropriate amount of trailing whitespace is after the slot name\&. Some slot names have a significant amount of whitespace that must be included, or the operation will fail\&.
+.PP
+\fBEnabling and Verifying FIPS Compliance\fR
+.PP
+The NSS modules can have FIPS 140\-2 compliance enabled or disabled using
+\fBmodutil\fR
+with the
+\fB\-fips\fR
+option\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-fips true \-dbdir sql:/home/my/sharednssdb/
+
+FIPS mode enabled\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+To verify that status of FIPS mode, run the
+\fB\-chkfips\fR
+command with either a true or false flag (it doesn\*(Aqt matter which)\&. The tool returns the current FIPS setting\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-chkfips false \-dbdir sql:/home/my/sharednssdb/
+
+FIPS mode enabled\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBChanging the Password on a Token\fR
+.PP
+Initializing or changing a token\*(Aqs password:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-changepw tokenname [\-pwfile old\-password\-file] [\-newpwfile new\-password\-file] 
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-dbdir sql:/home/my/sharednssdb \-changepw "NSS Certificate DB" 
+
+Enter old password: 
+Incorrect password, try again\&.\&.\&. 
+Enter old password: 
+Enter new password: 
+Re\-enter new password: 
+Token "Communicator Certificate DB" password changed successfully\&.
+.fi
+.if n \{\
+.RE
+.\}
+.SH "JAR INSTALLATION FILE FORMAT"
+.PP
+When a JAR file is run by a server, by
+\fBmodutil\fR, or by any program that does not interpret JavaScript, a special information file must be included to install the libraries\&. There are several things to keep in mind with this file:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+It must be declared in the JAR archive\*(Aqs manifest file\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The script can have any name\&.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The metainfo tag for this is
+\fBPkcs11_install_script\fR\&. To declare meta\-information in the manifest file, put it in a file that is passed to
+\fBsigntool\fR\&.
+.RE
+.PP
+\fBSample Script\fR
+.PP
+For example, the PKCS #11 installer script could be in the file pk11install\&. If so, the metainfo file for
+\fBsigntool\fR
+includes a line such as this:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
++ Pkcs11_install_script: pk11install
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The script must define the platform and version number, the module name and file, and any optional information like supported ciphers and mechanisms\&. Multiple platforms can be defined in a single install file\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+ForwardCompatible { IRIX:6\&.2:mips SUNOS:5\&.5\&.1:sparc }
+Platforms {
+   WINNT::x86 {
+      ModuleName { "Example Module" }
+      ModuleFile { win32/fort32\&.dll }
+      DefaultMechanismFlags{0x0001}
+      DefaultCipherFlags{0x0001}
+      Files {
+         win32/setup\&.exe {
+            Executable
+            RelativePath { %temp%/setup\&.exe }
+         }
+         win32/setup\&.hlp {
+            RelativePath { %temp%/setup\&.hlp }
+         }
+         win32/setup\&.cab {
+            RelativePath { %temp%/setup\&.cab }
+         }
+      }
+   }
+   WIN95::x86 {
+      EquivalentPlatform {WINNT::x86}
+   }
+   SUNOS:5\&.5\&.1:sparc {
+      ModuleName { "Example UNIX Module" }
+      ModuleFile { unix/fort\&.so }
+      DefaultMechanismFlags{0x0001}
+      CipherEnableFlags{0x0001}
+      Files {
+         unix/fort\&.so {
+            RelativePath{%root%/lib/fort\&.so}
+            AbsolutePath{/usr/local/netscape/lib/fort\&.so}
+            FilePermissions{555}
+         }
+         xplat/instr\&.html {
+            RelativePath{%root%/docs/inst\&.html}
+            AbsolutePath{/usr/local/netscape/docs/inst\&.html}
+            FilePermissions{555}
+         }
+      }
+   }
+   IRIX:6\&.2:mips {
+      EquivalentPlatform { SUNOS:5\&.5\&.1:sparc }
+   }
+}
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBScript Grammar\fR
+.PP
+The script is basic Java, allowing lists, key\-value pairs, strings, and combinations of all of them\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+\-\-> valuelist
+
+valuelist \-\-> value valuelist
+               <null>
+
+value \-\-\-> key_value_pair
+            string
+
+key_value_pair \-\-> key { valuelist }
+
+key \-\-> string
+
+string \-\-> simple_string
+            "complex_string"
+
+simple_string \-\-> [^ \et\en\e""{""}"]+ 
+
+complex_string \-\-> ([^\e"\e\e\er\en]|(\e\e\e")|(\e\e\e\e))+ 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Quotes and backslashes must be escaped with a backslash\&. A complex string must not include newlines or carriage returns\&.Outside of complex strings, all white space (for example, spaces, tabs, and carriage returns) is considered equal and is used only to delimit tokens\&.
+.PP
+\fBKeys\fR
+.PP
+The Java install file uses keys to define the platform and module information\&.
+.PP
+\fBForwardCompatible\fR
+gives a list of platforms that are forward compatible\&. If the current platform cannot be found in the list of supported platforms, then the
+\fBForwardCompatible\fR
+list is checked for any platforms that have the same OS and architecture in an earlier version\&. If one is found, its attributes are used for the current platform\&.
+.PP
+\fBPlatforms\fR
+(required) Gives a list of platforms\&. Each entry in the list is itself a key\-value pair: the key is the name of the platform and the value list contains various attributes of the platform\&. The platform string is in the format
+\fIsystem name:OS release:architecture\fR\&. The installer obtains these values from NSPR\&. OS release is an empty string on non\-Unix operating systems\&. NSPR supports these platforms:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+AIX (rs6000)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+BSDI (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+FREEBSD (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+HPUX (hppa1\&.1)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+IRIX (mips)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+LINUX (ppc, alpha, x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+MacOS (PowerPC)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+NCR (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+NEC (mips)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+OS2 (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+OSF (alpha)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+ReliantUNIX (mips)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SCO (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SOLARIS (sparc)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SONY (mips)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+SUNOS (sparc)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+UnixWare (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+WIN16 (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+WIN95 (x86)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+WINNT (x86)
+.RE
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+IRIX:6\&.2:mips
+SUNOS:5\&.5\&.1:sparc
+Linux:2\&.0\&.32:x86
+WIN95::x86
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The module information is defined independently for each platform in the
+\fBModuleName\fR,
+\fBModuleFile\fR, and
+\fBFiles\fR
+attributes\&. These attributes must be given unless an
+\fBEquivalentPlatform\fR
+attribute is specified\&.
+.PP
+\fBPer\-Platform Keys\fR
+.PP
+Per\-platform keys have meaning only within the value list of an entry in the
+\fBPlatforms\fR
+list\&.
+.PP
+\fBModuleName\fR
+(required) gives the common name for the module\&. This name is used to reference the module by servers and by the
+\fBmodutil\fR
+tool\&.
+.PP
+\fBModuleFile\fR
+(required) names the PKCS #11 module file for this platform\&. The name is given as the relative path of the file within the JAR archive\&.
+.PP
+\fBFiles\fR
+(required) lists the files that need to be installed for this module\&. Each entry in the file list is a key\-value pair\&. The key is the path of the file in the JAR archive, and the value list contains attributes of the file\&. At least
+\fBRelativePath\fR
+or
+\fBAbsolutePath\fR
+must be specified for each file\&.
+.PP
+\fBDefaultMechanismFlags\fR
+specifies mechanisms for which this module is the default provider; this is equivalent to the
+\fB\-mechanism\fR
+option with the
+\fB\-add\fR
+command\&. This key\-value pair is a bitstring specified in hexadecimal (0x) format\&. It is constructed as a bitwise OR\&. If the DefaultMechanismFlags entry is omitted, the value defaults to 0x0\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+RSA:                   0x00000001
+DSA:                   0x00000002
+RC2:                   0x00000004
+RC4:                   0x00000008
+DES:                   0x00000010
+DH:                    0x00000020
+FORTEZZA:              0x00000040
+RC5:                   0x00000080
+SHA1:                  0x00000100
+MD5:                   0x00000200
+MD2:                   0x00000400
+RANDOM:                0x08000000
+FRIENDLY:              0x10000000
+OWN_PW_DEFAULTS:       0x20000000
+DISABLE:               0x40000000
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBCipherEnableFlags\fR
+specifies ciphers that this module provides that NSS does not provide (so that the module enables those ciphers for NSS)\&. This is equivalent to the
+\fB\-cipher\fR
+argument with the
+\fB\-add\fR
+command\&. This key is a bitstring specified in hexadecimal (0x) format\&. It is constructed as a bitwise OR\&. If the
+\fBCipherEnableFlags\fR
+entry is omitted, the value defaults to 0x0\&.
+.PP
+\fBEquivalentPlatform\fR
+specifies that the attributes of the named platform should also be used for the current platform\&. This makes it easier when more than one platform uses the same settings\&.
+.PP
+\fBPer\-File Keys\fR
+.PP
+Some keys have meaning only within the value list of an entry in a
+\fBFiles\fR
+list\&.
+.PP
+Each file requires a path key the identifies where the file is\&. Either
+\fBRelativePath\fR
+or
+\fBAbsolutePath\fR
+must be specified\&. If both are specified, the relative path is tried first, and the absolute path is used only if no relative root directory is provided by the installer program\&.
+.PP
+\fBRelativePath\fR
+specifies the destination directory of the file, relative to some directory decided at install time\&. Two variables can be used in the relative path:
+\fB%root%\fR
+and
+\fB%temp%\fR\&.
+\fB%root%\fR
+is replaced at run time with the directory relative to which files should be installed; for example, it may be the server\*(Aqs root directory\&. The
+\fB%temp%\fR
+directory is created at the beginning of the installation and destroyed at the end\&. The purpose of
+\fB%temp%\fR
+is to hold executable files (such as setup programs) or files that are used by these programs\&. Files destined for the temporary directory are guaranteed to be in place before any executable file is run; they are not deleted until all executable files have finished\&.
+.PP
+\fBAbsolutePath\fR
+specifies the destination directory of the file as an absolute path\&.
+.PP
+\fBExecutable\fR
+specifies that the file is to be executed during the course of the installation\&. Typically, this string is used for a setup program provided by a module vendor, such as a self\-extracting setup executable\&. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file\&.
+.PP
+\fBFilePermissions\fR
+sets permissions on any referenced files in a string of octal digits, according to the standard Unix format\&. This string is a bitwise OR\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+user read:                0400
+user write:               0200
+user execute:             0100
+group read:               0040
+group write:              0020
+group execute:            0010
+other read:               0004
+other write:              0002
+other execute:            0001
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Some platforms may not understand these permissions\&. They are applied only insofar as they make sense for the current platform\&. If this attribute is omitted, a default of 777 is assumed\&.
+.SH "NSS DATABASE TYPES"
+.PP
+NSS originally used BerkeleyDB databases to store security information\&. The last versions of these
+\fIlegacy\fR
+databases are:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert8\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key3\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+secmod\&.db for PKCS #11 module information
+.RE
+.PP
+BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously\&. NSS has some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues\&. Still, NSS requires more flexibility to provide a truly shared security database\&.
+.PP
+In 2009, NSS introduced a new set of databases that are SQLite databases rather than BerkleyDB\&. These new databases provide more accessibility and performance:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert9\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key4\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+pkcs11\&.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+.RE
+.PP
+Because the SQLite databases are designed to be shared, these are the
+\fIshared\fR
+database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&.
+.PP
+By default, the tools (\fBcertutil\fR,
+\fBpk12util\fR,
+\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the
+\fBsql:\fR
+prefix with the given security directory\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+modutil \-create \-dbdir sql:/home/my/sharednssdb
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+To set the shared database type as the default type for the tools, set the
+\fBNSS_DEFAULT_DB_TYPE\fR
+environment variable to
+\fBsql\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+export NSS_DEFAULT_DB_TYPE="sql"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This line can be added to the
+~/\&.bashrc
+file to make the change permanent for the user\&.
+.PP
+Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.PP
+For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "SEE ALSO"
+.PP
+certutil (1)
+.PP
+pk12util (1)
+.PP
+signtool (1)
+.PP
+The NSS wiki has information on the new database design and how to configure applications to use it\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/pk12util.1 b/nss/doc/nroff/pk12util.1
new file mode 100644
index 0000000..c4fa972
--- /dev/null
+++ b/nss/doc/nroff/pk12util.1
@@ -0,0 +1,1040 @@
+'\" t
+.\"     Title: PK12UTIL
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "PK12UTIL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pk12util \- Export and import keys and certificate to or from a PKCS #12 file and the NSS database
+.SH "SYNOPSIS"
+.HP \w'\fBpk12util\fR\ 'u
+\fBpk12util\fR [\-i\ p12File|\-l\ p12File|\-o\ p12File] [\-d\ [sql:]directory] [\-h\ tokenname] [\-P\ dbprefix] [\-r] [\-v] [\-k\ slotPasswordFile|\-K\ slotPassword] [\-w\ p12filePasswordFile|\-W\ p12filePassword]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The PKCS #12 utility,
+\fBpk12util\fR, enables sharing certificates among any server that supports PKCS#12\&. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys\&.
+.SH "OPTIONS AND ARGUMENTS"
+.PP
+\fBOptions\fR
+.PP
+\-i p12file
+.RS 4
+Import keys and certificates from a PKCS#12 file into a security database\&.
+.RE
+.PP
+\-l p12file
+.RS 4
+List the keys and certificates in PKCS#12 file\&.
+.RE
+.PP
+\-o p12file
+.RS 4
+Export keys and certificates from the security database to a PKCS#12 file\&.
+.RE
+.PP
+\fBArguments\fR
+.PP
+\-c keyCipher
+.RS 4
+Specify the key encryption algorithm\&.
+.RE
+.PP
+\-C certCipher
+.RS 4
+Specify the key cert (overall package) encryption algorithm\&.
+.RE
+.PP
+\-d [sql:]directory
+.RS 4
+Specify the database directory into which to import to or export from certificates and keys\&.
+.sp
+\fBpk12util\fR
+supports two types of databases: the legacy security databases (cert8\&.db,
+key3\&.db, and
+secmod\&.db) and new SQLite databases (cert9\&.db,
+key4\&.db, and
+pkcs11\&.txt)\&. If the prefix
+\fBsql:\fR
+is not used, then the tool assumes that the given databases are in the old format\&.
+.RE
+.PP
+\-h tokenname
+.RS 4
+Specify the name of the token to import into or export from\&.
+.RE
+.PP
+\-k slotPasswordFile
+.RS 4
+Specify the text file containing the slot\*(Aqs password\&.
+.RE
+.PP
+\-K slotPassword
+.RS 4
+Specify the slot\*(Aqs password\&.
+.RE
+.PP
+\-m | \-\-key\-len keyLength
+.RS 4
+Specify the desired length of the symmetric key to be used to encrypt the private key\&.
+.RE
+.PP
+\-n | \-\-cert\-key\-len certKeyLength
+.RS 4
+Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta\-data\&.
+.RE
+.PP
+\-n certname
+.RS 4
+Specify the nickname of the cert and private key to export\&.
+.RE
+.PP
+\-P prefix
+.RS 4
+Specify the prefix used on the certificate and key databases\&. This option is provided as a special case\&. Changing the names of the certificate and key databases is not recommended\&.
+.RE
+.PP
+\-r
+.RS 4
+Dumps all of the data in raw (binary) form\&. This must be saved as a DER file\&. The default is to return information in a pretty\-print ASCII format, which displays the information about the certificates and public keys in the p12 file\&.
+.RE
+.PP
+\-v
+.RS 4
+Enable debug logging when importing\&.
+.RE
+.PP
+\-w p12filePasswordFile
+.RS 4
+Specify the text file containing the pkcs #12 file password\&.
+.RE
+.PP
+\-W p12filePassword
+.RS 4
+Specify the pkcs #12 file password\&.
+.RE
+.SH "RETURN CODES"
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+0 \- No error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+1 \- User Cancelled
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+2 \- Usage error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+6 \- NLS init error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+8 \- Certificate DB open error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+9 \- Key DB open error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+10 \- File initialization error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+11 \- Unicode conversion error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+12 \- Temporary file creation error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+13 \- PKCS11 get slot error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+14 \- PKCS12 decoder start error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+15 \- error read from import file
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+16 \- pkcs12 decode error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+17 \- pkcs12 decoder verify error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+18 \- pkcs12 decoder validate bags error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+19 \- pkcs12 decoder import bags error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+20 \- key db conversion version 3 to version 2 error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+21 \- cert db conversion version 7 to version 5 error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+22 \- cert and key dbs patch error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+23 \- get default cert db error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+24 \- find cert by nickname error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+25 \- create export context error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+26 \- PKCS12 add password itegrity error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+27 \- cert and key Safes creation error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+28 \- PKCS12 add cert and key error
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+29 \- PKCS12 encode error
+.RE
+.SH "EXAMPLES"
+.PP
+\fBImporting Keys and Certificates\fR
+.PP
+The most basic usage of
+\fBpk12util\fR
+for importing a certificate or key is the PKCS#12 input file (\fB\-i\fR) and some way to specify the security database being accessed (either
+\fB\-d\fR
+for a directory or
+\fB\-h\fR
+for a token)\&.
+.PP
+pk12util \-i p12File [\-h tokenname] [\-v] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
+.PP
+For example:
+.PP
+
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# pk12util \-i /tmp/cert\-files/users\&.p12 \-d sql:/home/my/sharednssdb
+
+Enter a password which will be used to encrypt your keys\&.
+The password should be at least 8 characters long,
+and should contain at least one non\-alphabetic character\&.
+
+Enter new password: 
+Re\-enter password: 
+Enter password for PKCS12 file: 
+pk12util: PKCS12 IMPORT SUCCESSFUL
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBExporting Keys and Certificates\fR
+.PP
+Using the
+\fBpk12util\fR
+command to export certificates and keys requires both the name of the certificate to extract from the database (\fB\-n\fR) and the PKCS#12\-formatted output file to write to\&. There are optional parameters that can be used to encrypt the file to protect the certificate material\&.
+.PP
+pk12util \-o p12File \-n certname [\-c keyCipher] [\-C certCipher] [\-m|\-\-key_len keyLen] [\-n|\-\-cert_key_len certKeyLen] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
+.PP
+For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# pk12util \-o certs\&.p12 \-n Server\-Cert \-d sql:/home/my/sharednssdb
+Enter password for PKCS12 file: 
+Re\-enter password: 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBListing Keys and Certificates\fR
+.PP
+The information in a
+\&.p12
+file are not human\-readable\&. The certificates and keys in the file can be printed (listed) in a human\-readable pretty\-print format that shows information for every certificate and any public keys in the
+\&.p12
+file\&.
+.PP
+pk12util \-l p12File [\-h tokenname] [\-r] [\-d [sql:]directory] [\-P dbprefix] [\-k slotPasswordFile|\-K slotPassword] [\-w p12filePasswordFile|\-W p12filePassword]
+.PP
+For example, this prints the default ASCII output:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# pk12util \-l certs\&.p12
+
+Enter password for PKCS12 file: 
+Key(shrouded):
+    Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
+
+    Encryption algorithm: PKCS #12 V2 PBE With SHA\-1 And 3KEY Triple DES\-CBC
+        Parameters:
+            Salt:
+                45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f
+            Iteration Count: 1 (0x1)
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: PKCS #1 SHA\-1 With RSA Encryption
+        Issuer: "E=personal\-freemail@thawte\&.com,CN=Thawte Personal Freemail C
+            A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
+            own,ST=Western Cape,C=ZA"
+    
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Alternatively, the
+\fB\-r\fR
+prints the certificates and then exports them into separate DER binary files\&. This allows the certificates to be fed to another application that supports
+\&.p12
+files\&. Each certificate is written to a sequentially\-number file, beginning with
+file0001\&.der
+and continuing through
+file000N\&.der, incrementing the number for every certificate:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+pk12util \-l test\&.p12 \-r
+Enter password for PKCS12 file: 
+Key(shrouded):
+    Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
+
+    Encryption algorithm: PKCS #12 V2 PBE With SHA\-1 And 3KEY Triple DES\-CBC
+        Parameters:
+            Salt:
+                45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f
+            Iteration Count: 1 (0x1)
+Certificate    Friendly Name: Thawte Personal Freemail Issuing CA \- Thawte Consulting
+
+Certificate    Friendly Name: Thawte Freemail Member\*(Aqs Thawte Consulting (Pty) Ltd\&. ID
+    
+.fi
+.if n \{\
+.RE
+.\}
+.SH "PASSWORD ENCRYPTION"
+.PP
+PKCS#12 provides for not only the protection of the private keys but also the certificate and meta\-data associated with the keys\&. Password\-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package\&. If no algorithm is specified, the tool defaults to using
+\fBPKCS12 V2 PBE with SHA1 and 3KEY Triple DES\-cbc\fR
+for private key encryption\&.
+\fBPKCS12 V2 PBE with SHA1 and 40 Bit RC4\fR
+is the default for the overall package encryption when not in FIPS mode\&. When in FIPS mode, there is no package encryption\&.
+.PP
+The private key is always protected with strong encryption by default\&.
+.PP
+Several types of ciphers are supported\&.
+.PP
+Symmetric CBC ciphers for PKCS#5 V2
+.RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+DES\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+RC2\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+RC5\-CBCPad
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+DES\-EDE3\-CBC (the default for key encryption)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+AES\-128\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+AES\-192\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+AES\-256\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+CAMELLIA\-128\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+CAMELLIA\-192\-CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+CAMELLIA\-256\-CBC
+.RE
+.RE
+.PP
+PKCS#12 PBE ciphers
+.RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #12 PBE with Sha1 and 128 Bit RC4
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #12 PBE with Sha1 and 40 Bit RC4
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #12 PBE with Sha1 and Triple DES CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 128 Bit RC4
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non\-FIPS mode)
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 3KEY Triple DES\-cbc
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 2KEY Triple DES\-cbc
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC
+.RE
+.RE
+.PP
+PKCS#5 PBE ciphers
+.RS 4
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #5 Password Based Encryption with MD2 and DES CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #5 Password Based Encryption with MD5 and DES CBC
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+PKCS #5 Password Based Encryption with SHA1 and DES CBC
+.RE
+.RE
+.PP
+With PKCS#12, the crypto provider may be the soft token module or an external hardware module\&. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default)\&. If no suitable replacement for the desired algorithm can be found, the tool returns the error
+\fIno security module can perform the requested operation\fR\&.
+.SH "NSS DATABASE TYPES"
+.PP
+NSS originally used BerkeleyDB databases to store security information\&. The last versions of these
+\fIlegacy\fR
+databases are:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert8\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key3\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+secmod\&.db for PKCS #11 module information
+.RE
+.PP
+BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously\&. NSS has some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues\&. Still, NSS requires more flexibility to provide a truly shared security database\&.
+.PP
+In 2009, NSS introduced a new set of databases that are SQLite databases rather than BerkleyDB\&. These new databases provide more accessibility and performance:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert9\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key4\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+pkcs11\&.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+.RE
+.PP
+Because the SQLite databases are designed to be shared, these are the
+\fIshared\fR
+database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&.
+.PP
+By default, the tools (\fBcertutil\fR,
+\fBpk12util\fR,
+\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the
+\fBsql:\fR
+prefix with the given security directory\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# pk12util \-i /tmp/cert\-files/users\&.p12 \-d sql:/home/my/sharednssdb
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+To set the shared database type as the default type for the tools, set the
+\fBNSS_DEFAULT_DB_TYPE\fR
+environment variable to
+\fBsql\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+export NSS_DEFAULT_DB_TYPE="sql"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This line can be set added to the
+~/\&.bashrc
+file to make the change permanent\&.
+.PP
+Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.PP
+For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "SEE ALSO"
+.PP
+certutil (1)
+.PP
+modutil (1)
+.PP
+The NSS wiki has information on the new database design and how to configure applications to use it\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/pp.1 b/nss/doc/nroff/pp.1
new file mode 100644
index 0000000..ce37639
--- /dev/null
+++ b/nss/doc/nroff/pp.1
@@ -0,0 +1,108 @@
+'\" t
+.\"     Title: PP
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date: 29 July 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "PP" "1" "29 July 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pp \- Prints certificates, keys, crls, and pkcs7 files
+.SH "SYNOPSIS"
+.HP \w'\fBpp\ \-t\ type\ [\-a]\ [\-i\ input]\ [\-o\ output]\ [\-u]\ [\-w]\fR\ 'u
+\fBpp \-t type [\-a] [\-i input] [\-o output] [\-u] [\-w]\fR
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+\fBpp \fRpretty\-prints private and public key, certificate, certificate\-request, pkcs7 or crl files
+.SH "OPTIONS"
+.PP
+\fB\-t \fR \fItype\fR
+.RS 4
+specify the input, one of {private\-key | public\-key | certificate | certificate\-request | pkcs7 | crl}
+.sp
+.RE
+.PP
+\fB\-a \fR
+.RS 4
+Input is in ascii encoded form (RFC1113)
+.RE
+.PP
+\fB\-i \fR \fIinputfile\fR
+.RS 4
+Define an input file to use (default is stdin)
+.RE
+.PP
+\fB\-o \fR \fIoutputfile\fR
+.RS 4
+Define an output file to use (default is stdout)
+.RE
+.PP
+\fB\-u \fR
+.RS 4
+Use UTF\-8 (default is to show non\-ascii as \&.)
+.RE
+.PP
+\fB\-w \fR
+.RS 4
+Don\*(Aqt wrap long output lines
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+NSS is maintained in conjunction with PKI and security\-related projects through Mozilla and Fedora\&. The most closely\-related project is Dogtag PKI, with a project wiki at
+\m[blue]\fBPKI Wiki\fR\m[]\&\s-2\u[2]\d\s+2\&.
+.PP
+For information specifically about NSS, the NSS project wiki is located at
+\m[blue]\fBMozilla NSS site\fR\m[]\&\s-2\u[3]\d\s+2\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: pki\-devel@redhat\&.com and pki\-users@redhat\&.com
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
+.IP " 2." 4
+PKI Wiki
+.RS 4
+\%http://pki.fedoraproject.org/wiki/
+.RE
+.IP " 3." 4
+Mozilla NSS site
+.RS 4
+\%http://www.mozilla.org/projects/security/pki/nss/
+.RE
diff --git a/nss/doc/nroff/signtool.1 b/nss/doc/nroff/signtool.1
new file mode 100644
index 0000000..3a91ce6
--- /dev/null
+++ b/nss/doc/nroff/signtool.1
@@ -0,0 +1,681 @@
+'\" t
+.\"     Title: signtool
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "SIGNTOOL" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+signtool \- Digitally sign objects and files\&.
+.SH "SYNOPSIS"
+.HP \w'\fBsigntool\fR\ 'u
+\fBsigntool\fR [[\-b\ basename]] [[\-c\ Compression\ Level]] [[\-d\ cert\-dir]] [[\-e\ extension]] [[\-f\ filename]] [[\-i\ installer\ script]] [[\-h]] [[\-H]] [[\-v]] [[\-w]] [[\-G\ nickname]] [[\-J]] [[\-j\ directory]] [\-k\ keyName] [[\-\-keysize\ |\ \-s\ size]] [[\-l]] [[\-L]] [[\-M]] [[\-m\ metafile]] [[\-\-norecurse]] [[\-O]] [[\-o]] [[\-\-outfile]] [[\-p\ password]] [[\-t|\-\-token\ tokenname]] [[\-z]] [[\-X]] [[\-x\ name]] [[\-\-verbose\ value]] [[\-\-leavearc]] [[\-Z\ jarfile]] [directory\-tree] [archive]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The Signing Tool,
+\fBsigntool\fR, creates digital signatures and uses a Java Archive (JAR) file to associate the signatures with files in a directory\&. Electronic software distribution over any network involves potential security problems\&. To help address some of these problems, you can associate digital signatures with the files in a JAR archive\&. Digital signatures allow SSL\-enabled clients to perform two important operations:
+.PP
+* Confirm the identity of the individual, company, or other entity whose digital signature is associated with the files
+.PP
+* Check whether the files have been tampered with since being signed
+.PP
+If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file\&. An object\-signing certificate is a special kind of certificate that allows you to associate your digital signature with one or more files\&.
+.PP
+An individual file can potentially be signed with multiple digital signatures\&. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company\&. A network administrator manager might sign the same files with an additional digital signature based on a company\-generated certificate to indicate that the product is approved for use within the company\&.
+.PP
+The significance of a digital signature is comparable to the significance of a handwritten signature\&. Once you have signed a file, it is difficult to claim later that you didn\*(Aqt sign it\&. In some situations, a digital signature may be considered as legally binding as a handwritten signature\&. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute\&.
+.PP
+For example, if you are a software developer, you should test your code to make sure it is virus\-free before signing it\&. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it\&.
+.PP
+Before you can use Netscape Signing Tool to sign files, you must have an object\-signing certificate, which is a special certificate whose associated private key is used to create digital signatures\&. For testing purposes only, you can create an object\-signing certificate with Netscape Signing Tool 1\&.3\&. When testing is finished and you are ready to disitribute your software, you should obtain an object\-signing certificate from one of two kinds of sources:
+.PP
+* An independent certificate authority (CA) that authenticates your identity and charges you a fee\&. You typically get a certificate from an independent CA if you want to sign software that will be distributed over the Internet\&.
+.PP
+* CA server software running on your corporate intranet or extranet\&. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object\-signing certificates\&.
+.PP
+You must also have a certificate for the CA that issues your signing certificate before you can sign files\&. If the certificate authority\*(Aqs certificate isn\*(Aqt already installed in your copy of Communicator, you typically install it by clicking the appropriate link on the certificate authority\*(Aqs web site, for example on the page from which you initiated enrollment for your signing certificate\&. This is the case for some test certificates, as well as certificates issued by Netscape Certificate Management System: you must download the the CA certificate in addition to obtaining your own signing certificate\&. CA certificates for several certificate authorities are preinstalled in the Communicator certificate database\&.
+.PP
+When you receive an object\-signing certificate for your own use, it is automatically installed in your copy of the Communicator client software\&. Communicator supports the public\-key cryptography standard known as PKCS #12, which governs key portability\&. You can, for example, move an object\-signing certificate and its associated private key from one computer to another on a credit\-card\-sized device called a smart card\&.
+.SH "OPTIONS"
+.PP
+\-b basename
+.RS 4
+Specifies the base filename for the \&.rsa and \&.sf files in the META\-INF directory to conform with the JAR format\&. For example,
+\fI\-b signatures\fR
+causes the files to be named signatures\&.rsa and signatures\&.sf\&. The default is signtool\&.
+.RE
+.PP
+\-c#
+.RS 4
+Specifies the compression level for the \-J or \-Z option\&. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression\&. The higher the level of compression, the smaller the output but the longer the operation takes\&. If the \-c# option is not used with either the \-J or the \-Z option, the default compression value used by both the \-J and \-Z options is 6\&.
+.RE
+.PP
+\-d certdir
+.RS 4
+Specifies your certificate database directory; that is, the directory in which you placed your key3\&.db and cert7\&.db files\&. To specify the current directory, use "\-d\&." (including the period)\&. The Unix version of signtool assumes ~/\&.netscape unless told otherwise\&. The NT version of signtool always requires the use of the \-d option to specify where the database files are located\&.
+.RE
+.PP
+\-e extension
+.RS 4
+Tells signtool to sign only files with the given extension; for example, use \-e"\&.class" to sign only Java class files\&. Note that with Netscape Signing Tool version 1\&.1 and later this option can appear multiple times on one command line, making it possible to specify multiple file types or classes to include\&.
+.RE
+.PP
+\-f commandfile
+.RS 4
+Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format\&. All options and arguments can be expressed through this file\&. For more information about the syntax used with this file, see "Tips and Techniques"\&.
+.RE
+.PP
+\-G nickname
+.RS 4
+Generates a new private\-public key pair and corresponding object\-signing certificate with the given nickname\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&. Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with \-G is not signed by a recognized certificate authority\&. Instead, it is self\-signed\&. In addition, a single test signing certificate functions as both an object\-signing certificate and a CA\&. When you are using it to sign objects, it behaves like an object\-signing certificate\&. When it is imported into browser software such as Communicator, it behaves like an object\-signing CA and cannot be used to sign objects\&. The \-G option is available in Netscape Signing Tool 1\&.0 and later versions only\&. By default, it produces only RSA certificates with 1024\-byte keys in the internal token\&. However, you can use the \-s option specify the required key size and the \-t option to specify the token\&.
+.RE
+.PP
+\-i scriptname
+.RS 4
+Specifies the name of an installer script for SmartUpdate\&. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature\&. For more details, see the description of \-m that follows\&. The \-i option provides a straightforward way to provide this information if you don\*(Aqt need to specify any metadata other than an installer script\&.
+.RE
+.PP
+\-J
+.RS 4
+Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags\&. Even if signtool creates more than one archive file, you need to supply the key database password only once\&. The \-J option is available only in Netscape Signing Tool 1\&.0 and later versions\&. The \-J option cannot be used at the same time as the \-Z option\&. If the \-c# option is not used with the \-J option, the default compression value is 6\&. Note that versions 1\&.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages\&.
+.RE
+.PP
+\-j directory
+.RS 4
+Specifies a special JavaScript directory\&. This option causes the specified directory to be signed and tags its entries as inline JavaScript\&. This special type of entry does not have to appear in the JAR file itself\&. Instead, it is located in the HTML page containing the inline scripts\&. When you use signtool \-v, these entries are displayed with the string NOT PRESENT\&.
+.RE
+.PP
+\-k key \&.\&.\&. directory
+.RS 4
+Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory\&. The directory to sign is always specified as the last command\-line argument\&. Thus, it is possible to write signtool \-k MyCert \-d \&. signdir You may have trouble if the nickname contains a single quotation mark\&. To avoid problems, escape the quotation mark using the escape conventions for your platform\&. It\*(Aqs also possible to use the \-k option without signing any files or specifying a directory\&. For example, you can use it with the \-l option to get detailed information about a particular signing certificate\&.
+.RE
+.PP
+\-l
+.RS 4
+Lists signing certificates, including issuing CAs\&. If any of your certificates are expired or invalid, the list will so specify\&. This option can be used with the \-k option to list detailed information about a particular signing certificate\&. The \-l option is available in Netscape Signing Tool 1\&.0 and later versions only\&.
+.RE
+.PP
+\-L
+.RS 4
+Lists the certificates in your database\&. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool\&.
+.RE
+.PP
+\-\-leavearc
+.RS 4
+Retains the temporary \&.arc (archive) directories that the \-J option creates\&. These directories are automatically erased by default\&. Retaining the temporary directories can be an aid to debugging\&.
+.RE
+.PP
+\-m metafile
+.RS 4
+Specifies the name of a metadata control file\&. Metadata is signed information attached either to the JAR archive itself or to files within the archive\&. This metadata can be any ASCII string, but is used mainly for specifying an installer script\&. The metadata file contains one entry per line, each with three fields: field #1: file specification, or + if you want to specify global metadata (that is, metadata about the JAR archive itself or all entries in the archive) field #2: the name of the data you are specifying; for example: Install\-Script field #3: data corresponding to the name in field #2 For example, the \-i option uses the equivalent of this line: + Install\-Script: script\&.js This example associates a MIME type with a file: movie\&.qt MIME\-Type: video/quicktime For information about the way installer script information appears in the manifest file for a JAR archive, see The JAR Format on Netscape DevEdge\&.
+.RE
+.PP
+\-M
+.RS 4
+Lists the PKCS #11 modules available to signtool, including smart cards\&. The \-M option is available in Netscape Signing Tool 1\&.0 and later versions only\&. For information on using Netscape Signing Tool with smart cards, see "Using Netscape Signing Tool with Smart Cards"\&. For information on using the \-M option to verify FIPS\-140\-1 validated mode, see "Netscape Signing Tool and FIPS\-140\-1"\&.
+.RE
+.PP
+\-\-norecurse
+.RS 4
+Blocks recursion into subdirectories when signing a directory\*(Aqs contents or when parsing HTML\&.
+.RE
+.PP
+\-o
+.RS 4
+Optimizes the archive for size\&. Use this only if you are signing very large archives containing hundreds of files\&. This option makes the manifest files (required by the JAR format) considerably smaller, but they contain slightly less information\&.
+.RE
+.PP
+\-\-outfile outputfile
+.RS 4
+Specifies a file to receive redirected output from Netscape Signing Tool\&.
+.RE
+.PP
+\-p password
+.RS 4
+Specifies a password for the private\-key database\&. Note that the password entered on the command line is displayed as plain text\&.
+.RE
+.PP
+\-s keysize
+.RS 4
+Specifies the size of the key for generated certificate\&. Use the \-M option to find out what tokens are available\&. The \-s option can be used with the \-G option only\&.
+.RE
+.PP
+\-t token
+.RS 4
+Specifies which available token should generate the key and receive the certificate\&. Use the \-M option to find out what tokens are available\&. The \-t option can be used with the \-G option only\&.
+.RE
+.PP
+\-v archive
+.RS 4
+Displays the contents of an archive and verifies the cryptographic integrity of the digital signatures it contains and the files with which they are associated\&. This includes checking that the certificate for the issuer of the object\-signing certificate is listed in the certificate database, that the CA\*(Aqs digital signature on the object\-signing certificate is valid, that the relevant certificates have not expired, and so on\&.
+.RE
+.PP
+\-\-verbosity value
+.RS 4
+Sets the quantity of information Netscape Signing Tool generates in operation\&. A value of 0 (zero) is the default and gives full information\&. A value of \-1 suppresses most messages, but not error messages\&.
+.RE
+.PP
+\-w archive
+.RS 4
+Displays the names of signers of any files in the archive\&.
+.RE
+.PP
+\-x directory
+.RS 4
+Excludes the specified directory from signing\&. Note that with Netscape Signing Tool version 1\&.1 and later this option can appear multiple times on one command line, making it possible to specify several particular directories to exclude\&.
+.RE
+.PP
+\-z
+.RS 4
+Tells signtool not to store the signing time in the digital signature\&. This option is useful if you want the expiration date of the signature checked against the current date and time rather than the time the files were signed\&.
+.RE
+.PP
+\-Z jarfile
+.RS 4
+Creates a JAR file with the specified name\&. You must specify this option if you want signtool to create the JAR file; it does not do so automatically\&. If you don\*(Aqt specify \-Z, you must use an external ZIP tool to create the JAR file\&. The \-Z option cannot be used at the same time as the \-J option\&. If the \-c# option is not used with the \-Z option, the default compression value is 6\&.
+.RE
+.SH "THE COMMAND FILE FORMAT"
+.PP
+Entries in a Netscape Signing Tool command file have this general format: keyword=value Everything before the = sign on a single line is a keyword, and everything from the = sign to the end of line is a value\&. The value may include = signs; only the first = sign on a line is interpreted\&. Blank lines are ignored, but white space on a line with keywords and values is assumed to be part of the keyword (if it comes before the equal sign) or part of the value (if it comes after the first equal sign)\&. Keywords are case insensitive, values are generally case sensitive\&. Since the = sign and newline delimit the value, it should not be quoted\&.
+.PP
+\fBSubsection\fR
+.PP
+basename
+.RS 4
+Same as \-b option\&.
+.RE
+.PP
+compression
+.RS 4
+Same as \-c option\&.
+.RE
+.PP
+certdir
+.RS 4
+Same as \-d option\&.
+.RE
+.PP
+extension
+.RS 4
+Same as \-e option\&.
+.RE
+.PP
+generate
+.RS 4
+Same as \-G option\&.
+.RE
+.PP
+installscript
+.RS 4
+Same as \-i option\&.
+.RE
+.PP
+javascriptdir
+.RS 4
+Same as \-j option\&.
+.RE
+.PP
+htmldir
+.RS 4
+Same as \-J option\&.
+.RE
+.PP
+certname
+.RS 4
+Nickname of certificate, as with \-k and \-l \-k options\&.
+.RE
+.PP
+signdir
+.RS 4
+The directory to be signed, as with \-k option\&.
+.RE
+.PP
+list
+.RS 4
+Same as \-l option\&. Value is ignored, but = sign must be present\&.
+.RE
+.PP
+listall
+.RS 4
+Same as \-L option\&. Value is ignored, but = sign must be present\&.
+.RE
+.PP
+metafile
+.RS 4
+Same as \-m option\&.
+.RE
+.PP
+modules
+.RS 4
+Same as \-M option\&. Value is ignored, but = sign must be present\&.
+.RE
+.PP
+optimize
+.RS 4
+Same as \-o option\&. Value is ignored, but = sign must be present\&.
+.RE
+.PP
+password
+.RS 4
+Same as \-p option\&.
+.RE
+.PP
+keysize
+.RS 4
+Same as \-s option\&.
+.RE
+.PP
+token
+.RS 4
+Same as \-t option\&.
+.RE
+.PP
+verify
+.RS 4
+Same as \-v option\&.
+.RE
+.PP
+who
+.RS 4
+Same as \-w option\&.
+.RE
+.PP
+exclude
+.RS 4
+Same as \-x option\&.
+.RE
+.PP
+notime
+.RS 4
+Same as \-z option\&. value is ignored, but = sign must be present\&.
+.RE
+.PP
+jarfile
+.RS 4
+Same as \-Z option\&.
+.RE
+.PP
+outfile
+.RS 4
+Name of a file to which output and error messages will be redirected\&. This option has no command\-line equivalent\&.
+.RE
+.SH "EXTENDED EXAMPLES"
+.PP
+The following example will do this and that
+.PP
+\fBListing Available Signing Certificates\fR
+.PP
+You use the \-L option to list the nicknames for all available certificates and check which ones are signing certificates\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-L 
+
+using certificate directory: /u/jsmith/\&.netscape 
+S Certificates 
+\- \-\-\-\-\-\-\-\-\-\-\-\- 
+  BBN Certificate Services CA Root 1 
+  IBM World Registry CA 
+  VeriSign Class 1 CA \- Individual Subscriber \- VeriSign, Inc\&. 
+  GTE CyberTrust Root CA 
+  Uptime Group Plc\&. Class 4 CA 
+* Verisign Object Signing Cert 
+  Integrion CA 
+  GTE CyberTrust Secure Server CA 
+  AT&T Directory Services 
+* test object signing cert 
+  Uptime Group Plc\&. Class 1 CA 
+  VeriSign Class 1 Primary CA 
+\- \-\-\-\-\-\-\-\-\-\-\-\-
+
+Certificates that can be used to sign objects have *\*(Aqs to their left\&. 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Two signing certificates are displayed: Verisign Object Signing Cert and test object signing cert\&.
+.PP
+You use the \-l option to get a list of signing certificates only, including the signing CA for each\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-l
+
+using certificate directory: /u/jsmith/\&.netscape
+Object signing certificates
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+
+Verisign Object Signing Cert
+    Issued by: VeriSign, Inc\&. \- Verisign, Inc\&.
+    Expires: Tue May 19, 1998
+test object signing cert
+    Issued by: test object signing cert (Signtool 1\&.0 Testing 
+Certificate (960187691))
+    Expires: Sun May 17, 1998
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+For a list including CAs, use the
+\fB\-L\fR
+option\&.
+.PP
+\fBSigning a File\fR
+.PP
+1\&. Create an empty directory\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+mkdir signdir
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+2\&. Put some file into it\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+echo boo > signdir/test\&.f
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+3\&. Specify the name of your object\-signing certificate and sign the directory\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-k MySignCert \-Z testjar\&.jar signdir
+
+using key "MySignCert"
+using certificate directory: /u/jsmith/\&.netscape
+Generating signdir/META\-INF/manifest\&.mf file\&.\&.
+\-\-> test\&.f
+adding signdir/test\&.f to testjar\&.jar
+Generating signtool\&.sf file\&.\&.
+Enter Password or Pin for "Communicator Certificate DB":
+
+adding signdir/META\-INF/manifest\&.mf to testjar\&.jar
+adding signdir/META\-INF/signtool\&.sf to testjar\&.jar
+adding signdir/META\-INF/signtool\&.rsa to testjar\&.jar
+
+tree "signdir" signed successfully
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+4\&. Test the archive you just created\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-v testjar\&.jar
+
+using certificate directory: /u/jsmith/\&.netscape
+archive "testjar\&.jar" has passed crypto verification\&.
+           status   path
+     \-\-\-\-\-\-\-\-\-\-\-\-   \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+         verified   test\&.f
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBUsing Netscape Signing Tool with a ZIP Utility\fR
+.PP
+To use Netscape Signing Tool with a ZIP utility, you must have the utility in your path environment variable\&. You should use the zip\&.exe utility rather than pkzip\&.exe, which cannot handle long filenames\&. You can use a ZIP utility instead of the \-Z option to package a signed archive into a JAR file after you have signed it:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+cd signdir 
+
+  zip \-r \&.\&./myjar\&.jar * 
+  adding: META\-INF/ (stored 0%) 
+  adding: META\-INF/manifest\&.mf (deflated 15%) 
+  adding: META\-INF/signtool\&.sf (deflated 28%) 
+  adding: META\-INF/signtool\&.rsa (stored 0%) 
+  adding: text\&.txt (stored 0%)
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBGenerating the Keys and Certificate\fR
+.PP
+The signtool option \-G generates a new public\-private key pair and certificate\&. It takes the nickname of the new certificate as an argument\&. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the \-d option\&. With the NT version of Netscape Signing Tool, you must use the \-d option with the \-G option\&. With the Unix version of Netscape Signing Tool, omitting the \-d option causes the tool to install the keys and certificate in the Communicator key and certificate databases\&. In all cases, the certificate is also output to a file named x509\&.cacert, which has the MIME\-type application/x\-x509\-ca\-cert\&.
+.PP
+Certificates contain standard information about the entity they identify, such as the common name and organization name\&. Netscape Signing Tool prompts you for this information when you run the command with the \-G option\&. However, all of the requested fields are optional for test certificates\&. If you do not enter a common name, the tool provides a default name\&. In the following example, the user input is in boldface:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-G MyTestCert
+
+using certificate directory: /u/someuser/\&.netscape
+Enter certificate information\&. All fields are optional\&. Acceptable
+characters are numbers, letters, spaces, and apostrophes\&.
+certificate common name: Test Object Signing Certificate
+organization: Netscape Communications Corp\&.
+organization unit: Server Products Division
+state or province: California
+country (must be exactly 2 characters): US
+username: someuser
+email address: someuser@netscape\&.com
+Enter Password or Pin for "Communicator Certificate DB": [Password will not echo]
+generated public/private key pair
+certificate request generated
+certificate has been signed
+certificate "MyTestCert" added to database
+Exported certificate to x509\&.raw and x509\&.cacert\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The certificate information is read from standard input\&. Therefore, the information can be read from a file using the redirection operator (<) in some operating systems\&. To create a file for this purpose, enter each of the seven input fields, in order, on a separate line\&. Make sure there is a newline character at the end of the last line\&. Then run signtool with standard input redirected from your file as follows:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-G MyTestCert inputfile
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The prompts show up on the screen, but the responses will be automatically read from the file\&. The password will still be read from the console unless you use the \-p option to give the password on the command line\&.
+.PP
+\fBUsing the \-M Option to List Smart Cards\fR
+.PP
+You can use the \-M option to list the PKCS #11 modules, including smart cards, that are available to signtool:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-d "c:\enetscape\eusers\ejsmith" \-M
+
+using certificate directory: c:\enetscape\eusers\eusername
+Listing of PKCS11 modules 
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- 
+	1\&. Netscape Internal PKCS #11 Module 
+			  (this module is internally loaded) 
+			  slots: 2 slots attached 
+			  status: loaded 
+	  slot: Communicator Internal Cryptographic Services Version 4\&.0 
+	 token: Communicator Generic Crypto Svcs 
+	  slot: Communicator User Private Key and Certificate Services 
+	 token: Communicator Certificate DB 
+	2\&. CryptOS 
+			  (this is an external module) 
+ DLL name: core32 
+	 slots: 1 slots attached 
+	status: loaded 
+	  slot: Litronic 210 
+	 token: 
+	\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- 
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBUsing Netscape Signing Tool and a Smart Card to Sign Files\fR
+.PP
+The signtool command normally takes an argument of the \-k option to specify a signing certificate\&. To sign with a smart card, you supply only the fully qualified name of the certificate\&.
+.PP
+To see fully qualified certificate names when you run Communicator, click the Security button in Navigator, then click Yours under Certificates in the left frame\&. Fully qualified names are of the format smart card:certificate, for example "MyCard:My Signing Cert"\&. You use this name with the \-k argument as follows:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-k "MyCard:My Signing Cert" directory
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+\fBVerifying FIPS Mode\fR
+.PP
+Use the \-M option to verify that you are using the FIPS\-140\-1 module\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-d "c:\enetscape\eusers\ejsmith" \-M
+
+using certificate directory: c:\enetscape\eusers\ejsmith
+Listing of PKCS11 modules
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+  1\&. Netscape Internal PKCS #11 Module
+          (this module is internally loaded)
+          slots: 2 slots attached
+          status: loaded
+    slot: Communicator Internal Cryptographic Services Version 4\&.0
+   token: Communicator Generic Crypto Svcs
+    slot: Communicator User Private Key and Certificate Services
+   token: Communicator Certificate DB
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This Unix example shows that Netscape Signing Tool is using a FIPS\-140\-1 module:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signtool \-d "c:\enetscape\eusers\ejsmith" \-M
+using certificate directory: c:\enetscape\eusers\ejsmith
+Enter Password or Pin for "Communicator Certificate DB": [password will not echo]
+Listing of PKCS11 modules
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+1\&. Netscape Internal FIPS PKCS #11 Module
+(this module is internally loaded)
+slots: 1 slots attached
+status: loaded
+slot: Netscape Internal FIPS\-140\-1 Cryptographic Services
+token: Communicator Certificate DB
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+signver (1)
+.PP
+The NSS wiki has information on the new database design and how to configure applications to use it\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/signver.1 b/nss/doc/nroff/signver.1
new file mode 100644
index 0000000..ad92c11
--- /dev/null
+++ b/nss/doc/nroff/signver.1
@@ -0,0 +1,320 @@
+'\" t
+.\"     Title: SIGNVER
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "SIGNVER" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+signver \- Verify a detached PKCS#7 signature for a file\&.
+.SH "SYNOPSIS"
+.HP \w'\fBsigntool\fR\ 'u
+\fBsigntool\fR \-A | \-V  \-d\ \fIdirectory\fR [\-a] [\-i\ \fIinput_file\fR] [\-o\ \fIoutput_file\fR] [\-s\ \fIsignature_file\fR] [\-v]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The Signature Verification Tool,
+\fBsignver\fR, is a simple command\-line utility that unpacks a base\-64\-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques\&. The Signature Verification Tool can also display the contents of the signed object\&.
+.SH "OPTIONS"
+.PP
+\-A
+.RS 4
+Displays all of the information in the PKCS#7 signature\&.
+.RE
+.PP
+\-V
+.RS 4
+Verifies the digital signature\&.
+.RE
+.PP
+\-d [sql:]\fIdirectory\fR
+.RS 4
+Specify the database directory which contains the certificates and keys\&.
+.sp
+\fBsignver\fR
+supports two types of databases: the legacy security databases (cert8\&.db,
+key3\&.db, and
+secmod\&.db) and new SQLite databases (cert9\&.db,
+key4\&.db, and
+pkcs11\&.txt)\&. If the prefix
+\fBsql:\fR
+is not used, then the tool assumes that the given databases are in the old format\&.
+.RE
+.PP
+\-a
+.RS 4
+Sets that the given signature file is in ASCII format\&.
+.RE
+.PP
+\-i \fIinput_file\fR
+.RS 4
+Gives the input file for the object with signed data\&.
+.RE
+.PP
+\-o \fIoutput_file\fR
+.RS 4
+Gives the output file to which to write the results\&.
+.RE
+.PP
+\-s \fIsignature_file\fR
+.RS 4
+Gives the input file for the digital signature\&.
+.RE
+.PP
+\-v
+.RS 4
+Enables verbose output\&.
+.RE
+.SH "EXTENDED EXAMPLES"
+.SS "Verifying a Signature"
+.PP
+The
+\fB\-V\fR
+option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file)\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signver \-V \-s \fIsignature_file\fR \-i \fIsigned_file\fR \-d sql:/home/my/sharednssdb
+
+signatureValid=yes
+.fi
+.if n \{\
+.RE
+.\}
+.SS "Printing Signature Data"
+.PP
+The
+\fB\-A\fR
+option prints all of the information contained in a signature file\&. Using the
+\fB\-o\fR
+option prints the signature file information to the given output file rather than stdout\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+signver \-A \-s \fIsignature_file\fR \-o \fIoutput_file\fR
+.fi
+.if n \{\
+.RE
+.\}
+.SH "NSS DATABASE TYPES"
+.PP
+NSS originally used BerkeleyDB databases to store security information\&. The last versions of these
+\fIlegacy\fR
+databases are:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert8\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key3\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+secmod\&.db for PKCS #11 module information
+.RE
+.PP
+BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously\&. NSS has some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues\&. Still, NSS requires more flexibility to provide a truly shared security database\&.
+.PP
+In 2009, NSS introduced a new set of databases that are SQLite databases rather than BerkleyDB\&. These new databases provide more accessibility and performance:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+cert9\&.db for certificates
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+key4\&.db for keys
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+pkcs11\&.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+.RE
+.PP
+Because the SQLite databases are designed to be shared, these are the
+\fIshared\fR
+database type\&. The shared database type is preferred; the legacy format is included for backward compatibility\&.
+.PP
+By default, the tools (\fBcertutil\fR,
+\fBpk12util\fR,
+\fBmodutil\fR) assume that the given security databases follow the more common legacy type\&. Using the SQLite databases must be manually specified by using the
+\fBsql:\fR
+prefix with the given security directory\&. For example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+# signver \-A \-s \fIsignature\fR \-d sql:/home/my/sharednssdb
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+To set the shared database type as the default type for the tools, set the
+\fBNSS_DEFAULT_DB_TYPE\fR
+environment variable to
+\fBsql\fR:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+export NSS_DEFAULT_DB_TYPE="sql"
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+This line can be added to the
+~/\&.bashrc
+file to make the change permanent for the user\&.
+.PP
+Most applications do not use the shared database by default, but they can be configured to use them\&. For example, this how\-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.PP
+For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "SEE ALSO"
+.PP
+signtool (1)
+.PP
+The NSS wiki has information on the new database design and how to configure applications to use it\&.
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Setting up the shared NSS database
+.sp
+https://wiki\&.mozilla\&.org/NSS_Shared_DB_Howto
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+Engineering and technical information about the shared NSS database
+.sp
+https://wiki\&.mozilla\&.org/NSS_Shared_DB
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/ssltap.1 b/nss/doc/nroff/ssltap.1
new file mode 100644
index 0000000..69129ec
--- /dev/null
+++ b/nss/doc/nroff/ssltap.1
@@ -0,0 +1,609 @@
+'\" t
+.\"     Title: SSLTAP
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "SSLTAP" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+ssltap \- Tap into SSL connections and display the data going by
+.SH "SYNOPSIS"
+.HP \w'\fBssltap\fR\ 'u
+\fBssltap\fR [\-fhlsvx] [\-p\ port] [hostname:port]
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The SSL Debugging Tool
+\fBssltap\fR
+is an SSL\-aware command\-line proxy\&. It watches TCP connections and displays the data going by\&. If a connection is SSL, the data display includes interpreted SSL records and handshaking
+.SH "OPTIONS"
+.PP
+\-f
+.RS 4
+Turn on fancy printing\&. Output is printed in colored HTML\&. Data sent from the client to the server is in blue; the server\*(Aqs reply is in red\&. When used with looping mode, the different connections are separated with horizontal lines\&. You can use this option to upload the output into a browser\&.
+.RE
+.PP
+\-h
+.RS 4
+Turn on hex/ASCII printing\&. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters\&. The two parts are separated by a vertical bar\&. Nonprinting characters are replaced by dots\&.
+.RE
+.PP
+\-l prefix
+.RS 4
+Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete\&.
+.RE
+.PP
+\-p port
+.RS 4
+Change the default rendezvous port (1924) to another port\&.
+.sp
+The following are well\-known port numbers:
+.sp
+* HTTP 80
+.sp
+* HTTPS 443
+.sp
+* SMTP 25
+.sp
+* FTP 21
+.sp
+* IMAP 143
+.sp
+* IMAPS 993 (IMAP over SSL)
+.sp
+* NNTP 119
+.sp
+* NNTPS 563 (NNTP over SSL)
+.RE
+.PP
+\-s
+.RS 4
+Turn on SSL parsing and decoding\&. The tool does not automatically detect SSL sessions\&. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures\&.
+.sp
+If the tool detects a certificate chain, it saves the DER\-encoded certificates into files in the current directory\&. The files are named cert\&.0x, where x is the sequence number of the certificate\&.
+.sp
+If the \-s option is used with \-h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output\&.
+.RE
+.PP
+\-v
+.RS 4
+Print a version string for the tool\&.
+.RE
+.PP
+\-x
+.RS 4
+Turn on extra SSL hex dumps\&.
+.RE
+.SH "USAGE AND EXAMPLES"
+.PP
+You can use the SSL Debugging Tool to intercept any connection information\&. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful\&. For example, assume your development machine is called intercept\&. The simplest way to use the debugging tool is to execute the following command from a command shell:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ ssltap www\&.netscape\&.com
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+The program waits for an incoming connection on the default port 1924\&. In your browser window, enter the URL http://intercept:1924\&. The browser retrieves the requested page from the server at www\&.netscape\&.com, but the page is intercepted and passed on to the browser by the debugging tool on intercept\&. On its way to the browser, the data is printed to the command shell from which you issued the command\&. Data sent from the client to the server is surrounded by the following symbols: \-\-> [ data ] Data sent from the server to the client is surrounded by the following symbols: "left arrow"\-\- [ data ] The raw data stream is sent to standard output and is not interpreted in any way\&. This can result in peculiar effects, such as sounds, flashes, and even crashes of the command shell window\&. To output a basic, printable interpretation of the data, use the \-h option, or, if you are looking at an SSL connection, the \-s option\&. You will notice that the page you retrieved looks incomplete in the browser\&. This is because, by default, the tool closes down after the first connection is complete, so the browser is not able to load images\&. To make the tool continue to accept connections, switch on looping mode with the \-l option\&. The following examples show the output from commonly used combinations of options\&.
+.PP
+Example 1
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ ssltap\&.exe \-sx \-p 444 interzone\&.mcom\&.com:443 > sx\&.txt
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Output
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+Connected to interzone\&.mcom\&.com:443
+\-\->; [
+alloclen = 66 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher\-specs\-length = 39 (0x27)
+            sid\-length = 0 (0x00)
+            challenge\-length = 16 (0x10)
+            cipher\-suites = {
+
+                (0x010080) SSL2/RSA/RC4\-128/MD5
+                  (0x020080) SSL2/RSA/RC4\-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x040080) SSL2/RSA/RC2CBC40/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE\-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4\-128/MD5
+                  (0x00ffe0) SSL3/RSA\-FIPS/3DES192EDE\-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE\-CBC/SHA
+                  (0x00ffe1) SSL3/RSA\-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4\-40/MD5
+                  (0x000006) SSL3/RSA/RC2CBC40/MD5
+                  }
+            session\-id = { }
+            challenge = { 0xec5d 0x8edb 0x37c9 0xb5c9 0x7b70 0x8fe9 0xd1d3
+
+0x2592 }
+}
+]
+<\-\- [
+SSLRecord {
+   0: 16 03 00 03  e5                                   |\&.\&.\&.\&.\&.
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 997 (0x3e5)
+   handshake {
+   0: 02 00 00 46                                      |\&.\&.\&.F
+      type = 2 (server_hello)
+      length = 70 (0x000046)
+            ServerHello {
+            server_version = {3, 0}
+            random = {\&.\&.\&.}
+   0: 77 8c 6e 26  6c 0c ec c0  d9 58 4f 47  d3 2d 01 45  |
+wn&l\&.\(`i\&.\&.XOG\&.\-\&.E
+   10: 5c 17 75 43  a7 4c 88 c7  88 64 3c 50  41 48 4f 7f  |
+
+\e\&.uC\(scL\&.\(,C\&.d<PAHO\&.
+                  session ID = {
+                  length = 32
+
+                contents = {\&.\&.}
+   0: 14 11 07 a8  2a 31 91 29  11 94 40 37  57 10 a7 32  | \&.\&.\&.\(ad*1\&.)\&.\&.@7W\&.\(sc2
+   10: 56 6f 52 62  fe 3d b3 65  b1 e4 13 0f  52 a3 c8 f6  | VoRb\(Tp=\(S3e\(+-\&.\&.\&.R\(Po\(`E\&.
+         }
+               cipher_suite = (0x0003) SSL3/RSA/RC4\-40/MD5
+         }
+   0: 0b 00 02 c5                                      |\&.\&.\&.\(oA
+      type = 11 (certificate)
+      length = 709 (0x0002c5)
+            CertificateChain {
+            chainlength = 706 (0x02c2)
+               Certificate {
+            size = 703 (0x02bf)
+               data = { saved in file \*(Aqcert\&.001\*(Aq }
+            }
+         }
+   0: 0c 00 00 ca                                      |\&.\&.\&.\&.
+         type = 12 (server_key_exchange)
+         length = 202 (0x0000ca)
+   0: 0e 00 00 00                                      |\&.\&.\&.\&.
+         type = 14 (server_hello_done)
+         length = 0 (0x000000)
+   }
+}
+]
+\-\-> [
+SSLRecord {
+   0: 16 03 00 00  44                                   |\&.\&.\&.\&.D
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 68 (0x44)
+   handshake {
+   0: 10 00 00 40                                      |\&.\&.\&.@
+   type = 16 (client_key_exchange)
+   length = 64 (0x000040)
+         ClientKeyExchange {
+            message = {\&.\&.\&.}
+         }
+   }
+}
+]
+\-\-> [
+SSLRecord {
+   0: 14 03 00 00  01                                   |\&.\&.\&.\&.\&.
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+   0: 01                                               |\&.
+}
+SSLRecord {
+   0: 16 03 00 00  38                                   |\&.\&.\&.\&.8
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               < encrypted >
+
+}
+]
+<\-\- [
+SSLRecord {
+   0: 14 03 00 00  01                                   |\&.\&.\&.\&.\&.
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+   0: 01                                               |\&.
+}
+]
+<\-\- [
+SSLRecord {
+   0: 16 03 00 00  38                                   |\&.\&.\&.\&.8
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+                  < encrypted >
+
+}
+]
+\-\-> [
+SSLRecord {
+   0: 17 03 00 01  1f                                   |\&.\&.\&.\&.\&.
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 287 (0x11f)
+               < encrypted >
+}
+]
+<\-\- [
+SSLRecord {
+   0: 17 03 00 00  a0                                   |\&.\&.\&.\&.
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 160 (0xa0)
+               < encrypted >
+
+}
+]
+<\-\- [
+SSLRecord {
+0: 17 03 00 00  df                                   |\&.\&.\&.\&.\(ss
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 223 (0xdf)
+               < encrypted >
+
+}
+SSLRecord {
+   0: 15 03 00 00  12                                   |\&.\&.\&.\&.\&.
+   type    = 21 (alert)
+   version = { 3,0 }
+   length  = 18 (0x12)
+               < encrypted >
+}
+]
+Server socket closed\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Example 2
+.PP
+The \-s option turns on SSL parsing\&. Because the \-x option is not used in this example, undecoded values are output as raw data\&. The output is routed to a text file\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ ssltap \-s  \-p 444 interzone\&.mcom\&.com:443 > s\&.txt
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Output
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+Connected to interzone\&.mcom\&.com:443
+\-\-> [
+alloclen = 63 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher\-specs\-length = 36 (0x24)
+            sid\-length = 0 (0x00)
+            challenge\-length = 16 (0x10)
+            cipher\-suites = {
+                  (0x010080) SSL2/RSA/RC4\-128/MD5
+                  (0x020080) SSL2/RSA/RC4\-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE\-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4\-128/MD5
+                  (0x00ffe0) SSL3/RSA\-FIPS/3DES192EDE\-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE\-CBC/SHA
+                  (0x00ffe1) SSL3/RSA\-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4\-40/MD5
+                  }
+               session\-id = { }
+            challenge = { 0x713c 0x9338 0x30e1 0xf8d6 0xb934 0x7351 0x200c
+0x3fd0 }
+]
+>\-\- [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 997 (0x3e5)
+   handshake {
+         type = 2 (server_hello)
+         length = 70 (0x000046)
+            ServerHello {
+            server_version = {3, 0}
+            random = {\&.\&.\&.}
+            session ID = {
+               length = 32
+               contents = {\&.\&.}
+               }
+               cipher_suite = (0x0003) SSL3/RSA/RC4\-40/MD5
+            }
+         type = 11 (certificate)
+         length = 709 (0x0002c5)
+            CertificateChain {
+               chainlength = 706 (0x02c2)
+               Certificate {
+                  size = 703 (0x02bf)
+                  data = { saved in file \*(Aqcert\&.001\*(Aq }
+               }
+            }
+         type = 12 (server_key_exchange)
+         length = 202 (0x0000ca)
+         type = 14 (server_hello_done)
+         length = 0 (0x000000)
+   }
+}
+]
+\-\-> [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 68 (0x44)
+   handshake {
+         type = 16 (client_key_exchange)
+         length = 64 (0x000040)
+            ClientKeyExchange {
+               message = {\&.\&.\&.}
+            }
+   }
+}
+]
+\-\-> [
+SSLRecord {
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+}
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               > encrypted >
+}
+]
+>\-\- [
+SSLRecord {
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+}
+]
+>\-\- [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               > encrypted >
+}
+]
+\-\-> [
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 287 (0x11f)
+               > encrypted >
+}
+]
+[
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 160 (0xa0)
+               > encrypted >
+}
+]
+>\-\- [
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 223 (0xdf)
+               > encrypted >
+}
+SSLRecord {
+   type    = 21 (alert)
+   version = { 3,0 }
+   length  = 18 (0x12)
+               > encrypted >
+}
+]
+Server socket closed\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Example 3
+.PP
+In this example, the \-h option turns hex/ASCII format\&. There is no SSL parsing or decoding\&. The output is routed to a text file\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ ssltap \-h  \-p 444 interzone\&.mcom\&.com:443 > h\&.txt
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Output
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+Connected to interzone\&.mcom\&.com:443
+\-\-> [
+   0: 80 40 01 03  00 00 27 00  00 00 10 01  00 80 02 00  | \&.@\&.\&.\&.\&.\*(Aq\&.\&.\&.\&.\&.\&.\&.\&.\&.
+   10: 80 03 00 80  04 00 80 06  00 40 07 00  c0 00 00 04  | \&.\&.\&.\&.\&.\&.\&.\&.\&.@\&.\&.\&.\&.\&.\&.
+   20: 00 ff e0 00  00 0a 00 ff  e1 00 00 09  00 00 03 00  | \&.\&.\&.\&.\&.\&.\&.\&.\('a\&.\&.\&.\&.\&.\&.\&.
+   30: 00 06 9b fe  5b 56 96 49  1f 9f ca dd  d5 ba b9 52  | \&.\&.\(Tp[V\&.I\&.\exd9 \&.\&.\&.\(Om\(S1R
+   40: 6f 2d                                            |o\-
+]
+<\-\- [
+   0: 16 03 00 03  e5 02 00 00  46 03 00 7f  e5 0d 1b 1d  | \&.\&.\&.\&.\&.\&.\&.\&.F\&.\&.\&.\&.\&.\&.\&.
+   10: 68 7f 3a 79  60 d5 17 3c  1d 9c 96 b3  88 d2 69 3b  | h\&.:y`\&.\&.<\&.\&.\(S3\&.\(`Oi;
+   20: 78 e2 4b 8b  a6 52 12 4b  46 e8 c2 20  14 11 89 05  | x\&.K\&.\(bbR\&.KF\(`e\&. \&.\&.\&.
+   30: 4d 52 91 fd  93 e0 51 48  91 90 08 96  c1 b6 76 77  | MR\&.\('y\&.\&.QH\&.\&.\&.\&.\&.\(psvw
+   40: 2a f4 00 08  a1 06 61 a2  64 1f 2e 9b  00 03 00 0b  | *\(^o\&.\&.\(r!\&.a\(ctd\&.\&.\&.\&.\&.\&.
+   50: 00 02 c5 00  02 c2 00 02  bf 30 82 02  bb 30 82 02  | \&.\&.\(oA\&.\&.\&.\&.\&.\&.0\&.\&.\&.0\&.\&.
+   60: 24 a0 03 02  01 02 02 02  01 36 30 0d  06 09 2a 86  | $ \&.\&.\&.\&.\&.\&.\&.60\&.\&.\&.*\&.
+   70: 48 86 f7 0d  01 01 04 05  00 30 77 31  0b 30 09 06  | H\&.\(di\&.\&.\&.\&.\&.\&.0w1\&.0\&.\&.
+   80: 03 55 04 06  13 02 55 53  31 2c 30 2a  06 03 55 04  | \&.U\&.\&.\&.\&.US1,0*\&.\&.U\&.
+   90: 0a 13 23 4e  65 74 73 63  61 70 65 20  43 6f 6d 6d  | \&.\&.#Netscape Comm
+   a0: 75 6e 69 63  61 74 69 6f  6e 73 20 43  6f 72 70 6f  | unications Corpo
+   b0: 72 61 74 69  6f 6e 31 11  30 0f 06 03  55 04 0b 13  | ration1\&.0\&.\&.\&.U\&.\&.\&.
+   c0: 08 48 61 72  64 63 6f 72  65 31 27 30  25 06 03 55  | \&.Hardcore1\*(Aq0%\&.\&.U
+   d0: 04 03 13 1e  48 61 72 64  63 6f 72 65  20 43 65 72  | \&.\&.\&.\&.Hardcore Cer
+   e0: 74 69 66 69  63 61 74 65  20 53 65 72  76 65 72 20  | tificate Server
+   f0: 49 49 30 1e  17 0d 39 38  30 35 31 36  30 31 30 33  | II0\&.\&.\&.9805160103
+<additional data lines>
+]
+<additional records in same format>
+Server socket closed\&.
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Example 4
+.PP
+In this example, the \-s option turns on SSL parsing, and the \-h option turns on hex/ASCII format\&. Both formats are shown for each record\&. The output is routed to a text file\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+$ ssltap \-hs \-p 444 interzone\&.mcom\&.com:443 > hs\&.txt
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Output
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+Connected to interzone\&.mcom\&.com:443
+\-\-> [
+   0: 80 3d 01 03  00 00 24 00  00 00 10 01  00 80 02 00  | \&.=\&.\&.\&.\&.$\&.\&.\&.\&.\&.\&.\&.\&.\&.
+   10: 80 03 00 80  04 00 80 06  00 40 07 00  c0 00 00 04  | \&.\&.\&.\&.\&.\&.\&.\&.\&.@\&.\&.\&.\&.\&.\&.
+   20: 00 ff e0 00  00 0a 00 ff  e1 00 00 09  00 00 03 03  | \&.\&.\&.\&.\&.\&.\&.\&.\('a\&.\&.\&.\&.\&.\&.\&.
+   30: 55 e6 e4 99  79 c7 d7 2c  86 78 96 5d  b5 cf e9     |U\&.\&.y\(,C\exb0 ,\&.x\&.]\(mc\(:I\('e
+alloclen = 63 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher\-specs\-length = 36 (0x24)
+            sid\-length = 0 (0x00)
+            challenge\-length = 16 (0x10)
+            cipher\-suites = {
+                  (0x010080) SSL2/RSA/RC4\-128/MD5
+                  (0x020080) SSL2/RSA/RC4\-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x040080) SSL2/RSA/RC2CBC40/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE\-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4\-128/MD5
+                  (0x00ffe0) SSL3/RSA\-FIPS/3DES192EDE\-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE\-CBC/SHA
+                  (0x00ffe1) SSL3/RSA\-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4\-40/MD5
+                  }
+            session\-id = { }
+            challenge = { 0x0355 0xe6e4 0x9979 0xc7d7 0x2c86 0x7896 0x5db
+
+0xcfe9 }
+}
+]
+<additional records in same formats>
+Server socket closed\&.
+.fi
+.if n \{\
+.RE
+.\}
+.SH "USAGE TIPS"
+.PP
+When SSL restarts a previous session, it makes use of cached information to do a partial handshake\&. If you wish to capture a full SSL handshake, restart the browser to clear the session id cache\&.
+.PP
+If you run the tool on a machine other than the SSL server to which you are trying to connect, the browser will complain that the host name you are trying to connect to is different from the certificate\&. If you are using the default BadCert callback, you can still connect through a dialog\&. If you are not using the default BadCert callback, the one you supply must allow for this possibility\&.
+.SH "SEE ALSO"
+.PP
+The NSS Security Tools are also documented at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&\s-2\u[2]\d\s+2\&.
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
+.IP " 2." 4
+http://www.mozilla.org/projects/security/pki/nss/
+.RS 4
+\%http://www.mozilla.org/projects/security/pki/nss/tools
+.RE
diff --git a/nss/doc/nroff/vfychain.1 b/nss/doc/nroff/vfychain.1
new file mode 100644
index 0000000..d5e37e4
--- /dev/null
+++ b/nss/doc/nroff/vfychain.1
@@ -0,0 +1,169 @@
+'\" t
+.\"     Title: VFYCHAIN
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&.
+.SH "SYNOPSIS"
+.HP \w'\fBvfychain\fR\ 'u
+\fBvfychain\fR
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The verification Tool,
+\fBvfychain\fR, verifies certificate chains\&.
+\fBmodutil\fR
+can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.
+.PP
+The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.
+.SH "OPTIONS"
+.PP
+\fB\-a\fR
+.RS 4
+the following certfile is base64 encoded
+.RE
+.PP
+\fB\-b \fR \fIYYMMDDHHMMZ\fR
+.RS 4
+Validate date (default: now)
+.RE
+.PP
+\fB\-d \fR \fIdirectory\fR
+.RS 4
+database directory
+.RE
+.PP
+\fB\-f \fR
+.RS 4
+Enable cert fetching from AIA URL
+.RE
+.PP
+\fB\-o \fR \fIoid\fR
+.RS 4
+Set policy OID for cert validation(Format OID\&.1\&.2\&.3)
+.RE
+.PP
+\fB\-p \fR
+.RS 4
+Use PKIX Library to validate certificate by calling:
+.sp
+* CERT_VerifyCertificate if specified once,
+.sp
+* CERT_PKIXVerifyCert if specified twice and more\&.
+.RE
+.PP
+\fB\-r \fR
+.RS 4
+Following certfile is raw binary DER (default)
+.RE
+.PP
+\fB\-t\fR
+.RS 4
+Following cert is explicitly trusted (overrides db trust)
+.RE
+.PP
+\fB\-u \fR \fIusage\fR
+.RS 4
+0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
+.RE
+.PP
+\fB\-T \fR
+.RS 4
+Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.)
+.RE
+.PP
+\fB\-v \fR
+.RS 4
+Verbose mode\&. Prints root cert subject(double the argument for whole root cert info)
+.RE
+.PP
+\fB\-w \fR \fIpassword\fR
+.RS 4
+Database password
+.RE
+.PP
+\fB\-W \fR \fIpwfile\fR
+.RS 4
+Password file
+.RE
+.PP
+.RS 4
+Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&.
+.sp
+Where:
+.RE
+.PP
+\fB\-g \fR \fItest\-type\fR
+.RS 4
+Sets status checking test type\&. Possible values are "leaf" or "chain"
+.RE
+.PP
+\fB\-g \fR \fItest type\fR
+.RS 4
+Sets status checking test type\&. Possible values are "leaf" or "chain"\&.
+.RE
+.PP
+\fB\-h \fR \fItest flags\fR
+.RS 4
+Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&.
+.RE
+.PP
+\fB\-m \fR \fImethod type\fR
+.RS 4
+Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&.
+.RE
+.PP
+\fB\-s \fR \fImethod flags\fR
+.RS 4
+Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&.
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/nroff/vfyserv.1 b/nss/doc/nroff/vfyserv.1
new file mode 100644
index 0000000..ffe5f36
--- /dev/null
+++ b/nss/doc/nroff/vfyserv.1
@@ -0,0 +1,70 @@
+'\" t
+.\"     Title: VFYSERV
+.\"    Author: [see the "Authors" section]
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date:  5 June 2014
+.\"    Manual: NSS Security Tools
+.\"    Source: nss-tools
+.\"  Language: English
+.\"
+.TH "VFYSERV" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+vfyserv_ \- TBD
+.SH "SYNOPSIS"
+.HP \w'\fBvfyserv\fR\ 'u
+\fBvfyserv\fR
+.SH "STATUS"
+.PP
+This documentation is still work in progress\&. Please contribute to the initial review in
+\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
+.SH "DESCRIPTION"
+.PP
+The
+\fBvfyserv \fR
+tool verifies a certificate chain
+.SH "OPTIONS"
+.PP
+.RS 4
+.sp
+.RE
+.SH "ADDITIONAL RESOURCES"
+.PP
+For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
+\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
+.PP
+Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
+.PP
+IRC: Freenode at #dogtag\-pki
+.SH "AUTHORS"
+.PP
+The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
+.PP
+Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
+.SH "LICENSE"
+.PP
+Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
+.SH "NOTES"
+.IP " 1." 4
+Mozilla NSS bug 836477
+.RS 4
+\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
+.RE
diff --git a/nss/doc/pk12util.xml b/nss/doc/pk12util.xml
new file mode 100644
index 0000000..03ee356
--- /dev/null
+++ b/nss/doc/pk12util.xml
@@ -0,0 +1,478 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="pk12util">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>PK12UTIL</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>pk12util</refname>
+    <refpurpose>Export and import keys and certificate to or from a PKCS #12 file and the NSS database</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>pk12util</command>
+      <arg>-i p12File|-l p12File|-o p12File</arg>
+      <arg>-d [sql:]directory</arg>
+      <arg>-h tokenname</arg>
+      <arg>-P dbprefix</arg>
+      <arg>-r</arg>
+      <arg>-v</arg>
+      <arg>-k slotPasswordFile|-K slotPassword</arg>
+      <arg>-w p12filePasswordFile|-W p12filePassword</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+    <para>The PKCS #12 utility, <command>pk12util</command>, enables sharing certificates among any server that supports PKCS#12. The tool can import certificates and keys from PKCS#12 files into security databases, export certificates, and list certificates and keys.</para>
+  </refsection>
+  
+  <refsection id="options">
+    <title>Options and Arguments</title>
+    <para><command>Options</command></para>
+    <variablelist>
+      <varlistentry>
+        <term>-i p12file</term>
+        <listitem><para>Import keys and certificates from a PKCS#12 file into a security database.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-l p12file</term>
+        <listitem><para>List the keys and certificates in PKCS#12 file.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-o p12file</term>
+        <listitem><para>Export keys and certificates from the security database to a PKCS#12 file.</para></listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para><command>Arguments</command></para>
+    <variablelist>
+      <varlistentry>
+        <term>-c keyCipher</term>
+        <listitem><para>Specify the key encryption algorithm.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-C certCipher</term>
+        <listitem><para>Specify the key cert (overall package) encryption algorithm.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-d [sql:]directory</term>
+        <listitem><para>Specify the database directory into which to import to or export from certificates and keys.</para>
+	<para><command>pk12util</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>sql:</command> is not used, then the tool assumes that the given databases are in the old format.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-h tokenname</term>
+        <listitem><para>Specify the name of the token to import into or export from.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-k slotPasswordFile</term>
+        <listitem><para>Specify the text file containing the slot's password.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-K slotPassword</term>
+        <listitem><para>Specify the slot's password.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-m | --key-len  keyLength</term>
+        <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the private key.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-n | --cert-key-len  certKeyLength</term>
+        <listitem><para>Specify the desired length of the symmetric key to be used to encrypt the certificates and other meta-data.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-n certname</term>
+        <listitem><para>Specify the nickname of the cert and private key to export.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-P prefix</term>
+        <listitem><para>Specify the prefix used on the certificate and key databases. This option is provided as a special case. 
+          Changing the names of the certificate and key databases is not recommended.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-r</term>
+        <listitem><para>Dumps all of the data in raw (binary) form. This must be saved as a DER file. The default is to return information in a pretty-print ASCII format, which displays the information about the certificates and public keys in the p12 file.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-v </term>
+        <listitem><para>Enable debug logging when importing.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-w p12filePasswordFile</term>
+        <listitem><para>Specify the text file containing the pkcs #12 file password.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-W p12filePassword</term>
+        <listitem><para>Specify the pkcs #12 file password.</para></listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsection>
+
+  <refsection id="return-codes">
+    <title>Return Codes</title>
+	<itemizedlist>
+	<listitem>
+        <para> 0 - No error</para>
+	</listitem>
+	<listitem>
+        <para> 1 - User Cancelled</para>
+	</listitem>
+	<listitem>
+        <para> 2 - Usage error</para>
+	</listitem>
+	<listitem>
+        <para> 6 - NLS init error</para>
+	</listitem>
+	<listitem>
+        <para> 8 - Certificate DB open error</para>
+	</listitem>
+	<listitem>
+        <para> 9 - Key DB open error</para>
+	</listitem>
+	<listitem>
+        <para> 10 - File initialization error</para>
+	</listitem>
+	<listitem>
+        <para> 11 - Unicode conversion error</para>
+	</listitem>
+	<listitem>
+        <para> 12 - Temporary file creation error</para>
+	</listitem>
+	<listitem>
+        <para> 13 - PKCS11 get slot error</para>
+	</listitem>
+	<listitem>
+        <para> 14 - PKCS12 decoder start error</para>
+	</listitem>
+	<listitem>
+        <para> 15 - error read from import file</para>
+	</listitem>
+	<listitem>
+        <para> 16 - pkcs12 decode error</para>
+	</listitem>
+	<listitem>
+        <para> 17 - pkcs12 decoder verify error</para>
+	</listitem>
+	<listitem>
+        <para> 18 - pkcs12 decoder validate bags error</para>
+	</listitem>
+	<listitem>
+        <para> 19 - pkcs12 decoder import bags error</para>
+	</listitem>
+	<listitem>
+        <para> 20 - key db conversion version 3 to version 2 error</para>
+	</listitem>
+	<listitem>
+        <para> 21 - cert db conversion version 7 to version 5 error</para>
+	</listitem>
+	<listitem>
+        <para> 22 - cert and key dbs patch error</para>
+	</listitem>
+	<listitem>
+        <para> 23 - get default cert db error</para>
+	</listitem>
+	<listitem>
+        <para> 24 - find cert by nickname error</para>
+	</listitem>
+	<listitem>
+        <para> 25 - create export context error</para>
+	</listitem>
+	<listitem>
+        <para> 26 - PKCS12 add password itegrity error</para>
+	</listitem>
+	<listitem>
+        <para> 27 - cert and key Safes creation error</para>
+	</listitem>
+	<listitem>
+        <para> 28 - PKCS12 add cert and key error</para>
+	</listitem>
+	<listitem>
+        <para> 29 - PKCS12 encode error</para>
+	</listitem>
+	</itemizedlist>
+  </refsection>
+
+  <refsection id="examples">
+    <title>Examples</title>
+    <para><command>Importing Keys and Certificates</command></para>
+    <para>The most basic usage of <command>pk12util</command> for importing a certificate or key is the PKCS#12 input file (<option>-i</option>) and some way to specify the security database being accessed (either <option>-d</option> for a directory or <option>-h</option> for a token).
+    </para>
+    <para>
+    pk12util -i p12File [-h tokenname] [-v] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]
+    </para>
+    <para>For example:</para>
+    <para> </para>
+    <programlisting># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb
+
+Enter a password which will be used to encrypt your keys.
+The password should be at least 8 characters long,
+and should contain at least one non-alphabetic character.
+
+Enter new password: 
+Re-enter password: 
+Enter password for PKCS12 file: 
+pk12util: PKCS12 IMPORT SUCCESSFUL</programlisting>
+
+    <para><command>Exporting Keys and Certificates</command></para>
+    <para>Using the <command>pk12util</command> command to export certificates and keys requires both the name of the certificate to extract from the database (<option>-n</option>) and the PKCS#12-formatted output file to write to. There are optional parameters that can be used to encrypt the file to protect the certificate material.
+    </para>
+    <para>pk12util -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para>
+    <para>For example:</para>
+    <programlisting># pk12util -o certs.p12 -n Server-Cert -d sql:/home/my/sharednssdb
+Enter password for PKCS12 file: 
+Re-enter password: </programlisting>
+
+    <para><command>Listing Keys and Certificates</command></para>
+    <para>The information in a <filename>.p12</filename> file are not human-readable. The certificates and keys in the file can be printed (listed) in a human-readable pretty-print format that shows information for every certificate and any public keys in the <filename>.p12</filename> file.
+    </para>
+    <para>pk12util -l p12File [-h tokenname] [-r] [-d [sql:]directory] [-P dbprefix] [-k slotPasswordFile|-K slotPassword] [-w p12filePasswordFile|-W p12filePassword]</para>
+    <para>For example, this prints the default ASCII output:</para>
+    <programlisting># pk12util -l certs.p12
+
+Enter password for PKCS12 file: 
+Key(shrouded):
+    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+
+    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
+        Parameters:
+            Salt:
+                45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f
+            Iteration Count: 1 (0x1)
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 13 (0xd)
+        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
+        Issuer: "E=personal-freemail@thawte.com,CN=Thawte Personal Freemail C
+            A,OU=Certification Services Division,O=Thawte Consulting,L=Cape T
+            own,ST=Western Cape,C=ZA"
+    </programlisting>
+    <para>Alternatively, the <option>-r</option> prints the certificates and then exports them into separate DER binary files. This allows the certificates to be fed to another application that supports <filename>.p12</filename> files. Each certificate is written to a sequentially-number file, beginning with <filename>file0001.der</filename> and continuing through <filename>file000N.der</filename>, incrementing the number for every certificate:</para>
+    <programlisting>pk12util -l test.p12 -r
+Enter password for PKCS12 file: 
+Key(shrouded):
+    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+
+    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
+        Parameters:
+            Salt:
+                45:2e:6a:a0:03:4d:7b:a1:63:3c:15:ea:67:37:62:1f
+            Iteration Count: 1 (0x1)
+Certificate    Friendly Name: Thawte Personal Freemail Issuing CA - Thawte Consulting
+
+Certificate    Friendly Name: Thawte Freemail Member's Thawte Consulting (Pty) Ltd. ID
+    </programlisting>
+  </refsection>
+
+  <refsection id="encryption">
+    <title>Password Encryption</title>
+    <para>PKCS#12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS#12 file and, optionally, the entire package. If no algorithm is specified, the tool defaults to using <command>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</command> for private key encryption. <command>PKCS12 V2 PBE with SHA1 and 40 Bit RC4</command> is the default for the overall package encryption when not in FIPS mode. When in FIPS mode, there is no package encryption.</para>
+    <para>The private key is always protected with strong encryption by default.</para>
+    <para>Several types of ciphers are supported.</para>
+    <variablelist>
+    
+      <varlistentry>
+        <term>Symmetric CBC ciphers for PKCS#5 V2</term>
+        <listitem>
+	     <itemizedlist>
+	       <listitem><para>DES-CBC</para></listitem>
+	       <listitem><para>RC2-CBC</para></listitem>
+	       <listitem><para>RC5-CBCPad</para></listitem>
+	       <listitem><para>DES-EDE3-CBC (the default for key encryption)</para></listitem>
+	       <listitem><para>AES-128-CBC</para></listitem>
+	       <listitem><para>AES-192-CBC</para></listitem>
+	       <listitem><para>AES-256-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-128-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-192-CBC</para></listitem>
+	       <listitem><para>CAMELLIA-256-CBC</para></listitem>
+	     </itemizedlist>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>PKCS#12 PBE ciphers</term>
+        <listitem>
+	     <itemizedlist>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and Triple DES CBC</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para></listitem>
+	       <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem>
+	     </itemizedlist>
+        </listitem>
+      </varlistentry>
+        <varlistentry><term>PKCS#5 PBE ciphers</term>
+        <listitem>
+	     <itemizedlist>
+	       <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para></listitem>
+	       <listitem><para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para></listitem>
+	       <listitem><para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem>
+	     </itemizedlist>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+    <para>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para>
+  </refsection>
+
+<refsection id="databases"><title>NSS Database Types</title>
+<para>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <emphasis>legacy</emphasis> databases are:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert8.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key3.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			secmod.db for PKCS #11 module information
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</para>
+
+<para>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkleyDB. These new databases provide more accessibility and performance:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert9.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key4.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
+
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <command>sql:</command> prefix with the given security directory. For example:</para>
+
+<programlisting># pk12util -i /tmp/cert-files/users.p12 -d sql:/home/my/sharednssdb</programlisting>
+
+<para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para>
+<programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting>
+
+<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para>
+
+<para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+	</listitem>
+</itemizedlist>
+<para>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</para>
+	</listitem>
+</itemizedlist>
+</refsection>
+
+  <refsection id="seealso">
+    <title>See Also</title>
+    <para>certutil (1)</para>
+    <para>modutil (1)</para>
+
+	<para>The NSS wiki has information on the new database design and how to configure applications to use it.</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+	</listitem>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</para>
+	</listitem>
+</itemizedlist>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/pp.xml b/nss/doc/pp.xml
new file mode 100644
index 0000000..24efdf8
--- /dev/null
+++ b/nss/doc/pp.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="pp">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>PP</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>pp</refname>
+    <refpurpose>Prints certificates, keys, crls, and pkcs7 files</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>pp -t type [-a] [-i input] [-o output] [-u] [-w]</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+  
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection>
+    <title>Description</title>
+
+    <para><command>pp </command>pretty-prints private and public key, certificate, certificate-request,
+                     pkcs7 or crl files
+    </para>
+
+  </refsection>
+
+<refsection>
+    <title>Options</title>
+    
+    <variablelist>
+
+      <varlistentry>
+        <term><option>-t </option> <replaceable>type</replaceable></term>
+        <listitem>
+          <simpara>specify the input, one of {private-key | public-key | certificate | certificate-request | pkcs7 | crl}</simpara>
+          <simpara></simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-a </option></term>
+        <listitem>
+          <simpara>Input is in ascii encoded form (RFC1113)</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-i </option> <replaceable>inputfile</replaceable></term>
+        <listitem>
+          <simpara>Define an input file to use (default is stdin)</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-o </option> <replaceable>outputfile</replaceable></term>
+        <listitem>
+          <simpara>Define an output file to use (default is stdout)</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-u </option> </term>
+        <listitem>
+          <simpara>Use UTF-8 (default is to show non-ascii as .)</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-w </option> </term>
+        <listitem>
+          <simpara>Don't wrap long output lines</simpara>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsection>
+
+  <refsection id="resources">
+    <title>Additional Resources</title>
+    <para>NSS is maintained in conjunction with PKI and security-related projects through Mozilla and Fedora. The most closely-related project is Dogtag PKI, with a project wiki at <ulink url="http://pki.fedoraproject.org/wiki/">PKI Wiki</ulink>. </para>
+	<para>For information specifically about NSS, the NSS project wiki is located at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">Mozilla NSS site</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: pki-devel@redhat.com and pki-users@redhat.com</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/signtool.xml b/nss/doc/signtool.xml
new file mode 100644
index 0000000..3a6c208
--- /dev/null
+++ b/nss/doc/signtool.xml
@@ -0,0 +1,681 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="signtool">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>signtool</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>signtool</refname>
+    <refpurpose>Digitally sign objects and files.</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>signtool</command>
+      <arg>[-b basename]</arg>
+      <arg>[-c Compression Level] </arg>
+      <arg>[-d cert-dir] </arg>
+      <arg>[-e extension] </arg>
+      <arg>[-f filename] </arg>
+      <arg>[-i installer script] </arg>
+      <arg>[-h]</arg>
+      <arg>[-H]</arg>
+      <arg>[-v]</arg>
+      <arg>[-w]</arg>
+      <arg>[-G nickname]</arg>
+      <arg>[-J]</arg>
+      <arg>[-j directory] </arg>
+      <arg>-k keyName</arg>
+      <arg>[--keysize | -s size]</arg>
+      <arg>[-l]</arg>
+      <arg>[-L]</arg>
+      <arg>[-M]</arg>
+      <arg>[-m metafile] </arg>
+      <arg>[--norecurse] </arg>
+      <arg>[-O] </arg>
+      <arg>[-o] </arg>
+      <arg>[--outfile] </arg>
+      <arg>[-p password] </arg>
+      <arg>[-t|--token tokenname] </arg>
+      <arg>[-z] </arg>
+      <arg>[-X] </arg>
+      <arg>[-x name] </arg>
+      <arg>[--verbose value] </arg>
+      <arg>[--leavearc] </arg>
+      <arg>[-Z jarfile] </arg>
+      <arg>directory-tree</arg>
+      <arg>archive</arg>
+<!-- this isn't the ideal formatting, since docbook can handle reqiored/optional formatting automatically, but let's make it explicit -->
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+
+    <para>The Signing Tool, <command>signtool</command>, creates digital signatures and uses a Java Archive (JAR) file to associate the signatures with files in a directory. Electronic software distribution over any network involves potential security problems. To help address some of these problems, you can associate digital signatures with the files in a JAR archive. Digital signatures allow SSL-enabled clients to perform two important operations:</para>
+    <para>* Confirm the identity of the individual, company, or other entity whose digital signature is associated with the files</para>
+    <para>* Check whether the files have been tampered with since being signed</para>
+    <para>If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file. An object-signing certificate is a special kind of certificate that allows you to associate your digital signature with one or more files.</para>
+    <para>An individual file can potentially be signed with multiple digital signatures. For example, a commercial software developer might sign the files that constitute a software product to prove that the files are indeed from a particular company. A network administrator manager might sign the same files with an additional digital signature based on a company-generated certificate to indicate that the product is approved for use within the company.</para>
+   <para>The significance of a digital signature is comparable to the significance of a handwritten signature. Once you have signed a file, it is difficult to claim later that you didn't sign it. In some situations, a digital signature may be considered as legally binding as a handwritten signature. Therefore, you should take great care to ensure that you can stand behind any file you sign and distribute.</para>
+   <para>For example, if you are a software developer, you should test your code to make sure it is virus-free before signing it. Similarly, if you are a network administrator, you should make sure, before signing any code, that it comes from a reliable source and will run correctly with the software installed on the machines to which you are distributing it.</para>
+    <para>Before you can use Netscape Signing Tool to sign files, you must have an object-signing certificate, which is a special certificate whose associated private key is used to create digital signatures. For testing purposes only, you can create an object-signing certificate with Netscape Signing Tool 1.3. When testing is finished and you are ready to disitribute your software, you should obtain an object-signing certificate from one of two kinds of sources:</para>
+    <para>* An independent certificate authority (CA) that authenticates your identity and charges you a fee. You typically get a certificate from an independent CA if you want to sign software that will be distributed over the Internet.</para>
+    <para>* CA server software running on your corporate intranet or extranet. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object-signing certificates.</para>
+    <para>You must also have a certificate for the CA that issues your signing certificate before you can sign files. If the certificate authority's certificate isn't already installed in your copy of Communicator, you typically install it by clicking the appropriate link on the certificate authority's web site, for example on the page from which you initiated enrollment for your signing certificate. This is the case for some test certificates, as well as certificates issued by Netscape Certificate Management System: you must download the the CA certificate in addition to obtaining your own signing certificate. CA certificates for several certificate authorities are preinstalled in the Communicator certificate database.</para>
+    <para>When you receive an object-signing certificate for your own use, it is automatically installed in your copy of the Communicator client software. Communicator supports the public-key cryptography standard known as PKCS #12, which governs key portability. You can, for example, move an object-signing certificate and its associated private key from one computer to another on a credit-card-sized device called a smart card.</para>
+  </refsection>
+  
+  <refsection id="options">
+    <title>Options</title>
+
+<!-- for the moment, I can't find a way for italics and bold tags to work in varlist entries --> 
+    <variablelist>
+      <varlistentry>
+        <term>-b basename</term>
+        <listitem><para>Specifies the base filename for the .rsa and .sf files in the META-INF directory to conform with the JAR format. For example, <emphasis>-b signatures</emphasis> causes the files to be named signatures.rsa and signatures.sf. The default is signtool.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-c#</term>
+	<listitem><para>
+	Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes.
+
+If the -c# option is not used with either the -J or the -Z option, the default compression value used by both the -J and -Z options is 6.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-d certdir</term>
+			<listitem><para>
+	Specifies your certificate database directory; that is, the directory in which you placed your key3.db and cert7.db files. To specify the current directory, use "-d." (including the period).
+
+The Unix version of signtool assumes ~/.netscape unless told otherwise. The NT version of signtool always requires the use of the -d option to specify where the database files are located.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-e extension</term>
+			<listitem><para>
+	Tells signtool to sign only files with the given extension; for example, use -e".class" to sign only Java class files. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify multiple file types or classes to include.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-f commandfile</term>
+			<listitem><para>
+	Specifies a text file containing Netscape Signing Tool options and arguments in keyword=value format. All options and arguments can be expressed through this file. For more information about the syntax used with this file, see "Tips and Techniques".
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-G nickname</term>
+        <listitem><para>
+	Generates a new private-public key pair and corresponding object-signing certificate with the given nickname.
+
+The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert.
+
+Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects.
+
+The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token.
+        </para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-i scriptname</term>
+        <listitem><para>
+Specifies the name of an installer script for SmartUpdate. This script installs files from the JAR archive in the local system after SmartUpdate has validated the digital signature. For more details, see the description of -m that follows. The -i option provides a straightforward way to provide this information if you don't need to specify any metadata other than an installer script.
+        </para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-J</term>
+        <listitem>
+          <para>
+Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once.
+
+The -J option is available only in Netscape Signing Tool 1.0 and later versions. The -J option cannot be used at the same time as the -Z option.
+
+If the -c# option is not used with the -J option, the default compression value is 6.
+
+Note that versions 1.1 and later of Netscape Signing Tool correctly recognizes the CODEBASE attribute, allows paths to be expressed for the CLASS and SRC attributes instead of filenames only, processes LINK tags and parses HTML correctly, and offers clearer error messages.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-j directory</term>
+			<listitem><para>
+	Specifies a special JavaScript directory. This option causes the specified directory to be signed and tags its entries as inline JavaScript. This special type of entry does not have to appear in the JAR file itself. Instead, it is located in the HTML page containing the inline scripts. When you use signtool -v, these entries are displayed with the string NOT PRESENT.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-k key ... directory</term>
+			<listitem><para>
+	Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument. Thus, it is possible to write
+
+signtool -k MyCert -d . signdir
+
+You may have trouble if the nickname contains a single quotation mark. To avoid problems, escape the quotation mark using the escape conventions for your platform.
+
+It's also possible to use the -k option without signing any files or specifying a directory. For example, you can use it with the -l option to get detailed information about a particular signing certificate.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-l</term>
+			<listitem><para>
+	Lists signing certificates, including issuing CAs. If any of your certificates are expired or invalid, the list will so specify. This option can be used with the -k option to list detailed information about a particular signing certificate.
+
+The -l option is available in Netscape Signing Tool 1.0 and later versions only.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-L</term>
+			<listitem><para>
+	Lists the certificates in your database. An asterisk appears to the left of the nickname for any certificate that can be used to sign objects with signtool.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>--leavearc</term>
+			<listitem><para>
+	Retains the temporary .arc (archive) directories that the -J option creates. These directories are automatically erased by default. Retaining the temporary directories can be an aid to debugging.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-m metafile</term>
+			<listitem><para>
+	Specifies the name of a metadata control file. Metadata is signed information attached either to the JAR archive itself or to files within the archive. This metadata can be any ASCII string, but is used mainly for specifying an installer script.
+
+The metadata file contains one entry per line, each with three fields:
+
+field #1: file specification, or + if you want to specify global metadata (that is, metadata about the JAR archive itself or all entries in the archive)
+field #2: the name of the data you are specifying; for example: Install-Script
+field #3: data corresponding to the name in field #2
+
+For example, the -i option uses the equivalent of this line:
+
++ Install-Script: script.js
+
+
+This example associates a MIME type with a file:
+
+movie.qt MIME-Type: video/quicktime
+
+For information about the way installer script information appears in the manifest file for a JAR archive, see The JAR Format on Netscape DevEdge.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-M</term>
+			<listitem><para>
+	Lists the PKCS #11 modules available to signtool, including smart cards.
+
+The -M option is available in Netscape Signing Tool 1.0 and later versions only.
+
+For information on using Netscape Signing Tool with smart cards, see "Using Netscape Signing Tool with Smart Cards".
+
+For information on using the -M option to verify FIPS-140-1 validated mode, see "Netscape Signing Tool and FIPS-140-1".
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>--norecurse</term>
+			<listitem><para>
+	Blocks recursion into subdirectories when signing a directory's contents or when parsing HTML.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-o</term>
+			<listitem><para>
+	Optimizes the archive for size. Use this only if you are signing very large archives containing hundreds of files. This option makes the manifest files (required by the JAR format) considerably smaller, but they contain slightly less information.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>--outfile outputfile</term>
+			<listitem><para>
+	Specifies a file to receive redirected output from Netscape Signing Tool.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-p password</term>
+			<listitem><para>
+	Specifies a password for the private-key database. Note that the password entered on the command line is displayed as plain text.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-s keysize</term>
+			<listitem><para>
+	Specifies the size of the key for generated certificate. Use the -M option to find out what tokens are available.
+
+The -s option can be used with the -G option only.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-t token</term>
+			<listitem><para>
+	Specifies which available token should generate the key and receive the certificate. Use the -M option to find out what tokens are available.
+
+The -t option can be used with the -G option only.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-v archive</term>
+			<listitem><para>
+	Displays the contents of an archive and verifies the cryptographic integrity of the digital signatures it contains and the files with which they are associated. This includes checking that the certificate for the issuer of the object-signing certificate is listed in the certificate database, that the CA's digital signature on the object-signing certificate is valid, that the relevant certificates have not expired, and so on.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>--verbosity value</term>
+			<listitem><para>
+	Sets the quantity of information Netscape Signing Tool generates in operation. A value of 0 (zero) is the default and gives full information. A value of -1 suppresses most messages, but not error messages.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-w archive</term>
+			<listitem><para>
+	Displays the names of signers of any files in the archive.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-x directory</term>
+			<listitem><para>
+	Excludes the specified directory from signing. Note that with Netscape Signing Tool version 1.1 and later this option can appear multiple times on one command line, making it possible to specify several particular directories to exclude.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-z</term>
+			<listitem><para>
+	Tells signtool not to store the signing time in the digital signature. This option is useful if you want the expiration date of the signature checked against the current date and time rather than the time the files were signed.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-Z jarfile</term>
+			<listitem><para>
+	Creates a JAR file with the specified name. You must specify this option if you want signtool to create the JAR file; it does not do so automatically. If you don't specify -Z, you must use an external ZIP tool to create the JAR file.
+
+The -Z option cannot be used at the same time as the -J option.
+
+If the -c# option is not used with the -Z option, the default compression value is 6.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsection>
+
+  <refsection id="command-file">
+    <title>The Command File Format</title>
+    <para>Entries in a Netscape Signing Tool command file have this general format:
+keyword=value
+
+Everything before the = sign on a single line is a keyword, and everything from the = sign to the end of line is a value. The value may include = signs; only the first = sign on a line is interpreted. Blank lines are ignored, but white space on a line with keywords and values is assumed to be part of the keyword (if it comes before the equal sign) or part of the value (if it comes after the first equal sign). Keywords are case insensitive, values are generally case sensitive. Since the = sign and newline delimit the value, it should not be quoted. </para>
+<!-- i'm working on a decent way to do embedded subsections; for now, just use a bold tag to show a new section -->
+	<para><command>Subsection</command></para>
+	<variablelist>
+		<varlistentry>
+			<term>basename</term>
+			<listitem><para>Same as -b option.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>compression</term>
+			<listitem><para>
+	Same as -c option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>certdir</term>
+			<listitem><para>
+	Same as -d option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>extension</term>
+			<listitem><para>
+	Same as -e option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>generate</term>
+			<listitem><para>
+	Same as -G option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>installscript</term>
+			<listitem><para>
+	Same as -i option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>javascriptdir</term>
+			<listitem><para>
+	Same as -j option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>htmldir</term>
+			<listitem><para>
+	Same as -J option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>certname</term>
+			<listitem><para>
+	Nickname of certificate, as with -k and -l -k options.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>signdir</term>
+			<listitem><para>
+	The directory to be signed, as with -k option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>list</term>
+			<listitem><para>
+	Same as -l option. Value is ignored, but = sign must be present.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>listall</term>
+			<listitem><para>
+	Same as -L option. Value is ignored, but = sign must be present.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>metafile</term>
+			<listitem><para>
+	Same as -m option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>modules</term>
+			<listitem><para>
+	Same as -M option. Value is ignored, but = sign must be present.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>optimize</term>
+			<listitem><para>
+	Same as -o option. Value is ignored, but = sign must be present.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>password</term>
+			<listitem><para>
+	Same as -p option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>keysize</term>
+			<listitem><para>
+	Same as -s option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>token</term>
+			<listitem><para>
+	Same as -t option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>verify</term>
+			<listitem><para>
+	Same as -v option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>who</term>
+			<listitem><para>
+	Same as -w option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>exclude</term>
+			<listitem><para>
+	Same as -x option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>notime</term>
+			<listitem><para>
+	Same as -z option. value is ignored, but = sign must be present.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>jarfile</term>
+			<listitem><para>
+	Same as -Z option.
+</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>outfile</term>
+			<listitem><para>
+	Name of a file to which output and error messages will be redirected. This option has no command-line equivalent.
+	</para></listitem></varlistentry></variablelist>
+  </refsection>
+
+  <refsection id="examples">
+    <title>Extended Examples</title>
+    <para>The following example will do this and that
+    </para>
+	<para><command>Listing Available Signing Certificates</command></para>
+	<para>You use the -L option to list the nicknames for all available certificates and check which ones are signing certificates.</para>
+<programlisting >signtool -L 
+
+using certificate directory: /u/jsmith/.netscape 
+S Certificates 
+- ------------ 
+  BBN Certificate Services CA Root 1 
+  IBM World Registry CA 
+  VeriSign Class 1 CA - Individual Subscriber - VeriSign, Inc. 
+  GTE CyberTrust Root CA 
+  Uptime Group Plc. Class 4 CA 
+* Verisign Object Signing Cert 
+  Integrion CA 
+  GTE CyberTrust Secure Server CA 
+  AT&amp;T Directory Services 
+* test object signing cert 
+  Uptime Group Plc. Class 1 CA 
+  VeriSign Class 1 Primary CA 
+- ------------
+
+Certificates that can be used to sign objects have *'s to their left. </programlisting>
+	<para>Two signing certificates are displayed: Verisign Object Signing Cert and test object signing cert.</para>
+	<para>You use the -l option to get a list of signing certificates only, including the signing CA for each.</para>
+<programlisting >signtool -l
+
+using certificate directory: /u/jsmith/.netscape
+Object signing certificates
+---------------------------------------
+
+Verisign Object Signing Cert
+    Issued by: VeriSign, Inc. - Verisign, Inc.
+    Expires: Tue May 19, 1998
+test object signing cert
+    Issued by: test object signing cert (Signtool 1.0 Testing 
+Certificate (960187691))
+    Expires: Sun May 17, 1998
+---------------------------------------</programlisting>
+	<para>For a list including CAs, use the <option>-L</option> option.</para>
+
+	<para><command>Signing a File</command></para>
+	<para>1. Create an empty directory.</para>
+<programlisting >mkdir signdir</programlisting>
+
+	<para>2. Put some file into it.</para>
+<programlisting >echo boo > signdir/test.f</programlisting>
+
+	<para>3. Specify the name of your object-signing certificate and sign the directory.</para>
+<programlisting >signtool -k MySignCert -Z testjar.jar signdir
+
+using key "MySignCert"
+using certificate directory: /u/jsmith/.netscape
+Generating signdir/META-INF/manifest.mf file..
+--> test.f
+adding signdir/test.f to testjar.jar
+Generating signtool.sf file..
+Enter Password or Pin for "Communicator Certificate DB":
+
+adding signdir/META-INF/manifest.mf to testjar.jar
+adding signdir/META-INF/signtool.sf to testjar.jar
+adding signdir/META-INF/signtool.rsa to testjar.jar
+
+tree "signdir" signed successfully</programlisting>
+	<para>4. Test the archive you just created.</para>
+<programlisting >signtool -v testjar.jar
+
+using certificate directory: /u/jsmith/.netscape
+archive "testjar.jar" has passed crypto verification.
+           status   path
+     ------------   -------------------
+         verified   test.f</programlisting>
+
+	<para><command>Using Netscape Signing Tool with a ZIP Utility</command></para>
+	<para>To use Netscape Signing Tool with a ZIP utility, you must have the utility in your path environment variable. You should use the zip.exe utility rather than pkzip.exe, which cannot handle long filenames. You can use a ZIP utility instead of the -Z option to package a signed archive into a JAR file after you have signed it:</para>
+<programlisting >cd signdir 
+
+  zip -r ../myjar.jar * 
+  adding: META-INF/ (stored 0%) 
+  adding: META-INF/manifest.mf (deflated 15%) 
+  adding: META-INF/signtool.sf (deflated 28%) 
+  adding: META-INF/signtool.rsa (stored 0%) 
+  adding: text.txt (stored 0%)</programlisting>
+
+	<para><command>Generating the Keys and Certificate</command></para>
+	<para>The signtool option -G generates a new public-private key pair and certificate. It takes the nickname of the new certificate as an argument. The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert.</para>
+	<para>Certificates contain standard information about the entity they identify, such as the common name and organization name. Netscape Signing Tool prompts you for this information when you run the command with the -G option. However, all of the requested fields are optional for test certificates. If you do not enter a common name, the tool provides a default name. In the following example, the user input is in boldface:</para>
+<programlisting >signtool -G MyTestCert
+
+using certificate directory: /u/someuser/.netscape
+Enter certificate information. All fields are optional. Acceptable
+characters are numbers, letters, spaces, and apostrophes.
+certificate common name: Test Object Signing Certificate
+organization: Netscape Communications Corp.
+organization unit: Server Products Division
+state or province: California
+country (must be exactly 2 characters): US
+username: someuser
+email address: someuser@netscape.com
+Enter Password or Pin for "Communicator Certificate DB": [Password will not echo]
+generated public/private key pair
+certificate request generated
+certificate has been signed
+certificate "MyTestCert" added to database
+Exported certificate to x509.raw and x509.cacert.</programlisting>
+	<para>The certificate information is read from standard input. Therefore, the information can be read from a file using the redirection operator (&lt;) in some operating systems. To create a file for this purpose, enter each of the seven input fields, in order, on a separate line. Make sure there is a newline character at the end of the last line. Then run signtool with standard input redirected from your file as follows:</para>
+<programlisting >signtool -G MyTestCert inputfile</programlisting>
+	<para>The prompts show up on the screen, but the responses will be automatically read from the file. The password will still be read from the console unless you use the -p option to give the password on the command line.</para>
+
+	<para><command>Using the -M Option to List Smart Cards</command></para>
+	<para>You can use the -M option to list the PKCS #11 modules, including smart cards, that are available to signtool:</para>
+<programlisting >signtool -d "c:\netscape\users\jsmith" -M
+
+using certificate directory: c:\netscape\users\username
+Listing of PKCS11 modules 
+----------------------------------------------- 
+	1. Netscape Internal PKCS #11 Module 
+			  (this module is internally loaded) 
+			  slots: 2 slots attached 
+			  status: loaded 
+	  slot: Communicator Internal Cryptographic Services Version 4.0 
+	 token: Communicator Generic Crypto Svcs 
+	  slot: Communicator User Private Key and Certificate Services 
+	 token: Communicator Certificate DB 
+	2. CryptOS 
+			  (this is an external module) 
+ DLL name: core32 
+	 slots: 1 slots attached 
+	status: loaded 
+	  slot: Litronic 210 
+	 token: 
+	----------------------------------------------- </programlisting>
+
+	<para><command>Using Netscape Signing Tool and a Smart Card to Sign Files</command></para>
+	<para>The signtool command normally takes an argument of the -k option to specify a signing certificate. To sign with a smart card, you supply only the fully qualified name of the certificate.</para>
+	<para>To see fully qualified certificate names when you run Communicator, click the Security button in Navigator, then click Yours under Certificates in the left frame. Fully qualified names are of the format smart card:certificate, for example "MyCard:My Signing Cert". You use this name with the -k argument as follows:</para>
+<programlisting >signtool -k "MyCard:My Signing Cert" directory</programlisting>
+
+
+	<para><command>Verifying FIPS Mode</command></para>
+	<para>Use the -M option to verify that you are using the FIPS-140-1 module.</para>
+<programlisting >signtool -d "c:\netscape\users\jsmith" -M
+
+using certificate directory: c:\netscape\users\jsmith
+Listing of PKCS11 modules
+-----------------------------------------------
+  1. Netscape Internal PKCS #11 Module
+          (this module is internally loaded)
+          slots: 2 slots attached
+          status: loaded
+    slot: Communicator Internal Cryptographic Services Version 4.0
+   token: Communicator Generic Crypto Svcs
+    slot: Communicator User Private Key and Certificate Services
+   token: Communicator Certificate DB
+-----------------------------------------------</programlisting>
+	<para>This Unix example shows that Netscape Signing Tool is using a FIPS-140-1 module:</para>
+<programlisting >signtool -d "c:\netscape\users\jsmith" -M
+using certificate directory: c:\netscape\users\jsmith
+Enter Password or Pin for "Communicator Certificate DB": [password will not echo]
+Listing of PKCS11 modules
+-----------------------------------------------
+1. Netscape Internal FIPS PKCS #11 Module
+(this module is internally loaded)
+slots: 1 slots attached
+status: loaded
+slot: Netscape Internal FIPS-140-1 Cryptographic Services
+token: Communicator Certificate DB
+-----------------------------------------------</programlisting>
+  </refsection>
+
+  <refsection id="seealso">
+    <title>See Also</title>
+    <para>signver (1)</para>
+
+	<para>The NSS wiki has information on the new database design and how to configure applications to use it.</para>
+	<itemizedlist>
+		<listitem>
+			<para>
+				https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+		</listitem>
+		<listitem>
+			<para>
+				https://wiki.mozilla.org/NSS_Shared_DB
+			</para>
+		</listitem>
+	</itemizedlist>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/signver.xml b/nss/doc/signver.xml
new file mode 100644
index 0000000..e645e91
--- /dev/null
+++ b/nss/doc/signver.xml
@@ -0,0 +1,230 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="signver">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>SIGNVER</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>signver</refname>
+    <refpurpose>Verify a detached PKCS#7 signature for a file.</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>signtool</command>
+	<group choice="plain">
+		<arg choice="plain">-A</arg>
+		<arg choice="plain">-V</arg>
+	</group>
+      <arg choice="plain">-d <replaceable>directory</replaceable></arg>
+      <arg>-a</arg>
+	<arg>-i <replaceable>input_file</replaceable></arg>
+	<arg>-o <replaceable>output_file</replaceable></arg>
+	<arg>-s <replaceable>signature_file</replaceable></arg>
+      <arg>-v</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+
+    <para>The Signature Verification Tool, <command>signver</command>, is a simple command-line utility that unpacks a base-64-encoded PKCS#7 signed object and verifies the digital signature using standard cryptographic techniques. The Signature Verification Tool can also display the contents of the signed object.</para>
+  </refsection>
+  
+  <refsection id="options">
+    <title>Options</title>
+    <variablelist>
+      <varlistentry>
+        <term>-A</term>
+        <listitem><para>Displays all of the information in the PKCS#7 signature.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-V</term>
+        <listitem><para>Verifies the digital signature.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-d [sql:]<emphasis>directory</emphasis></term>
+        <listitem><para>Specify the database directory which contains the certificates and keys.</para>
+	<para><command>signver</command> supports two types of databases: the legacy security databases (<filename>cert8.db</filename>, <filename>key3.db</filename>, and <filename>secmod.db</filename>) and new SQLite databases (<filename>cert9.db</filename>, <filename>key4.db</filename>, and <filename>pkcs11.txt</filename>). If the prefix <command>sql:</command> is not used, then the tool assumes that the given databases are in the old format.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-a</term>
+        <listitem><para>Sets that the given signature file is in ASCII format.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-i <emphasis>input_file</emphasis></term>
+        <listitem><para>Gives the input file for the object with signed data.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-o <emphasis>output_file</emphasis></term>
+        <listitem><para>Gives the output file to which to write the results.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-s <emphasis>signature_file</emphasis></term>
+        <listitem><para>Gives the input file for the digital signature.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-v</term>
+        <listitem><para>Enables verbose output.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsection>
+
+  <refsection id="examples">
+    <title>Extended Examples</title>
+	<refsection><title>Verifying a Signature</title>
+	<para>The <option>-V</option> option verifies that the signature in a given signature file is valid when used to sign the given object (from the input file).</para>
+<programlisting>signver -V -s <replaceable>signature_file</replaceable> -i <replaceable>signed_file</replaceable> -d sql:/home/my/sharednssdb
+
+signatureValid=yes</programlisting>
+	</refsection>
+
+	<refsection><title>Printing Signature Data</title>
+		<para>
+			The <option>-A</option> option prints all of the information contained in a signature file. Using the <option>-o</option> option prints the signature file information to the given output file rather than stdout.
+		</para>
+<programlisting>signver -A -s <replaceable>signature_file</replaceable> -o <replaceable>output_file</replaceable></programlisting>
+	</refsection>
+  </refsection>
+
+<refsection id="databases"><title>NSS Database Types</title>
+<para>NSS originally used BerkeleyDB databases to store security information. 
+The last versions of these <emphasis>legacy</emphasis> databases are:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert8.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key3.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			secmod.db for PKCS #11 module information
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>BerkeleyDB has performance limitations, though, which prevent it from being easily used by multiple applications simultaneously. NSS has 
+some flexibility that allows applications to use their own, independent database engine while keeping a shared database and working around the access issues. Still, NSS
+requires more flexibility to provide a truly shared security database.</para>
+
+<para>In 2009, NSS introduced a new set of databases that are SQLite databases rather than 
+BerkleyDB. These new databases provide more accessibility and performance:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			cert9.db for certificates
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			key4.db for keys
+		</para>
+	</listitem>
+	<listitem>
+		<para>
+			pkcs11.txt, which is listing of all of the PKCS #11 modules contained in a new subdirectory in the security databases directory
+		</para>
+	</listitem>
+</itemizedlist>
+
+<para>Because the SQLite databases are designed to be shared, these are the <emphasis>shared</emphasis> database type. The shared database type is preferred; the legacy format is included for backward compatibility.</para>
+
+<para>By default, the tools (<command>certutil</command>, <command>pk12util</command>, <command>modutil</command>) assume that the given security databases follow the more common legacy type. 
+Using the SQLite databases must be manually specified by using the <command>sql:</command> prefix with the given security directory. For example:</para>
+
+<programlisting># signver -A -s <replaceable>signature</replaceable> -d sql:/home/my/sharednssdb</programlisting>
+
+<para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para>
+<programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting>
+
+<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para>
+
+<para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+	</listitem>
+</itemizedlist>
+<para>For an engineering draft on the changes in the shared NSS databases, see the NSS project wiki:</para>
+<itemizedlist>
+	<listitem>
+		<para>
+			https://wiki.mozilla.org/NSS_Shared_DB
+		</para>
+	</listitem>
+</itemizedlist>
+</refsection>
+
+  <refsection id="seealso">
+    <title>See Also</title>
+    <para>signtool (1)</para>
+
+	<para>The NSS wiki has information on the new database design and how to configure applications to use it.</para>
+	<itemizedlist>
+		<listitem>
+			<para>Setting up the shared NSS database</para>
+			<para>https://wiki.mozilla.org/NSS_Shared_DB_Howto</para>
+		</listitem>
+		<listitem>
+			<para>
+				Engineering and technical information about the shared NSS database
+			</para>
+			<para>
+				https://wiki.mozilla.org/NSS_Shared_DB
+			</para>
+		</listitem>
+	</itemizedlist>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/ssltap.xml b/nss/doc/ssltap.xml
new file mode 100644
index 0000000..32b9e2f
--- /dev/null
+++ b/nss/doc/ssltap.xml
@@ -0,0 +1,579 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="ssltap">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>SSLTAP</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>ssltap</refname>
+    <refpurpose>Tap into SSL connections and display the data going by </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>ssltap</command>
+      <arg choice="opt">-fhlsvx</arg>
+      <arg choice="opt">-p port</arg>
+      <arg choice="opt">hostname:port</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+    <para>The SSL Debugging Tool <command>ssltap</command> is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking</para>
+  </refsection>
+
+  <refsection id="options">
+    <title>Options</title>
+    <variablelist>
+      <varlistentry>
+        <term>-f </term>
+        <listitem><para>
+Turn on fancy printing. Output is printed in colored HTML. Data sent from the client to the server is in blue; the server's reply is in red. When used with looping mode, the different connections are separated with horizontal lines. You can use this option to upload the output into a browser. 
+        </para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-h </term>
+        <listitem><para>
+Turn on hex/ASCII printing. Instead of outputting raw data, the command interprets each record as a numbered line of hex values, followed by the same data as ASCII characters. The two parts are separated by a vertical bar. Nonprinting characters are replaced by dots. 
+        </para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-l  prefix</term>
+        <listitem>
+          <para>
+Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-p  port</term>
+        <listitem>
+          <para>Change the default rendezvous port (1924) to another port.</para>
+          <para>The following are well-known port numbers:</para>
+	      <para>
+          * HTTP   80
+          </para>
+	      <para>
+	      * HTTPS  443
+	      </para>
+          <para>
+          * SMTP   25
+          </para>
+          <para>
+          * FTP    21
+          </para>
+          <para>
+          * IMAP   143
+          </para>
+          <para>
+          * IMAPS  993 (IMAP over SSL)
+          </para>
+          <para>
+          * NNTP   119
+          </para>
+          <para>
+          * NNTPS  563 (NNTP over SSL) 
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-s </term>
+        <listitem>
+          <para>
+Turn on SSL parsing and decoding. The tool does not automatically detect SSL sessions. If you are intercepting an SSL connection, use this option so that the tool can detect and decode SSL structures.
+	  </para>
+	  <para>
+If the tool detects a certificate chain, it saves the DER-encoded certificates into files in the current directory. The files are named cert.0x, where x is the sequence number of the certificate.
+	  </para>
+	  <para>
+If the -s option is used with -h, two separate parts are printed for each record: the plain hex/ASCII output, and the parsed SSL output.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-v </term>
+        <listitem><para>Print a version string for the tool.</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>-x </term>
+        <listitem><para>Turn on extra SSL hex dumps.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsection>
+
+  <refsection id="basic-usage">
+    <title>Usage and Examples</title>
+      <para>
+You can use the SSL Debugging Tool to intercept any connection information. Although you can run the tool at its most basic by issuing the ssltap command with no options other than hostname:port, the information you get in this way is not very useful. For example, assume your development machine is called intercept. The simplest way to use the debugging tool is to execute the following command from a command shell:
+      </para>
+<programlisting>$ ssltap www.netscape.com</programlisting>
+      <para>
+The program waits for an incoming connection on the default port 1924. In your browser window, enter the URL http://intercept:1924. The browser retrieves the requested page from the server at www.netscape.com, but the page is intercepted and passed on to the browser by the debugging tool on intercept. On its way to the browser, the data is printed to the command shell from which you issued the command. Data sent from the client to the server is surrounded by the following symbols: --> [ data ] Data sent from the server to the client is surrounded by the following symbols: 
+"left arrow"-- [ data ] The raw data stream is sent to standard output and is not interpreted in any way. This can result in peculiar effects, such as sounds, flashes, and even crashes of the command shell window. To output a basic, printable interpretation of the data, use the -h option, or, if you are looking at an SSL connection, the -s option. You will notice that the page you retrieved looks incomplete in the browser. This is because, by default, the tool closes down after the first connection is complete, so the browser is not able to load images. To make the tool 
+continue to accept connections, switch on looping mode with the -l option. The following examples show the output from commonly used combinations of options.
+      </para>
+	
+      <para>Example 1 </para>
+<programlisting>$ ssltap.exe -sx -p 444 interzone.mcom.com:443 > sx.txt</programlisting>
+	  <para>Output </para>
+<programlisting>
+Connected to interzone.mcom.com:443
+-->; [
+alloclen = 66 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher-specs-length = 39 (0x27)
+            sid-length = 0 (0x00)
+            challenge-length = 16 (0x10)
+            cipher-suites = {
+
+                (0x010080) SSL2/RSA/RC4-128/MD5
+                  (0x020080) SSL2/RSA/RC4-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x040080) SSL2/RSA/RC2CBC40/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4-128/MD5
+                  (0x00ffe0) SSL3/RSA-FIPS/3DES192EDE-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
+                  (0x00ffe1) SSL3/RSA-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4-40/MD5
+                  (0x000006) SSL3/RSA/RC2CBC40/MD5
+                  }
+            session-id = { }
+            challenge = { 0xec5d 0x8edb 0x37c9 0xb5c9 0x7b70 0x8fe9 0xd1d3
+
+0x2592 }
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 16 03 00 03  e5                                   |.....
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 997 (0x3e5)
+   handshake {
+   0: 02 00 00 46                                      |...F
+      type = 2 (server_hello)
+      length = 70 (0x000046)
+            ServerHello {
+            server_version = {3, 0}
+            random = {...}
+   0: 77 8c 6e 26  6c 0c ec c0  d9 58 4f 47  d3 2d 01 45  |
+wn&amp;l.ì..XOG.-.E
+   10: 5c 17 75 43  a7 4c 88 c7  88 64 3c 50  41 48 4f 7f  |
+
+\.uC§L.Ç.d&lt;PAHO.
+                  session ID = {
+                  length = 32
+
+                contents = {..}
+   0: 14 11 07 a8  2a 31 91 29  11 94 40 37  57 10 a7 32  | ...¨*1.)..@7W.§2
+   10: 56 6f 52 62  fe 3d b3 65  b1 e4 13 0f  52 a3 c8 f6  | VoRbþ=³e±...R£È.
+         }
+               cipher_suite = (0x0003) SSL3/RSA/RC4-40/MD5
+         }
+   0: 0b 00 02 c5                                      |...Ã…
+      type = 11 (certificate)
+      length = 709 (0x0002c5)
+            CertificateChain {
+            chainlength = 706 (0x02c2)
+               Certificate {
+            size = 703 (0x02bf)
+               data = { saved in file 'cert.001' }
+            }
+         }
+   0: 0c 00 00 ca                                      |....
+         type = 12 (server_key_exchange)
+         length = 202 (0x0000ca)
+   0: 0e 00 00 00                                      |....
+         type = 14 (server_hello_done)
+         length = 0 (0x000000)
+   }
+}
+]
+--> [
+SSLRecord {
+   0: 16 03 00 00  44                                   |....D
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 68 (0x44)
+   handshake {
+   0: 10 00 00 40                                      |...@
+   type = 16 (client_key_exchange)
+   length = 64 (0x000040)
+         ClientKeyExchange {
+            message = {...}
+         }
+   }
+}
+]
+--> [
+SSLRecord {
+   0: 14 03 00 00  01                                   |.....
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+   0: 01                                               |.
+}
+SSLRecord {
+   0: 16 03 00 00  38                                   |....8
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               &lt; encrypted >
+
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 14 03 00 00  01                                   |.....
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+   0: 01                                               |.
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 16 03 00 00  38                                   |....8
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+                  &lt; encrypted >
+
+}
+]
+--> [
+SSLRecord {
+   0: 17 03 00 01  1f                                   |.....
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 287 (0x11f)
+               &lt; encrypted >
+}
+]
+&lt;-- [
+SSLRecord {
+   0: 17 03 00 00  a0                                   |....
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 160 (0xa0)
+               &lt; encrypted >
+
+}
+]
+&lt;-- [
+SSLRecord {
+0: 17 03 00 00  df                                   |....ß
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 223 (0xdf)
+               &lt; encrypted >
+
+}
+SSLRecord {
+   0: 15 03 00 00  12                                   |.....
+   type    = 21 (alert)
+   version = { 3,0 }
+   length  = 18 (0x12)
+               &lt; encrypted >
+}
+]
+Server socket closed.
+</programlisting>
+
+
+      <para>Example 2</para>
+      <para>
+The -s option turns on SSL parsing. Because the -x option is not used in this example, undecoded values are output as raw data. The output is routed to a text file.
+    </para>
+<programlisting>$ ssltap -s  -p 444 interzone.mcom.com:443 > s.txt</programlisting>
+	  <para>Output </para>
+<programlisting>
+Connected to interzone.mcom.com:443
+--> [
+alloclen = 63 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher-specs-length = 36 (0x24)
+            sid-length = 0 (0x00)
+            challenge-length = 16 (0x10)
+            cipher-suites = {
+                  (0x010080) SSL2/RSA/RC4-128/MD5
+                  (0x020080) SSL2/RSA/RC4-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4-128/MD5
+                  (0x00ffe0) SSL3/RSA-FIPS/3DES192EDE-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
+                  (0x00ffe1) SSL3/RSA-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4-40/MD5
+                  }
+               session-id = { }
+            challenge = { 0x713c 0x9338 0x30e1 0xf8d6 0xb934 0x7351 0x200c
+0x3fd0 }
+]
+&gt;-- [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 997 (0x3e5)
+   handshake {
+         type = 2 (server_hello)
+         length = 70 (0x000046)
+            ServerHello {
+            server_version = {3, 0}
+            random = {...}
+            session ID = {
+               length = 32
+               contents = {..}
+               }
+               cipher_suite = (0x0003) SSL3/RSA/RC4-40/MD5
+            }
+         type = 11 (certificate)
+         length = 709 (0x0002c5)
+            CertificateChain {
+               chainlength = 706 (0x02c2)
+               Certificate {
+                  size = 703 (0x02bf)
+                  data = { saved in file 'cert.001' }
+               }
+            }
+         type = 12 (server_key_exchange)
+         length = 202 (0x0000ca)
+         type = 14 (server_hello_done)
+         length = 0 (0x000000)
+   }
+}
+]
+--> [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 68 (0x44)
+   handshake {
+         type = 16 (client_key_exchange)
+         length = 64 (0x000040)
+            ClientKeyExchange {
+               message = {...}
+            }
+   }
+}
+]
+--> [
+SSLRecord {
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+}
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               &gt; encrypted >
+}
+]
+&gt;-- [
+SSLRecord {
+   type    = 20 (change_cipher_spec)
+   version = { 3,0 }
+   length  = 1 (0x1)
+}
+]
+&gt;-- [
+SSLRecord {
+   type    = 22 (handshake)
+   version = { 3,0 }
+   length  = 56 (0x38)
+               &gt; encrypted >
+}
+]
+--> [
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 287 (0x11f)
+               &gt; encrypted >
+}
+]
+[
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 160 (0xa0)
+               &gt; encrypted >
+}
+]
+&gt;-- [
+SSLRecord {
+   type    = 23 (application_data)
+   version = { 3,0 }
+   length  = 223 (0xdf)
+               &gt; encrypted >
+}
+SSLRecord {
+   type    = 21 (alert)
+   version = { 3,0 }
+   length  = 18 (0x12)
+               &gt; encrypted >
+}
+]
+Server socket closed.
+</programlisting>
+
+      <para>Example 3</para>
+      <para>
+In this example, the -h option turns hex/ASCII format. There is no SSL parsing or decoding. The output is routed to a text file.
+    </para>
+<programlisting>$ ssltap -h  -p 444 interzone.mcom.com:443 > h.txt</programlisting>
+	  <para>Output </para>
+<programlisting>
+Connected to interzone.mcom.com:443
+--&gt; [
+   0: 80 40 01 03  00 00 27 00  00 00 10 01  00 80 02 00  | .@....'.........
+   10: 80 03 00 80  04 00 80 06  00 40 07 00  c0 00 00 04  | .........@......
+   20: 00 ff e0 00  00 0a 00 ff  e1 00 00 09  00 00 03 00  | ........á.......
+   30: 00 06 9b fe  5b 56 96 49  1f 9f ca dd  d5 ba b9 52  | ..þ[V.I.\xd9 ...º¹R
+   40: 6f 2d                                            |o-
+]
+&lt;-- [
+   0: 16 03 00 03  e5 02 00 00  46 03 00 7f  e5 0d 1b 1d  | ........F.......
+   10: 68 7f 3a 79  60 d5 17 3c  1d 9c 96 b3  88 d2 69 3b  | h.:y`..&lt;..³.Òi;
+   20: 78 e2 4b 8b  a6 52 12 4b  46 e8 c2 20  14 11 89 05  | x.K.¦R.KFè. ...
+   30: 4d 52 91 fd  93 e0 51 48  91 90 08 96  c1 b6 76 77  | MR.ý..QH.....¶vw
+   40: 2a f4 00 08  a1 06 61 a2  64 1f 2e 9b  00 03 00 0b  | *ô..¡.a¢d......
+   50: 00 02 c5 00  02 c2 00 02  bf 30 82 02  bb 30 82 02  | ..Ã…......0...0..
+   60: 24 a0 03 02  01 02 02 02  01 36 30 0d  06 09 2a 86  | $ .......60...*.
+   70: 48 86 f7 0d  01 01 04 05  00 30 77 31  0b 30 09 06  | H.÷......0w1.0..
+   80: 03 55 04 06  13 02 55 53  31 2c 30 2a  06 03 55 04  | .U....US1,0*..U.
+   90: 0a 13 23 4e  65 74 73 63  61 70 65 20  43 6f 6d 6d  | ..#Netscape Comm
+   a0: 75 6e 69 63  61 74 69 6f  6e 73 20 43  6f 72 70 6f  | unications Corpo
+   b0: 72 61 74 69  6f 6e 31 11  30 0f 06 03  55 04 0b 13  | ration1.0...U...
+   c0: 08 48 61 72  64 63 6f 72  65 31 27 30  25 06 03 55  | .Hardcore1'0%..U
+   d0: 04 03 13 1e  48 61 72 64  63 6f 72 65  20 43 65 72  | ....Hardcore Cer
+   e0: 74 69 66 69  63 61 74 65  20 53 65 72  76 65 72 20  | tificate Server
+   f0: 49 49 30 1e  17 0d 39 38  30 35 31 36  30 31 30 33  | II0...9805160103
+&lt;additional data lines&gt;
+]
+&lt;additional records in same format&gt;
+Server socket closed.
+</programlisting>
+
+      <para>Example 4</para>
+      <para>
+In this example, the -s option turns on SSL parsing, and the -h option turns on hex/ASCII format. 
+Both formats are shown for each record. The output is routed to a text file.
+      </para>
+<programlisting>$ ssltap -hs -p 444 interzone.mcom.com:443 > hs.txt</programlisting>
+	  <para>Output </para>
+<programlisting>
+Connected to interzone.mcom.com:443
+--> [
+   0: 80 3d 01 03  00 00 24 00  00 00 10 01  00 80 02 00  | .=....$.........
+   10: 80 03 00 80  04 00 80 06  00 40 07 00  c0 00 00 04  | .........@......
+   20: 00 ff e0 00  00 0a 00 ff  e1 00 00 09  00 00 03 03  | ........á.......
+   30: 55 e6 e4 99  79 c7 d7 2c  86 78 96 5d  b5 cf e9     |U..yÇ\xb0 ,.x.]µ�é
+alloclen = 63 bytes
+   [ssl2]  ClientHelloV2 {
+            version = {0x03, 0x00}
+            cipher-specs-length = 36 (0x24)
+            sid-length = 0 (0x00)
+            challenge-length = 16 (0x10)
+            cipher-suites = {
+                  (0x010080) SSL2/RSA/RC4-128/MD5
+                  (0x020080) SSL2/RSA/RC4-40/MD5
+                  (0x030080) SSL2/RSA/RC2CBC128/MD5
+                  (0x040080) SSL2/RSA/RC2CBC40/MD5
+                  (0x060040) SSL2/RSA/DES64CBC/MD5
+                  (0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
+                  (0x000004) SSL3/RSA/RC4-128/MD5
+                  (0x00ffe0) SSL3/RSA-FIPS/3DES192EDE-CBC/SHA
+                  (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
+                  (0x00ffe1) SSL3/RSA-FIPS/DES64CBC/SHA
+                  (0x000009) SSL3/RSA/DES64CBC/SHA
+                  (0x000003) SSL3/RSA/RC4-40/MD5
+                  }
+            session-id = { }
+            challenge = { 0x0355 0xe6e4 0x9979 0xc7d7 0x2c86 0x7896 0x5db
+
+0xcfe9 }
+}
+]
+&lt;additional records in same formats&gt;
+Server socket closed.
+</programlisting>
+
+
+
+    </refsection>
+
+    <refsection id="usage-tips">
+    <title>Usage Tips</title>
+      <para>
+When SSL restarts a previous session, it makes use of cached information to do a partial handshake. 
+If you wish to capture a full SSL handshake, restart the browser to clear the session id cache.
+      </para>
+      <para>
+If you run the tool on a machine other than the SSL server to which you are trying to connect, 
+the browser will complain that the host name you are trying to connect to is different from the certificate. 
+If you are using the default BadCert callback, you can still connect through a dialog. If you are not using 
+the default BadCert callback, the one you supply must allow for this possibility.
+      </para>
+    </refsection>
+  
+  <refsection id="seealso">
+    <title>See Also</title>
+	<para>The NSS Security Tools are also documented at <ulink url="http://www.mozilla.org/projects/security/pki/nss/tools">http://www.mozilla.org/projects/security/pki/nss/</ulink>.</para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/vfychain.xml b/nss/doc/vfychain.xml
new file mode 100644
index 0000000..9a41008
--- /dev/null
+++ b/nss/doc/vfychain.xml
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="vfychain">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>VFYCHAIN</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>vfychain </refname>
+    <refpurpose>vfychain [options] [revocation options] certfile [[options] certfile] ...</refpurpose>
+  </refnamediv>
+
+ <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>vfychain</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+    <para>The verification Tool, <command>vfychain</command>, verifies certificate chains. <command>modutil</command> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</para>
+
+	<para>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</para>
+  </refsection>
+
+  <refsection id="options">
+    <title>Options</title>
+    
+    <variablelist>
+
+      <varlistentry>
+        <term><option>-a</option></term>
+        <listitem>
+          <simpara>the following certfile is base64 encoded</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+          <term><option>-b </option> <replaceable>YYMMDDHHMMZ</replaceable></term>
+        <listitem>
+          <simpara>Validate date (default: now)</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+          <term><option>-d </option> <replaceable>directory</replaceable></term>        <listitem>
+          <simpara>database directory</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-f </option> </term>
+        <listitem>
+          <simpara>Enable cert fetching from AIA URL</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-o </option> <replaceable>oid</replaceable></term>
+        <listitem>
+          <simpara>Set policy OID for cert validation(Format OID.1.2.3)</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-p </option></term>
+        <listitem>
+          <simpara>Use PKIX Library to validate certificate by calling:</simpara>
+		  <simpara>	   * CERT_VerifyCertificate if specified once,</simpara>
+		  <simpara>	   * CERT_PKIXVerifyCert if specified twice and more.</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+          <term><option>-r </option></term>
+          <listitem>
+            <simpara>Following certfile is raw binary DER (default)</simpara>
+         </listitem>
+       </varlistentry>
+
+       <varlistentry>
+         <term><option>-t</option></term>
+         <listitem>
+	       <simpara>Following cert is explicitly trusted (overrides db trust)</simpara>
+         </listitem>
+       </varlistentry>
+
+       <varlistentry>
+         <term><option>-u </option> <replaceable>usage</replaceable></term>
+         <listitem>
+            <para>
+	 	 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,
+	     4=Email signer, 5=Email recipient, 6=Object signer,
+		 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
+            </para>
+         </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><option>-T </option></term>
+          <listitem>
+	        <simpara>Trust both explicit trust anchors (-t) and the database. (Without this option, the default is to only trust certificates marked -t, if there are any, or to trust the database if there are certificates marked -t.)
+            </simpara>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><option>-v </option></term>
+          <listitem>
+	        <simpara>Verbose mode. Prints root cert subject(double the
+			 argument for whole root cert info)
+            </simpara>
+          </listitem>
+        </varlistentry>
+
+      <varlistentry>
+        <term><option>-w </option> <replaceable>password</replaceable></term>
+        <listitem>
+          <simpara>Database password</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-W </option> <replaceable>pwfile</replaceable></term>
+        <listitem>
+          <simpara>Password file</simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option></option></term>
+        <listitem>
+          <simpara>Revocation options for PKIX API (invoked with -pp options) is a
+	collection of the following flags:
+		[-g type [-h flags] [-m type [-s flags]] ...] ...</simpara>
+          <simpara>Where: </simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-g </option> <replaceable>test-type</replaceable></term>
+        <listitem>
+          <simpara>Sets status checking test type. Possible values
+			are "leaf" or "chain"
+          </simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-g </option> <replaceable>test type</replaceable></term>
+        <listitem>
+          <simpara>Sets status checking test type. Possible values
+			are "leaf" or "chain".
+          </simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-h </option> <replaceable>test flags</replaceable></term>
+        <listitem>
+          <simpara>Sets revocation flags for the test type it
+			follows. Possible flags: "testLocalInfoFirst" and
+			"requireFreshInfo".
+          </simpara>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-m </option> <replaceable>method type</replaceable></term>
+        <listitem>
+          <simpara>Sets method type for the test type it follows.
+			Possible types are "crl" and "ocsp".
+          </simpara>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term><option>-s </option> <replaceable>method flags</replaceable></term>
+        <listitem>
+          <simpara>Sets revocation flags for the method it follows.
+			Possible types are "doNotUse", "forbidFetching",
+			"ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".
+          </simpara>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/doc/vfyserv.xml b/nss/doc/vfyserv.xml
new file mode 100644
index 0000000..db18e09
--- /dev/null
+++ b/nss/doc/vfyserv.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+]>
+
+<refentry id="vfyserv">
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>NSS Security Tools</title>
+    <productname>nss-tools</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>VFYSERV</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>vfyserv </refname>
+    <refpurpose>TBD</refpurpose>
+  </refnamediv>
+
+ <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>vfyserv</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsection>
+    <title>STATUS</title>
+    <para>This documentation is still work in progress. Please contribute to the initial review in <ulink url="https://bugzilla.mozilla.org/show_bug.cgi?id=836477">Mozilla NSS bug 836477</ulink>
+    </para>
+  </refsection>
+
+  <refsection id="description">
+    <title>Description</title>
+    <para>The <command>vfyserv </command> tool verifies a certificate chain</para>
+
+  </refsection>
+
+  <refsection id="options">
+    <title>Options</title>
+    
+    <variablelist>
+
+      <varlistentry>
+        <term><option></option> <replaceable></replaceable></term>
+        <listitem>
+          <simpara></simpara>
+          <simpara></simpara>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="resources">
+    <title>Additional Resources</title>
+	<para>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <ulink url="http://www.mozilla.org/projects/security/pki/nss/">http://www.mozilla.org/projects/security/pki/nss/</ulink>. The NSS site relates directly to NSS code changes and releases.</para>
+	<para>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</para>
+	<para>IRC: Freenode at #dogtag-pki</para>
+  </refsection>
+
+<!-- fill in your name first; keep the other names for reference -->
+  <refsection id="authors">
+    <title>Authors</title>
+    <para>The NSS tools were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
+    <para>
+	Authors: Elio Maldonado &lt;emaldona@redhat.com>, Deon Lackey &lt;dlackey@redhat.com>.
+    </para>
+  </refsection>
+
+<!-- don't change -->
+  <refsection id="license">
+    <title>LICENSE</title>
+    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
+    </para>
+  </refsection>
+
+</refentry>
diff --git a/nss/exports.gyp b/nss/exports.gyp
new file mode 100644
index 0000000..907b5ac
--- /dev/null
+++ b/nss/exports.gyp
@@ -0,0 +1,77 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    'coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nss_exports',
+      'type': 'none',
+      'direct_dependent_settings': {
+        'include_dirs': [
+          '<(nss_public_dist_dir)/nss'
+        ]
+      },
+      'dependencies': [
+        'cmd/lib/exports.gyp:cmd_lib_exports',
+        'lib/base/exports.gyp:lib_base_exports',
+        'lib/certdb/exports.gyp:lib_certdb_exports',
+        'lib/certhigh/exports.gyp:lib_certhigh_exports',
+        'lib/ckfw/builtins/exports.gyp:lib_ckfw_builtins_exports',
+        'lib/ckfw/exports.gyp:lib_ckfw_exports',
+        'lib/crmf/exports.gyp:lib_crmf_exports',
+        'lib/cryptohi/exports.gyp:lib_cryptohi_exports',
+        'lib/dev/exports.gyp:lib_dev_exports',
+        'lib/freebl/exports.gyp:lib_freebl_exports',
+        'lib/jar/exports.gyp:lib_jar_exports',
+        'lib/nss/exports.gyp:lib_nss_exports',
+        'lib/pk11wrap/exports.gyp:lib_pk11wrap_exports',
+        'lib/pkcs12/exports.gyp:lib_pkcs12_exports',
+        'lib/pkcs7/exports.gyp:lib_pkcs7_exports',
+        'lib/pki/exports.gyp:lib_pki_exports',
+        'lib/smime/exports.gyp:lib_smime_exports',
+        'lib/softoken/exports.gyp:lib_softoken_exports',
+        'lib/sqlite/exports.gyp:lib_sqlite_exports',
+        'lib/ssl/exports.gyp:lib_ssl_exports',
+        'lib/util/exports.gyp:lib_util_exports',
+        'lib/zlib/exports.gyp:lib_zlib_exports'
+      ],
+      'conditions': [
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            'lib/libpkix/include/exports.gyp:lib_libpkix_include_exports',
+            'lib/libpkix/pkix/certsel/exports.gyp:lib_libpkix_pkix_certsel_exports',
+            'lib/libpkix/pkix/checker/exports.gyp:lib_libpkix_pkix_checker_exports',
+            'lib/libpkix/pkix/crlsel/exports.gyp:lib_libpkix_pkix_crlsel_exports',
+            'lib/libpkix/pkix/params/exports.gyp:lib_libpkix_pkix_params_exports',
+            'lib/libpkix/pkix/results/exports.gyp:lib_libpkix_pkix_results_exports',
+            'lib/libpkix/pkix/store/exports.gyp:lib_libpkix_pkix_store_exports',
+            'lib/libpkix/pkix/top/exports.gyp:lib_libpkix_pkix_top_exports',
+            'lib/libpkix/pkix/util/exports.gyp:lib_libpkix_pkix_util_exports',
+            'lib/libpkix/pkix_pl_nss/module/exports.gyp:lib_libpkix_pkix_pl_nss_module_exports',
+            'lib/libpkix/pkix_pl_nss/pki/exports.gyp:lib_libpkix_pkix_pl_nss_pki_exports',
+            'lib/libpkix/pkix_pl_nss/system/exports.gyp:lib_libpkix_pkix_pl_nss_system_exports',
+          ],
+        }],
+      ],
+    },
+    {
+      'target_name': 'dbm_exports',
+      'type': 'none',
+      'conditions': [
+        ['disable_dbm==0', {
+          'direct_dependent_settings': {
+            'include_dirs': [
+              '<(nss_public_dist_dir)/dbm'
+            ]
+          },
+          'dependencies': [
+            'lib/dbm/include/exports.gyp:lib_dbm_include_exports'
+          ],
+        }],
+      ],
+    }
+  ]
+}
diff --git a/nss/external_tests/.clang-format b/nss/external_tests/.clang-format
new file mode 100644
index 0000000..06e3c51
--- /dev/null
+++ b/nss/external_tests/.clang-format
@@ -0,0 +1,4 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+...
diff --git a/nss/external_tests/Makefile b/nss/external_tests/Makefile
new file mode 100644
index 0000000..2b54925
--- /dev/null
+++ b/nss/external_tests/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/external_tests/README b/nss/external_tests/README
new file mode 100644
index 0000000..75c452f
--- /dev/null
+++ b/nss/external_tests/README
@@ -0,0 +1,15 @@
+GTest-based Unit Tests
+
+This directory contains GTest-based unit tests for NSS libssl.
+
+If your environment doesn't have C++ compiler suitable to build these tests,
+you may disable them using ``NSS_DISABLE_GTESTS=1''
+
+Once built, they are run as part of running ``test/all.sh''
+You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''
+
+They can be run standalone or under a debugger by invoking the ssl_gtest
+executable with a ``-d'' option pointing to the directory created by either
+of the above options.  You can find that in
+
+  tests_results/security/${hostname}.${NUMBER}/ssl_gtests
diff --git a/nss/external_tests/common/Makefile b/nss/external_tests/common/Makefile
new file mode 100644
index 0000000..e17bc28
--- /dev/null
+++ b/nss/external_tests/common/Makefile
@@ -0,0 +1,41 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/external_tests/common/gtest.mk b/nss/external_tests/common/gtest.mk
new file mode 100644
index 0000000..ecb324e
--- /dev/null
+++ b/nss/external_tests/common/gtest.mk
@@ -0,0 +1,36 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/cmd/platlibs.mk
+
+MKPROG = $(CCC)
+MKSHLIB	= $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
+
+# gtests pick up errors with signed/unsigned comparisons on some platforms
+# even though we disabled -Wsign-compare.
+# This catches that by enabling the warning.
+# Only add -Wsign-compare if -Werror is enabled, lest we add it on the wrong
+# platform.
+ifeq (-Werror,$(filter -Werror -Wsign-compare,$(WARNING_CFLAGS)))
+WARNING_CFLAGS += -Wsign-compare
+endif
+WARNING_CFLAGS := $(filter-out -w44018,$(WARNING_CFLAGS))
+
+ifeq (WINNT,$(OS_ARCH))
+    # -EHsc because gtest has exception handlers
+    OS_CFLAGS += -EHsc -nologo
+    # http://www.suodenjoki.dk/us/archive/2010/min-max.htm
+    OS_CFLAGS += -DNOMINMAX
+
+    # Linking to winsock to get htonl
+    OS_LIBS += Ws2_32.lib
+
+    # On windows, we need to create the parent directory
+    # Needed because we include files from a subdirectory
+    MAKE_OBJDIR = $(INSTALL) -D $(dir $@)
+else
+    CXXFLAGS += -std=c++0x
+endif
diff --git a/nss/external_tests/common/gtests.cc b/nss/external_tests/common/gtests.cc
new file mode 100644
index 0000000..c51437c
--- /dev/null
+++ b/nss/external_tests/common/gtests.cc
@@ -0,0 +1,22 @@
+#include "nspr.h"
+#include "nss.h"
+#include "ssl.h"
+
+#include <cstdlib>
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+
+  NSS_NoDB_Init(nullptr);
+  NSS_SetDomesticPolicy();
+  int rv = RUN_ALL_TESTS();
+
+  if (NSS_Shutdown() != SECSuccess) {
+    return 1;
+  }
+
+  return rv;
+}
diff --git a/nss/external_tests/common/manifest.mn b/nss/external_tests/common/manifest.mn
new file mode 100644
index 0000000..bf45ebc
--- /dev/null
+++ b/nss/external_tests/common/manifest.mn
@@ -0,0 +1,21 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      gtests.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/external_tests/common
+
+REQUIRES = gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
+
+# NOTE: this is not actually used but required to build gtests.o
+PROGRAM = gtests
\ No newline at end of file
diff --git a/nss/external_tests/common/scoped_ptrs.h b/nss/external_tests/common/scoped_ptrs.h
new file mode 100644
index 0000000..a427215
--- /dev/null
+++ b/nss/external_tests/common/scoped_ptrs.h
@@ -0,0 +1,55 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef scoped_ptrs_h__
+#define scoped_ptrs_h__
+
+#include <memory>
+#include "cert.h"
+#include "keyhi.h"
+#include "pk11pub.h"
+
+namespace nss_test {
+
+struct ScopedDelete {
+  void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
+  void operator()(CERTSubjectPublicKeyInfo* spki) {
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+  }
+  void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
+  void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
+  void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
+  void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
+  void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
+  void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
+};
+
+template <class T>
+struct ScopedMaybeDelete {
+  void operator()(T* ptr) {
+    if (ptr) {
+      ScopedDelete del;
+      del(ptr);
+    }
+  }
+};
+
+#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
+
+SCOPED(CERTCertificate);
+SCOPED(CERTSubjectPublicKeyInfo);
+SCOPED(PK11SlotInfo);
+SCOPED(PK11SymKey);
+SCOPED(SECAlgorithmID);
+SCOPED(SECItem);
+SCOPED(SECKEYPublicKey);
+SCOPED(SECKEYPrivateKey);
+
+#undef SCOPED
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/external_tests/der_gtest/Makefile b/nss/external_tests/der_gtest/Makefile
new file mode 100644
index 0000000..0d547e0
--- /dev/null
+++ b/nss/external_tests/der_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/external_tests/der_gtest/der_getint_unittest.cc b/nss/external_tests/der_gtest/der_getint_unittest.cc
new file mode 100644
index 0000000..9cffc15
--- /dev/null
+++ b/nss/external_tests/der_gtest/der_getint_unittest.cc
@@ -0,0 +1,110 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <climits>
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secutil.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+class DERIntegerDecodingTest : public ::testing::Test {
+ public:
+  void TestGetInteger(long number, unsigned char *der_number,
+                      unsigned int len) {
+    SECItem input = {siBuffer, der_number, len};
+    EXPECT_EQ(number, DER_GetInteger(&input));
+  }
+
+  void GetDerLongMax(unsigned char *der_number, unsigned int len) {
+    der_number[0] = 0x7F;
+    for (unsigned int i = 1; i < len; ++i) {
+      der_number[i] = 0xFF;
+    }
+  }
+
+  void GetDerLongMin(unsigned char *der_number, unsigned int len) {
+    der_number[0] = 0x80;
+    for (unsigned int i = 1; i < len; ++i) {
+      der_number[i] = 0x00;
+    }
+  }
+};
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinus126) {
+  unsigned char der[] = {0x82};
+  TestGetInteger(-126, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLong130) {
+  unsigned char der[] = {0x00, 0x82};
+  TestGetInteger(130, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLong0) {
+  unsigned char der[] = {0x00};
+  TestGetInteger(0, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLong1) {
+  unsigned char der[] = {0x01};
+  TestGetInteger(1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinus1) {
+  unsigned char der[] = {0xFF};
+  TestGetInteger(-1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMax) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMax(der, sizeof(long));
+  TestGetInteger(LONG_MAX, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMin) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMin(der, sizeof(long));
+  TestGetInteger(LONG_MIN, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMaxMinus1) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMax(der, sizeof(long));
+  der[sizeof(long) - 1] = 0xFE;
+  TestGetInteger(LONG_MAX - 1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinPlus1) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMin(der, sizeof(long));
+  der[sizeof(long) - 1] = 0x01;
+  TestGetInteger(LONG_MIN + 1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinMinus1) {
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMax(der, sizeof(long) + 1);
+  der[0] = 0xFF;
+  der[1] = 0x7F;
+  TestGetInteger(LONG_MIN, der, sizeof(der));
+  EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMaxPlus1) {
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMin(der, sizeof(long) + 1);
+  der[0] = 0x00;
+  der[1] = 0x80;
+  TestGetInteger(LONG_MAX, der, sizeof(der));
+  EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/der_gtest/manifest.mn b/nss/external_tests/der_gtest/manifest.mn
new file mode 100644
index 0000000..1c73d09
--- /dev/null
+++ b/nss/external_tests/der_gtest/manifest.mn
@@ -0,0 +1,21 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      der_getint_unittest.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/external_tests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = der_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
diff --git a/nss/external_tests/google_test/Makefile b/nss/external_tests/google_test/Makefile
new file mode 100644
index 0000000..21fef55
--- /dev/null
+++ b/nss/external_tests/google_test/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/external_tests/google_test/gtest/CHANGES b/nss/external_tests/google_test/gtest/CHANGES
new file mode 100644
index 0000000..0552132
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/CHANGES
@@ -0,0 +1,157 @@
+Changes for 1.7.0:
+
+* New feature: death tests are supported on OpenBSD and in iOS
+  simulator now.
+* New feature: Google Test now implements a protocol to allow
+  a test runner to detect that a test program has exited
+  prematurely and report it as a failure (before it would be
+  falsely reported as a success if the exit code is 0).
+* New feature: Test::RecordProperty() can now be used outside of the
+  lifespan of a test method, in which case it will be attributed to
+  the current test case or the test program in the XML report.
+* New feature (potentially breaking): --gtest_list_tests now prints
+  the type parameters and value parameters for each test.
+* Improvement: char pointers and char arrays are now escaped properly
+  in failure messages.
+* Improvement: failure summary in XML reports now includes file and
+  line information.
+* Improvement: the <testsuites> XML element now has a timestamp attribute.
+* Improvement: When --gtest_filter is specified, XML report now doesn't
+  contain information about tests that are filtered out.
+* Fixed the bug where long --gtest_filter flag values are truncated in
+  death tests.
+* Potentially breaking change: RUN_ALL_TESTS() is now implemented as a
+  function instead of a macro in order to work better with Clang.
+* Compatibility fixes with C++ 11 and various platforms.
+* Bug/warning fixes.
+
+Changes for 1.6.0:
+
+* New feature: ADD_FAILURE_AT() for reporting a test failure at the
+  given source location -- useful for writing testing utilities.
+* New feature: the universal value printer is moved from Google Mock
+  to Google Test.
+* New feature: type parameters and value parameters are reported in
+  the XML report now.
+* A gtest_disable_pthreads CMake option.
+* Colored output works in GNU Screen sessions now.
+* Parameters of value-parameterized tests are now printed in the
+  textual output.
+* Failures from ad hoc test assertions run before RUN_ALL_TESTS() are
+  now correctly reported.
+* Arguments of ASSERT_XY and EXPECT_XY no longer need to support << to
+  ostream.
+* More complete handling of exceptions.
+* GTEST_ASSERT_XY can be used instead of ASSERT_XY in case the latter
+  name is already used by another library.
+* --gtest_catch_exceptions is now true by default, allowing a test
+  program to continue after an exception is thrown.
+* Value-parameterized test fixtures can now derive from Test and
+  WithParamInterface<T> separately, easing conversion of legacy tests.
+* Death test messages are clearly marked to make them more
+  distinguishable from other messages.
+* Compatibility fixes for Android, Google Native Client, MinGW, HP UX,
+  PowerPC, Lucid autotools, libCStd, Sun C++, Borland C++ Builder (Code Gear),
+  IBM XL C++ (Visual Age C++), and C++0x.
+* Bug fixes and implementation clean-ups.
+* Potentially incompatible changes: disables the harmful 'make install'
+  command in autotools.
+
+Changes for 1.5.0:
+
+ * New feature: assertions can be safely called in multiple threads
+   where the pthreads library is available.
+ * New feature: predicates used inside EXPECT_TRUE() and friends
+   can now generate custom failure messages.
+ * New feature: Google Test can now be compiled as a DLL.
+ * New feature: fused source files are included.
+ * New feature: prints help when encountering unrecognized Google Test flags.
+ * Experimental feature: CMake build script (requires CMake 2.6.4+).
+ * Experimental feature: the Pump script for meta programming.
+ * double values streamed to an assertion are printed with enough precision
+   to differentiate any two different values.
+ * Google Test now works on Solaris and AIX.
+ * Build and test script improvements.
+ * Bug fixes and implementation clean-ups.
+
+ Potentially breaking changes:
+
+ * Stopped supporting VC++ 7.1 with exceptions disabled.
+ * Dropped support for 'make install'.
+
+Changes for 1.4.0:
+
+ * New feature: the event listener API
+ * New feature: test shuffling
+ * New feature: the XML report format is closer to junitreport and can
+   be parsed by Hudson now.
+ * New feature: when a test runs under Visual Studio, its failures are
+   integrated in the IDE.
+ * New feature: /MD(d) versions of VC++ projects.
+ * New feature: elapsed time for the tests is printed by default.
+ * New feature: comes with a TR1 tuple implementation such that Boost
+   is no longer needed for Combine().
+ * New feature: EXPECT_DEATH_IF_SUPPORTED macro and friends.
+ * New feature: the Xcode project can now produce static gtest
+   libraries in addition to a framework.
+ * Compatibility fixes for Solaris, Cygwin, minGW, Windows Mobile,
+   Symbian, gcc, and C++Builder.
+ * Bug fixes and implementation clean-ups.
+
+Changes for 1.3.0:
+
+ * New feature: death tests on Windows, Cygwin, and Mac.
+ * New feature: ability to use Google Test assertions in other testing
+   frameworks.
+ * New feature: ability to run disabled test via
+   --gtest_also_run_disabled_tests.
+ * New feature: the --help flag for printing the usage.
+ * New feature: access to Google Test flag values in user code.
+ * New feature: a script that packs Google Test into one .h and one
+   .cc file for easy deployment.
+ * New feature: support for distributing test functions to multiple
+   machines (requires support from the test runner).
+ * Bug fixes and implementation clean-ups.
+
+Changes for 1.2.1:
+
+ * Compatibility fixes for Linux IA-64 and IBM z/OS.
+ * Added support for using Boost and other TR1 implementations.
+ * Changes to the build scripts to support upcoming release of Google C++
+   Mocking Framework.
+ * Added Makefile to the distribution package.
+ * Improved build instructions in README.
+
+Changes for 1.2.0:
+
+ * New feature: value-parameterized tests.
+ * New feature: the ASSERT/EXPECT_(NON)FATAL_FAILURE(_ON_ALL_THREADS)
+   macros.
+ * Changed the XML report format to match JUnit/Ant's.
+ * Added tests to the Xcode project.
+ * Added scons/SConscript for building with SCons.
+ * Added src/gtest-all.cc for building Google Test from a single file.
+ * Fixed compatibility with Solaris and z/OS.
+ * Enabled running Python tests on systems with python 2.3 installed,
+   e.g. Mac OS X 10.4.
+ * Bug fixes.
+
+Changes for 1.1.0:
+
+ * New feature: type-parameterized tests.
+ * New feature: exception assertions.
+ * New feature: printing elapsed time of tests.
+ * Improved the robustness of death tests.
+ * Added an Xcode project and samples.
+ * Adjusted the output format on Windows to be understandable by Visual Studio.
+ * Minor bug fixes.
+
+Changes for 1.0.1:
+
+ * Added project files for Visual Studio 7.1.
+ * Fixed issues with compiling on Mac OS X.
+ * Fixed issues with compiling on Cygwin.
+
+Changes for 1.0.0:
+
+ * Initial Open Source release of Google Test
diff --git a/nss/external_tests/google_test/gtest/CMakeLists.txt b/nss/external_tests/google_test/gtest/CMakeLists.txt
new file mode 100644
index 0000000..bd78cfe
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/CMakeLists.txt
@@ -0,0 +1,260 @@
+########################################################################
+# CMake build script for Google Test.
+#
+# To run the tests for Google Test itself on Linux, use 'make test' or
+# ctest.  You can select which tests to run using 'ctest -R regex'.
+# For more options, run 'ctest --help'.
+
+# BUILD_SHARED_LIBS is a standard CMake variable, but we declare it here to
+# make it prominent in the GUI.
+option(BUILD_SHARED_LIBS "Build shared libraries (DLLs)." OFF)
+
+# When other libraries are using a shared version of runtime libraries,
+# Google Test also has to use one.
+option(
+  gtest_force_shared_crt
+  "Use shared (DLL) run-time lib even when Google Test is built as static lib."
+  OFF)
+
+option(gtest_build_tests "Build all of gtest's own tests." OFF)
+
+option(gtest_build_samples "Build gtest's sample programs." OFF)
+
+option(gtest_disable_pthreads "Disable uses of pthreads in gtest." OFF)
+
+# Defines pre_project_set_up_hermetic_build() and set_up_hermetic_build().
+include(cmake/hermetic_build.cmake OPTIONAL)
+
+if (COMMAND pre_project_set_up_hermetic_build)
+  pre_project_set_up_hermetic_build()
+endif()
+
+########################################################################
+#
+# Project-wide settings
+
+# Name of the project.
+#
+# CMake files in this project can refer to the root source directory
+# as ${gtest_SOURCE_DIR} and to the root binary directory as
+# ${gtest_BINARY_DIR}.
+# Language "C" is required for find_package(Threads).
+project(gtest CXX C)
+cmake_minimum_required(VERSION 2.6.2)
+
+if (COMMAND set_up_hermetic_build)
+  set_up_hermetic_build()
+endif()
+
+# Define helper functions and macros used by Google Test.
+include(cmake/internal_utils.cmake)
+
+config_compiler_and_linker()  # Defined in internal_utils.cmake.
+
+# Where Google Test's .h files can be found.
+include_directories(
+  ${gtest_SOURCE_DIR}/include
+  ${gtest_SOURCE_DIR})
+
+# Where Google Test's libraries can be found.
+link_directories(${gtest_BINARY_DIR}/src)
+
+# Summary of tuple support for Microsoft Visual Studio:
+# Compiler    version(MS)  version(cmake)  Support
+# ----------  -----------  --------------  -----------------------------
+# <= VS 2010  <= 10        <= 1600         Use Google Tests's own tuple.
+# VS 2012     11           1700            std::tr1::tuple + _VARIADIC_MAX=10
+# VS 2013     12           1800            std::tr1::tuple
+if (MSVC AND MSVC_VERSION EQUAL 1700)
+  add_definitions(/D _VARIADIC_MAX=10)
+endif()
+
+########################################################################
+#
+# Defines the gtest & gtest_main libraries.  User tests should link
+# with one of them.
+
+# Google Test libraries.  We build them using more strict warnings than what
+# are used for other targets, to ensure that gtest can be compiled by a user
+# aggressive about warnings.
+cxx_library(gtest "${cxx_strict}" src/gtest-all.cc)
+cxx_library(gtest_main "${cxx_strict}" src/gtest_main.cc)
+target_link_libraries(gtest_main gtest)
+
+########################################################################
+#
+# Samples on how to link user tests with gtest or gtest_main.
+#
+# They are not built by default.  To build them, set the
+# gtest_build_samples option to ON.  You can do it by running ccmake
+# or specifying the -Dgtest_build_samples=ON flag when running cmake.
+
+if (gtest_build_samples)
+  cxx_executable(sample1_unittest samples gtest_main samples/sample1.cc)
+  cxx_executable(sample2_unittest samples gtest_main samples/sample2.cc)
+  cxx_executable(sample3_unittest samples gtest_main)
+  cxx_executable(sample4_unittest samples gtest_main samples/sample4.cc)
+  cxx_executable(sample5_unittest samples gtest_main samples/sample1.cc)
+  cxx_executable(sample6_unittest samples gtest_main)
+  cxx_executable(sample7_unittest samples gtest_main)
+  cxx_executable(sample8_unittest samples gtest_main)
+  cxx_executable(sample9_unittest samples gtest)
+  cxx_executable(sample10_unittest samples gtest)
+endif()
+
+########################################################################
+#
+# Google Test's own tests.
+#
+# You can skip this section if you aren't interested in testing
+# Google Test itself.
+#
+# The tests are not built by default.  To build them, set the
+# gtest_build_tests option to ON.  You can do it by running ccmake
+# or specifying the -Dgtest_build_tests=ON flag when running cmake.
+
+if (gtest_build_tests)
+  # This must be set in the root directory for the tests to be run by
+  # 'make test' or ctest.
+  enable_testing()
+
+  ############################################################
+  # C++ tests built with standard compiler flags.
+
+  cxx_test(gtest-death-test_test gtest_main)
+  cxx_test(gtest_environment_test gtest)
+  cxx_test(gtest-filepath_test gtest_main)
+  cxx_test(gtest-linked_ptr_test gtest_main)
+  cxx_test(gtest-listener_test gtest_main)
+  cxx_test(gtest_main_unittest gtest_main)
+  cxx_test(gtest-message_test gtest_main)
+  cxx_test(gtest_no_test_unittest gtest)
+  cxx_test(gtest-options_test gtest_main)
+  cxx_test(gtest-param-test_test gtest
+    test/gtest-param-test2_test.cc)
+  cxx_test(gtest-port_test gtest_main)
+  cxx_test(gtest_pred_impl_unittest gtest_main)
+  cxx_test(gtest_premature_exit_test gtest
+    test/gtest_premature_exit_test.cc)
+  cxx_test(gtest-printers_test gtest_main)
+  cxx_test(gtest_prod_test gtest_main
+    test/production.cc)
+  cxx_test(gtest_repeat_test gtest)
+  cxx_test(gtest_sole_header_test gtest_main)
+  cxx_test(gtest_stress_test gtest)
+  cxx_test(gtest-test-part_test gtest_main)
+  cxx_test(gtest_throw_on_failure_ex_test gtest)
+  cxx_test(gtest-typed-test_test gtest_main
+    test/gtest-typed-test2_test.cc)
+  cxx_test(gtest_unittest gtest_main)
+  cxx_test(gtest-unittest-api_test gtest)
+
+  ############################################################
+  # C++ tests built with non-standard compiler flags.
+
+  # MSVC 7.1 does not support STL with exceptions disabled.
+  if (NOT MSVC OR MSVC_VERSION GREATER 1310)
+    cxx_library(gtest_no_exception "${cxx_no_exception}"
+      src/gtest-all.cc)
+    cxx_library(gtest_main_no_exception "${cxx_no_exception}"
+      src/gtest-all.cc src/gtest_main.cc)
+  endif()
+  cxx_library(gtest_main_no_rtti "${cxx_no_rtti}"
+    src/gtest-all.cc src/gtest_main.cc)
+
+  cxx_test_with_flags(gtest-death-test_ex_nocatch_test
+    "${cxx_exception} -DGTEST_ENABLE_CATCH_EXCEPTIONS_=0"
+    gtest test/gtest-death-test_ex_test.cc)
+  cxx_test_with_flags(gtest-death-test_ex_catch_test
+    "${cxx_exception} -DGTEST_ENABLE_CATCH_EXCEPTIONS_=1"
+    gtest test/gtest-death-test_ex_test.cc)
+
+  cxx_test_with_flags(gtest_no_rtti_unittest "${cxx_no_rtti}"
+    gtest_main_no_rtti test/gtest_unittest.cc)
+
+  cxx_shared_library(gtest_dll "${cxx_default}"
+    src/gtest-all.cc src/gtest_main.cc)
+
+  cxx_executable_with_flags(gtest_dll_test_ "${cxx_default}"
+    gtest_dll test/gtest_all_test.cc)
+  set_target_properties(gtest_dll_test_
+                        PROPERTIES
+                        COMPILE_DEFINITIONS "GTEST_LINKED_AS_SHARED_LIBRARY=1")
+
+  if (NOT MSVC OR MSVC_VERSION LESS 1600)  # 1600 is Visual Studio 2010.
+    # Visual Studio 2010, 2012, and 2013 define symbols in std::tr1 that
+    # conflict with our own definitions. Therefore using our own tuple does not
+    # work on those compilers.
+    cxx_library(gtest_main_use_own_tuple "${cxx_use_own_tuple}"
+      src/gtest-all.cc src/gtest_main.cc)
+
+    cxx_test_with_flags(gtest-tuple_test "${cxx_use_own_tuple}"
+      gtest_main_use_own_tuple test/gtest-tuple_test.cc)
+
+    cxx_test_with_flags(gtest_use_own_tuple_test "${cxx_use_own_tuple}"
+      gtest_main_use_own_tuple
+      test/gtest-param-test_test.cc test/gtest-param-test2_test.cc)
+  endif()
+
+  ############################################################
+  # Python tests.
+
+  cxx_executable(gtest_break_on_failure_unittest_ test gtest)
+  py_test(gtest_break_on_failure_unittest)
+
+  # Visual Studio .NET 2003 does not support STL with exceptions disabled.
+  if (NOT MSVC OR MSVC_VERSION GREATER 1310)  # 1310 is Visual Studio .NET 2003
+    cxx_executable_with_flags(
+      gtest_catch_exceptions_no_ex_test_
+      "${cxx_no_exception}"
+      gtest_main_no_exception
+      test/gtest_catch_exceptions_test_.cc)
+  endif()
+
+  cxx_executable_with_flags(
+    gtest_catch_exceptions_ex_test_
+    "${cxx_exception}"
+    gtest_main
+    test/gtest_catch_exceptions_test_.cc)
+  py_test(gtest_catch_exceptions_test)
+
+  cxx_executable(gtest_color_test_ test gtest)
+  py_test(gtest_color_test)
+
+  cxx_executable(gtest_env_var_test_ test gtest)
+  py_test(gtest_env_var_test)
+
+  cxx_executable(gtest_filter_unittest_ test gtest)
+  py_test(gtest_filter_unittest)
+
+  cxx_executable(gtest_help_test_ test gtest_main)
+  py_test(gtest_help_test)
+
+  cxx_executable(gtest_list_tests_unittest_ test gtest)
+  py_test(gtest_list_tests_unittest)
+
+  cxx_executable(gtest_output_test_ test gtest)
+  py_test(gtest_output_test)
+
+  cxx_executable(gtest_shuffle_test_ test gtest)
+  py_test(gtest_shuffle_test)
+
+  # MSVC 7.1 does not support STL with exceptions disabled.
+  if (NOT MSVC OR MSVC_VERSION GREATER 1310)
+    cxx_executable(gtest_throw_on_failure_test_ test gtest_no_exception)
+    set_target_properties(gtest_throw_on_failure_test_
+      PROPERTIES
+      COMPILE_FLAGS "${cxx_no_exception}")
+    py_test(gtest_throw_on_failure_test)
+  endif()
+
+  cxx_executable(gtest_uninitialized_test_ test gtest)
+  py_test(gtest_uninitialized_test)
+
+  cxx_executable(gtest_xml_outfile1_test_ test gtest_main)
+  cxx_executable(gtest_xml_outfile2_test_ test gtest_main)
+  py_test(gtest_xml_outfiles_test)
+
+  cxx_executable(gtest_xml_output_unittest_ test gtest)
+  py_test(gtest_xml_output_unittest)
+endif()
diff --git a/nss/external_tests/google_test/gtest/CONTRIBUTORS b/nss/external_tests/google_test/gtest/CONTRIBUTORS
new file mode 100644
index 0000000..feae2fc
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/CONTRIBUTORS
@@ -0,0 +1,37 @@
+# This file contains a list of people who've made non-trivial
+# contribution to the Google C++ Testing Framework project.  People
+# who commit code to the project are encouraged to add their names
+# here.  Please keep the list sorted by first names.
+
+Ajay Joshi <jaj@google.com>
+Balázs Dán <balazs.dan@gmail.com>
+Bharat Mediratta <bharat@menalto.com>
+Chandler Carruth <chandlerc@google.com>
+Chris Prince <cprince@google.com>
+Chris Taylor <taylorc@google.com>
+Dan Egnor <egnor@google.com>
+Eric Roman <eroman@chromium.org>
+Hady Zalek <hady.zalek@gmail.com>
+Jeffrey Yasskin <jyasskin@google.com>
+Jói Sigurðsson <joi@google.com>
+Keir Mierle <mierle@gmail.com>
+Keith Ray <keith.ray@gmail.com>
+Kenton Varda <kenton@google.com>
+Manuel Klimek <klimek@google.com>
+Markus Heule <markus.heule@gmail.com>
+Mika Raento <mikie@iki.fi>
+Miklós Fazekas <mfazekas@szemafor.com>
+Pasi Valminen <pasi.valminen@gmail.com>
+Patrick Hanna <phanna@google.com>
+Patrick Riley <pfr@google.com>
+Peter Kaminski <piotrk@google.com>
+Preston Jackson <preston.a.jackson@gmail.com>
+Rainer Klaffenboeck <rainer.klaffenboeck@dynatrace.com>
+Russ Cox <rsc@google.com>
+Russ Rufer <russ@pentad.com>
+Sean Mcafee <eefacm@gmail.com>
+Sigurður �sgeirsson <siggi@google.com>
+Tracy Bialik <tracy@pentad.com>
+Vadim Berman <vadimb@google.com>
+Vlad Losev <vladl@google.com>
+Zhanyong Wan <wan@google.com>
diff --git a/nss/external_tests/google_test/gtest/LICENSE b/nss/external_tests/google_test/gtest/LICENSE
new file mode 100644
index 0000000..1941a11
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/LICENSE
@@ -0,0 +1,28 @@
+Copyright 2008, Google Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+    * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/nss/external_tests/google_test/gtest/Makefile.am b/nss/external_tests/google_test/gtest/Makefile.am
new file mode 100644
index 0000000..9c96b42
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/Makefile.am
@@ -0,0 +1,306 @@
+# Automake file
+
+ACLOCAL_AMFLAGS = -I m4
+
+# Nonstandard package files for distribution
+EXTRA_DIST = \
+  CHANGES \
+  CONTRIBUTORS \
+  LICENSE \
+  include/gtest/gtest-param-test.h.pump \
+  include/gtest/internal/gtest-param-util-generated.h.pump \
+  include/gtest/internal/gtest-tuple.h.pump \
+  include/gtest/internal/gtest-type-util.h.pump \
+  make/Makefile \
+  scripts/fuse_gtest_files.py \
+  scripts/gen_gtest_pred_impl.py \
+  scripts/pump.py \
+  scripts/test/Makefile
+
+# gtest source files that we don't compile directly.  They are
+# #included by gtest-all.cc.
+GTEST_SRC = \
+  src/gtest-death-test.cc \
+  src/gtest-filepath.cc \
+  src/gtest-internal-inl.h \
+  src/gtest-port.cc \
+  src/gtest-printers.cc \
+  src/gtest-test-part.cc \
+  src/gtest-typed-test.cc \
+  src/gtest.cc
+
+EXTRA_DIST += $(GTEST_SRC)
+
+# Sample files that we don't compile.
+EXTRA_DIST += \
+  samples/prime_tables.h \
+  samples/sample2_unittest.cc \
+  samples/sample3_unittest.cc \
+  samples/sample4_unittest.cc \
+  samples/sample5_unittest.cc \
+  samples/sample6_unittest.cc \
+  samples/sample7_unittest.cc \
+  samples/sample8_unittest.cc \
+  samples/sample9_unittest.cc
+
+# C++ test files that we don't compile directly.
+EXTRA_DIST += \
+  test/gtest-death-test_ex_test.cc \
+  test/gtest-death-test_test.cc \
+  test/gtest-filepath_test.cc \
+  test/gtest-linked_ptr_test.cc \
+  test/gtest-listener_test.cc \
+  test/gtest-message_test.cc \
+  test/gtest-options_test.cc \
+  test/gtest-param-test2_test.cc \
+  test/gtest-param-test2_test.cc \
+  test/gtest-param-test_test.cc \
+  test/gtest-param-test_test.cc \
+  test/gtest-param-test_test.h \
+  test/gtest-port_test.cc \
+  test/gtest_premature_exit_test.cc \
+  test/gtest-printers_test.cc \
+  test/gtest-test-part_test.cc \
+  test/gtest-tuple_test.cc \
+  test/gtest-typed-test2_test.cc \
+  test/gtest-typed-test_test.cc \
+  test/gtest-typed-test_test.h \
+  test/gtest-unittest-api_test.cc \
+  test/gtest_break_on_failure_unittest_.cc \
+  test/gtest_catch_exceptions_test_.cc \
+  test/gtest_color_test_.cc \
+  test/gtest_env_var_test_.cc \
+  test/gtest_environment_test.cc \
+  test/gtest_filter_unittest_.cc \
+  test/gtest_help_test_.cc \
+  test/gtest_list_tests_unittest_.cc \
+  test/gtest_main_unittest.cc \
+  test/gtest_no_test_unittest.cc \
+  test/gtest_output_test_.cc \
+  test/gtest_pred_impl_unittest.cc \
+  test/gtest_prod_test.cc \
+  test/gtest_repeat_test.cc \
+  test/gtest_shuffle_test_.cc \
+  test/gtest_sole_header_test.cc \
+  test/gtest_stress_test.cc \
+  test/gtest_throw_on_failure_ex_test.cc \
+  test/gtest_throw_on_failure_test_.cc \
+  test/gtest_uninitialized_test_.cc \
+  test/gtest_unittest.cc \
+  test/gtest_unittest.cc \
+  test/gtest_xml_outfile1_test_.cc \
+  test/gtest_xml_outfile2_test_.cc \
+  test/gtest_xml_output_unittest_.cc \
+  test/production.cc \
+  test/production.h
+
+# Python tests that we don't run.
+EXTRA_DIST += \
+  test/gtest_break_on_failure_unittest.py \
+  test/gtest_catch_exceptions_test.py \
+  test/gtest_color_test.py \
+  test/gtest_env_var_test.py \
+  test/gtest_filter_unittest.py \
+  test/gtest_help_test.py \
+  test/gtest_list_tests_unittest.py \
+  test/gtest_output_test.py \
+  test/gtest_output_test_golden_lin.txt \
+  test/gtest_shuffle_test.py \
+  test/gtest_test_utils.py \
+  test/gtest_throw_on_failure_test.py \
+  test/gtest_uninitialized_test.py \
+  test/gtest_xml_outfiles_test.py \
+  test/gtest_xml_output_unittest.py \
+  test/gtest_xml_test_utils.py
+
+# CMake script
+EXTRA_DIST += \
+  CMakeLists.txt \
+  cmake/internal_utils.cmake
+
+# MSVC project files
+EXTRA_DIST += \
+  msvc/gtest-md.sln \
+  msvc/gtest-md.vcproj \
+  msvc/gtest.sln \
+  msvc/gtest.vcproj \
+  msvc/gtest_main-md.vcproj \
+  msvc/gtest_main.vcproj \
+  msvc/gtest_prod_test-md.vcproj \
+  msvc/gtest_prod_test.vcproj \
+  msvc/gtest_unittest-md.vcproj \
+  msvc/gtest_unittest.vcproj
+
+# xcode project files
+EXTRA_DIST += \
+  xcode/Config/DebugProject.xcconfig \
+  xcode/Config/FrameworkTarget.xcconfig \
+  xcode/Config/General.xcconfig \
+  xcode/Config/ReleaseProject.xcconfig \
+  xcode/Config/StaticLibraryTarget.xcconfig \
+  xcode/Config/TestTarget.xcconfig \
+  xcode/Resources/Info.plist \
+  xcode/Scripts/runtests.sh \
+  xcode/Scripts/versiongenerate.py \
+  xcode/gtest.xcodeproj/project.pbxproj
+
+# xcode sample files
+EXTRA_DIST += \
+  xcode/Samples/FrameworkSample/Info.plist \
+  xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj \
+  xcode/Samples/FrameworkSample/runtests.sh \
+  xcode/Samples/FrameworkSample/widget.cc \
+  xcode/Samples/FrameworkSample/widget.h \
+  xcode/Samples/FrameworkSample/widget_test.cc
+
+# C++Builder project files
+EXTRA_DIST += \
+  codegear/gtest.cbproj \
+  codegear/gtest.groupproj \
+  codegear/gtest_all.cc \
+  codegear/gtest_link.cc \
+  codegear/gtest_main.cbproj \
+  codegear/gtest_unittest.cbproj
+
+# Distribute and install M4 macro
+m4datadir = $(datadir)/aclocal
+m4data_DATA = m4/gtest.m4
+EXTRA_DIST += $(m4data_DATA)
+
+# We define the global AM_CPPFLAGS as everything we compile includes from these
+# directories.
+AM_CPPFLAGS = -I$(srcdir) -I$(srcdir)/include
+
+# Modifies compiler and linker flags for pthreads compatibility.
+if HAVE_PTHREADS
+  AM_CXXFLAGS = @PTHREAD_CFLAGS@ -DGTEST_HAS_PTHREAD=1
+  AM_LIBS = @PTHREAD_LIBS@
+else
+  AM_CXXFLAGS = -DGTEST_HAS_PTHREAD=0
+endif
+
+# Build rules for libraries.
+lib_LTLIBRARIES = lib/libgtest.la lib/libgtest_main.la
+
+lib_libgtest_la_SOURCES = src/gtest-all.cc
+
+pkginclude_HEADERS = \
+  include/gtest/gtest-death-test.h \
+  include/gtest/gtest-message.h \
+  include/gtest/gtest-param-test.h \
+  include/gtest/gtest-printers.h \
+  include/gtest/gtest-spi.h \
+  include/gtest/gtest-test-part.h \
+  include/gtest/gtest-typed-test.h \
+  include/gtest/gtest.h \
+  include/gtest/gtest_pred_impl.h \
+  include/gtest/gtest_prod.h
+
+pkginclude_internaldir = $(pkgincludedir)/internal
+pkginclude_internal_HEADERS = \
+  include/gtest/internal/gtest-death-test-internal.h \
+  include/gtest/internal/gtest-filepath.h \
+  include/gtest/internal/gtest-internal.h \
+  include/gtest/internal/gtest-linked_ptr.h \
+  include/gtest/internal/gtest-param-util-generated.h \
+  include/gtest/internal/gtest-param-util.h \
+  include/gtest/internal/gtest-port.h \
+  include/gtest/internal/gtest-string.h \
+  include/gtest/internal/gtest-tuple.h \
+  include/gtest/internal/gtest-type-util.h
+
+lib_libgtest_main_la_SOURCES = src/gtest_main.cc
+lib_libgtest_main_la_LIBADD = lib/libgtest.la
+
+# Bulid rules for samples and tests. Automake's naming for some of
+# these variables isn't terribly obvious, so this is a brief
+# reference:
+#
+# TESTS -- Programs run automatically by "make check"
+# check_PROGRAMS -- Programs built by "make check" but not necessarily run
+
+noinst_LTLIBRARIES = samples/libsamples.la
+
+samples_libsamples_la_SOURCES = \
+  samples/sample1.cc \
+  samples/sample1.h \
+  samples/sample2.cc \
+  samples/sample2.h \
+  samples/sample3-inl.h \
+  samples/sample4.cc \
+  samples/sample4.h
+
+TESTS=
+TESTS_ENVIRONMENT = GTEST_SOURCE_DIR="$(srcdir)/test" \
+                    GTEST_BUILD_DIR="$(top_builddir)/test"
+check_PROGRAMS=
+
+# A simple sample on using gtest.
+TESTS += samples/sample1_unittest
+check_PROGRAMS += samples/sample1_unittest
+samples_sample1_unittest_SOURCES = samples/sample1_unittest.cc
+samples_sample1_unittest_LDADD = lib/libgtest_main.la \
+                                 lib/libgtest.la \
+                                 samples/libsamples.la
+
+# Another sample.  It also verifies that libgtest works.
+TESTS += samples/sample10_unittest
+check_PROGRAMS += samples/sample10_unittest
+samples_sample10_unittest_SOURCES = samples/sample10_unittest.cc
+samples_sample10_unittest_LDADD = lib/libgtest.la
+
+# This tests most constructs of gtest and verifies that libgtest_main
+# and libgtest work.
+TESTS += test/gtest_all_test
+check_PROGRAMS += test/gtest_all_test
+test_gtest_all_test_SOURCES = test/gtest_all_test.cc
+test_gtest_all_test_LDADD = lib/libgtest_main.la \
+                            lib/libgtest.la
+
+# Tests that fused gtest files compile and work.
+FUSED_GTEST_SRC = \
+  fused-src/gtest/gtest-all.cc \
+  fused-src/gtest/gtest.h \
+  fused-src/gtest/gtest_main.cc
+
+if HAVE_PYTHON
+TESTS += test/fused_gtest_test
+check_PROGRAMS += test/fused_gtest_test
+test_fused_gtest_test_SOURCES = $(FUSED_GTEST_SRC) \
+                                samples/sample1.cc samples/sample1_unittest.cc
+test_fused_gtest_test_CPPFLAGS = -I"$(srcdir)/fused-src"
+
+# Build rules for putting fused Google Test files into the distribution
+# package. The user can also create those files by manually running
+# scripts/fuse_gtest_files.py.
+$(test_fused_gtest_test_SOURCES): fused-gtest
+
+fused-gtest: $(pkginclude_HEADERS) $(pkginclude_internal_HEADERS) \
+             $(GTEST_SRC) src/gtest-all.cc src/gtest_main.cc \
+             scripts/fuse_gtest_files.py
+	mkdir -p "$(srcdir)/fused-src"
+	chmod -R u+w "$(srcdir)/fused-src"
+	rm -f "$(srcdir)/fused-src/gtest/gtest-all.cc"
+	rm -f "$(srcdir)/fused-src/gtest/gtest.h"
+	"$(srcdir)/scripts/fuse_gtest_files.py" "$(srcdir)/fused-src"
+	cp -f "$(srcdir)/src/gtest_main.cc" "$(srcdir)/fused-src/gtest/"
+
+maintainer-clean-local:
+	rm -rf "$(srcdir)/fused-src"
+endif
+
+# Death tests may produce core dumps in the build directory. In case
+# this happens, clean them to keep distcleancheck happy.
+CLEANFILES = core
+
+# Disables 'make install' as installing a compiled version of Google
+# Test can lead to undefined behavior due to violation of the
+# One-Definition Rule.
+
+install-exec-local:
+	echo "'make install' is dangerous and not supported. Instead, see README for how to integrate Google Test into your build system."
+	false
+
+install-data-local:
+	echo "'make install' is dangerous and not supported. Instead, see README for how to integrate Google Test into your build system."
+	false
diff --git a/nss/external_tests/google_test/gtest/README b/nss/external_tests/google_test/gtest/README
new file mode 100644
index 0000000..404bf3b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/README
@@ -0,0 +1,435 @@
+Google C++ Testing Framework
+============================
+
+http://code.google.com/p/googletest/
+
+Overview
+--------
+
+Google's framework for writing C++ tests on a variety of platforms
+(Linux, Mac OS X, Windows, Windows CE, Symbian, etc).  Based on the
+xUnit architecture.  Supports automatic test discovery, a rich set of
+assertions, user-defined assertions, death tests, fatal and non-fatal
+failures, various options for running the tests, and XML test report
+generation.
+
+Please see the project page above for more information as well as the
+mailing list for questions, discussions, and development.  There is
+also an IRC channel on OFTC (irc.oftc.net) #gtest available.  Please
+join us!
+
+Requirements for End Users
+--------------------------
+
+Google Test is designed to have fairly minimal requirements to build
+and use with your projects, but there are some.  Currently, we support
+Linux, Windows, Mac OS X, and Cygwin.  We will also make our best
+effort to support other platforms (e.g. Solaris, AIX, and z/OS).
+However, since core members of the Google Test project have no access
+to these platforms, Google Test may have outstanding issues there.  If
+you notice any problems on your platform, please notify
+googletestframework@googlegroups.com.  Patches for fixing them are
+even more welcome!
+
+### Linux Requirements ###
+
+These are the base requirements to build and use Google Test from a source
+package (as described below):
+  * GNU-compatible Make or gmake
+  * POSIX-standard shell
+  * POSIX(-2) Regular Expressions (regex.h)
+  * A C++98-standard-compliant compiler
+
+### Windows Requirements ###
+
+  * Microsoft Visual C++ 7.1 or newer
+
+### Cygwin Requirements ###
+
+  * Cygwin 1.5.25-14 or newer
+
+### Mac OS X Requirements ###
+
+  * Mac OS X 10.4 Tiger or newer
+  * Developer Tools Installed
+
+Also, you'll need CMake 2.6.4 or higher if you want to build the
+samples using the provided CMake script, regardless of the platform.
+
+Requirements for Contributors
+-----------------------------
+
+We welcome patches.  If you plan to contribute a patch, you need to
+build Google Test and its own tests from an SVN checkout (described
+below), which has further requirements:
+
+  * Python version 2.3 or newer (for running some of the tests and
+    re-generating certain source files from templates)
+  * CMake 2.6.4 or newer
+
+Getting the Source
+------------------
+
+There are two primary ways of getting Google Test's source code: you
+can download a stable source release in your preferred archive format,
+or directly check out the source from our Subversion (SVN) repository.
+The SVN checkout requires a few extra steps and some extra software
+packages on your system, but lets you track the latest development and
+make patches much more easily, so we highly encourage it.
+
+### Source Package ###
+
+Google Test is released in versioned source packages which can be
+downloaded from the download page [1].  Several different archive
+formats are provided, but the only difference is the tools used to
+manipulate them, and the size of the resulting file.  Download
+whichever you are most comfortable with.
+
+  [1] http://code.google.com/p/googletest/downloads/list
+
+Once the package is downloaded, expand it using whichever tools you
+prefer for that type.  This will result in a new directory with the
+name "gtest-X.Y.Z" which contains all of the source code.  Here are
+some examples on Linux:
+
+  tar -xvzf gtest-X.Y.Z.tar.gz
+  tar -xvjf gtest-X.Y.Z.tar.bz2
+  unzip gtest-X.Y.Z.zip
+
+### SVN Checkout ###
+
+To check out the main branch (also known as the "trunk") of Google
+Test, run the following Subversion command:
+
+  svn checkout http://googletest.googlecode.com/svn/trunk/ gtest-svn
+
+Setting up the Build
+--------------------
+
+To build Google Test and your tests that use it, you need to tell your
+build system where to find its headers and source files.  The exact
+way to do it depends on which build system you use, and is usually
+straightforward.
+
+### Generic Build Instructions ###
+
+Suppose you put Google Test in directory ${GTEST_DIR}.  To build it,
+create a library build target (or a project as called by Visual Studio
+and Xcode) to compile
+
+  ${GTEST_DIR}/src/gtest-all.cc
+
+with ${GTEST_DIR}/include in the system header search path and ${GTEST_DIR}
+in the normal header search path.  Assuming a Linux-like system and gcc,
+something like the following will do:
+
+  g++ -isystem ${GTEST_DIR}/include -I${GTEST_DIR} \
+      -pthread -c ${GTEST_DIR}/src/gtest-all.cc
+  ar -rv libgtest.a gtest-all.o
+
+(We need -pthread as Google Test uses threads.)
+
+Next, you should compile your test source file with
+${GTEST_DIR}/include in the system header search path, and link it
+with gtest and any other necessary libraries:
+
+  g++ -isystem ${GTEST_DIR}/include -pthread path/to/your_test.cc libgtest.a \
+      -o your_test
+
+As an example, the make/ directory contains a Makefile that you can
+use to build Google Test on systems where GNU make is available
+(e.g. Linux, Mac OS X, and Cygwin).  It doesn't try to build Google
+Test's own tests.  Instead, it just builds the Google Test library and
+a sample test.  You can use it as a starting point for your own build
+script.
+
+If the default settings are correct for your environment, the
+following commands should succeed:
+
+  cd ${GTEST_DIR}/make
+  make
+  ./sample1_unittest
+
+If you see errors, try to tweak the contents of make/Makefile to make
+them go away.  There are instructions in make/Makefile on how to do
+it.
+
+### Using CMake ###
+
+Google Test comes with a CMake build script (CMakeLists.txt) that can
+be used on a wide range of platforms ("C" stands for cross-platform.).
+If you don't have CMake installed already, you can download it for
+free from http://www.cmake.org/.
+
+CMake works by generating native makefiles or build projects that can
+be used in the compiler environment of your choice.  The typical
+workflow starts with:
+
+  mkdir mybuild       # Create a directory to hold the build output.
+  cd mybuild
+  cmake ${GTEST_DIR}  # Generate native build scripts.
+
+If you want to build Google Test's samples, you should replace the
+last command with
+
+  cmake -Dgtest_build_samples=ON ${GTEST_DIR}
+
+If you are on a *nix system, you should now see a Makefile in the
+current directory.  Just type 'make' to build gtest.
+
+If you use Windows and have Visual Studio installed, a gtest.sln file
+and several .vcproj files will be created.  You can then build them
+using Visual Studio.
+
+On Mac OS X with Xcode installed, a .xcodeproj file will be generated.
+
+### Legacy Build Scripts ###
+
+Before settling on CMake, we have been providing hand-maintained build
+projects/scripts for Visual Studio, Xcode, and Autotools.  While we
+continue to provide them for convenience, they are not actively
+maintained any more.  We highly recommend that you follow the
+instructions in the previous two sections to integrate Google Test
+with your existing build system.
+
+If you still need to use the legacy build scripts, here's how:
+
+The msvc\ folder contains two solutions with Visual C++ projects.
+Open the gtest.sln or gtest-md.sln file using Visual Studio, and you
+are ready to build Google Test the same way you build any Visual
+Studio project.  Files that have names ending with -md use DLL
+versions of Microsoft runtime libraries (the /MD or the /MDd compiler
+option).  Files without that suffix use static versions of the runtime
+libraries (the /MT or the /MTd option).  Please note that one must use
+the same option to compile both gtest and the test code.  If you use
+Visual Studio 2005 or above, we recommend the -md version as /MD is
+the default for new projects in these versions of Visual Studio.
+
+On Mac OS X, open the gtest.xcodeproj in the xcode/ folder using
+Xcode.  Build the "gtest" target.  The universal binary framework will
+end up in your selected build directory (selected in the Xcode
+"Preferences..." -> "Building" pane and defaults to xcode/build).
+Alternatively, at the command line, enter:
+
+  xcodebuild
+
+This will build the "Release" configuration of gtest.framework in your
+default build location.  See the "xcodebuild" man page for more
+information about building different configurations and building in
+different locations.
+
+If you wish to use the Google Test Xcode project with Xcode 4.x and
+above, you need to either:
+ * update the SDK configuration options in xcode/Config/General.xconfig.
+   Comment options SDKROOT, MACOS_DEPLOYMENT_TARGET, and GCC_VERSION. If
+   you choose this route you lose the ability to target earlier versions
+   of MacOS X.
+ * Install an SDK for an earlier version. This doesn't appear to be
+   supported by Apple, but has been reported to work
+   (http://stackoverflow.com/questions/5378518).
+
+Tweaking Google Test
+--------------------
+
+Google Test can be used in diverse environments.  The default
+configuration may not work (or may not work well) out of the box in
+some environments.  However, you can easily tweak Google Test by
+defining control macros on the compiler command line.  Generally,
+these macros are named like GTEST_XYZ and you define them to either 1
+or 0 to enable or disable a certain feature.
+
+We list the most frequently used macros below.  For a complete list,
+see file include/gtest/internal/gtest-port.h.
+
+### Choosing a TR1 Tuple Library ###
+
+Some Google Test features require the C++ Technical Report 1 (TR1)
+tuple library, which is not yet available with all compilers.  The
+good news is that Google Test implements a subset of TR1 tuple that's
+enough for its own need, and will automatically use this when the
+compiler doesn't provide TR1 tuple.
+
+Usually you don't need to care about which tuple library Google Test
+uses.  However, if your project already uses TR1 tuple, you need to
+tell Google Test to use the same TR1 tuple library the rest of your
+project uses, or the two tuple implementations will clash.  To do
+that, add
+
+  -DGTEST_USE_OWN_TR1_TUPLE=0
+
+to the compiler flags while compiling Google Test and your tests.  If
+you want to force Google Test to use its own tuple library, just add
+
+  -DGTEST_USE_OWN_TR1_TUPLE=1
+
+to the compiler flags instead.
+
+If you don't want Google Test to use tuple at all, add
+
+  -DGTEST_HAS_TR1_TUPLE=0
+
+and all features using tuple will be disabled.
+
+### Multi-threaded Tests ###
+
+Google Test is thread-safe where the pthread library is available.
+After #include "gtest/gtest.h", you can check the GTEST_IS_THREADSAFE
+macro to see whether this is the case (yes if the macro is #defined to
+1, no if it's undefined.).
+
+If Google Test doesn't correctly detect whether pthread is available
+in your environment, you can force it with
+
+  -DGTEST_HAS_PTHREAD=1
+
+or
+
+  -DGTEST_HAS_PTHREAD=0
+
+When Google Test uses pthread, you may need to add flags to your
+compiler and/or linker to select the pthread library, or you'll get
+link errors.  If you use the CMake script or the deprecated Autotools
+script, this is taken care of for you.  If you use your own build
+script, you'll need to read your compiler and linker's manual to
+figure out what flags to add.
+
+### As a Shared Library (DLL) ###
+
+Google Test is compact, so most users can build and link it as a
+static library for the simplicity.  You can choose to use Google Test
+as a shared library (known as a DLL on Windows) if you prefer.
+
+To compile *gtest* as a shared library, add
+
+  -DGTEST_CREATE_SHARED_LIBRARY=1
+
+to the compiler flags.  You'll also need to tell the linker to produce
+a shared library instead - consult your linker's manual for how to do
+it.
+
+To compile your *tests* that use the gtest shared library, add
+
+  -DGTEST_LINKED_AS_SHARED_LIBRARY=1
+
+to the compiler flags.
+
+Note: while the above steps aren't technically necessary today when
+using some compilers (e.g. GCC), they may become necessary in the
+future, if we decide to improve the speed of loading the library (see
+http://gcc.gnu.org/wiki/Visibility for details).  Therefore you are
+recommended to always add the above flags when using Google Test as a
+shared library.  Otherwise a future release of Google Test may break
+your build script.
+
+### Avoiding Macro Name Clashes ###
+
+In C++, macros don't obey namespaces.  Therefore two libraries that
+both define a macro of the same name will clash if you #include both
+definitions.  In case a Google Test macro clashes with another
+library, you can force Google Test to rename its macro to avoid the
+conflict.
+
+Specifically, if both Google Test and some other code define macro
+FOO, you can add
+
+  -DGTEST_DONT_DEFINE_FOO=1
+
+to the compiler flags to tell Google Test to change the macro's name
+from FOO to GTEST_FOO.  Currently FOO can be FAIL, SUCCEED, or TEST.
+For example, with -DGTEST_DONT_DEFINE_TEST=1, you'll need to write
+
+  GTEST_TEST(SomeTest, DoesThis) { ... }
+
+instead of
+
+  TEST(SomeTest, DoesThis) { ... }
+
+in order to define a test.
+
+Upgrating from an Earlier Version
+---------------------------------
+
+We strive to keep Google Test releases backward compatible.
+Sometimes, though, we have to make some breaking changes for the
+users' long-term benefits.  This section describes what you'll need to
+do if you are upgrading from an earlier version of Google Test.
+
+### Upgrading from 1.3.0 or Earlier ###
+
+You may need to explicitly enable or disable Google Test's own TR1
+tuple library.  See the instructions in section "Choosing a TR1 Tuple
+Library".
+
+### Upgrading from 1.4.0 or Earlier ###
+
+The Autotools build script (configure + make) is no longer officially
+supportted.  You are encouraged to migrate to your own build system or
+use CMake.  If you still need to use Autotools, you can find
+instructions in the README file from Google Test 1.4.0.
+
+On platforms where the pthread library is available, Google Test uses
+it in order to be thread-safe.  See the "Multi-threaded Tests" section
+for what this means to your build script.
+
+If you use Microsoft Visual C++ 7.1 with exceptions disabled, Google
+Test will no longer compile.  This should affect very few people, as a
+large portion of STL (including <string>) doesn't compile in this mode
+anyway.  We decided to stop supporting it in order to greatly simplify
+Google Test's implementation.
+
+Developing Google Test
+----------------------
+
+This section discusses how to make your own changes to Google Test.
+
+### Testing Google Test Itself ###
+
+To make sure your changes work as intended and don't break existing
+functionality, you'll want to compile and run Google Test's own tests.
+For that you can use CMake:
+
+  mkdir mybuild
+  cd mybuild
+  cmake -Dgtest_build_tests=ON ${GTEST_DIR}
+
+Make sure you have Python installed, as some of Google Test's tests
+are written in Python.  If the cmake command complains about not being
+able to find Python ("Could NOT find PythonInterp (missing:
+PYTHON_EXECUTABLE)"), try telling it explicitly where your Python
+executable can be found:
+
+  cmake -DPYTHON_EXECUTABLE=path/to/python -Dgtest_build_tests=ON ${GTEST_DIR}
+
+Next, you can build Google Test and all of its own tests.  On *nix,
+this is usually done by 'make'.  To run the tests, do
+
+  make test
+
+All tests should pass.
+
+### Regenerating Source Files ###
+
+Some of Google Test's source files are generated from templates (not
+in the C++ sense) using a script.  A template file is named FOO.pump,
+where FOO is the name of the file it will generate.  For example, the
+file include/gtest/internal/gtest-type-util.h.pump is used to generate
+gtest-type-util.h in the same directory.
+
+Normally you don't need to worry about regenerating the source files,
+unless you need to modify them.  In that case, you should modify the
+corresponding .pump files instead and run the pump.py Python script to
+regenerate them.  You can find pump.py in the scripts/ directory.
+Read the Pump manual [2] for how to use it.
+
+  [2] http://code.google.com/p/googletest/wiki/PumpManual
+
+### Contributing a Patch ###
+
+We welcome patches.  Please read the Google Test developer's guide [3]
+for how you can contribute.  In particular, make sure you have signed
+the Contributor License Agreement, or we won't be able to accept the
+patch.
+
+  [3] http://code.google.com/p/googletest/wiki/GoogleTestDevGuide
+
+Happy testing!
diff --git a/nss/external_tests/google_test/gtest/build-aux/.keep b/nss/external_tests/google_test/gtest/build-aux/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/nss/external_tests/google_test/gtest/cmake/internal_utils.cmake b/nss/external_tests/google_test/gtest/cmake/internal_utils.cmake
new file mode 100644
index 0000000..93e6dbb
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/cmake/internal_utils.cmake
@@ -0,0 +1,242 @@
+# Defines functions and macros useful for building Google Test and
+# Google Mock.
+#
+# Note:
+#
+# - This file will be run twice when building Google Mock (once via
+#   Google Test's CMakeLists.txt, and once via Google Mock's).
+#   Therefore it shouldn't have any side effects other than defining
+#   the functions and macros.
+#
+# - The functions/macros defined in this file may depend on Google
+#   Test and Google Mock's option() definitions, and thus must be
+#   called *after* the options have been defined.
+
+# Tweaks CMake's default compiler/linker settings to suit Google Test's needs.
+#
+# This must be a macro(), as inside a function string() can only
+# update variables in the function scope.
+macro(fix_default_compiler_settings_)
+  if (MSVC)
+    # For MSVC, CMake sets certain flags to defaults we want to override.
+    # This replacement code is taken from sample in the CMake Wiki at
+    # http://www.cmake.org/Wiki/CMake_FAQ#Dynamic_Replace.
+    foreach (flag_var
+             CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_DEBUG CMAKE_CXX_FLAGS_RELEASE
+             CMAKE_CXX_FLAGS_MINSIZEREL CMAKE_CXX_FLAGS_RELWITHDEBINFO)
+      if (NOT BUILD_SHARED_LIBS AND NOT gtest_force_shared_crt)
+        # When Google Test is built as a shared library, it should also use
+        # shared runtime libraries.  Otherwise, it may end up with multiple
+        # copies of runtime library data in different modules, resulting in
+        # hard-to-find crashes. When it is built as a static library, it is
+        # preferable to use CRT as static libraries, as we don't have to rely
+        # on CRT DLLs being available. CMake always defaults to using shared
+        # CRT libraries, so we override that default here.
+        string(REPLACE "/MD" "-MT" ${flag_var} "${${flag_var}}")
+      endif()
+
+      # We prefer more strict warning checking for building Google Test.
+      # Replaces /W3 with /W4 in defaults.
+      string(REPLACE "/W3" "/W4" ${flag_var} "${${flag_var}}")
+    endforeach()
+  endif()
+endmacro()
+
+# Defines the compiler/linker flags used to build Google Test and
+# Google Mock.  You can tweak these definitions to suit your need.  A
+# variable's value is empty before it's explicitly assigned to.
+macro(config_compiler_and_linker)
+  if (NOT gtest_disable_pthreads)
+    # Defines CMAKE_USE_PTHREADS_INIT and CMAKE_THREAD_LIBS_INIT.
+    find_package(Threads)
+  endif()
+
+  fix_default_compiler_settings_()
+  if (MSVC)
+    # Newlines inside flags variables break CMake's NMake generator.
+    # TODO(vladl@google.com): Add -RTCs and -RTCu to debug builds.
+    set(cxx_base_flags "-GS -W4 -WX -wd4251 -wd4275 -nologo -J -Zi")
+    if (MSVC_VERSION LESS 1400)  # 1400 is Visual Studio 2005
+      # Suppress spurious warnings MSVC 7.1 sometimes issues.
+      # Forcing value to bool.
+      set(cxx_base_flags "${cxx_base_flags} -wd4800")
+      # Copy constructor and assignment operator could not be generated.
+      set(cxx_base_flags "${cxx_base_flags} -wd4511 -wd4512")
+      # Compatibility warnings not applicable to Google Test.
+      # Resolved overload was found by argument-dependent lookup.
+      set(cxx_base_flags "${cxx_base_flags} -wd4675")
+    endif()
+    if (MSVC_VERSION LESS 1500)  # 1500 is Visual Studio 2008
+      # Conditional expression is constant.
+      # When compiling with /W4, we get several instances of C4127
+      # (Conditional expression is constant). In our code, we disable that
+      # warning on a case-by-case basis. However, on Visual Studio 2005,
+      # the warning fires on std::list. Therefore on that compiler and earlier,
+      # we disable the warning project-wide.
+      set(cxx_base_flags "${cxx_base_flags} -wd4127")
+    endif()
+    if (NOT (MSVC_VERSION LESS 1700))  # 1700 is Visual Studio 2012.
+      # Suppress "unreachable code" warning on VS 2012 and later.
+      # http://stackoverflow.com/questions/3232669 explains the issue.
+      set(cxx_base_flags "${cxx_base_flags} -wd4702")
+    endif()
+
+    set(cxx_base_flags "${cxx_base_flags} -D_UNICODE -DUNICODE -DWIN32 -D_WIN32")
+    set(cxx_base_flags "${cxx_base_flags} -DSTRICT -DWIN32_LEAN_AND_MEAN")
+    set(cxx_exception_flags "-EHsc -D_HAS_EXCEPTIONS=1")
+    set(cxx_no_exception_flags "-D_HAS_EXCEPTIONS=0")
+    set(cxx_no_rtti_flags "-GR-")
+  elseif (CMAKE_COMPILER_IS_GNUCXX)
+    set(cxx_base_flags "-Wall -Wshadow")
+    set(cxx_exception_flags "-fexceptions")
+    set(cxx_no_exception_flags "-fno-exceptions")
+    # Until version 4.3.2, GCC doesn't define a macro to indicate
+    # whether RTTI is enabled.  Therefore we define GTEST_HAS_RTTI
+    # explicitly.
+    set(cxx_no_rtti_flags "-fno-rtti -DGTEST_HAS_RTTI=0")
+    set(cxx_strict_flags
+      "-Wextra -Wno-unused-parameter -Wno-missing-field-initializers")
+  elseif (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro")
+    set(cxx_exception_flags "-features=except")
+    # Sun Pro doesn't provide macros to indicate whether exceptions and
+    # RTTI are enabled, so we define GTEST_HAS_* explicitly.
+    set(cxx_no_exception_flags "-features=no%except -DGTEST_HAS_EXCEPTIONS=0")
+    set(cxx_no_rtti_flags "-features=no%rtti -DGTEST_HAS_RTTI=0")
+  elseif (CMAKE_CXX_COMPILER_ID STREQUAL "VisualAge" OR
+      CMAKE_CXX_COMPILER_ID STREQUAL "XL")
+    # CMake 2.8 changes Visual Age's compiler ID to "XL".
+    set(cxx_exception_flags "-qeh")
+    set(cxx_no_exception_flags "-qnoeh")
+    # Until version 9.0, Visual Age doesn't define a macro to indicate
+    # whether RTTI is enabled.  Therefore we define GTEST_HAS_RTTI
+    # explicitly.
+    set(cxx_no_rtti_flags "-qnortti -DGTEST_HAS_RTTI=0")
+  elseif (CMAKE_CXX_COMPILER_ID STREQUAL "HP")
+    set(cxx_base_flags "-AA -mt")
+    set(cxx_exception_flags "-DGTEST_HAS_EXCEPTIONS=1")
+    set(cxx_no_exception_flags "+noeh -DGTEST_HAS_EXCEPTIONS=0")
+    # RTTI can not be disabled in HP aCC compiler.
+    set(cxx_no_rtti_flags "")
+  endif()
+
+  if (CMAKE_USE_PTHREADS_INIT)  # The pthreads library is available and allowed.
+    set(cxx_base_flags "${cxx_base_flags} -DGTEST_HAS_PTHREAD=1")
+  else()
+    set(cxx_base_flags "${cxx_base_flags} -DGTEST_HAS_PTHREAD=0")
+  endif()
+
+  # For building gtest's own tests and samples.
+  set(cxx_exception "${CMAKE_CXX_FLAGS} ${cxx_base_flags} ${cxx_exception_flags}")
+  set(cxx_no_exception
+    "${CMAKE_CXX_FLAGS} ${cxx_base_flags} ${cxx_no_exception_flags}")
+  set(cxx_default "${cxx_exception}")
+  set(cxx_no_rtti "${cxx_default} ${cxx_no_rtti_flags}")
+  set(cxx_use_own_tuple "${cxx_default} -DGTEST_USE_OWN_TR1_TUPLE=1")
+
+  # For building the gtest libraries.
+  set(cxx_strict "${cxx_default} ${cxx_strict_flags}")
+endmacro()
+
+# Defines the gtest & gtest_main libraries.  User tests should link
+# with one of them.
+function(cxx_library_with_type name type cxx_flags)
+  # type can be either STATIC or SHARED to denote a static or shared library.
+  # ARGN refers to additional arguments after 'cxx_flags'.
+  add_library(${name} ${type} ${ARGN})
+  set_target_properties(${name}
+    PROPERTIES
+    COMPILE_FLAGS "${cxx_flags}")
+  if (BUILD_SHARED_LIBS OR type STREQUAL "SHARED")
+    set_target_properties(${name}
+      PROPERTIES
+      COMPILE_DEFINITIONS "GTEST_CREATE_SHARED_LIBRARY=1")
+  endif()
+  if (CMAKE_USE_PTHREADS_INIT)
+    target_link_libraries(${name} ${CMAKE_THREAD_LIBS_INIT})
+  endif()
+endfunction()
+
+########################################################################
+#
+# Helper functions for creating build targets.
+
+function(cxx_shared_library name cxx_flags)
+  cxx_library_with_type(${name} SHARED "${cxx_flags}" ${ARGN})
+endfunction()
+
+function(cxx_library name cxx_flags)
+  cxx_library_with_type(${name} "" "${cxx_flags}" ${ARGN})
+endfunction()
+
+# cxx_executable_with_flags(name cxx_flags libs srcs...)
+#
+# creates a named C++ executable that depends on the given libraries and
+# is built from the given source files with the given compiler flags.
+function(cxx_executable_with_flags name cxx_flags libs)
+  add_executable(${name} ${ARGN})
+  if (cxx_flags)
+    set_target_properties(${name}
+      PROPERTIES
+      COMPILE_FLAGS "${cxx_flags}")
+  endif()
+  if (BUILD_SHARED_LIBS)
+    set_target_properties(${name}
+      PROPERTIES
+      COMPILE_DEFINITIONS "GTEST_LINKED_AS_SHARED_LIBRARY=1")
+  endif()
+  # To support mixing linking in static and dynamic libraries, link each
+  # library in with an extra call to target_link_libraries.
+  foreach (lib "${libs}")
+    target_link_libraries(${name} ${lib})
+  endforeach()
+endfunction()
+
+# cxx_executable(name dir lib srcs...)
+#
+# creates a named target that depends on the given libs and is built
+# from the given source files.  dir/name.cc is implicitly included in
+# the source file list.
+function(cxx_executable name dir libs)
+  cxx_executable_with_flags(
+    ${name} "${cxx_default}" "${libs}" "${dir}/${name}.cc" ${ARGN})
+endfunction()
+
+# Sets PYTHONINTERP_FOUND and PYTHON_EXECUTABLE.
+find_package(PythonInterp)
+
+# cxx_test_with_flags(name cxx_flags libs srcs...)
+#
+# creates a named C++ test that depends on the given libs and is built
+# from the given source files with the given compiler flags.
+function(cxx_test_with_flags name cxx_flags libs)
+  cxx_executable_with_flags(${name} "${cxx_flags}" "${libs}" ${ARGN})
+  add_test(${name} ${name})
+endfunction()
+
+# cxx_test(name libs srcs...)
+#
+# creates a named test target that depends on the given libs and is
+# built from the given source files.  Unlike cxx_test_with_flags,
+# test/name.cc is already implicitly included in the source file list.
+function(cxx_test name libs)
+  cxx_test_with_flags("${name}" "${cxx_default}" "${libs}"
+    "test/${name}.cc" ${ARGN})
+endfunction()
+
+# py_test(name)
+#
+# creates a Python test with the given name whose main module is in
+# test/name.py.  It does nothing if Python is not installed.
+function(py_test name)
+  # We are not supporting Python tests on Linux yet as they consider
+  # all Linux environments to be google3 and try to use google3 features.
+  if (PYTHONINTERP_FOUND)
+    # ${CMAKE_BINARY_DIR} is known at configuration time, so we can
+    # directly bind it from cmake. ${CTEST_CONFIGURATION_TYPE} is known
+    # only at ctest runtime (by calling ctest -c <Configuration>), so
+    # we have to escape $ to delay variable substitution here.
+    add_test(${name}
+      ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/test/${name}.py
+          --build_dir=${CMAKE_CURRENT_BINARY_DIR}/\${CTEST_CONFIGURATION_TYPE})
+  endif()
+endfunction()
diff --git a/nss/external_tests/google_test/gtest/codegear/gtest.cbproj b/nss/external_tests/google_test/gtest/codegear/gtest.cbproj
new file mode 100644
index 0000000..95c3054
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/codegear/gtest.cbproj
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{bca37a72-5b07-46cf-b44e-89f8e06451a2}</ProjectGuid>
+    <Config Condition="'$(Config)'==''">Release</Config>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Base' or '$(Base)'!=''">
+    <Base>true</Base>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Debug' or '$(Cfg_1)'!=''">
+    <Base>true</Base>
+    <Cfg_1>true</Cfg_1>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Release' or '$(Cfg_2)'!=''">
+    <Base>true</Base>
+    <Cfg_2>true</Cfg_2>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Base)'!=''">
+    <BCC_OptimizeForSpeed>true</BCC_OptimizeForSpeed>
+    <OutputExt>lib</OutputExt>
+    <DCC_CBuilderOutput>JPHNE</DCC_CBuilderOutput>
+    <Defines>NO_STRICT</Defines>
+    <DynamicRTL>true</DynamicRTL>
+    <UsePackages>true</UsePackages>
+    <ProjectType>CppStaticLibrary</ProjectType>
+    <BCC_CPPCompileAlways>true</BCC_CPPCompileAlways>
+    <PackageImports>rtl.bpi;vcl.bpi;bcbie.bpi;vclx.bpi;vclactnband.bpi;xmlrtl.bpi;bcbsmp.bpi;dbrtl.bpi;vcldb.bpi;bdertl.bpi;vcldbx.bpi;dsnap.bpi;dsnapcon.bpi;vclib.bpi;ibxpress.bpi;adortl.bpi;dbxcds.bpi;dbexpress.bpi;DbxCommonDriver.bpi;websnap.bpi;vclie.bpi;webdsnap.bpi;inet.bpi;inetdbbde.bpi;inetdbxpress.bpi;soaprtl.bpi;Rave75VCL.bpi;teeUI.bpi;tee.bpi;teedb.bpi;IndyCore.bpi;IndySystem.bpi;IndyProtocols.bpi;IntrawebDB_90_100.bpi;Intraweb_90_100.bpi;dclZipForged11.bpi;vclZipForged11.bpi;GR32_BDS2006.bpi;GR32_DSGN_BDS2006.bpi;Jcl.bpi;JclVcl.bpi;JvCoreD11R.bpi;JvSystemD11R.bpi;JvStdCtrlsD11R.bpi;JvAppFrmD11R.bpi;JvBandsD11R.bpi;JvDBD11R.bpi;JvDlgsD11R.bpi;JvBDED11R.bpi;JvCmpD11R.bpi;JvCryptD11R.bpi;JvCtrlsD11R.bpi;JvCustomD11R.bpi;JvDockingD11R.bpi;JvDotNetCtrlsD11R.bpi;JvEDID11R.bpi;JvGlobusD11R.bpi;JvHMID11R.bpi;JvInterpreterD11R.bpi;JvJansD11R.bpi;JvManagedThreadsD11R.bpi;JvMMD11R.bpi;JvNetD11R.bpi;JvPageCompsD11R.bpi;JvPluginD11R.bpi;JvPrintPreviewD11R.bpi;JvRuntimeDesignD11R.bpi;JvTimeFrameworkD11R.bpi;JvValidatorsD11R.bpi;JvWizardD11R.bpi;JvXPCtrlsD11R.bpi;VclSmp.bpi;CExceptionExpert11.bpi</PackageImports>
+    <BCC_wpar>false</BCC_wpar>
+    <IncludePath>$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</IncludePath>
+    <AllPackageLibs>rtl.lib;vcl.lib</AllPackageLibs>
+    <TLIB_PageSize>32</TLIB_PageSize>
+    <ILINK_LibraryPath>$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</ILINK_LibraryPath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_1)'!=''">
+    <BCC_OptimizeForSpeed>false</BCC_OptimizeForSpeed>
+    <DCC_Optimize>false</DCC_Optimize>
+    <DCC_DebugInfoInExe>true</DCC_DebugInfoInExe>
+    <Defines>_DEBUG;$(Defines)</Defines>
+    <ILINK_FullDebugInfo>true</ILINK_FullDebugInfo>
+    <BCC_InlineFunctionExpansion>false</BCC_InlineFunctionExpansion>
+    <ILINK_DisableIncrementalLinking>true</ILINK_DisableIncrementalLinking>
+    <BCC_UseRegisterVariables>None</BCC_UseRegisterVariables>
+    <DCC_Define>DEBUG</DCC_Define>
+    <BCC_DebugLineNumbers>true</BCC_DebugLineNumbers>
+    <IntermediateOutputDir>Debug</IntermediateOutputDir>
+    <TASM_DisplaySourceLines>true</TASM_DisplaySourceLines>
+    <BCC_StackFrames>true</BCC_StackFrames>
+    <BCC_DisableOptimizations>true</BCC_DisableOptimizations>
+    <ILINK_LibraryPath>$(BDS)\lib\debug;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>Full</TASM_Debugging>
+    <BCC_SourceDebuggingOn>true</BCC_SourceDebuggingOn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_2)'!=''">
+    <Defines>NDEBUG;$(Defines)</Defines>
+    <IntermediateOutputDir>Release</IntermediateOutputDir>
+    <ILINK_LibraryPath>$(BDS)\lib\release;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>None</TASM_Debugging>
+  </PropertyGroup>
+  <ProjectExtensions>
+    <Borland.Personality>CPlusPlusBuilder.Personality</Borland.Personality>
+    <Borland.ProjectType>CppStaticLibrary</Borland.ProjectType>
+    <BorlandProject>
+<BorlandProject><CPlusPlusBuilder.Personality><VersionInfo><VersionInfo Name="IncludeVerInfo">False</VersionInfo><VersionInfo Name="AutoIncBuild">False</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">0</VersionInfo><VersionInfo Name="Build">0</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1033</VersionInfo><VersionInfo Name="CodePage">1252</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName"></VersionInfoKeys><VersionInfoKeys Name="FileDescription"></VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Debugging><Debugging Name="DebugSourceDirs"></Debugging></Debugging><Parameters><Parameters Name="RunParams"></Parameters><Parameters Name="Launcher"></Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="DebugCWD"></Parameters><Parameters Name="HostApplication"></Parameters><Parameters Name="RemoteHost"></Parameters><Parameters Name="RemotePath"></Parameters><Parameters Name="RemoteParams"></Parameters><Parameters Name="RemoteLauncher"></Parameters><Parameters Name="UseRemoteLauncher">False</Parameters><Parameters Name="RemoteCWD"></Parameters><Parameters Name="RemoteDebug">False</Parameters><Parameters Name="Debug Symbols Search Path"></Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><Excluded_Packages>
+      
+      
+      <Excluded_Packages Name="$(BDS)\bin\bcboffice2k100.bpl">CodeGear C++Builder Office 2000 Servers Package</Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcbofficexp100.bpl">CodeGear C++Builder Office XP Servers Package</Excluded_Packages>
+    </Excluded_Packages><Linker><Linker Name="LibPrefix"></Linker><Linker Name="LibSuffix"></Linker><Linker Name="LibVersion"></Linker></Linker><ProjectProperties><ProjectProperties Name="AutoShowDeps">False</ProjectProperties><ProjectProperties Name="ManagePaths">True</ProjectProperties><ProjectProperties Name="VerifyPackages">True</ProjectProperties></ProjectProperties><HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Count">3</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item0">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item1">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item2">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\src;..\include</HistoryLists_hlIncludePath></HistoryLists_hlIncludePath><HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Count">1</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item0">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</HistoryLists_hlILINK_LibraryPath></HistoryLists_hlILINK_LibraryPath><HistoryLists_hlDefines><HistoryLists_hlDefines Name="Count">1</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item0">NO_STRICT</HistoryLists_hlDefines></HistoryLists_hlDefines><HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Count">1</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item0">32</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item1">16</HistoryLists_hlTLIB_PageSize></HistoryLists_hlTLIB_PageSize></CPlusPlusBuilder.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Import Project="$(MSBuildBinPath)\Borland.Cpp.Targets" />
+  <ItemGroup>
+    <None Include="..\include\gtest\gtest-death-test.h">
+      <BuildOrder>3</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-message.h">
+      <BuildOrder>4</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-param-test.h">
+      <BuildOrder>5</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-spi.h">
+      <BuildOrder>6</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-test-part.h">
+      <BuildOrder>7</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-typed-test.h">
+      <BuildOrder>8</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest.h">
+      <BuildOrder>0</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest_pred_impl.h">
+      <BuildOrder>1</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest_prod.h">
+      <BuildOrder>2</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-death-test-internal.h">
+      <BuildOrder>9</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-filepath.h">
+      <BuildOrder>10</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-internal.h">
+      <BuildOrder>11</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-linked_ptr.h">
+      <BuildOrder>12</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-param-util-generated.h">
+      <BuildOrder>14</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-param-util.h">
+      <BuildOrder>13</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-port.h">
+      <BuildOrder>15</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-string.h">
+      <BuildOrder>16</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-type-util.h">
+      <BuildOrder>17</BuildOrder>
+    </None>
+    <CppCompile Include="gtest_all.cc">
+      <BuildOrder>18</BuildOrder>
+    </CppCompile>
+    <BuildConfiguration Include="Debug">
+      <Key>Cfg_1</Key>
+    </BuildConfiguration>
+    <BuildConfiguration Include="Release">
+      <Key>Cfg_2</Key>
+    </BuildConfiguration>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/nss/external_tests/google_test/gtest/codegear/gtest.groupproj b/nss/external_tests/google_test/gtest/codegear/gtest.groupproj
new file mode 100644
index 0000000..faf31ca
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/codegear/gtest.groupproj
@@ -0,0 +1,54 @@
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{c1d923e0-6cba-4332-9b6f-3420acbf5091}</ProjectGuid>
+  </PropertyGroup>
+  <ItemGroup />
+  <ItemGroup>
+    <Projects Include="gtest.cbproj" />
+    <Projects Include="gtest_main.cbproj" />
+    <Projects Include="gtest_unittest.cbproj" />
+  </ItemGroup>
+  <ProjectExtensions>
+    <Borland.Personality>Default.Personality</Borland.Personality>
+    <Borland.ProjectType />
+    <BorlandProject>
+<BorlandProject xmlns=""><Default.Personality></Default.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Target Name="gtest">
+    <MSBuild Projects="gtest.cbproj" Targets="" />
+  </Target>
+  <Target Name="gtest:Clean">
+    <MSBuild Projects="gtest.cbproj" Targets="Clean" />
+  </Target>
+  <Target Name="gtest:Make">
+    <MSBuild Projects="gtest.cbproj" Targets="Make" />
+  </Target>
+  <Target Name="gtest_main">
+    <MSBuild Projects="gtest_main.cbproj" Targets="" />
+  </Target>
+  <Target Name="gtest_main:Clean">
+    <MSBuild Projects="gtest_main.cbproj" Targets="Clean" />
+  </Target>
+  <Target Name="gtest_main:Make">
+    <MSBuild Projects="gtest_main.cbproj" Targets="Make" />
+  </Target>
+  <Target Name="gtest_unittest">
+    <MSBuild Projects="gtest_unittest.cbproj" Targets="" />
+  </Target>
+  <Target Name="gtest_unittest:Clean">
+    <MSBuild Projects="gtest_unittest.cbproj" Targets="Clean" />
+  </Target>
+  <Target Name="gtest_unittest:Make">
+    <MSBuild Projects="gtest_unittest.cbproj" Targets="Make" />
+  </Target>
+  <Target Name="Build">
+    <CallTarget Targets="gtest;gtest_main;gtest_unittest" />
+  </Target>
+  <Target Name="Clean">
+    <CallTarget Targets="gtest:Clean;gtest_main:Clean;gtest_unittest:Clean" />
+  </Target>
+  <Target Name="Make">
+    <CallTarget Targets="gtest:Make;gtest_main:Make;gtest_unittest:Make" />
+  </Target>
+  <Import Condition="Exists('$(MSBuildBinPath)\Borland.Group.Targets')" Project="$(MSBuildBinPath)\Borland.Group.Targets" />
+</Project>
\ No newline at end of file
diff --git a/nss/external_tests/google_test/gtest/codegear/gtest_all.cc b/nss/external_tests/google_test/gtest/codegear/gtest_all.cc
new file mode 100644
index 0000000..121b2d8
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/codegear/gtest_all.cc
@@ -0,0 +1,38 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Josh Kelley (joshkel@gmail.com)
+//
+// Google C++ Testing Framework (Google Test)
+//
+// C++Builder's IDE cannot build a static library from files with hyphens
+// in their name.  See http://qc.codegear.com/wc/qcmain.aspx?d=70977 .
+// This file serves as a workaround.
+
+#include "src/gtest-all.cc"
diff --git a/nss/external_tests/google_test/gtest/codegear/gtest_link.cc b/nss/external_tests/google_test/gtest/codegear/gtest_link.cc
new file mode 100644
index 0000000..918eccd
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/codegear/gtest_link.cc
@@ -0,0 +1,40 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Josh Kelley (joshkel@gmail.com)
+//
+// Google C++ Testing Framework (Google Test)
+//
+// Links gtest.lib and gtest_main.lib into the current project in C++Builder.
+// This means that these libraries can't be renamed, but it's the only way to
+// ensure that Debug versus Release test builds are linked against the
+// appropriate Debug or Release build of the libraries.
+
+#pragma link "gtest.lib"
+#pragma link "gtest_main.lib"
diff --git a/nss/external_tests/google_test/gtest/codegear/gtest_main.cbproj b/nss/external_tests/google_test/gtest/codegear/gtest_main.cbproj
new file mode 100644
index 0000000..d76ce13
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/codegear/gtest_main.cbproj
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{bca37a72-5b07-46cf-b44e-89f8e06451a2}</ProjectGuid>
+    <Config Condition="'$(Config)'==''">Release</Config>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Base' or '$(Base)'!=''">
+    <Base>true</Base>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Debug' or '$(Cfg_1)'!=''">
+    <Base>true</Base>
+    <Cfg_1>true</Cfg_1>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Release' or '$(Cfg_2)'!=''">
+    <Base>true</Base>
+    <Cfg_2>true</Cfg_2>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Base)'!=''">
+    <BCC_OptimizeForSpeed>true</BCC_OptimizeForSpeed>
+    <OutputExt>lib</OutputExt>
+    <DCC_CBuilderOutput>JPHNE</DCC_CBuilderOutput>
+    <Defines>NO_STRICT</Defines>
+    <DynamicRTL>true</DynamicRTL>
+    <UsePackages>true</UsePackages>
+    <ProjectType>CppStaticLibrary</ProjectType>
+    <BCC_CPPCompileAlways>true</BCC_CPPCompileAlways>
+    <PackageImports>rtl.bpi;vcl.bpi;bcbie.bpi;vclx.bpi;vclactnband.bpi;xmlrtl.bpi;bcbsmp.bpi;dbrtl.bpi;vcldb.bpi;bdertl.bpi;vcldbx.bpi;dsnap.bpi;dsnapcon.bpi;vclib.bpi;ibxpress.bpi;adortl.bpi;dbxcds.bpi;dbexpress.bpi;DbxCommonDriver.bpi;websnap.bpi;vclie.bpi;webdsnap.bpi;inet.bpi;inetdbbde.bpi;inetdbxpress.bpi;soaprtl.bpi;Rave75VCL.bpi;teeUI.bpi;tee.bpi;teedb.bpi;IndyCore.bpi;IndySystem.bpi;IndyProtocols.bpi;IntrawebDB_90_100.bpi;Intraweb_90_100.bpi;dclZipForged11.bpi;vclZipForged11.bpi;GR32_BDS2006.bpi;GR32_DSGN_BDS2006.bpi;Jcl.bpi;JclVcl.bpi;JvCoreD11R.bpi;JvSystemD11R.bpi;JvStdCtrlsD11R.bpi;JvAppFrmD11R.bpi;JvBandsD11R.bpi;JvDBD11R.bpi;JvDlgsD11R.bpi;JvBDED11R.bpi;JvCmpD11R.bpi;JvCryptD11R.bpi;JvCtrlsD11R.bpi;JvCustomD11R.bpi;JvDockingD11R.bpi;JvDotNetCtrlsD11R.bpi;JvEDID11R.bpi;JvGlobusD11R.bpi;JvHMID11R.bpi;JvInterpreterD11R.bpi;JvJansD11R.bpi;JvManagedThreadsD11R.bpi;JvMMD11R.bpi;JvNetD11R.bpi;JvPageCompsD11R.bpi;JvPluginD11R.bpi;JvPrintPreviewD11R.bpi;JvRuntimeDesignD11R.bpi;JvTimeFrameworkD11R.bpi;JvValidatorsD11R.bpi;JvWizardD11R.bpi;JvXPCtrlsD11R.bpi;VclSmp.bpi;CExceptionExpert11.bpi</PackageImports>
+    <BCC_wpar>false</BCC_wpar>
+    <IncludePath>$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</IncludePath>
+    <AllPackageLibs>rtl.lib;vcl.lib</AllPackageLibs>
+    <TLIB_PageSize>32</TLIB_PageSize>
+    <ILINK_LibraryPath>$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</ILINK_LibraryPath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_1)'!=''">
+    <BCC_OptimizeForSpeed>false</BCC_OptimizeForSpeed>
+    <DCC_Optimize>false</DCC_Optimize>
+    <DCC_DebugInfoInExe>true</DCC_DebugInfoInExe>
+    <Defines>_DEBUG;$(Defines)</Defines>
+    <ILINK_FullDebugInfo>true</ILINK_FullDebugInfo>
+    <BCC_InlineFunctionExpansion>false</BCC_InlineFunctionExpansion>
+    <ILINK_DisableIncrementalLinking>true</ILINK_DisableIncrementalLinking>
+    <BCC_UseRegisterVariables>None</BCC_UseRegisterVariables>
+    <DCC_Define>DEBUG</DCC_Define>
+    <BCC_DebugLineNumbers>true</BCC_DebugLineNumbers>
+    <IntermediateOutputDir>Debug</IntermediateOutputDir>
+    <TASM_DisplaySourceLines>true</TASM_DisplaySourceLines>
+    <BCC_StackFrames>true</BCC_StackFrames>
+    <BCC_DisableOptimizations>true</BCC_DisableOptimizations>
+    <ILINK_LibraryPath>$(BDS)\lib\debug;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>Full</TASM_Debugging>
+    <BCC_SourceDebuggingOn>true</BCC_SourceDebuggingOn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_2)'!=''">
+    <Defines>NDEBUG;$(Defines)</Defines>
+    <IntermediateOutputDir>Release</IntermediateOutputDir>
+    <ILINK_LibraryPath>$(BDS)\lib\release;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>None</TASM_Debugging>
+  </PropertyGroup>
+  <ProjectExtensions>
+    <Borland.Personality>CPlusPlusBuilder.Personality</Borland.Personality>
+    <Borland.ProjectType>CppStaticLibrary</Borland.ProjectType>
+    <BorlandProject>
+<BorlandProject><CPlusPlusBuilder.Personality><VersionInfo><VersionInfo Name="IncludeVerInfo">False</VersionInfo><VersionInfo Name="AutoIncBuild">False</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">0</VersionInfo><VersionInfo Name="Build">0</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1033</VersionInfo><VersionInfo Name="CodePage">1252</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName"></VersionInfoKeys><VersionInfoKeys Name="FileDescription"></VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Debugging><Debugging Name="DebugSourceDirs"></Debugging></Debugging><Parameters><Parameters Name="RunParams"></Parameters><Parameters Name="Launcher"></Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="DebugCWD"></Parameters><Parameters Name="HostApplication"></Parameters><Parameters Name="RemoteHost"></Parameters><Parameters Name="RemotePath"></Parameters><Parameters Name="RemoteParams"></Parameters><Parameters Name="RemoteLauncher"></Parameters><Parameters Name="UseRemoteLauncher">False</Parameters><Parameters Name="RemoteCWD"></Parameters><Parameters Name="RemoteDebug">False</Parameters><Parameters Name="Debug Symbols Search Path"></Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcboffice2k100.bpl">CodeGear C++Builder Office 2000 Servers Package</Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcbofficexp100.bpl">CodeGear C++Builder Office XP Servers Package</Excluded_Packages>
+    </Excluded_Packages><Linker><Linker Name="LibPrefix"></Linker><Linker Name="LibSuffix"></Linker><Linker Name="LibVersion"></Linker></Linker><ProjectProperties><ProjectProperties Name="AutoShowDeps">False</ProjectProperties><ProjectProperties Name="ManagePaths">True</ProjectProperties><ProjectProperties Name="VerifyPackages">True</ProjectProperties></ProjectProperties><HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Count">3</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item0">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item1">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item2">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\src;..\include</HistoryLists_hlIncludePath></HistoryLists_hlIncludePath><HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Count">1</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item0">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</HistoryLists_hlILINK_LibraryPath></HistoryLists_hlILINK_LibraryPath><HistoryLists_hlDefines><HistoryLists_hlDefines Name="Count">1</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item0">NO_STRICT</HistoryLists_hlDefines></HistoryLists_hlDefines><HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Count">1</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item0">32</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item1">16</HistoryLists_hlTLIB_PageSize></HistoryLists_hlTLIB_PageSize></CPlusPlusBuilder.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Import Project="$(MSBuildBinPath)\Borland.Cpp.Targets" />
+  <ItemGroup>
+    <CppCompile Include="..\src\gtest_main.cc">
+      <BuildOrder>0</BuildOrder>
+    </CppCompile>
+    <BuildConfiguration Include="Debug">
+      <Key>Cfg_1</Key>
+    </BuildConfiguration>
+    <BuildConfiguration Include="Release">
+      <Key>Cfg_2</Key>
+    </BuildConfiguration>
+  </ItemGroup>
+</Project>
diff --git a/nss/external_tests/google_test/gtest/codegear/gtest_unittest.cbproj b/nss/external_tests/google_test/gtest/codegear/gtest_unittest.cbproj
new file mode 100644
index 0000000..dc5db8e
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/codegear/gtest_unittest.cbproj
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{eea63393-5ac5-4b9c-8909-d75fef2daa41}</ProjectGuid>
+    <Config Condition="'$(Config)'==''">Release</Config>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Base' or '$(Base)'!=''">
+    <Base>true</Base>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Debug' or '$(Cfg_1)'!=''">
+    <Base>true</Base>
+    <Cfg_1>true</Cfg_1>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Release' or '$(Cfg_2)'!=''">
+    <Base>true</Base>
+    <Cfg_2>true</Cfg_2>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Base)'!=''">
+    <OutputExt>exe</OutputExt>
+    <BCC_OptimizeForSpeed>true</BCC_OptimizeForSpeed>
+    <Defines>NO_STRICT</Defines>
+    <DCC_CBuilderOutput>JPHNE</DCC_CBuilderOutput>
+    <DynamicRTL>true</DynamicRTL>
+    <ILINK_ObjectSearchPath>..\test</ILINK_ObjectSearchPath>
+    <UsePackages>true</UsePackages>
+    <ProjectType>CppConsoleApplication</ProjectType>
+    <NoVCL>true</NoVCL>
+    <BCC_CPPCompileAlways>true</BCC_CPPCompileAlways>
+    <PackageImports>rtl.bpi;vcl.bpi;bcbie.bpi;vclx.bpi;vclactnband.bpi;xmlrtl.bpi;bcbsmp.bpi;dbrtl.bpi;vcldb.bpi;bdertl.bpi;vcldbx.bpi;dsnap.bpi;dsnapcon.bpi;vclib.bpi;ibxpress.bpi;adortl.bpi;dbxcds.bpi;dbexpress.bpi;DbxCommonDriver.bpi;websnap.bpi;vclie.bpi;webdsnap.bpi;inet.bpi;inetdbbde.bpi;inetdbxpress.bpi;soaprtl.bpi;Rave75VCL.bpi;teeUI.bpi;tee.bpi;teedb.bpi;IndyCore.bpi;IndySystem.bpi;IndyProtocols.bpi;IntrawebDB_90_100.bpi;Intraweb_90_100.bpi;Jcl.bpi;JclVcl.bpi;JvCoreD11R.bpi;JvSystemD11R.bpi;JvStdCtrlsD11R.bpi;JvAppFrmD11R.bpi;JvBandsD11R.bpi;JvDBD11R.bpi;JvDlgsD11R.bpi;JvBDED11R.bpi;JvCmpD11R.bpi;JvCryptD11R.bpi;JvCtrlsD11R.bpi;JvCustomD11R.bpi;JvDockingD11R.bpi;JvDotNetCtrlsD11R.bpi;JvEDID11R.bpi;JvGlobusD11R.bpi;JvHMID11R.bpi;JvInterpreterD11R.bpi;JvJansD11R.bpi;JvManagedThreadsD11R.bpi;JvMMD11R.bpi;JvNetD11R.bpi;JvPageCompsD11R.bpi;JvPluginD11R.bpi;JvPrintPreviewD11R.bpi;JvRuntimeDesignD11R.bpi;JvTimeFrameworkD11R.bpi;JvValidatorsD11R.bpi;JvWizardD11R.bpi;JvXPCtrlsD11R.bpi;VclSmp.bpi</PackageImports>
+    <BCC_wpar>false</BCC_wpar>
+    <IncludePath>$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include;..\test;..</IncludePath>
+    <ILINK_LibraryPath>$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;..\test</ILINK_LibraryPath>
+    <Multithreaded>true</Multithreaded>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_1)'!=''">
+    <BCC_OptimizeForSpeed>false</BCC_OptimizeForSpeed>
+    <DCC_Optimize>false</DCC_Optimize>
+    <DCC_DebugInfoInExe>true</DCC_DebugInfoInExe>
+    <Defines>_DEBUG;$(Defines)</Defines>
+    <ILINK_FullDebugInfo>true</ILINK_FullDebugInfo>
+    <BCC_InlineFunctionExpansion>false</BCC_InlineFunctionExpansion>
+    <ILINK_DisableIncrementalLinking>true</ILINK_DisableIncrementalLinking>
+    <BCC_UseRegisterVariables>None</BCC_UseRegisterVariables>
+    <DCC_Define>DEBUG</DCC_Define>
+    <BCC_DebugLineNumbers>true</BCC_DebugLineNumbers>
+    <IntermediateOutputDir>Debug</IntermediateOutputDir>
+    <TASM_DisplaySourceLines>true</TASM_DisplaySourceLines>
+    <BCC_StackFrames>true</BCC_StackFrames>
+    <BCC_DisableOptimizations>true</BCC_DisableOptimizations>
+    <ILINK_LibraryPath>$(BDS)\lib\debug;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>Full</TASM_Debugging>
+    <BCC_SourceDebuggingOn>true</BCC_SourceDebuggingOn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_2)'!=''">
+    <Defines>NDEBUG;$(Defines)</Defines>
+    <IntermediateOutputDir>Release</IntermediateOutputDir>
+    <ILINK_LibraryPath>$(BDS)\lib\release;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>None</TASM_Debugging>
+  </PropertyGroup>
+  <ProjectExtensions>
+    <Borland.Personality>CPlusPlusBuilder.Personality</Borland.Personality>
+    <Borland.ProjectType>CppConsoleApplication</Borland.ProjectType>
+    <BorlandProject>
+<BorlandProject><CPlusPlusBuilder.Personality><VersionInfo><VersionInfo Name="IncludeVerInfo">False</VersionInfo><VersionInfo Name="AutoIncBuild">False</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">0</VersionInfo><VersionInfo Name="Build">0</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1033</VersionInfo><VersionInfo Name="CodePage">1252</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName"></VersionInfoKeys><VersionInfoKeys Name="FileDescription"></VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Debugging><Debugging Name="DebugSourceDirs"></Debugging></Debugging><Parameters><Parameters Name="RunParams"></Parameters><Parameters Name="Launcher"></Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="DebugCWD"></Parameters><Parameters Name="HostApplication"></Parameters><Parameters Name="RemoteHost"></Parameters><Parameters Name="RemotePath"></Parameters><Parameters Name="RemoteParams"></Parameters><Parameters Name="RemoteLauncher"></Parameters><Parameters Name="UseRemoteLauncher">False</Parameters><Parameters Name="RemoteCWD"></Parameters><Parameters Name="RemoteDebug">False</Parameters><Parameters Name="Debug Symbols Search Path"></Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><Excluded_Packages>
+      
+      
+      <Excluded_Packages Name="$(BDS)\bin\bcboffice2k100.bpl">CodeGear C++Builder Office 2000 Servers Package</Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcbofficexp100.bpl">CodeGear C++Builder Office XP Servers Package</Excluded_Packages>
+    </Excluded_Packages><Linker><Linker Name="LibPrefix"></Linker><Linker Name="LibSuffix"></Linker><Linker Name="LibVersion"></Linker></Linker><ProjectProperties><ProjectProperties Name="AutoShowDeps">False</ProjectProperties><ProjectProperties Name="ManagePaths">True</ProjectProperties><ProjectProperties Name="VerifyPackages">True</ProjectProperties></ProjectProperties><HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Count">3</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item0">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include;..\test;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item1">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include;..\test</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item2">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include</HistoryLists_hlIncludePath></HistoryLists_hlIncludePath><HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Count">1</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item0">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;..\test</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item1">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;..\test</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item2">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;$(OUTPUTDIR);..\test</HistoryLists_hlILINK_LibraryPath></HistoryLists_hlILINK_LibraryPath><HistoryLists_hlDefines><HistoryLists_hlDefines Name="Count">2</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item0">NO_STRICT</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item1">STRICT</HistoryLists_hlDefines></HistoryLists_hlDefines></CPlusPlusBuilder.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Import Project="$(MSBuildBinPath)\Borland.Cpp.Targets" />
+  <ItemGroup>
+    <CppCompile Include="..\test\gtest_unittest.cc">
+      <BuildOrder>0</BuildOrder>
+    </CppCompile>
+    <CppCompile Include="gtest_link.cc">
+      <BuildOrder>1</BuildOrder>
+    </CppCompile>
+    <BuildConfiguration Include="Debug">
+      <Key>Cfg_1</Key>
+    </BuildConfiguration>
+    <BuildConfiguration Include="Release">
+      <Key>Cfg_2</Key>
+    </BuildConfiguration>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/nss/external_tests/google_test/gtest/configure.ac b/nss/external_tests/google_test/gtest/configure.ac
new file mode 100644
index 0000000..cc592e1
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/configure.ac
@@ -0,0 +1,68 @@
+m4_include(m4/acx_pthread.m4)
+
+# At this point, the Xcode project assumes the version string will be three
+# integers separated by periods and surrounded by square brackets (e.g.
+# "[1.0.1]"). It also asumes that there won't be any closing parenthesis
+# between "AC_INIT(" and the closing ")" including comments and strings.
+AC_INIT([Google C++ Testing Framework],
+        [1.7.0],
+        [googletestframework@googlegroups.com],
+        [gtest])
+
+# Provide various options to initialize the Autoconf and configure processes.
+AC_PREREQ([2.59])
+AC_CONFIG_SRCDIR([./LICENSE])
+AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_HEADERS([build-aux/config.h])
+AC_CONFIG_FILES([Makefile])
+AC_CONFIG_FILES([scripts/gtest-config], [chmod +x scripts/gtest-config])
+
+# Initialize Automake with various options. We require at least v1.9, prevent
+# pedantic complaints about package files, and enable various distribution
+# targets.
+AM_INIT_AUTOMAKE([1.9 dist-bzip2 dist-zip foreign subdir-objects])
+
+# Check for programs used in building Google Test.
+AC_PROG_CC
+AC_PROG_CXX
+AC_LANG([C++])
+AC_PROG_LIBTOOL
+
+# TODO(chandlerc@google.com): Currently we aren't running the Python tests
+# against the interpreter detected by AM_PATH_PYTHON, and so we condition
+# HAVE_PYTHON by requiring "python" to be in the PATH, and that interpreter's
+# version to be >= 2.3. This will allow the scripts to use a "/usr/bin/env"
+# hashbang.
+PYTHON=  # We *do not* allow the user to specify a python interpreter
+AC_PATH_PROG([PYTHON],[python],[:])
+AS_IF([test "$PYTHON" != ":"],
+      [AM_PYTHON_CHECK_VERSION([$PYTHON],[2.3],[:],[PYTHON=":"])])
+AM_CONDITIONAL([HAVE_PYTHON],[test "$PYTHON" != ":"])
+
+# Configure pthreads.
+AC_ARG_WITH([pthreads],
+            [AS_HELP_STRING([--with-pthreads],
+               [use pthreads (default is yes)])],
+            [with_pthreads=$withval],
+            [with_pthreads=check])
+
+have_pthreads=no
+AS_IF([test "x$with_pthreads" != "xno"],
+      [ACX_PTHREAD(
+        [],
+        [AS_IF([test "x$with_pthreads" != "xcheck"],
+               [AC_MSG_FAILURE(
+                 [--with-pthreads was specified, but unable to be used])])])
+       have_pthreads="$acx_pthread_ok"])
+AM_CONDITIONAL([HAVE_PTHREADS],[test "x$have_pthreads" = "xyes"])
+AC_SUBST(PTHREAD_CFLAGS)
+AC_SUBST(PTHREAD_LIBS)
+
+# TODO(chandlerc@google.com) Check for the necessary system headers.
+
+# TODO(chandlerc@google.com) Check the types, structures, and other compiler
+# and architecture characteristics.
+
+# Output the generated files. No further autoconf macros may be used.
+AC_OUTPUT
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-death-test.h b/nss/external_tests/google_test/gtest/include/gtest/gtest-death-test.h
new file mode 100644
index 0000000..957a69c
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-death-test.h
@@ -0,0 +1,294 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines the public API for death tests.  It is
+// #included by gtest.h so a user doesn't need to include this
+// directly.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_DEATH_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_DEATH_TEST_H_
+
+#include "gtest/internal/gtest-death-test-internal.h"
+
+namespace testing {
+
+// This flag controls the style of death tests.  Valid values are "threadsafe",
+// meaning that the death test child process will re-execute the test binary
+// from the start, running only a single death test, or "fast",
+// meaning that the child process will execute the test logic immediately
+// after forking.
+GTEST_DECLARE_string_(death_test_style);
+
+#if GTEST_HAS_DEATH_TEST
+
+namespace internal {
+
+// Returns a Boolean value indicating whether the caller is currently
+// executing in the context of the death test child process.  Tools such as
+// Valgrind heap checkers may need this to modify their behavior in death
+// tests.  IMPORTANT: This is an internal utility.  Using it may break the
+// implementation of death tests.  User code MUST NOT use it.
+GTEST_API_ bool InDeathTestChild();
+
+}  // namespace internal
+
+// The following macros are useful for writing death tests.
+
+// Here's what happens when an ASSERT_DEATH* or EXPECT_DEATH* is
+// executed:
+//
+//   1. It generates a warning if there is more than one active
+//   thread.  This is because it's safe to fork() or clone() only
+//   when there is a single thread.
+//
+//   2. The parent process clone()s a sub-process and runs the death
+//   test in it; the sub-process exits with code 0 at the end of the
+//   death test, if it hasn't exited already.
+//
+//   3. The parent process waits for the sub-process to terminate.
+//
+//   4. The parent process checks the exit code and error message of
+//   the sub-process.
+//
+// Examples:
+//
+//   ASSERT_DEATH(server.SendMessage(56, "Hello"), "Invalid port number");
+//   for (int i = 0; i < 5; i++) {
+//     EXPECT_DEATH(server.ProcessRequest(i),
+//                  "Invalid request .* in ProcessRequest()")
+//                  << "Failed to die on request " << i;
+//   }
+//
+//   ASSERT_EXIT(server.ExitNow(), ::testing::ExitedWithCode(0), "Exiting");
+//
+//   bool KilledBySIGHUP(int exit_code) {
+//     return WIFSIGNALED(exit_code) && WTERMSIG(exit_code) == SIGHUP;
+//   }
+//
+//   ASSERT_EXIT(client.HangUpServer(), KilledBySIGHUP, "Hanging up!");
+//
+// On the regular expressions used in death tests:
+//
+//   On POSIX-compliant systems (*nix), we use the <regex.h> library,
+//   which uses the POSIX extended regex syntax.
+//
+//   On other platforms (e.g. Windows), we only support a simple regex
+//   syntax implemented as part of Google Test.  This limited
+//   implementation should be enough most of the time when writing
+//   death tests; though it lacks many features you can find in PCRE
+//   or POSIX extended regex syntax.  For example, we don't support
+//   union ("x|y"), grouping ("(xy)"), brackets ("[xy]"), and
+//   repetition count ("x{5,7}"), among others.
+//
+//   Below is the syntax that we do support.  We chose it to be a
+//   subset of both PCRE and POSIX extended regex, so it's easy to
+//   learn wherever you come from.  In the following: 'A' denotes a
+//   literal character, period (.), or a single \\ escape sequence;
+//   'x' and 'y' denote regular expressions; 'm' and 'n' are for
+//   natural numbers.
+//
+//     c     matches any literal character c
+//     \\d   matches any decimal digit
+//     \\D   matches any character that's not a decimal digit
+//     \\f   matches \f
+//     \\n   matches \n
+//     \\r   matches \r
+//     \\s   matches any ASCII whitespace, including \n
+//     \\S   matches any character that's not a whitespace
+//     \\t   matches \t
+//     \\v   matches \v
+//     \\w   matches any letter, _, or decimal digit
+//     \\W   matches any character that \\w doesn't match
+//     \\c   matches any literal character c, which must be a punctuation
+//     .     matches any single character except \n
+//     A?    matches 0 or 1 occurrences of A
+//     A*    matches 0 or many occurrences of A
+//     A+    matches 1 or many occurrences of A
+//     ^     matches the beginning of a string (not that of each line)
+//     $     matches the end of a string (not that of each line)
+//     xy    matches x followed by y
+//
+//   If you accidentally use PCRE or POSIX extended regex features
+//   not implemented by us, you will get a run-time failure.  In that
+//   case, please try to rewrite your regular expression within the
+//   above syntax.
+//
+//   This implementation is *not* meant to be as highly tuned or robust
+//   as a compiled regex library, but should perform well enough for a
+//   death test, which already incurs significant overhead by launching
+//   a child process.
+//
+// Known caveats:
+//
+//   A "threadsafe" style death test obtains the path to the test
+//   program from argv[0] and re-executes it in the sub-process.  For
+//   simplicity, the current implementation doesn't search the PATH
+//   when launching the sub-process.  This means that the user must
+//   invoke the test program via a path that contains at least one
+//   path separator (e.g. path/to/foo_test and
+//   /absolute/path/to/bar_test are fine, but foo_test is not).  This
+//   is rarely a problem as people usually don't put the test binary
+//   directory in PATH.
+//
+// TODO(wan@google.com): make thread-safe death tests search the PATH.
+
+// Asserts that a given statement causes the program to exit, with an
+// integer exit status that satisfies predicate, and emitting error output
+// that matches regex.
+# define ASSERT_EXIT(statement, predicate, regex) \
+    GTEST_DEATH_TEST_(statement, predicate, regex, GTEST_FATAL_FAILURE_)
+
+// Like ASSERT_EXIT, but continues on to successive tests in the
+// test case, if any:
+# define EXPECT_EXIT(statement, predicate, regex) \
+    GTEST_DEATH_TEST_(statement, predicate, regex, GTEST_NONFATAL_FAILURE_)
+
+// Asserts that a given statement causes the program to exit, either by
+// explicitly exiting with a nonzero exit code or being killed by a
+// signal, and emitting error output that matches regex.
+# define ASSERT_DEATH(statement, regex) \
+    ASSERT_EXIT(statement, ::testing::internal::ExitedUnsuccessfully, regex)
+
+// Like ASSERT_DEATH, but continues on to successive tests in the
+// test case, if any:
+# define EXPECT_DEATH(statement, regex) \
+    EXPECT_EXIT(statement, ::testing::internal::ExitedUnsuccessfully, regex)
+
+// Two predicate classes that can be used in {ASSERT,EXPECT}_EXIT*:
+
+// Tests that an exit code describes a normal exit with a given exit code.
+class GTEST_API_ ExitedWithCode {
+ public:
+  explicit ExitedWithCode(int exit_code);
+  bool operator()(int exit_status) const;
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ExitedWithCode& other);
+
+  const int exit_code_;
+};
+
+# if !GTEST_OS_WINDOWS
+// Tests that an exit code describes an exit due to termination by a
+// given signal.
+class GTEST_API_ KilledBySignal {
+ public:
+  explicit KilledBySignal(int signum);
+  bool operator()(int exit_status) const;
+ private:
+  const int signum_;
+};
+# endif  // !GTEST_OS_WINDOWS
+
+// EXPECT_DEBUG_DEATH asserts that the given statements die in debug mode.
+// The death testing framework causes this to have interesting semantics,
+// since the sideeffects of the call are only visible in opt mode, and not
+// in debug mode.
+//
+// In practice, this can be used to test functions that utilize the
+// LOG(DFATAL) macro using the following style:
+//
+// int DieInDebugOr12(int* sideeffect) {
+//   if (sideeffect) {
+//     *sideeffect = 12;
+//   }
+//   LOG(DFATAL) << "death";
+//   return 12;
+// }
+//
+// TEST(TestCase, TestDieOr12WorksInDgbAndOpt) {
+//   int sideeffect = 0;
+//   // Only asserts in dbg.
+//   EXPECT_DEBUG_DEATH(DieInDebugOr12(&sideeffect), "death");
+//
+// #ifdef NDEBUG
+//   // opt-mode has sideeffect visible.
+//   EXPECT_EQ(12, sideeffect);
+// #else
+//   // dbg-mode no visible sideeffect.
+//   EXPECT_EQ(0, sideeffect);
+// #endif
+// }
+//
+// This will assert that DieInDebugReturn12InOpt() crashes in debug
+// mode, usually due to a DCHECK or LOG(DFATAL), but returns the
+// appropriate fallback value (12 in this case) in opt mode. If you
+// need to test that a function has appropriate side-effects in opt
+// mode, include assertions against the side-effects.  A general
+// pattern for this is:
+//
+// EXPECT_DEBUG_DEATH({
+//   // Side-effects here will have an effect after this statement in
+//   // opt mode, but none in debug mode.
+//   EXPECT_EQ(12, DieInDebugOr12(&sideeffect));
+// }, "death");
+//
+# ifdef NDEBUG
+
+#  define EXPECT_DEBUG_DEATH(statement, regex) \
+  GTEST_EXECUTE_STATEMENT_(statement, regex)
+
+#  define ASSERT_DEBUG_DEATH(statement, regex) \
+  GTEST_EXECUTE_STATEMENT_(statement, regex)
+
+# else
+
+#  define EXPECT_DEBUG_DEATH(statement, regex) \
+  EXPECT_DEATH(statement, regex)
+
+#  define ASSERT_DEBUG_DEATH(statement, regex) \
+  ASSERT_DEATH(statement, regex)
+
+# endif  // NDEBUG for EXPECT_DEBUG_DEATH
+#endif  // GTEST_HAS_DEATH_TEST
+
+// EXPECT_DEATH_IF_SUPPORTED(statement, regex) and
+// ASSERT_DEATH_IF_SUPPORTED(statement, regex) expand to real death tests if
+// death tests are supported; otherwise they just issue a warning.  This is
+// useful when you are combining death test assertions with normal test
+// assertions in one test.
+#if GTEST_HAS_DEATH_TEST
+# define EXPECT_DEATH_IF_SUPPORTED(statement, regex) \
+    EXPECT_DEATH(statement, regex)
+# define ASSERT_DEATH_IF_SUPPORTED(statement, regex) \
+    ASSERT_DEATH(statement, regex)
+#else
+# define EXPECT_DEATH_IF_SUPPORTED(statement, regex) \
+    GTEST_UNSUPPORTED_DEATH_TEST_(statement, regex, )
+# define ASSERT_DEATH_IF_SUPPORTED(statement, regex) \
+    GTEST_UNSUPPORTED_DEATH_TEST_(statement, regex, return)
+#endif
+
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_DEATH_TEST_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-message.h b/nss/external_tests/google_test/gtest/include/gtest/gtest-message.h
new file mode 100644
index 0000000..fe879bc
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-message.h
@@ -0,0 +1,250 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines the Message class.
+//
+// IMPORTANT NOTE: Due to limitation of the C++ language, we have to
+// leave some internal implementation details in this header file.
+// They are clearly marked by comments like this:
+//
+//   // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+//
+// Such code is NOT meant to be used by a user directly, and is subject
+// to CHANGE WITHOUT NOTICE.  Therefore DO NOT DEPEND ON IT in a user
+// program!
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_MESSAGE_H_
+#define GTEST_INCLUDE_GTEST_GTEST_MESSAGE_H_
+
+#include <limits>
+
+#include "gtest/internal/gtest-port.h"
+
+// Ensures that there is at least one operator<< in the global namespace.
+// See Message& operator<<(...) below for why.
+void operator<<(const testing::internal::Secret&, int);
+
+namespace testing {
+
+// The Message class works like an ostream repeater.
+//
+// Typical usage:
+//
+//   1. You stream a bunch of values to a Message object.
+//      It will remember the text in a stringstream.
+//   2. Then you stream the Message object to an ostream.
+//      This causes the text in the Message to be streamed
+//      to the ostream.
+//
+// For example;
+//
+//   testing::Message foo;
+//   foo << 1 << " != " << 2;
+//   std::cout << foo;
+//
+// will print "1 != 2".
+//
+// Message is not intended to be inherited from.  In particular, its
+// destructor is not virtual.
+//
+// Note that stringstream behaves differently in gcc and in MSVC.  You
+// can stream a NULL char pointer to it in the former, but not in the
+// latter (it causes an access violation if you do).  The Message
+// class hides this difference by treating a NULL char pointer as
+// "(null)".
+class GTEST_API_ Message {
+ private:
+  // The type of basic IO manipulators (endl, ends, and flush) for
+  // narrow streams.
+  typedef std::ostream& (*BasicNarrowIoManip)(std::ostream&);
+
+ public:
+  // Constructs an empty Message.
+  Message();
+
+  // Copy constructor.
+  Message(const Message& msg) : ss_(new ::std::stringstream) {  // NOLINT
+    *ss_ << msg.GetString();
+  }
+
+  // Constructs a Message from a C-string.
+  explicit Message(const char* str) : ss_(new ::std::stringstream) {
+    *ss_ << str;
+  }
+
+#if GTEST_OS_SYMBIAN
+  // Streams a value (either a pointer or not) to this object.
+  template <typename T>
+  inline Message& operator <<(const T& value) {
+    StreamHelper(typename internal::is_pointer<T>::type(), value);
+    return *this;
+  }
+#else
+  // Streams a non-pointer value to this object.
+  template <typename T>
+  inline Message& operator <<(const T& val) {
+    // Some libraries overload << for STL containers.  These
+    // overloads are defined in the global namespace instead of ::std.
+    //
+    // C++'s symbol lookup rule (i.e. Koenig lookup) says that these
+    // overloads are visible in either the std namespace or the global
+    // namespace, but not other namespaces, including the testing
+    // namespace which Google Test's Message class is in.
+    //
+    // To allow STL containers (and other types that has a << operator
+    // defined in the global namespace) to be used in Google Test
+    // assertions, testing::Message must access the custom << operator
+    // from the global namespace.  With this using declaration,
+    // overloads of << defined in the global namespace and those
+    // visible via Koenig lookup are both exposed in this function.
+    using ::operator <<;
+    *ss_ << val;
+    return *this;
+  }
+
+  // Streams a pointer value to this object.
+  //
+  // This function is an overload of the previous one.  When you
+  // stream a pointer to a Message, this definition will be used as it
+  // is more specialized.  (The C++ Standard, section
+  // [temp.func.order].)  If you stream a non-pointer, then the
+  // previous definition will be used.
+  //
+  // The reason for this overload is that streaming a NULL pointer to
+  // ostream is undefined behavior.  Depending on the compiler, you
+  // may get "0", "(nil)", "(null)", or an access violation.  To
+  // ensure consistent result across compilers, we always treat NULL
+  // as "(null)".
+  template <typename T>
+  inline Message& operator <<(T* const& pointer) {  // NOLINT
+    if (pointer == NULL) {
+      *ss_ << "(null)";
+    } else {
+      *ss_ << pointer;
+    }
+    return *this;
+  }
+#endif  // GTEST_OS_SYMBIAN
+
+  // Since the basic IO manipulators are overloaded for both narrow
+  // and wide streams, we have to provide this specialized definition
+  // of operator <<, even though its body is the same as the
+  // templatized version above.  Without this definition, streaming
+  // endl or other basic IO manipulators to Message will confuse the
+  // compiler.
+  Message& operator <<(BasicNarrowIoManip val) {
+    *ss_ << val;
+    return *this;
+  }
+
+  // Instead of 1/0, we want to see true/false for bool values.
+  Message& operator <<(bool b) {
+    return *this << (b ? "true" : "false");
+  }
+
+  // These two overloads allow streaming a wide C string to a Message
+  // using the UTF-8 encoding.
+  Message& operator <<(const wchar_t* wide_c_str);
+  Message& operator <<(wchar_t* wide_c_str);
+
+#if GTEST_HAS_STD_WSTRING
+  // Converts the given wide string to a narrow string using the UTF-8
+  // encoding, and streams the result to this Message object.
+  Message& operator <<(const ::std::wstring& wstr);
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+  // Converts the given wide string to a narrow string using the UTF-8
+  // encoding, and streams the result to this Message object.
+  Message& operator <<(const ::wstring& wstr);
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+  // Gets the text streamed to this object so far as an std::string.
+  // Each '\0' character in the buffer is replaced with "\\0".
+  //
+  // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+  std::string GetString() const;
+
+ private:
+
+#if GTEST_OS_SYMBIAN
+  // These are needed as the Nokia Symbian Compiler cannot decide between
+  // const T& and const T* in a function template. The Nokia compiler _can_
+  // decide between class template specializations for T and T*, so a
+  // tr1::type_traits-like is_pointer works, and we can overload on that.
+  template <typename T>
+  inline void StreamHelper(internal::true_type /*is_pointer*/, T* pointer) {
+    if (pointer == NULL) {
+      *ss_ << "(null)";
+    } else {
+      *ss_ << pointer;
+    }
+  }
+  template <typename T>
+  inline void StreamHelper(internal::false_type /*is_pointer*/,
+                           const T& value) {
+    // See the comments in Message& operator <<(const T&) above for why
+    // we need this using statement.
+    using ::operator <<;
+    *ss_ << value;
+  }
+#endif  // GTEST_OS_SYMBIAN
+
+  // We'll hold the text streamed to this object here.
+  const internal::scoped_ptr< ::std::stringstream> ss_;
+
+  // We declare (but don't implement) this to prevent the compiler
+  // from implementing the assignment operator.
+  void operator=(const Message&);
+};
+
+// Streams a Message to an ostream.
+inline std::ostream& operator <<(std::ostream& os, const Message& sb) {
+  return os << sb.GetString();
+}
+
+namespace internal {
+
+// Converts a streamable value to an std::string.  A NULL pointer is
+// converted to "(null)".  When the input value is a ::string,
+// ::std::string, ::wstring, or ::std::wstring object, each NUL
+// character in it is replaced with "\\0".
+template <typename T>
+std::string StreamableToString(const T& streamable) {
+  return (Message() << streamable).GetString();
+}
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_MESSAGE_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h b/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h
new file mode 100644
index 0000000..d6702c8
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h
@@ -0,0 +1,1421 @@
+// This file was GENERATED by command:
+//     pump.py gtest-param-test.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev)
+//
+// Macros and functions for implementing parameterized tests
+// in Google C++ Testing Framework (Google Test)
+//
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+
+
+// Value-parameterized tests allow you to test your code with different
+// parameters without writing multiple copies of the same test.
+//
+// Here is how you use value-parameterized tests:
+
+#if 0
+
+// To write value-parameterized tests, first you should define a fixture
+// class. It is usually derived from testing::TestWithParam<T> (see below for
+// another inheritance scheme that's sometimes useful in more complicated
+// class hierarchies), where the type of your parameter values.
+// TestWithParam<T> is itself derived from testing::Test. T can be any
+// copyable type. If it's a raw pointer, you are responsible for managing the
+// lifespan of the pointed values.
+
+class FooTest : public ::testing::TestWithParam<const char*> {
+  // You can implement all the usual class fixture members here.
+};
+
+// Then, use the TEST_P macro to define as many parameterized tests
+// for this fixture as you want. The _P suffix is for "parameterized"
+// or "pattern", whichever you prefer to think.
+
+TEST_P(FooTest, DoesBlah) {
+  // Inside a test, access the test parameter with the GetParam() method
+  // of the TestWithParam<T> class:
+  EXPECT_TRUE(foo.Blah(GetParam()));
+  ...
+}
+
+TEST_P(FooTest, HasBlahBlah) {
+  ...
+}
+
+// Finally, you can use INSTANTIATE_TEST_CASE_P to instantiate the test
+// case with any set of parameters you want. Google Test defines a number
+// of functions for generating test parameters. They return what we call
+// (surprise!) parameter generators. Here is a  summary of them, which
+// are all in the testing namespace:
+//
+//
+//  Range(begin, end [, step]) - Yields values {begin, begin+step,
+//                               begin+step+step, ...}. The values do not
+//                               include end. step defaults to 1.
+//  Values(v1, v2, ..., vN)    - Yields values {v1, v2, ..., vN}.
+//  ValuesIn(container)        - Yields values from a C-style array, an STL
+//  ValuesIn(begin,end)          container, or an iterator range [begin, end).
+//  Bool()                     - Yields sequence {false, true}.
+//  Combine(g1, g2, ..., gN)   - Yields all combinations (the Cartesian product
+//                               for the math savvy) of the values generated
+//                               by the N generators.
+//
+// For more details, see comments at the definitions of these functions below
+// in this file.
+//
+// The following statement will instantiate tests from the FooTest test case
+// each with parameter values "meeny", "miny", and "moe".
+
+INSTANTIATE_TEST_CASE_P(InstantiationName,
+                        FooTest,
+                        Values("meeny", "miny", "moe"));
+
+// To distinguish different instances of the pattern, (yes, you
+// can instantiate it more then once) the first argument to the
+// INSTANTIATE_TEST_CASE_P macro is a prefix that will be added to the
+// actual test case name. Remember to pick unique prefixes for different
+// instantiations. The tests from the instantiation above will have
+// these names:
+//
+//    * InstantiationName/FooTest.DoesBlah/0 for "meeny"
+//    * InstantiationName/FooTest.DoesBlah/1 for "miny"
+//    * InstantiationName/FooTest.DoesBlah/2 for "moe"
+//    * InstantiationName/FooTest.HasBlahBlah/0 for "meeny"
+//    * InstantiationName/FooTest.HasBlahBlah/1 for "miny"
+//    * InstantiationName/FooTest.HasBlahBlah/2 for "moe"
+//
+// You can use these names in --gtest_filter.
+//
+// This statement will instantiate all tests from FooTest again, each
+// with parameter values "cat" and "dog":
+
+const char* pets[] = {"cat", "dog"};
+INSTANTIATE_TEST_CASE_P(AnotherInstantiationName, FooTest, ValuesIn(pets));
+
+// The tests from the instantiation above will have these names:
+//
+//    * AnotherInstantiationName/FooTest.DoesBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.DoesBlah/1 for "dog"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/1 for "dog"
+//
+// Please note that INSTANTIATE_TEST_CASE_P will instantiate all tests
+// in the given test case, whether their definitions come before or
+// AFTER the INSTANTIATE_TEST_CASE_P statement.
+//
+// Please also note that generator expressions (including parameters to the
+// generators) are evaluated in InitGoogleTest(), after main() has started.
+// This allows the user on one hand, to adjust generator parameters in order
+// to dynamically determine a set of tests to run and on the other hand,
+// give the user a chance to inspect the generated tests with Google Test
+// reflection API before RUN_ALL_TESTS() is executed.
+//
+// You can see samples/sample7_unittest.cc and samples/sample8_unittest.cc
+// for more examples.
+//
+// In the future, we plan to publish the API for defining new parameter
+// generators. But for now this interface remains part of the internal
+// implementation and is subject to change.
+//
+//
+// A parameterized test fixture must be derived from testing::Test and from
+// testing::WithParamInterface<T>, where T is the type of the parameter
+// values. Inheriting from TestWithParam<T> satisfies that requirement because
+// TestWithParam<T> inherits from both Test and WithParamInterface. In more
+// complicated hierarchies, however, it is occasionally useful to inherit
+// separately from Test and WithParamInterface. For example:
+
+class BaseTest : public ::testing::Test {
+  // You can inherit all the usual members for a non-parameterized test
+  // fixture here.
+};
+
+class DerivedTest : public BaseTest, public ::testing::WithParamInterface<int> {
+  // The usual test fixture members go here too.
+};
+
+TEST_F(BaseTest, HasFoo) {
+  // This is an ordinary non-parameterized test.
+}
+
+TEST_P(DerivedTest, DoesBlah) {
+  // GetParam works just the same here as if you inherit from TestWithParam.
+  EXPECT_TRUE(foo.Blah(GetParam()));
+}
+
+#endif  // 0
+
+#include "gtest/internal/gtest-port.h"
+
+#if !GTEST_OS_SYMBIAN
+# include <utility>
+#endif
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-param-util-generated.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Functions producing parameter generators.
+//
+// Google Test uses these generators to produce parameters for value-
+// parameterized tests. When a parameterized test case is instantiated
+// with a particular generator, Google Test creates and runs tests
+// for each element in the sequence produced by the generator.
+//
+// In the following sample, tests from test case FooTest are instantiated
+// each three times with parameter values 3, 5, and 8:
+//
+// class FooTest : public TestWithParam<int> { ... };
+//
+// TEST_P(FooTest, TestThis) {
+// }
+// TEST_P(FooTest, TestThat) {
+// }
+// INSTANTIATE_TEST_CASE_P(TestSequence, FooTest, Values(3, 5, 8));
+//
+
+// Range() returns generators providing sequences of values in a range.
+//
+// Synopsis:
+// Range(start, end)
+//   - returns a generator producing a sequence of values {start, start+1,
+//     start+2, ..., }.
+// Range(start, end, step)
+//   - returns a generator producing a sequence of values {start, start+step,
+//     start+step+step, ..., }.
+// Notes:
+//   * The generated sequences never include end. For example, Range(1, 5)
+//     returns a generator producing a sequence {1, 2, 3, 4}. Range(1, 9, 2)
+//     returns a generator producing {1, 3, 5, 7}.
+//   * start and end must have the same type. That type may be any integral or
+//     floating-point type or a user defined type satisfying these conditions:
+//     * It must be assignable (have operator=() defined).
+//     * It must have operator+() (operator+(int-compatible type) for
+//       two-operand version).
+//     * It must have operator<() defined.
+//     Elements in the resulting sequences will also have that type.
+//   * Condition start < end must be satisfied in order for resulting sequences
+//     to contain any elements.
+//
+template <typename T, typename IncrementT>
+internal::ParamGenerator<T> Range(T start, T end, IncrementT step) {
+  return internal::ParamGenerator<T>(
+      new internal::RangeGenerator<T, IncrementT>(start, end, step));
+}
+
+template <typename T>
+internal::ParamGenerator<T> Range(T start, T end) {
+  return Range(start, end, 1);
+}
+
+// ValuesIn() function allows generation of tests with parameters coming from
+// a container.
+//
+// Synopsis:
+// ValuesIn(const T (&array)[N])
+//   - returns a generator producing sequences with elements from
+//     a C-style array.
+// ValuesIn(const Container& container)
+//   - returns a generator producing sequences with elements from
+//     an STL-style container.
+// ValuesIn(Iterator begin, Iterator end)
+//   - returns a generator producing sequences with elements from
+//     a range [begin, end) defined by a pair of STL-style iterators. These
+//     iterators can also be plain C pointers.
+//
+// Please note that ValuesIn copies the values from the containers
+// passed in and keeps them to generate tests in RUN_ALL_TESTS().
+//
+// Examples:
+//
+// This instantiates tests from test case StringTest
+// each with C-string values of "foo", "bar", and "baz":
+//
+// const char* strings[] = {"foo", "bar", "baz"};
+// INSTANTIATE_TEST_CASE_P(StringSequence, SrtingTest, ValuesIn(strings));
+//
+// This instantiates tests from test case StlStringTest
+// each with STL strings with values "a" and "b":
+//
+// ::std::vector< ::std::string> GetParameterStrings() {
+//   ::std::vector< ::std::string> v;
+//   v.push_back("a");
+//   v.push_back("b");
+//   return v;
+// }
+//
+// INSTANTIATE_TEST_CASE_P(CharSequence,
+//                         StlStringTest,
+//                         ValuesIn(GetParameterStrings()));
+//
+//
+// This will also instantiate tests from CharTest
+// each with parameter values 'a' and 'b':
+//
+// ::std::list<char> GetParameterChars() {
+//   ::std::list<char> list;
+//   list.push_back('a');
+//   list.push_back('b');
+//   return list;
+// }
+// ::std::list<char> l = GetParameterChars();
+// INSTANTIATE_TEST_CASE_P(CharSequence2,
+//                         CharTest,
+//                         ValuesIn(l.begin(), l.end()));
+//
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end) {
+  typedef typename ::testing::internal::IteratorTraits<ForwardIterator>
+      ::value_type ParamType;
+  return internal::ParamGenerator<ParamType>(
+      new internal::ValuesInIteratorRangeGenerator<ParamType>(begin, end));
+}
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]) {
+  return ValuesIn(array, array + N);
+}
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container) {
+  return ValuesIn(container.begin(), container.end());
+}
+
+// Values() allows generating tests from explicitly specified list of
+// parameters.
+//
+// Synopsis:
+// Values(T v1, T v2, ..., T vN)
+//   - returns a generator producing sequences with elements v1, v2, ..., vN.
+//
+// For example, this instantiates tests from test case BarTest each
+// with values "one", "two", and "three":
+//
+// INSTANTIATE_TEST_CASE_P(NumSequence, BarTest, Values("one", "two", "three"));
+//
+// This instantiates tests from test case BazTest each with values 1, 2, 3.5.
+// The exact type of values will depend on the type of parameter in BazTest.
+//
+// INSTANTIATE_TEST_CASE_P(FloatingNumbers, BazTest, Values(1, 2, 3.5));
+//
+// Currently, Values() supports from 1 to 50 parameters.
+//
+template <typename T1>
+internal::ValueArray1<T1> Values(T1 v1) {
+  return internal::ValueArray1<T1>(v1);
+}
+
+template <typename T1, typename T2>
+internal::ValueArray2<T1, T2> Values(T1 v1, T2 v2) {
+  return internal::ValueArray2<T1, T2>(v1, v2);
+}
+
+template <typename T1, typename T2, typename T3>
+internal::ValueArray3<T1, T2, T3> Values(T1 v1, T2 v2, T3 v3) {
+  return internal::ValueArray3<T1, T2, T3>(v1, v2, v3);
+}
+
+template <typename T1, typename T2, typename T3, typename T4>
+internal::ValueArray4<T1, T2, T3, T4> Values(T1 v1, T2 v2, T3 v3, T4 v4) {
+  return internal::ValueArray4<T1, T2, T3, T4>(v1, v2, v3, v4);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+internal::ValueArray5<T1, T2, T3, T4, T5> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5) {
+  return internal::ValueArray5<T1, T2, T3, T4, T5>(v1, v2, v3, v4, v5);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+internal::ValueArray6<T1, T2, T3, T4, T5, T6> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6) {
+  return internal::ValueArray6<T1, T2, T3, T4, T5, T6>(v1, v2, v3, v4, v5, v6);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+internal::ValueArray7<T1, T2, T3, T4, T5, T6, T7> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6, T7 v7) {
+  return internal::ValueArray7<T1, T2, T3, T4, T5, T6, T7>(v1, v2, v3, v4, v5,
+      v6, v7);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+internal::ValueArray8<T1, T2, T3, T4, T5, T6, T7, T8> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8) {
+  return internal::ValueArray8<T1, T2, T3, T4, T5, T6, T7, T8>(v1, v2, v3, v4,
+      v5, v6, v7, v8);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+internal::ValueArray9<T1, T2, T3, T4, T5, T6, T7, T8, T9> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9) {
+  return internal::ValueArray9<T1, T2, T3, T4, T5, T6, T7, T8, T9>(v1, v2, v3,
+      v4, v5, v6, v7, v8, v9);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+internal::ValueArray10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> Values(T1 v1,
+    T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10) {
+  return internal::ValueArray10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10>(v1,
+      v2, v3, v4, v5, v6, v7, v8, v9, v10);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+internal::ValueArray11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10,
+    T11> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11) {
+  return internal::ValueArray11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10,
+      T11>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+internal::ValueArray12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+    T12> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12) {
+  return internal::ValueArray12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+internal::ValueArray13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+    T13> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13) {
+  return internal::ValueArray13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+internal::ValueArray14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14) {
+  return internal::ValueArray14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13,
+      v14);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+internal::ValueArray15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+    T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15) {
+  return internal::ValueArray15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12,
+      v13, v14, v15);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+internal::ValueArray16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16) {
+  return internal::ValueArray16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11,
+      v12, v13, v14, v15, v16);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+internal::ValueArray17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17) {
+  return internal::ValueArray17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10,
+      v11, v12, v13, v14, v15, v16, v17);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+internal::ValueArray18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6,
+    T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18) {
+  return internal::ValueArray18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18>(v1, v2, v3, v4, v5, v6, v7, v8, v9,
+      v10, v11, v12, v13, v14, v15, v16, v17, v18);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+internal::ValueArray19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5,
+    T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14,
+    T15 v15, T16 v16, T17 v17, T18 v18, T19 v19) {
+  return internal::ValueArray19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19>(v1, v2, v3, v4, v5, v6, v7, v8,
+      v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+internal::ValueArray20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20) {
+  return internal::ValueArray20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20>(v1, v2, v3, v4, v5, v6, v7,
+      v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+internal::ValueArray21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21) {
+  return internal::ValueArray21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21>(v1, v2, v3, v4, v5, v6,
+      v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+internal::ValueArray22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22) {
+  return internal::ValueArray22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22>(v1, v2, v3, v4,
+      v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+internal::ValueArray23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23) {
+  return internal::ValueArray23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23>(v1, v2, v3,
+      v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+internal::ValueArray24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24) {
+  return internal::ValueArray24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24>(v1, v2,
+      v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18,
+      v19, v20, v21, v22, v23, v24);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+internal::ValueArray25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> Values(T1 v1,
+    T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11,
+    T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19,
+    T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25) {
+  return internal::ValueArray25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25>(v1,
+      v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17,
+      v18, v19, v20, v21, v22, v23, v24, v25);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+internal::ValueArray26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+    T26> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26) {
+  return internal::ValueArray26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15,
+      v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+internal::ValueArray27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+    T27> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27) {
+  return internal::ValueArray27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14,
+      v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+internal::ValueArray28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+    T28> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28) {
+  return internal::ValueArray28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13,
+      v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27,
+      v28);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+internal::ValueArray29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29) {
+  return internal::ValueArray29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12,
+      v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26,
+      v27, v28, v29);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+internal::ValueArray30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+    T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16,
+    T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24,
+    T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30) {
+  return internal::ValueArray30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11,
+      v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25,
+      v26, v27, v28, v29, v30);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+internal::ValueArray31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31) {
+  return internal::ValueArray31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10,
+      v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24,
+      v25, v26, v27, v28, v29, v30, v31);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+internal::ValueArray32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32) {
+  return internal::ValueArray32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32>(v1, v2, v3, v4, v5, v6, v7, v8, v9,
+      v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+internal::ValueArray33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6,
+    T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33) {
+  return internal::ValueArray33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33>(v1, v2, v3, v4, v5, v6, v7, v8,
+      v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32, v33);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+internal::ValueArray34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5,
+    T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14,
+    T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22,
+    T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30,
+    T31 v31, T32 v32, T33 v33, T34 v34) {
+  return internal::ValueArray34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34>(v1, v2, v3, v4, v5, v6, v7,
+      v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22,
+      v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+internal::ValueArray35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21,
+    T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29,
+    T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35) {
+  return internal::ValueArray35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35>(v1, v2, v3, v4, v5, v6,
+      v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21,
+      v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+internal::ValueArray36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21,
+    T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29,
+    T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36) {
+  return internal::ValueArray36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36>(v1, v2, v3, v4,
+      v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33,
+      v34, v35, v36);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+internal::ValueArray37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28,
+    T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36,
+    T37 v37) {
+  return internal::ValueArray37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37>(v1, v2, v3,
+      v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33,
+      v34, v35, v36, v37);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+internal::ValueArray38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28,
+    T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36,
+    T37 v37, T38 v38) {
+  return internal::ValueArray38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38>(v1, v2,
+      v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18,
+      v19, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32,
+      v33, v34, v35, v36, v37, v38);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+internal::ValueArray39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28,
+    T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36,
+    T37 v37, T38 v38, T39 v39) {
+  return internal::ValueArray39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39>(v1,
+      v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17,
+      v18, v19, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31,
+      v32, v33, v34, v35, v36, v37, v38, v39);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+internal::ValueArray40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> Values(T1 v1,
+    T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11,
+    T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19,
+    T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27,
+    T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35,
+    T36 v36, T37 v37, T38 v38, T39 v39, T40 v40) {
+  return internal::ValueArray40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15,
+      v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29,
+      v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+internal::ValueArray41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+    T41> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41) {
+  return internal::ValueArray41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14,
+      v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27, v28,
+      v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40, v41);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+internal::ValueArray42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+    T42> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+    T42 v42) {
+  return internal::ValueArray42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13,
+      v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27,
+      v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40, v41,
+      v42);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+internal::ValueArray43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+    T43> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+    T42 v42, T43 v43) {
+  return internal::ValueArray43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12,
+      v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26,
+      v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40,
+      v41, v42, v43);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+internal::ValueArray44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+    T42 v42, T43 v43, T44 v44) {
+  return internal::ValueArray44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11,
+      v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25,
+      v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39,
+      v40, v41, v42, v43, v44);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+internal::ValueArray45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+    T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16,
+    T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24,
+    T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32,
+    T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40,
+    T41 v41, T42 v42, T43 v43, T44 v44, T45 v45) {
+  return internal::ValueArray45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10,
+      v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24,
+      v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38,
+      v39, v40, v41, v42, v43, v44, v45);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+internal::ValueArray46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39,
+    T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46) {
+  return internal::ValueArray46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46>(v1, v2, v3, v4, v5, v6, v7, v8, v9,
+      v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37,
+      v38, v39, v40, v41, v42, v43, v44, v45, v46);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+internal::ValueArray47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39,
+    T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47) {
+  return internal::ValueArray47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47>(v1, v2, v3, v4, v5, v6, v7, v8,
+      v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37,
+      v38, v39, v40, v41, v42, v43, v44, v45, v46, v47);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+internal::ValueArray48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6,
+    T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39,
+    T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47,
+    T48 v48) {
+  return internal::ValueArray48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47, T48>(v1, v2, v3, v4, v5, v6, v7,
+      v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22,
+      v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36,
+      v37, v38, v39, v40, v41, v42, v43, v44, v45, v46, v47, v48);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+internal::ValueArray49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48, T49> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5,
+    T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14,
+    T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22,
+    T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30,
+    T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38,
+    T39 v39, T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46,
+    T47 v47, T48 v48, T49 v49) {
+  return internal::ValueArray49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47, T48, T49>(v1, v2, v3, v4, v5, v6,
+      v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21,
+      v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35,
+      v36, v37, v38, v39, v40, v41, v42, v43, v44, v45, v46, v47, v48, v49);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+internal::ValueArray50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48, T49, T50> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21,
+    T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29,
+    T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37,
+    T38 v38, T39 v39, T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45,
+    T46 v46, T47 v47, T48 v48, T49 v49, T50 v50) {
+  return internal::ValueArray50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47, T48, T49, T50>(v1, v2, v3, v4,
+      v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33,
+      v34, v35, v36, v37, v38, v39, v40, v41, v42, v43, v44, v45, v46, v47,
+      v48, v49, v50);
+}
+
+// Bool() allows generating tests with parameters in a set of (false, true).
+//
+// Synopsis:
+// Bool()
+//   - returns a generator producing sequences with elements {false, true}.
+//
+// It is useful when testing code that depends on Boolean flags. Combinations
+// of multiple flags can be tested when several Bool()'s are combined using
+// Combine() function.
+//
+// In the following example all tests in the test case FlagDependentTest
+// will be instantiated twice with parameters false and true.
+//
+// class FlagDependentTest : public testing::TestWithParam<bool> {
+//   virtual void SetUp() {
+//     external_flag = GetParam();
+//   }
+// }
+// INSTANTIATE_TEST_CASE_P(BoolSequence, FlagDependentTest, Bool());
+//
+inline internal::ParamGenerator<bool> Bool() {
+  return Values(false, true);
+}
+
+# if GTEST_HAS_COMBINE
+// Combine() allows the user to combine two or more sequences to produce
+// values of a Cartesian product of those sequences' elements.
+//
+// Synopsis:
+// Combine(gen1, gen2, ..., genN)
+//   - returns a generator producing sequences with elements coming from
+//     the Cartesian product of elements from the sequences generated by
+//     gen1, gen2, ..., genN. The sequence elements will have a type of
+//     tuple<T1, T2, ..., TN> where T1, T2, ..., TN are the types
+//     of elements from sequences produces by gen1, gen2, ..., genN.
+//
+// Combine can have up to 10 arguments. This number is currently limited
+// by the maximum number of elements in the tuple implementation used by Google
+// Test.
+//
+// Example:
+//
+// This will instantiate tests in test case AnimalTest each one with
+// the parameter values tuple("cat", BLACK), tuple("cat", WHITE),
+// tuple("dog", BLACK), and tuple("dog", WHITE):
+//
+// enum Color { BLACK, GRAY, WHITE };
+// class AnimalTest
+//     : public testing::TestWithParam<tuple<const char*, Color> > {...};
+//
+// TEST_P(AnimalTest, AnimalLooksNice) {...}
+//
+// INSTANTIATE_TEST_CASE_P(AnimalVariations, AnimalTest,
+//                         Combine(Values("cat", "dog"),
+//                                 Values(BLACK, WHITE)));
+//
+// This will instantiate tests in FlagDependentTest with all variations of two
+// Boolean flags:
+//
+// class FlagDependentTest
+//     : public testing::TestWithParam<tuple<bool, bool> > {
+//   virtual void SetUp() {
+//     // Assigns external_flag_1 and external_flag_2 values from the tuple.
+//     tie(external_flag_1, external_flag_2) = GetParam();
+//   }
+// };
+//
+// TEST_P(FlagDependentTest, TestFeature1) {
+//   // Test your code using external_flag_1 and external_flag_2 here.
+// }
+// INSTANTIATE_TEST_CASE_P(TwoBoolSequence, FlagDependentTest,
+//                         Combine(Bool(), Bool()));
+//
+template <typename Generator1, typename Generator2>
+internal::CartesianProductHolder2<Generator1, Generator2> Combine(
+    const Generator1& g1, const Generator2& g2) {
+  return internal::CartesianProductHolder2<Generator1, Generator2>(
+      g1, g2);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3>
+internal::CartesianProductHolder3<Generator1, Generator2, Generator3> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3) {
+  return internal::CartesianProductHolder3<Generator1, Generator2, Generator3>(
+      g1, g2, g3);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4>
+internal::CartesianProductHolder4<Generator1, Generator2, Generator3,
+    Generator4> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4) {
+  return internal::CartesianProductHolder4<Generator1, Generator2, Generator3,
+      Generator4>(
+      g1, g2, g3, g4);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5>
+internal::CartesianProductHolder5<Generator1, Generator2, Generator3,
+    Generator4, Generator5> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5) {
+  return internal::CartesianProductHolder5<Generator1, Generator2, Generator3,
+      Generator4, Generator5>(
+      g1, g2, g3, g4, g5);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6>
+internal::CartesianProductHolder6<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6) {
+  return internal::CartesianProductHolder6<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6>(
+      g1, g2, g3, g4, g5, g6);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7>
+internal::CartesianProductHolder7<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7) {
+  return internal::CartesianProductHolder7<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7>(
+      g1, g2, g3, g4, g5, g6, g7);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7, typename Generator8>
+internal::CartesianProductHolder8<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7, Generator8> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7, const Generator8& g8) {
+  return internal::CartesianProductHolder8<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7, Generator8>(
+      g1, g2, g3, g4, g5, g6, g7, g8);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7, typename Generator8, typename Generator9>
+internal::CartesianProductHolder9<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7, Generator8,
+    Generator9> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7, const Generator8& g8, const Generator9& g9) {
+  return internal::CartesianProductHolder9<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7, Generator8, Generator9>(
+      g1, g2, g3, g4, g5, g6, g7, g8, g9);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7, typename Generator8, typename Generator9,
+    typename Generator10>
+internal::CartesianProductHolder10<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7, Generator8, Generator9,
+    Generator10> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7, const Generator8& g8, const Generator9& g9,
+        const Generator10& g10) {
+  return internal::CartesianProductHolder10<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7, Generator8, Generator9,
+      Generator10>(
+      g1, g2, g3, g4, g5, g6, g7, g8, g9, g10);
+}
+# endif  // GTEST_HAS_COMBINE
+
+
+
+# define TEST_P(test_case_name, test_name) \
+  class GTEST_TEST_CLASS_NAME_(test_case_name, test_name) \
+      : public test_case_name { \
+   public: \
+    GTEST_TEST_CLASS_NAME_(test_case_name, test_name)() {} \
+    virtual void TestBody(); \
+   private: \
+    static int AddToRegistry() { \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestPattern(\
+                  #test_case_name, \
+                  #test_name, \
+                  new ::testing::internal::TestMetaFactory< \
+                      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)>()); \
+      return 0; \
+    } \
+    static int gtest_registering_dummy_; \
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(\
+        GTEST_TEST_CLASS_NAME_(test_case_name, test_name)); \
+  }; \
+  int GTEST_TEST_CLASS_NAME_(test_case_name, \
+                             test_name)::gtest_registering_dummy_ = \
+      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::AddToRegistry(); \
+  void GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::TestBody()
+
+# define INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \
+  ::testing::internal::ParamGenerator<test_case_name::ParamType> \
+      gtest_##prefix##test_case_name##_EvalGenerator_() { return generator; } \
+  int gtest_##prefix##test_case_name##_dummy_ = \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestCaseInstantiation(\
+                  #prefix, \
+                  &gtest_##prefix##test_case_name##_EvalGenerator_, \
+                  __FILE__, __LINE__)
+
+}  // namespace testing
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h.pump b/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h.pump
new file mode 100644
index 0000000..2dc9303
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-param-test.h.pump
@@ -0,0 +1,487 @@
+$$ -*- mode: c++; -*-
+$var n = 50  $$ Maximum length of Values arguments we want to support.
+$var maxtuple = 10  $$ Maximum number of Combine arguments we want to support.
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev)
+//
+// Macros and functions for implementing parameterized tests
+// in Google C++ Testing Framework (Google Test)
+//
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+
+
+// Value-parameterized tests allow you to test your code with different
+// parameters without writing multiple copies of the same test.
+//
+// Here is how you use value-parameterized tests:
+
+#if 0
+
+// To write value-parameterized tests, first you should define a fixture
+// class. It is usually derived from testing::TestWithParam<T> (see below for
+// another inheritance scheme that's sometimes useful in more complicated
+// class hierarchies), where the type of your parameter values.
+// TestWithParam<T> is itself derived from testing::Test. T can be any
+// copyable type. If it's a raw pointer, you are responsible for managing the
+// lifespan of the pointed values.
+
+class FooTest : public ::testing::TestWithParam<const char*> {
+  // You can implement all the usual class fixture members here.
+};
+
+// Then, use the TEST_P macro to define as many parameterized tests
+// for this fixture as you want. The _P suffix is for "parameterized"
+// or "pattern", whichever you prefer to think.
+
+TEST_P(FooTest, DoesBlah) {
+  // Inside a test, access the test parameter with the GetParam() method
+  // of the TestWithParam<T> class:
+  EXPECT_TRUE(foo.Blah(GetParam()));
+  ...
+}
+
+TEST_P(FooTest, HasBlahBlah) {
+  ...
+}
+
+// Finally, you can use INSTANTIATE_TEST_CASE_P to instantiate the test
+// case with any set of parameters you want. Google Test defines a number
+// of functions for generating test parameters. They return what we call
+// (surprise!) parameter generators. Here is a  summary of them, which
+// are all in the testing namespace:
+//
+//
+//  Range(begin, end [, step]) - Yields values {begin, begin+step,
+//                               begin+step+step, ...}. The values do not
+//                               include end. step defaults to 1.
+//  Values(v1, v2, ..., vN)    - Yields values {v1, v2, ..., vN}.
+//  ValuesIn(container)        - Yields values from a C-style array, an STL
+//  ValuesIn(begin,end)          container, or an iterator range [begin, end).
+//  Bool()                     - Yields sequence {false, true}.
+//  Combine(g1, g2, ..., gN)   - Yields all combinations (the Cartesian product
+//                               for the math savvy) of the values generated
+//                               by the N generators.
+//
+// For more details, see comments at the definitions of these functions below
+// in this file.
+//
+// The following statement will instantiate tests from the FooTest test case
+// each with parameter values "meeny", "miny", and "moe".
+
+INSTANTIATE_TEST_CASE_P(InstantiationName,
+                        FooTest,
+                        Values("meeny", "miny", "moe"));
+
+// To distinguish different instances of the pattern, (yes, you
+// can instantiate it more then once) the first argument to the
+// INSTANTIATE_TEST_CASE_P macro is a prefix that will be added to the
+// actual test case name. Remember to pick unique prefixes for different
+// instantiations. The tests from the instantiation above will have
+// these names:
+//
+//    * InstantiationName/FooTest.DoesBlah/0 for "meeny"
+//    * InstantiationName/FooTest.DoesBlah/1 for "miny"
+//    * InstantiationName/FooTest.DoesBlah/2 for "moe"
+//    * InstantiationName/FooTest.HasBlahBlah/0 for "meeny"
+//    * InstantiationName/FooTest.HasBlahBlah/1 for "miny"
+//    * InstantiationName/FooTest.HasBlahBlah/2 for "moe"
+//
+// You can use these names in --gtest_filter.
+//
+// This statement will instantiate all tests from FooTest again, each
+// with parameter values "cat" and "dog":
+
+const char* pets[] = {"cat", "dog"};
+INSTANTIATE_TEST_CASE_P(AnotherInstantiationName, FooTest, ValuesIn(pets));
+
+// The tests from the instantiation above will have these names:
+//
+//    * AnotherInstantiationName/FooTest.DoesBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.DoesBlah/1 for "dog"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/1 for "dog"
+//
+// Please note that INSTANTIATE_TEST_CASE_P will instantiate all tests
+// in the given test case, whether their definitions come before or
+// AFTER the INSTANTIATE_TEST_CASE_P statement.
+//
+// Please also note that generator expressions (including parameters to the
+// generators) are evaluated in InitGoogleTest(), after main() has started.
+// This allows the user on one hand, to adjust generator parameters in order
+// to dynamically determine a set of tests to run and on the other hand,
+// give the user a chance to inspect the generated tests with Google Test
+// reflection API before RUN_ALL_TESTS() is executed.
+//
+// You can see samples/sample7_unittest.cc and samples/sample8_unittest.cc
+// for more examples.
+//
+// In the future, we plan to publish the API for defining new parameter
+// generators. But for now this interface remains part of the internal
+// implementation and is subject to change.
+//
+//
+// A parameterized test fixture must be derived from testing::Test and from
+// testing::WithParamInterface<T>, where T is the type of the parameter
+// values. Inheriting from TestWithParam<T> satisfies that requirement because
+// TestWithParam<T> inherits from both Test and WithParamInterface. In more
+// complicated hierarchies, however, it is occasionally useful to inherit
+// separately from Test and WithParamInterface. For example:
+
+class BaseTest : public ::testing::Test {
+  // You can inherit all the usual members for a non-parameterized test
+  // fixture here.
+};
+
+class DerivedTest : public BaseTest, public ::testing::WithParamInterface<int> {
+  // The usual test fixture members go here too.
+};
+
+TEST_F(BaseTest, HasFoo) {
+  // This is an ordinary non-parameterized test.
+}
+
+TEST_P(DerivedTest, DoesBlah) {
+  // GetParam works just the same here as if you inherit from TestWithParam.
+  EXPECT_TRUE(foo.Blah(GetParam()));
+}
+
+#endif  // 0
+
+#include "gtest/internal/gtest-port.h"
+
+#if !GTEST_OS_SYMBIAN
+# include <utility>
+#endif
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-param-util-generated.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Functions producing parameter generators.
+//
+// Google Test uses these generators to produce parameters for value-
+// parameterized tests. When a parameterized test case is instantiated
+// with a particular generator, Google Test creates and runs tests
+// for each element in the sequence produced by the generator.
+//
+// In the following sample, tests from test case FooTest are instantiated
+// each three times with parameter values 3, 5, and 8:
+//
+// class FooTest : public TestWithParam<int> { ... };
+//
+// TEST_P(FooTest, TestThis) {
+// }
+// TEST_P(FooTest, TestThat) {
+// }
+// INSTANTIATE_TEST_CASE_P(TestSequence, FooTest, Values(3, 5, 8));
+//
+
+// Range() returns generators providing sequences of values in a range.
+//
+// Synopsis:
+// Range(start, end)
+//   - returns a generator producing a sequence of values {start, start+1,
+//     start+2, ..., }.
+// Range(start, end, step)
+//   - returns a generator producing a sequence of values {start, start+step,
+//     start+step+step, ..., }.
+// Notes:
+//   * The generated sequences never include end. For example, Range(1, 5)
+//     returns a generator producing a sequence {1, 2, 3, 4}. Range(1, 9, 2)
+//     returns a generator producing {1, 3, 5, 7}.
+//   * start and end must have the same type. That type may be any integral or
+//     floating-point type or a user defined type satisfying these conditions:
+//     * It must be assignable (have operator=() defined).
+//     * It must have operator+() (operator+(int-compatible type) for
+//       two-operand version).
+//     * It must have operator<() defined.
+//     Elements in the resulting sequences will also have that type.
+//   * Condition start < end must be satisfied in order for resulting sequences
+//     to contain any elements.
+//
+template <typename T, typename IncrementT>
+internal::ParamGenerator<T> Range(T start, T end, IncrementT step) {
+  return internal::ParamGenerator<T>(
+      new internal::RangeGenerator<T, IncrementT>(start, end, step));
+}
+
+template <typename T>
+internal::ParamGenerator<T> Range(T start, T end) {
+  return Range(start, end, 1);
+}
+
+// ValuesIn() function allows generation of tests with parameters coming from
+// a container.
+//
+// Synopsis:
+// ValuesIn(const T (&array)[N])
+//   - returns a generator producing sequences with elements from
+//     a C-style array.
+// ValuesIn(const Container& container)
+//   - returns a generator producing sequences with elements from
+//     an STL-style container.
+// ValuesIn(Iterator begin, Iterator end)
+//   - returns a generator producing sequences with elements from
+//     a range [begin, end) defined by a pair of STL-style iterators. These
+//     iterators can also be plain C pointers.
+//
+// Please note that ValuesIn copies the values from the containers
+// passed in and keeps them to generate tests in RUN_ALL_TESTS().
+//
+// Examples:
+//
+// This instantiates tests from test case StringTest
+// each with C-string values of "foo", "bar", and "baz":
+//
+// const char* strings[] = {"foo", "bar", "baz"};
+// INSTANTIATE_TEST_CASE_P(StringSequence, SrtingTest, ValuesIn(strings));
+//
+// This instantiates tests from test case StlStringTest
+// each with STL strings with values "a" and "b":
+//
+// ::std::vector< ::std::string> GetParameterStrings() {
+//   ::std::vector< ::std::string> v;
+//   v.push_back("a");
+//   v.push_back("b");
+//   return v;
+// }
+//
+// INSTANTIATE_TEST_CASE_P(CharSequence,
+//                         StlStringTest,
+//                         ValuesIn(GetParameterStrings()));
+//
+//
+// This will also instantiate tests from CharTest
+// each with parameter values 'a' and 'b':
+//
+// ::std::list<char> GetParameterChars() {
+//   ::std::list<char> list;
+//   list.push_back('a');
+//   list.push_back('b');
+//   return list;
+// }
+// ::std::list<char> l = GetParameterChars();
+// INSTANTIATE_TEST_CASE_P(CharSequence2,
+//                         CharTest,
+//                         ValuesIn(l.begin(), l.end()));
+//
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end) {
+  typedef typename ::testing::internal::IteratorTraits<ForwardIterator>
+      ::value_type ParamType;
+  return internal::ParamGenerator<ParamType>(
+      new internal::ValuesInIteratorRangeGenerator<ParamType>(begin, end));
+}
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]) {
+  return ValuesIn(array, array + N);
+}
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container) {
+  return ValuesIn(container.begin(), container.end());
+}
+
+// Values() allows generating tests from explicitly specified list of
+// parameters.
+//
+// Synopsis:
+// Values(T v1, T v2, ..., T vN)
+//   - returns a generator producing sequences with elements v1, v2, ..., vN.
+//
+// For example, this instantiates tests from test case BarTest each
+// with values "one", "two", and "three":
+//
+// INSTANTIATE_TEST_CASE_P(NumSequence, BarTest, Values("one", "two", "three"));
+//
+// This instantiates tests from test case BazTest each with values 1, 2, 3.5.
+// The exact type of values will depend on the type of parameter in BazTest.
+//
+// INSTANTIATE_TEST_CASE_P(FloatingNumbers, BazTest, Values(1, 2, 3.5));
+//
+// Currently, Values() supports from 1 to $n parameters.
+//
+$range i 1..n
+$for i [[
+$range j 1..i
+
+template <$for j, [[typename T$j]]>
+internal::ValueArray$i<$for j, [[T$j]]> Values($for j, [[T$j v$j]]) {
+  return internal::ValueArray$i<$for j, [[T$j]]>($for j, [[v$j]]);
+}
+
+]]
+
+// Bool() allows generating tests with parameters in a set of (false, true).
+//
+// Synopsis:
+// Bool()
+//   - returns a generator producing sequences with elements {false, true}.
+//
+// It is useful when testing code that depends on Boolean flags. Combinations
+// of multiple flags can be tested when several Bool()'s are combined using
+// Combine() function.
+//
+// In the following example all tests in the test case FlagDependentTest
+// will be instantiated twice with parameters false and true.
+//
+// class FlagDependentTest : public testing::TestWithParam<bool> {
+//   virtual void SetUp() {
+//     external_flag = GetParam();
+//   }
+// }
+// INSTANTIATE_TEST_CASE_P(BoolSequence, FlagDependentTest, Bool());
+//
+inline internal::ParamGenerator<bool> Bool() {
+  return Values(false, true);
+}
+
+# if GTEST_HAS_COMBINE
+// Combine() allows the user to combine two or more sequences to produce
+// values of a Cartesian product of those sequences' elements.
+//
+// Synopsis:
+// Combine(gen1, gen2, ..., genN)
+//   - returns a generator producing sequences with elements coming from
+//     the Cartesian product of elements from the sequences generated by
+//     gen1, gen2, ..., genN. The sequence elements will have a type of
+//     tuple<T1, T2, ..., TN> where T1, T2, ..., TN are the types
+//     of elements from sequences produces by gen1, gen2, ..., genN.
+//
+// Combine can have up to $maxtuple arguments. This number is currently limited
+// by the maximum number of elements in the tuple implementation used by Google
+// Test.
+//
+// Example:
+//
+// This will instantiate tests in test case AnimalTest each one with
+// the parameter values tuple("cat", BLACK), tuple("cat", WHITE),
+// tuple("dog", BLACK), and tuple("dog", WHITE):
+//
+// enum Color { BLACK, GRAY, WHITE };
+// class AnimalTest
+//     : public testing::TestWithParam<tuple<const char*, Color> > {...};
+//
+// TEST_P(AnimalTest, AnimalLooksNice) {...}
+//
+// INSTANTIATE_TEST_CASE_P(AnimalVariations, AnimalTest,
+//                         Combine(Values("cat", "dog"),
+//                                 Values(BLACK, WHITE)));
+//
+// This will instantiate tests in FlagDependentTest with all variations of two
+// Boolean flags:
+//
+// class FlagDependentTest
+//     : public testing::TestWithParam<tuple<bool, bool> > {
+//   virtual void SetUp() {
+//     // Assigns external_flag_1 and external_flag_2 values from the tuple.
+//     tie(external_flag_1, external_flag_2) = GetParam();
+//   }
+// };
+//
+// TEST_P(FlagDependentTest, TestFeature1) {
+//   // Test your code using external_flag_1 and external_flag_2 here.
+// }
+// INSTANTIATE_TEST_CASE_P(TwoBoolSequence, FlagDependentTest,
+//                         Combine(Bool(), Bool()));
+//
+$range i 2..maxtuple
+$for i [[
+$range j 1..i
+
+template <$for j, [[typename Generator$j]]>
+internal::CartesianProductHolder$i<$for j, [[Generator$j]]> Combine(
+    $for j, [[const Generator$j& g$j]]) {
+  return internal::CartesianProductHolder$i<$for j, [[Generator$j]]>(
+      $for j, [[g$j]]);
+}
+
+]]
+# endif  // GTEST_HAS_COMBINE
+
+
+
+# define TEST_P(test_case_name, test_name) \
+  class GTEST_TEST_CLASS_NAME_(test_case_name, test_name) \
+      : public test_case_name { \
+   public: \
+    GTEST_TEST_CLASS_NAME_(test_case_name, test_name)() {} \
+    virtual void TestBody(); \
+   private: \
+    static int AddToRegistry() { \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestPattern(\
+                  #test_case_name, \
+                  #test_name, \
+                  new ::testing::internal::TestMetaFactory< \
+                      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)>()); \
+      return 0; \
+    } \
+    static int gtest_registering_dummy_; \
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(\
+        GTEST_TEST_CLASS_NAME_(test_case_name, test_name)); \
+  }; \
+  int GTEST_TEST_CLASS_NAME_(test_case_name, \
+                             test_name)::gtest_registering_dummy_ = \
+      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::AddToRegistry(); \
+  void GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::TestBody()
+
+# define INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \
+  ::testing::internal::ParamGenerator<test_case_name::ParamType> \
+      gtest_##prefix##test_case_name##_EvalGenerator_() { return generator; } \
+  int gtest_##prefix##test_case_name##_dummy_ = \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestCaseInstantiation(\
+                  #prefix, \
+                  &gtest_##prefix##test_case_name##_EvalGenerator_, \
+                  __FILE__, __LINE__)
+
+}  // namespace testing
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-printers.h b/nss/external_tests/google_test/gtest/include/gtest/gtest-printers.h
new file mode 100644
index 0000000..18ee7bc
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-printers.h
@@ -0,0 +1,891 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Google Test - The Google C++ Testing Framework
+//
+// This file implements a universal value printer that can print a
+// value of any type T:
+//
+//   void ::testing::internal::UniversalPrinter<T>::Print(value, ostream_ptr);
+//
+// A user can teach this function how to print a class type T by
+// defining either operator<<() or PrintTo() in the namespace that
+// defines T.  More specifically, the FIRST defined function in the
+// following list will be used (assuming T is defined in namespace
+// foo):
+//
+//   1. foo::PrintTo(const T&, ostream*)
+//   2. operator<<(ostream&, const T&) defined in either foo or the
+//      global namespace.
+//
+// If none of the above is defined, it will print the debug string of
+// the value if it is a protocol buffer, or print the raw bytes in the
+// value otherwise.
+//
+// To aid debugging: when T is a reference type, the address of the
+// value is also printed; when T is a (const) char pointer, both the
+// pointer value and the NUL-terminated string it points to are
+// printed.
+//
+// We also provide some convenient wrappers:
+//
+//   // Prints a value to a string.  For a (const or not) char
+//   // pointer, the NUL-terminated string (but not the pointer) is
+//   // printed.
+//   std::string ::testing::PrintToString(const T& value);
+//
+//   // Prints a value tersely: for a reference type, the referenced
+//   // value (but not the address) is printed; for a (const or not) char
+//   // pointer, the NUL-terminated string (but not the pointer) is
+//   // printed.
+//   void ::testing::internal::UniversalTersePrint(const T& value, ostream*);
+//
+//   // Prints value using the type inferred by the compiler.  The difference
+//   // from UniversalTersePrint() is that this function prints both the
+//   // pointer and the NUL-terminated string for a (const or not) char pointer.
+//   void ::testing::internal::UniversalPrint(const T& value, ostream*);
+//
+//   // Prints the fields of a tuple tersely to a string vector, one
+//   // element for each field. Tuple support must be enabled in
+//   // gtest-port.h.
+//   std::vector<string> UniversalTersePrintTupleFieldsToStrings(
+//       const Tuple& value);
+//
+// Known limitation:
+//
+// The print primitives print the elements of an STL-style container
+// using the compiler-inferred type of *iter where iter is a
+// const_iterator of the container.  When const_iterator is an input
+// iterator but not a forward iterator, this inferred type may not
+// match value_type, and the print output may be incorrect.  In
+// practice, this is rarely a problem as for most containers
+// const_iterator is a forward iterator.  We'll fix this if there's an
+// actual need for it.  Note that this fix cannot rely on value_type
+// being defined as many user-defined container types don't have
+// value_type.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PRINTERS_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PRINTERS_H_
+
+#include <ostream>  // NOLINT
+#include <sstream>
+#include <string>
+#include <utility>
+#include <vector>
+#include "gtest/internal/gtest-port.h"
+#include "gtest/internal/gtest-internal.h"
+
+#if GTEST_HAS_STD_TUPLE_
+# include <tuple>
+#endif
+
+namespace testing {
+
+// Definitions in the 'internal' and 'internal2' name spaces are
+// subject to change without notice.  DO NOT USE THEM IN USER CODE!
+namespace internal2 {
+
+// Prints the given number of bytes in the given object to the given
+// ostream.
+GTEST_API_ void PrintBytesInObjectTo(const unsigned char* obj_bytes,
+                                     size_t count,
+                                     ::std::ostream* os);
+
+// For selecting which printer to use when a given type has neither <<
+// nor PrintTo().
+enum TypeKind {
+  kProtobuf,              // a protobuf type
+  kConvertibleToInteger,  // a type implicitly convertible to BiggestInt
+                          // (e.g. a named or unnamed enum type)
+  kOtherType              // anything else
+};
+
+// TypeWithoutFormatter<T, kTypeKind>::PrintValue(value, os) is called
+// by the universal printer to print a value of type T when neither
+// operator<< nor PrintTo() is defined for T, where kTypeKind is the
+// "kind" of T as defined by enum TypeKind.
+template <typename T, TypeKind kTypeKind>
+class TypeWithoutFormatter {
+ public:
+  // This default version is called when kTypeKind is kOtherType.
+  static void PrintValue(const T& value, ::std::ostream* os) {
+    PrintBytesInObjectTo(reinterpret_cast<const unsigned char*>(&value),
+                         sizeof(value), os);
+  }
+};
+
+// We print a protobuf using its ShortDebugString() when the string
+// doesn't exceed this many characters; otherwise we print it using
+// DebugString() for better readability.
+const size_t kProtobufOneLinerMaxLength = 50;
+
+template <typename T>
+class TypeWithoutFormatter<T, kProtobuf> {
+ public:
+  static void PrintValue(const T& value, ::std::ostream* os) {
+    const ::testing::internal::string short_str = value.ShortDebugString();
+    const ::testing::internal::string pretty_str =
+        short_str.length() <= kProtobufOneLinerMaxLength ?
+        short_str : ("\n" + value.DebugString());
+    *os << ("<" + pretty_str + ">");
+  }
+};
+
+template <typename T>
+class TypeWithoutFormatter<T, kConvertibleToInteger> {
+ public:
+  // Since T has no << operator or PrintTo() but can be implicitly
+  // converted to BiggestInt, we print it as a BiggestInt.
+  //
+  // Most likely T is an enum type (either named or unnamed), in which
+  // case printing it as an integer is the desired behavior.  In case
+  // T is not an enum, printing it as an integer is the best we can do
+  // given that it has no user-defined printer.
+  static void PrintValue(const T& value, ::std::ostream* os) {
+    const internal::BiggestInt kBigInt = value;
+    *os << kBigInt;
+  }
+};
+
+// Prints the given value to the given ostream.  If the value is a
+// protocol message, its debug string is printed; if it's an enum or
+// of a type implicitly convertible to BiggestInt, it's printed as an
+// integer; otherwise the bytes in the value are printed.  This is
+// what UniversalPrinter<T>::Print() does when it knows nothing about
+// type T and T has neither << operator nor PrintTo().
+//
+// A user can override this behavior for a class type Foo by defining
+// a << operator in the namespace where Foo is defined.
+//
+// We put this operator in namespace 'internal2' instead of 'internal'
+// to simplify the implementation, as much code in 'internal' needs to
+// use << in STL, which would conflict with our own << were it defined
+// in 'internal'.
+//
+// Note that this operator<< takes a generic std::basic_ostream<Char,
+// CharTraits> type instead of the more restricted std::ostream.  If
+// we define it to take an std::ostream instead, we'll get an
+// "ambiguous overloads" compiler error when trying to print a type
+// Foo that supports streaming to std::basic_ostream<Char,
+// CharTraits>, as the compiler cannot tell whether
+// operator<<(std::ostream&, const T&) or
+// operator<<(std::basic_stream<Char, CharTraits>, const Foo&) is more
+// specific.
+template <typename Char, typename CharTraits, typename T>
+::std::basic_ostream<Char, CharTraits>& operator<<(
+    ::std::basic_ostream<Char, CharTraits>& os, const T& x) {
+  TypeWithoutFormatter<T,
+      (internal::IsAProtocolMessage<T>::value ? kProtobuf :
+       internal::ImplicitlyConvertible<const T&, internal::BiggestInt>::value ?
+       kConvertibleToInteger : kOtherType)>::PrintValue(x, &os);
+  return os;
+}
+
+}  // namespace internal2
+}  // namespace testing
+
+// This namespace MUST NOT BE NESTED IN ::testing, or the name look-up
+// magic needed for implementing UniversalPrinter won't work.
+namespace testing_internal {
+
+// Used to print a value that is not an STL-style container when the
+// user doesn't define PrintTo() for it.
+template <typename T>
+void DefaultPrintNonContainerTo(const T& value, ::std::ostream* os) {
+  // With the following statement, during unqualified name lookup,
+  // testing::internal2::operator<< appears as if it was declared in
+  // the nearest enclosing namespace that contains both
+  // ::testing_internal and ::testing::internal2, i.e. the global
+  // namespace.  For more details, refer to the C++ Standard section
+  // 7.3.4-1 [namespace.udir].  This allows us to fall back onto
+  // testing::internal2::operator<< in case T doesn't come with a <<
+  // operator.
+  //
+  // We cannot write 'using ::testing::internal2::operator<<;', which
+  // gcc 3.3 fails to compile due to a compiler bug.
+  using namespace ::testing::internal2;  // NOLINT
+
+  // Assuming T is defined in namespace foo, in the next statement,
+  // the compiler will consider all of:
+  //
+  //   1. foo::operator<< (thanks to Koenig look-up),
+  //   2. ::operator<< (as the current namespace is enclosed in ::),
+  //   3. testing::internal2::operator<< (thanks to the using statement above).
+  //
+  // The operator<< whose type matches T best will be picked.
+  //
+  // We deliberately allow #2 to be a candidate, as sometimes it's
+  // impossible to define #1 (e.g. when foo is ::std, defining
+  // anything in it is undefined behavior unless you are a compiler
+  // vendor.).
+  *os << value;
+}
+
+}  // namespace testing_internal
+
+namespace testing {
+namespace internal {
+
+// UniversalPrinter<T>::Print(value, ostream_ptr) prints the given
+// value to the given ostream.  The caller must ensure that
+// 'ostream_ptr' is not NULL, or the behavior is undefined.
+//
+// We define UniversalPrinter as a class template (as opposed to a
+// function template), as we need to partially specialize it for
+// reference types, which cannot be done with function templates.
+template <typename T>
+class UniversalPrinter;
+
+template <typename T>
+void UniversalPrint(const T& value, ::std::ostream* os);
+
+// Used to print an STL-style container when the user doesn't define
+// a PrintTo() for it.
+template <typename C>
+void DefaultPrintTo(IsContainer /* dummy */,
+                    false_type /* is not a pointer */,
+                    const C& container, ::std::ostream* os) {
+  const size_t kMaxCount = 32;  // The maximum number of elements to print.
+  *os << '{';
+  size_t count = 0;
+  for (typename C::const_iterator it = container.begin();
+       it != container.end(); ++it, ++count) {
+    if (count > 0) {
+      *os << ',';
+      if (count == kMaxCount) {  // Enough has been printed.
+        *os << " ...";
+        break;
+      }
+    }
+    *os << ' ';
+    // We cannot call PrintTo(*it, os) here as PrintTo() doesn't
+    // handle *it being a native array.
+    internal::UniversalPrint(*it, os);
+  }
+
+  if (count > 0) {
+    *os << ' ';
+  }
+  *os << '}';
+}
+
+// Used to print a pointer that is neither a char pointer nor a member
+// pointer, when the user doesn't define PrintTo() for it.  (A member
+// variable pointer or member function pointer doesn't really point to
+// a location in the address space.  Their representation is
+// implementation-defined.  Therefore they will be printed as raw
+// bytes.)
+template <typename T>
+void DefaultPrintTo(IsNotContainer /* dummy */,
+                    true_type /* is a pointer */,
+                    T* p, ::std::ostream* os) {
+  if (p == NULL) {
+    *os << "NULL";
+  } else {
+    // C++ doesn't allow casting from a function pointer to any object
+    // pointer.
+    //
+    // IsTrue() silences warnings: "Condition is always true",
+    // "unreachable code".
+    if (IsTrue(ImplicitlyConvertible<T*, const void*>::value)) {
+      // T is not a function type.  We just call << to print p,
+      // relying on ADL to pick up user-defined << for their pointer
+      // types, if any.
+      *os << p;
+    } else {
+      // T is a function type, so '*os << p' doesn't do what we want
+      // (it just prints p as bool).  We want to print p as a const
+      // void*.  However, we cannot cast it to const void* directly,
+      // even using reinterpret_cast, as earlier versions of gcc
+      // (e.g. 3.4.5) cannot compile the cast when p is a function
+      // pointer.  Casting to UInt64 first solves the problem.
+      *os << reinterpret_cast<const void*>(
+          reinterpret_cast<internal::UInt64>(p));
+    }
+  }
+}
+
+// Used to print a non-container, non-pointer value when the user
+// doesn't define PrintTo() for it.
+template <typename T>
+void DefaultPrintTo(IsNotContainer /* dummy */,
+                    false_type /* is not a pointer */,
+                    const T& value, ::std::ostream* os) {
+  ::testing_internal::DefaultPrintNonContainerTo(value, os);
+}
+
+// Prints the given value using the << operator if it has one;
+// otherwise prints the bytes in it.  This is what
+// UniversalPrinter<T>::Print() does when PrintTo() is not specialized
+// or overloaded for type T.
+//
+// A user can override this behavior for a class type Foo by defining
+// an overload of PrintTo() in the namespace where Foo is defined.  We
+// give the user this option as sometimes defining a << operator for
+// Foo is not desirable (e.g. the coding style may prevent doing it,
+// or there is already a << operator but it doesn't do what the user
+// wants).
+template <typename T>
+void PrintTo(const T& value, ::std::ostream* os) {
+  // DefaultPrintTo() is overloaded.  The type of its first two
+  // arguments determine which version will be picked.  If T is an
+  // STL-style container, the version for container will be called; if
+  // T is a pointer, the pointer version will be called; otherwise the
+  // generic version will be called.
+  //
+  // Note that we check for container types here, prior to we check
+  // for protocol message types in our operator<<.  The rationale is:
+  //
+  // For protocol messages, we want to give people a chance to
+  // override Google Mock's format by defining a PrintTo() or
+  // operator<<.  For STL containers, other formats can be
+  // incompatible with Google Mock's format for the container
+  // elements; therefore we check for container types here to ensure
+  // that our format is used.
+  //
+  // The second argument of DefaultPrintTo() is needed to bypass a bug
+  // in Symbian's C++ compiler that prevents it from picking the right
+  // overload between:
+  //
+  //   PrintTo(const T& x, ...);
+  //   PrintTo(T* x, ...);
+  DefaultPrintTo(IsContainerTest<T>(0), is_pointer<T>(), value, os);
+}
+
+// The following list of PrintTo() overloads tells
+// UniversalPrinter<T>::Print() how to print standard types (built-in
+// types, strings, plain arrays, and pointers).
+
+// Overloads for various char types.
+GTEST_API_ void PrintTo(unsigned char c, ::std::ostream* os);
+GTEST_API_ void PrintTo(signed char c, ::std::ostream* os);
+inline void PrintTo(char c, ::std::ostream* os) {
+  // When printing a plain char, we always treat it as unsigned.  This
+  // way, the output won't be affected by whether the compiler thinks
+  // char is signed or not.
+  PrintTo(static_cast<unsigned char>(c), os);
+}
+
+// Overloads for other simple built-in types.
+inline void PrintTo(bool x, ::std::ostream* os) {
+  *os << (x ? "true" : "false");
+}
+
+// Overload for wchar_t type.
+// Prints a wchar_t as a symbol if it is printable or as its internal
+// code otherwise and also as its decimal code (except for L'\0').
+// The L'\0' char is printed as "L'\\0'". The decimal code is printed
+// as signed integer when wchar_t is implemented by the compiler
+// as a signed type and is printed as an unsigned integer when wchar_t
+// is implemented as an unsigned type.
+GTEST_API_ void PrintTo(wchar_t wc, ::std::ostream* os);
+
+// Overloads for C strings.
+GTEST_API_ void PrintTo(const char* s, ::std::ostream* os);
+inline void PrintTo(char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const char*>(s), os);
+}
+
+// signed/unsigned char is often used for representing binary data, so
+// we print pointers to it as void* to be safe.
+inline void PrintTo(const signed char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+inline void PrintTo(signed char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+inline void PrintTo(const unsigned char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+inline void PrintTo(unsigned char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+
+// MSVC can be configured to define wchar_t as a typedef of unsigned
+// short.  It defines _NATIVE_WCHAR_T_DEFINED when wchar_t is a native
+// type.  When wchar_t is a typedef, defining an overload for const
+// wchar_t* would cause unsigned short* be printed as a wide string,
+// possibly causing invalid memory accesses.
+#if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+// Overloads for wide C strings
+GTEST_API_ void PrintTo(const wchar_t* s, ::std::ostream* os);
+inline void PrintTo(wchar_t* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const wchar_t*>(s), os);
+}
+#endif
+
+// Overload for C arrays.  Multi-dimensional arrays are printed
+// properly.
+
+// Prints the given number of elements in an array, without printing
+// the curly braces.
+template <typename T>
+void PrintRawArrayTo(const T a[], size_t count, ::std::ostream* os) {
+  UniversalPrint(a[0], os);
+  for (size_t i = 1; i != count; i++) {
+    *os << ", ";
+    UniversalPrint(a[i], os);
+  }
+}
+
+// Overloads for ::string and ::std::string.
+#if GTEST_HAS_GLOBAL_STRING
+GTEST_API_ void PrintStringTo(const ::string&s, ::std::ostream* os);
+inline void PrintTo(const ::string& s, ::std::ostream* os) {
+  PrintStringTo(s, os);
+}
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+GTEST_API_ void PrintStringTo(const ::std::string&s, ::std::ostream* os);
+inline void PrintTo(const ::std::string& s, ::std::ostream* os) {
+  PrintStringTo(s, os);
+}
+
+// Overloads for ::wstring and ::std::wstring.
+#if GTEST_HAS_GLOBAL_WSTRING
+GTEST_API_ void PrintWideStringTo(const ::wstring&s, ::std::ostream* os);
+inline void PrintTo(const ::wstring& s, ::std::ostream* os) {
+  PrintWideStringTo(s, os);
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+#if GTEST_HAS_STD_WSTRING
+GTEST_API_ void PrintWideStringTo(const ::std::wstring&s, ::std::ostream* os);
+inline void PrintTo(const ::std::wstring& s, ::std::ostream* os) {
+  PrintWideStringTo(s, os);
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+// Helper function for printing a tuple.  T must be instantiated with
+// a tuple type.
+template <typename T>
+void PrintTupleTo(const T& t, ::std::ostream* os);
+#endif  // GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+
+#if GTEST_HAS_TR1_TUPLE
+// Overload for ::std::tr1::tuple.  Needed for printing function arguments,
+// which are packed as tuples.
+
+// Overloaded PrintTo() for tuples of various arities.  We support
+// tuples of up-to 10 fields.  The following implementation works
+// regardless of whether tr1::tuple is implemented using the
+// non-standard variadic template feature or not.
+
+inline void PrintTo(const ::std::tr1::tuple<>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1>
+void PrintTo(const ::std::tr1::tuple<T1>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2>
+void PrintTo(const ::std::tr1::tuple<T1, T2>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7, T8>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8, typename T9>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8, typename T9, typename T10>
+void PrintTo(
+    const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10>& t,
+    ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_HAS_STD_TUPLE_
+template <typename... Types>
+void PrintTo(const ::std::tuple<Types...>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+#endif  // GTEST_HAS_STD_TUPLE_
+
+// Overload for std::pair.
+template <typename T1, typename T2>
+void PrintTo(const ::std::pair<T1, T2>& value, ::std::ostream* os) {
+  *os << '(';
+  // We cannot use UniversalPrint(value.first, os) here, as T1 may be
+  // a reference type.  The same for printing value.second.
+  UniversalPrinter<T1>::Print(value.first, os);
+  *os << ", ";
+  UniversalPrinter<T2>::Print(value.second, os);
+  *os << ')';
+}
+
+// Implements printing a non-reference type T by letting the compiler
+// pick the right overload of PrintTo() for T.
+template <typename T>
+class UniversalPrinter {
+ public:
+  // MSVC warns about adding const to a function type, so we want to
+  // disable the warning.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4180)
+
+  // Note: we deliberately don't call this PrintTo(), as that name
+  // conflicts with ::testing::internal::PrintTo in the body of the
+  // function.
+  static void Print(const T& value, ::std::ostream* os) {
+    // By default, ::testing::internal::PrintTo() is used for printing
+    // the value.
+    //
+    // Thanks to Koenig look-up, if T is a class and has its own
+    // PrintTo() function defined in its namespace, that function will
+    // be visible here.  Since it is more specific than the generic ones
+    // in ::testing::internal, it will be picked by the compiler in the
+    // following statement - exactly what we want.
+    PrintTo(value, os);
+  }
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+};
+
+// UniversalPrintArray(begin, len, os) prints an array of 'len'
+// elements, starting at address 'begin'.
+template <typename T>
+void UniversalPrintArray(const T* begin, size_t len, ::std::ostream* os) {
+  if (len == 0) {
+    *os << "{}";
+  } else {
+    *os << "{ ";
+    const size_t kThreshold = 18;
+    const size_t kChunkSize = 8;
+    // If the array has more than kThreshold elements, we'll have to
+    // omit some details by printing only the first and the last
+    // kChunkSize elements.
+    // TODO(wan@google.com): let the user control the threshold using a flag.
+    if (len <= kThreshold) {
+      PrintRawArrayTo(begin, len, os);
+    } else {
+      PrintRawArrayTo(begin, kChunkSize, os);
+      *os << ", ..., ";
+      PrintRawArrayTo(begin + len - kChunkSize, kChunkSize, os);
+    }
+    *os << " }";
+  }
+}
+// This overload prints a (const) char array compactly.
+GTEST_API_ void UniversalPrintArray(
+    const char* begin, size_t len, ::std::ostream* os);
+
+// This overload prints a (const) wchar_t array compactly.
+GTEST_API_ void UniversalPrintArray(
+    const wchar_t* begin, size_t len, ::std::ostream* os);
+
+// Implements printing an array type T[N].
+template <typename T, size_t N>
+class UniversalPrinter<T[N]> {
+ public:
+  // Prints the given array, omitting some elements when there are too
+  // many.
+  static void Print(const T (&a)[N], ::std::ostream* os) {
+    UniversalPrintArray(a, N, os);
+  }
+};
+
+// Implements printing a reference type T&.
+template <typename T>
+class UniversalPrinter<T&> {
+ public:
+  // MSVC warns about adding const to a function type, so we want to
+  // disable the warning.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4180)
+
+  static void Print(const T& value, ::std::ostream* os) {
+    // Prints the address of the value.  We use reinterpret_cast here
+    // as static_cast doesn't compile when T is a function type.
+    *os << "@" << reinterpret_cast<const void*>(&value) << " ";
+
+    // Then prints the value itself.
+    UniversalPrint(value, os);
+  }
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+};
+
+// Prints a value tersely: for a reference type, the referenced value
+// (but not the address) is printed; for a (const) char pointer, the
+// NUL-terminated string (but not the pointer) is printed.
+
+template <typename T>
+class UniversalTersePrinter {
+ public:
+  static void Print(const T& value, ::std::ostream* os) {
+    UniversalPrint(value, os);
+  }
+};
+template <typename T>
+class UniversalTersePrinter<T&> {
+ public:
+  static void Print(const T& value, ::std::ostream* os) {
+    UniversalPrint(value, os);
+  }
+};
+template <typename T, size_t N>
+class UniversalTersePrinter<T[N]> {
+ public:
+  static void Print(const T (&value)[N], ::std::ostream* os) {
+    UniversalPrinter<T[N]>::Print(value, os);
+  }
+};
+template <>
+class UniversalTersePrinter<const char*> {
+ public:
+  static void Print(const char* str, ::std::ostream* os) {
+    if (str == NULL) {
+      *os << "NULL";
+    } else {
+      UniversalPrint(string(str), os);
+    }
+  }
+};
+template <>
+class UniversalTersePrinter<char*> {
+ public:
+  static void Print(char* str, ::std::ostream* os) {
+    UniversalTersePrinter<const char*>::Print(str, os);
+  }
+};
+
+#if GTEST_HAS_STD_WSTRING
+template <>
+class UniversalTersePrinter<const wchar_t*> {
+ public:
+  static void Print(const wchar_t* str, ::std::ostream* os) {
+    if (str == NULL) {
+      *os << "NULL";
+    } else {
+      UniversalPrint(::std::wstring(str), os);
+    }
+  }
+};
+#endif
+
+template <>
+class UniversalTersePrinter<wchar_t*> {
+ public:
+  static void Print(wchar_t* str, ::std::ostream* os) {
+    UniversalTersePrinter<const wchar_t*>::Print(str, os);
+  }
+};
+
+template <typename T>
+void UniversalTersePrint(const T& value, ::std::ostream* os) {
+  UniversalTersePrinter<T>::Print(value, os);
+}
+
+// Prints a value using the type inferred by the compiler.  The
+// difference between this and UniversalTersePrint() is that for a
+// (const) char pointer, this prints both the pointer and the
+// NUL-terminated string.
+template <typename T>
+void UniversalPrint(const T& value, ::std::ostream* os) {
+  // A workarond for the bug in VC++ 7.1 that prevents us from instantiating
+  // UniversalPrinter with T directly.
+  typedef T T1;
+  UniversalPrinter<T1>::Print(value, os);
+}
+
+typedef ::std::vector<string> Strings;
+
+// TuplePolicy<TupleT> must provide:
+// - tuple_size
+//     size of tuple TupleT.
+// - get<size_t I>(const TupleT& t)
+//     static function extracting element I of tuple TupleT.
+// - tuple_element<size_t I>::type
+//     type of element I of tuple TupleT.
+template <typename TupleT>
+struct TuplePolicy;
+
+#if GTEST_HAS_TR1_TUPLE
+template <typename TupleT>
+struct TuplePolicy {
+  typedef TupleT Tuple;
+  static const size_t tuple_size = ::std::tr1::tuple_size<Tuple>::value;
+
+  template <size_t I>
+  struct tuple_element : ::std::tr1::tuple_element<I, Tuple> {};
+
+  template <size_t I>
+  static typename AddReference<
+      const typename ::std::tr1::tuple_element<I, Tuple>::type>::type get(
+      const Tuple& tuple) {
+    return ::std::tr1::get<I>(tuple);
+  }
+};
+template <typename TupleT>
+const size_t TuplePolicy<TupleT>::tuple_size;
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_HAS_STD_TUPLE_
+template <typename... Types>
+struct TuplePolicy< ::std::tuple<Types...> > {
+  typedef ::std::tuple<Types...> Tuple;
+  static const size_t tuple_size = ::std::tuple_size<Tuple>::value;
+
+  template <size_t I>
+  struct tuple_element : ::std::tuple_element<I, Tuple> {};
+
+  template <size_t I>
+  static const typename ::std::tuple_element<I, Tuple>::type& get(
+      const Tuple& tuple) {
+    return ::std::get<I>(tuple);
+  }
+};
+template <typename... Types>
+const size_t TuplePolicy< ::std::tuple<Types...> >::tuple_size;
+#endif  // GTEST_HAS_STD_TUPLE_
+
+#if GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+// This helper template allows PrintTo() for tuples and
+// UniversalTersePrintTupleFieldsToStrings() to be defined by
+// induction on the number of tuple fields.  The idea is that
+// TuplePrefixPrinter<N>::PrintPrefixTo(t, os) prints the first N
+// fields in tuple t, and can be defined in terms of
+// TuplePrefixPrinter<N - 1>.
+//
+// The inductive case.
+template <size_t N>
+struct TuplePrefixPrinter {
+  // Prints the first N fields of a tuple.
+  template <typename Tuple>
+  static void PrintPrefixTo(const Tuple& t, ::std::ostream* os) {
+    TuplePrefixPrinter<N - 1>::PrintPrefixTo(t, os);
+    GTEST_INTENTIONAL_CONST_COND_PUSH_()
+    if (N > 1) {
+    GTEST_INTENTIONAL_CONST_COND_POP_()
+      *os << ", ";
+    }
+    UniversalPrinter<
+        typename TuplePolicy<Tuple>::template tuple_element<N - 1>::type>
+        ::Print(TuplePolicy<Tuple>::template get<N - 1>(t), os);
+  }
+
+  // Tersely prints the first N fields of a tuple to a string vector,
+  // one element for each field.
+  template <typename Tuple>
+  static void TersePrintPrefixToStrings(const Tuple& t, Strings* strings) {
+    TuplePrefixPrinter<N - 1>::TersePrintPrefixToStrings(t, strings);
+    ::std::stringstream ss;
+    UniversalTersePrint(TuplePolicy<Tuple>::template get<N - 1>(t), &ss);
+    strings->push_back(ss.str());
+  }
+};
+
+// Base case.
+template <>
+struct TuplePrefixPrinter<0> {
+  template <typename Tuple>
+  static void PrintPrefixTo(const Tuple&, ::std::ostream*) {}
+
+  template <typename Tuple>
+  static void TersePrintPrefixToStrings(const Tuple&, Strings*) {}
+};
+
+// Helper function for printing a tuple.
+// Tuple must be either std::tr1::tuple or std::tuple type.
+template <typename Tuple>
+void PrintTupleTo(const Tuple& t, ::std::ostream* os) {
+  *os << "(";
+  TuplePrefixPrinter<TuplePolicy<Tuple>::tuple_size>::PrintPrefixTo(t, os);
+  *os << ")";
+}
+
+// Prints the fields of a tuple tersely to a string vector, one
+// element for each field.  See the comment before
+// UniversalTersePrint() for how we define "tersely".
+template <typename Tuple>
+Strings UniversalTersePrintTupleFieldsToStrings(const Tuple& value) {
+  Strings result;
+  TuplePrefixPrinter<TuplePolicy<Tuple>::tuple_size>::
+      TersePrintPrefixToStrings(value, &result);
+  return result;
+}
+#endif  // GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+
+}  // namespace internal
+
+template <typename T>
+::std::string PrintToString(const T& value) {
+  ::std::stringstream ss;
+  internal::UniversalTersePrinter<T>::Print(value, &ss);
+  return ss.str();
+}
+
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PRINTERS_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-spi.h b/nss/external_tests/google_test/gtest/include/gtest/gtest-spi.h
new file mode 100644
index 0000000..f63fa9a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-spi.h
@@ -0,0 +1,232 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Utilities for testing Google Test itself and code that uses Google Test
+// (e.g. frameworks built on top of Google Test).
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_SPI_H_
+#define GTEST_INCLUDE_GTEST_GTEST_SPI_H_
+
+#include "gtest/gtest.h"
+
+namespace testing {
+
+// This helper class can be used to mock out Google Test failure reporting
+// so that we can test Google Test or code that builds on Google Test.
+//
+// An object of this class appends a TestPartResult object to the
+// TestPartResultArray object given in the constructor whenever a Google Test
+// failure is reported. It can either intercept only failures that are
+// generated in the same thread that created this object or it can intercept
+// all generated failures. The scope of this mock object can be controlled with
+// the second argument to the two arguments constructor.
+class GTEST_API_ ScopedFakeTestPartResultReporter
+    : public TestPartResultReporterInterface {
+ public:
+  // The two possible mocking modes of this object.
+  enum InterceptMode {
+    INTERCEPT_ONLY_CURRENT_THREAD,  // Intercepts only thread local failures.
+    INTERCEPT_ALL_THREADS           // Intercepts all failures.
+  };
+
+  // The c'tor sets this object as the test part result reporter used
+  // by Google Test.  The 'result' parameter specifies where to report the
+  // results. This reporter will only catch failures generated in the current
+  // thread. DEPRECATED
+  explicit ScopedFakeTestPartResultReporter(TestPartResultArray* result);
+
+  // Same as above, but you can choose the interception scope of this object.
+  ScopedFakeTestPartResultReporter(InterceptMode intercept_mode,
+                                   TestPartResultArray* result);
+
+  // The d'tor restores the previous test part result reporter.
+  virtual ~ScopedFakeTestPartResultReporter();
+
+  // Appends the TestPartResult object to the TestPartResultArray
+  // received in the constructor.
+  //
+  // This method is from the TestPartResultReporterInterface
+  // interface.
+  virtual void ReportTestPartResult(const TestPartResult& result);
+ private:
+  void Init();
+
+  const InterceptMode intercept_mode_;
+  TestPartResultReporterInterface* old_reporter_;
+  TestPartResultArray* const result_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ScopedFakeTestPartResultReporter);
+};
+
+namespace internal {
+
+// A helper class for implementing EXPECT_FATAL_FAILURE() and
+// EXPECT_NONFATAL_FAILURE().  Its destructor verifies that the given
+// TestPartResultArray contains exactly one failure that has the given
+// type and contains the given substring.  If that's not the case, a
+// non-fatal failure will be generated.
+class GTEST_API_ SingleFailureChecker {
+ public:
+  // The constructor remembers the arguments.
+  SingleFailureChecker(const TestPartResultArray* results,
+                       TestPartResult::Type type,
+                       const string& substr);
+  ~SingleFailureChecker();
+ private:
+  const TestPartResultArray* const results_;
+  const TestPartResult::Type type_;
+  const string substr_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(SingleFailureChecker);
+};
+
+}  // namespace internal
+
+}  // namespace testing
+
+// A set of macros for testing Google Test assertions or code that's expected
+// to generate Google Test fatal failures.  It verifies that the given
+// statement will cause exactly one fatal Google Test failure with 'substr'
+// being part of the failure message.
+//
+// There are two different versions of this macro. EXPECT_FATAL_FAILURE only
+// affects and considers failures generated in the current thread and
+// EXPECT_FATAL_FAILURE_ON_ALL_THREADS does the same but for all threads.
+//
+// The verification of the assertion is done correctly even when the statement
+// throws an exception or aborts the current function.
+//
+// Known restrictions:
+//   - 'statement' cannot reference local non-static variables or
+//     non-static members of the current object.
+//   - 'statement' cannot return a value.
+//   - You cannot stream a failure message to this macro.
+//
+// Note that even though the implementations of the following two
+// macros are much alike, we cannot refactor them to use a common
+// helper macro, due to some peculiarity in how the preprocessor
+// works.  The AcceptsMacroThatExpandsToUnprotectedComma test in
+// gtest_unittest.cc will fail to compile if we do that.
+#define EXPECT_FATAL_FAILURE(statement, substr) \
+  do { \
+    class GTestExpectFatalFailureHelper {\
+     public:\
+      static void Execute() { statement; }\
+    };\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kFatalFailure, (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter:: \
+          INTERCEPT_ONLY_CURRENT_THREAD, &gtest_failures);\
+      GTestExpectFatalFailureHelper::Execute();\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+#define EXPECT_FATAL_FAILURE_ON_ALL_THREADS(statement, substr) \
+  do { \
+    class GTestExpectFatalFailureHelper {\
+     public:\
+      static void Execute() { statement; }\
+    };\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kFatalFailure, (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter:: \
+          INTERCEPT_ALL_THREADS, &gtest_failures);\
+      GTestExpectFatalFailureHelper::Execute();\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+// A macro for testing Google Test assertions or code that's expected to
+// generate Google Test non-fatal failures.  It asserts that the given
+// statement will cause exactly one non-fatal Google Test failure with 'substr'
+// being part of the failure message.
+//
+// There are two different versions of this macro. EXPECT_NONFATAL_FAILURE only
+// affects and considers failures generated in the current thread and
+// EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS does the same but for all threads.
+//
+// 'statement' is allowed to reference local variables and members of
+// the current object.
+//
+// The verification of the assertion is done correctly even when the statement
+// throws an exception or aborts the current function.
+//
+// Known restrictions:
+//   - You cannot stream a failure message to this macro.
+//
+// Note that even though the implementations of the following two
+// macros are much alike, we cannot refactor them to use a common
+// helper macro, due to some peculiarity in how the preprocessor
+// works.  If we do that, the code won't compile when the user gives
+// EXPECT_NONFATAL_FAILURE() a statement that contains a macro that
+// expands to code containing an unprotected comma.  The
+// AcceptsMacroThatExpandsToUnprotectedComma test in gtest_unittest.cc
+// catches that.
+//
+// For the same reason, we have to write
+//   if (::testing::internal::AlwaysTrue()) { statement; }
+// instead of
+//   GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement)
+// to avoid an MSVC warning on unreachable code.
+#define EXPECT_NONFATAL_FAILURE(statement, substr) \
+  do {\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kNonFatalFailure, \
+        (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter:: \
+          INTERCEPT_ONLY_CURRENT_THREAD, &gtest_failures);\
+      if (::testing::internal::AlwaysTrue()) { statement; }\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+#define EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(statement, substr) \
+  do {\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kNonFatalFailure, \
+        (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter::INTERCEPT_ALL_THREADS, \
+          &gtest_failures);\
+      if (::testing::internal::AlwaysTrue()) { statement; }\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_SPI_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-test-part.h b/nss/external_tests/google_test/gtest/include/gtest/gtest-test-part.h
new file mode 100644
index 0000000..77eb844
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-test-part.h
@@ -0,0 +1,179 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_TEST_PART_H_
+#define GTEST_INCLUDE_GTEST_GTEST_TEST_PART_H_
+
+#include <iosfwd>
+#include <vector>
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-string.h"
+
+namespace testing {
+
+// A copyable object representing the result of a test part (i.e. an
+// assertion or an explicit FAIL(), ADD_FAILURE(), or SUCCESS()).
+//
+// Don't inherit from TestPartResult as its destructor is not virtual.
+class GTEST_API_ TestPartResult {
+ public:
+  // The possible outcomes of a test part (i.e. an assertion or an
+  // explicit SUCCEED(), FAIL(), or ADD_FAILURE()).
+  enum Type {
+    kSuccess,          // Succeeded.
+    kNonFatalFailure,  // Failed but the test can continue.
+    kFatalFailure      // Failed and the test should be terminated.
+  };
+
+  // C'tor.  TestPartResult does NOT have a default constructor.
+  // Always use this constructor (with parameters) to create a
+  // TestPartResult object.
+  TestPartResult(Type a_type,
+                 const char* a_file_name,
+                 int a_line_number,
+                 const char* a_message)
+      : type_(a_type),
+        file_name_(a_file_name == NULL ? "" : a_file_name),
+        line_number_(a_line_number),
+        summary_(ExtractSummary(a_message)),
+        message_(a_message) {
+  }
+
+  // Gets the outcome of the test part.
+  Type type() const { return type_; }
+
+  // Gets the name of the source file where the test part took place, or
+  // NULL if it's unknown.
+  const char* file_name() const {
+    return file_name_.empty() ? NULL : file_name_.c_str();
+  }
+
+  // Gets the line in the source file where the test part took place,
+  // or -1 if it's unknown.
+  int line_number() const { return line_number_; }
+
+  // Gets the summary of the failure message.
+  const char* summary() const { return summary_.c_str(); }
+
+  // Gets the message associated with the test part.
+  const char* message() const { return message_.c_str(); }
+
+  // Returns true iff the test part passed.
+  bool passed() const { return type_ == kSuccess; }
+
+  // Returns true iff the test part failed.
+  bool failed() const { return type_ != kSuccess; }
+
+  // Returns true iff the test part non-fatally failed.
+  bool nonfatally_failed() const { return type_ == kNonFatalFailure; }
+
+  // Returns true iff the test part fatally failed.
+  bool fatally_failed() const { return type_ == kFatalFailure; }
+
+ private:
+  Type type_;
+
+  // Gets the summary of the failure message by omitting the stack
+  // trace in it.
+  static std::string ExtractSummary(const char* message);
+
+  // The name of the source file where the test part took place, or
+  // "" if the source file is unknown.
+  std::string file_name_;
+  // The line in the source file where the test part took place, or -1
+  // if the line number is unknown.
+  int line_number_;
+  std::string summary_;  // The test failure summary.
+  std::string message_;  // The test failure message.
+};
+
+// Prints a TestPartResult object.
+std::ostream& operator<<(std::ostream& os, const TestPartResult& result);
+
+// An array of TestPartResult objects.
+//
+// Don't inherit from TestPartResultArray as its destructor is not
+// virtual.
+class GTEST_API_ TestPartResultArray {
+ public:
+  TestPartResultArray() {}
+
+  // Appends the given TestPartResult to the array.
+  void Append(const TestPartResult& result);
+
+  // Returns the TestPartResult at the given index (0-based).
+  const TestPartResult& GetTestPartResult(int index) const;
+
+  // Returns the number of TestPartResult objects in the array.
+  int size() const;
+
+ private:
+  std::vector<TestPartResult> array_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestPartResultArray);
+};
+
+// This interface knows how to report a test part result.
+class TestPartResultReporterInterface {
+ public:
+  virtual ~TestPartResultReporterInterface() {}
+
+  virtual void ReportTestPartResult(const TestPartResult& result) = 0;
+};
+
+namespace internal {
+
+// This helper class is used by {ASSERT|EXPECT}_NO_FATAL_FAILURE to check if a
+// statement generates new fatal failures. To do so it registers itself as the
+// current test part result reporter. Besides checking if fatal failures were
+// reported, it only delegates the reporting to the former result reporter.
+// The original result reporter is restored in the destructor.
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+class GTEST_API_ HasNewFatalFailureHelper
+    : public TestPartResultReporterInterface {
+ public:
+  HasNewFatalFailureHelper();
+  virtual ~HasNewFatalFailureHelper();
+  virtual void ReportTestPartResult(const TestPartResult& result);
+  bool has_new_fatal_failure() const { return has_new_fatal_failure_; }
+ private:
+  bool has_new_fatal_failure_;
+  TestPartResultReporterInterface* original_reporter_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(HasNewFatalFailureHelper);
+};
+
+}  // namespace internal
+
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_TEST_PART_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest-typed-test.h b/nss/external_tests/google_test/gtest/include/gtest/gtest-typed-test.h
new file mode 100644
index 0000000..fe1e83b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest-typed-test.h
@@ -0,0 +1,259 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_TYPED_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_TYPED_TEST_H_
+
+// This header implements typed tests and type-parameterized tests.
+
+// Typed (aka type-driven) tests repeat the same test for types in a
+// list.  You must know which types you want to test with when writing
+// typed tests. Here's how you do it:
+
+#if 0
+
+// First, define a fixture class template.  It should be parameterized
+// by a type.  Remember to derive it from testing::Test.
+template <typename T>
+class FooTest : public testing::Test {
+ public:
+  ...
+  typedef std::list<T> List;
+  static T shared_;
+  T value_;
+};
+
+// Next, associate a list of types with the test case, which will be
+// repeated for each type in the list.  The typedef is necessary for
+// the macro to parse correctly.
+typedef testing::Types<char, int, unsigned int> MyTypes;
+TYPED_TEST_CASE(FooTest, MyTypes);
+
+// If the type list contains only one type, you can write that type
+// directly without Types<...>:
+//   TYPED_TEST_CASE(FooTest, int);
+
+// Then, use TYPED_TEST() instead of TEST_F() to define as many typed
+// tests for this test case as you want.
+TYPED_TEST(FooTest, DoesBlah) {
+  // Inside a test, refer to TypeParam to get the type parameter.
+  // Since we are inside a derived class template, C++ requires use to
+  // visit the members of FooTest via 'this'.
+  TypeParam n = this->value_;
+
+  // To visit static members of the fixture, add the TestFixture::
+  // prefix.
+  n += TestFixture::shared_;
+
+  // To refer to typedefs in the fixture, add the "typename
+  // TestFixture::" prefix.
+  typename TestFixture::List values;
+  values.push_back(n);
+  ...
+}
+
+TYPED_TEST(FooTest, HasPropertyA) { ... }
+
+#endif  // 0
+
+// Type-parameterized tests are abstract test patterns parameterized
+// by a type.  Compared with typed tests, type-parameterized tests
+// allow you to define the test pattern without knowing what the type
+// parameters are.  The defined pattern can be instantiated with
+// different types any number of times, in any number of translation
+// units.
+//
+// If you are designing an interface or concept, you can define a
+// suite of type-parameterized tests to verify properties that any
+// valid implementation of the interface/concept should have.  Then,
+// each implementation can easily instantiate the test suite to verify
+// that it conforms to the requirements, without having to write
+// similar tests repeatedly.  Here's an example:
+
+#if 0
+
+// First, define a fixture class template.  It should be parameterized
+// by a type.  Remember to derive it from testing::Test.
+template <typename T>
+class FooTest : public testing::Test {
+  ...
+};
+
+// Next, declare that you will define a type-parameterized test case
+// (the _P suffix is for "parameterized" or "pattern", whichever you
+// prefer):
+TYPED_TEST_CASE_P(FooTest);
+
+// Then, use TYPED_TEST_P() to define as many type-parameterized tests
+// for this type-parameterized test case as you want.
+TYPED_TEST_P(FooTest, DoesBlah) {
+  // Inside a test, refer to TypeParam to get the type parameter.
+  TypeParam n = 0;
+  ...
+}
+
+TYPED_TEST_P(FooTest, HasPropertyA) { ... }
+
+// Now the tricky part: you need to register all test patterns before
+// you can instantiate them.  The first argument of the macro is the
+// test case name; the rest are the names of the tests in this test
+// case.
+REGISTER_TYPED_TEST_CASE_P(FooTest,
+                           DoesBlah, HasPropertyA);
+
+// Finally, you are free to instantiate the pattern with the types you
+// want.  If you put the above code in a header file, you can #include
+// it in multiple C++ source files and instantiate it multiple times.
+//
+// To distinguish different instances of the pattern, the first
+// argument to the INSTANTIATE_* macro is a prefix that will be added
+// to the actual test case name.  Remember to pick unique prefixes for
+// different instances.
+typedef testing::Types<char, int, unsigned int> MyTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(My, FooTest, MyTypes);
+
+// If the type list contains only one type, you can write that type
+// directly without Types<...>:
+//   INSTANTIATE_TYPED_TEST_CASE_P(My, FooTest, int);
+
+#endif  // 0
+
+#include "gtest/internal/gtest-port.h"
+#include "gtest/internal/gtest-type-util.h"
+
+// Implements typed tests.
+
+#if GTEST_HAS_TYPED_TEST
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Expands to the name of the typedef for the type parameters of the
+// given test case.
+# define GTEST_TYPE_PARAMS_(TestCaseName) gtest_type_params_##TestCaseName##_
+
+// The 'Types' template argument below must have spaces around it
+// since some compilers may choke on '>>' when passing a template
+// instance (e.g. Types<int>)
+# define TYPED_TEST_CASE(CaseName, Types) \
+  typedef ::testing::internal::TypeList< Types >::type \
+      GTEST_TYPE_PARAMS_(CaseName)
+
+# define TYPED_TEST(CaseName, TestName) \
+  template <typename gtest_TypeParam_> \
+  class GTEST_TEST_CLASS_NAME_(CaseName, TestName) \
+      : public CaseName<gtest_TypeParam_> { \
+   private: \
+    typedef CaseName<gtest_TypeParam_> TestFixture; \
+    typedef gtest_TypeParam_ TypeParam; \
+    virtual void TestBody(); \
+  }; \
+  bool gtest_##CaseName##_##TestName##_registered_ GTEST_ATTRIBUTE_UNUSED_ = \
+      ::testing::internal::TypeParameterizedTest< \
+          CaseName, \
+          ::testing::internal::TemplateSel< \
+              GTEST_TEST_CLASS_NAME_(CaseName, TestName)>, \
+          GTEST_TYPE_PARAMS_(CaseName)>::Register(\
+              "", #CaseName, #TestName, 0); \
+  template <typename gtest_TypeParam_> \
+  void GTEST_TEST_CLASS_NAME_(CaseName, TestName)<gtest_TypeParam_>::TestBody()
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// Implements type-parameterized tests.
+
+#if GTEST_HAS_TYPED_TEST_P
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Expands to the namespace name that the type-parameterized tests for
+// the given type-parameterized test case are defined in.  The exact
+// name of the namespace is subject to change without notice.
+# define GTEST_CASE_NAMESPACE_(TestCaseName) \
+  gtest_case_##TestCaseName##_
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Expands to the name of the variable used to remember the names of
+// the defined tests in the given test case.
+# define GTEST_TYPED_TEST_CASE_P_STATE_(TestCaseName) \
+  gtest_typed_test_case_p_state_##TestCaseName##_
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE DIRECTLY.
+//
+// Expands to the name of the variable used to remember the names of
+// the registered tests in the given test case.
+# define GTEST_REGISTERED_TEST_NAMES_(TestCaseName) \
+  gtest_registered_test_names_##TestCaseName##_
+
+// The variables defined in the type-parameterized test macros are
+// static as typically these macros are used in a .h file that can be
+// #included in multiple translation units linked together.
+# define TYPED_TEST_CASE_P(CaseName) \
+  static ::testing::internal::TypedTestCasePState \
+      GTEST_TYPED_TEST_CASE_P_STATE_(CaseName)
+
+# define TYPED_TEST_P(CaseName, TestName) \
+  namespace GTEST_CASE_NAMESPACE_(CaseName) { \
+  template <typename gtest_TypeParam_> \
+  class TestName : public CaseName<gtest_TypeParam_> { \
+   private: \
+    typedef CaseName<gtest_TypeParam_> TestFixture; \
+    typedef gtest_TypeParam_ TypeParam; \
+    virtual void TestBody(); \
+  }; \
+  static bool gtest_##TestName##_defined_ GTEST_ATTRIBUTE_UNUSED_ = \
+      GTEST_TYPED_TEST_CASE_P_STATE_(CaseName).AddTestName(\
+          __FILE__, __LINE__, #CaseName, #TestName); \
+  } \
+  template <typename gtest_TypeParam_> \
+  void GTEST_CASE_NAMESPACE_(CaseName)::TestName<gtest_TypeParam_>::TestBody()
+
+# define REGISTER_TYPED_TEST_CASE_P(CaseName, ...) \
+  namespace GTEST_CASE_NAMESPACE_(CaseName) { \
+  typedef ::testing::internal::Templates<__VA_ARGS__>::type gtest_AllTests_; \
+  } \
+  static const char* const GTEST_REGISTERED_TEST_NAMES_(CaseName) = \
+      GTEST_TYPED_TEST_CASE_P_STATE_(CaseName).VerifyRegisteredTestNames(\
+          __FILE__, __LINE__, #__VA_ARGS__)
+
+// The 'Types' template argument below must have spaces around it
+// since some compilers may choke on '>>' when passing a template
+// instance (e.g. Types<int>)
+# define INSTANTIATE_TYPED_TEST_CASE_P(Prefix, CaseName, Types) \
+  bool gtest_##Prefix##_##CaseName GTEST_ATTRIBUTE_UNUSED_ = \
+      ::testing::internal::TypeParameterizedTestCase<CaseName, \
+          GTEST_CASE_NAMESPACE_(CaseName)::gtest_AllTests_, \
+          ::testing::internal::TypeList< Types >::type>::Register(\
+              #Prefix, #CaseName, GTEST_REGISTERED_TEST_NAMES_(CaseName))
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_TYPED_TEST_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest.h b/nss/external_tests/google_test/gtest/include/gtest/gtest.h
new file mode 100644
index 0000000..38ca3e9
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest.h
@@ -0,0 +1,2307 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines the public API for Google Test.  It should be
+// included by any test program that uses Google Test.
+//
+// IMPORTANT NOTE: Due to limitation of the C++ language, we have to
+// leave some internal implementation details in this header file.
+// They are clearly marked by comments like this:
+//
+//   // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+//
+// Such code is NOT meant to be used by a user directly, and is subject
+// to CHANGE WITHOUT NOTICE.  Therefore DO NOT DEPEND ON IT in a user
+// program!
+//
+// Acknowledgment: Google Test borrowed the idea of automatic test
+// registration from Barthelemy Dagenais' (barthelemy@prologique.com)
+// easyUnit framework.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_H_
+
+#include <limits>
+#include <ostream>
+#include <vector>
+
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-string.h"
+#include "gtest/gtest-death-test.h"
+#include "gtest/gtest-message.h"
+#include "gtest/gtest-param-test.h"
+#include "gtest/gtest-printers.h"
+#include "gtest/gtest_prod.h"
+#include "gtest/gtest-test-part.h"
+#include "gtest/gtest-typed-test.h"
+
+// Depending on the platform, different string classes are available.
+// On Linux, in addition to ::std::string, Google also makes use of
+// class ::string, which has the same interface as ::std::string, but
+// has a different implementation.
+//
+// You can define GTEST_HAS_GLOBAL_STRING to 1 to indicate that
+// ::string is available AND is a distinct type to ::std::string, or
+// define it to 0 to indicate otherwise.
+//
+// If ::std::string and ::string are the same class on your platform
+// due to aliasing, you should define GTEST_HAS_GLOBAL_STRING to 0.
+//
+// If you do not define GTEST_HAS_GLOBAL_STRING, it is defined
+// heuristically.
+
+namespace testing {
+
+// Declares the flags.
+
+// This flag temporary enables the disabled tests.
+GTEST_DECLARE_bool_(also_run_disabled_tests);
+
+// This flag brings the debugger on an assertion failure.
+GTEST_DECLARE_bool_(break_on_failure);
+
+// This flag controls whether Google Test catches all test-thrown exceptions
+// and logs them as failures.
+GTEST_DECLARE_bool_(catch_exceptions);
+
+// This flag enables using colors in terminal output. Available values are
+// "yes" to enable colors, "no" (disable colors), or "auto" (the default)
+// to let Google Test decide.
+GTEST_DECLARE_string_(color);
+
+// This flag sets up the filter to select by name using a glob pattern
+// the tests to run. If the filter is not given all tests are executed.
+GTEST_DECLARE_string_(filter);
+
+// This flag causes the Google Test to list tests. None of the tests listed
+// are actually run if the flag is provided.
+GTEST_DECLARE_bool_(list_tests);
+
+// This flag controls whether Google Test emits a detailed XML report to a file
+// in addition to its normal textual output.
+GTEST_DECLARE_string_(output);
+
+// This flags control whether Google Test prints the elapsed time for each
+// test.
+GTEST_DECLARE_bool_(print_time);
+
+// This flag specifies the random number seed.
+GTEST_DECLARE_int32_(random_seed);
+
+// This flag sets how many times the tests are repeated. The default value
+// is 1. If the value is -1 the tests are repeating forever.
+GTEST_DECLARE_int32_(repeat);
+
+// This flag controls whether Google Test includes Google Test internal
+// stack frames in failure stack traces.
+GTEST_DECLARE_bool_(show_internal_stack_frames);
+
+// When this flag is specified, tests' order is randomized on every iteration.
+GTEST_DECLARE_bool_(shuffle);
+
+// This flag specifies the maximum number of stack frames to be
+// printed in a failure message.
+GTEST_DECLARE_int32_(stack_trace_depth);
+
+// When this flag is specified, a failed assertion will throw an
+// exception if exceptions are enabled, or exit the program with a
+// non-zero code otherwise.
+GTEST_DECLARE_bool_(throw_on_failure);
+
+// When this flag is set with a "host:port" string, on supported
+// platforms test results are streamed to the specified port on
+// the specified host machine.
+GTEST_DECLARE_string_(stream_result_to);
+
+// The upper limit for valid stack trace depths.
+const int kMaxStackTraceDepth = 100;
+
+namespace internal {
+
+class AssertHelper;
+class DefaultGlobalTestPartResultReporter;
+class ExecDeathTest;
+class NoExecDeathTest;
+class FinalSuccessChecker;
+class GTestFlagSaver;
+class StreamingListenerTest;
+class TestResultAccessor;
+class TestEventListenersAccessor;
+class TestEventRepeater;
+class UnitTestRecordPropertyTestHelper;
+class WindowsDeathTest;
+class UnitTestImpl* GetUnitTestImpl();
+void ReportFailureInUnknownLocation(TestPartResult::Type result_type,
+                                    const std::string& message);
+
+}  // namespace internal
+
+// The friend relationship of some of these classes is cyclic.
+// If we don't forward declare them the compiler might confuse the classes
+// in friendship clauses with same named classes on the scope.
+class Test;
+class TestCase;
+class TestInfo;
+class UnitTest;
+
+// A class for indicating whether an assertion was successful.  When
+// the assertion wasn't successful, the AssertionResult object
+// remembers a non-empty message that describes how it failed.
+//
+// To create an instance of this class, use one of the factory functions
+// (AssertionSuccess() and AssertionFailure()).
+//
+// This class is useful for two purposes:
+//   1. Defining predicate functions to be used with Boolean test assertions
+//      EXPECT_TRUE/EXPECT_FALSE and their ASSERT_ counterparts
+//   2. Defining predicate-format functions to be
+//      used with predicate assertions (ASSERT_PRED_FORMAT*, etc).
+//
+// For example, if you define IsEven predicate:
+//
+//   testing::AssertionResult IsEven(int n) {
+//     if ((n % 2) == 0)
+//       return testing::AssertionSuccess();
+//     else
+//       return testing::AssertionFailure() << n << " is odd";
+//   }
+//
+// Then the failed expectation EXPECT_TRUE(IsEven(Fib(5)))
+// will print the message
+//
+//   Value of: IsEven(Fib(5))
+//     Actual: false (5 is odd)
+//   Expected: true
+//
+// instead of a more opaque
+//
+//   Value of: IsEven(Fib(5))
+//     Actual: false
+//   Expected: true
+//
+// in case IsEven is a simple Boolean predicate.
+//
+// If you expect your predicate to be reused and want to support informative
+// messages in EXPECT_FALSE and ASSERT_FALSE (negative assertions show up
+// about half as often as positive ones in our tests), supply messages for
+// both success and failure cases:
+//
+//   testing::AssertionResult IsEven(int n) {
+//     if ((n % 2) == 0)
+//       return testing::AssertionSuccess() << n << " is even";
+//     else
+//       return testing::AssertionFailure() << n << " is odd";
+//   }
+//
+// Then a statement EXPECT_FALSE(IsEven(Fib(6))) will print
+//
+//   Value of: IsEven(Fib(6))
+//     Actual: true (8 is even)
+//   Expected: false
+//
+// NB: Predicates that support negative Boolean assertions have reduced
+// performance in positive ones so be careful not to use them in tests
+// that have lots (tens of thousands) of positive Boolean assertions.
+//
+// To use this class with EXPECT_PRED_FORMAT assertions such as:
+//
+//   // Verifies that Foo() returns an even number.
+//   EXPECT_PRED_FORMAT1(IsEven, Foo());
+//
+// you need to define:
+//
+//   testing::AssertionResult IsEven(const char* expr, int n) {
+//     if ((n % 2) == 0)
+//       return testing::AssertionSuccess();
+//     else
+//       return testing::AssertionFailure()
+//         << "Expected: " << expr << " is even\n  Actual: it's " << n;
+//   }
+//
+// If Foo() returns 5, you will see the following message:
+//
+//   Expected: Foo() is even
+//     Actual: it's 5
+//
+class GTEST_API_ AssertionResult {
+ public:
+  // Copy constructor.
+  // Used in EXPECT_TRUE/FALSE(assertion_result).
+  AssertionResult(const AssertionResult& other);
+
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4800 /* forcing value to bool */)
+
+  // Used in the EXPECT_TRUE/FALSE(bool_expression).
+  //
+  // T must be contextually convertible to bool.
+  //
+  // The second parameter prevents this overload from being considered if
+  // the argument is implicitly convertible to AssertionResult. In that case
+  // we want AssertionResult's copy constructor to be used.
+  template <typename T>
+  explicit AssertionResult(
+      const T& success,
+      typename internal::EnableIf<
+          !internal::ImplicitlyConvertible<T, AssertionResult>::value>::type*
+          /*enabler*/ = NULL)
+      : success_(success) {}
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+  // Assignment operator.
+  AssertionResult& operator=(AssertionResult other) {
+    swap(other);
+    return *this;
+  }
+
+  // Returns true iff the assertion succeeded.
+  operator bool() const { return success_; }  // NOLINT
+
+  // Returns the assertion's negation. Used with EXPECT/ASSERT_FALSE.
+  AssertionResult operator!() const;
+
+  // Returns the text streamed into this AssertionResult. Test assertions
+  // use it when they fail (i.e., the predicate's outcome doesn't match the
+  // assertion's expectation). When nothing has been streamed into the
+  // object, returns an empty string.
+  const char* message() const {
+    return message_.get() != NULL ?  message_->c_str() : "";
+  }
+  // TODO(vladl@google.com): Remove this after making sure no clients use it.
+  // Deprecated; please use message() instead.
+  const char* failure_message() const { return message(); }
+
+  // Streams a custom failure message into this object.
+  template <typename T> AssertionResult& operator<<(const T& value) {
+    AppendMessage(Message() << value);
+    return *this;
+  }
+
+  // Allows streaming basic output manipulators such as endl or flush into
+  // this object.
+  AssertionResult& operator<<(
+      ::std::ostream& (*basic_manipulator)(::std::ostream& stream)) {
+    AppendMessage(Message() << basic_manipulator);
+    return *this;
+  }
+
+ private:
+  // Appends the contents of message to message_.
+  void AppendMessage(const Message& a_message) {
+    if (message_.get() == NULL)
+      message_.reset(new ::std::string);
+    message_->append(a_message.GetString().c_str());
+  }
+
+  // Swap the contents of this AssertionResult with other.
+  void swap(AssertionResult& other);
+
+  // Stores result of the assertion predicate.
+  bool success_;
+  // Stores the message describing the condition in case the expectation
+  // construct is not satisfied with the predicate's outcome.
+  // Referenced via a pointer to avoid taking too much stack frame space
+  // with test assertions.
+  internal::scoped_ptr< ::std::string> message_;
+};
+
+// Makes a successful assertion result.
+GTEST_API_ AssertionResult AssertionSuccess();
+
+// Makes a failed assertion result.
+GTEST_API_ AssertionResult AssertionFailure();
+
+// Makes a failed assertion result with the given failure message.
+// Deprecated; use AssertionFailure() << msg.
+GTEST_API_ AssertionResult AssertionFailure(const Message& msg);
+
+// The abstract class that all tests inherit from.
+//
+// In Google Test, a unit test program contains one or many TestCases, and
+// each TestCase contains one or many Tests.
+//
+// When you define a test using the TEST macro, you don't need to
+// explicitly derive from Test - the TEST macro automatically does
+// this for you.
+//
+// The only time you derive from Test is when defining a test fixture
+// to be used a TEST_F.  For example:
+//
+//   class FooTest : public testing::Test {
+//    protected:
+//     virtual void SetUp() { ... }
+//     virtual void TearDown() { ... }
+//     ...
+//   };
+//
+//   TEST_F(FooTest, Bar) { ... }
+//   TEST_F(FooTest, Baz) { ... }
+//
+// Test is not copyable.
+class GTEST_API_ Test {
+ public:
+  friend class TestInfo;
+
+  // Defines types for pointers to functions that set up and tear down
+  // a test case.
+  typedef internal::SetUpTestCaseFunc SetUpTestCaseFunc;
+  typedef internal::TearDownTestCaseFunc TearDownTestCaseFunc;
+
+  // The d'tor is virtual as we intend to inherit from Test.
+  virtual ~Test();
+
+  // Sets up the stuff shared by all tests in this test case.
+  //
+  // Google Test will call Foo::SetUpTestCase() before running the first
+  // test in test case Foo.  Hence a sub-class can define its own
+  // SetUpTestCase() method to shadow the one defined in the super
+  // class.
+  static void SetUpTestCase() {}
+
+  // Tears down the stuff shared by all tests in this test case.
+  //
+  // Google Test will call Foo::TearDownTestCase() after running the last
+  // test in test case Foo.  Hence a sub-class can define its own
+  // TearDownTestCase() method to shadow the one defined in the super
+  // class.
+  static void TearDownTestCase() {}
+
+  // Returns true iff the current test has a fatal failure.
+  static bool HasFatalFailure();
+
+  // Returns true iff the current test has a non-fatal failure.
+  static bool HasNonfatalFailure();
+
+  // Returns true iff the current test has a (either fatal or
+  // non-fatal) failure.
+  static bool HasFailure() { return HasFatalFailure() || HasNonfatalFailure(); }
+
+  // Logs a property for the current test, test case, or for the entire
+  // invocation of the test program when used outside of the context of a
+  // test case.  Only the last value for a given key is remembered.  These
+  // are public static so they can be called from utility functions that are
+  // not members of the test fixture.  Calls to RecordProperty made during
+  // lifespan of the test (from the moment its constructor starts to the
+  // moment its destructor finishes) will be output in XML as attributes of
+  // the <testcase> element.  Properties recorded from fixture's
+  // SetUpTestCase or TearDownTestCase are logged as attributes of the
+  // corresponding <testsuite> element.  Calls to RecordProperty made in the
+  // global context (before or after invocation of RUN_ALL_TESTS and from
+  // SetUp/TearDown method of Environment objects registered with Google
+  // Test) will be output as attributes of the <testsuites> element.
+  static void RecordProperty(const std::string& key, const std::string& value);
+  static void RecordProperty(const std::string& key, int value);
+
+ protected:
+  // Creates a Test object.
+  Test();
+
+  // Sets up the test fixture.
+  virtual void SetUp();
+
+  // Tears down the test fixture.
+  virtual void TearDown();
+
+ private:
+  // Returns true iff the current test has the same fixture class as
+  // the first test in the current test case.
+  static bool HasSameFixtureClass();
+
+  // Runs the test after the test fixture has been set up.
+  //
+  // A sub-class must implement this to define the test logic.
+  //
+  // DO NOT OVERRIDE THIS FUNCTION DIRECTLY IN A USER PROGRAM.
+  // Instead, use the TEST or TEST_F macro.
+  virtual void TestBody() = 0;
+
+  // Sets up, executes, and tears down the test.
+  void Run();
+
+  // Deletes self.  We deliberately pick an unusual name for this
+  // internal method to avoid clashing with names used in user TESTs.
+  void DeleteSelf_() { delete this; }
+
+  // Uses a GTestFlagSaver to save and restore all Google Test flags.
+  const internal::GTestFlagSaver* const gtest_flag_saver_;
+
+  // Often a user misspells SetUp() as Setup() and spends a long time
+  // wondering why it is never called by Google Test.  The declaration of
+  // the following method is solely for catching such an error at
+  // compile time:
+  //
+  //   - The return type is deliberately chosen to be not void, so it
+  //   will be a conflict if void Setup() is declared in the user's
+  //   test fixture.
+  //
+  //   - This method is private, so it will be another compiler error
+  //   if the method is called from the user's test fixture.
+  //
+  // DO NOT OVERRIDE THIS FUNCTION.
+  //
+  // If you see an error about overriding the following function or
+  // about it being private, you have mis-spelled SetUp() as Setup().
+  struct Setup_should_be_spelled_SetUp {};
+  virtual Setup_should_be_spelled_SetUp* Setup() { return NULL; }
+
+  // We disallow copying Tests.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Test);
+};
+
+typedef internal::TimeInMillis TimeInMillis;
+
+// A copyable object representing a user specified test property which can be
+// output as a key/value string pair.
+//
+// Don't inherit from TestProperty as its destructor is not virtual.
+class TestProperty {
+ public:
+  // C'tor.  TestProperty does NOT have a default constructor.
+  // Always use this constructor (with parameters) to create a
+  // TestProperty object.
+  TestProperty(const std::string& a_key, const std::string& a_value) :
+    key_(a_key), value_(a_value) {
+  }
+
+  // Gets the user supplied key.
+  const char* key() const {
+    return key_.c_str();
+  }
+
+  // Gets the user supplied value.
+  const char* value() const {
+    return value_.c_str();
+  }
+
+  // Sets a new value, overriding the one supplied in the constructor.
+  void SetValue(const std::string& new_value) {
+    value_ = new_value;
+  }
+
+ private:
+  // The key supplied by the user.
+  std::string key_;
+  // The value supplied by the user.
+  std::string value_;
+};
+
+// The result of a single Test.  This includes a list of
+// TestPartResults, a list of TestProperties, a count of how many
+// death tests there are in the Test, and how much time it took to run
+// the Test.
+//
+// TestResult is not copyable.
+class GTEST_API_ TestResult {
+ public:
+  // Creates an empty TestResult.
+  TestResult();
+
+  // D'tor.  Do not inherit from TestResult.
+  ~TestResult();
+
+  // Gets the number of all test parts.  This is the sum of the number
+  // of successful test parts and the number of failed test parts.
+  int total_part_count() const;
+
+  // Returns the number of the test properties.
+  int test_property_count() const;
+
+  // Returns true iff the test passed (i.e. no test part failed).
+  bool Passed() const { return !Failed(); }
+
+  // Returns true iff the test failed.
+  bool Failed() const;
+
+  // Returns true iff the test fatally failed.
+  bool HasFatalFailure() const;
+
+  // Returns true iff the test has a non-fatal failure.
+  bool HasNonfatalFailure() const;
+
+  // Returns the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const { return elapsed_time_; }
+
+  // Returns the i-th test part result among all the results. i can range
+  // from 0 to test_property_count() - 1. If i is not in that range, aborts
+  // the program.
+  const TestPartResult& GetTestPartResult(int i) const;
+
+  // Returns the i-th test property. i can range from 0 to
+  // test_property_count() - 1. If i is not in that range, aborts the
+  // program.
+  const TestProperty& GetTestProperty(int i) const;
+
+ private:
+  friend class TestInfo;
+  friend class TestCase;
+  friend class UnitTest;
+  friend class internal::DefaultGlobalTestPartResultReporter;
+  friend class internal::ExecDeathTest;
+  friend class internal::TestResultAccessor;
+  friend class internal::UnitTestImpl;
+  friend class internal::WindowsDeathTest;
+
+  // Gets the vector of TestPartResults.
+  const std::vector<TestPartResult>& test_part_results() const {
+    return test_part_results_;
+  }
+
+  // Gets the vector of TestProperties.
+  const std::vector<TestProperty>& test_properties() const {
+    return test_properties_;
+  }
+
+  // Sets the elapsed time.
+  void set_elapsed_time(TimeInMillis elapsed) { elapsed_time_ = elapsed; }
+
+  // Adds a test property to the list. The property is validated and may add
+  // a non-fatal failure if invalid (e.g., if it conflicts with reserved
+  // key names). If a property is already recorded for the same key, the
+  // value will be updated, rather than storing multiple values for the same
+  // key.  xml_element specifies the element for which the property is being
+  // recorded and is used for validation.
+  void RecordProperty(const std::string& xml_element,
+                      const TestProperty& test_property);
+
+  // Adds a failure if the key is a reserved attribute of Google Test
+  // testcase tags.  Returns true if the property is valid.
+  // TODO(russr): Validate attribute names are legal and human readable.
+  static bool ValidateTestProperty(const std::string& xml_element,
+                                   const TestProperty& test_property);
+
+  // Adds a test part result to the list.
+  void AddTestPartResult(const TestPartResult& test_part_result);
+
+  // Returns the death test count.
+  int death_test_count() const { return death_test_count_; }
+
+  // Increments the death test count, returning the new count.
+  int increment_death_test_count() { return ++death_test_count_; }
+
+  // Clears the test part results.
+  void ClearTestPartResults();
+
+  // Clears the object.
+  void Clear();
+
+  // Protects mutable state of the property vector and of owned
+  // properties, whose values may be updated.
+  internal::Mutex test_properites_mutex_;
+
+  // The vector of TestPartResults
+  std::vector<TestPartResult> test_part_results_;
+  // The vector of TestProperties
+  std::vector<TestProperty> test_properties_;
+  // Running count of death tests.
+  int death_test_count_;
+  // The elapsed time, in milliseconds.
+  TimeInMillis elapsed_time_;
+
+  // We disallow copying TestResult.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestResult);
+};  // class TestResult
+
+// A TestInfo object stores the following information about a test:
+//
+//   Test case name
+//   Test name
+//   Whether the test should be run
+//   A function pointer that creates the test object when invoked
+//   Test result
+//
+// The constructor of TestInfo registers itself with the UnitTest
+// singleton such that the RUN_ALL_TESTS() macro knows which tests to
+// run.
+class GTEST_API_ TestInfo {
+ public:
+  // Destructs a TestInfo object.  This function is not virtual, so
+  // don't inherit from TestInfo.
+  ~TestInfo();
+
+  // Returns the test case name.
+  const char* test_case_name() const { return test_case_name_.c_str(); }
+
+  // Returns the test name.
+  const char* name() const { return name_.c_str(); }
+
+  // Returns the name of the parameter type, or NULL if this is not a typed
+  // or a type-parameterized test.
+  const char* type_param() const {
+    if (type_param_.get() != NULL)
+      return type_param_->c_str();
+    return NULL;
+  }
+
+  // Returns the text representation of the value parameter, or NULL if this
+  // is not a value-parameterized test.
+  const char* value_param() const {
+    if (value_param_.get() != NULL)
+      return value_param_->c_str();
+    return NULL;
+  }
+
+  // Returns true if this test should run, that is if the test is not
+  // disabled (or it is disabled but the also_run_disabled_tests flag has
+  // been specified) and its full name matches the user-specified filter.
+  //
+  // Google Test allows the user to filter the tests by their full names.
+  // The full name of a test Bar in test case Foo is defined as
+  // "Foo.Bar".  Only the tests that match the filter will run.
+  //
+  // A filter is a colon-separated list of glob (not regex) patterns,
+  // optionally followed by a '-' and a colon-separated list of
+  // negative patterns (tests to exclude).  A test is run if it
+  // matches one of the positive patterns and does not match any of
+  // the negative patterns.
+  //
+  // For example, *A*:Foo.* is a filter that matches any string that
+  // contains the character 'A' or starts with "Foo.".
+  bool should_run() const { return should_run_; }
+
+  // Returns true iff this test will appear in the XML report.
+  bool is_reportable() const {
+    // For now, the XML report includes all tests matching the filter.
+    // In the future, we may trim tests that are excluded because of
+    // sharding.
+    return matches_filter_;
+  }
+
+  // Returns the result of the test.
+  const TestResult* result() const { return &result_; }
+
+ private:
+#if GTEST_HAS_DEATH_TEST
+  friend class internal::DefaultDeathTestFactory;
+#endif  // GTEST_HAS_DEATH_TEST
+  friend class Test;
+  friend class TestCase;
+  friend class internal::UnitTestImpl;
+  friend class internal::StreamingListenerTest;
+  friend TestInfo* internal::MakeAndRegisterTestInfo(
+      const char* test_case_name,
+      const char* name,
+      const char* type_param,
+      const char* value_param,
+      internal::TypeId fixture_class_id,
+      Test::SetUpTestCaseFunc set_up_tc,
+      Test::TearDownTestCaseFunc tear_down_tc,
+      internal::TestFactoryBase* factory);
+
+  // Constructs a TestInfo object. The newly constructed instance assumes
+  // ownership of the factory object.
+  TestInfo(const std::string& test_case_name,
+           const std::string& name,
+           const char* a_type_param,   // NULL if not a type-parameterized test
+           const char* a_value_param,  // NULL if not a value-parameterized test
+           internal::TypeId fixture_class_id,
+           internal::TestFactoryBase* factory);
+
+  // Increments the number of death tests encountered in this test so
+  // far.
+  int increment_death_test_count() {
+    return result_.increment_death_test_count();
+  }
+
+  // Creates the test object, runs it, records its result, and then
+  // deletes it.
+  void Run();
+
+  static void ClearTestResult(TestInfo* test_info) {
+    test_info->result_.Clear();
+  }
+
+  // These fields are immutable properties of the test.
+  const std::string test_case_name_;     // Test case name
+  const std::string name_;               // Test name
+  // Name of the parameter type, or NULL if this is not a typed or a
+  // type-parameterized test.
+  const internal::scoped_ptr<const ::std::string> type_param_;
+  // Text representation of the value parameter, or NULL if this is not a
+  // value-parameterized test.
+  const internal::scoped_ptr<const ::std::string> value_param_;
+  const internal::TypeId fixture_class_id_;   // ID of the test fixture class
+  bool should_run_;                 // True iff this test should run
+  bool is_disabled_;                // True iff this test is disabled
+  bool matches_filter_;             // True if this test matches the
+                                    // user-specified filter.
+  internal::TestFactoryBase* const factory_;  // The factory that creates
+                                              // the test object
+
+  // This field is mutable and needs to be reset before running the
+  // test for the second time.
+  TestResult result_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestInfo);
+};
+
+// A test case, which consists of a vector of TestInfos.
+//
+// TestCase is not copyable.
+class GTEST_API_ TestCase {
+ public:
+  // Creates a TestCase with the given name.
+  //
+  // TestCase does NOT have a default constructor.  Always use this
+  // constructor to create a TestCase object.
+  //
+  // Arguments:
+  //
+  //   name:         name of the test case
+  //   a_type_param: the name of the test's type parameter, or NULL if
+  //                 this is not a type-parameterized test.
+  //   set_up_tc:    pointer to the function that sets up the test case
+  //   tear_down_tc: pointer to the function that tears down the test case
+  TestCase(const char* name, const char* a_type_param,
+           Test::SetUpTestCaseFunc set_up_tc,
+           Test::TearDownTestCaseFunc tear_down_tc);
+
+  // Destructor of TestCase.
+  virtual ~TestCase();
+
+  // Gets the name of the TestCase.
+  const char* name() const { return name_.c_str(); }
+
+  // Returns the name of the parameter type, or NULL if this is not a
+  // type-parameterized test case.
+  const char* type_param() const {
+    if (type_param_.get() != NULL)
+      return type_param_->c_str();
+    return NULL;
+  }
+
+  // Returns true if any test in this test case should run.
+  bool should_run() const { return should_run_; }
+
+  // Gets the number of successful tests in this test case.
+  int successful_test_count() const;
+
+  // Gets the number of failed tests in this test case.
+  int failed_test_count() const;
+
+  // Gets the number of disabled tests that will be reported in the XML report.
+  int reportable_disabled_test_count() const;
+
+  // Gets the number of disabled tests in this test case.
+  int disabled_test_count() const;
+
+  // Gets the number of tests to be printed in the XML report.
+  int reportable_test_count() const;
+
+  // Get the number of tests in this test case that should run.
+  int test_to_run_count() const;
+
+  // Gets the number of all tests in this test case.
+  int total_test_count() const;
+
+  // Returns true iff the test case passed.
+  bool Passed() const { return !Failed(); }
+
+  // Returns true iff the test case failed.
+  bool Failed() const { return failed_test_count() > 0; }
+
+  // Returns the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const { return elapsed_time_; }
+
+  // Returns the i-th test among all the tests. i can range from 0 to
+  // total_test_count() - 1. If i is not in that range, returns NULL.
+  const TestInfo* GetTestInfo(int i) const;
+
+  // Returns the TestResult that holds test properties recorded during
+  // execution of SetUpTestCase and TearDownTestCase.
+  const TestResult& ad_hoc_test_result() const { return ad_hoc_test_result_; }
+
+ private:
+  friend class Test;
+  friend class internal::UnitTestImpl;
+
+  // Gets the (mutable) vector of TestInfos in this TestCase.
+  std::vector<TestInfo*>& test_info_list() { return test_info_list_; }
+
+  // Gets the (immutable) vector of TestInfos in this TestCase.
+  const std::vector<TestInfo*>& test_info_list() const {
+    return test_info_list_;
+  }
+
+  // Returns the i-th test among all the tests. i can range from 0 to
+  // total_test_count() - 1. If i is not in that range, returns NULL.
+  TestInfo* GetMutableTestInfo(int i);
+
+  // Sets the should_run member.
+  void set_should_run(bool should) { should_run_ = should; }
+
+  // Adds a TestInfo to this test case.  Will delete the TestInfo upon
+  // destruction of the TestCase object.
+  void AddTestInfo(TestInfo * test_info);
+
+  // Clears the results of all tests in this test case.
+  void ClearResult();
+
+  // Clears the results of all tests in the given test case.
+  static void ClearTestCaseResult(TestCase* test_case) {
+    test_case->ClearResult();
+  }
+
+  // Runs every test in this TestCase.
+  void Run();
+
+  // Runs SetUpTestCase() for this TestCase.  This wrapper is needed
+  // for catching exceptions thrown from SetUpTestCase().
+  void RunSetUpTestCase() { (*set_up_tc_)(); }
+
+  // Runs TearDownTestCase() for this TestCase.  This wrapper is
+  // needed for catching exceptions thrown from TearDownTestCase().
+  void RunTearDownTestCase() { (*tear_down_tc_)(); }
+
+  // Returns true iff test passed.
+  static bool TestPassed(const TestInfo* test_info) {
+    return test_info->should_run() && test_info->result()->Passed();
+  }
+
+  // Returns true iff test failed.
+  static bool TestFailed(const TestInfo* test_info) {
+    return test_info->should_run() && test_info->result()->Failed();
+  }
+
+  // Returns true iff the test is disabled and will be reported in the XML
+  // report.
+  static bool TestReportableDisabled(const TestInfo* test_info) {
+    return test_info->is_reportable() && test_info->is_disabled_;
+  }
+
+  // Returns true iff test is disabled.
+  static bool TestDisabled(const TestInfo* test_info) {
+    return test_info->is_disabled_;
+  }
+
+  // Returns true iff this test will appear in the XML report.
+  static bool TestReportable(const TestInfo* test_info) {
+    return test_info->is_reportable();
+  }
+
+  // Returns true if the given test should run.
+  static bool ShouldRunTest(const TestInfo* test_info) {
+    return test_info->should_run();
+  }
+
+  // Shuffles the tests in this test case.
+  void ShuffleTests(internal::Random* random);
+
+  // Restores the test order to before the first shuffle.
+  void UnshuffleTests();
+
+  // Name of the test case.
+  std::string name_;
+  // Name of the parameter type, or NULL if this is not a typed or a
+  // type-parameterized test.
+  const internal::scoped_ptr<const ::std::string> type_param_;
+  // The vector of TestInfos in their original order.  It owns the
+  // elements in the vector.
+  std::vector<TestInfo*> test_info_list_;
+  // Provides a level of indirection for the test list to allow easy
+  // shuffling and restoring the test order.  The i-th element in this
+  // vector is the index of the i-th test in the shuffled test list.
+  std::vector<int> test_indices_;
+  // Pointer to the function that sets up the test case.
+  Test::SetUpTestCaseFunc set_up_tc_;
+  // Pointer to the function that tears down the test case.
+  Test::TearDownTestCaseFunc tear_down_tc_;
+  // True iff any test in this test case should run.
+  bool should_run_;
+  // Elapsed time, in milliseconds.
+  TimeInMillis elapsed_time_;
+  // Holds test properties recorded during execution of SetUpTestCase and
+  // TearDownTestCase.
+  TestResult ad_hoc_test_result_;
+
+  // We disallow copying TestCases.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestCase);
+};
+
+// An Environment object is capable of setting up and tearing down an
+// environment.  You should subclass this to define your own
+// environment(s).
+//
+// An Environment object does the set-up and tear-down in virtual
+// methods SetUp() and TearDown() instead of the constructor and the
+// destructor, as:
+//
+//   1. You cannot safely throw from a destructor.  This is a problem
+//      as in some cases Google Test is used where exceptions are enabled, and
+//      we may want to implement ASSERT_* using exceptions where they are
+//      available.
+//   2. You cannot use ASSERT_* directly in a constructor or
+//      destructor.
+class Environment {
+ public:
+  // The d'tor is virtual as we need to subclass Environment.
+  virtual ~Environment() {}
+
+  // Override this to define how to set up the environment.
+  virtual void SetUp() {}
+
+  // Override this to define how to tear down the environment.
+  virtual void TearDown() {}
+ private:
+  // If you see an error about overriding the following function or
+  // about it being private, you have mis-spelled SetUp() as Setup().
+  struct Setup_should_be_spelled_SetUp {};
+  virtual Setup_should_be_spelled_SetUp* Setup() { return NULL; }
+};
+
+// The interface for tracing execution of tests. The methods are organized in
+// the order the corresponding events are fired.
+class TestEventListener {
+ public:
+  virtual ~TestEventListener() {}
+
+  // Fired before any test activity starts.
+  virtual void OnTestProgramStart(const UnitTest& unit_test) = 0;
+
+  // Fired before each iteration of tests starts.  There may be more than
+  // one iteration if GTEST_FLAG(repeat) is set. iteration is the iteration
+  // index, starting from 0.
+  virtual void OnTestIterationStart(const UnitTest& unit_test,
+                                    int iteration) = 0;
+
+  // Fired before environment set-up for each iteration of tests starts.
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& unit_test) = 0;
+
+  // Fired after environment set-up for each iteration of tests ends.
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& unit_test) = 0;
+
+  // Fired before the test case starts.
+  virtual void OnTestCaseStart(const TestCase& test_case) = 0;
+
+  // Fired before the test starts.
+  virtual void OnTestStart(const TestInfo& test_info) = 0;
+
+  // Fired after a failed assertion or a SUCCEED() invocation.
+  virtual void OnTestPartResult(const TestPartResult& test_part_result) = 0;
+
+  // Fired after the test ends.
+  virtual void OnTestEnd(const TestInfo& test_info) = 0;
+
+  // Fired after the test case ends.
+  virtual void OnTestCaseEnd(const TestCase& test_case) = 0;
+
+  // Fired before environment tear-down for each iteration of tests starts.
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& unit_test) = 0;
+
+  // Fired after environment tear-down for each iteration of tests ends.
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& unit_test) = 0;
+
+  // Fired after each iteration of tests finishes.
+  virtual void OnTestIterationEnd(const UnitTest& unit_test,
+                                  int iteration) = 0;
+
+  // Fired after all test activities have ended.
+  virtual void OnTestProgramEnd(const UnitTest& unit_test) = 0;
+};
+
+// The convenience class for users who need to override just one or two
+// methods and are not concerned that a possible change to a signature of
+// the methods they override will not be caught during the build.  For
+// comments about each method please see the definition of TestEventListener
+// above.
+class EmptyTestEventListener : public TestEventListener {
+ public:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationStart(const UnitTest& /*unit_test*/,
+                                    int /*iteration*/) {}
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestCaseStart(const TestCase& /*test_case*/) {}
+  virtual void OnTestStart(const TestInfo& /*test_info*/) {}
+  virtual void OnTestPartResult(const TestPartResult& /*test_part_result*/) {}
+  virtual void OnTestEnd(const TestInfo& /*test_info*/) {}
+  virtual void OnTestCaseEnd(const TestCase& /*test_case*/) {}
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationEnd(const UnitTest& /*unit_test*/,
+                                  int /*iteration*/) {}
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {}
+};
+
+// TestEventListeners lets users add listeners to track events in Google Test.
+class GTEST_API_ TestEventListeners {
+ public:
+  TestEventListeners();
+  ~TestEventListeners();
+
+  // Appends an event listener to the end of the list. Google Test assumes
+  // the ownership of the listener (i.e. it will delete the listener when
+  // the test program finishes).
+  void Append(TestEventListener* listener);
+
+  // Removes the given event listener from the list and returns it.  It then
+  // becomes the caller's responsibility to delete the listener. Returns
+  // NULL if the listener is not found in the list.
+  TestEventListener* Release(TestEventListener* listener);
+
+  // Returns the standard listener responsible for the default console
+  // output.  Can be removed from the listeners list to shut down default
+  // console output.  Note that removing this object from the listener list
+  // with Release transfers its ownership to the caller and makes this
+  // function return NULL the next time.
+  TestEventListener* default_result_printer() const {
+    return default_result_printer_;
+  }
+
+  // Returns the standard listener responsible for the default XML output
+  // controlled by the --gtest_output=xml flag.  Can be removed from the
+  // listeners list by users who want to shut down the default XML output
+  // controlled by this flag and substitute it with custom one.  Note that
+  // removing this object from the listener list with Release transfers its
+  // ownership to the caller and makes this function return NULL the next
+  // time.
+  TestEventListener* default_xml_generator() const {
+    return default_xml_generator_;
+  }
+
+ private:
+  friend class TestCase;
+  friend class TestInfo;
+  friend class internal::DefaultGlobalTestPartResultReporter;
+  friend class internal::NoExecDeathTest;
+  friend class internal::TestEventListenersAccessor;
+  friend class internal::UnitTestImpl;
+
+  // Returns repeater that broadcasts the TestEventListener events to all
+  // subscribers.
+  TestEventListener* repeater();
+
+  // Sets the default_result_printer attribute to the provided listener.
+  // The listener is also added to the listener list and previous
+  // default_result_printer is removed from it and deleted. The listener can
+  // also be NULL in which case it will not be added to the list. Does
+  // nothing if the previous and the current listener objects are the same.
+  void SetDefaultResultPrinter(TestEventListener* listener);
+
+  // Sets the default_xml_generator attribute to the provided listener.  The
+  // listener is also added to the listener list and previous
+  // default_xml_generator is removed from it and deleted. The listener can
+  // also be NULL in which case it will not be added to the list. Does
+  // nothing if the previous and the current listener objects are the same.
+  void SetDefaultXmlGenerator(TestEventListener* listener);
+
+  // Controls whether events will be forwarded by the repeater to the
+  // listeners in the list.
+  bool EventForwardingEnabled() const;
+  void SuppressEventForwarding();
+
+  // The actual list of listeners.
+  internal::TestEventRepeater* repeater_;
+  // Listener responsible for the standard result output.
+  TestEventListener* default_result_printer_;
+  // Listener responsible for the creation of the XML output file.
+  TestEventListener* default_xml_generator_;
+
+  // We disallow copying TestEventListeners.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestEventListeners);
+};
+
+// A UnitTest consists of a vector of TestCases.
+//
+// This is a singleton class.  The only instance of UnitTest is
+// created when UnitTest::GetInstance() is first called.  This
+// instance is never deleted.
+//
+// UnitTest is not copyable.
+//
+// This class is thread-safe as long as the methods are called
+// according to their specification.
+class GTEST_API_ UnitTest {
+ public:
+  // Gets the singleton UnitTest object.  The first time this method
+  // is called, a UnitTest object is constructed and returned.
+  // Consecutive calls will return the same object.
+  static UnitTest* GetInstance();
+
+  // Runs all tests in this UnitTest object and prints the result.
+  // Returns 0 if successful, or 1 otherwise.
+  //
+  // This method can only be called from the main thread.
+  //
+  // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+  int Run() GTEST_MUST_USE_RESULT_;
+
+  // Returns the working directory when the first TEST() or TEST_F()
+  // was executed.  The UnitTest object owns the string.
+  const char* original_working_dir() const;
+
+  // Returns the TestCase object for the test that's currently running,
+  // or NULL if no test is running.
+  const TestCase* current_test_case() const
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Returns the TestInfo object for the test that's currently running,
+  // or NULL if no test is running.
+  const TestInfo* current_test_info() const
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Returns the random seed used at the start of the current test run.
+  int random_seed() const;
+
+#if GTEST_HAS_PARAM_TEST
+  // Returns the ParameterizedTestCaseRegistry object used to keep track of
+  // value-parameterized tests and instantiate and register them.
+  //
+  // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+  internal::ParameterizedTestCaseRegistry& parameterized_test_registry()
+      GTEST_LOCK_EXCLUDED_(mutex_);
+#endif  // GTEST_HAS_PARAM_TEST
+
+  // Gets the number of successful test cases.
+  int successful_test_case_count() const;
+
+  // Gets the number of failed test cases.
+  int failed_test_case_count() const;
+
+  // Gets the number of all test cases.
+  int total_test_case_count() const;
+
+  // Gets the number of all test cases that contain at least one test
+  // that should run.
+  int test_case_to_run_count() const;
+
+  // Gets the number of successful tests.
+  int successful_test_count() const;
+
+  // Gets the number of failed tests.
+  int failed_test_count() const;
+
+  // Gets the number of disabled tests that will be reported in the XML report.
+  int reportable_disabled_test_count() const;
+
+  // Gets the number of disabled tests.
+  int disabled_test_count() const;
+
+  // Gets the number of tests to be printed in the XML report.
+  int reportable_test_count() const;
+
+  // Gets the number of all tests.
+  int total_test_count() const;
+
+  // Gets the number of tests that should run.
+  int test_to_run_count() const;
+
+  // Gets the time of the test program start, in ms from the start of the
+  // UNIX epoch.
+  TimeInMillis start_timestamp() const;
+
+  // Gets the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const;
+
+  // Returns true iff the unit test passed (i.e. all test cases passed).
+  bool Passed() const;
+
+  // Returns true iff the unit test failed (i.e. some test case failed
+  // or something outside of all tests failed).
+  bool Failed() const;
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  const TestCase* GetTestCase(int i) const;
+
+  // Returns the TestResult containing information on test failures and
+  // properties logged outside of individual test cases.
+  const TestResult& ad_hoc_test_result() const;
+
+  // Returns the list of event listeners that can be used to track events
+  // inside Google Test.
+  TestEventListeners& listeners();
+
+ private:
+  // Registers and returns a global test environment.  When a test
+  // program is run, all global test environments will be set-up in
+  // the order they were registered.  After all tests in the program
+  // have finished, all global test environments will be torn-down in
+  // the *reverse* order they were registered.
+  //
+  // The UnitTest object takes ownership of the given environment.
+  //
+  // This method can only be called from the main thread.
+  Environment* AddEnvironment(Environment* env);
+
+  // Adds a TestPartResult to the current TestResult object.  All
+  // Google Test assertion macros (e.g. ASSERT_TRUE, EXPECT_EQ, etc)
+  // eventually call this to report their results.  The user code
+  // should use the assertion macros instead of calling this directly.
+  void AddTestPartResult(TestPartResult::Type result_type,
+                         const char* file_name,
+                         int line_number,
+                         const std::string& message,
+                         const std::string& os_stack_trace)
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Adds a TestProperty to the current TestResult object when invoked from
+  // inside a test, to current TestCase's ad_hoc_test_result_ when invoked
+  // from SetUpTestCase or TearDownTestCase, or to the global property set
+  // when invoked elsewhere.  If the result already contains a property with
+  // the same key, the value will be updated.
+  void RecordProperty(const std::string& key, const std::string& value);
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  TestCase* GetMutableTestCase(int i);
+
+  // Accessors for the implementation object.
+  internal::UnitTestImpl* impl() { return impl_; }
+  const internal::UnitTestImpl* impl() const { return impl_; }
+
+  // These classes and funcions are friends as they need to access private
+  // members of UnitTest.
+  friend class Test;
+  friend class internal::AssertHelper;
+  friend class internal::ScopedTrace;
+  friend class internal::StreamingListenerTest;
+  friend class internal::UnitTestRecordPropertyTestHelper;
+  friend Environment* AddGlobalTestEnvironment(Environment* env);
+  friend internal::UnitTestImpl* internal::GetUnitTestImpl();
+  friend void internal::ReportFailureInUnknownLocation(
+      TestPartResult::Type result_type,
+      const std::string& message);
+
+  // Creates an empty UnitTest.
+  UnitTest();
+
+  // D'tor
+  virtual ~UnitTest();
+
+  // Pushes a trace defined by SCOPED_TRACE() on to the per-thread
+  // Google Test trace stack.
+  void PushGTestTrace(const internal::TraceInfo& trace)
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Pops a trace from the per-thread Google Test trace stack.
+  void PopGTestTrace()
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Protects mutable state in *impl_.  This is mutable as some const
+  // methods need to lock it too.
+  mutable internal::Mutex mutex_;
+
+  // Opaque implementation object.  This field is never changed once
+  // the object is constructed.  We don't mark it as const here, as
+  // doing so will cause a warning in the constructor of UnitTest.
+  // Mutable state in *impl_ is protected by mutex_.
+  internal::UnitTestImpl* impl_;
+
+  // We disallow copying UnitTest.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(UnitTest);
+};
+
+// A convenient wrapper for adding an environment for the test
+// program.
+//
+// You should call this before RUN_ALL_TESTS() is called, probably in
+// main().  If you use gtest_main, you need to call this before main()
+// starts for it to take effect.  For example, you can define a global
+// variable like this:
+//
+//   testing::Environment* const foo_env =
+//       testing::AddGlobalTestEnvironment(new FooEnvironment);
+//
+// However, we strongly recommend you to write your own main() and
+// call AddGlobalTestEnvironment() there, as relying on initialization
+// of global variables makes the code harder to read and may cause
+// problems when you register multiple environments from different
+// translation units and the environments have dependencies among them
+// (remember that the compiler doesn't guarantee the order in which
+// global variables from different translation units are initialized).
+inline Environment* AddGlobalTestEnvironment(Environment* env) {
+  return UnitTest::GetInstance()->AddEnvironment(env);
+}
+
+// Initializes Google Test.  This must be called before calling
+// RUN_ALL_TESTS().  In particular, it parses a command line for the
+// flags that Google Test recognizes.  Whenever a Google Test flag is
+// seen, it is removed from argv, and *argc is decremented.
+//
+// No value is returned.  Instead, the Google Test flag variables are
+// updated.
+//
+// Calling the function for the second time has no user-visible effect.
+GTEST_API_ void InitGoogleTest(int* argc, char** argv);
+
+// This overloaded version can be used in Windows programs compiled in
+// UNICODE mode.
+GTEST_API_ void InitGoogleTest(int* argc, wchar_t** argv);
+
+namespace internal {
+
+// FormatForComparison<ToPrint, OtherOperand>::Format(value) formats a
+// value of type ToPrint that is an operand of a comparison assertion
+// (e.g. ASSERT_EQ).  OtherOperand is the type of the other operand in
+// the comparison, and is used to help determine the best way to
+// format the value.  In particular, when the value is a C string
+// (char pointer) and the other operand is an STL string object, we
+// want to format the C string as a string, since we know it is
+// compared by value with the string object.  If the value is a char
+// pointer but the other operand is not an STL string object, we don't
+// know whether the pointer is supposed to point to a NUL-terminated
+// string, and thus want to print it as a pointer to be safe.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+
+// The default case.
+template <typename ToPrint, typename OtherOperand>
+class FormatForComparison {
+ public:
+  static ::std::string Format(const ToPrint& value) {
+    return ::testing::PrintToString(value);
+  }
+};
+
+// Array.
+template <typename ToPrint, size_t N, typename OtherOperand>
+class FormatForComparison<ToPrint[N], OtherOperand> {
+ public:
+  static ::std::string Format(const ToPrint* value) {
+    return FormatForComparison<const ToPrint*, OtherOperand>::Format(value);
+  }
+};
+
+// By default, print C string as pointers to be safe, as we don't know
+// whether they actually point to a NUL-terminated string.
+
+#define GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(CharType)                \
+  template <typename OtherOperand>                                      \
+  class FormatForComparison<CharType*, OtherOperand> {                  \
+   public:                                                              \
+    static ::std::string Format(CharType* value) {                      \
+      return ::testing::PrintToString(static_cast<const void*>(value)); \
+    }                                                                   \
+  }
+
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(char);
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(const char);
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(wchar_t);
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(const wchar_t);
+
+#undef GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_
+
+// If a C string is compared with an STL string object, we know it's meant
+// to point to a NUL-terminated string, and thus can print it as a string.
+
+#define GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(CharType, OtherStringType) \
+  template <>                                                           \
+  class FormatForComparison<CharType*, OtherStringType> {               \
+   public:                                                              \
+    static ::std::string Format(CharType* value) {                      \
+      return ::testing::PrintToString(value);                           \
+    }                                                                   \
+  }
+
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(char, ::std::string);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const char, ::std::string);
+
+#if GTEST_HAS_GLOBAL_STRING
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(char, ::string);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const char, ::string);
+#endif
+
+#if GTEST_HAS_GLOBAL_WSTRING
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(wchar_t, ::wstring);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const wchar_t, ::wstring);
+#endif
+
+#if GTEST_HAS_STD_WSTRING
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(wchar_t, ::std::wstring);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const wchar_t, ::std::wstring);
+#endif
+
+#undef GTEST_IMPL_FORMAT_C_STRING_AS_STRING_
+
+// Formats a comparison assertion (e.g. ASSERT_EQ, EXPECT_LT, and etc)
+// operand to be used in a failure message.  The type (but not value)
+// of the other operand may affect the format.  This allows us to
+// print a char* as a raw pointer when it is compared against another
+// char* or void*, and print it as a C string when it is compared
+// against an std::string object, for example.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+template <typename T1, typename T2>
+std::string FormatForComparisonFailureMessage(
+    const T1& value, const T2& /* other_operand */) {
+  return FormatForComparison<T1, T2>::Format(value);
+}
+
+// The helper function for {ASSERT|EXPECT}_EQ.
+template <typename T1, typename T2>
+AssertionResult CmpHelperEQ(const char* expected_expression,
+                            const char* actual_expression,
+                            const T1& expected,
+                            const T2& actual) {
+GTEST_DISABLE_MSC_WARNINGS_PUSH_(4389 /* signed/unsigned mismatch */)
+  if (expected == actual) {
+    return AssertionSuccess();
+  }
+GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   FormatForComparisonFailureMessage(expected, actual),
+                   FormatForComparisonFailureMessage(actual, expected),
+                   false);
+}
+
+// With this overloaded version, we allow anonymous enums to be used
+// in {ASSERT|EXPECT}_EQ when compiled with gcc 4, as anonymous enums
+// can be implicitly cast to BiggestInt.
+GTEST_API_ AssertionResult CmpHelperEQ(const char* expected_expression,
+                                       const char* actual_expression,
+                                       BiggestInt expected,
+                                       BiggestInt actual);
+
+// The helper class for {ASSERT|EXPECT}_EQ.  The template argument
+// lhs_is_null_literal is true iff the first argument to ASSERT_EQ()
+// is a null pointer literal.  The following default implementation is
+// for lhs_is_null_literal being false.
+template <bool lhs_is_null_literal>
+class EqHelper {
+ public:
+  // This templatized version is for the general case.
+  template <typename T1, typename T2>
+  static AssertionResult Compare(const char* expected_expression,
+                                 const char* actual_expression,
+                                 const T1& expected,
+                                 const T2& actual) {
+    return CmpHelperEQ(expected_expression, actual_expression, expected,
+                       actual);
+  }
+
+  // With this overloaded version, we allow anonymous enums to be used
+  // in {ASSERT|EXPECT}_EQ when compiled with gcc 4, as anonymous
+  // enums can be implicitly cast to BiggestInt.
+  //
+  // Even though its body looks the same as the above version, we
+  // cannot merge the two, as it will make anonymous enums unhappy.
+  static AssertionResult Compare(const char* expected_expression,
+                                 const char* actual_expression,
+                                 BiggestInt expected,
+                                 BiggestInt actual) {
+    return CmpHelperEQ(expected_expression, actual_expression, expected,
+                       actual);
+  }
+};
+
+// This specialization is used when the first argument to ASSERT_EQ()
+// is a null pointer literal, like NULL, false, or 0.
+template <>
+class EqHelper<true> {
+ public:
+  // We define two overloaded versions of Compare().  The first
+  // version will be picked when the second argument to ASSERT_EQ() is
+  // NOT a pointer, e.g. ASSERT_EQ(0, AnIntFunction()) or
+  // EXPECT_EQ(false, a_bool).
+  template <typename T1, typename T2>
+  static AssertionResult Compare(
+      const char* expected_expression,
+      const char* actual_expression,
+      const T1& expected,
+      const T2& actual,
+      // The following line prevents this overload from being considered if T2
+      // is not a pointer type.  We need this because ASSERT_EQ(NULL, my_ptr)
+      // expands to Compare("", "", NULL, my_ptr), which requires a conversion
+      // to match the Secret* in the other overload, which would otherwise make
+      // this template match better.
+      typename EnableIf<!is_pointer<T2>::value>::type* = 0) {
+    return CmpHelperEQ(expected_expression, actual_expression, expected,
+                       actual);
+  }
+
+  // This version will be picked when the second argument to ASSERT_EQ() is a
+  // pointer, e.g. ASSERT_EQ(NULL, a_pointer).
+  template <typename T>
+  static AssertionResult Compare(
+      const char* expected_expression,
+      const char* actual_expression,
+      // We used to have a second template parameter instead of Secret*.  That
+      // template parameter would deduce to 'long', making this a better match
+      // than the first overload even without the first overload's EnableIf.
+      // Unfortunately, gcc with -Wconversion-null warns when "passing NULL to
+      // non-pointer argument" (even a deduced integral argument), so the old
+      // implementation caused warnings in user code.
+      Secret* /* expected (NULL) */,
+      T* actual) {
+    // We already know that 'expected' is a null pointer.
+    return CmpHelperEQ(expected_expression, actual_expression,
+                       static_cast<T*>(NULL), actual);
+  }
+};
+
+// A macro for implementing the helper functions needed to implement
+// ASSERT_?? and EXPECT_??.  It is here just to avoid copy-and-paste
+// of similar code.
+//
+// For each templatized helper function, we also define an overloaded
+// version for BiggestInt in order to reduce code bloat and allow
+// anonymous enums to be used with {ASSERT|EXPECT}_?? when compiled
+// with gcc 4.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+#define GTEST_IMPL_CMP_HELPER_(op_name, op)\
+template <typename T1, typename T2>\
+AssertionResult CmpHelper##op_name(const char* expr1, const char* expr2, \
+                                   const T1& val1, const T2& val2) {\
+  if (val1 op val2) {\
+    return AssertionSuccess();\
+  } else {\
+    return AssertionFailure() \
+        << "Expected: (" << expr1 << ") " #op " (" << expr2\
+        << "), actual: " << FormatForComparisonFailureMessage(val1, val2)\
+        << " vs " << FormatForComparisonFailureMessage(val2, val1);\
+  }\
+}\
+GTEST_API_ AssertionResult CmpHelper##op_name(\
+    const char* expr1, const char* expr2, BiggestInt val1, BiggestInt val2)
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+
+// Implements the helper function for {ASSERT|EXPECT}_NE
+GTEST_IMPL_CMP_HELPER_(NE, !=);
+// Implements the helper function for {ASSERT|EXPECT}_LE
+GTEST_IMPL_CMP_HELPER_(LE, <=);
+// Implements the helper function for {ASSERT|EXPECT}_LT
+GTEST_IMPL_CMP_HELPER_(LT, <);
+// Implements the helper function for {ASSERT|EXPECT}_GE
+GTEST_IMPL_CMP_HELPER_(GE, >=);
+// Implements the helper function for {ASSERT|EXPECT}_GT
+GTEST_IMPL_CMP_HELPER_(GT, >);
+
+#undef GTEST_IMPL_CMP_HELPER_
+
+// The helper function for {ASSERT|EXPECT}_STREQ.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                                          const char* actual_expression,
+                                          const char* expected,
+                                          const char* actual);
+
+// The helper function for {ASSERT|EXPECT}_STRCASEEQ.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRCASEEQ(const char* expected_expression,
+                                              const char* actual_expression,
+                                              const char* expected,
+                                              const char* actual);
+
+// The helper function for {ASSERT|EXPECT}_STRNE.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                                          const char* s2_expression,
+                                          const char* s1,
+                                          const char* s2);
+
+// The helper function for {ASSERT|EXPECT}_STRCASENE.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRCASENE(const char* s1_expression,
+                                              const char* s2_expression,
+                                              const char* s1,
+                                              const char* s2);
+
+
+// Helper function for *_STREQ on wide strings.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                                          const char* actual_expression,
+                                          const wchar_t* expected,
+                                          const wchar_t* actual);
+
+// Helper function for *_STRNE on wide strings.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                                          const char* s2_expression,
+                                          const wchar_t* s1,
+                                          const wchar_t* s2);
+
+}  // namespace internal
+
+// IsSubstring() and IsNotSubstring() are intended to be used as the
+// first argument to {EXPECT,ASSERT}_PRED_FORMAT2(), not by
+// themselves.  They check whether needle is a substring of haystack
+// (NULL is considered a substring of itself only), and return an
+// appropriate error message when they fail.
+//
+// The {needle,haystack}_expr arguments are the stringified
+// expressions that generated the two real arguments.
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack);
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack);
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack);
+
+#if GTEST_HAS_STD_WSTRING
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack);
+#endif  // GTEST_HAS_STD_WSTRING
+
+namespace internal {
+
+// Helper template function for comparing floating-points.
+//
+// Template parameter:
+//
+//   RawType: the raw floating-point type (either float or double)
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+template <typename RawType>
+AssertionResult CmpHelperFloatingPointEQ(const char* expected_expression,
+                                         const char* actual_expression,
+                                         RawType expected,
+                                         RawType actual) {
+  const FloatingPoint<RawType> lhs(expected), rhs(actual);
+
+  if (lhs.AlmostEquals(rhs)) {
+    return AssertionSuccess();
+  }
+
+  ::std::stringstream expected_ss;
+  expected_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+              << expected;
+
+  ::std::stringstream actual_ss;
+  actual_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+            << actual;
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   StringStreamToString(&expected_ss),
+                   StringStreamToString(&actual_ss),
+                   false);
+}
+
+// Helper function for implementing ASSERT_NEAR.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult DoubleNearPredFormat(const char* expr1,
+                                                const char* expr2,
+                                                const char* abs_error_expr,
+                                                double val1,
+                                                double val2,
+                                                double abs_error);
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+// A class that enables one to stream messages to assertion macros
+class GTEST_API_ AssertHelper {
+ public:
+  // Constructor.
+  AssertHelper(TestPartResult::Type type,
+               const char* file,
+               int line,
+               const char* message);
+  ~AssertHelper();
+
+  // Message assignment is a semantic trick to enable assertion
+  // streaming; see the GTEST_MESSAGE_ macro below.
+  void operator=(const Message& message) const;
+
+ private:
+  // We put our data in a struct so that the size of the AssertHelper class can
+  // be as small as possible.  This is important because gcc is incapable of
+  // re-using stack space even for temporary variables, so every EXPECT_EQ
+  // reserves stack space for another AssertHelper.
+  struct AssertHelperData {
+    AssertHelperData(TestPartResult::Type t,
+                     const char* srcfile,
+                     int line_num,
+                     const char* msg)
+        : type(t), file(srcfile), line(line_num), message(msg) { }
+
+    TestPartResult::Type const type;
+    const char* const file;
+    int const line;
+    std::string const message;
+
+   private:
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(AssertHelperData);
+  };
+
+  AssertHelperData* const data_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(AssertHelper);
+};
+
+}  // namespace internal
+
+#if GTEST_HAS_PARAM_TEST
+// The pure interface class that all value-parameterized tests inherit from.
+// A value-parameterized class must inherit from both ::testing::Test and
+// ::testing::WithParamInterface. In most cases that just means inheriting
+// from ::testing::TestWithParam, but more complicated test hierarchies
+// may need to inherit from Test and WithParamInterface at different levels.
+//
+// This interface has support for accessing the test parameter value via
+// the GetParam() method.
+//
+// Use it with one of the parameter generator defining functions, like Range(),
+// Values(), ValuesIn(), Bool(), and Combine().
+//
+// class FooTest : public ::testing::TestWithParam<int> {
+//  protected:
+//   FooTest() {
+//     // Can use GetParam() here.
+//   }
+//   virtual ~FooTest() {
+//     // Can use GetParam() here.
+//   }
+//   virtual void SetUp() {
+//     // Can use GetParam() here.
+//   }
+//   virtual void TearDown {
+//     // Can use GetParam() here.
+//   }
+// };
+// TEST_P(FooTest, DoesBar) {
+//   // Can use GetParam() method here.
+//   Foo foo;
+//   ASSERT_TRUE(foo.DoesBar(GetParam()));
+// }
+// INSTANTIATE_TEST_CASE_P(OneToTenRange, FooTest, ::testing::Range(1, 10));
+
+template <typename T>
+class WithParamInterface {
+ public:
+  typedef T ParamType;
+  virtual ~WithParamInterface() {}
+
+  // The current parameter value. Is also available in the test fixture's
+  // constructor. This member function is non-static, even though it only
+  // references static data, to reduce the opportunity for incorrect uses
+  // like writing 'WithParamInterface<bool>::GetParam()' for a test that
+  // uses a fixture whose parameter type is int.
+  const ParamType& GetParam() const {
+    GTEST_CHECK_(parameter_ != NULL)
+        << "GetParam() can only be called inside a value-parameterized test "
+        << "-- did you intend to write TEST_P instead of TEST_F?";
+    return *parameter_;
+  }
+
+ private:
+  // Sets parameter value. The caller is responsible for making sure the value
+  // remains alive and unchanged throughout the current test.
+  static void SetParam(const ParamType* parameter) {
+    parameter_ = parameter;
+  }
+
+  // Static value used for accessing parameter during a test lifetime.
+  static const ParamType* parameter_;
+
+  // TestClass must be a subclass of WithParamInterface<T> and Test.
+  template <class TestClass> friend class internal::ParameterizedTestFactory;
+};
+
+template <typename T>
+const T* WithParamInterface<T>::parameter_ = NULL;
+
+// Most value-parameterized classes can ignore the existence of
+// WithParamInterface, and can just inherit from ::testing::TestWithParam.
+
+template <typename T>
+class TestWithParam : public Test, public WithParamInterface<T> {
+};
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+// Macros for indicating success/failure in test code.
+
+// ADD_FAILURE unconditionally adds a failure to the current test.
+// SUCCEED generates a success - it doesn't automatically make the
+// current test successful, as a test is only successful when it has
+// no failure.
+//
+// EXPECT_* verifies that a certain condition is satisfied.  If not,
+// it behaves like ADD_FAILURE.  In particular:
+//
+//   EXPECT_TRUE  verifies that a Boolean condition is true.
+//   EXPECT_FALSE verifies that a Boolean condition is false.
+//
+// FAIL and ASSERT_* are similar to ADD_FAILURE and EXPECT_*, except
+// that they will also abort the current function on failure.  People
+// usually want the fail-fast behavior of FAIL and ASSERT_*, but those
+// writing data-driven tests often find themselves using ADD_FAILURE
+// and EXPECT_* more.
+
+// Generates a nonfatal failure with a generic message.
+#define ADD_FAILURE() GTEST_NONFATAL_FAILURE_("Failed")
+
+// Generates a nonfatal failure at the given source file location with
+// a generic message.
+#define ADD_FAILURE_AT(file, line) \
+  GTEST_MESSAGE_AT_(file, line, "Failed", \
+                    ::testing::TestPartResult::kNonFatalFailure)
+
+// Generates a fatal failure with a generic message.
+#define GTEST_FAIL() GTEST_FATAL_FAILURE_("Failed")
+
+// Define this macro to 1 to omit the definition of FAIL(), which is a
+// generic name and clashes with some other libraries.
+#if !GTEST_DONT_DEFINE_FAIL
+# define FAIL() GTEST_FAIL()
+#endif
+
+// Generates a success with a generic message.
+#define GTEST_SUCCEED() GTEST_SUCCESS_("Succeeded")
+
+// Define this macro to 1 to omit the definition of SUCCEED(), which
+// is a generic name and clashes with some other libraries.
+#if !GTEST_DONT_DEFINE_SUCCEED
+# define SUCCEED() GTEST_SUCCEED()
+#endif
+
+// Macros for testing exceptions.
+//
+//    * {ASSERT|EXPECT}_THROW(statement, expected_exception):
+//         Tests that the statement throws the expected exception.
+//    * {ASSERT|EXPECT}_NO_THROW(statement):
+//         Tests that the statement doesn't throw any exception.
+//    * {ASSERT|EXPECT}_ANY_THROW(statement):
+//         Tests that the statement throws an exception.
+
+#define EXPECT_THROW(statement, expected_exception) \
+  GTEST_TEST_THROW_(statement, expected_exception, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_NO_THROW(statement) \
+  GTEST_TEST_NO_THROW_(statement, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_ANY_THROW(statement) \
+  GTEST_TEST_ANY_THROW_(statement, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_THROW(statement, expected_exception) \
+  GTEST_TEST_THROW_(statement, expected_exception, GTEST_FATAL_FAILURE_)
+#define ASSERT_NO_THROW(statement) \
+  GTEST_TEST_NO_THROW_(statement, GTEST_FATAL_FAILURE_)
+#define ASSERT_ANY_THROW(statement) \
+  GTEST_TEST_ANY_THROW_(statement, GTEST_FATAL_FAILURE_)
+
+// Boolean assertions. Condition can be either a Boolean expression or an
+// AssertionResult. For more information on how to use AssertionResult with
+// these macros see comments on that class.
+#define EXPECT_TRUE(condition) \
+  GTEST_TEST_BOOLEAN_(condition, #condition, false, true, \
+                      GTEST_NONFATAL_FAILURE_)
+#define EXPECT_FALSE(condition) \
+  GTEST_TEST_BOOLEAN_(!(condition), #condition, true, false, \
+                      GTEST_NONFATAL_FAILURE_)
+#define ASSERT_TRUE(condition) \
+  GTEST_TEST_BOOLEAN_(condition, #condition, false, true, \
+                      GTEST_FATAL_FAILURE_)
+#define ASSERT_FALSE(condition) \
+  GTEST_TEST_BOOLEAN_(!(condition), #condition, true, false, \
+                      GTEST_FATAL_FAILURE_)
+
+// Includes the auto-generated header that implements a family of
+// generic predicate assertion macros.
+#include "gtest/gtest_pred_impl.h"
+
+// Macros for testing equalities and inequalities.
+//
+//    * {ASSERT|EXPECT}_EQ(expected, actual): Tests that expected == actual
+//    * {ASSERT|EXPECT}_NE(v1, v2):           Tests that v1 != v2
+//    * {ASSERT|EXPECT}_LT(v1, v2):           Tests that v1 < v2
+//    * {ASSERT|EXPECT}_LE(v1, v2):           Tests that v1 <= v2
+//    * {ASSERT|EXPECT}_GT(v1, v2):           Tests that v1 > v2
+//    * {ASSERT|EXPECT}_GE(v1, v2):           Tests that v1 >= v2
+//
+// When they are not, Google Test prints both the tested expressions and
+// their actual values.  The values must be compatible built-in types,
+// or you will get a compiler error.  By "compatible" we mean that the
+// values can be compared by the respective operator.
+//
+// Note:
+//
+//   1. It is possible to make a user-defined type work with
+//   {ASSERT|EXPECT}_??(), but that requires overloading the
+//   comparison operators and is thus discouraged by the Google C++
+//   Usage Guide.  Therefore, you are advised to use the
+//   {ASSERT|EXPECT}_TRUE() macro to assert that two objects are
+//   equal.
+//
+//   2. The {ASSERT|EXPECT}_??() macros do pointer comparisons on
+//   pointers (in particular, C strings).  Therefore, if you use it
+//   with two C strings, you are testing how their locations in memory
+//   are related, not how their content is related.  To compare two C
+//   strings by content, use {ASSERT|EXPECT}_STR*().
+//
+//   3. {ASSERT|EXPECT}_EQ(expected, actual) is preferred to
+//   {ASSERT|EXPECT}_TRUE(expected == actual), as the former tells you
+//   what the actual value is when it fails, and similarly for the
+//   other comparisons.
+//
+//   4. Do not depend on the order in which {ASSERT|EXPECT}_??()
+//   evaluate their arguments, which is undefined.
+//
+//   5. These macros evaluate their arguments exactly once.
+//
+// Examples:
+//
+//   EXPECT_NE(5, Foo());
+//   EXPECT_EQ(NULL, a_pointer);
+//   ASSERT_LT(i, array_size);
+//   ASSERT_GT(records.size(), 0) << "There is no record left.";
+
+#define EXPECT_EQ(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal:: \
+                      EqHelper<GTEST_IS_NULL_LITERAL_(expected)>::Compare, \
+                      expected, actual)
+#define EXPECT_NE(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperNE, expected, actual)
+#define EXPECT_LE(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperLE, val1, val2)
+#define EXPECT_LT(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperLT, val1, val2)
+#define EXPECT_GE(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperGE, val1, val2)
+#define EXPECT_GT(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperGT, val1, val2)
+
+#define GTEST_ASSERT_EQ(expected, actual) \
+  ASSERT_PRED_FORMAT2(::testing::internal:: \
+                      EqHelper<GTEST_IS_NULL_LITERAL_(expected)>::Compare, \
+                      expected, actual)
+#define GTEST_ASSERT_NE(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperNE, val1, val2)
+#define GTEST_ASSERT_LE(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperLE, val1, val2)
+#define GTEST_ASSERT_LT(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperLT, val1, val2)
+#define GTEST_ASSERT_GE(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperGE, val1, val2)
+#define GTEST_ASSERT_GT(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperGT, val1, val2)
+
+// Define macro GTEST_DONT_DEFINE_ASSERT_XY to 1 to omit the definition of
+// ASSERT_XY(), which clashes with some users' own code.
+
+#if !GTEST_DONT_DEFINE_ASSERT_EQ
+# define ASSERT_EQ(val1, val2) GTEST_ASSERT_EQ(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_NE
+# define ASSERT_NE(val1, val2) GTEST_ASSERT_NE(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_LE
+# define ASSERT_LE(val1, val2) GTEST_ASSERT_LE(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_LT
+# define ASSERT_LT(val1, val2) GTEST_ASSERT_LT(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_GE
+# define ASSERT_GE(val1, val2) GTEST_ASSERT_GE(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_GT
+# define ASSERT_GT(val1, val2) GTEST_ASSERT_GT(val1, val2)
+#endif
+
+// C-string Comparisons.  All tests treat NULL and any non-NULL string
+// as different.  Two NULLs are equal.
+//
+//    * {ASSERT|EXPECT}_STREQ(s1, s2):     Tests that s1 == s2
+//    * {ASSERT|EXPECT}_STRNE(s1, s2):     Tests that s1 != s2
+//    * {ASSERT|EXPECT}_STRCASEEQ(s1, s2): Tests that s1 == s2, ignoring case
+//    * {ASSERT|EXPECT}_STRCASENE(s1, s2): Tests that s1 != s2, ignoring case
+//
+// For wide or narrow string objects, you can use the
+// {ASSERT|EXPECT}_??() macros.
+//
+// Don't depend on the order in which the arguments are evaluated,
+// which is undefined.
+//
+// These macros evaluate their arguments exactly once.
+
+#define EXPECT_STREQ(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTREQ, expected, actual)
+#define EXPECT_STRNE(s1, s2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTRNE, s1, s2)
+#define EXPECT_STRCASEEQ(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASEEQ, expected, actual)
+#define EXPECT_STRCASENE(s1, s2)\
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASENE, s1, s2)
+
+#define ASSERT_STREQ(expected, actual) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTREQ, expected, actual)
+#define ASSERT_STRNE(s1, s2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTRNE, s1, s2)
+#define ASSERT_STRCASEEQ(expected, actual) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASEEQ, expected, actual)
+#define ASSERT_STRCASENE(s1, s2)\
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASENE, s1, s2)
+
+// Macros for comparing floating-point numbers.
+//
+//    * {ASSERT|EXPECT}_FLOAT_EQ(expected, actual):
+//         Tests that two float values are almost equal.
+//    * {ASSERT|EXPECT}_DOUBLE_EQ(expected, actual):
+//         Tests that two double values are almost equal.
+//    * {ASSERT|EXPECT}_NEAR(v1, v2, abs_error):
+//         Tests that v1 and v2 are within the given distance to each other.
+//
+// Google Test uses ULP-based comparison to automatically pick a default
+// error bound that is appropriate for the operands.  See the
+// FloatingPoint template class in gtest-internal.h if you are
+// interested in the implementation details.
+
+#define EXPECT_FLOAT_EQ(expected, actual)\
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<float>, \
+                      expected, actual)
+
+#define EXPECT_DOUBLE_EQ(expected, actual)\
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<double>, \
+                      expected, actual)
+
+#define ASSERT_FLOAT_EQ(expected, actual)\
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<float>, \
+                      expected, actual)
+
+#define ASSERT_DOUBLE_EQ(expected, actual)\
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<double>, \
+                      expected, actual)
+
+#define EXPECT_NEAR(val1, val2, abs_error)\
+  EXPECT_PRED_FORMAT3(::testing::internal::DoubleNearPredFormat, \
+                      val1, val2, abs_error)
+
+#define ASSERT_NEAR(val1, val2, abs_error)\
+  ASSERT_PRED_FORMAT3(::testing::internal::DoubleNearPredFormat, \
+                      val1, val2, abs_error)
+
+// These predicate format functions work on floating-point values, and
+// can be used in {ASSERT|EXPECT}_PRED_FORMAT2*(), e.g.
+//
+//   EXPECT_PRED_FORMAT2(testing::DoubleLE, Foo(), 5.0);
+
+// Asserts that val1 is less than, or almost equal to, val2.  Fails
+// otherwise.  In particular, it fails if either val1 or val2 is NaN.
+GTEST_API_ AssertionResult FloatLE(const char* expr1, const char* expr2,
+                                   float val1, float val2);
+GTEST_API_ AssertionResult DoubleLE(const char* expr1, const char* expr2,
+                                    double val1, double val2);
+
+
+#if GTEST_OS_WINDOWS
+
+// Macros that test for HRESULT failure and success, these are only useful
+// on Windows, and rely on Windows SDK macros and APIs to compile.
+//
+//    * {ASSERT|EXPECT}_HRESULT_{SUCCEEDED|FAILED}(expr)
+//
+// When expr unexpectedly fails or succeeds, Google Test prints the
+// expected result and the actual result with both a human-readable
+// string representation of the error, if available, as well as the
+// hex result code.
+# define EXPECT_HRESULT_SUCCEEDED(expr) \
+    EXPECT_PRED_FORMAT1(::testing::internal::IsHRESULTSuccess, (expr))
+
+# define ASSERT_HRESULT_SUCCEEDED(expr) \
+    ASSERT_PRED_FORMAT1(::testing::internal::IsHRESULTSuccess, (expr))
+
+# define EXPECT_HRESULT_FAILED(expr) \
+    EXPECT_PRED_FORMAT1(::testing::internal::IsHRESULTFailure, (expr))
+
+# define ASSERT_HRESULT_FAILED(expr) \
+    ASSERT_PRED_FORMAT1(::testing::internal::IsHRESULTFailure, (expr))
+
+#endif  // GTEST_OS_WINDOWS
+
+// Macros that execute statement and check that it doesn't generate new fatal
+// failures in the current thread.
+//
+//   * {ASSERT|EXPECT}_NO_FATAL_FAILURE(statement);
+//
+// Examples:
+//
+//   EXPECT_NO_FATAL_FAILURE(Process());
+//   ASSERT_NO_FATAL_FAILURE(Process()) << "Process() failed";
+//
+#define ASSERT_NO_FATAL_FAILURE(statement) \
+    GTEST_TEST_NO_FATAL_FAILURE_(statement, GTEST_FATAL_FAILURE_)
+#define EXPECT_NO_FATAL_FAILURE(statement) \
+    GTEST_TEST_NO_FATAL_FAILURE_(statement, GTEST_NONFATAL_FAILURE_)
+
+// Causes a trace (including the source file path, the current line
+// number, and the given message) to be included in every test failure
+// message generated by code in the current scope.  The effect is
+// undone when the control leaves the current scope.
+//
+// The message argument can be anything streamable to std::ostream.
+//
+// In the implementation, we include the current line number as part
+// of the dummy variable name, thus allowing multiple SCOPED_TRACE()s
+// to appear in the same block - as long as they are on different
+// lines.
+#define SCOPED_TRACE(message) \
+  ::testing::internal::ScopedTrace GTEST_CONCAT_TOKEN_(gtest_trace_, __LINE__)(\
+    __FILE__, __LINE__, ::testing::Message() << (message))
+
+// Compile-time assertion for type equality.
+// StaticAssertTypeEq<type1, type2>() compiles iff type1 and type2 are
+// the same type.  The value it returns is not interesting.
+//
+// Instead of making StaticAssertTypeEq a class template, we make it a
+// function template that invokes a helper class template.  This
+// prevents a user from misusing StaticAssertTypeEq<T1, T2> by
+// defining objects of that type.
+//
+// CAVEAT:
+//
+// When used inside a method of a class template,
+// StaticAssertTypeEq<T1, T2>() is effective ONLY IF the method is
+// instantiated.  For example, given:
+//
+//   template <typename T> class Foo {
+//    public:
+//     void Bar() { testing::StaticAssertTypeEq<int, T>(); }
+//   };
+//
+// the code:
+//
+//   void Test1() { Foo<bool> foo; }
+//
+// will NOT generate a compiler error, as Foo<bool>::Bar() is never
+// actually instantiated.  Instead, you need:
+//
+//   void Test2() { Foo<bool> foo; foo.Bar(); }
+//
+// to cause a compiler error.
+template <typename T1, typename T2>
+bool StaticAssertTypeEq() {
+  (void)internal::StaticAssertTypeEqHelper<T1, T2>();
+  return true;
+}
+
+// Defines a test.
+//
+// The first parameter is the name of the test case, and the second
+// parameter is the name of the test within the test case.
+//
+// The convention is to end the test case name with "Test".  For
+// example, a test case for the Foo class can be named FooTest.
+//
+// Test code should appear between braces after an invocation of
+// this macro.  Example:
+//
+//   TEST(FooTest, InitializesCorrectly) {
+//     Foo foo;
+//     EXPECT_TRUE(foo.StatusIsOK());
+//   }
+
+// Note that we call GetTestTypeId() instead of GetTypeId<
+// ::testing::Test>() here to get the type ID of testing::Test.  This
+// is to work around a suspected linker bug when using Google Test as
+// a framework on Mac OS X.  The bug causes GetTypeId<
+// ::testing::Test>() to return different values depending on whether
+// the call is from the Google Test framework itself or from user test
+// code.  GetTestTypeId() is guaranteed to always return the same
+// value, as it always calls GetTypeId<>() from the Google Test
+// framework.
+#define GTEST_TEST(test_case_name, test_name)\
+  GTEST_TEST_(test_case_name, test_name, \
+              ::testing::Test, ::testing::internal::GetTestTypeId())
+
+// Define this macro to 1 to omit the definition of TEST(), which
+// is a generic name and clashes with some other libraries.
+#if !GTEST_DONT_DEFINE_TEST
+# define TEST(test_case_name, test_name) GTEST_TEST(test_case_name, test_name)
+#endif
+
+// Defines a test that uses a test fixture.
+//
+// The first parameter is the name of the test fixture class, which
+// also doubles as the test case name.  The second parameter is the
+// name of the test within the test case.
+//
+// A test fixture class must be declared earlier.  The user should put
+// his test code between braces after using this macro.  Example:
+//
+//   class FooTest : public testing::Test {
+//    protected:
+//     virtual void SetUp() { b_.AddElement(3); }
+//
+//     Foo a_;
+//     Foo b_;
+//   };
+//
+//   TEST_F(FooTest, InitializesCorrectly) {
+//     EXPECT_TRUE(a_.StatusIsOK());
+//   }
+//
+//   TEST_F(FooTest, ReturnsElementCountCorrectly) {
+//     EXPECT_EQ(0, a_.size());
+//     EXPECT_EQ(1, b_.size());
+//   }
+
+#define TEST_F(test_fixture, test_name)\
+  GTEST_TEST_(test_fixture, test_name, test_fixture, \
+              ::testing::internal::GetTypeId<test_fixture>())
+
+}  // namespace testing
+
+// Use this function in main() to run all tests.  It returns 0 if all
+// tests are successful, or 1 otherwise.
+//
+// RUN_ALL_TESTS() should be invoked after the command line has been
+// parsed by InitGoogleTest().
+//
+// This function was formerly a macro; thus, it is in the global
+// namespace and has an all-caps name.
+int RUN_ALL_TESTS() GTEST_MUST_USE_RESULT_;
+
+inline int RUN_ALL_TESTS() {
+  return ::testing::UnitTest::GetInstance()->Run();
+}
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest_pred_impl.h b/nss/external_tests/google_test/gtest/include/gtest/gtest_pred_impl.h
new file mode 100644
index 0000000..30ae712
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest_pred_impl.h
@@ -0,0 +1,358 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on 10/31/2011 by command
+// 'gen_gtest_pred_impl.py 5'.  DO NOT EDIT BY HAND!
+//
+// Implements a family of generic predicate assertion macros.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+
+// Makes sure this header is not included before gtest.h.
+#ifndef GTEST_INCLUDE_GTEST_GTEST_H_
+# error Do not include gtest_pred_impl.h directly.  Include gtest.h instead.
+#endif  // GTEST_INCLUDE_GTEST_GTEST_H_
+
+// This header implements a family of generic predicate assertion
+// macros:
+//
+//   ASSERT_PRED_FORMAT1(pred_format, v1)
+//   ASSERT_PRED_FORMAT2(pred_format, v1, v2)
+//   ...
+//
+// where pred_format is a function or functor that takes n (in the
+// case of ASSERT_PRED_FORMATn) values and their source expression
+// text, and returns a testing::AssertionResult.  See the definition
+// of ASSERT_EQ in gtest.h for an example.
+//
+// If you don't care about formatting, you can use the more
+// restrictive version:
+//
+//   ASSERT_PRED1(pred, v1)
+//   ASSERT_PRED2(pred, v1, v2)
+//   ...
+//
+// where pred is an n-ary function or functor that returns bool,
+// and the values v1, v2, ..., must support the << operator for
+// streaming to std::ostream.
+//
+// We also define the EXPECT_* variations.
+//
+// For now we only support predicates whose arity is at most 5.
+// Please email googletestframework@googlegroups.com if you need
+// support for higher arities.
+
+// GTEST_ASSERT_ is the basic statement to which all of the assertions
+// in this file reduce.  Don't use this in your code.
+
+#define GTEST_ASSERT_(expression, on_failure) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (const ::testing::AssertionResult gtest_ar = (expression)) \
+    ; \
+  else \
+    on_failure(gtest_ar.failure_message())
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED1.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1>
+AssertionResult AssertPred1Helper(const char* pred_text,
+                                  const char* e1,
+                                  Pred pred,
+                                  const T1& v1) {
+  if (pred(v1)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT1.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT1_(pred_format, v1, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, v1), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED1.  Don't use
+// this in your code.
+#define GTEST_PRED1_(pred, v1, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred1Helper(#pred, \
+                                             #v1, \
+                                             pred, \
+                                             v1), on_failure)
+
+// Unary predicate assertion macros.
+#define EXPECT_PRED_FORMAT1(pred_format, v1) \
+  GTEST_PRED_FORMAT1_(pred_format, v1, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED1(pred, v1) \
+  GTEST_PRED1_(pred, v1, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT1(pred_format, v1) \
+  GTEST_PRED_FORMAT1_(pred_format, v1, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED1(pred, v1) \
+  GTEST_PRED1_(pred, v1, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED2.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2>
+AssertionResult AssertPred2Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2) {
+  if (pred(v1, v2)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT2.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT2_(pred_format, v1, v2, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, v1, v2), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED2.  Don't use
+// this in your code.
+#define GTEST_PRED2_(pred, v1, v2, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred2Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             pred, \
+                                             v1, \
+                                             v2), on_failure)
+
+// Binary predicate assertion macros.
+#define EXPECT_PRED_FORMAT2(pred_format, v1, v2) \
+  GTEST_PRED_FORMAT2_(pred_format, v1, v2, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED2(pred, v1, v2) \
+  GTEST_PRED2_(pred, v1, v2, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT2(pred_format, v1, v2) \
+  GTEST_PRED_FORMAT2_(pred_format, v1, v2, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED2(pred, v1, v2) \
+  GTEST_PRED2_(pred, v1, v2, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED3.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2,
+          typename T3>
+AssertionResult AssertPred3Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  const char* e3,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2,
+                                  const T3& v3) {
+  if (pred(v1, v2, v3)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ", "
+                            << e3 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2
+                            << "\n" << e3 << " evaluates to " << v3;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT3.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT3_(pred_format, v1, v2, v3, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, #v3, v1, v2, v3), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED3.  Don't use
+// this in your code.
+#define GTEST_PRED3_(pred, v1, v2, v3, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred3Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             #v3, \
+                                             pred, \
+                                             v1, \
+                                             v2, \
+                                             v3), on_failure)
+
+// Ternary predicate assertion macros.
+#define EXPECT_PRED_FORMAT3(pred_format, v1, v2, v3) \
+  GTEST_PRED_FORMAT3_(pred_format, v1, v2, v3, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED3(pred, v1, v2, v3) \
+  GTEST_PRED3_(pred, v1, v2, v3, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT3(pred_format, v1, v2, v3) \
+  GTEST_PRED_FORMAT3_(pred_format, v1, v2, v3, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED3(pred, v1, v2, v3) \
+  GTEST_PRED3_(pred, v1, v2, v3, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED4.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2,
+          typename T3,
+          typename T4>
+AssertionResult AssertPred4Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  const char* e3,
+                                  const char* e4,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2,
+                                  const T3& v3,
+                                  const T4& v4) {
+  if (pred(v1, v2, v3, v4)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ", "
+                            << e3 << ", "
+                            << e4 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2
+                            << "\n" << e3 << " evaluates to " << v3
+                            << "\n" << e4 << " evaluates to " << v4;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT4.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT4_(pred_format, v1, v2, v3, v4, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, #v3, #v4, v1, v2, v3, v4), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED4.  Don't use
+// this in your code.
+#define GTEST_PRED4_(pred, v1, v2, v3, v4, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred4Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             #v3, \
+                                             #v4, \
+                                             pred, \
+                                             v1, \
+                                             v2, \
+                                             v3, \
+                                             v4), on_failure)
+
+// 4-ary predicate assertion macros.
+#define EXPECT_PRED_FORMAT4(pred_format, v1, v2, v3, v4) \
+  GTEST_PRED_FORMAT4_(pred_format, v1, v2, v3, v4, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED4(pred, v1, v2, v3, v4) \
+  GTEST_PRED4_(pred, v1, v2, v3, v4, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT4(pred_format, v1, v2, v3, v4) \
+  GTEST_PRED_FORMAT4_(pred_format, v1, v2, v3, v4, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED4(pred, v1, v2, v3, v4) \
+  GTEST_PRED4_(pred, v1, v2, v3, v4, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED5.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2,
+          typename T3,
+          typename T4,
+          typename T5>
+AssertionResult AssertPred5Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  const char* e3,
+                                  const char* e4,
+                                  const char* e5,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2,
+                                  const T3& v3,
+                                  const T4& v4,
+                                  const T5& v5) {
+  if (pred(v1, v2, v3, v4, v5)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ", "
+                            << e3 << ", "
+                            << e4 << ", "
+                            << e5 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2
+                            << "\n" << e3 << " evaluates to " << v3
+                            << "\n" << e4 << " evaluates to " << v4
+                            << "\n" << e5 << " evaluates to " << v5;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT5.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT5_(pred_format, v1, v2, v3, v4, v5, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, #v3, #v4, #v5, v1, v2, v3, v4, v5), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED5.  Don't use
+// this in your code.
+#define GTEST_PRED5_(pred, v1, v2, v3, v4, v5, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred5Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             #v3, \
+                                             #v4, \
+                                             #v5, \
+                                             pred, \
+                                             v1, \
+                                             v2, \
+                                             v3, \
+                                             v4, \
+                                             v5), on_failure)
+
+// 5-ary predicate assertion macros.
+#define EXPECT_PRED_FORMAT5(pred_format, v1, v2, v3, v4, v5) \
+  GTEST_PRED_FORMAT5_(pred_format, v1, v2, v3, v4, v5, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED5(pred, v1, v2, v3, v4, v5) \
+  GTEST_PRED5_(pred, v1, v2, v3, v4, v5, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT5(pred_format, v1, v2, v3, v4, v5) \
+  GTEST_PRED_FORMAT5_(pred_format, v1, v2, v3, v4, v5, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED5(pred, v1, v2, v3, v4, v5) \
+  GTEST_PRED5_(pred, v1, v2, v3, v4, v5, GTEST_FATAL_FAILURE_)
+
+
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/gtest_prod.h b/nss/external_tests/google_test/gtest/include/gtest/gtest_prod.h
new file mode 100644
index 0000000..da80ddc
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/gtest_prod.h
@@ -0,0 +1,58 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Google C++ Testing Framework definitions useful in production code.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PROD_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PROD_H_
+
+// When you need to test the private or protected members of a class,
+// use the FRIEND_TEST macro to declare your tests as friends of the
+// class.  For example:
+//
+// class MyClass {
+//  private:
+//   void MyMethod();
+//   FRIEND_TEST(MyClassTest, MyMethod);
+// };
+//
+// class MyClassTest : public testing::Test {
+//   // ...
+// };
+//
+// TEST_F(MyClassTest, MyMethod) {
+//   // Can call MyClass::MyMethod() here.
+// }
+
+#define FRIEND_TEST(test_case_name, test_name)\
+friend class test_case_name##_##test_name##_Test
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PROD_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
new file mode 100644
index 0000000..2b3a78f
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
@@ -0,0 +1,319 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan), eefacm@gmail.com (Sean Mcafee)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines internal utilities needed for implementing
+// death tests.  They are subject to change without notice.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_DEATH_TEST_INTERNAL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_DEATH_TEST_INTERNAL_H_
+
+#include "gtest/internal/gtest-internal.h"
+
+#include <stdio.h>
+
+namespace testing {
+namespace internal {
+
+GTEST_DECLARE_string_(internal_run_death_test);
+
+// Names of the flags (needed for parsing Google Test flags).
+const char kDeathTestStyleFlag[] = "death_test_style";
+const char kDeathTestUseFork[] = "death_test_use_fork";
+const char kInternalRunDeathTestFlag[] = "internal_run_death_test";
+
+#if GTEST_HAS_DEATH_TEST
+
+// DeathTest is a class that hides much of the complexity of the
+// GTEST_DEATH_TEST_ macro.  It is abstract; its static Create method
+// returns a concrete class that depends on the prevailing death test
+// style, as defined by the --gtest_death_test_style and/or
+// --gtest_internal_run_death_test flags.
+
+// In describing the results of death tests, these terms are used with
+// the corresponding definitions:
+//
+// exit status:  The integer exit information in the format specified
+//               by wait(2)
+// exit code:    The integer code passed to exit(3), _exit(2), or
+//               returned from main()
+class GTEST_API_ DeathTest {
+ public:
+  // Create returns false if there was an error determining the
+  // appropriate action to take for the current death test; for example,
+  // if the gtest_death_test_style flag is set to an invalid value.
+  // The LastMessage method will return a more detailed message in that
+  // case.  Otherwise, the DeathTest pointer pointed to by the "test"
+  // argument is set.  If the death test should be skipped, the pointer
+  // is set to NULL; otherwise, it is set to the address of a new concrete
+  // DeathTest object that controls the execution of the current test.
+  static bool Create(const char* statement, const RE* regex,
+                     const char* file, int line, DeathTest** test);
+  DeathTest();
+  virtual ~DeathTest() { }
+
+  // A helper class that aborts a death test when it's deleted.
+  class ReturnSentinel {
+   public:
+    explicit ReturnSentinel(DeathTest* test) : test_(test) { }
+    ~ReturnSentinel() { test_->Abort(TEST_ENCOUNTERED_RETURN_STATEMENT); }
+   private:
+    DeathTest* const test_;
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(ReturnSentinel);
+  } GTEST_ATTRIBUTE_UNUSED_;
+
+  // An enumeration of possible roles that may be taken when a death
+  // test is encountered.  EXECUTE means that the death test logic should
+  // be executed immediately.  OVERSEE means that the program should prepare
+  // the appropriate environment for a child process to execute the death
+  // test, then wait for it to complete.
+  enum TestRole { OVERSEE_TEST, EXECUTE_TEST };
+
+  // An enumeration of the three reasons that a test might be aborted.
+  enum AbortReason {
+    TEST_ENCOUNTERED_RETURN_STATEMENT,
+    TEST_THREW_EXCEPTION,
+    TEST_DID_NOT_DIE
+  };
+
+  // Assumes one of the above roles.
+  virtual TestRole AssumeRole() = 0;
+
+  // Waits for the death test to finish and returns its status.
+  virtual int Wait() = 0;
+
+  // Returns true if the death test passed; that is, the test process
+  // exited during the test, its exit status matches a user-supplied
+  // predicate, and its stderr output matches a user-supplied regular
+  // expression.
+  // The user-supplied predicate may be a macro expression rather
+  // than a function pointer or functor, or else Wait and Passed could
+  // be combined.
+  virtual bool Passed(bool exit_status_ok) = 0;
+
+  // Signals that the death test did not die as expected.
+  virtual void Abort(AbortReason reason) = 0;
+
+  // Returns a human-readable outcome message regarding the outcome of
+  // the last death test.
+  static const char* LastMessage();
+
+  static void set_last_death_test_message(const std::string& message);
+
+ private:
+  // A string containing a description of the outcome of the last death test.
+  static std::string last_death_test_message_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DeathTest);
+};
+
+// Factory interface for death tests.  May be mocked out for testing.
+class DeathTestFactory {
+ public:
+  virtual ~DeathTestFactory() { }
+  virtual bool Create(const char* statement, const RE* regex,
+                      const char* file, int line, DeathTest** test) = 0;
+};
+
+// A concrete DeathTestFactory implementation for normal use.
+class DefaultDeathTestFactory : public DeathTestFactory {
+ public:
+  virtual bool Create(const char* statement, const RE* regex,
+                      const char* file, int line, DeathTest** test);
+};
+
+// Returns true if exit_status describes a process that was terminated
+// by a signal, or exited normally with a nonzero exit code.
+GTEST_API_ bool ExitedUnsuccessfully(int exit_status);
+
+// Traps C++ exceptions escaping statement and reports them as test
+// failures. Note that trapping SEH exceptions is not implemented here.
+# if GTEST_HAS_EXCEPTIONS
+#  define GTEST_EXECUTE_DEATH_TEST_STATEMENT_(statement, death_test) \
+  try { \
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+  } catch (const ::std::exception& gtest_exception) { \
+    fprintf(\
+        stderr, \
+        "\n%s: Caught std::exception-derived exception escaping the " \
+        "death test statement. Exception message: %s\n", \
+        ::testing::internal::FormatFileLocation(__FILE__, __LINE__).c_str(), \
+        gtest_exception.what()); \
+    fflush(stderr); \
+    death_test->Abort(::testing::internal::DeathTest::TEST_THREW_EXCEPTION); \
+  } catch (...) { \
+    death_test->Abort(::testing::internal::DeathTest::TEST_THREW_EXCEPTION); \
+  }
+
+# else
+#  define GTEST_EXECUTE_DEATH_TEST_STATEMENT_(statement, death_test) \
+  GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement)
+
+# endif
+
+// This macro is for implementing ASSERT_DEATH*, EXPECT_DEATH*,
+// ASSERT_EXIT*, and EXPECT_EXIT*.
+# define GTEST_DEATH_TEST_(statement, predicate, regex, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    const ::testing::internal::RE& gtest_regex = (regex); \
+    ::testing::internal::DeathTest* gtest_dt; \
+    if (!::testing::internal::DeathTest::Create(#statement, &gtest_regex, \
+        __FILE__, __LINE__, &gtest_dt)) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_, __LINE__); \
+    } \
+    if (gtest_dt != NULL) { \
+      ::testing::internal::scoped_ptr< ::testing::internal::DeathTest> \
+          gtest_dt_ptr(gtest_dt); \
+      switch (gtest_dt->AssumeRole()) { \
+        case ::testing::internal::DeathTest::OVERSEE_TEST: \
+          if (!gtest_dt->Passed(predicate(gtest_dt->Wait()))) { \
+            goto GTEST_CONCAT_TOKEN_(gtest_label_, __LINE__); \
+          } \
+          break; \
+        case ::testing::internal::DeathTest::EXECUTE_TEST: { \
+          ::testing::internal::DeathTest::ReturnSentinel \
+              gtest_sentinel(gtest_dt); \
+          GTEST_EXECUTE_DEATH_TEST_STATEMENT_(statement, gtest_dt); \
+          gtest_dt->Abort(::testing::internal::DeathTest::TEST_DID_NOT_DIE); \
+          break; \
+        } \
+        default: \
+          break; \
+      } \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_, __LINE__): \
+      fail(::testing::internal::DeathTest::LastMessage())
+// The symbol "fail" here expands to something into which a message
+// can be streamed.
+
+// This macro is for implementing ASSERT/EXPECT_DEBUG_DEATH when compiled in
+// NDEBUG mode. In this case we need the statements to be executed, the regex is
+// ignored, and the macro must accept a streamed message even though the message
+// is never printed.
+# define GTEST_EXECUTE_STATEMENT_(statement, regex) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+     GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+  } else \
+    ::testing::Message()
+
+// A class representing the parsed contents of the
+// --gtest_internal_run_death_test flag, as it existed when
+// RUN_ALL_TESTS was called.
+class InternalRunDeathTestFlag {
+ public:
+  InternalRunDeathTestFlag(const std::string& a_file,
+                           int a_line,
+                           int an_index,
+                           int a_write_fd)
+      : file_(a_file), line_(a_line), index_(an_index),
+        write_fd_(a_write_fd) {}
+
+  ~InternalRunDeathTestFlag() {
+    if (write_fd_ >= 0)
+      posix::Close(write_fd_);
+  }
+
+  const std::string& file() const { return file_; }
+  int line() const { return line_; }
+  int index() const { return index_; }
+  int write_fd() const { return write_fd_; }
+
+ private:
+  std::string file_;
+  int line_;
+  int index_;
+  int write_fd_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(InternalRunDeathTestFlag);
+};
+
+// Returns a newly created InternalRunDeathTestFlag object with fields
+// initialized from the GTEST_FLAG(internal_run_death_test) flag if
+// the flag is specified; otherwise returns NULL.
+InternalRunDeathTestFlag* ParseInternalRunDeathTestFlag();
+
+#else  // GTEST_HAS_DEATH_TEST
+
+// This macro is used for implementing macros such as
+// EXPECT_DEATH_IF_SUPPORTED and ASSERT_DEATH_IF_SUPPORTED on systems where
+// death tests are not supported. Those macros must compile on such systems
+// iff EXPECT_DEATH and ASSERT_DEATH compile with the same parameters on
+// systems that support death tests. This allows one to write such a macro
+// on a system that does not support death tests and be sure that it will
+// compile on a death-test supporting system.
+//
+// Parameters:
+//   statement -  A statement that a macro such as EXPECT_DEATH would test
+//                for program termination. This macro has to make sure this
+//                statement is compiled but not executed, to ensure that
+//                EXPECT_DEATH_IF_SUPPORTED compiles with a certain
+//                parameter iff EXPECT_DEATH compiles with it.
+//   regex     -  A regex that a macro such as EXPECT_DEATH would use to test
+//                the output of statement.  This parameter has to be
+//                compiled but not evaluated by this macro, to ensure that
+//                this macro only accepts expressions that a macro such as
+//                EXPECT_DEATH would accept.
+//   terminator - Must be an empty statement for EXPECT_DEATH_IF_SUPPORTED
+//                and a return statement for ASSERT_DEATH_IF_SUPPORTED.
+//                This ensures that ASSERT_DEATH_IF_SUPPORTED will not
+//                compile inside functions where ASSERT_DEATH doesn't
+//                compile.
+//
+//  The branch that has an always false condition is used to ensure that
+//  statement and regex are compiled (and thus syntactically correct) but
+//  never executed. The unreachable code macro protects the terminator
+//  statement from generating an 'unreachable code' warning in case
+//  statement unconditionally returns or throws. The Message constructor at
+//  the end allows the syntax of streaming additional messages into the
+//  macro, for compilational compatibility with EXPECT_DEATH/ASSERT_DEATH.
+# define GTEST_UNSUPPORTED_DEATH_TEST_(statement, regex, terminator) \
+    GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+    if (::testing::internal::AlwaysTrue()) { \
+      GTEST_LOG_(WARNING) \
+          << "Death tests are not supported on this platform.\n" \
+          << "Statement '" #statement "' cannot be verified."; \
+    } else if (::testing::internal::AlwaysFalse()) { \
+      ::testing::internal::RE::PartialMatch(".*", (regex)); \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+      terminator; \
+    } else \
+      ::testing::Message()
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_DEATH_TEST_INTERNAL_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-filepath.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-filepath.h
new file mode 100644
index 0000000..7a13b4b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-filepath.h
@@ -0,0 +1,206 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: keith.ray@gmail.com (Keith Ray)
+//
+// Google Test filepath utilities
+//
+// This header file declares classes and functions used internally by
+// Google Test.  They are subject to change without notice.
+//
+// This file is #included in <gtest/internal/gtest-internal.h>.
+// Do not include this header file separately!
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_FILEPATH_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_FILEPATH_H_
+
+#include "gtest/internal/gtest-string.h"
+
+namespace testing {
+namespace internal {
+
+// FilePath - a class for file and directory pathname manipulation which
+// handles platform-specific conventions (like the pathname separator).
+// Used for helper functions for naming files in a directory for xml output.
+// Except for Set methods, all methods are const or static, which provides an
+// "immutable value object" -- useful for peace of mind.
+// A FilePath with a value ending in a path separator ("like/this/") represents
+// a directory, otherwise it is assumed to represent a file. In either case,
+// it may or may not represent an actual file or directory in the file system.
+// Names are NOT checked for syntax correctness -- no checking for illegal
+// characters, malformed paths, etc.
+
+class GTEST_API_ FilePath {
+ public:
+  FilePath() : pathname_("") { }
+  FilePath(const FilePath& rhs) : pathname_(rhs.pathname_) { }
+
+  explicit FilePath(const std::string& pathname) : pathname_(pathname) {
+    Normalize();
+  }
+
+  FilePath& operator=(const FilePath& rhs) {
+    Set(rhs);
+    return *this;
+  }
+
+  void Set(const FilePath& rhs) {
+    pathname_ = rhs.pathname_;
+  }
+
+  const std::string& string() const { return pathname_; }
+  const char* c_str() const { return pathname_.c_str(); }
+
+  // Returns the current working directory, or "" if unsuccessful.
+  static FilePath GetCurrentDir();
+
+  // Given directory = "dir", base_name = "test", number = 0,
+  // extension = "xml", returns "dir/test.xml". If number is greater
+  // than zero (e.g., 12), returns "dir/test_12.xml".
+  // On Windows platform, uses \ as the separator rather than /.
+  static FilePath MakeFileName(const FilePath& directory,
+                               const FilePath& base_name,
+                               int number,
+                               const char* extension);
+
+  // Given directory = "dir", relative_path = "test.xml",
+  // returns "dir/test.xml".
+  // On Windows, uses \ as the separator rather than /.
+  static FilePath ConcatPaths(const FilePath& directory,
+                              const FilePath& relative_path);
+
+  // Returns a pathname for a file that does not currently exist. The pathname
+  // will be directory/base_name.extension or
+  // directory/base_name_<number>.extension if directory/base_name.extension
+  // already exists. The number will be incremented until a pathname is found
+  // that does not already exist.
+  // Examples: 'dir/foo_test.xml' or 'dir/foo_test_1.xml'.
+  // There could be a race condition if two or more processes are calling this
+  // function at the same time -- they could both pick the same filename.
+  static FilePath GenerateUniqueFileName(const FilePath& directory,
+                                         const FilePath& base_name,
+                                         const char* extension);
+
+  // Returns true iff the path is "".
+  bool IsEmpty() const { return pathname_.empty(); }
+
+  // If input name has a trailing separator character, removes it and returns
+  // the name, otherwise return the name string unmodified.
+  // On Windows platform, uses \ as the separator, other platforms use /.
+  FilePath RemoveTrailingPathSeparator() const;
+
+  // Returns a copy of the FilePath with the directory part removed.
+  // Example: FilePath("path/to/file").RemoveDirectoryName() returns
+  // FilePath("file"). If there is no directory part ("just_a_file"), it returns
+  // the FilePath unmodified. If there is no file part ("just_a_dir/") it
+  // returns an empty FilePath ("").
+  // On Windows platform, '\' is the path separator, otherwise it is '/'.
+  FilePath RemoveDirectoryName() const;
+
+  // RemoveFileName returns the directory path with the filename removed.
+  // Example: FilePath("path/to/file").RemoveFileName() returns "path/to/".
+  // If the FilePath is "a_file" or "/a_file", RemoveFileName returns
+  // FilePath("./") or, on Windows, FilePath(".\\"). If the filepath does
+  // not have a file, like "just/a/dir/", it returns the FilePath unmodified.
+  // On Windows platform, '\' is the path separator, otherwise it is '/'.
+  FilePath RemoveFileName() const;
+
+  // Returns a copy of the FilePath with the case-insensitive extension removed.
+  // Example: FilePath("dir/file.exe").RemoveExtension("EXE") returns
+  // FilePath("dir/file"). If a case-insensitive extension is not
+  // found, returns a copy of the original FilePath.
+  FilePath RemoveExtension(const char* extension) const;
+
+  // Creates directories so that path exists. Returns true if successful or if
+  // the directories already exist; returns false if unable to create
+  // directories for any reason. Will also return false if the FilePath does
+  // not represent a directory (that is, it doesn't end with a path separator).
+  bool CreateDirectoriesRecursively() const;
+
+  // Create the directory so that path exists. Returns true if successful or
+  // if the directory already exists; returns false if unable to create the
+  // directory for any reason, including if the parent directory does not
+  // exist. Not named "CreateDirectory" because that's a macro on Windows.
+  bool CreateFolder() const;
+
+  // Returns true if FilePath describes something in the file-system,
+  // either a file, directory, or whatever, and that something exists.
+  bool FileOrDirectoryExists() const;
+
+  // Returns true if pathname describes a directory in the file-system
+  // that exists.
+  bool DirectoryExists() const;
+
+  // Returns true if FilePath ends with a path separator, which indicates that
+  // it is intended to represent a directory. Returns false otherwise.
+  // This does NOT check that a directory (or file) actually exists.
+  bool IsDirectory() const;
+
+  // Returns true if pathname describes a root directory. (Windows has one
+  // root directory per disk drive.)
+  bool IsRootDirectory() const;
+
+  // Returns true if pathname describes an absolute path.
+  bool IsAbsolutePath() const;
+
+ private:
+  // Replaces multiple consecutive separators with a single separator.
+  // For example, "bar///foo" becomes "bar/foo". Does not eliminate other
+  // redundancies that might be in a pathname involving "." or "..".
+  //
+  // A pathname with multiple consecutive separators may occur either through
+  // user error or as a result of some scripts or APIs that generate a pathname
+  // with a trailing separator. On other platforms the same API or script
+  // may NOT generate a pathname with a trailing "/". Then elsewhere that
+  // pathname may have another "/" and pathname components added to it,
+  // without checking for the separator already being there.
+  // The script language and operating system may allow paths like "foo//bar"
+  // but some of the functions in FilePath will not handle that correctly. In
+  // particular, RemoveTrailingPathSeparator() only removes one separator, and
+  // it is called in CreateDirectoriesRecursively() assuming that it will change
+  // a pathname from directory syntax (trailing separator) to filename syntax.
+  //
+  // On Windows this method also replaces the alternate path separator '/' with
+  // the primary path separator '\\', so that for example "bar\\/\\foo" becomes
+  // "bar\\foo".
+
+  void Normalize();
+
+  // Returns a pointer to the last occurence of a valid path separator in
+  // the FilePath. On Windows, for example, both '/' and '\' are valid path
+  // separators. Returns NULL if no path separator was found.
+  const char* FindLastPathSeparator() const;
+
+  std::string pathname_;
+};  // class FilePath
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_FILEPATH_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h
new file mode 100644
index 0000000..21a0f56
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-internal.h
@@ -0,0 +1,1193 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan), eefacm@gmail.com (Sean Mcafee)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file declares functions and macros used internally by
+// Google Test.  They are subject to change without notice.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_INTERNAL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_INTERNAL_H_
+
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_OS_LINUX
+# include <stdlib.h>
+# include <sys/types.h>
+# include <sys/wait.h>
+# include <unistd.h>
+#endif  // GTEST_OS_LINUX
+
+#if GTEST_HAS_EXCEPTIONS
+# include <stdexcept>
+#endif
+
+#include <ctype.h>
+#include <float.h>
+#include <string.h>
+#include <iomanip>
+#include <limits>
+#include <set>
+#include <string>
+#include <vector>
+
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-string.h"
+#include "gtest/internal/gtest-filepath.h"
+#include "gtest/internal/gtest-type-util.h"
+
+// Due to C++ preprocessor weirdness, we need double indirection to
+// concatenate two tokens when one of them is __LINE__.  Writing
+//
+//   foo ## __LINE__
+//
+// will result in the token foo__LINE__, instead of foo followed by
+// the current line number.  For more details, see
+// http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.6
+#define GTEST_CONCAT_TOKEN_(foo, bar) GTEST_CONCAT_TOKEN_IMPL_(foo, bar)
+#define GTEST_CONCAT_TOKEN_IMPL_(foo, bar) foo ## bar
+
+class ProtocolMessage;
+namespace proto2 { class Message; }
+
+namespace testing {
+
+// Forward declarations.
+
+class AssertionResult;                 // Result of an assertion.
+class Message;                         // Represents a failure message.
+class Test;                            // Represents a test.
+class TestInfo;                        // Information about a test.
+class TestPartResult;                  // Result of a test part.
+class UnitTest;                        // A collection of test cases.
+
+template <typename T>
+::std::string PrintToString(const T& value);
+
+namespace internal {
+
+struct TraceInfo;                      // Information about a trace point.
+class ScopedTrace;                     // Implements scoped trace.
+class TestInfoImpl;                    // Opaque implementation of TestInfo
+class UnitTestImpl;                    // Opaque implementation of UnitTest
+
+// How many times InitGoogleTest() has been called.
+GTEST_API_ extern int g_init_gtest_count;
+
+// The text used in failure messages to indicate the start of the
+// stack trace.
+GTEST_API_ extern const char kStackTraceMarker[];
+
+// Two overloaded helpers for checking at compile time whether an
+// expression is a null pointer literal (i.e. NULL or any 0-valued
+// compile-time integral constant).  Their return values have
+// different sizes, so we can use sizeof() to test which version is
+// picked by the compiler.  These helpers have no implementations, as
+// we only need their signatures.
+//
+// Given IsNullLiteralHelper(x), the compiler will pick the first
+// version if x can be implicitly converted to Secret*, and pick the
+// second version otherwise.  Since Secret is a secret and incomplete
+// type, the only expression a user can write that has type Secret* is
+// a null pointer literal.  Therefore, we know that x is a null
+// pointer literal if and only if the first version is picked by the
+// compiler.
+char IsNullLiteralHelper(Secret* p);
+char (&IsNullLiteralHelper(...))[2];  // NOLINT
+
+// A compile-time bool constant that is true if and only if x is a
+// null pointer literal (i.e. NULL or any 0-valued compile-time
+// integral constant).
+#ifdef GTEST_ELLIPSIS_NEEDS_POD_
+// We lose support for NULL detection where the compiler doesn't like
+// passing non-POD classes through ellipsis (...).
+# define GTEST_IS_NULL_LITERAL_(x) false
+#else
+# define GTEST_IS_NULL_LITERAL_(x) \
+    (sizeof(::testing::internal::IsNullLiteralHelper(x)) == 1)
+#endif  // GTEST_ELLIPSIS_NEEDS_POD_
+
+// Appends the user-supplied message to the Google-Test-generated message.
+GTEST_API_ std::string AppendUserMessage(
+    const std::string& gtest_msg, const Message& user_msg);
+
+#if GTEST_HAS_EXCEPTIONS
+
+// This exception is thrown by (and only by) a failed Google Test
+// assertion when GTEST_FLAG(throw_on_failure) is true (if exceptions
+// are enabled).  We derive it from std::runtime_error, which is for
+// errors presumably detectable only at run time.  Since
+// std::runtime_error inherits from std::exception, many testing
+// frameworks know how to extract and print the message inside it.
+class GTEST_API_ GoogleTestFailureException : public ::std::runtime_error {
+ public:
+  explicit GoogleTestFailureException(const TestPartResult& failure);
+};
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// A helper class for creating scoped traces in user programs.
+class GTEST_API_ ScopedTrace {
+ public:
+  // The c'tor pushes the given source file location and message onto
+  // a trace stack maintained by Google Test.
+  ScopedTrace(const char* file, int line, const Message& message);
+
+  // The d'tor pops the info pushed by the c'tor.
+  //
+  // Note that the d'tor is not virtual in order to be efficient.
+  // Don't inherit from ScopedTrace!
+  ~ScopedTrace();
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ScopedTrace);
+} GTEST_ATTRIBUTE_UNUSED_;  // A ScopedTrace object does its job in its
+                            // c'tor and d'tor.  Therefore it doesn't
+                            // need to be used otherwise.
+
+namespace edit_distance {
+// Returns the optimal edits to go from 'left' to 'right'.
+// All edits cost the same, with replace having lower priority than
+// add/remove.
+// Simple implementation of the Wagner–Fischer algorithm.
+// See http://en.wikipedia.org/wiki/Wagner-Fischer_algorithm
+enum EditType { kMatch, kAdd, kRemove, kReplace };
+GTEST_API_ std::vector<EditType> CalculateOptimalEdits(
+    const std::vector<size_t>& left, const std::vector<size_t>& right);
+
+// Same as above, but the input is represented as strings.
+GTEST_API_ std::vector<EditType> CalculateOptimalEdits(
+    const std::vector<std::string>& left,
+    const std::vector<std::string>& right);
+
+// Create a diff of the input strings in Unified diff format.
+GTEST_API_ std::string CreateUnifiedDiff(const std::vector<std::string>& left,
+                                         const std::vector<std::string>& right,
+                                         size_t context = 2);
+
+}  // namespace edit_distance
+
+// Calculate the diff between 'left' and 'right' and return it in unified diff
+// format.
+// If not null, stores in 'total_line_count' the total number of lines found
+// in left + right.
+GTEST_API_ std::string DiffStrings(const std::string& left,
+                                   const std::string& right,
+                                   size_t* total_line_count);
+
+// Constructs and returns the message for an equality assertion
+// (e.g. ASSERT_EQ, EXPECT_STREQ, etc) failure.
+//
+// The first four parameters are the expressions used in the assertion
+// and their values, as strings.  For example, for ASSERT_EQ(foo, bar)
+// where foo is 5 and bar is 6, we have:
+//
+//   expected_expression: "foo"
+//   actual_expression:   "bar"
+//   expected_value:      "5"
+//   actual_value:        "6"
+//
+// The ignoring_case parameter is true iff the assertion is a
+// *_STRCASEEQ*.  When it's true, the string " (ignoring case)" will
+// be inserted into the message.
+GTEST_API_ AssertionResult EqFailure(const char* expected_expression,
+                                     const char* actual_expression,
+                                     const std::string& expected_value,
+                                     const std::string& actual_value,
+                                     bool ignoring_case);
+
+// Constructs a failure message for Boolean assertions such as EXPECT_TRUE.
+GTEST_API_ std::string GetBoolAssertionFailureMessage(
+    const AssertionResult& assertion_result,
+    const char* expression_text,
+    const char* actual_predicate_value,
+    const char* expected_predicate_value);
+
+// This template class represents an IEEE floating-point number
+// (either single-precision or double-precision, depending on the
+// template parameters).
+//
+// The purpose of this class is to do more sophisticated number
+// comparison.  (Due to round-off error, etc, it's very unlikely that
+// two floating-points will be equal exactly.  Hence a naive
+// comparison by the == operation often doesn't work.)
+//
+// Format of IEEE floating-point:
+//
+//   The most-significant bit being the leftmost, an IEEE
+//   floating-point looks like
+//
+//     sign_bit exponent_bits fraction_bits
+//
+//   Here, sign_bit is a single bit that designates the sign of the
+//   number.
+//
+//   For float, there are 8 exponent bits and 23 fraction bits.
+//
+//   For double, there are 11 exponent bits and 52 fraction bits.
+//
+//   More details can be found at
+//   http://en.wikipedia.org/wiki/IEEE_floating-point_standard.
+//
+// Template parameter:
+//
+//   RawType: the raw floating-point type (either float or double)
+template <typename RawType>
+class FloatingPoint {
+ public:
+  // Defines the unsigned integer type that has the same size as the
+  // floating point number.
+  typedef typename TypeWithSize<sizeof(RawType)>::UInt Bits;
+
+  // Constants.
+
+  // # of bits in a number.
+  static const size_t kBitCount = 8*sizeof(RawType);
+
+  // # of fraction bits in a number.
+  static const size_t kFractionBitCount =
+    std::numeric_limits<RawType>::digits - 1;
+
+  // # of exponent bits in a number.
+  static const size_t kExponentBitCount = kBitCount - 1 - kFractionBitCount;
+
+  // The mask for the sign bit.
+  static const Bits kSignBitMask = static_cast<Bits>(1) << (kBitCount - 1);
+
+  // The mask for the fraction bits.
+  static const Bits kFractionBitMask =
+    ~static_cast<Bits>(0) >> (kExponentBitCount + 1);
+
+  // The mask for the exponent bits.
+  static const Bits kExponentBitMask = ~(kSignBitMask | kFractionBitMask);
+
+  // How many ULP's (Units in the Last Place) we want to tolerate when
+  // comparing two numbers.  The larger the value, the more error we
+  // allow.  A 0 value means that two numbers must be exactly the same
+  // to be considered equal.
+  //
+  // The maximum error of a single floating-point operation is 0.5
+  // units in the last place.  On Intel CPU's, all floating-point
+  // calculations are done with 80-bit precision, while double has 64
+  // bits.  Therefore, 4 should be enough for ordinary use.
+  //
+  // See the following article for more details on ULP:
+  // http://randomascii.wordpress.com/2012/02/25/comparing-floating-point-numbers-2012-edition/
+  static const size_t kMaxUlps = 4;
+
+  // Constructs a FloatingPoint from a raw floating-point number.
+  //
+  // On an Intel CPU, passing a non-normalized NAN (Not a Number)
+  // around may change its bits, although the new value is guaranteed
+  // to be also a NAN.  Therefore, don't expect this constructor to
+  // preserve the bits in x when x is a NAN.
+  explicit FloatingPoint(const RawType& x) { u_.value_ = x; }
+
+  // Static methods
+
+  // Reinterprets a bit pattern as a floating-point number.
+  //
+  // This function is needed to test the AlmostEquals() method.
+  static RawType ReinterpretBits(const Bits bits) {
+    FloatingPoint fp(0);
+    fp.u_.bits_ = bits;
+    return fp.u_.value_;
+  }
+
+  // Returns the floating-point number that represent positive infinity.
+  static RawType Infinity() {
+    return ReinterpretBits(kExponentBitMask);
+  }
+
+  // Returns the maximum representable finite floating-point number.
+  static RawType Max();
+
+  // Non-static methods
+
+  // Returns the bits that represents this number.
+  const Bits &bits() const { return u_.bits_; }
+
+  // Returns the exponent bits of this number.
+  Bits exponent_bits() const { return kExponentBitMask & u_.bits_; }
+
+  // Returns the fraction bits of this number.
+  Bits fraction_bits() const { return kFractionBitMask & u_.bits_; }
+
+  // Returns the sign bit of this number.
+  Bits sign_bit() const { return kSignBitMask & u_.bits_; }
+
+  // Returns true iff this is NAN (not a number).
+  bool is_nan() const {
+    // It's a NAN if the exponent bits are all ones and the fraction
+    // bits are not entirely zeros.
+    return (exponent_bits() == kExponentBitMask) && (fraction_bits() != 0);
+  }
+
+  // Returns true iff this number is at most kMaxUlps ULP's away from
+  // rhs.  In particular, this function:
+  //
+  //   - returns false if either number is (or both are) NAN.
+  //   - treats really large numbers as almost equal to infinity.
+  //   - thinks +0.0 and -0.0 are 0 DLP's apart.
+  bool AlmostEquals(const FloatingPoint& rhs) const {
+    // The IEEE standard says that any comparison operation involving
+    // a NAN must return false.
+    if (is_nan() || rhs.is_nan()) return false;
+
+    return DistanceBetweenSignAndMagnitudeNumbers(u_.bits_, rhs.u_.bits_)
+        <= kMaxUlps;
+  }
+
+ private:
+  // The data type used to store the actual floating-point number.
+  union FloatingPointUnion {
+    RawType value_;  // The raw floating-point number.
+    Bits bits_;      // The bits that represent the number.
+  };
+
+  // Converts an integer from the sign-and-magnitude representation to
+  // the biased representation.  More precisely, let N be 2 to the
+  // power of (kBitCount - 1), an integer x is represented by the
+  // unsigned number x + N.
+  //
+  // For instance,
+  //
+  //   -N + 1 (the most negative number representable using
+  //          sign-and-magnitude) is represented by 1;
+  //   0      is represented by N; and
+  //   N - 1  (the biggest number representable using
+  //          sign-and-magnitude) is represented by 2N - 1.
+  //
+  // Read http://en.wikipedia.org/wiki/Signed_number_representations
+  // for more details on signed number representations.
+  static Bits SignAndMagnitudeToBiased(const Bits &sam) {
+    if (kSignBitMask & sam) {
+      // sam represents a negative number.
+      return ~sam + 1;
+    } else {
+      // sam represents a positive number.
+      return kSignBitMask | sam;
+    }
+  }
+
+  // Given two numbers in the sign-and-magnitude representation,
+  // returns the distance between them as an unsigned number.
+  static Bits DistanceBetweenSignAndMagnitudeNumbers(const Bits &sam1,
+                                                     const Bits &sam2) {
+    const Bits biased1 = SignAndMagnitudeToBiased(sam1);
+    const Bits biased2 = SignAndMagnitudeToBiased(sam2);
+    return (biased1 >= biased2) ? (biased1 - biased2) : (biased2 - biased1);
+  }
+
+  FloatingPointUnion u_;
+};
+
+// We cannot use std::numeric_limits<T>::max() as it clashes with the max()
+// macro defined by <windows.h>.
+template <>
+inline float FloatingPoint<float>::Max() { return FLT_MAX; }
+template <>
+inline double FloatingPoint<double>::Max() { return DBL_MAX; }
+
+// Typedefs the instances of the FloatingPoint template class that we
+// care to use.
+typedef FloatingPoint<float> Float;
+typedef FloatingPoint<double> Double;
+
+// In order to catch the mistake of putting tests that use different
+// test fixture classes in the same test case, we need to assign
+// unique IDs to fixture classes and compare them.  The TypeId type is
+// used to hold such IDs.  The user should treat TypeId as an opaque
+// type: the only operation allowed on TypeId values is to compare
+// them for equality using the == operator.
+typedef const void* TypeId;
+
+template <typename T>
+class TypeIdHelper {
+ public:
+  // dummy_ must not have a const type.  Otherwise an overly eager
+  // compiler (e.g. MSVC 7.1 & 8.0) may try to merge
+  // TypeIdHelper<T>::dummy_ for different Ts as an "optimization".
+  static bool dummy_;
+};
+
+template <typename T>
+bool TypeIdHelper<T>::dummy_ = false;
+
+// GetTypeId<T>() returns the ID of type T.  Different values will be
+// returned for different types.  Calling the function twice with the
+// same type argument is guaranteed to return the same ID.
+template <typename T>
+TypeId GetTypeId() {
+  // The compiler is required to allocate a different
+  // TypeIdHelper<T>::dummy_ variable for each T used to instantiate
+  // the template.  Therefore, the address of dummy_ is guaranteed to
+  // be unique.
+  return &(TypeIdHelper<T>::dummy_);
+}
+
+// Returns the type ID of ::testing::Test.  Always call this instead
+// of GetTypeId< ::testing::Test>() to get the type ID of
+// ::testing::Test, as the latter may give the wrong result due to a
+// suspected linker bug when compiling Google Test as a Mac OS X
+// framework.
+GTEST_API_ TypeId GetTestTypeId();
+
+// Defines the abstract factory interface that creates instances
+// of a Test object.
+class TestFactoryBase {
+ public:
+  virtual ~TestFactoryBase() {}
+
+  // Creates a test instance to run. The instance is both created and destroyed
+  // within TestInfoImpl::Run()
+  virtual Test* CreateTest() = 0;
+
+ protected:
+  TestFactoryBase() {}
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestFactoryBase);
+};
+
+// This class provides implementation of TeastFactoryBase interface.
+// It is used in TEST and TEST_F macros.
+template <class TestClass>
+class TestFactoryImpl : public TestFactoryBase {
+ public:
+  virtual Test* CreateTest() { return new TestClass; }
+};
+
+#if GTEST_OS_WINDOWS
+
+// Predicate-formatters for implementing the HRESULT checking macros
+// {ASSERT|EXPECT}_HRESULT_{SUCCEEDED|FAILED}
+// We pass a long instead of HRESULT to avoid causing an
+// include dependency for the HRESULT type.
+GTEST_API_ AssertionResult IsHRESULTSuccess(const char* expr,
+                                            long hr);  // NOLINT
+GTEST_API_ AssertionResult IsHRESULTFailure(const char* expr,
+                                            long hr);  // NOLINT
+
+#endif  // GTEST_OS_WINDOWS
+
+// Types of SetUpTestCase() and TearDownTestCase() functions.
+typedef void (*SetUpTestCaseFunc)();
+typedef void (*TearDownTestCaseFunc)();
+
+// Creates a new TestInfo object and registers it with Google Test;
+// returns the created object.
+//
+// Arguments:
+//
+//   test_case_name:   name of the test case
+//   name:             name of the test
+//   type_param        the name of the test's type parameter, or NULL if
+//                     this is not a typed or a type-parameterized test.
+//   value_param       text representation of the test's value parameter,
+//                     or NULL if this is not a type-parameterized test.
+//   fixture_class_id: ID of the test fixture class
+//   set_up_tc:        pointer to the function that sets up the test case
+//   tear_down_tc:     pointer to the function that tears down the test case
+//   factory:          pointer to the factory that creates a test object.
+//                     The newly created TestInfo instance will assume
+//                     ownership of the factory object.
+GTEST_API_ TestInfo* MakeAndRegisterTestInfo(
+    const char* test_case_name,
+    const char* name,
+    const char* type_param,
+    const char* value_param,
+    TypeId fixture_class_id,
+    SetUpTestCaseFunc set_up_tc,
+    TearDownTestCaseFunc tear_down_tc,
+    TestFactoryBase* factory);
+
+// If *pstr starts with the given prefix, modifies *pstr to be right
+// past the prefix and returns true; otherwise leaves *pstr unchanged
+// and returns false.  None of pstr, *pstr, and prefix can be NULL.
+GTEST_API_ bool SkipPrefix(const char* prefix, const char** pstr);
+
+#if GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// State of the definition of a type-parameterized test case.
+class GTEST_API_ TypedTestCasePState {
+ public:
+  TypedTestCasePState() : registered_(false) {}
+
+  // Adds the given test name to defined_test_names_ and return true
+  // if the test case hasn't been registered; otherwise aborts the
+  // program.
+  bool AddTestName(const char* file, int line, const char* case_name,
+                   const char* test_name) {
+    if (registered_) {
+      fprintf(stderr, "%s Test %s must be defined before "
+              "REGISTER_TYPED_TEST_CASE_P(%s, ...).\n",
+              FormatFileLocation(file, line).c_str(), test_name, case_name);
+      fflush(stderr);
+      posix::Abort();
+    }
+    defined_test_names_.insert(test_name);
+    return true;
+  }
+
+  // Verifies that registered_tests match the test names in
+  // defined_test_names_; returns registered_tests if successful, or
+  // aborts the program otherwise.
+  const char* VerifyRegisteredTestNames(
+      const char* file, int line, const char* registered_tests);
+
+ private:
+  bool registered_;
+  ::std::set<const char*> defined_test_names_;
+};
+
+// Skips to the first non-space char after the first comma in 'str';
+// returns NULL if no comma is found in 'str'.
+inline const char* SkipComma(const char* str) {
+  const char* comma = strchr(str, ',');
+  if (comma == NULL) {
+    return NULL;
+  }
+  while (IsSpace(*(++comma))) {}
+  return comma;
+}
+
+// Returns the prefix of 'str' before the first comma in it; returns
+// the entire string if it contains no comma.
+inline std::string GetPrefixUntilComma(const char* str) {
+  const char* comma = strchr(str, ',');
+  return comma == NULL ? str : std::string(str, comma);
+}
+
+// TypeParameterizedTest<Fixture, TestSel, Types>::Register()
+// registers a list of type-parameterized tests with Google Test.  The
+// return value is insignificant - we just need to return something
+// such that we can call this function in a namespace scope.
+//
+// Implementation note: The GTEST_TEMPLATE_ macro declares a template
+// template parameter.  It's defined in gtest-type-util.h.
+template <GTEST_TEMPLATE_ Fixture, class TestSel, typename Types>
+class TypeParameterizedTest {
+ public:
+  // 'index' is the index of the test in the type list 'Types'
+  // specified in INSTANTIATE_TYPED_TEST_CASE_P(Prefix, TestCase,
+  // Types).  Valid values for 'index' are [0, N - 1] where N is the
+  // length of Types.
+  static bool Register(const char* prefix, const char* case_name,
+                       const char* test_names, int index) {
+    typedef typename Types::Head Type;
+    typedef Fixture<Type> FixtureClass;
+    typedef typename GTEST_BIND_(TestSel, Type) TestClass;
+
+    // First, registers the first type-parameterized test in the type
+    // list.
+    MakeAndRegisterTestInfo(
+        (std::string(prefix) + (prefix[0] == '\0' ? "" : "/") + case_name + "/"
+         + StreamableToString(index)).c_str(),
+        GetPrefixUntilComma(test_names).c_str(),
+        GetTypeName<Type>().c_str(),
+        NULL,  // No value parameter.
+        GetTypeId<FixtureClass>(),
+        TestClass::SetUpTestCase,
+        TestClass::TearDownTestCase,
+        new TestFactoryImpl<TestClass>);
+
+    // Next, recurses (at compile time) with the tail of the type list.
+    return TypeParameterizedTest<Fixture, TestSel, typename Types::Tail>
+        ::Register(prefix, case_name, test_names, index + 1);
+  }
+};
+
+// The base case for the compile time recursion.
+template <GTEST_TEMPLATE_ Fixture, class TestSel>
+class TypeParameterizedTest<Fixture, TestSel, Types0> {
+ public:
+  static bool Register(const char* /*prefix*/, const char* /*case_name*/,
+                       const char* /*test_names*/, int /*index*/) {
+    return true;
+  }
+};
+
+// TypeParameterizedTestCase<Fixture, Tests, Types>::Register()
+// registers *all combinations* of 'Tests' and 'Types' with Google
+// Test.  The return value is insignificant - we just need to return
+// something such that we can call this function in a namespace scope.
+template <GTEST_TEMPLATE_ Fixture, typename Tests, typename Types>
+class TypeParameterizedTestCase {
+ public:
+  static bool Register(const char* prefix, const char* case_name,
+                       const char* test_names) {
+    typedef typename Tests::Head Head;
+
+    // First, register the first test in 'Test' for each type in 'Types'.
+    TypeParameterizedTest<Fixture, Head, Types>::Register(
+        prefix, case_name, test_names, 0);
+
+    // Next, recurses (at compile time) with the tail of the test list.
+    return TypeParameterizedTestCase<Fixture, typename Tests::Tail, Types>
+        ::Register(prefix, case_name, SkipComma(test_names));
+  }
+};
+
+// The base case for the compile time recursion.
+template <GTEST_TEMPLATE_ Fixture, typename Types>
+class TypeParameterizedTestCase<Fixture, Templates0, Types> {
+ public:
+  static bool Register(const char* /*prefix*/, const char* /*case_name*/,
+                       const char* /*test_names*/) {
+    return true;
+  }
+};
+
+#endif  // GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// Returns the current OS stack trace as an std::string.
+//
+// The maximum number of stack frames to be included is specified by
+// the gtest_stack_trace_depth flag.  The skip_count parameter
+// specifies the number of top frames to be skipped, which doesn't
+// count against the number of frames to be included.
+//
+// For example, if Foo() calls Bar(), which in turn calls
+// GetCurrentOsStackTraceExceptTop(..., 1), Foo() will be included in
+// the trace but Bar() and GetCurrentOsStackTraceExceptTop() won't.
+GTEST_API_ std::string GetCurrentOsStackTraceExceptTop(
+    UnitTest* unit_test, int skip_count);
+
+// Helpers for suppressing warnings on unreachable code or constant
+// condition.
+
+// Always returns true.
+GTEST_API_ bool AlwaysTrue();
+
+// Always returns false.
+inline bool AlwaysFalse() { return !AlwaysTrue(); }
+
+// Helper for suppressing false warning from Clang on a const char*
+// variable declared in a conditional expression always being NULL in
+// the else branch.
+struct GTEST_API_ ConstCharPtr {
+  ConstCharPtr(const char* str) : value(str) {}
+  operator bool() const { return true; }
+  const char* value;
+};
+
+// A simple Linear Congruential Generator for generating random
+// numbers with a uniform distribution.  Unlike rand() and srand(), it
+// doesn't use global state (and therefore can't interfere with user
+// code).  Unlike rand_r(), it's portable.  An LCG isn't very random,
+// but it's good enough for our purposes.
+class GTEST_API_ Random {
+ public:
+  static const UInt32 kMaxRange = 1u << 31;
+
+  explicit Random(UInt32 seed) : state_(seed) {}
+
+  void Reseed(UInt32 seed) { state_ = seed; }
+
+  // Generates a random number from [0, range).  Crashes if 'range' is
+  // 0 or greater than kMaxRange.
+  UInt32 Generate(UInt32 range);
+
+ private:
+  UInt32 state_;
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Random);
+};
+
+// Defining a variable of type CompileAssertTypesEqual<T1, T2> will cause a
+// compiler error iff T1 and T2 are different types.
+template <typename T1, typename T2>
+struct CompileAssertTypesEqual;
+
+template <typename T>
+struct CompileAssertTypesEqual<T, T> {
+};
+
+// Removes the reference from a type if it is a reference type,
+// otherwise leaves it unchanged.  This is the same as
+// tr1::remove_reference, which is not widely available yet.
+template <typename T>
+struct RemoveReference { typedef T type; };  // NOLINT
+template <typename T>
+struct RemoveReference<T&> { typedef T type; };  // NOLINT
+
+// A handy wrapper around RemoveReference that works when the argument
+// T depends on template parameters.
+#define GTEST_REMOVE_REFERENCE_(T) \
+    typename ::testing::internal::RemoveReference<T>::type
+
+// Removes const from a type if it is a const type, otherwise leaves
+// it unchanged.  This is the same as tr1::remove_const, which is not
+// widely available yet.
+template <typename T>
+struct RemoveConst { typedef T type; };  // NOLINT
+template <typename T>
+struct RemoveConst<const T> { typedef T type; };  // NOLINT
+
+// MSVC 8.0, Sun C++, and IBM XL C++ have a bug which causes the above
+// definition to fail to remove the const in 'const int[3]' and 'const
+// char[3][4]'.  The following specialization works around the bug.
+template <typename T, size_t N>
+struct RemoveConst<const T[N]> {
+  typedef typename RemoveConst<T>::type type[N];
+};
+
+#if defined(_MSC_VER) && _MSC_VER < 1400
+// This is the only specialization that allows VC++ 7.1 to remove const in
+// 'const int[3] and 'const int[3][4]'.  However, it causes trouble with GCC
+// and thus needs to be conditionally compiled.
+template <typename T, size_t N>
+struct RemoveConst<T[N]> {
+  typedef typename RemoveConst<T>::type type[N];
+};
+#endif
+
+// A handy wrapper around RemoveConst that works when the argument
+// T depends on template parameters.
+#define GTEST_REMOVE_CONST_(T) \
+    typename ::testing::internal::RemoveConst<T>::type
+
+// Turns const U&, U&, const U, and U all into U.
+#define GTEST_REMOVE_REFERENCE_AND_CONST_(T) \
+    GTEST_REMOVE_CONST_(GTEST_REMOVE_REFERENCE_(T))
+
+// Adds reference to a type if it is not a reference type,
+// otherwise leaves it unchanged.  This is the same as
+// tr1::add_reference, which is not widely available yet.
+template <typename T>
+struct AddReference { typedef T& type; };  // NOLINT
+template <typename T>
+struct AddReference<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper around AddReference that works when the argument T
+// depends on template parameters.
+#define GTEST_ADD_REFERENCE_(T) \
+    typename ::testing::internal::AddReference<T>::type
+
+// Adds a reference to const on top of T as necessary.  For example,
+// it transforms
+//
+//   char         ==> const char&
+//   const char   ==> const char&
+//   char&        ==> const char&
+//   const char&  ==> const char&
+//
+// The argument T must depend on some template parameters.
+#define GTEST_REFERENCE_TO_CONST_(T) \
+    GTEST_ADD_REFERENCE_(const GTEST_REMOVE_REFERENCE_(T))
+
+// ImplicitlyConvertible<From, To>::value is a compile-time bool
+// constant that's true iff type From can be implicitly converted to
+// type To.
+template <typename From, typename To>
+class ImplicitlyConvertible {
+ private:
+  // We need the following helper functions only for their types.
+  // They have no implementations.
+
+  // MakeFrom() is an expression whose type is From.  We cannot simply
+  // use From(), as the type From may not have a public default
+  // constructor.
+  static typename AddReference<From>::type MakeFrom();
+
+  // These two functions are overloaded.  Given an expression
+  // Helper(x), the compiler will pick the first version if x can be
+  // implicitly converted to type To; otherwise it will pick the
+  // second version.
+  //
+  // The first version returns a value of size 1, and the second
+  // version returns a value of size 2.  Therefore, by checking the
+  // size of Helper(x), which can be done at compile time, we can tell
+  // which version of Helper() is used, and hence whether x can be
+  // implicitly converted to type To.
+  static char Helper(To);
+  static char (&Helper(...))[2];  // NOLINT
+
+  // We have to put the 'public' section after the 'private' section,
+  // or MSVC refuses to compile the code.
+ public:
+#if defined(__BORLANDC__)
+  // C++Builder cannot use member overload resolution during template
+  // instantiation.  The simplest workaround is to use its C++0x type traits
+  // functions (C++Builder 2009 and above only).
+  static const bool value = __is_convertible(From, To);
+#else
+  // MSVC warns about implicitly converting from double to int for
+  // possible loss of data, so we need to temporarily disable the
+  // warning.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4244)
+  static const bool value =
+      sizeof(Helper(ImplicitlyConvertible::MakeFrom())) == 1;
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+#endif  // __BORLANDC__
+};
+template <typename From, typename To>
+const bool ImplicitlyConvertible<From, To>::value;
+
+// IsAProtocolMessage<T>::value is a compile-time bool constant that's
+// true iff T is type ProtocolMessage, proto2::Message, or a subclass
+// of those.
+template <typename T>
+struct IsAProtocolMessage
+    : public bool_constant<
+  ImplicitlyConvertible<const T*, const ::ProtocolMessage*>::value ||
+  ImplicitlyConvertible<const T*, const ::proto2::Message*>::value> {
+};
+
+// When the compiler sees expression IsContainerTest<C>(0), if C is an
+// STL-style container class, the first overload of IsContainerTest
+// will be viable (since both C::iterator* and C::const_iterator* are
+// valid types and NULL can be implicitly converted to them).  It will
+// be picked over the second overload as 'int' is a perfect match for
+// the type of argument 0.  If C::iterator or C::const_iterator is not
+// a valid type, the first overload is not viable, and the second
+// overload will be picked.  Therefore, we can determine whether C is
+// a container class by checking the type of IsContainerTest<C>(0).
+// The value of the expression is insignificant.
+//
+// Note that we look for both C::iterator and C::const_iterator.  The
+// reason is that C++ injects the name of a class as a member of the
+// class itself (e.g. you can refer to class iterator as either
+// 'iterator' or 'iterator::iterator').  If we look for C::iterator
+// only, for example, we would mistakenly think that a class named
+// iterator is an STL container.
+//
+// Also note that the simpler approach of overloading
+// IsContainerTest(typename C::const_iterator*) and
+// IsContainerTest(...) doesn't work with Visual Age C++ and Sun C++.
+typedef int IsContainer;
+template <class C>
+IsContainer IsContainerTest(int /* dummy */,
+                            typename C::iterator* /* it */ = NULL,
+                            typename C::const_iterator* /* const_it */ = NULL) {
+  return 0;
+}
+
+typedef char IsNotContainer;
+template <class C>
+IsNotContainer IsContainerTest(long /* dummy */) { return '\0'; }
+
+// EnableIf<condition>::type is void when 'Cond' is true, and
+// undefined when 'Cond' is false.  To use SFINAE to make a function
+// overload only apply when a particular expression is true, add
+// "typename EnableIf<expression>::type* = 0" as the last parameter.
+template<bool> struct EnableIf;
+template<> struct EnableIf<true> { typedef void type; };  // NOLINT
+
+// Utilities for native arrays.
+
+// ArrayEq() compares two k-dimensional native arrays using the
+// elements' operator==, where k can be any integer >= 0.  When k is
+// 0, ArrayEq() degenerates into comparing a single pair of values.
+
+template <typename T, typename U>
+bool ArrayEq(const T* lhs, size_t size, const U* rhs);
+
+// This generic version is used when k is 0.
+template <typename T, typename U>
+inline bool ArrayEq(const T& lhs, const U& rhs) { return lhs == rhs; }
+
+// This overload is used when k >= 1.
+template <typename T, typename U, size_t N>
+inline bool ArrayEq(const T(&lhs)[N], const U(&rhs)[N]) {
+  return internal::ArrayEq(lhs, N, rhs);
+}
+
+// This helper reduces code bloat.  If we instead put its logic inside
+// the previous ArrayEq() function, arrays with different sizes would
+// lead to different copies of the template code.
+template <typename T, typename U>
+bool ArrayEq(const T* lhs, size_t size, const U* rhs) {
+  for (size_t i = 0; i != size; i++) {
+    if (!internal::ArrayEq(lhs[i], rhs[i]))
+      return false;
+  }
+  return true;
+}
+
+// Finds the first element in the iterator range [begin, end) that
+// equals elem.  Element may be a native array type itself.
+template <typename Iter, typename Element>
+Iter ArrayAwareFind(Iter begin, Iter end, const Element& elem) {
+  for (Iter it = begin; it != end; ++it) {
+    if (internal::ArrayEq(*it, elem))
+      return it;
+  }
+  return end;
+}
+
+// CopyArray() copies a k-dimensional native array using the elements'
+// operator=, where k can be any integer >= 0.  When k is 0,
+// CopyArray() degenerates into copying a single value.
+
+template <typename T, typename U>
+void CopyArray(const T* from, size_t size, U* to);
+
+// This generic version is used when k is 0.
+template <typename T, typename U>
+inline void CopyArray(const T& from, U* to) { *to = from; }
+
+// This overload is used when k >= 1.
+template <typename T, typename U, size_t N>
+inline void CopyArray(const T(&from)[N], U(*to)[N]) {
+  internal::CopyArray(from, N, *to);
+}
+
+// This helper reduces code bloat.  If we instead put its logic inside
+// the previous CopyArray() function, arrays with different sizes
+// would lead to different copies of the template code.
+template <typename T, typename U>
+void CopyArray(const T* from, size_t size, U* to) {
+  for (size_t i = 0; i != size; i++) {
+    internal::CopyArray(from[i], to + i);
+  }
+}
+
+// The relation between an NativeArray object (see below) and the
+// native array it represents.
+// We use 2 different structs to allow non-copyable types to be used, as long
+// as RelationToSourceReference() is passed.
+struct RelationToSourceReference {};
+struct RelationToSourceCopy {};
+
+// Adapts a native array to a read-only STL-style container.  Instead
+// of the complete STL container concept, this adaptor only implements
+// members useful for Google Mock's container matchers.  New members
+// should be added as needed.  To simplify the implementation, we only
+// support Element being a raw type (i.e. having no top-level const or
+// reference modifier).  It's the client's responsibility to satisfy
+// this requirement.  Element can be an array type itself (hence
+// multi-dimensional arrays are supported).
+template <typename Element>
+class NativeArray {
+ public:
+  // STL-style container typedefs.
+  typedef Element value_type;
+  typedef Element* iterator;
+  typedef const Element* const_iterator;
+
+  // Constructs from a native array. References the source.
+  NativeArray(const Element* array, size_t count, RelationToSourceReference) {
+    InitRef(array, count);
+  }
+
+  // Constructs from a native array. Copies the source.
+  NativeArray(const Element* array, size_t count, RelationToSourceCopy) {
+    InitCopy(array, count);
+  }
+
+  // Copy constructor.
+  NativeArray(const NativeArray& rhs) {
+    (this->*rhs.clone_)(rhs.array_, rhs.size_);
+  }
+
+  ~NativeArray() {
+    if (clone_ != &NativeArray::InitRef)
+      delete[] array_;
+  }
+
+  // STL-style container methods.
+  size_t size() const { return size_; }
+  const_iterator begin() const { return array_; }
+  const_iterator end() const { return array_ + size_; }
+  bool operator==(const NativeArray& rhs) const {
+    return size() == rhs.size() &&
+        ArrayEq(begin(), size(), rhs.begin());
+  }
+
+ private:
+  enum {
+    kCheckTypeIsNotConstOrAReference = StaticAssertTypeEqHelper<
+        Element, GTEST_REMOVE_REFERENCE_AND_CONST_(Element)>::value,
+  };
+
+  // Initializes this object with a copy of the input.
+  void InitCopy(const Element* array, size_t a_size) {
+    Element* const copy = new Element[a_size];
+    CopyArray(array, a_size, copy);
+    array_ = copy;
+    size_ = a_size;
+    clone_ = &NativeArray::InitCopy;
+  }
+
+  // Initializes this object with a reference of the input.
+  void InitRef(const Element* array, size_t a_size) {
+    array_ = array;
+    size_ = a_size;
+    clone_ = &NativeArray::InitRef;
+  }
+
+  const Element* array_;
+  size_t size_;
+  void (NativeArray::*clone_)(const Element*, size_t);
+
+  GTEST_DISALLOW_ASSIGN_(NativeArray);
+};
+
+}  // namespace internal
+}  // namespace testing
+
+#define GTEST_MESSAGE_AT_(file, line, message, result_type) \
+  ::testing::internal::AssertHelper(result_type, file, line, message) \
+    = ::testing::Message()
+
+#define GTEST_MESSAGE_(message, result_type) \
+  GTEST_MESSAGE_AT_(__FILE__, __LINE__, message, result_type)
+
+#define GTEST_FATAL_FAILURE_(message) \
+  return GTEST_MESSAGE_(message, ::testing::TestPartResult::kFatalFailure)
+
+#define GTEST_NONFATAL_FAILURE_(message) \
+  GTEST_MESSAGE_(message, ::testing::TestPartResult::kNonFatalFailure)
+
+#define GTEST_SUCCESS_(message) \
+  GTEST_MESSAGE_(message, ::testing::TestPartResult::kSuccess)
+
+// Suppresses MSVC warnings 4072 (unreachable code) for the code following
+// statement if it returns or throws (or doesn't return or throw in some
+// situations).
+#define GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement) \
+  if (::testing::internal::AlwaysTrue()) { statement; }
+
+#define GTEST_TEST_THROW_(statement, expected_exception, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::ConstCharPtr gtest_msg = "") { \
+    bool gtest_caught_expected = false; \
+    try { \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    } \
+    catch (expected_exception const&) { \
+      gtest_caught_expected = true; \
+    } \
+    catch (...) { \
+      gtest_msg.value = \
+          "Expected: " #statement " throws an exception of type " \
+          #expected_exception ".\n  Actual: it throws a different type."; \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testthrow_, __LINE__); \
+    } \
+    if (!gtest_caught_expected) { \
+      gtest_msg.value = \
+          "Expected: " #statement " throws an exception of type " \
+          #expected_exception ".\n  Actual: it throws nothing."; \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testthrow_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testthrow_, __LINE__): \
+      fail(gtest_msg.value)
+
+#define GTEST_TEST_NO_THROW_(statement, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    try { \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    } \
+    catch (...) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testnothrow_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testnothrow_, __LINE__): \
+      fail("Expected: " #statement " doesn't throw an exception.\n" \
+           "  Actual: it throws.")
+
+#define GTEST_TEST_ANY_THROW_(statement, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    bool gtest_caught_any = false; \
+    try { \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    } \
+    catch (...) { \
+      gtest_caught_any = true; \
+    } \
+    if (!gtest_caught_any) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testanythrow_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testanythrow_, __LINE__): \
+      fail("Expected: " #statement " throws an exception.\n" \
+           "  Actual: it doesn't.")
+
+
+// Implements Boolean test assertions such as EXPECT_TRUE. expression can be
+// either a boolean expression or an AssertionResult. text is a textual
+// represenation of expression as it was passed into the EXPECT_TRUE.
+#define GTEST_TEST_BOOLEAN_(expression, text, actual, expected, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (const ::testing::AssertionResult gtest_ar_ = \
+      ::testing::AssertionResult(expression)) \
+    ; \
+  else \
+    fail(::testing::internal::GetBoolAssertionFailureMessage(\
+        gtest_ar_, text, #actual, #expected).c_str())
+
+#define GTEST_TEST_NO_FATAL_FAILURE_(statement, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    ::testing::internal::HasNewFatalFailureHelper gtest_fatal_failure_checker; \
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    if (gtest_fatal_failure_checker.has_new_fatal_failure()) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testnofatal_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testnofatal_, __LINE__): \
+      fail("Expected: " #statement " doesn't generate new fatal " \
+           "failures in the current thread.\n" \
+           "  Actual: it does.")
+
+// Expands to the name of the class that implements the given test.
+#define GTEST_TEST_CLASS_NAME_(test_case_name, test_name) \
+  test_case_name##_##test_name##_Test
+
+// Helper macro for defining tests.
+#define GTEST_TEST_(test_case_name, test_name, parent_class, parent_id)\
+class GTEST_TEST_CLASS_NAME_(test_case_name, test_name) : public parent_class {\
+ public:\
+  GTEST_TEST_CLASS_NAME_(test_case_name, test_name)() {}\
+ private:\
+  virtual void TestBody();\
+  static ::testing::TestInfo* const test_info_ GTEST_ATTRIBUTE_UNUSED_;\
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(\
+      GTEST_TEST_CLASS_NAME_(test_case_name, test_name));\
+};\
+\
+::testing::TestInfo* const GTEST_TEST_CLASS_NAME_(test_case_name, test_name)\
+  ::test_info_ =\
+    ::testing::internal::MakeAndRegisterTestInfo(\
+        #test_case_name, #test_name, NULL, NULL, \
+        (parent_id), \
+        parent_class::SetUpTestCase, \
+        parent_class::TearDownTestCase, \
+        new ::testing::internal::TestFactoryImpl<\
+            GTEST_TEST_CLASS_NAME_(test_case_name, test_name)>);\
+void GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::TestBody()
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_INTERNAL_H_
+
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
new file mode 100644
index 0000000..b1362cd
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
@@ -0,0 +1,233 @@
+// Copyright 2003 Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: Dan Egnor (egnor@google.com)
+//
+// A "smart" pointer type with reference tracking.  Every pointer to a
+// particular object is kept on a circular linked list.  When the last pointer
+// to an object is destroyed or reassigned, the object is deleted.
+//
+// Used properly, this deletes the object when the last reference goes away.
+// There are several caveats:
+// - Like all reference counting schemes, cycles lead to leaks.
+// - Each smart pointer is actually two pointers (8 bytes instead of 4).
+// - Every time a pointer is assigned, the entire list of pointers to that
+//   object is traversed.  This class is therefore NOT SUITABLE when there
+//   will often be more than two or three pointers to a particular object.
+// - References are only tracked as long as linked_ptr<> objects are copied.
+//   If a linked_ptr<> is converted to a raw pointer and back, BAD THINGS
+//   will happen (double deletion).
+//
+// A good use of this class is storing object references in STL containers.
+// You can safely put linked_ptr<> in a vector<>.
+// Other uses may not be as good.
+//
+// Note: If you use an incomplete type with linked_ptr<>, the class
+// *containing* linked_ptr<> must have a constructor and destructor (even
+// if they do nothing!).
+//
+// Bill Gibbons suggested we use something like this.
+//
+// Thread Safety:
+//   Unlike other linked_ptr implementations, in this implementation
+//   a linked_ptr object is thread-safe in the sense that:
+//     - it's safe to copy linked_ptr objects concurrently,
+//     - it's safe to copy *from* a linked_ptr and read its underlying
+//       raw pointer (e.g. via get()) concurrently, and
+//     - it's safe to write to two linked_ptrs that point to the same
+//       shared object concurrently.
+// TODO(wan@google.com): rename this to safe_linked_ptr to avoid
+// confusion with normal linked_ptr.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_LINKED_PTR_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_LINKED_PTR_H_
+
+#include <stdlib.h>
+#include <assert.h>
+
+#include "gtest/internal/gtest-port.h"
+
+namespace testing {
+namespace internal {
+
+// Protects copying of all linked_ptr objects.
+GTEST_API_ GTEST_DECLARE_STATIC_MUTEX_(g_linked_ptr_mutex);
+
+// This is used internally by all instances of linked_ptr<>.  It needs to be
+// a non-template class because different types of linked_ptr<> can refer to
+// the same object (linked_ptr<Superclass>(obj) vs linked_ptr<Subclass>(obj)).
+// So, it needs to be possible for different types of linked_ptr to participate
+// in the same circular linked list, so we need a single class type here.
+//
+// DO NOT USE THIS CLASS DIRECTLY YOURSELF.  Use linked_ptr<T>.
+class linked_ptr_internal {
+ public:
+  // Create a new circle that includes only this instance.
+  void join_new() {
+    next_ = this;
+  }
+
+  // Many linked_ptr operations may change p.link_ for some linked_ptr
+  // variable p in the same circle as this object.  Therefore we need
+  // to prevent two such operations from occurring concurrently.
+  //
+  // Note that different types of linked_ptr objects can coexist in a
+  // circle (e.g. linked_ptr<Base>, linked_ptr<Derived1>, and
+  // linked_ptr<Derived2>).  Therefore we must use a single mutex to
+  // protect all linked_ptr objects.  This can create serious
+  // contention in production code, but is acceptable in a testing
+  // framework.
+
+  // Join an existing circle.
+  void join(linked_ptr_internal const* ptr)
+      GTEST_LOCK_EXCLUDED_(g_linked_ptr_mutex) {
+    MutexLock lock(&g_linked_ptr_mutex);
+
+    linked_ptr_internal const* p = ptr;
+    while (p->next_ != ptr) p = p->next_;
+    p->next_ = this;
+    next_ = ptr;
+  }
+
+  // Leave whatever circle we're part of.  Returns true if we were the
+  // last member of the circle.  Once this is done, you can join() another.
+  bool depart()
+      GTEST_LOCK_EXCLUDED_(g_linked_ptr_mutex) {
+    MutexLock lock(&g_linked_ptr_mutex);
+
+    if (next_ == this) return true;
+    linked_ptr_internal const* p = next_;
+    while (p->next_ != this) p = p->next_;
+    p->next_ = next_;
+    return false;
+  }
+
+ private:
+  mutable linked_ptr_internal const* next_;
+};
+
+template <typename T>
+class linked_ptr {
+ public:
+  typedef T element_type;
+
+  // Take over ownership of a raw pointer.  This should happen as soon as
+  // possible after the object is created.
+  explicit linked_ptr(T* ptr = NULL) { capture(ptr); }
+  ~linked_ptr() { depart(); }
+
+  // Copy an existing linked_ptr<>, adding ourselves to the list of references.
+  template <typename U> linked_ptr(linked_ptr<U> const& ptr) { copy(&ptr); }
+  linked_ptr(linked_ptr const& ptr) {  // NOLINT
+    assert(&ptr != this);
+    copy(&ptr);
+  }
+
+  // Assignment releases the old value and acquires the new.
+  template <typename U> linked_ptr& operator=(linked_ptr<U> const& ptr) {
+    depart();
+    copy(&ptr);
+    return *this;
+  }
+
+  linked_ptr& operator=(linked_ptr const& ptr) {
+    if (&ptr != this) {
+      depart();
+      copy(&ptr);
+    }
+    return *this;
+  }
+
+  // Smart pointer members.
+  void reset(T* ptr = NULL) {
+    depart();
+    capture(ptr);
+  }
+  T* get() const { return value_; }
+  T* operator->() const { return value_; }
+  T& operator*() const { return *value_; }
+
+  bool operator==(T* p) const { return value_ == p; }
+  bool operator!=(T* p) const { return value_ != p; }
+  template <typename U>
+  bool operator==(linked_ptr<U> const& ptr) const {
+    return value_ == ptr.get();
+  }
+  template <typename U>
+  bool operator!=(linked_ptr<U> const& ptr) const {
+    return value_ != ptr.get();
+  }
+
+ private:
+  template <typename U>
+  friend class linked_ptr;
+
+  T* value_;
+  linked_ptr_internal link_;
+
+  void depart() {
+    if (link_.depart()) delete value_;
+  }
+
+  void capture(T* ptr) {
+    value_ = ptr;
+    link_.join_new();
+  }
+
+  template <typename U> void copy(linked_ptr<U> const* ptr) {
+    value_ = ptr->get();
+    if (value_)
+      link_.join(&ptr->link_);
+    else
+      link_.join_new();
+  }
+};
+
+template<typename T> inline
+bool operator==(T* ptr, const linked_ptr<T>& x) {
+  return ptr == x.get();
+}
+
+template<typename T> inline
+bool operator!=(T* ptr, const linked_ptr<T>& x) {
+  return ptr != x.get();
+}
+
+// A function to convert T* into linked_ptr<T>
+// Doing e.g. make_linked_ptr(new FooBarBaz<type>(arg)) is a shorter notation
+// for linked_ptr<FooBarBaz<type> >(new FooBarBaz<type>(arg))
+template <typename T>
+linked_ptr<T> make_linked_ptr(T* ptr) {
+  return linked_ptr<T>(ptr);
+}
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_LINKED_PTR_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
new file mode 100644
index 0000000..6dbaf4b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
@@ -0,0 +1,5143 @@
+// This file was GENERATED by command:
+//     pump.py gtest-param-util-generated.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// Type and function utilities for implementing parameterized tests.
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently Google Test supports at most 50 arguments in Values,
+// and at most 10 arguments in Combine. Please contact
+// googletestframework@googlegroups.com if you need more.
+// Please note that the number of arguments to Combine is limited
+// by the maximum arity of the implementation of tuple which is
+// currently set at 10.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Forward declarations of ValuesIn(), which is implemented in
+// include/gtest/gtest-param-test.h.
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end);
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]);
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container);
+
+namespace internal {
+
+// Used in the Values() function to provide polymorphic capabilities.
+template <typename T1>
+class ValueArray1 {
+ public:
+  explicit ValueArray1(T1 v1) : v1_(v1) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const { return ValuesIn(&v1_, &v1_ + 1); }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray1& other);
+
+  const T1 v1_;
+};
+
+template <typename T1, typename T2>
+class ValueArray2 {
+ public:
+  ValueArray2(T1 v1, T2 v2) : v1_(v1), v2_(v2) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray2& other);
+
+  const T1 v1_;
+  const T2 v2_;
+};
+
+template <typename T1, typename T2, typename T3>
+class ValueArray3 {
+ public:
+  ValueArray3(T1 v1, T2 v2, T3 v3) : v1_(v1), v2_(v2), v3_(v3) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray3& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4>
+class ValueArray4 {
+ public:
+  ValueArray4(T1 v1, T2 v2, T3 v3, T4 v4) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray4& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+class ValueArray5 {
+ public:
+  ValueArray5(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray5& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+class ValueArray6 {
+ public:
+  ValueArray6(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray6& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+class ValueArray7 {
+ public:
+  ValueArray7(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray7& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+class ValueArray8 {
+ public:
+  ValueArray8(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+      T8 v8) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray8& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+class ValueArray9 {
+ public:
+  ValueArray9(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+      T9 v9) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray9& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+class ValueArray10 {
+ public:
+  ValueArray10(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray10& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+class ValueArray11 {
+ public:
+  ValueArray11(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray11& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+class ValueArray12 {
+ public:
+  ValueArray12(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray12& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+class ValueArray13 {
+ public:
+  ValueArray13(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray13& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+class ValueArray14 {
+ public:
+  ValueArray14(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray14& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+class ValueArray15 {
+ public:
+  ValueArray15(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray15& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+class ValueArray16 {
+ public:
+  ValueArray16(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray16& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+class ValueArray17 {
+ public:
+  ValueArray17(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16,
+      T17 v17) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray17& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+class ValueArray18 {
+ public:
+  ValueArray18(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray18& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+class ValueArray19 {
+ public:
+  ValueArray19(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray19& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+class ValueArray20 {
+ public:
+  ValueArray20(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray20& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+class ValueArray21 {
+ public:
+  ValueArray21(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray21& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+class ValueArray22 {
+ public:
+  ValueArray22(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray22& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+class ValueArray23 {
+ public:
+  ValueArray23(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray23& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+class ValueArray24 {
+ public:
+  ValueArray24(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray24& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+class ValueArray25 {
+ public:
+  ValueArray25(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24,
+      T25 v25) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray25& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+class ValueArray26 {
+ public:
+  ValueArray26(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray26& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+class ValueArray27 {
+ public:
+  ValueArray27(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19),
+      v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25),
+      v26_(v26), v27_(v27) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray27& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+class ValueArray28 {
+ public:
+  ValueArray28(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24),
+      v25_(v25), v26_(v26), v27_(v27), v28_(v28) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray28& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+class ValueArray29 {
+ public:
+  ValueArray29(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23),
+      v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray29& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+class ValueArray30 {
+ public:
+  ValueArray30(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray30& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+class ValueArray31 {
+ public:
+  ValueArray31(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray31& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+class ValueArray32 {
+ public:
+  ValueArray32(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27),
+      v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray32& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+class ValueArray33 {
+ public:
+  ValueArray33(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32,
+      T33 v33) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray33& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+class ValueArray34 {
+ public:
+  ValueArray34(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray34& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+class ValueArray35 {
+ public:
+  ValueArray35(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19),
+      v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25),
+      v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31),
+      v32_(v32), v33_(v33), v34_(v34), v35_(v35) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray35& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+class ValueArray36 {
+ public:
+  ValueArray36(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24),
+      v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30),
+      v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35), v36_(v36) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray36& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+class ValueArray37 {
+ public:
+  ValueArray37(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23),
+      v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29),
+      v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35),
+      v36_(v36), v37_(v37) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray37& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+class ValueArray38 {
+ public:
+  ValueArray38(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray38& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+class ValueArray39 {
+ public:
+  ValueArray39(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray39& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+class ValueArray40 {
+ public:
+  ValueArray40(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27),
+      v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33),
+      v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39),
+      v40_(v40) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray40& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+class ValueArray41 {
+ public:
+  ValueArray41(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40,
+      T41 v41) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray41& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+class ValueArray42 {
+ public:
+  ValueArray42(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41), v42_(v42) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray42& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+class ValueArray43 {
+ public:
+  ValueArray43(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19),
+      v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25),
+      v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31),
+      v32_(v32), v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37),
+      v38_(v38), v39_(v39), v40_(v40), v41_(v41), v42_(v42), v43_(v43) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray43& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+class ValueArray44 {
+ public:
+  ValueArray44(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24),
+      v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30),
+      v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35), v36_(v36),
+      v37_(v37), v38_(v38), v39_(v39), v40_(v40), v41_(v41), v42_(v42),
+      v43_(v43), v44_(v44) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray44& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+class ValueArray45 {
+ public:
+  ValueArray45(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23),
+      v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29),
+      v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35),
+      v36_(v36), v37_(v37), v38_(v38), v39_(v39), v40_(v40), v41_(v41),
+      v42_(v42), v43_(v43), v44_(v44), v45_(v45) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray45& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+class ValueArray46 {
+ public:
+  ValueArray46(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39), v40_(v40),
+      v41_(v41), v42_(v42), v43_(v43), v44_(v44), v45_(v45), v46_(v46) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray46& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+class ValueArray47 {
+ public:
+  ValueArray47(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39), v40_(v40),
+      v41_(v41), v42_(v42), v43_(v43), v44_(v44), v45_(v45), v46_(v46),
+      v47_(v47) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray47& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+class ValueArray48 {
+ public:
+  ValueArray48(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47, T48 v48) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27),
+      v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33),
+      v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39),
+      v40_(v40), v41_(v41), v42_(v42), v43_(v43), v44_(v44), v45_(v45),
+      v46_(v46), v47_(v47), v48_(v48) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_),
+        static_cast<T>(v48_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray48& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+  const T48 v48_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+class ValueArray49 {
+ public:
+  ValueArray49(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47, T48 v48,
+      T49 v49) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41), v42_(v42), v43_(v43), v44_(v44),
+      v45_(v45), v46_(v46), v47_(v47), v48_(v48), v49_(v49) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_),
+        static_cast<T>(v48_), static_cast<T>(v49_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray49& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+  const T48 v48_;
+  const T49 v49_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+class ValueArray50 {
+ public:
+  ValueArray50(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47, T48 v48, T49 v49,
+      T50 v50) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41), v42_(v42), v43_(v43), v44_(v44),
+      v45_(v45), v46_(v46), v47_(v47), v48_(v48), v49_(v49), v50_(v50) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_),
+        static_cast<T>(v48_), static_cast<T>(v49_), static_cast<T>(v50_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray50& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+  const T48 v48_;
+  const T49 v49_;
+  const T50 v50_;
+};
+
+# if GTEST_HAS_COMBINE
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Generates values from the Cartesian product of values produced
+// by the argument generators.
+//
+template <typename T1, typename T2>
+class CartesianProductGenerator2
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2> > {
+ public:
+  typedef ::testing::tuple<T1, T2> ParamType;
+
+  CartesianProductGenerator2(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2)
+      : g1_(g1), g2_(g2) {}
+  virtual ~CartesianProductGenerator2() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current2_;
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator2::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator2& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+};  // class CartesianProductGenerator2
+
+
+template <typename T1, typename T2, typename T3>
+class CartesianProductGenerator3
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3> ParamType;
+
+  CartesianProductGenerator3(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3)
+      : g1_(g1), g2_(g2), g3_(g3) {}
+  virtual ~CartesianProductGenerator3() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current3_;
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator3::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator3& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+};  // class CartesianProductGenerator3
+
+
+template <typename T1, typename T2, typename T3, typename T4>
+class CartesianProductGenerator4
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4> ParamType;
+
+  CartesianProductGenerator4(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4) {}
+  virtual ~CartesianProductGenerator4() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current4_;
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator4::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator4& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+};  // class CartesianProductGenerator4
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+class CartesianProductGenerator5
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5> ParamType;
+
+  CartesianProductGenerator5(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5) {}
+  virtual ~CartesianProductGenerator5() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current5_;
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator5::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator5& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+};  // class CartesianProductGenerator5
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+class CartesianProductGenerator6
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5,
+        T6> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6> ParamType;
+
+  CartesianProductGenerator6(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6) {}
+  virtual ~CartesianProductGenerator6() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current6_;
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator6::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator6& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+};  // class CartesianProductGenerator6
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+class CartesianProductGenerator7
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7> ParamType;
+
+  CartesianProductGenerator7(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7) {}
+  virtual ~CartesianProductGenerator7() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current7_;
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator7::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator7& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+};  // class CartesianProductGenerator7
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+class CartesianProductGenerator8
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7, T8> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8> ParamType;
+
+  CartesianProductGenerator8(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7,
+      const ParamGenerator<T8>& g8)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7),
+          g8_(g8) {}
+  virtual ~CartesianProductGenerator8() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin(), g8_, g8_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end(), g8_,
+        g8_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7,
+      const ParamGenerator<T8>& g8,
+      const typename ParamGenerator<T8>::iterator& current8)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7),
+          begin8_(g8.begin()), end8_(g8.end()), current8_(current8)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current8_;
+      if (current8_ == end8_) {
+        current8_ = begin8_;
+        ++current7_;
+      }
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_ &&
+          current8_ == typed_other->current8_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_),
+        begin8_(other.begin8_),
+        end8_(other.end8_),
+        current8_(other.current8_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_, *current8_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_ ||
+          current8_ == end8_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    const typename ParamGenerator<T8>::iterator begin8_;
+    const typename ParamGenerator<T8>::iterator end8_;
+    typename ParamGenerator<T8>::iterator current8_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator8::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator8& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+  const ParamGenerator<T8> g8_;
+};  // class CartesianProductGenerator8
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+class CartesianProductGenerator9
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7, T8, T9> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9> ParamType;
+
+  CartesianProductGenerator9(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7,
+      const ParamGenerator<T8>& g8, const ParamGenerator<T9>& g9)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9) {}
+  virtual ~CartesianProductGenerator9() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin(), g8_, g8_.begin(), g9_, g9_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end(), g8_,
+        g8_.end(), g9_, g9_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7,
+      const ParamGenerator<T8>& g8,
+      const typename ParamGenerator<T8>::iterator& current8,
+      const ParamGenerator<T9>& g9,
+      const typename ParamGenerator<T9>::iterator& current9)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7),
+          begin8_(g8.begin()), end8_(g8.end()), current8_(current8),
+          begin9_(g9.begin()), end9_(g9.end()), current9_(current9)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current9_;
+      if (current9_ == end9_) {
+        current9_ = begin9_;
+        ++current8_;
+      }
+      if (current8_ == end8_) {
+        current8_ = begin8_;
+        ++current7_;
+      }
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_ &&
+          current8_ == typed_other->current8_ &&
+          current9_ == typed_other->current9_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_),
+        begin8_(other.begin8_),
+        end8_(other.end8_),
+        current8_(other.current8_),
+        begin9_(other.begin9_),
+        end9_(other.end9_),
+        current9_(other.current9_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_, *current8_,
+            *current9_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_ ||
+          current8_ == end8_ ||
+          current9_ == end9_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    const typename ParamGenerator<T8>::iterator begin8_;
+    const typename ParamGenerator<T8>::iterator end8_;
+    typename ParamGenerator<T8>::iterator current8_;
+    const typename ParamGenerator<T9>::iterator begin9_;
+    const typename ParamGenerator<T9>::iterator end9_;
+    typename ParamGenerator<T9>::iterator current9_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator9::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator9& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+  const ParamGenerator<T8> g8_;
+  const ParamGenerator<T9> g9_;
+};  // class CartesianProductGenerator9
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+class CartesianProductGenerator10
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7, T8, T9, T10> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> ParamType;
+
+  CartesianProductGenerator10(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7,
+      const ParamGenerator<T8>& g8, const ParamGenerator<T9>& g9,
+      const ParamGenerator<T10>& g10)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9), g10_(g10) {}
+  virtual ~CartesianProductGenerator10() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin(), g8_, g8_.begin(), g9_, g9_.begin(), g10_, g10_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end(), g8_,
+        g8_.end(), g9_, g9_.end(), g10_, g10_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7,
+      const ParamGenerator<T8>& g8,
+      const typename ParamGenerator<T8>::iterator& current8,
+      const ParamGenerator<T9>& g9,
+      const typename ParamGenerator<T9>::iterator& current9,
+      const ParamGenerator<T10>& g10,
+      const typename ParamGenerator<T10>::iterator& current10)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7),
+          begin8_(g8.begin()), end8_(g8.end()), current8_(current8),
+          begin9_(g9.begin()), end9_(g9.end()), current9_(current9),
+          begin10_(g10.begin()), end10_(g10.end()), current10_(current10)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current10_;
+      if (current10_ == end10_) {
+        current10_ = begin10_;
+        ++current9_;
+      }
+      if (current9_ == end9_) {
+        current9_ = begin9_;
+        ++current8_;
+      }
+      if (current8_ == end8_) {
+        current8_ = begin8_;
+        ++current7_;
+      }
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_ &&
+          current8_ == typed_other->current8_ &&
+          current9_ == typed_other->current9_ &&
+          current10_ == typed_other->current10_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_),
+        begin8_(other.begin8_),
+        end8_(other.end8_),
+        current8_(other.current8_),
+        begin9_(other.begin9_),
+        end9_(other.end9_),
+        current9_(other.current9_),
+        begin10_(other.begin10_),
+        end10_(other.end10_),
+        current10_(other.current10_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_, *current8_,
+            *current9_, *current10_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_ ||
+          current8_ == end8_ ||
+          current9_ == end9_ ||
+          current10_ == end10_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    const typename ParamGenerator<T8>::iterator begin8_;
+    const typename ParamGenerator<T8>::iterator end8_;
+    typename ParamGenerator<T8>::iterator current8_;
+    const typename ParamGenerator<T9>::iterator begin9_;
+    const typename ParamGenerator<T9>::iterator end9_;
+    typename ParamGenerator<T9>::iterator current9_;
+    const typename ParamGenerator<T10>::iterator begin10_;
+    const typename ParamGenerator<T10>::iterator end10_;
+    typename ParamGenerator<T10>::iterator current10_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator10::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator10& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+  const ParamGenerator<T8> g8_;
+  const ParamGenerator<T9> g9_;
+  const ParamGenerator<T10> g10_;
+};  // class CartesianProductGenerator10
+
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Helper classes providing Combine() with polymorphic features. They allow
+// casting CartesianProductGeneratorN<T> to ParamGenerator<U> if T is
+// convertible to U.
+//
+template <class Generator1, class Generator2>
+class CartesianProductHolder2 {
+ public:
+CartesianProductHolder2(const Generator1& g1, const Generator2& g2)
+      : g1_(g1), g2_(g2) {}
+  template <typename T1, typename T2>
+  operator ParamGenerator< ::testing::tuple<T1, T2> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2> >(
+        new CartesianProductGenerator2<T1, T2>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder2& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+};  // class CartesianProductHolder2
+
+template <class Generator1, class Generator2, class Generator3>
+class CartesianProductHolder3 {
+ public:
+CartesianProductHolder3(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3)
+      : g1_(g1), g2_(g2), g3_(g3) {}
+  template <typename T1, typename T2, typename T3>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3> >(
+        new CartesianProductGenerator3<T1, T2, T3>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder3& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+};  // class CartesianProductHolder3
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4>
+class CartesianProductHolder4 {
+ public:
+CartesianProductHolder4(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4) {}
+  template <typename T1, typename T2, typename T3, typename T4>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4> >(
+        new CartesianProductGenerator4<T1, T2, T3, T4>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder4& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+};  // class CartesianProductHolder4
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5>
+class CartesianProductHolder5 {
+ public:
+CartesianProductHolder5(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5> >(
+        new CartesianProductGenerator5<T1, T2, T3, T4, T5>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder5& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+};  // class CartesianProductHolder5
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6>
+class CartesianProductHolder6 {
+ public:
+CartesianProductHolder6(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6> >(
+        new CartesianProductGenerator6<T1, T2, T3, T4, T5, T6>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder6& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+};  // class CartesianProductHolder6
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7>
+class CartesianProductHolder7 {
+ public:
+CartesianProductHolder7(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+      T7> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7> >(
+        new CartesianProductGenerator7<T1, T2, T3, T4, T5, T6, T7>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder7& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+};  // class CartesianProductHolder7
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7,
+    class Generator8>
+class CartesianProductHolder8 {
+ public:
+CartesianProductHolder8(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7, const Generator8& g8)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7),
+          g8_(g8) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7, typename T8>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7,
+      T8> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8> >(
+        new CartesianProductGenerator8<T1, T2, T3, T4, T5, T6, T7, T8>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_),
+        static_cast<ParamGenerator<T8> >(g8_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder8& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+  const Generator8 g8_;
+};  // class CartesianProductHolder8
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7,
+    class Generator8, class Generator9>
+class CartesianProductHolder9 {
+ public:
+CartesianProductHolder9(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7, const Generator8& g8,
+    const Generator9& g9)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7, typename T8, typename T9>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8,
+      T9> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8,
+        T9> >(
+        new CartesianProductGenerator9<T1, T2, T3, T4, T5, T6, T7, T8, T9>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_),
+        static_cast<ParamGenerator<T8> >(g8_),
+        static_cast<ParamGenerator<T9> >(g9_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder9& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+  const Generator8 g8_;
+  const Generator9 g9_;
+};  // class CartesianProductHolder9
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7,
+    class Generator8, class Generator9, class Generator10>
+class CartesianProductHolder10 {
+ public:
+CartesianProductHolder10(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7, const Generator8& g8,
+    const Generator9& g9, const Generator10& g10)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9), g10_(g10) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7, typename T8, typename T9, typename T10>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9,
+      T10> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9,
+        T10> >(
+        new CartesianProductGenerator10<T1, T2, T3, T4, T5, T6, T7, T8, T9,
+            T10>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_),
+        static_cast<ParamGenerator<T8> >(g8_),
+        static_cast<ParamGenerator<T9> >(g9_),
+        static_cast<ParamGenerator<T10> >(g10_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder10& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+  const Generator8 g8_;
+  const Generator9 g9_;
+  const Generator10 g10_;
+};  // class CartesianProductHolder10
+
+# endif  // GTEST_HAS_COMBINE
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  //  GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
new file mode 100644
index 0000000..801a2fc
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
@@ -0,0 +1,301 @@
+$$ -*- mode: c++; -*-
+$var n = 50  $$ Maximum length of Values arguments we want to support.
+$var maxtuple = 10  $$ Maximum number of Combine arguments we want to support.
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// Type and function utilities for implementing parameterized tests.
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently Google Test supports at most $n arguments in Values,
+// and at most $maxtuple arguments in Combine. Please contact
+// googletestframework@googlegroups.com if you need more.
+// Please note that the number of arguments to Combine is limited
+// by the maximum arity of the implementation of tuple which is
+// currently set at $maxtuple.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Forward declarations of ValuesIn(), which is implemented in
+// include/gtest/gtest-param-test.h.
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end);
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]);
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container);
+
+namespace internal {
+
+// Used in the Values() function to provide polymorphic capabilities.
+template <typename T1>
+class ValueArray1 {
+ public:
+  explicit ValueArray1(T1 v1) : v1_(v1) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const { return ValuesIn(&v1_, &v1_ + 1); }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray1& other);
+
+  const T1 v1_;
+};
+
+$range i 2..n
+$for i [[
+$range j 1..i
+
+template <$for j, [[typename T$j]]>
+class ValueArray$i {
+ public:
+  ValueArray$i($for j, [[T$j v$j]]) : $for j, [[v$(j)_(v$j)]] {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {$for j, [[static_cast<T>(v$(j)_)]]};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray$i& other);
+
+$for j [[
+
+  const T$j v$(j)_;
+]]
+
+};
+
+]]
+
+# if GTEST_HAS_COMBINE
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Generates values from the Cartesian product of values produced
+// by the argument generators.
+//
+$range i 2..maxtuple
+$for i [[
+$range j 1..i
+$range k 2..i
+
+template <$for j, [[typename T$j]]>
+class CartesianProductGenerator$i
+    : public ParamGeneratorInterface< ::testing::tuple<$for j, [[T$j]]> > {
+ public:
+  typedef ::testing::tuple<$for j, [[T$j]]> ParamType;
+
+  CartesianProductGenerator$i($for j, [[const ParamGenerator<T$j>& g$j]])
+      : $for j, [[g$(j)_(g$j)]] {}
+  virtual ~CartesianProductGenerator$i() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, $for j, [[g$(j)_, g$(j)_.begin()]]);
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, $for j, [[g$(j)_, g$(j)_.end()]]);
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base, $for j, [[
+
+      const ParamGenerator<T$j>& g$j,
+      const typename ParamGenerator<T$j>::iterator& current$(j)]])
+        : base_(base),
+$for j, [[
+
+          begin$(j)_(g$j.begin()), end$(j)_(g$j.end()), current$(j)_(current$j)
+]]    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current$(i)_;
+
+$for k [[
+      if (current$(i+2-k)_ == end$(i+2-k)_) {
+        current$(i+2-k)_ = begin$(i+2-k)_;
+        ++current$(i+2-k-1)_;
+      }
+
+]]
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         ($for j  && [[
+
+          current$(j)_ == typed_other->current$(j)_
+]]);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_), $for j, [[
+
+        begin$(j)_(other.begin$(j)_),
+        end$(j)_(other.end$(j)_),
+        current$(j)_(other.current$(j)_)
+]] {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType($for j, [[*current$(j)_]]);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+$for j  || [[
+
+          current$(j)_ == end$(j)_
+]];
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+$for j [[
+
+    const typename ParamGenerator<T$j>::iterator begin$(j)_;
+    const typename ParamGenerator<T$j>::iterator end$(j)_;
+    typename ParamGenerator<T$j>::iterator current$(j)_;
+]]
+
+    ParamType current_value_;
+  };  // class CartesianProductGenerator$i::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator$i& other);
+
+
+$for j [[
+  const ParamGenerator<T$j> g$(j)_;
+
+]]
+};  // class CartesianProductGenerator$i
+
+
+]]
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Helper classes providing Combine() with polymorphic features. They allow
+// casting CartesianProductGeneratorN<T> to ParamGenerator<U> if T is
+// convertible to U.
+//
+$range i 2..maxtuple
+$for i [[
+$range j 1..i
+
+template <$for j, [[class Generator$j]]>
+class CartesianProductHolder$i {
+ public:
+CartesianProductHolder$i($for j, [[const Generator$j& g$j]])
+      : $for j, [[g$(j)_(g$j)]] {}
+  template <$for j, [[typename T$j]]>
+  operator ParamGenerator< ::testing::tuple<$for j, [[T$j]]> >() const {
+    return ParamGenerator< ::testing::tuple<$for j, [[T$j]]> >(
+        new CartesianProductGenerator$i<$for j, [[T$j]]>(
+$for j,[[
+
+        static_cast<ParamGenerator<T$j> >(g$(j)_)
+]]));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder$i& other);
+
+
+$for j [[
+  const Generator$j g$(j)_;
+
+]]
+};  // class CartesianProductHolder$i
+
+]]
+
+# endif  // GTEST_HAS_COMBINE
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  //  GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util.h
new file mode 100644
index 0000000..d5e1028
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-param-util.h
@@ -0,0 +1,619 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// Type and function utilities for implementing parameterized tests.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_H_
+
+#include <iterator>
+#include <utility>
+#include <vector>
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-linked_ptr.h"
+#include "gtest/internal/gtest-port.h"
+#include "gtest/gtest-printers.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+namespace internal {
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Outputs a message explaining invalid registration of different
+// fixture class for the same test case. This may happen when
+// TEST_P macro is used to define two tests with the same name
+// but in different namespaces.
+GTEST_API_ void ReportInvalidTestCaseType(const char* test_case_name,
+                                          const char* file, int line);
+
+template <typename> class ParamGeneratorInterface;
+template <typename> class ParamGenerator;
+
+// Interface for iterating over elements provided by an implementation
+// of ParamGeneratorInterface<T>.
+template <typename T>
+class ParamIteratorInterface {
+ public:
+  virtual ~ParamIteratorInterface() {}
+  // A pointer to the base generator instance.
+  // Used only for the purposes of iterator comparison
+  // to make sure that two iterators belong to the same generator.
+  virtual const ParamGeneratorInterface<T>* BaseGenerator() const = 0;
+  // Advances iterator to point to the next element
+  // provided by the generator. The caller is responsible
+  // for not calling Advance() on an iterator equal to
+  // BaseGenerator()->End().
+  virtual void Advance() = 0;
+  // Clones the iterator object. Used for implementing copy semantics
+  // of ParamIterator<T>.
+  virtual ParamIteratorInterface* Clone() const = 0;
+  // Dereferences the current iterator and provides (read-only) access
+  // to the pointed value. It is the caller's responsibility not to call
+  // Current() on an iterator equal to BaseGenerator()->End().
+  // Used for implementing ParamGenerator<T>::operator*().
+  virtual const T* Current() const = 0;
+  // Determines whether the given iterator and other point to the same
+  // element in the sequence generated by the generator.
+  // Used for implementing ParamGenerator<T>::operator==().
+  virtual bool Equals(const ParamIteratorInterface& other) const = 0;
+};
+
+// Class iterating over elements provided by an implementation of
+// ParamGeneratorInterface<T>. It wraps ParamIteratorInterface<T>
+// and implements the const forward iterator concept.
+template <typename T>
+class ParamIterator {
+ public:
+  typedef T value_type;
+  typedef const T& reference;
+  typedef ptrdiff_t difference_type;
+
+  // ParamIterator assumes ownership of the impl_ pointer.
+  ParamIterator(const ParamIterator& other) : impl_(other.impl_->Clone()) {}
+  ParamIterator& operator=(const ParamIterator& other) {
+    if (this != &other)
+      impl_.reset(other.impl_->Clone());
+    return *this;
+  }
+
+  const T& operator*() const { return *impl_->Current(); }
+  const T* operator->() const { return impl_->Current(); }
+  // Prefix version of operator++.
+  ParamIterator& operator++() {
+    impl_->Advance();
+    return *this;
+  }
+  // Postfix version of operator++.
+  ParamIterator operator++(int /*unused*/) {
+    ParamIteratorInterface<T>* clone = impl_->Clone();
+    impl_->Advance();
+    return ParamIterator(clone);
+  }
+  bool operator==(const ParamIterator& other) const {
+    return impl_.get() == other.impl_.get() || impl_->Equals(*other.impl_);
+  }
+  bool operator!=(const ParamIterator& other) const {
+    return !(*this == other);
+  }
+
+ private:
+  friend class ParamGenerator<T>;
+  explicit ParamIterator(ParamIteratorInterface<T>* impl) : impl_(impl) {}
+  scoped_ptr<ParamIteratorInterface<T> > impl_;
+};
+
+// ParamGeneratorInterface<T> is the binary interface to access generators
+// defined in other translation units.
+template <typename T>
+class ParamGeneratorInterface {
+ public:
+  typedef T ParamType;
+
+  virtual ~ParamGeneratorInterface() {}
+
+  // Generator interface definition
+  virtual ParamIteratorInterface<T>* Begin() const = 0;
+  virtual ParamIteratorInterface<T>* End() const = 0;
+};
+
+// Wraps ParamGeneratorInterface<T> and provides general generator syntax
+// compatible with the STL Container concept.
+// This class implements copy initialization semantics and the contained
+// ParamGeneratorInterface<T> instance is shared among all copies
+// of the original object. This is possible because that instance is immutable.
+template<typename T>
+class ParamGenerator {
+ public:
+  typedef ParamIterator<T> iterator;
+
+  explicit ParamGenerator(ParamGeneratorInterface<T>* impl) : impl_(impl) {}
+  ParamGenerator(const ParamGenerator& other) : impl_(other.impl_) {}
+
+  ParamGenerator& operator=(const ParamGenerator& other) {
+    impl_ = other.impl_;
+    return *this;
+  }
+
+  iterator begin() const { return iterator(impl_->Begin()); }
+  iterator end() const { return iterator(impl_->End()); }
+
+ private:
+  linked_ptr<const ParamGeneratorInterface<T> > impl_;
+};
+
+// Generates values from a range of two comparable values. Can be used to
+// generate sequences of user-defined types that implement operator+() and
+// operator<().
+// This class is used in the Range() function.
+template <typename T, typename IncrementT>
+class RangeGenerator : public ParamGeneratorInterface<T> {
+ public:
+  RangeGenerator(T begin, T end, IncrementT step)
+      : begin_(begin), end_(end),
+        step_(step), end_index_(CalculateEndIndex(begin, end, step)) {}
+  virtual ~RangeGenerator() {}
+
+  virtual ParamIteratorInterface<T>* Begin() const {
+    return new Iterator(this, begin_, 0, step_);
+  }
+  virtual ParamIteratorInterface<T>* End() const {
+    return new Iterator(this, end_, end_index_, step_);
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<T> {
+   public:
+    Iterator(const ParamGeneratorInterface<T>* base, T value, int index,
+             IncrementT step)
+        : base_(base), value_(value), index_(index), step_(step) {}
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<T>* BaseGenerator() const {
+      return base_;
+    }
+    virtual void Advance() {
+      value_ = value_ + step_;
+      index_++;
+    }
+    virtual ParamIteratorInterface<T>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const T* Current() const { return &value_; }
+    virtual bool Equals(const ParamIteratorInterface<T>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const int other_index =
+          CheckedDowncastToActualType<const Iterator>(&other)->index_;
+      return index_ == other_index;
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : ParamIteratorInterface<T>(),
+          base_(other.base_), value_(other.value_), index_(other.index_),
+          step_(other.step_) {}
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<T>* const base_;
+    T value_;
+    int index_;
+    const IncrementT step_;
+  };  // class RangeGenerator::Iterator
+
+  static int CalculateEndIndex(const T& begin,
+                               const T& end,
+                               const IncrementT& step) {
+    int end_index = 0;
+    for (T i = begin; i < end; i = i + step)
+      end_index++;
+    return end_index;
+  }
+
+  // No implementation - assignment is unsupported.
+  void operator=(const RangeGenerator& other);
+
+  const T begin_;
+  const T end_;
+  const IncrementT step_;
+  // The index for the end() iterator. All the elements in the generated
+  // sequence are indexed (0-based) to aid iterator comparison.
+  const int end_index_;
+};  // class RangeGenerator
+
+
+// Generates values from a pair of STL-style iterators. Used in the
+// ValuesIn() function. The elements are copied from the source range
+// since the source can be located on the stack, and the generator
+// is likely to persist beyond that stack frame.
+template <typename T>
+class ValuesInIteratorRangeGenerator : public ParamGeneratorInterface<T> {
+ public:
+  template <typename ForwardIterator>
+  ValuesInIteratorRangeGenerator(ForwardIterator begin, ForwardIterator end)
+      : container_(begin, end) {}
+  virtual ~ValuesInIteratorRangeGenerator() {}
+
+  virtual ParamIteratorInterface<T>* Begin() const {
+    return new Iterator(this, container_.begin());
+  }
+  virtual ParamIteratorInterface<T>* End() const {
+    return new Iterator(this, container_.end());
+  }
+
+ private:
+  typedef typename ::std::vector<T> ContainerType;
+
+  class Iterator : public ParamIteratorInterface<T> {
+   public:
+    Iterator(const ParamGeneratorInterface<T>* base,
+             typename ContainerType::const_iterator iterator)
+        : base_(base), iterator_(iterator) {}
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<T>* BaseGenerator() const {
+      return base_;
+    }
+    virtual void Advance() {
+      ++iterator_;
+      value_.reset();
+    }
+    virtual ParamIteratorInterface<T>* Clone() const {
+      return new Iterator(*this);
+    }
+    // We need to use cached value referenced by iterator_ because *iterator_
+    // can return a temporary object (and of type other then T), so just
+    // having "return &*iterator_;" doesn't work.
+    // value_ is updated here and not in Advance() because Advance()
+    // can advance iterator_ beyond the end of the range, and we cannot
+    // detect that fact. The client code, on the other hand, is
+    // responsible for not calling Current() on an out-of-range iterator.
+    virtual const T* Current() const {
+      if (value_.get() == NULL)
+        value_.reset(new T(*iterator_));
+      return value_.get();
+    }
+    virtual bool Equals(const ParamIteratorInterface<T>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      return iterator_ ==
+          CheckedDowncastToActualType<const Iterator>(&other)->iterator_;
+    }
+
+   private:
+    Iterator(const Iterator& other)
+          // The explicit constructor call suppresses a false warning
+          // emitted by gcc when supplied with the -Wextra option.
+        : ParamIteratorInterface<T>(),
+          base_(other.base_),
+          iterator_(other.iterator_) {}
+
+    const ParamGeneratorInterface<T>* const base_;
+    typename ContainerType::const_iterator iterator_;
+    // A cached value of *iterator_. We keep it here to allow access by
+    // pointer in the wrapping iterator's operator->().
+    // value_ needs to be mutable to be accessed in Current().
+    // Use of scoped_ptr helps manage cached value's lifetime,
+    // which is bound by the lifespan of the iterator itself.
+    mutable scoped_ptr<const T> value_;
+  };  // class ValuesInIteratorRangeGenerator::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const ValuesInIteratorRangeGenerator& other);
+
+  const ContainerType container_;
+};  // class ValuesInIteratorRangeGenerator
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Stores a parameter value and later creates tests parameterized with that
+// value.
+template <class TestClass>
+class ParameterizedTestFactory : public TestFactoryBase {
+ public:
+  typedef typename TestClass::ParamType ParamType;
+  explicit ParameterizedTestFactory(ParamType parameter) :
+      parameter_(parameter) {}
+  virtual Test* CreateTest() {
+    TestClass::SetParam(&parameter_);
+    return new TestClass();
+  }
+
+ private:
+  const ParamType parameter_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestFactory);
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// TestMetaFactoryBase is a base class for meta-factories that create
+// test factories for passing into MakeAndRegisterTestInfo function.
+template <class ParamType>
+class TestMetaFactoryBase {
+ public:
+  virtual ~TestMetaFactoryBase() {}
+
+  virtual TestFactoryBase* CreateTestFactory(ParamType parameter) = 0;
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// TestMetaFactory creates test factories for passing into
+// MakeAndRegisterTestInfo function. Since MakeAndRegisterTestInfo receives
+// ownership of test factory pointer, same factory object cannot be passed
+// into that method twice. But ParameterizedTestCaseInfo is going to call
+// it for each Test/Parameter value combination. Thus it needs meta factory
+// creator class.
+template <class TestCase>
+class TestMetaFactory
+    : public TestMetaFactoryBase<typename TestCase::ParamType> {
+ public:
+  typedef typename TestCase::ParamType ParamType;
+
+  TestMetaFactory() {}
+
+  virtual TestFactoryBase* CreateTestFactory(ParamType parameter) {
+    return new ParameterizedTestFactory<TestCase>(parameter);
+  }
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestMetaFactory);
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// ParameterizedTestCaseInfoBase is a generic interface
+// to ParameterizedTestCaseInfo classes. ParameterizedTestCaseInfoBase
+// accumulates test information provided by TEST_P macro invocations
+// and generators provided by INSTANTIATE_TEST_CASE_P macro invocations
+// and uses that information to register all resulting test instances
+// in RegisterTests method. The ParameterizeTestCaseRegistry class holds
+// a collection of pointers to the ParameterizedTestCaseInfo objects
+// and calls RegisterTests() on each of them when asked.
+class ParameterizedTestCaseInfoBase {
+ public:
+  virtual ~ParameterizedTestCaseInfoBase() {}
+
+  // Base part of test case name for display purposes.
+  virtual const string& GetTestCaseName() const = 0;
+  // Test case id to verify identity.
+  virtual TypeId GetTestCaseTypeId() const = 0;
+  // UnitTest class invokes this method to register tests in this
+  // test case right before running them in RUN_ALL_TESTS macro.
+  // This method should not be called more then once on any single
+  // instance of a ParameterizedTestCaseInfoBase derived class.
+  virtual void RegisterTests() = 0;
+
+ protected:
+  ParameterizedTestCaseInfoBase() {}
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestCaseInfoBase);
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// ParameterizedTestCaseInfo accumulates tests obtained from TEST_P
+// macro invocations for a particular test case and generators
+// obtained from INSTANTIATE_TEST_CASE_P macro invocations for that
+// test case. It registers tests with all values generated by all
+// generators when asked.
+template <class TestCase>
+class ParameterizedTestCaseInfo : public ParameterizedTestCaseInfoBase {
+ public:
+  // ParamType and GeneratorCreationFunc are private types but are required
+  // for declarations of public methods AddTestPattern() and
+  // AddTestCaseInstantiation().
+  typedef typename TestCase::ParamType ParamType;
+  // A function that returns an instance of appropriate generator type.
+  typedef ParamGenerator<ParamType>(GeneratorCreationFunc)();
+
+  explicit ParameterizedTestCaseInfo(const char* name)
+      : test_case_name_(name) {}
+
+  // Test case base name for display purposes.
+  virtual const string& GetTestCaseName() const { return test_case_name_; }
+  // Test case id to verify identity.
+  virtual TypeId GetTestCaseTypeId() const { return GetTypeId<TestCase>(); }
+  // TEST_P macro uses AddTestPattern() to record information
+  // about a single test in a LocalTestInfo structure.
+  // test_case_name is the base name of the test case (without invocation
+  // prefix). test_base_name is the name of an individual test without
+  // parameter index. For the test SequenceA/FooTest.DoBar/1 FooTest is
+  // test case base name and DoBar is test base name.
+  void AddTestPattern(const char* test_case_name,
+                      const char* test_base_name,
+                      TestMetaFactoryBase<ParamType>* meta_factory) {
+    tests_.push_back(linked_ptr<TestInfo>(new TestInfo(test_case_name,
+                                                       test_base_name,
+                                                       meta_factory)));
+  }
+  // INSTANTIATE_TEST_CASE_P macro uses AddGenerator() to record information
+  // about a generator.
+  int AddTestCaseInstantiation(const string& instantiation_name,
+                               GeneratorCreationFunc* func,
+                               const char* /* file */,
+                               int /* line */) {
+    instantiations_.push_back(::std::make_pair(instantiation_name, func));
+    return 0;  // Return value used only to run this method in namespace scope.
+  }
+  // UnitTest class invokes this method to register tests in this test case
+  // test cases right before running tests in RUN_ALL_TESTS macro.
+  // This method should not be called more then once on any single
+  // instance of a ParameterizedTestCaseInfoBase derived class.
+  // UnitTest has a guard to prevent from calling this method more then once.
+  virtual void RegisterTests() {
+    for (typename TestInfoContainer::iterator test_it = tests_.begin();
+         test_it != tests_.end(); ++test_it) {
+      linked_ptr<TestInfo> test_info = *test_it;
+      for (typename InstantiationContainer::iterator gen_it =
+               instantiations_.begin(); gen_it != instantiations_.end();
+               ++gen_it) {
+        const string& instantiation_name = gen_it->first;
+        ParamGenerator<ParamType> generator((*gen_it->second)());
+
+        string test_case_name;
+        if ( !instantiation_name.empty() )
+          test_case_name = instantiation_name + "/";
+        test_case_name += test_info->test_case_base_name;
+
+        int i = 0;
+        for (typename ParamGenerator<ParamType>::iterator param_it =
+                 generator.begin();
+             param_it != generator.end(); ++param_it, ++i) {
+          Message test_name_stream;
+          test_name_stream << test_info->test_base_name << "/" << i;
+          MakeAndRegisterTestInfo(
+              test_case_name.c_str(),
+              test_name_stream.GetString().c_str(),
+              NULL,  // No type parameter.
+              PrintToString(*param_it).c_str(),
+              GetTestCaseTypeId(),
+              TestCase::SetUpTestCase,
+              TestCase::TearDownTestCase,
+              test_info->test_meta_factory->CreateTestFactory(*param_it));
+        }  // for param_it
+      }  // for gen_it
+    }  // for test_it
+  }  // RegisterTests
+
+ private:
+  // LocalTestInfo structure keeps information about a single test registered
+  // with TEST_P macro.
+  struct TestInfo {
+    TestInfo(const char* a_test_case_base_name,
+             const char* a_test_base_name,
+             TestMetaFactoryBase<ParamType>* a_test_meta_factory) :
+        test_case_base_name(a_test_case_base_name),
+        test_base_name(a_test_base_name),
+        test_meta_factory(a_test_meta_factory) {}
+
+    const string test_case_base_name;
+    const string test_base_name;
+    const scoped_ptr<TestMetaFactoryBase<ParamType> > test_meta_factory;
+  };
+  typedef ::std::vector<linked_ptr<TestInfo> > TestInfoContainer;
+  // Keeps pairs of <Instantiation name, Sequence generator creation function>
+  // received from INSTANTIATE_TEST_CASE_P macros.
+  typedef ::std::vector<std::pair<string, GeneratorCreationFunc*> >
+      InstantiationContainer;
+
+  const string test_case_name_;
+  TestInfoContainer tests_;
+  InstantiationContainer instantiations_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestCaseInfo);
+};  // class ParameterizedTestCaseInfo
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// ParameterizedTestCaseRegistry contains a map of ParameterizedTestCaseInfoBase
+// classes accessed by test case names. TEST_P and INSTANTIATE_TEST_CASE_P
+// macros use it to locate their corresponding ParameterizedTestCaseInfo
+// descriptors.
+class ParameterizedTestCaseRegistry {
+ public:
+  ParameterizedTestCaseRegistry() {}
+  ~ParameterizedTestCaseRegistry() {
+    for (TestCaseInfoContainer::iterator it = test_case_infos_.begin();
+         it != test_case_infos_.end(); ++it) {
+      delete *it;
+    }
+  }
+
+  // Looks up or creates and returns a structure containing information about
+  // tests and instantiations of a particular test case.
+  template <class TestCase>
+  ParameterizedTestCaseInfo<TestCase>* GetTestCasePatternHolder(
+      const char* test_case_name,
+      const char* file,
+      int line) {
+    ParameterizedTestCaseInfo<TestCase>* typed_test_info = NULL;
+    for (TestCaseInfoContainer::iterator it = test_case_infos_.begin();
+         it != test_case_infos_.end(); ++it) {
+      if ((*it)->GetTestCaseName() == test_case_name) {
+        if ((*it)->GetTestCaseTypeId() != GetTypeId<TestCase>()) {
+          // Complain about incorrect usage of Google Test facilities
+          // and terminate the program since we cannot guaranty correct
+          // test case setup and tear-down in this case.
+          ReportInvalidTestCaseType(test_case_name,  file, line);
+          posix::Abort();
+        } else {
+          // At this point we are sure that the object we found is of the same
+          // type we are looking for, so we downcast it to that type
+          // without further checks.
+          typed_test_info = CheckedDowncastToActualType<
+              ParameterizedTestCaseInfo<TestCase> >(*it);
+        }
+        break;
+      }
+    }
+    if (typed_test_info == NULL) {
+      typed_test_info = new ParameterizedTestCaseInfo<TestCase>(test_case_name);
+      test_case_infos_.push_back(typed_test_info);
+    }
+    return typed_test_info;
+  }
+  void RegisterTests() {
+    for (TestCaseInfoContainer::iterator it = test_case_infos_.begin();
+         it != test_case_infos_.end(); ++it) {
+      (*it)->RegisterTests();
+    }
+  }
+
+ private:
+  typedef ::std::vector<ParameterizedTestCaseInfoBase*> TestCaseInfoContainer;
+
+  TestCaseInfoContainer test_case_infos_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestCaseRegistry);
+};
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  //  GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-port.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-port.h
new file mode 100644
index 0000000..f376dfa
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-port.h
@@ -0,0 +1,2432 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan)
+//
+// Low-level types and utilities for porting Google Test to various
+// platforms.  All macros ending with _ and symbols defined in an
+// internal namespace are subject to change without notice.  Code
+// outside Google Test MUST NOT USE THEM DIRECTLY.  Macros that don't
+// end with _ are part of Google Test's public API and can be used by
+// code outside Google Test.
+//
+// This file is fundamental to Google Test.  All other Google Test source
+// files are expected to #include this.  Therefore, it cannot #include
+// any other Google Test header.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PORT_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PORT_H_
+
+// Environment-describing macros
+// -----------------------------
+//
+// Google Test can be used in many different environments.  Macros in
+// this section tell Google Test what kind of environment it is being
+// used in, such that Google Test can provide environment-specific
+// features and implementations.
+//
+// Google Test tries to automatically detect the properties of its
+// environment, so users usually don't need to worry about these
+// macros.  However, the automatic detection is not perfect.
+// Sometimes it's necessary for a user to define some of the following
+// macros in the build script to override Google Test's decisions.
+//
+// If the user doesn't define a macro in the list, Google Test will
+// provide a default definition.  After this header is #included, all
+// macros in this list will be defined to either 1 or 0.
+//
+// Notes to maintainers:
+//   - Each macro here is a user-tweakable knob; do not grow the list
+//     lightly.
+//   - Use #if to key off these macros.  Don't use #ifdef or "#if
+//     defined(...)", which will not work as these macros are ALWAYS
+//     defined.
+//
+//   GTEST_HAS_CLONE          - Define it to 1/0 to indicate that clone(2)
+//                              is/isn't available.
+//   GTEST_HAS_EXCEPTIONS     - Define it to 1/0 to indicate that exceptions
+//                              are enabled.
+//   GTEST_HAS_GLOBAL_STRING  - Define it to 1/0 to indicate that ::string
+//                              is/isn't available (some systems define
+//                              ::string, which is different to std::string).
+//   GTEST_HAS_GLOBAL_WSTRING - Define it to 1/0 to indicate that ::string
+//                              is/isn't available (some systems define
+//                              ::wstring, which is different to std::wstring).
+//   GTEST_HAS_POSIX_RE       - Define it to 1/0 to indicate that POSIX regular
+//                              expressions are/aren't available.
+//   GTEST_HAS_PTHREAD        - Define it to 1/0 to indicate that <pthread.h>
+//                              is/isn't available.
+//   GTEST_HAS_RTTI           - Define it to 1/0 to indicate that RTTI is/isn't
+//                              enabled.
+//   GTEST_HAS_STD_WSTRING    - Define it to 1/0 to indicate that
+//                              std::wstring does/doesn't work (Google Test can
+//                              be used where std::wstring is unavailable).
+//   GTEST_HAS_TR1_TUPLE      - Define it to 1/0 to indicate tr1::tuple
+//                              is/isn't available.
+//   GTEST_HAS_SEH            - Define it to 1/0 to indicate whether the
+//                              compiler supports Microsoft's "Structured
+//                              Exception Handling".
+//   GTEST_HAS_STREAM_REDIRECTION
+//                            - Define it to 1/0 to indicate whether the
+//                              platform supports I/O stream redirection using
+//                              dup() and dup2().
+//   GTEST_USE_OWN_TR1_TUPLE  - Define it to 1/0 to indicate whether Google
+//                              Test's own tr1 tuple implementation should be
+//                              used.  Unused when the user sets
+//                              GTEST_HAS_TR1_TUPLE to 0.
+//   GTEST_LANG_CXX11         - Define it to 1/0 to indicate that Google Test
+//                              is building in C++11/C++98 mode.
+//   GTEST_LINKED_AS_SHARED_LIBRARY
+//                            - Define to 1 when compiling tests that use
+//                              Google Test as a shared library (known as
+//                              DLL on Windows).
+//   GTEST_CREATE_SHARED_LIBRARY
+//                            - Define to 1 when compiling Google Test itself
+//                              as a shared library.
+
+// Platform-indicating macros
+// --------------------------
+//
+// Macros indicating the platform on which Google Test is being used
+// (a macro is defined to 1 if compiled on the given platform;
+// otherwise UNDEFINED -- it's never defined to 0.).  Google Test
+// defines these macros automatically.  Code outside Google Test MUST
+// NOT define them.
+//
+//   GTEST_OS_AIX      - IBM AIX
+//   GTEST_OS_CYGWIN   - Cygwin
+//   GTEST_OS_HPUX     - HP-UX
+//   GTEST_OS_LINUX    - Linux
+//     GTEST_OS_LINUX_ANDROID - Google Android
+//   GTEST_OS_MAC      - Mac OS X
+//     GTEST_OS_IOS    - iOS
+//       GTEST_OS_IOS_SIMULATOR - iOS simulator
+//   GTEST_OS_NACL     - Google Native Client (NaCl)
+//   GTEST_OS_OPENBSD  - OpenBSD
+//   GTEST_OS_QNX      - QNX
+//   GTEST_OS_SOLARIS  - Sun Solaris
+//   GTEST_OS_SYMBIAN  - Symbian
+//   GTEST_OS_WINDOWS  - Windows (Desktop, MinGW, or Mobile)
+//     GTEST_OS_WINDOWS_DESKTOP  - Windows Desktop
+//     GTEST_OS_WINDOWS_MINGW    - MinGW
+//     GTEST_OS_WINDOWS_MOBILE   - Windows Mobile
+//     GTEST_OS_WINDOWS_PHONE    - Windows Phone
+//     GTEST_OS_WINDOWS_RT       - Windows Store App/WinRT
+//   GTEST_OS_ZOS      - z/OS
+//
+// Among the platforms, Cygwin, Linux, Max OS X, and Windows have the
+// most stable support.  Since core members of the Google Test project
+// don't have access to other platforms, support for them may be less
+// stable.  If you notice any problems on your platform, please notify
+// googletestframework@googlegroups.com (patches for fixing them are
+// even more welcome!).
+//
+// It is possible that none of the GTEST_OS_* macros are defined.
+
+// Feature-indicating macros
+// -------------------------
+//
+// Macros indicating which Google Test features are available (a macro
+// is defined to 1 if the corresponding feature is supported;
+// otherwise UNDEFINED -- it's never defined to 0.).  Google Test
+// defines these macros automatically.  Code outside Google Test MUST
+// NOT define them.
+//
+// These macros are public so that portable tests can be written.
+// Such tests typically surround code using a feature with an #if
+// which controls that code.  For example:
+//
+// #if GTEST_HAS_DEATH_TEST
+//   EXPECT_DEATH(DoSomethingDeadly());
+// #endif
+//
+//   GTEST_HAS_COMBINE      - the Combine() function (for value-parameterized
+//                            tests)
+//   GTEST_HAS_DEATH_TEST   - death tests
+//   GTEST_HAS_PARAM_TEST   - value-parameterized tests
+//   GTEST_HAS_TYPED_TEST   - typed tests
+//   GTEST_HAS_TYPED_TEST_P - type-parameterized tests
+//   GTEST_IS_THREADSAFE    - Google Test is thread-safe.
+//   GTEST_USES_POSIX_RE    - enhanced POSIX regex is used. Do not confuse with
+//                            GTEST_HAS_POSIX_RE (see above) which users can
+//                            define themselves.
+//   GTEST_USES_SIMPLE_RE   - our own simple regex is used;
+//                            the above two are mutually exclusive.
+//   GTEST_CAN_COMPARE_NULL - accepts untyped NULL in EXPECT_EQ().
+
+// Misc public macros
+// ------------------
+//
+//   GTEST_FLAG(flag_name)  - references the variable corresponding to
+//                            the given Google Test flag.
+
+// Internal utilities
+// ------------------
+//
+// The following macros and utilities are for Google Test's INTERNAL
+// use only.  Code outside Google Test MUST NOT USE THEM DIRECTLY.
+//
+// Macros for basic C++ coding:
+//   GTEST_AMBIGUOUS_ELSE_BLOCKER_ - for disabling a gcc warning.
+//   GTEST_ATTRIBUTE_UNUSED_  - declares that a class' instances or a
+//                              variable don't have to be used.
+//   GTEST_DISALLOW_ASSIGN_   - disables operator=.
+//   GTEST_DISALLOW_COPY_AND_ASSIGN_ - disables copy ctor and operator=.
+//   GTEST_MUST_USE_RESULT_   - declares that a function's result must be used.
+//   GTEST_INTENTIONAL_CONST_COND_PUSH_ - start code section where MSVC C4127 is
+//                                        suppressed (constant conditional).
+//   GTEST_INTENTIONAL_CONST_COND_POP_  - finish code section where MSVC C4127
+//                                        is suppressed.
+//
+// C++11 feature wrappers:
+//
+//   GTEST_MOVE_          - portability wrapper for std::move.
+//
+// Synchronization:
+//   Mutex, MutexLock, ThreadLocal, GetThreadCount()
+//                            - synchronization primitives.
+//
+// Template meta programming:
+//   is_pointer     - as in TR1; needed on Symbian and IBM XL C/C++ only.
+//   IteratorTraits - partial implementation of std::iterator_traits, which
+//                    is not available in libCstd when compiled with Sun C++.
+//
+// Smart pointers:
+//   scoped_ptr     - as in TR2.
+//
+// Regular expressions:
+//   RE             - a simple regular expression class using the POSIX
+//                    Extended Regular Expression syntax on UNIX-like
+//                    platforms, or a reduced regular exception syntax on
+//                    other platforms, including Windows.
+//
+// Logging:
+//   GTEST_LOG_()   - logs messages at the specified severity level.
+//   LogToStderr()  - directs all log messages to stderr.
+//   FlushInfoLog() - flushes informational log messages.
+//
+// Stdout and stderr capturing:
+//   CaptureStdout()     - starts capturing stdout.
+//   GetCapturedStdout() - stops capturing stdout and returns the captured
+//                         string.
+//   CaptureStderr()     - starts capturing stderr.
+//   GetCapturedStderr() - stops capturing stderr and returns the captured
+//                         string.
+//
+// Integer types:
+//   TypeWithSize   - maps an integer to a int type.
+//   Int32, UInt32, Int64, UInt64, TimeInMillis
+//                  - integers of known sizes.
+//   BiggestInt     - the biggest signed integer type.
+//
+// Command-line utilities:
+//   GTEST_DECLARE_*()  - declares a flag.
+//   GTEST_DEFINE_*()   - defines a flag.
+//   GetInjectableArgvs() - returns the command line as a vector of strings.
+//
+// Environment variable utilities:
+//   GetEnv()             - gets the value of an environment variable.
+//   BoolFromGTestEnv()   - parses a bool environment variable.
+//   Int32FromGTestEnv()  - parses an Int32 environment variable.
+//   StringFromGTestEnv() - parses a string environment variable.
+
+#include <ctype.h>   // for isspace, etc
+#include <stddef.h>  // for ptrdiff_t
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifndef _WIN32_WCE
+# include <sys/types.h>
+# include <sys/stat.h>
+#endif  // !_WIN32_WCE
+
+#if defined __APPLE__
+# include <AvailabilityMacros.h>
+# include <TargetConditionals.h>
+#endif
+
+#include <algorithm>  // NOLINT
+#include <iostream>  // NOLINT
+#include <sstream>  // NOLINT
+#include <string>  // NOLINT
+#include <utility>
+
+#define GTEST_DEV_EMAIL_ "googletestframework@@googlegroups.com"
+#define GTEST_FLAG_PREFIX_ "gtest_"
+#define GTEST_FLAG_PREFIX_DASH_ "gtest-"
+#define GTEST_FLAG_PREFIX_UPPER_ "GTEST_"
+#define GTEST_NAME_ "Google Test"
+#define GTEST_PROJECT_URL_ "http://code.google.com/p/googletest/"
+
+// Determines the version of gcc that is used to compile this.
+#ifdef __GNUC__
+// 40302 means version 4.3.2.
+# define GTEST_GCC_VER_ \
+    (__GNUC__*10000 + __GNUC_MINOR__*100 + __GNUC_PATCHLEVEL__)
+#endif  // __GNUC__
+
+// Determines the platform on which Google Test is compiled.
+#ifdef __CYGWIN__
+# define GTEST_OS_CYGWIN 1
+#elif defined __SYMBIAN32__
+# define GTEST_OS_SYMBIAN 1
+#elif defined _WIN32
+# define GTEST_OS_WINDOWS 1
+# ifdef _WIN32_WCE
+#  define GTEST_OS_WINDOWS_MOBILE 1
+# elif defined(__MINGW__) || defined(__MINGW32__)
+#  define GTEST_OS_WINDOWS_MINGW 1
+# elif defined(WINAPI_FAMILY)
+#  include <winapifamily.h>
+#  if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+#   define GTEST_OS_WINDOWS_DESKTOP 1
+#  elif WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_PHONE_APP)
+#   define GTEST_OS_WINDOWS_PHONE 1
+#  elif WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
+#   define GTEST_OS_WINDOWS_RT 1
+#  else
+    // WINAPI_FAMILY defined but no known partition matched.
+    // Default to desktop.
+#   define GTEST_OS_WINDOWS_DESKTOP 1
+#  endif
+# else
+#  define GTEST_OS_WINDOWS_DESKTOP 1
+# endif  // _WIN32_WCE
+#elif defined __APPLE__
+# define GTEST_OS_MAC 1
+# if TARGET_OS_IPHONE
+#  define GTEST_OS_IOS 1
+#  if TARGET_IPHONE_SIMULATOR
+#   define GTEST_OS_IOS_SIMULATOR 1
+#  endif
+# endif
+#elif defined __linux__
+# define GTEST_OS_LINUX 1
+# if defined __ANDROID__
+#  define GTEST_OS_LINUX_ANDROID 1
+# endif
+#elif defined __MVS__
+# define GTEST_OS_ZOS 1
+#elif defined(__sun) && defined(__SVR4)
+# define GTEST_OS_SOLARIS 1
+#elif defined(_AIX)
+# define GTEST_OS_AIX 1
+#elif defined(__hpux)
+# define GTEST_OS_HPUX 1
+#elif defined __native_client__
+# define GTEST_OS_NACL 1
+#elif defined __OpenBSD__
+# define GTEST_OS_OPENBSD 1
+#elif defined __QNX__
+# define GTEST_OS_QNX 1
+#endif  // __CYGWIN__
+
+// Macros for disabling Microsoft Visual C++ warnings.
+//
+//   GTEST_DISABLE_MSC_WARNINGS_PUSH_(4800 4385)
+//   /* code that triggers warnings C4800 and C4385 */
+//   GTEST_DISABLE_MSC_WARNINGS_POP_()
+#if _MSC_VER >= 1500
+# define GTEST_DISABLE_MSC_WARNINGS_PUSH_(warnings) \
+    __pragma(warning(push))                        \
+    __pragma(warning(disable: warnings))
+# define GTEST_DISABLE_MSC_WARNINGS_POP_()          \
+    __pragma(warning(pop))
+#else
+// Older versions of MSVC don't have __pragma.
+# define GTEST_DISABLE_MSC_WARNINGS_PUSH_(warnings)
+# define GTEST_DISABLE_MSC_WARNINGS_POP_()
+#endif
+
+#ifndef GTEST_LANG_CXX11
+// gcc and clang define __GXX_EXPERIMENTAL_CXX0X__ when
+// -std={c,gnu}++{0x,11} is passed.  The C++11 standard specifies a
+// value for __cplusplus, and recent versions of clang, gcc, and
+// probably other compilers set that too in C++11 mode.
+# if __GXX_EXPERIMENTAL_CXX0X__ || __cplusplus >= 201103L
+// Compiling in at least C++11 mode.
+#  define GTEST_LANG_CXX11 1
+# else
+#  define GTEST_LANG_CXX11 0
+# endif
+#endif
+
+// C++11 specifies that <initializer_list> provides std::initializer_list. Use
+// that if gtest is used in C++11 mode and libstdc++ isn't very old (binaries
+// targeting OS X 10.6 can build with clang but need to use gcc4.2's
+// libstdc++).
+#if GTEST_LANG_CXX11 && (!defined(__GLIBCXX__) || __GLIBCXX__ > 20110325)
+# define GTEST_HAS_STD_INITIALIZER_LIST_ 1
+#endif
+
+// C++11 specifies that <tuple> provides std::tuple.
+// Some platforms still might not have it, however.
+#if GTEST_LANG_CXX11
+# define GTEST_HAS_STD_TUPLE_ 1
+# if defined(__clang__)
+// Inspired by http://clang.llvm.org/docs/LanguageExtensions.html#__has_include
+#  if defined(__has_include) && !__has_include(<tuple>)
+#   undef GTEST_HAS_STD_TUPLE_
+#  endif
+# elif defined(_MSC_VER)
+// Inspired by boost/config/stdlib/dinkumware.hpp
+#  if defined(_CPPLIB_VER) && _CPPLIB_VER < 520
+#   undef GTEST_HAS_STD_TUPLE_
+#  endif
+# elif defined(__GLIBCXX__)
+// Inspired by boost/config/stdlib/libstdcpp3.hpp,
+// http://gcc.gnu.org/gcc-4.2/changes.html and
+// http://gcc.gnu.org/onlinedocs/libstdc++/manual/bk01pt01ch01.html#manual.intro.status.standard.200x
+#  if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 2)
+#   undef GTEST_HAS_STD_TUPLE_
+#  endif
+# endif
+#endif
+
+// Brings in definitions for functions used in the testing::internal::posix
+// namespace (read, write, close, chdir, isatty, stat). We do not currently
+// use them on Windows Mobile.
+#if GTEST_OS_WINDOWS
+# if !GTEST_OS_WINDOWS_MOBILE
+#  include <direct.h>
+#  include <io.h>
+# endif
+// In order to avoid having to include <windows.h>, use forward declaration
+// assuming CRITICAL_SECTION is a typedef of _RTL_CRITICAL_SECTION.
+// This assumption is verified by
+// WindowsTypesTest.CRITICAL_SECTIONIs_RTL_CRITICAL_SECTION.
+struct _RTL_CRITICAL_SECTION;
+#else
+// This assumes that non-Windows OSes provide unistd.h. For OSes where this
+// is not the case, we need to include headers that provide the functions
+// mentioned above.
+# include <unistd.h>
+# include <strings.h>
+#endif  // GTEST_OS_WINDOWS
+
+#if GTEST_OS_LINUX_ANDROID
+// Used to define __ANDROID_API__ matching the target NDK API level.
+#  include <android/api-level.h>  // NOLINT
+#endif
+
+// Defines this to true iff Google Test can use POSIX regular expressions.
+#ifndef GTEST_HAS_POSIX_RE
+# if GTEST_OS_LINUX_ANDROID
+// On Android, <regex.h> is only available starting with Gingerbread.
+#  define GTEST_HAS_POSIX_RE (__ANDROID_API__ >= 9)
+# else
+#  define GTEST_HAS_POSIX_RE (!GTEST_OS_WINDOWS)
+# endif
+#endif
+
+#if GTEST_HAS_POSIX_RE
+
+// On some platforms, <regex.h> needs someone to define size_t, and
+// won't compile otherwise.  We can #include it here as we already
+// included <stdlib.h>, which is guaranteed to define size_t through
+// <stddef.h>.
+# include <regex.h>  // NOLINT
+
+# define GTEST_USES_POSIX_RE 1
+
+#elif GTEST_OS_WINDOWS
+
+// <regex.h> is not available on Windows.  Use our own simple regex
+// implementation instead.
+# define GTEST_USES_SIMPLE_RE 1
+
+#else
+
+// <regex.h> may not be available on this platform.  Use our own
+// simple regex implementation instead.
+# define GTEST_USES_SIMPLE_RE 1
+
+#endif  // GTEST_HAS_POSIX_RE
+
+#ifndef GTEST_HAS_EXCEPTIONS
+// The user didn't tell us whether exceptions are enabled, so we need
+// to figure it out.
+# if defined(_MSC_VER) || defined(__BORLANDC__)
+// MSVC's and C++Builder's implementations of the STL use the _HAS_EXCEPTIONS
+// macro to enable exceptions, so we'll do the same.
+// Assumes that exceptions are enabled by default.
+#  ifndef _HAS_EXCEPTIONS
+#   define _HAS_EXCEPTIONS 1
+#  endif  // _HAS_EXCEPTIONS
+#  define GTEST_HAS_EXCEPTIONS _HAS_EXCEPTIONS
+# elif defined(__GNUC__) && __EXCEPTIONS
+// gcc defines __EXCEPTIONS to 1 iff exceptions are enabled.
+#  define GTEST_HAS_EXCEPTIONS 1
+# elif defined(__SUNPRO_CC)
+// Sun Pro CC supports exceptions.  However, there is no compile-time way of
+// detecting whether they are enabled or not.  Therefore, we assume that
+// they are enabled unless the user tells us otherwise.
+#  define GTEST_HAS_EXCEPTIONS 1
+# elif defined(__IBMCPP__) && __EXCEPTIONS
+// xlC defines __EXCEPTIONS to 1 iff exceptions are enabled.
+#  define GTEST_HAS_EXCEPTIONS 1
+# elif defined(__HP_aCC)
+// Exception handling is in effect by default in HP aCC compiler. It has to
+// be turned of by +noeh compiler option if desired.
+#  define GTEST_HAS_EXCEPTIONS 1
+# else
+// For other compilers, we assume exceptions are disabled to be
+// conservative.
+#  define GTEST_HAS_EXCEPTIONS 0
+# endif  // defined(_MSC_VER) || defined(__BORLANDC__)
+#endif  // GTEST_HAS_EXCEPTIONS
+
+#if !defined(GTEST_HAS_STD_STRING)
+// Even though we don't use this macro any longer, we keep it in case
+// some clients still depend on it.
+# define GTEST_HAS_STD_STRING 1
+#elif !GTEST_HAS_STD_STRING
+// The user told us that ::std::string isn't available.
+# error "Google Test cannot be used where ::std::string isn't available."
+#endif  // !defined(GTEST_HAS_STD_STRING)
+
+#ifndef GTEST_HAS_GLOBAL_STRING
+// The user didn't tell us whether ::string is available, so we need
+// to figure it out.
+
+# define GTEST_HAS_GLOBAL_STRING 0
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+#ifndef GTEST_HAS_STD_WSTRING
+// The user didn't tell us whether ::std::wstring is available, so we need
+// to figure it out.
+// TODO(wan@google.com): uses autoconf to detect whether ::std::wstring
+//   is available.
+
+// Cygwin 1.7 and below doesn't support ::std::wstring.
+// Solaris' libc++ doesn't support it either.  Android has
+// no support for it at least as recent as Froyo (2.2).
+# define GTEST_HAS_STD_WSTRING \
+    (!(GTEST_OS_LINUX_ANDROID || GTEST_OS_CYGWIN || GTEST_OS_SOLARIS))
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+#ifndef GTEST_HAS_GLOBAL_WSTRING
+// The user didn't tell us whether ::wstring is available, so we need
+// to figure it out.
+# define GTEST_HAS_GLOBAL_WSTRING \
+    (GTEST_HAS_STD_WSTRING && GTEST_HAS_GLOBAL_STRING)
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// Determines whether RTTI is available.
+#ifndef GTEST_HAS_RTTI
+// The user didn't tell us whether RTTI is enabled, so we need to
+// figure it out.
+
+# ifdef _MSC_VER
+
+#  ifdef _CPPRTTI  // MSVC defines this macro iff RTTI is enabled.
+#   define GTEST_HAS_RTTI 1
+#  else
+#   define GTEST_HAS_RTTI 0
+#  endif
+
+// Starting with version 4.3.2, gcc defines __GXX_RTTI iff RTTI is enabled.
+# elif defined(__GNUC__) && (GTEST_GCC_VER_ >= 40302)
+
+#  ifdef __GXX_RTTI
+// When building against STLport with the Android NDK and with
+// -frtti -fno-exceptions, the build fails at link time with undefined
+// references to __cxa_bad_typeid. Note sure if STL or toolchain bug,
+// so disable RTTI when detected.
+#   if GTEST_OS_LINUX_ANDROID && defined(_STLPORT_MAJOR) && \
+       !defined(__EXCEPTIONS)
+#    define GTEST_HAS_RTTI 0
+#   else
+#    define GTEST_HAS_RTTI 1
+#   endif  // GTEST_OS_LINUX_ANDROID && __STLPORT_MAJOR && !__EXCEPTIONS
+#  else
+#   define GTEST_HAS_RTTI 0
+#  endif  // __GXX_RTTI
+
+// Clang defines __GXX_RTTI starting with version 3.0, but its manual recommends
+// using has_feature instead. has_feature(cxx_rtti) is supported since 2.7, the
+// first version with C++ support.
+# elif defined(__clang__)
+
+#  define GTEST_HAS_RTTI __has_feature(cxx_rtti)
+
+// Starting with version 9.0 IBM Visual Age defines __RTTI_ALL__ to 1 if
+// both the typeid and dynamic_cast features are present.
+# elif defined(__IBMCPP__) && (__IBMCPP__ >= 900)
+
+#  ifdef __RTTI_ALL__
+#   define GTEST_HAS_RTTI 1
+#  else
+#   define GTEST_HAS_RTTI 0
+#  endif
+
+# else
+
+// For all other compilers, we assume RTTI is enabled.
+#  define GTEST_HAS_RTTI 1
+
+# endif  // _MSC_VER
+
+#endif  // GTEST_HAS_RTTI
+
+// It's this header's responsibility to #include <typeinfo> when RTTI
+// is enabled.
+#if GTEST_HAS_RTTI
+# include <typeinfo>
+#endif
+
+// Determines whether Google Test can use the pthreads library.
+#ifndef GTEST_HAS_PTHREAD
+// The user didn't tell us explicitly, so we assume pthreads support is
+// available on Linux and Mac.
+//
+// To disable threading support in Google Test, add -DGTEST_HAS_PTHREAD=0
+// to your compiler flags.
+# define GTEST_HAS_PTHREAD (GTEST_OS_LINUX || GTEST_OS_MAC || GTEST_OS_HPUX \
+    || GTEST_OS_QNX)
+#endif  // GTEST_HAS_PTHREAD
+
+#if GTEST_HAS_PTHREAD
+// gtest-port.h guarantees to #include <pthread.h> when GTEST_HAS_PTHREAD is
+// true.
+# include <pthread.h>  // NOLINT
+
+// For timespec and nanosleep, used below.
+# include <time.h>  // NOLINT
+#endif
+
+// Determines whether Google Test can use tr1/tuple.  You can define
+// this macro to 0 to prevent Google Test from using tuple (any
+// feature depending on tuple with be disabled in this mode).
+#ifndef GTEST_HAS_TR1_TUPLE
+# if GTEST_OS_LINUX_ANDROID && defined(_STLPORT_MAJOR)
+// STLport, provided with the Android NDK, has neither <tr1/tuple> or <tuple>.
+#  define GTEST_HAS_TR1_TUPLE 0
+# else
+// The user didn't tell us not to do it, so we assume it's OK.
+#  define GTEST_HAS_TR1_TUPLE 1
+# endif
+#endif  // GTEST_HAS_TR1_TUPLE
+
+// Determines whether Google Test's own tr1 tuple implementation
+// should be used.
+#ifndef GTEST_USE_OWN_TR1_TUPLE
+// The user didn't tell us, so we need to figure it out.
+
+// We use our own TR1 tuple if we aren't sure the user has an
+// implementation of it already.  At this time, libstdc++ 4.0.0+ and
+// MSVC 2010 are the only mainstream standard libraries that come
+// with a TR1 tuple implementation.  NVIDIA's CUDA NVCC compiler
+// pretends to be GCC by defining __GNUC__ and friends, but cannot
+// compile GCC's tuple implementation.  MSVC 2008 (9.0) provides TR1
+// tuple in a 323 MB Feature Pack download, which we cannot assume the
+// user has.  QNX's QCC compiler is a modified GCC but it doesn't
+// support TR1 tuple.  libc++ only provides std::tuple, in C++11 mode,
+// and it can be used with some compilers that define __GNUC__.
+# if (defined(__GNUC__) && !defined(__CUDACC__) && (GTEST_GCC_VER_ >= 40000) \
+      && !GTEST_OS_QNX && !defined(_LIBCPP_VERSION)) || _MSC_VER >= 1600
+#  define GTEST_ENV_HAS_TR1_TUPLE_ 1
+# endif
+
+// C++11 specifies that <tuple> provides std::tuple. Use that if gtest is used
+// in C++11 mode and libstdc++ isn't very old (binaries targeting OS X 10.6
+// can build with clang but need to use gcc4.2's libstdc++).
+# if GTEST_LANG_CXX11 && (!defined(__GLIBCXX__) || __GLIBCXX__ > 20110325)
+#  define GTEST_ENV_HAS_STD_TUPLE_ 1
+# endif
+
+# if GTEST_ENV_HAS_TR1_TUPLE_ || GTEST_ENV_HAS_STD_TUPLE_
+#  define GTEST_USE_OWN_TR1_TUPLE 0
+# else
+#  define GTEST_USE_OWN_TR1_TUPLE 1
+# endif
+
+#endif  // GTEST_USE_OWN_TR1_TUPLE
+
+// To avoid conditional compilation everywhere, we make it
+// gtest-port.h's responsibility to #include the header implementing
+// tuple.
+#if GTEST_HAS_STD_TUPLE_
+# include <tuple>  // IWYU pragma: export
+# define GTEST_TUPLE_NAMESPACE_ ::std
+#endif  // GTEST_HAS_STD_TUPLE_
+
+// We include tr1::tuple even if std::tuple is available to define printers for
+// them.
+#if GTEST_HAS_TR1_TUPLE
+# ifndef GTEST_TUPLE_NAMESPACE_
+#  define GTEST_TUPLE_NAMESPACE_ ::std::tr1
+# endif  // GTEST_TUPLE_NAMESPACE_
+
+# if GTEST_USE_OWN_TR1_TUPLE
+#  include "gtest/internal/gtest-tuple.h"  // IWYU pragma: export  // NOLINT
+# elif GTEST_ENV_HAS_STD_TUPLE_
+#  include <tuple>
+// C++11 puts its tuple into the ::std namespace rather than
+// ::std::tr1.  gtest expects tuple to live in ::std::tr1, so put it there.
+// This causes undefined behavior, but supported compilers react in
+// the way we intend.
+namespace std {
+namespace tr1 {
+using ::std::get;
+using ::std::make_tuple;
+using ::std::tuple;
+using ::std::tuple_element;
+using ::std::tuple_size;
+}
+}
+
+# elif GTEST_OS_SYMBIAN
+
+// On Symbian, BOOST_HAS_TR1_TUPLE causes Boost's TR1 tuple library to
+// use STLport's tuple implementation, which unfortunately doesn't
+// work as the copy of STLport distributed with Symbian is incomplete.
+// By making sure BOOST_HAS_TR1_TUPLE is undefined, we force Boost to
+// use its own tuple implementation.
+#  ifdef BOOST_HAS_TR1_TUPLE
+#   undef BOOST_HAS_TR1_TUPLE
+#  endif  // BOOST_HAS_TR1_TUPLE
+
+// This prevents <boost/tr1/detail/config.hpp>, which defines
+// BOOST_HAS_TR1_TUPLE, from being #included by Boost's <tuple>.
+#  define BOOST_TR1_DETAIL_CONFIG_HPP_INCLUDED
+#  include <tuple>  // IWYU pragma: export  // NOLINT
+
+# elif defined(__GNUC__) && (GTEST_GCC_VER_ >= 40000)
+// GCC 4.0+ implements tr1/tuple in the <tr1/tuple> header.  This does
+// not conform to the TR1 spec, which requires the header to be <tuple>.
+
+#  if !GTEST_HAS_RTTI && GTEST_GCC_VER_ < 40302
+// Until version 4.3.2, gcc has a bug that causes <tr1/functional>,
+// which is #included by <tr1/tuple>, to not compile when RTTI is
+// disabled.  _TR1_FUNCTIONAL is the header guard for
+// <tr1/functional>.  Hence the following #define is a hack to prevent
+// <tr1/functional> from being included.
+#   define _TR1_FUNCTIONAL 1
+#   include <tr1/tuple>
+#   undef _TR1_FUNCTIONAL  // Allows the user to #include
+                        // <tr1/functional> if he chooses to.
+#  else
+#   include <tr1/tuple>  // NOLINT
+#  endif  // !GTEST_HAS_RTTI && GTEST_GCC_VER_ < 40302
+
+# else
+// If the compiler is not GCC 4.0+, we assume the user is using a
+// spec-conforming TR1 implementation.
+#  include <tuple>  // IWYU pragma: export  // NOLINT
+# endif  // GTEST_USE_OWN_TR1_TUPLE
+
+#endif  // GTEST_HAS_TR1_TUPLE
+
+// Determines whether clone(2) is supported.
+// Usually it will only be available on Linux, excluding
+// Linux on the Itanium architecture.
+// Also see http://linux.die.net/man/2/clone.
+#ifndef GTEST_HAS_CLONE
+// The user didn't tell us, so we need to figure it out.
+
+# if GTEST_OS_LINUX && !defined(__ia64__)
+#  if GTEST_OS_LINUX_ANDROID
+// On Android, clone() is only available on ARM starting with Gingerbread.
+#    if defined(__arm__) && __ANDROID_API__ >= 9
+#     define GTEST_HAS_CLONE 1
+#    else
+#     define GTEST_HAS_CLONE 0
+#    endif
+#  else
+#   define GTEST_HAS_CLONE 1
+#  endif
+# else
+#  define GTEST_HAS_CLONE 0
+# endif  // GTEST_OS_LINUX && !defined(__ia64__)
+
+#endif  // GTEST_HAS_CLONE
+
+// Determines whether to support stream redirection. This is used to test
+// output correctness and to implement death tests.
+#ifndef GTEST_HAS_STREAM_REDIRECTION
+// By default, we assume that stream redirection is supported on all
+// platforms except known mobile ones.
+# if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_SYMBIAN || \
+    GTEST_OS_WINDOWS_PHONE || GTEST_OS_WINDOWS_RT
+#  define GTEST_HAS_STREAM_REDIRECTION 0
+# else
+#  define GTEST_HAS_STREAM_REDIRECTION 1
+# endif  // !GTEST_OS_WINDOWS_MOBILE && !GTEST_OS_SYMBIAN
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+// Determines whether to support death tests.
+// Google Test does not support death tests for VC 7.1 and earlier as
+// abort() in a VC 7.1 application compiled as GUI in debug config
+// pops up a dialog window that cannot be suppressed programmatically.
+#if (GTEST_OS_LINUX || GTEST_OS_CYGWIN || GTEST_OS_SOLARIS || \
+     (GTEST_OS_MAC && !GTEST_OS_IOS) || GTEST_OS_IOS_SIMULATOR || \
+     (GTEST_OS_WINDOWS_DESKTOP && _MSC_VER >= 1400) || \
+     GTEST_OS_WINDOWS_MINGW || GTEST_OS_AIX || GTEST_OS_HPUX || \
+     GTEST_OS_OPENBSD || GTEST_OS_QNX)
+# define GTEST_HAS_DEATH_TEST 1
+# include <vector>  // NOLINT
+#endif
+
+// We don't support MSVC 7.1 with exceptions disabled now.  Therefore
+// all the compilers we care about are adequate for supporting
+// value-parameterized tests.
+#define GTEST_HAS_PARAM_TEST 1
+
+// Determines whether to support type-driven tests.
+
+// Typed tests need <typeinfo> and variadic macros, which GCC, VC++ 8.0,
+// Sun Pro CC, IBM Visual Age, and HP aCC support.
+#if defined(__GNUC__) || (_MSC_VER >= 1400) || defined(__SUNPRO_CC) || \
+    defined(__IBMCPP__) || defined(__HP_aCC)
+# define GTEST_HAS_TYPED_TEST 1
+# define GTEST_HAS_TYPED_TEST_P 1
+#endif
+
+// Determines whether to support Combine(). This only makes sense when
+// value-parameterized tests are enabled.  The implementation doesn't
+// work on Sun Studio since it doesn't understand templated conversion
+// operators.
+#if GTEST_HAS_PARAM_TEST && GTEST_HAS_TR1_TUPLE && !defined(__SUNPRO_CC)
+# define GTEST_HAS_COMBINE 1
+#endif
+
+// Determines whether the system compiler uses UTF-16 for encoding wide strings.
+#define GTEST_WIDE_STRING_USES_UTF16_ \
+    (GTEST_OS_WINDOWS || GTEST_OS_CYGWIN || GTEST_OS_SYMBIAN || GTEST_OS_AIX)
+
+// Determines whether test results can be streamed to a socket.
+#if GTEST_OS_LINUX
+# define GTEST_CAN_STREAM_RESULTS_ 1
+#endif
+
+// Defines some utility macros.
+
+// The GNU compiler emits a warning if nested "if" statements are followed by
+// an "else" statement and braces are not used to explicitly disambiguate the
+// "else" binding.  This leads to problems with code like:
+//
+//   if (gate)
+//     ASSERT_*(condition) << "Some message";
+//
+// The "switch (0) case 0:" idiom is used to suppress this.
+#ifdef __INTEL_COMPILER
+# define GTEST_AMBIGUOUS_ELSE_BLOCKER_
+#else
+# define GTEST_AMBIGUOUS_ELSE_BLOCKER_ switch (0) case 0: default:  // NOLINT
+#endif
+
+// Use this annotation at the end of a struct/class definition to
+// prevent the compiler from optimizing away instances that are never
+// used.  This is useful when all interesting logic happens inside the
+// c'tor and / or d'tor.  Example:
+//
+//   struct Foo {
+//     Foo() { ... }
+//   } GTEST_ATTRIBUTE_UNUSED_;
+//
+// Also use it after a variable or parameter declaration to tell the
+// compiler the variable/parameter does not have to be used.
+#if defined(__GNUC__) && !defined(COMPILER_ICC)
+# define GTEST_ATTRIBUTE_UNUSED_ __attribute__ ((unused))
+#else
+# define GTEST_ATTRIBUTE_UNUSED_
+#endif
+
+// A macro to disallow operator=
+// This should be used in the private: declarations for a class.
+#define GTEST_DISALLOW_ASSIGN_(type)\
+  void operator=(type const &)
+
+// A macro to disallow copy constructor and operator=
+// This should be used in the private: declarations for a class.
+#define GTEST_DISALLOW_COPY_AND_ASSIGN_(type)\
+  type(type const &);\
+  GTEST_DISALLOW_ASSIGN_(type)
+
+// Tell the compiler to warn about unused return values for functions declared
+// with this macro.  The macro should be used on function declarations
+// following the argument list:
+//
+//   Sprocket* AllocateSprocket() GTEST_MUST_USE_RESULT_;
+#if defined(__GNUC__) && (GTEST_GCC_VER_ >= 30400) && !defined(COMPILER_ICC)
+# define GTEST_MUST_USE_RESULT_ __attribute__ ((warn_unused_result))
+#else
+# define GTEST_MUST_USE_RESULT_
+#endif  // __GNUC__ && (GTEST_GCC_VER_ >= 30400) && !COMPILER_ICC
+
+#if GTEST_LANG_CXX11
+# define GTEST_MOVE_(x) ::std::move(x)  // NOLINT
+#else
+# define GTEST_MOVE_(x) x
+#endif
+
+// MS C++ compiler emits warning when a conditional expression is compile time
+// constant. In some contexts this warning is false positive and needs to be
+// suppressed. Use the following two macros in such cases:
+//
+// GTEST_INTENTIONAL_CONST_COND_PUSH_()
+// while (true) {
+// GTEST_INTENTIONAL_CONST_COND_POP_()
+// }
+# define GTEST_INTENTIONAL_CONST_COND_PUSH_() \
+    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4127)
+# define GTEST_INTENTIONAL_CONST_COND_POP_() \
+    GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+// Determine whether the compiler supports Microsoft's Structured Exception
+// Handling.  This is supported by several Windows compilers but generally
+// does not exist on any other system.
+#ifndef GTEST_HAS_SEH
+// The user didn't tell us, so we need to figure it out.
+
+# if defined(_MSC_VER) || defined(__BORLANDC__)
+// These two compilers are known to support SEH.
+#  define GTEST_HAS_SEH 1
+# else
+// Assume no SEH.
+#  define GTEST_HAS_SEH 0
+# endif
+
+#define GTEST_IS_THREADSAFE \
+    (0 \
+     || (GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT) \
+     || GTEST_HAS_PTHREAD)
+
+#endif  // GTEST_HAS_SEH
+
+#ifdef _MSC_VER
+
+# if GTEST_LINKED_AS_SHARED_LIBRARY
+#  define GTEST_API_ __declspec(dllimport)
+# elif GTEST_CREATE_SHARED_LIBRARY
+#  define GTEST_API_ __declspec(dllexport)
+# endif
+
+#endif  // _MSC_VER
+
+#ifndef GTEST_API_
+# define GTEST_API_
+#endif
+
+#ifdef __GNUC__
+// Ask the compiler to never inline a given function.
+# define GTEST_NO_INLINE_ __attribute__((noinline))
+#else
+# define GTEST_NO_INLINE_
+#endif
+
+// _LIBCPP_VERSION is defined by the libc++ library from the LLVM project.
+#if defined(__GLIBCXX__) || defined(_LIBCPP_VERSION)
+# define GTEST_HAS_CXXABI_H_ 1
+#else
+# define GTEST_HAS_CXXABI_H_ 0
+#endif
+
+// A function level attribute to disable checking for use of uninitialized
+// memory when built with MemorySanitizer.
+#if defined(__clang__)
+# if __has_feature(memory_sanitizer)
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_ \
+       __attribute__((no_sanitize_memory))
+# else
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+# endif  // __has_feature(memory_sanitizer)
+#else
+# define GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+#endif  // __clang__
+
+// A function level attribute to disable AddressSanitizer instrumentation.
+#if defined(__clang__)
+# if __has_feature(address_sanitizer)
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_ \
+       __attribute__((no_sanitize_address))
+# else
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+# endif  // __has_feature(address_sanitizer)
+#else
+# define GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+#endif  // __clang__
+
+// A function level attribute to disable ThreadSanitizer instrumentation.
+#if defined(__clang__)
+# if __has_feature(thread_sanitizer)
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_ \
+       __attribute__((no_sanitize_thread))
+# else
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+# endif  // __has_feature(thread_sanitizer)
+#else
+# define GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+#endif  // __clang__
+
+namespace testing {
+
+class Message;
+
+#if defined(GTEST_TUPLE_NAMESPACE_)
+// Import tuple and friends into the ::testing namespace.
+// It is part of our interface, having them in ::testing allows us to change
+// their types as needed.
+using GTEST_TUPLE_NAMESPACE_::get;
+using GTEST_TUPLE_NAMESPACE_::make_tuple;
+using GTEST_TUPLE_NAMESPACE_::tuple;
+using GTEST_TUPLE_NAMESPACE_::tuple_size;
+using GTEST_TUPLE_NAMESPACE_::tuple_element;
+#endif  // defined(GTEST_TUPLE_NAMESPACE_)
+
+namespace internal {
+
+// A secret type that Google Test users don't know about.  It has no
+// definition on purpose.  Therefore it's impossible to create a
+// Secret object, which is what we want.
+class Secret;
+
+// The GTEST_COMPILE_ASSERT_ macro can be used to verify that a compile time
+// expression is true. For example, you could use it to verify the
+// size of a static array:
+//
+//   GTEST_COMPILE_ASSERT_(GTEST_ARRAY_SIZE_(names) == NUM_NAMES,
+//                         names_incorrect_size);
+//
+// or to make sure a struct is smaller than a certain size:
+//
+//   GTEST_COMPILE_ASSERT_(sizeof(foo) < 128, foo_too_large);
+//
+// The second argument to the macro is the name of the variable. If
+// the expression is false, most compilers will issue a warning/error
+// containing the name of the variable.
+
+template <bool>
+struct CompileAssert {
+};
+
+#define GTEST_COMPILE_ASSERT_(expr, msg) \
+  typedef ::testing::internal::CompileAssert<(static_cast<bool>(expr))> \
+      msg[static_cast<bool>(expr) ? 1 : -1] GTEST_ATTRIBUTE_UNUSED_
+
+// Implementation details of GTEST_COMPILE_ASSERT_:
+//
+// - GTEST_COMPILE_ASSERT_ works by defining an array type that has -1
+//   elements (and thus is invalid) when the expression is false.
+//
+// - The simpler definition
+//
+//    #define GTEST_COMPILE_ASSERT_(expr, msg) typedef char msg[(expr) ? 1 : -1]
+//
+//   does not work, as gcc supports variable-length arrays whose sizes
+//   are determined at run-time (this is gcc's extension and not part
+//   of the C++ standard).  As a result, gcc fails to reject the
+//   following code with the simple definition:
+//
+//     int foo;
+//     GTEST_COMPILE_ASSERT_(foo, msg); // not supposed to compile as foo is
+//                                      // not a compile-time constant.
+//
+// - By using the type CompileAssert<(bool(expr))>, we ensures that
+//   expr is a compile-time constant.  (Template arguments must be
+//   determined at compile-time.)
+//
+// - The outter parentheses in CompileAssert<(bool(expr))> are necessary
+//   to work around a bug in gcc 3.4.4 and 4.0.1.  If we had written
+//
+//     CompileAssert<bool(expr)>
+//
+//   instead, these compilers will refuse to compile
+//
+//     GTEST_COMPILE_ASSERT_(5 > 0, some_message);
+//
+//   (They seem to think the ">" in "5 > 0" marks the end of the
+//   template argument list.)
+//
+// - The array size is (bool(expr) ? 1 : -1), instead of simply
+//
+//     ((expr) ? 1 : -1).
+//
+//   This is to avoid running into a bug in MS VC 7.1, which
+//   causes ((0.0) ? 1 : -1) to incorrectly evaluate to 1.
+
+// StaticAssertTypeEqHelper is used by StaticAssertTypeEq defined in gtest.h.
+//
+// This template is declared, but intentionally undefined.
+template <typename T1, typename T2>
+struct StaticAssertTypeEqHelper;
+
+template <typename T>
+struct StaticAssertTypeEqHelper<T, T> {
+  enum { value = true };
+};
+
+// Evaluates to the number of elements in 'array'.
+#define GTEST_ARRAY_SIZE_(array) (sizeof(array) / sizeof(array[0]))
+
+#if GTEST_HAS_GLOBAL_STRING
+typedef ::string string;
+#else
+typedef ::std::string string;
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+typedef ::wstring wstring;
+#elif GTEST_HAS_STD_WSTRING
+typedef ::std::wstring wstring;
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// A helper for suppressing warnings on constant condition.  It just
+// returns 'condition'.
+GTEST_API_ bool IsTrue(bool condition);
+
+// Defines scoped_ptr.
+
+// This implementation of scoped_ptr is PARTIAL - it only contains
+// enough stuff to satisfy Google Test's need.
+template <typename T>
+class scoped_ptr {
+ public:
+  typedef T element_type;
+
+  explicit scoped_ptr(T* p = NULL) : ptr_(p) {}
+  ~scoped_ptr() { reset(); }
+
+  T& operator*() const { return *ptr_; }
+  T* operator->() const { return ptr_; }
+  T* get() const { return ptr_; }
+
+  T* release() {
+    T* const ptr = ptr_;
+    ptr_ = NULL;
+    return ptr;
+  }
+
+  void reset(T* p = NULL) {
+    if (p != ptr_) {
+      if (IsTrue(sizeof(T) > 0)) {  // Makes sure T is a complete type.
+        delete ptr_;
+      }
+      ptr_ = p;
+    }
+  }
+
+  friend void swap(scoped_ptr& a, scoped_ptr& b) {
+    using std::swap;
+    swap(a.ptr_, b.ptr_);
+  }
+
+ private:
+  T* ptr_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(scoped_ptr);
+};
+
+// Defines RE.
+
+// A simple C++ wrapper for <regex.h>.  It uses the POSIX Extended
+// Regular Expression syntax.
+class GTEST_API_ RE {
+ public:
+  // A copy constructor is required by the Standard to initialize object
+  // references from r-values.
+  RE(const RE& other) { Init(other.pattern()); }
+
+  // Constructs an RE from a string.
+  RE(const ::std::string& regex) { Init(regex.c_str()); }  // NOLINT
+
+#if GTEST_HAS_GLOBAL_STRING
+
+  RE(const ::string& regex) { Init(regex.c_str()); }  // NOLINT
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+  RE(const char* regex) { Init(regex); }  // NOLINT
+  ~RE();
+
+  // Returns the string representation of the regex.
+  const char* pattern() const { return pattern_; }
+
+  // FullMatch(str, re) returns true iff regular expression re matches
+  // the entire str.
+  // PartialMatch(str, re) returns true iff regular expression re
+  // matches a substring of str (including str itself).
+  //
+  // TODO(wan@google.com): make FullMatch() and PartialMatch() work
+  // when str contains NUL characters.
+  static bool FullMatch(const ::std::string& str, const RE& re) {
+    return FullMatch(str.c_str(), re);
+  }
+  static bool PartialMatch(const ::std::string& str, const RE& re) {
+    return PartialMatch(str.c_str(), re);
+  }
+
+#if GTEST_HAS_GLOBAL_STRING
+
+  static bool FullMatch(const ::string& str, const RE& re) {
+    return FullMatch(str.c_str(), re);
+  }
+  static bool PartialMatch(const ::string& str, const RE& re) {
+    return PartialMatch(str.c_str(), re);
+  }
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+  static bool FullMatch(const char* str, const RE& re);
+  static bool PartialMatch(const char* str, const RE& re);
+
+ private:
+  void Init(const char* regex);
+
+  // We use a const char* instead of an std::string, as Google Test used to be
+  // used where std::string is not available.  TODO(wan@google.com): change to
+  // std::string.
+  const char* pattern_;
+  bool is_valid_;
+
+#if GTEST_USES_POSIX_RE
+
+  regex_t full_regex_;     // For FullMatch().
+  regex_t partial_regex_;  // For PartialMatch().
+
+#else  // GTEST_USES_SIMPLE_RE
+
+  const char* full_pattern_;  // For FullMatch();
+
+#endif
+
+  GTEST_DISALLOW_ASSIGN_(RE);
+};
+
+// Formats a source file path and a line number as they would appear
+// in an error message from the compiler used to compile this code.
+GTEST_API_ ::std::string FormatFileLocation(const char* file, int line);
+
+// Formats a file location for compiler-independent XML output.
+// Although this function is not platform dependent, we put it next to
+// FormatFileLocation in order to contrast the two functions.
+GTEST_API_ ::std::string FormatCompilerIndependentFileLocation(const char* file,
+                                                               int line);
+
+// Defines logging utilities:
+//   GTEST_LOG_(severity) - logs messages at the specified severity level. The
+//                          message itself is streamed into the macro.
+//   LogToStderr()  - directs all log messages to stderr.
+//   FlushInfoLog() - flushes informational log messages.
+
+enum GTestLogSeverity {
+  GTEST_INFO,
+  GTEST_WARNING,
+  GTEST_ERROR,
+  GTEST_FATAL
+};
+
+// Formats log entry severity, provides a stream object for streaming the
+// log message, and terminates the message with a newline when going out of
+// scope.
+class GTEST_API_ GTestLog {
+ public:
+  GTestLog(GTestLogSeverity severity, const char* file, int line);
+
+  // Flushes the buffers and, if severity is GTEST_FATAL, aborts the program.
+  ~GTestLog();
+
+  ::std::ostream& GetStream() { return ::std::cerr; }
+
+ private:
+  const GTestLogSeverity severity_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(GTestLog);
+};
+
+#define GTEST_LOG_(severity) \
+    ::testing::internal::GTestLog(::testing::internal::GTEST_##severity, \
+                                  __FILE__, __LINE__).GetStream()
+
+inline void LogToStderr() {}
+inline void FlushInfoLog() { fflush(NULL); }
+
+// INTERNAL IMPLEMENTATION - DO NOT USE.
+//
+// GTEST_CHECK_ is an all-mode assert. It aborts the program if the condition
+// is not satisfied.
+//  Synopsys:
+//    GTEST_CHECK_(boolean_condition);
+//     or
+//    GTEST_CHECK_(boolean_condition) << "Additional message";
+//
+//    This checks the condition and if the condition is not satisfied
+//    it prints message about the condition violation, including the
+//    condition itself, plus additional message streamed into it, if any,
+//    and then it aborts the program. It aborts the program irrespective of
+//    whether it is built in the debug mode or not.
+#define GTEST_CHECK_(condition) \
+    GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+    if (::testing::internal::IsTrue(condition)) \
+      ; \
+    else \
+      GTEST_LOG_(FATAL) << "Condition " #condition " failed. "
+
+// An all-mode assert to verify that the given POSIX-style function
+// call returns 0 (indicating success).  Known limitation: this
+// doesn't expand to a balanced 'if' statement, so enclose the macro
+// in {} if you need to use it as the only statement in an 'if'
+// branch.
+#define GTEST_CHECK_POSIX_SUCCESS_(posix_call) \
+  if (const int gtest_error = (posix_call)) \
+    GTEST_LOG_(FATAL) << #posix_call << "failed with error " \
+                      << gtest_error
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Use ImplicitCast_ as a safe version of static_cast for upcasting in
+// the type hierarchy (e.g. casting a Foo* to a SuperclassOfFoo* or a
+// const Foo*).  When you use ImplicitCast_, the compiler checks that
+// the cast is safe.  Such explicit ImplicitCast_s are necessary in
+// surprisingly many situations where C++ demands an exact type match
+// instead of an argument type convertable to a target type.
+//
+// The syntax for using ImplicitCast_ is the same as for static_cast:
+//
+//   ImplicitCast_<ToType>(expr)
+//
+// ImplicitCast_ would have been part of the C++ standard library,
+// but the proposal was submitted too late.  It will probably make
+// its way into the language in the future.
+//
+// This relatively ugly name is intentional. It prevents clashes with
+// similar functions users may have (e.g., implicit_cast). The internal
+// namespace alone is not enough because the function can be found by ADL.
+template<typename To>
+inline To ImplicitCast_(To x) { return x; }
+
+// When you upcast (that is, cast a pointer from type Foo to type
+// SuperclassOfFoo), it's fine to use ImplicitCast_<>, since upcasts
+// always succeed.  When you downcast (that is, cast a pointer from
+// type Foo to type SubclassOfFoo), static_cast<> isn't safe, because
+// how do you know the pointer is really of type SubclassOfFoo?  It
+// could be a bare Foo, or of type DifferentSubclassOfFoo.  Thus,
+// when you downcast, you should use this macro.  In debug mode, we
+// use dynamic_cast<> to double-check the downcast is legal (we die
+// if it's not).  In normal mode, we do the efficient static_cast<>
+// instead.  Thus, it's important to test in debug mode to make sure
+// the cast is legal!
+//    This is the only place in the code we should use dynamic_cast<>.
+// In particular, you SHOULDN'T be using dynamic_cast<> in order to
+// do RTTI (eg code like this:
+//    if (dynamic_cast<Subclass1>(foo)) HandleASubclass1Object(foo);
+//    if (dynamic_cast<Subclass2>(foo)) HandleASubclass2Object(foo);
+// You should design the code some other way not to need this.
+//
+// This relatively ugly name is intentional. It prevents clashes with
+// similar functions users may have (e.g., down_cast). The internal
+// namespace alone is not enough because the function can be found by ADL.
+template<typename To, typename From>  // use like this: DownCast_<T*>(foo);
+inline To DownCast_(From* f) {  // so we only accept pointers
+  // Ensures that To is a sub-type of From *.  This test is here only
+  // for compile-time type checking, and has no overhead in an
+  // optimized build at run-time, as it will be optimized away
+  // completely.
+  GTEST_INTENTIONAL_CONST_COND_PUSH_()
+  if (false) {
+  GTEST_INTENTIONAL_CONST_COND_POP_()
+    const To to = NULL;
+    ::testing::internal::ImplicitCast_<From*>(to);
+  }
+
+#if GTEST_HAS_RTTI
+  // RTTI: debug mode only!
+  GTEST_CHECK_(f == NULL || dynamic_cast<To>(f) != NULL);
+#endif
+  return static_cast<To>(f);
+}
+
+// Downcasts the pointer of type Base to Derived.
+// Derived must be a subclass of Base. The parameter MUST
+// point to a class of type Derived, not any subclass of it.
+// When RTTI is available, the function performs a runtime
+// check to enforce this.
+template <class Derived, class Base>
+Derived* CheckedDowncastToActualType(Base* base) {
+#if GTEST_HAS_RTTI
+  GTEST_CHECK_(typeid(*base) == typeid(Derived));
+  return dynamic_cast<Derived*>(base);  // NOLINT
+#else
+  return static_cast<Derived*>(base);  // Poor man's downcast.
+#endif
+}
+
+#if GTEST_HAS_STREAM_REDIRECTION
+
+// Defines the stderr capturer:
+//   CaptureStdout     - starts capturing stdout.
+//   GetCapturedStdout - stops capturing stdout and returns the captured string.
+//   CaptureStderr     - starts capturing stderr.
+//   GetCapturedStderr - stops capturing stderr and returns the captured string.
+//
+GTEST_API_ void CaptureStdout();
+GTEST_API_ std::string GetCapturedStdout();
+GTEST_API_ void CaptureStderr();
+GTEST_API_ std::string GetCapturedStderr();
+
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+
+#if GTEST_HAS_DEATH_TEST
+
+const ::std::vector<testing::internal::string>& GetInjectableArgvs();
+void SetInjectableArgvs(const ::std::vector<testing::internal::string>*
+                             new_argvs);
+
+// A copy of all command line arguments.  Set by InitGoogleTest().
+extern ::std::vector<testing::internal::string> g_argvs;
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Defines synchronization primitives.
+#if GTEST_IS_THREADSAFE
+# if GTEST_HAS_PTHREAD
+// Sleeps for (roughly) n milliseconds.  This function is only for testing
+// Google Test's own constructs.  Don't use it in user tests, either
+// directly or indirectly.
+inline void SleepMilliseconds(int n) {
+  const timespec time = {
+    0,                  // 0 seconds.
+    n * 1000L * 1000L,  // And n ms.
+  };
+  nanosleep(&time, NULL);
+}
+# endif  // GTEST_HAS_PTHREAD
+
+# if 0  // OS detection
+# elif GTEST_HAS_PTHREAD
+// Allows a controller thread to pause execution of newly created
+// threads until notified.  Instances of this class must be created
+// and destroyed in the controller thread.
+//
+// This class is only for testing Google Test's own constructs. Do not
+// use it in user tests, either directly or indirectly.
+class Notification {
+ public:
+  Notification() : notified_(false) {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_init(&mutex_, NULL));
+  }
+  ~Notification() {
+    pthread_mutex_destroy(&mutex_);
+  }
+
+  // Notifies all threads created with this notification to start. Must
+  // be called from the controller thread.
+  void Notify() {
+    pthread_mutex_lock(&mutex_);
+    notified_ = true;
+    pthread_mutex_unlock(&mutex_);
+  }
+
+  // Blocks until the controller thread notifies. Must be called from a test
+  // thread.
+  void WaitForNotification() {
+    for (;;) {
+      pthread_mutex_lock(&mutex_);
+      const bool notified = notified_;
+      pthread_mutex_unlock(&mutex_);
+      if (notified)
+        break;
+      SleepMilliseconds(10);
+    }
+  }
+
+ private:
+  pthread_mutex_t mutex_;
+  bool notified_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Notification);
+};
+
+# elif GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+
+GTEST_API_ void SleepMilliseconds(int n);
+
+// Provides leak-safe Windows kernel handle ownership.
+// Used in death tests and in threading support.
+class GTEST_API_ AutoHandle {
+ public:
+  // Assume that Win32 HANDLE type is equivalent to void*. Doing so allows us to
+  // avoid including <windows.h> in this header file. Including <windows.h> is
+  // undesirable because it defines a lot of symbols and macros that tend to
+  // conflict with client code. This assumption is verified by
+  // WindowsTypesTest.HANDLEIsVoidStar.
+  typedef void* Handle;
+  AutoHandle();
+  explicit AutoHandle(Handle handle);
+
+  ~AutoHandle();
+
+  Handle Get() const;
+  void Reset();
+  void Reset(Handle handle);
+
+ private:
+  // Returns true iff the handle is a valid handle object that can be closed.
+  bool IsCloseable() const;
+
+  Handle handle_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(AutoHandle);
+};
+
+// Allows a controller thread to pause execution of newly created
+// threads until notified.  Instances of this class must be created
+// and destroyed in the controller thread.
+//
+// This class is only for testing Google Test's own constructs. Do not
+// use it in user tests, either directly or indirectly.
+class GTEST_API_ Notification {
+ public:
+  Notification();
+  void Notify();
+  void WaitForNotification();
+
+ private:
+  AutoHandle event_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Notification);
+};
+# endif  // OS detection
+
+// On MinGW, we can have both GTEST_OS_WINDOWS and GTEST_HAS_PTHREAD
+// defined, but we don't want to use MinGW's pthreads implementation, which
+// has conformance problems with some versions of the POSIX standard.
+# if GTEST_HAS_PTHREAD && !GTEST_OS_WINDOWS_MINGW
+
+// As a C-function, ThreadFuncWithCLinkage cannot be templated itself.
+// Consequently, it cannot select a correct instantiation of ThreadWithParam
+// in order to call its Run(). Introducing ThreadWithParamBase as a
+// non-templated base class for ThreadWithParam allows us to bypass this
+// problem.
+class ThreadWithParamBase {
+ public:
+  virtual ~ThreadWithParamBase() {}
+  virtual void Run() = 0;
+};
+
+// pthread_create() accepts a pointer to a function type with the C linkage.
+// According to the Standard (7.5/1), function types with different linkages
+// are different even if they are otherwise identical.  Some compilers (for
+// example, SunStudio) treat them as different types.  Since class methods
+// cannot be defined with C-linkage we need to define a free C-function to
+// pass into pthread_create().
+extern "C" inline void* ThreadFuncWithCLinkage(void* thread) {
+  static_cast<ThreadWithParamBase*>(thread)->Run();
+  return NULL;
+}
+
+// Helper class for testing Google Test's multi-threading constructs.
+// To use it, write:
+//
+//   void ThreadFunc(int param) { /* Do things with param */ }
+//   Notification thread_can_start;
+//   ...
+//   // The thread_can_start parameter is optional; you can supply NULL.
+//   ThreadWithParam<int> thread(&ThreadFunc, 5, &thread_can_start);
+//   thread_can_start.Notify();
+//
+// These classes are only for testing Google Test's own constructs. Do
+// not use them in user tests, either directly or indirectly.
+template <typename T>
+class ThreadWithParam : public ThreadWithParamBase {
+ public:
+  typedef void UserThreadFunc(T);
+
+  ThreadWithParam(UserThreadFunc* func, T param, Notification* thread_can_start)
+      : func_(func),
+        param_(param),
+        thread_can_start_(thread_can_start),
+        finished_(false) {
+    ThreadWithParamBase* const base = this;
+    // The thread can be created only after all fields except thread_
+    // have been initialized.
+    GTEST_CHECK_POSIX_SUCCESS_(
+        pthread_create(&thread_, 0, &ThreadFuncWithCLinkage, base));
+  }
+  ~ThreadWithParam() { Join(); }
+
+  void Join() {
+    if (!finished_) {
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_join(thread_, 0));
+      finished_ = true;
+    }
+  }
+
+  virtual void Run() {
+    if (thread_can_start_ != NULL)
+      thread_can_start_->WaitForNotification();
+    func_(param_);
+  }
+
+ private:
+  UserThreadFunc* const func_;  // User-supplied thread function.
+  const T param_;  // User-supplied parameter to the thread function.
+  // When non-NULL, used to block execution until the controller thread
+  // notifies.
+  Notification* const thread_can_start_;
+  bool finished_;  // true iff we know that the thread function has finished.
+  pthread_t thread_;  // The native thread object.
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadWithParam);
+};
+# endif  // GTEST_HAS_PTHREAD && !GTEST_OS_WINDOWS_MINGW
+
+# if 0  // OS detection
+# elif GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+
+// Mutex implements mutex on Windows platforms.  It is used in conjunction
+// with class MutexLock:
+//
+//   Mutex mutex;
+//   ...
+//   MutexLock lock(&mutex);  // Acquires the mutex and releases it at the
+//                            // end of the current scope.
+//
+// A static Mutex *must* be defined or declared using one of the following
+// macros:
+//   GTEST_DEFINE_STATIC_MUTEX_(g_some_mutex);
+//   GTEST_DECLARE_STATIC_MUTEX_(g_some_mutex);
+//
+// (A non-static Mutex is defined/declared in the usual way).
+class GTEST_API_ Mutex {
+ public:
+  enum MutexType { kStatic = 0, kDynamic = 1 };
+  // We rely on kStaticMutex being 0 as it is to what the linker initializes
+  // type_ in static mutexes.  critical_section_ will be initialized lazily
+  // in ThreadSafeLazyInit().
+  enum StaticConstructorSelector { kStaticMutex = 0 };
+
+  // This constructor intentionally does nothing.  It relies on type_ being
+  // statically initialized to 0 (effectively setting it to kStatic) and on
+  // ThreadSafeLazyInit() to lazily initialize the rest of the members.
+  explicit Mutex(StaticConstructorSelector /*dummy*/) {}
+
+  Mutex();
+  ~Mutex();
+
+  void Lock();
+
+  void Unlock();
+
+  // Does nothing if the current thread holds the mutex. Otherwise, crashes
+  // with high probability.
+  void AssertHeld();
+
+ private:
+  // Initializes owner_thread_id_ and critical_section_ in static mutexes.
+  void ThreadSafeLazyInit();
+
+  // Per http://blogs.msdn.com/b/oldnewthing/archive/2004/02/23/78395.aspx,
+  // we assume that 0 is an invalid value for thread IDs.
+  unsigned int owner_thread_id_;
+
+  // For static mutexes, we rely on these members being initialized to zeros
+  // by the linker.
+  MutexType type_;
+  long critical_section_init_phase_;  // NOLINT
+  _RTL_CRITICAL_SECTION* critical_section_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Mutex);
+};
+
+# define GTEST_DECLARE_STATIC_MUTEX_(mutex) \
+    extern ::testing::internal::Mutex mutex
+
+# define GTEST_DEFINE_STATIC_MUTEX_(mutex) \
+    ::testing::internal::Mutex mutex(::testing::internal::Mutex::kStaticMutex)
+
+// We cannot name this class MutexLock because the ctor declaration would
+// conflict with a macro named MutexLock, which is defined on some
+// platforms. That macro is used as a defensive measure to prevent against
+// inadvertent misuses of MutexLock like "MutexLock(&mu)" rather than
+// "MutexLock l(&mu)".  Hence the typedef trick below.
+class GTestMutexLock {
+ public:
+  explicit GTestMutexLock(Mutex* mutex)
+      : mutex_(mutex) { mutex_->Lock(); }
+
+  ~GTestMutexLock() { mutex_->Unlock(); }
+
+ private:
+  Mutex* const mutex_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(GTestMutexLock);
+};
+
+typedef GTestMutexLock MutexLock;
+
+// Base class for ValueHolder<T>.  Allows a caller to hold and delete a value
+// without knowing its type.
+class ThreadLocalValueHolderBase {
+ public:
+  virtual ~ThreadLocalValueHolderBase() {}
+};
+
+// Provides a way for a thread to send notifications to a ThreadLocal
+// regardless of its parameter type.
+class ThreadLocalBase {
+ public:
+  // Creates a new ValueHolder<T> object holding a default value passed to
+  // this ThreadLocal<T>'s constructor and returns it.  It is the caller's
+  // responsibility not to call this when the ThreadLocal<T> instance already
+  // has a value on the current thread.
+  virtual ThreadLocalValueHolderBase* NewValueForCurrentThread() const = 0;
+
+ protected:
+  ThreadLocalBase() {}
+  virtual ~ThreadLocalBase() {}
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadLocalBase);
+};
+
+// Maps a thread to a set of ThreadLocals that have values instantiated on that
+// thread and notifies them when the thread exits.  A ThreadLocal instance is
+// expected to persist until all threads it has values on have terminated.
+class GTEST_API_ ThreadLocalRegistry {
+ public:
+  // Registers thread_local_instance as having value on the current thread.
+  // Returns a value that can be used to identify the thread from other threads.
+  static ThreadLocalValueHolderBase* GetValueOnCurrentThread(
+      const ThreadLocalBase* thread_local_instance);
+
+  // Invoked when a ThreadLocal instance is destroyed.
+  static void OnThreadLocalDestroyed(
+      const ThreadLocalBase* thread_local_instance);
+};
+
+class GTEST_API_ ThreadWithParamBase {
+ public:
+  void Join();
+
+ protected:
+  class Runnable {
+   public:
+    virtual ~Runnable() {}
+    virtual void Run() = 0;
+  };
+
+  ThreadWithParamBase(Runnable *runnable, Notification* thread_can_start);
+  virtual ~ThreadWithParamBase();
+
+ private:
+  AutoHandle thread_;
+};
+
+// Helper class for testing Google Test's multi-threading constructs.
+template <typename T>
+class ThreadWithParam : public ThreadWithParamBase {
+ public:
+  typedef void UserThreadFunc(T);
+
+  ThreadWithParam(UserThreadFunc* func, T param, Notification* thread_can_start)
+      : ThreadWithParamBase(new RunnableImpl(func, param), thread_can_start) {
+  }
+  virtual ~ThreadWithParam() {}
+
+ private:
+  class RunnableImpl : public Runnable {
+   public:
+    RunnableImpl(UserThreadFunc* func, T param)
+        : func_(func),
+          param_(param) {
+    }
+    virtual ~RunnableImpl() {}
+    virtual void Run() {
+      func_(param_);
+    }
+
+   private:
+    UserThreadFunc* const func_;
+    const T param_;
+
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(RunnableImpl);
+  };
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadWithParam);
+};
+
+// Implements thread-local storage on Windows systems.
+//
+//   // Thread 1
+//   ThreadLocal<int> tl(100);  // 100 is the default value for each thread.
+//
+//   // Thread 2
+//   tl.set(150);  // Changes the value for thread 2 only.
+//   EXPECT_EQ(150, tl.get());
+//
+//   // Thread 1
+//   EXPECT_EQ(100, tl.get());  // In thread 1, tl has the original value.
+//   tl.set(200);
+//   EXPECT_EQ(200, tl.get());
+//
+// The template type argument T must have a public copy constructor.
+// In addition, the default ThreadLocal constructor requires T to have
+// a public default constructor.
+//
+// The users of a TheadLocal instance have to make sure that all but one
+// threads (including the main one) using that instance have exited before
+// destroying it. Otherwise, the per-thread objects managed for them by the
+// ThreadLocal instance are not guaranteed to be destroyed on all platforms.
+//
+// Google Test only uses global ThreadLocal objects.  That means they
+// will die after main() has returned.  Therefore, no per-thread
+// object managed by Google Test will be leaked as long as all threads
+// using Google Test have exited when main() returns.
+template <typename T>
+class ThreadLocal : public ThreadLocalBase {
+ public:
+  ThreadLocal() : default_() {}
+  explicit ThreadLocal(const T& value) : default_(value) {}
+
+  ~ThreadLocal() { ThreadLocalRegistry::OnThreadLocalDestroyed(this); }
+
+  T* pointer() { return GetOrCreateValue(); }
+  const T* pointer() const { return GetOrCreateValue(); }
+  const T& get() const { return *pointer(); }
+  void set(const T& value) { *pointer() = value; }
+
+ private:
+  // Holds a value of T.  Can be deleted via its base class without the caller
+  // knowing the type of T.
+  class ValueHolder : public ThreadLocalValueHolderBase {
+   public:
+    explicit ValueHolder(const T& value) : value_(value) {}
+
+    T* pointer() { return &value_; }
+
+   private:
+    T value_;
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(ValueHolder);
+  };
+
+
+  T* GetOrCreateValue() const {
+    return static_cast<ValueHolder*>(
+        ThreadLocalRegistry::GetValueOnCurrentThread(this))->pointer();
+  }
+
+  virtual ThreadLocalValueHolderBase* NewValueForCurrentThread() const {
+    return new ValueHolder(default_);
+  }
+
+  const T default_;  // The default value for each thread.
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadLocal);
+};
+
+# elif GTEST_HAS_PTHREAD
+
+// MutexBase and Mutex implement mutex on pthreads-based platforms.
+class MutexBase {
+ public:
+  // Acquires this mutex.
+  void Lock() {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_lock(&mutex_));
+    owner_ = pthread_self();
+    has_owner_ = true;
+  }
+
+  // Releases this mutex.
+  void Unlock() {
+    // Since the lock is being released the owner_ field should no longer be
+    // considered valid. We don't protect writing to has_owner_ here, as it's
+    // the caller's responsibility to ensure that the current thread holds the
+    // mutex when this is called.
+    has_owner_ = false;
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_unlock(&mutex_));
+  }
+
+  // Does nothing if the current thread holds the mutex. Otherwise, crashes
+  // with high probability.
+  void AssertHeld() const {
+    GTEST_CHECK_(has_owner_ && pthread_equal(owner_, pthread_self()))
+        << "The current thread is not holding the mutex @" << this;
+  }
+
+  // A static mutex may be used before main() is entered.  It may even
+  // be used before the dynamic initialization stage.  Therefore we
+  // must be able to initialize a static mutex object at link time.
+  // This means MutexBase has to be a POD and its member variables
+  // have to be public.
+ public:
+  pthread_mutex_t mutex_;  // The underlying pthread mutex.
+  // has_owner_ indicates whether the owner_ field below contains a valid thread
+  // ID and is therefore safe to inspect (e.g., to use in pthread_equal()). All
+  // accesses to the owner_ field should be protected by a check of this field.
+  // An alternative might be to memset() owner_ to all zeros, but there's no
+  // guarantee that a zero'd pthread_t is necessarily invalid or even different
+  // from pthread_self().
+  bool has_owner_;
+  pthread_t owner_;  // The thread holding the mutex.
+};
+
+// Forward-declares a static mutex.
+#  define GTEST_DECLARE_STATIC_MUTEX_(mutex) \
+     extern ::testing::internal::MutexBase mutex
+
+// Defines and statically (i.e. at link time) initializes a static mutex.
+// The initialization list here does not explicitly initialize each field,
+// instead relying on default initialization for the unspecified fields. In
+// particular, the owner_ field (a pthread_t) is not explicitly initialized.
+// This allows initialization to work whether pthread_t is a scalar or struct.
+// The flag -Wmissing-field-initializers must not be specified for this to work.
+#  define GTEST_DEFINE_STATIC_MUTEX_(mutex) \
+     ::testing::internal::MutexBase mutex = { PTHREAD_MUTEX_INITIALIZER, false }
+
+// The Mutex class can only be used for mutexes created at runtime. It
+// shares its API with MutexBase otherwise.
+class Mutex : public MutexBase {
+ public:
+  Mutex() {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_init(&mutex_, NULL));
+    has_owner_ = false;
+  }
+  ~Mutex() {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_destroy(&mutex_));
+  }
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Mutex);
+};
+
+// We cannot name this class MutexLock because the ctor declaration would
+// conflict with a macro named MutexLock, which is defined on some
+// platforms. That macro is used as a defensive measure to prevent against
+// inadvertent misuses of MutexLock like "MutexLock(&mu)" rather than
+// "MutexLock l(&mu)".  Hence the typedef trick below.
+class GTestMutexLock {
+ public:
+  explicit GTestMutexLock(MutexBase* mutex)
+      : mutex_(mutex) { mutex_->Lock(); }
+
+  ~GTestMutexLock() { mutex_->Unlock(); }
+
+ private:
+  MutexBase* const mutex_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(GTestMutexLock);
+};
+
+typedef GTestMutexLock MutexLock;
+
+// Helpers for ThreadLocal.
+
+// pthread_key_create() requires DeleteThreadLocalValue() to have
+// C-linkage.  Therefore it cannot be templatized to access
+// ThreadLocal<T>.  Hence the need for class
+// ThreadLocalValueHolderBase.
+class ThreadLocalValueHolderBase {
+ public:
+  virtual ~ThreadLocalValueHolderBase() {}
+};
+
+// Called by pthread to delete thread-local data stored by
+// pthread_setspecific().
+extern "C" inline void DeleteThreadLocalValue(void* value_holder) {
+  delete static_cast<ThreadLocalValueHolderBase*>(value_holder);
+}
+
+// Implements thread-local storage on pthreads-based systems.
+template <typename T>
+class ThreadLocal {
+ public:
+  ThreadLocal() : key_(CreateKey()),
+                  default_() {}
+  explicit ThreadLocal(const T& value) : key_(CreateKey()),
+                                         default_(value) {}
+
+  ~ThreadLocal() {
+    // Destroys the managed object for the current thread, if any.
+    DeleteThreadLocalValue(pthread_getspecific(key_));
+
+    // Releases resources associated with the key.  This will *not*
+    // delete managed objects for other threads.
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_key_delete(key_));
+  }
+
+  T* pointer() { return GetOrCreateValue(); }
+  const T* pointer() const { return GetOrCreateValue(); }
+  const T& get() const { return *pointer(); }
+  void set(const T& value) { *pointer() = value; }
+
+ private:
+  // Holds a value of type T.
+  class ValueHolder : public ThreadLocalValueHolderBase {
+   public:
+    explicit ValueHolder(const T& value) : value_(value) {}
+
+    T* pointer() { return &value_; }
+
+   private:
+    T value_;
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(ValueHolder);
+  };
+
+  static pthread_key_t CreateKey() {
+    pthread_key_t key;
+    // When a thread exits, DeleteThreadLocalValue() will be called on
+    // the object managed for that thread.
+    GTEST_CHECK_POSIX_SUCCESS_(
+        pthread_key_create(&key, &DeleteThreadLocalValue));
+    return key;
+  }
+
+  T* GetOrCreateValue() const {
+    ThreadLocalValueHolderBase* const holder =
+        static_cast<ThreadLocalValueHolderBase*>(pthread_getspecific(key_));
+    if (holder != NULL) {
+      return CheckedDowncastToActualType<ValueHolder>(holder)->pointer();
+    }
+
+    ValueHolder* const new_holder = new ValueHolder(default_);
+    ThreadLocalValueHolderBase* const holder_base = new_holder;
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_setspecific(key_, holder_base));
+    return new_holder->pointer();
+  }
+
+  // A key pthreads uses for looking up per-thread values.
+  const pthread_key_t key_;
+  const T default_;  // The default value for each thread.
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadLocal);
+};
+
+# endif  // OS detection
+
+#else  // GTEST_IS_THREADSAFE
+
+// A dummy implementation of synchronization primitives (mutex, lock,
+// and thread-local variable).  Necessary for compiling Google Test where
+// mutex is not supported - using Google Test in multiple threads is not
+// supported on such platforms.
+
+class Mutex {
+ public:
+  Mutex() {}
+  void Lock() {}
+  void Unlock() {}
+  void AssertHeld() const {}
+};
+
+# define GTEST_DECLARE_STATIC_MUTEX_(mutex) \
+  extern ::testing::internal::Mutex mutex
+
+# define GTEST_DEFINE_STATIC_MUTEX_(mutex) ::testing::internal::Mutex mutex
+
+// We cannot name this class MutexLock because the ctor declaration would
+// conflict with a macro named MutexLock, which is defined on some
+// platforms. That macro is used as a defensive measure to prevent against
+// inadvertent misuses of MutexLock like "MutexLock(&mu)" rather than
+// "MutexLock l(&mu)".  Hence the typedef trick below.
+class GTestMutexLock {
+ public:
+  explicit GTestMutexLock(Mutex*) {}  // NOLINT
+};
+
+typedef GTestMutexLock MutexLock;
+
+template <typename T>
+class ThreadLocal {
+ public:
+  ThreadLocal() : value_() {}
+  explicit ThreadLocal(const T& value) : value_(value) {}
+  T* pointer() { return &value_; }
+  const T* pointer() const { return &value_; }
+  const T& get() const { return value_; }
+  void set(const T& value) { value_ = value; }
+ private:
+  T value_;
+};
+
+#endif  // GTEST_IS_THREADSAFE
+
+// Returns the number of threads running in the process, or 0 to indicate that
+// we cannot detect it.
+GTEST_API_ size_t GetThreadCount();
+
+// Passing non-POD classes through ellipsis (...) crashes the ARM
+// compiler and generates a warning in Sun Studio.  The Nokia Symbian
+// and the IBM XL C/C++ compiler try to instantiate a copy constructor
+// for objects passed through ellipsis (...), failing for uncopyable
+// objects.  We define this to ensure that only POD is passed through
+// ellipsis on these systems.
+#if defined(__SYMBIAN32__) || defined(__IBMCPP__) || defined(__SUNPRO_CC)
+// We lose support for NULL detection where the compiler doesn't like
+// passing non-POD classes through ellipsis (...).
+# define GTEST_ELLIPSIS_NEEDS_POD_ 1
+#else
+# define GTEST_CAN_COMPARE_NULL 1
+#endif
+
+// The Nokia Symbian and IBM XL C/C++ compilers cannot decide between
+// const T& and const T* in a function template.  These compilers
+// _can_ decide between class template specializations for T and T*,
+// so a tr1::type_traits-like is_pointer works.
+#if defined(__SYMBIAN32__) || defined(__IBMCPP__)
+# define GTEST_NEEDS_IS_POINTER_ 1
+#endif
+
+template <bool bool_value>
+struct bool_constant {
+  typedef bool_constant<bool_value> type;
+  static const bool value = bool_value;
+};
+template <bool bool_value> const bool bool_constant<bool_value>::value;
+
+typedef bool_constant<false> false_type;
+typedef bool_constant<true> true_type;
+
+template <typename T>
+struct is_pointer : public false_type {};
+
+template <typename T>
+struct is_pointer<T*> : public true_type {};
+
+template <typename Iterator>
+struct IteratorTraits {
+  typedef typename Iterator::value_type value_type;
+};
+
+template <typename T>
+struct IteratorTraits<T*> {
+  typedef T value_type;
+};
+
+template <typename T>
+struct IteratorTraits<const T*> {
+  typedef T value_type;
+};
+
+#if GTEST_OS_WINDOWS
+# define GTEST_PATH_SEP_ "\\"
+# define GTEST_HAS_ALT_PATH_SEP_ 1
+// The biggest signed integer type the compiler supports.
+typedef __int64 BiggestInt;
+#else
+# define GTEST_PATH_SEP_ "/"
+# define GTEST_HAS_ALT_PATH_SEP_ 0
+typedef long long BiggestInt;  // NOLINT
+#endif  // GTEST_OS_WINDOWS
+
+// Utilities for char.
+
+// isspace(int ch) and friends accept an unsigned char or EOF.  char
+// may be signed, depending on the compiler (or compiler flags).
+// Therefore we need to cast a char to unsigned char before calling
+// isspace(), etc.
+
+inline bool IsAlpha(char ch) {
+  return isalpha(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsAlNum(char ch) {
+  return isalnum(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsDigit(char ch) {
+  return isdigit(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsLower(char ch) {
+  return islower(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsSpace(char ch) {
+  return isspace(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsUpper(char ch) {
+  return isupper(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsXDigit(char ch) {
+  return isxdigit(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsXDigit(wchar_t ch) {
+  const unsigned char low_byte = static_cast<unsigned char>(ch);
+  return ch == low_byte && isxdigit(low_byte) != 0;
+}
+
+inline char ToLower(char ch) {
+  return static_cast<char>(tolower(static_cast<unsigned char>(ch)));
+}
+inline char ToUpper(char ch) {
+  return static_cast<char>(toupper(static_cast<unsigned char>(ch)));
+}
+
+// The testing::internal::posix namespace holds wrappers for common
+// POSIX functions.  These wrappers hide the differences between
+// Windows/MSVC and POSIX systems.  Since some compilers define these
+// standard functions as macros, the wrapper cannot have the same name
+// as the wrapped function.
+
+namespace posix {
+
+// Functions with a different name on Windows.
+
+#if GTEST_OS_WINDOWS
+
+typedef struct _stat StatStruct;
+
+# ifdef __BORLANDC__
+inline int IsATTY(int fd) { return isatty(fd); }
+inline int StrCaseCmp(const char* s1, const char* s2) {
+  return stricmp(s1, s2);
+}
+inline char* StrDup(const char* src) { return strdup(src); }
+# else  // !__BORLANDC__
+#  if GTEST_OS_WINDOWS_MOBILE
+inline int IsATTY(int /* fd */) { return 0; }
+#  else
+inline int IsATTY(int fd) { return _isatty(fd); }
+#  endif  // GTEST_OS_WINDOWS_MOBILE
+inline int StrCaseCmp(const char* s1, const char* s2) {
+  return _stricmp(s1, s2);
+}
+inline char* StrDup(const char* src) { return _strdup(src); }
+# endif  // __BORLANDC__
+
+# if GTEST_OS_WINDOWS_MOBILE
+inline int FileNo(FILE* file) { return reinterpret_cast<int>(_fileno(file)); }
+// Stat(), RmDir(), and IsDir() are not needed on Windows CE at this
+// time and thus not defined there.
+# else
+inline int FileNo(FILE* file) { return _fileno(file); }
+inline int Stat(const char* path, StatStruct* buf) { return _stat(path, buf); }
+inline int RmDir(const char* dir) { return _rmdir(dir); }
+inline bool IsDir(const StatStruct& st) {
+  return (_S_IFDIR & st.st_mode) != 0;
+}
+# endif  // GTEST_OS_WINDOWS_MOBILE
+
+#else
+
+typedef struct stat StatStruct;
+
+inline int FileNo(FILE* file) { return fileno(file); }
+inline int IsATTY(int fd) { return isatty(fd); }
+inline int Stat(const char* path, StatStruct* buf) { return stat(path, buf); }
+inline int StrCaseCmp(const char* s1, const char* s2) {
+  return strcasecmp(s1, s2);
+}
+inline char* StrDup(const char* src) { return strdup(src); }
+inline int RmDir(const char* dir) { return rmdir(dir); }
+inline bool IsDir(const StatStruct& st) { return S_ISDIR(st.st_mode); }
+
+#endif  // GTEST_OS_WINDOWS
+
+// Functions deprecated by MSVC 8.0.
+
+GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* deprecated function */)
+
+inline const char* StrNCpy(char* dest, const char* src, size_t n) {
+  return strncpy(dest, src, n);
+}
+
+// ChDir(), FReopen(), FDOpen(), Read(), Write(), Close(), and
+// StrError() aren't needed on Windows CE at this time and thus not
+// defined there.
+
+#if !GTEST_OS_WINDOWS_MOBILE && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+inline int ChDir(const char* dir) { return chdir(dir); }
+#endif
+inline FILE* FOpen(const char* path, const char* mode) {
+  return fopen(path, mode);
+}
+#if !GTEST_OS_WINDOWS_MOBILE
+inline FILE *FReopen(const char* path, const char* mode, FILE* stream) {
+  return freopen(path, mode, stream);
+}
+inline FILE* FDOpen(int fd, const char* mode) { return fdopen(fd, mode); }
+#endif
+inline int FClose(FILE* fp) { return fclose(fp); }
+#if !GTEST_OS_WINDOWS_MOBILE
+inline int Read(int fd, void* buf, unsigned int count) {
+  return static_cast<int>(read(fd, buf, count));
+}
+inline int Write(int fd, const void* buf, unsigned int count) {
+  return static_cast<int>(write(fd, buf, count));
+}
+inline int Close(int fd) { return close(fd); }
+inline const char* StrError(int errnum) { return strerror(errnum); }
+#endif
+inline const char* GetEnv(const char* name) {
+#if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_WINDOWS_PHONE | GTEST_OS_WINDOWS_RT
+  // We are on Windows CE, which has no environment variables.
+  return NULL;
+#elif defined(__BORLANDC__) || defined(__SunOS_5_8) || defined(__SunOS_5_9)
+  // Environment variables which we programmatically clear will be set to the
+  // empty string rather than unset (NULL).  Handle that case.
+  const char* const env = getenv(name);
+  return (env != NULL && env[0] != '\0') ? env : NULL;
+#else
+  return getenv(name);
+#endif
+}
+
+GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+#if GTEST_OS_WINDOWS_MOBILE
+// Windows CE has no C library. The abort() function is used in
+// several places in Google Test. This implementation provides a reasonable
+// imitation of standard behaviour.
+void Abort();
+#else
+inline void Abort() { abort(); }
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+}  // namespace posix
+
+// MSVC "deprecates" snprintf and issues warnings wherever it is used.  In
+// order to avoid these warnings, we need to use _snprintf or _snprintf_s on
+// MSVC-based platforms.  We map the GTEST_SNPRINTF_ macro to the appropriate
+// function in order to achieve that.  We use macro definition here because
+// snprintf is a variadic function.
+#if _MSC_VER >= 1400 && !GTEST_OS_WINDOWS_MOBILE
+// MSVC 2005 and above support variadic macros.
+# define GTEST_SNPRINTF_(buffer, size, format, ...) \
+     _snprintf_s(buffer, size, size, format, __VA_ARGS__)
+#elif defined(_MSC_VER)
+// Windows CE does not define _snprintf_s and MSVC prior to 2005 doesn't
+// complain about _snprintf.
+# define GTEST_SNPRINTF_ _snprintf
+#else
+# define GTEST_SNPRINTF_ snprintf
+#endif
+
+// The maximum number a BiggestInt can represent.  This definition
+// works no matter BiggestInt is represented in one's complement or
+// two's complement.
+//
+// We cannot rely on numeric_limits in STL, as __int64 and long long
+// are not part of standard C++ and numeric_limits doesn't need to be
+// defined for them.
+const BiggestInt kMaxBiggestInt =
+    ~(static_cast<BiggestInt>(1) << (8*sizeof(BiggestInt) - 1));
+
+// This template class serves as a compile-time function from size to
+// type.  It maps a size in bytes to a primitive type with that
+// size. e.g.
+//
+//   TypeWithSize<4>::UInt
+//
+// is typedef-ed to be unsigned int (unsigned integer made up of 4
+// bytes).
+//
+// Such functionality should belong to STL, but I cannot find it
+// there.
+//
+// Google Test uses this class in the implementation of floating-point
+// comparison.
+//
+// For now it only handles UInt (unsigned int) as that's all Google Test
+// needs.  Other types can be easily added in the future if need
+// arises.
+template <size_t size>
+class TypeWithSize {
+ public:
+  // This prevents the user from using TypeWithSize<N> with incorrect
+  // values of N.
+  typedef void UInt;
+};
+
+// The specialization for size 4.
+template <>
+class TypeWithSize<4> {
+ public:
+  // unsigned int has size 4 in both gcc and MSVC.
+  //
+  // As base/basictypes.h doesn't compile on Windows, we cannot use
+  // uint32, uint64, and etc here.
+  typedef int Int;
+  typedef unsigned int UInt;
+};
+
+// The specialization for size 8.
+template <>
+class TypeWithSize<8> {
+ public:
+#if GTEST_OS_WINDOWS
+  typedef __int64 Int;
+  typedef unsigned __int64 UInt;
+#else
+  typedef long long Int;  // NOLINT
+  typedef unsigned long long UInt;  // NOLINT
+#endif  // GTEST_OS_WINDOWS
+};
+
+// Integer types of known sizes.
+typedef TypeWithSize<4>::Int Int32;
+typedef TypeWithSize<4>::UInt UInt32;
+typedef TypeWithSize<8>::Int Int64;
+typedef TypeWithSize<8>::UInt UInt64;
+typedef TypeWithSize<8>::Int TimeInMillis;  // Represents time in milliseconds.
+
+// Utilities for command line flags and environment variables.
+
+// Macro for referencing flags.
+#define GTEST_FLAG(name) FLAGS_gtest_##name
+
+// Macros for declaring flags.
+#define GTEST_DECLARE_bool_(name) GTEST_API_ extern bool GTEST_FLAG(name)
+#define GTEST_DECLARE_int32_(name) \
+    GTEST_API_ extern ::testing::internal::Int32 GTEST_FLAG(name)
+#define GTEST_DECLARE_string_(name) \
+    GTEST_API_ extern ::std::string GTEST_FLAG(name)
+
+// Macros for defining flags.
+#define GTEST_DEFINE_bool_(name, default_val, doc) \
+    GTEST_API_ bool GTEST_FLAG(name) = (default_val)
+#define GTEST_DEFINE_int32_(name, default_val, doc) \
+    GTEST_API_ ::testing::internal::Int32 GTEST_FLAG(name) = (default_val)
+#define GTEST_DEFINE_string_(name, default_val, doc) \
+    GTEST_API_ ::std::string GTEST_FLAG(name) = (default_val)
+
+// Thread annotations
+#define GTEST_EXCLUSIVE_LOCK_REQUIRED_(locks)
+#define GTEST_LOCK_EXCLUDED_(locks)
+
+// Parses 'str' for a 32-bit signed integer.  If successful, writes the result
+// to *value and returns true; otherwise leaves *value unchanged and returns
+// false.
+// TODO(chandlerc): Find a better way to refactor flag and environment parsing
+// out of both gtest-port.cc and gtest.cc to avoid exporting this utility
+// function.
+bool ParseInt32(const Message& src_text, const char* str, Int32* value);
+
+// Parses a bool/Int32/string from the environment variable
+// corresponding to the given Google Test flag.
+bool BoolFromGTestEnv(const char* flag, bool default_val);
+GTEST_API_ Int32 Int32FromGTestEnv(const char* flag, Int32 default_val);
+const char* StringFromGTestEnv(const char* flag, const char* default_val);
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PORT_H_
+
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-string.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-string.h
new file mode 100644
index 0000000..97f1a7f
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-string.h
@@ -0,0 +1,167 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan), eefacm@gmail.com (Sean Mcafee)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file declares the String class and functions used internally by
+// Google Test.  They are subject to change without notice. They should not used
+// by code external to Google Test.
+//
+// This header file is #included by <gtest/internal/gtest-internal.h>.
+// It should not be #included by other files.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_STRING_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_STRING_H_
+
+#ifdef __BORLANDC__
+// string.h is not guaranteed to provide strcpy on C++ Builder.
+# include <mem.h>
+#endif
+
+#include <string.h>
+#include <string>
+
+#include "gtest/internal/gtest-port.h"
+
+namespace testing {
+namespace internal {
+
+// String - an abstract class holding static string utilities.
+class GTEST_API_ String {
+ public:
+  // Static utility methods
+
+  // Clones a 0-terminated C string, allocating memory using new.  The
+  // caller is responsible for deleting the return value using
+  // delete[].  Returns the cloned string, or NULL if the input is
+  // NULL.
+  //
+  // This is different from strdup() in string.h, which allocates
+  // memory using malloc().
+  static const char* CloneCString(const char* c_str);
+
+#if GTEST_OS_WINDOWS_MOBILE
+  // Windows CE does not have the 'ANSI' versions of Win32 APIs. To be
+  // able to pass strings to Win32 APIs on CE we need to convert them
+  // to 'Unicode', UTF-16.
+
+  // Creates a UTF-16 wide string from the given ANSI string, allocating
+  // memory using new. The caller is responsible for deleting the return
+  // value using delete[]. Returns the wide string, or NULL if the
+  // input is NULL.
+  //
+  // The wide string is created using the ANSI codepage (CP_ACP) to
+  // match the behaviour of the ANSI versions of Win32 calls and the
+  // C runtime.
+  static LPCWSTR AnsiToUtf16(const char* c_str);
+
+  // Creates an ANSI string from the given wide string, allocating
+  // memory using new. The caller is responsible for deleting the return
+  // value using delete[]. Returns the ANSI string, or NULL if the
+  // input is NULL.
+  //
+  // The returned string is created using the ANSI codepage (CP_ACP) to
+  // match the behaviour of the ANSI versions of Win32 calls and the
+  // C runtime.
+  static const char* Utf16ToAnsi(LPCWSTR utf16_str);
+#endif
+
+  // Compares two C strings.  Returns true iff they have the same content.
+  //
+  // Unlike strcmp(), this function can handle NULL argument(s).  A
+  // NULL C string is considered different to any non-NULL C string,
+  // including the empty string.
+  static bool CStringEquals(const char* lhs, const char* rhs);
+
+  // Converts a wide C string to a String using the UTF-8 encoding.
+  // NULL will be converted to "(null)".  If an error occurred during
+  // the conversion, "(failed to convert from wide string)" is
+  // returned.
+  static std::string ShowWideCString(const wchar_t* wide_c_str);
+
+  // Compares two wide C strings.  Returns true iff they have the same
+  // content.
+  //
+  // Unlike wcscmp(), this function can handle NULL argument(s).  A
+  // NULL C string is considered different to any non-NULL C string,
+  // including the empty string.
+  static bool WideCStringEquals(const wchar_t* lhs, const wchar_t* rhs);
+
+  // Compares two C strings, ignoring case.  Returns true iff they
+  // have the same content.
+  //
+  // Unlike strcasecmp(), this function can handle NULL argument(s).
+  // A NULL C string is considered different to any non-NULL C string,
+  // including the empty string.
+  static bool CaseInsensitiveCStringEquals(const char* lhs,
+                                           const char* rhs);
+
+  // Compares two wide C strings, ignoring case.  Returns true iff they
+  // have the same content.
+  //
+  // Unlike wcscasecmp(), this function can handle NULL argument(s).
+  // A NULL C string is considered different to any non-NULL wide C string,
+  // including the empty string.
+  // NB: The implementations on different platforms slightly differ.
+  // On windows, this method uses _wcsicmp which compares according to LC_CTYPE
+  // environment variable. On GNU platform this method uses wcscasecmp
+  // which compares according to LC_CTYPE category of the current locale.
+  // On MacOS X, it uses towlower, which also uses LC_CTYPE category of the
+  // current locale.
+  static bool CaseInsensitiveWideCStringEquals(const wchar_t* lhs,
+                                               const wchar_t* rhs);
+
+  // Returns true iff the given string ends with the given suffix, ignoring
+  // case. Any string is considered to end with an empty suffix.
+  static bool EndsWithCaseInsensitive(
+      const std::string& str, const std::string& suffix);
+
+  // Formats an int value as "%02d".
+  static std::string FormatIntWidth2(int value);  // "%02d" for width == 2
+
+  // Formats an int value as "%X".
+  static std::string FormatHexInt(int value);
+
+  // Formats a byte as "%02X".
+  static std::string FormatByte(unsigned char value);
+
+ private:
+  String();  // Not meant to be instantiated.
+};  // class String
+
+// Gets the content of the stringstream's buffer as an std::string.  Each '\0'
+// character in the buffer is replaced with "\\0".
+GTEST_API_ std::string StringStreamToString(::std::stringstream* stream);
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_STRING_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h
new file mode 100644
index 0000000..e9b4053
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h
@@ -0,0 +1,1020 @@
+// This file was GENERATED by command:
+//     pump.py gtest-tuple.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2009 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Implements a subset of TR1 tuple needed by Google Test and Google Mock.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+
+#include <utility>  // For ::std::pair.
+
+// The compiler used in Symbian has a bug that prevents us from declaring the
+// tuple template as a friend (it complains that tuple is redefined).  This
+// hack bypasses the bug by declaring the members that should otherwise be
+// private as public.
+// Sun Studio versions < 12 also have the above bug.
+#if defined(__SYMBIAN32__) || (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590)
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ public:
+#else
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ \
+    template <GTEST_10_TYPENAMES_(U)> friend class tuple; \
+   private:
+#endif
+
+// Visual Studio 2010, 2012, and 2013 define symbols in std::tr1 that conflict
+// with our own definitions. Therefore using our own tuple does not work on
+// those compilers.
+#if defined(_MSC_VER) && _MSC_VER >= 1600  /* 1600 is Visual Studio 2010 */
+# error "gtest's tuple doesn't compile on Visual Studio 2010 or later. \
+GTEST_USE_OWN_TR1_TUPLE must be set to 0 on those compilers."
+#endif
+
+// GTEST_n_TUPLE_(T) is the type of an n-tuple.
+#define GTEST_0_TUPLE_(T) tuple<>
+#define GTEST_1_TUPLE_(T) tuple<T##0, void, void, void, void, void, void, \
+    void, void, void>
+#define GTEST_2_TUPLE_(T) tuple<T##0, T##1, void, void, void, void, void, \
+    void, void, void>
+#define GTEST_3_TUPLE_(T) tuple<T##0, T##1, T##2, void, void, void, void, \
+    void, void, void>
+#define GTEST_4_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, void, void, void, \
+    void, void, void>
+#define GTEST_5_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, void, void, \
+    void, void, void>
+#define GTEST_6_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, void, \
+    void, void, void>
+#define GTEST_7_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    void, void, void>
+#define GTEST_8_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    T##7, void, void>
+#define GTEST_9_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    T##7, T##8, void>
+#define GTEST_10_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    T##7, T##8, T##9>
+
+// GTEST_n_TYPENAMES_(T) declares a list of n typenames.
+#define GTEST_0_TYPENAMES_(T)
+#define GTEST_1_TYPENAMES_(T) typename T##0
+#define GTEST_2_TYPENAMES_(T) typename T##0, typename T##1
+#define GTEST_3_TYPENAMES_(T) typename T##0, typename T##1, typename T##2
+#define GTEST_4_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3
+#define GTEST_5_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4
+#define GTEST_6_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5
+#define GTEST_7_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6
+#define GTEST_8_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6, typename T##7
+#define GTEST_9_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6, \
+    typename T##7, typename T##8
+#define GTEST_10_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6, \
+    typename T##7, typename T##8, typename T##9
+
+// In theory, defining stuff in the ::std namespace is undefined
+// behavior.  We can do this as we are playing the role of a standard
+// library vendor.
+namespace std {
+namespace tr1 {
+
+template <typename T0 = void, typename T1 = void, typename T2 = void,
+    typename T3 = void, typename T4 = void, typename T5 = void,
+    typename T6 = void, typename T7 = void, typename T8 = void,
+    typename T9 = void>
+class tuple;
+
+// Anything in namespace gtest_internal is Google Test's INTERNAL
+// IMPLEMENTATION DETAIL and MUST NOT BE USED DIRECTLY in user code.
+namespace gtest_internal {
+
+// ByRef<T>::type is T if T is a reference; otherwise it's const T&.
+template <typename T>
+struct ByRef { typedef const T& type; };  // NOLINT
+template <typename T>
+struct ByRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for ByRef.
+#define GTEST_BY_REF_(T) typename ::std::tr1::gtest_internal::ByRef<T>::type
+
+// AddRef<T>::type is T if T is a reference; otherwise it's T&.  This
+// is the same as tr1::add_reference<T>::type.
+template <typename T>
+struct AddRef { typedef T& type; };  // NOLINT
+template <typename T>
+struct AddRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for AddRef.
+#define GTEST_ADD_REF_(T) typename ::std::tr1::gtest_internal::AddRef<T>::type
+
+// A helper for implementing get<k>().
+template <int k> class Get;
+
+// A helper for implementing tuple_element<k, T>.  kIndexValid is true
+// iff k < the number of fields in tuple type T.
+template <bool kIndexValid, int kIndex, class Tuple>
+struct TupleElement;
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 0, GTEST_10_TUPLE_(T) > {
+  typedef T0 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 1, GTEST_10_TUPLE_(T) > {
+  typedef T1 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 2, GTEST_10_TUPLE_(T) > {
+  typedef T2 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 3, GTEST_10_TUPLE_(T) > {
+  typedef T3 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 4, GTEST_10_TUPLE_(T) > {
+  typedef T4 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 5, GTEST_10_TUPLE_(T) > {
+  typedef T5 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 6, GTEST_10_TUPLE_(T) > {
+  typedef T6 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 7, GTEST_10_TUPLE_(T) > {
+  typedef T7 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 8, GTEST_10_TUPLE_(T) > {
+  typedef T8 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 9, GTEST_10_TUPLE_(T) > {
+  typedef T9 type;
+};
+
+}  // namespace gtest_internal
+
+template <>
+class tuple<> {
+ public:
+  tuple() {}
+  tuple(const tuple& /* t */)  {}
+  tuple& operator=(const tuple& /* t */) { return *this; }
+};
+
+template <GTEST_1_TYPENAMES_(T)>
+class GTEST_1_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0) : f0_(f0) {}
+
+  tuple(const tuple& t) : f0_(t.f0_) {}
+
+  template <GTEST_1_TYPENAMES_(U)>
+  tuple(const GTEST_1_TUPLE_(U)& t) : f0_(t.f0_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_1_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_1_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_1_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_1_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    return *this;
+  }
+
+  T0 f0_;
+};
+
+template <GTEST_2_TYPENAMES_(T)>
+class GTEST_2_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1) : f0_(f0),
+      f1_(f1) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_) {}
+
+  template <GTEST_2_TYPENAMES_(U)>
+  tuple(const GTEST_2_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_) {}
+  template <typename U0, typename U1>
+  tuple(const ::std::pair<U0, U1>& p) : f0_(p.first), f1_(p.second) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_2_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_2_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+  template <typename U0, typename U1>
+  tuple& operator=(const ::std::pair<U0, U1>& p) {
+    f0_ = p.first;
+    f1_ = p.second;
+    return *this;
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_2_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_2_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+};
+
+template <GTEST_3_TYPENAMES_(T)>
+class GTEST_3_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2) : f0_(f0), f1_(f1), f2_(f2) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_) {}
+
+  template <GTEST_3_TYPENAMES_(U)>
+  tuple(const GTEST_3_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_3_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_3_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_3_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_3_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+};
+
+template <GTEST_4_TYPENAMES_(T)>
+class GTEST_4_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3) : f0_(f0), f1_(f1), f2_(f2),
+      f3_(f3) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_) {}
+
+  template <GTEST_4_TYPENAMES_(U)>
+  tuple(const GTEST_4_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_4_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_4_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_4_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_4_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+};
+
+template <GTEST_5_TYPENAMES_(T)>
+class GTEST_5_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3,
+      GTEST_BY_REF_(T4) f4) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_) {}
+
+  template <GTEST_5_TYPENAMES_(U)>
+  tuple(const GTEST_5_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_5_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_5_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_5_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_5_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+};
+
+template <GTEST_6_TYPENAMES_(T)>
+class GTEST_6_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4),
+      f5_(f5) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_) {}
+
+  template <GTEST_6_TYPENAMES_(U)>
+  tuple(const GTEST_6_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_6_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_6_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_6_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_6_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+};
+
+template <GTEST_7_TYPENAMES_(T)>
+class GTEST_7_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6) : f0_(f0), f1_(f1), f2_(f2),
+      f3_(f3), f4_(f4), f5_(f5), f6_(f6) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_) {}
+
+  template <GTEST_7_TYPENAMES_(U)>
+  tuple(const GTEST_7_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_7_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_7_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_7_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_7_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+};
+
+template <GTEST_8_TYPENAMES_(T)>
+class GTEST_8_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_(), f7_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6,
+      GTEST_BY_REF_(T7) f7) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4),
+      f5_(f5), f6_(f6), f7_(f7) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_) {}
+
+  template <GTEST_8_TYPENAMES_(U)>
+  tuple(const GTEST_8_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_8_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_8_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_8_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_8_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    f7_ = t.f7_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+  T7 f7_;
+};
+
+template <GTEST_9_TYPENAMES_(T)>
+class GTEST_9_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_(), f7_(), f8_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6, GTEST_BY_REF_(T7) f7,
+      GTEST_BY_REF_(T8) f8) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4),
+      f5_(f5), f6_(f6), f7_(f7), f8_(f8) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_) {}
+
+  template <GTEST_9_TYPENAMES_(U)>
+  tuple(const GTEST_9_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_9_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_9_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_9_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_9_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    f7_ = t.f7_;
+    f8_ = t.f8_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+  T7 f7_;
+  T8 f8_;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+class tuple {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_(), f7_(), f8_(),
+      f9_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6, GTEST_BY_REF_(T7) f7,
+      GTEST_BY_REF_(T8) f8, GTEST_BY_REF_(T9) f9) : f0_(f0), f1_(f1), f2_(f2),
+      f3_(f3), f4_(f4), f5_(f5), f6_(f6), f7_(f7), f8_(f8), f9_(f9) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_), f9_(t.f9_) {}
+
+  template <GTEST_10_TYPENAMES_(U)>
+  tuple(const GTEST_10_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_),
+      f9_(t.f9_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_10_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_10_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_10_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_10_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    f7_ = t.f7_;
+    f8_ = t.f8_;
+    f9_ = t.f9_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+  T7 f7_;
+  T8 f8_;
+  T9 f9_;
+};
+
+// 6.1.3.2 Tuple creation functions.
+
+// Known limitations: we don't support passing an
+// std::tr1::reference_wrapper<T> to make_tuple().  And we don't
+// implement tie().
+
+inline tuple<> make_tuple() { return tuple<>(); }
+
+template <GTEST_1_TYPENAMES_(T)>
+inline GTEST_1_TUPLE_(T) make_tuple(const T0& f0) {
+  return GTEST_1_TUPLE_(T)(f0);
+}
+
+template <GTEST_2_TYPENAMES_(T)>
+inline GTEST_2_TUPLE_(T) make_tuple(const T0& f0, const T1& f1) {
+  return GTEST_2_TUPLE_(T)(f0, f1);
+}
+
+template <GTEST_3_TYPENAMES_(T)>
+inline GTEST_3_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2) {
+  return GTEST_3_TUPLE_(T)(f0, f1, f2);
+}
+
+template <GTEST_4_TYPENAMES_(T)>
+inline GTEST_4_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3) {
+  return GTEST_4_TUPLE_(T)(f0, f1, f2, f3);
+}
+
+template <GTEST_5_TYPENAMES_(T)>
+inline GTEST_5_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4) {
+  return GTEST_5_TUPLE_(T)(f0, f1, f2, f3, f4);
+}
+
+template <GTEST_6_TYPENAMES_(T)>
+inline GTEST_6_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5) {
+  return GTEST_6_TUPLE_(T)(f0, f1, f2, f3, f4, f5);
+}
+
+template <GTEST_7_TYPENAMES_(T)>
+inline GTEST_7_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6) {
+  return GTEST_7_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6);
+}
+
+template <GTEST_8_TYPENAMES_(T)>
+inline GTEST_8_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6, const T7& f7) {
+  return GTEST_8_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6, f7);
+}
+
+template <GTEST_9_TYPENAMES_(T)>
+inline GTEST_9_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6, const T7& f7,
+    const T8& f8) {
+  return GTEST_9_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6, f7, f8);
+}
+
+template <GTEST_10_TYPENAMES_(T)>
+inline GTEST_10_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6, const T7& f7,
+    const T8& f8, const T9& f9) {
+  return GTEST_10_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6, f7, f8, f9);
+}
+
+// 6.1.3.3 Tuple helper classes.
+
+template <typename Tuple> struct tuple_size;
+
+template <GTEST_0_TYPENAMES_(T)>
+struct tuple_size<GTEST_0_TUPLE_(T) > {
+  static const int value = 0;
+};
+
+template <GTEST_1_TYPENAMES_(T)>
+struct tuple_size<GTEST_1_TUPLE_(T) > {
+  static const int value = 1;
+};
+
+template <GTEST_2_TYPENAMES_(T)>
+struct tuple_size<GTEST_2_TUPLE_(T) > {
+  static const int value = 2;
+};
+
+template <GTEST_3_TYPENAMES_(T)>
+struct tuple_size<GTEST_3_TUPLE_(T) > {
+  static const int value = 3;
+};
+
+template <GTEST_4_TYPENAMES_(T)>
+struct tuple_size<GTEST_4_TUPLE_(T) > {
+  static const int value = 4;
+};
+
+template <GTEST_5_TYPENAMES_(T)>
+struct tuple_size<GTEST_5_TUPLE_(T) > {
+  static const int value = 5;
+};
+
+template <GTEST_6_TYPENAMES_(T)>
+struct tuple_size<GTEST_6_TUPLE_(T) > {
+  static const int value = 6;
+};
+
+template <GTEST_7_TYPENAMES_(T)>
+struct tuple_size<GTEST_7_TUPLE_(T) > {
+  static const int value = 7;
+};
+
+template <GTEST_8_TYPENAMES_(T)>
+struct tuple_size<GTEST_8_TUPLE_(T) > {
+  static const int value = 8;
+};
+
+template <GTEST_9_TYPENAMES_(T)>
+struct tuple_size<GTEST_9_TUPLE_(T) > {
+  static const int value = 9;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct tuple_size<GTEST_10_TUPLE_(T) > {
+  static const int value = 10;
+};
+
+template <int k, class Tuple>
+struct tuple_element {
+  typedef typename gtest_internal::TupleElement<
+      k < (tuple_size<Tuple>::value), k, Tuple>::type type;
+};
+
+#define GTEST_TUPLE_ELEMENT_(k, Tuple) typename tuple_element<k, Tuple >::type
+
+// 6.1.3.4 Element access.
+
+namespace gtest_internal {
+
+template <>
+class Get<0> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(0, Tuple))
+  Field(Tuple& t) { return t.f0_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(0, Tuple))
+  ConstField(const Tuple& t) { return t.f0_; }
+};
+
+template <>
+class Get<1> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(1, Tuple))
+  Field(Tuple& t) { return t.f1_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(1, Tuple))
+  ConstField(const Tuple& t) { return t.f1_; }
+};
+
+template <>
+class Get<2> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(2, Tuple))
+  Field(Tuple& t) { return t.f2_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(2, Tuple))
+  ConstField(const Tuple& t) { return t.f2_; }
+};
+
+template <>
+class Get<3> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(3, Tuple))
+  Field(Tuple& t) { return t.f3_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(3, Tuple))
+  ConstField(const Tuple& t) { return t.f3_; }
+};
+
+template <>
+class Get<4> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(4, Tuple))
+  Field(Tuple& t) { return t.f4_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(4, Tuple))
+  ConstField(const Tuple& t) { return t.f4_; }
+};
+
+template <>
+class Get<5> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(5, Tuple))
+  Field(Tuple& t) { return t.f5_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(5, Tuple))
+  ConstField(const Tuple& t) { return t.f5_; }
+};
+
+template <>
+class Get<6> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(6, Tuple))
+  Field(Tuple& t) { return t.f6_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(6, Tuple))
+  ConstField(const Tuple& t) { return t.f6_; }
+};
+
+template <>
+class Get<7> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(7, Tuple))
+  Field(Tuple& t) { return t.f7_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(7, Tuple))
+  ConstField(const Tuple& t) { return t.f7_; }
+};
+
+template <>
+class Get<8> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(8, Tuple))
+  Field(Tuple& t) { return t.f8_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(8, Tuple))
+  ConstField(const Tuple& t) { return t.f8_; }
+};
+
+template <>
+class Get<9> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(9, Tuple))
+  Field(Tuple& t) { return t.f9_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(9, Tuple))
+  ConstField(const Tuple& t) { return t.f9_; }
+};
+
+}  // namespace gtest_internal
+
+template <int k, GTEST_10_TYPENAMES_(T)>
+GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(k, GTEST_10_TUPLE_(T)))
+get(GTEST_10_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::Field(t);
+}
+
+template <int k, GTEST_10_TYPENAMES_(T)>
+GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(k,  GTEST_10_TUPLE_(T)))
+get(const GTEST_10_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::ConstField(t);
+}
+
+// 6.1.3.5 Relational operators
+
+// We only implement == and !=, as we don't have a need for the rest yet.
+
+namespace gtest_internal {
+
+// SameSizeTuplePrefixComparator<k, k>::Eq(t1, t2) returns true if the
+// first k fields of t1 equals the first k fields of t2.
+// SameSizeTuplePrefixComparator(k1, k2) would be a compiler error if
+// k1 != k2.
+template <int kSize1, int kSize2>
+struct SameSizeTuplePrefixComparator;
+
+template <>
+struct SameSizeTuplePrefixComparator<0, 0> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& /* t1 */, const Tuple2& /* t2 */) {
+    return true;
+  }
+};
+
+template <int k>
+struct SameSizeTuplePrefixComparator<k, k> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& t1, const Tuple2& t2) {
+    return SameSizeTuplePrefixComparator<k - 1, k - 1>::Eq(t1, t2) &&
+        ::std::tr1::get<k - 1>(t1) == ::std::tr1::get<k - 1>(t2);
+  }
+};
+
+}  // namespace gtest_internal
+
+template <GTEST_10_TYPENAMES_(T), GTEST_10_TYPENAMES_(U)>
+inline bool operator==(const GTEST_10_TUPLE_(T)& t,
+                       const GTEST_10_TUPLE_(U)& u) {
+  return gtest_internal::SameSizeTuplePrefixComparator<
+      tuple_size<GTEST_10_TUPLE_(T) >::value,
+      tuple_size<GTEST_10_TUPLE_(U) >::value>::Eq(t, u);
+}
+
+template <GTEST_10_TYPENAMES_(T), GTEST_10_TYPENAMES_(U)>
+inline bool operator!=(const GTEST_10_TUPLE_(T)& t,
+                       const GTEST_10_TUPLE_(U)& u) { return !(t == u); }
+
+// 6.1.4 Pairs.
+// Unimplemented.
+
+}  // namespace tr1
+}  // namespace std
+
+#undef GTEST_0_TUPLE_
+#undef GTEST_1_TUPLE_
+#undef GTEST_2_TUPLE_
+#undef GTEST_3_TUPLE_
+#undef GTEST_4_TUPLE_
+#undef GTEST_5_TUPLE_
+#undef GTEST_6_TUPLE_
+#undef GTEST_7_TUPLE_
+#undef GTEST_8_TUPLE_
+#undef GTEST_9_TUPLE_
+#undef GTEST_10_TUPLE_
+
+#undef GTEST_0_TYPENAMES_
+#undef GTEST_1_TYPENAMES_
+#undef GTEST_2_TYPENAMES_
+#undef GTEST_3_TYPENAMES_
+#undef GTEST_4_TYPENAMES_
+#undef GTEST_5_TYPENAMES_
+#undef GTEST_6_TYPENAMES_
+#undef GTEST_7_TYPENAMES_
+#undef GTEST_8_TYPENAMES_
+#undef GTEST_9_TYPENAMES_
+#undef GTEST_10_TYPENAMES_
+
+#undef GTEST_DECLARE_TUPLE_AS_FRIEND_
+#undef GTEST_BY_REF_
+#undef GTEST_ADD_REF_
+#undef GTEST_TUPLE_ELEMENT_
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
new file mode 100644
index 0000000..429ddfe
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
@@ -0,0 +1,347 @@
+$$ -*- mode: c++; -*-
+$var n = 10  $$ Maximum number of tuple fields we want to support.
+$$ This meta comment fixes auto-indentation in Emacs. }}
+// Copyright 2009 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Implements a subset of TR1 tuple needed by Google Test and Google Mock.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+
+#include <utility>  // For ::std::pair.
+
+// The compiler used in Symbian has a bug that prevents us from declaring the
+// tuple template as a friend (it complains that tuple is redefined).  This
+// hack bypasses the bug by declaring the members that should otherwise be
+// private as public.
+// Sun Studio versions < 12 also have the above bug.
+#if defined(__SYMBIAN32__) || (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590)
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ public:
+#else
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ \
+    template <GTEST_$(n)_TYPENAMES_(U)> friend class tuple; \
+   private:
+#endif
+
+// Visual Studio 2010, 2012, and 2013 define symbols in std::tr1 that conflict
+// with our own definitions. Therefore using our own tuple does not work on
+// those compilers.
+#if defined(_MSC_VER) && _MSC_VER >= 1600  /* 1600 is Visual Studio 2010 */
+# error "gtest's tuple doesn't compile on Visual Studio 2010 or later. \
+GTEST_USE_OWN_TR1_TUPLE must be set to 0 on those compilers."
+#endif
+
+
+$range i 0..n-1
+$range j 0..n
+$range k 1..n
+// GTEST_n_TUPLE_(T) is the type of an n-tuple.
+#define GTEST_0_TUPLE_(T) tuple<>
+
+$for k [[
+$range m 0..k-1
+$range m2 k..n-1
+#define GTEST_$(k)_TUPLE_(T) tuple<$for m, [[T##$m]]$for m2 [[, void]]>
+
+]]
+
+// GTEST_n_TYPENAMES_(T) declares a list of n typenames.
+
+$for j [[
+$range m 0..j-1
+#define GTEST_$(j)_TYPENAMES_(T) $for m, [[typename T##$m]]
+
+
+]]
+
+// In theory, defining stuff in the ::std namespace is undefined
+// behavior.  We can do this as we are playing the role of a standard
+// library vendor.
+namespace std {
+namespace tr1 {
+
+template <$for i, [[typename T$i = void]]>
+class tuple;
+
+// Anything in namespace gtest_internal is Google Test's INTERNAL
+// IMPLEMENTATION DETAIL and MUST NOT BE USED DIRECTLY in user code.
+namespace gtest_internal {
+
+// ByRef<T>::type is T if T is a reference; otherwise it's const T&.
+template <typename T>
+struct ByRef { typedef const T& type; };  // NOLINT
+template <typename T>
+struct ByRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for ByRef.
+#define GTEST_BY_REF_(T) typename ::std::tr1::gtest_internal::ByRef<T>::type
+
+// AddRef<T>::type is T if T is a reference; otherwise it's T&.  This
+// is the same as tr1::add_reference<T>::type.
+template <typename T>
+struct AddRef { typedef T& type; };  // NOLINT
+template <typename T>
+struct AddRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for AddRef.
+#define GTEST_ADD_REF_(T) typename ::std::tr1::gtest_internal::AddRef<T>::type
+
+// A helper for implementing get<k>().
+template <int k> class Get;
+
+// A helper for implementing tuple_element<k, T>.  kIndexValid is true
+// iff k < the number of fields in tuple type T.
+template <bool kIndexValid, int kIndex, class Tuple>
+struct TupleElement;
+
+
+$for i [[
+template <GTEST_$(n)_TYPENAMES_(T)>
+struct TupleElement<true, $i, GTEST_$(n)_TUPLE_(T) > {
+  typedef T$i type;
+};
+
+
+]]
+}  // namespace gtest_internal
+
+template <>
+class tuple<> {
+ public:
+  tuple() {}
+  tuple(const tuple& /* t */)  {}
+  tuple& operator=(const tuple& /* t */) { return *this; }
+};
+
+
+$for k [[
+$range m 0..k-1
+template <GTEST_$(k)_TYPENAMES_(T)>
+class $if k < n [[GTEST_$(k)_TUPLE_(T)]] $else [[tuple]] {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : $for m, [[f$(m)_()]] {}
+
+  explicit tuple($for m, [[GTEST_BY_REF_(T$m) f$m]]) : [[]]
+$for m, [[f$(m)_(f$m)]] {}
+
+  tuple(const tuple& t) : $for m, [[f$(m)_(t.f$(m)_)]] {}
+
+  template <GTEST_$(k)_TYPENAMES_(U)>
+  tuple(const GTEST_$(k)_TUPLE_(U)& t) : $for m, [[f$(m)_(t.f$(m)_)]] {}
+
+$if k == 2 [[
+  template <typename U0, typename U1>
+  tuple(const ::std::pair<U0, U1>& p) : f0_(p.first), f1_(p.second) {}
+
+]]
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_$(k)_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_$(k)_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+$if k == 2 [[
+  template <typename U0, typename U1>
+  tuple& operator=(const ::std::pair<U0, U1>& p) {
+    f0_ = p.first;
+    f1_ = p.second;
+    return *this;
+  }
+
+]]
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_$(k)_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_$(k)_TUPLE_(U)& t) {
+
+$for m [[
+    f$(m)_ = t.f$(m)_;
+
+]]
+    return *this;
+  }
+
+
+$for m [[
+  T$m f$(m)_;
+
+]]
+};
+
+
+]]
+// 6.1.3.2 Tuple creation functions.
+
+// Known limitations: we don't support passing an
+// std::tr1::reference_wrapper<T> to make_tuple().  And we don't
+// implement tie().
+
+inline tuple<> make_tuple() { return tuple<>(); }
+
+$for k [[
+$range m 0..k-1
+
+template <GTEST_$(k)_TYPENAMES_(T)>
+inline GTEST_$(k)_TUPLE_(T) make_tuple($for m, [[const T$m& f$m]]) {
+  return GTEST_$(k)_TUPLE_(T)($for m, [[f$m]]);
+}
+
+]]
+
+// 6.1.3.3 Tuple helper classes.
+
+template <typename Tuple> struct tuple_size;
+
+
+$for j [[
+template <GTEST_$(j)_TYPENAMES_(T)>
+struct tuple_size<GTEST_$(j)_TUPLE_(T) > {
+  static const int value = $j;
+};
+
+
+]]
+template <int k, class Tuple>
+struct tuple_element {
+  typedef typename gtest_internal::TupleElement<
+      k < (tuple_size<Tuple>::value), k, Tuple>::type type;
+};
+
+#define GTEST_TUPLE_ELEMENT_(k, Tuple) typename tuple_element<k, Tuple >::type
+
+// 6.1.3.4 Element access.
+
+namespace gtest_internal {
+
+
+$for i [[
+template <>
+class Get<$i> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_($i, Tuple))
+  Field(Tuple& t) { return t.f$(i)_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_($i, Tuple))
+  ConstField(const Tuple& t) { return t.f$(i)_; }
+};
+
+
+]]
+}  // namespace gtest_internal
+
+template <int k, GTEST_$(n)_TYPENAMES_(T)>
+GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(k, GTEST_$(n)_TUPLE_(T)))
+get(GTEST_$(n)_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::Field(t);
+}
+
+template <int k, GTEST_$(n)_TYPENAMES_(T)>
+GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(k,  GTEST_$(n)_TUPLE_(T)))
+get(const GTEST_$(n)_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::ConstField(t);
+}
+
+// 6.1.3.5 Relational operators
+
+// We only implement == and !=, as we don't have a need for the rest yet.
+
+namespace gtest_internal {
+
+// SameSizeTuplePrefixComparator<k, k>::Eq(t1, t2) returns true if the
+// first k fields of t1 equals the first k fields of t2.
+// SameSizeTuplePrefixComparator(k1, k2) would be a compiler error if
+// k1 != k2.
+template <int kSize1, int kSize2>
+struct SameSizeTuplePrefixComparator;
+
+template <>
+struct SameSizeTuplePrefixComparator<0, 0> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& /* t1 */, const Tuple2& /* t2 */) {
+    return true;
+  }
+};
+
+template <int k>
+struct SameSizeTuplePrefixComparator<k, k> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& t1, const Tuple2& t2) {
+    return SameSizeTuplePrefixComparator<k - 1, k - 1>::Eq(t1, t2) &&
+        ::std::tr1::get<k - 1>(t1) == ::std::tr1::get<k - 1>(t2);
+  }
+};
+
+}  // namespace gtest_internal
+
+template <GTEST_$(n)_TYPENAMES_(T), GTEST_$(n)_TYPENAMES_(U)>
+inline bool operator==(const GTEST_$(n)_TUPLE_(T)& t,
+                       const GTEST_$(n)_TUPLE_(U)& u) {
+  return gtest_internal::SameSizeTuplePrefixComparator<
+      tuple_size<GTEST_$(n)_TUPLE_(T) >::value,
+      tuple_size<GTEST_$(n)_TUPLE_(U) >::value>::Eq(t, u);
+}
+
+template <GTEST_$(n)_TYPENAMES_(T), GTEST_$(n)_TYPENAMES_(U)>
+inline bool operator!=(const GTEST_$(n)_TUPLE_(T)& t,
+                       const GTEST_$(n)_TUPLE_(U)& u) { return !(t == u); }
+
+// 6.1.4 Pairs.
+// Unimplemented.
+
+}  // namespace tr1
+}  // namespace std
+
+
+$for j [[
+#undef GTEST_$(j)_TUPLE_
+
+]]
+
+
+$for j [[
+#undef GTEST_$(j)_TYPENAMES_
+
+]]
+
+#undef GTEST_DECLARE_TUPLE_AS_FRIEND_
+#undef GTEST_BY_REF_
+#undef GTEST_ADD_REF_
+#undef GTEST_TUPLE_ELEMENT_
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h
new file mode 100644
index 0000000..e46f7cf
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h
@@ -0,0 +1,3331 @@
+// This file was GENERATED by command:
+//     pump.py gtest-type-util.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Type utilities needed for implementing typed and type-parameterized
+// tests.  This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently we support at most 50 types in a list, and at most 50
+// type-parameterized tests in one type-parameterized test case.
+// Please contact googletestframework@googlegroups.com if you need
+// more.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+
+#include "gtest/internal/gtest-port.h"
+
+// #ifdef __GNUC__ is too general here.  It is possible to use gcc without using
+// libstdc++ (which is where cxxabi.h comes from).
+# if GTEST_HAS_CXXABI_H_
+#  include <cxxabi.h>
+# elif defined(__HP_aCC)
+#  include <acxx_demangle.h>
+# endif  // GTEST_HASH_CXXABI_H_
+
+namespace testing {
+namespace internal {
+
+// GetTypeName<T>() returns a human-readable name of type T.
+// NB: This function is also used in Google Mock, so don't move it inside of
+// the typed-test-only section below.
+template <typename T>
+std::string GetTypeName() {
+# if GTEST_HAS_RTTI
+
+  const char* const name = typeid(T).name();
+#  if GTEST_HAS_CXXABI_H_ || defined(__HP_aCC)
+  int status = 0;
+  // gcc's implementation of typeid(T).name() mangles the type name,
+  // so we have to demangle it.
+#   if GTEST_HAS_CXXABI_H_
+  using abi::__cxa_demangle;
+#   endif  // GTEST_HAS_CXXABI_H_
+  char* const readable_name = __cxa_demangle(name, 0, 0, &status);
+  const std::string name_str(status == 0 ? readable_name : name);
+  free(readable_name);
+  return name_str;
+#  else
+  return name;
+#  endif  // GTEST_HAS_CXXABI_H_ || __HP_aCC
+
+# else
+
+  return "<type>";
+
+# endif  // GTEST_HAS_RTTI
+}
+
+#if GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// AssertyTypeEq<T1, T2>::type is defined iff T1 and T2 are the same
+// type.  This can be used as a compile-time assertion to ensure that
+// two types are equal.
+
+template <typename T1, typename T2>
+struct AssertTypeEq;
+
+template <typename T>
+struct AssertTypeEq<T, T> {
+  typedef bool type;
+};
+
+// A unique type used as the default value for the arguments of class
+// template Types.  This allows us to simulate variadic templates
+// (e.g. Types<int>, Type<int, double>, and etc), which C++ doesn't
+// support directly.
+struct None {};
+
+// The following family of struct and struct templates are used to
+// represent type lists.  In particular, TypesN<T1, T2, ..., TN>
+// represents a type list with N types (T1, T2, ..., and TN) in it.
+// Except for Types0, every struct in the family has two member types:
+// Head for the first type in the list, and Tail for the rest of the
+// list.
+
+// The empty type list.
+struct Types0 {};
+
+// Type lists of length 1, 2, 3, and so on.
+
+template <typename T1>
+struct Types1 {
+  typedef T1 Head;
+  typedef Types0 Tail;
+};
+template <typename T1, typename T2>
+struct Types2 {
+  typedef T1 Head;
+  typedef Types1<T2> Tail;
+};
+
+template <typename T1, typename T2, typename T3>
+struct Types3 {
+  typedef T1 Head;
+  typedef Types2<T2, T3> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4>
+struct Types4 {
+  typedef T1 Head;
+  typedef Types3<T2, T3, T4> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+struct Types5 {
+  typedef T1 Head;
+  typedef Types4<T2, T3, T4, T5> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+struct Types6 {
+  typedef T1 Head;
+  typedef Types5<T2, T3, T4, T5, T6> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+struct Types7 {
+  typedef T1 Head;
+  typedef Types6<T2, T3, T4, T5, T6, T7> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+struct Types8 {
+  typedef T1 Head;
+  typedef Types7<T2, T3, T4, T5, T6, T7, T8> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+struct Types9 {
+  typedef T1 Head;
+  typedef Types8<T2, T3, T4, T5, T6, T7, T8, T9> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+struct Types10 {
+  typedef T1 Head;
+  typedef Types9<T2, T3, T4, T5, T6, T7, T8, T9, T10> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+struct Types11 {
+  typedef T1 Head;
+  typedef Types10<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+struct Types12 {
+  typedef T1 Head;
+  typedef Types11<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+struct Types13 {
+  typedef T1 Head;
+  typedef Types12<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+struct Types14 {
+  typedef T1 Head;
+  typedef Types13<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+struct Types15 {
+  typedef T1 Head;
+  typedef Types14<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+struct Types16 {
+  typedef T1 Head;
+  typedef Types15<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+struct Types17 {
+  typedef T1 Head;
+  typedef Types16<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+struct Types18 {
+  typedef T1 Head;
+  typedef Types17<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+struct Types19 {
+  typedef T1 Head;
+  typedef Types18<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+struct Types20 {
+  typedef T1 Head;
+  typedef Types19<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+struct Types21 {
+  typedef T1 Head;
+  typedef Types20<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+struct Types22 {
+  typedef T1 Head;
+  typedef Types21<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+struct Types23 {
+  typedef T1 Head;
+  typedef Types22<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+struct Types24 {
+  typedef T1 Head;
+  typedef Types23<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+struct Types25 {
+  typedef T1 Head;
+  typedef Types24<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+struct Types26 {
+  typedef T1 Head;
+  typedef Types25<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+struct Types27 {
+  typedef T1 Head;
+  typedef Types26<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+struct Types28 {
+  typedef T1 Head;
+  typedef Types27<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+struct Types29 {
+  typedef T1 Head;
+  typedef Types28<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+struct Types30 {
+  typedef T1 Head;
+  typedef Types29<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+struct Types31 {
+  typedef T1 Head;
+  typedef Types30<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+struct Types32 {
+  typedef T1 Head;
+  typedef Types31<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+struct Types33 {
+  typedef T1 Head;
+  typedef Types32<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+struct Types34 {
+  typedef T1 Head;
+  typedef Types33<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+struct Types35 {
+  typedef T1 Head;
+  typedef Types34<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+struct Types36 {
+  typedef T1 Head;
+  typedef Types35<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+struct Types37 {
+  typedef T1 Head;
+  typedef Types36<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+struct Types38 {
+  typedef T1 Head;
+  typedef Types37<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+struct Types39 {
+  typedef T1 Head;
+  typedef Types38<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+struct Types40 {
+  typedef T1 Head;
+  typedef Types39<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+struct Types41 {
+  typedef T1 Head;
+  typedef Types40<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+struct Types42 {
+  typedef T1 Head;
+  typedef Types41<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+struct Types43 {
+  typedef T1 Head;
+  typedef Types42<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+struct Types44 {
+  typedef T1 Head;
+  typedef Types43<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+struct Types45 {
+  typedef T1 Head;
+  typedef Types44<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+struct Types46 {
+  typedef T1 Head;
+  typedef Types45<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+struct Types47 {
+  typedef T1 Head;
+  typedef Types46<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+struct Types48 {
+  typedef T1 Head;
+  typedef Types47<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47, T48> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+struct Types49 {
+  typedef T1 Head;
+  typedef Types48<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47, T48, T49> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+struct Types50 {
+  typedef T1 Head;
+  typedef Types49<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47, T48, T49, T50> Tail;
+};
+
+
+}  // namespace internal
+
+// We don't want to require the users to write TypesN<...> directly,
+// as that would require them to count the length.  Types<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Types<int>
+// will appear as Types<int, None, None, ..., None> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Types<T1, ..., TN>, and Google Test will translate
+// that to TypesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Types template.
+template <typename T1 = internal::None, typename T2 = internal::None,
+    typename T3 = internal::None, typename T4 = internal::None,
+    typename T5 = internal::None, typename T6 = internal::None,
+    typename T7 = internal::None, typename T8 = internal::None,
+    typename T9 = internal::None, typename T10 = internal::None,
+    typename T11 = internal::None, typename T12 = internal::None,
+    typename T13 = internal::None, typename T14 = internal::None,
+    typename T15 = internal::None, typename T16 = internal::None,
+    typename T17 = internal::None, typename T18 = internal::None,
+    typename T19 = internal::None, typename T20 = internal::None,
+    typename T21 = internal::None, typename T22 = internal::None,
+    typename T23 = internal::None, typename T24 = internal::None,
+    typename T25 = internal::None, typename T26 = internal::None,
+    typename T27 = internal::None, typename T28 = internal::None,
+    typename T29 = internal::None, typename T30 = internal::None,
+    typename T31 = internal::None, typename T32 = internal::None,
+    typename T33 = internal::None, typename T34 = internal::None,
+    typename T35 = internal::None, typename T36 = internal::None,
+    typename T37 = internal::None, typename T38 = internal::None,
+    typename T39 = internal::None, typename T40 = internal::None,
+    typename T41 = internal::None, typename T42 = internal::None,
+    typename T43 = internal::None, typename T44 = internal::None,
+    typename T45 = internal::None, typename T46 = internal::None,
+    typename T47 = internal::None, typename T48 = internal::None,
+    typename T49 = internal::None, typename T50 = internal::None>
+struct Types {
+  typedef internal::Types50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48, T49, T50> type;
+};
+
+template <>
+struct Types<internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types0 type;
+};
+template <typename T1>
+struct Types<T1, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types1<T1> type;
+};
+template <typename T1, typename T2>
+struct Types<T1, T2, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types2<T1, T2> type;
+};
+template <typename T1, typename T2, typename T3>
+struct Types<T1, T2, T3, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types3<T1, T2, T3> type;
+};
+template <typename T1, typename T2, typename T3, typename T4>
+struct Types<T1, T2, T3, T4, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types4<T1, T2, T3, T4> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+struct Types<T1, T2, T3, T4, T5, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types5<T1, T2, T3, T4, T5> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+struct Types<T1, T2, T3, T4, T5, T6, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types6<T1, T2, T3, T4, T5, T6> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+struct Types<T1, T2, T3, T4, T5, T6, T7, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types7<T1, T2, T3, T4, T5, T6, T7> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types8<T1, T2, T3, T4, T5, T6, T7, T8> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types9<T1, T2, T3, T4, T5, T6, T7, T8, T9> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, T47, internal::None, internal::None, internal::None> {
+  typedef internal::Types47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, T47, T48, internal::None, internal::None> {
+  typedef internal::Types48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, T47, T48, T49, internal::None> {
+  typedef internal::Types49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48, T49> type;
+};
+
+namespace internal {
+
+# define GTEST_TEMPLATE_ template <typename T> class
+
+// The template "selector" struct TemplateSel<Tmpl> is used to
+// represent Tmpl, which must be a class template with one type
+// parameter, as a type.  TemplateSel<Tmpl>::Bind<T>::type is defined
+// as the type Tmpl<T>.  This allows us to actually instantiate the
+// template "selected" by TemplateSel<Tmpl>.
+//
+// This trick is necessary for simulating typedef for class templates,
+// which C++ doesn't support directly.
+template <GTEST_TEMPLATE_ Tmpl>
+struct TemplateSel {
+  template <typename T>
+  struct Bind {
+    typedef Tmpl<T> type;
+  };
+};
+
+# define GTEST_BIND_(TmplSel, T) \
+  TmplSel::template Bind<T>::type
+
+// A unique struct template used as the default value for the
+// arguments of class template Templates.  This allows us to simulate
+// variadic templates (e.g. Templates<int>, Templates<int, double>,
+// and etc), which C++ doesn't support directly.
+template <typename T>
+struct NoneT {};
+
+// The following family of struct and struct templates are used to
+// represent template lists.  In particular, TemplatesN<T1, T2, ...,
+// TN> represents a list of N templates (T1, T2, ..., and TN).  Except
+// for Templates0, every struct in the family has two member types:
+// Head for the selector of the first template in the list, and Tail
+// for the rest of the list.
+
+// The empty template list.
+struct Templates0 {};
+
+// Template lists of length 1, 2, 3, and so on.
+
+template <GTEST_TEMPLATE_ T1>
+struct Templates1 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates0 Tail;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2>
+struct Templates2 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates1<T2> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3>
+struct Templates3 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates2<T2, T3> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4>
+struct Templates4 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates3<T2, T3, T4> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5>
+struct Templates5 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates4<T2, T3, T4, T5> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6>
+struct Templates6 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates5<T2, T3, T4, T5, T6> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7>
+struct Templates7 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates6<T2, T3, T4, T5, T6, T7> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8>
+struct Templates8 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates7<T2, T3, T4, T5, T6, T7, T8> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9>
+struct Templates9 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates8<T2, T3, T4, T5, T6, T7, T8, T9> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10>
+struct Templates10 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates9<T2, T3, T4, T5, T6, T7, T8, T9, T10> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11>
+struct Templates11 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates10<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12>
+struct Templates12 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates11<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13>
+struct Templates13 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates12<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14>
+struct Templates14 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates13<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15>
+struct Templates15 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates14<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16>
+struct Templates16 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates15<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17>
+struct Templates17 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates16<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18>
+struct Templates18 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates17<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19>
+struct Templates19 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates18<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20>
+struct Templates20 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates19<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21>
+struct Templates21 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates20<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22>
+struct Templates22 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates21<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23>
+struct Templates23 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates22<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24>
+struct Templates24 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates23<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25>
+struct Templates25 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates24<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26>
+struct Templates26 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates25<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27>
+struct Templates27 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates26<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28>
+struct Templates28 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates27<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29>
+struct Templates29 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates28<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30>
+struct Templates30 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates29<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31>
+struct Templates31 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates30<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32>
+struct Templates32 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates31<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33>
+struct Templates33 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates32<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34>
+struct Templates34 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates33<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35>
+struct Templates35 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates34<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36>
+struct Templates36 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates35<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37>
+struct Templates37 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates36<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38>
+struct Templates38 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates37<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39>
+struct Templates39 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates38<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40>
+struct Templates40 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates39<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41>
+struct Templates41 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates40<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42>
+struct Templates42 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates41<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43>
+struct Templates43 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates42<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44>
+struct Templates44 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates43<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45>
+struct Templates45 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates44<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46>
+struct Templates46 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates45<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47>
+struct Templates47 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates46<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48>
+struct Templates48 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates47<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47, T48> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48,
+    GTEST_TEMPLATE_ T49>
+struct Templates49 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates48<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47, T48, T49> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48,
+    GTEST_TEMPLATE_ T49, GTEST_TEMPLATE_ T50>
+struct Templates50 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates49<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47, T48, T49, T50> Tail;
+};
+
+
+// We don't want to require the users to write TemplatesN<...> directly,
+// as that would require them to count the length.  Templates<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Templates<list>
+// will appear as Templates<list, NoneT, NoneT, ..., NoneT> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Templates<T1, ..., TN>, and Google Test will translate
+// that to TemplatesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Templates template.
+template <GTEST_TEMPLATE_ T1 = NoneT, GTEST_TEMPLATE_ T2 = NoneT,
+    GTEST_TEMPLATE_ T3 = NoneT, GTEST_TEMPLATE_ T4 = NoneT,
+    GTEST_TEMPLATE_ T5 = NoneT, GTEST_TEMPLATE_ T6 = NoneT,
+    GTEST_TEMPLATE_ T7 = NoneT, GTEST_TEMPLATE_ T8 = NoneT,
+    GTEST_TEMPLATE_ T9 = NoneT, GTEST_TEMPLATE_ T10 = NoneT,
+    GTEST_TEMPLATE_ T11 = NoneT, GTEST_TEMPLATE_ T12 = NoneT,
+    GTEST_TEMPLATE_ T13 = NoneT, GTEST_TEMPLATE_ T14 = NoneT,
+    GTEST_TEMPLATE_ T15 = NoneT, GTEST_TEMPLATE_ T16 = NoneT,
+    GTEST_TEMPLATE_ T17 = NoneT, GTEST_TEMPLATE_ T18 = NoneT,
+    GTEST_TEMPLATE_ T19 = NoneT, GTEST_TEMPLATE_ T20 = NoneT,
+    GTEST_TEMPLATE_ T21 = NoneT, GTEST_TEMPLATE_ T22 = NoneT,
+    GTEST_TEMPLATE_ T23 = NoneT, GTEST_TEMPLATE_ T24 = NoneT,
+    GTEST_TEMPLATE_ T25 = NoneT, GTEST_TEMPLATE_ T26 = NoneT,
+    GTEST_TEMPLATE_ T27 = NoneT, GTEST_TEMPLATE_ T28 = NoneT,
+    GTEST_TEMPLATE_ T29 = NoneT, GTEST_TEMPLATE_ T30 = NoneT,
+    GTEST_TEMPLATE_ T31 = NoneT, GTEST_TEMPLATE_ T32 = NoneT,
+    GTEST_TEMPLATE_ T33 = NoneT, GTEST_TEMPLATE_ T34 = NoneT,
+    GTEST_TEMPLATE_ T35 = NoneT, GTEST_TEMPLATE_ T36 = NoneT,
+    GTEST_TEMPLATE_ T37 = NoneT, GTEST_TEMPLATE_ T38 = NoneT,
+    GTEST_TEMPLATE_ T39 = NoneT, GTEST_TEMPLATE_ T40 = NoneT,
+    GTEST_TEMPLATE_ T41 = NoneT, GTEST_TEMPLATE_ T42 = NoneT,
+    GTEST_TEMPLATE_ T43 = NoneT, GTEST_TEMPLATE_ T44 = NoneT,
+    GTEST_TEMPLATE_ T45 = NoneT, GTEST_TEMPLATE_ T46 = NoneT,
+    GTEST_TEMPLATE_ T47 = NoneT, GTEST_TEMPLATE_ T48 = NoneT,
+    GTEST_TEMPLATE_ T49 = NoneT, GTEST_TEMPLATE_ T50 = NoneT>
+struct Templates {
+  typedef Templates50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47, T48, T49, T50> type;
+};
+
+template <>
+struct Templates<NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates0 type;
+};
+template <GTEST_TEMPLATE_ T1>
+struct Templates<T1, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates1<T1> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2>
+struct Templates<T1, T2, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates2<T1, T2> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3>
+struct Templates<T1, T2, T3, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates3<T1, T2, T3> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4>
+struct Templates<T1, T2, T3, T4, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates4<T1, T2, T3, T4> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5>
+struct Templates<T1, T2, T3, T4, T5, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates5<T1, T2, T3, T4, T5> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6>
+struct Templates<T1, T2, T3, T4, T5, T6, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates6<T1, T2, T3, T4, T5, T6> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates7<T1, T2, T3, T4, T5, T6, T7> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates8<T1, T2, T3, T4, T5, T6, T7, T8> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates9<T1, T2, T3, T4, T5, T6, T7, T8, T9> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT> {
+  typedef Templates22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT> {
+  typedef Templates23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT> {
+  typedef Templates24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, T47, NoneT, NoneT, NoneT> {
+  typedef Templates47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, T47, T48, NoneT, NoneT> {
+  typedef Templates48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47, T48> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48,
+    GTEST_TEMPLATE_ T49>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, T47, T48, T49, NoneT> {
+  typedef Templates49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47, T48, T49> type;
+};
+
+// The TypeList template makes it possible to use either a single type
+// or a Types<...> list in TYPED_TEST_CASE() and
+// INSTANTIATE_TYPED_TEST_CASE_P().
+
+template <typename T>
+struct TypeList {
+  typedef Types1<T> type;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+struct TypeList<Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48, T49, T50> > {
+  typedef typename Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48, T49, T50>::type type;
+};
+
+#endif  // GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
diff --git a/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
new file mode 100644
index 0000000..251fdf0
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
@@ -0,0 +1,297 @@
+$$ -*- mode: c++; -*-
+$var n = 50  $$ Maximum length of type lists we want to support.
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Type utilities needed for implementing typed and type-parameterized
+// tests.  This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently we support at most $n types in a list, and at most $n
+// type-parameterized tests in one type-parameterized test case.
+// Please contact googletestframework@googlegroups.com if you need
+// more.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+
+#include "gtest/internal/gtest-port.h"
+
+// #ifdef __GNUC__ is too general here.  It is possible to use gcc without using
+// libstdc++ (which is where cxxabi.h comes from).
+# if GTEST_HAS_CXXABI_H_
+#  include <cxxabi.h>
+# elif defined(__HP_aCC)
+#  include <acxx_demangle.h>
+# endif  // GTEST_HASH_CXXABI_H_
+
+namespace testing {
+namespace internal {
+
+// GetTypeName<T>() returns a human-readable name of type T.
+// NB: This function is also used in Google Mock, so don't move it inside of
+// the typed-test-only section below.
+template <typename T>
+std::string GetTypeName() {
+# if GTEST_HAS_RTTI
+
+  const char* const name = typeid(T).name();
+#  if GTEST_HAS_CXXABI_H_ || defined(__HP_aCC)
+  int status = 0;
+  // gcc's implementation of typeid(T).name() mangles the type name,
+  // so we have to demangle it.
+#   if GTEST_HAS_CXXABI_H_
+  using abi::__cxa_demangle;
+#   endif  // GTEST_HAS_CXXABI_H_
+  char* const readable_name = __cxa_demangle(name, 0, 0, &status);
+  const std::string name_str(status == 0 ? readable_name : name);
+  free(readable_name);
+  return name_str;
+#  else
+  return name;
+#  endif  // GTEST_HAS_CXXABI_H_ || __HP_aCC
+
+# else
+
+  return "<type>";
+
+# endif  // GTEST_HAS_RTTI
+}
+
+#if GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// AssertyTypeEq<T1, T2>::type is defined iff T1 and T2 are the same
+// type.  This can be used as a compile-time assertion to ensure that
+// two types are equal.
+
+template <typename T1, typename T2>
+struct AssertTypeEq;
+
+template <typename T>
+struct AssertTypeEq<T, T> {
+  typedef bool type;
+};
+
+// A unique type used as the default value for the arguments of class
+// template Types.  This allows us to simulate variadic templates
+// (e.g. Types<int>, Type<int, double>, and etc), which C++ doesn't
+// support directly.
+struct None {};
+
+// The following family of struct and struct templates are used to
+// represent type lists.  In particular, TypesN<T1, T2, ..., TN>
+// represents a type list with N types (T1, T2, ..., and TN) in it.
+// Except for Types0, every struct in the family has two member types:
+// Head for the first type in the list, and Tail for the rest of the
+// list.
+
+// The empty type list.
+struct Types0 {};
+
+// Type lists of length 1, 2, 3, and so on.
+
+template <typename T1>
+struct Types1 {
+  typedef T1 Head;
+  typedef Types0 Tail;
+};
+
+$range i 2..n
+
+$for i [[
+$range j 1..i
+$range k 2..i
+template <$for j, [[typename T$j]]>
+struct Types$i {
+  typedef T1 Head;
+  typedef Types$(i-1)<$for k, [[T$k]]> Tail;
+};
+
+
+]]
+
+}  // namespace internal
+
+// We don't want to require the users to write TypesN<...> directly,
+// as that would require them to count the length.  Types<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Types<int>
+// will appear as Types<int, None, None, ..., None> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Types<T1, ..., TN>, and Google Test will translate
+// that to TypesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Types template.
+
+$range i 1..n
+template <$for i, [[typename T$i = internal::None]]>
+struct Types {
+  typedef internal::Types$n<$for i, [[T$i]]> type;
+};
+
+template <>
+struct Types<$for i, [[internal::None]]> {
+  typedef internal::Types0 type;
+};
+
+$range i 1..n-1
+$for i [[
+$range j 1..i
+$range k i+1..n
+template <$for j, [[typename T$j]]>
+struct Types<$for j, [[T$j]]$for k[[, internal::None]]> {
+  typedef internal::Types$i<$for j, [[T$j]]> type;
+};
+
+]]
+
+namespace internal {
+
+# define GTEST_TEMPLATE_ template <typename T> class
+
+// The template "selector" struct TemplateSel<Tmpl> is used to
+// represent Tmpl, which must be a class template with one type
+// parameter, as a type.  TemplateSel<Tmpl>::Bind<T>::type is defined
+// as the type Tmpl<T>.  This allows us to actually instantiate the
+// template "selected" by TemplateSel<Tmpl>.
+//
+// This trick is necessary for simulating typedef for class templates,
+// which C++ doesn't support directly.
+template <GTEST_TEMPLATE_ Tmpl>
+struct TemplateSel {
+  template <typename T>
+  struct Bind {
+    typedef Tmpl<T> type;
+  };
+};
+
+# define GTEST_BIND_(TmplSel, T) \
+  TmplSel::template Bind<T>::type
+
+// A unique struct template used as the default value for the
+// arguments of class template Templates.  This allows us to simulate
+// variadic templates (e.g. Templates<int>, Templates<int, double>,
+// and etc), which C++ doesn't support directly.
+template <typename T>
+struct NoneT {};
+
+// The following family of struct and struct templates are used to
+// represent template lists.  In particular, TemplatesN<T1, T2, ...,
+// TN> represents a list of N templates (T1, T2, ..., and TN).  Except
+// for Templates0, every struct in the family has two member types:
+// Head for the selector of the first template in the list, and Tail
+// for the rest of the list.
+
+// The empty template list.
+struct Templates0 {};
+
+// Template lists of length 1, 2, 3, and so on.
+
+template <GTEST_TEMPLATE_ T1>
+struct Templates1 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates0 Tail;
+};
+
+$range i 2..n
+
+$for i [[
+$range j 1..i
+$range k 2..i
+template <$for j, [[GTEST_TEMPLATE_ T$j]]>
+struct Templates$i {
+  typedef TemplateSel<T1> Head;
+  typedef Templates$(i-1)<$for k, [[T$k]]> Tail;
+};
+
+
+]]
+
+// We don't want to require the users to write TemplatesN<...> directly,
+// as that would require them to count the length.  Templates<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Templates<list>
+// will appear as Templates<list, NoneT, NoneT, ..., NoneT> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Templates<T1, ..., TN>, and Google Test will translate
+// that to TemplatesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Templates template.
+
+$range i 1..n
+template <$for i, [[GTEST_TEMPLATE_ T$i = NoneT]]>
+struct Templates {
+  typedef Templates$n<$for i, [[T$i]]> type;
+};
+
+template <>
+struct Templates<$for i, [[NoneT]]> {
+  typedef Templates0 type;
+};
+
+$range i 1..n-1
+$for i [[
+$range j 1..i
+$range k i+1..n
+template <$for j, [[GTEST_TEMPLATE_ T$j]]>
+struct Templates<$for j, [[T$j]]$for k[[, NoneT]]> {
+  typedef Templates$i<$for j, [[T$j]]> type;
+};
+
+]]
+
+// The TypeList template makes it possible to use either a single type
+// or a Types<...> list in TYPED_TEST_CASE() and
+// INSTANTIATE_TYPED_TEST_CASE_P().
+
+template <typename T>
+struct TypeList {
+  typedef Types1<T> type;
+};
+
+
+$range i 1..n
+template <$for i, [[typename T$i]]>
+struct TypeList<Types<$for i, [[T$i]]> > {
+  typedef typename Types<$for i, [[T$i]]>::type type;
+};
+
+#endif  // GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
diff --git a/nss/external_tests/google_test/gtest/m4/acx_pthread.m4 b/nss/external_tests/google_test/gtest/m4/acx_pthread.m4
new file mode 100644
index 0000000..2cf20de
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/m4/acx_pthread.m4
@@ -0,0 +1,363 @@
+# This was retrieved from
+#    http://svn.0pointer.de/viewvc/trunk/common/acx_pthread.m4?revision=1277&root=avahi
+# See also (perhaps for new versions?)
+#    http://svn.0pointer.de/viewvc/trunk/common/acx_pthread.m4?root=avahi
+#
+# We've rewritten the inconsistency check code (from avahi), to work
+# more broadly.  In particular, it no longer assumes ld accepts -zdefs.
+# This caused a restructing of the code, but the functionality has only
+# changed a little.
+
+dnl @synopsis ACX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
+dnl
+dnl @summary figure out how to build C programs using POSIX threads
+dnl
+dnl This macro figures out how to build C programs using POSIX threads.
+dnl It sets the PTHREAD_LIBS output variable to the threads library and
+dnl linker flags, and the PTHREAD_CFLAGS output variable to any special
+dnl C compiler flags that are needed. (The user can also force certain
+dnl compiler flags/libs to be tested by setting these environment
+dnl variables.)
+dnl
+dnl Also sets PTHREAD_CC to any special C compiler that is needed for
+dnl multi-threaded programs (defaults to the value of CC otherwise).
+dnl (This is necessary on AIX to use the special cc_r compiler alias.)
+dnl
+dnl NOTE: You are assumed to not only compile your program with these
+dnl flags, but also link it with them as well. e.g. you should link
+dnl with $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS
+dnl $LIBS
+dnl
+dnl If you are only building threads programs, you may wish to use
+dnl these variables in your default LIBS, CFLAGS, and CC:
+dnl
+dnl        LIBS="$PTHREAD_LIBS $LIBS"
+dnl        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+dnl        CC="$PTHREAD_CC"
+dnl
+dnl In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute
+dnl constant has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to
+dnl that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
+dnl
+dnl ACTION-IF-FOUND is a list of shell commands to run if a threads
+dnl library is found, and ACTION-IF-NOT-FOUND is a list of commands to
+dnl run it if it is not found. If ACTION-IF-FOUND is not specified, the
+dnl default action will define HAVE_PTHREAD.
+dnl
+dnl Please let the authors know if this macro fails on any platform, or
+dnl if you have any other suggestions or comments. This macro was based
+dnl on work by SGJ on autoconf scripts for FFTW (www.fftw.org) (with
+dnl help from M. Frigo), as well as ac_pthread and hb_pthread macros
+dnl posted by Alejandro Forero Cuervo to the autoconf macro repository.
+dnl We are also grateful for the helpful feedback of numerous users.
+dnl
+dnl @category InstalledPackages
+dnl @author Steven G. Johnson <stevenj@alum.mit.edu>
+dnl @version 2006-05-29
+dnl @license GPLWithACException
+dnl 
+dnl Checks for GCC shared/pthread inconsistency based on work by
+dnl Marcin Owsiany <marcin@owsiany.pl>
+
+
+AC_DEFUN([ACX_PTHREAD], [
+AC_REQUIRE([AC_CANONICAL_HOST])
+AC_LANG_SAVE
+AC_LANG_C
+acx_pthread_ok=no
+
+# We used to check for pthread.h first, but this fails if pthread.h
+# requires special compiler flags (e.g. on True64 or Sequent).
+# It gets checked for in the link test anyway.
+
+# First of all, check if the user has set any of the PTHREAD_LIBS,
+# etcetera environment variables, and if threads linking works using
+# them:
+if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
+        AC_TRY_LINK_FUNC(pthread_join, acx_pthread_ok=yes)
+        AC_MSG_RESULT($acx_pthread_ok)
+        if test x"$acx_pthread_ok" = xno; then
+                PTHREAD_LIBS=""
+                PTHREAD_CFLAGS=""
+        fi
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+fi
+
+# We must check for the threads library under a number of different
+# names; the ordering is very important because some systems
+# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
+# libraries is broken (non-POSIX).
+
+# Create a list of thread flags to try.  Items starting with a "-" are
+# C compiler flags, and other items are library names, except for "none"
+# which indicates that we try without any flags at all, and "pthread-config"
+# which is a program returning the flags for the Pth emulation library.
+
+acx_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
+
+# The ordering *is* (sometimes) important.  Some notes on the
+# individual items follow:
+
+# pthreads: AIX (must check this before -lpthread)
+# none: in case threads are in libc; should be tried before -Kthread and
+#       other compiler flags to prevent continual compiler warnings
+# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
+# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
+# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
+# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
+# -pthreads: Solaris/gcc
+# -mthreads: Mingw32/gcc, Lynx/gcc
+# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
+#      doesn't hurt to check since this sometimes defines pthreads too;
+#      also defines -D_REENTRANT)
+#      ... -mt is also the pthreads flag for HP/aCC
+# pthread: Linux, etcetera
+# --thread-safe: KAI C++
+# pthread-config: use pthread-config program (for GNU Pth library)
+
+case "${host_cpu}-${host_os}" in
+        *solaris*)
+
+        # On Solaris (at least, for some versions), libc contains stubbed
+        # (non-functional) versions of the pthreads routines, so link-based
+        # tests will erroneously succeed.  (We need to link with -pthreads/-mt/
+        # -lpthread.)  (The stubs are missing pthread_cleanup_push, or rather
+        # a function called by this macro, so we could check for that, but
+        # who knows whether they'll stub that too in a future libc.)  So,
+        # we'll just look for -pthreads and -lpthread first:
+
+        acx_pthread_flags="-pthreads pthread -mt -pthread $acx_pthread_flags"
+        ;;
+esac
+
+if test x"$acx_pthread_ok" = xno; then
+for flag in $acx_pthread_flags; do
+
+        case $flag in
+                none)
+                AC_MSG_CHECKING([whether pthreads work without any flags])
+                ;;
+
+                -*)
+                AC_MSG_CHECKING([whether pthreads work with $flag])
+                PTHREAD_CFLAGS="$flag"
+                ;;
+
+		pthread-config)
+		AC_CHECK_PROG(acx_pthread_config, pthread-config, yes, no)
+		if test x"$acx_pthread_config" = xno; then continue; fi
+		PTHREAD_CFLAGS="`pthread-config --cflags`"
+		PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
+		;;
+
+                *)
+                AC_MSG_CHECKING([for the pthreads library -l$flag])
+                PTHREAD_LIBS="-l$flag"
+                ;;
+        esac
+
+        save_LIBS="$LIBS"
+        save_CFLAGS="$CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+        # Check for various functions.  We must include pthread.h,
+        # since some functions may be macros.  (On the Sequent, we
+        # need a special flag -Kthread to make this header compile.)
+        # We check for pthread_join because it is in -lpthread on IRIX
+        # while pthread_create is in libc.  We check for pthread_attr_init
+        # due to DEC craziness with -lpthreads.  We check for
+        # pthread_cleanup_push because it is one of the few pthread
+        # functions on Solaris that doesn't have a non-functional libc stub.
+        # We try pthread_create on general principles.
+        AC_TRY_LINK([#include <pthread.h>],
+                    [pthread_t th; pthread_join(th, 0);
+                     pthread_attr_init(0); pthread_cleanup_push(0, 0);
+                     pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+                    [acx_pthread_ok=yes])
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+
+        AC_MSG_RESULT($acx_pthread_ok)
+        if test "x$acx_pthread_ok" = xyes; then
+                break;
+        fi
+
+        PTHREAD_LIBS=""
+        PTHREAD_CFLAGS=""
+done
+fi
+
+# Various other checks:
+if test "x$acx_pthread_ok" = xyes; then
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+        # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
+	AC_MSG_CHECKING([for joinable pthread attribute])
+	attr_name=unknown
+	for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
+	    AC_TRY_LINK([#include <pthread.h>], [int attr=$attr; return attr;],
+                        [attr_name=$attr; break])
+	done
+        AC_MSG_RESULT($attr_name)
+        if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
+            AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name,
+                               [Define to necessary symbol if this constant
+                                uses a non-standard name on your system.])
+        fi
+
+        AC_MSG_CHECKING([if more special flags are required for pthreads])
+        flag=no
+        case "${host_cpu}-${host_os}" in
+            *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";;
+            *solaris* | *-osf* | *-hpux*) flag="-D_REENTRANT";;
+        esac
+        AC_MSG_RESULT(${flag})
+        if test "x$flag" != xno; then
+            PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
+        fi
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+        # More AIX lossage: must compile with xlc_r or cc_r
+	if test x"$GCC" != xyes; then
+          AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC})
+        else
+          PTHREAD_CC=$CC
+	fi
+
+	# The next part tries to detect GCC inconsistency with -shared on some
+	# architectures and systems. The problem is that in certain
+	# configurations, when -shared is specified, GCC "forgets" to
+	# internally use various flags which are still necessary.
+	
+	#
+	# Prepare the flags
+	#
+	save_CFLAGS="$CFLAGS"
+	save_LIBS="$LIBS"
+	save_CC="$CC"
+	
+	# Try with the flags determined by the earlier checks.
+	#
+	# -Wl,-z,defs forces link-time symbol resolution, so that the
+	# linking checks with -shared actually have any value
+	#
+	# FIXME: -fPIC is required for -shared on many architectures,
+	# so we specify it here, but the right way would probably be to
+	# properly detect whether it is actually required.
+	CFLAGS="-shared -fPIC -Wl,-z,defs $CFLAGS $PTHREAD_CFLAGS"
+	LIBS="$PTHREAD_LIBS $LIBS"
+	CC="$PTHREAD_CC"
+	
+	# In order not to create several levels of indentation, we test
+	# the value of "$done" until we find the cure or run out of ideas.
+	done="no"
+	
+	# First, make sure the CFLAGS we added are actually accepted by our
+	# compiler.  If not (and OS X's ld, for instance, does not accept -z),
+	# then we can't do this test.
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether to check for GCC pthread/shared inconsistencies])
+	   AC_TRY_LINK(,, , [done=yes])
+	
+	   if test "x$done" = xyes ; then
+	      AC_MSG_RESULT([no])
+	   else
+	      AC_MSG_RESULT([yes])
+	   fi
+	fi
+	
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether -pthread is sufficient with -shared])
+	   AC_TRY_LINK([#include <pthread.h>],
+	      [pthread_t th; pthread_join(th, 0);
+	      pthread_attr_init(0); pthread_cleanup_push(0, 0);
+	      pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+	      [done=yes])
+	   
+	   if test "x$done" = xyes; then
+	      AC_MSG_RESULT([yes])
+	   else
+	      AC_MSG_RESULT([no])
+	   fi
+	fi
+	
+	#
+	# Linux gcc on some architectures such as mips/mipsel forgets
+	# about -lpthread
+	#
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether -lpthread fixes that])
+	   LIBS="-lpthread $PTHREAD_LIBS $save_LIBS"
+	   AC_TRY_LINK([#include <pthread.h>],
+	      [pthread_t th; pthread_join(th, 0);
+	      pthread_attr_init(0); pthread_cleanup_push(0, 0);
+	      pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+	      [done=yes])
+	
+	   if test "x$done" = xyes; then
+	      AC_MSG_RESULT([yes])
+	      PTHREAD_LIBS="-lpthread $PTHREAD_LIBS"
+	   else
+	      AC_MSG_RESULT([no])
+	   fi
+	fi
+	#
+	# FreeBSD 4.10 gcc forgets to use -lc_r instead of -lc
+	#
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether -lc_r fixes that])
+	   LIBS="-lc_r $PTHREAD_LIBS $save_LIBS"
+	   AC_TRY_LINK([#include <pthread.h>],
+	       [pthread_t th; pthread_join(th, 0);
+	        pthread_attr_init(0); pthread_cleanup_push(0, 0);
+	        pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+	       [done=yes])
+	
+	   if test "x$done" = xyes; then
+	      AC_MSG_RESULT([yes])
+	      PTHREAD_LIBS="-lc_r $PTHREAD_LIBS"
+	   else
+	      AC_MSG_RESULT([no])
+	   fi
+	fi
+	if test x"$done" = xno; then
+	   # OK, we have run out of ideas
+	   AC_MSG_WARN([Impossible to determine how to use pthreads with shared libraries])
+	
+	   # so it's not safe to assume that we may use pthreads
+	   acx_pthread_ok=no
+	fi
+	
+	CFLAGS="$save_CFLAGS"
+	LIBS="$save_LIBS"
+	CC="$save_CC"
+else
+        PTHREAD_CC="$CC"
+fi
+
+AC_SUBST(PTHREAD_LIBS)
+AC_SUBST(PTHREAD_CFLAGS)
+AC_SUBST(PTHREAD_CC)
+
+# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
+if test x"$acx_pthread_ok" = xyes; then
+        ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1])
+        :
+else
+        acx_pthread_ok=no
+        $2
+fi
+AC_LANG_RESTORE
+])dnl ACX_PTHREAD
diff --git a/nss/external_tests/google_test/gtest/m4/gtest.m4 b/nss/external_tests/google_test/gtest/m4/gtest.m4
new file mode 100644
index 0000000..6598ba7
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/m4/gtest.m4
@@ -0,0 +1,74 @@
+dnl GTEST_LIB_CHECK([minimum version [,
+dnl                  action if found [,action if not found]]])
+dnl
+dnl Check for the presence of the Google Test library, optionally at a minimum
+dnl version, and indicate a viable version with the HAVE_GTEST flag. It defines
+dnl standard variables for substitution including GTEST_CPPFLAGS,
+dnl GTEST_CXXFLAGS, GTEST_LDFLAGS, and GTEST_LIBS. It also defines
+dnl GTEST_VERSION as the version of Google Test found. Finally, it provides
+dnl optional custom action slots in the event GTEST is found or not.
+AC_DEFUN([GTEST_LIB_CHECK],
+[
+dnl Provide a flag to enable or disable Google Test usage.
+AC_ARG_ENABLE([gtest],
+  [AS_HELP_STRING([--enable-gtest],
+                  [Enable tests using the Google C++ Testing Framework.
+                  (Default is enabled.)])],
+  [],
+  [enable_gtest=])
+AC_ARG_VAR([GTEST_CONFIG],
+           [The exact path of Google Test's 'gtest-config' script.])
+AC_ARG_VAR([GTEST_CPPFLAGS],
+           [C-like preprocessor flags for Google Test.])
+AC_ARG_VAR([GTEST_CXXFLAGS],
+           [C++ compile flags for Google Test.])
+AC_ARG_VAR([GTEST_LDFLAGS],
+           [Linker path and option flags for Google Test.])
+AC_ARG_VAR([GTEST_LIBS],
+           [Library linking flags for Google Test.])
+AC_ARG_VAR([GTEST_VERSION],
+           [The version of Google Test available.])
+HAVE_GTEST="no"
+AS_IF([test "x${enable_gtest}" != "xno"],
+  [AC_MSG_CHECKING([for 'gtest-config'])
+   AS_IF([test "x${enable_gtest}" != "xyes"],
+     [AS_IF([test -x "${enable_gtest}/scripts/gtest-config"],
+        [GTEST_CONFIG="${enable_gtest}/scripts/gtest-config"],
+        [GTEST_CONFIG="${enable_gtest}/bin/gtest-config"])
+      AS_IF([test -x "${GTEST_CONFIG}"], [],
+        [AC_MSG_RESULT([no])
+         AC_MSG_ERROR([dnl
+Unable to locate either a built or installed Google Test.
+The specific location '${enable_gtest}' was provided for a built or installed
+Google Test, but no 'gtest-config' script could be found at this location.])
+         ])],
+     [AC_PATH_PROG([GTEST_CONFIG], [gtest-config])])
+   AS_IF([test -x "${GTEST_CONFIG}"],
+     [AC_MSG_RESULT([${GTEST_CONFIG}])
+      m4_ifval([$1],
+        [_gtest_min_version="--min-version=$1"
+         AC_MSG_CHECKING([for Google Test at least version >= $1])],
+        [_gtest_min_version="--min-version=0"
+         AC_MSG_CHECKING([for Google Test])])
+      AS_IF([${GTEST_CONFIG} ${_gtest_min_version}],
+        [AC_MSG_RESULT([yes])
+         HAVE_GTEST='yes'],
+        [AC_MSG_RESULT([no])])],
+     [AC_MSG_RESULT([no])])
+   AS_IF([test "x${HAVE_GTEST}" = "xyes"],
+     [GTEST_CPPFLAGS=`${GTEST_CONFIG} --cppflags`
+      GTEST_CXXFLAGS=`${GTEST_CONFIG} --cxxflags`
+      GTEST_LDFLAGS=`${GTEST_CONFIG} --ldflags`
+      GTEST_LIBS=`${GTEST_CONFIG} --libs`
+      GTEST_VERSION=`${GTEST_CONFIG} --version`
+      AC_DEFINE([HAVE_GTEST],[1],[Defined when Google Test is available.])],
+     [AS_IF([test "x${enable_gtest}" = "xyes"],
+        [AC_MSG_ERROR([dnl
+Google Test was enabled, but no viable version could be found.])
+         ])])])
+AC_SUBST([HAVE_GTEST])
+AM_CONDITIONAL([HAVE_GTEST],[test "x$HAVE_GTEST" = "xyes"])
+AS_IF([test "x$HAVE_GTEST" = "xyes"],
+  [m4_ifval([$2], [$2])],
+  [m4_ifval([$3], [$3])])
+])
diff --git a/nss/external_tests/google_test/gtest/make/Makefile b/nss/external_tests/google_test/gtest/make/Makefile
new file mode 100644
index 0000000..9ac7449
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/make/Makefile
@@ -0,0 +1,82 @@
+# A sample Makefile for building Google Test and using it in user
+# tests.  Please tweak it to suit your environment and project.  You
+# may want to move it to your project's root directory.
+#
+# SYNOPSIS:
+#
+#   make [all]  - makes everything.
+#   make TARGET - makes the given target.
+#   make clean  - removes all files generated by make.
+
+# Please tweak the following variable definitions as needed by your
+# project, except GTEST_HEADERS, which you can use in your own targets
+# but shouldn't modify.
+
+# Points to the root of Google Test, relative to where this file is.
+# Remember to tweak this if you move this file.
+GTEST_DIR = ..
+
+# Where to find user code.
+USER_DIR = ../samples
+
+# Flags passed to the preprocessor.
+# Set Google Test's header directory as a system directory, such that
+# the compiler doesn't generate warnings in Google Test headers.
+CPPFLAGS += -isystem $(GTEST_DIR)/include
+
+# Flags passed to the C++ compiler.
+CXXFLAGS += -g -Wall -Wextra -pthread
+
+# All tests produced by this Makefile.  Remember to add new tests you
+# created to the list.
+TESTS = sample1_unittest
+
+# All Google Test headers.  Usually you shouldn't change this
+# definition.
+GTEST_HEADERS = $(GTEST_DIR)/include/gtest/*.h \
+                $(GTEST_DIR)/include/gtest/internal/*.h
+
+# House-keeping build targets.
+
+all : $(TESTS)
+
+clean :
+	rm -f $(TESTS) gtest.a gtest_main.a *.o
+
+# Builds gtest.a and gtest_main.a.
+
+# Usually you shouldn't tweak such internal variables, indicated by a
+# trailing _.
+GTEST_SRCS_ = $(GTEST_DIR)/src/*.cc $(GTEST_DIR)/src/*.h $(GTEST_HEADERS)
+
+# For simplicity and to avoid depending on Google Test's
+# implementation details, the dependencies specified below are
+# conservative and not optimized.  This is fine as Google Test
+# compiles fast and for ordinary users its source rarely changes.
+gtest-all.o : $(GTEST_SRCS_)
+	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) -c \
+            $(GTEST_DIR)/src/gtest-all.cc
+
+gtest_main.o : $(GTEST_SRCS_)
+	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) -c \
+            $(GTEST_DIR)/src/gtest_main.cc
+
+gtest.a : gtest-all.o
+	$(AR) $(ARFLAGS) $@ $^
+
+gtest_main.a : gtest-all.o gtest_main.o
+	$(AR) $(ARFLAGS) $@ $^
+
+# Builds a sample test.  A test should link with either gtest.a or
+# gtest_main.a, depending on whether it defines its own main()
+# function.
+
+sample1.o : $(USER_DIR)/sample1.cc $(USER_DIR)/sample1.h $(GTEST_HEADERS)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(USER_DIR)/sample1.cc
+
+sample1_unittest.o : $(USER_DIR)/sample1_unittest.cc \
+                     $(USER_DIR)/sample1.h $(GTEST_HEADERS)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(USER_DIR)/sample1_unittest.cc
+
+sample1_unittest : sample1.o sample1_unittest.o gtest_main.a
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -lpthread $^ -o $@
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest-md.sln b/nss/external_tests/google_test/gtest/msvc/gtest-md.sln
new file mode 100644
index 0000000..f7908da
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest-md.sln
@@ -0,0 +1,45 @@
+Microsoft Visual Studio Solution File, Format Version 8.00
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest-md", "gtest-md.vcproj", "{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_main-md", "gtest_main-md.vcproj", "{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_prod_test-md", "gtest_prod_test-md.vcproj", "{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_unittest-md", "gtest_unittest-md.vcproj", "{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfiguration) = preSolution
+		Debug = Debug
+		Release = Release
+	EndGlobalSection
+	GlobalSection(ProjectConfiguration) = postSolution
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Debug.ActiveCfg = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Debug.Build.0 = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Release.ActiveCfg = Release|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Release.Build.0 = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Debug.ActiveCfg = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Debug.Build.0 = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Release.ActiveCfg = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Release.Build.0 = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Debug.ActiveCfg = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Debug.Build.0 = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Release.ActiveCfg = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Release.Build.0 = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Debug.ActiveCfg = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Debug.Build.0 = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Release.ActiveCfg = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Release.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+	EndGlobalSection
+	GlobalSection(ExtensibilityAddIns) = postSolution
+	EndGlobalSection
+EndGlobal
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest-md.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest-md.vcproj
new file mode 100644
index 0000000..1c35c3a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest-md.vcproj
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest-md"
+	ProjectGUID="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtestd.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtest.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest-all.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest.sln b/nss/external_tests/google_test/gtest/msvc/gtest.sln
new file mode 100644
index 0000000..ef4b057
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest.sln
@@ -0,0 +1,45 @@
+Microsoft Visual Studio Solution File, Format Version 8.00
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest", "gtest.vcproj", "{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_main", "gtest_main.vcproj", "{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_unittest", "gtest_unittest.vcproj", "{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_prod_test", "gtest_prod_test.vcproj", "{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfiguration) = preSolution
+		Debug = Debug
+		Release = Release
+	EndGlobalSection
+	GlobalSection(ProjectConfiguration) = postSolution
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Debug.ActiveCfg = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Debug.Build.0 = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Release.ActiveCfg = Release|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Release.Build.0 = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Debug.ActiveCfg = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Debug.Build.0 = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Release.ActiveCfg = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Release.Build.0 = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Debug.ActiveCfg = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Debug.Build.0 = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Release.ActiveCfg = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Release.Build.0 = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Debug.ActiveCfg = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Debug.Build.0 = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Release.ActiveCfg = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Release.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+	EndGlobalSection
+	GlobalSection(ExtensibilityAddIns) = postSolution
+	EndGlobalSection
+EndGlobal
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest.vcproj
new file mode 100644
index 0000000..a8373ce
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest.vcproj
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest"
+	ProjectGUID="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtestd.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtest.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest-all.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest_main-md.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest_main-md.vcproj
new file mode 100644
index 0000000..b5379fe
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest_main-md.vcproj
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_main-md"
+	ProjectGUID="{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName)d.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName).lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}"
+			Name="gtest-md"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest_main.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest_main.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest_main.vcproj
new file mode 100644
index 0000000..e8b763c
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest_main.vcproj
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_main"
+	ProjectGUID="{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName)d.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName).lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}"
+			Name="gtest"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest_main.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest_prod_test-md.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
new file mode 100644
index 0000000..05b05d9
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_prod_test-md"
+	ProjectGUID="{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_prod_test.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+			Name="gtest_main-md"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_prod_test.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+			<File
+				RelativePath="..\test\production.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+			<File
+				RelativePath="..\test\production.h">
+			</File>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest_prod_test.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest_prod_test.vcproj
new file mode 100644
index 0000000..6d7a2f0
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest_prod_test.vcproj
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_prod_test"
+	ProjectGUID="{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_prod_test.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+			Name="gtest_main"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_prod_test.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+			<File
+				RelativePath="..\test\production.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+			<File
+				RelativePath="..\test\production.h">
+			</File>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest_unittest-md.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest_unittest-md.vcproj
new file mode 100644
index 0000000..38a5e56
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest_unittest-md.vcproj
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_unittest-md"
+	ProjectGUID="{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_unittest.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+			Name="gtest_main-md"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_unittest.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						Optimization="1"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						BasicRuntimeChecks="0"
+						UsePrecompiledHeader="0"
+						DebugInformationFormat="3"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/msvc/gtest_unittest.vcproj b/nss/external_tests/google_test/gtest/msvc/gtest_unittest.vcproj
new file mode 100644
index 0000000..cb1f52b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/msvc/gtest_unittest.vcproj
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_unittest"
+	ProjectGUID="{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_unittest.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+			Name="gtest_main"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_unittest.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						Optimization="1"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						BasicRuntimeChecks="0"
+						UsePrecompiledHeader="0"
+						DebugInformationFormat="3"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/external_tests/google_test/gtest/samples/prime_tables.h b/nss/external_tests/google_test/gtest/samples/prime_tables.h
new file mode 100644
index 0000000..92ce16a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/prime_tables.h
@@ -0,0 +1,123 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+// Author: vladl@google.com (Vlad Losev)
+
+// This provides interface PrimeTable that determines whether a number is a
+// prime and determines a next prime number. This interface is used
+// in Google Test samples demonstrating use of parameterized tests.
+
+#ifndef GTEST_SAMPLES_PRIME_TABLES_H_
+#define GTEST_SAMPLES_PRIME_TABLES_H_
+
+#include <algorithm>
+
+// The prime table interface.
+class PrimeTable {
+ public:
+  virtual ~PrimeTable() {}
+
+  // Returns true iff n is a prime number.
+  virtual bool IsPrime(int n) const = 0;
+
+  // Returns the smallest prime number greater than p; or returns -1
+  // if the next prime is beyond the capacity of the table.
+  virtual int GetNextPrime(int p) const = 0;
+};
+
+// Implementation #1 calculates the primes on-the-fly.
+class OnTheFlyPrimeTable : public PrimeTable {
+ public:
+  virtual bool IsPrime(int n) const {
+    if (n <= 1) return false;
+
+    for (int i = 2; i*i <= n; i++) {
+      // n is divisible by an integer other than 1 and itself.
+      if ((n % i) == 0) return false;
+    }
+
+    return true;
+  }
+
+  virtual int GetNextPrime(int p) const {
+    for (int n = p + 1; n > 0; n++) {
+      if (IsPrime(n)) return n;
+    }
+
+    return -1;
+  }
+};
+
+// Implementation #2 pre-calculates the primes and stores the result
+// in an array.
+class PreCalculatedPrimeTable : public PrimeTable {
+ public:
+  // 'max' specifies the maximum number the prime table holds.
+  explicit PreCalculatedPrimeTable(int max)
+      : is_prime_size_(max + 1), is_prime_(new bool[max + 1]) {
+    CalculatePrimesUpTo(max);
+  }
+  virtual ~PreCalculatedPrimeTable() { delete[] is_prime_; }
+
+  virtual bool IsPrime(int n) const {
+    return 0 <= n && n < is_prime_size_ && is_prime_[n];
+  }
+
+  virtual int GetNextPrime(int p) const {
+    for (int n = p + 1; n < is_prime_size_; n++) {
+      if (is_prime_[n]) return n;
+    }
+
+    return -1;
+  }
+
+ private:
+  void CalculatePrimesUpTo(int max) {
+    ::std::fill(is_prime_, is_prime_ + is_prime_size_, true);
+    is_prime_[0] = is_prime_[1] = false;
+
+    for (int i = 2; i <= max; i++) {
+      if (!is_prime_[i]) continue;
+
+      // Marks all multiples of i (except i itself) as non-prime.
+      for (int j = 2*i; j <= max; j += i) {
+        is_prime_[j] = false;
+      }
+    }
+  }
+
+  const int is_prime_size_;
+  bool* const is_prime_;
+
+  // Disables compiler warning "assignment operator could not be generated."
+  void operator=(const PreCalculatedPrimeTable& rhs);
+};
+
+#endif  // GTEST_SAMPLES_PRIME_TABLES_H_
diff --git a/nss/external_tests/google_test/gtest/samples/sample1.cc b/nss/external_tests/google_test/gtest/samples/sample1.cc
new file mode 100644
index 0000000..f171e26
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample1.cc
@@ -0,0 +1,68 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "sample1.h"
+
+// Returns n! (the factorial of n).  For negative n, n! is defined to be 1.
+int Factorial(int n) {
+  int result = 1;
+  for (int i = 1; i <= n; i++) {
+    result *= i;
+  }
+
+  return result;
+}
+
+// Returns true iff n is a prime number.
+bool IsPrime(int n) {
+  // Trivial case 1: small numbers
+  if (n <= 1) return false;
+
+  // Trivial case 2: even numbers
+  if (n % 2 == 0) return n == 2;
+
+  // Now, we have that n is odd and n >= 3.
+
+  // Try to divide n by every odd number i, starting from 3
+  for (int i = 3; ; i += 2) {
+    // We only have to try i up to the squre root of n
+    if (i > n/i) break;
+
+    // Now, we have i <= n/i < n.
+    // If n is divisible by i, n is not prime.
+    if (n % i == 0) return false;
+  }
+
+  // n has no integer factor in the range (1, n), and thus is prime.
+  return true;
+}
diff --git a/nss/external_tests/google_test/gtest/samples/sample1.h b/nss/external_tests/google_test/gtest/samples/sample1.h
new file mode 100644
index 0000000..3dfeb98
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample1.h
@@ -0,0 +1,43 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE1_H_
+#define GTEST_SAMPLES_SAMPLE1_H_
+
+// Returns n! (the factorial of n).  For negative n, n! is defined to be 1.
+int Factorial(int n);
+
+// Returns true iff n is a prime number.
+bool IsPrime(int n);
+
+#endif  // GTEST_SAMPLES_SAMPLE1_H_
diff --git a/nss/external_tests/google_test/gtest/samples/sample10_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample10_unittest.cc
new file mode 100644
index 0000000..0051cd5
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample10_unittest.cc
@@ -0,0 +1,144 @@
+// Copyright 2009 Google Inc. All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to use Google Test listener API to implement
+// a primitive leak checker.
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "gtest/gtest.h"
+
+using ::testing::EmptyTestEventListener;
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::TestCase;
+using ::testing::TestEventListeners;
+using ::testing::TestInfo;
+using ::testing::TestPartResult;
+using ::testing::UnitTest;
+
+namespace {
+
+// We will track memory used by this class.
+class Water {
+ public:
+  // Normal Water declarations go here.
+
+  // operator new and operator delete help us control water allocation.
+  void* operator new(size_t allocation_size) {
+    allocated_++;
+    return malloc(allocation_size);
+  }
+
+  void operator delete(void* block, size_t /* allocation_size */) {
+    allocated_--;
+    free(block);
+  }
+
+  static int allocated() { return allocated_; }
+
+ private:
+  static int allocated_;
+};
+
+int Water::allocated_ = 0;
+
+// This event listener monitors how many Water objects are created and
+// destroyed by each test, and reports a failure if a test leaks some Water
+// objects. It does this by comparing the number of live Water objects at
+// the beginning of a test and at the end of a test.
+class LeakChecker : public EmptyTestEventListener {
+ private:
+  // Called before a test starts.
+  virtual void OnTestStart(const TestInfo& /* test_info */) {
+    initially_allocated_ = Water::allocated();
+  }
+
+  // Called after a test ends.
+  virtual void OnTestEnd(const TestInfo& /* test_info */) {
+    int difference = Water::allocated() - initially_allocated_;
+
+    // You can generate a failure in any event handler except
+    // OnTestPartResult. Just use an appropriate Google Test assertion to do
+    // it.
+    EXPECT_LE(difference, 0) << "Leaked " << difference << " unit(s) of Water!";
+  }
+
+  int initially_allocated_;
+};
+
+TEST(ListenersTest, DoesNotLeak) {
+  Water* water = new Water;
+  delete water;
+}
+
+// This should fail when the --check_for_leaks command line flag is
+// specified.
+TEST(ListenersTest, LeaksWater) {
+  Water* water = new Water;
+  EXPECT_TRUE(water != NULL);
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  bool check_for_leaks = false;
+  if (argc > 1 && strcmp(argv[1], "--check_for_leaks") == 0 )
+    check_for_leaks = true;
+  else
+    printf("%s\n", "Run this program with --check_for_leaks to enable "
+           "custom leak checking in the tests.");
+
+  // If we are given the --check_for_leaks command line flag, installs the
+  // leak checker.
+  if (check_for_leaks) {
+    TestEventListeners& listeners = UnitTest::GetInstance()->listeners();
+
+    // Adds the leak checker to the end of the test event listener list,
+    // after the default text output printer and the default XML report
+    // generator.
+    //
+    // The order is important - it ensures that failures generated in the
+    // leak checker's OnTestEnd() method are processed by the text and XML
+    // printers *before* their OnTestEnd() methods are called, such that
+    // they are attributed to the right test. Remember that a listener
+    // receives an OnXyzStart event *after* listeners preceding it in the
+    // list received that event, and receives an OnXyzEnd event *before*
+    // listeners preceding it.
+    //
+    // We don't need to worry about deleting the new listener later, as
+    // Google Test will do it.
+    listeners.Append(new LeakChecker);
+  }
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/samples/sample1_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample1_unittest.cc
new file mode 100644
index 0000000..aefc4f1
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample1_unittest.cc
@@ -0,0 +1,153 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+
+// This sample shows how to write a simple unit test for a function,
+// using Google C++ testing framework.
+//
+// Writing a unit test using Google C++ testing framework is easy as 1-2-3:
+
+
+// Step 1. Include necessary header files such that the stuff your
+// test logic needs is declared.
+//
+// Don't forget gtest.h, which declares the testing framework.
+
+#include <limits.h>
+#include "sample1.h"
+#include "gtest/gtest.h"
+
+
+// Step 2. Use the TEST macro to define your tests.
+//
+// TEST has two parameters: the test case name and the test name.
+// After using the macro, you should define your test logic between a
+// pair of braces.  You can use a bunch of macros to indicate the
+// success or failure of a test.  EXPECT_TRUE and EXPECT_EQ are
+// examples of such macros.  For a complete list, see gtest.h.
+//
+// <TechnicalDetails>
+//
+// In Google Test, tests are grouped into test cases.  This is how we
+// keep test code organized.  You should put logically related tests
+// into the same test case.
+//
+// The test case name and the test name should both be valid C++
+// identifiers.  And you should not use underscore (_) in the names.
+//
+// Google Test guarantees that each test you define is run exactly
+// once, but it makes no guarantee on the order the tests are
+// executed.  Therefore, you should write your tests in such a way
+// that their results don't depend on their order.
+//
+// </TechnicalDetails>
+
+
+// Tests Factorial().
+
+// Tests factorial of negative numbers.
+TEST(FactorialTest, Negative) {
+  // This test is named "Negative", and belongs to the "FactorialTest"
+  // test case.
+  EXPECT_EQ(1, Factorial(-5));
+  EXPECT_EQ(1, Factorial(-1));
+  EXPECT_GT(Factorial(-10), 0);
+
+  // <TechnicalDetails>
+  //
+  // EXPECT_EQ(expected, actual) is the same as
+  //
+  //   EXPECT_TRUE((expected) == (actual))
+  //
+  // except that it will print both the expected value and the actual
+  // value when the assertion fails.  This is very helpful for
+  // debugging.  Therefore in this case EXPECT_EQ is preferred.
+  //
+  // On the other hand, EXPECT_TRUE accepts any Boolean expression,
+  // and is thus more general.
+  //
+  // </TechnicalDetails>
+}
+
+// Tests factorial of 0.
+TEST(FactorialTest, Zero) {
+  EXPECT_EQ(1, Factorial(0));
+}
+
+// Tests factorial of positive numbers.
+TEST(FactorialTest, Positive) {
+  EXPECT_EQ(1, Factorial(1));
+  EXPECT_EQ(2, Factorial(2));
+  EXPECT_EQ(6, Factorial(3));
+  EXPECT_EQ(40320, Factorial(8));
+}
+
+
+// Tests IsPrime()
+
+// Tests negative input.
+TEST(IsPrimeTest, Negative) {
+  // This test belongs to the IsPrimeTest test case.
+
+  EXPECT_FALSE(IsPrime(-1));
+  EXPECT_FALSE(IsPrime(-2));
+  EXPECT_FALSE(IsPrime(INT_MIN));
+}
+
+// Tests some trivial cases.
+TEST(IsPrimeTest, Trivial) {
+  EXPECT_FALSE(IsPrime(0));
+  EXPECT_FALSE(IsPrime(1));
+  EXPECT_TRUE(IsPrime(2));
+  EXPECT_TRUE(IsPrime(3));
+}
+
+// Tests positive input.
+TEST(IsPrimeTest, Positive) {
+  EXPECT_FALSE(IsPrime(4));
+  EXPECT_TRUE(IsPrime(5));
+  EXPECT_FALSE(IsPrime(6));
+  EXPECT_TRUE(IsPrime(23));
+}
+
+// Step 3. Call RUN_ALL_TESTS() in main().
+//
+// We do this by linking in src/gtest_main.cc file, which consists of
+// a main() function which calls RUN_ALL_TESTS() for us.
+//
+// This runs all the tests you've defined, prints the result, and
+// returns 0 if successful, or 1 otherwise.
+//
+// Did you notice that we didn't register the tests?  The
+// RUN_ALL_TESTS() macro magically knows about all the tests we
+// defined.  Isn't this convenient?
diff --git a/nss/external_tests/google_test/gtest/samples/sample2.cc b/nss/external_tests/google_test/gtest/samples/sample2.cc
new file mode 100644
index 0000000..5f763b9
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample2.cc
@@ -0,0 +1,56 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "sample2.h"
+
+#include <string.h>
+
+// Clones a 0-terminated C string, allocating memory using new.
+const char* MyString::CloneCString(const char* a_c_string) {
+  if (a_c_string == NULL) return NULL;
+
+  const size_t len = strlen(a_c_string);
+  char* const clone = new char[ len + 1 ];
+  memcpy(clone, a_c_string, len + 1);
+
+  return clone;
+}
+
+// Sets the 0-terminated C string this MyString object
+// represents.
+void MyString::Set(const char* a_c_string) {
+  // Makes sure this works when c_string == c_string_
+  const char* const temp = MyString::CloneCString(a_c_string);
+  delete[] c_string_;
+  c_string_ = temp;
+}
diff --git a/nss/external_tests/google_test/gtest/samples/sample2.h b/nss/external_tests/google_test/gtest/samples/sample2.h
new file mode 100644
index 0000000..cb485c7
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample2.h
@@ -0,0 +1,85 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE2_H_
+#define GTEST_SAMPLES_SAMPLE2_H_
+
+#include <string.h>
+
+
+// A simple string class.
+class MyString {
+ private:
+  const char* c_string_;
+  const MyString& operator=(const MyString& rhs);
+
+ public:
+  // Clones a 0-terminated C string, allocating memory using new.
+  static const char* CloneCString(const char* a_c_string);
+
+  ////////////////////////////////////////////////////////////
+  //
+  // C'tors
+
+  // The default c'tor constructs a NULL string.
+  MyString() : c_string_(NULL) {}
+
+  // Constructs a MyString by cloning a 0-terminated C string.
+  explicit MyString(const char* a_c_string) : c_string_(NULL) {
+    Set(a_c_string);
+  }
+
+  // Copy c'tor
+  MyString(const MyString& string) : c_string_(NULL) {
+    Set(string.c_string_);
+  }
+
+  ////////////////////////////////////////////////////////////
+  //
+  // D'tor.  MyString is intended to be a final class, so the d'tor
+  // doesn't need to be virtual.
+  ~MyString() { delete[] c_string_; }
+
+  // Gets the 0-terminated C string this MyString object represents.
+  const char* c_string() const { return c_string_; }
+
+  size_t Length() const {
+    return c_string_ == NULL ? 0 : strlen(c_string_);
+  }
+
+  // Sets the 0-terminated C string this MyString object represents.
+  void Set(const char* c_string);
+};
+
+
+#endif  // GTEST_SAMPLES_SAMPLE2_H_
diff --git a/nss/external_tests/google_test/gtest/samples/sample2_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample2_unittest.cc
new file mode 100644
index 0000000..4fa19b7
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample2_unittest.cc
@@ -0,0 +1,109 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+
+// This sample shows how to write a more complex unit test for a class
+// that has multiple member functions.
+//
+// Usually, it's a good idea to have one test for each method in your
+// class.  You don't have to do that exactly, but it helps to keep
+// your tests organized.  You may also throw in additional tests as
+// needed.
+
+#include "sample2.h"
+#include "gtest/gtest.h"
+
+// In this example, we test the MyString class (a simple string).
+
+// Tests the default c'tor.
+TEST(MyString, DefaultConstructor) {
+  const MyString s;
+
+  // Asserts that s.c_string() returns NULL.
+  //
+  // <TechnicalDetails>
+  //
+  // If we write NULL instead of
+  //
+  //   static_cast<const char *>(NULL)
+  //
+  // in this assertion, it will generate a warning on gcc 3.4.  The
+  // reason is that EXPECT_EQ needs to know the types of its
+  // arguments in order to print them when it fails.  Since NULL is
+  // #defined as 0, the compiler will use the formatter function for
+  // int to print it.  However, gcc thinks that NULL should be used as
+  // a pointer, not an int, and therefore complains.
+  //
+  // The root of the problem is C++'s lack of distinction between the
+  // integer number 0 and the null pointer constant.  Unfortunately,
+  // we have to live with this fact.
+  //
+  // </TechnicalDetails>
+  EXPECT_STREQ(NULL, s.c_string());
+
+  EXPECT_EQ(0u, s.Length());
+}
+
+const char kHelloString[] = "Hello, world!";
+
+// Tests the c'tor that accepts a C string.
+TEST(MyString, ConstructorFromCString) {
+  const MyString s(kHelloString);
+  EXPECT_EQ(0, strcmp(s.c_string(), kHelloString));
+  EXPECT_EQ(sizeof(kHelloString)/sizeof(kHelloString[0]) - 1,
+            s.Length());
+}
+
+// Tests the copy c'tor.
+TEST(MyString, CopyConstructor) {
+  const MyString s1(kHelloString);
+  const MyString s2 = s1;
+  EXPECT_EQ(0, strcmp(s2.c_string(), kHelloString));
+}
+
+// Tests the Set method.
+TEST(MyString, Set) {
+  MyString s;
+
+  s.Set(kHelloString);
+  EXPECT_EQ(0, strcmp(s.c_string(), kHelloString));
+
+  // Set should work when the input pointer is the same as the one
+  // already in the MyString object.
+  s.Set(s.c_string());
+  EXPECT_EQ(0, strcmp(s.c_string(), kHelloString));
+
+  // Can we set the MyString to NULL?
+  s.Set(NULL);
+  EXPECT_STREQ(NULL, s.c_string());
+}
diff --git a/nss/external_tests/google_test/gtest/samples/sample3-inl.h b/nss/external_tests/google_test/gtest/samples/sample3-inl.h
new file mode 100644
index 0000000..7e3084d
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample3-inl.h
@@ -0,0 +1,172 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE3_INL_H_
+#define GTEST_SAMPLES_SAMPLE3_INL_H_
+
+#include <stddef.h>
+
+
+// Queue is a simple queue implemented as a singled-linked list.
+//
+// The element type must support copy constructor.
+template <typename E>  // E is the element type
+class Queue;
+
+// QueueNode is a node in a Queue, which consists of an element of
+// type E and a pointer to the next node.
+template <typename E>  // E is the element type
+class QueueNode {
+  friend class Queue<E>;
+
+ public:
+  // Gets the element in this node.
+  const E& element() const { return element_; }
+
+  // Gets the next node in the queue.
+  QueueNode* next() { return next_; }
+  const QueueNode* next() const { return next_; }
+
+ private:
+  // Creates a node with a given element value.  The next pointer is
+  // set to NULL.
+  explicit QueueNode(const E& an_element) : element_(an_element), next_(NULL) {}
+
+  // We disable the default assignment operator and copy c'tor.
+  const QueueNode& operator = (const QueueNode&);
+  QueueNode(const QueueNode&);
+
+  E element_;
+  QueueNode* next_;
+};
+
+template <typename E>  // E is the element type.
+class Queue {
+ public:
+  // Creates an empty queue.
+  Queue() : head_(NULL), last_(NULL), size_(0) {}
+
+  // D'tor.  Clears the queue.
+  ~Queue() { Clear(); }
+
+  // Clears the queue.
+  void Clear() {
+    if (size_ > 0) {
+      // 1. Deletes every node.
+      QueueNode<E>* node = head_;
+      QueueNode<E>* next = node->next();
+      for (; ;) {
+        delete node;
+        node = next;
+        if (node == NULL) break;
+        next = node->next();
+      }
+
+      // 2. Resets the member variables.
+      head_ = last_ = NULL;
+      size_ = 0;
+    }
+  }
+
+  // Gets the number of elements.
+  size_t Size() const { return size_; }
+
+  // Gets the first element of the queue, or NULL if the queue is empty.
+  QueueNode<E>* Head() { return head_; }
+  const QueueNode<E>* Head() const { return head_; }
+
+  // Gets the last element of the queue, or NULL if the queue is empty.
+  QueueNode<E>* Last() { return last_; }
+  const QueueNode<E>* Last() const { return last_; }
+
+  // Adds an element to the end of the queue.  A copy of the element is
+  // created using the copy constructor, and then stored in the queue.
+  // Changes made to the element in the queue doesn't affect the source
+  // object, and vice versa.
+  void Enqueue(const E& element) {
+    QueueNode<E>* new_node = new QueueNode<E>(element);
+
+    if (size_ == 0) {
+      head_ = last_ = new_node;
+      size_ = 1;
+    } else {
+      last_->next_ = new_node;
+      last_ = new_node;
+      size_++;
+    }
+  }
+
+  // Removes the head of the queue and returns it.  Returns NULL if
+  // the queue is empty.
+  E* Dequeue() {
+    if (size_ == 0) {
+      return NULL;
+    }
+
+    const QueueNode<E>* const old_head = head_;
+    head_ = head_->next_;
+    size_--;
+    if (size_ == 0) {
+      last_ = NULL;
+    }
+
+    E* element = new E(old_head->element());
+    delete old_head;
+
+    return element;
+  }
+
+  // Applies a function/functor on each element of the queue, and
+  // returns the result in a new queue.  The original queue is not
+  // affected.
+  template <typename F>
+  Queue* Map(F function) const {
+    Queue* new_queue = new Queue();
+    for (const QueueNode<E>* node = head_; node != NULL; node = node->next_) {
+      new_queue->Enqueue(function(node->element()));
+    }
+
+    return new_queue;
+  }
+
+ private:
+  QueueNode<E>* head_;  // The first node of the queue.
+  QueueNode<E>* last_;  // The last node of the queue.
+  size_t size_;  // The number of elements in the queue.
+
+  // We disallow copying a queue.
+  Queue(const Queue&);
+  const Queue& operator = (const Queue&);
+};
+
+#endif  // GTEST_SAMPLES_SAMPLE3_INL_H_
diff --git a/nss/external_tests/google_test/gtest/samples/sample3_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample3_unittest.cc
new file mode 100644
index 0000000..bf3877d
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample3_unittest.cc
@@ -0,0 +1,151 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+
+// In this example, we use a more advanced feature of Google Test called
+// test fixture.
+//
+// A test fixture is a place to hold objects and functions shared by
+// all tests in a test case.  Using a test fixture avoids duplicating
+// the test code necessary to initialize and cleanup those common
+// objects for each test.  It is also useful for defining sub-routines
+// that your tests need to invoke a lot.
+//
+// <TechnicalDetails>
+//
+// The tests share the test fixture in the sense of code sharing, not
+// data sharing.  Each test is given its own fresh copy of the
+// fixture.  You cannot expect the data modified by one test to be
+// passed on to another test, which is a bad idea.
+//
+// The reason for this design is that tests should be independent and
+// repeatable.  In particular, a test should not fail as the result of
+// another test's failure.  If one test depends on info produced by
+// another test, then the two tests should really be one big test.
+//
+// The macros for indicating the success/failure of a test
+// (EXPECT_TRUE, FAIL, etc) need to know what the current test is
+// (when Google Test prints the test result, it tells you which test
+// each failure belongs to).  Technically, these macros invoke a
+// member function of the Test class.  Therefore, you cannot use them
+// in a global function.  That's why you should put test sub-routines
+// in a test fixture.
+//
+// </TechnicalDetails>
+
+#include "sample3-inl.h"
+#include "gtest/gtest.h"
+
+// To use a test fixture, derive a class from testing::Test.
+class QueueTest : public testing::Test {
+ protected:  // You should make the members protected s.t. they can be
+             // accessed from sub-classes.
+
+  // virtual void SetUp() will be called before each test is run.  You
+  // should define it if you need to initialize the varaibles.
+  // Otherwise, this can be skipped.
+  virtual void SetUp() {
+    q1_.Enqueue(1);
+    q2_.Enqueue(2);
+    q2_.Enqueue(3);
+  }
+
+  // virtual void TearDown() will be called after each test is run.
+  // You should define it if there is cleanup work to do.  Otherwise,
+  // you don't have to provide it.
+  //
+  // virtual void TearDown() {
+  // }
+
+  // A helper function that some test uses.
+  static int Double(int n) {
+    return 2*n;
+  }
+
+  // A helper function for testing Queue::Map().
+  void MapTester(const Queue<int> * q) {
+    // Creates a new queue, where each element is twice as big as the
+    // corresponding one in q.
+    const Queue<int> * const new_q = q->Map(Double);
+
+    // Verifies that the new queue has the same size as q.
+    ASSERT_EQ(q->Size(), new_q->Size());
+
+    // Verifies the relationship between the elements of the two queues.
+    for ( const QueueNode<int> * n1 = q->Head(), * n2 = new_q->Head();
+          n1 != NULL; n1 = n1->next(), n2 = n2->next() ) {
+      EXPECT_EQ(2 * n1->element(), n2->element());
+    }
+
+    delete new_q;
+  }
+
+  // Declares the variables your tests want to use.
+  Queue<int> q0_;
+  Queue<int> q1_;
+  Queue<int> q2_;
+};
+
+// When you have a test fixture, you define a test using TEST_F
+// instead of TEST.
+
+// Tests the default c'tor.
+TEST_F(QueueTest, DefaultConstructor) {
+  // You can access data in the test fixture here.
+  EXPECT_EQ(0u, q0_.Size());
+}
+
+// Tests Dequeue().
+TEST_F(QueueTest, Dequeue) {
+  int * n = q0_.Dequeue();
+  EXPECT_TRUE(n == NULL);
+
+  n = q1_.Dequeue();
+  ASSERT_TRUE(n != NULL);
+  EXPECT_EQ(1, *n);
+  EXPECT_EQ(0u, q1_.Size());
+  delete n;
+
+  n = q2_.Dequeue();
+  ASSERT_TRUE(n != NULL);
+  EXPECT_EQ(2, *n);
+  EXPECT_EQ(1u, q2_.Size());
+  delete n;
+}
+
+// Tests the Queue::Map() function.
+TEST_F(QueueTest, Map) {
+  MapTester(&q0_);
+  MapTester(&q1_);
+  MapTester(&q2_);
+}
diff --git a/nss/external_tests/google_test/gtest/samples/sample4.cc b/nss/external_tests/google_test/gtest/samples/sample4.cc
new file mode 100644
index 0000000..ae44bda
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample4.cc
@@ -0,0 +1,46 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include <stdio.h>
+
+#include "sample4.h"
+
+// Returns the current counter value, and increments it.
+int Counter::Increment() {
+  return counter_++;
+}
+
+// Prints the current counter value to STDOUT.
+void Counter::Print() const {
+  printf("%d", counter_);
+}
diff --git a/nss/external_tests/google_test/gtest/samples/sample4.h b/nss/external_tests/google_test/gtest/samples/sample4.h
new file mode 100644
index 0000000..cd60f0d
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample4.h
@@ -0,0 +1,53 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE4_H_
+#define GTEST_SAMPLES_SAMPLE4_H_
+
+// A simple monotonic counter.
+class Counter {
+ private:
+  int counter_;
+
+ public:
+  // Creates a counter that starts at 0.
+  Counter() : counter_(0) {}
+
+  // Returns the current counter value, and increments it.
+  int Increment();
+
+  // Prints the current counter value to STDOUT.
+  void Print() const;
+};
+
+#endif  // GTEST_SAMPLES_SAMPLE4_H_
diff --git a/nss/external_tests/google_test/gtest/samples/sample4_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample4_unittest.cc
new file mode 100644
index 0000000..fa5afc7
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample4_unittest.cc
@@ -0,0 +1,45 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+#include "sample4.h"
+
+// Tests the Increment() method.
+TEST(Counter, Increment) {
+  Counter c;
+
+  // EXPECT_EQ() evaluates its arguments exactly once, so they
+  // can have side effects.
+
+  EXPECT_EQ(0, c.Increment());
+  EXPECT_EQ(1, c.Increment());
+  EXPECT_EQ(2, c.Increment());
+}
diff --git a/nss/external_tests/google_test/gtest/samples/sample5_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample5_unittest.cc
new file mode 100644
index 0000000..43d8e57
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample5_unittest.cc
@@ -0,0 +1,199 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// This sample teaches how to reuse a test fixture in multiple test
+// cases by deriving sub-fixtures from it.
+//
+// When you define a test fixture, you specify the name of the test
+// case that will use this fixture.  Therefore, a test fixture can
+// be used by only one test case.
+//
+// Sometimes, more than one test cases may want to use the same or
+// slightly different test fixtures.  For example, you may want to
+// make sure that all tests for a GUI library don't leak important
+// system resources like fonts and brushes.  In Google Test, you do
+// this by putting the shared logic in a super (as in "super class")
+// test fixture, and then have each test case use a fixture derived
+// from this super fixture.
+
+#include <limits.h>
+#include <time.h>
+#include "sample3-inl.h"
+#include "gtest/gtest.h"
+#include "sample1.h"
+
+// In this sample, we want to ensure that every test finishes within
+// ~5 seconds.  If a test takes longer to run, we consider it a
+// failure.
+//
+// We put the code for timing a test in a test fixture called
+// "QuickTest".  QuickTest is intended to be the super fixture that
+// other fixtures derive from, therefore there is no test case with
+// the name "QuickTest".  This is OK.
+//
+// Later, we will derive multiple test fixtures from QuickTest.
+class QuickTest : public testing::Test {
+ protected:
+  // Remember that SetUp() is run immediately before a test starts.
+  // This is a good place to record the start time.
+  virtual void SetUp() {
+    start_time_ = time(NULL);
+  }
+
+  // TearDown() is invoked immediately after a test finishes.  Here we
+  // check if the test was too slow.
+  virtual void TearDown() {
+    // Gets the time when the test finishes
+    const time_t end_time = time(NULL);
+
+    // Asserts that the test took no more than ~5 seconds.  Did you
+    // know that you can use assertions in SetUp() and TearDown() as
+    // well?
+    EXPECT_TRUE(end_time - start_time_ <= 5) << "The test took too long.";
+  }
+
+  // The UTC time (in seconds) when the test starts
+  time_t start_time_;
+};
+
+
+// We derive a fixture named IntegerFunctionTest from the QuickTest
+// fixture.  All tests using this fixture will be automatically
+// required to be quick.
+class IntegerFunctionTest : public QuickTest {
+  // We don't need any more logic than already in the QuickTest fixture.
+  // Therefore the body is empty.
+};
+
+
+// Now we can write tests in the IntegerFunctionTest test case.
+
+// Tests Factorial()
+TEST_F(IntegerFunctionTest, Factorial) {
+  // Tests factorial of negative numbers.
+  EXPECT_EQ(1, Factorial(-5));
+  EXPECT_EQ(1, Factorial(-1));
+  EXPECT_GT(Factorial(-10), 0);
+
+  // Tests factorial of 0.
+  EXPECT_EQ(1, Factorial(0));
+
+  // Tests factorial of positive numbers.
+  EXPECT_EQ(1, Factorial(1));
+  EXPECT_EQ(2, Factorial(2));
+  EXPECT_EQ(6, Factorial(3));
+  EXPECT_EQ(40320, Factorial(8));
+}
+
+
+// Tests IsPrime()
+TEST_F(IntegerFunctionTest, IsPrime) {
+  // Tests negative input.
+  EXPECT_FALSE(IsPrime(-1));
+  EXPECT_FALSE(IsPrime(-2));
+  EXPECT_FALSE(IsPrime(INT_MIN));
+
+  // Tests some trivial cases.
+  EXPECT_FALSE(IsPrime(0));
+  EXPECT_FALSE(IsPrime(1));
+  EXPECT_TRUE(IsPrime(2));
+  EXPECT_TRUE(IsPrime(3));
+
+  // Tests positive input.
+  EXPECT_FALSE(IsPrime(4));
+  EXPECT_TRUE(IsPrime(5));
+  EXPECT_FALSE(IsPrime(6));
+  EXPECT_TRUE(IsPrime(23));
+}
+
+
+// The next test case (named "QueueTest") also needs to be quick, so
+// we derive another fixture from QuickTest.
+//
+// The QueueTest test fixture has some logic and shared objects in
+// addition to what's in QuickTest already.  We define the additional
+// stuff inside the body of the test fixture, as usual.
+class QueueTest : public QuickTest {
+ protected:
+  virtual void SetUp() {
+    // First, we need to set up the super fixture (QuickTest).
+    QuickTest::SetUp();
+
+    // Second, some additional setup for this fixture.
+    q1_.Enqueue(1);
+    q2_.Enqueue(2);
+    q2_.Enqueue(3);
+  }
+
+  // By default, TearDown() inherits the behavior of
+  // QuickTest::TearDown().  As we have no additional cleaning work
+  // for QueueTest, we omit it here.
+  //
+  // virtual void TearDown() {
+  //   QuickTest::TearDown();
+  // }
+
+  Queue<int> q0_;
+  Queue<int> q1_;
+  Queue<int> q2_;
+};
+
+
+// Now, let's write tests using the QueueTest fixture.
+
+// Tests the default constructor.
+TEST_F(QueueTest, DefaultConstructor) {
+  EXPECT_EQ(0u, q0_.Size());
+}
+
+// Tests Dequeue().
+TEST_F(QueueTest, Dequeue) {
+  int* n = q0_.Dequeue();
+  EXPECT_TRUE(n == NULL);
+
+  n = q1_.Dequeue();
+  EXPECT_TRUE(n != NULL);
+  EXPECT_EQ(1, *n);
+  EXPECT_EQ(0u, q1_.Size());
+  delete n;
+
+  n = q2_.Dequeue();
+  EXPECT_TRUE(n != NULL);
+  EXPECT_EQ(2, *n);
+  EXPECT_EQ(1u, q2_.Size());
+  delete n;
+}
+
+// If necessary, you can derive further test fixtures from a derived
+// fixture itself.  For example, you can derive another fixture from
+// QueueTest.  Google Test imposes no limit on how deep the hierarchy
+// can be.  In practice, however, you probably don't want it to be too
+// deep as to be confusing.
diff --git a/nss/external_tests/google_test/gtest/samples/sample6_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample6_unittest.cc
new file mode 100644
index 0000000..8f2036a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample6_unittest.cc
@@ -0,0 +1,224 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// This sample shows how to test common properties of multiple
+// implementations of the same interface (aka interface tests).
+
+// The interface and its implementations are in this header.
+#include "prime_tables.h"
+
+#include "gtest/gtest.h"
+
+// First, we define some factory functions for creating instances of
+// the implementations.  You may be able to skip this step if all your
+// implementations can be constructed the same way.
+
+template <class T>
+PrimeTable* CreatePrimeTable();
+
+template <>
+PrimeTable* CreatePrimeTable<OnTheFlyPrimeTable>() {
+  return new OnTheFlyPrimeTable;
+}
+
+template <>
+PrimeTable* CreatePrimeTable<PreCalculatedPrimeTable>() {
+  return new PreCalculatedPrimeTable(10000);
+}
+
+// Then we define a test fixture class template.
+template <class T>
+class PrimeTableTest : public testing::Test {
+ protected:
+  // The ctor calls the factory function to create a prime table
+  // implemented by T.
+  PrimeTableTest() : table_(CreatePrimeTable<T>()) {}
+
+  virtual ~PrimeTableTest() { delete table_; }
+
+  // Note that we test an implementation via the base interface
+  // instead of the actual implementation class.  This is important
+  // for keeping the tests close to the real world scenario, where the
+  // implementation is invoked via the base interface.  It avoids
+  // got-yas where the implementation class has a method that shadows
+  // a method with the same name (but slightly different argument
+  // types) in the base interface, for example.
+  PrimeTable* const table_;
+};
+
+#if GTEST_HAS_TYPED_TEST
+
+using testing::Types;
+
+// Google Test offers two ways for reusing tests for different types.
+// The first is called "typed tests".  You should use it if you
+// already know *all* the types you are gonna exercise when you write
+// the tests.
+
+// To write a typed test case, first use
+//
+//   TYPED_TEST_CASE(TestCaseName, TypeList);
+//
+// to declare it and specify the type parameters.  As with TEST_F,
+// TestCaseName must match the test fixture name.
+
+// The list of types we want to test.
+typedef Types<OnTheFlyPrimeTable, PreCalculatedPrimeTable> Implementations;
+
+TYPED_TEST_CASE(PrimeTableTest, Implementations);
+
+// Then use TYPED_TEST(TestCaseName, TestName) to define a typed test,
+// similar to TEST_F.
+TYPED_TEST(PrimeTableTest, ReturnsFalseForNonPrimes) {
+  // Inside the test body, you can refer to the type parameter by
+  // TypeParam, and refer to the fixture class by TestFixture.  We
+  // don't need them in this example.
+
+  // Since we are in the template world, C++ requires explicitly
+  // writing 'this->' when referring to members of the fixture class.
+  // This is something you have to learn to live with.
+  EXPECT_FALSE(this->table_->IsPrime(-5));
+  EXPECT_FALSE(this->table_->IsPrime(0));
+  EXPECT_FALSE(this->table_->IsPrime(1));
+  EXPECT_FALSE(this->table_->IsPrime(4));
+  EXPECT_FALSE(this->table_->IsPrime(6));
+  EXPECT_FALSE(this->table_->IsPrime(100));
+}
+
+TYPED_TEST(PrimeTableTest, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(this->table_->IsPrime(2));
+  EXPECT_TRUE(this->table_->IsPrime(3));
+  EXPECT_TRUE(this->table_->IsPrime(5));
+  EXPECT_TRUE(this->table_->IsPrime(7));
+  EXPECT_TRUE(this->table_->IsPrime(11));
+  EXPECT_TRUE(this->table_->IsPrime(131));
+}
+
+TYPED_TEST(PrimeTableTest, CanGetNextPrime) {
+  EXPECT_EQ(2, this->table_->GetNextPrime(0));
+  EXPECT_EQ(3, this->table_->GetNextPrime(2));
+  EXPECT_EQ(5, this->table_->GetNextPrime(3));
+  EXPECT_EQ(7, this->table_->GetNextPrime(5));
+  EXPECT_EQ(11, this->table_->GetNextPrime(7));
+  EXPECT_EQ(131, this->table_->GetNextPrime(128));
+}
+
+// That's it!  Google Test will repeat each TYPED_TEST for each type
+// in the type list specified in TYPED_TEST_CASE.  Sit back and be
+// happy that you don't have to define them multiple times.
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+#if GTEST_HAS_TYPED_TEST_P
+
+using testing::Types;
+
+// Sometimes, however, you don't yet know all the types that you want
+// to test when you write the tests.  For example, if you are the
+// author of an interface and expect other people to implement it, you
+// might want to write a set of tests to make sure each implementation
+// conforms to some basic requirements, but you don't know what
+// implementations will be written in the future.
+//
+// How can you write the tests without committing to the type
+// parameters?  That's what "type-parameterized tests" can do for you.
+// It is a bit more involved than typed tests, but in return you get a
+// test pattern that can be reused in many contexts, which is a big
+// win.  Here's how you do it:
+
+// First, define a test fixture class template.  Here we just reuse
+// the PrimeTableTest fixture defined earlier:
+
+template <class T>
+class PrimeTableTest2 : public PrimeTableTest<T> {
+};
+
+// Then, declare the test case.  The argument is the name of the test
+// fixture, and also the name of the test case (as usual).  The _P
+// suffix is for "parameterized" or "pattern".
+TYPED_TEST_CASE_P(PrimeTableTest2);
+
+// Next, use TYPED_TEST_P(TestCaseName, TestName) to define a test,
+// similar to what you do with TEST_F.
+TYPED_TEST_P(PrimeTableTest2, ReturnsFalseForNonPrimes) {
+  EXPECT_FALSE(this->table_->IsPrime(-5));
+  EXPECT_FALSE(this->table_->IsPrime(0));
+  EXPECT_FALSE(this->table_->IsPrime(1));
+  EXPECT_FALSE(this->table_->IsPrime(4));
+  EXPECT_FALSE(this->table_->IsPrime(6));
+  EXPECT_FALSE(this->table_->IsPrime(100));
+}
+
+TYPED_TEST_P(PrimeTableTest2, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(this->table_->IsPrime(2));
+  EXPECT_TRUE(this->table_->IsPrime(3));
+  EXPECT_TRUE(this->table_->IsPrime(5));
+  EXPECT_TRUE(this->table_->IsPrime(7));
+  EXPECT_TRUE(this->table_->IsPrime(11));
+  EXPECT_TRUE(this->table_->IsPrime(131));
+}
+
+TYPED_TEST_P(PrimeTableTest2, CanGetNextPrime) {
+  EXPECT_EQ(2, this->table_->GetNextPrime(0));
+  EXPECT_EQ(3, this->table_->GetNextPrime(2));
+  EXPECT_EQ(5, this->table_->GetNextPrime(3));
+  EXPECT_EQ(7, this->table_->GetNextPrime(5));
+  EXPECT_EQ(11, this->table_->GetNextPrime(7));
+  EXPECT_EQ(131, this->table_->GetNextPrime(128));
+}
+
+// Type-parameterized tests involve one extra step: you have to
+// enumerate the tests you defined:
+REGISTER_TYPED_TEST_CASE_P(
+    PrimeTableTest2,  // The first argument is the test case name.
+    // The rest of the arguments are the test names.
+    ReturnsFalseForNonPrimes, ReturnsTrueForPrimes, CanGetNextPrime);
+
+// At this point the test pattern is done.  However, you don't have
+// any real test yet as you haven't said which types you want to run
+// the tests with.
+
+// To turn the abstract test pattern into real tests, you instantiate
+// it with a list of types.  Usually the test pattern will be defined
+// in a .h file, and anyone can #include and instantiate it.  You can
+// even instantiate it more than once in the same program.  To tell
+// different instances apart, you give each of them a name, which will
+// become part of the test case name and can be used in test filters.
+
+// The list of types we want to test.  Note that it doesn't have to be
+// defined at the time we write the TYPED_TEST_P()s.
+typedef Types<OnTheFlyPrimeTable, PreCalculatedPrimeTable>
+    PrimeTableImplementations;
+INSTANTIATE_TYPED_TEST_CASE_P(OnTheFlyAndPreCalculated,    // Instance name
+                              PrimeTableTest2,             // Test case name
+                              PrimeTableImplementations);  // Type list
+
+#endif  // GTEST_HAS_TYPED_TEST_P
diff --git a/nss/external_tests/google_test/gtest/samples/sample7_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample7_unittest.cc
new file mode 100644
index 0000000..1b651a2
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample7_unittest.cc
@@ -0,0 +1,130 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to test common properties of multiple
+// implementations of an interface (aka interface tests) using
+// value-parameterized tests. Each test in the test case has
+// a parameter that is an interface pointer to an implementation
+// tested.
+
+// The interface and its implementations are in this header.
+#include "prime_tables.h"
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+using ::testing::TestWithParam;
+using ::testing::Values;
+
+// As a general rule, to prevent a test from affecting the tests that come
+// after it, you should create and destroy the tested objects for each test
+// instead of reusing them.  In this sample we will define a simple factory
+// function for PrimeTable objects.  We will instantiate objects in test's
+// SetUp() method and delete them in TearDown() method.
+typedef PrimeTable* CreatePrimeTableFunc();
+
+PrimeTable* CreateOnTheFlyPrimeTable() {
+  return new OnTheFlyPrimeTable();
+}
+
+template <size_t max_precalculated>
+PrimeTable* CreatePreCalculatedPrimeTable() {
+  return new PreCalculatedPrimeTable(max_precalculated);
+}
+
+// Inside the test body, fixture constructor, SetUp(), and TearDown() you
+// can refer to the test parameter by GetParam().  In this case, the test
+// parameter is a factory function which we call in fixture's SetUp() to
+// create and store an instance of PrimeTable.
+class PrimeTableTest : public TestWithParam<CreatePrimeTableFunc*> {
+ public:
+  virtual ~PrimeTableTest() { delete table_; }
+  virtual void SetUp() { table_ = (*GetParam())(); }
+  virtual void TearDown() {
+    delete table_;
+    table_ = NULL;
+  }
+
+ protected:
+  PrimeTable* table_;
+};
+
+TEST_P(PrimeTableTest, ReturnsFalseForNonPrimes) {
+  EXPECT_FALSE(table_->IsPrime(-5));
+  EXPECT_FALSE(table_->IsPrime(0));
+  EXPECT_FALSE(table_->IsPrime(1));
+  EXPECT_FALSE(table_->IsPrime(4));
+  EXPECT_FALSE(table_->IsPrime(6));
+  EXPECT_FALSE(table_->IsPrime(100));
+}
+
+TEST_P(PrimeTableTest, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(table_->IsPrime(2));
+  EXPECT_TRUE(table_->IsPrime(3));
+  EXPECT_TRUE(table_->IsPrime(5));
+  EXPECT_TRUE(table_->IsPrime(7));
+  EXPECT_TRUE(table_->IsPrime(11));
+  EXPECT_TRUE(table_->IsPrime(131));
+}
+
+TEST_P(PrimeTableTest, CanGetNextPrime) {
+  EXPECT_EQ(2, table_->GetNextPrime(0));
+  EXPECT_EQ(3, table_->GetNextPrime(2));
+  EXPECT_EQ(5, table_->GetNextPrime(3));
+  EXPECT_EQ(7, table_->GetNextPrime(5));
+  EXPECT_EQ(11, table_->GetNextPrime(7));
+  EXPECT_EQ(131, table_->GetNextPrime(128));
+}
+
+// In order to run value-parameterized tests, you need to instantiate them,
+// or bind them to a list of values which will be used as test parameters.
+// You can instantiate them in a different translation module, or even
+// instantiate them several times.
+//
+// Here, we instantiate our tests with a list of two PrimeTable object
+// factory functions:
+INSTANTIATE_TEST_CASE_P(
+    OnTheFlyAndPreCalculated,
+    PrimeTableTest,
+    Values(&CreateOnTheFlyPrimeTable, &CreatePreCalculatedPrimeTable<1000>));
+
+#else
+
+// Google Test may not support value-parameterized tests with some
+// compilers. If we use conditional compilation to compile out all
+// code referring to the gtest_main library, MSVC linker will not link
+// that library at all and consequently complain about missing entry
+// point defined in that library (fatal error LNK1561: entry point
+// must be defined). This dummy test keeps gtest_main linked in.
+TEST(DummyTest, ValueParameterizedTestsAreNotSupportedOnThisPlatform) {}
+
+#endif  // GTEST_HAS_PARAM_TEST
diff --git a/nss/external_tests/google_test/gtest/samples/sample8_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample8_unittest.cc
new file mode 100644
index 0000000..7274334
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample8_unittest.cc
@@ -0,0 +1,173 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to test code relying on some global flag variables.
+// Combine() helps with generating all possible combinations of such flags,
+// and each test is given one combination as a parameter.
+
+// Use class definitions to test from this header.
+#include "prime_tables.h"
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_COMBINE
+
+// Suppose we want to introduce a new, improved implementation of PrimeTable
+// which combines speed of PrecalcPrimeTable and versatility of
+// OnTheFlyPrimeTable (see prime_tables.h). Inside it instantiates both
+// PrecalcPrimeTable and OnTheFlyPrimeTable and uses the one that is more
+// appropriate under the circumstances. But in low memory conditions, it can be
+// told to instantiate without PrecalcPrimeTable instance at all and use only
+// OnTheFlyPrimeTable.
+class HybridPrimeTable : public PrimeTable {
+ public:
+  HybridPrimeTable(bool force_on_the_fly, int max_precalculated)
+      : on_the_fly_impl_(new OnTheFlyPrimeTable),
+        precalc_impl_(force_on_the_fly ? NULL :
+                          new PreCalculatedPrimeTable(max_precalculated)),
+        max_precalculated_(max_precalculated) {}
+  virtual ~HybridPrimeTable() {
+    delete on_the_fly_impl_;
+    delete precalc_impl_;
+  }
+
+  virtual bool IsPrime(int n) const {
+    if (precalc_impl_ != NULL && n < max_precalculated_)
+      return precalc_impl_->IsPrime(n);
+    else
+      return on_the_fly_impl_->IsPrime(n);
+  }
+
+  virtual int GetNextPrime(int p) const {
+    int next_prime = -1;
+    if (precalc_impl_ != NULL && p < max_precalculated_)
+      next_prime = precalc_impl_->GetNextPrime(p);
+
+    return next_prime != -1 ? next_prime : on_the_fly_impl_->GetNextPrime(p);
+  }
+
+ private:
+  OnTheFlyPrimeTable* on_the_fly_impl_;
+  PreCalculatedPrimeTable* precalc_impl_;
+  int max_precalculated_;
+};
+
+using ::testing::TestWithParam;
+using ::testing::Bool;
+using ::testing::Values;
+using ::testing::Combine;
+
+// To test all code paths for HybridPrimeTable we must test it with numbers
+// both within and outside PreCalculatedPrimeTable's capacity and also with
+// PreCalculatedPrimeTable disabled. We do this by defining fixture which will
+// accept different combinations of parameters for instantiating a
+// HybridPrimeTable instance.
+class PrimeTableTest : public TestWithParam< ::testing::tuple<bool, int> > {
+ protected:
+  virtual void SetUp() {
+    // This can be written as
+    //
+    // bool force_on_the_fly;
+    // int max_precalculated;
+    // tie(force_on_the_fly, max_precalculated) = GetParam();
+    //
+    // once the Google C++ Style Guide allows use of ::std::tr1::tie.
+    //
+    bool force_on_the_fly = ::testing::get<0>(GetParam());
+    int max_precalculated = ::testing::get<1>(GetParam());
+    table_ = new HybridPrimeTable(force_on_the_fly, max_precalculated);
+  }
+  virtual void TearDown() {
+    delete table_;
+    table_ = NULL;
+  }
+  HybridPrimeTable* table_;
+};
+
+TEST_P(PrimeTableTest, ReturnsFalseForNonPrimes) {
+  // Inside the test body, you can refer to the test parameter by GetParam().
+  // In this case, the test parameter is a PrimeTable interface pointer which
+  // we can use directly.
+  // Please note that you can also save it in the fixture's SetUp() method
+  // or constructor and use saved copy in the tests.
+
+  EXPECT_FALSE(table_->IsPrime(-5));
+  EXPECT_FALSE(table_->IsPrime(0));
+  EXPECT_FALSE(table_->IsPrime(1));
+  EXPECT_FALSE(table_->IsPrime(4));
+  EXPECT_FALSE(table_->IsPrime(6));
+  EXPECT_FALSE(table_->IsPrime(100));
+}
+
+TEST_P(PrimeTableTest, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(table_->IsPrime(2));
+  EXPECT_TRUE(table_->IsPrime(3));
+  EXPECT_TRUE(table_->IsPrime(5));
+  EXPECT_TRUE(table_->IsPrime(7));
+  EXPECT_TRUE(table_->IsPrime(11));
+  EXPECT_TRUE(table_->IsPrime(131));
+}
+
+TEST_P(PrimeTableTest, CanGetNextPrime) {
+  EXPECT_EQ(2, table_->GetNextPrime(0));
+  EXPECT_EQ(3, table_->GetNextPrime(2));
+  EXPECT_EQ(5, table_->GetNextPrime(3));
+  EXPECT_EQ(7, table_->GetNextPrime(5));
+  EXPECT_EQ(11, table_->GetNextPrime(7));
+  EXPECT_EQ(131, table_->GetNextPrime(128));
+}
+
+// In order to run value-parameterized tests, you need to instantiate them,
+// or bind them to a list of values which will be used as test parameters.
+// You can instantiate them in a different translation module, or even
+// instantiate them several times.
+//
+// Here, we instantiate our tests with a list of parameters. We must combine
+// all variations of the boolean flag suppressing PrecalcPrimeTable and some
+// meaningful values for tests. We choose a small value (1), and a value that
+// will put some of the tested numbers beyond the capability of the
+// PrecalcPrimeTable instance and some inside it (10). Combine will produce all
+// possible combinations.
+INSTANTIATE_TEST_CASE_P(MeaningfulTestParameters,
+                        PrimeTableTest,
+                        Combine(Bool(), Values(1, 10)));
+
+#else
+
+// Google Test may not support Combine() with some compilers. If we
+// use conditional compilation to compile out all code referring to
+// the gtest_main library, MSVC linker will not link that library at
+// all and consequently complain about missing entry point defined in
+// that library (fatal error LNK1561: entry point must be
+// defined). This dummy test keeps gtest_main linked in.
+TEST(DummyTest, CombineIsNotSupportedOnThisPlatform) {}
+
+#endif  // GTEST_HAS_COMBINE
diff --git a/nss/external_tests/google_test/gtest/samples/sample9_unittest.cc b/nss/external_tests/google_test/gtest/samples/sample9_unittest.cc
new file mode 100644
index 0000000..b2e2079
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/samples/sample9_unittest.cc
@@ -0,0 +1,160 @@
+// Copyright 2009 Google Inc. All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to use Google Test listener API to implement
+// an alternative console output and how to use the UnitTest reflection API
+// to enumerate test cases and tests and to inspect their results.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+using ::testing::EmptyTestEventListener;
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::TestCase;
+using ::testing::TestEventListeners;
+using ::testing::TestInfo;
+using ::testing::TestPartResult;
+using ::testing::UnitTest;
+
+namespace {
+
+// Provides alternative output mode which produces minimal amount of
+// information about tests.
+class TersePrinter : public EmptyTestEventListener {
+ private:
+  // Called before any test activity starts.
+  virtual void OnTestProgramStart(const UnitTest& /* unit_test */) {}
+
+  // Called after all test activities have ended.
+  virtual void OnTestProgramEnd(const UnitTest& unit_test) {
+    fprintf(stdout, "TEST %s\n", unit_test.Passed() ? "PASSED" : "FAILED");
+    fflush(stdout);
+  }
+
+  // Called before a test starts.
+  virtual void OnTestStart(const TestInfo& test_info) {
+    fprintf(stdout,
+            "*** Test %s.%s starting.\n",
+            test_info.test_case_name(),
+            test_info.name());
+    fflush(stdout);
+  }
+
+  // Called after a failed assertion or a SUCCEED() invocation.
+  virtual void OnTestPartResult(const TestPartResult& test_part_result) {
+    fprintf(stdout,
+            "%s in %s:%d\n%s\n",
+            test_part_result.failed() ? "*** Failure" : "Success",
+            test_part_result.file_name(),
+            test_part_result.line_number(),
+            test_part_result.summary());
+    fflush(stdout);
+  }
+
+  // Called after a test ends.
+  virtual void OnTestEnd(const TestInfo& test_info) {
+    fprintf(stdout,
+            "*** Test %s.%s ending.\n",
+            test_info.test_case_name(),
+            test_info.name());
+    fflush(stdout);
+  }
+};  // class TersePrinter
+
+TEST(CustomOutputTest, PrintsMessage) {
+  printf("Printing something from the test body...\n");
+}
+
+TEST(CustomOutputTest, Succeeds) {
+  SUCCEED() << "SUCCEED() has been invoked from here";
+}
+
+TEST(CustomOutputTest, Fails) {
+  EXPECT_EQ(1, 2)
+      << "This test fails in order to demonstrate alternative failure messages";
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  bool terse_output = false;
+  if (argc > 1 && strcmp(argv[1], "--terse_output") == 0 )
+    terse_output = true;
+  else
+    printf("%s\n", "Run this program with --terse_output to change the way "
+           "it prints its output.");
+
+  UnitTest& unit_test = *UnitTest::GetInstance();
+
+  // If we are given the --terse_output command line flag, suppresses the
+  // standard output and attaches own result printer.
+  if (terse_output) {
+    TestEventListeners& listeners = unit_test.listeners();
+
+    // Removes the default console output listener from the list so it will
+    // not receive events from Google Test and won't print any output. Since
+    // this operation transfers ownership of the listener to the caller we
+    // have to delete it as well.
+    delete listeners.Release(listeners.default_result_printer());
+
+    // Adds the custom output listener to the list. It will now receive
+    // events from Google Test and print the alternative output. We don't
+    // have to worry about deleting it since Google Test assumes ownership
+    // over it after adding it to the list.
+    listeners.Append(new TersePrinter);
+  }
+  int ret_val = RUN_ALL_TESTS();
+
+  // This is an example of using the UnitTest reflection API to inspect test
+  // results. Here we discount failures from the tests we expected to fail.
+  int unexpectedly_failed_tests = 0;
+  for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+    const TestCase& test_case = *unit_test.GetTestCase(i);
+    for (int j = 0; j < test_case.total_test_count(); ++j) {
+      const TestInfo& test_info = *test_case.GetTestInfo(j);
+      // Counts failed tests that were not meant to fail (those without
+      // 'Fails' in the name).
+      if (test_info.result()->Failed() &&
+          strcmp(test_info.name(), "Fails") != 0) {
+        unexpectedly_failed_tests++;
+      }
+    }
+  }
+
+  // Test that were meant to fail should not affect the test program outcome.
+  if (unexpectedly_failed_tests == 0)
+    ret_val = 0;
+
+  return ret_val;
+}
diff --git a/nss/external_tests/google_test/gtest/scripts/common.py b/nss/external_tests/google_test/gtest/scripts/common.py
new file mode 100644
index 0000000..3c0347a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/common.py
@@ -0,0 +1,83 @@
+# Copyright 2013 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Shared utilities for writing scripts for Google Test/Mock."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+
+import os
+import re
+
+
+# Matches the line from 'svn info .' output that describes what SVN
+# path the current local directory corresponds to.  For example, in
+# a googletest SVN workspace's trunk/test directory, the output will be:
+#
+# URL: https://googletest.googlecode.com/svn/trunk/test
+_SVN_INFO_URL_RE = re.compile(r'^URL: https://(\w+)\.googlecode\.com/svn(.*)')
+
+
+def GetCommandOutput(command):
+  """Runs the shell command and returns its stdout as a list of lines."""
+
+  f = os.popen(command, 'r')
+  lines = [line.strip() for line in f.readlines()]
+  f.close()
+  return lines
+
+
+def GetSvnInfo():
+  """Returns the project name and the current SVN workspace's root path."""
+
+  for line in GetCommandOutput('svn info .'):
+    m = _SVN_INFO_URL_RE.match(line)
+    if m:
+      project = m.group(1)  # googletest or googlemock
+      rel_path = m.group(2)
+      root = os.path.realpath(rel_path.count('/') * '../')
+      return project, root
+
+  return None, None
+
+
+def GetSvnTrunk():
+  """Returns the current SVN workspace's trunk root path."""
+
+  _, root = GetSvnInfo()
+  return root + '/trunk' if root else None
+
+
+def IsInGTestSvn():
+  project, _ = GetSvnInfo()
+  return project == 'googletest'
+
+
+def IsInGMockSvn():
+  project, _ = GetSvnInfo()
+  return project == 'googlemock'
diff --git a/nss/external_tests/google_test/gtest/scripts/fuse_gtest_files.py b/nss/external_tests/google_test/gtest/scripts/fuse_gtest_files.py
new file mode 100755
index 0000000..57ef72f
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/fuse_gtest_files.py
@@ -0,0 +1,250 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""fuse_gtest_files.py v0.2.0
+Fuses Google Test source code into a .h file and a .cc file.
+
+SYNOPSIS
+       fuse_gtest_files.py [GTEST_ROOT_DIR] OUTPUT_DIR
+
+       Scans GTEST_ROOT_DIR for Google Test source code, and generates
+       two files: OUTPUT_DIR/gtest/gtest.h and OUTPUT_DIR/gtest/gtest-all.cc.
+       Then you can build your tests by adding OUTPUT_DIR to the include
+       search path and linking with OUTPUT_DIR/gtest/gtest-all.cc.  These
+       two files contain everything you need to use Google Test.  Hence
+       you can "install" Google Test by copying them to wherever you want.
+
+       GTEST_ROOT_DIR can be omitted and defaults to the parent
+       directory of the directory holding this script.
+
+EXAMPLES
+       ./fuse_gtest_files.py fused_gtest
+       ./fuse_gtest_files.py path/to/unpacked/gtest fused_gtest
+
+This tool is experimental.  In particular, it assumes that there is no
+conditional inclusion of Google Test headers.  Please report any
+problems to googletestframework@googlegroups.com.  You can read
+http://code.google.com/p/googletest/wiki/GoogleTestAdvancedGuide for
+more information.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sets
+import sys
+
+# We assume that this file is in the scripts/ directory in the Google
+# Test root directory.
+DEFAULT_GTEST_ROOT_DIR = os.path.join(os.path.dirname(__file__), '..')
+
+# Regex for matching '#include "gtest/..."'.
+INCLUDE_GTEST_FILE_REGEX = re.compile(r'^\s*#\s*include\s*"(gtest/.+)"')
+
+# Regex for matching '#include "src/..."'.
+INCLUDE_SRC_FILE_REGEX = re.compile(r'^\s*#\s*include\s*"(src/.+)"')
+
+# Where to find the source seed files.
+GTEST_H_SEED = 'include/gtest/gtest.h'
+GTEST_SPI_H_SEED = 'include/gtest/gtest-spi.h'
+GTEST_ALL_CC_SEED = 'src/gtest-all.cc'
+
+# Where to put the generated files.
+GTEST_H_OUTPUT = 'gtest/gtest.h'
+GTEST_ALL_CC_OUTPUT = 'gtest/gtest-all.cc'
+
+
+def VerifyFileExists(directory, relative_path):
+  """Verifies that the given file exists; aborts on failure.
+
+  relative_path is the file path relative to the given directory.
+  """
+
+  if not os.path.isfile(os.path.join(directory, relative_path)):
+    print 'ERROR: Cannot find %s in directory %s.' % (relative_path,
+                                                      directory)
+    print ('Please either specify a valid project root directory '
+           'or omit it on the command line.')
+    sys.exit(1)
+
+
+def ValidateGTestRootDir(gtest_root):
+  """Makes sure gtest_root points to a valid gtest root directory.
+
+  The function aborts the program on failure.
+  """
+
+  VerifyFileExists(gtest_root, GTEST_H_SEED)
+  VerifyFileExists(gtest_root, GTEST_ALL_CC_SEED)
+
+
+def VerifyOutputFile(output_dir, relative_path):
+  """Verifies that the given output file path is valid.
+
+  relative_path is relative to the output_dir directory.
+  """
+
+  # Makes sure the output file either doesn't exist or can be overwritten.
+  output_file = os.path.join(output_dir, relative_path)
+  if os.path.exists(output_file):
+    # TODO(wan@google.com): The following user-interaction doesn't
+    # work with automated processes.  We should provide a way for the
+    # Makefile to force overwriting the files.
+    print ('%s already exists in directory %s - overwrite it? (y/N) ' %
+           (relative_path, output_dir))
+    answer = sys.stdin.readline().strip()
+    if answer not in ['y', 'Y']:
+      print 'ABORTED.'
+      sys.exit(1)
+
+  # Makes sure the directory holding the output file exists; creates
+  # it and all its ancestors if necessary.
+  parent_directory = os.path.dirname(output_file)
+  if not os.path.isdir(parent_directory):
+    os.makedirs(parent_directory)
+
+
+def ValidateOutputDir(output_dir):
+  """Makes sure output_dir points to a valid output directory.
+
+  The function aborts the program on failure.
+  """
+
+  VerifyOutputFile(output_dir, GTEST_H_OUTPUT)
+  VerifyOutputFile(output_dir, GTEST_ALL_CC_OUTPUT)
+
+
+def FuseGTestH(gtest_root, output_dir):
+  """Scans folder gtest_root to generate gtest/gtest.h in output_dir."""
+
+  output_file = file(os.path.join(output_dir, GTEST_H_OUTPUT), 'w')
+  processed_files = sets.Set()  # Holds all gtest headers we've processed.
+
+  def ProcessFile(gtest_header_path):
+    """Processes the given gtest header file."""
+
+    # We don't process the same header twice.
+    if gtest_header_path in processed_files:
+      return
+
+    processed_files.add(gtest_header_path)
+
+    # Reads each line in the given gtest header.
+    for line in file(os.path.join(gtest_root, gtest_header_path), 'r'):
+      m = INCLUDE_GTEST_FILE_REGEX.match(line)
+      if m:
+        # It's '#include "gtest/..."' - let's process it recursively.
+        ProcessFile('include/' + m.group(1))
+      else:
+        # Otherwise we copy the line unchanged to the output file.
+        output_file.write(line)
+
+  ProcessFile(GTEST_H_SEED)
+  output_file.close()
+
+
+def FuseGTestAllCcToFile(gtest_root, output_file):
+  """Scans folder gtest_root to generate gtest/gtest-all.cc in output_file."""
+
+  processed_files = sets.Set()
+
+  def ProcessFile(gtest_source_file):
+    """Processes the given gtest source file."""
+
+    # We don't process the same #included file twice.
+    if gtest_source_file in processed_files:
+      return
+
+    processed_files.add(gtest_source_file)
+
+    # Reads each line in the given gtest source file.
+    for line in file(os.path.join(gtest_root, gtest_source_file), 'r'):
+      m = INCLUDE_GTEST_FILE_REGEX.match(line)
+      if m:
+        if 'include/' + m.group(1) == GTEST_SPI_H_SEED:
+          # It's '#include "gtest/gtest-spi.h"'.  This file is not
+          # #included by "gtest/gtest.h", so we need to process it.
+          ProcessFile(GTEST_SPI_H_SEED)
+        else:
+          # It's '#include "gtest/foo.h"' where foo is not gtest-spi.
+          # We treat it as '#include "gtest/gtest.h"', as all other
+          # gtest headers are being fused into gtest.h and cannot be
+          # #included directly.
+
+          # There is no need to #include "gtest/gtest.h" more than once.
+          if not GTEST_H_SEED in processed_files:
+            processed_files.add(GTEST_H_SEED)
+            output_file.write('#include "%s"\n' % (GTEST_H_OUTPUT,))
+      else:
+        m = INCLUDE_SRC_FILE_REGEX.match(line)
+        if m:
+          # It's '#include "src/foo"' - let's process it recursively.
+          ProcessFile(m.group(1))
+        else:
+          output_file.write(line)
+
+  ProcessFile(GTEST_ALL_CC_SEED)
+
+
+def FuseGTestAllCc(gtest_root, output_dir):
+  """Scans folder gtest_root to generate gtest/gtest-all.cc in output_dir."""
+
+  output_file = file(os.path.join(output_dir, GTEST_ALL_CC_OUTPUT), 'w')
+  FuseGTestAllCcToFile(gtest_root, output_file)
+  output_file.close()
+
+
+def FuseGTest(gtest_root, output_dir):
+  """Fuses gtest.h and gtest-all.cc."""
+
+  ValidateGTestRootDir(gtest_root)
+  ValidateOutputDir(output_dir)
+
+  FuseGTestH(gtest_root, output_dir)
+  FuseGTestAllCc(gtest_root, output_dir)
+
+
+def main():
+  argc = len(sys.argv)
+  if argc == 2:
+    # fuse_gtest_files.py OUTPUT_DIR
+    FuseGTest(DEFAULT_GTEST_ROOT_DIR, sys.argv[1])
+  elif argc == 3:
+    # fuse_gtest_files.py GTEST_ROOT_DIR OUTPUT_DIR
+    FuseGTest(sys.argv[1], sys.argv[2])
+  else:
+    print __doc__
+    sys.exit(1)
+
+
+if __name__ == '__main__':
+  main()
diff --git a/nss/external_tests/google_test/gtest/scripts/gen_gtest_pred_impl.py b/nss/external_tests/google_test/gtest/scripts/gen_gtest_pred_impl.py
new file mode 100755
index 0000000..3e7ab04
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/gen_gtest_pred_impl.py
@@ -0,0 +1,730 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""gen_gtest_pred_impl.py v0.1
+
+Generates the implementation of Google Test predicate assertions and
+accompanying tests.
+
+Usage:
+
+  gen_gtest_pred_impl.py MAX_ARITY
+
+where MAX_ARITY is a positive integer.
+
+The command generates the implementation of up-to MAX_ARITY-ary
+predicate assertions, and writes it to file gtest_pred_impl.h in the
+directory where the script is.  It also generates the accompanying
+unit test in file gtest_pred_impl_unittest.cc.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import sys
+import time
+
+# Where this script is.
+SCRIPT_DIR = os.path.dirname(sys.argv[0])
+
+# Where to store the generated header.
+HEADER = os.path.join(SCRIPT_DIR, '../include/gtest/gtest_pred_impl.h')
+
+# Where to store the generated unit test.
+UNIT_TEST = os.path.join(SCRIPT_DIR, '../test/gtest_pred_impl_unittest.cc')
+
+
+def HeaderPreamble(n):
+  """Returns the preamble for the header file.
+
+  Args:
+    n:  the maximum arity of the predicate macros to be generated.
+  """
+
+  # A map that defines the values used in the preamble template.
+  DEFS = {
+    'today' : time.strftime('%m/%d/%Y'),
+    'year' : time.strftime('%Y'),
+    'command' : '%s %s' % (os.path.basename(sys.argv[0]), n),
+    'n' : n
+    }
+
+  return (
+"""// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on %(today)s by command
+// '%(command)s'.  DO NOT EDIT BY HAND!
+//
+// Implements a family of generic predicate assertion macros.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+
+// Makes sure this header is not included before gtest.h.
+#ifndef GTEST_INCLUDE_GTEST_GTEST_H_
+# error Do not include gtest_pred_impl.h directly.  Include gtest.h instead.
+#endif  // GTEST_INCLUDE_GTEST_GTEST_H_
+
+// This header implements a family of generic predicate assertion
+// macros:
+//
+//   ASSERT_PRED_FORMAT1(pred_format, v1)
+//   ASSERT_PRED_FORMAT2(pred_format, v1, v2)
+//   ...
+//
+// where pred_format is a function or functor that takes n (in the
+// case of ASSERT_PRED_FORMATn) values and their source expression
+// text, and returns a testing::AssertionResult.  See the definition
+// of ASSERT_EQ in gtest.h for an example.
+//
+// If you don't care about formatting, you can use the more
+// restrictive version:
+//
+//   ASSERT_PRED1(pred, v1)
+//   ASSERT_PRED2(pred, v1, v2)
+//   ...
+//
+// where pred is an n-ary function or functor that returns bool,
+// and the values v1, v2, ..., must support the << operator for
+// streaming to std::ostream.
+//
+// We also define the EXPECT_* variations.
+//
+// For now we only support predicates whose arity is at most %(n)s.
+// Please email googletestframework@googlegroups.com if you need
+// support for higher arities.
+
+// GTEST_ASSERT_ is the basic statement to which all of the assertions
+// in this file reduce.  Don't use this in your code.
+
+#define GTEST_ASSERT_(expression, on_failure) \\
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \\
+  if (const ::testing::AssertionResult gtest_ar = (expression)) \\
+    ; \\
+  else \\
+    on_failure(gtest_ar.failure_message())
+""" % DEFS)
+
+
+def Arity(n):
+  """Returns the English name of the given arity."""
+
+  if n < 0:
+    return None
+  elif n <= 3:
+    return ['nullary', 'unary', 'binary', 'ternary'][n]
+  else:
+    return '%s-ary' % n
+
+
+def Title(word):
+  """Returns the given word in title case.  The difference between
+  this and string's title() method is that Title('4-ary') is '4-ary'
+  while '4-ary'.title() is '4-Ary'."""
+
+  return word[0].upper() + word[1:]
+
+
+def OneTo(n):
+  """Returns the list [1, 2, 3, ..., n]."""
+
+  return range(1, n + 1)
+
+
+def Iter(n, format, sep=''):
+  """Given a positive integer n, a format string that contains 0 or
+  more '%s' format specs, and optionally a separator string, returns
+  the join of n strings, each formatted with the format string on an
+  iterator ranged from 1 to n.
+
+  Example:
+
+  Iter(3, 'v%s', sep=', ') returns 'v1, v2, v3'.
+  """
+
+  # How many '%s' specs are in format?
+  spec_count = len(format.split('%s')) - 1
+  return sep.join([format % (spec_count * (i,)) for i in OneTo(n)])
+
+
+def ImplementationForArity(n):
+  """Returns the implementation of n-ary predicate assertions."""
+
+  # A map the defines the values used in the implementation template.
+  DEFS = {
+    'n' : str(n),
+    'vs' : Iter(n, 'v%s', sep=', '),
+    'vts' : Iter(n, '#v%s', sep=', '),
+    'arity' : Arity(n),
+    'Arity' : Title(Arity(n))
+    }
+
+  impl = """
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED%(n)s.  Don't use
+// this in your code.
+template <typename Pred""" % DEFS
+
+  impl += Iter(n, """,
+          typename T%s""")
+
+  impl += """>
+AssertionResult AssertPred%(n)sHelper(const char* pred_text""" % DEFS
+
+  impl += Iter(n, """,
+                                  const char* e%s""")
+
+  impl += """,
+                                  Pred pred"""
+
+  impl += Iter(n, """,
+                                  const T%s& v%s""")
+
+  impl += """) {
+  if (pred(%(vs)s)) return AssertionSuccess();
+
+""" % DEFS
+
+  impl += '  return AssertionFailure() << pred_text << "("'
+
+  impl += Iter(n, """
+                            << e%s""", sep=' << ", "')
+
+  impl += ' << ") evaluates to false, where"'
+
+  impl += Iter(n, """
+                            << "\\n" << e%s << " evaluates to " << v%s""")
+
+  impl += """;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT%(n)s.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT%(n)s_(pred_format, %(vs)s, on_failure)\\
+  GTEST_ASSERT_(pred_format(%(vts)s, %(vs)s), \\
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED%(n)s.  Don't use
+// this in your code.
+#define GTEST_PRED%(n)s_(pred, %(vs)s, on_failure)\\
+  GTEST_ASSERT_(::testing::AssertPred%(n)sHelper(#pred""" % DEFS
+
+  impl += Iter(n, """, \\
+                                             #v%s""")
+
+  impl += """, \\
+                                             pred"""
+
+  impl += Iter(n, """, \\
+                                             v%s""")
+
+  impl += """), on_failure)
+
+// %(Arity)s predicate assertion macros.
+#define EXPECT_PRED_FORMAT%(n)s(pred_format, %(vs)s) \\
+  GTEST_PRED_FORMAT%(n)s_(pred_format, %(vs)s, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED%(n)s(pred, %(vs)s) \\
+  GTEST_PRED%(n)s_(pred, %(vs)s, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT%(n)s(pred_format, %(vs)s) \\
+  GTEST_PRED_FORMAT%(n)s_(pred_format, %(vs)s, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED%(n)s(pred, %(vs)s) \\
+  GTEST_PRED%(n)s_(pred, %(vs)s, GTEST_FATAL_FAILURE_)
+
+""" % DEFS
+
+  return impl
+
+
+def HeaderPostamble():
+  """Returns the postamble for the header file."""
+
+  return """
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+"""
+
+
+def GenerateFile(path, content):
+  """Given a file path and a content string, overwrites it with the
+  given content."""
+
+  print 'Updating file %s . . .' % path
+
+  f = file(path, 'w+')
+  print >>f, content,
+  f.close()
+
+  print 'File %s has been updated.' % path
+
+
+def GenerateHeader(n):
+  """Given the maximum arity n, updates the header file that implements
+  the predicate assertions."""
+
+  GenerateFile(HEADER,
+               HeaderPreamble(n)
+               + ''.join([ImplementationForArity(i) for i in OneTo(n)])
+               + HeaderPostamble())
+
+
+def UnitTestPreamble():
+  """Returns the preamble for the unit test file."""
+
+  # A map that defines the values used in the preamble template.
+  DEFS = {
+    'today' : time.strftime('%m/%d/%Y'),
+    'year' : time.strftime('%Y'),
+    'command' : '%s %s' % (os.path.basename(sys.argv[0]), sys.argv[1]),
+    }
+
+  return (
+"""// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on %(today)s by command
+// '%(command)s'.  DO NOT EDIT BY HAND!
+
+// Regression test for gtest_pred_impl.h
+//
+// This file is generated by a script and quite long.  If you intend to
+// learn how Google Test works by reading its unit tests, read
+// gtest_unittest.cc instead.
+//
+// This is intended as a regression test for the Google Test predicate
+// assertions.  We compile it as part of the gtest_unittest target
+// only to keep the implementation tidy and compact, as it is quite
+// involved to set up the stage for testing Google Test using Google
+// Test itself.
+//
+// Currently, gtest_unittest takes ~11 seconds to run in the testing
+// daemon.  In the future, if it grows too large and needs much more
+// time to finish, we should consider separating this file into a
+// stand-alone regression test.
+
+#include <iostream>
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+// A user-defined data type.
+struct Bool {
+  explicit Bool(int val) : value(val != 0) {}
+
+  bool operator>(int n) const { return value > Bool(n).value; }
+
+  Bool operator+(const Bool& rhs) const { return Bool(value + rhs.value); }
+
+  bool operator==(const Bool& rhs) const { return value == rhs.value; }
+
+  bool value;
+};
+
+// Enables Bool to be used in assertions.
+std::ostream& operator<<(std::ostream& os, const Bool& x) {
+  return os << (x.value ? "true" : "false");
+}
+
+""" % DEFS)
+
+
+def TestsForArity(n):
+  """Returns the tests for n-ary predicate assertions."""
+
+  # A map that defines the values used in the template for the tests.
+  DEFS = {
+    'n' : n,
+    'es' : Iter(n, 'e%s', sep=', '),
+    'vs' : Iter(n, 'v%s', sep=', '),
+    'vts' : Iter(n, '#v%s', sep=', '),
+    'tvs' : Iter(n, 'T%s v%s', sep=', '),
+    'int_vs' : Iter(n, 'int v%s', sep=', '),
+    'Bool_vs' : Iter(n, 'Bool v%s', sep=', '),
+    'types' : Iter(n, 'typename T%s', sep=', '),
+    'v_sum' : Iter(n, 'v%s', sep=' + '),
+    'arity' : Arity(n),
+    'Arity' : Title(Arity(n)),
+    }
+
+  tests = (
+"""// Sample functions/functors for testing %(arity)s predicate assertions.
+
+// A %(arity)s predicate function.
+template <%(types)s>
+bool PredFunction%(n)s(%(tvs)s) {
+  return %(v_sum)s > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction%(n)sInt(%(int_vs)s) {
+  return %(v_sum)s > 0;
+}
+bool PredFunction%(n)sBool(%(Bool_vs)s) {
+  return %(v_sum)s > 0;
+}
+""" % DEFS)
+
+  tests += """
+// A %(arity)s predicate functor.
+struct PredFunctor%(n)s {
+  template <%(types)s>
+  bool operator()(""" % DEFS
+
+  tests += Iter(n, 'const T%s& v%s', sep=""",
+                  """)
+
+  tests += """) {
+    return %(v_sum)s > 0;
+  }
+};
+""" % DEFS
+
+  tests += """
+// A %(arity)s predicate-formatter function.
+template <%(types)s>
+testing::AssertionResult PredFormatFunction%(n)s(""" % DEFS
+
+  tests += Iter(n, 'const char* e%s', sep=""",
+                                             """)
+
+  tests += Iter(n, """,
+                                             const T%s& v%s""")
+
+  tests += """) {
+  if (PredFunction%(n)s(%(vs)s))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << """ % DEFS
+
+  tests += Iter(n, 'e%s', sep=' << " + " << ')
+
+  tests += """
+      << " is expected to be positive, but evaluates to "
+      << %(v_sum)s << ".";
+}
+""" % DEFS
+
+  tests += """
+// A %(arity)s predicate-formatter functor.
+struct PredFormatFunctor%(n)s {
+  template <%(types)s>
+  testing::AssertionResult operator()(""" % DEFS
+
+  tests += Iter(n, 'const char* e%s', sep=""",
+                                      """)
+
+  tests += Iter(n, """,
+                                      const T%s& v%s""")
+
+  tests += """) const {
+    return PredFormatFunction%(n)s(%(es)s, %(vs)s);
+  }
+};
+""" % DEFS
+
+  tests += """
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT%(n)s.
+
+class Predicate%(n)sTest : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;""" % DEFS
+
+  tests += """
+    """ + Iter(n, 'n%s_ = ') + """0;
+  }
+"""
+
+  tests += """
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once."""
+
+  tests += ''.join(["""
+    EXPECT_EQ(1, n%s_) <<
+        "The predicate assertion didn't evaluate argument %s "
+        "exactly once.";""" % (i, i + 1) for i in OneTo(n)])
+
+  tests += """
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+""" % DEFS
+
+  tests += Iter(n, """
+  static int n%s_;""")
+
+  tests += """
+};
+
+bool Predicate%(n)sTest::expected_to_finish_;
+bool Predicate%(n)sTest::finished_;
+""" % DEFS
+
+  tests += Iter(n, """int Predicate%%(n)sTest::n%s_;
+""") % DEFS
+
+  tests += """
+typedef Predicate%(n)sTest EXPECT_PRED_FORMAT%(n)sTest;
+typedef Predicate%(n)sTest ASSERT_PRED_FORMAT%(n)sTest;
+typedef Predicate%(n)sTest EXPECT_PRED%(n)sTest;
+typedef Predicate%(n)sTest ASSERT_PRED%(n)sTest;
+""" % DEFS
+
+  def GenTest(use_format, use_assert, expect_failure,
+              use_functor, use_user_type):
+    """Returns the test for a predicate assertion macro.
+
+    Args:
+      use_format:     true iff the assertion is a *_PRED_FORMAT*.
+      use_assert:     true iff the assertion is a ASSERT_*.
+      expect_failure: true iff the assertion is expected to fail.
+      use_functor:    true iff the first argument of the assertion is
+                      a functor (as opposed to a function)
+      use_user_type:  true iff the predicate functor/function takes
+                      argument(s) of a user-defined type.
+
+    Example:
+
+      GenTest(1, 0, 0, 1, 0) returns a test that tests the behavior
+      of a successful EXPECT_PRED_FORMATn() that takes a functor
+      whose arguments have built-in types."""
+
+    if use_assert:
+      assrt = 'ASSERT'  # 'assert' is reserved, so we cannot use
+                        # that identifier here.
+    else:
+      assrt = 'EXPECT'
+
+    assertion = assrt + '_PRED'
+
+    if use_format:
+      pred_format = 'PredFormat'
+      assertion += '_FORMAT'
+    else:
+      pred_format = 'Pred'
+
+    assertion += '%(n)s' % DEFS
+
+    if use_functor:
+      pred_format_type = 'functor'
+      pred_format += 'Functor%(n)s()'
+    else:
+      pred_format_type = 'function'
+      pred_format += 'Function%(n)s'
+      if not use_format:
+        if use_user_type:
+          pred_format += 'Bool'
+        else:
+          pred_format += 'Int'
+
+    test_name = pred_format_type.title()
+
+    if use_user_type:
+      arg_type = 'user-defined type (Bool)'
+      test_name += 'OnUserType'
+      if expect_failure:
+        arg = 'Bool(n%s_++)'
+      else:
+        arg = 'Bool(++n%s_)'
+    else:
+      arg_type = 'built-in type (int)'
+      test_name += 'OnBuiltInType'
+      if expect_failure:
+        arg = 'n%s_++'
+      else:
+        arg = '++n%s_'
+
+    if expect_failure:
+      successful_or_failed = 'failed'
+      expected_or_not = 'expected.'
+      test_name +=  'Failure'
+    else:
+      successful_or_failed = 'successful'
+      expected_or_not = 'UNEXPECTED!'
+      test_name +=  'Success'
+
+    # A map that defines the values used in the test template.
+    defs = DEFS.copy()
+    defs.update({
+      'assert' : assrt,
+      'assertion' : assertion,
+      'test_name' : test_name,
+      'pf_type' : pred_format_type,
+      'pf' : pred_format,
+      'arg_type' : arg_type,
+      'arg' : arg,
+      'successful' : successful_or_failed,
+      'expected' : expected_or_not,
+      })
+
+    test = """
+// Tests a %(successful)s %(assertion)s where the
+// predicate-formatter is a %(pf_type)s on a %(arg_type)s.
+TEST_F(%(assertion)sTest, %(test_name)s) {""" % defs
+
+    indent = (len(assertion) + 3)*' '
+    extra_indent = ''
+
+    if expect_failure:
+      extra_indent = '  '
+      if use_assert:
+        test += """
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT"""
+      else:
+        test += """
+  EXPECT_NONFATAL_FAILURE({  // NOLINT"""
+
+    test += '\n' + extra_indent + """  %(assertion)s(%(pf)s""" % defs
+
+    test = test % defs
+    test += Iter(n, ',\n' + indent + extra_indent + '%(arg)s' % defs)
+    test += ');\n' + extra_indent + '  finished_ = true;\n'
+
+    if expect_failure:
+      test += '  }, "");\n'
+
+    test += '}\n'
+    return test
+
+  # Generates tests for all 2**6 = 64 combinations.
+  tests += ''.join([GenTest(use_format, use_assert, expect_failure,
+                            use_functor, use_user_type)
+                    for use_format in [0, 1]
+                    for use_assert in [0, 1]
+                    for expect_failure in [0, 1]
+                    for use_functor in [0, 1]
+                    for use_user_type in [0, 1]
+                    ])
+
+  return tests
+
+
+def UnitTestPostamble():
+  """Returns the postamble for the tests."""
+
+  return ''
+
+
+def GenerateUnitTest(n):
+  """Returns the tests for up-to n-ary predicate assertions."""
+
+  GenerateFile(UNIT_TEST,
+               UnitTestPreamble()
+               + ''.join([TestsForArity(i) for i in OneTo(n)])
+               + UnitTestPostamble())
+
+
+def _Main():
+  """The entry point of the script.  Generates the header file and its
+  unit test."""
+
+  if len(sys.argv) != 2:
+    print __doc__
+    print 'Author: ' + __author__
+    sys.exit(1)
+
+  n = int(sys.argv[1])
+  GenerateHeader(n)
+  GenerateUnitTest(n)
+
+
+if __name__ == '__main__':
+  _Main()
diff --git a/nss/external_tests/google_test/gtest/scripts/gtest-config.in b/nss/external_tests/google_test/gtest/scripts/gtest-config.in
new file mode 100755
index 0000000..780f843
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/gtest-config.in
@@ -0,0 +1,274 @@
+#!/bin/sh
+
+# These variables are automatically filled in by the configure script.
+name="@PACKAGE_TARNAME@"
+version="@PACKAGE_VERSION@"
+
+show_usage()
+{
+  echo "Usage: gtest-config [OPTIONS...]"
+}
+
+show_help()
+{
+  show_usage
+  cat <<\EOF
+
+The `gtest-config' script provides access to the necessary compile and linking
+flags to connect with Google C++ Testing Framework, both in a build prior to
+installation, and on the system proper after installation. The installation
+overrides may be issued in combination with any other queries, but will only
+affect installation queries if called on a built but not installed gtest. The
+installation queries may not be issued with any other types of queries, and
+only one installation query may be made at a time. The version queries and
+compiler flag queries may be combined as desired but not mixed. Different
+version queries are always combined with logical "and" semantics, and only the
+last of any particular query is used while all previous ones ignored. All
+versions must be specified as a sequence of numbers separated by periods.
+Compiler flag queries output the union of the sets of flags when combined.
+
+ Examples:
+  gtest-config --min-version=1.0 || echo "Insufficient Google Test version."
+
+  g++ $(gtest-config --cppflags --cxxflags) -o foo.o -c foo.cpp
+  g++ $(gtest-config --ldflags --libs) -o foo foo.o
+
+  # When using a built but not installed Google Test:
+  g++ $(../../my_gtest_build/scripts/gtest-config ...) ...
+
+  # When using an installed Google Test, but with installation overrides:
+  export GTEST_PREFIX="/opt"
+  g++ $(gtest-config --libdir="/opt/lib64" ...) ...
+
+ Help:
+  --usage                    brief usage information
+  --help                     display this help message
+
+ Installation Overrides:
+  --prefix=<dir>             overrides the installation prefix
+  --exec-prefix=<dir>        overrides the executable installation prefix
+  --libdir=<dir>             overrides the library installation prefix
+  --includedir=<dir>         overrides the header file installation prefix
+
+ Installation Queries:
+  --prefix                   installation prefix
+  --exec-prefix              executable installation prefix
+  --libdir                   library installation directory
+  --includedir               header file installation directory
+  --version                  the version of the Google Test installation
+
+ Version Queries:
+  --min-version=VERSION      return 0 if the version is at least VERSION
+  --exact-version=VERSION    return 0 if the version is exactly VERSION
+  --max-version=VERSION      return 0 if the version is at most VERSION
+
+ Compilation Flag Queries:
+  --cppflags                 compile flags specific to the C-like preprocessors
+  --cxxflags                 compile flags appropriate for C++ programs
+  --ldflags                  linker flags
+  --libs                     libraries for linking
+
+EOF
+}
+
+# This function bounds our version with a min and a max. It uses some clever
+# POSIX-compliant variable expansion to portably do all the work in the shell
+# and avoid any dependency on a particular "sed" or "awk" implementation.
+# Notable is that it will only ever compare the first 3 components of versions.
+# Further components will be cleanly stripped off. All versions must be
+# unadorned, so "v1.0" will *not* work. The minimum version must be in $1, and
+# the max in $2. TODO(chandlerc@google.com): If this ever breaks, we should
+# investigate expanding this via autom4te from AS_VERSION_COMPARE rather than
+# continuing to maintain our own shell version.
+check_versions()
+{
+  major_version=${version%%.*}
+  minor_version="0"
+  point_version="0"
+  if test "${version#*.}" != "${version}"; then
+    minor_version=${version#*.}
+    minor_version=${minor_version%%.*}
+  fi
+  if test "${version#*.*.}" != "${version}"; then
+    point_version=${version#*.*.}
+    point_version=${point_version%%.*}
+  fi
+
+  min_version="$1"
+  min_major_version=${min_version%%.*}
+  min_minor_version="0"
+  min_point_version="0"
+  if test "${min_version#*.}" != "${min_version}"; then
+    min_minor_version=${min_version#*.}
+    min_minor_version=${min_minor_version%%.*}
+  fi
+  if test "${min_version#*.*.}" != "${min_version}"; then
+    min_point_version=${min_version#*.*.}
+    min_point_version=${min_point_version%%.*}
+  fi
+
+  max_version="$2"
+  max_major_version=${max_version%%.*}
+  max_minor_version="0"
+  max_point_version="0"
+  if test "${max_version#*.}" != "${max_version}"; then
+    max_minor_version=${max_version#*.}
+    max_minor_version=${max_minor_version%%.*}
+  fi
+  if test "${max_version#*.*.}" != "${max_version}"; then
+    max_point_version=${max_version#*.*.}
+    max_point_version=${max_point_version%%.*}
+  fi
+
+  test $(($major_version)) -lt $(($min_major_version)) && exit 1
+  if test $(($major_version)) -eq $(($min_major_version)); then
+    test $(($minor_version)) -lt $(($min_minor_version)) && exit 1
+    if test $(($minor_version)) -eq $(($min_minor_version)); then
+      test $(($point_version)) -lt $(($min_point_version)) && exit 1
+    fi
+  fi
+
+  test $(($major_version)) -gt $(($max_major_version)) && exit 1
+  if test $(($major_version)) -eq $(($max_major_version)); then
+    test $(($minor_version)) -gt $(($max_minor_version)) && exit 1
+    if test $(($minor_version)) -eq $(($max_minor_version)); then
+      test $(($point_version)) -gt $(($max_point_version)) && exit 1
+    fi
+  fi
+
+  exit 0
+}
+
+# Show the usage line when no arguments are specified.
+if test $# -eq 0; then
+  show_usage
+  exit 1
+fi
+
+while test $# -gt 0; do
+  case $1 in
+    --usage)          show_usage;         exit 0;;
+    --help)           show_help;          exit 0;;
+
+    # Installation overrides
+    --prefix=*)       GTEST_PREFIX=${1#--prefix=};;
+    --exec-prefix=*)  GTEST_EXEC_PREFIX=${1#--exec-prefix=};;
+    --libdir=*)       GTEST_LIBDIR=${1#--libdir=};;
+    --includedir=*)   GTEST_INCLUDEDIR=${1#--includedir=};;
+
+    # Installation queries
+    --prefix|--exec-prefix|--libdir|--includedir|--version)
+      if test -n "${do_query}"; then
+        show_usage
+        exit 1
+      fi
+      do_query=${1#--}
+      ;;
+
+    # Version checking
+    --min-version=*)
+      do_check_versions=yes
+      min_version=${1#--min-version=}
+      ;;
+    --max-version=*)
+      do_check_versions=yes
+      max_version=${1#--max-version=}
+      ;;
+    --exact-version=*)
+      do_check_versions=yes
+      exact_version=${1#--exact-version=}
+      ;;
+
+    # Compiler flag output
+    --cppflags)       echo_cppflags=yes;;
+    --cxxflags)       echo_cxxflags=yes;;
+    --ldflags)        echo_ldflags=yes;;
+    --libs)           echo_libs=yes;;
+
+    # Everything else is an error
+    *)                show_usage;         exit 1;;
+  esac
+  shift
+done
+
+# These have defaults filled in by the configure script but can also be
+# overridden by environment variables or command line parameters.
+prefix="${GTEST_PREFIX:-@prefix@}"
+exec_prefix="${GTEST_EXEC_PREFIX:-@exec_prefix@}"
+libdir="${GTEST_LIBDIR:-@libdir@}"
+includedir="${GTEST_INCLUDEDIR:-@includedir@}"
+
+# We try and detect if our binary is not located at its installed location. If
+# it's not, we provide variables pointing to the source and build tree rather
+# than to the install tree. This allows building against a just-built gtest
+# rather than an installed gtest.
+bindir="@bindir@"
+this_relative_bindir=`dirname $0`
+this_bindir=`cd ${this_relative_bindir}; pwd -P`
+if test "${this_bindir}" = "${this_bindir%${bindir}}"; then
+  # The path to the script doesn't end in the bindir sequence from Autoconf,
+  # assume that we are in a build tree.
+  build_dir=`dirname ${this_bindir}`
+  src_dir=`cd ${this_bindir}; cd @top_srcdir@; pwd -P`
+
+  # TODO(chandlerc@google.com): This is a dangerous dependency on libtool, we
+  # should work to remove it, and/or remove libtool altogether, replacing it
+  # with direct references to the library and a link path.
+  gtest_libs="${build_dir}/lib/libgtest.la @PTHREAD_CFLAGS@ @PTHREAD_LIBS@"
+  gtest_ldflags=""
+
+  # We provide hooks to include from either the source or build dir, where the
+  # build dir is always preferred. This will potentially allow us to write
+  # build rules for generated headers and have them automatically be preferred
+  # over provided versions.
+  gtest_cppflags="-I${build_dir}/include -I${src_dir}/include"
+  gtest_cxxflags="@PTHREAD_CFLAGS@"
+else
+  # We're using an installed gtest, although it may be staged under some
+  # prefix. Assume (as our own libraries do) that we can resolve the prefix,
+  # and are present in the dynamic link paths.
+  gtest_ldflags="-L${libdir}"
+  gtest_libs="-l${name} @PTHREAD_CFLAGS@ @PTHREAD_LIBS@"
+  gtest_cppflags="-I${includedir}"
+  gtest_cxxflags="@PTHREAD_CFLAGS@"
+fi
+
+# Do an installation query if requested.
+if test -n "$do_query"; then
+  case $do_query in
+    prefix)           echo $prefix;       exit 0;;
+    exec-prefix)      echo $exec_prefix;  exit 0;;
+    libdir)           echo $libdir;       exit 0;;
+    includedir)       echo $includedir;   exit 0;;
+    version)          echo $version;      exit 0;;
+    *)                show_usage;         exit 1;;
+  esac
+fi
+
+# Do a version check if requested.
+if test "$do_check_versions" = "yes"; then
+  # Make sure we didn't receive a bad combination of parameters.
+  test "$echo_cppflags" = "yes" && show_usage && exit 1
+  test "$echo_cxxflags" = "yes" && show_usage && exit 1
+  test "$echo_ldflags" = "yes"  && show_usage && exit 1
+  test "$echo_libs" = "yes"     && show_usage && exit 1
+
+  if test "$exact_version" != ""; then
+    check_versions $exact_version $exact_version
+    # unreachable
+  else
+    check_versions ${min_version:-0.0.0} ${max_version:-9999.9999.9999}
+    # unreachable
+  fi
+fi
+
+# Do the output in the correct order so that these can be used in-line of
+# a compiler invocation.
+output=""
+test "$echo_cppflags" = "yes" && output="$output $gtest_cppflags"
+test "$echo_cxxflags" = "yes" && output="$output $gtest_cxxflags"
+test "$echo_ldflags" = "yes"  && output="$output $gtest_ldflags"
+test "$echo_libs" = "yes"     && output="$output $gtest_libs"
+echo $output
+
+exit 0
diff --git a/nss/external_tests/google_test/gtest/scripts/pump.py b/nss/external_tests/google_test/gtest/scripts/pump.py
new file mode 100755
index 0000000..5efb653
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/pump.py
@@ -0,0 +1,855 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""pump v0.2.0 - Pretty Useful for Meta Programming.
+
+A tool for preprocessor meta programming.  Useful for generating
+repetitive boilerplate code.  Especially useful for writing C++
+classes, functions, macros, and templates that need to work with
+various number of arguments.
+
+USAGE:
+       pump.py SOURCE_FILE
+
+EXAMPLES:
+       pump.py foo.cc.pump
+         Converts foo.cc.pump to foo.cc.
+
+GRAMMAR:
+       CODE ::= ATOMIC_CODE*
+       ATOMIC_CODE ::= $var ID = EXPRESSION
+           | $var ID = [[ CODE ]]
+           | $range ID EXPRESSION..EXPRESSION
+           | $for ID SEPARATOR [[ CODE ]]
+           | $($)
+           | $ID
+           | $(EXPRESSION)
+           | $if EXPRESSION [[ CODE ]] ELSE_BRANCH
+           | [[ CODE ]]
+           | RAW_CODE
+       SEPARATOR ::= RAW_CODE | EMPTY
+       ELSE_BRANCH ::= $else [[ CODE ]]
+           | $elif EXPRESSION [[ CODE ]] ELSE_BRANCH
+           | EMPTY
+       EXPRESSION has Python syntax.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sys
+
+
+TOKEN_TABLE = [
+    (re.compile(r'\$var\s+'), '$var'),
+    (re.compile(r'\$elif\s+'), '$elif'),
+    (re.compile(r'\$else\s+'), '$else'),
+    (re.compile(r'\$for\s+'), '$for'),
+    (re.compile(r'\$if\s+'), '$if'),
+    (re.compile(r'\$range\s+'), '$range'),
+    (re.compile(r'\$[_A-Za-z]\w*'), '$id'),
+    (re.compile(r'\$\(\$\)'), '$($)'),
+    (re.compile(r'\$'), '$'),
+    (re.compile(r'\[\[\n?'), '[['),
+    (re.compile(r'\]\]\n?'), ']]'),
+    ]
+
+
+class Cursor:
+  """Represents a position (line and column) in a text file."""
+
+  def __init__(self, line=-1, column=-1):
+    self.line = line
+    self.column = column
+
+  def __eq__(self, rhs):
+    return self.line == rhs.line and self.column == rhs.column
+
+  def __ne__(self, rhs):
+    return not self == rhs
+
+  def __lt__(self, rhs):
+    return self.line < rhs.line or (
+        self.line == rhs.line and self.column < rhs.column)
+
+  def __le__(self, rhs):
+    return self < rhs or self == rhs
+
+  def __gt__(self, rhs):
+    return rhs < self
+
+  def __ge__(self, rhs):
+    return rhs <= self
+
+  def __str__(self):
+    if self == Eof():
+      return 'EOF'
+    else:
+      return '%s(%s)' % (self.line + 1, self.column)
+
+  def __add__(self, offset):
+    return Cursor(self.line, self.column + offset)
+
+  def __sub__(self, offset):
+    return Cursor(self.line, self.column - offset)
+
+  def Clone(self):
+    """Returns a copy of self."""
+
+    return Cursor(self.line, self.column)
+
+
+# Special cursor to indicate the end-of-file.
+def Eof():
+  """Returns the special cursor to denote the end-of-file."""
+  return Cursor(-1, -1)
+
+
+class Token:
+  """Represents a token in a Pump source file."""
+
+  def __init__(self, start=None, end=None, value=None, token_type=None):
+    if start is None:
+      self.start = Eof()
+    else:
+      self.start = start
+    if end is None:
+      self.end = Eof()
+    else:
+      self.end = end
+    self.value = value
+    self.token_type = token_type
+
+  def __str__(self):
+    return 'Token @%s: \'%s\' type=%s' % (
+        self.start, self.value, self.token_type)
+
+  def Clone(self):
+    """Returns a copy of self."""
+
+    return Token(self.start.Clone(), self.end.Clone(), self.value,
+                 self.token_type)
+
+
+def StartsWith(lines, pos, string):
+  """Returns True iff the given position in lines starts with 'string'."""
+
+  return lines[pos.line][pos.column:].startswith(string)
+
+
+def FindFirstInLine(line, token_table):
+  best_match_start = -1
+  for (regex, token_type) in token_table:
+    m = regex.search(line)
+    if m:
+      # We found regex in lines
+      if best_match_start < 0 or m.start() < best_match_start:
+        best_match_start = m.start()
+        best_match_length = m.end() - m.start()
+        best_match_token_type = token_type
+
+  if best_match_start < 0:
+    return None
+
+  return (best_match_start, best_match_length, best_match_token_type)
+
+
+def FindFirst(lines, token_table, cursor):
+  """Finds the first occurrence of any string in strings in lines."""
+
+  start = cursor.Clone()
+  cur_line_number = cursor.line
+  for line in lines[start.line:]:
+    if cur_line_number == start.line:
+      line = line[start.column:]
+    m = FindFirstInLine(line, token_table)
+    if m:
+      # We found a regex in line.
+      (start_column, length, token_type) = m
+      if cur_line_number == start.line:
+        start_column += start.column
+      found_start = Cursor(cur_line_number, start_column)
+      found_end = found_start + length
+      return MakeToken(lines, found_start, found_end, token_type)
+    cur_line_number += 1
+  # We failed to find str in lines
+  return None
+
+
+def SubString(lines, start, end):
+  """Returns a substring in lines."""
+
+  if end == Eof():
+    end = Cursor(len(lines) - 1, len(lines[-1]))
+
+  if start >= end:
+    return ''
+
+  if start.line == end.line:
+    return lines[start.line][start.column:end.column]
+
+  result_lines = ([lines[start.line][start.column:]] +
+                  lines[start.line + 1:end.line] +
+                  [lines[end.line][:end.column]])
+  return ''.join(result_lines)
+
+
+def StripMetaComments(str):
+  """Strip meta comments from each line in the given string."""
+
+  # First, completely remove lines containing nothing but a meta
+  # comment, including the trailing \n.
+  str = re.sub(r'^\s*\$\$.*\n', '', str)
+
+  # Then, remove meta comments from contentful lines.
+  return re.sub(r'\s*\$\$.*', '', str)
+
+
+def MakeToken(lines, start, end, token_type):
+  """Creates a new instance of Token."""
+
+  return Token(start, end, SubString(lines, start, end), token_type)
+
+
+def ParseToken(lines, pos, regex, token_type):
+  line = lines[pos.line][pos.column:]
+  m = regex.search(line)
+  if m and not m.start():
+    return MakeToken(lines, pos, pos + m.end(), token_type)
+  else:
+    print 'ERROR: %s expected at %s.' % (token_type, pos)
+    sys.exit(1)
+
+
+ID_REGEX = re.compile(r'[_A-Za-z]\w*')
+EQ_REGEX = re.compile(r'=')
+REST_OF_LINE_REGEX = re.compile(r'.*?(?=$|\$\$)')
+OPTIONAL_WHITE_SPACES_REGEX = re.compile(r'\s*')
+WHITE_SPACE_REGEX = re.compile(r'\s')
+DOT_DOT_REGEX = re.compile(r'\.\.')
+
+
+def Skip(lines, pos, regex):
+  line = lines[pos.line][pos.column:]
+  m = re.search(regex, line)
+  if m and not m.start():
+    return pos + m.end()
+  else:
+    return pos
+
+
+def SkipUntil(lines, pos, regex, token_type):
+  line = lines[pos.line][pos.column:]
+  m = re.search(regex, line)
+  if m:
+    return pos + m.start()
+  else:
+    print ('ERROR: %s expected on line %s after column %s.' %
+           (token_type, pos.line + 1, pos.column))
+    sys.exit(1)
+
+
+def ParseExpTokenInParens(lines, pos):
+  def ParseInParens(pos):
+    pos = Skip(lines, pos, OPTIONAL_WHITE_SPACES_REGEX)
+    pos = Skip(lines, pos, r'\(')
+    pos = Parse(pos)
+    pos = Skip(lines, pos, r'\)')
+    return pos
+
+  def Parse(pos):
+    pos = SkipUntil(lines, pos, r'\(|\)', ')')
+    if SubString(lines, pos, pos + 1) == '(':
+      pos = Parse(pos + 1)
+      pos = Skip(lines, pos, r'\)')
+      return Parse(pos)
+    else:
+      return pos
+
+  start = pos.Clone()
+  pos = ParseInParens(pos)
+  return MakeToken(lines, start, pos, 'exp')
+
+
+def RStripNewLineFromToken(token):
+  if token.value.endswith('\n'):
+    return Token(token.start, token.end, token.value[:-1], token.token_type)
+  else:
+    return token
+
+
+def TokenizeLines(lines, pos):
+  while True:
+    found = FindFirst(lines, TOKEN_TABLE, pos)
+    if not found:
+      yield MakeToken(lines, pos, Eof(), 'code')
+      return
+
+    if found.start == pos:
+      prev_token = None
+      prev_token_rstripped = None
+    else:
+      prev_token = MakeToken(lines, pos, found.start, 'code')
+      prev_token_rstripped = RStripNewLineFromToken(prev_token)
+
+    if found.token_type == '$var':
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      id_token = ParseToken(lines, found.end, ID_REGEX, 'id')
+      yield id_token
+      pos = Skip(lines, id_token.end, OPTIONAL_WHITE_SPACES_REGEX)
+
+      eq_token = ParseToken(lines, pos, EQ_REGEX, '=')
+      yield eq_token
+      pos = Skip(lines, eq_token.end, r'\s*')
+
+      if SubString(lines, pos, pos + 2) != '[[':
+        exp_token = ParseToken(lines, pos, REST_OF_LINE_REGEX, 'exp')
+        yield exp_token
+        pos = Cursor(exp_token.end.line + 1, 0)
+    elif found.token_type == '$for':
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      id_token = ParseToken(lines, found.end, ID_REGEX, 'id')
+      yield id_token
+      pos = Skip(lines, id_token.end, WHITE_SPACE_REGEX)
+    elif found.token_type == '$range':
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      id_token = ParseToken(lines, found.end, ID_REGEX, 'id')
+      yield id_token
+      pos = Skip(lines, id_token.end, OPTIONAL_WHITE_SPACES_REGEX)
+
+      dots_pos = SkipUntil(lines, pos, DOT_DOT_REGEX, '..')
+      yield MakeToken(lines, pos, dots_pos, 'exp')
+      yield MakeToken(lines, dots_pos, dots_pos + 2, '..')
+      pos = dots_pos + 2
+      new_pos = Cursor(pos.line + 1, 0)
+      yield MakeToken(lines, pos, new_pos, 'exp')
+      pos = new_pos
+    elif found.token_type == '$':
+      if prev_token:
+        yield prev_token
+      yield found
+      exp_token = ParseExpTokenInParens(lines, found.end)
+      yield exp_token
+      pos = exp_token.end
+    elif (found.token_type == ']]' or found.token_type == '$if' or
+          found.token_type == '$elif' or found.token_type == '$else'):
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      pos = found.end
+    else:
+      if prev_token:
+        yield prev_token
+      yield found
+      pos = found.end
+
+
+def Tokenize(s):
+  """A generator that yields the tokens in the given string."""
+  if s != '':
+    lines = s.splitlines(True)
+    for token in TokenizeLines(lines, Cursor(0, 0)):
+      yield token
+
+
+class CodeNode:
+  def __init__(self, atomic_code_list=None):
+    self.atomic_code = atomic_code_list
+
+
+class VarNode:
+  def __init__(self, identifier=None, atomic_code=None):
+    self.identifier = identifier
+    self.atomic_code = atomic_code
+
+
+class RangeNode:
+  def __init__(self, identifier=None, exp1=None, exp2=None):
+    self.identifier = identifier
+    self.exp1 = exp1
+    self.exp2 = exp2
+
+
+class ForNode:
+  def __init__(self, identifier=None, sep=None, code=None):
+    self.identifier = identifier
+    self.sep = sep
+    self.code = code
+
+
+class ElseNode:
+  def __init__(self, else_branch=None):
+    self.else_branch = else_branch
+
+
+class IfNode:
+  def __init__(self, exp=None, then_branch=None, else_branch=None):
+    self.exp = exp
+    self.then_branch = then_branch
+    self.else_branch = else_branch
+
+
+class RawCodeNode:
+  def __init__(self, token=None):
+    self.raw_code = token
+
+
+class LiteralDollarNode:
+  def __init__(self, token):
+    self.token = token
+
+
+class ExpNode:
+  def __init__(self, token, python_exp):
+    self.token = token
+    self.python_exp = python_exp
+
+
+def PopFront(a_list):
+  head = a_list[0]
+  a_list[:1] = []
+  return head
+
+
+def PushFront(a_list, elem):
+  a_list[:0] = [elem]
+
+
+def PopToken(a_list, token_type=None):
+  token = PopFront(a_list)
+  if token_type is not None and token.token_type != token_type:
+    print 'ERROR: %s expected at %s' % (token_type, token.start)
+    print 'ERROR: %s found instead' % (token,)
+    sys.exit(1)
+
+  return token
+
+
+def PeekToken(a_list):
+  if not a_list:
+    return None
+
+  return a_list[0]
+
+
+def ParseExpNode(token):
+  python_exp = re.sub(r'([_A-Za-z]\w*)', r'self.GetValue("\1")', token.value)
+  return ExpNode(token, python_exp)
+
+
+def ParseElseNode(tokens):
+  def Pop(token_type=None):
+    return PopToken(tokens, token_type)
+
+  next = PeekToken(tokens)
+  if not next:
+    return None
+  if next.token_type == '$else':
+    Pop('$else')
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return code_node
+  elif next.token_type == '$elif':
+    Pop('$elif')
+    exp = Pop('code')
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    inner_else_node = ParseElseNode(tokens)
+    return CodeNode([IfNode(ParseExpNode(exp), code_node, inner_else_node)])
+  elif not next.value.strip():
+    Pop('code')
+    return ParseElseNode(tokens)
+  else:
+    return None
+
+
+def ParseAtomicCodeNode(tokens):
+  def Pop(token_type=None):
+    return PopToken(tokens, token_type)
+
+  head = PopFront(tokens)
+  t = head.token_type
+  if t == 'code':
+    return RawCodeNode(head)
+  elif t == '$var':
+    id_token = Pop('id')
+    Pop('=')
+    next = PeekToken(tokens)
+    if next.token_type == 'exp':
+      exp_token = Pop()
+      return VarNode(id_token, ParseExpNode(exp_token))
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return VarNode(id_token, code_node)
+  elif t == '$for':
+    id_token = Pop('id')
+    next_token = PeekToken(tokens)
+    if next_token.token_type == 'code':
+      sep_token = next_token
+      Pop('code')
+    else:
+      sep_token = None
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return ForNode(id_token, sep_token, code_node)
+  elif t == '$if':
+    exp_token = Pop('code')
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    else_node = ParseElseNode(tokens)
+    return IfNode(ParseExpNode(exp_token), code_node, else_node)
+  elif t == '$range':
+    id_token = Pop('id')
+    exp1_token = Pop('exp')
+    Pop('..')
+    exp2_token = Pop('exp')
+    return RangeNode(id_token, ParseExpNode(exp1_token),
+                     ParseExpNode(exp2_token))
+  elif t == '$id':
+    return ParseExpNode(Token(head.start + 1, head.end, head.value[1:], 'id'))
+  elif t == '$($)':
+    return LiteralDollarNode(head)
+  elif t == '$':
+    exp_token = Pop('exp')
+    return ParseExpNode(exp_token)
+  elif t == '[[':
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return code_node
+  else:
+    PushFront(tokens, head)
+    return None
+
+
+def ParseCodeNode(tokens):
+  atomic_code_list = []
+  while True:
+    if not tokens:
+      break
+    atomic_code_node = ParseAtomicCodeNode(tokens)
+    if atomic_code_node:
+      atomic_code_list.append(atomic_code_node)
+    else:
+      break
+  return CodeNode(atomic_code_list)
+
+
+def ParseToAST(pump_src_text):
+  """Convert the given Pump source text into an AST."""
+  tokens = list(Tokenize(pump_src_text))
+  code_node = ParseCodeNode(tokens)
+  return code_node
+
+
+class Env:
+  def __init__(self):
+    self.variables = []
+    self.ranges = []
+
+  def Clone(self):
+    clone = Env()
+    clone.variables = self.variables[:]
+    clone.ranges = self.ranges[:]
+    return clone
+
+  def PushVariable(self, var, value):
+    # If value looks like an int, store it as an int.
+    try:
+      int_value = int(value)
+      if ('%s' % int_value) == value:
+        value = int_value
+    except Exception:
+      pass
+    self.variables[:0] = [(var, value)]
+
+  def PopVariable(self):
+    self.variables[:1] = []
+
+  def PushRange(self, var, lower, upper):
+    self.ranges[:0] = [(var, lower, upper)]
+
+  def PopRange(self):
+    self.ranges[:1] = []
+
+  def GetValue(self, identifier):
+    for (var, value) in self.variables:
+      if identifier == var:
+        return value
+
+    print 'ERROR: meta variable %s is undefined.' % (identifier,)
+    sys.exit(1)
+
+  def EvalExp(self, exp):
+    try:
+      result = eval(exp.python_exp)
+    except Exception, e:
+      print 'ERROR: caught exception %s: %s' % (e.__class__.__name__, e)
+      print ('ERROR: failed to evaluate meta expression %s at %s' %
+             (exp.python_exp, exp.token.start))
+      sys.exit(1)
+    return result
+
+  def GetRange(self, identifier):
+    for (var, lower, upper) in self.ranges:
+      if identifier == var:
+        return (lower, upper)
+
+    print 'ERROR: range %s is undefined.' % (identifier,)
+    sys.exit(1)
+
+
+class Output:
+  def __init__(self):
+    self.string = ''
+
+  def GetLastLine(self):
+    index = self.string.rfind('\n')
+    if index < 0:
+      return ''
+
+    return self.string[index + 1:]
+
+  def Append(self, s):
+    self.string += s
+
+
+def RunAtomicCode(env, node, output):
+  if isinstance(node, VarNode):
+    identifier = node.identifier.value.strip()
+    result = Output()
+    RunAtomicCode(env.Clone(), node.atomic_code, result)
+    value = result.string
+    env.PushVariable(identifier, value)
+  elif isinstance(node, RangeNode):
+    identifier = node.identifier.value.strip()
+    lower = int(env.EvalExp(node.exp1))
+    upper = int(env.EvalExp(node.exp2))
+    env.PushRange(identifier, lower, upper)
+  elif isinstance(node, ForNode):
+    identifier = node.identifier.value.strip()
+    if node.sep is None:
+      sep = ''
+    else:
+      sep = node.sep.value
+    (lower, upper) = env.GetRange(identifier)
+    for i in range(lower, upper + 1):
+      new_env = env.Clone()
+      new_env.PushVariable(identifier, i)
+      RunCode(new_env, node.code, output)
+      if i != upper:
+        output.Append(sep)
+  elif isinstance(node, RawCodeNode):
+    output.Append(node.raw_code.value)
+  elif isinstance(node, IfNode):
+    cond = env.EvalExp(node.exp)
+    if cond:
+      RunCode(env.Clone(), node.then_branch, output)
+    elif node.else_branch is not None:
+      RunCode(env.Clone(), node.else_branch, output)
+  elif isinstance(node, ExpNode):
+    value = env.EvalExp(node)
+    output.Append('%s' % (value,))
+  elif isinstance(node, LiteralDollarNode):
+    output.Append('$')
+  elif isinstance(node, CodeNode):
+    RunCode(env.Clone(), node, output)
+  else:
+    print 'BAD'
+    print node
+    sys.exit(1)
+
+
+def RunCode(env, code_node, output):
+  for atomic_code in code_node.atomic_code:
+    RunAtomicCode(env, atomic_code, output)
+
+
+def IsSingleLineComment(cur_line):
+  return '//' in cur_line
+
+
+def IsInPreprocessorDirective(prev_lines, cur_line):
+  if cur_line.lstrip().startswith('#'):
+    return True
+  return prev_lines and prev_lines[-1].endswith('\\')
+
+
+def WrapComment(line, output):
+  loc = line.find('//')
+  before_comment = line[:loc].rstrip()
+  if before_comment == '':
+    indent = loc
+  else:
+    output.append(before_comment)
+    indent = len(before_comment) - len(before_comment.lstrip())
+  prefix = indent*' ' + '// '
+  max_len = 80 - len(prefix)
+  comment = line[loc + 2:].strip()
+  segs = [seg for seg in re.split(r'(\w+\W*)', comment) if seg != '']
+  cur_line = ''
+  for seg in segs:
+    if len((cur_line + seg).rstrip()) < max_len:
+      cur_line += seg
+    else:
+      if cur_line.strip() != '':
+        output.append(prefix + cur_line.rstrip())
+      cur_line = seg.lstrip()
+  if cur_line.strip() != '':
+    output.append(prefix + cur_line.strip())
+
+
+def WrapCode(line, line_concat, output):
+  indent = len(line) - len(line.lstrip())
+  prefix = indent*' '  # Prefix of the current line
+  max_len = 80 - indent - len(line_concat)  # Maximum length of the current line
+  new_prefix = prefix + 4*' '  # Prefix of a continuation line
+  new_max_len = max_len - 4  # Maximum length of a continuation line
+  # Prefers to wrap a line after a ',' or ';'.
+  segs = [seg for seg in re.split(r'([^,;]+[,;]?)', line.strip()) if seg != '']
+  cur_line = ''  # The current line without leading spaces.
+  for seg in segs:
+    # If the line is still too long, wrap at a space.
+    while cur_line == '' and len(seg.strip()) > max_len:
+      seg = seg.lstrip()
+      split_at = seg.rfind(' ', 0, max_len)
+      output.append(prefix + seg[:split_at].strip() + line_concat)
+      seg = seg[split_at + 1:]
+      prefix = new_prefix
+      max_len = new_max_len
+
+    if len((cur_line + seg).rstrip()) < max_len:
+      cur_line = (cur_line + seg).lstrip()
+    else:
+      output.append(prefix + cur_line.rstrip() + line_concat)
+      prefix = new_prefix
+      max_len = new_max_len
+      cur_line = seg.lstrip()
+  if cur_line.strip() != '':
+    output.append(prefix + cur_line.strip())
+
+
+def WrapPreprocessorDirective(line, output):
+  WrapCode(line, ' \\', output)
+
+
+def WrapPlainCode(line, output):
+  WrapCode(line, '', output)
+
+
+def IsMultiLineIWYUPragma(line):
+  return re.search(r'/\* IWYU pragma: ', line)
+
+
+def IsHeaderGuardIncludeOrOneLineIWYUPragma(line):
+  return (re.match(r'^#(ifndef|define|endif\s*//)\s*[\w_]+\s*$', line) or
+          re.match(r'^#include\s', line) or
+          # Don't break IWYU pragmas, either; that causes iwyu.py problems.
+          re.search(r'// IWYU pragma: ', line))
+
+
+def WrapLongLine(line, output):
+  line = line.rstrip()
+  if len(line) <= 80:
+    output.append(line)
+  elif IsSingleLineComment(line):
+    if IsHeaderGuardIncludeOrOneLineIWYUPragma(line):
+      # The style guide made an exception to allow long header guard lines,
+      # includes and IWYU pragmas.
+      output.append(line)
+    else:
+      WrapComment(line, output)
+  elif IsInPreprocessorDirective(output, line):
+    if IsHeaderGuardIncludeOrOneLineIWYUPragma(line):
+      # The style guide made an exception to allow long header guard lines,
+      # includes and IWYU pragmas.
+      output.append(line)
+    else:
+      WrapPreprocessorDirective(line, output)
+  elif IsMultiLineIWYUPragma(line):
+    output.append(line)
+  else:
+    WrapPlainCode(line, output)
+
+
+def BeautifyCode(string):
+  lines = string.splitlines()
+  output = []
+  for line in lines:
+    WrapLongLine(line, output)
+  output2 = [line.rstrip() for line in output]
+  return '\n'.join(output2) + '\n'
+
+
+def ConvertFromPumpSource(src_text):
+  """Return the text generated from the given Pump source text."""
+  ast = ParseToAST(StripMetaComments(src_text))
+  output = Output()
+  RunCode(Env(), ast, output)
+  return BeautifyCode(output.string)
+
+
+def main(argv):
+  if len(argv) == 1:
+    print __doc__
+    sys.exit(1)
+
+  file_path = argv[-1]
+  output_str = ConvertFromPumpSource(file(file_path, 'r').read())
+  if file_path.endswith('.pump'):
+    output_file_path = file_path[:-5]
+  else:
+    output_file_path = '-'
+  if output_file_path == '-':
+    print output_str,
+  else:
+    output_file = file(output_file_path, 'w')
+    output_file.write('// This file was GENERATED by command:\n')
+    output_file.write('//     %s %s\n' %
+                      (os.path.basename(__file__), os.path.basename(file_path)))
+    output_file.write('// DO NOT EDIT BY HAND!!!\n\n')
+    output_file.write(output_str)
+    output_file.close()
+
+
+if __name__ == '__main__':
+  main(sys.argv)
diff --git a/nss/external_tests/google_test/gtest/scripts/release_docs.py b/nss/external_tests/google_test/gtest/scripts/release_docs.py
new file mode 100755
index 0000000..1291347
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/release_docs.py
@@ -0,0 +1,158 @@
+#!/usr/bin/env python
+#
+# Copyright 2013 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Script for branching Google Test/Mock wiki pages for a new version.
+
+SYNOPSIS
+       release_docs.py NEW_RELEASE_VERSION
+
+       Google Test and Google Mock's external user documentation is in
+       interlinked wiki files.  When we release a new version of
+       Google Test or Google Mock, we need to branch the wiki files
+       such that users of a specific version of Google Test/Mock can
+       look up documenation relevant for that version.  This script
+       automates that process by:
+
+         - branching the current wiki pages (which document the
+           behavior of the SVN trunk head) to pages for the specified
+           version (e.g. branching FAQ.wiki to V2_6_FAQ.wiki when
+           NEW_RELEASE_VERSION is 2.6);
+         - updating the links in the branched files to point to the branched
+           version (e.g. a link in V2_6_FAQ.wiki that pointed to
+           Primer.wiki#Anchor will now point to V2_6_Primer.wiki#Anchor).
+
+       NOTE: NEW_RELEASE_VERSION must be a NEW version number for
+       which the wiki pages don't yet exist; otherwise you'll get SVN
+       errors like "svn: Path 'V1_7_PumpManual.wiki' is not a
+       directory" when running the script.
+
+EXAMPLE
+       $ cd PATH/TO/GTEST_SVN_WORKSPACE/trunk
+       $ scripts/release_docs.py 2.6  # create wiki pages for v2.6
+       $ svn status                   # verify the file list
+       $ svn diff                     # verify the file contents
+       $ svn commit -m "release wiki pages for v2.6"
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sys
+
+import common
+
+
+# Wiki pages that shouldn't be branched for every gtest/gmock release.
+GTEST_UNVERSIONED_WIKIS = ['DevGuide.wiki']
+GMOCK_UNVERSIONED_WIKIS = [
+    'DesignDoc.wiki',
+    'DevGuide.wiki',
+    'KnownIssues.wiki'
+    ]
+
+
+def DropWikiSuffix(wiki_filename):
+  """Removes the .wiki suffix (if any) from the given filename."""
+
+  return (wiki_filename[:-len('.wiki')] if wiki_filename.endswith('.wiki')
+          else wiki_filename)
+
+
+class WikiBrancher(object):
+  """Branches ..."""
+
+  def __init__(self, dot_version):
+    self.project, svn_root_path = common.GetSvnInfo()
+    if self.project not in ('googletest', 'googlemock'):
+      sys.exit('This script must be run in a gtest or gmock SVN workspace.')
+    self.wiki_dir = svn_root_path + '/wiki'
+    # Turn '2.6' to 'V2_6_'.
+    self.version_prefix = 'V' + dot_version.replace('.', '_') + '_'
+    self.files_to_branch = self.GetFilesToBranch()
+    page_names = [DropWikiSuffix(f) for f in self.files_to_branch]
+    # A link to Foo.wiki is in one of the following forms:
+    #   [Foo words]
+    #   [Foo#Anchor words]
+    #   [http://code.google.com/.../wiki/Foo words]
+    #   [http://code.google.com/.../wiki/Foo#Anchor words]
+    # We want to replace 'Foo' with 'V2_6_Foo' in the above cases.
+    self.search_for_re = re.compile(
+        # This regex matches either
+        #   [Foo
+        # or
+        #   /wiki/Foo
+        # followed by a space or a #, where Foo is the name of an
+        # unversioned wiki page.
+        r'(\[|/wiki/)(%s)([ #])' % '|'.join(page_names))
+    self.replace_with = r'\1%s\2\3' % (self.version_prefix,)
+
+  def GetFilesToBranch(self):
+    """Returns a list of .wiki file names that need to be branched."""
+
+    unversioned_wikis = (GTEST_UNVERSIONED_WIKIS if self.project == 'googletest'
+                         else GMOCK_UNVERSIONED_WIKIS)
+    return [f for f in os.listdir(self.wiki_dir)
+            if (f.endswith('.wiki') and
+                not re.match(r'^V\d', f) and  # Excluded versioned .wiki files.
+                f not in unversioned_wikis)]
+
+  def BranchFiles(self):
+    """Branches the .wiki files needed to be branched."""
+
+    print 'Branching %d .wiki files:' % (len(self.files_to_branch),)
+    os.chdir(self.wiki_dir)
+    for f in self.files_to_branch:
+      command = 'svn cp %s %s%s' % (f, self.version_prefix, f)
+      print command
+      os.system(command)
+
+  def UpdateLinksInBranchedFiles(self):
+
+    for f in self.files_to_branch:
+      source_file = os.path.join(self.wiki_dir, f)
+      versioned_file = os.path.join(self.wiki_dir, self.version_prefix + f)
+      print 'Updating links in %s.' % (versioned_file,)
+      text = file(source_file, 'r').read()
+      new_text = self.search_for_re.sub(self.replace_with, text)
+      file(versioned_file, 'w').write(new_text)
+
+
+def main():
+  if len(sys.argv) != 2:
+    sys.exit(__doc__)
+
+  brancher = WikiBrancher(sys.argv[1])
+  brancher.BranchFiles()
+  brancher.UpdateLinksInBranchedFiles()
+
+
+if __name__ == '__main__':
+  main()
diff --git a/nss/external_tests/google_test/gtest/scripts/test/Makefile b/nss/external_tests/google_test/gtest/scripts/test/Makefile
new file mode 100644
index 0000000..cdff584
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/test/Makefile
@@ -0,0 +1,59 @@
+# A Makefile for fusing Google Test and building a sample test against it.
+#
+# SYNOPSIS:
+#
+#   make [all]  - makes everything.
+#   make TARGET - makes the given target.
+#   make check  - makes everything and runs the built sample test.
+#   make clean  - removes all files generated by make.
+
+# Points to the root of fused Google Test, relative to where this file is.
+FUSED_GTEST_DIR = output
+
+# Paths to the fused gtest files.
+FUSED_GTEST_H = $(FUSED_GTEST_DIR)/gtest/gtest.h
+FUSED_GTEST_ALL_CC = $(FUSED_GTEST_DIR)/gtest/gtest-all.cc
+
+# Where to find the sample test.
+SAMPLE_DIR = ../../samples
+
+# Where to find gtest_main.cc.
+GTEST_MAIN_CC = ../../src/gtest_main.cc
+
+# Flags passed to the preprocessor.
+# We have no idea here whether pthreads is available in the system, so
+# disable its use.
+CPPFLAGS += -I$(FUSED_GTEST_DIR) -DGTEST_HAS_PTHREAD=0
+
+# Flags passed to the C++ compiler.
+CXXFLAGS += -g
+
+all : sample1_unittest
+
+check : all
+	./sample1_unittest
+
+clean :
+	rm -rf $(FUSED_GTEST_DIR) sample1_unittest *.o
+
+$(FUSED_GTEST_H) :
+	../fuse_gtest_files.py $(FUSED_GTEST_DIR)
+
+$(FUSED_GTEST_ALL_CC) :
+	../fuse_gtest_files.py $(FUSED_GTEST_DIR)
+
+gtest-all.o : $(FUSED_GTEST_H) $(FUSED_GTEST_ALL_CC)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(FUSED_GTEST_DIR)/gtest/gtest-all.cc
+
+gtest_main.o : $(FUSED_GTEST_H) $(GTEST_MAIN_CC)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(GTEST_MAIN_CC)
+
+sample1.o : $(SAMPLE_DIR)/sample1.cc $(SAMPLE_DIR)/sample1.h
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(SAMPLE_DIR)/sample1.cc
+
+sample1_unittest.o : $(SAMPLE_DIR)/sample1_unittest.cc \
+                     $(SAMPLE_DIR)/sample1.h $(FUSED_GTEST_H)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(SAMPLE_DIR)/sample1_unittest.cc
+
+sample1_unittest : sample1.o sample1_unittest.o gtest-all.o gtest_main.o
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $^ -o $@
diff --git a/nss/external_tests/google_test/gtest/scripts/upload.py b/nss/external_tests/google_test/gtest/scripts/upload.py
new file mode 100755
index 0000000..6e6f9a1
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/upload.py
@@ -0,0 +1,1387 @@
+#!/usr/bin/env python
+#
+# Copyright 2007 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Tool for uploading diffs from a version control system to the codereview app.
+
+Usage summary: upload.py [options] [-- diff_options]
+
+Diff options are passed to the diff command of the underlying system.
+
+Supported version control systems:
+  Git
+  Mercurial
+  Subversion
+
+It is important for Git/Mercurial users to specify a tree/node/branch to diff
+against by using the '--rev' option.
+"""
+# This code is derived from appcfg.py in the App Engine SDK (open source),
+# and from ASPN recipe #146306.
+
+import cookielib
+import getpass
+import logging
+import md5
+import mimetypes
+import optparse
+import os
+import re
+import socket
+import subprocess
+import sys
+import urllib
+import urllib2
+import urlparse
+
+try:
+  import readline
+except ImportError:
+  pass
+
+# The logging verbosity:
+#  0: Errors only.
+#  1: Status messages.
+#  2: Info logs.
+#  3: Debug logs.
+verbosity = 1
+
+# Max size of patch or base file.
+MAX_UPLOAD_SIZE = 900 * 1024
+
+
+def GetEmail(prompt):
+  """Prompts the user for their email address and returns it.
+
+  The last used email address is saved to a file and offered up as a suggestion
+  to the user. If the user presses enter without typing in anything the last
+  used email address is used. If the user enters a new address, it is saved
+  for next time we prompt.
+
+  """
+  last_email_file_name = os.path.expanduser("~/.last_codereview_email_address")
+  last_email = ""
+  if os.path.exists(last_email_file_name):
+    try:
+      last_email_file = open(last_email_file_name, "r")
+      last_email = last_email_file.readline().strip("\n")
+      last_email_file.close()
+      prompt += " [%s]" % last_email
+    except IOError, e:
+      pass
+  email = raw_input(prompt + ": ").strip()
+  if email:
+    try:
+      last_email_file = open(last_email_file_name, "w")
+      last_email_file.write(email)
+      last_email_file.close()
+    except IOError, e:
+      pass
+  else:
+    email = last_email
+  return email
+
+
+def StatusUpdate(msg):
+  """Print a status message to stdout.
+
+  If 'verbosity' is greater than 0, print the message.
+
+  Args:
+    msg: The string to print.
+  """
+  if verbosity > 0:
+    print msg
+
+
+def ErrorExit(msg):
+  """Print an error message to stderr and exit."""
+  print >>sys.stderr, msg
+  sys.exit(1)
+
+
+class ClientLoginError(urllib2.HTTPError):
+  """Raised to indicate there was an error authenticating with ClientLogin."""
+
+  def __init__(self, url, code, msg, headers, args):
+    urllib2.HTTPError.__init__(self, url, code, msg, headers, None)
+    self.args = args
+    self.reason = args["Error"]
+
+
+class AbstractRpcServer(object):
+  """Provides a common interface for a simple RPC server."""
+
+  def __init__(self, host, auth_function, host_override=None, extra_headers={},
+               save_cookies=False):
+    """Creates a new HttpRpcServer.
+
+    Args:
+      host: The host to send requests to.
+      auth_function: A function that takes no arguments and returns an
+        (email, password) tuple when called. Will be called if authentication
+        is required.
+      host_override: The host header to send to the server (defaults to host).
+      extra_headers: A dict of extra headers to append to every request.
+      save_cookies: If True, save the authentication cookies to local disk.
+        If False, use an in-memory cookiejar instead.  Subclasses must
+        implement this functionality.  Defaults to False.
+    """
+    self.host = host
+    self.host_override = host_override
+    self.auth_function = auth_function
+    self.authenticated = False
+    self.extra_headers = extra_headers
+    self.save_cookies = save_cookies
+    self.opener = self._GetOpener()
+    if self.host_override:
+      logging.info("Server: %s; Host: %s", self.host, self.host_override)
+    else:
+      logging.info("Server: %s", self.host)
+
+  def _GetOpener(self):
+    """Returns an OpenerDirector for making HTTP requests.
+
+    Returns:
+      A urllib2.OpenerDirector object.
+    """
+    raise NotImplementedError()
+
+  def _CreateRequest(self, url, data=None):
+    """Creates a new urllib request."""
+    logging.debug("Creating request for: '%s' with payload:\n%s", url, data)
+    req = urllib2.Request(url, data=data)
+    if self.host_override:
+      req.add_header("Host", self.host_override)
+    for key, value in self.extra_headers.iteritems():
+      req.add_header(key, value)
+    return req
+
+  def _GetAuthToken(self, email, password):
+    """Uses ClientLogin to authenticate the user, returning an auth token.
+
+    Args:
+      email:    The user's email address
+      password: The user's password
+
+    Raises:
+      ClientLoginError: If there was an error authenticating with ClientLogin.
+      HTTPError: If there was some other form of HTTP error.
+
+    Returns:
+      The authentication token returned by ClientLogin.
+    """
+    account_type = "GOOGLE"
+    if self.host.endswith(".google.com"):
+      # Needed for use inside Google.
+      account_type = "HOSTED"
+    req = self._CreateRequest(
+        url="https://www.google.com/accounts/ClientLogin",
+        data=urllib.urlencode({
+            "Email": email,
+            "Passwd": password,
+            "service": "ah",
+            "source": "rietveld-codereview-upload",
+            "accountType": account_type,
+        }),
+    )
+    try:
+      response = self.opener.open(req)
+      response_body = response.read()
+      response_dict = dict(x.split("=")
+                           for x in response_body.split("\n") if x)
+      return response_dict["Auth"]
+    except urllib2.HTTPError, e:
+      if e.code == 403:
+        body = e.read()
+        response_dict = dict(x.split("=", 1) for x in body.split("\n") if x)
+        raise ClientLoginError(req.get_full_url(), e.code, e.msg,
+                               e.headers, response_dict)
+      else:
+        raise
+
+  def _GetAuthCookie(self, auth_token):
+    """Fetches authentication cookies for an authentication token.
+
+    Args:
+      auth_token: The authentication token returned by ClientLogin.
+
+    Raises:
+      HTTPError: If there was an error fetching the authentication cookies.
+    """
+    # This is a dummy value to allow us to identify when we're successful.
+    continue_location = "http://localhost/"
+    args = {"continue": continue_location, "auth": auth_token}
+    req = self._CreateRequest("http://%s/_ah/login?%s" %
+                              (self.host, urllib.urlencode(args)))
+    try:
+      response = self.opener.open(req)
+    except urllib2.HTTPError, e:
+      response = e
+    if (response.code != 302 or
+        response.info()["location"] != continue_location):
+      raise urllib2.HTTPError(req.get_full_url(), response.code, response.msg,
+                              response.headers, response.fp)
+    self.authenticated = True
+
+  def _Authenticate(self):
+    """Authenticates the user.
+
+    The authentication process works as follows:
+     1) We get a username and password from the user
+     2) We use ClientLogin to obtain an AUTH token for the user
+        (see http://code.google.com/apis/accounts/AuthForInstalledApps.html).
+     3) We pass the auth token to /_ah/login on the server to obtain an
+        authentication cookie. If login was successful, it tries to redirect
+        us to the URL we provided.
+
+    If we attempt to access the upload API without first obtaining an
+    authentication cookie, it returns a 401 response and directs us to
+    authenticate ourselves with ClientLogin.
+    """
+    for i in range(3):
+      credentials = self.auth_function()
+      try:
+        auth_token = self._GetAuthToken(credentials[0], credentials[1])
+      except ClientLoginError, e:
+        if e.reason == "BadAuthentication":
+          print >>sys.stderr, "Invalid username or password."
+          continue
+        if e.reason == "CaptchaRequired":
+          print >>sys.stderr, (
+              "Please go to\n"
+              "https://www.google.com/accounts/DisplayUnlockCaptcha\n"
+              "and verify you are a human.  Then try again.")
+          break
+        if e.reason == "NotVerified":
+          print >>sys.stderr, "Account not verified."
+          break
+        if e.reason == "TermsNotAgreed":
+          print >>sys.stderr, "User has not agreed to TOS."
+          break
+        if e.reason == "AccountDeleted":
+          print >>sys.stderr, "The user account has been deleted."
+          break
+        if e.reason == "AccountDisabled":
+          print >>sys.stderr, "The user account has been disabled."
+          break
+        if e.reason == "ServiceDisabled":
+          print >>sys.stderr, ("The user's access to the service has been "
+                               "disabled.")
+          break
+        if e.reason == "ServiceUnavailable":
+          print >>sys.stderr, "The service is not available; try again later."
+          break
+        raise
+      self._GetAuthCookie(auth_token)
+      return
+
+  def Send(self, request_path, payload=None,
+           content_type="application/octet-stream",
+           timeout=None,
+           **kwargs):
+    """Sends an RPC and returns the response.
+
+    Args:
+      request_path: The path to send the request to, eg /api/appversion/create.
+      payload: The body of the request, or None to send an empty request.
+      content_type: The Content-Type header to use.
+      timeout: timeout in seconds; default None i.e. no timeout.
+        (Note: for large requests on OS X, the timeout doesn't work right.)
+      kwargs: Any keyword arguments are converted into query string parameters.
+
+    Returns:
+      The response body, as a string.
+    """
+    # TODO: Don't require authentication.  Let the server say
+    # whether it is necessary.
+    if not self.authenticated:
+      self._Authenticate()
+
+    old_timeout = socket.getdefaulttimeout()
+    socket.setdefaulttimeout(timeout)
+    try:
+      tries = 0
+      while True:
+        tries += 1
+        args = dict(kwargs)
+        url = "http://%s%s" % (self.host, request_path)
+        if args:
+          url += "?" + urllib.urlencode(args)
+        req = self._CreateRequest(url=url, data=payload)
+        req.add_header("Content-Type", content_type)
+        try:
+          f = self.opener.open(req)
+          response = f.read()
+          f.close()
+          return response
+        except urllib2.HTTPError, e:
+          if tries > 3:
+            raise
+          elif e.code == 401:
+            self._Authenticate()
+##           elif e.code >= 500 and e.code < 600:
+##             # Server Error - try again.
+##             continue
+          else:
+            raise
+    finally:
+      socket.setdefaulttimeout(old_timeout)
+
+
+class HttpRpcServer(AbstractRpcServer):
+  """Provides a simplified RPC-style interface for HTTP requests."""
+
+  def _Authenticate(self):
+    """Save the cookie jar after authentication."""
+    super(HttpRpcServer, self)._Authenticate()
+    if self.save_cookies:
+      StatusUpdate("Saving authentication cookies to %s" % self.cookie_file)
+      self.cookie_jar.save()
+
+  def _GetOpener(self):
+    """Returns an OpenerDirector that supports cookies and ignores redirects.
+
+    Returns:
+      A urllib2.OpenerDirector object.
+    """
+    opener = urllib2.OpenerDirector()
+    opener.add_handler(urllib2.ProxyHandler())
+    opener.add_handler(urllib2.UnknownHandler())
+    opener.add_handler(urllib2.HTTPHandler())
+    opener.add_handler(urllib2.HTTPDefaultErrorHandler())
+    opener.add_handler(urllib2.HTTPSHandler())
+    opener.add_handler(urllib2.HTTPErrorProcessor())
+    if self.save_cookies:
+      self.cookie_file = os.path.expanduser("~/.codereview_upload_cookies")
+      self.cookie_jar = cookielib.MozillaCookieJar(self.cookie_file)
+      if os.path.exists(self.cookie_file):
+        try:
+          self.cookie_jar.load()
+          self.authenticated = True
+          StatusUpdate("Loaded authentication cookies from %s" %
+                       self.cookie_file)
+        except (cookielib.LoadError, IOError):
+          # Failed to load cookies - just ignore them.
+          pass
+      else:
+        # Create an empty cookie file with mode 600
+        fd = os.open(self.cookie_file, os.O_CREAT, 0600)
+        os.close(fd)
+      # Always chmod the cookie file
+      os.chmod(self.cookie_file, 0600)
+    else:
+      # Don't save cookies across runs of update.py.
+      self.cookie_jar = cookielib.CookieJar()
+    opener.add_handler(urllib2.HTTPCookieProcessor(self.cookie_jar))
+    return opener
+
+
+parser = optparse.OptionParser(usage="%prog [options] [-- diff_options]")
+parser.add_option("-y", "--assume_yes", action="store_true",
+                  dest="assume_yes", default=False,
+                  help="Assume that the answer to yes/no questions is 'yes'.")
+# Logging
+group = parser.add_option_group("Logging options")
+group.add_option("-q", "--quiet", action="store_const", const=0,
+                 dest="verbose", help="Print errors only.")
+group.add_option("-v", "--verbose", action="store_const", const=2,
+                 dest="verbose", default=1,
+                 help="Print info level logs (default).")
+group.add_option("--noisy", action="store_const", const=3,
+                 dest="verbose", help="Print all logs.")
+# Review server
+group = parser.add_option_group("Review server options")
+group.add_option("-s", "--server", action="store", dest="server",
+                 default="codereview.appspot.com",
+                 metavar="SERVER",
+                 help=("The server to upload to. The format is host[:port]. "
+                       "Defaults to 'codereview.appspot.com'."))
+group.add_option("-e", "--email", action="store", dest="email",
+                 metavar="EMAIL", default=None,
+                 help="The username to use. Will prompt if omitted.")
+group.add_option("-H", "--host", action="store", dest="host",
+                 metavar="HOST", default=None,
+                 help="Overrides the Host header sent with all RPCs.")
+group.add_option("--no_cookies", action="store_false",
+                 dest="save_cookies", default=True,
+                 help="Do not save authentication cookies to local disk.")
+# Issue
+group = parser.add_option_group("Issue options")
+group.add_option("-d", "--description", action="store", dest="description",
+                 metavar="DESCRIPTION", default=None,
+                 help="Optional description when creating an issue.")
+group.add_option("-f", "--description_file", action="store",
+                 dest="description_file", metavar="DESCRIPTION_FILE",
+                 default=None,
+                 help="Optional path of a file that contains "
+                      "the description when creating an issue.")
+group.add_option("-r", "--reviewers", action="store", dest="reviewers",
+                 metavar="REVIEWERS", default=None,
+                 help="Add reviewers (comma separated email addresses).")
+group.add_option("--cc", action="store", dest="cc",
+                 metavar="CC", default=None,
+                 help="Add CC (comma separated email addresses).")
+# Upload options
+group = parser.add_option_group("Patch options")
+group.add_option("-m", "--message", action="store", dest="message",
+                 metavar="MESSAGE", default=None,
+                 help="A message to identify the patch. "
+                      "Will prompt if omitted.")
+group.add_option("-i", "--issue", type="int", action="store",
+                 metavar="ISSUE", default=None,
+                 help="Issue number to which to add. Defaults to new issue.")
+group.add_option("--download_base", action="store_true",
+                 dest="download_base", default=False,
+                 help="Base files will be downloaded by the server "
+                 "(side-by-side diffs may not work on files with CRs).")
+group.add_option("--rev", action="store", dest="revision",
+                 metavar="REV", default=None,
+                 help="Branch/tree/revision to diff against (used by DVCS).")
+group.add_option("--send_mail", action="store_true",
+                 dest="send_mail", default=False,
+                 help="Send notification email to reviewers.")
+
+
+def GetRpcServer(options):
+  """Returns an instance of an AbstractRpcServer.
+
+  Returns:
+    A new AbstractRpcServer, on which RPC calls can be made.
+  """
+
+  rpc_server_class = HttpRpcServer
+
+  def GetUserCredentials():
+    """Prompts the user for a username and password."""
+    email = options.email
+    if email is None:
+      email = GetEmail("Email (login for uploading to %s)" % options.server)
+    password = getpass.getpass("Password for %s: " % email)
+    return (email, password)
+
+  # If this is the dev_appserver, use fake authentication.
+  host = (options.host or options.server).lower()
+  if host == "localhost" or host.startswith("localhost:"):
+    email = options.email
+    if email is None:
+      email = "test@example.com"
+      logging.info("Using debug user %s.  Override with --email" % email)
+    server = rpc_server_class(
+        options.server,
+        lambda: (email, "password"),
+        host_override=options.host,
+        extra_headers={"Cookie":
+                       'dev_appserver_login="%s:False"' % email},
+        save_cookies=options.save_cookies)
+    # Don't try to talk to ClientLogin.
+    server.authenticated = True
+    return server
+
+  return rpc_server_class(options.server, GetUserCredentials,
+                          host_override=options.host,
+                          save_cookies=options.save_cookies)
+
+
+def EncodeMultipartFormData(fields, files):
+  """Encode form fields for multipart/form-data.
+
+  Args:
+    fields: A sequence of (name, value) elements for regular form fields.
+    files: A sequence of (name, filename, value) elements for data to be
+           uploaded as files.
+  Returns:
+    (content_type, body) ready for httplib.HTTP instance.
+
+  Source:
+    http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/146306
+  """
+  BOUNDARY = '-M-A-G-I-C---B-O-U-N-D-A-R-Y-'
+  CRLF = '\r\n'
+  lines = []
+  for (key, value) in fields:
+    lines.append('--' + BOUNDARY)
+    lines.append('Content-Disposition: form-data; name="%s"' % key)
+    lines.append('')
+    lines.append(value)
+  for (key, filename, value) in files:
+    lines.append('--' + BOUNDARY)
+    lines.append('Content-Disposition: form-data; name="%s"; filename="%s"' %
+             (key, filename))
+    lines.append('Content-Type: %s' % GetContentType(filename))
+    lines.append('')
+    lines.append(value)
+  lines.append('--' + BOUNDARY + '--')
+  lines.append('')
+  body = CRLF.join(lines)
+  content_type = 'multipart/form-data; boundary=%s' % BOUNDARY
+  return content_type, body
+
+
+def GetContentType(filename):
+  """Helper to guess the content-type from the filename."""
+  return mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+
+
+# Use a shell for subcommands on Windows to get a PATH search.
+use_shell = sys.platform.startswith("win")
+
+def RunShellWithReturnCode(command, print_output=False,
+                           universal_newlines=True):
+  """Executes a command and returns the output from stdout and the return code.
+
+  Args:
+    command: Command to execute.
+    print_output: If True, the output is printed to stdout.
+                  If False, both stdout and stderr are ignored.
+    universal_newlines: Use universal_newlines flag (default: True).
+
+  Returns:
+    Tuple (output, return code)
+  """
+  logging.info("Running %s", command)
+  p = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                       shell=use_shell, universal_newlines=universal_newlines)
+  if print_output:
+    output_array = []
+    while True:
+      line = p.stdout.readline()
+      if not line:
+        break
+      print line.strip("\n")
+      output_array.append(line)
+    output = "".join(output_array)
+  else:
+    output = p.stdout.read()
+  p.wait()
+  errout = p.stderr.read()
+  if print_output and errout:
+    print >>sys.stderr, errout
+  p.stdout.close()
+  p.stderr.close()
+  return output, p.returncode
+
+
+def RunShell(command, silent_ok=False, universal_newlines=True,
+             print_output=False):
+  data, retcode = RunShellWithReturnCode(command, print_output,
+                                         universal_newlines)
+  if retcode:
+    ErrorExit("Got error status from %s:\n%s" % (command, data))
+  if not silent_ok and not data:
+    ErrorExit("No output from %s" % command)
+  return data
+
+
+class VersionControlSystem(object):
+  """Abstract base class providing an interface to the VCS."""
+
+  def __init__(self, options):
+    """Constructor.
+
+    Args:
+      options: Command line options.
+    """
+    self.options = options
+
+  def GenerateDiff(self, args):
+    """Return the current diff as a string.
+
+    Args:
+      args: Extra arguments to pass to the diff command.
+    """
+    raise NotImplementedError(
+        "abstract method -- subclass %s must override" % self.__class__)
+
+  def GetUnknownFiles(self):
+    """Return a list of files unknown to the VCS."""
+    raise NotImplementedError(
+        "abstract method -- subclass %s must override" % self.__class__)
+
+  def CheckForUnknownFiles(self):
+    """Show an "are you sure?" prompt if there are unknown files."""
+    unknown_files = self.GetUnknownFiles()
+    if unknown_files:
+      print "The following files are not added to version control:"
+      for line in unknown_files:
+        print line
+      prompt = "Are you sure to continue?(y/N) "
+      answer = raw_input(prompt).strip()
+      if answer != "y":
+        ErrorExit("User aborted")
+
+  def GetBaseFile(self, filename):
+    """Get the content of the upstream version of a file.
+
+    Returns:
+      A tuple (base_content, new_content, is_binary, status)
+        base_content: The contents of the base file.
+        new_content: For text files, this is empty.  For binary files, this is
+          the contents of the new file, since the diff output won't contain
+          information to reconstruct the current file.
+        is_binary: True iff the file is binary.
+        status: The status of the file.
+    """
+
+    raise NotImplementedError(
+        "abstract method -- subclass %s must override" % self.__class__)
+
+
+  def GetBaseFiles(self, diff):
+    """Helper that calls GetBase file for each file in the patch.
+
+    Returns:
+      A dictionary that maps from filename to GetBaseFile's tuple.  Filenames
+      are retrieved based on lines that start with "Index:" or
+      "Property changes on:".
+    """
+    files = {}
+    for line in diff.splitlines(True):
+      if line.startswith('Index:') or line.startswith('Property changes on:'):
+        unused, filename = line.split(':', 1)
+        # On Windows if a file has property changes its filename uses '\'
+        # instead of '/'.
+        filename = filename.strip().replace('\\', '/')
+        files[filename] = self.GetBaseFile(filename)
+    return files
+
+
+  def UploadBaseFiles(self, issue, rpc_server, patch_list, patchset, options,
+                      files):
+    """Uploads the base files (and if necessary, the current ones as well)."""
+
+    def UploadFile(filename, file_id, content, is_binary, status, is_base):
+      """Uploads a file to the server."""
+      file_too_large = False
+      if is_base:
+        type = "base"
+      else:
+        type = "current"
+      if len(content) > MAX_UPLOAD_SIZE:
+        print ("Not uploading the %s file for %s because it's too large." %
+               (type, filename))
+        file_too_large = True
+        content = ""
+      checksum = md5.new(content).hexdigest()
+      if options.verbose > 0 and not file_too_large:
+        print "Uploading %s file for %s" % (type, filename)
+      url = "/%d/upload_content/%d/%d" % (int(issue), int(patchset), file_id)
+      form_fields = [("filename", filename),
+                     ("status", status),
+                     ("checksum", checksum),
+                     ("is_binary", str(is_binary)),
+                     ("is_current", str(not is_base)),
+                    ]
+      if file_too_large:
+        form_fields.append(("file_too_large", "1"))
+      if options.email:
+        form_fields.append(("user", options.email))
+      ctype, body = EncodeMultipartFormData(form_fields,
+                                            [("data", filename, content)])
+      response_body = rpc_server.Send(url, body,
+                                      content_type=ctype)
+      if not response_body.startswith("OK"):
+        StatusUpdate("  --> %s" % response_body)
+        sys.exit(1)
+
+    patches = dict()
+    [patches.setdefault(v, k) for k, v in patch_list]
+    for filename in patches.keys():
+      base_content, new_content, is_binary, status = files[filename]
+      file_id_str = patches.get(filename)
+      if file_id_str.find("nobase") != -1:
+        base_content = None
+        file_id_str = file_id_str[file_id_str.rfind("_") + 1:]
+      file_id = int(file_id_str)
+      if base_content != None:
+        UploadFile(filename, file_id, base_content, is_binary, status, True)
+      if new_content != None:
+        UploadFile(filename, file_id, new_content, is_binary, status, False)
+
+  def IsImage(self, filename):
+    """Returns true if the filename has an image extension."""
+    mimetype =  mimetypes.guess_type(filename)[0]
+    if not mimetype:
+      return False
+    return mimetype.startswith("image/")
+
+
+class SubversionVCS(VersionControlSystem):
+  """Implementation of the VersionControlSystem interface for Subversion."""
+
+  def __init__(self, options):
+    super(SubversionVCS, self).__init__(options)
+    if self.options.revision:
+      match = re.match(r"(\d+)(:(\d+))?", self.options.revision)
+      if not match:
+        ErrorExit("Invalid Subversion revision %s." % self.options.revision)
+      self.rev_start = match.group(1)
+      self.rev_end = match.group(3)
+    else:
+      self.rev_start = self.rev_end = None
+    # Cache output from "svn list -r REVNO dirname".
+    # Keys: dirname, Values: 2-tuple (ouput for start rev and end rev).
+    self.svnls_cache = {}
+    # SVN base URL is required to fetch files deleted in an older revision.
+    # Result is cached to not guess it over and over again in GetBaseFile().
+    required = self.options.download_base or self.options.revision is not None
+    self.svn_base = self._GuessBase(required)
+
+  def GuessBase(self, required):
+    """Wrapper for _GuessBase."""
+    return self.svn_base
+
+  def _GuessBase(self, required):
+    """Returns the SVN base URL.
+
+    Args:
+      required: If true, exits if the url can't be guessed, otherwise None is
+        returned.
+    """
+    info = RunShell(["svn", "info"])
+    for line in info.splitlines():
+      words = line.split()
+      if len(words) == 2 and words[0] == "URL:":
+        url = words[1]
+        scheme, netloc, path, params, query, fragment = urlparse.urlparse(url)
+        username, netloc = urllib.splituser(netloc)
+        if username:
+          logging.info("Removed username from base URL")
+        if netloc.endswith("svn.python.org"):
+          if netloc == "svn.python.org":
+            if path.startswith("/projects/"):
+              path = path[9:]
+          elif netloc != "pythondev@svn.python.org":
+            ErrorExit("Unrecognized Python URL: %s" % url)
+          base = "http://svn.python.org/view/*checkout*%s/" % path
+          logging.info("Guessed Python base = %s", base)
+        elif netloc.endswith("svn.collab.net"):
+          if path.startswith("/repos/"):
+            path = path[6:]
+          base = "http://svn.collab.net/viewvc/*checkout*%s/" % path
+          logging.info("Guessed CollabNet base = %s", base)
+        elif netloc.endswith(".googlecode.com"):
+          path = path + "/"
+          base = urlparse.urlunparse(("http", netloc, path, params,
+                                      query, fragment))
+          logging.info("Guessed Google Code base = %s", base)
+        else:
+          path = path + "/"
+          base = urlparse.urlunparse((scheme, netloc, path, params,
+                                      query, fragment))
+          logging.info("Guessed base = %s", base)
+        return base
+    if required:
+      ErrorExit("Can't find URL in output from svn info")
+    return None
+
+  def GenerateDiff(self, args):
+    cmd = ["svn", "diff"]
+    if self.options.revision:
+      cmd += ["-r", self.options.revision]
+    cmd.extend(args)
+    data = RunShell(cmd)
+    count = 0
+    for line in data.splitlines():
+      if line.startswith("Index:") or line.startswith("Property changes on:"):
+        count += 1
+        logging.info(line)
+    if not count:
+      ErrorExit("No valid patches found in output from svn diff")
+    return data
+
+  def _CollapseKeywords(self, content, keyword_str):
+    """Collapses SVN keywords."""
+    # svn cat translates keywords but svn diff doesn't. As a result of this
+    # behavior patching.PatchChunks() fails with a chunk mismatch error.
+    # This part was originally written by the Review Board development team
+    # who had the same problem (http://reviews.review-board.org/r/276/).
+    # Mapping of keywords to known aliases
+    svn_keywords = {
+      # Standard keywords
+      'Date':                ['Date', 'LastChangedDate'],
+      'Revision':            ['Revision', 'LastChangedRevision', 'Rev'],
+      'Author':              ['Author', 'LastChangedBy'],
+      'HeadURL':             ['HeadURL', 'URL'],
+      'Id':                  ['Id'],
+
+      # Aliases
+      'LastChangedDate':     ['LastChangedDate', 'Date'],
+      'LastChangedRevision': ['LastChangedRevision', 'Rev', 'Revision'],
+      'LastChangedBy':       ['LastChangedBy', 'Author'],
+      'URL':                 ['URL', 'HeadURL'],
+    }
+
+    def repl(m):
+       if m.group(2):
+         return "$%s::%s$" % (m.group(1), " " * len(m.group(3)))
+       return "$%s$" % m.group(1)
+    keywords = [keyword
+                for name in keyword_str.split(" ")
+                for keyword in svn_keywords.get(name, [])]
+    return re.sub(r"\$(%s):(:?)([^\$]+)\$" % '|'.join(keywords), repl, content)
+
+  def GetUnknownFiles(self):
+    status = RunShell(["svn", "status", "--ignore-externals"], silent_ok=True)
+    unknown_files = []
+    for line in status.split("\n"):
+      if line and line[0] == "?":
+        unknown_files.append(line)
+    return unknown_files
+
+  def ReadFile(self, filename):
+    """Returns the contents of a file."""
+    file = open(filename, 'rb')
+    result = ""
+    try:
+      result = file.read()
+    finally:
+      file.close()
+    return result
+
+  def GetStatus(self, filename):
+    """Returns the status of a file."""
+    if not self.options.revision:
+      status = RunShell(["svn", "status", "--ignore-externals", filename])
+      if not status:
+        ErrorExit("svn status returned no output for %s" % filename)
+      status_lines = status.splitlines()
+      # If file is in a cl, the output will begin with
+      # "\n--- Changelist 'cl_name':\n".  See
+      # http://svn.collab.net/repos/svn/trunk/notes/changelist-design.txt
+      if (len(status_lines) == 3 and
+          not status_lines[0] and
+          status_lines[1].startswith("--- Changelist")):
+        status = status_lines[2]
+      else:
+        status = status_lines[0]
+    # If we have a revision to diff against we need to run "svn list"
+    # for the old and the new revision and compare the results to get
+    # the correct status for a file.
+    else:
+      dirname, relfilename = os.path.split(filename)
+      if dirname not in self.svnls_cache:
+        cmd = ["svn", "list", "-r", self.rev_start, dirname or "."]
+        out, returncode = RunShellWithReturnCode(cmd)
+        if returncode:
+          ErrorExit("Failed to get status for %s." % filename)
+        old_files = out.splitlines()
+        args = ["svn", "list"]
+        if self.rev_end:
+          args += ["-r", self.rev_end]
+        cmd = args + [dirname or "."]
+        out, returncode = RunShellWithReturnCode(cmd)
+        if returncode:
+          ErrorExit("Failed to run command %s" % cmd)
+        self.svnls_cache[dirname] = (old_files, out.splitlines())
+      old_files, new_files = self.svnls_cache[dirname]
+      if relfilename in old_files and relfilename not in new_files:
+        status = "D   "
+      elif relfilename in old_files and relfilename in new_files:
+        status = "M   "
+      else:
+        status = "A   "
+    return status
+
+  def GetBaseFile(self, filename):
+    status = self.GetStatus(filename)
+    base_content = None
+    new_content = None
+
+    # If a file is copied its status will be "A  +", which signifies
+    # "addition-with-history".  See "svn st" for more information.  We need to
+    # upload the original file or else diff parsing will fail if the file was
+    # edited.
+    if status[0] == "A" and status[3] != "+":
+      # We'll need to upload the new content if we're adding a binary file
+      # since diff's output won't contain it.
+      mimetype = RunShell(["svn", "propget", "svn:mime-type", filename],
+                          silent_ok=True)
+      base_content = ""
+      is_binary = mimetype and not mimetype.startswith("text/")
+      if is_binary and self.IsImage(filename):
+        new_content = self.ReadFile(filename)
+    elif (status[0] in ("M", "D", "R") or
+          (status[0] == "A" and status[3] == "+") or  # Copied file.
+          (status[0] == " " and status[1] == "M")):  # Property change.
+      args = []
+      if self.options.revision:
+        url = "%s/%s@%s" % (self.svn_base, filename, self.rev_start)
+      else:
+        # Don't change filename, it's needed later.
+        url = filename
+        args += ["-r", "BASE"]
+      cmd = ["svn"] + args + ["propget", "svn:mime-type", url]
+      mimetype, returncode = RunShellWithReturnCode(cmd)
+      if returncode:
+        # File does not exist in the requested revision.
+        # Reset mimetype, it contains an error message.
+        mimetype = ""
+      get_base = False
+      is_binary = mimetype and not mimetype.startswith("text/")
+      if status[0] == " ":
+        # Empty base content just to force an upload.
+        base_content = ""
+      elif is_binary:
+        if self.IsImage(filename):
+          get_base = True
+          if status[0] == "M":
+            if not self.rev_end:
+              new_content = self.ReadFile(filename)
+            else:
+              url = "%s/%s@%s" % (self.svn_base, filename, self.rev_end)
+              new_content = RunShell(["svn", "cat", url],
+                                     universal_newlines=True, silent_ok=True)
+        else:
+          base_content = ""
+      else:
+        get_base = True
+
+      if get_base:
+        if is_binary:
+          universal_newlines = False
+        else:
+          universal_newlines = True
+        if self.rev_start:
+          # "svn cat -r REV delete_file.txt" doesn't work. cat requires
+          # the full URL with "@REV" appended instead of using "-r" option.
+          url = "%s/%s@%s" % (self.svn_base, filename, self.rev_start)
+          base_content = RunShell(["svn", "cat", url],
+                                  universal_newlines=universal_newlines,
+                                  silent_ok=True)
+        else:
+          base_content = RunShell(["svn", "cat", filename],
+                                  universal_newlines=universal_newlines,
+                                  silent_ok=True)
+        if not is_binary:
+          args = []
+          if self.rev_start:
+            url = "%s/%s@%s" % (self.svn_base, filename, self.rev_start)
+          else:
+            url = filename
+            args += ["-r", "BASE"]
+          cmd = ["svn"] + args + ["propget", "svn:keywords", url]
+          keywords, returncode = RunShellWithReturnCode(cmd)
+          if keywords and not returncode:
+            base_content = self._CollapseKeywords(base_content, keywords)
+    else:
+      StatusUpdate("svn status returned unexpected output: %s" % status)
+      sys.exit(1)
+    return base_content, new_content, is_binary, status[0:5]
+
+
+class GitVCS(VersionControlSystem):
+  """Implementation of the VersionControlSystem interface for Git."""
+
+  def __init__(self, options):
+    super(GitVCS, self).__init__(options)
+    # Map of filename -> hash of base file.
+    self.base_hashes = {}
+
+  def GenerateDiff(self, extra_args):
+    # This is more complicated than svn's GenerateDiff because we must convert
+    # the diff output to include an svn-style "Index:" line as well as record
+    # the hashes of the base files, so we can upload them along with our diff.
+    if self.options.revision:
+      extra_args = [self.options.revision] + extra_args
+    gitdiff = RunShell(["git", "diff", "--full-index"] + extra_args)
+    svndiff = []
+    filecount = 0
+    filename = None
+    for line in gitdiff.splitlines():
+      match = re.match(r"diff --git a/(.*) b/.*$", line)
+      if match:
+        filecount += 1
+        filename = match.group(1)
+        svndiff.append("Index: %s\n" % filename)
+      else:
+        # The "index" line in a git diff looks like this (long hashes elided):
+        #   index 82c0d44..b2cee3f 100755
+        # We want to save the left hash, as that identifies the base file.
+        match = re.match(r"index (\w+)\.\.", line)
+        if match:
+          self.base_hashes[filename] = match.group(1)
+      svndiff.append(line + "\n")
+    if not filecount:
+      ErrorExit("No valid patches found in output from git diff")
+    return "".join(svndiff)
+
+  def GetUnknownFiles(self):
+    status = RunShell(["git", "ls-files", "--exclude-standard", "--others"],
+                      silent_ok=True)
+    return status.splitlines()
+
+  def GetBaseFile(self, filename):
+    hash = self.base_hashes[filename]
+    base_content = None
+    new_content = None
+    is_binary = False
+    if hash == "0" * 40:  # All-zero hash indicates no base file.
+      status = "A"
+      base_content = ""
+    else:
+      status = "M"
+      base_content, returncode = RunShellWithReturnCode(["git", "show", hash])
+      if returncode:
+        ErrorExit("Got error status from 'git show %s'" % hash)
+    return (base_content, new_content, is_binary, status)
+
+
+class MercurialVCS(VersionControlSystem):
+  """Implementation of the VersionControlSystem interface for Mercurial."""
+
+  def __init__(self, options, repo_dir):
+    super(MercurialVCS, self).__init__(options)
+    # Absolute path to repository (we can be in a subdir)
+    self.repo_dir = os.path.normpath(repo_dir)
+    # Compute the subdir
+    cwd = os.path.normpath(os.getcwd())
+    assert cwd.startswith(self.repo_dir)
+    self.subdir = cwd[len(self.repo_dir):].lstrip(r"\/")
+    if self.options.revision:
+      self.base_rev = self.options.revision
+    else:
+      self.base_rev = RunShell(["hg", "parent", "-q"]).split(':')[1].strip()
+
+  def _GetRelPath(self, filename):
+    """Get relative path of a file according to the current directory,
+    given its logical path in the repo."""
+    assert filename.startswith(self.subdir), filename
+    return filename[len(self.subdir):].lstrip(r"\/")
+
+  def GenerateDiff(self, extra_args):
+    # If no file specified, restrict to the current subdir
+    extra_args = extra_args or ["."]
+    cmd = ["hg", "diff", "--git", "-r", self.base_rev] + extra_args
+    data = RunShell(cmd, silent_ok=True)
+    svndiff = []
+    filecount = 0
+    for line in data.splitlines():
+      m = re.match("diff --git a/(\S+) b/(\S+)", line)
+      if m:
+        # Modify line to make it look like as it comes from svn diff.
+        # With this modification no changes on the server side are required
+        # to make upload.py work with Mercurial repos.
+        # NOTE: for proper handling of moved/copied files, we have to use
+        # the second filename.
+        filename = m.group(2)
+        svndiff.append("Index: %s" % filename)
+        svndiff.append("=" * 67)
+        filecount += 1
+        logging.info(line)
+      else:
+        svndiff.append(line)
+    if not filecount:
+      ErrorExit("No valid patches found in output from hg diff")
+    return "\n".join(svndiff) + "\n"
+
+  def GetUnknownFiles(self):
+    """Return a list of files unknown to the VCS."""
+    args = []
+    status = RunShell(["hg", "status", "--rev", self.base_rev, "-u", "."],
+        silent_ok=True)
+    unknown_files = []
+    for line in status.splitlines():
+      st, fn = line.split(" ", 1)
+      if st == "?":
+        unknown_files.append(fn)
+    return unknown_files
+
+  def GetBaseFile(self, filename):
+    # "hg status" and "hg cat" both take a path relative to the current subdir
+    # rather than to the repo root, but "hg diff" has given us the full path
+    # to the repo root.
+    base_content = ""
+    new_content = None
+    is_binary = False
+    oldrelpath = relpath = self._GetRelPath(filename)
+    # "hg status -C" returns two lines for moved/copied files, one otherwise
+    out = RunShell(["hg", "status", "-C", "--rev", self.base_rev, relpath])
+    out = out.splitlines()
+    # HACK: strip error message about missing file/directory if it isn't in
+    # the working copy
+    if out[0].startswith('%s: ' % relpath):
+      out = out[1:]
+    if len(out) > 1:
+      # Moved/copied => considered as modified, use old filename to
+      # retrieve base contents
+      oldrelpath = out[1].strip()
+      status = "M"
+    else:
+      status, _ = out[0].split(' ', 1)
+    if status != "A":
+      base_content = RunShell(["hg", "cat", "-r", self.base_rev, oldrelpath],
+        silent_ok=True)
+      is_binary = "\0" in base_content  # Mercurial's heuristic
+    if status != "R":
+      new_content = open(relpath, "rb").read()
+      is_binary = is_binary or "\0" in new_content
+    if is_binary and base_content:
+      # Fetch again without converting newlines
+      base_content = RunShell(["hg", "cat", "-r", self.base_rev, oldrelpath],
+        silent_ok=True, universal_newlines=False)
+    if not is_binary or not self.IsImage(relpath):
+      new_content = None
+    return base_content, new_content, is_binary, status
+
+
+# NOTE: The SplitPatch function is duplicated in engine.py, keep them in sync.
+def SplitPatch(data):
+  """Splits a patch into separate pieces for each file.
+
+  Args:
+    data: A string containing the output of svn diff.
+
+  Returns:
+    A list of 2-tuple (filename, text) where text is the svn diff output
+      pertaining to filename.
+  """
+  patches = []
+  filename = None
+  diff = []
+  for line in data.splitlines(True):
+    new_filename = None
+    if line.startswith('Index:'):
+      unused, new_filename = line.split(':', 1)
+      new_filename = new_filename.strip()
+    elif line.startswith('Property changes on:'):
+      unused, temp_filename = line.split(':', 1)
+      # When a file is modified, paths use '/' between directories, however
+      # when a property is modified '\' is used on Windows.  Make them the same
+      # otherwise the file shows up twice.
+      temp_filename = temp_filename.strip().replace('\\', '/')
+      if temp_filename != filename:
+        # File has property changes but no modifications, create a new diff.
+        new_filename = temp_filename
+    if new_filename:
+      if filename and diff:
+        patches.append((filename, ''.join(diff)))
+      filename = new_filename
+      diff = [line]
+      continue
+    if diff is not None:
+      diff.append(line)
+  if filename and diff:
+    patches.append((filename, ''.join(diff)))
+  return patches
+
+
+def UploadSeparatePatches(issue, rpc_server, patchset, data, options):
+  """Uploads a separate patch for each file in the diff output.
+
+  Returns a list of [patch_key, filename] for each file.
+  """
+  patches = SplitPatch(data)
+  rv = []
+  for patch in patches:
+    if len(patch[1]) > MAX_UPLOAD_SIZE:
+      print ("Not uploading the patch for " + patch[0] +
+             " because the file is too large.")
+      continue
+    form_fields = [("filename", patch[0])]
+    if not options.download_base:
+      form_fields.append(("content_upload", "1"))
+    files = [("data", "data.diff", patch[1])]
+    ctype, body = EncodeMultipartFormData(form_fields, files)
+    url = "/%d/upload_patch/%d" % (int(issue), int(patchset))
+    print "Uploading patch for " + patch[0]
+    response_body = rpc_server.Send(url, body, content_type=ctype)
+    lines = response_body.splitlines()
+    if not lines or lines[0] != "OK":
+      StatusUpdate("  --> %s" % response_body)
+      sys.exit(1)
+    rv.append([lines[1], patch[0]])
+  return rv
+
+
+def GuessVCS(options):
+  """Helper to guess the version control system.
+
+  This examines the current directory, guesses which VersionControlSystem
+  we're using, and returns an instance of the appropriate class.  Exit with an
+  error if we can't figure it out.
+
+  Returns:
+    A VersionControlSystem instance. Exits if the VCS can't be guessed.
+  """
+  # Mercurial has a command to get the base directory of a repository
+  # Try running it, but don't die if we don't have hg installed.
+  # NOTE: we try Mercurial first as it can sit on top of an SVN working copy.
+  try:
+    out, returncode = RunShellWithReturnCode(["hg", "root"])
+    if returncode == 0:
+      return MercurialVCS(options, out.strip())
+  except OSError, (errno, message):
+    if errno != 2:  # ENOENT -- they don't have hg installed.
+      raise
+
+  # Subversion has a .svn in all working directories.
+  if os.path.isdir('.svn'):
+    logging.info("Guessed VCS = Subversion")
+    return SubversionVCS(options)
+
+  # Git has a command to test if you're in a git tree.
+  # Try running it, but don't die if we don't have git installed.
+  try:
+    out, returncode = RunShellWithReturnCode(["git", "rev-parse",
+                                              "--is-inside-work-tree"])
+    if returncode == 0:
+      return GitVCS(options)
+  except OSError, (errno, message):
+    if errno != 2:  # ENOENT -- they don't have git installed.
+      raise
+
+  ErrorExit(("Could not guess version control system. "
+             "Are you in a working copy directory?"))
+
+
+def RealMain(argv, data=None):
+  """The real main function.
+
+  Args:
+    argv: Command line arguments.
+    data: Diff contents. If None (default) the diff is generated by
+      the VersionControlSystem implementation returned by GuessVCS().
+
+  Returns:
+    A 2-tuple (issue id, patchset id).
+    The patchset id is None if the base files are not uploaded by this
+    script (applies only to SVN checkouts).
+  """
+  logging.basicConfig(format=("%(asctime).19s %(levelname)s %(filename)s:"
+                              "%(lineno)s %(message)s "))
+  os.environ['LC_ALL'] = 'C'
+  options, args = parser.parse_args(argv[1:])
+  global verbosity
+  verbosity = options.verbose
+  if verbosity >= 3:
+    logging.getLogger().setLevel(logging.DEBUG)
+  elif verbosity >= 2:
+    logging.getLogger().setLevel(logging.INFO)
+  vcs = GuessVCS(options)
+  if isinstance(vcs, SubversionVCS):
+    # base field is only allowed for Subversion.
+    # Note: Fetching base files may become deprecated in future releases.
+    base = vcs.GuessBase(options.download_base)
+  else:
+    base = None
+  if not base and options.download_base:
+    options.download_base = True
+    logging.info("Enabled upload of base file")
+  if not options.assume_yes:
+    vcs.CheckForUnknownFiles()
+  if data is None:
+    data = vcs.GenerateDiff(args)
+  files = vcs.GetBaseFiles(data)
+  if verbosity >= 1:
+    print "Upload server:", options.server, "(change with -s/--server)"
+  if options.issue:
+    prompt = "Message describing this patch set: "
+  else:
+    prompt = "New issue subject: "
+  message = options.message or raw_input(prompt).strip()
+  if not message:
+    ErrorExit("A non-empty message is required")
+  rpc_server = GetRpcServer(options)
+  form_fields = [("subject", message)]
+  if base:
+    form_fields.append(("base", base))
+  if options.issue:
+    form_fields.append(("issue", str(options.issue)))
+  if options.email:
+    form_fields.append(("user", options.email))
+  if options.reviewers:
+    for reviewer in options.reviewers.split(','):
+      if "@" in reviewer and not reviewer.split("@")[1].count(".") == 1:
+        ErrorExit("Invalid email address: %s" % reviewer)
+    form_fields.append(("reviewers", options.reviewers))
+  if options.cc:
+    for cc in options.cc.split(','):
+      if "@" in cc and not cc.split("@")[1].count(".") == 1:
+        ErrorExit("Invalid email address: %s" % cc)
+    form_fields.append(("cc", options.cc))
+  description = options.description
+  if options.description_file:
+    if options.description:
+      ErrorExit("Can't specify description and description_file")
+    file = open(options.description_file, 'r')
+    description = file.read()
+    file.close()
+  if description:
+    form_fields.append(("description", description))
+  # Send a hash of all the base file so the server can determine if a copy
+  # already exists in an earlier patchset.
+  base_hashes = ""
+  for file, info in files.iteritems():
+    if not info[0] is None:
+      checksum = md5.new(info[0]).hexdigest()
+      if base_hashes:
+        base_hashes += "|"
+      base_hashes += checksum + ":" + file
+  form_fields.append(("base_hashes", base_hashes))
+  # If we're uploading base files, don't send the email before the uploads, so
+  # that it contains the file status.
+  if options.send_mail and options.download_base:
+    form_fields.append(("send_mail", "1"))
+  if not options.download_base:
+    form_fields.append(("content_upload", "1"))
+  if len(data) > MAX_UPLOAD_SIZE:
+    print "Patch is large, so uploading file patches separately."
+    uploaded_diff_file = []
+    form_fields.append(("separate_patches", "1"))
+  else:
+    uploaded_diff_file = [("data", "data.diff", data)]
+  ctype, body = EncodeMultipartFormData(form_fields, uploaded_diff_file)
+  response_body = rpc_server.Send("/upload", body, content_type=ctype)
+  patchset = None
+  if not options.download_base or not uploaded_diff_file:
+    lines = response_body.splitlines()
+    if len(lines) >= 2:
+      msg = lines[0]
+      patchset = lines[1].strip()
+      patches = [x.split(" ", 1) for x in lines[2:]]
+    else:
+      msg = response_body
+  else:
+    msg = response_body
+  StatusUpdate(msg)
+  if not response_body.startswith("Issue created.") and \
+  not response_body.startswith("Issue updated."):
+    sys.exit(0)
+  issue = msg[msg.rfind("/")+1:]
+
+  if not uploaded_diff_file:
+    result = UploadSeparatePatches(issue, rpc_server, patchset, data, options)
+    if not options.download_base:
+      patches = result
+
+  if not options.download_base:
+    vcs.UploadBaseFiles(issue, rpc_server, patches, patchset, options, files)
+    if options.send_mail:
+      rpc_server.Send("/" + issue + "/mail", payload="")
+  return issue, patchset
+
+
+def main():
+  try:
+    RealMain(sys.argv)
+  except KeyboardInterrupt:
+    print
+    StatusUpdate("Interrupted.")
+    sys.exit(1)
+
+
+if __name__ == "__main__":
+  main()
diff --git a/nss/external_tests/google_test/gtest/scripts/upload_gtest.py b/nss/external_tests/google_test/gtest/scripts/upload_gtest.py
new file mode 100755
index 0000000..be19ae8
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/scripts/upload_gtest.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""upload_gtest.py v0.1.0 -- uploads a Google Test patch for review.
+
+This simple wrapper passes all command line flags and
+--cc=googletestframework@googlegroups.com to upload.py.
+
+USAGE: upload_gtest.py [options for upload.py]
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import sys
+
+CC_FLAG = '--cc='
+GTEST_GROUP = 'googletestframework@googlegroups.com'
+
+
+def main():
+  # Finds the path to upload.py, assuming it is in the same directory
+  # as this file.
+  my_dir = os.path.dirname(os.path.abspath(__file__))
+  upload_py_path = os.path.join(my_dir, 'upload.py')
+
+  # Adds Google Test discussion group to the cc line if it's not there
+  # already.
+  upload_py_argv = [upload_py_path]
+  found_cc_flag = False
+  for arg in sys.argv[1:]:
+    if arg.startswith(CC_FLAG):
+      found_cc_flag = True
+      cc_line = arg[len(CC_FLAG):]
+      cc_list = [addr for addr in cc_line.split(',') if addr]
+      if GTEST_GROUP not in cc_list:
+        cc_list.append(GTEST_GROUP)
+      upload_py_argv.append(CC_FLAG + ','.join(cc_list))
+    else:
+      upload_py_argv.append(arg)
+
+  if not found_cc_flag:
+    upload_py_argv.append(CC_FLAG + GTEST_GROUP)
+
+  # Invokes upload.py with the modified command line flags.
+  os.execv(upload_py_path, upload_py_argv)
+
+
+if __name__ == '__main__':
+  main()
diff --git a/nss/external_tests/google_test/gtest/src/gtest-all.cc b/nss/external_tests/google_test/gtest/src/gtest-all.cc
new file mode 100644
index 0000000..0a9cee5
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-all.cc
@@ -0,0 +1,48 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+// Google C++ Testing Framework (Google Test)
+//
+// Sometimes it's desirable to build Google Test by compiling a single file.
+// This file serves this purpose.
+
+// This line ensures that gtest.h can be compiled on its own, even
+// when it's fused.
+#include "gtest/gtest.h"
+
+// The following lines pull in the real gtest *.cc files.
+#include "src/gtest.cc"
+#include "src/gtest-death-test.cc"
+#include "src/gtest-filepath.cc"
+#include "src/gtest-port.cc"
+#include "src/gtest-printers.cc"
+#include "src/gtest-test-part.cc"
+#include "src/gtest-typed-test.cc"
diff --git a/nss/external_tests/google_test/gtest/src/gtest-death-test.cc b/nss/external_tests/google_test/gtest/src/gtest-death-test.cc
new file mode 100644
index 0000000..a0a8c7b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-death-test.cc
@@ -0,0 +1,1346 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan), vladl@google.com (Vlad Losev)
+//
+// This file implements death tests.
+
+#include "gtest/gtest-death-test.h"
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_HAS_DEATH_TEST
+
+# if GTEST_OS_MAC
+#  include <crt_externs.h>
+# endif  // GTEST_OS_MAC
+
+# include <errno.h>
+# include <fcntl.h>
+# include <limits.h>
+
+# if GTEST_OS_LINUX
+#  include <signal.h>
+# endif  // GTEST_OS_LINUX
+
+# include <stdarg.h>
+
+# if GTEST_OS_WINDOWS
+#  include <windows.h>
+# else
+#  include <sys/mman.h>
+#  include <sys/wait.h>
+# endif  // GTEST_OS_WINDOWS
+
+# if GTEST_OS_QNX
+#  include <spawn.h>
+# endif  // GTEST_OS_QNX
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-string.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick exists to
+// prevent the accidental inclusion of gtest-internal-inl.h in the
+// user's code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+
+// Constants.
+
+// The default death test style.
+static const char kDefaultDeathTestStyle[] = "fast";
+
+GTEST_DEFINE_string_(
+    death_test_style,
+    internal::StringFromGTestEnv("death_test_style", kDefaultDeathTestStyle),
+    "Indicates how to run a death test in a forked child process: "
+    "\"threadsafe\" (child process re-executes the test binary "
+    "from the beginning, running only the specific death test) or "
+    "\"fast\" (child process runs the death test immediately "
+    "after forking).");
+
+GTEST_DEFINE_bool_(
+    death_test_use_fork,
+    internal::BoolFromGTestEnv("death_test_use_fork", false),
+    "Instructs to use fork()/_exit() instead of clone() in death tests. "
+    "Ignored and always uses fork() on POSIX systems where clone() is not "
+    "implemented. Useful when running under valgrind or similar tools if "
+    "those do not support clone(). Valgrind 3.3.1 will just fail if "
+    "it sees an unsupported combination of clone() flags. "
+    "It is not recommended to use this flag w/o valgrind though it will "
+    "work in 99% of the cases. Once valgrind is fixed, this flag will "
+    "most likely be removed.");
+
+namespace internal {
+GTEST_DEFINE_string_(
+    internal_run_death_test, "",
+    "Indicates the file, line number, temporal index of "
+    "the single death test to run, and a file descriptor to "
+    "which a success code may be sent, all separated by "
+    "the '|' characters.  This flag is specified if and only if the current "
+    "process is a sub-process launched for running a thread-safe "
+    "death test.  FOR INTERNAL USE ONLY.");
+}  // namespace internal
+
+#if GTEST_HAS_DEATH_TEST
+
+namespace internal {
+
+// Valid only for fast death tests. Indicates the code is running in the
+// child process of a fast style death test.
+static bool g_in_fast_death_test_child = false;
+
+// Returns a Boolean value indicating whether the caller is currently
+// executing in the context of the death test child process.  Tools such as
+// Valgrind heap checkers may need this to modify their behavior in death
+// tests.  IMPORTANT: This is an internal utility.  Using it may break the
+// implementation of death tests.  User code MUST NOT use it.
+bool InDeathTestChild() {
+# if GTEST_OS_WINDOWS
+
+  // On Windows, death tests are thread-safe regardless of the value of the
+  // death_test_style flag.
+  return !GTEST_FLAG(internal_run_death_test).empty();
+
+# else
+
+  if (GTEST_FLAG(death_test_style) == "threadsafe")
+    return !GTEST_FLAG(internal_run_death_test).empty();
+  else
+    return g_in_fast_death_test_child;
+#endif
+}
+
+}  // namespace internal
+
+// ExitedWithCode constructor.
+ExitedWithCode::ExitedWithCode(int exit_code) : exit_code_(exit_code) {
+}
+
+// ExitedWithCode function-call operator.
+bool ExitedWithCode::operator()(int exit_status) const {
+# if GTEST_OS_WINDOWS
+
+  return exit_status == exit_code_;
+
+# else
+
+  return WIFEXITED(exit_status) && WEXITSTATUS(exit_status) == exit_code_;
+
+# endif  // GTEST_OS_WINDOWS
+}
+
+# if !GTEST_OS_WINDOWS
+// KilledBySignal constructor.
+KilledBySignal::KilledBySignal(int signum) : signum_(signum) {
+}
+
+// KilledBySignal function-call operator.
+bool KilledBySignal::operator()(int exit_status) const {
+  return WIFSIGNALED(exit_status) && WTERMSIG(exit_status) == signum_;
+}
+# endif  // !GTEST_OS_WINDOWS
+
+namespace internal {
+
+// Utilities needed for death tests.
+
+// Generates a textual description of a given exit code, in the format
+// specified by wait(2).
+static std::string ExitSummary(int exit_code) {
+  Message m;
+
+# if GTEST_OS_WINDOWS
+
+  m << "Exited with exit status " << exit_code;
+
+# else
+
+  if (WIFEXITED(exit_code)) {
+    m << "Exited with exit status " << WEXITSTATUS(exit_code);
+  } else if (WIFSIGNALED(exit_code)) {
+    m << "Terminated by signal " << WTERMSIG(exit_code);
+  }
+#  ifdef WCOREDUMP
+  if (WCOREDUMP(exit_code)) {
+    m << " (core dumped)";
+  }
+#  endif
+# endif  // GTEST_OS_WINDOWS
+
+  return m.GetString();
+}
+
+// Returns true if exit_status describes a process that was terminated
+// by a signal, or exited normally with a nonzero exit code.
+bool ExitedUnsuccessfully(int exit_status) {
+  return !ExitedWithCode(0)(exit_status);
+}
+
+# if !GTEST_OS_WINDOWS
+// Generates a textual failure message when a death test finds more than
+// one thread running, or cannot determine the number of threads, prior
+// to executing the given statement.  It is the responsibility of the
+// caller not to pass a thread_count of 1.
+static std::string DeathTestThreadWarning(size_t thread_count) {
+  Message msg;
+  msg << "Death tests use fork(), which is unsafe particularly"
+      << " in a threaded context. For this test, " << GTEST_NAME_ << " ";
+  if (thread_count == 0)
+    msg << "couldn't detect the number of threads.";
+  else
+    msg << "detected " << thread_count << " threads.";
+  return msg.GetString();
+}
+# endif  // !GTEST_OS_WINDOWS
+
+// Flag characters for reporting a death test that did not die.
+static const char kDeathTestLived = 'L';
+static const char kDeathTestReturned = 'R';
+static const char kDeathTestThrew = 'T';
+static const char kDeathTestInternalError = 'I';
+
+// An enumeration describing all of the possible ways that a death test can
+// conclude.  DIED means that the process died while executing the test
+// code; LIVED means that process lived beyond the end of the test code;
+// RETURNED means that the test statement attempted to execute a return
+// statement, which is not allowed; THREW means that the test statement
+// returned control by throwing an exception.  IN_PROGRESS means the test
+// has not yet concluded.
+// TODO(vladl@google.com): Unify names and possibly values for
+// AbortReason, DeathTestOutcome, and flag characters above.
+enum DeathTestOutcome { IN_PROGRESS, DIED, LIVED, RETURNED, THREW };
+
+// Routine for aborting the program which is safe to call from an
+// exec-style death test child process, in which case the error
+// message is propagated back to the parent process.  Otherwise, the
+// message is simply printed to stderr.  In either case, the program
+// then exits with status 1.
+void DeathTestAbort(const std::string& message) {
+  // On a POSIX system, this function may be called from a threadsafe-style
+  // death test child process, which operates on a very small stack.  Use
+  // the heap for any additional non-minuscule memory requirements.
+  const InternalRunDeathTestFlag* const flag =
+      GetUnitTestImpl()->internal_run_death_test_flag();
+  if (flag != NULL) {
+    FILE* parent = posix::FDOpen(flag->write_fd(), "w");
+    fputc(kDeathTestInternalError, parent);
+    fprintf(parent, "%s", message.c_str());
+    fflush(parent);
+    _exit(1);
+  } else {
+    fprintf(stderr, "%s", message.c_str());
+    fflush(stderr);
+    posix::Abort();
+  }
+}
+
+// A replacement for CHECK that calls DeathTestAbort if the assertion
+// fails.
+# define GTEST_DEATH_TEST_CHECK_(expression) \
+  do { \
+    if (!::testing::internal::IsTrue(expression)) { \
+      DeathTestAbort( \
+          ::std::string("CHECK failed: File ") + __FILE__ +  ", line " \
+          + ::testing::internal::StreamableToString(__LINE__) + ": " \
+          + #expression); \
+    } \
+  } while (::testing::internal::AlwaysFalse())
+
+// This macro is similar to GTEST_DEATH_TEST_CHECK_, but it is meant for
+// evaluating any system call that fulfills two conditions: it must return
+// -1 on failure, and set errno to EINTR when it is interrupted and
+// should be tried again.  The macro expands to a loop that repeatedly
+// evaluates the expression as long as it evaluates to -1 and sets
+// errno to EINTR.  If the expression evaluates to -1 but errno is
+// something other than EINTR, DeathTestAbort is called.
+# define GTEST_DEATH_TEST_CHECK_SYSCALL_(expression) \
+  do { \
+    int gtest_retval; \
+    do { \
+      gtest_retval = (expression); \
+    } while (gtest_retval == -1 && errno == EINTR); \
+    if (gtest_retval == -1) { \
+      DeathTestAbort( \
+          ::std::string("CHECK failed: File ") + __FILE__ + ", line " \
+          + ::testing::internal::StreamableToString(__LINE__) + ": " \
+          + #expression + " != -1"); \
+    } \
+  } while (::testing::internal::AlwaysFalse())
+
+// Returns the message describing the last system error in errno.
+std::string GetLastErrnoDescription() {
+    return errno == 0 ? "" : posix::StrError(errno);
+}
+
+// This is called from a death test parent process to read a failure
+// message from the death test child process and log it with the FATAL
+// severity. On Windows, the message is read from a pipe handle. On other
+// platforms, it is read from a file descriptor.
+static void FailFromInternalError(int fd) {
+  Message error;
+  char buffer[256];
+  int num_read;
+
+  do {
+    while ((num_read = posix::Read(fd, buffer, 255)) > 0) {
+      buffer[num_read] = '\0';
+      error << buffer;
+    }
+  } while (num_read == -1 && errno == EINTR);
+
+  if (num_read == 0) {
+    GTEST_LOG_(FATAL) << error.GetString();
+  } else {
+    const int last_error = errno;
+    GTEST_LOG_(FATAL) << "Error while reading death test internal: "
+                      << GetLastErrnoDescription() << " [" << last_error << "]";
+  }
+}
+
+// Death test constructor.  Increments the running death test count
+// for the current test.
+DeathTest::DeathTest() {
+  TestInfo* const info = GetUnitTestImpl()->current_test_info();
+  if (info == NULL) {
+    DeathTestAbort("Cannot run a death test outside of a TEST or "
+                   "TEST_F construct");
+  }
+}
+
+// Creates and returns a death test by dispatching to the current
+// death test factory.
+bool DeathTest::Create(const char* statement, const RE* regex,
+                       const char* file, int line, DeathTest** test) {
+  return GetUnitTestImpl()->death_test_factory()->Create(
+      statement, regex, file, line, test);
+}
+
+const char* DeathTest::LastMessage() {
+  return last_death_test_message_.c_str();
+}
+
+void DeathTest::set_last_death_test_message(const std::string& message) {
+  last_death_test_message_ = message;
+}
+
+std::string DeathTest::last_death_test_message_;
+
+// Provides cross platform implementation for some death functionality.
+class DeathTestImpl : public DeathTest {
+ protected:
+  DeathTestImpl(const char* a_statement, const RE* a_regex)
+      : statement_(a_statement),
+        regex_(a_regex),
+        spawned_(false),
+        status_(-1),
+        outcome_(IN_PROGRESS),
+        read_fd_(-1),
+        write_fd_(-1) {}
+
+  // read_fd_ is expected to be closed and cleared by a derived class.
+  ~DeathTestImpl() { GTEST_DEATH_TEST_CHECK_(read_fd_ == -1); }
+
+  void Abort(AbortReason reason);
+  virtual bool Passed(bool status_ok);
+
+  const char* statement() const { return statement_; }
+  const RE* regex() const { return regex_; }
+  bool spawned() const { return spawned_; }
+  void set_spawned(bool is_spawned) { spawned_ = is_spawned; }
+  int status() const { return status_; }
+  void set_status(int a_status) { status_ = a_status; }
+  DeathTestOutcome outcome() const { return outcome_; }
+  void set_outcome(DeathTestOutcome an_outcome) { outcome_ = an_outcome; }
+  int read_fd() const { return read_fd_; }
+  void set_read_fd(int fd) { read_fd_ = fd; }
+  int write_fd() const { return write_fd_; }
+  void set_write_fd(int fd) { write_fd_ = fd; }
+
+  // Called in the parent process only. Reads the result code of the death
+  // test child process via a pipe, interprets it to set the outcome_
+  // member, and closes read_fd_.  Outputs diagnostics and terminates in
+  // case of unexpected codes.
+  void ReadAndInterpretStatusByte();
+
+ private:
+  // The textual content of the code this object is testing.  This class
+  // doesn't own this string and should not attempt to delete it.
+  const char* const statement_;
+  // The regular expression which test output must match.  DeathTestImpl
+  // doesn't own this object and should not attempt to delete it.
+  const RE* const regex_;
+  // True if the death test child process has been successfully spawned.
+  bool spawned_;
+  // The exit status of the child process.
+  int status_;
+  // How the death test concluded.
+  DeathTestOutcome outcome_;
+  // Descriptor to the read end of the pipe to the child process.  It is
+  // always -1 in the child process.  The child keeps its write end of the
+  // pipe in write_fd_.
+  int read_fd_;
+  // Descriptor to the child's write end of the pipe to the parent process.
+  // It is always -1 in the parent process.  The parent keeps its end of the
+  // pipe in read_fd_.
+  int write_fd_;
+};
+
+// Called in the parent process only. Reads the result code of the death
+// test child process via a pipe, interprets it to set the outcome_
+// member, and closes read_fd_.  Outputs diagnostics and terminates in
+// case of unexpected codes.
+void DeathTestImpl::ReadAndInterpretStatusByte() {
+  char flag;
+  int bytes_read;
+
+  // The read() here blocks until data is available (signifying the
+  // failure of the death test) or until the pipe is closed (signifying
+  // its success), so it's okay to call this in the parent before
+  // the child process has exited.
+  do {
+    bytes_read = posix::Read(read_fd(), &flag, 1);
+  } while (bytes_read == -1 && errno == EINTR);
+
+  if (bytes_read == 0) {
+    set_outcome(DIED);
+  } else if (bytes_read == 1) {
+    switch (flag) {
+      case kDeathTestReturned:
+        set_outcome(RETURNED);
+        break;
+      case kDeathTestThrew:
+        set_outcome(THREW);
+        break;
+      case kDeathTestLived:
+        set_outcome(LIVED);
+        break;
+      case kDeathTestInternalError:
+        FailFromInternalError(read_fd());  // Does not return.
+        break;
+      default:
+        GTEST_LOG_(FATAL) << "Death test child process reported "
+                          << "unexpected status byte ("
+                          << static_cast<unsigned int>(flag) << ")";
+    }
+  } else {
+    GTEST_LOG_(FATAL) << "Read from death test child process failed: "
+                      << GetLastErrnoDescription();
+  }
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(posix::Close(read_fd()));
+  set_read_fd(-1);
+}
+
+// Signals that the death test code which should have exited, didn't.
+// Should be called only in a death test child process.
+// Writes a status byte to the child's status file descriptor, then
+// calls _exit(1).
+void DeathTestImpl::Abort(AbortReason reason) {
+  // The parent process considers the death test to be a failure if
+  // it finds any data in our pipe.  So, here we write a single flag byte
+  // to the pipe, then exit.
+  const char status_ch =
+      reason == TEST_DID_NOT_DIE ? kDeathTestLived :
+      reason == TEST_THREW_EXCEPTION ? kDeathTestThrew : kDeathTestReturned;
+
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(posix::Write(write_fd(), &status_ch, 1));
+  // We are leaking the descriptor here because on some platforms (i.e.,
+  // when built as Windows DLL), destructors of global objects will still
+  // run after calling _exit(). On such systems, write_fd_ will be
+  // indirectly closed from the destructor of UnitTestImpl, causing double
+  // close if it is also closed here. On debug configurations, double close
+  // may assert. As there are no in-process buffers to flush here, we are
+  // relying on the OS to close the descriptor after the process terminates
+  // when the destructors are not run.
+  _exit(1);  // Exits w/o any normal exit hooks (we were supposed to crash)
+}
+
+// Returns an indented copy of stderr output for a death test.
+// This makes distinguishing death test output lines from regular log lines
+// much easier.
+static ::std::string FormatDeathTestOutput(const ::std::string& output) {
+  ::std::string ret;
+  for (size_t at = 0; ; ) {
+    const size_t line_end = output.find('\n', at);
+    ret += "[  DEATH   ] ";
+    if (line_end == ::std::string::npos) {
+      ret += output.substr(at);
+      break;
+    }
+    ret += output.substr(at, line_end + 1 - at);
+    at = line_end + 1;
+  }
+  return ret;
+}
+
+// Assesses the success or failure of a death test, using both private
+// members which have previously been set, and one argument:
+//
+// Private data members:
+//   outcome:  An enumeration describing how the death test
+//             concluded: DIED, LIVED, THREW, or RETURNED.  The death test
+//             fails in the latter three cases.
+//   status:   The exit status of the child process. On *nix, it is in the
+//             in the format specified by wait(2). On Windows, this is the
+//             value supplied to the ExitProcess() API or a numeric code
+//             of the exception that terminated the program.
+//   regex:    A regular expression object to be applied to
+//             the test's captured standard error output; the death test
+//             fails if it does not match.
+//
+// Argument:
+//   status_ok: true if exit_status is acceptable in the context of
+//              this particular death test, which fails if it is false
+//
+// Returns true iff all of the above conditions are met.  Otherwise, the
+// first failing condition, in the order given above, is the one that is
+// reported. Also sets the last death test message string.
+bool DeathTestImpl::Passed(bool status_ok) {
+  if (!spawned())
+    return false;
+
+  const std::string error_message = GetCapturedStderr();
+
+  bool success = false;
+  Message buffer;
+
+  buffer << "Death test: " << statement() << "\n";
+  switch (outcome()) {
+    case LIVED:
+      buffer << "    Result: failed to die.\n"
+             << " Error msg:\n" << FormatDeathTestOutput(error_message);
+      break;
+    case THREW:
+      buffer << "    Result: threw an exception.\n"
+             << " Error msg:\n" << FormatDeathTestOutput(error_message);
+      break;
+    case RETURNED:
+      buffer << "    Result: illegal return in test statement.\n"
+             << " Error msg:\n" << FormatDeathTestOutput(error_message);
+      break;
+    case DIED:
+      if (status_ok) {
+        const bool matched = RE::PartialMatch(error_message.c_str(), *regex());
+        if (matched) {
+          success = true;
+        } else {
+          buffer << "    Result: died but not with expected error.\n"
+                 << "  Expected: " << regex()->pattern() << "\n"
+                 << "Actual msg:\n" << FormatDeathTestOutput(error_message);
+        }
+      } else {
+        buffer << "    Result: died but not with expected exit code:\n"
+               << "            " << ExitSummary(status()) << "\n"
+               << "Actual msg:\n" << FormatDeathTestOutput(error_message);
+      }
+      break;
+    case IN_PROGRESS:
+    default:
+      GTEST_LOG_(FATAL)
+          << "DeathTest::Passed somehow called before conclusion of test";
+  }
+
+  DeathTest::set_last_death_test_message(buffer.GetString());
+  return success;
+}
+
+# if GTEST_OS_WINDOWS
+// WindowsDeathTest implements death tests on Windows. Due to the
+// specifics of starting new processes on Windows, death tests there are
+// always threadsafe, and Google Test considers the
+// --gtest_death_test_style=fast setting to be equivalent to
+// --gtest_death_test_style=threadsafe there.
+//
+// A few implementation notes:  Like the Linux version, the Windows
+// implementation uses pipes for child-to-parent communication. But due to
+// the specifics of pipes on Windows, some extra steps are required:
+//
+// 1. The parent creates a communication pipe and stores handles to both
+//    ends of it.
+// 2. The parent starts the child and provides it with the information
+//    necessary to acquire the handle to the write end of the pipe.
+// 3. The child acquires the write end of the pipe and signals the parent
+//    using a Windows event.
+// 4. Now the parent can release the write end of the pipe on its side. If
+//    this is done before step 3, the object's reference count goes down to
+//    0 and it is destroyed, preventing the child from acquiring it. The
+//    parent now has to release it, or read operations on the read end of
+//    the pipe will not return when the child terminates.
+// 5. The parent reads child's output through the pipe (outcome code and
+//    any possible error messages) from the pipe, and its stderr and then
+//    determines whether to fail the test.
+//
+// Note: to distinguish Win32 API calls from the local method and function
+// calls, the former are explicitly resolved in the global namespace.
+//
+class WindowsDeathTest : public DeathTestImpl {
+ public:
+  WindowsDeathTest(const char* a_statement,
+                   const RE* a_regex,
+                   const char* file,
+                   int line)
+      : DeathTestImpl(a_statement, a_regex), file_(file), line_(line) {}
+
+  // All of these virtual functions are inherited from DeathTest.
+  virtual int Wait();
+  virtual TestRole AssumeRole();
+
+ private:
+  // The name of the file in which the death test is located.
+  const char* const file_;
+  // The line number on which the death test is located.
+  const int line_;
+  // Handle to the write end of the pipe to the child process.
+  AutoHandle write_handle_;
+  // Child process handle.
+  AutoHandle child_handle_;
+  // Event the child process uses to signal the parent that it has
+  // acquired the handle to the write end of the pipe. After seeing this
+  // event the parent can release its own handles to make sure its
+  // ReadFile() calls return when the child terminates.
+  AutoHandle event_handle_;
+};
+
+// Waits for the child in a death test to exit, returning its exit
+// status, or 0 if no child process exists.  As a side effect, sets the
+// outcome data member.
+int WindowsDeathTest::Wait() {
+  if (!spawned())
+    return 0;
+
+  // Wait until the child either signals that it has acquired the write end
+  // of the pipe or it dies.
+  const HANDLE wait_handles[2] = { child_handle_.Get(), event_handle_.Get() };
+  switch (::WaitForMultipleObjects(2,
+                                   wait_handles,
+                                   FALSE,  // Waits for any of the handles.
+                                   INFINITE)) {
+    case WAIT_OBJECT_0:
+    case WAIT_OBJECT_0 + 1:
+      break;
+    default:
+      GTEST_DEATH_TEST_CHECK_(false);  // Should not get here.
+  }
+
+  // The child has acquired the write end of the pipe or exited.
+  // We release the handle on our side and continue.
+  write_handle_.Reset();
+  event_handle_.Reset();
+
+  ReadAndInterpretStatusByte();
+
+  // Waits for the child process to exit if it haven't already. This
+  // returns immediately if the child has already exited, regardless of
+  // whether previous calls to WaitForMultipleObjects synchronized on this
+  // handle or not.
+  GTEST_DEATH_TEST_CHECK_(
+      WAIT_OBJECT_0 == ::WaitForSingleObject(child_handle_.Get(),
+                                             INFINITE));
+  DWORD status_code;
+  GTEST_DEATH_TEST_CHECK_(
+      ::GetExitCodeProcess(child_handle_.Get(), &status_code) != FALSE);
+  child_handle_.Reset();
+  set_status(static_cast<int>(status_code));
+  return status();
+}
+
+// The AssumeRole process for a Windows death test.  It creates a child
+// process with the same executable as the current process to run the
+// death test.  The child process is given the --gtest_filter and
+// --gtest_internal_run_death_test flags such that it knows to run the
+// current death test only.
+DeathTest::TestRole WindowsDeathTest::AssumeRole() {
+  const UnitTestImpl* const impl = GetUnitTestImpl();
+  const InternalRunDeathTestFlag* const flag =
+      impl->internal_run_death_test_flag();
+  const TestInfo* const info = impl->current_test_info();
+  const int death_test_index = info->result()->death_test_count();
+
+  if (flag != NULL) {
+    // ParseInternalRunDeathTestFlag() has performed all the necessary
+    // processing.
+    set_write_fd(flag->write_fd());
+    return EXECUTE_TEST;
+  }
+
+  // WindowsDeathTest uses an anonymous pipe to communicate results of
+  // a death test.
+  SECURITY_ATTRIBUTES handles_are_inheritable = {
+    sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
+  HANDLE read_handle, write_handle;
+  GTEST_DEATH_TEST_CHECK_(
+      ::CreatePipe(&read_handle, &write_handle, &handles_are_inheritable,
+                   0)  // Default buffer size.
+      != FALSE);
+  set_read_fd(::_open_osfhandle(reinterpret_cast<intptr_t>(read_handle),
+                                O_RDONLY));
+  write_handle_.Reset(write_handle);
+  event_handle_.Reset(::CreateEvent(
+      &handles_are_inheritable,
+      TRUE,    // The event will automatically reset to non-signaled state.
+      FALSE,   // The initial state is non-signalled.
+      NULL));  // The even is unnamed.
+  GTEST_DEATH_TEST_CHECK_(event_handle_.Get() != NULL);
+  const std::string filter_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kFilterFlag + "=" +
+      info->test_case_name() + "." + info->name();
+  const std::string internal_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kInternalRunDeathTestFlag +
+      "=" + file_ + "|" + StreamableToString(line_) + "|" +
+      StreamableToString(death_test_index) + "|" +
+      StreamableToString(static_cast<unsigned int>(::GetCurrentProcessId())) +
+      // size_t has the same width as pointers on both 32-bit and 64-bit
+      // Windows platforms.
+      // See http://msdn.microsoft.com/en-us/library/tcxf1dw6.aspx.
+      "|" + StreamableToString(reinterpret_cast<size_t>(write_handle)) +
+      "|" + StreamableToString(reinterpret_cast<size_t>(event_handle_.Get()));
+
+  char executable_path[_MAX_PATH + 1];  // NOLINT
+  GTEST_DEATH_TEST_CHECK_(
+      _MAX_PATH + 1 != ::GetModuleFileNameA(NULL,
+                                            executable_path,
+                                            _MAX_PATH));
+
+  std::string command_line =
+      std::string(::GetCommandLineA()) + " " + filter_flag + " \"" +
+      internal_flag + "\"";
+
+  DeathTest::set_last_death_test_message("");
+
+  CaptureStderr();
+  // Flush the log buffers since the log streams are shared with the child.
+  FlushInfoLog();
+
+  // The child process will share the standard handles with the parent.
+  STARTUPINFOA startup_info;
+  memset(&startup_info, 0, sizeof(STARTUPINFO));
+  startup_info.dwFlags = STARTF_USESTDHANDLES;
+  startup_info.hStdInput = ::GetStdHandle(STD_INPUT_HANDLE);
+  startup_info.hStdOutput = ::GetStdHandle(STD_OUTPUT_HANDLE);
+  startup_info.hStdError = ::GetStdHandle(STD_ERROR_HANDLE);
+
+  PROCESS_INFORMATION process_info;
+  GTEST_DEATH_TEST_CHECK_(::CreateProcessA(
+      executable_path,
+      const_cast<char*>(command_line.c_str()),
+      NULL,   // Retuned process handle is not inheritable.
+      NULL,   // Retuned thread handle is not inheritable.
+      TRUE,   // Child inherits all inheritable handles (for write_handle_).
+      0x0,    // Default creation flags.
+      NULL,   // Inherit the parent's environment.
+      UnitTest::GetInstance()->original_working_dir(),
+      &startup_info,
+      &process_info) != FALSE);
+  child_handle_.Reset(process_info.hProcess);
+  ::CloseHandle(process_info.hThread);
+  set_spawned(true);
+  return OVERSEE_TEST;
+}
+# else  // We are not on Windows.
+
+// ForkingDeathTest provides implementations for most of the abstract
+// methods of the DeathTest interface.  Only the AssumeRole method is
+// left undefined.
+class ForkingDeathTest : public DeathTestImpl {
+ public:
+  ForkingDeathTest(const char* statement, const RE* regex);
+
+  // All of these virtual functions are inherited from DeathTest.
+  virtual int Wait();
+
+ protected:
+  void set_child_pid(pid_t child_pid) { child_pid_ = child_pid; }
+
+ private:
+  // PID of child process during death test; 0 in the child process itself.
+  pid_t child_pid_;
+};
+
+// Constructs a ForkingDeathTest.
+ForkingDeathTest::ForkingDeathTest(const char* a_statement, const RE* a_regex)
+    : DeathTestImpl(a_statement, a_regex),
+      child_pid_(-1) {}
+
+// Waits for the child in a death test to exit, returning its exit
+// status, or 0 if no child process exists.  As a side effect, sets the
+// outcome data member.
+int ForkingDeathTest::Wait() {
+  if (!spawned())
+    return 0;
+
+  ReadAndInterpretStatusByte();
+
+  int status_value;
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(waitpid(child_pid_, &status_value, 0));
+  set_status(status_value);
+  return status_value;
+}
+
+// A concrete death test class that forks, then immediately runs the test
+// in the child process.
+class NoExecDeathTest : public ForkingDeathTest {
+ public:
+  NoExecDeathTest(const char* a_statement, const RE* a_regex) :
+      ForkingDeathTest(a_statement, a_regex) { }
+  virtual TestRole AssumeRole();
+};
+
+// The AssumeRole process for a fork-and-run death test.  It implements a
+// straightforward fork, with a simple pipe to transmit the status byte.
+DeathTest::TestRole NoExecDeathTest::AssumeRole() {
+  const size_t thread_count = GetThreadCount();
+  if (thread_count != 1) {
+    GTEST_LOG_(WARNING) << DeathTestThreadWarning(thread_count);
+  }
+
+  int pipe_fd[2];
+  GTEST_DEATH_TEST_CHECK_(pipe(pipe_fd) != -1);
+
+  DeathTest::set_last_death_test_message("");
+  CaptureStderr();
+  // When we fork the process below, the log file buffers are copied, but the
+  // file descriptors are shared.  We flush all log files here so that closing
+  // the file descriptors in the child process doesn't throw off the
+  // synchronization between descriptors and buffers in the parent process.
+  // This is as close to the fork as possible to avoid a race condition in case
+  // there are multiple threads running before the death test, and another
+  // thread writes to the log file.
+  FlushInfoLog();
+
+  const pid_t child_pid = fork();
+  GTEST_DEATH_TEST_CHECK_(child_pid != -1);
+  set_child_pid(child_pid);
+  if (child_pid == 0) {
+    GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[0]));
+    set_write_fd(pipe_fd[1]);
+    // Redirects all logging to stderr in the child process to prevent
+    // concurrent writes to the log files.  We capture stderr in the parent
+    // process and append the child process' output to a log.
+    LogToStderr();
+    // Event forwarding to the listeners of event listener API mush be shut
+    // down in death test subprocesses.
+    GetUnitTestImpl()->listeners()->SuppressEventForwarding();
+    g_in_fast_death_test_child = true;
+    return EXECUTE_TEST;
+  } else {
+    GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[1]));
+    set_read_fd(pipe_fd[0]);
+    set_spawned(true);
+    return OVERSEE_TEST;
+  }
+}
+
+// A concrete death test class that forks and re-executes the main
+// program from the beginning, with command-line flags set that cause
+// only this specific death test to be run.
+class ExecDeathTest : public ForkingDeathTest {
+ public:
+  ExecDeathTest(const char* a_statement, const RE* a_regex,
+                const char* file, int line) :
+      ForkingDeathTest(a_statement, a_regex), file_(file), line_(line) { }
+  virtual TestRole AssumeRole();
+ private:
+  static ::std::vector<testing::internal::string>
+  GetArgvsForDeathTestChildProcess() {
+    ::std::vector<testing::internal::string> args = GetInjectableArgvs();
+    return args;
+  }
+  // The name of the file in which the death test is located.
+  const char* const file_;
+  // The line number on which the death test is located.
+  const int line_;
+};
+
+// Utility class for accumulating command-line arguments.
+class Arguments {
+ public:
+  Arguments() {
+    args_.push_back(NULL);
+  }
+
+  ~Arguments() {
+    for (std::vector<char*>::iterator i = args_.begin(); i != args_.end();
+         ++i) {
+      free(*i);
+    }
+  }
+  void AddArgument(const char* argument) {
+    args_.insert(args_.end() - 1, posix::StrDup(argument));
+  }
+
+  template <typename Str>
+  void AddArguments(const ::std::vector<Str>& arguments) {
+    for (typename ::std::vector<Str>::const_iterator i = arguments.begin();
+         i != arguments.end();
+         ++i) {
+      args_.insert(args_.end() - 1, posix::StrDup(i->c_str()));
+    }
+  }
+  char* const* Argv() {
+    return &args_[0];
+  }
+
+ private:
+  std::vector<char*> args_;
+};
+
+// A struct that encompasses the arguments to the child process of a
+// threadsafe-style death test process.
+struct ExecDeathTestArgs {
+  char* const* argv;  // Command-line arguments for the child's call to exec
+  int close_fd;       // File descriptor to close; the read end of a pipe
+};
+
+#  if GTEST_OS_MAC
+inline char** GetEnviron() {
+  // When Google Test is built as a framework on MacOS X, the environ variable
+  // is unavailable. Apple's documentation (man environ) recommends using
+  // _NSGetEnviron() instead.
+  return *_NSGetEnviron();
+}
+#  else
+// Some POSIX platforms expect you to declare environ. extern "C" makes
+// it reside in the global namespace.
+extern "C" char** environ;
+inline char** GetEnviron() { return environ; }
+#  endif  // GTEST_OS_MAC
+
+#  if !GTEST_OS_QNX
+// The main function for a threadsafe-style death test child process.
+// This function is called in a clone()-ed process and thus must avoid
+// any potentially unsafe operations like malloc or libc functions.
+static int ExecDeathTestChildMain(void* child_arg) {
+  ExecDeathTestArgs* const args = static_cast<ExecDeathTestArgs*>(child_arg);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(close(args->close_fd));
+
+  // We need to execute the test program in the same environment where
+  // it was originally invoked.  Therefore we change to the original
+  // working directory first.
+  const char* const original_dir =
+      UnitTest::GetInstance()->original_working_dir();
+  // We can safely call chdir() as it's a direct system call.
+  if (chdir(original_dir) != 0) {
+    DeathTestAbort(std::string("chdir(\"") + original_dir + "\") failed: " +
+                   GetLastErrnoDescription());
+    return EXIT_FAILURE;
+  }
+
+  // We can safely call execve() as it's a direct system call.  We
+  // cannot use execvp() as it's a libc function and thus potentially
+  // unsafe.  Since execve() doesn't search the PATH, the user must
+  // invoke the test program via a valid path that contains at least
+  // one path separator.
+  execve(args->argv[0], args->argv, GetEnviron());
+  DeathTestAbort(std::string("execve(") + args->argv[0] + ", ...) in " +
+                 original_dir + " failed: " +
+                 GetLastErrnoDescription());
+  return EXIT_FAILURE;
+}
+#  endif  // !GTEST_OS_QNX
+
+// Two utility routines that together determine the direction the stack
+// grows.
+// This could be accomplished more elegantly by a single recursive
+// function, but we want to guard against the unlikely possibility of
+// a smart compiler optimizing the recursion away.
+//
+// GTEST_NO_INLINE_ is required to prevent GCC 4.6 from inlining
+// StackLowerThanAddress into StackGrowsDown, which then doesn't give
+// correct answer.
+void StackLowerThanAddress(const void* ptr, bool* result) GTEST_NO_INLINE_;
+void StackLowerThanAddress(const void* ptr, bool* result) {
+  int dummy;
+  *result = (&dummy < ptr);
+}
+
+// Make sure AddressSanitizer does not tamper with the stack here.
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+bool StackGrowsDown() {
+  int dummy;
+  bool result;
+  StackLowerThanAddress(&dummy, &result);
+  return result;
+}
+
+// Spawns a child process with the same executable as the current process in
+// a thread-safe manner and instructs it to run the death test.  The
+// implementation uses fork(2) + exec.  On systems where clone(2) is
+// available, it is used instead, being slightly more thread-safe.  On QNX,
+// fork supports only single-threaded environments, so this function uses
+// spawn(2) there instead.  The function dies with an error message if
+// anything goes wrong.
+static pid_t ExecDeathTestSpawnChild(char* const* argv, int close_fd) {
+  ExecDeathTestArgs args = { argv, close_fd };
+  pid_t child_pid = -1;
+
+#  if GTEST_OS_QNX
+  // Obtains the current directory and sets it to be closed in the child
+  // process.
+  const int cwd_fd = open(".", O_RDONLY);
+  GTEST_DEATH_TEST_CHECK_(cwd_fd != -1);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(fcntl(cwd_fd, F_SETFD, FD_CLOEXEC));
+  // We need to execute the test program in the same environment where
+  // it was originally invoked.  Therefore we change to the original
+  // working directory first.
+  const char* const original_dir =
+      UnitTest::GetInstance()->original_working_dir();
+  // We can safely call chdir() as it's a direct system call.
+  if (chdir(original_dir) != 0) {
+    DeathTestAbort(std::string("chdir(\"") + original_dir + "\") failed: " +
+                   GetLastErrnoDescription());
+    return EXIT_FAILURE;
+  }
+
+  int fd_flags;
+  // Set close_fd to be closed after spawn.
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(fd_flags = fcntl(close_fd, F_GETFD));
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(fcntl(close_fd, F_SETFD,
+                                        fd_flags | FD_CLOEXEC));
+  struct inheritance inherit = {0};
+  // spawn is a system call.
+  child_pid = spawn(args.argv[0], 0, NULL, &inherit, args.argv, GetEnviron());
+  // Restores the current working directory.
+  GTEST_DEATH_TEST_CHECK_(fchdir(cwd_fd) != -1);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(close(cwd_fd));
+
+#  else   // GTEST_OS_QNX
+#   if GTEST_OS_LINUX
+  // When a SIGPROF signal is received while fork() or clone() are executing,
+  // the process may hang. To avoid this, we ignore SIGPROF here and re-enable
+  // it after the call to fork()/clone() is complete.
+  struct sigaction saved_sigprof_action;
+  struct sigaction ignore_sigprof_action;
+  memset(&ignore_sigprof_action, 0, sizeof(ignore_sigprof_action));
+  sigemptyset(&ignore_sigprof_action.sa_mask);
+  ignore_sigprof_action.sa_handler = SIG_IGN;
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(sigaction(
+      SIGPROF, &ignore_sigprof_action, &saved_sigprof_action));
+#   endif  // GTEST_OS_LINUX
+
+#   if GTEST_HAS_CLONE
+  const bool use_fork = GTEST_FLAG(death_test_use_fork);
+
+  if (!use_fork) {
+    static const bool stack_grows_down = StackGrowsDown();
+    const size_t stack_size = getpagesize();
+    // MMAP_ANONYMOUS is not defined on Mac, so we use MAP_ANON instead.
+    void* const stack = mmap(NULL, stack_size, PROT_READ | PROT_WRITE,
+                             MAP_ANON | MAP_PRIVATE, -1, 0);
+    GTEST_DEATH_TEST_CHECK_(stack != MAP_FAILED);
+
+    // Maximum stack alignment in bytes:  For a downward-growing stack, this
+    // amount is subtracted from size of the stack space to get an address
+    // that is within the stack space and is aligned on all systems we care
+    // about.  As far as I know there is no ABI with stack alignment greater
+    // than 64.  We assume stack and stack_size already have alignment of
+    // kMaxStackAlignment.
+    const size_t kMaxStackAlignment = 64;
+    void* const stack_top =
+        static_cast<char*>(stack) +
+            (stack_grows_down ? stack_size - kMaxStackAlignment : 0);
+    GTEST_DEATH_TEST_CHECK_(stack_size > kMaxStackAlignment &&
+        reinterpret_cast<intptr_t>(stack_top) % kMaxStackAlignment == 0);
+
+    child_pid = clone(&ExecDeathTestChildMain, stack_top, SIGCHLD, &args);
+
+    GTEST_DEATH_TEST_CHECK_(munmap(stack, stack_size) != -1);
+  }
+#   else
+  const bool use_fork = true;
+#   endif  // GTEST_HAS_CLONE
+
+  if (use_fork && (child_pid = fork()) == 0) {
+      ExecDeathTestChildMain(&args);
+      _exit(0);
+  }
+#  endif  // GTEST_OS_QNX
+#  if GTEST_OS_LINUX
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(
+      sigaction(SIGPROF, &saved_sigprof_action, NULL));
+#  endif  // GTEST_OS_LINUX
+
+  GTEST_DEATH_TEST_CHECK_(child_pid != -1);
+  return child_pid;
+}
+
+// The AssumeRole process for a fork-and-exec death test.  It re-executes the
+// main program from the beginning, setting the --gtest_filter
+// and --gtest_internal_run_death_test flags to cause only the current
+// death test to be re-run.
+DeathTest::TestRole ExecDeathTest::AssumeRole() {
+  const UnitTestImpl* const impl = GetUnitTestImpl();
+  const InternalRunDeathTestFlag* const flag =
+      impl->internal_run_death_test_flag();
+  const TestInfo* const info = impl->current_test_info();
+  const int death_test_index = info->result()->death_test_count();
+
+  if (flag != NULL) {
+    set_write_fd(flag->write_fd());
+    return EXECUTE_TEST;
+  }
+
+  int pipe_fd[2];
+  GTEST_DEATH_TEST_CHECK_(pipe(pipe_fd) != -1);
+  // Clear the close-on-exec flag on the write end of the pipe, lest
+  // it be closed when the child process does an exec:
+  GTEST_DEATH_TEST_CHECK_(fcntl(pipe_fd[1], F_SETFD, 0) != -1);
+
+  const std::string filter_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kFilterFlag + "="
+      + info->test_case_name() + "." + info->name();
+  const std::string internal_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kInternalRunDeathTestFlag + "="
+      + file_ + "|" + StreamableToString(line_) + "|"
+      + StreamableToString(death_test_index) + "|"
+      + StreamableToString(pipe_fd[1]);
+  Arguments args;
+  args.AddArguments(GetArgvsForDeathTestChildProcess());
+  args.AddArgument(filter_flag.c_str());
+  args.AddArgument(internal_flag.c_str());
+
+  DeathTest::set_last_death_test_message("");
+
+  CaptureStderr();
+  // See the comment in NoExecDeathTest::AssumeRole for why the next line
+  // is necessary.
+  FlushInfoLog();
+
+  const pid_t child_pid = ExecDeathTestSpawnChild(args.Argv(), pipe_fd[0]);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[1]));
+  set_child_pid(child_pid);
+  set_read_fd(pipe_fd[0]);
+  set_spawned(true);
+  return OVERSEE_TEST;
+}
+
+# endif  // !GTEST_OS_WINDOWS
+
+// Creates a concrete DeathTest-derived class that depends on the
+// --gtest_death_test_style flag, and sets the pointer pointed to
+// by the "test" argument to its address.  If the test should be
+// skipped, sets that pointer to NULL.  Returns true, unless the
+// flag is set to an invalid value.
+bool DefaultDeathTestFactory::Create(const char* statement, const RE* regex,
+                                     const char* file, int line,
+                                     DeathTest** test) {
+  UnitTestImpl* const impl = GetUnitTestImpl();
+  const InternalRunDeathTestFlag* const flag =
+      impl->internal_run_death_test_flag();
+  const int death_test_index = impl->current_test_info()
+      ->increment_death_test_count();
+
+  if (flag != NULL) {
+    if (death_test_index > flag->index()) {
+      DeathTest::set_last_death_test_message(
+          "Death test count (" + StreamableToString(death_test_index)
+          + ") somehow exceeded expected maximum ("
+          + StreamableToString(flag->index()) + ")");
+      return false;
+    }
+
+    if (!(flag->file() == file && flag->line() == line &&
+          flag->index() == death_test_index)) {
+      *test = NULL;
+      return true;
+    }
+  }
+
+# if GTEST_OS_WINDOWS
+
+  if (GTEST_FLAG(death_test_style) == "threadsafe" ||
+      GTEST_FLAG(death_test_style) == "fast") {
+    *test = new WindowsDeathTest(statement, regex, file, line);
+  }
+
+# else
+
+  if (GTEST_FLAG(death_test_style) == "threadsafe") {
+    *test = new ExecDeathTest(statement, regex, file, line);
+  } else if (GTEST_FLAG(death_test_style) == "fast") {
+    *test = new NoExecDeathTest(statement, regex);
+  }
+
+# endif  // GTEST_OS_WINDOWS
+
+  else {  // NOLINT - this is more readable than unbalanced brackets inside #if.
+    DeathTest::set_last_death_test_message(
+        "Unknown death test style \"" + GTEST_FLAG(death_test_style)
+        + "\" encountered");
+    return false;
+  }
+
+  return true;
+}
+
+// Splits a given string on a given delimiter, populating a given
+// vector with the fields.  GTEST_HAS_DEATH_TEST implies that we have
+// ::std::string, so we can use it here.
+static void SplitString(const ::std::string& str, char delimiter,
+                        ::std::vector< ::std::string>* dest) {
+  ::std::vector< ::std::string> parsed;
+  ::std::string::size_type pos = 0;
+  while (::testing::internal::AlwaysTrue()) {
+    const ::std::string::size_type colon = str.find(delimiter, pos);
+    if (colon == ::std::string::npos) {
+      parsed.push_back(str.substr(pos));
+      break;
+    } else {
+      parsed.push_back(str.substr(pos, colon - pos));
+      pos = colon + 1;
+    }
+  }
+  dest->swap(parsed);
+}
+
+# if GTEST_OS_WINDOWS
+// Recreates the pipe and event handles from the provided parameters,
+// signals the event, and returns a file descriptor wrapped around the pipe
+// handle. This function is called in the child process only.
+int GetStatusFileDescriptor(unsigned int parent_process_id,
+                            size_t write_handle_as_size_t,
+                            size_t event_handle_as_size_t) {
+  AutoHandle parent_process_handle(::OpenProcess(PROCESS_DUP_HANDLE,
+                                                   FALSE,  // Non-inheritable.
+                                                   parent_process_id));
+  if (parent_process_handle.Get() == INVALID_HANDLE_VALUE) {
+    DeathTestAbort("Unable to open parent process " +
+                   StreamableToString(parent_process_id));
+  }
+
+  // TODO(vladl@google.com): Replace the following check with a
+  // compile-time assertion when available.
+  GTEST_CHECK_(sizeof(HANDLE) <= sizeof(size_t));
+
+  const HANDLE write_handle =
+      reinterpret_cast<HANDLE>(write_handle_as_size_t);
+  HANDLE dup_write_handle;
+
+  // The newly initialized handle is accessible only in in the parent
+  // process. To obtain one accessible within the child, we need to use
+  // DuplicateHandle.
+  if (!::DuplicateHandle(parent_process_handle.Get(), write_handle,
+                         ::GetCurrentProcess(), &dup_write_handle,
+                         0x0,    // Requested privileges ignored since
+                                 // DUPLICATE_SAME_ACCESS is used.
+                         FALSE,  // Request non-inheritable handler.
+                         DUPLICATE_SAME_ACCESS)) {
+    DeathTestAbort("Unable to duplicate the pipe handle " +
+                   StreamableToString(write_handle_as_size_t) +
+                   " from the parent process " +
+                   StreamableToString(parent_process_id));
+  }
+
+  const HANDLE event_handle = reinterpret_cast<HANDLE>(event_handle_as_size_t);
+  HANDLE dup_event_handle;
+
+  if (!::DuplicateHandle(parent_process_handle.Get(), event_handle,
+                         ::GetCurrentProcess(), &dup_event_handle,
+                         0x0,
+                         FALSE,
+                         DUPLICATE_SAME_ACCESS)) {
+    DeathTestAbort("Unable to duplicate the event handle " +
+                   StreamableToString(event_handle_as_size_t) +
+                   " from the parent process " +
+                   StreamableToString(parent_process_id));
+  }
+
+  const int write_fd =
+      ::_open_osfhandle(reinterpret_cast<intptr_t>(dup_write_handle), O_APPEND);
+  if (write_fd == -1) {
+    DeathTestAbort("Unable to convert pipe handle " +
+                   StreamableToString(write_handle_as_size_t) +
+                   " to a file descriptor");
+  }
+
+  // Signals the parent that the write end of the pipe has been acquired
+  // so the parent can release its own write end.
+  ::SetEvent(dup_event_handle);
+
+  return write_fd;
+}
+# endif  // GTEST_OS_WINDOWS
+
+// Returns a newly created InternalRunDeathTestFlag object with fields
+// initialized from the GTEST_FLAG(internal_run_death_test) flag if
+// the flag is specified; otherwise returns NULL.
+InternalRunDeathTestFlag* ParseInternalRunDeathTestFlag() {
+  if (GTEST_FLAG(internal_run_death_test) == "") return NULL;
+
+  // GTEST_HAS_DEATH_TEST implies that we have ::std::string, so we
+  // can use it here.
+  int line = -1;
+  int index = -1;
+  ::std::vector< ::std::string> fields;
+  SplitString(GTEST_FLAG(internal_run_death_test).c_str(), '|', &fields);
+  int write_fd = -1;
+
+# if GTEST_OS_WINDOWS
+
+  unsigned int parent_process_id = 0;
+  size_t write_handle_as_size_t = 0;
+  size_t event_handle_as_size_t = 0;
+
+  if (fields.size() != 6
+      || !ParseNaturalNumber(fields[1], &line)
+      || !ParseNaturalNumber(fields[2], &index)
+      || !ParseNaturalNumber(fields[3], &parent_process_id)
+      || !ParseNaturalNumber(fields[4], &write_handle_as_size_t)
+      || !ParseNaturalNumber(fields[5], &event_handle_as_size_t)) {
+    DeathTestAbort("Bad --gtest_internal_run_death_test flag: " +
+                   GTEST_FLAG(internal_run_death_test));
+  }
+  write_fd = GetStatusFileDescriptor(parent_process_id,
+                                     write_handle_as_size_t,
+                                     event_handle_as_size_t);
+# else
+
+  if (fields.size() != 4
+      || !ParseNaturalNumber(fields[1], &line)
+      || !ParseNaturalNumber(fields[2], &index)
+      || !ParseNaturalNumber(fields[3], &write_fd)) {
+    DeathTestAbort("Bad --gtest_internal_run_death_test flag: "
+        + GTEST_FLAG(internal_run_death_test));
+  }
+
+# endif  // GTEST_OS_WINDOWS
+
+  return new InternalRunDeathTestFlag(fields[0], line, index, write_fd);
+}
+
+}  // namespace internal
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/src/gtest-filepath.cc b/nss/external_tests/google_test/gtest/src/gtest-filepath.cc
new file mode 100644
index 0000000..0292dc1
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-filepath.cc
@@ -0,0 +1,387 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: keith.ray@gmail.com (Keith Ray)
+
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-filepath.h"
+#include "gtest/internal/gtest-port.h"
+
+#include <stdlib.h>
+
+#if GTEST_OS_WINDOWS_MOBILE
+# include <windows.h>
+#elif GTEST_OS_WINDOWS
+# include <direct.h>
+# include <io.h>
+#elif GTEST_OS_SYMBIAN
+// Symbian OpenC has PATH_MAX in sys/syslimits.h
+# include <sys/syslimits.h>
+#else
+# include <limits.h>
+# include <climits>  // Some Linux distributions define PATH_MAX here.
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+#if GTEST_OS_WINDOWS
+# define GTEST_PATH_MAX_ _MAX_PATH
+#elif defined(PATH_MAX)
+# define GTEST_PATH_MAX_ PATH_MAX
+#elif defined(_XOPEN_PATH_MAX)
+# define GTEST_PATH_MAX_ _XOPEN_PATH_MAX
+#else
+# define GTEST_PATH_MAX_ _POSIX_PATH_MAX
+#endif  // GTEST_OS_WINDOWS
+
+#include "gtest/internal/gtest-string.h"
+
+namespace testing {
+namespace internal {
+
+#if GTEST_OS_WINDOWS
+// On Windows, '\\' is the standard path separator, but many tools and the
+// Windows API also accept '/' as an alternate path separator. Unless otherwise
+// noted, a file path can contain either kind of path separators, or a mixture
+// of them.
+const char kPathSeparator = '\\';
+const char kAlternatePathSeparator = '/';
+const char kAlternatePathSeparatorString[] = "/";
+# if GTEST_OS_WINDOWS_MOBILE
+// Windows CE doesn't have a current directory. You should not use
+// the current directory in tests on Windows CE, but this at least
+// provides a reasonable fallback.
+const char kCurrentDirectoryString[] = "\\";
+// Windows CE doesn't define INVALID_FILE_ATTRIBUTES
+const DWORD kInvalidFileAttributes = 0xffffffff;
+# else
+const char kCurrentDirectoryString[] = ".\\";
+# endif  // GTEST_OS_WINDOWS_MOBILE
+#else
+const char kPathSeparator = '/';
+const char kCurrentDirectoryString[] = "./";
+#endif  // GTEST_OS_WINDOWS
+
+// Returns whether the given character is a valid path separator.
+static bool IsPathSeparator(char c) {
+#if GTEST_HAS_ALT_PATH_SEP_
+  return (c == kPathSeparator) || (c == kAlternatePathSeparator);
+#else
+  return c == kPathSeparator;
+#endif
+}
+
+// Returns the current working directory, or "" if unsuccessful.
+FilePath FilePath::GetCurrentDir() {
+#if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_WINDOWS_PHONE || GTEST_OS_WINDOWS_RT
+  // Windows CE doesn't have a current directory, so we just return
+  // something reasonable.
+  return FilePath(kCurrentDirectoryString);
+#elif GTEST_OS_WINDOWS
+  char cwd[GTEST_PATH_MAX_ + 1] = { '\0' };
+  return FilePath(_getcwd(cwd, sizeof(cwd)) == NULL ? "" : cwd);
+#else
+  char cwd[GTEST_PATH_MAX_ + 1] = { '\0' };
+  char* result = getcwd(cwd, sizeof(cwd));
+# if GTEST_OS_NACL
+  // getcwd will likely fail in NaCl due to the sandbox, so return something
+  // reasonable. The user may have provided a shim implementation for getcwd,
+  // however, so fallback only when failure is detected.
+  return FilePath(result == NULL ? kCurrentDirectoryString : cwd);
+# endif  // GTEST_OS_NACL
+  return FilePath(result == NULL ? "" : cwd);
+#endif  // GTEST_OS_WINDOWS_MOBILE
+}
+
+// Returns a copy of the FilePath with the case-insensitive extension removed.
+// Example: FilePath("dir/file.exe").RemoveExtension("EXE") returns
+// FilePath("dir/file"). If a case-insensitive extension is not
+// found, returns a copy of the original FilePath.
+FilePath FilePath::RemoveExtension(const char* extension) const {
+  const std::string dot_extension = std::string(".") + extension;
+  if (String::EndsWithCaseInsensitive(pathname_, dot_extension)) {
+    return FilePath(pathname_.substr(
+        0, pathname_.length() - dot_extension.length()));
+  }
+  return *this;
+}
+
+// Returns a pointer to the last occurence of a valid path separator in
+// the FilePath. On Windows, for example, both '/' and '\' are valid path
+// separators. Returns NULL if no path separator was found.
+const char* FilePath::FindLastPathSeparator() const {
+  const char* const last_sep = strrchr(c_str(), kPathSeparator);
+#if GTEST_HAS_ALT_PATH_SEP_
+  const char* const last_alt_sep = strrchr(c_str(), kAlternatePathSeparator);
+  // Comparing two pointers of which only one is NULL is undefined.
+  if (last_alt_sep != NULL &&
+      (last_sep == NULL || last_alt_sep > last_sep)) {
+    return last_alt_sep;
+  }
+#endif
+  return last_sep;
+}
+
+// Returns a copy of the FilePath with the directory part removed.
+// Example: FilePath("path/to/file").RemoveDirectoryName() returns
+// FilePath("file"). If there is no directory part ("just_a_file"), it returns
+// the FilePath unmodified. If there is no file part ("just_a_dir/") it
+// returns an empty FilePath ("").
+// On Windows platform, '\' is the path separator, otherwise it is '/'.
+FilePath FilePath::RemoveDirectoryName() const {
+  const char* const last_sep = FindLastPathSeparator();
+  return last_sep ? FilePath(last_sep + 1) : *this;
+}
+
+// RemoveFileName returns the directory path with the filename removed.
+// Example: FilePath("path/to/file").RemoveFileName() returns "path/to/".
+// If the FilePath is "a_file" or "/a_file", RemoveFileName returns
+// FilePath("./") or, on Windows, FilePath(".\\"). If the filepath does
+// not have a file, like "just/a/dir/", it returns the FilePath unmodified.
+// On Windows platform, '\' is the path separator, otherwise it is '/'.
+FilePath FilePath::RemoveFileName() const {
+  const char* const last_sep = FindLastPathSeparator();
+  std::string dir;
+  if (last_sep) {
+    dir = std::string(c_str(), last_sep + 1 - c_str());
+  } else {
+    dir = kCurrentDirectoryString;
+  }
+  return FilePath(dir);
+}
+
+// Helper functions for naming files in a directory for xml output.
+
+// Given directory = "dir", base_name = "test", number = 0,
+// extension = "xml", returns "dir/test.xml". If number is greater
+// than zero (e.g., 12), returns "dir/test_12.xml".
+// On Windows platform, uses \ as the separator rather than /.
+FilePath FilePath::MakeFileName(const FilePath& directory,
+                                const FilePath& base_name,
+                                int number,
+                                const char* extension) {
+  std::string file;
+  if (number == 0) {
+    file = base_name.string() + "." + extension;
+  } else {
+    file = base_name.string() + "_" + StreamableToString(number)
+        + "." + extension;
+  }
+  return ConcatPaths(directory, FilePath(file));
+}
+
+// Given directory = "dir", relative_path = "test.xml", returns "dir/test.xml".
+// On Windows, uses \ as the separator rather than /.
+FilePath FilePath::ConcatPaths(const FilePath& directory,
+                               const FilePath& relative_path) {
+  if (directory.IsEmpty())
+    return relative_path;
+  const FilePath dir(directory.RemoveTrailingPathSeparator());
+  return FilePath(dir.string() + kPathSeparator + relative_path.string());
+}
+
+// Returns true if pathname describes something findable in the file-system,
+// either a file, directory, or whatever.
+bool FilePath::FileOrDirectoryExists() const {
+#if GTEST_OS_WINDOWS_MOBILE
+  LPCWSTR unicode = String::AnsiToUtf16(pathname_.c_str());
+  const DWORD attributes = GetFileAttributes(unicode);
+  delete [] unicode;
+  return attributes != kInvalidFileAttributes;
+#else
+  posix::StatStruct file_stat;
+  return posix::Stat(pathname_.c_str(), &file_stat) == 0;
+#endif  // GTEST_OS_WINDOWS_MOBILE
+}
+
+// Returns true if pathname describes a directory in the file-system
+// that exists.
+bool FilePath::DirectoryExists() const {
+  bool result = false;
+#if GTEST_OS_WINDOWS
+  // Don't strip off trailing separator if path is a root directory on
+  // Windows (like "C:\\").
+  const FilePath& path(IsRootDirectory() ? *this :
+                                           RemoveTrailingPathSeparator());
+#else
+  const FilePath& path(*this);
+#endif
+
+#if GTEST_OS_WINDOWS_MOBILE
+  LPCWSTR unicode = String::AnsiToUtf16(path.c_str());
+  const DWORD attributes = GetFileAttributes(unicode);
+  delete [] unicode;
+  if ((attributes != kInvalidFileAttributes) &&
+      (attributes & FILE_ATTRIBUTE_DIRECTORY)) {
+    result = true;
+  }
+#else
+  posix::StatStruct file_stat;
+  result = posix::Stat(path.c_str(), &file_stat) == 0 &&
+      posix::IsDir(file_stat);
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+  return result;
+}
+
+// Returns true if pathname describes a root directory. (Windows has one
+// root directory per disk drive.)
+bool FilePath::IsRootDirectory() const {
+#if GTEST_OS_WINDOWS
+  // TODO(wan@google.com): on Windows a network share like
+  // \\server\share can be a root directory, although it cannot be the
+  // current directory.  Handle this properly.
+  return pathname_.length() == 3 && IsAbsolutePath();
+#else
+  return pathname_.length() == 1 && IsPathSeparator(pathname_.c_str()[0]);
+#endif
+}
+
+// Returns true if pathname describes an absolute path.
+bool FilePath::IsAbsolutePath() const {
+  const char* const name = pathname_.c_str();
+#if GTEST_OS_WINDOWS
+  return pathname_.length() >= 3 &&
+     ((name[0] >= 'a' && name[0] <= 'z') ||
+      (name[0] >= 'A' && name[0] <= 'Z')) &&
+     name[1] == ':' &&
+     IsPathSeparator(name[2]);
+#else
+  return IsPathSeparator(name[0]);
+#endif
+}
+
+// Returns a pathname for a file that does not currently exist. The pathname
+// will be directory/base_name.extension or
+// directory/base_name_<number>.extension if directory/base_name.extension
+// already exists. The number will be incremented until a pathname is found
+// that does not already exist.
+// Examples: 'dir/foo_test.xml' or 'dir/foo_test_1.xml'.
+// There could be a race condition if two or more processes are calling this
+// function at the same time -- they could both pick the same filename.
+FilePath FilePath::GenerateUniqueFileName(const FilePath& directory,
+                                          const FilePath& base_name,
+                                          const char* extension) {
+  FilePath full_pathname;
+  int number = 0;
+  do {
+    full_pathname.Set(MakeFileName(directory, base_name, number++, extension));
+  } while (full_pathname.FileOrDirectoryExists());
+  return full_pathname;
+}
+
+// Returns true if FilePath ends with a path separator, which indicates that
+// it is intended to represent a directory. Returns false otherwise.
+// This does NOT check that a directory (or file) actually exists.
+bool FilePath::IsDirectory() const {
+  return !pathname_.empty() &&
+         IsPathSeparator(pathname_.c_str()[pathname_.length() - 1]);
+}
+
+// Create directories so that path exists. Returns true if successful or if
+// the directories already exist; returns false if unable to create directories
+// for any reason.
+bool FilePath::CreateDirectoriesRecursively() const {
+  if (!this->IsDirectory()) {
+    return false;
+  }
+
+  if (pathname_.length() == 0 || this->DirectoryExists()) {
+    return true;
+  }
+
+  const FilePath parent(this->RemoveTrailingPathSeparator().RemoveFileName());
+  return parent.CreateDirectoriesRecursively() && this->CreateFolder();
+}
+
+// Create the directory so that path exists. Returns true if successful or
+// if the directory already exists; returns false if unable to create the
+// directory for any reason, including if the parent directory does not
+// exist. Not named "CreateDirectory" because that's a macro on Windows.
+bool FilePath::CreateFolder() const {
+#if GTEST_OS_WINDOWS_MOBILE
+  FilePath removed_sep(this->RemoveTrailingPathSeparator());
+  LPCWSTR unicode = String::AnsiToUtf16(removed_sep.c_str());
+  int result = CreateDirectory(unicode, NULL) ? 0 : -1;
+  delete [] unicode;
+#elif GTEST_OS_WINDOWS
+  int result = _mkdir(pathname_.c_str());
+#else
+  int result = mkdir(pathname_.c_str(), 0777);
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+  if (result == -1) {
+    return this->DirectoryExists();  // An error is OK if the directory exists.
+  }
+  return true;  // No error.
+}
+
+// If input name has a trailing separator character, remove it and return the
+// name, otherwise return the name string unmodified.
+// On Windows platform, uses \ as the separator, other platforms use /.
+FilePath FilePath::RemoveTrailingPathSeparator() const {
+  return IsDirectory()
+      ? FilePath(pathname_.substr(0, pathname_.length() - 1))
+      : *this;
+}
+
+// Removes any redundant separators that might be in the pathname.
+// For example, "bar///foo" becomes "bar/foo". Does not eliminate other
+// redundancies that might be in a pathname involving "." or "..".
+// TODO(wan@google.com): handle Windows network shares (e.g. \\server\share).
+void FilePath::Normalize() {
+  if (pathname_.c_str() == NULL) {
+    pathname_ = "";
+    return;
+  }
+  const char* src = pathname_.c_str();
+  char* const dest = new char[pathname_.length() + 1];
+  char* dest_ptr = dest;
+  memset(dest_ptr, 0, pathname_.length() + 1);
+
+  while (*src != '\0') {
+    *dest_ptr = *src;
+    if (!IsPathSeparator(*src)) {
+      src++;
+    } else {
+#if GTEST_HAS_ALT_PATH_SEP_
+      if (*dest_ptr == kAlternatePathSeparator) {
+        *dest_ptr = kPathSeparator;
+      }
+#endif
+      while (IsPathSeparator(*src))
+        src++;
+    }
+    dest_ptr++;
+  }
+  *dest_ptr = '\0';
+  pathname_ = dest;
+  delete[] dest;
+}
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/src/gtest-internal-inl.h b/nss/external_tests/google_test/gtest/src/gtest-internal-inl.h
new file mode 100644
index 0000000..0ac7a10
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-internal-inl.h
@@ -0,0 +1,1192 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Utility functions and classes used by the Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// This file contains purely Google Test's internal implementation.  Please
+// DO NOT #INCLUDE IT IN A USER PROGRAM.
+
+#ifndef GTEST_SRC_GTEST_INTERNAL_INL_H_
+#define GTEST_SRC_GTEST_INTERNAL_INL_H_
+
+// GTEST_IMPLEMENTATION_ is defined to 1 iff the current translation unit is
+// part of Google Test's implementation; otherwise it's undefined.
+#if !GTEST_IMPLEMENTATION_
+// If this file is included from the user's code, just say no.
+# error "gtest-internal-inl.h is part of Google Test's internal implementation."
+# error "It must not be included except by Google Test itself."
+#endif  // GTEST_IMPLEMENTATION_
+
+#ifndef _WIN32_WCE
+# include <errno.h>
+#endif  // !_WIN32_WCE
+#include <stddef.h>
+#include <stdlib.h>  // For strtoll/_strtoul64/malloc/free.
+#include <string.h>  // For memmove.
+
+#include <algorithm>
+#include <string>
+#include <vector>
+
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_CAN_STREAM_RESULTS_
+# include <arpa/inet.h>  // NOLINT
+# include <netdb.h>  // NOLINT
+#endif
+
+#if GTEST_OS_WINDOWS
+# include <windows.h>  // NOLINT
+#endif  // GTEST_OS_WINDOWS
+
+#include "gtest/gtest.h"  // NOLINT
+#include "gtest/gtest-spi.h"
+
+namespace testing {
+
+// Declares the flags.
+//
+// We don't want the users to modify this flag in the code, but want
+// Google Test's own unit tests to be able to access it. Therefore we
+// declare it here as opposed to in gtest.h.
+GTEST_DECLARE_bool_(death_test_use_fork);
+
+namespace internal {
+
+// The value of GetTestTypeId() as seen from within the Google Test
+// library.  This is solely for testing GetTestTypeId().
+GTEST_API_ extern const TypeId kTestTypeIdInGoogleTest;
+
+// Names of the flags (needed for parsing Google Test flags).
+const char kAlsoRunDisabledTestsFlag[] = "also_run_disabled_tests";
+const char kBreakOnFailureFlag[] = "break_on_failure";
+const char kCatchExceptionsFlag[] = "catch_exceptions";
+const char kColorFlag[] = "color";
+const char kFilterFlag[] = "filter";
+const char kListTestsFlag[] = "list_tests";
+const char kOutputFlag[] = "output";
+const char kPrintTimeFlag[] = "print_time";
+const char kRandomSeedFlag[] = "random_seed";
+const char kRepeatFlag[] = "repeat";
+const char kShuffleFlag[] = "shuffle";
+const char kStackTraceDepthFlag[] = "stack_trace_depth";
+const char kStreamResultToFlag[] = "stream_result_to";
+const char kThrowOnFailureFlag[] = "throw_on_failure";
+
+// A valid random seed must be in [1, kMaxRandomSeed].
+const int kMaxRandomSeed = 99999;
+
+// g_help_flag is true iff the --help flag or an equivalent form is
+// specified on the command line.
+GTEST_API_ extern bool g_help_flag;
+
+// Returns the current time in milliseconds.
+GTEST_API_ TimeInMillis GetTimeInMillis();
+
+// Returns true iff Google Test should use colors in the output.
+GTEST_API_ bool ShouldUseColor(bool stdout_is_tty);
+
+// Formats the given time in milliseconds as seconds.
+GTEST_API_ std::string FormatTimeInMillisAsSeconds(TimeInMillis ms);
+
+// Converts the given time in milliseconds to a date string in the ISO 8601
+// format, without the timezone information.  N.B.: due to the use the
+// non-reentrant localtime() function, this function is not thread safe.  Do
+// not use it in any code that can be called from multiple threads.
+GTEST_API_ std::string FormatEpochTimeInMillisAsIso8601(TimeInMillis ms);
+
+// Parses a string for an Int32 flag, in the form of "--flag=value".
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+GTEST_API_ bool ParseInt32Flag(
+    const char* str, const char* flag, Int32* value);
+
+// Returns a random seed in range [1, kMaxRandomSeed] based on the
+// given --gtest_random_seed flag value.
+inline int GetRandomSeedFromFlag(Int32 random_seed_flag) {
+  const unsigned int raw_seed = (random_seed_flag == 0) ?
+      static_cast<unsigned int>(GetTimeInMillis()) :
+      static_cast<unsigned int>(random_seed_flag);
+
+  // Normalizes the actual seed to range [1, kMaxRandomSeed] such that
+  // it's easy to type.
+  const int normalized_seed =
+      static_cast<int>((raw_seed - 1U) %
+                       static_cast<unsigned int>(kMaxRandomSeed)) + 1;
+  return normalized_seed;
+}
+
+// Returns the first valid random seed after 'seed'.  The behavior is
+// undefined if 'seed' is invalid.  The seed after kMaxRandomSeed is
+// considered to be 1.
+inline int GetNextRandomSeed(int seed) {
+  GTEST_CHECK_(1 <= seed && seed <= kMaxRandomSeed)
+      << "Invalid random seed " << seed << " - must be in [1, "
+      << kMaxRandomSeed << "].";
+  const int next_seed = seed + 1;
+  return (next_seed > kMaxRandomSeed) ? 1 : next_seed;
+}
+
+// This class saves the values of all Google Test flags in its c'tor, and
+// restores them in its d'tor.
+class GTestFlagSaver {
+ public:
+  // The c'tor.
+  GTestFlagSaver() {
+    also_run_disabled_tests_ = GTEST_FLAG(also_run_disabled_tests);
+    break_on_failure_ = GTEST_FLAG(break_on_failure);
+    catch_exceptions_ = GTEST_FLAG(catch_exceptions);
+    color_ = GTEST_FLAG(color);
+    death_test_style_ = GTEST_FLAG(death_test_style);
+    death_test_use_fork_ = GTEST_FLAG(death_test_use_fork);
+    filter_ = GTEST_FLAG(filter);
+    internal_run_death_test_ = GTEST_FLAG(internal_run_death_test);
+    list_tests_ = GTEST_FLAG(list_tests);
+    output_ = GTEST_FLAG(output);
+    print_time_ = GTEST_FLAG(print_time);
+    random_seed_ = GTEST_FLAG(random_seed);
+    repeat_ = GTEST_FLAG(repeat);
+    shuffle_ = GTEST_FLAG(shuffle);
+    stack_trace_depth_ = GTEST_FLAG(stack_trace_depth);
+    stream_result_to_ = GTEST_FLAG(stream_result_to);
+    throw_on_failure_ = GTEST_FLAG(throw_on_failure);
+  }
+
+  // The d'tor is not virtual.  DO NOT INHERIT FROM THIS CLASS.
+  ~GTestFlagSaver() {
+    GTEST_FLAG(also_run_disabled_tests) = also_run_disabled_tests_;
+    GTEST_FLAG(break_on_failure) = break_on_failure_;
+    GTEST_FLAG(catch_exceptions) = catch_exceptions_;
+    GTEST_FLAG(color) = color_;
+    GTEST_FLAG(death_test_style) = death_test_style_;
+    GTEST_FLAG(death_test_use_fork) = death_test_use_fork_;
+    GTEST_FLAG(filter) = filter_;
+    GTEST_FLAG(internal_run_death_test) = internal_run_death_test_;
+    GTEST_FLAG(list_tests) = list_tests_;
+    GTEST_FLAG(output) = output_;
+    GTEST_FLAG(print_time) = print_time_;
+    GTEST_FLAG(random_seed) = random_seed_;
+    GTEST_FLAG(repeat) = repeat_;
+    GTEST_FLAG(shuffle) = shuffle_;
+    GTEST_FLAG(stack_trace_depth) = stack_trace_depth_;
+    GTEST_FLAG(stream_result_to) = stream_result_to_;
+    GTEST_FLAG(throw_on_failure) = throw_on_failure_;
+  }
+
+ private:
+  // Fields for saving the original values of flags.
+  bool also_run_disabled_tests_;
+  bool break_on_failure_;
+  bool catch_exceptions_;
+  std::string color_;
+  std::string death_test_style_;
+  bool death_test_use_fork_;
+  std::string filter_;
+  std::string internal_run_death_test_;
+  bool list_tests_;
+  std::string output_;
+  bool print_time_;
+  internal::Int32 random_seed_;
+  internal::Int32 repeat_;
+  bool shuffle_;
+  internal::Int32 stack_trace_depth_;
+  std::string stream_result_to_;
+  bool throw_on_failure_;
+} GTEST_ATTRIBUTE_UNUSED_;
+
+// Converts a Unicode code point to a narrow string in UTF-8 encoding.
+// code_point parameter is of type UInt32 because wchar_t may not be
+// wide enough to contain a code point.
+// If the code_point is not a valid Unicode code point
+// (i.e. outside of Unicode range U+0 to U+10FFFF) it will be converted
+// to "(Invalid Unicode 0xXXXXXXXX)".
+GTEST_API_ std::string CodePointToUtf8(UInt32 code_point);
+
+// Converts a wide string to a narrow string in UTF-8 encoding.
+// The wide string is assumed to have the following encoding:
+//   UTF-16 if sizeof(wchar_t) == 2 (on Windows, Cygwin, Symbian OS)
+//   UTF-32 if sizeof(wchar_t) == 4 (on Linux)
+// Parameter str points to a null-terminated wide string.
+// Parameter num_chars may additionally limit the number
+// of wchar_t characters processed. -1 is used when the entire string
+// should be processed.
+// If the string contains code points that are not valid Unicode code points
+// (i.e. outside of Unicode range U+0 to U+10FFFF) they will be output
+// as '(Invalid Unicode 0xXXXXXXXX)'. If the string is in UTF16 encoding
+// and contains invalid UTF-16 surrogate pairs, values in those pairs
+// will be encoded as individual Unicode characters from Basic Normal Plane.
+GTEST_API_ std::string WideStringToUtf8(const wchar_t* str, int num_chars);
+
+// Reads the GTEST_SHARD_STATUS_FILE environment variable, and creates the file
+// if the variable is present. If a file already exists at this location, this
+// function will write over it. If the variable is present, but the file cannot
+// be created, prints an error and exits.
+void WriteToShardStatusFileIfNeeded();
+
+// Checks whether sharding is enabled by examining the relevant
+// environment variable values. If the variables are present,
+// but inconsistent (e.g., shard_index >= total_shards), prints
+// an error and exits. If in_subprocess_for_death_test, sharding is
+// disabled because it must only be applied to the original test
+// process. Otherwise, we could filter out death tests we intended to execute.
+GTEST_API_ bool ShouldShard(const char* total_shards_str,
+                            const char* shard_index_str,
+                            bool in_subprocess_for_death_test);
+
+// Parses the environment variable var as an Int32. If it is unset,
+// returns default_val. If it is not an Int32, prints an error and
+// and aborts.
+GTEST_API_ Int32 Int32FromEnvOrDie(const char* env_var, Int32 default_val);
+
+// Given the total number of shards, the shard index, and the test id,
+// returns true iff the test should be run on this shard. The test id is
+// some arbitrary but unique non-negative integer assigned to each test
+// method. Assumes that 0 <= shard_index < total_shards.
+GTEST_API_ bool ShouldRunTestOnShard(
+    int total_shards, int shard_index, int test_id);
+
+// STL container utilities.
+
+// Returns the number of elements in the given container that satisfy
+// the given predicate.
+template <class Container, typename Predicate>
+inline int CountIf(const Container& c, Predicate predicate) {
+  // Implemented as an explicit loop since std::count_if() in libCstd on
+  // Solaris has a non-standard signature.
+  int count = 0;
+  for (typename Container::const_iterator it = c.begin(); it != c.end(); ++it) {
+    if (predicate(*it))
+      ++count;
+  }
+  return count;
+}
+
+// Applies a function/functor to each element in the container.
+template <class Container, typename Functor>
+void ForEach(const Container& c, Functor functor) {
+  std::for_each(c.begin(), c.end(), functor);
+}
+
+// Returns the i-th element of the vector, or default_value if i is not
+// in range [0, v.size()).
+template <typename E>
+inline E GetElementOr(const std::vector<E>& v, int i, E default_value) {
+  return (i < 0 || i >= static_cast<int>(v.size())) ? default_value : v[i];
+}
+
+// Performs an in-place shuffle of a range of the vector's elements.
+// 'begin' and 'end' are element indices as an STL-style range;
+// i.e. [begin, end) are shuffled, where 'end' == size() means to
+// shuffle to the end of the vector.
+template <typename E>
+void ShuffleRange(internal::Random* random, int begin, int end,
+                  std::vector<E>* v) {
+  const int size = static_cast<int>(v->size());
+  GTEST_CHECK_(0 <= begin && begin <= size)
+      << "Invalid shuffle range start " << begin << ": must be in range [0, "
+      << size << "].";
+  GTEST_CHECK_(begin <= end && end <= size)
+      << "Invalid shuffle range finish " << end << ": must be in range ["
+      << begin << ", " << size << "].";
+
+  // Fisher-Yates shuffle, from
+  // http://en.wikipedia.org/wiki/Fisher-Yates_shuffle
+  for (int range_width = end - begin; range_width >= 2; range_width--) {
+    const int last_in_range = begin + range_width - 1;
+    const int selected = begin + random->Generate(range_width);
+    std::swap((*v)[selected], (*v)[last_in_range]);
+  }
+}
+
+// Performs an in-place shuffle of the vector's elements.
+template <typename E>
+inline void Shuffle(internal::Random* random, std::vector<E>* v) {
+  ShuffleRange(random, 0, static_cast<int>(v->size()), v);
+}
+
+// A function for deleting an object.  Handy for being used as a
+// functor.
+template <typename T>
+static void Delete(T* x) {
+  delete x;
+}
+
+// A predicate that checks the key of a TestProperty against a known key.
+//
+// TestPropertyKeyIs is copyable.
+class TestPropertyKeyIs {
+ public:
+  // Constructor.
+  //
+  // TestPropertyKeyIs has NO default constructor.
+  explicit TestPropertyKeyIs(const std::string& key) : key_(key) {}
+
+  // Returns true iff the test name of test property matches on key_.
+  bool operator()(const TestProperty& test_property) const {
+    return test_property.key() == key_;
+  }
+
+ private:
+  std::string key_;
+};
+
+// Class UnitTestOptions.
+//
+// This class contains functions for processing options the user
+// specifies when running the tests.  It has only static members.
+//
+// In most cases, the user can specify an option using either an
+// environment variable or a command line flag.  E.g. you can set the
+// test filter using either GTEST_FILTER or --gtest_filter.  If both
+// the variable and the flag are present, the latter overrides the
+// former.
+class GTEST_API_ UnitTestOptions {
+ public:
+  // Functions for processing the gtest_output flag.
+
+  // Returns the output format, or "" for normal printed output.
+  static std::string GetOutputFormat();
+
+  // Returns the absolute path of the requested output file, or the
+  // default (test_detail.xml in the original working directory) if
+  // none was explicitly specified.
+  static std::string GetAbsolutePathToOutputFile();
+
+  // Functions for processing the gtest_filter flag.
+
+  // Returns true iff the wildcard pattern matches the string.  The
+  // first ':' or '\0' character in pattern marks the end of it.
+  //
+  // This recursive algorithm isn't very efficient, but is clear and
+  // works well enough for matching test names, which are short.
+  static bool PatternMatchesString(const char *pattern, const char *str);
+
+  // Returns true iff the user-specified filter matches the test case
+  // name and the test name.
+  static bool FilterMatchesTest(const std::string &test_case_name,
+                                const std::string &test_name);
+
+#if GTEST_OS_WINDOWS
+  // Function for supporting the gtest_catch_exception flag.
+
+  // Returns EXCEPTION_EXECUTE_HANDLER if Google Test should handle the
+  // given SEH exception, or EXCEPTION_CONTINUE_SEARCH otherwise.
+  // This function is useful as an __except condition.
+  static int GTestShouldProcessSEH(DWORD exception_code);
+#endif  // GTEST_OS_WINDOWS
+
+  // Returns true if "name" matches the ':' separated list of glob-style
+  // filters in "filter".
+  static bool MatchesFilter(const std::string& name, const char* filter);
+};
+
+// Returns the current application's name, removing directory path if that
+// is present.  Used by UnitTestOptions::GetOutputFile.
+GTEST_API_ FilePath GetCurrentExecutableName();
+
+// The role interface for getting the OS stack trace as a string.
+class OsStackTraceGetterInterface {
+ public:
+  OsStackTraceGetterInterface() {}
+  virtual ~OsStackTraceGetterInterface() {}
+
+  // Returns the current OS stack trace as an std::string.  Parameters:
+  //
+  //   max_depth  - the maximum number of stack frames to be included
+  //                in the trace.
+  //   skip_count - the number of top frames to be skipped; doesn't count
+  //                against max_depth.
+  virtual string CurrentStackTrace(int max_depth, int skip_count) = 0;
+
+  // UponLeavingGTest() should be called immediately before Google Test calls
+  // user code. It saves some information about the current stack that
+  // CurrentStackTrace() will use to find and hide Google Test stack frames.
+  virtual void UponLeavingGTest() = 0;
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(OsStackTraceGetterInterface);
+};
+
+// A working implementation of the OsStackTraceGetterInterface interface.
+class OsStackTraceGetter : public OsStackTraceGetterInterface {
+ public:
+  OsStackTraceGetter() : caller_frame_(NULL) {}
+
+  virtual string CurrentStackTrace(int max_depth, int skip_count)
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  virtual void UponLeavingGTest() GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // This string is inserted in place of stack frames that are part of
+  // Google Test's implementation.
+  static const char* const kElidedFramesMarker;
+
+ private:
+  Mutex mutex_;  // protects all internal state
+
+  // We save the stack frame below the frame that calls user code.
+  // We do this because the address of the frame immediately below
+  // the user code changes between the call to UponLeavingGTest()
+  // and any calls to CurrentStackTrace() from within the user code.
+  void* caller_frame_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(OsStackTraceGetter);
+};
+
+// Information about a Google Test trace point.
+struct TraceInfo {
+  const char* file;
+  int line;
+  std::string message;
+};
+
+// This is the default global test part result reporter used in UnitTestImpl.
+// This class should only be used by UnitTestImpl.
+class DefaultGlobalTestPartResultReporter
+  : public TestPartResultReporterInterface {
+ public:
+  explicit DefaultGlobalTestPartResultReporter(UnitTestImpl* unit_test);
+  // Implements the TestPartResultReporterInterface. Reports the test part
+  // result in the current test.
+  virtual void ReportTestPartResult(const TestPartResult& result);
+
+ private:
+  UnitTestImpl* const unit_test_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DefaultGlobalTestPartResultReporter);
+};
+
+// This is the default per thread test part result reporter used in
+// UnitTestImpl. This class should only be used by UnitTestImpl.
+class DefaultPerThreadTestPartResultReporter
+    : public TestPartResultReporterInterface {
+ public:
+  explicit DefaultPerThreadTestPartResultReporter(UnitTestImpl* unit_test);
+  // Implements the TestPartResultReporterInterface. The implementation just
+  // delegates to the current global test part result reporter of *unit_test_.
+  virtual void ReportTestPartResult(const TestPartResult& result);
+
+ private:
+  UnitTestImpl* const unit_test_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DefaultPerThreadTestPartResultReporter);
+};
+
+// The private implementation of the UnitTest class.  We don't protect
+// the methods under a mutex, as this class is not accessible by a
+// user and the UnitTest class that delegates work to this class does
+// proper locking.
+class GTEST_API_ UnitTestImpl {
+ public:
+  explicit UnitTestImpl(UnitTest* parent);
+  virtual ~UnitTestImpl();
+
+  // There are two different ways to register your own TestPartResultReporter.
+  // You can register your own repoter to listen either only for test results
+  // from the current thread or for results from all threads.
+  // By default, each per-thread test result repoter just passes a new
+  // TestPartResult to the global test result reporter, which registers the
+  // test part result for the currently running test.
+
+  // Returns the global test part result reporter.
+  TestPartResultReporterInterface* GetGlobalTestPartResultReporter();
+
+  // Sets the global test part result reporter.
+  void SetGlobalTestPartResultReporter(
+      TestPartResultReporterInterface* reporter);
+
+  // Returns the test part result reporter for the current thread.
+  TestPartResultReporterInterface* GetTestPartResultReporterForCurrentThread();
+
+  // Sets the test part result reporter for the current thread.
+  void SetTestPartResultReporterForCurrentThread(
+      TestPartResultReporterInterface* reporter);
+
+  // Gets the number of successful test cases.
+  int successful_test_case_count() const;
+
+  // Gets the number of failed test cases.
+  int failed_test_case_count() const;
+
+  // Gets the number of all test cases.
+  int total_test_case_count() const;
+
+  // Gets the number of all test cases that contain at least one test
+  // that should run.
+  int test_case_to_run_count() const;
+
+  // Gets the number of successful tests.
+  int successful_test_count() const;
+
+  // Gets the number of failed tests.
+  int failed_test_count() const;
+
+  // Gets the number of disabled tests that will be reported in the XML report.
+  int reportable_disabled_test_count() const;
+
+  // Gets the number of disabled tests.
+  int disabled_test_count() const;
+
+  // Gets the number of tests to be printed in the XML report.
+  int reportable_test_count() const;
+
+  // Gets the number of all tests.
+  int total_test_count() const;
+
+  // Gets the number of tests that should run.
+  int test_to_run_count() const;
+
+  // Gets the time of the test program start, in ms from the start of the
+  // UNIX epoch.
+  TimeInMillis start_timestamp() const { return start_timestamp_; }
+
+  // Gets the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const { return elapsed_time_; }
+
+  // Returns true iff the unit test passed (i.e. all test cases passed).
+  bool Passed() const { return !Failed(); }
+
+  // Returns true iff the unit test failed (i.e. some test case failed
+  // or something outside of all tests failed).
+  bool Failed() const {
+    return failed_test_case_count() > 0 || ad_hoc_test_result()->Failed();
+  }
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  const TestCase* GetTestCase(int i) const {
+    const int index = GetElementOr(test_case_indices_, i, -1);
+    return index < 0 ? NULL : test_cases_[i];
+  }
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  TestCase* GetMutableTestCase(int i) {
+    const int index = GetElementOr(test_case_indices_, i, -1);
+    return index < 0 ? NULL : test_cases_[index];
+  }
+
+  // Provides access to the event listener list.
+  TestEventListeners* listeners() { return &listeners_; }
+
+  // Returns the TestResult for the test that's currently running, or
+  // the TestResult for the ad hoc test if no test is running.
+  TestResult* current_test_result();
+
+  // Returns the TestResult for the ad hoc test.
+  const TestResult* ad_hoc_test_result() const { return &ad_hoc_test_result_; }
+
+  // Sets the OS stack trace getter.
+  //
+  // Does nothing if the input and the current OS stack trace getter
+  // are the same; otherwise, deletes the old getter and makes the
+  // input the current getter.
+  void set_os_stack_trace_getter(OsStackTraceGetterInterface* getter);
+
+  // Returns the current OS stack trace getter if it is not NULL;
+  // otherwise, creates an OsStackTraceGetter, makes it the current
+  // getter, and returns it.
+  OsStackTraceGetterInterface* os_stack_trace_getter();
+
+  // Returns the current OS stack trace as an std::string.
+  //
+  // The maximum number of stack frames to be included is specified by
+  // the gtest_stack_trace_depth flag.  The skip_count parameter
+  // specifies the number of top frames to be skipped, which doesn't
+  // count against the number of frames to be included.
+  //
+  // For example, if Foo() calls Bar(), which in turn calls
+  // CurrentOsStackTraceExceptTop(1), Foo() will be included in the
+  // trace but Bar() and CurrentOsStackTraceExceptTop() won't.
+  std::string CurrentOsStackTraceExceptTop(int skip_count) GTEST_NO_INLINE_;
+
+  // Finds and returns a TestCase with the given name.  If one doesn't
+  // exist, creates one and returns it.
+  //
+  // Arguments:
+  //
+  //   test_case_name: name of the test case
+  //   type_param:     the name of the test's type parameter, or NULL if
+  //                   this is not a typed or a type-parameterized test.
+  //   set_up_tc:      pointer to the function that sets up the test case
+  //   tear_down_tc:   pointer to the function that tears down the test case
+  TestCase* GetTestCase(const char* test_case_name,
+                        const char* type_param,
+                        Test::SetUpTestCaseFunc set_up_tc,
+                        Test::TearDownTestCaseFunc tear_down_tc);
+
+  // Adds a TestInfo to the unit test.
+  //
+  // Arguments:
+  //
+  //   set_up_tc:    pointer to the function that sets up the test case
+  //   tear_down_tc: pointer to the function that tears down the test case
+  //   test_info:    the TestInfo object
+  void AddTestInfo(Test::SetUpTestCaseFunc set_up_tc,
+                   Test::TearDownTestCaseFunc tear_down_tc,
+                   TestInfo* test_info) {
+    // In order to support thread-safe death tests, we need to
+    // remember the original working directory when the test program
+    // was first invoked.  We cannot do this in RUN_ALL_TESTS(), as
+    // the user may have changed the current directory before calling
+    // RUN_ALL_TESTS().  Therefore we capture the current directory in
+    // AddTestInfo(), which is called to register a TEST or TEST_F
+    // before main() is reached.
+    if (original_working_dir_.IsEmpty()) {
+      original_working_dir_.Set(FilePath::GetCurrentDir());
+      GTEST_CHECK_(!original_working_dir_.IsEmpty())
+          << "Failed to get the current working directory.";
+    }
+
+    GetTestCase(test_info->test_case_name(),
+                test_info->type_param(),
+                set_up_tc,
+                tear_down_tc)->AddTestInfo(test_info);
+  }
+
+#if GTEST_HAS_PARAM_TEST
+  // Returns ParameterizedTestCaseRegistry object used to keep track of
+  // value-parameterized tests and instantiate and register them.
+  internal::ParameterizedTestCaseRegistry& parameterized_test_registry() {
+    return parameterized_test_registry_;
+  }
+#endif  // GTEST_HAS_PARAM_TEST
+
+  // Sets the TestCase object for the test that's currently running.
+  void set_current_test_case(TestCase* a_current_test_case) {
+    current_test_case_ = a_current_test_case;
+  }
+
+  // Sets the TestInfo object for the test that's currently running.  If
+  // current_test_info is NULL, the assertion results will be stored in
+  // ad_hoc_test_result_.
+  void set_current_test_info(TestInfo* a_current_test_info) {
+    current_test_info_ = a_current_test_info;
+  }
+
+  // Registers all parameterized tests defined using TEST_P and
+  // INSTANTIATE_TEST_CASE_P, creating regular tests for each test/parameter
+  // combination. This method can be called more then once; it has guards
+  // protecting from registering the tests more then once.  If
+  // value-parameterized tests are disabled, RegisterParameterizedTests is
+  // present but does nothing.
+  void RegisterParameterizedTests();
+
+  // Runs all tests in this UnitTest object, prints the result, and
+  // returns true if all tests are successful.  If any exception is
+  // thrown during a test, this test is considered to be failed, but
+  // the rest of the tests will still be run.
+  bool RunAllTests();
+
+  // Clears the results of all tests, except the ad hoc tests.
+  void ClearNonAdHocTestResult() {
+    ForEach(test_cases_, TestCase::ClearTestCaseResult);
+  }
+
+  // Clears the results of ad-hoc test assertions.
+  void ClearAdHocTestResult() {
+    ad_hoc_test_result_.Clear();
+  }
+
+  // Adds a TestProperty to the current TestResult object when invoked in a
+  // context of a test or a test case, or to the global property set. If the
+  // result already contains a property with the same key, the value will be
+  // updated.
+  void RecordProperty(const TestProperty& test_property);
+
+  enum ReactionToSharding {
+    HONOR_SHARDING_PROTOCOL,
+    IGNORE_SHARDING_PROTOCOL
+  };
+
+  // Matches the full name of each test against the user-specified
+  // filter to decide whether the test should run, then records the
+  // result in each TestCase and TestInfo object.
+  // If shard_tests == HONOR_SHARDING_PROTOCOL, further filters tests
+  // based on sharding variables in the environment.
+  // Returns the number of tests that should run.
+  int FilterTests(ReactionToSharding shard_tests);
+
+  // Prints the names of the tests matching the user-specified filter flag.
+  void ListTestsMatchingFilter();
+
+  const TestCase* current_test_case() const { return current_test_case_; }
+  TestInfo* current_test_info() { return current_test_info_; }
+  const TestInfo* current_test_info() const { return current_test_info_; }
+
+  // Returns the vector of environments that need to be set-up/torn-down
+  // before/after the tests are run.
+  std::vector<Environment*>& environments() { return environments_; }
+
+  // Getters for the per-thread Google Test trace stack.
+  std::vector<TraceInfo>& gtest_trace_stack() {
+    return *(gtest_trace_stack_.pointer());
+  }
+  const std::vector<TraceInfo>& gtest_trace_stack() const {
+    return gtest_trace_stack_.get();
+  }
+
+#if GTEST_HAS_DEATH_TEST
+  void InitDeathTestSubprocessControlInfo() {
+    internal_run_death_test_flag_.reset(ParseInternalRunDeathTestFlag());
+  }
+  // Returns a pointer to the parsed --gtest_internal_run_death_test
+  // flag, or NULL if that flag was not specified.
+  // This information is useful only in a death test child process.
+  // Must not be called before a call to InitGoogleTest.
+  const InternalRunDeathTestFlag* internal_run_death_test_flag() const {
+    return internal_run_death_test_flag_.get();
+  }
+
+  // Returns a pointer to the current death test factory.
+  internal::DeathTestFactory* death_test_factory() {
+    return death_test_factory_.get();
+  }
+
+  void SuppressTestEventsIfInSubprocess();
+
+  friend class ReplaceDeathTestFactory;
+#endif  // GTEST_HAS_DEATH_TEST
+
+  // Initializes the event listener performing XML output as specified by
+  // UnitTestOptions. Must not be called before InitGoogleTest.
+  void ConfigureXmlOutput();
+
+#if GTEST_CAN_STREAM_RESULTS_
+  // Initializes the event listener for streaming test results to a socket.
+  // Must not be called before InitGoogleTest.
+  void ConfigureStreamingOutput();
+#endif
+
+  // Performs initialization dependent upon flag values obtained in
+  // ParseGoogleTestFlagsOnly.  Is called from InitGoogleTest after the call to
+  // ParseGoogleTestFlagsOnly.  In case a user neglects to call InitGoogleTest
+  // this function is also called from RunAllTests.  Since this function can be
+  // called more than once, it has to be idempotent.
+  void PostFlagParsingInit();
+
+  // Gets the random seed used at the start of the current test iteration.
+  int random_seed() const { return random_seed_; }
+
+  // Gets the random number generator.
+  internal::Random* random() { return &random_; }
+
+  // Shuffles all test cases, and the tests within each test case,
+  // making sure that death tests are still run first.
+  void ShuffleTests();
+
+  // Restores the test cases and tests to their order before the first shuffle.
+  void UnshuffleTests();
+
+  // Returns the value of GTEST_FLAG(catch_exceptions) at the moment
+  // UnitTest::Run() starts.
+  bool catch_exceptions() const { return catch_exceptions_; }
+
+ private:
+  friend class ::testing::UnitTest;
+
+  // Used by UnitTest::Run() to capture the state of
+  // GTEST_FLAG(catch_exceptions) at the moment it starts.
+  void set_catch_exceptions(bool value) { catch_exceptions_ = value; }
+
+  // The UnitTest object that owns this implementation object.
+  UnitTest* const parent_;
+
+  // The working directory when the first TEST() or TEST_F() was
+  // executed.
+  internal::FilePath original_working_dir_;
+
+  // The default test part result reporters.
+  DefaultGlobalTestPartResultReporter default_global_test_part_result_reporter_;
+  DefaultPerThreadTestPartResultReporter
+      default_per_thread_test_part_result_reporter_;
+
+  // Points to (but doesn't own) the global test part result reporter.
+  TestPartResultReporterInterface* global_test_part_result_repoter_;
+
+  // Protects read and write access to global_test_part_result_reporter_.
+  internal::Mutex global_test_part_result_reporter_mutex_;
+
+  // Points to (but doesn't own) the per-thread test part result reporter.
+  internal::ThreadLocal<TestPartResultReporterInterface*>
+      per_thread_test_part_result_reporter_;
+
+  // The vector of environments that need to be set-up/torn-down
+  // before/after the tests are run.
+  std::vector<Environment*> environments_;
+
+  // The vector of TestCases in their original order.  It owns the
+  // elements in the vector.
+  std::vector<TestCase*> test_cases_;
+
+  // Provides a level of indirection for the test case list to allow
+  // easy shuffling and restoring the test case order.  The i-th
+  // element of this vector is the index of the i-th test case in the
+  // shuffled order.
+  std::vector<int> test_case_indices_;
+
+#if GTEST_HAS_PARAM_TEST
+  // ParameterizedTestRegistry object used to register value-parameterized
+  // tests.
+  internal::ParameterizedTestCaseRegistry parameterized_test_registry_;
+
+  // Indicates whether RegisterParameterizedTests() has been called already.
+  bool parameterized_tests_registered_;
+#endif  // GTEST_HAS_PARAM_TEST
+
+  // Index of the last death test case registered.  Initially -1.
+  int last_death_test_case_;
+
+  // This points to the TestCase for the currently running test.  It
+  // changes as Google Test goes through one test case after another.
+  // When no test is running, this is set to NULL and Google Test
+  // stores assertion results in ad_hoc_test_result_.  Initially NULL.
+  TestCase* current_test_case_;
+
+  // This points to the TestInfo for the currently running test.  It
+  // changes as Google Test goes through one test after another.  When
+  // no test is running, this is set to NULL and Google Test stores
+  // assertion results in ad_hoc_test_result_.  Initially NULL.
+  TestInfo* current_test_info_;
+
+  // Normally, a user only writes assertions inside a TEST or TEST_F,
+  // or inside a function called by a TEST or TEST_F.  Since Google
+  // Test keeps track of which test is current running, it can
+  // associate such an assertion with the test it belongs to.
+  //
+  // If an assertion is encountered when no TEST or TEST_F is running,
+  // Google Test attributes the assertion result to an imaginary "ad hoc"
+  // test, and records the result in ad_hoc_test_result_.
+  TestResult ad_hoc_test_result_;
+
+  // The list of event listeners that can be used to track events inside
+  // Google Test.
+  TestEventListeners listeners_;
+
+  // The OS stack trace getter.  Will be deleted when the UnitTest
+  // object is destructed.  By default, an OsStackTraceGetter is used,
+  // but the user can set this field to use a custom getter if that is
+  // desired.
+  OsStackTraceGetterInterface* os_stack_trace_getter_;
+
+  // True iff PostFlagParsingInit() has been called.
+  bool post_flag_parse_init_performed_;
+
+  // The random number seed used at the beginning of the test run.
+  int random_seed_;
+
+  // Our random number generator.
+  internal::Random random_;
+
+  // The time of the test program start, in ms from the start of the
+  // UNIX epoch.
+  TimeInMillis start_timestamp_;
+
+  // How long the test took to run, in milliseconds.
+  TimeInMillis elapsed_time_;
+
+#if GTEST_HAS_DEATH_TEST
+  // The decomposed components of the gtest_internal_run_death_test flag,
+  // parsed when RUN_ALL_TESTS is called.
+  internal::scoped_ptr<InternalRunDeathTestFlag> internal_run_death_test_flag_;
+  internal::scoped_ptr<internal::DeathTestFactory> death_test_factory_;
+#endif  // GTEST_HAS_DEATH_TEST
+
+  // A per-thread stack of traces created by the SCOPED_TRACE() macro.
+  internal::ThreadLocal<std::vector<TraceInfo> > gtest_trace_stack_;
+
+  // The value of GTEST_FLAG(catch_exceptions) at the moment RunAllTests()
+  // starts.
+  bool catch_exceptions_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(UnitTestImpl);
+};  // class UnitTestImpl
+
+// Convenience function for accessing the global UnitTest
+// implementation object.
+inline UnitTestImpl* GetUnitTestImpl() {
+  return UnitTest::GetInstance()->impl();
+}
+
+#if GTEST_USES_SIMPLE_RE
+
+// Internal helper functions for implementing the simple regular
+// expression matcher.
+GTEST_API_ bool IsInSet(char ch, const char* str);
+GTEST_API_ bool IsAsciiDigit(char ch);
+GTEST_API_ bool IsAsciiPunct(char ch);
+GTEST_API_ bool IsRepeat(char ch);
+GTEST_API_ bool IsAsciiWhiteSpace(char ch);
+GTEST_API_ bool IsAsciiWordChar(char ch);
+GTEST_API_ bool IsValidEscape(char ch);
+GTEST_API_ bool AtomMatchesChar(bool escaped, char pattern, char ch);
+GTEST_API_ bool ValidateRegex(const char* regex);
+GTEST_API_ bool MatchRegexAtHead(const char* regex, const char* str);
+GTEST_API_ bool MatchRepetitionAndRegexAtHead(
+    bool escaped, char ch, char repeat, const char* regex, const char* str);
+GTEST_API_ bool MatchRegexAnywhere(const char* regex, const char* str);
+
+#endif  // GTEST_USES_SIMPLE_RE
+
+// Parses the command line for Google Test flags, without initializing
+// other parts of Google Test.
+GTEST_API_ void ParseGoogleTestFlagsOnly(int* argc, char** argv);
+GTEST_API_ void ParseGoogleTestFlagsOnly(int* argc, wchar_t** argv);
+
+#if GTEST_HAS_DEATH_TEST
+
+// Returns the message describing the last system error, regardless of the
+// platform.
+GTEST_API_ std::string GetLastErrnoDescription();
+
+// Attempts to parse a string into a positive integer pointed to by the
+// number parameter.  Returns true if that is possible.
+// GTEST_HAS_DEATH_TEST implies that we have ::std::string, so we can use
+// it here.
+template <typename Integer>
+bool ParseNaturalNumber(const ::std::string& str, Integer* number) {
+  // Fail fast if the given string does not begin with a digit;
+  // this bypasses strtoXXX's "optional leading whitespace and plus
+  // or minus sign" semantics, which are undesirable here.
+  if (str.empty() || !IsDigit(str[0])) {
+    return false;
+  }
+  errno = 0;
+
+  char* end;
+  // BiggestConvertible is the largest integer type that system-provided
+  // string-to-number conversion routines can return.
+
+# if GTEST_OS_WINDOWS && !defined(__GNUC__)
+
+  // MSVC and C++ Builder define __int64 instead of the standard long long.
+  typedef unsigned __int64 BiggestConvertible;
+  const BiggestConvertible parsed = _strtoui64(str.c_str(), &end, 10);
+
+# else
+
+  typedef unsigned long long BiggestConvertible;  // NOLINT
+  const BiggestConvertible parsed = strtoull(str.c_str(), &end, 10);
+
+# endif  // GTEST_OS_WINDOWS && !defined(__GNUC__)
+
+  const bool parse_success = *end == '\0' && errno == 0;
+
+  // TODO(vladl@google.com): Convert this to compile time assertion when it is
+  // available.
+  GTEST_CHECK_(sizeof(Integer) <= sizeof(parsed));
+
+  const Integer result = static_cast<Integer>(parsed);
+  if (parse_success && static_cast<BiggestConvertible>(result) == parsed) {
+    *number = result;
+    return true;
+  }
+  return false;
+}
+#endif  // GTEST_HAS_DEATH_TEST
+
+// TestResult contains some private methods that should be hidden from
+// Google Test user but are required for testing. This class allow our tests
+// to access them.
+//
+// This class is supplied only for the purpose of testing Google Test's own
+// constructs. Do not use it in user tests, either directly or indirectly.
+class TestResultAccessor {
+ public:
+  static void RecordProperty(TestResult* test_result,
+                             const std::string& xml_element,
+                             const TestProperty& property) {
+    test_result->RecordProperty(xml_element, property);
+  }
+
+  static void ClearTestPartResults(TestResult* test_result) {
+    test_result->ClearTestPartResults();
+  }
+
+  static const std::vector<testing::TestPartResult>& test_part_results(
+      const TestResult& test_result) {
+    return test_result.test_part_results();
+  }
+};
+
+#if GTEST_CAN_STREAM_RESULTS_
+
+// Streams test results to the given port on the given host machine.
+class StreamingListener : public EmptyTestEventListener {
+ public:
+  // Abstract base class for writing strings to a socket.
+  class AbstractSocketWriter {
+   public:
+    virtual ~AbstractSocketWriter() {}
+
+    // Sends a string to the socket.
+    virtual void Send(const string& message) = 0;
+
+    // Closes the socket.
+    virtual void CloseConnection() {}
+
+    // Sends a string and a newline to the socket.
+    void SendLn(const string& message) {
+      Send(message + "\n");
+    }
+  };
+
+  // Concrete class for actually writing strings to a socket.
+  class SocketWriter : public AbstractSocketWriter {
+   public:
+    SocketWriter(const string& host, const string& port)
+        : sockfd_(-1), host_name_(host), port_num_(port) {
+      MakeConnection();
+    }
+
+    virtual ~SocketWriter() {
+      if (sockfd_ != -1)
+        CloseConnection();
+    }
+
+    // Sends a string to the socket.
+    virtual void Send(const string& message) {
+      GTEST_CHECK_(sockfd_ != -1)
+          << "Send() can be called only when there is a connection.";
+
+      const int len = static_cast<int>(message.length());
+      if (write(sockfd_, message.c_str(), len) != len) {
+        GTEST_LOG_(WARNING)
+            << "stream_result_to: failed to stream to "
+            << host_name_ << ":" << port_num_;
+      }
+    }
+
+   private:
+    // Creates a client socket and connects to the server.
+    void MakeConnection();
+
+    // Closes the socket.
+    void CloseConnection() {
+      GTEST_CHECK_(sockfd_ != -1)
+          << "CloseConnection() can be called only when there is a connection.";
+
+      close(sockfd_);
+      sockfd_ = -1;
+    }
+
+    int sockfd_;  // socket file descriptor
+    const string host_name_;
+    const string port_num_;
+
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(SocketWriter);
+  };  // class SocketWriter
+
+  // Escapes '=', '&', '%', and '\n' characters in str as "%xx".
+  static string UrlEncode(const char* str);
+
+  StreamingListener(const string& host, const string& port)
+      : socket_writer_(new SocketWriter(host, port)) { Start(); }
+
+  explicit StreamingListener(AbstractSocketWriter* socket_writer)
+      : socket_writer_(socket_writer) { Start(); }
+
+  void OnTestProgramStart(const UnitTest& /* unit_test */) {
+    SendLn("event=TestProgramStart");
+  }
+
+  void OnTestProgramEnd(const UnitTest& unit_test) {
+    // Note that Google Test current only report elapsed time for each
+    // test iteration, not for the entire test program.
+    SendLn("event=TestProgramEnd&passed=" + FormatBool(unit_test.Passed()));
+
+    // Notify the streaming server to stop.
+    socket_writer_->CloseConnection();
+  }
+
+  void OnTestIterationStart(const UnitTest& /* unit_test */, int iteration) {
+    SendLn("event=TestIterationStart&iteration=" +
+           StreamableToString(iteration));
+  }
+
+  void OnTestIterationEnd(const UnitTest& unit_test, int /* iteration */) {
+    SendLn("event=TestIterationEnd&passed=" +
+           FormatBool(unit_test.Passed()) + "&elapsed_time=" +
+           StreamableToString(unit_test.elapsed_time()) + "ms");
+  }
+
+  void OnTestCaseStart(const TestCase& test_case) {
+    SendLn(std::string("event=TestCaseStart&name=") + test_case.name());
+  }
+
+  void OnTestCaseEnd(const TestCase& test_case) {
+    SendLn("event=TestCaseEnd&passed=" + FormatBool(test_case.Passed())
+           + "&elapsed_time=" + StreamableToString(test_case.elapsed_time())
+           + "ms");
+  }
+
+  void OnTestStart(const TestInfo& test_info) {
+    SendLn(std::string("event=TestStart&name=") + test_info.name());
+  }
+
+  void OnTestEnd(const TestInfo& test_info) {
+    SendLn("event=TestEnd&passed=" +
+           FormatBool((test_info.result())->Passed()) +
+           "&elapsed_time=" +
+           StreamableToString((test_info.result())->elapsed_time()) + "ms");
+  }
+
+  void OnTestPartResult(const TestPartResult& test_part_result) {
+    const char* file_name = test_part_result.file_name();
+    if (file_name == NULL)
+      file_name = "";
+    SendLn("event=TestPartResult&file=" + UrlEncode(file_name) +
+           "&line=" + StreamableToString(test_part_result.line_number()) +
+           "&message=" + UrlEncode(test_part_result.message()));
+  }
+
+ private:
+  // Sends the given message and a newline to the socket.
+  void SendLn(const string& message) { socket_writer_->SendLn(message); }
+
+  // Called at the start of streaming to notify the receiver what
+  // protocol we are using.
+  void Start() { SendLn("gtest_streaming_protocol_version=1.0"); }
+
+  string FormatBool(bool value) { return value ? "1" : "0"; }
+
+  const scoped_ptr<AbstractSocketWriter> socket_writer_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(StreamingListener);
+};  // class StreamingListener
+
+#endif  // GTEST_CAN_STREAM_RESULTS_
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_SRC_GTEST_INTERNAL_INL_H_
diff --git a/nss/external_tests/google_test/gtest/src/gtest-port.cc b/nss/external_tests/google_test/gtest/src/gtest-port.cc
new file mode 100644
index 0000000..b032745
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-port.cc
@@ -0,0 +1,1184 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/internal/gtest-port.h"
+
+#include <limits.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#if GTEST_OS_WINDOWS
+# include <windows.h>
+# include <io.h>
+# include <sys/stat.h>
+# include <map>  // Used in ThreadLocal.
+#else
+# include <unistd.h>
+#endif  // GTEST_OS_WINDOWS
+
+#if GTEST_OS_MAC
+# include <mach/mach_init.h>
+# include <mach/task.h>
+# include <mach/vm_map.h>
+#endif  // GTEST_OS_MAC
+
+#if GTEST_OS_QNX
+# include <devctl.h>
+# include <fcntl.h>
+# include <sys/procfs.h>
+#endif  // GTEST_OS_QNX
+
+#include "gtest/gtest-spi.h"
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-string.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick exists to
+// prevent the accidental inclusion of gtest-internal-inl.h in the
+// user's code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+namespace internal {
+
+#if defined(_MSC_VER) || defined(__BORLANDC__)
+// MSVC and C++Builder do not provide a definition of STDERR_FILENO.
+const int kStdOutFileno = 1;
+const int kStdErrFileno = 2;
+#else
+const int kStdOutFileno = STDOUT_FILENO;
+const int kStdErrFileno = STDERR_FILENO;
+#endif  // _MSC_VER
+
+#if GTEST_OS_MAC
+
+// Returns the number of threads running in the process, or 0 to indicate that
+// we cannot detect it.
+size_t GetThreadCount() {
+  const task_t task = mach_task_self();
+  mach_msg_type_number_t thread_count;
+  thread_act_array_t thread_list;
+  const kern_return_t status = task_threads(task, &thread_list, &thread_count);
+  if (status == KERN_SUCCESS) {
+    // task_threads allocates resources in thread_list and we need to free them
+    // to avoid leaks.
+    vm_deallocate(task,
+                  reinterpret_cast<vm_address_t>(thread_list),
+                  sizeof(thread_t) * thread_count);
+    return static_cast<size_t>(thread_count);
+  } else {
+    return 0;
+  }
+}
+
+#elif GTEST_OS_QNX
+
+// Returns the number of threads running in the process, or 0 to indicate that
+// we cannot detect it.
+size_t GetThreadCount() {
+  const int fd = open("/proc/self/as", O_RDONLY);
+  if (fd < 0) {
+    return 0;
+  }
+  procfs_info process_info;
+  const int status =
+      devctl(fd, DCMD_PROC_INFO, &process_info, sizeof(process_info), NULL);
+  close(fd);
+  if (status == EOK) {
+    return static_cast<size_t>(process_info.num_threads);
+  } else {
+    return 0;
+  }
+}
+
+#else
+
+size_t GetThreadCount() {
+  // There's no portable way to detect the number of threads, so we just
+  // return 0 to indicate that we cannot detect it.
+  return 0;
+}
+
+#endif  // GTEST_OS_MAC
+
+#if GTEST_IS_THREADSAFE && GTEST_OS_WINDOWS
+
+void SleepMilliseconds(int n) {
+  ::Sleep(n);
+}
+
+AutoHandle::AutoHandle()
+    : handle_(INVALID_HANDLE_VALUE) {}
+
+AutoHandle::AutoHandle(Handle handle)
+    : handle_(handle) {}
+
+AutoHandle::~AutoHandle() {
+  Reset();
+}
+
+AutoHandle::Handle AutoHandle::Get() const {
+  return handle_;
+}
+
+void AutoHandle::Reset() {
+  Reset(INVALID_HANDLE_VALUE);
+}
+
+void AutoHandle::Reset(HANDLE handle) {
+  // Resetting with the same handle we already own is invalid.
+  if (handle_ != handle) {
+    if (IsCloseable()) {
+      ::CloseHandle(handle_);
+    }
+    handle_ = handle;
+  } else {
+    GTEST_CHECK_(!IsCloseable())
+        << "Resetting a valid handle to itself is likely a programmer error "
+            "and thus not allowed.";
+  }
+}
+
+bool AutoHandle::IsCloseable() const {
+  // Different Windows APIs may use either of these values to represent an
+  // invalid handle.
+  return handle_ != NULL && handle_ != INVALID_HANDLE_VALUE;
+}
+
+Notification::Notification()
+    : event_(::CreateEvent(NULL,   // Default security attributes.
+                           TRUE,   // Do not reset automatically.
+                           FALSE,  // Initially unset.
+                           NULL)) {  // Anonymous event.
+  GTEST_CHECK_(event_.Get() != NULL);
+}
+
+void Notification::Notify() {
+  GTEST_CHECK_(::SetEvent(event_.Get()) != FALSE);
+}
+
+void Notification::WaitForNotification() {
+  GTEST_CHECK_(
+      ::WaitForSingleObject(event_.Get(), INFINITE) == WAIT_OBJECT_0);
+}
+
+Mutex::Mutex()
+    : type_(kDynamic),
+      owner_thread_id_(0),
+      critical_section_init_phase_(0),
+      critical_section_(new CRITICAL_SECTION) {
+  ::InitializeCriticalSection(critical_section_);
+}
+
+Mutex::~Mutex() {
+  // Static mutexes are leaked intentionally. It is not thread-safe to try
+  // to clean them up.
+  // TODO(yukawa): Switch to Slim Reader/Writer (SRW) Locks, which requires
+  // nothing to clean it up but is available only on Vista and later.
+  // http://msdn.microsoft.com/en-us/library/windows/desktop/aa904937.aspx
+  if (type_ == kDynamic) {
+    ::DeleteCriticalSection(critical_section_);
+    delete critical_section_;
+    critical_section_ = NULL;
+  }
+}
+
+void Mutex::Lock() {
+  ThreadSafeLazyInit();
+  ::EnterCriticalSection(critical_section_);
+  owner_thread_id_ = ::GetCurrentThreadId();
+}
+
+void Mutex::Unlock() {
+  ThreadSafeLazyInit();
+  // We don't protect writing to owner_thread_id_ here, as it's the
+  // caller's responsibility to ensure that the current thread holds the
+  // mutex when this is called.
+  owner_thread_id_ = 0;
+  ::LeaveCriticalSection(critical_section_);
+}
+
+// Does nothing if the current thread holds the mutex. Otherwise, crashes
+// with high probability.
+void Mutex::AssertHeld() {
+  ThreadSafeLazyInit();
+  GTEST_CHECK_(owner_thread_id_ == ::GetCurrentThreadId())
+      << "The current thread is not holding the mutex @" << this;
+}
+
+// Initializes owner_thread_id_ and critical_section_ in static mutexes.
+void Mutex::ThreadSafeLazyInit() {
+  // Dynamic mutexes are initialized in the constructor.
+  if (type_ == kStatic) {
+    switch (
+        ::InterlockedCompareExchange(&critical_section_init_phase_, 1L, 0L)) {
+      case 0:
+        // If critical_section_init_phase_ was 0 before the exchange, we
+        // are the first to test it and need to perform the initialization.
+        owner_thread_id_ = 0;
+        critical_section_ = new CRITICAL_SECTION;
+        ::InitializeCriticalSection(critical_section_);
+        // Updates the critical_section_init_phase_ to 2 to signal
+        // initialization complete.
+        GTEST_CHECK_(::InterlockedCompareExchange(
+                          &critical_section_init_phase_, 2L, 1L) ==
+                      1L);
+        break;
+      case 1:
+        // Somebody else is already initializing the mutex; spin until they
+        // are done.
+        while (::InterlockedCompareExchange(&critical_section_init_phase_,
+                                            2L,
+                                            2L) != 2L) {
+          // Possibly yields the rest of the thread's time slice to other
+          // threads.
+          ::Sleep(0);
+        }
+        break;
+
+      case 2:
+        break;  // The mutex is already initialized and ready for use.
+
+      default:
+        GTEST_CHECK_(false)
+            << "Unexpected value of critical_section_init_phase_ "
+            << "while initializing a static mutex.";
+    }
+  }
+}
+
+namespace {
+
+class ThreadWithParamSupport : public ThreadWithParamBase {
+ public:
+  static HANDLE CreateThread(Runnable* runnable,
+                             Notification* thread_can_start) {
+    ThreadMainParam* param = new ThreadMainParam(runnable, thread_can_start);
+    DWORD thread_id;
+    // TODO(yukawa): Consider to use _beginthreadex instead.
+    HANDLE thread_handle = ::CreateThread(
+        NULL,    // Default security.
+        0,       // Default stack size.
+        &ThreadWithParamSupport::ThreadMain,
+        param,   // Parameter to ThreadMainStatic
+        0x0,     // Default creation flags.
+        &thread_id);  // Need a valid pointer for the call to work under Win98.
+    GTEST_CHECK_(thread_handle != NULL) << "CreateThread failed with error "
+                                        << ::GetLastError() << ".";
+    if (thread_handle == NULL) {
+      delete param;
+    }
+    return thread_handle;
+  }
+
+ private:
+  struct ThreadMainParam {
+    ThreadMainParam(Runnable* runnable, Notification* thread_can_start)
+        : runnable_(runnable),
+          thread_can_start_(thread_can_start) {
+    }
+    scoped_ptr<Runnable> runnable_;
+    // Does not own.
+    Notification* thread_can_start_;
+  };
+
+  static DWORD WINAPI ThreadMain(void* ptr) {
+    // Transfers ownership.
+    scoped_ptr<ThreadMainParam> param(static_cast<ThreadMainParam*>(ptr));
+    if (param->thread_can_start_ != NULL)
+      param->thread_can_start_->WaitForNotification();
+    param->runnable_->Run();
+    return 0;
+  }
+
+  // Prohibit instantiation.
+  ThreadWithParamSupport();
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadWithParamSupport);
+};
+
+}  // namespace
+
+ThreadWithParamBase::ThreadWithParamBase(Runnable *runnable,
+                                         Notification* thread_can_start)
+      : thread_(ThreadWithParamSupport::CreateThread(runnable,
+                                                     thread_can_start)) {
+}
+
+ThreadWithParamBase::~ThreadWithParamBase() {
+  Join();
+}
+
+void ThreadWithParamBase::Join() {
+  GTEST_CHECK_(::WaitForSingleObject(thread_.Get(), INFINITE) == WAIT_OBJECT_0)
+      << "Failed to join the thread with error " << ::GetLastError() << ".";
+}
+
+// Maps a thread to a set of ThreadIdToThreadLocals that have values
+// instantiated on that thread and notifies them when the thread exits.  A
+// ThreadLocal instance is expected to persist until all threads it has
+// values on have terminated.
+class ThreadLocalRegistryImpl {
+ public:
+  // Registers thread_local_instance as having value on the current thread.
+  // Returns a value that can be used to identify the thread from other threads.
+  static ThreadLocalValueHolderBase* GetValueOnCurrentThread(
+      const ThreadLocalBase* thread_local_instance) {
+    DWORD current_thread = ::GetCurrentThreadId();
+    MutexLock lock(&mutex_);
+    ThreadIdToThreadLocals* const thread_to_thread_locals =
+        GetThreadLocalsMapLocked();
+    ThreadIdToThreadLocals::iterator thread_local_pos =
+        thread_to_thread_locals->find(current_thread);
+    if (thread_local_pos == thread_to_thread_locals->end()) {
+      thread_local_pos = thread_to_thread_locals->insert(
+          std::make_pair(current_thread, ThreadLocalValues())).first;
+      StartWatcherThreadFor(current_thread);
+    }
+    ThreadLocalValues& thread_local_values = thread_local_pos->second;
+    ThreadLocalValues::iterator value_pos =
+        thread_local_values.find(thread_local_instance);
+    if (value_pos == thread_local_values.end()) {
+      value_pos =
+          thread_local_values
+              .insert(std::make_pair(
+                  thread_local_instance,
+                  linked_ptr<ThreadLocalValueHolderBase>(
+                      thread_local_instance->NewValueForCurrentThread())))
+              .first;
+    }
+    return value_pos->second.get();
+  }
+
+  static void OnThreadLocalDestroyed(
+      const ThreadLocalBase* thread_local_instance) {
+    std::vector<linked_ptr<ThreadLocalValueHolderBase> > value_holders;
+    // Clean up the ThreadLocalValues data structure while holding the lock, but
+    // defer the destruction of the ThreadLocalValueHolderBases.
+    {
+      MutexLock lock(&mutex_);
+      ThreadIdToThreadLocals* const thread_to_thread_locals =
+          GetThreadLocalsMapLocked();
+      for (ThreadIdToThreadLocals::iterator it =
+          thread_to_thread_locals->begin();
+          it != thread_to_thread_locals->end();
+          ++it) {
+        ThreadLocalValues& thread_local_values = it->second;
+        ThreadLocalValues::iterator value_pos =
+            thread_local_values.find(thread_local_instance);
+        if (value_pos != thread_local_values.end()) {
+          value_holders.push_back(value_pos->second);
+          thread_local_values.erase(value_pos);
+          // This 'if' can only be successful at most once, so theoretically we
+          // could break out of the loop here, but we don't bother doing so.
+        }
+      }
+    }
+    // Outside the lock, let the destructor for 'value_holders' deallocate the
+    // ThreadLocalValueHolderBases.
+  }
+
+  static void OnThreadExit(DWORD thread_id) {
+    GTEST_CHECK_(thread_id != 0) << ::GetLastError();
+    std::vector<linked_ptr<ThreadLocalValueHolderBase> > value_holders;
+    // Clean up the ThreadIdToThreadLocals data structure while holding the
+    // lock, but defer the destruction of the ThreadLocalValueHolderBases.
+    {
+      MutexLock lock(&mutex_);
+      ThreadIdToThreadLocals* const thread_to_thread_locals =
+          GetThreadLocalsMapLocked();
+      ThreadIdToThreadLocals::iterator thread_local_pos =
+          thread_to_thread_locals->find(thread_id);
+      if (thread_local_pos != thread_to_thread_locals->end()) {
+        ThreadLocalValues& thread_local_values = thread_local_pos->second;
+        for (ThreadLocalValues::iterator value_pos =
+            thread_local_values.begin();
+            value_pos != thread_local_values.end();
+            ++value_pos) {
+          value_holders.push_back(value_pos->second);
+        }
+        thread_to_thread_locals->erase(thread_local_pos);
+      }
+    }
+    // Outside the lock, let the destructor for 'value_holders' deallocate the
+    // ThreadLocalValueHolderBases.
+  }
+
+ private:
+  // In a particular thread, maps a ThreadLocal object to its value.
+  typedef std::map<const ThreadLocalBase*,
+                   linked_ptr<ThreadLocalValueHolderBase> > ThreadLocalValues;
+  // Stores all ThreadIdToThreadLocals having values in a thread, indexed by
+  // thread's ID.
+  typedef std::map<DWORD, ThreadLocalValues> ThreadIdToThreadLocals;
+
+  // Holds the thread id and thread handle that we pass from
+  // StartWatcherThreadFor to WatcherThreadFunc.
+  typedef std::pair<DWORD, HANDLE> ThreadIdAndHandle;
+
+  static void StartWatcherThreadFor(DWORD thread_id) {
+    // The returned handle will be kept in thread_map and closed by
+    // watcher_thread in WatcherThreadFunc.
+    HANDLE thread = ::OpenThread(SYNCHRONIZE | THREAD_QUERY_INFORMATION,
+                                 FALSE,
+                                 thread_id);
+    GTEST_CHECK_(thread != NULL);
+    // We need to to pass a valid thread ID pointer into CreateThread for it
+    // to work correctly under Win98.
+    DWORD watcher_thread_id;
+    HANDLE watcher_thread = ::CreateThread(
+        NULL,   // Default security.
+        0,      // Default stack size
+        &ThreadLocalRegistryImpl::WatcherThreadFunc,
+        reinterpret_cast<LPVOID>(new ThreadIdAndHandle(thread_id, thread)),
+        CREATE_SUSPENDED,
+        &watcher_thread_id);
+    GTEST_CHECK_(watcher_thread != NULL);
+    // Give the watcher thread the same priority as ours to avoid being
+    // blocked by it.
+    ::SetThreadPriority(watcher_thread,
+                        ::GetThreadPriority(::GetCurrentThread()));
+    ::ResumeThread(watcher_thread);
+    ::CloseHandle(watcher_thread);
+  }
+
+  // Monitors exit from a given thread and notifies those
+  // ThreadIdToThreadLocals about thread termination.
+  static DWORD WINAPI WatcherThreadFunc(LPVOID param) {
+    const ThreadIdAndHandle* tah =
+        reinterpret_cast<const ThreadIdAndHandle*>(param);
+    GTEST_CHECK_(
+        ::WaitForSingleObject(tah->second, INFINITE) == WAIT_OBJECT_0);
+    OnThreadExit(tah->first);
+    ::CloseHandle(tah->second);
+    delete tah;
+    return 0;
+  }
+
+  // Returns map of thread local instances.
+  static ThreadIdToThreadLocals* GetThreadLocalsMapLocked() {
+    mutex_.AssertHeld();
+    static ThreadIdToThreadLocals* map = new ThreadIdToThreadLocals;
+    return map;
+  }
+
+  // Protects access to GetThreadLocalsMapLocked() and its return value.
+  static Mutex mutex_;
+  // Protects access to GetThreadMapLocked() and its return value.
+  static Mutex thread_map_mutex_;
+};
+
+Mutex ThreadLocalRegistryImpl::mutex_(Mutex::kStaticMutex);
+Mutex ThreadLocalRegistryImpl::thread_map_mutex_(Mutex::kStaticMutex);
+
+ThreadLocalValueHolderBase* ThreadLocalRegistry::GetValueOnCurrentThread(
+      const ThreadLocalBase* thread_local_instance) {
+  return ThreadLocalRegistryImpl::GetValueOnCurrentThread(
+      thread_local_instance);
+}
+
+void ThreadLocalRegistry::OnThreadLocalDestroyed(
+      const ThreadLocalBase* thread_local_instance) {
+  ThreadLocalRegistryImpl::OnThreadLocalDestroyed(thread_local_instance);
+}
+
+#endif  // GTEST_IS_THREADSAFE && GTEST_OS_WINDOWS
+
+#if GTEST_USES_POSIX_RE
+
+// Implements RE.  Currently only needed for death tests.
+
+RE::~RE() {
+  if (is_valid_) {
+    // regfree'ing an invalid regex might crash because the content
+    // of the regex is undefined. Since the regex's are essentially
+    // the same, one cannot be valid (or invalid) without the other
+    // being so too.
+    regfree(&partial_regex_);
+    regfree(&full_regex_);
+  }
+  free(const_cast<char*>(pattern_));
+}
+
+// Returns true iff regular expression re matches the entire str.
+bool RE::FullMatch(const char* str, const RE& re) {
+  if (!re.is_valid_) return false;
+
+  regmatch_t match;
+  return regexec(&re.full_regex_, str, 1, &match, 0) == 0;
+}
+
+// Returns true iff regular expression re matches a substring of str
+// (including str itself).
+bool RE::PartialMatch(const char* str, const RE& re) {
+  if (!re.is_valid_) return false;
+
+  regmatch_t match;
+  return regexec(&re.partial_regex_, str, 1, &match, 0) == 0;
+}
+
+// Initializes an RE from its string representation.
+void RE::Init(const char* regex) {
+  pattern_ = posix::StrDup(regex);
+
+  // Reserves enough bytes to hold the regular expression used for a
+  // full match.
+  const size_t full_regex_len = strlen(regex) + 10;
+  char* const full_pattern = new char[full_regex_len];
+
+  snprintf(full_pattern, full_regex_len, "^(%s)$", regex);
+  is_valid_ = regcomp(&full_regex_, full_pattern, REG_EXTENDED) == 0;
+  // We want to call regcomp(&partial_regex_, ...) even if the
+  // previous expression returns false.  Otherwise partial_regex_ may
+  // not be properly initialized can may cause trouble when it's
+  // freed.
+  //
+  // Some implementation of POSIX regex (e.g. on at least some
+  // versions of Cygwin) doesn't accept the empty string as a valid
+  // regex.  We change it to an equivalent form "()" to be safe.
+  if (is_valid_) {
+    const char* const partial_regex = (*regex == '\0') ? "()" : regex;
+    is_valid_ = regcomp(&partial_regex_, partial_regex, REG_EXTENDED) == 0;
+  }
+  EXPECT_TRUE(is_valid_)
+      << "Regular expression \"" << regex
+      << "\" is not a valid POSIX Extended regular expression.";
+
+  delete[] full_pattern;
+}
+
+#elif GTEST_USES_SIMPLE_RE
+
+// Returns true iff ch appears anywhere in str (excluding the
+// terminating '\0' character).
+bool IsInSet(char ch, const char* str) {
+  return ch != '\0' && strchr(str, ch) != NULL;
+}
+
+// Returns true iff ch belongs to the given classification.  Unlike
+// similar functions in <ctype.h>, these aren't affected by the
+// current locale.
+bool IsAsciiDigit(char ch) { return '0' <= ch && ch <= '9'; }
+bool IsAsciiPunct(char ch) {
+  return IsInSet(ch, "^-!\"#$%&'()*+,./:;<=>?@[\\]_`{|}~");
+}
+bool IsRepeat(char ch) { return IsInSet(ch, "?*+"); }
+bool IsAsciiWhiteSpace(char ch) { return IsInSet(ch, " \f\n\r\t\v"); }
+bool IsAsciiWordChar(char ch) {
+  return ('a' <= ch && ch <= 'z') || ('A' <= ch && ch <= 'Z') ||
+      ('0' <= ch && ch <= '9') || ch == '_';
+}
+
+// Returns true iff "\\c" is a supported escape sequence.
+bool IsValidEscape(char c) {
+  return (IsAsciiPunct(c) || IsInSet(c, "dDfnrsStvwW"));
+}
+
+// Returns true iff the given atom (specified by escaped and pattern)
+// matches ch.  The result is undefined if the atom is invalid.
+bool AtomMatchesChar(bool escaped, char pattern_char, char ch) {
+  if (escaped) {  // "\\p" where p is pattern_char.
+    switch (pattern_char) {
+      case 'd': return IsAsciiDigit(ch);
+      case 'D': return !IsAsciiDigit(ch);
+      case 'f': return ch == '\f';
+      case 'n': return ch == '\n';
+      case 'r': return ch == '\r';
+      case 's': return IsAsciiWhiteSpace(ch);
+      case 'S': return !IsAsciiWhiteSpace(ch);
+      case 't': return ch == '\t';
+      case 'v': return ch == '\v';
+      case 'w': return IsAsciiWordChar(ch);
+      case 'W': return !IsAsciiWordChar(ch);
+    }
+    return IsAsciiPunct(pattern_char) && pattern_char == ch;
+  }
+
+  return (pattern_char == '.' && ch != '\n') || pattern_char == ch;
+}
+
+// Helper function used by ValidateRegex() to format error messages.
+std::string FormatRegexSyntaxError(const char* regex, int index) {
+  return (Message() << "Syntax error at index " << index
+          << " in simple regular expression \"" << regex << "\": ").GetString();
+}
+
+// Generates non-fatal failures and returns false if regex is invalid;
+// otherwise returns true.
+bool ValidateRegex(const char* regex) {
+  if (regex == NULL) {
+    // TODO(wan@google.com): fix the source file location in the
+    // assertion failures to match where the regex is used in user
+    // code.
+    ADD_FAILURE() << "NULL is not a valid simple regular expression.";
+    return false;
+  }
+
+  bool is_valid = true;
+
+  // True iff ?, *, or + can follow the previous atom.
+  bool prev_repeatable = false;
+  for (int i = 0; regex[i]; i++) {
+    if (regex[i] == '\\') {  // An escape sequence
+      i++;
+      if (regex[i] == '\0') {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i - 1)
+                      << "'\\' cannot appear at the end.";
+        return false;
+      }
+
+      if (!IsValidEscape(regex[i])) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i - 1)
+                      << "invalid escape sequence \"\\" << regex[i] << "\".";
+        is_valid = false;
+      }
+      prev_repeatable = true;
+    } else {  // Not an escape sequence.
+      const char ch = regex[i];
+
+      if (ch == '^' && i > 0) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'^' can only appear at the beginning.";
+        is_valid = false;
+      } else if (ch == '$' && regex[i + 1] != '\0') {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'$' can only appear at the end.";
+        is_valid = false;
+      } else if (IsInSet(ch, "()[]{}|")) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'" << ch << "' is unsupported.";
+        is_valid = false;
+      } else if (IsRepeat(ch) && !prev_repeatable) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'" << ch << "' can only follow a repeatable token.";
+        is_valid = false;
+      }
+
+      prev_repeatable = !IsInSet(ch, "^$?*+");
+    }
+  }
+
+  return is_valid;
+}
+
+// Matches a repeated regex atom followed by a valid simple regular
+// expression.  The regex atom is defined as c if escaped is false,
+// or \c otherwise.  repeat is the repetition meta character (?, *,
+// or +).  The behavior is undefined if str contains too many
+// characters to be indexable by size_t, in which case the test will
+// probably time out anyway.  We are fine with this limitation as
+// std::string has it too.
+bool MatchRepetitionAndRegexAtHead(
+    bool escaped, char c, char repeat, const char* regex,
+    const char* str) {
+  const size_t min_count = (repeat == '+') ? 1 : 0;
+  const size_t max_count = (repeat == '?') ? 1 :
+      static_cast<size_t>(-1) - 1;
+  // We cannot call numeric_limits::max() as it conflicts with the
+  // max() macro on Windows.
+
+  for (size_t i = 0; i <= max_count; ++i) {
+    // We know that the atom matches each of the first i characters in str.
+    if (i >= min_count && MatchRegexAtHead(regex, str + i)) {
+      // We have enough matches at the head, and the tail matches too.
+      // Since we only care about *whether* the pattern matches str
+      // (as opposed to *how* it matches), there is no need to find a
+      // greedy match.
+      return true;
+    }
+    if (str[i] == '\0' || !AtomMatchesChar(escaped, c, str[i]))
+      return false;
+  }
+  return false;
+}
+
+// Returns true iff regex matches a prefix of str.  regex must be a
+// valid simple regular expression and not start with "^", or the
+// result is undefined.
+bool MatchRegexAtHead(const char* regex, const char* str) {
+  if (*regex == '\0')  // An empty regex matches a prefix of anything.
+    return true;
+
+  // "$" only matches the end of a string.  Note that regex being
+  // valid guarantees that there's nothing after "$" in it.
+  if (*regex == '$')
+    return *str == '\0';
+
+  // Is the first thing in regex an escape sequence?
+  const bool escaped = *regex == '\\';
+  if (escaped)
+    ++regex;
+  if (IsRepeat(regex[1])) {
+    // MatchRepetitionAndRegexAtHead() calls MatchRegexAtHead(), so
+    // here's an indirect recursion.  It terminates as the regex gets
+    // shorter in each recursion.
+    return MatchRepetitionAndRegexAtHead(
+        escaped, regex[0], regex[1], regex + 2, str);
+  } else {
+    // regex isn't empty, isn't "$", and doesn't start with a
+    // repetition.  We match the first atom of regex with the first
+    // character of str and recurse.
+    return (*str != '\0') && AtomMatchesChar(escaped, *regex, *str) &&
+        MatchRegexAtHead(regex + 1, str + 1);
+  }
+}
+
+// Returns true iff regex matches any substring of str.  regex must be
+// a valid simple regular expression, or the result is undefined.
+//
+// The algorithm is recursive, but the recursion depth doesn't exceed
+// the regex length, so we won't need to worry about running out of
+// stack space normally.  In rare cases the time complexity can be
+// exponential with respect to the regex length + the string length,
+// but usually it's must faster (often close to linear).
+bool MatchRegexAnywhere(const char* regex, const char* str) {
+  if (regex == NULL || str == NULL)
+    return false;
+
+  if (*regex == '^')
+    return MatchRegexAtHead(regex + 1, str);
+
+  // A successful match can be anywhere in str.
+  do {
+    if (MatchRegexAtHead(regex, str))
+      return true;
+  } while (*str++ != '\0');
+  return false;
+}
+
+// Implements the RE class.
+
+RE::~RE() {
+  free(const_cast<char*>(pattern_));
+  free(const_cast<char*>(full_pattern_));
+}
+
+// Returns true iff regular expression re matches the entire str.
+bool RE::FullMatch(const char* str, const RE& re) {
+  return re.is_valid_ && MatchRegexAnywhere(re.full_pattern_, str);
+}
+
+// Returns true iff regular expression re matches a substring of str
+// (including str itself).
+bool RE::PartialMatch(const char* str, const RE& re) {
+  return re.is_valid_ && MatchRegexAnywhere(re.pattern_, str);
+}
+
+// Initializes an RE from its string representation.
+void RE::Init(const char* regex) {
+  pattern_ = full_pattern_ = NULL;
+  if (regex != NULL) {
+    pattern_ = posix::StrDup(regex);
+  }
+
+  is_valid_ = ValidateRegex(regex);
+  if (!is_valid_) {
+    // No need to calculate the full pattern when the regex is invalid.
+    return;
+  }
+
+  const size_t len = strlen(regex);
+  // Reserves enough bytes to hold the regular expression used for a
+  // full match: we need space to prepend a '^', append a '$', and
+  // terminate the string with '\0'.
+  char* buffer = static_cast<char*>(malloc(len + 3));
+  full_pattern_ = buffer;
+
+  if (*regex != '^')
+    *buffer++ = '^';  // Makes sure full_pattern_ starts with '^'.
+
+  // We don't use snprintf or strncpy, as they trigger a warning when
+  // compiled with VC++ 8.0.
+  memcpy(buffer, regex, len);
+  buffer += len;
+
+  if (len == 0 || regex[len - 1] != '$')
+    *buffer++ = '$';  // Makes sure full_pattern_ ends with '$'.
+
+  *buffer = '\0';
+}
+
+#endif  // GTEST_USES_POSIX_RE
+
+const char kUnknownFile[] = "unknown file";
+
+// Formats a source file path and a line number as they would appear
+// in an error message from the compiler used to compile this code.
+GTEST_API_ ::std::string FormatFileLocation(const char* file, int line) {
+  const std::string file_name(file == NULL ? kUnknownFile : file);
+
+  if (line < 0) {
+    return file_name + ":";
+  }
+#ifdef _MSC_VER
+  return file_name + "(" + StreamableToString(line) + "):";
+#else
+  return file_name + ":" + StreamableToString(line) + ":";
+#endif  // _MSC_VER
+}
+
+// Formats a file location for compiler-independent XML output.
+// Although this function is not platform dependent, we put it next to
+// FormatFileLocation in order to contrast the two functions.
+// Note that FormatCompilerIndependentFileLocation() does NOT append colon
+// to the file location it produces, unlike FormatFileLocation().
+GTEST_API_ ::std::string FormatCompilerIndependentFileLocation(
+    const char* file, int line) {
+  const std::string file_name(file == NULL ? kUnknownFile : file);
+
+  if (line < 0)
+    return file_name;
+  else
+    return file_name + ":" + StreamableToString(line);
+}
+
+
+GTestLog::GTestLog(GTestLogSeverity severity, const char* file, int line)
+    : severity_(severity) {
+  const char* const marker =
+      severity == GTEST_INFO ?    "[  INFO ]" :
+      severity == GTEST_WARNING ? "[WARNING]" :
+      severity == GTEST_ERROR ?   "[ ERROR ]" : "[ FATAL ]";
+  GetStream() << ::std::endl << marker << " "
+              << FormatFileLocation(file, line).c_str() << ": ";
+}
+
+// Flushes the buffers and, if severity is GTEST_FATAL, aborts the program.
+GTestLog::~GTestLog() {
+  GetStream() << ::std::endl;
+  if (severity_ == GTEST_FATAL) {
+    fflush(stderr);
+    posix::Abort();
+  }
+}
+// Disable Microsoft deprecation warnings for POSIX functions called from
+// this class (creat, dup, dup2, and close)
+GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996)
+
+#if GTEST_HAS_STREAM_REDIRECTION
+
+// Object that captures an output stream (stdout/stderr).
+class CapturedStream {
+ public:
+  // The ctor redirects the stream to a temporary file.
+  explicit CapturedStream(int fd) : fd_(fd), uncaptured_fd_(dup(fd)) {
+# if GTEST_OS_WINDOWS
+    char temp_dir_path[MAX_PATH + 1] = { '\0' };  // NOLINT
+    char temp_file_path[MAX_PATH + 1] = { '\0' };  // NOLINT
+
+    ::GetTempPathA(sizeof(temp_dir_path), temp_dir_path);
+    const UINT success = ::GetTempFileNameA(temp_dir_path,
+                                            "gtest_redir",
+                                            0,  // Generate unique file name.
+                                            temp_file_path);
+    GTEST_CHECK_(success != 0)
+        << "Unable to create a temporary file in " << temp_dir_path;
+    const int captured_fd = creat(temp_file_path, _S_IREAD | _S_IWRITE);
+    GTEST_CHECK_(captured_fd != -1) << "Unable to open temporary file "
+                                    << temp_file_path;
+    filename_ = temp_file_path;
+# else
+    // There's no guarantee that a test has write access to the current
+    // directory, so we create the temporary file in the /tmp directory
+    // instead. We use /tmp on most systems, and /sdcard on Android.
+    // That's because Android doesn't have /tmp.
+#  if GTEST_OS_LINUX_ANDROID
+    // Note: Android applications are expected to call the framework's
+    // Context.getExternalStorageDirectory() method through JNI to get
+    // the location of the world-writable SD Card directory. However,
+    // this requires a Context handle, which cannot be retrieved
+    // globally from native code. Doing so also precludes running the
+    // code as part of a regular standalone executable, which doesn't
+    // run in a Dalvik process (e.g. when running it through 'adb shell').
+    //
+    // The location /sdcard is directly accessible from native code
+    // and is the only location (unofficially) supported by the Android
+    // team. It's generally a symlink to the real SD Card mount point
+    // which can be /mnt/sdcard, /mnt/sdcard0, /system/media/sdcard, or
+    // other OEM-customized locations. Never rely on these, and always
+    // use /sdcard.
+    char name_template[] = "/sdcard/gtest_captured_stream.XXXXXX";
+#  else
+    char name_template[] = "/tmp/captured_stream.XXXXXX";
+#  endif  // GTEST_OS_LINUX_ANDROID
+    const int captured_fd = mkstemp(name_template);
+    filename_ = name_template;
+# endif  // GTEST_OS_WINDOWS
+    fflush(NULL);
+    dup2(captured_fd, fd_);
+    close(captured_fd);
+  }
+
+  ~CapturedStream() {
+    remove(filename_.c_str());
+  }
+
+  std::string GetCapturedString() {
+    if (uncaptured_fd_ != -1) {
+      // Restores the original stream.
+      fflush(NULL);
+      dup2(uncaptured_fd_, fd_);
+      close(uncaptured_fd_);
+      uncaptured_fd_ = -1;
+    }
+
+    FILE* const file = posix::FOpen(filename_.c_str(), "r");
+    const std::string content = ReadEntireFile(file);
+    posix::FClose(file);
+    return content;
+  }
+
+ private:
+  // Reads the entire content of a file as an std::string.
+  static std::string ReadEntireFile(FILE* file);
+
+  // Returns the size (in bytes) of a file.
+  static size_t GetFileSize(FILE* file);
+
+  const int fd_;  // A stream to capture.
+  int uncaptured_fd_;
+  // Name of the temporary file holding the stderr output.
+  ::std::string filename_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(CapturedStream);
+};
+
+// Returns the size (in bytes) of a file.
+size_t CapturedStream::GetFileSize(FILE* file) {
+  fseek(file, 0, SEEK_END);
+  return static_cast<size_t>(ftell(file));
+}
+
+// Reads the entire content of a file as a string.
+std::string CapturedStream::ReadEntireFile(FILE* file) {
+  const size_t file_size = GetFileSize(file);
+  char* const buffer = new char[file_size];
+
+  size_t bytes_last_read = 0;  // # of bytes read in the last fread()
+  size_t bytes_read = 0;       // # of bytes read so far
+
+  fseek(file, 0, SEEK_SET);
+
+  // Keeps reading the file until we cannot read further or the
+  // pre-determined file size is reached.
+  do {
+    bytes_last_read = fread(buffer+bytes_read, 1, file_size-bytes_read, file);
+    bytes_read += bytes_last_read;
+  } while (bytes_last_read > 0 && bytes_read < file_size);
+
+  const std::string content(buffer, bytes_read);
+  delete[] buffer;
+
+  return content;
+}
+
+GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+static CapturedStream* g_captured_stderr = NULL;
+static CapturedStream* g_captured_stdout = NULL;
+
+// Starts capturing an output stream (stdout/stderr).
+void CaptureStream(int fd, const char* stream_name, CapturedStream** stream) {
+  if (*stream != NULL) {
+    GTEST_LOG_(FATAL) << "Only one " << stream_name
+                      << " capturer can exist at a time.";
+  }
+  *stream = new CapturedStream(fd);
+}
+
+// Stops capturing the output stream and returns the captured string.
+std::string GetCapturedStream(CapturedStream** captured_stream) {
+  const std::string content = (*captured_stream)->GetCapturedString();
+
+  delete *captured_stream;
+  *captured_stream = NULL;
+
+  return content;
+}
+
+// Starts capturing stdout.
+void CaptureStdout() {
+  CaptureStream(kStdOutFileno, "stdout", &g_captured_stdout);
+}
+
+// Starts capturing stderr.
+void CaptureStderr() {
+  CaptureStream(kStdErrFileno, "stderr", &g_captured_stderr);
+}
+
+// Stops capturing stdout and returns the captured string.
+std::string GetCapturedStdout() {
+  return GetCapturedStream(&g_captured_stdout);
+}
+
+// Stops capturing stderr and returns the captured string.
+std::string GetCapturedStderr() {
+  return GetCapturedStream(&g_captured_stderr);
+}
+
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+#if GTEST_HAS_DEATH_TEST
+
+// A copy of all command line arguments.  Set by InitGoogleTest().
+::std::vector<testing::internal::string> g_argvs;
+
+static const ::std::vector<testing::internal::string>* g_injected_test_argvs =
+                                        NULL;  // Owned.
+
+void SetInjectableArgvs(const ::std::vector<testing::internal::string>* argvs) {
+  if (g_injected_test_argvs != argvs)
+    delete g_injected_test_argvs;
+  g_injected_test_argvs = argvs;
+}
+
+const ::std::vector<testing::internal::string>& GetInjectableArgvs() {
+  if (g_injected_test_argvs != NULL) {
+    return *g_injected_test_argvs;
+  }
+  return g_argvs;
+}
+#endif  // GTEST_HAS_DEATH_TEST
+
+#if GTEST_OS_WINDOWS_MOBILE
+namespace posix {
+void Abort() {
+  DebugBreak();
+  TerminateProcess(GetCurrentProcess(), 1);
+}
+}  // namespace posix
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+// Returns the name of the environment variable corresponding to the
+// given flag.  For example, FlagToEnvVar("foo") will return
+// "GTEST_FOO" in the open-source version.
+static std::string FlagToEnvVar(const char* flag) {
+  const std::string full_flag =
+      (Message() << GTEST_FLAG_PREFIX_ << flag).GetString();
+
+  Message env_var;
+  for (size_t i = 0; i != full_flag.length(); i++) {
+    env_var << ToUpper(full_flag.c_str()[i]);
+  }
+
+  return env_var.GetString();
+}
+
+// Parses 'str' for a 32-bit signed integer.  If successful, writes
+// the result to *value and returns true; otherwise leaves *value
+// unchanged and returns false.
+bool ParseInt32(const Message& src_text, const char* str, Int32* value) {
+  // Parses the environment variable as a decimal integer.
+  char* end = NULL;
+  const long long_value = strtol(str, &end, 10);  // NOLINT
+
+  // Has strtol() consumed all characters in the string?
+  if (*end != '\0') {
+    // No - an invalid character was encountered.
+    Message msg;
+    msg << "WARNING: " << src_text
+        << " is expected to be a 32-bit integer, but actually"
+        << " has value \"" << str << "\".\n";
+    printf("%s", msg.GetString().c_str());
+    fflush(stdout);
+    return false;
+  }
+
+  // Is the parsed value in the range of an Int32?
+  const Int32 result = static_cast<Int32>(long_value);
+  if (long_value == LONG_MAX || long_value == LONG_MIN ||
+      // The parsed value overflows as a long.  (strtol() returns
+      // LONG_MAX or LONG_MIN when the input overflows.)
+      result != long_value
+      // The parsed value overflows as an Int32.
+      ) {
+    Message msg;
+    msg << "WARNING: " << src_text
+        << " is expected to be a 32-bit integer, but actually"
+        << " has value " << str << ", which overflows.\n";
+    printf("%s", msg.GetString().c_str());
+    fflush(stdout);
+    return false;
+  }
+
+  *value = result;
+  return true;
+}
+
+// Reads and returns the Boolean environment variable corresponding to
+// the given flag; if it's not set, returns default_value.
+//
+// The value is considered true iff it's not "0".
+bool BoolFromGTestEnv(const char* flag, bool default_value) {
+  const std::string env_var = FlagToEnvVar(flag);
+  const char* const string_value = posix::GetEnv(env_var.c_str());
+  return string_value == NULL ?
+      default_value : strcmp(string_value, "0") != 0;
+}
+
+// Reads and returns a 32-bit integer stored in the environment
+// variable corresponding to the given flag; if it isn't set or
+// doesn't represent a valid 32-bit integer, returns default_value.
+Int32 Int32FromGTestEnv(const char* flag, Int32 default_value) {
+  const std::string env_var = FlagToEnvVar(flag);
+  const char* const string_value = posix::GetEnv(env_var.c_str());
+  if (string_value == NULL) {
+    // The environment variable is not set.
+    return default_value;
+  }
+
+  Int32 result = default_value;
+  if (!ParseInt32(Message() << "Environment variable " << env_var,
+                  string_value, &result)) {
+    printf("The default value %s is used.\n",
+           (Message() << default_value).GetString().c_str());
+    fflush(stdout);
+    return default_value;
+  }
+
+  return result;
+}
+
+// Reads and returns the string environment variable corresponding to
+// the given flag; if it's not set, returns default_value.
+const char* StringFromGTestEnv(const char* flag, const char* default_value) {
+  const std::string env_var = FlagToEnvVar(flag);
+  const char* const value = posix::GetEnv(env_var.c_str());
+  return value == NULL ? default_value : value;
+}
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/src/gtest-printers.cc b/nss/external_tests/google_test/gtest/src/gtest-printers.cc
new file mode 100644
index 0000000..a2df412
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-printers.cc
@@ -0,0 +1,373 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Google Test - The Google C++ Testing Framework
+//
+// This file implements a universal value printer that can print a
+// value of any type T:
+//
+//   void ::testing::internal::UniversalPrinter<T>::Print(value, ostream_ptr);
+//
+// It uses the << operator when possible, and prints the bytes in the
+// object otherwise.  A user can override its behavior for a class
+// type Foo by defining either operator<<(::std::ostream&, const Foo&)
+// or void PrintTo(const Foo&, ::std::ostream*) in the namespace that
+// defines Foo.
+
+#include "gtest/gtest-printers.h"
+#include <ctype.h>
+#include <stdio.h>
+#include <cwchar>
+#include <ostream>  // NOLINT
+#include <string>
+#include "gtest/internal/gtest-port.h"
+
+namespace testing {
+
+namespace {
+
+using ::std::ostream;
+
+// Prints a segment of bytes in the given object.
+GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+void PrintByteSegmentInObjectTo(const unsigned char* obj_bytes, size_t start,
+                                size_t count, ostream* os) {
+  char text[5] = "";
+  for (size_t i = 0; i != count; i++) {
+    const size_t j = start + i;
+    if (i != 0) {
+      // Organizes the bytes into groups of 2 for easy parsing by
+      // human.
+      if ((j % 2) == 0)
+        *os << ' ';
+      else
+        *os << '-';
+    }
+    GTEST_SNPRINTF_(text, sizeof(text), "%02X", obj_bytes[j]);
+    *os << text;
+  }
+}
+
+// Prints the bytes in the given value to the given ostream.
+void PrintBytesInObjectToImpl(const unsigned char* obj_bytes, size_t count,
+                              ostream* os) {
+  // Tells the user how big the object is.
+  *os << count << "-byte object <";
+
+  const size_t kThreshold = 132;
+  const size_t kChunkSize = 64;
+  // If the object size is bigger than kThreshold, we'll have to omit
+  // some details by printing only the first and the last kChunkSize
+  // bytes.
+  // TODO(wan): let the user control the threshold using a flag.
+  if (count < kThreshold) {
+    PrintByteSegmentInObjectTo(obj_bytes, 0, count, os);
+  } else {
+    PrintByteSegmentInObjectTo(obj_bytes, 0, kChunkSize, os);
+    *os << " ... ";
+    // Rounds up to 2-byte boundary.
+    const size_t resume_pos = (count - kChunkSize + 1)/2*2;
+    PrintByteSegmentInObjectTo(obj_bytes, resume_pos, count - resume_pos, os);
+  }
+  *os << ">";
+}
+
+}  // namespace
+
+namespace internal2 {
+
+// Delegates to PrintBytesInObjectToImpl() to print the bytes in the
+// given object.  The delegation simplifies the implementation, which
+// uses the << operator and thus is easier done outside of the
+// ::testing::internal namespace, which contains a << operator that
+// sometimes conflicts with the one in STL.
+void PrintBytesInObjectTo(const unsigned char* obj_bytes, size_t count,
+                          ostream* os) {
+  PrintBytesInObjectToImpl(obj_bytes, count, os);
+}
+
+}  // namespace internal2
+
+namespace internal {
+
+// Depending on the value of a char (or wchar_t), we print it in one
+// of three formats:
+//   - as is if it's a printable ASCII (e.g. 'a', '2', ' '),
+//   - as a hexidecimal escape sequence (e.g. '\x7F'), or
+//   - as a special escape sequence (e.g. '\r', '\n').
+enum CharFormat {
+  kAsIs,
+  kHexEscape,
+  kSpecialEscape
+};
+
+// Returns true if c is a printable ASCII character.  We test the
+// value of c directly instead of calling isprint(), which is buggy on
+// Windows Mobile.
+inline bool IsPrintableAscii(wchar_t c) {
+  return 0x20 <= c && c <= 0x7E;
+}
+
+// Prints a wide or narrow char c as a character literal without the
+// quotes, escaping it when necessary; returns how c was formatted.
+// The template argument UnsignedChar is the unsigned version of Char,
+// which is the type of c.
+template <typename UnsignedChar, typename Char>
+static CharFormat PrintAsCharLiteralTo(Char c, ostream* os) {
+  switch (static_cast<wchar_t>(c)) {
+    case L'\0':
+      *os << "\\0";
+      break;
+    case L'\'':
+      *os << "\\'";
+      break;
+    case L'\\':
+      *os << "\\\\";
+      break;
+    case L'\a':
+      *os << "\\a";
+      break;
+    case L'\b':
+      *os << "\\b";
+      break;
+    case L'\f':
+      *os << "\\f";
+      break;
+    case L'\n':
+      *os << "\\n";
+      break;
+    case L'\r':
+      *os << "\\r";
+      break;
+    case L'\t':
+      *os << "\\t";
+      break;
+    case L'\v':
+      *os << "\\v";
+      break;
+    default:
+      if (IsPrintableAscii(c)) {
+        *os << static_cast<char>(c);
+        return kAsIs;
+      } else {
+        *os << "\\x" + String::FormatHexInt(static_cast<UnsignedChar>(c));
+        return kHexEscape;
+      }
+  }
+  return kSpecialEscape;
+}
+
+// Prints a wchar_t c as if it's part of a string literal, escaping it when
+// necessary; returns how c was formatted.
+static CharFormat PrintAsStringLiteralTo(wchar_t c, ostream* os) {
+  switch (c) {
+    case L'\'':
+      *os << "'";
+      return kAsIs;
+    case L'"':
+      *os << "\\\"";
+      return kSpecialEscape;
+    default:
+      return PrintAsCharLiteralTo<wchar_t>(c, os);
+  }
+}
+
+// Prints a char c as if it's part of a string literal, escaping it when
+// necessary; returns how c was formatted.
+static CharFormat PrintAsStringLiteralTo(char c, ostream* os) {
+  return PrintAsStringLiteralTo(
+      static_cast<wchar_t>(static_cast<unsigned char>(c)), os);
+}
+
+// Prints a wide or narrow character c and its code.  '\0' is printed
+// as "'\\0'", other unprintable characters are also properly escaped
+// using the standard C++ escape sequence.  The template argument
+// UnsignedChar is the unsigned version of Char, which is the type of c.
+template <typename UnsignedChar, typename Char>
+void PrintCharAndCodeTo(Char c, ostream* os) {
+  // First, print c as a literal in the most readable form we can find.
+  *os << ((sizeof(c) > 1) ? "L'" : "'");
+  const CharFormat format = PrintAsCharLiteralTo<UnsignedChar>(c, os);
+  *os << "'";
+
+  // To aid user debugging, we also print c's code in decimal, unless
+  // it's 0 (in which case c was printed as '\\0', making the code
+  // obvious).
+  if (c == 0)
+    return;
+  *os << " (" << static_cast<int>(c);
+
+  // For more convenience, we print c's code again in hexidecimal,
+  // unless c was already printed in the form '\x##' or the code is in
+  // [1, 9].
+  if (format == kHexEscape || (1 <= c && c <= 9)) {
+    // Do nothing.
+  } else {
+    *os << ", 0x" << String::FormatHexInt(static_cast<UnsignedChar>(c));
+  }
+  *os << ")";
+}
+
+void PrintTo(unsigned char c, ::std::ostream* os) {
+  PrintCharAndCodeTo<unsigned char>(c, os);
+}
+void PrintTo(signed char c, ::std::ostream* os) {
+  PrintCharAndCodeTo<unsigned char>(c, os);
+}
+
+// Prints a wchar_t as a symbol if it is printable or as its internal
+// code otherwise and also as its code.  L'\0' is printed as "L'\\0'".
+void PrintTo(wchar_t wc, ostream* os) {
+  PrintCharAndCodeTo<wchar_t>(wc, os);
+}
+
+// Prints the given array of characters to the ostream.  CharType must be either
+// char or wchar_t.
+// The array starts at begin, the length is len, it may include '\0' characters
+// and may not be NUL-terminated.
+template <typename CharType>
+GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+static void PrintCharsAsStringTo(
+    const CharType* begin, size_t len, ostream* os) {
+  const char* const kQuoteBegin = sizeof(CharType) == 1 ? "\"" : "L\"";
+  *os << kQuoteBegin;
+  bool is_previous_hex = false;
+  for (size_t index = 0; index < len; ++index) {
+    const CharType cur = begin[index];
+    if (is_previous_hex && IsXDigit(cur)) {
+      // Previous character is of '\x..' form and this character can be
+      // interpreted as another hexadecimal digit in its number. Break string to
+      // disambiguate.
+      *os << "\" " << kQuoteBegin;
+    }
+    is_previous_hex = PrintAsStringLiteralTo(cur, os) == kHexEscape;
+  }
+  *os << "\"";
+}
+
+// Prints a (const) char/wchar_t array of 'len' elements, starting at address
+// 'begin'.  CharType must be either char or wchar_t.
+template <typename CharType>
+GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+static void UniversalPrintCharArray(
+    const CharType* begin, size_t len, ostream* os) {
+  // The code
+  //   const char kFoo[] = "foo";
+  // generates an array of 4, not 3, elements, with the last one being '\0'.
+  //
+  // Therefore when printing a char array, we don't print the last element if
+  // it's '\0', such that the output matches the string literal as it's
+  // written in the source code.
+  if (len > 0 && begin[len - 1] == '\0') {
+    PrintCharsAsStringTo(begin, len - 1, os);
+    return;
+  }
+
+  // If, however, the last element in the array is not '\0', e.g.
+  //    const char kFoo[] = { 'f', 'o', 'o' };
+  // we must print the entire array.  We also print a message to indicate
+  // that the array is not NUL-terminated.
+  PrintCharsAsStringTo(begin, len, os);
+  *os << " (no terminating NUL)";
+}
+
+// Prints a (const) char array of 'len' elements, starting at address 'begin'.
+void UniversalPrintArray(const char* begin, size_t len, ostream* os) {
+  UniversalPrintCharArray(begin, len, os);
+}
+
+// Prints a (const) wchar_t array of 'len' elements, starting at address
+// 'begin'.
+void UniversalPrintArray(const wchar_t* begin, size_t len, ostream* os) {
+  UniversalPrintCharArray(begin, len, os);
+}
+
+// Prints the given C string to the ostream.
+void PrintTo(const char* s, ostream* os) {
+  if (s == NULL) {
+    *os << "NULL";
+  } else {
+    *os << ImplicitCast_<const void*>(s) << " pointing to ";
+    PrintCharsAsStringTo(s, strlen(s), os);
+  }
+}
+
+// MSVC compiler can be configured to define whar_t as a typedef
+// of unsigned short. Defining an overload for const wchar_t* in that case
+// would cause pointers to unsigned shorts be printed as wide strings,
+// possibly accessing more memory than intended and causing invalid
+// memory accesses. MSVC defines _NATIVE_WCHAR_T_DEFINED symbol when
+// wchar_t is implemented as a native type.
+#if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+// Prints the given wide C string to the ostream.
+void PrintTo(const wchar_t* s, ostream* os) {
+  if (s == NULL) {
+    *os << "NULL";
+  } else {
+    *os << ImplicitCast_<const void*>(s) << " pointing to ";
+    PrintCharsAsStringTo(s, std::wcslen(s), os);
+  }
+}
+#endif  // wchar_t is native
+
+// Prints a ::string object.
+#if GTEST_HAS_GLOBAL_STRING
+void PrintStringTo(const ::string& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+void PrintStringTo(const ::std::string& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+
+// Prints a ::wstring object.
+#if GTEST_HAS_GLOBAL_WSTRING
+void PrintWideStringTo(const ::wstring& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+#if GTEST_HAS_STD_WSTRING
+void PrintWideStringTo(const ::std::wstring& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+}  // namespace internal
+
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/src/gtest-test-part.cc b/nss/external_tests/google_test/gtest/src/gtest-test-part.cc
new file mode 100644
index 0000000..fb0e354
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-test-part.cc
@@ -0,0 +1,110 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+// The Google C++ Testing Framework (Google Test)
+
+#include "gtest/gtest-test-part.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick exists to
+// prevent the accidental inclusion of gtest-internal-inl.h in the
+// user's code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+
+using internal::GetUnitTestImpl;
+
+// Gets the summary of the failure message by omitting the stack trace
+// in it.
+std::string TestPartResult::ExtractSummary(const char* message) {
+  const char* const stack_trace = strstr(message, internal::kStackTraceMarker);
+  return stack_trace == NULL ? message :
+      std::string(message, stack_trace);
+}
+
+// Prints a TestPartResult object.
+std::ostream& operator<<(std::ostream& os, const TestPartResult& result) {
+  return os
+      << result.file_name() << ":" << result.line_number() << ": "
+      << (result.type() == TestPartResult::kSuccess ? "Success" :
+          result.type() == TestPartResult::kFatalFailure ? "Fatal failure" :
+          "Non-fatal failure") << ":\n"
+      << result.message() << std::endl;
+}
+
+// Appends a TestPartResult to the array.
+void TestPartResultArray::Append(const TestPartResult& result) {
+  array_.push_back(result);
+}
+
+// Returns the TestPartResult at the given index (0-based).
+const TestPartResult& TestPartResultArray::GetTestPartResult(int index) const {
+  if (index < 0 || index >= size()) {
+    printf("\nInvalid index (%d) into TestPartResultArray.\n", index);
+    internal::posix::Abort();
+  }
+
+  return array_[index];
+}
+
+// Returns the number of TestPartResult objects in the array.
+int TestPartResultArray::size() const {
+  return static_cast<int>(array_.size());
+}
+
+namespace internal {
+
+HasNewFatalFailureHelper::HasNewFatalFailureHelper()
+    : has_new_fatal_failure_(false),
+      original_reporter_(GetUnitTestImpl()->
+                         GetTestPartResultReporterForCurrentThread()) {
+  GetUnitTestImpl()->SetTestPartResultReporterForCurrentThread(this);
+}
+
+HasNewFatalFailureHelper::~HasNewFatalFailureHelper() {
+  GetUnitTestImpl()->SetTestPartResultReporterForCurrentThread(
+      original_reporter_);
+}
+
+void HasNewFatalFailureHelper::ReportTestPartResult(
+    const TestPartResult& result) {
+  if (result.fatally_failed())
+    has_new_fatal_failure_ = true;
+  original_reporter_->ReportTestPartResult(result);
+}
+
+}  // namespace internal
+
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/src/gtest-typed-test.cc b/nss/external_tests/google_test/gtest/src/gtest-typed-test.cc
new file mode 100644
index 0000000..f0079f4
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest-typed-test.cc
@@ -0,0 +1,110 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest-typed-test.h"
+#include "gtest/gtest.h"
+
+namespace testing {
+namespace internal {
+
+#if GTEST_HAS_TYPED_TEST_P
+
+// Skips to the first non-space char in str. Returns an empty string if str
+// contains only whitespace characters.
+static const char* SkipSpaces(const char* str) {
+  while (IsSpace(*str))
+    str++;
+  return str;
+}
+
+// Verifies that registered_tests match the test names in
+// defined_test_names_; returns registered_tests if successful, or
+// aborts the program otherwise.
+const char* TypedTestCasePState::VerifyRegisteredTestNames(
+    const char* file, int line, const char* registered_tests) {
+  typedef ::std::set<const char*>::const_iterator DefinedTestIter;
+  registered_ = true;
+
+  // Skip initial whitespace in registered_tests since some
+  // preprocessors prefix stringizied literals with whitespace.
+  registered_tests = SkipSpaces(registered_tests);
+
+  Message errors;
+  ::std::set<std::string> tests;
+  for (const char* names = registered_tests; names != NULL;
+       names = SkipComma(names)) {
+    const std::string name = GetPrefixUntilComma(names);
+    if (tests.count(name) != 0) {
+      errors << "Test " << name << " is listed more than once.\n";
+      continue;
+    }
+
+    bool found = false;
+    for (DefinedTestIter it = defined_test_names_.begin();
+         it != defined_test_names_.end();
+         ++it) {
+      if (name == *it) {
+        found = true;
+        break;
+      }
+    }
+
+    if (found) {
+      tests.insert(name);
+    } else {
+      errors << "No test named " << name
+             << " can be found in this test case.\n";
+    }
+  }
+
+  for (DefinedTestIter it = defined_test_names_.begin();
+       it != defined_test_names_.end();
+       ++it) {
+    if (tests.count(*it) == 0) {
+      errors << "You forgot to list test " << *it << ".\n";
+    }
+  }
+
+  const std::string& errors_str = errors.GetString();
+  if (errors_str != "") {
+    fprintf(stderr, "%s %s", FormatFileLocation(file, line).c_str(),
+            errors_str.c_str());
+    fflush(stderr);
+    posix::Abort();
+  }
+
+  return registered_tests;
+}
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/src/gtest.cc b/nss/external_tests/google_test/gtest/src/gtest.cc
new file mode 100644
index 0000000..e4f3df3
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest.cc
@@ -0,0 +1,5291 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+#include <ctype.h>
+#include <math.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <wchar.h>
+#include <wctype.h>
+
+#include <algorithm>
+#include <iomanip>
+#include <limits>
+#include <list>
+#include <map>
+#include <ostream>  // NOLINT
+#include <sstream>
+#include <vector>
+
+#if GTEST_OS_LINUX
+
+// TODO(kenton@google.com): Use autoconf to detect availability of
+// gettimeofday().
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+
+# include <fcntl.h>  // NOLINT
+# include <limits.h>  // NOLINT
+# include <sched.h>  // NOLINT
+// Declares vsnprintf().  This header is not available on Windows.
+# include <strings.h>  // NOLINT
+# include <sys/mman.h>  // NOLINT
+# include <sys/time.h>  // NOLINT
+# include <unistd.h>  // NOLINT
+# include <string>
+
+#elif GTEST_OS_SYMBIAN
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+# include <sys/time.h>  // NOLINT
+
+#elif GTEST_OS_ZOS
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+# include <sys/time.h>  // NOLINT
+
+// On z/OS we additionally need strings.h for strcasecmp.
+# include <strings.h>  // NOLINT
+
+#elif GTEST_OS_WINDOWS_MOBILE  // We are on Windows CE.
+
+# include <windows.h>  // NOLINT
+# undef min
+
+#elif GTEST_OS_WINDOWS  // We are on Windows proper.
+
+# include <io.h>  // NOLINT
+# include <sys/timeb.h>  // NOLINT
+# include <sys/types.h>  // NOLINT
+# include <sys/stat.h>  // NOLINT
+
+# if GTEST_OS_WINDOWS_MINGW
+// MinGW has gettimeofday() but not _ftime64().
+// TODO(kenton@google.com): Use autoconf to detect availability of
+//   gettimeofday().
+// TODO(kenton@google.com): There are other ways to get the time on
+//   Windows, like GetTickCount() or GetSystemTimeAsFileTime().  MinGW
+//   supports these.  consider using them instead.
+#  define GTEST_HAS_GETTIMEOFDAY_ 1
+#  include <sys/time.h>  // NOLINT
+# endif  // GTEST_OS_WINDOWS_MINGW
+
+// cpplint thinks that the header is already included, so we want to
+// silence it.
+# include <windows.h>  // NOLINT
+# undef min
+
+#else
+
+// Assume other platforms have gettimeofday().
+// TODO(kenton@google.com): Use autoconf to detect availability of
+//   gettimeofday().
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+
+// cpplint thinks that the header is already included, so we want to
+// silence it.
+# include <sys/time.h>  // NOLINT
+# include <unistd.h>  // NOLINT
+
+#endif  // GTEST_OS_LINUX
+
+#if GTEST_HAS_EXCEPTIONS
+# include <stdexcept>
+#endif
+
+#if GTEST_CAN_STREAM_RESULTS_
+# include <arpa/inet.h>  // NOLINT
+# include <netdb.h>  // NOLINT
+#endif
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#if GTEST_OS_WINDOWS
+# define vsnprintf _vsnprintf
+#endif  // GTEST_OS_WINDOWS
+
+namespace testing {
+
+using internal::CountIf;
+using internal::ForEach;
+using internal::GetElementOr;
+using internal::Shuffle;
+
+// Constants.
+
+// A test whose test case name or test name matches this filter is
+// disabled and not run.
+static const char kDisableTestFilter[] = "DISABLED_*:*/DISABLED_*";
+
+// A test case whose name matches this filter is considered a death
+// test case and will be run before test cases whose name doesn't
+// match this filter.
+static const char kDeathTestCaseFilter[] = "*DeathTest:*DeathTest/*";
+
+// A test filter that matches everything.
+static const char kUniversalFilter[] = "*";
+
+// The default output file for XML output.
+static const char kDefaultOutputFile[] = "test_detail.xml";
+
+// The environment variable name for the test shard index.
+static const char kTestShardIndex[] = "GTEST_SHARD_INDEX";
+// The environment variable name for the total number of test shards.
+static const char kTestTotalShards[] = "GTEST_TOTAL_SHARDS";
+// The environment variable name for the test shard status file.
+static const char kTestShardStatusFile[] = "GTEST_SHARD_STATUS_FILE";
+
+namespace internal {
+
+// The text used in failure messages to indicate the start of the
+// stack trace.
+const char kStackTraceMarker[] = "\nStack trace:\n";
+
+// g_help_flag is true iff the --help flag or an equivalent form is
+// specified on the command line.
+bool g_help_flag = false;
+
+}  // namespace internal
+
+static const char* GetDefaultFilter() {
+  return kUniversalFilter;
+}
+
+GTEST_DEFINE_bool_(
+    also_run_disabled_tests,
+    internal::BoolFromGTestEnv("also_run_disabled_tests", false),
+    "Run disabled tests too, in addition to the tests normally being run.");
+
+GTEST_DEFINE_bool_(
+    break_on_failure,
+    internal::BoolFromGTestEnv("break_on_failure", false),
+    "True iff a failed assertion should be a debugger break-point.");
+
+GTEST_DEFINE_bool_(
+    catch_exceptions,
+    internal::BoolFromGTestEnv("catch_exceptions", true),
+    "True iff " GTEST_NAME_
+    " should catch exceptions and treat them as test failures.");
+
+GTEST_DEFINE_string_(
+    color,
+    internal::StringFromGTestEnv("color", "auto"),
+    "Whether to use colors in the output.  Valid values: yes, no, "
+    "and auto.  'auto' means to use colors if the output is "
+    "being sent to a terminal and the TERM environment variable "
+    "is set to a terminal type that supports colors.");
+
+GTEST_DEFINE_string_(
+    filter,
+    internal::StringFromGTestEnv("filter", GetDefaultFilter()),
+    "A colon-separated list of glob (not regex) patterns "
+    "for filtering the tests to run, optionally followed by a "
+    "'-' and a : separated list of negative patterns (tests to "
+    "exclude).  A test is run if it matches one of the positive "
+    "patterns and does not match any of the negative patterns.");
+
+GTEST_DEFINE_bool_(list_tests, false,
+                   "List all tests without running them.");
+
+GTEST_DEFINE_string_(
+    output,
+    internal::StringFromGTestEnv("output", ""),
+    "A format (currently must be \"xml\"), optionally followed "
+    "by a colon and an output file name or directory. A directory "
+    "is indicated by a trailing pathname separator. "
+    "Examples: \"xml:filename.xml\", \"xml::directoryname/\". "
+    "If a directory is specified, output files will be created "
+    "within that directory, with file-names based on the test "
+    "executable's name and, if necessary, made unique by adding "
+    "digits.");
+
+GTEST_DEFINE_bool_(
+    print_time,
+    internal::BoolFromGTestEnv("print_time", true),
+    "True iff " GTEST_NAME_
+    " should display elapsed time in text output.");
+
+GTEST_DEFINE_int32_(
+    random_seed,
+    internal::Int32FromGTestEnv("random_seed", 0),
+    "Random number seed to use when shuffling test orders.  Must be in range "
+    "[1, 99999], or 0 to use a seed based on the current time.");
+
+GTEST_DEFINE_int32_(
+    repeat,
+    internal::Int32FromGTestEnv("repeat", 1),
+    "How many times to repeat each test.  Specify a negative number "
+    "for repeating forever.  Useful for shaking out flaky tests.");
+
+GTEST_DEFINE_bool_(
+    show_internal_stack_frames, false,
+    "True iff " GTEST_NAME_ " should include internal stack frames when "
+    "printing test failure stack traces.");
+
+GTEST_DEFINE_bool_(
+    shuffle,
+    internal::BoolFromGTestEnv("shuffle", false),
+    "True iff " GTEST_NAME_
+    " should randomize tests' order on every run.");
+
+GTEST_DEFINE_int32_(
+    stack_trace_depth,
+    internal::Int32FromGTestEnv("stack_trace_depth", kMaxStackTraceDepth),
+    "The maximum number of stack frames to print when an "
+    "assertion fails.  The valid range is 0 through 100, inclusive.");
+
+GTEST_DEFINE_string_(
+    stream_result_to,
+    internal::StringFromGTestEnv("stream_result_to", ""),
+    "This flag specifies the host name and the port number on which to stream "
+    "test results. Example: \"localhost:555\". The flag is effective only on "
+    "Linux.");
+
+GTEST_DEFINE_bool_(
+    throw_on_failure,
+    internal::BoolFromGTestEnv("throw_on_failure", false),
+    "When this flag is specified, a failed assertion will throw an exception "
+    "if exceptions are enabled or exit the program with a non-zero code "
+    "otherwise.");
+
+namespace internal {
+
+// Generates a random number from [0, range), using a Linear
+// Congruential Generator (LCG).  Crashes if 'range' is 0 or greater
+// than kMaxRange.
+UInt32 Random::Generate(UInt32 range) {
+  // These constants are the same as are used in glibc's rand(3).
+  state_ = (1103515245U*state_ + 12345U) % kMaxRange;
+
+  GTEST_CHECK_(range > 0)
+      << "Cannot generate a number in the range [0, 0).";
+  GTEST_CHECK_(range <= kMaxRange)
+      << "Generation of a number in [0, " << range << ") was requested, "
+      << "but this can only generate numbers in [0, " << kMaxRange << ").";
+
+  // Converting via modulus introduces a bit of downward bias, but
+  // it's simple, and a linear congruential generator isn't too good
+  // to begin with.
+  return state_ % range;
+}
+
+// GTestIsInitialized() returns true iff the user has initialized
+// Google Test.  Useful for catching the user mistake of not initializing
+// Google Test before calling RUN_ALL_TESTS().
+//
+// A user must call testing::InitGoogleTest() to initialize Google
+// Test.  g_init_gtest_count is set to the number of times
+// InitGoogleTest() has been called.  We don't protect this variable
+// under a mutex as it is only accessed in the main thread.
+GTEST_API_ int g_init_gtest_count = 0;
+static bool GTestIsInitialized() { return g_init_gtest_count != 0; }
+
+// Iterates over a vector of TestCases, keeping a running sum of the
+// results of calling a given int-returning method on each.
+// Returns the sum.
+static int SumOverTestCaseList(const std::vector<TestCase*>& case_list,
+                               int (TestCase::*method)() const) {
+  int sum = 0;
+  for (size_t i = 0; i < case_list.size(); i++) {
+    sum += (case_list[i]->*method)();
+  }
+  return sum;
+}
+
+// Returns true iff the test case passed.
+static bool TestCasePassed(const TestCase* test_case) {
+  return test_case->should_run() && test_case->Passed();
+}
+
+// Returns true iff the test case failed.
+static bool TestCaseFailed(const TestCase* test_case) {
+  return test_case->should_run() && test_case->Failed();
+}
+
+// Returns true iff test_case contains at least one test that should
+// run.
+static bool ShouldRunTestCase(const TestCase* test_case) {
+  return test_case->should_run();
+}
+
+// AssertHelper constructor.
+AssertHelper::AssertHelper(TestPartResult::Type type,
+                           const char* file,
+                           int line,
+                           const char* message)
+    : data_(new AssertHelperData(type, file, line, message)) {
+}
+
+AssertHelper::~AssertHelper() {
+  delete data_;
+}
+
+// Message assignment, for assertion streaming support.
+void AssertHelper::operator=(const Message& message) const {
+  UnitTest::GetInstance()->
+    AddTestPartResult(data_->type, data_->file, data_->line,
+                      AppendUserMessage(data_->message, message),
+                      UnitTest::GetInstance()->impl()
+                      ->CurrentOsStackTraceExceptTop(1)
+                      // Skips the stack frame for this function itself.
+                      );  // NOLINT
+}
+
+// Mutex for linked pointers.
+GTEST_API_ GTEST_DEFINE_STATIC_MUTEX_(g_linked_ptr_mutex);
+
+// Application pathname gotten in InitGoogleTest.
+std::string g_executable_path;
+
+// Returns the current application's name, removing directory path if that
+// is present.
+FilePath GetCurrentExecutableName() {
+  FilePath result;
+
+#if GTEST_OS_WINDOWS
+  result.Set(FilePath(g_executable_path).RemoveExtension("exe"));
+#else
+  result.Set(FilePath(g_executable_path));
+#endif  // GTEST_OS_WINDOWS
+
+  return result.RemoveDirectoryName();
+}
+
+// Functions for processing the gtest_output flag.
+
+// Returns the output format, or "" for normal printed output.
+std::string UnitTestOptions::GetOutputFormat() {
+  const char* const gtest_output_flag = GTEST_FLAG(output).c_str();
+  if (gtest_output_flag == NULL) return std::string("");
+
+  const char* const colon = strchr(gtest_output_flag, ':');
+  return (colon == NULL) ?
+      std::string(gtest_output_flag) :
+      std::string(gtest_output_flag, colon - gtest_output_flag);
+}
+
+// Returns the name of the requested output file, or the default if none
+// was explicitly specified.
+std::string UnitTestOptions::GetAbsolutePathToOutputFile() {
+  const char* const gtest_output_flag = GTEST_FLAG(output).c_str();
+  if (gtest_output_flag == NULL)
+    return "";
+
+  const char* const colon = strchr(gtest_output_flag, ':');
+  if (colon == NULL)
+    return internal::FilePath::ConcatPaths(
+        internal::FilePath(
+            UnitTest::GetInstance()->original_working_dir()),
+        internal::FilePath(kDefaultOutputFile)).string();
+
+  internal::FilePath output_name(colon + 1);
+  if (!output_name.IsAbsolutePath())
+    // TODO(wan@google.com): on Windows \some\path is not an absolute
+    // path (as its meaning depends on the current drive), yet the
+    // following logic for turning it into an absolute path is wrong.
+    // Fix it.
+    output_name = internal::FilePath::ConcatPaths(
+        internal::FilePath(UnitTest::GetInstance()->original_working_dir()),
+        internal::FilePath(colon + 1));
+
+  if (!output_name.IsDirectory())
+    return output_name.string();
+
+  internal::FilePath result(internal::FilePath::GenerateUniqueFileName(
+      output_name, internal::GetCurrentExecutableName(),
+      GetOutputFormat().c_str()));
+  return result.string();
+}
+
+// Returns true iff the wildcard pattern matches the string.  The
+// first ':' or '\0' character in pattern marks the end of it.
+//
+// This recursive algorithm isn't very efficient, but is clear and
+// works well enough for matching test names, which are short.
+bool UnitTestOptions::PatternMatchesString(const char *pattern,
+                                           const char *str) {
+  switch (*pattern) {
+    case '\0':
+    case ':':  // Either ':' or '\0' marks the end of the pattern.
+      return *str == '\0';
+    case '?':  // Matches any single character.
+      return *str != '\0' && PatternMatchesString(pattern + 1, str + 1);
+    case '*':  // Matches any string (possibly empty) of characters.
+      return (*str != '\0' && PatternMatchesString(pattern, str + 1)) ||
+          PatternMatchesString(pattern + 1, str);
+    default:  // Non-special character.  Matches itself.
+      return *pattern == *str &&
+          PatternMatchesString(pattern + 1, str + 1);
+  }
+}
+
+bool UnitTestOptions::MatchesFilter(
+    const std::string& name, const char* filter) {
+  const char *cur_pattern = filter;
+  for (;;) {
+    if (PatternMatchesString(cur_pattern, name.c_str())) {
+      return true;
+    }
+
+    // Finds the next pattern in the filter.
+    cur_pattern = strchr(cur_pattern, ':');
+
+    // Returns if no more pattern can be found.
+    if (cur_pattern == NULL) {
+      return false;
+    }
+
+    // Skips the pattern separater (the ':' character).
+    cur_pattern++;
+  }
+}
+
+// Returns true iff the user-specified filter matches the test case
+// name and the test name.
+bool UnitTestOptions::FilterMatchesTest(const std::string &test_case_name,
+                                        const std::string &test_name) {
+  const std::string& full_name = test_case_name + "." + test_name.c_str();
+
+  // Split --gtest_filter at '-', if there is one, to separate into
+  // positive filter and negative filter portions
+  const char* const p = GTEST_FLAG(filter).c_str();
+  const char* const dash = strchr(p, '-');
+  std::string positive;
+  std::string negative;
+  if (dash == NULL) {
+    positive = GTEST_FLAG(filter).c_str();  // Whole string is a positive filter
+    negative = "";
+  } else {
+    positive = std::string(p, dash);   // Everything up to the dash
+    negative = std::string(dash + 1);  // Everything after the dash
+    if (positive.empty()) {
+      // Treat '-test1' as the same as '*-test1'
+      positive = kUniversalFilter;
+    }
+  }
+
+  // A filter is a colon-separated list of patterns.  It matches a
+  // test if any pattern in it matches the test.
+  return (MatchesFilter(full_name, positive.c_str()) &&
+          !MatchesFilter(full_name, negative.c_str()));
+}
+
+#if GTEST_HAS_SEH
+// Returns EXCEPTION_EXECUTE_HANDLER if Google Test should handle the
+// given SEH exception, or EXCEPTION_CONTINUE_SEARCH otherwise.
+// This function is useful as an __except condition.
+int UnitTestOptions::GTestShouldProcessSEH(DWORD exception_code) {
+  // Google Test should handle a SEH exception if:
+  //   1. the user wants it to, AND
+  //   2. this is not a breakpoint exception, AND
+  //   3. this is not a C++ exception (VC++ implements them via SEH,
+  //      apparently).
+  //
+  // SEH exception code for C++ exceptions.
+  // (see http://support.microsoft.com/kb/185294 for more information).
+  const DWORD kCxxExceptionCode = 0xe06d7363;
+
+  bool should_handle = true;
+
+  if (!GTEST_FLAG(catch_exceptions))
+    should_handle = false;
+  else if (exception_code == EXCEPTION_BREAKPOINT)
+    should_handle = false;
+  else if (exception_code == kCxxExceptionCode)
+    should_handle = false;
+
+  return should_handle ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH;
+}
+#endif  // GTEST_HAS_SEH
+
+}  // namespace internal
+
+// The c'tor sets this object as the test part result reporter used by
+// Google Test.  The 'result' parameter specifies where to report the
+// results. Intercepts only failures from the current thread.
+ScopedFakeTestPartResultReporter::ScopedFakeTestPartResultReporter(
+    TestPartResultArray* result)
+    : intercept_mode_(INTERCEPT_ONLY_CURRENT_THREAD),
+      result_(result) {
+  Init();
+}
+
+// The c'tor sets this object as the test part result reporter used by
+// Google Test.  The 'result' parameter specifies where to report the
+// results.
+ScopedFakeTestPartResultReporter::ScopedFakeTestPartResultReporter(
+    InterceptMode intercept_mode, TestPartResultArray* result)
+    : intercept_mode_(intercept_mode),
+      result_(result) {
+  Init();
+}
+
+void ScopedFakeTestPartResultReporter::Init() {
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  if (intercept_mode_ == INTERCEPT_ALL_THREADS) {
+    old_reporter_ = impl->GetGlobalTestPartResultReporter();
+    impl->SetGlobalTestPartResultReporter(this);
+  } else {
+    old_reporter_ = impl->GetTestPartResultReporterForCurrentThread();
+    impl->SetTestPartResultReporterForCurrentThread(this);
+  }
+}
+
+// The d'tor restores the test part result reporter used by Google Test
+// before.
+ScopedFakeTestPartResultReporter::~ScopedFakeTestPartResultReporter() {
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  if (intercept_mode_ == INTERCEPT_ALL_THREADS) {
+    impl->SetGlobalTestPartResultReporter(old_reporter_);
+  } else {
+    impl->SetTestPartResultReporterForCurrentThread(old_reporter_);
+  }
+}
+
+// Increments the test part result count and remembers the result.
+// This method is from the TestPartResultReporterInterface interface.
+void ScopedFakeTestPartResultReporter::ReportTestPartResult(
+    const TestPartResult& result) {
+  result_->Append(result);
+}
+
+namespace internal {
+
+// Returns the type ID of ::testing::Test.  We should always call this
+// instead of GetTypeId< ::testing::Test>() to get the type ID of
+// testing::Test.  This is to work around a suspected linker bug when
+// using Google Test as a framework on Mac OS X.  The bug causes
+// GetTypeId< ::testing::Test>() to return different values depending
+// on whether the call is from the Google Test framework itself or
+// from user test code.  GetTestTypeId() is guaranteed to always
+// return the same value, as it always calls GetTypeId<>() from the
+// gtest.cc, which is within the Google Test framework.
+TypeId GetTestTypeId() {
+  return GetTypeId<Test>();
+}
+
+// The value of GetTestTypeId() as seen from within the Google Test
+// library.  This is solely for testing GetTestTypeId().
+extern const TypeId kTestTypeIdInGoogleTest = GetTestTypeId();
+
+// This predicate-formatter checks that 'results' contains a test part
+// failure of the given type and that the failure message contains the
+// given substring.
+AssertionResult HasOneFailure(const char* /* results_expr */,
+                              const char* /* type_expr */,
+                              const char* /* substr_expr */,
+                              const TestPartResultArray& results,
+                              TestPartResult::Type type,
+                              const string& substr) {
+  const std::string expected(type == TestPartResult::kFatalFailure ?
+                        "1 fatal failure" :
+                        "1 non-fatal failure");
+  Message msg;
+  if (results.size() != 1) {
+    msg << "Expected: " << expected << "\n"
+        << "  Actual: " << results.size() << " failures";
+    for (int i = 0; i < results.size(); i++) {
+      msg << "\n" << results.GetTestPartResult(i);
+    }
+    return AssertionFailure() << msg;
+  }
+
+  const TestPartResult& r = results.GetTestPartResult(0);
+  if (r.type() != type) {
+    return AssertionFailure() << "Expected: " << expected << "\n"
+                              << "  Actual:\n"
+                              << r;
+  }
+
+  if (strstr(r.message(), substr.c_str()) == NULL) {
+    return AssertionFailure() << "Expected: " << expected << " containing \""
+                              << substr << "\"\n"
+                              << "  Actual:\n"
+                              << r;
+  }
+
+  return AssertionSuccess();
+}
+
+// The constructor of SingleFailureChecker remembers where to look up
+// test part results, what type of failure we expect, and what
+// substring the failure message should contain.
+SingleFailureChecker:: SingleFailureChecker(
+    const TestPartResultArray* results,
+    TestPartResult::Type type,
+    const string& substr)
+    : results_(results),
+      type_(type),
+      substr_(substr) {}
+
+// The destructor of SingleFailureChecker verifies that the given
+// TestPartResultArray contains exactly one failure that has the given
+// type and contains the given substring.  If that's not the case, a
+// non-fatal failure will be generated.
+SingleFailureChecker::~SingleFailureChecker() {
+  EXPECT_PRED_FORMAT3(HasOneFailure, *results_, type_, substr_);
+}
+
+DefaultGlobalTestPartResultReporter::DefaultGlobalTestPartResultReporter(
+    UnitTestImpl* unit_test) : unit_test_(unit_test) {}
+
+void DefaultGlobalTestPartResultReporter::ReportTestPartResult(
+    const TestPartResult& result) {
+  unit_test_->current_test_result()->AddTestPartResult(result);
+  unit_test_->listeners()->repeater()->OnTestPartResult(result);
+}
+
+DefaultPerThreadTestPartResultReporter::DefaultPerThreadTestPartResultReporter(
+    UnitTestImpl* unit_test) : unit_test_(unit_test) {}
+
+void DefaultPerThreadTestPartResultReporter::ReportTestPartResult(
+    const TestPartResult& result) {
+  unit_test_->GetGlobalTestPartResultReporter()->ReportTestPartResult(result);
+}
+
+// Returns the global test part result reporter.
+TestPartResultReporterInterface*
+UnitTestImpl::GetGlobalTestPartResultReporter() {
+  internal::MutexLock lock(&global_test_part_result_reporter_mutex_);
+  return global_test_part_result_repoter_;
+}
+
+// Sets the global test part result reporter.
+void UnitTestImpl::SetGlobalTestPartResultReporter(
+    TestPartResultReporterInterface* reporter) {
+  internal::MutexLock lock(&global_test_part_result_reporter_mutex_);
+  global_test_part_result_repoter_ = reporter;
+}
+
+// Returns the test part result reporter for the current thread.
+TestPartResultReporterInterface*
+UnitTestImpl::GetTestPartResultReporterForCurrentThread() {
+  return per_thread_test_part_result_reporter_.get();
+}
+
+// Sets the test part result reporter for the current thread.
+void UnitTestImpl::SetTestPartResultReporterForCurrentThread(
+    TestPartResultReporterInterface* reporter) {
+  per_thread_test_part_result_reporter_.set(reporter);
+}
+
+// Gets the number of successful test cases.
+int UnitTestImpl::successful_test_case_count() const {
+  return CountIf(test_cases_, TestCasePassed);
+}
+
+// Gets the number of failed test cases.
+int UnitTestImpl::failed_test_case_count() const {
+  return CountIf(test_cases_, TestCaseFailed);
+}
+
+// Gets the number of all test cases.
+int UnitTestImpl::total_test_case_count() const {
+  return static_cast<int>(test_cases_.size());
+}
+
+// Gets the number of all test cases that contain at least one test
+// that should run.
+int UnitTestImpl::test_case_to_run_count() const {
+  return CountIf(test_cases_, ShouldRunTestCase);
+}
+
+// Gets the number of successful tests.
+int UnitTestImpl::successful_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::successful_test_count);
+}
+
+// Gets the number of failed tests.
+int UnitTestImpl::failed_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::failed_test_count);
+}
+
+// Gets the number of disabled tests that will be reported in the XML report.
+int UnitTestImpl::reportable_disabled_test_count() const {
+  return SumOverTestCaseList(test_cases_,
+                             &TestCase::reportable_disabled_test_count);
+}
+
+// Gets the number of disabled tests.
+int UnitTestImpl::disabled_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::disabled_test_count);
+}
+
+// Gets the number of tests to be printed in the XML report.
+int UnitTestImpl::reportable_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::reportable_test_count);
+}
+
+// Gets the number of all tests.
+int UnitTestImpl::total_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::total_test_count);
+}
+
+// Gets the number of tests that should run.
+int UnitTestImpl::test_to_run_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::test_to_run_count);
+}
+
+// Returns the current OS stack trace as an std::string.
+//
+// The maximum number of stack frames to be included is specified by
+// the gtest_stack_trace_depth flag.  The skip_count parameter
+// specifies the number of top frames to be skipped, which doesn't
+// count against the number of frames to be included.
+//
+// For example, if Foo() calls Bar(), which in turn calls
+// CurrentOsStackTraceExceptTop(1), Foo() will be included in the
+// trace but Bar() and CurrentOsStackTraceExceptTop() won't.
+std::string UnitTestImpl::CurrentOsStackTraceExceptTop(int skip_count) {
+  (void)skip_count;
+  return "";
+}
+
+// Returns the current time in milliseconds.
+TimeInMillis GetTimeInMillis() {
+#if GTEST_OS_WINDOWS_MOBILE || defined(__BORLANDC__)
+  // Difference between 1970-01-01 and 1601-01-01 in milliseconds.
+  // http://analogous.blogspot.com/2005/04/epoch.html
+  const TimeInMillis kJavaEpochToWinFileTimeDelta =
+    static_cast<TimeInMillis>(116444736UL) * 100000UL;
+  const DWORD kTenthMicrosInMilliSecond = 10000;
+
+  SYSTEMTIME now_systime;
+  FILETIME now_filetime;
+  ULARGE_INTEGER now_int64;
+  // TODO(kenton@google.com): Shouldn't this just use
+  //   GetSystemTimeAsFileTime()?
+  GetSystemTime(&now_systime);
+  if (SystemTimeToFileTime(&now_systime, &now_filetime)) {
+    now_int64.LowPart = now_filetime.dwLowDateTime;
+    now_int64.HighPart = now_filetime.dwHighDateTime;
+    now_int64.QuadPart = (now_int64.QuadPart / kTenthMicrosInMilliSecond) -
+      kJavaEpochToWinFileTimeDelta;
+    return now_int64.QuadPart;
+  }
+  return 0;
+#elif GTEST_OS_WINDOWS && !GTEST_HAS_GETTIMEOFDAY_
+  __timeb64 now;
+
+  // MSVC 8 deprecates _ftime64(), so we want to suppress warning 4996
+  // (deprecated function) there.
+  // TODO(kenton@google.com): Use GetTickCount()?  Or use
+  //   SystemTimeToFileTime()
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996)
+  _ftime64(&now);
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+  return static_cast<TimeInMillis>(now.time) * 1000 + now.millitm;
+#elif GTEST_HAS_GETTIMEOFDAY_
+  struct timeval now;
+  gettimeofday(&now, NULL);
+  return static_cast<TimeInMillis>(now.tv_sec) * 1000 + now.tv_usec / 1000;
+#else
+# error "Don't know how to get the current time on your system."
+#endif
+}
+
+// Utilities
+
+// class String.
+
+#if GTEST_OS_WINDOWS_MOBILE
+// Creates a UTF-16 wide string from the given ANSI string, allocating
+// memory using new. The caller is responsible for deleting the return
+// value using delete[]. Returns the wide string, or NULL if the
+// input is NULL.
+LPCWSTR String::AnsiToUtf16(const char* ansi) {
+  if (!ansi) return NULL;
+  const int length = strlen(ansi);
+  const int unicode_length =
+      MultiByteToWideChar(CP_ACP, 0, ansi, length,
+                          NULL, 0);
+  WCHAR* unicode = new WCHAR[unicode_length + 1];
+  MultiByteToWideChar(CP_ACP, 0, ansi, length,
+                      unicode, unicode_length);
+  unicode[unicode_length] = 0;
+  return unicode;
+}
+
+// Creates an ANSI string from the given wide string, allocating
+// memory using new. The caller is responsible for deleting the return
+// value using delete[]. Returns the ANSI string, or NULL if the
+// input is NULL.
+const char* String::Utf16ToAnsi(LPCWSTR utf16_str)  {
+  if (!utf16_str) return NULL;
+  const int ansi_length =
+      WideCharToMultiByte(CP_ACP, 0, utf16_str, -1,
+                          NULL, 0, NULL, NULL);
+  char* ansi = new char[ansi_length + 1];
+  WideCharToMultiByte(CP_ACP, 0, utf16_str, -1,
+                      ansi, ansi_length, NULL, NULL);
+  ansi[ansi_length] = 0;
+  return ansi;
+}
+
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+// Compares two C strings.  Returns true iff they have the same content.
+//
+// Unlike strcmp(), this function can handle NULL argument(s).  A NULL
+// C string is considered different to any non-NULL C string,
+// including the empty string.
+bool String::CStringEquals(const char * lhs, const char * rhs) {
+  if ( lhs == NULL ) return rhs == NULL;
+
+  if ( rhs == NULL ) return false;
+
+  return strcmp(lhs, rhs) == 0;
+}
+
+#if GTEST_HAS_STD_WSTRING || GTEST_HAS_GLOBAL_WSTRING
+
+// Converts an array of wide chars to a narrow string using the UTF-8
+// encoding, and streams the result to the given Message object.
+static void StreamWideCharsToMessage(const wchar_t* wstr, size_t length,
+                                     Message* msg) {
+  for (size_t i = 0; i != length; ) {  // NOLINT
+    if (wstr[i] != L'\0') {
+      *msg << WideStringToUtf8(wstr + i, static_cast<int>(length - i));
+      while (i != length && wstr[i] != L'\0')
+        i++;
+    } else {
+      *msg << '\0';
+      i++;
+    }
+  }
+}
+
+#endif  // GTEST_HAS_STD_WSTRING || GTEST_HAS_GLOBAL_WSTRING
+
+}  // namespace internal
+
+// Constructs an empty Message.
+// We allocate the stringstream separately because otherwise each use of
+// ASSERT/EXPECT in a procedure adds over 200 bytes to the procedure's
+// stack frame leading to huge stack frames in some cases; gcc does not reuse
+// the stack space.
+Message::Message() : ss_(new ::std::stringstream) {
+  // By default, we want there to be enough precision when printing
+  // a double to a Message.
+  *ss_ << std::setprecision(std::numeric_limits<double>::digits10 + 2);
+}
+
+// These two overloads allow streaming a wide C string to a Message
+// using the UTF-8 encoding.
+Message& Message::operator <<(const wchar_t* wide_c_str) {
+  return *this << internal::String::ShowWideCString(wide_c_str);
+}
+Message& Message::operator <<(wchar_t* wide_c_str) {
+  return *this << internal::String::ShowWideCString(wide_c_str);
+}
+
+#if GTEST_HAS_STD_WSTRING
+// Converts the given wide string to a narrow string using the UTF-8
+// encoding, and streams the result to this Message object.
+Message& Message::operator <<(const ::std::wstring& wstr) {
+  internal::StreamWideCharsToMessage(wstr.c_str(), wstr.length(), this);
+  return *this;
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// Converts the given wide string to a narrow string using the UTF-8
+// encoding, and streams the result to this Message object.
+Message& Message::operator <<(const ::wstring& wstr) {
+  internal::StreamWideCharsToMessage(wstr.c_str(), wstr.length(), this);
+  return *this;
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// Gets the text streamed to this object so far as an std::string.
+// Each '\0' character in the buffer is replaced with "\\0".
+std::string Message::GetString() const {
+  return internal::StringStreamToString(ss_.get());
+}
+
+// AssertionResult constructors.
+// Used in EXPECT_TRUE/FALSE(assertion_result).
+AssertionResult::AssertionResult(const AssertionResult& other)
+    : success_(other.success_),
+      message_(other.message_.get() != NULL ?
+               new ::std::string(*other.message_) :
+               static_cast< ::std::string*>(NULL)) {
+}
+
+// Swaps two AssertionResults.
+void AssertionResult::swap(AssertionResult& other) {
+  using std::swap;
+  swap(success_, other.success_);
+  swap(message_, other.message_);
+}
+
+// Returns the assertion's negation. Used with EXPECT/ASSERT_FALSE.
+AssertionResult AssertionResult::operator!() const {
+  AssertionResult negation(!success_);
+  if (message_.get() != NULL)
+    negation << *message_;
+  return negation;
+}
+
+// Makes a successful assertion result.
+AssertionResult AssertionSuccess() {
+  return AssertionResult(true);
+}
+
+// Makes a failed assertion result.
+AssertionResult AssertionFailure() {
+  return AssertionResult(false);
+}
+
+// Makes a failed assertion result with the given failure message.
+// Deprecated; use AssertionFailure() << message.
+AssertionResult AssertionFailure(const Message& message) {
+  return AssertionFailure() << message;
+}
+
+namespace internal {
+
+namespace edit_distance {
+std::vector<EditType> CalculateOptimalEdits(const std::vector<size_t>& left,
+                                            const std::vector<size_t>& right) {
+  std::vector<std::vector<double> > costs(
+      left.size() + 1, std::vector<double>(right.size() + 1));
+  std::vector<std::vector<EditType> > best_move(
+      left.size() + 1, std::vector<EditType>(right.size() + 1));
+
+  // Populate for empty right.
+  for (size_t l_i = 0; l_i < costs.size(); ++l_i) {
+    costs[l_i][0] = static_cast<double>(l_i);
+    best_move[l_i][0] = kRemove;
+  }
+  // Populate for empty left.
+  for (size_t r_i = 1; r_i < costs[0].size(); ++r_i) {
+    costs[0][r_i] = static_cast<double>(r_i);
+    best_move[0][r_i] = kAdd;
+  }
+
+  for (size_t l_i = 0; l_i < left.size(); ++l_i) {
+    for (size_t r_i = 0; r_i < right.size(); ++r_i) {
+      if (left[l_i] == right[r_i]) {
+        // Found a match. Consume it.
+        costs[l_i + 1][r_i + 1] = costs[l_i][r_i];
+        best_move[l_i + 1][r_i + 1] = kMatch;
+        continue;
+      }
+
+      const double add = costs[l_i + 1][r_i];
+      const double remove = costs[l_i][r_i + 1];
+      const double replace = costs[l_i][r_i];
+      if (add < remove && add < replace) {
+        costs[l_i + 1][r_i + 1] = add + 1;
+        best_move[l_i + 1][r_i + 1] = kAdd;
+      } else if (remove < add && remove < replace) {
+        costs[l_i + 1][r_i + 1] = remove + 1;
+        best_move[l_i + 1][r_i + 1] = kRemove;
+      } else {
+        // We make replace a little more expensive than add/remove to lower
+        // their priority.
+        costs[l_i + 1][r_i + 1] = replace + 1.00001;
+        best_move[l_i + 1][r_i + 1] = kReplace;
+      }
+    }
+  }
+
+  // Reconstruct the best path. We do it in reverse order.
+  std::vector<EditType> best_path;
+  for (size_t l_i = left.size(), r_i = right.size(); l_i > 0 || r_i > 0;) {
+    EditType move = best_move[l_i][r_i];
+    best_path.push_back(move);
+    l_i -= move != kAdd;
+    r_i -= move != kRemove;
+  }
+  std::reverse(best_path.begin(), best_path.end());
+  return best_path;
+}
+
+namespace {
+
+// Helper class to convert string into ids with deduplication.
+class InternalStrings {
+ public:
+  size_t GetId(const std::string& str) {
+    IdMap::iterator it = ids_.find(str);
+    if (it != ids_.end()) return it->second;
+    size_t id = ids_.size();
+    return ids_[str] = id;
+  }
+
+ private:
+  typedef std::map<std::string, size_t> IdMap;
+  IdMap ids_;
+};
+
+}  // namespace
+
+std::vector<EditType> CalculateOptimalEdits(
+    const std::vector<std::string>& left,
+    const std::vector<std::string>& right) {
+  std::vector<size_t> left_ids, right_ids;
+  {
+    InternalStrings intern_table;
+    for (size_t i = 0; i < left.size(); ++i) {
+      left_ids.push_back(intern_table.GetId(left[i]));
+    }
+    for (size_t i = 0; i < right.size(); ++i) {
+      right_ids.push_back(intern_table.GetId(right[i]));
+    }
+  }
+  return CalculateOptimalEdits(left_ids, right_ids);
+}
+
+namespace {
+
+// Helper class that holds the state for one hunk and prints it out to the
+// stream.
+// It reorders adds/removes when possible to group all removes before all
+// adds. It also adds the hunk header before printint into the stream.
+class Hunk {
+ public:
+  Hunk(size_t left_start, size_t right_start)
+      : left_start_(left_start),
+        right_start_(right_start),
+        adds_(),
+        removes_(),
+        common_() {}
+
+  void PushLine(char edit, const char* line) {
+    switch (edit) {
+      case ' ':
+        ++common_;
+        FlushEdits();
+        hunk_.push_back(std::make_pair(' ', line));
+        break;
+      case '-':
+        ++removes_;
+        hunk_removes_.push_back(std::make_pair('-', line));
+        break;
+      case '+':
+        ++adds_;
+        hunk_adds_.push_back(std::make_pair('+', line));
+        break;
+    }
+  }
+
+  void PrintTo(std::ostream* os) {
+    PrintHeader(os);
+    FlushEdits();
+    for (std::list<std::pair<char, const char*> >::const_iterator it =
+             hunk_.begin();
+         it != hunk_.end(); ++it) {
+      *os << it->first << it->second << "\n";
+    }
+  }
+
+  bool has_edits() const { return adds_ || removes_; }
+
+ private:
+  void FlushEdits() {
+    hunk_.splice(hunk_.end(), hunk_removes_);
+    hunk_.splice(hunk_.end(), hunk_adds_);
+  }
+
+  // Print a unified diff header for one hunk.
+  // The format is
+  //   "@@ -<left_start>,<left_length> +<right_start>,<right_length> @@"
+  // where the left/right parts are ommitted if unnecessary.
+  void PrintHeader(std::ostream* ss) const {
+    *ss << "@@ ";
+    if (removes_) {
+      *ss << "-" << left_start_ << "," << (removes_ + common_);
+    }
+    if (removes_ && adds_) {
+      *ss << " ";
+    }
+    if (adds_) {
+      *ss << "+" << right_start_ << "," << (adds_ + common_);
+    }
+    *ss << " @@\n";
+  }
+
+  size_t left_start_, right_start_;
+  size_t adds_, removes_, common_;
+  std::list<std::pair<char, const char*> > hunk_, hunk_adds_, hunk_removes_;
+};
+
+}  // namespace
+
+// Create a list of diff hunks in Unified diff format.
+// Each hunk has a header generated by PrintHeader above plus a body with
+// lines prefixed with ' ' for no change, '-' for deletion and '+' for
+// addition.
+// 'context' represents the desired unchanged prefix/suffix around the diff.
+// If two hunks are close enough that their contexts overlap, then they are
+// joined into one hunk.
+std::string CreateUnifiedDiff(const std::vector<std::string>& left,
+                              const std::vector<std::string>& right,
+                              size_t context) {
+  const std::vector<EditType> edits = CalculateOptimalEdits(left, right);
+
+  size_t l_i = 0, r_i = 0, edit_i = 0;
+  std::stringstream ss;
+  while (edit_i < edits.size()) {
+    // Find first edit.
+    while (edit_i < edits.size() && edits[edit_i] == kMatch) {
+      ++l_i;
+      ++r_i;
+      ++edit_i;
+    }
+
+    // Find the first line to include in the hunk.
+    const size_t prefix_context = std::min(l_i, context);
+    Hunk hunk(l_i - prefix_context + 1, r_i - prefix_context + 1);
+    for (size_t i = prefix_context; i > 0; --i) {
+      hunk.PushLine(' ', left[l_i - i].c_str());
+    }
+
+    // Iterate the edits until we found enough suffix for the hunk or the input
+    // is over.
+    size_t n_suffix = 0;
+    for (; edit_i < edits.size(); ++edit_i) {
+      if (n_suffix >= context) {
+        // Continue only if the next hunk is very close.
+        std::vector<EditType>::const_iterator it = edits.begin() + edit_i;
+        while (it != edits.end() && *it == kMatch) ++it;
+        if (it == edits.end() || (it - edits.begin()) - edit_i >= context) {
+          // There is no next edit or it is too far away.
+          break;
+        }
+      }
+
+      EditType edit = edits[edit_i];
+      // Reset count when a non match is found.
+      n_suffix = edit == kMatch ? n_suffix + 1 : 0;
+
+      if (edit == kMatch || edit == kRemove || edit == kReplace) {
+        hunk.PushLine(edit == kMatch ? ' ' : '-', left[l_i].c_str());
+      }
+      if (edit == kAdd || edit == kReplace) {
+        hunk.PushLine('+', right[r_i].c_str());
+      }
+
+      // Advance indices, depending on edit type.
+      l_i += edit != kAdd;
+      r_i += edit != kRemove;
+    }
+
+    if (!hunk.has_edits()) {
+      // We are done. We don't want this hunk.
+      break;
+    }
+
+    hunk.PrintTo(&ss);
+  }
+  return ss.str();
+}
+
+}  // namespace edit_distance
+
+namespace {
+
+// The string representation of the values received in EqFailure() are already
+// escaped. Split them on escaped '\n' boundaries. Leave all other escaped
+// characters the same.
+std::vector<std::string> SplitEscapedString(const std::string& str) {
+  std::vector<std::string> lines;
+  size_t start = 0, end = str.size();
+  if (end > 2 && str[0] == '"' && str[end - 1] == '"') {
+    ++start;
+    --end;
+  }
+  bool escaped = false;
+  for (size_t i = start; i + 1 < end; ++i) {
+    if (escaped) {
+      escaped = false;
+      if (str[i] == 'n') {
+        lines.push_back(str.substr(start, i - start - 1));
+        start = i + 1;
+      }
+    } else {
+      escaped = str[i] == '\\';
+    }
+  }
+  lines.push_back(str.substr(start, end - start));
+  return lines;
+}
+
+}  // namespace
+
+// Constructs and returns the message for an equality assertion
+// (e.g. ASSERT_EQ, EXPECT_STREQ, etc) failure.
+//
+// The first four parameters are the expressions used in the assertion
+// and their values, as strings.  For example, for ASSERT_EQ(foo, bar)
+// where foo is 5 and bar is 6, we have:
+//
+//   expected_expression: "foo"
+//   actual_expression:   "bar"
+//   expected_value:      "5"
+//   actual_value:        "6"
+//
+// The ignoring_case parameter is true iff the assertion is a
+// *_STRCASEEQ*.  When it's true, the string " (ignoring case)" will
+// be inserted into the message.
+AssertionResult EqFailure(const char* expected_expression,
+                          const char* actual_expression,
+                          const std::string& expected_value,
+                          const std::string& actual_value,
+                          bool ignoring_case) {
+  Message msg;
+  msg << "Value of: " << actual_expression;
+  if (actual_value != actual_expression) {
+    msg << "\n  Actual: " << actual_value;
+  }
+
+  msg << "\nExpected: " << expected_expression;
+  if (ignoring_case) {
+    msg << " (ignoring case)";
+  }
+  if (expected_value != expected_expression) {
+    msg << "\nWhich is: " << expected_value;
+  }
+
+  if (!expected_value.empty() && !actual_value.empty()) {
+    const std::vector<std::string> expected_lines =
+        SplitEscapedString(expected_value);
+    const std::vector<std::string> actual_lines =
+        SplitEscapedString(actual_value);
+    if (expected_lines.size() > 1 || actual_lines.size() > 1) {
+      msg << "\nWith diff:\n"
+          << edit_distance::CreateUnifiedDiff(expected_lines, actual_lines);
+    }
+  }
+
+  return AssertionFailure() << msg;
+}
+
+// Constructs a failure message for Boolean assertions such as EXPECT_TRUE.
+std::string GetBoolAssertionFailureMessage(
+    const AssertionResult& assertion_result,
+    const char* expression_text,
+    const char* actual_predicate_value,
+    const char* expected_predicate_value) {
+  const char* actual_message = assertion_result.message();
+  Message msg;
+  msg << "Value of: " << expression_text
+      << "\n  Actual: " << actual_predicate_value;
+  if (actual_message[0] != '\0')
+    msg << " (" << actual_message << ")";
+  msg << "\nExpected: " << expected_predicate_value;
+  return msg.GetString();
+}
+
+// Helper function for implementing ASSERT_NEAR.
+AssertionResult DoubleNearPredFormat(const char* expr1,
+                                     const char* expr2,
+                                     const char* abs_error_expr,
+                                     double val1,
+                                     double val2,
+                                     double abs_error) {
+  const double diff = fabs(val1 - val2);
+  if (diff <= abs_error) return AssertionSuccess();
+
+  // TODO(wan): do not print the value of an expression if it's
+  // already a literal.
+  return AssertionFailure()
+      << "The difference between " << expr1 << " and " << expr2
+      << " is " << diff << ", which exceeds " << abs_error_expr << ", where\n"
+      << expr1 << " evaluates to " << val1 << ",\n"
+      << expr2 << " evaluates to " << val2 << ", and\n"
+      << abs_error_expr << " evaluates to " << abs_error << ".";
+}
+
+
+// Helper template for implementing FloatLE() and DoubleLE().
+template <typename RawType>
+AssertionResult FloatingPointLE(const char* expr1,
+                                const char* expr2,
+                                RawType val1,
+                                RawType val2) {
+  // Returns success if val1 is less than val2,
+  if (val1 < val2) {
+    return AssertionSuccess();
+  }
+
+  // or if val1 is almost equal to val2.
+  const FloatingPoint<RawType> lhs(val1), rhs(val2);
+  if (lhs.AlmostEquals(rhs)) {
+    return AssertionSuccess();
+  }
+
+  // Note that the above two checks will both fail if either val1 or
+  // val2 is NaN, as the IEEE floating-point standard requires that
+  // any predicate involving a NaN must return false.
+
+  ::std::stringstream val1_ss;
+  val1_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+          << val1;
+
+  ::std::stringstream val2_ss;
+  val2_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+          << val2;
+
+  return AssertionFailure()
+      << "Expected: (" << expr1 << ") <= (" << expr2 << ")\n"
+      << "  Actual: " << StringStreamToString(&val1_ss) << " vs "
+      << StringStreamToString(&val2_ss);
+}
+
+}  // namespace internal
+
+// Asserts that val1 is less than, or almost equal to, val2.  Fails
+// otherwise.  In particular, it fails if either val1 or val2 is NaN.
+AssertionResult FloatLE(const char* expr1, const char* expr2,
+                        float val1, float val2) {
+  return internal::FloatingPointLE<float>(expr1, expr2, val1, val2);
+}
+
+// Asserts that val1 is less than, or almost equal to, val2.  Fails
+// otherwise.  In particular, it fails if either val1 or val2 is NaN.
+AssertionResult DoubleLE(const char* expr1, const char* expr2,
+                         double val1, double val2) {
+  return internal::FloatingPointLE<double>(expr1, expr2, val1, val2);
+}
+
+namespace internal {
+
+// The helper function for {ASSERT|EXPECT}_EQ with int or enum
+// arguments.
+AssertionResult CmpHelperEQ(const char* expected_expression,
+                            const char* actual_expression,
+                            BiggestInt expected,
+                            BiggestInt actual) {
+  if (expected == actual) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   FormatForComparisonFailureMessage(expected, actual),
+                   FormatForComparisonFailureMessage(actual, expected),
+                   false);
+}
+
+// A macro for implementing the helper functions needed to implement
+// ASSERT_?? and EXPECT_?? with integer or enum arguments.  It is here
+// just to avoid copy-and-paste of similar code.
+#define GTEST_IMPL_CMP_HELPER_(op_name, op)\
+AssertionResult CmpHelper##op_name(const char* expr1, const char* expr2, \
+                                   BiggestInt val1, BiggestInt val2) {\
+  if (val1 op val2) {\
+    return AssertionSuccess();\
+  } else {\
+    return AssertionFailure() \
+        << "Expected: (" << expr1 << ") " #op " (" << expr2\
+        << "), actual: " << FormatForComparisonFailureMessage(val1, val2)\
+        << " vs " << FormatForComparisonFailureMessage(val2, val1);\
+  }\
+}
+
+// Implements the helper function for {ASSERT|EXPECT}_NE with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(NE, !=)
+// Implements the helper function for {ASSERT|EXPECT}_LE with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(LE, <=)
+// Implements the helper function for {ASSERT|EXPECT}_LT with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(LT, < )
+// Implements the helper function for {ASSERT|EXPECT}_GE with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(GE, >=)
+// Implements the helper function for {ASSERT|EXPECT}_GT with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(GT, > )
+
+#undef GTEST_IMPL_CMP_HELPER_
+
+// The helper function for {ASSERT|EXPECT}_STREQ.
+AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                               const char* actual_expression,
+                               const char* expected,
+                               const char* actual) {
+  if (String::CStringEquals(expected, actual)) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   PrintToString(expected),
+                   PrintToString(actual),
+                   false);
+}
+
+// The helper function for {ASSERT|EXPECT}_STRCASEEQ.
+AssertionResult CmpHelperSTRCASEEQ(const char* expected_expression,
+                                   const char* actual_expression,
+                                   const char* expected,
+                                   const char* actual) {
+  if (String::CaseInsensitiveCStringEquals(expected, actual)) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   PrintToString(expected),
+                   PrintToString(actual),
+                   true);
+}
+
+// The helper function for {ASSERT|EXPECT}_STRNE.
+AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                               const char* s2_expression,
+                               const char* s1,
+                               const char* s2) {
+  if (!String::CStringEquals(s1, s2)) {
+    return AssertionSuccess();
+  } else {
+    return AssertionFailure() << "Expected: (" << s1_expression << ") != ("
+                              << s2_expression << "), actual: \""
+                              << s1 << "\" vs \"" << s2 << "\"";
+  }
+}
+
+// The helper function for {ASSERT|EXPECT}_STRCASENE.
+AssertionResult CmpHelperSTRCASENE(const char* s1_expression,
+                                   const char* s2_expression,
+                                   const char* s1,
+                                   const char* s2) {
+  if (!String::CaseInsensitiveCStringEquals(s1, s2)) {
+    return AssertionSuccess();
+  } else {
+    return AssertionFailure()
+        << "Expected: (" << s1_expression << ") != ("
+        << s2_expression << ") (ignoring case), actual: \""
+        << s1 << "\" vs \"" << s2 << "\"";
+  }
+}
+
+}  // namespace internal
+
+namespace {
+
+// Helper functions for implementing IsSubString() and IsNotSubstring().
+
+// This group of overloaded functions return true iff needle is a
+// substring of haystack.  NULL is considered a substring of itself
+// only.
+
+bool IsSubstringPred(const char* needle, const char* haystack) {
+  if (needle == NULL || haystack == NULL)
+    return needle == haystack;
+
+  return strstr(haystack, needle) != NULL;
+}
+
+bool IsSubstringPred(const wchar_t* needle, const wchar_t* haystack) {
+  if (needle == NULL || haystack == NULL)
+    return needle == haystack;
+
+  return wcsstr(haystack, needle) != NULL;
+}
+
+// StringType here can be either ::std::string or ::std::wstring.
+template <typename StringType>
+bool IsSubstringPred(const StringType& needle,
+                     const StringType& haystack) {
+  return haystack.find(needle) != StringType::npos;
+}
+
+// This function implements either IsSubstring() or IsNotSubstring(),
+// depending on the value of the expected_to_be_substring parameter.
+// StringType here can be const char*, const wchar_t*, ::std::string,
+// or ::std::wstring.
+template <typename StringType>
+AssertionResult IsSubstringImpl(
+    bool expected_to_be_substring,
+    const char* needle_expr, const char* haystack_expr,
+    const StringType& needle, const StringType& haystack) {
+  if (IsSubstringPred(needle, haystack) == expected_to_be_substring)
+    return AssertionSuccess();
+
+  const bool is_wide_string = sizeof(needle[0]) > 1;
+  const char* const begin_string_quote = is_wide_string ? "L\"" : "\"";
+  return AssertionFailure()
+      << "Value of: " << needle_expr << "\n"
+      << "  Actual: " << begin_string_quote << needle << "\"\n"
+      << "Expected: " << (expected_to_be_substring ? "" : "not ")
+      << "a substring of " << haystack_expr << "\n"
+      << "Which is: " << begin_string_quote << haystack << "\"";
+}
+
+}  // namespace
+
+// IsSubstring() and IsNotSubstring() check whether needle is a
+// substring of haystack (NULL is considered a substring of itself
+// only), and return an appropriate error message when they fail.
+
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+
+#if GTEST_HAS_STD_WSTRING
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+namespace internal {
+
+#if GTEST_OS_WINDOWS
+
+namespace {
+
+// Helper function for IsHRESULT{SuccessFailure} predicates
+AssertionResult HRESULTFailureHelper(const char* expr,
+                                     const char* expected,
+                                     long hr) {  // NOLINT
+# if GTEST_OS_WINDOWS_MOBILE
+
+  // Windows CE doesn't support FormatMessage.
+  const char error_text[] = "";
+
+# else
+
+  // Looks up the human-readable system message for the HRESULT code
+  // and since we're not passing any params to FormatMessage, we don't
+  // want inserts expanded.
+  const DWORD kFlags = FORMAT_MESSAGE_FROM_SYSTEM |
+                       FORMAT_MESSAGE_IGNORE_INSERTS;
+  const DWORD kBufSize = 4096;
+  // Gets the system's human readable message string for this HRESULT.
+  char error_text[kBufSize] = { '\0' };
+  DWORD message_length = ::FormatMessageA(kFlags,
+                                          0,  // no source, we're asking system
+                                          hr,  // the error
+                                          0,  // no line width restrictions
+                                          error_text,  // output buffer
+                                          kBufSize,  // buf size
+                                          NULL);  // no arguments for inserts
+  // Trims tailing white space (FormatMessage leaves a trailing CR-LF)
+  for (; message_length && IsSpace(error_text[message_length - 1]);
+          --message_length) {
+    error_text[message_length - 1] = '\0';
+  }
+
+# endif  // GTEST_OS_WINDOWS_MOBILE
+
+  const std::string error_hex("0x" + String::FormatHexInt(hr));
+  return ::testing::AssertionFailure()
+      << "Expected: " << expr << " " << expected << ".\n"
+      << "  Actual: " << error_hex << " " << error_text << "\n";
+}
+
+}  // namespace
+
+AssertionResult IsHRESULTSuccess(const char* expr, long hr) {  // NOLINT
+  if (SUCCEEDED(hr)) {
+    return AssertionSuccess();
+  }
+  return HRESULTFailureHelper(expr, "succeeds", hr);
+}
+
+AssertionResult IsHRESULTFailure(const char* expr, long hr) {  // NOLINT
+  if (FAILED(hr)) {
+    return AssertionSuccess();
+  }
+  return HRESULTFailureHelper(expr, "fails", hr);
+}
+
+#endif  // GTEST_OS_WINDOWS
+
+// Utility functions for encoding Unicode text (wide strings) in
+// UTF-8.
+
+// A Unicode code-point can have upto 21 bits, and is encoded in UTF-8
+// like this:
+//
+// Code-point length   Encoding
+//   0 -  7 bits       0xxxxxxx
+//   8 - 11 bits       110xxxxx 10xxxxxx
+//  12 - 16 bits       1110xxxx 10xxxxxx 10xxxxxx
+//  17 - 21 bits       11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+
+// The maximum code-point a one-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint1 = (static_cast<UInt32>(1) <<  7) - 1;
+
+// The maximum code-point a two-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint2 = (static_cast<UInt32>(1) << (5 + 6)) - 1;
+
+// The maximum code-point a three-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint3 = (static_cast<UInt32>(1) << (4 + 2*6)) - 1;
+
+// The maximum code-point a four-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint4 = (static_cast<UInt32>(1) << (3 + 3*6)) - 1;
+
+// Chops off the n lowest bits from a bit pattern.  Returns the n
+// lowest bits.  As a side effect, the original bit pattern will be
+// shifted to the right by n bits.
+inline UInt32 ChopLowBits(UInt32* bits, int n) {
+  const UInt32 low_bits = *bits & ((static_cast<UInt32>(1) << n) - 1);
+  *bits >>= n;
+  return low_bits;
+}
+
+// Converts a Unicode code point to a narrow string in UTF-8 encoding.
+// code_point parameter is of type UInt32 because wchar_t may not be
+// wide enough to contain a code point.
+// If the code_point is not a valid Unicode code point
+// (i.e. outside of Unicode range U+0 to U+10FFFF) it will be converted
+// to "(Invalid Unicode 0xXXXXXXXX)".
+std::string CodePointToUtf8(UInt32 code_point) {
+  if (code_point > kMaxCodePoint4) {
+    return "(Invalid Unicode 0x" + String::FormatHexInt(code_point) + ")";
+  }
+
+  char str[5];  // Big enough for the largest valid code point.
+  if (code_point <= kMaxCodePoint1) {
+    str[1] = '\0';
+    str[0] = static_cast<char>(code_point);                          // 0xxxxxxx
+  } else if (code_point <= kMaxCodePoint2) {
+    str[2] = '\0';
+    str[1] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[0] = static_cast<char>(0xC0 | code_point);                   // 110xxxxx
+  } else if (code_point <= kMaxCodePoint3) {
+    str[3] = '\0';
+    str[2] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[1] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[0] = static_cast<char>(0xE0 | code_point);                   // 1110xxxx
+  } else {  // code_point <= kMaxCodePoint4
+    str[4] = '\0';
+    str[3] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[2] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[1] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[0] = static_cast<char>(0xF0 | code_point);                   // 11110xxx
+  }
+  return str;
+}
+
+// The following two functions only make sense if the the system
+// uses UTF-16 for wide string encoding. All supported systems
+// with 16 bit wchar_t (Windows, Cygwin, Symbian OS) do use UTF-16.
+
+// Determines if the arguments constitute UTF-16 surrogate pair
+// and thus should be combined into a single Unicode code point
+// using CreateCodePointFromUtf16SurrogatePair.
+inline bool IsUtf16SurrogatePair(wchar_t first, wchar_t second) {
+  return sizeof(wchar_t) == 2 &&
+      (first & 0xFC00) == 0xD800 && (second & 0xFC00) == 0xDC00;
+}
+
+// Creates a Unicode code point from UTF16 surrogate pair.
+inline UInt32 CreateCodePointFromUtf16SurrogatePair(wchar_t first,
+                                                    wchar_t second) {
+  const UInt32 mask = (1 << 10) - 1;
+  return (sizeof(wchar_t) == 2) ?
+      (((first & mask) << 10) | (second & mask)) + 0x10000 :
+      // This function should not be called when the condition is
+      // false, but we provide a sensible default in case it is.
+      static_cast<UInt32>(first);
+}
+
+// Converts a wide string to a narrow string in UTF-8 encoding.
+// The wide string is assumed to have the following encoding:
+//   UTF-16 if sizeof(wchar_t) == 2 (on Windows, Cygwin, Symbian OS)
+//   UTF-32 if sizeof(wchar_t) == 4 (on Linux)
+// Parameter str points to a null-terminated wide string.
+// Parameter num_chars may additionally limit the number
+// of wchar_t characters processed. -1 is used when the entire string
+// should be processed.
+// If the string contains code points that are not valid Unicode code points
+// (i.e. outside of Unicode range U+0 to U+10FFFF) they will be output
+// as '(Invalid Unicode 0xXXXXXXXX)'. If the string is in UTF16 encoding
+// and contains invalid UTF-16 surrogate pairs, values in those pairs
+// will be encoded as individual Unicode characters from Basic Normal Plane.
+std::string WideStringToUtf8(const wchar_t* str, int num_chars) {
+  if (num_chars == -1)
+    num_chars = static_cast<int>(wcslen(str));
+
+  ::std::stringstream stream;
+  for (int i = 0; i < num_chars; ++i) {
+    UInt32 unicode_code_point;
+
+    if (str[i] == L'\0') {
+      break;
+    } else if (i + 1 < num_chars && IsUtf16SurrogatePair(str[i], str[i + 1])) {
+      unicode_code_point = CreateCodePointFromUtf16SurrogatePair(str[i],
+                                                                 str[i + 1]);
+      i++;
+    } else {
+      unicode_code_point = static_cast<UInt32>(str[i]);
+    }
+
+    stream << CodePointToUtf8(unicode_code_point);
+  }
+  return StringStreamToString(&stream);
+}
+
+// Converts a wide C string to an std::string using the UTF-8 encoding.
+// NULL will be converted to "(null)".
+std::string String::ShowWideCString(const wchar_t * wide_c_str) {
+  if (wide_c_str == NULL)  return "(null)";
+
+  return internal::WideStringToUtf8(wide_c_str, -1);
+}
+
+// Compares two wide C strings.  Returns true iff they have the same
+// content.
+//
+// Unlike wcscmp(), this function can handle NULL argument(s).  A NULL
+// C string is considered different to any non-NULL C string,
+// including the empty string.
+bool String::WideCStringEquals(const wchar_t * lhs, const wchar_t * rhs) {
+  if (lhs == NULL) return rhs == NULL;
+
+  if (rhs == NULL) return false;
+
+  return wcscmp(lhs, rhs) == 0;
+}
+
+// Helper function for *_STREQ on wide strings.
+AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                               const char* actual_expression,
+                               const wchar_t* expected,
+                               const wchar_t* actual) {
+  if (String::WideCStringEquals(expected, actual)) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   PrintToString(expected),
+                   PrintToString(actual),
+                   false);
+}
+
+// Helper function for *_STRNE on wide strings.
+AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                               const char* s2_expression,
+                               const wchar_t* s1,
+                               const wchar_t* s2) {
+  if (!String::WideCStringEquals(s1, s2)) {
+    return AssertionSuccess();
+  }
+
+  return AssertionFailure() << "Expected: (" << s1_expression << ") != ("
+                            << s2_expression << "), actual: "
+                            << PrintToString(s1)
+                            << " vs " << PrintToString(s2);
+}
+
+// Compares two C strings, ignoring case.  Returns true iff they have
+// the same content.
+//
+// Unlike strcasecmp(), this function can handle NULL argument(s).  A
+// NULL C string is considered different to any non-NULL C string,
+// including the empty string.
+bool String::CaseInsensitiveCStringEquals(const char * lhs, const char * rhs) {
+  if (lhs == NULL)
+    return rhs == NULL;
+  if (rhs == NULL)
+    return false;
+  return posix::StrCaseCmp(lhs, rhs) == 0;
+}
+
+  // Compares two wide C strings, ignoring case.  Returns true iff they
+  // have the same content.
+  //
+  // Unlike wcscasecmp(), this function can handle NULL argument(s).
+  // A NULL C string is considered different to any non-NULL wide C string,
+  // including the empty string.
+  // NB: The implementations on different platforms slightly differ.
+  // On windows, this method uses _wcsicmp which compares according to LC_CTYPE
+  // environment variable. On GNU platform this method uses wcscasecmp
+  // which compares according to LC_CTYPE category of the current locale.
+  // On MacOS X, it uses towlower, which also uses LC_CTYPE category of the
+  // current locale.
+bool String::CaseInsensitiveWideCStringEquals(const wchar_t* lhs,
+                                              const wchar_t* rhs) {
+  if (lhs == NULL) return rhs == NULL;
+
+  if (rhs == NULL) return false;
+
+#if GTEST_OS_WINDOWS
+  return _wcsicmp(lhs, rhs) == 0;
+#elif GTEST_OS_LINUX && !GTEST_OS_LINUX_ANDROID
+  return wcscasecmp(lhs, rhs) == 0;
+#else
+  // Android, Mac OS X and Cygwin don't define wcscasecmp.
+  // Other unknown OSes may not define it either.
+  wint_t left, right;
+  do {
+    left = towlower(*lhs++);
+    right = towlower(*rhs++);
+  } while (left && left == right);
+  return left == right;
+#endif  // OS selector
+}
+
+// Returns true iff str ends with the given suffix, ignoring case.
+// Any string is considered to end with an empty suffix.
+bool String::EndsWithCaseInsensitive(
+    const std::string& str, const std::string& suffix) {
+  const size_t str_len = str.length();
+  const size_t suffix_len = suffix.length();
+  return (str_len >= suffix_len) &&
+         CaseInsensitiveCStringEquals(str.c_str() + str_len - suffix_len,
+                                      suffix.c_str());
+}
+
+// Formats an int value as "%02d".
+std::string String::FormatIntWidth2(int value) {
+  std::stringstream ss;
+  ss << std::setfill('0') << std::setw(2) << value;
+  return ss.str();
+}
+
+// Formats an int value as "%X".
+std::string String::FormatHexInt(int value) {
+  std::stringstream ss;
+  ss << std::hex << std::uppercase << value;
+  return ss.str();
+}
+
+// Formats a byte as "%02X".
+std::string String::FormatByte(unsigned char value) {
+  std::stringstream ss;
+  ss << std::setfill('0') << std::setw(2) << std::hex << std::uppercase
+     << static_cast<unsigned int>(value);
+  return ss.str();
+}
+
+// Converts the buffer in a stringstream to an std::string, converting NUL
+// bytes to "\\0" along the way.
+std::string StringStreamToString(::std::stringstream* ss) {
+  const ::std::string& str = ss->str();
+  const char* const start = str.c_str();
+  const char* const end = start + str.length();
+
+  std::string result;
+  result.reserve(2 * (end - start));
+  for (const char* ch = start; ch != end; ++ch) {
+    if (*ch == '\0') {
+      result += "\\0";  // Replaces NUL with "\\0";
+    } else {
+      result += *ch;
+    }
+  }
+
+  return result;
+}
+
+// Appends the user-supplied message to the Google-Test-generated message.
+std::string AppendUserMessage(const std::string& gtest_msg,
+                              const Message& user_msg) {
+  // Appends the user message if it's non-empty.
+  const std::string user_msg_string = user_msg.GetString();
+  if (user_msg_string.empty()) {
+    return gtest_msg;
+  }
+
+  return gtest_msg + "\n" + user_msg_string;
+}
+
+}  // namespace internal
+
+// class TestResult
+
+// Creates an empty TestResult.
+TestResult::TestResult()
+    : death_test_count_(0),
+      elapsed_time_(0) {
+}
+
+// D'tor.
+TestResult::~TestResult() {
+}
+
+// Returns the i-th test part result among all the results. i can
+// range from 0 to total_part_count() - 1. If i is not in that range,
+// aborts the program.
+const TestPartResult& TestResult::GetTestPartResult(int i) const {
+  if (i < 0 || i >= total_part_count())
+    internal::posix::Abort();
+  return test_part_results_.at(i);
+}
+
+// Returns the i-th test property. i can range from 0 to
+// test_property_count() - 1. If i is not in that range, aborts the
+// program.
+const TestProperty& TestResult::GetTestProperty(int i) const {
+  if (i < 0 || i >= test_property_count())
+    internal::posix::Abort();
+  return test_properties_.at(i);
+}
+
+// Clears the test part results.
+void TestResult::ClearTestPartResults() {
+  test_part_results_.clear();
+}
+
+// Adds a test part result to the list.
+void TestResult::AddTestPartResult(const TestPartResult& test_part_result) {
+  test_part_results_.push_back(test_part_result);
+}
+
+// Adds a test property to the list. If a property with the same key as the
+// supplied property is already represented, the value of this test_property
+// replaces the old value for that key.
+void TestResult::RecordProperty(const std::string& xml_element,
+                                const TestProperty& test_property) {
+  if (!ValidateTestProperty(xml_element, test_property)) {
+    return;
+  }
+  internal::MutexLock lock(&test_properites_mutex_);
+  const std::vector<TestProperty>::iterator property_with_matching_key =
+      std::find_if(test_properties_.begin(), test_properties_.end(),
+                   internal::TestPropertyKeyIs(test_property.key()));
+  if (property_with_matching_key == test_properties_.end()) {
+    test_properties_.push_back(test_property);
+    return;
+  }
+  property_with_matching_key->SetValue(test_property.value());
+}
+
+// The list of reserved attributes used in the <testsuites> element of XML
+// output.
+static const char* const kReservedTestSuitesAttributes[] = {
+  "disabled",
+  "errors",
+  "failures",
+  "name",
+  "random_seed",
+  "tests",
+  "time",
+  "timestamp"
+};
+
+// The list of reserved attributes used in the <testsuite> element of XML
+// output.
+static const char* const kReservedTestSuiteAttributes[] = {
+  "disabled",
+  "errors",
+  "failures",
+  "name",
+  "tests",
+  "time"
+};
+
+// The list of reserved attributes used in the <testcase> element of XML output.
+static const char* const kReservedTestCaseAttributes[] = {
+  "classname",
+  "name",
+  "status",
+  "time",
+  "type_param",
+  "value_param"
+};
+
+template <int kSize>
+std::vector<std::string> ArrayAsVector(const char* const (&array)[kSize]) {
+  return std::vector<std::string>(array, array + kSize);
+}
+
+static std::vector<std::string> GetReservedAttributesForElement(
+    const std::string& xml_element) {
+  if (xml_element == "testsuites") {
+    return ArrayAsVector(kReservedTestSuitesAttributes);
+  } else if (xml_element == "testsuite") {
+    return ArrayAsVector(kReservedTestSuiteAttributes);
+  } else if (xml_element == "testcase") {
+    return ArrayAsVector(kReservedTestCaseAttributes);
+  } else {
+    GTEST_CHECK_(false) << "Unrecognized xml_element provided: " << xml_element;
+  }
+  // This code is unreachable but some compilers may not realizes that.
+  return std::vector<std::string>();
+}
+
+static std::string FormatWordList(const std::vector<std::string>& words) {
+  Message word_list;
+  for (size_t i = 0; i < words.size(); ++i) {
+    if (i > 0 && words.size() > 2) {
+      word_list << ", ";
+    }
+    if (i == words.size() - 1) {
+      word_list << "and ";
+    }
+    word_list << "'" << words[i] << "'";
+  }
+  return word_list.GetString();
+}
+
+bool ValidateTestPropertyName(const std::string& property_name,
+                              const std::vector<std::string>& reserved_names) {
+  if (std::find(reserved_names.begin(), reserved_names.end(), property_name) !=
+          reserved_names.end()) {
+    ADD_FAILURE() << "Reserved key used in RecordProperty(): " << property_name
+                  << " (" << FormatWordList(reserved_names)
+                  << " are reserved by " << GTEST_NAME_ << ")";
+    return false;
+  }
+  return true;
+}
+
+// Adds a failure if the key is a reserved attribute of the element named
+// xml_element.  Returns true if the property is valid.
+bool TestResult::ValidateTestProperty(const std::string& xml_element,
+                                      const TestProperty& test_property) {
+  return ValidateTestPropertyName(test_property.key(),
+                                  GetReservedAttributesForElement(xml_element));
+}
+
+// Clears the object.
+void TestResult::Clear() {
+  test_part_results_.clear();
+  test_properties_.clear();
+  death_test_count_ = 0;
+  elapsed_time_ = 0;
+}
+
+// Returns true iff the test failed.
+bool TestResult::Failed() const {
+  for (int i = 0; i < total_part_count(); ++i) {
+    if (GetTestPartResult(i).failed())
+      return true;
+  }
+  return false;
+}
+
+// Returns true iff the test part fatally failed.
+static bool TestPartFatallyFailed(const TestPartResult& result) {
+  return result.fatally_failed();
+}
+
+// Returns true iff the test fatally failed.
+bool TestResult::HasFatalFailure() const {
+  return CountIf(test_part_results_, TestPartFatallyFailed) > 0;
+}
+
+// Returns true iff the test part non-fatally failed.
+static bool TestPartNonfatallyFailed(const TestPartResult& result) {
+  return result.nonfatally_failed();
+}
+
+// Returns true iff the test has a non-fatal failure.
+bool TestResult::HasNonfatalFailure() const {
+  return CountIf(test_part_results_, TestPartNonfatallyFailed) > 0;
+}
+
+// Gets the number of all test parts.  This is the sum of the number
+// of successful test parts and the number of failed test parts.
+int TestResult::total_part_count() const {
+  return static_cast<int>(test_part_results_.size());
+}
+
+// Returns the number of the test properties.
+int TestResult::test_property_count() const {
+  return static_cast<int>(test_properties_.size());
+}
+
+// class Test
+
+// Creates a Test object.
+
+// The c'tor saves the values of all Google Test flags.
+Test::Test()
+    : gtest_flag_saver_(new internal::GTestFlagSaver) {
+}
+
+// The d'tor restores the values of all Google Test flags.
+Test::~Test() {
+  delete gtest_flag_saver_;
+}
+
+// Sets up the test fixture.
+//
+// A sub-class may override this.
+void Test::SetUp() {
+}
+
+// Tears down the test fixture.
+//
+// A sub-class may override this.
+void Test::TearDown() {
+}
+
+// Allows user supplied key value pairs to be recorded for later output.
+void Test::RecordProperty(const std::string& key, const std::string& value) {
+  UnitTest::GetInstance()->RecordProperty(key, value);
+}
+
+// Allows user supplied key value pairs to be recorded for later output.
+void Test::RecordProperty(const std::string& key, int value) {
+  Message value_message;
+  value_message << value;
+  RecordProperty(key, value_message.GetString().c_str());
+}
+
+namespace internal {
+
+void ReportFailureInUnknownLocation(TestPartResult::Type result_type,
+                                    const std::string& message) {
+  // This function is a friend of UnitTest and as such has access to
+  // AddTestPartResult.
+  UnitTest::GetInstance()->AddTestPartResult(
+      result_type,
+      NULL,  // No info about the source file where the exception occurred.
+      -1,    // We have no info on which line caused the exception.
+      message,
+      "");   // No stack trace, either.
+}
+
+}  // namespace internal
+
+// Google Test requires all tests in the same test case to use the same test
+// fixture class.  This function checks if the current test has the
+// same fixture class as the first test in the current test case.  If
+// yes, it returns true; otherwise it generates a Google Test failure and
+// returns false.
+bool Test::HasSameFixtureClass() {
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  const TestCase* const test_case = impl->current_test_case();
+
+  // Info about the first test in the current test case.
+  const TestInfo* const first_test_info = test_case->test_info_list()[0];
+  const internal::TypeId first_fixture_id = first_test_info->fixture_class_id_;
+  const char* const first_test_name = first_test_info->name();
+
+  // Info about the current test.
+  const TestInfo* const this_test_info = impl->current_test_info();
+  const internal::TypeId this_fixture_id = this_test_info->fixture_class_id_;
+  const char* const this_test_name = this_test_info->name();
+
+  if (this_fixture_id != first_fixture_id) {
+    // Is the first test defined using TEST?
+    const bool first_is_TEST = first_fixture_id == internal::GetTestTypeId();
+    // Is this test defined using TEST?
+    const bool this_is_TEST = this_fixture_id == internal::GetTestTypeId();
+
+    if (first_is_TEST || this_is_TEST) {
+      // Both TEST and TEST_F appear in same test case, which is incorrect.
+      // Tell the user how to fix this.
+
+      // Gets the name of the TEST and the name of the TEST_F.  Note
+      // that first_is_TEST and this_is_TEST cannot both be true, as
+      // the fixture IDs are different for the two tests.
+      const char* const TEST_name =
+          first_is_TEST ? first_test_name : this_test_name;
+      const char* const TEST_F_name =
+          first_is_TEST ? this_test_name : first_test_name;
+
+      ADD_FAILURE()
+          << "All tests in the same test case must use the same test fixture\n"
+          << "class, so mixing TEST_F and TEST in the same test case is\n"
+          << "illegal.  In test case " << this_test_info->test_case_name()
+          << ",\n"
+          << "test " << TEST_F_name << " is defined using TEST_F but\n"
+          << "test " << TEST_name << " is defined using TEST.  You probably\n"
+          << "want to change the TEST to TEST_F or move it to another test\n"
+          << "case.";
+    } else {
+      // Two fixture classes with the same name appear in two different
+      // namespaces, which is not allowed. Tell the user how to fix this.
+      ADD_FAILURE()
+          << "All tests in the same test case must use the same test fixture\n"
+          << "class.  However, in test case "
+          << this_test_info->test_case_name() << ",\n"
+          << "you defined test " << first_test_name
+          << " and test " << this_test_name << "\n"
+          << "using two different test fixture classes.  This can happen if\n"
+          << "the two classes are from different namespaces or translation\n"
+          << "units and have the same name.  You should probably rename one\n"
+          << "of the classes to put the tests into different test cases.";
+    }
+    return false;
+  }
+
+  return true;
+}
+
+#if GTEST_HAS_SEH
+
+// Adds an "exception thrown" fatal failure to the current test.  This
+// function returns its result via an output parameter pointer because VC++
+// prohibits creation of objects with destructors on stack in functions
+// using __try (see error C2712).
+static std::string* FormatSehExceptionMessage(DWORD exception_code,
+                                              const char* location) {
+  Message message;
+  message << "SEH exception with code 0x" << std::setbase(16) <<
+    exception_code << std::setbase(10) << " thrown in " << location << ".";
+
+  return new std::string(message.GetString());
+}
+
+#endif  // GTEST_HAS_SEH
+
+namespace internal {
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Adds an "exception thrown" fatal failure to the current test.
+static std::string FormatCxxExceptionMessage(const char* description,
+                                             const char* location) {
+  Message message;
+  if (description != NULL) {
+    message << "C++ exception with description \"" << description << "\"";
+  } else {
+    message << "Unknown C++ exception";
+  }
+  message << " thrown in " << location << ".";
+
+  return message.GetString();
+}
+
+static std::string PrintTestPartResultToString(
+    const TestPartResult& test_part_result);
+
+GoogleTestFailureException::GoogleTestFailureException(
+    const TestPartResult& failure)
+    : ::std::runtime_error(PrintTestPartResultToString(failure).c_str()) {}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// We put these helper functions in the internal namespace as IBM's xlC
+// compiler rejects the code if they were declared static.
+
+// Runs the given method and handles SEH exceptions it throws, when
+// SEH is supported; returns the 0-value for type Result in case of an
+// SEH exception.  (Microsoft compilers cannot handle SEH and C++
+// exceptions in the same function.  Therefore, we provide a separate
+// wrapper function for handling SEH exceptions.)
+template <class T, typename Result>
+Result HandleSehExceptionsInMethodIfSupported(
+    T* object, Result (T::*method)(), const char* location) {
+#if GTEST_HAS_SEH
+  __try {
+    return (object->*method)();
+  } __except (internal::UnitTestOptions::GTestShouldProcessSEH(  // NOLINT
+      GetExceptionCode())) {
+    // We create the exception message on the heap because VC++ prohibits
+    // creation of objects with destructors on stack in functions using __try
+    // (see error C2712).
+    std::string* exception_message = FormatSehExceptionMessage(
+        GetExceptionCode(), location);
+    internal::ReportFailureInUnknownLocation(TestPartResult::kFatalFailure,
+                                             *exception_message);
+    delete exception_message;
+    return static_cast<Result>(0);
+  }
+#else
+  (void)location;
+  return (object->*method)();
+#endif  // GTEST_HAS_SEH
+}
+
+// Runs the given method and catches and reports C++ and/or SEH-style
+// exceptions, if they are supported; returns the 0-value for type
+// Result in case of an SEH exception.
+template <class T, typename Result>
+Result HandleExceptionsInMethodIfSupported(
+    T* object, Result (T::*method)(), const char* location) {
+  // NOTE: The user code can affect the way in which Google Test handles
+  // exceptions by setting GTEST_FLAG(catch_exceptions), but only before
+  // RUN_ALL_TESTS() starts. It is technically possible to check the flag
+  // after the exception is caught and either report or re-throw the
+  // exception based on the flag's value:
+  //
+  // try {
+  //   // Perform the test method.
+  // } catch (...) {
+  //   if (GTEST_FLAG(catch_exceptions))
+  //     // Report the exception as failure.
+  //   else
+  //     throw;  // Re-throws the original exception.
+  // }
+  //
+  // However, the purpose of this flag is to allow the program to drop into
+  // the debugger when the exception is thrown. On most platforms, once the
+  // control enters the catch block, the exception origin information is
+  // lost and the debugger will stop the program at the point of the
+  // re-throw in this function -- instead of at the point of the original
+  // throw statement in the code under test.  For this reason, we perform
+  // the check early, sacrificing the ability to affect Google Test's
+  // exception handling in the method where the exception is thrown.
+  if (internal::GetUnitTestImpl()->catch_exceptions()) {
+#if GTEST_HAS_EXCEPTIONS
+    try {
+      return HandleSehExceptionsInMethodIfSupported(object, method, location);
+    } catch (const internal::GoogleTestFailureException&) {  // NOLINT
+      // This exception type can only be thrown by a failed Google
+      // Test assertion with the intention of letting another testing
+      // framework catch it.  Therefore we just re-throw it.
+      throw;
+    } catch (const std::exception& e) {  // NOLINT
+      internal::ReportFailureInUnknownLocation(
+          TestPartResult::kFatalFailure,
+          FormatCxxExceptionMessage(e.what(), location));
+    } catch (...) {  // NOLINT
+      internal::ReportFailureInUnknownLocation(
+          TestPartResult::kFatalFailure,
+          FormatCxxExceptionMessage(NULL, location));
+    }
+    return static_cast<Result>(0);
+#else
+    return HandleSehExceptionsInMethodIfSupported(object, method, location);
+#endif  // GTEST_HAS_EXCEPTIONS
+  } else {
+    return (object->*method)();
+  }
+}
+
+}  // namespace internal
+
+// Runs the test and updates the test result.
+void Test::Run() {
+  if (!HasSameFixtureClass()) return;
+
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(this, &Test::SetUp, "SetUp()");
+  // We will run the test only if SetUp() was successful.
+  if (!HasFatalFailure()) {
+    impl->os_stack_trace_getter()->UponLeavingGTest();
+    internal::HandleExceptionsInMethodIfSupported(
+        this, &Test::TestBody, "the test body");
+  }
+
+  // However, we want to clean up as much as possible.  Hence we will
+  // always call TearDown(), even if SetUp() or the test body has
+  // failed.
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      this, &Test::TearDown, "TearDown()");
+}
+
+// Returns true iff the current test has a fatal failure.
+bool Test::HasFatalFailure() {
+  return internal::GetUnitTestImpl()->current_test_result()->HasFatalFailure();
+}
+
+// Returns true iff the current test has a non-fatal failure.
+bool Test::HasNonfatalFailure() {
+  return internal::GetUnitTestImpl()->current_test_result()->
+      HasNonfatalFailure();
+}
+
+// class TestInfo
+
+// Constructs a TestInfo object. It assumes ownership of the test factory
+// object.
+TestInfo::TestInfo(const std::string& a_test_case_name,
+                   const std::string& a_name,
+                   const char* a_type_param,
+                   const char* a_value_param,
+                   internal::TypeId fixture_class_id,
+                   internal::TestFactoryBase* factory)
+    : test_case_name_(a_test_case_name),
+      name_(a_name),
+      type_param_(a_type_param ? new std::string(a_type_param) : NULL),
+      value_param_(a_value_param ? new std::string(a_value_param) : NULL),
+      fixture_class_id_(fixture_class_id),
+      should_run_(false),
+      is_disabled_(false),
+      matches_filter_(false),
+      factory_(factory),
+      result_() {}
+
+// Destructs a TestInfo object.
+TestInfo::~TestInfo() { delete factory_; }
+
+namespace internal {
+
+// Creates a new TestInfo object and registers it with Google Test;
+// returns the created object.
+//
+// Arguments:
+//
+//   test_case_name:   name of the test case
+//   name:             name of the test
+//   type_param:       the name of the test's type parameter, or NULL if
+//                     this is not a typed or a type-parameterized test.
+//   value_param:      text representation of the test's value parameter,
+//                     or NULL if this is not a value-parameterized test.
+//   fixture_class_id: ID of the test fixture class
+//   set_up_tc:        pointer to the function that sets up the test case
+//   tear_down_tc:     pointer to the function that tears down the test case
+//   factory:          pointer to the factory that creates a test object.
+//                     The newly created TestInfo instance will assume
+//                     ownership of the factory object.
+TestInfo* MakeAndRegisterTestInfo(
+    const char* test_case_name,
+    const char* name,
+    const char* type_param,
+    const char* value_param,
+    TypeId fixture_class_id,
+    SetUpTestCaseFunc set_up_tc,
+    TearDownTestCaseFunc tear_down_tc,
+    TestFactoryBase* factory) {
+  TestInfo* const test_info =
+      new TestInfo(test_case_name, name, type_param, value_param,
+                   fixture_class_id, factory);
+  GetUnitTestImpl()->AddTestInfo(set_up_tc, tear_down_tc, test_info);
+  return test_info;
+}
+
+#if GTEST_HAS_PARAM_TEST
+void ReportInvalidTestCaseType(const char* test_case_name,
+                               const char* file, int line) {
+  Message errors;
+  errors
+      << "Attempted redefinition of test case " << test_case_name << ".\n"
+      << "All tests in the same test case must use the same test fixture\n"
+      << "class.  However, in test case " << test_case_name << ", you tried\n"
+      << "to define a test using a fixture class different from the one\n"
+      << "used earlier. This can happen if the two fixture classes are\n"
+      << "from different namespaces and have the same name. You should\n"
+      << "probably rename one of the classes to put the tests into different\n"
+      << "test cases.";
+
+  fprintf(stderr, "%s %s", FormatFileLocation(file, line).c_str(),
+          errors.GetString().c_str());
+}
+#endif  // GTEST_HAS_PARAM_TEST
+
+}  // namespace internal
+
+namespace {
+
+// A predicate that checks the test name of a TestInfo against a known
+// value.
+//
+// This is used for implementation of the TestCase class only.  We put
+// it in the anonymous namespace to prevent polluting the outer
+// namespace.
+//
+// TestNameIs is copyable.
+class TestNameIs {
+ public:
+  // Constructor.
+  //
+  // TestNameIs has NO default constructor.
+  explicit TestNameIs(const char* name)
+      : name_(name) {}
+
+  // Returns true iff the test name of test_info matches name_.
+  bool operator()(const TestInfo * test_info) const {
+    return test_info && test_info->name() == name_;
+  }
+
+ private:
+  std::string name_;
+};
+
+}  // namespace
+
+namespace internal {
+
+// This method expands all parameterized tests registered with macros TEST_P
+// and INSTANTIATE_TEST_CASE_P into regular tests and registers those.
+// This will be done just once during the program runtime.
+void UnitTestImpl::RegisterParameterizedTests() {
+#if GTEST_HAS_PARAM_TEST
+  if (!parameterized_tests_registered_) {
+    parameterized_test_registry_.RegisterTests();
+    parameterized_tests_registered_ = true;
+  }
+#endif
+}
+
+}  // namespace internal
+
+// Creates the test object, runs it, records its result, and then
+// deletes it.
+void TestInfo::Run() {
+  if (!should_run_) return;
+
+  // Tells UnitTest where to store test result.
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  impl->set_current_test_info(this);
+
+  TestEventListener* repeater = UnitTest::GetInstance()->listeners().repeater();
+
+  // Notifies the unit test event listeners that a test is about to start.
+  repeater->OnTestStart(*this);
+
+  const TimeInMillis start = internal::GetTimeInMillis();
+
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+
+  // Creates the test object.
+  Test* const test = internal::HandleExceptionsInMethodIfSupported(
+      factory_, &internal::TestFactoryBase::CreateTest,
+      "the test fixture's constructor");
+
+  // Runs the test only if the test object was created and its
+  // constructor didn't generate a fatal failure.
+  if ((test != NULL) && !Test::HasFatalFailure()) {
+    // This doesn't throw as all user code that can throw are wrapped into
+    // exception handling code.
+    test->Run();
+  }
+
+  // Deletes the test object.
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      test, &Test::DeleteSelf_, "the test fixture's destructor");
+
+  result_.set_elapsed_time(internal::GetTimeInMillis() - start);
+
+  // Notifies the unit test event listener that a test has just finished.
+  repeater->OnTestEnd(*this);
+
+  // Tells UnitTest to stop associating assertion results to this
+  // test.
+  impl->set_current_test_info(NULL);
+}
+
+// class TestCase
+
+// Gets the number of successful tests in this test case.
+int TestCase::successful_test_count() const {
+  return CountIf(test_info_list_, TestPassed);
+}
+
+// Gets the number of failed tests in this test case.
+int TestCase::failed_test_count() const {
+  return CountIf(test_info_list_, TestFailed);
+}
+
+// Gets the number of disabled tests that will be reported in the XML report.
+int TestCase::reportable_disabled_test_count() const {
+  return CountIf(test_info_list_, TestReportableDisabled);
+}
+
+// Gets the number of disabled tests in this test case.
+int TestCase::disabled_test_count() const {
+  return CountIf(test_info_list_, TestDisabled);
+}
+
+// Gets the number of tests to be printed in the XML report.
+int TestCase::reportable_test_count() const {
+  return CountIf(test_info_list_, TestReportable);
+}
+
+// Get the number of tests in this test case that should run.
+int TestCase::test_to_run_count() const {
+  return CountIf(test_info_list_, ShouldRunTest);
+}
+
+// Gets the number of all tests.
+int TestCase::total_test_count() const {
+  return static_cast<int>(test_info_list_.size());
+}
+
+// Creates a TestCase with the given name.
+//
+// Arguments:
+//
+//   name:         name of the test case
+//   a_type_param: the name of the test case's type parameter, or NULL if
+//                 this is not a typed or a type-parameterized test case.
+//   set_up_tc:    pointer to the function that sets up the test case
+//   tear_down_tc: pointer to the function that tears down the test case
+TestCase::TestCase(const char* a_name, const char* a_type_param,
+                   Test::SetUpTestCaseFunc set_up_tc,
+                   Test::TearDownTestCaseFunc tear_down_tc)
+    : name_(a_name),
+      type_param_(a_type_param ? new std::string(a_type_param) : NULL),
+      set_up_tc_(set_up_tc),
+      tear_down_tc_(tear_down_tc),
+      should_run_(false),
+      elapsed_time_(0) {
+}
+
+// Destructor of TestCase.
+TestCase::~TestCase() {
+  // Deletes every Test in the collection.
+  ForEach(test_info_list_, internal::Delete<TestInfo>);
+}
+
+// Returns the i-th test among all the tests. i can range from 0 to
+// total_test_count() - 1. If i is not in that range, returns NULL.
+const TestInfo* TestCase::GetTestInfo(int i) const {
+  const int index = GetElementOr(test_indices_, i, -1);
+  return index < 0 ? NULL : test_info_list_[index];
+}
+
+// Returns the i-th test among all the tests. i can range from 0 to
+// total_test_count() - 1. If i is not in that range, returns NULL.
+TestInfo* TestCase::GetMutableTestInfo(int i) {
+  const int index = GetElementOr(test_indices_, i, -1);
+  return index < 0 ? NULL : test_info_list_[index];
+}
+
+// Adds a test to this test case.  Will delete the test upon
+// destruction of the TestCase object.
+void TestCase::AddTestInfo(TestInfo * test_info) {
+  test_info_list_.push_back(test_info);
+  test_indices_.push_back(static_cast<int>(test_indices_.size()));
+}
+
+// Runs every test in this TestCase.
+void TestCase::Run() {
+  if (!should_run_) return;
+
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  impl->set_current_test_case(this);
+
+  TestEventListener* repeater = UnitTest::GetInstance()->listeners().repeater();
+
+  repeater->OnTestCaseStart(*this);
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      this, &TestCase::RunSetUpTestCase, "SetUpTestCase()");
+
+  const internal::TimeInMillis start = internal::GetTimeInMillis();
+  for (int i = 0; i < total_test_count(); i++) {
+    GetMutableTestInfo(i)->Run();
+  }
+  elapsed_time_ = internal::GetTimeInMillis() - start;
+
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      this, &TestCase::RunTearDownTestCase, "TearDownTestCase()");
+
+  repeater->OnTestCaseEnd(*this);
+  impl->set_current_test_case(NULL);
+}
+
+// Clears the results of all tests in this test case.
+void TestCase::ClearResult() {
+  ad_hoc_test_result_.Clear();
+  ForEach(test_info_list_, TestInfo::ClearTestResult);
+}
+
+// Shuffles the tests in this test case.
+void TestCase::ShuffleTests(internal::Random* random) {
+  Shuffle(random, &test_indices_);
+}
+
+// Restores the test order to before the first shuffle.
+void TestCase::UnshuffleTests() {
+  for (size_t i = 0; i < test_indices_.size(); i++) {
+    test_indices_[i] = static_cast<int>(i);
+  }
+}
+
+// Formats a countable noun.  Depending on its quantity, either the
+// singular form or the plural form is used. e.g.
+//
+// FormatCountableNoun(1, "formula", "formuli") returns "1 formula".
+// FormatCountableNoun(5, "book", "books") returns "5 books".
+static std::string FormatCountableNoun(int count,
+                                       const char * singular_form,
+                                       const char * plural_form) {
+  return internal::StreamableToString(count) + " " +
+      (count == 1 ? singular_form : plural_form);
+}
+
+// Formats the count of tests.
+static std::string FormatTestCount(int test_count) {
+  return FormatCountableNoun(test_count, "test", "tests");
+}
+
+// Formats the count of test cases.
+static std::string FormatTestCaseCount(int test_case_count) {
+  return FormatCountableNoun(test_case_count, "test case", "test cases");
+}
+
+// Converts a TestPartResult::Type enum to human-friendly string
+// representation.  Both kNonFatalFailure and kFatalFailure are translated
+// to "Failure", as the user usually doesn't care about the difference
+// between the two when viewing the test result.
+static const char * TestPartResultTypeToString(TestPartResult::Type type) {
+  switch (type) {
+    case TestPartResult::kSuccess:
+      return "Success";
+
+    case TestPartResult::kNonFatalFailure:
+    case TestPartResult::kFatalFailure:
+#ifdef _MSC_VER
+      return "error: ";
+#else
+      return "Failure\n";
+#endif
+    default:
+      return "Unknown result type";
+  }
+}
+
+namespace internal {
+
+// Prints a TestPartResult to an std::string.
+static std::string PrintTestPartResultToString(
+    const TestPartResult& test_part_result) {
+  return (Message()
+          << internal::FormatFileLocation(test_part_result.file_name(),
+                                          test_part_result.line_number())
+          << " " << TestPartResultTypeToString(test_part_result.type())
+          << test_part_result.message()).GetString();
+}
+
+// Prints a TestPartResult.
+static void PrintTestPartResult(const TestPartResult& test_part_result) {
+  const std::string& result =
+      PrintTestPartResultToString(test_part_result);
+  printf("%s\n", result.c_str());
+  fflush(stdout);
+  // If the test program runs in Visual Studio or a debugger, the
+  // following statements add the test part result message to the Output
+  // window such that the user can double-click on it to jump to the
+  // corresponding source code location; otherwise they do nothing.
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE
+  // We don't call OutputDebugString*() on Windows Mobile, as printing
+  // to stdout is done by OutputDebugString() there already - we don't
+  // want the same message printed twice.
+  ::OutputDebugStringA(result.c_str());
+  ::OutputDebugStringA("\n");
+#endif
+}
+
+// class PrettyUnitTestResultPrinter
+
+enum GTestColor {
+  COLOR_DEFAULT,
+  COLOR_RED,
+  COLOR_GREEN,
+  COLOR_YELLOW
+};
+
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE && \
+    !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+
+// Returns the character attribute for the given color.
+WORD GetColorAttribute(GTestColor color) {
+  switch (color) {
+    case COLOR_RED:    return FOREGROUND_RED;
+    case COLOR_GREEN:  return FOREGROUND_GREEN;
+    case COLOR_YELLOW: return FOREGROUND_RED | FOREGROUND_GREEN;
+    default:           return 0;
+  }
+}
+
+#else
+
+// Returns the ANSI color code for the given color.  COLOR_DEFAULT is
+// an invalid input.
+const char* GetAnsiColorCode(GTestColor color) {
+  switch (color) {
+    case COLOR_RED:     return "1";
+    case COLOR_GREEN:   return "2";
+    case COLOR_YELLOW:  return "3";
+    default:            return NULL;
+  };
+}
+
+#endif  // GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE
+
+// Returns true iff Google Test should use colors in the output.
+bool ShouldUseColor(bool stdout_is_tty) {
+  const char* const gtest_color = GTEST_FLAG(color).c_str();
+
+  if (String::CaseInsensitiveCStringEquals(gtest_color, "auto")) {
+#if GTEST_OS_WINDOWS
+    // On Windows the TERM variable is usually not set, but the
+    // console there does support colors.
+    return stdout_is_tty;
+#else
+    // On non-Windows platforms, we rely on the TERM variable.
+    const char* const term = posix::GetEnv("TERM");
+    const bool term_supports_color =
+        String::CStringEquals(term, "xterm") ||
+        String::CStringEquals(term, "xterm-color") ||
+        String::CStringEquals(term, "xterm-256color") ||
+        String::CStringEquals(term, "screen") ||
+        String::CStringEquals(term, "screen-256color") ||
+        String::CStringEquals(term, "linux") ||
+        String::CStringEquals(term, "cygwin");
+    return stdout_is_tty && term_supports_color;
+#endif  // GTEST_OS_WINDOWS
+  }
+
+  return String::CaseInsensitiveCStringEquals(gtest_color, "yes") ||
+      String::CaseInsensitiveCStringEquals(gtest_color, "true") ||
+      String::CaseInsensitiveCStringEquals(gtest_color, "t") ||
+      String::CStringEquals(gtest_color, "1");
+  // We take "yes", "true", "t", and "1" as meaning "yes".  If the
+  // value is neither one of these nor "auto", we treat it as "no" to
+  // be conservative.
+}
+
+// Helpers for printing colored strings to stdout. Note that on Windows, we
+// cannot simply emit special characters and have the terminal change colors.
+// This routine must actually emit the characters rather than return a string
+// that would be colored when printed, as can be done on Linux.
+void ColoredPrintf(GTestColor color, const char* fmt, ...) {
+  va_list args;
+  va_start(args, fmt);
+
+#if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_SYMBIAN || GTEST_OS_ZOS || \
+    GTEST_OS_IOS || GTEST_OS_WINDOWS_PHONE || GTEST_OS_WINDOWS_RT
+  const bool use_color = false;
+#else
+  static const bool in_color_mode =
+      ShouldUseColor(posix::IsATTY(posix::FileNo(stdout)) != 0);
+  const bool use_color = in_color_mode && (color != COLOR_DEFAULT);
+#endif  // GTEST_OS_WINDOWS_MOBILE || GTEST_OS_SYMBIAN || GTEST_OS_ZOS
+  // The '!= 0' comparison is necessary to satisfy MSVC 7.1.
+
+  if (!use_color) {
+    vprintf(fmt, args);
+    va_end(args);
+    return;
+  }
+
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE && \
+    !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+  const HANDLE stdout_handle = GetStdHandle(STD_OUTPUT_HANDLE);
+
+  // Gets the current text color.
+  CONSOLE_SCREEN_BUFFER_INFO buffer_info;
+  GetConsoleScreenBufferInfo(stdout_handle, &buffer_info);
+  const WORD old_color_attrs = buffer_info.wAttributes;
+
+  // We need to flush the stream buffers into the console before each
+  // SetConsoleTextAttribute call lest it affect the text that is already
+  // printed but has not yet reached the console.
+  fflush(stdout);
+  SetConsoleTextAttribute(stdout_handle,
+                          GetColorAttribute(color) | FOREGROUND_INTENSITY);
+  vprintf(fmt, args);
+
+  fflush(stdout);
+  // Restores the text color.
+  SetConsoleTextAttribute(stdout_handle, old_color_attrs);
+#else
+  printf("\033[0;3%sm", GetAnsiColorCode(color));
+  vprintf(fmt, args);
+  printf("\033[m");  // Resets the terminal to default.
+#endif  // GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE
+  va_end(args);
+}
+
+// Text printed in Google Test's text output and --gunit_list_tests
+// output to label the type parameter and value parameter for a test.
+static const char kTypeParamLabel[] = "TypeParam";
+static const char kValueParamLabel[] = "GetParam()";
+
+void PrintFullTestCommentIfPresent(const TestInfo& test_info) {
+  const char* const type_param = test_info.type_param();
+  const char* const value_param = test_info.value_param();
+
+  if (type_param != NULL || value_param != NULL) {
+    printf(", where ");
+    if (type_param != NULL) {
+      printf("%s = %s", kTypeParamLabel, type_param);
+      if (value_param != NULL)
+        printf(" and ");
+    }
+    if (value_param != NULL) {
+      printf("%s = %s", kValueParamLabel, value_param);
+    }
+  }
+}
+
+// This class implements the TestEventListener interface.
+//
+// Class PrettyUnitTestResultPrinter is copyable.
+class PrettyUnitTestResultPrinter : public TestEventListener {
+ public:
+  PrettyUnitTestResultPrinter() {}
+  static void PrintTestName(const char * test_case, const char * test) {
+    printf("%s.%s", test_case, test);
+  }
+
+  // The following methods override what's in the TestEventListener class.
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationStart(const UnitTest& unit_test, int iteration);
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestCaseStart(const TestCase& test_case);
+  virtual void OnTestStart(const TestInfo& test_info);
+  virtual void OnTestPartResult(const TestPartResult& result);
+  virtual void OnTestEnd(const TestInfo& test_info);
+  virtual void OnTestCaseEnd(const TestCase& test_case);
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationEnd(const UnitTest& unit_test, int iteration);
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {}
+
+ private:
+  static void PrintFailedTests(const UnitTest& unit_test);
+};
+
+  // Fired before each iteration of tests starts.
+void PrettyUnitTestResultPrinter::OnTestIterationStart(
+    const UnitTest& unit_test, int iteration) {
+  if (GTEST_FLAG(repeat) != 1)
+    printf("\nRepeating all tests (iteration %d) . . .\n\n", iteration + 1);
+
+  const char* const filter = GTEST_FLAG(filter).c_str();
+
+  // Prints the filter if it's not *.  This reminds the user that some
+  // tests may be skipped.
+  if (!String::CStringEquals(filter, kUniversalFilter)) {
+    ColoredPrintf(COLOR_YELLOW,
+                  "Note: %s filter = %s\n", GTEST_NAME_, filter);
+  }
+
+  if (internal::ShouldShard(kTestTotalShards, kTestShardIndex, false)) {
+    const Int32 shard_index = Int32FromEnvOrDie(kTestShardIndex, -1);
+    ColoredPrintf(COLOR_YELLOW,
+                  "Note: This is test shard %d of %s.\n",
+                  static_cast<int>(shard_index) + 1,
+                  internal::posix::GetEnv(kTestTotalShards));
+  }
+
+  if (GTEST_FLAG(shuffle)) {
+    ColoredPrintf(COLOR_YELLOW,
+                  "Note: Randomizing tests' orders with a seed of %d .\n",
+                  unit_test.random_seed());
+  }
+
+  ColoredPrintf(COLOR_GREEN,  "[==========] ");
+  printf("Running %s from %s.\n",
+         FormatTestCount(unit_test.test_to_run_count()).c_str(),
+         FormatTestCaseCount(unit_test.test_case_to_run_count()).c_str());
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnEnvironmentsSetUpStart(
+    const UnitTest& /*unit_test*/) {
+  ColoredPrintf(COLOR_GREEN,  "[----------] ");
+  printf("Global test environment set-up.\n");
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestCaseStart(const TestCase& test_case) {
+  const std::string counts =
+      FormatCountableNoun(test_case.test_to_run_count(), "test", "tests");
+  ColoredPrintf(COLOR_GREEN, "[----------] ");
+  printf("%s from %s", counts.c_str(), test_case.name());
+  if (test_case.type_param() == NULL) {
+    printf("\n");
+  } else {
+    printf(", where %s = %s\n", kTypeParamLabel, test_case.type_param());
+  }
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestStart(const TestInfo& test_info) {
+  ColoredPrintf(COLOR_GREEN,  "[ RUN      ] ");
+  PrintTestName(test_info.test_case_name(), test_info.name());
+  printf("\n");
+  fflush(stdout);
+}
+
+// Called after an assertion failure.
+void PrettyUnitTestResultPrinter::OnTestPartResult(
+    const TestPartResult& result) {
+  // If the test part succeeded, we don't need to do anything.
+  if (result.type() == TestPartResult::kSuccess)
+    return;
+
+  // Print failure message from the assertion (e.g. expected this and got that).
+  PrintTestPartResult(result);
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestEnd(const TestInfo& test_info) {
+  if (test_info.result()->Passed()) {
+    ColoredPrintf(COLOR_GREEN, "[       OK ] ");
+  } else {
+    ColoredPrintf(COLOR_RED, "[  FAILED  ] ");
+  }
+  PrintTestName(test_info.test_case_name(), test_info.name());
+  if (test_info.result()->Failed())
+    PrintFullTestCommentIfPresent(test_info);
+
+  if (GTEST_FLAG(print_time)) {
+    printf(" (%s ms)\n", internal::StreamableToString(
+           test_info.result()->elapsed_time()).c_str());
+  } else {
+    printf("\n");
+  }
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestCaseEnd(const TestCase& test_case) {
+  if (!GTEST_FLAG(print_time)) return;
+
+  const std::string counts =
+      FormatCountableNoun(test_case.test_to_run_count(), "test", "tests");
+  ColoredPrintf(COLOR_GREEN, "[----------] ");
+  printf("%s from %s (%s ms total)\n\n",
+         counts.c_str(), test_case.name(),
+         internal::StreamableToString(test_case.elapsed_time()).c_str());
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnEnvironmentsTearDownStart(
+    const UnitTest& /*unit_test*/) {
+  ColoredPrintf(COLOR_GREEN,  "[----------] ");
+  printf("Global test environment tear-down\n");
+  fflush(stdout);
+}
+
+// Internal helper for printing the list of failed tests.
+void PrettyUnitTestResultPrinter::PrintFailedTests(const UnitTest& unit_test) {
+  const int failed_test_count = unit_test.failed_test_count();
+  if (failed_test_count == 0) {
+    return;
+  }
+
+  for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+    const TestCase& test_case = *unit_test.GetTestCase(i);
+    if (!test_case.should_run() || (test_case.failed_test_count() == 0)) {
+      continue;
+    }
+    for (int j = 0; j < test_case.total_test_count(); ++j) {
+      const TestInfo& test_info = *test_case.GetTestInfo(j);
+      if (!test_info.should_run() || test_info.result()->Passed()) {
+        continue;
+      }
+      ColoredPrintf(COLOR_RED, "[  FAILED  ] ");
+      printf("%s.%s", test_case.name(), test_info.name());
+      PrintFullTestCommentIfPresent(test_info);
+      printf("\n");
+    }
+  }
+}
+
+void PrettyUnitTestResultPrinter::OnTestIterationEnd(const UnitTest& unit_test,
+                                                     int /*iteration*/) {
+  ColoredPrintf(COLOR_GREEN,  "[==========] ");
+  printf("%s from %s ran.",
+         FormatTestCount(unit_test.test_to_run_count()).c_str(),
+         FormatTestCaseCount(unit_test.test_case_to_run_count()).c_str());
+  if (GTEST_FLAG(print_time)) {
+    printf(" (%s ms total)",
+           internal::StreamableToString(unit_test.elapsed_time()).c_str());
+  }
+  printf("\n");
+  ColoredPrintf(COLOR_GREEN,  "[  PASSED  ] ");
+  printf("%s.\n", FormatTestCount(unit_test.successful_test_count()).c_str());
+
+  int num_failures = unit_test.failed_test_count();
+  if (!unit_test.Passed()) {
+    const int failed_test_count = unit_test.failed_test_count();
+    ColoredPrintf(COLOR_RED,  "[  FAILED  ] ");
+    printf("%s, listed below:\n", FormatTestCount(failed_test_count).c_str());
+    PrintFailedTests(unit_test);
+    printf("\n%2d FAILED %s\n", num_failures,
+                        num_failures == 1 ? "TEST" : "TESTS");
+  }
+
+  int num_disabled = unit_test.reportable_disabled_test_count();
+  if (num_disabled && !GTEST_FLAG(also_run_disabled_tests)) {
+    if (!num_failures) {
+      printf("\n");  // Add a spacer if no FAILURE banner is displayed.
+    }
+    ColoredPrintf(COLOR_YELLOW,
+                  "  YOU HAVE %d DISABLED %s\n\n",
+                  num_disabled,
+                  num_disabled == 1 ? "TEST" : "TESTS");
+  }
+  // Ensure that Google Test output is printed before, e.g., heapchecker output.
+  fflush(stdout);
+}
+
+// End PrettyUnitTestResultPrinter
+
+// class TestEventRepeater
+//
+// This class forwards events to other event listeners.
+class TestEventRepeater : public TestEventListener {
+ public:
+  TestEventRepeater() : forwarding_enabled_(true) {}
+  virtual ~TestEventRepeater();
+  void Append(TestEventListener *listener);
+  TestEventListener* Release(TestEventListener* listener);
+
+  // Controls whether events will be forwarded to listeners_. Set to false
+  // in death test child processes.
+  bool forwarding_enabled() const { return forwarding_enabled_; }
+  void set_forwarding_enabled(bool enable) { forwarding_enabled_ = enable; }
+
+  virtual void OnTestProgramStart(const UnitTest& unit_test);
+  virtual void OnTestIterationStart(const UnitTest& unit_test, int iteration);
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& unit_test);
+  virtual void OnTestCaseStart(const TestCase& test_case);
+  virtual void OnTestStart(const TestInfo& test_info);
+  virtual void OnTestPartResult(const TestPartResult& result);
+  virtual void OnTestEnd(const TestInfo& test_info);
+  virtual void OnTestCaseEnd(const TestCase& test_case);
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& unit_test);
+  virtual void OnTestIterationEnd(const UnitTest& unit_test, int iteration);
+  virtual void OnTestProgramEnd(const UnitTest& unit_test);
+
+ private:
+  // Controls whether events will be forwarded to listeners_. Set to false
+  // in death test child processes.
+  bool forwarding_enabled_;
+  // The list of listeners that receive events.
+  std::vector<TestEventListener*> listeners_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestEventRepeater);
+};
+
+TestEventRepeater::~TestEventRepeater() {
+  ForEach(listeners_, Delete<TestEventListener>);
+}
+
+void TestEventRepeater::Append(TestEventListener *listener) {
+  listeners_.push_back(listener);
+}
+
+// TODO(vladl@google.com): Factor the search functionality into Vector::Find.
+TestEventListener* TestEventRepeater::Release(TestEventListener *listener) {
+  for (size_t i = 0; i < listeners_.size(); ++i) {
+    if (listeners_[i] == listener) {
+      listeners_.erase(listeners_.begin() + i);
+      return listener;
+    }
+  }
+
+  return NULL;
+}
+
+// Since most methods are very similar, use macros to reduce boilerplate.
+// This defines a member that forwards the call to all listeners.
+#define GTEST_REPEATER_METHOD_(Name, Type) \
+void TestEventRepeater::Name(const Type& parameter) { \
+  if (forwarding_enabled_) { \
+    for (size_t i = 0; i < listeners_.size(); i++) { \
+      listeners_[i]->Name(parameter); \
+    } \
+  } \
+}
+// This defines a member that forwards the call to all listeners in reverse
+// order.
+#define GTEST_REVERSE_REPEATER_METHOD_(Name, Type) \
+void TestEventRepeater::Name(const Type& parameter) { \
+  if (forwarding_enabled_) { \
+    for (int i = static_cast<int>(listeners_.size()) - 1; i >= 0; i--) { \
+      listeners_[i]->Name(parameter); \
+    } \
+  } \
+}
+
+GTEST_REPEATER_METHOD_(OnTestProgramStart, UnitTest)
+GTEST_REPEATER_METHOD_(OnEnvironmentsSetUpStart, UnitTest)
+GTEST_REPEATER_METHOD_(OnTestCaseStart, TestCase)
+GTEST_REPEATER_METHOD_(OnTestStart, TestInfo)
+GTEST_REPEATER_METHOD_(OnTestPartResult, TestPartResult)
+GTEST_REPEATER_METHOD_(OnEnvironmentsTearDownStart, UnitTest)
+GTEST_REVERSE_REPEATER_METHOD_(OnEnvironmentsSetUpEnd, UnitTest)
+GTEST_REVERSE_REPEATER_METHOD_(OnEnvironmentsTearDownEnd, UnitTest)
+GTEST_REVERSE_REPEATER_METHOD_(OnTestEnd, TestInfo)
+GTEST_REVERSE_REPEATER_METHOD_(OnTestCaseEnd, TestCase)
+GTEST_REVERSE_REPEATER_METHOD_(OnTestProgramEnd, UnitTest)
+
+#undef GTEST_REPEATER_METHOD_
+#undef GTEST_REVERSE_REPEATER_METHOD_
+
+void TestEventRepeater::OnTestIterationStart(const UnitTest& unit_test,
+                                             int iteration) {
+  if (forwarding_enabled_) {
+    for (size_t i = 0; i < listeners_.size(); i++) {
+      listeners_[i]->OnTestIterationStart(unit_test, iteration);
+    }
+  }
+}
+
+void TestEventRepeater::OnTestIterationEnd(const UnitTest& unit_test,
+                                           int iteration) {
+  if (forwarding_enabled_) {
+    for (int i = static_cast<int>(listeners_.size()) - 1; i >= 0; i--) {
+      listeners_[i]->OnTestIterationEnd(unit_test, iteration);
+    }
+  }
+}
+
+// End TestEventRepeater
+
+// This class generates an XML output file.
+class XmlUnitTestResultPrinter : public EmptyTestEventListener {
+ public:
+  explicit XmlUnitTestResultPrinter(const char* output_file);
+
+  virtual void OnTestIterationEnd(const UnitTest& unit_test, int iteration);
+
+ private:
+  // Is c a whitespace character that is normalized to a space character
+  // when it appears in an XML attribute value?
+  static bool IsNormalizableWhitespace(char c) {
+    return c == 0x9 || c == 0xA || c == 0xD;
+  }
+
+  // May c appear in a well-formed XML document?
+  static bool IsValidXmlCharacter(char c) {
+    return IsNormalizableWhitespace(c) || c >= 0x20;
+  }
+
+  // Returns an XML-escaped copy of the input string str.  If
+  // is_attribute is true, the text is meant to appear as an attribute
+  // value, and normalizable whitespace is preserved by replacing it
+  // with character references.
+  static std::string EscapeXml(const std::string& str, bool is_attribute);
+
+  // Returns the given string with all characters invalid in XML removed.
+  static std::string RemoveInvalidXmlCharacters(const std::string& str);
+
+  // Convenience wrapper around EscapeXml when str is an attribute value.
+  static std::string EscapeXmlAttribute(const std::string& str) {
+    return EscapeXml(str, true);
+  }
+
+  // Convenience wrapper around EscapeXml when str is not an attribute value.
+  static std::string EscapeXmlText(const char* str) {
+    return EscapeXml(str, false);
+  }
+
+  // Verifies that the given attribute belongs to the given element and
+  // streams the attribute as XML.
+  static void OutputXmlAttribute(std::ostream* stream,
+                                 const std::string& element_name,
+                                 const std::string& name,
+                                 const std::string& value);
+
+  // Streams an XML CDATA section, escaping invalid CDATA sequences as needed.
+  static void OutputXmlCDataSection(::std::ostream* stream, const char* data);
+
+  // Streams an XML representation of a TestInfo object.
+  static void OutputXmlTestInfo(::std::ostream* stream,
+                                const char* test_case_name,
+                                const TestInfo& test_info);
+
+  // Prints an XML representation of a TestCase object
+  static void PrintXmlTestCase(::std::ostream* stream,
+                               const TestCase& test_case);
+
+  // Prints an XML summary of unit_test to output stream out.
+  static void PrintXmlUnitTest(::std::ostream* stream,
+                               const UnitTest& unit_test);
+
+  // Produces a string representing the test properties in a result as space
+  // delimited XML attributes based on the property key="value" pairs.
+  // When the std::string is not empty, it includes a space at the beginning,
+  // to delimit this attribute from prior attributes.
+  static std::string TestPropertiesAsXmlAttributes(const TestResult& result);
+
+  // The output file.
+  const std::string output_file_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(XmlUnitTestResultPrinter);
+};
+
+// Creates a new XmlUnitTestResultPrinter.
+XmlUnitTestResultPrinter::XmlUnitTestResultPrinter(const char* output_file)
+    : output_file_(output_file) {
+  if (output_file_.c_str() == NULL || output_file_.empty()) {
+    fprintf(stderr, "XML output file may not be null\n");
+    fflush(stderr);
+    exit(EXIT_FAILURE);
+  }
+}
+
+// Called after the unit test ends.
+void XmlUnitTestResultPrinter::OnTestIterationEnd(const UnitTest& unit_test,
+                                                  int /*iteration*/) {
+  FILE* xmlout = NULL;
+  FilePath output_file(output_file_);
+  FilePath output_dir(output_file.RemoveFileName());
+
+  if (output_dir.CreateDirectoriesRecursively()) {
+    xmlout = posix::FOpen(output_file_.c_str(), "w");
+  }
+  if (xmlout == NULL) {
+    // TODO(wan): report the reason of the failure.
+    //
+    // We don't do it for now as:
+    //
+    //   1. There is no urgent need for it.
+    //   2. It's a bit involved to make the errno variable thread-safe on
+    //      all three operating systems (Linux, Windows, and Mac OS).
+    //   3. To interpret the meaning of errno in a thread-safe way,
+    //      we need the strerror_r() function, which is not available on
+    //      Windows.
+    fprintf(stderr,
+            "Unable to open file \"%s\"\n",
+            output_file_.c_str());
+    fflush(stderr);
+    exit(EXIT_FAILURE);
+  }
+  std::stringstream stream;
+  PrintXmlUnitTest(&stream, unit_test);
+  fprintf(xmlout, "%s", StringStreamToString(&stream).c_str());
+  fclose(xmlout);
+}
+
+// Returns an XML-escaped copy of the input string str.  If is_attribute
+// is true, the text is meant to appear as an attribute value, and
+// normalizable whitespace is preserved by replacing it with character
+// references.
+//
+// Invalid XML characters in str, if any, are stripped from the output.
+// It is expected that most, if not all, of the text processed by this
+// module will consist of ordinary English text.
+// If this module is ever modified to produce version 1.1 XML output,
+// most invalid characters can be retained using character references.
+// TODO(wan): It might be nice to have a minimally invasive, human-readable
+// escaping scheme for invalid characters, rather than dropping them.
+std::string XmlUnitTestResultPrinter::EscapeXml(
+    const std::string& str, bool is_attribute) {
+  Message m;
+
+  for (size_t i = 0; i < str.size(); ++i) {
+    const char ch = str[i];
+    switch (ch) {
+      case '<':
+        m << "&lt;";
+        break;
+      case '>':
+        m << "&gt;";
+        break;
+      case '&':
+        m << "&amp;";
+        break;
+      case '\'':
+        if (is_attribute)
+          m << "&apos;";
+        else
+          m << '\'';
+        break;
+      case '"':
+        if (is_attribute)
+          m << "&quot;";
+        else
+          m << '"';
+        break;
+      default:
+        if (IsValidXmlCharacter(ch)) {
+          if (is_attribute && IsNormalizableWhitespace(ch))
+            m << "&#x" << String::FormatByte(static_cast<unsigned char>(ch))
+              << ";";
+          else
+            m << ch;
+        }
+        break;
+    }
+  }
+
+  return m.GetString();
+}
+
+// Returns the given string with all characters invalid in XML removed.
+// Currently invalid characters are dropped from the string. An
+// alternative is to replace them with certain characters such as . or ?.
+std::string XmlUnitTestResultPrinter::RemoveInvalidXmlCharacters(
+    const std::string& str) {
+  std::string output;
+  output.reserve(str.size());
+  for (std::string::const_iterator it = str.begin(); it != str.end(); ++it)
+    if (IsValidXmlCharacter(*it))
+      output.push_back(*it);
+
+  return output;
+}
+
+// The following routines generate an XML representation of a UnitTest
+// object.
+//
+// This is how Google Test concepts map to the DTD:
+//
+// <testsuites name="AllTests">        <-- corresponds to a UnitTest object
+//   <testsuite name="testcase-name">  <-- corresponds to a TestCase object
+//     <testcase name="test-name">     <-- corresponds to a TestInfo object
+//       <failure message="...">...</failure>
+//       <failure message="...">...</failure>
+//       <failure message="...">...</failure>
+//                                     <-- individual assertion failures
+//     </testcase>
+//   </testsuite>
+// </testsuites>
+
+// Formats the given time in milliseconds as seconds.
+std::string FormatTimeInMillisAsSeconds(TimeInMillis ms) {
+  ::std::stringstream ss;
+  ss << ms/1000.0;
+  return ss.str();
+}
+
+// Converts the given epoch time in milliseconds to a date string in the ISO
+// 8601 format, without the timezone information.
+std::string FormatEpochTimeInMillisAsIso8601(TimeInMillis ms) {
+  time_t seconds = static_cast<time_t>(ms / 1000);
+  struct tm time_struct;
+#ifdef _MSC_VER
+  if (localtime_s(&time_struct, &seconds) != 0)
+    return "";  // Invalid ms value
+#else
+  if (localtime_r(&seconds, &time_struct) == NULL)
+    return "";  // Invalid ms value
+#endif
+
+  // YYYY-MM-DDThh:mm:ss
+  return StreamableToString(time_struct.tm_year + 1900) + "-" +
+      String::FormatIntWidth2(time_struct.tm_mon + 1) + "-" +
+      String::FormatIntWidth2(time_struct.tm_mday) + "T" +
+      String::FormatIntWidth2(time_struct.tm_hour) + ":" +
+      String::FormatIntWidth2(time_struct.tm_min) + ":" +
+      String::FormatIntWidth2(time_struct.tm_sec);
+}
+
+// Streams an XML CDATA section, escaping invalid CDATA sequences as needed.
+void XmlUnitTestResultPrinter::OutputXmlCDataSection(::std::ostream* stream,
+                                                     const char* data) {
+  const char* segment = data;
+  *stream << "<![CDATA[";
+  for (;;) {
+    const char* const next_segment = strstr(segment, "]]>");
+    if (next_segment != NULL) {
+      stream->write(
+          segment, static_cast<std::streamsize>(next_segment - segment));
+      *stream << "]]>]]&gt;<![CDATA[";
+      segment = next_segment + strlen("]]>");
+    } else {
+      *stream << segment;
+      break;
+    }
+  }
+  *stream << "]]>";
+}
+
+void XmlUnitTestResultPrinter::OutputXmlAttribute(
+    std::ostream* stream,
+    const std::string& element_name,
+    const std::string& name,
+    const std::string& value) {
+  const std::vector<std::string>& allowed_names =
+      GetReservedAttributesForElement(element_name);
+
+  GTEST_CHECK_(std::find(allowed_names.begin(), allowed_names.end(), name) !=
+                   allowed_names.end())
+      << "Attribute " << name << " is not allowed for element <" << element_name
+      << ">.";
+
+  *stream << " " << name << "=\"" << EscapeXmlAttribute(value) << "\"";
+}
+
+// Prints an XML representation of a TestInfo object.
+// TODO(wan): There is also value in printing properties with the plain printer.
+void XmlUnitTestResultPrinter::OutputXmlTestInfo(::std::ostream* stream,
+                                                 const char* test_case_name,
+                                                 const TestInfo& test_info) {
+  const TestResult& result = *test_info.result();
+  const std::string kTestcase = "testcase";
+
+  *stream << "    <testcase";
+  OutputXmlAttribute(stream, kTestcase, "name", test_info.name());
+
+  if (test_info.value_param() != NULL) {
+    OutputXmlAttribute(stream, kTestcase, "value_param",
+                       test_info.value_param());
+  }
+  if (test_info.type_param() != NULL) {
+    OutputXmlAttribute(stream, kTestcase, "type_param", test_info.type_param());
+  }
+
+  OutputXmlAttribute(stream, kTestcase, "status",
+                     test_info.should_run() ? "run" : "notrun");
+  OutputXmlAttribute(stream, kTestcase, "time",
+                     FormatTimeInMillisAsSeconds(result.elapsed_time()));
+  OutputXmlAttribute(stream, kTestcase, "classname", test_case_name);
+  *stream << TestPropertiesAsXmlAttributes(result);
+
+  int failures = 0;
+  for (int i = 0; i < result.total_part_count(); ++i) {
+    const TestPartResult& part = result.GetTestPartResult(i);
+    if (part.failed()) {
+      if (++failures == 1) {
+        *stream << ">\n";
+      }
+      const string location = internal::FormatCompilerIndependentFileLocation(
+          part.file_name(), part.line_number());
+      const string summary = location + "\n" + part.summary();
+      *stream << "      <failure message=\""
+              << EscapeXmlAttribute(summary.c_str())
+              << "\" type=\"\">";
+      const string detail = location + "\n" + part.message();
+      OutputXmlCDataSection(stream, RemoveInvalidXmlCharacters(detail).c_str());
+      *stream << "</failure>\n";
+    }
+  }
+
+  if (failures == 0)
+    *stream << " />\n";
+  else
+    *stream << "    </testcase>\n";
+}
+
+// Prints an XML representation of a TestCase object
+void XmlUnitTestResultPrinter::PrintXmlTestCase(std::ostream* stream,
+                                                const TestCase& test_case) {
+  const std::string kTestsuite = "testsuite";
+  *stream << "  <" << kTestsuite;
+  OutputXmlAttribute(stream, kTestsuite, "name", test_case.name());
+  OutputXmlAttribute(stream, kTestsuite, "tests",
+                     StreamableToString(test_case.reportable_test_count()));
+  OutputXmlAttribute(stream, kTestsuite, "failures",
+                     StreamableToString(test_case.failed_test_count()));
+  OutputXmlAttribute(
+      stream, kTestsuite, "disabled",
+      StreamableToString(test_case.reportable_disabled_test_count()));
+  OutputXmlAttribute(stream, kTestsuite, "errors", "0");
+  OutputXmlAttribute(stream, kTestsuite, "time",
+                     FormatTimeInMillisAsSeconds(test_case.elapsed_time()));
+  *stream << TestPropertiesAsXmlAttributes(test_case.ad_hoc_test_result())
+          << ">\n";
+
+  for (int i = 0; i < test_case.total_test_count(); ++i) {
+    if (test_case.GetTestInfo(i)->is_reportable())
+      OutputXmlTestInfo(stream, test_case.name(), *test_case.GetTestInfo(i));
+  }
+  *stream << "  </" << kTestsuite << ">\n";
+}
+
+// Prints an XML summary of unit_test to output stream out.
+void XmlUnitTestResultPrinter::PrintXmlUnitTest(std::ostream* stream,
+                                                const UnitTest& unit_test) {
+  const std::string kTestsuites = "testsuites";
+
+  *stream << "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
+  *stream << "<" << kTestsuites;
+
+  OutputXmlAttribute(stream, kTestsuites, "tests",
+                     StreamableToString(unit_test.reportable_test_count()));
+  OutputXmlAttribute(stream, kTestsuites, "failures",
+                     StreamableToString(unit_test.failed_test_count()));
+  OutputXmlAttribute(
+      stream, kTestsuites, "disabled",
+      StreamableToString(unit_test.reportable_disabled_test_count()));
+  OutputXmlAttribute(stream, kTestsuites, "errors", "0");
+  OutputXmlAttribute(
+      stream, kTestsuites, "timestamp",
+      FormatEpochTimeInMillisAsIso8601(unit_test.start_timestamp()));
+  OutputXmlAttribute(stream, kTestsuites, "time",
+                     FormatTimeInMillisAsSeconds(unit_test.elapsed_time()));
+
+  if (GTEST_FLAG(shuffle)) {
+    OutputXmlAttribute(stream, kTestsuites, "random_seed",
+                       StreamableToString(unit_test.random_seed()));
+  }
+
+  *stream << TestPropertiesAsXmlAttributes(unit_test.ad_hoc_test_result());
+
+  OutputXmlAttribute(stream, kTestsuites, "name", "AllTests");
+  *stream << ">\n";
+
+  for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+    if (unit_test.GetTestCase(i)->reportable_test_count() > 0)
+      PrintXmlTestCase(stream, *unit_test.GetTestCase(i));
+  }
+  *stream << "</" << kTestsuites << ">\n";
+}
+
+// Produces a string representing the test properties in a result as space
+// delimited XML attributes based on the property key="value" pairs.
+std::string XmlUnitTestResultPrinter::TestPropertiesAsXmlAttributes(
+    const TestResult& result) {
+  Message attributes;
+  for (int i = 0; i < result.test_property_count(); ++i) {
+    const TestProperty& property = result.GetTestProperty(i);
+    attributes << " " << property.key() << "="
+        << "\"" << EscapeXmlAttribute(property.value()) << "\"";
+  }
+  return attributes.GetString();
+}
+
+// End XmlUnitTestResultPrinter
+
+#if GTEST_CAN_STREAM_RESULTS_
+
+// Checks if str contains '=', '&', '%' or '\n' characters. If yes,
+// replaces them by "%xx" where xx is their hexadecimal value. For
+// example, replaces "=" with "%3D".  This algorithm is O(strlen(str))
+// in both time and space -- important as the input str may contain an
+// arbitrarily long test failure message and stack trace.
+string StreamingListener::UrlEncode(const char* str) {
+  string result;
+  result.reserve(strlen(str) + 1);
+  for (char ch = *str; ch != '\0'; ch = *++str) {
+    switch (ch) {
+      case '%':
+      case '=':
+      case '&':
+      case '\n':
+        result.append("%" + String::FormatByte(static_cast<unsigned char>(ch)));
+        break;
+      default:
+        result.push_back(ch);
+        break;
+    }
+  }
+  return result;
+}
+
+void StreamingListener::SocketWriter::MakeConnection() {
+  GTEST_CHECK_(sockfd_ == -1)
+      << "MakeConnection() can't be called when there is already a connection.";
+
+  addrinfo hints;
+  memset(&hints, 0, sizeof(hints));
+  hints.ai_family = AF_UNSPEC;    // To allow both IPv4 and IPv6 addresses.
+  hints.ai_socktype = SOCK_STREAM;
+  addrinfo* servinfo = NULL;
+
+  // Use the getaddrinfo() to get a linked list of IP addresses for
+  // the given host name.
+  const int error_num = getaddrinfo(
+      host_name_.c_str(), port_num_.c_str(), &hints, &servinfo);
+  if (error_num != 0) {
+    GTEST_LOG_(WARNING) << "stream_result_to: getaddrinfo() failed: "
+                        << gai_strerror(error_num);
+  }
+
+  // Loop through all the results and connect to the first we can.
+  for (addrinfo* cur_addr = servinfo; sockfd_ == -1 && cur_addr != NULL;
+       cur_addr = cur_addr->ai_next) {
+    sockfd_ = socket(
+        cur_addr->ai_family, cur_addr->ai_socktype, cur_addr->ai_protocol);
+    if (sockfd_ != -1) {
+      // Connect the client socket to the server socket.
+      if (connect(sockfd_, cur_addr->ai_addr, cur_addr->ai_addrlen) == -1) {
+        close(sockfd_);
+        sockfd_ = -1;
+      }
+    }
+  }
+
+  freeaddrinfo(servinfo);  // all done with this structure
+
+  if (sockfd_ == -1) {
+    GTEST_LOG_(WARNING) << "stream_result_to: failed to connect to "
+                        << host_name_ << ":" << port_num_;
+  }
+}
+
+// End of class Streaming Listener
+#endif  // GTEST_CAN_STREAM_RESULTS__
+
+// Class ScopedTrace
+
+// Pushes the given source file location and message onto a per-thread
+// trace stack maintained by Google Test.
+ScopedTrace::ScopedTrace(const char* file, int line, const Message& message)
+    GTEST_LOCK_EXCLUDED_(&UnitTest::mutex_) {
+  TraceInfo trace;
+  trace.file = file;
+  trace.line = line;
+  trace.message = message.GetString();
+
+  UnitTest::GetInstance()->PushGTestTrace(trace);
+}
+
+// Pops the info pushed by the c'tor.
+ScopedTrace::~ScopedTrace()
+    GTEST_LOCK_EXCLUDED_(&UnitTest::mutex_) {
+  UnitTest::GetInstance()->PopGTestTrace();
+}
+
+
+// class OsStackTraceGetter
+
+// Returns the current OS stack trace as an std::string.  Parameters:
+//
+//   max_depth  - the maximum number of stack frames to be included
+//                in the trace.
+//   skip_count - the number of top frames to be skipped; doesn't count
+//                against max_depth.
+//
+string OsStackTraceGetter::CurrentStackTrace(int /* max_depth */,
+                                             int /* skip_count */)
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  return "";
+}
+
+void OsStackTraceGetter::UponLeavingGTest()
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+}
+
+const char* const
+OsStackTraceGetter::kElidedFramesMarker =
+    "... " GTEST_NAME_ " internal frames ...";
+
+// A helper class that creates the premature-exit file in its
+// constructor and deletes the file in its destructor.
+class ScopedPrematureExitFile {
+ public:
+  explicit ScopedPrematureExitFile(const char* premature_exit_filepath)
+      : premature_exit_filepath_(premature_exit_filepath) {
+    // If a path to the premature-exit file is specified...
+    if (premature_exit_filepath != NULL && *premature_exit_filepath != '\0') {
+      // create the file with a single "0" character in it.  I/O
+      // errors are ignored as there's nothing better we can do and we
+      // don't want to fail the test because of this.
+      FILE* pfile = posix::FOpen(premature_exit_filepath, "w");
+      fwrite("0", 1, 1, pfile);
+      fclose(pfile);
+    }
+  }
+
+  ~ScopedPrematureExitFile() {
+    if (premature_exit_filepath_ != NULL && *premature_exit_filepath_ != '\0') {
+      remove(premature_exit_filepath_);
+    }
+  }
+
+ private:
+  const char* const premature_exit_filepath_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ScopedPrematureExitFile);
+};
+
+}  // namespace internal
+
+// class TestEventListeners
+
+TestEventListeners::TestEventListeners()
+    : repeater_(new internal::TestEventRepeater()),
+      default_result_printer_(NULL),
+      default_xml_generator_(NULL) {
+}
+
+TestEventListeners::~TestEventListeners() { delete repeater_; }
+
+// Returns the standard listener responsible for the default console
+// output.  Can be removed from the listeners list to shut down default
+// console output.  Note that removing this object from the listener list
+// with Release transfers its ownership to the user.
+void TestEventListeners::Append(TestEventListener* listener) {
+  repeater_->Append(listener);
+}
+
+// Removes the given event listener from the list and returns it.  It then
+// becomes the caller's responsibility to delete the listener. Returns
+// NULL if the listener is not found in the list.
+TestEventListener* TestEventListeners::Release(TestEventListener* listener) {
+  if (listener == default_result_printer_)
+    default_result_printer_ = NULL;
+  else if (listener == default_xml_generator_)
+    default_xml_generator_ = NULL;
+  return repeater_->Release(listener);
+}
+
+// Returns repeater that broadcasts the TestEventListener events to all
+// subscribers.
+TestEventListener* TestEventListeners::repeater() { return repeater_; }
+
+// Sets the default_result_printer attribute to the provided listener.
+// The listener is also added to the listener list and previous
+// default_result_printer is removed from it and deleted. The listener can
+// also be NULL in which case it will not be added to the list. Does
+// nothing if the previous and the current listener objects are the same.
+void TestEventListeners::SetDefaultResultPrinter(TestEventListener* listener) {
+  if (default_result_printer_ != listener) {
+    // It is an error to pass this method a listener that is already in the
+    // list.
+    delete Release(default_result_printer_);
+    default_result_printer_ = listener;
+    if (listener != NULL)
+      Append(listener);
+  }
+}
+
+// Sets the default_xml_generator attribute to the provided listener.  The
+// listener is also added to the listener list and previous
+// default_xml_generator is removed from it and deleted. The listener can
+// also be NULL in which case it will not be added to the list. Does
+// nothing if the previous and the current listener objects are the same.
+void TestEventListeners::SetDefaultXmlGenerator(TestEventListener* listener) {
+  if (default_xml_generator_ != listener) {
+    // It is an error to pass this method a listener that is already in the
+    // list.
+    delete Release(default_xml_generator_);
+    default_xml_generator_ = listener;
+    if (listener != NULL)
+      Append(listener);
+  }
+}
+
+// Controls whether events will be forwarded by the repeater to the
+// listeners in the list.
+bool TestEventListeners::EventForwardingEnabled() const {
+  return repeater_->forwarding_enabled();
+}
+
+void TestEventListeners::SuppressEventForwarding() {
+  repeater_->set_forwarding_enabled(false);
+}
+
+// class UnitTest
+
+// Gets the singleton UnitTest object.  The first time this method is
+// called, a UnitTest object is constructed and returned.  Consecutive
+// calls will return the same object.
+//
+// We don't protect this under mutex_ as a user is not supposed to
+// call this before main() starts, from which point on the return
+// value will never change.
+UnitTest* UnitTest::GetInstance() {
+  // When compiled with MSVC 7.1 in optimized mode, destroying the
+  // UnitTest object upon exiting the program messes up the exit code,
+  // causing successful tests to appear failed.  We have to use a
+  // different implementation in this case to bypass the compiler bug.
+  // This implementation makes the compiler happy, at the cost of
+  // leaking the UnitTest object.
+
+  // CodeGear C++Builder insists on a public destructor for the
+  // default implementation.  Use this implementation to keep good OO
+  // design with private destructor.
+
+#if (_MSC_VER == 1310 && !defined(_DEBUG)) || defined(__BORLANDC__)
+  static UnitTest* const instance = new UnitTest;
+  return instance;
+#else
+  static UnitTest instance;
+  return &instance;
+#endif  // (_MSC_VER == 1310 && !defined(_DEBUG)) || defined(__BORLANDC__)
+}
+
+// Gets the number of successful test cases.
+int UnitTest::successful_test_case_count() const {
+  return impl()->successful_test_case_count();
+}
+
+// Gets the number of failed test cases.
+int UnitTest::failed_test_case_count() const {
+  return impl()->failed_test_case_count();
+}
+
+// Gets the number of all test cases.
+int UnitTest::total_test_case_count() const {
+  return impl()->total_test_case_count();
+}
+
+// Gets the number of all test cases that contain at least one test
+// that should run.
+int UnitTest::test_case_to_run_count() const {
+  return impl()->test_case_to_run_count();
+}
+
+// Gets the number of successful tests.
+int UnitTest::successful_test_count() const {
+  return impl()->successful_test_count();
+}
+
+// Gets the number of failed tests.
+int UnitTest::failed_test_count() const { return impl()->failed_test_count(); }
+
+// Gets the number of disabled tests that will be reported in the XML report.
+int UnitTest::reportable_disabled_test_count() const {
+  return impl()->reportable_disabled_test_count();
+}
+
+// Gets the number of disabled tests.
+int UnitTest::disabled_test_count() const {
+  return impl()->disabled_test_count();
+}
+
+// Gets the number of tests to be printed in the XML report.
+int UnitTest::reportable_test_count() const {
+  return impl()->reportable_test_count();
+}
+
+// Gets the number of all tests.
+int UnitTest::total_test_count() const { return impl()->total_test_count(); }
+
+// Gets the number of tests that should run.
+int UnitTest::test_to_run_count() const { return impl()->test_to_run_count(); }
+
+// Gets the time of the test program start, in ms from the start of the
+// UNIX epoch.
+internal::TimeInMillis UnitTest::start_timestamp() const {
+    return impl()->start_timestamp();
+}
+
+// Gets the elapsed time, in milliseconds.
+internal::TimeInMillis UnitTest::elapsed_time() const {
+  return impl()->elapsed_time();
+}
+
+// Returns true iff the unit test passed (i.e. all test cases passed).
+bool UnitTest::Passed() const { return impl()->Passed(); }
+
+// Returns true iff the unit test failed (i.e. some test case failed
+// or something outside of all tests failed).
+bool UnitTest::Failed() const { return impl()->Failed(); }
+
+// Gets the i-th test case among all the test cases. i can range from 0 to
+// total_test_case_count() - 1. If i is not in that range, returns NULL.
+const TestCase* UnitTest::GetTestCase(int i) const {
+  return impl()->GetTestCase(i);
+}
+
+// Returns the TestResult containing information on test failures and
+// properties logged outside of individual test cases.
+const TestResult& UnitTest::ad_hoc_test_result() const {
+  return *impl()->ad_hoc_test_result();
+}
+
+// Gets the i-th test case among all the test cases. i can range from 0 to
+// total_test_case_count() - 1. If i is not in that range, returns NULL.
+TestCase* UnitTest::GetMutableTestCase(int i) {
+  return impl()->GetMutableTestCase(i);
+}
+
+// Returns the list of event listeners that can be used to track events
+// inside Google Test.
+TestEventListeners& UnitTest::listeners() {
+  return *impl()->listeners();
+}
+
+// Registers and returns a global test environment.  When a test
+// program is run, all global test environments will be set-up in the
+// order they were registered.  After all tests in the program have
+// finished, all global test environments will be torn-down in the
+// *reverse* order they were registered.
+//
+// The UnitTest object takes ownership of the given environment.
+//
+// We don't protect this under mutex_, as we only support calling it
+// from the main thread.
+Environment* UnitTest::AddEnvironment(Environment* env) {
+  if (env == NULL) {
+    return NULL;
+  }
+
+  impl_->environments().push_back(env);
+  return env;
+}
+
+// Adds a TestPartResult to the current TestResult object.  All Google Test
+// assertion macros (e.g. ASSERT_TRUE, EXPECT_EQ, etc) eventually call
+// this to report their results.  The user code should use the
+// assertion macros instead of calling this directly.
+void UnitTest::AddTestPartResult(
+    TestPartResult::Type result_type,
+    const char* file_name,
+    int line_number,
+    const std::string& message,
+    const std::string& os_stack_trace) GTEST_LOCK_EXCLUDED_(mutex_) {
+  Message msg;
+  msg << message;
+
+  internal::MutexLock lock(&mutex_);
+  if (impl_->gtest_trace_stack().size() > 0) {
+    msg << "\n" << GTEST_NAME_ << " trace:";
+
+    for (int i = static_cast<int>(impl_->gtest_trace_stack().size());
+         i > 0; --i) {
+      const internal::TraceInfo& trace = impl_->gtest_trace_stack()[i - 1];
+      msg << "\n" << internal::FormatFileLocation(trace.file, trace.line)
+          << " " << trace.message;
+    }
+  }
+
+  if (os_stack_trace.c_str() != NULL && !os_stack_trace.empty()) {
+    msg << internal::kStackTraceMarker << os_stack_trace;
+  }
+
+  const TestPartResult result =
+    TestPartResult(result_type, file_name, line_number,
+                   msg.GetString().c_str());
+  impl_->GetTestPartResultReporterForCurrentThread()->
+      ReportTestPartResult(result);
+
+  if (result_type != TestPartResult::kSuccess) {
+    // gtest_break_on_failure takes precedence over
+    // gtest_throw_on_failure.  This allows a user to set the latter
+    // in the code (perhaps in order to use Google Test assertions
+    // with another testing framework) and specify the former on the
+    // command line for debugging.
+    if (GTEST_FLAG(break_on_failure)) {
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+      // Using DebugBreak on Windows allows gtest to still break into a debugger
+      // when a failure happens and both the --gtest_break_on_failure and
+      // the --gtest_catch_exceptions flags are specified.
+      DebugBreak();
+#else
+      // Dereference NULL through a volatile pointer to prevent the compiler
+      // from removing. We use this rather than abort() or __builtin_trap() for
+      // portability: Symbian doesn't implement abort() well, and some debuggers
+      // don't correctly trap abort().
+      *static_cast<volatile int*>(NULL) = 1;
+#endif  // GTEST_OS_WINDOWS
+    } else if (GTEST_FLAG(throw_on_failure)) {
+#if GTEST_HAS_EXCEPTIONS
+      throw internal::GoogleTestFailureException(result);
+#else
+      // We cannot call abort() as it generates a pop-up in debug mode
+      // that cannot be suppressed in VC 7.1 or below.
+      exit(1);
+#endif
+    }
+  }
+}
+
+// Adds a TestProperty to the current TestResult object when invoked from
+// inside a test, to current TestCase's ad_hoc_test_result_ when invoked
+// from SetUpTestCase or TearDownTestCase, or to the global property set
+// when invoked elsewhere.  If the result already contains a property with
+// the same key, the value will be updated.
+void UnitTest::RecordProperty(const std::string& key,
+                              const std::string& value) {
+  impl_->RecordProperty(TestProperty(key, value));
+}
+
+// Runs all tests in this UnitTest object and prints the result.
+// Returns 0 if successful, or 1 otherwise.
+//
+// We don't protect this under mutex_, as we only support calling it
+// from the main thread.
+int UnitTest::Run() {
+  const bool in_death_test_child_process =
+      internal::GTEST_FLAG(internal_run_death_test).length() > 0;
+
+  // Google Test implements this protocol for catching that a test
+  // program exits before returning control to Google Test:
+  //
+  //   1. Upon start, Google Test creates a file whose absolute path
+  //      is specified by the environment variable
+  //      TEST_PREMATURE_EXIT_FILE.
+  //   2. When Google Test has finished its work, it deletes the file.
+  //
+  // This allows a test runner to set TEST_PREMATURE_EXIT_FILE before
+  // running a Google-Test-based test program and check the existence
+  // of the file at the end of the test execution to see if it has
+  // exited prematurely.
+
+  // If we are in the child process of a death test, don't
+  // create/delete the premature exit file, as doing so is unnecessary
+  // and will confuse the parent process.  Otherwise, create/delete
+  // the file upon entering/leaving this function.  If the program
+  // somehow exits before this function has a chance to return, the
+  // premature-exit file will be left undeleted, causing a test runner
+  // that understands the premature-exit-file protocol to report the
+  // test as having failed.
+  const internal::ScopedPrematureExitFile premature_exit_file(
+      in_death_test_child_process ?
+      NULL : internal::posix::GetEnv("TEST_PREMATURE_EXIT_FILE"));
+
+  // Captures the value of GTEST_FLAG(catch_exceptions).  This value will be
+  // used for the duration of the program.
+  impl()->set_catch_exceptions(GTEST_FLAG(catch_exceptions));
+
+#if GTEST_HAS_SEH
+  // Either the user wants Google Test to catch exceptions thrown by the
+  // tests or this is executing in the context of death test child
+  // process. In either case the user does not want to see pop-up dialogs
+  // about crashes - they are expected.
+  if (impl()->catch_exceptions() || in_death_test_child_process) {
+# if !GTEST_OS_WINDOWS_MOBILE && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+    // SetErrorMode doesn't exist on CE.
+    SetErrorMode(SEM_FAILCRITICALERRORS | SEM_NOALIGNMENTFAULTEXCEPT |
+                 SEM_NOGPFAULTERRORBOX | SEM_NOOPENFILEERRORBOX);
+# endif  // !GTEST_OS_WINDOWS_MOBILE
+
+# if (defined(_MSC_VER) || GTEST_OS_WINDOWS_MINGW) && !GTEST_OS_WINDOWS_MOBILE
+    // Death test children can be terminated with _abort().  On Windows,
+    // _abort() can show a dialog with a warning message.  This forces the
+    // abort message to go to stderr instead.
+    _set_error_mode(_OUT_TO_STDERR);
+# endif
+
+# if _MSC_VER >= 1400 && !GTEST_OS_WINDOWS_MOBILE
+    // In the debug version, Visual Studio pops up a separate dialog
+    // offering a choice to debug the aborted program. We need to suppress
+    // this dialog or it will pop up for every EXPECT/ASSERT_DEATH statement
+    // executed. Google Test will notify the user of any unexpected
+    // failure via stderr.
+    //
+    // VC++ doesn't define _set_abort_behavior() prior to the version 8.0.
+    // Users of prior VC versions shall suffer the agony and pain of
+    // clicking through the countless debug dialogs.
+    // TODO(vladl@google.com): find a way to suppress the abort dialog() in the
+    // debug mode when compiled with VC 7.1 or lower.
+    if (!GTEST_FLAG(break_on_failure))
+      _set_abort_behavior(
+          0x0,                                    // Clear the following flags:
+          _WRITE_ABORT_MSG | _CALL_REPORTFAULT);  // pop-up window, core dump.
+# endif
+  }
+#endif  // GTEST_HAS_SEH
+
+  return internal::HandleExceptionsInMethodIfSupported(
+      impl(),
+      &internal::UnitTestImpl::RunAllTests,
+      "auxiliary test code (environments or event listeners)") ? 0 : 1;
+}
+
+// Returns the working directory when the first TEST() or TEST_F() was
+// executed.
+const char* UnitTest::original_working_dir() const {
+  return impl_->original_working_dir_.c_str();
+}
+
+// Returns the TestCase object for the test that's currently running,
+// or NULL if no test is running.
+const TestCase* UnitTest::current_test_case() const
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  return impl_->current_test_case();
+}
+
+// Returns the TestInfo object for the test that's currently running,
+// or NULL if no test is running.
+const TestInfo* UnitTest::current_test_info() const
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  return impl_->current_test_info();
+}
+
+// Returns the random seed used at the start of the current test run.
+int UnitTest::random_seed() const { return impl_->random_seed(); }
+
+#if GTEST_HAS_PARAM_TEST
+// Returns ParameterizedTestCaseRegistry object used to keep track of
+// value-parameterized tests and instantiate and register them.
+internal::ParameterizedTestCaseRegistry&
+    UnitTest::parameterized_test_registry()
+        GTEST_LOCK_EXCLUDED_(mutex_) {
+  return impl_->parameterized_test_registry();
+}
+#endif  // GTEST_HAS_PARAM_TEST
+
+// Creates an empty UnitTest.
+UnitTest::UnitTest() {
+  impl_ = new internal::UnitTestImpl(this);
+}
+
+// Destructor of UnitTest.
+UnitTest::~UnitTest() {
+  delete impl_;
+}
+
+// Pushes a trace defined by SCOPED_TRACE() on to the per-thread
+// Google Test trace stack.
+void UnitTest::PushGTestTrace(const internal::TraceInfo& trace)
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  impl_->gtest_trace_stack().push_back(trace);
+}
+
+// Pops a trace from the per-thread Google Test trace stack.
+void UnitTest::PopGTestTrace()
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  impl_->gtest_trace_stack().pop_back();
+}
+
+namespace internal {
+
+UnitTestImpl::UnitTestImpl(UnitTest* parent)
+    : parent_(parent),
+      GTEST_DISABLE_MSC_WARNINGS_PUSH_(4355 /* using this in initializer */)
+      default_global_test_part_result_reporter_(this),
+      default_per_thread_test_part_result_reporter_(this),
+      GTEST_DISABLE_MSC_WARNINGS_POP_()
+      global_test_part_result_repoter_(
+          &default_global_test_part_result_reporter_),
+      per_thread_test_part_result_reporter_(
+          &default_per_thread_test_part_result_reporter_),
+#if GTEST_HAS_PARAM_TEST
+      parameterized_test_registry_(),
+      parameterized_tests_registered_(false),
+#endif  // GTEST_HAS_PARAM_TEST
+      last_death_test_case_(-1),
+      current_test_case_(NULL),
+      current_test_info_(NULL),
+      ad_hoc_test_result_(),
+      os_stack_trace_getter_(NULL),
+      post_flag_parse_init_performed_(false),
+      random_seed_(0),  // Will be overridden by the flag before first use.
+      random_(0),  // Will be reseeded before first use.
+      start_timestamp_(0),
+      elapsed_time_(0),
+#if GTEST_HAS_DEATH_TEST
+      death_test_factory_(new DefaultDeathTestFactory),
+#endif
+      // Will be overridden by the flag before first use.
+      catch_exceptions_(false) {
+  listeners()->SetDefaultResultPrinter(new PrettyUnitTestResultPrinter);
+}
+
+UnitTestImpl::~UnitTestImpl() {
+  // Deletes every TestCase.
+  ForEach(test_cases_, internal::Delete<TestCase>);
+
+  // Deletes every Environment.
+  ForEach(environments_, internal::Delete<Environment>);
+
+  delete os_stack_trace_getter_;
+}
+
+// Adds a TestProperty to the current TestResult object when invoked in a
+// context of a test, to current test case's ad_hoc_test_result when invoke
+// from SetUpTestCase/TearDownTestCase, or to the global property set
+// otherwise.  If the result already contains a property with the same key,
+// the value will be updated.
+void UnitTestImpl::RecordProperty(const TestProperty& test_property) {
+  std::string xml_element;
+  TestResult* test_result;  // TestResult appropriate for property recording.
+
+  if (current_test_info_ != NULL) {
+    xml_element = "testcase";
+    test_result = &(current_test_info_->result_);
+  } else if (current_test_case_ != NULL) {
+    xml_element = "testsuite";
+    test_result = &(current_test_case_->ad_hoc_test_result_);
+  } else {
+    xml_element = "testsuites";
+    test_result = &ad_hoc_test_result_;
+  }
+  test_result->RecordProperty(xml_element, test_property);
+}
+
+#if GTEST_HAS_DEATH_TEST
+// Disables event forwarding if the control is currently in a death test
+// subprocess. Must not be called before InitGoogleTest.
+void UnitTestImpl::SuppressTestEventsIfInSubprocess() {
+  if (internal_run_death_test_flag_.get() != NULL)
+    listeners()->SuppressEventForwarding();
+}
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Initializes event listeners performing XML output as specified by
+// UnitTestOptions. Must not be called before InitGoogleTest.
+void UnitTestImpl::ConfigureXmlOutput() {
+  const std::string& output_format = UnitTestOptions::GetOutputFormat();
+  if (output_format == "xml") {
+    listeners()->SetDefaultXmlGenerator(new XmlUnitTestResultPrinter(
+        UnitTestOptions::GetAbsolutePathToOutputFile().c_str()));
+  } else if (output_format != "") {
+    printf("WARNING: unrecognized output format \"%s\" ignored.\n",
+           output_format.c_str());
+    fflush(stdout);
+  }
+}
+
+#if GTEST_CAN_STREAM_RESULTS_
+// Initializes event listeners for streaming test results in string form.
+// Must not be called before InitGoogleTest.
+void UnitTestImpl::ConfigureStreamingOutput() {
+  const std::string& target = GTEST_FLAG(stream_result_to);
+  if (!target.empty()) {
+    const size_t pos = target.find(':');
+    if (pos != std::string::npos) {
+      listeners()->Append(new StreamingListener(target.substr(0, pos),
+                                                target.substr(pos+1)));
+    } else {
+      printf("WARNING: unrecognized streaming target \"%s\" ignored.\n",
+             target.c_str());
+      fflush(stdout);
+    }
+  }
+}
+#endif  // GTEST_CAN_STREAM_RESULTS_
+
+// Performs initialization dependent upon flag values obtained in
+// ParseGoogleTestFlagsOnly.  Is called from InitGoogleTest after the call to
+// ParseGoogleTestFlagsOnly.  In case a user neglects to call InitGoogleTest
+// this function is also called from RunAllTests.  Since this function can be
+// called more than once, it has to be idempotent.
+void UnitTestImpl::PostFlagParsingInit() {
+  // Ensures that this function does not execute more than once.
+  if (!post_flag_parse_init_performed_) {
+    post_flag_parse_init_performed_ = true;
+
+#if GTEST_HAS_DEATH_TEST
+    InitDeathTestSubprocessControlInfo();
+    SuppressTestEventsIfInSubprocess();
+#endif  // GTEST_HAS_DEATH_TEST
+
+    // Registers parameterized tests. This makes parameterized tests
+    // available to the UnitTest reflection API without running
+    // RUN_ALL_TESTS.
+    RegisterParameterizedTests();
+
+    // Configures listeners for XML output. This makes it possible for users
+    // to shut down the default XML output before invoking RUN_ALL_TESTS.
+    ConfigureXmlOutput();
+
+#if GTEST_CAN_STREAM_RESULTS_
+    // Configures listeners for streaming test results to the specified server.
+    ConfigureStreamingOutput();
+#endif  // GTEST_CAN_STREAM_RESULTS_
+  }
+}
+
+// A predicate that checks the name of a TestCase against a known
+// value.
+//
+// This is used for implementation of the UnitTest class only.  We put
+// it in the anonymous namespace to prevent polluting the outer
+// namespace.
+//
+// TestCaseNameIs is copyable.
+class TestCaseNameIs {
+ public:
+  // Constructor.
+  explicit TestCaseNameIs(const std::string& name)
+      : name_(name) {}
+
+  // Returns true iff the name of test_case matches name_.
+  bool operator()(const TestCase* test_case) const {
+    return test_case != NULL && strcmp(test_case->name(), name_.c_str()) == 0;
+  }
+
+ private:
+  std::string name_;
+};
+
+// Finds and returns a TestCase with the given name.  If one doesn't
+// exist, creates one and returns it.  It's the CALLER'S
+// RESPONSIBILITY to ensure that this function is only called WHEN THE
+// TESTS ARE NOT SHUFFLED.
+//
+// Arguments:
+//
+//   test_case_name: name of the test case
+//   type_param:     the name of the test case's type parameter, or NULL if
+//                   this is not a typed or a type-parameterized test case.
+//   set_up_tc:      pointer to the function that sets up the test case
+//   tear_down_tc:   pointer to the function that tears down the test case
+TestCase* UnitTestImpl::GetTestCase(const char* test_case_name,
+                                    const char* type_param,
+                                    Test::SetUpTestCaseFunc set_up_tc,
+                                    Test::TearDownTestCaseFunc tear_down_tc) {
+  // Can we find a TestCase with the given name?
+  const std::vector<TestCase*>::const_iterator test_case =
+      std::find_if(test_cases_.begin(), test_cases_.end(),
+                   TestCaseNameIs(test_case_name));
+
+  if (test_case != test_cases_.end())
+    return *test_case;
+
+  // No.  Let's create one.
+  TestCase* const new_test_case =
+      new TestCase(test_case_name, type_param, set_up_tc, tear_down_tc);
+
+  // Is this a death test case?
+  if (internal::UnitTestOptions::MatchesFilter(test_case_name,
+                                               kDeathTestCaseFilter)) {
+    // Yes.  Inserts the test case after the last death test case
+    // defined so far.  This only works when the test cases haven't
+    // been shuffled.  Otherwise we may end up running a death test
+    // after a non-death test.
+    ++last_death_test_case_;
+    test_cases_.insert(test_cases_.begin() + last_death_test_case_,
+                       new_test_case);
+  } else {
+    // No.  Appends to the end of the list.
+    test_cases_.push_back(new_test_case);
+  }
+
+  test_case_indices_.push_back(static_cast<int>(test_case_indices_.size()));
+  return new_test_case;
+}
+
+// Helpers for setting up / tearing down the given environment.  They
+// are for use in the ForEach() function.
+static void SetUpEnvironment(Environment* env) { env->SetUp(); }
+static void TearDownEnvironment(Environment* env) { env->TearDown(); }
+
+// Runs all tests in this UnitTest object, prints the result, and
+// returns true if all tests are successful.  If any exception is
+// thrown during a test, the test is considered to be failed, but the
+// rest of the tests will still be run.
+//
+// When parameterized tests are enabled, it expands and registers
+// parameterized tests first in RegisterParameterizedTests().
+// All other functions called from RunAllTests() may safely assume that
+// parameterized tests are ready to be counted and run.
+bool UnitTestImpl::RunAllTests() {
+  // Makes sure InitGoogleTest() was called.
+  if (!GTestIsInitialized()) {
+    printf("%s",
+           "\nThis test program did NOT call ::testing::InitGoogleTest "
+           "before calling RUN_ALL_TESTS().  Please fix it.\n");
+    return false;
+  }
+
+  // Do not run any test if the --help flag was specified.
+  if (g_help_flag)
+    return true;
+
+  // Repeats the call to the post-flag parsing initialization in case the
+  // user didn't call InitGoogleTest.
+  PostFlagParsingInit();
+
+  // Even if sharding is not on, test runners may want to use the
+  // GTEST_SHARD_STATUS_FILE to query whether the test supports the sharding
+  // protocol.
+  internal::WriteToShardStatusFileIfNeeded();
+
+  // True iff we are in a subprocess for running a thread-safe-style
+  // death test.
+  bool in_subprocess_for_death_test = false;
+
+#if GTEST_HAS_DEATH_TEST
+  in_subprocess_for_death_test = (internal_run_death_test_flag_.get() != NULL);
+#endif  // GTEST_HAS_DEATH_TEST
+
+  const bool should_shard = ShouldShard(kTestTotalShards, kTestShardIndex,
+                                        in_subprocess_for_death_test);
+
+  // Compares the full test names with the filter to decide which
+  // tests to run.
+  const bool has_tests_to_run = FilterTests(should_shard
+                                              ? HONOR_SHARDING_PROTOCOL
+                                              : IGNORE_SHARDING_PROTOCOL) > 0;
+
+  // Lists the tests and exits if the --gtest_list_tests flag was specified.
+  if (GTEST_FLAG(list_tests)) {
+    // This must be called *after* FilterTests() has been called.
+    ListTestsMatchingFilter();
+    return true;
+  }
+
+  random_seed_ = GTEST_FLAG(shuffle) ?
+      GetRandomSeedFromFlag(GTEST_FLAG(random_seed)) : 0;
+
+  // True iff at least one test has failed.
+  bool failed = false;
+
+  TestEventListener* repeater = listeners()->repeater();
+
+  start_timestamp_ = GetTimeInMillis();
+  repeater->OnTestProgramStart(*parent_);
+
+  // How many times to repeat the tests?  We don't want to repeat them
+  // when we are inside the subprocess of a death test.
+  const int repeat = in_subprocess_for_death_test ? 1 : GTEST_FLAG(repeat);
+  // Repeats forever if the repeat count is negative.
+  const bool forever = repeat < 0;
+  for (int i = 0; forever || i != repeat; i++) {
+    // We want to preserve failures generated by ad-hoc test
+    // assertions executed before RUN_ALL_TESTS().
+    ClearNonAdHocTestResult();
+
+    const TimeInMillis start = GetTimeInMillis();
+
+    // Shuffles test cases and tests if requested.
+    if (has_tests_to_run && GTEST_FLAG(shuffle)) {
+      random()->Reseed(random_seed_);
+      // This should be done before calling OnTestIterationStart(),
+      // such that a test event listener can see the actual test order
+      // in the event.
+      ShuffleTests();
+    }
+
+    // Tells the unit test event listeners that the tests are about to start.
+    repeater->OnTestIterationStart(*parent_, i);
+
+    // Runs each test case if there is at least one test to run.
+    if (has_tests_to_run) {
+      // Sets up all environments beforehand.
+      repeater->OnEnvironmentsSetUpStart(*parent_);
+      ForEach(environments_, SetUpEnvironment);
+      repeater->OnEnvironmentsSetUpEnd(*parent_);
+
+      // Runs the tests only if there was no fatal failure during global
+      // set-up.
+      if (!Test::HasFatalFailure()) {
+        for (int test_index = 0; test_index < total_test_case_count();
+             test_index++) {
+          GetMutableTestCase(test_index)->Run();
+        }
+      }
+
+      // Tears down all environments in reverse order afterwards.
+      repeater->OnEnvironmentsTearDownStart(*parent_);
+      std::for_each(environments_.rbegin(), environments_.rend(),
+                    TearDownEnvironment);
+      repeater->OnEnvironmentsTearDownEnd(*parent_);
+    }
+
+    elapsed_time_ = GetTimeInMillis() - start;
+
+    // Tells the unit test event listener that the tests have just finished.
+    repeater->OnTestIterationEnd(*parent_, i);
+
+    // Gets the result and clears it.
+    if (!Passed()) {
+      failed = true;
+    }
+
+    // Restores the original test order after the iteration.  This
+    // allows the user to quickly repro a failure that happens in the
+    // N-th iteration without repeating the first (N - 1) iterations.
+    // This is not enclosed in "if (GTEST_FLAG(shuffle)) { ... }", in
+    // case the user somehow changes the value of the flag somewhere
+    // (it's always safe to unshuffle the tests).
+    UnshuffleTests();
+
+    if (GTEST_FLAG(shuffle)) {
+      // Picks a new random seed for each iteration.
+      random_seed_ = GetNextRandomSeed(random_seed_);
+    }
+  }
+
+  repeater->OnTestProgramEnd(*parent_);
+
+  return !failed;
+}
+
+// Reads the GTEST_SHARD_STATUS_FILE environment variable, and creates the file
+// if the variable is present. If a file already exists at this location, this
+// function will write over it. If the variable is present, but the file cannot
+// be created, prints an error and exits.
+void WriteToShardStatusFileIfNeeded() {
+  const char* const test_shard_file = posix::GetEnv(kTestShardStatusFile);
+  if (test_shard_file != NULL) {
+    FILE* const file = posix::FOpen(test_shard_file, "w");
+    if (file == NULL) {
+      ColoredPrintf(COLOR_RED,
+                    "Could not write to the test shard status file \"%s\" "
+                    "specified by the %s environment variable.\n",
+                    test_shard_file, kTestShardStatusFile);
+      fflush(stdout);
+      exit(EXIT_FAILURE);
+    }
+    fclose(file);
+  }
+}
+
+// Checks whether sharding is enabled by examining the relevant
+// environment variable values. If the variables are present,
+// but inconsistent (i.e., shard_index >= total_shards), prints
+// an error and exits. If in_subprocess_for_death_test, sharding is
+// disabled because it must only be applied to the original test
+// process. Otherwise, we could filter out death tests we intended to execute.
+bool ShouldShard(const char* total_shards_env,
+                 const char* shard_index_env,
+                 bool in_subprocess_for_death_test) {
+  if (in_subprocess_for_death_test) {
+    return false;
+  }
+
+  const Int32 total_shards = Int32FromEnvOrDie(total_shards_env, -1);
+  const Int32 shard_index = Int32FromEnvOrDie(shard_index_env, -1);
+
+  if (total_shards == -1 && shard_index == -1) {
+    return false;
+  } else if (total_shards == -1 && shard_index != -1) {
+    const Message msg = Message()
+      << "Invalid environment variables: you have "
+      << kTestShardIndex << " = " << shard_index
+      << ", but have left " << kTestTotalShards << " unset.\n";
+    ColoredPrintf(COLOR_RED, msg.GetString().c_str());
+    fflush(stdout);
+    exit(EXIT_FAILURE);
+  } else if (total_shards != -1 && shard_index == -1) {
+    const Message msg = Message()
+      << "Invalid environment variables: you have "
+      << kTestTotalShards << " = " << total_shards
+      << ", but have left " << kTestShardIndex << " unset.\n";
+    ColoredPrintf(COLOR_RED, msg.GetString().c_str());
+    fflush(stdout);
+    exit(EXIT_FAILURE);
+  } else if (shard_index < 0 || shard_index >= total_shards) {
+    const Message msg = Message()
+      << "Invalid environment variables: we require 0 <= "
+      << kTestShardIndex << " < " << kTestTotalShards
+      << ", but you have " << kTestShardIndex << "=" << shard_index
+      << ", " << kTestTotalShards << "=" << total_shards << ".\n";
+    ColoredPrintf(COLOR_RED, msg.GetString().c_str());
+    fflush(stdout);
+    exit(EXIT_FAILURE);
+  }
+
+  return total_shards > 1;
+}
+
+// Parses the environment variable var as an Int32. If it is unset,
+// returns default_val. If it is not an Int32, prints an error
+// and aborts.
+Int32 Int32FromEnvOrDie(const char* var, Int32 default_val) {
+  const char* str_val = posix::GetEnv(var);
+  if (str_val == NULL) {
+    return default_val;
+  }
+
+  Int32 result;
+  if (!ParseInt32(Message() << "The value of environment variable " << var,
+                  str_val, &result)) {
+    exit(EXIT_FAILURE);
+  }
+  return result;
+}
+
+// Given the total number of shards, the shard index, and the test id,
+// returns true iff the test should be run on this shard. The test id is
+// some arbitrary but unique non-negative integer assigned to each test
+// method. Assumes that 0 <= shard_index < total_shards.
+bool ShouldRunTestOnShard(int total_shards, int shard_index, int test_id) {
+  return (test_id % total_shards) == shard_index;
+}
+
+// Compares the name of each test with the user-specified filter to
+// decide whether the test should be run, then records the result in
+// each TestCase and TestInfo object.
+// If shard_tests == true, further filters tests based on sharding
+// variables in the environment - see
+// http://code.google.com/p/googletest/wiki/GoogleTestAdvancedGuide.
+// Returns the number of tests that should run.
+int UnitTestImpl::FilterTests(ReactionToSharding shard_tests) {
+  const Int32 total_shards = shard_tests == HONOR_SHARDING_PROTOCOL ?
+      Int32FromEnvOrDie(kTestTotalShards, -1) : -1;
+  const Int32 shard_index = shard_tests == HONOR_SHARDING_PROTOCOL ?
+      Int32FromEnvOrDie(kTestShardIndex, -1) : -1;
+
+  // num_runnable_tests are the number of tests that will
+  // run across all shards (i.e., match filter and are not disabled).
+  // num_selected_tests are the number of tests to be run on
+  // this shard.
+  int num_runnable_tests = 0;
+  int num_selected_tests = 0;
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    TestCase* const test_case = test_cases_[i];
+    const std::string &test_case_name = test_case->name();
+    test_case->set_should_run(false);
+
+    for (size_t j = 0; j < test_case->test_info_list().size(); j++) {
+      TestInfo* const test_info = test_case->test_info_list()[j];
+      const std::string test_name(test_info->name());
+      // A test is disabled if test case name or test name matches
+      // kDisableTestFilter.
+      const bool is_disabled =
+          internal::UnitTestOptions::MatchesFilter(test_case_name,
+                                                   kDisableTestFilter) ||
+          internal::UnitTestOptions::MatchesFilter(test_name,
+                                                   kDisableTestFilter);
+      test_info->is_disabled_ = is_disabled;
+
+      const bool matches_filter =
+          internal::UnitTestOptions::FilterMatchesTest(test_case_name,
+                                                       test_name);
+      test_info->matches_filter_ = matches_filter;
+
+      const bool is_runnable =
+          (GTEST_FLAG(also_run_disabled_tests) || !is_disabled) &&
+          matches_filter;
+
+      const bool is_selected = is_runnable &&
+          (shard_tests == IGNORE_SHARDING_PROTOCOL ||
+           ShouldRunTestOnShard(total_shards, shard_index,
+                                num_runnable_tests));
+
+      num_runnable_tests += is_runnable;
+      num_selected_tests += is_selected;
+
+      test_info->should_run_ = is_selected;
+      test_case->set_should_run(test_case->should_run() || is_selected);
+    }
+  }
+  return num_selected_tests;
+}
+
+// Prints the given C-string on a single line by replacing all '\n'
+// characters with string "\\n".  If the output takes more than
+// max_length characters, only prints the first max_length characters
+// and "...".
+static void PrintOnOneLine(const char* str, int max_length) {
+  if (str != NULL) {
+    for (int i = 0; *str != '\0'; ++str) {
+      if (i >= max_length) {
+        printf("...");
+        break;
+      }
+      if (*str == '\n') {
+        printf("\\n");
+        i += 2;
+      } else {
+        printf("%c", *str);
+        ++i;
+      }
+    }
+  }
+}
+
+// Prints the names of the tests matching the user-specified filter flag.
+void UnitTestImpl::ListTestsMatchingFilter() {
+  // Print at most this many characters for each type/value parameter.
+  const int kMaxParamLength = 250;
+
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    const TestCase* const test_case = test_cases_[i];
+    bool printed_test_case_name = false;
+
+    for (size_t j = 0; j < test_case->test_info_list().size(); j++) {
+      const TestInfo* const test_info =
+          test_case->test_info_list()[j];
+      if (test_info->matches_filter_) {
+        if (!printed_test_case_name) {
+          printed_test_case_name = true;
+          printf("%s.", test_case->name());
+          if (test_case->type_param() != NULL) {
+            printf("  # %s = ", kTypeParamLabel);
+            // We print the type parameter on a single line to make
+            // the output easy to parse by a program.
+            PrintOnOneLine(test_case->type_param(), kMaxParamLength);
+          }
+          printf("\n");
+        }
+        printf("  %s", test_info->name());
+        if (test_info->value_param() != NULL) {
+          printf("  # %s = ", kValueParamLabel);
+          // We print the value parameter on a single line to make the
+          // output easy to parse by a program.
+          PrintOnOneLine(test_info->value_param(), kMaxParamLength);
+        }
+        printf("\n");
+      }
+    }
+  }
+  fflush(stdout);
+}
+
+// Sets the OS stack trace getter.
+//
+// Does nothing if the input and the current OS stack trace getter are
+// the same; otherwise, deletes the old getter and makes the input the
+// current getter.
+void UnitTestImpl::set_os_stack_trace_getter(
+    OsStackTraceGetterInterface* getter) {
+  if (os_stack_trace_getter_ != getter) {
+    delete os_stack_trace_getter_;
+    os_stack_trace_getter_ = getter;
+  }
+}
+
+// Returns the current OS stack trace getter if it is not NULL;
+// otherwise, creates an OsStackTraceGetter, makes it the current
+// getter, and returns it.
+OsStackTraceGetterInterface* UnitTestImpl::os_stack_trace_getter() {
+  if (os_stack_trace_getter_ == NULL) {
+    os_stack_trace_getter_ = new OsStackTraceGetter;
+  }
+
+  return os_stack_trace_getter_;
+}
+
+// Returns the TestResult for the test that's currently running, or
+// the TestResult for the ad hoc test if no test is running.
+TestResult* UnitTestImpl::current_test_result() {
+  return current_test_info_ ?
+      &(current_test_info_->result_) : &ad_hoc_test_result_;
+}
+
+// Shuffles all test cases, and the tests within each test case,
+// making sure that death tests are still run first.
+void UnitTestImpl::ShuffleTests() {
+  // Shuffles the death test cases.
+  ShuffleRange(random(), 0, last_death_test_case_ + 1, &test_case_indices_);
+
+  // Shuffles the non-death test cases.
+  ShuffleRange(random(), last_death_test_case_ + 1,
+               static_cast<int>(test_cases_.size()), &test_case_indices_);
+
+  // Shuffles the tests inside each test case.
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    test_cases_[i]->ShuffleTests(random());
+  }
+}
+
+// Restores the test cases and tests to their order before the first shuffle.
+void UnitTestImpl::UnshuffleTests() {
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    // Unshuffles the tests in each test case.
+    test_cases_[i]->UnshuffleTests();
+    // Resets the index of each test case.
+    test_case_indices_[i] = static_cast<int>(i);
+  }
+}
+
+// Returns the current OS stack trace as an std::string.
+//
+// The maximum number of stack frames to be included is specified by
+// the gtest_stack_trace_depth flag.  The skip_count parameter
+// specifies the number of top frames to be skipped, which doesn't
+// count against the number of frames to be included.
+//
+// For example, if Foo() calls Bar(), which in turn calls
+// GetCurrentOsStackTraceExceptTop(..., 1), Foo() will be included in
+// the trace but Bar() and GetCurrentOsStackTraceExceptTop() won't.
+std::string GetCurrentOsStackTraceExceptTop(UnitTest* /*unit_test*/,
+                                            int skip_count) {
+  // We pass skip_count + 1 to skip this wrapper function in addition
+  // to what the user really wants to skip.
+  return GetUnitTestImpl()->CurrentOsStackTraceExceptTop(skip_count + 1);
+}
+
+// Used by the GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_ macro to
+// suppress unreachable code warnings.
+namespace {
+class ClassUniqueToAlwaysTrue {};
+}
+
+bool IsTrue(bool condition) { return condition; }
+
+bool AlwaysTrue() {
+#if GTEST_HAS_EXCEPTIONS
+  // This condition is always false so AlwaysTrue() never actually throws,
+  // but it makes the compiler think that it may throw.
+  if (IsTrue(false))
+    throw ClassUniqueToAlwaysTrue();
+#endif  // GTEST_HAS_EXCEPTIONS
+  return true;
+}
+
+// If *pstr starts with the given prefix, modifies *pstr to be right
+// past the prefix and returns true; otherwise leaves *pstr unchanged
+// and returns false.  None of pstr, *pstr, and prefix can be NULL.
+bool SkipPrefix(const char* prefix, const char** pstr) {
+  const size_t prefix_len = strlen(prefix);
+  if (strncmp(*pstr, prefix, prefix_len) == 0) {
+    *pstr += prefix_len;
+    return true;
+  }
+  return false;
+}
+
+// Parses a string as a command line flag.  The string should have
+// the format "--flag=value".  When def_optional is true, the "=value"
+// part can be omitted.
+//
+// Returns the value of the flag, or NULL if the parsing failed.
+const char* ParseFlagValue(const char* str,
+                           const char* flag,
+                           bool def_optional) {
+  // str and flag must not be NULL.
+  if (str == NULL || flag == NULL) return NULL;
+
+  // The flag must start with "--" followed by GTEST_FLAG_PREFIX_.
+  const std::string flag_str = std::string("--") + GTEST_FLAG_PREFIX_ + flag;
+  const size_t flag_len = flag_str.length();
+  if (strncmp(str, flag_str.c_str(), flag_len) != 0) return NULL;
+
+  // Skips the flag name.
+  const char* flag_end = str + flag_len;
+
+  // When def_optional is true, it's OK to not have a "=value" part.
+  if (def_optional && (flag_end[0] == '\0')) {
+    return flag_end;
+  }
+
+  // If def_optional is true and there are more characters after the
+  // flag name, or if def_optional is false, there must be a '=' after
+  // the flag name.
+  if (flag_end[0] != '=') return NULL;
+
+  // Returns the string after "=".
+  return flag_end + 1;
+}
+
+// Parses a string for a bool flag, in the form of either
+// "--flag=value" or "--flag".
+//
+// In the former case, the value is taken as true as long as it does
+// not start with '0', 'f', or 'F'.
+//
+// In the latter case, the value is taken as true.
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+bool ParseBoolFlag(const char* str, const char* flag, bool* value) {
+  // Gets the value of the flag as a string.
+  const char* const value_str = ParseFlagValue(str, flag, true);
+
+  // Aborts if the parsing failed.
+  if (value_str == NULL) return false;
+
+  // Converts the string value to a bool.
+  *value = !(*value_str == '0' || *value_str == 'f' || *value_str == 'F');
+  return true;
+}
+
+// Parses a string for an Int32 flag, in the form of
+// "--flag=value".
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+bool ParseInt32Flag(const char* str, const char* flag, Int32* value) {
+  // Gets the value of the flag as a string.
+  const char* const value_str = ParseFlagValue(str, flag, false);
+
+  // Aborts if the parsing failed.
+  if (value_str == NULL) return false;
+
+  // Sets *value to the value of the flag.
+  return ParseInt32(Message() << "The value of flag --" << flag,
+                    value_str, value);
+}
+
+// Parses a string for a string flag, in the form of
+// "--flag=value".
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+bool ParseStringFlag(const char* str, const char* flag, std::string* value) {
+  // Gets the value of the flag as a string.
+  const char* const value_str = ParseFlagValue(str, flag, false);
+
+  // Aborts if the parsing failed.
+  if (value_str == NULL) return false;
+
+  // Sets *value to the value of the flag.
+  *value = value_str;
+  return true;
+}
+
+// Determines whether a string has a prefix that Google Test uses for its
+// flags, i.e., starts with GTEST_FLAG_PREFIX_ or GTEST_FLAG_PREFIX_DASH_.
+// If Google Test detects that a command line flag has its prefix but is not
+// recognized, it will print its help message. Flags starting with
+// GTEST_INTERNAL_PREFIX_ followed by "internal_" are considered Google Test
+// internal flags and do not trigger the help message.
+static bool HasGoogleTestFlagPrefix(const char* str) {
+  return (SkipPrefix("--", &str) ||
+          SkipPrefix("-", &str) ||
+          SkipPrefix("/", &str)) &&
+         !SkipPrefix(GTEST_FLAG_PREFIX_ "internal_", &str) &&
+         (SkipPrefix(GTEST_FLAG_PREFIX_, &str) ||
+          SkipPrefix(GTEST_FLAG_PREFIX_DASH_, &str));
+}
+
+// Prints a string containing code-encoded text.  The following escape
+// sequences can be used in the string to control the text color:
+//
+//   @@    prints a single '@' character.
+//   @R    changes the color to red.
+//   @G    changes the color to green.
+//   @Y    changes the color to yellow.
+//   @D    changes to the default terminal text color.
+//
+// TODO(wan@google.com): Write tests for this once we add stdout
+// capturing to Google Test.
+static void PrintColorEncoded(const char* str) {
+  GTestColor color = COLOR_DEFAULT;  // The current color.
+
+  // Conceptually, we split the string into segments divided by escape
+  // sequences.  Then we print one segment at a time.  At the end of
+  // each iteration, the str pointer advances to the beginning of the
+  // next segment.
+  for (;;) {
+    const char* p = strchr(str, '@');
+    if (p == NULL) {
+      ColoredPrintf(color, "%s", str);
+      return;
+    }
+
+    ColoredPrintf(color, "%s", std::string(str, p).c_str());
+
+    const char ch = p[1];
+    str = p + 2;
+    if (ch == '@') {
+      ColoredPrintf(color, "@");
+    } else if (ch == 'D') {
+      color = COLOR_DEFAULT;
+    } else if (ch == 'R') {
+      color = COLOR_RED;
+    } else if (ch == 'G') {
+      color = COLOR_GREEN;
+    } else if (ch == 'Y') {
+      color = COLOR_YELLOW;
+    } else {
+      --str;
+    }
+  }
+}
+
+static const char kColorEncodedHelpMessage[] =
+"This program contains tests written using " GTEST_NAME_ ". You can use the\n"
+"following command line flags to control its behavior:\n"
+"\n"
+"Test Selection:\n"
+"  @G--" GTEST_FLAG_PREFIX_ "list_tests@D\n"
+"      List the names of all tests instead of running them. The name of\n"
+"      TEST(Foo, Bar) is \"Foo.Bar\".\n"
+"  @G--" GTEST_FLAG_PREFIX_ "filter=@YPOSTIVE_PATTERNS"
+    "[@G-@YNEGATIVE_PATTERNS]@D\n"
+"      Run only the tests whose name matches one of the positive patterns but\n"
+"      none of the negative patterns. '?' matches any single character; '*'\n"
+"      matches any substring; ':' separates two patterns.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "also_run_disabled_tests@D\n"
+"      Run all disabled tests too.\n"
+"\n"
+"Test Execution:\n"
+"  @G--" GTEST_FLAG_PREFIX_ "repeat=@Y[COUNT]@D\n"
+"      Run the tests repeatedly; use a negative count to repeat forever.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "shuffle@D\n"
+"      Randomize tests' orders on every iteration.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "random_seed=@Y[NUMBER]@D\n"
+"      Random number seed to use for shuffling test orders (between 1 and\n"
+"      99999, or 0 to use a seed based on the current time).\n"
+"\n"
+"Test Output:\n"
+"  @G--" GTEST_FLAG_PREFIX_ "color=@Y(@Gyes@Y|@Gno@Y|@Gauto@Y)@D\n"
+"      Enable/disable colored output. The default is @Gauto@D.\n"
+"  -@G-" GTEST_FLAG_PREFIX_ "print_time=0@D\n"
+"      Don't print the elapsed time of each test.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "output=xml@Y[@G:@YDIRECTORY_PATH@G"
+    GTEST_PATH_SEP_ "@Y|@G:@YFILE_PATH]@D\n"
+"      Generate an XML report in the given directory or with the given file\n"
+"      name. @YFILE_PATH@D defaults to @Gtest_details.xml@D.\n"
+#if GTEST_CAN_STREAM_RESULTS_
+"  @G--" GTEST_FLAG_PREFIX_ "stream_result_to=@YHOST@G:@YPORT@D\n"
+"      Stream test results to the given server.\n"
+#endif  // GTEST_CAN_STREAM_RESULTS_
+"\n"
+"Assertion Behavior:\n"
+#if GTEST_HAS_DEATH_TEST && !GTEST_OS_WINDOWS
+"  @G--" GTEST_FLAG_PREFIX_ "death_test_style=@Y(@Gfast@Y|@Gthreadsafe@Y)@D\n"
+"      Set the default death test style.\n"
+#endif  // GTEST_HAS_DEATH_TEST && !GTEST_OS_WINDOWS
+"  @G--" GTEST_FLAG_PREFIX_ "break_on_failure@D\n"
+"      Turn assertion failures into debugger break-points.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "throw_on_failure@D\n"
+"      Turn assertion failures into C++ exceptions.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "catch_exceptions=0@D\n"
+"      Do not report exceptions as test failures. Instead, allow them\n"
+"      to crash the program or throw a pop-up (on Windows).\n"
+"\n"
+"Except for @G--" GTEST_FLAG_PREFIX_ "list_tests@D, you can alternatively set "
+    "the corresponding\n"
+"environment variable of a flag (all letters in upper-case). For example, to\n"
+"disable colored text output, you can either specify @G--" GTEST_FLAG_PREFIX_
+    "color=no@D or set\n"
+"the @G" GTEST_FLAG_PREFIX_UPPER_ "COLOR@D environment variable to @Gno@D.\n"
+"\n"
+"For more information, please read the " GTEST_NAME_ " documentation at\n"
+"@G" GTEST_PROJECT_URL_ "@D. If you find a bug in " GTEST_NAME_ "\n"
+"(not one in your own code or tests), please report it to\n"
+"@G<" GTEST_DEV_EMAIL_ ">@D.\n";
+
+// Parses the command line for Google Test flags, without initializing
+// other parts of Google Test.  The type parameter CharType can be
+// instantiated to either char or wchar_t.
+template <typename CharType>
+void ParseGoogleTestFlagsOnlyImpl(int* argc, CharType** argv) {
+  for (int i = 1; i < *argc; i++) {
+    const std::string arg_string = StreamableToString(argv[i]);
+    const char* const arg = arg_string.c_str();
+
+    using internal::ParseBoolFlag;
+    using internal::ParseInt32Flag;
+    using internal::ParseStringFlag;
+
+    // Do we see a Google Test flag?
+    if (ParseBoolFlag(arg, kAlsoRunDisabledTestsFlag,
+                      &GTEST_FLAG(also_run_disabled_tests)) ||
+        ParseBoolFlag(arg, kBreakOnFailureFlag,
+                      &GTEST_FLAG(break_on_failure)) ||
+        ParseBoolFlag(arg, kCatchExceptionsFlag,
+                      &GTEST_FLAG(catch_exceptions)) ||
+        ParseStringFlag(arg, kColorFlag, &GTEST_FLAG(color)) ||
+        ParseStringFlag(arg, kDeathTestStyleFlag,
+                        &GTEST_FLAG(death_test_style)) ||
+        ParseBoolFlag(arg, kDeathTestUseFork,
+                      &GTEST_FLAG(death_test_use_fork)) ||
+        ParseStringFlag(arg, kFilterFlag, &GTEST_FLAG(filter)) ||
+        ParseStringFlag(arg, kInternalRunDeathTestFlag,
+                        &GTEST_FLAG(internal_run_death_test)) ||
+        ParseBoolFlag(arg, kListTestsFlag, &GTEST_FLAG(list_tests)) ||
+        ParseStringFlag(arg, kOutputFlag, &GTEST_FLAG(output)) ||
+        ParseBoolFlag(arg, kPrintTimeFlag, &GTEST_FLAG(print_time)) ||
+        ParseInt32Flag(arg, kRandomSeedFlag, &GTEST_FLAG(random_seed)) ||
+        ParseInt32Flag(arg, kRepeatFlag, &GTEST_FLAG(repeat)) ||
+        ParseBoolFlag(arg, kShuffleFlag, &GTEST_FLAG(shuffle)) ||
+        ParseInt32Flag(arg, kStackTraceDepthFlag,
+                       &GTEST_FLAG(stack_trace_depth)) ||
+        ParseStringFlag(arg, kStreamResultToFlag,
+                        &GTEST_FLAG(stream_result_to)) ||
+        ParseBoolFlag(arg, kThrowOnFailureFlag,
+                      &GTEST_FLAG(throw_on_failure))
+        ) {
+      // Yes.  Shift the remainder of the argv list left by one.  Note
+      // that argv has (*argc + 1) elements, the last one always being
+      // NULL.  The following loop moves the trailing NULL element as
+      // well.
+      for (int j = i; j != *argc; j++) {
+        argv[j] = argv[j + 1];
+      }
+
+      // Decrements the argument count.
+      (*argc)--;
+
+      // We also need to decrement the iterator as we just removed
+      // an element.
+      i--;
+    } else if (arg_string == "--help" || arg_string == "-h" ||
+               arg_string == "-?" || arg_string == "/?" ||
+               HasGoogleTestFlagPrefix(arg)) {
+      // Both help flag and unrecognized Google Test flags (excluding
+      // internal ones) trigger help display.
+      g_help_flag = true;
+    }
+  }
+
+  if (g_help_flag) {
+    // We print the help here instead of in RUN_ALL_TESTS(), as the
+    // latter may not be called at all if the user is using Google
+    // Test with another testing framework.
+    PrintColorEncoded(kColorEncodedHelpMessage);
+  }
+}
+
+// Parses the command line for Google Test flags, without initializing
+// other parts of Google Test.
+void ParseGoogleTestFlagsOnly(int* argc, char** argv) {
+  ParseGoogleTestFlagsOnlyImpl(argc, argv);
+}
+void ParseGoogleTestFlagsOnly(int* argc, wchar_t** argv) {
+  ParseGoogleTestFlagsOnlyImpl(argc, argv);
+}
+
+// The internal implementation of InitGoogleTest().
+//
+// The type parameter CharType can be instantiated to either char or
+// wchar_t.
+template <typename CharType>
+void InitGoogleTestImpl(int* argc, CharType** argv) {
+  g_init_gtest_count++;
+
+  // We don't want to run the initialization code twice.
+  if (g_init_gtest_count != 1) return;
+
+  if (*argc <= 0) return;
+
+  internal::g_executable_path = internal::StreamableToString(argv[0]);
+
+#if GTEST_HAS_DEATH_TEST
+
+  g_argvs.clear();
+  for (int i = 0; i != *argc; i++) {
+    g_argvs.push_back(StreamableToString(argv[i]));
+  }
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+  ParseGoogleTestFlagsOnly(argc, argv);
+  GetUnitTestImpl()->PostFlagParsingInit();
+}
+
+}  // namespace internal
+
+// Initializes Google Test.  This must be called before calling
+// RUN_ALL_TESTS().  In particular, it parses a command line for the
+// flags that Google Test recognizes.  Whenever a Google Test flag is
+// seen, it is removed from argv, and *argc is decremented.
+//
+// No value is returned.  Instead, the Google Test flag variables are
+// updated.
+//
+// Calling the function for the second time has no user-visible effect.
+void InitGoogleTest(int* argc, char** argv) {
+  internal::InitGoogleTestImpl(argc, argv);
+}
+
+// This overloaded version can be used in Windows programs compiled in
+// UNICODE mode.
+void InitGoogleTest(int* argc, wchar_t** argv) {
+  internal::InitGoogleTestImpl(argc, argv);
+}
+
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/src/gtest_main.cc b/nss/external_tests/google_test/gtest/src/gtest_main.cc
new file mode 100644
index 0000000..f302822
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/src/gtest_main.cc
@@ -0,0 +1,38 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+GTEST_API_ int main(int argc, char **argv) {
+  printf("Running main() from gtest_main.cc\n");
+  testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest-death-test_ex_test.cc b/nss/external_tests/google_test/gtest/test/gtest-death-test_ex_test.cc
new file mode 100644
index 0000000..b50a13d
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-death-test_ex_test.cc
@@ -0,0 +1,93 @@
+// Copyright 2010, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests that verify interaction of exceptions and death tests.
+
+#include "gtest/gtest-death-test.h"
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_DEATH_TEST
+
+# if GTEST_HAS_SEH
+#  include <windows.h>          // For RaiseException().
+# endif
+
+# include "gtest/gtest-spi.h"
+
+# if GTEST_HAS_EXCEPTIONS
+
+#  include <exception>  // For std::exception.
+
+// Tests that death tests report thrown exceptions as failures and that the
+// exceptions do not escape death test macros.
+TEST(CxxExceptionDeathTest, ExceptionIsFailure) {
+  try {
+    EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(throw 1, ""), "threw an exception");
+  } catch (...) {  // NOLINT
+    FAIL() << "An exception escaped a death test macro invocation "
+           << "with catch_exceptions "
+           << (testing::GTEST_FLAG(catch_exceptions) ? "enabled" : "disabled");
+  }
+}
+
+class TestException : public std::exception {
+ public:
+  virtual const char* what() const throw() { return "exceptional message"; }
+};
+
+TEST(CxxExceptionDeathTest, PrintsMessageForStdExceptions) {
+  // Verifies that the exception message is quoted in the failure text.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(throw TestException(), ""),
+                          "exceptional message");
+  // Verifies that the location is mentioned in the failure text.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(throw TestException(), ""),
+                          "gtest-death-test_ex_test.cc");
+}
+# endif  // GTEST_HAS_EXCEPTIONS
+
+# if GTEST_HAS_SEH
+// Tests that enabling interception of SEH exceptions with the
+// catch_exceptions flag does not interfere with SEH exceptions being
+// treated as death by death tests.
+TEST(SehExceptionDeasTest, CatchExceptionsDoesNotInterfere) {
+  EXPECT_DEATH(RaiseException(42, 0x0, 0, NULL), "")
+      << "with catch_exceptions "
+      << (testing::GTEST_FLAG(catch_exceptions) ? "enabled" : "disabled");
+}
+# endif
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+  testing::GTEST_FLAG(catch_exceptions) = GTEST_ENABLE_CATCH_EXCEPTIONS_ != 0;
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest-death-test_test.cc b/nss/external_tests/google_test/gtest/test/gtest-death-test_test.cc
new file mode 100644
index 0000000..b25bc22
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-death-test_test.cc
@@ -0,0 +1,1423 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for death tests.
+
+#include "gtest/gtest-death-test.h"
+#include "gtest/gtest.h"
+#include "gtest/internal/gtest-filepath.h"
+
+using testing::internal::AlwaysFalse;
+using testing::internal::AlwaysTrue;
+
+#if GTEST_HAS_DEATH_TEST
+
+# if GTEST_OS_WINDOWS
+#  include <direct.h>          // For chdir().
+# else
+#  include <unistd.h>
+#  include <sys/wait.h>        // For waitpid.
+# endif  // GTEST_OS_WINDOWS
+
+# include <limits.h>
+# include <signal.h>
+# include <stdio.h>
+
+# if GTEST_OS_LINUX
+#  include <sys/time.h>
+# endif  // GTEST_OS_LINUX
+
+# include "gtest/gtest-spi.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+# define GTEST_IMPLEMENTATION_ 1
+# include "src/gtest-internal-inl.h"
+# undef GTEST_IMPLEMENTATION_
+
+namespace posix = ::testing::internal::posix;
+
+using testing::Message;
+using testing::internal::DeathTest;
+using testing::internal::DeathTestFactory;
+using testing::internal::FilePath;
+using testing::internal::GetLastErrnoDescription;
+using testing::internal::GetUnitTestImpl;
+using testing::internal::InDeathTestChild;
+using testing::internal::ParseNaturalNumber;
+
+namespace testing {
+namespace internal {
+
+// A helper class whose objects replace the death test factory for a
+// single UnitTest object during their lifetimes.
+class ReplaceDeathTestFactory {
+ public:
+  explicit ReplaceDeathTestFactory(DeathTestFactory* new_factory)
+      : unit_test_impl_(GetUnitTestImpl()) {
+    old_factory_ = unit_test_impl_->death_test_factory_.release();
+    unit_test_impl_->death_test_factory_.reset(new_factory);
+  }
+
+  ~ReplaceDeathTestFactory() {
+    unit_test_impl_->death_test_factory_.release();
+    unit_test_impl_->death_test_factory_.reset(old_factory_);
+  }
+ private:
+  // Prevents copying ReplaceDeathTestFactory objects.
+  ReplaceDeathTestFactory(const ReplaceDeathTestFactory&);
+  void operator=(const ReplaceDeathTestFactory&);
+
+  UnitTestImpl* unit_test_impl_;
+  DeathTestFactory* old_factory_;
+};
+
+}  // namespace internal
+}  // namespace testing
+
+void DieWithMessage(const ::std::string& message) {
+  fprintf(stderr, "%s", message.c_str());
+  fflush(stderr);  // Make sure the text is printed before the process exits.
+
+  // We call _exit() instead of exit(), as the former is a direct
+  // system call and thus safer in the presence of threads.  exit()
+  // will invoke user-defined exit-hooks, which may do dangerous
+  // things that conflict with death tests.
+  //
+  // Some compilers can recognize that _exit() never returns and issue the
+  // 'unreachable code' warning for code following this function, unless
+  // fooled by a fake condition.
+  if (AlwaysTrue())
+    _exit(1);
+}
+
+void DieInside(const ::std::string& function) {
+  DieWithMessage("death inside " + function + "().");
+}
+
+// Tests that death tests work.
+
+class TestForDeathTest : public testing::Test {
+ protected:
+  TestForDeathTest() : original_dir_(FilePath::GetCurrentDir()) {}
+
+  virtual ~TestForDeathTest() {
+    posix::ChDir(original_dir_.c_str());
+  }
+
+  // A static member function that's expected to die.
+  static void StaticMemberFunction() { DieInside("StaticMemberFunction"); }
+
+  // A method of the test fixture that may die.
+  void MemberFunction() {
+    if (should_die_)
+      DieInside("MemberFunction");
+  }
+
+  // True iff MemberFunction() should die.
+  bool should_die_;
+  const FilePath original_dir_;
+};
+
+// A class with a member function that may die.
+class MayDie {
+ public:
+  explicit MayDie(bool should_die) : should_die_(should_die) {}
+
+  // A member function that may die.
+  void MemberFunction() const {
+    if (should_die_)
+      DieInside("MayDie::MemberFunction");
+  }
+
+ private:
+  // True iff MemberFunction() should die.
+  bool should_die_;
+};
+
+// A global function that's expected to die.
+void GlobalFunction() { DieInside("GlobalFunction"); }
+
+// A non-void function that's expected to die.
+int NonVoidFunction() {
+  DieInside("NonVoidFunction");
+  return 1;
+}
+
+// A unary function that may die.
+void DieIf(bool should_die) {
+  if (should_die)
+    DieInside("DieIf");
+}
+
+// A binary function that may die.
+bool DieIfLessThan(int x, int y) {
+  if (x < y) {
+    DieInside("DieIfLessThan");
+  }
+  return true;
+}
+
+// Tests that ASSERT_DEATH can be used outside a TEST, TEST_F, or test fixture.
+void DeathTestSubroutine() {
+  EXPECT_DEATH(GlobalFunction(), "death.*GlobalFunction");
+  ASSERT_DEATH(GlobalFunction(), "death.*GlobalFunction");
+}
+
+// Death in dbg, not opt.
+int DieInDebugElse12(int* sideeffect) {
+  if (sideeffect) *sideeffect = 12;
+
+# ifndef NDEBUG
+
+  DieInside("DieInDebugElse12");
+
+# endif  // NDEBUG
+
+  return 12;
+}
+
+# if GTEST_OS_WINDOWS
+
+// Tests the ExitedWithCode predicate.
+TEST(ExitStatusPredicateTest, ExitedWithCode) {
+  // On Windows, the process's exit code is the same as its exit status,
+  // so the predicate just compares the its input with its parameter.
+  EXPECT_TRUE(testing::ExitedWithCode(0)(0));
+  EXPECT_TRUE(testing::ExitedWithCode(1)(1));
+  EXPECT_TRUE(testing::ExitedWithCode(42)(42));
+  EXPECT_FALSE(testing::ExitedWithCode(0)(1));
+  EXPECT_FALSE(testing::ExitedWithCode(1)(0));
+}
+
+# else
+
+// Returns the exit status of a process that calls _exit(2) with a
+// given exit code.  This is a helper function for the
+// ExitStatusPredicateTest test suite.
+static int NormalExitStatus(int exit_code) {
+  pid_t child_pid = fork();
+  if (child_pid == 0) {
+    _exit(exit_code);
+  }
+  int status;
+  waitpid(child_pid, &status, 0);
+  return status;
+}
+
+// Returns the exit status of a process that raises a given signal.
+// If the signal does not cause the process to die, then it returns
+// instead the exit status of a process that exits normally with exit
+// code 1.  This is a helper function for the ExitStatusPredicateTest
+// test suite.
+static int KilledExitStatus(int signum) {
+  pid_t child_pid = fork();
+  if (child_pid == 0) {
+    raise(signum);
+    _exit(1);
+  }
+  int status;
+  waitpid(child_pid, &status, 0);
+  return status;
+}
+
+// Tests the ExitedWithCode predicate.
+TEST(ExitStatusPredicateTest, ExitedWithCode) {
+  const int status0  = NormalExitStatus(0);
+  const int status1  = NormalExitStatus(1);
+  const int status42 = NormalExitStatus(42);
+  const testing::ExitedWithCode pred0(0);
+  const testing::ExitedWithCode pred1(1);
+  const testing::ExitedWithCode pred42(42);
+  EXPECT_PRED1(pred0,  status0);
+  EXPECT_PRED1(pred1,  status1);
+  EXPECT_PRED1(pred42, status42);
+  EXPECT_FALSE(pred0(status1));
+  EXPECT_FALSE(pred42(status0));
+  EXPECT_FALSE(pred1(status42));
+}
+
+// Tests the KilledBySignal predicate.
+TEST(ExitStatusPredicateTest, KilledBySignal) {
+  const int status_segv = KilledExitStatus(SIGSEGV);
+  const int status_kill = KilledExitStatus(SIGKILL);
+  const testing::KilledBySignal pred_segv(SIGSEGV);
+  const testing::KilledBySignal pred_kill(SIGKILL);
+  EXPECT_PRED1(pred_segv, status_segv);
+  EXPECT_PRED1(pred_kill, status_kill);
+  EXPECT_FALSE(pred_segv(status_kill));
+  EXPECT_FALSE(pred_kill(status_segv));
+}
+
+# endif  // GTEST_OS_WINDOWS
+
+// Tests that the death test macros expand to code which may or may not
+// be followed by operator<<, and that in either case the complete text
+// comprises only a single C++ statement.
+TEST_F(TestForDeathTest, SingleStatement) {
+  if (AlwaysFalse())
+    // This would fail if executed; this is a compilation test only
+    ASSERT_DEATH(return, "");
+
+  if (AlwaysTrue())
+    EXPECT_DEATH(_exit(1), "");
+  else
+    // This empty "else" branch is meant to ensure that EXPECT_DEATH
+    // doesn't expand into an "if" statement without an "else"
+    ;
+
+  if (AlwaysFalse())
+    ASSERT_DEATH(return, "") << "did not die";
+
+  if (AlwaysFalse())
+    ;
+  else
+    EXPECT_DEATH(_exit(1), "") << 1 << 2 << 3;
+}
+
+void DieWithEmbeddedNul() {
+  fprintf(stderr, "Hello%cmy null world.\n", '\0');
+  fflush(stderr);
+  _exit(1);
+}
+
+# if GTEST_USES_PCRE
+// Tests that EXPECT_DEATH and ASSERT_DEATH work when the error
+// message has a NUL character in it.
+TEST_F(TestForDeathTest, EmbeddedNulInMessage) {
+  // TODO(wan@google.com): <regex.h> doesn't support matching strings
+  // with embedded NUL characters - find a way to workaround it.
+  EXPECT_DEATH(DieWithEmbeddedNul(), "my null world");
+  ASSERT_DEATH(DieWithEmbeddedNul(), "my null world");
+}
+# endif  // GTEST_USES_PCRE
+
+// Tests that death test macros expand to code which interacts well with switch
+// statements.
+TEST_F(TestForDeathTest, SwitchStatement) {
+  // Microsoft compiler usually complains about switch statements without
+  // case labels. We suppress that warning for this test.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4065)
+
+  switch (0)
+    default:
+      ASSERT_DEATH(_exit(1), "") << "exit in default switch handler";
+
+  switch (0)
+    case 0:
+      EXPECT_DEATH(_exit(1), "") << "exit in switch case";
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+}
+
+// Tests that a static member function can be used in a "fast" style
+// death test.
+TEST_F(TestForDeathTest, StaticMemberFunctionFastStyle) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  ASSERT_DEATH(StaticMemberFunction(), "death.*StaticMember");
+}
+
+// Tests that a method of the test fixture can be used in a "fast"
+// style death test.
+TEST_F(TestForDeathTest, MemberFunctionFastStyle) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  should_die_ = true;
+  EXPECT_DEATH(MemberFunction(), "inside.*MemberFunction");
+}
+
+void ChangeToRootDir() { posix::ChDir(GTEST_PATH_SEP_); }
+
+// Tests that death tests work even if the current directory has been
+// changed.
+TEST_F(TestForDeathTest, FastDeathTestInChangedDir) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+
+  ChangeToRootDir();
+  EXPECT_EXIT(_exit(1), testing::ExitedWithCode(1), "");
+
+  ChangeToRootDir();
+  ASSERT_DEATH(_exit(1), "");
+}
+
+# if GTEST_OS_LINUX
+void SigprofAction(int, siginfo_t*, void*) { /* no op */ }
+
+// Sets SIGPROF action and ITIMER_PROF timer (interval: 1ms).
+void SetSigprofActionAndTimer() {
+  struct itimerval timer;
+  timer.it_interval.tv_sec = 0;
+  timer.it_interval.tv_usec = 1;
+  timer.it_value = timer.it_interval;
+  ASSERT_EQ(0, setitimer(ITIMER_PROF, &timer, NULL));
+  struct sigaction signal_action;
+  memset(&signal_action, 0, sizeof(signal_action));
+  sigemptyset(&signal_action.sa_mask);
+  signal_action.sa_sigaction = SigprofAction;
+  signal_action.sa_flags = SA_RESTART | SA_SIGINFO;
+  ASSERT_EQ(0, sigaction(SIGPROF, &signal_action, NULL));
+}
+
+// Disables ITIMER_PROF timer and ignores SIGPROF signal.
+void DisableSigprofActionAndTimer(struct sigaction* old_signal_action) {
+  struct itimerval timer;
+  timer.it_interval.tv_sec = 0;
+  timer.it_interval.tv_usec = 0;
+  timer.it_value = timer.it_interval;
+  ASSERT_EQ(0, setitimer(ITIMER_PROF, &timer, NULL));
+  struct sigaction signal_action;
+  memset(&signal_action, 0, sizeof(signal_action));
+  sigemptyset(&signal_action.sa_mask);
+  signal_action.sa_handler = SIG_IGN;
+  ASSERT_EQ(0, sigaction(SIGPROF, &signal_action, old_signal_action));
+}
+
+// Tests that death tests work when SIGPROF handler and timer are set.
+TEST_F(TestForDeathTest, FastSigprofActionSet) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  SetSigprofActionAndTimer();
+  EXPECT_DEATH(_exit(1), "");
+  struct sigaction old_signal_action;
+  DisableSigprofActionAndTimer(&old_signal_action);
+  EXPECT_TRUE(old_signal_action.sa_sigaction == SigprofAction);
+}
+
+TEST_F(TestForDeathTest, ThreadSafeSigprofActionSet) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  SetSigprofActionAndTimer();
+  EXPECT_DEATH(_exit(1), "");
+  struct sigaction old_signal_action;
+  DisableSigprofActionAndTimer(&old_signal_action);
+  EXPECT_TRUE(old_signal_action.sa_sigaction == SigprofAction);
+}
+# endif  // GTEST_OS_LINUX
+
+// Repeats a representative sample of death tests in the "threadsafe" style:
+
+TEST_F(TestForDeathTest, StaticMemberFunctionThreadsafeStyle) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  ASSERT_DEATH(StaticMemberFunction(), "death.*StaticMember");
+}
+
+TEST_F(TestForDeathTest, MemberFunctionThreadsafeStyle) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  should_die_ = true;
+  EXPECT_DEATH(MemberFunction(), "inside.*MemberFunction");
+}
+
+TEST_F(TestForDeathTest, ThreadsafeDeathTestInLoop) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+
+  for (int i = 0; i < 3; ++i)
+    EXPECT_EXIT(_exit(i), testing::ExitedWithCode(i), "") << ": i = " << i;
+}
+
+TEST_F(TestForDeathTest, ThreadsafeDeathTestInChangedDir) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+
+  ChangeToRootDir();
+  EXPECT_EXIT(_exit(1), testing::ExitedWithCode(1), "");
+
+  ChangeToRootDir();
+  ASSERT_DEATH(_exit(1), "");
+}
+
+TEST_F(TestForDeathTest, MixedStyles) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  EXPECT_DEATH(_exit(1), "");
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_DEATH(_exit(1), "");
+}
+
+# if GTEST_HAS_CLONE && GTEST_HAS_PTHREAD
+
+namespace {
+
+bool pthread_flag;
+
+void SetPthreadFlag() {
+  pthread_flag = true;
+}
+
+}  // namespace
+
+TEST_F(TestForDeathTest, DoesNotExecuteAtforkHooks) {
+  if (!testing::GTEST_FLAG(death_test_use_fork)) {
+    testing::GTEST_FLAG(death_test_style) = "threadsafe";
+    pthread_flag = false;
+    ASSERT_EQ(0, pthread_atfork(&SetPthreadFlag, NULL, NULL));
+    ASSERT_DEATH(_exit(1), "");
+    ASSERT_FALSE(pthread_flag);
+  }
+}
+
+# endif  // GTEST_HAS_CLONE && GTEST_HAS_PTHREAD
+
+// Tests that a method of another class can be used in a death test.
+TEST_F(TestForDeathTest, MethodOfAnotherClass) {
+  const MayDie x(true);
+  ASSERT_DEATH(x.MemberFunction(), "MayDie\\:\\:MemberFunction");
+}
+
+// Tests that a global function can be used in a death test.
+TEST_F(TestForDeathTest, GlobalFunction) {
+  EXPECT_DEATH(GlobalFunction(), "GlobalFunction");
+}
+
+// Tests that any value convertible to an RE works as a second
+// argument to EXPECT_DEATH.
+TEST_F(TestForDeathTest, AcceptsAnythingConvertibleToRE) {
+  static const char regex_c_str[] = "GlobalFunction";
+  EXPECT_DEATH(GlobalFunction(), regex_c_str);
+
+  const testing::internal::RE regex(regex_c_str);
+  EXPECT_DEATH(GlobalFunction(), regex);
+
+# if GTEST_HAS_GLOBAL_STRING
+
+  const string regex_str(regex_c_str);
+  EXPECT_DEATH(GlobalFunction(), regex_str);
+
+# endif  // GTEST_HAS_GLOBAL_STRING
+
+  const ::std::string regex_std_str(regex_c_str);
+  EXPECT_DEATH(GlobalFunction(), regex_std_str);
+}
+
+// Tests that a non-void function can be used in a death test.
+TEST_F(TestForDeathTest, NonVoidFunction) {
+  ASSERT_DEATH(NonVoidFunction(), "NonVoidFunction");
+}
+
+// Tests that functions that take parameter(s) can be used in a death test.
+TEST_F(TestForDeathTest, FunctionWithParameter) {
+  EXPECT_DEATH(DieIf(true), "DieIf\\(\\)");
+  EXPECT_DEATH(DieIfLessThan(2, 3), "DieIfLessThan");
+}
+
+// Tests that ASSERT_DEATH can be used outside a TEST, TEST_F, or test fixture.
+TEST_F(TestForDeathTest, OutsideFixture) {
+  DeathTestSubroutine();
+}
+
+// Tests that death tests can be done inside a loop.
+TEST_F(TestForDeathTest, InsideLoop) {
+  for (int i = 0; i < 5; i++) {
+    EXPECT_DEATH(DieIfLessThan(-1, i), "DieIfLessThan") << "where i == " << i;
+  }
+}
+
+// Tests that a compound statement can be used in a death test.
+TEST_F(TestForDeathTest, CompoundStatement) {
+  EXPECT_DEATH({  // NOLINT
+    const int x = 2;
+    const int y = x + 1;
+    DieIfLessThan(x, y);
+  },
+  "DieIfLessThan");
+}
+
+// Tests that code that doesn't die causes a death test to fail.
+TEST_F(TestForDeathTest, DoesNotDie) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(DieIf(false), "DieIf"),
+                          "failed to die");
+}
+
+// Tests that a death test fails when the error message isn't expected.
+TEST_F(TestForDeathTest, ErrorMessageMismatch) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_DEATH(DieIf(true), "DieIfLessThan") << "End of death test message.";
+  }, "died but not with expected error");
+}
+
+// On exit, *aborted will be true iff the EXPECT_DEATH() statement
+// aborted the function.
+void ExpectDeathTestHelper(bool* aborted) {
+  *aborted = true;
+  EXPECT_DEATH(DieIf(false), "DieIf");  // This assertion should fail.
+  *aborted = false;
+}
+
+// Tests that EXPECT_DEATH doesn't abort the test on failure.
+TEST_F(TestForDeathTest, EXPECT_DEATH) {
+  bool aborted = true;
+  EXPECT_NONFATAL_FAILURE(ExpectDeathTestHelper(&aborted),
+                          "failed to die");
+  EXPECT_FALSE(aborted);
+}
+
+// Tests that ASSERT_DEATH does abort the test on failure.
+TEST_F(TestForDeathTest, ASSERT_DEATH) {
+  static bool aborted;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    aborted = true;
+    ASSERT_DEATH(DieIf(false), "DieIf");  // This assertion should fail.
+    aborted = false;
+  }, "failed to die");
+  EXPECT_TRUE(aborted);
+}
+
+// Tests that EXPECT_DEATH evaluates the arguments exactly once.
+TEST_F(TestForDeathTest, SingleEvaluation) {
+  int x = 3;
+  EXPECT_DEATH(DieIf((++x) == 4), "DieIf");
+
+  const char* regex = "DieIf";
+  const char* regex_save = regex;
+  EXPECT_DEATH(DieIfLessThan(3, 4), regex++);
+  EXPECT_EQ(regex_save + 1, regex);
+}
+
+// Tests that run-away death tests are reported as failures.
+TEST_F(TestForDeathTest, RunawayIsFailure) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(static_cast<void>(0), "Foo"),
+                          "failed to die.");
+}
+
+// Tests that death tests report executing 'return' in the statement as
+// failure.
+TEST_F(TestForDeathTest, ReturnIsFailure) {
+  EXPECT_FATAL_FAILURE(ASSERT_DEATH(return, "Bar"),
+                       "illegal return in test statement.");
+}
+
+// Tests that EXPECT_DEBUG_DEATH works as expected, that is, you can stream a
+// message to it, and in debug mode it:
+// 1. Asserts on death.
+// 2. Has no side effect.
+//
+// And in opt mode, it:
+// 1.  Has side effects but does not assert.
+TEST_F(TestForDeathTest, TestExpectDebugDeath) {
+  int sideeffect = 0;
+
+  EXPECT_DEBUG_DEATH(DieInDebugElse12(&sideeffect), "death.*DieInDebugElse12")
+      << "Must accept a streamed message";
+
+# ifdef NDEBUG
+
+  // Checks that the assignment occurs in opt mode (sideeffect).
+  EXPECT_EQ(12, sideeffect);
+
+# else
+
+  // Checks that the assignment does not occur in dbg mode (no sideeffect).
+  EXPECT_EQ(0, sideeffect);
+
+# endif
+}
+
+// Tests that ASSERT_DEBUG_DEATH works as expected, that is, you can stream a
+// message to it, and in debug mode it:
+// 1. Asserts on death.
+// 2. Has no side effect.
+//
+// And in opt mode, it:
+// 1.  Has side effects but does not assert.
+TEST_F(TestForDeathTest, TestAssertDebugDeath) {
+  int sideeffect = 0;
+
+  ASSERT_DEBUG_DEATH(DieInDebugElse12(&sideeffect), "death.*DieInDebugElse12")
+      << "Must accept a streamed message";
+
+# ifdef NDEBUG
+
+  // Checks that the assignment occurs in opt mode (sideeffect).
+  EXPECT_EQ(12, sideeffect);
+
+# else
+
+  // Checks that the assignment does not occur in dbg mode (no sideeffect).
+  EXPECT_EQ(0, sideeffect);
+
+# endif
+}
+
+# ifndef NDEBUG
+
+void ExpectDebugDeathHelper(bool* aborted) {
+  *aborted = true;
+  EXPECT_DEBUG_DEATH(return, "") << "This is expected to fail.";
+  *aborted = false;
+}
+
+#  if GTEST_OS_WINDOWS
+TEST(PopUpDeathTest, DoesNotShowPopUpOnAbort) {
+  printf("This test should be considered failing if it shows "
+         "any pop-up dialogs.\n");
+  fflush(stdout);
+
+  EXPECT_DEATH({
+    testing::GTEST_FLAG(catch_exceptions) = false;
+    abort();
+  }, "");
+}
+#  endif  // GTEST_OS_WINDOWS
+
+// Tests that EXPECT_DEBUG_DEATH in debug mode does not abort
+// the function.
+TEST_F(TestForDeathTest, ExpectDebugDeathDoesNotAbort) {
+  bool aborted = true;
+  EXPECT_NONFATAL_FAILURE(ExpectDebugDeathHelper(&aborted), "");
+  EXPECT_FALSE(aborted);
+}
+
+void AssertDebugDeathHelper(bool* aborted) {
+  *aborted = true;
+  GTEST_LOG_(INFO) << "Before ASSERT_DEBUG_DEATH";
+  ASSERT_DEBUG_DEATH(GTEST_LOG_(INFO) << "In ASSERT_DEBUG_DEATH"; return, "")
+      << "This is expected to fail.";
+  GTEST_LOG_(INFO) << "After ASSERT_DEBUG_DEATH";
+  *aborted = false;
+}
+
+// Tests that ASSERT_DEBUG_DEATH in debug mode aborts the function on
+// failure.
+TEST_F(TestForDeathTest, AssertDebugDeathAborts) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts2) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts3) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts4) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts5) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts6) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts7) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts8) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts9) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts10) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+# endif  // _NDEBUG
+
+// Tests the *_EXIT family of macros, using a variety of predicates.
+static void TestExitMacros() {
+  EXPECT_EXIT(_exit(1),  testing::ExitedWithCode(1),  "");
+  ASSERT_EXIT(_exit(42), testing::ExitedWithCode(42), "");
+
+# if GTEST_OS_WINDOWS
+
+  // Of all signals effects on the process exit code, only those of SIGABRT
+  // are documented on Windows.
+  // See http://msdn.microsoft.com/en-us/library/dwwzkt4c(VS.71).aspx.
+  EXPECT_EXIT(raise(SIGABRT), testing::ExitedWithCode(3), "") << "b_ar";
+
+# else
+
+  EXPECT_EXIT(raise(SIGKILL), testing::KilledBySignal(SIGKILL), "") << "foo";
+  ASSERT_EXIT(raise(SIGUSR2), testing::KilledBySignal(SIGUSR2), "") << "bar";
+
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EXIT(_exit(0), testing::KilledBySignal(SIGSEGV), "")
+      << "This failure is expected, too.";
+  }, "This failure is expected, too.");
+
+# endif  // GTEST_OS_WINDOWS
+
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_EXIT(raise(SIGSEGV), testing::ExitedWithCode(0), "")
+      << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+TEST_F(TestForDeathTest, ExitMacros) {
+  TestExitMacros();
+}
+
+TEST_F(TestForDeathTest, ExitMacrosUsingFork) {
+  testing::GTEST_FLAG(death_test_use_fork) = true;
+  TestExitMacros();
+}
+
+TEST_F(TestForDeathTest, InvalidStyle) {
+  testing::GTEST_FLAG(death_test_style) = "rococo";
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_DEATH(_exit(0), "") << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+TEST_F(TestForDeathTest, DeathTestFailedOutput) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_DEATH(DieWithMessage("death\n"),
+                   "expected message"),
+      "Actual msg:\n"
+      "[  DEATH   ] death\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestUnexpectedReturnOutput) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_DEATH({
+          fprintf(stderr, "returning\n");
+          fflush(stderr);
+          return;
+        }, ""),
+      "    Result: illegal return in test statement.\n"
+      " Error msg:\n"
+      "[  DEATH   ] returning\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestBadExitCodeOutput) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_EXIT(DieWithMessage("exiting with rc 1\n"),
+                  testing::ExitedWithCode(3),
+                  "expected message"),
+      "    Result: died but not with expected exit code:\n"
+      "            Exited with exit status 1\n"
+      "Actual msg:\n"
+      "[  DEATH   ] exiting with rc 1\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestMultiLineMatchFail) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_DEATH(DieWithMessage("line 1\nline 2\nline 3\n"),
+                   "line 1\nxyz\nline 3\n"),
+      "Actual msg:\n"
+      "[  DEATH   ] line 1\n"
+      "[  DEATH   ] line 2\n"
+      "[  DEATH   ] line 3\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestMultiLineMatchPass) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_DEATH(DieWithMessage("line 1\nline 2\nline 3\n"),
+               "line 1\nline 2\nline 3\n");
+}
+
+// A DeathTestFactory that returns MockDeathTests.
+class MockDeathTestFactory : public DeathTestFactory {
+ public:
+  MockDeathTestFactory();
+  virtual bool Create(const char* statement,
+                      const ::testing::internal::RE* regex,
+                      const char* file, int line, DeathTest** test);
+
+  // Sets the parameters for subsequent calls to Create.
+  void SetParameters(bool create, DeathTest::TestRole role,
+                     int status, bool passed);
+
+  // Accessors.
+  int AssumeRoleCalls() const { return assume_role_calls_; }
+  int WaitCalls() const { return wait_calls_; }
+  int PassedCalls() const { return passed_args_.size(); }
+  bool PassedArgument(int n) const { return passed_args_[n]; }
+  int AbortCalls() const { return abort_args_.size(); }
+  DeathTest::AbortReason AbortArgument(int n) const {
+    return abort_args_[n];
+  }
+  bool TestDeleted() const { return test_deleted_; }
+
+ private:
+  friend class MockDeathTest;
+  // If true, Create will return a MockDeathTest; otherwise it returns
+  // NULL.
+  bool create_;
+  // The value a MockDeathTest will return from its AssumeRole method.
+  DeathTest::TestRole role_;
+  // The value a MockDeathTest will return from its Wait method.
+  int status_;
+  // The value a MockDeathTest will return from its Passed method.
+  bool passed_;
+
+  // Number of times AssumeRole was called.
+  int assume_role_calls_;
+  // Number of times Wait was called.
+  int wait_calls_;
+  // The arguments to the calls to Passed since the last call to
+  // SetParameters.
+  std::vector<bool> passed_args_;
+  // The arguments to the calls to Abort since the last call to
+  // SetParameters.
+  std::vector<DeathTest::AbortReason> abort_args_;
+  // True if the last MockDeathTest returned by Create has been
+  // deleted.
+  bool test_deleted_;
+};
+
+
+// A DeathTest implementation useful in testing.  It returns values set
+// at its creation from its various inherited DeathTest methods, and
+// reports calls to those methods to its parent MockDeathTestFactory
+// object.
+class MockDeathTest : public DeathTest {
+ public:
+  MockDeathTest(MockDeathTestFactory *parent,
+                TestRole role, int status, bool passed) :
+      parent_(parent), role_(role), status_(status), passed_(passed) {
+  }
+  virtual ~MockDeathTest() {
+    parent_->test_deleted_ = true;
+  }
+  virtual TestRole AssumeRole() {
+    ++parent_->assume_role_calls_;
+    return role_;
+  }
+  virtual int Wait() {
+    ++parent_->wait_calls_;
+    return status_;
+  }
+  virtual bool Passed(bool exit_status_ok) {
+    parent_->passed_args_.push_back(exit_status_ok);
+    return passed_;
+  }
+  virtual void Abort(AbortReason reason) {
+    parent_->abort_args_.push_back(reason);
+  }
+
+ private:
+  MockDeathTestFactory* const parent_;
+  const TestRole role_;
+  const int status_;
+  const bool passed_;
+};
+
+
+// MockDeathTestFactory constructor.
+MockDeathTestFactory::MockDeathTestFactory()
+    : create_(true),
+      role_(DeathTest::OVERSEE_TEST),
+      status_(0),
+      passed_(true),
+      assume_role_calls_(0),
+      wait_calls_(0),
+      passed_args_(),
+      abort_args_() {
+}
+
+
+// Sets the parameters for subsequent calls to Create.
+void MockDeathTestFactory::SetParameters(bool create,
+                                         DeathTest::TestRole role,
+                                         int status, bool passed) {
+  create_ = create;
+  role_ = role;
+  status_ = status;
+  passed_ = passed;
+
+  assume_role_calls_ = 0;
+  wait_calls_ = 0;
+  passed_args_.clear();
+  abort_args_.clear();
+}
+
+
+// Sets test to NULL (if create_ is false) or to the address of a new
+// MockDeathTest object with parameters taken from the last call
+// to SetParameters (if create_ is true).  Always returns true.
+bool MockDeathTestFactory::Create(const char* /*statement*/,
+                                  const ::testing::internal::RE* /*regex*/,
+                                  const char* /*file*/,
+                                  int /*line*/,
+                                  DeathTest** test) {
+  test_deleted_ = false;
+  if (create_) {
+    *test = new MockDeathTest(this, role_, status_, passed_);
+  } else {
+    *test = NULL;
+  }
+  return true;
+}
+
+// A test fixture for testing the logic of the GTEST_DEATH_TEST_ macro.
+// It installs a MockDeathTestFactory that is used for the duration
+// of the test case.
+class MacroLogicDeathTest : public testing::Test {
+ protected:
+  static testing::internal::ReplaceDeathTestFactory* replacer_;
+  static MockDeathTestFactory* factory_;
+
+  static void SetUpTestCase() {
+    factory_ = new MockDeathTestFactory;
+    replacer_ = new testing::internal::ReplaceDeathTestFactory(factory_);
+  }
+
+  static void TearDownTestCase() {
+    delete replacer_;
+    replacer_ = NULL;
+    delete factory_;
+    factory_ = NULL;
+  }
+
+  // Runs a death test that breaks the rules by returning.  Such a death
+  // test cannot be run directly from a test routine that uses a
+  // MockDeathTest, or the remainder of the routine will not be executed.
+  static void RunReturningDeathTest(bool* flag) {
+    ASSERT_DEATH({  // NOLINT
+      *flag = true;
+      return;
+    }, "");
+  }
+};
+
+testing::internal::ReplaceDeathTestFactory* MacroLogicDeathTest::replacer_
+    = NULL;
+MockDeathTestFactory* MacroLogicDeathTest::factory_ = NULL;
+
+
+// Test that nothing happens when the factory doesn't return a DeathTest:
+TEST_F(MacroLogicDeathTest, NothingHappens) {
+  bool flag = false;
+  factory_->SetParameters(false, DeathTest::OVERSEE_TEST, 0, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_FALSE(flag);
+  EXPECT_EQ(0, factory_->AssumeRoleCalls());
+  EXPECT_EQ(0, factory_->WaitCalls());
+  EXPECT_EQ(0, factory_->PassedCalls());
+  EXPECT_EQ(0, factory_->AbortCalls());
+  EXPECT_FALSE(factory_->TestDeleted());
+}
+
+// Test that the parent process doesn't run the death test code,
+// and that the Passed method returns false when the (simulated)
+// child process exits with status 0:
+TEST_F(MacroLogicDeathTest, ChildExitsSuccessfully) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::OVERSEE_TEST, 0, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_FALSE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(1, factory_->WaitCalls());
+  ASSERT_EQ(1, factory_->PassedCalls());
+  EXPECT_FALSE(factory_->PassedArgument(0));
+  EXPECT_EQ(0, factory_->AbortCalls());
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that the Passed method was given the argument "true" when
+// the (simulated) child process exits with status 1:
+TEST_F(MacroLogicDeathTest, ChildExitsUnsuccessfully) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::OVERSEE_TEST, 1, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_FALSE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(1, factory_->WaitCalls());
+  ASSERT_EQ(1, factory_->PassedCalls());
+  EXPECT_TRUE(factory_->PassedArgument(0));
+  EXPECT_EQ(0, factory_->AbortCalls());
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that the (simulated) child process executes the death test
+// code, and is aborted with the correct AbortReason if it
+// executes a return statement.
+TEST_F(MacroLogicDeathTest, ChildPerformsReturn) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::EXECUTE_TEST, 0, true);
+  RunReturningDeathTest(&flag);
+  EXPECT_TRUE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(0, factory_->WaitCalls());
+  EXPECT_EQ(0, factory_->PassedCalls());
+  EXPECT_EQ(1, factory_->AbortCalls());
+  EXPECT_EQ(DeathTest::TEST_ENCOUNTERED_RETURN_STATEMENT,
+            factory_->AbortArgument(0));
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that the (simulated) child process is aborted with the
+// correct AbortReason if it does not die.
+TEST_F(MacroLogicDeathTest, ChildDoesNotDie) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::EXECUTE_TEST, 0, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_TRUE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(0, factory_->WaitCalls());
+  EXPECT_EQ(0, factory_->PassedCalls());
+  // This time there are two calls to Abort: one since the test didn't
+  // die, and another from the ReturnSentinel when it's destroyed.  The
+  // sentinel normally isn't destroyed if a test doesn't die, since
+  // _exit(2) is called in that case by ForkingDeathTest, but not by
+  // our MockDeathTest.
+  ASSERT_EQ(2, factory_->AbortCalls());
+  EXPECT_EQ(DeathTest::TEST_DID_NOT_DIE,
+            factory_->AbortArgument(0));
+  EXPECT_EQ(DeathTest::TEST_ENCOUNTERED_RETURN_STATEMENT,
+            factory_->AbortArgument(1));
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that a successful death test does not register a successful
+// test part.
+TEST(SuccessRegistrationDeathTest, NoSuccessPart) {
+  EXPECT_DEATH(_exit(1), "");
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+TEST(StreamingAssertionsDeathTest, DeathTest) {
+  EXPECT_DEATH(_exit(1), "") << "unexpected failure";
+  ASSERT_DEATH(_exit(1), "") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_DEATH(_exit(0), "") << "expected failure";
+  }, "expected failure");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_DEATH(_exit(0), "") << "expected failure";
+  }, "expected failure");
+}
+
+// Tests that GetLastErrnoDescription returns an empty string when the
+// last error is 0 and non-empty string when it is non-zero.
+TEST(GetLastErrnoDescription, GetLastErrnoDescriptionWorks) {
+  errno = ENOENT;
+  EXPECT_STRNE("", GetLastErrnoDescription().c_str());
+  errno = 0;
+  EXPECT_STREQ("", GetLastErrnoDescription().c_str());
+}
+
+# if GTEST_OS_WINDOWS
+TEST(AutoHandleTest, AutoHandleWorks) {
+  HANDLE handle = ::CreateEvent(NULL, FALSE, FALSE, NULL);
+  ASSERT_NE(INVALID_HANDLE_VALUE, handle);
+
+  // Tests that the AutoHandle is correctly initialized with a handle.
+  testing::internal::AutoHandle auto_handle(handle);
+  EXPECT_EQ(handle, auto_handle.Get());
+
+  // Tests that Reset assigns INVALID_HANDLE_VALUE.
+  // Note that this cannot verify whether the original handle is closed.
+  auto_handle.Reset();
+  EXPECT_EQ(INVALID_HANDLE_VALUE, auto_handle.Get());
+
+  // Tests that Reset assigns the new handle.
+  // Note that this cannot verify whether the original handle is closed.
+  handle = ::CreateEvent(NULL, FALSE, FALSE, NULL);
+  ASSERT_NE(INVALID_HANDLE_VALUE, handle);
+  auto_handle.Reset(handle);
+  EXPECT_EQ(handle, auto_handle.Get());
+
+  // Tests that AutoHandle contains INVALID_HANDLE_VALUE by default.
+  testing::internal::AutoHandle auto_handle2;
+  EXPECT_EQ(INVALID_HANDLE_VALUE, auto_handle2.Get());
+}
+# endif  // GTEST_OS_WINDOWS
+
+# if GTEST_OS_WINDOWS
+typedef unsigned __int64 BiggestParsable;
+typedef signed __int64 BiggestSignedParsable;
+# else
+typedef unsigned long long BiggestParsable;
+typedef signed long long BiggestSignedParsable;
+# endif  // GTEST_OS_WINDOWS
+
+// We cannot use std::numeric_limits<T>::max() as it clashes with the
+// max() macro defined by <windows.h>.
+const BiggestParsable kBiggestParsableMax = ULLONG_MAX;
+const BiggestSignedParsable kBiggestSignedParsableMax = LLONG_MAX;
+
+TEST(ParseNaturalNumberTest, RejectsInvalidFormat) {
+  BiggestParsable result = 0;
+
+  // Rejects non-numbers.
+  EXPECT_FALSE(ParseNaturalNumber("non-number string", &result));
+
+  // Rejects numbers with whitespace prefix.
+  EXPECT_FALSE(ParseNaturalNumber(" 123", &result));
+
+  // Rejects negative numbers.
+  EXPECT_FALSE(ParseNaturalNumber("-123", &result));
+
+  // Rejects numbers starting with a plus sign.
+  EXPECT_FALSE(ParseNaturalNumber("+123", &result));
+  errno = 0;
+}
+
+TEST(ParseNaturalNumberTest, RejectsOverflownNumbers) {
+  BiggestParsable result = 0;
+
+  EXPECT_FALSE(ParseNaturalNumber("99999999999999999999999", &result));
+
+  signed char char_result = 0;
+  EXPECT_FALSE(ParseNaturalNumber("200", &char_result));
+  errno = 0;
+}
+
+TEST(ParseNaturalNumberTest, AcceptsValidNumbers) {
+  BiggestParsable result = 0;
+
+  result = 0;
+  ASSERT_TRUE(ParseNaturalNumber("123", &result));
+  EXPECT_EQ(123U, result);
+
+  // Check 0 as an edge case.
+  result = 1;
+  ASSERT_TRUE(ParseNaturalNumber("0", &result));
+  EXPECT_EQ(0U, result);
+
+  result = 1;
+  ASSERT_TRUE(ParseNaturalNumber("00000", &result));
+  EXPECT_EQ(0U, result);
+}
+
+TEST(ParseNaturalNumberTest, AcceptsTypeLimits) {
+  Message msg;
+  msg << kBiggestParsableMax;
+
+  BiggestParsable result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg.GetString(), &result));
+  EXPECT_EQ(kBiggestParsableMax, result);
+
+  Message msg2;
+  msg2 << kBiggestSignedParsableMax;
+
+  BiggestSignedParsable signed_result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg2.GetString(), &signed_result));
+  EXPECT_EQ(kBiggestSignedParsableMax, signed_result);
+
+  Message msg3;
+  msg3 << INT_MAX;
+
+  int int_result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg3.GetString(), &int_result));
+  EXPECT_EQ(INT_MAX, int_result);
+
+  Message msg4;
+  msg4 << UINT_MAX;
+
+  unsigned int uint_result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg4.GetString(), &uint_result));
+  EXPECT_EQ(UINT_MAX, uint_result);
+}
+
+TEST(ParseNaturalNumberTest, WorksForShorterIntegers) {
+  short short_result = 0;
+  ASSERT_TRUE(ParseNaturalNumber("123", &short_result));
+  EXPECT_EQ(123, short_result);
+
+  signed char char_result = 0;
+  ASSERT_TRUE(ParseNaturalNumber("123", &char_result));
+  EXPECT_EQ(123, char_result);
+}
+
+# if GTEST_OS_WINDOWS
+TEST(EnvironmentTest, HandleFitsIntoSizeT) {
+  // TODO(vladl@google.com): Remove this test after this condition is verified
+  // in a static assertion in gtest-death-test.cc in the function
+  // GetStatusFileDescriptor.
+  ASSERT_TRUE(sizeof(HANDLE) <= sizeof(size_t));
+}
+# endif  // GTEST_OS_WINDOWS
+
+// Tests that EXPECT_DEATH_IF_SUPPORTED/ASSERT_DEATH_IF_SUPPORTED trigger
+// failures when death tests are available on the system.
+TEST(ConditionalDeathMacrosDeathTest, ExpectsDeathWhenDeathTestsAvailable) {
+  EXPECT_DEATH_IF_SUPPORTED(DieInside("CondDeathTestExpectMacro"),
+                            "death inside CondDeathTestExpectMacro");
+  ASSERT_DEATH_IF_SUPPORTED(DieInside("CondDeathTestAssertMacro"),
+                            "death inside CondDeathTestAssertMacro");
+
+  // Empty statement will not crash, which must trigger a failure.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH_IF_SUPPORTED(;, ""), "");
+  EXPECT_FATAL_FAILURE(ASSERT_DEATH_IF_SUPPORTED(;, ""), "");
+}
+
+TEST(InDeathTestChildDeathTest, ReportsDeathTestCorrectlyInFastStyle) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_FALSE(InDeathTestChild());
+  EXPECT_DEATH({
+    fprintf(stderr, InDeathTestChild() ? "Inside" : "Outside");
+    fflush(stderr);
+    _exit(1);
+  }, "Inside");
+}
+
+TEST(InDeathTestChildDeathTest, ReportsDeathTestCorrectlyInThreadSafeStyle) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  EXPECT_FALSE(InDeathTestChild());
+  EXPECT_DEATH({
+    fprintf(stderr, InDeathTestChild() ? "Inside" : "Outside");
+    fflush(stderr);
+    _exit(1);
+  }, "Inside");
+}
+
+#else  // !GTEST_HAS_DEATH_TEST follows
+
+using testing::internal::CaptureStderr;
+using testing::internal::GetCapturedStderr;
+
+// Tests that EXPECT_DEATH_IF_SUPPORTED/ASSERT_DEATH_IF_SUPPORTED are still
+// defined but do not trigger failures when death tests are not available on
+// the system.
+TEST(ConditionalDeathMacrosTest, WarnsWhenDeathTestsNotAvailable) {
+  // Empty statement will not crash, but that should not trigger a failure
+  // when death tests are not supported.
+  CaptureStderr();
+  EXPECT_DEATH_IF_SUPPORTED(;, "");
+  std::string output = GetCapturedStderr();
+  ASSERT_TRUE(NULL != strstr(output.c_str(),
+                             "Death tests are not supported on this platform"));
+  ASSERT_TRUE(NULL != strstr(output.c_str(), ";"));
+
+  // The streamed message should not be printed as there is no test failure.
+  CaptureStderr();
+  EXPECT_DEATH_IF_SUPPORTED(;, "") << "streamed message";
+  output = GetCapturedStderr();
+  ASSERT_TRUE(NULL == strstr(output.c_str(), "streamed message"));
+
+  CaptureStderr();
+  ASSERT_DEATH_IF_SUPPORTED(;, "");  // NOLINT
+  output = GetCapturedStderr();
+  ASSERT_TRUE(NULL != strstr(output.c_str(),
+                             "Death tests are not supported on this platform"));
+  ASSERT_TRUE(NULL != strstr(output.c_str(), ";"));
+
+  CaptureStderr();
+  ASSERT_DEATH_IF_SUPPORTED(;, "") << "streamed message";  // NOLINT
+  output = GetCapturedStderr();
+  ASSERT_TRUE(NULL == strstr(output.c_str(), "streamed message"));
+}
+
+void FuncWithAssert(int* n) {
+  ASSERT_DEATH_IF_SUPPORTED(return;, "");
+  (*n)++;
+}
+
+// Tests that ASSERT_DEATH_IF_SUPPORTED does not return from the current
+// function (as ASSERT_DEATH does) if death tests are not supported.
+TEST(ConditionalDeathMacrosTest, AssertDeatDoesNotReturnhIfUnsupported) {
+  int n = 0;
+  FuncWithAssert(&n);
+  EXPECT_EQ(1, n);
+}
+
+#endif  // !GTEST_HAS_DEATH_TEST
+
+// Tests that the death test macros expand to code which may or may not
+// be followed by operator<<, and that in either case the complete text
+// comprises only a single C++ statement.
+//
+// The syntax should work whether death tests are available or not.
+TEST(ConditionalDeathMacrosSyntaxDeathTest, SingleStatement) {
+  if (AlwaysFalse())
+    // This would fail if executed; this is a compilation test only
+    ASSERT_DEATH_IF_SUPPORTED(return, "");
+
+  if (AlwaysTrue())
+    EXPECT_DEATH_IF_SUPPORTED(_exit(1), "");
+  else
+    // This empty "else" branch is meant to ensure that EXPECT_DEATH
+    // doesn't expand into an "if" statement without an "else"
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ASSERT_DEATH_IF_SUPPORTED(return, "") << "did not die";
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    EXPECT_DEATH_IF_SUPPORTED(_exit(1), "") << 1 << 2 << 3;
+}
+
+// Tests that conditional death test macros expand to code which interacts
+// well with switch statements.
+TEST(ConditionalDeathMacrosSyntaxDeathTest, SwitchStatement) {
+  // Microsoft compiler usually complains about switch statements without
+  // case labels. We suppress that warning for this test.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4065)
+
+  switch (0)
+    default:
+      ASSERT_DEATH_IF_SUPPORTED(_exit(1), "")
+          << "exit in default switch handler";
+
+  switch (0)
+    case 0:
+      EXPECT_DEATH_IF_SUPPORTED(_exit(1), "") << "exit in switch case";
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+}
+
+// Tests that a test case whose name ends with "DeathTest" works fine
+// on Windows.
+TEST(NotADeathTest, Test) {
+  SUCCEED();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest-filepath_test.cc b/nss/external_tests/google_test/gtest/test/gtest-filepath_test.cc
new file mode 100644
index 0000000..ae9f55a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-filepath_test.cc
@@ -0,0 +1,680 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: keith.ray@gmail.com (Keith Ray)
+//
+// Google Test filepath utilities
+//
+// This file tests classes and functions used internally by
+// Google Test.  They are subject to change without notice.
+//
+// This file is #included from gtest_unittest.cc, to avoid changing
+// build or make-files for some existing Google Test clients. Do not
+// #include this file anywhere else!
+
+#include "gtest/internal/gtest-filepath.h"
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#if GTEST_OS_WINDOWS_MOBILE
+# include <windows.h>  // NOLINT
+#elif GTEST_OS_WINDOWS
+# include <direct.h>  // NOLINT
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+namespace testing {
+namespace internal {
+namespace {
+
+#if GTEST_OS_WINDOWS_MOBILE
+// TODO(wan@google.com): Move these to the POSIX adapter section in
+// gtest-port.h.
+
+// Windows CE doesn't have the remove C function.
+int remove(const char* path) {
+  LPCWSTR wpath = String::AnsiToUtf16(path);
+  int ret = DeleteFile(wpath) ? 0 : -1;
+  delete [] wpath;
+  return ret;
+}
+// Windows CE doesn't have the _rmdir C function.
+int _rmdir(const char* path) {
+  FilePath filepath(path);
+  LPCWSTR wpath = String::AnsiToUtf16(
+      filepath.RemoveTrailingPathSeparator().c_str());
+  int ret = RemoveDirectory(wpath) ? 0 : -1;
+  delete [] wpath;
+  return ret;
+}
+
+#else
+
+TEST(GetCurrentDirTest, ReturnsCurrentDir) {
+  const FilePath original_dir = FilePath::GetCurrentDir();
+  EXPECT_FALSE(original_dir.IsEmpty());
+
+  posix::ChDir(GTEST_PATH_SEP_);
+  const FilePath cwd = FilePath::GetCurrentDir();
+  posix::ChDir(original_dir.c_str());
+
+# if GTEST_OS_WINDOWS
+
+  // Skips the ":".
+  const char* const cwd_without_drive = strchr(cwd.c_str(), ':');
+  ASSERT_TRUE(cwd_without_drive != NULL);
+  EXPECT_STREQ(GTEST_PATH_SEP_, cwd_without_drive + 1);
+
+# else
+
+  EXPECT_EQ(GTEST_PATH_SEP_, cwd.string());
+
+# endif
+}
+
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+TEST(IsEmptyTest, ReturnsTrueForEmptyPath) {
+  EXPECT_TRUE(FilePath("").IsEmpty());
+}
+
+TEST(IsEmptyTest, ReturnsFalseForNonEmptyPath) {
+  EXPECT_FALSE(FilePath("a").IsEmpty());
+  EXPECT_FALSE(FilePath(".").IsEmpty());
+  EXPECT_FALSE(FilePath("a/b").IsEmpty());
+  EXPECT_FALSE(FilePath("a\\b\\").IsEmpty());
+}
+
+// RemoveDirectoryName "" -> ""
+TEST(RemoveDirectoryNameTest, WhenEmptyName) {
+  EXPECT_EQ("", FilePath("").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "afile" -> "afile"
+TEST(RemoveDirectoryNameTest, ButNoDirectory) {
+  EXPECT_EQ("afile",
+      FilePath("afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "/afile" -> "afile"
+TEST(RemoveDirectoryNameTest, RootFileShouldGiveFileName) {
+  EXPECT_EQ("afile",
+      FilePath(GTEST_PATH_SEP_ "afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "adir/" -> ""
+TEST(RemoveDirectoryNameTest, WhereThereIsNoFileName) {
+  EXPECT_EQ("",
+      FilePath("adir" GTEST_PATH_SEP_).RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "adir/afile" -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldGiveFileName) {
+  EXPECT_EQ("afile",
+      FilePath("adir" GTEST_PATH_SEP_ "afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "adir/subdir/afile" -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldAlsoGiveFileName) {
+  EXPECT_EQ("afile",
+      FilePath("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_ "afile")
+      .RemoveDirectoryName().string());
+}
+
+#if GTEST_HAS_ALT_PATH_SEP_
+
+// Tests that RemoveDirectoryName() works with the alternate separator
+// on Windows.
+
+// RemoveDirectoryName("/afile") -> "afile"
+TEST(RemoveDirectoryNameTest, RootFileShouldGiveFileNameForAlternateSeparator) {
+  EXPECT_EQ("afile", FilePath("/afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName("adir/") -> ""
+TEST(RemoveDirectoryNameTest, WhereThereIsNoFileNameForAlternateSeparator) {
+  EXPECT_EQ("", FilePath("adir/").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName("adir/afile") -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldGiveFileNameForAlternateSeparator) {
+  EXPECT_EQ("afile", FilePath("adir/afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName("adir/subdir/afile") -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldAlsoGiveFileNameForAlternateSeparator) {
+  EXPECT_EQ("afile",
+            FilePath("adir/subdir/afile").RemoveDirectoryName().string());
+}
+
+#endif
+
+// RemoveFileName "" -> "./"
+TEST(RemoveFileNameTest, EmptyName) {
+#if GTEST_OS_WINDOWS_MOBILE
+  // On Windows CE, we use the root as the current directory.
+  EXPECT_EQ(GTEST_PATH_SEP_, FilePath("").RemoveFileName().string());
+#else
+  EXPECT_EQ("." GTEST_PATH_SEP_, FilePath("").RemoveFileName().string());
+#endif
+}
+
+// RemoveFileName "adir/" -> "adir/"
+TEST(RemoveFileNameTest, ButNoFile) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+      FilePath("adir" GTEST_PATH_SEP_).RemoveFileName().string());
+}
+
+// RemoveFileName "adir/afile" -> "adir/"
+TEST(RemoveFileNameTest, GivesDirName) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+            FilePath("adir" GTEST_PATH_SEP_ "afile").RemoveFileName().string());
+}
+
+// RemoveFileName "adir/subdir/afile" -> "adir/subdir/"
+TEST(RemoveFileNameTest, GivesDirAndSubDirName) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_,
+      FilePath("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_ "afile")
+      .RemoveFileName().string());
+}
+
+// RemoveFileName "/afile" -> "/"
+TEST(RemoveFileNameTest, GivesRootDir) {
+  EXPECT_EQ(GTEST_PATH_SEP_,
+      FilePath(GTEST_PATH_SEP_ "afile").RemoveFileName().string());
+}
+
+#if GTEST_HAS_ALT_PATH_SEP_
+
+// Tests that RemoveFileName() works with the alternate separator on
+// Windows.
+
+// RemoveFileName("adir/") -> "adir/"
+TEST(RemoveFileNameTest, ButNoFileForAlternateSeparator) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+            FilePath("adir/").RemoveFileName().string());
+}
+
+// RemoveFileName("adir/afile") -> "adir/"
+TEST(RemoveFileNameTest, GivesDirNameForAlternateSeparator) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+            FilePath("adir/afile").RemoveFileName().string());
+}
+
+// RemoveFileName("adir/subdir/afile") -> "adir/subdir/"
+TEST(RemoveFileNameTest, GivesDirAndSubDirNameForAlternateSeparator) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_,
+            FilePath("adir/subdir/afile").RemoveFileName().string());
+}
+
+// RemoveFileName("/afile") -> "\"
+TEST(RemoveFileNameTest, GivesRootDirForAlternateSeparator) {
+  EXPECT_EQ(GTEST_PATH_SEP_, FilePath("/afile").RemoveFileName().string());
+}
+
+#endif
+
+TEST(MakeFileNameTest, GenerateWhenNumberIsZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo"), FilePath("bar"),
+      0, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateFileNameNumberGtZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo"), FilePath("bar"),
+      12, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar_12.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateFileNameWithSlashNumberIsZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo" GTEST_PATH_SEP_),
+      FilePath("bar"), 0, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateFileNameWithSlashNumberGtZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo" GTEST_PATH_SEP_),
+      FilePath("bar"), 12, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar_12.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateWhenNumberIsZeroAndDirIsEmpty) {
+  FilePath actual = FilePath::MakeFileName(FilePath(""), FilePath("bar"),
+      0, "xml");
+  EXPECT_EQ("bar.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateWhenNumberIsNotZeroAndDirIsEmpty) {
+  FilePath actual = FilePath::MakeFileName(FilePath(""), FilePath("bar"),
+      14, "xml");
+  EXPECT_EQ("bar_14.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, WorksWhenDirDoesNotEndWithPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo"),
+                                          FilePath("bar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, WorksWhenPath1EndsWithPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo" GTEST_PATH_SEP_),
+                                          FilePath("bar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, Path1BeingEmpty) {
+  FilePath actual = FilePath::ConcatPaths(FilePath(""),
+                                          FilePath("bar.xml"));
+  EXPECT_EQ("bar.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, Path2BeingEmpty) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo"), FilePath(""));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_, actual.string());
+}
+
+TEST(ConcatPathsTest, BothPathBeingEmpty) {
+  FilePath actual = FilePath::ConcatPaths(FilePath(""),
+                                          FilePath(""));
+  EXPECT_EQ("", actual.string());
+}
+
+TEST(ConcatPathsTest, Path1ContainsPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo" GTEST_PATH_SEP_ "bar"),
+                                          FilePath("foobar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_ "foobar.xml",
+            actual.string());
+}
+
+TEST(ConcatPathsTest, Path2ContainsPathSep) {
+  FilePath actual = FilePath::ConcatPaths(
+      FilePath("foo" GTEST_PATH_SEP_),
+      FilePath("bar" GTEST_PATH_SEP_ "bar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_ "bar.xml",
+            actual.string());
+}
+
+TEST(ConcatPathsTest, Path2EndsWithPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo"),
+                                          FilePath("bar" GTEST_PATH_SEP_));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_, actual.string());
+}
+
+// RemoveTrailingPathSeparator "" -> ""
+TEST(RemoveTrailingPathSeparatorTest, EmptyString) {
+  EXPECT_EQ("", FilePath("").RemoveTrailingPathSeparator().string());
+}
+
+// RemoveTrailingPathSeparator "foo" -> "foo"
+TEST(RemoveTrailingPathSeparatorTest, FileNoSlashString) {
+  EXPECT_EQ("foo", FilePath("foo").RemoveTrailingPathSeparator().string());
+}
+
+// RemoveTrailingPathSeparator "foo/" -> "foo"
+TEST(RemoveTrailingPathSeparatorTest, ShouldRemoveTrailingSeparator) {
+  EXPECT_EQ("foo",
+      FilePath("foo" GTEST_PATH_SEP_).RemoveTrailingPathSeparator().string());
+#if GTEST_HAS_ALT_PATH_SEP_
+  EXPECT_EQ("foo", FilePath("foo/").RemoveTrailingPathSeparator().string());
+#endif
+}
+
+// RemoveTrailingPathSeparator "foo/bar/" -> "foo/bar/"
+TEST(RemoveTrailingPathSeparatorTest, ShouldRemoveLastSeparator) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_)
+                .RemoveTrailingPathSeparator().string());
+}
+
+// RemoveTrailingPathSeparator "foo/bar" -> "foo/bar"
+TEST(RemoveTrailingPathSeparatorTest, ShouldReturnUnmodified) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ "bar")
+                .RemoveTrailingPathSeparator().string());
+}
+
+TEST(DirectoryTest, RootDirectoryExists) {
+#if GTEST_OS_WINDOWS  // We are on Windows.
+  char current_drive[_MAX_PATH];  // NOLINT
+  current_drive[0] = static_cast<char>(_getdrive() + 'A' - 1);
+  current_drive[1] = ':';
+  current_drive[2] = '\\';
+  current_drive[3] = '\0';
+  EXPECT_TRUE(FilePath(current_drive).DirectoryExists());
+#else
+  EXPECT_TRUE(FilePath("/").DirectoryExists());
+#endif  // GTEST_OS_WINDOWS
+}
+
+#if GTEST_OS_WINDOWS
+TEST(DirectoryTest, RootOfWrongDriveDoesNotExists) {
+  const int saved_drive_ = _getdrive();
+  // Find a drive that doesn't exist. Start with 'Z' to avoid common ones.
+  for (char drive = 'Z'; drive >= 'A'; drive--)
+    if (_chdrive(drive - 'A' + 1) == -1) {
+      char non_drive[_MAX_PATH];  // NOLINT
+      non_drive[0] = drive;
+      non_drive[1] = ':';
+      non_drive[2] = '\\';
+      non_drive[3] = '\0';
+      EXPECT_FALSE(FilePath(non_drive).DirectoryExists());
+      break;
+    }
+  _chdrive(saved_drive_);
+}
+#endif  // GTEST_OS_WINDOWS
+
+#if !GTEST_OS_WINDOWS_MOBILE
+// Windows CE _does_ consider an empty directory to exist.
+TEST(DirectoryTest, EmptyPathDirectoryDoesNotExist) {
+  EXPECT_FALSE(FilePath("").DirectoryExists());
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+TEST(DirectoryTest, CurrentDirectoryExists) {
+#if GTEST_OS_WINDOWS  // We are on Windows.
+# ifndef _WIN32_CE  // Windows CE doesn't have a current directory.
+
+  EXPECT_TRUE(FilePath(".").DirectoryExists());
+  EXPECT_TRUE(FilePath(".\\").DirectoryExists());
+
+# endif  // _WIN32_CE
+#else
+  EXPECT_TRUE(FilePath(".").DirectoryExists());
+  EXPECT_TRUE(FilePath("./").DirectoryExists());
+#endif  // GTEST_OS_WINDOWS
+}
+
+// "foo/bar" == foo//bar" == "foo///bar"
+TEST(NormalizeTest, MultipleConsecutiveSepaparatorsInMidstring) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_
+                     GTEST_PATH_SEP_ "bar").string());
+}
+
+// "/bar" == //bar" == "///bar"
+TEST(NormalizeTest, MultipleConsecutiveSepaparatorsAtStringStart) {
+  EXPECT_EQ(GTEST_PATH_SEP_ "bar",
+    FilePath(GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ(GTEST_PATH_SEP_ "bar",
+    FilePath(GTEST_PATH_SEP_ GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ(GTEST_PATH_SEP_ "bar",
+    FilePath(GTEST_PATH_SEP_ GTEST_PATH_SEP_ GTEST_PATH_SEP_ "bar").string());
+}
+
+// "foo/" == foo//" == "foo///"
+TEST(NormalizeTest, MultipleConsecutiveSepaparatorsAtStringEnd) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+    FilePath("foo" GTEST_PATH_SEP_).string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+    FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_).string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+    FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_ GTEST_PATH_SEP_).string());
+}
+
+#if GTEST_HAS_ALT_PATH_SEP_
+
+// Tests that separators at the end of the string are normalized
+// regardless of their combination (e.g. "foo\" =="foo/\" ==
+// "foo\\/").
+TEST(NormalizeTest, MixAlternateSeparatorAtStringEnd) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+            FilePath("foo/").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+            FilePath("foo" GTEST_PATH_SEP_ "/").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+            FilePath("foo//" GTEST_PATH_SEP_).string());
+}
+
+#endif
+
+TEST(AssignmentOperatorTest, DefaultAssignedToNonDefault) {
+  FilePath default_path;
+  FilePath non_default_path("path");
+  non_default_path = default_path;
+  EXPECT_EQ("", non_default_path.string());
+  EXPECT_EQ("", default_path.string());  // RHS var is unchanged.
+}
+
+TEST(AssignmentOperatorTest, NonDefaultAssignedToDefault) {
+  FilePath non_default_path("path");
+  FilePath default_path;
+  default_path = non_default_path;
+  EXPECT_EQ("path", default_path.string());
+  EXPECT_EQ("path", non_default_path.string());  // RHS var is unchanged.
+}
+
+TEST(AssignmentOperatorTest, ConstAssignedToNonConst) {
+  const FilePath const_default_path("const_path");
+  FilePath non_default_path("path");
+  non_default_path = const_default_path;
+  EXPECT_EQ("const_path", non_default_path.string());
+}
+
+class DirectoryCreationTest : public Test {
+ protected:
+  virtual void SetUp() {
+    testdata_path_.Set(FilePath(
+        TempDir() + GetCurrentExecutableName().string() +
+        "_directory_creation" GTEST_PATH_SEP_ "test" GTEST_PATH_SEP_));
+    testdata_file_.Set(testdata_path_.RemoveTrailingPathSeparator());
+
+    unique_file0_.Set(FilePath::MakeFileName(testdata_path_, FilePath("unique"),
+        0, "txt"));
+    unique_file1_.Set(FilePath::MakeFileName(testdata_path_, FilePath("unique"),
+        1, "txt"));
+
+    remove(testdata_file_.c_str());
+    remove(unique_file0_.c_str());
+    remove(unique_file1_.c_str());
+    posix::RmDir(testdata_path_.c_str());
+  }
+
+  virtual void TearDown() {
+    remove(testdata_file_.c_str());
+    remove(unique_file0_.c_str());
+    remove(unique_file1_.c_str());
+    posix::RmDir(testdata_path_.c_str());
+  }
+
+  std::string TempDir() const {
+#if GTEST_OS_WINDOWS_MOBILE
+    return "\\temp\\";
+#elif GTEST_OS_WINDOWS
+    const char* temp_dir = posix::GetEnv("TEMP");
+    if (temp_dir == NULL || temp_dir[0] == '\0')
+      return "\\temp\\";
+    else if (temp_dir[strlen(temp_dir) - 1] == '\\')
+      return temp_dir;
+    else
+      return std::string(temp_dir) + "\\";
+#elif GTEST_OS_LINUX_ANDROID
+    return "/sdcard/";
+#else
+    return "/tmp/";
+#endif  // GTEST_OS_WINDOWS_MOBILE
+  }
+
+  void CreateTextFile(const char* filename) {
+    FILE* f = posix::FOpen(filename, "w");
+    fprintf(f, "text\n");
+    fclose(f);
+  }
+
+  // Strings representing a directory and a file, with identical paths
+  // except for the trailing separator character that distinquishes
+  // a directory named 'test' from a file named 'test'. Example names:
+  FilePath testdata_path_;  // "/tmp/directory_creation/test/"
+  FilePath testdata_file_;  // "/tmp/directory_creation/test"
+  FilePath unique_file0_;  // "/tmp/directory_creation/test/unique.txt"
+  FilePath unique_file1_;  // "/tmp/directory_creation/test/unique_1.txt"
+};
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesRecursively) {
+  EXPECT_FALSE(testdata_path_.DirectoryExists()) << testdata_path_.string();
+  EXPECT_TRUE(testdata_path_.CreateDirectoriesRecursively());
+  EXPECT_TRUE(testdata_path_.DirectoryExists());
+}
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesForAlreadyExistingPath) {
+  EXPECT_FALSE(testdata_path_.DirectoryExists()) << testdata_path_.string();
+  EXPECT_TRUE(testdata_path_.CreateDirectoriesRecursively());
+  // Call 'create' again... should still succeed.
+  EXPECT_TRUE(testdata_path_.CreateDirectoriesRecursively());
+}
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesAndUniqueFilename) {
+  FilePath file_path(FilePath::GenerateUniqueFileName(testdata_path_,
+      FilePath("unique"), "txt"));
+  EXPECT_EQ(unique_file0_.string(), file_path.string());
+  EXPECT_FALSE(file_path.FileOrDirectoryExists());  // file not there
+
+  testdata_path_.CreateDirectoriesRecursively();
+  EXPECT_FALSE(file_path.FileOrDirectoryExists());  // file still not there
+  CreateTextFile(file_path.c_str());
+  EXPECT_TRUE(file_path.FileOrDirectoryExists());
+
+  FilePath file_path2(FilePath::GenerateUniqueFileName(testdata_path_,
+      FilePath("unique"), "txt"));
+  EXPECT_EQ(unique_file1_.string(), file_path2.string());
+  EXPECT_FALSE(file_path2.FileOrDirectoryExists());  // file not there
+  CreateTextFile(file_path2.c_str());
+  EXPECT_TRUE(file_path2.FileOrDirectoryExists());
+}
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesFail) {
+  // force a failure by putting a file where we will try to create a directory.
+  CreateTextFile(testdata_file_.c_str());
+  EXPECT_TRUE(testdata_file_.FileOrDirectoryExists());
+  EXPECT_FALSE(testdata_file_.DirectoryExists());
+  EXPECT_FALSE(testdata_file_.CreateDirectoriesRecursively());
+}
+
+TEST(NoDirectoryCreationTest, CreateNoDirectoriesForDefaultXmlFile) {
+  const FilePath test_detail_xml("test_detail.xml");
+  EXPECT_FALSE(test_detail_xml.CreateDirectoriesRecursively());
+}
+
+TEST(FilePathTest, DefaultConstructor) {
+  FilePath fp;
+  EXPECT_EQ("", fp.string());
+}
+
+TEST(FilePathTest, CharAndCopyConstructors) {
+  const FilePath fp("spicy");
+  EXPECT_EQ("spicy", fp.string());
+
+  const FilePath fp_copy(fp);
+  EXPECT_EQ("spicy", fp_copy.string());
+}
+
+TEST(FilePathTest, StringConstructor) {
+  const FilePath fp(std::string("cider"));
+  EXPECT_EQ("cider", fp.string());
+}
+
+TEST(FilePathTest, Set) {
+  const FilePath apple("apple");
+  FilePath mac("mac");
+  mac.Set(apple);  // Implement Set() since overloading operator= is forbidden.
+  EXPECT_EQ("apple", mac.string());
+  EXPECT_EQ("apple", apple.string());
+}
+
+TEST(FilePathTest, ToString) {
+  const FilePath file("drink");
+  EXPECT_EQ("drink", file.string());
+}
+
+TEST(FilePathTest, RemoveExtension) {
+  EXPECT_EQ("app", FilePath("app.cc").RemoveExtension("cc").string());
+  EXPECT_EQ("app", FilePath("app.exe").RemoveExtension("exe").string());
+  EXPECT_EQ("APP", FilePath("APP.EXE").RemoveExtension("exe").string());
+}
+
+TEST(FilePathTest, RemoveExtensionWhenThereIsNoExtension) {
+  EXPECT_EQ("app", FilePath("app").RemoveExtension("exe").string());
+}
+
+TEST(FilePathTest, IsDirectory) {
+  EXPECT_FALSE(FilePath("cola").IsDirectory());
+  EXPECT_TRUE(FilePath("koala" GTEST_PATH_SEP_).IsDirectory());
+#if GTEST_HAS_ALT_PATH_SEP_
+  EXPECT_TRUE(FilePath("koala/").IsDirectory());
+#endif
+}
+
+TEST(FilePathTest, IsAbsolutePath) {
+  EXPECT_FALSE(FilePath("is" GTEST_PATH_SEP_ "relative").IsAbsolutePath());
+  EXPECT_FALSE(FilePath("").IsAbsolutePath());
+#if GTEST_OS_WINDOWS
+  EXPECT_TRUE(FilePath("c:\\" GTEST_PATH_SEP_ "is_not"
+                       GTEST_PATH_SEP_ "relative").IsAbsolutePath());
+  EXPECT_FALSE(FilePath("c:foo" GTEST_PATH_SEP_ "bar").IsAbsolutePath());
+  EXPECT_TRUE(FilePath("c:/" GTEST_PATH_SEP_ "is_not"
+                       GTEST_PATH_SEP_ "relative").IsAbsolutePath());
+#else
+  EXPECT_TRUE(FilePath(GTEST_PATH_SEP_ "is_not" GTEST_PATH_SEP_ "relative")
+              .IsAbsolutePath());
+#endif  // GTEST_OS_WINDOWS
+}
+
+TEST(FilePathTest, IsRootDirectory) {
+#if GTEST_OS_WINDOWS
+  EXPECT_TRUE(FilePath("a:\\").IsRootDirectory());
+  EXPECT_TRUE(FilePath("Z:/").IsRootDirectory());
+  EXPECT_TRUE(FilePath("e://").IsRootDirectory());
+  EXPECT_FALSE(FilePath("").IsRootDirectory());
+  EXPECT_FALSE(FilePath("b:").IsRootDirectory());
+  EXPECT_FALSE(FilePath("b:a").IsRootDirectory());
+  EXPECT_FALSE(FilePath("8:/").IsRootDirectory());
+  EXPECT_FALSE(FilePath("c|/").IsRootDirectory());
+#else
+  EXPECT_TRUE(FilePath("/").IsRootDirectory());
+  EXPECT_TRUE(FilePath("//").IsRootDirectory());
+  EXPECT_FALSE(FilePath("").IsRootDirectory());
+  EXPECT_FALSE(FilePath("\\").IsRootDirectory());
+  EXPECT_FALSE(FilePath("/x").IsRootDirectory());
+#endif
+}
+
+}  // namespace
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/test/gtest-linked_ptr_test.cc b/nss/external_tests/google_test/gtest/test/gtest-linked_ptr_test.cc
new file mode 100644
index 0000000..6fcf512
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-linked_ptr_test.cc
@@ -0,0 +1,154 @@
+// Copyright 2003, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: Dan Egnor (egnor@google.com)
+// Ported to Windows: Vadim Berman (vadimb@google.com)
+
+#include "gtest/internal/gtest-linked_ptr.h"
+
+#include <stdlib.h>
+#include "gtest/gtest.h"
+
+namespace {
+
+using testing::Message;
+using testing::internal::linked_ptr;
+
+int num;
+Message* history = NULL;
+
+// Class which tracks allocation/deallocation
+class A {
+ public:
+  A(): mynum(num++) { *history << "A" << mynum << " ctor\n"; }
+  virtual ~A() { *history << "A" << mynum << " dtor\n"; }
+  virtual void Use() { *history << "A" << mynum << " use\n"; }
+ protected:
+  int mynum;
+};
+
+// Subclass
+class B : public A {
+ public:
+  B() { *history << "B" << mynum << " ctor\n"; }
+  ~B() { *history << "B" << mynum << " dtor\n"; }
+  virtual void Use() { *history << "B" << mynum << " use\n"; }
+};
+
+class LinkedPtrTest : public testing::Test {
+ public:
+  LinkedPtrTest() {
+    num = 0;
+    history = new Message;
+  }
+
+  virtual ~LinkedPtrTest() {
+    delete history;
+    history = NULL;
+  }
+};
+
+TEST_F(LinkedPtrTest, GeneralTest) {
+  {
+    linked_ptr<A> a0, a1, a2;
+    // Use explicit function call notation here to suppress self-assign warning.
+    a0.operator=(a0);
+    a1 = a2;
+    ASSERT_EQ(a0.get(), static_cast<A*>(NULL));
+    ASSERT_EQ(a1.get(), static_cast<A*>(NULL));
+    ASSERT_EQ(a2.get(), static_cast<A*>(NULL));
+    ASSERT_TRUE(a0 == NULL);
+    ASSERT_TRUE(a1 == NULL);
+    ASSERT_TRUE(a2 == NULL);
+
+    {
+      linked_ptr<A> a3(new A);
+      a0 = a3;
+      ASSERT_TRUE(a0 == a3);
+      ASSERT_TRUE(a0 != NULL);
+      ASSERT_TRUE(a0.get() == a3);
+      ASSERT_TRUE(a0 == a3.get());
+      linked_ptr<A> a4(a0);
+      a1 = a4;
+      linked_ptr<A> a5(new A);
+      ASSERT_TRUE(a5.get() != a3);
+      ASSERT_TRUE(a5 != a3.get());
+      a2 = a5;
+      linked_ptr<B> b0(new B);
+      linked_ptr<A> a6(b0);
+      ASSERT_TRUE(b0 == a6);
+      ASSERT_TRUE(a6 == b0);
+      ASSERT_TRUE(b0 != NULL);
+      a5 = b0;
+      a5 = b0;
+      a3->Use();
+      a4->Use();
+      a5->Use();
+      a6->Use();
+      b0->Use();
+      (*b0).Use();
+      b0.get()->Use();
+    }
+
+    a0->Use();
+    a1->Use();
+    a2->Use();
+
+    a1 = a2;
+    a2.reset(new A);
+    a0.reset();
+
+    linked_ptr<A> a7;
+  }
+
+  ASSERT_STREQ(
+    "A0 ctor\n"
+    "A1 ctor\n"
+    "A2 ctor\n"
+    "B2 ctor\n"
+    "A0 use\n"
+    "A0 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 dtor\n"
+    "A2 dtor\n"
+    "A0 use\n"
+    "A0 use\n"
+    "A1 use\n"
+    "A3 ctor\n"
+    "A0 dtor\n"
+    "A3 dtor\n"
+    "A1 dtor\n",
+    history->GetString().c_str());
+}
+
+}  // Unnamed namespace
diff --git a/nss/external_tests/google_test/gtest/test/gtest-listener_test.cc b/nss/external_tests/google_test/gtest/test/gtest-listener_test.cc
new file mode 100644
index 0000000..99662cf
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-listener_test.cc
@@ -0,0 +1,310 @@
+// Copyright 2009 Google Inc. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This file verifies Google Test event listeners receive events at the
+// right times.
+
+#include "gtest/gtest.h"
+#include <vector>
+
+using ::testing::AddGlobalTestEnvironment;
+using ::testing::Environment;
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::TestCase;
+using ::testing::TestEventListener;
+using ::testing::TestInfo;
+using ::testing::TestPartResult;
+using ::testing::UnitTest;
+
+// Used by tests to register their events.
+std::vector<std::string>* g_events = NULL;
+
+namespace testing {
+namespace internal {
+
+class EventRecordingListener : public TestEventListener {
+ public:
+  explicit EventRecordingListener(const char* name) : name_(name) {}
+
+ protected:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnTestProgramStart"));
+  }
+
+  virtual void OnTestIterationStart(const UnitTest& /*unit_test*/,
+                                    int iteration) {
+    Message message;
+    message << GetFullMethodName("OnTestIterationStart")
+            << "(" << iteration << ")";
+    g_events->push_back(message.GetString());
+  }
+
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsSetUpStart"));
+  }
+
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsSetUpEnd"));
+  }
+
+  virtual void OnTestCaseStart(const TestCase& /*test_case*/) {
+    g_events->push_back(GetFullMethodName("OnTestCaseStart"));
+  }
+
+  virtual void OnTestStart(const TestInfo& /*test_info*/) {
+    g_events->push_back(GetFullMethodName("OnTestStart"));
+  }
+
+  virtual void OnTestPartResult(const TestPartResult& /*test_part_result*/) {
+    g_events->push_back(GetFullMethodName("OnTestPartResult"));
+  }
+
+  virtual void OnTestEnd(const TestInfo& /*test_info*/) {
+    g_events->push_back(GetFullMethodName("OnTestEnd"));
+  }
+
+  virtual void OnTestCaseEnd(const TestCase& /*test_case*/) {
+    g_events->push_back(GetFullMethodName("OnTestCaseEnd"));
+  }
+
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsTearDownStart"));
+  }
+
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsTearDownEnd"));
+  }
+
+  virtual void OnTestIterationEnd(const UnitTest& /*unit_test*/,
+                                  int iteration) {
+    Message message;
+    message << GetFullMethodName("OnTestIterationEnd")
+            << "("  << iteration << ")";
+    g_events->push_back(message.GetString());
+  }
+
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnTestProgramEnd"));
+  }
+
+ private:
+  std::string GetFullMethodName(const char* name) {
+    return name_ + "." + name;
+  }
+
+  std::string name_;
+};
+
+class EnvironmentInvocationCatcher : public Environment {
+ protected:
+  virtual void SetUp() {
+    g_events->push_back("Environment::SetUp");
+  }
+
+  virtual void TearDown() {
+    g_events->push_back("Environment::TearDown");
+  }
+};
+
+class ListenerTest : public Test {
+ protected:
+  static void SetUpTestCase() {
+    g_events->push_back("ListenerTest::SetUpTestCase");
+  }
+
+  static void TearDownTestCase() {
+    g_events->push_back("ListenerTest::TearDownTestCase");
+  }
+
+  virtual void SetUp() {
+    g_events->push_back("ListenerTest::SetUp");
+  }
+
+  virtual void TearDown() {
+    g_events->push_back("ListenerTest::TearDown");
+  }
+};
+
+TEST_F(ListenerTest, DoesFoo) {
+  // Test execution order within a test case is not guaranteed so we are not
+  // recording the test name.
+  g_events->push_back("ListenerTest::* Test Body");
+  SUCCEED();  // Triggers OnTestPartResult.
+}
+
+TEST_F(ListenerTest, DoesBar) {
+  g_events->push_back("ListenerTest::* Test Body");
+  SUCCEED();  // Triggers OnTestPartResult.
+}
+
+}  // namespace internal
+
+}  // namespace testing
+
+using ::testing::internal::EnvironmentInvocationCatcher;
+using ::testing::internal::EventRecordingListener;
+
+void VerifyResults(const std::vector<std::string>& data,
+                   const char* const* expected_data,
+                   int expected_data_size) {
+  const int actual_size = data.size();
+  // If the following assertion fails, a new entry will be appended to
+  // data.  Hence we save data.size() first.
+  EXPECT_EQ(expected_data_size, actual_size);
+
+  // Compares the common prefix.
+  const int shorter_size = expected_data_size <= actual_size ?
+      expected_data_size : actual_size;
+  int i = 0;
+  for (; i < shorter_size; ++i) {
+    ASSERT_STREQ(expected_data[i], data[i].c_str())
+        << "at position " << i;
+  }
+
+  // Prints extra elements in the actual data.
+  for (; i < actual_size; ++i) {
+    printf("  Actual event #%d: %s\n", i, data[i].c_str());
+  }
+}
+
+int main(int argc, char **argv) {
+  std::vector<std::string> events;
+  g_events = &events;
+  InitGoogleTest(&argc, argv);
+
+  UnitTest::GetInstance()->listeners().Append(
+      new EventRecordingListener("1st"));
+  UnitTest::GetInstance()->listeners().Append(
+      new EventRecordingListener("2nd"));
+
+  AddGlobalTestEnvironment(new EnvironmentInvocationCatcher);
+
+  GTEST_CHECK_(events.size() == 0)
+      << "AddGlobalTestEnvironment should not generate any events itself.";
+
+  ::testing::GTEST_FLAG(repeat) = 2;
+  int ret_val = RUN_ALL_TESTS();
+
+  const char* const expected_events[] = {
+    "1st.OnTestProgramStart",
+    "2nd.OnTestProgramStart",
+    "1st.OnTestIterationStart(0)",
+    "2nd.OnTestIterationStart(0)",
+    "1st.OnEnvironmentsSetUpStart",
+    "2nd.OnEnvironmentsSetUpStart",
+    "Environment::SetUp",
+    "2nd.OnEnvironmentsSetUpEnd",
+    "1st.OnEnvironmentsSetUpEnd",
+    "1st.OnTestCaseStart",
+    "2nd.OnTestCaseStart",
+    "ListenerTest::SetUpTestCase",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "ListenerTest::TearDownTestCase",
+    "2nd.OnTestCaseEnd",
+    "1st.OnTestCaseEnd",
+    "1st.OnEnvironmentsTearDownStart",
+    "2nd.OnEnvironmentsTearDownStart",
+    "Environment::TearDown",
+    "2nd.OnEnvironmentsTearDownEnd",
+    "1st.OnEnvironmentsTearDownEnd",
+    "2nd.OnTestIterationEnd(0)",
+    "1st.OnTestIterationEnd(0)",
+    "1st.OnTestIterationStart(1)",
+    "2nd.OnTestIterationStart(1)",
+    "1st.OnEnvironmentsSetUpStart",
+    "2nd.OnEnvironmentsSetUpStart",
+    "Environment::SetUp",
+    "2nd.OnEnvironmentsSetUpEnd",
+    "1st.OnEnvironmentsSetUpEnd",
+    "1st.OnTestCaseStart",
+    "2nd.OnTestCaseStart",
+    "ListenerTest::SetUpTestCase",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "ListenerTest::TearDownTestCase",
+    "2nd.OnTestCaseEnd",
+    "1st.OnTestCaseEnd",
+    "1st.OnEnvironmentsTearDownStart",
+    "2nd.OnEnvironmentsTearDownStart",
+    "Environment::TearDown",
+    "2nd.OnEnvironmentsTearDownEnd",
+    "1st.OnEnvironmentsTearDownEnd",
+    "2nd.OnTestIterationEnd(1)",
+    "1st.OnTestIterationEnd(1)",
+    "2nd.OnTestProgramEnd",
+    "1st.OnTestProgramEnd"
+  };
+  VerifyResults(events,
+                expected_events,
+                sizeof(expected_events)/sizeof(expected_events[0]));
+
+  // We need to check manually for ad hoc test failures that happen after
+  // RUN_ALL_TESTS finishes.
+  if (UnitTest::GetInstance()->Failed())
+    ret_val = 1;
+
+  return ret_val;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest-message_test.cc b/nss/external_tests/google_test/gtest/test/gtest-message_test.cc
new file mode 100644
index 0000000..175238e
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-message_test.cc
@@ -0,0 +1,159 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for the Message class.
+
+#include "gtest/gtest-message.h"
+
+#include "gtest/gtest.h"
+
+namespace {
+
+using ::testing::Message;
+
+// Tests the testing::Message class
+
+// Tests the default constructor.
+TEST(MessageTest, DefaultConstructor) {
+  const Message msg;
+  EXPECT_EQ("", msg.GetString());
+}
+
+// Tests the copy constructor.
+TEST(MessageTest, CopyConstructor) {
+  const Message msg1("Hello");
+  const Message msg2(msg1);
+  EXPECT_EQ("Hello", msg2.GetString());
+}
+
+// Tests constructing a Message from a C-string.
+TEST(MessageTest, ConstructsFromCString) {
+  Message msg("Hello");
+  EXPECT_EQ("Hello", msg.GetString());
+}
+
+// Tests streaming a float.
+TEST(MessageTest, StreamsFloat) {
+  const std::string s = (Message() << 1.23456F << " " << 2.34567F).GetString();
+  // Both numbers should be printed with enough precision.
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "1.234560", s.c_str());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, " 2.345669", s.c_str());
+}
+
+// Tests streaming a double.
+TEST(MessageTest, StreamsDouble) {
+  const std::string s = (Message() << 1260570880.4555497 << " "
+                                  << 1260572265.1954534).GetString();
+  // Both numbers should be printed with enough precision.
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "1260570880.45", s.c_str());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, " 1260572265.19", s.c_str());
+}
+
+// Tests streaming a non-char pointer.
+TEST(MessageTest, StreamsPointer) {
+  int n = 0;
+  int* p = &n;
+  EXPECT_NE("(null)", (Message() << p).GetString());
+}
+
+// Tests streaming a NULL non-char pointer.
+TEST(MessageTest, StreamsNullPointer) {
+  int* p = NULL;
+  EXPECT_EQ("(null)", (Message() << p).GetString());
+}
+
+// Tests streaming a C string.
+TEST(MessageTest, StreamsCString) {
+  EXPECT_EQ("Foo", (Message() << "Foo").GetString());
+}
+
+// Tests streaming a NULL C string.
+TEST(MessageTest, StreamsNullCString) {
+  char* p = NULL;
+  EXPECT_EQ("(null)", (Message() << p).GetString());
+}
+
+// Tests streaming std::string.
+TEST(MessageTest, StreamsString) {
+  const ::std::string str("Hello");
+  EXPECT_EQ("Hello", (Message() << str).GetString());
+}
+
+// Tests that we can output strings containing embedded NULs.
+TEST(MessageTest, StreamsStringWithEmbeddedNUL) {
+  const char char_array_with_nul[] =
+      "Here's a NUL\0 and some more string";
+  const ::std::string string_with_nul(char_array_with_nul,
+                                      sizeof(char_array_with_nul) - 1);
+  EXPECT_EQ("Here's a NUL\\0 and some more string",
+            (Message() << string_with_nul).GetString());
+}
+
+// Tests streaming a NUL char.
+TEST(MessageTest, StreamsNULChar) {
+  EXPECT_EQ("\\0", (Message() << '\0').GetString());
+}
+
+// Tests streaming int.
+TEST(MessageTest, StreamsInt) {
+  EXPECT_EQ("123", (Message() << 123).GetString());
+}
+
+// Tests that basic IO manipulators (endl, ends, and flush) can be
+// streamed to Message.
+TEST(MessageTest, StreamsBasicIoManip) {
+  EXPECT_EQ("Line 1.\nA NUL char \\0 in line 2.",
+               (Message() << "Line 1." << std::endl
+                         << "A NUL char " << std::ends << std::flush
+                         << " in line 2.").GetString());
+}
+
+// Tests Message::GetString()
+TEST(MessageTest, GetString) {
+  Message msg;
+  msg << 1 << " lamb";
+  EXPECT_EQ("1 lamb", msg.GetString());
+}
+
+// Tests streaming a Message object to an ostream.
+TEST(MessageTest, StreamsToOStream) {
+  Message msg("Hello");
+  ::std::stringstream ss;
+  ss << msg;
+  EXPECT_EQ("Hello", testing::internal::StringStreamToString(&ss));
+}
+
+// Tests that a Message object doesn't take up too much stack space.
+TEST(MessageTest, DoesNotTakeUpMuchStackSpace) {
+  EXPECT_LE(sizeof(Message), 16U);
+}
+
+}  // namespace
diff --git a/nss/external_tests/google_test/gtest/test/gtest-options_test.cc b/nss/external_tests/google_test/gtest/test/gtest-options_test.cc
new file mode 100644
index 0000000..5586dc3
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-options_test.cc
@@ -0,0 +1,215 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: keith.ray@gmail.com (Keith Ray)
+//
+// Google Test UnitTestOptions tests
+//
+// This file tests classes and functions used internally by
+// Google Test.  They are subject to change without notice.
+//
+// This file is #included from gtest.cc, to avoid changing build or
+// make-files on Windows and other platforms. Do not #include this file
+// anywhere else!
+
+#include "gtest/gtest.h"
+
+#if GTEST_OS_WINDOWS_MOBILE
+# include <windows.h>
+#elif GTEST_OS_WINDOWS
+# include <direct.h>
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+namespace internal {
+namespace {
+
+// Turns the given relative path into an absolute path.
+FilePath GetAbsolutePathOf(const FilePath& relative_path) {
+  return FilePath::ConcatPaths(FilePath::GetCurrentDir(), relative_path);
+}
+
+// Testing UnitTestOptions::GetOutputFormat/GetOutputFile.
+
+TEST(XmlOutputTest, GetOutputFormatDefault) {
+  GTEST_FLAG(output) = "";
+  EXPECT_STREQ("", UnitTestOptions::GetOutputFormat().c_str());
+}
+
+TEST(XmlOutputTest, GetOutputFormat) {
+  GTEST_FLAG(output) = "xml:filename";
+  EXPECT_STREQ("xml", UnitTestOptions::GetOutputFormat().c_str());
+}
+
+TEST(XmlOutputTest, GetOutputFileDefault) {
+  GTEST_FLAG(output) = "";
+  EXPECT_EQ(GetAbsolutePathOf(FilePath("test_detail.xml")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST(XmlOutputTest, GetOutputFileSingleFile) {
+  GTEST_FLAG(output) = "xml:filename.abc";
+  EXPECT_EQ(GetAbsolutePathOf(FilePath("filename.abc")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST(XmlOutputTest, GetOutputFileFromDirectoryPath) {
+  GTEST_FLAG(output) = "xml:path" GTEST_PATH_SEP_;
+  const std::string expected_output_file =
+      GetAbsolutePathOf(
+          FilePath(std::string("path") + GTEST_PATH_SEP_ +
+                   GetCurrentExecutableName().string() + ".xml")).string();
+  const std::string& output_file =
+      UnitTestOptions::GetAbsolutePathToOutputFile();
+#if GTEST_OS_WINDOWS
+  EXPECT_STRCASEEQ(expected_output_file.c_str(), output_file.c_str());
+#else
+  EXPECT_EQ(expected_output_file, output_file.c_str());
+#endif
+}
+
+TEST(OutputFileHelpersTest, GetCurrentExecutableName) {
+  const std::string exe_str = GetCurrentExecutableName().string();
+#if GTEST_OS_WINDOWS
+  const bool success =
+      _strcmpi("gtest-options_test", exe_str.c_str()) == 0 ||
+      _strcmpi("gtest-options-ex_test", exe_str.c_str()) == 0 ||
+      _strcmpi("gtest_all_test", exe_str.c_str()) == 0 ||
+      _strcmpi("gtest_dll_test", exe_str.c_str()) == 0;
+#else
+  // TODO(wan@google.com): remove the hard-coded "lt-" prefix when
+  //   Chandler Carruth's libtool replacement is ready.
+  const bool success =
+      exe_str == "gtest-options_test" ||
+      exe_str == "gtest_all_test" ||
+      exe_str == "lt-gtest_all_test" ||
+      exe_str == "gtest_dll_test";
+#endif  // GTEST_OS_WINDOWS
+  if (!success)
+    FAIL() << "GetCurrentExecutableName() returns " << exe_str;
+}
+
+class XmlOutputChangeDirTest : public Test {
+ protected:
+  virtual void SetUp() {
+    original_working_dir_ = FilePath::GetCurrentDir();
+    posix::ChDir("..");
+    // This will make the test fail if run from the root directory.
+    EXPECT_NE(original_working_dir_.string(),
+              FilePath::GetCurrentDir().string());
+  }
+
+  virtual void TearDown() {
+    posix::ChDir(original_working_dir_.string().c_str());
+  }
+
+  FilePath original_working_dir_;
+};
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithDefault) {
+  GTEST_FLAG(output) = "";
+  EXPECT_EQ(FilePath::ConcatPaths(original_working_dir_,
+                                  FilePath("test_detail.xml")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithDefaultXML) {
+  GTEST_FLAG(output) = "xml";
+  EXPECT_EQ(FilePath::ConcatPaths(original_working_dir_,
+                                  FilePath("test_detail.xml")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithRelativeFile) {
+  GTEST_FLAG(output) = "xml:filename.abc";
+  EXPECT_EQ(FilePath::ConcatPaths(original_working_dir_,
+                                  FilePath("filename.abc")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithRelativePath) {
+  GTEST_FLAG(output) = "xml:path" GTEST_PATH_SEP_;
+  const std::string expected_output_file =
+      FilePath::ConcatPaths(
+          original_working_dir_,
+          FilePath(std::string("path") + GTEST_PATH_SEP_ +
+                   GetCurrentExecutableName().string() + ".xml")).string();
+  const std::string& output_file =
+      UnitTestOptions::GetAbsolutePathToOutputFile();
+#if GTEST_OS_WINDOWS
+  EXPECT_STRCASEEQ(expected_output_file.c_str(), output_file.c_str());
+#else
+  EXPECT_EQ(expected_output_file, output_file.c_str());
+#endif
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithAbsoluteFile) {
+#if GTEST_OS_WINDOWS
+  GTEST_FLAG(output) = "xml:c:\\tmp\\filename.abc";
+  EXPECT_EQ(FilePath("c:\\tmp\\filename.abc").string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+#else
+  GTEST_FLAG(output) ="xml:/tmp/filename.abc";
+  EXPECT_EQ(FilePath("/tmp/filename.abc").string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+#endif
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithAbsolutePath) {
+#if GTEST_OS_WINDOWS
+  const std::string path = "c:\\tmp\\";
+#else
+  const std::string path = "/tmp/";
+#endif
+
+  GTEST_FLAG(output) = "xml:" + path;
+  const std::string expected_output_file =
+      path + GetCurrentExecutableName().string() + ".xml";
+  const std::string& output_file =
+      UnitTestOptions::GetAbsolutePathToOutputFile();
+
+#if GTEST_OS_WINDOWS
+  EXPECT_STRCASEEQ(expected_output_file.c_str(), output_file.c_str());
+#else
+  EXPECT_EQ(expected_output_file, output_file.c_str());
+#endif
+}
+
+}  // namespace
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/test/gtest-param-test2_test.cc b/nss/external_tests/google_test/gtest/test/gtest-param-test2_test.cc
new file mode 100644
index 0000000..4a782fe
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-param-test2_test.cc
@@ -0,0 +1,65 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests for Google Test itself.  This verifies that the basic constructs of
+// Google Test work.
+
+#include "gtest/gtest.h"
+
+#include "test/gtest-param-test_test.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+using ::testing::Values;
+using ::testing::internal::ParamGenerator;
+
+// Tests that generators defined in a different translation unit
+// are functional. The test using extern_gen is defined
+// in gtest-param-test_test.cc.
+ParamGenerator<int> extern_gen = Values(33);
+
+// Tests that a parameterized test case can be defined in one translation unit
+// and instantiated in another. The test is defined in gtest-param-test_test.cc
+// and ExternalInstantiationTest fixture class is defined in
+// gtest-param-test_test.h.
+INSTANTIATE_TEST_CASE_P(MultiplesOf33,
+                        ExternalInstantiationTest,
+                        Values(33, 66));
+
+// Tests that a parameterized test case can be instantiated
+// in multiple translation units. Another instantiation is defined
+// in gtest-param-test_test.cc and InstantiationInMultipleTranslaionUnitsTest
+// fixture is defined in gtest-param-test_test.h
+INSTANTIATE_TEST_CASE_P(Sequence2,
+                        InstantiationInMultipleTranslaionUnitsTest,
+                        Values(42*3, 42*4, 42*5));
+
+#endif  // GTEST_HAS_PARAM_TEST
diff --git a/nss/external_tests/google_test/gtest/test/gtest-param-test_test.cc b/nss/external_tests/google_test/gtest/test/gtest-param-test_test.cc
new file mode 100644
index 0000000..cc1dc65
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-param-test_test.cc
@@ -0,0 +1,904 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests for Google Test itself. This file verifies that the parameter
+// generators objects produce correct parameter sequences and that
+// Google Test runtime instantiates correct tests from those sequences.
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+# include <algorithm>
+# include <iostream>
+# include <list>
+# include <sstream>
+# include <string>
+# include <vector>
+
+// To include gtest-internal-inl.h.
+# define GTEST_IMPLEMENTATION_ 1
+# include "src/gtest-internal-inl.h"  // for UnitTestOptions
+# undef GTEST_IMPLEMENTATION_
+
+# include "test/gtest-param-test_test.h"
+
+using ::std::vector;
+using ::std::sort;
+
+using ::testing::AddGlobalTestEnvironment;
+using ::testing::Bool;
+using ::testing::Message;
+using ::testing::Range;
+using ::testing::TestWithParam;
+using ::testing::Values;
+using ::testing::ValuesIn;
+
+# if GTEST_HAS_COMBINE
+using ::testing::Combine;
+using ::testing::get;
+using ::testing::make_tuple;
+using ::testing::tuple;
+# endif  // GTEST_HAS_COMBINE
+
+using ::testing::internal::ParamGenerator;
+using ::testing::internal::UnitTestOptions;
+
+// Prints a value to a string.
+//
+// TODO(wan@google.com): remove PrintValue() when we move matchers and
+// EXPECT_THAT() from Google Mock to Google Test.  At that time, we
+// can write EXPECT_THAT(x, Eq(y)) to compare two tuples x and y, as
+// EXPECT_THAT() and the matchers know how to print tuples.
+template <typename T>
+::std::string PrintValue(const T& value) {
+  ::std::stringstream stream;
+  stream << value;
+  return stream.str();
+}
+
+# if GTEST_HAS_COMBINE
+
+// These overloads allow printing tuples in our tests.  We cannot
+// define an operator<< for tuples, as that definition needs to be in
+// the std namespace in order to be picked up by Google Test via
+// Argument-Dependent Lookup, yet defining anything in the std
+// namespace in non-STL code is undefined behavior.
+
+template <typename T1, typename T2>
+::std::string PrintValue(const tuple<T1, T2>& value) {
+  ::std::stringstream stream;
+  stream << "(" << get<0>(value) << ", " << get<1>(value) << ")";
+  return stream.str();
+}
+
+template <typename T1, typename T2, typename T3>
+::std::string PrintValue(const tuple<T1, T2, T3>& value) {
+  ::std::stringstream stream;
+  stream << "(" << get<0>(value) << ", " << get<1>(value)
+         << ", "<< get<2>(value) << ")";
+  return stream.str();
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8, typename T9, typename T10>
+::std::string PrintValue(
+    const tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10>& value) {
+  ::std::stringstream stream;
+  stream << "(" << get<0>(value) << ", " << get<1>(value)
+         << ", "<< get<2>(value) << ", " << get<3>(value)
+         << ", "<< get<4>(value) << ", " << get<5>(value)
+         << ", "<< get<6>(value) << ", " << get<7>(value)
+         << ", "<< get<8>(value) << ", " << get<9>(value) << ")";
+  return stream.str();
+}
+
+# endif  // GTEST_HAS_COMBINE
+
+// Verifies that a sequence generated by the generator and accessed
+// via the iterator object matches the expected one using Google Test
+// assertions.
+template <typename T, size_t N>
+void VerifyGenerator(const ParamGenerator<T>& generator,
+                     const T (&expected_values)[N]) {
+  typename ParamGenerator<T>::iterator it = generator.begin();
+  for (size_t i = 0; i < N; ++i) {
+    ASSERT_FALSE(it == generator.end())
+        << "At element " << i << " when accessing via an iterator "
+        << "created with the copy constructor.\n";
+    // We cannot use EXPECT_EQ() here as the values may be tuples,
+    // which don't support <<.
+    EXPECT_TRUE(expected_values[i] == *it)
+        << "where i is " << i
+        << ", expected_values[i] is " << PrintValue(expected_values[i])
+        << ", *it is " << PrintValue(*it)
+        << ", and 'it' is an iterator created with the copy constructor.\n";
+    it++;
+  }
+  EXPECT_TRUE(it == generator.end())
+        << "At the presumed end of sequence when accessing via an iterator "
+        << "created with the copy constructor.\n";
+
+  // Test the iterator assignment. The following lines verify that
+  // the sequence accessed via an iterator initialized via the
+  // assignment operator (as opposed to a copy constructor) matches
+  // just the same.
+  it = generator.begin();
+  for (size_t i = 0; i < N; ++i) {
+    ASSERT_FALSE(it == generator.end())
+        << "At element " << i << " when accessing via an iterator "
+        << "created with the assignment operator.\n";
+    EXPECT_TRUE(expected_values[i] == *it)
+        << "where i is " << i
+        << ", expected_values[i] is " << PrintValue(expected_values[i])
+        << ", *it is " << PrintValue(*it)
+        << ", and 'it' is an iterator created with the copy constructor.\n";
+    it++;
+  }
+  EXPECT_TRUE(it == generator.end())
+        << "At the presumed end of sequence when accessing via an iterator "
+        << "created with the assignment operator.\n";
+}
+
+template <typename T>
+void VerifyGeneratorIsEmpty(const ParamGenerator<T>& generator) {
+  typename ParamGenerator<T>::iterator it = generator.begin();
+  EXPECT_TRUE(it == generator.end());
+
+  it = generator.begin();
+  EXPECT_TRUE(it == generator.end());
+}
+
+// Generator tests. They test that each of the provided generator functions
+// generates an expected sequence of values. The general test pattern
+// instantiates a generator using one of the generator functions,
+// checks the sequence produced by the generator using its iterator API,
+// and then resets the iterator back to the beginning of the sequence
+// and checks the sequence again.
+
+// Tests that iterators produced by generator functions conform to the
+// ForwardIterator concept.
+TEST(IteratorTest, ParamIteratorConformsToForwardIteratorConcept) {
+  const ParamGenerator<int> gen = Range(0, 10);
+  ParamGenerator<int>::iterator it = gen.begin();
+
+  // Verifies that iterator initialization works as expected.
+  ParamGenerator<int>::iterator it2 = it;
+  EXPECT_TRUE(*it == *it2) << "Initialized iterators must point to the "
+                           << "element same as its source points to";
+
+  // Verifies that iterator assignment works as expected.
+  it++;
+  EXPECT_FALSE(*it == *it2);
+  it2 = it;
+  EXPECT_TRUE(*it == *it2) << "Assigned iterators must point to the "
+                           << "element same as its source points to";
+
+  // Verifies that prefix operator++() returns *this.
+  EXPECT_EQ(&it, &(++it)) << "Result of the prefix operator++ must be "
+                          << "refer to the original object";
+
+  // Verifies that the result of the postfix operator++ points to the value
+  // pointed to by the original iterator.
+  int original_value = *it;  // Have to compute it outside of macro call to be
+                             // unaffected by the parameter evaluation order.
+  EXPECT_EQ(original_value, *(it++));
+
+  // Verifies that prefix and postfix operator++() advance an iterator
+  // all the same.
+  it2 = it;
+  it++;
+  ++it2;
+  EXPECT_TRUE(*it == *it2);
+}
+
+// Tests that Range() generates the expected sequence.
+TEST(RangeTest, IntRangeWithDefaultStep) {
+  const ParamGenerator<int> gen = Range(0, 3);
+  const int expected_values[] = {0, 1, 2};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that Range() generates the single element sequence
+// as expected when provided with range limits that are equal.
+TEST(RangeTest, IntRangeSingleValue) {
+  const ParamGenerator<int> gen = Range(0, 1);
+  const int expected_values[] = {0};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that Range() with generates empty sequence when
+// supplied with an empty range.
+TEST(RangeTest, IntRangeEmpty) {
+  const ParamGenerator<int> gen = Range(0, 0);
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Tests that Range() with custom step (greater then one) generates
+// the expected sequence.
+TEST(RangeTest, IntRangeWithCustomStep) {
+  const ParamGenerator<int> gen = Range(0, 9, 3);
+  const int expected_values[] = {0, 3, 6};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Range() with custom step (greater then one) generates
+// the expected sequence when the last element does not fall on the
+// upper range limit. Sequences generated by Range() must not have
+// elements beyond the range limits.
+TEST(RangeTest, IntRangeWithCustomStepOverUpperBound) {
+  const ParamGenerator<int> gen = Range(0, 4, 3);
+  const int expected_values[] = {0, 3};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Verifies that Range works with user-defined types that define
+// copy constructor, operator=(), operator+(), and operator<().
+class DogAdder {
+ public:
+  explicit DogAdder(const char* a_value) : value_(a_value) {}
+  DogAdder(const DogAdder& other) : value_(other.value_.c_str()) {}
+
+  DogAdder operator=(const DogAdder& other) {
+    if (this != &other)
+      value_ = other.value_;
+    return *this;
+  }
+  DogAdder operator+(const DogAdder& other) const {
+    Message msg;
+    msg << value_.c_str() << other.value_.c_str();
+    return DogAdder(msg.GetString().c_str());
+  }
+  bool operator<(const DogAdder& other) const {
+    return value_ < other.value_;
+  }
+  const std::string& value() const { return value_; }
+
+ private:
+  std::string value_;
+};
+
+TEST(RangeTest, WorksWithACustomType) {
+  const ParamGenerator<DogAdder> gen =
+      Range(DogAdder("cat"), DogAdder("catdogdog"), DogAdder("dog"));
+  ParamGenerator<DogAdder>::iterator it = gen.begin();
+
+  ASSERT_FALSE(it == gen.end());
+  EXPECT_STREQ("cat", it->value().c_str());
+
+  ASSERT_FALSE(++it == gen.end());
+  EXPECT_STREQ("catdog", it->value().c_str());
+
+  EXPECT_TRUE(++it == gen.end());
+}
+
+class IntWrapper {
+ public:
+  explicit IntWrapper(int a_value) : value_(a_value) {}
+  IntWrapper(const IntWrapper& other) : value_(other.value_) {}
+
+  IntWrapper operator=(const IntWrapper& other) {
+    value_ = other.value_;
+    return *this;
+  }
+  // operator+() adds a different type.
+  IntWrapper operator+(int other) const { return IntWrapper(value_ + other); }
+  bool operator<(const IntWrapper& other) const {
+    return value_ < other.value_;
+  }
+  int value() const { return value_; }
+
+ private:
+  int value_;
+};
+
+TEST(RangeTest, WorksWithACustomTypeWithDifferentIncrementType) {
+  const ParamGenerator<IntWrapper> gen = Range(IntWrapper(0), IntWrapper(2));
+  ParamGenerator<IntWrapper>::iterator it = gen.begin();
+
+  ASSERT_FALSE(it == gen.end());
+  EXPECT_EQ(0, it->value());
+
+  ASSERT_FALSE(++it == gen.end());
+  EXPECT_EQ(1, it->value());
+
+  EXPECT_TRUE(++it == gen.end());
+}
+
+// Tests that ValuesIn() with an array parameter generates
+// the expected sequence.
+TEST(ValuesInTest, ValuesInArray) {
+  int array[] = {3, 5, 8};
+  const ParamGenerator<int> gen = ValuesIn(array);
+  VerifyGenerator(gen, array);
+}
+
+// Tests that ValuesIn() with a const array parameter generates
+// the expected sequence.
+TEST(ValuesInTest, ValuesInConstArray) {
+  const int array[] = {3, 5, 8};
+  const ParamGenerator<int> gen = ValuesIn(array);
+  VerifyGenerator(gen, array);
+}
+
+// Edge case. Tests that ValuesIn() with an array parameter containing a
+// single element generates the single element sequence.
+TEST(ValuesInTest, ValuesInSingleElementArray) {
+  int array[] = {42};
+  const ParamGenerator<int> gen = ValuesIn(array);
+  VerifyGenerator(gen, array);
+}
+
+// Tests that ValuesIn() generates the expected sequence for an STL
+// container (vector).
+TEST(ValuesInTest, ValuesInVector) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  values.push_back(3);
+  values.push_back(5);
+  values.push_back(8);
+  const ParamGenerator<int> gen = ValuesIn(values);
+
+  const int expected_values[] = {3, 5, 8};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that ValuesIn() generates the expected sequence.
+TEST(ValuesInTest, ValuesInIteratorRange) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  values.push_back(3);
+  values.push_back(5);
+  values.push_back(8);
+  const ParamGenerator<int> gen = ValuesIn(values.begin(), values.end());
+
+  const int expected_values[] = {3, 5, 8};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that ValuesIn() provided with an iterator range specifying a
+// single value generates a single-element sequence.
+TEST(ValuesInTest, ValuesInSingleElementIteratorRange) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  values.push_back(42);
+  const ParamGenerator<int> gen = ValuesIn(values.begin(), values.end());
+
+  const int expected_values[] = {42};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that ValuesIn() provided with an empty iterator range
+// generates an empty sequence.
+TEST(ValuesInTest, ValuesInEmptyIteratorRange) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  const ParamGenerator<int> gen = ValuesIn(values.begin(), values.end());
+
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Tests that the Values() generates the expected sequence.
+TEST(ValuesTest, ValuesWorks) {
+  const ParamGenerator<int> gen = Values(3, 5, 8);
+
+  const int expected_values[] = {3, 5, 8};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Values() generates the expected sequences from elements of
+// different types convertible to ParamGenerator's parameter type.
+TEST(ValuesTest, ValuesWorksForValuesOfCompatibleTypes) {
+  const ParamGenerator<double> gen = Values(3, 5.0f, 8.0);
+
+  const double expected_values[] = {3.0, 5.0, 8.0};
+  VerifyGenerator(gen, expected_values);
+}
+
+TEST(ValuesTest, ValuesWorksForMaxLengthList) {
+  const ParamGenerator<int> gen = Values(
+      10, 20, 30, 40, 50, 60, 70, 80, 90, 100,
+      110, 120, 130, 140, 150, 160, 170, 180, 190, 200,
+      210, 220, 230, 240, 250, 260, 270, 280, 290, 300,
+      310, 320, 330, 340, 350, 360, 370, 380, 390, 400,
+      410, 420, 430, 440, 450, 460, 470, 480, 490, 500);
+
+  const int expected_values[] = {
+      10, 20, 30, 40, 50, 60, 70, 80, 90, 100,
+      110, 120, 130, 140, 150, 160, 170, 180, 190, 200,
+      210, 220, 230, 240, 250, 260, 270, 280, 290, 300,
+      310, 320, 330, 340, 350, 360, 370, 380, 390, 400,
+      410, 420, 430, 440, 450, 460, 470, 480, 490, 500};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case test. Tests that single-parameter Values() generates the sequence
+// with the single value.
+TEST(ValuesTest, ValuesWithSingleParameter) {
+  const ParamGenerator<int> gen = Values(42);
+
+  const int expected_values[] = {42};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Bool() generates sequence (false, true).
+TEST(BoolTest, BoolWorks) {
+  const ParamGenerator<bool> gen = Bool();
+
+  const bool expected_values[] = {false, true};
+  VerifyGenerator(gen, expected_values);
+}
+
+# if GTEST_HAS_COMBINE
+
+// Tests that Combine() with two parameters generates the expected sequence.
+TEST(CombineTest, CombineWithTwoParameters) {
+  const char* foo = "foo";
+  const char* bar = "bar";
+  const ParamGenerator<tuple<const char*, int> > gen =
+      Combine(Values(foo, bar), Values(3, 4));
+
+  tuple<const char*, int> expected_values[] = {
+    make_tuple(foo, 3), make_tuple(foo, 4),
+    make_tuple(bar, 3), make_tuple(bar, 4)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Combine() with three parameters generates the expected sequence.
+TEST(CombineTest, CombineWithThreeParameters) {
+  const ParamGenerator<tuple<int, int, int> > gen = Combine(Values(0, 1),
+                                                            Values(3, 4),
+                                                            Values(5, 6));
+  tuple<int, int, int> expected_values[] = {
+    make_tuple(0, 3, 5), make_tuple(0, 3, 6),
+    make_tuple(0, 4, 5), make_tuple(0, 4, 6),
+    make_tuple(1, 3, 5), make_tuple(1, 3, 6),
+    make_tuple(1, 4, 5), make_tuple(1, 4, 6)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that the Combine() with the first parameter generating a single value
+// sequence generates a sequence with the number of elements equal to the
+// number of elements in the sequence generated by the second parameter.
+TEST(CombineTest, CombineWithFirstParameterSingleValue) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Values(42),
+                                                       Values(0, 1));
+
+  tuple<int, int> expected_values[] = {make_tuple(42, 0), make_tuple(42, 1)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that the Combine() with the second parameter generating a single value
+// sequence generates a sequence with the number of elements equal to the
+// number of elements in the sequence generated by the first parameter.
+TEST(CombineTest, CombineWithSecondParameterSingleValue) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Values(0, 1),
+                                                       Values(42));
+
+  tuple<int, int> expected_values[] = {make_tuple(0, 42), make_tuple(1, 42)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that when the first parameter produces an empty sequence,
+// Combine() produces an empty sequence, too.
+TEST(CombineTest, CombineWithFirstParameterEmptyRange) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Range(0, 0),
+                                                       Values(0, 1));
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Tests that when the second parameter produces an empty sequence,
+// Combine() produces an empty sequence, too.
+TEST(CombineTest, CombineWithSecondParameterEmptyRange) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Values(0, 1),
+                                                       Range(1, 1));
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Edge case. Tests that combine works with the maximum number
+// of parameters supported by Google Test (currently 10).
+TEST(CombineTest, CombineWithMaxNumberOfParameters) {
+  const char* foo = "foo";
+  const char* bar = "bar";
+  const ParamGenerator<tuple<const char*, int, int, int, int, int, int, int,
+                             int, int> > gen = Combine(Values(foo, bar),
+                                                       Values(1), Values(2),
+                                                       Values(3), Values(4),
+                                                       Values(5), Values(6),
+                                                       Values(7), Values(8),
+                                                       Values(9));
+
+  tuple<const char*, int, int, int, int, int, int, int, int, int>
+      expected_values[] = {make_tuple(foo, 1, 2, 3, 4, 5, 6, 7, 8, 9),
+                           make_tuple(bar, 1, 2, 3, 4, 5, 6, 7, 8, 9)};
+  VerifyGenerator(gen, expected_values);
+}
+
+# endif  // GTEST_HAS_COMBINE
+
+// Tests that an generator produces correct sequence after being
+// assigned from another generator.
+TEST(ParamGeneratorTest, AssignmentWorks) {
+  ParamGenerator<int> gen = Values(1, 2);
+  const ParamGenerator<int> gen2 = Values(3, 4);
+  gen = gen2;
+
+  const int expected_values[] = {3, 4};
+  VerifyGenerator(gen, expected_values);
+}
+
+// This test verifies that the tests are expanded and run as specified:
+// one test per element from the sequence produced by the generator
+// specified in INSTANTIATE_TEST_CASE_P. It also verifies that the test's
+// fixture constructor, SetUp(), and TearDown() have run and have been
+// supplied with the correct parameters.
+
+// The use of environment object allows detection of the case where no test
+// case functionality is run at all. In this case TestCaseTearDown will not
+// be able to detect missing tests, naturally.
+template <int kExpectedCalls>
+class TestGenerationEnvironment : public ::testing::Environment {
+ public:
+  static TestGenerationEnvironment* Instance() {
+    static TestGenerationEnvironment* instance = new TestGenerationEnvironment;
+    return instance;
+  }
+
+  void FixtureConstructorExecuted() { fixture_constructor_count_++; }
+  void SetUpExecuted() { set_up_count_++; }
+  void TearDownExecuted() { tear_down_count_++; }
+  void TestBodyExecuted() { test_body_count_++; }
+
+  virtual void TearDown() {
+    // If all MultipleTestGenerationTest tests have been de-selected
+    // by the filter flag, the following checks make no sense.
+    bool perform_check = false;
+
+    for (int i = 0; i < kExpectedCalls; ++i) {
+      Message msg;
+      msg << "TestsExpandedAndRun/" << i;
+      if (UnitTestOptions::FilterMatchesTest(
+             "TestExpansionModule/MultipleTestGenerationTest",
+              msg.GetString().c_str())) {
+        perform_check = true;
+      }
+    }
+    if (perform_check) {
+      EXPECT_EQ(kExpectedCalls, fixture_constructor_count_)
+          << "Fixture constructor of ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+      EXPECT_EQ(kExpectedCalls, set_up_count_)
+          << "Fixture SetUp method of ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+      EXPECT_EQ(kExpectedCalls, tear_down_count_)
+          << "Fixture TearDown method of ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+      EXPECT_EQ(kExpectedCalls, test_body_count_)
+          << "Test in ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+    }
+  }
+
+ private:
+  TestGenerationEnvironment() : fixture_constructor_count_(0), set_up_count_(0),
+                                tear_down_count_(0), test_body_count_(0) {}
+
+  int fixture_constructor_count_;
+  int set_up_count_;
+  int tear_down_count_;
+  int test_body_count_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestGenerationEnvironment);
+};
+
+const int test_generation_params[] = {36, 42, 72};
+
+class TestGenerationTest : public TestWithParam<int> {
+ public:
+  enum {
+    PARAMETER_COUNT =
+        sizeof(test_generation_params)/sizeof(test_generation_params[0])
+  };
+
+  typedef TestGenerationEnvironment<PARAMETER_COUNT> Environment;
+
+  TestGenerationTest() {
+    Environment::Instance()->FixtureConstructorExecuted();
+    current_parameter_ = GetParam();
+  }
+  virtual void SetUp() {
+    Environment::Instance()->SetUpExecuted();
+    EXPECT_EQ(current_parameter_, GetParam());
+  }
+  virtual void TearDown() {
+    Environment::Instance()->TearDownExecuted();
+    EXPECT_EQ(current_parameter_, GetParam());
+  }
+
+  static void SetUpTestCase() {
+    bool all_tests_in_test_case_selected = true;
+
+    for (int i = 0; i < PARAMETER_COUNT; ++i) {
+      Message test_name;
+      test_name << "TestsExpandedAndRun/" << i;
+      if ( !UnitTestOptions::FilterMatchesTest(
+                "TestExpansionModule/MultipleTestGenerationTest",
+                test_name.GetString())) {
+        all_tests_in_test_case_selected = false;
+      }
+    }
+    EXPECT_TRUE(all_tests_in_test_case_selected)
+        << "When running the TestGenerationTest test case all of its tests\n"
+        << "must be selected by the filter flag for the test case to pass.\n"
+        << "If not all of them are enabled, we can't reliably conclude\n"
+        << "that the correct number of tests have been generated.";
+
+    collected_parameters_.clear();
+  }
+
+  static void TearDownTestCase() {
+    vector<int> expected_values(test_generation_params,
+                                test_generation_params + PARAMETER_COUNT);
+    // Test execution order is not guaranteed by Google Test,
+    // so the order of values in collected_parameters_ can be
+    // different and we have to sort to compare.
+    sort(expected_values.begin(), expected_values.end());
+    sort(collected_parameters_.begin(), collected_parameters_.end());
+
+    EXPECT_TRUE(collected_parameters_ == expected_values);
+  }
+
+ protected:
+  int current_parameter_;
+  static vector<int> collected_parameters_;
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestGenerationTest);
+};
+vector<int> TestGenerationTest::collected_parameters_;
+
+TEST_P(TestGenerationTest, TestsExpandedAndRun) {
+  Environment::Instance()->TestBodyExecuted();
+  EXPECT_EQ(current_parameter_, GetParam());
+  collected_parameters_.push_back(GetParam());
+}
+INSTANTIATE_TEST_CASE_P(TestExpansionModule, TestGenerationTest,
+                        ValuesIn(test_generation_params));
+
+// This test verifies that the element sequence (third parameter of
+// INSTANTIATE_TEST_CASE_P) is evaluated in InitGoogleTest() and neither at
+// the call site of INSTANTIATE_TEST_CASE_P nor in RUN_ALL_TESTS().  For
+// that, we declare param_value_ to be a static member of
+// GeneratorEvaluationTest and initialize it to 0.  We set it to 1 in
+// main(), just before invocation of InitGoogleTest().  After calling
+// InitGoogleTest(), we set the value to 2.  If the sequence is evaluated
+// before or after InitGoogleTest, INSTANTIATE_TEST_CASE_P will create a
+// test with parameter other than 1, and the test body will fail the
+// assertion.
+class GeneratorEvaluationTest : public TestWithParam<int> {
+ public:
+  static int param_value() { return param_value_; }
+  static void set_param_value(int param_value) { param_value_ = param_value; }
+
+ private:
+  static int param_value_;
+};
+int GeneratorEvaluationTest::param_value_ = 0;
+
+TEST_P(GeneratorEvaluationTest, GeneratorsEvaluatedInMain) {
+  EXPECT_EQ(1, GetParam());
+}
+INSTANTIATE_TEST_CASE_P(GenEvalModule,
+                        GeneratorEvaluationTest,
+                        Values(GeneratorEvaluationTest::param_value()));
+
+// Tests that generators defined in a different translation unit are
+// functional. Generator extern_gen is defined in gtest-param-test_test2.cc.
+extern ParamGenerator<int> extern_gen;
+class ExternalGeneratorTest : public TestWithParam<int> {};
+TEST_P(ExternalGeneratorTest, ExternalGenerator) {
+  // Sequence produced by extern_gen contains only a single value
+  // which we verify here.
+  EXPECT_EQ(GetParam(), 33);
+}
+INSTANTIATE_TEST_CASE_P(ExternalGeneratorModule,
+                        ExternalGeneratorTest,
+                        extern_gen);
+
+// Tests that a parameterized test case can be defined in one translation
+// unit and instantiated in another. This test will be instantiated in
+// gtest-param-test_test2.cc. ExternalInstantiationTest fixture class is
+// defined in gtest-param-test_test.h.
+TEST_P(ExternalInstantiationTest, IsMultipleOf33) {
+  EXPECT_EQ(0, GetParam() % 33);
+}
+
+// Tests that a parameterized test case can be instantiated with multiple
+// generators.
+class MultipleInstantiationTest : public TestWithParam<int> {};
+TEST_P(MultipleInstantiationTest, AllowsMultipleInstances) {
+}
+INSTANTIATE_TEST_CASE_P(Sequence1, MultipleInstantiationTest, Values(1, 2));
+INSTANTIATE_TEST_CASE_P(Sequence2, MultipleInstantiationTest, Range(3, 5));
+
+// Tests that a parameterized test case can be instantiated
+// in multiple translation units. This test will be instantiated
+// here and in gtest-param-test_test2.cc.
+// InstantiationInMultipleTranslationUnitsTest fixture class
+// is defined in gtest-param-test_test.h.
+TEST_P(InstantiationInMultipleTranslaionUnitsTest, IsMultipleOf42) {
+  EXPECT_EQ(0, GetParam() % 42);
+}
+INSTANTIATE_TEST_CASE_P(Sequence1,
+                        InstantiationInMultipleTranslaionUnitsTest,
+                        Values(42, 42*2));
+
+// Tests that each iteration of parameterized test runs in a separate test
+// object.
+class SeparateInstanceTest : public TestWithParam<int> {
+ public:
+  SeparateInstanceTest() : count_(0) {}
+
+  static void TearDownTestCase() {
+    EXPECT_GE(global_count_, 2)
+        << "If some (but not all) SeparateInstanceTest tests have been "
+        << "filtered out this test will fail. Make sure that all "
+        << "GeneratorEvaluationTest are selected or de-selected together "
+        << "by the test filter.";
+  }
+
+ protected:
+  int count_;
+  static int global_count_;
+};
+int SeparateInstanceTest::global_count_ = 0;
+
+TEST_P(SeparateInstanceTest, TestsRunInSeparateInstances) {
+  EXPECT_EQ(0, count_++);
+  global_count_++;
+}
+INSTANTIATE_TEST_CASE_P(FourElemSequence, SeparateInstanceTest, Range(1, 4));
+
+// Tests that all instantiations of a test have named appropriately. Test
+// defined with TEST_P(TestCaseName, TestName) and instantiated with
+// INSTANTIATE_TEST_CASE_P(SequenceName, TestCaseName, generator) must be named
+// SequenceName/TestCaseName.TestName/i, where i is the 0-based index of the
+// sequence element used to instantiate the test.
+class NamingTest : public TestWithParam<int> {};
+
+TEST_P(NamingTest, TestsReportCorrectNamesAndParameters) {
+  const ::testing::TestInfo* const test_info =
+     ::testing::UnitTest::GetInstance()->current_test_info();
+
+  EXPECT_STREQ("ZeroToFiveSequence/NamingTest", test_info->test_case_name());
+
+  Message index_stream;
+  index_stream << "TestsReportCorrectNamesAndParameters/" << GetParam();
+  EXPECT_STREQ(index_stream.GetString().c_str(), test_info->name());
+
+  EXPECT_EQ(::testing::PrintToString(GetParam()), test_info->value_param());
+}
+
+INSTANTIATE_TEST_CASE_P(ZeroToFiveSequence, NamingTest, Range(0, 5));
+
+// Class that cannot be streamed into an ostream.  It needs to be copyable
+// (and, in case of MSVC, also assignable) in order to be a test parameter
+// type.  Its default copy constructor and assignment operator do exactly
+// what we need.
+class Unstreamable {
+ public:
+  explicit Unstreamable(int value) : value_(value) {}
+
+ private:
+  int value_;
+};
+
+class CommentTest : public TestWithParam<Unstreamable> {};
+
+TEST_P(CommentTest, TestsCorrectlyReportUnstreamableParams) {
+  const ::testing::TestInfo* const test_info =
+     ::testing::UnitTest::GetInstance()->current_test_info();
+
+  EXPECT_EQ(::testing::PrintToString(GetParam()), test_info->value_param());
+}
+
+INSTANTIATE_TEST_CASE_P(InstantiationWithComments,
+                        CommentTest,
+                        Values(Unstreamable(1)));
+
+// Verify that we can create a hierarchy of test fixtures, where the base
+// class fixture is not parameterized and the derived class is. In this case
+// ParameterizedDerivedTest inherits from NonParameterizedBaseTest.  We
+// perform simple tests on both.
+class NonParameterizedBaseTest : public ::testing::Test {
+ public:
+  NonParameterizedBaseTest() : n_(17) { }
+ protected:
+  int n_;
+};
+
+class ParameterizedDerivedTest : public NonParameterizedBaseTest,
+                                 public ::testing::WithParamInterface<int> {
+ protected:
+  ParameterizedDerivedTest() : count_(0) { }
+  int count_;
+  static int global_count_;
+};
+
+int ParameterizedDerivedTest::global_count_ = 0;
+
+TEST_F(NonParameterizedBaseTest, FixtureIsInitialized) {
+  EXPECT_EQ(17, n_);
+}
+
+TEST_P(ParameterizedDerivedTest, SeesSequence) {
+  EXPECT_EQ(17, n_);
+  EXPECT_EQ(0, count_++);
+  EXPECT_EQ(GetParam(), global_count_++);
+}
+
+class ParameterizedDeathTest : public ::testing::TestWithParam<int> { };
+
+TEST_F(ParameterizedDeathTest, GetParamDiesFromTestF) {
+  EXPECT_DEATH_IF_SUPPORTED(GetParam(),
+                            ".* value-parameterized test .*");
+}
+
+INSTANTIATE_TEST_CASE_P(RangeZeroToFive, ParameterizedDerivedTest, Range(0, 5));
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+TEST(CompileTest, CombineIsDefinedOnlyWhenGtestHasParamTestIsDefined) {
+#if GTEST_HAS_COMBINE && !GTEST_HAS_PARAM_TEST
+  FAIL() << "GTEST_HAS_COMBINE is defined while GTEST_HAS_PARAM_TEST is not\n"
+#endif
+}
+
+int main(int argc, char **argv) {
+#if GTEST_HAS_PARAM_TEST
+  // Used in TestGenerationTest test case.
+  AddGlobalTestEnvironment(TestGenerationTest::Environment::Instance());
+  // Used in GeneratorEvaluationTest test case. Tests that the updated value
+  // will be picked up for instantiating tests in GeneratorEvaluationTest.
+  GeneratorEvaluationTest::set_param_value(1);
+#endif  // GTEST_HAS_PARAM_TEST
+
+  ::testing::InitGoogleTest(&argc, argv);
+
+#if GTEST_HAS_PARAM_TEST
+  // Used in GeneratorEvaluationTest test case. Tests that value updated
+  // here will NOT be used for instantiating tests in
+  // GeneratorEvaluationTest.
+  GeneratorEvaluationTest::set_param_value(2);
+#endif  // GTEST_HAS_PARAM_TEST
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest-param-test_test.h b/nss/external_tests/google_test/gtest/test/gtest-param-test_test.h
new file mode 100644
index 0000000..26ea122
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-param-test_test.h
@@ -0,0 +1,57 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file provides classes and functions used internally
+// for testing Google Test itself.
+
+#ifndef GTEST_TEST_GTEST_PARAM_TEST_TEST_H_
+#define GTEST_TEST_GTEST_PARAM_TEST_TEST_H_
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+// Test fixture for testing definition and instantiation of a test
+// in separate translation units.
+class ExternalInstantiationTest : public ::testing::TestWithParam<int> {
+};
+
+// Test fixture for testing instantiation of a test in multiple
+// translation units.
+class InstantiationInMultipleTranslaionUnitsTest
+    : public ::testing::TestWithParam<int> {
+};
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_TEST_GTEST_PARAM_TEST_TEST_H_
diff --git a/nss/external_tests/google_test/gtest/test/gtest-port_test.cc b/nss/external_tests/google_test/gtest/test/gtest-port_test.cc
new file mode 100644
index 0000000..370c952
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-port_test.cc
@@ -0,0 +1,1323 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev), wan@google.com (Zhanyong Wan)
+//
+// This file tests the internal cross-platform support utilities.
+
+#include "gtest/internal/gtest-port.h"
+
+#include <stdio.h>
+
+#if GTEST_OS_MAC
+# include <time.h>
+#endif  // GTEST_OS_MAC
+
+#include <list>
+#include <utility>  // For std::pair and std::make_pair.
+#include <vector>
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+using std::make_pair;
+using std::pair;
+
+namespace testing {
+namespace internal {
+
+TEST(IsXDigitTest, WorksForNarrowAscii) {
+  EXPECT_TRUE(IsXDigit('0'));
+  EXPECT_TRUE(IsXDigit('9'));
+  EXPECT_TRUE(IsXDigit('A'));
+  EXPECT_TRUE(IsXDigit('F'));
+  EXPECT_TRUE(IsXDigit('a'));
+  EXPECT_TRUE(IsXDigit('f'));
+
+  EXPECT_FALSE(IsXDigit('-'));
+  EXPECT_FALSE(IsXDigit('g'));
+  EXPECT_FALSE(IsXDigit('G'));
+}
+
+TEST(IsXDigitTest, ReturnsFalseForNarrowNonAscii) {
+  EXPECT_FALSE(IsXDigit(static_cast<char>(0x80)));
+  EXPECT_FALSE(IsXDigit(static_cast<char>('0' | 0x80)));
+}
+
+TEST(IsXDigitTest, WorksForWideAscii) {
+  EXPECT_TRUE(IsXDigit(L'0'));
+  EXPECT_TRUE(IsXDigit(L'9'));
+  EXPECT_TRUE(IsXDigit(L'A'));
+  EXPECT_TRUE(IsXDigit(L'F'));
+  EXPECT_TRUE(IsXDigit(L'a'));
+  EXPECT_TRUE(IsXDigit(L'f'));
+
+  EXPECT_FALSE(IsXDigit(L'-'));
+  EXPECT_FALSE(IsXDigit(L'g'));
+  EXPECT_FALSE(IsXDigit(L'G'));
+}
+
+TEST(IsXDigitTest, ReturnsFalseForWideNonAscii) {
+  EXPECT_FALSE(IsXDigit(static_cast<wchar_t>(0x80)));
+  EXPECT_FALSE(IsXDigit(static_cast<wchar_t>(L'0' | 0x80)));
+  EXPECT_FALSE(IsXDigit(static_cast<wchar_t>(L'0' | 0x100)));
+}
+
+class Base {
+ public:
+  // Copy constructor and assignment operator do exactly what we need, so we
+  // use them.
+  Base() : member_(0) {}
+  explicit Base(int n) : member_(n) {}
+  virtual ~Base() {}
+  int member() { return member_; }
+
+ private:
+  int member_;
+};
+
+class Derived : public Base {
+ public:
+  explicit Derived(int n) : Base(n) {}
+};
+
+TEST(ImplicitCastTest, ConvertsPointers) {
+  Derived derived(0);
+  EXPECT_TRUE(&derived == ::testing::internal::ImplicitCast_<Base*>(&derived));
+}
+
+TEST(ImplicitCastTest, CanUseInheritance) {
+  Derived derived(1);
+  Base base = ::testing::internal::ImplicitCast_<Base>(derived);
+  EXPECT_EQ(derived.member(), base.member());
+}
+
+class Castable {
+ public:
+  explicit Castable(bool* converted) : converted_(converted) {}
+  operator Base() {
+    *converted_ = true;
+    return Base();
+  }
+
+ private:
+  bool* converted_;
+};
+
+TEST(ImplicitCastTest, CanUseNonConstCastOperator) {
+  bool converted = false;
+  Castable castable(&converted);
+  Base base = ::testing::internal::ImplicitCast_<Base>(castable);
+  EXPECT_TRUE(converted);
+}
+
+class ConstCastable {
+ public:
+  explicit ConstCastable(bool* converted) : converted_(converted) {}
+  operator Base() const {
+    *converted_ = true;
+    return Base();
+  }
+
+ private:
+  bool* converted_;
+};
+
+TEST(ImplicitCastTest, CanUseConstCastOperatorOnConstValues) {
+  bool converted = false;
+  const ConstCastable const_castable(&converted);
+  Base base = ::testing::internal::ImplicitCast_<Base>(const_castable);
+  EXPECT_TRUE(converted);
+}
+
+class ConstAndNonConstCastable {
+ public:
+  ConstAndNonConstCastable(bool* converted, bool* const_converted)
+      : converted_(converted), const_converted_(const_converted) {}
+  operator Base() {
+    *converted_ = true;
+    return Base();
+  }
+  operator Base() const {
+    *const_converted_ = true;
+    return Base();
+  }
+
+ private:
+  bool* converted_;
+  bool* const_converted_;
+};
+
+TEST(ImplicitCastTest, CanSelectBetweenConstAndNonConstCasrAppropriately) {
+  bool converted = false;
+  bool const_converted = false;
+  ConstAndNonConstCastable castable(&converted, &const_converted);
+  Base base = ::testing::internal::ImplicitCast_<Base>(castable);
+  EXPECT_TRUE(converted);
+  EXPECT_FALSE(const_converted);
+
+  converted = false;
+  const_converted = false;
+  const ConstAndNonConstCastable const_castable(&converted, &const_converted);
+  base = ::testing::internal::ImplicitCast_<Base>(const_castable);
+  EXPECT_FALSE(converted);
+  EXPECT_TRUE(const_converted);
+}
+
+class To {
+ public:
+  To(bool* converted) { *converted = true; }  // NOLINT
+};
+
+TEST(ImplicitCastTest, CanUseImplicitConstructor) {
+  bool converted = false;
+  To to = ::testing::internal::ImplicitCast_<To>(&converted);
+  (void)to;
+  EXPECT_TRUE(converted);
+}
+
+TEST(IteratorTraitsTest, WorksForSTLContainerIterators) {
+  StaticAssertTypeEq<int,
+      IteratorTraits< ::std::vector<int>::const_iterator>::value_type>();
+  StaticAssertTypeEq<bool,
+      IteratorTraits< ::std::list<bool>::iterator>::value_type>();
+}
+
+TEST(IteratorTraitsTest, WorksForPointerToNonConst) {
+  StaticAssertTypeEq<char, IteratorTraits<char*>::value_type>();
+  StaticAssertTypeEq<const void*, IteratorTraits<const void**>::value_type>();
+}
+
+TEST(IteratorTraitsTest, WorksForPointerToConst) {
+  StaticAssertTypeEq<char, IteratorTraits<const char*>::value_type>();
+  StaticAssertTypeEq<const void*,
+      IteratorTraits<const void* const*>::value_type>();
+}
+
+// Tests that the element_type typedef is available in scoped_ptr and refers
+// to the parameter type.
+TEST(ScopedPtrTest, DefinesElementType) {
+  StaticAssertTypeEq<int, ::testing::internal::scoped_ptr<int>::element_type>();
+}
+
+// TODO(vladl@google.com): Implement THE REST of scoped_ptr tests.
+
+TEST(GtestCheckSyntaxTest, BehavesLikeASingleStatement) {
+  if (AlwaysFalse())
+    GTEST_CHECK_(false) << "This should never be executed; "
+                           "It's a compilation test only.";
+
+  if (AlwaysTrue())
+    GTEST_CHECK_(true);
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    GTEST_CHECK_(true) << "";
+}
+
+TEST(GtestCheckSyntaxTest, WorksWithSwitch) {
+  switch (0) {
+    case 1:
+      break;
+    default:
+      GTEST_CHECK_(true);
+  }
+
+  switch (0)
+    case 0:
+      GTEST_CHECK_(true) << "Check failed in switch case";
+}
+
+// Verifies behavior of FormatFileLocation.
+TEST(FormatFileLocationTest, FormatsFileLocation) {
+  EXPECT_PRED_FORMAT2(IsSubstring, "foo.cc", FormatFileLocation("foo.cc", 42));
+  EXPECT_PRED_FORMAT2(IsSubstring, "42", FormatFileLocation("foo.cc", 42));
+}
+
+TEST(FormatFileLocationTest, FormatsUnknownFile) {
+  EXPECT_PRED_FORMAT2(
+      IsSubstring, "unknown file", FormatFileLocation(NULL, 42));
+  EXPECT_PRED_FORMAT2(IsSubstring, "42", FormatFileLocation(NULL, 42));
+}
+
+TEST(FormatFileLocationTest, FormatsUknownLine) {
+  EXPECT_EQ("foo.cc:", FormatFileLocation("foo.cc", -1));
+}
+
+TEST(FormatFileLocationTest, FormatsUknownFileAndLine) {
+  EXPECT_EQ("unknown file:", FormatFileLocation(NULL, -1));
+}
+
+// Verifies behavior of FormatCompilerIndependentFileLocation.
+TEST(FormatCompilerIndependentFileLocationTest, FormatsFileLocation) {
+  EXPECT_EQ("foo.cc:42", FormatCompilerIndependentFileLocation("foo.cc", 42));
+}
+
+TEST(FormatCompilerIndependentFileLocationTest, FormatsUknownFile) {
+  EXPECT_EQ("unknown file:42",
+            FormatCompilerIndependentFileLocation(NULL, 42));
+}
+
+TEST(FormatCompilerIndependentFileLocationTest, FormatsUknownLine) {
+  EXPECT_EQ("foo.cc", FormatCompilerIndependentFileLocation("foo.cc", -1));
+}
+
+TEST(FormatCompilerIndependentFileLocationTest, FormatsUknownFileAndLine) {
+  EXPECT_EQ("unknown file", FormatCompilerIndependentFileLocation(NULL, -1));
+}
+
+#if GTEST_OS_MAC || GTEST_OS_QNX
+void* ThreadFunc(void* data) {
+  pthread_mutex_t* mutex = static_cast<pthread_mutex_t*>(data);
+  pthread_mutex_lock(mutex);
+  pthread_mutex_unlock(mutex);
+  return NULL;
+}
+
+TEST(GetThreadCountTest, ReturnsCorrectValue) {
+  EXPECT_EQ(1U, GetThreadCount());
+  pthread_mutex_t mutex;
+  pthread_attr_t  attr;
+  pthread_t       thread_id;
+
+  // TODO(vladl@google.com): turn mutex into internal::Mutex for automatic
+  // destruction.
+  pthread_mutex_init(&mutex, NULL);
+  pthread_mutex_lock(&mutex);
+  ASSERT_EQ(0, pthread_attr_init(&attr));
+  ASSERT_EQ(0, pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE));
+
+  const int status = pthread_create(&thread_id, &attr, &ThreadFunc, &mutex);
+  ASSERT_EQ(0, pthread_attr_destroy(&attr));
+  ASSERT_EQ(0, status);
+  EXPECT_EQ(2U, GetThreadCount());
+  pthread_mutex_unlock(&mutex);
+
+  void* dummy;
+  ASSERT_EQ(0, pthread_join(thread_id, &dummy));
+
+# if GTEST_OS_MAC
+
+  // MacOS X may not immediately report the updated thread count after
+  // joining a thread, causing flakiness in this test. To counter that, we
+  // wait for up to .5 seconds for the OS to report the correct value.
+  for (int i = 0; i < 5; ++i) {
+    if (GetThreadCount() == 1)
+      break;
+
+    SleepMilliseconds(100);
+  }
+
+# endif  // GTEST_OS_MAC
+
+  EXPECT_EQ(1U, GetThreadCount());
+  pthread_mutex_destroy(&mutex);
+}
+#else
+TEST(GetThreadCountTest, ReturnsZeroWhenUnableToCountThreads) {
+  EXPECT_EQ(0U, GetThreadCount());
+}
+#endif  // GTEST_OS_MAC || GTEST_OS_QNX
+
+TEST(GtestCheckDeathTest, DiesWithCorrectOutputOnFailure) {
+  const bool a_false_condition = false;
+  const char regex[] =
+#ifdef _MSC_VER
+     "gtest-port_test\\.cc\\(\\d+\\):"
+#elif GTEST_USES_POSIX_RE
+     "gtest-port_test\\.cc:[0-9]+"
+#else
+     "gtest-port_test\\.cc:\\d+"
+#endif  // _MSC_VER
+     ".*a_false_condition.*Extra info.*";
+
+  EXPECT_DEATH_IF_SUPPORTED(GTEST_CHECK_(a_false_condition) << "Extra info",
+                            regex);
+}
+
+#if GTEST_HAS_DEATH_TEST
+
+TEST(GtestCheckDeathTest, LivesSilentlyOnSuccess) {
+  EXPECT_EXIT({
+      GTEST_CHECK_(true) << "Extra info";
+      ::std::cerr << "Success\n";
+      exit(0); },
+      ::testing::ExitedWithCode(0), "Success");
+}
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Verifies that Google Test choose regular expression engine appropriate to
+// the platform. The test will produce compiler errors in case of failure.
+// For simplicity, we only cover the most important platforms here.
+TEST(RegexEngineSelectionTest, SelectsCorrectRegexEngine) {
+#if GTEST_HAS_POSIX_RE
+
+  EXPECT_TRUE(GTEST_USES_POSIX_RE);
+
+#else
+
+  EXPECT_TRUE(GTEST_USES_SIMPLE_RE);
+
+#endif
+}
+
+#if GTEST_USES_POSIX_RE
+
+# if GTEST_HAS_TYPED_TEST
+
+template <typename Str>
+class RETest : public ::testing::Test {};
+
+// Defines StringTypes as the list of all string types that class RE
+// supports.
+typedef testing::Types<
+    ::std::string,
+#  if GTEST_HAS_GLOBAL_STRING
+    ::string,
+#  endif  // GTEST_HAS_GLOBAL_STRING
+    const char*> StringTypes;
+
+TYPED_TEST_CASE(RETest, StringTypes);
+
+// Tests RE's implicit constructors.
+TYPED_TEST(RETest, ImplicitConstructorWorks) {
+  const RE empty(TypeParam(""));
+  EXPECT_STREQ("", empty.pattern());
+
+  const RE simple(TypeParam("hello"));
+  EXPECT_STREQ("hello", simple.pattern());
+
+  const RE normal(TypeParam(".*(\\w+)"));
+  EXPECT_STREQ(".*(\\w+)", normal.pattern());
+}
+
+// Tests that RE's constructors reject invalid regular expressions.
+TYPED_TEST(RETest, RejectsInvalidRegex) {
+  EXPECT_NONFATAL_FAILURE({
+    const RE invalid(TypeParam("?"));
+  }, "\"?\" is not a valid POSIX Extended regular expression.");
+}
+
+// Tests RE::FullMatch().
+TYPED_TEST(RETest, FullMatchWorks) {
+  const RE empty(TypeParam(""));
+  EXPECT_TRUE(RE::FullMatch(TypeParam(""), empty));
+  EXPECT_FALSE(RE::FullMatch(TypeParam("a"), empty));
+
+  const RE re(TypeParam("a.*z"));
+  EXPECT_TRUE(RE::FullMatch(TypeParam("az"), re));
+  EXPECT_TRUE(RE::FullMatch(TypeParam("axyz"), re));
+  EXPECT_FALSE(RE::FullMatch(TypeParam("baz"), re));
+  EXPECT_FALSE(RE::FullMatch(TypeParam("azy"), re));
+}
+
+// Tests RE::PartialMatch().
+TYPED_TEST(RETest, PartialMatchWorks) {
+  const RE empty(TypeParam(""));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam(""), empty));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("a"), empty));
+
+  const RE re(TypeParam("a.*z"));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("az"), re));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("axyz"), re));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("baz"), re));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("azy"), re));
+  EXPECT_FALSE(RE::PartialMatch(TypeParam("zza"), re));
+}
+
+# endif  // GTEST_HAS_TYPED_TEST
+
+#elif GTEST_USES_SIMPLE_RE
+
+TEST(IsInSetTest, NulCharIsNotInAnySet) {
+  EXPECT_FALSE(IsInSet('\0', ""));
+  EXPECT_FALSE(IsInSet('\0', "\0"));
+  EXPECT_FALSE(IsInSet('\0', "a"));
+}
+
+TEST(IsInSetTest, WorksForNonNulChars) {
+  EXPECT_FALSE(IsInSet('a', "Ab"));
+  EXPECT_FALSE(IsInSet('c', ""));
+
+  EXPECT_TRUE(IsInSet('b', "bcd"));
+  EXPECT_TRUE(IsInSet('b', "ab"));
+}
+
+TEST(IsAsciiDigitTest, IsFalseForNonDigit) {
+  EXPECT_FALSE(IsAsciiDigit('\0'));
+  EXPECT_FALSE(IsAsciiDigit(' '));
+  EXPECT_FALSE(IsAsciiDigit('+'));
+  EXPECT_FALSE(IsAsciiDigit('-'));
+  EXPECT_FALSE(IsAsciiDigit('.'));
+  EXPECT_FALSE(IsAsciiDigit('a'));
+}
+
+TEST(IsAsciiDigitTest, IsTrueForDigit) {
+  EXPECT_TRUE(IsAsciiDigit('0'));
+  EXPECT_TRUE(IsAsciiDigit('1'));
+  EXPECT_TRUE(IsAsciiDigit('5'));
+  EXPECT_TRUE(IsAsciiDigit('9'));
+}
+
+TEST(IsAsciiPunctTest, IsFalseForNonPunct) {
+  EXPECT_FALSE(IsAsciiPunct('\0'));
+  EXPECT_FALSE(IsAsciiPunct(' '));
+  EXPECT_FALSE(IsAsciiPunct('\n'));
+  EXPECT_FALSE(IsAsciiPunct('a'));
+  EXPECT_FALSE(IsAsciiPunct('0'));
+}
+
+TEST(IsAsciiPunctTest, IsTrueForPunct) {
+  for (const char* p = "^-!\"#$%&'()*+,./:;<=>?@[\\]_`{|}~"; *p; p++) {
+    EXPECT_PRED1(IsAsciiPunct, *p);
+  }
+}
+
+TEST(IsRepeatTest, IsFalseForNonRepeatChar) {
+  EXPECT_FALSE(IsRepeat('\0'));
+  EXPECT_FALSE(IsRepeat(' '));
+  EXPECT_FALSE(IsRepeat('a'));
+  EXPECT_FALSE(IsRepeat('1'));
+  EXPECT_FALSE(IsRepeat('-'));
+}
+
+TEST(IsRepeatTest, IsTrueForRepeatChar) {
+  EXPECT_TRUE(IsRepeat('?'));
+  EXPECT_TRUE(IsRepeat('*'));
+  EXPECT_TRUE(IsRepeat('+'));
+}
+
+TEST(IsAsciiWhiteSpaceTest, IsFalseForNonWhiteSpace) {
+  EXPECT_FALSE(IsAsciiWhiteSpace('\0'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('a'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('1'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('+'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('_'));
+}
+
+TEST(IsAsciiWhiteSpaceTest, IsTrueForWhiteSpace) {
+  EXPECT_TRUE(IsAsciiWhiteSpace(' '));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\n'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\r'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\t'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\v'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\f'));
+}
+
+TEST(IsAsciiWordCharTest, IsFalseForNonWordChar) {
+  EXPECT_FALSE(IsAsciiWordChar('\0'));
+  EXPECT_FALSE(IsAsciiWordChar('+'));
+  EXPECT_FALSE(IsAsciiWordChar('.'));
+  EXPECT_FALSE(IsAsciiWordChar(' '));
+  EXPECT_FALSE(IsAsciiWordChar('\n'));
+}
+
+TEST(IsAsciiWordCharTest, IsTrueForLetter) {
+  EXPECT_TRUE(IsAsciiWordChar('a'));
+  EXPECT_TRUE(IsAsciiWordChar('b'));
+  EXPECT_TRUE(IsAsciiWordChar('A'));
+  EXPECT_TRUE(IsAsciiWordChar('Z'));
+}
+
+TEST(IsAsciiWordCharTest, IsTrueForDigit) {
+  EXPECT_TRUE(IsAsciiWordChar('0'));
+  EXPECT_TRUE(IsAsciiWordChar('1'));
+  EXPECT_TRUE(IsAsciiWordChar('7'));
+  EXPECT_TRUE(IsAsciiWordChar('9'));
+}
+
+TEST(IsAsciiWordCharTest, IsTrueForUnderscore) {
+  EXPECT_TRUE(IsAsciiWordChar('_'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForNonPrintable) {
+  EXPECT_FALSE(IsValidEscape('\0'));
+  EXPECT_FALSE(IsValidEscape('\007'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForDigit) {
+  EXPECT_FALSE(IsValidEscape('0'));
+  EXPECT_FALSE(IsValidEscape('9'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForWhiteSpace) {
+  EXPECT_FALSE(IsValidEscape(' '));
+  EXPECT_FALSE(IsValidEscape('\n'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForSomeLetter) {
+  EXPECT_FALSE(IsValidEscape('a'));
+  EXPECT_FALSE(IsValidEscape('Z'));
+}
+
+TEST(IsValidEscapeTest, IsTrueForPunct) {
+  EXPECT_TRUE(IsValidEscape('.'));
+  EXPECT_TRUE(IsValidEscape('-'));
+  EXPECT_TRUE(IsValidEscape('^'));
+  EXPECT_TRUE(IsValidEscape('$'));
+  EXPECT_TRUE(IsValidEscape('('));
+  EXPECT_TRUE(IsValidEscape(']'));
+  EXPECT_TRUE(IsValidEscape('{'));
+  EXPECT_TRUE(IsValidEscape('|'));
+}
+
+TEST(IsValidEscapeTest, IsTrueForSomeLetter) {
+  EXPECT_TRUE(IsValidEscape('d'));
+  EXPECT_TRUE(IsValidEscape('D'));
+  EXPECT_TRUE(IsValidEscape('s'));
+  EXPECT_TRUE(IsValidEscape('S'));
+  EXPECT_TRUE(IsValidEscape('w'));
+  EXPECT_TRUE(IsValidEscape('W'));
+}
+
+TEST(AtomMatchesCharTest, EscapedPunct) {
+  EXPECT_FALSE(AtomMatchesChar(true, '\\', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, '\\', ' '));
+  EXPECT_FALSE(AtomMatchesChar(true, '_', '.'));
+  EXPECT_FALSE(AtomMatchesChar(true, '.', 'a'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, '\\', '\\'));
+  EXPECT_TRUE(AtomMatchesChar(true, '_', '_'));
+  EXPECT_TRUE(AtomMatchesChar(true, '+', '+'));
+  EXPECT_TRUE(AtomMatchesChar(true, '.', '.'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_d) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'd', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'd', 'a'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'd', '.'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'd', '0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'd', '9'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_D) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'D', '0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'D', '9'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'D', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'D', 'a'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'D', '-'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_s) {
+  EXPECT_FALSE(AtomMatchesChar(true, 's', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 's', 'a'));
+  EXPECT_FALSE(AtomMatchesChar(true, 's', '.'));
+  EXPECT_FALSE(AtomMatchesChar(true, 's', '9'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 's', ' '));
+  EXPECT_TRUE(AtomMatchesChar(true, 's', '\n'));
+  EXPECT_TRUE(AtomMatchesChar(true, 's', '\t'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_S) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'S', ' '));
+  EXPECT_FALSE(AtomMatchesChar(true, 'S', '\r'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'S', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'S', 'a'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'S', '9'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_w) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', '+'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', ' '));
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', '\n'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', '0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', 'b'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', 'C'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', '_'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_W) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', 'A'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', 'b'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', '9'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', '_'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'W', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'W', '*'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'W', '\n'));
+}
+
+TEST(AtomMatchesCharTest, EscapedWhiteSpace) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'f', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'f', '\n'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'n', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'n', '\r'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'r', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'r', 'a'));
+  EXPECT_FALSE(AtomMatchesChar(true, 't', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 't', 't'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'v', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'v', '\f'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'f', '\f'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'n', '\n'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'r', '\r'));
+  EXPECT_TRUE(AtomMatchesChar(true, 't', '\t'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'v', '\v'));
+}
+
+TEST(AtomMatchesCharTest, UnescapedDot) {
+  EXPECT_FALSE(AtomMatchesChar(false, '.', '\n'));
+
+  EXPECT_TRUE(AtomMatchesChar(false, '.', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(false, '.', '.'));
+  EXPECT_TRUE(AtomMatchesChar(false, '.', 'a'));
+  EXPECT_TRUE(AtomMatchesChar(false, '.', ' '));
+}
+
+TEST(AtomMatchesCharTest, UnescapedChar) {
+  EXPECT_FALSE(AtomMatchesChar(false, 'a', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(false, 'a', 'b'));
+  EXPECT_FALSE(AtomMatchesChar(false, '$', 'a'));
+
+  EXPECT_TRUE(AtomMatchesChar(false, '$', '$'));
+  EXPECT_TRUE(AtomMatchesChar(false, '5', '5'));
+  EXPECT_TRUE(AtomMatchesChar(false, 'Z', 'Z'));
+}
+
+TEST(ValidateRegexTest, GeneratesFailureAndReturnsFalseForInvalid) {
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex(NULL)),
+                          "NULL is not a valid simple regular expression");
+  EXPECT_NONFATAL_FAILURE(
+      ASSERT_FALSE(ValidateRegex("a\\")),
+      "Syntax error at index 1 in simple regular expression \"a\\\": ");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("a\\")),
+                          "'\\' cannot appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("\\n\\")),
+                          "'\\' cannot appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("\\s\\hb")),
+                          "invalid escape sequence \"\\h\"");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("^^")),
+                          "'^' can only appear at the beginning");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex(".*^b")),
+                          "'^' can only appear at the beginning");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("$$")),
+                          "'$' can only appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("^$a")),
+                          "'$' can only appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("a(b")),
+                          "'(' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("ab)")),
+                          "')' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("[ab")),
+                          "'[' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("a{2")),
+                          "'{' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("?")),
+                          "'?' can only follow a repeatable token");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("^*")),
+                          "'*' can only follow a repeatable token");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("5*+")),
+                          "'+' can only follow a repeatable token");
+}
+
+TEST(ValidateRegexTest, ReturnsTrueForValid) {
+  EXPECT_TRUE(ValidateRegex(""));
+  EXPECT_TRUE(ValidateRegex("a"));
+  EXPECT_TRUE(ValidateRegex(".*"));
+  EXPECT_TRUE(ValidateRegex("^a_+"));
+  EXPECT_TRUE(ValidateRegex("^a\\t\\&?"));
+  EXPECT_TRUE(ValidateRegex("09*$"));
+  EXPECT_TRUE(ValidateRegex("^Z$"));
+  EXPECT_TRUE(ValidateRegex("a\\^Z\\$\\(\\)\\|\\[\\]\\{\\}"));
+}
+
+TEST(MatchRepetitionAndRegexAtHeadTest, WorksForZeroOrOne) {
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "a", "ba"));
+  // Repeating more than once.
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "b", "aab"));
+
+  // Repeating zero times.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "b", "ba"));
+  // Repeating once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "b", "ab"));
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '#', '?', ".", "##"));
+}
+
+TEST(MatchRepetitionAndRegexAtHeadTest, WorksForZeroOrMany) {
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, '.', '*', "a$", "baab"));
+
+  // Repeating zero times.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '.', '*', "b", "bc"));
+  // Repeating once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '.', '*', "b", "abc"));
+  // Repeating more than once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(true, 'w', '*', "-", "ab_1-g"));
+}
+
+TEST(MatchRepetitionAndRegexAtHeadTest, WorksForOneOrMany) {
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, '.', '+', "a$", "baab"));
+  // Repeating zero times.
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, '.', '+', "b", "bc"));
+
+  // Repeating once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '.', '+', "b", "abc"));
+  // Repeating more than once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(true, 'w', '+', "-", "ab_1-g"));
+}
+
+TEST(MatchRegexAtHeadTest, ReturnsTrueForEmptyRegex) {
+  EXPECT_TRUE(MatchRegexAtHead("", ""));
+  EXPECT_TRUE(MatchRegexAtHead("", "ab"));
+}
+
+TEST(MatchRegexAtHeadTest, WorksWhenDollarIsInRegex) {
+  EXPECT_FALSE(MatchRegexAtHead("$", "a"));
+
+  EXPECT_TRUE(MatchRegexAtHead("$", ""));
+  EXPECT_TRUE(MatchRegexAtHead("a$", "a"));
+}
+
+TEST(MatchRegexAtHeadTest, WorksWhenRegexStartsWithEscapeSequence) {
+  EXPECT_FALSE(MatchRegexAtHead("\\w", "+"));
+  EXPECT_FALSE(MatchRegexAtHead("\\W", "ab"));
+
+  EXPECT_TRUE(MatchRegexAtHead("\\sa", "\nab"));
+  EXPECT_TRUE(MatchRegexAtHead("\\d", "1a"));
+}
+
+TEST(MatchRegexAtHeadTest, WorksWhenRegexStartsWithRepetition) {
+  EXPECT_FALSE(MatchRegexAtHead(".+a", "abc"));
+  EXPECT_FALSE(MatchRegexAtHead("a?b", "aab"));
+
+  EXPECT_TRUE(MatchRegexAtHead(".*a", "bc12-ab"));
+  EXPECT_TRUE(MatchRegexAtHead("a?b", "b"));
+  EXPECT_TRUE(MatchRegexAtHead("a?b", "ab"));
+}
+
+TEST(MatchRegexAtHeadTest,
+     WorksWhenRegexStartsWithRepetionOfEscapeSequence) {
+  EXPECT_FALSE(MatchRegexAtHead("\\.+a", "abc"));
+  EXPECT_FALSE(MatchRegexAtHead("\\s?b", "  b"));
+
+  EXPECT_TRUE(MatchRegexAtHead("\\(*a", "((((ab"));
+  EXPECT_TRUE(MatchRegexAtHead("\\^?b", "^b"));
+  EXPECT_TRUE(MatchRegexAtHead("\\\\?b", "b"));
+  EXPECT_TRUE(MatchRegexAtHead("\\\\?b", "\\b"));
+}
+
+TEST(MatchRegexAtHeadTest, MatchesSequentially) {
+  EXPECT_FALSE(MatchRegexAtHead("ab.*c", "acabc"));
+
+  EXPECT_TRUE(MatchRegexAtHead("ab.*c", "ab-fsc"));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsFalseWhenStringIsNull) {
+  EXPECT_FALSE(MatchRegexAnywhere("", NULL));
+}
+
+TEST(MatchRegexAnywhereTest, WorksWhenRegexStartsWithCaret) {
+  EXPECT_FALSE(MatchRegexAnywhere("^a", "ba"));
+  EXPECT_FALSE(MatchRegexAnywhere("^$", "a"));
+
+  EXPECT_TRUE(MatchRegexAnywhere("^a", "ab"));
+  EXPECT_TRUE(MatchRegexAnywhere("^", "ab"));
+  EXPECT_TRUE(MatchRegexAnywhere("^$", ""));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsFalseWhenNoMatch) {
+  EXPECT_FALSE(MatchRegexAnywhere("a", "bcde123"));
+  EXPECT_FALSE(MatchRegexAnywhere("a.+a", "--aa88888888"));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsTrueWhenMatchingPrefix) {
+  EXPECT_TRUE(MatchRegexAnywhere("\\w+", "ab1_ - 5"));
+  EXPECT_TRUE(MatchRegexAnywhere(".*=", "="));
+  EXPECT_TRUE(MatchRegexAnywhere("x.*ab?.*bc", "xaaabc"));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsTrueWhenMatchingNonPrefix) {
+  EXPECT_TRUE(MatchRegexAnywhere("\\w+", "$$$ ab1_ - 5"));
+  EXPECT_TRUE(MatchRegexAnywhere("\\.+=", "=  ...="));
+}
+
+// Tests RE's implicit constructors.
+TEST(RETest, ImplicitConstructorWorks) {
+  const RE empty("");
+  EXPECT_STREQ("", empty.pattern());
+
+  const RE simple("hello");
+  EXPECT_STREQ("hello", simple.pattern());
+}
+
+// Tests that RE's constructors reject invalid regular expressions.
+TEST(RETest, RejectsInvalidRegex) {
+  EXPECT_NONFATAL_FAILURE({
+    const RE normal(NULL);
+  }, "NULL is not a valid simple regular expression");
+
+  EXPECT_NONFATAL_FAILURE({
+    const RE normal(".*(\\w+");
+  }, "'(' is unsupported");
+
+  EXPECT_NONFATAL_FAILURE({
+    const RE invalid("^?");
+  }, "'?' can only follow a repeatable token");
+}
+
+// Tests RE::FullMatch().
+TEST(RETest, FullMatchWorks) {
+  const RE empty("");
+  EXPECT_TRUE(RE::FullMatch("", empty));
+  EXPECT_FALSE(RE::FullMatch("a", empty));
+
+  const RE re1("a");
+  EXPECT_TRUE(RE::FullMatch("a", re1));
+
+  const RE re("a.*z");
+  EXPECT_TRUE(RE::FullMatch("az", re));
+  EXPECT_TRUE(RE::FullMatch("axyz", re));
+  EXPECT_FALSE(RE::FullMatch("baz", re));
+  EXPECT_FALSE(RE::FullMatch("azy", re));
+}
+
+// Tests RE::PartialMatch().
+TEST(RETest, PartialMatchWorks) {
+  const RE empty("");
+  EXPECT_TRUE(RE::PartialMatch("", empty));
+  EXPECT_TRUE(RE::PartialMatch("a", empty));
+
+  const RE re("a.*z");
+  EXPECT_TRUE(RE::PartialMatch("az", re));
+  EXPECT_TRUE(RE::PartialMatch("axyz", re));
+  EXPECT_TRUE(RE::PartialMatch("baz", re));
+  EXPECT_TRUE(RE::PartialMatch("azy", re));
+  EXPECT_FALSE(RE::PartialMatch("zza", re));
+}
+
+#endif  // GTEST_USES_POSIX_RE
+
+#if !GTEST_OS_WINDOWS_MOBILE
+
+TEST(CaptureTest, CapturesStdout) {
+  CaptureStdout();
+  fprintf(stdout, "abc");
+  EXPECT_STREQ("abc", GetCapturedStdout().c_str());
+
+  CaptureStdout();
+  fprintf(stdout, "def%cghi", '\0');
+  EXPECT_EQ(::std::string("def\0ghi", 7), ::std::string(GetCapturedStdout()));
+}
+
+TEST(CaptureTest, CapturesStderr) {
+  CaptureStderr();
+  fprintf(stderr, "jkl");
+  EXPECT_STREQ("jkl", GetCapturedStderr().c_str());
+
+  CaptureStderr();
+  fprintf(stderr, "jkl%cmno", '\0');
+  EXPECT_EQ(::std::string("jkl\0mno", 7), ::std::string(GetCapturedStderr()));
+}
+
+// Tests that stdout and stderr capture don't interfere with each other.
+TEST(CaptureTest, CapturesStdoutAndStderr) {
+  CaptureStdout();
+  CaptureStderr();
+  fprintf(stdout, "pqr");
+  fprintf(stderr, "stu");
+  EXPECT_STREQ("pqr", GetCapturedStdout().c_str());
+  EXPECT_STREQ("stu", GetCapturedStderr().c_str());
+}
+
+TEST(CaptureDeathTest, CannotReenterStdoutCapture) {
+  CaptureStdout();
+  EXPECT_DEATH_IF_SUPPORTED(CaptureStdout(),
+                            "Only one stdout capturer can exist at a time");
+  GetCapturedStdout();
+
+  // We cannot test stderr capturing using death tests as they use it
+  // themselves.
+}
+
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+TEST(ThreadLocalTest, DefaultConstructorInitializesToDefaultValues) {
+  ThreadLocal<int> t1;
+  EXPECT_EQ(0, t1.get());
+
+  ThreadLocal<void*> t2;
+  EXPECT_TRUE(t2.get() == NULL);
+}
+
+TEST(ThreadLocalTest, SingleParamConstructorInitializesToParam) {
+  ThreadLocal<int> t1(123);
+  EXPECT_EQ(123, t1.get());
+
+  int i = 0;
+  ThreadLocal<int*> t2(&i);
+  EXPECT_EQ(&i, t2.get());
+}
+
+class NoDefaultContructor {
+ public:
+  explicit NoDefaultContructor(const char*) {}
+  NoDefaultContructor(const NoDefaultContructor&) {}
+};
+
+TEST(ThreadLocalTest, ValueDefaultContructorIsNotRequiredForParamVersion) {
+  ThreadLocal<NoDefaultContructor> bar(NoDefaultContructor("foo"));
+  bar.pointer();
+}
+
+TEST(ThreadLocalTest, GetAndPointerReturnSameValue) {
+  ThreadLocal<std::string> thread_local_string;
+
+  EXPECT_EQ(thread_local_string.pointer(), &(thread_local_string.get()));
+
+  // Verifies the condition still holds after calling set.
+  thread_local_string.set("foo");
+  EXPECT_EQ(thread_local_string.pointer(), &(thread_local_string.get()));
+}
+
+TEST(ThreadLocalTest, PointerAndConstPointerReturnSameValue) {
+  ThreadLocal<std::string> thread_local_string;
+  const ThreadLocal<std::string>& const_thread_local_string =
+      thread_local_string;
+
+  EXPECT_EQ(thread_local_string.pointer(), const_thread_local_string.pointer());
+
+  thread_local_string.set("foo");
+  EXPECT_EQ(thread_local_string.pointer(), const_thread_local_string.pointer());
+}
+
+#if GTEST_IS_THREADSAFE
+
+void AddTwo(int* param) { *param += 2; }
+
+TEST(ThreadWithParamTest, ConstructorExecutesThreadFunc) {
+  int i = 40;
+  ThreadWithParam<int*> thread(&AddTwo, &i, NULL);
+  thread.Join();
+  EXPECT_EQ(42, i);
+}
+
+TEST(MutexDeathTest, AssertHeldShouldAssertWhenNotLocked) {
+  // AssertHeld() is flaky only in the presence of multiple threads accessing
+  // the lock. In this case, the test is robust.
+  EXPECT_DEATH_IF_SUPPORTED({
+    Mutex m;
+    { MutexLock lock(&m); }
+    m.AssertHeld();
+  },
+  "thread .*hold");
+}
+
+TEST(MutexTest, AssertHeldShouldNotAssertWhenLocked) {
+  Mutex m;
+  MutexLock lock(&m);
+  m.AssertHeld();
+}
+
+class AtomicCounterWithMutex {
+ public:
+  explicit AtomicCounterWithMutex(Mutex* mutex) :
+    value_(0), mutex_(mutex), random_(42) {}
+
+  void Increment() {
+    MutexLock lock(mutex_);
+    int temp = value_;
+    {
+      // We need to put up a memory barrier to prevent reads and writes to
+      // value_ rearranged with the call to SleepMilliseconds when observed
+      // from other threads.
+#if GTEST_HAS_PTHREAD
+      // On POSIX, locking a mutex puts up a memory barrier.  We cannot use
+      // Mutex and MutexLock here or rely on their memory barrier
+      // functionality as we are testing them here.
+      pthread_mutex_t memory_barrier_mutex;
+      GTEST_CHECK_POSIX_SUCCESS_(
+          pthread_mutex_init(&memory_barrier_mutex, NULL));
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_lock(&memory_barrier_mutex));
+
+      SleepMilliseconds(random_.Generate(30));
+
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_unlock(&memory_barrier_mutex));
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_destroy(&memory_barrier_mutex));
+#elif GTEST_OS_WINDOWS
+      // On Windows, performing an interlocked access puts up a memory barrier.
+      volatile LONG dummy = 0;
+      ::InterlockedIncrement(&dummy);
+      SleepMilliseconds(random_.Generate(30));
+      ::InterlockedIncrement(&dummy);
+#else
+# error "Memory barrier not implemented on this platform."
+#endif  // GTEST_HAS_PTHREAD
+    }
+    value_ = temp + 1;
+  }
+  int value() const { return value_; }
+
+ private:
+  volatile int value_;
+  Mutex* const mutex_;  // Protects value_.
+  Random       random_;
+};
+
+void CountingThreadFunc(pair<AtomicCounterWithMutex*, int> param) {
+  for (int i = 0; i < param.second; ++i)
+      param.first->Increment();
+}
+
+// Tests that the mutex only lets one thread at a time to lock it.
+TEST(MutexTest, OnlyOneThreadCanLockAtATime) {
+  Mutex mutex;
+  AtomicCounterWithMutex locked_counter(&mutex);
+
+  typedef ThreadWithParam<pair<AtomicCounterWithMutex*, int> > ThreadType;
+  const int kCycleCount = 20;
+  const int kThreadCount = 7;
+  scoped_ptr<ThreadType> counting_threads[kThreadCount];
+  Notification threads_can_start;
+  // Creates and runs kThreadCount threads that increment locked_counter
+  // kCycleCount times each.
+  for (int i = 0; i < kThreadCount; ++i) {
+    counting_threads[i].reset(new ThreadType(&CountingThreadFunc,
+                                             make_pair(&locked_counter,
+                                                       kCycleCount),
+                                             &threads_can_start));
+  }
+  threads_can_start.Notify();
+  for (int i = 0; i < kThreadCount; ++i)
+    counting_threads[i]->Join();
+
+  // If the mutex lets more than one thread to increment the counter at a
+  // time, they are likely to encounter a race condition and have some
+  // increments overwritten, resulting in the lower then expected counter
+  // value.
+  EXPECT_EQ(kCycleCount * kThreadCount, locked_counter.value());
+}
+
+template <typename T>
+void RunFromThread(void (func)(T), T param) {
+  ThreadWithParam<T> thread(func, param, NULL);
+  thread.Join();
+}
+
+void RetrieveThreadLocalValue(
+    pair<ThreadLocal<std::string>*, std::string*> param) {
+  *param.second = param.first->get();
+}
+
+TEST(ThreadLocalTest, ParameterizedConstructorSetsDefault) {
+  ThreadLocal<std::string> thread_local_string("foo");
+  EXPECT_STREQ("foo", thread_local_string.get().c_str());
+
+  thread_local_string.set("bar");
+  EXPECT_STREQ("bar", thread_local_string.get().c_str());
+
+  std::string result;
+  RunFromThread(&RetrieveThreadLocalValue,
+                make_pair(&thread_local_string, &result));
+  EXPECT_STREQ("foo", result.c_str());
+}
+
+// Keeps track of whether of destructors being called on instances of
+// DestructorTracker.  On Windows, waits for the destructor call reports.
+class DestructorCall {
+ public:
+  DestructorCall() {
+    invoked_ = false;
+#if GTEST_OS_WINDOWS
+    wait_event_.Reset(::CreateEvent(NULL, TRUE, FALSE, NULL));
+    GTEST_CHECK_(wait_event_.Get() != NULL);
+#endif
+  }
+
+  bool CheckDestroyed() const {
+#if GTEST_OS_WINDOWS
+    if (::WaitForSingleObject(wait_event_.Get(), 1000) != WAIT_OBJECT_0)
+      return false;
+#endif
+    return invoked_;
+  }
+
+  void ReportDestroyed() {
+    invoked_ = true;
+#if GTEST_OS_WINDOWS
+    ::SetEvent(wait_event_.Get());
+#endif
+  }
+
+  static std::vector<DestructorCall*>& List() { return *list_; }
+
+  static void ResetList() {
+    for (size_t i = 0; i < list_->size(); ++i) {
+      delete list_->at(i);
+    }
+    list_->clear();
+  }
+
+ private:
+  bool invoked_;
+#if GTEST_OS_WINDOWS
+  AutoHandle wait_event_;
+#endif
+  static std::vector<DestructorCall*>* const list_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DestructorCall);
+};
+
+std::vector<DestructorCall*>* const DestructorCall::list_ =
+    new std::vector<DestructorCall*>;
+
+// DestructorTracker keeps track of whether its instances have been
+// destroyed.
+class DestructorTracker {
+ public:
+  DestructorTracker() : index_(GetNewIndex()) {}
+  DestructorTracker(const DestructorTracker& /* rhs */)
+      : index_(GetNewIndex()) {}
+  ~DestructorTracker() {
+    // We never access DestructorCall::List() concurrently, so we don't need
+    // to protect this acccess with a mutex.
+    DestructorCall::List()[index_]->ReportDestroyed();
+  }
+
+ private:
+  static int GetNewIndex() {
+    DestructorCall::List().push_back(new DestructorCall);
+    return DestructorCall::List().size() - 1;
+  }
+  const int index_;
+
+  GTEST_DISALLOW_ASSIGN_(DestructorTracker);
+};
+
+typedef ThreadLocal<DestructorTracker>* ThreadParam;
+
+void CallThreadLocalGet(ThreadParam thread_local_param) {
+  thread_local_param->get();
+}
+
+// Tests that when a ThreadLocal object dies in a thread, it destroys
+// the managed object for that thread.
+TEST(ThreadLocalTest, DestroysManagedObjectForOwnThreadWhenDying) {
+  DestructorCall::ResetList();
+
+  {
+    // The next line default constructs a DestructorTracker object as
+    // the default value of objects managed by thread_local_tracker.
+    ThreadLocal<DestructorTracker> thread_local_tracker;
+    ASSERT_EQ(1U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+
+    // This creates another DestructorTracker object for the main thread.
+    thread_local_tracker.get();
+    ASSERT_EQ(2U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+    ASSERT_FALSE(DestructorCall::List()[1]->CheckDestroyed());
+  }
+
+  // Now thread_local_tracker has died.  It should have destroyed both the
+  // default value shared by all threads and the value for the main
+  // thread.
+  ASSERT_EQ(2U, DestructorCall::List().size());
+  EXPECT_TRUE(DestructorCall::List()[0]->CheckDestroyed());
+  EXPECT_TRUE(DestructorCall::List()[1]->CheckDestroyed());
+
+  DestructorCall::ResetList();
+}
+
+// Tests that when a thread exits, the thread-local object for that
+// thread is destroyed.
+TEST(ThreadLocalTest, DestroysManagedObjectAtThreadExit) {
+  DestructorCall::ResetList();
+
+  {
+    // The next line default constructs a DestructorTracker object as
+    // the default value of objects managed by thread_local_tracker.
+    ThreadLocal<DestructorTracker> thread_local_tracker;
+    ASSERT_EQ(1U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+
+    // This creates another DestructorTracker object in the new thread.
+    ThreadWithParam<ThreadParam> thread(
+        &CallThreadLocalGet, &thread_local_tracker, NULL);
+    thread.Join();
+
+    // The thread has exited, and we should have another DestroyedTracker
+    // instance created for it. But it may not have been destroyed yet.
+    // The instance for the main thread should still persist.
+    ASSERT_EQ(2U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+  }
+
+  // The thread has exited and thread_local_tracker has died.  The default
+  // value should have been destroyed too.
+  ASSERT_EQ(2U, DestructorCall::List().size());
+  EXPECT_TRUE(DestructorCall::List()[0]->CheckDestroyed());
+  EXPECT_TRUE(DestructorCall::List()[1]->CheckDestroyed());
+
+  DestructorCall::ResetList();
+}
+
+TEST(ThreadLocalTest, ThreadLocalMutationsAffectOnlyCurrentThread) {
+  ThreadLocal<std::string> thread_local_string;
+  thread_local_string.set("Foo");
+  EXPECT_STREQ("Foo", thread_local_string.get().c_str());
+
+  std::string result;
+  RunFromThread(&RetrieveThreadLocalValue,
+                make_pair(&thread_local_string, &result));
+  EXPECT_TRUE(result.empty());
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+#if GTEST_OS_WINDOWS
+TEST(WindowsTypesTest, HANDLEIsVoidStar) {
+  StaticAssertTypeEq<HANDLE, void*>();
+}
+
+TEST(WindowsTypesTest, CRITICAL_SECTIONIs_RTL_CRITICAL_SECTION) {
+  StaticAssertTypeEq<CRITICAL_SECTION, _RTL_CRITICAL_SECTION>();
+}
+#endif  // GTEST_OS_WINDOWS
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/external_tests/google_test/gtest/test/gtest-printers_test.cc b/nss/external_tests/google_test/gtest/test/gtest-printers_test.cc
new file mode 100644
index 0000000..7b07fd1
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-printers_test.cc
@@ -0,0 +1,1651 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Google Test - The Google C++ Testing Framework
+//
+// This file tests the universal value printer.
+
+#include "gtest/gtest-printers.h"
+
+#include <ctype.h>
+#include <limits.h>
+#include <string.h>
+#include <algorithm>
+#include <deque>
+#include <list>
+#include <map>
+#include <set>
+#include <sstream>
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "gtest/gtest.h"
+
+// hash_map and hash_set are available under Visual C++.
+#if _MSC_VER
+# define GTEST_HAS_HASH_MAP_ 1  // Indicates that hash_map is available.
+# include <hash_map>            // NOLINT
+# define GTEST_HAS_HASH_SET_ 1  // Indicates that hash_set is available.
+# include <hash_set>            // NOLINT
+#endif  // GTEST_OS_WINDOWS
+
+// Some user-defined types for testing the universal value printer.
+
+// An anonymous enum type.
+enum AnonymousEnum {
+  kAE1 = -1,
+  kAE2 = 1
+};
+
+// An enum without a user-defined printer.
+enum EnumWithoutPrinter {
+  kEWP1 = -2,
+  kEWP2 = 42
+};
+
+// An enum with a << operator.
+enum EnumWithStreaming {
+  kEWS1 = 10
+};
+
+std::ostream& operator<<(std::ostream& os, EnumWithStreaming e) {
+  return os << (e == kEWS1 ? "kEWS1" : "invalid");
+}
+
+// An enum with a PrintTo() function.
+enum EnumWithPrintTo {
+  kEWPT1 = 1
+};
+
+void PrintTo(EnumWithPrintTo e, std::ostream* os) {
+  *os << (e == kEWPT1 ? "kEWPT1" : "invalid");
+}
+
+// A class implicitly convertible to BiggestInt.
+class BiggestIntConvertible {
+ public:
+  operator ::testing::internal::BiggestInt() const { return 42; }
+};
+
+// A user-defined unprintable class template in the global namespace.
+template <typename T>
+class UnprintableTemplateInGlobal {
+ public:
+  UnprintableTemplateInGlobal() : value_() {}
+ private:
+  T value_;
+};
+
+// A user-defined streamable type in the global namespace.
+class StreamableInGlobal {
+ public:
+  virtual ~StreamableInGlobal() {}
+};
+
+inline void operator<<(::std::ostream& os, const StreamableInGlobal& /* x */) {
+  os << "StreamableInGlobal";
+}
+
+void operator<<(::std::ostream& os, const StreamableInGlobal* /* x */) {
+  os << "StreamableInGlobal*";
+}
+
+namespace foo {
+
+// A user-defined unprintable type in a user namespace.
+class UnprintableInFoo {
+ public:
+  UnprintableInFoo() : z_(0) { memcpy(xy_, "\xEF\x12\x0\x0\x34\xAB\x0\x0", 8); }
+  double z() const { return z_; }
+ private:
+  char xy_[8];
+  double z_;
+};
+
+// A user-defined printable type in a user-chosen namespace.
+struct PrintableViaPrintTo {
+  PrintableViaPrintTo() : value() {}
+  int value;
+};
+
+void PrintTo(const PrintableViaPrintTo& x, ::std::ostream* os) {
+  *os << "PrintableViaPrintTo: " << x.value;
+}
+
+// A type with a user-defined << for printing its pointer.
+struct PointerPrintable {
+};
+
+::std::ostream& operator<<(::std::ostream& os,
+                           const PointerPrintable* /* x */) {
+  return os << "PointerPrintable*";
+}
+
+// A user-defined printable class template in a user-chosen namespace.
+template <typename T>
+class PrintableViaPrintToTemplate {
+ public:
+  explicit PrintableViaPrintToTemplate(const T& a_value) : value_(a_value) {}
+
+  const T& value() const { return value_; }
+ private:
+  T value_;
+};
+
+template <typename T>
+void PrintTo(const PrintableViaPrintToTemplate<T>& x, ::std::ostream* os) {
+  *os << "PrintableViaPrintToTemplate: " << x.value();
+}
+
+// A user-defined streamable class template in a user namespace.
+template <typename T>
+class StreamableTemplateInFoo {
+ public:
+  StreamableTemplateInFoo() : value_() {}
+
+  const T& value() const { return value_; }
+ private:
+  T value_;
+};
+
+template <typename T>
+inline ::std::ostream& operator<<(::std::ostream& os,
+                                  const StreamableTemplateInFoo<T>& x) {
+  return os << "StreamableTemplateInFoo: " << x.value();
+}
+
+}  // namespace foo
+
+namespace testing {
+namespace gtest_printers_test {
+
+using ::std::deque;
+using ::std::list;
+using ::std::make_pair;
+using ::std::map;
+using ::std::multimap;
+using ::std::multiset;
+using ::std::pair;
+using ::std::set;
+using ::std::vector;
+using ::testing::PrintToString;
+using ::testing::internal::FormatForComparisonFailureMessage;
+using ::testing::internal::ImplicitCast_;
+using ::testing::internal::NativeArray;
+using ::testing::internal::RE;
+using ::testing::internal::RelationToSourceReference;
+using ::testing::internal::Strings;
+using ::testing::internal::UniversalPrint;
+using ::testing::internal::UniversalPrinter;
+using ::testing::internal::UniversalTersePrint;
+using ::testing::internal::UniversalTersePrintTupleFieldsToStrings;
+using ::testing::internal::string;
+
+// The hash_* classes are not part of the C++ standard.  STLport
+// defines them in namespace std.  MSVC defines them in ::stdext.  GCC
+// defines them in ::.
+#ifdef _STLP_HASH_MAP  // We got <hash_map> from STLport.
+using ::std::hash_map;
+using ::std::hash_set;
+using ::std::hash_multimap;
+using ::std::hash_multiset;
+#elif _MSC_VER
+using ::stdext::hash_map;
+using ::stdext::hash_set;
+using ::stdext::hash_multimap;
+using ::stdext::hash_multiset;
+#endif
+
+// Prints a value to a string using the universal value printer.  This
+// is a helper for testing UniversalPrinter<T>::Print() for various types.
+template <typename T>
+string Print(const T& value) {
+  ::std::stringstream ss;
+  UniversalPrinter<T>::Print(value, &ss);
+  return ss.str();
+}
+
+// Prints a value passed by reference to a string, using the universal
+// value printer.  This is a helper for testing
+// UniversalPrinter<T&>::Print() for various types.
+template <typename T>
+string PrintByRef(const T& value) {
+  ::std::stringstream ss;
+  UniversalPrinter<T&>::Print(value, &ss);
+  return ss.str();
+}
+
+// Tests printing various enum types.
+
+TEST(PrintEnumTest, AnonymousEnum) {
+  EXPECT_EQ("-1", Print(kAE1));
+  EXPECT_EQ("1", Print(kAE2));
+}
+
+TEST(PrintEnumTest, EnumWithoutPrinter) {
+  EXPECT_EQ("-2", Print(kEWP1));
+  EXPECT_EQ("42", Print(kEWP2));
+}
+
+TEST(PrintEnumTest, EnumWithStreaming) {
+  EXPECT_EQ("kEWS1", Print(kEWS1));
+  EXPECT_EQ("invalid", Print(static_cast<EnumWithStreaming>(0)));
+}
+
+TEST(PrintEnumTest, EnumWithPrintTo) {
+  EXPECT_EQ("kEWPT1", Print(kEWPT1));
+  EXPECT_EQ("invalid", Print(static_cast<EnumWithPrintTo>(0)));
+}
+
+// Tests printing a class implicitly convertible to BiggestInt.
+
+TEST(PrintClassTest, BiggestIntConvertible) {
+  EXPECT_EQ("42", Print(BiggestIntConvertible()));
+}
+
+// Tests printing various char types.
+
+// char.
+TEST(PrintCharTest, PlainChar) {
+  EXPECT_EQ("'\\0'", Print('\0'));
+  EXPECT_EQ("'\\'' (39, 0x27)", Print('\''));
+  EXPECT_EQ("'\"' (34, 0x22)", Print('"'));
+  EXPECT_EQ("'?' (63, 0x3F)", Print('?'));
+  EXPECT_EQ("'\\\\' (92, 0x5C)", Print('\\'));
+  EXPECT_EQ("'\\a' (7)", Print('\a'));
+  EXPECT_EQ("'\\b' (8)", Print('\b'));
+  EXPECT_EQ("'\\f' (12, 0xC)", Print('\f'));
+  EXPECT_EQ("'\\n' (10, 0xA)", Print('\n'));
+  EXPECT_EQ("'\\r' (13, 0xD)", Print('\r'));
+  EXPECT_EQ("'\\t' (9)", Print('\t'));
+  EXPECT_EQ("'\\v' (11, 0xB)", Print('\v'));
+  EXPECT_EQ("'\\x7F' (127)", Print('\x7F'));
+  EXPECT_EQ("'\\xFF' (255)", Print('\xFF'));
+  EXPECT_EQ("' ' (32, 0x20)", Print(' '));
+  EXPECT_EQ("'a' (97, 0x61)", Print('a'));
+}
+
+// signed char.
+TEST(PrintCharTest, SignedChar) {
+  EXPECT_EQ("'\\0'", Print(static_cast<signed char>('\0')));
+  EXPECT_EQ("'\\xCE' (-50)",
+            Print(static_cast<signed char>(-50)));
+}
+
+// unsigned char.
+TEST(PrintCharTest, UnsignedChar) {
+  EXPECT_EQ("'\\0'", Print(static_cast<unsigned char>('\0')));
+  EXPECT_EQ("'b' (98, 0x62)",
+            Print(static_cast<unsigned char>('b')));
+}
+
+// Tests printing other simple, built-in types.
+
+// bool.
+TEST(PrintBuiltInTypeTest, Bool) {
+  EXPECT_EQ("false", Print(false));
+  EXPECT_EQ("true", Print(true));
+}
+
+// wchar_t.
+TEST(PrintBuiltInTypeTest, Wchar_t) {
+  EXPECT_EQ("L'\\0'", Print(L'\0'));
+  EXPECT_EQ("L'\\'' (39, 0x27)", Print(L'\''));
+  EXPECT_EQ("L'\"' (34, 0x22)", Print(L'"'));
+  EXPECT_EQ("L'?' (63, 0x3F)", Print(L'?'));
+  EXPECT_EQ("L'\\\\' (92, 0x5C)", Print(L'\\'));
+  EXPECT_EQ("L'\\a' (7)", Print(L'\a'));
+  EXPECT_EQ("L'\\b' (8)", Print(L'\b'));
+  EXPECT_EQ("L'\\f' (12, 0xC)", Print(L'\f'));
+  EXPECT_EQ("L'\\n' (10, 0xA)", Print(L'\n'));
+  EXPECT_EQ("L'\\r' (13, 0xD)", Print(L'\r'));
+  EXPECT_EQ("L'\\t' (9)", Print(L'\t'));
+  EXPECT_EQ("L'\\v' (11, 0xB)", Print(L'\v'));
+  EXPECT_EQ("L'\\x7F' (127)", Print(L'\x7F'));
+  EXPECT_EQ("L'\\xFF' (255)", Print(L'\xFF'));
+  EXPECT_EQ("L' ' (32, 0x20)", Print(L' '));
+  EXPECT_EQ("L'a' (97, 0x61)", Print(L'a'));
+  EXPECT_EQ("L'\\x576' (1398)", Print(static_cast<wchar_t>(0x576)));
+  EXPECT_EQ("L'\\xC74D' (51021)", Print(static_cast<wchar_t>(0xC74D)));
+}
+
+// Test that Int64 provides more storage than wchar_t.
+TEST(PrintTypeSizeTest, Wchar_t) {
+  EXPECT_LT(sizeof(wchar_t), sizeof(testing::internal::Int64));
+}
+
+// Various integer types.
+TEST(PrintBuiltInTypeTest, Integer) {
+  EXPECT_EQ("'\\xFF' (255)", Print(static_cast<unsigned char>(255)));  // uint8
+  EXPECT_EQ("'\\x80' (-128)", Print(static_cast<signed char>(-128)));  // int8
+  EXPECT_EQ("65535", Print(USHRT_MAX));  // uint16
+  EXPECT_EQ("-32768", Print(SHRT_MIN));  // int16
+  EXPECT_EQ("4294967295", Print(UINT_MAX));  // uint32
+  EXPECT_EQ("-2147483648", Print(INT_MIN));  // int32
+  EXPECT_EQ("18446744073709551615",
+            Print(static_cast<testing::internal::UInt64>(-1)));  // uint64
+  EXPECT_EQ("-9223372036854775808",
+            Print(static_cast<testing::internal::Int64>(1) << 63));  // int64
+}
+
+// Size types.
+TEST(PrintBuiltInTypeTest, Size_t) {
+  EXPECT_EQ("1", Print(sizeof('a')));  // size_t.
+#if !GTEST_OS_WINDOWS
+  // Windows has no ssize_t type.
+  EXPECT_EQ("-2", Print(static_cast<ssize_t>(-2)));  // ssize_t.
+#endif  // !GTEST_OS_WINDOWS
+}
+
+// Floating-points.
+TEST(PrintBuiltInTypeTest, FloatingPoints) {
+  EXPECT_EQ("1.5", Print(1.5f));   // float
+  EXPECT_EQ("-2.5", Print(-2.5));  // double
+}
+
+// Since ::std::stringstream::operator<<(const void *) formats the pointer
+// output differently with different compilers, we have to create the expected
+// output first and use it as our expectation.
+static string PrintPointer(const void *p) {
+  ::std::stringstream expected_result_stream;
+  expected_result_stream << p;
+  return expected_result_stream.str();
+}
+
+// Tests printing C strings.
+
+// const char*.
+TEST(PrintCStringTest, Const) {
+  const char* p = "World";
+  EXPECT_EQ(PrintPointer(p) + " pointing to \"World\"", Print(p));
+}
+
+// char*.
+TEST(PrintCStringTest, NonConst) {
+  char p[] = "Hi";
+  EXPECT_EQ(PrintPointer(p) + " pointing to \"Hi\"",
+            Print(static_cast<char*>(p)));
+}
+
+// NULL C string.
+TEST(PrintCStringTest, Null) {
+  const char* p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests that C strings are escaped properly.
+TEST(PrintCStringTest, EscapesProperly) {
+  const char* p = "'\"?\\\a\b\f\n\r\t\v\x7F\xFF a";
+  EXPECT_EQ(PrintPointer(p) + " pointing to \"'\\\"?\\\\\\a\\b\\f"
+            "\\n\\r\\t\\v\\x7F\\xFF a\"",
+            Print(p));
+}
+
+// MSVC compiler can be configured to define whar_t as a typedef
+// of unsigned short. Defining an overload for const wchar_t* in that case
+// would cause pointers to unsigned shorts be printed as wide strings,
+// possibly accessing more memory than intended and causing invalid
+// memory accesses. MSVC defines _NATIVE_WCHAR_T_DEFINED symbol when
+// wchar_t is implemented as a native type.
+#if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+
+// const wchar_t*.
+TEST(PrintWideCStringTest, Const) {
+  const wchar_t* p = L"World";
+  EXPECT_EQ(PrintPointer(p) + " pointing to L\"World\"", Print(p));
+}
+
+// wchar_t*.
+TEST(PrintWideCStringTest, NonConst) {
+  wchar_t p[] = L"Hi";
+  EXPECT_EQ(PrintPointer(p) + " pointing to L\"Hi\"",
+            Print(static_cast<wchar_t*>(p)));
+}
+
+// NULL wide C string.
+TEST(PrintWideCStringTest, Null) {
+  const wchar_t* p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests that wide C strings are escaped properly.
+TEST(PrintWideCStringTest, EscapesProperly) {
+  const wchar_t s[] = {'\'', '"', '?', '\\', '\a', '\b', '\f', '\n', '\r',
+                       '\t', '\v', 0xD3, 0x576, 0x8D3, 0xC74D, ' ', 'a', '\0'};
+  EXPECT_EQ(PrintPointer(s) + " pointing to L\"'\\\"?\\\\\\a\\b\\f"
+            "\\n\\r\\t\\v\\xD3\\x576\\x8D3\\xC74D a\"",
+            Print(static_cast<const wchar_t*>(s)));
+}
+#endif  // native wchar_t
+
+// Tests printing pointers to other char types.
+
+// signed char*.
+TEST(PrintCharPointerTest, SignedChar) {
+  signed char* p = reinterpret_cast<signed char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// const signed char*.
+TEST(PrintCharPointerTest, ConstSignedChar) {
+  signed char* p = reinterpret_cast<signed char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// unsigned char*.
+TEST(PrintCharPointerTest, UnsignedChar) {
+  unsigned char* p = reinterpret_cast<unsigned char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// const unsigned char*.
+TEST(PrintCharPointerTest, ConstUnsignedChar) {
+  const unsigned char* p = reinterpret_cast<const unsigned char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests printing pointers to simple, built-in types.
+
+// bool*.
+TEST(PrintPointerToBuiltInTypeTest, Bool) {
+  bool* p = reinterpret_cast<bool*>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// void*.
+TEST(PrintPointerToBuiltInTypeTest, Void) {
+  void* p = reinterpret_cast<void*>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// const void*.
+TEST(PrintPointerToBuiltInTypeTest, ConstVoid) {
+  const void* p = reinterpret_cast<const void*>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests printing pointers to pointers.
+TEST(PrintPointerToPointerTest, IntPointerPointer) {
+  int** p = reinterpret_cast<int**>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests printing (non-member) function pointers.
+
+void MyFunction(int /* n */) {}
+
+TEST(PrintPointerTest, NonMemberFunctionPointer) {
+  // We cannot directly cast &MyFunction to const void* because the
+  // standard disallows casting between pointers to functions and
+  // pointers to objects, and some compilers (e.g. GCC 3.4) enforce
+  // this limitation.
+  EXPECT_EQ(
+      PrintPointer(reinterpret_cast<const void*>(
+          reinterpret_cast<internal::BiggestInt>(&MyFunction))),
+      Print(&MyFunction));
+  int (*p)(bool) = NULL;  // NOLINT
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// An assertion predicate determining whether a one string is a prefix for
+// another.
+template <typename StringType>
+AssertionResult HasPrefix(const StringType& str, const StringType& prefix) {
+  if (str.find(prefix, 0) == 0)
+    return AssertionSuccess();
+
+  const bool is_wide_string = sizeof(prefix[0]) > 1;
+  const char* const begin_string_quote = is_wide_string ? "L\"" : "\"";
+  return AssertionFailure()
+      << begin_string_quote << prefix << "\" is not a prefix of "
+      << begin_string_quote << str << "\"\n";
+}
+
+// Tests printing member variable pointers.  Although they are called
+// pointers, they don't point to a location in the address space.
+// Their representation is implementation-defined.  Thus they will be
+// printed as raw bytes.
+
+struct Foo {
+ public:
+  virtual ~Foo() {}
+  int MyMethod(char x) { return x + 1; }
+  virtual char MyVirtualMethod(int /* n */) { return 'a'; }
+
+  int value;
+};
+
+TEST(PrintPointerTest, MemberVariablePointer) {
+  EXPECT_TRUE(HasPrefix(Print(&Foo::value),
+                        Print(sizeof(&Foo::value)) + "-byte object "));
+  int (Foo::*p) = NULL;  // NOLINT
+  EXPECT_TRUE(HasPrefix(Print(p),
+                        Print(sizeof(p)) + "-byte object "));
+}
+
+// Tests printing member function pointers.  Although they are called
+// pointers, they don't point to a location in the address space.
+// Their representation is implementation-defined.  Thus they will be
+// printed as raw bytes.
+TEST(PrintPointerTest, MemberFunctionPointer) {
+  EXPECT_TRUE(HasPrefix(Print(&Foo::MyMethod),
+                        Print(sizeof(&Foo::MyMethod)) + "-byte object "));
+  EXPECT_TRUE(
+      HasPrefix(Print(&Foo::MyVirtualMethod),
+                Print(sizeof((&Foo::MyVirtualMethod))) + "-byte object "));
+  int (Foo::*p)(char) = NULL;  // NOLINT
+  EXPECT_TRUE(HasPrefix(Print(p),
+                        Print(sizeof(p)) + "-byte object "));
+}
+
+// Tests printing C arrays.
+
+// The difference between this and Print() is that it ensures that the
+// argument is a reference to an array.
+template <typename T, size_t N>
+string PrintArrayHelper(T (&a)[N]) {
+  return Print(a);
+}
+
+// One-dimensional array.
+TEST(PrintArrayTest, OneDimensionalArray) {
+  int a[5] = { 1, 2, 3, 4, 5 };
+  EXPECT_EQ("{ 1, 2, 3, 4, 5 }", PrintArrayHelper(a));
+}
+
+// Two-dimensional array.
+TEST(PrintArrayTest, TwoDimensionalArray) {
+  int a[2][5] = {
+    { 1, 2, 3, 4, 5 },
+    { 6, 7, 8, 9, 0 }
+  };
+  EXPECT_EQ("{ { 1, 2, 3, 4, 5 }, { 6, 7, 8, 9, 0 } }", PrintArrayHelper(a));
+}
+
+// Array of const elements.
+TEST(PrintArrayTest, ConstArray) {
+  const bool a[1] = { false };
+  EXPECT_EQ("{ false }", PrintArrayHelper(a));
+}
+
+// char array without terminating NUL.
+TEST(PrintArrayTest, CharArrayWithNoTerminatingNul) {
+  // Array a contains '\0' in the middle and doesn't end with '\0'.
+  char a[] = { 'H', '\0', 'i' };
+  EXPECT_EQ("\"H\\0i\" (no terminating NUL)", PrintArrayHelper(a));
+}
+
+// const char array with terminating NUL.
+TEST(PrintArrayTest, ConstCharArrayWithTerminatingNul) {
+  const char a[] = "\0Hi";
+  EXPECT_EQ("\"\\0Hi\"", PrintArrayHelper(a));
+}
+
+// const wchar_t array without terminating NUL.
+TEST(PrintArrayTest, WCharArrayWithNoTerminatingNul) {
+  // Array a contains '\0' in the middle and doesn't end with '\0'.
+  const wchar_t a[] = { L'H', L'\0', L'i' };
+  EXPECT_EQ("L\"H\\0i\" (no terminating NUL)", PrintArrayHelper(a));
+}
+
+// wchar_t array with terminating NUL.
+TEST(PrintArrayTest, WConstCharArrayWithTerminatingNul) {
+  const wchar_t a[] = L"\0Hi";
+  EXPECT_EQ("L\"\\0Hi\"", PrintArrayHelper(a));
+}
+
+// Array of objects.
+TEST(PrintArrayTest, ObjectArray) {
+  string a[3] = { "Hi", "Hello", "Ni hao" };
+  EXPECT_EQ("{ \"Hi\", \"Hello\", \"Ni hao\" }", PrintArrayHelper(a));
+}
+
+// Array with many elements.
+TEST(PrintArrayTest, BigArray) {
+  int a[100] = { 1, 2, 3 };
+  EXPECT_EQ("{ 1, 2, 3, 0, 0, 0, 0, 0, ..., 0, 0, 0, 0, 0, 0, 0, 0 }",
+            PrintArrayHelper(a));
+}
+
+// Tests printing ::string and ::std::string.
+
+#if GTEST_HAS_GLOBAL_STRING
+// ::string.
+TEST(PrintStringTest, StringInGlobalNamespace) {
+  const char s[] = "'\"?\\\a\b\f\n\0\r\t\v\x7F\xFF a";
+  const ::string str(s, sizeof(s));
+  EXPECT_EQ("\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v\\x7F\\xFF a\\0\"",
+            Print(str));
+}
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+// ::std::string.
+TEST(PrintStringTest, StringInStdNamespace) {
+  const char s[] = "'\"?\\\a\b\f\n\0\r\t\v\x7F\xFF a";
+  const ::std::string str(s, sizeof(s));
+  EXPECT_EQ("\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v\\x7F\\xFF a\\0\"",
+            Print(str));
+}
+
+TEST(PrintStringTest, StringAmbiguousHex) {
+  // "\x6BANANA" is ambiguous, it can be interpreted as starting with either of:
+  // '\x6', '\x6B', or '\x6BA'.
+
+  // a hex escaping sequence following by a decimal digit
+  EXPECT_EQ("\"0\\x12\" \"3\"", Print(::std::string("0\x12" "3")));
+  // a hex escaping sequence following by a hex digit (lower-case)
+  EXPECT_EQ("\"mm\\x6\" \"bananas\"", Print(::std::string("mm\x6" "bananas")));
+  // a hex escaping sequence following by a hex digit (upper-case)
+  EXPECT_EQ("\"NOM\\x6\" \"BANANA\"", Print(::std::string("NOM\x6" "BANANA")));
+  // a hex escaping sequence following by a non-xdigit
+  EXPECT_EQ("\"!\\x5-!\"", Print(::std::string("!\x5-!")));
+}
+
+// Tests printing ::wstring and ::std::wstring.
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// ::wstring.
+TEST(PrintWideStringTest, StringInGlobalNamespace) {
+  const wchar_t s[] = L"'\"?\\\a\b\f\n\0\r\t\v\xD3\x576\x8D3\xC74D a";
+  const ::wstring str(s, sizeof(s)/sizeof(wchar_t));
+  EXPECT_EQ("L\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v"
+            "\\xD3\\x576\\x8D3\\xC74D a\\0\"",
+            Print(str));
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+#if GTEST_HAS_STD_WSTRING
+// ::std::wstring.
+TEST(PrintWideStringTest, StringInStdNamespace) {
+  const wchar_t s[] = L"'\"?\\\a\b\f\n\0\r\t\v\xD3\x576\x8D3\xC74D a";
+  const ::std::wstring str(s, sizeof(s)/sizeof(wchar_t));
+  EXPECT_EQ("L\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v"
+            "\\xD3\\x576\\x8D3\\xC74D a\\0\"",
+            Print(str));
+}
+
+TEST(PrintWideStringTest, StringAmbiguousHex) {
+  // same for wide strings.
+  EXPECT_EQ("L\"0\\x12\" L\"3\"", Print(::std::wstring(L"0\x12" L"3")));
+  EXPECT_EQ("L\"mm\\x6\" L\"bananas\"",
+            Print(::std::wstring(L"mm\x6" L"bananas")));
+  EXPECT_EQ("L\"NOM\\x6\" L\"BANANA\"",
+            Print(::std::wstring(L"NOM\x6" L"BANANA")));
+  EXPECT_EQ("L\"!\\x5-!\"", Print(::std::wstring(L"!\x5-!")));
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+// Tests printing types that support generic streaming (i.e. streaming
+// to std::basic_ostream<Char, CharTraits> for any valid Char and
+// CharTraits types).
+
+// Tests printing a non-template type that supports generic streaming.
+
+class AllowsGenericStreaming {};
+
+template <typename Char, typename CharTraits>
+std::basic_ostream<Char, CharTraits>& operator<<(
+    std::basic_ostream<Char, CharTraits>& os,
+    const AllowsGenericStreaming& /* a */) {
+  return os << "AllowsGenericStreaming";
+}
+
+TEST(PrintTypeWithGenericStreamingTest, NonTemplateType) {
+  AllowsGenericStreaming a;
+  EXPECT_EQ("AllowsGenericStreaming", Print(a));
+}
+
+// Tests printing a template type that supports generic streaming.
+
+template <typename T>
+class AllowsGenericStreamingTemplate {};
+
+template <typename Char, typename CharTraits, typename T>
+std::basic_ostream<Char, CharTraits>& operator<<(
+    std::basic_ostream<Char, CharTraits>& os,
+    const AllowsGenericStreamingTemplate<T>& /* a */) {
+  return os << "AllowsGenericStreamingTemplate";
+}
+
+TEST(PrintTypeWithGenericStreamingTest, TemplateType) {
+  AllowsGenericStreamingTemplate<int> a;
+  EXPECT_EQ("AllowsGenericStreamingTemplate", Print(a));
+}
+
+// Tests printing a type that supports generic streaming and can be
+// implicitly converted to another printable type.
+
+template <typename T>
+class AllowsGenericStreamingAndImplicitConversionTemplate {
+ public:
+  operator bool() const { return false; }
+};
+
+template <typename Char, typename CharTraits, typename T>
+std::basic_ostream<Char, CharTraits>& operator<<(
+    std::basic_ostream<Char, CharTraits>& os,
+    const AllowsGenericStreamingAndImplicitConversionTemplate<T>& /* a */) {
+  return os << "AllowsGenericStreamingAndImplicitConversionTemplate";
+}
+
+TEST(PrintTypeWithGenericStreamingTest, TypeImplicitlyConvertible) {
+  AllowsGenericStreamingAndImplicitConversionTemplate<int> a;
+  EXPECT_EQ("AllowsGenericStreamingAndImplicitConversionTemplate", Print(a));
+}
+
+#if GTEST_HAS_STRING_PIECE_
+
+// Tests printing StringPiece.
+
+TEST(PrintStringPieceTest, SimpleStringPiece) {
+  const StringPiece sp = "Hello";
+  EXPECT_EQ("\"Hello\"", Print(sp));
+}
+
+TEST(PrintStringPieceTest, UnprintableCharacters) {
+  const char str[] = "NUL (\0) and \r\t";
+  const StringPiece sp(str, sizeof(str) - 1);
+  EXPECT_EQ("\"NUL (\\0) and \\r\\t\"", Print(sp));
+}
+
+#endif  // GTEST_HAS_STRING_PIECE_
+
+// Tests printing STL containers.
+
+TEST(PrintStlContainerTest, EmptyDeque) {
+  deque<char> empty;
+  EXPECT_EQ("{}", Print(empty));
+}
+
+TEST(PrintStlContainerTest, NonEmptyDeque) {
+  deque<int> non_empty;
+  non_empty.push_back(1);
+  non_empty.push_back(3);
+  EXPECT_EQ("{ 1, 3 }", Print(non_empty));
+}
+
+#if GTEST_HAS_HASH_MAP_
+
+TEST(PrintStlContainerTest, OneElementHashMap) {
+  hash_map<int, char> map1;
+  map1[1] = 'a';
+  EXPECT_EQ("{ (1, 'a' (97, 0x61)) }", Print(map1));
+}
+
+TEST(PrintStlContainerTest, HashMultiMap) {
+  hash_multimap<int, bool> map1;
+  map1.insert(make_pair(5, true));
+  map1.insert(make_pair(5, false));
+
+  // Elements of hash_multimap can be printed in any order.
+  const string result = Print(map1);
+  EXPECT_TRUE(result == "{ (5, true), (5, false) }" ||
+              result == "{ (5, false), (5, true) }")
+                  << " where Print(map1) returns \"" << result << "\".";
+}
+
+#endif  // GTEST_HAS_HASH_MAP_
+
+#if GTEST_HAS_HASH_SET_
+
+TEST(PrintStlContainerTest, HashSet) {
+  hash_set<string> set1;
+  set1.insert("hello");
+  EXPECT_EQ("{ \"hello\" }", Print(set1));
+}
+
+TEST(PrintStlContainerTest, HashMultiSet) {
+  const int kSize = 5;
+  int a[kSize] = { 1, 1, 2, 5, 1 };
+  hash_multiset<int> set1(a, a + kSize);
+
+  // Elements of hash_multiset can be printed in any order.
+  const string result = Print(set1);
+  const string expected_pattern = "{ d, d, d, d, d }";  // d means a digit.
+
+  // Verifies the result matches the expected pattern; also extracts
+  // the numbers in the result.
+  ASSERT_EQ(expected_pattern.length(), result.length());
+  std::vector<int> numbers;
+  for (size_t i = 0; i != result.length(); i++) {
+    if (expected_pattern[i] == 'd') {
+      ASSERT_NE(isdigit(static_cast<unsigned char>(result[i])), 0);
+      numbers.push_back(result[i] - '0');
+    } else {
+      EXPECT_EQ(expected_pattern[i], result[i]) << " where result is "
+                                                << result;
+    }
+  }
+
+  // Makes sure the result contains the right numbers.
+  std::sort(numbers.begin(), numbers.end());
+  std::sort(a, a + kSize);
+  EXPECT_TRUE(std::equal(a, a + kSize, numbers.begin()));
+}
+
+#endif  // GTEST_HAS_HASH_SET_
+
+TEST(PrintStlContainerTest, List) {
+  const string a[] = {
+    "hello",
+    "world"
+  };
+  const list<string> strings(a, a + 2);
+  EXPECT_EQ("{ \"hello\", \"world\" }", Print(strings));
+}
+
+TEST(PrintStlContainerTest, Map) {
+  map<int, bool> map1;
+  map1[1] = true;
+  map1[5] = false;
+  map1[3] = true;
+  EXPECT_EQ("{ (1, true), (3, true), (5, false) }", Print(map1));
+}
+
+TEST(PrintStlContainerTest, MultiMap) {
+  multimap<bool, int> map1;
+  // The make_pair template function would deduce the type as
+  // pair<bool, int> here, and since the key part in a multimap has to
+  // be constant, without a templated ctor in the pair class (as in
+  // libCstd on Solaris), make_pair call would fail to compile as no
+  // implicit conversion is found.  Thus explicit typename is used
+  // here instead.
+  map1.insert(pair<const bool, int>(true, 0));
+  map1.insert(pair<const bool, int>(true, 1));
+  map1.insert(pair<const bool, int>(false, 2));
+  EXPECT_EQ("{ (false, 2), (true, 0), (true, 1) }", Print(map1));
+}
+
+TEST(PrintStlContainerTest, Set) {
+  const unsigned int a[] = { 3, 0, 5 };
+  set<unsigned int> set1(a, a + 3);
+  EXPECT_EQ("{ 0, 3, 5 }", Print(set1));
+}
+
+TEST(PrintStlContainerTest, MultiSet) {
+  const int a[] = { 1, 1, 2, 5, 1 };
+  multiset<int> set1(a, a + 5);
+  EXPECT_EQ("{ 1, 1, 1, 2, 5 }", Print(set1));
+}
+
+TEST(PrintStlContainerTest, Pair) {
+  pair<const bool, int> p(true, 5);
+  EXPECT_EQ("(true, 5)", Print(p));
+}
+
+TEST(PrintStlContainerTest, Vector) {
+  vector<int> v;
+  v.push_back(1);
+  v.push_back(2);
+  EXPECT_EQ("{ 1, 2 }", Print(v));
+}
+
+TEST(PrintStlContainerTest, LongSequence) {
+  const int a[100] = { 1, 2, 3 };
+  const vector<int> v(a, a + 100);
+  EXPECT_EQ("{ 1, 2, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "
+            "0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ... }", Print(v));
+}
+
+TEST(PrintStlContainerTest, NestedContainer) {
+  const int a1[] = { 1, 2 };
+  const int a2[] = { 3, 4, 5 };
+  const list<int> l1(a1, a1 + 2);
+  const list<int> l2(a2, a2 + 3);
+
+  vector<list<int> > v;
+  v.push_back(l1);
+  v.push_back(l2);
+  EXPECT_EQ("{ { 1, 2 }, { 3, 4, 5 } }", Print(v));
+}
+
+TEST(PrintStlContainerTest, OneDimensionalNativeArray) {
+  const int a[3] = { 1, 2, 3 };
+  NativeArray<int> b(a, 3, RelationToSourceReference());
+  EXPECT_EQ("{ 1, 2, 3 }", Print(b));
+}
+
+TEST(PrintStlContainerTest, TwoDimensionalNativeArray) {
+  const int a[2][3] = { { 1, 2, 3 }, { 4, 5, 6 } };
+  NativeArray<int[3]> b(a, 2, RelationToSourceReference());
+  EXPECT_EQ("{ { 1, 2, 3 }, { 4, 5, 6 } }", Print(b));
+}
+
+// Tests that a class named iterator isn't treated as a container.
+
+struct iterator {
+  char x;
+};
+
+TEST(PrintStlContainerTest, Iterator) {
+  iterator it = {};
+  EXPECT_EQ("1-byte object <00>", Print(it));
+}
+
+// Tests that a class named const_iterator isn't treated as a container.
+
+struct const_iterator {
+  char x;
+};
+
+TEST(PrintStlContainerTest, ConstIterator) {
+  const_iterator it = {};
+  EXPECT_EQ("1-byte object <00>", Print(it));
+}
+
+#if GTEST_HAS_TR1_TUPLE
+// Tests printing ::std::tr1::tuples.
+
+// Tuples of various arities.
+TEST(PrintTr1TupleTest, VariousSizes) {
+  ::std::tr1::tuple<> t0;
+  EXPECT_EQ("()", Print(t0));
+
+  ::std::tr1::tuple<int> t1(5);
+  EXPECT_EQ("(5)", Print(t1));
+
+  ::std::tr1::tuple<char, bool> t2('a', true);
+  EXPECT_EQ("('a' (97, 0x61), true)", Print(t2));
+
+  ::std::tr1::tuple<bool, int, int> t3(false, 2, 3);
+  EXPECT_EQ("(false, 2, 3)", Print(t3));
+
+  ::std::tr1::tuple<bool, int, int, int> t4(false, 2, 3, 4);
+  EXPECT_EQ("(false, 2, 3, 4)", Print(t4));
+
+  ::std::tr1::tuple<bool, int, int, int, bool> t5(false, 2, 3, 4, true);
+  EXPECT_EQ("(false, 2, 3, 4, true)", Print(t5));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int> t6(false, 2, 3, 4, true, 6);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6)", Print(t6));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int, int> t7(
+      false, 2, 3, 4, true, 6, 7);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7)", Print(t7));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int, int, bool> t8(
+      false, 2, 3, 4, true, 6, 7, true);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true)", Print(t8));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int, int, bool, int> t9(
+      false, 2, 3, 4, true, 6, 7, true, 9);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true, 9)", Print(t9));
+
+  const char* const str = "8";
+  // VC++ 2010's implementation of tuple of C++0x is deficient, requiring
+  // an explicit type cast of NULL to be used.
+  ::std::tr1::tuple<bool, char, short, testing::internal::Int32,  // NOLINT
+      testing::internal::Int64, float, double, const char*, void*, string>
+      t10(false, 'a', 3, 4, 5, 1.5F, -2.5, str,
+          ImplicitCast_<void*>(NULL), "10");
+  EXPECT_EQ("(false, 'a' (97, 0x61), 3, 4, 5, 1.5, -2.5, " + PrintPointer(str) +
+            " pointing to \"8\", NULL, \"10\")",
+            Print(t10));
+}
+
+// Nested tuples.
+TEST(PrintTr1TupleTest, NestedTuple) {
+  ::std::tr1::tuple< ::std::tr1::tuple<int, bool>, char> nested(
+      ::std::tr1::make_tuple(5, true), 'a');
+  EXPECT_EQ("((5, true), 'a' (97, 0x61))", Print(nested));
+}
+
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_LANG_CXX11
+// Tests printing ::std::tuples.
+
+// Tuples of various arities.
+TEST(PrintStdTupleTest, VariousSizes) {
+  ::std::tuple<> t0;
+  EXPECT_EQ("()", Print(t0));
+
+  ::std::tuple<int> t1(5);
+  EXPECT_EQ("(5)", Print(t1));
+
+  ::std::tuple<char, bool> t2('a', true);
+  EXPECT_EQ("('a' (97, 0x61), true)", Print(t2));
+
+  ::std::tuple<bool, int, int> t3(false, 2, 3);
+  EXPECT_EQ("(false, 2, 3)", Print(t3));
+
+  ::std::tuple<bool, int, int, int> t4(false, 2, 3, 4);
+  EXPECT_EQ("(false, 2, 3, 4)", Print(t4));
+
+  ::std::tuple<bool, int, int, int, bool> t5(false, 2, 3, 4, true);
+  EXPECT_EQ("(false, 2, 3, 4, true)", Print(t5));
+
+  ::std::tuple<bool, int, int, int, bool, int> t6(false, 2, 3, 4, true, 6);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6)", Print(t6));
+
+  ::std::tuple<bool, int, int, int, bool, int, int> t7(
+      false, 2, 3, 4, true, 6, 7);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7)", Print(t7));
+
+  ::std::tuple<bool, int, int, int, bool, int, int, bool> t8(
+      false, 2, 3, 4, true, 6, 7, true);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true)", Print(t8));
+
+  ::std::tuple<bool, int, int, int, bool, int, int, bool, int> t9(
+      false, 2, 3, 4, true, 6, 7, true, 9);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true, 9)", Print(t9));
+
+  const char* const str = "8";
+  // VC++ 2010's implementation of tuple of C++0x is deficient, requiring
+  // an explicit type cast of NULL to be used.
+  ::std::tuple<bool, char, short, testing::internal::Int32,  // NOLINT
+      testing::internal::Int64, float, double, const char*, void*, string>
+      t10(false, 'a', 3, 4, 5, 1.5F, -2.5, str,
+          ImplicitCast_<void*>(NULL), "10");
+  EXPECT_EQ("(false, 'a' (97, 0x61), 3, 4, 5, 1.5, -2.5, " + PrintPointer(str) +
+            " pointing to \"8\", NULL, \"10\")",
+            Print(t10));
+}
+
+// Nested tuples.
+TEST(PrintStdTupleTest, NestedTuple) {
+  ::std::tuple< ::std::tuple<int, bool>, char> nested(
+      ::std::make_tuple(5, true), 'a');
+  EXPECT_EQ("((5, true), 'a' (97, 0x61))", Print(nested));
+}
+
+#endif  // GTEST_LANG_CXX11
+
+// Tests printing user-defined unprintable types.
+
+// Unprintable types in the global namespace.
+TEST(PrintUnprintableTypeTest, InGlobalNamespace) {
+  EXPECT_EQ("1-byte object <00>",
+            Print(UnprintableTemplateInGlobal<char>()));
+}
+
+// Unprintable types in a user namespace.
+TEST(PrintUnprintableTypeTest, InUserNamespace) {
+  EXPECT_EQ("16-byte object <EF-12 00-00 34-AB 00-00 00-00 00-00 00-00 00-00>",
+            Print(::foo::UnprintableInFoo()));
+}
+
+// Unprintable types are that too big to be printed completely.
+
+struct Big {
+  Big() { memset(array, 0, sizeof(array)); }
+  char array[257];
+};
+
+TEST(PrintUnpritableTypeTest, BigObject) {
+  EXPECT_EQ("257-byte object <00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 ... 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00>",
+            Print(Big()));
+}
+
+// Tests printing user-defined streamable types.
+
+// Streamable types in the global namespace.
+TEST(PrintStreamableTypeTest, InGlobalNamespace) {
+  StreamableInGlobal x;
+  EXPECT_EQ("StreamableInGlobal", Print(x));
+  EXPECT_EQ("StreamableInGlobal*", Print(&x));
+}
+
+// Printable template types in a user namespace.
+TEST(PrintStreamableTypeTest, TemplateTypeInUserNamespace) {
+  EXPECT_EQ("StreamableTemplateInFoo: 0",
+            Print(::foo::StreamableTemplateInFoo<int>()));
+}
+
+// Tests printing user-defined types that have a PrintTo() function.
+TEST(PrintPrintableTypeTest, InUserNamespace) {
+  EXPECT_EQ("PrintableViaPrintTo: 0",
+            Print(::foo::PrintableViaPrintTo()));
+}
+
+// Tests printing a pointer to a user-defined type that has a <<
+// operator for its pointer.
+TEST(PrintPrintableTypeTest, PointerInUserNamespace) {
+  ::foo::PointerPrintable x;
+  EXPECT_EQ("PointerPrintable*", Print(&x));
+}
+
+// Tests printing user-defined class template that have a PrintTo() function.
+TEST(PrintPrintableTypeTest, TemplateInUserNamespace) {
+  EXPECT_EQ("PrintableViaPrintToTemplate: 5",
+            Print(::foo::PrintableViaPrintToTemplate<int>(5)));
+}
+
+#if GTEST_HAS_PROTOBUF_
+
+// Tests printing a short proto2 message.
+TEST(PrintProto2MessageTest, PrintsShortDebugStringWhenItIsShort) {
+  testing::internal::FooMessage msg;
+  msg.set_int_field(2);
+  msg.set_string_field("hello");
+  EXPECT_PRED2(RE::FullMatch, Print(msg),
+               "<int_field:\\s*2\\s+string_field:\\s*\"hello\">");
+}
+
+// Tests printing a long proto2 message.
+TEST(PrintProto2MessageTest, PrintsDebugStringWhenItIsLong) {
+  testing::internal::FooMessage msg;
+  msg.set_int_field(2);
+  msg.set_string_field("hello");
+  msg.add_names("peter");
+  msg.add_names("paul");
+  msg.add_names("mary");
+  EXPECT_PRED2(RE::FullMatch, Print(msg),
+               "<\n"
+               "int_field:\\s*2\n"
+               "string_field:\\s*\"hello\"\n"
+               "names:\\s*\"peter\"\n"
+               "names:\\s*\"paul\"\n"
+               "names:\\s*\"mary\"\n"
+               ">");
+}
+
+#endif  // GTEST_HAS_PROTOBUF_
+
+// Tests that the universal printer prints both the address and the
+// value of a reference.
+TEST(PrintReferenceTest, PrintsAddressAndValue) {
+  int n = 5;
+  EXPECT_EQ("@" + PrintPointer(&n) + " 5", PrintByRef(n));
+
+  int a[2][3] = {
+    { 0, 1, 2 },
+    { 3, 4, 5 }
+  };
+  EXPECT_EQ("@" + PrintPointer(a) + " { { 0, 1, 2 }, { 3, 4, 5 } }",
+            PrintByRef(a));
+
+  const ::foo::UnprintableInFoo x;
+  EXPECT_EQ("@" + PrintPointer(&x) + " 16-byte object "
+            "<EF-12 00-00 34-AB 00-00 00-00 00-00 00-00 00-00>",
+            PrintByRef(x));
+}
+
+// Tests that the universal printer prints a function pointer passed by
+// reference.
+TEST(PrintReferenceTest, HandlesFunctionPointer) {
+  void (*fp)(int n) = &MyFunction;
+  const string fp_pointer_string =
+      PrintPointer(reinterpret_cast<const void*>(&fp));
+  // We cannot directly cast &MyFunction to const void* because the
+  // standard disallows casting between pointers to functions and
+  // pointers to objects, and some compilers (e.g. GCC 3.4) enforce
+  // this limitation.
+  const string fp_string = PrintPointer(reinterpret_cast<const void*>(
+      reinterpret_cast<internal::BiggestInt>(fp)));
+  EXPECT_EQ("@" + fp_pointer_string + " " + fp_string,
+            PrintByRef(fp));
+}
+
+// Tests that the universal printer prints a member function pointer
+// passed by reference.
+TEST(PrintReferenceTest, HandlesMemberFunctionPointer) {
+  int (Foo::*p)(char ch) = &Foo::MyMethod;
+  EXPECT_TRUE(HasPrefix(
+      PrintByRef(p),
+      "@" + PrintPointer(reinterpret_cast<const void*>(&p)) + " " +
+          Print(sizeof(p)) + "-byte object "));
+
+  char (Foo::*p2)(int n) = &Foo::MyVirtualMethod;
+  EXPECT_TRUE(HasPrefix(
+      PrintByRef(p2),
+      "@" + PrintPointer(reinterpret_cast<const void*>(&p2)) + " " +
+          Print(sizeof(p2)) + "-byte object "));
+}
+
+// Tests that the universal printer prints a member variable pointer
+// passed by reference.
+TEST(PrintReferenceTest, HandlesMemberVariablePointer) {
+  int (Foo::*p) = &Foo::value;  // NOLINT
+  EXPECT_TRUE(HasPrefix(
+      PrintByRef(p),
+      "@" + PrintPointer(&p) + " " + Print(sizeof(p)) + "-byte object "));
+}
+
+// Tests that FormatForComparisonFailureMessage(), which is used to print
+// an operand in a comparison assertion (e.g. ASSERT_EQ) when the assertion
+// fails, formats the operand in the desired way.
+
+// scalar
+TEST(FormatForComparisonFailureMessageTest, WorksForScalar) {
+  EXPECT_STREQ("123",
+               FormatForComparisonFailureMessage(123, 124).c_str());
+}
+
+// non-char pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForNonCharPointer) {
+  int n = 0;
+  EXPECT_EQ(PrintPointer(&n),
+            FormatForComparisonFailureMessage(&n, &n).c_str());
+}
+
+// non-char array
+TEST(FormatForComparisonFailureMessageTest, FormatsNonCharArrayAsPointer) {
+  // In expression 'array == x', 'array' is compared by pointer.
+  // Therefore we want to print an array operand as a pointer.
+  int n[] = { 1, 2, 3 };
+  EXPECT_EQ(PrintPointer(n),
+            FormatForComparisonFailureMessage(n, n).c_str());
+}
+
+// Tests formatting a char pointer when it's compared with another pointer.
+// In this case we want to print it as a raw pointer, as the comparision is by
+// pointer.
+
+// char pointer vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForCharPointerVsPointer) {
+  // In expression 'p == x', where 'p' and 'x' are (const or not) char
+  // pointers, the operands are compared by pointer.  Therefore we
+  // want to print 'p' as a pointer instead of a C string (we don't
+  // even know if it's supposed to point to a valid C string).
+
+  // const char*
+  const char* s = "hello";
+  EXPECT_EQ(PrintPointer(s),
+            FormatForComparisonFailureMessage(s, s).c_str());
+
+  // char*
+  char ch = 'a';
+  EXPECT_EQ(PrintPointer(&ch),
+            FormatForComparisonFailureMessage(&ch, &ch).c_str());
+}
+
+// wchar_t pointer vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharPointerVsPointer) {
+  // In expression 'p == x', where 'p' and 'x' are (const or not) char
+  // pointers, the operands are compared by pointer.  Therefore we
+  // want to print 'p' as a pointer instead of a wide C string (we don't
+  // even know if it's supposed to point to a valid wide C string).
+
+  // const wchar_t*
+  const wchar_t* s = L"hello";
+  EXPECT_EQ(PrintPointer(s),
+            FormatForComparisonFailureMessage(s, s).c_str());
+
+  // wchar_t*
+  wchar_t ch = L'a';
+  EXPECT_EQ(PrintPointer(&ch),
+            FormatForComparisonFailureMessage(&ch, &ch).c_str());
+}
+
+// Tests formatting a char pointer when it's compared to a string object.
+// In this case we want to print the char pointer as a C string.
+
+#if GTEST_HAS_GLOBAL_STRING
+// char pointer vs ::string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharPointerVsString) {
+  const char* s = "hello \"world";
+  EXPECT_STREQ("\"hello \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::string()).c_str());
+
+  // char*
+  char str[] = "hi\1";
+  char* p = str;
+  EXPECT_STREQ("\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::string()).c_str());
+}
+#endif
+
+// char pointer vs std::string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharPointerVsStdString) {
+  const char* s = "hello \"world";
+  EXPECT_STREQ("\"hello \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::std::string()).c_str());
+
+  // char*
+  char str[] = "hi\1";
+  char* p = str;
+  EXPECT_STREQ("\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::std::string()).c_str());
+}
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// wchar_t pointer vs ::wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharPointerVsWString) {
+  const wchar_t* s = L"hi \"world";
+  EXPECT_STREQ("L\"hi \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::wstring()).c_str());
+
+  // wchar_t*
+  wchar_t str[] = L"hi\1";
+  wchar_t* p = str;
+  EXPECT_STREQ("L\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::wstring()).c_str());
+}
+#endif
+
+#if GTEST_HAS_STD_WSTRING
+// wchar_t pointer vs std::wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharPointerVsStdWString) {
+  const wchar_t* s = L"hi \"world";
+  EXPECT_STREQ("L\"hi \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::std::wstring()).c_str());
+
+  // wchar_t*
+  wchar_t str[] = L"hi\1";
+  wchar_t* p = str;
+  EXPECT_STREQ("L\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::std::wstring()).c_str());
+}
+#endif
+
+// Tests formatting a char array when it's compared with a pointer or array.
+// In this case we want to print the array as a row pointer, as the comparison
+// is by pointer.
+
+// char array vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsPointer) {
+  char str[] = "hi \"world\"";
+  char* p = NULL;
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, p).c_str());
+}
+
+// char array vs char array
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsCharArray) {
+  const char str[] = "hi \"world\"";
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, str).c_str());
+}
+
+// wchar_t array vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsPointer) {
+  wchar_t str[] = L"hi \"world\"";
+  wchar_t* p = NULL;
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, p).c_str());
+}
+
+// wchar_t array vs wchar_t array
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsWCharArray) {
+  const wchar_t str[] = L"hi \"world\"";
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, str).c_str());
+}
+
+// Tests formatting a char array when it's compared with a string object.
+// In this case we want to print the array as a C string.
+
+#if GTEST_HAS_GLOBAL_STRING
+// char array vs string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsString) {
+  const char str[] = "hi \"w\0rld\"";
+  EXPECT_STREQ("\"hi \\\"w\"",  // The content should be escaped.
+                                // Embedded NUL terminates the string.
+               FormatForComparisonFailureMessage(str, ::string()).c_str());
+}
+#endif
+
+// char array vs std::string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsStdString) {
+  const char str[] = "hi \"world\"";
+  EXPECT_STREQ("\"hi \\\"world\\\"\"",  // The content should be escaped.
+               FormatForComparisonFailureMessage(str, ::std::string()).c_str());
+}
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// wchar_t array vs wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsWString) {
+  const wchar_t str[] = L"hi \"world\"";
+  EXPECT_STREQ("L\"hi \\\"world\\\"\"",  // The content should be escaped.
+               FormatForComparisonFailureMessage(str, ::wstring()).c_str());
+}
+#endif
+
+#if GTEST_HAS_STD_WSTRING
+// wchar_t array vs std::wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsStdWString) {
+  const wchar_t str[] = L"hi \"w\0rld\"";
+  EXPECT_STREQ(
+      "L\"hi \\\"w\"",  // The content should be escaped.
+                        // Embedded NUL terminates the string.
+      FormatForComparisonFailureMessage(str, ::std::wstring()).c_str());
+}
+#endif
+
+// Useful for testing PrintToString().  We cannot use EXPECT_EQ()
+// there as its implementation uses PrintToString().  The caller must
+// ensure that 'value' has no side effect.
+#define EXPECT_PRINT_TO_STRING_(value, expected_string)         \
+  EXPECT_TRUE(PrintToString(value) == (expected_string))        \
+      << " where " #value " prints as " << (PrintToString(value))
+
+TEST(PrintToStringTest, WorksForScalar) {
+  EXPECT_PRINT_TO_STRING_(123, "123");
+}
+
+TEST(PrintToStringTest, WorksForPointerToConstChar) {
+  const char* p = "hello";
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\"");
+}
+
+TEST(PrintToStringTest, WorksForPointerToNonConstChar) {
+  char s[] = "hello";
+  char* p = s;
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\"");
+}
+
+TEST(PrintToStringTest, EscapesForPointerToConstChar) {
+  const char* p = "hello\n";
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\\n\"");
+}
+
+TEST(PrintToStringTest, EscapesForPointerToNonConstChar) {
+  char s[] = "hello\1";
+  char* p = s;
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\\x1\"");
+}
+
+TEST(PrintToStringTest, WorksForArray) {
+  int n[3] = { 1, 2, 3 };
+  EXPECT_PRINT_TO_STRING_(n, "{ 1, 2, 3 }");
+}
+
+TEST(PrintToStringTest, WorksForCharArray) {
+  char s[] = "hello";
+  EXPECT_PRINT_TO_STRING_(s, "\"hello\"");
+}
+
+TEST(PrintToStringTest, WorksForCharArrayWithEmbeddedNul) {
+  const char str_with_nul[] = "hello\0 world";
+  EXPECT_PRINT_TO_STRING_(str_with_nul, "\"hello\\0 world\"");
+
+  char mutable_str_with_nul[] = "hello\0 world";
+  EXPECT_PRINT_TO_STRING_(mutable_str_with_nul, "\"hello\\0 world\"");
+}
+
+#undef EXPECT_PRINT_TO_STRING_
+
+TEST(UniversalTersePrintTest, WorksForNonReference) {
+  ::std::stringstream ss;
+  UniversalTersePrint(123, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalTersePrintTest, WorksForReference) {
+  const int& n = 123;
+  ::std::stringstream ss;
+  UniversalTersePrint(n, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalTersePrintTest, WorksForCString) {
+  const char* s1 = "abc";
+  ::std::stringstream ss1;
+  UniversalTersePrint(s1, &ss1);
+  EXPECT_EQ("\"abc\"", ss1.str());
+
+  char* s2 = const_cast<char*>(s1);
+  ::std::stringstream ss2;
+  UniversalTersePrint(s2, &ss2);
+  EXPECT_EQ("\"abc\"", ss2.str());
+
+  const char* s3 = NULL;
+  ::std::stringstream ss3;
+  UniversalTersePrint(s3, &ss3);
+  EXPECT_EQ("NULL", ss3.str());
+}
+
+TEST(UniversalPrintTest, WorksForNonReference) {
+  ::std::stringstream ss;
+  UniversalPrint(123, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalPrintTest, WorksForReference) {
+  const int& n = 123;
+  ::std::stringstream ss;
+  UniversalPrint(n, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalPrintTest, WorksForCString) {
+  const char* s1 = "abc";
+  ::std::stringstream ss1;
+  UniversalPrint(s1, &ss1);
+  EXPECT_EQ(PrintPointer(s1) + " pointing to \"abc\"", string(ss1.str()));
+
+  char* s2 = const_cast<char*>(s1);
+  ::std::stringstream ss2;
+  UniversalPrint(s2, &ss2);
+  EXPECT_EQ(PrintPointer(s2) + " pointing to \"abc\"", string(ss2.str()));
+
+  const char* s3 = NULL;
+  ::std::stringstream ss3;
+  UniversalPrint(s3, &ss3);
+  EXPECT_EQ("NULL", ss3.str());
+}
+
+TEST(UniversalPrintTest, WorksForCharArray) {
+  const char str[] = "\"Line\0 1\"\nLine 2";
+  ::std::stringstream ss1;
+  UniversalPrint(str, &ss1);
+  EXPECT_EQ("\"\\\"Line\\0 1\\\"\\nLine 2\"", ss1.str());
+
+  const char mutable_str[] = "\"Line\0 1\"\nLine 2";
+  ::std::stringstream ss2;
+  UniversalPrint(mutable_str, &ss2);
+  EXPECT_EQ("\"\\\"Line\\0 1\\\"\\nLine 2\"", ss2.str());
+}
+
+#if GTEST_HAS_TR1_TUPLE
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsEmptyTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::make_tuple());
+  EXPECT_EQ(0u, result.size());
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsOneTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::make_tuple(1));
+  ASSERT_EQ(1u, result.size());
+  EXPECT_EQ("1", result[0]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsTwoTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::make_tuple(1, 'a'));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("'a' (97, 0x61)", result[1]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsTersely) {
+  const int n = 1;
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::tuple<const int&, const char*>(n, "a"));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("\"a\"", result[1]);
+}
+
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_HAS_STD_TUPLE_
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsEmptyTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(::std::make_tuple());
+  EXPECT_EQ(0u, result.size());
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsOneTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::make_tuple(1));
+  ASSERT_EQ(1u, result.size());
+  EXPECT_EQ("1", result[0]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsTwoTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::make_tuple(1, 'a'));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("'a' (97, 0x61)", result[1]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsTersely) {
+  const int n = 1;
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tuple<const int&, const char*>(n, "a"));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("\"a\"", result[1]);
+}
+
+#endif  // GTEST_HAS_STD_TUPLE_
+
+}  // namespace gtest_printers_test
+}  // namespace testing
+
diff --git a/nss/external_tests/google_test/gtest/test/gtest-test-part_test.cc b/nss/external_tests/google_test/gtest/test/gtest-test-part_test.cc
new file mode 100644
index 0000000..ca8ba93
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-test-part_test.cc
@@ -0,0 +1,208 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+
+#include "gtest/gtest-test-part.h"
+
+#include "gtest/gtest.h"
+
+using testing::Message;
+using testing::Test;
+using testing::TestPartResult;
+using testing::TestPartResultArray;
+
+namespace {
+
+// Tests the TestPartResult class.
+
+// The test fixture for testing TestPartResult.
+class TestPartResultTest : public Test {
+ protected:
+  TestPartResultTest()
+      : r1_(TestPartResult::kSuccess, "foo/bar.cc", 10, "Success!"),
+        r2_(TestPartResult::kNonFatalFailure, "foo/bar.cc", -1, "Failure!"),
+        r3_(TestPartResult::kFatalFailure, NULL, -1, "Failure!") {}
+
+  TestPartResult r1_, r2_, r3_;
+};
+
+
+TEST_F(TestPartResultTest, ConstructorWorks) {
+  Message message;
+  message << "something is terribly wrong";
+  message << static_cast<const char*>(testing::internal::kStackTraceMarker);
+  message << "some unimportant stack trace";
+
+  const TestPartResult result(TestPartResult::kNonFatalFailure,
+                              "some_file.cc",
+                              42,
+                              message.GetString().c_str());
+
+  EXPECT_EQ(TestPartResult::kNonFatalFailure, result.type());
+  EXPECT_STREQ("some_file.cc", result.file_name());
+  EXPECT_EQ(42, result.line_number());
+  EXPECT_STREQ(message.GetString().c_str(), result.message());
+  EXPECT_STREQ("something is terribly wrong", result.summary());
+}
+
+TEST_F(TestPartResultTest, ResultAccessorsWork) {
+  const TestPartResult success(TestPartResult::kSuccess,
+                               "file.cc",
+                               42,
+                               "message");
+  EXPECT_TRUE(success.passed());
+  EXPECT_FALSE(success.failed());
+  EXPECT_FALSE(success.nonfatally_failed());
+  EXPECT_FALSE(success.fatally_failed());
+
+  const TestPartResult nonfatal_failure(TestPartResult::kNonFatalFailure,
+                                        "file.cc",
+                                        42,
+                                        "message");
+  EXPECT_FALSE(nonfatal_failure.passed());
+  EXPECT_TRUE(nonfatal_failure.failed());
+  EXPECT_TRUE(nonfatal_failure.nonfatally_failed());
+  EXPECT_FALSE(nonfatal_failure.fatally_failed());
+
+  const TestPartResult fatal_failure(TestPartResult::kFatalFailure,
+                                     "file.cc",
+                                     42,
+                                     "message");
+  EXPECT_FALSE(fatal_failure.passed());
+  EXPECT_TRUE(fatal_failure.failed());
+  EXPECT_FALSE(fatal_failure.nonfatally_failed());
+  EXPECT_TRUE(fatal_failure.fatally_failed());
+}
+
+// Tests TestPartResult::type().
+TEST_F(TestPartResultTest, type) {
+  EXPECT_EQ(TestPartResult::kSuccess, r1_.type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure, r2_.type());
+  EXPECT_EQ(TestPartResult::kFatalFailure, r3_.type());
+}
+
+// Tests TestPartResult::file_name().
+TEST_F(TestPartResultTest, file_name) {
+  EXPECT_STREQ("foo/bar.cc", r1_.file_name());
+  EXPECT_STREQ(NULL, r3_.file_name());
+}
+
+// Tests TestPartResult::line_number().
+TEST_F(TestPartResultTest, line_number) {
+  EXPECT_EQ(10, r1_.line_number());
+  EXPECT_EQ(-1, r2_.line_number());
+}
+
+// Tests TestPartResult::message().
+TEST_F(TestPartResultTest, message) {
+  EXPECT_STREQ("Success!", r1_.message());
+}
+
+// Tests TestPartResult::passed().
+TEST_F(TestPartResultTest, Passed) {
+  EXPECT_TRUE(r1_.passed());
+  EXPECT_FALSE(r2_.passed());
+  EXPECT_FALSE(r3_.passed());
+}
+
+// Tests TestPartResult::failed().
+TEST_F(TestPartResultTest, Failed) {
+  EXPECT_FALSE(r1_.failed());
+  EXPECT_TRUE(r2_.failed());
+  EXPECT_TRUE(r3_.failed());
+}
+
+// Tests TestPartResult::fatally_failed().
+TEST_F(TestPartResultTest, FatallyFailed) {
+  EXPECT_FALSE(r1_.fatally_failed());
+  EXPECT_FALSE(r2_.fatally_failed());
+  EXPECT_TRUE(r3_.fatally_failed());
+}
+
+// Tests TestPartResult::nonfatally_failed().
+TEST_F(TestPartResultTest, NonfatallyFailed) {
+  EXPECT_FALSE(r1_.nonfatally_failed());
+  EXPECT_TRUE(r2_.nonfatally_failed());
+  EXPECT_FALSE(r3_.nonfatally_failed());
+}
+
+// Tests the TestPartResultArray class.
+
+class TestPartResultArrayTest : public Test {
+ protected:
+  TestPartResultArrayTest()
+      : r1_(TestPartResult::kNonFatalFailure, "foo/bar.cc", -1, "Failure 1"),
+        r2_(TestPartResult::kFatalFailure, "foo/bar.cc", -1, "Failure 2") {}
+
+  const TestPartResult r1_, r2_;
+};
+
+// Tests that TestPartResultArray initially has size 0.
+TEST_F(TestPartResultArrayTest, InitialSizeIsZero) {
+  TestPartResultArray results;
+  EXPECT_EQ(0, results.size());
+}
+
+// Tests that TestPartResultArray contains the given TestPartResult
+// after one Append() operation.
+TEST_F(TestPartResultArrayTest, ContainsGivenResultAfterAppend) {
+  TestPartResultArray results;
+  results.Append(r1_);
+  EXPECT_EQ(1, results.size());
+  EXPECT_STREQ("Failure 1", results.GetTestPartResult(0).message());
+}
+
+// Tests that TestPartResultArray contains the given TestPartResults
+// after two Append() operations.
+TEST_F(TestPartResultArrayTest, ContainsGivenResultsAfterTwoAppends) {
+  TestPartResultArray results;
+  results.Append(r1_);
+  results.Append(r2_);
+  EXPECT_EQ(2, results.size());
+  EXPECT_STREQ("Failure 1", results.GetTestPartResult(0).message());
+  EXPECT_STREQ("Failure 2", results.GetTestPartResult(1).message());
+}
+
+typedef TestPartResultArrayTest TestPartResultArrayDeathTest;
+
+// Tests that the program dies when GetTestPartResult() is called with
+// an invalid index.
+TEST_F(TestPartResultArrayDeathTest, DiesWhenIndexIsOutOfBound) {
+  TestPartResultArray results;
+  results.Append(r1_);
+
+  EXPECT_DEATH_IF_SUPPORTED(results.GetTestPartResult(-1), "");
+  EXPECT_DEATH_IF_SUPPORTED(results.GetTestPartResult(1), "");
+}
+
+// TODO(mheule@google.com): Add a test for the class HasNewFatalFailureHelper.
+
+}  // namespace
diff --git a/nss/external_tests/google_test/gtest/test/gtest-tuple_test.cc b/nss/external_tests/google_test/gtest/test/gtest-tuple_test.cc
new file mode 100644
index 0000000..bfaa3e0
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-tuple_test.cc
@@ -0,0 +1,320 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/internal/gtest-tuple.h"
+#include <utility>
+#include "gtest/gtest.h"
+
+namespace {
+
+using ::std::tr1::get;
+using ::std::tr1::make_tuple;
+using ::std::tr1::tuple;
+using ::std::tr1::tuple_element;
+using ::std::tr1::tuple_size;
+using ::testing::StaticAssertTypeEq;
+
+// Tests that tuple_element<K, tuple<T0, T1, ..., TN> >::type returns TK.
+TEST(tuple_element_Test, ReturnsElementType) {
+  StaticAssertTypeEq<int, tuple_element<0, tuple<int, char> >::type>();
+  StaticAssertTypeEq<int&, tuple_element<1, tuple<double, int&> >::type>();
+  StaticAssertTypeEq<bool, tuple_element<2, tuple<double, int, bool> >::type>();
+}
+
+// Tests that tuple_size<T>::value gives the number of fields in tuple
+// type T.
+TEST(tuple_size_Test, ReturnsNumberOfFields) {
+  EXPECT_EQ(0, +tuple_size<tuple<> >::value);
+  EXPECT_EQ(1, +tuple_size<tuple<void*> >::value);
+  EXPECT_EQ(1, +tuple_size<tuple<char> >::value);
+  EXPECT_EQ(1, +(tuple_size<tuple<tuple<int, double> > >::value));
+  EXPECT_EQ(2, +(tuple_size<tuple<int&, const char> >::value));
+  EXPECT_EQ(3, +(tuple_size<tuple<char*, void, const bool&> >::value));
+}
+
+// Tests comparing a tuple with itself.
+TEST(ComparisonTest, ComparesWithSelf) {
+  const tuple<int, char, bool> a(5, 'a', false);
+
+  EXPECT_TRUE(a == a);
+  EXPECT_FALSE(a != a);
+}
+
+// Tests comparing two tuples with the same value.
+TEST(ComparisonTest, ComparesEqualTuples) {
+  const tuple<int, bool> a(5, true), b(5, true);
+
+  EXPECT_TRUE(a == b);
+  EXPECT_FALSE(a != b);
+}
+
+// Tests comparing two different tuples that have no reference fields.
+TEST(ComparisonTest, ComparesUnequalTuplesWithoutReferenceFields) {
+  typedef tuple<const int, char> FooTuple;
+
+  const FooTuple a(0, 'x');
+  const FooTuple b(1, 'a');
+
+  EXPECT_TRUE(a != b);
+  EXPECT_FALSE(a == b);
+
+  const FooTuple c(1, 'b');
+
+  EXPECT_TRUE(b != c);
+  EXPECT_FALSE(b == c);
+}
+
+// Tests comparing two different tuples that have reference fields.
+TEST(ComparisonTest, ComparesUnequalTuplesWithReferenceFields) {
+  typedef tuple<int&, const char&> FooTuple;
+
+  int i = 5;
+  const char ch = 'a';
+  const FooTuple a(i, ch);
+
+  int j = 6;
+  const FooTuple b(j, ch);
+
+  EXPECT_TRUE(a != b);
+  EXPECT_FALSE(a == b);
+
+  j = 5;
+  const char ch2 = 'b';
+  const FooTuple c(j, ch2);
+
+  EXPECT_TRUE(b != c);
+  EXPECT_FALSE(b == c);
+}
+
+// Tests that a tuple field with a reference type is an alias of the
+// variable it's supposed to reference.
+TEST(ReferenceFieldTest, IsAliasOfReferencedVariable) {
+  int n = 0;
+  tuple<bool, int&> t(true, n);
+
+  n = 1;
+  EXPECT_EQ(n, get<1>(t))
+      << "Changing a underlying variable should update the reference field.";
+
+  // Makes sure that the implementation doesn't do anything funny with
+  // the & operator for the return type of get<>().
+  EXPECT_EQ(&n, &(get<1>(t)))
+      << "The address of a reference field should equal the address of "
+      << "the underlying variable.";
+
+  get<1>(t) = 2;
+  EXPECT_EQ(2, n)
+      << "Changing a reference field should update the underlying variable.";
+}
+
+// Tests that tuple's default constructor default initializes each field.
+// This test needs to compile without generating warnings.
+TEST(TupleConstructorTest, DefaultConstructorDefaultInitializesEachField) {
+  // The TR1 report requires that tuple's default constructor default
+  // initializes each field, even if it's a primitive type.  If the
+  // implementation forgets to do this, this test will catch it by
+  // generating warnings about using uninitialized variables (assuming
+  // a decent compiler).
+
+  tuple<> empty;
+
+  tuple<int> a1, b1;
+  b1 = a1;
+  EXPECT_EQ(0, get<0>(b1));
+
+  tuple<int, double> a2, b2;
+  b2 = a2;
+  EXPECT_EQ(0, get<0>(b2));
+  EXPECT_EQ(0.0, get<1>(b2));
+
+  tuple<double, char, bool*> a3, b3;
+  b3 = a3;
+  EXPECT_EQ(0.0, get<0>(b3));
+  EXPECT_EQ('\0', get<1>(b3));
+  EXPECT_TRUE(get<2>(b3) == NULL);
+
+  tuple<int, int, int, int, int, int, int, int, int, int> a10, b10;
+  b10 = a10;
+  EXPECT_EQ(0, get<0>(b10));
+  EXPECT_EQ(0, get<1>(b10));
+  EXPECT_EQ(0, get<2>(b10));
+  EXPECT_EQ(0, get<3>(b10));
+  EXPECT_EQ(0, get<4>(b10));
+  EXPECT_EQ(0, get<5>(b10));
+  EXPECT_EQ(0, get<6>(b10));
+  EXPECT_EQ(0, get<7>(b10));
+  EXPECT_EQ(0, get<8>(b10));
+  EXPECT_EQ(0, get<9>(b10));
+}
+
+// Tests constructing a tuple from its fields.
+TEST(TupleConstructorTest, ConstructsFromFields) {
+  int n = 1;
+  // Reference field.
+  tuple<int&> a(n);
+  EXPECT_EQ(&n, &(get<0>(a)));
+
+  // Non-reference fields.
+  tuple<int, char> b(5, 'a');
+  EXPECT_EQ(5, get<0>(b));
+  EXPECT_EQ('a', get<1>(b));
+
+  // Const reference field.
+  const int m = 2;
+  tuple<bool, const int&> c(true, m);
+  EXPECT_TRUE(get<0>(c));
+  EXPECT_EQ(&m, &(get<1>(c)));
+}
+
+// Tests tuple's copy constructor.
+TEST(TupleConstructorTest, CopyConstructor) {
+  tuple<double, bool> a(0.0, true);
+  tuple<double, bool> b(a);
+
+  EXPECT_DOUBLE_EQ(0.0, get<0>(b));
+  EXPECT_TRUE(get<1>(b));
+}
+
+// Tests constructing a tuple from another tuple that has a compatible
+// but different type.
+TEST(TupleConstructorTest, ConstructsFromDifferentTupleType) {
+  tuple<int, int, char> a(0, 1, 'a');
+  tuple<double, long, int> b(a);
+
+  EXPECT_DOUBLE_EQ(0.0, get<0>(b));
+  EXPECT_EQ(1, get<1>(b));
+  EXPECT_EQ('a', get<2>(b));
+}
+
+// Tests constructing a 2-tuple from an std::pair.
+TEST(TupleConstructorTest, ConstructsFromPair) {
+  ::std::pair<int, char> a(1, 'a');
+  tuple<int, char> b(a);
+  tuple<int, const char&> c(a);
+}
+
+// Tests assigning a tuple to another tuple with the same type.
+TEST(TupleAssignmentTest, AssignsToSameTupleType) {
+  const tuple<int, long> a(5, 7L);
+  tuple<int, long> b;
+  b = a;
+  EXPECT_EQ(5, get<0>(b));
+  EXPECT_EQ(7L, get<1>(b));
+}
+
+// Tests assigning a tuple to another tuple with a different but
+// compatible type.
+TEST(TupleAssignmentTest, AssignsToDifferentTupleType) {
+  const tuple<int, long, bool> a(1, 7L, true);
+  tuple<long, int, bool> b;
+  b = a;
+  EXPECT_EQ(1L, get<0>(b));
+  EXPECT_EQ(7, get<1>(b));
+  EXPECT_TRUE(get<2>(b));
+}
+
+// Tests assigning an std::pair to a 2-tuple.
+TEST(TupleAssignmentTest, AssignsFromPair) {
+  const ::std::pair<int, bool> a(5, true);
+  tuple<int, bool> b;
+  b = a;
+  EXPECT_EQ(5, get<0>(b));
+  EXPECT_TRUE(get<1>(b));
+
+  tuple<long, bool> c;
+  c = a;
+  EXPECT_EQ(5L, get<0>(c));
+  EXPECT_TRUE(get<1>(c));
+}
+
+// A fixture for testing big tuples.
+class BigTupleTest : public testing::Test {
+ protected:
+  typedef tuple<int, int, int, int, int, int, int, int, int, int> BigTuple;
+
+  BigTupleTest() :
+      a_(1, 0, 0, 0, 0, 0, 0, 0, 0, 2),
+      b_(1, 0, 0, 0, 0, 0, 0, 0, 0, 3) {}
+
+  BigTuple a_, b_;
+};
+
+// Tests constructing big tuples.
+TEST_F(BigTupleTest, Construction) {
+  BigTuple a;
+  BigTuple b(b_);
+}
+
+// Tests that get<N>(t) returns the N-th (0-based) field of tuple t.
+TEST_F(BigTupleTest, get) {
+  EXPECT_EQ(1, get<0>(a_));
+  EXPECT_EQ(2, get<9>(a_));
+
+  // Tests that get() works on a const tuple too.
+  const BigTuple a(a_);
+  EXPECT_EQ(1, get<0>(a));
+  EXPECT_EQ(2, get<9>(a));
+}
+
+// Tests comparing big tuples.
+TEST_F(BigTupleTest, Comparisons) {
+  EXPECT_TRUE(a_ == a_);
+  EXPECT_FALSE(a_ != a_);
+
+  EXPECT_TRUE(a_ != b_);
+  EXPECT_FALSE(a_ == b_);
+}
+
+TEST(MakeTupleTest, WorksForScalarTypes) {
+  tuple<bool, int> a;
+  a = make_tuple(true, 5);
+  EXPECT_TRUE(get<0>(a));
+  EXPECT_EQ(5, get<1>(a));
+
+  tuple<char, int, long> b;
+  b = make_tuple('a', 'b', 5);
+  EXPECT_EQ('a', get<0>(b));
+  EXPECT_EQ('b', get<1>(b));
+  EXPECT_EQ(5, get<2>(b));
+}
+
+TEST(MakeTupleTest, WorksForPointers) {
+  int a[] = { 1, 2, 3, 4 };
+  const char* const str = "hi";
+  int* const p = a;
+
+  tuple<const char*, int*> t;
+  t = make_tuple(str, p);
+  EXPECT_EQ(str, get<0>(t));
+  EXPECT_EQ(p, get<1>(t));
+}
+
+}  // namespace
diff --git a/nss/external_tests/google_test/gtest/test/gtest-typed-test2_test.cc b/nss/external_tests/google_test/gtest/test/gtest-typed-test2_test.cc
new file mode 100644
index 0000000..c284700
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-typed-test2_test.cc
@@ -0,0 +1,45 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include <vector>
+
+#include "test/gtest-typed-test_test.h"
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_TYPED_TEST_P
+
+// Tests that the same type-parameterized test case can be
+// instantiated in different translation units linked together.
+// (ContainerTest is also instantiated in gtest-typed-test_test.cc.)
+INSTANTIATE_TYPED_TEST_CASE_P(Vector, ContainerTest,
+                              testing::Types<std::vector<int> >);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
diff --git a/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.cc b/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.cc
new file mode 100644
index 0000000..c3e66c2
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.cc
@@ -0,0 +1,361 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "test/gtest-typed-test_test.h"
+
+#include <set>
+#include <vector>
+
+#include "gtest/gtest.h"
+
+using testing::Test;
+
+// Used for testing that SetUpTestCase()/TearDownTestCase(), fixture
+// ctor/dtor, and SetUp()/TearDown() work correctly in typed tests and
+// type-parameterized test.
+template <typename T>
+class CommonTest : public Test {
+  // For some technical reason, SetUpTestCase() and TearDownTestCase()
+  // must be public.
+ public:
+  static void SetUpTestCase() {
+    shared_ = new T(5);
+  }
+
+  static void TearDownTestCase() {
+    delete shared_;
+    shared_ = NULL;
+  }
+
+  // This 'protected:' is optional.  There's no harm in making all
+  // members of this fixture class template public.
+ protected:
+  // We used to use std::list here, but switched to std::vector since
+  // MSVC's <list> doesn't compile cleanly with /W4.
+  typedef std::vector<T> Vector;
+  typedef std::set<int> IntSet;
+
+  CommonTest() : value_(1) {}
+
+  virtual ~CommonTest() { EXPECT_EQ(3, value_); }
+
+  virtual void SetUp() {
+    EXPECT_EQ(1, value_);
+    value_++;
+  }
+
+  virtual void TearDown() {
+    EXPECT_EQ(2, value_);
+    value_++;
+  }
+
+  T value_;
+  static T* shared_;
+};
+
+template <typename T>
+T* CommonTest<T>::shared_ = NULL;
+
+// This #ifdef block tests typed tests.
+#if GTEST_HAS_TYPED_TEST
+
+using testing::Types;
+
+// Tests that SetUpTestCase()/TearDownTestCase(), fixture ctor/dtor,
+// and SetUp()/TearDown() work correctly in typed tests
+
+typedef Types<char, int> TwoTypes;
+TYPED_TEST_CASE(CommonTest, TwoTypes);
+
+TYPED_TEST(CommonTest, ValuesAreCorrect) {
+  // Static members of the fixture class template can be visited via
+  // the TestFixture:: prefix.
+  EXPECT_EQ(5, *TestFixture::shared_);
+
+  // Typedefs in the fixture class template can be visited via the
+  // "typename TestFixture::" prefix.
+  typename TestFixture::Vector empty;
+  EXPECT_EQ(0U, empty.size());
+
+  typename TestFixture::IntSet empty2;
+  EXPECT_EQ(0U, empty2.size());
+
+  // Non-static members of the fixture class must be visited via
+  // 'this', as required by C++ for class templates.
+  EXPECT_EQ(2, this->value_);
+}
+
+// The second test makes sure shared_ is not deleted after the first
+// test.
+TYPED_TEST(CommonTest, ValuesAreStillCorrect) {
+  // Static members of the fixture class template can also be visited
+  // via 'this'.
+  ASSERT_TRUE(this->shared_ != NULL);
+  EXPECT_EQ(5, *this->shared_);
+
+  // TypeParam can be used to refer to the type parameter.
+  EXPECT_EQ(static_cast<TypeParam>(2), this->value_);
+}
+
+// Tests that multiple TYPED_TEST_CASE's can be defined in the same
+// translation unit.
+
+template <typename T>
+class TypedTest1 : public Test {
+};
+
+// Verifies that the second argument of TYPED_TEST_CASE can be a
+// single type.
+TYPED_TEST_CASE(TypedTest1, int);
+TYPED_TEST(TypedTest1, A) {}
+
+template <typename T>
+class TypedTest2 : public Test {
+};
+
+// Verifies that the second argument of TYPED_TEST_CASE can be a
+// Types<...> type list.
+TYPED_TEST_CASE(TypedTest2, Types<int>);
+
+// This also verifies that tests from different typed test cases can
+// share the same name.
+TYPED_TEST(TypedTest2, A) {}
+
+// Tests that a typed test case can be defined in a namespace.
+
+namespace library1 {
+
+template <typename T>
+class NumericTest : public Test {
+};
+
+typedef Types<int, long> NumericTypes;
+TYPED_TEST_CASE(NumericTest, NumericTypes);
+
+TYPED_TEST(NumericTest, DefaultIsZero) {
+  EXPECT_EQ(0, TypeParam());
+}
+
+}  // namespace library1
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// This #ifdef block tests type-parameterized tests.
+#if GTEST_HAS_TYPED_TEST_P
+
+using testing::Types;
+using testing::internal::TypedTestCasePState;
+
+// Tests TypedTestCasePState.
+
+class TypedTestCasePStateTest : public Test {
+ protected:
+  virtual void SetUp() {
+    state_.AddTestName("foo.cc", 0, "FooTest", "A");
+    state_.AddTestName("foo.cc", 0, "FooTest", "B");
+    state_.AddTestName("foo.cc", 0, "FooTest", "C");
+  }
+
+  TypedTestCasePState state_;
+};
+
+TEST_F(TypedTestCasePStateTest, SucceedsForMatchingList) {
+  const char* tests = "A, B, C";
+  EXPECT_EQ(tests,
+            state_.VerifyRegisteredTestNames("foo.cc", 1, tests));
+}
+
+// Makes sure that the order of the tests and spaces around the names
+// don't matter.
+TEST_F(TypedTestCasePStateTest, IgnoresOrderAndSpaces) {
+  const char* tests = "A,C,   B";
+  EXPECT_EQ(tests,
+            state_.VerifyRegisteredTestNames("foo.cc", 1, tests));
+}
+
+typedef TypedTestCasePStateTest TypedTestCasePStateDeathTest;
+
+TEST_F(TypedTestCasePStateDeathTest, DetectsDuplicates) {
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.VerifyRegisteredTestNames("foo.cc", 1, "A, B, A, C"),
+      "foo\\.cc.1.?: Test A is listed more than once\\.");
+}
+
+TEST_F(TypedTestCasePStateDeathTest, DetectsExtraTest) {
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.VerifyRegisteredTestNames("foo.cc", 1, "A, B, C, D"),
+      "foo\\.cc.1.?: No test named D can be found in this test case\\.");
+}
+
+TEST_F(TypedTestCasePStateDeathTest, DetectsMissedTest) {
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.VerifyRegisteredTestNames("foo.cc", 1, "A, C"),
+      "foo\\.cc.1.?: You forgot to list test B\\.");
+}
+
+// Tests that defining a test for a parameterized test case generates
+// a run-time error if the test case has been registered.
+TEST_F(TypedTestCasePStateDeathTest, DetectsTestAfterRegistration) {
+  state_.VerifyRegisteredTestNames("foo.cc", 1, "A, B, C");
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.AddTestName("foo.cc", 2, "FooTest", "D"),
+      "foo\\.cc.2.?: Test D must be defined before REGISTER_TYPED_TEST_CASE_P"
+      "\\(FooTest, \\.\\.\\.\\)\\.");
+}
+
+// Tests that SetUpTestCase()/TearDownTestCase(), fixture ctor/dtor,
+// and SetUp()/TearDown() work correctly in type-parameterized tests.
+
+template <typename T>
+class DerivedTest : public CommonTest<T> {
+};
+
+TYPED_TEST_CASE_P(DerivedTest);
+
+TYPED_TEST_P(DerivedTest, ValuesAreCorrect) {
+  // Static members of the fixture class template can be visited via
+  // the TestFixture:: prefix.
+  EXPECT_EQ(5, *TestFixture::shared_);
+
+  // Non-static members of the fixture class must be visited via
+  // 'this', as required by C++ for class templates.
+  EXPECT_EQ(2, this->value_);
+}
+
+// The second test makes sure shared_ is not deleted after the first
+// test.
+TYPED_TEST_P(DerivedTest, ValuesAreStillCorrect) {
+  // Static members of the fixture class template can also be visited
+  // via 'this'.
+  ASSERT_TRUE(this->shared_ != NULL);
+  EXPECT_EQ(5, *this->shared_);
+  EXPECT_EQ(2, this->value_);
+}
+
+REGISTER_TYPED_TEST_CASE_P(DerivedTest,
+                           ValuesAreCorrect, ValuesAreStillCorrect);
+
+typedef Types<short, long> MyTwoTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(My, DerivedTest, MyTwoTypes);
+
+// Tests that multiple TYPED_TEST_CASE_P's can be defined in the same
+// translation unit.
+
+template <typename T>
+class TypedTestP1 : public Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP1);
+
+// For testing that the code between TYPED_TEST_CASE_P() and
+// TYPED_TEST_P() is not enclosed in a namespace.
+typedef int IntAfterTypedTestCaseP;
+
+TYPED_TEST_P(TypedTestP1, A) {}
+TYPED_TEST_P(TypedTestP1, B) {}
+
+// For testing that the code between TYPED_TEST_P() and
+// REGISTER_TYPED_TEST_CASE_P() is not enclosed in a namespace.
+typedef int IntBeforeRegisterTypedTestCaseP;
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP1, A, B);
+
+template <typename T>
+class TypedTestP2 : public Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP2);
+
+// This also verifies that tests from different type-parameterized
+// test cases can share the same name.
+TYPED_TEST_P(TypedTestP2, A) {}
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP2, A);
+
+// Verifies that the code between TYPED_TEST_CASE_P() and
+// REGISTER_TYPED_TEST_CASE_P() is not enclosed in a namespace.
+IntAfterTypedTestCaseP after = 0;
+IntBeforeRegisterTypedTestCaseP before = 0;
+
+// Verifies that the last argument of INSTANTIATE_TYPED_TEST_CASE_P()
+// can be either a single type or a Types<...> type list.
+INSTANTIATE_TYPED_TEST_CASE_P(Int, TypedTestP1, int);
+INSTANTIATE_TYPED_TEST_CASE_P(Int, TypedTestP2, Types<int>);
+
+// Tests that the same type-parameterized test case can be
+// instantiated more than once in the same translation unit.
+INSTANTIATE_TYPED_TEST_CASE_P(Double, TypedTestP2, Types<double>);
+
+// Tests that the same type-parameterized test case can be
+// instantiated in different translation units linked together.
+// (ContainerTest is also instantiated in gtest-typed-test_test.cc.)
+typedef Types<std::vector<double>, std::set<char> > MyContainers;
+INSTANTIATE_TYPED_TEST_CASE_P(My, ContainerTest, MyContainers);
+
+// Tests that a type-parameterized test case can be defined and
+// instantiated in a namespace.
+
+namespace library2 {
+
+template <typename T>
+class NumericTest : public Test {
+};
+
+TYPED_TEST_CASE_P(NumericTest);
+
+TYPED_TEST_P(NumericTest, DefaultIsZero) {
+  EXPECT_EQ(0, TypeParam());
+}
+
+TYPED_TEST_P(NumericTest, ZeroIsLessThanOne) {
+  EXPECT_LT(TypeParam(0), TypeParam(1));
+}
+
+REGISTER_TYPED_TEST_CASE_P(NumericTest,
+                           DefaultIsZero, ZeroIsLessThanOne);
+typedef Types<int, double> NumericTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(My, NumericTest, NumericTypes);
+
+}  // namespace library2
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#if !defined(GTEST_HAS_TYPED_TEST) && !defined(GTEST_HAS_TYPED_TEST_P)
+
+// Google Test may not support type-parameterized tests with some
+// compilers. If we use conditional compilation to compile out all
+// code referring to the gtest_main library, MSVC linker will not link
+// that library at all and consequently complain about missing entry
+// point defined in that library (fatal error LNK1561: entry point
+// must be defined). This dummy test keeps gtest_main linked in.
+TEST(DummyTest, TypedTestsAreNotSupportedOnThisPlatform) {}
+
+#endif  // #if !defined(GTEST_HAS_TYPED_TEST) && !defined(GTEST_HAS_TYPED_TEST_P)
diff --git a/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.h b/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.h
new file mode 100644
index 0000000..41d7570
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-typed-test_test.h
@@ -0,0 +1,66 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_TEST_GTEST_TYPED_TEST_TEST_H_
+#define GTEST_TEST_GTEST_TYPED_TEST_TEST_H_
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_TYPED_TEST_P
+
+using testing::Test;
+
+// For testing that the same type-parameterized test case can be
+// instantiated in different translation units linked together.
+// ContainerTest will be instantiated in both gtest-typed-test_test.cc
+// and gtest-typed-test2_test.cc.
+
+template <typename T>
+class ContainerTest : public Test {
+};
+
+TYPED_TEST_CASE_P(ContainerTest);
+
+TYPED_TEST_P(ContainerTest, CanBeDefaultConstructed) {
+  TypeParam container;
+}
+
+TYPED_TEST_P(ContainerTest, InitialSizeIsZero) {
+  TypeParam container;
+  EXPECT_EQ(0U, container.size());
+}
+
+REGISTER_TYPED_TEST_CASE_P(ContainerTest,
+                           CanBeDefaultConstructed, InitialSizeIsZero);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#endif  // GTEST_TEST_GTEST_TYPED_TEST_TEST_H_
diff --git a/nss/external_tests/google_test/gtest/test/gtest-unittest-api_test.cc b/nss/external_tests/google_test/gtest/test/gtest-unittest-api_test.cc
new file mode 100644
index 0000000..b1f5168
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest-unittest-api_test.cc
@@ -0,0 +1,341 @@
+// Copyright 2009 Google Inc.  All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This file contains tests verifying correctness of data provided via
+// UnitTest's public methods.
+
+#include "gtest/gtest.h"
+
+#include <string.h>  // For strcmp.
+#include <algorithm>
+
+using ::testing::InitGoogleTest;
+
+namespace testing {
+namespace internal {
+
+template <typename T>
+struct LessByName {
+  bool operator()(const T* a, const T* b) {
+    return strcmp(a->name(), b->name()) < 0;
+  }
+};
+
+class UnitTestHelper {
+ public:
+  // Returns the array of pointers to all test cases sorted by the test case
+  // name.  The caller is responsible for deleting the array.
+  static TestCase const** GetSortedTestCases() {
+    UnitTest& unit_test = *UnitTest::GetInstance();
+    TestCase const** const test_cases =
+        new const TestCase*[unit_test.total_test_case_count()];
+
+    for (int i = 0; i < unit_test.total_test_case_count(); ++i)
+      test_cases[i] = unit_test.GetTestCase(i);
+
+    std::sort(test_cases,
+              test_cases + unit_test.total_test_case_count(),
+              LessByName<TestCase>());
+    return test_cases;
+  }
+
+  // Returns the test case by its name.  The caller doesn't own the returned
+  // pointer.
+  static const TestCase* FindTestCase(const char* name) {
+    UnitTest& unit_test = *UnitTest::GetInstance();
+    for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+      const TestCase* test_case = unit_test.GetTestCase(i);
+      if (0 == strcmp(test_case->name(), name))
+        return test_case;
+    }
+    return NULL;
+  }
+
+  // Returns the array of pointers to all tests in a particular test case
+  // sorted by the test name.  The caller is responsible for deleting the
+  // array.
+  static TestInfo const** GetSortedTests(const TestCase* test_case) {
+    TestInfo const** const tests =
+        new const TestInfo*[test_case->total_test_count()];
+
+    for (int i = 0; i < test_case->total_test_count(); ++i)
+      tests[i] = test_case->GetTestInfo(i);
+
+    std::sort(tests, tests + test_case->total_test_count(),
+              LessByName<TestInfo>());
+    return tests;
+  }
+};
+
+#if GTEST_HAS_TYPED_TEST
+template <typename T> class TestCaseWithCommentTest : public Test {};
+TYPED_TEST_CASE(TestCaseWithCommentTest, Types<int>);
+TYPED_TEST(TestCaseWithCommentTest, Dummy) {}
+
+const int kTypedTestCases = 1;
+const int kTypedTests = 1;
+#else
+const int kTypedTestCases = 0;
+const int kTypedTests = 0;
+#endif  // GTEST_HAS_TYPED_TEST
+
+// We can only test the accessors that do not change value while tests run.
+// Since tests can be run in any order, the values the accessors that track
+// test execution (such as failed_test_count) can not be predicted.
+TEST(ApiTest, UnitTestImmutableAccessorsWork) {
+  UnitTest* unit_test = UnitTest::GetInstance();
+
+  ASSERT_EQ(2 + kTypedTestCases, unit_test->total_test_case_count());
+  EXPECT_EQ(1 + kTypedTestCases, unit_test->test_case_to_run_count());
+  EXPECT_EQ(2, unit_test->disabled_test_count());
+  EXPECT_EQ(5 + kTypedTests, unit_test->total_test_count());
+  EXPECT_EQ(3 + kTypedTests, unit_test->test_to_run_count());
+
+  const TestCase** const test_cases = UnitTestHelper::GetSortedTestCases();
+
+  EXPECT_STREQ("ApiTest", test_cases[0]->name());
+  EXPECT_STREQ("DISABLED_Test", test_cases[1]->name());
+#if GTEST_HAS_TYPED_TEST
+  EXPECT_STREQ("TestCaseWithCommentTest/0", test_cases[2]->name());
+#endif  // GTEST_HAS_TYPED_TEST
+
+  delete[] test_cases;
+
+  // The following lines initiate actions to verify certain methods in
+  // FinalSuccessChecker::TearDown.
+
+  // Records a test property to verify TestResult::GetTestProperty().
+  RecordProperty("key", "value");
+}
+
+AssertionResult IsNull(const char* str) {
+  if (str != NULL) {
+    return testing::AssertionFailure() << "argument is " << str;
+  }
+  return AssertionSuccess();
+}
+
+TEST(ApiTest, TestCaseImmutableAccessorsWork) {
+  const TestCase* test_case = UnitTestHelper::FindTestCase("ApiTest");
+  ASSERT_TRUE(test_case != NULL);
+
+  EXPECT_STREQ("ApiTest", test_case->name());
+  EXPECT_TRUE(IsNull(test_case->type_param()));
+  EXPECT_TRUE(test_case->should_run());
+  EXPECT_EQ(1, test_case->disabled_test_count());
+  EXPECT_EQ(3, test_case->test_to_run_count());
+  ASSERT_EQ(4, test_case->total_test_count());
+
+  const TestInfo** tests = UnitTestHelper::GetSortedTests(test_case);
+
+  EXPECT_STREQ("DISABLED_Dummy1", tests[0]->name());
+  EXPECT_STREQ("ApiTest", tests[0]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[0]->value_param()));
+  EXPECT_TRUE(IsNull(tests[0]->type_param()));
+  EXPECT_FALSE(tests[0]->should_run());
+
+  EXPECT_STREQ("TestCaseDisabledAccessorsWork", tests[1]->name());
+  EXPECT_STREQ("ApiTest", tests[1]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[1]->value_param()));
+  EXPECT_TRUE(IsNull(tests[1]->type_param()));
+  EXPECT_TRUE(tests[1]->should_run());
+
+  EXPECT_STREQ("TestCaseImmutableAccessorsWork", tests[2]->name());
+  EXPECT_STREQ("ApiTest", tests[2]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[2]->value_param()));
+  EXPECT_TRUE(IsNull(tests[2]->type_param()));
+  EXPECT_TRUE(tests[2]->should_run());
+
+  EXPECT_STREQ("UnitTestImmutableAccessorsWork", tests[3]->name());
+  EXPECT_STREQ("ApiTest", tests[3]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[3]->value_param()));
+  EXPECT_TRUE(IsNull(tests[3]->type_param()));
+  EXPECT_TRUE(tests[3]->should_run());
+
+  delete[] tests;
+  tests = NULL;
+
+#if GTEST_HAS_TYPED_TEST
+  test_case = UnitTestHelper::FindTestCase("TestCaseWithCommentTest/0");
+  ASSERT_TRUE(test_case != NULL);
+
+  EXPECT_STREQ("TestCaseWithCommentTest/0", test_case->name());
+  EXPECT_STREQ(GetTypeName<int>().c_str(), test_case->type_param());
+  EXPECT_TRUE(test_case->should_run());
+  EXPECT_EQ(0, test_case->disabled_test_count());
+  EXPECT_EQ(1, test_case->test_to_run_count());
+  ASSERT_EQ(1, test_case->total_test_count());
+
+  tests = UnitTestHelper::GetSortedTests(test_case);
+
+  EXPECT_STREQ("Dummy", tests[0]->name());
+  EXPECT_STREQ("TestCaseWithCommentTest/0", tests[0]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[0]->value_param()));
+  EXPECT_STREQ(GetTypeName<int>().c_str(), tests[0]->type_param());
+  EXPECT_TRUE(tests[0]->should_run());
+
+  delete[] tests;
+#endif  // GTEST_HAS_TYPED_TEST
+}
+
+TEST(ApiTest, TestCaseDisabledAccessorsWork) {
+  const TestCase* test_case = UnitTestHelper::FindTestCase("DISABLED_Test");
+  ASSERT_TRUE(test_case != NULL);
+
+  EXPECT_STREQ("DISABLED_Test", test_case->name());
+  EXPECT_TRUE(IsNull(test_case->type_param()));
+  EXPECT_FALSE(test_case->should_run());
+  EXPECT_EQ(1, test_case->disabled_test_count());
+  EXPECT_EQ(0, test_case->test_to_run_count());
+  ASSERT_EQ(1, test_case->total_test_count());
+
+  const TestInfo* const test_info = test_case->GetTestInfo(0);
+  EXPECT_STREQ("Dummy2", test_info->name());
+  EXPECT_STREQ("DISABLED_Test", test_info->test_case_name());
+  EXPECT_TRUE(IsNull(test_info->value_param()));
+  EXPECT_TRUE(IsNull(test_info->type_param()));
+  EXPECT_FALSE(test_info->should_run());
+}
+
+// These two tests are here to provide support for testing
+// test_case_to_run_count, disabled_test_count, and test_to_run_count.
+TEST(ApiTest, DISABLED_Dummy1) {}
+TEST(DISABLED_Test, Dummy2) {}
+
+class FinalSuccessChecker : public Environment {
+ protected:
+  virtual void TearDown() {
+    UnitTest* unit_test = UnitTest::GetInstance();
+
+    EXPECT_EQ(1 + kTypedTestCases, unit_test->successful_test_case_count());
+    EXPECT_EQ(3 + kTypedTests, unit_test->successful_test_count());
+    EXPECT_EQ(0, unit_test->failed_test_case_count());
+    EXPECT_EQ(0, unit_test->failed_test_count());
+    EXPECT_TRUE(unit_test->Passed());
+    EXPECT_FALSE(unit_test->Failed());
+    ASSERT_EQ(2 + kTypedTestCases, unit_test->total_test_case_count());
+
+    const TestCase** const test_cases = UnitTestHelper::GetSortedTestCases();
+
+    EXPECT_STREQ("ApiTest", test_cases[0]->name());
+    EXPECT_TRUE(IsNull(test_cases[0]->type_param()));
+    EXPECT_TRUE(test_cases[0]->should_run());
+    EXPECT_EQ(1, test_cases[0]->disabled_test_count());
+    ASSERT_EQ(4, test_cases[0]->total_test_count());
+    EXPECT_EQ(3, test_cases[0]->successful_test_count());
+    EXPECT_EQ(0, test_cases[0]->failed_test_count());
+    EXPECT_TRUE(test_cases[0]->Passed());
+    EXPECT_FALSE(test_cases[0]->Failed());
+
+    EXPECT_STREQ("DISABLED_Test", test_cases[1]->name());
+    EXPECT_TRUE(IsNull(test_cases[1]->type_param()));
+    EXPECT_FALSE(test_cases[1]->should_run());
+    EXPECT_EQ(1, test_cases[1]->disabled_test_count());
+    ASSERT_EQ(1, test_cases[1]->total_test_count());
+    EXPECT_EQ(0, test_cases[1]->successful_test_count());
+    EXPECT_EQ(0, test_cases[1]->failed_test_count());
+
+#if GTEST_HAS_TYPED_TEST
+    EXPECT_STREQ("TestCaseWithCommentTest/0", test_cases[2]->name());
+    EXPECT_STREQ(GetTypeName<int>().c_str(), test_cases[2]->type_param());
+    EXPECT_TRUE(test_cases[2]->should_run());
+    EXPECT_EQ(0, test_cases[2]->disabled_test_count());
+    ASSERT_EQ(1, test_cases[2]->total_test_count());
+    EXPECT_EQ(1, test_cases[2]->successful_test_count());
+    EXPECT_EQ(0, test_cases[2]->failed_test_count());
+    EXPECT_TRUE(test_cases[2]->Passed());
+    EXPECT_FALSE(test_cases[2]->Failed());
+#endif  // GTEST_HAS_TYPED_TEST
+
+    const TestCase* test_case = UnitTestHelper::FindTestCase("ApiTest");
+    const TestInfo** tests = UnitTestHelper::GetSortedTests(test_case);
+    EXPECT_STREQ("DISABLED_Dummy1", tests[0]->name());
+    EXPECT_STREQ("ApiTest", tests[0]->test_case_name());
+    EXPECT_FALSE(tests[0]->should_run());
+
+    EXPECT_STREQ("TestCaseDisabledAccessorsWork", tests[1]->name());
+    EXPECT_STREQ("ApiTest", tests[1]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[1]->value_param()));
+    EXPECT_TRUE(IsNull(tests[1]->type_param()));
+    EXPECT_TRUE(tests[1]->should_run());
+    EXPECT_TRUE(tests[1]->result()->Passed());
+    EXPECT_EQ(0, tests[1]->result()->test_property_count());
+
+    EXPECT_STREQ("TestCaseImmutableAccessorsWork", tests[2]->name());
+    EXPECT_STREQ("ApiTest", tests[2]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[2]->value_param()));
+    EXPECT_TRUE(IsNull(tests[2]->type_param()));
+    EXPECT_TRUE(tests[2]->should_run());
+    EXPECT_TRUE(tests[2]->result()->Passed());
+    EXPECT_EQ(0, tests[2]->result()->test_property_count());
+
+    EXPECT_STREQ("UnitTestImmutableAccessorsWork", tests[3]->name());
+    EXPECT_STREQ("ApiTest", tests[3]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[3]->value_param()));
+    EXPECT_TRUE(IsNull(tests[3]->type_param()));
+    EXPECT_TRUE(tests[3]->should_run());
+    EXPECT_TRUE(tests[3]->result()->Passed());
+    EXPECT_EQ(1, tests[3]->result()->test_property_count());
+    const TestProperty& property = tests[3]->result()->GetTestProperty(0);
+    EXPECT_STREQ("key", property.key());
+    EXPECT_STREQ("value", property.value());
+
+    delete[] tests;
+
+#if GTEST_HAS_TYPED_TEST
+    test_case = UnitTestHelper::FindTestCase("TestCaseWithCommentTest/0");
+    tests = UnitTestHelper::GetSortedTests(test_case);
+
+    EXPECT_STREQ("Dummy", tests[0]->name());
+    EXPECT_STREQ("TestCaseWithCommentTest/0", tests[0]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[0]->value_param()));
+    EXPECT_STREQ(GetTypeName<int>().c_str(), tests[0]->type_param());
+    EXPECT_TRUE(tests[0]->should_run());
+    EXPECT_TRUE(tests[0]->result()->Passed());
+    EXPECT_EQ(0, tests[0]->result()->test_property_count());
+
+    delete[] tests;
+#endif  // GTEST_HAS_TYPED_TEST
+    delete[] test_cases;
+  }
+};
+
+}  // namespace internal
+}  // namespace testing
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  AddGlobalTestEnvironment(new testing::internal::FinalSuccessChecker());
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_all_test.cc b/nss/external_tests/google_test/gtest/test/gtest_all_test.cc
new file mode 100644
index 0000000..955aa62
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_all_test.cc
@@ -0,0 +1,47 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for Google C++ Testing Framework (Google Test)
+//
+// Sometimes it's desirable to build most of Google Test's own tests
+// by compiling a single file.  This file serves this purpose.
+#include "test/gtest-filepath_test.cc"
+#include "test/gtest-linked_ptr_test.cc"
+#include "test/gtest-message_test.cc"
+#include "test/gtest-options_test.cc"
+#include "test/gtest-port_test.cc"
+#include "test/gtest_pred_impl_unittest.cc"
+#include "test/gtest_prod_test.cc"
+#include "test/gtest-test-part_test.cc"
+#include "test/gtest-typed-test_test.cc"
+#include "test/gtest-typed-test2_test.cc"
+#include "test/gtest_unittest.cc"
+#include "test/production.cc"
diff --git a/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest.py b/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest.py
new file mode 100755
index 0000000..78f3e0f
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest.py
@@ -0,0 +1,212 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for Google Test's break-on-failure mode.
+
+A user can ask Google Test to seg-fault when an assertion fails, using
+either the GTEST_BREAK_ON_FAILURE environment variable or the
+--gtest_break_on_failure flag.  This script tests such functionality
+by invoking gtest_break_on_failure_unittest_ (a program written with
+Google Test) with different environments and command line flags.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import gtest_test_utils
+import os
+import sys
+
+
+# Constants.
+
+IS_WINDOWS = os.name == 'nt'
+
+# The environment variable for enabling/disabling the break-on-failure mode.
+BREAK_ON_FAILURE_ENV_VAR = 'GTEST_BREAK_ON_FAILURE'
+
+# The command line flag for enabling/disabling the break-on-failure mode.
+BREAK_ON_FAILURE_FLAG = 'gtest_break_on_failure'
+
+# The environment variable for enabling/disabling the throw-on-failure mode.
+THROW_ON_FAILURE_ENV_VAR = 'GTEST_THROW_ON_FAILURE'
+
+# The environment variable for enabling/disabling the catch-exceptions mode.
+CATCH_EXCEPTIONS_ENV_VAR = 'GTEST_CATCH_EXCEPTIONS'
+
+# Path to the gtest_break_on_failure_unittest_ program.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_break_on_failure_unittest_')
+
+
+environ = gtest_test_utils.environ
+SetEnvVar = gtest_test_utils.SetEnvVar
+
+# Tests in this file run a Google-Test-based test program and expect it
+# to terminate prematurely.  Therefore they are incompatible with
+# the premature-exit-file protocol by design.  Unset the
+# premature-exit filepath to prevent Google Test from creating
+# the file.
+SetEnvVar(gtest_test_utils.PREMATURE_EXIT_FILE_ENV_VAR, None)
+
+
+def Run(command):
+  """Runs a command; returns 1 if it was killed by a signal, or 0 otherwise."""
+
+  p = gtest_test_utils.Subprocess(command, env=environ)
+  if p.terminated_by_signal:
+    return 1
+  else:
+    return 0
+
+
+# The tests.
+
+
+class GTestBreakOnFailureUnitTest(gtest_test_utils.TestCase):
+  """Tests using the GTEST_BREAK_ON_FAILURE environment variable or
+  the --gtest_break_on_failure flag to turn assertion failures into
+  segmentation faults.
+  """
+
+  def RunAndVerify(self, env_var_value, flag_value, expect_seg_fault):
+    """Runs gtest_break_on_failure_unittest_ and verifies that it does
+    (or does not) have a seg-fault.
+
+    Args:
+      env_var_value:    value of the GTEST_BREAK_ON_FAILURE environment
+                        variable; None if the variable should be unset.
+      flag_value:       value of the --gtest_break_on_failure flag;
+                        None if the flag should not be present.
+      expect_seg_fault: 1 if the program is expected to generate a seg-fault;
+                        0 otherwise.
+    """
+
+    SetEnvVar(BREAK_ON_FAILURE_ENV_VAR, env_var_value)
+
+    if env_var_value is None:
+      env_var_value_msg = ' is not set'
+    else:
+      env_var_value_msg = '=' + env_var_value
+
+    if flag_value is None:
+      flag = ''
+    elif flag_value == '0':
+      flag = '--%s=0' % BREAK_ON_FAILURE_FLAG
+    else:
+      flag = '--%s' % BREAK_ON_FAILURE_FLAG
+
+    command = [EXE_PATH]
+    if flag:
+      command.append(flag)
+
+    if expect_seg_fault:
+      should_or_not = 'should'
+    else:
+      should_or_not = 'should not'
+
+    has_seg_fault = Run(command)
+
+    SetEnvVar(BREAK_ON_FAILURE_ENV_VAR, None)
+
+    msg = ('when %s%s, an assertion failure in "%s" %s cause a seg-fault.' %
+           (BREAK_ON_FAILURE_ENV_VAR, env_var_value_msg, ' '.join(command),
+            should_or_not))
+    self.assert_(has_seg_fault == expect_seg_fault, msg)
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of the default mode."""
+
+    self.RunAndVerify(env_var_value=None,
+                      flag_value=None,
+                      expect_seg_fault=0)
+
+  def testEnvVar(self):
+    """Tests using the GTEST_BREAK_ON_FAILURE environment variable."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value=None,
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value=None,
+                      expect_seg_fault=1)
+
+  def testFlag(self):
+    """Tests using the --gtest_break_on_failure flag."""
+
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='0',
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='1',
+                      expect_seg_fault=1)
+
+  def testFlagOverridesEnvVar(self):
+    """Tests that the flag overrides the environment variable."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='0',
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='1',
+                      expect_seg_fault=1)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='0',
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='1',
+                      expect_seg_fault=1)
+
+  def testBreakOnFailureOverridesThrowOnFailure(self):
+    """Tests that gtest_break_on_failure overrides gtest_throw_on_failure."""
+
+    SetEnvVar(THROW_ON_FAILURE_ENV_VAR, '1')
+    try:
+      self.RunAndVerify(env_var_value=None,
+                        flag_value='1',
+                        expect_seg_fault=1)
+    finally:
+      SetEnvVar(THROW_ON_FAILURE_ENV_VAR, None)
+
+  if IS_WINDOWS:
+    def testCatchExceptionsDoesNotInterfere(self):
+      """Tests that gtest_catch_exceptions doesn't interfere."""
+
+      SetEnvVar(CATCH_EXCEPTIONS_ENV_VAR, '1')
+      try:
+        self.RunAndVerify(env_var_value='1',
+                          flag_value='1',
+                          expect_seg_fault=1)
+      finally:
+        SetEnvVar(CATCH_EXCEPTIONS_ENV_VAR, None)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc b/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
new file mode 100644
index 0000000..dd07478
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
@@ -0,0 +1,88 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Unit test for Google Test's break-on-failure mode.
+//
+// A user can ask Google Test to seg-fault when an assertion fails, using
+// either the GTEST_BREAK_ON_FAILURE environment variable or the
+// --gtest_break_on_failure flag.  This file is used for testing such
+// functionality.
+//
+// This program will be invoked from a Python unit test.  It is
+// expected to fail.  Don't run it directly.
+
+#include "gtest/gtest.h"
+
+#if GTEST_OS_WINDOWS
+# include <windows.h>
+# include <stdlib.h>
+#endif
+
+namespace {
+
+// A test that's expected to fail.
+TEST(Foo, Bar) {
+  EXPECT_EQ(2, 3);
+}
+
+#if GTEST_HAS_SEH && !GTEST_OS_WINDOWS_MOBILE
+// On Windows Mobile global exception handlers are not supported.
+LONG WINAPI ExitWithExceptionCode(
+    struct _EXCEPTION_POINTERS* exception_pointers) {
+  exit(exception_pointers->ExceptionRecord->ExceptionCode);
+}
+#endif
+
+}  // namespace
+
+int main(int argc, char **argv) {
+#if GTEST_OS_WINDOWS
+  // Suppresses display of the Windows error dialog upon encountering
+  // a general protection fault (segment violation).
+  SetErrorMode(SEM_NOGPFAULTERRORBOX | SEM_FAILCRITICALERRORS);
+
+# if GTEST_HAS_SEH && !GTEST_OS_WINDOWS_MOBILE
+
+  // The default unhandled exception filter does not always exit
+  // with the exception code as exit code - for example it exits with
+  // 0 for EXCEPTION_ACCESS_VIOLATION and 1 for EXCEPTION_BREAKPOINT
+  // if the application is compiled in debug mode. Thus we use our own
+  // filter which always exits with the exception code for unhandled
+  // exceptions.
+  SetUnhandledExceptionFilter(ExitWithExceptionCode);
+
+# endif
+#endif
+
+  testing::InitGoogleTest(&argc, argv);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test.py b/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test.py
new file mode 100755
index 0000000..e6fc22f
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test.py
@@ -0,0 +1,237 @@
+#!/usr/bin/env python
+#
+# Copyright 2010 Google Inc.  All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests Google Test's exception catching behavior.
+
+This script invokes gtest_catch_exceptions_test_ and
+gtest_catch_exceptions_ex_test_ (programs written with
+Google Test) and verifies their output.
+"""
+
+__author__ = 'vladl@google.com (Vlad Losev)'
+
+import os
+
+import gtest_test_utils
+
+# Constants.
+FLAG_PREFIX = '--gtest_'
+LIST_TESTS_FLAG = FLAG_PREFIX + 'list_tests'
+NO_CATCH_EXCEPTIONS_FLAG = FLAG_PREFIX + 'catch_exceptions=0'
+FILTER_FLAG = FLAG_PREFIX + 'filter'
+
+# Path to the gtest_catch_exceptions_ex_test_ binary, compiled with
+# exceptions enabled.
+EX_EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_catch_exceptions_ex_test_')
+
+# Path to the gtest_catch_exceptions_test_ binary, compiled with
+# exceptions disabled.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_catch_exceptions_no_ex_test_')
+
+environ = gtest_test_utils.environ
+SetEnvVar = gtest_test_utils.SetEnvVar
+
+# Tests in this file run a Google-Test-based test program and expect it
+# to terminate prematurely.  Therefore they are incompatible with
+# the premature-exit-file protocol by design.  Unset the
+# premature-exit filepath to prevent Google Test from creating
+# the file.
+SetEnvVar(gtest_test_utils.PREMATURE_EXIT_FILE_ENV_VAR, None)
+
+TEST_LIST = gtest_test_utils.Subprocess(
+    [EXE_PATH, LIST_TESTS_FLAG], env=environ).output
+
+SUPPORTS_SEH_EXCEPTIONS = 'ThrowsSehException' in TEST_LIST
+
+if SUPPORTS_SEH_EXCEPTIONS:
+  BINARY_OUTPUT = gtest_test_utils.Subprocess([EXE_PATH], env=environ).output
+
+EX_BINARY_OUTPUT = gtest_test_utils.Subprocess(
+    [EX_EXE_PATH], env=environ).output
+
+
+# The tests.
+if SUPPORTS_SEH_EXCEPTIONS:
+  # pylint:disable-msg=C6302
+  class CatchSehExceptionsTest(gtest_test_utils.TestCase):
+    """Tests exception-catching behavior."""
+
+
+    def TestSehExceptions(self, test_output):
+      self.assert_('SEH exception with code 0x2a thrown '
+                   'in the test fixture\'s constructor'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown '
+                   'in the test fixture\'s destructor'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in SetUpTestCase()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in TearDownTestCase()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in SetUp()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in TearDown()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in the test body'
+                   in test_output)
+
+    def testCatchesSehExceptionsWithCxxExceptionsEnabled(self):
+      self.TestSehExceptions(EX_BINARY_OUTPUT)
+
+    def testCatchesSehExceptionsWithCxxExceptionsDisabled(self):
+      self.TestSehExceptions(BINARY_OUTPUT)
+
+
+class CatchCxxExceptionsTest(gtest_test_utils.TestCase):
+  """Tests C++ exception-catching behavior.
+
+     Tests in this test case verify that:
+     * C++ exceptions are caught and logged as C++ (not SEH) exceptions
+     * Exception thrown affect the remainder of the test work flow in the
+       expected manner.
+  """
+
+  def testCatchesCxxExceptionsInFixtureConstructor(self):
+    self.assert_('C++ exception with description '
+                 '"Standard C++ exception" thrown '
+                 'in the test fixture\'s constructor'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('unexpected' not in EX_BINARY_OUTPUT,
+                 'This failure belongs in this test only if '
+                 '"CxxExceptionInConstructorTest" (no quotes) '
+                 'appears on the same line as words "called unexpectedly"')
+
+  if ('CxxExceptionInDestructorTest.ThrowsExceptionInDestructor' in
+      EX_BINARY_OUTPUT):
+
+    def testCatchesCxxExceptionsInFixtureDestructor(self):
+      self.assert_('C++ exception with description '
+                   '"Standard C++ exception" thrown '
+                   'in the test fixture\'s destructor'
+                   in EX_BINARY_OUTPUT)
+      self.assert_('CxxExceptionInDestructorTest::TearDownTestCase() '
+                   'called as expected.'
+                   in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInSetUpTestCase(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in SetUpTestCase()'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInConstructorTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest constructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest::SetUp() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest::TearDown() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest test body '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInTearDownTestCase(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in TearDownTestCase()'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInSetUp(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in SetUp()'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTest::TearDown() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('unexpected' not in EX_BINARY_OUTPUT,
+                 'This failure belongs in this test only if '
+                 '"CxxExceptionInSetUpTest" (no quotes) '
+                 'appears on the same line as words "called unexpectedly"')
+
+  def testCatchesCxxExceptionsInTearDown(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in TearDown()'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTearDownTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTearDownTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInTestBody(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in the test body'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTestBodyTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTestBodyTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTestBodyTest::TearDown() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesNonStdCxxExceptions(self):
+    self.assert_('Unknown C++ exception thrown in the test body'
+                 in EX_BINARY_OUTPUT)
+
+  def testUnhandledCxxExceptionsAbortTheProgram(self):
+    # Filters out SEH exception tests on Windows. Unhandled SEH exceptions
+    # cause tests to show pop-up windows there.
+    FITLER_OUT_SEH_TESTS_FLAG = FILTER_FLAG + '=-*Seh*'
+    # By default, Google Test doesn't catch the exceptions.
+    uncaught_exceptions_ex_binary_output = gtest_test_utils.Subprocess(
+        [EX_EXE_PATH,
+         NO_CATCH_EXCEPTIONS_FLAG,
+         FITLER_OUT_SEH_TESTS_FLAG],
+        env=environ).output
+
+    self.assert_('Unhandled C++ exception terminating the program'
+                 in uncaught_exceptions_ex_binary_output)
+    self.assert_('unexpected' not in uncaught_exceptions_ex_binary_output)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
new file mode 100644
index 0000000..d0fc82c
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
@@ -0,0 +1,311 @@
+// Copyright 2010, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests for Google Test itself. Tests in this file throw C++ or SEH
+// exceptions, and the output is verified by gtest_catch_exceptions_test.py.
+
+#include "gtest/gtest.h"
+
+#include <stdio.h>  // NOLINT
+#include <stdlib.h>  // For exit().
+
+#if GTEST_HAS_SEH
+# include <windows.h>
+#endif
+
+#if GTEST_HAS_EXCEPTIONS
+# include <exception>  // For set_terminate().
+# include <stdexcept>
+#endif
+
+using testing::Test;
+
+#if GTEST_HAS_SEH
+
+class SehExceptionInConstructorTest : public Test {
+ public:
+  SehExceptionInConstructorTest() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInConstructorTest, ThrowsExceptionInConstructor) {}
+
+class SehExceptionInDestructorTest : public Test {
+ public:
+  ~SehExceptionInDestructorTest() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInDestructorTest, ThrowsExceptionInDestructor) {}
+
+class SehExceptionInSetUpTestCaseTest : public Test {
+ public:
+  static void SetUpTestCase() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInSetUpTestCaseTest, ThrowsExceptionInSetUpTestCase) {}
+
+class SehExceptionInTearDownTestCaseTest : public Test {
+ public:
+  static void TearDownTestCase() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInTearDownTestCaseTest, ThrowsExceptionInTearDownTestCase) {}
+
+class SehExceptionInSetUpTest : public Test {
+ protected:
+  virtual void SetUp() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInSetUpTest, ThrowsExceptionInSetUp) {}
+
+class SehExceptionInTearDownTest : public Test {
+ protected:
+  virtual void TearDown() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInTearDownTest, ThrowsExceptionInTearDown) {}
+
+TEST(SehExceptionTest, ThrowsSehException) {
+  RaiseException(42, 0, 0, NULL);
+}
+
+#endif  // GTEST_HAS_SEH
+
+#if GTEST_HAS_EXCEPTIONS
+
+class CxxExceptionInConstructorTest : public Test {
+ public:
+  CxxExceptionInConstructorTest() {
+    // Without this macro VC++ complains about unreachable code at the end of
+    // the constructor.
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(
+        throw std::runtime_error("Standard C++ exception"));
+  }
+
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInConstructorTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInConstructorTest() {
+    ADD_FAILURE() << "CxxExceptionInConstructorTest destructor "
+                  << "called unexpectedly.";
+  }
+
+  virtual void SetUp() {
+    ADD_FAILURE() << "CxxExceptionInConstructorTest::SetUp() "
+                  << "called unexpectedly.";
+  }
+
+  virtual void TearDown() {
+    ADD_FAILURE() << "CxxExceptionInConstructorTest::TearDown() "
+                  << "called unexpectedly.";
+  }
+};
+
+TEST_F(CxxExceptionInConstructorTest, ThrowsExceptionInConstructor) {
+  ADD_FAILURE() << "CxxExceptionInConstructorTest test body "
+                << "called unexpectedly.";
+}
+
+// Exceptions in destructors are not supported in C++11.
+#if !defined(__GXX_EXPERIMENTAL_CXX0X__) &&  __cplusplus < 201103L
+class CxxExceptionInDestructorTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInDestructorTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInDestructorTest() {
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(
+        throw std::runtime_error("Standard C++ exception"));
+  }
+};
+
+TEST_F(CxxExceptionInDestructorTest, ThrowsExceptionInDestructor) {}
+#endif  // C++11 mode
+
+class CxxExceptionInSetUpTestCaseTest : public Test {
+ public:
+  CxxExceptionInSetUpTestCaseTest() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest constructor "
+           "called as expected.\n");
+  }
+
+  static void SetUpTestCase() {
+    throw std::runtime_error("Standard C++ exception");
+  }
+
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInSetUpTestCaseTest() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void SetUp() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest::SetUp() "
+           "called as expected.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest::TearDown() "
+           "called as expected.\n");
+  }
+};
+
+TEST_F(CxxExceptionInSetUpTestCaseTest, ThrowsExceptionInSetUpTestCase) {
+  printf("%s",
+         "CxxExceptionInSetUpTestCaseTest test body "
+         "called as expected.\n");
+}
+
+class CxxExceptionInTearDownTestCaseTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    throw std::runtime_error("Standard C++ exception");
+  }
+};
+
+TEST_F(CxxExceptionInTearDownTestCaseTest, ThrowsExceptionInTearDownTestCase) {}
+
+class CxxExceptionInSetUpTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInSetUpTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInSetUpTest() {
+    printf("%s",
+           "CxxExceptionInSetUpTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void SetUp() { throw std::runtime_error("Standard C++ exception"); }
+
+  virtual void TearDown() {
+    printf("%s",
+           "CxxExceptionInSetUpTest::TearDown() "
+           "called as expected.\n");
+  }
+};
+
+TEST_F(CxxExceptionInSetUpTest, ThrowsExceptionInSetUp) {
+  ADD_FAILURE() << "CxxExceptionInSetUpTest test body "
+                << "called unexpectedly.";
+}
+
+class CxxExceptionInTearDownTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInTearDownTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInTearDownTest() {
+    printf("%s",
+           "CxxExceptionInTearDownTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void TearDown() {
+    throw std::runtime_error("Standard C++ exception");
+  }
+};
+
+TEST_F(CxxExceptionInTearDownTest, ThrowsExceptionInTearDown) {}
+
+class CxxExceptionInTestBodyTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInTestBodyTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInTestBodyTest() {
+    printf("%s",
+           "CxxExceptionInTestBodyTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s",
+           "CxxExceptionInTestBodyTest::TearDown() "
+           "called as expected.\n");
+  }
+};
+
+TEST_F(CxxExceptionInTestBodyTest, ThrowsStdCxxException) {
+  throw std::runtime_error("Standard C++ exception");
+}
+
+TEST(CxxExceptionTest, ThrowsNonStdCxxException) {
+  throw "C-string";
+}
+
+// This terminate handler aborts the program using exit() rather than abort().
+// This avoids showing pop-ups on Windows systems and core dumps on Unix-like
+// ones.
+void TerminateHandler() {
+  fprintf(stderr, "%s\n", "Unhandled C++ exception terminating the program.");
+  fflush(NULL);
+  exit(3);
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+int main(int argc, char** argv) {
+#if GTEST_HAS_EXCEPTIONS
+  std::set_terminate(&TerminateHandler);
+#endif
+  testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_color_test.py b/nss/external_tests/google_test/gtest/test/gtest_color_test.py
new file mode 100755
index 0000000..d02a53e
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_color_test.py
@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that Google Test correctly determines whether to use colors."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+
+IS_WINDOWS = os.name = 'nt'
+
+COLOR_ENV_VAR = 'GTEST_COLOR'
+COLOR_FLAG = 'gtest_color'
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_color_test_')
+
+
+def SetEnvVar(env_var, value):
+  """Sets the env variable to 'value'; unsets it when 'value' is None."""
+
+  if value is not None:
+    os.environ[env_var] = value
+  elif env_var in os.environ:
+    del os.environ[env_var]
+
+
+def UsesColor(term, color_env_var, color_flag):
+  """Runs gtest_color_test_ and returns its exit code."""
+
+  SetEnvVar('TERM', term)
+  SetEnvVar(COLOR_ENV_VAR, color_env_var)
+
+  if color_flag is None:
+    args = []
+  else:
+    args = ['--%s=%s' % (COLOR_FLAG, color_flag)]
+  p = gtest_test_utils.Subprocess([COMMAND] + args)
+  return not p.exited or p.exit_code
+
+
+class GTestColorTest(gtest_test_utils.TestCase):
+  def testNoEnvVarNoFlag(self):
+    """Tests the case when there's neither GTEST_COLOR nor --gtest_color."""
+
+    if not IS_WINDOWS:
+      self.assert_(not UsesColor('dumb', None, None))
+      self.assert_(not UsesColor('emacs', None, None))
+      self.assert_(not UsesColor('xterm-mono', None, None))
+      self.assert_(not UsesColor('unknown', None, None))
+      self.assert_(not UsesColor(None, None, None))
+    self.assert_(UsesColor('linux', None, None))
+    self.assert_(UsesColor('cygwin', None, None))
+    self.assert_(UsesColor('xterm', None, None))
+    self.assert_(UsesColor('xterm-color', None, None))
+    self.assert_(UsesColor('xterm-256color', None, None))
+
+  def testFlagOnly(self):
+    """Tests the case when there's --gtest_color but not GTEST_COLOR."""
+
+    self.assert_(not UsesColor('dumb', None, 'no'))
+    self.assert_(not UsesColor('xterm-color', None, 'no'))
+    if not IS_WINDOWS:
+      self.assert_(not UsesColor('emacs', None, 'auto'))
+    self.assert_(UsesColor('xterm', None, 'auto'))
+    self.assert_(UsesColor('dumb', None, 'yes'))
+    self.assert_(UsesColor('xterm', None, 'yes'))
+
+  def testEnvVarOnly(self):
+    """Tests the case when there's GTEST_COLOR but not --gtest_color."""
+
+    self.assert_(not UsesColor('dumb', 'no', None))
+    self.assert_(not UsesColor('xterm-color', 'no', None))
+    if not IS_WINDOWS:
+      self.assert_(not UsesColor('dumb', 'auto', None))
+    self.assert_(UsesColor('xterm-color', 'auto', None))
+    self.assert_(UsesColor('dumb', 'yes', None))
+    self.assert_(UsesColor('xterm-color', 'yes', None))
+
+  def testEnvVarAndFlag(self):
+    """Tests the case when there are both GTEST_COLOR and --gtest_color."""
+
+    self.assert_(not UsesColor('xterm-color', 'no', 'no'))
+    self.assert_(UsesColor('dumb', 'no', 'yes'))
+    self.assert_(UsesColor('xterm-color', 'no', 'auto'))
+
+  def testAliasesOfYesAndNo(self):
+    """Tests using aliases in specifying --gtest_color."""
+
+    self.assert_(UsesColor('dumb', None, 'true'))
+    self.assert_(UsesColor('dumb', None, 'YES'))
+    self.assert_(UsesColor('dumb', None, 'T'))
+    self.assert_(UsesColor('dumb', None, '1'))
+
+    self.assert_(not UsesColor('xterm', None, 'f'))
+    self.assert_(not UsesColor('xterm', None, 'false'))
+    self.assert_(not UsesColor('xterm', None, '0'))
+    self.assert_(not UsesColor('xterm', None, 'unknown'))
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_color_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_color_test_.cc
new file mode 100644
index 0000000..f61ebb8
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_color_test_.cc
@@ -0,0 +1,71 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// A helper program for testing how Google Test determines whether to use
+// colors in the output.  It prints "YES" and returns 1 if Google Test
+// decides to use colors, and prints "NO" and returns 0 otherwise.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+using testing::internal::ShouldUseColor;
+
+// The purpose of this is to ensure that the UnitTest singleton is
+// created before main() is entered, and thus that ShouldUseColor()
+// works the same way as in a real Google-Test-based test.  We don't actual
+// run the TEST itself.
+TEST(GTestColorTest, Dummy) {
+}
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  if (ShouldUseColor(true)) {
+    // Google Test decides to use colors in the output (assuming it
+    // goes to a TTY).
+    printf("YES\n");
+    return 1;
+  } else {
+    // Google Test decides not to use colors in the output.
+    printf("NO\n");
+    return 0;
+  }
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_env_var_test.py b/nss/external_tests/google_test/gtest/test/gtest_env_var_test.py
new file mode 100755
index 0000000..ac24337
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_env_var_test.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that Google Test correctly parses environment variables."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+
+IS_WINDOWS = os.name == 'nt'
+IS_LINUX = os.name == 'posix' and os.uname()[0] == 'Linux'
+
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_env_var_test_')
+
+environ = os.environ.copy()
+
+
+def AssertEq(expected, actual):
+  if expected != actual:
+    print 'Expected: %s' % (expected,)
+    print '  Actual: %s' % (actual,)
+    raise AssertionError
+
+
+def SetEnvVar(env_var, value):
+  """Sets the env variable to 'value'; unsets it when 'value' is None."""
+
+  if value is not None:
+    environ[env_var] = value
+  elif env_var in environ:
+    del environ[env_var]
+
+
+def GetFlag(flag):
+  """Runs gtest_env_var_test_ and returns its output."""
+
+  args = [COMMAND]
+  if flag is not None:
+    args += [flag]
+  return gtest_test_utils.Subprocess(args, env=environ).output
+
+
+def TestFlag(flag, test_val, default_val):
+  """Verifies that the given flag is affected by the corresponding env var."""
+
+  env_var = 'GTEST_' + flag.upper()
+  SetEnvVar(env_var, test_val)
+  AssertEq(test_val, GetFlag(flag))
+  SetEnvVar(env_var, None)
+  AssertEq(default_val, GetFlag(flag))
+
+
+class GTestEnvVarTest(gtest_test_utils.TestCase):
+  def testEnvVarAffectsFlag(self):
+    """Tests that environment variable should affect the corresponding flag."""
+
+    TestFlag('break_on_failure', '1', '0')
+    TestFlag('color', 'yes', 'auto')
+    TestFlag('filter', 'FooTest.Bar', '*')
+    TestFlag('output', 'xml:tmp/foo.xml', '')
+    TestFlag('print_time', '0', '1')
+    TestFlag('repeat', '999', '1')
+    TestFlag('throw_on_failure', '1', '0')
+    TestFlag('death_test_style', 'threadsafe', 'fast')
+    TestFlag('catch_exceptions', '0', '1')
+
+    if IS_LINUX:
+      TestFlag('death_test_use_fork', '1', '0')
+      TestFlag('stack_trace_depth', '0', '100')
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_env_var_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_env_var_test_.cc
new file mode 100644
index 0000000..539afc9
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_env_var_test_.cc
@@ -0,0 +1,126 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// A helper program for testing that Google Test parses the environment
+// variables correctly.
+
+#include "gtest/gtest.h"
+
+#include <iostream>
+
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+using ::std::cout;
+
+namespace testing {
+
+// The purpose of this is to make the test more realistic by ensuring
+// that the UnitTest singleton is created before main() is entered.
+// We don't actual run the TEST itself.
+TEST(GTestEnvVarTest, Dummy) {
+}
+
+void PrintFlag(const char* flag) {
+  if (strcmp(flag, "break_on_failure") == 0) {
+    cout << GTEST_FLAG(break_on_failure);
+    return;
+  }
+
+  if (strcmp(flag, "catch_exceptions") == 0) {
+    cout << GTEST_FLAG(catch_exceptions);
+    return;
+  }
+
+  if (strcmp(flag, "color") == 0) {
+    cout << GTEST_FLAG(color);
+    return;
+  }
+
+  if (strcmp(flag, "death_test_style") == 0) {
+    cout << GTEST_FLAG(death_test_style);
+    return;
+  }
+
+  if (strcmp(flag, "death_test_use_fork") == 0) {
+    cout << GTEST_FLAG(death_test_use_fork);
+    return;
+  }
+
+  if (strcmp(flag, "filter") == 0) {
+    cout << GTEST_FLAG(filter);
+    return;
+  }
+
+  if (strcmp(flag, "output") == 0) {
+    cout << GTEST_FLAG(output);
+    return;
+  }
+
+  if (strcmp(flag, "print_time") == 0) {
+    cout << GTEST_FLAG(print_time);
+    return;
+  }
+
+  if (strcmp(flag, "repeat") == 0) {
+    cout << GTEST_FLAG(repeat);
+    return;
+  }
+
+  if (strcmp(flag, "stack_trace_depth") == 0) {
+    cout << GTEST_FLAG(stack_trace_depth);
+    return;
+  }
+
+  if (strcmp(flag, "throw_on_failure") == 0) {
+    cout << GTEST_FLAG(throw_on_failure);
+    return;
+  }
+
+  cout << "Invalid flag name " << flag
+       << ".  Valid names are break_on_failure, color, filter, etc.\n";
+  exit(1);
+}
+
+}  // namespace testing
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  if (argc != 2) {
+    cout << "Usage: gtest_env_var_test_ NAME_OF_FLAG\n";
+    return 1;
+  }
+
+  testing::PrintFlag(argv[1]);
+  return 0;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_environment_test.cc b/nss/external_tests/google_test/gtest/test/gtest_environment_test.cc
new file mode 100644
index 0000000..3cff19e
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_environment_test.cc
@@ -0,0 +1,192 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests using global test environments.
+
+#include <stdlib.h>
+#include <stdio.h>
+#include "gtest/gtest.h"
+
+#define GTEST_IMPLEMENTATION_ 1  // Required for the next #include.
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+GTEST_DECLARE_string_(filter);
+}
+
+namespace {
+
+enum FailureType {
+  NO_FAILURE, NON_FATAL_FAILURE, FATAL_FAILURE
+};
+
+// For testing using global test environments.
+class MyEnvironment : public testing::Environment {
+ public:
+  MyEnvironment() { Reset(); }
+
+  // Depending on the value of failure_in_set_up_, SetUp() will
+  // generate a non-fatal failure, generate a fatal failure, or
+  // succeed.
+  virtual void SetUp() {
+    set_up_was_run_ = true;
+
+    switch (failure_in_set_up_) {
+      case NON_FATAL_FAILURE:
+        ADD_FAILURE() << "Expected non-fatal failure in global set-up.";
+        break;
+      case FATAL_FAILURE:
+        FAIL() << "Expected fatal failure in global set-up.";
+        break;
+      default:
+        break;
+    }
+  }
+
+  // Generates a non-fatal failure.
+  virtual void TearDown() {
+    tear_down_was_run_ = true;
+    ADD_FAILURE() << "Expected non-fatal failure in global tear-down.";
+  }
+
+  // Resets the state of the environment s.t. it can be reused.
+  void Reset() {
+    failure_in_set_up_ = NO_FAILURE;
+    set_up_was_run_ = false;
+    tear_down_was_run_ = false;
+  }
+
+  // We call this function to set the type of failure SetUp() should
+  // generate.
+  void set_failure_in_set_up(FailureType type) {
+    failure_in_set_up_ = type;
+  }
+
+  // Was SetUp() run?
+  bool set_up_was_run() const { return set_up_was_run_; }
+
+  // Was TearDown() run?
+  bool tear_down_was_run() const { return tear_down_was_run_; }
+
+ private:
+  FailureType failure_in_set_up_;
+  bool set_up_was_run_;
+  bool tear_down_was_run_;
+};
+
+// Was the TEST run?
+bool test_was_run;
+
+// The sole purpose of this TEST is to enable us to check whether it
+// was run.
+TEST(FooTest, Bar) {
+  test_was_run = true;
+}
+
+// Prints the message and aborts the program if condition is false.
+void Check(bool condition, const char* msg) {
+  if (!condition) {
+    printf("FAILED: %s\n", msg);
+    testing::internal::posix::Abort();
+  }
+}
+
+// Runs the tests.  Return true iff successful.
+//
+// The 'failure' parameter specifies the type of failure that should
+// be generated by the global set-up.
+int RunAllTests(MyEnvironment* env, FailureType failure) {
+  env->Reset();
+  env->set_failure_in_set_up(failure);
+  test_was_run = false;
+  testing::internal::GetUnitTestImpl()->ClearAdHocTestResult();
+  return RUN_ALL_TESTS();
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  // Registers a global test environment, and verifies that the
+  // registration function returns its argument.
+  MyEnvironment* const env = new MyEnvironment;
+  Check(testing::AddGlobalTestEnvironment(env) == env,
+        "AddGlobalTestEnvironment() should return its argument.");
+
+  // Verifies that RUN_ALL_TESTS() runs the tests when the global
+  // set-up is successful.
+  Check(RunAllTests(env, NO_FAILURE) != 0,
+        "RUN_ALL_TESTS() should return non-zero, as the global tear-down "
+        "should generate a failure.");
+  Check(test_was_run,
+        "The tests should run, as the global set-up should generate no "
+        "failure");
+  Check(env->tear_down_was_run(),
+        "The global tear-down should run, as the global set-up was run.");
+
+  // Verifies that RUN_ALL_TESTS() runs the tests when the global
+  // set-up generates no fatal failure.
+  Check(RunAllTests(env, NON_FATAL_FAILURE) != 0,
+        "RUN_ALL_TESTS() should return non-zero, as both the global set-up "
+        "and the global tear-down should generate a non-fatal failure.");
+  Check(test_was_run,
+        "The tests should run, as the global set-up should generate no "
+        "fatal failure.");
+  Check(env->tear_down_was_run(),
+        "The global tear-down should run, as the global set-up was run.");
+
+  // Verifies that RUN_ALL_TESTS() runs no test when the global set-up
+  // generates a fatal failure.
+  Check(RunAllTests(env, FATAL_FAILURE) != 0,
+        "RUN_ALL_TESTS() should return non-zero, as the global set-up "
+        "should generate a fatal failure.");
+  Check(!test_was_run,
+        "The tests should not run, as the global set-up should generate "
+        "a fatal failure.");
+  Check(env->tear_down_was_run(),
+        "The global tear-down should run, as the global set-up was run.");
+
+  // Verifies that RUN_ALL_TESTS() doesn't do global set-up or
+  // tear-down when there is no test to run.
+  testing::GTEST_FLAG(filter) = "-*";
+  Check(RunAllTests(env, NO_FAILURE) == 0,
+        "RUN_ALL_TESTS() should return zero, as there is no test to run.");
+  Check(!env->set_up_was_run(),
+        "The global set-up should not run, as there is no test to run.");
+  Check(!env->tear_down_was_run(),
+        "The global tear-down should not run, "
+        "as the global set-up was not run.");
+
+  printf("PASS\n");
+  return 0;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_filter_unittest.py b/nss/external_tests/google_test/gtest/test/gtest_filter_unittest.py
new file mode 100755
index 0000000..0d1a770
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_filter_unittest.py
@@ -0,0 +1,633 @@
+#!/usr/bin/env python
+#
+# Copyright 2005 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for Google Test test filters.
+
+A user can specify which test(s) in a Google Test program to run via either
+the GTEST_FILTER environment variable or the --gtest_filter flag.
+This script tests such functionality by invoking
+gtest_filter_unittest_ (a program written with Google Test) with different
+environments and command line flags.
+
+Note that test sharding may also influence which tests are filtered. Therefore,
+we test that here also.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sets
+import sys
+
+import gtest_test_utils
+
+# Constants.
+
+# Checks if this platform can pass empty environment variables to child
+# processes.  We set an env variable to an empty string and invoke a python
+# script in a subprocess to print whether the variable is STILL in
+# os.environ.  We then use 'eval' to parse the child's output so that an
+# exception is thrown if the input is anything other than 'True' nor 'False'.
+os.environ['EMPTY_VAR'] = ''
+child = gtest_test_utils.Subprocess(
+    [sys.executable, '-c', 'import os; print \'EMPTY_VAR\' in os.environ'])
+CAN_PASS_EMPTY_ENV = eval(child.output)
+
+
+# Check if this platform can unset environment variables in child processes.
+# We set an env variable to a non-empty string, unset it, and invoke
+# a python script in a subprocess to print whether the variable
+# is NO LONGER in os.environ.
+# We use 'eval' to parse the child's output so that an exception
+# is thrown if the input is neither 'True' nor 'False'.
+os.environ['UNSET_VAR'] = 'X'
+del os.environ['UNSET_VAR']
+child = gtest_test_utils.Subprocess(
+    [sys.executable, '-c', 'import os; print \'UNSET_VAR\' not in os.environ'])
+CAN_UNSET_ENV = eval(child.output)
+
+
+# Checks if we should test with an empty filter. This doesn't
+# make sense on platforms that cannot pass empty env variables (Win32)
+# and on platforms that cannot unset variables (since we cannot tell
+# the difference between "" and NULL -- Borland and Solaris < 5.10)
+CAN_TEST_EMPTY_FILTER = (CAN_PASS_EMPTY_ENV and CAN_UNSET_ENV)
+
+
+# The environment variable for specifying the test filters.
+FILTER_ENV_VAR = 'GTEST_FILTER'
+
+# The environment variables for test sharding.
+TOTAL_SHARDS_ENV_VAR = 'GTEST_TOTAL_SHARDS'
+SHARD_INDEX_ENV_VAR = 'GTEST_SHARD_INDEX'
+SHARD_STATUS_FILE_ENV_VAR = 'GTEST_SHARD_STATUS_FILE'
+
+# The command line flag for specifying the test filters.
+FILTER_FLAG = 'gtest_filter'
+
+# The command line flag for including disabled tests.
+ALSO_RUN_DISABED_TESTS_FLAG = 'gtest_also_run_disabled_tests'
+
+# Command to run the gtest_filter_unittest_ program.
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_filter_unittest_')
+
+# Regex for determining whether parameterized tests are enabled in the binary.
+PARAM_TEST_REGEX = re.compile(r'/ParamTest')
+
+# Regex for parsing test case names from Google Test's output.
+TEST_CASE_REGEX = re.compile(r'^\[\-+\] \d+ tests? from (\w+(/\w+)?)')
+
+# Regex for parsing test names from Google Test's output.
+TEST_REGEX = re.compile(r'^\[\s*RUN\s*\].*\.(\w+(/\w+)?)')
+
+# The command line flag to tell Google Test to output the list of tests it
+# will run.
+LIST_TESTS_FLAG = '--gtest_list_tests'
+
+# Indicates whether Google Test supports death tests.
+SUPPORTS_DEATH_TESTS = 'HasDeathTest' in gtest_test_utils.Subprocess(
+    [COMMAND, LIST_TESTS_FLAG]).output
+
+# Full names of all tests in gtest_filter_unittests_.
+PARAM_TESTS = [
+    'SeqP/ParamTest.TestX/0',
+    'SeqP/ParamTest.TestX/1',
+    'SeqP/ParamTest.TestY/0',
+    'SeqP/ParamTest.TestY/1',
+    'SeqQ/ParamTest.TestX/0',
+    'SeqQ/ParamTest.TestX/1',
+    'SeqQ/ParamTest.TestY/0',
+    'SeqQ/ParamTest.TestY/1',
+    ]
+
+DISABLED_TESTS = [
+    'BarTest.DISABLED_TestFour',
+    'BarTest.DISABLED_TestFive',
+    'BazTest.DISABLED_TestC',
+    'DISABLED_FoobarTest.Test1',
+    'DISABLED_FoobarTest.DISABLED_Test2',
+    'DISABLED_FoobarbazTest.TestA',
+    ]
+
+if SUPPORTS_DEATH_TESTS:
+  DEATH_TESTS = [
+    'HasDeathTest.Test1',
+    'HasDeathTest.Test2',
+    ]
+else:
+  DEATH_TESTS = []
+
+# All the non-disabled tests.
+ACTIVE_TESTS = [
+    'FooTest.Abc',
+    'FooTest.Xyz',
+
+    'BarTest.TestOne',
+    'BarTest.TestTwo',
+    'BarTest.TestThree',
+
+    'BazTest.TestOne',
+    'BazTest.TestA',
+    'BazTest.TestB',
+    ] + DEATH_TESTS + PARAM_TESTS
+
+param_tests_present = None
+
+# Utilities.
+
+environ = os.environ.copy()
+
+
+def SetEnvVar(env_var, value):
+  """Sets the env variable to 'value'; unsets it when 'value' is None."""
+
+  if value is not None:
+    environ[env_var] = value
+  elif env_var in environ:
+    del environ[env_var]
+
+
+def RunAndReturnOutput(args = None):
+  """Runs the test program and returns its output."""
+
+  return gtest_test_utils.Subprocess([COMMAND] + (args or []),
+                                     env=environ).output
+
+
+def RunAndExtractTestList(args = None):
+  """Runs the test program and returns its exit code and a list of tests run."""
+
+  p = gtest_test_utils.Subprocess([COMMAND] + (args or []), env=environ)
+  tests_run = []
+  test_case = ''
+  test = ''
+  for line in p.output.split('\n'):
+    match = TEST_CASE_REGEX.match(line)
+    if match is not None:
+      test_case = match.group(1)
+    else:
+      match = TEST_REGEX.match(line)
+      if match is not None:
+        test = match.group(1)
+        tests_run.append(test_case + '.' + test)
+  return (tests_run, p.exit_code)
+
+
+def InvokeWithModifiedEnv(extra_env, function, *args, **kwargs):
+  """Runs the given function and arguments in a modified environment."""
+  try:
+    original_env = environ.copy()
+    environ.update(extra_env)
+    return function(*args, **kwargs)
+  finally:
+    environ.clear()
+    environ.update(original_env)
+
+
+def RunWithSharding(total_shards, shard_index, command):
+  """Runs a test program shard and returns exit code and a list of tests run."""
+
+  extra_env = {SHARD_INDEX_ENV_VAR: str(shard_index),
+               TOTAL_SHARDS_ENV_VAR: str(total_shards)}
+  return InvokeWithModifiedEnv(extra_env, RunAndExtractTestList, command)
+
+# The unit test.
+
+
+class GTestFilterUnitTest(gtest_test_utils.TestCase):
+  """Tests the env variable or the command line flag to filter tests."""
+
+  # Utilities.
+
+  def AssertSetEqual(self, lhs, rhs):
+    """Asserts that two sets are equal."""
+
+    for elem in lhs:
+      self.assert_(elem in rhs, '%s in %s' % (elem, rhs))
+
+    for elem in rhs:
+      self.assert_(elem in lhs, '%s in %s' % (elem, lhs))
+
+  def AssertPartitionIsValid(self, set_var, list_of_sets):
+    """Asserts that list_of_sets is a valid partition of set_var."""
+
+    full_partition = []
+    for slice_var in list_of_sets:
+      full_partition.extend(slice_var)
+    self.assertEqual(len(set_var), len(full_partition))
+    self.assertEqual(sets.Set(set_var), sets.Set(full_partition))
+
+  def AdjustForParameterizedTests(self, tests_to_run):
+    """Adjust tests_to_run in case value parameterized tests are disabled."""
+
+    global param_tests_present
+    if not param_tests_present:
+      return list(sets.Set(tests_to_run) - sets.Set(PARAM_TESTS))
+    else:
+      return tests_to_run
+
+  def RunAndVerify(self, gtest_filter, tests_to_run):
+    """Checks that the binary runs correct set of tests for a given filter."""
+
+    tests_to_run = self.AdjustForParameterizedTests(tests_to_run)
+
+    # First, tests using the environment variable.
+
+    # Windows removes empty variables from the environment when passing it
+    # to a new process.  This means it is impossible to pass an empty filter
+    # into a process using the environment variable.  However, we can still
+    # test the case when the variable is not supplied (i.e., gtest_filter is
+    # None).
+    # pylint: disable-msg=C6403
+    if CAN_TEST_EMPTY_FILTER or gtest_filter != '':
+      SetEnvVar(FILTER_ENV_VAR, gtest_filter)
+      tests_run = RunAndExtractTestList()[0]
+      SetEnvVar(FILTER_ENV_VAR, None)
+      self.AssertSetEqual(tests_run, tests_to_run)
+    # pylint: enable-msg=C6403
+
+    # Next, tests using the command line flag.
+
+    if gtest_filter is None:
+      args = []
+    else:
+      args = ['--%s=%s' % (FILTER_FLAG, gtest_filter)]
+
+    tests_run = RunAndExtractTestList(args)[0]
+    self.AssertSetEqual(tests_run, tests_to_run)
+
+  def RunAndVerifyWithSharding(self, gtest_filter, total_shards, tests_to_run,
+                               args=None, check_exit_0=False):
+    """Checks that binary runs correct tests for the given filter and shard.
+
+    Runs all shards of gtest_filter_unittest_ with the given filter, and
+    verifies that the right set of tests were run. The union of tests run
+    on each shard should be identical to tests_to_run, without duplicates.
+
+    Args:
+      gtest_filter: A filter to apply to the tests.
+      total_shards: A total number of shards to split test run into.
+      tests_to_run: A set of tests expected to run.
+      args   :      Arguments to pass to the to the test binary.
+      check_exit_0: When set to a true value, make sure that all shards
+                    return 0.
+    """
+
+    tests_to_run = self.AdjustForParameterizedTests(tests_to_run)
+
+    # Windows removes empty variables from the environment when passing it
+    # to a new process.  This means it is impossible to pass an empty filter
+    # into a process using the environment variable.  However, we can still
+    # test the case when the variable is not supplied (i.e., gtest_filter is
+    # None).
+    # pylint: disable-msg=C6403
+    if CAN_TEST_EMPTY_FILTER or gtest_filter != '':
+      SetEnvVar(FILTER_ENV_VAR, gtest_filter)
+      partition = []
+      for i in range(0, total_shards):
+        (tests_run, exit_code) = RunWithSharding(total_shards, i, args)
+        if check_exit_0:
+          self.assertEqual(0, exit_code)
+        partition.append(tests_run)
+
+      self.AssertPartitionIsValid(tests_to_run, partition)
+      SetEnvVar(FILTER_ENV_VAR, None)
+    # pylint: enable-msg=C6403
+
+  def RunAndVerifyAllowingDisabled(self, gtest_filter, tests_to_run):
+    """Checks that the binary runs correct set of tests for the given filter.
+
+    Runs gtest_filter_unittest_ with the given filter, and enables
+    disabled tests. Verifies that the right set of tests were run.
+
+    Args:
+      gtest_filter: A filter to apply to the tests.
+      tests_to_run: A set of tests expected to run.
+    """
+
+    tests_to_run = self.AdjustForParameterizedTests(tests_to_run)
+
+    # Construct the command line.
+    args = ['--%s' % ALSO_RUN_DISABED_TESTS_FLAG]
+    if gtest_filter is not None:
+      args.append('--%s=%s' % (FILTER_FLAG, gtest_filter))
+
+    tests_run = RunAndExtractTestList(args)[0]
+    self.AssertSetEqual(tests_run, tests_to_run)
+
+  def setUp(self):
+    """Sets up test case.
+
+    Determines whether value-parameterized tests are enabled in the binary and
+    sets the flags accordingly.
+    """
+
+    global param_tests_present
+    if param_tests_present is None:
+      param_tests_present = PARAM_TEST_REGEX.search(
+          RunAndReturnOutput()) is not None
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of not specifying the filter."""
+
+    self.RunAndVerify(None, ACTIVE_TESTS)
+
+  def testDefaultBehaviorWithShards(self):
+    """Tests the behavior without the filter, with sharding enabled."""
+
+    self.RunAndVerifyWithSharding(None, 1, ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, 2, ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, len(ACTIVE_TESTS) - 1, ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, len(ACTIVE_TESTS), ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, len(ACTIVE_TESTS) + 1, ACTIVE_TESTS)
+
+  def testEmptyFilter(self):
+    """Tests an empty filter."""
+
+    self.RunAndVerify('', [])
+    self.RunAndVerifyWithSharding('', 1, [])
+    self.RunAndVerifyWithSharding('', 2, [])
+
+  def testBadFilter(self):
+    """Tests a filter that matches nothing."""
+
+    self.RunAndVerify('BadFilter', [])
+    self.RunAndVerifyAllowingDisabled('BadFilter', [])
+
+  def testFullName(self):
+    """Tests filtering by full name."""
+
+    self.RunAndVerify('FooTest.Xyz', ['FooTest.Xyz'])
+    self.RunAndVerifyAllowingDisabled('FooTest.Xyz', ['FooTest.Xyz'])
+    self.RunAndVerifyWithSharding('FooTest.Xyz', 5, ['FooTest.Xyz'])
+
+  def testUniversalFilters(self):
+    """Tests filters that match everything."""
+
+    self.RunAndVerify('*', ACTIVE_TESTS)
+    self.RunAndVerify('*.*', ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding('*.*', len(ACTIVE_TESTS) - 3, ACTIVE_TESTS)
+    self.RunAndVerifyAllowingDisabled('*', ACTIVE_TESTS + DISABLED_TESTS)
+    self.RunAndVerifyAllowingDisabled('*.*', ACTIVE_TESTS + DISABLED_TESTS)
+
+  def testFilterByTestCase(self):
+    """Tests filtering by test case name."""
+
+    self.RunAndVerify('FooTest.*', ['FooTest.Abc', 'FooTest.Xyz'])
+
+    BAZ_TESTS = ['BazTest.TestOne', 'BazTest.TestA', 'BazTest.TestB']
+    self.RunAndVerify('BazTest.*', BAZ_TESTS)
+    self.RunAndVerifyAllowingDisabled('BazTest.*',
+                                      BAZ_TESTS + ['BazTest.DISABLED_TestC'])
+
+  def testFilterByTest(self):
+    """Tests filtering by test name."""
+
+    self.RunAndVerify('*.TestOne', ['BarTest.TestOne', 'BazTest.TestOne'])
+
+  def testFilterDisabledTests(self):
+    """Select only the disabled tests to run."""
+
+    self.RunAndVerify('DISABLED_FoobarTest.Test1', [])
+    self.RunAndVerifyAllowingDisabled('DISABLED_FoobarTest.Test1',
+                                      ['DISABLED_FoobarTest.Test1'])
+
+    self.RunAndVerify('*DISABLED_*', [])
+    self.RunAndVerifyAllowingDisabled('*DISABLED_*', DISABLED_TESTS)
+
+    self.RunAndVerify('*.DISABLED_*', [])
+    self.RunAndVerifyAllowingDisabled('*.DISABLED_*', [
+        'BarTest.DISABLED_TestFour',
+        'BarTest.DISABLED_TestFive',
+        'BazTest.DISABLED_TestC',
+        'DISABLED_FoobarTest.DISABLED_Test2',
+        ])
+
+    self.RunAndVerify('DISABLED_*', [])
+    self.RunAndVerifyAllowingDisabled('DISABLED_*', [
+        'DISABLED_FoobarTest.Test1',
+        'DISABLED_FoobarTest.DISABLED_Test2',
+        'DISABLED_FoobarbazTest.TestA',
+        ])
+
+  def testWildcardInTestCaseName(self):
+    """Tests using wildcard in the test case name."""
+
+    self.RunAndVerify('*a*.*', [
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+
+        'BazTest.TestOne',
+        'BazTest.TestA',
+        'BazTest.TestB', ] + DEATH_TESTS + PARAM_TESTS)
+
+  def testWildcardInTestName(self):
+    """Tests using wildcard in the test name."""
+
+    self.RunAndVerify('*.*A*', ['FooTest.Abc', 'BazTest.TestA'])
+
+  def testFilterWithoutDot(self):
+    """Tests a filter that has no '.' in it."""
+
+    self.RunAndVerify('*z*', [
+        'FooTest.Xyz',
+
+        'BazTest.TestOne',
+        'BazTest.TestA',
+        'BazTest.TestB',
+        ])
+
+  def testTwoPatterns(self):
+    """Tests filters that consist of two patterns."""
+
+    self.RunAndVerify('Foo*.*:*A*', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BazTest.TestA',
+        ])
+
+    # An empty pattern + a non-empty one
+    self.RunAndVerify(':*A*', ['FooTest.Abc', 'BazTest.TestA'])
+
+  def testThreePatterns(self):
+    """Tests filters that consist of three patterns."""
+
+    self.RunAndVerify('*oo*:*A*:*One', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+
+        'BazTest.TestOne',
+        'BazTest.TestA',
+        ])
+
+    # The 2nd pattern is empty.
+    self.RunAndVerify('*oo*::*One', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+
+        'BazTest.TestOne',
+        ])
+
+    # The last 2 patterns are empty.
+    self.RunAndVerify('*oo*::', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+        ])
+
+  def testNegativeFilters(self):
+    self.RunAndVerify('*-BazTest.TestOne', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+
+        'BazTest.TestA',
+        'BazTest.TestB',
+        ] + DEATH_TESTS + PARAM_TESTS)
+
+    self.RunAndVerify('*-FooTest.Abc:BazTest.*', [
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+        ] + DEATH_TESTS + PARAM_TESTS)
+
+    self.RunAndVerify('BarTest.*-BarTest.TestOne', [
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+        ])
+
+    # Tests without leading '*'.
+    self.RunAndVerify('-FooTest.Abc:FooTest.Xyz:BazTest.*', [
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+        ] + DEATH_TESTS + PARAM_TESTS)
+
+    # Value parameterized tests.
+    self.RunAndVerify('*/*', PARAM_TESTS)
+
+    # Value parameterized tests filtering by the sequence name.
+    self.RunAndVerify('SeqP/*', [
+        'SeqP/ParamTest.TestX/0',
+        'SeqP/ParamTest.TestX/1',
+        'SeqP/ParamTest.TestY/0',
+        'SeqP/ParamTest.TestY/1',
+        ])
+
+    # Value parameterized tests filtering by the test name.
+    self.RunAndVerify('*/0', [
+        'SeqP/ParamTest.TestX/0',
+        'SeqP/ParamTest.TestY/0',
+        'SeqQ/ParamTest.TestX/0',
+        'SeqQ/ParamTest.TestY/0',
+        ])
+
+  def testFlagOverridesEnvVar(self):
+    """Tests that the filter flag overrides the filtering env. variable."""
+
+    SetEnvVar(FILTER_ENV_VAR, 'Foo*')
+    args = ['--%s=%s' % (FILTER_FLAG, '*One')]
+    tests_run = RunAndExtractTestList(args)[0]
+    SetEnvVar(FILTER_ENV_VAR, None)
+
+    self.AssertSetEqual(tests_run, ['BarTest.TestOne', 'BazTest.TestOne'])
+
+  def testShardStatusFileIsCreated(self):
+    """Tests that the shard file is created if specified in the environment."""
+
+    shard_status_file = os.path.join(gtest_test_utils.GetTempDir(),
+                                     'shard_status_file')
+    self.assert_(not os.path.exists(shard_status_file))
+
+    extra_env = {SHARD_STATUS_FILE_ENV_VAR: shard_status_file}
+    try:
+      InvokeWithModifiedEnv(extra_env, RunAndReturnOutput)
+    finally:
+      self.assert_(os.path.exists(shard_status_file))
+      os.remove(shard_status_file)
+
+  def testShardStatusFileIsCreatedWithListTests(self):
+    """Tests that the shard file is created with the "list_tests" flag."""
+
+    shard_status_file = os.path.join(gtest_test_utils.GetTempDir(),
+                                     'shard_status_file2')
+    self.assert_(not os.path.exists(shard_status_file))
+
+    extra_env = {SHARD_STATUS_FILE_ENV_VAR: shard_status_file}
+    try:
+      output = InvokeWithModifiedEnv(extra_env,
+                                     RunAndReturnOutput,
+                                     [LIST_TESTS_FLAG])
+    finally:
+      # This assertion ensures that Google Test enumerated the tests as
+      # opposed to running them.
+      self.assert_('[==========]' not in output,
+                   'Unexpected output during test enumeration.\n'
+                   'Please ensure that LIST_TESTS_FLAG is assigned the\n'
+                   'correct flag value for listing Google Test tests.')
+
+      self.assert_(os.path.exists(shard_status_file))
+      os.remove(shard_status_file)
+
+  if SUPPORTS_DEATH_TESTS:
+    def testShardingWorksWithDeathTests(self):
+      """Tests integration with death tests and sharding."""
+
+      gtest_filter = 'HasDeathTest.*:SeqP/*'
+      expected_tests = [
+          'HasDeathTest.Test1',
+          'HasDeathTest.Test2',
+
+          'SeqP/ParamTest.TestX/0',
+          'SeqP/ParamTest.TestX/1',
+          'SeqP/ParamTest.TestY/0',
+          'SeqP/ParamTest.TestY/1',
+          ]
+
+      for flag in ['--gtest_death_test_style=threadsafe',
+                   '--gtest_death_test_style=fast']:
+        self.RunAndVerifyWithSharding(gtest_filter, 3, expected_tests,
+                                      check_exit_0=True, args=[flag])
+        self.RunAndVerifyWithSharding(gtest_filter, 5, expected_tests,
+                                      check_exit_0=True, args=[flag])
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_filter_unittest_.cc b/nss/external_tests/google_test/gtest/test/gtest_filter_unittest_.cc
new file mode 100644
index 0000000..77deffc
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_filter_unittest_.cc
@@ -0,0 +1,140 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Unit test for Google Test test filters.
+//
+// A user can specify which test(s) in a Google Test program to run via
+// either the GTEST_FILTER environment variable or the --gtest_filter
+// flag.  This is used for testing such functionality.
+//
+// The program will be invoked from a Python unit test.  Don't run it
+// directly.
+
+#include "gtest/gtest.h"
+
+namespace {
+
+// Test case FooTest.
+
+class FooTest : public testing::Test {
+};
+
+TEST_F(FooTest, Abc) {
+}
+
+TEST_F(FooTest, Xyz) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case BarTest.
+
+TEST(BarTest, TestOne) {
+}
+
+TEST(BarTest, TestTwo) {
+}
+
+TEST(BarTest, TestThree) {
+}
+
+TEST(BarTest, DISABLED_TestFour) {
+  FAIL() << "Expected failure.";
+}
+
+TEST(BarTest, DISABLED_TestFive) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case BazTest.
+
+TEST(BazTest, TestOne) {
+  FAIL() << "Expected failure.";
+}
+
+TEST(BazTest, TestA) {
+}
+
+TEST(BazTest, TestB) {
+}
+
+TEST(BazTest, DISABLED_TestC) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case HasDeathTest
+
+TEST(HasDeathTest, Test1) {
+  EXPECT_DEATH_IF_SUPPORTED(exit(1), ".*");
+}
+
+// We need at least two death tests to make sure that the all death tests
+// aren't on the first shard.
+TEST(HasDeathTest, Test2) {
+  EXPECT_DEATH_IF_SUPPORTED(exit(1), ".*");
+}
+
+// Test case FoobarTest
+
+TEST(DISABLED_FoobarTest, Test1) {
+  FAIL() << "Expected failure.";
+}
+
+TEST(DISABLED_FoobarTest, DISABLED_Test2) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case FoobarbazTest
+
+TEST(DISABLED_FoobarbazTest, TestA) {
+  FAIL() << "Expected failure.";
+}
+
+#if GTEST_HAS_PARAM_TEST
+class ParamTest : public testing::TestWithParam<int> {
+};
+
+TEST_P(ParamTest, TestX) {
+}
+
+TEST_P(ParamTest, TestY) {
+}
+
+INSTANTIATE_TEST_CASE_P(SeqP, ParamTest, testing::Values(1, 2));
+INSTANTIATE_TEST_CASE_P(SeqQ, ParamTest, testing::Values(5, 6));
+#endif  // GTEST_HAS_PARAM_TEST
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_help_test.py b/nss/external_tests/google_test/gtest/test/gtest_help_test.py
new file mode 100755
index 0000000..093c838
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_help_test.py
@@ -0,0 +1,172 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests the --help flag of Google C++ Testing Framework.
+
+SYNOPSIS
+       gtest_help_test.py --build_dir=BUILD/DIR
+         # where BUILD/DIR contains the built gtest_help_test_ file.
+       gtest_help_test.py
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import gtest_test_utils
+
+
+IS_LINUX = os.name == 'posix' and os.uname()[0] == 'Linux'
+IS_WINDOWS = os.name == 'nt'
+
+PROGRAM_PATH = gtest_test_utils.GetTestExecutablePath('gtest_help_test_')
+FLAG_PREFIX = '--gtest_'
+DEATH_TEST_STYLE_FLAG = FLAG_PREFIX + 'death_test_style'
+STREAM_RESULT_TO_FLAG = FLAG_PREFIX + 'stream_result_to'
+UNKNOWN_FLAG = FLAG_PREFIX + 'unknown_flag_for_testing'
+LIST_TESTS_FLAG = FLAG_PREFIX + 'list_tests'
+INCORRECT_FLAG_VARIANTS = [re.sub('^--', '-', LIST_TESTS_FLAG),
+                           re.sub('^--', '/', LIST_TESTS_FLAG),
+                           re.sub('_', '-', LIST_TESTS_FLAG)]
+INTERNAL_FLAG_FOR_TESTING = FLAG_PREFIX + 'internal_flag_for_testing'
+
+SUPPORTS_DEATH_TESTS = "DeathTest" in gtest_test_utils.Subprocess(
+    [PROGRAM_PATH, LIST_TESTS_FLAG]).output
+
+# The help message must match this regex.
+HELP_REGEX = re.compile(
+    FLAG_PREFIX + r'list_tests.*' +
+    FLAG_PREFIX + r'filter=.*' +
+    FLAG_PREFIX + r'also_run_disabled_tests.*' +
+    FLAG_PREFIX + r'repeat=.*' +
+    FLAG_PREFIX + r'shuffle.*' +
+    FLAG_PREFIX + r'random_seed=.*' +
+    FLAG_PREFIX + r'color=.*' +
+    FLAG_PREFIX + r'print_time.*' +
+    FLAG_PREFIX + r'output=.*' +
+    FLAG_PREFIX + r'break_on_failure.*' +
+    FLAG_PREFIX + r'throw_on_failure.*' +
+    FLAG_PREFIX + r'catch_exceptions=0.*',
+    re.DOTALL)
+
+
+def RunWithFlag(flag):
+  """Runs gtest_help_test_ with the given flag.
+
+  Returns:
+    the exit code and the text output as a tuple.
+  Args:
+    flag: the command-line flag to pass to gtest_help_test_, or None.
+  """
+
+  if flag is None:
+    command = [PROGRAM_PATH]
+  else:
+    command = [PROGRAM_PATH, flag]
+  child = gtest_test_utils.Subprocess(command)
+  return child.exit_code, child.output
+
+
+class GTestHelpTest(gtest_test_utils.TestCase):
+  """Tests the --help flag and its equivalent forms."""
+
+  def TestHelpFlag(self, flag):
+    """Verifies correct behavior when help flag is specified.
+
+    The right message must be printed and the tests must
+    skipped when the given flag is specified.
+
+    Args:
+      flag:  A flag to pass to the binary or None.
+    """
+
+    exit_code, output = RunWithFlag(flag)
+    self.assertEquals(0, exit_code)
+    self.assert_(HELP_REGEX.search(output), output)
+
+    if IS_LINUX:
+      self.assert_(STREAM_RESULT_TO_FLAG in output, output)
+    else:
+      self.assert_(STREAM_RESULT_TO_FLAG not in output, output)
+
+    if SUPPORTS_DEATH_TESTS and not IS_WINDOWS:
+      self.assert_(DEATH_TEST_STYLE_FLAG in output, output)
+    else:
+      self.assert_(DEATH_TEST_STYLE_FLAG not in output, output)
+
+  def TestNonHelpFlag(self, flag):
+    """Verifies correct behavior when no help flag is specified.
+
+    Verifies that when no help flag is specified, the tests are run
+    and the help message is not printed.
+
+    Args:
+      flag:  A flag to pass to the binary or None.
+    """
+
+    exit_code, output = RunWithFlag(flag)
+    self.assert_(exit_code != 0)
+    self.assert_(not HELP_REGEX.search(output), output)
+
+  def testPrintsHelpWithFullFlag(self):
+    self.TestHelpFlag('--help')
+
+  def testPrintsHelpWithShortFlag(self):
+    self.TestHelpFlag('-h')
+
+  def testPrintsHelpWithQuestionFlag(self):
+    self.TestHelpFlag('-?')
+
+  def testPrintsHelpWithWindowsStyleQuestionFlag(self):
+    self.TestHelpFlag('/?')
+
+  def testPrintsHelpWithUnrecognizedGoogleTestFlag(self):
+    self.TestHelpFlag(UNKNOWN_FLAG)
+
+  def testPrintsHelpWithIncorrectFlagStyle(self):
+    for incorrect_flag in INCORRECT_FLAG_VARIANTS:
+      self.TestHelpFlag(incorrect_flag)
+
+  def testRunsTestsWithoutHelpFlag(self):
+    """Verifies that when no help flag is specified, the tests are run
+    and the help message is not printed."""
+
+    self.TestNonHelpFlag(None)
+
+  def testRunsTestsWithGtestInternalFlag(self):
+    """Verifies that the tests are run and no help message is printed when
+    a flag starting with Google Test prefix and 'internal_' is supplied."""
+
+    self.TestNonHelpFlag(INTERNAL_FLAG_FOR_TESTING)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_help_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_help_test_.cc
new file mode 100644
index 0000000..31f78c2
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_help_test_.cc
@@ -0,0 +1,46 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// This program is meant to be run by gtest_help_test.py.  Do not run
+// it directly.
+
+#include "gtest/gtest.h"
+
+// When a help flag is specified, this program should skip the tests
+// and exit with 0; otherwise the following test will be executed,
+// causing this program to exit with a non-zero code.
+TEST(HelpFlagTest, ShouldNotBeRun) {
+  ASSERT_TRUE(false) << "Tests shouldn't be run when --help is specified.";
+}
+
+#if GTEST_HAS_DEATH_TEST
+TEST(DeathTest, UsedByPythonScriptToDetectSupportForDeathTestsInThisBinary) {}
+#endif
diff --git a/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest.py b/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest.py
new file mode 100755
index 0000000..925b09d
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest.py
@@ -0,0 +1,207 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for Google Test's --gtest_list_tests flag.
+
+A user can ask Google Test to list all tests by specifying the
+--gtest_list_tests flag.  This script tests such functionality
+by invoking gtest_list_tests_unittest_ (a program written with
+Google Test) the command line flags.
+"""
+
+__author__ = 'phanna@google.com (Patrick Hanna)'
+
+import gtest_test_utils
+import re
+
+
+# Constants.
+
+# The command line flag for enabling/disabling listing all tests.
+LIST_TESTS_FLAG = 'gtest_list_tests'
+
+# Path to the gtest_list_tests_unittest_ program.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath('gtest_list_tests_unittest_')
+
+# The expected output when running gtest_list_tests_unittest_ with
+# --gtest_list_tests
+EXPECTED_OUTPUT_NO_FILTER_RE = re.compile(r"""FooDeathTest\.
+  Test1
+Foo\.
+  Bar1
+  Bar2
+  DISABLED_Bar3
+Abc\.
+  Xyz
+  Def
+FooBar\.
+  Baz
+FooTest\.
+  Test1
+  DISABLED_Test2
+  Test3
+TypedTest/0\.  # TypeParam = (VeryLo{245}|class VeryLo{239})\.\.\.
+  TestA
+  TestB
+TypedTest/1\.  # TypeParam = int\s*\*
+  TestA
+  TestB
+TypedTest/2\.  # TypeParam = .*MyArray<bool,\s*42>
+  TestA
+  TestB
+My/TypeParamTest/0\.  # TypeParam = (VeryLo{245}|class VeryLo{239})\.\.\.
+  TestA
+  TestB
+My/TypeParamTest/1\.  # TypeParam = int\s*\*
+  TestA
+  TestB
+My/TypeParamTest/2\.  # TypeParam = .*MyArray<bool,\s*42>
+  TestA
+  TestB
+MyInstantiation/ValueParamTest\.
+  TestA/0  # GetParam\(\) = one line
+  TestA/1  # GetParam\(\) = two\\nlines
+  TestA/2  # GetParam\(\) = a very\\nlo{241}\.\.\.
+  TestB/0  # GetParam\(\) = one line
+  TestB/1  # GetParam\(\) = two\\nlines
+  TestB/2  # GetParam\(\) = a very\\nlo{241}\.\.\.
+""")
+
+# The expected output when running gtest_list_tests_unittest_ with
+# --gtest_list_tests and --gtest_filter=Foo*.
+EXPECTED_OUTPUT_FILTER_FOO_RE = re.compile(r"""FooDeathTest\.
+  Test1
+Foo\.
+  Bar1
+  Bar2
+  DISABLED_Bar3
+FooBar\.
+  Baz
+FooTest\.
+  Test1
+  DISABLED_Test2
+  Test3
+""")
+
+# Utilities.
+
+
+def Run(args):
+  """Runs gtest_list_tests_unittest_ and returns the list of tests printed."""
+
+  return gtest_test_utils.Subprocess([EXE_PATH] + args,
+                                     capture_stderr=False).output
+
+
+# The unit test.
+
+class GTestListTestsUnitTest(gtest_test_utils.TestCase):
+  """Tests using the --gtest_list_tests flag to list all tests."""
+
+  def RunAndVerify(self, flag_value, expected_output_re, other_flag):
+    """Runs gtest_list_tests_unittest_ and verifies that it prints
+    the correct tests.
+
+    Args:
+      flag_value:         value of the --gtest_list_tests flag;
+                          None if the flag should not be present.
+      expected_output_re: regular expression that matches the expected
+                          output after running command;
+      other_flag:         a different flag to be passed to command
+                          along with gtest_list_tests;
+                          None if the flag should not be present.
+    """
+
+    if flag_value is None:
+      flag = ''
+      flag_expression = 'not set'
+    elif flag_value == '0':
+      flag = '--%s=0' % LIST_TESTS_FLAG
+      flag_expression = '0'
+    else:
+      flag = '--%s' % LIST_TESTS_FLAG
+      flag_expression = '1'
+
+    args = [flag]
+
+    if other_flag is not None:
+      args += [other_flag]
+
+    output = Run(args)
+
+    if expected_output_re:
+      self.assert_(
+          expected_output_re.match(output),
+          ('when %s is %s, the output of "%s" is "%s",\n'
+           'which does not match regex "%s"' %
+           (LIST_TESTS_FLAG, flag_expression, ' '.join(args), output,
+            expected_output_re.pattern)))
+    else:
+      self.assert_(
+          not EXPECTED_OUTPUT_NO_FILTER_RE.match(output),
+          ('when %s is %s, the output of "%s" is "%s"'%
+           (LIST_TESTS_FLAG, flag_expression, ' '.join(args), output)))
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of the default mode."""
+
+    self.RunAndVerify(flag_value=None,
+                      expected_output_re=None,
+                      other_flag=None)
+
+  def testFlag(self):
+    """Tests using the --gtest_list_tests flag."""
+
+    self.RunAndVerify(flag_value='0',
+                      expected_output_re=None,
+                      other_flag=None)
+    self.RunAndVerify(flag_value='1',
+                      expected_output_re=EXPECTED_OUTPUT_NO_FILTER_RE,
+                      other_flag=None)
+
+  def testOverrideNonFilterFlags(self):
+    """Tests that --gtest_list_tests overrides the non-filter flags."""
+
+    self.RunAndVerify(flag_value='1',
+                      expected_output_re=EXPECTED_OUTPUT_NO_FILTER_RE,
+                      other_flag='--gtest_break_on_failure')
+
+  def testWithFilterFlags(self):
+    """Tests that --gtest_list_tests takes into account the
+    --gtest_filter flag."""
+
+    self.RunAndVerify(flag_value='1',
+                      expected_output_re=EXPECTED_OUTPUT_FILTER_FOO_RE,
+                      other_flag='--gtest_filter=Foo*')
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest_.cc b/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest_.cc
new file mode 100644
index 0000000..907c176
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_list_tests_unittest_.cc
@@ -0,0 +1,157 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: phanna@google.com (Patrick Hanna)
+
+// Unit test for Google Test's --gtest_list_tests flag.
+//
+// A user can ask Google Test to list all tests that will run
+// so that when using a filter, a user will know what
+// tests to look for. The tests will not be run after listing.
+//
+// This program will be invoked from a Python unit test.
+// Don't run it directly.
+
+#include "gtest/gtest.h"
+
+// Several different test cases and tests that will be listed.
+TEST(Foo, Bar1) {
+}
+
+TEST(Foo, Bar2) {
+}
+
+TEST(Foo, DISABLED_Bar3) {
+}
+
+TEST(Abc, Xyz) {
+}
+
+TEST(Abc, Def) {
+}
+
+TEST(FooBar, Baz) {
+}
+
+class FooTest : public testing::Test {
+};
+
+TEST_F(FooTest, Test1) {
+}
+
+TEST_F(FooTest, DISABLED_Test2) {
+}
+
+TEST_F(FooTest, Test3) {
+}
+
+TEST(FooDeathTest, Test1) {
+}
+
+// A group of value-parameterized tests.
+
+class MyType {
+ public:
+  explicit MyType(const std::string& a_value) : value_(a_value) {}
+
+  const std::string& value() const { return value_; }
+
+ private:
+  std::string value_;
+};
+
+// Teaches Google Test how to print a MyType.
+void PrintTo(const MyType& x, std::ostream* os) {
+  *os << x.value();
+}
+
+class ValueParamTest : public testing::TestWithParam<MyType> {
+};
+
+TEST_P(ValueParamTest, TestA) {
+}
+
+TEST_P(ValueParamTest, TestB) {
+}
+
+INSTANTIATE_TEST_CASE_P(
+    MyInstantiation, ValueParamTest,
+    testing::Values(MyType("one line"),
+                    MyType("two\nlines"),
+                    MyType("a very\nloooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong line")));  // NOLINT
+
+// A group of typed tests.
+
+// A deliberately long type name for testing the line-truncating
+// behavior when printing a type parameter.
+class VeryLoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooogName {  // NOLINT
+};
+
+template <typename T>
+class TypedTest : public testing::Test {
+};
+
+template <typename T, int kSize>
+class MyArray {
+};
+
+typedef testing::Types<VeryLoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooogName,  // NOLINT
+                       int*, MyArray<bool, 42> > MyTypes;
+
+TYPED_TEST_CASE(TypedTest, MyTypes);
+
+TYPED_TEST(TypedTest, TestA) {
+}
+
+TYPED_TEST(TypedTest, TestB) {
+}
+
+// A group of type-parameterized tests.
+
+template <typename T>
+class TypeParamTest : public testing::Test {
+};
+
+TYPED_TEST_CASE_P(TypeParamTest);
+
+TYPED_TEST_P(TypeParamTest, TestA) {
+}
+
+TYPED_TEST_P(TypeParamTest, TestB) {
+}
+
+REGISTER_TYPED_TEST_CASE_P(TypeParamTest, TestA, TestB);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, TypeParamTest, MyTypes);
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_main_unittest.cc b/nss/external_tests/google_test/gtest/test/gtest_main_unittest.cc
new file mode 100644
index 0000000..ecd9bb8
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_main_unittest.cc
@@ -0,0 +1,45 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+
+// Tests that we don't have to define main() when we link to
+// gtest_main instead of gtest.
+
+namespace {
+
+TEST(GTestMainTest, ShouldSucceed) {
+}
+
+}  // namespace
+
+// We are using the main() function defined in src/gtest_main.cc, so
+// we don't define it here.
diff --git a/nss/external_tests/google_test/gtest/test/gtest_no_test_unittest.cc b/nss/external_tests/google_test/gtest/test/gtest_no_test_unittest.cc
new file mode 100644
index 0000000..292599a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_no_test_unittest.cc
@@ -0,0 +1,56 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Tests that a Google Test program that has no test defined can run
+// successfully.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  // An ad-hoc assertion outside of all tests.
+  //
+  // This serves three purposes:
+  //
+  // 1. It verifies that an ad-hoc assertion can be executed even if
+  //    no test is defined.
+  // 2. It verifies that a failed ad-hoc assertion causes the test
+  //    program to fail.
+  // 3. We had a bug where the XML output won't be generated if an
+  //    assertion is executed before RUN_ALL_TESTS() is called, even
+  //    though --gtest_output=xml is specified.  This makes sure the
+  //    bug is fixed and doesn't regress.
+  EXPECT_EQ(1, 2);
+
+  // The above EXPECT_EQ() should cause RUN_ALL_TESTS() to return non-zero.
+  return RUN_ALL_TESTS() ? 0 : 1;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_output_test.py b/nss/external_tests/google_test/gtest/test/gtest_output_test.py
new file mode 100755
index 0000000..fa1a311
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_output_test.py
@@ -0,0 +1,335 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests the text output of Google C++ Testing Framework.
+
+SYNOPSIS
+       gtest_output_test.py --build_dir=BUILD/DIR --gengolden
+         # where BUILD/DIR contains the built gtest_output_test_ file.
+       gtest_output_test.py --gengolden
+       gtest_output_test.py
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sys
+import gtest_test_utils
+
+
+# The flag for generating the golden file
+GENGOLDEN_FLAG = '--gengolden'
+CATCH_EXCEPTIONS_ENV_VAR_NAME = 'GTEST_CATCH_EXCEPTIONS'
+
+IS_WINDOWS = os.name == 'nt'
+
+# TODO(vladl@google.com): remove the _lin suffix.
+GOLDEN_NAME = 'gtest_output_test_golden_lin.txt'
+
+PROGRAM_PATH = gtest_test_utils.GetTestExecutablePath('gtest_output_test_')
+
+# At least one command we exercise must not have the
+# --gtest_internal_skip_environment_and_ad_hoc_tests flag.
+COMMAND_LIST_TESTS = ({}, [PROGRAM_PATH, '--gtest_list_tests'])
+COMMAND_WITH_COLOR = ({}, [PROGRAM_PATH, '--gtest_color=yes'])
+COMMAND_WITH_TIME = ({}, [PROGRAM_PATH,
+                          '--gtest_print_time',
+                          '--gtest_internal_skip_environment_and_ad_hoc_tests',
+                          '--gtest_filter=FatalFailureTest.*:LoggingTest.*'])
+COMMAND_WITH_DISABLED = (
+    {}, [PROGRAM_PATH,
+         '--gtest_also_run_disabled_tests',
+         '--gtest_internal_skip_environment_and_ad_hoc_tests',
+         '--gtest_filter=*DISABLED_*'])
+COMMAND_WITH_SHARDING = (
+    {'GTEST_SHARD_INDEX': '1', 'GTEST_TOTAL_SHARDS': '2'},
+    [PROGRAM_PATH,
+     '--gtest_internal_skip_environment_and_ad_hoc_tests',
+     '--gtest_filter=PassingTest.*'])
+
+GOLDEN_PATH = os.path.join(gtest_test_utils.GetSourceDir(), GOLDEN_NAME)
+
+
+def ToUnixLineEnding(s):
+  """Changes all Windows/Mac line endings in s to UNIX line endings."""
+
+  return s.replace('\r\n', '\n').replace('\r', '\n')
+
+
+def RemoveLocations(test_output):
+  """Removes all file location info from a Google Test program's output.
+
+  Args:
+       test_output:  the output of a Google Test program.
+
+  Returns:
+       output with all file location info (in the form of
+       'DIRECTORY/FILE_NAME:LINE_NUMBER: 'or
+       'DIRECTORY\\FILE_NAME(LINE_NUMBER): ') replaced by
+       'FILE_NAME:#: '.
+  """
+
+  return re.sub(r'.*[/\\](.+)(\:\d+|\(\d+\))\: ', r'\1:#: ', test_output)
+
+
+def RemoveStackTraceDetails(output):
+  """Removes all stack traces from a Google Test program's output."""
+
+  # *? means "find the shortest string that matches".
+  return re.sub(r'Stack trace:(.|\n)*?\n\n',
+                'Stack trace: (omitted)\n\n', output)
+
+
+def RemoveStackTraces(output):
+  """Removes all traces of stack traces from a Google Test program's output."""
+
+  # *? means "find the shortest string that matches".
+  return re.sub(r'Stack trace:(.|\n)*?\n\n', '', output)
+
+
+def RemoveTime(output):
+  """Removes all time information from a Google Test program's output."""
+
+  return re.sub(r'\(\d+ ms', '(? ms', output)
+
+
+def RemoveTypeInfoDetails(test_output):
+  """Removes compiler-specific type info from Google Test program's output.
+
+  Args:
+       test_output:  the output of a Google Test program.
+
+  Returns:
+       output with type information normalized to canonical form.
+  """
+
+  # some compilers output the name of type 'unsigned int' as 'unsigned'
+  return re.sub(r'unsigned int', 'unsigned', test_output)
+
+
+def NormalizeToCurrentPlatform(test_output):
+  """Normalizes platform specific output details for easier comparison."""
+
+  if IS_WINDOWS:
+    # Removes the color information that is not present on Windows.
+    test_output = re.sub('\x1b\\[(0;3\d)?m', '', test_output)
+    # Changes failure message headers into the Windows format.
+    test_output = re.sub(r': Failure\n', r': error: ', test_output)
+    # Changes file(line_number) to file:line_number.
+    test_output = re.sub(r'((\w|\.)+)\((\d+)\):', r'\1:\3:', test_output)
+
+  return test_output
+
+
+def RemoveTestCounts(output):
+  """Removes test counts from a Google Test program's output."""
+
+  output = re.sub(r'\d+ tests?, listed below',
+                  '? tests, listed below', output)
+  output = re.sub(r'\d+ FAILED TESTS',
+                  '? FAILED TESTS', output)
+  output = re.sub(r'\d+ tests? from \d+ test cases?',
+                  '? tests from ? test cases', output)
+  output = re.sub(r'\d+ tests? from ([a-zA-Z_])',
+                  r'? tests from \1', output)
+  return re.sub(r'\d+ tests?\.', '? tests.', output)
+
+
+def RemoveMatchingTests(test_output, pattern):
+  """Removes output of specified tests from a Google Test program's output.
+
+  This function strips not only the beginning and the end of a test but also
+  all output in between.
+
+  Args:
+    test_output:       A string containing the test output.
+    pattern:           A regex string that matches names of test cases or
+                       tests to remove.
+
+  Returns:
+    Contents of test_output with tests whose names match pattern removed.
+  """
+
+  test_output = re.sub(
+      r'.*\[ RUN      \] .*%s(.|\n)*?\[(  FAILED  |       OK )\] .*%s.*\n' % (
+          pattern, pattern),
+      '',
+      test_output)
+  return re.sub(r'.*%s.*\n' % pattern, '', test_output)
+
+
+def NormalizeOutput(output):
+  """Normalizes output (the output of gtest_output_test_.exe)."""
+
+  output = ToUnixLineEnding(output)
+  output = RemoveLocations(output)
+  output = RemoveStackTraceDetails(output)
+  output = RemoveTime(output)
+  return output
+
+
+def GetShellCommandOutput(env_cmd):
+  """Runs a command in a sub-process, and returns its output in a string.
+
+  Args:
+    env_cmd: The shell command. A 2-tuple where element 0 is a dict of extra
+             environment variables to set, and element 1 is a string with
+             the command and any flags.
+
+  Returns:
+    A string with the command's combined standard and diagnostic output.
+  """
+
+  # Spawns cmd in a sub-process, and gets its standard I/O file objects.
+  # Set and save the environment properly.
+  environ = os.environ.copy()
+  environ.update(env_cmd[0])
+  p = gtest_test_utils.Subprocess(env_cmd[1], env=environ)
+
+  return p.output
+
+
+def GetCommandOutput(env_cmd):
+  """Runs a command and returns its output with all file location
+  info stripped off.
+
+  Args:
+    env_cmd:  The shell command. A 2-tuple where element 0 is a dict of extra
+              environment variables to set, and element 1 is a string with
+              the command and any flags.
+  """
+
+  # Disables exception pop-ups on Windows.
+  environ, cmdline = env_cmd
+  environ = dict(environ)  # Ensures we are modifying a copy.
+  environ[CATCH_EXCEPTIONS_ENV_VAR_NAME] = '1'
+  return NormalizeOutput(GetShellCommandOutput((environ, cmdline)))
+
+
+def GetOutputOfAllCommands():
+  """Returns concatenated output from several representative commands."""
+
+  return (GetCommandOutput(COMMAND_WITH_COLOR) +
+          GetCommandOutput(COMMAND_WITH_TIME) +
+          GetCommandOutput(COMMAND_WITH_DISABLED) +
+          GetCommandOutput(COMMAND_WITH_SHARDING))
+
+
+test_list = GetShellCommandOutput(COMMAND_LIST_TESTS)
+SUPPORTS_DEATH_TESTS = 'DeathTest' in test_list
+SUPPORTS_TYPED_TESTS = 'TypedTest' in test_list
+SUPPORTS_THREADS = 'ExpectFailureWithThreadsTest' in test_list
+SUPPORTS_STACK_TRACES = False
+
+CAN_GENERATE_GOLDEN_FILE = (SUPPORTS_DEATH_TESTS and
+                            SUPPORTS_TYPED_TESTS and
+                            SUPPORTS_THREADS and
+                            not IS_WINDOWS)
+
+class GTestOutputTest(gtest_test_utils.TestCase):
+  def RemoveUnsupportedTests(self, test_output):
+    if not SUPPORTS_DEATH_TESTS:
+      test_output = RemoveMatchingTests(test_output, 'DeathTest')
+    if not SUPPORTS_TYPED_TESTS:
+      test_output = RemoveMatchingTests(test_output, 'TypedTest')
+      test_output = RemoveMatchingTests(test_output, 'TypedDeathTest')
+      test_output = RemoveMatchingTests(test_output, 'TypeParamDeathTest')
+    if not SUPPORTS_THREADS:
+      test_output = RemoveMatchingTests(test_output,
+                                        'ExpectFailureWithThreadsTest')
+      test_output = RemoveMatchingTests(test_output,
+                                        'ScopedFakeTestPartResultReporterTest')
+      test_output = RemoveMatchingTests(test_output,
+                                        'WorksConcurrently')
+    if not SUPPORTS_STACK_TRACES:
+      test_output = RemoveStackTraces(test_output)
+
+    return test_output
+
+  def testOutput(self):
+    output = GetOutputOfAllCommands()
+
+    golden_file = open(GOLDEN_PATH, 'rb')
+    # A mis-configured source control system can cause \r appear in EOL
+    # sequences when we read the golden file irrespective of an operating
+    # system used. Therefore, we need to strip those \r's from newlines
+    # unconditionally.
+    golden = ToUnixLineEnding(golden_file.read())
+    golden_file.close()
+
+    # We want the test to pass regardless of certain features being
+    # supported or not.
+
+    # We still have to remove type name specifics in all cases.
+    normalized_actual = RemoveTypeInfoDetails(output)
+    normalized_golden = RemoveTypeInfoDetails(golden)
+
+    if CAN_GENERATE_GOLDEN_FILE:
+      self.assertEqual(normalized_golden, normalized_actual)
+    else:
+      normalized_actual = NormalizeToCurrentPlatform(
+          RemoveTestCounts(normalized_actual))
+      normalized_golden = NormalizeToCurrentPlatform(
+          RemoveTestCounts(self.RemoveUnsupportedTests(normalized_golden)))
+
+      # This code is very handy when debugging golden file differences:
+      if os.getenv('DEBUG_GTEST_OUTPUT_TEST'):
+        open(os.path.join(
+            gtest_test_utils.GetSourceDir(),
+            '_gtest_output_test_normalized_actual.txt'), 'wb').write(
+                normalized_actual)
+        open(os.path.join(
+            gtest_test_utils.GetSourceDir(),
+            '_gtest_output_test_normalized_golden.txt'), 'wb').write(
+                normalized_golden)
+
+      self.assertEqual(normalized_golden, normalized_actual)
+
+
+if __name__ == '__main__':
+  if sys.argv[1:] == [GENGOLDEN_FLAG]:
+    if CAN_GENERATE_GOLDEN_FILE:
+      output = GetOutputOfAllCommands()
+      golden_file = open(GOLDEN_PATH, 'wb')
+      golden_file.write(output)
+      golden_file.close()
+    else:
+      message = (
+          """Unable to write a golden file when compiled in an environment
+that does not support all the required features (death tests, typed tests,
+and multiple threads).  Please generate the golden file using a binary built
+with those features enabled.""")
+
+      sys.stderr.write(message)
+      sys.exit(1)
+  else:
+    gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_output_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_output_test_.cc
new file mode 100644
index 0000000..5361d8d
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_output_test_.cc
@@ -0,0 +1,1039 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// The purpose of this file is to generate Google Test output under
+// various conditions.  The output will then be verified by
+// gtest_output_test.py to ensure that Google Test generates the
+// desired messages.  Therefore, most tests in this file are MEANT TO
+// FAIL.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest-spi.h"
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#include <stdlib.h>
+
+#if GTEST_IS_THREADSAFE
+using testing::ScopedFakeTestPartResultReporter;
+using testing::TestPartResultArray;
+
+using testing::internal::Notification;
+using testing::internal::ThreadWithParam;
+#endif
+
+namespace posix = ::testing::internal::posix;
+using testing::internal::scoped_ptr;
+
+// Tests catching fatal failures.
+
+// A subroutine used by the following test.
+void TestEq1(int x) {
+  ASSERT_EQ(1, x);
+}
+
+// This function calls a test subroutine, catches the fatal failure it
+// generates, and then returns early.
+void TryTestSubroutine() {
+  // Calls a subrountine that yields a fatal failure.
+  TestEq1(2);
+
+  // Catches the fatal failure and aborts the test.
+  //
+  // The testing::Test:: prefix is necessary when calling
+  // HasFatalFailure() outside of a TEST, TEST_F, or test fixture.
+  if (testing::Test::HasFatalFailure()) return;
+
+  // If we get here, something is wrong.
+  FAIL() << "This should never be reached.";
+}
+
+TEST(PassingTest, PassingTest1) {
+}
+
+TEST(PassingTest, PassingTest2) {
+}
+
+// Tests that parameters of failing parameterized tests are printed in the
+// failing test summary.
+class FailingParamTest : public testing::TestWithParam<int> {};
+
+TEST_P(FailingParamTest, Fails) {
+  EXPECT_EQ(1, GetParam());
+}
+
+// This generates a test which will fail. Google Test is expected to print
+// its parameter when it outputs the list of all failed tests.
+INSTANTIATE_TEST_CASE_P(PrintingFailingParams,
+                        FailingParamTest,
+                        testing::Values(2));
+
+static const char kGoldenString[] = "\"Line\0 1\"\nLine 2";
+
+TEST(NonfatalFailureTest, EscapesStringOperands) {
+  std::string actual = "actual \"string\"";
+  EXPECT_EQ(kGoldenString, actual);
+
+  const char* golden = kGoldenString;
+  EXPECT_EQ(golden, actual);
+}
+
+TEST(NonfatalFailureTest, DiffForLongStrings) {
+  std::string golden_str(kGoldenString, sizeof(kGoldenString) - 1);
+  EXPECT_EQ(golden_str, "Line 2");
+}
+
+// Tests catching a fatal failure in a subroutine.
+TEST(FatalFailureTest, FatalFailureInSubroutine) {
+  printf("(expecting a failure that x should be 1)\n");
+
+  TryTestSubroutine();
+}
+
+// Tests catching a fatal failure in a nested subroutine.
+TEST(FatalFailureTest, FatalFailureInNestedSubroutine) {
+  printf("(expecting a failure that x should be 1)\n");
+
+  // Calls a subrountine that yields a fatal failure.
+  TryTestSubroutine();
+
+  // Catches the fatal failure and aborts the test.
+  //
+  // When calling HasFatalFailure() inside a TEST, TEST_F, or test
+  // fixture, the testing::Test:: prefix is not needed.
+  if (HasFatalFailure()) return;
+
+  // If we get here, something is wrong.
+  FAIL() << "This should never be reached.";
+}
+
+// Tests HasFatalFailure() after a failed EXPECT check.
+TEST(FatalFailureTest, NonfatalFailureInSubroutine) {
+  printf("(expecting a failure on false)\n");
+  EXPECT_TRUE(false);  // Generates a nonfatal failure
+  ASSERT_FALSE(HasFatalFailure());  // This should succeed.
+}
+
+// Tests interleaving user logging and Google Test assertions.
+TEST(LoggingTest, InterleavingLoggingAndAssertions) {
+  static const int a[4] = {
+    3, 9, 2, 6
+  };
+
+  printf("(expecting 2 failures on (3) >= (a[i]))\n");
+  for (int i = 0; i < static_cast<int>(sizeof(a)/sizeof(*a)); i++) {
+    printf("i == %d\n", i);
+    EXPECT_GE(3, a[i]);
+  }
+}
+
+// Tests the SCOPED_TRACE macro.
+
+// A helper function for testing SCOPED_TRACE.
+void SubWithoutTrace(int n) {
+  EXPECT_EQ(1, n);
+  ASSERT_EQ(2, n);
+}
+
+// Another helper function for testing SCOPED_TRACE.
+void SubWithTrace(int n) {
+  SCOPED_TRACE(testing::Message() << "n = " << n);
+
+  SubWithoutTrace(n);
+}
+
+// Tests that SCOPED_TRACE() obeys lexical scopes.
+TEST(SCOPED_TRACETest, ObeysScopes) {
+  printf("(expected to fail)\n");
+
+  // There should be no trace before SCOPED_TRACE() is invoked.
+  ADD_FAILURE() << "This failure is expected, and shouldn't have a trace.";
+
+  {
+    SCOPED_TRACE("Expected trace");
+    // After SCOPED_TRACE(), a failure in the current scope should contain
+    // the trace.
+    ADD_FAILURE() << "This failure is expected, and should have a trace.";
+  }
+
+  // Once the control leaves the scope of the SCOPED_TRACE(), there
+  // should be no trace again.
+  ADD_FAILURE() << "This failure is expected, and shouldn't have a trace.";
+}
+
+// Tests that SCOPED_TRACE works inside a loop.
+TEST(SCOPED_TRACETest, WorksInLoop) {
+  printf("(expected to fail)\n");
+
+  for (int i = 1; i <= 2; i++) {
+    SCOPED_TRACE(testing::Message() << "i = " << i);
+
+    SubWithoutTrace(i);
+  }
+}
+
+// Tests that SCOPED_TRACE works in a subroutine.
+TEST(SCOPED_TRACETest, WorksInSubroutine) {
+  printf("(expected to fail)\n");
+
+  SubWithTrace(1);
+  SubWithTrace(2);
+}
+
+// Tests that SCOPED_TRACE can be nested.
+TEST(SCOPED_TRACETest, CanBeNested) {
+  printf("(expected to fail)\n");
+
+  SCOPED_TRACE("");  // A trace without a message.
+
+  SubWithTrace(2);
+}
+
+// Tests that multiple SCOPED_TRACEs can be used in the same scope.
+TEST(SCOPED_TRACETest, CanBeRepeated) {
+  printf("(expected to fail)\n");
+
+  SCOPED_TRACE("A");
+  ADD_FAILURE()
+      << "This failure is expected, and should contain trace point A.";
+
+  SCOPED_TRACE("B");
+  ADD_FAILURE()
+      << "This failure is expected, and should contain trace point A and B.";
+
+  {
+    SCOPED_TRACE("C");
+    ADD_FAILURE() << "This failure is expected, and should "
+                  << "contain trace point A, B, and C.";
+  }
+
+  SCOPED_TRACE("D");
+  ADD_FAILURE() << "This failure is expected, and should "
+                << "contain trace point A, B, and D.";
+}
+
+#if GTEST_IS_THREADSAFE
+// Tests that SCOPED_TRACE()s can be used concurrently from multiple
+// threads.  Namely, an assertion should be affected by
+// SCOPED_TRACE()s in its own thread only.
+
+// Here's the sequence of actions that happen in the test:
+//
+//   Thread A (main)                | Thread B (spawned)
+//   ===============================|================================
+//   spawns thread B                |
+//   -------------------------------+--------------------------------
+//   waits for n1                   | SCOPED_TRACE("Trace B");
+//                                  | generates failure #1
+//                                  | notifies n1
+//   -------------------------------+--------------------------------
+//   SCOPED_TRACE("Trace A");       | waits for n2
+//   generates failure #2           |
+//   notifies n2                    |
+//   -------------------------------|--------------------------------
+//   waits for n3                   | generates failure #3
+//                                  | trace B dies
+//                                  | generates failure #4
+//                                  | notifies n3
+//   -------------------------------|--------------------------------
+//   generates failure #5           | finishes
+//   trace A dies                   |
+//   generates failure #6           |
+//   -------------------------------|--------------------------------
+//   waits for thread B to finish   |
+
+struct CheckPoints {
+  Notification n1;
+  Notification n2;
+  Notification n3;
+};
+
+static void ThreadWithScopedTrace(CheckPoints* check_points) {
+  {
+    SCOPED_TRACE("Trace B");
+    ADD_FAILURE()
+        << "Expected failure #1 (in thread B, only trace B alive).";
+    check_points->n1.Notify();
+    check_points->n2.WaitForNotification();
+
+    ADD_FAILURE()
+        << "Expected failure #3 (in thread B, trace A & B both alive).";
+  }  // Trace B dies here.
+  ADD_FAILURE()
+      << "Expected failure #4 (in thread B, only trace A alive).";
+  check_points->n3.Notify();
+}
+
+TEST(SCOPED_TRACETest, WorksConcurrently) {
+  printf("(expecting 6 failures)\n");
+
+  CheckPoints check_points;
+  ThreadWithParam<CheckPoints*> thread(&ThreadWithScopedTrace,
+                                       &check_points,
+                                       NULL);
+  check_points.n1.WaitForNotification();
+
+  {
+    SCOPED_TRACE("Trace A");
+    ADD_FAILURE()
+        << "Expected failure #2 (in thread A, trace A & B both alive).";
+    check_points.n2.Notify();
+    check_points.n3.WaitForNotification();
+
+    ADD_FAILURE()
+        << "Expected failure #5 (in thread A, only trace A alive).";
+  }  // Trace A dies here.
+  ADD_FAILURE()
+      << "Expected failure #6 (in thread A, no trace alive).";
+  thread.Join();
+}
+#endif  // GTEST_IS_THREADSAFE
+
+TEST(DisabledTestsWarningTest,
+     DISABLED_AlsoRunDisabledTestsFlagSuppressesWarning) {
+  // This test body is intentionally empty.  Its sole purpose is for
+  // verifying that the --gtest_also_run_disabled_tests flag
+  // suppresses the "YOU HAVE 12 DISABLED TESTS" warning at the end of
+  // the test output.
+}
+
+// Tests using assertions outside of TEST and TEST_F.
+//
+// This function creates two failures intentionally.
+void AdHocTest() {
+  printf("The non-test part of the code is expected to have 2 failures.\n\n");
+  EXPECT_TRUE(false);
+  EXPECT_EQ(2, 3);
+}
+
+// Runs all TESTs, all TEST_Fs, and the ad hoc test.
+int RunAllTests() {
+  AdHocTest();
+  return RUN_ALL_TESTS();
+}
+
+// Tests non-fatal failures in the fixture constructor.
+class NonFatalFailureInFixtureConstructorTest : public testing::Test {
+ protected:
+  NonFatalFailureInFixtureConstructorTest() {
+    printf("(expecting 5 failures)\n");
+    ADD_FAILURE() << "Expected failure #1, in the test fixture c'tor.";
+  }
+
+  ~NonFatalFailureInFixtureConstructorTest() {
+    ADD_FAILURE() << "Expected failure #5, in the test fixture d'tor.";
+  }
+
+  virtual void SetUp() {
+    ADD_FAILURE() << "Expected failure #2, in SetUp().";
+  }
+
+  virtual void TearDown() {
+    ADD_FAILURE() << "Expected failure #4, in TearDown.";
+  }
+};
+
+TEST_F(NonFatalFailureInFixtureConstructorTest, FailureInConstructor) {
+  ADD_FAILURE() << "Expected failure #3, in the test body.";
+}
+
+// Tests fatal failures in the fixture constructor.
+class FatalFailureInFixtureConstructorTest : public testing::Test {
+ protected:
+  FatalFailureInFixtureConstructorTest() {
+    printf("(expecting 2 failures)\n");
+    Init();
+  }
+
+  ~FatalFailureInFixtureConstructorTest() {
+    ADD_FAILURE() << "Expected failure #2, in the test fixture d'tor.";
+  }
+
+  virtual void SetUp() {
+    ADD_FAILURE() << "UNEXPECTED failure in SetUp().  "
+                  << "We should never get here, as the test fixture c'tor "
+                  << "had a fatal failure.";
+  }
+
+  virtual void TearDown() {
+    ADD_FAILURE() << "UNEXPECTED failure in TearDown().  "
+                  << "We should never get here, as the test fixture c'tor "
+                  << "had a fatal failure.";
+  }
+
+ private:
+  void Init() {
+    FAIL() << "Expected failure #1, in the test fixture c'tor.";
+  }
+};
+
+TEST_F(FatalFailureInFixtureConstructorTest, FailureInConstructor) {
+  ADD_FAILURE() << "UNEXPECTED failure in the test body.  "
+                << "We should never get here, as the test fixture c'tor "
+                << "had a fatal failure.";
+}
+
+// Tests non-fatal failures in SetUp().
+class NonFatalFailureInSetUpTest : public testing::Test {
+ protected:
+  virtual ~NonFatalFailureInSetUpTest() {
+    Deinit();
+  }
+
+  virtual void SetUp() {
+    printf("(expecting 4 failures)\n");
+    ADD_FAILURE() << "Expected failure #1, in SetUp().";
+  }
+
+  virtual void TearDown() {
+    FAIL() << "Expected failure #3, in TearDown().";
+  }
+ private:
+  void Deinit() {
+    FAIL() << "Expected failure #4, in the test fixture d'tor.";
+  }
+};
+
+TEST_F(NonFatalFailureInSetUpTest, FailureInSetUp) {
+  FAIL() << "Expected failure #2, in the test function.";
+}
+
+// Tests fatal failures in SetUp().
+class FatalFailureInSetUpTest : public testing::Test {
+ protected:
+  virtual ~FatalFailureInSetUpTest() {
+    Deinit();
+  }
+
+  virtual void SetUp() {
+    printf("(expecting 3 failures)\n");
+    FAIL() << "Expected failure #1, in SetUp().";
+  }
+
+  virtual void TearDown() {
+    FAIL() << "Expected failure #2, in TearDown().";
+  }
+ private:
+  void Deinit() {
+    FAIL() << "Expected failure #3, in the test fixture d'tor.";
+  }
+};
+
+TEST_F(FatalFailureInSetUpTest, FailureInSetUp) {
+  FAIL() << "UNEXPECTED failure in the test function.  "
+         << "We should never get here, as SetUp() failed.";
+}
+
+TEST(AddFailureAtTest, MessageContainsSpecifiedFileAndLineNumber) {
+  ADD_FAILURE_AT("foo.cc", 42) << "Expected failure in foo.cc";
+}
+
+#if GTEST_IS_THREADSAFE
+
+// A unary function that may die.
+void DieIf(bool should_die) {
+  GTEST_CHECK_(!should_die) << " - death inside DieIf().";
+}
+
+// Tests running death tests in a multi-threaded context.
+
+// Used for coordination between the main and the spawn thread.
+struct SpawnThreadNotifications {
+  SpawnThreadNotifications() {}
+
+  Notification spawn_thread_started;
+  Notification spawn_thread_ok_to_terminate;
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(SpawnThreadNotifications);
+};
+
+// The function to be executed in the thread spawn by the
+// MultipleThreads test (below).
+static void ThreadRoutine(SpawnThreadNotifications* notifications) {
+  // Signals the main thread that this thread has started.
+  notifications->spawn_thread_started.Notify();
+
+  // Waits for permission to finish from the main thread.
+  notifications->spawn_thread_ok_to_terminate.WaitForNotification();
+}
+
+// This is a death-test test, but it's not named with a DeathTest
+// suffix.  It starts threads which might interfere with later
+// death tests, so it must run after all other death tests.
+class DeathTestAndMultiThreadsTest : public testing::Test {
+ protected:
+  // Starts a thread and waits for it to begin.
+  virtual void SetUp() {
+    thread_.reset(new ThreadWithParam<SpawnThreadNotifications*>(
+        &ThreadRoutine, &notifications_, NULL));
+    notifications_.spawn_thread_started.WaitForNotification();
+  }
+  // Tells the thread to finish, and reaps it.
+  // Depending on the version of the thread library in use,
+  // a manager thread might still be left running that will interfere
+  // with later death tests.  This is unfortunate, but this class
+  // cleans up after itself as best it can.
+  virtual void TearDown() {
+    notifications_.spawn_thread_ok_to_terminate.Notify();
+  }
+
+ private:
+  SpawnThreadNotifications notifications_;
+  scoped_ptr<ThreadWithParam<SpawnThreadNotifications*> > thread_;
+};
+
+#endif  // GTEST_IS_THREADSAFE
+
+// The MixedUpTestCaseTest test case verifies that Google Test will fail a
+// test if it uses a different fixture class than what other tests in
+// the same test case use.  It deliberately contains two fixture
+// classes with the same name but defined in different namespaces.
+
+// The MixedUpTestCaseWithSameTestNameTest test case verifies that
+// when the user defines two tests with the same test case name AND
+// same test name (but in different namespaces), the second test will
+// fail.
+
+namespace foo {
+
+class MixedUpTestCaseTest : public testing::Test {
+};
+
+TEST_F(MixedUpTestCaseTest, FirstTestFromNamespaceFoo) {}
+TEST_F(MixedUpTestCaseTest, SecondTestFromNamespaceFoo) {}
+
+class MixedUpTestCaseWithSameTestNameTest : public testing::Test {
+};
+
+TEST_F(MixedUpTestCaseWithSameTestNameTest,
+       TheSecondTestWithThisNameShouldFail) {}
+
+}  // namespace foo
+
+namespace bar {
+
+class MixedUpTestCaseTest : public testing::Test {
+};
+
+// The following two tests are expected to fail.  We rely on the
+// golden file to check that Google Test generates the right error message.
+TEST_F(MixedUpTestCaseTest, ThisShouldFail) {}
+TEST_F(MixedUpTestCaseTest, ThisShouldFailToo) {}
+
+class MixedUpTestCaseWithSameTestNameTest : public testing::Test {
+};
+
+// Expected to fail.  We rely on the golden file to check that Google Test
+// generates the right error message.
+TEST_F(MixedUpTestCaseWithSameTestNameTest,
+       TheSecondTestWithThisNameShouldFail) {}
+
+}  // namespace bar
+
+// The following two test cases verify that Google Test catches the user
+// error of mixing TEST and TEST_F in the same test case.  The first
+// test case checks the scenario where TEST_F appears before TEST, and
+// the second one checks where TEST appears before TEST_F.
+
+class TEST_F_before_TEST_in_same_test_case : public testing::Test {
+};
+
+TEST_F(TEST_F_before_TEST_in_same_test_case, DefinedUsingTEST_F) {}
+
+// Expected to fail.  We rely on the golden file to check that Google Test
+// generates the right error message.
+TEST(TEST_F_before_TEST_in_same_test_case, DefinedUsingTESTAndShouldFail) {}
+
+class TEST_before_TEST_F_in_same_test_case : public testing::Test {
+};
+
+TEST(TEST_before_TEST_F_in_same_test_case, DefinedUsingTEST) {}
+
+// Expected to fail.  We rely on the golden file to check that Google Test
+// generates the right error message.
+TEST_F(TEST_before_TEST_F_in_same_test_case, DefinedUsingTEST_FAndShouldFail) {
+}
+
+// Used for testing EXPECT_NONFATAL_FAILURE() and EXPECT_FATAL_FAILURE().
+int global_integer = 0;
+
+// Tests that EXPECT_NONFATAL_FAILURE() can reference global variables.
+TEST(ExpectNonfatalFailureTest, CanReferenceGlobalVariables) {
+  global_integer = 0;
+  EXPECT_NONFATAL_FAILURE({
+    EXPECT_EQ(1, global_integer) << "Expected non-fatal failure.";
+  }, "Expected non-fatal failure.");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() can reference local variables
+// (static or not).
+TEST(ExpectNonfatalFailureTest, CanReferenceLocalVariables) {
+  int m = 0;
+  static int n;
+  n = 1;
+  EXPECT_NONFATAL_FAILURE({
+    EXPECT_EQ(m, n) << "Expected non-fatal failure.";
+  }, "Expected non-fatal failure.");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() succeeds when there is exactly
+// one non-fatal failure and no fatal failure.
+TEST(ExpectNonfatalFailureTest, SucceedsWhenThereIsOneNonfatalFailure) {
+  EXPECT_NONFATAL_FAILURE({
+    ADD_FAILURE() << "Expected non-fatal failure.";
+  }, "Expected non-fatal failure.");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when there is no
+// non-fatal failure.
+TEST(ExpectNonfatalFailureTest, FailsWhenThereIsNoNonfatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+  }, "");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when there are two
+// non-fatal failures.
+TEST(ExpectNonfatalFailureTest, FailsWhenThereAreTwoNonfatalFailures) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+    ADD_FAILURE() << "Expected non-fatal failure 1.";
+    ADD_FAILURE() << "Expected non-fatal failure 2.";
+  }, "");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when there is one fatal
+// failure.
+TEST(ExpectNonfatalFailureTest, FailsWhenThereIsOneFatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+    FAIL() << "Expected fatal failure.";
+  }, "");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when the statement being
+// tested returns.
+TEST(ExpectNonfatalFailureTest, FailsWhenStatementReturns) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+    return;
+  }, "");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when the statement being
+// tested throws.
+TEST(ExpectNonfatalFailureTest, FailsWhenStatementThrows) {
+  printf("(expecting a failure)\n");
+  try {
+    EXPECT_NONFATAL_FAILURE({
+      throw 0;
+    }, "");
+  } catch(int) {  // NOLINT
+  }
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Tests that EXPECT_FATAL_FAILURE() can reference global variables.
+TEST(ExpectFatalFailureTest, CanReferenceGlobalVariables) {
+  global_integer = 0;
+  EXPECT_FATAL_FAILURE({
+    ASSERT_EQ(1, global_integer) << "Expected fatal failure.";
+  }, "Expected fatal failure.");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() can reference local static
+// variables.
+TEST(ExpectFatalFailureTest, CanReferenceLocalStaticVariables) {
+  static int n;
+  n = 1;
+  EXPECT_FATAL_FAILURE({
+    ASSERT_EQ(0, n) << "Expected fatal failure.";
+  }, "Expected fatal failure.");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() succeeds when there is exactly
+// one fatal failure and no non-fatal failure.
+TEST(ExpectFatalFailureTest, SucceedsWhenThereIsOneFatalFailure) {
+  EXPECT_FATAL_FAILURE({
+    FAIL() << "Expected fatal failure.";
+  }, "Expected fatal failure.");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when there is no fatal
+// failure.
+TEST(ExpectFatalFailureTest, FailsWhenThereIsNoFatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+  }, "");
+}
+
+// A helper for generating a fatal failure.
+void FatalFailure() {
+  FAIL() << "Expected fatal failure.";
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when there are two
+// fatal failures.
+TEST(ExpectFatalFailureTest, FailsWhenThereAreTwoFatalFailures) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+    FatalFailure();
+    FatalFailure();
+  }, "");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when there is one non-fatal
+// failure.
+TEST(ExpectFatalFailureTest, FailsWhenThereIsOneNonfatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+    ADD_FAILURE() << "Expected non-fatal failure.";
+  }, "");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when the statement being
+// tested returns.
+TEST(ExpectFatalFailureTest, FailsWhenStatementReturns) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+    return;
+  }, "");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Tests that EXPECT_FATAL_FAILURE() fails when the statement being
+// tested throws.
+TEST(ExpectFatalFailureTest, FailsWhenStatementThrows) {
+  printf("(expecting a failure)\n");
+  try {
+    EXPECT_FATAL_FAILURE({
+      throw 0;
+    }, "");
+  } catch(int) {  // NOLINT
+  }
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// This #ifdef block tests the output of typed tests.
+#if GTEST_HAS_TYPED_TEST
+
+template <typename T>
+class TypedTest : public testing::Test {
+};
+
+TYPED_TEST_CASE(TypedTest, testing::Types<int>);
+
+TYPED_TEST(TypedTest, Success) {
+  EXPECT_EQ(0, TypeParam());
+}
+
+TYPED_TEST(TypedTest, Failure) {
+  EXPECT_EQ(1, TypeParam()) << "Expected failure";
+}
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// This #ifdef block tests the output of type-parameterized tests.
+#if GTEST_HAS_TYPED_TEST_P
+
+template <typename T>
+class TypedTestP : public testing::Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP);
+
+TYPED_TEST_P(TypedTestP, Success) {
+  EXPECT_EQ(0U, TypeParam());
+}
+
+TYPED_TEST_P(TypedTestP, Failure) {
+  EXPECT_EQ(1U, TypeParam()) << "Expected failure";
+}
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP, Success, Failure);
+
+typedef testing::Types<unsigned char, unsigned int> UnsignedTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(Unsigned, TypedTestP, UnsignedTypes);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#if GTEST_HAS_DEATH_TEST
+
+// We rely on the golden file to verify that tests whose test case
+// name ends with DeathTest are run first.
+
+TEST(ADeathTest, ShouldRunFirst) {
+}
+
+# if GTEST_HAS_TYPED_TEST
+
+// We rely on the golden file to verify that typed tests whose test
+// case name ends with DeathTest are run first.
+
+template <typename T>
+class ATypedDeathTest : public testing::Test {
+};
+
+typedef testing::Types<int, double> NumericTypes;
+TYPED_TEST_CASE(ATypedDeathTest, NumericTypes);
+
+TYPED_TEST(ATypedDeathTest, ShouldRunFirst) {
+}
+
+# endif  // GTEST_HAS_TYPED_TEST
+
+# if GTEST_HAS_TYPED_TEST_P
+
+
+// We rely on the golden file to verify that type-parameterized tests
+// whose test case name ends with DeathTest are run first.
+
+template <typename T>
+class ATypeParamDeathTest : public testing::Test {
+};
+
+TYPED_TEST_CASE_P(ATypeParamDeathTest);
+
+TYPED_TEST_P(ATypeParamDeathTest, ShouldRunFirst) {
+}
+
+REGISTER_TYPED_TEST_CASE_P(ATypeParamDeathTest, ShouldRunFirst);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, ATypeParamDeathTest, NumericTypes);
+
+# endif  // GTEST_HAS_TYPED_TEST_P
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Tests various failure conditions of
+// EXPECT_{,NON}FATAL_FAILURE{,_ON_ALL_THREADS}.
+class ExpectFailureTest : public testing::Test {
+ public:  // Must be public and not protected due to a bug in g++ 3.4.2.
+  enum FailureMode {
+    FATAL_FAILURE,
+    NONFATAL_FAILURE
+  };
+  static void AddFailure(FailureMode failure) {
+    if (failure == FATAL_FAILURE) {
+      FAIL() << "Expected fatal failure.";
+    } else {
+      ADD_FAILURE() << "Expected non-fatal failure.";
+    }
+  }
+};
+
+TEST_F(ExpectFailureTest, ExpectFatalFailure) {
+  // Expected fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE(SUCCEED(), "Expected fatal failure.");
+  // Expected fatal failure, but got a non-fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE(AddFailure(NONFATAL_FAILURE), "Expected non-fatal "
+                       "failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE(AddFailure(FATAL_FAILURE), "Some other fatal failure "
+                       "expected.");
+}
+
+TEST_F(ExpectFailureTest, ExpectNonFatalFailure) {
+  // Expected non-fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE(SUCCEED(), "Expected non-fatal failure.");
+  // Expected non-fatal failure, but got a fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE(AddFailure(FATAL_FAILURE), "Expected fatal failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE(AddFailure(NONFATAL_FAILURE), "Some other non-fatal "
+                          "failure.");
+}
+
+#if GTEST_IS_THREADSAFE
+
+class ExpectFailureWithThreadsTest : public ExpectFailureTest {
+ protected:
+  static void AddFailureInOtherThread(FailureMode failure) {
+    ThreadWithParam<FailureMode> thread(&AddFailure, failure, NULL);
+    thread.Join();
+  }
+};
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectFatalFailure) {
+  // We only intercept the current thread.
+  printf("(expecting 2 failures)\n");
+  EXPECT_FATAL_FAILURE(AddFailureInOtherThread(FATAL_FAILURE),
+                       "Expected fatal failure.");
+}
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectNonFatalFailure) {
+  // We only intercept the current thread.
+  printf("(expecting 2 failures)\n");
+  EXPECT_NONFATAL_FAILURE(AddFailureInOtherThread(NONFATAL_FAILURE),
+                          "Expected non-fatal failure.");
+}
+
+typedef ExpectFailureWithThreadsTest ScopedFakeTestPartResultReporterTest;
+
+// Tests that the ScopedFakeTestPartResultReporter only catches failures from
+// the current thread if it is instantiated with INTERCEPT_ONLY_CURRENT_THREAD.
+TEST_F(ScopedFakeTestPartResultReporterTest, InterceptOnlyCurrentThread) {
+  printf("(expecting 2 failures)\n");
+  TestPartResultArray results;
+  {
+    ScopedFakeTestPartResultReporter reporter(
+        ScopedFakeTestPartResultReporter::INTERCEPT_ONLY_CURRENT_THREAD,
+        &results);
+    AddFailureInOtherThread(FATAL_FAILURE);
+    AddFailureInOtherThread(NONFATAL_FAILURE);
+  }
+  // The two failures should not have been intercepted.
+  EXPECT_EQ(0, results.size()) << "This shouldn't fail.";
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+TEST_F(ExpectFailureTest, ExpectFatalFailureOnAllThreads) {
+  // Expected fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(SUCCEED(), "Expected fatal failure.");
+  // Expected fatal failure, but got a non-fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFailure(NONFATAL_FAILURE),
+                                      "Expected non-fatal failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFailure(FATAL_FAILURE),
+                                      "Some other fatal failure expected.");
+}
+
+TEST_F(ExpectFailureTest, ExpectNonFatalFailureOnAllThreads) {
+  // Expected non-fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(SUCCEED(), "Expected non-fatal "
+                                         "failure.");
+  // Expected non-fatal failure, but got a fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(AddFailure(FATAL_FAILURE),
+                                         "Expected fatal failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(AddFailure(NONFATAL_FAILURE),
+                                         "Some other non-fatal failure.");
+}
+
+
+// Two test environments for testing testing::AddGlobalTestEnvironment().
+
+class FooEnvironment : public testing::Environment {
+ public:
+  virtual void SetUp() {
+    printf("%s", "FooEnvironment::SetUp() called.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s", "FooEnvironment::TearDown() called.\n");
+    FAIL() << "Expected fatal failure.";
+  }
+};
+
+class BarEnvironment : public testing::Environment {
+ public:
+  virtual void SetUp() {
+    printf("%s", "BarEnvironment::SetUp() called.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s", "BarEnvironment::TearDown() called.\n");
+    ADD_FAILURE() << "Expected non-fatal failure.";
+  }
+};
+
+bool GTEST_FLAG(internal_skip_environment_and_ad_hoc_tests) = false;
+
+// The main function.
+//
+// The idea is to use Google Test to run all the tests we have defined (some
+// of them are intended to fail), and then compare the test results
+// with the "golden" file.
+int main(int argc, char **argv) {
+  testing::GTEST_FLAG(print_time) = false;
+
+  // We just run the tests, knowing some of them are intended to fail.
+  // We will use a separate Python script to compare the output of
+  // this program with the golden file.
+
+  // It's hard to test InitGoogleTest() directly, as it has many
+  // global side effects.  The following line serves as a sanity test
+  // for it.
+  testing::InitGoogleTest(&argc, argv);
+  if (argc >= 2 &&
+      (std::string(argv[1]) ==
+       "--gtest_internal_skip_environment_and_ad_hoc_tests"))
+    GTEST_FLAG(internal_skip_environment_and_ad_hoc_tests) = true;
+
+#if GTEST_HAS_DEATH_TEST
+  if (testing::internal::GTEST_FLAG(internal_run_death_test) != "") {
+    // Skip the usual output capturing if we're running as the child
+    // process of an threadsafe-style death test.
+# if GTEST_OS_WINDOWS
+    posix::FReopen("nul:", "w", stdout);
+# else
+    posix::FReopen("/dev/null", "w", stdout);
+# endif  // GTEST_OS_WINDOWS
+    return RUN_ALL_TESTS();
+  }
+#endif  // GTEST_HAS_DEATH_TEST
+
+  if (GTEST_FLAG(internal_skip_environment_and_ad_hoc_tests))
+    return RUN_ALL_TESTS();
+
+  // Registers two global test environments.
+  // The golden file verifies that they are set up in the order they
+  // are registered, and torn down in the reverse order.
+  testing::AddGlobalTestEnvironment(new FooEnvironment);
+  testing::AddGlobalTestEnvironment(new BarEnvironment);
+
+  return RunAllTests();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_output_test_golden_lin.txt b/nss/external_tests/google_test/gtest/test/gtest_output_test_golden_lin.txt
new file mode 100644
index 0000000..da54170
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_output_test_golden_lin.txt
@@ -0,0 +1,732 @@
+The non-test part of the code is expected to have 2 failures.
+
+gtest_output_test_.cc:#: Failure
+Value of: false
+  Actual: false
+Expected: true
+gtest_output_test_.cc:#: Failure
+Value of: 3
+Expected: 2
+[==========] Running 64 tests from 28 test cases.
+[----------] Global test environment set-up.
+FooEnvironment::SetUp() called.
+BarEnvironment::SetUp() called.
+[----------] 1 test from ADeathTest
+[ RUN      ] ADeathTest.ShouldRunFirst
+[       OK ] ADeathTest.ShouldRunFirst
+[----------] 1 test from ATypedDeathTest/0, where TypeParam = int
+[ RUN      ] ATypedDeathTest/0.ShouldRunFirst
+[       OK ] ATypedDeathTest/0.ShouldRunFirst
+[----------] 1 test from ATypedDeathTest/1, where TypeParam = double
+[ RUN      ] ATypedDeathTest/1.ShouldRunFirst
+[       OK ] ATypedDeathTest/1.ShouldRunFirst
+[----------] 1 test from My/ATypeParamDeathTest/0, where TypeParam = int
+[ RUN      ] My/ATypeParamDeathTest/0.ShouldRunFirst
+[       OK ] My/ATypeParamDeathTest/0.ShouldRunFirst
+[----------] 1 test from My/ATypeParamDeathTest/1, where TypeParam = double
+[ RUN      ] My/ATypeParamDeathTest/1.ShouldRunFirst
+[       OK ] My/ATypeParamDeathTest/1.ShouldRunFirst
+[----------] 2 tests from PassingTest
+[ RUN      ] PassingTest.PassingTest1
+[       OK ] PassingTest.PassingTest1
+[ RUN      ] PassingTest.PassingTest2
+[       OK ] PassingTest.PassingTest2
+[----------] 2 tests from NonfatalFailureTest
+[ RUN      ] NonfatalFailureTest.EscapesStringOperands
+gtest_output_test_.cc:#: Failure
+Value of: actual
+  Actual: "actual \"string\""
+Expected: kGoldenString
+Which is: "\"Line"
+gtest_output_test_.cc:#: Failure
+Value of: actual
+  Actual: "actual \"string\""
+Expected: golden
+Which is: "\"Line"
+[  FAILED  ] NonfatalFailureTest.EscapesStringOperands
+[ RUN      ] NonfatalFailureTest.DiffForLongStrings
+gtest_output_test_.cc:#: Failure
+Value of: "Line 2"
+Expected: golden_str
+Which is: "\"Line\0 1\"\nLine 2"
+With diff:
+@@ -1,2 @@
+-\"Line\0 1\"
+ Line 2
+
+[  FAILED  ] NonfatalFailureTest.DiffForLongStrings
+[----------] 3 tests from FatalFailureTest
+[ RUN      ] FatalFailureTest.FatalFailureInSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine
+[ RUN      ] FatalFailureTest.FatalFailureInNestedSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine
+[ RUN      ] FatalFailureTest.NonfatalFailureInSubroutine
+(expecting a failure on false)
+gtest_output_test_.cc:#: Failure
+Value of: false
+  Actual: false
+Expected: true
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine
+[----------] 1 test from LoggingTest
+[ RUN      ] LoggingTest.InterleavingLoggingAndAssertions
+(expecting 2 failures on (3) >= (a[i]))
+i == 0
+i == 1
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 9
+i == 2
+i == 3
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 6
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions
+[----------] 6 tests from SCOPED_TRACETest
+[ RUN      ] SCOPED_TRACETest.ObeysScopes
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and shouldn't have a trace.
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should have a trace.
+Google Test trace:
+gtest_output_test_.cc:#: Expected trace
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and shouldn't have a trace.
+[  FAILED  ] SCOPED_TRACETest.ObeysScopes
+[ RUN      ] SCOPED_TRACETest.WorksInLoop
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 1
+Expected: 2
+Google Test trace:
+gtest_output_test_.cc:#: i = 1
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 2
+Expected: 1
+Google Test trace:
+gtest_output_test_.cc:#: i = 2
+[  FAILED  ] SCOPED_TRACETest.WorksInLoop
+[ RUN      ] SCOPED_TRACETest.WorksInSubroutine
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 1
+Expected: 2
+Google Test trace:
+gtest_output_test_.cc:#: n = 1
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 2
+Expected: 1
+Google Test trace:
+gtest_output_test_.cc:#: n = 2
+[  FAILED  ] SCOPED_TRACETest.WorksInSubroutine
+[ RUN      ] SCOPED_TRACETest.CanBeNested
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 2
+Expected: 1
+Google Test trace:
+gtest_output_test_.cc:#: n = 2
+gtest_output_test_.cc:#: 
+[  FAILED  ] SCOPED_TRACETest.CanBeNested
+[ RUN      ] SCOPED_TRACETest.CanBeRepeated
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A.
+Google Test trace:
+gtest_output_test_.cc:#: A
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A and B.
+Google Test trace:
+gtest_output_test_.cc:#: B
+gtest_output_test_.cc:#: A
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A, B, and C.
+Google Test trace:
+gtest_output_test_.cc:#: C
+gtest_output_test_.cc:#: B
+gtest_output_test_.cc:#: A
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A, B, and D.
+Google Test trace:
+gtest_output_test_.cc:#: D
+gtest_output_test_.cc:#: B
+gtest_output_test_.cc:#: A
+[  FAILED  ] SCOPED_TRACETest.CanBeRepeated
+[ RUN      ] SCOPED_TRACETest.WorksConcurrently
+(expecting 6 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1 (in thread B, only trace B alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace B
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2 (in thread A, trace A & B both alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace A
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3 (in thread B, trace A & B both alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace B
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #4 (in thread B, only trace A alive).
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #5 (in thread A, only trace A alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace A
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #6 (in thread A, no trace alive).
+[  FAILED  ] SCOPED_TRACETest.WorksConcurrently
+[----------] 1 test from NonFatalFailureInFixtureConstructorTest
+[ RUN      ] NonFatalFailureInFixtureConstructorTest.FailureInConstructor
+(expecting 5 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in the test fixture c'tor.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in SetUp().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3, in the test body.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #4, in TearDown.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #5, in the test fixture d'tor.
+[  FAILED  ] NonFatalFailureInFixtureConstructorTest.FailureInConstructor
+[----------] 1 test from FatalFailureInFixtureConstructorTest
+[ RUN      ] FatalFailureInFixtureConstructorTest.FailureInConstructor
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in the test fixture c'tor.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in the test fixture d'tor.
+[  FAILED  ] FatalFailureInFixtureConstructorTest.FailureInConstructor
+[----------] 1 test from NonFatalFailureInSetUpTest
+[ RUN      ] NonFatalFailureInSetUpTest.FailureInSetUp
+(expecting 4 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in SetUp().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in the test function.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3, in TearDown().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #4, in the test fixture d'tor.
+[  FAILED  ] NonFatalFailureInSetUpTest.FailureInSetUp
+[----------] 1 test from FatalFailureInSetUpTest
+[ RUN      ] FatalFailureInSetUpTest.FailureInSetUp
+(expecting 3 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in SetUp().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in TearDown().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3, in the test fixture d'tor.
+[  FAILED  ] FatalFailureInSetUpTest.FailureInSetUp
+[----------] 1 test from AddFailureAtTest
+[ RUN      ] AddFailureAtTest.MessageContainsSpecifiedFileAndLineNumber
+foo.cc:42: Failure
+Failed
+Expected failure in foo.cc
+[  FAILED  ] AddFailureAtTest.MessageContainsSpecifiedFileAndLineNumber
+[----------] 4 tests from MixedUpTestCaseTest
+[ RUN      ] MixedUpTestCaseTest.FirstTestFromNamespaceFoo
+[       OK ] MixedUpTestCaseTest.FirstTestFromNamespaceFoo
+[ RUN      ] MixedUpTestCaseTest.SecondTestFromNamespaceFoo
+[       OK ] MixedUpTestCaseTest.SecondTestFromNamespaceFoo
+[ RUN      ] MixedUpTestCaseTest.ThisShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class.  However, in test case MixedUpTestCaseTest,
+you defined test FirstTestFromNamespaceFoo and test ThisShouldFail
+using two different test fixture classes.  This can happen if
+the two classes are from different namespaces or translation
+units and have the same name.  You should probably rename one
+of the classes to put the tests into different test cases.
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFail
+[ RUN      ] MixedUpTestCaseTest.ThisShouldFailToo
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class.  However, in test case MixedUpTestCaseTest,
+you defined test FirstTestFromNamespaceFoo and test ThisShouldFailToo
+using two different test fixture classes.  This can happen if
+the two classes are from different namespaces or translation
+units and have the same name.  You should probably rename one
+of the classes to put the tests into different test cases.
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFailToo
+[----------] 2 tests from MixedUpTestCaseWithSameTestNameTest
+[ RUN      ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[       OK ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[ RUN      ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class.  However, in test case MixedUpTestCaseWithSameTestNameTest,
+you defined test TheSecondTestWithThisNameShouldFail and test TheSecondTestWithThisNameShouldFail
+using two different test fixture classes.  This can happen if
+the two classes are from different namespaces or translation
+units and have the same name.  You should probably rename one
+of the classes to put the tests into different test cases.
+[  FAILED  ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[----------] 2 tests from TEST_F_before_TEST_in_same_test_case
+[ RUN      ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTEST_F
+[       OK ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTEST_F
+[ RUN      ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTESTAndShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class, so mixing TEST_F and TEST in the same test case is
+illegal.  In test case TEST_F_before_TEST_in_same_test_case,
+test DefinedUsingTEST_F is defined using TEST_F but
+test DefinedUsingTESTAndShouldFail is defined using TEST.  You probably
+want to change the TEST to TEST_F or move it to another test
+case.
+[  FAILED  ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTESTAndShouldFail
+[----------] 2 tests from TEST_before_TEST_F_in_same_test_case
+[ RUN      ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST
+[       OK ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST
+[ RUN      ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST_FAndShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class, so mixing TEST_F and TEST in the same test case is
+illegal.  In test case TEST_before_TEST_F_in_same_test_case,
+test DefinedUsingTEST_FAndShouldFail is defined using TEST_F but
+test DefinedUsingTEST is defined using TEST.  You probably
+want to change the TEST to TEST_F or move it to another test
+case.
+[  FAILED  ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST_FAndShouldFail
+[----------] 8 tests from ExpectNonfatalFailureTest
+[ RUN      ] ExpectNonfatalFailureTest.CanReferenceGlobalVariables
+[       OK ] ExpectNonfatalFailureTest.CanReferenceGlobalVariables
+[ RUN      ] ExpectNonfatalFailureTest.CanReferenceLocalVariables
+[       OK ] ExpectNonfatalFailureTest.CanReferenceLocalVariables
+[ RUN      ] ExpectNonfatalFailureTest.SucceedsWhenThereIsOneNonfatalFailure
+[       OK ] ExpectNonfatalFailureTest.SucceedsWhenThereIsOneNonfatalFailure
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenThereIsNoNonfatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsNoNonfatalFailure
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenThereAreTwoNonfatalFailures
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 2 failures
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure 1.
+
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure 2.
+
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereAreTwoNonfatalFailures
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenThereIsOneFatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsOneFatalFailure
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenStatementReturns
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementReturns
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenStatementThrows
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementThrows
+[----------] 8 tests from ExpectFatalFailureTest
+[ RUN      ] ExpectFatalFailureTest.CanReferenceGlobalVariables
+[       OK ] ExpectFatalFailureTest.CanReferenceGlobalVariables
+[ RUN      ] ExpectFatalFailureTest.CanReferenceLocalStaticVariables
+[       OK ] ExpectFatalFailureTest.CanReferenceLocalStaticVariables
+[ RUN      ] ExpectFatalFailureTest.SucceedsWhenThereIsOneFatalFailure
+[       OK ] ExpectFatalFailureTest.SucceedsWhenThereIsOneFatalFailure
+[ RUN      ] ExpectFatalFailureTest.FailsWhenThereIsNoFatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsNoFatalFailure
+[ RUN      ] ExpectFatalFailureTest.FailsWhenThereAreTwoFatalFailures
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 2 failures
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereAreTwoFatalFailures
+[ RUN      ] ExpectFatalFailureTest.FailsWhenThereIsOneNonfatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsOneNonfatalFailure
+[ RUN      ] ExpectFatalFailureTest.FailsWhenStatementReturns
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementReturns
+[ RUN      ] ExpectFatalFailureTest.FailsWhenStatementThrows
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementThrows
+[----------] 2 tests from TypedTest/0, where TypeParam = int
+[ RUN      ] TypedTest/0.Success
+[       OK ] TypedTest/0.Success
+[ RUN      ] TypedTest/0.Failure
+gtest_output_test_.cc:#: Failure
+Value of: TypeParam()
+  Actual: 0
+Expected: 1
+Expected failure
+[  FAILED  ] TypedTest/0.Failure, where TypeParam = int
+[----------] 2 tests from Unsigned/TypedTestP/0, where TypeParam = unsigned char
+[ RUN      ] Unsigned/TypedTestP/0.Success
+[       OK ] Unsigned/TypedTestP/0.Success
+[ RUN      ] Unsigned/TypedTestP/0.Failure
+gtest_output_test_.cc:#: Failure
+Value of: TypeParam()
+  Actual: '\0'
+Expected: 1U
+Which is: 1
+Expected failure
+[  FAILED  ] Unsigned/TypedTestP/0.Failure, where TypeParam = unsigned char
+[----------] 2 tests from Unsigned/TypedTestP/1, where TypeParam = unsigned int
+[ RUN      ] Unsigned/TypedTestP/1.Success
+[       OK ] Unsigned/TypedTestP/1.Success
+[ RUN      ] Unsigned/TypedTestP/1.Failure
+gtest_output_test_.cc:#: Failure
+Value of: TypeParam()
+  Actual: 0
+Expected: 1U
+Which is: 1
+Expected failure
+[  FAILED  ] Unsigned/TypedTestP/1.Failure, where TypeParam = unsigned int
+[----------] 4 tests from ExpectFailureTest
+[ RUN      ] ExpectFailureTest.ExpectFatalFailure
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure containing "Some other fatal failure expected."
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailure
+[ RUN      ] ExpectFailureTest.ExpectNonFatalFailure
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure containing "Some other non-fatal failure."
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailure
+[ RUN      ] ExpectFailureTest.ExpectFatalFailureOnAllThreads
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure containing "Some other fatal failure expected."
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailureOnAllThreads
+[ RUN      ] ExpectFailureTest.ExpectNonFatalFailureOnAllThreads
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure containing "Some other non-fatal failure."
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailureOnAllThreads
+[----------] 2 tests from ExpectFailureWithThreadsTest
+[ RUN      ] ExpectFailureWithThreadsTest.ExpectFatalFailure
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected fatal failure.
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectFatalFailure
+[ RUN      ] ExpectFailureWithThreadsTest.ExpectNonFatalFailure
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected non-fatal failure.
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectNonFatalFailure
+[----------] 1 test from ScopedFakeTestPartResultReporterTest
+[ RUN      ] ScopedFakeTestPartResultReporterTest.InterceptOnlyCurrentThread
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected fatal failure.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected non-fatal failure.
+[  FAILED  ] ScopedFakeTestPartResultReporterTest.InterceptOnlyCurrentThread
+[----------] 1 test from PrintingFailingParams/FailingParamTest
+[ RUN      ] PrintingFailingParams/FailingParamTest.Fails/0
+gtest_output_test_.cc:#: Failure
+Value of: GetParam()
+  Actual: 2
+Expected: 1
+[  FAILED  ] PrintingFailingParams/FailingParamTest.Fails/0, where GetParam() = 2
+[----------] Global test environment tear-down
+BarEnvironment::TearDown() called.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected non-fatal failure.
+FooEnvironment::TearDown() called.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected fatal failure.
+[==========] 64 tests from 28 test cases ran.
+[  PASSED  ] 21 tests.
+[  FAILED  ] 43 tests, listed below:
+[  FAILED  ] NonfatalFailureTest.EscapesStringOperands
+[  FAILED  ] NonfatalFailureTest.DiffForLongStrings
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions
+[  FAILED  ] SCOPED_TRACETest.ObeysScopes
+[  FAILED  ] SCOPED_TRACETest.WorksInLoop
+[  FAILED  ] SCOPED_TRACETest.WorksInSubroutine
+[  FAILED  ] SCOPED_TRACETest.CanBeNested
+[  FAILED  ] SCOPED_TRACETest.CanBeRepeated
+[  FAILED  ] SCOPED_TRACETest.WorksConcurrently
+[  FAILED  ] NonFatalFailureInFixtureConstructorTest.FailureInConstructor
+[  FAILED  ] FatalFailureInFixtureConstructorTest.FailureInConstructor
+[  FAILED  ] NonFatalFailureInSetUpTest.FailureInSetUp
+[  FAILED  ] FatalFailureInSetUpTest.FailureInSetUp
+[  FAILED  ] AddFailureAtTest.MessageContainsSpecifiedFileAndLineNumber
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFail
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFailToo
+[  FAILED  ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[  FAILED  ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTESTAndShouldFail
+[  FAILED  ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST_FAndShouldFail
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsNoNonfatalFailure
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereAreTwoNonfatalFailures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsOneFatalFailure
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementReturns
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementThrows
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsNoFatalFailure
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereAreTwoFatalFailures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsOneNonfatalFailure
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementReturns
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementThrows
+[  FAILED  ] TypedTest/0.Failure, where TypeParam = int
+[  FAILED  ] Unsigned/TypedTestP/0.Failure, where TypeParam = unsigned char
+[  FAILED  ] Unsigned/TypedTestP/1.Failure, where TypeParam = unsigned int
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailure
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailure
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailureOnAllThreads
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailureOnAllThreads
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectFatalFailure
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectNonFatalFailure
+[  FAILED  ] ScopedFakeTestPartResultReporterTest.InterceptOnlyCurrentThread
+[  FAILED  ] PrintingFailingParams/FailingParamTest.Fails/0, where GetParam() = 2
+
+43 FAILED TESTS
+  YOU HAVE 1 DISABLED TEST
+
+Note: Google Test filter = FatalFailureTest.*:LoggingTest.*
+[==========] Running 4 tests from 2 test cases.
+[----------] Global test environment set-up.
+[----------] 3 tests from FatalFailureTest
+[ RUN      ] FatalFailureTest.FatalFailureInSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine (? ms)
+[ RUN      ] FatalFailureTest.FatalFailureInNestedSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine (? ms)
+[ RUN      ] FatalFailureTest.NonfatalFailureInSubroutine
+(expecting a failure on false)
+gtest_output_test_.cc:#: Failure
+Value of: false
+  Actual: false
+Expected: true
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine (? ms)
+[----------] 3 tests from FatalFailureTest (? ms total)
+
+[----------] 1 test from LoggingTest
+[ RUN      ] LoggingTest.InterleavingLoggingAndAssertions
+(expecting 2 failures on (3) >= (a[i]))
+i == 0
+i == 1
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 9
+i == 2
+i == 3
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 6
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions (? ms)
+[----------] 1 test from LoggingTest (? ms total)
+
+[----------] Global test environment tear-down
+[==========] 4 tests from 2 test cases ran. (? ms total)
+[  PASSED  ] 0 tests.
+[  FAILED  ] 4 tests, listed below:
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions
+
+ 4 FAILED TESTS
+Note: Google Test filter = *DISABLED_*
+[==========] Running 1 test from 1 test case.
+[----------] Global test environment set-up.
+[----------] 1 test from DisabledTestsWarningTest
+[ RUN      ] DisabledTestsWarningTest.DISABLED_AlsoRunDisabledTestsFlagSuppressesWarning
+[       OK ] DisabledTestsWarningTest.DISABLED_AlsoRunDisabledTestsFlagSuppressesWarning
+[----------] Global test environment tear-down
+[==========] 1 test from 1 test case ran.
+[  PASSED  ] 1 test.
+Note: Google Test filter = PassingTest.*
+Note: This is test shard 2 of 2.
+[==========] Running 1 test from 1 test case.
+[----------] Global test environment set-up.
+[----------] 1 test from PassingTest
+[ RUN      ] PassingTest.PassingTest2
+[       OK ] PassingTest.PassingTest2
+[----------] Global test environment tear-down
+[==========] 1 test from 1 test case ran.
+[  PASSED  ] 1 test.
diff --git a/nss/external_tests/google_test/gtest/test/gtest_pred_impl_unittest.cc b/nss/external_tests/google_test/gtest/test/gtest_pred_impl_unittest.cc
new file mode 100644
index 0000000..a84eff8
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_pred_impl_unittest.cc
@@ -0,0 +1,2427 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on 10/31/2011 by command
+// 'gen_gtest_pred_impl.py 5'.  DO NOT EDIT BY HAND!
+
+// Regression test for gtest_pred_impl.h
+//
+// This file is generated by a script and quite long.  If you intend to
+// learn how Google Test works by reading its unit tests, read
+// gtest_unittest.cc instead.
+//
+// This is intended as a regression test for the Google Test predicate
+// assertions.  We compile it as part of the gtest_unittest target
+// only to keep the implementation tidy and compact, as it is quite
+// involved to set up the stage for testing Google Test using Google
+// Test itself.
+//
+// Currently, gtest_unittest takes ~11 seconds to run in the testing
+// daemon.  In the future, if it grows too large and needs much more
+// time to finish, we should consider separating this file into a
+// stand-alone regression test.
+
+#include <iostream>
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+// A user-defined data type.
+struct Bool {
+  explicit Bool(int val) : value(val != 0) {}
+
+  bool operator>(int n) const { return value > Bool(n).value; }
+
+  Bool operator+(const Bool& rhs) const { return Bool(value + rhs.value); }
+
+  bool operator==(const Bool& rhs) const { return value == rhs.value; }
+
+  bool value;
+};
+
+// Enables Bool to be used in assertions.
+std::ostream& operator<<(std::ostream& os, const Bool& x) {
+  return os << (x.value ? "true" : "false");
+}
+
+// Sample functions/functors for testing unary predicate assertions.
+
+// A unary predicate function.
+template <typename T1>
+bool PredFunction1(T1 v1) {
+  return v1 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction1Int(int v1) {
+  return v1 > 0;
+}
+bool PredFunction1Bool(Bool v1) {
+  return v1 > 0;
+}
+
+// A unary predicate functor.
+struct PredFunctor1 {
+  template <typename T1>
+  bool operator()(const T1& v1) {
+    return v1 > 0;
+  }
+};
+
+// A unary predicate-formatter function.
+template <typename T1>
+testing::AssertionResult PredFormatFunction1(const char* e1,
+                                             const T1& v1) {
+  if (PredFunction1(v1))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1
+      << " is expected to be positive, but evaluates to "
+      << v1 << ".";
+}
+
+// A unary predicate-formatter functor.
+struct PredFormatFunctor1 {
+  template <typename T1>
+  testing::AssertionResult operator()(const char* e1,
+                                      const T1& v1) const {
+    return PredFormatFunction1(e1, v1);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT1.
+
+class Predicate1Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+};
+
+bool Predicate1Test::expected_to_finish_;
+bool Predicate1Test::finished_;
+int Predicate1Test::n1_;
+
+typedef Predicate1Test EXPECT_PRED_FORMAT1Test;
+typedef Predicate1Test ASSERT_PRED_FORMAT1Test;
+typedef Predicate1Test EXPECT_PRED1Test;
+typedef Predicate1Test ASSERT_PRED1Test;
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED1(PredFunction1Int,
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED1(PredFunction1Bool,
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED1(PredFunctor1(),
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED1(PredFunctor1(),
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunction1Int,
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunction1Bool,
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunctor1(),
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunctor1(),
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED1(PredFunction1Int,
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED1(PredFunction1Bool,
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED1(PredFunctor1(),
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED1(PredFunctor1(),
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunction1Int,
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunction1Bool,
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunctor1(),
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunctor1(),
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing binary predicate assertions.
+
+// A binary predicate function.
+template <typename T1, typename T2>
+bool PredFunction2(T1 v1, T2 v2) {
+  return v1 + v2 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction2Int(int v1, int v2) {
+  return v1 + v2 > 0;
+}
+bool PredFunction2Bool(Bool v1, Bool v2) {
+  return v1 + v2 > 0;
+}
+
+// A binary predicate functor.
+struct PredFunctor2 {
+  template <typename T1, typename T2>
+  bool operator()(const T1& v1,
+                  const T2& v2) {
+    return v1 + v2 > 0;
+  }
+};
+
+// A binary predicate-formatter function.
+template <typename T1, typename T2>
+testing::AssertionResult PredFormatFunction2(const char* e1,
+                                             const char* e2,
+                                             const T1& v1,
+                                             const T2& v2) {
+  if (PredFunction2(v1, v2))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 << ".";
+}
+
+// A binary predicate-formatter functor.
+struct PredFormatFunctor2 {
+  template <typename T1, typename T2>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const T1& v1,
+                                      const T2& v2) const {
+    return PredFormatFunction2(e1, e2, v1, v2);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT2.
+
+class Predicate2Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+};
+
+bool Predicate2Test::expected_to_finish_;
+bool Predicate2Test::finished_;
+int Predicate2Test::n1_;
+int Predicate2Test::n2_;
+
+typedef Predicate2Test EXPECT_PRED_FORMAT2Test;
+typedef Predicate2Test ASSERT_PRED_FORMAT2Test;
+typedef Predicate2Test EXPECT_PRED2Test;
+typedef Predicate2Test ASSERT_PRED2Test;
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED2(PredFunction2Int,
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED2(PredFunction2Bool,
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED2(PredFunctor2(),
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED2(PredFunctor2(),
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunction2Int,
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunction2Bool,
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunctor2(),
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunctor2(),
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED2(PredFunction2Int,
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED2(PredFunction2Bool,
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED2(PredFunctor2(),
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED2(PredFunctor2(),
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunction2Int,
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunction2Bool,
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunctor2(),
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunctor2(),
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing ternary predicate assertions.
+
+// A ternary predicate function.
+template <typename T1, typename T2, typename T3>
+bool PredFunction3(T1 v1, T2 v2, T3 v3) {
+  return v1 + v2 + v3 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction3Int(int v1, int v2, int v3) {
+  return v1 + v2 + v3 > 0;
+}
+bool PredFunction3Bool(Bool v1, Bool v2, Bool v3) {
+  return v1 + v2 + v3 > 0;
+}
+
+// A ternary predicate functor.
+struct PredFunctor3 {
+  template <typename T1, typename T2, typename T3>
+  bool operator()(const T1& v1,
+                  const T2& v2,
+                  const T3& v3) {
+    return v1 + v2 + v3 > 0;
+  }
+};
+
+// A ternary predicate-formatter function.
+template <typename T1, typename T2, typename T3>
+testing::AssertionResult PredFormatFunction3(const char* e1,
+                                             const char* e2,
+                                             const char* e3,
+                                             const T1& v1,
+                                             const T2& v2,
+                                             const T3& v3) {
+  if (PredFunction3(v1, v2, v3))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2 << " + " << e3
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 + v3 << ".";
+}
+
+// A ternary predicate-formatter functor.
+struct PredFormatFunctor3 {
+  template <typename T1, typename T2, typename T3>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const char* e3,
+                                      const T1& v1,
+                                      const T2& v2,
+                                      const T3& v3) const {
+    return PredFormatFunction3(e1, e2, e3, v1, v2, v3);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT3.
+
+class Predicate3Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = n3_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+    EXPECT_EQ(1, n3_) <<
+        "The predicate assertion didn't evaluate argument 4 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+  static int n3_;
+};
+
+bool Predicate3Test::expected_to_finish_;
+bool Predicate3Test::finished_;
+int Predicate3Test::n1_;
+int Predicate3Test::n2_;
+int Predicate3Test::n3_;
+
+typedef Predicate3Test EXPECT_PRED_FORMAT3Test;
+typedef Predicate3Test ASSERT_PRED_FORMAT3Test;
+typedef Predicate3Test EXPECT_PRED3Test;
+typedef Predicate3Test ASSERT_PRED3Test;
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED3(PredFunction3Int,
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED3(PredFunction3Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED3(PredFunctor3(),
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED3(PredFunctor3(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunction3Int,
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunction3Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunctor3(),
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunctor3(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED3(PredFunction3Int,
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED3(PredFunction3Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED3(PredFunctor3(),
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED3(PredFunctor3(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunction3Int,
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunction3Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunctor3(),
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunctor3(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing 4-ary predicate assertions.
+
+// A 4-ary predicate function.
+template <typename T1, typename T2, typename T3, typename T4>
+bool PredFunction4(T1 v1, T2 v2, T3 v3, T4 v4) {
+  return v1 + v2 + v3 + v4 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction4Int(int v1, int v2, int v3, int v4) {
+  return v1 + v2 + v3 + v4 > 0;
+}
+bool PredFunction4Bool(Bool v1, Bool v2, Bool v3, Bool v4) {
+  return v1 + v2 + v3 + v4 > 0;
+}
+
+// A 4-ary predicate functor.
+struct PredFunctor4 {
+  template <typename T1, typename T2, typename T3, typename T4>
+  bool operator()(const T1& v1,
+                  const T2& v2,
+                  const T3& v3,
+                  const T4& v4) {
+    return v1 + v2 + v3 + v4 > 0;
+  }
+};
+
+// A 4-ary predicate-formatter function.
+template <typename T1, typename T2, typename T3, typename T4>
+testing::AssertionResult PredFormatFunction4(const char* e1,
+                                             const char* e2,
+                                             const char* e3,
+                                             const char* e4,
+                                             const T1& v1,
+                                             const T2& v2,
+                                             const T3& v3,
+                                             const T4& v4) {
+  if (PredFunction4(v1, v2, v3, v4))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2 << " + " << e3 << " + " << e4
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 + v3 + v4 << ".";
+}
+
+// A 4-ary predicate-formatter functor.
+struct PredFormatFunctor4 {
+  template <typename T1, typename T2, typename T3, typename T4>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const char* e3,
+                                      const char* e4,
+                                      const T1& v1,
+                                      const T2& v2,
+                                      const T3& v3,
+                                      const T4& v4) const {
+    return PredFormatFunction4(e1, e2, e3, e4, v1, v2, v3, v4);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT4.
+
+class Predicate4Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = n3_ = n4_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+    EXPECT_EQ(1, n3_) <<
+        "The predicate assertion didn't evaluate argument 4 "
+        "exactly once.";
+    EXPECT_EQ(1, n4_) <<
+        "The predicate assertion didn't evaluate argument 5 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+  static int n3_;
+  static int n4_;
+};
+
+bool Predicate4Test::expected_to_finish_;
+bool Predicate4Test::finished_;
+int Predicate4Test::n1_;
+int Predicate4Test::n2_;
+int Predicate4Test::n3_;
+int Predicate4Test::n4_;
+
+typedef Predicate4Test EXPECT_PRED_FORMAT4Test;
+typedef Predicate4Test ASSERT_PRED_FORMAT4Test;
+typedef Predicate4Test EXPECT_PRED4Test;
+typedef Predicate4Test ASSERT_PRED4Test;
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED4(PredFunction4Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED4(PredFunction4Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED4(PredFunctor4(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED4(PredFunctor4(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunction4Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunction4Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunctor4(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunctor4(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED4(PredFunction4Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED4(PredFunction4Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED4(PredFunctor4(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED4(PredFunctor4(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunction4Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunction4Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunctor4(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunctor4(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing 5-ary predicate assertions.
+
+// A 5-ary predicate function.
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+bool PredFunction5(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5) {
+  return v1 + v2 + v3 + v4 + v5 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction5Int(int v1, int v2, int v3, int v4, int v5) {
+  return v1 + v2 + v3 + v4 + v5 > 0;
+}
+bool PredFunction5Bool(Bool v1, Bool v2, Bool v3, Bool v4, Bool v5) {
+  return v1 + v2 + v3 + v4 + v5 > 0;
+}
+
+// A 5-ary predicate functor.
+struct PredFunctor5 {
+  template <typename T1, typename T2, typename T3, typename T4, typename T5>
+  bool operator()(const T1& v1,
+                  const T2& v2,
+                  const T3& v3,
+                  const T4& v4,
+                  const T5& v5) {
+    return v1 + v2 + v3 + v4 + v5 > 0;
+  }
+};
+
+// A 5-ary predicate-formatter function.
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+testing::AssertionResult PredFormatFunction5(const char* e1,
+                                             const char* e2,
+                                             const char* e3,
+                                             const char* e4,
+                                             const char* e5,
+                                             const T1& v1,
+                                             const T2& v2,
+                                             const T3& v3,
+                                             const T4& v4,
+                                             const T5& v5) {
+  if (PredFunction5(v1, v2, v3, v4, v5))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2 << " + " << e3 << " + " << e4 << " + " << e5
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 + v3 + v4 + v5 << ".";
+}
+
+// A 5-ary predicate-formatter functor.
+struct PredFormatFunctor5 {
+  template <typename T1, typename T2, typename T3, typename T4, typename T5>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const char* e3,
+                                      const char* e4,
+                                      const char* e5,
+                                      const T1& v1,
+                                      const T2& v2,
+                                      const T3& v3,
+                                      const T4& v4,
+                                      const T5& v5) const {
+    return PredFormatFunction5(e1, e2, e3, e4, e5, v1, v2, v3, v4, v5);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT5.
+
+class Predicate5Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = n3_ = n4_ = n5_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+    EXPECT_EQ(1, n3_) <<
+        "The predicate assertion didn't evaluate argument 4 "
+        "exactly once.";
+    EXPECT_EQ(1, n4_) <<
+        "The predicate assertion didn't evaluate argument 5 "
+        "exactly once.";
+    EXPECT_EQ(1, n5_) <<
+        "The predicate assertion didn't evaluate argument 6 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+  static int n3_;
+  static int n4_;
+  static int n5_;
+};
+
+bool Predicate5Test::expected_to_finish_;
+bool Predicate5Test::finished_;
+int Predicate5Test::n1_;
+int Predicate5Test::n2_;
+int Predicate5Test::n3_;
+int Predicate5Test::n4_;
+int Predicate5Test::n5_;
+
+typedef Predicate5Test EXPECT_PRED_FORMAT5Test;
+typedef Predicate5Test ASSERT_PRED_FORMAT5Test;
+typedef Predicate5Test EXPECT_PRED5Test;
+typedef Predicate5Test ASSERT_PRED5Test;
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED5(PredFunction5Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED5(PredFunction5Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED5(PredFunctor5(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED5(PredFunctor5(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunction5Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunction5Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunctor5(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunctor5(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED5(PredFunction5Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED5(PredFunction5Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED5(PredFunctor5(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED5(PredFunctor5(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunction5Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunction5Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunctor5(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunctor5(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_premature_exit_test.cc b/nss/external_tests/google_test/gtest/test/gtest_premature_exit_test.cc
new file mode 100644
index 0000000..c1ed968
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_premature_exit_test.cc
@@ -0,0 +1,143 @@
+// Copyright 2013, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests that Google Test manipulates the premature-exit-detection
+// file correctly.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::internal::posix::GetEnv;
+using ::testing::internal::posix::Stat;
+using ::testing::internal::posix::StatStruct;
+
+namespace {
+
+// Is the TEST_PREMATURE_EXIT_FILE environment variable expected to be
+// set?
+const bool kTestPrematureExitFileEnvVarShouldBeSet = false;
+
+class PrematureExitTest : public Test {
+ public:
+  // Returns true iff the given file exists.
+  static bool FileExists(const char* filepath) {
+    StatStruct stat;
+    return Stat(filepath, &stat) == 0;
+  }
+
+ protected:
+  PrematureExitTest() {
+    premature_exit_file_path_ = GetEnv("TEST_PREMATURE_EXIT_FILE");
+
+    // Normalize NULL to "" for ease of handling.
+    if (premature_exit_file_path_ == NULL) {
+      premature_exit_file_path_ = "";
+    }
+  }
+
+  // Returns true iff the premature-exit file exists.
+  bool PrematureExitFileExists() const {
+    return FileExists(premature_exit_file_path_);
+  }
+
+  const char* premature_exit_file_path_;
+};
+
+typedef PrematureExitTest PrematureExitDeathTest;
+
+// Tests that:
+//   - the premature-exit file exists during the execution of a
+//     death test (EXPECT_DEATH*), and
+//   - a death test doesn't interfere with the main test process's
+//     handling of the premature-exit file.
+TEST_F(PrematureExitDeathTest, FileExistsDuringExecutionOfDeathTest) {
+  if (*premature_exit_file_path_ == '\0') {
+    return;
+  }
+
+  EXPECT_DEATH_IF_SUPPORTED({
+      // If the file exists, crash the process such that the main test
+      // process will catch the (expected) crash and report a success;
+      // otherwise don't crash, which will cause the main test process
+      // to report that the death test has failed.
+      if (PrematureExitFileExists()) {
+        exit(1);
+      }
+    }, "");
+}
+
+// Tests that TEST_PREMATURE_EXIT_FILE is set where it's expected to
+// be set.
+TEST_F(PrematureExitTest, TestPrematureExitFileEnvVarIsSet) {
+  GTEST_INTENTIONAL_CONST_COND_PUSH_()
+  if (kTestPrematureExitFileEnvVarShouldBeSet) {
+  GTEST_INTENTIONAL_CONST_COND_POP_()
+    const char* const filepath = GetEnv("TEST_PREMATURE_EXIT_FILE");
+    ASSERT_TRUE(filepath != NULL);
+    ASSERT_NE(*filepath, '\0');
+  }
+}
+
+// Tests that the premature-exit file exists during the execution of a
+// normal (non-death) test.
+TEST_F(PrematureExitTest, PrematureExitFileExistsDuringTestExecution) {
+  if (*premature_exit_file_path_ == '\0') {
+    return;
+  }
+
+  EXPECT_TRUE(PrematureExitFileExists())
+      << " file " << premature_exit_file_path_
+      << " should exist during test execution, but doesn't.";
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+  const int exit_code = RUN_ALL_TESTS();
+
+  // Test that the premature-exit file is deleted upon return from
+  // RUN_ALL_TESTS().
+  const char* const filepath = GetEnv("TEST_PREMATURE_EXIT_FILE");
+  if (filepath != NULL && *filepath != '\0') {
+    if (PrematureExitTest::FileExists(filepath)) {
+      printf(
+          "File %s shouldn't exist after the test program finishes, but does.",
+          filepath);
+      return 1;
+    }
+  }
+
+  return exit_code;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_prod_test.cc b/nss/external_tests/google_test/gtest/test/gtest_prod_test.cc
new file mode 100644
index 0000000..060abce
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_prod_test.cc
@@ -0,0 +1,57 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Unit test for include/gtest/gtest_prod.h.
+
+#include "gtest/gtest.h"
+#include "test/production.h"
+
+// Tests that private members can be accessed from a TEST declared as
+// a friend of the class.
+TEST(PrivateCodeTest, CanAccessPrivateMembers) {
+  PrivateCode a;
+  EXPECT_EQ(0, a.x_);
+
+  a.set_x(1);
+  EXPECT_EQ(1, a.x_);
+}
+
+typedef testing::Test PrivateCodeFixtureTest;
+
+// Tests that private members can be accessed from a TEST_F declared
+// as a friend of the class.
+TEST_F(PrivateCodeFixtureTest, CanAccessPrivateMembers) {
+  PrivateCode a;
+  EXPECT_EQ(0, a.x_);
+
+  a.set_x(2);
+  EXPECT_EQ(2, a.x_);
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_repeat_test.cc b/nss/external_tests/google_test/gtest/test/gtest_repeat_test.cc
new file mode 100644
index 0000000..481012a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_repeat_test.cc
@@ -0,0 +1,253 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests the --gtest_repeat=number flag.
+
+#include <stdlib.h>
+#include <iostream>
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+
+GTEST_DECLARE_string_(death_test_style);
+GTEST_DECLARE_string_(filter);
+GTEST_DECLARE_int32_(repeat);
+
+}  // namespace testing
+
+using testing::GTEST_FLAG(death_test_style);
+using testing::GTEST_FLAG(filter);
+using testing::GTEST_FLAG(repeat);
+
+namespace {
+
+// We need this when we are testing Google Test itself and therefore
+// cannot use Google Test assertions.
+#define GTEST_CHECK_INT_EQ_(expected, actual) \
+  do {\
+    const int expected_val = (expected);\
+    const int actual_val = (actual);\
+    if (::testing::internal::IsTrue(expected_val != actual_val)) {\
+      ::std::cout << "Value of: " #actual "\n"\
+                  << "  Actual: " << actual_val << "\n"\
+                  << "Expected: " #expected "\n"\
+                  << "Which is: " << expected_val << "\n";\
+      ::testing::internal::posix::Abort();\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+
+// Used for verifying that global environment set-up and tear-down are
+// inside the gtest_repeat loop.
+
+int g_environment_set_up_count = 0;
+int g_environment_tear_down_count = 0;
+
+class MyEnvironment : public testing::Environment {
+ public:
+  MyEnvironment() {}
+  virtual void SetUp() { g_environment_set_up_count++; }
+  virtual void TearDown() { g_environment_tear_down_count++; }
+};
+
+// A test that should fail.
+
+int g_should_fail_count = 0;
+
+TEST(FooTest, ShouldFail) {
+  g_should_fail_count++;
+  EXPECT_EQ(0, 1) << "Expected failure.";
+}
+
+// A test that should pass.
+
+int g_should_pass_count = 0;
+
+TEST(FooTest, ShouldPass) {
+  g_should_pass_count++;
+}
+
+// A test that contains a thread-safe death test and a fast death
+// test.  It should pass.
+
+int g_death_test_count = 0;
+
+TEST(BarDeathTest, ThreadSafeAndFast) {
+  g_death_test_count++;
+
+  GTEST_FLAG(death_test_style) = "threadsafe";
+  EXPECT_DEATH_IF_SUPPORTED(::testing::internal::posix::Abort(), "");
+
+  GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_DEATH_IF_SUPPORTED(::testing::internal::posix::Abort(), "");
+}
+
+#if GTEST_HAS_PARAM_TEST
+int g_param_test_count = 0;
+
+const int kNumberOfParamTests = 10;
+
+class MyParamTest : public testing::TestWithParam<int> {};
+
+TEST_P(MyParamTest, ShouldPass) {
+  // TODO(vladl@google.com): Make parameter value checking robust
+  //                         WRT order of tests.
+  GTEST_CHECK_INT_EQ_(g_param_test_count % kNumberOfParamTests, GetParam());
+  g_param_test_count++;
+}
+INSTANTIATE_TEST_CASE_P(MyParamSequence,
+                        MyParamTest,
+                        testing::Range(0, kNumberOfParamTests));
+#endif  // GTEST_HAS_PARAM_TEST
+
+// Resets the count for each test.
+void ResetCounts() {
+  g_environment_set_up_count = 0;
+  g_environment_tear_down_count = 0;
+  g_should_fail_count = 0;
+  g_should_pass_count = 0;
+  g_death_test_count = 0;
+#if GTEST_HAS_PARAM_TEST
+  g_param_test_count = 0;
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+// Checks that the count for each test is expected.
+void CheckCounts(int expected) {
+  GTEST_CHECK_INT_EQ_(expected, g_environment_set_up_count);
+  GTEST_CHECK_INT_EQ_(expected, g_environment_tear_down_count);
+  GTEST_CHECK_INT_EQ_(expected, g_should_fail_count);
+  GTEST_CHECK_INT_EQ_(expected, g_should_pass_count);
+  GTEST_CHECK_INT_EQ_(expected, g_death_test_count);
+#if GTEST_HAS_PARAM_TEST
+  GTEST_CHECK_INT_EQ_(expected * kNumberOfParamTests, g_param_test_count);
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+// Tests the behavior of Google Test when --gtest_repeat is not specified.
+void TestRepeatUnspecified() {
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(1, RUN_ALL_TESTS());
+  CheckCounts(1);
+}
+
+// Tests the behavior of Google Test when --gtest_repeat has the given value.
+void TestRepeat(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(repeat > 0 ? 1 : 0, RUN_ALL_TESTS());
+  CheckCounts(repeat);
+}
+
+// Tests using --gtest_repeat when --gtest_filter specifies an empty
+// set of tests.
+void TestRepeatWithEmptyFilter(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+  GTEST_FLAG(filter) = "None";
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(0, RUN_ALL_TESTS());
+  CheckCounts(0);
+}
+
+// Tests using --gtest_repeat when --gtest_filter specifies a set of
+// successful tests.
+void TestRepeatWithFilterForSuccessfulTests(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+  GTEST_FLAG(filter) = "*-*ShouldFail";
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(0, RUN_ALL_TESTS());
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_set_up_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_tear_down_count);
+  GTEST_CHECK_INT_EQ_(0, g_should_fail_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_should_pass_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_death_test_count);
+#if GTEST_HAS_PARAM_TEST
+  GTEST_CHECK_INT_EQ_(repeat * kNumberOfParamTests, g_param_test_count);
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+// Tests using --gtest_repeat when --gtest_filter specifies a set of
+// failed tests.
+void TestRepeatWithFilterForFailedTests(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+  GTEST_FLAG(filter) = "*ShouldFail";
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(1, RUN_ALL_TESTS());
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_set_up_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_tear_down_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_should_fail_count);
+  GTEST_CHECK_INT_EQ_(0, g_should_pass_count);
+  GTEST_CHECK_INT_EQ_(0, g_death_test_count);
+#if GTEST_HAS_PARAM_TEST
+  GTEST_CHECK_INT_EQ_(0, g_param_test_count);
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+  testing::AddGlobalTestEnvironment(new MyEnvironment);
+
+  TestRepeatUnspecified();
+  TestRepeat(0);
+  TestRepeat(1);
+  TestRepeat(5);
+
+  TestRepeatWithEmptyFilter(2);
+  TestRepeatWithEmptyFilter(3);
+
+  TestRepeatWithFilterForSuccessfulTests(3);
+
+  TestRepeatWithFilterForFailedTests(4);
+
+  // It would be nice to verify that the tests indeed loop forever
+  // when GTEST_FLAG(repeat) is negative, but this test will be quite
+  // complicated to write.  Since this flag is for interactive
+  // debugging only and doesn't affect the normal test result, such a
+  // test would be an overkill.
+
+  printf("PASS\n");
+  return 0;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_shuffle_test.py b/nss/external_tests/google_test/gtest/test/gtest_shuffle_test.py
new file mode 100755
index 0000000..30d0303
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_shuffle_test.py
@@ -0,0 +1,325 @@
+#!/usr/bin/env python
+#
+# Copyright 2009 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that test shuffling works."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+# Command to run the gtest_shuffle_test_ program.
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_shuffle_test_')
+
+# The environment variables for test sharding.
+TOTAL_SHARDS_ENV_VAR = 'GTEST_TOTAL_SHARDS'
+SHARD_INDEX_ENV_VAR = 'GTEST_SHARD_INDEX'
+
+TEST_FILTER = 'A*.A:A*.B:C*'
+
+ALL_TESTS = []
+ACTIVE_TESTS = []
+FILTERED_TESTS = []
+SHARDED_TESTS = []
+
+SHUFFLED_ALL_TESTS = []
+SHUFFLED_ACTIVE_TESTS = []
+SHUFFLED_FILTERED_TESTS = []
+SHUFFLED_SHARDED_TESTS = []
+
+
+def AlsoRunDisabledTestsFlag():
+  return '--gtest_also_run_disabled_tests'
+
+
+def FilterFlag(test_filter):
+  return '--gtest_filter=%s' % (test_filter,)
+
+
+def RepeatFlag(n):
+  return '--gtest_repeat=%s' % (n,)
+
+
+def ShuffleFlag():
+  return '--gtest_shuffle'
+
+
+def RandomSeedFlag(n):
+  return '--gtest_random_seed=%s' % (n,)
+
+
+def RunAndReturnOutput(extra_env, args):
+  """Runs the test program and returns its output."""
+
+  environ_copy = os.environ.copy()
+  environ_copy.update(extra_env)
+
+  return gtest_test_utils.Subprocess([COMMAND] + args, env=environ_copy).output
+
+
+def GetTestsForAllIterations(extra_env, args):
+  """Runs the test program and returns a list of test lists.
+
+  Args:
+    extra_env: a map from environment variables to their values
+    args: command line flags to pass to gtest_shuffle_test_
+
+  Returns:
+    A list where the i-th element is the list of tests run in the i-th
+    test iteration.
+  """
+
+  test_iterations = []
+  for line in RunAndReturnOutput(extra_env, args).split('\n'):
+    if line.startswith('----'):
+      tests = []
+      test_iterations.append(tests)
+    elif line.strip():
+      tests.append(line.strip())  # 'TestCaseName.TestName'
+
+  return test_iterations
+
+
+def GetTestCases(tests):
+  """Returns a list of test cases in the given full test names.
+
+  Args:
+    tests: a list of full test names
+
+  Returns:
+    A list of test cases from 'tests', in their original order.
+    Consecutive duplicates are removed.
+  """
+
+  test_cases = []
+  for test in tests:
+    test_case = test.split('.')[0]
+    if not test_case in test_cases:
+      test_cases.append(test_case)
+
+  return test_cases
+
+
+def CalculateTestLists():
+  """Calculates the list of tests run under different flags."""
+
+  if not ALL_TESTS:
+    ALL_TESTS.extend(
+        GetTestsForAllIterations({}, [AlsoRunDisabledTestsFlag()])[0])
+
+  if not ACTIVE_TESTS:
+    ACTIVE_TESTS.extend(GetTestsForAllIterations({}, [])[0])
+
+  if not FILTERED_TESTS:
+    FILTERED_TESTS.extend(
+        GetTestsForAllIterations({}, [FilterFlag(TEST_FILTER)])[0])
+
+  if not SHARDED_TESTS:
+    SHARDED_TESTS.extend(
+        GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                  SHARD_INDEX_ENV_VAR: '1'},
+                                 [])[0])
+
+  if not SHUFFLED_ALL_TESTS:
+    SHUFFLED_ALL_TESTS.extend(GetTestsForAllIterations(
+        {}, [AlsoRunDisabledTestsFlag(), ShuffleFlag(), RandomSeedFlag(1)])[0])
+
+  if not SHUFFLED_ACTIVE_TESTS:
+    SHUFFLED_ACTIVE_TESTS.extend(GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(1)])[0])
+
+  if not SHUFFLED_FILTERED_TESTS:
+    SHUFFLED_FILTERED_TESTS.extend(GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(1), FilterFlag(TEST_FILTER)])[0])
+
+  if not SHUFFLED_SHARDED_TESTS:
+    SHUFFLED_SHARDED_TESTS.extend(
+        GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                  SHARD_INDEX_ENV_VAR: '1'},
+                                 [ShuffleFlag(), RandomSeedFlag(1)])[0])
+
+
+class GTestShuffleUnitTest(gtest_test_utils.TestCase):
+  """Tests test shuffling."""
+
+  def setUp(self):
+    CalculateTestLists()
+
+  def testShufflePreservesNumberOfTests(self):
+    self.assertEqual(len(ALL_TESTS), len(SHUFFLED_ALL_TESTS))
+    self.assertEqual(len(ACTIVE_TESTS), len(SHUFFLED_ACTIVE_TESTS))
+    self.assertEqual(len(FILTERED_TESTS), len(SHUFFLED_FILTERED_TESTS))
+    self.assertEqual(len(SHARDED_TESTS), len(SHUFFLED_SHARDED_TESTS))
+
+  def testShuffleChangesTestOrder(self):
+    self.assert_(SHUFFLED_ALL_TESTS != ALL_TESTS, SHUFFLED_ALL_TESTS)
+    self.assert_(SHUFFLED_ACTIVE_TESTS != ACTIVE_TESTS, SHUFFLED_ACTIVE_TESTS)
+    self.assert_(SHUFFLED_FILTERED_TESTS != FILTERED_TESTS,
+                 SHUFFLED_FILTERED_TESTS)
+    self.assert_(SHUFFLED_SHARDED_TESTS != SHARDED_TESTS,
+                 SHUFFLED_SHARDED_TESTS)
+
+  def testShuffleChangesTestCaseOrder(self):
+    self.assert_(GetTestCases(SHUFFLED_ALL_TESTS) != GetTestCases(ALL_TESTS),
+                 GetTestCases(SHUFFLED_ALL_TESTS))
+    self.assert_(
+        GetTestCases(SHUFFLED_ACTIVE_TESTS) != GetTestCases(ACTIVE_TESTS),
+        GetTestCases(SHUFFLED_ACTIVE_TESTS))
+    self.assert_(
+        GetTestCases(SHUFFLED_FILTERED_TESTS) != GetTestCases(FILTERED_TESTS),
+        GetTestCases(SHUFFLED_FILTERED_TESTS))
+    self.assert_(
+        GetTestCases(SHUFFLED_SHARDED_TESTS) != GetTestCases(SHARDED_TESTS),
+        GetTestCases(SHUFFLED_SHARDED_TESTS))
+
+  def testShuffleDoesNotRepeatTest(self):
+    for test in SHUFFLED_ALL_TESTS:
+      self.assertEqual(1, SHUFFLED_ALL_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+    for test in SHUFFLED_ACTIVE_TESTS:
+      self.assertEqual(1, SHUFFLED_ACTIVE_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+    for test in SHUFFLED_FILTERED_TESTS:
+      self.assertEqual(1, SHUFFLED_FILTERED_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+    for test in SHUFFLED_SHARDED_TESTS:
+      self.assertEqual(1, SHUFFLED_SHARDED_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+
+  def testShuffleDoesNotCreateNewTest(self):
+    for test in SHUFFLED_ALL_TESTS:
+      self.assert_(test in ALL_TESTS, '%s is an invalid test' % (test,))
+    for test in SHUFFLED_ACTIVE_TESTS:
+      self.assert_(test in ACTIVE_TESTS, '%s is an invalid test' % (test,))
+    for test in SHUFFLED_FILTERED_TESTS:
+      self.assert_(test in FILTERED_TESTS, '%s is an invalid test' % (test,))
+    for test in SHUFFLED_SHARDED_TESTS:
+      self.assert_(test in SHARDED_TESTS, '%s is an invalid test' % (test,))
+
+  def testShuffleIncludesAllTests(self):
+    for test in ALL_TESTS:
+      self.assert_(test in SHUFFLED_ALL_TESTS, '%s is missing' % (test,))
+    for test in ACTIVE_TESTS:
+      self.assert_(test in SHUFFLED_ACTIVE_TESTS, '%s is missing' % (test,))
+    for test in FILTERED_TESTS:
+      self.assert_(test in SHUFFLED_FILTERED_TESTS, '%s is missing' % (test,))
+    for test in SHARDED_TESTS:
+      self.assert_(test in SHUFFLED_SHARDED_TESTS, '%s is missing' % (test,))
+
+  def testShuffleLeavesDeathTestsAtFront(self):
+    non_death_test_found = False
+    for test in SHUFFLED_ACTIVE_TESTS:
+      if 'DeathTest.' in test:
+        self.assert_(not non_death_test_found,
+                     '%s appears after a non-death test' % (test,))
+      else:
+        non_death_test_found = True
+
+  def _VerifyTestCasesDoNotInterleave(self, tests):
+    test_cases = []
+    for test in tests:
+      [test_case, _] = test.split('.')
+      if test_cases and test_cases[-1] != test_case:
+        test_cases.append(test_case)
+        self.assertEqual(1, test_cases.count(test_case),
+                         'Test case %s is not grouped together in %s' %
+                         (test_case, tests))
+
+  def testShuffleDoesNotInterleaveTestCases(self):
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_ALL_TESTS)
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_ACTIVE_TESTS)
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_FILTERED_TESTS)
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_SHARDED_TESTS)
+
+  def testShuffleRestoresOrderAfterEachIteration(self):
+    # Get the test lists in all 3 iterations, using random seed 1, 2,
+    # and 3 respectively.  Google Test picks a different seed in each
+    # iteration, and this test depends on the current implementation
+    # picking successive numbers.  This dependency is not ideal, but
+    # makes the test much easier to write.
+    [tests_in_iteration1, tests_in_iteration2, tests_in_iteration3] = (
+        GetTestsForAllIterations(
+            {}, [ShuffleFlag(), RandomSeedFlag(1), RepeatFlag(3)]))
+
+    # Make sure running the tests with random seed 1 gets the same
+    # order as in iteration 1 above.
+    [tests_with_seed1] = GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(1)])
+    self.assertEqual(tests_in_iteration1, tests_with_seed1)
+
+    # Make sure running the tests with random seed 2 gets the same
+    # order as in iteration 2 above.  Success means that Google Test
+    # correctly restores the test order before re-shuffling at the
+    # beginning of iteration 2.
+    [tests_with_seed2] = GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(2)])
+    self.assertEqual(tests_in_iteration2, tests_with_seed2)
+
+    # Make sure running the tests with random seed 3 gets the same
+    # order as in iteration 3 above.  Success means that Google Test
+    # correctly restores the test order before re-shuffling at the
+    # beginning of iteration 3.
+    [tests_with_seed3] = GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(3)])
+    self.assertEqual(tests_in_iteration3, tests_with_seed3)
+
+  def testShuffleGeneratesNewOrderInEachIteration(self):
+    [tests_in_iteration1, tests_in_iteration2, tests_in_iteration3] = (
+        GetTestsForAllIterations(
+            {}, [ShuffleFlag(), RandomSeedFlag(1), RepeatFlag(3)]))
+
+    self.assert_(tests_in_iteration1 != tests_in_iteration2,
+                 tests_in_iteration1)
+    self.assert_(tests_in_iteration1 != tests_in_iteration3,
+                 tests_in_iteration1)
+    self.assert_(tests_in_iteration2 != tests_in_iteration3,
+                 tests_in_iteration2)
+
+  def testShuffleShardedTestsPreservesPartition(self):
+    # If we run M tests on N shards, the same M tests should be run in
+    # total, regardless of the random seeds used by the shards.
+    [tests1] = GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                         SHARD_INDEX_ENV_VAR: '0'},
+                                        [ShuffleFlag(), RandomSeedFlag(1)])
+    [tests2] = GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                         SHARD_INDEX_ENV_VAR: '1'},
+                                        [ShuffleFlag(), RandomSeedFlag(20)])
+    [tests3] = GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                         SHARD_INDEX_ENV_VAR: '2'},
+                                        [ShuffleFlag(), RandomSeedFlag(25)])
+    sorted_sharded_tests = tests1 + tests2 + tests3
+    sorted_sharded_tests.sort()
+    sorted_active_tests = []
+    sorted_active_tests.extend(ACTIVE_TESTS)
+    sorted_active_tests.sort()
+    self.assertEqual(sorted_active_tests, sorted_sharded_tests)
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_shuffle_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_shuffle_test_.cc
new file mode 100644
index 0000000..6fb441b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_shuffle_test_.cc
@@ -0,0 +1,103 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Verifies that test shuffling works.
+
+#include "gtest/gtest.h"
+
+namespace {
+
+using ::testing::EmptyTestEventListener;
+using ::testing::InitGoogleTest;
+using ::testing::Message;
+using ::testing::Test;
+using ::testing::TestEventListeners;
+using ::testing::TestInfo;
+using ::testing::UnitTest;
+using ::testing::internal::scoped_ptr;
+
+// The test methods are empty, as the sole purpose of this program is
+// to print the test names before/after shuffling.
+
+class A : public Test {};
+TEST_F(A, A) {}
+TEST_F(A, B) {}
+
+TEST(ADeathTest, A) {}
+TEST(ADeathTest, B) {}
+TEST(ADeathTest, C) {}
+
+TEST(B, A) {}
+TEST(B, B) {}
+TEST(B, C) {}
+TEST(B, DISABLED_D) {}
+TEST(B, DISABLED_E) {}
+
+TEST(BDeathTest, A) {}
+TEST(BDeathTest, B) {}
+
+TEST(C, A) {}
+TEST(C, B) {}
+TEST(C, C) {}
+TEST(C, DISABLED_D) {}
+
+TEST(CDeathTest, A) {}
+
+TEST(DISABLED_D, A) {}
+TEST(DISABLED_D, DISABLED_B) {}
+
+// This printer prints the full test names only, starting each test
+// iteration with a "----" marker.
+class TestNamePrinter : public EmptyTestEventListener {
+ public:
+  virtual void OnTestIterationStart(const UnitTest& /* unit_test */,
+                                    int /* iteration */) {
+    printf("----\n");
+  }
+
+  virtual void OnTestStart(const TestInfo& test_info) {
+    printf("%s.%s\n", test_info.test_case_name(), test_info.name());
+  }
+};
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  // Replaces the default printer with TestNamePrinter, which prints
+  // the test name only.
+  TestEventListeners& listeners = UnitTest::GetInstance()->listeners();
+  delete listeners.Release(listeners.default_result_printer());
+  listeners.Append(new TestNamePrinter);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_sole_header_test.cc b/nss/external_tests/google_test/gtest/test/gtest_sole_header_test.cc
new file mode 100644
index 0000000..ccd091a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_sole_header_test.cc
@@ -0,0 +1,57 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+// This test verifies that it's possible to use Google Test by including
+// the gtest.h header file alone.
+
+#include "gtest/gtest.h"
+
+namespace {
+
+void Subroutine() {
+  EXPECT_EQ(42, 42);
+}
+
+TEST(NoFatalFailureTest, ExpectNoFatalFailure) {
+  EXPECT_NO_FATAL_FAILURE(;);
+  EXPECT_NO_FATAL_FAILURE(SUCCEED());
+  EXPECT_NO_FATAL_FAILURE(Subroutine());
+  EXPECT_NO_FATAL_FAILURE({ SUCCEED(); });
+}
+
+TEST(NoFatalFailureTest, AssertNoFatalFailure) {
+  ASSERT_NO_FATAL_FAILURE(;);
+  ASSERT_NO_FATAL_FAILURE(SUCCEED());
+  ASSERT_NO_FATAL_FAILURE(Subroutine());
+  ASSERT_NO_FATAL_FAILURE({ SUCCEED(); });
+}
+
+}  // namespace
diff --git a/nss/external_tests/google_test/gtest/test/gtest_stress_test.cc b/nss/external_tests/google_test/gtest/test/gtest_stress_test.cc
new file mode 100644
index 0000000..e7daa43
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_stress_test.cc
@@ -0,0 +1,256 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests that SCOPED_TRACE() and various Google Test assertions can be
+// used in a large number of threads concurrently.
+
+#include "gtest/gtest.h"
+
+#include <iostream>
+#include <vector>
+
+// We must define this macro in order to #include
+// gtest-internal-inl.h.  This is how Google Test prevents a user from
+// accidentally depending on its internal implementation.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#if GTEST_IS_THREADSAFE
+
+namespace testing {
+namespace {
+
+using internal::Notification;
+using internal::TestPropertyKeyIs;
+using internal::ThreadWithParam;
+using internal::scoped_ptr;
+
+// In order to run tests in this file, for platforms where Google Test is
+// thread safe, implement ThreadWithParam. See the description of its API
+// in gtest-port.h, where it is defined for already supported platforms.
+
+// How many threads to create?
+const int kThreadCount = 50;
+
+std::string IdToKey(int id, const char* suffix) {
+  Message key;
+  key << "key_" << id << "_" << suffix;
+  return key.GetString();
+}
+
+std::string IdToString(int id) {
+  Message id_message;
+  id_message << id;
+  return id_message.GetString();
+}
+
+void ExpectKeyAndValueWereRecordedForId(
+    const std::vector<TestProperty>& properties,
+    int id, const char* suffix) {
+  TestPropertyKeyIs matches_key(IdToKey(id, suffix).c_str());
+  const std::vector<TestProperty>::const_iterator property =
+      std::find_if(properties.begin(), properties.end(), matches_key);
+  ASSERT_TRUE(property != properties.end())
+      << "expecting " << suffix << " value for id " << id;
+  EXPECT_STREQ(IdToString(id).c_str(), property->value());
+}
+
+// Calls a large number of Google Test assertions, where exactly one of them
+// will fail.
+void ManyAsserts(int id) {
+  GTEST_LOG_(INFO) << "Thread #" << id << " running...";
+
+  SCOPED_TRACE(Message() << "Thread #" << id);
+
+  for (int i = 0; i < kThreadCount; i++) {
+    SCOPED_TRACE(Message() << "Iteration #" << i);
+
+    // A bunch of assertions that should succeed.
+    EXPECT_TRUE(true);
+    ASSERT_FALSE(false) << "This shouldn't fail.";
+    EXPECT_STREQ("a", "a");
+    ASSERT_LE(5, 6);
+    EXPECT_EQ(i, i) << "This shouldn't fail.";
+
+    // RecordProperty() should interact safely with other threads as well.
+    // The shared_key forces property updates.
+    Test::RecordProperty(IdToKey(id, "string").c_str(), IdToString(id).c_str());
+    Test::RecordProperty(IdToKey(id, "int").c_str(), id);
+    Test::RecordProperty("shared_key", IdToString(id).c_str());
+
+    // This assertion should fail kThreadCount times per thread.  It
+    // is for testing whether Google Test can handle failed assertions in a
+    // multi-threaded context.
+    EXPECT_LT(i, 0) << "This should always fail.";
+  }
+}
+
+void CheckTestFailureCount(int expected_failures) {
+  const TestInfo* const info = UnitTest::GetInstance()->current_test_info();
+  const TestResult* const result = info->result();
+  GTEST_CHECK_(expected_failures == result->total_part_count())
+      << "Logged " << result->total_part_count() << " failures "
+      << " vs. " << expected_failures << " expected";
+}
+
+// Tests using SCOPED_TRACE() and Google Test assertions in many threads
+// concurrently.
+TEST(StressTest, CanUseScopedTraceAndAssertionsInManyThreads) {
+  {
+    scoped_ptr<ThreadWithParam<int> > threads[kThreadCount];
+    Notification threads_can_start;
+    for (int i = 0; i != kThreadCount; i++)
+      threads[i].reset(new ThreadWithParam<int>(&ManyAsserts,
+                                                i,
+                                                &threads_can_start));
+
+    threads_can_start.Notify();
+
+    // Blocks until all the threads are done.
+    for (int i = 0; i != kThreadCount; i++)
+      threads[i]->Join();
+  }
+
+  // Ensures that kThreadCount*kThreadCount failures have been reported.
+  const TestInfo* const info = UnitTest::GetInstance()->current_test_info();
+  const TestResult* const result = info->result();
+
+  std::vector<TestProperty> properties;
+  // We have no access to the TestResult's list of properties but we can
+  // copy them one by one.
+  for (int i = 0; i < result->test_property_count(); ++i)
+    properties.push_back(result->GetTestProperty(i));
+
+  EXPECT_EQ(kThreadCount * 2 + 1, result->test_property_count())
+      << "String and int values recorded on each thread, "
+      << "as well as one shared_key";
+  for (int i = 0; i < kThreadCount; ++i) {
+    ExpectKeyAndValueWereRecordedForId(properties, i, "string");
+    ExpectKeyAndValueWereRecordedForId(properties, i, "int");
+  }
+  CheckTestFailureCount(kThreadCount*kThreadCount);
+}
+
+void FailingThread(bool is_fatal) {
+  if (is_fatal)
+    FAIL() << "Fatal failure in some other thread. "
+           << "(This failure is expected.)";
+  else
+    ADD_FAILURE() << "Non-fatal failure in some other thread. "
+                  << "(This failure is expected.)";
+}
+
+void GenerateFatalFailureInAnotherThread(bool is_fatal) {
+  ThreadWithParam<bool> thread(&FailingThread, is_fatal, NULL);
+  thread.Join();
+}
+
+TEST(NoFatalFailureTest, ExpectNoFatalFailureIgnoresFailuresInOtherThreads) {
+  EXPECT_NO_FATAL_FAILURE(GenerateFatalFailureInAnotherThread(true));
+  // We should only have one failure (the one from
+  // GenerateFatalFailureInAnotherThread()), since the EXPECT_NO_FATAL_FAILURE
+  // should succeed.
+  CheckTestFailureCount(1);
+}
+
+void AssertNoFatalFailureIgnoresFailuresInOtherThreads() {
+  ASSERT_NO_FATAL_FAILURE(GenerateFatalFailureInAnotherThread(true));
+}
+TEST(NoFatalFailureTest, AssertNoFatalFailureIgnoresFailuresInOtherThreads) {
+  // Using a subroutine, to make sure, that the test continues.
+  AssertNoFatalFailureIgnoresFailuresInOtherThreads();
+  // We should only have one failure (the one from
+  // GenerateFatalFailureInAnotherThread()), since the EXPECT_NO_FATAL_FAILURE
+  // should succeed.
+  CheckTestFailureCount(1);
+}
+
+TEST(FatalFailureTest, ExpectFatalFailureIgnoresFailuresInOtherThreads) {
+  // This statement should fail, since the current thread doesn't generate a
+  // fatal failure, only another one does.
+  EXPECT_FATAL_FAILURE(GenerateFatalFailureInAnotherThread(true), "expected");
+  CheckTestFailureCount(2);
+}
+
+TEST(FatalFailureOnAllThreadsTest, ExpectFatalFailureOnAllThreads) {
+  // This statement should succeed, because failures in all threads are
+  // considered.
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(
+      GenerateFatalFailureInAnotherThread(true), "expected");
+  CheckTestFailureCount(0);
+  // We need to add a failure, because main() checks that there are failures.
+  // But when only this test is run, we shouldn't have any failures.
+  ADD_FAILURE() << "This is an expected non-fatal failure.";
+}
+
+TEST(NonFatalFailureTest, ExpectNonFatalFailureIgnoresFailuresInOtherThreads) {
+  // This statement should fail, since the current thread doesn't generate a
+  // fatal failure, only another one does.
+  EXPECT_NONFATAL_FAILURE(GenerateFatalFailureInAnotherThread(false),
+                          "expected");
+  CheckTestFailureCount(2);
+}
+
+TEST(NonFatalFailureOnAllThreadsTest, ExpectNonFatalFailureOnAllThreads) {
+  // This statement should succeed, because failures in all threads are
+  // considered.
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(
+      GenerateFatalFailureInAnotherThread(false), "expected");
+  CheckTestFailureCount(0);
+  // We need to add a failure, because main() checks that there are failures,
+  // But when only this test is run, we shouldn't have any failures.
+  ADD_FAILURE() << "This is an expected non-fatal failure.";
+}
+
+}  // namespace
+}  // namespace testing
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  const int result = RUN_ALL_TESTS();  // Expected to fail.
+  GTEST_CHECK_(result == 1) << "RUN_ALL_TESTS() did not fail as expected";
+
+  printf("\nPASS\n");
+  return 0;
+}
+
+#else
+TEST(StressTest,
+     DISABLED_ThreadSafetyTestsAreSkippedWhenGoogleTestIsNotThreadSafe) {
+}
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
+#endif  // GTEST_IS_THREADSAFE
diff --git a/nss/external_tests/google_test/gtest/test/gtest_test_utils.py b/nss/external_tests/google_test/gtest/test/gtest_test_utils.py
new file mode 100755
index 0000000..7e3cbca
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_test_utils.py
@@ -0,0 +1,320 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test utilities for Google C++ Testing Framework."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import atexit
+import os
+import shutil
+import sys
+import tempfile
+import unittest
+_test_module = unittest
+
+# Suppresses the 'Import not at the top of the file' lint complaint.
+# pylint: disable-msg=C6204
+try:
+  import subprocess
+  _SUBPROCESS_MODULE_AVAILABLE = True
+except:
+  import popen2
+  _SUBPROCESS_MODULE_AVAILABLE = False
+# pylint: enable-msg=C6204
+
+GTEST_OUTPUT_VAR_NAME = 'GTEST_OUTPUT'
+
+IS_WINDOWS = os.name == 'nt'
+IS_CYGWIN = os.name == 'posix' and 'CYGWIN' in os.uname()[0]
+
+# The environment variable for specifying the path to the premature-exit file.
+PREMATURE_EXIT_FILE_ENV_VAR = 'TEST_PREMATURE_EXIT_FILE'
+
+environ = os.environ.copy()
+
+
+def SetEnvVar(env_var, value):
+  """Sets/unsets an environment variable to a given value."""
+
+  if value is not None:
+    environ[env_var] = value
+  elif env_var in environ:
+    del environ[env_var]
+
+
+# Here we expose a class from a particular module, depending on the
+# environment. The comment suppresses the 'Invalid variable name' lint
+# complaint.
+TestCase = _test_module.TestCase  # pylint: disable-msg=C6409
+
+# Initially maps a flag to its default value. After
+# _ParseAndStripGTestFlags() is called, maps a flag to its actual value.
+_flag_map = {'source_dir': os.path.dirname(sys.argv[0]),
+             'build_dir': os.path.dirname(sys.argv[0])}
+_gtest_flags_are_parsed = False
+
+
+def _ParseAndStripGTestFlags(argv):
+  """Parses and strips Google Test flags from argv.  This is idempotent."""
+
+  # Suppresses the lint complaint about a global variable since we need it
+  # here to maintain module-wide state.
+  global _gtest_flags_are_parsed  # pylint: disable-msg=W0603
+  if _gtest_flags_are_parsed:
+    return
+
+  _gtest_flags_are_parsed = True
+  for flag in _flag_map:
+    # The environment variable overrides the default value.
+    if flag.upper() in os.environ:
+      _flag_map[flag] = os.environ[flag.upper()]
+
+    # The command line flag overrides the environment variable.
+    i = 1  # Skips the program name.
+    while i < len(argv):
+      prefix = '--' + flag + '='
+      if argv[i].startswith(prefix):
+        _flag_map[flag] = argv[i][len(prefix):]
+        del argv[i]
+        break
+      else:
+        # We don't increment i in case we just found a --gtest_* flag
+        # and removed it from argv.
+        i += 1
+
+
+def GetFlag(flag):
+  """Returns the value of the given flag."""
+
+  # In case GetFlag() is called before Main(), we always call
+  # _ParseAndStripGTestFlags() here to make sure the --gtest_* flags
+  # are parsed.
+  _ParseAndStripGTestFlags(sys.argv)
+
+  return _flag_map[flag]
+
+
+def GetSourceDir():
+  """Returns the absolute path of the directory where the .py files are."""
+
+  return os.path.abspath(GetFlag('source_dir'))
+
+
+def GetBuildDir():
+  """Returns the absolute path of the directory where the test binaries are."""
+
+  return os.path.abspath(GetFlag('build_dir'))
+
+
+_temp_dir = None
+
+def _RemoveTempDir():
+  if _temp_dir:
+    shutil.rmtree(_temp_dir, ignore_errors=True)
+
+atexit.register(_RemoveTempDir)
+
+
+def GetTempDir():
+  """Returns a directory for temporary files."""
+
+  global _temp_dir
+  if not _temp_dir:
+    _temp_dir = tempfile.mkdtemp()
+  return _temp_dir
+
+
+def GetTestExecutablePath(executable_name, build_dir=None):
+  """Returns the absolute path of the test binary given its name.
+
+  The function will print a message and abort the program if the resulting file
+  doesn't exist.
+
+  Args:
+    executable_name: name of the test binary that the test script runs.
+    build_dir:       directory where to look for executables, by default
+                     the result of GetBuildDir().
+
+  Returns:
+    The absolute path of the test binary.
+  """
+
+  path = os.path.abspath(os.path.join(build_dir or GetBuildDir(),
+                                      executable_name))
+  if (IS_WINDOWS or IS_CYGWIN) and not path.endswith('.exe'):
+    path += '.exe'
+
+  if not os.path.exists(path):
+    message = (
+        'Unable to find the test binary "%s". Please make sure to provide\n'
+        'a path to the binary via the --build_dir flag or the BUILD_DIR\n'
+        'environment variable.' % path)
+    print >> sys.stderr, message
+    sys.exit(1)
+
+  return path
+
+
+def GetExitStatus(exit_code):
+  """Returns the argument to exit(), or -1 if exit() wasn't called.
+
+  Args:
+    exit_code: the result value of os.system(command).
+  """
+
+  if os.name == 'nt':
+    # On Windows, os.WEXITSTATUS() doesn't work and os.system() returns
+    # the argument to exit() directly.
+    return exit_code
+  else:
+    # On Unix, os.WEXITSTATUS() must be used to extract the exit status
+    # from the result of os.system().
+    if os.WIFEXITED(exit_code):
+      return os.WEXITSTATUS(exit_code)
+    else:
+      return -1
+
+
+class Subprocess:
+  def __init__(self, command, working_dir=None, capture_stderr=True, env=None):
+    """Changes into a specified directory, if provided, and executes a command.
+
+    Restores the old directory afterwards.
+
+    Args:
+      command:        The command to run, in the form of sys.argv.
+      working_dir:    The directory to change into.
+      capture_stderr: Determines whether to capture stderr in the output member
+                      or to discard it.
+      env:            Dictionary with environment to pass to the subprocess.
+
+    Returns:
+      An object that represents outcome of the executed process. It has the
+      following attributes:
+        terminated_by_signal   True iff the child process has been terminated
+                               by a signal.
+        signal                 Sygnal that terminated the child process.
+        exited                 True iff the child process exited normally.
+        exit_code              The code with which the child process exited.
+        output                 Child process's stdout and stderr output
+                               combined in a string.
+    """
+
+    # The subprocess module is the preferrable way of running programs
+    # since it is available and behaves consistently on all platforms,
+    # including Windows. But it is only available starting in python 2.4.
+    # In earlier python versions, we revert to the popen2 module, which is
+    # available in python 2.0 and later but doesn't provide required
+    # functionality (Popen4) under Windows. This allows us to support Mac
+    # OS X 10.4 Tiger, which has python 2.3 installed.
+    if _SUBPROCESS_MODULE_AVAILABLE:
+      if capture_stderr:
+        stderr = subprocess.STDOUT
+      else:
+        stderr = subprocess.PIPE
+
+      p = subprocess.Popen(command,
+                           stdout=subprocess.PIPE, stderr=stderr,
+                           cwd=working_dir, universal_newlines=True, env=env)
+      # communicate returns a tuple with the file obect for the child's
+      # output.
+      self.output = p.communicate()[0]
+      self._return_code = p.returncode
+    else:
+      old_dir = os.getcwd()
+
+      def _ReplaceEnvDict(dest, src):
+        # Changes made by os.environ.clear are not inheritable by child
+        # processes until Python 2.6. To produce inheritable changes we have
+        # to delete environment items with the del statement.
+        for key in dest.keys():
+          del dest[key]
+        dest.update(src)
+
+      # When 'env' is not None, backup the environment variables and replace
+      # them with the passed 'env'. When 'env' is None, we simply use the
+      # current 'os.environ' for compatibility with the subprocess.Popen
+      # semantics used above.
+      if env is not None:
+        old_environ = os.environ.copy()
+        _ReplaceEnvDict(os.environ, env)
+
+      try:
+        if working_dir is not None:
+          os.chdir(working_dir)
+        if capture_stderr:
+          p = popen2.Popen4(command)
+        else:
+          p = popen2.Popen3(command)
+        p.tochild.close()
+        self.output = p.fromchild.read()
+        ret_code = p.wait()
+      finally:
+        os.chdir(old_dir)
+
+        # Restore the old environment variables
+        # if they were replaced.
+        if env is not None:
+          _ReplaceEnvDict(os.environ, old_environ)
+
+      # Converts ret_code to match the semantics of
+      # subprocess.Popen.returncode.
+      if os.WIFSIGNALED(ret_code):
+        self._return_code = -os.WTERMSIG(ret_code)
+      else:  # os.WIFEXITED(ret_code) should return True here.
+        self._return_code = os.WEXITSTATUS(ret_code)
+
+    if self._return_code < 0:
+      self.terminated_by_signal = True
+      self.exited = False
+      self.signal = -self._return_code
+    else:
+      self.terminated_by_signal = False
+      self.exited = True
+      self.exit_code = self._return_code
+
+
+def Main():
+  """Runs the unit test."""
+
+  # We must call _ParseAndStripGTestFlags() before calling
+  # unittest.main().  Otherwise the latter will be confused by the
+  # --gtest_* flags.
+  _ParseAndStripGTestFlags(sys.argv)
+  # The tested binaries should not be writing XML output files unless the
+  # script explicitly instructs them to.
+  # TODO(vladl@google.com): Move this into Subprocess when we implement
+  # passing environment into it as a parameter.
+  if GTEST_OUTPUT_VAR_NAME in os.environ:
+    del os.environ[GTEST_OUTPUT_VAR_NAME]
+
+  _test_module.main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc b/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
new file mode 100644
index 0000000..8d46c76
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
@@ -0,0 +1,92 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests Google Test's throw-on-failure mode with exceptions enabled.
+
+#include "gtest/gtest.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdexcept>
+
+// Prints the given failure message and exits the program with
+// non-zero.  We use this instead of a Google Test assertion to
+// indicate a failure, as the latter is been tested and cannot be
+// relied on.
+void Fail(const char* msg) {
+  printf("FAILURE: %s\n", msg);
+  fflush(stdout);
+  exit(1);
+}
+
+// Tests that an assertion failure throws a subclass of
+// std::runtime_error.
+void TestFailureThrowsRuntimeError() {
+  testing::GTEST_FLAG(throw_on_failure) = true;
+
+  // A successful assertion shouldn't throw.
+  try {
+    EXPECT_EQ(3, 3);
+  } catch(...) {
+    Fail("A successful assertion wrongfully threw.");
+  }
+
+  // A failed assertion should throw a subclass of std::runtime_error.
+  try {
+    EXPECT_EQ(2, 3) << "Expected failure";
+  } catch(const std::runtime_error& e) {
+    if (strstr(e.what(), "Expected failure") != NULL)
+      return;
+
+    printf("%s",
+           "A failed assertion did throw an exception of the right type, "
+           "but the message is incorrect.  Instead of containing \"Expected "
+           "failure\", it is:\n");
+    Fail(e.what());
+  } catch(...) {
+    Fail("A failed assertion threw the wrong type of exception.");
+  }
+  Fail("A failed assertion should've thrown but didn't.");
+}
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  // We want to ensure that people can use Google Test assertions in
+  // other testing frameworks, as long as they initialize Google Test
+  // properly and set the thrown-on-failure mode.  Therefore, we don't
+  // use Google Test's constructs for defining and running tests
+  // (e.g. TEST and RUN_ALL_TESTS) here.
+
+  TestFailureThrowsRuntimeError();
+  return 0;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test.py b/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test.py
new file mode 100755
index 0000000..5678ffe
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test.py
@@ -0,0 +1,171 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests Google Test's throw-on-failure mode with exceptions disabled.
+
+This script invokes gtest_throw_on_failure_test_ (a program written with
+Google Test) with different environments and command line flags.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+
+# Constants.
+
+# The command line flag for enabling/disabling the throw-on-failure mode.
+THROW_ON_FAILURE = 'gtest_throw_on_failure'
+
+# Path to the gtest_throw_on_failure_test_ program, compiled with
+# exceptions disabled.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_throw_on_failure_test_')
+
+
+# Utilities.
+
+
+def SetEnvVar(env_var, value):
+  """Sets an environment variable to a given value; unsets it when the
+  given value is None.
+  """
+
+  env_var = env_var.upper()
+  if value is not None:
+    os.environ[env_var] = value
+  elif env_var in os.environ:
+    del os.environ[env_var]
+
+
+def Run(command):
+  """Runs a command; returns True/False if its exit code is/isn't 0."""
+
+  print 'Running "%s". . .' % ' '.join(command)
+  p = gtest_test_utils.Subprocess(command)
+  return p.exited and p.exit_code == 0
+
+
+# The tests.  TODO(wan@google.com): refactor the class to share common
+# logic with code in gtest_break_on_failure_unittest.py.
+class ThrowOnFailureTest(gtest_test_utils.TestCase):
+  """Tests the throw-on-failure mode."""
+
+  def RunAndVerify(self, env_var_value, flag_value, should_fail):
+    """Runs gtest_throw_on_failure_test_ and verifies that it does
+    (or does not) exit with a non-zero code.
+
+    Args:
+      env_var_value:    value of the GTEST_BREAK_ON_FAILURE environment
+                        variable; None if the variable should be unset.
+      flag_value:       value of the --gtest_break_on_failure flag;
+                        None if the flag should not be present.
+      should_fail:      True iff the program is expected to fail.
+    """
+
+    SetEnvVar(THROW_ON_FAILURE, env_var_value)
+
+    if env_var_value is None:
+      env_var_value_msg = ' is not set'
+    else:
+      env_var_value_msg = '=' + env_var_value
+
+    if flag_value is None:
+      flag = ''
+    elif flag_value == '0':
+      flag = '--%s=0' % THROW_ON_FAILURE
+    else:
+      flag = '--%s' % THROW_ON_FAILURE
+
+    command = [EXE_PATH]
+    if flag:
+      command.append(flag)
+
+    if should_fail:
+      should_or_not = 'should'
+    else:
+      should_or_not = 'should not'
+
+    failed = not Run(command)
+
+    SetEnvVar(THROW_ON_FAILURE, None)
+
+    msg = ('when %s%s, an assertion failure in "%s" %s cause a non-zero '
+           'exit code.' %
+           (THROW_ON_FAILURE, env_var_value_msg, ' '.join(command),
+            should_or_not))
+    self.assert_(failed == should_fail, msg)
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of the default mode."""
+
+    self.RunAndVerify(env_var_value=None, flag_value=None, should_fail=False)
+
+  def testThrowOnFailureEnvVar(self):
+    """Tests using the GTEST_THROW_ON_FAILURE environment variable."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value=None,
+                      should_fail=False)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value=None,
+                      should_fail=True)
+
+  def testThrowOnFailureFlag(self):
+    """Tests using the --gtest_throw_on_failure flag."""
+
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='0',
+                      should_fail=False)
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='1',
+                      should_fail=True)
+
+  def testThrowOnFailureFlagOverridesEnvVar(self):
+    """Tests that --gtest_throw_on_failure overrides GTEST_THROW_ON_FAILURE."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='0',
+                      should_fail=False)
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='1',
+                      should_fail=True)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='0',
+                      should_fail=False)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='1',
+                      should_fail=True)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
new file mode 100644
index 0000000..2b88fe3
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
@@ -0,0 +1,72 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests Google Test's throw-on-failure mode with exceptions disabled.
+//
+// This program must be compiled with exceptions disabled.  It will be
+// invoked by gtest_throw_on_failure_test.py, and is expected to exit
+// with non-zero in the throw-on-failure mode or 0 otherwise.
+
+#include "gtest/gtest.h"
+
+#include <stdio.h>                      // for fflush, fprintf, NULL, etc.
+#include <stdlib.h>                     // for exit
+#include <exception>                    // for set_terminate
+
+// This terminate handler aborts the program using exit() rather than abort().
+// This avoids showing pop-ups on Windows systems and core dumps on Unix-like
+// ones.
+void TerminateHandler() {
+  fprintf(stderr, "%s\n", "Unhandled C++ exception terminating the program.");
+  fflush(NULL);
+  exit(1);
+}
+
+int main(int argc, char** argv) {
+#if GTEST_HAS_EXCEPTIONS
+  std::set_terminate(&TerminateHandler);
+#endif
+  testing::InitGoogleTest(&argc, argv);
+
+  // We want to ensure that people can use Google Test assertions in
+  // other testing frameworks, as long as they initialize Google Test
+  // properly and set the throw-on-failure mode.  Therefore, we don't
+  // use Google Test's constructs for defining and running tests
+  // (e.g. TEST and RUN_ALL_TESTS) here.
+
+  // In the throw-on-failure mode with exceptions disabled, this
+  // assertion will cause the program to exit with a non-zero code.
+  EXPECT_EQ(2, 3);
+
+  // When not in the throw-on-failure mode, the control will reach
+  // here.
+  return 0;
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test.py b/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test.py
new file mode 100755
index 0000000..6ae57ee
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that Google Test warns the user when not initialized properly."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import gtest_test_utils
+
+
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_uninitialized_test_')
+
+
+def Assert(condition):
+  if not condition:
+    raise AssertionError
+
+
+def AssertEq(expected, actual):
+  if expected != actual:
+    print 'Expected: %s' % (expected,)
+    print '  Actual: %s' % (actual,)
+    raise AssertionError
+
+
+def TestExitCodeAndOutput(command):
+  """Runs the given command and verifies its exit code and output."""
+
+  # Verifies that 'command' exits with code 1.
+  p = gtest_test_utils.Subprocess(command)
+  Assert(p.exited)
+  AssertEq(1, p.exit_code)
+  Assert('InitGoogleTest' in p.output)
+
+
+class GTestUninitializedTest(gtest_test_utils.TestCase):
+  def testExitCodeAndOutput(self):
+    TestExitCodeAndOutput(COMMAND)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test_.cc
new file mode 100644
index 0000000..4431698
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_uninitialized_test_.cc
@@ -0,0 +1,43 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+
+TEST(DummyTest, Dummy) {
+  // This test doesn't verify anything.  We just need it to create a
+  // realistic stage for testing the behavior of Google Test when
+  // RUN_ALL_TESTS() is called without testing::InitGoogleTest() being
+  // called first.
+}
+
+int main() {
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_unittest.cc b/nss/external_tests/google_test/gtest/test/gtest_unittest.cc
new file mode 100644
index 0000000..9625fa4
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_unittest.cc
@@ -0,0 +1,7525 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for Google Test itself.  This verifies that the basic constructs of
+// Google Test work.
+
+#include "gtest/gtest.h"
+
+// Verifies that the command line flag variables can be accessed
+// in code once <gtest/gtest.h> has been #included.
+// Do not move it after other #includes.
+TEST(CommandLineFlagsTest, CanBeAccessedInCodeOnceGTestHIsIncluded) {
+  bool dummy = testing::GTEST_FLAG(also_run_disabled_tests)
+      || testing::GTEST_FLAG(break_on_failure)
+      || testing::GTEST_FLAG(catch_exceptions)
+      || testing::GTEST_FLAG(color) != "unknown"
+      || testing::GTEST_FLAG(filter) != "unknown"
+      || testing::GTEST_FLAG(list_tests)
+      || testing::GTEST_FLAG(output) != "unknown"
+      || testing::GTEST_FLAG(print_time)
+      || testing::GTEST_FLAG(random_seed)
+      || testing::GTEST_FLAG(repeat) > 0
+      || testing::GTEST_FLAG(show_internal_stack_frames)
+      || testing::GTEST_FLAG(shuffle)
+      || testing::GTEST_FLAG(stack_trace_depth) > 0
+      || testing::GTEST_FLAG(stream_result_to) != "unknown"
+      || testing::GTEST_FLAG(throw_on_failure);
+  EXPECT_TRUE(dummy || !dummy);  // Suppresses warning that dummy is unused.
+}
+
+#include <limits.h>  // For INT_MAX.
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include <map>
+#include <vector>
+#include <ostream>
+
+#include "gtest/gtest-spi.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+namespace internal {
+
+#if GTEST_CAN_STREAM_RESULTS_
+
+class StreamingListenerTest : public Test {
+ public:
+  class FakeSocketWriter : public StreamingListener::AbstractSocketWriter {
+   public:
+    // Sends a string to the socket.
+    virtual void Send(const string& message) { output_ += message; }
+
+    string output_;
+  };
+
+  StreamingListenerTest()
+      : fake_sock_writer_(new FakeSocketWriter),
+        streamer_(fake_sock_writer_),
+        test_info_obj_("FooTest", "Bar", NULL, NULL, 0, NULL) {}
+
+ protected:
+  string* output() { return &(fake_sock_writer_->output_); }
+
+  FakeSocketWriter* const fake_sock_writer_;
+  StreamingListener streamer_;
+  UnitTest unit_test_;
+  TestInfo test_info_obj_;  // The name test_info_ was taken by testing::Test.
+};
+
+TEST_F(StreamingListenerTest, OnTestProgramEnd) {
+  *output() = "";
+  streamer_.OnTestProgramEnd(unit_test_);
+  EXPECT_EQ("event=TestProgramEnd&passed=1\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestIterationEnd) {
+  *output() = "";
+  streamer_.OnTestIterationEnd(unit_test_, 42);
+  EXPECT_EQ("event=TestIterationEnd&passed=1&elapsed_time=0ms\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestCaseStart) {
+  *output() = "";
+  streamer_.OnTestCaseStart(TestCase("FooTest", "Bar", NULL, NULL));
+  EXPECT_EQ("event=TestCaseStart&name=FooTest\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestCaseEnd) {
+  *output() = "";
+  streamer_.OnTestCaseEnd(TestCase("FooTest", "Bar", NULL, NULL));
+  EXPECT_EQ("event=TestCaseEnd&passed=1&elapsed_time=0ms\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestStart) {
+  *output() = "";
+  streamer_.OnTestStart(test_info_obj_);
+  EXPECT_EQ("event=TestStart&name=Bar\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestEnd) {
+  *output() = "";
+  streamer_.OnTestEnd(test_info_obj_);
+  EXPECT_EQ("event=TestEnd&passed=1&elapsed_time=0ms\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestPartResult) {
+  *output() = "";
+  streamer_.OnTestPartResult(TestPartResult(
+      TestPartResult::kFatalFailure, "foo.cc", 42, "failed=\n&%"));
+
+  // Meta characters in the failure message should be properly escaped.
+  EXPECT_EQ(
+      "event=TestPartResult&file=foo.cc&line=42&message=failed%3D%0A%26%25\n",
+      *output());
+}
+
+#endif  // GTEST_CAN_STREAM_RESULTS_
+
+// Provides access to otherwise private parts of the TestEventListeners class
+// that are needed to test it.
+class TestEventListenersAccessor {
+ public:
+  static TestEventListener* GetRepeater(TestEventListeners* listeners) {
+    return listeners->repeater();
+  }
+
+  static void SetDefaultResultPrinter(TestEventListeners* listeners,
+                                      TestEventListener* listener) {
+    listeners->SetDefaultResultPrinter(listener);
+  }
+  static void SetDefaultXmlGenerator(TestEventListeners* listeners,
+                                     TestEventListener* listener) {
+    listeners->SetDefaultXmlGenerator(listener);
+  }
+
+  static bool EventForwardingEnabled(const TestEventListeners& listeners) {
+    return listeners.EventForwardingEnabled();
+  }
+
+  static void SuppressEventForwarding(TestEventListeners* listeners) {
+    listeners->SuppressEventForwarding();
+  }
+};
+
+class UnitTestRecordPropertyTestHelper : public Test {
+ protected:
+  UnitTestRecordPropertyTestHelper() {}
+
+  // Forwards to UnitTest::RecordProperty() to bypass access controls.
+  void UnitTestRecordProperty(const char* key, const std::string& value) {
+    unit_test_.RecordProperty(key, value);
+  }
+
+  UnitTest unit_test_;
+};
+
+}  // namespace internal
+}  // namespace testing
+
+using testing::AssertionFailure;
+using testing::AssertionResult;
+using testing::AssertionSuccess;
+using testing::DoubleLE;
+using testing::EmptyTestEventListener;
+using testing::Environment;
+using testing::FloatLE;
+using testing::GTEST_FLAG(also_run_disabled_tests);
+using testing::GTEST_FLAG(break_on_failure);
+using testing::GTEST_FLAG(catch_exceptions);
+using testing::GTEST_FLAG(color);
+using testing::GTEST_FLAG(death_test_use_fork);
+using testing::GTEST_FLAG(filter);
+using testing::GTEST_FLAG(list_tests);
+using testing::GTEST_FLAG(output);
+using testing::GTEST_FLAG(print_time);
+using testing::GTEST_FLAG(random_seed);
+using testing::GTEST_FLAG(repeat);
+using testing::GTEST_FLAG(show_internal_stack_frames);
+using testing::GTEST_FLAG(shuffle);
+using testing::GTEST_FLAG(stack_trace_depth);
+using testing::GTEST_FLAG(stream_result_to);
+using testing::GTEST_FLAG(throw_on_failure);
+using testing::IsNotSubstring;
+using testing::IsSubstring;
+using testing::Message;
+using testing::ScopedFakeTestPartResultReporter;
+using testing::StaticAssertTypeEq;
+using testing::Test;
+using testing::TestCase;
+using testing::TestEventListeners;
+using testing::TestInfo;
+using testing::TestPartResult;
+using testing::TestPartResultArray;
+using testing::TestProperty;
+using testing::TestResult;
+using testing::TimeInMillis;
+using testing::UnitTest;
+using testing::internal::AddReference;
+using testing::internal::AlwaysFalse;
+using testing::internal::AlwaysTrue;
+using testing::internal::AppendUserMessage;
+using testing::internal::ArrayAwareFind;
+using testing::internal::ArrayEq;
+using testing::internal::CodePointToUtf8;
+using testing::internal::CompileAssertTypesEqual;
+using testing::internal::CopyArray;
+using testing::internal::CountIf;
+using testing::internal::EqFailure;
+using testing::internal::FloatingPoint;
+using testing::internal::ForEach;
+using testing::internal::FormatEpochTimeInMillisAsIso8601;
+using testing::internal::FormatTimeInMillisAsSeconds;
+using testing::internal::GTestFlagSaver;
+using testing::internal::GetCurrentOsStackTraceExceptTop;
+using testing::internal::GetElementOr;
+using testing::internal::GetNextRandomSeed;
+using testing::internal::GetRandomSeedFromFlag;
+using testing::internal::GetTestTypeId;
+using testing::internal::GetTimeInMillis;
+using testing::internal::GetTypeId;
+using testing::internal::GetUnitTestImpl;
+using testing::internal::ImplicitlyConvertible;
+using testing::internal::Int32;
+using testing::internal::Int32FromEnvOrDie;
+using testing::internal::IsAProtocolMessage;
+using testing::internal::IsContainer;
+using testing::internal::IsContainerTest;
+using testing::internal::IsNotContainer;
+using testing::internal::NativeArray;
+using testing::internal::ParseInt32Flag;
+using testing::internal::RelationToSourceCopy;
+using testing::internal::RelationToSourceReference;
+using testing::internal::RemoveConst;
+using testing::internal::RemoveReference;
+using testing::internal::ShouldRunTestOnShard;
+using testing::internal::ShouldShard;
+using testing::internal::ShouldUseColor;
+using testing::internal::Shuffle;
+using testing::internal::ShuffleRange;
+using testing::internal::SkipPrefix;
+using testing::internal::StreamableToString;
+using testing::internal::String;
+using testing::internal::TestEventListenersAccessor;
+using testing::internal::TestResultAccessor;
+using testing::internal::UInt32;
+using testing::internal::WideStringToUtf8;
+using testing::internal::edit_distance::CalculateOptimalEdits;
+using testing::internal::edit_distance::CreateUnifiedDiff;
+using testing::internal::edit_distance::EditType;
+using testing::internal::kMaxRandomSeed;
+using testing::internal::kTestTypeIdInGoogleTest;
+using testing::internal::scoped_ptr;
+using testing::kMaxStackTraceDepth;
+
+#if GTEST_HAS_STREAM_REDIRECTION
+using testing::internal::CaptureStdout;
+using testing::internal::GetCapturedStdout;
+#endif
+
+#if GTEST_IS_THREADSAFE
+using testing::internal::ThreadWithParam;
+#endif
+
+class TestingVector : public std::vector<int> {
+};
+
+::std::ostream& operator<<(::std::ostream& os,
+                           const TestingVector& vector) {
+  os << "{ ";
+  for (size_t i = 0; i < vector.size(); i++) {
+    os << vector[i] << " ";
+  }
+  os << "}";
+  return os;
+}
+
+// This line tests that we can define tests in an unnamed namespace.
+namespace {
+
+TEST(GetRandomSeedFromFlagTest, HandlesZero) {
+  const int seed = GetRandomSeedFromFlag(0);
+  EXPECT_LE(1, seed);
+  EXPECT_LE(seed, static_cast<int>(kMaxRandomSeed));
+}
+
+TEST(GetRandomSeedFromFlagTest, PreservesValidSeed) {
+  EXPECT_EQ(1, GetRandomSeedFromFlag(1));
+  EXPECT_EQ(2, GetRandomSeedFromFlag(2));
+  EXPECT_EQ(kMaxRandomSeed - 1, GetRandomSeedFromFlag(kMaxRandomSeed - 1));
+  EXPECT_EQ(static_cast<int>(kMaxRandomSeed),
+            GetRandomSeedFromFlag(kMaxRandomSeed));
+}
+
+TEST(GetRandomSeedFromFlagTest, NormalizesInvalidSeed) {
+  const int seed1 = GetRandomSeedFromFlag(-1);
+  EXPECT_LE(1, seed1);
+  EXPECT_LE(seed1, static_cast<int>(kMaxRandomSeed));
+
+  const int seed2 = GetRandomSeedFromFlag(kMaxRandomSeed + 1);
+  EXPECT_LE(1, seed2);
+  EXPECT_LE(seed2, static_cast<int>(kMaxRandomSeed));
+}
+
+TEST(GetNextRandomSeedTest, WorksForValidInput) {
+  EXPECT_EQ(2, GetNextRandomSeed(1));
+  EXPECT_EQ(3, GetNextRandomSeed(2));
+  EXPECT_EQ(static_cast<int>(kMaxRandomSeed),
+            GetNextRandomSeed(kMaxRandomSeed - 1));
+  EXPECT_EQ(1, GetNextRandomSeed(kMaxRandomSeed));
+
+  // We deliberately don't test GetNextRandomSeed() with invalid
+  // inputs, as that requires death tests, which are expensive.  This
+  // is fine as GetNextRandomSeed() is internal and has a
+  // straightforward definition.
+}
+
+static void ClearCurrentTestPartResults() {
+  TestResultAccessor::ClearTestPartResults(
+      GetUnitTestImpl()->current_test_result());
+}
+
+// Tests GetTypeId.
+
+TEST(GetTypeIdTest, ReturnsSameValueForSameType) {
+  EXPECT_EQ(GetTypeId<int>(), GetTypeId<int>());
+  EXPECT_EQ(GetTypeId<Test>(), GetTypeId<Test>());
+}
+
+class SubClassOfTest : public Test {};
+class AnotherSubClassOfTest : public Test {};
+
+TEST(GetTypeIdTest, ReturnsDifferentValuesForDifferentTypes) {
+  EXPECT_NE(GetTypeId<int>(), GetTypeId<const int>());
+  EXPECT_NE(GetTypeId<int>(), GetTypeId<char>());
+  EXPECT_NE(GetTypeId<int>(), GetTestTypeId());
+  EXPECT_NE(GetTypeId<SubClassOfTest>(), GetTestTypeId());
+  EXPECT_NE(GetTypeId<AnotherSubClassOfTest>(), GetTestTypeId());
+  EXPECT_NE(GetTypeId<AnotherSubClassOfTest>(), GetTypeId<SubClassOfTest>());
+}
+
+// Verifies that GetTestTypeId() returns the same value, no matter it
+// is called from inside Google Test or outside of it.
+TEST(GetTestTypeIdTest, ReturnsTheSameValueInsideOrOutsideOfGoogleTest) {
+  EXPECT_EQ(kTestTypeIdInGoogleTest, GetTestTypeId());
+}
+
+// Tests FormatTimeInMillisAsSeconds().
+
+TEST(FormatTimeInMillisAsSecondsTest, FormatsZero) {
+  EXPECT_EQ("0", FormatTimeInMillisAsSeconds(0));
+}
+
+TEST(FormatTimeInMillisAsSecondsTest, FormatsPositiveNumber) {
+  EXPECT_EQ("0.003", FormatTimeInMillisAsSeconds(3));
+  EXPECT_EQ("0.01", FormatTimeInMillisAsSeconds(10));
+  EXPECT_EQ("0.2", FormatTimeInMillisAsSeconds(200));
+  EXPECT_EQ("1.2", FormatTimeInMillisAsSeconds(1200));
+  EXPECT_EQ("3", FormatTimeInMillisAsSeconds(3000));
+}
+
+TEST(FormatTimeInMillisAsSecondsTest, FormatsNegativeNumber) {
+  EXPECT_EQ("-0.003", FormatTimeInMillisAsSeconds(-3));
+  EXPECT_EQ("-0.01", FormatTimeInMillisAsSeconds(-10));
+  EXPECT_EQ("-0.2", FormatTimeInMillisAsSeconds(-200));
+  EXPECT_EQ("-1.2", FormatTimeInMillisAsSeconds(-1200));
+  EXPECT_EQ("-3", FormatTimeInMillisAsSeconds(-3000));
+}
+
+// Tests FormatEpochTimeInMillisAsIso8601().  The correctness of conversion
+// for particular dates below was verified in Python using
+// datetime.datetime.fromutctimestamp(<timetamp>/1000).
+
+// FormatEpochTimeInMillisAsIso8601 depends on the current timezone, so we
+// have to set up a particular timezone to obtain predictable results.
+class FormatEpochTimeInMillisAsIso8601Test : public Test {
+ public:
+  // On Cygwin, GCC doesn't allow unqualified integer literals to exceed
+  // 32 bits, even when 64-bit integer types are available.  We have to
+  // force the constants to have a 64-bit type here.
+  static const TimeInMillis kMillisPerSec = 1000;
+
+ private:
+  virtual void SetUp() {
+    saved_tz_ = NULL;
+
+    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* PR_GetEnvSecure, strdup: deprecated */)
+    if (PR_GetEnvSecure("TZ"))
+      saved_tz_ = strdup(PR_GetEnvSecure("TZ"));
+    GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+    // Set up the time zone for FormatEpochTimeInMillisAsIso8601 to use.  We
+    // cannot use the local time zone because the function's output depends
+    // on the time zone.
+    SetTimeZone("UTC+00");
+  }
+
+  virtual void TearDown() {
+    SetTimeZone(saved_tz_);
+    free(const_cast<char*>(saved_tz_));
+    saved_tz_ = NULL;
+  }
+
+  static void SetTimeZone(const char* time_zone) {
+    // tzset() distinguishes between the TZ variable being present and empty
+    // and not being present, so we have to consider the case of time_zone
+    // being NULL.
+#if _MSC_VER
+    // ...Unless it's MSVC, whose standard library's _putenv doesn't
+    // distinguish between an empty and a missing variable.
+    const std::string env_var =
+        std::string("TZ=") + (time_zone ? time_zone : "");
+    _putenv(env_var.c_str());
+    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* deprecated function */)
+    tzset();
+    GTEST_DISABLE_MSC_WARNINGS_POP_()
+#else
+    if (time_zone) {
+      setenv(("TZ"), time_zone, 1);
+    } else {
+      unsetenv("TZ");
+    }
+    tzset();
+#endif
+  }
+
+  const char* saved_tz_;
+};
+
+const TimeInMillis FormatEpochTimeInMillisAsIso8601Test::kMillisPerSec;
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, PrintsTwoDigitSegments) {
+  EXPECT_EQ("2011-10-31T18:52:42",
+            FormatEpochTimeInMillisAsIso8601(1320087162 * kMillisPerSec));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, MillisecondsDoNotAffectResult) {
+  EXPECT_EQ(
+      "2011-10-31T18:52:42",
+      FormatEpochTimeInMillisAsIso8601(1320087162 * kMillisPerSec + 234));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, PrintsLeadingZeroes) {
+  EXPECT_EQ("2011-09-03T05:07:02",
+            FormatEpochTimeInMillisAsIso8601(1315026422 * kMillisPerSec));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, Prints24HourTime) {
+  EXPECT_EQ("2011-09-28T17:08:22",
+            FormatEpochTimeInMillisAsIso8601(1317229702 * kMillisPerSec));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, PrintsEpochStart) {
+  EXPECT_EQ("1970-01-01T00:00:00", FormatEpochTimeInMillisAsIso8601(0));
+}
+
+#if GTEST_CAN_COMPARE_NULL
+
+# ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+#  pragma option push -w-ccc -w-rch
+# endif
+
+// Tests that GTEST_IS_NULL_LITERAL_(x) is true when x is a null
+// pointer literal.
+TEST(NullLiteralTest, IsTrueForNullLiterals) {
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(NULL));
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(0));
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(0U));
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(0L));
+}
+
+// Tests that GTEST_IS_NULL_LITERAL_(x) is false when x is not a null
+// pointer literal.
+TEST(NullLiteralTest, IsFalseForNonNullLiterals) {
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_(1));
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_(0.0));
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_('a'));
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_(static_cast<void*>(NULL)));
+}
+
+# ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" suppressed them.
+#  pragma option pop
+# endif
+
+#endif  // GTEST_CAN_COMPARE_NULL
+//
+// Tests CodePointToUtf8().
+
+// Tests that the NUL character L'\0' is encoded correctly.
+TEST(CodePointToUtf8Test, CanEncodeNul) {
+  EXPECT_EQ("", CodePointToUtf8(L'\0'));
+}
+
+// Tests that ASCII characters are encoded correctly.
+TEST(CodePointToUtf8Test, CanEncodeAscii) {
+  EXPECT_EQ("a", CodePointToUtf8(L'a'));
+  EXPECT_EQ("Z", CodePointToUtf8(L'Z'));
+  EXPECT_EQ("&", CodePointToUtf8(L'&'));
+  EXPECT_EQ("\x7F", CodePointToUtf8(L'\x7F'));
+}
+
+// Tests that Unicode code-points that have 8 to 11 bits are encoded
+// as 110xxxxx 10xxxxxx.
+TEST(CodePointToUtf8Test, CanEncode8To11Bits) {
+  // 000 1101 0011 => 110-00011 10-010011
+  EXPECT_EQ("\xC3\x93", CodePointToUtf8(L'\xD3'));
+
+  // 101 0111 0110 => 110-10101 10-110110
+  // Some compilers (e.g., GCC on MinGW) cannot handle non-ASCII codepoints
+  // in wide strings and wide chars. In order to accomodate them, we have to
+  // introduce such character constants as integers.
+  EXPECT_EQ("\xD5\xB6",
+            CodePointToUtf8(static_cast<wchar_t>(0x576)));
+}
+
+// Tests that Unicode code-points that have 12 to 16 bits are encoded
+// as 1110xxxx 10xxxxxx 10xxxxxx.
+TEST(CodePointToUtf8Test, CanEncode12To16Bits) {
+  // 0000 1000 1101 0011 => 1110-0000 10-100011 10-010011
+  EXPECT_EQ("\xE0\xA3\x93",
+            CodePointToUtf8(static_cast<wchar_t>(0x8D3)));
+
+  // 1100 0111 0100 1101 => 1110-1100 10-011101 10-001101
+  EXPECT_EQ("\xEC\x9D\x8D",
+            CodePointToUtf8(static_cast<wchar_t>(0xC74D)));
+}
+
+#if !GTEST_WIDE_STRING_USES_UTF16_
+// Tests in this group require a wchar_t to hold > 16 bits, and thus
+// are skipped on Windows, Cygwin, and Symbian, where a wchar_t is
+// 16-bit wide. This code may not compile on those systems.
+
+// Tests that Unicode code-points that have 17 to 21 bits are encoded
+// as 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx.
+TEST(CodePointToUtf8Test, CanEncode17To21Bits) {
+  // 0 0001 0000 1000 1101 0011 => 11110-000 10-010000 10-100011 10-010011
+  EXPECT_EQ("\xF0\x90\xA3\x93", CodePointToUtf8(L'\x108D3'));
+
+  // 0 0001 0000 0100 0000 0000 => 11110-000 10-010000 10-010000 10-000000
+  EXPECT_EQ("\xF0\x90\x90\x80", CodePointToUtf8(L'\x10400'));
+
+  // 1 0000 1000 0110 0011 0100 => 11110-100 10-001000 10-011000 10-110100
+  EXPECT_EQ("\xF4\x88\x98\xB4", CodePointToUtf8(L'\x108634'));
+}
+
+// Tests that encoding an invalid code-point generates the expected result.
+TEST(CodePointToUtf8Test, CanEncodeInvalidCodePoint) {
+  EXPECT_EQ("(Invalid Unicode 0x1234ABCD)", CodePointToUtf8(L'\x1234ABCD'));
+}
+
+#endif  // !GTEST_WIDE_STRING_USES_UTF16_
+
+// Tests WideStringToUtf8().
+
+// Tests that the NUL character L'\0' is encoded correctly.
+TEST(WideStringToUtf8Test, CanEncodeNul) {
+  EXPECT_STREQ("", WideStringToUtf8(L"", 0).c_str());
+  EXPECT_STREQ("", WideStringToUtf8(L"", -1).c_str());
+}
+
+// Tests that ASCII strings are encoded correctly.
+TEST(WideStringToUtf8Test, CanEncodeAscii) {
+  EXPECT_STREQ("a", WideStringToUtf8(L"a", 1).c_str());
+  EXPECT_STREQ("ab", WideStringToUtf8(L"ab", 2).c_str());
+  EXPECT_STREQ("a", WideStringToUtf8(L"a", -1).c_str());
+  EXPECT_STREQ("ab", WideStringToUtf8(L"ab", -1).c_str());
+}
+
+// Tests that Unicode code-points that have 8 to 11 bits are encoded
+// as 110xxxxx 10xxxxxx.
+TEST(WideStringToUtf8Test, CanEncode8To11Bits) {
+  // 000 1101 0011 => 110-00011 10-010011
+  EXPECT_STREQ("\xC3\x93", WideStringToUtf8(L"\xD3", 1).c_str());
+  EXPECT_STREQ("\xC3\x93", WideStringToUtf8(L"\xD3", -1).c_str());
+
+  // 101 0111 0110 => 110-10101 10-110110
+  const wchar_t s[] = { 0x576, '\0' };
+  EXPECT_STREQ("\xD5\xB6", WideStringToUtf8(s, 1).c_str());
+  EXPECT_STREQ("\xD5\xB6", WideStringToUtf8(s, -1).c_str());
+}
+
+// Tests that Unicode code-points that have 12 to 16 bits are encoded
+// as 1110xxxx 10xxxxxx 10xxxxxx.
+TEST(WideStringToUtf8Test, CanEncode12To16Bits) {
+  // 0000 1000 1101 0011 => 1110-0000 10-100011 10-010011
+  const wchar_t s1[] = { 0x8D3, '\0' };
+  EXPECT_STREQ("\xE0\xA3\x93", WideStringToUtf8(s1, 1).c_str());
+  EXPECT_STREQ("\xE0\xA3\x93", WideStringToUtf8(s1, -1).c_str());
+
+  // 1100 0111 0100 1101 => 1110-1100 10-011101 10-001101
+  const wchar_t s2[] = { 0xC74D, '\0' };
+  EXPECT_STREQ("\xEC\x9D\x8D", WideStringToUtf8(s2, 1).c_str());
+  EXPECT_STREQ("\xEC\x9D\x8D", WideStringToUtf8(s2, -1).c_str());
+}
+
+// Tests that the conversion stops when the function encounters \0 character.
+TEST(WideStringToUtf8Test, StopsOnNulCharacter) {
+  EXPECT_STREQ("ABC", WideStringToUtf8(L"ABC\0XYZ", 100).c_str());
+}
+
+// Tests that the conversion stops when the function reaches the limit
+// specified by the 'length' parameter.
+TEST(WideStringToUtf8Test, StopsWhenLengthLimitReached) {
+  EXPECT_STREQ("ABC", WideStringToUtf8(L"ABCDEF", 3).c_str());
+}
+
+#if !GTEST_WIDE_STRING_USES_UTF16_
+// Tests that Unicode code-points that have 17 to 21 bits are encoded
+// as 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx. This code may not compile
+// on the systems using UTF-16 encoding.
+TEST(WideStringToUtf8Test, CanEncode17To21Bits) {
+  // 0 0001 0000 1000 1101 0011 => 11110-000 10-010000 10-100011 10-010011
+  EXPECT_STREQ("\xF0\x90\xA3\x93", WideStringToUtf8(L"\x108D3", 1).c_str());
+  EXPECT_STREQ("\xF0\x90\xA3\x93", WideStringToUtf8(L"\x108D3", -1).c_str());
+
+  // 1 0000 1000 0110 0011 0100 => 11110-100 10-001000 10-011000 10-110100
+  EXPECT_STREQ("\xF4\x88\x98\xB4", WideStringToUtf8(L"\x108634", 1).c_str());
+  EXPECT_STREQ("\xF4\x88\x98\xB4", WideStringToUtf8(L"\x108634", -1).c_str());
+}
+
+// Tests that encoding an invalid code-point generates the expected result.
+TEST(WideStringToUtf8Test, CanEncodeInvalidCodePoint) {
+  EXPECT_STREQ("(Invalid Unicode 0xABCDFF)",
+               WideStringToUtf8(L"\xABCDFF", -1).c_str());
+}
+#else  // !GTEST_WIDE_STRING_USES_UTF16_
+// Tests that surrogate pairs are encoded correctly on the systems using
+// UTF-16 encoding in the wide strings.
+TEST(WideStringToUtf8Test, CanEncodeValidUtf16SUrrogatePairs) {
+  const wchar_t s[] = { 0xD801, 0xDC00, '\0' };
+  EXPECT_STREQ("\xF0\x90\x90\x80", WideStringToUtf8(s, -1).c_str());
+}
+
+// Tests that encoding an invalid UTF-16 surrogate pair
+// generates the expected result.
+TEST(WideStringToUtf8Test, CanEncodeInvalidUtf16SurrogatePair) {
+  // Leading surrogate is at the end of the string.
+  const wchar_t s1[] = { 0xD800, '\0' };
+  EXPECT_STREQ("\xED\xA0\x80", WideStringToUtf8(s1, -1).c_str());
+  // Leading surrogate is not followed by the trailing surrogate.
+  const wchar_t s2[] = { 0xD800, 'M', '\0' };
+  EXPECT_STREQ("\xED\xA0\x80M", WideStringToUtf8(s2, -1).c_str());
+  // Trailing surrogate appearas without a leading surrogate.
+  const wchar_t s3[] = { 0xDC00, 'P', 'Q', 'R', '\0' };
+  EXPECT_STREQ("\xED\xB0\x80PQR", WideStringToUtf8(s3, -1).c_str());
+}
+#endif  // !GTEST_WIDE_STRING_USES_UTF16_
+
+// Tests that codepoint concatenation works correctly.
+#if !GTEST_WIDE_STRING_USES_UTF16_
+TEST(WideStringToUtf8Test, ConcatenatesCodepointsCorrectly) {
+  const wchar_t s[] = { 0x108634, 0xC74D, '\n', 0x576, 0x8D3, 0x108634, '\0'};
+  EXPECT_STREQ(
+      "\xF4\x88\x98\xB4"
+          "\xEC\x9D\x8D"
+          "\n"
+          "\xD5\xB6"
+          "\xE0\xA3\x93"
+          "\xF4\x88\x98\xB4",
+      WideStringToUtf8(s, -1).c_str());
+}
+#else
+TEST(WideStringToUtf8Test, ConcatenatesCodepointsCorrectly) {
+  const wchar_t s[] = { 0xC74D, '\n', 0x576, 0x8D3, '\0'};
+  EXPECT_STREQ(
+      "\xEC\x9D\x8D" "\n" "\xD5\xB6" "\xE0\xA3\x93",
+      WideStringToUtf8(s, -1).c_str());
+}
+#endif  // !GTEST_WIDE_STRING_USES_UTF16_
+
+// Tests the Random class.
+
+TEST(RandomDeathTest, GeneratesCrashesOnInvalidRange) {
+  testing::internal::Random random(42);
+  EXPECT_DEATH_IF_SUPPORTED(
+      random.Generate(0),
+      "Cannot generate a number in the range \\[0, 0\\)");
+  EXPECT_DEATH_IF_SUPPORTED(
+      random.Generate(testing::internal::Random::kMaxRange + 1),
+      "Generation of a number in \\[0, 2147483649\\) was requested, "
+      "but this can only generate numbers in \\[0, 2147483648\\)");
+}
+
+TEST(RandomTest, GeneratesNumbersWithinRange) {
+  const UInt32 kRange = 10000;
+  testing::internal::Random random(12345);
+  for (int i = 0; i < 10; i++) {
+    EXPECT_LT(random.Generate(kRange), kRange) << " for iteration " << i;
+  }
+
+  testing::internal::Random random2(testing::internal::Random::kMaxRange);
+  for (int i = 0; i < 10; i++) {
+    EXPECT_LT(random2.Generate(kRange), kRange) << " for iteration " << i;
+  }
+}
+
+TEST(RandomTest, RepeatsWhenReseeded) {
+  const int kSeed = 123;
+  const int kArraySize = 10;
+  const UInt32 kRange = 10000;
+  UInt32 values[kArraySize];
+
+  testing::internal::Random random(kSeed);
+  for (int i = 0; i < kArraySize; i++) {
+    values[i] = random.Generate(kRange);
+  }
+
+  random.Reseed(kSeed);
+  for (int i = 0; i < kArraySize; i++) {
+    EXPECT_EQ(values[i], random.Generate(kRange)) << " for iteration " << i;
+  }
+}
+
+// Tests STL container utilities.
+
+// Tests CountIf().
+
+static bool IsPositive(int n) { return n > 0; }
+
+TEST(ContainerUtilityTest, CountIf) {
+  std::vector<int> v;
+  EXPECT_EQ(0, CountIf(v, IsPositive));  // Works for an empty container.
+
+  v.push_back(-1);
+  v.push_back(0);
+  EXPECT_EQ(0, CountIf(v, IsPositive));  // Works when no value satisfies.
+
+  v.push_back(2);
+  v.push_back(-10);
+  v.push_back(10);
+  EXPECT_EQ(2, CountIf(v, IsPositive));
+}
+
+// Tests ForEach().
+
+static int g_sum = 0;
+static void Accumulate(int n) { g_sum += n; }
+
+TEST(ContainerUtilityTest, ForEach) {
+  std::vector<int> v;
+  g_sum = 0;
+  ForEach(v, Accumulate);
+  EXPECT_EQ(0, g_sum);  // Works for an empty container;
+
+  g_sum = 0;
+  v.push_back(1);
+  ForEach(v, Accumulate);
+  EXPECT_EQ(1, g_sum);  // Works for a container with one element.
+
+  g_sum = 0;
+  v.push_back(20);
+  v.push_back(300);
+  ForEach(v, Accumulate);
+  EXPECT_EQ(321, g_sum);
+}
+
+// Tests GetElementOr().
+TEST(ContainerUtilityTest, GetElementOr) {
+  std::vector<char> a;
+  EXPECT_EQ('x', GetElementOr(a, 0, 'x'));
+
+  a.push_back('a');
+  a.push_back('b');
+  EXPECT_EQ('a', GetElementOr(a, 0, 'x'));
+  EXPECT_EQ('b', GetElementOr(a, 1, 'x'));
+  EXPECT_EQ('x', GetElementOr(a, -2, 'x'));
+  EXPECT_EQ('x', GetElementOr(a, 2, 'x'));
+}
+
+TEST(ContainerUtilityDeathTest, ShuffleRange) {
+  std::vector<int> a;
+  a.push_back(0);
+  a.push_back(1);
+  a.push_back(2);
+  testing::internal::Random random(1);
+
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, -1, 1, &a),
+      "Invalid shuffle range start -1: must be in range \\[0, 3\\]");
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, 4, 4, &a),
+      "Invalid shuffle range start 4: must be in range \\[0, 3\\]");
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, 3, 2, &a),
+      "Invalid shuffle range finish 2: must be in range \\[3, 3\\]");
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, 3, 4, &a),
+      "Invalid shuffle range finish 4: must be in range \\[3, 3\\]");
+}
+
+class VectorShuffleTest : public Test {
+ protected:
+  static const int kVectorSize = 20;
+
+  VectorShuffleTest() : random_(1) {
+    for (int i = 0; i < kVectorSize; i++) {
+      vector_.push_back(i);
+    }
+  }
+
+  static bool VectorIsCorrupt(const TestingVector& vector) {
+    if (kVectorSize != static_cast<int>(vector.size())) {
+      return true;
+    }
+
+    bool found_in_vector[kVectorSize] = { false };
+    for (size_t i = 0; i < vector.size(); i++) {
+      const int e = vector[i];
+      if (e < 0 || e >= kVectorSize || found_in_vector[e]) {
+        return true;
+      }
+      found_in_vector[e] = true;
+    }
+
+    // Vector size is correct, elements' range is correct, no
+    // duplicate elements.  Therefore no corruption has occurred.
+    return false;
+  }
+
+  static bool VectorIsNotCorrupt(const TestingVector& vector) {
+    return !VectorIsCorrupt(vector);
+  }
+
+  static bool RangeIsShuffled(const TestingVector& vector, int begin, int end) {
+    for (int i = begin; i < end; i++) {
+      if (i != vector[i]) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  static bool RangeIsUnshuffled(
+      const TestingVector& vector, int begin, int end) {
+    return !RangeIsShuffled(vector, begin, end);
+  }
+
+  static bool VectorIsShuffled(const TestingVector& vector) {
+    return RangeIsShuffled(vector, 0, static_cast<int>(vector.size()));
+  }
+
+  static bool VectorIsUnshuffled(const TestingVector& vector) {
+    return !VectorIsShuffled(vector);
+  }
+
+  testing::internal::Random random_;
+  TestingVector vector_;
+};  // class VectorShuffleTest
+
+const int VectorShuffleTest::kVectorSize;
+
+TEST_F(VectorShuffleTest, HandlesEmptyRange) {
+  // Tests an empty range at the beginning...
+  ShuffleRange(&random_, 0, 0, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...in the middle...
+  ShuffleRange(&random_, kVectorSize/2, kVectorSize/2, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...at the end...
+  ShuffleRange(&random_, kVectorSize - 1, kVectorSize - 1, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...and past the end.
+  ShuffleRange(&random_, kVectorSize, kVectorSize, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+}
+
+TEST_F(VectorShuffleTest, HandlesRangeOfSizeOne) {
+  // Tests a size one range at the beginning...
+  ShuffleRange(&random_, 0, 1, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...in the middle...
+  ShuffleRange(&random_, kVectorSize/2, kVectorSize/2 + 1, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...and at the end.
+  ShuffleRange(&random_, kVectorSize - 1, kVectorSize, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+}
+
+// Because we use our own random number generator and a fixed seed,
+// we can guarantee that the following "random" tests will succeed.
+
+TEST_F(VectorShuffleTest, ShufflesEntireVector) {
+  Shuffle(&random_, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_FALSE(VectorIsUnshuffled(vector_)) << vector_;
+
+  // Tests the first and last elements in particular to ensure that
+  // there are no off-by-one problems in our shuffle algorithm.
+  EXPECT_NE(0, vector_[0]);
+  EXPECT_NE(kVectorSize - 1, vector_[kVectorSize - 1]);
+}
+
+TEST_F(VectorShuffleTest, ShufflesStartOfVector) {
+  const int kRangeSize = kVectorSize/2;
+
+  ShuffleRange(&random_, 0, kRangeSize, &vector_);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_PRED3(RangeIsShuffled, vector_, 0, kRangeSize);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, kRangeSize, kVectorSize);
+}
+
+TEST_F(VectorShuffleTest, ShufflesEndOfVector) {
+  const int kRangeSize = kVectorSize / 2;
+  ShuffleRange(&random_, kRangeSize, kVectorSize, &vector_);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, 0, kRangeSize);
+  EXPECT_PRED3(RangeIsShuffled, vector_, kRangeSize, kVectorSize);
+}
+
+TEST_F(VectorShuffleTest, ShufflesMiddleOfVector) {
+  int kRangeSize = kVectorSize/3;
+  ShuffleRange(&random_, kRangeSize, 2*kRangeSize, &vector_);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, 0, kRangeSize);
+  EXPECT_PRED3(RangeIsShuffled, vector_, kRangeSize, 2*kRangeSize);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, 2*kRangeSize, kVectorSize);
+}
+
+TEST_F(VectorShuffleTest, ShufflesRepeatably) {
+  TestingVector vector2;
+  for (int i = 0; i < kVectorSize; i++) {
+    vector2.push_back(i);
+  }
+
+  random_.Reseed(1234);
+  Shuffle(&random_, &vector_);
+  random_.Reseed(1234);
+  Shuffle(&random_, &vector2);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector2);
+
+  for (int i = 0; i < kVectorSize; i++) {
+    EXPECT_EQ(vector_[i], vector2[i]) << " where i is " << i;
+  }
+}
+
+// Tests the size of the AssertHelper class.
+
+TEST(AssertHelperTest, AssertHelperIsSmall) {
+  // To avoid breaking clients that use lots of assertions in one
+  // function, we cannot grow the size of AssertHelper.
+  EXPECT_LE(sizeof(testing::internal::AssertHelper), sizeof(void*));
+}
+
+// Tests String::EndsWithCaseInsensitive().
+TEST(StringTest, EndsWithCaseInsensitive) {
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("foobar", "BAR"));
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("foobaR", "bar"));
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("foobar", ""));
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("", ""));
+
+  EXPECT_FALSE(String::EndsWithCaseInsensitive("Foobar", "foo"));
+  EXPECT_FALSE(String::EndsWithCaseInsensitive("foobar", "Foo"));
+  EXPECT_FALSE(String::EndsWithCaseInsensitive("", "foo"));
+}
+
+// C++Builder's preprocessor is buggy; it fails to expand macros that
+// appear in macro parameters after wide char literals.  Provide an alias
+// for NULL as a workaround.
+static const wchar_t* const kNull = NULL;
+
+// Tests String::CaseInsensitiveWideCStringEquals
+TEST(StringTest, CaseInsensitiveWideCStringEquals) {
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(NULL, NULL));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(kNull, L""));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(L"", kNull));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(kNull, L"foobar"));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(L"foobar", kNull));
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(L"foobar", L"foobar"));
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(L"foobar", L"FOOBAR"));
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(L"FOOBAR", L"foobar"));
+}
+
+#if GTEST_OS_WINDOWS
+
+// Tests String::ShowWideCString().
+TEST(StringTest, ShowWideCString) {
+  EXPECT_STREQ("(null)",
+               String::ShowWideCString(NULL).c_str());
+  EXPECT_STREQ("", String::ShowWideCString(L"").c_str());
+  EXPECT_STREQ("foo", String::ShowWideCString(L"foo").c_str());
+}
+
+# if GTEST_OS_WINDOWS_MOBILE
+TEST(StringTest, AnsiAndUtf16Null) {
+  EXPECT_EQ(NULL, String::AnsiToUtf16(NULL));
+  EXPECT_EQ(NULL, String::Utf16ToAnsi(NULL));
+}
+
+TEST(StringTest, AnsiAndUtf16ConvertBasic) {
+  const char* ansi = String::Utf16ToAnsi(L"str");
+  EXPECT_STREQ("str", ansi);
+  delete [] ansi;
+  const WCHAR* utf16 = String::AnsiToUtf16("str");
+  EXPECT_EQ(0, wcsncmp(L"str", utf16, 3));
+  delete [] utf16;
+}
+
+TEST(StringTest, AnsiAndUtf16ConvertPathChars) {
+  const char* ansi = String::Utf16ToAnsi(L".:\\ \"*?");
+  EXPECT_STREQ(".:\\ \"*?", ansi);
+  delete [] ansi;
+  const WCHAR* utf16 = String::AnsiToUtf16(".:\\ \"*?");
+  EXPECT_EQ(0, wcsncmp(L".:\\ \"*?", utf16, 3));
+  delete [] utf16;
+}
+# endif  // GTEST_OS_WINDOWS_MOBILE
+
+#endif  // GTEST_OS_WINDOWS
+
+// Tests TestProperty construction.
+TEST(TestPropertyTest, StringValue) {
+  TestProperty property("key", "1");
+  EXPECT_STREQ("key", property.key());
+  EXPECT_STREQ("1", property.value());
+}
+
+// Tests TestProperty replacing a value.
+TEST(TestPropertyTest, ReplaceStringValue) {
+  TestProperty property("key", "1");
+  EXPECT_STREQ("1", property.value());
+  property.SetValue("2");
+  EXPECT_STREQ("2", property.value());
+}
+
+// AddFatalFailure() and AddNonfatalFailure() must be stand-alone
+// functions (i.e. their definitions cannot be inlined at the call
+// sites), or C++Builder won't compile the code.
+static void AddFatalFailure() {
+  FAIL() << "Expected fatal failure.";
+}
+
+static void AddNonfatalFailure() {
+  ADD_FAILURE() << "Expected non-fatal failure.";
+}
+
+class ScopedFakeTestPartResultReporterTest : public Test {
+ public:  // Must be public and not protected due to a bug in g++ 3.4.2.
+  enum FailureMode {
+    FATAL_FAILURE,
+    NONFATAL_FAILURE
+  };
+  static void AddFailure(FailureMode failure) {
+    if (failure == FATAL_FAILURE) {
+      AddFatalFailure();
+    } else {
+      AddNonfatalFailure();
+    }
+  }
+};
+
+// Tests that ScopedFakeTestPartResultReporter intercepts test
+// failures.
+TEST_F(ScopedFakeTestPartResultReporterTest, InterceptsTestFailures) {
+  TestPartResultArray results;
+  {
+    ScopedFakeTestPartResultReporter reporter(
+        ScopedFakeTestPartResultReporter::INTERCEPT_ONLY_CURRENT_THREAD,
+        &results);
+    AddFailure(NONFATAL_FAILURE);
+    AddFailure(FATAL_FAILURE);
+  }
+
+  EXPECT_EQ(2, results.size());
+  EXPECT_TRUE(results.GetTestPartResult(0).nonfatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(1).fatally_failed());
+}
+
+TEST_F(ScopedFakeTestPartResultReporterTest, DeprecatedConstructor) {
+  TestPartResultArray results;
+  {
+    // Tests, that the deprecated constructor still works.
+    ScopedFakeTestPartResultReporter reporter(&results);
+    AddFailure(NONFATAL_FAILURE);
+  }
+  EXPECT_EQ(1, results.size());
+}
+
+#if GTEST_IS_THREADSAFE
+
+class ScopedFakeTestPartResultReporterWithThreadsTest
+  : public ScopedFakeTestPartResultReporterTest {
+ protected:
+  static void AddFailureInOtherThread(FailureMode failure) {
+    ThreadWithParam<FailureMode> thread(&AddFailure, failure, NULL);
+    thread.Join();
+  }
+};
+
+TEST_F(ScopedFakeTestPartResultReporterWithThreadsTest,
+       InterceptsTestFailuresInAllThreads) {
+  TestPartResultArray results;
+  {
+    ScopedFakeTestPartResultReporter reporter(
+        ScopedFakeTestPartResultReporter::INTERCEPT_ALL_THREADS, &results);
+    AddFailure(NONFATAL_FAILURE);
+    AddFailure(FATAL_FAILURE);
+    AddFailureInOtherThread(NONFATAL_FAILURE);
+    AddFailureInOtherThread(FATAL_FAILURE);
+  }
+
+  EXPECT_EQ(4, results.size());
+  EXPECT_TRUE(results.GetTestPartResult(0).nonfatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(1).fatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(2).nonfatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(3).fatally_failed());
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+// Tests EXPECT_FATAL_FAILURE{,ON_ALL_THREADS}.  Makes sure that they
+// work even if the failure is generated in a called function rather than
+// the current context.
+
+typedef ScopedFakeTestPartResultReporterTest ExpectFatalFailureTest;
+
+TEST_F(ExpectFatalFailureTest, CatchesFatalFaliure) {
+  EXPECT_FATAL_FAILURE(AddFatalFailure(), "Expected fatal failure.");
+}
+
+#if GTEST_HAS_GLOBAL_STRING
+TEST_F(ExpectFatalFailureTest, AcceptsStringObject) {
+  EXPECT_FATAL_FAILURE(AddFatalFailure(), ::string("Expected fatal failure."));
+}
+#endif
+
+TEST_F(ExpectFatalFailureTest, AcceptsStdStringObject) {
+  EXPECT_FATAL_FAILURE(AddFatalFailure(),
+                       ::std::string("Expected fatal failure."));
+}
+
+TEST_F(ExpectFatalFailureTest, CatchesFatalFailureOnAllThreads) {
+  // We have another test below to verify that the macro catches fatal
+  // failures generated on another thread.
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFatalFailure(),
+                                      "Expected fatal failure.");
+}
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true"
+# pragma option push -w-ccc
+#endif
+
+// Tests that EXPECT_FATAL_FAILURE() can be used in a non-void
+// function even when the statement in it contains ASSERT_*.
+
+int NonVoidFunction() {
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(false), "");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(FAIL(), "");
+  return 0;
+}
+
+TEST_F(ExpectFatalFailureTest, CanBeUsedInNonVoidFunction) {
+  NonVoidFunction();
+}
+
+// Tests that EXPECT_FATAL_FAILURE(statement, ...) doesn't abort the
+// current function even though 'statement' generates a fatal failure.
+
+void DoesNotAbortHelper(bool* aborted) {
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(false), "");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(FAIL(), "");
+
+  *aborted = false;
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" suppressed them.
+# pragma option pop
+#endif
+
+TEST_F(ExpectFatalFailureTest, DoesNotAbort) {
+  bool aborted = true;
+  DoesNotAbortHelper(&aborted);
+  EXPECT_FALSE(aborted);
+}
+
+// Tests that the EXPECT_FATAL_FAILURE{,_ON_ALL_THREADS} accepts a
+// statement that contains a macro which expands to code containing an
+// unprotected comma.
+
+static int global_var = 0;
+#define GTEST_USE_UNPROTECTED_COMMA_ global_var++, global_var++
+
+TEST_F(ExpectFatalFailureTest, AcceptsMacroThatExpandsToUnprotectedComma) {
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddFatalFailure();
+  }, "");
+#endif
+
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddFatalFailure();
+  }, "");
+}
+
+// Tests EXPECT_NONFATAL_FAILURE{,ON_ALL_THREADS}.
+
+typedef ScopedFakeTestPartResultReporterTest ExpectNonfatalFailureTest;
+
+TEST_F(ExpectNonfatalFailureTest, CatchesNonfatalFailure) {
+  EXPECT_NONFATAL_FAILURE(AddNonfatalFailure(),
+                          "Expected non-fatal failure.");
+}
+
+#if GTEST_HAS_GLOBAL_STRING
+TEST_F(ExpectNonfatalFailureTest, AcceptsStringObject) {
+  EXPECT_NONFATAL_FAILURE(AddNonfatalFailure(),
+                          ::string("Expected non-fatal failure."));
+}
+#endif
+
+TEST_F(ExpectNonfatalFailureTest, AcceptsStdStringObject) {
+  EXPECT_NONFATAL_FAILURE(AddNonfatalFailure(),
+                          ::std::string("Expected non-fatal failure."));
+}
+
+TEST_F(ExpectNonfatalFailureTest, CatchesNonfatalFailureOnAllThreads) {
+  // We have another test below to verify that the macro catches
+  // non-fatal failures generated on another thread.
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(AddNonfatalFailure(),
+                                         "Expected non-fatal failure.");
+}
+
+// Tests that the EXPECT_NONFATAL_FAILURE{,_ON_ALL_THREADS} accepts a
+// statement that contains a macro which expands to code containing an
+// unprotected comma.
+TEST_F(ExpectNonfatalFailureTest, AcceptsMacroThatExpandsToUnprotectedComma) {
+  EXPECT_NONFATAL_FAILURE({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddNonfatalFailure();
+  }, "");
+
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddNonfatalFailure();
+  }, "");
+}
+
+#if GTEST_IS_THREADSAFE
+
+typedef ScopedFakeTestPartResultReporterWithThreadsTest
+    ExpectFailureWithThreadsTest;
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectFatalFailureOnAllThreads) {
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFailureInOtherThread(FATAL_FAILURE),
+                                      "Expected fatal failure.");
+}
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectNonFatalFailureOnAllThreads) {
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(
+      AddFailureInOtherThread(NONFATAL_FAILURE), "Expected non-fatal failure.");
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+// Tests the TestProperty class.
+
+TEST(TestPropertyTest, ConstructorWorks) {
+  const TestProperty property("key", "value");
+  EXPECT_STREQ("key", property.key());
+  EXPECT_STREQ("value", property.value());
+}
+
+TEST(TestPropertyTest, SetValue) {
+  TestProperty property("key", "value_1");
+  EXPECT_STREQ("key", property.key());
+  property.SetValue("value_2");
+  EXPECT_STREQ("key", property.key());
+  EXPECT_STREQ("value_2", property.value());
+}
+
+// Tests the TestResult class
+
+// The test fixture for testing TestResult.
+class TestResultTest : public Test {
+ protected:
+  typedef std::vector<TestPartResult> TPRVector;
+
+  // We make use of 2 TestPartResult objects,
+  TestPartResult * pr1, * pr2;
+
+  // ... and 3 TestResult objects.
+  TestResult * r0, * r1, * r2;
+
+  virtual void SetUp() {
+    // pr1 is for success.
+    pr1 = new TestPartResult(TestPartResult::kSuccess,
+                             "foo/bar.cc",
+                             10,
+                             "Success!");
+
+    // pr2 is for fatal failure.
+    pr2 = new TestPartResult(TestPartResult::kFatalFailure,
+                             "foo/bar.cc",
+                             -1,  // This line number means "unknown"
+                             "Failure!");
+
+    // Creates the TestResult objects.
+    r0 = new TestResult();
+    r1 = new TestResult();
+    r2 = new TestResult();
+
+    // In order to test TestResult, we need to modify its internal
+    // state, in particular the TestPartResult vector it holds.
+    // test_part_results() returns a const reference to this vector.
+    // We cast it to a non-const object s.t. it can be modified (yes,
+    // this is a hack).
+    TPRVector* results1 = const_cast<TPRVector*>(
+        &TestResultAccessor::test_part_results(*r1));
+    TPRVector* results2 = const_cast<TPRVector*>(
+        &TestResultAccessor::test_part_results(*r2));
+
+    // r0 is an empty TestResult.
+
+    // r1 contains a single SUCCESS TestPartResult.
+    results1->push_back(*pr1);
+
+    // r2 contains a SUCCESS, and a FAILURE.
+    results2->push_back(*pr1);
+    results2->push_back(*pr2);
+  }
+
+  virtual void TearDown() {
+    delete pr1;
+    delete pr2;
+
+    delete r0;
+    delete r1;
+    delete r2;
+  }
+
+  // Helper that compares two two TestPartResults.
+  static void CompareTestPartResult(const TestPartResult& expected,
+                                    const TestPartResult& actual) {
+    EXPECT_EQ(expected.type(), actual.type());
+    EXPECT_STREQ(expected.file_name(), actual.file_name());
+    EXPECT_EQ(expected.line_number(), actual.line_number());
+    EXPECT_STREQ(expected.summary(), actual.summary());
+    EXPECT_STREQ(expected.message(), actual.message());
+    EXPECT_EQ(expected.passed(), actual.passed());
+    EXPECT_EQ(expected.failed(), actual.failed());
+    EXPECT_EQ(expected.nonfatally_failed(), actual.nonfatally_failed());
+    EXPECT_EQ(expected.fatally_failed(), actual.fatally_failed());
+  }
+};
+
+// Tests TestResult::total_part_count().
+TEST_F(TestResultTest, total_part_count) {
+  ASSERT_EQ(0, r0->total_part_count());
+  ASSERT_EQ(1, r1->total_part_count());
+  ASSERT_EQ(2, r2->total_part_count());
+}
+
+// Tests TestResult::Passed().
+TEST_F(TestResultTest, Passed) {
+  ASSERT_TRUE(r0->Passed());
+  ASSERT_TRUE(r1->Passed());
+  ASSERT_FALSE(r2->Passed());
+}
+
+// Tests TestResult::Failed().
+TEST_F(TestResultTest, Failed) {
+  ASSERT_FALSE(r0->Failed());
+  ASSERT_FALSE(r1->Failed());
+  ASSERT_TRUE(r2->Failed());
+}
+
+// Tests TestResult::GetTestPartResult().
+
+typedef TestResultTest TestResultDeathTest;
+
+TEST_F(TestResultDeathTest, GetTestPartResult) {
+  CompareTestPartResult(*pr1, r2->GetTestPartResult(0));
+  CompareTestPartResult(*pr2, r2->GetTestPartResult(1));
+  EXPECT_DEATH_IF_SUPPORTED(r2->GetTestPartResult(2), "");
+  EXPECT_DEATH_IF_SUPPORTED(r2->GetTestPartResult(-1), "");
+}
+
+// Tests TestResult has no properties when none are added.
+TEST(TestResultPropertyTest, NoPropertiesFoundWhenNoneAreAdded) {
+  TestResult test_result;
+  ASSERT_EQ(0, test_result.test_property_count());
+}
+
+// Tests TestResult has the expected property when added.
+TEST(TestResultPropertyTest, OnePropertyFoundWhenAdded) {
+  TestResult test_result;
+  TestProperty property("key_1", "1");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property);
+  ASSERT_EQ(1, test_result.test_property_count());
+  const TestProperty& actual_property = test_result.GetTestProperty(0);
+  EXPECT_STREQ("key_1", actual_property.key());
+  EXPECT_STREQ("1", actual_property.value());
+}
+
+// Tests TestResult has multiple properties when added.
+TEST(TestResultPropertyTest, MultiplePropertiesFoundWhenAdded) {
+  TestResult test_result;
+  TestProperty property_1("key_1", "1");
+  TestProperty property_2("key_2", "2");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2);
+  ASSERT_EQ(2, test_result.test_property_count());
+  const TestProperty& actual_property_1 = test_result.GetTestProperty(0);
+  EXPECT_STREQ("key_1", actual_property_1.key());
+  EXPECT_STREQ("1", actual_property_1.value());
+
+  const TestProperty& actual_property_2 = test_result.GetTestProperty(1);
+  EXPECT_STREQ("key_2", actual_property_2.key());
+  EXPECT_STREQ("2", actual_property_2.value());
+}
+
+// Tests TestResult::RecordProperty() overrides values for duplicate keys.
+TEST(TestResultPropertyTest, OverridesValuesForDuplicateKeys) {
+  TestResult test_result;
+  TestProperty property_1_1("key_1", "1");
+  TestProperty property_2_1("key_2", "2");
+  TestProperty property_1_2("key_1", "12");
+  TestProperty property_2_2("key_2", "22");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1_2);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2_2);
+
+  ASSERT_EQ(2, test_result.test_property_count());
+  const TestProperty& actual_property_1 = test_result.GetTestProperty(0);
+  EXPECT_STREQ("key_1", actual_property_1.key());
+  EXPECT_STREQ("12", actual_property_1.value());
+
+  const TestProperty& actual_property_2 = test_result.GetTestProperty(1);
+  EXPECT_STREQ("key_2", actual_property_2.key());
+  EXPECT_STREQ("22", actual_property_2.value());
+}
+
+// Tests TestResult::GetTestProperty().
+TEST(TestResultPropertyTest, GetTestProperty) {
+  TestResult test_result;
+  TestProperty property_1("key_1", "1");
+  TestProperty property_2("key_2", "2");
+  TestProperty property_3("key_3", "3");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_3);
+
+  const TestProperty& fetched_property_1 = test_result.GetTestProperty(0);
+  const TestProperty& fetched_property_2 = test_result.GetTestProperty(1);
+  const TestProperty& fetched_property_3 = test_result.GetTestProperty(2);
+
+  EXPECT_STREQ("key_1", fetched_property_1.key());
+  EXPECT_STREQ("1", fetched_property_1.value());
+
+  EXPECT_STREQ("key_2", fetched_property_2.key());
+  EXPECT_STREQ("2", fetched_property_2.value());
+
+  EXPECT_STREQ("key_3", fetched_property_3.key());
+  EXPECT_STREQ("3", fetched_property_3.value());
+
+  EXPECT_DEATH_IF_SUPPORTED(test_result.GetTestProperty(3), "");
+  EXPECT_DEATH_IF_SUPPORTED(test_result.GetTestProperty(-1), "");
+}
+
+// Tests that GTestFlagSaver works on Windows and Mac.
+
+class GTestFlagSaverTest : public Test {
+ protected:
+  // Saves the Google Test flags such that we can restore them later, and
+  // then sets them to their default values.  This will be called
+  // before the first test in this test case is run.
+  static void SetUpTestCase() {
+    saver_ = new GTestFlagSaver;
+
+    GTEST_FLAG(also_run_disabled_tests) = false;
+    GTEST_FLAG(break_on_failure) = false;
+    GTEST_FLAG(catch_exceptions) = false;
+    GTEST_FLAG(death_test_use_fork) = false;
+    GTEST_FLAG(color) = "auto";
+    GTEST_FLAG(filter) = "";
+    GTEST_FLAG(list_tests) = false;
+    GTEST_FLAG(output) = "";
+    GTEST_FLAG(print_time) = true;
+    GTEST_FLAG(random_seed) = 0;
+    GTEST_FLAG(repeat) = 1;
+    GTEST_FLAG(shuffle) = false;
+    GTEST_FLAG(stack_trace_depth) = kMaxStackTraceDepth;
+    GTEST_FLAG(stream_result_to) = "";
+    GTEST_FLAG(throw_on_failure) = false;
+  }
+
+  // Restores the Google Test flags that the tests have modified.  This will
+  // be called after the last test in this test case is run.
+  static void TearDownTestCase() {
+    delete saver_;
+    saver_ = NULL;
+  }
+
+  // Verifies that the Google Test flags have their default values, and then
+  // modifies each of them.
+  void VerifyAndModifyFlags() {
+    EXPECT_FALSE(GTEST_FLAG(also_run_disabled_tests));
+    EXPECT_FALSE(GTEST_FLAG(break_on_failure));
+    EXPECT_FALSE(GTEST_FLAG(catch_exceptions));
+    EXPECT_STREQ("auto", GTEST_FLAG(color).c_str());
+    EXPECT_FALSE(GTEST_FLAG(death_test_use_fork));
+    EXPECT_STREQ("", GTEST_FLAG(filter).c_str());
+    EXPECT_FALSE(GTEST_FLAG(list_tests));
+    EXPECT_STREQ("", GTEST_FLAG(output).c_str());
+    EXPECT_TRUE(GTEST_FLAG(print_time));
+    EXPECT_EQ(0, GTEST_FLAG(random_seed));
+    EXPECT_EQ(1, GTEST_FLAG(repeat));
+    EXPECT_FALSE(GTEST_FLAG(shuffle));
+    EXPECT_EQ(kMaxStackTraceDepth, GTEST_FLAG(stack_trace_depth));
+    EXPECT_STREQ("", GTEST_FLAG(stream_result_to).c_str());
+    EXPECT_FALSE(GTEST_FLAG(throw_on_failure));
+
+    GTEST_FLAG(also_run_disabled_tests) = true;
+    GTEST_FLAG(break_on_failure) = true;
+    GTEST_FLAG(catch_exceptions) = true;
+    GTEST_FLAG(color) = "no";
+    GTEST_FLAG(death_test_use_fork) = true;
+    GTEST_FLAG(filter) = "abc";
+    GTEST_FLAG(list_tests) = true;
+    GTEST_FLAG(output) = "xml:foo.xml";
+    GTEST_FLAG(print_time) = false;
+    GTEST_FLAG(random_seed) = 1;
+    GTEST_FLAG(repeat) = 100;
+    GTEST_FLAG(shuffle) = true;
+    GTEST_FLAG(stack_trace_depth) = 1;
+    GTEST_FLAG(stream_result_to) = "localhost:1234";
+    GTEST_FLAG(throw_on_failure) = true;
+  }
+
+ private:
+  // For saving Google Test flags during this test case.
+  static GTestFlagSaver* saver_;
+};
+
+GTestFlagSaver* GTestFlagSaverTest::saver_ = NULL;
+
+// Google Test doesn't guarantee the order of tests.  The following two
+// tests are designed to work regardless of their order.
+
+// Modifies the Google Test flags in the test body.
+TEST_F(GTestFlagSaverTest, ModifyGTestFlags) {
+  VerifyAndModifyFlags();
+}
+
+// Verifies that the Google Test flags in the body of the previous test were
+// restored to their original values.
+TEST_F(GTestFlagSaverTest, VerifyGTestFlags) {
+  VerifyAndModifyFlags();
+}
+
+// Sets an environment variable with the given name to the given
+// value.  If the value argument is "", unsets the environment
+// variable.  The caller must ensure that both arguments are not NULL.
+static void SetEnv(const char* name, const char* value) {
+#if GTEST_OS_WINDOWS_MOBILE
+  // Environment variables are not supported on Windows CE.
+  return;
+#elif defined(__BORLANDC__) || defined(__SunOS_5_8) || defined(__SunOS_5_9)
+  // C++Builder's putenv only stores a pointer to its parameter; we have to
+  // ensure that the string remains valid as long as it might be needed.
+  // We use an std::map to do so.
+  static std::map<std::string, std::string*> added_env;
+
+  // Because putenv stores a pointer to the string buffer, we can't delete the
+  // previous string (if present) until after it's replaced.
+  std::string *prev_env = NULL;
+  if (added_env.find(name) != added_env.end()) {
+    prev_env = added_env[name];
+  }
+  added_env[name] = new std::string(
+      (Message() << name << "=" << value).GetString());
+
+  // The standard signature of putenv accepts a 'char*' argument. Other
+  // implementations, like C++Builder's, accept a 'const char*'.
+  // We cast away the 'const' since that would work for both variants.
+  putenv(const_cast<char*>(added_env[name]->c_str()));
+  delete prev_env;
+#elif GTEST_OS_WINDOWS  // If we are on Windows proper.
+  _putenv((Message() << name << "=" << value).GetString().c_str());
+#else
+  if (*value == '\0') {
+    unsetenv(name);
+  } else {
+    setenv(name, value, 1);
+  }
+#endif  // GTEST_OS_WINDOWS_MOBILE
+}
+
+#if !GTEST_OS_WINDOWS_MOBILE
+// Environment variables are not supported on Windows CE.
+
+using testing::internal::Int32FromGTestEnv;
+
+// Tests Int32FromGTestEnv().
+
+// Tests that Int32FromGTestEnv() returns the default value when the
+// environment variable is not set.
+TEST(Int32FromGTestEnvTest, ReturnsDefaultWhenVariableIsNotSet) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "");
+  EXPECT_EQ(10, Int32FromGTestEnv("temp", 10));
+}
+
+// Tests that Int32FromGTestEnv() returns the default value when the
+// environment variable overflows as an Int32.
+TEST(Int32FromGTestEnvTest, ReturnsDefaultWhenValueOverflows) {
+  printf("(expecting 2 warnings)\n");
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "12345678987654321");
+  EXPECT_EQ(20, Int32FromGTestEnv("temp", 20));
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "-12345678987654321");
+  EXPECT_EQ(30, Int32FromGTestEnv("temp", 30));
+}
+
+// Tests that Int32FromGTestEnv() returns the default value when the
+// environment variable does not represent a valid decimal integer.
+TEST(Int32FromGTestEnvTest, ReturnsDefaultWhenValueIsInvalid) {
+  printf("(expecting 2 warnings)\n");
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "A1");
+  EXPECT_EQ(40, Int32FromGTestEnv("temp", 40));
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "12X");
+  EXPECT_EQ(50, Int32FromGTestEnv("temp", 50));
+}
+
+// Tests that Int32FromGTestEnv() parses and returns the value of the
+// environment variable when it represents a valid decimal integer in
+// the range of an Int32.
+TEST(Int32FromGTestEnvTest, ParsesAndReturnsValidValue) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "123");
+  EXPECT_EQ(123, Int32FromGTestEnv("temp", 0));
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "-321");
+  EXPECT_EQ(-321, Int32FromGTestEnv("temp", 0));
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+// Tests ParseInt32Flag().
+
+// Tests that ParseInt32Flag() returns false and doesn't change the
+// output value when the flag has wrong format
+TEST(ParseInt32FlagTest, ReturnsFalseForInvalidFlag) {
+  Int32 value = 123;
+  EXPECT_FALSE(ParseInt32Flag("--a=100", "b", &value));
+  EXPECT_EQ(123, value);
+
+  EXPECT_FALSE(ParseInt32Flag("a=100", "a", &value));
+  EXPECT_EQ(123, value);
+}
+
+// Tests that ParseInt32Flag() returns false and doesn't change the
+// output value when the flag overflows as an Int32.
+TEST(ParseInt32FlagTest, ReturnsDefaultWhenValueOverflows) {
+  printf("(expecting 2 warnings)\n");
+
+  Int32 value = 123;
+  EXPECT_FALSE(ParseInt32Flag("--abc=12345678987654321", "abc", &value));
+  EXPECT_EQ(123, value);
+
+  EXPECT_FALSE(ParseInt32Flag("--abc=-12345678987654321", "abc", &value));
+  EXPECT_EQ(123, value);
+}
+
+// Tests that ParseInt32Flag() returns false and doesn't change the
+// output value when the flag does not represent a valid decimal
+// integer.
+TEST(ParseInt32FlagTest, ReturnsDefaultWhenValueIsInvalid) {
+  printf("(expecting 2 warnings)\n");
+
+  Int32 value = 123;
+  EXPECT_FALSE(ParseInt32Flag("--abc=A1", "abc", &value));
+  EXPECT_EQ(123, value);
+
+  EXPECT_FALSE(ParseInt32Flag("--abc=12X", "abc", &value));
+  EXPECT_EQ(123, value);
+}
+
+// Tests that ParseInt32Flag() parses the value of the flag and
+// returns true when the flag represents a valid decimal integer in
+// the range of an Int32.
+TEST(ParseInt32FlagTest, ParsesAndReturnsValidValue) {
+  Int32 value = 123;
+  EXPECT_TRUE(ParseInt32Flag("--" GTEST_FLAG_PREFIX_ "abc=456", "abc", &value));
+  EXPECT_EQ(456, value);
+
+  EXPECT_TRUE(ParseInt32Flag("--" GTEST_FLAG_PREFIX_ "abc=-789",
+                             "abc", &value));
+  EXPECT_EQ(-789, value);
+}
+
+// Tests that Int32FromEnvOrDie() parses the value of the var or
+// returns the correct default.
+// Environment variables are not supported on Windows CE.
+#if !GTEST_OS_WINDOWS_MOBILE
+TEST(Int32FromEnvOrDieTest, ParsesAndReturnsValidValue) {
+  EXPECT_EQ(333, Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", 333));
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", "123");
+  EXPECT_EQ(123, Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", 333));
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", "-123");
+  EXPECT_EQ(-123, Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", 333));
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+// Tests that Int32FromEnvOrDie() aborts with an error message
+// if the variable is not an Int32.
+TEST(Int32FromEnvOrDieDeathTest, AbortsOnFailure) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "VAR", "xxx");
+  EXPECT_DEATH_IF_SUPPORTED(
+      Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "VAR", 123),
+      ".*");
+}
+
+// Tests that Int32FromEnvOrDie() aborts with an error message
+// if the variable cannot be represnted by an Int32.
+TEST(Int32FromEnvOrDieDeathTest, AbortsOnInt32Overflow) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "VAR", "1234567891234567891234");
+  EXPECT_DEATH_IF_SUPPORTED(
+      Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "VAR", 123),
+      ".*");
+}
+
+// Tests that ShouldRunTestOnShard() selects all tests
+// where there is 1 shard.
+TEST(ShouldRunTestOnShardTest, IsPartitionWhenThereIsOneShard) {
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 0));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 1));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 2));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 3));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 4));
+}
+
+class ShouldShardTest : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    index_var_ = GTEST_FLAG_PREFIX_UPPER_ "INDEX";
+    total_var_ = GTEST_FLAG_PREFIX_UPPER_ "TOTAL";
+  }
+
+  virtual void TearDown() {
+    SetEnv(index_var_, "");
+    SetEnv(total_var_, "");
+  }
+
+  const char* index_var_;
+  const char* total_var_;
+};
+
+// Tests that sharding is disabled if neither of the environment variables
+// are set.
+TEST_F(ShouldShardTest, ReturnsFalseWhenNeitherEnvVarIsSet) {
+  SetEnv(index_var_, "");
+  SetEnv(total_var_, "");
+
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+}
+
+// Tests that sharding is not enabled if total_shards  == 1.
+TEST_F(ShouldShardTest, ReturnsFalseWhenTotalShardIsOne) {
+  SetEnv(index_var_, "0");
+  SetEnv(total_var_, "1");
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+}
+
+// Tests that sharding is enabled if total_shards > 1 and
+// we are not in a death test subprocess.
+// Environment variables are not supported on Windows CE.
+#if !GTEST_OS_WINDOWS_MOBILE
+TEST_F(ShouldShardTest, WorksWhenShardEnvVarsAreValid) {
+  SetEnv(index_var_, "4");
+  SetEnv(total_var_, "22");
+  EXPECT_TRUE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+
+  SetEnv(index_var_, "8");
+  SetEnv(total_var_, "9");
+  EXPECT_TRUE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+
+  SetEnv(index_var_, "0");
+  SetEnv(total_var_, "9");
+  EXPECT_TRUE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+// Tests that we exit in error if the sharding values are not valid.
+
+typedef ShouldShardTest ShouldShardDeathTest;
+
+TEST_F(ShouldShardDeathTest, AbortsWhenShardingEnvVarsAreInvalid) {
+  SetEnv(index_var_, "4");
+  SetEnv(total_var_, "4");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+
+  SetEnv(index_var_, "4");
+  SetEnv(total_var_, "-2");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+
+  SetEnv(index_var_, "5");
+  SetEnv(total_var_, "");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+
+  SetEnv(index_var_, "");
+  SetEnv(total_var_, "5");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+}
+
+// Tests that ShouldRunTestOnShard is a partition when 5
+// shards are used.
+TEST(ShouldRunTestOnShardTest, IsPartitionWhenThereAreFiveShards) {
+  // Choose an arbitrary number of tests and shards.
+  const int num_tests = 17;
+  const int num_shards = 5;
+
+  // Check partitioning: each test should be on exactly 1 shard.
+  for (int test_id = 0; test_id < num_tests; test_id++) {
+    int prev_selected_shard_index = -1;
+    for (int shard_index = 0; shard_index < num_shards; shard_index++) {
+      if (ShouldRunTestOnShard(num_shards, shard_index, test_id)) {
+        if (prev_selected_shard_index < 0) {
+          prev_selected_shard_index = shard_index;
+        } else {
+          ADD_FAILURE() << "Shard " << prev_selected_shard_index << " and "
+            << shard_index << " are both selected to run test " << test_id;
+        }
+      }
+    }
+  }
+
+  // Check balance: This is not required by the sharding protocol, but is a
+  // desirable property for performance.
+  for (int shard_index = 0; shard_index < num_shards; shard_index++) {
+    int num_tests_on_shard = 0;
+    for (int test_id = 0; test_id < num_tests; test_id++) {
+      num_tests_on_shard +=
+        ShouldRunTestOnShard(num_shards, shard_index, test_id);
+    }
+    EXPECT_GE(num_tests_on_shard, num_tests / num_shards);
+  }
+}
+
+// For the same reason we are not explicitly testing everything in the
+// Test class, there are no separate tests for the following classes
+// (except for some trivial cases):
+//
+//   TestCase, UnitTest, UnitTestResultPrinter.
+//
+// Similarly, there are no separate tests for the following macros:
+//
+//   TEST, TEST_F, RUN_ALL_TESTS
+
+TEST(UnitTestTest, CanGetOriginalWorkingDir) {
+  ASSERT_TRUE(UnitTest::GetInstance()->original_working_dir() != NULL);
+  EXPECT_STRNE(UnitTest::GetInstance()->original_working_dir(), "");
+}
+
+TEST(UnitTestTest, ReturnsPlausibleTimestamp) {
+  EXPECT_LT(0, UnitTest::GetInstance()->start_timestamp());
+  EXPECT_LE(UnitTest::GetInstance()->start_timestamp(), GetTimeInMillis());
+}
+
+// When a property using a reserved key is supplied to this function, it
+// tests that a non-fatal failure is added, a fatal failure is not added,
+// and that the property is not recorded.
+void ExpectNonFatalFailureRecordingPropertyWithReservedKey(
+    const TestResult& test_result, const char* key) {
+  EXPECT_NONFATAL_FAILURE(Test::RecordProperty(key, "1"), "Reserved key");
+  ASSERT_EQ(0, test_result.test_property_count()) << "Property for key '" << key
+                                                  << "' recorded unexpectedly.";
+}
+
+void ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+    const char* key) {
+  const TestInfo* test_info = UnitTest::GetInstance()->current_test_info();
+  ASSERT_TRUE(test_info != NULL);
+  ExpectNonFatalFailureRecordingPropertyWithReservedKey(*test_info->result(),
+                                                        key);
+}
+
+void ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+    const char* key) {
+  const TestCase* test_case = UnitTest::GetInstance()->current_test_case();
+  ASSERT_TRUE(test_case != NULL);
+  ExpectNonFatalFailureRecordingPropertyWithReservedKey(
+      test_case->ad_hoc_test_result(), key);
+}
+
+void ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+    const char* key) {
+  ExpectNonFatalFailureRecordingPropertyWithReservedKey(
+      UnitTest::GetInstance()->ad_hoc_test_result(), key);
+}
+
+// Tests that property recording functions in UnitTest outside of tests
+// functions correcly.  Creating a separate instance of UnitTest ensures it
+// is in a state similar to the UnitTest's singleton's between tests.
+class UnitTestRecordPropertyTest :
+    public testing::internal::UnitTestRecordPropertyTestHelper {
+ public:
+  static void SetUpTestCase() {
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "disabled");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "errors");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "failures");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "name");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "tests");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "time");
+
+    Test::RecordProperty("test_case_key_1", "1");
+    const TestCase* test_case = UnitTest::GetInstance()->current_test_case();
+    ASSERT_TRUE(test_case != NULL);
+
+    ASSERT_EQ(1, test_case->ad_hoc_test_result().test_property_count());
+    EXPECT_STREQ("test_case_key_1",
+                 test_case->ad_hoc_test_result().GetTestProperty(0).key());
+    EXPECT_STREQ("1",
+                 test_case->ad_hoc_test_result().GetTestProperty(0).value());
+  }
+};
+
+// Tests TestResult has the expected property when added.
+TEST_F(UnitTestRecordPropertyTest, OnePropertyFoundWhenAdded) {
+  UnitTestRecordProperty("key_1", "1");
+
+  ASSERT_EQ(1, unit_test_.ad_hoc_test_result().test_property_count());
+
+  EXPECT_STREQ("key_1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).key());
+  EXPECT_STREQ("1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).value());
+}
+
+// Tests TestResult has multiple properties when added.
+TEST_F(UnitTestRecordPropertyTest, MultiplePropertiesFoundWhenAdded) {
+  UnitTestRecordProperty("key_1", "1");
+  UnitTestRecordProperty("key_2", "2");
+
+  ASSERT_EQ(2, unit_test_.ad_hoc_test_result().test_property_count());
+
+  EXPECT_STREQ("key_1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).key());
+  EXPECT_STREQ("1", unit_test_.ad_hoc_test_result().GetTestProperty(0).value());
+
+  EXPECT_STREQ("key_2",
+               unit_test_.ad_hoc_test_result().GetTestProperty(1).key());
+  EXPECT_STREQ("2", unit_test_.ad_hoc_test_result().GetTestProperty(1).value());
+}
+
+// Tests TestResult::RecordProperty() overrides values for duplicate keys.
+TEST_F(UnitTestRecordPropertyTest, OverridesValuesForDuplicateKeys) {
+  UnitTestRecordProperty("key_1", "1");
+  UnitTestRecordProperty("key_2", "2");
+  UnitTestRecordProperty("key_1", "12");
+  UnitTestRecordProperty("key_2", "22");
+
+  ASSERT_EQ(2, unit_test_.ad_hoc_test_result().test_property_count());
+
+  EXPECT_STREQ("key_1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).key());
+  EXPECT_STREQ("12",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).value());
+
+  EXPECT_STREQ("key_2",
+               unit_test_.ad_hoc_test_result().GetTestProperty(1).key());
+  EXPECT_STREQ("22",
+               unit_test_.ad_hoc_test_result().GetTestProperty(1).value());
+}
+
+TEST_F(UnitTestRecordPropertyTest,
+       AddFailureInsideTestsWhenUsingTestCaseReservedKeys) {
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "name");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "value_param");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "type_param");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "status");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "time");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "classname");
+}
+
+TEST_F(UnitTestRecordPropertyTest,
+       AddRecordWithReservedKeysGeneratesCorrectPropertyList) {
+  EXPECT_NONFATAL_FAILURE(
+      Test::RecordProperty("name", "1"),
+      "'classname', 'name', 'status', 'time', 'type_param', and 'value_param'"
+      " are reserved");
+}
+
+class UnitTestRecordPropertyTestEnvironment : public Environment {
+ public:
+  virtual void TearDown() {
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "tests");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "failures");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "disabled");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "errors");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "name");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "timestamp");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "time");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "random_seed");
+  }
+};
+
+// This will test property recording outside of any test or test case.
+static Environment* record_property_env =
+    AddGlobalTestEnvironment(new UnitTestRecordPropertyTestEnvironment);
+
+// This group of tests is for predicate assertions (ASSERT_PRED*, etc)
+// of various arities.  They do not attempt to be exhaustive.  Rather,
+// view them as smoke tests that can be easily reviewed and verified.
+// A more complete set of tests for predicate assertions can be found
+// in gtest_pred_impl_unittest.cc.
+
+// First, some predicates and predicate-formatters needed by the tests.
+
+// Returns true iff the argument is an even number.
+bool IsEven(int n) {
+  return (n % 2) == 0;
+}
+
+// A functor that returns true iff the argument is an even number.
+struct IsEvenFunctor {
+  bool operator()(int n) { return IsEven(n); }
+};
+
+// A predicate-formatter function that asserts the argument is an even
+// number.
+AssertionResult AssertIsEven(const char* expr, int n) {
+  if (IsEven(n)) {
+    return AssertionSuccess();
+  }
+
+  Message msg;
+  msg << expr << " evaluates to " << n << ", which is not even.";
+  return AssertionFailure(msg);
+}
+
+// A predicate function that returns AssertionResult for use in
+// EXPECT/ASSERT_TRUE/FALSE.
+AssertionResult ResultIsEven(int n) {
+  if (IsEven(n))
+    return AssertionSuccess() << n << " is even";
+  else
+    return AssertionFailure() << n << " is odd";
+}
+
+// A predicate function that returns AssertionResult but gives no
+// explanation why it succeeds. Needed for testing that
+// EXPECT/ASSERT_FALSE handles such functions correctly.
+AssertionResult ResultIsEvenNoExplanation(int n) {
+  if (IsEven(n))
+    return AssertionSuccess();
+  else
+    return AssertionFailure() << n << " is odd";
+}
+
+// A predicate-formatter functor that asserts the argument is an even
+// number.
+struct AssertIsEvenFunctor {
+  AssertionResult operator()(const char* expr, int n) {
+    return AssertIsEven(expr, n);
+  }
+};
+
+// Returns true iff the sum of the arguments is an even number.
+bool SumIsEven2(int n1, int n2) {
+  return IsEven(n1 + n2);
+}
+
+// A functor that returns true iff the sum of the arguments is an even
+// number.
+struct SumIsEven3Functor {
+  bool operator()(int n1, int n2, int n3) {
+    return IsEven(n1 + n2 + n3);
+  }
+};
+
+// A predicate-formatter function that asserts the sum of the
+// arguments is an even number.
+AssertionResult AssertSumIsEven4(
+    const char* e1, const char* e2, const char* e3, const char* e4,
+    int n1, int n2, int n3, int n4) {
+  const int sum = n1 + n2 + n3 + n4;
+  if (IsEven(sum)) {
+    return AssertionSuccess();
+  }
+
+  Message msg;
+  msg << e1 << " + " << e2 << " + " << e3 << " + " << e4
+      << " (" << n1 << " + " << n2 << " + " << n3 << " + " << n4
+      << ") evaluates to " << sum << ", which is not even.";
+  return AssertionFailure(msg);
+}
+
+// A predicate-formatter functor that asserts the sum of the arguments
+// is an even number.
+struct AssertSumIsEven5Functor {
+  AssertionResult operator()(
+      const char* e1, const char* e2, const char* e3, const char* e4,
+      const char* e5, int n1, int n2, int n3, int n4, int n5) {
+    const int sum = n1 + n2 + n3 + n4 + n5;
+    if (IsEven(sum)) {
+      return AssertionSuccess();
+    }
+
+    Message msg;
+    msg << e1 << " + " << e2 << " + " << e3 << " + " << e4 << " + " << e5
+        << " ("
+        << n1 << " + " << n2 << " + " << n3 << " + " << n4 << " + " << n5
+        << ") evaluates to " << sum << ", which is not even.";
+    return AssertionFailure(msg);
+  }
+};
+
+
+// Tests unary predicate assertions.
+
+// Tests unary predicate assertions that don't use a custom formatter.
+TEST(Pred1Test, WithoutFormat) {
+  // Success cases.
+  EXPECT_PRED1(IsEvenFunctor(), 2) << "This failure is UNEXPECTED!";
+  ASSERT_PRED1(IsEven, 4);
+
+  // Failure cases.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(IsEven, 5) << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_FATAL_FAILURE(ASSERT_PRED1(IsEvenFunctor(), 5),
+                       "evaluates to false");
+}
+
+// Tests unary predicate assertions that use a custom formatter.
+TEST(Pred1Test, WithFormat) {
+  // Success cases.
+  EXPECT_PRED_FORMAT1(AssertIsEven, 2);
+  ASSERT_PRED_FORMAT1(AssertIsEvenFunctor(), 4)
+    << "This failure is UNEXPECTED!";
+
+  // Failure cases.
+  const int n = 5;
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED_FORMAT1(AssertIsEvenFunctor(), n),
+                          "n evaluates to 5, which is not even.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(AssertIsEven, 5) << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+// Tests that unary predicate assertions evaluates their arguments
+// exactly once.
+TEST(Pred1Test, SingleEvaluationOnFailure) {
+  // A success case.
+  static int n = 0;
+  EXPECT_PRED1(IsEven, n++);
+  EXPECT_EQ(1, n) << "The argument is not evaluated exactly once.";
+
+  // A failure case.
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(AssertIsEvenFunctor(), n++)
+        << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_EQ(2, n) << "The argument is not evaluated exactly once.";
+}
+
+
+// Tests predicate assertions whose arity is >= 2.
+
+// Tests predicate assertions that don't use a custom formatter.
+TEST(PredTest, WithoutFormat) {
+  // Success cases.
+  ASSERT_PRED2(SumIsEven2, 2, 4) << "This failure is UNEXPECTED!";
+  EXPECT_PRED3(SumIsEven3Functor(), 4, 6, 8);
+
+  // Failure cases.
+  const int n1 = 1;
+  const int n2 = 2;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(SumIsEven2, n1, n2) << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(SumIsEven3Functor(), 1, 2, 4);
+  }, "evaluates to false");
+}
+
+// Tests predicate assertions that use a custom formatter.
+TEST(PredTest, WithFormat) {
+  // Success cases.
+  ASSERT_PRED_FORMAT4(AssertSumIsEven4, 4, 6, 8, 10) <<
+    "This failure is UNEXPECTED!";
+  EXPECT_PRED_FORMAT5(AssertSumIsEven5Functor(), 2, 4, 6, 8, 10);
+
+  // Failure cases.
+  const int n1 = 1;
+  const int n2 = 2;
+  const int n3 = 4;
+  const int n4 = 6;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(AssertSumIsEven4, n1, n2, n3, n4);
+  }, "evaluates to 13, which is not even.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(AssertSumIsEven5Functor(), 1, 2, 4, 6, 8)
+        << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+// Tests that predicate assertions evaluates their arguments
+// exactly once.
+TEST(PredTest, SingleEvaluationOnFailure) {
+  // A success case.
+  int n1 = 0;
+  int n2 = 0;
+  EXPECT_PRED2(SumIsEven2, n1++, n2++);
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+
+  // Another success case.
+  n1 = n2 = 0;
+  int n3 = 0;
+  int n4 = 0;
+  int n5 = 0;
+  ASSERT_PRED_FORMAT5(AssertSumIsEven5Functor(),
+                      n1++, n2++, n3++, n4++, n5++)
+                        << "This failure is UNEXPECTED!";
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+  EXPECT_EQ(1, n3) << "Argument 3 is not evaluated exactly once.";
+  EXPECT_EQ(1, n4) << "Argument 4 is not evaluated exactly once.";
+  EXPECT_EQ(1, n5) << "Argument 5 is not evaluated exactly once.";
+
+  // A failure case.
+  n1 = n2 = n3 = 0;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(SumIsEven3Functor(), ++n1, n2++, n3++)
+        << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+  EXPECT_EQ(1, n3) << "Argument 3 is not evaluated exactly once.";
+
+  // Another failure case.
+  n1 = n2 = n3 = n4 = 0;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(AssertSumIsEven4, ++n1, n2++, n3++, n4++);
+  }, "evaluates to 1, which is not even.");
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+  EXPECT_EQ(1, n3) << "Argument 3 is not evaluated exactly once.";
+  EXPECT_EQ(1, n4) << "Argument 4 is not evaluated exactly once.";
+}
+
+
+// Some helper functions for testing using overloaded/template
+// functions with ASSERT_PREDn and EXPECT_PREDn.
+
+bool IsPositive(double x) {
+  return x > 0;
+}
+
+template <typename T>
+bool IsNegative(T x) {
+  return x < 0;
+}
+
+template <typename T1, typename T2>
+bool GreaterThan(T1 x1, T2 x2) {
+  return x1 > x2;
+}
+
+// Tests that overloaded functions can be used in *_PRED* as long as
+// their types are explicitly specified.
+TEST(PredicateAssertionTest, AcceptsOverloadedFunction) {
+  // C++Builder requires C-style casts rather than static_cast.
+  EXPECT_PRED1((bool (*)(int))(IsPositive), 5);  // NOLINT
+  ASSERT_PRED1((bool (*)(double))(IsPositive), 6.0);  // NOLINT
+}
+
+// Tests that template functions can be used in *_PRED* as long as
+// their types are explicitly specified.
+TEST(PredicateAssertionTest, AcceptsTemplateFunction) {
+  EXPECT_PRED1(IsNegative<int>, -5);
+  // Makes sure that we can handle templates with more than one
+  // parameter.
+  ASSERT_PRED2((GreaterThan<int, int>), 5, 0);
+}
+
+
+// Some helper functions for testing using overloaded/template
+// functions with ASSERT_PRED_FORMATn and EXPECT_PRED_FORMATn.
+
+AssertionResult IsPositiveFormat(const char* /* expr */, int n) {
+  return n > 0 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+AssertionResult IsPositiveFormat(const char* /* expr */, double x) {
+  return x > 0 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+template <typename T>
+AssertionResult IsNegativeFormat(const char* /* expr */, T x) {
+  return x < 0 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+template <typename T1, typename T2>
+AssertionResult EqualsFormat(const char* /* expr1 */, const char* /* expr2 */,
+                             const T1& x1, const T2& x2) {
+  return x1 == x2 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+// Tests that overloaded functions can be used in *_PRED_FORMAT*
+// without explicitly specifying their types.
+TEST(PredicateFormatAssertionTest, AcceptsOverloadedFunction) {
+  EXPECT_PRED_FORMAT1(IsPositiveFormat, 5);
+  ASSERT_PRED_FORMAT1(IsPositiveFormat, 6.0);
+}
+
+// Tests that template functions can be used in *_PRED_FORMAT* without
+// explicitly specifying their types.
+TEST(PredicateFormatAssertionTest, AcceptsTemplateFunction) {
+  EXPECT_PRED_FORMAT1(IsNegativeFormat, -5);
+  ASSERT_PRED_FORMAT2(EqualsFormat, 3, 3);
+}
+
+
+// Tests string assertions.
+
+// Tests ASSERT_STREQ with non-NULL arguments.
+TEST(StringAssertionTest, ASSERT_STREQ) {
+  const char * const p1 = "good";
+  ASSERT_STREQ(p1, p1);
+
+  // Let p2 have the same content as p1, but be at a different address.
+  const char p2[] = "good";
+  ASSERT_STREQ(p1, p2);
+
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ("bad", "good"),
+                       "Expected: \"bad\"");
+}
+
+// Tests ASSERT_STREQ with NULL arguments.
+TEST(StringAssertionTest, ASSERT_STREQ_Null) {
+  ASSERT_STREQ(static_cast<const char *>(NULL), NULL);
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ(NULL, "non-null"),
+                       "non-null");
+}
+
+// Tests ASSERT_STREQ with NULL arguments.
+TEST(StringAssertionTest, ASSERT_STREQ_Null2) {
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ("non-null", NULL),
+                       "non-null");
+}
+
+// Tests ASSERT_STRNE.
+TEST(StringAssertionTest, ASSERT_STRNE) {
+  ASSERT_STRNE("hi", "Hi");
+  ASSERT_STRNE("Hi", NULL);
+  ASSERT_STRNE(NULL, "Hi");
+  ASSERT_STRNE("", NULL);
+  ASSERT_STRNE(NULL, "");
+  ASSERT_STRNE("", "Hi");
+  ASSERT_STRNE("Hi", "");
+  EXPECT_FATAL_FAILURE(ASSERT_STRNE("Hi", "Hi"),
+                       "\"Hi\" vs \"Hi\"");
+}
+
+// Tests ASSERT_STRCASEEQ.
+TEST(StringAssertionTest, ASSERT_STRCASEEQ) {
+  ASSERT_STRCASEEQ("hi", "Hi");
+  ASSERT_STRCASEEQ(static_cast<const char *>(NULL), NULL);
+
+  ASSERT_STRCASEEQ("", "");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASEEQ("Hi", "hi2"),
+                       "(ignoring case)");
+}
+
+// Tests ASSERT_STRCASENE.
+TEST(StringAssertionTest, ASSERT_STRCASENE) {
+  ASSERT_STRCASENE("hi1", "Hi2");
+  ASSERT_STRCASENE("Hi", NULL);
+  ASSERT_STRCASENE(NULL, "Hi");
+  ASSERT_STRCASENE("", NULL);
+  ASSERT_STRCASENE(NULL, "");
+  ASSERT_STRCASENE("", "Hi");
+  ASSERT_STRCASENE("Hi", "");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASENE("Hi", "hi"),
+                       "(ignoring case)");
+}
+
+// Tests *_STREQ on wide strings.
+TEST(StringAssertionTest, STREQ_Wide) {
+  // NULL strings.
+  ASSERT_STREQ(static_cast<const wchar_t *>(NULL), NULL);
+
+  // Empty strings.
+  ASSERT_STREQ(L"", L"");
+
+  // Non-null vs NULL.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ(L"non-null", NULL),
+                          "non-null");
+
+  // Equal strings.
+  EXPECT_STREQ(L"Hi", L"Hi");
+
+  // Unequal strings.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ(L"abc", L"Abc"),
+                          "Abc");
+
+  // Strings containing wide characters.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ(L"abc\x8119", L"abc\x8120"),
+                          "abc");
+
+  // The streaming variation.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_STREQ(L"abc\x8119", L"abc\x8121") << "Expected failure";
+  }, "Expected failure");
+}
+
+// Tests *_STRNE on wide strings.
+TEST(StringAssertionTest, STRNE_Wide) {
+  // NULL strings.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_STRNE(static_cast<const wchar_t *>(NULL), NULL);
+  }, "");
+
+  // Empty strings.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE(L"", L""),
+                          "L\"\"");
+
+  // Non-null vs NULL.
+  ASSERT_STRNE(L"non-null", NULL);
+
+  // Equal strings.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE(L"Hi", L"Hi"),
+                          "L\"Hi\"");
+
+  // Unequal strings.
+  EXPECT_STRNE(L"abc", L"Abc");
+
+  // Strings containing wide characters.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE(L"abc\x8119", L"abc\x8119"),
+                          "abc");
+
+  // The streaming variation.
+  ASSERT_STRNE(L"abc\x8119", L"abc\x8120") << "This shouldn't happen";
+}
+
+// Tests for ::testing::IsSubstring().
+
+// Tests that IsSubstring() returns the correct result when the input
+// argument type is const char*.
+TEST(IsSubstringTest, ReturnsCorrectResultForCString) {
+  EXPECT_FALSE(IsSubstring("", "", NULL, "a"));
+  EXPECT_FALSE(IsSubstring("", "", "b", NULL));
+  EXPECT_FALSE(IsSubstring("", "", "needle", "haystack"));
+
+  EXPECT_TRUE(IsSubstring("", "", static_cast<const char*>(NULL), NULL));
+  EXPECT_TRUE(IsSubstring("", "", "needle", "two needles"));
+}
+
+// Tests that IsSubstring() returns the correct result when the input
+// argument type is const wchar_t*.
+TEST(IsSubstringTest, ReturnsCorrectResultForWideCString) {
+  EXPECT_FALSE(IsSubstring("", "", kNull, L"a"));
+  EXPECT_FALSE(IsSubstring("", "", L"b", kNull));
+  EXPECT_FALSE(IsSubstring("", "", L"needle", L"haystack"));
+
+  EXPECT_TRUE(IsSubstring("", "", static_cast<const wchar_t*>(NULL), NULL));
+  EXPECT_TRUE(IsSubstring("", "", L"needle", L"two needles"));
+}
+
+// Tests that IsSubstring() generates the correct message when the input
+// argument type is const char*.
+TEST(IsSubstringTest, GeneratesCorrectMessageForCString) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: \"needle\"\n"
+               "Expected: a substring of haystack_expr\n"
+               "Which is: \"haystack\"",
+               IsSubstring("needle_expr", "haystack_expr",
+                           "needle", "haystack").failure_message());
+}
+
+// Tests that IsSubstring returns the correct result when the input
+// argument type is ::std::string.
+TEST(IsSubstringTest, ReturnsCorrectResultsForStdString) {
+  EXPECT_TRUE(IsSubstring("", "", std::string("hello"), "ahellob"));
+  EXPECT_FALSE(IsSubstring("", "", "hello", std::string("world")));
+}
+
+#if GTEST_HAS_STD_WSTRING
+// Tests that IsSubstring returns the correct result when the input
+// argument type is ::std::wstring.
+TEST(IsSubstringTest, ReturnsCorrectResultForStdWstring) {
+  EXPECT_TRUE(IsSubstring("", "", ::std::wstring(L"needle"), L"two needles"));
+  EXPECT_FALSE(IsSubstring("", "", L"needle", ::std::wstring(L"haystack")));
+}
+
+// Tests that IsSubstring() generates the correct message when the input
+// argument type is ::std::wstring.
+TEST(IsSubstringTest, GeneratesCorrectMessageForWstring) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: L\"needle\"\n"
+               "Expected: a substring of haystack_expr\n"
+               "Which is: L\"haystack\"",
+               IsSubstring(
+                   "needle_expr", "haystack_expr",
+                   ::std::wstring(L"needle"), L"haystack").failure_message());
+}
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+// Tests for ::testing::IsNotSubstring().
+
+// Tests that IsNotSubstring() returns the correct result when the input
+// argument type is const char*.
+TEST(IsNotSubstringTest, ReturnsCorrectResultForCString) {
+  EXPECT_TRUE(IsNotSubstring("", "", "needle", "haystack"));
+  EXPECT_FALSE(IsNotSubstring("", "", "needle", "two needles"));
+}
+
+// Tests that IsNotSubstring() returns the correct result when the input
+// argument type is const wchar_t*.
+TEST(IsNotSubstringTest, ReturnsCorrectResultForWideCString) {
+  EXPECT_TRUE(IsNotSubstring("", "", L"needle", L"haystack"));
+  EXPECT_FALSE(IsNotSubstring("", "", L"needle", L"two needles"));
+}
+
+// Tests that IsNotSubstring() generates the correct message when the input
+// argument type is const wchar_t*.
+TEST(IsNotSubstringTest, GeneratesCorrectMessageForWideCString) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: L\"needle\"\n"
+               "Expected: not a substring of haystack_expr\n"
+               "Which is: L\"two needles\"",
+               IsNotSubstring(
+                   "needle_expr", "haystack_expr",
+                   L"needle", L"two needles").failure_message());
+}
+
+// Tests that IsNotSubstring returns the correct result when the input
+// argument type is ::std::string.
+TEST(IsNotSubstringTest, ReturnsCorrectResultsForStdString) {
+  EXPECT_FALSE(IsNotSubstring("", "", std::string("hello"), "ahellob"));
+  EXPECT_TRUE(IsNotSubstring("", "", "hello", std::string("world")));
+}
+
+// Tests that IsNotSubstring() generates the correct message when the input
+// argument type is ::std::string.
+TEST(IsNotSubstringTest, GeneratesCorrectMessageForStdString) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: \"needle\"\n"
+               "Expected: not a substring of haystack_expr\n"
+               "Which is: \"two needles\"",
+               IsNotSubstring(
+                   "needle_expr", "haystack_expr",
+                   ::std::string("needle"), "two needles").failure_message());
+}
+
+#if GTEST_HAS_STD_WSTRING
+
+// Tests that IsNotSubstring returns the correct result when the input
+// argument type is ::std::wstring.
+TEST(IsNotSubstringTest, ReturnsCorrectResultForStdWstring) {
+  EXPECT_FALSE(
+      IsNotSubstring("", "", ::std::wstring(L"needle"), L"two needles"));
+  EXPECT_TRUE(IsNotSubstring("", "", L"needle", ::std::wstring(L"haystack")));
+}
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+// Tests floating-point assertions.
+
+template <typename RawType>
+class FloatingPointTest : public Test {
+ protected:
+  // Pre-calculated numbers to be used by the tests.
+  struct TestValues {
+    RawType close_to_positive_zero;
+    RawType close_to_negative_zero;
+    RawType further_from_negative_zero;
+
+    RawType close_to_one;
+    RawType further_from_one;
+
+    RawType infinity;
+    RawType close_to_infinity;
+    RawType further_from_infinity;
+
+    RawType nan1;
+    RawType nan2;
+  };
+
+  typedef typename testing::internal::FloatingPoint<RawType> Floating;
+  typedef typename Floating::Bits Bits;
+
+  virtual void SetUp() {
+    const size_t max_ulps = Floating::kMaxUlps;
+
+    // The bits that represent 0.0.
+    const Bits zero_bits = Floating(0).bits();
+
+    // Makes some numbers close to 0.0.
+    values_.close_to_positive_zero = Floating::ReinterpretBits(
+        zero_bits + max_ulps/2);
+    values_.close_to_negative_zero = -Floating::ReinterpretBits(
+        zero_bits + max_ulps - max_ulps/2);
+    values_.further_from_negative_zero = -Floating::ReinterpretBits(
+        zero_bits + max_ulps + 1 - max_ulps/2);
+
+    // The bits that represent 1.0.
+    const Bits one_bits = Floating(1).bits();
+
+    // Makes some numbers close to 1.0.
+    values_.close_to_one = Floating::ReinterpretBits(one_bits + max_ulps);
+    values_.further_from_one = Floating::ReinterpretBits(
+        one_bits + max_ulps + 1);
+
+    // +infinity.
+    values_.infinity = Floating::Infinity();
+
+    // The bits that represent +infinity.
+    const Bits infinity_bits = Floating(values_.infinity).bits();
+
+    // Makes some numbers close to infinity.
+    values_.close_to_infinity = Floating::ReinterpretBits(
+        infinity_bits - max_ulps);
+    values_.further_from_infinity = Floating::ReinterpretBits(
+        infinity_bits - max_ulps - 1);
+
+    // Makes some NAN's.  Sets the most significant bit of the fraction so that
+    // our NaN's are quiet; trying to process a signaling NaN would raise an
+    // exception if our environment enables floating point exceptions.
+    values_.nan1 = Floating::ReinterpretBits(Floating::kExponentBitMask
+        | (static_cast<Bits>(1) << (Floating::kFractionBitCount - 1)) | 1);
+    values_.nan2 = Floating::ReinterpretBits(Floating::kExponentBitMask
+        | (static_cast<Bits>(1) << (Floating::kFractionBitCount - 1)) | 200);
+  }
+
+  void TestSize() {
+    EXPECT_EQ(sizeof(RawType), sizeof(Bits));
+  }
+
+  static TestValues values_;
+};
+
+template <typename RawType>
+typename FloatingPointTest<RawType>::TestValues
+    FloatingPointTest<RawType>::values_;
+
+// Instantiates FloatingPointTest for testing *_FLOAT_EQ.
+typedef FloatingPointTest<float> FloatTest;
+
+// Tests that the size of Float::Bits matches the size of float.
+TEST_F(FloatTest, Size) {
+  TestSize();
+}
+
+// Tests comparing with +0 and -0.
+TEST_F(FloatTest, Zeros) {
+  EXPECT_FLOAT_EQ(0.0, -0.0);
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(-0.0, 1.0),
+                          "1.0");
+  EXPECT_FATAL_FAILURE(ASSERT_FLOAT_EQ(0.0, 1.5),
+                       "1.5");
+}
+
+// Tests comparing numbers close to 0.
+//
+// This ensures that *_FLOAT_EQ handles the sign correctly and no
+// overflow occurs when comparing numbers whose absolute value is very
+// small.
+TEST_F(FloatTest, AlmostZeros) {
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const FloatTest::TestValues& v = this->values_;
+
+  EXPECT_FLOAT_EQ(0.0, v.close_to_positive_zero);
+  EXPECT_FLOAT_EQ(-0.0, v.close_to_negative_zero);
+  EXPECT_FLOAT_EQ(v.close_to_positive_zero, v.close_to_negative_zero);
+
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_FLOAT_EQ(v.close_to_positive_zero,
+                    v.further_from_negative_zero);
+  }, "v.further_from_negative_zero");
+}
+
+// Tests comparing numbers close to each other.
+TEST_F(FloatTest, SmallDiff) {
+  EXPECT_FLOAT_EQ(1.0, values_.close_to_one);
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(1.0, values_.further_from_one),
+                          "values_.further_from_one");
+}
+
+// Tests comparing numbers far apart.
+TEST_F(FloatTest, LargeDiff) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(2.5, 3.0),
+                          "3.0");
+}
+
+// Tests comparing with infinity.
+//
+// This ensures that no overflow occurs when comparing numbers whose
+// absolute value is very large.
+TEST_F(FloatTest, Infinity) {
+  EXPECT_FLOAT_EQ(values_.infinity, values_.close_to_infinity);
+  EXPECT_FLOAT_EQ(-values_.infinity, -values_.close_to_infinity);
+#if !GTEST_OS_SYMBIAN
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(values_.infinity, -values_.infinity),
+                          "-values_.infinity");
+
+  // This is interesting as the representations of infinity and nan1
+  // are only 1 DLP apart.
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(values_.infinity, values_.nan1),
+                          "values_.nan1");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that comparing with NAN always returns false.
+TEST_F(FloatTest, NaN) {
+#if !GTEST_OS_SYMBIAN
+// Nokia's STLport crashes if we try to output infinity or NaN.
+
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const FloatTest::TestValues& v = this->values_;
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(v.nan1, v.nan1),
+                          "v.nan1");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(v.nan1, v.nan2),
+                          "v.nan2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(1.0, v.nan1),
+                          "v.nan1");
+
+  EXPECT_FATAL_FAILURE(ASSERT_FLOAT_EQ(v.nan1, v.infinity),
+                       "v.infinity");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that *_FLOAT_EQ are reflexive.
+TEST_F(FloatTest, Reflexive) {
+  EXPECT_FLOAT_EQ(0.0, 0.0);
+  EXPECT_FLOAT_EQ(1.0, 1.0);
+  ASSERT_FLOAT_EQ(values_.infinity, values_.infinity);
+}
+
+// Tests that *_FLOAT_EQ are commutative.
+TEST_F(FloatTest, Commutative) {
+  // We already tested EXPECT_FLOAT_EQ(1.0, values_.close_to_one).
+  EXPECT_FLOAT_EQ(values_.close_to_one, 1.0);
+
+  // We already tested EXPECT_FLOAT_EQ(1.0, values_.further_from_one).
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(values_.further_from_one, 1.0),
+                          "1.0");
+}
+
+// Tests EXPECT_NEAR.
+TEST_F(FloatTest, EXPECT_NEAR) {
+  EXPECT_NEAR(-1.0f, -1.1f, 0.2f);
+  EXPECT_NEAR(2.0f, 3.0f, 1.0f);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NEAR(1.0f,1.5f, 0.25f),  // NOLINT
+                          "The difference between 1.0f and 1.5f is 0.5, "
+                          "which exceeds 0.25f");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous line.
+}
+
+// Tests ASSERT_NEAR.
+TEST_F(FloatTest, ASSERT_NEAR) {
+  ASSERT_NEAR(-1.0f, -1.1f, 0.2f);
+  ASSERT_NEAR(2.0f, 3.0f, 1.0f);
+  EXPECT_FATAL_FAILURE(ASSERT_NEAR(1.0f,1.5f, 0.25f),  // NOLINT
+                       "The difference between 1.0f and 1.5f is 0.5, "
+                       "which exceeds 0.25f");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous line.
+}
+
+// Tests the cases where FloatLE() should succeed.
+TEST_F(FloatTest, FloatLESucceeds) {
+  EXPECT_PRED_FORMAT2(FloatLE, 1.0f, 2.0f);  // When val1 < val2,
+  ASSERT_PRED_FORMAT2(FloatLE, 1.0f, 1.0f);  // val1 == val2,
+
+  // or when val1 is greater than, but almost equals to, val2.
+  EXPECT_PRED_FORMAT2(FloatLE, values_.close_to_positive_zero, 0.0f);
+}
+
+// Tests the cases where FloatLE() should fail.
+TEST_F(FloatTest, FloatLEFails) {
+  // When val1 is greater than val2 by a large margin,
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED_FORMAT2(FloatLE, 2.0f, 1.0f),
+                          "(2.0f) <= (1.0f)");
+
+  // or by a small yet non-negligible margin,
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(FloatLE, values_.further_from_one, 1.0f);
+  }, "(values_.further_from_one) <= (1.0f)");
+
+#if !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  // C++Builder gives bad results for ordered comparisons involving NaNs
+  // due to compiler bugs.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(FloatLE, values_.nan1, values_.infinity);
+  }, "(values_.nan1) <= (values_.infinity)");
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(FloatLE, -values_.infinity, values_.nan1);
+  }, "(-values_.infinity) <= (values_.nan1)");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(FloatLE, values_.nan1, values_.nan1);
+  }, "(values_.nan1) <= (values_.nan1)");
+#endif  // !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+}
+
+// Instantiates FloatingPointTest for testing *_DOUBLE_EQ.
+typedef FloatingPointTest<double> DoubleTest;
+
+// Tests that the size of Double::Bits matches the size of double.
+TEST_F(DoubleTest, Size) {
+  TestSize();
+}
+
+// Tests comparing with +0 and -0.
+TEST_F(DoubleTest, Zeros) {
+  EXPECT_DOUBLE_EQ(0.0, -0.0);
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(-0.0, 1.0),
+                          "1.0");
+  EXPECT_FATAL_FAILURE(ASSERT_DOUBLE_EQ(0.0, 1.0),
+                       "1.0");
+}
+
+// Tests comparing numbers close to 0.
+//
+// This ensures that *_DOUBLE_EQ handles the sign correctly and no
+// overflow occurs when comparing numbers whose absolute value is very
+// small.
+TEST_F(DoubleTest, AlmostZeros) {
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const DoubleTest::TestValues& v = this->values_;
+
+  EXPECT_DOUBLE_EQ(0.0, v.close_to_positive_zero);
+  EXPECT_DOUBLE_EQ(-0.0, v.close_to_negative_zero);
+  EXPECT_DOUBLE_EQ(v.close_to_positive_zero, v.close_to_negative_zero);
+
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_DOUBLE_EQ(v.close_to_positive_zero,
+                     v.further_from_negative_zero);
+  }, "v.further_from_negative_zero");
+}
+
+// Tests comparing numbers close to each other.
+TEST_F(DoubleTest, SmallDiff) {
+  EXPECT_DOUBLE_EQ(1.0, values_.close_to_one);
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(1.0, values_.further_from_one),
+                          "values_.further_from_one");
+}
+
+// Tests comparing numbers far apart.
+TEST_F(DoubleTest, LargeDiff) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(2.0, 3.0),
+                          "3.0");
+}
+
+// Tests comparing with infinity.
+//
+// This ensures that no overflow occurs when comparing numbers whose
+// absolute value is very large.
+TEST_F(DoubleTest, Infinity) {
+  EXPECT_DOUBLE_EQ(values_.infinity, values_.close_to_infinity);
+  EXPECT_DOUBLE_EQ(-values_.infinity, -values_.close_to_infinity);
+#if !GTEST_OS_SYMBIAN
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(values_.infinity, -values_.infinity),
+                          "-values_.infinity");
+
+  // This is interesting as the representations of infinity_ and nan1_
+  // are only 1 DLP apart.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(values_.infinity, values_.nan1),
+                          "values_.nan1");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that comparing with NAN always returns false.
+TEST_F(DoubleTest, NaN) {
+#if !GTEST_OS_SYMBIAN
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const DoubleTest::TestValues& v = this->values_;
+
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(v.nan1, v.nan1),
+                          "v.nan1");
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(v.nan1, v.nan2), "v.nan2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(1.0, v.nan1), "v.nan1");
+  EXPECT_FATAL_FAILURE(ASSERT_DOUBLE_EQ(v.nan1, v.infinity),
+                       "v.infinity");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that *_DOUBLE_EQ are reflexive.
+TEST_F(DoubleTest, Reflexive) {
+  EXPECT_DOUBLE_EQ(0.0, 0.0);
+  EXPECT_DOUBLE_EQ(1.0, 1.0);
+#if !GTEST_OS_SYMBIAN
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  ASSERT_DOUBLE_EQ(values_.infinity, values_.infinity);
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that *_DOUBLE_EQ are commutative.
+TEST_F(DoubleTest, Commutative) {
+  // We already tested EXPECT_DOUBLE_EQ(1.0, values_.close_to_one).
+  EXPECT_DOUBLE_EQ(values_.close_to_one, 1.0);
+
+  // We already tested EXPECT_DOUBLE_EQ(1.0, values_.further_from_one).
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(values_.further_from_one, 1.0),
+                          "1.0");
+}
+
+// Tests EXPECT_NEAR.
+TEST_F(DoubleTest, EXPECT_NEAR) {
+  EXPECT_NEAR(-1.0, -1.1, 0.2);
+  EXPECT_NEAR(2.0, 3.0, 1.0);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NEAR(1.0, 1.5, 0.25),  // NOLINT
+                          "The difference between 1.0 and 1.5 is 0.5, "
+                          "which exceeds 0.25");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous statement.
+}
+
+// Tests ASSERT_NEAR.
+TEST_F(DoubleTest, ASSERT_NEAR) {
+  ASSERT_NEAR(-1.0, -1.1, 0.2);
+  ASSERT_NEAR(2.0, 3.0, 1.0);
+  EXPECT_FATAL_FAILURE(ASSERT_NEAR(1.0, 1.5, 0.25),  // NOLINT
+                       "The difference between 1.0 and 1.5 is 0.5, "
+                       "which exceeds 0.25");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous statement.
+}
+
+// Tests the cases where DoubleLE() should succeed.
+TEST_F(DoubleTest, DoubleLESucceeds) {
+  EXPECT_PRED_FORMAT2(DoubleLE, 1.0, 2.0);  // When val1 < val2,
+  ASSERT_PRED_FORMAT2(DoubleLE, 1.0, 1.0);  // val1 == val2,
+
+  // or when val1 is greater than, but almost equals to, val2.
+  EXPECT_PRED_FORMAT2(DoubleLE, values_.close_to_positive_zero, 0.0);
+}
+
+// Tests the cases where DoubleLE() should fail.
+TEST_F(DoubleTest, DoubleLEFails) {
+  // When val1 is greater than val2 by a large margin,
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED_FORMAT2(DoubleLE, 2.0, 1.0),
+                          "(2.0) <= (1.0)");
+
+  // or by a small yet non-negligible margin,
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(DoubleLE, values_.further_from_one, 1.0);
+  }, "(values_.further_from_one) <= (1.0)");
+
+#if !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  // C++Builder gives bad results for ordered comparisons involving NaNs
+  // due to compiler bugs.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(DoubleLE, values_.nan1, values_.infinity);
+  }, "(values_.nan1) <= (values_.infinity)");
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(DoubleLE, -values_.infinity, values_.nan1);
+  }, " (-values_.infinity) <= (values_.nan1)");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(DoubleLE, values_.nan1, values_.nan1);
+  }, "(values_.nan1) <= (values_.nan1)");
+#endif  // !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+}
+
+
+// Verifies that a test or test case whose name starts with DISABLED_ is
+// not run.
+
+// A test whose name starts with DISABLED_.
+// Should not run.
+TEST(DisabledTest, DISABLED_TestShouldNotRun) {
+  FAIL() << "Unexpected failure: Disabled test should not be run.";
+}
+
+// A test whose name does not start with DISABLED_.
+// Should run.
+TEST(DisabledTest, NotDISABLED_TestShouldRun) {
+  EXPECT_EQ(1, 1);
+}
+
+// A test case whose name starts with DISABLED_.
+// Should not run.
+TEST(DISABLED_TestCase, TestShouldNotRun) {
+  FAIL() << "Unexpected failure: Test in disabled test case should not be run.";
+}
+
+// A test case and test whose names start with DISABLED_.
+// Should not run.
+TEST(DISABLED_TestCase, DISABLED_TestShouldNotRun) {
+  FAIL() << "Unexpected failure: Test in disabled test case should not be run.";
+}
+
+// Check that when all tests in a test case are disabled, SetupTestCase() and
+// TearDownTestCase() are not called.
+class DisabledTestsTest : public Test {
+ protected:
+  static void SetUpTestCase() {
+    FAIL() << "Unexpected failure: All tests disabled in test case. "
+              "SetupTestCase() should not be called.";
+  }
+
+  static void TearDownTestCase() {
+    FAIL() << "Unexpected failure: All tests disabled in test case. "
+              "TearDownTestCase() should not be called.";
+  }
+};
+
+TEST_F(DisabledTestsTest, DISABLED_TestShouldNotRun_1) {
+  FAIL() << "Unexpected failure: Disabled test should not be run.";
+}
+
+TEST_F(DisabledTestsTest, DISABLED_TestShouldNotRun_2) {
+  FAIL() << "Unexpected failure: Disabled test should not be run.";
+}
+
+// Tests that disabled typed tests aren't run.
+
+#if GTEST_HAS_TYPED_TEST
+
+template <typename T>
+class TypedTest : public Test {
+};
+
+typedef testing::Types<int, double> NumericTypes;
+TYPED_TEST_CASE(TypedTest, NumericTypes);
+
+TYPED_TEST(TypedTest, DISABLED_ShouldNotRun) {
+  FAIL() << "Unexpected failure: Disabled typed test should not run.";
+}
+
+template <typename T>
+class DISABLED_TypedTest : public Test {
+};
+
+TYPED_TEST_CASE(DISABLED_TypedTest, NumericTypes);
+
+TYPED_TEST(DISABLED_TypedTest, ShouldNotRun) {
+  FAIL() << "Unexpected failure: Disabled typed test should not run.";
+}
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// Tests that disabled type-parameterized tests aren't run.
+
+#if GTEST_HAS_TYPED_TEST_P
+
+template <typename T>
+class TypedTestP : public Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP);
+
+TYPED_TEST_P(TypedTestP, DISABLED_ShouldNotRun) {
+  FAIL() << "Unexpected failure: "
+         << "Disabled type-parameterized test should not run.";
+}
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP, DISABLED_ShouldNotRun);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, TypedTestP, NumericTypes);
+
+template <typename T>
+class DISABLED_TypedTestP : public Test {
+};
+
+TYPED_TEST_CASE_P(DISABLED_TypedTestP);
+
+TYPED_TEST_P(DISABLED_TypedTestP, ShouldNotRun) {
+  FAIL() << "Unexpected failure: "
+         << "Disabled type-parameterized test should not run.";
+}
+
+REGISTER_TYPED_TEST_CASE_P(DISABLED_TypedTestP, ShouldNotRun);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, DISABLED_TypedTestP, NumericTypes);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+// Tests that assertion macros evaluate their arguments exactly once.
+
+class SingleEvaluationTest : public Test {
+ public:  // Must be public and not protected due to a bug in g++ 3.4.2.
+  // This helper function is needed by the FailedASSERT_STREQ test
+  // below.  It's public to work around C++Builder's bug with scoping local
+  // classes.
+  static void CompareAndIncrementCharPtrs() {
+    ASSERT_STREQ(p1_++, p2_++);
+  }
+
+  // This helper function is needed by the FailedASSERT_NE test below.  It's
+  // public to work around C++Builder's bug with scoping local classes.
+  static void CompareAndIncrementInts() {
+    ASSERT_NE(a_++, b_++);
+  }
+
+ protected:
+  SingleEvaluationTest() {
+    p1_ = s1_;
+    p2_ = s2_;
+    a_ = 0;
+    b_ = 0;
+  }
+
+  static const char* const s1_;
+  static const char* const s2_;
+  static const char* p1_;
+  static const char* p2_;
+
+  static int a_;
+  static int b_;
+};
+
+const char* const SingleEvaluationTest::s1_ = "01234";
+const char* const SingleEvaluationTest::s2_ = "abcde";
+const char* SingleEvaluationTest::p1_;
+const char* SingleEvaluationTest::p2_;
+int SingleEvaluationTest::a_;
+int SingleEvaluationTest::b_;
+
+// Tests that when ASSERT_STREQ fails, it evaluates its arguments
+// exactly once.
+TEST_F(SingleEvaluationTest, FailedASSERT_STREQ) {
+  EXPECT_FATAL_FAILURE(SingleEvaluationTest::CompareAndIncrementCharPtrs(),
+                       "p2_++");
+  EXPECT_EQ(s1_ + 1, p1_);
+  EXPECT_EQ(s2_ + 1, p2_);
+}
+
+// Tests that string assertion arguments are evaluated exactly once.
+TEST_F(SingleEvaluationTest, ASSERT_STR) {
+  // successful EXPECT_STRNE
+  EXPECT_STRNE(p1_++, p2_++);
+  EXPECT_EQ(s1_ + 1, p1_);
+  EXPECT_EQ(s2_ + 1, p2_);
+
+  // failed EXPECT_STRCASEEQ
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASEEQ(p1_++, p2_++),
+                          "ignoring case");
+  EXPECT_EQ(s1_ + 2, p1_);
+  EXPECT_EQ(s2_ + 2, p2_);
+}
+
+// Tests that when ASSERT_NE fails, it evaluates its arguments exactly
+// once.
+TEST_F(SingleEvaluationTest, FailedASSERT_NE) {
+  EXPECT_FATAL_FAILURE(SingleEvaluationTest::CompareAndIncrementInts(),
+                       "(a_++) != (b_++)");
+  EXPECT_EQ(1, a_);
+  EXPECT_EQ(1, b_);
+}
+
+// Tests that assertion arguments are evaluated exactly once.
+TEST_F(SingleEvaluationTest, OtherCases) {
+  // successful EXPECT_TRUE
+  EXPECT_TRUE(0 == a_++);  // NOLINT
+  EXPECT_EQ(1, a_);
+
+  // failed EXPECT_TRUE
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(-1 == a_++), "-1 == a_++");
+  EXPECT_EQ(2, a_);
+
+  // successful EXPECT_GT
+  EXPECT_GT(a_++, b_++);
+  EXPECT_EQ(3, a_);
+  EXPECT_EQ(1, b_);
+
+  // failed EXPECT_LT
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(a_++, b_++), "(a_++) < (b_++)");
+  EXPECT_EQ(4, a_);
+  EXPECT_EQ(2, b_);
+
+  // successful ASSERT_TRUE
+  ASSERT_TRUE(0 < a_++);  // NOLINT
+  EXPECT_EQ(5, a_);
+
+  // successful ASSERT_GT
+  ASSERT_GT(a_++, b_++);
+  EXPECT_EQ(6, a_);
+  EXPECT_EQ(3, b_);
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+void ThrowAnInteger() {
+  throw 1;
+}
+
+// Tests that assertion arguments are evaluated exactly once.
+TEST_F(SingleEvaluationTest, ExceptionTests) {
+  // successful EXPECT_THROW
+  EXPECT_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  }, int);
+  EXPECT_EQ(1, a_);
+
+  // failed EXPECT_THROW, throws different
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  }, bool), "throws a different type");
+  EXPECT_EQ(2, a_);
+
+  // failed EXPECT_THROW, throws nothing
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(a_++, bool), "throws nothing");
+  EXPECT_EQ(3, a_);
+
+  // successful EXPECT_NO_THROW
+  EXPECT_NO_THROW(a_++);
+  EXPECT_EQ(4, a_);
+
+  // failed EXPECT_NO_THROW
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  }), "it throws");
+  EXPECT_EQ(5, a_);
+
+  // successful EXPECT_ANY_THROW
+  EXPECT_ANY_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  });
+  EXPECT_EQ(6, a_);
+
+  // failed EXPECT_ANY_THROW
+  EXPECT_NONFATAL_FAILURE(EXPECT_ANY_THROW(a_++), "it doesn't");
+  EXPECT_EQ(7, a_);
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Tests {ASSERT|EXPECT}_NO_FATAL_FAILURE.
+class NoFatalFailureTest : public Test {
+ protected:
+  void Succeeds() {}
+  void FailsNonFatal() {
+    ADD_FAILURE() << "some non-fatal failure";
+  }
+  void Fails() {
+    FAIL() << "some fatal failure";
+  }
+
+  void DoAssertNoFatalFailureOnFails() {
+    ASSERT_NO_FATAL_FAILURE(Fails());
+    ADD_FAILURE() << "shold not reach here.";
+  }
+
+  void DoExpectNoFatalFailureOnFails() {
+    EXPECT_NO_FATAL_FAILURE(Fails());
+    ADD_FAILURE() << "other failure";
+  }
+};
+
+TEST_F(NoFatalFailureTest, NoFailure) {
+  EXPECT_NO_FATAL_FAILURE(Succeeds());
+  ASSERT_NO_FATAL_FAILURE(Succeeds());
+}
+
+TEST_F(NoFatalFailureTest, NonFatalIsNoFailure) {
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_NO_FATAL_FAILURE(FailsNonFatal()),
+      "some non-fatal failure");
+  EXPECT_NONFATAL_FAILURE(
+      ASSERT_NO_FATAL_FAILURE(FailsNonFatal()),
+      "some non-fatal failure");
+}
+
+TEST_F(NoFatalFailureTest, AssertNoFatalFailureOnFatalFailure) {
+  TestPartResultArray gtest_failures;
+  {
+    ScopedFakeTestPartResultReporter gtest_reporter(&gtest_failures);
+    DoAssertNoFatalFailureOnFails();
+  }
+  ASSERT_EQ(2, gtest_failures.size());
+  EXPECT_EQ(TestPartResult::kFatalFailure,
+            gtest_failures.GetTestPartResult(0).type());
+  EXPECT_EQ(TestPartResult::kFatalFailure,
+            gtest_failures.GetTestPartResult(1).type());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "some fatal failure",
+                      gtest_failures.GetTestPartResult(0).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "it does",
+                      gtest_failures.GetTestPartResult(1).message());
+}
+
+TEST_F(NoFatalFailureTest, ExpectNoFatalFailureOnFatalFailure) {
+  TestPartResultArray gtest_failures;
+  {
+    ScopedFakeTestPartResultReporter gtest_reporter(&gtest_failures);
+    DoExpectNoFatalFailureOnFails();
+  }
+  ASSERT_EQ(3, gtest_failures.size());
+  EXPECT_EQ(TestPartResult::kFatalFailure,
+            gtest_failures.GetTestPartResult(0).type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(1).type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(2).type());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "some fatal failure",
+                      gtest_failures.GetTestPartResult(0).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "it does",
+                      gtest_failures.GetTestPartResult(1).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "other failure",
+                      gtest_failures.GetTestPartResult(2).message());
+}
+
+TEST_F(NoFatalFailureTest, MessageIsStreamable) {
+  TestPartResultArray gtest_failures;
+  {
+    ScopedFakeTestPartResultReporter gtest_reporter(&gtest_failures);
+    EXPECT_NO_FATAL_FAILURE(FAIL() << "foo") << "my message";
+  }
+  ASSERT_EQ(2, gtest_failures.size());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(0).type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(1).type());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "foo",
+                      gtest_failures.GetTestPartResult(0).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "my message",
+                      gtest_failures.GetTestPartResult(1).message());
+}
+
+// Tests non-string assertions.
+
+std::string EditsToString(const std::vector<EditType>& edits) {
+  std::string out;
+  for (size_t i = 0; i < edits.size(); ++i) {
+    static const char kEdits[] = " +-/";
+    out.append(1, kEdits[edits[i]]);
+  }
+  return out;
+}
+
+std::vector<size_t> CharsToIndices(const std::string& str) {
+  std::vector<size_t> out;
+  for (size_t i = 0; i < str.size(); ++i) {
+    out.push_back(str[i]);
+  }
+  return out;
+}
+
+std::vector<std::string> CharsToLines(const std::string& str) {
+  std::vector<std::string> out;
+  for (size_t i = 0; i < str.size(); ++i) {
+    out.push_back(str.substr(i, 1));
+  }
+  return out;
+}
+
+TEST(EditDistance, TestCases) {
+  struct Case {
+    int line;
+    const char* left;
+    const char* right;
+    const char* expected_edits;
+    const char* expected_diff;
+  };
+  static const Case kCases[] = {
+      // No change.
+      {__LINE__, "A", "A", " ", ""},
+      {__LINE__, "ABCDE", "ABCDE", "     ", ""},
+      // Simple adds.
+      {__LINE__, "X", "XA", " +", "@@ +1,2 @@\n X\n+A\n"},
+      {__LINE__, "X", "XABCD", " ++++", "@@ +1,5 @@\n X\n+A\n+B\n+C\n+D\n"},
+      // Simple removes.
+      {__LINE__, "XA", "X", " -", "@@ -1,2 @@\n X\n-A\n"},
+      {__LINE__, "XABCD", "X", " ----", "@@ -1,5 @@\n X\n-A\n-B\n-C\n-D\n"},
+      // Simple replaces.
+      {__LINE__, "A", "a", "/", "@@ -1,1 +1,1 @@\n-A\n+a\n"},
+      {__LINE__, "ABCD", "abcd", "////",
+       "@@ -1,4 +1,4 @@\n-A\n-B\n-C\n-D\n+a\n+b\n+c\n+d\n"},
+      // Path finding.
+      {__LINE__, "ABCDEFGH", "ABXEGH1", "  -/ -  +",
+       "@@ -1,8 +1,7 @@\n A\n B\n-C\n-D\n+X\n E\n-F\n G\n H\n+1\n"},
+      {__LINE__, "AAAABCCCC", "ABABCDCDC", "- /   + / ",
+       "@@ -1,9 +1,9 @@\n-A\n A\n-A\n+B\n A\n B\n C\n+D\n C\n-C\n+D\n C\n"},
+      {__LINE__, "ABCDE", "BCDCD", "-   +/",
+       "@@ -1,5 +1,5 @@\n-A\n B\n C\n D\n-E\n+C\n+D\n"},
+      {__LINE__, "ABCDEFGHIJKL", "BCDCDEFGJKLJK", "- ++     --   ++",
+       "@@ -1,4 +1,5 @@\n-A\n B\n+C\n+D\n C\n D\n"
+       "@@ -6,7 +7,7 @@\n F\n G\n-H\n-I\n J\n K\n L\n+J\n+K\n"},
+      {}};
+  for (const Case* c = kCases; c->left; ++c) {
+    EXPECT_TRUE(c->expected_edits ==
+                EditsToString(CalculateOptimalEdits(CharsToIndices(c->left),
+                                                    CharsToIndices(c->right))))
+        << "Left <" << c->left << "> Right <" << c->right << "> Edits <"
+        << EditsToString(CalculateOptimalEdits(
+               CharsToIndices(c->left), CharsToIndices(c->right))) << ">";
+    EXPECT_TRUE(c->expected_diff == CreateUnifiedDiff(CharsToLines(c->left),
+                                                      CharsToLines(c->right)))
+        << "Left <" << c->left << "> Right <" << c->right << "> Diff <"
+        << CreateUnifiedDiff(CharsToLines(c->left), CharsToLines(c->right))
+        << ">";
+  }
+}
+
+// Tests EqFailure(), used for implementing *EQ* assertions.
+TEST(AssertionTest, EqFailure) {
+  const std::string foo_val("5"), bar_val("6");
+  const std::string msg1(
+      EqFailure("foo", "bar", foo_val, bar_val, false)
+      .failure_message());
+  EXPECT_STREQ(
+      "Value of: bar\n"
+      "  Actual: 6\n"
+      "Expected: foo\n"
+      "Which is: 5",
+      msg1.c_str());
+
+  const std::string msg2(
+      EqFailure("foo", "6", foo_val, bar_val, false)
+      .failure_message());
+  EXPECT_STREQ(
+      "Value of: 6\n"
+      "Expected: foo\n"
+      "Which is: 5",
+      msg2.c_str());
+
+  const std::string msg3(
+      EqFailure("5", "bar", foo_val, bar_val, false)
+      .failure_message());
+  EXPECT_STREQ(
+      "Value of: bar\n"
+      "  Actual: 6\n"
+      "Expected: 5",
+      msg3.c_str());
+
+  const std::string msg4(
+      EqFailure("5", "6", foo_val, bar_val, false).failure_message());
+  EXPECT_STREQ(
+      "Value of: 6\n"
+      "Expected: 5",
+      msg4.c_str());
+
+  const std::string msg5(
+      EqFailure("foo", "bar",
+                std::string("\"x\""), std::string("\"y\""),
+                true).failure_message());
+  EXPECT_STREQ(
+      "Value of: bar\n"
+      "  Actual: \"y\"\n"
+      "Expected: foo (ignoring case)\n"
+      "Which is: \"x\"",
+      msg5.c_str());
+}
+
+TEST(AssertionTest, EqFailureWithDiff) {
+  const std::string left(
+      "1\\n2XXX\\n3\\n5\\n6\\n7\\n8\\n9\\n10\\n11\\n12XXX\\n13\\n14\\n15");
+  const std::string right(
+      "1\\n2\\n3\\n4\\n5\\n6\\n7\\n8\\n9\\n11\\n12\\n13\\n14");
+  const std::string msg1(
+      EqFailure("left", "right", left, right, false).failure_message());
+  EXPECT_STREQ(
+      "Value of: right\n"
+      "  Actual: 1\\n2\\n3\\n4\\n5\\n6\\n7\\n8\\n9\\n11\\n12\\n13\\n14\n"
+      "Expected: left\n"
+      "Which is: "
+      "1\\n2XXX\\n3\\n5\\n6\\n7\\n8\\n9\\n10\\n11\\n12XXX\\n13\\n14\\n15\n"
+      "With diff:\n@@ -1,5 +1,6 @@\n 1\n-2XXX\n+2\n 3\n+4\n 5\n 6\n"
+      "@@ -7,8 +8,6 @@\n 8\n 9\n-10\n 11\n-12XXX\n+12\n 13\n 14\n-15\n",
+      msg1.c_str());
+}
+
+// Tests AppendUserMessage(), used for implementing the *EQ* macros.
+TEST(AssertionTest, AppendUserMessage) {
+  const std::string foo("foo");
+
+  Message msg;
+  EXPECT_STREQ("foo",
+               AppendUserMessage(foo, msg).c_str());
+
+  msg << "bar";
+  EXPECT_STREQ("foo\nbar",
+               AppendUserMessage(foo, msg).c_str());
+}
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+# pragma option push -w-ccc -w-rch
+#endif
+
+// Tests ASSERT_TRUE.
+TEST(AssertionTest, ASSERT_TRUE) {
+  ASSERT_TRUE(2 > 1);  // NOLINT
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(2 < 1),
+                       "2 < 1");
+}
+
+// Tests ASSERT_TRUE(predicate) for predicates returning AssertionResult.
+TEST(AssertionTest, AssertTrueWithAssertionResult) {
+  ASSERT_TRUE(ResultIsEven(2));
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(ResultIsEven(3)),
+                       "Value of: ResultIsEven(3)\n"
+                       "  Actual: false (3 is odd)\n"
+                       "Expected: true");
+#endif
+  ASSERT_TRUE(ResultIsEvenNoExplanation(2));
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(ResultIsEvenNoExplanation(3)),
+                       "Value of: ResultIsEvenNoExplanation(3)\n"
+                       "  Actual: false (3 is odd)\n"
+                       "Expected: true");
+}
+
+// Tests ASSERT_FALSE.
+TEST(AssertionTest, ASSERT_FALSE) {
+  ASSERT_FALSE(2 < 1);  // NOLINT
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(2 > 1),
+                       "Value of: 2 > 1\n"
+                       "  Actual: true\n"
+                       "Expected: false");
+}
+
+// Tests ASSERT_FALSE(predicate) for predicates returning AssertionResult.
+TEST(AssertionTest, AssertFalseWithAssertionResult) {
+  ASSERT_FALSE(ResultIsEven(3));
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(ResultIsEven(2)),
+                       "Value of: ResultIsEven(2)\n"
+                       "  Actual: true (2 is even)\n"
+                       "Expected: false");
+#endif
+  ASSERT_FALSE(ResultIsEvenNoExplanation(3));
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(ResultIsEvenNoExplanation(2)),
+                       "Value of: ResultIsEvenNoExplanation(2)\n"
+                       "  Actual: true\n"
+                       "Expected: false");
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" supressed them
+# pragma option pop
+#endif
+
+// Tests using ASSERT_EQ on double values.  The purpose is to make
+// sure that the specialization we did for integer and anonymous enums
+// isn't used for double arguments.
+TEST(ExpectTest, ASSERT_EQ_Double) {
+  // A success.
+  ASSERT_EQ(5.6, 5.6);
+
+  // A failure.
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(5.1, 5.2),
+                       "5.1");
+}
+
+// Tests ASSERT_EQ.
+TEST(AssertionTest, ASSERT_EQ) {
+  ASSERT_EQ(5, 2 + 3);
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(5, 2*3),
+                       "Value of: 2*3\n"
+                       "  Actual: 6\n"
+                       "Expected: 5");
+}
+
+// Tests ASSERT_EQ(NULL, pointer).
+#if GTEST_CAN_COMPARE_NULL
+TEST(AssertionTest, ASSERT_EQ_NULL) {
+  // A success.
+  const char* p = NULL;
+  // Some older GCC versions may issue a spurious waring in this or the next
+  // assertion statement. This warning should not be suppressed with
+  // static_cast since the test verifies the ability to use bare NULL as the
+  // expected parameter to the macro.
+  ASSERT_EQ(NULL, p);
+
+  // A failure.
+  static int n = 0;
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(NULL, &n),
+                       "Value of: &n\n");
+}
+#endif  // GTEST_CAN_COMPARE_NULL
+
+// Tests ASSERT_EQ(0, non_pointer).  Since the literal 0 can be
+// treated as a null pointer by the compiler, we need to make sure
+// that ASSERT_EQ(0, non_pointer) isn't interpreted by Google Test as
+// ASSERT_EQ(static_cast<void*>(NULL), non_pointer).
+TEST(ExpectTest, ASSERT_EQ_0) {
+  int n = 0;
+
+  // A success.
+  ASSERT_EQ(0, n);
+
+  // A failure.
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(0, 5.6),
+                       "Expected: 0");
+}
+
+// Tests ASSERT_NE.
+TEST(AssertionTest, ASSERT_NE) {
+  ASSERT_NE(6, 7);
+  EXPECT_FATAL_FAILURE(ASSERT_NE('a', 'a'),
+                       "Expected: ('a') != ('a'), "
+                       "actual: 'a' (97, 0x61) vs 'a' (97, 0x61)");
+}
+
+// Tests ASSERT_LE.
+TEST(AssertionTest, ASSERT_LE) {
+  ASSERT_LE(2, 3);
+  ASSERT_LE(2, 2);
+  EXPECT_FATAL_FAILURE(ASSERT_LE(2, 0),
+                       "Expected: (2) <= (0), actual: 2 vs 0");
+}
+
+// Tests ASSERT_LT.
+TEST(AssertionTest, ASSERT_LT) {
+  ASSERT_LT(2, 3);
+  EXPECT_FATAL_FAILURE(ASSERT_LT(2, 2),
+                       "Expected: (2) < (2), actual: 2 vs 2");
+}
+
+// Tests ASSERT_GE.
+TEST(AssertionTest, ASSERT_GE) {
+  ASSERT_GE(2, 1);
+  ASSERT_GE(2, 2);
+  EXPECT_FATAL_FAILURE(ASSERT_GE(2, 3),
+                       "Expected: (2) >= (3), actual: 2 vs 3");
+}
+
+// Tests ASSERT_GT.
+TEST(AssertionTest, ASSERT_GT) {
+  ASSERT_GT(2, 1);
+  EXPECT_FATAL_FAILURE(ASSERT_GT(2, 2),
+                       "Expected: (2) > (2), actual: 2 vs 2");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+void ThrowNothing() {}
+
+// Tests ASSERT_THROW.
+TEST(AssertionTest, ASSERT_THROW) {
+  ASSERT_THROW(ThrowAnInteger(), int);
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder 2007 and 2009.
+  EXPECT_FATAL_FAILURE(
+      ASSERT_THROW(ThrowAnInteger(), bool),
+      "Expected: ThrowAnInteger() throws an exception of type bool.\n"
+      "  Actual: it throws a different type.");
+# endif
+
+  EXPECT_FATAL_FAILURE(
+      ASSERT_THROW(ThrowNothing(), bool),
+      "Expected: ThrowNothing() throws an exception of type bool.\n"
+      "  Actual: it throws nothing.");
+}
+
+// Tests ASSERT_NO_THROW.
+TEST(AssertionTest, ASSERT_NO_THROW) {
+  ASSERT_NO_THROW(ThrowNothing());
+  EXPECT_FATAL_FAILURE(ASSERT_NO_THROW(ThrowAnInteger()),
+                       "Expected: ThrowAnInteger() doesn't throw an exception."
+                       "\n  Actual: it throws.");
+}
+
+// Tests ASSERT_ANY_THROW.
+TEST(AssertionTest, ASSERT_ANY_THROW) {
+  ASSERT_ANY_THROW(ThrowAnInteger());
+  EXPECT_FATAL_FAILURE(
+      ASSERT_ANY_THROW(ThrowNothing()),
+      "Expected: ThrowNothing() throws an exception.\n"
+      "  Actual: it doesn't.");
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Makes sure we deal with the precedence of <<.  This test should
+// compile.
+TEST(AssertionTest, AssertPrecedence) {
+  ASSERT_EQ(1 < 2, true);
+  bool false_value = false;
+  ASSERT_EQ(true && false_value, false);
+}
+
+// A subroutine used by the following test.
+void TestEq1(int x) {
+  ASSERT_EQ(1, x);
+}
+
+// Tests calling a test subroutine that's not part of a fixture.
+TEST(AssertionTest, NonFixtureSubroutine) {
+  EXPECT_FATAL_FAILURE(TestEq1(2),
+                       "Value of: x");
+}
+
+// An uncopyable class.
+class Uncopyable {
+ public:
+  explicit Uncopyable(int a_value) : value_(a_value) {}
+
+  int value() const { return value_; }
+  bool operator==(const Uncopyable& rhs) const {
+    return value() == rhs.value();
+  }
+ private:
+  // This constructor deliberately has no implementation, as we don't
+  // want this class to be copyable.
+  Uncopyable(const Uncopyable&);  // NOLINT
+
+  int value_;
+};
+
+::std::ostream& operator<<(::std::ostream& os, const Uncopyable& value) {
+  return os << value.value();
+}
+
+
+bool IsPositiveUncopyable(const Uncopyable& x) {
+  return x.value() > 0;
+}
+
+// A subroutine used by the following test.
+void TestAssertNonPositive() {
+  Uncopyable y(-1);
+  ASSERT_PRED1(IsPositiveUncopyable, y);
+}
+// A subroutine used by the following test.
+void TestAssertEqualsUncopyable() {
+  Uncopyable x(5);
+  Uncopyable y(-1);
+  ASSERT_EQ(x, y);
+}
+
+// Tests that uncopyable objects can be used in assertions.
+TEST(AssertionTest, AssertWorksWithUncopyableObject) {
+  Uncopyable x(5);
+  ASSERT_PRED1(IsPositiveUncopyable, x);
+  ASSERT_EQ(x, x);
+  EXPECT_FATAL_FAILURE(TestAssertNonPositive(),
+    "IsPositiveUncopyable(y) evaluates to false, where\ny evaluates to -1");
+  EXPECT_FATAL_FAILURE(TestAssertEqualsUncopyable(),
+    "Value of: y\n  Actual: -1\nExpected: x\nWhich is: 5");
+}
+
+// Tests that uncopyable objects can be used in expects.
+TEST(AssertionTest, ExpectWorksWithUncopyableObject) {
+  Uncopyable x(5);
+  EXPECT_PRED1(IsPositiveUncopyable, x);
+  Uncopyable y(-1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED1(IsPositiveUncopyable, y),
+    "IsPositiveUncopyable(y) evaluates to false, where\ny evaluates to -1");
+  EXPECT_EQ(x, x);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(x, y),
+    "Value of: y\n  Actual: -1\nExpected: x\nWhich is: 5");
+}
+
+enum NamedEnum {
+  kE1 = 0,
+  kE2 = 1
+};
+
+TEST(AssertionTest, NamedEnum) {
+  EXPECT_EQ(kE1, kE1);
+  EXPECT_LT(kE1, kE2);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(kE1, kE2), "Which is: 0");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(kE1, kE2), "Actual: 1");
+}
+
+// The version of gcc used in XCode 2.2 has a bug and doesn't allow
+// anonymous enums in assertions.  Therefore the following test is not
+// done on Mac.
+// Sun Studio and HP aCC also reject this code.
+#if !GTEST_OS_MAC && !defined(__SUNPRO_CC) && !defined(__HP_aCC)
+
+// Tests using assertions with anonymous enums.
+enum {
+  kCaseA = -1,
+
+# if GTEST_OS_LINUX
+
+  // We want to test the case where the size of the anonymous enum is
+  // larger than sizeof(int), to make sure our implementation of the
+  // assertions doesn't truncate the enums.  However, MSVC
+  // (incorrectly) doesn't allow an enum value to exceed the range of
+  // an int, so this has to be conditionally compiled.
+  //
+  // On Linux, kCaseB and kCaseA have the same value when truncated to
+  // int size.  We want to test whether this will confuse the
+  // assertions.
+  kCaseB = testing::internal::kMaxBiggestInt,
+
+# else
+
+  kCaseB = INT_MAX,
+
+# endif  // GTEST_OS_LINUX
+
+  kCaseC = 42
+};
+
+TEST(AssertionTest, AnonymousEnum) {
+# if GTEST_OS_LINUX
+
+  EXPECT_EQ(static_cast<int>(kCaseA), static_cast<int>(kCaseB));
+
+# endif  // GTEST_OS_LINUX
+
+  EXPECT_EQ(kCaseA, kCaseA);
+  EXPECT_NE(kCaseA, kCaseB);
+  EXPECT_LT(kCaseA, kCaseB);
+  EXPECT_LE(kCaseA, kCaseB);
+  EXPECT_GT(kCaseB, kCaseA);
+  EXPECT_GE(kCaseA, kCaseA);
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(kCaseA, kCaseB),
+                          "(kCaseA) >= (kCaseB)");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(kCaseA, kCaseC),
+                          "-1 vs 42");
+
+  ASSERT_EQ(kCaseA, kCaseA);
+  ASSERT_NE(kCaseA, kCaseB);
+  ASSERT_LT(kCaseA, kCaseB);
+  ASSERT_LE(kCaseA, kCaseB);
+  ASSERT_GT(kCaseB, kCaseA);
+  ASSERT_GE(kCaseA, kCaseA);
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(kCaseA, kCaseB),
+                       "Value of: kCaseB");
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(kCaseA, kCaseC),
+                       "Actual: 42");
+# endif
+
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(kCaseA, kCaseC),
+                       "Which is: -1");
+}
+
+#endif  // !GTEST_OS_MAC && !defined(__SUNPRO_CC)
+
+#if GTEST_OS_WINDOWS
+
+static HRESULT UnexpectedHRESULTFailure() {
+  return E_UNEXPECTED;
+}
+
+static HRESULT OkHRESULTSuccess() {
+  return S_OK;
+}
+
+static HRESULT FalseHRESULTSuccess() {
+  return S_FALSE;
+}
+
+// HRESULT assertion tests test both zero and non-zero
+// success codes as well as failure message for each.
+//
+// Windows CE doesn't support message texts.
+TEST(HRESULTAssertionTest, EXPECT_HRESULT_SUCCEEDED) {
+  EXPECT_HRESULT_SUCCEEDED(S_OK);
+  EXPECT_HRESULT_SUCCEEDED(S_FALSE);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_HRESULT_SUCCEEDED(UnexpectedHRESULTFailure()),
+    "Expected: (UnexpectedHRESULTFailure()) succeeds.\n"
+    "  Actual: 0x8000FFFF");
+}
+
+TEST(HRESULTAssertionTest, ASSERT_HRESULT_SUCCEEDED) {
+  ASSERT_HRESULT_SUCCEEDED(S_OK);
+  ASSERT_HRESULT_SUCCEEDED(S_FALSE);
+
+  EXPECT_FATAL_FAILURE(ASSERT_HRESULT_SUCCEEDED(UnexpectedHRESULTFailure()),
+    "Expected: (UnexpectedHRESULTFailure()) succeeds.\n"
+    "  Actual: 0x8000FFFF");
+}
+
+TEST(HRESULTAssertionTest, EXPECT_HRESULT_FAILED) {
+  EXPECT_HRESULT_FAILED(E_UNEXPECTED);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_HRESULT_FAILED(OkHRESULTSuccess()),
+    "Expected: (OkHRESULTSuccess()) fails.\n"
+    "  Actual: 0x0");
+  EXPECT_NONFATAL_FAILURE(EXPECT_HRESULT_FAILED(FalseHRESULTSuccess()),
+    "Expected: (FalseHRESULTSuccess()) fails.\n"
+    "  Actual: 0x1");
+}
+
+TEST(HRESULTAssertionTest, ASSERT_HRESULT_FAILED) {
+  ASSERT_HRESULT_FAILED(E_UNEXPECTED);
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder 2007 and 2009.
+  EXPECT_FATAL_FAILURE(ASSERT_HRESULT_FAILED(OkHRESULTSuccess()),
+    "Expected: (OkHRESULTSuccess()) fails.\n"
+    "  Actual: 0x0");
+# endif
+
+  EXPECT_FATAL_FAILURE(ASSERT_HRESULT_FAILED(FalseHRESULTSuccess()),
+    "Expected: (FalseHRESULTSuccess()) fails.\n"
+    "  Actual: 0x1");
+}
+
+// Tests that streaming to the HRESULT macros works.
+TEST(HRESULTAssertionTest, Streaming) {
+  EXPECT_HRESULT_SUCCEEDED(S_OK) << "unexpected failure";
+  ASSERT_HRESULT_SUCCEEDED(S_OK) << "unexpected failure";
+  EXPECT_HRESULT_FAILED(E_UNEXPECTED) << "unexpected failure";
+  ASSERT_HRESULT_FAILED(E_UNEXPECTED) << "unexpected failure";
+
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_HRESULT_SUCCEEDED(E_UNEXPECTED) << "expected failure",
+      "expected failure");
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder 2007 and 2009.
+  EXPECT_FATAL_FAILURE(
+      ASSERT_HRESULT_SUCCEEDED(E_UNEXPECTED) << "expected failure",
+      "expected failure");
+# endif
+
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_HRESULT_FAILED(S_OK) << "expected failure",
+      "expected failure");
+
+  EXPECT_FATAL_FAILURE(
+      ASSERT_HRESULT_FAILED(S_OK) << "expected failure",
+      "expected failure");
+}
+
+#endif  // GTEST_OS_WINDOWS
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+# pragma option push -w-ccc -w-rch
+#endif
+
+// Tests that the assertion macros behave like single statements.
+TEST(AssertionSyntaxTest, BasicAssertionsBehavesLikeSingleStatement) {
+  if (AlwaysFalse())
+    ASSERT_TRUE(false) << "This should never be executed; "
+                          "It's a compilation test only.";
+
+  if (AlwaysTrue())
+    EXPECT_FALSE(false);
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ASSERT_LT(1, 3);
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    EXPECT_GT(3, 2) << "";
+}
+
+#if GTEST_HAS_EXCEPTIONS
+// Tests that the compiler will not complain about unreachable code in the
+// EXPECT_THROW/EXPECT_ANY_THROW/EXPECT_NO_THROW macros.
+TEST(ExpectThrowTest, DoesNotGenerateUnreachableCodeWarning) {
+  int n = 0;
+
+  EXPECT_THROW(throw 1, int);
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(n++, int), "");
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(throw 1, const char*), "");
+  EXPECT_NO_THROW(n++);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW(throw 1), "");
+  EXPECT_ANY_THROW(throw 1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_ANY_THROW(n++), "");
+}
+
+TEST(AssertionSyntaxTest, ExceptionAssertionsBehavesLikeSingleStatement) {
+  if (AlwaysFalse())
+    EXPECT_THROW(ThrowNothing(), bool);
+
+  if (AlwaysTrue())
+    EXPECT_THROW(ThrowAnInteger(), int);
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    EXPECT_NO_THROW(ThrowAnInteger());
+
+  if (AlwaysTrue())
+    EXPECT_NO_THROW(ThrowNothing());
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    EXPECT_ANY_THROW(ThrowNothing());
+
+  if (AlwaysTrue())
+    EXPECT_ANY_THROW(ThrowAnInteger());
+  else
+    ;  // NOLINT
+}
+#endif  // GTEST_HAS_EXCEPTIONS
+
+TEST(AssertionSyntaxTest, NoFatalFailureAssertionsBehavesLikeSingleStatement) {
+  if (AlwaysFalse())
+    EXPECT_NO_FATAL_FAILURE(FAIL()) << "This should never be executed. "
+                                    << "It's a compilation test only.";
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ASSERT_NO_FATAL_FAILURE(FAIL()) << "";
+  else
+    ;  // NOLINT
+
+  if (AlwaysTrue())
+    EXPECT_NO_FATAL_FAILURE(SUCCEED());
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    ASSERT_NO_FATAL_FAILURE(SUCCEED());
+}
+
+// Tests that the assertion macros work well with switch statements.
+TEST(AssertionSyntaxTest, WorksWithSwitch) {
+  switch (0) {
+    case 1:
+      break;
+    default:
+      ASSERT_TRUE(true);
+  }
+
+  switch (0)
+    case 0:
+      EXPECT_FALSE(false) << "EXPECT_FALSE failed in switch case";
+
+  // Binary assertions are implemented using a different code path
+  // than the Boolean assertions.  Hence we test them separately.
+  switch (0) {
+    case 1:
+    default:
+      ASSERT_EQ(1, 1) << "ASSERT_EQ failed in default switch handler";
+  }
+
+  switch (0)
+    case 0:
+      EXPECT_NE(1, 2);
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+void ThrowAString() {
+    throw "std::string";
+}
+
+// Test that the exception assertion macros compile and work with const
+// type qualifier.
+TEST(AssertionSyntaxTest, WorksWithConst) {
+    ASSERT_THROW(ThrowAString(), const char*);
+
+    EXPECT_THROW(ThrowAString(), const char*);
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+}  // namespace
+
+namespace testing {
+
+// Tests that Google Test tracks SUCCEED*.
+TEST(SuccessfulAssertionTest, SUCCEED) {
+  SUCCEED();
+  SUCCEED() << "OK";
+  EXPECT_EQ(2, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful EXPECT_*.
+TEST(SuccessfulAssertionTest, EXPECT) {
+  EXPECT_TRUE(true);
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful EXPECT_STR*.
+TEST(SuccessfulAssertionTest, EXPECT_STR) {
+  EXPECT_STREQ("", "");
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful ASSERT_*.
+TEST(SuccessfulAssertionTest, ASSERT) {
+  ASSERT_TRUE(true);
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful ASSERT_STR*.
+TEST(SuccessfulAssertionTest, ASSERT_STR) {
+  ASSERT_STREQ("", "");
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+}  // namespace testing
+
+namespace {
+
+// Tests the message streaming variation of assertions.
+
+TEST(AssertionWithMessageTest, EXPECT) {
+  EXPECT_EQ(1, 1) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(1, 1) << "Expected failure #1.",
+                          "Expected failure #1");
+  EXPECT_LE(1, 2) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(1, 0) << "Expected failure #2.",
+                          "Expected failure #2.");
+  EXPECT_GE(1, 0) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(1, 2) << "Expected failure #3.",
+                          "Expected failure #3.");
+
+  EXPECT_STREQ("1", "1") << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE("1", "1") << "Expected failure #4.",
+                          "Expected failure #4.");
+  EXPECT_STRCASEEQ("a", "A") << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASENE("a", "A") << "Expected failure #5.",
+                          "Expected failure #5.");
+
+  EXPECT_FLOAT_EQ(1, 1) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(1, 1.2) << "Expected failure #6.",
+                          "Expected failure #6.");
+  EXPECT_NEAR(1, 1.1, 0.2) << "This should succeed.";
+}
+
+TEST(AssertionWithMessageTest, ASSERT) {
+  ASSERT_EQ(1, 1) << "This should succeed.";
+  ASSERT_NE(1, 2) << "This should succeed.";
+  ASSERT_LE(1, 2) << "This should succeed.";
+  ASSERT_LT(1, 2) << "This should succeed.";
+  ASSERT_GE(1, 0) << "This should succeed.";
+  EXPECT_FATAL_FAILURE(ASSERT_GT(1, 2) << "Expected failure.",
+                       "Expected failure.");
+}
+
+TEST(AssertionWithMessageTest, ASSERT_STR) {
+  ASSERT_STREQ("1", "1") << "This should succeed.";
+  ASSERT_STRNE("1", "2") << "This should succeed.";
+  ASSERT_STRCASEEQ("a", "A") << "This should succeed.";
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASENE("a", "A") << "Expected failure.",
+                       "Expected failure.");
+}
+
+TEST(AssertionWithMessageTest, ASSERT_FLOATING) {
+  ASSERT_FLOAT_EQ(1, 1) << "This should succeed.";
+  ASSERT_DOUBLE_EQ(1, 1) << "This should succeed.";
+  EXPECT_FATAL_FAILURE(ASSERT_NEAR(1,1.2, 0.1) << "Expect failure.",  // NOLINT
+                       "Expect failure.");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous statement.
+}
+
+// Tests using ASSERT_FALSE with a streamed message.
+TEST(AssertionWithMessageTest, ASSERT_FALSE) {
+  ASSERT_FALSE(false) << "This shouldn't fail.";
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_FALSE(true) << "Expected failure: " << 2 << " > " << 1
+                       << " evaluates to " << true;
+  }, "Expected failure");
+}
+
+// Tests using FAIL with a streamed message.
+TEST(AssertionWithMessageTest, FAIL) {
+  EXPECT_FATAL_FAILURE(FAIL() << 0,
+                       "0");
+}
+
+// Tests using SUCCEED with a streamed message.
+TEST(AssertionWithMessageTest, SUCCEED) {
+  SUCCEED() << "Success == " << 1;
+}
+
+// Tests using ASSERT_TRUE with a streamed message.
+TEST(AssertionWithMessageTest, ASSERT_TRUE) {
+  ASSERT_TRUE(true) << "This should succeed.";
+  ASSERT_TRUE(true) << true;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_TRUE(false) << static_cast<const char *>(NULL)
+                       << static_cast<char *>(NULL);
+  }, "(null)(null)");
+}
+
+#if GTEST_OS_WINDOWS
+// Tests using wide strings in assertion messages.
+TEST(AssertionWithMessageTest, WideStringMessage) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_TRUE(false) << L"This failure is expected.\x8119";
+  }, "This failure is expected.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EQ(1, 2) << "This failure is "
+                    << L"expected too.\x8120";
+  }, "This failure is expected too.");
+}
+#endif  // GTEST_OS_WINDOWS
+
+// Tests EXPECT_TRUE.
+TEST(ExpectTest, EXPECT_TRUE) {
+  EXPECT_TRUE(true) << "Intentional success";
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(false) << "Intentional failure #1.",
+                          "Intentional failure #1.");
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(false) << "Intentional failure #2.",
+                          "Intentional failure #2.");
+  EXPECT_TRUE(2 > 1);  // NOLINT
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(2 < 1),
+                          "Value of: 2 < 1\n"
+                          "  Actual: false\n"
+                          "Expected: true");
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(2 > 3),
+                          "2 > 3");
+}
+
+// Tests EXPECT_TRUE(predicate) for predicates returning AssertionResult.
+TEST(ExpectTest, ExpectTrueWithAssertionResult) {
+  EXPECT_TRUE(ResultIsEven(2));
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(ResultIsEven(3)),
+                          "Value of: ResultIsEven(3)\n"
+                          "  Actual: false (3 is odd)\n"
+                          "Expected: true");
+  EXPECT_TRUE(ResultIsEvenNoExplanation(2));
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(ResultIsEvenNoExplanation(3)),
+                          "Value of: ResultIsEvenNoExplanation(3)\n"
+                          "  Actual: false (3 is odd)\n"
+                          "Expected: true");
+}
+
+// Tests EXPECT_FALSE with a streamed message.
+TEST(ExpectTest, EXPECT_FALSE) {
+  EXPECT_FALSE(2 < 1);  // NOLINT
+  EXPECT_FALSE(false) << "Intentional success";
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(true) << "Intentional failure #1.",
+                          "Intentional failure #1.");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(true) << "Intentional failure #2.",
+                          "Intentional failure #2.");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(2 > 1),
+                          "Value of: 2 > 1\n"
+                          "  Actual: true\n"
+                          "Expected: false");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(2 < 3),
+                          "2 < 3");
+}
+
+// Tests EXPECT_FALSE(predicate) for predicates returning AssertionResult.
+TEST(ExpectTest, ExpectFalseWithAssertionResult) {
+  EXPECT_FALSE(ResultIsEven(3));
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(ResultIsEven(2)),
+                          "Value of: ResultIsEven(2)\n"
+                          "  Actual: true (2 is even)\n"
+                          "Expected: false");
+  EXPECT_FALSE(ResultIsEvenNoExplanation(3));
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(ResultIsEvenNoExplanation(2)),
+                          "Value of: ResultIsEvenNoExplanation(2)\n"
+                          "  Actual: true\n"
+                          "Expected: false");
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" supressed them
+# pragma option pop
+#endif
+
+// Tests EXPECT_EQ.
+TEST(ExpectTest, EXPECT_EQ) {
+  EXPECT_EQ(5, 2 + 3);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(5, 2*3),
+                          "Value of: 2*3\n"
+                          "  Actual: 6\n"
+                          "Expected: 5");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(5, 2 - 3),
+                          "2 - 3");
+}
+
+// Tests using EXPECT_EQ on double values.  The purpose is to make
+// sure that the specialization we did for integer and anonymous enums
+// isn't used for double arguments.
+TEST(ExpectTest, EXPECT_EQ_Double) {
+  // A success.
+  EXPECT_EQ(5.6, 5.6);
+
+  // A failure.
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(5.1, 5.2),
+                          "5.1");
+}
+
+#if GTEST_CAN_COMPARE_NULL
+// Tests EXPECT_EQ(NULL, pointer).
+TEST(ExpectTest, EXPECT_EQ_NULL) {
+  // A success.
+  const char* p = NULL;
+  // Some older GCC versions may issue a spurious warning in this or the next
+  // assertion statement. This warning should not be suppressed with
+  // static_cast since the test verifies the ability to use bare NULL as the
+  // expected parameter to the macro.
+  EXPECT_EQ(NULL, p);
+
+  // A failure.
+  int n = 0;
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(NULL, &n),
+                          "Value of: &n\n");
+}
+#endif  // GTEST_CAN_COMPARE_NULL
+
+// Tests EXPECT_EQ(0, non_pointer).  Since the literal 0 can be
+// treated as a null pointer by the compiler, we need to make sure
+// that EXPECT_EQ(0, non_pointer) isn't interpreted by Google Test as
+// EXPECT_EQ(static_cast<void*>(NULL), non_pointer).
+TEST(ExpectTest, EXPECT_EQ_0) {
+  int n = 0;
+
+  // A success.
+  EXPECT_EQ(0, n);
+
+  // A failure.
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(0, 5.6),
+                          "Expected: 0");
+}
+
+// Tests EXPECT_NE.
+TEST(ExpectTest, EXPECT_NE) {
+  EXPECT_NE(6, 7);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE('a', 'a'),
+                          "Expected: ('a') != ('a'), "
+                          "actual: 'a' (97, 0x61) vs 'a' (97, 0x61)");
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(2, 2),
+                          "2");
+  char* const p0 = NULL;
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(p0, p0),
+                          "p0");
+  // Only way to get the Nokia compiler to compile the cast
+  // is to have a separate void* variable first. Putting
+  // the two casts on the same line doesn't work, neither does
+  // a direct C-style to char*.
+  void* pv1 = (void*)0x1234;  // NOLINT
+  char* const p1 = reinterpret_cast<char*>(pv1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(p1, p1),
+                          "p1");
+}
+
+// Tests EXPECT_LE.
+TEST(ExpectTest, EXPECT_LE) {
+  EXPECT_LE(2, 3);
+  EXPECT_LE(2, 2);
+  EXPECT_NONFATAL_FAILURE(EXPECT_LE(2, 0),
+                          "Expected: (2) <= (0), actual: 2 vs 0");
+  EXPECT_NONFATAL_FAILURE(EXPECT_LE(1.1, 0.9),
+                          "(1.1) <= (0.9)");
+}
+
+// Tests EXPECT_LT.
+TEST(ExpectTest, EXPECT_LT) {
+  EXPECT_LT(2, 3);
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(2, 2),
+                          "Expected: (2) < (2), actual: 2 vs 2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(2, 1),
+                          "(2) < (1)");
+}
+
+// Tests EXPECT_GE.
+TEST(ExpectTest, EXPECT_GE) {
+  EXPECT_GE(2, 1);
+  EXPECT_GE(2, 2);
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(2, 3),
+                          "Expected: (2) >= (3), actual: 2 vs 3");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(0.9, 1.1),
+                          "(0.9) >= (1.1)");
+}
+
+// Tests EXPECT_GT.
+TEST(ExpectTest, EXPECT_GT) {
+  EXPECT_GT(2, 1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(2, 2),
+                          "Expected: (2) > (2), actual: 2 vs 2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(2, 3),
+                          "(2) > (3)");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Tests EXPECT_THROW.
+TEST(ExpectTest, EXPECT_THROW) {
+  EXPECT_THROW(ThrowAnInteger(), int);
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(ThrowAnInteger(), bool),
+                          "Expected: ThrowAnInteger() throws an exception of "
+                          "type bool.\n  Actual: it throws a different type.");
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_THROW(ThrowNothing(), bool),
+      "Expected: ThrowNothing() throws an exception of type bool.\n"
+      "  Actual: it throws nothing.");
+}
+
+// Tests EXPECT_NO_THROW.
+TEST(ExpectTest, EXPECT_NO_THROW) {
+  EXPECT_NO_THROW(ThrowNothing());
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW(ThrowAnInteger()),
+                          "Expected: ThrowAnInteger() doesn't throw an "
+                          "exception.\n  Actual: it throws.");
+}
+
+// Tests EXPECT_ANY_THROW.
+TEST(ExpectTest, EXPECT_ANY_THROW) {
+  EXPECT_ANY_THROW(ThrowAnInteger());
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_ANY_THROW(ThrowNothing()),
+      "Expected: ThrowNothing() throws an exception.\n"
+      "  Actual: it doesn't.");
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Make sure we deal with the precedence of <<.
+TEST(ExpectTest, ExpectPrecedence) {
+  EXPECT_EQ(1 < 2, true);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(true, true && false),
+                          "Value of: true && false");
+}
+
+
+// Tests the StreamableToString() function.
+
+// Tests using StreamableToString() on a scalar.
+TEST(StreamableToStringTest, Scalar) {
+  EXPECT_STREQ("5", StreamableToString(5).c_str());
+}
+
+// Tests using StreamableToString() on a non-char pointer.
+TEST(StreamableToStringTest, Pointer) {
+  int n = 0;
+  int* p = &n;
+  EXPECT_STRNE("(null)", StreamableToString(p).c_str());
+}
+
+// Tests using StreamableToString() on a NULL non-char pointer.
+TEST(StreamableToStringTest, NullPointer) {
+  int* p = NULL;
+  EXPECT_STREQ("(null)", StreamableToString(p).c_str());
+}
+
+// Tests using StreamableToString() on a C string.
+TEST(StreamableToStringTest, CString) {
+  EXPECT_STREQ("Foo", StreamableToString("Foo").c_str());
+}
+
+// Tests using StreamableToString() on a NULL C string.
+TEST(StreamableToStringTest, NullCString) {
+  char* p = NULL;
+  EXPECT_STREQ("(null)", StreamableToString(p).c_str());
+}
+
+// Tests using streamable values as assertion messages.
+
+// Tests using std::string as an assertion message.
+TEST(StreamableTest, string) {
+  static const std::string str(
+      "This failure message is a std::string, and is expected.");
+  EXPECT_FATAL_FAILURE(FAIL() << str,
+                       str.c_str());
+}
+
+// Tests that we can output strings containing embedded NULs.
+// Limited to Linux because we can only do this with std::string's.
+TEST(StreamableTest, stringWithEmbeddedNUL) {
+  static const char char_array_with_nul[] =
+      "Here's a NUL\0 and some more string";
+  static const std::string string_with_nul(char_array_with_nul,
+                                           sizeof(char_array_with_nul)
+                                           - 1);  // drops the trailing NUL
+  EXPECT_FATAL_FAILURE(FAIL() << string_with_nul,
+                       "Here's a NUL\\0 and some more string");
+}
+
+// Tests that we can output a NUL char.
+TEST(StreamableTest, NULChar) {
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    FAIL() << "A NUL" << '\0' << " and some more string";
+  }, "A NUL\\0 and some more string");
+}
+
+// Tests using int as an assertion message.
+TEST(StreamableTest, int) {
+  EXPECT_FATAL_FAILURE(FAIL() << 900913,
+                       "900913");
+}
+
+// Tests using NULL char pointer as an assertion message.
+//
+// In MSVC, streaming a NULL char * causes access violation.  Google Test
+// implemented a workaround (substituting "(null)" for NULL).  This
+// tests whether the workaround works.
+TEST(StreamableTest, NullCharPtr) {
+  EXPECT_FATAL_FAILURE(FAIL() << static_cast<const char*>(NULL),
+                       "(null)");
+}
+
+// Tests that basic IO manipulators (endl, ends, and flush) can be
+// streamed to testing::Message.
+TEST(StreamableTest, BasicIoManip) {
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    FAIL() << "Line 1." << std::endl
+           << "A NUL char " << std::ends << std::flush << " in line 2.";
+  }, "Line 1.\nA NUL char \\0 in line 2.");
+}
+
+// Tests the macros that haven't been covered so far.
+
+void AddFailureHelper(bool* aborted) {
+  *aborted = true;
+  ADD_FAILURE() << "Intentional failure.";
+  *aborted = false;
+}
+
+// Tests ADD_FAILURE.
+TEST(MacroTest, ADD_FAILURE) {
+  bool aborted = true;
+  EXPECT_NONFATAL_FAILURE(AddFailureHelper(&aborted),
+                          "Intentional failure.");
+  EXPECT_FALSE(aborted);
+}
+
+// Tests ADD_FAILURE_AT.
+TEST(MacroTest, ADD_FAILURE_AT) {
+  // Verifies that ADD_FAILURE_AT does generate a nonfatal failure and
+  // the failure message contains the user-streamed part.
+  EXPECT_NONFATAL_FAILURE(ADD_FAILURE_AT("foo.cc", 42) << "Wrong!", "Wrong!");
+
+  // Verifies that the user-streamed part is optional.
+  EXPECT_NONFATAL_FAILURE(ADD_FAILURE_AT("foo.cc", 42), "Failed");
+
+  // Unfortunately, we cannot verify that the failure message contains
+  // the right file path and line number the same way, as
+  // EXPECT_NONFATAL_FAILURE() doesn't get to see the file path and
+  // line number.  Instead, we do that in gtest_output_test_.cc.
+}
+
+// Tests FAIL.
+TEST(MacroTest, FAIL) {
+  EXPECT_FATAL_FAILURE(FAIL(),
+                       "Failed");
+  EXPECT_FATAL_FAILURE(FAIL() << "Intentional failure.",
+                       "Intentional failure.");
+}
+
+// Tests SUCCEED
+TEST(MacroTest, SUCCEED) {
+  SUCCEED();
+  SUCCEED() << "Explicit success.";
+}
+
+// Tests for EXPECT_EQ() and ASSERT_EQ().
+//
+// These tests fail *intentionally*, s.t. the failure messages can be
+// generated and tested.
+//
+// We have different tests for different argument types.
+
+// Tests using bool values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Bool) {
+  EXPECT_EQ(true,  true);
+  EXPECT_FATAL_FAILURE({
+      bool false_value = false;
+      ASSERT_EQ(false_value, true);
+    }, "Value of: true");
+}
+
+// Tests using int values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Int) {
+  ASSERT_EQ(32, 32);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(32, 33),
+                          "33");
+}
+
+// Tests using time_t values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Time_T) {
+  EXPECT_EQ(static_cast<time_t>(0),
+            static_cast<time_t>(0));
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(static_cast<time_t>(0),
+                                 static_cast<time_t>(1234)),
+                       "1234");
+}
+
+// Tests using char values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Char) {
+  ASSERT_EQ('z', 'z');
+  const char ch = 'b';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ('\0', ch),
+                          "ch");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ('a', ch),
+                          "ch");
+}
+
+// Tests using wchar_t values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, WideChar) {
+  EXPECT_EQ(L'b', L'b');
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(L'\0', L'x'),
+                          "Value of: L'x'\n"
+                          "  Actual: L'x' (120, 0x78)\n"
+                          "Expected: L'\0'\n"
+                          "Which is: L'\0' (0, 0x0)");
+
+  static wchar_t wchar;
+  wchar = L'b';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(L'a', wchar),
+                          "wchar");
+  wchar = 0x8119;
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(static_cast<wchar_t>(0x8120), wchar),
+                       "Value of: wchar");
+}
+
+// Tests using ::std::string values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, StdString) {
+  // Compares a const char* to an std::string that has identical
+  // content.
+  ASSERT_EQ("Test", ::std::string("Test"));
+
+  // Compares two identical std::strings.
+  static const ::std::string str1("A * in the middle");
+  static const ::std::string str2(str1);
+  EXPECT_EQ(str1, str2);
+
+  // Compares a const char* to an std::string that has different
+  // content
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ("Test", ::std::string("test")),
+                          "\"test\"");
+
+  // Compares an std::string to a char* that has different content.
+  char* const p1 = const_cast<char*>("foo");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(::std::string("bar"), p1),
+                          "p1");
+
+  // Compares two std::strings that have different contents, one of
+  // which having a NUL character in the middle.  This should fail.
+  static ::std::string str3(str1);
+  str3.at(2) = '\0';
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(str1, str3),
+                       "Value of: str3\n"
+                       "  Actual: \"A \\0 in the middle\"");
+}
+
+#if GTEST_HAS_STD_WSTRING
+
+// Tests using ::std::wstring values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, StdWideString) {
+  // Compares two identical std::wstrings.
+  const ::std::wstring wstr1(L"A * in the middle");
+  const ::std::wstring wstr2(wstr1);
+  ASSERT_EQ(wstr1, wstr2);
+
+  // Compares an std::wstring to a const wchar_t* that has identical
+  // content.
+  const wchar_t kTestX8119[] = { 'T', 'e', 's', 't', 0x8119, '\0' };
+  EXPECT_EQ(::std::wstring(kTestX8119), kTestX8119);
+
+  // Compares an std::wstring to a const wchar_t* that has different
+  // content.
+  const wchar_t kTestX8120[] = { 'T', 'e', 's', 't', 0x8120, '\0' };
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_EQ(::std::wstring(kTestX8119), kTestX8120);
+  }, "kTestX8120");
+
+  // Compares two std::wstrings that have different contents, one of
+  // which having a NUL character in the middle.
+  ::std::wstring wstr3(wstr1);
+  wstr3.at(2) = L'\0';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(wstr1, wstr3),
+                          "wstr3");
+
+  // Compares a wchar_t* to an std::wstring that has different
+  // content.
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EQ(const_cast<wchar_t*>(L"foo"), ::std::wstring(L"bar"));
+  }, "");
+}
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_GLOBAL_STRING
+// Tests using ::string values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, GlobalString) {
+  // Compares a const char* to a ::string that has identical content.
+  EXPECT_EQ("Test", ::string("Test"));
+
+  // Compares two identical ::strings.
+  const ::string str1("A * in the middle");
+  const ::string str2(str1);
+  ASSERT_EQ(str1, str2);
+
+  // Compares a ::string to a const char* that has different content.
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(::string("Test"), "test"),
+                          "test");
+
+  // Compares two ::strings that have different contents, one of which
+  // having a NUL character in the middle.
+  ::string str3(str1);
+  str3.at(2) = '\0';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(str1, str3),
+                          "str3");
+
+  // Compares a ::string to a char* that has different content.
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EQ(::string("bar"), const_cast<char*>("foo"));
+  }, "");
+}
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+
+// Tests using ::wstring values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, GlobalWideString) {
+  // Compares two identical ::wstrings.
+  static const ::wstring wstr1(L"A * in the middle");
+  static const ::wstring wstr2(wstr1);
+  EXPECT_EQ(wstr1, wstr2);
+
+  // Compares a const wchar_t* to a ::wstring that has identical content.
+  const wchar_t kTestX8119[] = { 'T', 'e', 's', 't', 0x8119, '\0' };
+  ASSERT_EQ(kTestX8119, ::wstring(kTestX8119));
+
+  // Compares a const wchar_t* to a ::wstring that has different
+  // content.
+  const wchar_t kTestX8120[] = { 'T', 'e', 's', 't', 0x8120, '\0' };
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_EQ(kTestX8120, ::wstring(kTestX8119));
+  }, "Test\\x8119");
+
+  // Compares a wchar_t* to a ::wstring that has different content.
+  wchar_t* const p1 = const_cast<wchar_t*>(L"foo");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p1, ::wstring(L"bar")),
+                          "bar");
+
+  // Compares two ::wstrings that have different contents, one of which
+  // having a NUL character in the middle.
+  static ::wstring wstr3;
+  wstr3 = wstr1;
+  wstr3.at(2) = L'\0';
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(wstr1, wstr3),
+                       "wstr3");
+}
+
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// Tests using char pointers in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, CharPointer) {
+  char* const p0 = NULL;
+  // Only way to get the Nokia compiler to compile the cast
+  // is to have a separate void* variable first. Putting
+  // the two casts on the same line doesn't work, neither does
+  // a direct C-style to char*.
+  void* pv1 = (void*)0x1234;  // NOLINT
+  void* pv2 = (void*)0xABC0;  // NOLINT
+  char* const p1 = reinterpret_cast<char*>(pv1);
+  char* const p2 = reinterpret_cast<char*>(pv2);
+  ASSERT_EQ(p1, p1);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p0, p2),
+                          "Value of: p2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p1, p2),
+                          "p2");
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(reinterpret_cast<char*>(0x1234),
+                                 reinterpret_cast<char*>(0xABC0)),
+                       "ABC0");
+}
+
+// Tests using wchar_t pointers in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, WideCharPointer) {
+  wchar_t* const p0 = NULL;
+  // Only way to get the Nokia compiler to compile the cast
+  // is to have a separate void* variable first. Putting
+  // the two casts on the same line doesn't work, neither does
+  // a direct C-style to char*.
+  void* pv1 = (void*)0x1234;  // NOLINT
+  void* pv2 = (void*)0xABC0;  // NOLINT
+  wchar_t* const p1 = reinterpret_cast<wchar_t*>(pv1);
+  wchar_t* const p2 = reinterpret_cast<wchar_t*>(pv2);
+  EXPECT_EQ(p0, p0);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p0, p2),
+                          "Value of: p2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p1, p2),
+                          "p2");
+  void* pv3 = (void*)0x1234;  // NOLINT
+  void* pv4 = (void*)0xABC0;  // NOLINT
+  const wchar_t* p3 = reinterpret_cast<const wchar_t*>(pv3);
+  const wchar_t* p4 = reinterpret_cast<const wchar_t*>(pv4);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p3, p4),
+                          "p4");
+}
+
+// Tests using other types of pointers in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, OtherPointer) {
+  ASSERT_EQ(static_cast<const int*>(NULL),
+            static_cast<const int*>(NULL));
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(static_cast<const int*>(NULL),
+                                 reinterpret_cast<const int*>(0x1234)),
+                       "0x1234");
+}
+
+// A class that supports binary comparison operators but not streaming.
+class UnprintableChar {
+ public:
+  explicit UnprintableChar(char ch) : char_(ch) {}
+
+  bool operator==(const UnprintableChar& rhs) const {
+    return char_ == rhs.char_;
+  }
+  bool operator!=(const UnprintableChar& rhs) const {
+    return char_ != rhs.char_;
+  }
+  bool operator<(const UnprintableChar& rhs) const {
+    return char_ < rhs.char_;
+  }
+  bool operator<=(const UnprintableChar& rhs) const {
+    return char_ <= rhs.char_;
+  }
+  bool operator>(const UnprintableChar& rhs) const {
+    return char_ > rhs.char_;
+  }
+  bool operator>=(const UnprintableChar& rhs) const {
+    return char_ >= rhs.char_;
+  }
+
+ private:
+  char char_;
+};
+
+// Tests that ASSERT_EQ() and friends don't require the arguments to
+// be printable.
+TEST(ComparisonAssertionTest, AcceptsUnprintableArgs) {
+  const UnprintableChar x('x'), y('y');
+  ASSERT_EQ(x, x);
+  EXPECT_NE(x, y);
+  ASSERT_LT(x, y);
+  EXPECT_LE(x, y);
+  ASSERT_GT(y, x);
+  EXPECT_GE(x, x);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(x, y), "1-byte object <78>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(x, y), "1-byte object <79>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(y, y), "1-byte object <79>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(x, y), "1-byte object <78>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(x, y), "1-byte object <79>");
+
+  // Code tested by EXPECT_FATAL_FAILURE cannot reference local
+  // variables, so we have to write UnprintableChar('x') instead of x.
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_NE(UnprintableChar('x'), UnprintableChar('x')),
+                       "1-byte object <78>");
+  EXPECT_FATAL_FAILURE(ASSERT_LE(UnprintableChar('y'), UnprintableChar('x')),
+                       "1-byte object <78>");
+#endif
+  EXPECT_FATAL_FAILURE(ASSERT_LE(UnprintableChar('y'), UnprintableChar('x')),
+                       "1-byte object <79>");
+  EXPECT_FATAL_FAILURE(ASSERT_GE(UnprintableChar('x'), UnprintableChar('y')),
+                       "1-byte object <78>");
+  EXPECT_FATAL_FAILURE(ASSERT_GE(UnprintableChar('x'), UnprintableChar('y')),
+                       "1-byte object <79>");
+}
+
+// Tests the FRIEND_TEST macro.
+
+// This class has a private member we want to test.  We will test it
+// both in a TEST and in a TEST_F.
+class Foo {
+ public:
+  Foo() {}
+
+ private:
+  int Bar() const { return 1; }
+
+  // Declares the friend tests that can access the private member
+  // Bar().
+  FRIEND_TEST(FRIEND_TEST_Test, TEST);
+  FRIEND_TEST(FRIEND_TEST_Test2, TEST_F);
+};
+
+// Tests that the FRIEND_TEST declaration allows a TEST to access a
+// class's private members.  This should compile.
+TEST(FRIEND_TEST_Test, TEST) {
+  ASSERT_EQ(1, Foo().Bar());
+}
+
+// The fixture needed to test using FRIEND_TEST with TEST_F.
+class FRIEND_TEST_Test2 : public Test {
+ protected:
+  Foo foo;
+};
+
+// Tests that the FRIEND_TEST declaration allows a TEST_F to access a
+// class's private members.  This should compile.
+TEST_F(FRIEND_TEST_Test2, TEST_F) {
+  ASSERT_EQ(1, foo.Bar());
+}
+
+// Tests the life cycle of Test objects.
+
+// The test fixture for testing the life cycle of Test objects.
+//
+// This class counts the number of live test objects that uses this
+// fixture.
+class TestLifeCycleTest : public Test {
+ protected:
+  // Constructor.  Increments the number of test objects that uses
+  // this fixture.
+  TestLifeCycleTest() { count_++; }
+
+  // Destructor.  Decrements the number of test objects that uses this
+  // fixture.
+  ~TestLifeCycleTest() { count_--; }
+
+  // Returns the number of live test objects that uses this fixture.
+  int count() const { return count_; }
+
+ private:
+  static int count_;
+};
+
+int TestLifeCycleTest::count_ = 0;
+
+// Tests the life cycle of test objects.
+TEST_F(TestLifeCycleTest, Test1) {
+  // There should be only one test object in this test case that's
+  // currently alive.
+  ASSERT_EQ(1, count());
+}
+
+// Tests the life cycle of test objects.
+TEST_F(TestLifeCycleTest, Test2) {
+  // After Test1 is done and Test2 is started, there should still be
+  // only one live test object, as the object for Test1 should've been
+  // deleted.
+  ASSERT_EQ(1, count());
+}
+
+}  // namespace
+
+// Tests that the copy constructor works when it is NOT optimized away by
+// the compiler.
+TEST(AssertionResultTest, CopyConstructorWorksWhenNotOptimied) {
+  // Checks that the copy constructor doesn't try to dereference NULL pointers
+  // in the source object.
+  AssertionResult r1 = AssertionSuccess();
+  AssertionResult r2 = r1;
+  // The following line is added to prevent the compiler from optimizing
+  // away the constructor call.
+  r1 << "abc";
+
+  AssertionResult r3 = r1;
+  EXPECT_EQ(static_cast<bool>(r3), static_cast<bool>(r1));
+  EXPECT_STREQ("abc", r1.message());
+}
+
+// Tests that AssertionSuccess and AssertionFailure construct
+// AssertionResult objects as expected.
+TEST(AssertionResultTest, ConstructionWorks) {
+  AssertionResult r1 = AssertionSuccess();
+  EXPECT_TRUE(r1);
+  EXPECT_STREQ("", r1.message());
+
+  AssertionResult r2 = AssertionSuccess() << "abc";
+  EXPECT_TRUE(r2);
+  EXPECT_STREQ("abc", r2.message());
+
+  AssertionResult r3 = AssertionFailure();
+  EXPECT_FALSE(r3);
+  EXPECT_STREQ("", r3.message());
+
+  AssertionResult r4 = AssertionFailure() << "def";
+  EXPECT_FALSE(r4);
+  EXPECT_STREQ("def", r4.message());
+
+  AssertionResult r5 = AssertionFailure(Message() << "ghi");
+  EXPECT_FALSE(r5);
+  EXPECT_STREQ("ghi", r5.message());
+}
+
+// Tests that the negation flips the predicate result but keeps the message.
+TEST(AssertionResultTest, NegationWorks) {
+  AssertionResult r1 = AssertionSuccess() << "abc";
+  EXPECT_FALSE(!r1);
+  EXPECT_STREQ("abc", (!r1).message());
+
+  AssertionResult r2 = AssertionFailure() << "def";
+  EXPECT_TRUE(!r2);
+  EXPECT_STREQ("def", (!r2).message());
+}
+
+TEST(AssertionResultTest, StreamingWorks) {
+  AssertionResult r = AssertionSuccess();
+  r << "abc" << 'd' << 0 << true;
+  EXPECT_STREQ("abcd0true", r.message());
+}
+
+TEST(AssertionResultTest, CanStreamOstreamManipulators) {
+  AssertionResult r = AssertionSuccess();
+  r << "Data" << std::endl << std::flush << std::ends << "Will be visible";
+  EXPECT_STREQ("Data\n\\0Will be visible", r.message());
+}
+
+// The next test uses explicit conversion operators -- a C++11 feature.
+#if GTEST_LANG_CXX11
+
+TEST(AssertionResultTest, ConstructibleFromContextuallyConvertibleToBool) {
+  struct ExplicitlyConvertibleToBool {
+    explicit operator bool() const { return value; }
+    bool value;
+  };
+  ExplicitlyConvertibleToBool v1 = {false};
+  ExplicitlyConvertibleToBool v2 = {true};
+  EXPECT_FALSE(v1);
+  EXPECT_TRUE(v2);
+}
+
+#endif  // GTEST_LANG_CXX11
+
+struct ConvertibleToAssertionResult {
+  operator AssertionResult() const { return AssertionResult(true); }
+};
+
+TEST(AssertionResultTest, ConstructibleFromImplicitlyConvertible) {
+  ConvertibleToAssertionResult obj;
+  EXPECT_TRUE(obj);
+}
+
+// Tests streaming a user type whose definition and operator << are
+// both in the global namespace.
+class Base {
+ public:
+  explicit Base(int an_x) : x_(an_x) {}
+  int x() const { return x_; }
+ private:
+  int x_;
+};
+std::ostream& operator<<(std::ostream& os,
+                         const Base& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const Base* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+
+TEST(MessageTest, CanStreamUserTypeInGlobalNameSpace) {
+  Message msg;
+  Base a(1);
+
+  msg << a << &a;  // Uses ::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming a user type whose definition and operator<< are
+// both in an unnamed namespace.
+namespace {
+class MyTypeInUnnamedNameSpace : public Base {
+ public:
+  explicit MyTypeInUnnamedNameSpace(int an_x): Base(an_x) {}
+};
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInUnnamedNameSpace& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInUnnamedNameSpace* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+}  // namespace
+
+TEST(MessageTest, CanStreamUserTypeInUnnamedNameSpace) {
+  Message msg;
+  MyTypeInUnnamedNameSpace a(1);
+
+  msg << a << &a;  // Uses <unnamed_namespace>::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming a user type whose definition and operator<< are
+// both in a user namespace.
+namespace namespace1 {
+class MyTypeInNameSpace1 : public Base {
+ public:
+  explicit MyTypeInNameSpace1(int an_x): Base(an_x) {}
+};
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInNameSpace1& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInNameSpace1* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+}  // namespace namespace1
+
+TEST(MessageTest, CanStreamUserTypeInUserNameSpace) {
+  Message msg;
+  namespace1::MyTypeInNameSpace1 a(1);
+
+  msg << a << &a;  // Uses namespace1::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming a user type whose definition is in a user namespace
+// but whose operator<< is in the global namespace.
+namespace namespace2 {
+class MyTypeInNameSpace2 : public ::Base {
+ public:
+  explicit MyTypeInNameSpace2(int an_x): Base(an_x) {}
+};
+}  // namespace namespace2
+std::ostream& operator<<(std::ostream& os,
+                         const namespace2::MyTypeInNameSpace2& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const namespace2::MyTypeInNameSpace2* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+
+TEST(MessageTest, CanStreamUserTypeInUserNameSpaceWithStreamOperatorInGlobal) {
+  Message msg;
+  namespace2::MyTypeInNameSpace2 a(1);
+
+  msg << a << &a;  // Uses ::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming NULL pointers to testing::Message.
+TEST(MessageTest, NullPointers) {
+  Message msg;
+  char* const p1 = NULL;
+  unsigned char* const p2 = NULL;
+  int* p3 = NULL;
+  double* p4 = NULL;
+  bool* p5 = NULL;
+  Message* p6 = NULL;
+
+  msg << p1 << p2 << p3 << p4 << p5 << p6;
+  ASSERT_STREQ("(null)(null)(null)(null)(null)(null)",
+               msg.GetString().c_str());
+}
+
+// Tests streaming wide strings to testing::Message.
+TEST(MessageTest, WideStrings) {
+  // Streams a NULL of type const wchar_t*.
+  const wchar_t* const_wstr = NULL;
+  EXPECT_STREQ("(null)",
+               (Message() << const_wstr).GetString().c_str());
+
+  // Streams a NULL of type wchar_t*.
+  wchar_t* wstr = NULL;
+  EXPECT_STREQ("(null)",
+               (Message() << wstr).GetString().c_str());
+
+  // Streams a non-NULL of type const wchar_t*.
+  const_wstr = L"abc\x8119";
+  EXPECT_STREQ("abc\xe8\x84\x99",
+               (Message() << const_wstr).GetString().c_str());
+
+  // Streams a non-NULL of type wchar_t*.
+  wstr = const_cast<wchar_t*>(const_wstr);
+  EXPECT_STREQ("abc\xe8\x84\x99",
+               (Message() << wstr).GetString().c_str());
+}
+
+
+// This line tests that we can define tests in the testing namespace.
+namespace testing {
+
+// Tests the TestInfo class.
+
+class TestInfoTest : public Test {
+ protected:
+  static const TestInfo* GetTestInfo(const char* test_name) {
+    const TestCase* const test_case = GetUnitTestImpl()->
+        GetTestCase("TestInfoTest", "", NULL, NULL);
+
+    for (int i = 0; i < test_case->total_test_count(); ++i) {
+      const TestInfo* const test_info = test_case->GetTestInfo(i);
+      if (strcmp(test_name, test_info->name()) == 0)
+        return test_info;
+    }
+    return NULL;
+  }
+
+  static const TestResult* GetTestResult(
+      const TestInfo* test_info) {
+    return test_info->result();
+  }
+};
+
+// Tests TestInfo::test_case_name() and TestInfo::name().
+TEST_F(TestInfoTest, Names) {
+  const TestInfo* const test_info = GetTestInfo("Names");
+
+  ASSERT_STREQ("TestInfoTest", test_info->test_case_name());
+  ASSERT_STREQ("Names", test_info->name());
+}
+
+// Tests TestInfo::result().
+TEST_F(TestInfoTest, result) {
+  const TestInfo* const test_info = GetTestInfo("result");
+
+  // Initially, there is no TestPartResult for this test.
+  ASSERT_EQ(0, GetTestResult(test_info)->total_part_count());
+
+  // After the previous assertion, there is still none.
+  ASSERT_EQ(0, GetTestResult(test_info)->total_part_count());
+}
+
+// Tests setting up and tearing down a test case.
+
+class SetUpTestCaseTest : public Test {
+ protected:
+  // This will be called once before the first test in this test case
+  // is run.
+  static void SetUpTestCase() {
+    printf("Setting up the test case . . .\n");
+
+    // Initializes some shared resource.  In this simple example, we
+    // just create a C string.  More complex stuff can be done if
+    // desired.
+    shared_resource_ = "123";
+
+    // Increments the number of test cases that have been set up.
+    counter_++;
+
+    // SetUpTestCase() should be called only once.
+    EXPECT_EQ(1, counter_);
+  }
+
+  // This will be called once after the last test in this test case is
+  // run.
+  static void TearDownTestCase() {
+    printf("Tearing down the test case . . .\n");
+
+    // Decrements the number of test cases that have been set up.
+    counter_--;
+
+    // TearDownTestCase() should be called only once.
+    EXPECT_EQ(0, counter_);
+
+    // Cleans up the shared resource.
+    shared_resource_ = NULL;
+  }
+
+  // This will be called before each test in this test case.
+  virtual void SetUp() {
+    // SetUpTestCase() should be called only once, so counter_ should
+    // always be 1.
+    EXPECT_EQ(1, counter_);
+  }
+
+  // Number of test cases that have been set up.
+  static int counter_;
+
+  // Some resource to be shared by all tests in this test case.
+  static const char* shared_resource_;
+};
+
+int SetUpTestCaseTest::counter_ = 0;
+const char* SetUpTestCaseTest::shared_resource_ = NULL;
+
+// A test that uses the shared resource.
+TEST_F(SetUpTestCaseTest, Test1) {
+  EXPECT_STRNE(NULL, shared_resource_);
+}
+
+// Another test that uses the shared resource.
+TEST_F(SetUpTestCaseTest, Test2) {
+  EXPECT_STREQ("123", shared_resource_);
+}
+
+// The InitGoogleTestTest test case tests testing::InitGoogleTest().
+
+// The Flags struct stores a copy of all Google Test flags.
+struct Flags {
+  // Constructs a Flags struct where each flag has its default value.
+  Flags() : also_run_disabled_tests(false),
+            break_on_failure(false),
+            catch_exceptions(false),
+            death_test_use_fork(false),
+            filter(""),
+            list_tests(false),
+            output(""),
+            print_time(true),
+            random_seed(0),
+            repeat(1),
+            shuffle(false),
+            stack_trace_depth(kMaxStackTraceDepth),
+            stream_result_to(""),
+            throw_on_failure(false) {}
+
+  // Factory methods.
+
+  // Creates a Flags struct where the gtest_also_run_disabled_tests flag has
+  // the given value.
+  static Flags AlsoRunDisabledTests(bool also_run_disabled_tests) {
+    Flags flags;
+    flags.also_run_disabled_tests = also_run_disabled_tests;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_break_on_failure flag has
+  // the given value.
+  static Flags BreakOnFailure(bool break_on_failure) {
+    Flags flags;
+    flags.break_on_failure = break_on_failure;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_catch_exceptions flag has
+  // the given value.
+  static Flags CatchExceptions(bool catch_exceptions) {
+    Flags flags;
+    flags.catch_exceptions = catch_exceptions;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_death_test_use_fork flag has
+  // the given value.
+  static Flags DeathTestUseFork(bool death_test_use_fork) {
+    Flags flags;
+    flags.death_test_use_fork = death_test_use_fork;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_filter flag has the given
+  // value.
+  static Flags Filter(const char* filter) {
+    Flags flags;
+    flags.filter = filter;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_list_tests flag has the
+  // given value.
+  static Flags ListTests(bool list_tests) {
+    Flags flags;
+    flags.list_tests = list_tests;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_output flag has the given
+  // value.
+  static Flags Output(const char* output) {
+    Flags flags;
+    flags.output = output;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_print_time flag has the given
+  // value.
+  static Flags PrintTime(bool print_time) {
+    Flags flags;
+    flags.print_time = print_time;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_random_seed flag has
+  // the given value.
+  static Flags RandomSeed(Int32 random_seed) {
+    Flags flags;
+    flags.random_seed = random_seed;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_repeat flag has the given
+  // value.
+  static Flags Repeat(Int32 repeat) {
+    Flags flags;
+    flags.repeat = repeat;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_shuffle flag has
+  // the given value.
+  static Flags Shuffle(bool shuffle) {
+    Flags flags;
+    flags.shuffle = shuffle;
+    return flags;
+  }
+
+  // Creates a Flags struct where the GTEST_FLAG(stack_trace_depth) flag has
+  // the given value.
+  static Flags StackTraceDepth(Int32 stack_trace_depth) {
+    Flags flags;
+    flags.stack_trace_depth = stack_trace_depth;
+    return flags;
+  }
+
+  // Creates a Flags struct where the GTEST_FLAG(stream_result_to) flag has
+  // the given value.
+  static Flags StreamResultTo(const char* stream_result_to) {
+    Flags flags;
+    flags.stream_result_to = stream_result_to;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_throw_on_failure flag has
+  // the given value.
+  static Flags ThrowOnFailure(bool throw_on_failure) {
+    Flags flags;
+    flags.throw_on_failure = throw_on_failure;
+    return flags;
+  }
+
+  // These fields store the flag values.
+  bool also_run_disabled_tests;
+  bool break_on_failure;
+  bool catch_exceptions;
+  bool death_test_use_fork;
+  const char* filter;
+  bool list_tests;
+  const char* output;
+  bool print_time;
+  Int32 random_seed;
+  Int32 repeat;
+  bool shuffle;
+  Int32 stack_trace_depth;
+  const char* stream_result_to;
+  bool throw_on_failure;
+};
+
+// Fixture for testing InitGoogleTest().
+class InitGoogleTestTest : public Test {
+ protected:
+  // Clears the flags before each test.
+  virtual void SetUp() {
+    GTEST_FLAG(also_run_disabled_tests) = false;
+    GTEST_FLAG(break_on_failure) = false;
+    GTEST_FLAG(catch_exceptions) = false;
+    GTEST_FLAG(death_test_use_fork) = false;
+    GTEST_FLAG(filter) = "";
+    GTEST_FLAG(list_tests) = false;
+    GTEST_FLAG(output) = "";
+    GTEST_FLAG(print_time) = true;
+    GTEST_FLAG(random_seed) = 0;
+    GTEST_FLAG(repeat) = 1;
+    GTEST_FLAG(shuffle) = false;
+    GTEST_FLAG(stack_trace_depth) = kMaxStackTraceDepth;
+    GTEST_FLAG(stream_result_to) = "";
+    GTEST_FLAG(throw_on_failure) = false;
+  }
+
+  // Asserts that two narrow or wide string arrays are equal.
+  template <typename CharType>
+  static void AssertStringArrayEq(size_t size1, CharType** array1,
+                                  size_t size2, CharType** array2) {
+    ASSERT_EQ(size1, size2) << " Array sizes different.";
+
+    for (size_t i = 0; i != size1; i++) {
+      ASSERT_STREQ(array1[i], array2[i]) << " where i == " << i;
+    }
+  }
+
+  // Verifies that the flag values match the expected values.
+  static void CheckFlags(const Flags& expected) {
+    EXPECT_EQ(expected.also_run_disabled_tests,
+              GTEST_FLAG(also_run_disabled_tests));
+    EXPECT_EQ(expected.break_on_failure, GTEST_FLAG(break_on_failure));
+    EXPECT_EQ(expected.catch_exceptions, GTEST_FLAG(catch_exceptions));
+    EXPECT_EQ(expected.death_test_use_fork, GTEST_FLAG(death_test_use_fork));
+    EXPECT_STREQ(expected.filter, GTEST_FLAG(filter).c_str());
+    EXPECT_EQ(expected.list_tests, GTEST_FLAG(list_tests));
+    EXPECT_STREQ(expected.output, GTEST_FLAG(output).c_str());
+    EXPECT_EQ(expected.print_time, GTEST_FLAG(print_time));
+    EXPECT_EQ(expected.random_seed, GTEST_FLAG(random_seed));
+    EXPECT_EQ(expected.repeat, GTEST_FLAG(repeat));
+    EXPECT_EQ(expected.shuffle, GTEST_FLAG(shuffle));
+    EXPECT_EQ(expected.stack_trace_depth, GTEST_FLAG(stack_trace_depth));
+    EXPECT_STREQ(expected.stream_result_to,
+                 GTEST_FLAG(stream_result_to).c_str());
+    EXPECT_EQ(expected.throw_on_failure, GTEST_FLAG(throw_on_failure));
+  }
+
+  // Parses a command line (specified by argc1 and argv1), then
+  // verifies that the flag values are expected and that the
+  // recognized flags are removed from the command line.
+  template <typename CharType>
+  static void TestParsingFlags(int argc1, const CharType** argv1,
+                               int argc2, const CharType** argv2,
+                               const Flags& expected, bool should_print_help) {
+    const bool saved_help_flag = ::testing::internal::g_help_flag;
+    ::testing::internal::g_help_flag = false;
+
+#if GTEST_HAS_STREAM_REDIRECTION
+    CaptureStdout();
+#endif
+
+    // Parses the command line.
+    internal::ParseGoogleTestFlagsOnly(&argc1, const_cast<CharType**>(argv1));
+
+#if GTEST_HAS_STREAM_REDIRECTION
+    const std::string captured_stdout = GetCapturedStdout();
+#endif
+
+    // Verifies the flag values.
+    CheckFlags(expected);
+
+    // Verifies that the recognized flags are removed from the command
+    // line.
+    AssertStringArrayEq(argc1 + 1, argv1, argc2 + 1, argv2);
+
+    // ParseGoogleTestFlagsOnly should neither set g_help_flag nor print the
+    // help message for the flags it recognizes.
+    EXPECT_EQ(should_print_help, ::testing::internal::g_help_flag);
+
+#if GTEST_HAS_STREAM_REDIRECTION
+    const char* const expected_help_fragment =
+        "This program contains tests written using";
+    if (should_print_help) {
+      EXPECT_PRED_FORMAT2(IsSubstring, expected_help_fragment, captured_stdout);
+    } else {
+      EXPECT_PRED_FORMAT2(IsNotSubstring,
+                          expected_help_fragment, captured_stdout);
+    }
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+    ::testing::internal::g_help_flag = saved_help_flag;
+  }
+
+  // This macro wraps TestParsingFlags s.t. the user doesn't need
+  // to specify the array sizes.
+
+#define GTEST_TEST_PARSING_FLAGS_(argv1, argv2, expected, should_print_help) \
+  TestParsingFlags(sizeof(argv1)/sizeof(*argv1) - 1, argv1, \
+                   sizeof(argv2)/sizeof(*argv2) - 1, argv2, \
+                   expected, should_print_help)
+};
+
+// Tests parsing an empty command line.
+TEST_F(InitGoogleTestTest, Empty) {
+  const char* argv[] = {
+    NULL
+  };
+
+  const char* argv2[] = {
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags(), false);
+}
+
+// Tests parsing a command line that has no flag.
+TEST_F(InitGoogleTestTest, NoFlag) {
+  const char* argv[] = {
+    "foo.exe",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags(), false);
+}
+
+// Tests parsing a bad --gtest_filter flag.
+TEST_F(InitGoogleTestTest, FilterBad) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    "--gtest_filter",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter(""), true);
+}
+
+// Tests parsing an empty --gtest_filter flag.
+TEST_F(InitGoogleTestTest, FilterEmpty) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter=",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter(""), false);
+}
+
+// Tests parsing a non-empty --gtest_filter flag.
+TEST_F(InitGoogleTestTest, FilterNonEmpty) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter=abc",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter("abc"), false);
+}
+
+// Tests parsing --gtest_break_on_failure.
+TEST_F(InitGoogleTestTest, BreakOnFailureWithoutValue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure",
+    NULL
+};
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(true), false);
+}
+
+// Tests parsing --gtest_break_on_failure=0.
+TEST_F(InitGoogleTestTest, BreakOnFailureFalse_0) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=0",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(false), false);
+}
+
+// Tests parsing --gtest_break_on_failure=f.
+TEST_F(InitGoogleTestTest, BreakOnFailureFalse_f) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=f",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(false), false);
+}
+
+// Tests parsing --gtest_break_on_failure=F.
+TEST_F(InitGoogleTestTest, BreakOnFailureFalse_F) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=F",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(false), false);
+}
+
+// Tests parsing a --gtest_break_on_failure flag that has a "true"
+// definition.
+TEST_F(InitGoogleTestTest, BreakOnFailureTrue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=1",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(true), false);
+}
+
+// Tests parsing --gtest_catch_exceptions.
+TEST_F(InitGoogleTestTest, CatchExceptions) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_catch_exceptions",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::CatchExceptions(true), false);
+}
+
+// Tests parsing --gtest_death_test_use_fork.
+TEST_F(InitGoogleTestTest, DeathTestUseFork) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_death_test_use_fork",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::DeathTestUseFork(true), false);
+}
+
+// Tests having the same flag twice with different values.  The
+// expected behavior is that the one coming last takes precedence.
+TEST_F(InitGoogleTestTest, DuplicatedFlags) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter=a",
+    "--gtest_filter=b",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter("b"), false);
+}
+
+// Tests having an unrecognized flag on the command line.
+TEST_F(InitGoogleTestTest, UnrecognizedFlag) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure",
+    "bar",  // Unrecognized by Google Test.
+    "--gtest_filter=b",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    "bar",
+    NULL
+  };
+
+  Flags flags;
+  flags.break_on_failure = true;
+  flags.filter = "b";
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, flags, false);
+}
+
+// Tests having a --gtest_list_tests flag
+TEST_F(InitGoogleTestTest, ListTestsFlag) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_list_tests",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(true), false);
+}
+
+// Tests having a --gtest_list_tests flag with a "true" value
+TEST_F(InitGoogleTestTest, ListTestsTrue) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_list_tests=1",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(true), false);
+}
+
+// Tests having a --gtest_list_tests flag with a "false" value
+TEST_F(InitGoogleTestTest, ListTestsFalse) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_list_tests=0",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(false), false);
+}
+
+// Tests parsing --gtest_list_tests=f.
+TEST_F(InitGoogleTestTest, ListTestsFalse_f) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_list_tests=f",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(false), false);
+}
+
+// Tests parsing --gtest_list_tests=F.
+TEST_F(InitGoogleTestTest, ListTestsFalse_F) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_list_tests=F",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(false), false);
+}
+
+// Tests parsing --gtest_output (invalid).
+TEST_F(InitGoogleTestTest, OutputEmpty) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    "--gtest_output",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags(), true);
+}
+
+// Tests parsing --gtest_output=xml
+TEST_F(InitGoogleTestTest, OutputXml) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output=xml",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Output("xml"), false);
+}
+
+// Tests parsing --gtest_output=xml:file
+TEST_F(InitGoogleTestTest, OutputXmlFile) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output=xml:file",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Output("xml:file"), false);
+}
+
+// Tests parsing --gtest_output=xml:directory/path/
+TEST_F(InitGoogleTestTest, OutputXmlDirectory) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output=xml:directory/path/",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                            Flags::Output("xml:directory/path/"), false);
+}
+
+// Tests having a --gtest_print_time flag
+TEST_F(InitGoogleTestTest, PrintTimeFlag) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_print_time",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(true), false);
+}
+
+// Tests having a --gtest_print_time flag with a "true" value
+TEST_F(InitGoogleTestTest, PrintTimeTrue) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_print_time=1",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(true), false);
+}
+
+// Tests having a --gtest_print_time flag with a "false" value
+TEST_F(InitGoogleTestTest, PrintTimeFalse) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_print_time=0",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(false), false);
+}
+
+// Tests parsing --gtest_print_time=f.
+TEST_F(InitGoogleTestTest, PrintTimeFalse_f) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_print_time=f",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(false), false);
+}
+
+// Tests parsing --gtest_print_time=F.
+TEST_F(InitGoogleTestTest, PrintTimeFalse_F) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_print_time=F",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(false), false);
+}
+
+// Tests parsing --gtest_random_seed=number
+TEST_F(InitGoogleTestTest, RandomSeed) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_random_seed=1000",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::RandomSeed(1000), false);
+}
+
+// Tests parsing --gtest_repeat=number
+TEST_F(InitGoogleTestTest, Repeat) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_repeat=1000",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Repeat(1000), false);
+}
+
+// Tests having a --gtest_also_run_disabled_tests flag
+TEST_F(InitGoogleTestTest, AlsoRunDisabledTestsFlag) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_also_run_disabled_tests",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                              Flags::AlsoRunDisabledTests(true), false);
+}
+
+// Tests having a --gtest_also_run_disabled_tests flag with a "true" value
+TEST_F(InitGoogleTestTest, AlsoRunDisabledTestsTrue) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_also_run_disabled_tests=1",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                              Flags::AlsoRunDisabledTests(true), false);
+}
+
+// Tests having a --gtest_also_run_disabled_tests flag with a "false" value
+TEST_F(InitGoogleTestTest, AlsoRunDisabledTestsFalse) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_also_run_disabled_tests=0",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                              Flags::AlsoRunDisabledTests(false), false);
+}
+
+// Tests parsing --gtest_shuffle.
+TEST_F(InitGoogleTestTest, ShuffleWithoutValue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_shuffle",
+    NULL
+};
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Shuffle(true), false);
+}
+
+// Tests parsing --gtest_shuffle=0.
+TEST_F(InitGoogleTestTest, ShuffleFalse_0) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_shuffle=0",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Shuffle(false), false);
+}
+
+// Tests parsing a --gtest_shuffle flag that has a "true"
+// definition.
+TEST_F(InitGoogleTestTest, ShuffleTrue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_shuffle=1",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Shuffle(true), false);
+}
+
+// Tests parsing --gtest_stack_trace_depth=number.
+TEST_F(InitGoogleTestTest, StackTraceDepth) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_stack_trace_depth=5",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::StackTraceDepth(5), false);
+}
+
+TEST_F(InitGoogleTestTest, StreamResultTo) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_stream_result_to=localhost:1234",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(
+      argv, argv2, Flags::StreamResultTo("localhost:1234"), false);
+}
+
+// Tests parsing --gtest_throw_on_failure.
+TEST_F(InitGoogleTestTest, ThrowOnFailureWithoutValue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_throw_on_failure",
+    NULL
+};
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ThrowOnFailure(true), false);
+}
+
+// Tests parsing --gtest_throw_on_failure=0.
+TEST_F(InitGoogleTestTest, ThrowOnFailureFalse_0) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_throw_on_failure=0",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ThrowOnFailure(false), false);
+}
+
+// Tests parsing a --gtest_throw_on_failure flag that has a "true"
+// definition.
+TEST_F(InitGoogleTestTest, ThrowOnFailureTrue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_throw_on_failure=1",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ThrowOnFailure(true), false);
+}
+
+#if GTEST_OS_WINDOWS
+// Tests parsing wide strings.
+TEST_F(InitGoogleTestTest, WideStrings) {
+  const wchar_t* argv[] = {
+    L"foo.exe",
+    L"--gtest_filter=Foo*",
+    L"--gtest_list_tests=1",
+    L"--gtest_break_on_failure",
+    L"--non_gtest_flag",
+    NULL
+  };
+
+  const wchar_t* argv2[] = {
+    L"foo.exe",
+    L"--non_gtest_flag",
+    NULL
+  };
+
+  Flags expected_flags;
+  expected_flags.break_on_failure = true;
+  expected_flags.filter = "Foo*";
+  expected_flags.list_tests = true;
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, expected_flags, false);
+}
+#endif  // GTEST_OS_WINDOWS
+
+// Tests current_test_info() in UnitTest.
+class CurrentTestInfoTest : public Test {
+ protected:
+  // Tests that current_test_info() returns NULL before the first test in
+  // the test case is run.
+  static void SetUpTestCase() {
+    // There should be no tests running at this point.
+    const TestInfo* test_info =
+      UnitTest::GetInstance()->current_test_info();
+    EXPECT_TRUE(test_info == NULL)
+        << "There should be no tests running at this point.";
+  }
+
+  // Tests that current_test_info() returns NULL after the last test in
+  // the test case has run.
+  static void TearDownTestCase() {
+    const TestInfo* test_info =
+      UnitTest::GetInstance()->current_test_info();
+    EXPECT_TRUE(test_info == NULL)
+        << "There should be no tests running at this point.";
+  }
+};
+
+// Tests that current_test_info() returns TestInfo for currently running
+// test by checking the expected test name against the actual one.
+TEST_F(CurrentTestInfoTest, WorksForFirstTestInATestCase) {
+  const TestInfo* test_info =
+    UnitTest::GetInstance()->current_test_info();
+  ASSERT_TRUE(NULL != test_info)
+      << "There is a test running so we should have a valid TestInfo.";
+  EXPECT_STREQ("CurrentTestInfoTest", test_info->test_case_name())
+      << "Expected the name of the currently running test case.";
+  EXPECT_STREQ("WorksForFirstTestInATestCase", test_info->name())
+      << "Expected the name of the currently running test.";
+}
+
+// Tests that current_test_info() returns TestInfo for currently running
+// test by checking the expected test name against the actual one.  We
+// use this test to see that the TestInfo object actually changed from
+// the previous invocation.
+TEST_F(CurrentTestInfoTest, WorksForSecondTestInATestCase) {
+  const TestInfo* test_info =
+    UnitTest::GetInstance()->current_test_info();
+  ASSERT_TRUE(NULL != test_info)
+      << "There is a test running so we should have a valid TestInfo.";
+  EXPECT_STREQ("CurrentTestInfoTest", test_info->test_case_name())
+      << "Expected the name of the currently running test case.";
+  EXPECT_STREQ("WorksForSecondTestInATestCase", test_info->name())
+      << "Expected the name of the currently running test.";
+}
+
+}  // namespace testing
+
+// These two lines test that we can define tests in a namespace that
+// has the name "testing" and is nested in another namespace.
+namespace my_namespace {
+namespace testing {
+
+// Makes sure that TEST knows to use ::testing::Test instead of
+// ::my_namespace::testing::Test.
+class Test {};
+
+// Makes sure that an assertion knows to use ::testing::Message instead of
+// ::my_namespace::testing::Message.
+class Message {};
+
+// Makes sure that an assertion knows to use
+// ::testing::AssertionResult instead of
+// ::my_namespace::testing::AssertionResult.
+class AssertionResult {};
+
+// Tests that an assertion that should succeed works as expected.
+TEST(NestedTestingNamespaceTest, Success) {
+  EXPECT_EQ(1, 1) << "This shouldn't fail.";
+}
+
+// Tests that an assertion that should fail works as expected.
+TEST(NestedTestingNamespaceTest, Failure) {
+  EXPECT_FATAL_FAILURE(FAIL() << "This failure is expected.",
+                       "This failure is expected.");
+}
+
+}  // namespace testing
+}  // namespace my_namespace
+
+// Tests that one can call superclass SetUp and TearDown methods--
+// that is, that they are not private.
+// No tests are based on this fixture; the test "passes" if it compiles
+// successfully.
+class ProtectedFixtureMethodsTest : public Test {
+ protected:
+  virtual void SetUp() {
+    Test::SetUp();
+  }
+  virtual void TearDown() {
+    Test::TearDown();
+  }
+};
+
+// StreamingAssertionsTest tests the streaming versions of a representative
+// sample of assertions.
+TEST(StreamingAssertionsTest, Unconditional) {
+  SUCCEED() << "expected success";
+  EXPECT_NONFATAL_FAILURE(ADD_FAILURE() << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(FAIL() << "expected failure",
+                       "expected failure");
+}
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+# pragma option push -w-ccc -w-rch
+#endif
+
+TEST(StreamingAssertionsTest, Truth) {
+  EXPECT_TRUE(true) << "unexpected failure";
+  ASSERT_TRUE(true) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(false) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(false) << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, Truth2) {
+  EXPECT_FALSE(false) << "unexpected failure";
+  ASSERT_FALSE(false) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(true) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(true) << "expected failure",
+                       "expected failure");
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" supressed them
+# pragma option pop
+#endif
+
+TEST(StreamingAssertionsTest, IntegerEquals) {
+  EXPECT_EQ(1, 1) << "unexpected failure";
+  ASSERT_EQ(1, 1) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(1, 2) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(1, 2) << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, IntegerLessThan) {
+  EXPECT_LT(1, 2) << "unexpected failure";
+  ASSERT_LT(1, 2) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(2, 1) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_LT(2, 1) << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringsEqual) {
+  EXPECT_STREQ("foo", "foo") << "unexpected failure";
+  ASSERT_STREQ("foo", "foo") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ("foo", "bar") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ("foo", "bar") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringsNotEqual) {
+  EXPECT_STRNE("foo", "bar") << "unexpected failure";
+  ASSERT_STRNE("foo", "bar") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE("foo", "foo") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STRNE("foo", "foo") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringsEqualIgnoringCase) {
+  EXPECT_STRCASEEQ("foo", "FOO") << "unexpected failure";
+  ASSERT_STRCASEEQ("foo", "FOO") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASEEQ("foo", "bar") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASEEQ("foo", "bar") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringNotEqualIgnoringCase) {
+  EXPECT_STRCASENE("foo", "bar") << "unexpected failure";
+  ASSERT_STRCASENE("foo", "bar") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASENE("foo", "FOO") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASENE("bar", "BAR") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, FloatingPointEquals) {
+  EXPECT_FLOAT_EQ(1.0, 1.0) << "unexpected failure";
+  ASSERT_FLOAT_EQ(1.0, 1.0) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(0.0, 1.0) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_FLOAT_EQ(0.0, 1.0) << "expected failure",
+                       "expected failure");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+TEST(StreamingAssertionsTest, Throw) {
+  EXPECT_THROW(ThrowAnInteger(), int) << "unexpected failure";
+  ASSERT_THROW(ThrowAnInteger(), int) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(ThrowAnInteger(), bool) <<
+                          "expected failure", "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_THROW(ThrowAnInteger(), bool) <<
+                       "expected failure", "expected failure");
+}
+
+TEST(StreamingAssertionsTest, NoThrow) {
+  EXPECT_NO_THROW(ThrowNothing()) << "unexpected failure";
+  ASSERT_NO_THROW(ThrowNothing()) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW(ThrowAnInteger()) <<
+                          "expected failure", "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_NO_THROW(ThrowAnInteger()) <<
+                       "expected failure", "expected failure");
+}
+
+TEST(StreamingAssertionsTest, AnyThrow) {
+  EXPECT_ANY_THROW(ThrowAnInteger()) << "unexpected failure";
+  ASSERT_ANY_THROW(ThrowAnInteger()) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_ANY_THROW(ThrowNothing()) <<
+                          "expected failure", "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_ANY_THROW(ThrowNothing()) <<
+                       "expected failure", "expected failure");
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Tests that Google Test correctly decides whether to use colors in the output.
+
+TEST(ColoredOutputTest, UsesColorsWhenGTestColorFlagIsYes) {
+  GTEST_FLAG(color) = "yes";
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+}
+
+TEST(ColoredOutputTest, UsesColorsWhenGTestColorFlagIsAliasOfYes) {
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+
+  GTEST_FLAG(color) = "True";
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  GTEST_FLAG(color) = "t";
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  GTEST_FLAG(color) = "1";
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+}
+
+TEST(ColoredOutputTest, UsesNoColorWhenGTestColorFlagIsNo) {
+  GTEST_FLAG(color) = "no";
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_FALSE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_FALSE(ShouldUseColor(false));  // Stdout is not a TTY.
+}
+
+TEST(ColoredOutputTest, UsesNoColorWhenGTestColorFlagIsInvalid) {
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+
+  GTEST_FLAG(color) = "F";
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  GTEST_FLAG(color) = "0";
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  GTEST_FLAG(color) = "unknown";
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+}
+
+TEST(ColoredOutputTest, UsesColorsWhenStdoutIsTty) {
+  GTEST_FLAG(color) = "auto";
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_FALSE(ShouldUseColor(false));  // Stdout is not a TTY.
+  EXPECT_TRUE(ShouldUseColor(true));    // Stdout is a TTY.
+}
+
+TEST(ColoredOutputTest, UsesColorsWhenTermSupportsColors) {
+  GTEST_FLAG(color) = "auto";
+
+#if GTEST_OS_WINDOWS
+  // On Windows, we ignore the TERM variable as it's usually not set.
+
+  SetEnv("TERM", "dumb");
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "");
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm");
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+#else
+  // On non-Windows platforms, we rely on TERM to determine if the
+  // terminal supports colors.
+
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "emacs");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "vt100");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm-mono");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm-color");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm-256color");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "screen");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "screen-256color");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "linux");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "cygwin");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+#endif  // GTEST_OS_WINDOWS
+}
+
+// Verifies that StaticAssertTypeEq works in a namespace scope.
+
+static bool dummy1 GTEST_ATTRIBUTE_UNUSED_ = StaticAssertTypeEq<bool, bool>();
+static bool dummy2 GTEST_ATTRIBUTE_UNUSED_ =
+    StaticAssertTypeEq<const int, const int>();
+
+// Verifies that StaticAssertTypeEq works in a class.
+
+template <typename T>
+class StaticAssertTypeEqTestHelper {
+ public:
+  StaticAssertTypeEqTestHelper() { StaticAssertTypeEq<bool, T>(); }
+};
+
+TEST(StaticAssertTypeEqTest, WorksInClass) {
+  StaticAssertTypeEqTestHelper<bool>();
+}
+
+// Verifies that StaticAssertTypeEq works inside a function.
+
+typedef int IntAlias;
+
+TEST(StaticAssertTypeEqTest, CompilesForEqualTypes) {
+  StaticAssertTypeEq<int, IntAlias>();
+  StaticAssertTypeEq<int*, IntAlias*>();
+}
+
+TEST(GetCurrentOsStackTraceExceptTopTest, ReturnsTheStackTrace) {
+  testing::UnitTest* const unit_test = testing::UnitTest::GetInstance();
+
+  // We don't have a stack walker in Google Test yet.
+  EXPECT_STREQ("", GetCurrentOsStackTraceExceptTop(unit_test, 0).c_str());
+  EXPECT_STREQ("", GetCurrentOsStackTraceExceptTop(unit_test, 1).c_str());
+}
+
+TEST(HasNonfatalFailureTest, ReturnsFalseWhenThereIsNoFailure) {
+  EXPECT_FALSE(HasNonfatalFailure());
+}
+
+static void FailFatally() { FAIL(); }
+
+TEST(HasNonfatalFailureTest, ReturnsFalseWhenThereIsOnlyFatalFailure) {
+  FailFatally();
+  const bool has_nonfatal_failure = HasNonfatalFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_FALSE(has_nonfatal_failure);
+}
+
+TEST(HasNonfatalFailureTest, ReturnsTrueWhenThereIsNonfatalFailure) {
+  ADD_FAILURE();
+  const bool has_nonfatal_failure = HasNonfatalFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_nonfatal_failure);
+}
+
+TEST(HasNonfatalFailureTest, ReturnsTrueWhenThereAreFatalAndNonfatalFailures) {
+  FailFatally();
+  ADD_FAILURE();
+  const bool has_nonfatal_failure = HasNonfatalFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_nonfatal_failure);
+}
+
+// A wrapper for calling HasNonfatalFailure outside of a test body.
+static bool HasNonfatalFailureHelper() {
+  return testing::Test::HasNonfatalFailure();
+}
+
+TEST(HasNonfatalFailureTest, WorksOutsideOfTestBody) {
+  EXPECT_FALSE(HasNonfatalFailureHelper());
+}
+
+TEST(HasNonfatalFailureTest, WorksOutsideOfTestBody2) {
+  ADD_FAILURE();
+  const bool has_nonfatal_failure = HasNonfatalFailureHelper();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_nonfatal_failure);
+}
+
+TEST(HasFailureTest, ReturnsFalseWhenThereIsNoFailure) {
+  EXPECT_FALSE(HasFailure());
+}
+
+TEST(HasFailureTest, ReturnsTrueWhenThereIsFatalFailure) {
+  FailFatally();
+  const bool has_failure = HasFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+TEST(HasFailureTest, ReturnsTrueWhenThereIsNonfatalFailure) {
+  ADD_FAILURE();
+  const bool has_failure = HasFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+TEST(HasFailureTest, ReturnsTrueWhenThereAreFatalAndNonfatalFailures) {
+  FailFatally();
+  ADD_FAILURE();
+  const bool has_failure = HasFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+// A wrapper for calling HasFailure outside of a test body.
+static bool HasFailureHelper() { return testing::Test::HasFailure(); }
+
+TEST(HasFailureTest, WorksOutsideOfTestBody) {
+  EXPECT_FALSE(HasFailureHelper());
+}
+
+TEST(HasFailureTest, WorksOutsideOfTestBody2) {
+  ADD_FAILURE();
+  const bool has_failure = HasFailureHelper();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+class TestListener : public EmptyTestEventListener {
+ public:
+  TestListener() : on_start_counter_(NULL), is_destroyed_(NULL) {}
+  TestListener(int* on_start_counter, bool* is_destroyed)
+      : on_start_counter_(on_start_counter),
+        is_destroyed_(is_destroyed) {}
+
+  virtual ~TestListener() {
+    if (is_destroyed_)
+      *is_destroyed_ = true;
+  }
+
+ protected:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {
+    if (on_start_counter_ != NULL)
+      (*on_start_counter_)++;
+  }
+
+ private:
+  int* on_start_counter_;
+  bool* is_destroyed_;
+};
+
+// Tests the constructor.
+TEST(TestEventListenersTest, ConstructionWorks) {
+  TestEventListeners listeners;
+
+  EXPECT_TRUE(TestEventListenersAccessor::GetRepeater(&listeners) != NULL);
+  EXPECT_TRUE(listeners.default_result_printer() == NULL);
+  EXPECT_TRUE(listeners.default_xml_generator() == NULL);
+}
+
+// Tests that the TestEventListeners destructor deletes all the listeners it
+// owns.
+TEST(TestEventListenersTest, DestructionWorks) {
+  bool default_result_printer_is_destroyed = false;
+  bool default_xml_printer_is_destroyed = false;
+  bool extra_listener_is_destroyed = false;
+  TestListener* default_result_printer = new TestListener(
+      NULL, &default_result_printer_is_destroyed);
+  TestListener* default_xml_printer = new TestListener(
+      NULL, &default_xml_printer_is_destroyed);
+  TestListener* extra_listener = new TestListener(
+      NULL, &extra_listener_is_destroyed);
+
+  {
+    TestEventListeners listeners;
+    TestEventListenersAccessor::SetDefaultResultPrinter(&listeners,
+                                                        default_result_printer);
+    TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners,
+                                                       default_xml_printer);
+    listeners.Append(extra_listener);
+  }
+  EXPECT_TRUE(default_result_printer_is_destroyed);
+  EXPECT_TRUE(default_xml_printer_is_destroyed);
+  EXPECT_TRUE(extra_listener_is_destroyed);
+}
+
+// Tests that a listener Append'ed to a TestEventListeners list starts
+// receiving events.
+TEST(TestEventListenersTest, Append) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    listeners.Append(listener);
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_EQ(1, on_start_counter);
+  }
+  EXPECT_TRUE(is_destroyed);
+}
+
+// Tests that listeners receive events in the order they were appended to
+// the list, except for *End requests, which must be received in the reverse
+// order.
+class SequenceTestingListener : public EmptyTestEventListener {
+ public:
+  SequenceTestingListener(std::vector<std::string>* vector, const char* id)
+      : vector_(vector), id_(id) {}
+
+ protected:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {
+    vector_->push_back(GetEventDescription("OnTestProgramStart"));
+  }
+
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {
+    vector_->push_back(GetEventDescription("OnTestProgramEnd"));
+  }
+
+  virtual void OnTestIterationStart(const UnitTest& /*unit_test*/,
+                                    int /*iteration*/) {
+    vector_->push_back(GetEventDescription("OnTestIterationStart"));
+  }
+
+  virtual void OnTestIterationEnd(const UnitTest& /*unit_test*/,
+                                  int /*iteration*/) {
+    vector_->push_back(GetEventDescription("OnTestIterationEnd"));
+  }
+
+ private:
+  std::string GetEventDescription(const char* method) {
+    Message message;
+    message << id_ << "." << method;
+    return message.GetString();
+  }
+
+  std::vector<std::string>* vector_;
+  const char* const id_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(SequenceTestingListener);
+};
+
+TEST(EventListenerTest, AppendKeepsOrder) {
+  std::vector<std::string> vec;
+  TestEventListeners listeners;
+  listeners.Append(new SequenceTestingListener(&vec, "1st"));
+  listeners.Append(new SequenceTestingListener(&vec, "2nd"));
+  listeners.Append(new SequenceTestingListener(&vec, "3rd"));
+
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("1st.OnTestProgramStart", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestProgramStart", vec[1].c_str());
+  EXPECT_STREQ("3rd.OnTestProgramStart", vec[2].c_str());
+
+  vec.clear();
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramEnd(
+      *UnitTest::GetInstance());
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("3rd.OnTestProgramEnd", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestProgramEnd", vec[1].c_str());
+  EXPECT_STREQ("1st.OnTestProgramEnd", vec[2].c_str());
+
+  vec.clear();
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestIterationStart(
+      *UnitTest::GetInstance(), 0);
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("1st.OnTestIterationStart", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestIterationStart", vec[1].c_str());
+  EXPECT_STREQ("3rd.OnTestIterationStart", vec[2].c_str());
+
+  vec.clear();
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestIterationEnd(
+      *UnitTest::GetInstance(), 0);
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("3rd.OnTestIterationEnd", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestIterationEnd", vec[1].c_str());
+  EXPECT_STREQ("1st.OnTestIterationEnd", vec[2].c_str());
+}
+
+// Tests that a listener removed from a TestEventListeners list stops receiving
+// events and is not deleted when the list is destroyed.
+TEST(TestEventListenersTest, Release) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  // Although Append passes the ownership of this object to the list,
+  // the following calls release it, and we need to delete it before the
+  // test ends.
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    listeners.Append(listener);
+    EXPECT_EQ(listener, listeners.Release(listener));
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_TRUE(listeners.Release(listener) == NULL);
+  }
+  EXPECT_EQ(0, on_start_counter);
+  EXPECT_FALSE(is_destroyed);
+  delete listener;
+}
+
+// Tests that no events are forwarded when event forwarding is disabled.
+TEST(EventListenerTest, SuppressEventForwarding) {
+  int on_start_counter = 0;
+  TestListener* listener = new TestListener(&on_start_counter, NULL);
+
+  TestEventListeners listeners;
+  listeners.Append(listener);
+  ASSERT_TRUE(TestEventListenersAccessor::EventForwardingEnabled(listeners));
+  TestEventListenersAccessor::SuppressEventForwarding(&listeners);
+  ASSERT_FALSE(TestEventListenersAccessor::EventForwardingEnabled(listeners));
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  EXPECT_EQ(0, on_start_counter);
+}
+
+// Tests that events generated by Google Test are not forwarded in
+// death test subprocesses.
+TEST(EventListenerDeathTest, EventsNotForwardedInDeathTestSubprecesses) {
+  EXPECT_DEATH_IF_SUPPORTED({
+      GTEST_CHECK_(TestEventListenersAccessor::EventForwardingEnabled(
+          *GetUnitTestImpl()->listeners())) << "expected failure";},
+      "expected failure");
+}
+
+// Tests that a listener installed via SetDefaultResultPrinter() starts
+// receiving events and is returned via default_result_printer() and that
+// the previous default_result_printer is removed from the list and deleted.
+TEST(EventListenerTest, default_result_printer) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+
+  TestEventListeners listeners;
+  TestEventListenersAccessor::SetDefaultResultPrinter(&listeners, listener);
+
+  EXPECT_EQ(listener, listeners.default_result_printer());
+
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+
+  EXPECT_EQ(1, on_start_counter);
+
+  // Replacing default_result_printer with something else should remove it
+  // from the list and destroy it.
+  TestEventListenersAccessor::SetDefaultResultPrinter(&listeners, NULL);
+
+  EXPECT_TRUE(listeners.default_result_printer() == NULL);
+  EXPECT_TRUE(is_destroyed);
+
+  // After broadcasting an event the counter is still the same, indicating
+  // the listener is not in the list anymore.
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  EXPECT_EQ(1, on_start_counter);
+}
+
+// Tests that the default_result_printer listener stops receiving events
+// when removed via Release and that is not owned by the list anymore.
+TEST(EventListenerTest, RemovingDefaultResultPrinterWorks) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  // Although Append passes the ownership of this object to the list,
+  // the following calls release it, and we need to delete it before the
+  // test ends.
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    TestEventListenersAccessor::SetDefaultResultPrinter(&listeners, listener);
+
+    EXPECT_EQ(listener, listeners.Release(listener));
+    EXPECT_TRUE(listeners.default_result_printer() == NULL);
+    EXPECT_FALSE(is_destroyed);
+
+    // Broadcasting events now should not affect default_result_printer.
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_EQ(0, on_start_counter);
+  }
+  // Destroying the list should not affect the listener now, too.
+  EXPECT_FALSE(is_destroyed);
+  delete listener;
+}
+
+// Tests that a listener installed via SetDefaultXmlGenerator() starts
+// receiving events and is returned via default_xml_generator() and that
+// the previous default_xml_generator is removed from the list and deleted.
+TEST(EventListenerTest, default_xml_generator) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+
+  TestEventListeners listeners;
+  TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners, listener);
+
+  EXPECT_EQ(listener, listeners.default_xml_generator());
+
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+
+  EXPECT_EQ(1, on_start_counter);
+
+  // Replacing default_xml_generator with something else should remove it
+  // from the list and destroy it.
+  TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners, NULL);
+
+  EXPECT_TRUE(listeners.default_xml_generator() == NULL);
+  EXPECT_TRUE(is_destroyed);
+
+  // After broadcasting an event the counter is still the same, indicating
+  // the listener is not in the list anymore.
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  EXPECT_EQ(1, on_start_counter);
+}
+
+// Tests that the default_xml_generator listener stops receiving events
+// when removed via Release and that is not owned by the list anymore.
+TEST(EventListenerTest, RemovingDefaultXmlGeneratorWorks) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  // Although Append passes the ownership of this object to the list,
+  // the following calls release it, and we need to delete it before the
+  // test ends.
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners, listener);
+
+    EXPECT_EQ(listener, listeners.Release(listener));
+    EXPECT_TRUE(listeners.default_xml_generator() == NULL);
+    EXPECT_FALSE(is_destroyed);
+
+    // Broadcasting events now should not affect default_xml_generator.
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_EQ(0, on_start_counter);
+  }
+  // Destroying the list should not affect the listener now, too.
+  EXPECT_FALSE(is_destroyed);
+  delete listener;
+}
+
+// Sanity tests to ensure that the alternative, verbose spellings of
+// some of the macros work.  We don't test them thoroughly as that
+// would be quite involved.  Since their implementations are
+// straightforward, and they are rarely used, we'll just rely on the
+// users to tell us when they are broken.
+GTEST_TEST(AlternativeNameTest, Works) {  // GTEST_TEST is the same as TEST.
+  GTEST_SUCCEED() << "OK";  // GTEST_SUCCEED is the same as SUCCEED.
+
+  // GTEST_FAIL is the same as FAIL.
+  EXPECT_FATAL_FAILURE(GTEST_FAIL() << "An expected failure",
+                       "An expected failure");
+
+  // GTEST_ASSERT_XY is the same as ASSERT_XY.
+
+  GTEST_ASSERT_EQ(0, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_EQ(0, 1) << "An expected failure",
+                       "An expected failure");
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_EQ(1, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_NE(0, 1);
+  GTEST_ASSERT_NE(1, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_NE(0, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_LE(0, 0);
+  GTEST_ASSERT_LE(0, 1);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_LE(1, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_LT(0, 1);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_LT(0, 0) << "An expected failure",
+                       "An expected failure");
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_LT(1, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_GE(0, 0);
+  GTEST_ASSERT_GE(1, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_GE(0, 1) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_GT(1, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_GT(0, 1) << "An expected failure",
+                       "An expected failure");
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_GT(1, 1) << "An expected failure",
+                       "An expected failure");
+}
+
+// Tests for internal utilities necessary for implementation of the universal
+// printing.
+// TODO(vladl@google.com): Find a better home for them.
+
+class ConversionHelperBase {};
+class ConversionHelperDerived : public ConversionHelperBase {};
+
+// Tests that IsAProtocolMessage<T>::value is a compile-time constant.
+TEST(IsAProtocolMessageTest, ValueIsCompileTimeConstant) {
+  GTEST_COMPILE_ASSERT_(IsAProtocolMessage<ProtocolMessage>::value,
+                        const_true);
+  GTEST_COMPILE_ASSERT_(!IsAProtocolMessage<int>::value, const_false);
+}
+
+// Tests that IsAProtocolMessage<T>::value is true when T is
+// proto2::Message or a sub-class of it.
+TEST(IsAProtocolMessageTest, ValueIsTrueWhenTypeIsAProtocolMessage) {
+  EXPECT_TRUE(IsAProtocolMessage< ::proto2::Message>::value);
+  EXPECT_TRUE(IsAProtocolMessage<ProtocolMessage>::value);
+}
+
+// Tests that IsAProtocolMessage<T>::value is false when T is neither
+// ProtocolMessage nor a sub-class of it.
+TEST(IsAProtocolMessageTest, ValueIsFalseWhenTypeIsNotAProtocolMessage) {
+  EXPECT_FALSE(IsAProtocolMessage<int>::value);
+  EXPECT_FALSE(IsAProtocolMessage<const ConversionHelperBase>::value);
+}
+
+// Tests that CompileAssertTypesEqual compiles when the type arguments are
+// equal.
+TEST(CompileAssertTypesEqual, CompilesWhenTypesAreEqual) {
+  CompileAssertTypesEqual<void, void>();
+  CompileAssertTypesEqual<int*, int*>();
+}
+
+// Tests that RemoveReference does not affect non-reference types.
+TEST(RemoveReferenceTest, DoesNotAffectNonReferenceType) {
+  CompileAssertTypesEqual<int, RemoveReference<int>::type>();
+  CompileAssertTypesEqual<const char, RemoveReference<const char>::type>();
+}
+
+// Tests that RemoveReference removes reference from reference types.
+TEST(RemoveReferenceTest, RemovesReference) {
+  CompileAssertTypesEqual<int, RemoveReference<int&>::type>();
+  CompileAssertTypesEqual<const char, RemoveReference<const char&>::type>();
+}
+
+// Tests GTEST_REMOVE_REFERENCE_.
+
+template <typename T1, typename T2>
+void TestGTestRemoveReference() {
+  CompileAssertTypesEqual<T1, GTEST_REMOVE_REFERENCE_(T2)>();
+}
+
+TEST(RemoveReferenceTest, MacroVersion) {
+  TestGTestRemoveReference<int, int>();
+  TestGTestRemoveReference<const char, const char&>();
+}
+
+
+// Tests that RemoveConst does not affect non-const types.
+TEST(RemoveConstTest, DoesNotAffectNonConstType) {
+  CompileAssertTypesEqual<int, RemoveConst<int>::type>();
+  CompileAssertTypesEqual<char&, RemoveConst<char&>::type>();
+}
+
+// Tests that RemoveConst removes const from const types.
+TEST(RemoveConstTest, RemovesConst) {
+  CompileAssertTypesEqual<int, RemoveConst<const int>::type>();
+  CompileAssertTypesEqual<char[2], RemoveConst<const char[2]>::type>();
+  CompileAssertTypesEqual<char[2][3], RemoveConst<const char[2][3]>::type>();
+}
+
+// Tests GTEST_REMOVE_CONST_.
+
+template <typename T1, typename T2>
+void TestGTestRemoveConst() {
+  CompileAssertTypesEqual<T1, GTEST_REMOVE_CONST_(T2)>();
+}
+
+TEST(RemoveConstTest, MacroVersion) {
+  TestGTestRemoveConst<int, int>();
+  TestGTestRemoveConst<double&, double&>();
+  TestGTestRemoveConst<char, const char>();
+}
+
+// Tests GTEST_REMOVE_REFERENCE_AND_CONST_.
+
+template <typename T1, typename T2>
+void TestGTestRemoveReferenceAndConst() {
+  CompileAssertTypesEqual<T1, GTEST_REMOVE_REFERENCE_AND_CONST_(T2)>();
+}
+
+TEST(RemoveReferenceToConstTest, Works) {
+  TestGTestRemoveReferenceAndConst<int, int>();
+  TestGTestRemoveReferenceAndConst<double, double&>();
+  TestGTestRemoveReferenceAndConst<char, const char>();
+  TestGTestRemoveReferenceAndConst<char, const char&>();
+  TestGTestRemoveReferenceAndConst<const char*, const char*>();
+}
+
+// Tests that AddReference does not affect reference types.
+TEST(AddReferenceTest, DoesNotAffectReferenceType) {
+  CompileAssertTypesEqual<int&, AddReference<int&>::type>();
+  CompileAssertTypesEqual<const char&, AddReference<const char&>::type>();
+}
+
+// Tests that AddReference adds reference to non-reference types.
+TEST(AddReferenceTest, AddsReference) {
+  CompileAssertTypesEqual<int&, AddReference<int>::type>();
+  CompileAssertTypesEqual<const char&, AddReference<const char>::type>();
+}
+
+// Tests GTEST_ADD_REFERENCE_.
+
+template <typename T1, typename T2>
+void TestGTestAddReference() {
+  CompileAssertTypesEqual<T1, GTEST_ADD_REFERENCE_(T2)>();
+}
+
+TEST(AddReferenceTest, MacroVersion) {
+  TestGTestAddReference<int&, int>();
+  TestGTestAddReference<const char&, const char&>();
+}
+
+// Tests GTEST_REFERENCE_TO_CONST_.
+
+template <typename T1, typename T2>
+void TestGTestReferenceToConst() {
+  CompileAssertTypesEqual<T1, GTEST_REFERENCE_TO_CONST_(T2)>();
+}
+
+TEST(GTestReferenceToConstTest, Works) {
+  TestGTestReferenceToConst<const char&, char>();
+  TestGTestReferenceToConst<const int&, const int>();
+  TestGTestReferenceToConst<const double&, double>();
+  TestGTestReferenceToConst<const std::string&, const std::string&>();
+}
+
+// Tests that ImplicitlyConvertible<T1, T2>::value is a compile-time constant.
+TEST(ImplicitlyConvertibleTest, ValueIsCompileTimeConstant) {
+  GTEST_COMPILE_ASSERT_((ImplicitlyConvertible<int, int>::value), const_true);
+  GTEST_COMPILE_ASSERT_((!ImplicitlyConvertible<void*, int*>::value),
+                        const_false);
+}
+
+// Tests that ImplicitlyConvertible<T1, T2>::value is true when T1 can
+// be implicitly converted to T2.
+TEST(ImplicitlyConvertibleTest, ValueIsTrueWhenConvertible) {
+  EXPECT_TRUE((ImplicitlyConvertible<int, double>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<double, int>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<int*, void*>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<int*, const int*>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<ConversionHelperDerived&,
+                                     const ConversionHelperBase&>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<const ConversionHelperBase,
+                                     ConversionHelperBase>::value));
+}
+
+// Tests that ImplicitlyConvertible<T1, T2>::value is false when T1
+// cannot be implicitly converted to T2.
+TEST(ImplicitlyConvertibleTest, ValueIsFalseWhenNotConvertible) {
+  EXPECT_FALSE((ImplicitlyConvertible<double, int*>::value));
+  EXPECT_FALSE((ImplicitlyConvertible<void*, int*>::value));
+  EXPECT_FALSE((ImplicitlyConvertible<const int*, int*>::value));
+  EXPECT_FALSE((ImplicitlyConvertible<ConversionHelperBase&,
+                                      ConversionHelperDerived&>::value));
+}
+
+// Tests IsContainerTest.
+
+class NonContainer {};
+
+TEST(IsContainerTestTest, WorksForNonContainer) {
+  EXPECT_EQ(sizeof(IsNotContainer), sizeof(IsContainerTest<int>(0)));
+  EXPECT_EQ(sizeof(IsNotContainer), sizeof(IsContainerTest<char[5]>(0)));
+  EXPECT_EQ(sizeof(IsNotContainer), sizeof(IsContainerTest<NonContainer>(0)));
+}
+
+TEST(IsContainerTestTest, WorksForContainer) {
+  EXPECT_EQ(sizeof(IsContainer),
+            sizeof(IsContainerTest<std::vector<bool> >(0)));
+  EXPECT_EQ(sizeof(IsContainer),
+            sizeof(IsContainerTest<std::map<int, double> >(0)));
+}
+
+// Tests ArrayEq().
+
+TEST(ArrayEqTest, WorksForDegeneratedArrays) {
+  EXPECT_TRUE(ArrayEq(5, 5L));
+  EXPECT_FALSE(ArrayEq('a', 0));
+}
+
+TEST(ArrayEqTest, WorksForOneDimensionalArrays) {
+  // Note that a and b are distinct but compatible types.
+  const int a[] = { 0, 1 };
+  long b[] = { 0, 1 };
+  EXPECT_TRUE(ArrayEq(a, b));
+  EXPECT_TRUE(ArrayEq(a, 2, b));
+
+  b[0] = 2;
+  EXPECT_FALSE(ArrayEq(a, b));
+  EXPECT_FALSE(ArrayEq(a, 1, b));
+}
+
+TEST(ArrayEqTest, WorksForTwoDimensionalArrays) {
+  const char a[][3] = { "hi", "lo" };
+  const char b[][3] = { "hi", "lo" };
+  const char c[][3] = { "hi", "li" };
+
+  EXPECT_TRUE(ArrayEq(a, b));
+  EXPECT_TRUE(ArrayEq(a, 2, b));
+
+  EXPECT_FALSE(ArrayEq(a, c));
+  EXPECT_FALSE(ArrayEq(a, 2, c));
+}
+
+// Tests ArrayAwareFind().
+
+TEST(ArrayAwareFindTest, WorksForOneDimensionalArray) {
+  const char a[] = "hello";
+  EXPECT_EQ(a + 4, ArrayAwareFind(a, a + 5, 'o'));
+  EXPECT_EQ(a + 5, ArrayAwareFind(a, a + 5, 'x'));
+}
+
+TEST(ArrayAwareFindTest, WorksForTwoDimensionalArray) {
+  int a[][2] = { { 0, 1 }, { 2, 3 }, { 4, 5 } };
+  const int b[2] = { 2, 3 };
+  EXPECT_EQ(a + 1, ArrayAwareFind(a, a + 3, b));
+
+  const int c[2] = { 6, 7 };
+  EXPECT_EQ(a + 3, ArrayAwareFind(a, a + 3, c));
+}
+
+// Tests CopyArray().
+
+TEST(CopyArrayTest, WorksForDegeneratedArrays) {
+  int n = 0;
+  CopyArray('a', &n);
+  EXPECT_EQ('a', n);
+}
+
+TEST(CopyArrayTest, WorksForOneDimensionalArrays) {
+  const char a[3] = "hi";
+  int b[3];
+#ifndef __BORLANDC__  // C++Builder cannot compile some array size deductions.
+  CopyArray(a, &b);
+  EXPECT_TRUE(ArrayEq(a, b));
+#endif
+
+  int c[3];
+  CopyArray(a, 3, c);
+  EXPECT_TRUE(ArrayEq(a, c));
+}
+
+TEST(CopyArrayTest, WorksForTwoDimensionalArrays) {
+  const int a[2][3] = { { 0, 1, 2 }, { 3, 4, 5 } };
+  int b[2][3];
+#ifndef __BORLANDC__  // C++Builder cannot compile some array size deductions.
+  CopyArray(a, &b);
+  EXPECT_TRUE(ArrayEq(a, b));
+#endif
+
+  int c[2][3];
+  CopyArray(a, 2, c);
+  EXPECT_TRUE(ArrayEq(a, c));
+}
+
+// Tests NativeArray.
+
+TEST(NativeArrayTest, ConstructorFromArrayWorks) {
+  const int a[3] = { 0, 1, 2 };
+  NativeArray<int> na(a, 3, RelationToSourceReference());
+  EXPECT_EQ(3U, na.size());
+  EXPECT_EQ(a, na.begin());
+}
+
+TEST(NativeArrayTest, CreatesAndDeletesCopyOfArrayWhenAskedTo) {
+  typedef int Array[2];
+  Array* a = new Array[1];
+  (*a)[0] = 0;
+  (*a)[1] = 1;
+  NativeArray<int> na(*a, 2, RelationToSourceCopy());
+  EXPECT_NE(*a, na.begin());
+  delete[] a;
+  EXPECT_EQ(0, na.begin()[0]);
+  EXPECT_EQ(1, na.begin()[1]);
+
+  // We rely on the heap checker to verify that na deletes the copy of
+  // array.
+}
+
+TEST(NativeArrayTest, TypeMembersAreCorrect) {
+  StaticAssertTypeEq<char, NativeArray<char>::value_type>();
+  StaticAssertTypeEq<int[2], NativeArray<int[2]>::value_type>();
+
+  StaticAssertTypeEq<const char*, NativeArray<char>::const_iterator>();
+  StaticAssertTypeEq<const bool(*)[2], NativeArray<bool[2]>::const_iterator>();
+}
+
+TEST(NativeArrayTest, MethodsWork) {
+  const int a[3] = { 0, 1, 2 };
+  NativeArray<int> na(a, 3, RelationToSourceCopy());
+  ASSERT_EQ(3U, na.size());
+  EXPECT_EQ(3, na.end() - na.begin());
+
+  NativeArray<int>::const_iterator it = na.begin();
+  EXPECT_EQ(0, *it);
+  ++it;
+  EXPECT_EQ(1, *it);
+  it++;
+  EXPECT_EQ(2, *it);
+  ++it;
+  EXPECT_EQ(na.end(), it);
+
+  EXPECT_TRUE(na == na);
+
+  NativeArray<int> na2(a, 3, RelationToSourceReference());
+  EXPECT_TRUE(na == na2);
+
+  const int b1[3] = { 0, 1, 1 };
+  const int b2[4] = { 0, 1, 2, 3 };
+  EXPECT_FALSE(na == NativeArray<int>(b1, 3, RelationToSourceReference()));
+  EXPECT_FALSE(na == NativeArray<int>(b2, 4, RelationToSourceCopy()));
+}
+
+TEST(NativeArrayTest, WorksForTwoDimensionalArray) {
+  const char a[2][3] = { "hi", "lo" };
+  NativeArray<char[3]> na(a, 2, RelationToSourceReference());
+  ASSERT_EQ(2U, na.size());
+  EXPECT_EQ(a, na.begin());
+}
+
+// Tests SkipPrefix().
+
+TEST(SkipPrefixTest, SkipsWhenPrefixMatches) {
+  const char* const str = "hello";
+
+  const char* p = str;
+  EXPECT_TRUE(SkipPrefix("", &p));
+  EXPECT_EQ(str, p);
+
+  p = str;
+  EXPECT_TRUE(SkipPrefix("hell", &p));
+  EXPECT_EQ(str + 4, p);
+}
+
+TEST(SkipPrefixTest, DoesNotSkipWhenPrefixDoesNotMatch) {
+  const char* const str = "world";
+
+  const char* p = str;
+  EXPECT_FALSE(SkipPrefix("W", &p));
+  EXPECT_EQ(str, p);
+
+  p = str;
+  EXPECT_FALSE(SkipPrefix("world!", &p));
+  EXPECT_EQ(str, p);
+}
+
diff --git a/nss/external_tests/google_test/gtest/test/gtest_xml_outfile1_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
new file mode 100644
index 0000000..531ced4
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
@@ -0,0 +1,49 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: keith.ray@gmail.com (Keith Ray)
+//
+// gtest_xml_outfile1_test_ writes some xml via TestProperty used by
+// gtest_xml_outfiles_test.py
+
+#include "gtest/gtest.h"
+
+class PropertyOne : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    RecordProperty("SetUpProp", 1);
+  }
+  virtual void TearDown() {
+    RecordProperty("TearDownProp", 1);
+  }
+};
+
+TEST_F(PropertyOne, TestSomeProperties) {
+  RecordProperty("TestSomeProperty", 1);
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_xml_outfile2_test_.cc b/nss/external_tests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
new file mode 100644
index 0000000..7b400b2
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
@@ -0,0 +1,49 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: keith.ray@gmail.com (Keith Ray)
+//
+// gtest_xml_outfile2_test_ writes some xml via TestProperty used by
+// gtest_xml_outfiles_test.py
+
+#include "gtest/gtest.h"
+
+class PropertyTwo : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    RecordProperty("SetUpProp", 2);
+  }
+  virtual void TearDown() {
+    RecordProperty("TearDownProp", 2);
+  }
+};
+
+TEST_F(PropertyTwo, TestSomeProperties) {
+  RecordProperty("TestSomeProperty", 2);
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_xml_outfiles_test.py b/nss/external_tests/google_test/gtest/test/gtest_xml_outfiles_test.py
new file mode 100755
index 0000000..524e437
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_xml_outfiles_test.py
@@ -0,0 +1,132 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for the gtest_xml_output module."""
+
+__author__ = "keith.ray@gmail.com (Keith Ray)"
+
+import os
+from xml.dom import minidom, Node
+
+import gtest_test_utils
+import gtest_xml_test_utils
+
+
+GTEST_OUTPUT_SUBDIR = "xml_outfiles"
+GTEST_OUTPUT_1_TEST = "gtest_xml_outfile1_test_"
+GTEST_OUTPUT_2_TEST = "gtest_xml_outfile2_test_"
+
+EXPECTED_XML_1 = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="1" failures="0" disabled="0" errors="0" time="*" timestamp="*" name="AllTests">
+  <testsuite name="PropertyOne" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="TestSomeProperties" status="run" time="*" classname="PropertyOne" SetUpProp="1" TestSomeProperty="1" TearDownProp="1" />
+  </testsuite>
+</testsuites>
+"""
+
+EXPECTED_XML_2 = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="1" failures="0" disabled="0" errors="0" time="*" timestamp="*" name="AllTests">
+  <testsuite name="PropertyTwo" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="TestSomeProperties" status="run" time="*" classname="PropertyTwo" SetUpProp="2" TestSomeProperty="2" TearDownProp="2" />
+  </testsuite>
+</testsuites>
+"""
+
+
+class GTestXMLOutFilesTest(gtest_xml_test_utils.GTestXMLTestCase):
+  """Unit test for Google Test's XML output functionality."""
+
+  def setUp(self):
+    # We want the trailing '/' that the last "" provides in os.path.join, for
+    # telling Google Test to create an output directory instead of a single file
+    # for xml output.
+    self.output_dir_ = os.path.join(gtest_test_utils.GetTempDir(),
+                                    GTEST_OUTPUT_SUBDIR, "")
+    self.DeleteFilesAndDir()
+
+  def tearDown(self):
+    self.DeleteFilesAndDir()
+
+  def DeleteFilesAndDir(self):
+    try:
+      os.remove(os.path.join(self.output_dir_, GTEST_OUTPUT_1_TEST + ".xml"))
+    except os.error:
+      pass
+    try:
+      os.remove(os.path.join(self.output_dir_, GTEST_OUTPUT_2_TEST + ".xml"))
+    except os.error:
+      pass
+    try:
+      os.rmdir(self.output_dir_)
+    except os.error:
+      pass
+
+  def testOutfile1(self):
+    self._TestOutFile(GTEST_OUTPUT_1_TEST, EXPECTED_XML_1)
+
+  def testOutfile2(self):
+    self._TestOutFile(GTEST_OUTPUT_2_TEST, EXPECTED_XML_2)
+
+  def _TestOutFile(self, test_name, expected_xml):
+    gtest_prog_path = gtest_test_utils.GetTestExecutablePath(test_name)
+    command = [gtest_prog_path, "--gtest_output=xml:%s" % self.output_dir_]
+    p = gtest_test_utils.Subprocess(command,
+                                    working_dir=gtest_test_utils.GetTempDir())
+    self.assert_(p.exited)
+    self.assertEquals(0, p.exit_code)
+
+    # TODO(wan@google.com): libtool causes the built test binary to be
+    #   named lt-gtest_xml_outfiles_test_ instead of
+    #   gtest_xml_outfiles_test_.  To account for this possibillity, we
+    #   allow both names in the following code.  We should remove this
+    #   hack when Chandler Carruth's libtool replacement tool is ready.
+    output_file_name1 = test_name + ".xml"
+    output_file1 = os.path.join(self.output_dir_, output_file_name1)
+    output_file_name2 = 'lt-' + output_file_name1
+    output_file2 = os.path.join(self.output_dir_, output_file_name2)
+    self.assert_(os.path.isfile(output_file1) or os.path.isfile(output_file2),
+                 output_file1)
+
+    expected = minidom.parseString(expected_xml)
+    if os.path.isfile(output_file1):
+      actual = minidom.parse(output_file1)
+    else:
+      actual = minidom.parse(output_file2)
+    self.NormalizeXml(actual.documentElement)
+    self.AssertEquivalentNodes(expected.documentElement,
+                               actual.documentElement)
+    expected.unlink()
+    actual.unlink()
+
+
+if __name__ == "__main__":
+  os.environ["GTEST_STACK_TRACE_DEPTH"] = "0"
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest.py b/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest.py
new file mode 100755
index 0000000..f605d4e
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest.py
@@ -0,0 +1,307 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for the gtest_xml_output module"""
+
+__author__ = 'eefacm@gmail.com (Sean Mcafee)'
+
+import datetime
+import errno
+import os
+import re
+import sys
+from xml.dom import minidom, Node
+
+import gtest_test_utils
+import gtest_xml_test_utils
+
+
+GTEST_FILTER_FLAG = '--gtest_filter'
+GTEST_LIST_TESTS_FLAG = '--gtest_list_tests'
+GTEST_OUTPUT_FLAG         = "--gtest_output"
+GTEST_DEFAULT_OUTPUT_FILE = "test_detail.xml"
+GTEST_PROGRAM_NAME = "gtest_xml_output_unittest_"
+
+SUPPORTS_STACK_TRACES = False
+
+if SUPPORTS_STACK_TRACES:
+  STACK_TRACE_TEMPLATE = '\nStack trace:\n*'
+else:
+  STACK_TRACE_TEMPLATE = ''
+
+EXPECTED_NON_EMPTY_XML = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="23" failures="4" disabled="2" errors="0" time="*" timestamp="*" name="AllTests" ad_hoc_property="42">
+  <testsuite name="SuccessfulTest" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="Succeeds" status="run" time="*" classname="SuccessfulTest"/>
+  </testsuite>
+  <testsuite name="FailedTest" tests="1" failures="1" disabled="0" errors="0" time="*">
+    <testcase name="Fails" status="run" time="*" classname="FailedTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Value of: 2&#x0A;Expected: 1" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Value of: 2
+Expected: 1%(stack)s]]></failure>
+    </testcase>
+  </testsuite>
+  <testsuite name="MixedResultTest" tests="3" failures="1" disabled="1" errors="0" time="*">
+    <testcase name="Succeeds" status="run" time="*" classname="MixedResultTest"/>
+    <testcase name="Fails" status="run" time="*" classname="MixedResultTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Value of: 2&#x0A;Expected: 1" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Value of: 2
+Expected: 1%(stack)s]]></failure>
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Value of: 3&#x0A;Expected: 2" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Value of: 3
+Expected: 2%(stack)s]]></failure>
+    </testcase>
+    <testcase name="DISABLED_test" status="notrun" time="*" classname="MixedResultTest"/>
+  </testsuite>
+  <testsuite name="XmlQuotingTest" tests="1" failures="1" disabled="0" errors="0" time="*">
+    <testcase name="OutputsCData" status="run" time="*" classname="XmlQuotingTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Failed&#x0A;XML output: &lt;?xml encoding=&quot;utf-8&quot;&gt;&lt;top&gt;&lt;![CDATA[cdata text]]&gt;&lt;/top&gt;" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Failed
+XML output: <?xml encoding="utf-8"><top><![CDATA[cdata text]]>]]&gt;<![CDATA[</top>%(stack)s]]></failure>
+    </testcase>
+  </testsuite>
+  <testsuite name="InvalidCharactersTest" tests="1" failures="1" disabled="0" errors="0" time="*">
+    <testcase name="InvalidCharactersInMessage" status="run" time="*" classname="InvalidCharactersTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Failed&#x0A;Invalid characters in brackets []" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Failed
+Invalid characters in brackets []%(stack)s]]></failure>
+    </testcase>
+  </testsuite>
+  <testsuite name="DisabledTest" tests="1" failures="0" disabled="1" errors="0" time="*">
+    <testcase name="DISABLED_test_not_run" status="notrun" time="*" classname="DisabledTest"/>
+  </testsuite>
+  <testsuite name="PropertyRecordingTest" tests="4" failures="0" disabled="0" errors="0" time="*" SetUpTestCase="yes" TearDownTestCase="aye">
+    <testcase name="OneProperty" status="run" time="*" classname="PropertyRecordingTest" key_1="1"/>
+    <testcase name="IntValuedProperty" status="run" time="*" classname="PropertyRecordingTest" key_int="1"/>
+    <testcase name="ThreeProperties" status="run" time="*" classname="PropertyRecordingTest" key_1="1" key_2="2" key_3="3"/>
+    <testcase name="TwoValuesForOneKeyUsesLastValue" status="run" time="*" classname="PropertyRecordingTest" key_1="2"/>
+  </testsuite>
+  <testsuite name="NoFixtureTest" tests="3" failures="0" disabled="0" errors="0" time="*">
+     <testcase name="RecordProperty" status="run" time="*" classname="NoFixtureTest" key="1"/>
+     <testcase name="ExternalUtilityThatCallsRecordIntValuedProperty" status="run" time="*" classname="NoFixtureTest" key_for_utility_int="1"/>
+     <testcase name="ExternalUtilityThatCallsRecordStringValuedProperty" status="run" time="*" classname="NoFixtureTest" key_for_utility_string="1"/>
+  </testsuite>
+  <testsuite name="Single/ValueParamTest" tests="4" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasValueParamAttribute/0" value_param="33" status="run" time="*" classname="Single/ValueParamTest" />
+    <testcase name="HasValueParamAttribute/1" value_param="42" status="run" time="*" classname="Single/ValueParamTest" />
+    <testcase name="AnotherTestThatHasValueParamAttribute/0" value_param="33" status="run" time="*" classname="Single/ValueParamTest" />
+    <testcase name="AnotherTestThatHasValueParamAttribute/1" value_param="42" status="run" time="*" classname="Single/ValueParamTest" />
+  </testsuite>
+  <testsuite name="TypedTest/0" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="TypedTest/0" />
+  </testsuite>
+  <testsuite name="TypedTest/1" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="TypedTest/1" />
+  </testsuite>
+  <testsuite name="Single/TypeParameterizedTestCase/0" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="Single/TypeParameterizedTestCase/0" />
+  </testsuite>
+  <testsuite name="Single/TypeParameterizedTestCase/1" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="Single/TypeParameterizedTestCase/1" />
+  </testsuite>
+</testsuites>""" % {'stack': STACK_TRACE_TEMPLATE}
+
+EXPECTED_FILTERED_TEST_XML = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="1" failures="0" disabled="0" errors="0" time="*"
+            timestamp="*" name="AllTests" ad_hoc_property="42">
+  <testsuite name="SuccessfulTest" tests="1" failures="0" disabled="0"
+             errors="0" time="*">
+    <testcase name="Succeeds" status="run" time="*" classname="SuccessfulTest"/>
+  </testsuite>
+</testsuites>"""
+
+EXPECTED_EMPTY_XML = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="0" failures="0" disabled="0" errors="0" time="*"
+            timestamp="*" name="AllTests">
+</testsuites>"""
+
+GTEST_PROGRAM_PATH = gtest_test_utils.GetTestExecutablePath(GTEST_PROGRAM_NAME)
+
+SUPPORTS_TYPED_TESTS = 'TypedTest' in gtest_test_utils.Subprocess(
+    [GTEST_PROGRAM_PATH, GTEST_LIST_TESTS_FLAG], capture_stderr=False).output
+
+
+class GTestXMLOutputUnitTest(gtest_xml_test_utils.GTestXMLTestCase):
+  """
+  Unit test for Google Test's XML output functionality.
+  """
+
+  # This test currently breaks on platforms that do not support typed and
+  # type-parameterized tests, so we don't run it under them.
+  if SUPPORTS_TYPED_TESTS:
+    def testNonEmptyXmlOutput(self):
+      """
+      Runs a test program that generates a non-empty XML output, and
+      tests that the XML output is expected.
+      """
+      self._TestXmlOutput(GTEST_PROGRAM_NAME, EXPECTED_NON_EMPTY_XML, 1)
+
+  def testEmptyXmlOutput(self):
+    """Verifies XML output for a Google Test binary without actual tests.
+
+    Runs a test program that generates an empty XML output, and
+    tests that the XML output is expected.
+    """
+
+    self._TestXmlOutput('gtest_no_test_unittest', EXPECTED_EMPTY_XML, 0)
+
+  def testTimestampValue(self):
+    """Checks whether the timestamp attribute in the XML output is valid.
+
+    Runs a test program that generates an empty XML output, and checks if
+    the timestamp attribute in the testsuites tag is valid.
+    """
+    actual = self._GetXmlOutput('gtest_no_test_unittest', [], 0)
+    date_time_str = actual.documentElement.getAttributeNode('timestamp').value
+    # datetime.strptime() is only available in Python 2.5+ so we have to
+    # parse the expected datetime manually.
+    match = re.match(r'(\d+)-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)', date_time_str)
+    self.assertTrue(
+        re.match,
+        'XML datettime string %s has incorrect format' % date_time_str)
+    date_time_from_xml = datetime.datetime(
+        year=int(match.group(1)), month=int(match.group(2)),
+        day=int(match.group(3)), hour=int(match.group(4)),
+        minute=int(match.group(5)), second=int(match.group(6)))
+
+    time_delta = abs(datetime.datetime.now() - date_time_from_xml)
+    # timestamp value should be near the current local time
+    self.assertTrue(time_delta < datetime.timedelta(seconds=600),
+                    'time_delta is %s' % time_delta)
+    actual.unlink()
+
+  def testDefaultOutputFile(self):
+    """
+    Confirms that Google Test produces an XML output file with the expected
+    default name if no name is explicitly specified.
+    """
+    output_file = os.path.join(gtest_test_utils.GetTempDir(),
+                               GTEST_DEFAULT_OUTPUT_FILE)
+    gtest_prog_path = gtest_test_utils.GetTestExecutablePath(
+        'gtest_no_test_unittest')
+    try:
+      os.remove(output_file)
+    except OSError, e:
+      if e.errno != errno.ENOENT:
+        raise
+
+    p = gtest_test_utils.Subprocess(
+        [gtest_prog_path, '%s=xml' % GTEST_OUTPUT_FLAG],
+        working_dir=gtest_test_utils.GetTempDir())
+    self.assert_(p.exited)
+    self.assertEquals(0, p.exit_code)
+    self.assert_(os.path.isfile(output_file))
+
+  def testSuppressedXmlOutput(self):
+    """
+    Tests that no XML file is generated if the default XML listener is
+    shut down before RUN_ALL_TESTS is invoked.
+    """
+
+    xml_path = os.path.join(gtest_test_utils.GetTempDir(),
+                            GTEST_PROGRAM_NAME + 'out.xml')
+    if os.path.isfile(xml_path):
+      os.remove(xml_path)
+
+    command = [GTEST_PROGRAM_PATH,
+               '%s=xml:%s' % (GTEST_OUTPUT_FLAG, xml_path),
+               '--shut_down_xml']
+    p = gtest_test_utils.Subprocess(command)
+    if p.terminated_by_signal:
+      # p.signal is avalable only if p.terminated_by_signal is True.
+      self.assertFalse(
+          p.terminated_by_signal,
+          '%s was killed by signal %d' % (GTEST_PROGRAM_NAME, p.signal))
+    else:
+      self.assert_(p.exited)
+      self.assertEquals(1, p.exit_code,
+                        "'%s' exited with code %s, which doesn't match "
+                        'the expected exit code %s.'
+                        % (command, p.exit_code, 1))
+
+    self.assert_(not os.path.isfile(xml_path))
+
+  def testFilteredTestXmlOutput(self):
+    """Verifies XML output when a filter is applied.
+
+    Runs a test program that executes only some tests and verifies that
+    non-selected tests do not show up in the XML output.
+    """
+
+    self._TestXmlOutput(GTEST_PROGRAM_NAME, EXPECTED_FILTERED_TEST_XML, 0,
+                        extra_args=['%s=SuccessfulTest.*' % GTEST_FILTER_FLAG])
+
+  def _GetXmlOutput(self, gtest_prog_name, extra_args, expected_exit_code):
+    """
+    Returns the xml output generated by running the program gtest_prog_name.
+    Furthermore, the program's exit code must be expected_exit_code.
+    """
+    xml_path = os.path.join(gtest_test_utils.GetTempDir(),
+                            gtest_prog_name + 'out.xml')
+    gtest_prog_path = gtest_test_utils.GetTestExecutablePath(gtest_prog_name)
+
+    command = ([gtest_prog_path, '%s=xml:%s' % (GTEST_OUTPUT_FLAG, xml_path)] +
+               extra_args)
+    p = gtest_test_utils.Subprocess(command)
+    if p.terminated_by_signal:
+      self.assert_(False,
+                   '%s was killed by signal %d' % (gtest_prog_name, p.signal))
+    else:
+      self.assert_(p.exited)
+      self.assertEquals(expected_exit_code, p.exit_code,
+                        "'%s' exited with code %s, which doesn't match "
+                        'the expected exit code %s.'
+                        % (command, p.exit_code, expected_exit_code))
+    actual = minidom.parse(xml_path)
+    return actual
+
+  def _TestXmlOutput(self, gtest_prog_name, expected_xml,
+                     expected_exit_code, extra_args=None):
+    """
+    Asserts that the XML document generated by running the program
+    gtest_prog_name matches expected_xml, a string containing another
+    XML document.  Furthermore, the program's exit code must be
+    expected_exit_code.
+    """
+
+    actual = self._GetXmlOutput(gtest_prog_name, extra_args or [],
+                                expected_exit_code)
+    expected = minidom.parseString(expected_xml)
+    self.NormalizeXml(actual.documentElement)
+    self.AssertEquivalentNodes(expected.documentElement,
+                               actual.documentElement)
+    expected.unlink()
+    actual.unlink()
+
+
+if __name__ == '__main__':
+  os.environ['GTEST_STACK_TRACE_DEPTH'] = '1'
+  gtest_test_utils.Main()
diff --git a/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest_.cc b/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest_.cc
new file mode 100644
index 0000000..48b8771
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_xml_output_unittest_.cc
@@ -0,0 +1,181 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Author: eefacm@gmail.com (Sean Mcafee)
+
+// Unit test for Google Test XML output.
+//
+// A user can specify XML output in a Google Test program to run via
+// either the GTEST_OUTPUT environment variable or the --gtest_output
+// flag.  This is used for testing such functionality.
+//
+// This program will be invoked from a Python unit test.  Don't run it
+// directly.
+
+#include "gtest/gtest.h"
+
+using ::testing::InitGoogleTest;
+using ::testing::TestEventListeners;
+using ::testing::TestWithParam;
+using ::testing::UnitTest;
+using ::testing::Test;
+using ::testing::Values;
+
+class SuccessfulTest : public Test {
+};
+
+TEST_F(SuccessfulTest, Succeeds) {
+  SUCCEED() << "This is a success.";
+  ASSERT_EQ(1, 1);
+}
+
+class FailedTest : public Test {
+};
+
+TEST_F(FailedTest, Fails) {
+  ASSERT_EQ(1, 2);
+}
+
+class DisabledTest : public Test {
+};
+
+TEST_F(DisabledTest, DISABLED_test_not_run) {
+  FAIL() << "Unexpected failure: Disabled test should not be run";
+}
+
+TEST(MixedResultTest, Succeeds) {
+  EXPECT_EQ(1, 1);
+  ASSERT_EQ(1, 1);
+}
+
+TEST(MixedResultTest, Fails) {
+  EXPECT_EQ(1, 2);
+  ASSERT_EQ(2, 3);
+}
+
+TEST(MixedResultTest, DISABLED_test) {
+  FAIL() << "Unexpected failure: Disabled test should not be run";
+}
+
+TEST(XmlQuotingTest, OutputsCData) {
+  FAIL() << "XML output: "
+            "<?xml encoding=\"utf-8\"><top><![CDATA[cdata text]]></top>";
+}
+
+// Helps to test that invalid characters produced by test code do not make
+// it into the XML file.
+TEST(InvalidCharactersTest, InvalidCharactersInMessage) {
+  FAIL() << "Invalid characters in brackets [\x1\x2]";
+}
+
+class PropertyRecordingTest : public Test {
+ public:
+  static void SetUpTestCase() { RecordProperty("SetUpTestCase", "yes"); }
+  static void TearDownTestCase() { RecordProperty("TearDownTestCase", "aye"); }
+};
+
+TEST_F(PropertyRecordingTest, OneProperty) {
+  RecordProperty("key_1", "1");
+}
+
+TEST_F(PropertyRecordingTest, IntValuedProperty) {
+  RecordProperty("key_int", 1);
+}
+
+TEST_F(PropertyRecordingTest, ThreeProperties) {
+  RecordProperty("key_1", "1");
+  RecordProperty("key_2", "2");
+  RecordProperty("key_3", "3");
+}
+
+TEST_F(PropertyRecordingTest, TwoValuesForOneKeyUsesLastValue) {
+  RecordProperty("key_1", "1");
+  RecordProperty("key_1", "2");
+}
+
+TEST(NoFixtureTest, RecordProperty) {
+  RecordProperty("key", "1");
+}
+
+void ExternalUtilityThatCallsRecordProperty(const std::string& key, int value) {
+  testing::Test::RecordProperty(key, value);
+}
+
+void ExternalUtilityThatCallsRecordProperty(const std::string& key,
+                                            const std::string& value) {
+  testing::Test::RecordProperty(key, value);
+}
+
+TEST(NoFixtureTest, ExternalUtilityThatCallsRecordIntValuedProperty) {
+  ExternalUtilityThatCallsRecordProperty("key_for_utility_int", 1);
+}
+
+TEST(NoFixtureTest, ExternalUtilityThatCallsRecordStringValuedProperty) {
+  ExternalUtilityThatCallsRecordProperty("key_for_utility_string", "1");
+}
+
+// Verifies that the test parameter value is output in the 'value_param'
+// XML attribute for value-parameterized tests.
+class ValueParamTest : public TestWithParam<int> {};
+TEST_P(ValueParamTest, HasValueParamAttribute) {}
+TEST_P(ValueParamTest, AnotherTestThatHasValueParamAttribute) {}
+INSTANTIATE_TEST_CASE_P(Single, ValueParamTest, Values(33, 42));
+
+#if GTEST_HAS_TYPED_TEST
+// Verifies that the type parameter name is output in the 'type_param'
+// XML attribute for typed tests.
+template <typename T> class TypedTest : public Test {};
+typedef testing::Types<int, long> TypedTestTypes;
+TYPED_TEST_CASE(TypedTest, TypedTestTypes);
+TYPED_TEST(TypedTest, HasTypeParamAttribute) {}
+#endif
+
+#if GTEST_HAS_TYPED_TEST_P
+// Verifies that the type parameter name is output in the 'type_param'
+// XML attribute for type-parameterized tests.
+template <typename T> class TypeParameterizedTestCase : public Test {};
+TYPED_TEST_CASE_P(TypeParameterizedTestCase);
+TYPED_TEST_P(TypeParameterizedTestCase, HasTypeParamAttribute) {}
+REGISTER_TYPED_TEST_CASE_P(TypeParameterizedTestCase, HasTypeParamAttribute);
+typedef testing::Types<int, long> TypeParameterizedTestCaseTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(Single,
+                              TypeParameterizedTestCase,
+                              TypeParameterizedTestCaseTypes);
+#endif
+
+int main(int argc, char** argv) {
+  InitGoogleTest(&argc, argv);
+
+  if (argc > 1 && strcmp(argv[1], "--shut_down_xml") == 0) {
+    TestEventListeners& listeners = UnitTest::GetInstance()->listeners();
+    delete listeners.Release(listeners.default_xml_generator());
+  }
+  testing::Test::RecordProperty("ad_hoc_property", "42");
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/external_tests/google_test/gtest/test/gtest_xml_test_utils.py b/nss/external_tests/google_test/gtest/test/gtest_xml_test_utils.py
new file mode 100755
index 0000000..3d0c3b2
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/gtest_xml_test_utils.py
@@ -0,0 +1,194 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test utilities for gtest_xml_output"""
+
+__author__ = 'eefacm@gmail.com (Sean Mcafee)'
+
+import re
+from xml.dom import minidom, Node
+
+import gtest_test_utils
+
+
+GTEST_OUTPUT_FLAG         = '--gtest_output'
+GTEST_DEFAULT_OUTPUT_FILE = 'test_detail.xml'
+
+class GTestXMLTestCase(gtest_test_utils.TestCase):
+  """
+  Base class for tests of Google Test's XML output functionality.
+  """
+
+
+  def AssertEquivalentNodes(self, expected_node, actual_node):
+    """
+    Asserts that actual_node (a DOM node object) is equivalent to
+    expected_node (another DOM node object), in that either both of
+    them are CDATA nodes and have the same value, or both are DOM
+    elements and actual_node meets all of the following conditions:
+
+    *  It has the same tag name as expected_node.
+    *  It has the same set of attributes as expected_node, each with
+       the same value as the corresponding attribute of expected_node.
+       Exceptions are any attribute named "time", which needs only be
+       convertible to a floating-point number and any attribute named
+       "type_param" which only has to be non-empty.
+    *  It has an equivalent set of child nodes (including elements and
+       CDATA sections) as expected_node.  Note that we ignore the
+       order of the children as they are not guaranteed to be in any
+       particular order.
+    """
+
+    if expected_node.nodeType == Node.CDATA_SECTION_NODE:
+      self.assertEquals(Node.CDATA_SECTION_NODE, actual_node.nodeType)
+      self.assertEquals(expected_node.nodeValue, actual_node.nodeValue)
+      return
+
+    self.assertEquals(Node.ELEMENT_NODE, actual_node.nodeType)
+    self.assertEquals(Node.ELEMENT_NODE, expected_node.nodeType)
+    self.assertEquals(expected_node.tagName, actual_node.tagName)
+
+    expected_attributes = expected_node.attributes
+    actual_attributes   = actual_node  .attributes
+    self.assertEquals(
+        expected_attributes.length, actual_attributes.length,
+        'attribute numbers differ in element %s:\nExpected: %r\nActual: %r' % (
+            actual_node.tagName, expected_attributes.keys(),
+            actual_attributes.keys()))
+    for i in range(expected_attributes.length):
+      expected_attr = expected_attributes.item(i)
+      actual_attr   = actual_attributes.get(expected_attr.name)
+      self.assert_(
+          actual_attr is not None,
+          'expected attribute %s not found in element %s' %
+          (expected_attr.name, actual_node.tagName))
+      self.assertEquals(
+          expected_attr.value, actual_attr.value,
+          ' values of attribute %s in element %s differ: %s vs %s' %
+          (expected_attr.name, actual_node.tagName,
+           expected_attr.value, actual_attr.value))
+
+    expected_children = self._GetChildren(expected_node)
+    actual_children = self._GetChildren(actual_node)
+    self.assertEquals(
+        len(expected_children), len(actual_children),
+        'number of child elements differ in element ' + actual_node.tagName)
+    for child_id, child in expected_children.iteritems():
+      self.assert_(child_id in actual_children,
+                   '<%s> is not in <%s> (in element %s)' %
+                   (child_id, actual_children, actual_node.tagName))
+      self.AssertEquivalentNodes(child, actual_children[child_id])
+
+  identifying_attribute = {
+    'testsuites': 'name',
+    'testsuite': 'name',
+    'testcase':  'name',
+    'failure':   'message',
+    }
+
+  def _GetChildren(self, element):
+    """
+    Fetches all of the child nodes of element, a DOM Element object.
+    Returns them as the values of a dictionary keyed by the IDs of the
+    children.  For <testsuites>, <testsuite> and <testcase> elements, the ID
+    is the value of their "name" attribute; for <failure> elements, it is
+    the value of the "message" attribute; CDATA sections and non-whitespace
+    text nodes are concatenated into a single CDATA section with ID
+    "detail".  An exception is raised if any element other than the above
+    four is encountered, if two child elements with the same identifying
+    attributes are encountered, or if any other type of node is encountered.
+    """
+
+    children = {}
+    for child in element.childNodes:
+      if child.nodeType == Node.ELEMENT_NODE:
+        self.assert_(child.tagName in self.identifying_attribute,
+                     'Encountered unknown element <%s>' % child.tagName)
+        childID = child.getAttribute(self.identifying_attribute[child.tagName])
+        self.assert_(childID not in children)
+        children[childID] = child
+      elif child.nodeType in [Node.TEXT_NODE, Node.CDATA_SECTION_NODE]:
+        if 'detail' not in children:
+          if (child.nodeType == Node.CDATA_SECTION_NODE or
+              not child.nodeValue.isspace()):
+            children['detail'] = child.ownerDocument.createCDATASection(
+                child.nodeValue)
+        else:
+          children['detail'].nodeValue += child.nodeValue
+      else:
+        self.fail('Encountered unexpected node type %d' % child.nodeType)
+    return children
+
+  def NormalizeXml(self, element):
+    """
+    Normalizes Google Test's XML output to eliminate references to transient
+    information that may change from run to run.
+
+    *  The "time" attribute of <testsuites>, <testsuite> and <testcase>
+       elements is replaced with a single asterisk, if it contains
+       only digit characters.
+    *  The "timestamp" attribute of <testsuites> elements is replaced with a
+       single asterisk, if it contains a valid ISO8601 datetime value.
+    *  The "type_param" attribute of <testcase> elements is replaced with a
+       single asterisk (if it sn non-empty) as it is the type name returned
+       by the compiler and is platform dependent.
+    *  The line info reported in the first line of the "message"
+       attribute and CDATA section of <failure> elements is replaced with the
+       file's basename and a single asterisk for the line number.
+    *  The directory names in file paths are removed.
+    *  The stack traces are removed.
+    """
+
+    if element.tagName == 'testsuites':
+      timestamp = element.getAttributeNode('timestamp')
+      timestamp.value = re.sub(r'^\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d$',
+                               '*', timestamp.value)
+    if element.tagName in ('testsuites', 'testsuite', 'testcase'):
+      time = element.getAttributeNode('time')
+      time.value = re.sub(r'^\d+(\.\d+)?$', '*', time.value)
+      type_param = element.getAttributeNode('type_param')
+      if type_param and type_param.value:
+        type_param.value = '*'
+    elif element.tagName == 'failure':
+      source_line_pat = r'^.*[/\\](.*:)\d+\n'
+      # Replaces the source line information with a normalized form.
+      message = element.getAttributeNode('message')
+      message.value = re.sub(source_line_pat, '\\1*\n', message.value)
+      for child in element.childNodes:
+        if child.nodeType == Node.CDATA_SECTION_NODE:
+          # Replaces the source line information with a normalized form.
+          cdata = re.sub(source_line_pat, '\\1*\n', child.nodeValue)
+          # Removes the actual stack trace.
+          child.nodeValue = re.sub(r'\nStack trace:\n(.|\n)*',
+                                   '', cdata)
+    for child in element.childNodes:
+      if child.nodeType == Node.ELEMENT_NODE:
+        self.NormalizeXml(child)
diff --git a/nss/external_tests/google_test/gtest/test/production.cc b/nss/external_tests/google_test/gtest/test/production.cc
new file mode 100644
index 0000000..8b8a40b
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/production.cc
@@ -0,0 +1,36 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// This is part of the unit test for include/gtest/gtest_prod.h.
+
+#include "production.h"
+
+PrivateCode::PrivateCode() : x_(0) {}
diff --git a/nss/external_tests/google_test/gtest/test/production.h b/nss/external_tests/google_test/gtest/test/production.h
new file mode 100644
index 0000000..98fd5e4
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/test/production.h
@@ -0,0 +1,55 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// This is part of the unit test for include/gtest/gtest_prod.h.
+
+#ifndef GTEST_TEST_PRODUCTION_H_
+#define GTEST_TEST_PRODUCTION_H_
+
+#include "gtest/gtest_prod.h"
+
+class PrivateCode {
+ public:
+  // Declares a friend test that does not use a fixture.
+  FRIEND_TEST(PrivateCodeTest, CanAccessPrivateMembers);
+
+  // Declares a friend test that uses a fixture.
+  FRIEND_TEST(PrivateCodeFixtureTest, CanAccessPrivateMembers);
+
+  PrivateCode();
+
+  int x() const { return x_; }
+ private:
+  void set_x(int an_x) { x_ = an_x; }
+  int x_;
+};
+
+#endif  // GTEST_TEST_PRODUCTION_H_
diff --git a/nss/external_tests/google_test/gtest/xcode/Config/DebugProject.xcconfig b/nss/external_tests/google_test/gtest/xcode/Config/DebugProject.xcconfig
new file mode 100644
index 0000000..3d68157
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Config/DebugProject.xcconfig
@@ -0,0 +1,30 @@
+//
+//  DebugProject.xcconfig
+//
+//  These are Debug Configuration project settings for the gtest framework and
+//  examples. It is set in the "Based On:" dropdown in the "Project" info
+//  dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+#include "General.xcconfig"
+
+// No optimization
+GCC_OPTIMIZATION_LEVEL = 0
+
+// Deployment postprocessing is what triggers Xcode to strip, turn it off
+DEPLOYMENT_POSTPROCESSING = NO
+
+// Dead code stripping off
+DEAD_CODE_STRIPPING = NO
+
+// Debug symbols should be on obviously
+GCC_GENERATE_DEBUGGING_SYMBOLS = YES
+
+// Define the DEBUG macro in all debug builds
+OTHER_CFLAGS = $(OTHER_CFLAGS) -DDEBUG=1
+
+// These are turned off to avoid STL incompatibilities with client code
+// // Turns on special C++ STL checks to "encourage" good STL use
+// GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) _GLIBCXX_DEBUG_PEDANTIC _GLIBCXX_DEBUG _GLIBCPP_CONCEPT_CHECKS
diff --git a/nss/external_tests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig b/nss/external_tests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
new file mode 100644
index 0000000..357b1c8
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
@@ -0,0 +1,17 @@
+//
+//  FrameworkTarget.xcconfig
+//
+//  These are Framework target settings for the gtest framework and examples. It
+//  is set in the "Based On:" dropdown in the "Target" info dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+// Dynamic libs need to be position independent
+GCC_DYNAMIC_NO_PIC = NO
+
+// Dynamic libs should not have their external symbols stripped.
+STRIP_STYLE = non-global
+
+// Let the user install by specifying the $DSTROOT with xcodebuild
+SKIP_INSTALL = NO
diff --git a/nss/external_tests/google_test/gtest/xcode/Config/General.xcconfig b/nss/external_tests/google_test/gtest/xcode/Config/General.xcconfig
new file mode 100644
index 0000000..f23e322
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Config/General.xcconfig
@@ -0,0 +1,41 @@
+//
+//  General.xcconfig
+//
+//  These are General configuration settings for the gtest framework and
+//  examples.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+// Build for PPC and Intel, 32- and 64-bit
+ARCHS = i386 x86_64 ppc ppc64
+
+// Zerolink prevents link warnings so turn it off
+ZERO_LINK = NO
+
+// Prebinding considered unhelpful in 10.3 and later
+PREBINDING = NO
+
+// Strictest warning policy
+WARNING_CFLAGS = -Wall -Werror -Wendif-labels -Wnewline-eof -Wno-sign-compare -Wshadow
+
+// Work around Xcode bugs by using external strip. See:
+// http://lists.apple.com/archives/Xcode-users/2006/Feb/msg00050.html
+SEPARATE_STRIP = YES
+
+// Force C99 dialect
+GCC_C_LANGUAGE_STANDARD = c99
+
+// not sure why apple defaults this on, but it's pretty risky
+ALWAYS_SEARCH_USER_PATHS = NO
+
+// Turn on position dependent code for most cases (overridden where appropriate)
+GCC_DYNAMIC_NO_PIC = YES
+
+// Default SDK and minimum OS version is 10.4
+SDKROOT = $(DEVELOPER_SDK_DIR)/MacOSX10.4u.sdk
+MACOSX_DEPLOYMENT_TARGET = 10.4
+GCC_VERSION = 4.0
+
+// VERSIONING BUILD SETTINGS (used in Info.plist)
+GTEST_VERSIONINFO_ABOUT =  © 2008 Google Inc.
diff --git a/nss/external_tests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig b/nss/external_tests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
new file mode 100644
index 0000000..5349f0a
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
@@ -0,0 +1,32 @@
+//
+//  ReleaseProject.xcconfig
+//
+//  These are Release Configuration project settings for the gtest framework
+//  and examples. It is set in the "Based On:" dropdown in the "Project" info
+//  dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+#include "General.xcconfig"
+
+// subconfig/Release.xcconfig
+
+// Optimize for space and size (Apple recommendation)
+GCC_OPTIMIZATION_LEVEL = s
+
+// Deploment postprocessing is what triggers Xcode to strip
+DEPLOYMENT_POSTPROCESSING = YES
+
+// No symbols
+GCC_GENERATE_DEBUGGING_SYMBOLS = NO
+
+// Dead code strip does not affect ObjC code but can help for C
+DEAD_CODE_STRIPPING = YES
+
+// NDEBUG is used by things like assert.h, so define it for general compat.
+// ASSERT going away in release tends to create unused vars.
+OTHER_CFLAGS = $(OTHER_CFLAGS) -DNDEBUG=1 -Wno-unused-variable
+
+// When we strip we want to strip all symbols in release, but save externals.
+STRIP_STYLE = all
diff --git a/nss/external_tests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig b/nss/external_tests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
new file mode 100644
index 0000000..3922fa5
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
@@ -0,0 +1,18 @@
+//
+//  StaticLibraryTarget.xcconfig
+//
+//  These are static library target settings for libgtest.a. It
+//  is set in the "Based On:" dropdown in the "Target" info dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+// Static libs can be included in bundles so make them position independent
+GCC_DYNAMIC_NO_PIC = NO
+
+// Static libs should not have their internal globals or external symbols
+// stripped.
+STRIP_STYLE = debugging
+
+// Let the user install by specifying the $DSTROOT with xcodebuild
+SKIP_INSTALL = NO
diff --git a/nss/external_tests/google_test/gtest/xcode/Config/TestTarget.xcconfig b/nss/external_tests/google_test/gtest/xcode/Config/TestTarget.xcconfig
new file mode 100644
index 0000000..e6652ba
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Config/TestTarget.xcconfig
@@ -0,0 +1,8 @@
+//
+//  TestTarget.xcconfig
+//
+//  These are Test target settings for the gtest framework and examples. It
+//  is set in the "Based On:" dropdown in the "Target" info dialog.
+
+PRODUCT_NAME = $(TARGET_NAME)
+HEADER_SEARCH_PATHS = ../include
diff --git a/nss/external_tests/google_test/gtest/xcode/Resources/Info.plist b/nss/external_tests/google_test/gtest/xcode/Resources/Info.plist
new file mode 100644
index 0000000..9dd28ea
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Resources/Info.plist
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>English</string>
+	<key>CFBundleExecutable</key>
+	<string>${EXECUTABLE_NAME}</string>
+	<key>CFBundleIconFile</key>
+	<string></string>
+	<key>CFBundleIdentifier</key>
+	<string>com.google.${PRODUCT_NAME}</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>GTEST_VERSIONINFO_LONG</string>
+	<key>CFBundleShortVersionString</key>
+	<string>GTEST_VERSIONINFO_SHORT</string>
+	<key>CFBundleGetInfoString</key>
+	<string>${PRODUCT_NAME} GTEST_VERSIONINFO_LONG, ${GTEST_VERSIONINFO_ABOUT}</string>
+	<key>NSHumanReadableCopyright</key>
+	<string>${GTEST_VERSIONINFO_ABOUT}</string>
+	<key>CSResourcesFileMapped</key>
+	<true/>
+</dict>
+</plist>
diff --git a/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
new file mode 100644
index 0000000..f3852ed
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>English</string>
+	<key>CFBundleExecutable</key>
+	<string>${EXECUTABLE_NAME}</string>
+	<key>CFBundleIconFile</key>
+	<string></string>
+	<key>CFBundleIdentifier</key>
+	<string>com.google.gtest.${PRODUCT_NAME:identifier}</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>${PRODUCT_NAME}</string>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>1.0</string>
+	<key>CSResourcesFileMapped</key>
+	<true/>
+</dict>
+</plist>
diff --git a/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
new file mode 100644
index 0000000..497617e
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
@@ -0,0 +1,457 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 42;
+	objects = {
+
+/* Begin PBXAggregateTarget section */
+		4024D162113D7D2400C7059E /* Test */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 4024D169113D7D4600C7059E /* Build configuration list for PBXAggregateTarget "Test" */;
+			buildPhases = (
+				4024D161113D7D2400C7059E /* ShellScript */,
+			);
+			dependencies = (
+				4024D166113D7D3100C7059E /* PBXTargetDependency */,
+			);
+			name = Test;
+			productName = TestAndBuild;
+		};
+		4024D1E9113D83FF00C7059E /* TestAndBuild */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 4024D1F0113D842B00C7059E /* Build configuration list for PBXAggregateTarget "TestAndBuild" */;
+			buildPhases = (
+			);
+			dependencies = (
+				4024D1ED113D840900C7059E /* PBXTargetDependency */,
+				4024D1EF113D840D00C7059E /* PBXTargetDependency */,
+			);
+			name = TestAndBuild;
+			productName = TestAndBuild;
+		};
+/* End PBXAggregateTarget section */
+
+/* Begin PBXBuildFile section */
+		3B7EB1250E5AEE3500C7F239 /* widget.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B7EB1230E5AEE3500C7F239 /* widget.cc */; };
+		3B7EB1260E5AEE3500C7F239 /* widget.h in Headers */ = {isa = PBXBuildFile; fileRef = 3B7EB1240E5AEE3500C7F239 /* widget.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		3B7EB1280E5AEE4600C7F239 /* widget_test.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B7EB1270E5AEE4600C7F239 /* widget_test.cc */; };
+		3B7EB1480E5AF3B400C7F239 /* Widget.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8D07F2C80486CC7A007CD1D0 /* Widget.framework */; };
+		4024D188113D7D7800C7059E /* libgtest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4024D185113D7D5500C7059E /* libgtest.a */; };
+		4024D189113D7D7A00C7059E /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4024D183113D7D5500C7059E /* libgtest_main.a */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXContainerItemProxy section */
+		3B07BDF00E3F3FAE00647869 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = gTestExample;
+		};
+		4024D165113D7D3100C7059E /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 3B07BDE90E3F3F9E00647869;
+			remoteInfo = WidgetFrameworkTest;
+		};
+		4024D1EC113D840900C7059E /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = WidgetFramework;
+		};
+		4024D1EE113D840D00C7059E /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 4024D162113D7D2400C7059E;
+			remoteInfo = Test;
+		};
+/* End PBXContainerItemProxy section */
+
+/* Begin PBXFileReference section */
+		3B07BDEA0E3F3F9E00647869 /* WidgetFrameworkTest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = WidgetFrameworkTest; sourceTree = BUILT_PRODUCTS_DIR; };
+		3B7EB1230E5AEE3500C7F239 /* widget.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = widget.cc; sourceTree = "<group>"; };
+		3B7EB1240E5AEE3500C7F239 /* widget.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = widget.h; sourceTree = "<group>"; };
+		3B7EB1270E5AEE4600C7F239 /* widget_test.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = widget_test.cc; sourceTree = "<group>"; };
+		4024D183113D7D5500C7059E /* libgtest_main.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libgtest_main.a; path = /usr/local/lib/libgtest_main.a; sourceTree = "<absolute>"; };
+		4024D185113D7D5500C7059E /* libgtest.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libgtest.a; path = /usr/local/lib/libgtest.a; sourceTree = "<absolute>"; };
+		4024D1E2113D838200C7059E /* runtests.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = runtests.sh; sourceTree = "<group>"; };
+		8D07F2C70486CC7A007CD1D0 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist; path = Info.plist; sourceTree = "<group>"; };
+		8D07F2C80486CC7A007CD1D0 /* Widget.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Widget.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		3B07BDE80E3F3F9E00647869 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				4024D189113D7D7A00C7059E /* libgtest_main.a in Frameworks */,
+				4024D188113D7D7800C7059E /* libgtest.a in Frameworks */,
+				3B7EB1480E5AF3B400C7F239 /* Widget.framework in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		8D07F2C30486CC7A007CD1D0 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		034768DDFF38A45A11DB9C8B /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				8D07F2C80486CC7A007CD1D0 /* Widget.framework */,
+				3B07BDEA0E3F3F9E00647869 /* WidgetFrameworkTest */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		0867D691FE84028FC02AAC07 /* gTestExample */ = {
+			isa = PBXGroup;
+			children = (
+				4024D1E1113D836C00C7059E /* Scripts */,
+				08FB77ACFE841707C02AAC07 /* Source */,
+				089C1665FE841158C02AAC07 /* Resources */,
+				3B07BE350E4094E400647869 /* Test */,
+				0867D69AFE84028FC02AAC07 /* External Frameworks and Libraries */,
+				034768DDFF38A45A11DB9C8B /* Products */,
+			);
+			name = gTestExample;
+			sourceTree = "<group>";
+		};
+		0867D69AFE84028FC02AAC07 /* External Frameworks and Libraries */ = {
+			isa = PBXGroup;
+			children = (
+				4024D183113D7D5500C7059E /* libgtest_main.a */,
+				4024D185113D7D5500C7059E /* libgtest.a */,
+			);
+			name = "External Frameworks and Libraries";
+			sourceTree = "<group>";
+		};
+		089C1665FE841158C02AAC07 /* Resources */ = {
+			isa = PBXGroup;
+			children = (
+				8D07F2C70486CC7A007CD1D0 /* Info.plist */,
+			);
+			name = Resources;
+			sourceTree = "<group>";
+		};
+		08FB77ACFE841707C02AAC07 /* Source */ = {
+			isa = PBXGroup;
+			children = (
+				3B7EB1230E5AEE3500C7F239 /* widget.cc */,
+				3B7EB1240E5AEE3500C7F239 /* widget.h */,
+			);
+			name = Source;
+			sourceTree = "<group>";
+		};
+		3B07BE350E4094E400647869 /* Test */ = {
+			isa = PBXGroup;
+			children = (
+				3B7EB1270E5AEE4600C7F239 /* widget_test.cc */,
+			);
+			name = Test;
+			sourceTree = "<group>";
+		};
+		4024D1E1113D836C00C7059E /* Scripts */ = {
+			isa = PBXGroup;
+			children = (
+				4024D1E2113D838200C7059E /* runtests.sh */,
+			);
+			name = Scripts;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXHeadersBuildPhase section */
+		8D07F2BD0486CC7A007CD1D0 /* Headers */ = {
+			isa = PBXHeadersBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				3B7EB1260E5AEE3500C7F239 /* widget.h in Headers */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXHeadersBuildPhase section */
+
+/* Begin PBXNativeTarget section */
+		3B07BDE90E3F3F9E00647869 /* WidgetFrameworkTest */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 3B07BDF40E3F3FB600647869 /* Build configuration list for PBXNativeTarget "WidgetFrameworkTest" */;
+			buildPhases = (
+				3B07BDE70E3F3F9E00647869 /* Sources */,
+				3B07BDE80E3F3F9E00647869 /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				3B07BDF10E3F3FAE00647869 /* PBXTargetDependency */,
+			);
+			name = WidgetFrameworkTest;
+			productName = gTestExampleTest;
+			productReference = 3B07BDEA0E3F3F9E00647869 /* WidgetFrameworkTest */;
+			productType = "com.apple.product-type.tool";
+		};
+		8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "WidgetFramework" */;
+			buildPhases = (
+				8D07F2C10486CC7A007CD1D0 /* Sources */,
+				8D07F2C30486CC7A007CD1D0 /* Frameworks */,
+				8D07F2BD0486CC7A007CD1D0 /* Headers */,
+				8D07F2BF0486CC7A007CD1D0 /* Resources */,
+				8D07F2C50486CC7A007CD1D0 /* Rez */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = WidgetFramework;
+			productInstallPath = "$(HOME)/Library/Frameworks";
+			productName = gTestExample;
+			productReference = 8D07F2C80486CC7A007CD1D0 /* Widget.framework */;
+			productType = "com.apple.product-type.framework";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		0867D690FE84028FC02AAC07 /* Project object */ = {
+			isa = PBXProject;
+			buildConfigurationList = 4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "WidgetFramework" */;
+			compatibilityVersion = "Xcode 2.4";
+			hasScannedForEncodings = 1;
+			mainGroup = 0867D691FE84028FC02AAC07 /* gTestExample */;
+			productRefGroup = 034768DDFF38A45A11DB9C8B /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */,
+				3B07BDE90E3F3F9E00647869 /* WidgetFrameworkTest */,
+				4024D162113D7D2400C7059E /* Test */,
+				4024D1E9113D83FF00C7059E /* TestAndBuild */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		8D07F2BF0486CC7A007CD1D0 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXRezBuildPhase section */
+		8D07F2C50486CC7A007CD1D0 /* Rez */ = {
+			isa = PBXRezBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXRezBuildPhase section */
+
+/* Begin PBXShellScriptBuildPhase section */
+		4024D161113D7D2400C7059E /* ShellScript */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "/bin/bash $SRCROOT/runtests.sh $BUILT_PRODUCTS_DIR/WidgetFrameworkTest\n";
+		};
+/* End PBXShellScriptBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		3B07BDE70E3F3F9E00647869 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				3B7EB1280E5AEE4600C7F239 /* widget_test.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		8D07F2C10486CC7A007CD1D0 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				3B7EB1250E5AEE3500C7F239 /* widget.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin PBXTargetDependency section */
+		3B07BDF10E3F3FAE00647869 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */;
+			targetProxy = 3B07BDF00E3F3FAE00647869 /* PBXContainerItemProxy */;
+		};
+		4024D166113D7D3100C7059E /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 3B07BDE90E3F3F9E00647869 /* WidgetFrameworkTest */;
+			targetProxy = 4024D165113D7D3100C7059E /* PBXContainerItemProxy */;
+		};
+		4024D1ED113D840900C7059E /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */;
+			targetProxy = 4024D1EC113D840900C7059E /* PBXContainerItemProxy */;
+		};
+		4024D1EF113D840D00C7059E /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 4024D162113D7D2400C7059E /* Test */;
+			targetProxy = 4024D1EE113D840D00C7059E /* PBXContainerItemProxy */;
+		};
+/* End PBXTargetDependency section */
+
+/* Begin XCBuildConfiguration section */
+		3B07BDEC0E3F3F9F00647869 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = WidgetFrameworkTest;
+			};
+			name = Debug;
+		};
+		3B07BDED0E3F3F9F00647869 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = WidgetFrameworkTest;
+			};
+			name = Release;
+		};
+		4024D163113D7D2400C7059E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Debug;
+		};
+		4024D164113D7D2400C7059E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Release;
+		};
+		4024D1EA113D83FF00C7059E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Debug;
+		};
+		4024D1EB113D83FF00C7059E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Release;
+		};
+		4FADC24308B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				FRAMEWORK_VERSION = A;
+				INFOPLIST_FILE = Info.plist;
+				INSTALL_PATH = "@loader_path/../Frameworks";
+				PRODUCT_NAME = Widget;
+			};
+			name = Debug;
+		};
+		4FADC24408B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				FRAMEWORK_VERSION = A;
+				INFOPLIST_FILE = Info.plist;
+				INSTALL_PATH = "@loader_path/../Frameworks";
+				PRODUCT_NAME = Widget;
+			};
+			name = Release;
+		};
+		4FADC24708B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = 4.0;
+				SDKROOT = /Developer/SDKs/MacOSX10.4u.sdk;
+			};
+			name = Debug;
+		};
+		4FADC24808B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = 4.0;
+				SDKROOT = /Developer/SDKs/MacOSX10.4u.sdk;
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		3B07BDF40E3F3FB600647869 /* Build configuration list for PBXNativeTarget "WidgetFrameworkTest" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				3B07BDEC0E3F3F9F00647869 /* Debug */,
+				3B07BDED0E3F3F9F00647869 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4024D169113D7D4600C7059E /* Build configuration list for PBXAggregateTarget "Test" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4024D163113D7D2400C7059E /* Debug */,
+				4024D164113D7D2400C7059E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4024D1F0113D842B00C7059E /* Build configuration list for PBXAggregateTarget "TestAndBuild" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4024D1EA113D83FF00C7059E /* Debug */,
+				4024D1EB113D83FF00C7059E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "WidgetFramework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24308B4156D00ABE55E /* Debug */,
+				4FADC24408B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "WidgetFramework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24708B4156D00ABE55E /* Debug */,
+				4FADC24808B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 0867D690FE84028FC02AAC07 /* Project object */;
+}
diff --git a/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
new file mode 100644
index 0000000..4a0d413
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Executes the samples and tests for the Google Test Framework.
+
+# Help the dynamic linker find the path to the libraries.
+export DYLD_FRAMEWORK_PATH=$BUILT_PRODUCTS_DIR
+export DYLD_LIBRARY_PATH=$BUILT_PRODUCTS_DIR
+
+# Create some executables.
+test_executables=$@
+
+# Now execute each one in turn keeping track of how many succeeded and failed.
+succeeded=0
+failed=0
+failed_list=()
+for test in ${test_executables[*]}; do
+  "$test"
+  result=$?
+  if [ $result -eq 0 ]; then
+    succeeded=$(( $succeeded + 1 ))
+  else
+    failed=$(( failed + 1 ))
+    failed_list="$failed_list $test"
+  fi
+done
+
+# Report the successes and failures to the console.
+echo "Tests complete with $succeeded successes and $failed failures."
+if [ $failed -ne 0 ]; then
+  echo "The following tests failed:"
+  echo $failed_list
+fi
+exit $failed
diff --git a/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
new file mode 100644
index 0000000..bfc4e7f
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
@@ -0,0 +1,63 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: preston.a.jackson@gmail.com (Preston Jackson)
+//
+// Google Test - FrameworkSample
+// widget.cc
+//
+
+// Widget is a very simple class used for demonstrating the use of gtest
+
+#include "widget.h"
+
+Widget::Widget(int number, const std::string& name)
+    : number_(number),
+      name_(name) {}
+
+Widget::~Widget() {}
+
+float Widget::GetFloatValue() const {
+  return number_;
+}
+
+int Widget::GetIntValue() const {
+  return static_cast<int>(number_);
+}
+
+std::string Widget::GetStringValue() const {
+  return name_;
+}
+
+void Widget::GetCharPtrValue(char* buffer, size_t max_size) const {
+  // Copy the char* representation of name_ into buffer, up to max_size.
+  strncpy(buffer, name_.c_str(), max_size-1);
+  buffer[max_size-1] = '\0';
+  return;
+}
diff --git a/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
new file mode 100644
index 0000000..0c55cdc
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
@@ -0,0 +1,59 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: preston.a.jackson@gmail.com (Preston Jackson)
+//
+// Google Test - FrameworkSample
+// widget.h
+//
+
+// Widget is a very simple class used for demonstrating the use of gtest. It
+// simply stores two values a string and an integer, which are returned via
+// public accessors in multiple forms.
+
+#import <string>
+
+class Widget {
+ public:
+  Widget(int number, const std::string& name);
+  ~Widget();
+
+  // Public accessors to number data
+  float GetFloatValue() const;
+  int GetIntValue() const;
+
+  // Public accessors to the string data
+  std::string GetStringValue() const;
+  void GetCharPtrValue(char* buffer, size_t max_size) const;
+
+ private:
+  // Data members
+  float number_;
+  std::string name_;
+};
diff --git a/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
new file mode 100644
index 0000000..8725994
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
@@ -0,0 +1,68 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: preston.a.jackson@gmail.com (Preston Jackson)
+//
+// Google Test - FrameworkSample
+// widget_test.cc
+//
+
+// This is a simple test file for the Widget class in the Widget.framework
+
+#include <string>
+#include "gtest/gtest.h"
+
+#include <Widget/widget.h>
+
+// This test verifies that the constructor sets the internal state of the
+// Widget class correctly.
+TEST(WidgetInitializerTest, TestConstructor) {
+  Widget widget(1.0f, "name");
+  EXPECT_FLOAT_EQ(1.0f, widget.GetFloatValue());
+  EXPECT_EQ(std::string("name"), widget.GetStringValue());
+}
+
+// This test verifies the conversion of the float and string values to int and
+// char*, respectively.
+TEST(WidgetInitializerTest, TestConversion) {
+  Widget widget(1.0f, "name");
+  EXPECT_EQ(1, widget.GetIntValue());
+
+  size_t max_size = 128;
+  char buffer[max_size];
+  widget.GetCharPtrValue(buffer, max_size);
+  EXPECT_STREQ("name", buffer);
+}
+
+// Use the Google Test main that is linked into the framework. It does something
+// like this:
+// int main(int argc, char** argv) {
+//   testing::InitGoogleTest(&argc, argv);
+//   return RUN_ALL_TESTS();
+// }
diff --git a/nss/external_tests/google_test/gtest/xcode/Scripts/runtests.sh b/nss/external_tests/google_test/gtest/xcode/Scripts/runtests.sh
new file mode 100644
index 0000000..3fc229f
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Scripts/runtests.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Executes the samples and tests for the Google Test Framework.
+
+# Help the dynamic linker find the path to the libraries.
+export DYLD_FRAMEWORK_PATH=$BUILT_PRODUCTS_DIR
+export DYLD_LIBRARY_PATH=$BUILT_PRODUCTS_DIR
+
+# Create some executables.
+test_executables=("$BUILT_PRODUCTS_DIR/gtest_unittest-framework"
+                  "$BUILT_PRODUCTS_DIR/gtest_unittest"
+                  "$BUILT_PRODUCTS_DIR/sample1_unittest-framework"
+                  "$BUILT_PRODUCTS_DIR/sample1_unittest-static")
+
+# Now execute each one in turn keeping track of how many succeeded and failed. 
+succeeded=0
+failed=0
+failed_list=()
+for test in ${test_executables[*]}; do
+  "$test"
+  result=$?
+  if [ $result -eq 0 ]; then
+    succeeded=$(( $succeeded + 1 ))
+  else
+    failed=$(( failed + 1 ))
+    failed_list="$failed_list $test"
+  fi
+done
+
+# Report the successes and failures to the console.
+echo "Tests complete with $succeeded successes and $failed failures."
+if [ $failed -ne 0 ]; then
+  echo "The following tests failed:"
+  echo $failed_list
+fi
+exit $failed
diff --git a/nss/external_tests/google_test/gtest/xcode/Scripts/versiongenerate.py b/nss/external_tests/google_test/gtest/xcode/Scripts/versiongenerate.py
new file mode 100644
index 0000000..81de8c9
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/Scripts/versiongenerate.py
@@ -0,0 +1,100 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""A script to prepare version informtion for use the gtest Info.plist file.
+
+  This script extracts the version information from the configure.ac file and
+  uses it to generate a header file containing the same information. The
+  #defines in this header file will be included in during the generation of
+  the Info.plist of the framework, giving the correct value to the version
+  shown in the Finder.
+
+  This script makes the following assumptions (these are faults of the script,
+  not problems with the Autoconf):
+    1. The AC_INIT macro will be contained within the first 1024 characters
+       of configure.ac
+    2. The version string will be 3 integers separated by periods and will be
+       surrounded by squre brackets, "[" and "]" (e.g. [1.0.1]). The first
+       segment represents the major version, the second represents the minor
+       version and the third represents the fix version.
+    3. No ")" character exists between the opening "(" and closing ")" of
+       AC_INIT, including in comments and character strings.
+"""
+
+import sys
+import re
+
+# Read the command line argument (the output directory for Version.h)
+if (len(sys.argv) < 3):
+  print "Usage: versiongenerate.py input_dir output_dir"
+  sys.exit(1)
+else:
+  input_dir = sys.argv[1]
+  output_dir = sys.argv[2]
+
+# Read the first 1024 characters of the configure.ac file
+config_file = open("%s/configure.ac" % input_dir, 'r')
+buffer_size = 1024
+opening_string = config_file.read(buffer_size)
+config_file.close()
+
+# Extract the version string from the AC_INIT macro
+#   The following init_expression means:
+#     Extract three integers separated by periods and surrounded by squre
+#     brackets(e.g. "[1.0.1]") between "AC_INIT(" and ")". Do not be greedy
+#     (*? is the non-greedy flag) since that would pull in everything between
+#     the first "(" and the last ")" in the file.
+version_expression = re.compile(r"AC_INIT\(.*?\[(\d+)\.(\d+)\.(\d+)\].*?\)",
+                                re.DOTALL)
+version_values = version_expression.search(opening_string)
+major_version = version_values.group(1)
+minor_version = version_values.group(2)
+fix_version = version_values.group(3)
+
+# Write the version information to a header file to be included in the
+# Info.plist file.
+file_data = """//
+// DO NOT MODIFY THIS FILE (but you can delete it)
+//
+// This file is autogenerated by the versiongenerate.py script. This script
+// is executed in a "Run Script" build phase when creating gtest.framework. This
+// header file is not used during compilation of C-source. Rather, it simply
+// defines some version strings for substitution in the Info.plist. Because of
+// this, we are not not restricted to C-syntax nor are we using include guards.
+//
+
+#define GTEST_VERSIONINFO_SHORT %s.%s
+#define GTEST_VERSIONINFO_LONG %s.%s.%s
+
+""" % (major_version, minor_version, major_version, minor_version, fix_version)
+version_file = open("%s/Version.h" % output_dir, 'w')
+version_file.write(file_data)
+version_file.close()
diff --git a/nss/external_tests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj b/nss/external_tests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
new file mode 100644
index 0000000..0452a63
--- /dev/null
+++ b/nss/external_tests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
@@ -0,0 +1,1135 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 46;
+	objects = {
+
+/* Begin PBXAggregateTarget section */
+		3B238F5F0E828B5400846E11 /* Check */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 3B238FA30E828BB600846E11 /* Build configuration list for PBXAggregateTarget "Check" */;
+			buildPhases = (
+				3B238F5E0E828B5400846E11 /* ShellScript */,
+			);
+			dependencies = (
+				40899F9D0FFA740F000B29AE /* PBXTargetDependency */,
+				40C849F7101A43440083642A /* PBXTargetDependency */,
+				4089A0980FFAD34A000B29AE /* PBXTargetDependency */,
+				40C849F9101A43490083642A /* PBXTargetDependency */,
+			);
+			name = Check;
+			productName = Check;
+		};
+		40C44ADC0E3798F4008FCC51 /* Version Info */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 40C44AE40E379905008FCC51 /* Build configuration list for PBXAggregateTarget "Version Info" */;
+			buildPhases = (
+				40C44ADB0E3798F4008FCC51 /* Generate Version.h */,
+			);
+			comments = "The generation of Version.h must be performed in its own target. Since the Info.plist is preprocessed before any of the other build phases in gtest, the Version.h file would not be ready if included as a build phase of that target.";
+			dependencies = (
+			);
+			name = "Version Info";
+			productName = Version.h;
+		};
+/* End PBXAggregateTarget section */
+
+/* Begin PBXBuildFile section */
+		224A12A30E9EADCC00BD17FD /* gtest-test-part.h in Headers */ = {isa = PBXBuildFile; fileRef = 224A12A20E9EADCC00BD17FD /* gtest-test-part.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		3BF6F2A00E79B5AD000F2EEE /* gtest-type-util.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 3BF6F29F0E79B5AD000F2EEE /* gtest-type-util.h */; };
+		3BF6F2A50E79B616000F2EEE /* gtest-typed-test.h in Headers */ = {isa = PBXBuildFile; fileRef = 3BF6F2A40E79B616000F2EEE /* gtest-typed-test.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		404884380E2F799B00CF7658 /* gtest-death-test.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DB0E2F799B00CF7658 /* gtest-death-test.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		404884390E2F799B00CF7658 /* gtest-message.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DC0E2F799B00CF7658 /* gtest-message.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843A0E2F799B00CF7658 /* gtest-spi.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DD0E2F799B00CF7658 /* gtest-spi.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843B0E2F799B00CF7658 /* gtest.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DE0E2F799B00CF7658 /* gtest.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843C0E2F799B00CF7658 /* gtest_pred_impl.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DF0E2F799B00CF7658 /* gtest_pred_impl.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843D0E2F799B00CF7658 /* gtest_prod.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883E00E2F799B00CF7658 /* gtest_prod.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		404884500E2F799B00CF7658 /* README in Resources */ = {isa = PBXBuildFile; fileRef = 404883F60E2F799B00CF7658 /* README */; };
+		404884A00E2F7BE600CF7658 /* gtest-death-test-internal.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E20E2F799B00CF7658 /* gtest-death-test-internal.h */; };
+		404884A10E2F7BE600CF7658 /* gtest-filepath.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E30E2F799B00CF7658 /* gtest-filepath.h */; };
+		404884A20E2F7BE600CF7658 /* gtest-internal.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E40E2F799B00CF7658 /* gtest-internal.h */; };
+		404884A30E2F7BE600CF7658 /* gtest-port.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E50E2F799B00CF7658 /* gtest-port.h */; };
+		404884A40E2F7BE600CF7658 /* gtest-string.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E60E2F799B00CF7658 /* gtest-string.h */; };
+		404884AC0E2F7CD900CF7658 /* CHANGES in Resources */ = {isa = PBXBuildFile; fileRef = 404884A90E2F7CD900CF7658 /* CHANGES */; };
+		404884AD0E2F7CD900CF7658 /* CONTRIBUTORS in Resources */ = {isa = PBXBuildFile; fileRef = 404884AA0E2F7CD900CF7658 /* CONTRIBUTORS */; };
+		404884AE0E2F7CD900CF7658 /* LICENSE in Resources */ = {isa = PBXBuildFile; fileRef = 404884AB0E2F7CD900CF7658 /* LICENSE */; };
+		40899F3A0FFA70D4000B29AE /* gtest-all.cc in Sources */ = {isa = PBXBuildFile; fileRef = 224A12A10E9EADA700BD17FD /* gtest-all.cc */; };
+		40899F500FFA7281000B29AE /* gtest-tuple.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 40899F4D0FFA7271000B29AE /* gtest-tuple.h */; };
+		40899F530FFA72A0000B29AE /* gtest_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B238C120E7FE13C00846E11 /* gtest_unittest.cc */; };
+		4089A0440FFAD1BE000B29AE /* sample1.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02C0FFACF7F000B29AE /* sample1.cc */; };
+		4089A0460FFAD1BE000B29AE /* sample1_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */; };
+		40C848FF101A21150083642A /* gtest-all.cc in Sources */ = {isa = PBXBuildFile; fileRef = 224A12A10E9EADA700BD17FD /* gtest-all.cc */; };
+		40C84915101A21DF0083642A /* gtest_main.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4048840D0E2F799B00CF7658 /* gtest_main.cc */; };
+		40C84916101A235B0083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C84921101A23AD0083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C84978101A36540083642A /* libgtest_main.a in Resources */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C84980101A36850083642A /* gtest_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B238C120E7FE13C00846E11 /* gtest_unittest.cc */; };
+		40C84982101A36850083642A /* libgtest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C848FA101A209C0083642A /* libgtest.a */; };
+		40C84983101A36850083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C8498F101A36A60083642A /* sample1.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02C0FFACF7F000B29AE /* sample1.cc */; };
+		40C84990101A36A60083642A /* sample1_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */; };
+		40C84992101A36A60083642A /* libgtest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C848FA101A209C0083642A /* libgtest.a */; };
+		40C84993101A36A60083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C849A2101A37050083642A /* gtest.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4539C8FF0EC27F6400A70F4C /* gtest.framework */; };
+		40C849A4101A37150083642A /* gtest.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4539C8FF0EC27F6400A70F4C /* gtest.framework */; };
+		4539C9340EC280AE00A70F4C /* gtest-param-test.h in Headers */ = {isa = PBXBuildFile; fileRef = 4539C9330EC280AE00A70F4C /* gtest-param-test.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4539C9380EC280E200A70F4C /* gtest-linked_ptr.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 4539C9350EC280E200A70F4C /* gtest-linked_ptr.h */; };
+		4539C9390EC280E200A70F4C /* gtest-param-util-generated.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 4539C9360EC280E200A70F4C /* gtest-param-util-generated.h */; };
+		4539C93A0EC280E200A70F4C /* gtest-param-util.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 4539C9370EC280E200A70F4C /* gtest-param-util.h */; };
+		4567C8181264FF71007740BE /* gtest-printers.h in Headers */ = {isa = PBXBuildFile; fileRef = 4567C8171264FF71007740BE /* gtest-printers.h */; settings = {ATTRIBUTES = (Public, ); }; };
+/* End PBXBuildFile section */
+
+/* Begin PBXContainerItemProxy section */
+		40899F9C0FFA740F000B29AE /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40899F420FFA7184000B29AE;
+			remoteInfo = gtest_unittest;
+		};
+		4089A0970FFAD34A000B29AE /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 4089A0120FFACEFC000B29AE;
+			remoteInfo = sample1_unittest;
+		};
+		408BEC0F1046CFE900DEF522 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C848F9101A209C0083642A;
+			remoteInfo = "gtest-static";
+		};
+		40C44AE50E379922008FCC51 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C44ADC0E3798F4008FCC51;
+			remoteInfo = Version.h;
+		};
+		40C8497C101A36850083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C848F9101A209C0083642A;
+			remoteInfo = "gtest-static";
+		};
+		40C8497E101A36850083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8490A101A217E0083642A;
+			remoteInfo = "gtest_main-static";
+		};
+		40C8498B101A36A60083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C848F9101A209C0083642A;
+			remoteInfo = "gtest-static";
+		};
+		40C8498D101A36A60083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8490A101A217E0083642A;
+			remoteInfo = "gtest_main-static";
+		};
+		40C8499B101A36DC0083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8490A101A217E0083642A;
+			remoteInfo = "gtest_main-static";
+		};
+		40C8499D101A36E50083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = "gtest-framework";
+		};
+		40C8499F101A36F10083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = "gtest-framework";
+		};
+		40C849F6101A43440083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8497A101A36850083642A;
+			remoteInfo = "gtest_unittest-static";
+		};
+		40C849F8101A43490083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C84989101A36A60083642A;
+			remoteInfo = "sample1_unittest-static";
+		};
+/* End PBXContainerItemProxy section */
+
+/* Begin PBXCopyFilesBuildPhase section */
+		404884A50E2F7C0400CF7658 /* Copy Headers Internal */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = Headers/internal;
+			dstSubfolderSpec = 6;
+			files = (
+				404884A00E2F7BE600CF7658 /* gtest-death-test-internal.h in Copy Headers Internal */,
+				404884A10E2F7BE600CF7658 /* gtest-filepath.h in Copy Headers Internal */,
+				404884A20E2F7BE600CF7658 /* gtest-internal.h in Copy Headers Internal */,
+				4539C9380EC280E200A70F4C /* gtest-linked_ptr.h in Copy Headers Internal */,
+				4539C9390EC280E200A70F4C /* gtest-param-util-generated.h in Copy Headers Internal */,
+				4539C93A0EC280E200A70F4C /* gtest-param-util.h in Copy Headers Internal */,
+				404884A30E2F7BE600CF7658 /* gtest-port.h in Copy Headers Internal */,
+				404884A40E2F7BE600CF7658 /* gtest-string.h in Copy Headers Internal */,
+				40899F500FFA7281000B29AE /* gtest-tuple.h in Copy Headers Internal */,
+				3BF6F2A00E79B5AD000F2EEE /* gtest-type-util.h in Copy Headers Internal */,
+			);
+			name = "Copy Headers Internal";
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXCopyFilesBuildPhase section */
+
+/* Begin PBXFileReference section */
+		224A12A10E9EADA700BD17FD /* gtest-all.cc */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = "gtest-all.cc"; sourceTree = "<group>"; };
+		224A12A20E9EADCC00BD17FD /* gtest-test-part.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "gtest-test-part.h"; sourceTree = "<group>"; };
+		3B238C120E7FE13C00846E11 /* gtest_unittest.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = gtest_unittest.cc; sourceTree = "<group>"; };
+		3B87D2100E96B92E000D1852 /* runtests.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = runtests.sh; sourceTree = "<group>"; };
+		3BF6F29F0E79B5AD000F2EEE /* gtest-type-util.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-type-util.h"; sourceTree = "<group>"; };
+		3BF6F2A40E79B616000F2EEE /* gtest-typed-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-typed-test.h"; sourceTree = "<group>"; };
+		403EE37C0E377822004BD1E2 /* versiongenerate.py */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.python; path = versiongenerate.py; sourceTree = "<group>"; };
+		404883DB0E2F799B00CF7658 /* gtest-death-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-death-test.h"; sourceTree = "<group>"; };
+		404883DC0E2F799B00CF7658 /* gtest-message.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-message.h"; sourceTree = "<group>"; };
+		404883DD0E2F799B00CF7658 /* gtest-spi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-spi.h"; sourceTree = "<group>"; };
+		404883DE0E2F799B00CF7658 /* gtest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gtest.h; sourceTree = "<group>"; };
+		404883DF0E2F799B00CF7658 /* gtest_pred_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gtest_pred_impl.h; sourceTree = "<group>"; };
+		404883E00E2F799B00CF7658 /* gtest_prod.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gtest_prod.h; sourceTree = "<group>"; };
+		404883E20E2F799B00CF7658 /* gtest-death-test-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-death-test-internal.h"; sourceTree = "<group>"; };
+		404883E30E2F799B00CF7658 /* gtest-filepath.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-filepath.h"; sourceTree = "<group>"; };
+		404883E40E2F799B00CF7658 /* gtest-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-internal.h"; sourceTree = "<group>"; };
+		404883E50E2F799B00CF7658 /* gtest-port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-port.h"; sourceTree = "<group>"; };
+		404883E60E2F799B00CF7658 /* gtest-string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-string.h"; sourceTree = "<group>"; };
+		404883F60E2F799B00CF7658 /* README */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = README; path = ../README; sourceTree = SOURCE_ROOT; };
+		4048840D0E2F799B00CF7658 /* gtest_main.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = gtest_main.cc; sourceTree = "<group>"; };
+		404884A90E2F7CD900CF7658 /* CHANGES */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = CHANGES; path = ../CHANGES; sourceTree = SOURCE_ROOT; };
+		404884AA0E2F7CD900CF7658 /* CONTRIBUTORS */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = CONTRIBUTORS; path = ../CONTRIBUTORS; sourceTree = SOURCE_ROOT; };
+		404884AB0E2F7CD900CF7658 /* LICENSE */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = LICENSE; path = ../LICENSE; sourceTree = SOURCE_ROOT; };
+		40899F430FFA7184000B29AE /* gtest_unittest-framework */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "gtest_unittest-framework"; sourceTree = BUILT_PRODUCTS_DIR; };
+		40899F4D0FFA7271000B29AE /* gtest-tuple.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-tuple.h"; sourceTree = "<group>"; };
+		40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = StaticLibraryTarget.xcconfig; sourceTree = "<group>"; };
+		4089A0130FFACEFC000B29AE /* sample1_unittest-framework */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "sample1_unittest-framework"; sourceTree = BUILT_PRODUCTS_DIR; };
+		4089A02C0FFACF7F000B29AE /* sample1.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = sample1.cc; sourceTree = "<group>"; };
+		4089A02D0FFACF7F000B29AE /* sample1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sample1.h; sourceTree = "<group>"; };
+		4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = sample1_unittest.cc; sourceTree = "<group>"; };
+		40C848FA101A209C0083642A /* libgtest.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libgtest.a; sourceTree = BUILT_PRODUCTS_DIR; };
+		40C8490B101A217E0083642A /* libgtest_main.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libgtest_main.a; sourceTree = BUILT_PRODUCTS_DIR; };
+		40C84987101A36850083642A /* gtest_unittest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = gtest_unittest; sourceTree = BUILT_PRODUCTS_DIR; };
+		40C84997101A36A60083642A /* sample1_unittest-static */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "sample1_unittest-static"; sourceTree = BUILT_PRODUCTS_DIR; };
+		40D4CDF10E30E07400294801 /* DebugProject.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = DebugProject.xcconfig; sourceTree = "<group>"; };
+		40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = FrameworkTarget.xcconfig; sourceTree = "<group>"; };
+		40D4CDF30E30E07400294801 /* General.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = General.xcconfig; sourceTree = "<group>"; };
+		40D4CDF40E30E07400294801 /* ReleaseProject.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = ReleaseProject.xcconfig; sourceTree = "<group>"; };
+		40D4CF510E30F5E200294801 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+		4539C8FF0EC27F6400A70F4C /* gtest.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = gtest.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		4539C9330EC280AE00A70F4C /* gtest-param-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-param-test.h"; sourceTree = "<group>"; };
+		4539C9350EC280E200A70F4C /* gtest-linked_ptr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-linked_ptr.h"; sourceTree = "<group>"; };
+		4539C9360EC280E200A70F4C /* gtest-param-util-generated.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-param-util-generated.h"; sourceTree = "<group>"; };
+		4539C9370EC280E200A70F4C /* gtest-param-util.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-param-util.h"; sourceTree = "<group>"; };
+		4567C8171264FF71007740BE /* gtest-printers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-printers.h"; sourceTree = "<group>"; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		40899F410FFA7184000B29AE /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C849A4101A37150083642A /* gtest.framework in Frameworks */,
+				40C84916101A235B0083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		4089A0110FFACEFC000B29AE /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C849A2101A37050083642A /* gtest.framework in Frameworks */,
+				40C84921101A23AD0083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C84981101A36850083642A /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84982101A36850083642A /* libgtest.a in Frameworks */,
+				40C84983101A36850083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C84991101A36A60083642A /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84992101A36A60083642A /* libgtest.a in Frameworks */,
+				40C84993101A36A60083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		034768DDFF38A45A11DB9C8B /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				4539C8FF0EC27F6400A70F4C /* gtest.framework */,
+				40C848FA101A209C0083642A /* libgtest.a */,
+				40C8490B101A217E0083642A /* libgtest_main.a */,
+				40899F430FFA7184000B29AE /* gtest_unittest-framework */,
+				40C84987101A36850083642A /* gtest_unittest */,
+				4089A0130FFACEFC000B29AE /* sample1_unittest-framework */,
+				40C84997101A36A60083642A /* sample1_unittest-static */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		0867D691FE84028FC02AAC07 /* gtest */ = {
+			isa = PBXGroup;
+			children = (
+				40D4CDF00E30E07400294801 /* Config */,
+				08FB77ACFE841707C02AAC07 /* Source */,
+				40D4CF4E0E30F5E200294801 /* Resources */,
+				403EE37B0E377822004BD1E2 /* Scripts */,
+				034768DDFF38A45A11DB9C8B /* Products */,
+			);
+			name = gtest;
+			sourceTree = "<group>";
+		};
+		08FB77ACFE841707C02AAC07 /* Source */ = {
+			isa = PBXGroup;
+			children = (
+				404884A90E2F7CD900CF7658 /* CHANGES */,
+				404884AA0E2F7CD900CF7658 /* CONTRIBUTORS */,
+				404884AB0E2F7CD900CF7658 /* LICENSE */,
+				404883F60E2F799B00CF7658 /* README */,
+				404883D90E2F799B00CF7658 /* include */,
+				4089A02F0FFACF84000B29AE /* samples */,
+				404884070E2F799B00CF7658 /* src */,
+				3B238BF00E7FE13B00846E11 /* test */,
+			);
+			name = Source;
+			sourceTree = "<group>";
+		};
+		3B238BF00E7FE13B00846E11 /* test */ = {
+			isa = PBXGroup;
+			children = (
+				3B238C120E7FE13C00846E11 /* gtest_unittest.cc */,
+			);
+			name = test;
+			path = ../test;
+			sourceTree = SOURCE_ROOT;
+		};
+		403EE37B0E377822004BD1E2 /* Scripts */ = {
+			isa = PBXGroup;
+			children = (
+				403EE37C0E377822004BD1E2 /* versiongenerate.py */,
+				3B87D2100E96B92E000D1852 /* runtests.sh */,
+			);
+			path = Scripts;
+			sourceTree = "<group>";
+		};
+		404883D90E2F799B00CF7658 /* include */ = {
+			isa = PBXGroup;
+			children = (
+				404883DA0E2F799B00CF7658 /* gtest */,
+			);
+			name = include;
+			path = ../include;
+			sourceTree = SOURCE_ROOT;
+		};
+		404883DA0E2F799B00CF7658 /* gtest */ = {
+			isa = PBXGroup;
+			children = (
+				404883E10E2F799B00CF7658 /* internal */,
+				224A12A20E9EADCC00BD17FD /* gtest-test-part.h */,
+				404883DB0E2F799B00CF7658 /* gtest-death-test.h */,
+				404883DC0E2F799B00CF7658 /* gtest-message.h */,
+				4539C9330EC280AE00A70F4C /* gtest-param-test.h */,
+				4567C8171264FF71007740BE /* gtest-printers.h */,
+				404883DD0E2F799B00CF7658 /* gtest-spi.h */,
+				404883DE0E2F799B00CF7658 /* gtest.h */,
+				404883DF0E2F799B00CF7658 /* gtest_pred_impl.h */,
+				404883E00E2F799B00CF7658 /* gtest_prod.h */,
+				3BF6F2A40E79B616000F2EEE /* gtest-typed-test.h */,
+			);
+			path = gtest;
+			sourceTree = "<group>";
+		};
+		404883E10E2F799B00CF7658 /* internal */ = {
+			isa = PBXGroup;
+			children = (
+				404883E20E2F799B00CF7658 /* gtest-death-test-internal.h */,
+				404883E30E2F799B00CF7658 /* gtest-filepath.h */,
+				404883E40E2F799B00CF7658 /* gtest-internal.h */,
+				4539C9350EC280E200A70F4C /* gtest-linked_ptr.h */,
+				4539C9360EC280E200A70F4C /* gtest-param-util-generated.h */,
+				4539C9370EC280E200A70F4C /* gtest-param-util.h */,
+				404883E50E2F799B00CF7658 /* gtest-port.h */,
+				404883E60E2F799B00CF7658 /* gtest-string.h */,
+				40899F4D0FFA7271000B29AE /* gtest-tuple.h */,
+				3BF6F29F0E79B5AD000F2EEE /* gtest-type-util.h */,
+			);
+			path = internal;
+			sourceTree = "<group>";
+		};
+		404884070E2F799B00CF7658 /* src */ = {
+			isa = PBXGroup;
+			children = (
+				224A12A10E9EADA700BD17FD /* gtest-all.cc */,
+				4048840D0E2F799B00CF7658 /* gtest_main.cc */,
+			);
+			name = src;
+			path = ../src;
+			sourceTree = SOURCE_ROOT;
+		};
+		4089A02F0FFACF84000B29AE /* samples */ = {
+			isa = PBXGroup;
+			children = (
+				4089A02C0FFACF7F000B29AE /* sample1.cc */,
+				4089A02D0FFACF7F000B29AE /* sample1.h */,
+				4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */,
+			);
+			name = samples;
+			path = ../samples;
+			sourceTree = SOURCE_ROOT;
+		};
+		40D4CDF00E30E07400294801 /* Config */ = {
+			isa = PBXGroup;
+			children = (
+				40D4CDF10E30E07400294801 /* DebugProject.xcconfig */,
+				40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */,
+				40D4CDF30E30E07400294801 /* General.xcconfig */,
+				40D4CDF40E30E07400294801 /* ReleaseProject.xcconfig */,
+				40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */,
+			);
+			path = Config;
+			sourceTree = "<group>";
+		};
+		40D4CF4E0E30F5E200294801 /* Resources */ = {
+			isa = PBXGroup;
+			children = (
+				40D4CF510E30F5E200294801 /* Info.plist */,
+			);
+			path = Resources;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXHeadersBuildPhase section */
+		8D07F2BD0486CC7A007CD1D0 /* Headers */ = {
+			isa = PBXHeadersBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				404884380E2F799B00CF7658 /* gtest-death-test.h in Headers */,
+				404884390E2F799B00CF7658 /* gtest-message.h in Headers */,
+				4539C9340EC280AE00A70F4C /* gtest-param-test.h in Headers */,
+				4567C8181264FF71007740BE /* gtest-printers.h in Headers */,
+				3BF6F2A50E79B616000F2EEE /* gtest-typed-test.h in Headers */,
+				4048843A0E2F799B00CF7658 /* gtest-spi.h in Headers */,
+				4048843B0E2F799B00CF7658 /* gtest.h in Headers */,
+				4048843C0E2F799B00CF7658 /* gtest_pred_impl.h in Headers */,
+				4048843D0E2F799B00CF7658 /* gtest_prod.h in Headers */,
+				224A12A30E9EADCC00BD17FD /* gtest-test-part.h in Headers */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXHeadersBuildPhase section */
+
+/* Begin PBXNativeTarget section */
+		40899F420FFA7184000B29AE /* gtest_unittest-framework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40899F4A0FFA71BC000B29AE /* Build configuration list for PBXNativeTarget "gtest_unittest-framework" */;
+			buildPhases = (
+				40899F400FFA7184000B29AE /* Sources */,
+				40899F410FFA7184000B29AE /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C849A0101A36F10083642A /* PBXTargetDependency */,
+			);
+			name = "gtest_unittest-framework";
+			productName = gtest_unittest;
+			productReference = 40899F430FFA7184000B29AE /* gtest_unittest-framework */;
+			productType = "com.apple.product-type.tool";
+		};
+		4089A0120FFACEFC000B29AE /* sample1_unittest-framework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 4089A0240FFACF01000B29AE /* Build configuration list for PBXNativeTarget "sample1_unittest-framework" */;
+			buildPhases = (
+				4089A0100FFACEFC000B29AE /* Sources */,
+				4089A0110FFACEFC000B29AE /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C8499E101A36E50083642A /* PBXTargetDependency */,
+			);
+			name = "sample1_unittest-framework";
+			productName = sample1_unittest;
+			productReference = 4089A0130FFACEFC000B29AE /* sample1_unittest-framework */;
+			productType = "com.apple.product-type.tool";
+		};
+		40C848F9101A209C0083642A /* gtest-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84902101A212E0083642A /* Build configuration list for PBXNativeTarget "gtest-static" */;
+			buildPhases = (
+				40C848F7101A209C0083642A /* Sources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = "gtest-static";
+			productName = "gtest-static";
+			productReference = 40C848FA101A209C0083642A /* libgtest.a */;
+			productType = "com.apple.product-type.library.static";
+		};
+		40C8490A101A217E0083642A /* gtest_main-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84912101A21D20083642A /* Build configuration list for PBXNativeTarget "gtest_main-static" */;
+			buildPhases = (
+				40C84908101A217E0083642A /* Sources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = "gtest_main-static";
+			productName = "gtest_main-static";
+			productReference = 40C8490B101A217E0083642A /* libgtest_main.a */;
+			productType = "com.apple.product-type.library.static";
+		};
+		40C8497A101A36850083642A /* gtest_unittest-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84984101A36850083642A /* Build configuration list for PBXNativeTarget "gtest_unittest-static" */;
+			buildPhases = (
+				40C8497F101A36850083642A /* Sources */,
+				40C84981101A36850083642A /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C8497B101A36850083642A /* PBXTargetDependency */,
+				40C8497D101A36850083642A /* PBXTargetDependency */,
+			);
+			name = "gtest_unittest-static";
+			productName = gtest_unittest;
+			productReference = 40C84987101A36850083642A /* gtest_unittest */;
+			productType = "com.apple.product-type.tool";
+		};
+		40C84989101A36A60083642A /* sample1_unittest-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84994101A36A60083642A /* Build configuration list for PBXNativeTarget "sample1_unittest-static" */;
+			buildPhases = (
+				40C8498E101A36A60083642A /* Sources */,
+				40C84991101A36A60083642A /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C8498A101A36A60083642A /* PBXTargetDependency */,
+				40C8498C101A36A60083642A /* PBXTargetDependency */,
+			);
+			name = "sample1_unittest-static";
+			productName = sample1_unittest;
+			productReference = 40C84997101A36A60083642A /* sample1_unittest-static */;
+			productType = "com.apple.product-type.tool";
+		};
+		8D07F2BC0486CC7A007CD1D0 /* gtest-framework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "gtest-framework" */;
+			buildPhases = (
+				8D07F2C10486CC7A007CD1D0 /* Sources */,
+				8D07F2BD0486CC7A007CD1D0 /* Headers */,
+				404884A50E2F7C0400CF7658 /* Copy Headers Internal */,
+				8D07F2BF0486CC7A007CD1D0 /* Resources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C44AE60E379922008FCC51 /* PBXTargetDependency */,
+				408BEC101046CFE900DEF522 /* PBXTargetDependency */,
+				40C8499C101A36DC0083642A /* PBXTargetDependency */,
+			);
+			name = "gtest-framework";
+			productInstallPath = "$(HOME)/Library/Frameworks";
+			productName = gtest;
+			productReference = 4539C8FF0EC27F6400A70F4C /* gtest.framework */;
+			productType = "com.apple.product-type.framework";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		0867D690FE84028FC02AAC07 /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				LastUpgradeCheck = 0460;
+			};
+			buildConfigurationList = 4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "gtest" */;
+			compatibilityVersion = "Xcode 3.2";
+			developmentRegion = English;
+			hasScannedForEncodings = 1;
+			knownRegions = (
+				English,
+				Japanese,
+				French,
+				German,
+				en,
+			);
+			mainGroup = 0867D691FE84028FC02AAC07 /* gtest */;
+			productRefGroup = 034768DDFF38A45A11DB9C8B /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				8D07F2BC0486CC7A007CD1D0 /* gtest-framework */,
+				40C848F9101A209C0083642A /* gtest-static */,
+				40C8490A101A217E0083642A /* gtest_main-static */,
+				40899F420FFA7184000B29AE /* gtest_unittest-framework */,
+				40C8497A101A36850083642A /* gtest_unittest-static */,
+				4089A0120FFACEFC000B29AE /* sample1_unittest-framework */,
+				40C84989101A36A60083642A /* sample1_unittest-static */,
+				3B238F5F0E828B5400846E11 /* Check */,
+				40C44ADC0E3798F4008FCC51 /* Version Info */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		8D07F2BF0486CC7A007CD1D0 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				404884500E2F799B00CF7658 /* README in Resources */,
+				404884AC0E2F7CD900CF7658 /* CHANGES in Resources */,
+				404884AD0E2F7CD900CF7658 /* CONTRIBUTORS in Resources */,
+				404884AE0E2F7CD900CF7658 /* LICENSE in Resources */,
+				40C84978101A36540083642A /* libgtest_main.a in Resources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXShellScriptBuildPhase section */
+		3B238F5E0E828B5400846E11 /* ShellScript */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "# Remember, this \"Run Script\" build phase will be executed from $SRCROOT\n/bin/bash Scripts/runtests.sh";
+		};
+		40C44ADB0E3798F4008FCC51 /* Generate Version.h */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+				"$(SRCROOT)/Scripts/versiongenerate.py",
+				"$(SRCROOT)/../configure.ac",
+			);
+			name = "Generate Version.h";
+			outputPaths = (
+				"$(PROJECT_TEMP_DIR)/Version.h",
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "# Remember, this \"Run Script\" build phase will be executed from $SRCROOT\n/usr/bin/python Scripts/versiongenerate.py ../ $PROJECT_TEMP_DIR";
+		};
+/* End PBXShellScriptBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		40899F400FFA7184000B29AE /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40899F530FFA72A0000B29AE /* gtest_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		4089A0100FFACEFC000B29AE /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				4089A0440FFAD1BE000B29AE /* sample1.cc in Sources */,
+				4089A0460FFAD1BE000B29AE /* sample1_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C848F7101A209C0083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C848FF101A21150083642A /* gtest-all.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C84908101A217E0083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84915101A21DF0083642A /* gtest_main.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C8497F101A36850083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84980101A36850083642A /* gtest_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C8498E101A36A60083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C8498F101A36A60083642A /* sample1.cc in Sources */,
+				40C84990101A36A60083642A /* sample1_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		8D07F2C10486CC7A007CD1D0 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40899F3A0FFA70D4000B29AE /* gtest-all.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin PBXTargetDependency section */
+		40899F9D0FFA740F000B29AE /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40899F420FFA7184000B29AE /* gtest_unittest-framework */;
+			targetProxy = 40899F9C0FFA740F000B29AE /* PBXContainerItemProxy */;
+		};
+		4089A0980FFAD34A000B29AE /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 4089A0120FFACEFC000B29AE /* sample1_unittest-framework */;
+			targetProxy = 4089A0970FFAD34A000B29AE /* PBXContainerItemProxy */;
+		};
+		408BEC101046CFE900DEF522 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C848F9101A209C0083642A /* gtest-static */;
+			targetProxy = 408BEC0F1046CFE900DEF522 /* PBXContainerItemProxy */;
+		};
+		40C44AE60E379922008FCC51 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C44ADC0E3798F4008FCC51 /* Version Info */;
+			targetProxy = 40C44AE50E379922008FCC51 /* PBXContainerItemProxy */;
+		};
+		40C8497B101A36850083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C848F9101A209C0083642A /* gtest-static */;
+			targetProxy = 40C8497C101A36850083642A /* PBXContainerItemProxy */;
+		};
+		40C8497D101A36850083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8490A101A217E0083642A /* gtest_main-static */;
+			targetProxy = 40C8497E101A36850083642A /* PBXContainerItemProxy */;
+		};
+		40C8498A101A36A60083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C848F9101A209C0083642A /* gtest-static */;
+			targetProxy = 40C8498B101A36A60083642A /* PBXContainerItemProxy */;
+		};
+		40C8498C101A36A60083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8490A101A217E0083642A /* gtest_main-static */;
+			targetProxy = 40C8498D101A36A60083642A /* PBXContainerItemProxy */;
+		};
+		40C8499C101A36DC0083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8490A101A217E0083642A /* gtest_main-static */;
+			targetProxy = 40C8499B101A36DC0083642A /* PBXContainerItemProxy */;
+		};
+		40C8499E101A36E50083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* gtest-framework */;
+			targetProxy = 40C8499D101A36E50083642A /* PBXContainerItemProxy */;
+		};
+		40C849A0101A36F10083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* gtest-framework */;
+			targetProxy = 40C8499F101A36F10083642A /* PBXContainerItemProxy */;
+		};
+		40C849F7101A43440083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8497A101A36850083642A /* gtest_unittest-static */;
+			targetProxy = 40C849F6101A43440083642A /* PBXContainerItemProxy */;
+		};
+		40C849F9101A43490083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C84989101A36A60083642A /* sample1_unittest-static */;
+			targetProxy = 40C849F8101A43490083642A /* PBXContainerItemProxy */;
+		};
+/* End PBXTargetDependency section */
+
+/* Begin XCBuildConfiguration section */
+		3B238F600E828B5400846E11 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				COPY_PHASE_STRIP = NO;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = Check;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		3B238F610E828B5400846E11 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				COPY_PHASE_STRIP = YES;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = Check;
+				SDKROOT = macosx;
+				ZERO_LINK = NO;
+			};
+			name = Release;
+		};
+		40899F450FFA7185000B29AE /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = "gtest_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40899F460FFA7185000B29AE /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = "gtest_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		4089A0150FFACEFD000B29AE /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		4089A0160FFACEFD000B29AE /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C44ADF0E3798F4008FCC51 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				TARGET_NAME = gtest;
+			};
+			name = Debug;
+		};
+		40C44AE00E3798F4008FCC51 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				TARGET_NAME = gtest;
+			};
+			name = Release;
+		};
+		40C848FB101A209D0083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_INLINES_ARE_PRIVATE_EXTERN = YES;
+				GCC_SYMBOLS_PRIVATE_EXTERN = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C848FC101A209D0083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_INLINES_ARE_PRIVATE_EXTERN = YES;
+				GCC_SYMBOLS_PRIVATE_EXTERN = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C8490E101A217F0083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest_main;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C8490F101A217F0083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest_main;
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C84985101A36850083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = gtest_unittest;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C84986101A36850083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = gtest_unittest;
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C84995101A36A60083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-static";
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C84996101A36A60083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-static";
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		4FADC24308B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				INFOPLIST_FILE = Resources/Info.plist;
+				INFOPLIST_PREFIX_HEADER = "$(PROJECT_TEMP_DIR)/Version.h";
+				INFOPLIST_PREPROCESS = YES;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				VERSIONING_SYSTEM = "apple-generic";
+			};
+			name = Debug;
+		};
+		4FADC24408B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				INFOPLIST_FILE = Resources/Info.plist;
+				INFOPLIST_PREFIX_HEADER = "$(PROJECT_TEMP_DIR)/Version.h";
+				INFOPLIST_PREPROCESS = YES;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				VERSIONING_SYSTEM = "apple-generic";
+			};
+			name = Release;
+		};
+		4FADC24708B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF10E30E07400294801 /* DebugProject.xcconfig */;
+			buildSettings = {
+			};
+			name = Debug;
+		};
+		4FADC24808B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF40E30E07400294801 /* ReleaseProject.xcconfig */;
+			buildSettings = {
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		3B238FA30E828BB600846E11 /* Build configuration list for PBXAggregateTarget "Check" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				3B238F600E828B5400846E11 /* Debug */,
+				3B238F610E828B5400846E11 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40899F4A0FFA71BC000B29AE /* Build configuration list for PBXNativeTarget "gtest_unittest-framework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40899F450FFA7185000B29AE /* Debug */,
+				40899F460FFA7185000B29AE /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4089A0240FFACF01000B29AE /* Build configuration list for PBXNativeTarget "sample1_unittest-framework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4089A0150FFACEFD000B29AE /* Debug */,
+				4089A0160FFACEFD000B29AE /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C44AE40E379905008FCC51 /* Build configuration list for PBXAggregateTarget "Version Info" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C44ADF0E3798F4008FCC51 /* Debug */,
+				40C44AE00E3798F4008FCC51 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84902101A212E0083642A /* Build configuration list for PBXNativeTarget "gtest-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C848FB101A209D0083642A /* Debug */,
+				40C848FC101A209D0083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84912101A21D20083642A /* Build configuration list for PBXNativeTarget "gtest_main-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C8490E101A217F0083642A /* Debug */,
+				40C8490F101A217F0083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84984101A36850083642A /* Build configuration list for PBXNativeTarget "gtest_unittest-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C84985101A36850083642A /* Debug */,
+				40C84986101A36850083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84994101A36A60083642A /* Build configuration list for PBXNativeTarget "sample1_unittest-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C84995101A36A60083642A /* Debug */,
+				40C84996101A36A60083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "gtest-framework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24308B4156D00ABE55E /* Debug */,
+				4FADC24408B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "gtest" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24708B4156D00ABE55E /* Debug */,
+				4FADC24808B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 0867D690FE84028FC02AAC07 /* Project object */;
+}
diff --git a/nss/external_tests/google_test/manifest.mn b/nss/external_tests/google_test/manifest.mn
new file mode 100644
index 0000000..70e33e6
--- /dev/null
+++ b/nss/external_tests/google_test/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+
+MODULE = gtest
+LIBRARY_NAME = gtest
+LIBRARY_VERSION = 1
+
+INCLUDES += -Igtest/include/ -Igtest
+
+CPPSRCS = \
+	gtest/src/gtest-all.cc \
+	$(NULL)
+
+
+EXPORTS = \
+	$(NULL)
+
+
+
diff --git a/nss/external_tests/manifest.mn b/nss/external_tests/manifest.mn
new file mode 100644
index 0000000..149e24b
--- /dev/null
+++ b/nss/external_tests/manifest.mn
@@ -0,0 +1,16 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ..
+DEPTH      = ..
+
+DIRS = \
+	google_test \
+	common \
+	der_gtest \
+	util_gtest \
+	pk11_gtest \
+	ssl_gtest \
+        nss_bogo_shim \
+	$(NULL)
diff --git a/nss/external_tests/nss_bogo_shim/Makefile b/nss/external_tests/nss_bogo_shim/Makefile
new file mode 100644
index 0000000..fd6426d
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/Makefile
@@ -0,0 +1,52 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+CXXFLAGS += -std=c++0x
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/ssl
+
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
diff --git a/nss/external_tests/nss_bogo_shim/config.cc b/nss/external_tests/nss_bogo_shim/config.cc
new file mode 100644
index 0000000..2e6f7f7
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/config.cc
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <queue>
+#include <string>
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args,
+                                    std::string *out) {
+  if (args->empty()) return false;
+  *out = args->front();
+  args->pop();
+  return true;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, int *out) {
+  if (args->empty()) return false;
+
+  char *endptr;
+  *out = strtol(args->front(), &endptr, 10);
+  args->pop();
+
+  return !*endptr;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, bool *out) {
+  *out = true;
+  return true;
+}
+
+std::string Config::XformFlag(const std::string &arg) {
+  if (arg.empty()) return "";
+
+  if (arg[0] != '-') return "";
+
+  return arg.substr(1);
+}
+
+Config::Status Config::ParseArgs(int argc, char **argv) {
+  std::queue<const char *> args;
+  for (int i = 1; i < argc; ++i) {
+    args.push(argv[i]);
+  }
+  while (!args.empty()) {
+    auto e = entries_.find(XformFlag(args.front()));
+    args.pop();
+    if (e == entries_.end()) {
+      return kUnknownFlag;
+    }
+    if (!e->second->Parse(&args)) return kMalformedArgument;
+  }
+
+  return kOK;
+}
diff --git a/nss/external_tests/nss_bogo_shim/config.h b/nss/external_tests/nss_bogo_shim/config.h
new file mode 100644
index 0000000..a18b894
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/config.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Generic command line flags system for NSS BoGo shim.  This class
+// could actually in principle handle other programs. The flags are
+// defined in the consumer code.
+
+#ifndef config_h_
+#define config_h_
+
+#include <cassert>
+
+#include <iostream>
+#include <map>
+#include <queue>
+#include <string>
+#include <typeinfo>
+
+// Abstract base class for a given config flag.
+class ConfigEntryBase {
+ public:
+  ConfigEntryBase(const std::string& name, const std::string& type)
+      : name_(name), type_(type) {}
+
+  const std::string& type() const { return type_; }
+  virtual bool Parse(std::queue<const char*>* args) = 0;
+
+ protected:
+  bool ParseInternal(std::queue<const char*>* args, std::string* out);
+  bool ParseInternal(std::queue<const char*>* args, int* out);
+  bool ParseInternal(std::queue<const char*>* args, bool* out);
+
+  const std::string name_;
+  const std::string type_;
+};
+
+// Template specializations for the concrete flag types.
+template <typename T>
+class ConfigEntry : public ConfigEntryBase {
+ public:
+  ConfigEntry(const std::string& name, T init)
+      : ConfigEntryBase(name, typeid(T).name()), value_(init) {}
+  T get() const { return value_; }
+
+  bool Parse(std::queue<const char*>* args) {
+    return ParseInternal(args, &value_);
+  }
+
+ private:
+  T value_;
+};
+
+// The overall configuration (I.e., the total set of flags).
+class Config {
+ public:
+  enum Status { kOK, kUnknownFlag, kMalformedArgument, kMissingValue };
+
+  Config() : entries_() {}
+
+  template <typename T>
+  void AddEntry(const std::string& name, T init) {
+    entries_[name] = new ConfigEntry<T>(name, init);
+  }
+
+  Status ParseArgs(int argc, char** argv);
+
+  template <typename T>
+  T get(const std::string& key) const {
+    auto e = entry(key);
+    assert(e->type() == typeid(T).name());
+    return static_cast<const ConfigEntry<T>*>(e)->get();
+  }
+
+ private:
+  static std::string XformFlag(const std::string& arg);
+
+  std::map<std::string, ConfigEntryBase*> entries_;
+
+  const ConfigEntryBase* entry(const std::string& key) const {
+    auto e = entries_.find(key);
+    if (e == entries_.end()) return nullptr;
+    return e->second;
+  }
+};
+
+#endif  // config_h_
diff --git a/nss/external_tests/nss_bogo_shim/config.json b/nss/external_tests/nss_bogo_shim/config.json
new file mode 100644
index 0000000..1c8b56a
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/config.json
@@ -0,0 +1,41 @@
+{
+    "DisabledTests": {
+        "*HelloRetryRequest*":"HRR hasn't landed yet",
+        "SecondClientHelloWrongCurve":"HRR hasn't landed yet",
+        "KeyUpdate":"KeyUpdate Unimplemented",
+        "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
+        "ClientAuth-SHA1-Fallback":"Disagreement about alerts. Bug 1294975",
+        "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
+        "*SignatureType-TLS13":"SignatureScheme patch",
+        "ECDSACurveMismatch-Verify-TLS13":"SignatureScheme patch",
+        "ServerAuth-NoFallback-TLS13":"PSS",
+        "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
+        "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
+        "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
+        "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
+        "*VersionTolerance":"BoGo expects us to negotiate 1.3 but we negotiate 1.2 because BoGo didn't send draft version",
+        "*SSL3*":"NSS disables SSLv3",
+        "*SSLv3*":"NSS disables SSLv3",
+        "*AES256*":"Inconsistent support for AES256",
+        "*AES128-SHA256*":"No support for Suite B ciphers",
+        "*CHACHA20-POLY1305-OLD*":"Old ChaCha/Poly",
+        "DuplicateExtension*":"NSS sends unexpected_extension alert",
+        "WeakDH":"NSS supports 768-bit DH",
+        "SillyDH":"NSS supports 4097-bit DH",
+        "SendWarningAlerts":"This appears to be Boring-specific",
+        "V2ClientHello-WarningAlertPrefix":"Bug 1292893",
+        "TLS12-AES128-GCM-client":"Bug 1292895",
+        "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895",
+        "Renegotiate-Client-Forbidden-1":"Bug 1292898",
+        "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default",
+        "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default",
+        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default"
+    },
+    "ErrorMap" : {
+        ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP"
+    }
+}
+
diff --git a/nss/external_tests/nss_bogo_shim/manifest.mn b/nss/external_tests/nss_bogo_shim/manifest.mn
new file mode 100644
index 0000000..2d60dde
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/manifest.mn
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      config.cc \
+      nsskeys.cc \
+      nss_bogo_shim.cc \
+      $(NULL)
+
+REQUIRES = nspr nss libdbm
+
+PROGRAM = nss_bogo_shim
+#EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
+
+USE_STATIC_LIBS = 1
diff --git a/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc b/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
new file mode 100644
index 0000000..2f52335
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/nss_bogo_shim.cc
@@ -0,0 +1,314 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <iostream>
+#include <memory>
+#include "nspr.h"
+#include "nss.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "nsskeys.h"
+
+std::string FormatError(PRErrorCode code) {
+  return std::string(":") + PORT_ErrorToName(code) + ":" + ":" +
+         PORT_ErrorToString(code);
+}
+
+class TestAgent {
+ public:
+  TestAgent(const Config& cfg)
+      : cfg_(cfg),
+        pr_fd_(nullptr),
+        ssl_fd_(nullptr),
+        cert_(nullptr),
+        key_(nullptr) {}
+
+  ~TestAgent() {
+    if (pr_fd_) {
+      PR_Close(pr_fd_);
+    }
+
+    if (ssl_fd_) {
+      PR_Close(ssl_fd_);
+    }
+
+    if (key_) {
+      SECKEY_DestroyPrivateKey(key_);
+    }
+
+    if (cert_) {
+      CERT_DestroyCertificate(cert_);
+    }
+  }
+
+  static std::unique_ptr<TestAgent> Create(const Config& cfg) {
+    std::unique_ptr<TestAgent> agent(new TestAgent(cfg));
+
+    if (!agent->Init()) return nullptr;
+
+    return agent;
+  }
+
+  bool Init() {
+    if (!ConnectTcp()) {
+      return false;
+    }
+
+    if (!SetupKeys()) {
+      std::cerr << "Couldn't set up keys/certs\n";
+      return false;
+    }
+
+    if (!SetupOptions()) {
+      std::cerr << "Couldn't configure socket\n";
+      return false;
+    }
+
+    SECStatus rv = SSL_ResetHandshake(ssl_fd_, cfg_.get<bool>("server"));
+    if (rv != SECSuccess) return false;
+
+    return true;
+  }
+
+  bool ConnectTcp() {
+    PRStatus prv;
+    PRNetAddr addr;
+
+    prv = PR_StringToNetAddr("127.0.0.1", &addr);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+    addr.inet.port = PR_htons(cfg_.get<int>("port"));
+
+    pr_fd_ = PR_OpenTCPSocket(addr.raw.family);
+    if (!pr_fd_) return false;
+
+    prv = PR_Connect(pr_fd_, &addr, PR_INTERVAL_NO_TIMEOUT);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+
+    ssl_fd_ = SSL_ImportFD(NULL, pr_fd_);
+    if (!ssl_fd_) return false;
+    pr_fd_ = nullptr;
+
+    return true;
+  }
+
+  bool SetupKeys() {
+    SECStatus rv;
+
+    if (cfg_.get<std::string>("key-file") != "") {
+      key_ = ReadPrivateKey(cfg_.get<std::string>("key-file"));
+      if (!key_) exit(89);  // Temporary to handle our inability to handle ECDSA
+    }
+    if (cfg_.get<std::string>("cert-file") != "") {
+      cert_ = ReadCertificate(cfg_.get<std::string>("cert-file"));
+      if (!cert_) return false;
+    }
+    if (cfg_.get<bool>("server")) {
+      // Server
+      rv = SSL_ConfigServerCert(ssl_fd_, cert_, key_, nullptr, 0);
+      if (rv != SECSuccess) {
+        std::cerr << "Couldn't configure server cert\n";
+        return false;
+      }
+      rv = SSL_ConfigServerSessionIDCache(1024, 0, 0, ".");
+      if (rv != SECSuccess) {
+        std::cerr << "Couldn't configure session cache\n";
+        return false;
+      }
+    } else {
+      // Client.
+
+      // Needed because server certs are not entirely valid.
+      rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, this);
+      if (rv != SECSuccess) return false;
+
+      if (key_ && cert_) {
+        rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, this);
+        if (rv != SECSuccess) return false;
+      }
+    }
+
+    return true;
+  }
+
+  bool SetupOptions() {
+    SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    SSLVersionRange vrange = {SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_3};
+    rv = SSL_VersionRangeSet(ssl_fd_, &vrange);
+    if (rv != SECSuccess) return false;
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE, false);
+    if (rv != SECSuccess) return false;
+
+    if (!cfg_.get<bool>("server")) {
+      // Needed to make resumption work.
+      rv = SSL_SetURL(ssl_fd_, "server");
+      if (rv != SECSuccess) return false;
+    }
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    if (!EnableNonExportCiphers()) return false;
+
+    return true;
+  }
+
+  bool EnableNonExportCiphers() {
+    for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+      SSLCipherSuiteInfo csinfo;
+
+      SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                            sizeof(csinfo));
+      if (rv != SECSuccess) return false;
+      if (!csinfo.isExportable) {
+        rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
+        if (rv != SECSuccess) {
+          return false;
+        }
+      }
+    }
+    return true;
+  }
+
+  // Dummy auth certificate hook.
+  static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    return SECSuccess;
+  }
+
+  static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                         CERTDistNames* caNames,
+                                         CERTCertificate** cert,
+                                         SECKEYPrivateKey** privKey) {
+    TestAgent* a = static_cast<TestAgent*>(self);
+    *cert = CERT_DupCertificate(a->cert_);
+    *privKey = SECKEY_CopyPrivateKey(a->key_);
+    return SECSuccess;
+  }
+
+  SECStatus Handshake() { return SSL_ForceHandshake(ssl_fd_); }
+
+  // Implement a trivial echo client/server. Read bytes from the other side,
+  // flip all the bits, and send them back.
+  SECStatus ReadWrite() {
+    for (;;) {
+      uint8_t block[512];
+      int32_t rv = PR_Read(ssl_fd_, block, sizeof(block));
+      if (rv < 0) {
+        std::cerr << "Failure reading\n";
+        return SECFailure;
+      }
+      if (rv == 0) return SECSuccess;
+
+      int32_t len = rv;
+      for (int32_t i = 0; i < len; ++i) {
+        block[i] ^= 0xff;
+      }
+
+      rv = PR_Write(ssl_fd_, block, len);
+      if (rv != len) {
+        std::cerr << "Write failure\n";
+        return SECFailure;
+      }
+    }
+    return SECSuccess;
+  }
+
+  SECStatus DoExchange() {
+    SECStatus rv = Handshake();
+    if (rv != SECSuccess) {
+      PRErrorCode err = PR_GetError();
+      std::cerr << "Handshake failed with error=" << err << FormatError(err)
+                << std::endl;
+      return SECFailure;
+    }
+
+    rv = ReadWrite();
+    if (rv != SECSuccess) {
+      PRErrorCode err = PR_GetError();
+      std::cerr << "ReadWrite failed with error=" << FormatError(err)
+                << std::endl;
+      return SECFailure;
+    }
+
+    return SECSuccess;
+  }
+
+ private:
+  const Config& cfg_;
+  PRFileDesc* pr_fd_;
+  PRFileDesc* ssl_fd_;
+  CERTCertificate* cert_;
+  SECKEYPrivateKey* key_;
+};
+
+std::unique_ptr<const Config> ReadConfig(int argc, char** argv) {
+  std::unique_ptr<Config> cfg(new Config());
+
+  cfg->AddEntry<int>("port", 0);
+  cfg->AddEntry<bool>("server", false);
+  cfg->AddEntry<bool>("resume", false);
+  cfg->AddEntry<std::string>("key-file", "");
+  cfg->AddEntry<std::string>("cert-file", "");
+
+  auto rv = cfg->ParseArgs(argc, argv);
+  switch (rv) {
+    case Config::kOK:
+      break;
+    case Config::kUnknownFlag:
+      exit(89);
+      break;
+    default:
+      exit(1);
+  }
+
+  // Needed to change to std::unique_ptr<const Config>
+  return std::move(cfg);
+}
+
+void RunCycle(std::unique_ptr<const Config>& cfg) {
+  std::unique_ptr<TestAgent> agent(TestAgent::Create(*cfg));
+  if (!agent) {
+    exit(1);
+  }
+
+  SECStatus rv = agent->DoExchange();
+  if (rv) {
+    exit(1);
+  }
+}
+
+int main(int argc, char** argv) {
+  std::unique_ptr<const Config> cfg = ReadConfig(argc, argv);
+
+  SECStatus rv = NSS_NoDB_Init(nullptr);
+  if (rv != SECSuccess) return 1;
+  rv = NSS_SetDomesticPolicy();
+  if (rv != SECSuccess) return 1;
+
+  // Run a single test cycle.
+  RunCycle(cfg);
+
+  if (cfg->get<bool>("resume")) {
+    std::cout << "Resuming" << std::endl;
+    RunCycle(cfg);
+  }
+
+  exit(0);
+}
diff --git a/nss/external_tests/nss_bogo_shim/nsskeys.cc b/nss/external_tests/nss_bogo_shim/nsskeys.cc
new file mode 100644
index 0000000..1b5e15b
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/nsskeys.cc
@@ -0,0 +1,84 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsskeys.h"
+
+#include <cstring>
+
+#include <fstream>
+#include <iostream>
+#include <string>
+
+#include "cert.h"
+#include "keyhi.h"
+#include "nspr.h"
+#include "nss.h"
+#include "nssb64.h"
+#include "pk11pub.h"
+
+const std::string kPEMBegin = "-----BEGIN ";
+const std::string kPEMEnd = "-----END ";
+
+// Read a PEM file, base64 decode it, and return the result.
+static bool ReadPEMFile(const std::string& filename, SECItem* item) {
+  std::ifstream in(filename);
+  if (in.bad()) return false;
+
+  char buf[1024];
+  in.getline(buf, sizeof(buf));
+  if (in.bad()) return false;
+
+  if (strncmp(buf, kPEMBegin.c_str(), kPEMBegin.size())) return false;
+
+  std::string value = "";
+  for (;;) {
+    in.getline(buf, sizeof(buf));
+    if (in.bad()) return false;
+
+    if (!strncmp(buf, kPEMEnd.c_str(), kPEMEnd.size())) break;
+
+    value += buf;
+  }
+
+  // Now we have a base64-encoded block.
+  if (!NSSBase64_DecodeBuffer(nullptr, item, value.c_str(), value.size()))
+    return false;
+
+  return true;
+}
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+  SECKEYPrivateKey* privkey = NULL;
+  PK11SlotInfo* slot = PK11_GetInternalSlot();
+  SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+      slot, &item, nullptr, nullptr, PR_FALSE, PR_FALSE,
+      KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE,
+      &privkey, nullptr);
+  PK11_FreeSlot(slot);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  if (rv != SECSuccess) {
+    // This is probably due to this being an ECDSA key (Bug 1295121).
+    std::cerr << "Couldn't import key " << PORT_ErrorToString(PORT_GetError())
+              << "\n";
+    return nullptr;
+  }
+
+  return privkey;
+}
+
+CERTCertificate* ReadCertificate(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+
+  CERTCertificate* cert = CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &item, NULL, PR_FALSE, PR_TRUE);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  return cert;
+}
diff --git a/nss/external_tests/nss_bogo_shim/nsskeys.h b/nss/external_tests/nss_bogo_shim/nsskeys.h
new file mode 100644
index 0000000..45e56c3
--- /dev/null
+++ b/nss/external_tests/nss_bogo_shim/nsskeys.h
@@ -0,0 +1,20 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Utilities to pull in OpenSSL-formatted keys.
+
+#ifndef nsskeys_h_
+#define nsskeys_h_
+
+#include "cert.h"
+#include "keyhi.h"
+
+#include <string>
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file);
+CERTCertificate* ReadCertificate(const std::string& file);
+
+#endif
diff --git a/nss/external_tests/pk11_gtest/Makefile b/nss/external_tests/pk11_gtest/Makefile
new file mode 100644
index 0000000..0d547e0
--- /dev/null
+++ b/nss/external_tests/pk11_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/external_tests/pk11_gtest/manifest.mn b/nss/external_tests/pk11_gtest/manifest.mn
new file mode 100644
index 0000000..a3f1d6c
--- /dev/null
+++ b/nss/external_tests/pk11_gtest/manifest.mn
@@ -0,0 +1,26 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      pk11_aeskeywrap_unittest.cc \
+      pk11_chacha20poly1305_unittest.cc \
+      pk11_pbkdf2_unittest.cc \
+      pk11_prf_unittest.cc \
+      pk11_rsapss_unittest.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/external_tests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = pk11_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
+
diff --git a/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc b/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
new file mode 100644
index 0000000..a0226e6
--- /dev/null
+++ b/nss/external_tests/pk11_gtest/pk11_aeskeywrap_unittest.cc
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+// Test vectors from https://tools.ietf.org/html/rfc3394#section-4.1 to 4.6
+unsigned char kKEK1[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+
+unsigned char kKD1[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
+
+unsigned char kC1[] = {0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
+                       0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
+                       0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5};
+
+unsigned char kKEK2[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17};
+
+unsigned char kC2[] = {0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
+                       0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
+                       0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D};
+
+unsigned char kKEK3[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                         0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+
+unsigned char kC3[] = {0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
+                       0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
+                       0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7};
+
+unsigned char kKD4[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+unsigned char kC4[] = {0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
+                       0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
+                       0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
+                       0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2};
+
+unsigned char kC5[] = {0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
+                       0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
+                       0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
+                       0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1};
+
+unsigned char kKD6[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+
+unsigned char kC6[] = {0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
+                       0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
+                       0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
+                       0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
+                       0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21};
+
+class Pkcs11AESKeyWrapTest : public ::testing::Test {
+ protected:
+  CK_MECHANISM_TYPE mechanism = CKM_NSS_AES_KEY_WRAP;
+
+  void WrapUnwrap(unsigned char* kek, unsigned int kekLen,
+                  unsigned char* keyData, unsigned int keyDataLen,
+                  unsigned char* expectedCiphertext) {
+    unsigned char wrappedKey[40];
+    unsigned int wrappedKeyLen;
+    unsigned char unwrappedKey[40];
+    unsigned int unwrappedKeyLen = 0;
+    SECStatus rv;
+
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    ASSERT_NE(nullptr, slot);
+
+    // Import encryption key.
+    SECItem keyItem = {siBuffer, kek, kekLen};
+    ScopedPK11SymKey encryptionKey(
+        PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP, PK11_OriginUnwrap,
+                          CKA_ENCRYPT, &keyItem, nullptr));
+    EXPECT_TRUE(!!encryptionKey);
+
+    // Wrap key
+    rv = PK11_Encrypt(encryptionKey.get(), mechanism, nullptr /* param */,
+                      wrappedKey, &wrappedKeyLen, sizeof(wrappedKey), keyData,
+                      keyDataLen);
+    EXPECT_EQ(rv, SECSuccess) << "CKM_NSS_AES_KEY_WRAP encrypt failed";
+    EXPECT_TRUE(!memcmp(expectedCiphertext, wrappedKey, wrappedKeyLen));
+
+    // Unwrap key
+    rv = PK11_Decrypt(encryptionKey.get(), mechanism, nullptr /* param */,
+                      unwrappedKey, &unwrappedKeyLen, sizeof(unwrappedKey),
+                      wrappedKey, wrappedKeyLen);
+    EXPECT_EQ(rv, SECSuccess) << " CKM_NSS_AES_KEY_WRAP decrypt failed\n";
+    EXPECT_TRUE(!memcmp(keyData, unwrappedKey, unwrappedKeyLen));
+  }
+};
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest1) {
+  WrapUnwrap(kKEK1, sizeof(kKEK1), kKD1, sizeof(kKD1), kC1);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest2) {
+  WrapUnwrap(kKEK2, sizeof(kKEK2), kKD1, sizeof(kKD1), kC2);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest3) {
+  WrapUnwrap(kKEK3, sizeof(kKEK3), kKD1, sizeof(kKD1), kC3);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest4) {
+  WrapUnwrap(kKEK2, sizeof(kKEK2), kKD4, sizeof(kKD4), kC4);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest5) {
+  WrapUnwrap(kKEK3, sizeof(kKEK3), kKD4, sizeof(kKD4), kC5);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest6) {
+  WrapUnwrap(kKEK3, sizeof(kKEK3), kKD6, sizeof(kKD6), kC6);
+}
+
+} /* nss_test */
\ No newline at end of file
diff --git a/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
new file mode 100644
index 0000000..1d6ff01
--- /dev/null
+++ b/nss/external_tests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -0,0 +1,263 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "sechash.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+// ChaCha20/Poly1305 Test Vector 1, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#section-2.8.2>
+const uint8_t kTestVector1Data[] = {
+    0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
+    0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+    0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
+    0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+    0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+    0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+    0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
+    0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+    0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+    0x62, 0x65, 0x20, 0x69, 0x74, 0x2e};
+const uint8_t kTestVector1AAD[] = {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1,
+                                   0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7};
+const uint8_t kTestVector1Key[] = {
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+    0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+    0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f};
+const uint8_t kTestVector1IV[] = {0x07, 0x00, 0x00, 0x00, 0x40, 0x41,
+                                  0x42, 0x43, 0x44, 0x45, 0x46, 0x47};
+const uint8_t kTestVector1CT[] = {
+    0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
+    0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+    0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
+    0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+    0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
+    0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+    0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
+    0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+    0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
+    0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+    0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91};
+
+// ChaCha20/Poly1305 Test Vector 2, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#appendix-A.5>
+const uint8_t kTestVector2Data[] = {
+    0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
+    0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
+    0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
+    0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73,
+    0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
+    0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64,
+    0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
+    0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c,
+    0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
+    0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
+    0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
+    0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
+    0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
+    0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
+    0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74,
+    0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
+    0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74,
+    0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
+    0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20,
+    0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
+    0x9d};
+const uint8_t kTestVector2AAD[] = {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00,
+                                   0x00, 0x00, 0x00, 0x00, 0x4e, 0x91};
+const uint8_t kTestVector2Key[] = {
+    0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88,
+    0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b,
+    0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0};
+const uint8_t kTestVector2IV[] = {0x00, 0x00, 0x00, 0x00, 0x01, 0x02,
+                                  0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
+const uint8_t kTestVector2CT[] = {
+    0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7,
+    0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
+    0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18,
+    0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
+    0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f,
+    0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
+    0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e,
+    0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
+    0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e,
+    0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
+    0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76,
+    0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
+    0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
+    0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
+    0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04,
+    0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
+    0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6,
+    0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
+    0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9,
+    0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
+    0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d,
+    0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
+    0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36,
+    0xfe, 0xa1, 0x85, 0x1f, 0x38};
+
+class Pkcs11ChaCha20Poly1305Test : public ::testing::Test {
+ public:
+  void EncryptDecrypt(PK11SymKey* symKey, const uint8_t* data, size_t data_len,
+                      const uint8_t* aad, size_t aad_len, const uint8_t* iv,
+                      size_t iv_len, const uint8_t* ct = nullptr,
+                      size_t ct_len = 0) {
+    // Prepare AEAD params.
+    CK_NSS_AEAD_PARAMS aead_params;
+    aead_params.pNonce = toUcharPtr(iv);
+    aead_params.ulNonceLen = iv_len;
+    aead_params.pAAD = toUcharPtr(aad);
+    aead_params.ulAADLen = aad_len;
+    aead_params.ulTagLen = 16;
+
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                      sizeof(aead_params)};
+
+    // Encrypt.
+    unsigned int outputLen = 0;
+    std::vector<uint8_t> output(data_len + aead_params.ulTagLen);
+    SECStatus rv = PK11_Encrypt(symKey, mech, &params, &output[0], &outputLen,
+                                output.size(), data, data_len);
+    EXPECT_EQ(rv, SECSuccess);
+
+    // Check ciphertext and tag.
+    if (ct) {
+      EXPECT_TRUE(!memcmp(ct, &output[0], outputLen));
+    }
+
+    // Decrypt.
+    unsigned int decryptedLen = 0;
+    std::vector<uint8_t> decrypted(data_len);
+    rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
+                      decrypted.size(), &output[0], outputLen);
+    EXPECT_EQ(rv, SECSuccess);
+
+    // Check the plaintext.
+    EXPECT_TRUE(!memcmp(data, &decrypted[0], decryptedLen));
+
+    // Decrypt with bogus data.
+    {
+      std::vector<uint8_t> bogusCiphertext(output);
+      bogusCiphertext[0] ^= 0xff;
+      rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
+                        decrypted.size(), &bogusCiphertext[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+
+    // Decrypt with bogus tag.
+    {
+      std::vector<uint8_t> bogusTag(output);
+      bogusTag[outputLen - 1] ^= 0xff;
+      rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
+                        decrypted.size(), &bogusTag[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+
+    // Decrypt with bogus IV.
+    {
+      SECItem bogusParams(params);
+      CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
+      bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
+
+      std::vector<uint8_t> bogusIV(iv, iv + iv_len);
+      bogusAeadParams.pNonce = toUcharPtr(&bogusIV[0]);
+      bogusIV[0] ^= 0xff;
+
+      rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
+                        &decryptedLen, data_len, &output[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+
+    // Decrypt with bogus additional data.
+    {
+      SECItem bogusParams(params);
+      CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
+      bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
+
+      std::vector<uint8_t> bogusAAD(aad, aad + aad_len);
+      bogusAeadParams.pAAD = toUcharPtr(&bogusAAD[0]);
+      bogusAAD[0] ^= 0xff;
+
+      rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
+                        &decryptedLen, data_len, &output[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+  }
+
+  void EncryptDecrypt(const uint8_t* key, size_t key_len, const uint8_t* data,
+                      size_t data_len, const uint8_t* aad, size_t aad_len,
+                      const uint8_t* iv, size_t iv_len, const uint8_t* ct,
+                      size_t ct_len) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    SECItem keyItem = {siBuffer, toUcharPtr(key),
+                       static_cast<unsigned int>(key_len)};
+
+    // Import key.
+    ScopedPK11SymKey symKey(PK11_ImportSymKey(
+        slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
+    EXPECT_TRUE(!!symKey);
+
+    // Check.
+    EncryptDecrypt(symKey.get(), data, data_len, aad, aad_len, iv, iv_len, ct,
+                   ct_len);
+  }
+
+ protected:
+  CK_MECHANISM_TYPE mech = CKM_NSS_CHACHA20_POLY1305;
+
+  unsigned char* toUcharPtr(const uint8_t* v) {
+    return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
+  }
+};
+
+#define ENCRYPT_DECRYPT(v)                                                 \
+  EncryptDecrypt(v##Key, sizeof(v##Key), v##Data, sizeof(v##Data), v##AAD, \
+                 sizeof(v##AAD), v##IV, sizeof(v##IV), v##CT, sizeof(v##CT));
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) {
+  // Generate a random key.
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  ScopedPK11SymKey symKey(PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr));
+  EXPECT_TRUE(!!symKey);
+
+  // Generate random data.
+  std::vector<uint8_t> data(512);
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), &data[0], data.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Generate random AAD.
+  std::vector<uint8_t> aad(16);
+  rv = PK11_GenerateRandomOnSlot(slot.get(), &aad[0], aad.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Generate random IV.
+  std::vector<uint8_t> iv(12);
+  rv = PK11_GenerateRandomOnSlot(slot.get(), &iv[0], iv.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Check.
+  EncryptDecrypt(symKey.get(), &data[0], data.size(), &aad[0], aad.size(),
+                 &iv[0], iv.size());
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector1) {
+  ENCRYPT_DECRYPT(kTestVector1);
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector2) {
+  ENCRYPT_DECRYPT(kTestVector2);
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc b/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
new file mode 100644
index 0000000..d72f94c
--- /dev/null
+++ b/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+static unsigned char* ToUcharPtr(std::string& str) {
+  return const_cast<unsigned char*>(
+      reinterpret_cast<const unsigned char*>(str.c_str()));
+}
+
+class Pkcs11Pbkdf2Test : public ::testing::Test {
+ public:
+  void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg) {
+    // Shared between test vectors.
+    const unsigned int iterations = 4096;
+    std::string pass("passwordPASSWORDpassword");
+    std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
+
+    // Derivation must succeed with the right values.
+    EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations));
+
+    // Derivation must fail when the password is bogus.
+    std::string bogusPass("PasswordPASSWORDpassword");
+    EXPECT_FALSE(DeriveBytes(bogusPass, salt, derived, hash_alg, iterations));
+
+    // Derivation must fail when the salt is bogus.
+    std::string bogusSalt("SaltSALTsaltSALTsaltSALTsaltSALTsalt");
+    EXPECT_FALSE(DeriveBytes(pass, bogusSalt, derived, hash_alg, iterations));
+
+    // Derivation must fail when using the wrong hash function.
+    SECOidTag next_hash_alg = static_cast<SECOidTag>(hash_alg + 1);
+    EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, iterations));
+
+    // Derivation must fail when using the wrong number of iterations.
+    EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1));
+  }
+
+ private:
+  bool DeriveBytes(std::string& pass, std::string& salt,
+                   std::vector<uint8_t>& derived, SECOidTag hash_alg,
+                   unsigned int iterations) {
+    SECItem passItem = {siBuffer, ToUcharPtr(pass),
+                        static_cast<unsigned int>(pass.length())};
+    SECItem saltItem = {siBuffer, ToUcharPtr(salt),
+                        static_cast<unsigned int>(salt.length())};
+
+    // Set up PBKDF2 params.
+    ScopedSECAlgorithmID alg_id(
+        PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
+                                    derived.size(), iterations, &saltItem));
+
+    // Derive.
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    ScopedPK11SymKey symKey(
+        PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
+
+    SECStatus rv = PK11_ExtractKeyValue(symKey.get());
+    EXPECT_EQ(rv, SECSuccess);
+
+    SECItem* keyData = PK11_GetKeyData(symKey.get());
+    return !memcmp(&derived[0], keyData->data, keyData->len);
+  }
+};
+
+// RFC 6070 <http://tools.ietf.org/html/rfc6070>
+TEST_F(Pkcs11Pbkdf2Test, DeriveKnown1) {
+  std::vector<uint8_t> derived = {0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84,
+                                  0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0,
+                                  0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c,
+                                  0xf2, 0xf0, 0x70, 0x38};
+
+  Derive(derived, SEC_OID_HMAC_SHA1);
+}
+
+// https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
+TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) {
+  std::vector<uint8_t> derived = {
+      0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8,
+      0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e,
+      0xbc, 0x18, 0x00, 0x18, 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd,
+      0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9};
+
+  Derive(derived, SEC_OID_HMAC_SHA256);
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc b/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
new file mode 100644
index 0000000..f2d4cf3
--- /dev/null
+++ b/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
@@ -0,0 +1,229 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+const size_t kPmsSize = 48;
+const size_t kMasterSecretSize = 48;
+const size_t kPrfSeedSizeSha256 = 32;
+const size_t kPrfSeedSizeTlsPrf = 36;
+
+// This is not the right size for anything
+const size_t kIncorrectSize = 17;
+
+const uint8_t kPmsData[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
+
+const uint8_t kPrfSeed[] = {
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3};
+
+const uint8_t kExpectedOutputEmsSha256[] = {
+    0x75, 0xa7, 0xa5, 0x98, 0xef, 0xab, 0x90, 0xe7, 0x7c, 0x67, 0x80, 0xde,
+    0xab, 0x3a, 0x11, 0xf3, 0x5d, 0xb2, 0xf8, 0x47, 0xff, 0x09, 0x01, 0xec,
+    0xf8, 0x93, 0x89, 0xfc, 0x98, 0x2e, 0x6e, 0xf9, 0x2c, 0xf5, 0x9b, 0x04,
+    0x04, 0x6f, 0xd7, 0x28, 0x6e, 0xea, 0xe3, 0x83, 0xc4, 0x4a, 0xff, 0x03};
+
+const uint8_t kExpectedOutputEmsTlsPrf[] = {
+    0x06, 0xbf, 0x29, 0x86, 0x5d, 0xf3, 0x3e, 0x38, 0xfd, 0xfa, 0x91, 0x10,
+    0x2a, 0x20, 0xff, 0xd6, 0xb9, 0xd5, 0x72, 0x5a, 0x6d, 0x42, 0x20, 0x16,
+    0xde, 0xa4, 0xa0, 0x51, 0xe5, 0x53, 0xc1, 0x28, 0x04, 0x99, 0xbc, 0xb1,
+    0x2c, 0x9d, 0xe8, 0x0b, 0x18, 0xa2, 0x0e, 0x48, 0x52, 0x8d, 0x61, 0x13};
+
+static unsigned char* toUcharPtr(const uint8_t* v) {
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
+}
+
+class TlsPrfTest : public ::testing::Test {
+ public:
+  TlsPrfTest()
+      : params_({siBuffer, nullptr, 0}),
+        pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize}),
+        key_mech_(0),
+        slot_(nullptr),
+        pms_(nullptr),
+        ms_(nullptr),
+        pms_version_({0, 0}) {}
+
+  ~TlsPrfTest() {
+    if (slot_) {
+      PK11_FreeSlot(slot_);
+    }
+    ClearTempVars();
+  }
+
+  void ClearTempVars() {
+    if (pms_) {
+      PK11_FreeSymKey(pms_);
+    }
+    if (ms_) {
+      PK11_FreeSymKey(ms_);
+    }
+  }
+
+  void Init() {
+    params_.type = siBuffer;
+
+    pms_item_.type = siBuffer;
+    pms_item_.data =
+        const_cast<unsigned char*>(static_cast<const unsigned char*>(kPmsData));
+
+    slot_ = PK11_GetInternalSlot();
+    ASSERT_NE(nullptr, slot_);
+  }
+
+  void CheckForError(CK_MECHANISM_TYPE hash_mech, size_t seed_len,
+                     size_t pms_len, size_t output_len) {
+    // Error tests don't depend on the derivation mechansim
+    Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech, seed_len, pms_len,
+          output_len, nullptr, nullptr);
+  }
+
+  void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech,
+                          CK_MECHANISM_TYPE hash_mech, CK_VERSION* version,
+                          const uint8_t* expected) {
+    // Infer seed length from mechanism
+    int seed_len = 0;
+    switch (hash_mech) {
+      case CKM_TLS_PRF:
+        seed_len = kPrfSeedSizeTlsPrf;
+        break;
+      case CKM_SHA256:
+        seed_len = kPrfSeedSizeSha256;
+        break;
+      default:
+        ASSERT_TRUE(false);
+    }
+
+    Inner(derive_mech, hash_mech, seed_len, kPmsSize, 0, version, expected);
+  }
+
+  // Set output == nullptr to test when errors occur
+  void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech,
+             size_t seed_len, size_t pms_len, size_t output_len,
+             CK_VERSION* version, const uint8_t* expected) {
+    ClearTempVars();
+
+    // Infer the key mechanism from the hash type
+    switch (hash_mech) {
+      case CKM_TLS_PRF:
+        key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE;
+        break;
+      case CKM_SHA256:
+        key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+        break;
+      default:
+        ASSERT_TRUE(false);
+    }
+
+    // Import the params
+    CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = {
+        hash_mech, toUcharPtr(kPrfSeed), static_cast<CK_ULONG>(seed_len),
+        version};
+    params_.data = reinterpret_cast<unsigned char*>(&master_params);
+    params_.len = sizeof(master_params);
+
+    // Import the PMS
+    pms_item_.len = pms_len;
+    pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, CKA_DERIVE,
+                             &pms_item_, NULL);
+    ASSERT_NE(nullptr, pms_);
+
+    // Compute the EMS
+    ms_ = PK11_DeriveWithFlags(pms_, derive_mech, &params_, key_mech_,
+                               CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
+
+    // Verify the EMS has the expected value (null or otherwise)
+    if (!expected) {
+      EXPECT_EQ(nullptr, ms_);
+    } else {
+      ASSERT_NE(nullptr, ms_);
+
+      SECStatus rv = PK11_ExtractKeyValue(ms_);
+      ASSERT_EQ(SECSuccess, rv);
+
+      SECItem* msData = PK11_GetKeyData(ms_);
+      ASSERT_NE(nullptr, msData);
+
+      ASSERT_EQ(kMasterSecretSize, msData->len);
+      EXPECT_EQ(0, memcmp(msData->data, expected, kMasterSecretSize));
+    }
+  }
+
+ protected:
+  SECItem params_;
+  SECItem pms_item_;
+  CK_MECHANISM_TYPE key_mech_;
+  PK11SlotInfo* slot_;
+  PK11SymKey* pms_;
+  PK11SymKey* ms_;
+  CK_VERSION pms_version_;
+};
+
+TEST_F(TlsPrfTest, ExtendedMsParamErr) {
+  Init();
+
+  // This should fail; it's the correct set from which the below are derived
+  // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+  // kPrfSeedSizeTlsPrf, kPmsSize, 0);
+
+  // Output key size != 0, SSL3_MASTER_SECRET_LENGTH
+  CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize);
+
+  // not-DH && pms size != SSL3_PMS_LENGTH
+  CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
+
+  // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
+  CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0);
+
+  // !CKM_TLS_PRF && seed length != hash output length
+  CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0);
+}
+
+// Test matrix:
+//
+//            DH  RSA
+//  TLS_PRF   1   2
+//  SHA256    3   4
+TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_TLS_PRF,
+                     nullptr, kExpectedOutputEmsTlsPrf);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+                     &pms_version_, kExpectedOutputEmsTlsPrf);
+  EXPECT_EQ(0, pms_version_.major);
+  EXPECT_EQ(1, pms_version_.minor);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_SHA256,
+                     nullptr, kExpectedOutputEmsSha256);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_SHA256,
+                     &pms_version_, kExpectedOutputEmsSha256);
+  EXPECT_EQ(0, pms_version_.major);
+  EXPECT_EQ(1, pms_version_.minor);
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc b/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
new file mode 100644
index 0000000..3e860a5
--- /dev/null
+++ b/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -0,0 +1,242 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "sechash.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector1Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17,
+    0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec,
+    0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9,
+    0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2,
+    0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91,
+    0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95,
+    0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63,
+    0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e,
+    0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35,
+    0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1,
+    0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
+    0x37, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1
+const uint8_t kTestVector1Data[] = {
+    0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb,
+    0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54,
+    0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c,
+    0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15,
+    0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09,
+    0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe,
+    0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2,
+    0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0,
+    0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f,
+    0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0,
+    0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e,
+    0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08,
+    0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
+    0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41,
+    0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9,
+    0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16,
+    0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26,
+    0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67,
+    0xd0};
+const uint8_t kTestVector1Sig[] = {
+    0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38,
+    0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1,
+    0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd,
+    0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2,
+    0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31,
+    0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa,
+    0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4,
+    0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65,
+    0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1,
+    0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b,
+    0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector2Spki[] = {
+    0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00,
+    0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a,
+    0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70,
+    0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa,
+    0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00,
+    0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27,
+    0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad,
+    0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d,
+    0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1,
+    0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e,
+    0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e,
+    0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
+    0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc,
+    0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79,
+    0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea,
+    0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9,
+    0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70,
+    0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1,
+    0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17,
+    0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0,
+    0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55,
+    0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b,
+    0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05,
+    0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1
+const uint8_t kTestVector2Data[] = {
+    0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9,
+    0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f,
+    0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09};
+const uint8_t kTestVector2Sig[] = {
+    0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b,
+    0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f,
+    0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd,
+    0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14,
+    0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5,
+    0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20,
+    0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6,
+    0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74,
+    0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73,
+    0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0,
+    0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce,
+    0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16,
+    0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
+    0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8,
+    0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77,
+    0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00,
+    0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86,
+    0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f,
+    0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f,
+    0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1,
+    0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70,
+    0xd0, 0x7e, 0x16, 0x66};
+
+static unsigned char* toUcharPtr(const uint8_t* v) {
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
+}
+
+class Pkcs11RsaPssTest : public ::testing::Test {};
+
+class Pkcs11RsaPssVectorTest : public Pkcs11RsaPssTest {
+ public:
+  void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data,
+              size_t data_len, const uint8_t* sig, size_t sig_len) {
+    // Verify data signed with PSS/SHA-1.
+    SECOidTag hashOid = SEC_OID_SHA1;
+    CK_MECHANISM_TYPE hashMech = CKM_SHA_1;
+    CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA1;
+
+    // Set up PSS parameters.
+    unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
+    CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+                      sizeof(rsaPssParams)};
+
+    // Import public key.
+    SECItem spkiItem = {siBuffer, toUcharPtr(spki),
+                        static_cast<unsigned int>(spki_len)};
+    ScopedCERTSubjectPublicKeyInfo certSpki(
+        SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+    ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
+
+    // Hash the data.
+    std::vector<uint8_t> hashBuf(hLen);
+    SECItem hash = {siBuffer, &hashBuf[0],
+                    static_cast<unsigned int>(hashBuf.size())};
+    SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data), data_len);
+    EXPECT_EQ(rv, SECSuccess);
+
+    // Verify.
+    CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
+    SECItem sigItem = {siBuffer, toUcharPtr(sig),
+                       static_cast<unsigned int>(sig_len)};
+    rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sigItem, &hash,
+                                  nullptr);
+    EXPECT_EQ(rv, SECSuccess);
+  }
+};
+
+#define PSS_TEST_VECTOR_VERIFY(spki, data, sig) \
+  Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
+
+TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
+  // Sign data with a 1024-bit RSA key, using PSS/SHA-256.
+  SECOidTag hashOid = SEC_OID_SHA256;
+  CK_MECHANISM_TYPE hashMech = CKM_SHA256;
+  CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA256;
+  PK11RSAGenParams rsaGenParams = {1024, 0x10001};
+
+  // Generate RSA key pair.
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  SECKEYPublicKey* pubKeyRaw = nullptr;
+  ScopedSECKEYPrivateKey privKey(
+      PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaGenParams,
+                           &pubKeyRaw, false, false, nullptr));
+  ASSERT_TRUE(!!privKey && pubKeyRaw);
+  ScopedSECKEYPublicKey pubKey(pubKeyRaw);
+
+  // Generate random data to sign.
+  uint8_t dataBuf[50];
+  SECItem data = {siBuffer, dataBuf, sizeof(dataBuf)};
+  unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), data.data, data.len);
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Allocate memory for the signature.
+  std::vector<uint8_t> sigBuf(PK11_SignatureLen(privKey.get()));
+  SECItem sig = {siBuffer, &sigBuf[0],
+                 static_cast<unsigned int>(sigBuf.size())};
+
+  // Set up PSS parameters.
+  CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
+  SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+                    sizeof(rsaPssParams)};
+
+  // Sign.
+  CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
+  rv = PK11_SignWithMechanism(privKey.get(), mech, &params, &sig, &data);
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Verify.
+  rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
+                                nullptr);
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Verification with modified data must fail.
+  data.data[0] ^= 0xff;
+  rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
+                                nullptr);
+  EXPECT_EQ(rv, SECFailure);
+
+  // Verification with original data but the wrong signature must fail.
+  data.data[0] ^= 0xff;  // Revert previous changes.
+  sig.data[0] ^= 0xff;
+  rv = PK11_VerifyWithMechanism(pubKey.get(), mech, &params, &sig, &data,
+                                nullptr);
+  EXPECT_EQ(rv, SECFailure);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature1) {
+  PSS_TEST_VECTOR_VERIFY(kTestVector1Spki, kTestVector1Data, kTestVector1Sig);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
+  PSS_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/Makefile b/nss/external_tests/ssl_gtest/Makefile
new file mode 100644
index 0000000..dfb8df9
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/Makefile
@@ -0,0 +1,59 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/ssl
+
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
+ifndef NSS_ENABLE_TLS_1_3
+NSS_DISABLE_TLS_1_3=1
+endif
+
+ifdef NSS_DISABLE_TLS_1_3
+# Run parameterized tests only, for which we can easily exclude TLS 1.3
+CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
+CFLAGS += -DNSS_DISABLE_TLS_1_3
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/external_tests/ssl_gtest/databuffer.h b/nss/external_tests/ssl_gtest/databuffer.h
new file mode 100644
index 0000000..d5a55dd
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/databuffer.h
@@ -0,0 +1,183 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef databuffer_h__
+#define databuffer_h__
+
+#include <algorithm>
+#include <cassert>
+#include <cstring>
+#include <iomanip>
+#include <iostream>
+#if defined(WIN32) || defined(WIN64)
+#include <winsock2.h>
+#else
+#include <arpa/inet.h>
+#endif
+
+extern bool g_ssl_gtest_verbose;
+
+namespace nss_test {
+
+class DataBuffer {
+ public:
+  DataBuffer() : data_(nullptr), len_(0) {}
+  DataBuffer(const uint8_t* data, size_t len) : data_(nullptr), len_(0) {
+    Assign(data, len);
+  }
+  explicit DataBuffer(const DataBuffer& other) : data_(nullptr), len_(0) {
+    Assign(other);
+  }
+  ~DataBuffer() { delete[] data_; }
+
+  DataBuffer& operator=(const DataBuffer& other) {
+    if (&other != this) {
+      Assign(other);
+    }
+    return *this;
+  }
+
+  void Allocate(size_t len) {
+    delete[] data_;
+    data_ = new uint8_t[len ? len : 1];  // Don't depend on new [0].
+    len_ = len;
+  }
+
+  void Truncate(size_t len) { len_ = std::min(len_, len); }
+
+  void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
+
+  void Assign(const uint8_t* data, size_t len) {
+    if (data) {
+      Allocate(len);
+      memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
+    } else {
+      assert(len == 0);
+      data_ = nullptr;
+      len_ = 0;
+    }
+  }
+
+  // Write will do a new allocation and expand the size of the buffer if needed.
+  // Returns the offset of the end of the write.
+  size_t Write(size_t index, const uint8_t* val, size_t count) {
+    if (index + count > len_) {
+      size_t newlen = index + count;
+      uint8_t* tmp = new uint8_t[newlen];  // Always > 0.
+      memcpy(static_cast<void*>(tmp), static_cast<const void*>(data_), len_);
+      if (index > len_) {
+        memset(static_cast<void*>(tmp + len_), 0, index - len_);
+      }
+      delete[] data_;
+      data_ = tmp;
+      len_ = newlen;
+    }
+    memcpy(static_cast<void*>(data_ + index), static_cast<const void*>(val),
+           count);
+    return index + count;
+  }
+
+  size_t Write(size_t index, const DataBuffer& buf) {
+    return Write(index, buf.data(), buf.len());
+  }
+
+  // Write an integer, also performing host-to-network order conversion.
+  // Returns the offset of the end of the write.
+  size_t Write(size_t index, uint32_t val, size_t count) {
+    assert(count <= sizeof(uint32_t));
+    uint32_t nvalue = htonl(val);
+    auto* addr = reinterpret_cast<const uint8_t*>(&nvalue);
+    return Write(index, addr + sizeof(uint32_t) - count, count);
+  }
+
+  // This can't use the same trick as Write(), since we might be reading from a
+  // smaller data source.
+  bool Read(size_t index, size_t count, uint32_t* val) const {
+    assert(count < sizeof(uint32_t));
+    assert(val);
+    if ((index > len()) || (count > (len() - index))) {
+      return false;
+    }
+    *val = 0;
+    for (size_t i = 0; i < count; ++i) {
+      *val = (*val << 8) | data()[index + i];
+    }
+    return true;
+  }
+
+  // Starting at |index|, remove |remove| bytes and replace them with the
+  // contents of |buf|.
+  void Splice(const DataBuffer& buf, size_t index, size_t remove = 0) {
+    Splice(buf.data(), buf.len(), index, remove);
+  }
+
+  void Splice(const uint8_t* ins, size_t ins_len, size_t index,
+              size_t remove = 0) {
+    uint8_t* old_value = data_;
+    size_t old_len = len_;
+
+    // The amount of stuff remaining from the tail of the old.
+    size_t tail_len = old_len - std::min(old_len, index + remove);
+    // The new length: the head of the old, the new, and the tail of the old.
+    len_ = index + ins_len + tail_len;
+    data_ = new uint8_t[len_ ? len_ : 1];
+
+    // The head of the old.
+    Write(0, old_value, std::min(old_len, index));
+    // Maybe a gap.
+    if (index > old_len) {
+      memset(old_value + index, 0, index - old_len);
+    }
+    // The new.
+    Write(index, ins, ins_len);
+    // The tail of the old.
+    if (tail_len > 0) {
+      Write(index + ins_len, old_value + index + remove, tail_len);
+    }
+
+    delete[] old_value;
+  }
+
+  void Append(const DataBuffer& buf) { Splice(buf, len_); }
+
+  const uint8_t* data() const { return data_; }
+  uint8_t* data() { return data_; }
+  size_t len() const { return len_; }
+  bool empty() const { return len_ == 0; }
+
+ private:
+  uint8_t* data_;
+  size_t len_;
+};
+
+static const size_t kMaxBufferPrint = 32;
+
+inline std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf) {
+  stream << "[" << buf.len() << "] ";
+  for (size_t i = 0; i < buf.len(); ++i) {
+    if (!g_ssl_gtest_verbose && i >= kMaxBufferPrint) {
+      stream << "...";
+      break;
+    }
+    stream << std::hex << std::setfill('0') << std::setw(2)
+           << static_cast<unsigned>(buf.data()[i]);
+  }
+  stream << std::dec;
+  return stream;
+}
+
+inline bool operator==(const DataBuffer& a, const DataBuffer& b) {
+  return (a.empty() && b.empty()) ||
+         (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
+}
+
+inline bool operator!=(const DataBuffer& a, const DataBuffer& b) {
+  return !(a == b);
+}
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/external_tests/ssl_gtest/gtest_utils.h b/nss/external_tests/ssl_gtest/gtest_utils.h
new file mode 100644
index 0000000..3ecd96c
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/gtest_utils.h
@@ -0,0 +1,57 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef gtest_utils_h__
+#define gtest_utils_h__
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+#include "test_io.h"
+
+namespace nss_test {
+
+// Gtest utilities
+class Timeout : public PollTarget {
+ public:
+  Timeout(int32_t timer_ms) : handle_(nullptr) {
+    Poller::Instance()->SetTimer(timer_ms, this, &Timeout::ExpiredCallback,
+                                 &handle_);
+  }
+  ~Timeout() {
+    if (handle_) {
+      handle_->Cancel();
+    }
+  }
+
+  static void ExpiredCallback(PollTarget* target, Event event) {
+    Timeout* timeout = static_cast<Timeout*>(target);
+    timeout->handle_ = nullptr;
+  }
+
+  bool timed_out() const { return !handle_; }
+
+ private:
+  Poller::Timer* handle_;
+};
+
+}  // namespace nss_test
+
+#define WAIT_(expression, timeout) \
+  do {                             \
+    Timeout tm(timeout);           \
+    while (!(expression)) {        \
+      Poller::Instance()->Poll();  \
+      if (tm.timed_out()) break;   \
+    }                              \
+  } while (0)
+
+#define ASSERT_TRUE_WAIT(expression, timeout) \
+  do {                                        \
+    WAIT_(expression, timeout);               \
+    ASSERT_TRUE(expression);                  \
+  } while (0)
+
+#endif
diff --git a/nss/external_tests/ssl_gtest/libssl_internals.c b/nss/external_tests/ssl_gtest/libssl_internals.c
new file mode 100644
index 0000000..b96c65a
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/libssl_internals.c
@@ -0,0 +1,285 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file contains functions for frobbing the internals of libssl */
+#include "libssl_internals.h"
+
+#include "nss.h"
+#include "pk11pub.h"
+#include "seccomon.h"
+#include "ssl.h"
+#include "sslimpl.h"
+
+SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  ++ss->clientHelloVersion;
+
+  return SECSuccess;
+}
+
+// This function guesses what key exchange strength libssl will choose.
+PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
+                                 const SSLCipherSuiteInfo *info) {
+  PRUint32 authBits;
+  SSLAuthType authAlgorithm = info->authType;
+  if (authAlgorithm == ssl_auth_ecdsa || authAlgorithm == ssl_auth_ecdh_rsa ||
+      authAlgorithm == ssl_auth_ecdh_ecdsa) {
+    authBits = serverKeyBits;
+  } else {
+    PORT_Assert(authAlgorithm == ssl_auth_rsa_decrypt ||
+                authAlgorithm == ssl_auth_rsa_sign);
+    authBits = SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyBits);
+  }
+
+  // We expect a curve for key exchange to be selected based on the symmetric
+  // key strength (times 2) or the server key size, whichever is smaller.
+  PRUint32 targetKeaBits = PR_MIN(info->symKeyBits * 2, authBits);
+
+  // P-256 is the preferred curve of minimum size.
+  return PR_MAX(256U, targetKeaBits);
+}
+
+/* Use this function to update the ClientRandom of a client's handshake state
+ * after replacing its ClientHello message. We for example need to do this
+ * when replacing an SSLv3 ClientHello with its SSLv2 equivalent. */
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  SECStatus rv = ssl3_InitState(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+
+  rv = ssl3_RestartHandshakeHashes(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+
+  // Zero the client_random struct.
+  PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
+
+  // Copy over the challenge bytes.
+  size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
+  PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
+
+  // Rehash the SSLv2 client hello message.
+  return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
+}
+
+PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
+}
+
+void SSLInt_ClearSessionTicketKey() {
+  ssl3_SessionTicketShutdown(NULL, NULL);
+  NSS_UnregisterShutdown(ssl3_SessionTicketShutdown, NULL);
+}
+
+SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (ss) {
+    ss->ssl3.mtu = mtu;
+    return SECSuccess;
+  }
+  return SECFailure;
+}
+
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd) {
+  PRCList *cur_p;
+  PRInt32 ct = 0;
+
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return -1;
+  }
+
+  for (cur_p = PR_NEXT_LINK(&ss->ssl3.hs.cipherSpecs);
+       cur_p != &ss->ssl3.hs.cipherSpecs; cur_p = PR_NEXT_LINK(cur_p)) {
+    ++ct;
+  }
+  return ct;
+}
+
+/* Force a timer expiry by backdating when the timer was started.
+ * We could set the remaining time to 0 but then backoff would not
+ * work properly if we decide to test it. */
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return;
+  }
+
+  if (!ss->ssl3.hs.rtTimerCb) return;
+
+  ss->ssl3.hs.rtTimerStarted =
+      PR_IntervalNow() - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
+}
+
+#define CHECK_SECRET(secret)                  \
+  if (ss->ssl3.hs.secret) {                   \
+    fprintf(stderr, "%s != NULL\n", #secret); \
+    return PR_FALSE;                          \
+  }
+
+PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  CHECK_SECRET(currentSecret);
+  CHECK_SECRET(resumptionPsk);
+  CHECK_SECRET(dheSecret);
+  CHECK_SECRET(earlyTrafficSecret);
+  CHECK_SECRET(hsTrafficSecret);
+
+  return PR_TRUE;
+}
+
+PRBool sslint_DamageTrafficSecret(PRFileDesc *fd, size_t offset) {
+  unsigned char data[32] = {0};
+  PK11SymKey **keyPtr;
+  PK11SlotInfo *slot = PK11_GetInternalSlot();
+  SECItem key_item = {siBuffer, data, sizeof(data)};
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+  if (!slot) {
+    return PR_FALSE;
+  }
+  keyPtr = (PK11SymKey **)((char *)&ss->ssl3.hs + offset);
+  if (!*keyPtr) {
+    return PR_FALSE;
+  }
+  PK11_FreeSymKey(*keyPtr);
+  *keyPtr = PK11_ImportSymKey(slot, CKM_NSS_HKDF_SHA256, PK11_OriginUnwrap,
+                              CKA_DERIVE, &key_item, NULL);
+  PK11_FreeSlot(slot);
+  if (!*keyPtr) {
+    return PR_FALSE;
+  }
+
+  return PR_TRUE;
+}
+
+PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd) {
+  return sslint_DamageTrafficSecret(
+      fd, offsetof(SSL3HandshakeState, hsTrafficSecret));
+}
+
+PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd) {
+  return sslint_DamageTrafficSecret(
+      fd, offsetof(SSL3HandshakeState, earlyTrafficSecret));
+}
+
+SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  ss->ssl3.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
+  if (ss->ssl3.nextProto.data) {
+    SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
+  }
+  if (!SECITEM_AllocItem(NULL, &ss->ssl3.nextProto, len)) return SECFailure;
+  PORT_Memcpy(ss->ssl3.nextProto.data, data, len);
+
+  return SECSuccess;
+}
+
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  return (PRBool)(!!ssl_FindServerCertByAuthType(ss, authType));
+}
+
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  SECStatus rv = SSL3_SendAlert(ss, level, type);
+  if (rv != SECSuccess) return PR_FALSE;
+
+  return PR_TRUE;
+}
+
+SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to) {
+  PRUint64 epoch;
+  sslSocket *ss;
+  ssl3CipherSpec *spec;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+  if (to >= (1ULL << 48)) {
+    return SECFailure;
+  }
+  ssl_GetSpecWriteLock(ss);
+  spec = ss->ssl3.crSpec;
+  epoch = spec->read_seq_num >> 48;
+  spec->read_seq_num = (epoch << 48) | to;
+
+  /* For DTLS, we need to fix the record sequence number.  For this, we can just
+   * scrub the entire structure on the assumption that the new sequence number
+   * is far enough past the last received sequence number. */
+  if (to <= spec->recvdRecords.right + DTLS_RECVD_RECORDS_WINDOW) {
+    return SECFailure;
+  }
+  dtls_RecordSetRecvd(&spec->recvdRecords, to);
+
+  ssl_ReleaseSpecWriteLock(ss);
+  return SECSuccess;
+}
+
+SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to) {
+  PRUint64 epoch;
+  sslSocket *ss;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+  if (to >= (1ULL << 48)) {
+    return SECFailure;
+  }
+  ssl_GetSpecWriteLock(ss);
+  epoch = ss->ssl3.cwSpec->write_seq_num >> 48;
+  ss->ssl3.cwSpec->write_seq_num = (epoch << 48) | to;
+  ssl_ReleaseSpecWriteLock(ss);
+  return SECSuccess;
+}
+
+SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra) {
+  sslSocket *ss;
+  sslSequenceNumber to;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+  ssl_GetSpecReadLock(ss);
+  to = ss->ssl3.cwSpec->write_seq_num + DTLS_RECVD_RECORDS_WINDOW + extra;
+  ssl_ReleaseSpecReadLock(ss);
+  return SSLInt_AdvanceWriteSeqNum(fd, to & RECORD_SEQ_MAX);
+}
diff --git a/nss/external_tests/ssl_gtest/libssl_internals.h b/nss/external_tests/ssl_gtest/libssl_internals.h
new file mode 100644
index 0000000..4c543ee
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/libssl_internals.h
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef libssl_internals_h_
+#define libssl_internals_h_
+
+#include <stdint.h>
+
+#include "prio.h"
+#include "seccomon.h"
+#include "sslt.h"
+
+SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
+
+PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits,
+                                 const SSLCipherSuiteInfo *info);
+
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len);
+
+PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
+void SSLInt_ClearSessionTicketKey();
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd);
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd);
+SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu);
+PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd);
+PRBool SSLInt_DamageHsTrafficSecret(PRFileDesc *fd);
+PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd);
+SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len);
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType);
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type);
+SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to);
+SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to);
+SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra);
+
+#endif  // ndef libssl_internals_h_
diff --git a/nss/external_tests/ssl_gtest/manifest.mn b/nss/external_tests/ssl_gtest/manifest.mn
new file mode 100644
index 0000000..540f518
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/manifest.mn
@@ -0,0 +1,52 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+# These sources have access to libssl internals
+CSRCS = \
+      libssl_internals.c \
+      $(NULL)
+
+CPPSRCS = \
+      ssl_0rtt_unittest.cc \
+      ssl_agent_unittest.cc \
+      ssl_auth_unittest.cc \
+      ssl_cert_ext_unittest.cc \
+      ssl_ciphersuite_unittest.cc \
+      ssl_damage_unittest.cc \
+      ssl_dhe_unittest.cc \
+      ssl_drop_unittest.cc \
+      ssl_ecdh_unittest.cc \
+      ssl_ems_unittest.cc \
+      ssl_extension_unittest.cc \
+      ssl_gtest.cc \
+      ssl_hrr_unittest.cc \
+      ssl_loopback_unittest.cc \
+      ssl_record_unittest.cc \
+      ssl_resumption_unittest.cc \
+      ssl_skip_unittest.cc \
+      ssl_staticrsa_unittest.cc \
+      ssl_v2_client_hello_unittest.cc \
+      ssl_version_unittest.cc \
+      test_io.cc \
+      tls_agent.cc \
+      tls_connect.cc \
+      tls_hkdf_unittest.cc \
+      tls_filter.cc \
+      tls_parser.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/external_tests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = ssl_gtest
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+             $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
+
+USE_STATIC_LIBS = 1
diff --git a/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc b/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
new file mode 100644
index 0000000..12cf42f
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_0rtt_unittest.cc
@@ -0,0 +1,196 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectTls13, ZeroRtt) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+  SendReceive();
+}
+
+TEST_P(TlsConnectTls13, ZeroRttServerRejectByOption) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(false);
+  Handshake();
+  CheckConnected();
+  SendReceive();
+}
+
+TEST_P(TlsConnectTls13, ZeroRttServerForgetTicket) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ClearServerCache();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  ZeroRttSendReceive(false);
+  Handshake();
+  CheckConnected();
+  SendReceive();
+}
+
+TEST_P(TlsConnectTls13, ZeroRttServerOnly) {
+  ExpectResumption(RESUME_NONE);
+  server_->Set0RttEnabled(true);
+  client_->StartConnect();
+  server_->StartConnect();
+
+  // Client sends ordinary ClientHello.
+  client_->Handshake();
+
+  // Verify that the server doesn't get data.
+  uint8_t buf[100];
+  PRInt32 rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+
+  // Now make sure that things complete.
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpn) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  EnableAlpn();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ExpectEarlyDataAccepted(true);
+  ZeroRttSendReceive(true, [this]() {
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckAlpn("a");
+}
+
+// Have the server negotiate a different ALPN value, and therefore
+// reject 0-RTT.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpnChangeServer) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  static const uint8_t client_alpn[] = {0x01, 0x61, 0x01, 0x62};  // "a", "b"
+  static const uint8_t server_alpn[] = {0x01, 0x62};              // "b"
+  client_->EnableAlpn(client_alpn, sizeof(client_alpn));
+  server_->EnableAlpn(server_alpn, sizeof(server_alpn));
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(false, [this]() {
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckAlpn("b");
+}
+
+// Check that the client validates the ALPN selection of the server.
+// Stomp the ALPN on the client after sending the ClientHello so
+// that the server selection appears to be incorrect. The client
+// should then fail the connection.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnServer) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  EnableAlpn();
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, [this]() {
+    PRUint8 b[] = {'b'};
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, sizeof(b)));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
+  Handshake();
+  client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+// Set up with no ALPN and then set the client so it thinks it has ALPN.
+// The server responds without the extension and the client returns an
+// error.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnClient) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, [this]() {
+    PRUint8 b[] = {'b'};
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
+  Handshake();
+  client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+// Remove the old ALPN value and so the client will not offer early data.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpnChangeBoth) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  static const uint8_t alpn[] = {0x01, 0x62};  // "b"
+  EnableAlpn(alpn, sizeof(alpn));
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(false, [this]() {
+    client_->CheckAlpn(SSL_NEXT_PROTO_NO_SUPPORT);
+    return false;
+  });
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckAlpn("b");
+}
+
+TEST_F(TlsConnectTest, DamageSecretHandleZeroRttClientFinished) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  client_->SetPacketFilter(new AfterRecordN(
+      client_, server_,
+      0,  // ClientHello.
+      [this]() { SSLInt_DamageEarlyTrafficSecret(server_->ssl_fd()); }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc b/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
new file mode 100644
index 0000000..e459530
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc
@@ -0,0 +1,254 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "databuffer.h"
+#include "tls_agent.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// This is a 1-RTT ClientHello with ECDHE and DHE.
+const static uint8_t kCannedTls13ClientHello[] = {
+    0x01, 0x00, 0x01, 0xfc, 0x03, 0x04, 0x77, 0x5c, 0x3a, 0xd8, 0x3f, 0x43,
+    0x63, 0x98, 0xfa, 0x68, 0xfb, 0x01, 0x39, 0xff, 0x7c, 0x1a, 0x51, 0xa7,
+    0x92, 0xda, 0x97, 0xf5, 0x15, 0x78, 0xb3, 0xbb, 0x26, 0xa7, 0xed, 0x6f,
+    0x69, 0x71, 0x00, 0x00, 0x2a, 0xc0, 0x2b, 0xc0, 0x2f, 0xcc, 0xa9, 0xcc,
+    0xa8, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0x00, 0x9e, 0xcc,
+    0xaa, 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x38, 0x00, 0x16, 0x00,
+    0x13, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01,
+    0x00, 0x01, 0xa9, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
+    0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+    0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
+    0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0xff, 0x02, 0x00, 0x02, 0x00,
+    0x0e, 0x00, 0x28, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04,
+    0xbf, 0x31, 0xb4, 0x29, 0x96, 0xf4, 0xe6, 0x4a, 0xe3, 0xea, 0x87, 0x05,
+    0x38, 0x0e, 0x68, 0x02, 0xbc, 0x4a, 0x5d, 0x90, 0xed, 0xe7, 0xaa, 0x8e,
+    0xb8, 0x42, 0x84, 0xaa, 0x3a, 0x4f, 0x2b, 0xe3, 0x52, 0x9a, 0x9a, 0x76,
+    0xab, 0xf8, 0x2e, 0x59, 0xea, 0xcd, 0x2b, 0x2f, 0x03, 0x18, 0xd2, 0x0c,
+    0xc9, 0x07, 0x15, 0xca, 0xe6, 0x61, 0xf7, 0x79, 0x9f, 0xfe, 0xc5, 0x10,
+    0x40, 0x9e, 0x38, 0x33, 0x01, 0x00, 0x01, 0x00, 0xd8, 0x80, 0x1f, 0x06,
+    0x9a, 0xbb, 0xf7, 0xbb, 0xd4, 0x5c, 0x75, 0x1d, 0x8e, 0x09, 0x27, 0xad,
+    0x08, 0xb8, 0x16, 0x0f, 0x4f, 0x50, 0x79, 0xe1, 0x7e, 0xd4, 0x3b, 0xc0,
+    0x57, 0xcc, 0x00, 0x5e, 0x28, 0xd8, 0xb3, 0x16, 0x7f, 0x36, 0x48, 0x75,
+    0x8d, 0x03, 0xa4, 0x71, 0x86, 0x06, 0xf0, 0xe7, 0x57, 0x47, 0x35, 0xf0,
+    0x04, 0xfb, 0xf7, 0x6c, 0x7a, 0xdd, 0x05, 0x93, 0x53, 0x16, 0x12, 0x49,
+    0xbe, 0x35, 0x67, 0x47, 0x6e, 0x3a, 0x91, 0xef, 0x50, 0x09, 0x14, 0x98,
+    0x8b, 0x83, 0xc4, 0x62, 0x77, 0xf3, 0x57, 0x53, 0x3f, 0xf4, 0x82, 0xc0,
+    0x70, 0x25, 0x19, 0x9d, 0x93, 0xe2, 0xb9, 0x7b, 0xb4, 0x83, 0x31, 0xef,
+    0xd8, 0x3b, 0xd5, 0x25, 0x70, 0x64, 0x29, 0xa2, 0xc2, 0xc5, 0x73, 0x9a,
+    0xfe, 0x27, 0xca, 0xc0, 0x55, 0x34, 0x91, 0x95, 0x05, 0xbf, 0x5e, 0x54,
+    0x4d, 0x95, 0x43, 0x3d, 0x54, 0x6a, 0x89, 0x0b, 0x5e, 0xab, 0x08, 0x7b,
+    0xf8, 0x38, 0x0a, 0x56, 0x51, 0x9d, 0xbc, 0xdd, 0x46, 0xa9, 0xfc, 0x95,
+    0xe9, 0x75, 0x1c, 0xc8, 0x18, 0x7f, 0xed, 0xa9, 0xca, 0xb6, 0x5e, 0x77,
+    0x63, 0x33, 0xb1, 0xb5, 0x68, 0xce, 0xa5, 0x98, 0xec, 0x8c, 0x34, 0x98,
+    0x1c, 0xa9, 0xa5, 0x84, 0xec, 0xe6, 0xba, 0x0b, 0x11, 0xbf, 0x40, 0xa5,
+    0xf0, 0x3c, 0xd5, 0xd3, 0xac, 0x2f, 0x46, 0xed, 0xab, 0xc0, 0xc1, 0x78,
+    0x3f, 0x18, 0x64, 0x5b, 0xff, 0x31, 0xeb, 0x74, 0x06, 0x92, 0x42, 0x1e,
+    0x90, 0xf7, 0xea, 0xa5, 0x02, 0x33, 0x8e, 0x01, 0xe3, 0xfa, 0x70, 0x82,
+    0xe5, 0xe7, 0x67, 0x8b, 0x96, 0x20, 0x13, 0x2e, 0x65, 0x86, 0xab, 0x28,
+    0xc8, 0x1b, 0xfe, 0xb4, 0x98, 0xed, 0xa4, 0xa0, 0xee, 0xf9, 0x53, 0x74,
+    0x30, 0xac, 0x79, 0x2d, 0xf2, 0x92, 0xd0, 0x5e, 0x10, 0xd7, 0xb9, 0x41,
+    0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01,
+    0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03, 0x05, 0x02,
+    0x04, 0x02, 0x02, 0x02, 0x00, 0x15, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+const static uint8_t kCannedTls13ServerHello[] = {
+    0x03, 0x04, 0xe9, 0x01, 0xa0, 0x81, 0x37, 0x97, 0xaa, 0x8c, 0x7e, 0x21,
+    0x1c, 0x66, 0x3f, 0xa4, 0x0f, 0x4d, 0x74, 0x7a, 0xcd, 0x4b, 0xe1, 0x7f,
+    0x37, 0x85, 0x14, 0xb5, 0x7e, 0x30, 0x15, 0x91, 0xdf, 0x18, 0xc0, 0x2f,
+    0x00, 0x49, 0x00, 0x28, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x1a,
+    0x53, 0x9b, 0x39, 0xe6, 0xda, 0x66, 0xfc, 0x8a, 0x75, 0x68, 0xb7, 0x73,
+    0xc7, 0x21, 0x1f, 0x01, 0x04, 0x54, 0xb4, 0x99, 0x1f, 0x0b, 0x7e, 0xea,
+    0x95, 0xec, 0x78, 0x5c, 0x37, 0x7c, 0x31, 0x56, 0x04, 0xc8, 0xbf, 0x79,
+    0x47, 0x56, 0xb9, 0x87, 0x06, 0xc1, 0xfc, 0x63, 0x09, 0x5d, 0xfc, 0x1a,
+    0x9e, 0x2b, 0xb9, 0xca, 0xdb, 0x0e, 0x10, 0xec, 0xd5, 0x95, 0x0d, 0x0a,
+    0x5e, 0x3c, 0xf7};
+
+static const char *k0RttData = "ABCDEF";
+
+TEST_P(TlsAgentTest, EarlyFinished) {
+  DataBuffer buffer;
+  MakeTrivialHandshakeRecord(kTlsHandshakeFinished, 0, &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_FINISHED);
+}
+
+TEST_P(TlsAgentTest, EarlyCertificateVerify) {
+  DataBuffer buffer;
+  MakeTrivialHandshakeRecord(kTlsHandshakeCertificateVerify, 0, &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
+}
+
+TEST_P(TlsAgentTestClient, CannedHello) {
+  DataBuffer buffer;
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  DataBuffer server_hello_inner(kCannedTls13ServerHello,
+                                sizeof(kCannedTls13ServerHello));
+  uint16_t wire_version =
+      mode_ == STREAM ? SSL_LIBRARY_VERSION_TLS_1_3
+                      : TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  server_hello_inner.Write(0, wire_version, 2);
+  DataBuffer server_hello;
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), server_hello.len(), &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+}
+
+TEST_P(TlsAgentTestClient, EncryptedExtensionsInClear) {
+  DataBuffer buffer;
+  DataBuffer server_hello_inner(kCannedTls13ServerHello,
+                                sizeof(kCannedTls13ServerHello));
+  server_hello_inner.Write(
+      0, mode_ == STREAM ? SSL_LIBRARY_VERSION_TLS_1_3
+                         : TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3),
+      2);
+  DataBuffer server_hello;
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
+  DataBuffer encrypted_extensions;
+  MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
+                       &encrypted_extensions, 1);
+  server_hello.Append(encrypted_extensions);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), server_hello.len(), &buffer);
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+}
+
+TEST_F(TlsAgentStreamTestClient, EncryptedExtensionsInClearTwoPieces) {
+  DataBuffer buffer;
+  DataBuffer buffer2;
+  DataBuffer server_hello_inner(kCannedTls13ServerHello,
+                                sizeof(kCannedTls13ServerHello));
+  server_hello_inner.Write(0, SSL_LIBRARY_VERSION_TLS_1_3, 2);
+  DataBuffer server_hello;
+  MakeHandshakeMessage(kTlsHandshakeServerHello, server_hello_inner.data(),
+                       server_hello_inner.len(), &server_hello);
+  DataBuffer encrypted_extensions;
+  MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
+                       &encrypted_extensions, 1);
+  server_hello.Append(encrypted_extensions);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), 20, &buffer);
+
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data() + 20, server_hello.len() - 20, &buffer2);
+
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+  ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+}
+
+TEST_F(TlsAgentDgramTestClient, EncryptedExtensionsInClearTwoPieces) {
+  DataBuffer buffer;
+  DataBuffer buffer2;
+  DataBuffer server_hello_inner(kCannedTls13ServerHello,
+                                sizeof(kCannedTls13ServerHello));
+  server_hello_inner.Write(
+      0, TlsVersionToDtlsVersion(SSL_LIBRARY_VERSION_TLS_1_3), 2);
+  DataBuffer server_hello_frag1;
+  MakeHandshakeMessageFragment(
+      kTlsHandshakeServerHello, server_hello_inner.data(),
+      server_hello_inner.len(), &server_hello_frag1, 0, 0, 20);
+  DataBuffer server_hello_frag2;
+  MakeHandshakeMessageFragment(kTlsHandshakeServerHello,
+                               server_hello_inner.data() + 20,
+                               server_hello_inner.len(), &server_hello_frag2, 0,
+                               20, server_hello_inner.len() - 20);
+  DataBuffer encrypted_extensions;
+  MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
+                       &encrypted_extensions, 1);
+  server_hello_frag2.Append(encrypted_extensions);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag1.data(), server_hello_frag1.len(), &buffer);
+
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag2.data(), server_hello_frag2.len(), &buffer2, 1);
+
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+  ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+}
+
+TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenWrite) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+  agent_->Set0RttEnabled(true);
+  auto filter =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeClientHello);
+  agent_->SetPacketFilter(filter);
+  PRInt32 rv = PR_Write(agent_->ssl_fd(), k0RttData, strlen(k0RttData));
+  EXPECT_EQ(-1, rv);
+  int32_t err = PORT_GetError();
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, err);
+  EXPECT_LT(0UL, filter->buffer().len());
+}
+
+TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenRead) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+  agent_->Set0RttEnabled(true);
+  DataBuffer buffer;
+  MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
+}
+
+// The server is allowing 0-RTT but the client doesn't offer it,
+// so trial decryption isn't engaged and 0-RTT messages cause
+// an error.
+TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+  agent_->Set0RttEnabled(true);
+  DataBuffer buffer;
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             kCannedTls13ClientHello, sizeof(kCannedTls13ClientHello), &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+  MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR, SSL_ERROR_BAD_MAC_READ);
+}
+
+INSTANTIATE_TEST_CASE_P(
+    AgentTests, TlsAgentTest,
+    ::testing::Combine(TlsAgentTestBase::kTlsRolesAll,
+                       TlsConnectTestBase::kTlsModesStream));
+INSTANTIATE_TEST_CASE_P(ClientTests, TlsAgentTestClient,
+                        TlsConnectTestBase::kTlsModesAll);
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc b/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
new file mode 100644
index 0000000..184e88e
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_auth_unittest.cc
@@ -0,0 +1,523 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGeneric, ServerAuthBigRsa) {
+  Reset(TlsAgent::kRsa2048);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+TEST_P(TlsConnectGeneric, ClientAuth) {
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+// In TLS 1.3, the client sends its cert rejection on the
+// second flight, and since it has already received the
+// server's Finished, it transitions to complete and
+// then gets an alert from the server. The test harness
+// doesn't handle this right yet.
+TEST_P(TlsConnectStream, DISABLED_ClientAuthRequiredRejected) {
+  server_->RequestClientAuth(true);
+  ConnectExpectFail();
+}
+
+TEST_P(TlsConnectGeneric, ClientAuthRequestedRejected) {
+  server_->RequestClientAuth(false);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+TEST_P(TlsConnectGeneric, ClientAuthEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+TEST_P(TlsConnectGeneric, ClientAuthBigRsa) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+// Offset is the position in the captured buffer where the signature sits.
+static void CheckSigScheme(TlsInspectorRecordHandshakeMessage* capture,
+                           size_t offset, TlsAgent* peer,
+                           uint16_t expected_scheme, size_t expected_size) {
+  EXPECT_LT(offset + 2U, capture->buffer().len());
+
+  uint32_t scheme = 0;
+  capture->buffer().Read(offset, 2, &scheme);
+  EXPECT_EQ(expected_scheme, static_cast<uint16_t>(scheme));
+
+  ScopedCERTCertificate remote_cert(SSL_PeerCertificate(peer->ssl_fd()));
+  ScopedSECKEYPublicKey remote_key(CERT_ExtractPublicKey(remote_cert.get()));
+  EXPECT_EQ(expected_size, SECKEY_PublicKeyStrengthInBits(remote_key.get()));
+}
+
+// The server should prefer SHA-256 by default, even for the small key size used
+// in the default certificate.
+TEST_P(TlsConnectTls12, ServerAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_ske =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(capture_ske);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  const DataBuffer& buffer = capture_ske->buffer();
+  EXPECT_LT(3U, buffer.len());
+  EXPECT_EQ(3U, buffer.data()[0]) << "curve_type == named_curve";
+  uint32_t tmp;
+  EXPECT_TRUE(buffer.Read(1, 2, &tmp)) << "read NamedCurve";
+  EXPECT_EQ(ssl_grp_ec_secp256r1, tmp);
+  EXPECT_TRUE(buffer.Read(3, 1, &tmp)) << " read ECPoint";
+  CheckSigScheme(capture_ske, 4 + tmp, client_, kTlsSigSchemeRsaPssSha256,
+                 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_cert_verify =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  CheckSigScheme(capture_cert_verify, 0, server_, kTlsSigSchemeRsaPkcs1Sha1,
+                 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthBigRsaCheckSigAlg) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  auto capture_cert_verify =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  CheckSigScheme(capture_cert_verify, 0, server_, kTlsSigSchemeRsaPssSha256,
+                 2048);
+}
+
+static const SSLSignatureAndHashAlg SignatureEcdsaSha384[] = {
+    {ssl_hash_sha384, ssl_sign_ecdsa}};
+static const SSLSignatureAndHashAlg SignatureEcdsaSha256[] = {
+    {ssl_hash_sha256, ssl_sign_ecdsa}};
+static const SSLSignatureAndHashAlg SignatureRsaSha384[] = {
+    {ssl_hash_sha384, ssl_sign_rsa}};
+static const SSLSignatureAndHashAlg SignatureRsaSha256[] = {
+    {ssl_hash_sha256, ssl_sign_rsa}};
+
+// When signature algorithms match up, this should connect successfully; even
+// for TLS 1.1 and 1.0, where they should be ignored.
+TEST_P(TlsConnectGeneric, SignatureAlgorithmServerAuth) {
+  Reset(TlsAgent::kServerEcdsa384);
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+// Here the client picks a single option, which should work in all versions.
+// Defaults on the server include the first option.
+TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) {
+  const SSLSignatureAndHashAlg clientAlgorithms[] = {
+      {ssl_hash_sha384, ssl_sign_ecdsa},
+      {ssl_hash_sha384, ssl_sign_rsa},  // supported but unusable
+      {ssl_hash_md5, ssl_sign_ecdsa}    // unsupported and ignored
+  };
+  Reset(TlsAgent::kServerEcdsa384);
+  client_->SetSignatureAlgorithms(clientAlgorithms,
+                                  PR_ARRAY_SIZE(clientAlgorithms));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+// Here the server picks a single option, which should work in all versions.
+// Defaults on the client include the provided option.
+TEST_P(TlsConnectGeneric, SignatureAlgorithmServerOnly) {
+  Reset(TlsAgent::kServerEcdsa384);
+  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+// In TlS 1.2, a P-256 cert can be used with SHA-384.
+TEST_P(TlsConnectTls12, SignatureSchemeCurveMismatch12) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+#ifdef NSS_ENABLE_TLS_1_3
+TEST_P(TlsConnectTls13, SignatureAlgorithmServerUnsupported) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
+  server_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectTls13, SignatureAlgorithmClientUnsupported) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+#endif
+
+// Where there is no overlap on signature schemes, we still connect successfully
+// if we aren't going to use a signature.
+TEST_P(TlsConnectGenericPre13, SignatureAlgorithmNoOverlapStaticRsa) {
+  client_->SetSignatureAlgorithms(SignatureRsaSha384,
+                                  PR_ARRAY_SIZE(SignatureRsaSha384));
+  server_->SetSignatureAlgorithms(SignatureRsaSha256,
+                                  PR_ARRAY_SIZE(SignatureRsaSha256));
+  EnableOnlyStaticRsaCiphers();
+  Connect();
+  CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt);
+}
+
+TEST_P(TlsConnectTls12Plus, SignatureAlgorithmNoOverlapEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha256));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+}
+
+// Pre 1.2, a mismatch on signature algorithms shouldn't affect anything.
+TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureAlgorithms(SignatureEcdsaSha384,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha384));
+  server_->SetSignatureAlgorithms(SignatureEcdsaSha256,
+                                  PR_ARRAY_SIZE(SignatureEcdsaSha256));
+  Connect();
+}
+
+TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
+  server_->SetSignatureAlgorithms(SignatureRsaSha384,
+                                  PR_ARRAY_SIZE(SignatureRsaSha384));
+  server_->RequestClientAuth(false);
+  Connect();
+}
+
+class BeforeFinished : public TlsRecordFilter {
+ private:
+  enum HandshakeState { BEFORE_CCS, AFTER_CCS, DONE };
+
+ public:
+  BeforeFinished(TlsAgent* client, TlsAgent* server, VoidFunction before_ccs,
+                 VoidFunction before_finished)
+      : client_(client),
+        server_(server),
+        before_ccs_(before_ccs),
+        before_finished_(before_finished),
+        state_(BEFORE_CCS) {}
+
+ protected:
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& body,
+                                            DataBuffer* out) {
+    switch (state_) {
+      case BEFORE_CCS:
+        // Awaken when we see the CCS.
+        if (header.content_type() == kTlsChangeCipherSpecType) {
+          before_ccs_();
+
+          // Write the CCS out as a separate write, so that we can make
+          // progress. Ordinarily, libssl sends the CCS and Finished together,
+          // but that means that they both get processed together.
+          DataBuffer ccs;
+          header.Write(&ccs, 0, body);
+          server_->SendDirect(ccs);
+          client_->Handshake();
+          state_ = AFTER_CCS;
+          // Request that the original record be dropped by the filter.
+          return DROP;
+        }
+        break;
+
+      case AFTER_CCS:
+        EXPECT_EQ(kTlsHandshakeType, header.content_type());
+        // This could check that data contains a Finished message, but it's
+        // encrypted, so that's too much extra work.
+
+        before_finished_();
+        state_ = DONE;
+        break;
+
+      case DONE:
+        break;
+    }
+    return KEEP;
+  }
+
+ private:
+  TlsAgent* client_;
+  TlsAgent* server_;
+  VoidFunction before_ccs_;
+  VoidFunction before_finished_;
+  HandshakeState state_;
+};
+
+// Running code after the client has started processing the encrypted part of
+// the server's first flight, but before the Finished is processed is very hard
+// in TLS 1.3.  These encrypted messages are sent in a single encrypted blob.
+// The following test uses DTLS to make it possible to force the client to
+// process the handshake in pieces.
+//
+// The first encrypted message from the server is dropped, and the MTU is
+// reduced to just below the original message size so that the server sends two
+// messages.  The Finished message is then processed separately.
+class BeforeFinished13 : public PacketFilter {
+ private:
+  enum HandshakeState {
+    INIT,
+    BEFORE_FIRST_FRAGMENT,
+    BEFORE_SECOND_FRAGMENT,
+    DONE
+  };
+
+ public:
+  BeforeFinished13(TlsAgent* client, TlsAgent* server,
+                   VoidFunction before_finished)
+      : client_(client),
+        server_(server),
+        before_finished_(before_finished),
+        records_(0) {}
+
+ protected:
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output) {
+    switch (++records_) {
+      case 1:
+        // Packet 1 is the server's entire first flight.  Drop it.
+        EXPECT_EQ(SECSuccess,
+                  SSLInt_SetMTU(server_->ssl_fd(), input.len() - 1));
+        return DROP;
+
+      // Packet 2 is the first part of the server's retransmitted first
+      // flight.  Keep that.
+
+      case 3:
+        // Packet 3 is the second part of the server's retransmitted first
+        // flight.  Before passing that on, make sure that the client processes
+        // packet 2, then call the before_finished_() callback.
+        client_->Handshake();
+        before_finished_();
+        break;
+
+      default:
+        break;
+    }
+    return KEEP;
+  }
+
+ private:
+  TlsAgent* client_;
+  TlsAgent* server_;
+  VoidFunction before_finished_;
+  size_t records_;
+};
+
+// This test uses an AuthCertificateCallback that blocks.  A filter is used to
+// split the server's first flight into two pieces.  Before the second piece is
+// processed by the client, SSL_AuthCertificateComplete() is called.
+TEST_F(TlsConnectDatagram13, AuthCompleteBeforeFinished) {
+  client_->SetAuthCertificateCallback(
+      [](TlsAgent*, PRBool, PRBool) -> SECStatus { return SECWouldBlock; });
+  server_->SetPacketFilter(new BeforeFinished13(client_, server_, [this]() {
+    EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+  }));
+  Connect();
+}
+
+static void TriggerAuthComplete(PollTarget* target, Event event) {
+  std::cerr << "client: call SSL_AuthCertificateComplete" << std::endl;
+  EXPECT_EQ(TIMER_EVENT, event);
+  TlsAgent* client = static_cast<TlsAgent*>(target);
+  EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client->ssl_fd(), 0));
+}
+
+// This test uses a simple AuthCertificateCallback.  Due to the way that the
+// entire server flight is processed, the call to SSL_AuthCertificateComplete
+// will trigger after the Finished message is processed.
+TEST_F(TlsConnectDatagram13, AuthCompleteAfterFinished) {
+  client_->SetAuthCertificateCallback(
+      [this](TlsAgent*, PRBool, PRBool) -> SECStatus {
+        Poller::Timer* timer_handle;
+        // This is really just to unroll the stack.
+        Poller::Instance()->SetTimer(1U, client_, TriggerAuthComplete,
+                                     &timer_handle);
+        return SECWouldBlock;
+      });
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ClientWriteBetweenCCSAndFinishedWithFalseStart) {
+  client_->EnableFalseStart();
+  server_->SetPacketFilter(new BeforeFinished(
+      client_, server_,
+      [this]() { EXPECT_TRUE(client_->can_falsestart_hook_called()); },
+      [this]() {
+        // Write something, which used to fail: bug 1235366.
+        client_->SendData(10);
+      }));
+
+  Connect();
+  server_->SendData(10);
+  Receive(10);
+}
+
+TEST_P(TlsConnectGenericPre13, AuthCompleteBeforeFinishedWithFalseStart) {
+  client_->EnableFalseStart();
+  client_->SetAuthCertificateCallback(
+      [](TlsAgent*, PRBool, PRBool) -> SECStatus { return SECWouldBlock; });
+  server_->SetPacketFilter(new BeforeFinished(
+      client_, server_,
+      []() {
+        // Do nothing before CCS
+      },
+      [this]() {
+        EXPECT_FALSE(client_->can_falsestart_hook_called());
+        // AuthComplete before Finished still enables false start.
+        EXPECT_EQ(SECSuccess,
+                  SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+        EXPECT_TRUE(client_->can_falsestart_hook_called());
+        client_->SendData(10);
+      }));
+
+  Connect();
+  server_->SendData(10);
+  Receive(10);
+}
+
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Decrypt = {
+    ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Sign = {
+    ssl_auth_rsa_sign, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPss = {
+    ssl_auth_rsa_pss, nullptr, nullptr, nullptr};
+
+// Test RSA cert with usage=[signature, encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1SignAndKEX) {
+  Reset(TlsAgent::kServerRsa);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign, rsa_pss, or rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPss));
+}
+
+// Test RSA cert with usage=[signature].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1Sign) {
+  Reset(TlsAgent::kServerRsaSign);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_sign or rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPss));
+}
+
+// Test RSA cert with usage=[encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1KEX) {
+  Reset(TlsAgent::kServerRsaDecrypt);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_pss should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPss));
+
+  // Configuring for only rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+}
+
+// Test configuring an RSA-PSS cert.
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPss) {
+  Reset(TlsAgent::kServerRsaPss);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                       &ServerCertDataRsaPss));
+}
+}
diff --git a/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc b/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
new file mode 100644
index 0000000..b59c480
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_cert_ext_unittest.cc
@@ -0,0 +1,214 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// Tests for Certificate Transparency (RFC 6962)
+// These don't work with TLS 1.3: see bug 1252745.
+
+// Helper class - stores signed certificate timestamps as provided
+// by the relevant callbacks on the client.
+class SignedCertificateTimestampsExtractor {
+ public:
+  SignedCertificateTimestampsExtractor(TlsAgent* client) {
+    client->SetAuthCertificateCallback(
+        [&](TlsAgent* agent, bool checksig, bool isServer) -> SECStatus {
+          const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+          EXPECT_TRUE(scts);
+          if (!scts) {
+            return SECFailure;
+          }
+          auth_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+          return SECSuccess;
+        });
+    client->SetHandshakeCallback([&](TlsAgent* agent) {
+      const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+      ASSERT_TRUE(scts);
+      handshake_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+    });
+  }
+
+  void assertTimestamps(const DataBuffer& timestamps) {
+    EXPECT_TRUE(auth_timestamps_);
+    EXPECT_EQ(timestamps, *auth_timestamps_);
+
+    EXPECT_TRUE(handshake_timestamps_);
+    EXPECT_EQ(timestamps, *handshake_timestamps_);
+  }
+
+ private:
+  std::unique_ptr<DataBuffer> auth_timestamps_;
+  std::unique_ptr<DataBuffer> handshake_timestamps_;
+};
+
+static const uint8_t kSctValue[] = {0x01, 0x23, 0x45, 0x67, 0x89};
+static const SECItem kSctItem = {siBuffer, const_cast<uint8_t*>(kSctValue),
+                                 sizeof(kSctValue)};
+static const DataBuffer kSctBuffer(kSctValue, sizeof(kSctValue));
+
+// Test timestamps extraction during a successful handshake.
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsHandshake) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+                                                    &kSctItem, ssl_kea_rsa));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+
+  timestamps_extractor.assertTimestamps(kSctBuffer);
+  const SECItem* c_timestamps = SSL_PeerSignedCertTimestamps(client_->ssl_fd());
+  EXPECT_EQ(SECEqual, SECITEM_CompareItem(&kSctItem, c_timestamps));
+}
+
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsConfig) {
+  static const SSLExtraServerCertData kExtraData = {ssl_auth_rsa_sign, nullptr,
+                                                    nullptr, &kSctItem};
+
+  EnsureTlsSetup();
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kExtraData));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+
+  timestamps_extractor.assertTimestamps(kSctBuffer);
+  const SECItem* c_timestamps = SSL_PeerSignedCertTimestamps(client_->ssl_fd());
+  EXPECT_EQ(SECEqual, SECITEM_CompareItem(&kSctItem, c_timestamps));
+}
+
+// Test SSL_PeerSignedCertTimestamps returning zero-length SECItem
+// when the client / the server / both have not enabled the feature.
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsInactiveClient) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+                                                    &kSctItem, ssl_kea_rsa));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsInactiveServer) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsInactiveBoth) {
+  EnsureTlsSetup();
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+// Check that the given agent doesn't have an OCSP response for its peer.
+static SECStatus CheckNoOCSP(TlsAgent* agent, bool checksig, bool isServer) {
+  const SECItemArray* ocsp = SSL_PeerStapledOCSPResponses(agent->ssl_fd());
+  EXPECT_TRUE(ocsp);
+  EXPECT_EQ(0U, ocsp->len);
+  return SECSuccess;
+}
+
+static const uint8_t kOcspValue1[] = {1, 2, 3, 4, 5, 6};
+static const uint8_t kOcspValue2[] = {7, 8, 9};
+static const SECItem kOcspItems[] = {
+    {siBuffer, const_cast<uint8_t*>(kOcspValue1), sizeof(kOcspValue1)},
+    {siBuffer, const_cast<uint8_t*>(kOcspValue2), sizeof(kOcspValue2)}};
+static const SECItemArray kOcspResponses = {const_cast<SECItem*>(kOcspItems),
+                                            PR_ARRAY_SIZE(kOcspItems)};
+const static SSLExtraServerCertData kOcspExtraData = {
+    ssl_auth_rsa_sign, nullptr, &kOcspResponses, nullptr};
+
+TEST_P(TlsConnectGeneric, NoOcsp) {
+  EnsureTlsSetup();
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  Connect();
+}
+
+// The client doesn't get OCSP stapling unless it asks.
+TEST_P(TlsConnectGeneric, OcspNotRequested) {
+  EnsureTlsSetup();
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+  Connect();
+}
+
+// Even if the client asks, the server has nothing unless it is configured.
+TEST_P(TlsConnectGeneric, OcspNotProvided) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, OcspMangled) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+
+  static const uint8_t val[] = {1};
+  auto replacer = new TlsExtensionReplacer(ssl_cert_status_xtn,
+                                           DataBuffer(val, sizeof(val)));
+  server_->SetPacketFilter(replacer);
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+TEST_P(TlsConnectGeneric, OcspSuccess) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  auto capture_ocsp = new TlsExtensionCapture(ssl_cert_status_xtn);
+  server_->SetPacketFilter(capture_ocsp);
+
+  // The value should be available during the AuthCertificateCallback
+  client_->SetAuthCertificateCallback([](TlsAgent* agent, bool checksig,
+                                         bool isServer) -> SECStatus {
+    const SECItemArray* ocsp = SSL_PeerStapledOCSPResponses(agent->ssl_fd());
+    if (!ocsp) {
+      return SECFailure;
+    }
+    EXPECT_EQ(1U, ocsp->len) << "We only provide the first item";
+    EXPECT_EQ(0, SECITEM_CompareItem(&kOcspItems[0], &ocsp->items[0]));
+    return SECSuccess;
+  });
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+
+  Connect();
+  // In TLS 1.3, the server doesn't provide a visible ServerHello extension.
+  // For earlier versions, the extension is just empty.
+  EXPECT_EQ(0U, capture_ocsp->extension().len());
+}
+
+}  // namespace nspr_test
diff --git a/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc b/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
new file mode 100644
index 0000000..579035b
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -0,0 +1,438 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// mode, version, cipher suite
+typedef std::tuple<std::string, uint16_t, uint16_t> CipherSuiteProfile;
+
+class TlsCipherSuiteTestBase : public TlsConnectTestBase {
+ public:
+  TlsCipherSuiteTestBase(std::string mode, uint16_t version,
+                         uint16_t cipher_suite)
+      : TlsConnectTestBase(TlsConnectTestBase::ToMode(mode), version),
+        cipher_suite_(cipher_suite),
+        csinfo_({0}) {
+    SECStatus rv =
+        SSL_GetCipherSuiteInfo(cipher_suite_, &csinfo_, sizeof(csinfo_));
+    EXPECT_EQ(SECSuccess, rv);
+    if (rv == SECSuccess) {
+      std::cerr << "Cipher suite: " << csinfo_.cipherSuiteName << std::endl;
+    }
+  }
+
+ protected:
+  uint16_t cipher_suite_;
+  SSLCipherSuiteInfo csinfo_;
+
+  void SetupCertificate() {
+    switch (csinfo_.authType) {
+      case ssl_auth_rsa_sign:
+        Reset(TlsAgent::kServerRsaSign);
+        break;
+      case ssl_auth_rsa_decrypt:
+        Reset(TlsAgent::kServerRsaDecrypt);
+        break;
+      case ssl_auth_ecdsa:
+        Reset(TlsAgent::kServerEcdsa256);
+        break;
+      case ssl_auth_ecdh_ecdsa:
+        Reset(TlsAgent::kServerEcdhEcdsa);
+        break;
+      case ssl_auth_ecdh_rsa:
+        Reset(TlsAgent::kServerEcdhRsa);
+        break;
+      case ssl_auth_dsa:
+        Reset(TlsAgent::kServerDsa);
+        break;
+      default:
+        ASSERT_TRUE(false) << "Unsupported cipher suite: " << cipher_suite_;
+        break;
+    }
+  }
+
+  void EnableSingleCipher() {
+    EnsureTlsSetup();
+    // It doesn't matter which does this, but the test is better if both do it.
+    client_->EnableSingleCipher(cipher_suite_);
+    server_->EnableSingleCipher(cipher_suite_);
+  }
+
+  void ConnectAndCheckCipherSuite() {
+    Connect();
+    SendReceive();
+
+    // Check that we used the right cipher suite.
+    uint16_t actual;
+    EXPECT_TRUE(client_->cipher_suite(&actual) && actual == cipher_suite_);
+    EXPECT_TRUE(server_->cipher_suite(&actual) && actual == cipher_suite_);
+  }
+};
+
+class TlsCipherSuiteTest
+    : public TlsCipherSuiteTestBase,
+      public ::testing::WithParamInterface<CipherSuiteProfile> {
+ public:
+  TlsCipherSuiteTest()
+      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
+                               std::get<2>(GetParam())) {}
+};
+
+TEST_P(TlsCipherSuiteTest, SingleCipherSuite) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+}
+
+class TlsResumptionTest
+    : public TlsCipherSuiteTestBase,
+      public ::testing::WithParamInterface<CipherSuiteProfile> {
+ public:
+  TlsResumptionTest()
+      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
+                               std::get<2>(GetParam())) {}
+
+  bool SkipIfCipherSuiteIsDSA() {
+    bool isDSA = csinfo_.authType == ssl_auth_dsa;
+    if (isDSA) {
+      std::cerr << "Skipping DSA suite: " << csinfo_.cipherSuiteName
+                << std::endl;
+    }
+    return isDSA;
+  }
+
+  void EnablePskCipherSuite() {
+    SSLKEAType targetKea;
+    switch (csinfo_.keaType) {
+      case ssl_kea_ecdh:
+        targetKea = ssl_kea_ecdh_psk;
+        break;
+      case ssl_kea_dh:
+        targetKea = ssl_kea_dh_psk;
+        break;
+      default:
+        EXPECT_TRUE(false) << "Unsupported KEA type for "
+                           << csinfo_.cipherSuiteName;
+        return;
+    }
+
+    size_t count = SSL_GetNumImplementedCiphers();
+    const uint16_t *ciphers = SSL_GetImplementedCiphers();
+    bool found = false;
+    for (size_t i = 0; i < count; ++i) {
+      SSLCipherSuiteInfo candidateInfo;
+      ASSERT_EQ(SECSuccess, SSL_GetCipherSuiteInfo(ciphers[i], &candidateInfo,
+                                                   sizeof(candidateInfo)));
+      if (candidateInfo.authType == ssl_auth_psk &&
+          candidateInfo.keaType == targetKea &&
+          candidateInfo.symCipher == csinfo_.symCipher &&
+          candidateInfo.macAlgorithm == csinfo_.macAlgorithm) {
+        // We aren't able to check that the PRF hash is the same.  This is OK
+        // because there are (currently) no suites that have different PRF
+        // hashes but also use the same symmetric cipher.
+        EXPECT_EQ(SECSuccess,
+                  SSL_CipherPrefSet(client_->ssl_fd(), ciphers[i], PR_TRUE));
+        EXPECT_EQ(SECSuccess,
+                  SSL_CipherPrefSet(server_->ssl_fd(), ciphers[i], PR_TRUE));
+        found = true;
+      }
+    }
+    EXPECT_TRUE(found) << "Can't find matching PSK cipher for "
+                       << csinfo_.cipherSuiteName;
+  }
+};
+
+TEST_P(TlsResumptionTest, ResumeCipherSuite) {
+  if (SkipIfCipherSuiteIsDSA()) {
+    return;  // Tickets don't work with DSA (bug 1174677).
+  }
+
+  SetupCertificate();  // This is only needed once.
+
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableSingleCipher();
+
+  ConnectAndCheckCipherSuite();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableSingleCipher();
+  // Enable a PSK cipher suite, since EnableSingleCipher() disabled all of them.
+  // On resumption in TLS 1.3, even though a PSK cipher suite is negotiated, the
+  // original cipher suite is reported through the API.  That is what makes this
+  // test work without more tweaks.
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+    EnablePskCipherSuite();
+  }
+
+  ExpectResumption(RESUME_TICKET);
+  ConnectAndCheckCipherSuite();
+}
+
+class TlsCipherLimitTest
+    : public TlsCipherSuiteTestBase,
+      public ::testing::WithParamInterface<CipherSuiteProfile> {
+ public:
+  TlsCipherLimitTest()
+      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
+                               std::get<2>(GetParam())) {}
+
+ protected:
+  // Get the expected limit on the number of records that can be sent for the
+  // cipher suite.
+  uint64_t record_limit() const {
+    switch (csinfo_.symCipher) {
+      case ssl_calg_rc4:
+      case ssl_calg_3des:
+        return 1ULL << 20;
+      case ssl_calg_aes:
+      case ssl_calg_aes_gcm:
+        return 0x5aULL << 28;
+      case ssl_calg_null:
+      case ssl_calg_chacha20:
+        return (1ULL << 48) - 1;
+      case ssl_calg_rc2:
+      case ssl_calg_des:
+      case ssl_calg_idea:
+      case ssl_calg_fortezza:
+      case ssl_calg_camellia:
+      case ssl_calg_seed:
+        break;
+    }
+    EXPECT_TRUE(false) << "No limit for " << csinfo_.cipherSuiteName;
+    return 1ULL < 48;
+  }
+
+  uint64_t last_safe_write() const {
+    uint64_t limit = record_limit() - 1;
+    if (version_ < SSL_LIBRARY_VERSION_TLS_1_1 &&
+        (csinfo_.symCipher == ssl_calg_3des ||
+         csinfo_.symCipher == ssl_calg_aes)) {
+      // 1/n-1 record splitting needs space for two records.
+      limit--;
+    }
+    return limit;
+  }
+};
+
+// This only works for stream ciphers because we modify the sequence number -
+// which is included explicitly in the DTLS record header - and that trips a
+// different error code.  Note that the message that the client sends would not
+// decrypt (the nonce/IV wouldn't match), but the record limit is hit before
+// attempting to decrypt a record.
+TEST_P(TlsCipherLimitTest, ReadLimit) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last_safe_write()));
+
+  client_->SendData(10, 10);
+  server_->ReadBytes();  // This should be OK.
+
+  // The payload needs to be big enough to pass for encrypted.  In the extreme
+  // case (TLS 1.3), this means 1 for payload, 1 for content type and 16 for
+  // authentication tag.
+  static const uint8_t payload[18] = {6};
+  DataBuffer record;
+  uint64_t epoch = 0;
+  if (mode_ == DGRAM) {
+    epoch++;
+    if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+      epoch++;
+    }
+  }
+  TlsAgentTestBase::MakeRecord(mode_, kTlsApplicationDataType, version_,
+                               payload, sizeof(payload), &record,
+                               (epoch << 48) | record_limit());
+  server_->adapter()->PacketReceived(record);
+  server_->ExpectReadWriteError();
+  server_->ReadBytes();
+  EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, server_->error_code());
+}
+
+TEST_P(TlsCipherLimitTest, WriteLimit) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
+  client_->SendData(10, 10);
+  client_->ExpectReadWriteError();
+  client_->SendData(10, 10);
+  EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, client_->error_code());
+}
+
+// This awful macro makes the test instantiations easier to read.
+#define INSTANTIATE_CIPHER_TEST_P(name, modes, versions, ...)      \
+  static const uint16_t k##name##CiphersArr[] = {__VA_ARGS__};     \
+  static const ::testing::internal::ParamGenerator<uint16_t>       \
+      k##name##Ciphers = ::testing::ValuesIn(k##name##CiphersArr); \
+  INSTANTIATE_TEST_CASE_P(                                         \
+      CipherSuite##name, TlsCipherSuiteTest,                       \
+      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,     \
+                         TlsConnectTestBase::kTls##versions,       \
+                         k##name##Ciphers));                       \
+  INSTANTIATE_TEST_CASE_P(                                         \
+      Resume##name, TlsResumptionTest,                             \
+      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,     \
+                         TlsConnectTestBase::kTls##versions,       \
+                         k##name##Ciphers));                       \
+  INSTANTIATE_TEST_CASE_P(                                         \
+      Limit##name, TlsCipherLimitTest,                             \
+      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,     \
+                         TlsConnectTestBase::kTls##versions,       \
+                         k##name##Ciphers))
+
+INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, TLS_RSA_WITH_RC4_128_SHA,
+                          TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+                          TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+                          TLS_ECDH_RSA_WITH_RC4_128_SHA,
+                          TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V12, TLS_RSA_WITH_AES_128_GCM_SHA256,
+                          TLS_RSA_WITH_AES_256_GCM_SHA384,
+                          TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+                          TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+                          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+                          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
+INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12Plus,
+                          TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+                          TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+                          TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+                          TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+                          TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+                          TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+                          TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+                          TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+                          TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+INSTANTIATE_CIPHER_TEST_P(CBC12, All, V12, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+                          TLS_RSA_WITH_AES_256_CBC_SHA256,
+                          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+                          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+                          TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+                          TLS_RSA_WITH_AES_128_CBC_SHA256,
+                          TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+                          TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+INSTANTIATE_CIPHER_TEST_P(
+    CBCStream, Stream, V10ToV12, TLS_ECDH_ECDSA_WITH_NULL_SHA,
+    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_NULL_SHA,
+    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA,
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+INSTANTIATE_CIPHER_TEST_P(
+    CBCDatagram, Datagram, V11V12, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+
+// Fields are: version, cipher suite, bulk cipher name, secretKeySize
+struct SecStatusParams {
+  uint16_t version;
+  uint16_t cipher_suite;
+  std::string name;
+  int keySize;
+};
+
+inline std::ostream &operator<<(std::ostream &stream,
+                                const SecStatusParams &vals) {
+  SSLCipherSuiteInfo csinfo;
+  SECStatus rv =
+      SSL_GetCipherSuiteInfo(vals.cipher_suite, &csinfo, sizeof(csinfo));
+  if (rv != SECSuccess) {
+    return stream << "Error invoking SSL_GetCipherSuiteInfo()";
+  }
+
+  return stream << "TLS " << VersionString(vals.version) << ", "
+                << csinfo.cipherSuiteName << ", name = \"" << vals.name
+                << "\", key size = " << vals.keySize;
+}
+
+class SecurityStatusTest
+    : public TlsCipherSuiteTestBase,
+      public ::testing::WithParamInterface<SecStatusParams> {
+ public:
+  SecurityStatusTest()
+      : TlsCipherSuiteTestBase("TLS", GetParam().version,
+                               GetParam().cipher_suite) {}
+};
+
+// SSL_SecurityStatus produces fairly useless output when compared to
+// SSL_GetCipherSuiteInfo and SSL_GetChannelInfo, but we can't break it, so we
+// need to check it.
+TEST_P(SecurityStatusTest, CheckSecurityStatus) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+
+  int on;
+  char *cipher;
+  int keySize;
+  int secretKeySize;
+  char *issuer;
+  char *subject;
+  EXPECT_EQ(SECSuccess,
+            SSL_SecurityStatus(client_->ssl_fd(), &on, &cipher, &keySize,
+                               &secretKeySize, &issuer, &subject));
+  if (std::string(cipher) == "NULL") {
+    EXPECT_EQ(0, on);
+  } else {
+    EXPECT_NE(0, on);
+  }
+  EXPECT_EQ(GetParam().name, std::string(cipher));
+  // All the ciphers we support have secret key size == key size.
+  EXPECT_EQ(GetParam().keySize, keySize);
+  EXPECT_EQ(GetParam().keySize, secretKeySize);
+  EXPECT_LT(0U, strlen(issuer));
+  EXPECT_LT(0U, strlen(subject));
+
+  PORT_Free(cipher);
+  PORT_Free(issuer);
+  PORT_Free(subject);
+}
+
+static const SecStatusParams kSecStatusTestValuesArr[] = {
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_ECDHE_RSA_WITH_NULL_SHA, "NULL", 0},
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_RSA_WITH_RC4_128_SHA, "RC4", 128},
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+     "3DES-EDE-CBC", 168},
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_RSA_WITH_AES_128_CBC_SHA, "AES-128", 128},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_256_CBC_SHA256, "AES-256",
+     256},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_128_GCM_SHA256,
+     "AES-128-GCM", 128},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_256_GCM_SHA384,
+     "AES-256-GCM", 256},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+     "ChaCha20-Poly1305", 256}};
+INSTANTIATE_TEST_CASE_P(TestSecurityStatus, SecurityStatusTest,
+                        ::testing::ValuesIn(kSecStatusTestValuesArr));
+
+}  // namespace nspr_test
diff --git a/nss/external_tests/ssl_gtest/ssl_damage_unittest.cc b/nss/external_tests/ssl_gtest/ssl_damage_unittest.cc
new file mode 100644
index 0000000..98ed01a
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_damage_unittest.cc
@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->StartConnect();
+  client_->StartConnect();
+  client_->Handshake();
+  server_->Handshake();
+  std::cerr << "Damaging HS secret\n";
+  SSLInt_DamageHsTrafficSecret(server_->ssl_fd());
+  client_->Handshake();
+  server_->Handshake();
+  // The client thinks it has connected.
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetPacketFilter(new AfterRecordN(
+      server_, client_,
+      0,  // ServerHello.
+      [this]() { SSLInt_DamageHsTrafficSecret(client_->ssl_fd()); }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+}
+
+}  // namespace nspr_test
diff --git a/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc b/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
new file mode 100644
index 0000000..b4b817e
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
@@ -0,0 +1,520 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include <set>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGeneric, ConnectDhe) {
+  EnableOnlyDheCiphers();
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+}
+
+TEST_P(TlsConnectTls13, SharesForBothEcdheAndDhe) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+  client_->EnableCiphersByKeyExchange(ssl_kea_dh);
+
+  auto groups_capture = new TlsExtensionCapture(ssl_supported_groups_xtn);
+  auto shares_capture = new TlsExtensionCapture(ssl_tls13_key_share_xtn);
+  std::vector<PacketFilter*> captures;
+  captures.push_back(groups_capture);
+  captures.push_back(shares_capture);
+  client_->SetPacketFilter(new ChainedPacketFilter(captures));
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  bool ec, dh;
+  auto track_group_type = [&ec, &dh](SSLNamedGroup group) {
+    if ((group & 0xff00U) == 0x100U) {
+      dh = true;
+    } else {
+      ec = true;
+    }
+  };
+  CheckGroups(groups_capture->extension(), track_group_type);
+  CheckShares(shares_capture->extension(), track_group_type);
+  EXPECT_TRUE(ec) << "Should include an EC group and share";
+  EXPECT_TRUE(dh) << "Should include an FFDHE group and share";
+}
+
+TEST_P(TlsConnectTls13, NoDheOnEcdheConnections) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  auto groups_capture = new TlsExtensionCapture(ssl_supported_groups_xtn);
+  auto shares_capture = new TlsExtensionCapture(ssl_tls13_key_share_xtn);
+  std::vector<PacketFilter*> captures;
+  captures.push_back(groups_capture);
+  captures.push_back(shares_capture);
+  client_->SetPacketFilter(new ChainedPacketFilter(captures));
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  auto is_ecc = [](SSLNamedGroup group) { EXPECT_NE(0x100U, group & 0xff00U); };
+  CheckGroups(groups_capture->extension(), is_ecc);
+  CheckShares(shares_capture->extension(), is_ecc);
+}
+
+TEST_P(TlsConnectGeneric, ConnectFfdheClient) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  auto groups_capture = new TlsExtensionCapture(ssl_supported_groups_xtn);
+  auto shares_capture = new TlsExtensionCapture(ssl_tls13_key_share_xtn);
+  std::vector<PacketFilter*> captures;
+  captures.push_back(groups_capture);
+  captures.push_back(shares_capture);
+  client_->SetPacketFilter(new ChainedPacketFilter(captures));
+
+  Connect();
+
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+  auto is_ffdhe = [](SSLNamedGroup group) {
+    // The group has to be in this range.
+    EXPECT_LE(ssl_grp_ffdhe_2048, group);
+    EXPECT_GE(ssl_grp_ffdhe_8192, group);
+  };
+  CheckGroups(groups_capture->extension(), is_ffdhe);
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+    CheckShares(shares_capture->extension(), is_ffdhe);
+  } else {
+    EXPECT_EQ(0U, shares_capture->extension().len());
+  }
+}
+
+// Requiring the FFDHE extension on the server alone means that clients won't be
+// able to connect using a DHE suite.  They should still connect in TLS 1.3,
+// because the client automatically sends the supported groups extension.
+TEST_P(TlsConnectGenericPre13, ConnectFfdheServer) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    Connect();
+    CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+  } else {
+    ConnectExpectFail();
+    client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+    server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  }
+}
+
+class TlsDheServerKeyExchangeDamager : public TlsHandshakeFilter {
+ public:
+  TlsDheServerKeyExchangeDamager() {}
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    // Damage the first octet of dh_p.  Anything other than the known prime will
+    // be rejected as "weak" when we have SSL_REQUIRE_DH_NAMED_GROUPS enabled.
+    *output = input;
+    output->data()[3] ^= 73;
+    return CHANGE;
+  }
+};
+
+// Changing the prime in the server's key share results in an error.  This will
+// invalidate the signature over the ServerKeyShare. That's ok, NSS won't check
+// the signature until everything else has been checked.
+TEST_P(TlsConnectGenericPre13, DamageServerKeyShare) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  server_->SetPacketFilter(new TlsDheServerKeyExchangeDamager());
+
+  ConnectExpectFail();
+
+  client_->CheckErrorCode(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+class TlsDheSkeChangeY : public TlsHandshakeFilter {
+ public:
+  enum ChangeYTo {
+    kYZero,
+    kYOne,
+    kYPMinusOne,
+    kYGreaterThanP,
+    kYTooLarge,
+    kYZeroPad
+  };
+
+  TlsDheSkeChangeY(ChangeYTo change) : change_Y_(change) {}
+
+ protected:
+  void ChangeY(const DataBuffer& input, DataBuffer* output, size_t offset,
+               const DataBuffer& prime) {
+    static const uint8_t kExtraZero = 0;
+    static const uint8_t kTooLargeExtra = 1;
+
+    uint32_t dh_Ys_len;
+    EXPECT_TRUE(input.Read(offset, 2, &dh_Ys_len));
+    EXPECT_LT(offset + dh_Ys_len, input.len());
+    offset += 2;
+
+    // This isn't generally true, but our code pads.
+    EXPECT_EQ(prime.len(), dh_Ys_len)
+        << "Length of dh_Ys must equal length of dh_p";
+
+    *output = input;
+    switch (change_Y_) {
+      case kYZero:
+        memset(output->data() + offset, 0, prime.len());
+        break;
+
+      case kYOne:
+        memset(output->data() + offset, 0, prime.len() - 1);
+        output->Write(offset + prime.len() - 1, 1U, 1);
+        break;
+
+      case kYPMinusOne:
+        output->Write(offset, prime);
+        EXPECT_TRUE(output->data()[offset + prime.len() - 1] & 0x01)
+            << "P must at least be odd";
+        --output->data()[offset + prime.len() - 1];
+        break;
+
+      case kYGreaterThanP:
+        // Set the first 32 octets of Y to 0xff, except the first which we set
+        // to p[0].  This will make Y > p.  That is, unless p is Mersenne, or
+        // improbably large (but still the same bit length).  We currently only
+        // use a fixed prime that isn't a problem for this code.
+        EXPECT_LT(0, prime.data()[0]) << "dh_p should not be zero-padded";
+        offset = output->Write(offset, prime.data()[0], 1);
+        memset(output->data() + offset, 0xff, 31);
+        break;
+
+      case kYTooLarge:
+        // Increase the dh_Ys length.
+        output->Write(offset - 2, prime.len() + sizeof(kTooLargeExtra), 2);
+        // Then insert the octet.
+        output->Splice(&kTooLargeExtra, sizeof(kTooLargeExtra), offset);
+        break;
+
+      case kYZeroPad:
+        output->Write(offset - 2, prime.len() + sizeof(kExtraZero), 2);
+        output->Splice(&kExtraZero, sizeof(kExtraZero), offset);
+        break;
+    }
+  }
+
+ private:
+  ChangeYTo change_Y_;
+};
+
+class TlsDheSkeChangeYServer : public TlsDheSkeChangeY {
+ public:
+  TlsDheSkeChangeYServer(ChangeYTo change, bool modify)
+      : TlsDheSkeChangeY(change), modify_(modify), p_() {}
+
+  const DataBuffer& prime() const { return p_; }
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    size_t offset = 2;
+    // Read dh_p
+    uint32_t dh_len = 0;
+    EXPECT_TRUE(input.Read(0, 2, &dh_len));
+    EXPECT_GT(input.len(), offset + dh_len);
+    p_.Assign(input.data() + offset, dh_len);
+    offset += dh_len;
+
+    // Skip dh_g to find dh_Ys
+    EXPECT_TRUE(input.Read(offset, 2, &dh_len));
+    offset += 2 + dh_len;
+
+    if (modify_) {
+      ChangeY(input, output, offset, p_);
+      return CHANGE;
+    }
+    return KEEP;
+  }
+
+ private:
+  bool modify_;
+  DataBuffer p_;
+};
+
+class TlsDheSkeChangeYClient : public TlsDheSkeChangeY {
+ public:
+  TlsDheSkeChangeYClient(ChangeYTo change,
+                         const TlsDheSkeChangeYServer* server_filter)
+      : TlsDheSkeChangeY(change), server_filter_(server_filter) {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeClientKeyExchange) {
+      return KEEP;
+    }
+
+    ChangeY(input, output, 0, server_filter_->prime());
+    return CHANGE;
+  }
+
+ private:
+  const TlsDheSkeChangeYServer* server_filter_;
+};
+
+/* This matrix includes: mode (stream/datagram), TLS version, what change to
+ * make to dh_Ys, whether the client will be configured to require DH named
+ * groups.  Test all combinations. */
+typedef std::tuple<std::string, uint16_t, TlsDheSkeChangeY::ChangeYTo, bool>
+    DamageDHYProfile;
+class TlsDamageDHYTest
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<DamageDHYProfile> {
+ public:
+  TlsDamageDHYTest()
+      : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
+                           std::get<1>(GetParam())) {}
+};
+
+TEST_P(TlsDamageDHYTest, DamageServerY) {
+  EnableOnlyDheCiphers();
+  if (std::get<3>(GetParam())) {
+    EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                        SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  }
+  TlsDheSkeChangeY::ChangeYTo change = std::get<2>(GetParam());
+  server_->SetPacketFilter(new TlsDheSkeChangeYServer(change, true));
+
+  ConnectExpectFail();
+  if (change == TlsDheSkeChangeY::kYZeroPad) {
+    // Zero padding Y only manifests in a signature failure.
+    // In TLS 1.0 and 1.1, the client reports a device error.
+    if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
+      client_->CheckErrorCode(SEC_ERROR_PKCS11_DEVICE_ERROR);
+    } else {
+      client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+    }
+    server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  }
+}
+
+TEST_P(TlsDamageDHYTest, DamageClientY) {
+  EnableOnlyDheCiphers();
+  if (std::get<3>(GetParam())) {
+    EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                        SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  }
+  // The filter on the server is required to capture the prime.
+  TlsDheSkeChangeYServer* server_filter =
+      new TlsDheSkeChangeYServer(TlsDheSkeChangeY::kYZero, false);
+  server_->SetPacketFilter(server_filter);
+
+  // The client filter does the damage.
+  TlsDheSkeChangeY::ChangeYTo change = std::get<2>(GetParam());
+  client_->SetPacketFilter(new TlsDheSkeChangeYClient(change, server_filter));
+
+  ConnectExpectFail();
+  if (change == TlsDheSkeChangeY::kYZeroPad) {
+    // Zero padding Y only manifests in a finished error.
+    client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+  }
+}
+
+static const TlsDheSkeChangeY::ChangeYTo kAllYArr[] = {
+    TlsDheSkeChangeY::kYZero,      TlsDheSkeChangeY::kYOne,
+    TlsDheSkeChangeY::kYPMinusOne, TlsDheSkeChangeY::kYGreaterThanP,
+    TlsDheSkeChangeY::kYTooLarge,  TlsDheSkeChangeY::kYZeroPad};
+static ::testing::internal::ParamGenerator<TlsDheSkeChangeY::ChangeYTo> kAllY =
+    ::testing::ValuesIn(kAllYArr);
+static const bool kTrueFalseArr[] = {true, false};
+static ::testing::internal::ParamGenerator<bool> kTrueFalse =
+    ::testing::ValuesIn(kTrueFalseArr);
+
+INSTANTIATE_TEST_CASE_P(DamageYStream, TlsDamageDHYTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10ToV12,
+                                           kAllY, kTrueFalse));
+INSTANTIATE_TEST_CASE_P(
+    DamageYDatagram, TlsDamageDHYTest,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11V12, kAllY, kTrueFalse));
+
+class TlsDheSkeMakePEven : public TlsHandshakeFilter {
+ public:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    // Find the end of dh_p
+    uint32_t dh_len = 0;
+    EXPECT_TRUE(input.Read(0, 2, &dh_len));
+    EXPECT_GT(input.len(), 2 + dh_len) << "enough space for dh_p";
+    size_t offset = 2 + dh_len - 1;
+    EXPECT_TRUE((input.data()[offset] & 0x01) == 0x01) << "p should be odd";
+
+    *output = input;
+    output->data()[offset] &= 0xfe;
+
+    return CHANGE;
+  }
+};
+
+// Even without requiring named groups, an even value for p is bad news.
+TEST_P(TlsConnectGenericPre13, MakeDhePEven) {
+  EnableOnlyDheCiphers();
+  server_->SetPacketFilter(new TlsDheSkeMakePEven());
+
+  ConnectExpectFail();
+
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+class TlsDheSkeZeroPadP : public TlsHandshakeFilter {
+ public:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    *output = input;
+    uint32_t dh_len = 0;
+    EXPECT_TRUE(input.Read(0, 2, &dh_len));
+    static const uint8_t kZeroPad = 0;
+    output->Write(0, dh_len + sizeof(kZeroPad), 2);  // increment the length
+    output->Splice(&kZeroPad, sizeof(kZeroPad), 2);  // insert a zero
+
+    return CHANGE;
+  }
+};
+
+// Zero padding only causes signature failure.
+TEST_P(TlsConnectGenericPre13, PadDheP) {
+  EnableOnlyDheCiphers();
+  server_->SetPacketFilter(new TlsDheSkeZeroPadP());
+
+  ConnectExpectFail();
+
+  // In TLS 1.0 and 1.1, the client reports a device error.
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
+    client_->CheckErrorCode(SEC_ERROR_PKCS11_DEVICE_ERROR);
+  } else {
+    client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+  }
+  server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+// The server should not pick the weak DH group if the client includes FFDHE
+// named groups in the supported_groups extension. The server then picks a
+// commonly-supported named DH group and this connects.
+//
+// Note: This test case can take ages to generate the weak DH key.
+TEST_P(TlsConnectGenericPre13, WeakDHGroup) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  EXPECT_EQ(SECSuccess,
+            SSL_EnableWeakDHEPrimeGroup(server_->ssl_fd(), PR_TRUE));
+
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, Ffdhe3072) {
+  EnableOnlyDheCiphers();
+  SSLNamedGroup groups[] = {ssl_grp_ffdhe_3072};
+  client_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, PreferredFfdhe) {
+  EnableOnlyDheCiphers();
+  static const SSLDHEGroupType groups[] = {ssl_ff_dhe_3072_group,
+                                           ssl_ff_dhe_2048_group};
+  EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), groups,
+                                            PR_ARRAY_SIZE(groups)));
+
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign, 3072);
+}
+
+TEST_P(TlsConnectGenericPre13, MismatchDHE) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  static const SSLDHEGroupType serverGroups[] = {ssl_ff_dhe_3072_group};
+  EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), serverGroups,
+                                            PR_ARRAY_SIZE(serverGroups)));
+  static const SSLDHEGroupType clientGroups[] = {ssl_ff_dhe_2048_group};
+  EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(client_->ssl_fd(), clientGroups,
+                                            PR_ARRAY_SIZE(clientGroups)));
+
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectTls13, ResumeFfdhe) {
+  EnableOnlyDheCiphers();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableOnlyDheCiphers();
+  TlsExtensionCapture* clientCapture =
+      new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(clientCapture);
+  TlsExtensionCapture* serverCapture =
+      new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
+  server_->SetPacketFilter(serverCapture);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+  ASSERT_LT(0UL, clientCapture->extension().len());
+  ASSERT_LT(0UL, serverCapture->extension().len());
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_drop_unittest.cc b/nss/external_tests/ssl_gtest/ssl_drop_unittest.cc
new file mode 100644
index 0000000..b3649a6
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_drop_unittest.cc
@@ -0,0 +1,113 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectDatagram, DropClientFirstFlightOnce) {
+  client_->SetPacketFilter(new SelectiveDropFilter(0x1));
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectDatagram, DropServerFirstFlightOnce) {
+  server_->SetPacketFilter(new SelectiveDropFilter(0x1));
+  Connect();
+  SendReceive();
+}
+
+// This drops the first transmission from both the client and server of all
+// flights that they send.  Note: In DTLS 1.3, the shorter handshake means that
+// this will also drop some application data, so we can't call SendReceive().
+TEST_P(TlsConnectDatagram, DropAllFirstTransmissions) {
+  client_->SetPacketFilter(new SelectiveDropFilter(0x15));
+  server_->SetPacketFilter(new SelectiveDropFilter(0x5));
+  Connect();
+}
+
+// This drops the server's first flight three times.
+TEST_P(TlsConnectDatagram, DropServerFirstFlightThrice) {
+  server_->SetPacketFilter(new SelectiveDropFilter(0x7));
+  Connect();
+}
+
+// This drops the client's second flight once
+TEST_P(TlsConnectDatagram, DropClientSecondFlightOnce) {
+  client_->SetPacketFilter(new SelectiveDropFilter(0x2));
+  Connect();
+}
+
+// This drops the client's second flight three times.
+TEST_P(TlsConnectDatagram, DropClientSecondFlightThrice) {
+  client_->SetPacketFilter(new SelectiveDropFilter(0xe));
+  Connect();
+}
+
+// This drops the server's second flight three times.
+TEST_P(TlsConnectDatagram, DropServerSecondFlightThrice) {
+  server_->SetPacketFilter(new SelectiveDropFilter(0xe));
+  Connect();
+}
+
+// This simulates a huge number of drops on one side.
+TEST_P(TlsConnectDatagram, MissLotsOfPackets) {
+  uint16_t cipher = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
+  uint64_t limit = (1ULL << 48) - 1;
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
+    cipher = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
+    limit = 0x5aULL << 28;
+  }
+  EnsureTlsSetup();
+  server_->EnableSingleCipher(cipher);
+  Connect();
+
+  // Note that the limit for ChaCha is 2^48-1.
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), limit - 10));
+  SendReceive();
+}
+
+class TlsConnectDatagram12Plus : public TlsConnectDatagram {
+ public:
+  TlsConnectDatagram12Plus() : TlsConnectDatagram() {}
+};
+
+// This simulates missing a window's worth of packets.
+TEST_P(TlsConnectDatagram12Plus, MissAWindow) {
+  EnsureTlsSetup();
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+  Connect();
+
+  EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 0));
+  SendReceive();
+}
+
+TEST_P(TlsConnectDatagram12Plus, MissAWindowAndOne) {
+  EnsureTlsSetup();
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+  Connect();
+
+  EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 1));
+  SendReceive();
+}
+
+INSTANTIATE_TEST_CASE_P(Datagram12Plus, TlsConnectDatagram12Plus,
+                        TlsConnectTestBase::kTlsV12Plus);
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc b/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
new file mode 100644
index 0000000..af0fbe2
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_ecdh_unittest.cc
@@ -0,0 +1,343 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGenericPre13, ConnectEcdh) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Reset(TlsAgent::kServerEcdhEcdsa);
+  DisableAllCiphers();
+  EnableSomeEcdhCiphers();
+
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdh_ecdsa);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectEcdhWithoutDisablingSuites) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Reset(TlsAgent::kServerEcdhEcdsa);
+  EnableSomeEcdhCiphers();
+
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdh_ecdsa);
+}
+
+TEST_P(TlsConnectGeneric, ConnectEcdhe) {
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+// If we pick a 256-bit cipher suite and use a P-384 certificate, the server
+// should choose P-384 for key exchange too.  Only valid for TLS >=1.2 because
+// we don't have 256-bit ciphers before then.
+TEST_P(TlsConnectTls12Plus, ConnectEcdheP384) {
+  Reset(TlsAgent::kServerEcdsa384);
+  ConnectWithCipherSuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa, 384);
+}
+
+TEST_P(TlsConnectGeneric, ConnectEcdheP384Client) {
+  EnsureTlsSetup();
+  const SSLNamedGroup groups[] = {ssl_grp_ec_secp384r1, ssl_grp_ffdhe_2048};
+  client_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  server_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+}
+
+// This causes a HelloRetryRequest in TLS 1.3.  Earlier versions don't care.
+TEST_P(TlsConnectGeneric, ConnectEcdheP384Server) {
+  EnsureTlsSetup();
+  auto hrr_capture =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeHelloRetryRequest);
+  server_->SetPacketFilter(hrr_capture);
+  const SSLNamedGroup groups[] = {ssl_grp_ec_secp384r1};
+  server_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+  EXPECT_EQ(version_ == SSL_LIBRARY_VERSION_TLS_1_3,
+            hrr_capture->buffer().len() != 0);
+}
+
+// This enables only P-256 on the client and disables it on the server.
+// This test will fail when we add other groups that identify as ECDHE.
+TEST_P(TlsConnectGeneric, ConnectEcdheGroupMismatch) {
+  EnsureTlsSetup();
+  const SSLNamedGroup clientGroups[] = {ssl_grp_ec_secp256r1,
+                                        ssl_grp_ffdhe_2048};
+  const SSLNamedGroup serverGroups[] = {ssl_grp_ffdhe_2048};
+  client_->ConfigNamedGroups(clientGroups, PR_ARRAY_SIZE(clientGroups));
+  server_->ConfigNamedGroups(serverGroups, PR_ARRAY_SIZE(serverGroups));
+
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+}
+
+class TlsKeyExchangeTest : public TlsConnectGeneric {
+ protected:
+  TlsExtensionCapture *groups_capture_;
+  TlsExtensionCapture *shares_capture_;
+  TlsInspectorRecordHandshakeMessage *capture_hrr_;
+
+  void EnsureKeyShareSetup(const SSLNamedGroup *groups, size_t num) {
+    EnsureTlsSetup();
+    groups_capture_ = new TlsExtensionCapture(ssl_supported_groups_xtn);
+    shares_capture_ = new TlsExtensionCapture(ssl_tls13_key_share_xtn);
+    std::vector<PacketFilter *> captures;
+    captures.push_back(groups_capture_);
+    captures.push_back(shares_capture_);
+    client_->SetPacketFilter(new ChainedPacketFilter(captures));
+    capture_hrr_ =
+        new TlsInspectorRecordHandshakeMessage(kTlsHandshakeHelloRetryRequest);
+    server_->SetPacketFilter(capture_hrr_);
+
+    if (groups) {
+      client_->ConfigNamedGroups(groups, num);
+      server_->ConfigNamedGroups(groups, num);
+    }
+  }
+
+  std::vector<SSLNamedGroup> GetGroupDetails(const DataBuffer &ext) {
+    uint32_t tmp = 0;
+    EXPECT_TRUE(ext.Read(0, 2, &tmp));
+    EXPECT_EQ(ext.len() - 2, static_cast<size_t>(tmp));
+    EXPECT_TRUE(ext.len() % 2 == 0);
+    std::vector<SSLNamedGroup> groups;
+    for (size_t i = 1; i < ext.len() / 2; i += 1) {
+      EXPECT_TRUE(ext.Read(2 * i, 2, &tmp));
+      groups.push_back(static_cast<SSLNamedGroup>(tmp));
+    }
+    return groups;
+  }
+
+  std::vector<SSLNamedGroup> GetShareDetails(const DataBuffer &ext) {
+    uint32_t tmp = 0;
+    EXPECT_TRUE(ext.Read(0, 2, &tmp));
+    EXPECT_EQ(ext.len() - 2, static_cast<size_t>(tmp));
+    std::vector<SSLNamedGroup> shares;
+    size_t i = 2;
+    while (i < ext.len()) {
+      EXPECT_TRUE(ext.Read(i, 2, &tmp));
+      shares.push_back(static_cast<SSLNamedGroup>(tmp));
+      EXPECT_TRUE(ext.Read(i + 2, 2, &tmp));
+      i += 4 + tmp;
+    }
+    EXPECT_EQ(ext.len(), i);
+    return shares;
+  }
+
+  void CheckKEXDetails(std::vector<SSLNamedGroup> expectedGroups,
+                       std::vector<SSLNamedGroup> expectedShares) {
+    std::vector<SSLNamedGroup> groups =
+        GetGroupDetails(groups_capture_->extension());
+    EXPECT_EQ(expectedGroups, groups);
+
+    if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+      ASSERT_TRUE(expectedShares.size());
+      std::vector<SSLNamedGroup> shares =
+          GetShareDetails(shares_capture_->extension());
+      EXPECT_EQ(expectedShares, shares);
+    } else {
+      EXPECT_EQ(0U, shares_capture_->extension().len());
+    }
+
+    EXPECT_EQ(0U, capture_hrr_->buffer().len())
+        << "we didn't expect a hello retry request.";
+  }
+};
+
+TEST_P(TlsKeyExchangeTest, P384Priority) {
+  /* P256, P384 and P521 are enabled. Both prefer P384. */
+  const SSLNamedGroup groups[] = {ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1,
+                                  ssl_grp_ec_secp521r1};
+  EnsureKeyShareSetup(groups, PR_ARRAY_SIZE(groups));
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+
+  std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
+  std::vector<SSLNamedGroup> expected_groups(groups,
+                                             groups + PR_ARRAY_SIZE(groups));
+  CheckKEXDetails(expected_groups, shares);
+}
+
+TEST_P(TlsKeyExchangeTest, DuplicateGroupConfig) {
+  const SSLNamedGroup groups[] = {ssl_grp_ec_secp384r1, ssl_grp_ec_secp384r1,
+                                  ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1,
+                                  ssl_grp_ec_secp256r1};
+  EnsureKeyShareSetup(groups, PR_ARRAY_SIZE(groups));
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+
+  std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
+  std::vector<SSLNamedGroup> expectedGroups = {ssl_grp_ec_secp384r1,
+                                               ssl_grp_ec_secp256r1};
+  CheckKEXDetails(expectedGroups, shares);
+}
+
+TEST_P(TlsKeyExchangeTest, P384PriorityDHEnabled) {
+  /* P256, P384,  P521, and FFDHE2048 are enabled. Both prefer P384. */
+  const SSLNamedGroup groups[] = {ssl_grp_ec_secp384r1, ssl_grp_ffdhe_2048,
+                                  ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+  EnsureKeyShareSetup(groups, PR_ARRAY_SIZE(groups));
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
+    std::vector<SSLNamedGroup> expected_groups(groups,
+                                               groups + PR_ARRAY_SIZE(groups));
+    CheckKEXDetails(expected_groups, shares);
+  } else {
+    std::vector<SSLNamedGroup> oldtlsgroups = {
+        ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+    CheckKEXDetails(oldtlsgroups, std::vector<SSLNamedGroup>());
+  }
+}
+
+TEST_P(TlsConnectGenericPre13, P384PriorityOnServer) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  /* The server prefers P384. It has to win. */
+  const SSLNamedGroup serverGroups[] = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(serverGroups, PR_ARRAY_SIZE(serverGroups));
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+}
+
+TEST_P(TlsConnectGenericPre13, P384PriorityFromModelSocket) {
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+  // We can't run this test with a model socket and more than suite B.
+  return;
+#endif
+  EnsureModelSockets();
+
+  /* Both prefer P384, set on the model socket. */
+  const SSLNamedGroup groups[] = {ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1,
+                                  ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048};
+  client_model_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  server_model_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+}
+
+TEST_P(TlsConnectStreamPre13, ConfiguredGroupsRenegotiate) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  const SSLNamedGroup serverGroups[] = {ssl_grp_ec_secp256r1,
+                                        ssl_grp_ec_secp384r1};
+  const SSLNamedGroup clientGroups[] = {ssl_grp_ec_secp384r1};
+  server_->ConfigNamedGroups(clientGroups, PR_ARRAY_SIZE(clientGroups));
+  client_->ConfigNamedGroups(serverGroups, PR_ARRAY_SIZE(serverGroups));
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+  CheckConnected();
+
+  // The renegotiation has to use the same preferences as the original session.
+  server_->PrepareForRenegotiate();
+  client_->StartRenegotiate();
+  Handshake();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign, 384);
+}
+
+// Replace the point in the client key exchange message with an empty one
+class ECCClientKEXFilter : public TlsHandshakeFilter {
+ public:
+  ECCClientKEXFilter() {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
+                                               const DataBuffer &input,
+                                               DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeClientKeyExchange) {
+      return KEEP;
+    }
+
+    // Replace the client key exchange message with an empty point
+    output->Allocate(1);
+    output->Write(0, 0U, 1);  // set point length 0
+    return CHANGE;
+  }
+};
+
+// Replace the point in the server key exchange message with an empty one
+class ECCServerKEXFilter : public TlsHandshakeFilter {
+ public:
+  ECCServerKEXFilter() {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
+                                               const DataBuffer &input,
+                                               DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    // Replace the server key exchange message with an empty point
+    output->Allocate(4);
+    output->Write(0, 3U, 1);  // named curve
+    uint32_t curve;
+    EXPECT_TRUE(input.Read(1, 2, &curve));  // get curve id
+    output->Write(1, curve, 2);             // write curve id
+    output->Write(3, 0U, 1);                // point length 0
+    return CHANGE;
+  }
+};
+
+TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyServerPoint) {
+  // add packet filter
+  server_->SetPacketFilter(new ECCServerKEXFilter());
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyClientPoint) {
+  // add packet filter
+  client_->SetPacketFilter(new ECCClientKEXFilter());
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH);
+}
+
+INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11Plus));
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_ems_unittest.cc b/nss/external_tests/ssl_gtest/ssl_ems_unittest.cc
new file mode 100644
index 0000000..5032538
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_ems_unittest.cc
@@ -0,0 +1,100 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecret) {
+  EnableExtendedMasterSecret();
+  Connect();
+  Reset();
+  ExpectResumption(RESUME_SESSIONID);
+  EnableExtendedMasterSecret();
+  Connect();
+}
+
+TEST_P(TlsConnectTls12Plus, ConnectExtendedMasterSecretSha384) {
+  EnableExtendedMasterSecret();
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+  ConnectWithCipherSuite(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretStaticRSA) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretECDHE) {
+  EnableExtendedMasterSecret();
+  Connect();
+
+  Reset();
+  EnableExtendedMasterSecret();
+  ExpectResumption(RESUME_SESSIONID);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretTicket) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableExtendedMasterSecret();
+  Connect();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+
+  EnableExtendedMasterSecret();
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretClientOnly) {
+  client_->EnableExtendedMasterSecret();
+  ExpectExtendedMasterSecret(false);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretServerOnly) {
+  server_->EnableExtendedMasterSecret();
+  ExpectExtendedMasterSecret(false);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretResumeWithout) {
+  EnableExtendedMasterSecret();
+  Connect();
+
+  Reset();
+  server_->EnableExtendedMasterSecret();
+  auto alert_recorder = new TlsAlertRecorder();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description());
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectNormalResumeWithExtendedMasterSecret) {
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
+  ExpectExtendedMasterSecret(false);
+  Connect();
+
+  Reset();
+  EnableExtendedMasterSecret();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc b/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
new file mode 100644
index 0000000..193d338
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
@@ -0,0 +1,580 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+class TlsExtensionDropper : public TlsExtensionFilter {
+ public:
+  TlsExtensionDropper(uint16_t extension) : extension_(extension) {}
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer&, DataBuffer*) {
+    if (extension_type == extension_) {
+      return DROP;
+    }
+    return KEEP;
+  }
+
+ private:
+  uint16_t extension_;
+};
+
+class TlsExtensionTruncator : public TlsExtensionFilter {
+ public:
+  TlsExtensionTruncator(uint16_t extension, size_t length)
+      : extension_(extension), length_(length) {}
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (extension_type != extension_) {
+      return KEEP;
+    }
+    if (input.len() <= length_) {
+      return KEEP;
+    }
+
+    output->Assign(input.data(), length_);
+    return CHANGE;
+  }
+
+ private:
+  uint16_t extension_;
+  size_t length_;
+};
+
+class TlsExtensionDamager : public TlsExtensionFilter {
+ public:
+  TlsExtensionDamager(uint16_t extension, size_t index)
+      : extension_(extension), index_(index) {}
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (extension_type != extension_) {
+      return KEEP;
+    }
+
+    *output = input;
+    output->data()[index_] += 73;  // Increment selected for maximum damage
+    return CHANGE;
+  }
+
+ private:
+  uint16_t extension_;
+  size_t index_;
+};
+
+class TlsExtensionInjector : public TlsHandshakeFilter {
+ public:
+  TlsExtensionInjector(uint16_t ext, DataBuffer& data)
+      : extension_(ext), data_(data) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    size_t offset;
+    if (header.handshake_type() == kTlsHandshakeClientHello) {
+      TlsParser parser(input);
+      if (!TlsExtensionFilter::FindClientHelloExtensions(&parser, header)) {
+        return KEEP;
+      }
+      offset = parser.consumed();
+    } else if (header.handshake_type() == kTlsHandshakeServerHello) {
+      TlsParser parser(input);
+      if (!TlsExtensionFilter::FindServerHelloExtensions(&parser)) {
+        return KEEP;
+      }
+      offset = parser.consumed();
+    } else {
+      return KEEP;
+    }
+
+    *output = input;
+
+    // Increase the size of the extensions.
+    uint16_t* len_addr = reinterpret_cast<uint16_t*>(output->data() + offset);
+    *len_addr = htons(ntohs(*len_addr) + data_.len() + 4);
+
+    // Insert the extension type and length.
+    DataBuffer type_length;
+    type_length.Allocate(4);
+    type_length.Write(0, extension_, 2);
+    type_length.Write(2, data_.len(), 2);
+    output->Splice(type_length, offset + 2);
+
+    // Insert the payload.
+    output->Splice(data_, offset + 6);
+
+    return CHANGE;
+  }
+
+ private:
+  const uint16_t extension_;
+  const DataBuffer data_;
+};
+
+class TlsExtensionTestBase : public TlsConnectTestBase {
+ protected:
+  TlsExtensionTestBase(Mode mode, uint16_t version)
+      : TlsConnectTestBase(mode, version) {}
+
+  void ClientHelloErrorTest(PacketFilter* filter,
+                            uint8_t alert = kTlsAlertDecodeError) {
+    auto alert_recorder = new TlsAlertRecorder();
+    server_->SetPacketFilter(alert_recorder);
+    if (filter) {
+      client_->SetPacketFilter(filter);
+    }
+    ConnectExpectFail();
+    EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+    EXPECT_EQ(alert, alert_recorder->description());
+  }
+
+  void ServerHelloErrorTest(PacketFilter* filter,
+                            uint8_t alert = kTlsAlertDecodeError) {
+    auto alert_recorder = new TlsAlertRecorder();
+    client_->SetPacketFilter(alert_recorder);
+    if (filter) {
+      server_->SetPacketFilter(filter);
+    }
+    ConnectExpectFail();
+    EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+    EXPECT_EQ(alert, alert_recorder->description());
+  }
+
+  static void InitSimpleSni(DataBuffer* extension) {
+    const char* name = "host.name";
+    const size_t namelen = PL_strlen(name);
+    extension->Allocate(namelen + 5);
+    extension->Write(0, namelen + 3, 2);
+    extension->Write(2, static_cast<uint32_t>(0), 1);  // 0 == hostname
+    extension->Write(3, namelen, 2);
+    extension->Write(5, reinterpret_cast<const uint8_t*>(name), namelen);
+  }
+};
+
+class TlsExtensionTestDtls : public TlsExtensionTestBase,
+                             public ::testing::WithParamInterface<uint16_t> {
+ public:
+  TlsExtensionTestDtls() : TlsExtensionTestBase(DGRAM, GetParam()) {}
+};
+
+class TlsExtensionTest12Plus
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTest12Plus()
+      : TlsExtensionTestBase(
+            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
+            std::get<1>(GetParam())) {}
+};
+
+class TlsExtensionTest12
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTest12()
+      : TlsExtensionTestBase(
+            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
+            std::get<1>(GetParam())) {}
+};
+
+class TlsExtensionTest13 : public TlsExtensionTestBase,
+                           public ::testing::WithParamInterface<std::string> {
+ public:
+  TlsExtensionTest13()
+      : TlsExtensionTestBase(TlsConnectTestBase::ToMode(GetParam()),
+                             SSL_LIBRARY_VERSION_TLS_1_3) {}
+};
+
+class TlsExtensionTest13Stream : public TlsExtensionTestBase {
+ public:
+  TlsExtensionTest13Stream()
+      : TlsExtensionTestBase(STREAM, SSL_LIBRARY_VERSION_TLS_1_3) {}
+};
+
+class TlsExtensionTestGeneric
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTestGeneric()
+      : TlsExtensionTestBase(
+            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
+            std::get<1>(GetParam())) {}
+};
+
+class TlsExtensionTestPre13
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTestPre13()
+      : TlsExtensionTestBase(
+            TlsConnectTestBase::ToMode((std::get<0>(GetParam()))),
+            std::get<1>(GetParam())) {}
+};
+
+TEST_P(TlsExtensionTestGeneric, DamageSniLength) {
+  ClientHelloErrorTest(new TlsExtensionDamager(ssl_server_name_xtn, 1));
+}
+
+TEST_P(TlsExtensionTestGeneric, DamageSniHostLength) {
+  ClientHelloErrorTest(new TlsExtensionDamager(ssl_server_name_xtn, 4));
+}
+
+TEST_P(TlsExtensionTestGeneric, TruncateSni) {
+  ClientHelloErrorTest(new TlsExtensionTruncator(ssl_server_name_xtn, 7));
+}
+
+// A valid extension that appears twice will be reported as unsupported.
+TEST_P(TlsExtensionTestGeneric, RepeatSni) {
+  DataBuffer extension;
+  InitSimpleSni(&extension);
+  ClientHelloErrorTest(new TlsExtensionInjector(ssl_server_name_xtn, extension),
+                       kTlsAlertIllegalParameter);
+}
+
+// An SNI entry with zero length is considered invalid (strangely, not if it is
+// the last entry, which is probably a bug).
+TEST_P(TlsExtensionTestGeneric, BadSni) {
+  DataBuffer simple;
+  InitSimpleSni(&simple);
+  DataBuffer extension;
+  extension.Allocate(simple.len() + 3);
+  extension.Write(0, static_cast<uint32_t>(0), 3);
+  extension.Write(3, simple);
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_server_name_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, EmptySni) {
+  DataBuffer extension;
+  extension.Allocate(2);
+  extension.Write(0, static_cast<uint32_t>(0), 2);
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_server_name_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, EmptyAlpnExtension) {
+  EnableAlpn();
+  DataBuffer extension;
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension),
+      kTlsAlertIllegalParameter);
+}
+
+// An empty ALPN isn't considered bad, though it does lead to there being no
+// protocol for the server to select.
+TEST_P(TlsExtensionTestGeneric, EmptyAlpnList) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension),
+      kTlsAlertNoApplicationProtocol);
+}
+
+TEST_P(TlsExtensionTestGeneric, OneByteAlpn) {
+  EnableAlpn();
+  ClientHelloErrorTest(
+      new TlsExtensionTruncator(ssl_app_layer_protocol_xtn, 1));
+}
+
+TEST_P(TlsExtensionTestGeneric, AlpnMissingValue) {
+  EnableAlpn();
+  // This will leave the length of the second entry, but no value.
+  ClientHelloErrorTest(
+      new TlsExtensionTruncator(ssl_app_layer_protocol_xtn, 5));
+}
+
+TEST_P(TlsExtensionTestGeneric, AlpnZeroLength) {
+  EnableAlpn();
+  const uint8_t val[] = {0x01, 0x61, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, AlpnMismatch) {
+  const uint8_t client_alpn[] = {0x01, 0x61};
+  client_->EnableAlpn(client_alpn, sizeof(client_alpn));
+  const uint8_t server_alpn[] = {0x02, 0x61, 0x62};
+  server_->EnableAlpn(server_alpn, sizeof(server_alpn));
+
+  ClientHelloErrorTest(nullptr, kTlsAlertNoApplicationProtocol);
+}
+
+// Many of these tests fail in TLS 1.3 because the extension is encrypted, which
+// prevents modification of the value from the ServerHello.
+TEST_P(TlsExtensionTestPre13, AlpnReturnedEmptyList) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedEmptyName) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x01, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedListTrailingData) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x02, 0x01, 0x61, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedExtraEntry) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x04, 0x01, 0x61, 0x01, 0x62};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedBadListLength) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x99, 0x01, 0x61, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedBadNameLength) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x02, 0x99, 0x61};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(
+      new TlsExtensionReplacer(ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestDtls, SrtpShort) {
+  EnableSrtp();
+  ClientHelloErrorTest(new TlsExtensionTruncator(ssl_use_srtp_xtn, 3));
+}
+
+TEST_P(TlsExtensionTestDtls, SrtpOdd) {
+  EnableSrtp();
+  const uint8_t val[] = {0x00, 0x01, 0xff, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(new TlsExtensionReplacer(ssl_use_srtp_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsBadLength) {
+  const uint8_t val[] = {0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsTrailingData) {
+  const uint8_t val[] = {0x00, 0x02, 0x04, 0x01, 0x00};  // sha-256, rsa
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsEmpty) {
+  const uint8_t val[] = {0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsOddLength) {
+  const uint8_t val[] = {0x00, 0x01, 0x04};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, NoSupportedGroups) {
+  ClientHelloErrorTest(new TlsExtensionDropper(ssl_supported_groups_xtn),
+                       version_ < SSL_LIBRARY_VERSION_TLS_1_3
+                           ? kTlsAlertDecryptError
+                           : kTlsAlertMissingExtension);
+}
+
+TEST_P(TlsExtensionTestGeneric, SupportedCurvesShort) {
+  const uint8_t val[] = {0x00, 0x01, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_elliptic_curves_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, SupportedCurvesBadLength) {
+  const uint8_t val[] = {0x09, 0x99, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_elliptic_curves_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, SupportedCurvesTrailingData) {
+  const uint8_t val[] = {0x00, 0x02, 0x00, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_elliptic_curves_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, SupportedPointsEmpty) {
+  const uint8_t val[] = {0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_ec_point_formats_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, SupportedPointsBadLength) {
+  const uint8_t val[] = {0x99, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_ec_point_formats_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, SupportedPointsTrailingData) {
+  const uint8_t val[] = {0x01, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_ec_point_formats_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, RenegotiationInfoBadLength) {
+  const uint8_t val[] = {0x99};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_renegotiation_info_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, RenegotiationInfoMismatch) {
+  const uint8_t val[] = {0x01, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_renegotiation_info_xtn, extension));
+}
+
+// The extension has to contain a length.
+TEST_P(TlsExtensionTestPre13, RenegotiationInfoExtensionEmpty) {
+  DataBuffer extension;
+  ClientHelloErrorTest(
+      new TlsExtensionReplacer(ssl_renegotiation_info_xtn, extension));
+}
+
+// This only works on TLS 1.2, since it relies on static RSA; otherwise libssl
+// picks the wrong cipher suite.
+TEST_P(TlsExtensionTest12, SignatureAlgorithmConfiguration) {
+  const SSLSignatureAndHashAlg algorithms[] = {
+      {ssl_hash_sha512, ssl_sign_rsa}, {ssl_hash_sha384, ssl_sign_ecdsa}};
+
+  TlsExtensionCapture* capture =
+      new TlsExtensionCapture(ssl_signature_algorithms_xtn);
+  client_->SetSignatureAlgorithms(algorithms, PR_ARRAY_SIZE(algorithms));
+  client_->SetPacketFilter(capture);
+  EnableOnlyStaticRsaCiphers();
+  Connect();
+
+  const DataBuffer& ext = capture->extension();
+  EXPECT_EQ(2 + PR_ARRAY_SIZE(algorithms) * 2, ext.len());
+  for (size_t i = 0, cursor = 2;
+       i < PR_ARRAY_SIZE(algorithms) && cursor < ext.len(); ++i) {
+    uint32_t v;
+    EXPECT_TRUE(ext.Read(cursor++, 1, &v));
+    EXPECT_EQ(algorithms[i].hashAlg, static_cast<SSLHashType>(v));
+    EXPECT_TRUE(ext.Read(cursor++, 1, &v));
+    EXPECT_EQ(algorithms[i].sigAlg, static_cast<SSLSignType>(v));
+  }
+}
+
+// Temporary test to verify that we choke on an empty ClientKeyShare.
+// This test will fail when we implement HelloRetryRequest.
+TEST_P(TlsExtensionTest13, EmptyClientKeyShare) {
+  ClientHelloErrorTest(new TlsExtensionTruncator(ssl_tls13_key_share_xtn, 2),
+                       kTlsAlertHandshakeFailure);
+}
+
+TEST_P(TlsExtensionTest13, DropDraftVersion) {
+  EnsureTlsSetup();
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  client_->SetPacketFilter(
+      new TlsExtensionDropper(ssl_tls13_draft_version_xtn));
+  ConnectExpectFail();
+  // This will still fail (we can't just modify ClientHello without consequence)
+  // but the error is discovered later.
+  EXPECT_EQ(SSL_ERROR_DECRYPT_ERROR_ALERT, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE, server_->error_code());
+}
+
+TEST_P(TlsExtensionTest13, DropDraftVersionAndFail) {
+  EnsureTlsSetup();
+  // Since this is setup as TLS 1.3 only, expect the handshake to fail rather
+  // than just falling back to TLS 1.2.
+  client_->SetPacketFilter(
+      new TlsExtensionDropper(ssl_tls13_draft_version_xtn));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_PROTOCOL_VERSION_ALERT, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_UNSUPPORTED_VERSION, server_->error_code());
+}
+
+TEST_P(TlsExtensionTest13, ModifyDraftVersionAndFail) {
+  EnsureTlsSetup();
+  // As above, dropping back to 1.2 fails.
+  client_->SetPacketFilter(
+      new TlsExtensionDamager(ssl_tls13_draft_version_xtn, 1));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_PROTOCOL_VERSION_ALERT, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_UNSUPPORTED_VERSION, server_->error_code());
+}
+
+// This test only works in stream mode because the MAC error causes a timeout on
+// the server with datagram.
+TEST_F(TlsExtensionTest13Stream, DropServerKeyShare) {
+  EnsureTlsSetup();
+  server_->SetPacketFilter(new TlsExtensionDropper(ssl_tls13_key_share_xtn));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_MISSING_KEY_SHARE, client_->error_code());
+  // We are trying to decrypt but we can't. Kind of a screwy error
+  // from the TLS 1.3 stack.
+  EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
+}
+
+INSTANTIATE_TEST_CASE_P(ExtensionStream, TlsExtensionTestGeneric,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsVAll));
+INSTANTIATE_TEST_CASE_P(ExtensionDatagram, TlsExtensionTestGeneric,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11Plus));
+INSTANTIATE_TEST_CASE_P(ExtensionDatagramOnly, TlsExtensionTestDtls,
+                        TlsConnectTestBase::kTlsV11Plus);
+
+INSTANTIATE_TEST_CASE_P(ExtensionTls12Plus, TlsExtensionTest12Plus,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV12Plus));
+
+INSTANTIATE_TEST_CASE_P(ExtensionPre13Stream, TlsExtensionTestPre13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10ToV12));
+INSTANTIATE_TEST_CASE_P(ExtensionPre13Datagram, TlsExtensionTestPre13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11V12));
+
+INSTANTIATE_TEST_CASE_P(ExtensionTls13, TlsExtensionTest13,
+                        TlsConnectTestBase::kTlsModesAll);
+
+}  // namespace nspr_test
diff --git a/nss/external_tests/ssl_gtest/ssl_gtest.cc b/nss/external_tests/ssl_gtest/ssl_gtest.cc
new file mode 100644
index 0000000..2d08dd8
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_gtest.cc
@@ -0,0 +1,44 @@
+#include "nspr.h"
+#include "nss.h"
+#include "prenv.h"
+#include "ssl.h"
+
+#include <cstdlib>
+
+#include "test_io.h"
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+std::string g_working_dir_path;
+bool g_ssl_gtest_verbose;
+
+int main(int argc, char** argv) {
+  // Start the tests
+  ::testing::InitGoogleTest(&argc, argv);
+  g_working_dir_path = ".";
+  g_ssl_gtest_verbose = false;
+
+  char* workdir = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
+  if (workdir) g_working_dir_path = workdir;
+
+  for (int i = 0; i < argc; i++) {
+    if (!strcmp(argv[i], "-d")) {
+      g_working_dir_path = argv[i + 1];
+      ++i;
+    } else if (!strcmp(argv[i], "-v")) {
+      g_ssl_gtest_verbose = true;
+    }
+  }
+
+  NSS_Initialize(g_working_dir_path.c_str(), "", "", SECMOD_DB,
+                 NSS_INIT_READONLY);
+  NSS_SetDomesticPolicy();
+  int rv = RUN_ALL_TESTS();
+
+  NSS_Shutdown();
+
+  nss_test::Poller::Shutdown();
+
+  return rv;
+}
diff --git a/nss/external_tests/ssl_gtest/ssl_hrr_unittest.cc b/nss/external_tests/ssl_gtest/ssl_hrr_unittest.cc
new file mode 100644
index 0000000..751e921
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_hrr_unittest.cc
@@ -0,0 +1,197 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectTls13, HelloRetryRequestAbortsZeroRtt) {
+  const char* k0RttData = "Such is life";
+  const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
+
+  SetupForZeroRtt();  // initial handshake as normal
+
+  const SSLNamedGroup groups[2] = {ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+
+  // Send first ClientHello and send 0-RTT data
+  auto capture_early_data = new TlsExtensionCapture(ssl_tls13_early_data_xtn);
+  client_->SetPacketFilter(capture_early_data);
+  client_->Handshake();
+  EXPECT_EQ(k0RttDataLen, PR_Write(client_->ssl_fd(), k0RttData,
+                                   k0RttDataLen));  // 0-RTT write.
+  EXPECT_LT(0U, capture_early_data->extension().len());
+
+  // Send the HelloRetryRequest
+  auto hrr_capture =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeHelloRetryRequest);
+  server_->SetPacketFilter(hrr_capture);
+  server_->Handshake();
+  EXPECT_LT(0U, hrr_capture->buffer().len());
+
+  // The server can't read
+  std::vector<uint8_t> buf(k0RttDataLen);
+  EXPECT_EQ(SECFailure, PR_Read(server_->ssl_fd(), buf.data(), k0RttDataLen));
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+
+  // Make a new capture for the early data.
+  capture_early_data = new TlsExtensionCapture(ssl_tls13_early_data_xtn);
+  client_->SetPacketFilter(capture_early_data);
+
+  // Complete the handshake successfully
+  Handshake();
+  ExpectEarlyDataAccepted(false);  // The server should reject 0-RTT
+  CheckConnected();
+  SendReceive();
+  EXPECT_EQ(0U, capture_early_data->extension().len());
+}
+
+class KeyShareReplayer : public TlsExtensionFilter {
+ public:
+  KeyShareReplayer() {}
+
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (extension_type != ssl_tls13_key_share_xtn) {
+      return KEEP;
+    }
+
+    if (!data_.len()) {
+      data_ = input;
+      return KEEP;
+    }
+
+    *output = data_;
+    return CHANGE;
+  }
+
+ private:
+  DataBuffer data_;
+};
+
+// This forces a HelloRetryRequest by disabling P-256 on the server.  However,
+// the second ClientHello is modified so that it omits the requested share.  The
+// server should reject this.
+TEST_P(TlsConnectTls13, RetryWithSameKeyShare) {
+  EnsureTlsSetup();
+  client_->SetPacketFilter(new KeyShareReplayer());
+  const SSLNamedGroup groups[2] = {ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_BAD_2ND_CLIENT_HELLO, server_->error_code());
+  EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, client_->error_code());
+}
+
+// This tests that the second attempt at sending a ClientHello (after receiving
+// a HelloRetryRequest) is correctly retransmitted.
+TEST_F(TlsConnectDatagram13, DropClientSecondFlightWithHelloRetry) {
+  const SSLNamedGroup groups[2] = {ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  server_->SetPacketFilter(new SelectiveDropFilter(0x2));
+  Connect();
+}
+
+TEST_F(TlsConnectTest, Select12AfterHelloRetryRequest) {
+  EnsureTlsSetup();
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  const SSLNamedGroup groups[2] = {ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+  client_->StartConnect();
+  server_->StartConnect();
+
+  client_->Handshake();
+  server_->Handshake();
+
+  // Here we replace the TLS server with one that does TLS 1.2 only.
+  // This will happily send the client a TLS 1.2 ServerHello.
+  TlsAgent* replacement_server =
+      new TlsAgent(server_->name(), TlsAgent::SERVER, mode_);
+  delete server_;
+  server_ = replacement_server;
+  server_->Init();
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, server_->error_code());
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+class HelloRetryRequestAgentTest : public TlsAgentTestClient {
+ protected:
+  void MakeHelloRetryRequestRecord(SSLNamedGroup group, DataBuffer* hrr_record,
+                                   uint32_t seq_num = 0) const {
+    const uint8_t canned_hrr[] = {
+        SSL_LIBRARY_VERSION_TLS_1_3 >> 8,
+        SSL_LIBRARY_VERSION_TLS_1_3 & 0xff,
+        0,
+        0,  // The cipher suite is ignored.
+        static_cast<uint8_t>(group >> 8),
+        static_cast<uint8_t>(group),
+        0,
+        0  // no extensions
+    };
+    DataBuffer hrr;
+    MakeHandshakeMessage(kTlsHandshakeHelloRetryRequest, canned_hrr,
+                         sizeof(canned_hrr), &hrr, seq_num);
+    MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3, hrr.data(),
+               hrr.len(), hrr_record, seq_num);
+  }
+};
+
+// Send two HelloRetryRequest messages in response to the ClientHello.  The are
+// constructed to appear legitimate by asking for a new share in each, so that
+// the client has to count to work out that the server is being unreasonable.
+TEST_P(HelloRetryRequestAgentTest, SendSecondHelloRetryRequest) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+
+  DataBuffer hrr_record;
+  MakeHelloRetryRequestRecord(ssl_grp_ec_secp384r1, &hrr_record, 0);
+  ProcessMessage(hrr_record, TlsAgent::STATE_CONNECTING);
+  MakeHelloRetryRequestRecord(ssl_grp_ec_secp521r1, &hrr_record, 1);
+  ProcessMessage(hrr_record, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST);
+}
+
+// Here the client receives a HelloRetryRequest with a group that they already
+// provided a share for.
+TEST_P(HelloRetryRequestAgentTest, HandleBogusHelloRetryRequest) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+
+  DataBuffer hrr_record;
+  MakeHelloRetryRequestRecord(ssl_grp_ec_secp256r1, &hrr_record);
+  ProcessMessage(hrr_record, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
+}
+
+INSTANTIATE_TEST_CASE_P(HelloRetryRequestAgentTests, HelloRetryRequestAgentTest,
+                        TlsConnectTestBase::kTlsModesAll);
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
new file mode 100644
index 0000000..b694cfb
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc
@@ -0,0 +1,241 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGeneric, SetupOnly) {}
+
+TEST_P(TlsConnectGeneric, Connect) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+TEST_P(TlsConnectGeneric, ConnectEcdsa) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Reset(TlsAgent::kServerEcdsa256);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectFalseStart) {
+  client_->EnableFalseStart();
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectAlpn) {
+  EnableAlpn();
+  Connect();
+  CheckAlpn("a");
+}
+
+TEST_P(TlsConnectGeneric, ConnectAlpnClone) {
+  EnsureModelSockets();
+  client_model_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+  server_model_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+  Connect();
+  CheckAlpn("a");
+}
+
+TEST_P(TlsConnectDatagram, ConnectSrtp) {
+  EnableSrtp();
+  Connect();
+  CheckSrtp();
+  SendReceive();
+}
+
+// 1.3 is disabled in the next few tests because we don't
+// presently support resumption in 1.3.
+TEST_P(TlsConnectStreamPre13, ConnectAndClientRenegotiate) {
+  Connect();
+  server_->PrepareForRenegotiate();
+  client_->StartRenegotiate();
+  Handshake();
+  CheckConnected();
+}
+
+TEST_P(TlsConnectStreamPre13, ConnectAndServerRenegotiate) {
+  Connect();
+  client_->PrepareForRenegotiate();
+  server_->StartRenegotiate();
+  Handshake();
+  CheckConnected();
+}
+
+TEST_P(TlsConnectGeneric, ConnectSendReceive) {
+  Connect();
+  SendReceive();
+}
+
+// The next two tests takes advantage of the fact that we
+// automatically read the first 1024 bytes, so if
+// we provide 1200 bytes, they overrun the read buffer
+// provided by the calling test.
+
+// DTLS should return an error.
+TEST_P(TlsConnectDatagram, ShortRead) {
+  Connect();
+  client_->ExpectReadWriteError();
+  server_->SendData(1200, 1200);
+  client_->WaitForErrorCode(SSL_ERROR_RX_SHORT_DTLS_READ, 2000);
+
+  // Now send and receive another packet.
+  server_->ResetSentBytes();  // Reset the counter.
+  SendReceive();
+}
+
+// TLS should get the write in two chunks.
+TEST_P(TlsConnectStream, ShortRead) {
+  // This test behaves oddly with TLS 1.0 because of 1/n+1 splitting,
+  // so skip in that case.
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_1) return;
+
+  Connect();
+  server_->SendData(1200, 1200);
+  // Read the first tranche.
+  WAIT_(client_->received_bytes() == 1024, 2000);
+  ASSERT_EQ(1024U, client_->received_bytes());
+  // The second tranche should now immediately be available.
+  client_->ReadBytes();
+  ASSERT_EQ(1200U, client_->received_bytes());
+}
+
+TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
+  EnsureTlsSetup();
+  client_->EnableCompression();
+  server_->EnableCompression();
+  Connect();
+  EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 && mode_ != DGRAM,
+            client_->is_compressed());
+  SendReceive();
+}
+
+TEST_P(TlsConnectDatagram, TestDtlsHolddownExpiry) {
+  Connect();
+  std::cerr << "Expiring holddown timer\n";
+  SSLInt_ForceTimerExpiry(client_->ssl_fd());
+  SSLInt_ForceTimerExpiry(server_->ssl_fd());
+  SendReceive();
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // One for send, one for receive.
+    EXPECT_EQ(2, SSLInt_CountTls13CipherSpecs(client_->ssl_fd()));
+  }
+}
+
+class TlsPreCCSHeaderInjector : public TlsRecordFilter {
+ public:
+  TlsPreCCSHeaderInjector() {}
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& record_header,
+                                            const DataBuffer& input,
+                                            size_t* offset,
+                                            DataBuffer* output) override {
+    if (record_header.content_type() != kTlsChangeCipherSpecType) return KEEP;
+
+    std::cerr << "Injecting Finished header before CCS\n";
+    const uint8_t hhdr[] = {kTlsHandshakeFinished, 0x00, 0x00, 0x0c};
+    DataBuffer hhdr_buf(hhdr, sizeof(hhdr));
+    RecordHeader nhdr(record_header.version(), kTlsHandshakeType, 0);
+    *offset = nhdr.Write(output, *offset, hhdr_buf);
+    *offset = record_header.Write(output, *offset, input);
+    return CHANGE;
+  }
+};
+
+TEST_P(TlsConnectStreamPre13, ClientFinishedHeaderBeforeCCS) {
+  client_->SetPacketFilter(new TlsPreCCSHeaderInjector());
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
+}
+
+TEST_P(TlsConnectStreamPre13, ServerFinishedHeaderBeforeCCS) {
+  server_->SetPacketFilter(new TlsPreCCSHeaderInjector());
+  client_->StartConnect();
+  server_->StartConnect();
+  Handshake();
+  EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+}
+
+TEST_P(TlsConnectTls13, UnknownAlert) {
+  Connect();
+  SSLInt_SendAlert(server_->ssl_fd(), kTlsAlertWarning,
+                   0xff);  // Unknown value.
+  client_->ExpectReadWriteError();
+  client_->WaitForErrorCode(SSL_ERROR_RX_UNKNOWN_ALERT, 2000);
+}
+
+TEST_P(TlsConnectTls13, AlertWrongLevel) {
+  Connect();
+  SSLInt_SendAlert(server_->ssl_fd(), kTlsAlertWarning,
+                   kTlsAlertUnexpectedMessage);
+  client_->ExpectReadWriteError();
+  client_->WaitForErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, 2000);
+}
+
+INSTANTIATE_TEST_CASE_P(GenericStream, TlsConnectGeneric,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsVAll));
+INSTANTIATE_TEST_CASE_P(
+    GenericDatagram, TlsConnectGeneric,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11Plus));
+
+INSTANTIATE_TEST_CASE_P(StreamOnly, TlsConnectStream,
+                        TlsConnectTestBase::kTlsVAll);
+INSTANTIATE_TEST_CASE_P(DatagramOnly, TlsConnectDatagram,
+                        TlsConnectTestBase::kTlsV11Plus);
+
+INSTANTIATE_TEST_CASE_P(Pre12Stream, TlsConnectPre12,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10V11));
+INSTANTIATE_TEST_CASE_P(
+    Pre12Datagram, TlsConnectPre12,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11));
+
+INSTANTIATE_TEST_CASE_P(Version12Only, TlsConnectTls12,
+                        TlsConnectTestBase::kTlsModesAll);
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(Version13Only, TlsConnectTls13,
+                        TlsConnectTestBase::kTlsModesAll);
+#endif
+
+INSTANTIATE_TEST_CASE_P(Pre13Stream, TlsConnectGenericPre13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10ToV12));
+INSTANTIATE_TEST_CASE_P(
+    Pre13Datagram, TlsConnectGenericPre13,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11V12));
+INSTANTIATE_TEST_CASE_P(Pre13StreamOnly, TlsConnectStreamPre13,
+                        TlsConnectTestBase::kTlsV10ToV12);
+
+INSTANTIATE_TEST_CASE_P(Version12Plus, TlsConnectTls12Plus,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV12Plus));
+
+}  // namespace nspr_test
diff --git a/nss/external_tests/ssl_gtest/ssl_record_unittest.cc b/nss/external_tests/ssl_gtest/ssl_record_unittest.cc
new file mode 100644
index 0000000..ef81b22
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_record_unittest.cc
@@ -0,0 +1,111 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslimpl.h"
+
+#include "databuffer.h"
+#include "gtest_utils.h"
+
+namespace nss_test {
+
+const static size_t kMacSize = 20;
+
+class TlsPaddingTest
+    : public ::testing::Test,
+      public ::testing::WithParamInterface<std::tuple<size_t, bool>> {
+ public:
+  TlsPaddingTest() : plaintext_len_(std::get<0>(GetParam())) {
+    size_t extra =
+        (plaintext_len_ + 1) % 16;  // Bytes past a block (1 == pad len)
+    // Minimal padding.
+    pad_len_ = extra ? 16 - extra : 0;
+    if (std::get<1>(GetParam())) {
+      // Maximal padding.
+      pad_len_ += 240;
+    }
+    MakePaddedPlaintext();
+  }
+
+  // Makes a plaintext record with correct padding.
+  void MakePaddedPlaintext() {
+    EXPECT_EQ(0UL, (plaintext_len_ + pad_len_ + 1) % 16);
+    size_t i = 0;
+    plaintext_.Allocate(plaintext_len_ + pad_len_ + 1);
+    for (; i < plaintext_len_; ++i) {
+      plaintext_.Write(i, 'A', 1);
+    }
+
+    for (; i < plaintext_len_ + pad_len_ + 1; ++i) {
+      plaintext_.Write(i, pad_len_, 1);
+    }
+  }
+
+  void Unpad(bool expect_success) {
+    std::cerr << "Content length=" << plaintext_len_
+              << " padding length=" << pad_len_
+              << " total length=" << plaintext_.len() << std::endl;
+    std::cerr << "Plaintext: " << plaintext_ << std::endl;
+    sslBuffer s;
+    s.buf = const_cast<unsigned char *>(
+        static_cast<const unsigned char *>(plaintext_.data()));
+    s.len = plaintext_.len();
+    SECStatus rv = ssl_RemoveTLSCBCPadding(&s, kMacSize);
+    if (expect_success) {
+      EXPECT_EQ(SECSuccess, rv);
+      EXPECT_EQ(plaintext_len_, static_cast<size_t>(s.len));
+    } else {
+      EXPECT_EQ(SECFailure, rv);
+    }
+  }
+
+ protected:
+  size_t plaintext_len_;
+  size_t pad_len_;
+  DataBuffer plaintext_;
+};
+
+TEST_P(TlsPaddingTest, Correct) {
+  if (plaintext_len_ >= kMacSize) {
+    Unpad(true);
+  } else {
+    Unpad(false);
+  }
+}
+
+TEST_P(TlsPaddingTest, PadTooLong) {
+  if (plaintext_.len() < 255) {
+    plaintext_.Write(plaintext_.len() - 1, plaintext_.len(), 1);
+    Unpad(false);
+  }
+}
+
+TEST_P(TlsPaddingTest, FirstByteOfPadWrong) {
+  if (pad_len_) {
+    plaintext_.Write(plaintext_len_, plaintext_.data()[plaintext_len_] + 1, 1);
+    Unpad(false);
+  }
+}
+
+TEST_P(TlsPaddingTest, LastByteOfPadWrong) {
+  if (pad_len_) {
+    plaintext_.Write(plaintext_.len() - 2,
+                     plaintext_.data()[plaintext_.len() - 1] + 1, 1);
+    Unpad(false);
+  }
+}
+
+const static size_t kContentSizesArr[] = {
+    1, kMacSize - 1, kMacSize, 30, 31, 32, 36, 256, 257, 287, 288};
+
+auto kContentSizes = ::testing::ValuesIn(kContentSizesArr);
+const static bool kTrueFalseArr[] = {true, false};
+auto kTrueFalse = ::testing::ValuesIn(kTrueFalseArr);
+
+INSTANTIATE_TEST_CASE_P(TlsPadding, TlsPaddingTest,
+                        ::testing::Combine(kContentSizes, kTrueFalse));
+}  // namespace nspr_test
diff --git a/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc b/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
new file mode 100644
index 0000000..e9c1a00
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_resumption_unittest.cc
@@ -0,0 +1,443 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+class TlsServerKeyExchangeEcdhe {
+ public:
+  bool Parse(const DataBuffer& buffer) {
+    TlsParser parser(buffer);
+
+    uint8_t curve_type;
+    if (!parser.Read(&curve_type)) {
+      return false;
+    }
+
+    if (curve_type != 3) {  // named_curve
+      return false;
+    }
+
+    uint32_t named_curve;
+    if (!parser.Read(&named_curve, 2)) {
+      return false;
+    }
+
+    return parser.ReadVariable(&public_key_, 1);
+  }
+
+  DataBuffer public_key_;
+};
+
+TEST_P(TlsConnectGenericPre13, ConnectResumed) {
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
+  Connect();
+
+  Reset();
+  ExpectResumption(RESUME_SESSIONID);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ConnectClientCacheDisabled) {
+  ConfigureSessionCache(RESUME_NONE, RESUME_SESSIONID);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectServerCacheDisabled) {
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_NONE);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectSessionCacheDisabled) {
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeSupportBoth) {
+  // This prefers tickets.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientTicketServerBoth) {
+  // This causes no resumption because the client needs the
+  // session cache to resume even with tickets.
+  ConfigureSessionCache(RESUME_TICKET, RESUME_BOTH);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_TICKET, RESUME_BOTH);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicket) {
+  // This causes a ticket resumption.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientServerTicketOnly) {
+  // This causes no resumption because the client needs the
+  // session cache to resume even with tickets.
+  ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientBothServerNone) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_NONE);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_NONE);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientNoneServerBoth) {
+  ConfigureSessionCache(RESUME_NONE, RESUME_BOTH);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_NONE, RESUME_BOTH);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectResumeWithHigherVersion) {
+  EnsureTlsSetup();
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  Connect();
+
+  Reset();
+  EnsureTlsSetup();
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicketForget) {
+  // This causes a ticket resumption.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ClearServerCache();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+// This callback switches out the "server" cert used on the server with
+// the "client" certificate, which should be the same type.
+static int32_t SwitchCertificates(TlsAgent* agent, const SECItem* srvNameArr,
+                                  uint32_t srvNameArrSize) {
+  bool ok = agent->ConfigServerCert("client");
+  if (!ok) return SSL_SNI_SEND_ALERT;
+
+  return 0;  // first config
+};
+
+TEST_P(TlsConnectGeneric, ServerSNICertSwitch) {
+  Connect();
+  ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+
+  Reset();
+  EnsureTlsSetup();
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+
+  server_->SetSniCallback(SwitchCertificates);
+
+  Connect();
+  ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
+TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) {
+  Reset(TlsAgent::kServerEcdsa256);
+  Connect();
+  ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+
+  Reset();
+  EnsureTlsSetup();
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+
+  // Because we configure an RSA certificate here, it only adds a second, unused
+  // certificate, which has no effect on what the server uses.
+  server_->SetSniCallback(SwitchCertificates);
+
+  Connect();
+  ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+  EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
+// Prior to TLS 1.3, we were not fully ephemeral; though 1.3 fixes that
+TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceReuseKey) {
+  TlsInspectorRecordHandshakeMessage* i1 =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i1);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  TlsServerKeyExchangeEcdhe dhe1;
+  EXPECT_TRUE(dhe1.Parse(i1->buffer()));
+
+  // Restart
+  Reset();
+  TlsInspectorRecordHandshakeMessage* i2 =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i2);
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  TlsServerKeyExchangeEcdhe dhe2;
+  EXPECT_TRUE(dhe2.Parse(i2->buffer()));
+
+  // Make sure they are the same.
+  EXPECT_EQ(dhe1.public_key_.len(), dhe2.public_key_.len());
+  EXPECT_TRUE(!memcmp(dhe1.public_key_.data(), dhe2.public_key_.data(),
+                      dhe1.public_key_.len()));
+}
+
+// This test parses the ServerKeyExchange, which isn't in 1.3
+TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceNewKey) {
+  server_->EnsureTlsSetup();
+  SECStatus rv =
+      SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+  TlsInspectorRecordHandshakeMessage* i1 =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i1);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  TlsServerKeyExchangeEcdhe dhe1;
+  EXPECT_TRUE(dhe1.Parse(i1->buffer()));
+
+  // Restart
+  Reset();
+  server_->EnsureTlsSetup();
+  rv = SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+  TlsInspectorRecordHandshakeMessage* i2 =
+      new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i2);
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  TlsServerKeyExchangeEcdhe dhe2;
+  EXPECT_TRUE(dhe2.Parse(i2->buffer()));
+
+  // Make sure they are different.
+  EXPECT_FALSE((dhe1.public_key_.len() == dhe2.public_key_.len()) &&
+               (!memcmp(dhe1.public_key_.data(), dhe2.public_key_.data(),
+                        dhe1.public_key_.len())));
+}
+
+// Test that two TLS resumptions work and produce the same ticket.
+// This will change after bug 1257047 is fixed.
+TEST_F(TlsConnectTest, TestTls13ResumptionTwice) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  uint16_t original_suite;
+  EXPECT_TRUE(client_->cipher_suite(&original_suite));
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  TlsExtensionCapture* c1 =
+      new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(c1);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  // The filter will go away when we reset, so save the captured extension.
+  DataBuffer initialTicket(c1->extension());
+  ASSERT_LT(0U, initialTicket.len());
+
+  ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+  ASSERT_TRUE(!!cert1.get());
+
+  Reset();
+  ClearStats();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  TlsExtensionCapture* c2 =
+      new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(c2);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  ASSERT_LT(0U, c2->extension().len());
+
+  ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+  ASSERT_TRUE(!!cert2.get());
+
+  // Check that the cipher suite is reported the same on both sides, though in
+  // TLS 1.3 resumption actually negotiates a different cipher suite.
+  uint16_t resumed_suite;
+  EXPECT_TRUE(server_->cipher_suite(&resumed_suite));
+  EXPECT_EQ(original_suite, resumed_suite);
+  EXPECT_TRUE(client_->cipher_suite(&resumed_suite));
+  EXPECT_EQ(original_suite, resumed_suite);
+
+  // TODO(ekr@rtfm.com): This will change when we fix bug 1257047.
+  ASSERT_EQ(initialTicket, c2->extension());
+}
+
+TEST_F(TlsConnectTest, DisableClientPSKAndFailToResume) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  TlsExtensionCapture* capture =
+      new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(capture);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  // We need to disable ALL PSK cipher suites with the same symmetric cipher and
+  // PRF hash.  Otherwise the server will just use a different key exchange.
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByAuthType(ssl_auth_rsa_sign);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  EXPECT_EQ(0U, capture->extension().len());
+}
+
+TEST_F(TlsConnectTest, DisableServerPSKAndFailToResume) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  TlsExtensionCapture* clientCapture =
+      new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(clientCapture);
+  TlsExtensionCapture* serverCapture =
+      new TlsExtensionCapture(ssl_tls13_pre_shared_key_xtn);
+  server_->SetPacketFilter(serverCapture);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  // We need to disable ALL PSK cipher suites with the same symmetric cipher and
+  // PRF hash.  Otherwise the server will just use a different key exchange.
+  server_->DisableAllCiphers();
+  server_->EnableCiphersByAuthType(ssl_auth_rsa_sign);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  // The client should have the extension, but the server should not.
+  EXPECT_LT(0U, clientCapture->extension().len());
+  EXPECT_EQ(0U, serverCapture->extension().len());
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc b/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
new file mode 100644
index 0000000..b62ded1
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc
@@ -0,0 +1,159 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "sslerr.h"
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+/*
+ * The tests in this file test that the TLS state machine is robust against
+ * attacks that alter the order of handshake messages.
+ *
+ * See <https://www.smacktls.com/smack.pdf> for a description of the problems
+ * that this sort of attack can enable.
+ */
+namespace nss_test {
+
+class TlsHandshakeSkipFilter : public TlsRecordFilter {
+ public:
+  // A TLS record filter that skips handshake messages of the identified type.
+  TlsHandshakeSkipFilter(uint8_t handshake_type)
+      : handshake_type_(handshake_type), skipped_(false) {}
+
+ protected:
+  // Takes a record; if it is a handshake record, it removes the first handshake
+  // message that is of handshake_type_ type.
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& record_header,
+                                            const DataBuffer& input,
+                                            DataBuffer* output) {
+    if (record_header.content_type() != kTlsHandshakeType) {
+      return KEEP;
+    }
+
+    size_t output_offset = 0U;
+    output->Allocate(input.len());
+
+    TlsParser parser(input);
+    while (parser.remaining()) {
+      size_t start = parser.consumed();
+      TlsHandshakeFilter::HandshakeHeader header;
+      DataBuffer ignored;
+      if (!header.Parse(&parser, record_header, &ignored)) {
+        return KEEP;
+      }
+
+      if (skipped_ || header.handshake_type() != handshake_type_) {
+        size_t entire_length = parser.consumed() - start;
+        output->Write(output_offset, input.data() + start, entire_length);
+        // DTLS sequence numbers need to be rewritten
+        if (skipped_ && header.is_dtls()) {
+          output->data()[start + 5] -= 1;
+        }
+        output_offset += entire_length;
+      } else {
+        std::cerr << "Dropping handshake: "
+                  << static_cast<unsigned>(handshake_type_) << std::endl;
+        // We only need to report that the output contains changed data if we
+        // drop a handshake message.  But once we've skipped one message, we
+        // have to modify all subsequent handshake messages so that they include
+        // the correct DTLS sequence numbers.
+        skipped_ = true;
+      }
+    }
+    output->Truncate(output_offset);
+    return skipped_ ? CHANGE : KEEP;
+  }
+
+ private:
+  // The type of handshake message to drop.
+  uint8_t handshake_type_;
+  // Whether this filter has ever skipped a handshake message.  Track this so
+  // that sequence numbers on DTLS handshake messages can be rewritten in
+  // subsequent calls.
+  bool skipped_;
+};
+
+class TlsSkipTest
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ protected:
+  TlsSkipTest()
+      : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
+                           std::get<1>(GetParam())) {}
+
+  void ServerSkipTest(PacketFilter* filter,
+                      uint8_t alert = kTlsAlertUnexpectedMessage) {
+    auto alert_recorder = new TlsAlertRecorder();
+    client_->SetPacketFilter(alert_recorder);
+    if (filter) {
+      server_->SetPacketFilter(filter);
+    }
+    ConnectExpectFail();
+    EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+    EXPECT_EQ(alert, alert_recorder->description());
+  }
+};
+
+TEST_P(TlsSkipTest, SkipCertificateRsa) {
+  EnableOnlyStaticRsaCiphers();
+  ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipCertificateDhe) {
+  ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsSkipTest, SkipCertificateEcdhe) {
+  ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsSkipTest, SkipCertificateEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsSkipTest, SkipServerKeyExchange) {
+  ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeServerKeyExchange));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipServerKeyExchangeEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeServerKeyExchange));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipCertAndKeyExch) {
+  auto chain = new ChainedPacketFilter();
+  chain->Add(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
+  chain->Add(new TlsHandshakeSkipFilter(kTlsHandshakeServerKeyExchange));
+  ServerSkipTest(chain);
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipCertAndKeyExchEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  auto chain = new ChainedPacketFilter();
+  chain->Add(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate));
+  chain->Add(new TlsHandshakeSkipFilter(kTlsHandshakeServerKeyExchange));
+  ServerSkipTest(chain);
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+INSTANTIATE_TEST_CASE_P(SkipTls10, TlsSkipTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10));
+INSTANTIATE_TEST_CASE_P(SkipVariants, TlsSkipTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11V12));
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc b/nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc
new file mode 100644
index 0000000..57b5934
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_staticrsa_unittest.cc
@@ -0,0 +1,123 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+const uint8_t kBogusClientKeyExchange[] = {
+    0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+TEST_P(TlsConnectGenericPre13, ConnectStaticRSA) {
+  EnableOnlyStaticRsaCiphers();
+  Connect();
+  CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt);
+}
+
+// Test that a totally bogus EPMS is handled correctly.
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusCKE) {
+  EnableOnlyStaticRsaCiphers();
+  TlsInspectorReplaceHandshakeMessage* i1 =
+      new TlsInspectorReplaceHandshakeMessage(
+          kTlsHandshakeClientKeyExchange,
+          DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange)));
+  client_->SetPacketFilter(i1);
+  auto alert_recorder = new TlsAlertRecorder();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+// Test that a PMS with a bogus version number is handled correctly.
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusPMSVersionDetect) {
+  EnableOnlyStaticRsaCiphers();
+  client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(server_));
+  auto alert_recorder = new TlsAlertRecorder();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+// Test that a PMS with a bogus version number is ignored when
+// rollback detection is disabled. This is a positive control for
+// ConnectStaticRSABogusPMSVersionDetect.
+TEST_P(TlsConnectGenericPre13, ConnectStaticRSABogusPMSVersionIgnore) {
+  EnableOnlyStaticRsaCiphers();
+  client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(server_));
+  server_->DisableRollbackDetection();
+  Connect();
+}
+
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13, ConnectExtendedMasterSecretStaticRSABogusCKE) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  TlsInspectorReplaceHandshakeMessage* inspect =
+      new TlsInspectorReplaceHandshakeMessage(
+          kTlsHandshakeClientKeyExchange,
+          DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange)));
+  client_->SetPacketFilter(inspect);
+  auto alert_recorder = new TlsAlertRecorder();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13,
+       ConnectExtendedMasterSecretStaticRSABogusPMSVersionDetect) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(server_));
+  auto alert_recorder = new TlsAlertRecorder();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+TEST_P(TlsConnectStreamPre13,
+       ConnectExtendedMasterSecretStaticRSABogusPMSVersionIgnore) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger(server_));
+  server_->DisableRollbackDetection();
+  Connect();
+}
+
+}  // namespace nspr_test
diff --git a/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc b/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
new file mode 100644
index 0000000..a434fe7
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_v2_client_hello_unittest.cc
@@ -0,0 +1,355 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11pub.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+
+namespace nss_test {
+
+// Replaces the client hello with an SSLv2 version once.
+class SSLv2ClientHelloFilter : public PacketFilter {
+ public:
+  SSLv2ClientHelloFilter(TlsAgent* client, uint16_t version)
+      : replaced_(false),
+        client_(client),
+        version_(version),
+        pad_len_(0),
+        reported_pad_len_(0),
+        client_random_len_(16),
+        ciphers_(0),
+        send_escape_(false) {}
+
+  void SetVersion(uint16_t version) { version_ = version; }
+
+  void SetCipherSuites(const std::vector<uint16_t>& ciphers) {
+    ciphers_ = ciphers;
+  }
+
+  // Set a padding length and announce it correctly.
+  void SetPadding(uint8_t pad_len) { SetPadding(pad_len, pad_len); }
+
+  // Set a padding length and allow to lie about its length.
+  void SetPadding(uint8_t pad_len, uint8_t reported_pad_len) {
+    pad_len_ = pad_len;
+    reported_pad_len_ = reported_pad_len;
+  }
+
+  void SetClientRandomLength(uint16_t client_random_len) {
+    client_random_len_ = client_random_len;
+  }
+
+  void SetSendEscape(bool send_escape) { send_escape_ = send_escape; }
+
+ protected:
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output) {
+    if (replaced_) {
+      return KEEP;
+    }
+
+    // Replace only the very first packet.
+    replaced_ = true;
+
+    // The SSLv2 client hello size.
+    size_t packet_len = SSL_HL_CLIENT_HELLO_HBYTES + (ciphers_.size() * 3) +
+                        client_random_len_ + pad_len_;
+
+    size_t idx = 0;
+    *output = input;
+    output->Allocate(packet_len);
+    output->Truncate(packet_len);
+
+    // Write record length.
+    if (pad_len_ > 0) {
+      size_t masked_len = 0x3fff & packet_len;
+      if (send_escape_) {
+        masked_len |= 0x4000;
+      }
+
+      idx = output->Write(idx, masked_len, 2);
+      idx = output->Write(idx, reported_pad_len_, 1);
+    } else {
+      PR_ASSERT(!send_escape_);
+      idx = output->Write(idx, 0x8000 | packet_len, 2);
+    }
+
+    // Remember header length.
+    size_t hdr_len = idx;
+
+    // Write client hello.
+    idx = output->Write(idx, SSL_MT_CLIENT_HELLO, 1);
+    idx = output->Write(idx, version_, 2);
+
+    // Cipher list length.
+    idx = output->Write(idx, (ciphers_.size() * 3), 2);
+
+    // Session ID length.
+    idx = output->Write(idx, static_cast<uint32_t>(0), 2);
+
+    // ClientRandom length.
+    idx = output->Write(idx, client_random_len_, 2);
+
+    // Cipher suites.
+    for (auto cipher : ciphers_) {
+      idx = output->Write(idx, static_cast<uint32_t>(cipher), 3);
+    }
+
+    // Challenge.
+    std::vector<uint8_t> challenge(client_random_len_);
+    PK11_GenerateRandom(challenge.data(), challenge.size());
+    idx = output->Write(idx, challenge.data(), challenge.size());
+
+    // Add padding if any.
+    if (pad_len_ > 0) {
+      std::vector<uint8_t> pad(pad_len_);
+      idx = output->Write(idx, pad.data(), pad.size());
+    }
+
+    // Update the client random so that the handshake succeeds.
+    SECStatus rv = SSLInt_UpdateSSLv2ClientRandom(
+        client_->ssl_fd(), challenge.data(), challenge.size(),
+        output->data() + hdr_len, output->len() - hdr_len);
+    EXPECT_EQ(SECSuccess, rv);
+
+    return CHANGE;
+  }
+
+ private:
+  bool replaced_;
+  TlsAgent* client_;
+  uint16_t version_;
+  uint8_t pad_len_;
+  uint8_t reported_pad_len_;
+  uint16_t client_random_len_;
+  std::vector<uint16_t> ciphers_;
+  bool send_escape_;
+};
+
+class SSLv2ClientHelloTestF : public TlsConnectTestBase {
+ public:
+  SSLv2ClientHelloTestF() : TlsConnectTestBase(STREAM, 0), filter_(nullptr) {}
+
+  SSLv2ClientHelloTestF(Mode mode, uint16_t version)
+      : TlsConnectTestBase(mode, version), filter_(nullptr) {}
+
+  void SetUp() {
+    TlsConnectTestBase::SetUp();
+    filter_ = new SSLv2ClientHelloFilter(client_, version_);
+    client_->SetPacketFilter(filter_);
+  }
+
+  void RequireSafeRenegotiation() {
+    server_->EnsureTlsSetup();
+    SECStatus rv =
+        SSL_OptionSet(server_->ssl_fd(), SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
+    EXPECT_EQ(rv, SECSuccess);
+  }
+
+  void SetExpectedVersion(uint16_t version) {
+    TlsConnectTestBase::SetExpectedVersion(version);
+    filter_->SetVersion(version);
+  }
+
+  void SetAvailableCipherSuite(uint16_t cipher) {
+    filter_->SetCipherSuites(std::vector<uint16_t>(1, cipher));
+  }
+
+  void SetAvailableCipherSuites(const std::vector<uint16_t>& ciphers) {
+    filter_->SetCipherSuites(ciphers);
+  }
+
+  void SetPadding(uint8_t pad_len) { filter_->SetPadding(pad_len); }
+
+  void SetPadding(uint8_t pad_len, uint8_t reported_pad_len) {
+    filter_->SetPadding(pad_len, reported_pad_len);
+  }
+
+  void SetClientRandomLength(uint16_t client_random_len) {
+    filter_->SetClientRandomLength(client_random_len);
+  }
+
+  void SetSendEscape(bool send_escape) { filter_->SetSendEscape(send_escape); }
+
+ private:
+  SSLv2ClientHelloFilter* filter_;
+};
+
+// Parameterized version of SSLv2ClientHelloTestF we can
+// use with TEST_P to test multiple TLS versions easily.
+class SSLv2ClientHelloTest : public SSLv2ClientHelloTestF,
+                             public ::testing::WithParamInterface<uint16_t> {
+ public:
+  SSLv2ClientHelloTest() : SSLv2ClientHelloTestF(STREAM, GetParam()) {}
+};
+
+// Test negotiating TLS 1.0 - 1.2.
+TEST_P(SSLv2ClientHelloTest, Connect) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  Connect();
+}
+
+// Test negotiating TLS 1.3.
+TEST_F(SSLv2ClientHelloTestF, Connect13) {
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  std::vector<uint16_t> cipher_suites = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256};
+  SetAvailableCipherSuites(cipher_suites);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Test negotiating an EC suite.
+TEST_P(SSLv2ClientHelloTest, NegotiateECSuite) {
+  SetAvailableCipherSuite(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  Connect();
+}
+
+// Test negotiating TLS 1.0 - 1.2 with a padded client hello.
+TEST_P(SSLv2ClientHelloTest, AddPadding) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  SetPadding(255);
+  Connect();
+}
+
+// Test that sending a security escape fails the handshake.
+TEST_P(SSLv2ClientHelloTest, SendSecurityEscape) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Send a security escape.
+  SetSendEscape(true);
+
+  // Set a big padding so that the server fails instead of timing out.
+  SetPadding(255);
+
+  ConnectExpectFail();
+}
+
+// Invalid SSLv2 client hello padding must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, AddErroneousPadding) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Append 5 bytes of padding but say it's only 4.
+  SetPadding(5, 4);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Invalid SSLv2 client hello padding must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, AddErroneousPadding2) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Append 5 bytes of padding but say it's 6.
+  SetPadding(5, 6);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Wrong amount of bytes for the ClientRandom must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, SmallClientRandom) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Send a ClientRandom that's too small.
+  SetClientRandomLength(15);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Test sending the maximum accepted number of ClientRandom bytes.
+TEST_P(SSLv2ClientHelloTest, MaxClientRandom) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  SetClientRandomLength(32);
+  Connect();
+}
+
+// Wrong amount of bytes for the ClientRandom must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, BigClientRandom) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Send a ClientRandom that's too big.
+  SetClientRandomLength(33);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Connection must fail if we require safe renegotiation but the client doesn't
+// include TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the list of cipher suites.
+TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiation) {
+  RequireSafeRenegotiation();
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_UNSAFE_NEGOTIATION, server_->error_code());
+}
+
+// Connection must succeed when requiring safe renegotiation and the client
+// includes TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the list of cipher suites.
+TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiationWithSCSV) {
+  RequireSafeRenegotiation();
+  std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+                                         TLS_EMPTY_RENEGOTIATION_INFO_SCSV};
+  SetAvailableCipherSuites(cipher_suites);
+  Connect();
+}
+
+// Connect to the server with TLS 1.1, signalling that this is a fallback from
+// a higher version. As the server doesn't support anything higher than TLS 1.1
+// it must accept the connection.
+TEST_F(SSLv2ClientHelloTestF, FallbackSCSV) {
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+
+  std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+                                         TLS_FALLBACK_SCSV};
+  SetAvailableCipherSuites(cipher_suites);
+  Connect();
+}
+
+// Connect to the server with TLS 1.1, signalling that this is a fallback from
+// a higher version. As the server supports TLS 1.2 though it must reject the
+// connection due to a possible downgrade attack.
+TEST_F(SSLv2ClientHelloTestF, InappropriateFallbackSCSV) {
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+
+  std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+                                         TLS_FALLBACK_SCSV};
+  SetAvailableCipherSuites(cipher_suites);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, server_->error_code());
+}
+
+INSTANTIATE_TEST_CASE_P(VersionsStream10Pre13, SSLv2ClientHelloTest,
+                        TlsConnectTestBase::kTlsV10);
+INSTANTIATE_TEST_CASE_P(VersionsStreamPre13, SSLv2ClientHelloTest,
+                        TlsConnectTestBase::kTlsV11V12);
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/ssl_version_unittest.cc b/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
new file mode 100644
index 0000000..72c58a0
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/ssl_version_unittest.cc
@@ -0,0 +1,244 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// Set the version number in the ClientHello.
+class TlsInspectorClientHelloVersionSetter : public TlsHandshakeFilter {
+ public:
+  TlsInspectorClientHelloVersionSetter(uint16_t version) : version_(version) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (header.handshake_type() == kTlsHandshakeClientHello) {
+      *output = input;
+      output->Write(0, version_, 2);
+      return CHANGE;
+    }
+    return KEEP;
+  }
+
+ private:
+  uint16_t version_;
+};
+
+TEST_P(TlsConnectStream, ServerNegotiateTls10) {
+  uint16_t minver, maxver;
+  client_->GetVersionRange(&minver, &maxver);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, maxver);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ServerNegotiateTls11) {
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_1) return;
+
+  uint16_t minver, maxver;
+  client_->GetVersionRange(&minver, &maxver);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, maxver);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ServerNegotiateTls12) {
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) return;
+
+  uint16_t minver, maxver;
+  client_->GetVersionRange(&minver, &maxver);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, maxver);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  Connect();
+}
+
+// Test the ServerRandom version hack from
+// [draft-ietf-tls-tls13-11 Section 6.3.1.1].
+// The first three tests test for active tampering. The next
+// two validate that we can also detect fallback using the
+// SSL_SetDowngradeCheckVersion() API.
+TEST_F(TlsConnectTest, TestDowngradeDetectionToTls11) {
+  client_->SetPacketFilter(
+      new TlsInspectorClientHelloVersionSetter(SSL_LIBRARY_VERSION_TLS_1_1));
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+/* Attempt to negotiate the bogus DTLS 1.1 version. */
+TEST_F(DtlsConnectTest, TestDtlsVersion11) {
+  client_->SetPacketFilter(
+      new TlsInspectorClientHelloVersionSetter(((~0x0101) & 0xffff)));
+  ConnectExpectFail();
+  // It's kind of surprising that SSL_ERROR_NO_CYPHER_OVERLAP is
+  // what is returned here, but this is deliberate in ssl3_HandleAlert().
+  EXPECT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_UNSUPPORTED_VERSION, server_->error_code());
+}
+
+TEST_F(TlsConnectTest, TestDowngradeDetectionToTls12) {
+  EnsureTlsSetup();
+  client_->SetPacketFilter(
+      new TlsInspectorClientHelloVersionSetter(SSL_LIBRARY_VERSION_TLS_1_2));
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+// TLS 1.1 clients do not check the random values, so we should
+// instead get a handshake failure alert from the server.
+TEST_F(TlsConnectTest, TestDowngradeDetectionToTls10) {
+  client_->SetPacketFilter(
+      new TlsInspectorClientHelloVersionSetter(SSL_LIBRARY_VERSION_TLS_1_0));
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE, server_->error_code());
+  ASSERT_EQ(SSL_ERROR_DECRYPT_ERROR_ALERT, client_->error_code());
+}
+
+TEST_F(TlsConnectTest, TestFallbackFromTls12) {
+  EnsureTlsSetup();
+  client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+TEST_F(TlsConnectTest, TestFallbackFromTls13) {
+  EnsureTlsSetup();
+  client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+// The TLS v1.3 spec section C.4 states that 'Implementations MUST NOT send or
+// accept any records with a version less than { 3, 0 }'. Thus we will not
+// allow version ranges including both SSL v3 and TLS v1.3.
+TEST_F(TlsConnectTest, DisallowSSLv3HelloWithTLSv13Enabled) {
+  SECStatus rv;
+  SSLVersionRange vrange = {SSL_LIBRARY_VERSION_3_0,
+                            SSL_LIBRARY_VERSION_TLS_1_3};
+
+  EnsureTlsSetup();
+  rv = SSL_VersionRangeSet(client_->ssl_fd(), &vrange);
+  EXPECT_EQ(SECFailure, rv);
+
+  rv = SSL_VersionRangeSet(server_->ssl_fd(), &vrange);
+  EXPECT_EQ(SECFailure, rv);
+}
+
+TEST_P(TlsConnectStream, ConnectTls10AndServerRenegotiateHigher) {
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+  // Set the client so it will accept any version from 1.0
+  // to |version_|.
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  // Reset version so that the checks succeed.
+  uint16_t test_version = version_;
+  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
+  Connect();
+
+  // Now renegotiate, with the server being set to do
+  // |version_|.
+  client_->PrepareForRenegotiate();
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
+  // Reset version and cipher suite so that the preinfo callback
+  // doesn't fail.
+  server_->ResetPreliminaryInfo();
+  server_->StartRenegotiate();
+  Handshake();
+  if (test_version < SSL_LIBRARY_VERSION_TLS_1_3) {
+    client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+  }
+}
+
+TEST_P(TlsConnectStream, ConnectTls10AndClientRenegotiateHigher) {
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+  // Set the client so it will accept any version from 1.0
+  // to |version_|.
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  // Reset version so that the checks succeed.
+  uint16_t test_version = version_;
+  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
+  Connect();
+
+  // Now renegotiate, with the server being set to do
+  // |version_|.
+  server_->PrepareForRenegotiate();
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
+  // Reset version and cipher suite so that the preinfo callback
+  // doesn't fail.
+  server_->ResetPreliminaryInfo();
+  client_->StartRenegotiate();
+  Handshake();
+  if (test_version < SSL_LIBRARY_VERSION_TLS_1_3) {
+    client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+  }
+}
+
+TEST_F(TlsConnectTest, Tls13RejectsRehandshakeClient) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SECStatus rv = SSL_ReHandshake(client_->ssl_fd(), PR_TRUE);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
+}
+
+TEST_F(TlsConnectTest, Tls13RejectsRehandshakeServer) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/test_io.cc b/nss/external_tests/ssl_gtest/test_io.cc
new file mode 100644
index 0000000..646c5a5
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/test_io.cc
@@ -0,0 +1,536 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "test_io.h"
+
+#include <algorithm>
+#include <cassert>
+#include <iostream>
+#include <memory>
+
+#include "prerror.h"
+#include "prlog.h"
+#include "prthread.h"
+
+#include "databuffer.h"
+
+extern bool g_ssl_gtest_verbose;
+
+namespace nss_test {
+
+static PRDescIdentity test_fd_identity = PR_INVALID_IO_LAYER;
+
+#define UNIMPLEMENTED()                                                        \
+  std::cerr << "Call to unimplemented function " << __FUNCTION__ << std::endl; \
+  PR_ASSERT(PR_FALSE);                                                         \
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0)
+
+#define LOG(a) std::cerr << name_ << ": " << a << std::endl
+#define LOGV(a)                      \
+  do {                               \
+    if (g_ssl_gtest_verbose) LOG(a); \
+  } while (false)
+
+class Packet : public DataBuffer {
+ public:
+  Packet(const DataBuffer &buf) : DataBuffer(buf), offset_(0) {}
+
+  void Advance(size_t delta) {
+    PR_ASSERT(offset_ + delta <= len());
+    offset_ = std::min(len(), offset_ + delta);
+  }
+
+  size_t offset() const { return offset_; }
+  size_t remaining() const { return len() - offset_; }
+
+ private:
+  size_t offset_;
+};
+
+// Implementation of NSPR methods
+static PRStatus DummyClose(PRFileDesc *f) {
+  DummyPrSocket *io = reinterpret_cast<DummyPrSocket *>(f->secret);
+  f->secret = nullptr;
+  f->dtor(f);
+  delete io;
+  return PR_SUCCESS;
+}
+
+static int32_t DummyRead(PRFileDesc *f, void *buf, int32_t length) {
+  DummyPrSocket *io = reinterpret_cast<DummyPrSocket *>(f->secret);
+  return io->Read(buf, length);
+}
+
+static int32_t DummyWrite(PRFileDesc *f, const void *buf, int32_t length) {
+  DummyPrSocket *io = reinterpret_cast<DummyPrSocket *>(f->secret);
+  return io->Write(buf, length);
+}
+
+static int32_t DummyAvailable(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+int64_t DummyAvailable64(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static PRStatus DummySync(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static int32_t DummySeek(PRFileDesc *f, int32_t offset, PRSeekWhence how) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static int64_t DummySeek64(PRFileDesc *f, int64_t offset, PRSeekWhence how) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static PRStatus DummyFileInfo(PRFileDesc *f, PRFileInfo *info) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static PRStatus DummyFileInfo64(PRFileDesc *f, PRFileInfo64 *info) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static int32_t DummyWritev(PRFileDesc *f, const PRIOVec *iov, int32_t iov_size,
+                           PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static PRStatus DummyConnect(PRFileDesc *f, const PRNetAddr *addr,
+                             PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static PRFileDesc *DummyAccept(PRFileDesc *sd, PRNetAddr *addr,
+                               PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return nullptr;
+}
+
+static PRStatus DummyBind(PRFileDesc *f, const PRNetAddr *addr) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static PRStatus DummyListen(PRFileDesc *f, int32_t depth) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static PRStatus DummyShutdown(PRFileDesc *f, int32_t how) {
+  DummyPrSocket *io = reinterpret_cast<DummyPrSocket *>(f->secret);
+  io->Reset();
+  return PR_SUCCESS;
+}
+
+// This function does not support peek.
+static int32_t DummyRecv(PRFileDesc *f, void *buf, int32_t buflen,
+                         int32_t flags, PRIntervalTime to) {
+  PR_ASSERT(flags == 0);
+  if (flags != 0) {
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return -1;
+  }
+
+  DummyPrSocket *io = reinterpret_cast<DummyPrSocket *>(f->secret);
+
+  if (io->mode() == DGRAM) {
+    return io->Recv(buf, buflen);
+  } else {
+    return io->Read(buf, buflen);
+  }
+}
+
+// Note: this is always nonblocking and assumes a zero timeout.
+static int32_t DummySend(PRFileDesc *f, const void *buf, int32_t amount,
+                         int32_t flags, PRIntervalTime to) {
+  int32_t written = DummyWrite(f, buf, amount);
+  return written;
+}
+
+static int32_t DummyRecvfrom(PRFileDesc *f, void *buf, int32_t amount,
+                             int32_t flags, PRNetAddr *addr,
+                             PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static int32_t DummySendto(PRFileDesc *f, const void *buf, int32_t amount,
+                           int32_t flags, const PRNetAddr *addr,
+                           PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static int16_t DummyPoll(PRFileDesc *f, int16_t in_flags, int16_t *out_flags) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static int32_t DummyAcceptRead(PRFileDesc *sd, PRFileDesc **nd,
+                               PRNetAddr **raddr, void *buf, int32_t amount,
+                               PRIntervalTime t) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static int32_t DummyTransmitFile(PRFileDesc *sd, PRFileDesc *f,
+                                 const void *headers, int32_t hlen,
+                                 PRTransmitFileFlags flags, PRIntervalTime t) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static PRStatus DummyGetpeername(PRFileDesc *f, PRNetAddr *addr) {
+  // TODO: Modify to return unique names for each channel
+  // somehow, as opposed to always the same static address. The current
+  // implementation messes up the session cache, which is why it's off
+  // elsewhere
+  addr->inet.family = PR_AF_INET;
+  addr->inet.port = 0;
+  addr->inet.ip = 0;
+
+  return PR_SUCCESS;
+}
+
+static PRStatus DummyGetsockname(PRFileDesc *f, PRNetAddr *addr) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static PRStatus DummyGetsockoption(PRFileDesc *f, PRSocketOptionData *opt) {
+  switch (opt->option) {
+    case PR_SockOpt_Nonblocking:
+      opt->value.non_blocking = PR_TRUE;
+      return PR_SUCCESS;
+    default:
+      UNIMPLEMENTED();
+      break;
+  }
+
+  return PR_FAILURE;
+}
+
+// Imitate setting socket options. These are mostly noops.
+static PRStatus DummySetsockoption(PRFileDesc *f,
+                                   const PRSocketOptionData *opt) {
+  switch (opt->option) {
+    case PR_SockOpt_Nonblocking:
+      return PR_SUCCESS;
+    case PR_SockOpt_NoDelay:
+      return PR_SUCCESS;
+    default:
+      UNIMPLEMENTED();
+      break;
+  }
+
+  return PR_FAILURE;
+}
+
+static int32_t DummySendfile(PRFileDesc *out, PRSendFileData *in,
+                             PRTransmitFileFlags flags, PRIntervalTime to) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+static PRStatus DummyConnectContinue(PRFileDesc *f, int16_t flags) {
+  UNIMPLEMENTED();
+  return PR_FAILURE;
+}
+
+static int32_t DummyReserved(PRFileDesc *f) {
+  UNIMPLEMENTED();
+  return -1;
+}
+
+DummyPrSocket::~DummyPrSocket() { Reset(); }
+
+void DummyPrSocket::SetPacketFilter(PacketFilter *filter) {
+  if (filter_) {
+    delete filter_;
+  }
+  filter_ = filter;
+}
+
+void DummyPrSocket::Reset() {
+  delete filter_;
+  if (peer_) {
+    peer_->SetPeer(nullptr);
+    peer_ = nullptr;
+  }
+  while (!input_.empty()) {
+    Packet *front = input_.front();
+    input_.pop();
+    delete front;
+  }
+}
+
+static const struct PRIOMethods DummyMethods = {
+    PR_DESC_LAYERED,    DummyClose,
+    DummyRead,          DummyWrite,
+    DummyAvailable,     DummyAvailable64,
+    DummySync,          DummySeek,
+    DummySeek64,        DummyFileInfo,
+    DummyFileInfo64,    DummyWritev,
+    DummyConnect,       DummyAccept,
+    DummyBind,          DummyListen,
+    DummyShutdown,      DummyRecv,
+    DummySend,          DummyRecvfrom,
+    DummySendto,        DummyPoll,
+    DummyAcceptRead,    DummyTransmitFile,
+    DummyGetsockname,   DummyGetpeername,
+    DummyReserved,      DummyReserved,
+    DummyGetsockoption, DummySetsockoption,
+    DummySendfile,      DummyConnectContinue,
+    DummyReserved,      DummyReserved,
+    DummyReserved,      DummyReserved};
+
+PRFileDesc *DummyPrSocket::CreateFD(const std::string &name, Mode mode) {
+  if (test_fd_identity == PR_INVALID_IO_LAYER) {
+    test_fd_identity = PR_GetUniqueIdentity("testtransportadapter");
+  }
+
+  PRFileDesc *fd = (PR_CreateIOLayerStub(test_fd_identity, &DummyMethods));
+  fd->secret = reinterpret_cast<PRFilePrivate *>(new DummyPrSocket(name, mode));
+
+  return fd;
+}
+
+DummyPrSocket *DummyPrSocket::GetAdapter(PRFileDesc *fd) {
+  return reinterpret_cast<DummyPrSocket *>(fd->secret);
+}
+
+void DummyPrSocket::PacketReceived(const DataBuffer &packet) {
+  input_.push(new Packet(packet));
+}
+
+int32_t DummyPrSocket::Read(void *data, int32_t len) {
+  PR_ASSERT(mode_ == STREAM);
+
+  if (mode_ != STREAM) {
+    PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+    return -1;
+  }
+
+  if (input_.empty()) {
+    LOGV("Read --> wouldblock " << len);
+    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+    return -1;
+  }
+
+  Packet *front = input_.front();
+  size_t to_read =
+      std::min(static_cast<size_t>(len), front->len() - front->offset());
+  memcpy(data, static_cast<const void *>(front->data() + front->offset()),
+         to_read);
+  front->Advance(to_read);
+
+  if (!front->remaining()) {
+    input_.pop();
+    delete front;
+  }
+
+  return static_cast<int32_t>(to_read);
+}
+
+int32_t DummyPrSocket::Recv(void *buf, int32_t buflen) {
+  if (input_.empty()) {
+    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+    return -1;
+  }
+
+  Packet *front = input_.front();
+  if (static_cast<size_t>(buflen) < front->len()) {
+    PR_ASSERT(false);
+    PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+    return -1;
+  }
+
+  size_t count = front->len();
+  memcpy(buf, front->data(), count);
+
+  input_.pop();
+  delete front;
+
+  return static_cast<int32_t>(count);
+}
+
+int32_t DummyPrSocket::Write(const void *buf, int32_t length) {
+  if (!peer_) {
+    PR_SetError(PR_IO_ERROR, 0);
+    return -1;
+  }
+
+  DataBuffer packet(static_cast<const uint8_t *>(buf),
+                    static_cast<size_t>(length));
+  DataBuffer filtered;
+  PacketFilter::Action action = PacketFilter::KEEP;
+  if (filter_) {
+    action = filter_->Filter(packet, &filtered);
+  }
+  switch (action) {
+    case PacketFilter::CHANGE:
+      LOG("Original packet: " << packet);
+      LOG("Filtered packet: " << filtered);
+      peer_->PacketReceived(filtered);
+      break;
+    case PacketFilter::DROP:
+      LOG("Droppped packet: " << packet);
+      break;
+    case PacketFilter::KEEP:
+      LOGV("Packet: " << packet);
+      peer_->PacketReceived(packet);
+      break;
+  }
+  // libssl can't handle it if this reports something other than the length
+  // of what was passed in (or less, but we're not doing partial writes).
+  return static_cast<int32_t>(packet.len());
+}
+
+Poller *Poller::instance;
+
+Poller *Poller::Instance() {
+  if (!instance) instance = new Poller();
+
+  return instance;
+}
+
+void Poller::Shutdown() {
+  delete instance;
+  instance = nullptr;
+}
+
+Poller::~Poller() {
+  while (!timers_.empty()) {
+    Timer *timer = timers_.top();
+    timers_.pop();
+    delete timer;
+  }
+}
+
+void Poller::Wait(Event event, DummyPrSocket *adapter, PollTarget *target,
+                  PollCallback cb) {
+  auto it = waiters_.find(adapter);
+  Waiter *waiter;
+
+  if (it == waiters_.end()) {
+    waiter = new Waiter(adapter);
+  } else {
+    waiter = it->second;
+  }
+
+  assert(event < TIMER_EVENT);
+  if (event >= TIMER_EVENT) return;
+
+  waiter->targets_[event] = target;
+  waiter->callbacks_[event] = cb;
+  waiters_[adapter] = waiter;
+}
+
+void Poller::Cancel(Event event, DummyPrSocket *adapter) {
+  auto it = waiters_.find(adapter);
+  Waiter *waiter;
+
+  if (it == waiters_.end()) {
+    return;
+  }
+
+  waiter = it->second;
+
+  waiter->targets_[event] = nullptr;
+  waiter->callbacks_[event] = nullptr;
+
+  // Clean up if there are no callbacks.
+  for (size_t i = 0; i < TIMER_EVENT; ++i) {
+    if (waiter->callbacks_[i]) return;
+  }
+
+  delete waiter;
+  waiters_.erase(adapter);
+}
+
+void Poller::SetTimer(uint32_t timer_ms, PollTarget *target, PollCallback cb,
+                      Timer **timer) {
+  Timer *t = new Timer(PR_Now() + timer_ms * 1000, target, cb);
+  timers_.push(t);
+  if (timer) *timer = t;
+}
+
+bool Poller::Poll() {
+  if (g_ssl_gtest_verbose) {
+    std::cerr << "Poll() waiters = " << waiters_.size()
+              << " timers = " << timers_.size() << std::endl;
+  }
+  PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT;
+  PRTime now = PR_Now();
+  bool fired = false;
+
+  // Figure out the timer for the select.
+  if (!timers_.empty()) {
+    Timer *first_timer = timers_.top();
+    if (now >= first_timer->deadline_) {
+      // Timer expired.
+      timeout = PR_INTERVAL_NO_WAIT;
+    } else {
+      timeout =
+          PR_MillisecondsToInterval((first_timer->deadline_ - now) / 1000);
+    }
+  }
+
+  for (auto it = waiters_.begin(); it != waiters_.end(); ++it) {
+    Waiter *waiter = it->second;
+
+    if (waiter->callbacks_[READABLE_EVENT]) {
+      if (waiter->io_->readable()) {
+        PollCallback callback = waiter->callbacks_[READABLE_EVENT];
+        PollTarget *target = waiter->targets_[READABLE_EVENT];
+        waiter->callbacks_[READABLE_EVENT] = nullptr;
+        waiter->targets_[READABLE_EVENT] = nullptr;
+        callback(target, READABLE_EVENT);
+        fired = true;
+      }
+    }
+  }
+
+  if (fired) timeout = PR_INTERVAL_NO_WAIT;
+
+  // Can't wait forever and also have nothing readable now.
+  if (timeout == PR_INTERVAL_NO_TIMEOUT) return false;
+
+  // Sleep.
+  if (timeout != PR_INTERVAL_NO_WAIT) {
+    PR_Sleep(timeout);
+  }
+
+  // Now process anything that timed out.
+  now = PR_Now();
+  while (!timers_.empty()) {
+    if (now < timers_.top()->deadline_) break;
+
+    Timer *timer = timers_.top();
+    timers_.pop();
+    if (timer->callback_) {
+      timer->callback_(timer->target_, TIMER_EVENT);
+    }
+    delete timer;
+  }
+
+  return true;
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/test_io.h b/nss/external_tests/ssl_gtest/test_io.h
new file mode 100644
index 0000000..9ea444c
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/test_io.h
@@ -0,0 +1,146 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef test_io_h_
+#define test_io_h_
+
+#include <string.h>
+#include <map>
+#include <memory>
+#include <ostream>
+#include <queue>
+#include <string>
+
+#include "prio.h"
+
+namespace nss_test {
+
+class DataBuffer;
+class Packet;
+class DummyPrSocket;  // Fwd decl.
+
+// Allow us to inspect a packet before it is written.
+class PacketFilter {
+ public:
+  enum Action {
+    KEEP,    // keep the original packet unmodified
+    CHANGE,  // change the packet to a different value
+    DROP     // drop the packet
+  };
+
+  virtual ~PacketFilter() {}
+
+  // The packet filter takes input and has the option of mutating it.
+  //
+  // A filter that modifies the data places the modified data in *output and
+  // returns CHANGE.  A filter that does not modify data returns LEAVE, in which
+  // case the value in *output is ignored.  A Filter can return DROP, in which
+  // case the packet is dropped (and *output is ignored).
+  virtual Action Filter(const DataBuffer& input, DataBuffer* output) = 0;
+};
+
+enum Mode { STREAM, DGRAM };
+
+inline std::ostream& operator<<(std::ostream& os, Mode m) {
+  return os << ((m == STREAM) ? "TLS" : "DTLS");
+}
+
+class DummyPrSocket {
+ public:
+  ~DummyPrSocket();
+
+  static PRFileDesc* CreateFD(const std::string& name,
+                              Mode mode);  // Returns an FD.
+  static DummyPrSocket* GetAdapter(PRFileDesc* fd);
+
+  DummyPrSocket* peer() const { return peer_; }
+  void SetPeer(DummyPrSocket* peer) { peer_ = peer; }
+  void SetPacketFilter(PacketFilter* filter);
+  // Drops peer, packet filter and any outstanding packets.
+  void Reset();
+
+  void PacketReceived(const DataBuffer& data);
+  int32_t Read(void* data, int32_t len);
+  int32_t Recv(void* buf, int32_t buflen);
+  int32_t Write(const void* buf, int32_t length);
+
+  Mode mode() const { return mode_; }
+  bool readable() const { return !input_.empty(); }
+  bool writable() { return true; }
+
+ private:
+  DummyPrSocket(const std::string& name, Mode mode)
+      : name_(name), mode_(mode), peer_(nullptr), input_(), filter_(nullptr) {}
+
+  const std::string name_;
+  Mode mode_;
+  DummyPrSocket* peer_;
+  std::queue<Packet*> input_;
+  PacketFilter* filter_;
+};
+
+// Marker interface.
+class PollTarget {};
+
+enum Event { READABLE_EVENT, TIMER_EVENT /* Must be last */ };
+
+typedef void (*PollCallback)(PollTarget*, Event);
+
+class Poller {
+ public:
+  static Poller* Instance();  // Get a singleton.
+  static void Shutdown();     // Shut it down.
+
+  class Timer {
+   public:
+    Timer(PRTime deadline, PollTarget* target, PollCallback callback)
+        : deadline_(deadline), target_(target), callback_(callback) {}
+    void Cancel() { callback_ = nullptr; }
+
+    PRTime deadline_;
+    PollTarget* target_;
+    PollCallback callback_;
+  };
+
+  void Wait(Event event, DummyPrSocket* adapter, PollTarget* target,
+            PollCallback cb);
+  void Cancel(Event event, DummyPrSocket* adapter);
+  void SetTimer(uint32_t timer_ms, PollTarget* target, PollCallback cb,
+                Timer** handle);
+  bool Poll();
+
+ private:
+  Poller() : waiters_(), timers_() {}
+  ~Poller();
+
+  class Waiter {
+   public:
+    Waiter(DummyPrSocket* io) : io_(io) {
+      memset(&callbacks_[0], 0, sizeof(callbacks_));
+    }
+
+    void WaitFor(Event event, PollCallback callback);
+
+    DummyPrSocket* io_;
+    PollTarget* targets_[TIMER_EVENT];
+    PollCallback callbacks_[TIMER_EVENT];
+  };
+
+  class TimerComparator {
+   public:
+    bool operator()(const Timer* lhs, const Timer* rhs) {
+      return lhs->deadline_ > rhs->deadline_;
+    }
+  };
+
+  static Poller* instance;
+  std::map<DummyPrSocket*, Waiter*> waiters_;
+  std::priority_queue<Timer*, std::vector<Timer*>, TimerComparator> timers_;
+};
+
+}  // end of namespace
+
+#endif
diff --git a/nss/external_tests/ssl_gtest/tls_agent.cc b/nss/external_tests/ssl_gtest/tls_agent.cc
new file mode 100644
index 0000000..ee6b88c
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_agent.cc
@@ -0,0 +1,883 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_agent.h"
+#include "databuffer.h"
+#include "keyhi.h"
+#include "pk11func.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+#include "tls_parser.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+
+extern std::string g_working_dir_path;
+
+namespace nss_test {
+
+const char* TlsAgent::states[] = {"INIT", "CONNECTING", "CONNECTED", "ERROR"};
+
+const std::string TlsAgent::kClient = "client";    // both sign and encrypt
+const std::string TlsAgent::kRsa2048 = "rsa2048";  // bigger
+const std::string TlsAgent::kServerRsa = "rsa";    // both sign and encrypt
+const std::string TlsAgent::kServerRsaSign = "rsa_sign";
+const std::string TlsAgent::kServerRsaPss = "rsa_pss";
+const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt";
+const std::string TlsAgent::kServerEcdsa256 = "ecdsa256";
+const std::string TlsAgent::kServerEcdsa384 = "ecdsa384";
+const std::string TlsAgent::kServerEcdhRsa = "ecdh_rsa";
+const std::string TlsAgent::kServerEcdhEcdsa = "ecdh_ecdsa";
+const std::string TlsAgent::kServerDsa = "dsa";
+
+TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode)
+    : name_(name),
+      mode_(mode),
+      server_key_bits_(0),
+      pr_fd_(nullptr),
+      adapter_(nullptr),
+      ssl_fd_(nullptr),
+      role_(role),
+      state_(STATE_INIT),
+      timer_handle_(nullptr),
+      falsestart_enabled_(false),
+      expected_version_(0),
+      expected_cipher_suite_(0),
+      expect_resumption_(false),
+      expect_client_auth_(false),
+      can_falsestart_hook_called_(false),
+      sni_hook_called_(false),
+      auth_certificate_hook_called_(false),
+      handshake_callback_called_(false),
+      error_code_(0),
+      send_ctr_(0),
+      recv_ctr_(0),
+      expect_readwrite_error_(false),
+      handshake_callback_(),
+      auth_certificate_callback_(),
+      sni_callback_() {
+  memset(&info_, 0, sizeof(info_));
+  memset(&csinfo_, 0, sizeof(csinfo_));
+  SECStatus rv = SSL_VersionRangeGetDefault(
+      mode_ == STREAM ? ssl_variant_stream : ssl_variant_datagram, &vrange_);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+TlsAgent::~TlsAgent() {
+  if (adapter_) {
+    Poller::Instance()->Cancel(READABLE_EVENT, adapter_);
+    // The adapter is closed when the FD closes.
+  }
+  if (timer_handle_) {
+    timer_handle_->Cancel();
+  }
+
+  if (pr_fd_) {
+    PR_Close(pr_fd_);
+  }
+
+  if (ssl_fd_) {
+    PR_Close(ssl_fd_);
+  }
+}
+
+void TlsAgent::SetState(State state) {
+  if (state_ == state) return;
+
+  LOG("Changing state from " << state_ << " to " << state);
+  state_ = state;
+}
+
+bool TlsAgent::ConfigServerCert(const std::string& name, bool updateKeyBits,
+                                const SSLExtraServerCertData* serverCertData) {
+  ScopedCERTCertificate cert(PK11_FindCertFromNickname(name.c_str(), nullptr));
+  EXPECT_NE(nullptr, cert.get());
+  if (!cert.get()) return false;
+
+  ScopedSECKEYPublicKey pub(CERT_ExtractPublicKey(cert.get()));
+  EXPECT_NE(nullptr, pub.get());
+  if (!pub.get()) return false;
+  if (updateKeyBits) {
+    server_key_bits_ = SECKEY_PublicKeyStrengthInBits(pub.get());
+  }
+
+  ScopedSECKEYPrivateKey priv(PK11_FindKeyByAnyCert(cert.get(), nullptr));
+  EXPECT_NE(nullptr, priv.get());
+  if (!priv.get()) return false;
+
+  SECStatus rv =
+      SSL_ConfigSecureServer(ssl_fd_, nullptr, nullptr, ssl_kea_null);
+  EXPECT_EQ(SECFailure, rv);
+  rv = SSL_ConfigServerCert(ssl_fd_, cert.get(), priv.get(), serverCertData,
+                            serverCertData ? sizeof(*serverCertData) : 0);
+  return rv == SECSuccess;
+}
+
+// The tests expect that only curves secp256r1, secp384r1, and secp521r1
+// (NIST P-256, P-384, and P-521) are enabled. Disable all other curves.
+void TlsAgent::DisableLameGroups() {
+#ifdef NSS_ECC_MORE_THAN_SUITE_B
+  static const SSLNamedGroup groups[] = {
+      ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1,
+      ssl_grp_ffdhe_2048,   ssl_grp_ffdhe_3072,   ssl_grp_ffdhe_4096};
+  ConfigNamedGroups(groups, PR_ARRAY_SIZE(groups));
+#endif
+}
+
+bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
+  // Don't set up twice
+  if (ssl_fd_) return true;
+
+  if (adapter_->mode() == STREAM) {
+    ssl_fd_ = SSL_ImportFD(modelSocket, pr_fd_);
+  } else {
+    ssl_fd_ = DTLS_ImportFD(modelSocket, pr_fd_);
+  }
+
+  EXPECT_NE(nullptr, ssl_fd_);
+  if (!ssl_fd_) return false;
+  pr_fd_ = nullptr;
+
+  SECStatus rv = SSL_VersionRangeSet(ssl_fd_, &vrange_);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  // Needs to be set before configuring server certs.
+  rv = SSL_OptionSet(ssl_fd_, SSL_NO_STEP_DOWN, PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  if (role_ == SERVER) {
+    EXPECT_TRUE(ConfigServerCert(name_, true));
+
+    rv = SSL_SNISocketConfigHook(ssl_fd_, SniHook, this);
+    EXPECT_EQ(SECSuccess, rv);
+    if (rv != SECSuccess) return false;
+  } else {
+    rv = SSL_SetURL(ssl_fd_, "server");
+    EXPECT_EQ(SECSuccess, rv);
+    if (rv != SECSuccess) return false;
+  }
+
+  rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  rv = SSL_HandshakeCallback(ssl_fd_, HandshakeCallback, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  DisableLameGroups();
+  return true;
+}
+
+void TlsAgent::SetupClientAuth() {
+  EXPECT_TRUE(EnsureTlsSetup());
+  ASSERT_EQ(CLIENT, role_);
+
+  EXPECT_EQ(SECSuccess,
+            SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook,
+                                      reinterpret_cast<void*>(this)));
+}
+
+bool TlsAgent::GetClientAuthCredentials(CERTCertificate** cert,
+                                        SECKEYPrivateKey** priv) const {
+  *cert = PK11_FindCertFromNickname(name_.c_str(), nullptr);
+  EXPECT_NE(nullptr, *cert);
+  if (!*cert) return false;
+
+  *priv = PK11_FindKeyByAnyCert(*cert, nullptr);
+  EXPECT_NE(nullptr, *priv);
+  if (!*priv) return false;  // Leak cert.
+
+  return true;
+}
+
+SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                          CERTDistNames* caNames,
+                                          CERTCertificate** cert,
+                                          SECKEYPrivateKey** privKey) {
+  TlsAgent* agent = reinterpret_cast<TlsAgent*>(self);
+  ScopedCERTCertificate peerCert(SSL_PeerCertificate(agent->ssl_fd()));
+  EXPECT_TRUE(peerCert) << "Client should be able to see the server cert";
+  if (agent->GetClientAuthCredentials(cert, privKey)) {
+    return SECSuccess;
+  }
+  return SECFailure;
+}
+
+void TlsAgent::RequestClientAuth(bool requireAuth) {
+  EXPECT_TRUE(EnsureTlsSetup());
+  ASSERT_EQ(SERVER, role_);
+
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(ssl_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE));
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(ssl_fd_, SSL_REQUIRE_CERTIFICATE,
+                                      requireAuth ? PR_TRUE : PR_FALSE));
+
+  EXPECT_EQ(SECSuccess, SSL_AuthCertificateHook(
+                            ssl_fd_, &TlsAgent::ClientAuthenticated, this));
+  expect_client_auth_ = true;
+}
+
+void TlsAgent::StartConnect(PRFileDesc* model) {
+  EXPECT_TRUE(EnsureTlsSetup(model));
+
+  SECStatus rv;
+  rv = SSL_ResetHandshake(ssl_fd_, role_ == SERVER ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+  SetState(STATE_CONNECTING);
+}
+
+void TlsAgent::DisableAllCiphers() {
+  for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    SECStatus rv =
+        SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_FALSE);
+    EXPECT_EQ(SECSuccess, rv);
+  }
+}
+
+void TlsAgent::EnableCiphersByKeyExchange(SSLKEAType kea) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    SSLCipherSuiteInfo csinfo;
+
+    SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                          sizeof(csinfo));
+    ASSERT_EQ(SECSuccess, rv);
+    EXPECT_EQ(sizeof(csinfo), csinfo.length);
+
+    if (csinfo.keaType == kea && !csinfo.isExportable) {
+      rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
+      EXPECT_EQ(SECSuccess, rv);
+    }
+  }
+}
+
+void TlsAgent::EnableCiphersByAuthType(SSLAuthType authType) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    SSLCipherSuiteInfo csinfo;
+
+    SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                          sizeof(csinfo));
+    ASSERT_EQ(SECSuccess, rv);
+
+    if (csinfo.authType == authType && !csinfo.isExportable) {
+      rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
+      EXPECT_EQ(SECSuccess, rv);
+    }
+  }
+}
+
+void TlsAgent::EnableSingleCipher(uint16_t cipher) {
+  DisableAllCiphers();
+  SECStatus rv = SSL_CipherPrefSet(ssl_fd_, cipher, PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::ConfigNamedGroups(const SSLNamedGroup* groups, size_t num) {
+  EXPECT_TRUE(EnsureTlsSetup());
+  SECStatus rv = SSL_NamedGroupConfig(ssl_fd_, groups, num);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetSessionTicketsEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_SESSION_TICKETS,
+                               en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetSessionCacheEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE, en ? PR_FALSE : PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::Set0RttEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv =
+      SSL_OptionSet(ssl_fd_, SSL_ENABLE_0RTT_DATA, en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetVersionRange(uint16_t minver, uint16_t maxver) {
+  vrange_.min = minver;
+  vrange_.max = maxver;
+
+  if (ssl_fd_) {
+    SECStatus rv = SSL_VersionRangeSet(ssl_fd_, &vrange_);
+    EXPECT_EQ(SECSuccess, rv);
+  }
+}
+
+void TlsAgent::GetVersionRange(uint16_t* minver, uint16_t* maxver) {
+  *minver = vrange_.min;
+  *maxver = vrange_.max;
+}
+
+void TlsAgent::SetExpectedVersion(uint16_t version) {
+  expected_version_ = version;
+}
+
+void TlsAgent::SetServerKeyBits(uint16_t bits) { server_key_bits_ = bits; }
+
+void TlsAgent::ExpectReadWriteError() { expect_readwrite_error_ = true; }
+
+void TlsAgent::SetSignatureAlgorithms(const SSLSignatureAndHashAlg* algorithms,
+                                      size_t count) {
+  EXPECT_TRUE(EnsureTlsSetup());
+  EXPECT_LE(count, SSL_SignatureMaxCount());
+  EXPECT_EQ(SECSuccess, SSL_SignaturePrefSet(ssl_fd_, algorithms,
+                                             static_cast<unsigned int>(count)));
+  EXPECT_EQ(SECFailure, SSL_SignaturePrefSet(ssl_fd_, algorithms, 0))
+      << "setting no algorithms should fail and do nothing";
+
+  std::vector<SSLSignatureAndHashAlg> configuredAlgorithms(count);
+  unsigned int configuredCount;
+  EXPECT_EQ(SECFailure,
+            SSL_SignaturePrefGet(ssl_fd_, nullptr, &configuredCount, 1))
+      << "get algorithms, algorithms is nullptr";
+  EXPECT_EQ(SECFailure, SSL_SignaturePrefGet(ssl_fd_, &configuredAlgorithms[0],
+                                             &configuredCount, 0))
+      << "get algorithms, too little space";
+  EXPECT_EQ(SECFailure,
+            SSL_SignaturePrefGet(ssl_fd_, &configuredAlgorithms[0], nullptr,
+                                 configuredAlgorithms.size()))
+      << "get algorithms, algCountOut is nullptr";
+
+  EXPECT_EQ(SECSuccess, SSL_SignaturePrefGet(ssl_fd_, &configuredAlgorithms[0],
+                                             &configuredCount,
+                                             configuredAlgorithms.size()));
+  // SignaturePrefSet drops unsupported algorithms silently, so the number that
+  // are configured might be fewer.
+  EXPECT_LE(configuredCount, count);
+  unsigned int i = 0;
+  for (unsigned int j = 0; j < count && i < configuredCount; ++j) {
+    if (i < configuredCount &&
+        algorithms[j].hashAlg == configuredAlgorithms[i].hashAlg &&
+        algorithms[j].sigAlg == configuredAlgorithms[i].sigAlg) {
+      ++i;
+    }
+  }
+  EXPECT_EQ(i, configuredCount) << "algorithms in use were all set";
+}
+
+void TlsAgent::CheckKEA(SSLKEAType type, size_t kea_size) const {
+  EXPECT_EQ(STATE_CONNECTED, state_);
+  EXPECT_EQ(type, csinfo_.keaType);
+  EXPECT_EQ(kea_size, info_.keaKeyBits);
+}
+
+void TlsAgent::CheckKEA(SSLKEAType type) const {
+  PRUint32 ecKEAKeyBits = SSLInt_DetermineKEABits(server_key_bits_, &csinfo_);
+  switch (type) {
+    case ssl_kea_ecdh:
+      CheckKEA(type, ecKEAKeyBits);
+      break;
+    case ssl_kea_dh:
+      CheckKEA(type, 2048);
+      break;
+    case ssl_kea_rsa:
+      CheckKEA(type, server_key_bits_);
+      break;
+    default:
+      EXPECT_TRUE(false) << "Unknown KEA type";
+      break;
+  }
+}
+
+void TlsAgent::CheckAuthType(SSLAuthType type) const {
+  EXPECT_EQ(STATE_CONNECTED, state_);
+  EXPECT_EQ(type, csinfo_.authType);
+  EXPECT_EQ(server_key_bits_, info_.authKeyBits);
+
+  // Check authAlgorithm, which is the old value for authType.  This is a second
+  // switch
+  // statement because default label is different.
+  switch (type) {
+    case ssl_auth_rsa_sign:
+      EXPECT_EQ(ssl_auth_rsa_decrypt, csinfo_.authAlgorithm)
+          << "authAlgorithm for RSA is always decrypt";
+      break;
+    case ssl_auth_ecdh_rsa:
+      EXPECT_EQ(ssl_auth_rsa_decrypt, csinfo_.authAlgorithm)
+          << "authAlgorithm for ECDH_RSA is RSA decrypt (i.e., wrong)";
+      break;
+    case ssl_auth_ecdh_ecdsa:
+      EXPECT_EQ(ssl_auth_ecdsa, csinfo_.authAlgorithm)
+          << "authAlgorithm for ECDH_ECDSA is ECDSA (i.e., wrong)";
+      break;
+    default:
+      EXPECT_EQ(type, csinfo_.authAlgorithm)
+          << "authAlgorithm is (usually) the same as authType";
+      break;
+  }
+}
+
+void TlsAgent::EnableFalseStart() {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  falsestart_enabled_ = true;
+  EXPECT_EQ(SECSuccess,
+            SSL_SetCanFalseStartCallback(ssl_fd_, CanFalseStartCallback, this));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(ssl_fd_, SSL_ENABLE_FALSE_START, PR_TRUE));
+}
+
+void TlsAgent::ExpectResumption() { expect_resumption_ = true; }
+
+void TlsAgent::EnableAlpn(const uint8_t* val, size_t len) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(ssl_fd_, SSL_ENABLE_ALPN, PR_TRUE));
+  EXPECT_EQ(SECSuccess, SSL_SetNextProtoNego(ssl_fd_, val, len));
+}
+
+void TlsAgent::CheckAlpn(SSLNextProtoState expected_state,
+                         const std::string& expected) const {
+  SSLNextProtoState state;
+  char chosen[10];
+  unsigned int chosen_len;
+  SECStatus rv = SSL_GetNextProto(ssl_fd_, &state,
+                                  reinterpret_cast<unsigned char*>(chosen),
+                                  &chosen_len, sizeof(chosen));
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ(expected_state, state);
+  if (state == SSL_NEXT_PROTO_NO_SUPPORT) {
+    EXPECT_EQ("", expected);
+  } else {
+    EXPECT_NE("", expected);
+    EXPECT_EQ(expected, std::string(chosen, chosen_len));
+  }
+}
+
+void TlsAgent::EnableSrtp() {
+  EXPECT_TRUE(EnsureTlsSetup());
+  const uint16_t ciphers[] = {SRTP_AES128_CM_HMAC_SHA1_80,
+                              SRTP_AES128_CM_HMAC_SHA1_32};
+  EXPECT_EQ(SECSuccess,
+            SSL_SetSRTPCiphers(ssl_fd_, ciphers, PR_ARRAY_SIZE(ciphers)));
+}
+
+void TlsAgent::CheckSrtp() const {
+  uint16_t actual;
+  EXPECT_EQ(SECSuccess, SSL_GetSRTPCipher(ssl_fd_, &actual));
+  EXPECT_EQ(SRTP_AES128_CM_HMAC_SHA1_80, actual);
+}
+
+void TlsAgent::CheckErrorCode(int32_t expected) const {
+  EXPECT_EQ(STATE_ERROR, state_);
+  EXPECT_EQ(expected, error_code_)
+      << "Got error code " << PORT_ErrorToName(error_code_) << " expecting "
+      << PORT_ErrorToName(expected) << std::endl;
+}
+
+void TlsAgent::WaitForErrorCode(int32_t expected, uint32_t delay) const {
+  ASSERT_EQ(0, error_code_);
+  WAIT_(error_code_ != 0, delay);
+  EXPECT_EQ(expected, error_code_)
+      << "Got error code " << PORT_ErrorToName(error_code_) << " expecting "
+      << PORT_ErrorToName(expected) << std::endl;
+}
+
+void TlsAgent::CheckPreliminaryInfo() {
+  SSLPreliminaryChannelInfo info;
+  EXPECT_EQ(SECSuccess,
+            SSL_GetPreliminaryChannelInfo(ssl_fd_, &info, sizeof(info)));
+  EXPECT_EQ(sizeof(info), info.length);
+  EXPECT_TRUE(info.valuesSet & ssl_preinfo_version);
+  EXPECT_TRUE(info.valuesSet & ssl_preinfo_cipher_suite);
+
+  // A version of 0 is invalid and indicates no expectation.  This value is
+  // initialized to 0 so that tests that don't explicitly set an expected
+  // version can negotiate a version.
+  if (!expected_version_) {
+    expected_version_ = info.protocolVersion;
+  }
+  EXPECT_EQ(expected_version_, info.protocolVersion);
+
+  // As with the version; 0 is the null cipher suite (and also invalid).
+  if (!expected_cipher_suite_) {
+    expected_cipher_suite_ = info.cipherSuite;
+  }
+  EXPECT_EQ(expected_cipher_suite_, info.cipherSuite);
+}
+
+// Check that all the expected callbacks have been called.
+void TlsAgent::CheckCallbacks() const {
+  // If false start happens, the handshake is reported as being complete at the
+  // point that false start happens.
+  if (expect_resumption_ || !falsestart_enabled_) {
+    EXPECT_TRUE(handshake_callback_called_);
+  }
+
+  // These callbacks shouldn't fire if we are resuming, except on TLS 1.3.
+  if (role_ == SERVER) {
+    PRBool have_sni = SSLInt_ExtensionNegotiated(ssl_fd_, ssl_server_name_xtn);
+    EXPECT_EQ(((!expect_resumption_ && have_sni) ||
+               expected_version_ >= SSL_LIBRARY_VERSION_TLS_1_3),
+              sni_hook_called_);
+  } else {
+    EXPECT_EQ(!expect_resumption_, auth_certificate_hook_called_);
+    // Note that this isn't unconditionally called, even with false start on.
+    // But the callback is only skipped if a cipher that is ridiculously weak
+    // (80 bits) is chosen.  Don't test that: plan to remove bad ciphers.
+    EXPECT_EQ(falsestart_enabled_ && !expect_resumption_,
+              can_falsestart_hook_called_);
+  }
+}
+
+void TlsAgent::ResetPreliminaryInfo() {
+  expected_version_ = 0;
+  expected_cipher_suite_ = 0;
+}
+
+void TlsAgent::Connected() {
+  LOG("Handshake success");
+  CheckPreliminaryInfo();
+  CheckCallbacks();
+
+  SECStatus rv = SSL_GetChannelInfo(ssl_fd_, &info_, sizeof(info_));
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ(sizeof(info_), info_.length);
+
+  // Preliminary values are exposed through callbacks during the handshake.
+  // If either expected values were set or the callbacks were called, check
+  // that the final values are correct.
+  EXPECT_EQ(expected_version_, info_.protocolVersion);
+  EXPECT_EQ(expected_cipher_suite_, info_.cipherSuite);
+
+  rv = SSL_GetCipherSuiteInfo(info_.cipherSuite, &csinfo_, sizeof(csinfo_));
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ(sizeof(csinfo_), csinfo_.length);
+
+  if (expected_version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    PRInt32 cipherSuites = SSLInt_CountTls13CipherSpecs(ssl_fd_);
+    // We use one ciphersuite in each direction, plus one that's kept around
+    // by DTLS for retransmission.
+    EXPECT_EQ(((mode_ == DGRAM) && (role_ == CLIENT)) ? 3 : 2, cipherSuites);
+  }
+
+  SetState(STATE_CONNECTED);
+}
+
+void TlsAgent::EnableExtendedMasterSecret() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv =
+      SSL_OptionSet(ssl_fd_, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::CheckExtendedMasterSecret(bool expected) {
+  if (version() >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    expected = PR_TRUE;
+  }
+  ASSERT_EQ(expected, info_.extendedMasterSecretUsed != PR_FALSE)
+      << "unexpected extended master secret state for " << name_;
+}
+
+void TlsAgent::CheckEarlyDataAccepted(bool expected) {
+  if (version() < SSL_LIBRARY_VERSION_TLS_1_3) {
+    expected = false;
+  }
+  ASSERT_EQ(expected, info_.earlyDataAccepted != PR_FALSE)
+      << "unexpected early data state for " << name_;
+}
+
+void TlsAgent::CheckSecretsDestroyed() {
+  ASSERT_EQ(PR_TRUE, SSLInt_CheckSecretsDestroyed(ssl_fd_));
+}
+
+void TlsAgent::DisableRollbackDetection() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ROLLBACK_DETECTION, PR_FALSE);
+
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::EnableCompression() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_DEFLATE, PR_TRUE);
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetDowngradeCheckVersion(uint16_t version) {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_SetDowngradeCheckVersion(ssl_fd_, version);
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::Handshake() {
+  LOGV("Handshake");
+  SECStatus rv = SSL_ForceHandshake(ssl_fd_);
+  if (rv == SECSuccess) {
+    Connected();
+
+    Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
+                             &TlsAgent::ReadableCallback);
+    return;
+  }
+
+  int32_t err = PR_GetError();
+  if (err == PR_WOULD_BLOCK_ERROR) {
+    LOG("Would have blocked");
+    if (mode_ == DGRAM) {
+      if (timer_handle_) {
+        timer_handle_->Cancel();
+        timer_handle_ = nullptr;
+      }
+
+      PRIntervalTime timeout;
+      rv = DTLS_GetHandshakeTimeout(ssl_fd_, &timeout);
+      if (rv == SECSuccess) {
+        Poller::Instance()->SetTimer(
+            timeout + 1, this, &TlsAgent::ReadableCallback, &timer_handle_);
+      }
+    }
+    Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
+                             &TlsAgent::ReadableCallback);
+    return;
+  }
+
+  LOG("Handshake failed with error " << PORT_ErrorToName(err) << ": "
+                                     << PORT_ErrorToString(err));
+  error_code_ = err;
+  SetState(STATE_ERROR);
+}
+
+void TlsAgent::PrepareForRenegotiate() {
+  EXPECT_EQ(STATE_CONNECTED, state_);
+
+  SetState(STATE_CONNECTING);
+}
+
+void TlsAgent::StartRenegotiate() {
+  PrepareForRenegotiate();
+
+  SECStatus rv = SSL_ReHandshake(ssl_fd_, PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SendDirect(const DataBuffer& buf) {
+  LOG("Send Direct " << buf);
+  adapter_->peer()->PacketReceived(buf);
+}
+
+static bool ErrorIsNonFatal(PRErrorCode code) {
+  return code == PR_WOULD_BLOCK_ERROR || code == SSL_ERROR_RX_SHORT_DTLS_READ;
+}
+
+void TlsAgent::SendData(size_t bytes, size_t blocksize) {
+  uint8_t block[4096];
+
+  ASSERT_LT(blocksize, sizeof(block));
+
+  while (bytes) {
+    size_t tosend = std::min(blocksize, bytes);
+
+    for (size_t i = 0; i < tosend; ++i) {
+      block[i] = 0xff & send_ctr_;
+      ++send_ctr_;
+    }
+
+    LOGV("Writing " << tosend << " bytes");
+    int32_t rv = PR_Write(ssl_fd_, block, tosend);
+    if (expect_readwrite_error_) {
+      EXPECT_GT(0, rv);
+      EXPECT_NE(PR_WOULD_BLOCK_ERROR, error_code_);
+      error_code_ = PR_GetError();
+      expect_readwrite_error_ = false;
+    } else {
+      ASSERT_EQ(tosend, static_cast<size_t>(rv));
+    }
+
+    bytes -= tosend;
+  }
+}
+
+void TlsAgent::ReadBytes() {
+  uint8_t block[1024];
+
+  int32_t rv = PR_Read(ssl_fd_, block, sizeof(block));
+  LOGV("ReadBytes " << rv);
+  int32_t err;
+
+  if (rv >= 0) {
+    size_t count = static_cast<size_t>(rv);
+    for (size_t i = 0; i < count; ++i) {
+      ASSERT_EQ(recv_ctr_ & 0xff, block[i]);
+      recv_ctr_++;
+    }
+  } else {
+    err = PR_GetError();
+    LOG("Read error " << PORT_ErrorToName(err) << ": "
+                      << PORT_ErrorToString(err));
+    if (err != PR_WOULD_BLOCK_ERROR && expect_readwrite_error_) {
+      error_code_ = err;
+      expect_readwrite_error_ = false;
+    }
+  }
+
+  // If closed, then don't bother waiting around.
+  if (rv > 0 || (rv < 0 && ErrorIsNonFatal(err))) {
+    LOGV("Re-arming");
+    Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
+                             &TlsAgent::ReadableCallback);
+  }
+}
+
+void TlsAgent::ResetSentBytes() { send_ctr_ = 0; }
+
+void TlsAgent::ConfigureSessionCache(SessionResumptionMode mode) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE,
+                               mode & RESUME_SESSIONID ? PR_FALSE : PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+
+  rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_SESSION_TICKETS,
+                     mode & RESUME_TICKET ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+static const std::string kTlsRolesAllArr[] = {"CLIENT", "SERVER"};
+::testing::internal::ParamGenerator<std::string>
+    TlsAgentTestBase::kTlsRolesAll = ::testing::ValuesIn(kTlsRolesAllArr);
+
+void TlsAgentTestBase::SetUp() {
+  SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
+}
+
+void TlsAgentTestBase::TearDown() {
+  delete agent_;
+  SSL_ClearSessionCache();
+  SSL_ShutdownServerSessionIDCache();
+}
+
+void TlsAgentTestBase::Reset(const std::string& server_name) {
+  delete agent_;
+  Init(server_name);
+}
+
+void TlsAgentTestBase::Init(const std::string& server_name) {
+  agent_ =
+      new TlsAgent(role_ == TlsAgent::CLIENT ? TlsAgent::kClient : server_name,
+                   role_, mode_);
+  agent_->Init();
+  fd_ = DummyPrSocket::CreateFD(agent_->role_str(), mode_);
+  agent_->adapter()->SetPeer(DummyPrSocket::GetAdapter(fd_));
+  agent_->StartConnect();
+}
+
+void TlsAgentTestBase::EnsureInit() {
+  if (!agent_) {
+    Init();
+  }
+}
+
+void TlsAgentTestBase::ProcessMessage(const DataBuffer& buffer,
+                                      TlsAgent::State expected_state,
+                                      int32_t error_code) {
+  std::cerr << "Process message: " << buffer << std::endl;
+  EnsureInit();
+  agent_->adapter()->PacketReceived(buffer);
+  agent_->Handshake();
+
+  ASSERT_EQ(expected_state, agent_->state());
+
+  if (expected_state == TlsAgent::STATE_ERROR) {
+    ASSERT_EQ(error_code, agent_->error_code());
+  }
+}
+
+void TlsAgentTestBase::MakeRecord(Mode mode, uint8_t type, uint16_t version,
+                                  const uint8_t* buf, size_t len,
+                                  DataBuffer* out, uint64_t seq_num) {
+  size_t index = 0;
+  index = out->Write(index, type, 1);
+  index = out->Write(
+      index, mode == STREAM ? version : TlsVersionToDtlsVersion(version), 2);
+  if (mode == DGRAM) {
+    index = out->Write(index, seq_num >> 32, 4);
+    index = out->Write(index, seq_num & PR_UINT32_MAX, 4);
+  }
+  index = out->Write(index, len, 2);
+  out->Write(index, buf, len);
+}
+
+void TlsAgentTestBase::MakeRecord(uint8_t type, uint16_t version,
+                                  const uint8_t* buf, size_t len,
+                                  DataBuffer* out, uint64_t seq_num) const {
+  MakeRecord(mode_, type, version, buf, len, out, seq_num);
+}
+
+void TlsAgentTestBase::MakeHandshakeMessage(uint8_t hs_type,
+                                            const uint8_t* data, size_t hs_len,
+                                            DataBuffer* out,
+                                            uint64_t seq_num) const {
+  return MakeHandshakeMessageFragment(hs_type, data, hs_len, out, seq_num, 0,
+                                      0);
+}
+
+void TlsAgentTestBase::MakeHandshakeMessageFragment(
+    uint8_t hs_type, const uint8_t* data, size_t hs_len, DataBuffer* out,
+    uint64_t seq_num, uint32_t fragment_offset,
+    uint32_t fragment_length) const {
+  size_t index = 0;
+  if (!fragment_length) fragment_length = hs_len;
+  index = out->Write(index, hs_type, 1);  // Handshake record type.
+  index = out->Write(index, hs_len, 3);   // Handshake length
+  if (mode_ == DGRAM) {
+    index = out->Write(index, seq_num, 2);
+    index = out->Write(index, fragment_offset, 3);
+    index = out->Write(index, fragment_length, 3);
+  }
+  if (data) {
+    index = out->Write(index, data, fragment_length);
+  } else {
+    for (size_t i = 0; i < fragment_length; ++i) {
+      index = out->Write(index, 1, 1);
+    }
+  }
+}
+
+void TlsAgentTestBase::MakeTrivialHandshakeRecord(uint8_t hs_type,
+                                                  size_t hs_len,
+                                                  DataBuffer* out) {
+  size_t index = 0;
+  index = out->Write(index, kTlsHandshakeType, 1);  // Content Type
+  index = out->Write(index, 3, 1);                  // Version high
+  index = out->Write(index, 1, 1);                  // Version low
+  index = out->Write(index, 4 + hs_len, 2);         // Length
+
+  index = out->Write(index, hs_type, 1);  // Handshake record type.
+  index = out->Write(index, hs_len, 3);   // Handshake length
+  for (size_t i = 0; i < hs_len; ++i) {
+    index = out->Write(index, 1, 1);
+  }
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/tls_agent.h b/nss/external_tests/ssl_gtest/tls_agent.h
new file mode 100644
index 0000000..6e80dd4
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_agent.h
@@ -0,0 +1,425 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_agent_h_
+#define tls_agent_h_
+
+#include "prio.h"
+#include "ssl.h"
+
+#include <functional>
+#include <iostream>
+
+#include "test_io.h"
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+extern bool g_ssl_gtest_verbose;
+
+namespace nss_test {
+
+#define LOG(msg) std::cerr << role_str() << ": " << msg << std::endl
+#define LOGV(msg)                      \
+  do {                                 \
+    if (g_ssl_gtest_verbose) LOG(msg); \
+  } while (false)
+
+enum SessionResumptionMode {
+  RESUME_NONE = 0,
+  RESUME_SESSIONID = 1,
+  RESUME_TICKET = 2,
+  RESUME_BOTH = RESUME_SESSIONID | RESUME_TICKET
+};
+
+class TlsAgent;
+
+typedef std::function<SECStatus(TlsAgent* agent, bool checksig, bool isServer)>
+    AuthCertificateCallbackFunction;
+
+typedef std::function<void(TlsAgent* agent)> HandshakeCallbackFunction;
+
+typedef std::function<int32_t(TlsAgent* agent, const SECItem* srvNameArr,
+                              PRUint32 srvNameArrSize)>
+    SniCallbackFunction;
+
+class TlsAgent : public PollTarget {
+ public:
+  enum Role { CLIENT, SERVER };
+  enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR };
+
+  static const std::string kClient;     // the client key is sign only
+  static const std::string kRsa2048;    // bigger sign and encrypt for either
+  static const std::string kServerRsa;  // both sign and encrypt
+  static const std::string kServerRsaSign;
+  static const std::string kServerRsaPss;
+  static const std::string kServerRsaDecrypt;
+  static const std::string kServerEcdsa256;
+  static const std::string kServerEcdsa384;
+  static const std::string kServerEcdhEcdsa;
+  static const std::string kServerEcdhRsa;
+  static const std::string kServerDsa;
+
+  TlsAgent(const std::string& name, Role role, Mode mode);
+  virtual ~TlsAgent();
+
+  bool Init() {
+    pr_fd_ = DummyPrSocket::CreateFD(role_str(), mode_);
+    if (!pr_fd_) return false;
+
+    adapter_ = DummyPrSocket::GetAdapter(pr_fd_);
+    if (!adapter_) return false;
+
+    return true;
+  }
+
+  void SetPeer(TlsAgent* peer) { adapter_->SetPeer(peer->adapter_); }
+
+  void SetPacketFilter(PacketFilter* filter) {
+    adapter_->SetPacketFilter(filter);
+  }
+
+  void StartConnect(PRFileDesc* model = nullptr);
+  void CheckKEA(SSLKEAType type) const;
+  void CheckKEA(SSLKEAType type, size_t kea_size) const;
+  void CheckAuthType(SSLAuthType type) const;
+
+  void DisableAllCiphers();
+  void EnableCiphersByAuthType(SSLAuthType authType);
+  void EnableCiphersByKeyExchange(SSLKEAType kea);
+  void EnableSingleCipher(uint16_t cipher);
+
+  void Handshake();
+  // Marks the internal state as CONNECTING in anticipation of renegotiation.
+  void PrepareForRenegotiate();
+  // Prepares for renegotiation, then actually triggers it.
+  void StartRenegotiate();
+  bool ConfigServerCert(const std::string& name, bool updateKeyBits = false,
+                        const SSLExtraServerCertData* serverCertData = nullptr);
+  bool EnsureTlsSetup(PRFileDesc* modelSocket = nullptr);
+
+  void SetupClientAuth();
+  void RequestClientAuth(bool requireAuth);
+  bool GetClientAuthCredentials(CERTCertificate** cert,
+                                SECKEYPrivateKey** priv) const;
+
+  void ConfigureSessionCache(SessionResumptionMode mode);
+  void SetSessionTicketsEnabled(bool en);
+  void SetSessionCacheEnabled(bool en);
+  void Set0RttEnabled(bool en);
+  void SetVersionRange(uint16_t minver, uint16_t maxver);
+  void GetVersionRange(uint16_t* minver, uint16_t* maxver);
+  void CheckPreliminaryInfo();
+  void ResetPreliminaryInfo();
+  void SetExpectedVersion(uint16_t version);
+  void SetServerKeyBits(uint16_t bits);
+  void ExpectReadWriteError();
+  void EnableFalseStart();
+  void ExpectResumption();
+  void SetSignatureAlgorithms(const SSLSignatureAndHashAlg* algorithms,
+                              size_t count);
+  void EnableAlpn(const uint8_t* val, size_t len);
+  void CheckAlpn(SSLNextProtoState expected_state,
+                 const std::string& expected = "") const;
+  void EnableSrtp();
+  void CheckSrtp() const;
+  void CheckErrorCode(int32_t expected) const;
+  void WaitForErrorCode(int32_t expected, uint32_t delay) const;
+  // Send data on the socket, encrypting it.
+  void SendData(size_t bytes, size_t blocksize = 1024);
+  // Send data directly to the underlying socket, skipping the TLS layer.
+  void SendDirect(const DataBuffer& buf);
+  void ReadBytes();
+  void ResetSentBytes();  // Hack to test drops.
+  void EnableExtendedMasterSecret();
+  void CheckExtendedMasterSecret(bool expected);
+  void CheckEarlyDataAccepted(bool expected);
+  void DisableRollbackDetection();
+  void EnableCompression();
+  void SetDowngradeCheckVersion(uint16_t version);
+  void CheckSecretsDestroyed();
+  void ConfigNamedGroups(const SSLNamedGroup* groups, size_t num);
+
+  const std::string& name() const { return name_; }
+
+  Role role() const { return role_; }
+  std::string role_str() const { return role_ == SERVER ? "server" : "client"; }
+
+  State state() const { return state_; }
+
+  const CERTCertificate* peer_cert() const {
+    return SSL_PeerCertificate(ssl_fd_);
+  }
+
+  const char* state_str() const { return state_str(state()); }
+
+  static const char* state_str(State state) { return states[state]; }
+
+  PRFileDesc* ssl_fd() { return ssl_fd_; }
+  DummyPrSocket* adapter() { return adapter_; }
+
+  bool is_compressed() const {
+    return info_.compressionMethod != ssl_compression_null;
+  }
+  uint16_t server_key_bits() const { return server_key_bits_; }
+  uint16_t min_version() const { return vrange_.min; }
+  uint16_t max_version() const { return vrange_.max; }
+  uint16_t version() const {
+    EXPECT_EQ(STATE_CONNECTED, state_);
+    return info_.protocolVersion;
+  }
+
+  bool cipher_suite(uint16_t* cipher_suite) const {
+    if (state_ != STATE_CONNECTED) return false;
+
+    *cipher_suite = info_.cipherSuite;
+    return true;
+  }
+
+  std::string cipher_suite_name() const {
+    if (state_ != STATE_CONNECTED) return "UNKNOWN";
+
+    return csinfo_.cipherSuiteName;
+  }
+
+  std::vector<uint8_t> session_id() const {
+    return std::vector<uint8_t>(info_.sessionID,
+                                info_.sessionID + info_.sessionIDLength);
+  }
+
+  size_t received_bytes() const { return recv_ctr_; }
+  PRErrorCode error_code() const { return error_code_; }
+
+  bool can_falsestart_hook_called() const {
+    return can_falsestart_hook_called_;
+  }
+
+  void SetHandshakeCallback(HandshakeCallbackFunction handshake_callback) {
+    handshake_callback_ = handshake_callback;
+  }
+
+  void SetAuthCertificateCallback(
+      AuthCertificateCallbackFunction auth_certificate_callback) {
+    auth_certificate_callback_ = auth_certificate_callback;
+  }
+
+  void SetSniCallback(SniCallbackFunction sni_callback) {
+    sni_callback_ = sni_callback;
+  }
+
+ private:
+  const static char* states[];
+
+  void SetState(State state);
+
+  // Dummy auth certificate hook.
+  static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->CheckPreliminaryInfo();
+    agent->auth_certificate_hook_called_ = true;
+    if (agent->auth_certificate_callback_) {
+      return agent->auth_certificate_callback_(agent, checksig ? true : false,
+                                               isServer ? true : false);
+    }
+    return SECSuccess;
+  }
+
+  // Client auth certificate hook.
+  static SECStatus ClientAuthenticated(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    EXPECT_TRUE(agent->expect_client_auth_);
+    EXPECT_EQ(PR_TRUE, isServer);
+    if (agent->auth_certificate_callback_) {
+      return agent->auth_certificate_callback_(agent, checksig ? true : false,
+                                               isServer ? true : false);
+    }
+    return SECSuccess;
+  }
+
+  static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                         CERTDistNames* caNames,
+                                         CERTCertificate** cert,
+                                         SECKEYPrivateKey** privKey);
+
+  static void ReadableCallback(PollTarget* self, Event event) {
+    TlsAgent* agent = static_cast<TlsAgent*>(self);
+    if (event == TIMER_EVENT) {
+      agent->timer_handle_ = nullptr;
+    }
+    agent->ReadableCallback_int();
+  }
+
+  void ReadableCallback_int() {
+    LOGV("Readable");
+    switch (state_) {
+      case STATE_CONNECTING:
+        Handshake();
+        break;
+      case STATE_CONNECTED:
+        ReadBytes();
+        break;
+      default:
+        break;
+    }
+  }
+
+  static PRInt32 SniHook(PRFileDesc* fd, const SECItem* srvNameArr,
+                         PRUint32 srvNameArrSize, void* arg) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->CheckPreliminaryInfo();
+    agent->sni_hook_called_ = true;
+    EXPECT_EQ(1UL, srvNameArrSize);
+    if (agent->sni_callback_) {
+      return agent->sni_callback_(agent, srvNameArr, srvNameArrSize);
+    }
+    return 0;  // First configuration.
+  }
+
+  static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg,
+                                         PRBool* canFalseStart) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->CheckPreliminaryInfo();
+    EXPECT_TRUE(agent->falsestart_enabled_);
+    EXPECT_FALSE(agent->can_falsestart_hook_called_);
+    agent->can_falsestart_hook_called_ = true;
+    *canFalseStart = true;
+    return SECSuccess;
+  }
+
+  static void HandshakeCallback(PRFileDesc* fd, void* arg) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->handshake_callback_called_ = true;
+    agent->Connected();
+    if (agent->handshake_callback_) {
+      agent->handshake_callback_(agent);
+    }
+  }
+
+  void DisableLameGroups();
+  void CheckCallbacks() const;
+  void Connected();
+
+  const std::string name_;
+  Mode mode_;
+  uint16_t server_key_bits_;
+  PRFileDesc* pr_fd_;
+  DummyPrSocket* adapter_;
+  PRFileDesc* ssl_fd_;
+  Role role_;
+  State state_;
+  Poller::Timer* timer_handle_;
+  bool falsestart_enabled_;
+  uint16_t expected_version_;
+  uint16_t expected_cipher_suite_;
+  bool expect_resumption_;
+  bool expect_client_auth_;
+  bool can_falsestart_hook_called_;
+  bool sni_hook_called_;
+  bool auth_certificate_hook_called_;
+  bool handshake_callback_called_;
+  SSLChannelInfo info_;
+  SSLCipherSuiteInfo csinfo_;
+  SSLVersionRange vrange_;
+  PRErrorCode error_code_;
+  size_t send_ctr_;
+  size_t recv_ctr_;
+  bool expect_readwrite_error_;
+  HandshakeCallbackFunction handshake_callback_;
+  AuthCertificateCallbackFunction auth_certificate_callback_;
+  SniCallbackFunction sni_callback_;
+};
+
+inline std::ostream& operator<<(std::ostream& stream,
+                                const TlsAgent::State& state) {
+  return stream << TlsAgent::state_str(state);
+}
+
+class TlsAgentTestBase : public ::testing::Test {
+ public:
+  static ::testing::internal::ParamGenerator<std::string> kTlsRolesAll;
+
+  TlsAgentTestBase(TlsAgent::Role role, Mode mode)
+      : agent_(nullptr), fd_(nullptr), role_(role), mode_(mode) {}
+  ~TlsAgentTestBase() {
+    if (fd_) {
+      PR_Close(fd_);
+    }
+  }
+
+  void SetUp();
+  void TearDown();
+
+  static void MakeRecord(Mode mode, uint8_t type, uint16_t version,
+                         const uint8_t* buf, size_t len, DataBuffer* out,
+                         uint64_t seq_num = 0);
+  void MakeRecord(uint8_t type, uint16_t version, const uint8_t* buf,
+                  size_t len, DataBuffer* out, uint64_t seq_num = 0) const;
+  void MakeHandshakeMessage(uint8_t hs_type, const uint8_t* data, size_t hs_len,
+                            DataBuffer* out, uint64_t seq_num = 0) const;
+  void MakeHandshakeMessageFragment(uint8_t hs_type, const uint8_t* data,
+                                    size_t hs_len, DataBuffer* out,
+                                    uint64_t seq_num, uint32_t fragment_offset,
+                                    uint32_t fragment_length) const;
+  static void MakeTrivialHandshakeRecord(uint8_t hs_type, size_t hs_len,
+                                         DataBuffer* out);
+  static inline TlsAgent::Role ToRole(const std::string& str) {
+    return str == "CLIENT" ? TlsAgent::CLIENT : TlsAgent::SERVER;
+  }
+
+  static inline Mode ToMode(const std::string& str) {
+    return str == "TLS" ? STREAM : DGRAM;
+  }
+
+  void Init(const std::string& server_name = TlsAgent::kServerRsa);
+  void Reset(const std::string& server_name = TlsAgent::kServerRsa);
+
+ protected:
+  void EnsureInit();
+  void ProcessMessage(const DataBuffer& buffer, TlsAgent::State expected_state,
+                      int32_t error_code = 0);
+
+  TlsAgent* agent_;
+  PRFileDesc* fd_;
+  TlsAgent::Role role_;
+  Mode mode_;
+};
+
+class TlsAgentTest : public TlsAgentTestBase,
+                     public ::testing::WithParamInterface<
+                         std::tuple<std::string, std::string>> {
+ public:
+  TlsAgentTest()
+      : TlsAgentTestBase(ToRole(std::get<0>(GetParam())),
+                         ToMode(std::get<1>(GetParam()))) {}
+};
+
+class TlsAgentTestClient : public TlsAgentTestBase,
+                           public ::testing::WithParamInterface<std::string> {
+ public:
+  TlsAgentTestClient()
+      : TlsAgentTestBase(TlsAgent::CLIENT, ToMode(GetParam())) {}
+};
+
+class TlsAgentStreamTestClient : public TlsAgentTestBase {
+ public:
+  TlsAgentStreamTestClient() : TlsAgentTestBase(TlsAgent::CLIENT, STREAM) {}
+};
+
+class TlsAgentStreamTestServer : public TlsAgentTestBase {
+ public:
+  TlsAgentStreamTestServer() : TlsAgentTestBase(TlsAgent::SERVER, STREAM) {}
+};
+
+class TlsAgentDgramTestClient : public TlsAgentTestBase {
+ public:
+  TlsAgentDgramTestClient() : TlsAgentTestBase(TlsAgent::CLIENT, DGRAM) {}
+};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/external_tests/ssl_gtest/tls_connect.cc b/nss/external_tests/ssl_gtest/tls_connect.cc
new file mode 100644
index 0000000..be74f78
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_connect.cc
@@ -0,0 +1,546 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_connect.h"
+extern "C" {
+#include "libssl_internals.h"
+}
+
+#include <iostream>
+
+#include "databuffer.h"
+#include "gtest_utils.h"
+#include "sslproto.h"
+
+extern std::string g_working_dir_path;
+
+namespace nss_test {
+
+static const std::string kTlsModesStreamArr[] = {"TLS"};
+::testing::internal::ParamGenerator<std::string>
+    TlsConnectTestBase::kTlsModesStream =
+        ::testing::ValuesIn(kTlsModesStreamArr);
+static const std::string kTlsModesDatagramArr[] = {"DTLS"};
+::testing::internal::ParamGenerator<std::string>
+    TlsConnectTestBase::kTlsModesDatagram =
+        ::testing::ValuesIn(kTlsModesDatagramArr);
+static const std::string kTlsModesAllArr[] = {"TLS", "DTLS"};
+::testing::internal::ParamGenerator<std::string>
+    TlsConnectTestBase::kTlsModesAll = ::testing::ValuesIn(kTlsModesAllArr);
+
+static const uint16_t kTlsV10Arr[] = {SSL_LIBRARY_VERSION_TLS_1_0};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV10 =
+    ::testing::ValuesIn(kTlsV10Arr);
+static const uint16_t kTlsV11Arr[] = {SSL_LIBRARY_VERSION_TLS_1_1};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV11 =
+    ::testing::ValuesIn(kTlsV11Arr);
+static const uint16_t kTlsV12Arr[] = {SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV12 =
+    ::testing::ValuesIn(kTlsV12Arr);
+static const uint16_t kTlsV10V11Arr[] = {SSL_LIBRARY_VERSION_TLS_1_0,
+                                         SSL_LIBRARY_VERSION_TLS_1_1};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV10V11 =
+    ::testing::ValuesIn(kTlsV10V11Arr);
+static const uint16_t kTlsV10ToV12Arr[] = {SSL_LIBRARY_VERSION_TLS_1_0,
+                                           SSL_LIBRARY_VERSION_TLS_1_1,
+                                           SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV10ToV12 =
+    ::testing::ValuesIn(kTlsV10ToV12Arr);
+static const uint16_t kTlsV11V12Arr[] = {SSL_LIBRARY_VERSION_TLS_1_1,
+                                         SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV11V12 =
+    ::testing::ValuesIn(kTlsV11V12Arr);
+
+static const uint16_t kTlsV11PlusArr[] = {
+#ifndef NSS_DISABLE_TLS_1_3
+    SSL_LIBRARY_VERSION_TLS_1_3,
+#endif
+    SSL_LIBRARY_VERSION_TLS_1_2, SSL_LIBRARY_VERSION_TLS_1_1};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV11Plus =
+    ::testing::ValuesIn(kTlsV11PlusArr);
+static const uint16_t kTlsV12PlusArr[] = {
+#ifndef NSS_DISABLE_TLS_1_3
+    SSL_LIBRARY_VERSION_TLS_1_3,
+#endif
+    SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV12Plus =
+    ::testing::ValuesIn(kTlsV12PlusArr);
+static const uint16_t kTlsV13Arr[] = {SSL_LIBRARY_VERSION_TLS_1_3};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV13 =
+    ::testing::ValuesIn(kTlsV13Arr);
+static const uint16_t kTlsVAllArr[] = {
+#ifndef NSS_DISABLE_TLS_1_3
+    SSL_LIBRARY_VERSION_TLS_1_3,
+#endif
+    SSL_LIBRARY_VERSION_TLS_1_2, SSL_LIBRARY_VERSION_TLS_1_1,
+    SSL_LIBRARY_VERSION_TLS_1_0};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsVAll =
+    ::testing::ValuesIn(kTlsVAllArr);
+
+std::string VersionString(uint16_t version) {
+  switch (version) {
+    case 0:
+      return "(no version)";
+    case SSL_LIBRARY_VERSION_TLS_1_0:
+      return "1.0";
+    case SSL_LIBRARY_VERSION_TLS_1_1:
+      return "1.1";
+    case SSL_LIBRARY_VERSION_TLS_1_2:
+      return "1.2";
+    case SSL_LIBRARY_VERSION_TLS_1_3:
+      return "1.3";
+    default:
+      std::cerr << "Invalid version: " << version << std::endl;
+      EXPECT_TRUE(false);
+      return "";
+  }
+}
+
+TlsConnectTestBase::TlsConnectTestBase(Mode mode, uint16_t version)
+    : mode_(mode),
+      client_(new TlsAgent(TlsAgent::kClient, TlsAgent::CLIENT, mode_)),
+      server_(new TlsAgent(TlsAgent::kServerRsa, TlsAgent::SERVER, mode_)),
+      client_model_(nullptr),
+      server_model_(nullptr),
+      version_(version),
+      expected_resumption_mode_(RESUME_NONE),
+      session_ids_(),
+      expect_extended_master_secret_(false),
+      expect_early_data_accepted_(false) {
+  std::string v;
+  if (mode_ == DGRAM && version_ == SSL_LIBRARY_VERSION_TLS_1_1) {
+    v = "1.0";
+  } else {
+    v = VersionString(version_);
+  }
+  std::cerr << "Version: " << mode_ << " " << v << std::endl;
+}
+
+TlsConnectTestBase::~TlsConnectTestBase() {}
+
+// Check the group of each of the supported groups
+void TlsConnectTestBase::CheckGroups(
+    const DataBuffer& groups, std::function<void(SSLNamedGroup)> check_group) {
+  DuplicateGroupChecker group_set;
+  uint32_t tmp = 0;
+  EXPECT_TRUE(groups.Read(0, 2, &tmp));
+  EXPECT_EQ(groups.len() - 2, static_cast<size_t>(tmp));
+  for (size_t i = 2; i < groups.len(); i += 2) {
+    EXPECT_TRUE(groups.Read(i, 2, &tmp));
+    SSLNamedGroup group = static_cast<SSLNamedGroup>(tmp);
+    group_set.AddAndCheckGroup(group);
+    check_group(group);
+  }
+}
+
+// Check the group of each of the shares
+void TlsConnectTestBase::CheckShares(
+    const DataBuffer& shares, std::function<void(SSLNamedGroup)> check_group) {
+  DuplicateGroupChecker group_set;
+  uint32_t tmp = 0;
+  EXPECT_TRUE(shares.Read(0, 2, &tmp));
+  EXPECT_EQ(shares.len() - 2, static_cast<size_t>(tmp));
+  size_t i;
+  for (i = 2; i < shares.len(); i += 4 + tmp) {
+    ASSERT_TRUE(shares.Read(i, 2, &tmp));
+    SSLNamedGroup group = static_cast<SSLNamedGroup>(tmp);
+    group_set.AddAndCheckGroup(group);
+    check_group(group);
+    ASSERT_TRUE(shares.Read(i + 2, 2, &tmp));
+  }
+  EXPECT_EQ(shares.len(), i);
+}
+
+void TlsConnectTestBase::ClearStats() {
+  // Clear statistics.
+  SSL3Statistics* stats = SSL_GetStatistics();
+  memset(stats, 0, sizeof(*stats));
+}
+
+void TlsConnectTestBase::ClearServerCache() {
+  SSL_ShutdownServerSessionIDCache();
+  SSLInt_ClearSessionTicketKey();
+  SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
+}
+
+void TlsConnectTestBase::SetUp() {
+  SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
+  SSLInt_ClearSessionTicketKey();
+  ClearStats();
+  Init();
+}
+
+void TlsConnectTestBase::TearDown() {
+  delete client_;
+  delete server_;
+  if (client_model_) {
+    ASSERT_NE(server_model_, nullptr);
+    delete client_model_;
+    delete server_model_;
+  }
+
+  SSL_ClearSessionCache();
+  SSLInt_ClearSessionTicketKey();
+  SSL_ShutdownServerSessionIDCache();
+}
+
+void TlsConnectTestBase::Init() {
+  EXPECT_TRUE(client_->Init());
+  EXPECT_TRUE(server_->Init());
+
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+
+  if (version_) {
+    client_->SetVersionRange(version_, version_);
+    server_->SetVersionRange(version_, version_);
+  }
+}
+
+void TlsConnectTestBase::Reset() {
+  // Take a copy of the names because they are about to disappear.
+  std::string server_name = server_->name();
+  std::string client_name = client_->name();
+  Reset(server_name, client_name);
+}
+
+void TlsConnectTestBase::Reset(const std::string& server_name,
+                               const std::string& client_name) {
+  delete client_;
+  delete server_;
+
+  client_ = new TlsAgent(client_name, TlsAgent::CLIENT, mode_);
+  server_ = new TlsAgent(server_name, TlsAgent::SERVER, mode_);
+
+  Init();
+}
+
+void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected) {
+  expected_resumption_mode_ = expected;
+  if (expected != RESUME_NONE) {
+    client_->ExpectResumption();
+    server_->ExpectResumption();
+  }
+}
+
+void TlsConnectTestBase::EnsureTlsSetup() {
+  EXPECT_TRUE(server_->EnsureTlsSetup(server_model_ ? server_model_->ssl_fd()
+                                                    : nullptr));
+  EXPECT_TRUE(client_->EnsureTlsSetup(client_model_ ? client_model_->ssl_fd()
+                                                    : nullptr));
+}
+
+void TlsConnectTestBase::Handshake() {
+  EnsureTlsSetup();
+  client_->SetServerKeyBits(server_->server_key_bits());
+  client_->Handshake();
+  server_->Handshake();
+
+  ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) &&
+                       (server_->state() != TlsAgent::STATE_CONNECTING),
+                   5000);
+}
+
+void TlsConnectTestBase::EnableExtendedMasterSecret() {
+  client_->EnableExtendedMasterSecret();
+  server_->EnableExtendedMasterSecret();
+  ExpectExtendedMasterSecret(true);
+}
+
+void TlsConnectTestBase::Connect() {
+  server_->StartConnect(server_model_ ? server_model_->ssl_fd() : nullptr);
+  client_->StartConnect(client_model_ ? client_model_->ssl_fd() : nullptr);
+  Handshake();
+  CheckConnected();
+}
+
+void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) {
+  EnsureTlsSetup();
+  client_->EnableSingleCipher(cipher_suite);
+
+  Connect();
+  SendReceive();
+
+  // Check that we used the right cipher suite.
+  uint16_t actual;
+  EXPECT_TRUE(client_->cipher_suite(&actual));
+  EXPECT_EQ(cipher_suite, actual);
+  EXPECT_TRUE(server_->cipher_suite(&actual));
+  EXPECT_EQ(cipher_suite, actual);
+}
+
+void TlsConnectTestBase::CheckConnected() {
+  // Check the version is as expected
+  EXPECT_EQ(client_->version(), server_->version());
+  EXPECT_EQ(std::min(client_->max_version(), server_->max_version()),
+            client_->version());
+
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+  uint16_t cipher_suite1, cipher_suite2;
+  bool ret = client_->cipher_suite(&cipher_suite1);
+  EXPECT_TRUE(ret);
+  ret = server_->cipher_suite(&cipher_suite2);
+  EXPECT_TRUE(ret);
+  EXPECT_EQ(cipher_suite1, cipher_suite2);
+
+  std::cerr << "Connected with version " << client_->version()
+            << " cipher suite " << client_->cipher_suite_name() << std::endl;
+
+  if (client_->version() < SSL_LIBRARY_VERSION_TLS_1_3) {
+    // Check and store session ids.
+    std::vector<uint8_t> sid_c1 = client_->session_id();
+    EXPECT_EQ(32U, sid_c1.size());
+    std::vector<uint8_t> sid_s1 = server_->session_id();
+    EXPECT_EQ(32U, sid_s1.size());
+    EXPECT_EQ(sid_c1, sid_s1);
+    session_ids_.push_back(sid_c1);
+  }
+
+  CheckExtendedMasterSecret();
+  CheckEarlyDataAccepted();
+  CheckResumption(expected_resumption_mode_);
+  client_->CheckSecretsDestroyed();
+  server_->CheckSecretsDestroyed();
+}
+
+void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type, SSLAuthType auth_type,
+                                   size_t kea_size) const {
+  if (kea_size) {
+    client_->CheckKEA(kea_type, kea_size);
+    server_->CheckKEA(kea_type, kea_size);
+  } else {
+    client_->CheckKEA(kea_type);
+    server_->CheckKEA(kea_type);
+  }
+  client_->CheckAuthType(auth_type);
+  server_->CheckAuthType(auth_type);
+}
+
+void TlsConnectTestBase::ConnectExpectFail() {
+  server_->StartConnect();
+  client_->StartConnect();
+  Handshake();
+  ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state());
+  ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state());
+}
+
+void TlsConnectTestBase::SetExpectedVersion(uint16_t version) {
+  client_->SetExpectedVersion(version);
+  server_->SetExpectedVersion(version);
+}
+
+void TlsConnectTestBase::DisableAllCiphers() {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  server_->DisableAllCiphers();
+}
+
+void TlsConnectTestBase::EnableOnlyStaticRsaCiphers() {
+  DisableAllCiphers();
+
+  client_->EnableCiphersByKeyExchange(ssl_kea_rsa);
+  server_->EnableCiphersByKeyExchange(ssl_kea_rsa);
+}
+
+void TlsConnectTestBase::EnableOnlyDheCiphers() {
+  DisableAllCiphers();
+
+  client_->EnableCiphersByKeyExchange(ssl_kea_dh);
+  client_->EnableCiphersByKeyExchange(ssl_kea_dh_psk);
+  server_->EnableCiphersByKeyExchange(ssl_kea_dh);
+  server_->EnableCiphersByKeyExchange(ssl_kea_dh_psk);
+}
+
+void TlsConnectTestBase::EnableSomeEcdhCiphers() {
+  client_->EnableCiphersByAuthType(ssl_auth_ecdh_rsa);
+  client_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa);
+  server_->EnableCiphersByAuthType(ssl_auth_ecdh_rsa);
+  server_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa);
+}
+
+void TlsConnectTestBase::ConfigureSessionCache(SessionResumptionMode client,
+                                               SessionResumptionMode server) {
+  client_->ConfigureSessionCache(client);
+  server_->ConfigureSessionCache(server);
+  if ((server & RESUME_TICKET) != 0) {
+    // This is an abomination.  NSS encrypts session tickets with the server's
+    // RSA public key.  That means we need the server to have an RSA certificate
+    // even if it won't be used for the connection.
+    server_->ConfigServerCert(TlsAgent::kServerRsaDecrypt);
+  }
+}
+
+void TlsConnectTestBase::CheckResumption(SessionResumptionMode expected) {
+  EXPECT_NE(RESUME_BOTH, expected);
+
+  int resume_count = expected ? 1 : 0;
+  int stateless_count = (expected & RESUME_TICKET) ? 1 : 0;
+
+  // Note: hch == server counter; hsh == client counter.
+  SSL3Statistics* stats = SSL_GetStatistics();
+  EXPECT_EQ(resume_count, stats->hch_sid_cache_hits);
+  EXPECT_EQ(resume_count, stats->hsh_sid_cache_hits);
+
+  EXPECT_EQ(stateless_count, stats->hch_sid_stateless_resumes);
+  EXPECT_EQ(stateless_count, stats->hsh_sid_stateless_resumes);
+
+  if (expected != RESUME_NONE) {
+    if (client_->version() < SSL_LIBRARY_VERSION_TLS_1_3) {
+      // Check that the last two session ids match.
+      ASSERT_EQ(2U, session_ids_.size());
+      EXPECT_EQ(session_ids_[session_ids_.size() - 1],
+                session_ids_[session_ids_.size() - 2]);
+    } else {
+      // TLS 1.3 only uses tickets.
+      EXPECT_TRUE(expected & RESUME_TICKET);
+    }
+  }
+}
+
+void TlsConnectTestBase::EnableAlpn() {
+  client_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+  server_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+}
+
+void TlsConnectTestBase::EnableAlpn(const uint8_t* val, size_t len) {
+  client_->EnableAlpn(val, len);
+  server_->EnableAlpn(val, len);
+}
+
+void TlsConnectTestBase::EnsureModelSockets() {
+  // Make sure models agents are available.
+  if (!client_model_) {
+    ASSERT_EQ(server_model_, nullptr);
+    client_model_ = new TlsAgent(TlsAgent::kClient, TlsAgent::CLIENT, mode_);
+    server_model_ = new TlsAgent(TlsAgent::kServerRsa, TlsAgent::SERVER, mode_);
+  }
+
+  // Initialise agents.
+  ASSERT_TRUE(client_model_->Init());
+  ASSERT_TRUE(server_model_->Init());
+}
+
+void TlsConnectTestBase::CheckAlpn(const std::string& val) {
+  client_->CheckAlpn(SSL_NEXT_PROTO_SELECTED, val);
+  server_->CheckAlpn(SSL_NEXT_PROTO_NEGOTIATED, val);
+}
+
+void TlsConnectTestBase::EnableSrtp() {
+  client_->EnableSrtp();
+  server_->EnableSrtp();
+}
+
+void TlsConnectTestBase::CheckSrtp() const {
+  client_->CheckSrtp();
+  server_->CheckSrtp();
+}
+
+void TlsConnectTestBase::SendReceive() {
+  client_->SendData(50);
+  server_->SendData(50);
+  Receive(50);
+}
+
+// Do a first connection so we can do 0-RTT on the second one.
+void TlsConnectTestBase::SetupForZeroRtt() {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->Set0RttEnabled(true);  // So we signal that we allow 0-RTT.
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->StartConnect();
+  client_->StartConnect();
+}
+
+void TlsConnectTestBase::ZeroRttSendReceive(
+    bool expect_readable, std::function<bool()> post_clienthello_check) {
+  const char* k0RttData = "ABCDEF";
+  const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
+
+  client_->Handshake();  // Send ClientHello.
+  if (post_clienthello_check) {
+    if (!post_clienthello_check()) return;
+  }
+  PRInt32 rv =
+      PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen);  // 0-RTT write.
+  EXPECT_EQ(k0RttDataLen, rv);
+  server_->Handshake();  // Consume ClientHello, EE, Finished.
+
+  std::vector<uint8_t> buf(k0RttDataLen);
+  rv = PR_Read(server_->ssl_fd(), buf.data(), k0RttDataLen);  // 0-RTT read
+  if (expect_readable) {
+    std::cerr << "0-RTT read " << rv << " bytes\n";
+    EXPECT_EQ(k0RttDataLen, rv);
+  } else {
+    EXPECT_EQ(SECFailure, rv);
+    EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+  }
+
+  // Do a second read. this should fail.
+  rv = PR_Read(server_->ssl_fd(), buf.data(), k0RttDataLen);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+}
+
+void TlsConnectTestBase::Receive(size_t amount) {
+  WAIT_(client_->received_bytes() == amount &&
+            server_->received_bytes() == amount,
+        2000);
+  ASSERT_EQ(amount, client_->received_bytes());
+  ASSERT_EQ(amount, server_->received_bytes());
+}
+
+void TlsConnectTestBase::ExpectExtendedMasterSecret(bool expected) {
+  expect_extended_master_secret_ = expected;
+}
+
+void TlsConnectTestBase::CheckExtendedMasterSecret() {
+  client_->CheckExtendedMasterSecret(expect_extended_master_secret_);
+  server_->CheckExtendedMasterSecret(expect_extended_master_secret_);
+}
+
+void TlsConnectTestBase::ExpectEarlyDataAccepted(bool expected) {
+  expect_early_data_accepted_ = expected;
+}
+
+void TlsConnectTestBase::CheckEarlyDataAccepted() {
+  client_->CheckEarlyDataAccepted(expect_early_data_accepted_);
+  server_->CheckEarlyDataAccepted(expect_early_data_accepted_);
+}
+
+TlsConnectGeneric::TlsConnectGeneric()
+    : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
+                         std::get<1>(GetParam())) {}
+
+TlsConnectPre12::TlsConnectPre12()
+    : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
+                         std::get<1>(GetParam())) {}
+
+TlsConnectTls12::TlsConnectTls12()
+    : TlsConnectTestBase(TlsConnectTestBase::ToMode(GetParam()),
+                         SSL_LIBRARY_VERSION_TLS_1_2) {}
+
+TlsConnectTls12Plus::TlsConnectTls12Plus()
+    : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
+                         std::get<1>(GetParam())) {}
+
+TlsConnectTls13::TlsConnectTls13()
+    : TlsConnectTestBase(TlsConnectTestBase::ToMode(GetParam()),
+                         SSL_LIBRARY_VERSION_TLS_1_3) {}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/tls_connect.h b/nss/external_tests/ssl_gtest/tls_connect.h
new file mode 100644
index 0000000..4bbcd03
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_connect.h
@@ -0,0 +1,224 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_connect_h_
+#define tls_connect_h_
+
+#include <tuple>
+
+#include "sslproto.h"
+#include "sslt.h"
+
+#include "tls_agent.h"
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+extern std::string VersionString(uint16_t version);
+
+// A generic TLS connection test base.
+class TlsConnectTestBase : public ::testing::Test {
+ public:
+  static ::testing::internal::ParamGenerator<std::string> kTlsModesStream;
+  static ::testing::internal::ParamGenerator<std::string> kTlsModesDatagram;
+  static ::testing::internal::ParamGenerator<std::string> kTlsModesAll;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV10;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV11;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV12;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV10V11;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV11V12;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV10ToV12;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV13;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV11Plus;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV12Plus;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsVAll;
+
+  static inline Mode ToMode(const std::string& str) {
+    return str == "TLS" ? STREAM : DGRAM;
+  }
+
+  TlsConnectTestBase(Mode mode, uint16_t version);
+  virtual ~TlsConnectTestBase();
+
+  void SetUp();
+  void TearDown();
+
+  // Initialize client and server.
+  void Init();
+  // Clear the statistics.
+  void ClearStats();
+  // Clear the server session cache.
+  void ClearServerCache();
+  // Make sure TLS is configured for a connection.
+  void EnsureTlsSetup();
+  // Reset and keep the same certificate names
+  void Reset();
+  // Reset, and update the certificate names on both peers
+  void Reset(const std::string& server_name,
+             const std::string& client_name = "client");
+
+  // Run the handshake.
+  void Handshake();
+  // Connect and check that it works.
+  void Connect();
+  // Check that the connection was successfully established.
+  void CheckConnected();
+  // Connect and expect it to fail.
+  void ConnectExpectFail();
+  void ConnectWithCipherSuite(uint16_t cipher_suite);
+  void CheckKeys(SSLKEAType kea_type, SSLAuthType auth_type,
+                 size_t kea_size = 0) const;
+  void CheckGroups(const DataBuffer& groups,
+                   std::function<void(SSLNamedGroup)> check_group);
+  void CheckShares(const DataBuffer& shares,
+                   std::function<void(SSLNamedGroup)> check_group);
+
+  void SetExpectedVersion(uint16_t version);
+  // Expect resumption of a particular type.
+  void ExpectResumption(SessionResumptionMode expected);
+  void DisableAllCiphers();
+  void EnableOnlyStaticRsaCiphers();
+  void EnableOnlyDheCiphers();
+  void EnableSomeEcdhCiphers();
+  void EnableExtendedMasterSecret();
+  void ConfigureSessionCache(SessionResumptionMode client,
+                             SessionResumptionMode server);
+  void EnableAlpn();
+  void EnableAlpn(const uint8_t* val, size_t len);
+  void EnsureModelSockets();
+  void CheckAlpn(const std::string& val);
+  void EnableSrtp();
+  void CheckSrtp() const;
+  void SendReceive();
+  void SetupForZeroRtt();
+  void ZeroRttSendReceive(
+      bool expect_readable,
+      std::function<bool()> post_clienthello_check = nullptr);
+  void Receive(size_t amount);
+  void ExpectExtendedMasterSecret(bool expected);
+  void ExpectEarlyDataAccepted(bool expected);
+
+ protected:
+  Mode mode_;
+  TlsAgent* client_;
+  TlsAgent* server_;
+  TlsAgent* client_model_;
+  TlsAgent* server_model_;
+  uint16_t version_;
+  SessionResumptionMode expected_resumption_mode_;
+  std::vector<std::vector<uint8_t>> session_ids_;
+
+  // A simple value of "a", "b".  Note that the preferred value of "a" is placed
+  // at the end, because the NSS API follows the now defunct NPN specification,
+  // which places the preferred (and default) entry at the end of the list.
+  // NSS will move this final entry to the front when used with ALPN.
+  const uint8_t alpn_dummy_val_[4] = {0x01, 0x62, 0x01, 0x61};
+
+ private:
+  void CheckResumption(SessionResumptionMode expected);
+  void CheckExtendedMasterSecret();
+  void CheckEarlyDataAccepted();
+
+  bool expect_extended_master_secret_;
+  bool expect_early_data_accepted_;
+
+  // Track groups and make sure that there are no duplicates.
+  class DuplicateGroupChecker {
+   public:
+    void AddAndCheckGroup(SSLNamedGroup group) {
+      EXPECT_EQ(groups_.end(), groups_.find(group))
+          << "Group " << group << " should not be duplicated";
+      groups_.insert(group);
+    }
+
+   private:
+    std::set<SSLNamedGroup> groups_;
+  };
+};
+
+// A non-parametrized TLS test base.
+class TlsConnectTest : public TlsConnectTestBase {
+ public:
+  TlsConnectTest() : TlsConnectTestBase(STREAM, 0) {}
+};
+
+// A non-parametrized DTLS-only test base.
+class DtlsConnectTest : public TlsConnectTestBase {
+ public:
+  DtlsConnectTest() : TlsConnectTestBase(DGRAM, 0) {}
+};
+
+// A TLS-only test base.
+class TlsConnectStream : public TlsConnectTestBase,
+                         public ::testing::WithParamInterface<uint16_t> {
+ public:
+  TlsConnectStream() : TlsConnectTestBase(STREAM, GetParam()) {}
+};
+
+// A TLS-only test base for tests before 1.3
+class TlsConnectStreamPre13 : public TlsConnectStream {};
+
+// A DTLS-only test base.
+class TlsConnectDatagram : public TlsConnectTestBase,
+                           public ::testing::WithParamInterface<uint16_t> {
+ public:
+  TlsConnectDatagram() : TlsConnectTestBase(DGRAM, GetParam()) {}
+};
+
+// A generic test class that can be either STREAM or DGRAM and a single version
+// of TLS.  This is configured in ssl_loopback_unittest.cc.  All uses of this
+// should use TEST_P().
+class TlsConnectGeneric
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsConnectGeneric();
+};
+
+// A Pre TLS 1.2 generic test.
+class TlsConnectPre12
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsConnectPre12();
+};
+
+// A TLS 1.2 only generic test.
+class TlsConnectTls12 : public TlsConnectTestBase,
+                        public ::testing::WithParamInterface<std::string> {
+ public:
+  TlsConnectTls12();
+};
+
+// A TLS 1.2+ generic test.
+class TlsConnectTls12Plus
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsConnectTls12Plus();
+};
+
+// A TLS 1.3 only generic test.
+class TlsConnectTls13 : public TlsConnectTestBase,
+                        public ::testing::WithParamInterface<std::string> {
+ public:
+  TlsConnectTls13();
+};
+
+class TlsConnectDatagram13 : public TlsConnectTestBase {
+ public:
+  TlsConnectDatagram13()
+      : TlsConnectTestBase(DGRAM, SSL_LIBRARY_VERSION_TLS_1_3) {}
+};
+
+// A variant that is used only with Pre13.
+class TlsConnectGenericPre13 : public TlsConnectGeneric {};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/external_tests/ssl_gtest/tls_filter.cc b/nss/external_tests/ssl_gtest/tls_filter.cc
new file mode 100644
index 0000000..ebea6f5
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_filter.cc
@@ -0,0 +1,475 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_filter.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include <iostream>
+#include "gtest_utils.h"
+#include "tls_agent.h"
+
+namespace nss_test {
+
+PacketFilter::Action TlsRecordFilter::Filter(const DataBuffer& input,
+                                             DataBuffer* output) {
+  bool changed = false;
+  size_t offset = 0U;
+  output->Allocate(input.len());
+
+  TlsParser parser(input);
+  while (parser.remaining()) {
+    RecordHeader header;
+    DataBuffer record;
+    if (!header.Parse(&parser, &record)) {
+      return KEEP;
+    }
+
+    if (FilterRecord(header, record, &offset, output) != KEEP) {
+      changed = true;
+    } else {
+      offset = header.Write(output, offset, record);
+    }
+  }
+  output->Truncate(offset);
+
+  // Record how many packets we actually touched.
+  if (changed) {
+    ++count_;
+    return (offset == 0) ? DROP : CHANGE;
+  }
+
+  return KEEP;
+}
+
+PacketFilter::Action TlsRecordFilter::FilterRecord(const RecordHeader& header,
+                                                   const DataBuffer& record,
+                                                   size_t* offset,
+                                                   DataBuffer* output) {
+  DataBuffer filtered;
+  PacketFilter::Action action = FilterRecord(header, record, &filtered);
+  if (action == KEEP) {
+    return KEEP;
+  }
+
+  if (action == DROP) {
+    std::cerr << "record drop: " << record << std::endl;
+    return DROP;
+  }
+
+  const DataBuffer* source = &record;
+  if (action == CHANGE) {
+    EXPECT_GT(0x10000U, filtered.len());
+    std::cerr << "record old: " << record << std::endl;
+    std::cerr << "record new: " << filtered << std::endl;
+    source = &filtered;
+  }
+
+  *offset = header.Write(output, *offset, *source);
+  return CHANGE;
+}
+
+bool TlsRecordFilter::RecordHeader::Parse(TlsParser* parser, DataBuffer* body) {
+  if (!parser->Read(&content_type_)) {
+    return false;
+  }
+
+  uint32_t version;
+  if (!parser->Read(&version, 2)) {
+    return false;
+  }
+  version_ = version;
+
+  sequence_number_ = 0;
+  if (IsDtls(version)) {
+    uint32_t tmp;
+    if (!parser->Read(&tmp, 4)) {
+      return false;
+    }
+    sequence_number_ = static_cast<uint64_t>(tmp) << 32;
+    if (!parser->Read(&tmp, 4)) {
+      return false;
+    }
+    sequence_number_ |= static_cast<uint64_t>(tmp);
+  }
+  return parser->ReadVariable(body, 2);
+}
+
+size_t TlsRecordFilter::RecordHeader::Write(DataBuffer* buffer, size_t offset,
+                                            const DataBuffer& body) const {
+  offset = buffer->Write(offset, content_type_, 1);
+  offset = buffer->Write(offset, version_, 2);
+  if (is_dtls()) {
+    // write epoch (2 octet), and seqnum (6 octet)
+    offset = buffer->Write(offset, sequence_number_ >> 32, 4);
+    offset = buffer->Write(offset, sequence_number_ & 0xffffffff, 4);
+  }
+  offset = buffer->Write(offset, body.len(), 2);
+  offset = buffer->Write(offset, body);
+  return offset;
+}
+
+PacketFilter::Action TlsHandshakeFilter::FilterRecord(
+    const RecordHeader& record_header, const DataBuffer& input,
+    DataBuffer* output) {
+  // Check that the first byte is as requested.
+  if (record_header.content_type() != kTlsHandshakeType) {
+    return KEEP;
+  }
+
+  bool changed = false;
+  size_t offset = 0U;
+  output->Allocate(input.len());  // Preallocate a little.
+
+  TlsParser parser(input);
+  while (parser.remaining()) {
+    HandshakeHeader header;
+    DataBuffer handshake;
+    if (!header.Parse(&parser, record_header, &handshake)) {
+      return KEEP;
+    }
+
+    DataBuffer filtered;
+    PacketFilter::Action action = FilterHandshake(header, handshake, &filtered);
+    if (action == DROP) {
+      changed = true;
+      std::cerr << "handshake drop: " << handshake << std::endl;
+      continue;
+    }
+
+    const DataBuffer* source = &handshake;
+    if (action == CHANGE) {
+      EXPECT_GT(0x1000000U, filtered.len());
+      changed = true;
+      std::cerr << "handshake old: " << handshake << std::endl;
+      std::cerr << "handshake new: " << filtered << std::endl;
+      source = &filtered;
+    }
+
+    offset = header.Write(output, offset, *source);
+  }
+  output->Truncate(offset);
+  return changed ? (offset ? CHANGE : DROP) : KEEP;
+}
+
+bool TlsHandshakeFilter::HandshakeHeader::ReadLength(TlsParser* parser,
+                                                     const RecordHeader& header,
+                                                     uint32_t* length) {
+  if (!parser->Read(length, 3)) {
+    return false;  // malformed
+  }
+
+  if (!header.is_dtls()) {
+    return true;  // nothing left to do
+  }
+
+  // Read and check DTLS parameters
+  uint32_t message_seq_tmp;
+  if (!parser->Read(&message_seq_tmp, 2)) {  // sequence number
+    return false;
+  }
+  message_seq_ = message_seq_tmp;
+
+  uint32_t fragment_offset;
+  if (!parser->Read(&fragment_offset, 3)) {
+    return false;
+  }
+
+  uint32_t fragment_length;
+  if (!parser->Read(&fragment_length, 3)) {
+    return false;
+  }
+
+  // All current tests where we are using this code don't fragment.
+  return (fragment_offset == 0 && fragment_length == *length);
+}
+
+bool TlsHandshakeFilter::HandshakeHeader::Parse(
+    TlsParser* parser, const RecordHeader& record_header, DataBuffer* body) {
+  version_ = record_header.version();
+  if (!parser->Read(&handshake_type_)) {
+    return false;  // malformed
+  }
+  uint32_t length;
+  if (!ReadLength(parser, record_header, &length)) {
+    return false;
+  }
+
+  return parser->Read(body, length);
+}
+
+size_t TlsHandshakeFilter::HandshakeHeader::Write(
+    DataBuffer* buffer, size_t offset, const DataBuffer& body) const {
+  offset = buffer->Write(offset, handshake_type(), 1);
+  offset = buffer->Write(offset, body.len(), 3);
+  if (is_dtls()) {
+    offset = buffer->Write(offset, message_seq_, 2);
+    offset = buffer->Write(offset, 0U, 3);  // fragment_offset
+    offset = buffer->Write(offset, body.len(), 3);
+  }
+  offset = buffer->Write(offset, body);
+  return offset;
+}
+
+PacketFilter::Action TlsInspectorRecordHandshakeMessage::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  // Only do this once.
+  if (buffer_.len()) {
+    return KEEP;
+  }
+
+  if (header.handshake_type() == handshake_type_) {
+    buffer_ = input;
+  }
+  return KEEP;
+}
+
+PacketFilter::Action TlsInspectorReplaceHandshakeMessage::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (header.handshake_type() == handshake_type_) {
+    *output = buffer_;
+    return CHANGE;
+  }
+
+  return KEEP;
+}
+
+PacketFilter::Action TlsAlertRecorder::FilterRecord(const RecordHeader& header,
+                                                    const DataBuffer& input,
+                                                    DataBuffer* output) {
+  if (level_ == kTlsAlertFatal) {  // already fatal
+    return KEEP;
+  }
+  if (header.content_type() != kTlsAlertType) {
+    return KEEP;
+  }
+
+  std::cerr << "Alert: " << input << std::endl;
+
+  TlsParser parser(input);
+  uint8_t lvl;
+  if (!parser.Read(&lvl)) {
+    return KEEP;
+  }
+  if (lvl == kTlsAlertWarning) {  // not strong enough
+    return KEEP;
+  }
+  level_ = lvl;
+  (void)parser.Read(&description_);
+  return KEEP;
+}
+
+ChainedPacketFilter::~ChainedPacketFilter() {
+  for (auto it = filters_.begin(); it != filters_.end(); ++it) {
+    delete *it;
+  }
+}
+
+PacketFilter::Action ChainedPacketFilter::Filter(const DataBuffer& input,
+                                                 DataBuffer* output) {
+  DataBuffer in(input);
+  bool changed = false;
+  for (auto it = filters_.begin(); it != filters_.end(); ++it) {
+    PacketFilter::Action action = (*it)->Filter(in, output);
+    if (action == DROP) {
+      return DROP;
+    }
+    if (action == CHANGE) {
+      in = *output;
+      changed = true;
+    }
+  }
+  return changed ? CHANGE : KEEP;
+}
+
+PacketFilter::Action TlsExtensionFilter::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (header.handshake_type() == kTlsHandshakeClientHello) {
+    TlsParser parser(input);
+    if (!FindClientHelloExtensions(&parser, header)) {
+      return KEEP;
+    }
+    return FilterExtensions(&parser, input, output);
+  }
+  if (header.handshake_type() == kTlsHandshakeServerHello) {
+    TlsParser parser(input);
+    if (!FindServerHelloExtensions(&parser)) {
+      return KEEP;
+    }
+    return FilterExtensions(&parser, input, output);
+  }
+  return KEEP;
+}
+
+bool TlsExtensionFilter::FindClientHelloExtensions(TlsParser* parser,
+                                                   const Versioned& header) {
+  if (!parser->Skip(2 + 32)) {  // version + random
+    return false;
+  }
+  if (!parser->SkipVariable(1)) {  // session ID
+    return false;
+  }
+  if (header.is_dtls() && !parser->SkipVariable(1)) {  // DTLS cookie
+    return false;
+  }
+  if (!parser->SkipVariable(2)) {  // cipher suites
+    return false;
+  }
+  if (!parser->SkipVariable(1)) {  // compression methods
+    return false;
+  }
+  return true;
+}
+
+bool TlsExtensionFilter::FindServerHelloExtensions(TlsParser* parser) {
+  uint32_t vtmp;
+  if (!parser->Read(&vtmp, 2)) {
+    return false;
+  }
+  uint16_t version = static_cast<uint16_t>(vtmp);
+  if (!parser->Skip(32)) {  // random
+    return false;
+  }
+  if (NormalizeTlsVersion(version) <= SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (!parser->SkipVariable(1)) {  // session ID
+      return false;
+    }
+  }
+  if (!parser->Skip(2)) {  // cipher suite
+    return false;
+  }
+  if (NormalizeTlsVersion(version) <= SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (!parser->Skip(1)) {  // compression method
+      return false;
+    }
+  }
+  return true;
+}
+
+PacketFilter::Action TlsExtensionFilter::FilterExtensions(
+    TlsParser* parser, const DataBuffer& input, DataBuffer* output) {
+  size_t length_offset = parser->consumed();
+  uint32_t all_extensions;
+  if (!parser->Read(&all_extensions, 2)) {
+    return KEEP;  // no extensions, odd but OK
+  }
+  if (all_extensions != parser->remaining()) {
+    return KEEP;  // malformed
+  }
+
+  bool changed = false;
+
+  // Write out the start of the message.
+  output->Allocate(input.len());
+  size_t offset = output->Write(0, input.data(), parser->consumed());
+
+  while (parser->remaining()) {
+    uint32_t extension_type;
+    if (!parser->Read(&extension_type, 2)) {
+      return KEEP;  // malformed
+    }
+
+    DataBuffer extension;
+    if (!parser->ReadVariable(&extension, 2)) {
+      return KEEP;  // malformed
+    }
+
+    DataBuffer filtered;
+    PacketFilter::Action action =
+        FilterExtension(extension_type, extension, &filtered);
+    if (action == DROP) {
+      changed = true;
+      std::cerr << "extension drop: " << extension << std::endl;
+      continue;
+    }
+
+    const DataBuffer* source = &extension;
+    if (action == CHANGE) {
+      EXPECT_GT(0x10000U, filtered.len());
+      changed = true;
+      std::cerr << "extension old: " << extension << std::endl;
+      std::cerr << "extension new: " << filtered << std::endl;
+      source = &filtered;
+    }
+
+    // Write out extension.
+    offset = output->Write(offset, extension_type, 2);
+    offset = output->Write(offset, source->len(), 2);
+    offset = output->Write(offset, *source);
+  }
+  output->Truncate(offset);
+
+  if (changed) {
+    size_t newlen = output->len() - length_offset - 2;
+    EXPECT_GT(0x10000U, newlen);
+    if (newlen >= 0x10000) {
+      return KEEP;  // bad: size increased too much
+    }
+    output->Write(length_offset, newlen, 2);
+    return CHANGE;
+  }
+  return KEEP;
+}
+
+PacketFilter::Action TlsExtensionCapture::FilterExtension(
+    uint16_t extension_type, const DataBuffer& input, DataBuffer* output) {
+  if (extension_type == extension_) {
+    data_.Assign(input);
+  }
+  return KEEP;
+}
+
+PacketFilter::Action TlsExtensionReplacer::FilterExtension(
+    uint16_t extension_type, const DataBuffer& input, DataBuffer* output) {
+  if (extension_type != extension_) {
+    return KEEP;
+  }
+
+  *output = data_;
+  return CHANGE;
+}
+
+PacketFilter::Action AfterRecordN::FilterRecord(const RecordHeader& header,
+                                                const DataBuffer& body,
+                                                DataBuffer* out) {
+  if (counter_++ == record_) {
+    DataBuffer buf;
+    header.Write(&buf, 0, body);
+    src_->SendDirect(buf);
+    dest_->Handshake();
+    func_();
+    return DROP;
+  }
+
+  return KEEP;
+}
+
+PacketFilter::Action TlsInspectorClientHelloVersionChanger::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (header.handshake_type() == kTlsHandshakeClientKeyExchange) {
+    EXPECT_EQ(SECSuccess,
+              SSLInt_IncrementClientHandshakeVersion(server_->ssl_fd()));
+  }
+  return KEEP;
+}
+
+PacketFilter::Action SelectiveDropFilter::Filter(const DataBuffer& input,
+                                                 DataBuffer* output) {
+  if (counter_ >= 32) {
+    return KEEP;
+  }
+  return ((1 << counter_++) & pattern_) ? DROP : KEEP;
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/tls_filter.h b/nss/external_tests/ssl_gtest/tls_filter.h
new file mode 100644
index 0000000..1c9ff6d
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_filter.h
@@ -0,0 +1,303 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_filter_h_
+#define tls_filter_h_
+
+#include <functional>
+#include <memory>
+#include <vector>
+
+#include "test_io.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// Abstract filter that operates on entire (D)TLS records.
+class TlsRecordFilter : public PacketFilter {
+ public:
+  TlsRecordFilter() : count_(0) {}
+
+  // External interface. Overrides PacketFilter.
+  PacketFilter::Action Filter(const DataBuffer& input, DataBuffer* output);
+
+  // Report how many packets were altered by the filter.
+  size_t filtered_packets() const { return count_; }
+
+  class Versioned {
+   public:
+    Versioned() : version_(0) {}
+    explicit Versioned(uint16_t version) : version_(version) {}
+
+    bool is_dtls() const { return IsDtls(version_); }
+    uint16_t version() const { return version_; }
+
+   protected:
+    uint16_t version_;
+  };
+
+  class RecordHeader : public Versioned {
+   public:
+    RecordHeader() : Versioned(), content_type_(0), sequence_number_(0) {}
+    RecordHeader(uint16_t version, uint8_t content_type,
+                 uint64_t sequence_number)
+        : Versioned(version),
+          content_type_(content_type),
+          sequence_number_(sequence_number) {}
+
+    uint8_t content_type() const { return content_type_; }
+    uint64_t sequence_number() const { return sequence_number_; }
+    size_t header_length() const { return is_dtls() ? 11 : 3; }
+
+    // Parse the header; return true if successful; body in an outparam if OK.
+    bool Parse(TlsParser* parser, DataBuffer* body);
+    // Write the header and body to a buffer at the given offset.
+    // Return the offset of the end of the write.
+    size_t Write(DataBuffer* buffer, size_t offset,
+                 const DataBuffer& body) const;
+
+   private:
+    uint8_t content_type_;
+    uint64_t sequence_number_;
+  };
+
+ protected:
+  // There are two filter functions which can be overriden. Both are
+  // called with the header and the record but the outer one is called
+  // with a raw pointer to let you write into the buffer and lets you
+  // do anything with this section of the stream. The inner one
+  // just lets you change the record contents. By default, the
+  // outer one calls the inner one, so if you override the outer
+  // one, the inner one is never called unless you call it yourself.
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& record,
+                                            size_t* offset, DataBuffer* output);
+
+  // The record filter receives the record contentType, version and DTLS
+  // sequence number (which is zero for TLS), plus the existing record payload.
+  // It returns an action (KEEP, CHANGE, DROP).  It writes to the `changed`
+  // outparam with the new record contents if it chooses to CHANGE the record.
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& data,
+                                            DataBuffer* changed) {
+    return KEEP;
+  }
+
+ private:
+  size_t count_;
+};
+
+// Abstract filter that operates on handshake messages rather than records.
+// This assumes that the handshake messages are written in a block as entire
+// records and that they don't span records or anything crazy like that.
+class TlsHandshakeFilter : public TlsRecordFilter {
+ public:
+  TlsHandshakeFilter() {}
+
+  class HandshakeHeader : public Versioned {
+   public:
+    HandshakeHeader() : Versioned(), handshake_type_(0), message_seq_(0) {}
+
+    uint8_t handshake_type() const { return handshake_type_; }
+    bool Parse(TlsParser* parser, const RecordHeader& record_header,
+               DataBuffer* body);
+    size_t Write(DataBuffer* buffer, size_t offset,
+                 const DataBuffer& body) const;
+
+   private:
+    // Reads the length from the record header.
+    // This also reads the DTLS fragment information and checks it.
+    bool ReadLength(TlsParser* parser, const RecordHeader& header,
+                    uint32_t* length);
+
+    uint8_t handshake_type_;
+    uint16_t message_seq_;
+    // fragment_offset is always zero in these tests.
+  };
+
+ protected:
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& input,
+                                            DataBuffer* output);
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) = 0;
+
+ private:
+};
+
+// Make a copy of the first instance of a handshake message.
+class TlsInspectorRecordHandshakeMessage : public TlsHandshakeFilter {
+ public:
+  TlsInspectorRecordHandshakeMessage(uint8_t handshake_type)
+      : handshake_type_(handshake_type), buffer_() {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+  const DataBuffer& buffer() const { return buffer_; }
+
+ private:
+  uint8_t handshake_type_;
+  DataBuffer buffer_;
+};
+
+// Replace all instances of a handshake message.
+class TlsInspectorReplaceHandshakeMessage : public TlsHandshakeFilter {
+ public:
+  TlsInspectorReplaceHandshakeMessage(uint8_t handshake_type,
+                                      const DataBuffer& replacement)
+      : handshake_type_(handshake_type), buffer_(replacement) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+ private:
+  uint8_t handshake_type_;
+  DataBuffer buffer_;
+};
+
+// Records an alert.  If an alert has already been recorded, it won't save the
+// new alert unless the old alert is a warning and the new one is fatal.
+class TlsAlertRecorder : public TlsRecordFilter {
+ public:
+  TlsAlertRecorder() : level_(255), description_(255) {}
+
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& input,
+                                            DataBuffer* output);
+
+  uint8_t level() const { return level_; }
+  uint8_t description() const { return description_; }
+
+ private:
+  uint8_t level_;
+  uint8_t description_;
+};
+
+// Runs multiple packet filters in series.
+class ChainedPacketFilter : public PacketFilter {
+ public:
+  ChainedPacketFilter() {}
+  ChainedPacketFilter(const std::vector<PacketFilter*> filters)
+      : filters_(filters.begin(), filters.end()) {}
+  virtual ~ChainedPacketFilter();
+
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output);
+
+  // Takes ownership of the filter.
+  void Add(PacketFilter* filter) { filters_.push_back(filter); }
+
+ private:
+  std::vector<PacketFilter*> filters_;
+};
+
+class TlsExtensionFilter : public TlsHandshakeFilter {
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) = 0;
+
+ public:
+  static bool FindClientHelloExtensions(TlsParser* parser,
+                                        const Versioned& header);
+  static bool FindServerHelloExtensions(TlsParser* parser);
+
+ private:
+  PacketFilter::Action FilterExtensions(TlsParser* parser,
+                                        const DataBuffer& input,
+                                        DataBuffer* output);
+};
+
+class TlsExtensionCapture : public TlsExtensionFilter {
+ public:
+  TlsExtensionCapture(uint16_t ext) : extension_(ext), data_() {}
+
+  const DataBuffer& extension() const { return data_; }
+
+ protected:
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+ private:
+  const uint16_t extension_;
+  DataBuffer data_;
+};
+
+class TlsExtensionReplacer : public TlsExtensionFilter {
+ public:
+  TlsExtensionReplacer(uint16_t extension, const DataBuffer& data)
+      : extension_(extension), data_(data) {}
+  PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override;
+
+ private:
+  const uint16_t extension_;
+  const DataBuffer data_;
+};
+
+class TlsAgent;
+typedef std::function<void(void)> VoidFunction;
+
+class AfterRecordN : public TlsRecordFilter {
+ public:
+  AfterRecordN(TlsAgent* src, TlsAgent* dest, unsigned int record,
+               VoidFunction func)
+      : src_(src), dest_(dest), record_(record), func_(func), counter_(0) {}
+
+  virtual PacketFilter::Action FilterRecord(const RecordHeader& header,
+                                            const DataBuffer& body,
+                                            DataBuffer* out);
+
+ private:
+  TlsAgent* src_;
+  TlsAgent* dest_;
+  unsigned int record_;
+  VoidFunction func_;
+  unsigned int counter_;
+};
+
+// When we see the ClientKeyExchange from |client|, increment the
+// ClientHelloVersion on |server|.
+class TlsInspectorClientHelloVersionChanger : public TlsHandshakeFilter {
+ public:
+  TlsInspectorClientHelloVersionChanger(TlsAgent* server) : server_(server) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+ private:
+  TlsAgent* server_;
+};
+
+// This class selectively drops complete writes.  This relies on the fact that
+// writes in libssl are on record boundaries.
+class SelectiveDropFilter : public PacketFilter {
+ public:
+  SelectiveDropFilter(uint32_t pattern) : pattern_(pattern), counter_(0) {}
+
+ protected:
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output) override;
+
+ private:
+  const uint32_t pattern_;
+  uint8_t counter_;
+};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc b/nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc
new file mode 100644
index 0000000..202520e
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_hkdf_unittest.cc
@@ -0,0 +1,262 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "tls13hkdf.h"
+
+#include "databuffer.h"
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+const uint8_t kKey1Data[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
+const DataBuffer kKey1(kKey1Data, sizeof(kKey1Data));
+
+// The same as key1 but with the first byte
+// 0x01.
+const uint8_t kKey2Data[] = {
+    0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
+const DataBuffer kKey2(kKey2Data, sizeof(kKey2Data));
+
+const char kLabelMasterSecret[] = "master secret";
+
+const uint8_t kSessionHash[] = {
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3,
+    0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb,
+    0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3,
+    0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff,
+};
+
+const size_t kHashLength[] = {
+    0,  /* ssl_hash_none   */
+    16, /* ssl_hash_md5    */
+    20, /* ssl_hash_sha1   */
+    28, /* ssl_hash_sha224 */
+    32, /* ssl_hash_sha256 */
+    48, /* ssl_hash_sha384 */
+    64, /* ssl_hash_sha512 */
+};
+
+const std::string kHashName[] = {"None",    "MD5",     "SHA-1",  "SHA-224",
+                                 "SHA-256", "SHA-384", "SHA-512"};
+
+static void ImportKey(ScopedPK11SymKey* to, const DataBuffer& key,
+                      PK11SlotInfo* slot) {
+  SECItem key_item = {siBuffer, const_cast<uint8_t*>(key.data()),
+                      static_cast<unsigned int>(key.len())};
+
+  PK11SymKey* inner =
+      PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE, PK11_OriginUnwrap,
+                        CKA_DERIVE, &key_item, NULL);
+  ASSERT_NE(nullptr, inner);
+  to->reset(inner);
+}
+
+static void DumpData(const std::string& label, const uint8_t* buf, size_t len) {
+  DataBuffer d(buf, len);
+
+  std::cerr << label << ": " << d << std::endl;
+}
+
+void DumpKey(const std::string& label, ScopedPK11SymKey& key) {
+  SECStatus rv = PK11_ExtractKeyValue(key.get());
+  ASSERT_EQ(SECSuccess, rv);
+
+  SECItem* key_data = PK11_GetKeyData(key.get());
+  ASSERT_NE(nullptr, key_data);
+
+  DumpData(label, key_data->data, key_data->len);
+}
+
+extern "C" {
+extern char ssl_trace;
+extern FILE* ssl_trace_iob;
+}
+
+class TlsHkdfTest : public ::testing::Test,
+                    public ::testing::WithParamInterface<SSLHashType> {
+ public:
+  TlsHkdfTest()
+      : k1_(), k2_(), hash_type_(GetParam()), slot_(PK11_GetInternalSlot()) {
+    EXPECT_NE(nullptr, slot_);
+    char* ev = getenv("SSLTRACE");
+    if (ev && ev[0]) {
+      ssl_trace = atoi(ev);
+      ssl_trace_iob = stderr;
+    }
+  }
+
+  void SetUp() {
+    ImportKey(&k1_, kKey1, slot_.get());
+    ImportKey(&k2_, kKey2, slot_.get());
+  }
+
+  void VerifyKey(const ScopedPK11SymKey& key, const DataBuffer& expected) {
+    SECStatus rv = PK11_ExtractKeyValue(key.get());
+    ASSERT_EQ(SECSuccess, rv);
+
+    SECItem* key_data = PK11_GetKeyData(key.get());
+    ASSERT_NE(nullptr, key_data);
+
+    EXPECT_EQ(expected.len(), key_data->len);
+    EXPECT_EQ(0, memcmp(expected.data(), key_data->data, expected.len()));
+  }
+
+  void HkdfExtract(const ScopedPK11SymKey& ikmk1, const ScopedPK11SymKey& ikmk2,
+                   SSLHashType base_hash, const DataBuffer& expected) {
+    std::cerr << "Hash = " << kHashName[base_hash] << std::endl;
+
+    PK11SymKey* prk = nullptr;
+    SECStatus rv = tls13_HkdfExtract(ikmk1.get(), ikmk2.get(), base_hash, &prk);
+    ASSERT_EQ(SECSuccess, rv);
+    ScopedPK11SymKey prkk(prk);
+
+    DumpKey("Output", prkk);
+    VerifyKey(prkk, expected);
+  }
+
+  void HkdfExpandLabel(ScopedPK11SymKey* prk, SSLHashType base_hash,
+                       const uint8_t* session_hash, size_t session_hash_len,
+                       const char* label, size_t label_len,
+                       const DataBuffer& expected) {
+    std::cerr << "Hash = " << kHashName[base_hash] << std::endl;
+
+    std::vector<uint8_t> output(expected.len());
+
+    SECStatus rv = tls13_HkdfExpandLabelRaw(prk->get(), base_hash, session_hash,
+                                            session_hash_len, label, label_len,
+                                            &output[0], output.size());
+    ASSERT_EQ(SECSuccess, rv);
+    DumpData("Output", &output[0], output.size());
+    EXPECT_EQ(0, memcmp(expected.data(), &output[0], expected.len()));
+  }
+
+ protected:
+  ScopedPK11SymKey k1_;
+  ScopedPK11SymKey k2_;
+  SSLHashType hash_type_;
+
+ private:
+  ScopedPK11SlotInfo slot_;
+};
+
+TEST_P(TlsHkdfTest, HkdfNullNull) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd,
+       0x98, 0x93, 0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f,
+       0x26, 0x60, 0xe1, 0xb2, 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a},
+      {0x7e, 0xe8, 0x20, 0x6f, 0x55, 0x70, 0x02, 0x3e, 0x6d, 0xc7, 0x51, 0x9e,
+       0xb1, 0x07, 0x3b, 0xc4, 0xe7, 0x91, 0xad, 0x37, 0xb5, 0xc3, 0x82, 0xaa,
+       0x10, 0xba, 0x18, 0xe2, 0x35, 0x7e, 0x71, 0x69, 0x71, 0xf9, 0x36, 0x2f,
+       0x2c, 0x2f, 0xe2, 0xa7, 0x6b, 0xfd, 0x78, 0xdf, 0xec, 0x4e, 0xa9, 0xb5}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(nullptr, nullptr, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfKey1Only) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {0x11, 0x87, 0x38, 0x28, 0xa9, 0x19, 0x78, 0x11, 0x33, 0x91, 0x24,
+       0xb5, 0x8a, 0x1b, 0xb0, 0x9f, 0x7f, 0x0d, 0x8d, 0xbb, 0x10, 0xf4,
+       0x9c, 0x54, 0xbd, 0x1f, 0xd8, 0x85, 0xcd, 0x15, 0x30, 0x33},
+      {0x51, 0xb1, 0xd5, 0xb4, 0x59, 0x79, 0x79, 0x08, 0x4a, 0x15, 0xb2, 0xdb,
+       0x84, 0xd3, 0xd6, 0xbc, 0xfc, 0x93, 0x45, 0xd9, 0xdc, 0x74, 0xda, 0x1a,
+       0x57, 0xc2, 0x76, 0x9f, 0x3f, 0x83, 0x45, 0x2f, 0xf6, 0xf3, 0x56, 0x1f,
+       0x58, 0x63, 0xdb, 0x88, 0xda, 0x40, 0xce, 0x63, 0x7d, 0x24, 0x37, 0xf3}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(k1_, nullptr, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfKey2Only) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {
+          0x2f, 0x5f, 0x78, 0xd0, 0xa4, 0xc4, 0x36, 0xee, 0x6c, 0x8a, 0x4e,
+          0xf9, 0xd0, 0x43, 0x81, 0x02, 0x13, 0xfd, 0x47, 0x83, 0x63, 0x3a,
+          0xd2, 0xe1, 0x40, 0x6d, 0x2d, 0x98, 0x00, 0xfd, 0xc1, 0x87,
+      },
+      {0x7b, 0x40, 0xf9, 0xef, 0x91, 0xff, 0xc9, 0xd1, 0x29, 0x24, 0x5c, 0xbf,
+       0xf8, 0x82, 0x76, 0x68, 0xae, 0x4b, 0x63, 0xe8, 0x03, 0xdd, 0x39, 0xa8,
+       0xd4, 0x6a, 0xf6, 0xe5, 0xec, 0xea, 0xf8, 0x7d, 0x91, 0x71, 0x81, 0xf1,
+       0xdb, 0x3b, 0xaf, 0xbf, 0xde, 0x71, 0x61, 0x15, 0xeb, 0xb5, 0x5f, 0x68}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(nullptr, k2_, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfKey1Key2) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {
+          0x79, 0x53, 0xb8, 0xdd, 0x6b, 0x98, 0xce, 0x00, 0xb7, 0xdc, 0xe8,
+          0x03, 0x70, 0x8c, 0xe3, 0xac, 0x06, 0x8b, 0x22, 0xfd, 0x0e, 0x34,
+          0x48, 0xe6, 0xe5, 0xe0, 0x8a, 0xd6, 0x16, 0x18, 0xe5, 0x48,
+      },
+      {0x01, 0x93, 0xc0, 0x07, 0x3f, 0x6a, 0x83, 0x0e, 0x2e, 0x4f, 0xb2, 0x58,
+       0xe4, 0x00, 0x08, 0x5c, 0x68, 0x9c, 0x37, 0x32, 0x00, 0x37, 0xff, 0xc3,
+       0x1c, 0x5b, 0x98, 0x0b, 0x02, 0x92, 0x3f, 0xfd, 0x73, 0x5a, 0x6f, 0x2a,
+       0x95, 0xa3, 0xee, 0xf6, 0xd6, 0x8e, 0x6f, 0x86, 0xea, 0x63, 0xf8, 0x33}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(k1_, k2_, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfExpandLabel) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {0x66, 0x8a, 0x55, 0x1a, 0xef, 0x33, 0x7b, 0x45, 0x26, 0xa6, 0x36,
+       0xb1, 0xe0, 0x23, 0x48, 0x24, 0x6f, 0x34, 0xa5, 0x57, 0x11, 0x4a,
+       0xb5, 0x64, 0xc4, 0x5c, 0x69, 0xb4, 0x0f, 0xc8, 0x12, 0xa5},
+      {0x99, 0x98, 0xde, 0xbf, 0x82, 0x8d, 0xf6, 0x55, 0xa1, 0xcf, 0xa8, 0xbe,
+       0x12, 0x06, 0x5c, 0x8e, 0x65, 0xec, 0x80, 0xa1, 0x33, 0xed, 0x61, 0x06,
+       0x09, 0xc6, 0x5c, 0x08, 0xcf, 0xc9, 0x91, 0x39, 0xbe, 0xce, 0x4e, 0x4a,
+       0x9b, 0x67, 0x36, 0x50, 0x89, 0x98, 0x59, 0x1c, 0x5d, 0x6e, 0x9c, 0x7d}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExpandLabel(&k1_, hash_type_, kSessionHash, kHashLength[hash_type_] * 2,
+                  kLabelMasterSecret, strlen(kLabelMasterSecret),
+                  expected_data);
+}
+
+static const SSLHashType kHashTypes[] = {ssl_hash_sha256, ssl_hash_sha384};
+INSTANTIATE_TEST_CASE_P(AllHashFuncs, TlsHkdfTest,
+                        ::testing::ValuesIn(kHashTypes));
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/tls_parser.cc b/nss/external_tests/ssl_gtest/tls_parser.cc
new file mode 100644
index 0000000..e4c06aa
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_parser.cc
@@ -0,0 +1,73 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_parser.h"
+
+namespace nss_test {
+
+bool TlsParser::Read(uint8_t* val) {
+  if (remaining() < 1) {
+    return false;
+  }
+  *val = *ptr();
+  consume(1);
+  return true;
+}
+
+bool TlsParser::Read(uint32_t* val, size_t size) {
+  if (size > sizeof(uint32_t)) {
+    return false;
+  }
+
+  uint32_t v = 0;
+  for (size_t i = 0; i < size; ++i) {
+    uint8_t tmp;
+    if (!Read(&tmp)) {
+      return false;
+    }
+
+    v = (v << 8) | tmp;
+  }
+
+  *val = v;
+  return true;
+}
+
+bool TlsParser::Read(DataBuffer* val, size_t len) {
+  if (remaining() < len) {
+    return false;
+  }
+
+  val->Assign(ptr(), len);
+  consume(len);
+  return true;
+}
+
+bool TlsParser::ReadVariable(DataBuffer* val, size_t len_size) {
+  uint32_t len;
+  if (!Read(&len, len_size)) {
+    return false;
+  }
+  return Read(val, len);
+}
+
+bool TlsParser::Skip(size_t len) {
+  if (len > remaining()) {
+    return false;
+  }
+  consume(len);
+  return true;
+}
+
+bool TlsParser::SkipVariable(size_t len_size) {
+  uint32_t len;
+  if (!Read(&len, len_size)) {
+    return false;
+  }
+  return Skip(len);
+}
+
+}  // namespace nss_test
diff --git a/nss/external_tests/ssl_gtest/tls_parser.h b/nss/external_tests/ssl_gtest/tls_parser.h
new file mode 100644
index 0000000..70e2ab5
--- /dev/null
+++ b/nss/external_tests/ssl_gtest/tls_parser.h
@@ -0,0 +1,125 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_parser_h_
+#define tls_parser_h_
+
+#include <cstdint>
+#include <cstring>
+#include <memory>
+#if defined(WIN32) || defined(WIN64)
+#include <winsock2.h>
+#else
+#include <arpa/inet.h>
+#endif
+#include "databuffer.h"
+
+namespace nss_test {
+
+const uint8_t kTlsChangeCipherSpecType = 20;
+const uint8_t kTlsAlertType = 21;
+const uint8_t kTlsHandshakeType = 22;
+const uint8_t kTlsApplicationDataType = 23;
+
+const uint8_t kTlsHandshakeClientHello = 1;
+const uint8_t kTlsHandshakeServerHello = 2;
+const uint8_t kTlsHandshakeHelloRetryRequest = 6;
+const uint8_t kTlsHandshakeEncryptedExtensions = 8;
+const uint8_t kTlsHandshakeCertificate = 11;
+const uint8_t kTlsHandshakeServerKeyExchange = 12;
+const uint8_t kTlsHandshakeCertificateVerify = 15;
+const uint8_t kTlsHandshakeClientKeyExchange = 16;
+const uint8_t kTlsHandshakeFinished = 20;
+
+const uint8_t kTlsAlertWarning = 1;
+const uint8_t kTlsAlertFatal = 2;
+
+const uint8_t kTlsAlertUnexpectedMessage = 10;
+const uint8_t kTlsAlertBadRecordMac = 20;
+const uint8_t kTlsAlertHandshakeFailure = 40;
+const uint8_t kTlsAlertIllegalParameter = 47;
+const uint8_t kTlsAlertDecodeError = 50;
+const uint8_t kTlsAlertDecryptError = 51;
+const uint8_t kTlsAlertMissingExtension = 109;
+const uint8_t kTlsAlertUnsupportedExtension = 110;
+const uint8_t kTlsAlertNoApplicationProtocol = 120;
+
+const uint16_t kTlsSigSchemeRsaPkcs1Sha1 = 0x0201;
+const uint16_t kTlsSigSchemeRsaPssSha256 = 0x0804;
+
+const uint8_t kTlsFakeChangeCipherSpec[] = {
+    kTlsChangeCipherSpecType,  // Type
+    0xfe,
+    0xff,  // Version
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x10,  // Fictitious sequence #
+    0x00,
+    0x01,  // Length
+    0x01   // Value
+};
+
+inline bool IsDtls(uint16_t version) { return (version & 0x8000) == 0x8000; }
+
+inline uint16_t NormalizeTlsVersion(uint16_t version) {
+  if (version == 0xfeff) {
+    return 0x0302;  // special: DTLS 1.0 == TLS 1.1
+  }
+  if (IsDtls(version)) {
+    return (version ^ 0xffff) + 0x0201;
+  }
+  return version;
+}
+
+inline uint16_t TlsVersionToDtlsVersion(uint16_t version) {
+  if (version == 0x0302) {
+    return 0xfeff;
+  }
+  return 0xffff - version + 0x0201;
+}
+
+inline void WriteVariable(DataBuffer* target, size_t index,
+                          const DataBuffer& buf, size_t len_size) {
+  target->Write(index, static_cast<uint32_t>(buf.len()), len_size);
+  target->Write(index + len_size, buf.data(), buf.len());
+}
+
+class TlsParser {
+ public:
+  TlsParser(const uint8_t* data, size_t len) : buffer_(data, len), offset_(0) {}
+  explicit TlsParser(const DataBuffer& buf) : buffer_(buf), offset_(0) {}
+
+  bool Read(uint8_t* val);
+  // Read an integral type of specified width.
+  bool Read(uint32_t* val, size_t size);
+  // Reads len bytes into dest buffer, overwriting it.
+  bool Read(DataBuffer* dest, size_t len);
+  // Reads bytes into dest buffer, overwriting it.  The number of bytes is
+  // determined by reading from len_size bytes from the stream first.
+  bool ReadVariable(DataBuffer* dest, size_t len_size);
+
+  bool Skip(size_t len);
+  bool SkipVariable(size_t len_size);
+
+  size_t consumed() const { return offset_; }
+  size_t remaining() const { return buffer_.len() - offset_; }
+
+ private:
+  void consume(size_t len) { offset_ += len; }
+  const uint8_t* ptr() const { return buffer_.data() + offset_; }
+
+  DataBuffer buffer_;
+  size_t offset_;
+};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/external_tests/util_gtest/Makefile b/nss/external_tests/util_gtest/Makefile
new file mode 100644
index 0000000..9966697
--- /dev/null
+++ b/nss/external_tests/util_gtest/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/util
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/external_tests/util_gtest/manifest.mn b/nss/external_tests/util_gtest/manifest.mn
new file mode 100644
index 0000000..41e7edc
--- /dev/null
+++ b/nss/external_tests/util_gtest/manifest.mn
@@ -0,0 +1,26 @@
+# -*- makefile -*-
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+	util_utf8_unittest.cc \
+	$(NULL)
+
+INCLUDES += \
+	-I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
+	-I$(CORE_DEPTH)/external_tests/common \
+	$(NULL)
+
+REQUIRES = nspr gtest
+
+PROGRAM = util_gtest
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
+	../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) \
+	$(NULL)
diff --git a/nss/external_tests/util_gtest/util_utf8_unittest.cc b/nss/external_tests/util_gtest/util_utf8_unittest.cc
new file mode 100644
index 0000000..b785e08
--- /dev/null
+++ b/nss/external_tests/util_gtest/util_utf8_unittest.cc
@@ -0,0 +1,979 @@
+// -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// vim: set ts=2 et sw=2 tw=80:
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "secport.h"
+
+#include "gtest/gtest.h"
+#include "prnetdb.h"
+
+#include <stdint.h>
+#include <string.h>
+#include <string>
+
+namespace nss_test {
+
+// Structures to represent test cases.  These are small enough that
+// passing by value isn't a problem.
+
+struct Ucs4Case {
+  PRUint32 c;
+  const char *utf8;
+};
+
+struct Ucs2Case {
+  PRUint16 c;
+  const char *utf8;
+};
+
+struct Utf16Case {
+  PRUint32 c;
+  PRUint16 w[2];
+};
+
+struct Utf16BadCase {
+  PRUint16 w[3];
+};
+
+// Test classes for parameterized tests:
+
+class Ucs4Test : public ::testing::TestWithParam<Ucs4Case> {};
+
+class Ucs2Test : public ::testing::TestWithParam<Ucs2Case> {};
+
+class Utf16Test : public ::testing::TestWithParam<Utf16Case> {};
+
+class BadUtf8Test : public ::testing::TestWithParam<const char *> {};
+
+class BadUtf16Test : public ::testing::TestWithParam<Utf16BadCase> {};
+
+class Iso88591Test : public ::testing::TestWithParam<Ucs2Case> {};
+
+// Tests of sec_port_ucs4_utf8_conversion_function, by itself, on
+// valid inputs:
+
+TEST_P(Ucs4Test, ToUtf8) {
+  const Ucs4Case testCase = GetParam();
+  PRUint32 nc = PR_htonl(testCase.c);
+  unsigned char utf8[8] = {0};
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8, sizeof(utf8), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_LT(len, sizeof(utf8));
+  EXPECT_EQ(std::string(testCase.utf8), std::string((char *)utf8, len));
+  EXPECT_EQ('\0', utf8[len]);
+}
+
+TEST_P(Ucs4Test, FromUtf8) {
+  const Ucs4Case testCase = GetParam();
+  PRUint32 nc;
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)testCase.utf8, strlen(testCase.utf8),
+      (unsigned char *)&nc, sizeof(nc), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(nc), len);
+  EXPECT_EQ(testCase.c, PR_ntohl(nc));
+}
+
+TEST_P(Ucs4Test, DestTooSmall) {
+  const Ucs4Case testCase = GetParam();
+  PRUint32 nc = PR_htonl(testCase.c);
+  unsigned char utf8[8];
+  unsigned char *utf8end = utf8 + sizeof(utf8);
+  unsigned int len = strlen(testCase.utf8) - 1;
+
+  ASSERT_LE(len, sizeof(utf8));
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8end - len, len, &len);
+
+  ASSERT_FALSE(result);
+  ASSERT_EQ(strlen(testCase.utf8), len);
+}
+
+// Tests of sec_port_ucs2_utf8_conversion_function, by itself, on
+// valid inputs:
+
+TEST_P(Ucs2Test, ToUtf8) {
+  const Ucs2Case testCase = GetParam();
+  PRUint16 nc = PR_htons(testCase.c);
+  unsigned char utf8[8] = {0};
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8, sizeof(utf8), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_LT(len, sizeof(utf8));
+  EXPECT_EQ(std::string(testCase.utf8), std::string((char *)utf8, len));
+  EXPECT_EQ('\0', utf8[len]);
+}
+
+TEST_P(Ucs2Test, FromUtf8) {
+  const Ucs2Case testCase = GetParam();
+  PRUint16 nc;
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)testCase.utf8, strlen(testCase.utf8),
+      (unsigned char *)&nc, sizeof(nc), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  ASSERT_EQ(sizeof(nc), len);
+  EXPECT_EQ(testCase.c, PR_ntohs(nc));
+}
+
+TEST_P(Ucs2Test, DestTooSmall) {
+  const Ucs2Case testCase = GetParam();
+  PRUint16 nc = PR_htons(testCase.c);
+  unsigned char utf8[8];
+  unsigned char *utf8end = utf8 + sizeof(utf8);
+  unsigned int len = strlen(testCase.utf8) - 1;
+
+  ASSERT_LE(len, sizeof(utf8));
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8end - len, len, &len);
+
+  ASSERT_EQ(result, PR_FALSE);
+  ASSERT_EQ(strlen(testCase.utf8), len);
+}
+
+// Tests using UTF-16 and UCS-4 conversion together:
+
+TEST_P(Utf16Test, From16To32) {
+  const Utf16Case testCase = GetParam();
+  PRUint16 from[2] = {PR_htons(testCase.w[0]), PR_htons(testCase.w[1])};
+  PRUint32 to;
+  unsigned char utf8[8];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), utf8, sizeof(utf8), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+
+  result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, utf8, len, (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(testCase.c, PR_ntohl(to));
+}
+
+TEST_P(Utf16Test, From32To16) {
+  const Utf16Case testCase = GetParam();
+  PRUint32 from = PR_htonl(testCase.c);
+  unsigned char utf8[8];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), utf8, sizeof(utf8), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  const std::string utf8copy((char *)utf8, len);
+  PRUint16 to[2];
+
+  result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, utf8, len, (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(testCase.w[0], PR_ntohs(to[0]));
+  EXPECT_EQ(testCase.w[1], PR_ntohs(to[1]));
+}
+
+TEST_P(Utf16Test, SameUtf8) {
+  const Utf16Case testCase = GetParam();
+  PRUint32 from32 = PR_htonl(testCase.c);
+  unsigned char utf8from32[8];
+  unsigned int lenFrom32 = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from32, sizeof(from32), utf8from32,
+      sizeof(utf8from32), &lenFrom32);
+
+  ASSERT_TRUE(result);
+  ASSERT_LE(lenFrom32, sizeof(utf8from32));
+
+  PRUint16 from16[2] = {PR_htons(testCase.w[0]), PR_htons(testCase.w[1])};
+  unsigned char utf8from16[8];
+  unsigned int lenFrom16 = 0;
+
+  result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from16, sizeof(from16), utf8from16,
+      sizeof(utf8from16), &lenFrom16);
+
+  ASSERT_TRUE(result);
+  ASSERT_LE(lenFrom16, sizeof(utf8from16));
+
+  EXPECT_EQ(std::string((char *)utf8from32, lenFrom32),
+            std::string((char *)utf8from16, lenFrom16));
+}
+
+// Tests of invalid UTF-8 input:
+
+TEST_P(BadUtf8Test, HasNoUcs2) {
+  const char *const utf8 = GetParam();
+  unsigned char destBuf[30];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)utf8, strlen(utf8), destBuf, sizeof(destBuf),
+      &len);
+
+  EXPECT_FALSE(result);
+}
+
+TEST_P(BadUtf8Test, HasNoUcs4) {
+  const char *const utf8 = GetParam();
+  unsigned char destBuf[30];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)utf8, strlen(utf8), destBuf, sizeof(destBuf),
+      &len);
+
+  EXPECT_FALSE(result);
+}
+
+// Tests of invalid UTF-16 input:
+
+TEST_P(BadUtf16Test, HasNoUtf8) {
+  const Utf16BadCase testCase = GetParam();
+  Utf16BadCase srcBuf;
+  unsigned int len;
+  static const size_t maxLen = PR_ARRAY_SIZE(srcBuf.w);
+
+  size_t srcLen = 0;
+  while (testCase.w[srcLen] != 0) {
+    srcBuf.w[srcLen] = PR_htons(testCase.w[srcLen]);
+    srcLen++;
+    ASSERT_LT(srcLen, maxLen);
+  }
+
+  unsigned char destBuf[18];
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)srcBuf.w, srcLen * sizeof(PRUint16), destBuf,
+      sizeof(destBuf), &len);
+
+  EXPECT_FALSE(result);
+}
+
+// Tests of sec_port_iso88591_utf8_conversion_function on valid inputs:
+
+TEST_P(Iso88591Test, ToUtf8) {
+  const Ucs2Case testCase = GetParam();
+  unsigned char iso88591 = testCase.c;
+  unsigned char utf8[3] = {0};
+  unsigned int len = 0;
+
+  ASSERT_EQ(testCase.c, (PRUint16)iso88591);
+
+  PRBool result = sec_port_iso88591_utf8_conversion_function(
+      &iso88591, 1, utf8, sizeof(utf8), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_LT(len, sizeof(utf8));
+  EXPECT_EQ(std::string(testCase.utf8), std::string((char *)utf8, len));
+  EXPECT_EQ(0U, utf8[len]);
+}
+
+// Tests for the various representations of NUL (which the above
+// NUL-terminated test cases omitted):
+
+TEST(Utf8Zeroes, From32To8) {
+  unsigned int len;
+  PRUint32 from = 0;
+  unsigned char to;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), &to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+TEST(Utf8Zeroes, From16To8) {
+  unsigned int len;
+  PRUint16 from = 0;
+  unsigned char to;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), &to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+TEST(Utf8Zeroes, From8To32) {
+  unsigned int len;
+  unsigned char from = 0;
+  PRUint32 to;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, &from, sizeof(from), (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+TEST(Utf8Zeroes, From8To16) {
+  unsigned int len;
+  unsigned char from = 0;
+  PRUint16 to;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, &from, sizeof(from), (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+// UCS-4 <-> UTF-8 cases
+
+const Ucs4Case kUcs4Cases[] = {
+    {0x00000001, "\x01"},
+    {0x00000002, "\x02"},
+    {0x00000003, "\x03"},
+    {0x00000004, "\x04"},
+    {0x00000007, "\x07"},
+    {0x00000008, "\x08"},
+    {0x0000000F, "\x0F"},
+    {0x00000010, "\x10"},
+    {0x0000001F, "\x1F"},
+    {0x00000020, "\x20"},
+    {0x0000003F, "\x3F"},
+    {0x00000040, "\x40"},
+    {0x0000007F, "\x7F"},
+
+    {0x00000080, "\xC2\x80"},
+    {0x00000081, "\xC2\x81"},
+    {0x00000082, "\xC2\x82"},
+    {0x00000084, "\xC2\x84"},
+    {0x00000088, "\xC2\x88"},
+    {0x00000090, "\xC2\x90"},
+    {0x000000A0, "\xC2\xA0"},
+    {0x000000C0, "\xC3\x80"},
+    {0x000000FF, "\xC3\xBF"},
+    {0x00000100, "\xC4\x80"},
+    {0x00000101, "\xC4\x81"},
+    {0x00000102, "\xC4\x82"},
+    {0x00000104, "\xC4\x84"},
+    {0x00000108, "\xC4\x88"},
+    {0x00000110, "\xC4\x90"},
+    {0x00000120, "\xC4\xA0"},
+    {0x00000140, "\xC5\x80"},
+    {0x00000180, "\xC6\x80"},
+    {0x000001FF, "\xC7\xBF"},
+    {0x00000200, "\xC8\x80"},
+    {0x00000201, "\xC8\x81"},
+    {0x00000202, "\xC8\x82"},
+    {0x00000204, "\xC8\x84"},
+    {0x00000208, "\xC8\x88"},
+    {0x00000210, "\xC8\x90"},
+    {0x00000220, "\xC8\xA0"},
+    {0x00000240, "\xC9\x80"},
+    {0x00000280, "\xCA\x80"},
+    {0x00000300, "\xCC\x80"},
+    {0x000003FF, "\xCF\xBF"},
+    {0x00000400, "\xD0\x80"},
+    {0x00000401, "\xD0\x81"},
+    {0x00000402, "\xD0\x82"},
+    {0x00000404, "\xD0\x84"},
+    {0x00000408, "\xD0\x88"},
+    {0x00000410, "\xD0\x90"},
+    {0x00000420, "\xD0\xA0"},
+    {0x00000440, "\xD1\x80"},
+    {0x00000480, "\xD2\x80"},
+    {0x00000500, "\xD4\x80"},
+    {0x00000600, "\xD8\x80"},
+    {0x000007FF, "\xDF\xBF"},
+
+    {0x00000800, "\xE0\xA0\x80"},
+    {0x00000801, "\xE0\xA0\x81"},
+    {0x00000802, "\xE0\xA0\x82"},
+    {0x00000804, "\xE0\xA0\x84"},
+    {0x00000808, "\xE0\xA0\x88"},
+    {0x00000810, "\xE0\xA0\x90"},
+    {0x00000820, "\xE0\xA0\xA0"},
+    {0x00000840, "\xE0\xA1\x80"},
+    {0x00000880, "\xE0\xA2\x80"},
+    {0x00000900, "\xE0\xA4\x80"},
+    {0x00000A00, "\xE0\xA8\x80"},
+    {0x00000C00, "\xE0\xB0\x80"},
+    {0x00000FFF, "\xE0\xBF\xBF"},
+    {0x00001000, "\xE1\x80\x80"},
+    {0x00001001, "\xE1\x80\x81"},
+    {0x00001002, "\xE1\x80\x82"},
+    {0x00001004, "\xE1\x80\x84"},
+    {0x00001008, "\xE1\x80\x88"},
+    {0x00001010, "\xE1\x80\x90"},
+    {0x00001020, "\xE1\x80\xA0"},
+    {0x00001040, "\xE1\x81\x80"},
+    {0x00001080, "\xE1\x82\x80"},
+    {0x00001100, "\xE1\x84\x80"},
+    {0x00001200, "\xE1\x88\x80"},
+    {0x00001400, "\xE1\x90\x80"},
+    {0x00001800, "\xE1\xA0\x80"},
+    {0x00001FFF, "\xE1\xBF\xBF"},
+    {0x00002000, "\xE2\x80\x80"},
+    {0x00002001, "\xE2\x80\x81"},
+    {0x00002002, "\xE2\x80\x82"},
+    {0x00002004, "\xE2\x80\x84"},
+    {0x00002008, "\xE2\x80\x88"},
+    {0x00002010, "\xE2\x80\x90"},
+    {0x00002020, "\xE2\x80\xA0"},
+    {0x00002040, "\xE2\x81\x80"},
+    {0x00002080, "\xE2\x82\x80"},
+    {0x00002100, "\xE2\x84\x80"},
+    {0x00002200, "\xE2\x88\x80"},
+    {0x00002400, "\xE2\x90\x80"},
+    {0x00002800, "\xE2\xA0\x80"},
+    {0x00003000, "\xE3\x80\x80"},
+    {0x00003FFF, "\xE3\xBF\xBF"},
+    {0x00004000, "\xE4\x80\x80"},
+    {0x00004001, "\xE4\x80\x81"},
+    {0x00004002, "\xE4\x80\x82"},
+    {0x00004004, "\xE4\x80\x84"},
+    {0x00004008, "\xE4\x80\x88"},
+    {0x00004010, "\xE4\x80\x90"},
+    {0x00004020, "\xE4\x80\xA0"},
+    {0x00004040, "\xE4\x81\x80"},
+    {0x00004080, "\xE4\x82\x80"},
+    {0x00004100, "\xE4\x84\x80"},
+    {0x00004200, "\xE4\x88\x80"},
+    {0x00004400, "\xE4\x90\x80"},
+    {0x00004800, "\xE4\xA0\x80"},
+    {0x00005000, "\xE5\x80\x80"},
+    {0x00006000, "\xE6\x80\x80"},
+    {0x00007FFF, "\xE7\xBF\xBF"},
+    {0x00008000, "\xE8\x80\x80"},
+    {0x00008001, "\xE8\x80\x81"},
+    {0x00008002, "\xE8\x80\x82"},
+    {0x00008004, "\xE8\x80\x84"},
+    {0x00008008, "\xE8\x80\x88"},
+    {0x00008010, "\xE8\x80\x90"},
+    {0x00008020, "\xE8\x80\xA0"},
+    {0x00008040, "\xE8\x81\x80"},
+    {0x00008080, "\xE8\x82\x80"},
+    {0x00008100, "\xE8\x84\x80"},
+    {0x00008200, "\xE8\x88\x80"},
+    {0x00008400, "\xE8\x90\x80"},
+    {0x00008800, "\xE8\xA0\x80"},
+    {0x00009000, "\xE9\x80\x80"},
+    {0x0000A000, "\xEA\x80\x80"},
+    {0x0000C000, "\xEC\x80\x80"},
+    {0x0000FFFF, "\xEF\xBF\xBF"},
+
+    {0x00010000, "\xF0\x90\x80\x80"},
+    {0x00010001, "\xF0\x90\x80\x81"},
+    {0x00010002, "\xF0\x90\x80\x82"},
+    {0x00010004, "\xF0\x90\x80\x84"},
+    {0x00010008, "\xF0\x90\x80\x88"},
+    {0x00010010, "\xF0\x90\x80\x90"},
+    {0x00010020, "\xF0\x90\x80\xA0"},
+    {0x00010040, "\xF0\x90\x81\x80"},
+    {0x00010080, "\xF0\x90\x82\x80"},
+    {0x00010100, "\xF0\x90\x84\x80"},
+    {0x00010200, "\xF0\x90\x88\x80"},
+    {0x00010400, "\xF0\x90\x90\x80"},
+    {0x00010800, "\xF0\x90\xA0\x80"},
+    {0x00011000, "\xF0\x91\x80\x80"},
+    {0x00012000, "\xF0\x92\x80\x80"},
+    {0x00014000, "\xF0\x94\x80\x80"},
+    {0x00018000, "\xF0\x98\x80\x80"},
+    {0x0001FFFF, "\xF0\x9F\xBF\xBF"},
+    {0x00020000, "\xF0\xA0\x80\x80"},
+    {0x00020001, "\xF0\xA0\x80\x81"},
+    {0x00020002, "\xF0\xA0\x80\x82"},
+    {0x00020004, "\xF0\xA0\x80\x84"},
+    {0x00020008, "\xF0\xA0\x80\x88"},
+    {0x00020010, "\xF0\xA0\x80\x90"},
+    {0x00020020, "\xF0\xA0\x80\xA0"},
+    {0x00020040, "\xF0\xA0\x81\x80"},
+    {0x00020080, "\xF0\xA0\x82\x80"},
+    {0x00020100, "\xF0\xA0\x84\x80"},
+    {0x00020200, "\xF0\xA0\x88\x80"},
+    {0x00020400, "\xF0\xA0\x90\x80"},
+    {0x00020800, "\xF0\xA0\xA0\x80"},
+    {0x00021000, "\xF0\xA1\x80\x80"},
+    {0x00022000, "\xF0\xA2\x80\x80"},
+    {0x00024000, "\xF0\xA4\x80\x80"},
+    {0x00028000, "\xF0\xA8\x80\x80"},
+    {0x00030000, "\xF0\xB0\x80\x80"},
+    {0x0003FFFF, "\xF0\xBF\xBF\xBF"},
+    {0x00040000, "\xF1\x80\x80\x80"},
+    {0x00040001, "\xF1\x80\x80\x81"},
+    {0x00040002, "\xF1\x80\x80\x82"},
+    {0x00040004, "\xF1\x80\x80\x84"},
+    {0x00040008, "\xF1\x80\x80\x88"},
+    {0x00040010, "\xF1\x80\x80\x90"},
+    {0x00040020, "\xF1\x80\x80\xA0"},
+    {0x00040040, "\xF1\x80\x81\x80"},
+    {0x00040080, "\xF1\x80\x82\x80"},
+    {0x00040100, "\xF1\x80\x84\x80"},
+    {0x00040200, "\xF1\x80\x88\x80"},
+    {0x00040400, "\xF1\x80\x90\x80"},
+    {0x00040800, "\xF1\x80\xA0\x80"},
+    {0x00041000, "\xF1\x81\x80\x80"},
+    {0x00042000, "\xF1\x82\x80\x80"},
+    {0x00044000, "\xF1\x84\x80\x80"},
+    {0x00048000, "\xF1\x88\x80\x80"},
+    {0x00050000, "\xF1\x90\x80\x80"},
+    {0x00060000, "\xF1\xA0\x80\x80"},
+    {0x0007FFFF, "\xF1\xBF\xBF\xBF"},
+    {0x00080000, "\xF2\x80\x80\x80"},
+    {0x00080001, "\xF2\x80\x80\x81"},
+    {0x00080002, "\xF2\x80\x80\x82"},
+    {0x00080004, "\xF2\x80\x80\x84"},
+    {0x00080008, "\xF2\x80\x80\x88"},
+    {0x00080010, "\xF2\x80\x80\x90"},
+    {0x00080020, "\xF2\x80\x80\xA0"},
+    {0x00080040, "\xF2\x80\x81\x80"},
+    {0x00080080, "\xF2\x80\x82\x80"},
+    {0x00080100, "\xF2\x80\x84\x80"},
+    {0x00080200, "\xF2\x80\x88\x80"},
+    {0x00080400, "\xF2\x80\x90\x80"},
+    {0x00080800, "\xF2\x80\xA0\x80"},
+    {0x00081000, "\xF2\x81\x80\x80"},
+    {0x00082000, "\xF2\x82\x80\x80"},
+    {0x00084000, "\xF2\x84\x80\x80"},
+    {0x00088000, "\xF2\x88\x80\x80"},
+    {0x00090000, "\xF2\x90\x80\x80"},
+    {0x000A0000, "\xF2\xA0\x80\x80"},
+    {0x000C0000, "\xF3\x80\x80\x80"},
+    {0x000FFFFF, "\xF3\xBF\xBF\xBF"},
+    {0x00100000, "\xF4\x80\x80\x80"},
+    {0x00100001, "\xF4\x80\x80\x81"},
+    {0x00100002, "\xF4\x80\x80\x82"},
+    {0x00100004, "\xF4\x80\x80\x84"},
+    {0x00100008, "\xF4\x80\x80\x88"},
+    {0x00100010, "\xF4\x80\x80\x90"},
+    {0x00100020, "\xF4\x80\x80\xA0"},
+    {0x00100040, "\xF4\x80\x81\x80"},
+    {0x00100080, "\xF4\x80\x82\x80"},
+    {0x00100100, "\xF4\x80\x84\x80"},
+    {0x00100200, "\xF4\x80\x88\x80"},
+    {0x00100400, "\xF4\x80\x90\x80"},
+    {0x00100800, "\xF4\x80\xA0\x80"},
+    {0x00101000, "\xF4\x81\x80\x80"},
+    {0x00102000, "\xF4\x82\x80\x80"},
+    {0x00104000, "\xF4\x84\x80\x80"},
+    {0x00108000, "\xF4\x88\x80\x80"},
+    {0x0010FFFF, "\xF4\x8F\xBF\xBF"},
+};
+
+// UCS-2 <-> UTF-8 cases (divided into ISO-8859-1 vs. not).
+
+const Ucs2Case kIso88591Cases[] = {
+    {0x0001, "\x01"},     {0x0002, "\x02"},     {0x0003, "\x03"},
+    {0x0004, "\x04"},     {0x0007, "\x07"},     {0x0008, "\x08"},
+    {0x000F, "\x0F"},     {0x0010, "\x10"},     {0x001F, "\x1F"},
+    {0x0020, "\x20"},     {0x003F, "\x3F"},     {0x0040, "\x40"},
+    {0x007F, "\x7F"},
+
+    {0x0080, "\xC2\x80"}, {0x0081, "\xC2\x81"}, {0x0082, "\xC2\x82"},
+    {0x0084, "\xC2\x84"}, {0x0088, "\xC2\x88"}, {0x0090, "\xC2\x90"},
+    {0x00A0, "\xC2\xA0"}, {0x00C0, "\xC3\x80"}, {0x00FF, "\xC3\xBF"},
+};
+
+const Ucs2Case kUcs2Cases[] = {
+    {0x0100, "\xC4\x80"},     {0x0101, "\xC4\x81"},
+    {0x0102, "\xC4\x82"},     {0x0104, "\xC4\x84"},
+    {0x0108, "\xC4\x88"},     {0x0110, "\xC4\x90"},
+    {0x0120, "\xC4\xA0"},     {0x0140, "\xC5\x80"},
+    {0x0180, "\xC6\x80"},     {0x01FF, "\xC7\xBF"},
+    {0x0200, "\xC8\x80"},     {0x0201, "\xC8\x81"},
+    {0x0202, "\xC8\x82"},     {0x0204, "\xC8\x84"},
+    {0x0208, "\xC8\x88"},     {0x0210, "\xC8\x90"},
+    {0x0220, "\xC8\xA0"},     {0x0240, "\xC9\x80"},
+    {0x0280, "\xCA\x80"},     {0x0300, "\xCC\x80"},
+    {0x03FF, "\xCF\xBF"},     {0x0400, "\xD0\x80"},
+    {0x0401, "\xD0\x81"},     {0x0402, "\xD0\x82"},
+    {0x0404, "\xD0\x84"},     {0x0408, "\xD0\x88"},
+    {0x0410, "\xD0\x90"},     {0x0420, "\xD0\xA0"},
+    {0x0440, "\xD1\x80"},     {0x0480, "\xD2\x80"},
+    {0x0500, "\xD4\x80"},     {0x0600, "\xD8\x80"},
+    {0x07FF, "\xDF\xBF"},
+
+    {0x0800, "\xE0\xA0\x80"}, {0x0801, "\xE0\xA0\x81"},
+    {0x0802, "\xE0\xA0\x82"}, {0x0804, "\xE0\xA0\x84"},
+    {0x0808, "\xE0\xA0\x88"}, {0x0810, "\xE0\xA0\x90"},
+    {0x0820, "\xE0\xA0\xA0"}, {0x0840, "\xE0\xA1\x80"},
+    {0x0880, "\xE0\xA2\x80"}, {0x0900, "\xE0\xA4\x80"},
+    {0x0A00, "\xE0\xA8\x80"}, {0x0C00, "\xE0\xB0\x80"},
+    {0x0FFF, "\xE0\xBF\xBF"}, {0x1000, "\xE1\x80\x80"},
+    {0x1001, "\xE1\x80\x81"}, {0x1002, "\xE1\x80\x82"},
+    {0x1004, "\xE1\x80\x84"}, {0x1008, "\xE1\x80\x88"},
+    {0x1010, "\xE1\x80\x90"}, {0x1020, "\xE1\x80\xA0"},
+    {0x1040, "\xE1\x81\x80"}, {0x1080, "\xE1\x82\x80"},
+    {0x1100, "\xE1\x84\x80"}, {0x1200, "\xE1\x88\x80"},
+    {0x1400, "\xE1\x90\x80"}, {0x1800, "\xE1\xA0\x80"},
+    {0x1FFF, "\xE1\xBF\xBF"}, {0x2000, "\xE2\x80\x80"},
+    {0x2001, "\xE2\x80\x81"}, {0x2002, "\xE2\x80\x82"},
+    {0x2004, "\xE2\x80\x84"}, {0x2008, "\xE2\x80\x88"},
+    {0x2010, "\xE2\x80\x90"}, {0x2020, "\xE2\x80\xA0"},
+    {0x2040, "\xE2\x81\x80"}, {0x2080, "\xE2\x82\x80"},
+    {0x2100, "\xE2\x84\x80"}, {0x2200, "\xE2\x88\x80"},
+    {0x2400, "\xE2\x90\x80"}, {0x2800, "\xE2\xA0\x80"},
+    {0x3000, "\xE3\x80\x80"}, {0x3FFF, "\xE3\xBF\xBF"},
+    {0x4000, "\xE4\x80\x80"}, {0x4001, "\xE4\x80\x81"},
+    {0x4002, "\xE4\x80\x82"}, {0x4004, "\xE4\x80\x84"},
+    {0x4008, "\xE4\x80\x88"}, {0x4010, "\xE4\x80\x90"},
+    {0x4020, "\xE4\x80\xA0"}, {0x4040, "\xE4\x81\x80"},
+    {0x4080, "\xE4\x82\x80"}, {0x4100, "\xE4\x84\x80"},
+    {0x4200, "\xE4\x88\x80"}, {0x4400, "\xE4\x90\x80"},
+    {0x4800, "\xE4\xA0\x80"}, {0x5000, "\xE5\x80\x80"},
+    {0x6000, "\xE6\x80\x80"}, {0x7FFF, "\xE7\xBF\xBF"},
+    {0x8000, "\xE8\x80\x80"}, {0x8001, "\xE8\x80\x81"},
+    {0x8002, "\xE8\x80\x82"}, {0x8004, "\xE8\x80\x84"},
+    {0x8008, "\xE8\x80\x88"}, {0x8010, "\xE8\x80\x90"},
+    {0x8020, "\xE8\x80\xA0"}, {0x8040, "\xE8\x81\x80"},
+    {0x8080, "\xE8\x82\x80"}, {0x8100, "\xE8\x84\x80"},
+    {0x8200, "\xE8\x88\x80"}, {0x8400, "\xE8\x90\x80"},
+    {0x8800, "\xE8\xA0\x80"}, {0x9000, "\xE9\x80\x80"},
+    {0xA000, "\xEA\x80\x80"}, {0xC000, "\xEC\x80\x80"},
+    {0xFB01, "\xEF\xAC\x81"}, {0xFFFF, "\xEF\xBF\xBF"}};
+
+// UTF-16 <-> UCS-4 cases
+
+const Utf16Case kUtf16Cases[] = {{0x00010000, {0xD800, 0xDC00}},
+                                 {0x00010001, {0xD800, 0xDC01}},
+                                 {0x00010002, {0xD800, 0xDC02}},
+                                 {0x00010003, {0xD800, 0xDC03}},
+                                 {0x00010004, {0xD800, 0xDC04}},
+                                 {0x00010007, {0xD800, 0xDC07}},
+                                 {0x00010008, {0xD800, 0xDC08}},
+                                 {0x0001000F, {0xD800, 0xDC0F}},
+                                 {0x00010010, {0xD800, 0xDC10}},
+                                 {0x0001001F, {0xD800, 0xDC1F}},
+                                 {0x00010020, {0xD800, 0xDC20}},
+                                 {0x0001003F, {0xD800, 0xDC3F}},
+                                 {0x00010040, {0xD800, 0xDC40}},
+                                 {0x0001007F, {0xD800, 0xDC7F}},
+                                 {0x00010080, {0xD800, 0xDC80}},
+                                 {0x00010081, {0xD800, 0xDC81}},
+                                 {0x00010082, {0xD800, 0xDC82}},
+                                 {0x00010084, {0xD800, 0xDC84}},
+                                 {0x00010088, {0xD800, 0xDC88}},
+                                 {0x00010090, {0xD800, 0xDC90}},
+                                 {0x000100A0, {0xD800, 0xDCA0}},
+                                 {0x000100C0, {0xD800, 0xDCC0}},
+                                 {0x000100FF, {0xD800, 0xDCFF}},
+                                 {0x00010100, {0xD800, 0xDD00}},
+                                 {0x00010101, {0xD800, 0xDD01}},
+                                 {0x00010102, {0xD800, 0xDD02}},
+                                 {0x00010104, {0xD800, 0xDD04}},
+                                 {0x00010108, {0xD800, 0xDD08}},
+                                 {0x00010110, {0xD800, 0xDD10}},
+                                 {0x00010120, {0xD800, 0xDD20}},
+                                 {0x00010140, {0xD800, 0xDD40}},
+                                 {0x00010180, {0xD800, 0xDD80}},
+                                 {0x000101FF, {0xD800, 0xDDFF}},
+                                 {0x00010200, {0xD800, 0xDE00}},
+                                 {0x00010201, {0xD800, 0xDE01}},
+                                 {0x00010202, {0xD800, 0xDE02}},
+                                 {0x00010204, {0xD800, 0xDE04}},
+                                 {0x00010208, {0xD800, 0xDE08}},
+                                 {0x00010210, {0xD800, 0xDE10}},
+                                 {0x00010220, {0xD800, 0xDE20}},
+                                 {0x00010240, {0xD800, 0xDE40}},
+                                 {0x00010280, {0xD800, 0xDE80}},
+                                 {0x00010300, {0xD800, 0xDF00}},
+                                 {0x000103FF, {0xD800, 0xDFFF}},
+                                 {0x00010400, {0xD801, 0xDC00}},
+                                 {0x00010401, {0xD801, 0xDC01}},
+                                 {0x00010402, {0xD801, 0xDC02}},
+                                 {0x00010404, {0xD801, 0xDC04}},
+                                 {0x00010408, {0xD801, 0xDC08}},
+                                 {0x00010410, {0xD801, 0xDC10}},
+                                 {0x00010420, {0xD801, 0xDC20}},
+                                 {0x00010440, {0xD801, 0xDC40}},
+                                 {0x00010480, {0xD801, 0xDC80}},
+                                 {0x00010500, {0xD801, 0xDD00}},
+                                 {0x00010600, {0xD801, 0xDE00}},
+                                 {0x000107FF, {0xD801, 0xDFFF}},
+                                 {0x00010800, {0xD802, 0xDC00}},
+                                 {0x00010801, {0xD802, 0xDC01}},
+                                 {0x00010802, {0xD802, 0xDC02}},
+                                 {0x00010804, {0xD802, 0xDC04}},
+                                 {0x00010808, {0xD802, 0xDC08}},
+                                 {0x00010810, {0xD802, 0xDC10}},
+                                 {0x00010820, {0xD802, 0xDC20}},
+                                 {0x00010840, {0xD802, 0xDC40}},
+                                 {0x00010880, {0xD802, 0xDC80}},
+                                 {0x00010900, {0xD802, 0xDD00}},
+                                 {0x00010A00, {0xD802, 0xDE00}},
+                                 {0x00010C00, {0xD803, 0xDC00}},
+                                 {0x00010FFF, {0xD803, 0xDFFF}},
+                                 {0x00011000, {0xD804, 0xDC00}},
+                                 {0x00011001, {0xD804, 0xDC01}},
+                                 {0x00011002, {0xD804, 0xDC02}},
+                                 {0x00011004, {0xD804, 0xDC04}},
+                                 {0x00011008, {0xD804, 0xDC08}},
+                                 {0x00011010, {0xD804, 0xDC10}},
+                                 {0x00011020, {0xD804, 0xDC20}},
+                                 {0x00011040, {0xD804, 0xDC40}},
+                                 {0x00011080, {0xD804, 0xDC80}},
+                                 {0x00011100, {0xD804, 0xDD00}},
+                                 {0x00011200, {0xD804, 0xDE00}},
+                                 {0x00011400, {0xD805, 0xDC00}},
+                                 {0x00011800, {0xD806, 0xDC00}},
+                                 {0x00011FFF, {0xD807, 0xDFFF}},
+                                 {0x00012000, {0xD808, 0xDC00}},
+                                 {0x00012001, {0xD808, 0xDC01}},
+                                 {0x00012002, {0xD808, 0xDC02}},
+                                 {0x00012004, {0xD808, 0xDC04}},
+                                 {0x00012008, {0xD808, 0xDC08}},
+                                 {0x00012010, {0xD808, 0xDC10}},
+                                 {0x00012020, {0xD808, 0xDC20}},
+                                 {0x00012040, {0xD808, 0xDC40}},
+                                 {0x00012080, {0xD808, 0xDC80}},
+                                 {0x00012100, {0xD808, 0xDD00}},
+                                 {0x00012200, {0xD808, 0xDE00}},
+                                 {0x00012400, {0xD809, 0xDC00}},
+                                 {0x00012800, {0xD80A, 0xDC00}},
+                                 {0x00013000, {0xD80C, 0xDC00}},
+                                 {0x00013FFF, {0xD80F, 0xDFFF}},
+                                 {0x00014000, {0xD810, 0xDC00}},
+                                 {0x00014001, {0xD810, 0xDC01}},
+                                 {0x00014002, {0xD810, 0xDC02}},
+                                 {0x00014004, {0xD810, 0xDC04}},
+                                 {0x00014008, {0xD810, 0xDC08}},
+                                 {0x00014010, {0xD810, 0xDC10}},
+                                 {0x00014020, {0xD810, 0xDC20}},
+                                 {0x00014040, {0xD810, 0xDC40}},
+                                 {0x00014080, {0xD810, 0xDC80}},
+                                 {0x00014100, {0xD810, 0xDD00}},
+                                 {0x00014200, {0xD810, 0xDE00}},
+                                 {0x00014400, {0xD811, 0xDC00}},
+                                 {0x00014800, {0xD812, 0xDC00}},
+                                 {0x00015000, {0xD814, 0xDC00}},
+                                 {0x00016000, {0xD818, 0xDC00}},
+                                 {0x00017FFF, {0xD81F, 0xDFFF}},
+                                 {0x00018000, {0xD820, 0xDC00}},
+                                 {0x00018001, {0xD820, 0xDC01}},
+                                 {0x00018002, {0xD820, 0xDC02}},
+                                 {0x00018004, {0xD820, 0xDC04}},
+                                 {0x00018008, {0xD820, 0xDC08}},
+                                 {0x00018010, {0xD820, 0xDC10}},
+                                 {0x00018020, {0xD820, 0xDC20}},
+                                 {0x00018040, {0xD820, 0xDC40}},
+                                 {0x00018080, {0xD820, 0xDC80}},
+                                 {0x00018100, {0xD820, 0xDD00}},
+                                 {0x00018200, {0xD820, 0xDE00}},
+                                 {0x00018400, {0xD821, 0xDC00}},
+                                 {0x00018800, {0xD822, 0xDC00}},
+                                 {0x00019000, {0xD824, 0xDC00}},
+                                 {0x0001A000, {0xD828, 0xDC00}},
+                                 {0x0001C000, {0xD830, 0xDC00}},
+                                 {0x0001FFFF, {0xD83F, 0xDFFF}},
+                                 {0x00020000, {0xD840, 0xDC00}},
+                                 {0x00020001, {0xD840, 0xDC01}},
+                                 {0x00020002, {0xD840, 0xDC02}},
+                                 {0x00020004, {0xD840, 0xDC04}},
+                                 {0x00020008, {0xD840, 0xDC08}},
+                                 {0x00020010, {0xD840, 0xDC10}},
+                                 {0x00020020, {0xD840, 0xDC20}},
+                                 {0x00020040, {0xD840, 0xDC40}},
+                                 {0x00020080, {0xD840, 0xDC80}},
+                                 {0x00020100, {0xD840, 0xDD00}},
+                                 {0x00020200, {0xD840, 0xDE00}},
+                                 {0x00020400, {0xD841, 0xDC00}},
+                                 {0x00020800, {0xD842, 0xDC00}},
+                                 {0x00021000, {0xD844, 0xDC00}},
+                                 {0x00022000, {0xD848, 0xDC00}},
+                                 {0x00024000, {0xD850, 0xDC00}},
+                                 {0x00028000, {0xD860, 0xDC00}},
+                                 {0x0002FFFF, {0xD87F, 0xDFFF}},
+                                 {0x00030000, {0xD880, 0xDC00}},
+                                 {0x00030001, {0xD880, 0xDC01}},
+                                 {0x00030002, {0xD880, 0xDC02}},
+                                 {0x00030004, {0xD880, 0xDC04}},
+                                 {0x00030008, {0xD880, 0xDC08}},
+                                 {0x00030010, {0xD880, 0xDC10}},
+                                 {0x00030020, {0xD880, 0xDC20}},
+                                 {0x00030040, {0xD880, 0xDC40}},
+                                 {0x00030080, {0xD880, 0xDC80}},
+                                 {0x00030100, {0xD880, 0xDD00}},
+                                 {0x00030200, {0xD880, 0xDE00}},
+                                 {0x00030400, {0xD881, 0xDC00}},
+                                 {0x00030800, {0xD882, 0xDC00}},
+                                 {0x00031000, {0xD884, 0xDC00}},
+                                 {0x00032000, {0xD888, 0xDC00}},
+                                 {0x00034000, {0xD890, 0xDC00}},
+                                 {0x00038000, {0xD8A0, 0xDC00}},
+                                 {0x0003FFFF, {0xD8BF, 0xDFFF}},
+                                 {0x00040000, {0xD8C0, 0xDC00}},
+                                 {0x00040001, {0xD8C0, 0xDC01}},
+                                 {0x00040002, {0xD8C0, 0xDC02}},
+                                 {0x00040004, {0xD8C0, 0xDC04}},
+                                 {0x00040008, {0xD8C0, 0xDC08}},
+                                 {0x00040010, {0xD8C0, 0xDC10}},
+                                 {0x00040020, {0xD8C0, 0xDC20}},
+                                 {0x00040040, {0xD8C0, 0xDC40}},
+                                 {0x00040080, {0xD8C0, 0xDC80}},
+                                 {0x00040100, {0xD8C0, 0xDD00}},
+                                 {0x00040200, {0xD8C0, 0xDE00}},
+                                 {0x00040400, {0xD8C1, 0xDC00}},
+                                 {0x00040800, {0xD8C2, 0xDC00}},
+                                 {0x00041000, {0xD8C4, 0xDC00}},
+                                 {0x00042000, {0xD8C8, 0xDC00}},
+                                 {0x00044000, {0xD8D0, 0xDC00}},
+                                 {0x00048000, {0xD8E0, 0xDC00}},
+                                 {0x0004FFFF, {0xD8FF, 0xDFFF}},
+                                 {0x00050000, {0xD900, 0xDC00}},
+                                 {0x00050001, {0xD900, 0xDC01}},
+                                 {0x00050002, {0xD900, 0xDC02}},
+                                 {0x00050004, {0xD900, 0xDC04}},
+                                 {0x00050008, {0xD900, 0xDC08}},
+                                 {0x00050010, {0xD900, 0xDC10}},
+                                 {0x00050020, {0xD900, 0xDC20}},
+                                 {0x00050040, {0xD900, 0xDC40}},
+                                 {0x00050080, {0xD900, 0xDC80}},
+                                 {0x00050100, {0xD900, 0xDD00}},
+                                 {0x00050200, {0xD900, 0xDE00}},
+                                 {0x00050400, {0xD901, 0xDC00}},
+                                 {0x00050800, {0xD902, 0xDC00}},
+                                 {0x00051000, {0xD904, 0xDC00}},
+                                 {0x00052000, {0xD908, 0xDC00}},
+                                 {0x00054000, {0xD910, 0xDC00}},
+                                 {0x00058000, {0xD920, 0xDC00}},
+                                 {0x00060000, {0xD940, 0xDC00}},
+                                 {0x00070000, {0xD980, 0xDC00}},
+                                 {0x0007FFFF, {0xD9BF, 0xDFFF}},
+                                 {0x00080000, {0xD9C0, 0xDC00}},
+                                 {0x00080001, {0xD9C0, 0xDC01}},
+                                 {0x00080002, {0xD9C0, 0xDC02}},
+                                 {0x00080004, {0xD9C0, 0xDC04}},
+                                 {0x00080008, {0xD9C0, 0xDC08}},
+                                 {0x00080010, {0xD9C0, 0xDC10}},
+                                 {0x00080020, {0xD9C0, 0xDC20}},
+                                 {0x00080040, {0xD9C0, 0xDC40}},
+                                 {0x00080080, {0xD9C0, 0xDC80}},
+                                 {0x00080100, {0xD9C0, 0xDD00}},
+                                 {0x00080200, {0xD9C0, 0xDE00}},
+                                 {0x00080400, {0xD9C1, 0xDC00}},
+                                 {0x00080800, {0xD9C2, 0xDC00}},
+                                 {0x00081000, {0xD9C4, 0xDC00}},
+                                 {0x00082000, {0xD9C8, 0xDC00}},
+                                 {0x00084000, {0xD9D0, 0xDC00}},
+                                 {0x00088000, {0xD9E0, 0xDC00}},
+                                 {0x0008FFFF, {0xD9FF, 0xDFFF}},
+                                 {0x00090000, {0xDA00, 0xDC00}},
+                                 {0x00090001, {0xDA00, 0xDC01}},
+                                 {0x00090002, {0xDA00, 0xDC02}},
+                                 {0x00090004, {0xDA00, 0xDC04}},
+                                 {0x00090008, {0xDA00, 0xDC08}},
+                                 {0x00090010, {0xDA00, 0xDC10}},
+                                 {0x00090020, {0xDA00, 0xDC20}},
+                                 {0x00090040, {0xDA00, 0xDC40}},
+                                 {0x00090080, {0xDA00, 0xDC80}},
+                                 {0x00090100, {0xDA00, 0xDD00}},
+                                 {0x00090200, {0xDA00, 0xDE00}},
+                                 {0x00090400, {0xDA01, 0xDC00}},
+                                 {0x00090800, {0xDA02, 0xDC00}},
+                                 {0x00091000, {0xDA04, 0xDC00}},
+                                 {0x00092000, {0xDA08, 0xDC00}},
+                                 {0x00094000, {0xDA10, 0xDC00}},
+                                 {0x00098000, {0xDA20, 0xDC00}},
+                                 {0x000A0000, {0xDA40, 0xDC00}},
+                                 {0x000B0000, {0xDA80, 0xDC00}},
+                                 {0x000C0000, {0xDAC0, 0xDC00}},
+                                 {0x000D0000, {0xDB00, 0xDC00}},
+                                 {0x000FFFFF, {0xDBBF, 0xDFFF}},
+                                 {0x0010FFFF, {0xDBFF, 0xDFFF}}
+
+};
+
+// Invalid UTF-8 sequences
+
+const char *const kUtf8BadCases[] = {
+    "\xC0\x80",
+    "\xC1\xBF",
+    "\xE0\x80\x80",
+    "\xE0\x9F\xBF",
+    "\xF0\x80\x80\x80",
+    "\xF0\x8F\xBF\xBF",
+    "\xF4\x90\x80\x80",
+    "\xF7\xBF\xBF\xBF",
+    "\xF8\x80\x80\x80\x80",
+    "\xF8\x88\x80\x80\x80",
+    "\xF8\x92\x80\x80\x80",
+    "\xF8\x9F\xBF\xBF\xBF",
+    "\xF8\xA0\x80\x80\x80",
+    "\xF8\xA8\x80\x80\x80",
+    "\xF8\xB0\x80\x80\x80",
+    "\xF8\xBF\xBF\xBF\xBF",
+    "\xF9\x80\x80\x80\x88",
+    "\xF9\x84\x80\x80\x80",
+    "\xF9\xBF\xBF\xBF\xBF",
+    "\xFA\x80\x80\x80\x80",
+    "\xFA\x90\x80\x80\x80",
+    "\xFB\xBF\xBF\xBF\xBF",
+    "\xFC\x84\x80\x80\x80\x81",
+    "\xFC\x85\x80\x80\x80\x80",
+    "\xFC\x86\x80\x80\x80\x80",
+    "\xFC\x87\xBF\xBF\xBF\xBF",
+    "\xFC\x88\xA0\x80\x80\x80",
+    "\xFC\x89\x80\x80\x80\x80",
+    "\xFC\x8A\x80\x80\x80\x80",
+    "\xFC\x90\x80\x80\x80\x82",
+    "\xFD\x80\x80\x80\x80\x80",
+    "\xFD\xBF\xBF\xBF\xBF\xBF",
+    "\x80",
+    "\xC3",
+    "\xC3\xC3\x80",
+    "\xED\xA0\x80",
+    "\xED\xBF\x80",
+    "\xED\xBF\xBF",
+    "\xED\xA0\x80\xE0\xBF\xBF",
+};
+
+// Invalid UTF-16 sequences (0-terminated)
+
+const Utf16BadCase kUtf16BadCases[] = {
+    // Leading surrogate not followed by trailing surrogate:
+    {{0xD800, 0, 0}},      {{0xD800, 0x41, 0}},   {{0xD800, 0xfe, 0}},
+    {{0xD800, 0x3bb, 0}},  {{0xD800, 0xD800, 0}}, {{0xD800, 0xFEFF, 0}},
+    {{0xD800, 0xFFFD, 0}},
+};
+
+// Parameterized test instantiations:
+
+INSTANTIATE_TEST_CASE_P(Ucs4TestCases, Ucs4Test,
+                        ::testing::ValuesIn(kUcs4Cases));
+
+INSTANTIATE_TEST_CASE_P(Iso88591TestCases, Ucs2Test,
+                        ::testing::ValuesIn(kIso88591Cases));
+
+INSTANTIATE_TEST_CASE_P(Ucs2TestCases, Ucs2Test,
+                        ::testing::ValuesIn(kUcs2Cases));
+
+INSTANTIATE_TEST_CASE_P(Utf16TestCases, Utf16Test,
+                        ::testing::ValuesIn(kUtf16Cases));
+
+INSTANTIATE_TEST_CASE_P(BadUtf8TestCases, BadUtf8Test,
+                        ::testing::ValuesIn(kUtf8BadCases));
+
+INSTANTIATE_TEST_CASE_P(BadUtf16TestCases, BadUtf16Test,
+                        ::testing::ValuesIn(kUtf16BadCases));
+
+INSTANTIATE_TEST_CASE_P(Iso88591TestCases, Iso88591Test,
+                        ::testing::ValuesIn(kIso88591Cases));
+;
+
+}  // namespace nss_test
diff --git a/nss/fuzz/.clang-format b/nss/fuzz/.clang-format
new file mode 100644
index 0000000..06e3c51
--- /dev/null
+++ b/nss/fuzz/.clang-format
@@ -0,0 +1,4 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+...
diff --git a/nss/fuzz/asn1_mutators.cc b/nss/fuzz/asn1_mutators.cc
new file mode 100644
index 0000000..12d8c37
--- /dev/null
+++ b/nss/fuzz/asn1_mutators.cc
@@ -0,0 +1,122 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <assert.h>
+#include <string.h>
+#include <random>
+#include <tuple>
+
+#include "asn1_mutators.h"
+
+using namespace std;
+
+static tuple<uint8_t *, size_t> ParseItem(uint8_t *Data, size_t MaxLength) {
+  // Short form. Bit 8 has value "0" and bits 7-1 give the length.
+  if ((Data[1] & 0x80) == 0) {
+    size_t length = min(static_cast<size_t>(Data[1]), MaxLength - 2);
+    return make_tuple(&Data[2], length);
+  }
+
+  // Constructed, indefinite length. Read until {0x00, 0x00}.
+  if (Data[1] == 0x80) {
+    void *offset = memmem(&Data[2], MaxLength - 2, "\0", 2);
+    size_t length = offset ? (static_cast<uint8_t *>(offset) - &Data[2]) + 2
+                           : MaxLength - 2;
+    return make_tuple(&Data[2], length);
+  }
+
+  // Long form. Two to 127 octets. Bit 8 of first octet has value "1"
+  // and bits 7-1 give the number of additional length octets.
+  size_t octets = min(static_cast<size_t>(Data[1] & 0x7f), MaxLength - 2);
+
+  // Handle lengths bigger than 32 bits.
+  if (octets > 4) {
+    // Ignore any further children, assign remaining length.
+    return make_tuple(&Data[2] + octets, MaxLength - 2 - octets);
+  }
+
+  // Parse the length.
+  size_t length = 0;
+  for (size_t j = 0; j < octets; j++) {
+    length = (length << 8) | Data[2 + j];
+  }
+
+  length = min(length, MaxLength - 2 - octets);
+  return make_tuple(&Data[2] + octets, length);
+}
+
+static vector<uint8_t *> ParseItems(uint8_t *Data, size_t Size) {
+  vector<uint8_t *> items;
+  vector<size_t> lengths;
+
+  // The first item is always the whole corpus.
+  items.push_back(Data);
+  lengths.push_back(Size);
+
+  // Can't use iterators here because the `items` vector is modified inside the
+  // loop. That's safe as long as we always check `items.size()` before every
+  // iteration, and only call `.push_back()` to append new items we found.
+  // Items are accessed through `items.at()`, we hold no references.
+  for (size_t i = 0; i < items.size(); i++) {
+    uint8_t *item = items.at(i);
+    size_t remaining = lengths.at(i);
+
+    // Empty or primitive items have no children.
+    if (remaining == 0 || (0x20 & item[0]) == 0) {
+      continue;
+    }
+
+    while (remaining > 2) {
+      uint8_t *content;
+      size_t length;
+
+      tie(content, length) = ParseItem(item, remaining);
+
+      if (length > 0) {
+        // Record the item.
+        items.push_back(content);
+
+        // Record the length for further parsing.
+        lengths.push_back(length);
+      }
+
+      // Reduce number of bytes left in current item.
+      remaining -= length + (content - item);
+
+      // Skip the item we just parsed.
+      item = content + length;
+    }
+  }
+
+  return items;
+}
+
+size_t ASN1MutatorFlipConstructed(uint8_t *Data, size_t Size, size_t MaxSize,
+                                  unsigned int Seed) {
+  auto items = ParseItems(Data, Size);
+
+  std::mt19937 rng(Seed);
+  std::uniform_int_distribution<size_t> dist(0, items.size() - 1);
+  uint8_t *item = items.at(dist(rng));
+
+  // Flip "constructed" type bit.
+  item[0] ^= 0x20;
+
+  return Size;
+}
+
+size_t ASN1MutatorChangeType(uint8_t *Data, size_t Size, size_t MaxSize,
+                             unsigned int Seed) {
+  auto items = ParseItems(Data, Size);
+
+  std::mt19937 rng(Seed);
+  std::uniform_int_distribution<size_t> dist(0, items.size() - 1);
+  uint8_t *item = items.at(dist(rng));
+
+  // Change type to a random int [0, 30].
+  static std::uniform_int_distribution<size_t> tdist(0, 30);
+  item[0] = tdist(rng);
+
+  return Size;
+}
diff --git a/nss/fuzz/asn1_mutators.h b/nss/fuzz/asn1_mutators.h
new file mode 100644
index 0000000..8bf02d4
--- /dev/null
+++ b/nss/fuzz/asn1_mutators.h
@@ -0,0 +1,16 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef asn1_mutators_h__
+#define asn1_mutators_h__
+
+#include <stdint.h>
+#include <cstddef>
+
+size_t ASN1MutatorFlipConstructed(uint8_t *Data, size_t Size, size_t MaxSize,
+                                  unsigned int Seed);
+size_t ASN1MutatorChangeType(uint8_t *Data, size_t Size, size_t MaxSize,
+                             unsigned int Seed);
+
+#endif  // asn1_mutators_h__
diff --git a/nss/fuzz/certDN.options b/nss/fuzz/certDN.options
new file mode 100644
index 0000000..635be52
--- /dev/null
+++ b/nss/fuzz/certDN.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 4096
+
diff --git a/nss/fuzz/certDN_target.cc b/nss/fuzz/certDN_target.cc
new file mode 100644
index 0000000..264880a
--- /dev/null
+++ b/nss/fuzz/certDN_target.cc
@@ -0,0 +1,45 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <string>
+
+#include "shared.h"
+
+#define TEST_FUNCTION(f) \
+  out = f(certName);     \
+  free(out);
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  std::string name(data, data + size);
+
+  assert(SECOID_Init() == SECSuccess);
+
+  CERTName* certName = CERT_AsciiToName(name.c_str());
+  if (certName) {
+    char* out;
+    TEST_FUNCTION(CERT_NameToAscii)
+    TEST_FUNCTION(CERT_GetCertEmailAddress)
+
+    // These functions call CERT_GetNameElement with different OIDs.
+    // Unfotunately CERT_GetNameElement is not accesible from here.
+    TEST_FUNCTION(CERT_GetCertUid)
+    TEST_FUNCTION(CERT_GetCommonName)
+    TEST_FUNCTION(CERT_GetCountryName)
+    TEST_FUNCTION(CERT_GetDomainComponentName)
+    TEST_FUNCTION(CERT_GetLocalityName)
+    TEST_FUNCTION(CERT_GetOrgName)
+    TEST_FUNCTION(CERT_GetOrgUnitName)
+    TEST_FUNCTION(CERT_GetStateName)
+
+    out = CERT_NameToAsciiInvertible(certName, CERT_N2A_READABLE);
+    free(out);
+    out = CERT_NameToAsciiInvertible(certName, CERT_N2A_STRICT);
+    free(out);
+    out = CERT_NameToAsciiInvertible(certName, CERT_N2A_INVERTIBLE);
+    free(out);
+  }
+  CERT_DestroyName(certName);
+
+  return 0;
+}
diff --git a/nss/fuzz/clone_corpus.sh b/nss/fuzz/clone_corpus.sh
new file mode 100755
index 0000000..9c17d20
--- /dev/null
+++ b/nss/fuzz/clone_corpus.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+d=$(dirname $0)
+$d/git-copy.sh https://github.com/mozilla/nss-fuzzing-corpus master $d/corpus
diff --git a/nss/fuzz/clone_libfuzzer.sh b/nss/fuzz/clone_libfuzzer.sh
new file mode 100755
index 0000000..9b9e096
--- /dev/null
+++ b/nss/fuzz/clone_libfuzzer.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+d=$(dirname $0)
+$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer b96a41ac6bbc3824fc7c7977662bebacac8f0983 $d/libFuzzer
+
+# [https://llvm.org/bugs/show_bug.cgi?id=31318]
+# This prevents a known buffer overrun that won't be fixed as the affected code
+# will go away in the near future. Until that is we have to patch it as we seem
+# to constantly run into it.
+cat <<EOF | patch -p0 -d $d
+diff --git libFuzzer/FuzzerLoop.cpp libFuzzer/FuzzerLoop.cpp
+--- libFuzzer/FuzzerLoop.cpp
++++ libFuzzer/FuzzerLoop.cpp
+@@ -476,6 +476,9 @@
+   uint8_t dummy;
+   ExecuteCallback(&dummy, 0);
+
++  // Number of counters might have changed.
++  PrepareCounters(&MaxCoverage);
++
+   for (const auto &U : *InitialCorpus) {
+     if (size_t NumFeatures = RunOne(U)) {
+       CheckExitOnSrcPosOrItem();
+EOF
+
+# Latest Libfuzzer uses __sanitizer_dump_coverage(), a symbol to be introduced
+# with LLVM 4.0. To keep our code working with LLVM 3.x to simplify development
+# of fuzzers we'll just provide it ourselves.
+cat <<EOF | patch -p0 -d $d
+diff --git libFuzzer/FuzzerTracePC.cpp libFuzzer/FuzzerTracePC.cpp
+--- libFuzzer/FuzzerTracePC.cpp
++++ libFuzzer/FuzzerTracePC.cpp
+@@ -33,6 +33,12 @@
+ ATTRIBUTE_INTERFACE
+ uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];
+
++#if defined(__clang_major__) && (__clang_major__ == 3)
++void __sanitizer_dump_coverage(const uintptr_t *pcs, uintptr_t len) {
++  // SanCov in LLVM 4.x will provide this symbol. Make 3.x work.
++}
++#endif
++
+ namespace fuzzer {
+
+ TracePC TPC;
+EOF
diff --git a/nss/fuzz/fuzz.gyp b/nss/fuzz/fuzz.gyp
new file mode 100644
index 0000000..f4cf8c1
--- /dev/null
+++ b/nss/fuzz/fuzz.gyp
@@ -0,0 +1,302 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../coreconf/config.gypi',
+  ],
+  'target_defaults': {
+    'variables': {
+      'debug_optimization_level': '2',
+    },
+    'target_conditions': [
+      [ '_type=="executable"', {
+        'libraries!': [
+          '<@(nspr_libs)',
+        ],
+        'libraries': [
+          '<(nss_dist_obj_dir)/lib/libplds4.a',
+          '<(nss_dist_obj_dir)/lib/libnspr4.a',
+          '<(nss_dist_obj_dir)/lib/libplc4.a',
+        ],
+      }],
+    ],
+  },
+  'targets': [
+    {
+      'target_name': 'fuzz_base',
+      'dependencies': [
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/util/util.gyp:nssutil',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
+        # This is a static build of pk11wrap, softoken, and freebl.
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+      ],
+      'conditions': [
+        ['fuzz_oss==0', {
+          'type': 'static_library',
+          'sources': [
+            '<!@(ls <(DEPTH)/fuzz/libFuzzer/*.cpp)',
+          ],
+          'cflags/': [
+            ['exclude', '-fsanitize-coverage'],
+          ],
+          'xcode_settings': {
+            'OTHER_CFLAGS/': [
+              ['exclude', '-fsanitize-coverage'],
+            ],
+          },
+        }, {
+          'type': 'none',
+          'all_dependent_settings': {
+            'libraries': ['-lFuzzingEngine'],
+          }
+        }]
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-base',
+      'type': 'none',
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'fuzz_base',
+      ],
+      'direct_dependent_settings': {
+        'include_dirs': [
+          '<(DEPTH)/lib/freebl/mpi',
+        ],
+        'sources': [
+          'mpi_helper.cc',
+        ],
+        'conditions': [
+          [ 'fuzz_oss==1', {
+            'libraries': [
+              '/usr/lib/x86_64-linux-gnu/libcrypto.a',
+            ],
+          }, {
+            'libraries': [
+              '-lcrypto',
+            ],
+          }],
+        ],
+      },
+    },
+    {
+      'target_name': 'nssfuzz-pkcs8',
+      'type': 'executable',
+      'sources': [
+        'asn1_mutators.cc',
+        'pkcs8_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'fuzz_base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-quickder',
+      'type': 'executable',
+      'sources': [
+        'asn1_mutators.cc',
+        'quickder_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'fuzz_base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-certDN',
+      'type': 'executable',
+      'sources': [
+        'certDN_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'fuzz_base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-add',
+      'type': 'executable',
+      'sources': [
+        'mpi_add_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-sub',
+      'type': 'executable',
+      'sources': [
+        'mpi_sub_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-sqr',
+      'type': 'executable',
+      'sources': [
+        'mpi_sqr_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-div',
+      'type': 'executable',
+      'sources': [
+        'mpi_div_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-mod',
+      'type': 'executable',
+      'sources': [
+        'mpi_mod_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-sqrmod',
+      'type': 'executable',
+      'sources': [
+        'mpi_sqrmod_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-addmod',
+      'type': 'executable',
+      'sources': [
+        'mpi_addmod_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-submod',
+      'type': 'executable',
+      'sources': [
+        'mpi_submod_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-mulmod',
+      'type': 'executable',
+      'sources': [
+        'mpi_mulmod_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-expmod',
+      'type': 'executable',
+      'sources': [
+        'mpi_expmod_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-mpi-invmod',
+      'type': 'executable',
+      'sources': [
+        'mpi_invmod_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'nssfuzz-mpi-base',
+      ],
+      'include_dirs': [
+        '<(DEPTH)/lib/freebl',
+      ],
+    },
+    {
+      'target_name': 'nssfuzz-tls-client',
+      'type': 'executable',
+      'sources': [
+        'tls_client_config.cc',
+        'tls_client_socket.cc',
+        'tls_client_target.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        'fuzz_base',
+      ],
+      'include_dirs': [
+        '<(DEPTH)/lib/freebl',
+      ],
+      'conditions': [
+        [ 'fuzz_tls==1', {
+          'defines': [
+            'UNSAFE_FUZZER_MODE',
+          ],
+        }],
+      ],
+    },
+    {
+      'target_name': 'nssfuzz',
+      'type': 'none',
+      'dependencies': [
+        'nssfuzz-certDN',
+        'nssfuzz-pkcs8',
+        'nssfuzz-quickder',
+        'nssfuzz-tls-client',
+      ],
+      'conditions': [
+        ['OS=="linux"', {
+          'dependencies': [
+            'nssfuzz-mpi-add',
+            'nssfuzz-mpi-addmod',
+            'nssfuzz-mpi-div',
+            'nssfuzz-mpi-expmod',
+            'nssfuzz-mpi-invmod',
+            'nssfuzz-mpi-mod',
+            'nssfuzz-mpi-mulmod',
+            'nssfuzz-mpi-sqr',
+            'nssfuzz-mpi-sqrmod',
+            'nssfuzz-mpi-sub',
+            'nssfuzz-mpi-submod',
+          ],
+        }],
+      ],
+    }
+  ],
+}
diff --git a/nss/fuzz/git-copy.sh b/nss/fuzz/git-copy.sh
new file mode 100755
index 0000000..1389dda
--- /dev/null
+++ b/nss/fuzz/git-copy.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+
+if [ $# -lt 3 ]; then
+  echo "Usage: $0 <repo> <branch> <directory>" 1>&2
+  exit 2
+fi
+
+REPO=$1
+COMMIT=$2
+DIR=$3
+
+echo "Copy '$COMMIT' from '$REPO' to '$DIR'"
+if [ -f $DIR/.git-copy ]; then
+  CURRENT=$(cat $DIR/.git-copy)
+  if [ $(echo -n $COMMIT | wc -c) != "40" ]; then
+    ACTUAL=$(git ls-remote $REPO $COMMIT | cut -c 1-40 -)
+  else
+    ACTUAL=$COMMIT
+  fi
+  if [ CURRENT = ACTUAL ]; then
+    echo "Up to date."
+  fi
+fi
+
+mkdir -p $DIR
+git -C $DIR init -q
+git -C $DIR fetch -q --depth=1 $REPO $COMMIT:git-copy-tmp
+git -C $DIR reset --hard git-copy-tmp
+git -C $DIR show-ref HEAD | cut -c 1-40 - > $DIR/.git-copy
+rm -rf $DIR/.git
diff --git a/nss/fuzz/mpi-add.options b/nss/fuzz/mpi-add.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-add.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-addmod.options b/nss/fuzz/mpi-addmod.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-addmod.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-div.options b/nss/fuzz/mpi-div.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-div.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-expmod.options b/nss/fuzz/mpi-expmod.options
new file mode 100644
index 0000000..98fcc34
--- /dev/null
+++ b/nss/fuzz/mpi-expmod.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 1024
+
diff --git a/nss/fuzz/mpi-invmod.options b/nss/fuzz/mpi-invmod.options
new file mode 100644
index 0000000..a38c2fe
--- /dev/null
+++ b/nss/fuzz/mpi-invmod.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 256
diff --git a/nss/fuzz/mpi-mod.options b/nss/fuzz/mpi-mod.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-mod.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-mulmod.options b/nss/fuzz/mpi-mulmod.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-mulmod.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-sqr.options b/nss/fuzz/mpi-sqr.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-sqr.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-sqrmod.options b/nss/fuzz/mpi-sqrmod.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-sqrmod.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-sub.options b/nss/fuzz/mpi-sub.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-sub.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi-submod.options b/nss/fuzz/mpi-submod.options
new file mode 100644
index 0000000..fd32ac1
--- /dev/null
+++ b/nss/fuzz/mpi-submod.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 2048
+
diff --git a/nss/fuzz/mpi_add_target.cc b/nss/fuzz/mpi_add_target.cc
new file mode 100644
index 0000000..3ebad37
--- /dev/null
+++ b/nss/fuzz/mpi_add_target.cc
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  // Compare with OpenSSL addition
+  assert(mp_add(&a, &b, &c) == MP_OKAY);
+  (void)BN_add(C, A, B);
+  check_equal(C, &c, max_size);
+
+  // Check a + b == a - -b
+  mp_neg(&b, &b);
+  assert(mp_sub(&a, &b, &r) == MP_OKAY);
+  bool eq = mp_cmp(&r, &c) == 0;
+  if (!eq) {
+    char rC[max_size], cC[max_size], aC[max_size], bC[max_size];
+    mp_tohex(&r, rC);
+    mp_tohex(&c, cC);
+    mp_tohex(&a, aC);
+    mp_tohex(&b, bC);
+    std::cout << "a = " << std::hex << aC << std::endl;
+    std::cout << "-b = " << std::hex << bC << std::endl;
+    std::cout << "a + b = " << std::hex << cC << std::endl;
+    std::cout << "a - -b = " << std::hex << rC << std::endl;
+  }
+  assert(eq);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/mpi_addmod_target.cc b/nss/fuzz/mpi_addmod_target.cc
new file mode 100644
index 0000000..a7802b6
--- /dev/null
+++ b/nss/fuzz/mpi_addmod_target.cc
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  auto modulus = get_modulus(data, size, ctx);
+  // Compare with OpenSSL add mod
+  m1 = &std::get<1>(modulus);
+  assert(mp_addmod(&a, &b, m1, &c) == MP_OKAY);
+  (void)BN_mod_add(C, A, B, std::get<0>(modulus), ctx);
+  check_equal(C, &c, max_size);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/mpi_div_target.cc b/nss/fuzz/mpi_div_target.cc
new file mode 100644
index 0000000..08c714e
--- /dev/null
+++ b/nss/fuzz/mpi_div_target.cc
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  // We can't divide by 0.
+  if (mp_cmp_z(&b) == 0) {
+    CLEANUP_AND_RETURN
+  }
+
+  // Compare with OpenSSL division
+  assert(mp_div(&a, &b, &c, &r) == MP_OKAY);
+  BN_div(C, R, A, B, ctx);
+  check_equal(C, &c, max_size);
+  check_equal(R, &r, max_size);
+
+  // Check c * b + r == a
+  assert(mp_mul(&c, &b, &c) == MP_OKAY);
+  assert(mp_add(&c, &r, &c) == MP_OKAY);
+  assert(mp_cmp(&c, &a) == 0);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/mpi_expmod_target.cc b/nss/fuzz/mpi_expmod_target.cc
new file mode 100644
index 0000000..ed31da3
--- /dev/null
+++ b/nss/fuzz/mpi_expmod_target.cc
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  auto modulus = get_modulus(data, size, ctx);
+  // Compare with OpenSSL exp mod
+  m1 = &std::get<1>(modulus);
+  assert(mp_exptmod(&a, &b, m1, &c) == MP_OKAY);
+  (void)BN_mod_exp(C, A, B, std::get<0>(modulus), ctx);
+  check_equal(C, &c, 2 * max_size);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/mpi_helper.cc b/nss/fuzz/mpi_helper.cc
new file mode 100644
index 0000000..65cf4b9
--- /dev/null
+++ b/nss/fuzz/mpi_helper.cc
@@ -0,0 +1,100 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Helper functions for MPI fuzzing targets. */
+
+#include "mpi_helper.h"
+#include <cstdlib>
+#include <random>
+
+char *to_char(const uint8_t *x) {
+  return reinterpret_cast<char *>(const_cast<unsigned char *>(x));
+}
+
+// Check that the two numbers are equal.
+void check_equal(BIGNUM *b, mp_int *m, size_t max_size) {
+  char *bnBc = BN_bn2hex(b);
+  char mpiMc[max_size];
+  mp_tohex(m, mpiMc);
+  std::string bnA(bnBc);
+  std::string mpiA(mpiMc);
+  OPENSSL_free(bnBc);
+  // We have to strip leading zeros from bignums, ignoring the sign.
+  if (bnA.at(0) != '-') {
+    bnA.erase(0, std::min(bnA.find_first_not_of('0'), bnA.size() - 1));
+  } else if (bnA.at(1) == '0') {
+    bnA.erase(1, std::min(bnA.find_first_not_of('0', 1) - 1, bnA.size() - 1));
+  }
+
+  if (mpiA != bnA) {
+    std::cout << "openssl: " << std::hex << bnA << std::endl;
+    std::cout << "nss:     " << std::hex << mpiA << std::endl;
+  }
+
+  assert(mpiA == bnA);
+}
+
+// Parse data into two numbers for MPI and OpenSSL Bignum.
+void parse_input(const uint8_t *data, size_t size, BIGNUM *A, BIGNUM *B,
+                 mp_int *a, mp_int *b) {
+  // Note that b might overlap a.
+  size_t len = (size_t)size / 2;
+  assert(mp_read_raw(a, to_char(data), len) == MP_OKAY);
+  assert(mp_read_raw(b, to_char(data) + len, len) == MP_OKAY);
+  // Force a positive sign.
+  // TODO: add tests for negatives.
+  MP_SIGN(a) = MP_ZPOS;
+  MP_SIGN(b) = MP_ZPOS;
+
+  // Skip the first byte as it's interpreted as sign by NSS.
+  assert(BN_bin2bn(data + 1, len - 1, A) != nullptr);
+  assert(BN_bin2bn(data + len + 1, len - 1, B) != nullptr);
+
+  check_equal(A, a, 2 * size + 1);
+  check_equal(B, b, 2 * size + 1);
+}
+
+// Parse data into a number for MPI and OpenSSL Bignum.
+void parse_input(const uint8_t *data, size_t size, BIGNUM *A, mp_int *a) {
+  assert(mp_read_raw(a, to_char(data), size) == MP_OKAY);
+
+  // Force a positive sign.
+  // TODO: add tests for negatives.
+  MP_SIGN(a) = MP_ZPOS;
+
+  // Skip the first byte as it's interpreted as sign by NSS.
+  assert(BN_bin2bn(data + 1, size - 1, A) != nullptr);
+
+  check_equal(A, a, 4 * size + 1);
+}
+
+// Take a chunk in the middle of data and use it as modulus.
+std::tuple<BIGNUM *, mp_int> get_modulus(const uint8_t *data, size_t size,
+                                         BN_CTX *ctx) {
+  BIGNUM *r1 = BN_CTX_get(ctx);
+  mp_int r2;
+  assert(mp_init(&r2) == MP_OKAY);
+
+  size_t len = static_cast<size_t>(size / 4);
+  if (len != 0) {
+    assert(mp_read_raw(&r2, to_char(data + len), len) == MP_OKAY);
+    MP_SIGN(&r2) = MP_ZPOS;
+
+    assert(BN_bin2bn(data + len + 1, len - 1, r1) != nullptr);
+    check_equal(r1, &r2, 2 * len + 1);
+  }
+
+  // If we happen to get 0 for the modulus, take a random number.
+  if (mp_cmp_z(&r2) == 0 || len == 0) {
+    mp_zero(&r2);
+    BN_zero(r1);
+    std::mt19937 rng(data[0]);
+    std::uniform_int_distribution<mp_digit> dist(1, MP_DIGIT_MAX);
+    mp_digit x = dist(rng);
+    mp_add_d(&r2, x, &r2);
+    BN_add_word(r1, x);
+  }
+
+  return std::make_tuple(r1, r2);
+}
diff --git a/nss/fuzz/mpi_helper.h b/nss/fuzz/mpi_helper.h
new file mode 100644
index 0000000..1738374
--- /dev/null
+++ b/nss/fuzz/mpi_helper.h
@@ -0,0 +1,86 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Helper functions for MPI fuzzing targets. */
+
+#ifndef mpi_helper_h__
+#define mpi_helper_h__
+
+#include <iostream>
+#include <string>
+#include <tuple>
+#include <vector>
+
+#include "hasht.h"
+#include "mpi.h"
+
+#include <openssl/bn.h>
+
+void check_equal(BIGNUM *b, mp_int *m, size_t max_size);
+void parse_input(const uint8_t *data, size_t size, BIGNUM *A, BIGNUM *B,
+                 mp_int *a, mp_int *b);
+void parse_input(const uint8_t *data, size_t size, BIGNUM *A, mp_int *a);
+std::tuple<BIGNUM *, mp_int> get_modulus(const uint8_t *data, size_t size,
+                                         BN_CTX *ctx);
+
+// Initialise MPI and BN variables
+// XXX: Also silence unused variable warnings for R.
+#define INIT_FOUR_NUMBERS                \
+  mp_int a, b, c, r;                     \
+  mp_int *m1 = nullptr;                  \
+  BN_CTX *ctx = BN_CTX_new();            \
+  BN_CTX_start(ctx);                     \
+  BIGNUM *A = BN_CTX_get(ctx);           \
+  BIGNUM *B = BN_CTX_get(ctx);           \
+  BIGNUM *C = BN_CTX_get(ctx);           \
+  BIGNUM *R = BN_CTX_get(ctx);           \
+  assert(mp_init(&a) == MP_OKAY);        \
+  assert(mp_init(&b) == MP_OKAY);        \
+  assert(mp_init(&c) == MP_OKAY);        \
+  assert(mp_init(&r) == MP_OKAY);        \
+  size_t max_size = 2 * size + 1;        \
+  parse_input(data, size, A, B, &a, &b); \
+  do {                                   \
+    (void)(R);                           \
+  } while (0);
+
+// Initialise MPI and BN variables
+// XXX: Also silence unused variable warnings for B.
+#define INIT_THREE_NUMBERS        \
+  mp_int a, b, c;                 \
+  BN_CTX *ctx = BN_CTX_new();     \
+  BN_CTX_start(ctx);              \
+  BIGNUM *A = BN_CTX_get(ctx);    \
+  BIGNUM *B = BN_CTX_get(ctx);    \
+  BIGNUM *C = BN_CTX_get(ctx);    \
+  assert(mp_init(&a) == MP_OKAY); \
+  assert(mp_init(&b) == MP_OKAY); \
+  assert(mp_init(&c) == MP_OKAY); \
+  size_t max_size = 4 * size + 1; \
+  parse_input(data, size, A, &a); \
+  do {                            \
+    (void)(B);                    \
+  } while (0);
+
+#define CLEANUP_AND_RETURN \
+  mp_clear(&a);            \
+  mp_clear(&b);            \
+  mp_clear(&c);            \
+  mp_clear(&r);            \
+  if (m1) {                \
+    mp_clear(m1);          \
+  }                        \
+  BN_CTX_end(ctx);         \
+  BN_CTX_free(ctx);        \
+  return 0;
+
+#define CLEANUP_AND_RETURN_THREE \
+  mp_clear(&a);                  \
+  mp_clear(&b);                  \
+  mp_clear(&c);                  \
+  BN_CTX_end(ctx);               \
+  BN_CTX_free(ctx);              \
+  return 0;
+
+#endif  // mpi_helper_h__
diff --git a/nss/fuzz/mpi_invmod_target.cc b/nss/fuzz/mpi_invmod_target.cc
new file mode 100644
index 0000000..9820af9
--- /dev/null
+++ b/nss/fuzz/mpi_invmod_target.cc
@@ -0,0 +1,70 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+#include "mpprime.h"
+
+#include <algorithm>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 4 to get everything we need from data.
+  if (size < 4) {
+    return 0;
+  }
+
+  INIT_THREE_NUMBERS
+
+  // Make a prime of length size.
+  int count = 0;
+  mp_err res = MP_NO;
+  // mpp_make_prime is so slow :( use something smaller than size.
+  int primeLen = std::max(static_cast<int>(size / 4), 3);
+  uint8_t bp[primeLen];
+  memcpy(bp, data, primeLen);
+  do {
+    bp[0] |= 0x80;            /* set high-order bit */
+    bp[primeLen - 1] |= 0x01; /* set low-order bit  */
+    ++count;
+    assert(mp_read_unsigned_octets(&b, bp, primeLen) == MP_OKAY);
+  } while ((res = mpp_make_prime(&b, primeLen * 8, PR_FALSE, nullptr)) !=
+               MP_YES &&
+           count < 10);
+  if (res != MP_YES) {
+    return 0;
+  }
+
+  // Use the same prime in OpenSSL B
+  char tmp[max_size];
+  mp_toradix(&b, tmp, 16);
+  int tmpLen;
+  assert((tmpLen = BN_hex2bn(&B, tmp)) != 0);
+
+  // Compare with OpenSSL invmod
+  res = mp_invmod(&a, &b, &c);
+  BIGNUM *X = BN_mod_inverse(C, A, B, ctx);
+  if (res != MP_OKAY) {
+    // In case we couldn't compute the inverse, OpenSSL shouldn't be able to
+    // either.
+    assert(X == nullptr);
+  } else {
+    check_equal(C, &c, max_size);
+
+    // Check a * c mod b == 1
+    assert(mp_mulmod(&a, &c, &b, &c) == MP_OKAY);
+    bool eq = mp_cmp_d(&c, 1) == 0;
+    if (!eq) {
+      char cC[max_size];
+      mp_tohex(&c, cC);
+      std::cout << "c = " << std::hex << cC << std::endl;
+    }
+    assert(eq);
+  }
+
+  CLEANUP_AND_RETURN_THREE
+}
diff --git a/nss/fuzz/mpi_mod_target.cc b/nss/fuzz/mpi_mod_target.cc
new file mode 100644
index 0000000..85c883f
--- /dev/null
+++ b/nss/fuzz/mpi_mod_target.cc
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  // We can't divide by 0.
+  if (mp_cmp_z(&b) == 0) {
+    CLEANUP_AND_RETURN
+  }
+
+  // Compare with OpenSSL mod
+  assert(mp_mod(&a, &b, &c) == MP_OKAY);
+  (void)BN_mod(C, A, B, ctx);
+  check_equal(C, &c, max_size);
+
+  // Check a mod b = a - floor(a / b) * b
+  assert(mp_div(&a, &b, &r, nullptr) == MP_OKAY);
+  assert(mp_mul(&r, &b, &r) == MP_OKAY);
+  assert(mp_sub(&a, &r, &r) == MP_OKAY);
+  assert(mp_cmp(&c, &r) == 0);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/mpi_mulmod_target.cc b/nss/fuzz/mpi_mulmod_target.cc
new file mode 100644
index 0000000..75585e2
--- /dev/null
+++ b/nss/fuzz/mpi_mulmod_target.cc
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  auto modulus = get_modulus(data, size, ctx);
+  // Compare with OpenSSL mul mod
+  m1 = &std::get<1>(modulus);
+  assert(mp_mulmod(&a, &b, m1, &c) == MP_OKAY);
+  (void)BN_mod_mul(C, A, B, std::get<0>(modulus), ctx);
+  check_equal(C, &c, max_size);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/mpi_sqr_target.cc b/nss/fuzz/mpi_sqr_target.cc
new file mode 100644
index 0000000..b404d62
--- /dev/null
+++ b/nss/fuzz/mpi_sqr_target.cc
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 2 to get an integers from Data.
+  if (size < 2) {
+    return 0;
+  }
+
+  INIT_THREE_NUMBERS
+
+  // Compare with OpenSSL sqr
+  assert(mp_sqr(&a, &c) == MP_OKAY);
+  (void)BN_sqr(C, A, ctx);
+  check_equal(C, &c, max_size);
+
+  // Check a * a == a**2
+  assert(mp_mul(&a, &a, &b) == MP_OKAY);
+  bool eq = mp_cmp(&b, &c) == 0;
+  if (!eq) {
+    char rC[max_size], cC[max_size], aC[max_size];
+    mp_tohex(&b, rC);
+    mp_tohex(&c, cC);
+    mp_tohex(&a, aC);
+    std::cout << "a = " << std::hex << aC << std::endl;
+    std::cout << "a * a = " << std::hex << cC << std::endl;
+    std::cout << "a ** 2 = " << std::hex << rC << std::endl;
+  }
+  assert(eq);
+
+  CLEANUP_AND_RETURN_THREE
+}
diff --git a/nss/fuzz/mpi_sqrmod_target.cc b/nss/fuzz/mpi_sqrmod_target.cc
new file mode 100644
index 0000000..ca403b5
--- /dev/null
+++ b/nss/fuzz/mpi_sqrmod_target.cc
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+
+  INIT_THREE_NUMBERS
+
+  // We can't divide by 0.
+  if (mp_cmp_z(&b) == 0) {
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&c);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return 0;
+  }
+
+  // Compare with OpenSSL square mod
+  assert(mp_sqrmod(&a, &b, &c) == MP_OKAY);
+  (void)BN_mod_sqr(C, A, B, ctx);
+  check_equal(C, &c, max_size);
+
+  CLEANUP_AND_RETURN_THREE
+}
diff --git a/nss/fuzz/mpi_sub_target.cc b/nss/fuzz/mpi_sub_target.cc
new file mode 100644
index 0000000..da20d74
--- /dev/null
+++ b/nss/fuzz/mpi_sub_target.cc
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  // Compare with OpenSSL subtraction
+  assert(mp_sub(&a, &b, &c) == MP_OKAY);
+  (void)BN_sub(C, A, B);
+  check_equal(C, &c, max_size);
+
+  // Check a - b == a + -b
+  mp_neg(&b, &b);
+  assert(mp_add(&a, &b, &r) == MP_OKAY);
+  bool eq = mp_cmp(&r, &c) == 0;
+  if (!eq) {
+    char rC[max_size], cC[max_size], aC[max_size], bC[max_size];
+    mp_tohex(&r, rC);
+    mp_tohex(&c, cC);
+    mp_tohex(&a, aC);
+    mp_tohex(&b, bC);
+    std::cout << "a = " << std::hex << aC << std::endl;
+    std::cout << "-b = " << std::hex << bC << std::endl;
+    std::cout << "a - b = " << std::hex << cC << std::endl;
+    std::cout << "a + -b = " << std::hex << rC << std::endl;
+  }
+  assert(eq);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/mpi_submod_target.cc b/nss/fuzz/mpi_submod_target.cc
new file mode 100644
index 0000000..26b2c53
--- /dev/null
+++ b/nss/fuzz/mpi_submod_target.cc
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This target fuzzes NSS mpi against openssl bignum.
+ * It therefore requires openssl to be installed.
+ */
+
+#include "mpi_helper.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // We require at least size 3 to get two integers from Data.
+  if (size < 3) {
+    return 0;
+  }
+  INIT_FOUR_NUMBERS
+
+  auto modulus = get_modulus(data, size, ctx);
+  // Compare with OpenSSL sub mod
+  m1 = &std::get<1>(modulus);
+  assert(mp_submod(&a, &b, m1, &c) == MP_OKAY);
+  (void)BN_mod_sub(C, A, B, std::get<0>(modulus), ctx);
+  check_equal(C, &c, 2 * max_size);
+
+  CLEANUP_AND_RETURN
+}
diff --git a/nss/fuzz/pkcs8_target.cc b/nss/fuzz/pkcs8_target.cc
new file mode 100644
index 0000000..b6b90c9
--- /dev/null
+++ b/nss/fuzz/pkcs8_target.cc
@@ -0,0 +1,39 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include <vector>
+
+#include "keyhi.h"
+#include "pk11pub.h"
+
+#include "asn1_mutators.h"
+#include "shared.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  SECItem data = {siBuffer, (unsigned char *)Data, (unsigned int)Size};
+
+  static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
+  assert(db != nullptr);
+
+  PK11SlotInfo *slot = PK11_GetInternalSlot();
+  assert(slot != nullptr);
+
+  SECKEYPrivateKey *key = nullptr;
+  if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, &data, nullptr, nullptr,
+                                               false, false, KU_ALL, &key,
+                                               nullptr) == SECSuccess) {
+    SECKEY_DestroyPrivateKey(key);
+  }
+
+  PK11_FreeSlot(slot);
+  return 0;
+}
+
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+                                          size_t MaxSize, unsigned int Seed) {
+  static Mutators mutators = {&ASN1MutatorFlipConstructed,
+                              &ASN1MutatorChangeType};
+  return CustomMutate(mutators, Data, Size, MaxSize, Seed);
+}
diff --git a/nss/fuzz/quickder.options b/nss/fuzz/quickder.options
new file mode 100644
index 0000000..369977d
--- /dev/null
+++ b/nss/fuzz/quickder.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 10000
+
diff --git a/nss/fuzz/quickder_target.cc b/nss/fuzz/quickder_target.cc
new file mode 100644
index 0000000..4d6277d
--- /dev/null
+++ b/nss/fuzz/quickder_target.cc
@@ -0,0 +1,85 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "asn1_mutators.h"
+#include "shared.h"
+
+const std::vector<const SEC_ASN1Template *> templates = {
+    CERT_AttributeTemplate,
+    CERT_CertExtensionTemplate,
+    CERT_CertificateRequestTemplate,
+    CERT_CertificateTemplate,
+    CERT_CrlTemplate,
+    CERT_IssuerAndSNTemplate,
+    CERT_NameTemplate,
+    CERT_PublicKeyAndChallengeTemplate,
+    CERT_RDNTemplate,
+    CERT_SequenceOfCertExtensionTemplate,
+    CERT_SetOfAttributeTemplate,
+    CERT_SetOfSignedCrlTemplate,
+    CERT_SignedCrlTemplate,
+    CERT_SignedDataTemplate,
+    CERT_SubjectPublicKeyInfoTemplate,
+    CERT_TimeChoiceTemplate,
+    CERT_ValidityTemplate,
+    SEC_AnyTemplate,
+    SEC_BitStringTemplate,
+    SEC_BMPStringTemplate,
+    SEC_BooleanTemplate,
+    SEC_CertSequenceTemplate,
+    SEC_EnumeratedTemplate,
+    SEC_GeneralizedTimeTemplate,
+    SEC_IA5StringTemplate,
+    SEC_IntegerTemplate,
+    SEC_NullTemplate,
+    SEC_ObjectIDTemplate,
+    SEC_OctetStringTemplate,
+    SEC_PointerToAnyTemplate,
+    SEC_PointerToEnumeratedTemplate,
+    SEC_PointerToGeneralizedTimeTemplate,
+    SEC_PointerToOctetStringTemplate,
+    SEC_PrintableStringTemplate,
+    SEC_SetOfAnyTemplate,
+    SEC_SetOfEnumeratedTemplate,
+    SEC_SequenceOfAnyTemplate,
+    SEC_SequenceOfObjectIDTemplate,
+    SEC_SignedCertificateTemplate,
+    SEC_SkipTemplate,
+    SEC_T61StringTemplate,
+    SEC_UniversalStringTemplate,
+    SEC_UTCTimeTemplate,
+    SEC_UTF8StringTemplate,
+    SEC_VisibleStringTemplate,
+    SECKEY_DHParamKeyTemplate,
+    SECKEY_DHPublicKeyTemplate,
+    SECKEY_DSAPrivateKeyExportTemplate,
+    SECKEY_DSAPublicKeyTemplate,
+    SECKEY_PQGParamsTemplate,
+    SECKEY_PrivateKeyInfoTemplate,
+    SECKEY_RSAPSSParamsTemplate,
+    SECKEY_RSAPublicKeyTemplate,
+    SECOID_AlgorithmIDTemplate};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  char *dest[2048];
+
+  for (auto tpl : templates) {
+    PORTCheapArenaPool pool;
+    SECItem buf = {siBuffer, const_cast<unsigned char *>(Data),
+                   static_cast<unsigned int>(Size)};
+
+    PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
+    (void)SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf);
+    PORT_DestroyCheapArena(&pool);
+  }
+
+  return 0;
+}
+
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+                                          size_t MaxSize, unsigned int Seed) {
+  static Mutators mutators = {&ASN1MutatorFlipConstructed,
+                              &ASN1MutatorChangeType};
+  return CustomMutate(mutators, Data, Size, MaxSize, Seed);
+}
diff --git a/nss/fuzz/shared.h b/nss/fuzz/shared.h
new file mode 100644
index 0000000..24ca51f
--- /dev/null
+++ b/nss/fuzz/shared.h
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef shared_h__
+#define shared_h__
+
+#include <assert.h>
+#include <random>
+#include "cert.h"
+#include "nss.h"
+
+extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize);
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
+                                          size_t MaxSize, unsigned int Seed);
+
+class NSSDatabase {
+ public:
+  NSSDatabase() { assert(NSS_NoDB_Init(nullptr) == SECSuccess); }
+  ~NSSDatabase() { assert(NSS_Shutdown() == SECSuccess); }
+};
+
+typedef std::vector<decltype(LLVMFuzzerCustomMutator) *> Mutators;
+
+size_t CustomMutate(Mutators &mutators, uint8_t *Data, size_t Size,
+                    size_t MaxSize, unsigned int Seed) {
+  std::mt19937 rng(Seed);
+  static std::bernoulli_distribution bdist;
+
+  if (bdist(rng)) {
+    std::uniform_int_distribution<size_t> idist(0, mutators.size() - 1);
+    return mutators.at(idist(rng))(Data, Size, MaxSize, Seed);
+  }
+
+  return LLVMFuzzerMutate(Data, Size, MaxSize);
+}
+
+#endif  // shared_h__
diff --git a/nss/fuzz/tls-client-no_fuzzer_mode.options b/nss/fuzz/tls-client-no_fuzzer_mode.options
new file mode 100644
index 0000000..8b017d2
--- /dev/null
+++ b/nss/fuzz/tls-client-no_fuzzer_mode.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 20000
+
diff --git a/nss/fuzz/tls-client.options b/nss/fuzz/tls-client.options
new file mode 100644
index 0000000..8b017d2
--- /dev/null
+++ b/nss/fuzz/tls-client.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 20000
+
diff --git a/nss/fuzz/tls_client_config.cc b/nss/fuzz/tls_client_config.cc
new file mode 100644
index 0000000..78ab591
--- /dev/null
+++ b/nss/fuzz/tls_client_config.cc
@@ -0,0 +1,35 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_client_config.h"
+
+const uint64_t CONFIG_FAIL_CERT_AUTH = 1;
+const uint64_t CONFIG_ENABLE_EXTENDED_MS = 2;
+const uint64_t CONFIG_REQUIRE_DH_NAMED_GROUPS = 4;
+const uint64_t CONFIG_ENABLE_FALSE_START = 8;
+
+// XOR 64-bit chunks of data to build a bitmap of config options derived from
+// the fuzzing input. This seems the only way to fuzz various options while
+// still maintaining compatibility with BoringSSL or OpenSSL fuzzers.
+ClientConfig::ClientConfig(const uint8_t* data, size_t len) {
+  for (size_t i = 0; i < len; i++) {
+    config_ ^= static_cast<uint64_t>(data[i]) << (8 * (i % 8));
+  }
+}
+
+bool ClientConfig::FailCertificateAuthentication() {
+  return config_ & CONFIG_FAIL_CERT_AUTH;
+}
+
+bool ClientConfig::EnableExtendedMasterSecret() {
+  return config_ & CONFIG_ENABLE_EXTENDED_MS;
+}
+
+bool ClientConfig::RequireDhNamedGroups() {
+  return config_ & CONFIG_REQUIRE_DH_NAMED_GROUPS;
+}
+
+bool ClientConfig::EnableFalseStart() {
+  return config_ & CONFIG_ENABLE_FALSE_START;
+}
diff --git a/nss/fuzz/tls_client_config.h b/nss/fuzz/tls_client_config.h
new file mode 100644
index 0000000..9cf3cf2
--- /dev/null
+++ b/nss/fuzz/tls_client_config.h
@@ -0,0 +1,24 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_client_config_h__
+#define tls_client_config_h__
+
+#include <stdint.h>
+#include <cstddef>
+
+class ClientConfig {
+ public:
+  ClientConfig(const uint8_t* data, size_t len);
+
+  bool FailCertificateAuthentication();
+  bool EnableExtendedMasterSecret();
+  bool RequireDhNamedGroups();
+  bool EnableFalseStart();
+
+ private:
+  uint64_t config_;
+};
+
+#endif  // tls_client_config_h__
diff --git a/nss/fuzz/tls_client_socket.cc b/nss/fuzz/tls_client_socket.cc
new file mode 100644
index 0000000..b5256a0
--- /dev/null
+++ b/nss/fuzz/tls_client_socket.cc
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <assert.h>
+#include <string.h>
+#include <algorithm>
+
+#include "prerror.h"
+#include "prio.h"
+
+#include "tls_client_socket.h"
+
+int32_t DummyPrSocket::Read(PRFileDesc *f, void *data, int32_t len) {
+  assert(data && len > 0);
+
+  int32_t amount = std::min(len, static_cast<int32_t>(len_));
+  memcpy(data, buf_, amount);
+
+  buf_ += amount;
+  len_ -= amount;
+
+  return amount;
+}
+
+int32_t DummyPrSocket::Write(PRFileDesc *f, const void *buf, int32_t length) {
+  return length;
+}
+
+int32_t DummyPrSocket::Recv(PRFileDesc *f, void *buf, int32_t buflen,
+                            int32_t flags, PRIntervalTime to) {
+  assert(flags == 0);
+  return Read(f, buf, buflen);
+}
diff --git a/nss/fuzz/tls_client_socket.h b/nss/fuzz/tls_client_socket.h
new file mode 100644
index 0000000..c9dc9ba
--- /dev/null
+++ b/nss/fuzz/tls_client_socket.h
@@ -0,0 +1,24 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_client_socket_h__
+#define tls_client_socket_h__
+
+#include "dummy_io.h"
+
+class DummyPrSocket : public DummyIOLayerMethods {
+ public:
+  DummyPrSocket(const uint8_t *buf, size_t len) : buf_(buf), len_(len) {}
+
+  int32_t Read(PRFileDesc *f, void *data, int32_t len) override;
+  int32_t Write(PRFileDesc *f, const void *buf, int32_t length) override;
+  int32_t Recv(PRFileDesc *f, void *buf, int32_t buflen, int32_t flags,
+               PRIntervalTime to) override;
+
+ private:
+  const uint8_t *buf_;
+  size_t len_;
+};
+
+#endif  // tls_client_socket_h__
diff --git a/nss/fuzz/tls_client_target.cc b/nss/fuzz/tls_client_target.cc
new file mode 100644
index 0000000..d1dda12
--- /dev/null
+++ b/nss/fuzz/tls_client_target.cc
@@ -0,0 +1,130 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <assert.h>
+#include <stdint.h>
+#include <memory>
+
+#include "blapi.h"
+#include "prinit.h"
+#include "ssl.h"
+
+#include "shared.h"
+#include "tls_client_config.h"
+#include "tls_client_socket.h"
+
+static PRStatus EnableAllProtocolVersions() {
+  SSLVersionRange supported;
+
+  SECStatus rv = SSL_VersionRangeGetSupported(ssl_variant_stream, &supported);
+  assert(rv == SECSuccess);
+
+  rv = SSL_VersionRangeSetDefault(ssl_variant_stream, &supported);
+  assert(rv == SECSuccess);
+
+  return PR_SUCCESS;
+}
+
+static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig,
+                                     PRBool isServer) {
+  assert(!isServer);
+  auto config = reinterpret_cast<ClientConfig*>(arg);
+  return config->FailCertificateAuthentication() ? SECFailure : SECSuccess;
+}
+
+static void SetSocketOptions(PRFileDesc* fd,
+                             std::unique_ptr<ClientConfig>& config) {
+  // Disable session cache for now.
+  SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, true);
+  assert(rv == SECSuccess);
+
+  rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET,
+                     config->EnableExtendedMasterSecret());
+  assert(rv == SECSuccess);
+
+  rv = SSL_OptionSet(fd, SSL_REQUIRE_DH_NAMED_GROUPS,
+                     config->RequireDhNamedGroups());
+  assert(rv == SECSuccess);
+
+  rv = SSL_OptionSet(fd, SSL_ENABLE_FALSE_START, config->EnableFalseStart());
+  assert(rv == SECSuccess);
+
+  rv =
+      SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
+  assert(rv == SECSuccess);
+}
+
+static void EnableAllCipherSuites(PRFileDesc* fd) {
+  for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    SECStatus rv = SSL_CipherPrefSet(fd, SSL_ImplementedCiphers[i], true);
+    assert(rv == SECSuccess);
+  }
+}
+
+// This is only called when we set SSL_ENABLE_FALSE_START=1,
+// so we can always just set *canFalseStart=true.
+static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg,
+                                       PRBool* canFalseStart) {
+  *canFalseStart = true;
+  return SECSuccess;
+}
+
+static void SetupCallbacks(PRFileDesc* fd, ClientConfig* config) {
+  SECStatus rv = SSL_AuthCertificateHook(fd, AuthCertificateHook, config);
+  assert(rv == SECSuccess);
+
+  rv = SSL_SetCanFalseStartCallback(fd, CanFalseStartCallback, nullptr);
+  assert(rv == SECSuccess);
+}
+
+static void DoHandshake(PRFileDesc* fd) {
+  SECStatus rv = SSL_ResetHandshake(fd, false /* asServer */);
+  assert(rv == SECSuccess);
+
+  do {
+    rv = SSL_ForceHandshake(fd);
+  } while (rv != SECSuccess && PR_GetError() == PR_WOULD_BLOCK_ERROR);
+
+  // If the handshake succeeds, let's read some data from the server, if any.
+  if (rv == SECSuccess) {
+    uint8_t block[1024];
+    int32_t nb;
+
+    // Read application data and echo it back.
+    while ((nb = PR_Read(fd, block, sizeof(block))) > 0) {
+      PR_Write(fd, block, nb);
+    }
+  }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
+  static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
+  assert(db != nullptr);
+
+  EnableAllProtocolVersions();
+  std::unique_ptr<ClientConfig> config(new ClientConfig(data, len));
+
+#ifdef UNSAFE_FUZZER_MODE
+  // Reset the RNG state.
+  SECStatus rv = RNG_ResetForFuzzing();
+  assert(rv == SECSuccess);
+#endif
+
+  // Create and import dummy socket.
+  std::unique_ptr<DummyPrSocket> socket(new DummyPrSocket(data, len));
+  static PRDescIdentity id = PR_GetUniqueIdentity("fuzz-client");
+  ScopedPRFileDesc fd(DummyIOLayerMethods::CreateFD(id, socket.get()));
+  PRFileDesc* ssl_fd = SSL_ImportFD(nullptr, fd.get());
+  assert(ssl_fd == fd.get());
+
+  // Probably not too important for clients.
+  SSL_SetURL(ssl_fd, "server");
+
+  SetSocketOptions(ssl_fd, config);
+  EnableAllCipherSuites(ssl_fd);
+  SetupCallbacks(ssl_fd, config.get());
+  DoHandshake(ssl_fd);
+
+  return 0;
+}
diff --git a/nss/fuzz/warning.txt b/nss/fuzz/warning.txt
new file mode 100644
index 0000000..fdfa90e
--- /dev/null
+++ b/nss/fuzz/warning.txt
@@ -0,0 +1,16 @@
+
+##################################################
+##                                              ##
+##  WARNING: You're building with -Dfuzz_tls=1  ##
+##                                              ##
+##  This means:                                 ##
+##                                              ##
+##   * Your PRNG is DETERMINISTIC.              ##
+##   * TLS transcripts are PLAINTEXT.           ##
+##   * Session tickets are NOT encrypted.       ##
+##   * TLS signature/MAC checks are DISABLED.   ##
+##                                              ##
+##  Thank you for fuzzing!                      ##
+##                                              ##
+##################################################
+
diff --git a/nss/gtests/.clang-format b/nss/gtests/.clang-format
new file mode 100644
index 0000000..06e3c51
--- /dev/null
+++ b/nss/gtests/.clang-format
@@ -0,0 +1,4 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+...
diff --git a/nss/gtests/Makefile b/nss/gtests/Makefile
new file mode 100644
index 0000000..2b54925
--- /dev/null
+++ b/nss/gtests/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/gtests/README b/nss/gtests/README
new file mode 100644
index 0000000..75c452f
--- /dev/null
+++ b/nss/gtests/README
@@ -0,0 +1,15 @@
+GTest-based Unit Tests
+
+This directory contains GTest-based unit tests for NSS libssl.
+
+If your environment doesn't have C++ compiler suitable to build these tests,
+you may disable them using ``NSS_DISABLE_GTESTS=1''
+
+Once built, they are run as part of running ``test/all.sh''
+You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''
+
+They can be run standalone or under a debugger by invoking the ssl_gtest
+executable with a ``-d'' option pointing to the directory created by either
+of the above options.  You can find that in
+
+  tests_results/security/${hostname}.${NUMBER}/ssl_gtests
diff --git a/nss/gtests/common/Makefile b/nss/gtests/common/Makefile
new file mode 100644
index 0000000..e17bc28
--- /dev/null
+++ b/nss/gtests/common/Makefile
@@ -0,0 +1,41 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/gtests/common/gtest.gypi b/nss/gtests/common/gtest.gypi
new file mode 100644
index 0000000..e0ffc86
--- /dev/null
+++ b/nss/gtests/common/gtest.gypi
@@ -0,0 +1,45 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'target_defaults': {
+    'include_dirs': [
+      '<(DEPTH)/gtests/google_test/gtest/include',
+      '<(DEPTH)/gtests/common',
+      '<(DEPTH)/cpputil',
+    ],
+    'cflags': [
+      '-Wsign-compare',
+    ],
+    'xcode_settings': {
+      'OTHER_CFLAGS': [
+        '-Wsign-compare',
+      ],
+    },
+    'conditions': [
+      ['OS=="win"', {
+        'libraries': [
+          '-lws2_32',
+        ],
+      }],
+      ['OS=="android"', {
+        'libraries': [
+          '-lstdc++',
+        ],
+      }],
+      [ 'fuzz_tls==1', {
+        'defines': [
+          'UNSAFE_FUZZER_MODE',
+        ],
+      }],
+    ],
+    'msvs_settings': {
+      'VCCLCompilerTool': {
+        'ExceptionHandling': 1,
+        'PreprocessorDefinitions': [
+          'NOMINMAX',
+        ],
+      },
+    },
+  },
+}
diff --git a/nss/gtests/common/gtest.mk b/nss/gtests/common/gtest.mk
new file mode 100644
index 0000000..ecb324e
--- /dev/null
+++ b/nss/gtests/common/gtest.mk
@@ -0,0 +1,36 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include $(CORE_DEPTH)/cmd/platlibs.mk
+
+MKPROG = $(CCC)
+MKSHLIB	= $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
+
+# gtests pick up errors with signed/unsigned comparisons on some platforms
+# even though we disabled -Wsign-compare.
+# This catches that by enabling the warning.
+# Only add -Wsign-compare if -Werror is enabled, lest we add it on the wrong
+# platform.
+ifeq (-Werror,$(filter -Werror -Wsign-compare,$(WARNING_CFLAGS)))
+WARNING_CFLAGS += -Wsign-compare
+endif
+WARNING_CFLAGS := $(filter-out -w44018,$(WARNING_CFLAGS))
+
+ifeq (WINNT,$(OS_ARCH))
+    # -EHsc because gtest has exception handlers
+    OS_CFLAGS += -EHsc -nologo
+    # http://www.suodenjoki.dk/us/archive/2010/min-max.htm
+    OS_CFLAGS += -DNOMINMAX
+
+    # Linking to winsock to get htonl
+    OS_LIBS += Ws2_32.lib
+
+    # On windows, we need to create the parent directory
+    # Needed because we include files from a subdirectory
+    MAKE_OBJDIR = $(INSTALL) -D $(dir $@)
+else
+    CXXFLAGS += -std=c++0x
+endif
diff --git a/nss/gtests/common/gtests.cc b/nss/gtests/common/gtests.cc
new file mode 100644
index 0000000..bd5a97a
--- /dev/null
+++ b/nss/gtests/common/gtests.cc
@@ -0,0 +1,26 @@
+#include "nspr.h"
+#include "nss.h"
+#include "ssl.h"
+
+#include <cstdlib>
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return 1;
+  }
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    return 1;
+  }
+  int rv = RUN_ALL_TESTS();
+
+  if (NSS_Shutdown() != SECSuccess) {
+    return 1;
+  }
+
+  return rv;
+}
diff --git a/nss/gtests/common/manifest.mn b/nss/gtests/common/manifest.mn
new file mode 100644
index 0000000..a40989b
--- /dev/null
+++ b/nss/gtests/common/manifest.mn
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      gtests.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common \
+            -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
+
+# NOTE: this is not actually used but required to build gtests.o
+PROGRAM = gtests
diff --git a/nss/gtests/der_gtest/Makefile b/nss/gtests/der_gtest/Makefile
new file mode 100644
index 0000000..0d547e0
--- /dev/null
+++ b/nss/gtests/der_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/gtests/der_gtest/der_getint_unittest.cc b/nss/gtests/der_gtest/der_getint_unittest.cc
new file mode 100644
index 0000000..e4b225e
--- /dev/null
+++ b/nss/gtests/der_gtest/der_getint_unittest.cc
@@ -0,0 +1,122 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <climits>
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secutil.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+class DERIntegerDecodingTest : public ::testing::Test {
+ public:
+  void TestGetInteger(long number, unsigned char *der_number,
+                      unsigned int len) {
+    SECItem input = {siBuffer, der_number, len};
+    EXPECT_EQ(number, DER_GetInteger(&input));
+  }
+
+  void GetDerLongMax(unsigned char *der_number, unsigned int len) {
+    der_number[0] = 0x7F;
+    for (unsigned int i = 1; i < len; ++i) {
+      der_number[i] = 0xFF;
+    }
+  }
+
+  void GetDerLongMin(unsigned char *der_number, unsigned int len) {
+    der_number[0] = 0x80;
+    for (unsigned int i = 1; i < len; ++i) {
+      der_number[i] = 0x00;
+    }
+  }
+};
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinus126) {
+  unsigned char der[] = {0x82};
+  TestGetInteger(-126, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLong130) {
+  unsigned char der[] = {0x00, 0x82};
+  TestGetInteger(130, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLong130Padded) {
+  unsigned char der[sizeof(long) * 2] = {0};
+  der[sizeof(der) - 1] = {0x82};
+  TestGetInteger(130, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLong0) {
+  unsigned char der[] = {0x00};
+  TestGetInteger(0, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLong1) {
+  unsigned char der[] = {0x01};
+  TestGetInteger(1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinus1) {
+  unsigned char der[] = {0xFF};
+  TestGetInteger(-1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinus1Padded) {
+  unsigned char der[sizeof(long) * 2];
+  memset(der, 0xFF, sizeof(der));
+  TestGetInteger(-1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMax) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMax(der, sizeof(long));
+  TestGetInteger(LONG_MAX, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMin) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMin(der, sizeof(long));
+  TestGetInteger(LONG_MIN, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMaxMinus1) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMax(der, sizeof(long));
+  der[sizeof(long) - 1] = 0xFE;
+  TestGetInteger(LONG_MAX - 1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinPlus1) {
+  unsigned char der[sizeof(long)];
+  GetDerLongMin(der, sizeof(long));
+  der[sizeof(long) - 1] = 0x01;
+  TestGetInteger(LONG_MIN + 1, der, sizeof(der));
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMinMinus1) {
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMax(der, sizeof(long) + 1);
+  der[0] = 0xFF;
+  der[1] = 0x7F;
+  TestGetInteger(LONG_MIN, der, sizeof(der));
+  EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
+}
+
+TEST_F(DERIntegerDecodingTest, DecodeLongMaxPlus1) {
+  unsigned char der[sizeof(long) + 1];
+  GetDerLongMin(der, sizeof(long) + 1);
+  der[0] = 0x00;
+  der[1] = 0x80;
+  TestGetInteger(LONG_MAX, der, sizeof(der));
+  EXPECT_EQ(SEC_ERROR_BAD_DER, PORT_GetError());
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/der_gtest/der_gtest.gyp b/nss/gtests/der_gtest/der_gtest.gyp
new file mode 100644
index 0000000..5c6ad86
--- /dev/null
+++ b/nss/gtests/der_gtest/der_gtest.gyp
@@ -0,0 +1,30 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'der_gtest',
+      'type': 'executable',
+      'sources': [
+        'der_getint_unittest.cc',
+        'der_private_key_import_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
+        '<(DEPTH)/lib/nss/nss.gyp:nss3',
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/gtests/der_gtest/der_private_key_import_unittest.cc b/nss/gtests/der_gtest/der_private_key_import_unittest.cc
new file mode 100644
index 0000000..836cc78
--- /dev/null
+++ b/nss/gtests/der_gtest/der_private_key_import_unittest.cc
@@ -0,0 +1,110 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <climits>
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "secutil.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+const std::vector<uint8_t> kValidRSAKey = {
+    // 512-bit RSA private key (PKCS#8)
+    0x30, 0x82, 0x01, 0x54, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x01, 0x3e, 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
+    0xa2, 0x40, 0xce, 0xb5, 0x4e, 0x70, 0xdc, 0x14, 0x82, 0x5b, 0x58, 0x7d,
+    0x2f, 0x5d, 0xfd, 0x46, 0x3c, 0x4b, 0x82, 0x50, 0xb6, 0x96, 0x00, 0x4a,
+    0x1a, 0xca, 0xaf, 0xe4, 0x9b, 0xcf, 0x38, 0x4a, 0x46, 0xaa, 0x9f, 0xb4,
+    0xd9, 0xc7, 0xee, 0x88, 0xe9, 0xef, 0x0a, 0x31, 0x5f, 0x53, 0x86, 0x8f,
+    0x63, 0x68, 0x0b, 0x58, 0x34, 0x72, 0x49, 0xba, 0xed, 0xd9, 0x34, 0x15,
+    0x16, 0xc4, 0xca, 0xb7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x40, 0x34,
+    0xe6, 0xdc, 0x7e, 0xd0, 0xec, 0x8b, 0x55, 0x44, 0x8b, 0x73, 0xf6, 0x9d,
+    0x13, 0x10, 0x19, 0x6e, 0x5f, 0x50, 0x45, 0xf0, 0xc2, 0x47, 0xa5, 0xe1,
+    0xc6, 0x64, 0x43, 0x2d, 0x6a, 0x0a, 0xf7, 0xe7, 0xda, 0x40, 0xb8, 0x3a,
+    0xf0, 0x47, 0xdd, 0x01, 0xf5, 0xe0, 0xa9, 0x0e, 0x47, 0xc2, 0x24, 0xd7,
+    0xb5, 0x13, 0x3a, 0x35, 0x4d, 0x11, 0xaa, 0x50, 0x03, 0xb3, 0xe8, 0x54,
+    0x6c, 0x99, 0x01, 0x02, 0x21, 0x00, 0xcd, 0xb2, 0xd7, 0xa7, 0x43, 0x5b,
+    0xcb, 0x45, 0xe5, 0x0e, 0x86, 0xf6, 0xc1, 0x4e, 0x97, 0xed, 0x78, 0x1f,
+    0x09, 0x56, 0xcd, 0x26, 0xe6, 0xf7, 0x5e, 0xd9, 0xfc, 0x88, 0x12, 0x5f,
+    0x84, 0x07, 0x02, 0x21, 0x00, 0xc9, 0xee, 0x30, 0xaf, 0x6c, 0xb9, 0x5a,
+    0xc9, 0xc1, 0x14, 0x9e, 0xd8, 0x4b, 0x33, 0x38, 0x48, 0x17, 0x41, 0x35,
+    0x94, 0x09, 0xf3, 0x69, 0xc4, 0x97, 0xbe, 0x17, 0x7d, 0x95, 0x0f, 0xb7,
+    0xd1, 0x02, 0x21, 0x00, 0x8b, 0x0e, 0xf9, 0x8d, 0x61, 0x13, 0x20, 0x63,
+    0x9b, 0x0b, 0x6c, 0x20, 0x4a, 0xe4, 0xa7, 0xfe, 0xe8, 0xf3, 0x0a, 0x6c,
+    0x3c, 0xfa, 0xac, 0xaf, 0xd4, 0xd6, 0xc7, 0x4a, 0xf2, 0x28, 0xd2, 0x67,
+    0x02, 0x20, 0x6b, 0x0e, 0x1d, 0xbf, 0x93, 0x5b, 0xbd, 0x77, 0x43, 0x27,
+    0x24, 0x83, 0xb5, 0x72, 0xa5, 0x3f, 0x0b, 0x1d, 0x26, 0x43, 0xa2, 0xf6,
+    0xea, 0xb7, 0x30, 0x5f, 0xb6, 0x62, 0x7c, 0xf9, 0x85, 0x51, 0x02, 0x20,
+    0x3d, 0x22, 0x63, 0x15, 0x6b, 0x32, 0x41, 0x46, 0x44, 0x78, 0xb7, 0x13,
+    0xeb, 0x85, 0x4c, 0x4f, 0x6b, 0x3e, 0xf0, 0x52, 0xf0, 0x46, 0x3b, 0x65,
+    0xd8, 0x21, 0x7d, 0xae, 0xc0, 0x09, 0x98, 0x34};
+
+const std::vector<uint8_t> kInvalidLengthKey = {
+    0x30, 0x1b,        // SEQUENCE(len=27)
+    0x02, 0x01, 0x00,  // INT(len=1) = 0
+    0x30, 0x13,        // SEQUENCE(len=19)
+    0x06, 0x07,        // OID(len=7)
+    // dhPublicKey (1.2.840.10046.2.1)
+    0x2a, 0x86, 0x48, 0xce, 0x3e, 0x02, 0x01, 0x06, 0x08,  // OID(len=8)
+    // prime256v1 (1.2.840.10045.3.1.7) */
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04,
+    0x00  // OCTET STRING(len=0)
+};
+
+const std::vector<uint8_t> kInvalidZeroLengthKey = {
+    0x30, 0x1a,        // SEQUENCE(len=26)
+    0x02, 0x01, 0x00,  // INT(len=1) = 0
+    0x30, 0x13,        // SEQUENCE(len=19)
+    0x06, 0x07,        // OID(len=7)
+    // dhPublicKey (1.2.840.10046.2.1)
+    0x2a, 0x86, 0x48, 0xce, 0x3e, 0x02, 0x01, 0x06, 0x08,  // OID(len=8)
+    // prime256v1 (1.2.840.10045.3.1.7) */
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04,
+    0x00  // OCTET STRING(len=0)
+};
+
+class DERPrivateKeyImportTest : public ::testing::Test {
+ public:
+  bool ParsePrivateKey(const std::vector<uint8_t>& data) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    EXPECT_TRUE(slot);
+
+    SECKEYPrivateKey* key = nullptr;
+    SECItem item = {siBuffer, const_cast<unsigned char*>(data.data()),
+                    (unsigned int)data.size()};
+
+    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+        slot.get(), &item, nullptr, nullptr, false, false, KU_ALL, &key,
+        nullptr);
+
+    EXPECT_EQ(rv == SECSuccess, key != nullptr);
+    SECKEY_DestroyPrivateKey(key);
+
+    return rv == SECSuccess;
+  }
+};
+
+TEST_F(DERPrivateKeyImportTest, ImportPrivateRSAKey) {
+  EXPECT_TRUE(ParsePrivateKey(kValidRSAKey));
+  EXPECT_FALSE(PORT_GetError());
+}
+
+TEST_F(DERPrivateKeyImportTest, ImportInvalidPrivateKey) {
+  EXPECT_FALSE(ParsePrivateKey(kInvalidLengthKey));
+  EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_DER);
+}
+
+TEST_F(DERPrivateKeyImportTest, ImportZeroLengthPrivateKey) {
+  EXPECT_FALSE(ParsePrivateKey(kInvalidZeroLengthKey));
+  EXPECT_EQ(PORT_GetError(), SEC_ERROR_BAD_KEY);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/der_gtest/manifest.mn b/nss/gtests/der_gtest/manifest.mn
new file mode 100644
index 0000000..93df2ef
--- /dev/null
+++ b/nss/gtests/der_gtest/manifest.mn
@@ -0,0 +1,23 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      der_getint_unittest.cc \
+      der_private_key_import_unittest.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common \
+            -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = der_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
diff --git a/nss/gtests/freebl_gtest/freebl_gtest.gyp b/nss/gtests/freebl_gtest/freebl_gtest.gyp
new file mode 100644
index 0000000..d285954
--- /dev/null
+++ b/nss/gtests/freebl_gtest/freebl_gtest.gyp
@@ -0,0 +1,69 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'freebl_gtest',
+      'type': 'executable',
+      'sources': [
+        'mpi_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+      ],
+      'conditions': [
+        [ 'ct_verif==1', {
+          'defines': [
+            'CT_VERIF',
+          ],
+        }],
+      ],
+    },
+    {
+      'target_name': 'prng_gtest',
+      'type': 'executable',
+      'sources': [
+        'prng_kat_unittest.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+      ],
+    },
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '<(DEPTH)/lib/freebl/mpi',
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/gtests/freebl_gtest/kat/Hash_DRBG.rsp b/nss/gtests/freebl_gtest/kat/Hash_DRBG.rsp
new file mode 100644
index 0000000..dcb1823
--- /dev/null
+++ b/nss/gtests/freebl_gtest/kat/Hash_DRBG.rsp
@@ -0,0 +1,17702 @@
+# CAVS 14.3
+# DRBG800-90A information for "drbg_pr"
+# Generated on Tue Apr 02 15:32:09 2013
+# cf68c42bf1726c7b043771f23f709303f1120174625d731b2596379534b6c923dfe792e9fb4e736551b9e9be3bd2f722dfafa9e64011ff6d4977df1bcea4a996
+
+# Hash_DRBG options: SHA-1 :: SHA-224 :: SHA-256 :: SHA-384 :: SHA-512 :: SHA-512/224 :: SHA-512/256
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 1610b828ccd27de08ceea032a20e9208
+Nonce = 492cf1709242f6b5
+PersonalizationString = 
+EntropyInputReseed = 72d28c908edaf9a4d1e526d8f2ded544
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 56f33d4fdbb9a5b64d26234497e9dcb87798c68d08f7c41199d4bddf97ebbf6cb5550e5d149ff4d5bd0f05f25a6988c17436396227184af84a564335658e2f8572bea333eee2abff22ffa6de3e22aca2
+
+COUNT = 1
+EntropyInput = 550875b74ec11f906778a31a37a329fd
+Nonce = 08dd8cd35bfa0094
+PersonalizationString = 
+EntropyInputReseed = 96c639ec149f6b28e2793bb9379e6067
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ee44c6cf2c0c73a8ac4ca56c0e712ca5509a195de45b8d2bc940a7db66c3eb2aa1bdb4dd76851245802e68054aaba87cd63ad3e5c97c06e7a39ff6f98eb3d972d41135e5e7461b499c56456abe7f77d4
+
+COUNT = 2
+EntropyInput = 507ba51eb254372774af4a0dd06ccb9c
+Nonce = 24afb1e6d8333e45
+PersonalizationString = 
+EntropyInputReseed = 47f7c11fa49bceaf4704e1461d9a1b85
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 542327195681a3c14cff019b9deae48a1b1b6ea475a9e7c55c5e0b74b257474179693edff166ae515137670abc6880868dce6ef93f01c5f57085b6f8a7570db4f2e04287419fa88425f6446ce2c0ea46
+
+COUNT = 3
+EntropyInput = 176c4b4bcd00beeb3b3006ce7c79b1ce
+Nonce = 00570adea1b11d0e
+PersonalizationString = 
+EntropyInputReseed = efcdb4a860c38f12822508b08ad0e381
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3ec0a7b0824d74c6fe84813199e699953f5ccd4c937d6224e55d258a4e4513c5f3d2b7119c68070b92c71200329106208cddf293b288a1ba1794d189d77b706a920138172f25bd2c8188699a4e1633c5
+
+COUNT = 4
+EntropyInput = 618e4b2e79bf0544e41e48510632e99d
+Nonce = 11c09a3f14787b62
+PersonalizationString = 
+EntropyInputReseed = 41a4aeacbb827faae7f3f3c1ddd99016
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9543339c5d0ffb2e4d7e79416ee89611aa456f23fac0a0a4912c12077bc99d2b1d81ea8b28c1984702deb8279b5e4a2865e047cd344ef3c8595fcb031fc3794e08e5f95aa7a313def1b1f54d0875b1d3
+
+COUNT = 5
+EntropyInput = bf5d896204b2d71a9a9eeadd58bac275
+Nonce = 1310b8c65a0eb394
+PersonalizationString = 
+EntropyInputReseed = db24715d9c747b8160ed1df59829e231
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0d6af856bb2e06db94f3f87e49e376236d93023af557a1f012eb7018cbdee4fb1aa41d0914c2cd760b329e40e3df8495c47d8bf62e50d90a094304541df4414ca69f9539f5c5e7fa74f6aa90789eb68f
+
+COUNT = 6
+EntropyInput = a7dca72a320967c867d8f1872cc36f38
+Nonce = 0bd4fcebe44e97f2
+PersonalizationString = 
+EntropyInputReseed = 1f038f2276f994e8591fb7a61956f505
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2853bd82112a794129b2fd527cbe4d53b5cde0ae7bd30e9177af7191d4a9261aa1eb8dcc3ed0ef59eeaa3b79ee8928bdc2043f7e64e23efa5820497a18092ce5c0dd8942e26319c1c3643add752db1ed
+
+COUNT = 7
+EntropyInput = 0a0013c6ce7bff5bd71c88d9dc2b3ee3
+Nonce = 6d9b2c2901c5cc41
+PersonalizationString = 
+EntropyInputReseed = 6bad427539359fcbc85a0cf102983601
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 75c2514d553bd8ba341e5cbc02876790adc4e1b7fc65ffe2da79dd0b213ab53d34a5a4f7b0ce0a0e5c89180f061db8ebde9461d541879edc2000093460674660df929b4e6f566260b1bcf9d465bfbc98
+
+COUNT = 8
+EntropyInput = 3d6b261f3fb19de1082bba9a46f403ac
+Nonce = fd976be5cbfe4c5f
+PersonalizationString = 
+EntropyInputReseed = 2e8d73b4fa4bb348900cb247ea88b297
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = faa7ae51a990dd67f6e19c11e647f99a64556ba225ebb7b586df899eadada5eef2689fb5e34eb5734355922e57b41395254ad17b39c4d50db35ef141c724fb8dfe6626bdd9ea097bd2fe0bde9e215881
+
+COUNT = 9
+EntropyInput = 659521dd7c43c58cb0e0ae953b829c53
+Nonce = c79eb036b2c0e722
+PersonalizationString = 
+EntropyInputReseed = 8fbaa9a580c943f150f557b6262dbed4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0de2196912f843d943e975ed9fecaa701b873b2a6cae4a862f4aecf7211574de82f43608dfb7aee3db3c880e22bcac175e9c45fcc32cf3f42f58681d51dc8fcb988f9e0ba6a45106becf89b9058a95b8
+
+COUNT = 10
+EntropyInput = 58dbf71b96a3d390f071248c2134601e
+Nonce = 992f3aa2d208fb8e
+PersonalizationString = 
+EntropyInputReseed = 4d13f73089b45f61dbde74959ddc5204
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9685966e1c496cd01e4c5ed607aa7f43de3f4cba7bad20587afa7ebf9ed5398944b725d1e4e139c3ebd1fa3eeacc9759f5cd56675ccc82d0a4e51b0019384082485266732479cddc354051e51c2b2957
+
+COUNT = 11
+EntropyInput = 7fe8b23193eeafc639b38dcdc310d0a7
+Nonce = 2d1164529f277715
+PersonalizationString = 
+EntropyInputReseed = 40faf6201f2dd1a3b37a7979f5579fed
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e43728c19c611349ec8a3747a6b1d4dfb7583a851a9feae7b85c7afb5d804a22cac9b961a3d7a1947c8557dde11ffb47d0b2397a02c450cf4cc9d906c6a110d840eef120a32a00fe4bf64a72983cc816
+
+COUNT = 12
+EntropyInput = 3b45a424d559d13685260d3f5e0c868f
+Nonce = 93fdd53fde18ab61
+PersonalizationString = 
+EntropyInputReseed = c49d004cc4a4293b82bb0fe8cb23be4f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 77844be2987b1324f06cae9a29f0654e7d94d2a3ec7d79d91f6bb34c6b03deffa19a1f4a7106ff7edab80f666246eead47ac67deabbcad346a7cec3194e6252957a2fe7e921c1eb804bbd0381f92a523
+
+COUNT = 13
+EntropyInput = 9d08544421f30ae7855ae1f3860a1279
+Nonce = 237904c40c13ddea
+PersonalizationString = 
+EntropyInputReseed = 26afd4f369e5d33f11de1233041c4f6e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c72464c3200cde538c5fa90fbe93a30c633daf47376692b6f6f084a76540994e38a88b40655d52c8028ebfd446eae51d7ba5600f693a4b7344c16862896d34e86cdef235b1035e794672c19f99bcc23c
+
+COUNT = 14
+EntropyInput = a332a07de61bd55a25a4ca4e07715363
+Nonce = 70a713a6937746bb
+PersonalizationString = 
+EntropyInputReseed = a6dfe8d5b5844ba4b66522de8be68b9d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6d323d527613472c7e553831d8eac7aa470e26d353f6223de9ef7e5aa73507f5e23931a8bf307b6ef5ec71b5e152ceb2ac0b2f48411b98d18eaa734bcbeaf3874fe98e8355303e346447c74182a23d1e
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = d9bab5cedca96f6178d64509a0dfdc5e
+Nonce = dad8989414450e01
+PersonalizationString = 
+EntropyInputReseed = c6bad074c5906786f5e1f32099f5b491
+AdditionalInputReseed = 3e6bf46f4daa3825d7194e694e7752f7
+AdditionalInput = 04fa2895aa5a6f8c5743343b805e5ea4
+AdditionalInput = df5dc459dff02aa2f052d721ec607230
+ReturnedBits = c48b89f9da3f748245555d5d033b693dd71a4df5690205cefcd720113cc24e098936ff5e77b541535870b339468cdd8d6faf8c56163a700a75b23e599b5aecf16f3baf6d5f2419971f24f446720feabe
+
+COUNT = 1
+EntropyInput = 28000fbff05722c8899306c29b50780a
+Nonce = 112f6e20c029ed3f
+PersonalizationString = 
+EntropyInputReseed = d9958e8c08af5a410e919bdf408e5a0a
+AdditionalInputReseed = 911d965b6e77a96cfe3ff2d2e30e2a86
+AdditionalInput = cd44d996ab05efe827d36583f143182c
+AdditionalInput = 9f6a318212184e70af5d00141f4282f6
+ReturnedBits = 546165921e714ad139022f97d2653f0d4769b14a3e6eefa1a016d69ea97f51d581dcaacf66f9b1e8069441d6b5c544605407e8e7dc1cd8e470ad84775a6531bee0fc8136e28f0bfeebe198627e98e0c1
+
+COUNT = 2
+EntropyInput = 501903be9f3db7c9c2df6ab142477052
+Nonce = 7ca694dab1449f3c
+PersonalizationString = 
+EntropyInputReseed = 060d4dafe897039abdb0f5c63e6aeff4
+AdditionalInputReseed = 76bd230eda0702586b6ab8ef2fc93bbc
+AdditionalInput = 66275bc4e0ffde0f238ea23e33e52eb6
+AdditionalInput = 2418a8665d99c01da45d6a8f7f957b39
+ReturnedBits = d85e9dee72baf075a02223927466c79cc614b9c0d56bcb7badb29989f9858343e5059a711b6037f30556102f4733dec617ca169687de9b88381098cc79e9c2f8478164435cfda05e18ae2bbb142a9584
+
+COUNT = 3
+EntropyInput = 40dac959cc5b2a734888b35f053abf9e
+Nonce = edb4853aee19d66d
+PersonalizationString = 
+EntropyInputReseed = 533b49ed110574868bac7298c667aa7c
+AdditionalInputReseed = f9ff6699c7c47c2e7b41772b54a1d96e
+AdditionalInput = 675f61b1db3a8189c27616bec012c4a9
+AdditionalInput = bb18e94041826bd501cc5ca406f30399
+ReturnedBits = c4fb05ec4d020447b2f9b19bf88148db5c634b2167f3c2c9e26a088d20820bd5fd3e04c8f8010a6fc457b9ca4c4b715e5284c1dee0534d2b7ef576b0e0183a4a5f0d4b5fba63bf69a40e7d82243e16ac
+
+COUNT = 4
+EntropyInput = 6f0c7506d87bfc86d460ee1275aecc84
+Nonce = 45f926880d96d9c5
+PersonalizationString = 
+EntropyInputReseed = 9ae7880d98dbc4460041fd7ca20e7b68
+AdditionalInputReseed = 017eaa6be2fe6776c719d32d16e8f694
+AdditionalInput = 7833b494a30026ca028f3609d1e562e6
+AdditionalInput = 22af9e39f75a6c5e0d4b0ce203c2ae84
+ReturnedBits = 4c60dc976e1456f75188f4d2b9ac7992ad26959a2163c7c9ea26e4339f6f67ca8515df708a3c1c79d4b1c463f56957efb5f978fb2436928acd93afa3869480b242c55190bdbfbd2cd542c558207ee96a
+
+COUNT = 5
+EntropyInput = c469449db1fe34757b42b6a6bc212326
+Nonce = e779dcac53d6d3db
+PersonalizationString = 
+EntropyInputReseed = b0df3131ea59be278c7c42a03c0db060
+AdditionalInputReseed = 15320da52b3010fb6ccb8c4f58c103fb
+AdditionalInput = af5a6a9be88b4af2a1f7159d8c58d537
+AdditionalInput = 0256ee98141a351b329232b1ddb3577d
+ReturnedBits = 76d6b71a1227cead7976bae7836c016abe98691c58724195f5130376a11ccaf1998fa1ff8bd96b7fb0b801b1a512144b0cc9149205b506765ecab1d03330af554090358d3c2b20802128e534a2a7f6f9
+
+COUNT = 6
+EntropyInput = 6918d283610c5afc5efe0bbc5fc971a2
+Nonce = ee798d0209bb4a3a
+PersonalizationString = 
+EntropyInputReseed = e6eb96c622522b950927b01aa3efdc5c
+AdditionalInputReseed = 669850210a254f31eccb271d9aef3fea
+AdditionalInput = 96880965ee8794991e9813d2b87e4244
+AdditionalInput = 76e10d8f9c3b38f0d21aa8d57ac5b084
+ReturnedBits = e5f786b2143a89af61dae53ceddde787e6338fc353ca273a90fea682b3064e2bb5e6410f697f1b6c80b0a423660f5210f1d62315f09e2b7dd192f509ca77c9831bbb8c6a78108021cf8f4f3f0b856975
+
+COUNT = 7
+EntropyInput = 6f58bff2adf6f6f524ac81324743b960
+Nonce = 1c684725d4c4925e
+PersonalizationString = 
+EntropyInputReseed = ad77eeb96579fdf26464f61db846e841
+AdditionalInputReseed = d966564d70746f5d39cf2c52ef6ff5c0
+AdditionalInput = c30696404ddc1cc3f293cf927b732da7
+AdditionalInput = 6bf112a12d67959df984945119b19caf
+ReturnedBits = 1758059d7c08cf93b4c00444285f669a89b6298212deefb535647f668afbbd75f115f3687156dc8af14cd8da48374e72d774ce8bb5e95304102b907b7adc0a729a0fdbbc54e261a725d7ed57b34bba6a
+
+COUNT = 8
+EntropyInput = 5fef241523b7568fdc16335f956c2206
+Nonce = d981adb56b590c5d
+PersonalizationString = 
+EntropyInputReseed = 8f0fa14f90ea7848aff8da233622ba49
+AdditionalInputReseed = 0d0aeb550853c45370784db3ef5527e3
+AdditionalInput = f56c312dbe6b014b55e791a0617dae5b
+AdditionalInput = 9b668f0fdb3bfde22e9fdea92c8e583b
+ReturnedBits = c18b754f903d468a4521dc2b4dd2978456d731d565eb55af1f7426ea76c26cc63771e31725723a3e661e31cb35ab87aa02fee4e2e03ac213ccfceec180e9c068b5c0ccf1213073a7f5af86f6868f9f24
+
+COUNT = 9
+EntropyInput = 667fdc8b2d7d84aec2715ff20007f8ea
+Nonce = dc0fe02b686c5a15
+PersonalizationString = 
+EntropyInputReseed = 5f90cb529bc9288e20c014c60a8f2794
+AdditionalInputReseed = 0d171290e9a951e8f846c6153fcfb3e8
+AdditionalInput = c6f4ec319aafb2409a30ef74ce18ca1b
+AdditionalInput = 49df61061d180283d87bea451e3b997a
+ReturnedBits = 880929748d47f310b86dbb675e7c2c798c58b9bd1bcfea968b13246ee56edfa819d7ad686b7cbb52253a32bdc4b8e0858b9eccdd98f604df14a2544a91d762f84ab5886fd5577128e7d699a8615dd535
+
+COUNT = 10
+EntropyInput = 6ae879656c288e1171ba2e1cb8ebb53a
+Nonce = 8d4d1c154ac6ebb6
+PersonalizationString = 
+EntropyInputReseed = cb1384603d28a542a0ae6b0dd4dd8522
+AdditionalInputReseed = 2eae690075264be6a7b0e5110f49d76e
+AdditionalInput = 64e32b772a9fa1dda487c9d6a5d233da
+AdditionalInput = 42bc03b991fb4b9b3d68a3d6b84c88a3
+ReturnedBits = 4b3523e211b4e2b6256fcb6546e3b3b833d427c00e5c6545952c23849b50c4a6408ef46cb30c8135ce765b965add13ca1ff12f5766479466e80e1b7971cc12069951ef0fa1aec71c33ca309b94518853
+
+COUNT = 11
+EntropyInput = cf11b8a783dc69df802a1824bef8cb92
+Nonce = 1ba377e3c42e5485
+PersonalizationString = 
+EntropyInputReseed = 77e6030aa93502503bdc22ae5ac4b20b
+AdditionalInputReseed = f34bc51b7da618732d031a54a261305b
+AdditionalInput = 0ddbb76b3f5cf42f0a9a420eacfc00f9
+AdditionalInput = f7c15f77bb09133a6e9b3b940ab6e084
+ReturnedBits = 40e2fe9b239212267fde1445794f67278832b8764f804bb0c85514bd9cd0d5357ae6287a9f4c542e9b06ef001e91d58fc705579eb3629da2fa73dffdb7a8ce75ec03ea797092d0195df137bbc7a9a730
+
+COUNT = 12
+EntropyInput = 8f81a12f9404a980c29f7eea312a33aa
+Nonce = 96d579a35b317762
+PersonalizationString = 
+EntropyInputReseed = 800859655fffca9ac5a8538148d123ff
+AdditionalInputReseed = e4ae9fe71cce6fd55b640b1bcd8fdd54
+AdditionalInput = 1aea66e4458c147668ee8123e750f86c
+AdditionalInput = af9da0fe2e36252f5b29e8a1fe14c9d1
+ReturnedBits = 8b5cec54c6bdbc8966b6b450f7a931d920107abe6a72860a046c5af1895814fb1309791008b391ddb4f9272c0d612f2e87c2642bfd5cabf41655ce51544d19e227f43d1c5b3ceef48b75ff4bc7e1b805
+
+COUNT = 13
+EntropyInput = 3fe6105da2e04e904e3784850bf33bfc
+Nonce = 355445318fb1b3c0
+PersonalizationString = 
+EntropyInputReseed = a27e65099d70c2480632b726532eb1d8
+AdditionalInputReseed = 04b8b3a5cb9d082bad1ef4cb34b0def8
+AdditionalInput = 560a6ace26ae2bf8e3be0864041860a0
+AdditionalInput = bfaab0077a8b0df0643f9f16c0379ec0
+ReturnedBits = c195dd67f0b9139d1944cba7c8e198502f17eb35e5994f7363489cbbea01ef81ec422777f7bf265dd8506ff6313e459396dd85bfa9456bf26203a76d63b6059059c01d349538ebd7615c3cd2aea585ad
+
+COUNT = 14
+EntropyInput = 9e36736e57d038f7b0919d43fd1ec237
+Nonce = 06a959a28fbc60dd
+PersonalizationString = 
+EntropyInputReseed = cf46584eaa66519cb19a08edf2f279ca
+AdditionalInputReseed = a0b70118f9a572d96da92ca25e1d6af4
+AdditionalInput = ab8336f25e8cb235e456109085985900
+AdditionalInput = 7e81606fb31837932d9fd39ac6937119
+ReturnedBits = 3ec372ccec496596deb1cd5ef840155bcd17003afa11b24a85e9687b8b465cfd3554d56a2751f822cbbeb2e10a73a8765973f502136cf43e6b824ac198c371a3e506c4dfa2b1101e9310172700aff890
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 0ed54cef445c617d5886e034c09736d4
+Nonce = 2c8b0713556c916f
+PersonalizationString = f3378ea14534304112e0ee57e9b34a4b
+EntropyInputReseed = 0b9027b801e7f72ee6ec502b8b6bd711
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 55370ed4b7caa4bb673a0f5840b39f764edad285d56f018f2da7544b0e66396235961db7f6dafb30b6c568d8406e2bd43d23eb0f10ba5f249cc9e94ad3a5f1dfa4f2b4804091ed8cd66de7b753b209d5
+
+COUNT = 1
+EntropyInput = 8f2a339f5f452130a457a96fcbe2e636
+Nonce = 0ed0e9a5a4548ad0
+PersonalizationString = 45e4b3e2638762572c99e40345d6326f
+EntropyInputReseed = 1fff9e4f4d663a1f9e854a157dad97e0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4fe89641f8d395c4436efbf80575a769746e0c5f541435b4e6a6b3407ca2c442a22f662828cf4aa8dc16bc5f69e5bb05d1438f80abc58f9c3f7557eb440df50cf4952394671155981443ff1314855abc
+
+COUNT = 2
+EntropyInput = 1d57c713eef2386e067965333f435172
+Nonce = 87f232366a369d1d
+PersonalizationString = 8f202d70d48dc732ad220ad6554eb241
+EntropyInputReseed = d9ecdc8e447b01a347b5697897ddc0c8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4503bb8463f2101117be877f88885e3a0ac146c9c0c6695bd9521e9e56a593cd8fbab0f80dad6f1a168df45cec13b0b68f4dd4180e28917b1b5e10dfa351eac460301476104bcc9e032bdd18bbe7c22b
+
+COUNT = 3
+EntropyInput = 3c76990bc4ef3e1c0ba0748c5c5a82a5
+Nonce = 0d8d1e425d5cfeea
+PersonalizationString = f961a0573fc52050fdc44c8db3438c13
+EntropyInputReseed = f8a95057fb6258fc1566827568d57bb0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9ca5eabd0d0c44cf0c61151fe72337825b94a2c13d661a91a0bf6e8e31ebb46e677d8484637ab2d6760e0dd8515d6b99e781673ef7dc05d659184b5598cbf1174d7fc59a86afca13e073dd8e61d0dfc9
+
+COUNT = 4
+EntropyInput = ec0d4c25031ea07762cc4e68c8bf9413
+Nonce = c1e70c4488f68024
+PersonalizationString = 8ba2a33c7839055f05ba9a030bd1a512
+EntropyInputReseed = 924893a36422e4cef173313ea416074a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6b1687c94bfe8f06f6287acb5fbf84f50a31f73dade75eab0bb7cf52cfbfdc0134635317b14fda0373746d3146116ebbd789402c68af951203b0f6db3652605002389bf98bb1993bf877ff7c4656db5b
+
+COUNT = 5
+EntropyInput = a4078d3105bd364d7c0f5965baf49bd2
+Nonce = 80c83576fa024fa2
+PersonalizationString = 10ee38baead5cc7126583c7d63056038
+EntropyInputReseed = e2eee82bfc03bab0f6a59795455e3339
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 41b0c2440db2f5a0e2f6047bef43016add5ab6d4249c51f38d5cef35afc865218bb582e24309f5288cd1591c98a99d4b62fb20666b056d43b15d395ad810c93d8766c04bb4010e5da3817e9f387dd2ee
+
+COUNT = 6
+EntropyInput = a311cfe145f7540d898ca10c215ab106
+Nonce = 36cfa2ab1e88eab5
+PersonalizationString = 9740b20f80b712e4d5516eba0dde1821
+EntropyInputReseed = ffa44a64c219595eff640d0259a3aba0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 932c3ae5ace1e1ce0c3c2cc66a7d3544baaa815074f9ae25144baa02d52d564d5d50cd88a291a28b39b175925c8c725c3d478a64c5ee31aa9f51b9a12ec19b75d35a4b39d32a84e5dbed68c0741f91f1
+
+COUNT = 7
+EntropyInput = 11d91a374c9b3983bb82acdfbc98322e
+Nonce = ee8d28eda0409be7
+PersonalizationString = 137039150d62fc19a6bbbc0bfd7d8b13
+EntropyInputReseed = 797d4a63161b3ffa795365c6b4fa0442
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 346a92b52ea583bd235ef16b3865b4d860c0e0e84c2baab870f439bbed268178dc56c08e1add8a6b1866cebc1bb37a372a1519c6d2f56893af33fc0c1dc8196ff1314e68599801980f878fc50281303d
+
+COUNT = 8
+EntropyInput = dc130de18d085bc2a5db2bcd271f7b78
+Nonce = a1332c575280760a
+PersonalizationString = d249c67029e702284a35ce489e320947
+EntropyInputReseed = 2f4c382535f3c51fbeaa590b2599811e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f3f48146c210b5ace02042856fba084102ffde981bd480fefeb3a0ce6983b5593ad682f15dc2c83f68d892a65049d701b0dc348858c0c83e9e1a6e49f84081708720e01c3f85b20927157421ba01ffa3
+
+COUNT = 9
+EntropyInput = cefbdbff9e42df35ae7b2ee1bfa903c5
+Nonce = 5819d34e52a12ab2
+PersonalizationString = 743c180b6784a470e37de62ee9d6a6f9
+EntropyInputReseed = 31d9fb93001549ab357bc51095da0631
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 862e0431f42e9c888cb0483dce79c1fca6d0fcc450852d786ed208bbbde9835da6ad2dae292fbd494e822a167a8efc3b9954a4b25f53c9335f9c74e77e23dd8d84b0c8dff3eaa8707c6fc03be1de2ff2
+
+COUNT = 10
+EntropyInput = 2fc37e43cc278fe8db16beeb16625d9b
+Nonce = 3a5c14484913a8ad
+PersonalizationString = 56dec9d515fc2b53e67ed057ebdb671d
+EntropyInputReseed = 2a9b95685ee2190f2b8f67329cd4b223
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 13db156f13faa870b1a873bb0141ca2d59bf0b232de966cd913db5e10485f2ee84dfd7f475061e13cc62db81322a367e08a07999dc9320a501b758048b8f54f99c0701b260b6a6958f481dc1321ea7fe
+
+COUNT = 11
+EntropyInput = 35f1e9cf655ecdbf5f554c09e6ff6277
+Nonce = ff90f6a1db94ed11
+PersonalizationString = 5edf950b45fb653d5a39668f59e2be17
+EntropyInputReseed = 4cc1e7b6912f48ba85a9a964d49696c0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8cd1f3644981ae310f226f9dcf0d05f8a6488fafd0af96bb43f857e8050ba12b87b8e9e6fdee7023e4bd2b5c2bfd69fbcc04e9b1518d9efe1f1c303f3bbe3413d2f3695dddd32af0c61e398179178eec
+
+COUNT = 12
+EntropyInput = e5182ff930f1838e5719481e474b09bb
+Nonce = 410870379fe115c1
+PersonalizationString = 384882329e318ac45359afff57e67169
+EntropyInputReseed = 8c107528c286bc996734beddddfec1a3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 41374aaea5a4e96bb6f61cf586ce20f342d44176a75ee382733a461da9e8c5777f624184db06842ebfb100177c096027a5499059f34c9ec6ccf4b15322e837e8ce42fcade4c24d3a5a844541ad3dd092
+
+COUNT = 13
+EntropyInput = 3f14904418bffc31cc082f72d711c88a
+Nonce = 3fe000daa9bd716d
+PersonalizationString = 8970e4c308fce92e080a537d776a35f7
+EntropyInputReseed = 0d94959447193ea5d2df6a387cd68d28
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 73efb49cbdb2a822caa154477e01e1f9b363e6029cbd85afccad5ff5eec26fabe6e0f52493d32371faa6e919afed5e9ab493517d715d6a88ae8d697db9905071f00400f44f8c2a4dc1b12793f8d20f08
+
+COUNT = 14
+EntropyInput = 34ebb9e909be8023244749546b7e2ab8
+Nonce = d29204fbbca38440
+PersonalizationString = 0af2c08ace9e7c17b7f3b2949a8c3be8
+EntropyInputReseed = 5c11ac5a47f9292b2ed51f40489b9c96
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1eec7fff06306acf38836a2ac4c3efc85a9cf44200653be96dd43c94424a77e7f64842100f8291ed312e4dd21397de4fdd592f1070069ceaad507c9c5b716a97fc68e734d192934ea4a9cdc15a4d362a
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 48a1a97ccc49d7ccf6e378a2f16b0fcd
+Nonce = b091d2ec12a839fe
+PersonalizationString = 3dc16c1add9cac4ebbb0b889e43b9e12
+EntropyInputReseed = ba5da6791237243fea6050f5b99ecdf5
+AdditionalInputReseed = d123e38e4c97e82994a9717ac6f17c08
+AdditionalInput = 800bed9729cfade6680dfe53ba0c1e28
+AdditionalInput = 251e66b9e385ac1c17fb771b5dc76cf2
+ReturnedBits = a1b2ee86a0f1dab79383133a62279908953a1c9a987760121119cc78b8512bd537a19db973ca397add9233786d5d41fffae98059048521e25284bc6fdb97f34e6a127acd410f50682846be569e9a6bc8
+
+COUNT = 1
+EntropyInput = 3bcba83b6dfb067980efc31ed29e6857
+Nonce = 23fe209fac7045de
+PersonalizationString = f225f4d96b9cab491eab1814b25e78ef
+EntropyInputReseed = 2fc9874919cb524a5bacf0cd964ef86e
+AdditionalInputReseed = 575b9a11327aab8908fe46119aed145d
+AdditionalInput = 5d19cdedb7e344668e114296a038b17f
+AdditionalInput = 2bafa015eddd5c7632753435d13772fb
+ReturnedBits = 1d12eb6d4260bdfba799b853cc6f19b164fe2f55baa21c89d4d0e9b4bad4e5f8c5300641bac43d2b739127e931c0555511e8b657020dce90ac31b90031c1d44fe7123bcc85162f128fb2df844ef706be
+
+COUNT = 2
+EntropyInput = 0d16babc319f53671847859f7d721468
+Nonce = 25c706a261654e7b
+PersonalizationString = 9d89dca150815354a64320d768d6b163
+EntropyInputReseed = c4623d5f1be33b194e5d1b1d603ce113
+AdditionalInputReseed = da842e6a479d1345ad803dbeb2745850
+AdditionalInput = 5b21701b3a8931503d2917127c07c68e
+AdditionalInput = 4ef2a334acbdda3e769036716e510320
+ReturnedBits = 2346ce4c8437869cca88014af4108b6df88018e9c9b8f969fd96ecf267f926fb9fb4f1a6f45bfaae356990f66d0b76dfb402693ed603b3733aabee6c46aa720b0b9c42985efbd635ac9cbe75138b4c28
+
+COUNT = 3
+EntropyInput = eff39bac144eacb67651808aa4d70f0a
+Nonce = 1843b75b19094983
+PersonalizationString = d06aade2fdd295a742d9ede544ada966
+EntropyInputReseed = 04144df3cd4bf9d87585b53f968a5b03
+AdditionalInputReseed = 4b524b39c7427eb67dff81b91aff6470
+AdditionalInput = f510fac434d5ce28463705783bcc599e
+AdditionalInput = 7463af9fff985c0dd756b9b4858d78ce
+ReturnedBits = 6e226d24c9899880ab4808e24b9edc84dd57dc3ca05edf68eeac2fa079380f875f8ce450c7a4e973747dd4e96244b18b819710f0b0ecfda2c490e075e1976e6119eecaf3ef1ca581d6fabd100ee3e0d6
+
+COUNT = 4
+EntropyInput = b716c9edcaef5d4c3655318e15c0e438
+Nonce = 214d8a6009030886
+PersonalizationString = ed7934acfa5458006ecc2914b28a94d6
+EntropyInputReseed = c1324cc2507c39ee57fa0abc7f0987ae
+AdditionalInputReseed = 7aef8715891d916a3c4bd9c222c55cc6
+AdditionalInput = 1199553d3479ddb1cdad5ebfb429715f
+AdditionalInput = 518d768c48dc38824a8496bfccc0fca9
+ReturnedBits = 7c3fd1d804b28b569bdf62e61b3a29b9742d006df3aea275e3c4304b4976b1fce279a891e114b9c068cd50591617fb52bb673d7361f8e0e6af5c3594c5954097afa9547a7923f0e49962eb236f16260e
+
+COUNT = 5
+EntropyInput = 2937ef18613aebcc8776d63b6e85bdbd
+Nonce = 3d1cbe4422e814d4
+PersonalizationString = 7d0e5826d928f8d3d0908b3e6c8b4705
+EntropyInputReseed = a75fe0d78511af38fcaccd3bbe8c6136
+AdditionalInputReseed = dab76d6b894632983d3e199ef3cda768
+AdditionalInput = 72d6d65bf135a906e8c2feed1db54aa2
+AdditionalInput = 90dfe589a1feefa29bd54499d9935c7e
+ReturnedBits = ef32e13210528dcd04b78151060bb52a053913d0cc6022f778e5a693ef2603b85c57b4197cf12cd4be2005c6857573e4990242960fd7ade21a91a8408c750c5ed77f6aabe735b178b2984fb9ec149cfe
+
+COUNT = 6
+EntropyInput = c3b1bcaca9e8266e779c4cc9bba8704e
+Nonce = a61a5fcf2951f138
+PersonalizationString = 47bb102586c9a0ac82716194b02002a9
+EntropyInputReseed = ec0ae223447fe2dc9d7c094fdac5dd3d
+AdditionalInputReseed = eb8cadae3f0138a55a38440fd44859cb
+AdditionalInput = 25e0784c20affc55bafbdc2217d92190
+AdditionalInput = e765c07a5018aaeb6d435ee705399f77
+ReturnedBits = a64812d698d599f8107582ef8c768dc0bd0e30a9d1c2b31836f618b454eb373541a49297a2a3200a0d15cebdae45a89f39352588d636470b27ad812197c23a298578ac13ae3520b53b9ac007cc08e7f9
+
+COUNT = 7
+EntropyInput = 686cb77c71069c6f8b22ef07522a4d49
+Nonce = 9efb2513429b7570
+PersonalizationString = a1a2020f8ea3866df840bf25f18597e2
+EntropyInputReseed = b95fc39f84f5293b0189c5d1b0f52b42
+AdditionalInputReseed = 0423bdfc38805669bc1a5c5f7e65d33b
+AdditionalInput = 639986a4412961e814efe8c83dd4f4c4
+AdditionalInput = de0ac3dde3365bffa68996ab76baa02d
+ReturnedBits = 66e6fe5790afee0fe513e0c32fc9e189a97090f24364abf7cfbd928077453590baaaf930bf2f457ac3acb4cae87bd2cea8d90e95db09a1007f227f396602543d18916832ac77cdf8fc6c2907451966ee
+
+COUNT = 8
+EntropyInput = 4a089b520369ef86e98f8cdd584c9d83
+Nonce = 5c7d1d02717b29a2
+PersonalizationString = fd7bcc0a1e813e0089cbe86fc519d1ac
+EntropyInputReseed = c6079d8225eb5d0fc95e30e00efd6e05
+AdditionalInputReseed = d2710a02f6e96d4fc94cd46a661447a7
+AdditionalInput = d94ed0ba327c2b85f0331c2346704be6
+AdditionalInput = bce59487fa8231766d1f3ad0c6ebea0d
+ReturnedBits = 2828b454a9fe4f1995bac7f2cc4cc6d622a4c159e8c9757c08d9fc8233cb4980f1522ff3808d50be0c9c28d18c16d15a377c3bcf9c91428696b996906a82cacc8e518309f622fdba14633a5c916727d7
+
+COUNT = 9
+EntropyInput = 7fbc0453aac2a829d24d3383da7dac06
+Nonce = 6a925acc818a4356
+PersonalizationString = adceff1abcfbaf053a178b51110c0eec
+EntropyInputReseed = 908f50885ba7705713efef3e63efc2fd
+AdditionalInputReseed = eb2738d13b1f0c42001421ce9ba53a7a
+AdditionalInput = 133463768bc1d1fd647a27b93241ea29
+AdditionalInput = aa6a3ae3a35d2749cb524ac1a1316c12
+ReturnedBits = 2453f24a34044bb687dff8045c746816009e4a84ff69e5687e7d7de6734019910329ed5c6aa0ae156a547a2230b47f09477e078e5bd7f72f4e787f22770c676acf9d1c616153db3ce03961cecb8fb1ab
+
+COUNT = 10
+EntropyInput = f986599e3d8ed91eb1d995514878baa5
+Nonce = e77e66897661aca4
+PersonalizationString = 6827d96019ffde63f43fd65a49c7989e
+EntropyInputReseed = eeaae13f1fa3709788ae06c21571eb4b
+AdditionalInputReseed = b6b0a458a7fc45592084581a70fe63ba
+AdditionalInput = 21a28fef4bc9aa7a0c1c4418e96047de
+AdditionalInput = 10bf7efe99d0f8118f332aff812770b5
+ReturnedBits = bfc374bd3bd3372428839eddf3181c1766e18a54ccb7dc07f700ddab276fbc8045737ae8b40cb325eb5da7245c4f704be8d21bdccab5c799ac512a0c1eb690409730f1461bef47324248b64a80982db1
+
+COUNT = 11
+EntropyInput = a3c4c4964e1f1e426aab84b82f619ab0
+Nonce = 003c9cdd7396dc13
+PersonalizationString = 864e63bee6708e2f481ae363b8d1138e
+EntropyInputReseed = 3d24d7cfb4ab8faddb5983b7962feb54
+AdditionalInputReseed = d6162b29b6ca174259e36fb8c0ade5ae
+AdditionalInput = 214435e16d3ea149a89627131b3948ba
+AdditionalInput = be09a103c7f37a10c6ce734c6c247f19
+ReturnedBits = 19bbe52d744e5aa09593151e076e9bc15ed1a237fe6ae188d54b80468681378d492d8934afdce32d7b135679dcd2556ee54b47f7e0072a1380681fe9694449cdbd73c8cf21aa9a867c1dc6e88dc31e67
+
+COUNT = 12
+EntropyInput = 7ab72ee4ed68e632d40d797844bd4c5a
+Nonce = ecb510e767a2203b
+PersonalizationString = 25e72500186674253508ee28906203b5
+EntropyInputReseed = d351042b6bad7335569fd84a0a8a5e91
+AdditionalInputReseed = bab2fe328dcddaab18193f57db0d1da9
+AdditionalInput = 96177f483ff9c37ff5ba6ba687e4f9ca
+AdditionalInput = 51d2469f1c065b8467507bb4ebdba306
+ReturnedBits = 1e40e31510cd08c870f5271aa1c0aa910ae3534d06e8929929136a288c8df36fc9c9f3dc62dd5a4e1113ef06d9b7d93f59ce565c61366e58bd0cbaa9154bbd6dc976bfa33e3d44d02f025be5a42f210a
+
+COUNT = 13
+EntropyInput = f75be7b984d061678ce7b3238291465c
+Nonce = a37d65afbcf7a5af
+PersonalizationString = 45212d23d7c337148cf4b82a4444a6a0
+EntropyInputReseed = 15b6fc09f0e2fa4a9035df6d3c5b3d38
+AdditionalInputReseed = 22ea4233c6f668cdd72391f3e0cd989b
+AdditionalInput = b05d5665fc2013b90d7ae1918a27a278
+AdditionalInput = 6c22a9dda9966f1605d6a77dee587cbf
+ReturnedBits = 5f731f8dd7c23d4e058f77cea62f796afb706fb617d88caf25df3768e8e686e63dcaa9e8e415b559f34fea783d87b39170411e3ba979bcf0d00f54826d0d5fa4d3761dbde46074b6adc3d32cc2161258
+
+COUNT = 14
+EntropyInput = 3225bd1b4249cdf171bb515c1ab02e4f
+Nonce = d169bf16e1c7485e
+PersonalizationString = 31feee1693c8da64d82ab510f74b098d
+EntropyInputReseed = 57432da8af79008087af484cd8e48878
+AdditionalInputReseed = 10d435b4dbe701e9063bfe9353cdd2bc
+AdditionalInput = 08b8dcc89827db52d49183a4a1e3638e
+AdditionalInput = a21ab665b35ec79a50d0edabe8b7809c
+ReturnedBits = 58b343da82489dd586329dc8c8d54abe7376f9642174ee7147e89769e9b3573c100770531c484ff86372ebe1985565e57e351308999ab8f3f186b3286f38578b54a7c08a12684969fcd3b24fe05c57ae
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 4cae82dd4124d4a441b31ac9a9663a63
+Nonce = 409366c5091af7f5
+PersonalizationString = 
+EntropyInputReseed = 0973dec18cc56346ca1ec25a232cbba1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f062896a7204574be3a8f7118a936d9ab32510d7cd7e4aaaa9217106ec9a2aade4465ed6d741829ec501713403e97673954d9fe73dc2e77a711f0f118b47f507dff8bcd0b041f2ef87c68f819bb2e54e
+
+COUNT = 1
+EntropyInput = e2e45a23bc2400f0d6a4653e22bab0c9
+Nonce = cd3e9275beeb6477
+PersonalizationString = 
+EntropyInputReseed = 84fdab233c4547231d98d2a22601f8d6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bd4625f5eae6f8b3fc246ebce913b9aba331251bb518fb0d5c8116b56b6ba90ba3acd523053a0f2bf6911c07765709499e795cd9c46283aecc6eb171e52eb50854f028e3f677f22b80a7d90520de9121
+
+COUNT = 2
+EntropyInput = 7e94733572b42b190e09cb66d2c084a1
+Nonce = b8a95d144a0ef306
+PersonalizationString = 
+EntropyInputReseed = e627919a94a6a0ed758c1b40041fca86
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 57657d2859e365dfdd5b6eca33de232ec3d0bb96ab384f7718e3c0cb253de474a556df447204f322fb944ddffc21f07fe3f480e801d65527f05cec6d1bc907e77f44e25465f2c53d0a468eac793a11a8
+
+COUNT = 3
+EntropyInput = cf21a25404c9e1eedaa60a66d8c8c4f9
+Nonce = 74d6783781f3e389
+PersonalizationString = 
+EntropyInputReseed = 1bd79fbc7866f13fac7b2115a5d1ef3f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = feb8c639d397a3b940c68d893a2c29141135a00d15a78539401bc7d32783ccfba664c6408f2b6d1257bfb25fdf8a1b0a33e065b416aacbb6576d2cd949abd18c3926376bb29ead32fa9c6d7d9c17c69b
+
+COUNT = 4
+EntropyInput = ae2af78e32a56b2e92b5d464fb6d51f3
+Nonce = 5a2d67146c7b0b53
+PersonalizationString = 
+EntropyInputReseed = 46bbff6ef65f0b5e5be6644fd60ca174
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6f08859ce9b4a2d3ef9fb82694b575f72679af021791313512b2ddac02512c129fe0d1d6df45dc61608aea151b7e1a3e0daaa6553ed546e7f017e1b5ef894b8ff4fa51bd7b1aa3d9aeae54092174c1a9
+
+COUNT = 5
+EntropyInput = 3eff06b5047fa403441f559c413524b4
+Nonce = 918e1da85d6edcc1
+PersonalizationString = 
+EntropyInputReseed = e9ec50c42cfd20296a324d71f0fd0240
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c73515ccdf230804d3679d80e21a49ecdf331dd1a759ba64878ae37d9e980ac654ea7f839579b8660b60206e9c3e938c0805867ed5bb110932677fa9a24b02472b84c0d5a551250ee1ea393c00fbe749
+
+COUNT = 6
+EntropyInput = 2409e212fbc11c625d4cb283f42b462e
+Nonce = e4bd228c316adacf
+PersonalizationString = 
+EntropyInputReseed = bb92af46b9a5775aab33ae4621678452
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 60efbed017103dcbd04b15a52eeeb61d897220dea53ec4794df7bb1d694bf00aa23c7234d84b730ce4bbc212800791546ae143e08ff8f521155a742881329c1a5de0c47413448519d12628feec5db30d
+
+COUNT = 7
+EntropyInput = 890777e83c982e9d6315f7475a6b9c5f
+Nonce = 29f813e424a28be9
+PersonalizationString = 
+EntropyInputReseed = 0e588ae0bc753c5807f5e74852d1d14a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9327fdc8049ee71b6d6b594cd994d30e653ee746b3ac4302d7ba8eca1fc2618b1c31127abfdf2e155e893673ee0194504bc9b9a13e037221e5dc30eac8ade2cd8b5795566a9d9bd35ce5a0355377e276
+
+COUNT = 8
+EntropyInput = 53857c37a460265fc3e57b86a2a8fe0e
+Nonce = d75b8eb747f2b77a
+PersonalizationString = 
+EntropyInputReseed = 792e9291da0208516caeb7fa93f3f376
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = efb8442c6e1fda43df74e064f9734e7c6c2b46ebbb1dadf44ea12c070ba9b39256b3164696ff8537e357503358ebde5dc7da7f63a104fd4d5d428ef75b9c82f7f8e4f889e3f10b6bbbcf5f0a040bc9cd
+
+COUNT = 9
+EntropyInput = ab112b2c7150801b89c5d686d3cf42b3
+Nonce = 252b7d5283413019
+PersonalizationString = 
+EntropyInputReseed = d47f6ff181a0f475779931196abfa5ac
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b705636c0ae4df0a33f5f18292468ae40796ada0c4318f96aa795114300ede83e37101c9198716cf8b3909696830fb696655f7f0a9c78d763ad6799322ee159d8c3fe45b59941aa750a2ded04c298056
+
+COUNT = 10
+EntropyInput = 044e23d92e94db1ce7bd629b7746b53b
+Nonce = 8bf4eeb369ab1eb7
+PersonalizationString = 
+EntropyInputReseed = 225a181b44529f83f6632aac895a139b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fff341551e1ab3e6d1f6472722413f831671b32e095f45cfe0f001fbe09b6ad3c484f237790378f9d6d18bc6011524516af4a40b15b5f50ebe2b1e8b0242c86a491de630035a9f387617949e2dc5fe0f
+
+COUNT = 11
+EntropyInput = 690b28094b640842e406b33d031707e4
+Nonce = df19c613d926cbc0
+PersonalizationString = 
+EntropyInputReseed = cc6a973e3d47be5190f9c9f7f4adca80
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d6beecd6368a8b4f8bd700568ef48dcd25814d2d3ea032d2402c6424afcdd39b76d37aaa7c677dc4abd8ec9b96c999afd1bfa0250fc417a5e7ad2e31a89a51770cf238f8d94561cad33e376758a7ab28
+
+COUNT = 12
+EntropyInput = a20483c91fda30d93d51a787823784f8
+Nonce = 60c4903da946a588
+PersonalizationString = 
+EntropyInputReseed = b039c350265e9d2a0ae7eb3c09a59172
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4794031bd9b82b64718c7dc593efc73c9283e0400e8816f400dc93215019d1943d487c3ccb9ee578b4b2a8c079f3a8264d9d16819cdb26b75254217a510baebd853c4b1a1c646bc1609385dbf409987f
+
+COUNT = 13
+EntropyInput = a2127d5992b3e69bcbf41fcd4a3b4e9a
+Nonce = e961782b3f40f4cd
+PersonalizationString = 
+EntropyInputReseed = 1a231ed80c3eb0969f438ac11674afa2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 05a7bf0fe9fe12da2492d0fc0b5dcdd499c8eff1d90d4a606d63a8e3fa717310c2867655fa28c698681943a49dd33dc66ba75824eecd78f5e6a652778758b2223228ee1e371efd9ed5147b5e661cc82d
+
+COUNT = 14
+EntropyInput = f217642654e18400222a9bb1bf202d9d
+Nonce = a59de3da92630338
+PersonalizationString = 
+EntropyInputReseed = 46d5145a20e25e0939d12cdaf273fe3d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 68d345d8e7a87139c3cb0f820077acbde8985de55df79bd12aa18e8a8c91d1510f101537c446fca6a69751b38850a39049c45308768e82b2450f528d590d7cf3b4263aa7ce85f17e18113e43d9a5b14a
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = b277439c082ff848fbc112a0d7a5fb7e
+Nonce = a39f32bc946393f7
+PersonalizationString = 
+EntropyInputReseed = fdd17b8ccee83fa49a3b388df60fe5b2
+AdditionalInputReseed = 19e97baa9b376e11ab6ebf345c326b48
+AdditionalInput = a9dd1b98609da49f13f071cc62205c99
+AdditionalInput = 6763377423e251c2bebad529f5722438
+ReturnedBits = 9a3893d558eab44189ddf1d88ebb70cf37411359f9735201ca03eca5b97438232390e28e4cb51a9a45c1a870968b915a7f69bd796d8b3c563faad05a860849165bd1b8fdd9fe96cd1876bfbe301895cb
+
+COUNT = 1
+EntropyInput = b259889226dfabcfb9f5009948c63d6c
+Nonce = 4f4d8ec7d33a15be
+PersonalizationString = 
+EntropyInputReseed = be6df62edd1024111ed4ea6b70aec1ef
+AdditionalInputReseed = 7e1a86e7b97fa62bc3a95e44ebb386e3
+AdditionalInput = 891c7eb2e610aaa3c4d61e67afffca0e
+AdditionalInput = ffb0b9ef8816ceee7452f4615487b868
+ReturnedBits = e3cbad614a12885d3233572db2d19e9deb67c8324c1ecb919cf74325570b6396c8874edaadae87252c4d62a486648ce33f669c37ec35dd39e3f22ff565a54854b4608e6367127f7b9adba36da342f706
+
+COUNT = 2
+EntropyInput = a34e8851db9412916986b8584dd3b78c
+Nonce = 0681931a50a93192
+PersonalizationString = 
+EntropyInputReseed = 68da5d070297efe7d4fae16e85366e80
+AdditionalInputReseed = d1aa4ac05954dfe8389f688872686e0d
+AdditionalInput = bb2e2b615f4c1892689b992ebe04ee31
+AdditionalInput = 97f5d7afe1ab9dc89fc63a6e3d5dd4dd
+ReturnedBits = 9d3b665e29bef6a760a2608e4dc7c1e90dfc0ec00e6f986fa45d42527cbf6939526f9baa010aed6a223ec190800d594f09154c633f3236259ee00ff84460c1a33acb3d632712bab60a9568c6f2920e4c
+
+COUNT = 3
+EntropyInput = 147ab6b2bc03a552c715faac89816cf3
+Nonce = f635bafc3860860e
+PersonalizationString = 
+EntropyInputReseed = 7c3ef601d8fb41e348f0473406c71c3c
+AdditionalInputReseed = 6207a50fceecc0fac5c4cfed1281b6ee
+AdditionalInput = d7182df0018990f03ffd794cec22fd9d
+AdditionalInput = 7e4c01d79f8a6176b8c319e2f4d38516
+ReturnedBits = 576ad4b63a6c73194ec7af8a1204ddeaa72e60b0f6c535c382a9bf0f27d08f2f37183a69acea2f855027ae2b1d602cfcbb6027a4c2070c70a5220882ddf5af7d3233a2e31fa670cd068ea723fd889392
+
+COUNT = 4
+EntropyInput = 49d84a3337ab18a5e0e9583b16abcdb0
+Nonce = 7121743a98cf8c20
+PersonalizationString = 
+EntropyInputReseed = f3cf8a370ff8c754bc363d4ceb6f140f
+AdditionalInputReseed = 60b1c4813b7f67ebcd3165bcc8ae8eb3
+AdditionalInput = 6798c8dd6c16c5aec58bc178b6c1e6ff
+AdditionalInput = 2ec28ab1b68c8fdbcadb3ac6476526cf
+ReturnedBits = 8f751187b53447269fba940c292bedbe125364776853a1a5f7b76f74fa5606c7818ca9f57132f42a9f89775574d4319b981feacbdd4f2e779abf49ca73e1de5cc02dc2d2bbc27bee3a57fd77807614ad
+
+COUNT = 5
+EntropyInput = 1664df8e26616372055ab02bc303956b
+Nonce = 856d3fd3ab316160
+PersonalizationString = 
+EntropyInputReseed = e253741349eb5fff62d33fd28294144a
+AdditionalInputReseed = a10c4710e7598844abb6a5223d5daef2
+AdditionalInput = 2eea6d53d9c1fa5ccc9e1cee391002e6
+AdditionalInput = 8021c5b60e2c70029bd841c79b912a7d
+ReturnedBits = 92f6c69e43c257ce388fd1dc0732be02e95fecb50c7edec1b880bdb0ec7126c6c8566761980c6be71fd25519934177109ef38fb0cb54015ba9f5ea8721939d4036f74789bc5ea08fd1d4c7b68e11c1f3
+
+COUNT = 6
+EntropyInput = e258263f7c7f9998c265b8876f3d3904
+Nonce = cf01cac1ae4e4a17
+PersonalizationString = 
+EntropyInputReseed = ca5437f15dec2732d9fbdb3ae4e7bfab
+AdditionalInputReseed = 218bf78f96b39d64548b30c58a4f4a55
+AdditionalInput = 1ddf6b7f2d9943112d8df4efb8e6aae5
+AdditionalInput = ee17b25ceee9a541a947ab2b5305442d
+ReturnedBits = 9a2fb350d1faa641af2c1f50eff8c9108d81d1cb43d69d5926d0e9e252b56ea0b414e3b420d060e2b3da8ffae3e965fb3ae3c98f2b27a14e80dc75646fab5470b32a9151b6d110f6306bb689b60522d6
+
+COUNT = 7
+EntropyInput = 96b099088c1683b461fd7da408ebafef
+Nonce = c99b2bbd02499ee1
+PersonalizationString = 
+EntropyInputReseed = f923c7c5a58c77965216019cbd11f624
+AdditionalInputReseed = 4477582184cfd326d6f15982a953ccde
+AdditionalInput = e42bf542598ee62ae50632cda58f617b
+AdditionalInput = f2a93f4900507880703ec7b951a07a61
+ReturnedBits = e7e13f7e72fdc60c05c416ea48712594f302ab67b80876ee86e1bbbf5f3d81cb8f329b2af917a1cfc4901181f5a81144e3c65c526baa6faf060e6982bd5414f163e9176f4203c47893cc91f4bc77c587
+
+COUNT = 8
+EntropyInput = dbbc7908dff242ed851d67bf8ccee23d
+Nonce = a08422139d02f2cb
+PersonalizationString = 
+EntropyInputReseed = 7a2d47e9a810e69a1e7857678e5664a2
+AdditionalInputReseed = 1a7d0e8609666ad66035f9b3f8ae6b87
+AdditionalInput = 0850b39da87d71e2f1d6c9b75df303f0
+AdditionalInput = 62b716c6505b81b3ed077ed95f4138a7
+ReturnedBits = a9fa07abd09c13f0f99ba7c2dec4d7e343bb693be3a13a4013068d14b351da90650d02abcb3a41220f6f4802d4f940be8d634519eceedf604763679f992abf58f9e176cf225f64d4c2c5c8a13755e609
+
+COUNT = 9
+EntropyInput = cd9edb11f8d2b8459ab780e330eff008
+Nonce = 9265c20d9c9aee6f
+PersonalizationString = 
+EntropyInputReseed = 8824d10a880d9decc7a38f26a0f81d10
+AdditionalInputReseed = d58de71833075ee25fc13073f2d26fac
+AdditionalInput = 4fe09858b128a437c5d6450ff1225b64
+AdditionalInput = 9a39802f9aeea6da718d3072cf7ac153
+ReturnedBits = 0a461ac64615278db5dbabccdf967dedd4e3040c0974602570380d73f46f15f6e1fba5e857386de09e91d32c40a4371300fa1a8ed23c89565569d5513dbc59d1c0ae0b2c095c0874a1aec79dfce89554
+
+COUNT = 10
+EntropyInput = b10889ba78d85eaca306be6844adf915
+Nonce = 19df66330ca3f490
+PersonalizationString = 
+EntropyInputReseed = 736cf5182b6673b85f6082479c1f8fd4
+AdditionalInputReseed = 98f6450b6f90d015c30591259f22a229
+AdditionalInput = b8b5e4c6e1b986d4e9b8653aa8f4f5bd
+AdditionalInput = 0db8f743a1ad102125f559536851b98f
+ReturnedBits = 84cb7ec1a2600b970851181bb5651efaf7b725649d73590fa280a003886c2a6cc384cb0cc01a28fa8c380b82410af1ead6edf58bf823cd7fd6bfcdcfddcb1897316d51f4cc8c87b8a8c1cd95c6fc2ebb
+
+COUNT = 11
+EntropyInput = c85994ed9da6e5dc1599fe8f7e055c9e
+Nonce = fc81e66b96004c12
+PersonalizationString = 
+EntropyInputReseed = daadf5ed5ac95d5aa19d1a2c0f0d2186
+AdditionalInputReseed = 9e30708e0702f8d19cdee8ae6743b942
+AdditionalInput = 29cc6d804d33238083892321c8cd9ae1
+AdditionalInput = f632356c73de5bcf821fa0127f71429f
+ReturnedBits = cc1e30b7bab9d96509c5e4b8d16ad0d60486fac77e33363a55a2dfe1da4baa2a37759d2fd3d260049d36bdefe1703ec59520be7e140986ba59488aafbb49e8070f046c4a374dcdda9ccd78f49d90ed38
+
+COUNT = 12
+EntropyInput = 2e5d1d131a8cf5700f0a8871a54e2518
+Nonce = a8587e6caee9f822
+PersonalizationString = 
+EntropyInputReseed = 73de9a17c1594e99835d9812777fa0b6
+AdditionalInputReseed = 59c9c65a19637a5942558e0ef173a9bd
+AdditionalInput = 38951c21311c0ac847068aa0f8f62a7e
+AdditionalInput = db97cd173bcc5dbef19ee81d8b25976f
+ReturnedBits = 0410267354736deb5c4e7cf224e46fb82576440d5baba0cbe3e8f2d21bdcd2a1e4ec4f4b55dd7aaa3d23ef11ae3017be89fa70ae456cdad5b26f42652ec4d5a64108dda1c15f507b0dff0d00fa063e25
+
+COUNT = 13
+EntropyInput = eef03ecd416ed1e87ce12ea465890c8d
+Nonce = 3867e8c4e5bae84e
+PersonalizationString = 
+EntropyInputReseed = 724a3428391d7e9abca768a0cf82001b
+AdditionalInputReseed = 56dc2f8856f250bda9886f6d75d3eebc
+AdditionalInput = b281326a7592cdd63c88a60139151b50
+AdditionalInput = b189b688a438f0a936c83327b41f2c8b
+ReturnedBits = c689905594d74e4d695f367018ba352656b74fc9208de7b697862884c30bfc94f313ff09b9688684e5285709e07d97325cd801ccd4f90fbdf1d7417b26425e4d21e3facf6f8b563d3a4d6cf0ccefa5ea
+
+COUNT = 14
+EntropyInput = b69a0db55d17b91d13fefebf233d47de
+Nonce = eecf80609cd4d678
+PersonalizationString = 
+EntropyInputReseed = edd00829d1b67bb0455365a4a8cfb146
+AdditionalInputReseed = 0848d5584da0327e6e9ac11f3c269baa
+AdditionalInput = 5268ad7ab535cf7ac4fdb13b8b61971b
+AdditionalInput = 9da472005043cd824a2c0ad35242818d
+ReturnedBits = 898f038468bca56c89d7b579cc0ff8c9cd2d2fc9d843186e797520dd762d0caa4ed0f27380ed79ccafffd6ea82c855ab59ca1dc4cebd64cb936bcb59895c076912e74e69207f24cdd0e473e6a7719c56
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = df6442693c492c65f0e62f769247cc5b
+Nonce = 1d86b393ee2777c1
+PersonalizationString = ff64ab60c6ee2491b1bbf5d44ea76811
+EntropyInputReseed = 6bb41ff2d3654440b027905d054b24b3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9aba6d3f93dcb2bdb4cd19c29ac0657725ed0cee9a0d929efd931750a2fb0a904c7f019ab1634aac16fae83ca351e83e4906c9071bd737cf611eca7445a2bc279ea1f05798bc556ac0d78f722b313343
+
+COUNT = 1
+EntropyInput = 2bec17c06b8469841b564d4114d3a632
+Nonce = cc821fea842e9cf7
+PersonalizationString = 42fbe575d1a6f0e1b1fb455b43c7d08d
+EntropyInputReseed = 69cb6e22e5d7b532bfce61c36a7f4a96
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0721db47794ec631a6c5e2c7f3367f608bcae824bc532bd6042b4e07d2f8d40a341ae242da36731c5d42299ca7f91a3bfbbc36d5f114ace7ac01602f89a24a4649276db2943dfc09da913c3083d456b7
+
+COUNT = 2
+EntropyInput = cf04cd7612e1b076d0b20514606657d5
+Nonce = 9afe5550efb48d93
+PersonalizationString = d9410bd534d91986d03a129976338338
+EntropyInputReseed = 5d3fa2092c20fbeed0f43cab35bbe15e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6c8b9de910823fcf6df6b0e1572c13b197eca26287cf7ad17a6fdc0fe99a90f19c1fb5ef70292cbc6260bae04d70ce06d2acd63e7d0c37fac662e898536286012917f3083222148ff677ffe2e1c0ee77
+
+COUNT = 3
+EntropyInput = ca3382e2c6afa8090dab10ed332579ac
+Nonce = d6b304b5abbb122b
+PersonalizationString = a7af3f9071528b9d361ca814f3fa21d9
+EntropyInputReseed = dc37621831f091d6078d448856aaba89
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9f31474793381444b5b2a3d9c53eed022b779e405404b25b4f8d6af54d11b8130e15905cb212dadc1907451df920d2702c0d6fe843d786f9638eea06f364f91e113aca28f81557c9720cbd5733d30108
+
+COUNT = 4
+EntropyInput = 9042d8fe759cc3106fe8fd64b54494b9
+Nonce = 3133ad43ace959a1
+PersonalizationString = baad641c6cef0212fbfd0682196a79b0
+EntropyInputReseed = 5690cb878e8a09779228ff1414a8a75c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c8364a852e9241a437f062fcbe12d2cb8e94b00f889a2a397c12af1d2a5f252c7c3e368728421ccab2b2210b0682384d533ef4c13da651d498480e6e23466369cddd97e54cf41966cdfff9b3422b7b1d
+
+COUNT = 5
+EntropyInput = 55814c3232e2eef1a6d28a821b22bc5e
+Nonce = ddfd92ddb66e9b6c
+PersonalizationString = 0e6c0d3ff2db82fc2c7223293b78e1fb
+EntropyInputReseed = ed1c26b91ceac071e4db23b0d81e075d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1b814091991153c98f1feff2dea2959c163fc27ab2f447dafb2708cd4ec937e2a648a1b6df911ea528fa6190ea2731f05a69dc08d60e9c5e81ad9f83f3d322adc0a43956f1282cd04804f44d63cee36e
+
+COUNT = 6
+EntropyInput = 304ace3da57b849061d013be67dff5b9
+Nonce = eb7759e4b85558af
+PersonalizationString = ba4aa19dac3ba5135e8d4b5f22b6f190
+EntropyInputReseed = 79d7bb8867199d8d755be4aaab2b8ff0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 38ad786ac834524ed4082afa134abadd1d3e3ba582da5d10bdd8f7003c382204ed10ca0466872a325e476caac5e12893b0ac612b141d64b83be5af3ad45c02d051201029a4acaf8e8cee88c16e745a73
+
+COUNT = 7
+EntropyInput = 278937302893bead0bbdbcc633016d6a
+Nonce = 957547c91a999c77
+PersonalizationString = f00eeb8aada4e3daf83d13d9850874c3
+EntropyInputReseed = e62b90a6a4a11bea34f77fb0018c29b2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1804a61c02b58316d92c0540161b97535c0611ea9b8960317259e448236812b96bc8e46d0ad692ea60589b96fa83aa5984adcef415d9fe53e9eca111e0d05f3da8dd0b574ac8ac8e518dc84adbdaf394
+
+COUNT = 8
+EntropyInput = 7d81f1565c9893916bc61d660cc99e11
+Nonce = c07b7bca723e52a2
+PersonalizationString = d2ddb56bbc35d73655070669f4a2bacd
+EntropyInputReseed = d7012474ee4ad5b0272572dae6fd6af4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = dcd900b725375668deb6d86e93f68353942e55dfdbf89063f7a46e03ed6115557adf5b84f78adc6fac815dd8b5cc9c8f66ffb377bb5a0436219b087c2c55ed338a33b9fa04f7a8955051262b6523d887
+
+COUNT = 9
+EntropyInput = 1566b52f4b3b8c9aa9170203a3fcd819
+Nonce = b03d89a14be43710
+PersonalizationString = 631aaf4e04e6dc7cd1ba8d7fbb828cb2
+EntropyInputReseed = 39deca3c0116a6517f5a1920035ae8e8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5b399647df27efabb03263f3a303c3b2376154697c3ccbc51f8c2c77c7dfd2bd5b6b88d82ac2143a96fe44619624b62ed66fb4aa773b1d20f8948e7cb06b1eb1709648b8d894185b5fbf613337642378
+
+COUNT = 10
+EntropyInput = a4bc33afe038cda8d55ca3dd37fc5d72
+Nonce = 8ad815f9be6eeb45
+PersonalizationString = 9b9cbb081487c1ea40534d29cd79e8bd
+EntropyInputReseed = c933fa73c99b59db0e71db0c9c44827d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = aa6fcc36f21a4cdaa8cc0120ba2247f40115aa3a32e61010e4d69a02bb6dfd17be5b645fb248a55abc8a7caab4bc003c1806d5e151a2ea2c78b1e804307ed3f182d8d13dfd3c13075bf22c3aafd0ec29
+
+COUNT = 11
+EntropyInput = 1a80bc4e395c812dfd3140ab74224068
+Nonce = e785f5a8d3681258
+PersonalizationString = 08ac198c6122ea2e63291f12f98b71d9
+EntropyInputReseed = 76e76922c964bed1bd8ec611682a092a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ac1ae9717329b6c7f818f4a00dc4054c3ad16a72ee7fd7c3a5c3dfe8198e2ca984c4156f7868a7e8d41311068c7e2257dac4f86b0986af2992db79f16588cf43e528fff9e1920743424a73169336d800
+
+COUNT = 12
+EntropyInput = 6429a48bdc27456889f9bd4ad4d24690
+Nonce = 92c78d2ba2a489c9
+PersonalizationString = 80f49bde3e4ffb5a29874adadbf97c32
+EntropyInputReseed = 543fcfbc9dfe870b40bf74213a4cc830
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ab3412a8ce277f3f5da0aec483ffbb0a325511e58564ba23e5c140407b3e35314a6b7c3455ae66ccf82982b498fb0bf17eeb44ce1a5faf88ae2417623633363f6a7f7839b893bf6d100ec63a0a00c039
+
+COUNT = 13
+EntropyInput = 78ab6c8af92433b8671435c95e3815f6
+Nonce = d65529b57ab2921b
+PersonalizationString = e270a86b8ee5f9f92789679bb08611d6
+EntropyInputReseed = 94c7f0a336e494d9c17f635944e5ef91
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 248473aaf94968e0de6f6459039b4a212b55df7cab4aab8895655aa00b10f334ef3d9a7e09e845c30284bb4cce389b4c35d220efa8a932cf02d44962da8d55132f810bd4eae09f67b42c5de3374906f0
+
+COUNT = 14
+EntropyInput = 0671c0ba246f11b99e291dbc981bbc93
+Nonce = 216583cd4cc22b06
+PersonalizationString = d4d9a017a6ffd443d780c2c88ee92db8
+EntropyInputReseed = 5f2646a5cca8a883140a9cf410b9429c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = dac2008a1bf3295667eddd90e6059906f92203667572b3bb235bb00d0ba80ba950745203b7f72c80dfd9b4302a4a446bbcfdaac66112f7954c4b8391bad6c5eb1b5c104450d68d313a8d225f30699761
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 01a5d726cb5534776069badb6ac2c5be
+Nonce = 7632c928dc72c5ac
+PersonalizationString = 10a366b42cec847cab9e50070e7de853
+EntropyInputReseed = 9e0991fb5a8b6e712f56707890e5efae
+AdditionalInputReseed = 38e619ab86aa7788617b4990aa43260f
+AdditionalInput = 24062587b7ffa7c66d5cd04e24f09738
+AdditionalInput = 4f04e7a107b0c8c18c2b68fae4de2e1b
+ReturnedBits = f87c842f3608f96e3e238f92017af0082d15eadb33ff6fe9068a42b004d7d0093dedad2b1504b2dc1ef541d714b2c1c7f65e67fe42236afad4dcf268fc9799d58d401f2689334c0909eefc832d87d570
+
+COUNT = 1
+EntropyInput = 2c331df607258e8c3e6d41902d9ae148
+Nonce = e6f60cdc3310b188
+PersonalizationString = 2bd79cf845e93e18c65b62a8c332bed3
+EntropyInputReseed = 9e5e7761c4df6342f042d38fa8595ae7
+AdditionalInputReseed = 3425f6731d2b7e77e2856c043fa43a31
+AdditionalInput = 908f8faa1286a9da48104e182d77a091
+AdditionalInput = 403b281138bafda56a05a4c5c6fa3914
+ReturnedBits = 16c63d8cedaebcafd272ce787c84090880e29e3e9e81089644e72428ec5d7e77f4acd5150d0f396ef110fe3b6118b8d8143668ceca64e599936b96fa96d71fcf11ebd4cf743b1ccc7322a104288d8213
+
+COUNT = 2
+EntropyInput = 270c76337d788ef2ef6061c9d25f277f
+Nonce = 39fd596c50313147
+PersonalizationString = 3df4e765755c2e446a8b10bc252d40c9
+EntropyInputReseed = c35eedaa188d3134a055cb5911aa2c8e
+AdditionalInputReseed = d8de9bc628b80e7add9c4f5b5fbf37d5
+AdditionalInput = e24375e6ac75aa06f4e54543dba0d739
+AdditionalInput = ab8050ed99990fc315e9e82ca2050e89
+ReturnedBits = 2091cef4125b306b690318715d0c471858184223ac3d7b2db22741f980441c5e5d965baf77b23820f1cf9c1cdb59db796e73898862c10239780a4c3e443d6008d64e5925442c8fe8ea61dff657a1d4fa
+
+COUNT = 3
+EntropyInput = 1b388e2cfcb3f686b0a25397c7143c96
+Nonce = d43c5ff2c25ba502
+PersonalizationString = bfea405c80a045af6760da1dad911bc7
+EntropyInputReseed = 1fa3a94f9f0592220f2e3947e976b49f
+AdditionalInputReseed = 77df1412476411e343f2e6920764b482
+AdditionalInput = b61ffd8fe5bbec64c02bf13ce337784b
+AdditionalInput = 8a4def83a2620ab7e6216fbdfa7cf46e
+ReturnedBits = 9cb958e5f044425b241d6cea1d2cb480772ba0e38b86f5e7cddc3c50dfc28669bd9ac428567ebd364a46b59cc47a89b45a0a8a4a93ea2888b174872f6f21b141f70b8eb683419525df17342ac75b3a6a
+
+COUNT = 4
+EntropyInput = 352b3d60da9a1df8bfbba81909b09e2b
+Nonce = 83fde0d46e7f076d
+PersonalizationString = 6de5c6ff46ebdf0b96359dd88fe29dfb
+EntropyInputReseed = 6e8ccac33c5b506a3e07d0ad7af6f11b
+AdditionalInputReseed = 836952ede4fdeb985b7945a53449f932
+AdditionalInput = 820c5724cc967aff13c6421ca04b99c1
+AdditionalInput = 14c1e3e8e56abf1170f9d06354644fb5
+ReturnedBits = 51ed77d769081ef6c064b2a3dad45d49a218d25564a9d234833bdb2083278bdb87dd5bb194d5701fc194a05d020106b5a36f304edf6d7a15417a94c741c8cea556d99214d644bc722037060046288466
+
+COUNT = 5
+EntropyInput = 9774d927a8376e42af35fe915fb11d8f
+Nonce = d5f31e41787fa611
+PersonalizationString = aa3a0f35246d64309c47139d9eaa8f1c
+EntropyInputReseed = 29a9996b5358fd1f2a7b4f3618e045c5
+AdditionalInputReseed = e62d60f74ca232e4ef125e272eda7938
+AdditionalInput = bd26b0c7e66dcb33689c5d57c340d76c
+AdditionalInput = 258f5a44086c1184e982ad9ff2d6c8b8
+ReturnedBits = a5d6c1aacb3682c9a95f12df52378705aa7ca1a8b37db882ec8ebce8316e4f036232fcb1f674fc2e0d0d7d8450697917f7b2396f14f391bf21e4648bff0879b27f4b0496945f18878cd39897abd0ec1a
+
+COUNT = 6
+EntropyInput = e3145564f86581ac12cbcdddc455f51b
+Nonce = 32b03bedcc5b436f
+PersonalizationString = 01c03daa085575a12f2e5f101eae83c0
+EntropyInputReseed = f2be12ec00a8947d2c18a765cddaadeb
+AdditionalInputReseed = e98b61a88bfa89db638ac3a6f1c6c956
+AdditionalInput = 4f5ddfbe9b741474a07d223d784221db
+AdditionalInput = fbf88344b5eef32f11e63cd7f3622b63
+ReturnedBits = ad68a6fb48bf2f22cfd978243fcbe41ee5b6d00525fd7c0750639425e5d9c8075147eed55e1f9734e0bb7aada8523b7f8a0d3362dc44f3a7360448f900062eb2d1df01aef2e040950f5af605445d75da
+
+COUNT = 7
+EntropyInput = e26e88437bbb2699d7f2c8d05873b74f
+Nonce = e4832b85f333311e
+PersonalizationString = 4e3de0721a8955c761bf3384266ec143
+EntropyInputReseed = c0e4f3be1494413045daefeef3a6f358
+AdditionalInputReseed = b54a7156c2e1e2694dce2a97134b82d3
+AdditionalInput = ae9fbca391949dddeffc7bebc6c4733f
+AdditionalInput = 599c43a9ade72266dfd40309706be3c8
+ReturnedBits = 2d8c6103643bbe72611947d73ca3a253581ec6802cd80e33b34b8c60ae6a839539d060493dfc3625bf221bd509ce34d7113e6560d43077cce5e329c554a65bfb7816e01575153057935a538b4f6b56b5
+
+COUNT = 8
+EntropyInput = 82499bf46d5a74744dfe169ab2d6fa8d
+Nonce = 4729c9b8a3325ead
+PersonalizationString = 8ad06693e566c8485cf55c7ea7e30ef6
+EntropyInputReseed = d81307a5abacc60fc5e3695e67830656
+AdditionalInputReseed = 51ea86a8b393834f41d69ad1c4e539ae
+AdditionalInput = 6e420b2b651521087fa51ffe65579ca6
+AdditionalInput = 3c6ebd1b50f7e565f253c624c1c1eeff
+ReturnedBits = 35b721134045293520b2875e1acd0efd39db1d9a5c5f1087cbd61ad3ff96933fe49bdb75cd120502c8b996e0b88cd05523085e5d36aa38b832dd3891ace5d67297741602465f61ee72f86eb10123db26
+
+COUNT = 9
+EntropyInput = b1aad873f5359cdb3a3ccc1cd01e5a35
+Nonce = b72f77dc2791826e
+PersonalizationString = 7a1c25d65e2f1944dd166ea7894b9856
+EntropyInputReseed = fab70f5c317c10abf33c465d95a2c9da
+AdditionalInputReseed = 14afb87a0bab1ea5cab76d8f2e9873aa
+AdditionalInput = 369fb78bc650ef5c8bae7605e301a84b
+AdditionalInput = 1c96ac6fa8fd0bbfe41186638ff800d9
+ReturnedBits = 725be10f863001d5edced7aba92afb1c16b1af5dac148bb5d807481a3f3549deb8d6309859acfb7a25fa638388de01863c67b71186e162bec52805a611786a9f03baf088d0041c8bf5b22582a3166697
+
+COUNT = 10
+EntropyInput = 106659d4329545a45196f3e5be52d061
+Nonce = a7e113c9fbaa5b20
+PersonalizationString = 04207cfff115e48e6968baa2e76ef9c4
+EntropyInputReseed = 46cbdbe5f4df3287f2d36560ad88b038
+AdditionalInputReseed = c14158d95abf78ae4985897e19e4f41f
+AdditionalInput = fdf20e3b013301f018c1fbaec0612388
+AdditionalInput = 78b068136ab3590e2d3b67daba402e85
+ReturnedBits = b0a0f3d1e46519c179e90549b4135e5f6f72e4c9229622aab7a1ea09ec79185249230c3f8aa6f46eb43ea3c5aa7df97345e6594cb2f8d343be44f9ea519a4b50afbdadf520a954b43fb8920da852bdd7
+
+COUNT = 11
+EntropyInput = fc99a35949266f7bc68df4dc0775a324
+Nonce = 764003438b573723
+PersonalizationString = 7be5566f259424fd69b487ce1fc2014d
+EntropyInputReseed = 039150e554ab13624c07151418b08c6d
+AdditionalInputReseed = ab7f7059afdaa3086f8aed599e8534d9
+AdditionalInput = 71e547100daf36b71e378e7735d5873f
+AdditionalInput = d11eb4afa12e7a7fb453acb7340595b8
+ReturnedBits = e62f9a854ee9b00143d48de071f3d03bcf9fecf3c4d9d2a47e0dfbafdea78ca8f7b80beb11f9a6dbfd4ddcac11cff8bf9967c7bfe051d417d5f34bf24a00f16830d1b9aa5511ffe7aab40e36c36317fa
+
+COUNT = 12
+EntropyInput = ad433c9a70669333786c45f4b731432c
+Nonce = bd884d3041c94b2d
+PersonalizationString = 4e95c8085ad2a31e9271b37d1053c9ec
+EntropyInputReseed = 826a80571170b66a1025ef831dfe2796
+AdditionalInputReseed = b9715bc31aaf9c85419dce42a347e10b
+AdditionalInput = 0386a22663e890e9715fa120e58baf49
+AdditionalInput = 7816db7625095129fc83e9a46fb9f540
+ReturnedBits = 066087a91d24b7777861dd028f57f7ac10b5a7bcd2a738a5e126f2393bf5b528725cde893c60b594d9589fa5c3927556c6e9fdf87a1460f400ba5c7069ede75b6a12b04c0a05bc12ec1d97d492bb6873
+
+COUNT = 13
+EntropyInput = ebb73627c3ed18da0f82d16c1f4603f8
+Nonce = 1f9915d585080a18
+PersonalizationString = 27e9def9e7b3cf6a6897be7223c92758
+EntropyInputReseed = d12fe5d13c5c27fb2e30dd3b3c84eeb6
+AdditionalInputReseed = 577f11b4bb0cd9f35f7c6332d40634e7
+AdditionalInput = bb02f7da271e32affac6bc0bdd4b9cb5
+AdditionalInput = 02c69cfb4427fd7426e4f877ca708ae6
+ReturnedBits = 351590bc0480e8bb18adb9b4f9f04e9596a6dcbcd8aeffe0ab5b8737addee60715918a2a3ec1e82980a7690c41746b72b55ddccf399dd72be18c3e6eae65f82efa3876913134c7a92dcde3ee82631923
+
+COUNT = 14
+EntropyInput = 46f044e83cc972f0780c82b25b349cf4
+Nonce = dcb57d46b5e60b8e
+PersonalizationString = e168b00f9246e361b43d8b5b181fd2f9
+EntropyInputReseed = 99761ddbf2dfe9dc978d52a8d962ed0d
+AdditionalInputReseed = f2daf709790c4f796ae507961f9bf2c0
+AdditionalInput = b05a3ec514aebb01a3fb5fcee02852f3
+AdditionalInput = 11661afb8fbd897c4be0e08556ec6a25
+ReturnedBits = 462a30b5fd643b663dea16c5ba03e815565dd2ebf597bd5365992318718e383bbe76df397092b63901debbed60c0f32b9c8796f79b0cf920e6722bfed2b37fd2fee9678ad114b4cff245f81c1fd3ff89
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = d1a2c2f6812b63ea140d3818b82b8273
+Nonce = 4af22c7b05372aa3
+PersonalizationString = 
+EntropyInputReseed = f54893ab7486b3c17c7087f106f68748
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5331e2db7416add30ea4a9480d8921686aea554975a0eb995a701f181fbb5ecd604d48a3754471b32f66979fe630772ca8af81cc69466c80980f328d9776f8b80e8a85ffcc554145ce51440d7920e83d
+
+COUNT = 1
+EntropyInput = c7546d3949fda30b0e64957f41e8e16c
+Nonce = 529add4a709dc7e4
+PersonalizationString = 
+EntropyInputReseed = 1e747b958fb40b97fb8d1c3857e8d65d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d0033cf08f36c1921a3797afe5ad6acf85b16bd22e0e1b2bc058c1905690d5d787f968caaf9c1df4bb96cc94f91113502b0c719c95673159d693e8b65c245682883476e57984097aed281477e865c7b2
+
+COUNT = 2
+EntropyInput = a515b054f17593a7379087b5e4d670bf
+Nonce = dd3759fb140222b9
+PersonalizationString = 
+EntropyInputReseed = 695f9ad37bf5bd694855986dc7c387c5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 982a08160c602ec7144109e7eca470fd8a867d50eecc4aedec60ff39e9f37405e193d67bf01821d130bf62d0285c817baaac551f40f6cf70c791c52fd39c58c695b52839ca03b0024d07dd076ca3834f
+
+COUNT = 3
+EntropyInput = 63e22fd902b77281a16c28aeb4540a46
+Nonce = 3ff45171e49c1342
+PersonalizationString = 
+EntropyInputReseed = 05101fff75a48ef80bee0d2b28e42873
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4e7ec53a6a28f84ee02648da098f9aee33c348d489da59885593a8ba1e62343b4972536e500c1d1350a1ecee1c07c378cb08ca5f0573178bc9de82248e6f043e4cb989b2680cc0c473fec71afe9012df
+
+COUNT = 4
+EntropyInput = 2385464bde566e8de6ac54fd7668157c
+Nonce = 6dfaf07f5a3860e0
+PersonalizationString = 
+EntropyInputReseed = 1d50f8f51521a748176af4647d1cd89f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7991011635a5c7dd835781f15605bd36c2e37440d058e62a0cc4e1bae6b531a126a7c29f47a65bf143af54a431eefffcfa946cb3a4375d30d44ef28293f6f70d68fee893477a57458fd2076c0d91aad7
+
+COUNT = 5
+EntropyInput = e46c1071f54a27bf079aa03eadd86f03
+Nonce = e4827a8b67a62636
+PersonalizationString = 
+EntropyInputReseed = 4317e81a1d6c03e145a35bab09045b91
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 01e4d32d7dedf3f6fa2b390b324c5549e1c55238649ef1085df56bc0d8f9f5f297821072c210cecfbb465a0f89a28eb661ac59455083259e75fe27b06e74a847c399acfec661a2a4caf1ae2dcbf286a9
+
+COUNT = 6
+EntropyInput = 5ec4fee9732c3ab3a9ebad4982a443d4
+Nonce = e78f247da8c54a66
+PersonalizationString = 
+EntropyInputReseed = b7c90d2958eb70708ec5f3679408dd8f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4260b2520d2d2a3b1505ef871ca2343b6de4e8ef0afa26c820c32a92c6d573675a1d5fc07d0dc593265610fd47be57db5b9eb5310a119ee5e4d9c94b201a4934eddf3af1ef3619d4cdd929d6e7297a65
+
+COUNT = 7
+EntropyInput = aceeb8239bba6b69fb741d36350cfd78
+Nonce = 127460d4d2207e26
+PersonalizationString = 
+EntropyInputReseed = 27c90d7e26680ba66365f4fe2a86d39d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 87eaad47260eb40bf9edb176774ced0cc30560ce60c0389b8eeea9482cb16ac522bf65e8f78b9f9a59a5431747cde920de48d1a301859c325816b82f294a390ea8bc682a79c6de37a59857e860eeb96d
+
+COUNT = 8
+EntropyInput = 3ac2fa1fae681f07f4e997fe83049c08
+Nonce = 417d84940690c8eb
+PersonalizationString = 
+EntropyInputReseed = ac7b416ee8b0b0eb336edc545de0d938
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 06e354a901e45ce7064afd0e6a44c1d01b75176ae522f65b7a376b623804365935a5ca38405f4dfa7d5c7b74f2559cffa6f82081c1cd7098e2e0ac61f37eea5f144c1b307105c5de3a53ae1478601f7c
+
+COUNT = 9
+EntropyInput = eb285895a837ac2f9db6c976b80ad9eb
+Nonce = 911216509a9df810
+PersonalizationString = 
+EntropyInputReseed = 32e473c2a035c3c62b713922c45184f6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5890f5374dd7159cb7ceaae8269bb0bd96de0b0828f08e30e2d241cf7e299cad87c7c0ef812b9f4df0475aa74c03d0a9fb9d412785fbb7a64ccc1ff407631ad59159cd65419cc4260a4b0cc25caff34d
+
+COUNT = 10
+EntropyInput = dbf8ac783ade1983bce1404ccb1107e0
+Nonce = 97742b57e9457504
+PersonalizationString = 
+EntropyInputReseed = 7f02e4faee9a4560c217e73cdfaa2dd3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 85a842eed79eb224babaa1d4bda1b19434bdf3944bfea6cad175bb8e0066c58db71a0cc96dde7d316ee598b60da6b5be3a91c83376f42dcbe2c9e351d326940f732ea13fa9aa485d07df856ac93e9192
+
+COUNT = 11
+EntropyInput = 890c9fcec7129f3567e20584dec9eafc
+Nonce = cbcd3772d2d6ef05
+PersonalizationString = 
+EntropyInputReseed = 80f0957e64e02b8ff81b062f0e63cc79
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = de29430ad7221cdb1e71a3a89a50e610880592caf048ef2e1abb8de68f5a1380341680c82b230e1827eddc5428af26bf251e38b1adf507db6c3497a7a0c062962e17823291187d70e0be9a46b68ee670
+
+COUNT = 12
+EntropyInput = a86c28798a0fb0a4030e384e6fbbc6f3
+Nonce = 4f78b54ea10cf9c2
+PersonalizationString = 
+EntropyInputReseed = a5c20788ed12db25f0745798a19b6e2d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 72c3d8df40c46bd6765c83471f60dbbf4147073f4aeccfae739866494cb36f89a0c681ec6fd39b0718ef058c019ce0c40bf9341d89d08a733772018c9e6463e2062a5bbf66fa1ae5f4abe35748e4f234
+
+COUNT = 13
+EntropyInput = b2de3b2bc48d6ae7d42845e15f63211a
+Nonce = 017175932f55759f
+PersonalizationString = 
+EntropyInputReseed = 27e6380f3ad03d410dd82e61f010b359
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 126097a1fe2616c4e51542ddb2af639c4a71af1854d2010b019a6c35deef4b00a77abb6c5830637bae2225a294191cd7b938b27c3b41da908f30f1e36411141bedea62b457e40daf79ea721f8d00b4cf
+
+COUNT = 14
+EntropyInput = 28ad887a24414de555d1d5902a2c21f8
+Nonce = e4bd33c11ecf17c1
+PersonalizationString = 
+EntropyInputReseed = 5be4be4add05d0241e1adfd93b3bb52d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 98cad340587d0033bfe99457eabfb4a1ddcd4f685fffc5da4608cb9dc97da84ffeb674131ec8178d22737fce01f16d930756d8b29f21623d73a91901529cb24582d8f49424809eb0b5a0185afa1fe3fc
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 6501b61d190ff2a1aaabe9f6101aafaa
+Nonce = 86690830867431b8
+PersonalizationString = 
+EntropyInputReseed = 92ec6354269bdab2aec98a61900ac99c
+AdditionalInputReseed = 60ffe5a618e324c52838f24169e13d7f
+AdditionalInput = 8832b134467a5e5dc774f14985063b60
+AdditionalInput = 37118f7cd97adc39eccd7030e0668ca3
+ReturnedBits = e299d33a9e1ce7aa94a84e0cae6d5e78be5b73009c25a832354fd12fbb02967e126372c9af6c95fe2a0f03fe2458a8978c3dfdd7844ade83a82217537f0d2ea5abb90e07bbfee8deebf45315ad258cbc
+
+COUNT = 1
+EntropyInput = 081b2e7a5ea9ce1d602f272e675a787e
+Nonce = 167ca2728fb35cf4
+PersonalizationString = 
+EntropyInputReseed = 98f0f03c706a6e694543404171e734bc
+AdditionalInputReseed = 4162a08f17f36ea1e1dd5a87a371d1e7
+AdditionalInput = c9229ce396d7938d8930b1fda83c1f78
+AdditionalInput = b043db8eed6e30338fe93de9e79256a6
+ReturnedBits = e22f7a55ef3f3cb7f866ece2dfcd080fcb3d162dc90b712c0564bcf5e38a513b96b7fa2f9a3e36279ba3ab09ce683737d6ddce42b473300827c2f56d49963dcfc51878b15b1544d3377a1ab8f987e1f0
+
+COUNT = 2
+EntropyInput = e97b694b27b7683e4119e565d5c86917
+Nonce = 469717305674a5d2
+PersonalizationString = 
+EntropyInputReseed = 060cc31630bf9e3ac2ccab67d4ca0395
+AdditionalInputReseed = 5ef3dc56e2d26bcdaf9802913b24e7f7
+AdditionalInput = 31b8460ca4d6a3755d97caadf1e30ae0
+AdditionalInput = f690f1c6d4545d06ab9af83bb93d6b97
+ReturnedBits = 5bc45bab73bbefdcdea0b625469fbcb65057daaaa021f0c5b5ed88052df93e20347223623e3f532d98ead81db82760391b64289b1c1bcf8b2861393f958ed2a43223972c7a7b80a923ee0ea2d96e7cb3
+
+COUNT = 3
+EntropyInput = b5c48cb4689c3e63723f39bb6b5ec73d
+Nonce = c4e64d63424db71b
+PersonalizationString = 
+EntropyInputReseed = 44d3415293439d25add42eba295db840
+AdditionalInputReseed = 79bc05165859219e84f2c2ae1d93a8b4
+AdditionalInput = 952074aee48ccb8ac0d619e907a0ec89
+AdditionalInput = 98253c70258861bad59e5407dedccafb
+ReturnedBits = 9c5839c4ed368c2e38840855a95dba0df211494b07fcd70eb247a9f56249c31aaa199f65416e772987a949d8c6a8c99cabf436eb020ddabb5c48d387c74c65e0a6a216c8227d3edab770d0be4fcc37d9
+
+COUNT = 4
+EntropyInput = 033b20b3d8e1abe542aef9ee39e80e71
+Nonce = f96caf9bb659adc8
+PersonalizationString = 
+EntropyInputReseed = 966b0cf2bd05c2a7061cef2a1b41a064
+AdditionalInputReseed = c669f10cfc7872ff66cc99308a41c24f
+AdditionalInput = 60467f32aa01e3a4b10f0c7aab773c66
+AdditionalInput = 7a754d665987996f1dd11d14f84bbb3e
+ReturnedBits = dd2f522f3fe6153ded39077ada175b4cfc848a5c9c053a4386abc59b2d77dc1dbdfea51495deb3d42becf8af29d6de1e05fcb986225f15840ca271ebac6f464ab3befb8447a0e915c6897fad7d2e1f1e
+
+COUNT = 5
+EntropyInput = 4cda35e84cbc0b9b61639adfc41706d8
+Nonce = f8089123e4990541
+PersonalizationString = 
+EntropyInputReseed = f1b191ccfc897dc47a55f44ca1114951
+AdditionalInputReseed = 127c6df989497363bc352dfb7e57ee94
+AdditionalInput = 01f838085dd1970c56c86c0ab517c2a6
+AdditionalInput = dac4d64a82a931b1403be0bbff4d4e1a
+ReturnedBits = 8ab6b307d52f1f51ee42831fcf6e57c0cee69f3eccc0b352f1c85a9c0dbd25aaa7bb1b2810e207ee14ab784631a646a63685e6ccc295c6f162d0e8f85d0e0571aa64ddfb1d771360dcb0e75c2d473223
+
+COUNT = 6
+EntropyInput = 1a5fadb4dbd948cb14cb4f8e298fa3bc
+Nonce = 19fb38a0a608ccbd
+PersonalizationString = 
+EntropyInputReseed = 09cd5a0bbd8901f14e54666db88967e7
+AdditionalInputReseed = aa4100c8ce6e317f5177ea3497f9c590
+AdditionalInput = 011656f23a855ba3abd02f8fdf20621e
+AdditionalInput = 41816b1ce43f89b519c4bc820b5dec71
+ReturnedBits = adfe1e36b8e996b813959be221c14e9933a25b648a5270fe57a05ee7bffbb2eafa87d85b9a087ae01fc5e4192623cdc6dc51b011ddc11bb7a4652ecbfb4a75a68c82556f0ccc34520045a4d2ccce89c3
+
+COUNT = 7
+EntropyInput = 342b1e477fb5c61d140475222dff324f
+Nonce = 31f3b7ad39676083
+PersonalizationString = 
+EntropyInputReseed = 2b12071317a784fe98c447923c35726d
+AdditionalInputReseed = f62a92c16b5211321666ae24221b9cd2
+AdditionalInput = 0c2e90c0b47a203a292ec0a649540038
+AdditionalInput = d15617586959de2a1cfa3208df469803
+ReturnedBits = 1a09ff361ce29762e1f87f011d640c9e40a518da90546bd372aabbbadc20a163102bd2490b28e13f716c630135ca9d90cc9a5a319a702602a96fe3f8e4c11ef38619cd4d55b8e97226996d5352930185
+
+COUNT = 8
+EntropyInput = 3af24ee39e95364c3c042571dca9302f
+Nonce = 2539d343eaccd5f4
+PersonalizationString = 
+EntropyInputReseed = 2ad0382d2903b34eb1af0b92fa4d0cb7
+AdditionalInputReseed = e56dbc941b5e623ca923fdc797105f25
+AdditionalInput = 6d5420f13684316525852a26986e3f31
+AdditionalInput = 1246164c9a925f97693871e8f54b78b0
+ReturnedBits = 99914f45e5c0829c688a8172b2de77d3c9ac0fa93cc2339015f20af0a102da877ccfa9d6be2fcd7b7e5c244a48ea589649ab90b0ffad167c1f5dc3522c485cd47f78a7aa9971ddc23a540c671901b784
+
+COUNT = 9
+EntropyInput = 569a3976f8bba86ad84c7fcb713a2b06
+Nonce = 224b5003b239667e
+PersonalizationString = 
+EntropyInputReseed = 9c5be17c210b6ba78d502c4b6d71ffa1
+AdditionalInputReseed = d5d4a3c97585cf34022d81e436b6ef7b
+AdditionalInput = 539521c78413d1ac390106652fbc3e2a
+AdditionalInput = 1ec758aae6536a9d048712c2130866aa
+ReturnedBits = a239260c69a0405a17614b98ee78f81662db445bd125912489ecd4b8f68284d44d2dfed7459af57ad3666b933e95fef5954bc8a43f0666ec4fae2ea7e00ba01dee3ceefdf50bd64c0f88c0a64eb5da18
+
+COUNT = 10
+EntropyInput = e8dcf530c20eaa247a849fbfa61c55de
+Nonce = 70e76fb7931feef8
+PersonalizationString = 
+EntropyInputReseed = 9d1a3eac6607fbf478f9f70c62538972
+AdditionalInputReseed = 640249e1b193d0ff780caea979b372e4
+AdditionalInput = 45e8b53d4366c630e23ef00bf663ed63
+AdditionalInput = 387dee32c7405e8ec1bfcb150be10099
+ReturnedBits = 27208036d3145b33ab193561010ff5d4325bb4df8aa063b367312466ef30fdc4355f48242244b0023dfe7420f6c3c61c764eb16b96717997fbbabcc1724984aebed67d5e732c5dba9c65c13b508c20ba
+
+COUNT = 11
+EntropyInput = 38ad63f96d6f41216b24ce00e610b296
+Nonce = abbf2da253661e2a
+PersonalizationString = 
+EntropyInputReseed = 8577e6917d89e36aa7b898313b28205c
+AdditionalInputReseed = 59279b852c43a7baea6619801550ad16
+AdditionalInput = f2005c93a3ed265138aded6f0f3bc938
+AdditionalInput = dc2cf3e797098e114cbd6b3a412f4b17
+ReturnedBits = a12b1d89a5571ca442d46cf7ca9885959231e8794daef693864e5068190b9e4c887737f40e05541d82d2737ad9b15833cdeeb823f1a383d71e10c6dcae811ff4ccba521457f51f73f9890696f7ad4486
+
+COUNT = 12
+EntropyInput = a70e8d4ef1fb23de04f66ef5a48bc860
+Nonce = b2f69cfca27e2990
+PersonalizationString = 
+EntropyInputReseed = 6348878dc501973a9035c293f4c9a80f
+AdditionalInputReseed = bab59a1401ef880afd65313ce64fca23
+AdditionalInput = 7abbd4145627e510d21f70785edda731
+AdditionalInput = ac55a078204b3d00849095f23ed442d7
+ReturnedBits = 4d8b197c84baf1677cf1a61a8086efc3bf0e6f3c211cfe60a6eed83f48107a0dacd89dffa48a6ed8e87fbfb02cb95fdfb8e82911ac61264decd3673b61a482572b8336c8c5975d1ccae5c4c53d6bf59f
+
+COUNT = 13
+EntropyInput = 73a0dbd103682524b9dd80e0ef5528f7
+Nonce = 9985b25f4419c1c1
+PersonalizationString = 
+EntropyInputReseed = b3973a22fe7eb708246aa19a1ffabfff
+AdditionalInputReseed = 5e82086b561a7929640b7f48e96aff0b
+AdditionalInput = dbf867108e1f033f4d46dfa7e5060db5
+AdditionalInput = 3caddedd157579f7c28a567ed4638808
+ReturnedBits = 8758d0344515b3c2dc0bb7bea087642c73890b776f52aac6a7574b4c44a4f4869fe72720839f2d93ca9d194b5b6188283077d0d07d539ff99930c57ecbe715eec26449a29a4bdd8a893da0390a6adfb8
+
+COUNT = 14
+EntropyInput = 3174d0c6e8eb2fcd117444d9b0357f76
+Nonce = 4c9de440ccfb893d
+PersonalizationString = 
+EntropyInputReseed = 81a83419ce3679cc396e1f588806a7d5
+AdditionalInputReseed = d87de5be122baae7f3f4e359a2cfeff3
+AdditionalInput = 488e0e9cc228b5229687d06843832b03
+AdditionalInput = e5992f8a2ac65f54383d44899ea1e74c
+ReturnedBits = f3a252bf182cfa2404265c571da2b2bbca801453a7e7b9e962b34417cd2033e3118c378b4ce6aa6a048c3f89a8dc203fa1ebd70f1046e7863dc6887525c8025bda4a46421fe7c1d1fcb3e56dc71973c0
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 3f8625833f7cb7f17e0063fe6ce94639
+Nonce = 37ade6e5e06d90d7
+PersonalizationString = f7ff05d21829c34dd4aedf29ef64d13c
+EntropyInputReseed = 3e4bcb401a589d8f07a05cdeab2b6a08
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e26c14a2b7a96b591ae8a0142895afad2493a1ddbf971eeafcbc20886d7fceb1afc69ddfefe061432fd5d2ef58597b05de7a7ed14921496d1509fef47297e6ecb33a39c1dcc4902b2347f5d425b79e1a
+
+COUNT = 1
+EntropyInput = ca073f096d4c8967ba8c9a48f221e496
+Nonce = b0c23feac9d76958
+PersonalizationString = ff0decb66bd0911900c5955cd6d2c3bb
+EntropyInputReseed = b6cfbef368ffd2052e0407a18d45b8bb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 264b9336d0d145ee701a758f540100d6a46d98c74da9ab96c27cc378c5f0b24a3a458ffcd1f1f71820101c80fb0c9763baeda916916f90fca2340bbbf7025f373f2ac850cd425adacedf5075ef686e98
+
+COUNT = 2
+EntropyInput = 8121d2994b195cfb5eac2ec874bc53cf
+Nonce = 53df56cba1f434a5
+PersonalizationString = 716934494672c28f9fd4f84705f9042f
+EntropyInputReseed = d02f560a9e4dc443867258f0b1162709
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4a0b38464547496663d65f4c851d63aba9c129b2d95163a97e2936e3572293ee62d6d9561de771d4c70fa68ada2c775a09e9622085d47fd80e9f9b42650bef38ad0f2c35d3b83c754c56e9fb8adcc150
+
+COUNT = 3
+EntropyInput = 02a78e54bcd53dcf7c013d076eb4a354
+Nonce = b95e9c2800b59dd1
+PersonalizationString = f554a18f92d3442f60996556677d12f0
+EntropyInputReseed = 568faebbe953c09bb97acb5ec053df6a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5bf26195fdc47d3e3354c1e9f51fd366362b4c4dc1f0c31e729b8c465055182777cab99a9433d56d23f28ead9d77ef70d1311a62861fc37bcb9a00c9c84893a2b32b2eef7765270d6e58809ef2ef7ad5
+
+COUNT = 4
+EntropyInput = cf2b0f84765134c208863a0900b86036
+Nonce = 323aa749772b6e55
+PersonalizationString = e17eff4edc0c2e38b71ac2205c57d444
+EntropyInputReseed = 22efe699121d37e16d2c0071c340de48
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d4b6d25416a481b5baaa28ddafe6762963444ef1307604bf64fe6062bf08a32794ee88cc29cdba246f3b60e022b1242a1c2813c1006e04a744eb61de167b4bf4167e027d2e63d550e11551d20b546484
+
+COUNT = 5
+EntropyInput = b0d4e9594ad3c2d4f9a0834f97dc0c87
+Nonce = 61dd2290d758599b
+PersonalizationString = 99a3b1ab550f89a4d453017db87a7dd5
+EntropyInputReseed = e209ecbfb7d675585c5820339936eb53
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c7191dd8ea3ba521b96868ff9c629b56a9b6770edf4d05d3a42c6b48a5ab2d8720a0b409127b76ba6f94dc29f79380c5f7786233ffabf5086148b96668ad33c20e10b902f1e6e8ef9c68ab9e11acae6f
+
+COUNT = 6
+EntropyInput = 5e598130075a84d0450c4905caa58a77
+Nonce = 693f75b70ed0cdf4
+PersonalizationString = 500302734b2d675fc4bc7a7a88fd2bfa
+EntropyInputReseed = 5ea3d1bface140890f5a585c65f567f0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 20fd7b34c3111d353aa413f665c8cf942da200001fa414b628cef5f8a70d04119281e9d582732629c63db323269ea9b65991b730238b4cc437797fc93a7646f6759e597378c7dd3fe563a9c9610aba34
+
+COUNT = 7
+EntropyInput = 4fef062daebf0ad2197dc5aa40cb4400
+Nonce = 4a159ba31e74982a
+PersonalizationString = 144c90a8c1817e6445c43f054d149638
+EntropyInputReseed = 86e57f828f731c65b913465fcb935b7b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 82ba3a8aa70874892fddf4f230bcf37d81a9ffa1c8e8efd03d6e01bd99714c10955dea40f56cd62faa7980e27f6dce4e462d10453122fc5e161ffb190b765bbe333fc406b872d6386f94f4f088b47370
+
+COUNT = 8
+EntropyInput = 62c3b136316a4103f227e1bc0c4e8c60
+Nonce = bd532876bcc9e160
+PersonalizationString = 54946137295729db9c55d679ee2943c8
+EntropyInputReseed = 89679b3d7cfedf094b238db1196fee9d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f40f908ebff3164a1a1314bd5c2415f9a4dc375063dc88367b60b23c3957e63275df5a22cb266253670076c3ce908c0dec248f06017a750ed054f9e1f74139c210cf62474d3726148900722b577f55ff
+
+COUNT = 9
+EntropyInput = 5ef8d09f83a76c5ab43bfa1d2436da63
+Nonce = 50cc2d2d992ef6a9
+PersonalizationString = 98dd20822519e9e618eb924b26b351fb
+EntropyInputReseed = a28341d1eeb8db33549d635d2bc6177a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b4de82ef6dbce35ad27b7e672cbc43c408713709f2e0fdc9c73dc292f80ba9de12ac886ace37e77379fded3a0172b7c4d14e1f8d3b968c8765dadfc0fb6e96796074fe1af779add7a0c1ba9c9d101603
+
+COUNT = 10
+EntropyInput = 044cf841aa9b8fd8f374fb0c012d0f6d
+Nonce = c7357de427c551f2
+PersonalizationString = acab89233b7161a6ac70cb64d829e306
+EntropyInputReseed = 25215fa0ede363afc913036216409d71
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ea7d73534e64cb88b7bf29623e64c9e62554872d8bef824e5d6ccee8603670385b0a01bfeb6ee485c1c6f7e54ab2cf9e5332f5d8cd290421ce2fa94c06c88dd4d39b0f789de12740b666ae65a8731932
+
+COUNT = 11
+EntropyInput = 2158d6bdf151fa9df205069891b2d6b6
+Nonce = 646bf06220262ba2
+PersonalizationString = 3d2fff3d59cd5cc2b52a8f31670753c2
+EntropyInputReseed = b8a40877df591b965a779e81e751f1de
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e5d986a290eeb32c280152bdf3861d7241a01fb32648deb903c1c36a9e435fa0991ae2634c1e1417785639117fc04f1c54dd4adb5363d604aca988ffa4170fd982cb00c7628543870a5a292b85e1db7a
+
+COUNT = 12
+EntropyInput = 603e445ce636774e37bf3bd4413401ee
+Nonce = 68d5c44042179131
+PersonalizationString = 841726f2f9d58551f37ebfc61efc5ba1
+EntropyInputReseed = d02d8bac9eb951e3418d72187013daf0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b37e2556ec9bb5c5c88625e5194dc153e61529c8d921f8b271135e67e17e2ed6e2de06f96c13a85fed55dd222e936cb004a82e51eff61af061050cb1d13cde85eadcb36cd56214894c11156971911930
+
+COUNT = 13
+EntropyInput = 8e139aa3dd78e3bdb29e16c901cfafaf
+Nonce = 6a4219d0700a18bd
+PersonalizationString = fdf01740d04026faceda82c1040151de
+EntropyInputReseed = 449ffeaf53b721f317857481894b0c1f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1a7c59b5bae29a4a0e2209d32892542b50b7712aaa1470b1201389030eb6be6c9b8bcf428ec1a57f774737fb5a2642f8e803c2ca2382fc46a1caae8b709f8dffda515be8e73701bd26fe05aa7ae5b8c6
+
+COUNT = 14
+EntropyInput = c55aa2c782cfe7c83cb297b33a1260b7
+Nonce = 0b07e7c5f53d619f
+PersonalizationString = ed906bc42d34327cbcd6d591e92ad5ac
+EntropyInputReseed = 8818a22d80014520becc74ea1c7cd93a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bfd9f23832a9d3e1ca4224a43b818d406795275b88c27654130d7bc09614380559662339fa46319614a89f720678a86987d82de2120d27c2e7c4bd75b2b6bd52741c4d5ec01255f4e118af65b7f69b2e
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 48898635eca886f80938f110bf835002
+Nonce = 25c6b62601b707b2
+PersonalizationString = 8db57639694c2ae7b0d37bf3d9f000bc
+EntropyInputReseed = 6594ab4c802e7985df96379902211f60
+AdditionalInputReseed = 222baba152c124cdbfa44c3a5bd24be5
+AdditionalInput = f5e1f0add419b2ab6a02f2c87a2abc2b
+AdditionalInput = 13847401ae1485728b3e8d911abbd8b7
+ReturnedBits = fa65319b8be1fed064d380b2c091c08c71d7edd0f521701f41a1fa6fc6e37ffd60946d12e1b957059c49e2219dcd48ec7ab6ab5a324dc65370c1e08664f2dcc45bac4799ce00ed2f2d3bc882b5afabbd
+
+COUNT = 1
+EntropyInput = 8a8fb0b8531fe230494b9297ca027267
+Nonce = 75093bc8f3c9045d
+PersonalizationString = 60e3cc61d51398001bc598a602d3d458
+EntropyInputReseed = 24fd21da156880c98788a8941c0e37d3
+AdditionalInputReseed = 6282da4d541e504a19de4b6a56701f92
+AdditionalInput = 235db96fa7033e8193e79b225a43377d
+AdditionalInput = fa711b08f37d7e8cee53b552e62e775d
+ReturnedBits = e99f10d15c3d4b088998348c8846147df9bea027777e4bfd0f38357bca095357eeed0460cdc955ef339470218716afa8050e8751c77981a14bb2fdc03e7c02d92fb9714bcb4d9142ae6116fdaa20f11f
+
+COUNT = 2
+EntropyInput = 14f5755be88184bd538b3f6b7898f442
+Nonce = bb35645851a74f7c
+PersonalizationString = 9d997e4d3d5a041161657e445c468a60
+EntropyInputReseed = a8fe8d500b797186b969c7345ea0f2e6
+AdditionalInputReseed = ab1db0fd9eea8858c09537d0140691db
+AdditionalInput = 77066352cf8597d8106bcf5157de8036
+AdditionalInput = 49f11401b16dc94db884e9c65dba5586
+ReturnedBits = 5c7621c1b8bb2e3beee126eeb68026c20abf7f267f230beb9feee62a671310e1e36d589885a62e509910dbc4051b4e634e63cc41527393c617e922a81d5433fea8d5702eb9b38e53ce4dca7f7dcef20f
+
+COUNT = 3
+EntropyInput = bebed27795c631bfd0ae8e4938c219e6
+Nonce = 4a31a211e3ad38bd
+PersonalizationString = 88d341d4370d7bcfed187100c002dc22
+EntropyInputReseed = 17c207b74c63143c168749e044b1d836
+AdditionalInputReseed = 475e26fdd43eea8d0514be11acd8a897
+AdditionalInput = e0d8c4c44cc006fc146eecd18545d0aa
+AdditionalInput = 8f1bbcc3a926a7910aa3b202df0fc58e
+ReturnedBits = 5b0ea97fc443160107abae7bff53fee0426cf8c8672e7e7906728a836b361237a2bcb2c9f87129bedb28f9f42d66f225b7a2f002f237ede2597a26be66fcb7c57fcfc8ecd77220058b1607ecf9df4f37
+
+COUNT = 4
+EntropyInput = d2f699b9f2199590aaf3959b4e2ddc20
+Nonce = 9814e71749153c3e
+PersonalizationString = c447b14cfb743203a10689180a5235b2
+EntropyInputReseed = e8481785f2371353a182bdcf2b77f85d
+AdditionalInputReseed = cd527fd6be465840abba45b15494a57a
+AdditionalInput = 01c663b3db0507acaa5d9abea60a91a1
+AdditionalInput = 8a7f2c602d00d5c7dbf02dd6aac5b726
+ReturnedBits = a664b5d8d3f2eca171f985216ea27d58a97cbeb8b88bf32ce6e50562c9aa397f1a5c2684cfe3c43ce664c1d7069c2613fcf86ed6202741d6d13bee7700deaf142836e52ebdb1b901ba7900e973439301
+
+COUNT = 5
+EntropyInput = 52d503f78eec622d50083ce5ec6dcf9c
+Nonce = 117448163f9cd31b
+PersonalizationString = 1d82f11488e4143c288343a99bae8c68
+EntropyInputReseed = 3e49c4fe82135e1b8b6a660e0480c1d7
+AdditionalInputReseed = f6a6b1af21bd8138e4ae43c88cab42da
+AdditionalInput = 9324240d0f3fe446391db28aee33641a
+AdditionalInput = 8ff0e3d609dcbb6a25dd7a8fb48465fd
+ReturnedBits = 200b784839f66e7ca10f4934b04ac5109de3fee41c5e34e049cb9f4285d2985d488738b128d14426ec0d1b639e65e1fa20ba4b3a4ccc015434d870a63c04c9dcfb4c46ead14b52fc4da328ef96cf8ebe
+
+COUNT = 6
+EntropyInput = 6a2e2570923cb127693904991ab03b04
+Nonce = 2cf4bdcf43572ef8
+PersonalizationString = 5eff53d2ce8a7fe9ed1fc0fab22a48b5
+EntropyInputReseed = 2bf78473636cb1da7e2816493fbf05ac
+AdditionalInputReseed = 125fa3bf7b30d4600bca768907045dcb
+AdditionalInput = 50003ce709669da84b8ef2fb94de3577
+AdditionalInput = 92756c9c57e7c784264336dfc035d3b5
+ReturnedBits = ff9a28da0bcf184466b6668070cce1695cc6622610a1c7ad0918ce1fe69237edff7ab03ce19e74c5b4328d3770b8526c5db7ba7d0f6c00b89f4d72ac04c5d2453a381890927aa3833d7ab79aaf450922
+
+COUNT = 7
+EntropyInput = 6f870a9bd731e5991a9c698de2ac3213
+Nonce = d56cdb8683b377df
+PersonalizationString = 329906dd03288c3f36a5f4d607f8e30b
+EntropyInputReseed = e943e2dd9af6f6b41b2c403ca6594130
+AdditionalInputReseed = fc39e1a2eb8c5cdbdef6a2b6a6385ce4
+AdditionalInput = f75c53de9d8fbeda86b10f70ece2c36c
+AdditionalInput = 947a5d369ab9c6d637407adc050e77a2
+ReturnedBits = eaa24a29aa1a34a0cd2a1c1e14f83f2c5de503afa4d0a7a5dd924c0f7477ebb53e7c59bf911b4831b99fb3624698924dd94f33406d86b9eb7349a360c207bce292e3bc77fe9768f0bceb07025a7c9195
+
+COUNT = 8
+EntropyInput = add2f6f44e6a13af3e134e34b6704e80
+Nonce = 20c7a7a00dada26b
+PersonalizationString = 3b87a8db4fffd095cb0a3342c36d8330
+EntropyInputReseed = 5459d54ed8ebe837d88220cdadf7d9cc
+AdditionalInputReseed = eabe9ecfbc66fbaaa2728850c2fa9c40
+AdditionalInput = 79da3977c95589d0fff897307740bb91
+AdditionalInput = 086fbfafafd37430a24ecc13d087c711
+ReturnedBits = 183a6ec24a3d911684eff18ed8464c76f2b06bf1de44b085f2b57f0488635ff20ef60a5d2c565bf7671cf8c15487eb51cb15052497ea80058a71d18b33d3c8446800d19803defaacb7f9261b52ccbf13
+
+COUNT = 9
+EntropyInput = 25ae04cc6df4a774f4823597ea521fdd
+Nonce = 7923a3e3b1502a85
+PersonalizationString = 44ece259631ef1a7925da70640504e92
+EntropyInputReseed = 700740b899f9a66b82be22ff1f7e42ee
+AdditionalInputReseed = 2aa16ccff42a4408ee6c901383081c88
+AdditionalInput = c80254c4c539aba8c7aeaa6ae31ef5f4
+AdditionalInput = 1069147d6bfb5891db7ffb70d4f8a537
+ReturnedBits = 3a6d68f2457aa7cf29922259cc71a5f6fa7e5a582f77ccb157da461675e116110ca2a71fc1f4ad5014a21d6e23b97ad768d16cae82509c61097429adc96ccc372daaf29fd09cae3194cf7a6058e9c7fd
+
+COUNT = 10
+EntropyInput = 038ddeefacfe2756560ddaea4f37e9dc
+Nonce = df6d25a5dff97491
+PersonalizationString = 09089f0a6944235bb0074cca04049038
+EntropyInputReseed = 4cd25feb768238cb56fac02631ffd781
+AdditionalInputReseed = 2438f9cb82dc539c37bad226f2117a25
+AdditionalInput = c458efd3c5311ec19db660f80f948672
+AdditionalInput = ac64f67626812078f6459230481c8e75
+ReturnedBits = 1801dc5aed241268647049048c8bf24552c6d2a2e35d9a951bad2803aea8a1713abff1482634650955b1fafb5833a2ea8545d6d8115c04651bddf3f595f7b0f36a615b449cf26fef76c91b7fb8fcaf5a
+
+COUNT = 11
+EntropyInput = a0b622857cb949033ec23db119363fdd
+Nonce = 40c57c3029f85343
+PersonalizationString = b63200d075cdcbae50a47d8d346be91c
+EntropyInputReseed = ffc4ce08690c116468f362d8bb71e334
+AdditionalInputReseed = 166025fc45f597339116bcc86a42d518
+AdditionalInput = e994c5bc729299a519c672e5a9f59216
+AdditionalInput = f3c5dbfbf8b62813592e4f0fedfb2e2c
+ReturnedBits = a33ccbae65227f6bd153e4493839a2e4a128a1d335fbca3e9f3c3e5d1bab5745ae3ea23cb22d586e0bee919ead3bb07868b5c9fef46809239689a1229881fd723a61e655a98ba0c288680268935541b2
+
+COUNT = 12
+EntropyInput = 5785a9e5f4b24bcf2743b3aa6e503d5a
+Nonce = c2d81f3ec24f98b5
+PersonalizationString = 3d4eb99eda9b7a2af2798c42b1cbd47f
+EntropyInputReseed = 4aaf305d3734ea540fa224ebea780728
+AdditionalInputReseed = 0d5a3ebb14f3267a86dd161a4bf2ad7a
+AdditionalInput = 06c2bd4e48782a55d821a0930184a5b6
+AdditionalInput = 274d036dc973e6ff4082eb8bb05c4958
+ReturnedBits = 3a0420a606d8f18281c9d50a5cab739871967d201a96c44925850a82741e9dc4471df5a3ba3c01f932dc5d012bb97a586258b21bbfebff3b25dfc49b58bc6c88edcbb4643882c3e20e7bbe697d702848
+
+COUNT = 13
+EntropyInput = 692bd8abe12b5c30c1d208d5ee7b61e4
+Nonce = 8999352e525427e9
+PersonalizationString = a34941fe91e8d48837867057869d64e9
+EntropyInputReseed = 2248af8790fe71915e311b276ab01d9a
+AdditionalInputReseed = 24fb112c676b39fb70de3f86a8a888d0
+AdditionalInput = d0ca8dc88f93b363fdcfbdd89d515c9c
+AdditionalInput = 7b0ce774b17755a0c47bddbe6896df1b
+ReturnedBits = 4246d4878bb6bc548b0f58b677602993756bdd35556928f0e9a5f7d966966f80a5e16d9abf6604141f2e3c1792b6fec1061bd43cf0e67190f4da699e64d917449a793280016174ee887eea0847a673b3
+
+COUNT = 14
+EntropyInput = 86cb25c15d0ff889727aabc33a9c714b
+Nonce = 7f2b785751be76f8
+PersonalizationString = 753a5d9d00ebe875bff9be5a1c42ebfc
+EntropyInputReseed = 13ebc4651cfc0de611b1be999f8b3649
+AdditionalInputReseed = 8b4d9f6dbfa398735146b70722f1fd49
+AdditionalInput = 8c03bb62ef876138266cc16e101a5eab
+AdditionalInput = bff032f314dfe65bb811430a54bac2d7
+ReturnedBits = d177e527b80d5ddaf26a111a6a007bfc3484044b9c933c21a208edf882a5c5f7b432f28463150db100ab8e07099d7d8faa6f446c23d7134b7b20bdbb8f1ac527fd9628baeabfd760a63d2544e764eaf7
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = daf80d4e70d6a86d7abc89d4352a99d2
+Nonce = 6c0c51a77833cbee
+PersonalizationString = 
+EntropyInputReseed = e03101dbb133978f967632ef213ded4f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0bad3bbd05a2c6a2398f42809449141c064d6aa41da66f2f749e65bd0a1366d63374adebcb41a24d7ff262413dd63f93483fad1b027f9a83a39cd02202bdb1720d6f85c9c8f81da65ff37ef5e53c60d1
+
+COUNT = 1
+EntropyInput = 126d155b8bd02ddcd5cb78862bf84831
+Nonce = a65855d4192eed9b
+PersonalizationString = 
+EntropyInputReseed = dec6fc448cd022026f6cb5c9dc184d22
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c4e68f4c618d65b14730b92e4056e94bea8afc9e8b0eb2d3f4216c417fc25c99288a439071aab676235efc941e6caf7483536e28b7b3aa23da249cf84235cec76e0bf72a72af24f5dd0f0e51c5724836
+
+COUNT = 2
+EntropyInput = 431371789d5a197fadecbe0ed847a851
+Nonce = e1e66f7680e1a2d5
+PersonalizationString = 
+EntropyInputReseed = 941c67afcae9c2a012033ff801d08f6c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 41608d19686849e5ea0e4c8e10be24dabe0c82392f1a8f7a776e22e2eb8c612e9e103bbd6c8f9654c51f45218b6559909a695a6ac298729f6befbac28e482ea9600b788f47340ef99a4d6a9796d97b0c
+
+COUNT = 3
+EntropyInput = d79bf5be36dfc58e38893b5fcfd7660e
+Nonce = 8e6968acb23bcdc0
+PersonalizationString = 
+EntropyInputReseed = fb70a98a722e98f5bf513fea6699d1c3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 775c29ce754fc4d25e7b288817401ca22f45ca60bec308890f979fcfca33d9fda5970422b79cbb30c68b32e8ba832b7cb1a9c47397e3b62f00a36cca6472f44ab6590cb60e1f086933653274b051010d
+
+COUNT = 4
+EntropyInput = b67c9c80f5d849c3818d6450a2610934
+Nonce = 905683bebd4f858a
+PersonalizationString = 
+EntropyInputReseed = b5c2579c7fd4cc806a9f5dd2becdc412
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 649f08a9fc5bb9540c2cd6c67863d9437f84fa133a241f95dae1fdb69ace602368558a8582a08b61b4b3cbe119a2a8fa2c90b0a95f360c0ef2e53abcd337f5272b6af1e135de793f8524aa82aeb7d969
+
+COUNT = 5
+EntropyInput = fb4dedf71afd509d4cf81a055fd96f71
+Nonce = efe11c98dfe54e94
+PersonalizationString = 
+EntropyInputReseed = c981d2c468deb37a2429369eac52a730
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5d8897886013e1a32cbd09acbf00de5714cd40795fe27d60ad866c159d7a75f1161f6eb6dd2b8238f72e43c79327c13b1f85ce2d3a50abeaa2f5f6b097df36fa2ed6250b4b1291f2981ac45e656cdf95
+
+COUNT = 6
+EntropyInput = 2a593a65dd5be58f2f0d7279b2e51c70
+Nonce = 9dd9a0e5586e96f2
+PersonalizationString = 
+EntropyInputReseed = 8e1905c43da672c1c02e632f010a0ee7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 997cb33d413cfc231289d0b1df5479a9fab8c7f18f83e14e951a1f9287cc6e88b3229def2a0a0af0cd59f837c8e2eb2118b02c168023b0cdeae4b9e4b042ce6f9141c5f520d51d837807fae32104ab33
+
+COUNT = 7
+EntropyInput = 2717d6d07dcb45c21163986c2a27fdfd
+Nonce = c3ac8354b35c431e
+PersonalizationString = 
+EntropyInputReseed = c72901afd34bfa85efdcc70b013bd575
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1031dfd089f0ebd379fe159e7557f148cda61ce6915bd4a95c06517069bff106707eb81cb8f22bd06a47a8a5e36da3b5c37d2b477bc5fed4658e0bd72e1c8806b9afe378c9dcbe72ce61461ca610efe7
+
+COUNT = 8
+EntropyInput = 1a0c55315a0addaa456f1d8b1497ad75
+Nonce = 67702e35a409cc14
+PersonalizationString = 
+EntropyInputReseed = 8c815e0ad5bf33aed81e33087b1c0edd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f2953585673fccd82d364dace7cdb7c100a8112a9d04902cbc966ec3eeacd182ee9039dc394c12f20171d1e99fecc22c58d7137bb023cb3cb1d9e0dbe4a8a06857e3dc0d73afbc4eb0b0eb1ed1d534f3
+
+COUNT = 9
+EntropyInput = 657a91b05e832b701bc9ea0f58747d88
+Nonce = e1e52cb87a0783f9
+PersonalizationString = 
+EntropyInputReseed = df1324c51e8bb6fdd4de809f130ee20d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c2f0978318cb112f1212bf948ba9978e426272bfd4177b7ef7fb7c7783320209505636b16a35155fb8515900aaf86c98c1c289f6ff4399ebec63ecf5d9c0ade5c4a88ae54f04a18589e9423084893663
+
+COUNT = 10
+EntropyInput = 44f0dfa4a0edd9e464b1e0c2e3f0584f
+Nonce = 63da40c20da0f5d3
+PersonalizationString = 
+EntropyInputReseed = 27f250cdd67ecee02c84830d40dbbe6f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 06e51a5f7c80eef002ea3547e64b430aa0f5f6345b093644c998b4d917f4b83d0610df52e0b3090afcd74409ddad1462f24c59b812a9626e72d60f60df38091ba44b9d31416205d63f2915b5f3c3b8e7
+
+COUNT = 11
+EntropyInput = ff89b0bd43dcb902b1984602efa80f7e
+Nonce = 27b7810ee1022089
+PersonalizationString = 
+EntropyInputReseed = 7715fc44c1c6ba6ca48d0723214574e5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 91aeb666797fc48ef6e2d6be25fa872be9787bc5ce0ffd06711dbde86f9eeff68e650a20e193de06448b8e2b0d35d2fa576280459fa416c64f4fe9c789f2634471c8e6aa1df420fa6d56fda63928defd
+
+COUNT = 12
+EntropyInput = e39f149221e2d7826f97203b3e5217a6
+Nonce = 9c9cc918e967c8ce
+PersonalizationString = 
+EntropyInputReseed = 94ca0d22a0f97f1800ef4aa044f30f7c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2c54fa55f536a0929c65966efed2a0ee6312521ec3e688254afc3af0837a5bc1e550deccf63c13b601bb1cd71e2b3446813b8a340ae5a5a47731002921e90bbeaf6b9835e37958d265e3f7eb507cebf5
+
+COUNT = 13
+EntropyInput = 9867c540fccf5942c382f8e7e383306f
+Nonce = 1adb7f48d8140c27
+PersonalizationString = 
+EntropyInputReseed = 8567e12adc711930ee3626c8774788af
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cbda8dbbb61a13251411d3d18c51cd9c65c7d58016f9be96c1a99cfa30ed50653a8557c14d72f351d27c6084527bf266d4af931000ac1f2d8ec61eded90e8119dd75eb1716ee559893c927afc805e0dc
+
+COUNT = 14
+EntropyInput = ab4b1daf9ee4ed51c585bb90c6ccb4a0
+Nonce = 432a0c1c722e9722
+PersonalizationString = 
+EntropyInputReseed = d28284b85af03ffe3bdccfec978f478f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c17a7fb26de22c3f8d1ac64c8a7b2c45fa693e981c5cff04ff2ccfb628a8d526effbee45a6b3ec35cdbe910f20b1e6f8778fb8f1570565d26487be1895f9b666398b1434341eccfb638dc6872622a874
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 95e98f7b1330013e982b810f683e5fee
+Nonce = fb4ac42d4c9bafc9
+PersonalizationString = 
+EntropyInputReseed = 93109ece2d1a590ed174299561068539
+AdditionalInputReseed = c96d88cde76e021ec75137c5aca4e610
+AdditionalInput = c31069714981f6d539139d0ba38f5bd1
+AdditionalInput = 9aa8477c0df793f0765d8b58181eab4f
+ReturnedBits = e4a1f1a7a5edfa4f9b30241b093f815c29ef0f30402ac0f1ff4d8c426521516bc7fad9985c5e3ebca7d4d3e96e2fee624feef9da55714c513d4a1be23198e829a989a4872cb302e384a6963d306d9c5e
+
+COUNT = 1
+EntropyInput = dab17b0eacf52e2986c6ffb790e7eed9
+Nonce = 2622b29bb789bf23
+PersonalizationString = 
+EntropyInputReseed = 35406c1c317f67fbfa0b341b3860b2be
+AdditionalInputReseed = 4a738e860d1abd9fd9d3f57e207eb8d2
+AdditionalInput = 3536d4fab1b6e03ee9d44cf8f8da8630
+AdditionalInput = 0da7aa3d403e8c6e3406b1a9077290a4
+ReturnedBits = 35d4879e5904347449ec6aa8e83e344cdbd2d2b86eb422f602bf121ef59f89273974597548b598295e00c44b2f2cec656a4ed4b2e7b9837a8412eca8b14fd49313c18d2b5e6867a83438e88907d37e49
+
+COUNT = 2
+EntropyInput = 91a94f73f1c8ec153f68adb27b6840dc
+Nonce = 2bcca0f791ca90ae
+PersonalizationString = 
+EntropyInputReseed = 98f52450e5b04709f7ec5a276a562128
+AdditionalInputReseed = 61ed1792c2d081ca1b692675cbcd0f5c
+AdditionalInput = c24c0a1c69f6683a32a775be7a7943be
+AdditionalInput = 3908b6f78f152d9bf564fc73fe02a123
+ReturnedBits = d7e9eadeab458a93508ae879f101c98954f30c92263fde54b3dc78993fbf8e22ddc2a26dfcbad96f230ec791329e6209ecae67dc4655ac7346799b7e6a09df1675b372b01ca93e711f8368f3bdaf94e3
+
+COUNT = 3
+EntropyInput = 50d8c59227804615f3353e997e07c6aa
+Nonce = 03a9420539b61f48
+PersonalizationString = 
+EntropyInputReseed = 66578dc7e4a64f4b8ebc2d61bc45d750
+AdditionalInputReseed = ec30c1d18e927b8e2e31d89211b5e3ba
+AdditionalInput = c815f8fb5264ffcb283df35df031b4d8
+AdditionalInput = b1152e871364bfdca16ec49fba4a06ce
+ReturnedBits = b0293a8d0429d550136d337f557afbc1345c15ba75dc756b1a50edc0ba9f7e427de5249bc53794af964a64bf65bece742cb701eff5249721244abbb09d83d4bb4d7f4269a36326f89d0db9be71a4b015
+
+COUNT = 4
+EntropyInput = d5855b764ab10c7f45a9b36274b5f692
+Nonce = 90ccadb66744c939
+PersonalizationString = 
+EntropyInputReseed = 66165ae3a450cf1cdfdef0620226a981
+AdditionalInputReseed = 76a08637b50d6be6c01943ebfb6f57ef
+AdditionalInput = 20f063a603fc98cc1e4d5f44c9b57e31
+AdditionalInput = 4282f4bd5c9f3cc6daae5264f94d0937
+ReturnedBits = d0621aba3dcbf0e59d4814814119622e470782f6edc59085df81a5c2acc3c26ef89285a83ee2c6c55d56eddfdf9ce6fc5a5bfc4d3d3577bd007b28ff54e0d2b1a59a5a3340e08b0cd10e7d6f12914773
+
+COUNT = 5
+EntropyInput = 56b514d571bbd49a32657aef942be309
+Nonce = f4d37f11c76a0836
+PersonalizationString = 
+EntropyInputReseed = 4fd65715096301a5fc2ecc38647f12a9
+AdditionalInputReseed = f1bca36ba176c1ce69bdbd1387fb4182
+AdditionalInput = 24b285a4223a46d8fce03520c91db42a
+AdditionalInput = b59619baf154d930d81ac8a266d04f94
+ReturnedBits = e3d43732748d5f111861da99d7151af704e3e911957d5e1119f4d22159b4cc4fbe734a9906b4145ee75b39003ff072c05d704de4b94f16e772fdf7c14a4931195054b150f6b8fadaa946491b2ac7a59e
+
+COUNT = 6
+EntropyInput = 9d2e8a78ac3a9b4f4c0333a0452731ff
+Nonce = 19ef086d862fb006
+PersonalizationString = 
+EntropyInputReseed = 6c082037d8fe2a7eac23148ce7d37096
+AdditionalInputReseed = b69b58416cc75cd630173e6fdf1868f3
+AdditionalInput = 0c3063fd7da72a1bf7d9adeba00b41b7
+AdditionalInput = 904f27bacb410d78db5e4fd108d7f4f2
+ReturnedBits = c54c3c8e1ec22d24843e3131cdee80523cc86504496bde6f38093dac15a97d9981af4662e6c74a949bf533064fc209288ac4f4b7f865698d58cb3606f515b7c13454103fc65aa9bdd3f1d1773c2aee56
+
+COUNT = 7
+EntropyInput = 5d2aae847ecea64e68501abb20eac1f1
+Nonce = f082930e89f5c566
+PersonalizationString = 
+EntropyInputReseed = b5844e9578c8e2f17f34aead46c43a87
+AdditionalInputReseed = 29eea667312afc26da201c32d19f0823
+AdditionalInput = 57ae7fa0e243959080f32a94d6a18066
+AdditionalInput = 2b936582be7a6793752a0b25b18b2f00
+ReturnedBits = 6797b8adb315330b9c5a52dd9d123ec847c620909818003c03670e3afc741009a895d1bc06c9d9965f01aa183f0754fef49a361b62cf423291c6a06b5a93834642e3b22876d9b89f12bd4575aa32b1ef
+
+COUNT = 8
+EntropyInput = 70de24389f8cdcf9df40460a7cbb4be2
+Nonce = f7ade1a15d30bb66
+PersonalizationString = 
+EntropyInputReseed = 54183582445dcc8016993a9bbece400e
+AdditionalInputReseed = b708322918e0fb65ab784fe36db7e39d
+AdditionalInput = dcf5dc9078a0a181fb1e87ffefc893fa
+AdditionalInput = 2344bd82488a42db34184ccb6c5b2399
+ReturnedBits = 590abae34ee5a8d3682bbd71cd8e12f7689db33d09cf13846f7d2abc3722eabb96aa7911efc857e11780c23406ba129cddf87752156f3688bd95006b9b8b703784a1225c92343c86309d479020436ea2
+
+COUNT = 9
+EntropyInput = 386dfd2316c0a898cc78069425dfe9c9
+Nonce = 68b4ac988e9c0702
+PersonalizationString = 
+EntropyInputReseed = 4c480bff73a0b146c4776ef47c063d29
+AdditionalInputReseed = 8d4d4681d4cd5e769527e3e7242f11f6
+AdditionalInput = 5f81050ad89a1e9aa489c880d7955cbe
+AdditionalInput = ae4d935aa3f78cc5f40a31a701f650ef
+ReturnedBits = 80efc41d1975a017d970bebca3a8a6373c06376c325fe11d5ecb7bde69f2fa39bd43c24add5eff77419d1c0927af461b0591f1b0744483e8a3038fcf3eaf51f22f9d65430ab7dce3a02f2177e89642de
+
+COUNT = 10
+EntropyInput = 4e0ee9b3a2fb68ad39fb62f3ea5c1f11
+Nonce = bc3f35e77a0fffc6
+PersonalizationString = 
+EntropyInputReseed = 14bcfae14a8299ff07a961a2aaef2abf
+AdditionalInputReseed = 41d5fb003c87395f69180c5445593b12
+AdditionalInput = f3cf22a91eb407e645554698f91678b1
+AdditionalInput = 781e6c1d5050fab3988c28414ec28278
+ReturnedBits = b721cced80fa417d610a7faaa90dcc5535f2514b584dfdf449708236f96298c561ce5b1cdc891b84891d2981ef734890cf197402d7a3a89d88f8031e57d813da71f9249db06022c7fc5595d98274d477
+
+COUNT = 11
+EntropyInput = 3c8b0443e2de85e6241f4de6bd9d5a73
+Nonce = 8f78efb7ea6e76db
+PersonalizationString = 
+EntropyInputReseed = a07d5c493efac504e5f67b6bbfc4596e
+AdditionalInputReseed = 7a921fa0af03d291d4b1a3bb1be39b40
+AdditionalInput = 6825f88352606dfb34e162028ebef521
+AdditionalInput = ca1f2dca78de83b1285b7a52cf59cef8
+ReturnedBits = c107b915e6017bbb187cfdd354844378eb616cfe074569c956b19a4efd20ea44ca96efbd0ffeb7a2576ea8c366f096cbd9e465739bc3a841287309fd2a1e61fe3d33078468d8bac3b835f6ab2ec27dcd
+
+COUNT = 12
+EntropyInput = 18c30a25fbac0c9c1198bb5d1b3ea0e0
+Nonce = 2d4b8f656ca88282
+PersonalizationString = 
+EntropyInputReseed = 0e670a49350c9d274c905e9a416e145d
+AdditionalInputReseed = adc68b877938b5ebcd60958aed34d486
+AdditionalInput = b102b6b78a0ecefa0d1f2196df3ed426
+AdditionalInput = 763adc6b405a8a121d0fe0dc79c0dc87
+ReturnedBits = 63989f28bae649036fc23564d91c8a1530e7a010a3f58cc843a4dbb876ac64d161be1ac3f26a32a5b49178d573c735e40cd418bb14ca4be101e5988241d3381109895315a4937d8d04eadce731da6268
+
+COUNT = 13
+EntropyInput = a72d37da79ea55b94ba55dfe6f3fad5b
+Nonce = 3405fcd61b2e8a70
+PersonalizationString = 
+EntropyInputReseed = 3b6dc17bf82798427a554d0d4828b6b0
+AdditionalInputReseed = 63db0312140accb82cae2f5288c00932
+AdditionalInput = 26d358a37b88e51b60cd2ca97d0f1fff
+AdditionalInput = 8d272521b0f268795787f674fe0f41dd
+ReturnedBits = 1d5244ee5056779c48abb9e40ac0eaa20dd1c142d529242ffb02170a88db1dac10bf04b2d97371b6f22fb2bc90c769327de88664fcb7c033af9125fa8a55f3d3622d7431a8eb24078765682ebc4b02fb
+
+COUNT = 14
+EntropyInput = 9a73d38066be81d3988eef3589aae246
+Nonce = 104720af121eda72
+PersonalizationString = 
+EntropyInputReseed = 33221c76db385421efbe153fd59de7f5
+AdditionalInputReseed = a1b82c8e8a3cc505c11af9797e385163
+AdditionalInput = 717d01683450a42c10a2b1c699f79a35
+AdditionalInput = 1c7aaaf732e7b2c8d5f120871effb45f
+ReturnedBits = 1ebef48df3989dbfea4910eeb4ecd379bb4f97a1d729e58a067c6c883944a6e6f27eac20e38e9f88158ee7054f5c83705fb969ca2555f3576e4580ad72b046cd8ad28f3e3d0b8f80b18138a74db2b602
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 1f3bfa1a0e1f1c87cdf899103fe53eb4
+Nonce = 2db008a1e1fd4c46
+PersonalizationString = 1843f02f67b62ca76b205817ece829c0
+EntropyInputReseed = 9a68bb46f10bb4e33a555a0011893590
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0d24bb0d9c24492d8eddc63c0d41e07d471a59682b676fac11f426afe9db9e38df95271349541ce1bad71d280641e47448dc4671679e0729e25a400fe7bc4673d32f23c85c67ca0e0e40a68aea14c149
+
+COUNT = 1
+EntropyInput = 2127340c16f6d9b9547f12b9ca4152a2
+Nonce = 1504e7a897368684
+PersonalizationString = 375b5e97ad94a410e2a87e00639ea0f3
+EntropyInputReseed = 16494343cd5f7cf3cd7fce7bb44cac54
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c25bf2ab607dcb508d0e5f4ae058c5af1b69f1c67bc01ee3c8da6c64f12b97cdef04342b56f0b777beaa819b1ad85700bbec7042ef8f5ebb7b6b87626e6d7c4c2f20dbbfca0c6b0d1f02b1f9a1e7b0dd
+
+COUNT = 2
+EntropyInput = 03a526eac6667d8fc50bcccc77131b3d
+Nonce = 89ac8cca35d7360c
+PersonalizationString = dfdf1129c867154c8fb06449cef55604
+EntropyInputReseed = f5c69275583a8b137e73911613de32a0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e6c6ca6b8c3f9fc6b60b9ead5a3d99a311b36c035d057600a639853ac838037ab143cc9130d833047492acf1f6ab5d310af848e17421c7f2ce1b27879548357b327fbad8f2ff19c9c511cac74ff9db28
+
+COUNT = 3
+EntropyInput = 922a1eb491c5aa96255a425a557b3a0b
+Nonce = dfbe98a0625f6d27
+PersonalizationString = 3b1661708dd5136adb3b90276203807b
+EntropyInputReseed = fa41b9d95c60bfcc18740dcb7365afa8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 491b2250d85f43b81493d77441e206b2d24a442d826de6f84feb3fcee0f3434ba1279b8f6f40036bfc98a54335b0ed129fb9a1b5b9da709792609b7318e2c6513ab139bf596f40095162c0135d8281b4
+
+COUNT = 4
+EntropyInput = bfd1cde72e3018e38405fb78e780424a
+Nonce = 7b522e636704aa30
+PersonalizationString = 68dc04bf3ba9a49bfc8f5d3e178eee90
+EntropyInputReseed = 0ae631fbebf31311c70db5218055a109
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 03f4152f569d4e75171178390dbc3375f5dc8cb39a682dda250eecc8cfa94c81d98c572f5f8d057a7bdc651a009a67badd1c5c353ab56aaa5611bd5aa32d1e14264375d72a9a57480b0a8094551dc38a
+
+COUNT = 5
+EntropyInput = aa6468f37fd732892f1aa494bdfd33c2
+Nonce = 1188096a0d03e7d4
+PersonalizationString = eb3205f89962c9298ce89032313b4aa2
+EntropyInputReseed = 1f19abae74321faeb81ba6e0b856e10b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a22fab2ea7f42ccb0ec4ae8ca539f0e5066465730144cdd3b1cb2a9a35981cb91d11b2c580b61b7f36663a8dfc182dd6a9fa4f2fea4b1115eaef4c2dfd80049a5816523435dad83c58ed659ec2ee4911
+
+COUNT = 6
+EntropyInput = 2afb7f99841fa8c4b7aec208b558723e
+Nonce = 0d991dbcf3fb1ca1
+PersonalizationString = 07ea27928db183899fe85861bd337412
+EntropyInputReseed = bf24829032f3796e5d8ff9024623750e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 24e82522bfa12528eabc9006246a4917438444e7ce836146c6b8735afa745a258c9c6c444faade0f2f9869f48ba584b175690ab50bb8cec953ff7c4594bba4890b6b35d1e0912e0fa098515eebf33af5
+
+COUNT = 7
+EntropyInput = 8610922bc82818d169800d712e08847b
+Nonce = 07b79840f4ab8675
+PersonalizationString = 6848ffca7a62f868f995763e0a6fb474
+EntropyInputReseed = d7fdb5c31f04a27e2a29109b5e9ef9e0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 21a015772a341bdc2ee658bb599fa34e7226b8878a60a6446a65659224c9b57c4a5d9e49dc616525ccd67be36bace3235e3b260276409236464a7144770bf65f5930ab2bac61eea030d7dc5068103418
+
+COUNT = 8
+EntropyInput = 190ec0418b24810ab222b79d2a7293a1
+Nonce = d6f2d3173bc9a10f
+PersonalizationString = c7827724c8a85e09854f755eff774ce2
+EntropyInputReseed = 6ed328044dd8ae29b7fc31cea8a201a0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b29330f84fa192c1ba8d8b2c67314fce779ae8d735c2681cc4a0c7d79eb1fdfa301eea4a37dd55b8b28faac3ba6caebf206c826b190a5c05c63dec0d3bde8b5ff0414a587bf0e4fd0591c3732457d61b
+
+COUNT = 9
+EntropyInput = ee118811435c2ff1e09c23283a915adb
+Nonce = 072fbe922ce76004
+PersonalizationString = 7f9fcd1470e9877fc97f6fb181c34e59
+EntropyInputReseed = eb7db32f1bdfeda21fa9b1c1d38a139d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 75a3c2daa08fce7b74a27aaedfb1a725cc66283ff5ea0fe7accb4d30155a90686f3b0a7c31b602e5140c38e6ea44822854a5419b1d563afa56b4defbcde59d69feff80b9921cd67a873f66e32c8c80ae
+
+COUNT = 10
+EntropyInput = 839cadcb77a351b0aef7a8d86a65bd6b
+Nonce = 4ca209b825a220cd
+PersonalizationString = 806978904e4f037a94c5d53e5353539b
+EntropyInputReseed = 668639fca0e047e3acacbd04e8347108
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4215bad99cffef8fa4cd0a2759abdc92cc1b69a52389cc41ab24d5b969a012cdb4358c064131b7784ef0efd1a7400e254e4946851b7025454301aa32b581d3a3df22dcfe6f9659089f662384ddd7d706
+
+COUNT = 11
+EntropyInput = dc2454760ceaf6c01ba54393d4ff6606
+Nonce = 19b2f382d93710db
+PersonalizationString = 8ef2b249910b4c57a63d1c45ca7efcd3
+EntropyInputReseed = 3f4d0810d07d33b854427cc29c1c531d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 71543b5891e69d3bd54321ce8fbaff09a3f17593b94a19f247436f3f9370eb06ab905ce94533a0b1b97dd5c69c63733915904236ddf706b9cb3a58b7bd478d2e8d80cb51491b329b4f7c9595f323dd8c
+
+COUNT = 12
+EntropyInput = 60bda9c5923d3b9de66a9914c447b663
+Nonce = e5f70aabcc2f620e
+PersonalizationString = fe21f6ed04774f9a93232470a9268317
+EntropyInputReseed = 27364f9af59947d6c03e9a8ba859899a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cf0385e3164ca12421709589b86958bf5a83f312f71595cd6ad8edd7544a67a024aaa475e4cd2e515dcccc3b8c14811885944cb3efdeca1ebfeef3edb94d6f71c0215f0618b3677a4316a67f52ccefa5
+
+COUNT = 13
+EntropyInput = 523460ce5a3f54c013074d0df90759be
+Nonce = 07f779b108a52135
+PersonalizationString = afe0be933748c61a838f3dded8ec423b
+EntropyInputReseed = dba4660ccf5613fbe2c04a6411fb3ef8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4c987e74c6d0eb96aae2c1103ea8ca6d30181aad261c3ce4494741f9154adc6199d14f99581c75d2cfda2429a0b1f57dcaa9b008f2aee8d38ab09496d383fd258de76cf890aa1e5b860656db8458268c
+
+COUNT = 14
+EntropyInput = 3e9aad8f60a69f78552e62326de71d08
+Nonce = a129fd429f6c002e
+PersonalizationString = 64fb2750e55bfe3c580ce797b4982a5b
+EntropyInputReseed = 9a1ed501c2e2e7fbfa7179b49983c318
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = af3e4545aa85cbdf1049bedef9fc8d07d24bdf004ceb1b0d0271beb476fa265a8140ad36482e339b359325d69a2cf8af0dfd7eb86c3caa9cc5c70629c00fb441043e3d32b33ab44f856bb51abfc80c13
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 4cc9f7c5f20ad9b38e4950216439917d
+Nonce = f3a03b749fd9a504
+PersonalizationString = e22e6c37d178daf2294213ffbf1353fd
+EntropyInputReseed = ebe40bf605e8899050fb1b2b7a13d393
+AdditionalInputReseed = a65de1f61f5dffabb944557ac0fad3bf
+AdditionalInput = 504d736ad88d2bd0ea73bd00379b63ba
+AdditionalInput = 883eab441b2d5f15e24546f5ebacc1b1
+ReturnedBits = 5a6e6115d8c767151470aca459c3f46217ef00c4b68f98c7dbf07f4be215b746ca380270ac0bb04cb5e8c918b2a7062564dbc705975ad275a369c8e9092acdeb0801e8140fdbb158c6ac85385ad37db4
+
+COUNT = 1
+EntropyInput = 16129142501677bbbc7abbac24345634
+Nonce = f95597f5af717b22
+PersonalizationString = 9a5e9790934755fc6e1aeeeb5fd91e94
+EntropyInputReseed = 5b3e74d3fe52084b100364e69a52b2d4
+AdditionalInputReseed = 91eb7ee6197c9aeb2d704c031b16253f
+AdditionalInput = 49cbe6262bdec0a816fe6c871d998552
+AdditionalInput = ce03ef853830918c4b94ea4cf8f6023b
+ReturnedBits = e3cebc464e4ad69ac7b4730fc7a4164af6d03adc951a75225fcc7f2c3729501b925d8e3bb812d28b4b351509eae8c94c578315920b8d1b4f6f6394a4479c001b10f3abc5e7cb3f55e0dc47252c4084a1
+
+COUNT = 2
+EntropyInput = ea5fe3ea0b14bd632788d16aad37dd1a
+Nonce = 9c49f9b6536e1121
+PersonalizationString = 0b4ad92345e528f6de5a5cc16e3858dd
+EntropyInputReseed = 118973245758fc1290b06223011496af
+AdditionalInputReseed = 2b0ef5432eaf0f4bfde86c147f91cdcb
+AdditionalInput = 3588432568be9e5fd4413953c8575dcf
+AdditionalInput = 8fb5929cdfc67a71014d08e467134e21
+ReturnedBits = e1ebd525c54b9a19f9692c1d1ba70be722b8bf28a0f4771b507af46da407757f6c737945d5ca7a31a42af48a0e72ddc68715e4541e5589ec343b340cd768135f24c9b173181370b8d808b58df2fe6f66
+
+COUNT = 3
+EntropyInput = b6a76e6dee65f2ac5e13233b8a47af3e
+Nonce = 418873e87c05c8ab
+PersonalizationString = 4442552271dd96531c632981a47d93ec
+EntropyInputReseed = 0dbd5cf5d73074b853b74bdeb0013ec8
+AdditionalInputReseed = d13a58ff69bb7c29fd423fed78a12c2a
+AdditionalInput = 2d21074c75b6d4676eed684f00cc39da
+AdditionalInput = 7d3f33a0b5f4570729e7b5fafe912a47
+ReturnedBits = 7be9a0a3d4c550825d9386a06dfb81df3811fb62ba46eea5297554289b50661bd1105d38f9fff2b15dd472e7a2023edf97d25a260e0ed6f04d48c7c5f94f67c2fa5c72443fe015959a8ccaa996c574a8
+
+COUNT = 4
+EntropyInput = bcbc894f5b1326df76bdd825ca5ba1b4
+Nonce = a4486fe30fe073a7
+PersonalizationString = daa711fc9e6229575083bfaa65c8f215
+EntropyInputReseed = 808a11c1553dc9d8ca30552b2caab363
+AdditionalInputReseed = 92776c6f5855c51eef7cbb4e0a8267f5
+AdditionalInput = 561350e9fa4cf192eb5e68d7aa6595a2
+AdditionalInput = 71eede0afdf6b877ac795c6ab695cf6e
+ReturnedBits = 25df93fd7ae3bc6ec553bdac602f4f61013a426123175c0260f6ca6037a751cef8c795549a37dad254bc28611f9fe9f1d36b4fd14eb48dcfd899302d2a75c9d28e1f92bd78f9257a71f0b0241604d14c
+
+COUNT = 5
+EntropyInput = c06f2df94f8cec218223be9dc3238728
+Nonce = 8e4e8cf3a3a59a35
+PersonalizationString = be49660f29b52ad63511cc0607eafc66
+EntropyInputReseed = 513d68bdcff2d3b73e0d5ee4914ac8a2
+AdditionalInputReseed = 648803c6f74943e602a859c7dcf7550e
+AdditionalInput = 8b34f68afb6480c9e21d9601d6fd6ebf
+AdditionalInput = eb857cc8966604df9c2144130dc6981d
+ReturnedBits = e2a7de7334c8687823fdf85bb58125c7b347114bb30f4221f7a3452bf34e5c877be9013c19ee1705b19797a05395d106b91359198e02891543e460528fa40567a2387faad95f4ec408289ecfc5a75a87
+
+COUNT = 6
+EntropyInput = 5adcb5b71af8504297bebde1ba2ca85f
+Nonce = f3f793eeb2c013ce
+PersonalizationString = fe08c362d31f561d29a6861eebe63f33
+EntropyInputReseed = fe069eda5cfa85270a87aaf564de4e58
+AdditionalInputReseed = 1ab2d68ce0bd0fae19f47256a2b5c488
+AdditionalInput = 481534a00fbb61da26346bf7b1a8568c
+AdditionalInput = 926acfcd0a7dbcbae4fab435a1625d13
+ReturnedBits = dfb3d7ec69b350d398e8e711e943135234046fcf1cc61f4869c5641c40d9e98284aa4e9061df3a9c1a8476d5799449decba749a2be282fd54377e6102952ba4fcb09a065cd3d2d0809d99ef7c1858a9b
+
+COUNT = 7
+EntropyInput = 867982f8e098f13df74165a88122fe51
+Nonce = b3d317cbaa151d50
+PersonalizationString = e44a4d59e0742d3c66ed2b48ec85bb90
+EntropyInputReseed = f76a7052b09a1042b6436dc375ed04a0
+AdditionalInputReseed = b63332ac2c66bb572e21a8ab5c444e3b
+AdditionalInput = 3ac12d6df7b1f1349636888dc16b0925
+AdditionalInput = 1b2b644694708a2ea9eb443e8fabb41a
+ReturnedBits = 40364671abe43d28abd9f3280a7a47721a952d42d3bba2cc4507401a863de55eb5d7f7bff17498f1bb7ed2c9958165c980e2f9c7dd647754529533d349db618dd9fa10c4ec410fa1d20c2fcdf0119c5b
+
+COUNT = 8
+EntropyInput = 811cc187b51a7e7080f0970859c78783
+Nonce = 0e315a222f3696f8
+PersonalizationString = d1186154335794e99c77f9b53e9aace7
+EntropyInputReseed = 2c623a3f98f3246acd88b67307ecbb2c
+AdditionalInputReseed = c2be6e9f1cf7f7c588c6b9b89b3cd914
+AdditionalInput = c0018eefee4b8bdc43a00701138608cd
+AdditionalInput = d241de8dee2ca5745f021d3dd6dd5be8
+ReturnedBits = cbdc22d220b7493cdca9c9772e0edf98f5efe27326cac0345335839fe88ba03ced0d5c1c9b0702f122ae664b6b0ff25631317264b802f3f12d50e11d0789b54118aa2420ea9877c92b6cb4e02e1c9203
+
+COUNT = 9
+EntropyInput = 786f80a8f48beb50b3ca56e837693e15
+Nonce = 2ec835695eb0fa6f
+PersonalizationString = 5dc2a8da2e1ab33eae6f3e0aec6cdbf0
+EntropyInputReseed = 3d759b56d12ec071066994fe00a4464a
+AdditionalInputReseed = 603614ade1b9f4ca371fe4c6d941dd8a
+AdditionalInput = 926b9c46e4e5fedb3abf9b06f1857a68
+AdditionalInput = 83679add00177ed94afffc6b496ea4fb
+ReturnedBits = e9860de33e70fe4d7007d9c860ab219ad748b0f3f914eb23d1e479c6d60798fd89fd915fed23abf954bd9d567d00728003b260c4d6fd59fc97a60c43d57f2aa79e642acba52e23a5f828e6a6393e30c6
+
+COUNT = 10
+EntropyInput = a2a8c1f763ace0e9857dedd1eeeabfb2
+Nonce = 96125af30fc17484
+PersonalizationString = ad4b1c6aee3939270a48a063267d8651
+EntropyInputReseed = 756f83b99e98eda501a67001167a2277
+AdditionalInputReseed = 2dd5f5711825bf33900679b8d4c31e5b
+AdditionalInput = d14673bef7c01c23dcf192ba14fa46a5
+AdditionalInput = c6b121baa5a126e59c9766709f2a9c94
+ReturnedBits = a3495a37012933b8ac12a6893703a078c332b1c266fdbe1a36e7168de1908a521af97275716da642bd5be724f07f650ac213353df3c60c8918664e10d307bbab3346b981c7430b16fa11da49d4305e8c
+
+COUNT = 11
+EntropyInput = 13eaddc5753feead44a2b33e963d5597
+Nonce = 557d0a22fb2ce08a
+PersonalizationString = 40e643d8b26269d5f9bb6c71e6cc27ea
+EntropyInputReseed = 4b05204fc360991015b60e51db9743a1
+AdditionalInputReseed = 0b1b362167a09d23ad987a030c86e93f
+AdditionalInput = 9ff22c745b6716200155974609519db7
+AdditionalInput = c10f0740b65dc9b25cda1324710c4ede
+ReturnedBits = cfa7e2b5622c4610ba921e001b6a9ded2fcf6cb9dfc6f65b2224f142dc3b3335acfa199200581a3363ec5096fc8c825710796ba17fae8a19d80ec7106546fa4014fc2b53306d0aff535c884ab016396f
+
+COUNT = 12
+EntropyInput = 4e9cc476fa583315cf35ab5b773d135b
+Nonce = 676d0a49aab84b92
+PersonalizationString = 24a0d72d31c9237d671ab5cff704a609
+EntropyInputReseed = 2efb6d5e73f3be7f392706c6070223b6
+AdditionalInputReseed = afbf95c02d0fa3e892092a9e5e2e45e5
+AdditionalInput = 3d83756d0b06ff7616af97dfd0b1dd20
+AdditionalInput = 31bc832eb41a66a8c77328d7c28c92ee
+ReturnedBits = c1718cf236c95d893510163f8b77c815f103c52e1a151424b2c966b4188514d119dbf404e8dd1016f859b478d4f49ac9ceb0a93809d7ce00a920fd2c616fba36a05bcc6b79487e0f84150773d5bf4d83
+
+COUNT = 13
+EntropyInput = 1b0a3224528288fe051f98a4234e0447
+Nonce = 1b3b2f3e6e813278
+PersonalizationString = f21d59202386e1d258ce845434c37c0d
+EntropyInputReseed = 14aef368b2e11cff7218a44989f7e744
+AdditionalInputReseed = 56eb3211e9246aa317f5188a1675a691
+AdditionalInput = 38a77c78aed9c77aff1c9a043f53bef2
+AdditionalInput = 9d477b58d6e1f5d5a2cf9e9b91d14400
+ReturnedBits = 9cbbb7471aa72a54a4ba2bd3b1e7c872447fef9b2590cc6b3bddd88a8e970cdc6ae5da795708c2ed56936bdb9120a762ce3e9b60f35c6778fef87d01ace231710e31edcc206eb5186a8277a23f8fae26
+
+COUNT = 14
+EntropyInput = 682af7295b118fe464a60c9dfe489d03
+Nonce = b639c0def20001dd
+PersonalizationString = a5b7ddc635cc7bccf3f450b87b12ef35
+EntropyInputReseed = f3d87e2f3baca2650af1089492ae6c3f
+AdditionalInputReseed = 4367b1856f5a16f0dc064c8bfdcfdfe3
+AdditionalInput = 5b74923119b70dd71a230075b54edd49
+AdditionalInput = 9398e0de9c3fe5ede761095cbbe473f6
+ReturnedBits = fdedebff763209c77914b3e7b17b7a9e586044e475b7ced4c68b4920d84a550d92baee38b435d686d9102fc6aab3810e3f672f371e58b139d9896f1306283a0b1c28c08743842656d11f2bf069a4605a
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 0201719d6919373269b6df1b8126e5a9f22c189b44b7399d
+Nonce = 3481566fb30d10f0926b90ae
+PersonalizationString = 
+EntropyInputReseed = 4fc18c7a495cbfc2fcefa7ec41b470b773cb6e82ec98a0e1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 12aeaad94d5e21d17d97a59584fba1c9f07f2b7c46e01da88b9b6f594098e60e4460c74f7bc0e1f211e606a58ed993177ec81895b6ba58728081c9eb88e308b3f9626b2cc67224a23fa8aa49a4ef84d61b48ded338d7b21dfc05f034de1f0b9010635db93f559d9334ef8d5c8725ed43
+
+COUNT = 1
+EntropyInput = 02f3ecee144ea1ca9eb45c57229455d7eb1c6b5b0abf8dbb
+Nonce = 8d35898b9e69be26453cb6a9
+PersonalizationString = 
+EntropyInputReseed = a2d2a92d768aaa4cc7525085a0a3434734dc8cec257f3d7f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3babe89c6fd6deb4f9f50f2f23ab9e41c769a9df218e19e12307b0294f57f29c7bd3f3f3322948eb2137411e673aec0ab1bcea581934fcc30e9799fec5a9947cefdd258b7f515253e164499ead86d54f36a6c569f25c7eb200362dcc5da944df807550d0dc69401420e687f3235e7187
+
+COUNT = 2
+EntropyInput = a9ba2b14482ff35e29ed93e50115fe6038c11cd7a9f50677
+Nonce = aba1956b74b2bef42febba58
+PersonalizationString = 
+EntropyInputReseed = edf91666713ec05f78fe4ac80bb0c8cad74ae1a8e3550587
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3b347dd03c5e57efcbe1631e370f82202a6d913f4af29ad9282bf2d985d0d35d2e4eb1aa1a0e846405201ee87ca5429025a14889aae7b3f07a156c1646099119ffadbbe7bf6c939a381c6a141b66afd1c971b4d968ab39e6eadac3445e8a32df64b0aa30e4ad1b66ce54b86ea0a09fd6
+
+COUNT = 3
+EntropyInput = b87cfaf6c456ab4faa887160fcdc5a2fdadd8b0ea8dad2c6
+Nonce = 0ecfa48284dd9a1bce94df6e
+PersonalizationString = 
+EntropyInputReseed = 65582473b84c3ed62e5cb6b6a5007896b7065d9c9b32a09e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a9d66c6b599461c43d5b2c4361b25f6432b158a856bf74b154c1a0e4d69c7e84f6e815b165f539bc910e7b8d8acabfc26a39301b48c4c61ed9fe52cf1e5b1ac9f8288c201c04eadca9980fa1c3fcac34d15bf08bc6d743875ae4b45e4f58344bd0d5f73afe26938dd0ec257b0f1a7588
+
+COUNT = 4
+EntropyInput = c3753158874e033368698a7e069850c4f39f23f2949f2b77
+Nonce = 63ac598ed2553777b1983683
+PersonalizationString = 
+EntropyInputReseed = 946e55d92a6fcce4cc4f5c7f598e4e85c8ece5e4bbbdecb0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 43c35c08f6a8134a5472c5e6de1e0381bfe303de02df7af7f26a87803b7a784d56fbf63fb58698e265de03b9c3ab99e88c0e65dc71e619124255b252121b2d5cbd50dae44e17a89418e6466a10a56d3e73baf68e15200b82b9a059e9c3e210156e123a1f780a1b151b42121de6169e06
+
+COUNT = 5
+EntropyInput = 1db75f62e6fc289f1bf9c58e3662c4653b61a908dffbd5cc
+Nonce = 192c4df14e80b7db2cc895fb
+PersonalizationString = 
+EntropyInputReseed = 305a9f24283b5b043e4ec82116f80f51417675b616342446
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f1206eb7f187f3b055729ae2a8178d59ba04e22eda6bb74adc7a46710a07056dc7fafa588084f200a8f7eae213ef093814a201d95d53fb102cea7cb02f23877f765ad103fb8e48fc6a6421e0f67b7dc0c95facedae63c573cee90e85432f524c9725b5c3f566abfb478c826ab1c92891
+
+COUNT = 6
+EntropyInput = 6fedf27c610af0565308a8beccf608a7fdd835d7e9a02a2a
+Nonce = ac9f248066d2a9247dd02a29
+PersonalizationString = 
+EntropyInputReseed = cc4e4805213af43751acfd4391b8e9b3bed2570b208fb6cc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5daf8b651762e1b4675c870fb8b9b0e92dc85a8dcadce763a1cc48cf1f9de0c6e834fac62c1b77c6305078ac8586805caf850f012b53d42619423aff027d8072a0c087cb7e349545a6c383bf3311b4d488259c387c5c95c41b9f9edf78b481efbe9bcd03f98c7b0db47c45f42f601aff
+
+COUNT = 7
+EntropyInput = af4096fb34eac3d8304b3ed09867d8e941134a0a55f99142
+Nonce = a56cda38151a625dbac03d31
+PersonalizationString = 
+EntropyInputReseed = e871eb5953fcfb04c4b6b9234a6c14234a56b4ab068a1f6b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 06b9cf494163ffa1d0a3ab0d364bcf7911f03a97d4ad01a9c2837cfae907f17948a2f6f3014bbdba045455d6a63eedec6857d5ce3ef30ea33680080bd0b3a11d39ead356f88580e4483c089d4303986b339fd6243dc53ff0c86025e83010e6924333cb77c39c9b9e95645d56394738df
+
+COUNT = 8
+EntropyInput = 3f843bd0ebf7e4edd76c6c2f6edf013c39c1af19409f3860
+Nonce = bb8b49b54e639554db9182be
+PersonalizationString = 
+EntropyInputReseed = 3c73f86a4efc0add813f6cc47ee9c4f3dcd668b58b053791
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bfc4d4faec1d7d36ad6c2678d38fe8de6da2c716f649eab882aff04c1b6c31b5b6698fa376cb601200e5aa093a3bb9c2527fb4738a7af62a0df1643f48eaa3a66305a3ec42acb3bacea3de510ec04ed5c1afe4e23501b46c26d1428980a03ce9b39e277e06100f8ffae1b44d9bf29f8c
+
+COUNT = 9
+EntropyInput = 3ac6ca86f4dbc45cc9af2304c19d873235c741571274af68
+Nonce = c8dc8319aa1c49c6ea6835fb
+PersonalizationString = 
+EntropyInputReseed = 4f4183dcf3fba8886890846b942e8823c77262e9cb14c8a2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3b03482298771728a4978e2fe019e262e7cc2526502424343ecc89aa1e87ec6fc6a521959c7510c5109bd58540716473a09ac084649314dc9e6f41188c6b5f65874576aecd60501bed97e2f0588b0099835ccb6ced10b0e19488ff4fd394bba8ea209f95be935279177cb172848a0a75
+
+COUNT = 10
+EntropyInput = dcef48f166311a619f59d4cfdc5ee7bc7346d3394cdde36c
+Nonce = c537ed309a5a883f0eef528c
+PersonalizationString = 
+EntropyInputReseed = ea391480ba5e25ed3a516b8a3a4a48c5b7b1e590d89c164d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a9503aaed26ed82076b5bd13fd60358aee97db46a6cad325352831dad9288a9af69c603b8a4f259acee2a9ff613f22625f808a26ee9d79e150f41413358b7c88923496a395148a1d7d07b4ce053485594ec40549d6ce5d5c10cdc80ae76c8616f079815996ab926bab8dcd2439ae57ba
+
+COUNT = 11
+EntropyInput = f542a824f29c1d60e07c34b6019e0071c1982fa463be765f
+Nonce = 76395bdc73d6887bb1f58c02
+PersonalizationString = 
+EntropyInputReseed = ada21e48bcb847395c2f5da36691b0e8be957c901f7fe6bc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 49f68219e9da6f06794d2b31e442b4700bb4af52636413fd96a03b8eddf9a76c780603c72ca4801dc97d72f154c058de26f79fbc44bfc3eb0b89ad1972bbe890be6e6d5ff5b6e8a2066873157c1187e1402d57a7a34b9e54f483e248650cef3df1631526a142e73b9d65d1bbac2d3b78
+
+COUNT = 12
+EntropyInput = 2923649ca4be9595cce5937b17559ced113c8ea350a158a7
+Nonce = b1c89b2f4c2f3b51dec56871
+PersonalizationString = 
+EntropyInputReseed = 7f1534571f0a7c27a10aed842cc5fe9281e1ba3012ce09f2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c023c483abaf5619bdf0a21cf6e0ec28f4450bf017b70c0248dfb8777dd81426bb6523f00f537c89eb1bbf9693824088f43ed58d90573a2c82f175e55ee2a14b04855f73308014a643566f538e3a058b6afa758884d38bd9170eb5aa6ce1f7276174ae7810735c19a2968d22264e9db6
+
+COUNT = 13
+EntropyInput = 5bb2b2a16e5122a72a8b1a2d7f97da6cca012d341e9faf72
+Nonce = 1d13e2ed14eccd37f984b641
+PersonalizationString = 
+EntropyInputReseed = 2579f25ee498bce11eb9192a637f9fedc716626938298184
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 85cedd05905e03203c43bff679954b47e2bf3e307df89bafaed5b9dbd0d54fd92186a8f09f0033442fd236fd5ed55b285346d656689bac52a0d194742776452d8dd295f919f48be23dce98723916cb7bda3d25a4e8399cc6c3306e8953720f35ed15fdd7483b7ee571e63d07fc4efe19
+
+COUNT = 14
+EntropyInput = 31ed25e1ea468728102cb4bac6571cd44e93a1140630075a
+Nonce = 6a3c3d322944239abfeb60bd
+PersonalizationString = 
+EntropyInputReseed = 0b083b3d17fbf8b427dbbcd4bd9dfe4be635271f01ea1d5b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fd452266e86774c37074474ecd0c8a54b49ffd2ebd95fa5fb9168fd0d7717480e350d312eae7ad9c4ab2fdd2e07110c84968124078d1cf64a2449728796a8cf1e6f6196bcbd50d8fcae6094a6652f8c5f3eec897102fe0dca937c1352fdf603eea43cacfc874c2cb397899d2b61e18b0
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 07b142637bfb28966322a176ca3f9f4f820c0ccfd34a6d58
+Nonce = 767ae1b33a9b3b9909496365
+PersonalizationString = 
+EntropyInputReseed = 7c184c7ac4975f4d2e1b322ad1de3573f2131485e8e5c947
+AdditionalInputReseed = b23f37a267ca662249f963b8ebb2bf2f34041ac21291d5cb
+AdditionalInput = 331295350825186e98c4aa93933d17eea21d78578fb9228d
+AdditionalInput = 7a5771a6359211cd8fb8e6107a6230a7767553191216dccd
+ReturnedBits = 12e7c8b77cd0b4839d78e7522fe2c2c5942c4f7bf7b2750162418174f951e063fb9e5a93bed90922d47cb1cd7e8f98c0319cf07f33440f65b1cf4cc30c69c19eebcb7a978f4cb7c6b5845e59ae845cbfc19fdba1bf66babb4669d6f0edd74cb630e96468e0220299660d00357ec5e17b
+
+COUNT = 1
+EntropyInput = 0e9eb0738db584bb19e54c371a6955939899266e7a0aecac
+Nonce = 0669e91514988ea5e2897ee7
+PersonalizationString = 
+EntropyInputReseed = 5a2df35208348951cad2aab13048d8d88a3402aec22202bc
+AdditionalInputReseed = 7b2d700d810e41e2ae8302eed86b97c2ff5a9b61a6ce9179
+AdditionalInput = c9fa05f54429dfc6726dfd78c0c1da095cb8e51d0e3e3850
+AdditionalInput = 423a21d3905befe8f4d02423e4236dc239184a73c350dd44
+ReturnedBits = d377861b9a573d6cfd568eef4753788bd91aba040a254bd53ad8bfe26dad53f0b89f073dbd335ad903fbd4881b202dea73869dccfa5462f6edf8e1d8f70fa063693ca874349136c94263f8b2cfb2a191263ba27e4b3454b0fb27c156e26a741025b5f3d2d020c7829b41c085a9c81b59
+
+COUNT = 2
+EntropyInput = c79bceeb049c80e965082cb9b93a6cb8af8d4240860240b5
+Nonce = bc9b4eb25ff01b2d142fd28b
+PersonalizationString = 
+EntropyInputReseed = dc891256650cd5a679f967423a876ad1f7f826b04b452488
+AdditionalInputReseed = 6e899e327b79993d80bbda2180c4e1eec8394d57db53a79a
+AdditionalInput = 2837640c83258ec9a32083d51db8036db706dc7d02a9447a
+AdditionalInput = da745a58e5b7a06f79bccf8956955555ff684a104e32f2bf
+ReturnedBits = 55aeb33b75bada2c7c6d4cf6f6c099189227c2fee336f55f89185008f68cc635f8f7e3cd6a4fd17f5bdf80b4b203e3d4ae86af7069dea67bb52513c51d978b22e1cf674de42ce2f6df977d8a7430eaa1481db6cea675e25299fee158b666f51fd45b05dc964f80b01717f09f68ae9834
+
+COUNT = 3
+EntropyInput = 57e141a0ab18b4cffcc428d8f0eee6c12292e2ed004ab26a
+Nonce = aa30ee6701f5afb13e0ca365
+PersonalizationString = 
+EntropyInputReseed = 8747c3ddcaec1486f37ffbab96c81b29e08c37335401c5a8
+AdditionalInputReseed = 7386e11629a972095f6aa0df5f931b21ec4661fa41c36a28
+AdditionalInput = a820b17d47415610a8ca72a06d302e95f2a4dfa4e0a6a40b
+AdditionalInput = b8b0b9685b0036495afc07dedc3dbc56f33ff98edb88db74
+ReturnedBits = 18bb585556121c52d6fb3a17c7e4e50ad05a8ddc64a7a55473ef3558f59c78d7ab051ea770ccc9ef3972b24822ddf75bcca6117011a4d6f798f6b65959326fb33fe36f56b8576a1670b1d0cdcbaa5de22eb5012e0a3e71fe2da1c49cfb2cee794475b8fd3801ab0ef5d44d67bf2341a8
+
+COUNT = 4
+EntropyInput = 8bfa621acd9f96f74ddbd0ca163348e8d93b9bb403c34bb6
+Nonce = fa26b0d2e38df2a5572ff6a4
+PersonalizationString = 
+EntropyInputReseed = a183d4e581cb9f1183467faceca255894907567efb5673d4
+AdditionalInputReseed = d5175ec115c8462984d9da9cfd019995da8ff3fa75cd7760
+AdditionalInput = 82283f3ac813fa256126494901348d12889bc3f8adff8546
+AdditionalInput = 07d337864c17a705ff652ff750129b94455fccacc6dc76db
+ReturnedBits = 75caa843f39424f637d6bd2414084b22715f167b341d79c3db9b9b51718e1b8000a737632b11e29565d05104a140785632c64bd66ad76218085d490d7720842db47753fce76e77a1b158b34dbd51e2aebae56532356cd79f4bc6f68a363709b7ddac62e12f0d6aecbbcf802bbb2b6541
+
+COUNT = 5
+EntropyInput = 404087fbbb3a30e7facabb8a7caeb27454883d6f822ec289
+Nonce = 63f9228974e0ca16d085a15c
+PersonalizationString = 
+EntropyInputReseed = 863518bb7d3fe3c87729d970a43ef8ae9bad4161e0a7e420
+AdditionalInputReseed = 1eba890ef6363df5682fd9ef77d7671e257438b4be2485b4
+AdditionalInput = 50186b6e0e5ced6872e29e6e51958d4b45a76ddcf2193a09
+AdditionalInput = ffb8f0ba582993acefe943d9edb1f1bc9e3ea21eb4377fe3
+ReturnedBits = 5719e82d4d260e11f9188f4fd455e98c9e7c9330e6b067bb5961db43bc01098163702cb5cd0369f32457e38adbd04aaa621c0f9d378c9dd6bb6ef9c5850d37ce61fcaa548b73c6d3e7169c6272700014aabb975b3cf1681e5e496160ab578d140dd626084066a326fab4fe871d7fe534
+
+COUNT = 6
+EntropyInput = 3d0b15d10c703f302a83e4810d4ffec1b08145eeefa3be51
+Nonce = 395476ec321df48789c3a366
+PersonalizationString = 
+EntropyInputReseed = d8ee7d20aa4ab35be86893c6d019189032c8e714c50cf638
+AdditionalInputReseed = a9e3d51745325d04e4f6742216790426f8a98044152578df
+AdditionalInput = 4805e47959dabea4c303b76f18f0f019bdea8f245bb661ba
+AdditionalInput = cc50c6023e02b24b107fca55808d2573d024b72ebcb9c44a
+ReturnedBits = b193160079edaba72e9c8a04edb5de51d54361b75d128659b2103316576f11f4cab2e97120a1d58336d0af717867ec8c4294a27c18d0408e8e3b8c053e6be5ed3546f09822da4f5b94e03d39a64c1db6653ef768b91c4cb59e06a65ab5bb125b302d43a31249f1d9277175f2f43d9643
+
+COUNT = 7
+EntropyInput = 9fdcef9d7cacbb8a647cc6c14e3eab134af03c553556e78b
+Nonce = 5d4b37824f13ce6dab9b2c10
+PersonalizationString = 
+EntropyInputReseed = f9a710bac04debfd324b82dfa614735072a6a3581980e8d7
+AdditionalInputReseed = c65bbae3bb3b27befe552c1c2e46f330901c180fdcb76376
+AdditionalInput = 43bd1a47667969bf760c0bdf701ec3057ee0e7c5e0f4afbd
+AdditionalInput = 7f78088fd8904c2594d2e91c1eead3aa76e32343c5513711
+ReturnedBits = 8143fe77e8c88833c38207a5a4330e5fc76a8b367b7f0083772bbb2ddbb2f8bdfb80064154ea7161c36109c223094ba4e1145509398c75b905a703f84a1f255141fae68121294ac6ed7150b8a2813824ec03778e49ff7e42764701b4cbaf5989bcbd3770c2962b2bc89c26cd71e4aa42
+
+COUNT = 8
+EntropyInput = 98d93297dfd3476c551d667525cf0d0adb07ffd110976278
+Nonce = 469d2c9c7317e518c70507af
+PersonalizationString = 
+EntropyInputReseed = 787045f054d23d87b0449f6744d8983929e624e9f1095124
+AdditionalInputReseed = 0837082a2399c1f49fbcc48f1ec78112f04abd6890a77c5b
+AdditionalInput = 4a9fdd567223fe5a0ffa429b1a0470aa4155317bcd6493aa
+AdditionalInput = 6a0798e3ffa997a6507d423b0e6b6eace9adc358dcf3bd26
+ReturnedBits = 88caf576334e63893e31d13d6e575b53b070fb2769ac753dc18be669e2f0e257cc67d00453362e34d983bfab521c1843b1e6e24ab90c2b8ea58ff7be5f04ad220a217948bd7c54e8006e19731ea0098eac1311f3f192b0487f3fac4b2d63fee40a290760017e8a3847a2031a2a8891ff
+
+COUNT = 9
+EntropyInput = 003ac987ba09cfe3983e09469ef8ca0f7c432fb216e80ca0
+Nonce = 28cabbae26f4628ac1923e1b
+PersonalizationString = 
+EntropyInputReseed = 045b0c94d3b860dd9a823f6cf9f47006722136899cabbc2f
+AdditionalInputReseed = e087cb1380d67d436b4f0e7963e240b541af3078bc04dd70
+AdditionalInput = 3908a2e4b26c1c72c542e9b28453064edb7d95c81da0e66c
+AdditionalInput = a2dca9db510c6df83ff81f2b7bdb77dc6c93f7db9fb0c640
+ReturnedBits = 4b4c17c1d9d5e27322978453a216d3ee31ea7ced4e425288d3c6363350df9177c1f2b774f51ff02a0c5024c179183fecc35811ca4f3bbb32ca9017e454f25717f4ff8480150960ab174861498fa4853f44277fe8a68453c818c298305af6b6d9c55c2296f0dee560fc2ecca15aaea597
+
+COUNT = 10
+EntropyInput = 42445aec2c544bd8d6daecbe0c21509ad2ae92a35bcf9b25
+Nonce = c92bc1c804ea84766ca481b1
+PersonalizationString = 
+EntropyInputReseed = f7a52977362d48a3083a51fca7c4085b7912c54e359b2859
+AdditionalInputReseed = 1ed21748b44df50ad37ef0c457536df0d72ff59754eed4da
+AdditionalInput = cad402f9180e2fca41bc4baba934f910945762906b782e9f
+AdditionalInput = 2a84f3c85aa95fffbe19f4e5a2211c0a2b9fc1c9d7de0df6
+ReturnedBits = 44805f5b9c62046c261beafbf086e9818a8b3191374ef76a714a39cbaa19ae30884ff834d2e971c9b2fb05c98d0c3e631b4b422343d28a5ab7f82c799d7c6bb8757f8639499c9fa4ec6cd93dcd588a5d3e78508f73f4874cb1d9e5902e46982b9e2492327afe986fe9923d8aab0baa4c
+
+COUNT = 11
+EntropyInput = ceec03c1f6be26a3f51772945de7e1a7a3c45f3c6f79438b
+Nonce = 4606c9f2d0a1b3530aa7fb14
+PersonalizationString = 
+EntropyInputReseed = 0090db711f47a5f4819a665ceaf85c6ad7533c7bf1375070
+AdditionalInputReseed = 5559ac4b3792924f7048e73d241f85953f8610922be4781b
+AdditionalInput = 624a18cc439acf472abfc83add520e4e2322c5f3986acffe
+AdditionalInput = 1764b16f0a5881539e08ed6562e5ef415a2631be69d6ca42
+ReturnedBits = 8a9e2d553c5392a1b4adaa10191ba0d97986bbdc51be7794cc564d20721304802d061cbc5baf75723611b8a4f2d56183c71e824f265737170c16fb9c3c8852300589189537de5b8cbec0c4fa118e2eac609f893462050915ec086679ccf31740e424fde1182a52e1a3a12ebf83a8ff3b
+
+COUNT = 12
+EntropyInput = f9e8894619ea4e92c8cd006ff1afa8870fe9ac7c998c75e3
+Nonce = 79c3c3993f38070f3544c18f
+PersonalizationString = 
+EntropyInputReseed = 19a4c85332b65c24bb0b705dde2647f1261c5f02d50f0076
+AdditionalInputReseed = 015c55a4a10dc0dca4d2297e7a9354735d956d7e8b003193
+AdditionalInput = c40041aef87a67385749fc078b5def6840a93c7612741d95
+AdditionalInput = 682c162e7f4e33ca60fa52f583818512fc4f0b2996e99568
+ReturnedBits = 2a9d97b312132a84bd852dffa04502d3cb274b0ce9d92e8a49c3a34fba92c3ece83a2cf7f2f8b1b307b99f36623ae93a3031863e2e3c1815c7db3782d39c321e68e2d283bed5f3ef57aa79fc71afb99a71963ec38962298f9d629b784268dd800515d22517359c1b867ca3ff8bc7f161
+
+COUNT = 13
+EntropyInput = cc9e05b60921132a92c2be06ba6d6f38e9962823e88eba38
+Nonce = c8f362607d934bcc8a46d5c5
+PersonalizationString = 
+EntropyInputReseed = 9bf860526fce9cf32976f54e8aee16cb04e71036e4a213b2
+AdditionalInputReseed = a3e1c86d9934aff23a1677ea40ebdc13cbcb17bfbdc20547
+AdditionalInput = 1abdba4c6c7967bf8119a49d2bdb7646ed88db3fb24f0cbc
+AdditionalInput = ef1fe93137e16fcc30c903e03b6942d212eb2c1c55065e89
+ReturnedBits = 009d43f01e0e8f76c2468a4ec840abe7de1010189e23cdfdcdb547bb53c4e1f2ccdf487658aec6fef86c2fcc4b86d3b99123fd6dd664c8bbe1e50511d4e577d87dd2a3dcbe1d281eb6077e1a372790b3e662406d151cd16c578a16891f8377f2f2802de9e6e0a286f589b27908ad74a5
+
+COUNT = 14
+EntropyInput = 141b79f0fc4d634816412b39a37e9caf4e9bb3a9f82b5649
+Nonce = 4476136091a0fe4d1e65835b
+PersonalizationString = 
+EntropyInputReseed = e509b4081fed1cc6708ea3646409196cfa75d8716050854c
+AdditionalInputReseed = 96f718b79e774a9e0a19bec88dbacbb0d058036dae778475
+AdditionalInput = 1b08aa985003a5e490fd7427059609feaed65d185b2dc7dc
+AdditionalInput = cff1c0728d1b1a5cdd4d1167d03a18bba33af2179db847c7
+ReturnedBits = 197c17e8379a81ee0d7425cd91f8cb94f4ae853dc2b08db5c249738a85ef4107c284ce83d19c1d58e00ce53bd2aa57a999f871629b74aee0f7fcb8a02910163479b8e18b6eda583b8196699c1a6f716feba584ac4bc19b073446f834186e9ac33cb5483667ada7f2774fb1e1ff037181
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = ccf03b9a3c5b772c572c8f6c02e107c962946dd7bc33dc26
+Nonce = 1bfc3bfcfaf135874c0b29ef
+PersonalizationString = aaa09aa0a501c73c89add0b5eaa5465a42407d231196c1c2
+EntropyInputReseed = b5ef235b434c3145297bb715eddbf21d1645a9720e1c167f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5c97763dc7bc2c0cb7bb74635b49c21e1d81d54ee1ddf1fe2413a5a7ed361779d7382788314b245b214edfb06c6569b1f5ff9d246126c449fabdaa716d8b540196a19d7d11a22ee132f6d02e821750ebe4054e7b303fc4deb10797bbf251d699beab7ee26596ee6de8feaaf5f7d7530c
+
+COUNT = 1
+EntropyInput = 6b9ae3be5582734e2ed4b2c51029ced2d7eceaecc7da7a32
+Nonce = be13c44f8b7ba0221be45be1
+PersonalizationString = 68f90cf3c712c8419d60bce1672c4091d2091733c5b0bfa8
+EntropyInputReseed = 773def56eed59d1ba45c9aa10781e71789c4e604620b5f3b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 66acef742c657eddf5b5450db6a503aa80d1b5257ba81e0c2bcc0c0e62a0fff34032b94384e91c1d75aa04dfd37dad2d8ba275b5bc779c45e3f189e4c0c954d0437086504ece8c5ca0c3d90ea07bfdb7b21d2e71594a78906267848385d8f5f9b050ab099d9cb532f10afd913f6d3b01
+
+COUNT = 2
+EntropyInput = 6d48c344eee304fd79e7ceddef68434871ec89a7b82270ef
+Nonce = c36901d21202d75539eb2f3d
+PersonalizationString = 949737efa2748a833457f5c09a5e86abba79e9219fe5091e
+EntropyInputReseed = 4001a7f35ddf9d82ce957230b8f6256dc6e2534beace4746
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 40dcd7fd3dda2cd39979bfeb1457bf470247c9773af713b179c4e38f2163f09dea722f3edd4e47170c96809d642853101b922644858fa41d69098b4b662e53b9353ed0200185c232adc502eb5fec8af35178d6410fdbf4f8e868d9c9d534d8a605e6583e2efb33fa2486fe2563e0304f
+
+COUNT = 3
+EntropyInput = 9c19a272c65a333ec6bcca15b52b4bb5786b28eac7999d2a
+Nonce = b2ea2e7770cf659a6f1007eb
+PersonalizationString = 5b96b5166cbcfecbc94f42da81b19260e10ec9b7aee65f30
+EntropyInputReseed = 71f3ab9823f874275b9a3aa1e9f1399ed9bfd4ff5f1e7f1b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 47aa426971d6a19ac2853514bde8e9c4bd69ae55f6327d403dba8b341995c6691710fa1bdbc46517a4342e922728089a0659711d8fe6f95c2e2ff22222b94d1d2fd012e2262af1e8d9981628b017b64060e45e2d4ecf7522500ef753ba843b9d1844aa6a2a84c00442be38cbfc72d542
+
+COUNT = 4
+EntropyInput = f5c67e33043266c50afa48f7e0c37d5ef65e4cd7fd276354
+Nonce = 302c97ed2579f4b719042946
+PersonalizationString = b720aa461024d3dce03be545fce3fdab7b1493c779a70b7b
+EntropyInputReseed = 3d71283ec325d364a00a11312eddeea0685d0e303832c1b5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 094c51955da9c54495e4210556009212d8318caaf8e8c1d1383fb6ac3e937ead735a0a6e3a4ebff7e591751e664c215d53f23fe7dc0acac4dcfbd01eeb0f3025d34e6bf67dcbb8b7d0b57836edd795ba466652e52085607c3de234256b8c1716a98589957c48fd5e231885aa328780fd
+
+COUNT = 5
+EntropyInput = 9f61fc258736822c94bb75dcbf822c9cffff894fc8b6a0a8
+Nonce = 7615daa178f0accedabf0b89
+PersonalizationString = 0c7b38e496a3648779af3b8dd1293999186373a34c8e7c59
+EntropyInputReseed = 88108bd86212dd6bde6b57cb37fb1a0f02de3af422b027d4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6ad5cc7cc4c48d0ad407060dfe9e5a005de52d72e5268c031a666d150ab61bf6c22ef0ef5d9b795cb745eb6428ae8a39025cc65c5ae27d2f861d46b55c4623fb92461fd587c480ae02ce06a78cb7e6191ab9e7e3e3cccc09eda13371b25c2bf0ba7d6e9f5098032b32a239fc6d8380e1
+
+COUNT = 6
+EntropyInput = b70cf8a177ebca0befec3c479a6b6333a02993a08dd153cf
+Nonce = 281434b8a15b898aa46c1e01
+PersonalizationString = 7b14dd867a630d6eb05e2cebd8b61b2c79816e305a5e074b
+EntropyInputReseed = 2558b17ecbfcda82ca41e70c8e185610566f938f0e5e8906
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 695bc75bb1ba5ed8fce5212997fe09f26c66b6cfdd63a9230efdab95c52f9c010eb8453912ecef534251eb3cb04e42d170010f13b5e79fa0c4dc6a0580f1bbc86ffbaac168b1e1612fcb298b6bc7906511af5d76786f4d66bef4537affdafa2bb82142e318e8ca0ba1512c3bdf6a1204
+
+COUNT = 7
+EntropyInput = 5ae5cb9fa2e9548150f3c48bfc8512c03492c9d6fe839bfe
+Nonce = 150642776f96edd9a1c7592e
+PersonalizationString = c7dc71cd16fc523365ddd43fa2e98f5fb14ecd9f1a3dacde
+EntropyInputReseed = 55b29f60ec6005fa570679a9b13c984d887c4828ac54997f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a7a1ec53b85b1270a302aca99760a0ae3e3ad5de3563d1b5c8da368f7aeec726ea8854935d94a99b877d6443188270c1971eb9078274568e9708956934fb0ca12232cab6878e13fe3b6402418107c9ea27cee238d635da910067d426d1fd7e4b75dc44eefed05a673b27be13658b9d99
+
+COUNT = 8
+EntropyInput = a7c1e29d88359c2e18375a03677bbfefe765390855719141
+Nonce = 514ab7b2b58a82cc5ae7696c
+PersonalizationString = b75e10ea1ea39c00975b0dd12d4138258020f28baec19691
+EntropyInputReseed = 2662827203c244f83164c9c07cae2d2f0a2bac8cda10a6f6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bcf2fbc24365422223ae0e6872c54a7ac394c5bc8d223d98618c0649b75e6c8467181c1d33edb2afc09c3afb9915909b85854662fec9a4a826c3f7706441faf2be82b1ce5bb0c2ca734cac2474d31eeca2e80f1cae427b85436693decb192ad4df48c35a9131ca86d6f1407deecdfab3
+
+COUNT = 9
+EntropyInput = 8cd19351ecae71ea9a0a02402e1afd4ecec07484c7e618b1
+Nonce = e79c1929c749680aa1dd0a8c
+PersonalizationString = 18ef6b5078acab9e3b3f324ec5b6e8177a55036cf87f42c3
+EntropyInputReseed = ff68efe9d589a6a4bb96cffc3e9c9ded9d12e899b7464d8a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e1375a41cffc68eae3114fd68f571051d6a27a7f300fb99a71a2f1e78d64f52e6e4b122e39929532377db29d6608efe144905e5554e3550bae5f50e81196a16c53f69915d171a4440ee373a4081d94b9e9e608fb748a56dcec820c72f7dc056ed55b9b7ec6e675ec7fe5020c8d42ba76
+
+COUNT = 10
+EntropyInput = 394d8a696f503b2ef55ae10e97780a3f36817d06c87d4e29
+Nonce = 6d8d98e8a6488643b669c2b1
+PersonalizationString = af9e9abcce1c3b8df84011e884ba8ded8c0f356129917c39
+EntropyInputReseed = 17607f949ce01f7b8c03cd39a7219c7dd1a0690c454c8a94
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6f8673b1c89433800c74f082711b4f40e762f0f6429ad1b9461fef707868bec7e0bbbc50b95aba593de810c84820e8b0907d98304e14fba2b69707a3924665e84ca3d3ddb3d4481a3f9fae6db7810640d536c86d6332f742b427b4297b5b0a4df5d084e80d82986d7ae179bf3827169c
+
+COUNT = 11
+EntropyInput = 90dfc8f862603a61b28096438552d3a805e1b29b94b9a525
+Nonce = fab221ccf10c742099be72e6
+PersonalizationString = 4742467ca6d1189ab9146138ff837a69fe912340f14b1546
+EntropyInputReseed = 7a3cdf594cf16edabd2ba83f27bdbca6ebc82bdef5a7668b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 03a4b7a2ce6d085b0e809dcbee779a80822dfc9543725783154ae3e7d932e5dec70268bbd4de2eda7b7877c45052c29bd3b5e9bcb97936e29e52f4e5a722156d0e607829e7b1cc10bb100e6b635c201d7a3bab8875b73b3756de1c310542d482566a6168ea4fc0a7b8d92de225f5edd5
+
+COUNT = 12
+EntropyInput = 72110904d5e985266e814280c77983cd70beea2da31ef476
+Nonce = 983ad78333e867cac9cdfa73
+PersonalizationString = 96a34ac6e0d19c471bcc6a071cb130ceb8841bd2e9727af9
+EntropyInputReseed = 054c194dbc7a42baa741750870ceb6033ee6c8ef5293d2a0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 700111fa475975a00bc92db8d620edb0690d6cecf8733a18c403d831a43affb8dcf27f0c99da78991d2cbeea4f26e69b250123c08f3c9bffe8348931ee27291c40e7ed0bb74c3779c4e133efb5bb6e1cd1490335b34cd166fa25ddd86c080f2f6501f6d2fdbd0ee96828c41eb5dcc008
+
+COUNT = 13
+EntropyInput = ce010a29d81278f97ef1c9ce0f748afcf21e3250b43ca24b
+Nonce = ab4c3cb1f6d8a62b8492e457
+PersonalizationString = 1c69f502aeb2484f126443f4ef5f0b9201226d2c26d650d1
+EntropyInputReseed = bafd1c600c64a3b083ada052a4e4ed3801c1e5a2ec6d9116
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b2ef00f8d2fb49372d79316f6ac80d853daa0879adb7ebd03f286ca807a45e76ef5fa8270a3c1e6e9d0920fe2fa4556d5afae3023ddc2a026d34bdfecf3e1312e7b25bad903f970d30cdf567dceba29215cc48eaf5a42a5e2a7060e99ecaf5e38752b9639dd54fb0ff31881267a33299
+
+COUNT = 14
+EntropyInput = b2d50293ed125632300a93b46dfd29b17100fc31a5516879
+Nonce = c2b331e9d8e760ee14992ad3
+PersonalizationString = 6e13d450a083f98771418e6b7f42c34e6fcbefdad2c7ba3e
+EntropyInputReseed = 85268d65dc5465ff76d2673218b12afa2aef9e07f40e3581
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cd4f63b88ce42fa6eb815132bed6b611bb3e1d0bcd2d55c439fb5de4b8965b1ad6fa5daff103846bff7c695117664306604fe417261ba05dd91131bed364a7d12d45c36a5305a82b856c26f8e72abf707b67dbce330ef6c499ec8a60e0a58bffdcc6b0ad7c5ef7f3fde1c8d898e6c719
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 184cbf7f1c462f27fc640ccf2aac1b26174ee41e42dcceaa
+Nonce = 09f9d8acd06aba74b9f849f7
+PersonalizationString = 5a5afe330e898ca94fad05b0e6b3f8146f46c90379a0b1eb
+EntropyInputReseed = b5eb44d3515c74d2cbd28c4ac5edb5fb95846e74e8398ce5
+AdditionalInputReseed = a793fefe0f2ab3e9a0d1ddbc058d78369b03597f44099a81
+AdditionalInput = 930ef8531a344fef957660cbb401583afa0f016b7023a9db
+AdditionalInput = 2ee03b7314fb00e1e2616799c144cd58f051cde370588d70
+ReturnedBits = 22b856603db40f1b6d439d5b88fbe4734f7fdee15f4df47dfd418b362f23e48fef0f48f03d1a7b7b0de607c2a8288b1aaa01bc84646c322a88b2351855d7fa1b66b0b12baccbaa5ad6cc71833998f8998712bddf54ab8af329c55791b7576cf36ade4b921009ffe32a8d22ecf4747571
+
+COUNT = 1
+EntropyInput = cbd73b73436e8eba55d80e680fbf0b3993ff3c32ed3b39c5
+Nonce = 5509cad8958288606f1b6e5c
+PersonalizationString = ab4d25d4d936e5c5dbb7ad509c7872d9c421758be611a2f5
+EntropyInputReseed = 25878dfc58788afbd908effe0eb288a503813d28f4d3a5cb
+AdditionalInputReseed = 785a6625a529c6041f9b3d45ed7bff6fb4dfcd5f2b893d8a
+AdditionalInput = e84b7f8eb2b23fbc06abd455768b8da9cff2262a73df3577
+AdditionalInput = 344c0ad64c6b73ec30a1e093fffebd2c4a7eb87755b3744c
+ReturnedBits = 4b29dc33c856ec6b0e0558fb23ce5d2cfef672923f9de1cf8792c36bc3a8799ae6600b425b6c1a3a625c92107cdad742f0938f708fcfc16fc960a73a646c33e70d88ef449a347643ea14c8c013a4d84afdba5c544a7e4df30203a5813939eea74f699569cd51c1677e7c023eec7e5d68
+
+COUNT = 2
+EntropyInput = df215c47a2daa095612557361142e2535a60f00f3596bf2c
+Nonce = 456221499ff3ad857056d806
+PersonalizationString = fdc7ea9f39d2b82662395589293900285e300ceb745053b4
+EntropyInputReseed = 25bb7af661332c0c53d4dccf8b98df0e4b82aae3d28abf16
+AdditionalInputReseed = dbf38f5337bd42c9b293e6d9fec41c38e15daf130c9543b3
+AdditionalInput = 82e641865e1967909e7d649c11742d8ffa68de41c554c5a4
+AdditionalInput = 44453c3dbd95fdf9f7d2eeaddad062725fcf614c6b404770
+ReturnedBits = 4432f68788e760615ffad5112438930447c5b8d101071f90a5cf10f258bceb21dab80ebf2142d453182b713b4088d9dcd2eed3a49a6fea8fc4149583b0023a803593e9dc2435de6c7b1611f489452360a31f2dbe9aa7f4bb52f9ece477ca546690f8d345078b7c0a96fc304433de5bf0
+
+COUNT = 3
+EntropyInput = 00780048d560f3019f6501397c7f835724861d8f99b50052
+Nonce = 809f64b92ff91a9ba1d0dcab
+PersonalizationString = 59a4ffed025b2cb1bd97a16a1f60e76779b06ba15b3f9a4f
+EntropyInputReseed = 06b8b461916476861b0a3e8fe5f618091297bdee85ce53b1
+AdditionalInputReseed = 124df340fee2ae570f236e76bc6ce3815efad09963f278e4
+AdditionalInput = d1afc014c86102a91badb1016f944cb1f962eda706bb4282
+AdditionalInput = 53f96a21346cb90fd2e91c599b1ce6d237447098eaeb694c
+ReturnedBits = 646c3cee70313bdef251be024cc5e8a31e85eec2f6a7bfc37f35d779ba19368dd03196b0744de71b8ae132e29d4e48c3cba9764fab356cc087656ca0877d0f76549bcfddcd7f2ac422c429002eec5b207cb030c850f8f3153156c04bcb7dde2eb2acc4d920a42a46a2b8468aaf2726d4
+
+COUNT = 4
+EntropyInput = 0cff9fbb01d5adb5c24c59abfbf935dd4976a6d04ff36e1d
+Nonce = 2a6ae386c92ef535e2e2f266
+PersonalizationString = 91b5c9b92244546774066bf2ddf2b7c8d4d802bb57d679e0
+EntropyInputReseed = b71a48486fbac7f087d7dde3a15a02f2d33d3739fc4afc24
+AdditionalInputReseed = 9ae69cfc06d38638f77237fd8242a0826ccaf76f28db5ac8
+AdditionalInput = 797728d2aa8bc057af269871a3204dbf58c760cc450f335b
+AdditionalInput = d53513103c7dbd00ea3cc4271341f9fabcd86a083607022c
+ReturnedBits = a7f65f9540adace37223fcb7ff4770f1b4e1e76ea0d9e3f6c46e1146f14d665ba2e4ef7f242743659797ce100a88561af2de062cc3d7c921762308738d6e67c2e5da25601605ebef4c135bb10ee514291a36af202c6b711234e0d7968b88d9295432e172263dcecad6c1a009d53cb7c2
+
+COUNT = 5
+EntropyInput = 2e9ba063bb50e7f4676b8f5dee5d7b8e2712b84e49b6b261
+Nonce = 74e167cab2d2e4725ca9800c
+PersonalizationString = f7aed5cde2f3616ea712321980f8366ab3f74446ad0af20e
+EntropyInputReseed = e07924ceea5ba00c1b390e574a7c1d348fadc05fcfe1b54c
+AdditionalInputReseed = b40e416b40f64ca0fd644019bba90631d0bee4a808462eaa
+AdditionalInput = 3560c1db548a75689ede2c7b903419715660e9bdd5002957
+AdditionalInput = b6204da93632075c0a753d3c0b2bd519a33aa55f38414536
+ReturnedBits = b2f2d977ccf73c9494783380f49914fcc0de557769e3a0ba66a9806c99901f976681e5f5924894df923547480ff995aa1b8571eab4d835e25ea87bd904cafcbc8fbabf9486d5a732a503cee0de6186f0ad866c92f895bdcd1cac87bef049f1f867ddf50c7d0a5f7786fe1ac82063a26b
+
+COUNT = 6
+EntropyInput = c14a374376a53489f460750b265349f60f321be98ae55be6
+Nonce = 73e82cd9cd5a966632441d44
+PersonalizationString = eb2f47d561cf0c9c900fcdcf60493496345585c35356d2e5
+EntropyInputReseed = 817b93dde4d21a75d04513477260e61e90afa85cb4299e9e
+AdditionalInputReseed = 5f16379ff1f93fc094affe0bbdd72797fe5176feb83d2280
+AdditionalInput = d89d2fdbacc58d7117020c0cd005c32a8ba77b4131cfcb7a
+AdditionalInput = 691ed9e6d398ce3fe35e0905975e34287a4712f1dd38f703
+ReturnedBits = 0baf0b943cbf161e42a35b87082e7d27c7e7f9c24ee924523fdf80bcde488e8f7a56767868b88d08f76035bed2ebcbb3eb30305c7ceab1548909286156c83a31e5103ecceb008ddd80f39d41f8cb3582e5907e47f322c7cfca2d8e62c7e5c0c503a4e7f50dd3c4609bb9fb71951219a8
+
+COUNT = 7
+EntropyInput = 8d62df4ec17620392bcfc9cb10d168498c469d6fa9c1ecd1
+Nonce = fba57a7a504128c631185eae
+PersonalizationString = ae026ebf5f6ecc2f50725d023da31129e308afa83125de1c
+EntropyInputReseed = 9d2c2ed155753a377227054e4424232e2eaee097887a441a
+AdditionalInputReseed = 5b53f18442b22023ea12e38fb5261ece26138885bc013b71
+AdditionalInput = 12873da88ec72f301a127f4a8e28ffe67de3d2c43ed21812
+AdditionalInput = 7d0494510a8d4898826ddee7a7c03966bc8633027caeb2e0
+ReturnedBits = 618024bbc868cf417c37df909cc696569ea3d8495b9f9de6ac10cded6808d7f75f041307d4efb7ec43a11457ec67044de1d097efedf4f0421c856ba9451a467b223331bbf2c5909025059bbac5feb9e15ad88dc44444fe5f08f83953145b616a0b1d2a14817b53a8919d3980af5a1bfa
+
+COUNT = 8
+EntropyInput = 749c7b03e866ba0d404166e16f903719f4b90b50c3de7701
+Nonce = b658f3d3a9f386a13b78e9cd
+PersonalizationString = 777297df39a188238a8073de68b63c800746a037b15bac79
+EntropyInputReseed = 67e8b94a8f2f0a63345d1be944b33b8df015ccf1e8ddb235
+AdditionalInputReseed = 1dd56bdcb120ee97813e156aa3081cd096eee508443ff07d
+AdditionalInput = 74dc91eed0e71819ad490a4414d788f5d564e0640c4e1df4
+AdditionalInput = 9a7f27655f88bc6314eba5ae9292774442439dd579c3b169
+ReturnedBits = 8db8c1d44efd55d80c2c7954015209e34c676355a25425e173c89ddd0516a1dd346522e051f41e7ce1dd8d69d9aaeee9d7de2eb25df8c63b4572cd0f781f1625e6a5d114075d4b07350974e71fdab2e8f53d3aa4f36d7e95708c79f0ad7cbeaf0682fd86893cf27911a38dfd0c111d9a
+
+COUNT = 9
+EntropyInput = 15cb43b0f434096c921b8185100abebe5f4446e7f703e558
+Nonce = 71babd656bc73e7545d97fd9
+PersonalizationString = 0dc645e5c2dd090e3695404c97bfba385cb1fe8a58b22c5e
+EntropyInputReseed = 0b3fb9d46b83f17ea013dd78bacfa4d30855604992116247
+AdditionalInputReseed = b25cfb61d7247b8dd3e7fcb759b0c09997fa9ca159d0c842
+AdditionalInput = 6f4276abfc9fe8d7f8b850f2990bc85d662ba5f0df4d7a0e
+AdditionalInput = edcedc09df40bc5c64e9741fbcb14adf7892bc5b030d70d5
+ReturnedBits = 77a54c85e6322357e7115b0e958d28bfcd99e7bc86059a88cac93125ecfb78c1a4c6c9f7d976de42e65d4509c75e6473cc1d7e498e5206b965d2789f3070c1397e64b4e546467a706e4706073b6a399f663e50bbf23bab5cee643f1b8329af6e10baa5790f7e1325fcadfae4347c76b8
+
+COUNT = 10
+EntropyInput = 403419ad862677b4ef7892e654cd5a002b25446aad34049b
+Nonce = 89ce4b8c957159f034941541
+PersonalizationString = 298c4ffa88455a52b3448107f3615964f93ab5a919c45036
+EntropyInputReseed = 4d7070c43dba17c4e22c7aca56f1496c496f2dc2b2a61590
+AdditionalInputReseed = 2cc718fb0f3ca6753e40b10132cd5a6cf2f69b3b6ade3e64
+AdditionalInput = b7c3b7453f4356de81aec2b4d828cc00940167ddac29f0aa
+AdditionalInput = 609174200dd7125e5605ef1ba12079ffc49a063e7aab8737
+ReturnedBits = e0fe309de3df90d372cde34aab6371e67e403f03824db2996c653ed09e32a3813785eafb767a65536b574a6fbbce1cf1af5491bd46839d38bd2faa585e8d82ed834e8cd8d2ea3c2ff13773665d7f535f57d6fceb216c12d1454f40c565a59ee9a43d02e01c356b2b5d1fc53b38831a6d
+
+COUNT = 11
+EntropyInput = c44189350dbb2d70b9bd726435d5244022659a68c770fbf3
+Nonce = caeb91af0d7db215fdd4bc47
+PersonalizationString = 94f0ca333da516c1e9b5911f7a83385664346e3d4db9e940
+EntropyInputReseed = b918dc2acfe39443f6294abcefc0be8211b39955884d55ee
+AdditionalInputReseed = 8ad6f14c8fee7a42baa96ae44b51b5652a477e97a4c23951
+AdditionalInput = f2eecc63329d582deb6384c9755f27dcc0e43a502847fc72
+AdditionalInput = 06f08a37335ac2c43512e2c814153fdc75a78e4196d6f7c1
+ReturnedBits = b142e21647c7ff52b6f785180c22ddb606628d41fe9df544bf66fd9ac001d123a69ba746806b6f8eea9680755c2dc8155efdda94a526ac032b8f0d66c6b44ca0385855d32d861552b7ceb6c24a3ff06afcb4478e6007d95788d9dad2104b8cd6c9e771971dddaafc4753c0123021fc9d
+
+COUNT = 12
+EntropyInput = de09a7b24a3d1a3f7722eaf155675beb5324ef3264f45005
+Nonce = c4152b989ec298dd9967d060
+PersonalizationString = e8beb4c3b68e2bd6f447ac34c9dcd992d7f6f60d1a49000e
+EntropyInputReseed = b74d062c5913cdddd4cbf56684a9fcb63bdcbc2f3bae1159
+AdditionalInputReseed = be15070a88c52fdab69c52c5ea372451db92be3892ba38ed
+AdditionalInput = baace9fd7c3c0adf067de6bc6295de35489a89e36c5c2434
+AdditionalInput = 057911efcac5acb4e838e086ad15069666cb9729bb41a5ef
+ReturnedBits = 230a46a007bc6fc2db65d1ee0b1c107787afaf0427f8bfa97d2b155fe1e49a2bc339b67b4c3947f7366b91cd3f83030ff96e2caf05df53bef3e575e77c64d3c8b2c93dd0850797608aa52c616fc3f82383cd0fa56f21646c45f0833f7f8b03916baa42b909341a2219697037592d1ee7
+
+COUNT = 13
+EntropyInput = 664e3f58c75acea5799cd9f5f639bb88b1b56db7e05f34b1
+Nonce = da22390ebea8e1b5f5bf4e9a
+PersonalizationString = e90539a637582315234dec058e4f325d1c02f4dd3f52248d
+EntropyInputReseed = faea4e90e956a83322655dfada36c3c1749dce68a4b6f416
+AdditionalInputReseed = 7bf9137110d8422b849e9ca461879b943d2dc8b8025c362d
+AdditionalInput = 06ef69aea79096affb68893761c77d6abf891f52a464d218
+AdditionalInput = a472e7ace1cc95e23ff26a7e4180a95e0652a3887ba61b63
+ReturnedBits = ee5abf3e8079e321c5e840ce67615435a7bb2af2ef1aadabb79bb7963cff796c0e39c43e26b12728c644dca25e450d6f550ceee62580a4c130f8143e404e1cbde08791fbff95f283f88e0514e88df47d8d3507c145d7a27afa2f7c38109282b475a843602949d9760efd34b6309df8ad
+
+COUNT = 14
+EntropyInput = 3a5cf3309b9ec3aa089126fc98fce229ad3fd6302b30a75f
+Nonce = d30e2492b975926109a6949e
+PersonalizationString = b234966510e237b917da5edfe042aecad73ccb663453967b
+EntropyInputReseed = 9a65fd74779831acbabdecfb2d80af07f33657a573e21f9a
+AdditionalInputReseed = 9ac8be6ffe743c3f934863003eb24f85a13d5f701d8474f2
+AdditionalInput = 1b77d5824bc89e5294fcf806a5d73279d9e8c5bf7aba430f
+AdditionalInput = 8843b16e8b62ef300d001fc5829f97320794ac9510f3efa2
+ReturnedBits = b263c9dc8e78810b0cd7008dbb937df7e00caa91d9876756718dd583ddcdb15a8a8d1f723a40847f33ef92ecfb698a1969c84c55db91e13bd74a1be6385247585b9683603133ec697a693580584e5525fd8330c1a5c80a50dae99f331602c451e8c0fdc087d32cd288e8dcf9fc58ccdf
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d210e4e171dffe64f61bcf60f0b3a753df0cd9c99f74e2be
+Nonce = 8c0498b516a0708c49521d8c
+PersonalizationString = 
+EntropyInputReseed = 4cfa84acb50c721f91ce51b5d6c3ed892a72381d9ce52f5e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fe51f4946be29d9bdc62075bc89236942585f2a857d943fc86f2d2e975a4b081b073156d17c49c13b69a2b0a1f609f70cfae31d023b759d926c448a9b7e9906b1b959ca01a768e23fcc96b92fe98432819a7492ff2f20f4e166dd60f6d4ec285752b161d2b0487816523cba128bcc78a
+
+COUNT = 1
+EntropyInput = fa0300d2cf7ca743951825407c8114998a2b840a7f8ed5dc
+Nonce = 5e0e7f3807c863b258717224
+PersonalizationString = 
+EntropyInputReseed = fa3664890242d76d0a51f049851307964cad0fdb84397a97
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 559a4478ea6ed883f41f446dab32747ff786f760d15c6da1e197b9388ca3678fc058f7bf5b5aa6498a83333c4d2f327ba787bd6d4755e144f198599a9aed9a50da98a108178d870303325ed1e87d5892a21ce2e4d714fe79c313c568704397f86f1357e1429b5aa4af95b3c973e3e969
+
+COUNT = 2
+EntropyInput = ed6b0aefc3ba095e0618b3a335f6f3ca0246cfcaf7c6704f
+Nonce = 435dd259b30e428462279e5f
+PersonalizationString = 
+EntropyInputReseed = 144392e141912082cd77d434013303dd285e95a4c4a396c3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ab9c68c7aa6dfdccf7741191c0e5b08225ce0bbfdcf768be213c4d09b3f0a3a7fdf02f5c8423ad623bc1d94d0d6a21e5a7f2566be586bd918de711e12c58861517633238e11383bf604e5ecf60acc3025af91994af19fe7bed5b6638ae72b823ac02befd029a51d5339284f66572868e
+
+COUNT = 3
+EntropyInput = 06e91937a3ba2edea8e96f596ccabc7ca7f0a5259e58e697
+Nonce = 688ea6f65c974a154111bc17
+PersonalizationString = 
+EntropyInputReseed = aa4a32cf9847d1e232360e296787a9ccb4b024d04553e284
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f11d1bd7fcb9276562a6bee413dec1f17954ac2f73c1f32829c0c7993ab0c5025a74e7108b7a314fcafaeccc806b59b85e4a30f6bcf92cbab12efc09f5ca5bbd6bd92c90899fd698f59bbcd02031c3c59c10d1d8e513e0847892a79125cbfcf9cffd28758cfb2e5670fd3a0067aa1205
+
+COUNT = 4
+EntropyInput = 3b9110b1a13447aa9b91c86b9e9b45d439846a230bc97c3a
+Nonce = 155c5520f2a982a0b999eac1
+PersonalizationString = 
+EntropyInputReseed = 4766e9161e2611fb20f55d1627bebd148b7e49fdcce17171
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1fd0d4f9170a37a97b7557e5a0ad6fbcbc71923e4bf58bfed59274c43d4107147fd9a3a518a3345bb73e4c92f88f1aac594f53e369d5705c923c81f03fec57bcbed00f354d3646185bbe9cf0cea86e57857ac126dc13a21f5a530e8483afb0c0a7f9bdeeefc47814c7c7a220dfb6f7f2
+
+COUNT = 5
+EntropyInput = f74fda113eb91c2338b8aaf8a5cccfd63c45bb8535283371
+Nonce = b868fa8077888db75b60eab5
+PersonalizationString = 
+EntropyInputReseed = 46a91f48255b4596af361f2b47c99b00363d5885bb75ab97
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7998dac2ed1ae0ba3c69848b50fc579d4e14a25da41041a73dadec43833dcb8b8dd9fdee41c318f27990eea45a90b5d78940cfde84105793cb1ec01683c6e74cb6a5f87ffa8864ad9e480ef58cdf8b24e33c98fd474583473acb2e8b2b091d94297c0ea5323821770324f7499f70be9b
+
+COUNT = 6
+EntropyInput = d78ff32ebc91778b1899bd456a4aa20e3fe4477ba8caa823
+Nonce = 5420530d0f0e8b6391e3e283
+PersonalizationString = 
+EntropyInputReseed = a815b44623b010d6a253d83db94366c85c117212856a79f8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a71e8cb4b7bd640e4efa224854058eaa83c375abfbb15dc25c4bb7ce0943f369bfe477a38e348a7e5759e3b336d914e712a3dba999df54850c7a7c0afe019ee22d9d3916fe9168fcedbef58d2c5849798e59dcd2a98c66014c6aa2362ca0d5709fc06278738d44385650ba340b924af8
+
+COUNT = 7
+EntropyInput = e12c424cfe20fba6443ff626a2809d3e1ca24aec23db5e65
+Nonce = ef5ab5cd07de5c96cbe19fed
+PersonalizationString = 
+EntropyInputReseed = 328a55d87fc3acb62c7f9a2638a36372be43c6a78a243a53
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 522a2aaf3d18c722ae0f1b8900d55dd6dc2f79ff65e4e305d93aa811d7102c2952eaa9e86e4c9e2660576bec4b144eeb58dde664d22539f6e2195d005cee6be43f3d858a8919b63b9214239c02f829ab8a33db12826ccf2c3547c4d6ad081fbfb8bf8e582722ff755575975e993ce412
+
+COUNT = 8
+EntropyInput = 30e4fc0706e2f09a9674c817e668f1cc0fbd675c33cf6d82
+Nonce = 0ab86985ae29c4f9718fed04
+PersonalizationString = 
+EntropyInputReseed = 2a6e06c1a67bed1cc14eabce978440e738a4ba794f542007
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 75c1c1ef4e44889d857368d7c1a01de01038e75c933e34c1afb94f5efb3326130bc3734fdd28dd5326b8957aa8bfef4fa9579d74d46c60b69c458969e74cd161830cfa68a5e36291a79e1e97388b80e86af42acbf23e97064cfb2602a0c4cca8bf7c106c753eda58294c05e59303a6ce
+
+COUNT = 9
+EntropyInput = 2283d036089ea11ac93f8fe87191eedbd458b99952a80d40
+Nonce = 41c099666fe0aa063e67fb87
+PersonalizationString = 
+EntropyInputReseed = 6b257b7db4061866e3fe9c7e5300223d2c144c81f57a65ea
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = dd5ceca413871aba2673842218dd30e90b6b3f629357db543249029c45cd7362b0e6050d25cf065d036fc6ac56cc1ddb13d6b8b7f83efe94b54c704d1172c3e8fff28da11bd20d62e09e7618f433aba31b0715f0a750f0c7579435e5c9609e9bae5e5624f71b64ca8e050e77233e1b73
+
+COUNT = 10
+EntropyInput = 4dbbc736e6bf7c10e6377b1699d1eb9899a64d7c32bafd3c
+Nonce = 33bec5ea13f76d0d64cfa765
+PersonalizationString = 
+EntropyInputReseed = bebbdb72c75bbca211a259aaa3d105502c12f4ae916e2c0f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0473fc3d80adaaa646443f6a1170047f31b192be560c574ee0cd4f4aecbd6ff1b9e4e7f5ffd565777e4b68f95ccd3a265dc4936b3579857f3828411dc84d271a0c03b7b5887f96e9ba49d5c8795629ebde051bf002916f4776698612162ecf5746a155f118532487374d960237efa4ac
+
+COUNT = 11
+EntropyInput = e5ea2f47ed3d24a31ed3e98b6f36a2fa79c2781949f4d7cd
+Nonce = 9a2d51307ab287d0ffea8bdd
+PersonalizationString = 
+EntropyInputReseed = 0801996f2addb24efb3c03aa2382392f9fad64e9fe24d478
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6fd96cf56231054b94027549e3f299d37231effd5551ed68957d963b905f4baf679bfd835ddad8307fcf890053956da648aa7fff474c799cd346ec3d8109278967c48e5c47e9e1e349850bbe5adb60f33f9f58dfa1c34b08c1a019f161140f5f73cb60e09cacab7f1569662051628baa
+
+COUNT = 12
+EntropyInput = f21a6b02889570514e7a08a8ece09dd2d36747690da21865
+Nonce = e13420c49ad54211afae3a95
+PersonalizationString = 
+EntropyInputReseed = 0c843cad73dfa0c1f616b539235377af8e86e0e8ce796769
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 643bdc4047813540899100b6620509917a2ab63c4da1776d2cf84ab8205d7cc98d4602306c6db4e9e22152e5fe1af276ac6c520bbaeabda55e3561ca3fabb5252155381c36957a90efb8e8ae9da0dddcbcc9e788f4759ae0f7c93e8809d10968ba1d1f6d3bff950b7d383c096b729ec4
+
+COUNT = 13
+EntropyInput = 8e12e37353678c9063ae7dbcc712f3460b1e268c965d7170
+Nonce = 7d5963b7453429088927659e
+PersonalizationString = 
+EntropyInputReseed = c2306edb0f6c245ff91a57989b12c41e2f230a9a364d4d22
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = dc2536d633a4e84308668bdf008a5699789631cd21c67d608d85586b481c657361b350fe813816871bee0da9098220db34e0284fc5a20afce6467793eaeca10a9734817a73ff946d4be67bd0955d147a24300b0393d05ec5c6a047b904efa7a2daefbc53a24d218fa70fc2eb08c019b2
+
+COUNT = 14
+EntropyInput = 614b80f9f8c8915bac7a08e6d79ec697947d1506a04afa65
+Nonce = c840df0456706776f0447d99
+PersonalizationString = 
+EntropyInputReseed = 461d2b699e1b97efd009aa2c89062690d9ee347464259a4b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b33babd4472d420eed89b7287001e85f22e8d7303ef6171c6632d9f720ad47931e4f7e9735bedde238db2448b8d8efa90ecb9df0fce2bef1e6b3603f03c284040df79b4ba52f6d6e4a9abbfa5c902767bed77110f1a65574f93693a83302b0425734e9e6c189e38d3b49ad8eaebaaec5
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 0d8746816f46d48d0decbe9da5fbbec099c97d3aa9438218
+Nonce = 71ca5fc2ad2695c7e1a32599
+PersonalizationString = 
+EntropyInputReseed = 060a40cfa3ae969c42e900b24f506dc430192cb71f60ffb4
+AdditionalInputReseed = 1cb0d38c1fc76820ace30a25e9a5f0bcf7ee7beb5326e37e
+AdditionalInput = 82c06986bab01d3eca13c476a2442e115d4747954a7c4c1f
+AdditionalInput = 33522a22682fd3c471ccd734174547c51f9bef52ebd0bdac
+ReturnedBits = dd088076298ecab0ada39ec8bfed5f19ef80781ef48a125974c5395bd733575331a960cc999b61a0c559b4ce2bc3386ee0808801103242ca1d77832db0efb6c0ed40b9616e1cb95fb21fb308f5ffc1c122a442786ec7a81abe0592027205ed8af8860f79afea881f43a7e0a67159dfe4
+
+COUNT = 1
+EntropyInput = 2a1aabd1a168c68c3ecfed546d5fbf7c565079f58b0292ba
+Nonce = 4f8dc2adc4af53367422ab51
+PersonalizationString = 
+EntropyInputReseed = e483690b971884d59761d25ef12190f4b336d1873c4e6ae1
+AdditionalInputReseed = 90602c1dc3582f00a8f496c0568f3d2fa375e2e610daf52c
+AdditionalInput = 5507634ca65cba27333256cb565176df08e98dc9c37bfefa
+AdditionalInput = f3499d011cb6f0fbaa78cff0808f1c2cafd94d2f7d0eb0e6
+ReturnedBits = 8ce63c76acfbb72bd9036ff521556be28f5fcfd5018dea48b8c055f238a86cfc320fda6d54af978ad058a3e835d0abde9a919da75e5daaec44b5d4a336fac02c96a664286e4173b955a963f9291d9f101a66829e73370216cb3ece8ab56d04baf4d71e60292b02a1ef0ac38b4317deb6
+
+COUNT = 2
+EntropyInput = f514fe81d701d00cb56f123fea34c32333a82e1d5d30502c
+Nonce = d84647213560f64210c595e3
+PersonalizationString = 
+EntropyInputReseed = d8ed63b714d2ad08ce7ada0669e7430e229c48a250fe1c40
+AdditionalInputReseed = 8caebd256977284187fb6a6048ec675806cbe0ba2fb71362
+AdditionalInput = c1d1e670f4e1f7bab1439ad9eb095790f3eb1964988565aa
+AdditionalInput = 88e749be9618463e724683d5f7fc7c501d61fe53aae6af87
+ReturnedBits = 4216c6a37b24db0f9e564c0e5569ae95d4f5b18d6e5fd601f639cf5b306de6fe48a12d3b3a6b0a74e28947c1dd60c07c9d3792edfe89b1bd3ef09e49dfcc8d68055efd8431cdc673d29c067433b4220fe8b466c1f6d5ae371c3189bb03701d38aa902cd471fe5f57ce7916fbd486cf6c
+
+COUNT = 3
+EntropyInput = 5d528ee79d5fe92ac9141a367425d32d7c469aa541fe69f6
+Nonce = 4df45410004958128a2c3cda
+PersonalizationString = 
+EntropyInputReseed = 2ff95f54f5db7a9fc431e7970571968f556ddfe899012b28
+AdditionalInputReseed = 1f9b6940a07b5ef670115c1147358b751304a1d5b279e833
+AdditionalInput = 3218f203349cf1902c59fd0fcceff19036083b8ac8ded73e
+AdditionalInput = 1060a82bbb0ee722cf2edd5309629f614438ba6ae4ba5781
+ReturnedBits = 73bbec9c823b4eebe410400683f7f95c155903952f4b58b215dbae6bf5f2b5ac595c696ed04e708e886374f263df75de6c7f4d9d33b9d2722d7b8e95bc61866668e399bacd6aa44b4bceecc5ba7539a0f9f7bf4b3e4ad61c9ba1fa2e968756dab50911f390ea102e39b56534a0644a77
+
+COUNT = 4
+EntropyInput = ba00c73d7b4b9c68ee7a0308f8e45c0392c611eab36eb64b
+Nonce = da8feb52ab4cde7546924602
+PersonalizationString = 
+EntropyInputReseed = 0113cf6429f50a2b2dd4543f5ddb31a68084389c9b4e5ebd
+AdditionalInputReseed = 36e610c0e603f6393d6cd25deef17177ac448fe69b773f47
+AdditionalInput = eee9b172d3660bb1ce3dc25755541af2da70805c8791f39b
+AdditionalInput = 0501f6c91586455d60086ba84904bc01c44dcb2575c13d2c
+ReturnedBits = f1757f26d8d9f63beb614f4d33243b18411b4e266238e2aec14f8df0969baa79247a2c447901bc4f345cbfedd46f6c1d9ccc3d9b8263007f010c481e903141e10723d4d6fa7e12061c3ac5df6fc61737895ca8d7d167b6a508a2afaaaaa10f14e6729e523e611a82648d2ca510da3e4e
+
+COUNT = 5
+EntropyInput = 31b7d9bc888aa28f61547639da2cad0ae5a612065679dab0
+Nonce = 534e0ba9e2b197b93a417bef
+PersonalizationString = 
+EntropyInputReseed = b23b8fbf40fc736a779442356e9b01789275e8de1ca3a4ae
+AdditionalInputReseed = 968efdc792f2c4375525758e8d51fc2aacc588f555c9a7dc
+AdditionalInput = 71dc0d40023c4d731a4d5f3d4e70237e84f7949d1a266740
+AdditionalInput = f664eaff1dc0a951592210fc7f0039c9442bd7474b4a88a7
+ReturnedBits = a2c2ad289e4a5144fc0cd032ed1c13238cda7ef8bc6426b1b1582c5b2489a53194f916f89328fa716ccd9c4e2d56040dd66fba6a2c5c97eba6b1655255d7ae2193d2d6f1da04ef491aede5a2b40986f9a48b1a6f5e1142f7bf676f285e2baa4826f35bd66ea37934b68033a34f535958
+
+COUNT = 6
+EntropyInput = 82bc60a3303db206ded373f5394bbf64beed1ff43a402088
+Nonce = 24ea7acf6a63ff69ab75ffbb
+PersonalizationString = 
+EntropyInputReseed = cb68d89c8c16f773ad49a8b274d2b39bfbe739bb8065efaa
+AdditionalInputReseed = 0dfcafd05ef820078d682477732bcca1786aedd0175ab1a0
+AdditionalInput = c03e8ed275260921f1773227fef8f6c967ac8166e39f8971
+AdditionalInput = d7ea495d5c95ab7454110d9dddfbbbca2540b8818d438fe1
+ReturnedBits = 2ad56f0fef79d26e83a4d617cb69d62c1c2b79f935fb0797f494f7594bc14a9911c0a7458cb24ab9e0ed2e7298f14e753e3383491a53b05761bb337d19e47bcbf48a89575d093668338f64cb60316ec3b03fbe660dbbdf64000c69e555cf5137c55acccc12a4caa1c279e1c6b88d9840
+
+COUNT = 7
+EntropyInput = 31687dbf6c8cac4d6df2dfd5a8f9e8096ad104083091d39e
+Nonce = 5dfb02af1ae5e2c6b86feb0e
+PersonalizationString = 
+EntropyInputReseed = 01c6796a6361f75c266831027e913520106af8f056c8961c
+AdditionalInputReseed = c573c1a5441b26648edae6c161597d842a946555e20dcf16
+AdditionalInput = d26c9d556a439565527e5ac210d1b6d3de024454f8092437
+AdditionalInput = ca4459e295c0339928c2925da6e457c9ed6e0b01926aa9fd
+ReturnedBits = 5023779eadd3e29c7e4b9b77ce97f10b1867217264c3140258c6093b3fd2fe106a9bdde8f7e1883598b9b8d533f78d3863d9670f1bbbb3e50f858f0fe0370e0ca9ce0b8c408c850b35971794a4f40a5646573a09efef4aea4da2c76c1f49b3c06d4d4909d813c9334cba34feb7d28415
+
+COUNT = 8
+EntropyInput = 8519d0e52af485fe050d2efb2dc84db7c28cda48323b2926
+Nonce = 8b5243416f397c42d76c1a3f
+PersonalizationString = 
+EntropyInputReseed = 0ecf8fcf194c306681d36f21d2c537484b250c938c9122e0
+AdditionalInputReseed = 54f8a8df99f376421828c3bf6726e53b06fa4d7af7807126
+AdditionalInput = 9901054634d123eb048f586d576295fe563c5c3c0bf24cbe
+AdditionalInput = 6c425265c5db22f0a5dcfca27a6e8d0550394f25fc26b537
+ReturnedBits = f4c8ff53737cd96cdae8bdf720b6a797f0598a4b5d8fc22edb70f7c29eb2982a4ab1f891578ac7ecbdbf51de6d57e9e7edbd1fe183ca07e0773ac54441e51bd2d0884749da70d072124a3318ddc7e57efca8ad99f25c003946b0d517682c2dd144b45fb6252a2ac122492abf09fdae32
+
+COUNT = 9
+EntropyInput = 9f1eccb34fd83c8720d0ce7a6b8751c7b9471c92ac91ad2f
+Nonce = d32e32f92b5833e873ac09a6
+PersonalizationString = 
+EntropyInputReseed = 2680d41d730a9ac4e23dcaa923ccf0dac58c5a98c29841db
+AdditionalInputReseed = e0bd09baa4315caa0454e941f9be7635c255dd639ed83754
+AdditionalInput = 29e79d0b6ab76232bb961ec7ec9f3b5fcdf9774b4646fc8a
+AdditionalInput = 1edc3365a7db51ba864a93e5bda20a0927582bd44be82ef9
+ReturnedBits = 2ab841ffbd8af668b13f8e5f13748ff02b1dbc8346fa353b43a8594efafc7f19cc4e627ecf50e99c9864633df0bf823a3044f24a4b5b5b1134d43b56903b8a66e392c8aa41411b0513508f4b469f5de6d5298b268b258daf6ea66b7bf0e2dd6f3c6fe16c7c28ccb94f7cac61462c0121
+
+COUNT = 10
+EntropyInput = cb4bed609cd651aaf2aa491162f4473ca85137615c1378fe
+Nonce = 584ddd86a3f2bb036babcf8f
+PersonalizationString = 
+EntropyInputReseed = 90ed0d20d79cde8484c426455f4a1e60b1910190d11f1c8f
+AdditionalInputReseed = f14c5c737c335d10ed7b564881c9bd0045b61fd05c241897
+AdditionalInput = c891faad9aca9b3dedbc75a6e0ae9a86748ce5f6126a9f01
+AdditionalInput = 5ad454ebe4675038fcd1f1933e8d1fe15b7e9bcaa6ade6de
+ReturnedBits = 9aa5afbcf15869136009b599b03cc4d7e18b7f354bc8393cc5df24858609761fb3cf147fa042cd01124723f7752ecd20ea64f2d7f444ffd830b99d592e1a7168ee3259bd496b504f138d1a502d04636dc66cd5493209a582191a5ab1b83aa5132f60d671fab4942a3f5bda9a67829d5d
+
+COUNT = 11
+EntropyInput = d6412681392b71c5a90af1d0970763e9738e65ba740edef0
+Nonce = 3d4259845c9700180b671af7
+PersonalizationString = 
+EntropyInputReseed = 33381ee9fc40336021584af5a5f02556ecb15e9fad90b2ef
+AdditionalInputReseed = 63716821fdb2bbd8d808a0a3a46a5d028a5bfac414e6fb4c
+AdditionalInput = baf41739b86f8b5c635b877f976c6797a7616a8d62bef5b1
+AdditionalInput = 82e2fd41649df4d88cb45b917cddb977315783acd5586689
+ReturnedBits = fe573266056a568c9439f5c7012a026e02cdd8585dcf85eb2e4982d4ba3dd2fa44cbbdaf772eaad5319c30b8f03122db215fd18d4945667d8ca536140d0fec62d975f2b1e3df9b3894a3f203f79f49bdb8ded9e7ab0fdc1ca3598f683f24c5ff264bd8694add7dfa65f2736406189762
+
+COUNT = 12
+EntropyInput = 980fa8309222fe77a5cd1970aa3278ec0aa966aba6d6c70d
+Nonce = f8aafaf32d5df3c6b0de3a9a
+PersonalizationString = 
+EntropyInputReseed = b0e733c4e60e8d4346fe1fd93e9d5de73d6168c870158f9d
+AdditionalInputReseed = 35d178ae34134e2ef048e4a190df401a70a4020d018991d5
+AdditionalInput = 5e7d42aad76bcc9c803c2c3fab5f32e31a15d88361830e5a
+AdditionalInput = 6b93da08db63a0362c8adba7d3b40a5587b4b47fa8f942da
+ReturnedBits = f6a8e41a31c73578897a45d90945b164543052d786aaba3cd15d2e7167f606a7de29fb42bd7100fda8218ceec57b2bfc4470f730c991f6bf0c46908e19c08ab45bdf39fb08678b59af4727d33809e6e9fc24bb4ae4c5dc0f021c34250245f1fd418f6cd1bee892d19f7efed28b2bd8de
+
+COUNT = 13
+EntropyInput = eafb1ac372870c758a066dc6aa9aad255345aadb69627878
+Nonce = b905a989d91c5a329dd11265
+PersonalizationString = 
+EntropyInputReseed = 52ec165bed62a789ce1512249cd21723fbfb251647a866c8
+AdditionalInputReseed = 59459352b33f2fbcc4af65f798ca2433dd28092da24cbe73
+AdditionalInput = 79c56bc1efd34fa6e957f6e4cdf3f8f57f8d58dad94f7ae9
+AdditionalInput = bfc1b97ed8bfbd48750a704546e7eafc370ec4b834714378
+ReturnedBits = 56e3e4b75a5841faa5bd3f298c1f67cc58427900d69603905f24e1f8b078f35ad369ad866a0e1bdb0b7b66aa76dacecdd8412c74fb86fa69a420e6c79ed4d12cd6d166c505449bb268241c3c5b73a87b6b373075f2d625a8dc0de841d963c5083b2f611bdd7dc4cf7a8d8cc33ad5a745
+
+COUNT = 14
+EntropyInput = 619ca2be2e07b538778f8f8e9921a7663c41167dc44abb99
+Nonce = 37601911f79f144b002fb15d
+PersonalizationString = 
+EntropyInputReseed = a6e07c88eee184d0b4cc096302a36acf4be6db74a5247777
+AdditionalInputReseed = 98a8519c34eb1b83533e771e160e532033d77219364ddb5c
+AdditionalInput = be40baade1c3b370f8750085787d3964399a8e80ae0681cc
+AdditionalInput = ef68b9319d075beb67fd6e2238aa5051b3ea072dbe3bd649
+ReturnedBits = 1b6b65799ff5d7523c859158a96c8b32d6879c22c280c7d79b3c4f7111b4c35975ec9f518f06d8f68b6460873fb727b476b63e46b5c39e4ab8bcc4776378c3f3d0d494fb3a21fd0d34a590ffa03c1aebf1c8985862c4c344154cd7bfaad540be71751f16bf2f9144ca5627c49f468484
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d711f3fef717c55eca14bdedb76f55056c7c70a15c6a343e
+Nonce = 095473b0416991b3b94aeb10
+PersonalizationString = 4d41373345ab632f8306de0e926936a6dff1682111ad85fc
+EntropyInputReseed = a1b2d3291ef093efe6b513ca49b6e91b5a92dd99f532352a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 53d05540741a824f9d1b45b91da704064b2d1f551ffcc6392ff17c7378c946ef39e39108279e2dec3845862afe595b26aa262c98c9dc9de9e3eaa6ad7648a923ac0d595262577360a5de8007a641c74c567f0ecd6682b362378eedfe11b527fa428634054376ef6084ec2596696337bc
+
+COUNT = 1
+EntropyInput = 890e08ef78c61c5eac8b252fcf878c2e66d1e6a964e56637
+Nonce = ef771e233b36fa1fa2da6882
+PersonalizationString = 8a7f68ab1c2b86fcecd14502859abd853e839af25afc2f35
+EntropyInputReseed = 05496bea60f41d26f29b7626071f1628979d4dbb9d944944
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 43cfce747eef5a2d1fa72b2b050650c14218339f9679e07dde66095fdecad4b8a2e6dbb110be5c8967a453313abd450fc5a1f8f9d008571c3b0518c4833a64b489f519d56fc4b46546288c6f3bd02a2c39a3a47181e60ddd1abd27e7360c7ebf41732b6b9bea66d6eda9b1c5517b27e4
+
+COUNT = 2
+EntropyInput = 32a70a976b3c3da73e4556a8a261570fb8cd042ac0c3527f
+Nonce = 7f4eb46c86f1fca2d90d4307
+PersonalizationString = 0f374c92e9787d18786314b851ab4dc2e090c8abd2bd3c96
+EntropyInputReseed = a9ce1fafed80758abc0d3decb42a63249124a777820dc962
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bced7e5f69463d5ec0c5d9e0e73da2b4becd16680537ca5d3c68a38e9f980671b8025675745892403266821bfdfa14eb47e0585f2f043ce513f6d720b42679f22c728d5495e64cab4bcd96eb74045bf3f82495b6adc0c9b4c9c3c74b11968f5965c0b039131009a3ba1bfe61e01689bb
+
+COUNT = 3
+EntropyInput = d2fcd18f9f340528ba58367242dc1f455cf066d7d24163eb
+Nonce = 01e5786bbfca3e97b1f528ea
+PersonalizationString = 0abee53d57cb7d1467c04ef542e60f7ce2232b71151b1821
+EntropyInputReseed = 303d92464e9c05e3e36d16e76cc56d7a697d1f9f8a81bf78
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = df0ab84ec1961189fe9ebd61f56da9649529c09bc9b3c2682ca7aad98972b4b406afb263e4754bf4296f2c1547591eda0eb726ba64049d85d86f64ad58668b0110cb5313aa71d85bda945d79fd70a9d16fe0b0e00f1a7ad0dd202fe3190a94fffee7177234c26e1f94fc26f720354d85
+
+COUNT = 4
+EntropyInput = cb1f8b0f14fde89eb431432f8e054b2a16e35355ae3aeab8
+Nonce = 3eba30a26f7a3466144623d9
+PersonalizationString = c29f919f478919b840ff5a10253f8c52ffed4a44fe8d885b
+EntropyInputReseed = 60e18c0628c58524b87423f37af4193f65aab2825a464346
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = afccd0118a8d1d0bbb624ac9c096c788fff70576b4a7f622273d558a2e3d8ec14ee3d5fd0cab6afae31e1510153dba832c5d5258116eff513f1ce7cf2220a01e40fbbe8a9841563f6f222d7fe8a222d0b052aaecb4b54710049e3d38c617182dce3bc0736fbf460396c910604f2d8227
+
+COUNT = 5
+EntropyInput = 861adf9135889ca697d0e59ecda8211cb740b7cd99c121c3
+Nonce = 2a1bc3b0c64599024f02a556
+PersonalizationString = bd4056e7fa013c8e2077c1498e7ed1c67069528369cf5d99
+EntropyInputReseed = 00a9b1baf6fa9fab6a991f220e2c7b323a320e60eb066178
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1643ca0e7efdc54b37d4b06f92ba0c7a312eded6c1555f260ef4ccf7e7ca83ca0c20589b4267fb0318d31a4aaead512d0e4c237b2d7aea553702e3119b0fc9d1e99b9d269f03b564a446bc233e6bc39b148135af8c4988236fee5d10e0017771c1170e4d64af96e920d550c359865682
+
+COUNT = 6
+EntropyInput = 0115a5cdb6d027faf1dd6ab03ffa557d18a9703454cc27e5
+Nonce = 4491637fea575157088dc7f3
+PersonalizationString = fe49c14f2c4b9924bbe139d986b7d5b3a979a3d4c8376584
+EntropyInputReseed = 3645563e66718a9017c1d34d87ad13b4b08fd2edc0dd1bf8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1da4a2fff75d6bcd07436a7608331cb5f6107db961ffe41fabad37f7bd2a4801e6fea507704f8d88bd53df15a4e926cb76a459a8fad83129aeb96a6454636ae8f0231b58e1f035cbbfbec22830f19aa78bedeeab683e0c171916ae756c86056067bc21a50d26462f5a78dea6ca034bd9
+
+COUNT = 7
+EntropyInput = 01840d9f0ed0ddae998a851c0abae125e356a17ca14439c6
+Nonce = 2b58bdbe72a51b7dbbcd8872
+PersonalizationString = 175d1b0217dc5de6438053de4ec1f851f7129bd313adcd84
+EntropyInputReseed = 1082a64831f874f99663636f9520bbc06f7bee4060e68303
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 44367c2d4e8497959c761b068c49a8dec3396af8115b9c479d79d167742fde836a1d1e773b6fd417a3e34fd055cc993cab79ddf8d35dfd9eea233301ed5a7aad82c09d4b9d62e39bdfb9fd0a130da6a1697a68a23e94fe2c0c2e8430ec0b2a82b52b87838a02b07b95ce73c69f6744a5
+
+COUNT = 8
+EntropyInput = 2250e82a49bd80aa6f621854973d0942cde4fc72546fd023
+Nonce = 97d5bfc148a95282ec961122
+PersonalizationString = 8b360a46c97de1f75465e2bff838cd4ce36ff72b6e01133d
+EntropyInputReseed = 295bc0eeeca72dc412c7e858d24af775d1d4de3ca707e912
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c93087c289c80c4397f14c81ab8d3a30c8369173a49b474b7d2aa03fddd72816a88f72f7fed6bda8951b07217d4382ecd3c50d56a97044a6ddcad2bd88ef11803eb9724231db110ac5952ffc1c30b16cf3b186a2efe40af8aed9057b4c39275f8f9b73085cdd5183fc0059a363d5adf6
+
+COUNT = 9
+EntropyInput = db23c9f7826ea8bff768fc1a34d3ee6b337dc30f0c266535
+Nonce = b232e89be692e2635b5557d2
+PersonalizationString = d66b2c4c44c531df105fde312ba3e1295264bbc3f8e06c54
+EntropyInputReseed = d7c77bad04e20b800649aefd0673c741b9bc4e449c6a8474
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8632466994fddd3d6a1f4934e7769856268769e2d6a5c0aed36b1d23e0269df7417a204cc0f7dff00361702a84451c8727ec74e269d156dd9daf5e6b149e8919627a047f78287018a73a8ef99de22403351fff1d5cf4a2ee9919482ed7ef47a984cdf24e7502e092448155b3335e9f0d
+
+COUNT = 10
+EntropyInput = 84117099a4b2c75123df9cd1af47b3ad6671e44c7804d7fc
+Nonce = 37c99d5c021ae6dc512e227a
+PersonalizationString = 72fad5b294925b9f500263995ef0ada26dbac0cc9d143abb
+EntropyInputReseed = 19e87a49462bcc005c66fe8f8ff1afa8b75f631fee4b77d1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3da78edf869ad67e96ada47f2f0d37bf6d24b48ca6a5eed6265d0c9feca9f2d3ec748b26b4eae400c40491a4479f62e96fd30e9cea6b99c9ffe007431243db4f0a22df21effc4658d8e8789d8af5ead01baac596e39f85fbf887a29bae8d556b09332d0e7c3a2050d98d0faafbe123be
+
+COUNT = 11
+EntropyInput = 043d842f86de74d5a7768030487877a27cd2f3b21491edd2
+Nonce = d4c031dc94b7d4f8dae66916
+PersonalizationString = 577a7f5704ffb1487c79deb6452053db7c784fd3eea0bce6
+EntropyInputReseed = a7966370fbea39c586d07936c2d4ab6d351d254abcdb5169
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4a61527bf5802a35e3227916bf783adf33998fdee4278ec8de6bab8edd8fbf9b3701fa833bbfb5452e4535745f2b6420151a9cade5851e4566e7e3eab2e947ab6b119338ba80b8d2aeb9b991aab6a7c7cebfe935d1f2c4775cfccaaa24412afe26e0757aa7ddb7d61ca298174e663855
+
+COUNT = 12
+EntropyInput = 53c531efff4d66d9a29bef4f5d575e4549df56e364b3e881
+Nonce = ae17571fda4db4ecd3d590ee
+PersonalizationString = d720c21a14484ad0f66fe2ff0836f227d0de1b2dfa70386a
+EntropyInputReseed = 635c0efb998d2c762e0915f215e686b7f8f5665daac08c63
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 918c3ab75570e8c7c5c6cce870168f67ed80d114e5b7912ce1bbef952149b97bea8cdaec4494de4b82aea294329898d2e0b2efb26c4521545916a0bcbf8d6a32665d7d3df7fc58bafb4a62074e2553ebe4cc82954963f400da183cb3e56f495af9df09d661f82b3fed9c2f2bd70556ac
+
+COUNT = 13
+EntropyInput = 919e373cf278eaa9413b985cd51b460cb77457d47f7881b8
+Nonce = 6cc71f8bca2b3592f514f145
+PersonalizationString = b9a9d62d4721f72b60000a2a681f11ce77aa31ef8adb9dfc
+EntropyInputReseed = 65a4d9761d72de5ec26832cbbe2bb78f992fb8ee1c09c825
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 54b870c134bcba2cc778a3c58040c624d10a1aa63b0f99f2f17efa9ad8d88832c3f904342f566a817b2e6b070c08baa9f8fb5a7ffec4b1c45f28ec33d6d96c9fa83b74214ea3c3a88463417a7309553d2ba62d1b7643c31d03bfd3ccda5ef6d4e8ccf9b94e61bdc56723860e07c1303c
+
+COUNT = 14
+EntropyInput = 7014b80e78362830e5dca5ff3159e7ae6ac1cd55bf14e5c7
+Nonce = 3be28c9410f7f9caafadad75
+PersonalizationString = 847ace6726b86e491550181e0aeecd4fa39b194d1b37205e
+EntropyInputReseed = ef5c09c47655838e01b4b2ed227f56d64604a5a9953bef4e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 80cc1e00cf5e33dacef02cbc669a987103a84164a58caa4aa5bbcf7e897e189d7bbc76a4dabf915d48dfb9ec30bf85df24f25ddcd70f5e55d23695147561bae38fc05288f3d0ab1b7535ff1b100cc878e8bce7d0258671b2980be2a50c6194a5720c683cc9c89276bd942993af2be2a9
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = a92bd5590143a2d158f5fd0b907eceab1be9e6e74e30945b
+Nonce = f2b6d9baa15c32b7d6c0d44e
+PersonalizationString = afd20d8b7c5cd008f3f06dbb5961fd52d3140570c5863c91
+EntropyInputReseed = 3c0ae208b9e369b7eb2c5c1bed26f5bd52a75b945a8c5ca2
+AdditionalInputReseed = 118e74ae997725050b9a883b0b777c53486593f0b12b8300
+AdditionalInput = 1dea5a047238198ae59feebfe6fa020f273acbea5a1ae009
+AdditionalInput = 0b61181d118adc0f79395e9b186df7d09d89e409ec5564e7
+ReturnedBits = 84e6691a2a1479064146b8b2eaea4f474726f9e7d7e6c1d6e91a1c354ccf8a9002b5a998879dfea49503da8aca847a17c9c572d39c22af5ece4e7fefe6d6dbbdd9e744da1a5ac0da5461065ade7433bcfd56b3e55dcf19302690f7e926c5bbbed85ca8d5bf938d9397b3ad04a4b4cbed
+
+COUNT = 1
+EntropyInput = eb63a115597084aec36472dd09ab8030c7fb4e1ac0620dc4
+Nonce = 0e0264218b649cc42cb9cf85
+PersonalizationString = e60f3a170d043c3d7afe7757788d33d5c71ce9f6fbffb7cd
+EntropyInputReseed = 9b0f2c7328537f30964f264b5d6457a38a24fcb0cce34c7c
+AdditionalInputReseed = 6ecfe61be8801a13649e44be5c2be335ca7ac9ce49a0b861
+AdditionalInput = c415a52391ac3422e31e74bc96e3b7288a48ea5bfa8d82e1
+AdditionalInput = 8c5648921c9a037c7a866b3fa7e7332ab366db5ec85e630c
+ReturnedBits = a3704d6b12bf0af44cb2fa47f13e07b547683db70fae85e0a40ca0a0eb5d025a20ce74b99f2d7d83c61216839f6dac070416199355be30679f23070345e94a573a44a535f638256b35a6f04585c69ea43216606370fa873d11f1d88977dc0e6b0fd6203a7a8f835c7285c95fee55aeb2
+
+COUNT = 2
+EntropyInput = 63f6a7888e61467f80187d98b974ccd22160d35f2d8c8c6a
+Nonce = f0f676d6c50b7b0bd84f6f08
+PersonalizationString = fd648135009ba910048b99f408f1463aa956f61d5218749c
+EntropyInputReseed = 4cf2501902b1a0df7ba34fe18e0d762ff36f233939854168
+AdditionalInputReseed = 438887a91cd51c564de34b73ca7d4cc266d5efc1b65027ee
+AdditionalInput = 75039ee2bc4021f843b6f1619b3c586a311cdeaa3962e221
+AdditionalInput = 3bfc9f6de8cd4d7df5839224c38e5b8f06fe1ea626aa26e9
+ReturnedBits = 3d501d94fb9842076b557866ada0f4ceb8fd5d59f9cce0a6cdbc9bb316ff87b4f0f9b44ba9db97a035ee1de83f26008d11386f9292e8fb71645642c3cf2c2ba3966c1a98ef0fbb5d6c5f8fb1be292a190a0bc94e297ee67c23d5d170024c4db8b806e8fe21b754d9d4d4e165ae767d7e
+
+COUNT = 3
+EntropyInput = 71ce4bc0ca10027f7b7d5070acaa8d1b1285f6372c60cf96
+Nonce = c65ebc85ba7bc39cef9ec653
+PersonalizationString = 38343b319a1ef58038a9028e323ed24daad0c71acbf73d1b
+EntropyInputReseed = 035a3fd30c9530b7ca011ba1ae2f863bbfe2a3d3b754f422
+AdditionalInputReseed = 8fa119881d457516e6c8f90d8e2ad58a9656c158a08bc9f3
+AdditionalInput = 64f9e1ae7044e53773a193504c4f3fee465f01f002a534bf
+AdditionalInput = 08fca5b73bef03380d7532d46f735753b67e144cc1fe2959
+ReturnedBits = 449d686c12e63bc73cb107faf5e924e3c11acc0852bff42acc0525f51496bc43f9a4d7a04abdccd90b27391fdab6aaebe5090d0cc37ded3f719bb449ceb98a1b275dfd4841e4327ba63e9c4c81f8108b261593524fa8686a50ad8576b2f328fc5e3c8f332f7a0430446e15fa2fd5840c
+
+COUNT = 4
+EntropyInput = ae75ee7ffc6425ff3a55b2afde8837c0626f8197f6deb137
+Nonce = 218e75320471c085ea8a3c0e
+PersonalizationString = c17301ff0453525bc5a5dae8ddb480add7988df58f683852
+EntropyInputReseed = 1e1bcb06b92496a5b71a200310e1aa7a4b4d05f6046914fa
+AdditionalInputReseed = 842569f6cb43c95131960a2a34ab4d266760236da99a91ac
+AdditionalInput = 30b479647c493b6e0a186bad9d6c1e06247bc55ecd90ba9f
+AdditionalInput = 5c8370f09509723844d739728a39c32d74c8f5296f5f6dd0
+ReturnedBits = 5bca03c80ae4b165cc282208134d602e235e4cf028fd24d7ecb246c98c8b5d0e2d7d30da04303cc611842dee4fe390ebaa0b4c169e506734b1a618bf0786154850ef127cca5e4850a6e574411555e96dd7e5aa1880633c336973bbf892b09c19350499012a182f5343fced52acf581ae
+
+COUNT = 5
+EntropyInput = 3b4a1d8056d5e79ac053ee5d7cf6fdb21d54b6507bfa5eac
+Nonce = c12a0ffc30cd2783ce6a9cbc
+PersonalizationString = caa7855435f3e05d74888ba6e87aaa9d5c8152ef553a1cce
+EntropyInputReseed = 20f6fb058c718e8c368b16de4e38f2a7888e323f7b71ab54
+AdditionalInputReseed = 18e42a9e93d00a856e42d9a6a66dac2b33b85abd95bed449
+AdditionalInput = e627057674c46bfaab16bdcd3495dcf89490f68c29502474
+AdditionalInput = 0443122d0cd700b1aa89128e8e90397d3c7e4e8e4cd7ee72
+ReturnedBits = ff66514b486f98d3fdae3d832f759e2e4539152705946a7c2e7dbeaf0198ccbf37329e2a089a47d40f12f143c9989dbccaaec76efd4c22c5777b21c72263b356a099a480d1f15d156ca3a66fcc833753823b4606ffb333f59246e5d66674223278311d3add9ccc909860da531eda055b
+
+COUNT = 6
+EntropyInput = 3966a7407ed1107902d4098c264ac0bfe866e3fe8f1212a6
+Nonce = abbcb520bc03eb7976aa605a
+PersonalizationString = a07440c9bfae23896e83e449f71000b4b96d1e18d4fc023b
+EntropyInputReseed = c194f6f6867c7027f7d76cf0483fdf122854b18fd6adb253
+AdditionalInputReseed = b55c4bc0016f9b2cd8d77730d706732030d3686409aba5c5
+AdditionalInput = c98b03d2e696f4a2d471dbb91d569384c6ef7cad63c4b52c
+AdditionalInput = ed5fbd0dd4ab0faff82c9dfef0b462cc8fc9d9ad8d890b29
+ReturnedBits = f098c4fd75b80104fbccc176348e9c91de516aad81c313e100534ae79072cd4422bdf59b4c7762495fc41ff365f4ff0c5d43cb541ae8c5192326d61605d0d8e09b65811c684b6f9893dc556f0341b6533c2656563aee8e8080d618a33726ac27792aeb2d35fd3d52e741f30dbe465aa1
+
+COUNT = 7
+EntropyInput = 5b05557833e529e8814e7bbd52f956b6af2645b06dfd18cf
+Nonce = 9b3139f275b958e0d387c9c3
+PersonalizationString = d8f87930d05b4b1c5840ee76726e31847dcab16158b7b6d8
+EntropyInputReseed = 58b95a0b014f20b6b89272a473ac80239a17acc4ae3c4ff9
+AdditionalInputReseed = b6100982549d155c9d24aabaffa89a06402e5ab75f1684a3
+AdditionalInput = 416d967404e14befa21a3b7123ce762bffa900f63313c30b
+AdditionalInput = 6a7b610a7e3dece37a9185a3eecc540c8196deebefb69ab7
+ReturnedBits = 83cc8fb052d864970ff487f0bf9f44a419324823c83aac4c12d3628b6acc6ddafa8d5f14e0aa335535e73425f2c31a82ad3a9929e3c265aba0a448362b72e8d822a42542cb89d0e2e1068807566c235f5e949e8fe68baf8b8066372ab78035498ba5b26a8cbda9cf8faed714a7e07c95
+
+COUNT = 8
+EntropyInput = 840b7667ca810879dfadafe5ca18c350815fde75aafb1b98
+Nonce = bb6d3bd0bc8dadfeccd63f01
+PersonalizationString = 07135a62af6ad919feb05b3e7f7e67d1aab1e9819e089f12
+EntropyInputReseed = 21fe221e5ba7640f3acfa87f3296207aad0f93e1d1401839
+AdditionalInputReseed = 94992507fb6d1eee05c990f2e5e586bb8e3bb40db68e406e
+AdditionalInput = 90009de1fcf4845f51173aa09f092d422a48ca7b6730b025
+AdditionalInput = 0d5c89e895acbe247ff964f4698bacb651e06ad72dcf83f3
+ReturnedBits = 0d216a2287fbdfbb0313b151dc27e778bd28a456cd449188d6f03bcae1bc16742eb295aadfb24621e9ab390d4e35d6c2f321a021cf03218251e9d9be6acb602bfcf6b232ba6978a50ab743bca0b84c1cd176d8cd2d25420ff005e0fea5aca71a7fdaa8b91057b8c96dd8da2954c7a5fb
+
+COUNT = 9
+EntropyInput = b859961c7aa1a3ddcdd48980d75d92b4f5c7d5d8606384cb
+Nonce = c1e1ebd50fafa7bdef5ae07e
+PersonalizationString = b483f35c0d320976933f7194f99e490cb31a58f5a7a87b9e
+EntropyInputReseed = 5a35af4980a70ac8f7265071d1ddfa7ad725e042e0dccad7
+AdditionalInputReseed = 34ed35e7ebcc7dc6e2cebbbe4e8ee2cf73b5aecbc3a115c8
+AdditionalInput = ed9ef7bb7ffda8e132847ca109608fa4fc60ca0470f4d96a
+AdditionalInput = eb4826578e0540db894aa6a222eb084983f473840ae31097
+ReturnedBits = 25de01a24978c0763eeaefc56accc4db8e81f02ed063282fb2a50d544e2699178985b367b71aaef924129da95820d4bc9811ef9c260fe0fc6e0540a3ed7485ac672144fb7d541eb801da5eec1efa0f8191ef5bb4e1eec27d8beb8e729d926e7b307eb781f5481582c00c30a0e5c5eac0
+
+COUNT = 10
+EntropyInput = 3df09e66cf12a50a1da72e303ec9feeeb5f0021073fa974f
+Nonce = 41b37919e8c1e70f49d42b17
+PersonalizationString = ae44913a661b8dc544ca28f1c62087e1cf3ef528f8160fe8
+EntropyInputReseed = eee1d57bd0b7407788952b9722e8cce291959e07d2720552
+AdditionalInputReseed = 528032fbc4ff0f35f4f59b088b26bacef0f4f5bb3c29f102
+AdditionalInput = e6d3c40d5ccf5dd91bbf3f3a8f6742c800a48f0ba3424557
+AdditionalInput = 3cf47801466ed01a6fa152dda1bd34e112f9c0b70f21ff09
+ReturnedBits = 8830fa991e89e56d2a26e49fc4ad2af6244fb8dda608634bd2043a0d262fc5685c9cced16805114e2199777a4f9b17b727ba90fef0c3a507b804d3b6841dc41274104deb034ed8a787d4a3b42c9941a01391e20636443eefc2a61e9140ee453d41829ca41bd6b7f1d9a7f3910b8b65f3
+
+COUNT = 11
+EntropyInput = 54f91e62744a88fbc02c3b4cb7b12586124470143f36daf4
+Nonce = a38b441e6dbddb69e1f7e704
+PersonalizationString = 129d38491a1a5804a14e64e5af58c20b38751f36cefd5bd9
+EntropyInputReseed = a0bff2a1a28cc0a1d9035c227ddaef5f1e034dc510adfce1
+AdditionalInputReseed = e3757c1d88033054b4b6d5242033b926fb924595f65619f9
+AdditionalInput = 70bf1f4c0991241f7487f7db24c4273b6ef8d04e966f1c7c
+AdditionalInput = 4c51d133a96aa2a1b91cbe2599b2d2e756616358695cb269
+ReturnedBits = 7b41713dd51ec0a9b126e9ea6e6f2c3d9a846ccc38eb7265e9164193bc29f1aa6b16dc5f184e6d5db3a8db5b64349b8601baf0342e826cbd036f29129c860842e1a1932e2699556cd27bf5686649d6a1e0d14058e7748c1e218ba18198925334a6b734a66fd0591bb99a3b74e10bfcbc
+
+COUNT = 12
+EntropyInput = 49870d2ee54b7f37f266f0685ddbe690d6e78b1366f0627e
+Nonce = b564aebb9f4d8bffcf2a7c18
+PersonalizationString = 89ae2e97e289eddbd36eaa0e83b5397bd99a277013834b70
+EntropyInputReseed = 76a0ebae02236635dd3618d1ad8aa69ad94b671df84dca58
+AdditionalInputReseed = 7dfabf32c83e4ce517254bdad38f5c7baa57b73a57360d25
+AdditionalInput = fa943b99bd44975e87793627b110065f050fe798015b0f1a
+AdditionalInput = 46c481f24ddb394795d4dd2c6065e6f3e1b7a34edbd0a165
+ReturnedBits = 26a5b9db4f772d7d0d251f341f4baa7cee760663956b87309db0bdeae6e9d71a468fdca41dd2cdb057e358d34729f9aea49376701f5bcf59ae8ee328e8ffccf5e8e26a28a4f37ddb2553de2aa06736dc74fdec8b8ab3a071e3230c08617f35635eeb42dcd5c4cb8d83fcdb4c2b61d66b
+
+COUNT = 13
+EntropyInput = 80588af58db879b87e110d25732dcd48ca5ecc76df23938d
+Nonce = 46b04f7475b6db5aa67179d3
+PersonalizationString = 0e6acc0c44ba711cdd8abd5dfb58dcf642e2306b5a01da88
+EntropyInputReseed = bc5c317b0e66094d45fa49db911f6b11122250992e370387
+AdditionalInputReseed = 5c5a87c8f76698206625986d1f94df2d4f8be211d1519855
+AdditionalInput = b3eae1cd18dd003e18d66801be24bd71b146c9f919568ec0
+AdditionalInput = 522fd53d89354bec859b20632f3220974f6a04bb4403b799
+ReturnedBits = e56f1175c87b8e31a1dddf27aaeda1398c766e72b7c3f9b6ef85cb0922ef82056a167ce637bf490d09f338bdf27aad955b294a850873f7fb4ef4003a5f4fa834d6a15407c6ed3ceea12ebf15b7ff5f276f40e6184581ded173c5e89bc89d69594eea71f5ad4cca3424721f981695754c
+
+COUNT = 14
+EntropyInput = 15799dfa6bcae8af2f45091c0903e6dfd3f6add02f4f845c
+Nonce = 5e2182fc9d467804871c3ade
+PersonalizationString = dfbec51c065154ac80ea0dad73664ea2ff9a78573d5bc3ae
+EntropyInputReseed = 9b8521622a09ca5e4df656802aa399d1d9c78e252dc364fb
+AdditionalInputReseed = 91ede5bf34fb3383d1e5990251cd9743385932e734ef3a85
+AdditionalInput = 597c9d6165f87a9fcfe8ba84b619a0e2223301bc916e9a08
+AdditionalInput = 15489fe877f249283ac9cb4281f3a683e00054104d13eaf5
+ReturnedBits = 187213d7b2c4b48ed2eb12bfba3dcc3e405653b1466512d1a474b922e1ed77744be5ed6014b1794115a50306a85b38e4c39d1d6ec9ed7398584c1a03c4631ee03d7653d0cd8e0b9669f9ec271d0dd08d6e82b0ad6aaae2594ab4b0af9147fe3ff58482c92923b3928bf8c6ee5cd91276
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 0e95b5397dc6d869dcc7badfc4f4b66a60d0d1a563720be8
+Nonce = b44d713cdac6f890239c0691
+PersonalizationString = 
+EntropyInputReseed = 4a1e28d6e886c33498bff6f3733afa7115740dc5dec74441
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f2bcaca024faf6c2701161ff8fda28d0174057a3995f55295b485ff48cc8b5e3bffd3b2f80a4a40a94eddfb0401ae45b47fe42a7e64dabfdfbf1ec8a10b60d4fade808bd5eec7cb4c0e6a2648787efd92a5023dfae9fcdb546cf9403057421c7224775315e2faa3fa3821a28210516e4
+
+COUNT = 1
+EntropyInput = 6ee2855dbfa82b3a527f64c4ab6efd4140af639e8ed031b0
+Nonce = 24b5bc283c74b0d533f6e884
+PersonalizationString = 
+EntropyInputReseed = 6bbe0cc2c4c17c6135bf6949c119d05dfd03924b7f7e32c2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6e5c0581a39cd1a46682df0e316856f5e2b132b986e0d31635f97aa39379dada978f76afe53a52506b6185d524a7d46147725f91df5271fff8f7ea191fee01fa7cbb37fb2f39865e30146df24baa08f584bc9520472c4d8faf8727e13c150f97b08fefa62a02b655b5388c498c7a4904
+
+COUNT = 2
+EntropyInput = 3af80aabd8d70ce6e0efca06a50bf7ff061a99668ed8cc2d
+Nonce = 4cb241969b64628086f626a3
+PersonalizationString = 
+EntropyInputReseed = ffb4d427b861acb3cc1e006f30654e3e1b4fd028fc30dcec
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f0ae712d23fce72aa137f02ff6becd8ab273e6dee87c14cc9a21574b1e3d44f0e0ad15f9c407b2499bc320565aa294c7ecac0459fd9275013a30a2d32e39e3407efa0e96940d7d7a96ccfbf3575ce7a9667c1b2120c229e083c7f7a014a52764444e9515112750544f9177d4c8ac53b1
+
+COUNT = 3
+EntropyInput = deb6408cfe09a3ce9f9ffca31bef96f6eed5604bba85ed0d
+Nonce = db3cabe6dcb42348677805f2
+PersonalizationString = 
+EntropyInputReseed = aa0b84a65a7e4980220b91a08d2ab5ac6a13c993a2eb51c7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = eb33a9952d2fd41a430c487b5f9e4cd9c3511836c412e752065ea080fa3168d3c68ae0575b0a9ceddf4d153fe4deb79b77beeb438dec9333ab83e1961f99290ebe813f4ceeb2993af24a708b24b38025f9d1ba7e0b3408d13f48b64fd87102031ee21feeb96f9038ea31ff599baefd81
+
+COUNT = 4
+EntropyInput = d5dc1a491ca10ede27c869c0ff7bc006ea7a3181c2d7bd6c
+Nonce = 248a3d829b5f4d099f5717c1
+PersonalizationString = 
+EntropyInputReseed = 84605708b016fe6e782a930695a7c918db0d7f2b7192531c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 82ee0be6dd5133a1b4da542b9174ae9ccfe11801d94e55ea77e491c213d91d6f13e38d95b58dca0a7e3fe1808f2ed0590e17f754c7fa9b26d38f3213bb1e88991ee5fb34438bcb528342f09d898dcbb440538d56a9fda427c9916c7dbd2d5f786a287ae91af34ae6a12554e62dad606e
+
+COUNT = 5
+EntropyInput = 75f1eacda08ab770b20059ea871bb1b38e0665a3531dcb73
+Nonce = fc7f15f496fa19e6ace28172
+PersonalizationString = 
+EntropyInputReseed = bfb2e5f7aa3af5a04e68bcf893c30681a9bcd5f33dc9ee9a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9edb85ae94f553390e8782cea1615970ccc6f7ab3ffcabcc9afe06c1d386b561bb025ebc7ce20bded4fa8695907335450b490f1c98fed81feef24ac3aaeb4308b0b717a6ef1d87d852ca5ab2cd10b92d49108edf8d282cb3fbe13ff743911328425a8e4afc6c1dc2add92801662c6f1b
+
+COUNT = 6
+EntropyInput = c7a5326455ea905d1c4faae8da9b00c76bea482b8c0397e6
+Nonce = 3bc85eccf8255c661468e2f1
+PersonalizationString = 
+EntropyInputReseed = c4b350d6ade507eac9953e541cb436ffe8ae938c858ac840
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f3f8d967e2d7464922cc6c40a7bf2c38ac3bb9fd3846aedfee59d39bffd9ff92b1615a0988fe2106d5d5ec565cca706cc8661c3c9a9b414d9fac267d7b0fd2d7e5ffadafa3badf0e76b9c3bd5a86379b9f16be5cb5b29ad56ceca909c28ec486086eea4748d446da2d813ba3121af13a
+
+COUNT = 7
+EntropyInput = 8628d1ec4ab783099dc436f3cab25cf6687f3be697902ab4
+Nonce = 38bbca03b475566eeb6e7437
+PersonalizationString = 
+EntropyInputReseed = 4f8a37842ef35b7f8d9b673d0d799896e0b409220cf39125
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 99fbadc9d25437e80d21ac9b31649a8698a42d7a9f00f4f809660c05e7a024488c29615802b8780de43afe760614e2b16ce8318f58160852563e940a3331707ed253681ad1d196597fbe2794410f7720bf9585ac91f6764a7d2ab4f3c0cc2e7db940ddc47069deb7545e2c6ff01c58a5
+
+COUNT = 8
+EntropyInput = ef2f85746b12717a820bfa5ae6edbd1bf80b63e632afc7f0
+Nonce = 646ec1ac1e959e4bf7fc844f
+PersonalizationString = 
+EntropyInputReseed = 18e22ba3dc2ecc5d99d70002b49610c24410b612318bc10e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 97340f02a1ff3ba7a92f2a2292f284f9ddc65c823e4e906dfce71af53eba9f2cf1cca0a21a80df6cc7f15abb14f42b1cefd5b4276c101ff6f64cbdbbb52372107f09926d3fc015df9d1a868486f430d3ad49b3483ea4605cba0927516529bdcfa19733d8a0f859c04cfee19d7e73000f
+
+COUNT = 9
+EntropyInput = 55fe67eb28c03549309c72c382cdf74882cd7fffb3e74638
+Nonce = 67f291cc51cbf97f42adbe90
+PersonalizationString = 
+EntropyInputReseed = e1da057bd2091da5432135ea29d2df6fb27b4ff1364c0f8e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ea9e1dbb9de2523a5573715285be43c7987880a07c25cfd412bd7adfe048018c25e043c541c7a30038b60bac242295ac849da7eee8f1a954ded3588e5d98187b70a880656228d1f92cf952571500265be159c8e0814926a09c23f6d9217642a51be86bf3bc253e24b08406966aef96b8
+
+COUNT = 10
+EntropyInput = 34e5393e36882c17094bbb27f289d250f6ce454f669fcc57
+Nonce = 40a937b579b31fdf9519cb7a
+PersonalizationString = 
+EntropyInputReseed = 520f7c23ec754fb54ef7a96fa241737353866e233655686e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 62b9a92b9bc5875914e56ae98fe205bc9e84de9baf2c520fee7f5530d8d61ce3e37811996407a077310df5dec7d258f8332bc02fbdfa19ee48f75e0554a1f3389ea2b139efb4aab91b88bc62c86c60ec9461a6367faf69a86fcbc60d3bb4a77b076ccfaceb09d7c5738476d486b04152
+
+COUNT = 11
+EntropyInput = 32f925a893c393c38897edafa033ddfa1594dd9f0bd6ade4
+Nonce = 356bb5433205ea8c09782c8c
+PersonalizationString = 
+EntropyInputReseed = 0dfd6631f203557c67d815fe2a02426adb7ac68532b1ed9c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 707c2602019f30cd7f05ae2c556176a57a9eb0b771e38c9ea5f313ed641fa87d1e548107a11563067b0f2e1217898a095fb97c7e8e2ceb2dca0d9ba811e598e99fa91dd45795b639e970fe9aa7284badd6d7e098dc8bff133a315c097949b9f6116f198da110eafbf3edaec306c3e0e3
+
+COUNT = 12
+EntropyInput = fce3063ec41d1f21add09ecdc335e9f35daea6886d24ea6d
+Nonce = 54e529fc710a456d42484c0e
+PersonalizationString = 
+EntropyInputReseed = 399367a2db3090bf5e3b969f22fc8e9792764caed8ec4beb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fc41d44c54da60315fd0c83e3bea9be9fb49a7522c1a6587976234ec622548d6047f86f36f34cc753e2f843531a25a84c113b5880c6d33f4c05eb82057399c575e4724d75a6e4fd102ed23908f5facfc0a76d37cb54c37aec06818dfd6134dd10fff7cf139f2c46d4e6be46fa0442b66
+
+COUNT = 13
+EntropyInput = fa2b5d7344227d375163d6a64315694ae725f9eaa7a6b964
+Nonce = 1153711fbd20064edeb1688e
+PersonalizationString = 
+EntropyInputReseed = 7b29fe190bd45c14e6e0415e4760ae1d5bcb97d27b78c7b8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fc336d6464d823c23b88802b36cf38c7f872ea73311b2d75ac1aea3fc1d3c1cf57ef2eff424563ac88e55994923dc0ed6ce6509ba7e16e4c7d1b7aa7d396fcb29d7eb64162648c162010c9fc833243ae33fd1957fa324d70b1185a3252d656250f4dea369139dcf74bf88ae5608d6003
+
+COUNT = 14
+EntropyInput = e443e50dcf848e1cd5988dfb5ac14acfac0a1350570c3a81
+Nonce = 873566ec7aeabb6e2ebd6e22
+PersonalizationString = 
+EntropyInputReseed = 6433cd4afd2f0efef269bb99d884445d05d2a355c1ab2274
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 315349774ee632596ea68d041c45ed9ea134e31074af401314c0dfe39720e5721a073d8a502b93bd66ec1d84bb586965f1523e25b0f996ef8293d62448997004f39ca4b37a5fc907915b75f613735cac46eb0164ee7273602cb208a7bc6c78d8ce60dadafd5406faeb07e037cf010ccb
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 657d5c3024e143223b44bd36fca677795285c0e20488ecad
+Nonce = cee95274a23f7fe0f45e5b6f
+PersonalizationString = 
+EntropyInputReseed = 3776f206da67ea4eb94a97f7b1ad6382a1fa99b473eaa0a6
+AdditionalInputReseed = 15a492ea6f796290734c957935aa36d3de191063811f2322
+AdditionalInput = e4a4742011ab52133fc79235809741c986e0af7686008424
+AdditionalInput = 5b45882dcefb0823e2dfa022c6796496aea111cef3d27c3b
+ReturnedBits = 05f8e14af8518b939515f625d8e3b013f337184c45984017b895cc4722746aa6ced845dbf7442ee3de495077159e1a08901be78a610bc34b24bb7db4bfa448d0e2e7ea65975d9be26158bfde6a98966e8a0e2ef1cee8298ad233db9f783811c7552f49835104d7fe6fbfebd02af48082
+
+COUNT = 1
+EntropyInput = 6f820f69c85b8503212bb75be96db2b90d91027e5aa054d1
+Nonce = eb0c11b0d09e9ede0ca8b470
+PersonalizationString = 
+EntropyInputReseed = 60ee1addc0a2cbdb62defe7c1d482b5f5f74a42cf7982d31
+AdditionalInputReseed = 78483611023a22fda827189e1f66a9629e087928930711f5
+AdditionalInput = f0f9c009c5efa9cd653aed74e55c01857edd266d2b69fa16
+AdditionalInput = f79ef0ac2693167f4a9436e371645010dd7d41f4cfd80362
+ReturnedBits = 1494fdc18e7365354cc67dc081df49819d6e40450ff86eecb15c8754f1c9a0dce67728909f3816b26a315a969e28b5154755f71a1c2767d19cfeff1d30765064d74833f45a191655e190379e2c54aa1a4813b848207a8de45ae3ca79eb6d5b53c1c55c93d10736dabfce536c358cb7ca
+
+COUNT = 2
+EntropyInput = d31d1c861025c17d34d83ab7afbad89711157a11ccb74976
+Nonce = d02eb488afca5cfe6eb66362
+PersonalizationString = 
+EntropyInputReseed = 59bda27b0b30912ce01ef7a15b1d7498f8ee46892ed3a3ad
+AdditionalInputReseed = 5d74439a073d943243ea5b59eba3653798e7b36bc1a3425c
+AdditionalInput = 8f3810ef90351a23b0cda02e7a6a58281ef05a21bcb330ca
+AdditionalInput = 5a8c3569b155cd93f06715f88082a130681bdf57db0e6723
+ReturnedBits = 89ba7e16705823a063d860292b99976801e26bba8c26d8d5f893a48727e0be5b3f8e960f2ebf474eaeb6b15ceb4197fb1a940ade6144396e24d2f390aa0430a693dc6d59a61a9a0b12a77aea51de6450af40619ac317a590377bdc61059750fe3cf0a543a6c01edfeffac27018415a41
+
+COUNT = 3
+EntropyInput = c251da2d60f2b5d5747ca39e08b10e19b3b8a968d625224b
+Nonce = 8691a4e0747aadfed51471df
+PersonalizationString = 
+EntropyInputReseed = fbab01c53d86d9418efd98b68b10bde87aaf1e1f66299128
+AdditionalInputReseed = 3fbb8df9d16ec08f3df6a391aa29ea4b34c62d36b94232f5
+AdditionalInput = 5d691cb61641f3d2b02d572f697d1d7cf68ab92cd0ad0b68
+AdditionalInput = 3d61543bd67cdec01c74df0fdbcd65856d4a45fb07bb020a
+ReturnedBits = 0d1ddc9dac90b63f603b97762e9f7554b504d9718a89c9d8f179a7c11dfe53e533f7071325f2c7a7ab4c84ddd327702065da5b9b7edd73e7d723cec8ad53da55cf4d99c44bec678d36291961d76adc63d68c17b71f0781b05fef97074106ef78c9d6890c3c35df2b2ec22050460da76d
+
+COUNT = 4
+EntropyInput = df8641153be92f1ac8fc07bbbafaee5f400c65a6ff07bd72
+Nonce = 277a8bec193d1f7c149fdb65
+PersonalizationString = 
+EntropyInputReseed = a7f0ede9bc677f85d78d4f823539e2a0b4d4e0f039db96d3
+AdditionalInputReseed = 5c1ab245b7e53e825586258ecc18055494d1aa3b669f225b
+AdditionalInput = a8c5ab3e6291aa458aee72d4c845cdbb54a6be5a140f87a8
+AdditionalInput = 4fc0aa10b91372bce41bdf0ea5b7bf8e7ee59b7153d8e827
+ReturnedBits = 0d33ae47144b118d9cdc5ce6c1076edd27af1e493c063ee54a07c939b6c565e5ed5af1fb65dc9f4c79d017c4231d14633deafefcfa8074d95182bcef9624fac8c1ef346f3f091a4d75e785487a3feeeadede3d0f97174fafbf7b1614de495d8302832ccbe9750ea5ecdd74e5a4a2f7f3
+
+COUNT = 5
+EntropyInput = 97ae77688724f0b1ca8bc89fd3d0dfc9f40644b2ff8a3c77
+Nonce = 01f493eac0126b562e813f9c
+PersonalizationString = 
+EntropyInputReseed = c20f8bd571fca7bef2c3a5eed39be4b7bdc182042d70229a
+AdditionalInputReseed = ab17a029f264a256e08cf4281d28f450ba719e8e8a4f6b37
+AdditionalInput = bdfcd1a25da34a414c0b3f0c0a154a875ad793cb834c0373
+AdditionalInput = 5b26db1fbe1745c607c37e36e8c57f18cba53acbce0324ea
+ReturnedBits = 6988cc09f66ba2a1a8c57083dfb82b029ec6a32c5e5abd0a40655aaed60c9e5510ad3d718dcf89dc96fc2d1605b0f80f3b79d8051ebe4041512ca518d1d3ff7d372865814fa63e4d117c4e8d21dd62419684382266ae12301c0b65dccfbb056b2707e582eb61552b7b1ab8c5b81dca87
+
+COUNT = 6
+EntropyInput = b2fc92f0c15db921b6b40cf7d2ef90bfaf4132d7b0e2df58
+Nonce = b12cd09d86d7db6d44aaef82
+PersonalizationString = 
+EntropyInputReseed = 8226cf7046617168e2f086e86527bc52bc29a284346304bf
+AdditionalInputReseed = 2da70d227ac84784f3708ecbe233698e0bce6fc876b38449
+AdditionalInput = e3c42b50e8a42219fbe6de60eba00b0e8078ee7e4f11390a
+AdditionalInput = 611e389f34af997e6c8d14a2ab497fab3feb66bff2df671e
+ReturnedBits = fd2ca0d11c9f3082313ff26ec3641ab50f31e9099dfe2c5348c7dbbe6cd4911b0d5ff3d21498dcdc1820f8c5a81acec28be95ef89aa87d15199938829ecdf075a4cb59e24cd9d70a5df65f3590b6f6aede983e59e4a24acca5e418c240d4f5b069c6f9a2fbed7cfc626c7cfec20fd20b
+
+COUNT = 7
+EntropyInput = 1441936e51a7b9ac18c784d48140b8ed6f9fe8e5a810d2e7
+Nonce = 281c1243e06912c1a19b20b9
+PersonalizationString = 
+EntropyInputReseed = b2d909aabc518f59ed6cb99fe65aa49c3fa783e684668b81
+AdditionalInputReseed = 711d9101dd66e4806884e68652c90d9fadeca2139236d6b3
+AdditionalInput = f1b44a5d5c55a0e48c7c6648177064a520a531a32ac12ad4
+AdditionalInput = 853c9835a7c9a7bf85273b6167f49c9e2b5c3a116e531efa
+ReturnedBits = 17b2b298a39bfbcf44535ad7e9735478b571a9b614584ac4eaacd1532df0ca142b5389a1132e20e8fb50037c47b236e315147d116262355b005f243d079b81602825e06e6e87c960be15ce28fefef1766f1d3d213b4ec2205436f7e970670038740e01b1a8a3a49dbf5d8cc2c319342f
+
+COUNT = 8
+EntropyInput = e772f641e969d48e539b9405490a05f15ccb234046b01a42
+Nonce = 3d2728c803e78fd099f7fb5c
+PersonalizationString = 
+EntropyInputReseed = 7700d73e963d9bd53c6feb8ce3889be6416810e9a14dea69
+AdditionalInputReseed = 4530845aa616756f3e0e9fc5a5286ae40caca0c86e31477f
+AdditionalInput = e2681ae0a5adbb139d1115da247d4fa1fb8fb6ca243dc5ec
+AdditionalInput = 7ca473017b8c7cac8aaeaa79698f96dcd9c8f772aaff522c
+ReturnedBits = e06b56b1ab4f974551b2087c7ad4fe5d8bc9ab10b121fb2f9e130a9c9043c6989792218041b5fa8eb2a28fae27118d203f659b5dff2fc1411a79fe9b87168bed34323cb806504e51fb67a5f60afc5978e6511785c3645438defbc0c1d79aeec3170a47c4e6c97307579a8d2958a05b4d
+
+COUNT = 9
+EntropyInput = 355b934ace4cb459c4b64bbb9e32474cce7e9f3c182547fb
+Nonce = 995bc81ef6627bfab6f57d05
+PersonalizationString = 
+EntropyInputReseed = fd10d8661732ae32cf58b1c97f512836049e8fc8864ffe61
+AdditionalInputReseed = debc3cc097e45ad3fec1397f4a3061d9ea5babe1378b2365
+AdditionalInput = 90ab8870fa25369bc4865d6e69fafa81cc52cbbeafdd3305
+AdditionalInput = c52e3faf9a2858f4f22255c0453641e14d198c7f2616541d
+ReturnedBits = 37cabee18ba579ebb4476f4a19261d6a98b9a4f7bebc08cf8222bf4b31fe497027cdd69a1e206f4543cd46da8fe62efd56c62af32ba980299fc3617d3f34b73ed59d8c9b8b4ee6e92cad0f90a50acbd6278a8e80c0f24062d38cd33778ef89b1d34b4aaf9e6b99f574c0fe78b61dd5f4
+
+COUNT = 10
+EntropyInput = 3625e6e80239e00f90ebc07036c06c67559324a33cd725aa
+Nonce = d97a8f4ef1ad3567d407cf76
+PersonalizationString = 
+EntropyInputReseed = c41806b28df9b0cf2ed79f5c29d7f6caa9017ce28ca8c4d0
+AdditionalInputReseed = 96239c7cdcae6dd3caeec7d5700d51a41148552b6c7cd995
+AdditionalInput = 6d22ec039d0d1587ea3dd824557fdc2b1d6df873986b7ec9
+AdditionalInput = 0e00eb97ac8a962088daae11ae055252d46b6bb2b438cc46
+ReturnedBits = 8472e0c91db07c55d549fde895f0128e048ef2783051fe57d9927b5a87f494943b3e99fd7f9a4a7395948cb1fd8491b309b326382b9e8893999fdfab35792b19a6fa903b052f1127cf2a35072c881a334af522332bf5bfee659ae37300de98d37e7f97ae96c4841ac9421b7f7e7048b0
+
+COUNT = 11
+EntropyInput = b7b5e782690e66c43128f2337d803d9445371f4a4a8af298
+Nonce = a45e525bd91ee533f623af7b
+PersonalizationString = 
+EntropyInputReseed = b0b0805777df43116c5f62644c4c26ac04ce4823b333f5bc
+AdditionalInputReseed = 22bc95a74c978d432f33e28c3785aa1887bc8c8d2541a2da
+AdditionalInput = e3d2a5cf4bdb49b4564b54aab6a385c67d1120a561ad0910
+AdditionalInput = a1d05cde97106226d3f40bb6f18d2281ee141522e2c4e0db
+ReturnedBits = 9dffaecc8dd42ab719be78f026e408ac6202c98df801b62e0e17478d9ef85427cd6ba1a3c73322746f91ac11a7061e27ef281fec53581b3d8b89673210adf71ee1b26e740866e09971dd917cc22377645767d6db584e6bf880907303677e205e421d34650f88395032b550558e5e9894
+
+COUNT = 12
+EntropyInput = 7b2d7346d34c5ca5d6b3613be91a0023ad6503adbe43b216
+Nonce = 5a0b849fc892b06b284cc476
+PersonalizationString = 
+EntropyInputReseed = e0daf0ab4b586ef67e5752087c0356e2445a2f5aa5fdb846
+AdditionalInputReseed = cb1e06f13bba60d1fb9a9e775075dd38a8bfe705857f3e60
+AdditionalInput = a13f0d5690f697f525a83bba81facef2459d64600759a989
+AdditionalInput = a2651012970c758745269ee659efb6bc795de93ead39b4f0
+ReturnedBits = b68a77ffd1365d5d6bc458f263f93ac95fb317d983655a891f77fef6c72110077ea50ea0f9b6dd5a05ec596bbe54c3b5f0712cc96cb3090cc4f04f2f87fc13134d42c2cdb6da6a87a4798b543fb8b9cc2bdf01520a28454bb90c6b3cf6ac13e1963f154c62ae3d08ec0ca7928f21bc79
+
+COUNT = 13
+EntropyInput = 9d30d0843b3f8b2ca15a60ce26312916df306ea8661c3fb8
+Nonce = 4c2d22ff5bbdd53f982be135
+PersonalizationString = 
+EntropyInputReseed = 0aadd3ed3844a3e6db5d3da5b590b4ecfaa8ab9fb8b9b4da
+AdditionalInputReseed = 948c2397cef227d8ffd5be195a2a06f8de767559b987c874
+AdditionalInput = ef20c5fa81c43931f223f2ace3c659dbae3fbbe4d1292f2a
+AdditionalInput = de6db9682899672ff2c557bc0385cce369fec9e9d1249bc4
+ReturnedBits = 608ff594cdf3e8e056ce057e2c3a33672df58f474aafc0fcd3d7e81270d63938008fa7fabf87e871812aaaea9c3ba3acb75cb1f27485c40c78eb2a7f33b3701476506ccf4525b9754a6edd3c06440d0904ab73ae11d636dc0a80fa7e138861857a3f2e63a0abeb85aab83bc75abee4cb
+
+COUNT = 14
+EntropyInput = c9482b776577847619bdde25ffc90eb8431ec59d8e92ae83
+Nonce = b2461c12ee8cbfed5998aabd
+PersonalizationString = 
+EntropyInputReseed = 1f6e03f6db3e86229adcaad32aab04a0b56210b0c6e05f30
+AdditionalInputReseed = ecedadc9cdffb45c114e6e21e1ecfaf7c20741060bcfd972
+AdditionalInput = ee0472df1c2722d06785e50c7a6b6c9c682d97acd0561719
+AdditionalInput = b29a5adaeec81040ea28537f9c1fc7cba2d5a5bdb81c0415
+ReturnedBits = 7190d35873ffe6bdb05031f37b0aa3b9837116281bea9c923bac2b3c3c3c022d17b9158f8a1dc1b7ce248f3e4be6c9c2e305ae7f4346ef0ba2c9937592db98f83b7f0078700086df36936962d548ab2528590035af65208d8ecda01d72e7dab73bc6d8617d99fa23b2d63992ad4cecbd
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 2bc55d9d061fae9c4d7ba1d67a3c9b3b30ed28465737d54b
+Nonce = 8a59d8ab229af76551a3c520
+PersonalizationString = 41ffc5e336039a8e0c2f984dc66198106d06e757cfc2ae6d
+EntropyInputReseed = 26dbfa60142dc5e3d2a02e32291ffe111a6cfb9d97a687e5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f219f77770c27457df92e94496fea69f0eaac39f65bee77cfaa0a4d7bd8bf48845980fbc08d6d7be4347310b3955a3fdb488187545201d662b06e6ae45efa6721e35b0c2c26c7f75f62a67133bceb59577d1af79af177d4b1e815ff453d0fbd6a5614da3c24a91add73b9ed8387a6839
+
+COUNT = 1
+EntropyInput = 25eaa84a5614b0f1f4a4b0766e2a056ee1dfbdb24bf757b2
+Nonce = 460ed5185d48701d76579076
+PersonalizationString = 8360398f0ee5d5bf20bcc8e177985d0da5762f72007eeb8c
+EntropyInputReseed = 9224a9472fb9e72bd39abd665f385c932d472aaaaad183b4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e9e8e57d2f3cfcb3bec5492e57537bb1aa8a65a06d991474062efb95af81179ab78a43023d1e46317e84addc4fd3d4799a72d2c7f48a82a7561c739cadbd986a6ac547d5cc522af30bd543a723dbd0b7a98509915df9133be0bc44e9082047592399bdd68bd97e43776badcc83d2ff0e
+
+COUNT = 2
+EntropyInput = 66d34534bf7ae44153e3b85d98cd6856cd724a681348a93c
+Nonce = 43a7cc159b2e17c4deb5ee66
+PersonalizationString = da4e50d70535c994202d5ccfdfa1e05d32f34ef3b013a9a8
+EntropyInputReseed = 639ed258a54e3d3e9d9d20a7f66bff9c9bcc514479b064a9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a278d0df3ffd93fad642a7f2940935cdb7e0f6c0613a45f2be28f771ff043ecca1abfe12ca90cc7df1593e189d46d6078a653c047d20633f40ead6dcb7558015342679135d7bef1ac35cfe559e63e0ecf824b927c2bac5962285add370f5c19f47822fc88fccdcb8d08ce88a7d8bf973
+
+COUNT = 3
+EntropyInput = 2152ed34ef7ca2b762b21fed069bd3309b627a1342054d0d
+Nonce = e7481fe1de46f38a018caf2d
+PersonalizationString = ee17821d3dc147781019fd926a9f879715382d93b8c672b6
+EntropyInputReseed = f0d686cea91a7b2790b6b4160d4860326bc7fdc1f289f6fd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 83ccb736f08293091b9c46642dce18fb1b8c65eb083af01597a1ff16a9324781758d8359552e70196b80b2b72039469286836d4c2d49f65597412013d8d0c567899af4df757b4ec77c2c435b51b356721c2a4890b94490bfee1fea6ee377139ef516c468d28ae84b22783fe4f5016d54
+
+COUNT = 4
+EntropyInput = 8f990c533228723a7cd7eea9129b85c4ddd29bb51b65d465
+Nonce = 6710b84fdacf8442ba0ea30b
+PersonalizationString = 7006011e529b76e51458f212ee7887865dcc27c631105c49
+EntropyInputReseed = 76014f10653c04b24d8ffe7bf4ebbdfab0403c55f0ccc2cd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 386be1b336892e23c54608cd3cfc5ccfe2378b6ae1a6a4bf74c3ddf202499ffb1cdee7526eb58f5887501850b77f24ce626bafe0ed8754fae323758cf19dd4da7e91a50ee290f90a3be5aa3615374940f497e49fadbff485ffd52e5be40192074ee7dc15e3e85ed1453ceb53b6bc2354
+
+COUNT = 5
+EntropyInput = 4c87ad56cf4ef3ab1efc2f96326e6023cc8e3d284a98614d
+Nonce = fe5a61fb8fa30ad9f64b2e56
+PersonalizationString = c2102942a6bb7ef7b6c860f34ae56419ce7bc6ff72b5c7d4
+EntropyInputReseed = e747026ada5131d2f2b645a0fa3bc47157689732016fbf0c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b07a3fce14c8f02aea893bab490550fa46c1f2812f764664b9c686c360f0239ec623e429673236aba1e457fb9b8d8bebda9ef62afac43fb1dfa3a5d7991746da8276093306bafe0ee497a22b51701382801678f12a2dcc04d9557ad58efb7077a2fa4f98075e2a49f66c8c79b0c47967
+
+COUNT = 6
+EntropyInput = 270b3feb23ed732c140befb482eb575f2fc28e0a134b0071
+Nonce = 48cbc3d69f2d2721668d617c
+PersonalizationString = e298f86c9360616ec4537df12618df483564a72846ed14fe
+EntropyInputReseed = 2e090543788807019130b94f4d9ff161d2e9381b2970e5f4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e6bcea10878138742bdfded287bb353129c80fee2b624f337a221b7c62c80a039331d25fe132dfef417a975425b31f84ca6f114f43537053a15b090a12231ac2618860a393e3edbcf7027edfc649158df1f2980afda003f81a188582732e8104375dd0bc02e23c691208f0137fc7204e
+
+COUNT = 7
+EntropyInput = 7bd0b52cc9fb0adf28da9b0f99163af7ca55fef15143742a
+Nonce = c48332b739e2795af6d60fa7
+PersonalizationString = 79dfe849c956e190000a96c7246eca31cc9abf0fc2ad77f4
+EntropyInputReseed = b68d28cc18a0be07f84a5928feccc3c945eed769b7fdf190
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8e730ce3d84385618951d3293404305972c0cce258efd29b53d6f52d4a2bfb97b9a12480d76183bd151517bccc907c8ce6f72839fdf5ad022a5db87e2fb98267a8cd6e519881381c5298024f0733f928dbd5fa3dd3910c4798c5ef285ecfd2988d9185731211778c6bd995a81204c026
+
+COUNT = 8
+EntropyInput = e0b28f5dac42ad02840d0a258692ea629ea9f693b2db6275
+Nonce = 24ff777268203949dea7c3e4
+PersonalizationString = 45c1afe8e1b9e1e2ead9b159feac7cbcb0d4adc70abe24d7
+EntropyInputReseed = a5cd04ab560ab9efcbd34ef7778f5cf7b9559d4dfeda136d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f9158eae1cee5371ecbff4293f604f81889b8b58010c296f8aebeb026582bbb7d0f22b715fd7d006aa4454609d20c0fe11eb2302700e3493ce61c6aa6aa1015a37ffa46847cb31470fb45181a552262202956287e2fe5bbd483693199a3c749dcb10694c918bf7d2b6baa3ffc16f694c
+
+COUNT = 9
+EntropyInput = b25bd89829a861056059a7d8015e67fac8d607e0eb026e88
+Nonce = 602437ec70574062df4e910e
+PersonalizationString = c1b86a1c8589e7fef01a663ab4a3582a5bd3ac230de17784
+EntropyInputReseed = 0f8467a5eb75c369dd4bd6e8005d28d287f92fa7f6ac6f1c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3f6b93de0231be9202faec18f9d034e6b11fafe7d503ead76dab9d6a79f1dc0767de3a149ac2fa88dc1a23b86953e7faef129052a45e590ef7d51b4b363d3b375ed081c8e6665508945837e89157e2f9062e4fd9aba551dda7d75bbe228a8023b3639ab9949d68a545790bc091e9ae45
+
+COUNT = 10
+EntropyInput = 8bd96e56705723e68536055ce515478120c775f53c0915b1
+Nonce = cf2f3cadf6e758b9d986ccab
+PersonalizationString = b4303b8275639b96b4bd137d1af645a0f176abb1f75e7c87
+EntropyInputReseed = b2675cbcdc184d72164f072834c10ae9836c7e0c125ac0fe
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3f852046e0be890063af5181f0f95fb02c712b8dba1e26732aa2f348ba3bfc6d6959dc01b3639358f14bb2c8c5ce29c1b168f942cd677af3e18e6ede4cefd7baa74ae70be525a91470758b580d628a29e1130ff64644852b9fcb12ddb167c881518cbd6c55135a484471aa30d2fe2947
+
+COUNT = 11
+EntropyInput = 7b193763abfeed3863623bcd2d630bc22dddd8988962bc9e
+Nonce = 9cdb070cf10d4a51220e142e
+PersonalizationString = d9c03817feb5700eabea08c7c0b677aa2097cb1663c44beb
+EntropyInputReseed = 48b35a57627e64a060fd6bb2c5fd9375414b3d237959d514
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2f2728510554097d96337765b8f03814c663692727e8d531d106f5d38a15ff7553a5901bb1d2e1855bf0799dbb94bf838bbf4d41c412d812aed3b6e68f229629028b0e2ee9ffa34a57ceca1be8e6d7b9bd4b58a9edd9c5fd8b984bf43666fe71ef1fea7bbbb9e7badd4c607f7a88c68d
+
+COUNT = 12
+EntropyInput = 4d4f2d2e83f863c5078707c628e1ee009ce61eff8d5c3c8d
+Nonce = b905848981e04b54212d155a
+PersonalizationString = db7f8071bd81e1f76e8b507a2cf00b5d30a7b3de264b62a1
+EntropyInputReseed = 4cf089d4c2f3df03a4d144a77055c7e4a157d27d060ad4e3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e2d3e243db409c1b98a699ee00f70df3b3a30e622d6df31917b919e6d565bce3f06e4b89e5e5e81fb1dd425a8847e160acfc0df2f0045055071e78dcc291d57bcf6e9ea683957a38d0aee189807145d06050bae3707fa9c42f65c9b7b952a45301cc87f57beef111451d6d787f7ed89f
+
+COUNT = 13
+EntropyInput = 2989c7e4aa1e9ed277d4a156dd6742f5583ebf4acf467b8b
+Nonce = 276f0ef848be591143ac1f78
+PersonalizationString = 22fb7e114a7a42ba6fd33729f2262e985b4b951c52952d19
+EntropyInputReseed = 561afea97db226d1afde44df564d39a6746bfadeb128ae79
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fc21000e033dc5da338c63c99551c07db58815cd1afb01c7c27da595aad1c60774ca0e3ea50c62e732e359d29dc9574a00411277f64da9b4c90deec2c91cfebb55b9b75ef91f7cd93b4a085dd05a44d182e53f7ffa50a38aa5f6a7e3cc4074c298b33bf58fc1965fdd2ebc812aa6c9a1
+
+COUNT = 14
+EntropyInput = 5c6dd51bc56405f56ee9cae35e417f0f16e94987583b3d12
+Nonce = 324a9d981c4ba0fea4c0727f
+PersonalizationString = 1c04d7ed2ad9e0667ec83e00eac3278018206f6b4e614721
+EntropyInputReseed = 2f1f90c8bf6483897b86d02374997dee7193660b6dfa9015
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 677ec3521bb6b5ed4b228fdb227833d57a63ea1b401c817d40ddbd7d2f70b3d874af677ecf13ff891ccc726c2e8316b200ad829e7febbef7fa9819ab801df5b147eaa149b3a9018511df0fa48cde9b989527caf9270c6d048f302fd81dad3f943c73a7a0eacfa2d7e9524a2fe8d47a3c
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 80567176b6347376b166b113c3eea83c175a1de8ae2bc30a
+Nonce = 125eb2228f828b9672b5c3d7
+PersonalizationString = 9da815ffae85de6f18f608f56ee2cd5b6c0442795c7fecb4
+EntropyInputReseed = 4a21df7666ffbd50871499d8893cec62733dff46ba2b825f
+AdditionalInputReseed = 2021d82d38fdf05fc21c30375dc8ec4c3bd0768e46dea019
+AdditionalInput = 2b4e1e4baee69d23a1f70cfec22d675e064b7deaff307476
+AdditionalInput = 89f0b8b3a0c6f54884ced4640633e6ff9cf358981d583177
+ReturnedBits = 6d84e421de1373aa513200a8f86e1358f58d5b5d9217e374e1e73abbede1943e161772706a9ceb546a57109f6f4e281ce95f0af13dec39b442416b064c7f304550f84ff5b09e140c969636c5593e00224018ec77608bb337bfa3b14c8ae24a53b89219e3d07354f42fb94bbcdb16fd76
+
+COUNT = 1
+EntropyInput = 099a07cf0f18d548113faaf67c9e278b30729d05a22a657c
+Nonce = 6bf03c2f750123f84e32f75d
+PersonalizationString = d495b7c10b73045902e5d6178c55b9505bace6072d790800
+EntropyInputReseed = e9ed6e7063763161a5791b788bde025ade0959fc12f6f1e8
+AdditionalInputReseed = 81cb8e1098635cdf9e6ccf5b6d4e62573a2f6b1e6cfc76cb
+AdditionalInput = b579a4288bb6cb2f37de180629ee4d935f366ce74994e9d0
+AdditionalInput = 9ed40efb585f65c9cb3db04a54e3243f813255865ff2b43a
+ReturnedBits = 836f00787297417d6f14f4a5356cc6e6a40d7f6c3585b4abe73212393eac671365e17d6d62004da9ecbdf636d52443142849e6fd256910d063afe1c5edf8b2963bde8ec6c00ef2ad2ff0166800c38dfeaed9bf8db6206e79d3fa3024626d2d89a308b9d31657d1cf0323640b1691387f
+
+COUNT = 2
+EntropyInput = 6a331305c63a4df9cf53c8561e05c0e2c0a14bd4af0b3057
+Nonce = 225e1dae0144aedd5013c9c2
+PersonalizationString = 7835b7de1aae2a08778b813a0e39b15c053070f6d7654796
+EntropyInputReseed = 8c5566f9c31beb2509cbff4f3d0805a7d10faf68e75a807e
+AdditionalInputReseed = 734ba1cc3c423d2760669f972dbf7b44198078e941c1d4d0
+AdditionalInput = 411c622ec28df5c8de59eb1515bce06deacf4035a3f054a8
+AdditionalInput = c43e5b82680320fe4628ba00c7dc37ef82e5a515c148bfd2
+ReturnedBits = 53783dcbb418e263a48607439f8aaa87d6ee20813a8f4d454d719ca54220dce438b578396af92fa47366b2fd5c9da6e8b2c2d8841c8868d444cb3b75a25fbb5d2eb169f5be3457e3e9f3303dfd6e63b0a21158bd764d794e559b43e89142a85756e3260b89e54be15a13f02be560a3c7
+
+COUNT = 3
+EntropyInput = c9bf01c1189043e1a89eafb3b4ba136e0bf0e090a5749564
+Nonce = bcd9dbdee6b7d08708ef76b4
+PersonalizationString = 5558190da5cf9086be52afc9172d192c853f7548368608b0
+EntropyInputReseed = 48165ee08c29f269e1c0a56041e9d04d099645b09ffa2d2f
+AdditionalInputReseed = be42fc51a75186a5a61cc4cad71929d5d81b25b81bbc1805
+AdditionalInput = 85ad9e42964a0cedb79ed9dc0be1cfd2ffab87fd535ef3a8
+AdditionalInput = 7e4f829a60f7e1d733605f087b1b668ea4ca9ee64da08cc8
+ReturnedBits = 5dd88812cf61d2c476260cc6f13efffd8a9d7ab8ccc826ac0928f16ba6d4ddb6b6b521b69e9b8e91b81fcca868d41b2765aaa0c9b6ba85d0d47663420e9e00f9cf7db31fc8f60912893ac79728994ea84ed401b764acf9d4f0b18553279512255f1cfc43c6679d35649b5348990e5249
+
+COUNT = 4
+EntropyInput = bdd4841f135a709c59d2588f46017201b1e59ab32813e032
+Nonce = 4656c0d34583bed1a56a620e
+PersonalizationString = ae2927cc67cc1833e1d28419cd02bcb2081885c9b7d0a9b1
+EntropyInputReseed = fe88c01f9ed4336d849bf47de655f19c7a2ce100d9ae442f
+AdditionalInputReseed = a1f9319a6742d23d511f605f2e7575b7be5f247605632a89
+AdditionalInput = 6cd25aa592bb1396318549c06be4968b98faff79cc944fbb
+AdditionalInput = e01d601bb148f3bcdc71a8ee729935c6381eb18b596a2a28
+ReturnedBits = e238c0f53ecf13872680b9d6a3302a00dc31f776bb21f5a8932ac6afe795230df1dc9e07c3b3bdc414b225d00e9bdfe590bc2020344ade61116f55cc5798c96fd75cd30462938cc1896353b28d71e1a44d725094ec31c58482b548a9b2776a99c5085f720e218f6d75952f0a1d84e1cc
+
+COUNT = 5
+EntropyInput = d0e40e6380bbb794c7e07208c13e5edc85c394cadeed5a41
+Nonce = 2bc48279ee83a781fcf97cb5
+PersonalizationString = bcff8a083971157d850d62ae0ed14926b8ccd844a91f7b9b
+EntropyInputReseed = b7a5b0341bd66a95270dff16c2e1212d720c24be1ecd54a0
+AdditionalInputReseed = 9f6033aeb5ea5a2972c54e3997840e15b9bd9e3d1bf4bbef
+AdditionalInput = f7371fdf27afe3a9ff94459a49cf09b892e0570418885036
+AdditionalInput = 020a112d8c6610404eae5f63086c383e03821a2476be04a4
+ReturnedBits = c7761e1087ac20245d53f18eeccb4be33bfdb3558f6c8f4c3829e834291266fb45c95e5c4804e672c4b67b7828a3c9f7edb70f4aea2825123fd8d9fbdf7e2de2e3e088a38a4c519fd49777348975f937b78c240df76dc6dcb8a852f3986ea759f2fa2f899dd41934481dcad17abd61fa
+
+COUNT = 6
+EntropyInput = 83866d31ddade658c5d72c7a4a69b9087e94bf2c8cb55557
+Nonce = 63702d87dd1cfab83364df15
+PersonalizationString = c829cc1b5089bd16fe77f35a642fd13b243d8a953c059a76
+EntropyInputReseed = 15735cc973d2c91096cb5ba5351af32378df1a5b11fdc9d3
+AdditionalInputReseed = 0cf2848b6374b8e6a9b09437c7edb96c4975f0701072a9f3
+AdditionalInput = 8aaa52b45e75eb58ff3b88c674cb0e2751a596b5f2076a84
+AdditionalInput = fdc08cb748da7219ae28583e271963a332753d29b64926f1
+ReturnedBits = 84ae382aec0eabcbf5080c9a515adc92541e792f5656e7f81891a8e99585da4aa6536ca8651d8e38b2fea904f46a714d31c86291378c8fe809e01bca2199df6b5cc6b11391da30e67e6fcc4f87b1805756a28c6249029705b865a64c358cd4fcf63d25700cfecd35688008e2393af8ff
+
+COUNT = 7
+EntropyInput = 62f9d21c392ce88980a1397fd39add5d66449b8ba95abb6e
+Nonce = d4f0355546680d5babf121c4
+PersonalizationString = 98bdbeb2b4ca33631a2145a0fcde90f779ff3c16f93f3b8d
+EntropyInputReseed = 2dea731fd5f37e43bbc395777abc5acc00939724edc241e6
+AdditionalInputReseed = ce80da898cac70b7eaa0979f0a086af573b855c0df5e289b
+AdditionalInput = 74de50b45d817cd2e81cbd7e9a11850d73519baeefb682f4
+AdditionalInput = 358575934503da4d5ba47795ae668a374a4166a4e1d9a6b1
+ReturnedBits = 8aead2a1cef2e59ea7fad3dc899d9362ec7969b4650d2d82f7b307b8a6b6587bd2fb977fd297fdf2c6029c4acf299b8905a31f1d65fb9ac22ba220cce8fd84df36f962d879cde3d3e0261e484961c6c1e4b79aa343b0814d44744e230cf82ee1c9c1594b95362e0be71809623c714946
+
+COUNT = 8
+EntropyInput = 1305766b7e952a676e65905ccf1bc50cb5936ed1f23b8c9c
+Nonce = aff73b1abbfb622da9b0ff53
+PersonalizationString = 6dcb310549675c56da51d08020b5e74020aa697c75a98f64
+EntropyInputReseed = ad131e6f1fef8cb0cc9411cc9bbe96022f912a0fdf312c90
+AdditionalInputReseed = 458cb247fbcdd8e01766e3bfa7f85fecd887c4a45230f59d
+AdditionalInput = f090b65d8b2ac7ba871bd261825549d13100c0a7fa065eda
+AdditionalInput = b3b304afa8ad0df4bebae42135795484c59fe19da365312b
+ReturnedBits = c7efbd868ce657ebc17cb4629027aedf69860547daf1281ad85a6ddc105b8959bf54480273543c317e85e571f19073445d7db8b002f7ba14b58a23bd92e5d6924093dbbb1b2dceee8bd8a9d8f5ee5b644118eb9299ce11547d74f3db0969bf429c68c35629b4811f404a3266252f2054
+
+COUNT = 9
+EntropyInput = e376320bb33d8b9cfaaaf8507e1f8c7fba7c44d43ee473c7
+Nonce = 5e6d60239f752c8ed33af4ac
+PersonalizationString = a75a88e25fe595b2ae5f1a6ebb8255b61691710f11213ff4
+EntropyInputReseed = 47687a70be072729e0f54b6a3a92fba1907f3f2d9c28ae4b
+AdditionalInputReseed = 169c0c80eb7345963ec48804c0ae4a614667c520419b67bb
+AdditionalInput = 9a49145bc32072821a2343dc4daf37df682b3a97c27ca399
+AdditionalInput = ab31d9be3d485731c3d1a53264a4ee5fc582d05f74f658be
+ReturnedBits = 4902aa3b1206183a40b895b7f833f5f46d838b06583669fb0cc097057e8be301df3658c985fd12caf75e0e3a3d846454ad5c403f2050bab3f6a24bd50c5334e6c00f90449dcbd2add3ed9cc480161416183bfba3926559171e2823abbaa97da73514589d6a163960fbd9084adf5d7cd2
+
+COUNT = 10
+EntropyInput = 3bac99965f7a523e13f6f3f9a8aeceeb3f6efa1818986f20
+Nonce = 199d14b7afdd0a029f1a18bf
+PersonalizationString = 153f3a6071fefc330acab1771d6ccfc016347dc0b0093c27
+EntropyInputReseed = 5ef49b621c909beeb34efd4fb83055212ce0afc700969a3b
+AdditionalInputReseed = f674eb58cf47d558093dc6071fd6361df2f68afbbfe99141
+AdditionalInput = c1721a6276a0cf3246a7a90502dae8491fb963de06a3bc3b
+AdditionalInput = 6ef4ccb5cfd5ef5e8469fc85e8ee67285ac10a4fe8e3827b
+ReturnedBits = fd1c183376d41aecc6abe7dbf64679c969164af5c8150fe9cc8e15ebd6eca6b83c8b8310b4ed93d75f9698fc605056ef62528a1f87c947ff53472fc6b4bf50759e4924e742ea4475ce09187f5f8b3a550cb18aa0a2e7020b385daa6b837c4a22c9cca9224bbce67820648a389a1daf29
+
+COUNT = 11
+EntropyInput = 5edd69f9cbb98e5bd7618c2bca6e59e9eac92224e0fbebdf
+Nonce = 74fd8f0205a22656afe61b79
+PersonalizationString = fdec49f9e9963bf96f0f7f4dbc0b0eb8a1f28edd5cedb771
+EntropyInputReseed = 367997535a88dea4027995fb3443992658c9ac9d94a4f28b
+AdditionalInputReseed = 6cb79f27c1bf1b9c8992a07ff08af46d5888e6d24ba92871
+AdditionalInput = 84bb819a2a994107e4dab02cc272e3253f0e2dbf561cdf76
+AdditionalInput = febd4a22fb1acc88ca753fb176ce493e0d0cf59acaf41eb6
+ReturnedBits = aef58c0a05eb9b51f3f05e14f3f377c228954a60f7addec58d5cd1dacc17df91660caf772faeab1f2670e075ac2a9e129b757f59ab21318f294f5ccc65b4c15b37220e81123eee627237147ed68b71f5a9eb4a3e01d1aae6a8ef0c627cdb61ccdf51f9afafc476c78b76a76a58a4b3d7
+
+COUNT = 12
+EntropyInput = 06d32da9586c477df8d17cd62dddd7908ba54fdd6802df2f
+Nonce = 6f0e31e6d495804049dfb0da
+PersonalizationString = 47037a9645d758bfee26a2671df70577aceea8b63dffbdc7
+EntropyInputReseed = 44af2d3124b715a45c531dd218b79924359f8bb372540136
+AdditionalInputReseed = f5b262e16b56e72d2090d491851ddac365d9286ec2c989fd
+AdditionalInput = f7011c9804bc1366c24d12cc02e8352571e327ad7d0efba3
+AdditionalInput = 9480d6801a0bc70fb62840bca84643d8b63015b3a7546690
+ReturnedBits = 2bc9f461ee3883219fb68d89e8623a058841e30d8bad939ec9d72c4d959af63e776570448a71bb92d6c93c9d326f391f8e1ec24771ede4cdadd5cc6cc98796e9827210e95dc41d2e707b6d96a052f27d45d6789b6a69a6283db665c03c3500d3aaeca72c0633a2fd73b39b5302472824
+
+COUNT = 13
+EntropyInput = 8c46493a1044bde81852b7b44ff2fc4eeff02ef558a62144
+Nonce = c26ca1c1786cf443de8d4a7f
+PersonalizationString = 8597a291556eb4d407d113748c58761b3b36b4705b4cec42
+EntropyInputReseed = 3d353357a1ba880ee9ed80fd72dfe93fb8378a42148d52e3
+AdditionalInputReseed = 0eb9c35b1bd4a4eee562fc60944986a13abf26b60abbbbde
+AdditionalInput = f3e5e36e05326f7982c42aa27b22db33bfaf0e092eaed4f8
+AdditionalInput = 123bd6652b72c7c0182ef0bc22b4355eb0301e7b751604ac
+ReturnedBits = 7d20d18b9aa4f1629c419ea67e9f7a07d69008dec5e8f5431bb7d82f447cc636d035452605835896df559507269435aea5e3efcfebe3cf00f8374226d9870f43679d8ef575cfdee2c72756698744b253653b460d8b15442d591e86bec12772a8aa21e9f9d01df491bebaf2e13a6a7125
+
+COUNT = 14
+EntropyInput = d0cb2aaa38ed8c9b9f64ff39f4ac48808ffef2fd04d0a4a2
+Nonce = 9dec893517969e773aaf352a
+PersonalizationString = 46b2342303de2b0da50044641a0e2baedd119ecada2f3655
+EntropyInputReseed = e1f314f98a7852d6e72c5fbc3d16a71a7ebb591d0a6a023f
+AdditionalInputReseed = 32e1aa020334d0ebca7ff51f1d4efe491963a9c63656b287
+AdditionalInput = d25fe71198cd3cc3330d0f34eccf3b37a93dbe1479e6d1d6
+AdditionalInput = e758eeda00542c0b4cc56b971c795ca7f28faa5f63924e9b
+ReturnedBits = e3906b881a37baa38d3fa07038ed03f4c00b2944a7d9b52e4cedd1a064f1da07f819fac00ad96a98fbccdd7310f48b30c98de64f91c1768e82c1b43ae67ad27094a0ddddd6d5891d376b6f80800c738ce86092753b74901b7e7795b3f042a16c8437fb2cf9d8ba696c62d8ab9f5642b6
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = dd32264f0e091b7329c16b3fe0f33db58a900a646f420a7f
+Nonce = 8f2a5ca766bc07399f7d50e7
+PersonalizationString = 
+EntropyInputReseed = f8c404012ae39210122bdb5e478d9822bccad8f364f64c14
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4bc435ef95719ed095d961c86129c5877486f87823a6753a57a332271f2ab11d4b41f2fbf6c21e0f0af6a2af11e459f24412369c31511cee96f53f83d2bb26d94d4805168dcc7e982530d2497751348461c56349c45e401c6bb9abae95a99453acb3e580f93822d93699441886049baa
+
+COUNT = 1
+EntropyInput = cf80e237af867bdd85c593047939006af3d981dc044589e7
+Nonce = f72186ae42eacd6bc2d94a07
+PersonalizationString = 
+EntropyInputReseed = e1dc0d6917c48f778d7d59a4e9183fc2ebd5bc7ac7b317e9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ee480d78dc6b15f3f6bfb15eec10abe5c260d4d1224e4ec9fb2c64c6cc80cfba24736b91ed26208e5bcb472a3b07effb2e3636a177eab2ebb44c2c47bdf907ae3816e3f6819985252b56ed4430a15127f363d3dd666a0b4bda70d6a4e96b183aac8a17d070521b5dbbdd391efdb237a3
+
+COUNT = 2
+EntropyInput = d85d39b2146867f1f307683c4a5bd05cb357a7cf38d87ce4
+Nonce = b9bceee9755ff17fe8d6d96d
+PersonalizationString = 
+EntropyInputReseed = de205a4fb67118393411439b71c1a0eedf20756dd366da2a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 851227813526f934efd0bfe0a61659156b3eaad22c2d7e619cf42f6d4f8f6cdef69967f9c17f4ac4831cc0a02d6e6b362f41f41d61e46f6d452d035044ed2c5784c8852308900584deccf7dae84b59214156fe4c619feaf81ca1a23bc8227517cdfe7555ec5c66cbcad0398f704063ea
+
+COUNT = 3
+EntropyInput = 059f6003243f0cd79b9f0c32b4056f3757c319e966434b98
+Nonce = ff6c5920c55b5d7cb10b83d2
+PersonalizationString = 
+EntropyInputReseed = a09f46951ae68f3cb21d567d6c13cc5917c427c29beaf27b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1dc23ea76fb5543208fc2f9f0066fdfc5a8d96f0505fcd53ea7a8b9d8f46c1965783c660869a4d5e266755e704b89552bbf693bf2c710a07ca0d23970cd33141f866a0f799938db361000a9ea2432094f1f59668e9987e79d23cf19126ed78ee8af26721ad7bf75692d02e414c1aa410
+
+COUNT = 4
+EntropyInput = 8aa2d9df152233f225c83a6a25d8b55c26a5f4738476abe8
+Nonce = ab613737059589cc7c6a2f50
+PersonalizationString = 
+EntropyInputReseed = ffafbaca9d80624f189fb5000542f7d73544497a9348599e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8647afbf8a4b2b24286d075c1502c82e512ffb26018a5a37fe96d1f234f5cec78f15f23db750a79209e0eeb0a525e50b23b338b91608897cd613453ffa09aae50f257625fbda2c1172d951a66a764026be04ee5200a4eb00372fc59bcc080a8fa1cfd294c67a0202ddc5cdba21b36dc2
+
+COUNT = 5
+EntropyInput = 963baaae11e5db10f8c2044cd025a18738b36198d6d95a95
+Nonce = 3bdf2a0c81559b54c0d0990e
+PersonalizationString = 
+EntropyInputReseed = 7b35e5e4d392ce8c51c9a1bddf8d7ce1eb4c7f78ebcc0724
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 78d3a073e3dc2930466f8bfb69157917252b67b8707e91e260f2301d745559b5d14955a2ff5c7ce810a7210bdd226ae9325e3343262f095bc68e5dcdc6ae4413d7558f0544b6aeff132c1b7d943890f6dbcccd26b61dbcbe839af3607087d6be32f4b825efe1f00596b1db568e5baca3
+
+COUNT = 6
+EntropyInput = 3ea6fe175bf4d51e145f2491461805c6b7b29ffd829e7833
+Nonce = 81e68fb149d378891f90286d
+PersonalizationString = 
+EntropyInputReseed = 2f024c09c66651dd4976a3fba97ce02d2ad2dd5a3885432c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 12938c288760dd34e1076dfadd603d8706ed432246c6dd0cb3c18c21fc42cd711b9a6cbe040da65710d61db1be9dc6fd938e4bd302e409f5402de6f070b9fd8e896645c2287b8df55d4847828372753e269bb0705550d7724b233d14b47fa7779f738bbb70a5793a0ab92ff805fff8e7
+
+COUNT = 7
+EntropyInput = f89d78f2ef276f7a49a7c1805c2bcad8aee074a3c56be2d9
+Nonce = 0488bd1ff4a6d98a852643eb
+PersonalizationString = 
+EntropyInputReseed = 9ff20a85332bb91586e3f57b26b05df036e76ffd8723dff0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6758d40fec79a44b038efa922e07fd35991d5babdcc2508e7adc0a15bb0344b26e40123ad94cba160630efe3eac445ddd06c398329b4dea8e251cd6f9f251c7506369aa179e05350a87e58e45823c456f0211b5e1341828227cf762af8043bd15ba4c9dd5230b742a35b4da7ebb28772
+
+COUNT = 8
+EntropyInput = 435ff8048d71035097c1b126284fb5b0d2ec44b57ffb655c
+Nonce = 0503a06339b0336ab99d7abc
+PersonalizationString = 
+EntropyInputReseed = 4533498e6c559dc467aceb25c7b919d4e6c6995d2a81239e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 053a14584df77a14dea9f4297f79ac6fba8aedacecb10bc6c83d13595118c3a30d124a3fb5378c03a453f6664fbd0f4e1f7cabfc2b187dc0284a7b6d278ac37323bf7212b430102328afef1ccdb3be872ae2ba59c37cb2537d7a51e7eacf29747878e4449da15bd2b05c0a098f80c6d3
+
+COUNT = 9
+EntropyInput = 4a5700156d33aff5243b8d88657b16a598127e574cb5e220
+Nonce = 43167b6e4ebd4c50a59aa9d4
+PersonalizationString = 
+EntropyInputReseed = f966ea4adf63363a050d12382d7068d6c9c6e7cf850be90b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1342c78c7121c6b9363474c735c994f2c89100cf6c06344d326c05bf69b1ceec8d00823c1c816e03ccf4d13db674d7708a4c209f88404914da82bb1b6ed6fe01cbfa10c10a727989398c5ae64b7b57c048e631e3faeeab4c34df9dc5251d4e18dda3e4f12f3bc5e783d02ed83210abe3
+
+COUNT = 10
+EntropyInput = 1c4405caf62d73d1ada68eec295ea86f0630aed709941763
+Nonce = 2df6305cffecd5d821dd862c
+PersonalizationString = 
+EntropyInputReseed = f99f06dba62537afaf29c55965d7eec60c19ebb503e80c34
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8f043b04fae73acd55312abd4518fd458c6e869ce7d8f7d089a8e64ee9d4bcd06d15f2adf8862d923eb6d8d20fae3f459b7eb47cb0d9ab9b57bb465fb829e1988653d1e36f6f872666a82d3ce4ae7cbe332f0edf8b843da7537f1721a43d99997b270d3cbf75d05513643d0dc95871cc
+
+COUNT = 11
+EntropyInput = c9a2b74f3ea0fe38c3bf769cbc679b3eacd3bd9659d4ede8
+Nonce = 21011d88fd24c59123723349
+PersonalizationString = 
+EntropyInputReseed = 72864dcf7710f41d98780c212aa31823fc3c22cbf4ad7a06
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 02a24885060377fe17abd2c6fac586b8f5108b04761fe85e3ab9978ead09ddda3cf00cb08533e0e21d5bcdce7b33af5cbdd4564a024b84a133f7b43a868a2fa9259cd39d84a49ccbbd2b7493366f1dc26a770bdaf6ae54432282af5ee2374a747b068291f5daa96a9764f48bacf6ca60
+
+COUNT = 12
+EntropyInput = bd752adb3e89d855cfcca5c51668e624bd41c03ffb0538ec
+Nonce = c7ac9c28b4a4d6b9180dbea2
+PersonalizationString = 
+EntropyInputReseed = 338dd6bb923d5d257a963310f11b5f49061691049eb020a8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6359053e4fa37c05a71c375461636a4f73b8b9f2c2d44fcae4fe37887e43ebfc78a697d5043a74e79f722b9c33c3c31656cab14dca0b629f771387e285eb872bee0102835e7f034e272572eecef1833517ad1805eafc601ff31ed1022c7b47360ed7c03e5a557822bb4d1912cb4edac1
+
+COUNT = 13
+EntropyInput = 8206d0f6129eda9a36aae6e81faa497a37adbc87178769d2
+Nonce = 6ddfb0e6a8383f60b0e08912
+PersonalizationString = 
+EntropyInputReseed = 225696bbb7125ca68647d67b85cb047ac5ce8dd373676233
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 740a12f60e7a0dde917210d1f580f7d02dbd6e7de29fbc3828c106acc308bb26d9a9f37e78fe47f55aa68dad12a5295ae092ee0225dd8cb3530d377f53de719fb8402b8352c9cfef167024a0b018243c13c647a3fae483c9d20c6e9d5bc4ce8e08c927ac7dfa3d18e3472aa348e43297
+
+COUNT = 14
+EntropyInput = 815efa9d0f261eaf51c50d22899dbcba39bf202f7725ec6f
+Nonce = c7714ce6bc7483960073071c
+PersonalizationString = 
+EntropyInputReseed = 855c7271562ea2d2e62f00b2af47166bcd21503f84af4276
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5c9db0c5b3b8a313da526926205fe52c5cd0e54f5aaa40b74269432cddcbeee2430d4f36c739fc157614f3863e0213166df4368b073c7b6f18c1519acd578f790ecb729b7c35a8137399d4f08b2af98d2aca981d36ffbb70d9bdba9d7ffb54c33112db8e036360fb2634b4a24d5128bb
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 1eaf70c6795e86e723cc9f13330c94f7fc86885ba46c90ee
+Nonce = 829eaaf7b3c00d4d4293687c
+PersonalizationString = 
+EntropyInputReseed = f2f7f156af697abb2b5593724c8c6e0aaaaa1fbe1dfee3b7
+AdditionalInputReseed = a9d90ef9d48cc0723b4ff35ae45242fe88d2dad5b04f92cb
+AdditionalInput = b895d86be29d3beadc120572da13b54c69f47f4219e77788
+AdditionalInput = c48840b321e0d323f720504d03f86fc8033b827d861f62ce
+ReturnedBits = 7ef4fdafd899d23ce22d90a61847f2bd2766b841e2ffcb6f9499e5658103f430c1fa2dd100a36349c8e60594e0efc34256772878e16f45c7d23b1b85e4f5aca49a13071378561880aea14303277145b17433456b452fd538fbf2d30fdb0a40540527858f0322e3b900739dbbfea8614f
+
+COUNT = 1
+EntropyInput = ff2cfd158c9ae40daf14c2c7449f2df33a0129e53836991f
+Nonce = 09821e5728611deb78bd0458
+PersonalizationString = 
+EntropyInputReseed = aff9000cb21aa8f0dc3bb9d31934da2fb169ce6efa0fb6d0
+AdditionalInputReseed = 4e65110883653802f8321a2b89b237eb004b27b1d33940ed
+AdditionalInput = ce9aed15efd63cfe787e26d935533526aa5ae20305bfc192
+AdditionalInput = a434a4d087f6d740b7a28c5dad09e60c1789ff5e6e8b2c2b
+ReturnedBits = 73b77b5c73c53b20830f18b2ebbbbfb76f2366786c9cc73d6c826647e199e7415578bc4ae774c16a894a071205272eb8f74ad4b2bf8256c4623835f983c280cc3493721555b26cc6ba83b258a38ba8685f37fbf746af830f25df421630d58c8c698100f10b5ac5e9390918fbb442e4af
+
+COUNT = 2
+EntropyInput = addf5571420df808796ff7cbdc2b4c97ec966cca6af8a474
+Nonce = 1733ac88de535b249f103470
+PersonalizationString = 
+EntropyInputReseed = 20371a4cd7067991c789130fca6b2d03f3421c116247d6e8
+AdditionalInputReseed = 947ff99073f7908ced85ea09476f4d97db9be1793597dfea
+AdditionalInput = f03b22b0cfed96fae4dacc1230619d4e9d7d5c2bba5da950
+AdditionalInput = 41f2211bddacc055f4ec3efc0faec4475d971e55b611be2c
+ReturnedBits = 9d503ef25d01e069182664e5f5467347aef73fc9aeda5194af883d89118a9dae9713771b8cc221d5b34d33cf2abdf33ee6ab609d5feff7af59ea21f4cb43eecdca0c7b1b7eae70615a507785e92f3529666d7e81a2fe0cf81889a692d486ec290155f09a1615fb0dcb5fac42970e056e
+
+COUNT = 3
+EntropyInput = 42d7dd88b8d21dc995c52a77fa845b318a92e8f1bd865ac2
+Nonce = 66875975e13005aa12409aad
+PersonalizationString = 
+EntropyInputReseed = 34a83100189d0583a411c91cf5dc0e11c359174f5dc85c51
+AdditionalInputReseed = 905f364018b7c0e481fcb5b1dbc62d2643142e620c377642
+AdditionalInput = fecd26b2cbdbcfc4fca630d1b6cc3ef4e427b37e0ca60655
+AdditionalInput = 2b74ce8ee5dbde45a9de203414653c4febded3d21525fce6
+ReturnedBits = e8272949dce395f3e85c73de906941fb9232dc257eb6defcb88d30bcc79db5bcbddd0488a680334b5dc80fc4d70ef734ba9fd925e8c800c9a3faf54c58e5c50a8318763d165983c6a6a408874867148562ffa236bd764939dc68cafcfb497ff2fbb2cc92d69f4ad6770e8b47d696a8e2
+
+COUNT = 4
+EntropyInput = 69a1593a6f81316e8a362269e6ed8de64f40f6f2301bd0d2
+Nonce = 26668affd533eafa9704b3b5
+PersonalizationString = 
+EntropyInputReseed = d1133d5d225da27f4810df93a0557d5829797e2c2d7d36b7
+AdditionalInputReseed = c707bf97898f86d6262bff09497c29d39bb59be92b01adc3
+AdditionalInput = f38d44a77c73c3b179495b4ed296a320cce783a812c0d64d
+AdditionalInput = fad3f68f9472f68cb1ab37edc56cc7075d8fc1f112ade099
+ReturnedBits = 1be5e99190b1af2cd979d02b6b09b33f479861a0e49482b423f0ab30c15cccb0da09d04fe8b5081751eae8304161343baac0eb77e39dee028d8d0d7a92bc0c30564c3b716a053ec3114952eef839d5b84a8378489bb2ac10d997e8d59172657496d9daa8d23d78d70b77b842f8bbfa9c
+
+COUNT = 5
+EntropyInput = d0ccfc7f6a373445acfab7bd05bb5c0bc0cabed8cfb42e48
+Nonce = 8793ee0bac708e370c253683
+PersonalizationString = 
+EntropyInputReseed = 8593f5a50db69810292180e87577ff8370f35e466c2177ff
+AdditionalInputReseed = d0dc76c33ab0c90eeaf3830113de6054a128290a80ac20c8
+AdditionalInput = ccac86489666c2a6fddc3f6e2570c2307cda24569403bb5c
+AdditionalInput = b8ced867c5c6cb136175d0d6ffa679fded3f56b575d9e6c9
+ReturnedBits = cd3ba2bdedeea628ead423161229e1255f1dd9a4181635dd1c976d289005c46c390d023ae1226de2791d1a3cb6aca0c053730d254f21135df8abcce606639617aa59847fb618fb8c2ca5b89b68459925ba9a878f4812cfbea8a06f6d1fb5f506ab29c7bac891895a36982bbae6a20711
+
+COUNT = 6
+EntropyInput = d7526cf570e493d964256ed5a799d3e5fbf919bf608623f1
+Nonce = 9f469c4346c3813c44586d79
+PersonalizationString = 
+EntropyInputReseed = 82e45bab8d347f54b8719f3f7fa9a83143380e7e0c8c92df
+AdditionalInputReseed = 45c769abb8f6a3731e385d1714d775506180bd4517bfe377
+AdditionalInput = 1d499db0cd565d75f2050a578ecac88353818f44079bdead
+AdditionalInput = f6d4e231e3808b5d46a3c0a7eb1351aa2d1c8b457b325879
+ReturnedBits = 54eb5886741684672aee8a28cf2d769c9df417eb3767b987e4789435a82a9a0770a685bbff2688494ec2b1d49dc0e7a9b2dac63ee7df0363da40757cc77f1a972815bf3306c9c14176ead4f9a282fe2e92f5d626823e53f8897c19267139dca7747fd40ea72ffc25fc3a337a2d9e4e95
+
+COUNT = 7
+EntropyInput = 0c9372869327533a59970a02ca04f1600a4dbe4e22bad859
+Nonce = de6215c3b9c2f1534c5b3f4e
+PersonalizationString = 
+EntropyInputReseed = f910b5aa4cc17a8b1e2d4714177d8d14f3928537139bd654
+AdditionalInputReseed = 62189fd88300ab40865121ebb175d9004e878b2195b5c376
+AdditionalInput = d1598565ee6722d17ccedf404f1faabaa50dc0281e9e47c4
+AdditionalInput = fae721bd6e80ae962790eae0f343192d7b7fcacd8117c6f9
+ReturnedBits = e6159057bdae6948915d7e6f0607d8eeffa9daa5afbcc00941268861b42ed7783ca6905d46bca2222da47da80e90d7292f225a0d1e2fbb81fe77505a641a2e4ee473874e1bb118ce73439dacbd9449f65f01c8897ed2274fc10a71552f12782a2a1267a09e3a5ae730deb59a582259ca
+
+COUNT = 8
+EntropyInput = 2692e47a6e772202e2a65cd6f3f3749365f318172082a3b9
+Nonce = 50ae7730d89068c45d79e80a
+PersonalizationString = 
+EntropyInputReseed = b36303200f24c77759aad6be65866e11f1e553b0c0f071ee
+AdditionalInputReseed = 90ddf16a459bcf0306eefb363c8b3e82f7695008ff2ab7e3
+AdditionalInput = 45d4e5baf35d41286a4d917deb4d3f3dc3a77f82d1a46325
+AdditionalInput = 0caf63bac44f089137407c74e90c1e47d8f079a084e77fc4
+ReturnedBits = 40175297cf653344d3ad29e9fa86abb96be3d2e9c6e7cd308056ce92f902c187cd632d7c759426123316ff4fcd7e1c733873ff642efaf8c7b8514f129abc8d71837a3bbb2b573e638917993efa7daf0e3ba153b7f0155759869beef611ce81732a1f7a81916ea99f09e8dd99822f124d
+
+COUNT = 9
+EntropyInput = b2b03d52be69876c6bf6b16cb12a8e536b53f6cc82f3a54c
+Nonce = f9abe6be30e18988792f5b6d
+PersonalizationString = 
+EntropyInputReseed = 56654f8caadf872cda8ef55072cbf91bf50005dbf115e1f4
+AdditionalInputReseed = 18ee53bb6366197bd2707c456d89fba7c08f348d9e259fba
+AdditionalInput = 3ab4b6daf1a3b52f2ee6a1d1731b0a7d24dea9a5377babbc
+AdditionalInput = 033463f9cd0354ce3163b9d03a9c91c9f6d5a5eb3a2fd7a3
+ReturnedBits = 68173341a4c218bd2773d887fdefab9c7ada6f6ace89f4be8cd7b0eabf7946909f146dc68155f30ce29d279cdfc344a3ab46d53ae7d254d1c1c32ab0f039d8d6e200df7de6665fc386cf46b310fd708ae09802502009d853376818e1f1a6d69e6635d46b3d061864226524e0cc7b95df
+
+COUNT = 10
+EntropyInput = 04f582559d10d842b92d719fc4691646e192631ae79ddb5a
+Nonce = 6931f5e294b422346ed72a8f
+PersonalizationString = 
+EntropyInputReseed = 6f0b855b09428394ac34a29c5529bade63426fa2664a2299
+AdditionalInputReseed = d03ba3cb73a7408dc199757ce674edd72e32a10db383b563
+AdditionalInput = 7803efb4feb2369e3be4221d6be55a6fbd2dd4fc83988239
+AdditionalInput = 5f804877f232f76698fbe1b43690ba951aa0be0628c24721
+ReturnedBits = fd69f99593d37a917a4fc57fdd19bda59b45274722e28b666668039fe0b56a7ed0b96ba31dd6869bb314a45263a38b1ed661c501ea1a81db09843e0068e62f9f69fc4be554c18f92ceeb0d778e3b21bb6853a10e1dc238b703c713dac84b52b82a32abfa54fabbd225de1883f9eb66b7
+
+COUNT = 11
+EntropyInput = 07bbc7faeeee046fd96a1114bde5f1fb5ddf5b7994ba2960
+Nonce = 3c8292952b41475dfdbd7b5b
+PersonalizationString = 
+EntropyInputReseed = 5aac4650128485cd24706f278a076a030ddd31ff56bef4ee
+AdditionalInputReseed = 5d8fbf25250538592ea1dc96c04d034f26da9940aad5fee9
+AdditionalInput = 67db23cef22e84445ea5c984c9d583779f80bebe15edb069
+AdditionalInput = db2e026e9c24f236f52d10080ca89fd26a118391e6e5bfae
+ReturnedBits = 4b3c4d5b152fc757bb854e3bc3a1f596859129210694e75adbf37853c5481bae43c49f9ca5c4d0d28f64df00a5b58654073ff58969776581d57d3dd9f7e1d45cd1110a2673da712d7367072f19ee784f551473d6181bff3023ad97317830a18e2247c2376375d0bcb5625818f302a57a
+
+COUNT = 12
+EntropyInput = 29e15065e4812b92e9dcad9848b899d23b79384e3a11165c
+Nonce = daf1a1c1d37afea9806b8dd6
+PersonalizationString = 
+EntropyInputReseed = 720f87bb3f5c4637e753d653b569c2538f258e511d5e9c46
+AdditionalInputReseed = 14e83267590f6703bd6d6c01fb4cf470ff6e96391af8c3cd
+AdditionalInput = d5213647fcf2649b8580f24ffc27757dbd1c55bc55e2b166
+AdditionalInput = d9d2b1ca6d1a215dac0be99347eefae0dce6226e36335bcf
+ReturnedBits = d913fb68362952acb8a18d0148a294d59b25e3a0bdd808b232e6ae4c84575cf8b6b37a172f17c3c7cc1fbd8cb691e3008c9e4361136d417aebb54f3576e5de64612a3271a253de5700c38092ece941f45c6d964dcf52957e8f7dd2581462c3861099fd92cf345c4d1c2670c6acc28adb
+
+COUNT = 13
+EntropyInput = 295a13442cf72d12f38b0b5e933eff8ce8725c9079660703
+Nonce = c371a01e998433d9e1aa25f7
+PersonalizationString = 
+EntropyInputReseed = 26a02fc884a21b89c4a6c9755bc5daf22ccace2639c430cf
+AdditionalInputReseed = a7d97a0af5009cce65b141a09cb60e18414253aeefe80a48
+AdditionalInput = 538a2851a873ea01bef800cbd1d855eaa1d027780b846204
+AdditionalInput = 3ccadf62072785ed9ea2da33bf641e326ddfbb004cf988eb
+ReturnedBits = 1b49b8718e90e497c8f4ef0373bbe03c8fd4724a2aa4f0b8d80d1cb07ed392079d7b7c8a2124ceff816b8dc881fc64140b1787f3fe0c63eecb3a1c25b716b60e9baea29617b355accd163544336299c9f91349264e637683e4f08f534a9ab5888b88f20ff1b0722394a9128b0e415d56
+
+COUNT = 14
+EntropyInput = 7b87b9b9548920cdea262cbd1512b61a6fa8ff9d6e17364e
+Nonce = e0d763b2633e36de0fc7fc48
+PersonalizationString = 
+EntropyInputReseed = 90e162d216858791c00ff6a96a1a60260cbb621c738f4423
+AdditionalInputReseed = 0b352873b979a90d32623c34912eabad7171c0987695f7ca
+AdditionalInput = a22babffdcad127a6677873f6f05e313bd48c0aa3957860e
+AdditionalInput = aaf6789596d3fa3d8ec1ff9ed4587eb0d4331965f65767e5
+ReturnedBits = 1267fad4ed681e61517326682961d2003c3d27d32a0e9e173793b9297583b61456e762bef169d148fcc44d3d5340a155c7f47d08b09b894d91fae42ced3e81cb2b4acc51ed0f38714d693fac31fef1bf7b3b7dbe7e0e54416308441981e11f9aba134cc5cb3bd47f232eac30e4c065b7
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = ff7de564180adfa8c569e61c11193b68a71987cdc676f1b8
+Nonce = 66219c14ea8058b53fdddce3
+PersonalizationString = ae7f41a459141a135ad26596e41c845c7d371d1fb9916db2
+EntropyInputReseed = b391be47c3047c82eceaa06003911a445b67516fcf0ee982
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c94026a647ec67a8cf3cac7b9f7ec70d78292facaea89070a7b0ece435525e16c744f6235775ac899fedcb0f43326d1845397978cd22f8800e6a641c2bab6d56261c154976bcaa769dfde96b50efff70789e120197258a6f5af456f34bcf2db8d2a90a824ae5c4e5a1effbdef93aa0c5
+
+COUNT = 1
+EntropyInput = 16b96835b9f25792958fd9ff8c50573c61a2818671a1b1b6
+Nonce = 03c00436aec8a2fd7e30c467
+PersonalizationString = fd840e727433105ae5250360866d85e08c931118938cdcf5
+EntropyInputReseed = f2df6069f0e0e32c291f376aeaff443030e73bb94eb07f6f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9b4a84129f3fd094222f637f7356682efdcbed25d5a328398a983d449e92187ea88e122a2dbbbd271c7c4020ec5a241eb7fe5bb4fb5b6d84dc6b82357ce197d51516fadafb0602171c6ed982d621dc0df6df52642cd52dbe1b8be2ff851d6c5c4e8e602134735d5b1b8b972939f2c249
+
+COUNT = 2
+EntropyInput = 23993ff7f6acabe1aaf16e88a0dc4f4865b9efcd8e5cc95d
+Nonce = 1b56a5b578fe1383b6027596
+PersonalizationString = 7eddbab0a50f0022a6c4da078ce91b612b129663b6724d5f
+EntropyInputReseed = fe356095e5c1d855563d09923854948933679b876ec44587
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6ebac1ef67c15135c7aa07bddfa780c6a0a24e3e55d81b77642b0d2fa44037c72ff3215fcc85c95eacdca155a433776ccd350f51c086f6282e77a8ef9e5f70595198368cae36d92f64e8e15028fabbf48951d7cb244022a0d35582d0cebfdca705792f54a30e18e1fccf3c85e6d37007
+
+COUNT = 3
+EntropyInput = 966d82bccad23e769d61e6db32d8b820c58a5adb22dd9f21
+Nonce = b60718703bc8623b2d5887c7
+PersonalizationString = f9314060df2ac41fae0e365f06ac2ad4dd282cdcea3db544
+EntropyInputReseed = cf87710075deb015e61a78064654c42f0ccb7aea18b98eef
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c9232112fa9acca6a826f5628bcc54caa644e3efae6b39fa7ae0d20beefddc2ef43394af24b2cc0fb6592b8ae43112145c684b632ca289561040abbba8079d82ca4758bf05357ef524d08e2dbe6310c2722eb472a9b33ee07a2c408b06cfb03d0f8ec1ff787fddab044b62d5dbb4240f
+
+COUNT = 4
+EntropyInput = 7c2f96fa61e00b6763210fd031241a17e4448a867750768b
+Nonce = 442fb392e1be5532333692a6
+PersonalizationString = e6b046b4a28da9337993a27c7ed6b7c4bc75897472b0a6c9
+EntropyInputReseed = 099cfb5393f04d4e506b7214c0e33f67e6a2f387bf78de05
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 953fd65283748dc4a911d3fea9259c45c4dd5a567db537570c3677d2c878218a2faf1c16ad7d3359136e946ef664ed16c58d680a04c751568e339cf32d2a908bcae0cd979db576fd8597b41489693494dbb9f5eee26c0dea804561d23ebdcec8416c858857b8d5c671344a808ff5f0e8
+
+COUNT = 5
+EntropyInput = 1553d8b919183068d8a3c8948a0a8d987497cb460f7d13ec
+Nonce = c47783ee7636cfa1697a0121
+PersonalizationString = 5cc3c20ac4817fbefe0bdbf24bde8b81ed9aedc9024ba5ac
+EntropyInputReseed = e62be7d3aefe4ff150c50911e2cde702fdea82b84bb09b64
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 703d19db87253cdde4e6064def735289c85f35c7d557e825a2eb19b555f0b47030e7a2a1a344542754b7d478d1ba7f544a8d31594a667868cf6b4166caa097593c6d54e4776e244e6c701a2e10601228cfffec217ffcf15ff3621d86eda093d8bbe6a910c5478cbd5cf55f4bbfa969dc
+
+COUNT = 6
+EntropyInput = eb80cacc1f6f45dcd380f17ea8f64f501f49fb1e52b30d92
+Nonce = 42f972ab765f7194dc9d9371
+PersonalizationString = 54327a9024c5c1f680922458e64613446e5ed81870d95f34
+EntropyInputReseed = 7bfa0d3c09a9b69466af31e5b174427d52dcb268f3318971
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 35fbe6141526686141ac69fc3d89e92564d45ab6476a9f9d76e80516aeea7497fcaf657fd84346d40e7ff2a598e71feefbc43a56525bc88d3bdd3b95a282ab5db534d6d64f1e87cb216c016a1d5acb2cf30110a31ba126ab0fda8869d24c28923fbf4e714b0dfe7d1667077595ad89a2
+
+COUNT = 7
+EntropyInput = 7cad2dfb8bf4ad272db0cda9537eb40dbe06dc356c263c3f
+Nonce = d4e561888170ac166e78ca6b
+PersonalizationString = 68bb9ad149a5ae20740b5affe79ac880181be1bf929ab662
+EntropyInputReseed = 581b5c9577234b5e55276b0eb992eec2e1def03b6ecc0426
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 417382a610110bc53f6c578294435fbdbd84e7cea4878d17c63c8d87fc3edb11d55f18a7eaa0aab5bfb4376960071c274c44d2f44859467118db4e768a664bc4f3e1219527efaf943557079c1f8a6023d284c308c3a4a0581ba9ac70dc8375699810b0ca62e8d4e72f1fd3bc0ca89d21
+
+COUNT = 8
+EntropyInput = 1a5c99f4a98dcf6ad69c08aaeb3b88d1c237c50d0810d0f7
+Nonce = de5c18c4a5908266dc45361b
+PersonalizationString = 87825f8cd9c876f7310e152d24e0393a0f2bce5823c66c64
+EntropyInputReseed = 481d7a63c7d37a34f56811c17f67245071ed07ce07bfb55f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8a994b32c6374b117f04383e7167cda12241d839940646f0a78e3d12d29846ca6bd235b7a62f6f0ce320c3896ada66d00b7642746a8ecc0bfee86fc192831bfd560cc8995f1b51d7725432c6ba8b816bc3ac5801f24e0906e9a841d59fee76774eb6f07fa4efc6c5d3dca1bfa16b83c5
+
+COUNT = 9
+EntropyInput = 34a758c36df940c0e51bec4c6aeb9214ba1c8cd2ec075bf5
+Nonce = ccc669e97f78016eb10ff735
+PersonalizationString = 9a91e1e67cdbddf97f75c0fcfb164237e340344829efd718
+EntropyInputReseed = 4c5a1c7a674ff92541926d538bde9767c55b0b03629f4ccf
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 28a304c21f3189bb5b942211189fead684dc9385bd89286f526343cef3e87515f8494039e2c29b0a37e113ba061882eeff151a7b230923fc8366510aaecc46c3a5dc380ac35d852426709f20990beb16105d74e86413e037232df05e5fa830c060ce2f9178ad3eeb5880d06931c6816f
+
+COUNT = 10
+EntropyInput = c235091aa2be9f4434b0685e4c1e3f4cefdda78116269b6b
+Nonce = 083b8e2b5943d56544ff3439
+PersonalizationString = 849b3ead281c249fbd987f1c3fd38cdc9542aa9c5ab15f0f
+EntropyInputReseed = f06fbc5bed3c61158b71f53783944e5dc4464d2ca27ccad9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2e3f5bd813c292bc272c38086704099c39d177fd27310b35fd5bcfea1fad9c3ae56ebe68848cfd8dd447d80bf903ae08e37daf7e3ef3f605f494f69b4b7968faeae17501fcb2d986c071d3db6c204109d7f12e6e575d3bba5c2e0bf2e673e40de19791dcae47d0d8840fda8283fc193b
+
+COUNT = 11
+EntropyInput = be1af96725f7398894fd4bd5024eed4a1396c937f1367613
+Nonce = 8070a375f410c30a2f61a4f8
+PersonalizationString = 8f6e48e7b72cefeb1a404384d8f9bf509c99cc66eb8aa806
+EntropyInputReseed = 80322b895702b31e0cf0394127d75e3e426731b0062f2f6b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8510d68648dd8ef59c3ad76269dd418add5b93b1b627936a6e83fc0c0842b1fd9dc948569f1f9e1c9f626b7ff22e81e750d4c8f0e6e2c9fbf2dae137cc70b22f63d20c5d20244d49620ba7a70390d31fe603398904d3ee07589ddbb3f6f88fb9fd7a227bbe779b26a652b1a86a25e8c1
+
+COUNT = 12
+EntropyInput = 6b1757a5d51010f18c5070b5b2492f40e9d06a6393bdb548
+Nonce = c79474a64bbae9240e126644
+PersonalizationString = 25b7536bd7f96de739028724d46f7cd9e438d289e1a18beb
+EntropyInputReseed = 106c34afc611c7931af46b38ac479132c0886b7aab760457
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8dc4f4b88934eacb13854aa6c52400777f367c0695cc7490d2c0f9ac28f32c8c117b04a95f2e07c16ceda85a31617d13cac14d8bd24fbd420ade1caf9dd4761e0ee720ac8edaa2915a57b87c8fd65025f9f94aeabfe45d2d92e96e34cb233a182f9cddba5deb55c0726bc8f59779ceea
+
+COUNT = 13
+EntropyInput = 4e6c90caaa3cd25a329d13602acbaf08e0263f815632842e
+Nonce = 21036ed420026b38bdf91179
+PersonalizationString = 0bb0fb2145c5a2c1a3a3540d638466cacc39ab7402df3dbb
+EntropyInputReseed = 9311d047fa47bfdd000ef3feec4a88b41e926b780a78c2aa
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 360c0011334849b0a4d76bd31fe9ae2eae79ff124b37300f602e147bef38540ed02ff01a1bd5bbc8a1537baef01afc2b998f275036ffa8ab9f7896d89bb096113b00505e71172396937bac735c56d8f0fdaaba6c9b01d50836d197c085e7aee9f79e2938f1cdc555576e639b23ee94c9
+
+COUNT = 14
+EntropyInput = df51b3740719a6b72dd37c91b1a128b97a5dc49f6bb8ab57
+Nonce = a4ee4d3b127f06e16f0633b5
+PersonalizationString = 6755de9040b85728cae1eca13a070e16b520eb45b2687a6f
+EntropyInputReseed = fc2ffb6c115feec3302a2656da30bf719b85b695675096be
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 36db4354bcb9902359ac925b5615051b7ee09f0b017e244bee69524d4e1effa39aaaf1dc7b22230313fe04d859abe92b998b1803746147204cc49a215aaa56527b465bc7c73b53e5af0cb5a550fb7c0306ba93fd62490aaaf0129e0ec71b377b026ed59a066972171531b9b3d5e1763a
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 121d0ee38ae583ee8f1f163e4167f23b681afd1e546c53e0
+Nonce = 63c01e53d318531e458db1c1
+PersonalizationString = 7de42bf46730105bf869f2b57816691f3c6609a4bf1387e1
+EntropyInputReseed = 9050a8565dfb3c02eee0dc1cee900758a06fb1c76c099087
+AdditionalInputReseed = 1eaa6858d8a67ee6210473caa6cf5a0704438d51746edd4f
+AdditionalInput = 36112513fc730486f596d96de2ac95a902ab7ea5c27262e3
+AdditionalInput = 38358d2ff050b9a7d4b5dc157b3bd3d839bdb7799ab4bf74
+ReturnedBits = 0584a8d2988758906e6d32a08a506903a4b3fb0978b37000140115a0b4de9862c02488b26d2973feee79bbffb6fa88d1ba49e4e769af5d1cf669321f0958ac29471f4bced6ebc3a18b83cccf7d992f4ddf41649d4f6dff47775b6b7d9a8dcdfbae1413d368b8d8b1b701caf8a785ec10
+
+COUNT = 1
+EntropyInput = a02bc66f54b5eea2176b73775973e175280109df1819c736
+Nonce = 92a01d303d0da3680676a746
+PersonalizationString = 0b2cef5ae0cae11d4e138ab29370d0965fcaa2b36edb4a2f
+EntropyInputReseed = 6e4c71d6610a73d8b33b9981e093fb92b80c111a47a417e3
+AdditionalInputReseed = c877077d8295e352bef1066b94fd508e703f40b22aec4305
+AdditionalInput = 2ac0ffffeae2ce5e29f5d6ebeb9601f5b9bedd5b8233064c
+AdditionalInput = 9eacb0171fa441a1bbfe3b77829e037477df8f7fd6e30541
+ReturnedBits = 53b83912b7919aa9a29f1f845ffd331c2d614c59185db8c2055108dfe480bcb1fc698213ac2dc1b52310f5958849115068fd2ea23f6a0c3894f2e37689e1da439c7c074e25ed84f2bbf7e337d908e20bdfdff93961a976d3c3bde1fc090999a852dbc979e995f6184a52ece9fe2ffb96
+
+COUNT = 2
+EntropyInput = 67538d04ee966ee7623606948dad3352fd0b6de7c0d87b9d
+Nonce = cd358861e90becdb9dcb0930
+PersonalizationString = ce98a12c65bc94458cc545598d5ed7eb424345f0e8cc7c32
+EntropyInputReseed = cc3b2c9ba7d8950cb8a3c073f10bccf9c3c26a58b2ef5ad5
+AdditionalInputReseed = d8a4597e04fe02c8e5086a70ff20644528c37b0ea88636e2
+AdditionalInput = 6f665f6bdb0db0b6120a010a9a46d6c9e5957c1be702de38
+AdditionalInput = f3218cad187cbae07ba2880d12a21ed42d0094e07ba7ad4a
+ReturnedBits = cb7fff2833b82d800cd25a6096adb2487e29c753037eb6e8cfa6ea8ae02fc4c46e0344ae921b0c467f2c5c2131e1ef3aeb6ea997c9fa65ece49cd4561a225eac398a64e33c938804e5b08ef7e029357465d3e70c7759545f2049277944880279bd850d73a9e7a6d1cb6f5923989cdef4
+
+COUNT = 3
+EntropyInput = 4574beadee735b4806c7316bdb59b46098eadace3d3cc8ef
+Nonce = 646ab29641e67ec67fbb1685
+PersonalizationString = 4996ffeef7d63a6c935c9e0f9b07d967a0f6f9abc2ffa740
+EntropyInputReseed = 48696ac6a39cba92c0699629717bc84803fe153f743ef8a6
+AdditionalInputReseed = f4bc6786299e270fc90f6f6d797ad840220debd7e251b80d
+AdditionalInput = 69c48832913e90fbfb447c35d67426c3f3a3dc9c5af9e5ab
+AdditionalInput = fceb7dd9e4a2022cd8fdb8f0c095573d563bbed852f1d5d9
+ReturnedBits = 72fb7da0f7f14e7382771801204615e80a3e8fc4e5fbc44bbb67134d7bcb4c0767cbc582a313bfaf6a9a2279addfab15c6ec0e2941dc819a8323c71736ba3fc26fdb7d23666fd7c668dc4d0a10396a8ebf864ac1c09347fcd7e89c50eac0716994827d84c68e84ad50d13bc76caa5023
+
+COUNT = 4
+EntropyInput = 17de22f59849398f3e392d2c0dd8acaf88efb5af451dc86e
+Nonce = d1611c501fae0ef912c9b831
+PersonalizationString = 469f40428b5b68573a36d843850388e91ccc659ef7009a84
+EntropyInputReseed = f91408ceda70a9d471a2244075744f809fc42e2e12ad166d
+AdditionalInputReseed = 50c986739c2da8b58af90e08e8d49d48fc7bab50e913143d
+AdditionalInput = e542a14e70d2775a8d003115362403c9e0d397af16c79656
+AdditionalInput = c82d318a44b775d0763838e25a355ed4c46848f612d053ec
+ReturnedBits = c115a5abc99fb002a1857a5eed62e03474036009062490cb6a92713736a5cdb8fbe24c7eb4ef9bdf34c5f69d06c3268cbc5e2185f7fc3b2b03e8264f7acc83779ec19c4dadac7463ea54a2e19c484d94177facbe12faf69dd930db9675260a35bbca827335f7f5f72219078054c3f009
+
+COUNT = 5
+EntropyInput = 9014689d5b1cad2259ecc0db8d5a1dc0e678243636209277
+Nonce = f8d200ea5b95651c2e6241ba
+PersonalizationString = e000b58f874c3da95af84ae9bab055472db3c1cc30509739
+EntropyInputReseed = b24166caa16f7542ec749b3986c12ef99d1c7bcfd8f337e1
+AdditionalInputReseed = 6d900858f51036eecf6f8dc5de78a47d42483bde26f432d3
+AdditionalInput = 8775b527913a61eefd208dfe807520ae33642e329d3d4f07
+AdditionalInput = 6e8b91ba0d77bc926f6f8e0c0c7a971b474bef4eb816d79c
+ReturnedBits = faa429425c83841bae401af7bd96be6c15a0579772091e596599e8b0ec26bc4a71ec959f998467213d7274f954e5efd3e7541713c00a32739372bc0b87438cc935f53c1c1bb3f88cd5289695ef361051d0ed706ca3e89c9d92ed11eaff3094a4819ffe2143febba364fa0ff2d748ce01
+
+COUNT = 6
+EntropyInput = 8de0a7ccd2ed7735ec43c456f5f119d079fe2458ce849abb
+Nonce = 51d98222affd6af7f42efc4f
+PersonalizationString = 4e57433237603b552afdbe56559538419c46f6651e33f88a
+EntropyInputReseed = 660ccab472c463dfcd356074510ec8c4bc25415e4d439a76
+AdditionalInputReseed = ea1e377c8b07bfee17c771cbd65b27d6fc602f6050767456
+AdditionalInput = 65cb2dd6ffce38d7e80a9dc43276d431b9b87a37308c5852
+AdditionalInput = 5d8e4a615f4322beb39149e8957f5c3590b06726da540520
+ReturnedBits = 58686759fafd2d742434a3545293a8997a2bf1ba2687a47f6fdd6ae486ee78305c4aeed4e818d6bac553f5058a42222a3f1691ee93a379a91f85031a16ee17570bff1e304261106e4fd59a189d23ba2e9e9b2ca99f4872f1f690923f96e629b550fc21094c60aae4ad3b45c69356bf3a
+
+COUNT = 7
+EntropyInput = e6be30efe8584955f821230ee713e74b20d62a91679f7a37
+Nonce = cc12044059f76b8b9cec2985
+PersonalizationString = 1cc2853a732ffcc0d66673f889e758d99b4b4242dbae8bbc
+EntropyInputReseed = 0559ebcc96c222ae1ae24230ed8bcbd5552d6b36a2a6deb9
+AdditionalInputReseed = 24f63ba28ab8448d3a1420188da5ff5eae932997b0346c10
+AdditionalInput = 81741a809b58f20c23386076c02a31cc804c2a84174e4f7f
+AdditionalInput = a6e926ff53f17a3e1fbf530d342723351530efffafe791f3
+ReturnedBits = 5827e361babb194ca8f56f19b2af25ccc969d0cb0926307d54846713fde4be3b07533aa5ff455c4af0d940968b88da35798438969d8c72a3f7cd59dcec467ba9601a5776e7ed963870dcc45a91651b40d7f278bc1363266f4d1ca69a5c918198b3d23d9dae4f899d91e49cf63e515c19
+
+COUNT = 8
+EntropyInput = 0e3fd6f91a42ce051b6e1cf13728d255f6e33ed498acae3f
+Nonce = cbaaf31720ac30038199dc87
+PersonalizationString = 6a9c208ff2436dd5cfa8e6278a916ef0aff1e304494d349a
+EntropyInputReseed = f7cab63b6b2de0bb7eed32eab8d61d31df08ca3886b428b7
+AdditionalInputReseed = 4e390a652e3fa5b18f1132403c8366361b8713c782000487
+AdditionalInput = 361ea186f55542782c0852c5a3ff33abfc9476963de2c5c0
+AdditionalInput = 7fb74e820630c5d08f887f9b62e51f59119f5191eb2f3f38
+ReturnedBits = 1d3315862f189e987bbf4693855e41b1b73f5e314ae7ca08df43d234bffadb46ea14e2fe5af7143aaacd9a4f7845d9721da8a69600e36a17660e9bb3ae7b7b5c3bd4c2cfd633cd74f0c2d20c29bb811669121110f645e9d921f04ae4af37d133763b6319cdb44b8b7ed7cf69aa2b469c
+
+COUNT = 9
+EntropyInput = 3eb99920d157083c2c3fc0378e7844bd138b08c84932dab1
+Nonce = 2b80b008ae815342eacdda74
+PersonalizationString = 2b4577aaaa68383010646e7c1e78e359ad04faf5057e4f6b
+EntropyInputReseed = e598a304ea309bdfff83bb713799715ab5849535c550d7ef
+AdditionalInputReseed = 17c0543a2f0b1390ffc4a632586fc1e9ad47b1a755a13931
+AdditionalInput = 6cfbe170be72e9b3700784a9990a45d18223596da3dd91f4
+AdditionalInput = 38c0d8c83c03080b63abdf5bb59a88a1478047af96203636
+ReturnedBits = e13ecc156c8cfeb7d8cc50c526e22a79ec4733ee7a28916520314dff3f46fb7bcd4bd57a2de8c12cb652821ad36e992c7523dabcbe34c2909e39ff2a783e9eddcb33588a88678bc4312aacb920d5e1469c6875ff4419bcc036c72a4ec789dca8d0d77ab3cb2a4834d4aa25c475f1fa3c
+
+COUNT = 10
+EntropyInput = 6314a2f66c89f1a5cb0ac5e14c689f31b489cbe0ece39c12
+Nonce = 4f2d5b65cdf76e24feb67517
+PersonalizationString = b0969fdc980d89920b652f1aa439b395f54c851d2af75d85
+EntropyInputReseed = 385b2cd072fe3d92980cf01a94fbed80153229070ca58b65
+AdditionalInputReseed = 8b1996b989259916702f51edfbcb9006f1ede5eeab7277d5
+AdditionalInput = ac6964aabf247ad0d974cac54f9441e399a002533458d6c5
+AdditionalInput = 6f8e142c058883790e66bf83ed9883c83ad90d0e3dd99e11
+ReturnedBits = f7238924cc37cdd2e66a1c6f8874ee2803fe9cdbf408bb2ab7258089f210c9515242dc9b996499a81ff54a26d5848ef2efa7f80238ae8aafd48763c458a1aac2ba4bf5722c81e91fc91cb7584b24f3b728a8fa866b901d866e84cf79aa38376e41e06eb4d24bc8806e92e54aedf2cefc
+
+COUNT = 11
+EntropyInput = 61fa8cff252f24ceb4f6e4ec9368f264a9723c1a7cb2bb52
+Nonce = 1c41cf2ba03832f1ba5ea088
+PersonalizationString = c70afbc5bba95e3c669fbb06745317f834d7c7c9bfb7f106
+EntropyInputReseed = f6b19390a7d56ede06d6fa998d34aee3ae8ee17cb7538148
+AdditionalInputReseed = f3191e286d01e2154f05e80ea236b40eb410fddd45a69175
+AdditionalInput = 753d4355b4f83ff1b515b49a7996cebab227f1ca40a6511c
+AdditionalInput = f390dd7de6c742c03cf15ee8f4b817adf246a686b26a0c3a
+ReturnedBits = 978ecc0fc139490e62f4351d8a26c6e9787b70493a437371d4ca987a304652087c7ab1dc5552dcbab5712b2d12e4b0d8898b9141c030159f3bc959cdca7d33ceb0cec53e44206746c75affae068a3505149b3bcc26c0f9fbfb3e20c89a4df7f456e937b7bef7e2fd93c2d454db509bda
+
+COUNT = 12
+EntropyInput = 5f14e666bec819c5f4497806350c3d694cef81735cedfbe4
+Nonce = 7429831269b71836a2a83f74
+PersonalizationString = 4e819059ed7f010be1afa360da363fb2fb6cf50d5e1e20c3
+EntropyInputReseed = ceeb441beec51adf077b33f8bf25ca158974801fe55267cc
+AdditionalInputReseed = 5727dec6ea189334344f401634cffbf7e3c2f0b2c2da92a3
+AdditionalInput = dbc3bd596ed41cd224385609d67984a483cec9e263fd572d
+AdditionalInput = dfc4fb34df535d59758c6ccfe59f2ba8bea1986bf142805d
+ReturnedBits = d41e278ac6b595990a29a1da97afbf45b70b911cba2824b60f006ed88d8ef959dc8a2f106096b22967cfea56b8afded4de84f306fa484cd2a61b0592c6803c58331f05172e6eb1f9e4c0b3a13b1fd93639e73c68b93c4f1fce41cdfa92a75cf8e1042988893f81db3beb9c758d3a5a09
+
+COUNT = 13
+EntropyInput = 050a3a18c1c0c1cf3370b42b4e03edb51ba33899b538c801
+Nonce = 65b317a6da4f9f3b1497cd35
+PersonalizationString = f9b9726ca60adac237bfe8cc04d6eea57329ac038fceb070
+EntropyInputReseed = 6c21f359a4fd79c340d425ae6b8052638717e04034292d36
+AdditionalInputReseed = d1d9e601e9b2b41bbdab2646a2fd854564872d0e4579e031
+AdditionalInput = 7d37fb12e23c2ccfc67f1bd67a83a921d57f5cc6dd4ed794
+AdditionalInput = 9a27533804caa171a16c343066b1be99143eb32cc6e735a0
+ReturnedBits = e2dba73ed79046a2baeb1bd857cc33daf911e249d1e615572a3e2a39b2e0614dd6dc018630a19af1903532d002450fa92eecc23256aebff094a4a9c33ff8f0c8e9f523caa5c780696dd34a18389b2880499f4dad6afa9f19c4fbdc5b0eb0bcd8e11dd79344dcf84400c293708a946ea4
+
+COUNT = 14
+EntropyInput = f7c60ea4659b29b1e5bfd4fa6ced79dd9caa2e42e2a21b9b
+Nonce = 50961d90adfa4ebe3feb3aab
+PersonalizationString = 1d5ac843fb4de2ec4d19c050a612859131b542d7c76bfb8d
+EntropyInputReseed = 59cb8e4f26b36accd7201001ab544e7a0c61ce11c1b7071b
+AdditionalInputReseed = f00b0e3cf7179722d205469d3ea9b6da4a5337e72810a276
+AdditionalInput = 98fd69c4c295dcd0a298bec01ed2099435b5e0f82261d230
+AdditionalInput = d245531301df554bc195bc2ac359a65aec1feb3bbbca4f2e
+ReturnedBits = 3ea21c6ec31534c38375040f83770c771d8291ee89df2b93d499f9b09f6d3500ef53b5ec0e77e59ab9d1be580e8a8519ef2cb639bf3ee68772263dce8aa83d0ff11970b55d7baa828cc7273595fa768b3320fe04bc10f9eedbfb64051f871d82221edcbe9778f1eec2c435c47ce5f3e4
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 63363377e41e86468deb0ab4a8ed683f6a134e47e014c700454e81e95358a569
+Nonce = 808aa38f2a72a62359915a9f8a04ca68
+PersonalizationString = 
+EntropyInputReseed = e62b8a8ee8f141b6980566e3bfe3c04903dad4ac2cdf9f2280010a6739bc83d3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 04eec63bb231df2c630a1afbe724949d005a587851e1aa795e477347c8b056621c18bddcdd8d99fc5fc2b92053d8cfacfb0bb8831205fad1ddd6c071318a6018f03b73f5ede4d4d071f9de03fd7aea105d9299b8af99aa075bdb4db9aa28c18d174b56ee2a014d098896ff2282c955a81969e069fa8ce007a180183a07dfae17
+
+COUNT = 1
+EntropyInput = 0996a3825a456db3c5ae7c0058e6f9b5f4384074ddfe37b4ac68e2c98bdb54c5
+Nonce = 318443aaf8c66f2b81e414dee9553f7c
+PersonalizationString = 
+EntropyInputReseed = f7d284583dc30f5ec4b16f7b916a7a89bced38bbc7d403ad358ec9196913fe6d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4192e569be8f66820d20374efb53d2654f316c1f09c8e4b2a2fb783b0ff8a82c88b24791414b1a1f54bd00c9ce6a981d8d1d445aa55dbc8372e67e440b4d6f96b2e6ac4ee9657672aadab562297fea4c6d0b1ba066362eeb075a9f04da40c31d0dc6d30e3a236bf2c34dccd291eaffd16eae6c1cdb88712a913fc65f979dc742
+
+COUNT = 2
+EntropyInput = 3f1b92920c0d9c28718be72a695dc054ec45e75c4af04cbb97eaf285941be7df
+Nonce = b4949590b415d923671a70cf7a56477d
+PersonalizationString = 
+EntropyInputReseed = 4ab6849c4477b3245a8668775ef6ef6f0496ed292088dc2d45db9658854b97e2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ae9990cf69e44f08cf4af04786685f1c0051fbf8e518da98ca2d51cd337e0d635311335c944584472974d6e86eff7464d3ff55b2e007b194c8a6f7049bb56450e412e2512eccc6d23f4df28970309e251946c9cea6741e7b57802040d59db130e9a2d36db2ca0ee73634b525e41d7a6867954a127835ba54589a1d80ef0a974a
+
+COUNT = 3
+EntropyInput = d8e6f5d4119cf450459185827ac2aa911941408e5a1c9070dd0f777e9f9b3edd
+Nonce = 5e8f00b0884c0d20590ed3be6121cec3
+PersonalizationString = 
+EntropyInputReseed = 7737a619f7073cbc4806f20f0dbc143ec03f05899ec0c7883b307187d5c6f9f9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1f2f07dc89d415c41bd73777830e1d9f80cedfad17074b7e80583798ad843e6fbf6617b3d370dc6efcf97c776a82e5eca8d507609a7870e83d6c0ac7fcd85bb593b82aac2a9726d2785e2a62e939a606867db96501ace0cb6062526ffe28f8daff504ae0ddf31deb2a2059527d33443950eea4d56ab9b00c98ff3f29fd1d7f1c
+
+COUNT = 4
+EntropyInput = 43a78cf773311c0a64c383616dc3ef8dad93187ee2cc2bd052186f0f89ba4916
+Nonce = 3a2b43019bf9de164cce69bd30fb9e8d
+PersonalizationString = 
+EntropyInputReseed = a326f587c4711fba6cdad7e64358a0e93a95315df36772a57c18bf117528560f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 404f4a3e72cc2f228faa10865b0064652716e4729756dcf677ed16f6ee78ac41f2462497876efb313df5ae609b89f6b9394c37910565399f80bfbc3a0259df5760b27e6a9181d18c09e3efc6c949f65459a643b1e41395f86299dc7266515a3a1b1697a773c0d35e3d761255db5438f35a1e8c3defbe8ed87f723d4dece5dc05
+
+COUNT = 5
+EntropyInput = 7c99816dc9b3caa478478a17913aedd8b421e87912a899ec1d210a8eb2bd4329
+Nonce = 5df63867dacefc8c6d6603cea10d0df6
+PersonalizationString = 
+EntropyInputReseed = 51fddeb33c017ce6ce0abba432c5bab52d76578feaeca1b9e89b227ff4cb44c7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a5a765bc430f73d2b5248cadda827efaf73deabb7ba942e7a54bc70ba4100ed64128832cc5cc8d6fc3d05d4fd4a5f57032da91cb61a14efb09ff505f17f04895f59f871bfd3a9e0901a87e49e23bef769057b4852d17642944ef8e5144288e084cbb658daaf0866d8d6d882e7c7dfa7f1de8874dde290845b97a1aeb70e84d84
+
+COUNT = 6
+EntropyInput = 67dbd380aba64de1571d712146e9771f0e9d0f295a78411d03446fb66b389736
+Nonce = 4d205db3d9e870ef8d6767ba98c4aa1a
+PersonalizationString = 
+EntropyInputReseed = 7f9e3140cf1436e82f5c41e83345eed8362714e778ab539d0c247171941c2211
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7e7ef545744c69006bd456555627df005d0b954e79dfd030d77569414ecfeb4214ee9a76b1175056abba6ba1cd46da34a5797ebafdfddfcfe7c01a8be3e5e88db6c7b4c2945ea674890f689edc44161d6a8c25bf629aca6372a61b85c857f94c0eea83a2c86392c09e47c0ef54fc2edd30fd312d943a04f4ab0788b6ab21034c
+
+COUNT = 7
+EntropyInput = b191d6d739bef23fa86849e0ece21d753bfd8dce2e8767e41ebdb129e1e00959
+Nonce = c7729c446731129c3b9c99f4afb092aa
+PersonalizationString = 
+EntropyInputReseed = cf3a0103714b6d9c0c8b55ce0feb2ea1baec5f4667cc9aaa66e3ef53856c34fe
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = edd7933c4ad15d5d236e5bbe4a383c67875a44bab880dce95945c502a22b791812ba4ef5a3a5eae127c33447309336da075a1498ef7d740a556bbb2f63eedd3126d94564adbb3e95ea72523999135528d5140496f4f552035f5054e42e237e15d939963ea70635b7829cf16f6cb67898e791200cff6331ac93ee96cdf83d3fb9
+
+COUNT = 8
+EntropyInput = 514d9612a96b5c25d2103a04c0e3b66fa1d5cc75f8931d4780647e231e261fcf
+Nonce = fce11e3fd9cd2f1cd3d03e15b52a3178
+PersonalizationString = 
+EntropyInputReseed = 0fe75d3de113029f701f0f52fc88d35881c70164d1900c1b7892731e3210330c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5da179f8de082d3c5626e435cf8821e4561aaeeb7374f8af6d58b7c3c8ac358b939c9aaf803f5a3f43a0a68dbd44ef3f27f3703770c794a8a5c9c8ea7a5bb1dc60c2b4630b838657d2b98b8ee1535b4957cd066237c54e8b1e9defd2676247a3f4521b7c95d3be167b170fe0facdc369943e5f77bc15b0d699d3bc00c44ec365
+
+COUNT = 9
+EntropyInput = d0eaf48075407746b257a97fdfa2b48283367e99b1bce2d92e8dad6a6aa46ba2
+Nonce = 87794a06ba9c513682a26494a1f3e460
+PersonalizationString = 
+EntropyInputReseed = d1ca17748c45674b60aa6e0b6efb693ba0963b88fa89d0fa2faa257c19b4bfce
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4aaf6eac30e0149a0ec68d0001fd32776e73581a71d0b4900adf6ea1550f006c27819338df6045e636ac6759929182ecfbcf119ebb641ccf151e5f1e148ba882ff8c0933fb7752b84f7d84e8548e9dec0d404cb901a177ad85a97b4395d1a0f22a96f25bb1851ae675f2f41d98c817bdc181e47b124a25bd340833660077dc2e
+
+COUNT = 10
+EntropyInput = 686857afef195d825b6a1be41a4ef72a1317e80b1212e6e7cc0e59d47c69a0a4
+Nonce = 5912a733d43c96bfbb633318dd070f76
+PersonalizationString = 
+EntropyInputReseed = 90393253fb69513565a68dc6e7eef1698b37df5075d8187c5786542eabb8b3fd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a7470a0df817c8496ab68ef226952294b819a12672420c6c9cead4855f5243effcdebe9b12d4e9e5f47d6b6fad6bbe01ddfb42436691db2242ececf92105df10a63238d13e82442a26b239d676b9bb84bbee5c2b3771380ae67f1168f1068dc97e398355f2f57ef2d20a6c68a1124041a3da4b71dfde04c7ea41bec96bd11cd1
+
+COUNT = 11
+EntropyInput = bb281ddea39b2b03a9625bea8a5a5fa42e779d1a5e7fec3705872b3bb1248288
+Nonce = dd516f4184fcfbfc4f9494c969bf22c2
+PersonalizationString = 
+EntropyInputReseed = dcfdcb4a3d1a4b00a7b8dadf1c8280558665de953ef7fc4f4a1058ac422e4bc5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 322b3d385aa200f8effa2904ad0fc92c2c89423c43f4cbd50e64468fbf6fc1212f0c7a3c5167295420f25579a39a4ea0240763d3791cfbbcabb269624f18ad3c103324945ca92661cbd532b9b1d79708b8f5ac9fa85efedf8add290fa032078f4c038e0d4f4fb485d94488fbc3a8792d349fb083c04f1072e14cf3b036874d34
+
+COUNT = 12
+EntropyInput = 6b542a33ec8bb3a46e66e682dbe3431538469e091fff1c16bd3d1ffc3c24556f
+Nonce = 471e582d85df71bc92cb670c2fb77289
+PersonalizationString = 
+EntropyInputReseed = b017140d1a7a5a282bd27bbc1bcb77fa26377e2dffaeeffc8c8bcaa492e2e762
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8701e859a983a352ba0436dd49e0071e95d596213bafea1c92b6f277dee83f9e94c68eadea871c7f560f6f0fe1e40720dfd53e3de3a93d6433e2ed856bc3fdef673e52841e1c5f698c6ffc560ee9be7c1af0d48815336c3ccb47674a10de84aed7b7f6e99b32b34e4ac552850f68ee27c90252420e8bd9610c3d4e05a20f345b
+
+COUNT = 13
+EntropyInput = 6cc07efacf0f8db18c975c8a02bca7fbef13b13a63f76e4ff3b00f50131a71ba
+Nonce = 270d6b577651118241081936d7d04e9f
+PersonalizationString = 
+EntropyInputReseed = 6015eab74374ed7fcfa46c5921bed760db4b1169f733a814df9f00c1597430fe
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d920b20eb8685ce6380c0f9d680228e215e06284eaaeec7aeaaa46d8c03c1166f3d641d88f33fd760174b92490cb676834cf9fe60f1e7255b76fe0a4743f374e68f89a314f59a6b61a4b95704bd1034f7bcc08fb47da2ccac74c7ba7b05affc3183e57c1e1d38a1d4648e0dacc8c584b5e3413ece3e26086aebe3c531d838e39
+
+COUNT = 14
+EntropyInput = eded7253970c8da7c81e8221804d73cbf207e366f45e1cd3b82dd003526d07c9
+Nonce = 696a322d37e2d9317e281d9a07ad1e91
+PersonalizationString = 
+EntropyInputReseed = db3f6b55ae9434a91c0ea3764855e34df859d2ef32e646f00c11d5d9bdc5655c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d36ec4ef06f8a0220342787375423ba505971b5ee0297a29dc8921c7e0b3b000447771a8005234040996fc4421c33dc3a16234df5c4979288f6f35ecb9769e022505af6b93537740afb3504cea5c69485ab3918f0c25eedd7fbd78d9cb0fcfa011f9291a09357479e6865a94cbff1d640423472ee1860e499f167a7c72ba1b07
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 9cfb7ad03be487a3b42be06e9ae44f283c2b1458cec801da2ae6532fcb56cc4c
+Nonce = a20765538e8db31295747ec922c13a69
+PersonalizationString = 
+EntropyInputReseed = 96bc8014f90ebdf690db0e171b59cc46c75e2e9b8e1dc699c65c03ceb2f4d7dc
+AdditionalInputReseed = 6fea0894052dab3c44d503950c7c72bd7b87de87cb81d3bb51c32a62f742286d
+AdditionalInput = d3467c78563b74c13db7af36c2a964820f2a9b1b167474906508fdac9b2049a6
+AdditionalInput = 5840a11cc9ebf77b963854726a826370ffdb2fc2b3d8479e1df5dcfa3dddd10b
+ReturnedBits = 71c1154a2a7a3552413970bf698aa02f14f8ea95e861f801f463be27868b1b14b1b4babd9eba5915a6414ab1104c8979b1918f3094925aeab0d07d2037e613b63cbd4f79d9f95c84b47ed9b77230a57515c211f48f4af6f5edb2c308b33905db308cf88f552c8912c49b34e66c026e67b302ca65b187928a1aba9a49edbfe190
+
+COUNT = 1
+EntropyInput = c3b200420bf9d8efd959efa4ecc66e077337c5aa9ab834398bc33d3152e39087
+Nonce = a226083a9fe938c9423f39f0de2ee625
+PersonalizationString = 
+EntropyInputReseed = ecbd34e657db5a0382e41971fc31bd6e83449b1b6a1a8296d1dddfc54a665d8a
+AdditionalInputReseed = 5865c8f601a309ee4f7d417eab8587763539f38541cb1b9abf8a3a6245ceb770
+AdditionalInput = 932c454deb4a314d7bbafea7041c7e9ec5dab577ac2c4be5ae89cba80605b0f3
+AdditionalInput = 469b3f8e721fd5af10863b568512724fcee9a8f0de6511511df313f4bdf8d40d
+ReturnedBits = a9d6d1da3fa837a61b0bd80ee63fca3f74ff073f31d2fe2cf7ee7478687594e40fd307d879dc04c7a7a9a9bd490a5e21d01d273724aa285cbb04c303a54f82906ab28b6bd3f85249db67ca2a1b92d4c2f2abe766c9a44dc87b479b58ca1437a30a95399bd5b41cd7c3b4302d42534cf5ce571479532720610621624cc27741ac
+
+COUNT = 2
+EntropyInput = e22a79673a2d9f835bd1ebfe471b16ab9434aafa84578a13ff1585de4698f87f
+Nonce = 403bac08b2975c26b0643fc05365bd3e
+PersonalizationString = 
+EntropyInputReseed = 83f7cfb3e0f96eb2525d42bd74900161801454277ae33ca11c25d92834bdc79f
+AdditionalInputReseed = 693d4622cf57e1ae419eb7082c8777f028ff4d7434832ddc68a0c641e76f2902
+AdditionalInput = 748a07cdb675837d900ce23ac212666bee162ce9c9c840f8d4ca69b598f28041
+AdditionalInput = fb52238f8b719357ccbfe89e8a3a20cd685d69a2a0d662c1abaf6e137e9f7e68
+ReturnedBits = 919e50807ca8dae027fd5c64117fa1f94aed42b90ea965f79b75162f0adf70bf23cfae4504c7b150c5c2474e2b9604fa8b0f7afe24f55777715980977f35b4b4e21c24a18ff3b161a5942595a9be4ea3e5f1665acfda8301256da1c97c19e65d461701f80bf6c0ae4e265a318c99b6c691e8c30b9c4bd54d25d111fae65b6583
+
+COUNT = 3
+EntropyInput = 9c4afceff0bad37392cf3a06938531ff38a40ac1dfa646caf6755cbce8bd9e9d
+Nonce = 2410fd6ba3373a29000d771051f66647
+PersonalizationString = 
+EntropyInputReseed = fc6748bbc74ff70da29f3e849816413a159baa544a8450f27e9ed8259e3bf298
+AdditionalInputReseed = be1bd3a6d18a90489850dd91e7aad0b01272f44c0fea6927b61bf0e446b2b2bd
+AdditionalInput = 4dabddcb7cec415fcf07b92314368e8e15b94821c506169c098e9af91ec8d803
+AdditionalInput = 67a2e425f49d1a7d4e5044829254c7a834e3265cfeb360f1d83a6d28357450c4
+ReturnedBits = 33ea7954d8ce6140e93f9b0422a02b483627570309702616fbfe6433271293c43f99c0836673a15202e07c9e33c6f51c5ba165525ecc4c99d9bc82e6108ae4037dd7269e5f16b2f1249e1ac0c08f996e54bd9ad616ab919f5a17927f9dab0bc7c11a8cf021b7782c04f3ead19d572bfb8745729491463d3b8900c0d3b09b2881
+
+COUNT = 4
+EntropyInput = bf353c93f0c2dca35fc0c3d714a2e6aa8f606eb40c011e22a8263a6c3e879f79
+Nonce = 1a347369091b68c2568db7b636124402
+PersonalizationString = 
+EntropyInputReseed = f30b2702808ab22e9215422089222aa8f1811c7d36ccac6b99ba23d6a36407a7
+AdditionalInputReseed = a85920c45189976cfeb2f586b2737d623b45d12dddaafba8a824c15c3b7dbcf5
+AdditionalInput = 9f8397860c8ad783e8abe301dc10f45f4755a7c481173528a253b07a577c4bd9
+AdditionalInput = dc8cf6aeaf933d848538f3a326777534242589ff2e40168113196892291f44f3
+ReturnedBits = 37c269942c13808877ffb8f37b793bba9f2b5604733e18adb127f2df042335c50766a0b5defcc5a70758af20e022c692bcd431366992c988dd3115babc0b3ca0c6c691e19e1db02bf390087553c17c980b0a33f39c7ca91364c327b4c72c8b40733c45a00858eb17f62853cc2d59ca89912c0928abf840ca425a6ec12dbed33c
+
+COUNT = 5
+EntropyInput = bedfd50ecf70cc8d1586c507903e9d62547fc54f1a0aa13d5ff890695f39f751
+Nonce = 7eb96c7fd20adab487aabfe5b5c91c26
+PersonalizationString = 
+EntropyInputReseed = a703af1c615c27d9b26ec6e5121b9600663ab090063b9298556d4d78f5e7c43e
+AdditionalInputReseed = af59b6bcc960efc148053e7eac5ed7bc3505b86be08c3ea3549fc3e62431d553
+AdditionalInput = 29e7ed10112016b64ee6185a19211c35e2932cc059bc324e893d196c3c6b41b0
+AdditionalInput = 28bfd3fc4c72ffcf83495a9b7f883f9df728f19b511462e1f65e7f80a5208761
+ReturnedBits = 2687e28c55c16269aad3705eee8bad4c9df12740963cbe55fa74a18bded5bc3aacc47c447f7b8d8ba47223d8f5791a6056d8fab050ea4294423d7f59675c3fa38785aa68119dd76b8bc5dd79fb2da48297d4fad5f127c5fdec2a3d7bb8d174609be693e362e22bbd025fb7662596bc691a9059420c57028262c51371d6d2c838
+
+COUNT = 6
+EntropyInput = c8a2af91b97cbce5efbe4b71dd328292ece5d34338cb8ff704b3b526b102c2bd
+Nonce = ca373a0b622f61124296193e53d734f8
+PersonalizationString = 
+EntropyInputReseed = 4ee01d02e8a67214bab2f5537671f1bd79d0d233645cec94caeffe3fe862011d
+AdditionalInputReseed = bfe59fc71b1dfa05dc67e8b787372a2f4fc7af6bc2b8124d7e2a4205fa7af6ac
+AdditionalInput = 0a2c8fd3a8069b4500f3a3413d3c6404c16d5e496da52704253c8c5948d43219
+AdditionalInput = 899056bc9be635ee3e434f216126291de00d311bf73eb1b5dfc0c5d4e1497a52
+ReturnedBits = d1a3d93610752080a05513965db3a10de1ee37adae3849c17b0f3245c4452873a3b298d21294d01f243ec5cffb757f610aa47a7c2d88dc5537fdc9b85bc026f35e7f5e92e3cd5211db37bb98c34ea00483845a98fc3735bf16db38ee3e7840a3102b488aae89656220f0eba5d6dbe381cbb04b179455395f62b940d1b3f280df
+
+COUNT = 7
+EntropyInput = bc1b1fb2e4ed6a1ecd14a91a6425fbc92655d1069ae1004634c0ecf66183bf78
+Nonce = 760a861a0229f736f1caf10d8721a45b
+PersonalizationString = 
+EntropyInputReseed = 4ec1c2c52a35b31551d1201b368ba770c629064318737694eec68f9078fed611
+AdditionalInputReseed = c7f1ee5f6edca86acc3bf0be4a6520a2370b00841078f7eb7d724346345199df
+AdditionalInput = 5ea24713bdf97b27f69c874254a0d402de214751ead933bb95bcc78b6305ed90
+AdditionalInput = 136258f500d83cc032570738343a7780daf272ea491bcf53021d6a438c595d8e
+ReturnedBits = 908e2eced483ffa02e09f5dbbdab08e4f0654ae5a66381c409b0b426bd428766eaa27d6c7048864ff35f4ce19aaa30abf90ee58206b700468854179bf8b7069e9710bceee5554e0bf16dd8522817837b3d4698d2e01d59afdaea60484c3f8efa75b30eb28b0d54fd838169922837d5ee259c9e44a396aabbbc472cd7486d6a89
+
+COUNT = 8
+EntropyInput = 1660367c5bb295a48801088de29fd18fc91172f6a08c65bad9cdb4f5678eecfa
+Nonce = fb3e304aa28bf35c682ef0e8055f53bf
+PersonalizationString = 
+EntropyInputReseed = 857001b5b19777c2f7df33e35b3f7555fb6c4675e562fec7e5682abaa2b81d85
+AdditionalInputReseed = e35c502065e466d0e9b9aa365f035517488830e92fbb20ab150f57c9441dfe8f
+AdditionalInput = 2c6922239ff2847282a10af197a730c08ac06aba2a74a1ccebfc8b9ff56154d9
+AdditionalInput = f0f841219212cfa5a116b843f9e6fb503476c0b6f9b4899016f21072a24e744e
+ReturnedBits = ef38843b35df0067286b402acad35894741359c14c19ae3db801d61da09fa2b53a15c39876b583d9e685e8ce1c3fabed305920f06a03410ce5fc4f5c6dfcf66afb119f334f9c6a9e708af498c1fa34f7fcc6e1bc219b8dd7c581d43c15bdaf6fac50569a3943ba0d8b2f8e5942eef42852916f4a41dfa28f26febc72cb9e5b70
+
+COUNT = 9
+EntropyInput = a1b0195f77f688bc3fefea419eb992ed3bdb96db999295a9831c92184f69c2a1
+Nonce = 4fc9d13388266dd4220949c60ea4acf2
+PersonalizationString = 
+EntropyInputReseed = 535a356623583f4f74d162afa35433f6be4fc6eb8e952f466b218493a342d98a
+AdditionalInputReseed = 2666008e7a2bfb8ee28523be575392360ca93d09530da9aab5d182b84c65eed7
+AdditionalInput = 0abd63bb586a5e3048ffc200e5a3e37f78d74070be772eb8e93a773702b8ee47
+AdditionalInput = f375c4a286e5ad0cce36c915aa78ca0cd110e5417edc2a19f5b8b204d0072a2a
+ReturnedBits = f6ef8bfe9e491fd681e637c9e617acb0d5cf98a143c9ae3808bd7a556d8be2699a5a6891d41edd075cdffcad952d99e9475391d7743da2c8879ccaff58282d2b5d6516b06d6a1e6d3597eb4448f2b9bad1e120d265922a7e1ac2329a1d052a1e4a34499cc58344dd52b59dd71576fd8fa30fbb4f3a38a25d9d642a1e291c3dcd
+
+COUNT = 10
+EntropyInput = f976fa66070ac087a5bb27c5ddaed1482b5cb2883434a31547f5f05f211ace1d
+Nonce = bcfd38706ef091cb69b2859540925bd9
+PersonalizationString = 
+EntropyInputReseed = efdad243b81822930a7319b05ce8427eb73376f9b0b84fe6e13ff767447eada2
+AdditionalInputReseed = a295199f2c800b17dd0bf4cdbcf79ec65e79fcf9eee6e73d844e47f93d4ebb77
+AdditionalInput = 2a6452454422745eda9b5c7db4c811ac4067b711dd6eb797ecd16306d335be5c
+AdditionalInput = d2ced8844a14e35113dba2d3c45cf78fda6a278f079bcda109b815a41ee0c293
+ReturnedBits = d467f2fb9d74a710d434090a55673490bb86fc055a2decdad67e5bd0d845fe76cc80854358bb0a8794fe8db631153a97eb805f318e49e278b88f3642798cecc2d72657dfb87fb46dac95124a606add2d78082bcf7a6919390fcca9e31c65edd48688971390c4c1d3bbc76812a4d42c2edc34e626f8a5b983c56ffbf4d1e6bfba
+
+COUNT = 11
+EntropyInput = 97fa51dfc485e3c7eea327a261802bd8afb738ea13045938c1f31fe75949dbbe
+Nonce = 747c6ec7ef6d1c815e527bdc6abe005c
+PersonalizationString = 
+EntropyInputReseed = e1a391eabf45da95a90c8d817ff518a78bf5630e70d9fbad720788ab0ca67f31
+AdditionalInputReseed = 9d6413c945fae2fc67696fa258fa95bc47e7bf40cf07ee4591662eafa3c3f32f
+AdditionalInput = b3f1ab2d73acc14bb4d28d042fcfaf3957a04d2749fc6bf834812ce952529233
+AdditionalInput = 64d4af088acf4b7192bdf9bd46064fefafedd2637845cd8c93e8e9738b87cd15
+ReturnedBits = 6f56ab8fe63389955af7a12ba710c6b53b93a600a0ab4df6fbe374bb00efcec5630ada7c470926f12ffe6af7b2e3fd6d4982a31a7946f87bc9b7d770efaeb0ec36beb98da67e5e8fbad0f72fa45acd2c94e4c84d3f716b6b2af455e6e16b8ad8b33ee05cd315d7d20e0211b7fbab32132726a220f9e5ad9eb5640c4d666a0689
+
+COUNT = 12
+EntropyInput = 394217d3e312ddfbd6d7eb83cb9d1b20f357322e57b48f896773105b84436f37
+Nonce = 421dc160dec4a797441568e039b363af
+PersonalizationString = 
+EntropyInputReseed = 7e7ab2ab5ab64d337bbd489a0d00c13e3bba817a5c93f12e629a51e20d674f52
+AdditionalInputReseed = 57956863c7f2aba0b66ef1a539dee6bfe3eb166a7bce14844229f63e7fac8e94
+AdditionalInput = 0b4ea9e65d177a25dd8d3ae809d4a4c443f2ce01345c99cbd008b7b16e28159b
+AdditionalInput = caafb2c9c672df58a11d44f0136a516497ffece862a958d6357224a0b439f9ab
+ReturnedBits = 35bdd5254768e9df71980a230d9b1c00104bfa09ce2473ade6c905a03e232daadd145b1c3ea8f167fa4cdafa03b87331fb07f0e7cbd0097aedb1e435eeaf3dd37737b6b7a7ecd7147d766fe2980a4577abb72af653c1a0846b2be9d867af2539729fd5aa2f7f3ba987c2a18cdc0b4404f42707012befd32e23daa42716415bb9
+
+COUNT = 13
+EntropyInput = 1ce0b1d992c3dee97d47de163ff7b42c0e0d3d9ca39b1f27a19e8f3648d935f0
+Nonce = 2be89d7d6c583c6baf7f0bf99bea9550
+PersonalizationString = 
+EntropyInputReseed = 4d8d804a3d8be2a92942a3c52419fbd38c30d1d045c9533aad88b63c4f52fcc7
+AdditionalInputReseed = a727cf4c71c91f17d09c31eafab4d55c793b51a0f0598fbbd5d63711280957b7
+AdditionalInput = 55ca64df911dfcae212259800f0c1edf4dfba12af53b90362d013fdaf9a6a679
+AdditionalInput = 56b90e825c616c11a704fe9125d8ca59010b534273ef9587f0b24f42c09b586e
+ReturnedBits = 03c174731989a5f025bbd6d3717e86ca108ab178c3454a0e535516fd9f985e19e1bbdd6cbef69633f7c24d08cc53d861af3bbfea358051b3e3807d2aa7560b3f2a9dfac2a5e2b89c266015f2183aa5d433ef392d633103a9a9c40a117bc31c258c4e668a8ed2e62dd9dcd5e38fa0c9a460f8c53ae2e33cf5f3b7b87868ff4ec7
+
+COUNT = 14
+EntropyInput = 48497a31bdd3d683a05e2dcfcbad10074765ceff04ce47fb52cd1df456641d6d
+Nonce = b02356b8c6bc8345fd197bda0bf00ad9
+PersonalizationString = 
+EntropyInputReseed = 33d699ee8bbd5244f35fe00bcbe947a9d0e7e50abb5a39a70dd1829b0d519dbb
+AdditionalInputReseed = 7c1b207fc12fa6a7502622a08aa3dc34a42b3687f235ec5e012c0d0a6d19b742
+AdditionalInput = a8417638e07e9c163753ada4ed92561ff0f1f4794d636f1b07f3049ed5b8b68b
+AdditionalInput = 2c896bb2dff5af370ebd7909097b64fb3180b5d9507d7c376ab9258548d0d967
+ReturnedBits = 278a9f74dab56e372e419016ad2c95a5be943874f28db6cea90ce303a9e1eaf3e85b9194ce42fec056176920497dbaf4bb6bddde4ae7367c98b94ea2266bcdd376ee5ef12293f50f05059a5ee8ece30b0cd3cd64617c38f397a6bddd225703930fde8c0fe6ff468c02750a625bbc197dbead266b5e19f96a9648e0d974a2ff56
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = b87bb4de5c148d964fc0cb612d69295671780b4270fe32bf389b6f49488efe13
+Nonce = 27eb37a0c695c4ee3c9b70b7f6b33492
+PersonalizationString = 52321406ac8a9c266b1f8d811bb871269e5824b59a0234f01d358193523bbb7c
+EntropyInputReseed = 7638267f534c4e6ee22cc6ca6ed824fd5d3d387c00b89dd791eb5ac9766385b8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = de01c061651bab3cef2fc4ea89a56b6e86e74b2e9fd11ed671c97c813778a06a2c1f41b41e754a5257750c6bde9601da9d67d8d9564f4a8538b92516a2dacc496dee257b85393f2a01ad59aa3257f1b6da9566e3706d2d6d4a26e511b0c64d7dc223acb24827178afa43ca8d5a66f983d6929dc61564c4c14fc32d85765a23f7
+
+COUNT = 1
+EntropyInput = c1ab40666e6d1e81520573714b665a84ca2332689fe0ae0718a9c81b74c85c13
+Nonce = 6c1c2001b64b094754d1d585a0531a2c
+PersonalizationString = 74b2db2665a820f0c4754cf494adc617018ca391ce44b8b06d784ace3a839e6e
+EntropyInputReseed = ae8b773c71bce1ce976766497a4df975a460811fec0a19e8326210397670bcaf
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f755aac4e2146acee080a84d201cfc2141a20744cd71a89f3d440432a81d2eb288aeb07f10710a622df8cec07c8aa5f84a88b4dd295a28953a2f589732cb43cae82079607a7f1ada3ffd4fd30f0c22281509d4ee93d18988e570fd291d8419a067a36e1098b2db849218e23893c3969542ee0c9ab0c00abb6fe72373461867ee
+
+COUNT = 2
+EntropyInput = 30c68ec841deec8350bb821250a815cd305abdd656cf0882d5573c8bd88465bd
+Nonce = 55639c7f642dd5195ca5ceebbf9b5c6b
+PersonalizationString = d7e5afd008c3cf9ba511783923e415e1f8278bb13c9a0565342a94584ff1649e
+EntropyInputReseed = 3eb2a99123ee921bf752ebff3d1bca724b3de8ca5b92aff9e7a95821b8883ba3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f842406cf9e704f2798d4224ff395e27b826abe2174f534f15943a69656c034b6ab722977a3691e4a47295ae804cc2a479df894237750a8f97ed2aa65b9706ebfadc00bdc97a66f19ad02fc1b76db4b5ece558941ae458d0836b8f4a4bd6fea24e07f890c3b84c22b3a7408ed0888face36b713237b43c8c3724a2a3911274f0
+
+COUNT = 3
+EntropyInput = 9100896a763dff7682195b4931123a746ef4d2e6c232c1ca5c4994b8bc0ddc2e
+Nonce = ee543d642b4fd1bbbc0ab997a7585ff8
+PersonalizationString = 5a0db70264f2282be5c08f6bcca690f7889b217b518809976a4a0935dd78bee1
+EntropyInputReseed = 5cc076431ab0f4e9d4d94f7e2742e9bee956dc3ea6d3d180c619c4562d9b6135
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 640a1cb095256d3fd1232297cdfaeee11017ca81e0ba3f49f9c5d35454c39ec512fe079d165b415ea9d7ebf18cf89efdb5f6c5c8ff6d431b60a10524813371e57cfd4990d5713dac1beca254c5ade497eaee59c8574fdf3eef177ead5f8cfa491c7e7d0797d0322abe5115e33662bfa07f5d4f25a6bddae648c3220065f656ad
+
+COUNT = 4
+EntropyInput = 33b16c7ac65c36713b8de448efbb4cc7cf2eed5e970d3439aebddf11e44c87fb
+Nonce = 7b8cba7ea83abdaf53022ee9c6988819
+PersonalizationString = 165655a3456ed7f6c9d8200cb89214187e95380c2765d2f89dfb5480d16a7b03
+EntropyInputReseed = dfe32b43feba0e06d420e311167afa68f465092478181560dfc193dd8f0f0f1e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0d30dfabbb2716ef3e27dab0f525869d2022a7058265ad738a3fc8b7ab99e771651d21ac3b2ff92cedbcb75dc82f25d95851747e81aacd5f1394c57b3c8a19edc47f18222e86707b3ae4edee20adeba058814913d2e8735d69741fe4d4d3532abafca554a53f8f4abd45665d292504f4512d526133710d9e29ee22c849cb21ed
+
+COUNT = 5
+EntropyInput = e2a2697797bd0d4a1b55f7a6cefb7764131ab950c48eda9293ff8ca5aa5af436
+Nonce = 4b195f3851dddcba143fbe9e80ffaa2a
+PersonalizationString = e883605d6c4e1bf4b3d452ec42d7708a728199b38c53fc586eced016a1809616
+EntropyInputReseed = 22dce26b006fcc0bb6fb4a2d14ecd4e3324feea69788965d67e59f7e74b35d3a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 15fc2b130ee19e26bf807e2e75aafa936dd468591898f971de3170716a1ad6bf6f3a5634897d067daa34bea6d1f995eadf9a2856050247ac1b5e0f1c1847de3d09cd855397acf607ba08d41e35e2ed2f7eceb121aff0900100b2525795c4d1f32a2805b08b177478a6683beb897614d7de36e82223fb8efbfcc40bd4a2d9827e
+
+COUNT = 6
+EntropyInput = 5dd63044be8005c8f5ebf920986fe59d346c675d5ff2fddcf8fe85b8a6982bef
+Nonce = dd1aeaad8939df2f111237dc5d43d93b
+PersonalizationString = aa040ec9d06492f1de2c528af3e8a10d5de9e6bb53f0e6bc81aa40aefbca8cd7
+EntropyInputReseed = a71be7866959ec1aaa4a131b2fb452513f94eeb1c5e0cb36a4d5af2819843000
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5fdf271f7a2628d7cb1f9a507db41626ed699131ce81d4a0e16d85f4bba48457e34ba9892a2c61d0738aa89c2e9c5dd925a26a57f01fd0c1aca17fb37a45df92e4c1f07b264911fb7a658d4fed3e1d25c4cf1605f132891c6f0f28d2473b8f1b2d6e261c1ba6f8f0c7cda25ae84f78d8f4a658026f3f84a4db20b54d04253f69
+
+COUNT = 7
+EntropyInput = ab48cfb5ee5199d3167604baf2ba482d23e3ca6f3b80b923de1b7ef29edc76e6
+Nonce = 1fdd89f317ce64c68c8ae166978df720
+PersonalizationString = cde7a26630c6a9124a6b259e501ba55a83b20e7a9c6fe398dbea1e33bbc45de6
+EntropyInputReseed = 29c5906426a81e54fb7374137a177496ff31f207d1bab11c6c503dd325edcb43
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 49ba08db547becd2683c46a8489f3fe8a1f285fbbdb9f359ed855915a925eb353d503cfe80193410186342c60bfd920257578fe88d53aa5060ea22b6a08650414f2eca0a50670aae88a00f9dd67a44b331f48fdd1d320af4398f84f08bbbfa443d173e2d0d0f832e25f1a9e2491f63ccaa16588115f551585832a90a3ae32168
+
+COUNT = 8
+EntropyInput = bf6813a79c9801eea31b856ef041a21da3dc5cb62d28052434cdb49d1587c459
+Nonce = 0e18fb93777447242a3e83d17fd8004f
+PersonalizationString = bc1cd8a5292cd2963e0c43c40b81ffd8c512a3bc904362c16b1cdf1d71c7d358
+EntropyInputReseed = 0ef05d593f3a8709b4d80be9b1badfb2a0560007c345fd978b64c424d4ebb38a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 550a5cf750aa0d1f3b284dea420a5931659a5ee1d01e840b9ceb3b37bea1a7da815b07e57eeac03255156e7e6da7caed79b292e3c2518648a3f5de4b19514270047ec1a99b8ae9448cacc3a6b6e17d5e2bf5247caf7e39084c5b66f0fad01ccb358eb182d7bee22560e59b66c56a31a0e32c94351541a775372f551c782ff494
+
+COUNT = 9
+EntropyInput = bfd5a9f709c11290ba98c9edf23e50833d30540621ec9b3a585b9b0d41bb2102
+Nonce = d41874cbb1c05991dcfe7d3bedf6d909
+PersonalizationString = 5ed8fd3d19df22b6fc3b3be225981be64d3719a36a19e189a555922fb52c2d66
+EntropyInputReseed = 6b3a88c382f511efcb83e649be070b1c3092577ca6e4cfb35f1571e1cbaf4454
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 73ca665958f4bba1a8558ccb758c9a38a03b8ad242c710d66a0aae43e6f8d1e9da7d86f0f9959d0d9b6be043996c8bb794eb2fc902254270f83bc5a2843899fef7a5ff5b2e51c71423577d69057da81a0ad19d9049db6879971a70b3f073a66ac82f92b4ba29cab786b4a50fba27fbb44283072ac47357e092250f9072c5b62a
+
+COUNT = 10
+EntropyInput = ab6bbdbc10c49d9361cc86bec4d4936364302e9aac6d172ca215ceb9e76e1d09
+Nonce = e4b583474d5fbfebee9e729acaa60713
+PersonalizationString = 6e0d53132be943e1351f0067feb2cce950f8b1870bb2832215d68c7844218d53
+EntropyInputReseed = 7fcb734b5bb20e923edf2ed204f898b576c5e0fb5309585d1007e353161bcf97
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5555a2c5081bbe8b8ac5e5ecc52112e71e2cc409364f8f6df0de7ec999cb0e8f1cc1c97b2168afa7f5e166d371e14dd2aacede910ecc868f26579abb0ff858ed6fe85fd8247ccb5fdc84671ec06c4cdaea922ed5dbaf3955ff6ed50c0c45493f9a653334c2d683fe9faa790627db750f3505eed51a0e292e1106d01fd9160e13
+
+COUNT = 11
+EntropyInput = 835c98328f161135fa2f6bc7f6bfa9af2fce407f63097e662dcff0e47a590f35
+Nonce = ce5c103044e2ac369a365a0276346915
+PersonalizationString = 76654d13a8e905f0cd7edd2821424e3d8514af769579ca1d805f03edb227cbf7
+EntropyInputReseed = fa446eda616d0fe2a4e34e559aec33bfdb14f1eb41ee081dd1e3dbf5340b96ae
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 48337054fd5343eee9eff4817b83cec13b34370ff7756f3df48aabe727b687a503bba15cb91c0b4ebe17509606a17c3d3d6dc51d53fac06847fe1c7e92fe4f43cd70a5b53bbd637274ed90fc72757d5a755047253da6f4a4d92770ac02d4811f7a1bc01889416ef81b4ee87b8e465f5846ce58149e28fda6d4c21737bc7dcde6
+
+COUNT = 12
+EntropyInput = 924892c536b3a6951b48d1fbc46ea020be85cc8e9c31c435ea134dab9d40467d
+Nonce = a752494a84aef9b1e3b26f5739eb66c5
+PersonalizationString = fe48e6db4b5b0b23bf61c4933e789bc81ed62128e16a599692053d9bc1b71d90
+EntropyInputReseed = 4d42d3c4245452b6cb1eca8daabf263485c51481edeaf5ed53b36f5b982ee59b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 57021d5b1eefdd6c9a197abbf4802cd1b83106c0999afd43a568b5b79f9d0aa7b2d475f013902010ac60a93fa020154e89b5a84033aee28fd1a46369e2572466ab8d986624119c747ed82aaf00572b34593600095fcf71313cf05e1006f30079f3cf8331934c19a76c05cd0edc6faeed284e396e397dbd7ccf93de25d6387af6
+
+COUNT = 13
+EntropyInput = 0779bfbc80793d19fe8718331cfe59a89c5bfab76a36314c28387d3ae7d40fa2
+Nonce = 4ea104a180779590dd7b8fcb8fbc8664
+PersonalizationString = 4c899c0e62b7e306f0453b10661377e4de9a8b07afd06d5b13b9c94cebfcec85
+EntropyInputReseed = 09b8643f9d81653154cfd81c850967ac597ab59143003db2ea5c9d0deb2cb8fc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 552b1c43830bb57c31280638463f9812c00442b40ca353d513e766556ab9e78fd71ca6c7514af9ec9c02ab4eb55ccb2f1ef43cc9a40a1e178cd04b16818df25ee49f6e909663ac01bdadc9327c9f0b98eec57504c969be1e1d68372676290c0e6cdee682156b18d4e3105a840793fcb40193828d234e0a7252ac72c384425fe6
+
+COUNT = 14
+EntropyInput = 2535cd6f0984da47deb202bff170428f19c9a38a927e74056c68260c5a4889f1
+Nonce = 31eaf3a93c79e86747e67dc545421b36
+PersonalizationString = 97320d221299f61c2b2c2d8a0743aec748fab48934a5955a94dc311e3ff2785d
+EntropyInputReseed = be4aaeff5884f5747aa3a125558f5e232d5f09ab4a8035bbb57c07c8acaf1691
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2c9947d385f855f1ea6b742abe7b6b692499a441c48874692d198a6030b604c9dedc2b9cb4161ba1c51eabdaee6dca9d741621ff358b962e0d792e1c74e24f4d3701b0ee207b0dcb64d66b34abca9f62741e7fa6fe9fa5db8d9ad497a09cba46cfc74a8bcf243c17bba6a28708d9a804cb71d258ffc3834d80927ab7cb4f2d5c
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 6c623aea73bc8a59e28c6cd9c7c7ec8ca2e75190bd5dcae5978cf0c199c23f4f
+Nonce = e55db067a0ed537e66886b7cda02f772
+PersonalizationString = 1e59d798810083d1ff848e90b25c9927e3dfb55a0888b0339566a9f9ca7542dc
+EntropyInputReseed = 9ab40164744c7d00c78b4196f6f917ec33d70030a0812cd4606c5a25387568a9
+AdditionalInputReseed = 4e8bead7cbba7a7bc9ae1e1617222c4139661347599950e7225d1e2faa5d57f5
+AdditionalInput = dcb22a5d9f149858636f3ede2253e419816fb7b1103194451ed6a573a8fe6271
+AdditionalInput = 8f9d5c78cdabc32e71ac3b3c49239caddf96053250f4fd92056efbd0be487d36
+ReturnedBits = 6e98a3b1f686f6ffa79355c9d8a5ab7f93312159d52659a2298315f10007c71adabc0b5ccb4164c0949fbdb221b43acdb62bed3099596f2d7bd5d0048173dd2360a543b234ab61a441ddb9299af84ca45c6e618fd521366dbf509d4ec06174da924361d642b107e5564ac1b32340dd2f3158bf4c00bcb4dcf12c6d67af4b74ee
+
+COUNT = 1
+EntropyInput = 43fe3fb0ade534abdf3a190c29dc96e9255f13728b8a2cdb05a81b9ddbef5e29
+Nonce = c50e25ec1a32e530d8459bd2508ed95b
+PersonalizationString = cd5f96bca1014b30261432a68847b7634923acfc59397f462764d234be99c14c
+EntropyInputReseed = bd5023773b0de90d19ba56fdd61dfffacf81043b5549efb43cbc57bac06fc1be
+AdditionalInputReseed = 3d4f633af072b427372406c8ae13d9660a9032f5d8dcbadd4b44d0ee4e0b7652
+AdditionalInput = a2470807c3a87f8ca585139aed8fe5e45027bce9d3508050b84a09da35892489
+AdditionalInput = 2b2e59bae861938e6e8891d80b1712d323a99bc390eb574266b78898d274bfc2
+ReturnedBits = 5c92e22904f782d336222425f09a6181c2967decff5956dd49d196aad5d4fb7547368f51643796fcc192a42ab5ac18903d1de36a177fb060bd76ccba24379710ef3d7c86080c0f9d6db41d01f5f422ace87f6befc1efa4cde25b73bf692cf0e56a9bd526702976af0c6fb63f226e9df70fb9d6d63ae6ada1f806e6eef6117acb
+
+COUNT = 2
+EntropyInput = 65a1ef55920119450aedea7bdc3439ff8368928c8de810acd459564900330e8a
+Nonce = 85ec6cdc01d378cd4c093de7036662a6
+PersonalizationString = 222e716408e7d37f6f46feb910e1d446c7c45a49dc13c93e306ab99af8fc2001
+EntropyInputReseed = 377365b37ec38f180e0141510636a8356ca929216ce87638bb8ca1c7dfefccec
+AdditionalInputReseed = ec0504be96ab5cbef4f319c15d4965d5d484adcbc1c822509b56224df75f1b4a
+AdditionalInput = 66003090d98a1eb08959e686e030b6202e007bbb66dda622d43bd8093036370a
+AdditionalInput = 5441efc988597a9b0e82aa7e7fa1f6bc85d8c757f467f2e9f00d2abd4cb87cf5
+ReturnedBits = 80d86ee39dd20754e3099a1298884ded14e65539c52a83ab22da749fe6db237fbceb148d4478d82ce3625d47053ff1574638d445f7e88c44ea65e6c338560159d14d3b6f3b467a8a40c842d0cb571e690c2a69293c1bf917b4697dc5ece08eda4739cf40b629ec5389c742968c29f61c72c2670d50e91748163aa4b271205f2e
+
+COUNT = 3
+EntropyInput = 92bed71a1b67c745bacb20f6707cc796a00797d4608abd85a0a0cd51d6b225c6
+Nonce = 96130a1715af35afdf13d8dc3f2e45cc
+PersonalizationString = 8ce419eb3f91ca9b45cdde29d612567574b62aa6b00502585205d77877b6ae25
+EntropyInputReseed = 5638fe2f2d35c4c0e8cb1b6ba0e3477d9f739f7f8cebdfe2363b64e8107c202e
+AdditionalInputReseed = c4d1fe601adf4fb1ad0e0b197216b9a0e523f1b71b7dbe82908a7a0054d9e539
+AdditionalInput = 6dcb2009613a215d683e1b72cb7a8e7f890b9443d1d00d5632f31274b629f040
+AdditionalInput = e8a371c67eabf01974f7b9acbb5f749d2203406fc9441ac21bcfb101509df5fd
+ReturnedBits = 188a534891e2128a14479a6f37583e0ee32287de6d7d38d3a3776f8482477609356ae31decd9da1e51f8e47bc11a2e1c87ceb6439e40489948deb99c2e517ed2b771a8db5cec3fd096bdd3b4c5f27ba78646519d5a87ce84d806e1695a5f542fe801b4b3960fd204ee07ecb6af6c27b3c932738d12bd5815b6595bc6be7db066
+
+COUNT = 4
+EntropyInput = 1ab1e3b80c00b14ea977566bc77b3764f29d22b90cccbdaa9d12dce0f3a0fe0d
+Nonce = 8d5c64748be79d38a67393f5a3ea9ec1
+PersonalizationString = 4324af7ad7fab31da7ab0d81c4f5c5061c4db2e504d026d22dc183bc191c6c36
+EntropyInputReseed = 20ddb80c8a7df10de992f0325d3a6aac262f12b7d07166529c2eca19934b8526
+AdditionalInputReseed = 531a2eb54aee6576958efe2cabb11d26703094318b941681d82ce24fa153e4cc
+AdditionalInput = ed87cf9d21b6d4229b838ad8172306ec442c79c73d1c55437f5a7f91215dcf5d
+AdditionalInput = 0ab8fd485fee152e9444f8cfcca02fa32f1a9f843bf8c9f1995062c024be1fbc
+ReturnedBits = 349b992483f6809cf4d9639178224201deae555addad37f59cf945e09baa7e2dd47ae3452c62eb83e6cb31f2df2141274d5fd969b5242cefed31fbdfb1b7ee559648965b56b55497b71fc2a4af80b6fb53ce4bf0da3efa880772c83b089673d83c1a499e4848ec4fece6a3b990ae26430d86e2329ce6ef200878d7bfbafa309d
+
+COUNT = 5
+EntropyInput = 83d923f6717b9186953e1d1e861869cbef45b4674ad1295aea0add24031d0282
+Nonce = 3ec3ac2a6cb867a0cd37314fb06edb51
+PersonalizationString = ef5a050a4be7a6800e6c583373ed439667f60d13ad0cb05eedc30152e61999cf
+EntropyInputReseed = 961f97bc5a716b5442e74bb66c39324881b25ce2bdd1be2fd8b8c2ff4bf5a959
+AdditionalInputReseed = 37d559ec48e0c9e686ae799f9de0725f205a2801d2bcc8837f38924968eba917
+AdditionalInput = 01c6e83ee8b11096cac754a8ad3bf944dc447c2e9b93292fd192bd8bc7afd362
+AdditionalInput = 909d590361c8db2f29f7993eb9743ff3b0c66950ffef34301eac8a105e89dcf0
+ReturnedBits = 6855e7d670d50d40f1f789f2cee1fdb6879b4401788b54c6ac11e776ad5a07725c3bea17f19b2241322fc2dc23327e5229d3e25cce3c2c52abcdc5f2739596bfe609980c559b239a3c8f0f86770078ff45b3c7cc9264bc1a64e4e668c932ec3a473f8d5ce86a19c0a99009fd4695d392ab5c0c5752621342bbbff00c6e4eb473
+
+COUNT = 6
+EntropyInput = 353ca81e1da9096a6ffd8728601e475483986ab1a0e8263db54d3dd68350c54d
+Nonce = d6c4a10f217fccb997c30e8c818e353f
+PersonalizationString = 96a8c724f6631d9946ab2ede8abcd1dd7f4cb466472d6baf6c2d538129d4bbbe
+EntropyInputReseed = ee8315a876cbfa0eb80a88dc00e3ccf2e130db337996c3486b78a0a2ab391e9b
+AdditionalInputReseed = 03fcd7e774878a3958dab29aad5dc82ec302228b5e6389f70d363b9b1a5c1dd6
+AdditionalInput = a6468d3e2537a8ed4a17c340df4b2d1a026549804aa364fad342f9c47af5d448
+AdditionalInput = 2b004888b9454bc8ef0a985e5a25891b4195ebaeca9debc655db5b9042b29c0e
+ReturnedBits = 051454e174deeec6266e1dfe0b20ae2e18c69a202722cdc7d939c031dea7eb1894905f69440c949d97cb139267a41d7ead35c285e16000ad515e202798a24588f905b646be8aac16196e1af90f4807e4c8b538c40115000d09e7c03134813741a349091a4790b995532b115088f4692c889b644100fcf7996aad7e5be37bc3d4
+
+COUNT = 7
+EntropyInput = 59d6c69bf6919c5ee744c491c787ce0eb09514dd4d1c2e3849afe5967a337547
+Nonce = bc3c23b8b2eddf743ecdf199fd6dffea
+PersonalizationString = 952aec1e9b73fd65c9549d07554ee5c46326e3df8f7bff4cf8e026785945a7d7
+EntropyInputReseed = 92da843962e1dd6b36ca9693090cb8cf40d65b01715591b8c8a0decca2a221b5
+AdditionalInputReseed = 2535c4c93016a94a0ef42beff98a00275ae5ed1ddcdf114b10b143ff7e58f05f
+AdditionalInput = 9063e26b99aa6bc4f14d8db7fe3d84243abb67c1582898d93f5be056692a5fbe
+AdditionalInput = 1d8e8ca8b63dce062fbd9a7dc7da71e5be3ac4628fffe6bf121e71658ac64baa
+ReturnedBits = 7696c50e8d2f62e3ede8ca58fc300b40dd0074ccc9cc8621e733d04ffb6a090decf6075c0b390ab76b378bf68b2c94c77d7e73d5b33000a0f36b794e0ae75292ad8f50b02918b4fc7518916cebe14030b73338326e18932e3d08215bd2ee1a04c16441a65c19ff127dac665dd980f1b8fdb843dda7e323d21a01c823575e9593
+
+COUNT = 8
+EntropyInput = 89bd8a0af96b13210f1abb39faedd43f69d9c38c14e430a9f77bdd90bd26010b
+Nonce = 3763b14f5e8f5fa8a6fe1c2dfce44194
+PersonalizationString = c4415ba2e7026aa9a02b834b63ed71ec080ee3c9ba68c5971d63976a321c2b83
+EntropyInputReseed = 6be75653b095828687d8bb1e63aa89301d05f1443fc417b75f455e5ab5a2e461
+AdditionalInputReseed = 1520684249f2a2154f510e715b8376135f9a9ae6b747923f5e287921678ece9a
+AdditionalInput = 927a30af04915dc00a3e9f29a1c5045427999a33300dcaec8475908c058cfc3e
+AdditionalInput = 1b3b214c5b6d60d8b7004bcc7958b7f170bf0f643a2d36305e22a3a3c803bfde
+ReturnedBits = 5d7a8960ad7399b60965c13e7a63c74a5b4547be0d99bdfb14af45719128a80c408aa2be3a7f4ae356bca6b255b71d16c3519d25a923f8f6c1447dbfcdd972a6b42373bc2349075a84c010846ed8342d48b18bcbbb88d27289c5e24d44b8523d046158ac72cb786d09d0de9251820575b5f870fa2ed2bb4b958dc5c844c513bf
+
+COUNT = 9
+EntropyInput = 1390987ddd62538ec3e430897f67a716fcd4c3d5946c1cdf5d82d5727868e0bf
+Nonce = 5d30f2fc816f322e85bdee70321b8497
+PersonalizationString = 224bdb222e402d1f024df1cb8b56fbe2eda9d3645d63618ad52225c7432f76f6
+EntropyInputReseed = 62ecb17bf06662045100d6f34b94418d28edf3a18fd919dc23f1cb9623c0a2c7
+AdditionalInputReseed = 994a82fbecfde67e143d7a7ae3650c126b1bac16c69b57855ea9755c4f8bffb2
+AdditionalInput = 783bddadcab6ec40c071372b344ae6a8c0070caa9d67df2292032d809e9cb560
+AdditionalInput = 8ecb047eda8cd09842f2d3f031a79c2746c00b93edffaad7bde41be1feefd551
+ReturnedBits = 4dac95cf35d14ae5d0ccc46fc6f7c0af5dc009a840c5f886fb9b8406f4a1bbbc1f8a652e2b1ce1960449bae0898ef503611e6504482420ec3f5a62292b79d28bb8e0949d2b214cd51d4568e1d2c89ce7500478b7d37a9d1022cb78a6ef2a95ed588e5474f02fa7bbe9e619f0be60a902221aac427908387d605d85498c069ffd
+
+COUNT = 10
+EntropyInput = 4af34574c878d331f07e1d9b33c0ab64f8e7e2c4af6db9ad8ab6d80c9acc6f16
+Nonce = 67165bb5b1aa3e7814f9d5ac2027d04d
+PersonalizationString = 39d67ab9854a3594575c86038eed80af298b9111de343d9e6bf2dc4b62887fcc
+EntropyInputReseed = 3e3eade8f9fd6101b38e9fea97157fe3a2e6c9baa9c096e31ea93f05623e38eb
+AdditionalInputReseed = 6638c03d015b120a5274db3e1611bd67a8858baced899b6c4f74aac976ab21d1
+AdditionalInput = 208fc73960ff4a55e37bda3b46f8258830c470acff89e300ef24c9385e763cab
+AdditionalInput = 2d2dc10adeeb06e69440d62f4ad6df7e02fa17119eadc3aea8aa0e2e5f9273bd
+ReturnedBits = 1fb173440edc656d1d3fe84398103a10ee3a04d6fa4a608d7e915303c925f11560a51e614f5c62c4c1c87d2bd1742ab318ed2a565b1bcc7cddfaef5cf8ec173882dc1a311b8e2e772c50c0268f04714f0620f36d0fa1cf1237b6f07df934224454ee0a7fbe1d98d6b670e2416e4c2ea720195ed49c1e1f27e0e99572fe51be33
+
+COUNT = 11
+EntropyInput = fc78215e3e873e9b573ade478b9c4f6dea547e8f9aeaaad21cb5b8fbf50832b3
+Nonce = 931c4a74d7a6b70a8c3ecf2cbb88ef46
+PersonalizationString = 91f3dee0d8e6275eca85f4ba75b618bce96144e3c27896e1e985e5041a399b0e
+EntropyInputReseed = a9668ede5eb76074b9687fa08d815c99ab2ad99de6eaa4039b6a63827f5e4619
+AdditionalInputReseed = c02d58b50c710332c6d05f28f24786b6543aa35e93b36c823d012274d8aaa327
+AdditionalInput = 2df8707d3e3f41a905a89c1c6b9552af2d148f50b3ae7d2d174f1c7fceca134d
+AdditionalInput = 24b4957207876625494ce8930b43c63985d7af6a1ad2b9427a3ab23cfbc27f81
+ReturnedBits = 4fe286abf0c0fb2fdbf64e02d3190b981e46edc5c47fae9cc4cb34700b4d4070b1829450a4f7204d7c874ee4f9ab8dc9f3102b84e855f8bc7ce2c7ae38a396eaf8db1a1a13abc3841884c7df0cdcb70942efc9537c336aba84383f4d2156801aa4fd8b69995b18dbde8ea9838775356e2fe353ecf9fad8874a33d6ef7f567992
+
+COUNT = 12
+EntropyInput = e1b15d0077ad8a2ec943c70d75426ed8e030dafb1865b1ee17dad77cc91fcc06
+Nonce = 06811c893cddfcdbde74ce4548f9593e
+PersonalizationString = 0d156b2071392a9e9735e47d2160915264678e81e55fd1938be271a771821c11
+EntropyInputReseed = e24e62f1ea663b61c422aaeda99502696c12c925b63b9b1da2a7ec5428946284
+AdditionalInputReseed = d308ee87714d6c70afcfc16e956f369ba124bfc09b85c87509227a895f334d7a
+AdditionalInput = 52449c51bec014f10b359e28b2d891a41b097e8d1b5b6152cb0af9f29bfc7817
+AdditionalInput = 9ba0bd3e3f814cc7a249a752d16df4b44026f11a63ec34b06f7c1a56d4ecef32
+ReturnedBits = 2f4709aa9ee1d9dae6513bf362739fd6df0c32ce54cff46afb1a5f7526780e2a6fc6e499c2dfd16cfc8d49308a0e5d0ccbc8f2857441b225109057ba5cc0724f8fab0f58bf0a937688fa65e99f50a873caf74beab77da6f564181d2d4cabcdbdbe682e912e3dff69ada598cd2de4635aab1b1f2296b193db17ce313cceab8a5f
+
+COUNT = 13
+EntropyInput = 2241fe35c8801373b1ae5e092ac95a62ba42757b1ffd739ffb643031d180e19b
+Nonce = 555d9b99b2e611a72a8f487b72a4b56e
+PersonalizationString = 35794a5b27d612a4939c47dac8a4e9d303bdd28a12a8a7010cb1e59746f99677
+EntropyInputReseed = ff0257e449ca5d04dc27a86cf6a7738f61185ee84f3660a7a92eaede140eb282
+AdditionalInputReseed = eacf98e4e37a4b76879fc797ddd46afd3026d016c43536eeb337524c779cd3f6
+AdditionalInput = 3957d3350371c9f898a8d4d004c3e6baf8bb71812a49865ff82acf220f3ab935
+AdditionalInput = 0a22783955947ed2388fe077fc23c93b4ce8a12caf7079f99c93e257a2a4ea03
+ReturnedBits = 3bdbe1afd776c637648879f334497feb5ad057157ebb6cf20febe2a0f91f60b99d8ff8f6879bfae5db03d4dd76a4d6ce3d02d8a6f36227dac80539f890dff10b630fa940d80ea8ccacfeb8cdcdc1838c91a89a57f2ffe065449cc82ce9c79bbc94712b9ab870305d74a0b16204d066abf60da14fffa9665f8ac5e40b255f6d65
+
+COUNT = 14
+EntropyInput = 8fa32a9db549ec18326348c6adaf0dec93bda83b0a6ba43f146248b7aeab2a09
+Nonce = 2bd4beb69697ea9237652268d8e58442
+PersonalizationString = be95326377de3f4a5e8cd1b28a83331f4a9e0b136433d96ab4f0d175f7e883c7
+EntropyInputReseed = 891e4aca8c3656e2535eba10c03fdaa8cfafdccbc408f2fe601b5f7aa2a47328
+AdditionalInputReseed = a9808b32873fd6b07d513719821121824e99d2b2512c49b7805df3686339e8e5
+AdditionalInput = 1a8a3e87f690b8ee46e229334e3fef7079646ea8e4e26c5372e7e747f7c9993f
+AdditionalInput = 5c02214bc629611a8ea5eab5e54e7ceb1b07aa4967400df3b0a572fae1d34258
+ReturnedBits = 085d544210d76fa6b6348dbbd4475d46428d9ab4e8f1fdd264a68895d625a7f3341b186124896a91b6d668454cd7be943c7c3a8d74097465cabb4abbaefde37bb07c51b5a5d0e52921a09c155d682f4592dbdd9a7e4d74c119e2e3e5c90ac5a86471f7ed49fc6242e6cd74b0ff995319d523380b7500671b1b2dbbcbb3db6fce
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = a38b08f7912b07221ee08fb2f185b5a85aea486da67d9e3625521c490043c75a
+Nonce = e7eef6fd04112925b7df7340f073e477
+PersonalizationString = 
+EntropyInputReseed = 8c6109e09d49ed642991fcb939ed0e94311b9a742f630eb4a8f3d8483614c147
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 66758be9fe3efec7a9c957121469b4797bae5bcc3b6e19e542a968f368f662811a13cb67dcfe7cdb03d7175096187a26642e84c2ee33809b9e36361beef125bc901bf6a91c8dc256f255522ef4d034e4b63b75515735600aef7ee3aaf3f7a8b1e8cd029a299c809f509b6a1bb5177e7e22122efa48e617282fb25b8c2549f25f
+
+COUNT = 1
+EntropyInput = 929658dda75e8f8ba796645063f1cc178a6ee849032d9902ec090da9a280a8f4
+Nonce = 536591342fd26757dafb1cbeed768c0a
+PersonalizationString = 
+EntropyInputReseed = e2093afee171cb35f0d04d898ed774c8a450f631a0285bff3c7c3a6cc42de2b6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 584c0fd6f2ea06f3fd3c28a98b631f92514878ae530bf61658981d5cbb9b50824110a27f8c3035187866cb886697f2da0608252a6dd6a8e8089bdee09aab927b001e83f045409b187610123f9aa36692c231e7431565fd67635e7c45dd2fafe183e12a4146ff8c3f86baf143856ae6d8d053bb3f47bd2a92b018df31fec0ac76
+
+COUNT = 2
+EntropyInput = 2b4edc3cd3397f16e8f5deedf587412b50fa321643192cadddc68b89ce84497e
+Nonce = f42747084740a2dbd690e15a3dd4706e
+PersonalizationString = 
+EntropyInputReseed = 85c69c831ac2c38756f29f3e01db209a7c3e316b380eae378725963abe97177a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 673feacf82c02d45fc11e1bb7529bb598cd792907574ab90e3fee7fac826d1dc67e02da048fba68f9efd1b6e5cab7da8aecbfd9e1c3bceb297ec97cc9ae84c7b727a44c27bf3118de96f20ec863759aa79edb4fa2e2456a7242c66d431b35aae61a2635dd53879bb0d37904dc56f1b4c11ce2e1a2263195f381522cb700a4d64
+
+COUNT = 3
+EntropyInput = f7a3813f7e40ff0cc1d8a1f10275c9aff1f29177c5cb1acf28368fba35c44ee8
+Nonce = 22dc96f253722129eae2e4c5e5b7d148
+PersonalizationString = 
+EntropyInputReseed = bec8d1b2841cd9dfc4bee2079a79485c545973ca9b0ed0f4cd232fe9ab4d849e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0ba0649caad783b23c173a6bc7bdf43700242b074a8cf8fec68051ff6c8dd164866ba8e8abae318aa1ebd02268d3e2151d782d5a2d9bdade29037efe9f6a54f61cbaf3fbb3c22e318d4162c9266069525c4b5d2351308ea14fa8e66ae8265a05bb24c70b13adbcbad1fcd0d24a1d67e695e21420059e5435142c4e894562f9f2
+
+COUNT = 4
+EntropyInput = 3da5cc9aa43b181a1e80402caa69148f3ff442e3b18122ba8486d98a046cb9e1
+Nonce = 2cc86d6b829dcfbd48642c40e29d299a
+PersonalizationString = 
+EntropyInputReseed = 3ef32a7c40575d540e24372e90799a3193c0daa8b61027b1d1a4d3a3443ad4de
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 784a9c0b6d52b50c9c777ae9592b6a5750aab7383e00f3602fc0a9be250a346dd1aa6833dfbd7cce8bda9fa62c0d4ba5960b8db6c066b127ec0fac84e30168c0ecba2429055f3e7edd78c735b0011b44ce2f180c389d7d184f730d6f993b20685febdfee39e48abe66e663ea0eea966dce835708e4dfbd9b5ced2a9fbb088bfd
+
+COUNT = 5
+EntropyInput = cb072244f1a3ace81a03b2076641ee8c0537f08022732c049875041b75ae54db
+Nonce = 2e05fbf45c9cce7b22b6759065596f0a
+PersonalizationString = 
+EntropyInputReseed = eb2803ddc2655d8106706585dcd3581ebfd5a7f14f95d5beba0e8b73631912b5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0c10846214bc7e0a4f62fb5753c35b02ce0b01c21bb44ac73be36d81a7340e432912d7f47c7bb7d7dc5c5c90cc83f5994300ab7ba2d216afbc1ffa3f770ded05045314e26fca1a3159a6dc04b30e3b5fbfff3c4be0996fb52484f44008d9505d2b734243444861a1ed472789d22b16d702fad94da93a9e0df01f6bf4c7dacb74
+
+COUNT = 6
+EntropyInput = 33d647e0b191f0c07220ae529aa84b0b4b6aac36aab1a6809d19b18167af6a17
+Nonce = 39a71560d62cd3734d29f05e2bcbcda2
+PersonalizationString = 
+EntropyInputReseed = d44926120ed0f08ea2f33c2bcb0e54d6be25c62e55f04ba9be72224eb17ca315
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7960ee51d0c4d87752e32d3438cfdd48fd76f5857ae521705b1c485c4b1c7bd9f144a5e1991f8eefbdb8633dec4ea43c5327e5c9a736961b7be8d20313accf84cf869f515ba47b879cca9b2a4fe41b300537732f3a9ab8c674011c5f1da08db56b873e2a1b6dd4a9bbe6d36c17e006ee3ebbe5fdbc9a402825f1e6ca9d595525
+
+COUNT = 7
+EntropyInput = 55fb797a44a6fe1bedfda988fe76caed3729142c3a5ac7399270662eef583e0a
+Nonce = 7fc0fd37812a6ea8c53735c8e906bfd4
+PersonalizationString = 
+EntropyInputReseed = 8a4a61eb1fea0561c058d8ed2b435e181127b9c38b16829d46e2060d85130c4e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 889a95933a078cab3fbd9171da3746b789605a5345466c387b0b9f437777b19e37a1256239dfab38c1d18ced81868425973e25e8d3775d60fe46211c2c45d99f1f381a8bd6aa7809f767b343bd65629039b7e9ae6dc8a02a035c4aeb08cb6d54af1dd2b5d59ecbff9be9d6632a829af4bc12fecd2fb5379d748c89a98658abee
+
+COUNT = 8
+EntropyInput = fdba0bac0fc660d5e76907f9f5618249afcaf5ee114830379ce02b46187856af
+Nonce = 83525fe2d6edcb4174238d2015ead95d
+PersonalizationString = 
+EntropyInputReseed = 6a9b2a65e0a88b8e0186608ea8cbbd0a015a3e481ebd106ce0ab3fd8973bc773
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ad2ae1de5dbeaeeb8be13882f5a3cf2726f7ce6f3d00289ded40e82e8a0557db49f31723c4dfb198680366fe698fb0ab877e957886f291ab4f6982395198f95fba9c17e471fec6f8f223845e18d2ba5f8e57967900e7d9c819e33cc259a0665b81cdc9e68f646f8f10202da22908236200a11356d3d77268a00b434d39d5494a
+
+COUNT = 9
+EntropyInput = fa41680f05ff9bd55ecb55adaf6eedcd7238f791e246b6608c4e32d9b7e676c8
+Nonce = ef608e368ab5f06e3a7c7628579ae236
+PersonalizationString = 
+EntropyInputReseed = e3fc9a33149e6013f5c6735309fae85248a20b958508ab171afe1a71364b270d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ed35e497523cd3c2488465b7ddc4640b884e2b9701707e7c23898f9d82006f2b5845260d3943712bc6ed7b734b6052eb88979f00ffd2399e04fd7bec0bb550036e4965dc4ff8937aad2bd5bf6ff1a86a178427b408cfb7232716ea1f2536defc9435d80a90d3a7e8171a7b26f1a85c9f93ca0cb6050d79efb62cf3e19861ace9
+
+COUNT = 10
+EntropyInput = ed6d3846948c23ce34634699da5d329cb35956997f5e108a1b56e2d624b1842c
+Nonce = dad8106cebebe79f735af2607cec9023
+PersonalizationString = 
+EntropyInputReseed = cdae82d67ba3a3af92e81dc453fc369b680d4ae88ded36d5d55a6f2ddc5aff74
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d1cc60302650f60a42664fff6b9eb6b6ecb7e9adc16621598ee1692cbe70ccc8b4ac0fb972cc1a7099b0017e65ff16e689ae14ab29add94887616558452afb5a541f651fb1551e795a13864f978cec1a48935e4cdcd3478d9b14ad232e8359fb48034fc948cf86cef569dce72cb273e9c9976626fa5ab5a846ac9e5a328cf34b
+
+COUNT = 11
+EntropyInput = e993aaa6aeba7550c14e22b1b7671a03a727708fe061f800ae0a8324592bfdf3
+Nonce = 07948e98cb211b9d56a6e54a754f17f0
+PersonalizationString = 
+EntropyInputReseed = 1ec08eafddca2f29a72ce2ded62360670508f30a58da688ec2414ed3b3cdac95
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8e5a98a6daf30666d8fbd740d96cbe3920427a089b4ae1cb26dcfc790f2d7eee18e26e60c2d4ee16139add6858d15ae6fb1b39d21cf8c93f2f9eb01c716abc5616541c7ded01f4d143a4d0e002d99462091d85f46bb2d29c1e41402a807478ca6110405cbc945c5e9415b92e7dde9837b1ea00e8e293d6adba9ccb76affced30
+
+COUNT = 12
+EntropyInput = a4056be11297bc58a6a93bcfd6e14e1664a54943a0c66a700fb019e4f9c7e9da
+Nonce = 5d3c277a30dacf7ad8c976c023a8176e
+PersonalizationString = 
+EntropyInputReseed = 9b57cd8ecc0a8009f8daa6624ee15f6d8631e0fddb7a470d6b60ef0880c4f53b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b624c24a175d0d8b071e28a8cda21e51ac9f3eeb156cacf12b770351e2e45735aee48eaf58752ab5967bd00de4dbaa35c9d04e264185414d0ddec54281e35c6fc96f645c0265e156a8c73627dfe908837a1a584bcdf534cf2382ede27277cb8e88d648bdf51bfd893e24f1c0a013d08c4acfca7ca1aaae41dec255a845351c78
+
+COUNT = 13
+EntropyInput = 4a609f79995e18a014c7ff98fd768a5f3a7238f4819d036a325977177788d4f6
+Nonce = 93488c3d113753a69bae2f932c7e00ea
+PersonalizationString = 
+EntropyInputReseed = 6acb0fcf5ebf0c1ce474a51e37cacf589270f65157d4cb1ceb06812e93a020c5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 63ea85ce408b7748a78513fdc1df7072a2f69e96ae1e74ae81bb7a915666adf88705f745e8ce793eaac96fd22aefa6d15cb090027c5eacbd2519f1c004fa6e8d4d046ac64ed3b7efc64b02cdc1ebe873badaee220f76ce707909d35656067bbfd210ab3747c1da7994a639f1e8be054c0b4c6529a6f36e2a73a4a1b7d1f85408
+
+COUNT = 14
+EntropyInput = b84e35de071f4dec9d8f9c2c7ecfe8bdf6036206c5ef8536e8db2ed823b113c6
+Nonce = 27a97babb204a92403d65e45a307d162
+PersonalizationString = 
+EntropyInputReseed = f9f98c4354dec080cc5667f759cd00ca31dd380130e4eeb93c74897800625328
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fc8bdc61fb9d86aba6422565bc0ffa67ee604dc30473601ce8397fc8bcb535aa095c03081dd12b53e20d7c2aa1237f73f831674250a24032b3b1e9d00e65e167bb29f6fc3e8ab5126c140382c7fad363a0dcf5faf8f014023cca0790c60c48a95e6321ec6c311b763d995bb6139f0b11727a730a4d23fa52937c36182c51a1be
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 8e3d3160b8e5cfd5e54290a6bcf00b9a584ae06330ab994c2fee7539faf6e047
+Nonce = b3063c604537a31165e92e3c7e3078bc
+PersonalizationString = 
+EntropyInputReseed = aeddc28340d623c90c471752fd967ed180b28e42d9732e7b68d4dbe7c46b399b
+AdditionalInputReseed = 41bbfe767597223435cb69358c3fbe3bbb55fe50b74f7456c6bd09aea4d8ec87
+AdditionalInput = 792ce85dcc2f409cce6cb105a80136f1dd4755daf467c807e1fd2e69f0f683bc
+AdditionalInput = 23c83ce2dc5fe94e3462504e55d612897e4928bdf23afd6a21efc967e4dad423
+ReturnedBits = 0dffd2d53e1f70681df4e893a546618c6a42f1a6629306e9eebabf31dc7aa856a6f1a574dfd4cce25cb1f7752de017a757508429801a788ab6b63bab22c00ed8d514708cdca02c2c06ba290179868bfb54aea0d33bde57dc313d671736f33231c7e96cc9e0f642be52430d701fb76b993fbfd121a3babf1be519875084933836
+
+COUNT = 1
+EntropyInput = b01d3c5e384773ebd6388b98bdad56a59ce26d32dae7904052fcf588b65e64b9
+Nonce = 71451b75940b4426fa9957a640637dd8
+PersonalizationString = 
+EntropyInputReseed = 508da103414f6bca3916d782536bdc46c9ae5a706b7f8e46ee3e99ca4cc8c4c9
+AdditionalInputReseed = a1b9ef553f65f06a3db10ba33b5cc1af7dd2c2523401730fe30e9a10bca027f6
+AdditionalInput = 83e48b996d53066304c9f910120ec50037d36b36d9eb503944dc8e6a4cd2447f
+AdditionalInput = 4c8c836c589f89882d8ac170b59c5f58be029f36064cf27458ccfecdcdc75f30
+ReturnedBits = 60a07285a71ed65215c2027671e74128d154ea0f874cd9c9247e68c40ba86455a66eb3aa162dcd323fdefdd73108ca22e232cccf554e0fa4157b933626a34a83ab8b502469809b9e325ef392c5dac797f807d75ea93f21bc049a553af4c100c9386d109d39d2ff8d7b1117e7e8bb4b5bff937b89c908baf18e202e9525086648
+
+COUNT = 2
+EntropyInput = d1124e952f7ac7b1ddd6c038f0d4f6e6ec881f8821999a394fb88e3cf6f0635a
+Nonce = 234835c3ea9c497a098001b914015986
+PersonalizationString = 
+EntropyInputReseed = afe5d8187a89bdfefa695576665ce6cc40a2d963d744b4e98b4d2ad3a6864384
+AdditionalInputReseed = 76ca1bad0ac8e5f6008803be4952001f2f47f002cda541460546f45c6e40b92a
+AdditionalInput = d87f51aa466fda01dccd399c356184368a2b14e61d7417853e547c535461239d
+AdditionalInput = ed1f955e7694380929fd718469f896270727e8d7f5f209d4bc1e4a91ca2350a3
+ReturnedBits = 0ee2cb162653b1997e33156b59317b3db3eedff69b71212b0ff60bc3cfc2ca4884756514fc81060768235ec19f68f2fbb15be9cf1e4c359bf3dffe98618f23301a6f2fce59b34279e009d1341e3a9854f515fcccfb8ad095aeae4e4b9a791f94c20163dba679765fabf0361219ba445f63805466529d0c3b7a9b78528ae54edb
+
+COUNT = 3
+EntropyInput = f45ad9a70ff2d3f1bccb025062bda1707804f2416b75a72fe5505ff654954858
+Nonce = 6f5037dd990ce0490bced8d9436a2175
+PersonalizationString = 
+EntropyInputReseed = 0846276a3249d905ac0de5fe29c715d72fae1c9a827ea5a38ee1ec378da0909b
+AdditionalInputReseed = 699c6d4ebf08a26ba67dfe84439f8472c6c02aaa5b777943cd272d10a4d9909a
+AdditionalInput = 52c20bf432a1bbdc9ceaf01dba0d0a1994bfd0d1f92e45b4b3c68c0f340beab7
+AdditionalInput = d33074099bf9f93428c751fd35f25c6eea54dd435711e345efaf01ca6d4e08c6
+ReturnedBits = 2c01efbf7c344124c7f321ea36e8f1a07553442980ffc35a99233bc21c6557e0e10d81ad5f3a88064eadca721be539edd8b1742fc89de1783e2d1e874e1aea2c60325689ea3ef074d90e10c13e957c37b5787d108f86b9fadab0fef6bff77638a3b25eba84d1eb1e5e325647f6aef8c5bc13ee97bbae4872b9089b9ebea4d6b4
+
+COUNT = 4
+EntropyInput = c74a47a6292a7e9a7c918a9cb2852f7a4343b64f40025eff69816c0e43ea4cc8
+Nonce = d692f78ec411222436357de659f84153
+PersonalizationString = 
+EntropyInputReseed = 67e2aa0c93579a57aa9b0d67acb8f7ad3ce2ead7842d3f88a1c56abcc95acf04
+AdditionalInputReseed = eb7c8185787647dd26116ec8481726601181ed7d2b22b3c556511e10370d04cb
+AdditionalInput = c59778493bb420f6e25ab35b7d259899983b9607b377a83e6469ec7487c2bc78
+AdditionalInput = 4501ed5569c19c443403bb4217f9a2f6cab8b67f80be8fd7a681f37d97d6a6ad
+ReturnedBits = 01a40362d045a1f8c8d2858cd49644e598b8bcf4f4dd5f54f94540a6bcd3d3bb6ca98d7840a96aca0c3c563b9626657456ddb24c0e11cae8a601babbf773c26cefb0763bad39e167019cf1e5ecdf3f325e3ccb91425434284669eb4e6134dd628ff5336e5a4a79d38e3717c5f7cb8e437a3505c8985294ce658e62a9eea141ac
+
+COUNT = 5
+EntropyInput = 9892e77d7131cba688688b26c4ec4454f9ae6ecf8eb1ed33673a36ddc712f166
+Nonce = dd31c195fb1c55c3c1e8a88b33ae40e8
+PersonalizationString = 
+EntropyInputReseed = 52b768bc093181c759b44efc5ff1ca48ad746db0495bce20d454f18f9d7d5a60
+AdditionalInputReseed = 8adaec7933e098a48a6dc5d5d5c85400d6d28fb1ffdcf33e879523bf98aa8539
+AdditionalInput = 0cc5ab0f7d9ca34db1a1fec7f3989765a4e86ecf52e24dc29f9e0dcb6c7cdf88
+AdditionalInput = 1ab594f4b8c0e9abfba1336b85f2e8686cf3b606b64f589579de21fbf68332cd
+ReturnedBits = d7add95ff00423febee95cedf2ec02eb32ca90b7226ffff328fa49d5e80c95b7bec00fc9354f3a641907355d819ff693c4ebcdc2239a8ff02cbea775f6bab293160159d974853d11fbe5a515c28d7e872164484f3664f4ccea77067a42c8dd6436bb4627dfcfdc405f99da7409a6b97535627c7923956340387dde9c11234c50
+
+COUNT = 6
+EntropyInput = c9424e722eb11573d5eef7a0a3488cf27b16df5e84d4eabb566a0e462a4b40df
+Nonce = c9f2d164a445455baec2d9cd59814d74
+PersonalizationString = 
+EntropyInputReseed = 7f821949a3fc7febc5d33d627cd92b7bce2196a8cffa55f381166bd65957c03c
+AdditionalInputReseed = 8980295cb58731fbd7164674765aef9f8cc3943265ccbd5f660c02cb30941a4b
+AdditionalInput = 5e736b2f41618954944af31cea8bce0eac67d4418d6994cf4a9062c7781ef2e8
+AdditionalInput = 529d04e80eba363db37f14b2651f72351fe509e76cd0542667e22f9ade090ca9
+ReturnedBits = 6c298c43d8f51ecfee6a0b7d04c2c431769d5387a68fc6f94c574343a5d29526ba20275f530e98ebb6b3390512d8896c8bcbfb5bfa6469ff6548fe40b7a48762762ed1836f889b3501aa64ee88b51acf3a3fc2608b4bac4231cd92ca8c5cea0657f89ab30bd9aa2093ada816af734429d212463735be6396c04a67215d0e93d0
+
+COUNT = 7
+EntropyInput = 3b0b4bfff28bd72333e29ebc729a5b28a3b85d46110f3db954f81e2590a6c700
+Nonce = e1a23b7205b6c119f2afbca1e4c2eb21
+PersonalizationString = 
+EntropyInputReseed = 5d908251d66b6d9a718ebd354d5945589cc4e58a7479950fab99677f7f0070ab
+AdditionalInputReseed = 9adc919c582024a4da25c1560f6850e27eec900b3dc860c1001d610dee173ea2
+AdditionalInput = 20ff1f27b911c8db0dac7f4f6863d15f5dddbb51339060921276e69db5b15d72
+AdditionalInput = e49619860591e1ee54c0f524244f258453fd38f2e5ccaeec460e65c9d78ec49a
+ReturnedBits = 36354df1d21187316cbcec20c62c52d5f198379d2203ecb2244226e3e9e9aaf4380e4e516086c9f0c12631dacd01d1fc3753983b16420e67d4ba15239d596cf83eab7d12db0c4cac6932f99f4fb6cc85e3b8635229c41672a95b6b9b92a876e035a07eaa3e43e4f09a0a803fb137cbb7d6d91ac4dc5c9d4adaa1dd2a30b34ff1
+
+COUNT = 8
+EntropyInput = d942dae7ef77e09e467130fd9e3f542a5a7d96b7c323692914bb32895fdbd9e6
+Nonce = 17bd1a0053db4db75ed902fdf06f5486
+PersonalizationString = 
+EntropyInputReseed = e12787ea8b7e9161f00c8b6145820843408116b644fd803c6d7720161dcc2bed
+AdditionalInputReseed = 5bef201c987b55943ec6050a98f43407248d12fdb718f8110de108a81a445129
+AdditionalInput = a2c08a54eeb5ac37f02dddd5d65b1534655f3384f469d44191e573f9eec0c096
+AdditionalInput = 6570633cc8f9e6490f516e37583daa550aa9719d99a98119221b605536e22748
+ReturnedBits = 2b8631968d6a6c8c448fd0a6307fbf7a7b39159a8d6f89b3d0b1d7bec08b397ba1616206ed7e3d6c25ed5100ba25da95d432ac20672bffc398736f6477b9181b318c42ddb353a3657a6b3ea0cd4a3b2a2867e2bcce5352c069738b0eeeba98db3044791ea03a563b221df59f617b2cfdf84b972e629ee2d748cd3d3c128122a0
+
+COUNT = 9
+EntropyInput = f5bf3c07b47c64dc616e4ffeaea7310de0c1acb18c4d75a9369446951360c926
+Nonce = 6e9803143f4c83c88c3164108e00cf71
+PersonalizationString = 
+EntropyInputReseed = f8255e5ff8cceea225cede072203cde88def4e2263715d3336d2e2a34ec69097
+AdditionalInputReseed = 9028304fdabf8a21502205da145ecf06743243a9452c9493cd6ee210e22ed810
+AdditionalInput = 4676fbd9d2193d04d90f9ee9af2872a67a46906e3a36849ad82c8d4d76e279a6
+AdditionalInput = 709145ece00126affa6e7979fe63e4c0b86216ab3fede9b8de4f7431d1bd0c41
+ReturnedBits = 486494aad1e33c437cc4c7069aa87d9a3969e0aacff5203d50551fede4b1046778f539cc1e173a510f3112f87554e0cc564464aa2059084a800f6e39dddfd48e24bc3b14b7f42cabccc74e1b2acbce4690368ab3ccf99660f69f99aeaa17c527ce36347c92533102ac24c802e6a9c7bae7183d685adc29874c7e468ac66ed37b
+
+COUNT = 10
+EntropyInput = 3695e9741e3a6bc58e7e39541d6223b9e7afe8ac99a020ddfc8f637c32b96816
+Nonce = 94da5fc69e135c80d6840badb685e55e
+PersonalizationString = 
+EntropyInputReseed = cd039db768d214069d1e846ce1c754f486ddec1468318905b6c3b13b67fedd43
+AdditionalInputReseed = 36e1089d7cb405adfd460dec8cea332fdb62f840d2eee7f54fa5be3fdd94d92f
+AdditionalInput = 54220b8d419fe05216a5f2b4e665ea4b91ef6d31e3100bb693cdd7613faaad4e
+AdditionalInput = cd056f86e166ad1b4d65b2d88d032a4762918761851d8d259fd617cff883e64b
+ReturnedBits = 4bf2261f562c0ba72b1cc85bd289ae7071507ff200fbc5a9de8db01a620a4e3e4049807647289579ddaf572b724772491705586678b9704a55c6e075559cdce89c18976035d25df4ad3906c50a97e2789cf977e1d4e9eb99493a2cd2409674e500d2e018ac97b871f80a34e8072aa6ba9e6f087e771c5c9149a3bed15ba08c11
+
+COUNT = 11
+EntropyInput = 45ed521cfbaaaa321180fe7f9374b0fec540ba0e1d4f5c2b3ca0579db4c72ae2
+Nonce = 59e619de4f904546ff8bf164d03ff568
+PersonalizationString = 
+EntropyInputReseed = 8c41c270288a1eddfbc608ba30a574a47a3c0bcd34ad661d6ac7c3535a9b3389
+AdditionalInputReseed = 4923d85eb81a8283f07fac186d5781e334e4608e9a72db60c187a9cb820fdfe6
+AdditionalInput = ab6ecd1d55960d7d4555063c7b9c971193ece711556703466895df88115a9eca
+AdditionalInput = dd785eecd3b7a5be50ba1bfe893af9939533bc6c7df054f6751b6f1a0e5b41e8
+ReturnedBits = 3027d4441a0da4abbabe9347186d522a9cd25719393c90de270ba09464a6ecb2a30840d599b6cd8b982227aacd03759392665e1cc07b2d6cba8b4f6f9228d109bca59de5358436a2e181ede3c67746bbd7d5ee75b88b5fbd309c6d90139812a0f2aeac82f6210494a3fe729905565cee4230e8fbd132995aadd9506dcc9535ab
+
+COUNT = 12
+EntropyInput = 1d6953239ae8f6980f19aeca187049fbaf5ea27334b8caa7ce7471bd488cd624
+Nonce = 337691da41d45658234d1992ddc00298
+PersonalizationString = 
+EntropyInputReseed = ded3f3c83c47eb77c9f218ace1e22e4695fd66c1cc69fe9e7f1168f730cb0fa2
+AdditionalInputReseed = 82c1d29b935feaeaeb291097f358d213422d118a137fd25e6297d16527cd708e
+AdditionalInput = 941c1461d93525061b06c753cc8e886cd2126daa06b85f893db47034327674b5
+AdditionalInput = 26afa77144c05ef3c07bffdfb9750d394df1be3ad405e949cc0c775b697e5c64
+ReturnedBits = 67580bc36c551f2c799d54f25b59df9a37b07293b683d832638332829e2aa8930bc51abb28db1733b60476feacdb0b0dd6e80c29b21b74135507eb0e547c8917b9b48d557236b63eae25f56c5bdc215a878e4dda0cbe1206006853ef8559246c4f68b690406f8fa173a45a2cf46b2d2214857b08d00b7a3beee76386f8e26d12
+
+COUNT = 13
+EntropyInput = 4e2c4bea0d3d0ab42f53318a2a654c7d142af8a721e7c22d79c0b64cad4b8c13
+Nonce = e9942208c6caa52f48da86340724631c
+PersonalizationString = 
+EntropyInputReseed = b0419fa1436c74887a4da9c42dd85d6b1efe5069adf5dcfed390168999c82434
+AdditionalInputReseed = 756cf5e3707d82e0956d22f4c95b451678415212f3f95ef70fa9ee94581237cc
+AdditionalInput = 5f8b379a9ef3735d837a0a805b39d251a4e776444cc07cd5ac144fb1f2528e7b
+AdditionalInput = 46659ecefc84e4cddbfdd159aa2c962687e1bc20782a2bd1a85ec70d65e5ee04
+ReturnedBits = b8f162db57229d05b56b9fc355e08ed19a9c0a9a61ff70a79da4cc0037c6ce336c546e618075a4c3fa80d06b7c070dcf42cfed6e4c2c1fcc74a4a0b8af40ef12707f2d9efbdbd629355cdf073e8fb5667f806c78a6cc3a584dff185b5b1d77ceb2b684deb00b3d2ddc2725244e03d331480b66f44ecf0dbbe8660a51cf569fbb
+
+COUNT = 14
+EntropyInput = 1c06eb29f572af310821115f3f57b608f0f224182813cf99c11bc64ea7d7313b
+Nonce = 23256f5c568f1527f8399cb112f8a138
+PersonalizationString = 
+EntropyInputReseed = 6451f80328d7147497573bc48c1f7d018e8e8ae36600183cd480e5bf7597f056
+AdditionalInputReseed = d19b33adb45943d6eb02bdac9a92b4bed7f43c87d1217c86e7e38b0ce535fbc7
+AdditionalInput = c89e7fb1a441e0438a16ea8a33739a99b47be6cbcfb179f9e2c9dadad285e3f0
+AdditionalInput = f73aaac7a3b250f76c09c6b082b0a7e38a82fa467a6a58ad91da6edba8f55afc
+ReturnedBits = abf041573b722b14efeca6912d5df93e9b5d762cbd64829afa3390d6668e47d761b1a799e3b05b670045ded5cf040a95d6dc797bde21ff6272c7fb2ce6b52b1a9d2ca09dddc8a85dc0bd7be02c186b05d119ef6279cac636e275388c82724e6cb99549268e20f2d294fbb88f07827561cb498d4bca57efb475bdce0030ec6902
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 803fc7eafabe56158c73d966204cb3cdc735595000bcd056a0c022791514aa55
+Nonce = 060a0f3900d5f4a288ae9760df85813d
+PersonalizationString = 9ac632293ef7d862d1f299654b9904175ec9879ac43a1028cce0c9439a31c379
+EntropyInputReseed = 0a2e7f9aa526e68b37c81c6b494975fe4c488a02c0930312623ac9b85147698d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2ebdaf63a1b3d4310e01426105c34be99f5bfcf94f577d01dff73403198f51144e5aa79d5528cb2e4265bab42f591c1590b8bec0414cc8a209952e426ef88351bbe041172a7f1f7eb81e1823f6fa858906e6a89f857f2a7021c9b348bc0c9f1daa779e6b1afe2319fe3a6162d2fdc23883dc45db64400eb5a8d7a2376444a099
+
+COUNT = 1
+EntropyInput = 12460c950d9385c8b37a9f82c49d1eafc8ebf617dbff0f091f2f9940e52d6dd4
+Nonce = 35eae10896e9eee913f393c757f109fc
+PersonalizationString = 5c8e05cd8311cbf986a5828a3616a1436df70b25652e47eababc5441743974c8
+EntropyInputReseed = cc0174077d2c210c671cc93ea9febf3165ff63d5493f385828bb5f09fabd3676
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 91a504055e6b652ffc22af49bfc08686771a9c67a07d97e5ae64daacc2cbb629db3ea7c793e1dec1cce74f7500270515e86a0ecd1f3b41af739fc7bb8ba0897e6d4335427e70af6ea9793d56bb35f7f1e05bed102359e1c2499efa731d6234206b1275d45bb659072a722e20d022ff6f59d6f092e0a558df047a11b4bea66834
+
+COUNT = 2
+EntropyInput = ff52088d6472d1791f3641c6d30b6e3f453017fbc895a051de085dc711fd75a8
+Nonce = 1ba09cb3be54a9c2c7dd39896a3beec6
+PersonalizationString = 128adb63d9c02f1d56c2a32b516c794f99baa4abbdd7758d82bafb5df6139461
+EntropyInputReseed = 51003589f885bf5e7461a9bc6c9ceb52f46826d453189fc46ed08f370743e65a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a24388db24678745434e5b41b76685d5bfe89e1200dd87ab92c1a1312b6485e96c4e57ffd9699ff3347b3e0e962b8407e987e5fec1f12e201fcf4ca9ac8aa091a87241ed3d27741ed89838350aac40276539ac481c16c9d69616ab43ae25916d19e51b8b98a226e8ca852e1e3819efb644ab8ee2cb31ff836fea206e9a09a26a
+
+COUNT = 3
+EntropyInput = ea35aede92889fa3c711023e899738a2502860562973ee3c75ec33d9710a106b
+Nonce = 2d42be53a54f298cf47383b27c8ffc89
+PersonalizationString = fba36c00744ab922037fb900a200604acf68d361bd95e36f759bd11e576bdf29
+EntropyInputReseed = 41a830c067ee02cfdf74c8973cb433ccf0c128626c66c6040719e5c9e67b05e3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 00fe7791d0947a30bf1230bfb83557939feb381ce37067ab07a99f1630e24c5bd67128491e39b840332921ced88119f826573de57022e36369c7a11fc180c453f149fdc3972ee5754f8350d9330a9b455e1128e059fb649af280984786051bf158a5022652209e53a10af353f8b210e0884e8ff18b90f4e8ebcb12d9432d9a55
+
+COUNT = 4
+EntropyInput = e92a31edd82c952e8a927e56a4c91ae2c3b48c5c16f34245791fe6db26377f4e
+Nonce = 2cc03ba3f614d860d70bfb83b315d192
+PersonalizationString = e749001e3d910d13576e65ab6f01f0d6802f9c0ec58c01a65f6c96984df872fd
+EntropyInputReseed = a2330629b0b0053f13d17570bc941f747ef0d98c612e8d0c854297326754c17b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 41edb4dc68456acb1d2d1f802d58843bc9346e827c497848c758ca867ac144e723347a5334a8a0b817a7f38a5db10973b57855753acaf302e0cd1b161bd86ab7a2bf39d1279cb2255a47b4e24f49b5b798e3588b30e4e4799ed05d4bef20f1210edb5940ee49b90657a1a7c04d22875f44c2c086447079aebb5ae262d0c4e0ab
+
+COUNT = 5
+EntropyInput = 8bf2d53de988404d7d62a8535ed038e7e21a2b634841d65d4d55f9bd0a9f0847
+Nonce = d93a4637ffecfd0ea66d0a95cbd6e3f1
+PersonalizationString = ea193e6fea5fd0d81ad66a4eaa20b327ce0884eb8906cefce14c2cd0701e6a9f
+EntropyInputReseed = 77cf6d2c3bc08a67453d3456312203ff6d4b4ccbd11f948d5a326cad75a2b84d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8a8e4f2c23f420e018aba894944be09d717329b18b9a5f2b757f3807fe23da8329a37556562af0ccf1fda225e2241c9e290e46be1f9346cc15ce59289f0ea1989aa60d9972204af2a832533f56467bc28b515bcca20ec67938b6e9ef86efaadf506ca38f888b345f2c915d0020019c7580ab6df4fb058e09c29ddd8623b9aba6
+
+COUNT = 6
+EntropyInput = 173bb659d72f18d689ad44092384e62470baa3f51a834e1d86491bb9b8e90619
+Nonce = 2cedc51f0d9f4f61b593ff133a8aeed7
+PersonalizationString = c35688b71247e6048abe72e64b023b085b070ae6c53b8dd82a9ed6262c38c363
+EntropyInputReseed = a3a121994db6d3691da581c684757556ef76e60836474882497fa89a63c3c312
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 316534a17c44e1ac221246a12f3b131b22cc03dfdf095b242bb456d795403e18f38ea746f0735220a39668521d20ac3497c82c2f3591be293369ea63d6a8b716b7ec1041d961d48477c40e353f79bfef961d97850507d7bfffeffeb26ab0c542a6d889a0050764dbc9d2d7a3e9d712228f2c8ed38dda52acd53d238e0210675a
+
+COUNT = 7
+EntropyInput = 5abb86af34b08520ab41d07c810819942ea59c5e73a579955834181788fcd03c
+Nonce = c066b4cf31eb9c6020aa17a5e1148fac
+PersonalizationString = 1a26290963ed0a3c511a256b0b5de7c2ac2de106ce849f795940aaa946a073a3
+EntropyInputReseed = c75c311c7f595057d0fb3ab53509e2104ee2aa8afe271980d538378734a7dc4b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2964d4542db17ce7afad482f4d84994c8b7e00813092d578fe8541c46ef5ac19d2645370f48f983e52a1525f330a9a7d78fc56c4169863b180e74b4e6dcde31d19dc4b5a2f2b5af0455c899291c0ccba8cbeb0d0b13358261349098d154e015a4dde2703b521e6c5ad3bf484d2de3fa2fd6faf059bd94ab6dec90cd2ce5b5eba
+
+COUNT = 8
+EntropyInput = ea0f9e0fb843b629acd1524084244a2f3eb6665f2d3a3a03106437963919d24f
+Nonce = 7a8bb287860d772b23073b501fc78cce
+PersonalizationString = aa42602b8d15ccf5173b2e0a625d98901478e5d7ca251331a13f45b97d2bea8e
+EntropyInputReseed = 202cbc8116d3455084f6cd216a7171285ee89e3db0fc0bd2e2d1dd69e3c5d08a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 95d32d209ccbeb7897e6240e9f0eee52230a1990085fa148db04fe1736841393252d08344568c91f27f3f50c9aae04104b05448d8fdf46068c30943db96546eebe78fabf34496a00de2166b8dfb163456b597ee08b12f303d216895cae627eaf00d37d205a9956da93b071b2a0384e8e2941e8a75cd2a26e7e0b9634b784a7a2
+
+COUNT = 9
+EntropyInput = 5ee8ce2aee2627e865f4e8f2e943bdd8e57388aa8cafc860ac5b4aa37a5a9db6
+Nonce = 1424e610d8e8078f721940dba363627c
+PersonalizationString = 58303f56ea4a614ae3b51874a7e0dbd772848715085de6dddc3dbb55afb50bca
+EntropyInputReseed = d8880643e9a1a57672b0ef5cee76c34d8664d29f9e0edbdf995b0d856d3d2430
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bd3d0ce728c3f762986cea941089e7f485e1d5becd5bcfdfb7449677586b9ab41651cd15a135f69141d156e8056a973310b510f516e6fd29ee9e0b3c63f6d7bece4b435e7ec9e294790737c2f3afe469e6d8423e09f2a5550713fedf9fe74e7316963c2387281828b289a7e3416a82faf741ef749011240861686e6e92d9102e
+
+COUNT = 10
+EntropyInput = c0e632dd2d50b11fcb2bb6ad2e88a88530730c4aa2afb7f2f3fe231829360ef0
+Nonce = ea6c50d022cdd7c1cc928fa3af13a910
+PersonalizationString = 8f9276e10df4215c0df5c52be0c47500d6799b6152a7f965b9166916626912ec
+EntropyInputReseed = 01e6ee1646facc2fe6da6618b42e29c1850b40c0900d940d69ad3f9e2a142118
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 532f85324a90884fd76b22aca71e2196a507c48a1b69c75fe43204bca2abd27b9303ea273e06866590e04e30c0388858e753d7a0617ef13d39937a89bceefa1f93c090a95821dc905ed8aebce71a984275a92b7ad20d5c7d7848479e67b508c4be8e36fbc804951d69a4a324a1db0d0f08caedcad7525c07765064b242626860
+
+COUNT = 11
+EntropyInput = d6d5f9fb504eff45fa5af4431051b4e4e94720a43ace680951db5eb9f2a02c01
+Nonce = e07db4baec9bc979921e35f35429b629
+PersonalizationString = 0c91279bb5c63f0810f71b535db9f5f52b57ea9053fbc097e738571c5a8dbc4e
+EntropyInputReseed = 9ba2986819ccc3c510dca6498bf6613de1187666f9582dd174b8b1d64ded0a1e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 45b13893cbe4549bb83cca22d3113bc58fff4f7e302e937a8ed5bbe6e7e7aae97dcc8d660461ad75a884be79ef2d3a0df1a4fc11d76e7955aaa616c900ad11b498f91f2ebed69e405e4b6fa3c48a0a83ab2cea5f0449b3238df5b2e10aae496a74e5ee71d2a2f7309b8d5491bf2b29ae03404c3fe75fe2f5e249b05e921a5093
+
+COUNT = 12
+EntropyInput = 378f0fbc16669599925091c1dda19c197a5005f0b3db07129369aadc4cde9585
+Nonce = 8ed8e0a9711d4808cfb758262ece9dd3
+PersonalizationString = 37002959ed2fa7370a1beab5308e90a37c2e76640bd6e776b57015c656eeb84a
+EntropyInputReseed = dc8f4b2ab7f46b6e75cf085f9a6842259d608f3ddb60f09abf873d37aa3e3c4e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b510fb1e5c94aadfc76f94219f6f6750521d819749e14e21385745be7726ffd25c7140c5ed2f0f7a201b5e2e39b6b5d5c375accbf8f569a475a3460337c6bd00c529f702bc5cae2a057f43d1f5622c66b837537143f835e26b9b68e8f09c4882eafbcdab56bcdd9f63b2cc62e1025f5746dad2d09408f28ea52b129fcf8d01ea
+
+COUNT = 13
+EntropyInput = dcd9547a1a40e08dd1350b602cc28a55a12da14aa6339f81b768f5441da6850d
+Nonce = c19afd043b1972be1c34db1fde9cf2ec
+PersonalizationString = b30ffd1d5752927b916ac4e25972e799e6255f3317a539ba24b6ba27c6fbc41e
+EntropyInputReseed = 40589bb316fa7e9bcd4c5a585aef3ce8086275e8089a4d8383edb984e8d9a9cf
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1b644b3d36511c3e2339a11158dab5e3b3b60b3c9bdea6471e3599605c93d5e2c40803ef75c80f90bdf04201e132f92599181b28a2880897f3901b5938c158da0f10a5df61c22d2a0b03bbbcec49018c059078cabe5d92da9a7d0d2d66147211870170d492c013914ec02c423a57039c4a1399ad59dcb50299e81e1b9aa9b8e1
+
+COUNT = 14
+EntropyInput = 72a5af6e8390bece748514d4deb0f0faf29f39f943dacb9c3c7c514692c9b526
+Nonce = a99b14d092d229af65054a511096b78c
+PersonalizationString = 343aef89d09a208c32db3bf7691192c7fb510ab85d308490fe0bd2bf1355f2cc
+EntropyInputReseed = 403ef914057620b24362c9e8f44672a2f345ad44db353b267eadf34460b2ba76
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a8455ab8576b4ca4167a8f675e0868a27515daa7adaaf7e9feb5f03fcae864f7c55e191bc18c702cb65ca8086fb32afaa6f6901dd4ab953ade8817a9a7ce861ee644f0124231e13f49b2649e834c23fa0f13c83acd9de89c562664920b6afb945ab6471f70fb4a502efc7fea19b446e15f5a28c0794f7689cb315032736785ef
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 63d1892690f6f127374b74506b919a7d4ff8a89eb57513d5928b68d464fcff4b
+Nonce = 15ad942c57d09dcc3a8b852d6071138b
+PersonalizationString = 6c491832189a5d63565c3c9c078ac065a073e6faa35cb8e8d4d5e5778cce7452
+EntropyInputReseed = e8c45a0084ceeb4c50c216c95770124f718ca7018bc27807ce08e5198e292b1b
+AdditionalInputReseed = d5a5e2f5e164d6d9f1b334083f621d7e2dca78ef8bd53c4015dd5d1b428c8d74
+AdditionalInput = f3e5e9c69db47bee42527dfe55ad26380694fc1ad73428f2298684f8fecd6141
+AdditionalInput = dab0e3ca49e5d6f5344b8baa840545ec5aa86c9ff165d7cfffaa222483e81f18
+ReturnedBits = ee0611a32c60439ddbe2fb23ba3ad4de78ef8d7173f40481cde15207b1270281c86765a63e3f908d3b13ec73f14d80ebdc02144e86af0e99e3ed47113cb1794ad8db19efb290b4a724daf96eaf14023ffea31cdb7dae0574573470d69ce67a53b330bffc3208920549f7b1d348c198e28aaf1a83cb86d8a43adcf5c5cbe1c401
+
+COUNT = 1
+EntropyInput = 4a67a08d67856c40db7b517e9616e5f835fda708c6d7ca7944857d436f017b88
+Nonce = 523f99483ae2a1b8c575a512aae71bf6
+PersonalizationString = d6183ea223c11a33c8b8570ca685bd1d9a0a95209158340aabcf23db886b49bd
+EntropyInputReseed = e500dab42963b7d1f841e73b8bc0dfdc39949355678e726e15d6e9220b131be7
+AdditionalInputReseed = 953ced23d0defcc1c5b2af94ecd93c7a60b491975cd40df1b386ddd6f5f0805f
+AdditionalInput = 56b836ff95b52bda328033f1a61cce3b17adfde7c867aa841f720c3e46e27e49
+AdditionalInput = 6264ee957398b2f71ffa04041218be9093d67efb530ac030779f179ab2d62c09
+ReturnedBits = cd959453e19533efe527bb6998303241c0f7be93d565cb5d5af41dd40f4de1c627bba290b349a13a8f8373c8b1c2f7836f3c54820eb97de7fff57a093c668b20249ae2a01dee01fab54021f45a80163c251034e2c9e4b5a17c064e902dd6888ffb8e84ae1cc86c722b160a20c3f617016faf831e4ac422cca8c798bdc985e03d
+
+COUNT = 2
+EntropyInput = 7321e3d77840380efcc17712e0ffc55774df7b258251cb10346333ce022aebbb
+Nonce = 3b8b3fce2549048f889330c0c843cfdd
+PersonalizationString = adcaf50503c0fa0f59220f0bbb1e807c0aff5a36d096693a9c70b903c22e85a1
+EntropyInputReseed = 44294b9a4034a99b7edd3e76c8970d8fac05cbcf1d989f40d684b85455f3bb01
+AdditionalInputReseed = e37b8b2b651d96f2e0590fcf1d311b41ee218491b3fd2d3a7f6899c6ab4e32b5
+AdditionalInput = 139a7d2495c3f50023cdc0edf0f910063adf17c76beb8b63497ebc14cb3c2d11
+AdditionalInput = 418b07a91628f5fbaa010f375265c0288e040f1a89aa297796d7eaba0c5f2ad9
+ReturnedBits = 9f0213fbcd2ed0f6ae2612c96d8f23f96fe10e628950054d502ec6844f9ece3df52ac8d6a6bccd8d7f286195df4d02ba9be3874dd45601fbac9d913105086803170925048d6acf04558348b87f0d19e6ddd2166a6cea02cc34e83568e643b59c55e9dfb08369c786e5a0d36078e4d9ede786b98b37c80dfd5cf34a59aff46e8b
+
+COUNT = 3
+EntropyInput = 62db24cd7b875d9d2782c3666c6e088801b32cc61f64ed23a6bd1e831b416019
+Nonce = e5035ce750d03b35556d0f21d310a2b2
+PersonalizationString = 5f97b854c64442dbac3a4181f897a8f6e8e34488f9d96f05d7282e7ac0aa04d8
+EntropyInputReseed = 5d796e440c3db48cdc2d68f7e279ad196f71fdbcb4ea6a894041f0bb2b9a98f7
+AdditionalInputReseed = 68b1e21ff4813a21a88e68bce4ba8d8cd0a861453fac7d376d1656ce5fb25e40
+AdditionalInput = 884abd9f1abefc5265c151f8a81084fbd359716321e1408c056ef7a6815e3917
+AdditionalInput = ffa2697d2e879e72c4cd10850449a009e03544f0f491b90179ff493eeeed142a
+ReturnedBits = 9121c3f4d45fe857f5720140758ec43f4bc83de16945d20e20a92b182aeb1214ce3a6a13cf20c041983deb680fa1a2df08299576f1e0709a4f0e980ac992e8aaa20cbb27e46fdc2a52b46b0499b48ab402663b6d749e3b846c54d53d6d6c4e6899c3a0034a3d101f9bfef5667b0939060d3018987e395480002701467e6494fb
+
+COUNT = 4
+EntropyInput = 1f9e4ed427f4f038838e50d5853aa62c4ddcb2ad5962223a145479bce3335816
+Nonce = da045697275667cf889efc5792ff4974
+PersonalizationString = 7472be3f4ce2bb29d08f5e31eb0f39bd543f24b35648b6ec0a98b691d8a55a2b
+EntropyInputReseed = 7215e83e600420cf08971e73a4cc1889d6fa5f9f7fef65851eceb87e6d219fcc
+AdditionalInputReseed = efb6497181bab18fbb2577cd24b23a3659dbfbce3d16c7258296eeafaa3c31bb
+AdditionalInput = b3af9562ef394542700cdd810638c853c1c574f823b1da4b243199c8f0c29617
+AdditionalInput = c3c39d58332fa71fc6b53b0eb6ebfeacf5449ff65cf2823f741a73b50ab9ec8a
+ReturnedBits = 639ef04b9baf12659d7ae6310553eb97bc9a65b279a230867f10275e614d9ac73ad94651c550686a87ee9ffb84553b3262904f24199bd64812c193db3cc268ba55e3f481528c7d1f6efe2876c4c22b7c86d4db01a1f41001255dc6dbb2374f8ee84d192c6dd5bc1af4fad95110833f1fb720fe32a2e78f727642508818d52dde
+
+COUNT = 5
+EntropyInput = 7a43f6c5d6aee5565f62c60dd2faf0833c073395b6c3cca86ab73d57d55c7538
+Nonce = c97801f0813234d7aa019dfab00af8ec
+PersonalizationString = b5a221c25386074aaa9e71ceff8f39317cfd5c121b8660cd35b730cf32fae3ec
+EntropyInputReseed = d5930a2362e16704bedba8a8d57794e4d9ea2a093550fb05b75a41768645c9cc
+AdditionalInputReseed = 94ad9691f73dff5cf3e626d0d6ecc972b02bb1b51ebe29330ce1662f2067bc25
+AdditionalInput = 7342d7d91e1737d24a0e027e49edcd9b18b0a60e433a190bc702a8b6789a1d7f
+AdditionalInput = 6e311ee704202e8411673101d8045aae2ffd6e9743c1d5647d0d940cbeb0f31f
+ReturnedBits = 44270d9317c9ed296aab1c35a9bae5a9c509b4913294eec111096364f755bea59e4b665b364efdd26361145d5e6c17d3964062e6b810353c3bfbb7583cbcd0c4f6555ed15eadd90339f19e78b733c4e88119b69854dfd953dc0551cf0efd604b19c6531ea3f787e2f6e398f32faa8034451e0982591edfee268bf032063e4509
+
+COUNT = 6
+EntropyInput = 785517a1a51d1eca95862e71945f3d27eb3f316e5cdcac13127e21cf02effc4b
+Nonce = 1059e07eca4a00d62738c3c352fdda95
+PersonalizationString = 6f327bcc5a700eb4d01aedf716b6727fe04bff724bbe43aacf05d8c28d9abf8e
+EntropyInputReseed = ddcf3809781cbc525b138cbc925595df5abbc2d658875447a24be356848f94ec
+AdditionalInputReseed = 8f68c6713ba4f97657439458e8e36803501fc865d2e7c2440857fe75dc593bf0
+AdditionalInput = 0f954b11f30781e52e3dec4e1113fd17a69b6887555b29ffd327113c91c7ab36
+AdditionalInput = a55074092efd3e2c5f0b03ca7a03c6c78067a31a505879c3f648093bd9ac593d
+ReturnedBits = f0c0fc0dcf2cff03b800252515da524c23fd2c3d1200fb9dc8515c06d9188f3dff25aa9943f8a09c754826851a375c540117b552fe487d30716f3465ef35f1e5a6cc85bbfecb1481c49344e512d4d6960ef6d92891a7435148faf846966d06c713fa7ee4fa399ef91acf83780337e26beed3b5d5187b0fc0fa49d4d9031b7adf
+
+COUNT = 7
+EntropyInput = 309c1c36177539cf953d95c7d3281f4150c01bf45caf4a47e0af411aeff5c4d0
+Nonce = f8e2ac4f29949b19eda337097d7b9269
+PersonalizationString = f69a9c5a51039e72a55f50b073bd1ed0bd650ae9af968dc87b22c4d560fcb997
+EntropyInputReseed = 9c014b7f3bc223a29e7ee5b1494b93a3aa9a4c03be255b6ae1b8d1d2773ce3aa
+AdditionalInputReseed = 2120b02f63375772358c06122157fc62655f41e9d7317f29c9cf5602da20bc4f
+AdditionalInput = ead67f926da5a2abab8ddf1a1b6fbad52f15be47bc74bb3c41ce1b6621cf75a4
+AdditionalInput = e2816ac4f3ea4975668509fe712b334ab98d2ec2c7b14077ee18656b4f513db9
+ReturnedBits = 5dec5f796216ba70accaadc248d1c4728d9803f5e2c5ce0466dc2acd16f4dc5f289b0ac619bea866fbfa6539958c815b8a7efe3f422fbdffe7a31dc9bf4ece2972f2e221d8df0dc247fe31f7a3f4a48676b641d19afad1cb76a3b5f6f82fb81e700bae40ce0ff9392bea6e909030b6fdadae2adcae879bfb981026da6b0b1406
+
+COUNT = 8
+EntropyInput = 25c4bc11c769d257ede0517a76f235ea2f5fd3cd3f93ac9e10e28c02ce7aaec4
+Nonce = 86282c6c5c5e173eb7626db398582f49
+PersonalizationString = 3fc182c51817c0ec3a6bb96508ea497188f5bb6a1cbc5f021c11dcf7e497414f
+EntropyInputReseed = 5a1c91efc9efbad78506793944a4b6559c9701874d5e3d0ed01d42604d7da232
+AdditionalInputReseed = 7b4da2fdbe33a8b42330cf12e16f0e24007904ec3167f7f2a1df7865e1174ccc
+AdditionalInput = 49e59f65aa6224f65258523bbd58803d5e4c159adaf4dd0a2d2593161137fc96
+AdditionalInput = 41c1f9a9ff111b140c311493fd9ee5e3852bbf250b6df4c8fb6d932407c67880
+ReturnedBits = c298ab851dce30bf80e8179c78a8ddbb30dcecf6340b8e53d29f899452c89e8e9c69e188eec931c7ba8c254239576cfaeaa092df4bb10138192d76b76643f81f4f57370760fe7711a027b4636a8de51e9b1db90b157b7b3b21696b3055c8d82283e922ad8fee9f82443012557bf18e99b7599d1f5c6eef7bff9ddc3ebba3a2dd
+
+COUNT = 9
+EntropyInput = 9906b88532caecebbe77708daeabea9473c97c694b0ad8cbb757dc298606a6ec
+Nonce = d43585e416901598a94d3aaf53a248c4
+PersonalizationString = 800ea23ea4e741e490d14c901fb75425945eec932c194fc048dfffe92f86f5f4
+EntropyInputReseed = 1b285e2b5ecbf0fb7cabbb618b3334582b25158e6bc8c27fd75ca86adcf8ca65
+AdditionalInputReseed = 5740cfa51134541369af1fb014d6bd9f93ac40d595567f949898f5090e58b717
+AdditionalInput = 7750bb23fc678f04822a2f18f863c08542487025a191fadb88f2764d4e3a2586
+AdditionalInput = 04c7ed02c3d0660e2e6f5344d9abe4f334e309c7ea5a3202357461a0ca630c30
+ReturnedBits = 9ba9f9fc41c5ff92f8af68937b130aac4d69305b936d14396b0f6f6dd3fcc20b064456878f7082f7662983dd241c7108cce3d69f85989e88dc4b5318f2e4fadc251254f51ecbc3cd77e299bdb5a8863723d87ee9f400d8a02672b00f964b5e16874c17e98efe67ab9922acb80edf32a052792ad281c8cc96798b60ac8ba9a9d4
+
+COUNT = 10
+EntropyInput = 924d92703f5e8c563d215989858e68bae0f16290b224cbeb9d99d58c514bbed2
+Nonce = 945abf547fe67db36c01572679a22686
+PersonalizationString = ec8fe188a93cbba2fa3de8b947894739b52414b837b9b6172ba71edb36fe9841
+EntropyInputReseed = 435a3e000f5addd324c79f7739fac0d534c4b841a59ab96369888798469623dd
+AdditionalInputReseed = 845a5b22ecd8296a031ab03dc29f34b7212ead472a9642473b2e25970b5aeb73
+AdditionalInput = 37cd18968960ac1f9d91a8ed5620eb8c46e0770c8b9ef9be77563519f628c313
+AdditionalInput = fe44fda12447144204b690218f7c3aca8379a467b322f046184d3d18dd2eea54
+ReturnedBits = dd4346d83e2fcebc70dc0874868af522387e48bf7184e5c4de661f554c301c954e1a3bbcd38c09171e2d1e9be19f02fb0f3cf37ceedd82f6e2f2c2443bf05a5e45942220f3123ace07c8ed229ea01578b2fd93fd97229322c8d43a1a882853fac361d778a9aa28ab07c7c9c0b3fe06db985b377ac06c568984c0d23812d0e6ec
+
+COUNT = 11
+EntropyInput = ecb139988c862c399e816557c1d26dc15a1ae211a18d958a3893d0e6867743b4
+Nonce = acf7a4a06fe5515a09aa3e3aad3b7373
+PersonalizationString = 2989b07dc369419f91985213ecb7e3aff54f5e1e6038dcf37c96bc2bbba8d6d4
+EntropyInputReseed = dc338f742df145715c613c8c20ac9b9d92f0dee14dbf8e1eaabccba2a00118d7
+AdditionalInputReseed = 47de7d1880052ca8857dedac2e5520e58f7a11d8733cd0107ae2ecd1f9f02e02
+AdditionalInput = 89428866830c50836c48cdff230831057a0a7df6d94bfc3237d0d571e1aeb36f
+AdditionalInput = 055c2ebae240a9d0c7cea8781e878cca7ec4e2e90492944bef3e939db293b012
+ReturnedBits = 845b0a7f95a7cb195daf0cc05eda1522a38dc4efd18ee79e28eaca21dabe413c446f3ad2e4f44b48865b3625d0230184c92ff2f30bd17c77c79c75e627f4996251725d961b1128f3e3a088a3a3930fa9a8fed6cfd392cee0927d0e932accaa155a7c5b5fec38f1ca46e6c6de2235a75db9d9cad6b803df59ca5377fc148b671c
+
+COUNT = 12
+EntropyInput = f3d185a0363128da8ad2a52fbe21ea51c60d23e2f592443ad54ca59979e7fefe
+Nonce = adc21dc3fd5706aa721f45e8b3aea531
+PersonalizationString = ced35144ff2e4cbf9e0f0f4dad6f2c24d0be27f1251ead78e6a1c8fbcc609094
+EntropyInputReseed = 3761b0a8cdf6cd0021d4d46cca15d0b7b9dd814a21977a2956975113c73dd2f4
+AdditionalInputReseed = f6ed93f20e9a8bf87d8ec70f6f1391ffe32a2b518e7d2784c8cfad2f270a11c1
+AdditionalInput = 84dc6e8143e07250ffee1de4497467564fe3c6b5eb996a4b185a7ba5090691dc
+AdditionalInput = 76b36611ae1606c1790e275e1ac59198637c4a5f90a73dd4ad7d4511755206bb
+ReturnedBits = 0aedf11df9c858d3451ff6f634fd6aedc9e334949588a0a6d1d74c4e973ff0f9f251ca2e8620db1e461bce3a84c5f98afc1dd93dabf3acd5b43c0dc73b85512e603e61faa47af80a170298e39693ec85a5f706666ac17bd6df73d88028b36f19b9ea29ba95ba4b3f22d8bb3c0deb05ca1086bdb617ed8a1abc10420757462dac
+
+COUNT = 13
+EntropyInput = c55f13235acc38435e9c5fcb0112f5f9a2ab2db6b5bb358c0df7d4364a3bb5af
+Nonce = 7bb571aa0602ace26ced3dd6f22547ae
+PersonalizationString = 8c5290a7d55d271ecbb703eab7ef67faa4ad286abc1195ee8a6a9c8ad5be2446
+EntropyInputReseed = e20cf0e468e7f545cbefd0f581131097c06062446353ae5805751fc7c450852e
+AdditionalInputReseed = b8d6b8c2f77b5f84506eacee14b4687fb970c7e597f8cb37dd587e74240a442f
+AdditionalInput = 28f83e27ac60d50883de843769b50a5fd425891a1ec2fbfef00849d9b7c9804d
+AdditionalInput = 6db48fa278145140261ba1001c4a93b07cc74eaf6a525d7032e9cac1e8ef8ca5
+ReturnedBits = e2c2f0142db7775c20ba08caf3cc5d014a69237c60e29822d3b95ae6cd9ba8f6dc57a4233d298c667a01fa46061b508cf1a0888af04ed996d10a9261ad982e242dc9d009c88e109182b95f5212d62eb41c2dea56be313e3027286f27975cc3f881496f5d00c35a4d70b429892e6d9ac107dd7667b26c106cf4213aa98fa850ac
+
+COUNT = 14
+EntropyInput = bc5b8d1517b6eacae26589203e0e9ae349e34f346c63858dabfeeafad7dfb12b
+Nonce = 5d8875c42bb320337967fb9baa1ec500
+PersonalizationString = 07a069c2e4e5fb4752750caa90684eadd5e3a747aca86d10c07cac97d4ffa47d
+EntropyInputReseed = c84dd873d76a7742232a9136cc5126ef6fcfc3e59152670d1624eef097d4e290
+AdditionalInputReseed = 378d28289e8757b2ebb6598846443e6ef7f49a0b4dd458f3ade9c34156a8b08b
+AdditionalInput = 25bb43ac515048cf995fc9184b62a8fe2629451007811867683c5815743efa7a
+AdditionalInput = 83ea415166fe870dcd2f0fcda41b955f39ba96df50e40fb7de3a433f4e071250
+ReturnedBits = 546d74204c4b37d20d723143852121c7b7ba5affe13fbb5ae34908b00013776d6efa371062912c152261059f2ccf9231540a47ddc8853e29a2b816089fa12954346ba2d3732d9f7a39bf0d7a27865bc0aa5ee9934d4ded4e6fbc5f95a86a437a21f7635d78bfbfad491a4723b215eaefd9a160f0e81744632280b5d5cade4eb4
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 55f8e9e659f8570606a22404e520546435439272187a8a4f89a4fc5e24d34db5
+Nonce = f3834594c1251b36dd02fc5929236d7b
+PersonalizationString = 
+EntropyInputReseed = 286e19ee192b8c39788b218ded60e68151749369fe5fadf494d5972d8979a0d9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc2a08be3e98f5603309622e764544e78de59c4be74cdc55ff31e4c7f87332f7b90dd950ca27e200f112cb4ef4d4e2bbfe6165e7e7f3f34da62c81002b5f9ec4b09d3c2cf5f0674091ce70a6b50283c3109fc26ea0c001d787d42777719e37feaf8b3f2600a75dd944caf1dd09b5664c8cc73b23489e68f862539d71d871a8d8
+
+COUNT = 1
+EntropyInput = b0c064afe88ed86bdb310777b98410e5af389fbf00ac554abe4b567ebd18a227
+Nonce = 7106f2a36640ccfac71e7cf1042fed2f
+PersonalizationString = 
+EntropyInputReseed = 9fdf5ccf8e8f0d6f1e818f181c1dde55586ebfa7d970e5c734aa6b2a845240e4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ecd1bc17266fbe2a55518ba0ddb006e0b1c7e6b8276295f2d0c81fcbc7d4ae42ea59bbde0dcee9458b4f8bfadd3f170eac2553ebff8dda92d3974edaf97164a57e72ca3304c001d56ee5e07a55391cd2bf184d54db42848a37da261aec541c2d7146c980cc3dd38bbaf43b09bf3c02041dd8c76adc1438d4f379101d8deabced
+
+COUNT = 2
+EntropyInput = b7fa2264ae7a375afaae68af6a6d25b772c70f266123623ec65b84b91708ac4c
+Nonce = 92e357d901d89b3ad35b6a218e1bd2bc
+PersonalizationString = 
+EntropyInputReseed = 5d658330262c2ca399389c21c461aae4b75eae5e6e083177a63f3256f8ed1516
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 02dcb2091f03eb35fc54c37864e70ddf10405a4d73edd220ccaf9061b9f31e87e85b0a3ba1bae84e3bf5ed8d8b6948a362d2e6cc76dacad952943d64813769305e30389e6cb420c8cb482d9258a5edff4d7e80d9f9b7b0d0123a31c3be7b863fb79e8e4df5d55a7063270b61e9a9d106c71e5d9f41017b5ee4483387a6d33ddc
+
+COUNT = 3
+EntropyInput = 15163dcd9ac72154f7124d3aeb4dbcbc236938dbc541674e9b506c85bfbc6d03
+Nonce = 19cc38bbad5672d29f03392e028e3bb1
+PersonalizationString = 
+EntropyInputReseed = d7e8588e42992e580f54d012be117d75d4b114e51e8f2f96557d429bc52095e1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bcca7c876655ff1e159ec7931dc6f21e9cc61839dab75b5f91ef606c29b99a7c30fcf693f7886f28b953f7aefd2d17644e50631a809841869664ae6128cad5eea3659c3b97942d290f2525aeed4b2ad1958fa6ffbf0aee49a4245e4efd51bebf843b4dfc076fe3ba3db4ad48e091d2cd43d173879dd6d01e329cc5a7031728ec
+
+COUNT = 4
+EntropyInput = 3176da18327fc42dca68ff3deedc2846a8925523698cb87c86d8fe6b94b78807
+Nonce = 226a7ea014b092a00ee51cf6789cdaa6
+PersonalizationString = 
+EntropyInputReseed = b79ee0d4016ab5a1fc3130d0943a1d7bc8950d22ef98dbb30fe2824e78e1c855
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 690890ad2e91ffc67df44bab33e9c3443411580fe1de3b6ddc7cb42ca05a931fa356c889073aabb3f091e910095ba0ff0a72fdd8dad1b557905783d46b5fc1a60476ec3078c64963f51353556370ddf3496acc13cb2c9c489289371476dbcfad4a948770b48e97abcb5a7cc537cac0a7f8056fe95e1e3ff3375e82d079b495e2
+
+COUNT = 5
+EntropyInput = 1a29ef3b1822b6329af233fc2b78d879b000602a5e2ac08f124ae664d0d36322
+Nonce = bc0165c7b800ee3174122d73409baa8b
+PersonalizationString = 
+EntropyInputReseed = 7bd6404383f2c690246383b82eefc0edb937f04dbcbaa489cffda5f168710b2f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1d91ba51f2b745094f784a6c6cf317c3e5006b31fab49a54d6618fd62041f7dbc2f0083839e197d305e817bd80820275418e8b7df9d929ea48d60de332c1cb7b4bd361e9053b29a995eabc42f01a55c764d82ad88af4eb3f24e34ecaa9c8a49a6bb3f93a0fa5f595320a17638e287fc40e4c87293036bd0d38ab1c0574771b99
+
+COUNT = 6
+EntropyInput = 701424ea03ccfef83255e1f4893f67d3df604ae6b0b58269420ba63a292c6b63
+Nonce = 742d0cab6195c0da7246f3817bd12de8
+PersonalizationString = 
+EntropyInputReseed = 6fb174625138cfa4768acf7e610175fcbd9abeaa99400f9f417539794922842f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6dfc046689958930118a069d1d4a836877667dba833deede8046114dbb5ca16cb34fe841a5992d3d35d663d6326a972b10bc8682bcd95e8d1f803756a1189df8512f4a6272be6afd31256160ba83ead766c2e38810419e351e5c634d68ec0cfaba217e629b008c9b22fce7d598a74b1ed97eca85cef93422e35ad44e3e942a78
+
+COUNT = 7
+EntropyInput = d48e66efe115f39b06b649bda8f5bc0f6aa32e2a3ce9fe42edceb237ee382284
+Nonce = f85fbb0a5e5294ca9cc1450712fd5f31
+PersonalizationString = 
+EntropyInputReseed = 09cfb70004427f5cb0aba01eb9834eb9c9e3f4ac1964e68d029dabe352a9fc91
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = da5584af445626e298e822e8be9c7e990f86b14b62c5854a1220f115450e412a05a354ee9488c774147f333797f32e88d7473fe9017289b00a8d6b9557e29c1d176b374bb7f84bc878e708819622fc177498fecd0116308e7479b88c25d80995411834bcf1133a455e4c937d47da1090b3137b556c07273851a7fbb8a028d9a3
+
+COUNT = 8
+EntropyInput = 046f6c6c527e50e4429ebc431c2e8efcc76895af2b27ec372090a9cf2074338d
+Nonce = 707aab08c0f7ff0ae84e823d4450f6fe
+PersonalizationString = 
+EntropyInputReseed = 16b4a829ebd20c7aeb53b918ba7061554bba926e300a7d124988ef13a5ec3e82
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2ecdbff5cf0fbe2b4265154de701f331a5dba59d7a6946131021159cedf3b86f8bab98a1977dc4c3cafc064cd6f823bbb8bce2c75ffcef56a571c9d66bb2c1be3229fcda4d42a8ca4677427d3a84ad2fe70b96b990606db364a7faf5b58dab837d0b7280312fd2443560d1a03325b5204b11dd6c8b2ac82536546182eaf697d6
+
+COUNT = 9
+EntropyInput = 6a94808824a33ee1c57918af7e605092b9f60021b0fd1ea6f21f98936e639daa
+Nonce = 86b1b04f417359b64afd8dab7f4b3460
+PersonalizationString = 
+EntropyInputReseed = 90e756b94f2096f495d69de62333c1b6627aa727cb6aa082e0c049e213412003
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 709e32e79e35d4390c5447da27f475e32e9de42b43b493583ac4bf78b00ec19086126a5875de25ca1d148ba58be45ef4886f7e3b071722d2e8cf296bf436d5de0bd8115199c6a0e92488d91b96082afa40998865a17085112c09f58aa1d2c495009560512d237b46d686a18ef14d6a4d6f5c562fd6c3e7da627694bda69dbf7b
+
+COUNT = 10
+EntropyInput = 8e6c9dea6be300cbf771c6c97581599083e50852bea5639384d2edccc939b5fa
+Nonce = 8daec979f91f11205152d66231e48b25
+PersonalizationString = 
+EntropyInputReseed = 4fa5541122ec689bb7b10c18111124160eb8540d39cb5bd47c45a2b653381436
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 312ad3c7972040633255660db79950a87cfdb5ab803142cb6332de5dae9d7ea85d96137411848f8a2ed0ef764d4028a9e315a536dd0b6ea516e5729b1e91ebae7284d247f7cbd1a8efdd1d9031b8471917ec5b31ee1b3532c72d132869067524ee30fcada919f7b2430f68d5ec56ae2496e04bcfff99142fac337c8238ef899a
+
+COUNT = 11
+EntropyInput = 37eb159e6444a5451c9e444938994af56830937957d761376c24087a11720ce1
+Nonce = 2b46c95eb9622015e6c19b25351476df
+PersonalizationString = 
+EntropyInputReseed = 45b517412d87817d8f31e66db28a7fc50fa0428cc2fdf60d221f0e72de974215
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c665319561afb904a3f34f1668f5393818d76a8ee61e3ceaf984d5a8364ddd45e80abde815f555468e009ac691b2015e2c3d4f14de2390a996a339e3a0a2798e34226796ad0e967700ad65193e914e15f6c21605161e7e9d45de4001c394263e52574ba3284c0660855f0ecde1bc6bdbf83ca930b4b62ee347ca5903cdb9b97e
+
+COUNT = 12
+EntropyInput = aaa659ff918e1868a8ef03e40d13d88ebb1d482fe155a830aa8e8cb5c55e7214
+Nonce = 98b64510942e299f935e803c1cbee4a5
+PersonalizationString = 
+EntropyInputReseed = 2823c143f33e9cbb47a8529b6165ee683f18e52094cf74706b8c1be07bd7c318
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a2368069f440f45385d4dd1b309dba5a0b6d6cec363aab9f08ae0a205b03cb6dc83f082099c576fe50b1b23749c04eaf1ab0122f43ff025e6c7748f23d8eea0488509400f45c12976ea2d452451640ac00d3c158c62ae9b9eb35f994b14f0997841de5a265bf522823c3429214135825d8c956e96c2cac2025d6f64c799b01df
+
+COUNT = 13
+EntropyInput = e4b473f001c9d5dd28040e9deb8c3d3cc54607f8eb0e55db51ebc32fbe06cba5
+Nonce = fda15d14c96dad84ce4b92e2860e7686
+PersonalizationString = 
+EntropyInputReseed = 474299492cae38fac3bfc58110c873d7b5363c7044c80eb545b95d9d1f11fbd5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 443f740bff85363d81c026ec0fd22dceeaa092490b65527da7f519c0d600a983039359ca27fa2ce30592c632ab0fc1f1cd736f665db8f6f2c23b196bf28c9a6bd2ae37d921aa97bb1971c8293a9d2eb9d82e583890d450521c48d3f63c3aa92fd5486ddac2b881c496dce784d0a33ad247fdb25e484ddd68d2eb45fb3786689e
+
+COUNT = 14
+EntropyInput = 49b6aeb0db302ee8127d192659c9d7e0298b3aff6a0d1ecb6cce8fa2368170ba
+Nonce = 98b32c10ff894722c5c63a664ac7b982
+PersonalizationString = 
+EntropyInputReseed = e856e4f2091f9a096e455499e043017a968217f220d239955483c83beeb48a8c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 86fbe0abe9fa81adfb72be061c7053a1046e71951b26fa13e7046b8d4d5d698a651ded01658fe1e84746efd98d98ea554813e1f5391bbad9f5b3fb11a27c6a945687f55022448bdd72f63ff9347ae991ee259f18ffd5c3c79d2bb1c976482819b5dff02fb17643b40a9a0895cb4fe531112f6bd32e68ecc279be451b5f440ef8
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = b6ede63ef581505bea11f5f75c13b3d569200f526aff3a4e88466311e120f315
+Nonce = f8c413d038c907c5c366f47a6a514d20
+PersonalizationString = 
+EntropyInputReseed = 95189ffedbf83701c64dfe8754b8583363d196cca19b03e8043e53152949026d
+AdditionalInputReseed = 8d5f68e3bc90d659af580cd80ecee8f43c20e92c4aac675758a0bfbb4cbc5736
+AdditionalInput = 835eb2664747d9341ee2c9f0abcc6a8fb528e9d556e9a60d8f0d24a63d582ea6
+AdditionalInput = a553a538598ff314506c5c9efd4ca793b0a59a46b7e0568e1c7a89e305c40683
+ReturnedBits = 8a64e644273c9040d299ec412704f6474e0fe49c58cc301808595e36134a06e58d3141037fb6b0fa2b43f2484debc331fcb4d38f85a79fd6e5a4f9e5b3d369407dc5fbd86a88a2a623b49deada25a11b280414ada01ef0354e7f6ac0a42e14041f87d4178a619483af123e7d5a6398690711b05c81a7e6b4a39f6028cdeaff66
+
+COUNT = 1
+EntropyInput = c7e26f40a23ed69058205fad48b8899b8db2c1e52c4741807f246eb6661062e1
+Nonce = be162f5be78fcc41759a2417b685cb60
+PersonalizationString = 
+EntropyInputReseed = 94e0710cd576266b065f759340fa2366a3a42c9b91d5ecaaa830c6c76fbbb2ab
+AdditionalInputReseed = 172e9c98af1c64332eb624566c715e2010d7f4440f9aa0b5d03a6286e3fdee8b
+AdditionalInput = e19354fbb0c8c3fe829436ca094dcfe1c0673e10dedb116cbc2e38837af72f76
+AdditionalInput = 1ba7552c92593eb202d88bfa9b4853621711fcfcac22ce3fb4c7c293632fd56f
+ReturnedBits = e765f8bf9b893519792ac364f75f91582bb8dd02f5a3b6174d10982ceb8abec07cac35e70c914ff66ed594572fcc775826deb38b4833bdc1deee7852a2a6deeaab8ecec42001775246345a39b520cdf744f55c8c280209df5a32599486d8f1625dce35af70cbedf6ed02fe42a818903238e371a3620af749db985b53a6879709
+
+COUNT = 2
+EntropyInput = 88ccf7018bec7a7878c38a61c7377c9fa5b4b686df9298b0d92cf082145e2a3e
+Nonce = d6bc90476604a0792fc40b0caecd2bce
+PersonalizationString = 
+EntropyInputReseed = d4423e75c53582f29316af1676a448596e7d188406e9d6a255d7d13540be548d
+AdditionalInputReseed = 044f90c251625c87d84cc504bd0fbb0c1ceeb0031e25f2246381ffa4026c0b23
+AdditionalInput = 74fa3ad4e976f9a1fd9d154598ca7c7c49ca77e3ea1f736f9e7336cf428b9fb2
+AdditionalInput = fbb43e46ff2c5b8dc134c40b7d420ed25f3fbf76db9840c26e53a000bb65fdd7
+ReturnedBits = e72eefe2c433f3460dffb1b3b0c0fe4623535e05d0f47b7b3ca3fba7e7244ecfb202d2c6a3b6eaa7d38323df9e0db863e1582fa7e48e7598f6525b917790229f14d4e3b9dbdb51f2f19cb25362e1e6b5192fa3d206113e13a4f9a4ea003b742adbed2dd65a5848ef2aa85f717986164db9746defc53262865b7044f030dba572
+
+COUNT = 3
+EntropyInput = 0675092fa386daf8fe11c505aa65b3a961f5bbb41d317d2c2d82cd63cfa834b6
+Nonce = 9cc267f83399e2c5041340565d428a64
+PersonalizationString = 
+EntropyInputReseed = 43d3b7ed2591c1b8b2fc2ea8cf526eb6e6fb369bf789e1d7ffc069f06c062a2e
+AdditionalInputReseed = 7eaa99e1b2cde122498b15d7a7118a13ebe1fcaa5a95abbf3ad1e32395a869b7
+AdditionalInput = 9ae4fb83f486c8574abb2fbfa8d1b493c6ab3b44a454dba971af17750c3da8eb
+AdditionalInput = 152eb68213c399365f083b0c19521f189ad9be842578fdcc14f3f7c22f99bbe3
+ReturnedBits = 4d04f0d00c3d904543edf4319da11a14ea68079de912edea6bc0f581fb20c4e6e558ce7cbfb0ec436ef18f4b9d9ed48f3424c1a61c3342c97d670daf3b37bde0586c33a70e704e5136d839dc1ccc4f093d4ecf22677dc1c25c31cf2dac71a643607675c1155b6dd3be6b30dbe0db12e0b53f26bde95545f9d6b75f7ca7d7b994
+
+COUNT = 4
+EntropyInput = 68762738145c9bed25ef023a5d78086f1ea5d857e7b5df46132946e30fb24760
+Nonce = 86a4537d13d2e6b142941b5a97fee194
+PersonalizationString = 
+EntropyInputReseed = 68718bca396a9ae9521e272571a02ca74985d13afab29c7e2a35136062ef9173
+AdditionalInputReseed = 33302530f27be9e12cbba99d6ba9d8f1cc6f4666f596b24b66d94429697dcf7e
+AdditionalInput = f45019a855fc50d7a2ed3bf26e34c28094dd83891b57385cb744602c5c71af83
+AdditionalInput = ae1105d6d73a7ba409d58890d313130324c612dd1538930bb19fb36d49bfcc37
+ReturnedBits = 8b89effad9846249ac50ffaade4b756e3ddc56870662a50c14fa65e6b6849d919ad137e042da1306db59584764d3b9addafe2fa2dc53c129419b479912f90b3901a3a009bc835986a77fea85f62a7ecbc3d73e2277adc10a8343c8869ca97059720eeba520aef0a06ed53b5821787c922512675338a08957348fe4c32e1cd580
+
+COUNT = 5
+EntropyInput = 08537435905c5cd0eccf7cd78432a1ff9df0c5327b77ac4531afeff6fe8a80b0
+Nonce = 782dc3ad1d4d6f8306f970aa35a5a511
+PersonalizationString = 
+EntropyInputReseed = 869676b72b0297a01f463cab02c9bbd1233588415ccad460bfa2404968c39df6
+AdditionalInputReseed = d6fb4a70715b0976cf9c831fabec300b4047421895b8c5bf0101f67fdbd042a0
+AdditionalInput = 04b29acb210bd5214400734a498d59eddf3ff3b446605e3dc9fa315c1f5f44dd
+AdditionalInput = 4654b033176de5c5be08ae0f57b920892c9fa8456fb2681e819429a2ff0cf32a
+ReturnedBits = 62003f1a147f91b47a1bcc23e3a6a13dda6dac3207f08637bd475f623933ea00bd1aa159ac39aadf5057ec59f91024bcd05c4c2cd7d74eff8a6fdbc000c4e5b4220104189178714a5d08a0f98191acd2cffb593247befe0788a642ca3d838549d0824972b160e7cf13f4d8f69e522d0b981f81b3a54e473f2309f58316ce4cd1
+
+COUNT = 6
+EntropyInput = 186432952735fe165b8a3cd7f233a36efbbd7a69d9d1fcaea451bee07f5d1af4
+Nonce = 73cdeeeb84a3aa76a7f0b1f1c1b83288
+PersonalizationString = 
+EntropyInputReseed = 82a41b671f36d7a1dbe6145c67dae9eddffd2cb1f1c09824c6ee2d0ea2db4cbb
+AdditionalInputReseed = a9acf8683326160fc63dfc5454bf1baac834f1b4f5fd29b38211f81086f3fdf4
+AdditionalInput = 989bd13d6c6d9874cbc402617888ba4f2093ac62a5ef9ce7ce1c37429e16ddda
+AdditionalInput = d4ba8c6ab40d50b780ad6181fd2f099fe714c0bb56690f067bbb7ad611dcff5a
+ReturnedBits = 5aad27c91a55b5e714ef8743150881833be6c2e5bf79bf1705d3f30d81b1fd272eac6702bc1642946863cd734e9e538dd5e84bbe54748071d81de1d34c2286afaf8ac4a9997aec1840cfe60540e37e06f07ac662cbe00eb4ab76dc1cf98259197f2c1a7b3cb0e466ca61d57d884ef9091e357a9c2f0d90289999728af6adffc5
+
+COUNT = 7
+EntropyInput = 1fd2fe2228daeec95c7536e2f4bf85c341c2539a20966f0da45757ee82e891db
+Nonce = 9709888f0154f670fe86c2e57f080a9d
+PersonalizationString = 
+EntropyInputReseed = cc04a2876bb5e4896b6c73f2609a0d3b88f349d8848330b3aebd3ca2c37309f4
+AdditionalInputReseed = ecdebda4e56b1741d9414df6f82d19f8629e5db0302763258e688772861eccb6
+AdditionalInput = 36823fc7342bf1ad34a7cb0e83c8e8e07ba750685ff1145fab1d4cbe59c96e04
+AdditionalInput = 53474d42bd14e1840b42c5969eb8b4f7bb1d94f3da7c02f7dc408e15517afa12
+ReturnedBits = 8cfddd5329d4f7b15228cc4240fa379f6882c404ac76bba457827277d33e04ae9925e86aee36e688e27b53ae0c53270a4c4dc3b9fcb8dd327a32720bd7b90593612cb8e540d2d3b4b323a4aafa2baf926d71ed14ec2b8f1547cc04fd00c40a1e003b8d65f56ff81da9e09a19e329bc893b265224742d69d1fa31d699fee1b623
+
+COUNT = 8
+EntropyInput = 41b38833c5ebc7cefe9dc59f913c00525fd3dfdd7bcddcf1930ef27f91aa60c6
+Nonce = 775bea35720e5a1543aa7d847d036c9e
+PersonalizationString = 
+EntropyInputReseed = f5e30ab56e9ac4cd47a0c5562ed17ddaf8768dd332b0f1e0e20814a3582159cf
+AdditionalInputReseed = 561c6f52117964243a19dda151a8910bf1d6229fd45eacc53483832a0797c239
+AdditionalInput = 140a6ffa2dd777bb6dc2682fcb6bc5021e7237160bfb78e8a3f26a9c50a7534e
+AdditionalInput = 7518e93a44263481bfc20f9e6b5618dacf9c4a73d7f5acc3c042256b81ab87e8
+ReturnedBits = f546ffa53f0c91c641e7871645f1615a527cc6a4ac6f2b9e4e831a1ee0fddd5747163d3515a8ddcf4f30fa03f95b74b8c9ec4d46433690c28950c985f9fdd65d2f9e020734b27217ef6233c702d82ab3e480805692af2daacd8b5f0ea75f129b90809a6023f0937a3d9f9be021b63718611a5b69b9d10f80828d87d36cf5abe9
+
+COUNT = 9
+EntropyInput = ac437a11515b389b2217f193fb640c17a0a3773c3c4c6fac74824860cf338381
+Nonce = 04d899abbb4316c2b3ded86c951e8054
+PersonalizationString = 
+EntropyInputReseed = 314fd9ce72824e9ec21319a7a557e0b0b8361f181817f35376a99eb09a9a98fe
+AdditionalInputReseed = 3eaebcd48a8a0bccb53caa4250426b915d4afe3288d1334ae16645219834c7aa
+AdditionalInput = 6af7bc8fbf8fb060f181e6e4a0f696da5c2a84626d5209e90fedde76c95dff57
+AdditionalInput = 975eaeea1fde39b9df1d28ecfb12f7cef5fb5f2c35253766e2278fa05025c456
+ReturnedBits = cb5b021e6c6d22c32c222944842a4693f0ad6f7f42f4af8feb3b7615cedf9a758b9cc82ef255b829d7ef958c2d5ce6e1890e28e40187828f0f5df7ea9665450e09aa4ba12413c30041be8f9618aca428cd24234d60115b66156f70459890dc4b41ab202cbd35089265ed665344a4a85770c0f0ed8bb8fb98b8d218e31db9444f
+
+COUNT = 10
+EntropyInput = ac9ab06f30ccfe95d712f7e3f57778ff927af4b6c68b2a63360f073b1a1b63ff
+Nonce = 3af87af38c8eeeb79c67d825920de633
+PersonalizationString = 
+EntropyInputReseed = 18eaa4f18d783fff6080b2a2145179ec3de3e6f431fffabb9a5ae53f2bef1ad1
+AdditionalInputReseed = da3753e4bd7f38d40e299906e9eabd9228bbc38cba29549cfcff325470e41f61
+AdditionalInput = fe6c77d68c9ad6ee70f3a5e4fdef3d78e7d08da764511bfc7d407a0da3f01408
+AdditionalInput = 2db9c52787119d9f365ae51317f120925694f361532158a9d18e924a272fd2f4
+ReturnedBits = 192b48e9a7e31db3251fa412cd48619ae7810bfacc3605cb0a7ff49e2f6babe090aff3cb6e705c432bb3015fa8267f259a19672c64edbc25e82b8364f5238a40d875219497a4f79976388a73bcab1a2da8b59346f83db9bf710f4d4b646cdb776bb6a588ab3b18a3925f31497501f8e2f53fa94ca226f65ccd598ac13a6945bf
+
+COUNT = 11
+EntropyInput = d1a264bbb6e5881d99a222c88d867ac3e504b458b98915cf2442e0aa826a88fe
+Nonce = 4b5fbe3f1dd17e25adc8920060ca63ad
+PersonalizationString = 
+EntropyInputReseed = fde3f68d63c077fd4dd81205c036a8238119b76ffc7dfba6d730e4dbe7c1dfd2
+AdditionalInputReseed = 8e942ddaf8303fb21b59170ae21625e54d8e2ec8820c4854eca4576baa6c7aa7
+AdditionalInput = c2dd28ea4569f66af771a35c13538474a221921c8175e46e120e78a0d05e3051
+AdditionalInput = efa204ccadcba9317def9874280c7e80f6d5ab8cb1240c21b5a1a3ed627d55ba
+ReturnedBits = 75adcbd4b5c760b83fdbe9ce71430d5584fe0ada00d661581bd1cd56c50332b8c0fb084b0a71e19768f25994b7edca52468bab4205f6274fde7e987a63b85d47794370cd2e0259ef024ea8ea1cb139918d2fa4e61484518ab9763025c2ab7761ced50f5b646cd2f0d0fc503a842415f2ffb7526c2d30375f9ae8d7aed56ebfc8
+
+COUNT = 12
+EntropyInput = 4c31eec0709c4fde56d8cc6d11c7888d9970cee4a6d0ce0a845149e073d1d623
+Nonce = 6ca3c359fae66aa8db6312e61920c5aa
+PersonalizationString = 
+EntropyInputReseed = 15a7346106e493e963d167acf7dee837963626f44216ae0a618bbe11d7a16ec7
+AdditionalInputReseed = 984de321abbb0eb5ff57758dd8cf250cbd72706061eacdcaf9fe6aa2e8321995
+AdditionalInput = a83431e3a77d3a311e322a580cd4c90a17cfce7734a8afe767cf1988bb0b8218
+AdditionalInput = d0afee6b4de87f3bc0a29fd3d1f350da97ce5a9055959f414ba14fbdfa034a3b
+ReturnedBits = 4d3952ebf2e3bf9cac9d4bfe8224ca4eb69dc76d1fa9aaaa9c04ac63c558e84afa3927f84189d6c399e0b5efa3ba91af66675893fdfc78343cbfb376679acc156d37df3bfd2143ff1de212448b0db3d8a90d8ab347000b06214c2d4299fcda5e87c516192973be09b849db250afe256e592d8c31c35249d179e9a6d82e26af80
+
+COUNT = 13
+EntropyInput = 290029a7a660aa9f38519496264eb8894b316a44bab71d2703a08313705e42ec
+Nonce = 27b2cba8058cc385fcb238daac0d0e48
+PersonalizationString = 
+EntropyInputReseed = 539155dabaa1924f75da76fd5ca62fbecbdf82dfd1be84588a221a0acd9867f7
+AdditionalInputReseed = 9318a7eb7b2e39bbbea207495dd3c75094072eeb24869b97abdec54d578eddf0
+AdditionalInput = 91cb81b2d800ad60b136ca63da2f5bce7ca6783f8a0c699931886f0934e7647b
+AdditionalInput = 8156cbf2c0b5b7718bb92742b66cec75a4191359e16c50bedcc5e748a22d129b
+ReturnedBits = 70e62fbe676ea6a4dce2fe02eed8bbd237cead48a59c2e4595e51722ac6ff11ed8d2a42596fe788a3a07b3e15bdb4025b3dcc1c3c254d619a94afb7ac54d0c722bb983e05c3aee10bbaab3ad8631cf7b4ea76ae507303a8b66541bf7594ac3810770e2348517d34e2f69ed62df8cfb04b01761fdaca2880ceb2a63292da77936
+
+COUNT = 14
+EntropyInput = 234cb691da8e4c2e7812fb726799c0944f3e61237c782a268c0c811e26d826f9
+Nonce = 1534ed0b065729ef7fe3f9a0e5fc7b85
+PersonalizationString = 
+EntropyInputReseed = 0a6c8e62fafa866f550dc59ac2538ef06a030c5ec46d98054dd949678528150a
+AdditionalInputReseed = 5bb670e67691d2d4bce04aaf397527f35089febcb42a4523a50fe2333674688a
+AdditionalInput = e1745f002a390f6504846dda08e111369d7828cb79f0e1a1afeceaae4cc4a778
+AdditionalInput = 4e3b1ddfaad296432c85cbac5bd5a2bd897d41ad56f5e37ad5f4ea9b75397afc
+ReturnedBits = 068adfb8ae1f9c7d51453f665332f99d85c92c3a1c5d68e6e967ab9c43eb2493f2b334fb86acdb71ddf9819eb31850f39b679f2a698557d046fe4b773f1bfa697e43c5f20845feb374d016552de2ad17c1e4df6e05ded9e86427832d15463cd079b5f30ef491813664feadcd6a1abecedf708f048408af161f04c3361071defc
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = d176db726c97241c595f23c671432a634140f3b6230eb72b5c73393da11ba066
+Nonce = a446dfb8effae0ad42d2e15f18a1730a
+PersonalizationString = b822d8233c31c8dc19d0928ed013fc88455e907bd64c85e8bb2c0dc0a4a4599f
+EntropyInputReseed = 0f0e9272c0c048b18053fbf5ac02885c45167df203f6c341e00fd1268aff4d47
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2a31c2496b890e1d71805270ad70dcddc9b47f07f009adbdcbc13744618265551a43858b23613f9e35d432aabf03ad40fcf82d161d0a9f768cd7c6d7c3ec761a7fc26b6a4e5199ac61b9731f2241299a34b25b3daef9a4ed2ad924431860cb29fc4cde4b40970b65d364bec8cc9f66cc27d1abc6619f238b9db399762f4deafb
+
+COUNT = 1
+EntropyInput = f3bc07d82860873b2af2af12302d36c160b3d974b595aa1b19025be60761953a
+Nonce = 76127b99d224b59bf642a3beb729571c
+PersonalizationString = 53d8ddc6bafc69eed4dd16448d5a0f895d20768446c7186bee6e358ebe283f1c
+EntropyInputReseed = 5f826a6e90c7ff6b0037d785664e4a1b370910af2190af90f23325326f29cdbc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d4dc1874b4453f9ab503faa91c052350d021b7ca01be23c14e548dac39e06ac480d834d753ea140793681d67c02a9ce6707772a3eb0065ad65a3353e1ed377a502bf3c36991860fefd0bebd183f6025128f2244ff1efafceceacf34d45a1d0595edb6dd2ca4df8871b1768160521408625cf95dde22e14bcc64169cb8e34ac70
+
+COUNT = 2
+EntropyInput = 02aa754f66ace4d895b7dc743c02e2d22cd6cf07ec2a71671d825fe179b8b432
+Nonce = 07464d3985a4a9bbea4d4e27e62664a8
+PersonalizationString = 6074f8c32edc390266e1793aef32b63ba05eeda5e52f5217a558af884c61d658
+EntropyInputReseed = 866ee621493e03932db4f4f29cb14fcbd749b7e7d80153deb787378b79a4dffa
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7943dce1dd028052df335be48ea0ba54458f4c0e8db57a80d8ee39842bb2e24b7aa78e1b8095a72042e586498d87ba13c924d302901e3574f26144d774d7e1e2225d7880bedf4955d203ffff02c8036e21d650f3716ff392b8c2ef3b6c2631ae0cbcd68172ecde93282b1a1a27dbf05ecd5743ec24d44b110f7ebeb514b0a535
+
+COUNT = 3
+EntropyInput = aec82330e35a2e52ea5835dc96edfedf7de2fc614c1334938cabca2f0ac085e0
+Nonce = 5101fc43799bc1980a5390058c038d66
+PersonalizationString = 2edd21f0c3359fcb2f43f4b6fbd82106ab28e98293523cb5e688c57cc302bcdb
+EntropyInputReseed = 236a0c71b3268e702107bf454b06336f9f18e0cb3e89ae5eb324729131a9b03d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = aa49be101140ab260eda0a46de641154bba44a2592ae1124b0c735b1cd630fed831b656335bc11098f2f56d3c1a143dfcf4f020c07fa68c21bbd4a5d0078ebf42b7d42959248989ccd99ab69524210ada69f85c06ee8b7a67336a0d7f8b64e59073212f5cbaed627450f12e4ab8dc58d5d624dd87dda63e9fa19f6855172e8d9
+
+COUNT = 4
+EntropyInput = 3637734e553063dfe6d309dfe778c552a318ab0bf61d0e738161e9dbd5fd3d78
+Nonce = 32c623d66c0b70b2d7a688c3097290bd
+PersonalizationString = eb2a9afeb16bebb77833614946c0e5dd2f6fdaa949009619ccf46164e91dd1fa
+EntropyInputReseed = 9cd9c944e3047be9d5c62983584c7dffd02a55bcd16e9d2b349424342db91674
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5e1726bdf2900b40cd65746b80fe391b9c6e6c2392319aa1c1c4ff9d85513c61c28e54f37c4463698d08a2a66c078062be5300e339948dadbb575ad7d385974ad4fe7e7ddb1b8fac384284432671b4ed72f1a6de9bdcf485606b25d9dfeb96846377b3cecd88eaf871923e94502a9f803afe99463970ef812c2332498f060d62
+
+COUNT = 5
+EntropyInput = 05c18f3068fd825a0c4a9ad646c4b0f8830c0b1050d52708fe5ed8411f75911c
+Nonce = c14087aae80adc115b52a9add4578cdc
+PersonalizationString = 4b8ed94e6b381a8484c3e4312eb3032c9ef2520c296169df57018d9edccf91d0
+EntropyInputReseed = 539162353b72bb490a90dccf208a615e76579aa4180037461843274c9c896081
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fdd7f81c0e5e8d9cc6f3fce2a0e5a4f92294b2b59dbfa50d894421b24ec9605f5aeb974230dbfed8ff16ac2493769b2ce2da5ade87b59d4fdb7579fc356a2790ced73f1de444d5f373784aea6cc9b74b7d639cbce0011013ae186925458865b91b679ef918d08660e5cb811f7f2673a2b6243d3f0b328d6d694c37b4b764facc
+
+COUNT = 6
+EntropyInput = 7d7d3e2c3476bb2d8a212a7156957fb39290474f141da9acffa6f3d90ad743e7
+Nonce = 32ec82586cf1334d9f5ec764e1160e7e
+PersonalizationString = 72f28afadd87569e59e67f6622583bfb70758f73ab61abb0bdd45faf2f2c7af7
+EntropyInputReseed = 924def90b5d23a77329813c8d480c2fa441578fc983fb53dcde084e86cc57c3a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 028c5f267abb8200ab49b2d9f36f33d050bc3f74cc51750b893f1fff253d943bc7b001a18794d1473e4e642f891c28d783586e8a73def44c991d8c80482e1a393b7669069d545180abe79520cc0eb6c90fc36d48df3d6382b6c68fa2fdd734da01e445c9e2751de38b53dcd38f9e2f83c8b94d3ebd52e526b6ff39633131cf85
+
+COUNT = 7
+EntropyInput = 867321f9161fdb547a8b47cb03c01eabda30f6bc18a641e5cb19f49884824613
+Nonce = af8c724a91277b518f99426d56927272
+PersonalizationString = d72c53cc1ab51bf8765afe77fa22b2cdc37ab1ce4b7d808e56cbf5f488f2ec67
+EntropyInputReseed = 90ab02a2b73c134bd9a98ae5b2bfa02271185e77a632a167868f19b2d543d535
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5fd80075f7dfe3033c96121b349b8f229ff141776323f903ed97736166c7256c10c3da2a68b04a23c195ed8ecf6be350a6a390308a0fc881126a87934a87a2fb0bf3c76a80d683457504d26514572a35f263d53414dbfdb8d4d1189d63080df6d530d03040aeb48d1682bd96da841fecd55359ee911704715d598c5cfe5bcea7
+
+COUNT = 8
+EntropyInput = 64b1e454243b242eda6c74b0fb955370d891f08b2a5b777dc4f3375ac59a2044
+Nonce = a4727232f6270cbf9ced91043f8c06ad
+PersonalizationString = d9684c41f99076961acfbd9dbe30a9f49bace6ab511d7ef0433a1a5f15439f8e
+EntropyInputReseed = c718e80ab722bf1d78ba0a1f95126d5a6c35b7eb0a2a84ed6e23b8e03e33c7df
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9a718c716448709b7a8e1ff6d5a690fbb9295d3855454109fa7619c8716591512ae5900c807ce53ab6d40383675e7ca5c67acd9674c8428a43288a6df4f44e145a13ddd48a61fd726c2e9dd6c41914b0aaf4630b76768162ace444f369c81fc6bde6d485be9c34c4013f06682b9aeadba69001f81775089e93e1bb90531b8673
+
+COUNT = 9
+EntropyInput = 3cc9e3fc24e8fdf85f63310b30a2662181b2d72191b68e060a3feb9c3e632313
+Nonce = e043401bcd90565f7cb7ad86a25e3696
+PersonalizationString = cc98fcb52ec7bfb720935ac6a82ba73981212b001a0c1dd382a39abf1363e7c2
+EntropyInputReseed = 03d22cd2d99f07445e7556d58ad32bb01e447d93c4f31a5ecb7b1d3ce9faa952
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f754b05e133c867240e5611f4315e4f167e4aadb177632357820427161682905fae9cf55442f017598d529180be26dda7a51c37b96d561b1cb7dc33e3b6089b5397c5336b813e946c285d34c1be61294a83efef155b218237b7eb15d05262f13c1016213d99e577acc1db6b6a0c6743a0a7914b971090d89ca437cf4533668ec
+
+COUNT = 10
+EntropyInput = 8f31359dcc6a496f2e701cd927ec513477326917d37014690dcd2c25228e42db
+Nonce = 4dcb2ecdf2a738d91918990a4e342abe
+PersonalizationString = 68617fbf87200acadd713fbf04c57bf8878f83cbd0b0ca00fcc9b9dadeb97621
+EntropyInputReseed = bf87c32157a8154a5ce6795a3d270700bdc41f90ed8dcf0a801d2d43620f0410
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c191f9ef1b475a0c1e25ad59553391d9a3f8e6f757492adf5d3e39e602c20e795be990d71df16f9a9cde5f5d88e9b62979036b6039ba1d4495e3c3b5d2a49962373bba2d3415254a2ca39bca23aa2eb1b6fc9d3276c683c80639365a8f461e881ba544fdd05c8ffb14df48398f12a0197d1b8a428692d08c0ca77384f8778893
+
+COUNT = 11
+EntropyInput = 20f08354d63fa46fc6c8f0a4327c6ede286c8e46ea94489559a7d44c2bda6c72
+Nonce = 84bf091dd0f5a8a96d7d333282dbcb08
+PersonalizationString = 2a601e2926bd66a6f09ea7def48f9ec66466ccdeb1d83630731692be2deb2566
+EntropyInputReseed = 842a9eca79dc4bbe8a95c5f5a7328d0862e23504906b415fea6907c57be30a1b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 55499e627c91c47d2e322eca5e68ba75006587becd2cc99fd8b65673518848c8f6960afb12134d0d25fd14979ee0890100bb7cb8f40c26f8480b810386be4085accd6dc6f5113d51bc9fa1f8d9da8742a4d92eb1d03388bfe5961099c7e7a6d710f97b3a19f8762439228a12438a1fc450fab74a316f0fef3f4d60fa0d5e0d34
+
+COUNT = 12
+EntropyInput = feac5b160919b9b370240ec64940057bf2d4a377e41f1c83757d0ee68335d045
+Nonce = a1578aac939b40cbc9f26bb0f3fc34cd
+PersonalizationString = 340e3816e70af3096764c67181b0b44e508ee678ad01b75f106eda343ff6316e
+EntropyInputReseed = dd0803d562ac7a0183f1e89a1074f827829d328fb245c2c7292f8c07d92cd25d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 823c6aaadaaa657b71e49cd45d51f9b544d1112a84261d374525cf94f717ff2b500809ba1fb0a4e99a9668352e293079b0ea2ef029bd65de15deacdb19ebd447b43fc92aaeb49d12e87966edc3bfc1bc11160b24d94568357c89f49871c5abe08e472b09f5bcbba8d0f33e9cba75f76d63010d42df7d4a284d378ddea59656af
+
+COUNT = 13
+EntropyInput = fda666214f6a340150552a647f15990cb6908ca763ec5286c8c8000117fd15aa
+Nonce = ae4cd0ff70130e972c9ea5c4a1d2636b
+PersonalizationString = 13767d11a39f6ecc192a079ddfe4fde5b88268cbd62ba33049265bc03d1073ec
+EntropyInputReseed = f2c663c25e0a30c6519d1dce960934cb50ee0100075c7b3fd8764557c97fb9f4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 983c3460b9e4d1cf4e5da7f7ca0f52b5f45c332e2e46b2b4b226cff0724442ed85dfd12cd4ee307a18b3f69fc30c3d8f0df1a0015dc6e77325eeadfcb3b86425e81cef127e99da88bc6ea1f01ab2919c9dffdfba0b12e97a80f77f18ca2a020689e68d5dcb1a95c55af2553d0387912ea7da936552a14c1cb4bb749041d39198
+
+COUNT = 14
+EntropyInput = e2b18cfef8e9d99166e3059e02fd4a6665d2cea66a643337ac5d64d3942794d5
+Nonce = a15cecb330bbb1e43997c84653978793
+PersonalizationString = a38d744d1863a32810123bb2c03b654fc2a85c0338bbb240ce2133f71b0ad6da
+EntropyInputReseed = 8f572caa4474e584fbfe6c5b657a2b7575b19c39245fb12a0f4840d6646b7dd8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fb081804a1dd90d918a4726c93a56ab0c9739d74921806c05c72acf240cf76bd8228a1ec4f60613be60630335a7964b3fc06a552e103c02ec666f0ad92de6064dcd0e92baa4101ccdef50ac1d70e0bdd4d8c53b0392398f9f48942d57ef9f9192a8eaf608dea08940494177fe7c0ebe00f605cd04ffd23b856a1e5c8477f7267
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = a0a809d13f9c88cb4117586a56946ff25922304ca28e94055cdeb1d7e229b34e
+Nonce = 5f1bcb91faad6387bff8e918a9228f43
+PersonalizationString = bf34b1f373bc5930ee345617453830fd670bff5e1d31dbfbe7fabcef64e30c58
+EntropyInputReseed = eff8312250d235adda4b20686477c5b77e3336a6e1fed8b09a4e1b62e00c99bf
+AdditionalInputReseed = 5b48bf0e90a70ddfe9e50f86d33ba473d5b04cfd4d43ca2ad12a6b6ce2a99359
+AdditionalInput = 3532ed84a2bb6f61f787a5ffb60e9a7682954d7cfbf9525b691d344b7905aaa8
+AdditionalInput = 05a5973d2f26673caa5cc76fc3381c6895373de09b136e798b44975ca4c32256
+ReturnedBits = e9ad87ccdbe060c15ad936778c6e98c3a34465c766ac719b4f678e2bc009f7b693345d129a9e42527509c9e51cbb442539087ff6621a773be759eb8c43825864c0a3092fb57adc9e2b3226b182c5171f7425e7beed3572412baf3df6dd4d58a0d45bd9b01e77c0625650ec86f3f288c462510653b034e4d363e829f6881310b9
+
+COUNT = 1
+EntropyInput = 40c5528d3caedff54a5c3ca0b9cca1e036a97c3207006ff949a58e0763e84168
+Nonce = 47efd3d608b635b280b38c027ff66002
+PersonalizationString = 33827d913942d3d62c5ca66319d5e27389c587e8592bf868154b66ef78456737
+EntropyInputReseed = 105e6f823a4d932f9ad2fb095efe5764b45891416d16a67b548bc24bd12fb8c9
+AdditionalInputReseed = 99cebc96266a3ecb9a96bf050a7da57f1bac4ee291cb93efbb3282050ad7fc2b
+AdditionalInput = 707602121e691423e7aeaa7a697fcb809ab7f2a2e662ac1bcf0e907cb2ade6d4
+AdditionalInput = 826a8bedfcb5546cf747bf4e5b3d9631c6c01a635ac206447e17a128d29820de
+ReturnedBits = edb7cb26b91b7e54f95c8e40c0a9e9b15011b1cde99a2575bb5b987d77f45a88cf76d63e2780ac8119a1ea34d6f7ed60c16838997a2cd8b1a416d1c40e1875970d6c3a7631b2700f321e444e27f451cf6ca7898126f45797bb9fb68439983ffda2e810009b3461f0b7f39ffd15cb0d5d1b5e36b6a97596c18dc3965dbf54d6a0
+
+COUNT = 2
+EntropyInput = 46c88a68bde571771d3c422bb090f12f8565abce08589d530d5da60795682bf3
+Nonce = ce6b0259c6245365e18f668041faa748
+PersonalizationString = 4acd8580a32d629bb4b8e952c8e02538a594fc909a8cd9942772f3bbb66f9639
+EntropyInputReseed = 8efd8a30f2220b9aa4b469318c22a4a88e2ac9ebb18da7d7b434d41f26128e53
+AdditionalInputReseed = 7b846c1339b2ffc7140de43d8cb52326ee9c64e154c20be10f1fcfebce1319ad
+AdditionalInput = ec57193bff9b11b024d2ef0bb169edb67e1f161a1582dca45b2524aa81a38fb4
+AdditionalInput = b917da93b3abc61cd05ff2703bfd94ef82c2c3e36d6db8d5ba7c575a33193467
+ReturnedBits = f1a8a8b1a1750533444962e1a456f399455ac329ae2cfe9a02f4bd52b07eb3ee19c599184977d602fa51421d8c5d8809298dd4ccf7c72686d243d2795c1407ac8a5e6e5926510c56d11d13648f1c6724132fecf776a51a58a61bd03df872e3ae46cf4749db34f94c538d5e5769fa40f0594e2d81917ea6bc4638e4cb0896d46c
+
+COUNT = 3
+EntropyInput = eabe40b4692b60630ba4267420b093a0acaee778ffc78f824a8b0f5d008c2019
+Nonce = c73641e6c3faea4f01f072d32cc56328
+PersonalizationString = 92f61b0b488dc6d6f8ce995b3a2cf45de41eda3b2eb98d9aec2e1c37f2b5171c
+EntropyInputReseed = 6629b64a6fa727d7100a5bca5fb98f69913ed6661fc7c5382b2e1a73437ae39a
+AdditionalInputReseed = 117f41f100758ebebbff7f02eb38f9fd67614d2909950f5781a929207d4b02a9
+AdditionalInput = c89dae50c0a9a8298e50e0a6993a555a574ad2aae840f37b5387ba2a5a3cff53
+AdditionalInput = a89e4765c96c816ddf2411ebd77aad0c873a8900a80b28c154f7b2fa2dfff827
+ReturnedBits = 66bd2143c0bbfa97775b8fdb38bbf47d32df820ca911821969b7a228a5c94c3860d6a129d0355365e2436d57479bce14a694643805284d2a3a55e7f9585a0791ac8a12b5f64d4b30a6807751a3eff5bd430e77036bdfe7d0cd88cabfc126d27681b790d9cd0560998da88c6df0051b6e74253d64c6be5f0d4e02368f809ec3b0
+
+COUNT = 4
+EntropyInput = ebb89ad81be2d8975543be3895b2740777916f391517e5ff34bf9b429427774e
+Nonce = ae60c49360d722e0c682ba99c9fb35ae
+PersonalizationString = 3bd632f747567553aeab00a909e43eba6b9533087a218c281d67457c47d97fdf
+EntropyInputReseed = 2026bb0f3d2c68eff46920a8b0fdd0fc1b6ffb3827f84fded7bd46181ed01010
+AdditionalInputReseed = 4103f613ca177bbc2f3733d18d92417faeaa3407f3314c44a47434f9841262fb
+AdditionalInput = a990830546edb15e105075db882a3c0144ba2273c8b6baef48df3c83a160497d
+AdditionalInput = af752811359ada0accec2945a516c9c9a150809d593402729cebf6f007fdfc88
+ReturnedBits = 384883695b91b6fe82cd76c6bef204be68844a0e8f1f59048d65d752e74123ccb386049c96c616b76a427c47b51a800aafd1336e174ccbddff0157d9fbc583b60570e14fa27c4ecd00cccc4f1d9bc74a7dbcc464c5eff9e6fcf5b4bd7f175ab3a3a843032262f92d076bd55aea31cc4040431ae12a64e3f86b9b49e121fe8340
+
+COUNT = 5
+EntropyInput = 6d8790fec9633bdd371d505f3e2a18a6e61b57665de06172dcf757e640fa5993
+Nonce = fd889c9e576b883e2ec2ad512970b979
+PersonalizationString = c3d2ba08f24f32b0b4d8c349e4352f86313cf4c5c49720ec8aca9cc47851bef2
+EntropyInputReseed = 0020477e51400c8f81399852b449eb977c44316ea8cdd0a7ddeb87804ea4074a
+AdditionalInputReseed = 233cc439a1e6795f8033382bc6f5f38fb371cf72094ee4ebefd06c18db0d521e
+AdditionalInput = e445ec189b309618ea20456855eddbbb17c5311457a896b229a60e63d421d163
+AdditionalInput = 568f6324c002e8befb7784ad8b2043a75b5b49c0bfe4b4d73a4f2031518631bc
+ReturnedBits = 22e896bf8737be2d0079c26f286e0712d7c92b0996754bd63a079c2cc80128b906a13d82b6e203359253133538e919e6e4dc23f8a1508654ac16396c84f8936571a3fc1aa9de555e67c75c4847437937ea6b6d55e30f423f8e0c1978cbdb7e5ee4cd04848a98935d16934af0408cfe7df1fe2d25e8c2824101e6b969fa8054f5
+
+COUNT = 6
+EntropyInput = 4e1aeaffa8d64e9c86dd9570e75d650c2985cb0bc95a1946fcaf8b98dc2bf536
+Nonce = 33e86f1d1df9e50ded987d1e73970700
+PersonalizationString = cf272e3ba187aef4d8036e76ff8ea5c33afd09c627b04a2863fc92bf3eab49c2
+EntropyInputReseed = 6f3fa65de621588aaedadb7516bd7ee3179f0a355d0ac218c4052320e8c390da
+AdditionalInputReseed = 567061b9d602ad112b0c43e37278ecf2bc946c126cbbe10c0a7aba01d425d9d0
+AdditionalInput = 10c0714d47dc3c84069735bbfbf907ead01c5d4ae19c3887c4036868d48d5a29
+AdditionalInput = 876fdd806443fab7234ee6884cb6b8bd628517dd6bd7960963d5237eadbcd7c9
+ReturnedBits = 1dae85ac5116084a8e13ea9fd65cdf3a78a9616960d2a7aed28366b08281ca7d013b84aba09bc3eb768e388b358df88660501f456345a4f0ba3cc0c088fa728e63bacddae0da9dccabc665e17c8da6917c4ca00ed96bf4c39dca3bd38f552afbcf21fd0924bdb077d16818ca1edf54cea1857d511de31316044c3e28da094f39
+
+COUNT = 7
+EntropyInput = 8ddc7d79a77013a1a10d9177e98a41bf165abe0d36b7792a5d1b52ceb39ecbfe
+Nonce = 207448c0b2c2beabe3e447f1fd1b485d
+PersonalizationString = 0dab9e9621cd14ecba4e6da2f5b2c7708eac81acacf471bb1d83f539c50d0480
+EntropyInputReseed = f75442b13ba8f36a3680751207644d2cf4716a669da5b7ac79eaa91ccf8d012a
+AdditionalInputReseed = ff812538060335f4dc060ecb5c30b69ff5e38957ddc9103acfee6d8c000c4c63
+AdditionalInput = d5a054a871364d55f151d74bafcb603fbe48728d56f06895bb0585dc572206fe
+AdditionalInput = bfea69d468a619d65535cfd92c6ab2f6c069776b8092b6b114baddb255673f7e
+ReturnedBits = 2f51d5b6856be93eb70f6c0b34b4b9389f0e69953c70d492a4b646aab1707ca6ff0a232f7396e9252483d41324b645775fbbfb94318d58c90bcb962b1e8eadf0ef76a840a327ef40febebdded93fc686e76864801509233443e92ac079e0957d0b75e948bbc50d58f0cd8a1f9667424c6761834ea230187828c2a296641d21e7
+
+COUNT = 8
+EntropyInput = c00b1ef7d6a23785faf2685002b33459562fac86043b641679298c08565a6129
+Nonce = 72e6cc764523e4cc8a36a60b949404a6
+PersonalizationString = b0799ca214289cc392417ea439995e1e40f573dae68b6cc617f9e995c3ebcf05
+EntropyInputReseed = 387fd8785a6ad9010d04c626f0594014667910274812d7a8f8fa00a16383ce8c
+AdditionalInputReseed = dbb72fdf3ed3f2852e1eec30146ed923841b83ed9b2c0343a622c72ba43fbe7c
+AdditionalInput = 95ef4c3ddd100e895572e75ee09af25414fcd727a348c7895d6e85aef2cee57d
+AdditionalInput = e4e310e8fdc0edf676d387dabe59b68e0aab862fecc87bf17d88b20af65c1244
+ReturnedBits = cf17c8db83ffece762d8f68fc5d829b60a8bc6095715d5d1afa2f384dedfe855e768d928fd485edbb97bdc724ed8140a229ab18d38b99d3676d8647d2d1554c9a9406294ca95e1777a40d8535ccfc93f3444f4a0d8c80fe211006a642507fa691d9c780899eb0478d99e768665c903df4ce4c0882b3362326360546533e26ab8
+
+COUNT = 9
+EntropyInput = f923b3ae2d7ae9a01d6033595ebb48de70b3fe218a0812c0951705a0394ee976
+Nonce = 9e133dd0108d29e54ae621e84f7a0c3a
+PersonalizationString = 3e1b4b0f1b0c0a9118d127b13483145c9af3e645fa9c4ded3a98cd75bee53290
+EntropyInputReseed = dfdc0aff3ccd1bcbbeb4872ce0aca389c84954c6a894c3116e2b650771ec5656
+AdditionalInputReseed = 88cedb20e6f49122f2181b3b677edda0b652ca3b886cd8636649b120dfa93340
+AdditionalInput = 7dac9a708211ed329ce4085495d288c168ea2ce3e663f3b52d10c98e5dde5df9
+AdditionalInput = 2925d129d353e0d122a51fbe80a33c854ef71a1fd843bbf3fd87cec92bcfb27c
+ReturnedBits = d19daf5c2e001ea3fa1acab0381747e355c427b3321919f0b72576f61a30825decc377b20c7f18a833fe653b7360bb260ec247e37ebd1e415fe278ac1ddfd010133ad3e738f0e80866a595f6b6904285b52a0a1815ea9722c93fbc5f12585a0c5a41cc5a064738b237246bb6ffc09916c3050a5c11aa2a7a03f88166137c739c
+
+COUNT = 10
+EntropyInput = eedb4329a2863036fd4a688b73c9727d7ab374c49d872afb918bc75715041540
+Nonce = 168be80b9327532200b87593580d049b
+PersonalizationString = b2fe15f255750304981aff7cf5c103169def34dd48d07a88b815c10d2c14901b
+EntropyInputReseed = f4c6b82458acc20a96d8fcd37390004a4e53da30591db093a51f90e952dd71ca
+AdditionalInputReseed = f24303face32915d226affacb32e9d196540016e74e5643c0ea5a1e19b25e3de
+AdditionalInput = de78f256164f8ca5d86b6f53cb0d5e8e2531d316101572fce8c1f54c0da4d95b
+AdditionalInput = 1a5ccd5a810302ba5b48cc3d650d19343713ccf47de68950cbdcc884e9bf18d5
+ReturnedBits = e050da9134cf11aec991eb9c4836905b3e530da1d5d4d57c1fcd559ae95bd1ec9c00137eba187ece36842847ba94d3b347fa314c9a74a07e02caa290d3c8e4afec18b0c8fec7d9a0cf43daa2672de205124cf62d68a6165a280a58df4874cb761f89490c29b53b4d2c2a940997baca51ababde810055cba974ed0c6dc0bf0f1d
+
+COUNT = 11
+EntropyInput = 0f4c85f1ba4d662caecf3122856a90b22e55d33454382badd0e7159de4795516
+Nonce = 47581883289982b4ce0e8c2c8e4b0dcd
+PersonalizationString = 4cbdeafdabd81e1ceda48ac3c678ee161870edb79c12cbe9e7dacd8a9b3612bf
+EntropyInputReseed = 82ab805948b62b63a97e9acdb7445b6a3ec1707370f65fb278e31826c09bec81
+AdditionalInputReseed = d3d759198b903cd647807bc8c3a8673dfdd4d02b2cbef64d454d639fab0ca191
+AdditionalInput = d6e9d018f12aa77bcc69f27959366b2a65b64cf3687c2915b25184a7042a398e
+AdditionalInput = 2d782b50a77e9fbba42891cc473636eb77e7f34dd3a8969f3596d9ffec2c612c
+ReturnedBits = ab7acb09532509250eb666fa85713224fb16787a1eac4286d6e01caed14600bb758a91a6aa7f4d9d9eb5dd1e4098321c5fb3a3a63fbdd255b014217f36af86736ed1e0cccb75e06b88244506c2b8a9a2e14306ca4794e2f2703b2ac0ce8fc40c7dbdf8549476c69af884edfedbeca9dd247ddb8f3aed3c846b23a04a7d98d7c5
+
+COUNT = 12
+EntropyInput = 8feec97bb3abccd5fa832d0141baa044ce48b8a38dae7b045d59e21f83edf9d9
+Nonce = 27fc14480310dbbb58f2a193723363d7
+PersonalizationString = 243f37f1c6c20edf6618db2cf89726499f2b958c1a1cf05fabba0bdfdd5a737c
+EntropyInputReseed = 975125efe5f4d162683ffff9077a8acfdc206d5db3b9421bfaf90aadc14b39b5
+AdditionalInputReseed = 3eb73d2ed88385299cbd7bcfca64d044fe07077d477a88f553062b68983fb66f
+AdditionalInput = 40a1b0817cef672424bb9792a1f59b124d858ae5cc2f147e292333fa3202bc2b
+AdditionalInput = abc4e7bcc8e8a1d2553250003655af306906619d6a5f7a123673e11295fcf02a
+ReturnedBits = 21baa005f6d50c445ea38fa22d032ba8bdd6de26111e095346155772325f5b689cd949cfb0ca7e7dfd54717682a8e2dbfe763cdc4e4e833731242a646d975bba8de8d9287721a8b86bb4e1a5c2579f435328b6a0c25aa503214bd2611153fc57cb82eaad0e25c301785f19f0eaf1176ebd8f3a9245792462f3bf131506474752
+
+COUNT = 13
+EntropyInput = 490f6e4650c9ab12f4c105ef52ca94767ea53fb9ec2ee7dafa19ec239164342c
+Nonce = ffbcd82d8c861eb6c72ec07e7c746f37
+PersonalizationString = 169a4b7dd371ca6ad717aac91fb7ce06fca342ddc920f8b35457e99a3297e47b
+EntropyInputReseed = 8e2994b574eeb0551d624685e0b3257a311e45155140f5ff01aef6fd7e260258
+AdditionalInputReseed = 6ed796414045ead36d2612129f683a23f911f2121baee64e3202c688469c3fa5
+AdditionalInput = 44cc12574e3e5e4117ddd9c0cb18fb17b5201ba744a7a7c11819c39f8efa5cda
+AdditionalInput = 54569015831558360a787ec1030be8ed20b1d098746b8515d9846e5dc47b805b
+ReturnedBits = 99c0fb997b9b76c152a92845ea17080a699bf634a2fd8b29c341a67a89105295e05c0f6e6b993cd88aec303307b0c79093050b5b1b7ee881ad41137c699c4a004bb335ae2d5fc62e71440a08e25e78ac19a86773bc7726ff2489714ee632d7a433cb2f4fb3bb2d70bd92b4cf6810d21b3a79932d18ca3304883357cbc1611692
+
+COUNT = 14
+EntropyInput = 85483423600e93df98ef818614a6df509c813738874795c44e4ff803969e29c4
+Nonce = 4202283f153e44d32dabcad1df174d85
+PersonalizationString = 0a68b945e49c0ec9d35563669fa3b92b3eac0e15292d274eb5d2510af0756a7a
+EntropyInputReseed = c6344253e190c45a41937406dab4dede45e90f57e0fe5b727c1ec60b3236ae44
+AdditionalInputReseed = bc836b536e71bfddb67fe77473194236f9920d555b3d174e293cd9ebf15197e5
+AdditionalInput = b11f7c1b60a1223e5c514690edd2d33227df3326a99ed3a3aeca94b5e7c7338c
+AdditionalInput = 32cdcf759e0d7e1a728e1cd2bf4de8dd225c7dd576da2a565662a3d28d8d3a6d
+ReturnedBits = 1e344c946cb6f54fd2bc17753929ee881e5c6da0eaca9b24c071cfba6919cf6d9a17c42963ffa93797f72369811e9f3c0cbe7aa6f62cacd9a8698e969caa0b8c37db7ef9cddccb37f5205bee6190696a45a7c527baa49524439e67ae259897892394bb2ecd4bc7e112f3eb5212e9b9bbba544aa195f06f2a24c2929243482291
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 1ff2e1224ecc0209b6d10c6f2e37ae1aa50277877969d1a9297a9c0c4be7bd97
+Nonce = b2ad995861210b4a2bf17b8d1aa7d45a
+PersonalizationString = 
+EntropyInputReseed = 904cb3b7c3a9a47a178905fec0a947c56d8bde27dcd13dd20c8c265a9a23cdd5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c86c0f7a98a82dfdc7393ca2489b2aa500bc252d317e1609999e327b3af2edf1dc08ae70c816603f66e69102df00d104b6cdbbada6807094431d092fa4fb39cdd39906e35cf3c55f9c5614c6f04deb8337e6d32d5d146faa76fdc0f235dfcc6dc71768e10d5b1656984938212ccd7a874877b6283894e8d8c62398ee45b65fad
+
+COUNT = 1
+EntropyInput = a546812a0615295d117d1196ae893048ac6a89ac184c19e4232b5071dc95abef
+Nonce = 7faa20dc700024eeb8433bee1f07a760
+PersonalizationString = 
+EntropyInputReseed = c9eca3d43fb3a3dd69b4e2be87e63919ae815d9458366d7c16c1794e2f89a6d5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 66bc375d9ba8ff44585a87d356ca6e174381feeef7e74fcad8ba449222f4c2c5d9456fd280fef3b8797103c15c38c801e96ea50f8a5b339abe3ecb646478c1b08b875d8447a497eceacc55adb5caff32d01e3e19047fd16d2c1ab6f7b7124f0a24b75e3700292affa4149954cae934b91eb7038df811fd29f9513a15ed80dcc4
+
+COUNT = 2
+EntropyInput = b46f9e405478ef1b3f5aa9721865dd0d5941c3354cbc22aae331a97a6abc36ff
+Nonce = 6c5972f140e6ed1b5439f4c6889365f6
+PersonalizationString = 
+EntropyInputReseed = d20393a7e9af4594b08f7c3b373c29699d30ed666510f2a7d83adc02d4215a15
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 483b37e0d132120586977db64bdcd9b8569dcc95111679f7c51cc015cc62266ad2d34db5f6542acc01a6bbfe6b919956fa04eed0ffc781023d14522c00a480560228b22b33974395e6a71a5a01a18b1db9c391a486ef8a8a4777078132ffcc5d6772764210b363aa5e0131f39b30cb26d44f5b0d6d158403573b22b46275470d
+
+COUNT = 3
+EntropyInput = ef7110f7de9e38b51e2f40330ef62444c6c355763c8aa807e7c9c4b262231ed4
+Nonce = 87dab385f835ddcd2b8441c2b4eae419
+PersonalizationString = 
+EntropyInputReseed = 1192e75d98cc596a860c6c20092c035db5fa1cc132ab324de2d55a33cf2aa25e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 360c9bf276ae2a6b546a01708618697adc1cd9b9be198483e366da91653b419914fb1957e64aa7080e5da9f24059c2dbbdaa0b84d24a8c5db7c2ba52fc1a5315bf409a14aa5c88036356b9dfa36461e69d82731b08639de1e78af44e9bba08459560b9f8a31b8b11329f5ffc745e09116bfab7dee8b8cc8841063f62241428ae
+
+COUNT = 4
+EntropyInput = 0e97de682641c130faef55e3c907ca2a3e7ebca4f925fcb900717ceb78dd80f4
+Nonce = 5a7afcf43ed6b38e4df581377f18348e
+PersonalizationString = 
+EntropyInputReseed = a56fc190695e6bd3576800695df8c6442c741eae8ce8cd40233ce212f1f44e54
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 094bd0c3921904598051147d69b146e1f666931aa68e7cdbbfa283cc70965d7ad116309b4fbb1308cf509183f07f746831ef90789be29052982b6fafa008c2d6098547988998fad80c4bf54abee938fe5e9c7429fe5ce30e31599c3048222b13f3cbbcb607b6a1da4a9787c51c48b1ac4c8aa0e9b68db4202af3ec49d95d133b
+
+COUNT = 5
+EntropyInput = 7ee466e3551f237fcb58ec5867a390368b152a833984fc4dc4183ff85aa20e29
+Nonce = dd973b97447ccb91f6a9362d9e0865ea
+PersonalizationString = 
+EntropyInputReseed = b5301777760303ec25e44f00cf152f230836c736fd11e02e2bcd897c8263a069
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e7463dc9f6b8ce7b3e49514099d27854857812e88e22cdaf016c7ed37254ac26e5e512d039bced76d4a4f1982f1cb9f7a5996e551d96518c1cb3467d335a116a37a0326fcbc9633db266b63f76c24ad963b01b7af8109cc2ca626dcf0585a994e9263861a4d0719ea6a18234f98e4efc40459d408b40ffb08367578efd2d7d1a
+
+COUNT = 6
+EntropyInput = d2385852c5c6155fa303d8e3f781bc63f4fb1eed95270768e41654c6fabd8fbe
+Nonce = 7822c35eabea5da463949a4b7bd61e33
+PersonalizationString = 
+EntropyInputReseed = 66ea25d238c685bb796e1aeb414162e168ad6feae1571cd6aef80c4fdba63ec8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 89a5d28d6002ca0040edadbf4cdcc5c29c7fac6be29e392c1deca578f87d4660d0438bf0bb4b7f8bee8cae8b2d1e0a4e94ed66d34aa1dd09a959196c7134ee6804645ffe6b07405dfba91a91d01855dd99c79f64a817f4e516c180e3c67982b7daba1e3b923d63e56bbf333dbdb593c808e5d039028e17bf90120460f29c219a
+
+COUNT = 7
+EntropyInput = b42f35fb21dbe8699fd509bcdce843d272330635543f46dc6876744c0876054e
+Nonce = d6a303f462e036e835594f68abd2bf1f
+PersonalizationString = 
+EntropyInputReseed = 778c67bee069d331784e05a122da94cc8d371a1504d49951c0f1febed8617129
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c2ab909f94743581b4b87dadc590fd755e1cd4dc7017996d2ddaaa5161f0e4a9d33582dd783953c0141f6c1538a18c1a7436461d8528c71f2edb90fce3cfb67abedcc15b38ec7998162852f1300d098cd99b097b022216d027c273bb23c0405a1f683563394af4304cb9d3b4be6b5091fcbdd99e0b0ace9ac32aa7e5be4f1cf9
+
+COUNT = 8
+EntropyInput = 5843ad1a6d301cc041048b326389669b1d2e208c6c5d119bdce5361ded3a31b2
+Nonce = 85d3094c3570ceeb5e341baff8f33e8e
+PersonalizationString = 
+EntropyInputReseed = a2bd04efa70681c17e8cf26ad6ac9af5eeb627d804b57d547ee2720df051d700
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 721c42ef800e80e148976677ad39c200b8f51e205b5bfaeb76f70b8f4c21463369366f0bc03df06ae256393fe14393266e86d4242ac27a93b4a805e300ca8c1d5f2735dab3529023d811ea4105dcaf6f4716e11e767ee20d536c462aba70e1045eff5089173e82cf9262110b371a378adc3d3cfe77b7ea4bc4683398a63ae91e
+
+COUNT = 9
+EntropyInput = 807e2df37d4dec6bd438bde7e8ab9f177cbbfbf952c8f2d13feb04503d6dfaee
+Nonce = fa04ad1c39aa647be41ed1782cb8bc9c
+PersonalizationString = 
+EntropyInputReseed = 21d8bc6b50d1f5a8ffd4aa65cf867a2c9e92d9e355793c606db74dd873203508
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc2af6fe5a4902e6e18f1ef16288e6f1c668a3a0e3d510d5bc99c2a3cb0571797401e8acdc8f55be4afe58cb1a99aba35ce43d02e3b2f2660cfbc0f67ff6d8dc44875aa8b3b24bec5e3cc547a2a0973cad338c9a8f5b443c6206fa34e098c9d8ba36a698ddc241e7e13b50bd38150ed23c6453ee713010bfe738d74e332cd847
+
+COUNT = 10
+EntropyInput = 94ca5a2acf0c9800e24a49c589b01a63a8f3041f781e4edd4169ca362fde314d
+Nonce = 40aca3c6311f756960944bc0aae76d0b
+PersonalizationString = 
+EntropyInputReseed = 6e395f3ff2aadff1befa28cf186c74493dc16af7c85e92add81868e10041a402
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c9d7168261e6559240a56f6bb693617cb65a28abf85056fc645b14cde35940f03c1ec34a73be6233a3502d44218fee228cb35044b7faad4ffde6e0ef5adcce8552345fc3a63a961c7d0cb95f384b015d5f33c8039a9780ef77a0cdfc2f4419a7fee7200299dab9e810f07433b1ae8942ae79c7d6d74353abf497e6d8806b3822
+
+COUNT = 11
+EntropyInput = ae1f463c7342a222d8805018ae790f42da9cda8550efcc8fa119733256224f10
+Nonce = a1cd25b51e21db40e38e0e34bd622c7c
+PersonalizationString = 
+EntropyInputReseed = 4da7a36c3184156a565fb5c150f9c5c4b376b57434f6a82f1ac6d0bf33d274d8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 458bd55d52eaa4152c777b7176f895945bcf209e39abd94c60e6b21a885a3b7cd342b3cbec8f29f2c3cc4dfca9312543514f9a59e989b6d64576900fda18c34a992e1ead7a4a96d3e4ac1c68cea73ec26a57a51bde8ae94ae864e7fcc988b6e93a583eb6b9a009b9e22615b370a71b159848865f52cf7336085e8e188e892e52
+
+COUNT = 12
+EntropyInput = 08209cb4b12d4f33580f0aa29059a25d39132b7447abd48447d3dd9171e57adc
+Nonce = 0989d2402e30e55e10bae1f69512628c
+PersonalizationString = 
+EntropyInputReseed = 59b66a1a21fbf1fd03474eda8d895f4bad0b233046147962d7728aaf18ac2094
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 518a62c194575d3adbd6d270ed00f153519ee0758f40be05234a9bbb077730b0e78ffe0fea7f913c039a81cf1a5f51c60d7f5c56de2dea0e125c733489638ea674bf72361fe416c15d0c7063919b6ff249c4c157fc9200260e52eda3be4c2c0936aa0bc503cbd0c3e56c1c09d72a4312485f3a9240032faca8bed734f493c7ba
+
+COUNT = 13
+EntropyInput = f959d95b43fb81c37f802e2084b03f2cad03f71fe8cadcb626d1130a7276c908
+Nonce = 38786171d85a7acd6bb79058614ead8b
+PersonalizationString = 
+EntropyInputReseed = 50b23baf30cd7d47ba0eb91a54ce31eb6325118c778e170de8e9a59062152793
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6116a4eda59acb603686df345c507b89f84c3dc2985af6d327540ecc72efca0a5e9caca2326479f5772893da404d48093ecd8d4971802547064d8a1e275a429581c8a40462da812880dd4d863fb90997f71389896fc8a820fa1f8ab835d7cbbc2b031c3ecd5e1094c741e4efc483d2fe88d8c729b79442a4d433ceeb1a146dab
+
+COUNT = 14
+EntropyInput = bc66b8d0e870ae156e030973772e021708a706124b16f391248c3c5d8da9e53a
+Nonce = 856483d8e33e8143f7458b43865e198d
+PersonalizationString = 
+EntropyInputReseed = 9a95de457d3d82467f9e67626142466a7e0d33255a9e50476bed14c86dae07a8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 63752b0404ebd38ff5a5614d51344761f2ea0db39207a75569567ff917ab4c867ee34d159561d19f381e4c77f9f762af5070daec03f5323ec3e990ef8b73ebbdfcc56f2f707ed28cbb2815241ed239e7a0d5b5418230c67d508f1e263b107505dc993d1c5e677729af8cd76458abcbb08c879b031e78ee84d31b7003ede43dcf
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = f6117655719a70ebb0b1092e98c989940f5e389572c280e84e490c9a6d3d3984
+Nonce = 12a88ad4b16bf73eb7f9d9adca57189c
+PersonalizationString = 
+EntropyInputReseed = 926da2d2742ab1c9cf186c21787692d9e5d2c4bb7e3f50d1be21aa22a734a3de
+AdditionalInputReseed = 26915f6326457449e29887bc470ecc1aa9508ad5a22844a87341f95f134f57a0
+AdditionalInput = ff5d99e551fab70f5c6bbcd58d9db8fadd59c1b0345add33baa00d9d0d021d36
+AdditionalInput = bc714e2bf27ced1af26189ac59dfbbe5daf58fb1c781aa0b07f657a90e05ae6d
+ReturnedBits = ea709bfde49bbb134a8304bf4b6e3e1a10b9b46fe505d7178a01d6126060ad986ce8fdf7648c04c875b6a355540724099b739c214214a4c43a775e733d22f4c63f9ec655ddaf36e40f639703bae853c2cc915701a75f8c75fbabed42c9dcdabb82f8f667a6ce77426bdd5eee1e82396fffe36676d69dba0f89181f5f3209aa38
+
+COUNT = 1
+EntropyInput = c5a9233b8da28592237ab6adde2118d00ccca9c2ebde8f8dd6c12c56cd6be1b6
+Nonce = c491aba35c9d32bba6d538e8bcb1e369
+PersonalizationString = 
+EntropyInputReseed = 6bdca2ebe7223766731295520cd3b0441f670f67dc85bf4ff0a5a56d320df754
+AdditionalInputReseed = 08aa6bca5922cce0440cd89e62fbb5c957e834e0fee6ddf0d72a61a28ae4faaf
+AdditionalInput = 5ca1dde786d671820561023be0cf133b6d00a3668b3120484a426151f2cd4530
+AdditionalInput = 328e7e4e8f504c5c5bccec752d5bc0c4ce6d8dc33c9f4e744135b24f4c466441
+ReturnedBits = 5cf6c36662dcdd73d9586d4b3ba68ff9f658863a46893a95d6ad40e0abec24c13787e29d44d5d435de282d73ee72ac84c435c72dcee59806d9bcc8e9aa2a0e5eb64817b5f4609e6656f24fef4001ddfcc5f606d68826b18dec016d1a066dfd6145e7ef509262be0a65c69a80a560c96bb96f8a21986d4f7abfe42c919c32484f
+
+COUNT = 2
+EntropyInput = aab072aaee6cace69ceb99c31a62fde67853370842c259fe37f0817cec80d4cc
+Nonce = a91d9e182cc6bc4921e04a13ec3e34fe
+PersonalizationString = 
+EntropyInputReseed = e15fc3713b65d1b2278dc5a503b52eb2547acb74121b11420b7ea0d81ea3170b
+AdditionalInputReseed = f58d367ca1fdde7b464989764d7e732ae254f278f97afccbfe7b47fb992ea4d5
+AdditionalInput = 77c0077e5f04fdddef62fac041fc4ad7985bbef77e4dfa1dd67a457a47116e87
+AdditionalInput = e4d8d195dc9bb97d6b7dfe0a14594b4be523fcc8d656aa22ac43814e740a61c0
+ReturnedBits = ba3cb66a66a59cc3b5ce4b43b540a7ead44436d5892031c77089f78f4d6ab6036becb4562554213fc44ed561b68e3f415060888b5a71e859d800a4d28c4823c4427b31571a1f5d77b151be9affd99f339cf34d71df9ab9b145cc608d7f7fa4168b12acd3d74dca5e114444f11a520ab4e459e4648a95df81f564f434fd86b023
+
+COUNT = 3
+EntropyInput = d493a0667d3d1d6f9e525549a1560d72c0351cf9922fcb5dd8c446da390db78f
+Nonce = 1fdaeb26267ea06cdd3d8e71ec7c266d
+PersonalizationString = 
+EntropyInputReseed = 2af64031d8f4b9c1eeb14b81fb96e2693d3add8a3b72e0b14346cfd0ea04a450
+AdditionalInputReseed = aad066fa0eacc29fa14555d5ab79ffad77f20ab9ba3d114219078d99541125da
+AdditionalInput = fbee74d82db11c01417a22b72fca08d83edcf4c10ed9748853d0ba33e0339417
+AdditionalInput = bc10bd7ca7ff5c0d6a011e50b03381c878b040c3f57de42ab57e7e24f956babf
+ReturnedBits = 4d1b41ed84b19634582c8c0cc744b43c4a9add9892b626687ce9d03b074c599aa6fa58e765d4d68b0cf8b8be50dd346b05cc9c588c8004cbf45a84819d16930134a9eeba74ce8e4133bae0e8fea0839748e6ab03b4831eb8197d88da7801231b71bfc258bb3831494953eaafbe5df638ff66156fbff02040c0cd0407b5a4447a
+
+COUNT = 4
+EntropyInput = ff88640139f9eeeececf938c6b39d81cd46e1c35d14d60c224cfe2ffe623db0a
+Nonce = a343cf91a4d21d83f8466c4a91286f76
+PersonalizationString = 
+EntropyInputReseed = d7fabca339e32033b3588b0e4069557564d81aae4922dd2dd370ffc9da430f28
+AdditionalInputReseed = af6e2b4867e24d0a46ff013deca274252620d5bf8c9743d73894e9b0d81e6912
+AdditionalInput = 55a4694e4b3a1fe22ef8390fc5cabb3a787e2f76bfa47c302229cd14ecd187c0
+AdditionalInput = 685f6de2e4cd3351c266d5c721367875a955ad4f898b08f022b635d240d59d79
+ReturnedBits = fd55f15d8eafdef6f9eb31299a2feb2aeeac2f4e5e8278052c438f86e8c4ca85cf0952f87486f967e65c4c17886540efd837ee89ab1c4eda9cdcbb5b61e331a9933593e8f8d31a90e7579fd446ddd1412cbdb15f813f4b95a7a33b937c0091ab4aed275e8a4bcc16d7266abf9330f5fcc3434f0b496fda2d6e9e9ed1c84365c8
+
+COUNT = 5
+EntropyInput = c2fbc8f508c672b679a5b5abfe639064672bcc2392bb7220e076f1cee032fa5d
+Nonce = 8166224e53856be7ec8b76675115892b
+PersonalizationString = 
+EntropyInputReseed = 46b95fc97ba24996a020be9a109967551401f315de3813598e89dd50c2fab6bd
+AdditionalInputReseed = b6132031568e9966b1312d4c3f2f0bb2372be025fb1fb173fe6c60d87342f84e
+AdditionalInput = 7139de54e0796be4fbe6999d7bdaca7af6760061a7b71823dd2ae6074468064b
+AdditionalInput = b5e0761ebef794f79fcaadf0bd6ef06c947c7196afa5d7f4a252c229d304f6a9
+ReturnedBits = 50cf7a63c6f4cf48b0ef0ee3723d9641527a9d3bd89b8c705a08063404530aa2824342552f86257b19e32d8c9db621443f349496465f11460508cd72ed9a1807a4753f05fac4e57b9a3d78132539d432c7ee26c4d3e54ad82a3499179772b92f30f121820f18a47c52a2546e930c7a3d061755b57c1b828550de3f3206b23743
+
+COUNT = 6
+EntropyInput = 917813b04829b1107846e393b11bad96636a4ef9b486ab672ff493a9af85f36f
+Nonce = c6437422bebffa22b59e652d30c75f40
+PersonalizationString = 
+EntropyInputReseed = 28d38078f7c45140a18cb7368f760d15dab36d59bb5f016618116b551e77e21e
+AdditionalInputReseed = ab973ec337fab78b29afea6428d7f1ce78946505f187afc5b1f228bbbabeaddc
+AdditionalInput = 2c3396078a2286248b29f352961584ce6dde177ece2497aaa9ad977f24601746
+AdditionalInput = 0241acedaf0bb42792d47fd62fb0ac67eb14d4d95a91702fe451854d83941654
+ReturnedBits = 1948c39523438cc19076c41c419c37035b5f241fcc7ced61274f042dd9d339c9275882e084d107d4b3168a084bc4fe3212e4c878004e34ffac64e84e872db27a838c4183f50c9a4d5a3d54fb81c788511e1de9177034b499c5125e676d072f4de285ed1e3c42add4b4d4574724212ed1f2ebe382bdb4e134c167e7248fd9a078
+
+COUNT = 7
+EntropyInput = 48532f6b35fd7599b1696059f806f0bfbc77c2b475a16af917eb9bbf611998e1
+Nonce = 5492f42699e6ef1b597d26b713bd0969
+PersonalizationString = 
+EntropyInputReseed = 884601693cf65509d8a753dc766f84a5fa19ed94db6ca30b29a196bc85d96665
+AdditionalInputReseed = c8094f9012b23be76619cf53e69c06b3fb653c400ff85246e70f8e3676048fb5
+AdditionalInput = ad42e11be73e2b70c7e01807bb6d537d4fbf400d559d3afb1e664c8c7fae8840
+AdditionalInput = 4bce650b78e5cd8bc0c730a35522879851fd9ef4db7a3cc0e630d81955b4d8d8
+ReturnedBits = adf03da03e3d7045f7c7c371cfed6de783c0644a9c2a9e744bcc629ee5e5a4f2dc171ade98b30308a5ca8693c62dca292e25bb699427680aec6aad8b07c635ed0e4381232cf48fffe2df55cfbcbccb8c4fd93e21cefbb79d532bea27725cfa5119ae34970d16fc0e7f6804d4940d3b4aa0aff09b205550ed2d7788ebabe6066c
+
+COUNT = 8
+EntropyInput = e63c3a992d0109b711b5145b165cc3f6d534bc12fc8f93badf16e35eed832153
+Nonce = cc830654285b47fd1071f880c1b8c4c2
+PersonalizationString = 
+EntropyInputReseed = 400936e777a9a763ea04d95bc12bafc05ca0236b43beecb3df3d6f29dcbdcecf
+AdditionalInputReseed = 9b6ee86bb013cdab92f532f0d140c66a6beef13e9fdb377fb0a1c991e1954eb2
+AdditionalInput = 4251a7199de88d13c84eb61f4d7dffcd7e69ca6c6ce7cadad24f5ba23552938d
+AdditionalInput = 8f93301cfb47a030fb2bb45953bfb82c970f929ed3f06566492b588503e20630
+ReturnedBits = 1a5fa69b24ccc564b1f5db84a832c429144a9d86e44010d24e58d2ee5bae1b06ee87d766782de53e8f6cac88a714c6b36b1dbe4f76f0b4086d5fb0bb9afbecca21d6c6c01804074fe104be0cdcafe9dafb250047d28ac71d9947596ce9bbf911060d05c73c3968b4ab05908a3a18029ce062ee4e46036e74d1759ce6b8dc2e95
+
+COUNT = 9
+EntropyInput = f39f470f2ad8a377038f1fe3be35e224b347fae9a86298a9193e7b1599c361c5
+Nonce = 7ca134873a40e2409c6561398432c684
+PersonalizationString = 
+EntropyInputReseed = 1401ea41fdef051cb583c011afed8d607636088abce0e80869b94b4a9a7b7b7e
+AdditionalInputReseed = 321b9d2e92e0c8c4e20abee42901b6ff5f29c819b2fb2730bfbead0037ac8cba
+AdditionalInput = cab2f8102d96bef444cd4846372d26b7d1f65574ce235e9d4f08501a36fc929c
+AdditionalInput = c2992b05ab4e51847fa8d7537120ea77447c0fde5335b80fe00f660e50327e8b
+ReturnedBits = f2371b23bf165844c77f5c44d4b96449c8e994f62ab6828dfeee337dff5261a45f7184743deac217322880b9dc402ece17d875e3fe1c2e90dffe076a5ca9352798370ee9b2b717793b73313f1272b3b82a4975519636cba2600df36225ea82bdca15f8dea589e95ec81b850a3c70d7e6720df1aaefbd2cd9df16419cf74350a6
+
+COUNT = 10
+EntropyInput = d5d7f5e305cb25c55530694e8fd393159a1bd586e7f2f05e9c24e1be8d944c61
+Nonce = a05743dff2b6b06a4433ed8f514a8245
+PersonalizationString = 
+EntropyInputReseed = 44dd0a3ff0d4eff18058ea7f4bf0d7a1907601e2b00b8402d8987517c54f5e67
+AdditionalInputReseed = cea2e5c75c58322eab0a07854b6c915fa853c690082a1377fe3d91108ec9623c
+AdditionalInput = 84c8dc9fcddb61be84e26637784d8238f5ded6d3318ab3160dc0129a251232c1
+AdditionalInput = d7d7fe696844151a104f98841728bc6f7e167242242d8aed70c55c96f2d59c78
+ReturnedBits = fc252328547c457ca03e2c1b72de3f5af2b874cb60ece7c349ef07f41ffd8748e2590da44fb458a90693b28aef29377f53947d9309f2c882ba1cc036e87bdf35bb61cca7374ecf4826f32fb71d3dc968822b3f8aba0c904d87ea6689bab1782d1b51af666a5e918cd4859a3f9a9ef29adc03db21ec02abbf6ae2e45b6e200c41
+
+COUNT = 11
+EntropyInput = 386479990cfb1fb640f569c224a00fba156c1b8a7c83880f2bfab5bf32d5e122
+Nonce = 30503518ab22ee9a30e0fcf444ef8189
+PersonalizationString = 
+EntropyInputReseed = 256442c47aa458eb586bf4b3c866389eb591612b15a926ed9b2493f2e65a4d55
+AdditionalInputReseed = 914758ccc203737e2ad07dd989b24a60add6b4d3b4f3968c69b0a1f3dc1108ea
+AdditionalInput = d7e5221550d450f9c2543b3a022b576f56f311c54c13cc19b95f7f27d911f04e
+AdditionalInput = 9c9cfaecfed9ef3e73c73d853f6df215de91e979a1d77650be304d1b75e099dd
+ReturnedBits = 7dedb5fec4fa835d59b63bde237f5a2011c3ea142f8d9bd0121fae176e0afad481d9abb194ebd6378bbd28f3d1de29dec4f59ac22dc152ed04c6d4ee64f65cc91765dfd9ba45b7207d080c23ad7bbaad41dfdac6170222196564bf399c2774d37a333686f7f16d144104522f75048430f7ac49d63f65442997eee8ba0d70bb2e
+
+COUNT = 12
+EntropyInput = 1431c496ac7a9bceacba9c7b4255a70e10fe49223d6496176f0f343f35ae75e1
+Nonce = 68d302f51fdcca107c2c0986fda88a1c
+PersonalizationString = 
+EntropyInputReseed = f2edcda32223c8079a936297a902a6b44aed7098983e7826091e99d7ba069f0b
+AdditionalInputReseed = e1878b5ce7f14fda147bbdac11109ad541ab96537791a9b924c0838af752863e
+AdditionalInput = bece2a7046131d6b8311d12e03853a96d5f3d46ecaf06424335f131968ca7415
+AdditionalInput = 6045a8e8ee3b2dca319cded3ab58bc63bcf5b9ca42413113c395a3216bb483e2
+ReturnedBits = 2ffdb106088615ae0eb1a88b191e031da145238600d591964fe2fd73fbabdabe097102ee8aa0c45c3407203c79c56e21193a3932ccf6a4fba9fc69869e5f4f52fe73b8c530ab9ff568f994538f3e5ed440558d960312f91b3914b326b1c1f1c5818b785c34932d361f17f423475acc7e2760aacb0c0c517b090a751ec50420b7
+
+COUNT = 13
+EntropyInput = 5f794e6a03946121688854b6b5397a1b89e758ef8abf0f814a3ccc84bbc8cf67
+Nonce = 7b88dcc3dbd0f1f87ff2c00f17845fba
+PersonalizationString = 
+EntropyInputReseed = dee413cb76b53c90a3bec893c7b5f53c706086a9d0e10a2559f90408fc6ede2a
+AdditionalInputReseed = 6a9afc80763990828d3153271e76981dd6c16ba808c80c34a6f9afcf19cb6174
+AdditionalInput = 21a8897df9670fc7f2d90b0f9ef063a1b832d5c83b91769ba10c65955b90f4bb
+AdditionalInput = 44d1c3b4ba4d56d391fefc01ddb3568ad204959867ea88002f34d701f68c7ee8
+ReturnedBits = 5afc0393c62b236d7d084ba970a4f57eeafcdaaff49e565c441cf74a7afd0cc6d9ce498db1771539493911cb770d4151f67acb4ba2f5e047ffb7cdd6ec9b24404e8bb5ac9a1a42be323b9f625847f07ea0dfcda2c2535d00665ca93527db9f6d9fd91e516fe0276fb399b3ed05fb657992843fdab5339d49aa5e71cb2a649f2a
+
+COUNT = 14
+EntropyInput = 2a5644232a2771fecff696f5b6e0294e9c4ddbc86978c10a6b821bed8201b6f6
+Nonce = bcf79360f2e91e5e47c618368a54a73f
+PersonalizationString = 
+EntropyInputReseed = 5ba9413341665e3678d5d9113dbe4291d260edf3b566a1ba8d20d8f84d978786
+AdditionalInputReseed = 736e65f392904c0b8b1ecae78421d9dc68fec9715cf9e055c761e962f097b8b4
+AdditionalInput = 502a0b889ab2773207b50420e7c55566affed70d0eb1b03419c1e94b078c97e9
+AdditionalInput = 45c1dbebd32bbf5e2196a61ad75986b29395b9fb6729a697afc776cda4b3ef2e
+ReturnedBits = 9553738e3c63026e78ea7dafeca517389e292f949877d630029e3f0a2d805d5027e178c10b36e54c5b462207531fda07850db6512ccea3530162555e805f6675528a2c677e237842e2edbdc1176f66cb11c3ce49618c98c7ccb77ef5d3cd433c52608de9f1218d0f92665d22f01c54c2dbe1a9d6c15cabdbaf253fe23b7203e3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = b5fec6483d7cdc74c6c9c279e79311fca9f323d931db499794ce09004e1228f3
+Nonce = 837e5e3d05643f6bde744721692054a7
+PersonalizationString = 6861cb769312bcd7037a3de8994188db143e290d9c00c2ac8a7f09af3fcbe66a
+EntropyInputReseed = b734ab49d73d7b2ef08490d82a1d1189fc8dc1c5f115e173906357e91a8c4a8d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 879bdbadbed240a1ce2e39de864bb480c97cfe281020126874f9394a985e0e019e723f680d764cb35ba32355ed666206c181df80ce6f79be3345e7f2f544017ad1c6297ab7ad7cb62548216ea846f0cb73d7a21de4a12b18224679143f99b7afba2f9280e4c3e0dc70d00ee00cfe24033d9cd2917a9517065fbb8d5ad6395b75
+
+COUNT = 1
+EntropyInput = cce1b49b5751310cb61cf4ea9a0b1350185b82678c23288c67ca624697dfadee
+Nonce = 7744f6276622810d3fd69ab68dc18733
+PersonalizationString = ae75fb4d85c65e22b2a7ac5c1c2628c593ec612e541da9d5a5e1efcdb8a1fdf0
+EntropyInputReseed = d8f8e0f0b61c8570c3dcfafad65c046f8efa569bff9a62807a004b69cf9b7053
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 278234906ffbcbdf5ee18e4e65a7718a57e34661628a25aba05c4db98a277e3cd833f4a5ea556af01af9b6db30da671ca1d929da1781168da45ef97d6b118b1c251c164b03f2607bc50ae05fc2fe091362e09cf6401b374bbd92345d0e7df098e66099fe1009d263f0eab6226e71b110cff8a7d26c2d64cddac1e2d6c0ee41fd
+
+COUNT = 2
+EntropyInput = 67e238bea9338e6c0592fde45165ce9c865a294ab178db7216a4e4d61cbf9a52
+Nonce = 140863215ed4c6d03d11adde69bc210a
+PersonalizationString = c0fb641ba485266eb1540bf6b15a2a688e278d95b4e3185e778109c4a9dc49a9
+EntropyInputReseed = a9a53df4b264b8cdc885bc21761e504182376ab10091a8b57aa79fa2f95b3545
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1827045282e9c4b40faedcdafcb6d5369fc4a45937e41b107b834f8d9357cc2581dd408d137c481450831baf6a11a142f20dec4a0955df46446ccd2357ff99eadc31d58c8c0da30df46d5bb3038e1b1278ad208a44739e11603b91e99898e36318d3befc80c025b393993f8c65236eb2d8d60f44042fd9b577be4c897c82268a
+
+COUNT = 3
+EntropyInput = 833d1bda2935c2df1b607d734f27cc0591cc556a86524567b62ac3fc0d66116e
+Nonce = 5a327aad1d36310a46728a5b4382a793
+PersonalizationString = 1edd70dc421b9a987a59139d348c76252687e5d52f0296d968e258afacbe40a2
+EntropyInputReseed = 32827d4d8563ed5eb39e2f59bdabf6020ff0cb62641c6c17a4b8892d325ab9ef
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 31c76b02ad2e6fc491003b0994160bc530a1ce6a83734da6a2048b7cb6d9b7d8014b270a3bede00f5b2fdcb4e9edd83dffaa3f00cc7d41388aa92f7ba41d8e6cfc642046c0614cf7bf47a079f1ddf8cff8b61e41dafc9f4e4a2757127716605e86f90db27afd18ca5d363bf21f452d6e1025f30c5dfb2e3e212d1eb73c114509
+
+COUNT = 4
+EntropyInput = b2a5db3faba61b70c81bf51b7a3b234b13c658e36c143d60111cce8f2eac93e7
+Nonce = 3dabc2621c33b5a3ced398db211b794d
+PersonalizationString = 58f9b8af5cc93bd6917866d4e26542533436d4375fce9f04bdadb68ad4c5aaa2
+EntropyInputReseed = 965663652bcebf8921e028179120cb743028b4d8896fb8f462178e722e2c6536
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 58a032665be7a5d821b4497740950f9b205d85d2bac6c7ff4f803b9a7276cc774e011215780a902b3bffedfce5b28a6034aa22aa179d2d43c2b429b0430b8100756d989e81daedc6feb60e70532759c37fba6150ecb17baea1d9995ca00f3a80f02d69e437d7eddc186d3f0ac12c0879be7554e443aff9826f3c71bb6fcd891e
+
+COUNT = 5
+EntropyInput = 29efd76e53d8cb29df9833a518de05883821b15c812f8bca92d0c7000be84c0d
+Nonce = 23746fde8a04e09f03c1d6156aba9e02
+PersonalizationString = e0951ec005d3a5c44ca917d68cfec5c0a62df7ab417fa9ae991a90c3aa569c39
+EntropyInputReseed = 18e6af8b393bcc93ce3c5f332d860eb36d5747953c4caa5e4586217fb4147388
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fed892d28ab0b913f6f4153778f4680eaf8be22878ff179940c0aa6f58398802d466cee50d20c04574d0e75dbad0aa00c7f1e3a68ce310de09fbb52b69193fa0b23b0c84a82bebcac8be15a537b6dee0cc23980146a488dfb98ac1a2f3c9c9a3b8eb8b8cb58576e09e60bb944d4378409d53e12ebb99dea0d22af3aaba1df4a5
+
+COUNT = 6
+EntropyInput = 0b4b427b783400a48ec96dc90dccb8938179370077ac87ab9a28a289ff958c18
+Nonce = afd6330426cf1ad39aec47cb3f19c2b9
+PersonalizationString = fd08793af6baaf785f921702e1793400885aeab972819454ba77b29864a376d6
+EntropyInputReseed = 40826e4edc2e46c8f30a1a4af0dc10d86fae425f9df3ac375672bb2a440f1120
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1b505c60af3480cf66b1fedab69a7eb382f376a0fd0cd6fe7a448d961de68ba90b0311534823208243d45e42781324d43ee630abccb1dec543cc76316b91123822f3c7f488947727fa5698b3d1769264e332d87540ee088d92dd13e7a7b09dc4c1497bc31b3d46ae824bc510ca53d66cb2dcf5d9175e5fd02eb53d6031f8056d
+
+COUNT = 7
+EntropyInput = 4211f6cf6db9b318c11fa4a248168f73109bbf2dbb014f604483e36ded455536
+Nonce = 0ac0215e549d9795a7311ed2ebf745e9
+PersonalizationString = f47541b6043a733499ac1a3999a0027d66337112c7423b2a28109770afe00047
+EntropyInputReseed = e8acd28b61f7590dfeb304212dbd3fabd25b18386b546a83e7973b6dd247147b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 54debb2eaaab220df613861b72f610c4872bef53c36a8fadd127946d97697bc7360e30417935449da60869185fb0722842f30a5f2cfaf873cb9c096e9b6eb92e0bc86d1fa0dc68881439e61f028923a341cca7a9625d00573ebfc1c9f30325f8a2b27da313fb9ab60df83271768c7ad35bd431e93c3f2f4cc7670b092927b634
+
+COUNT = 8
+EntropyInput = eaab5b65f8b0f600789161ae43824c6f7620c16aec127d891cbc1803d0088548
+Nonce = 63a83f7458a3c8607f53bfc2a1a4636e
+PersonalizationString = 3756d7ba592982881f2db5ae576e4087a3dad8176d4be47759cedd660c21ecf5
+EntropyInputReseed = 66bdcc6d2730063216210b3c5d506f119e49464db599f40349420263298c168a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 81a2f068fd26c0dea5fd798b053d1cd248d2a449b2bab88310b98884483bcdfcfa020f35b12ee3ff24b5009aeade3342bbaf9ec3b77285f88bcdbd4b6f3a343e4fd6c5538c11d3668a15248be77bc7d8f4e26ae2231116fb702f21f5a8ec92c2d21e7a45bf4efb7f1a9652b4876980240da9afad7c236849979855f8045666a2
+
+COUNT = 9
+EntropyInput = 507411227df274a32d4f4a42fc8058dbf659b6a29958f8881c51297f0e8d2672
+Nonce = 74c497a191be48687d3a0f882516cfc2
+PersonalizationString = f15fa96ec490036e82c5bc45884fb7f85e3134461f66f62274e65b93ba2cc1b1
+EntropyInputReseed = ff3b83df614a9db66858e2aee24eab8169622264397b02f845c6bb6b5aa96730
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f689d8d5dad219816f4416759bff5b48b36e54f1dba06f3ab3f8e109c4faad1164e71527985d08c9593185b45840ef5ba5be83e35551b0c4c7bb0e62663a0798eaa301d51a774bc61239936bbf4f1cbc5f2f4bcda0e9d26b872efddf23839c89965f00d2ccfb1b2bfcd66aa471dd05ba923faf2093c59ecf9150d8bae55e3e44
+
+COUNT = 10
+EntropyInput = deae4cc504cb7ebf4016005740b0e1a6cd2ae53d86250878bd7c9ac544b9a60e
+Nonce = db4108249d2394917e5e16f9cb3901ba
+PersonalizationString = 5f225b83420d09eefe6d5d64bb4d2c2477b1466b88979b5173a3e151a21d3d28
+EntropyInputReseed = a0bb590605464e4b2c44dfc05b55ec575fc1002980a502a9fffbd503a15aa024
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1a9e45c61406ecc73d48e80303125c16c3b2c383c3ed919664e5354b16a750a029e259be7956d98bef9fc9ed968df8e9e6e89b973bbbeca6bb29b9d66298e10421bdf05bcd52f8118baea407c739011b4f5e9b10eef06745cd27f780723770f4b7271927b52b786cabdfc6baa7568f3109e750cbcd1b483c8b2d547166c8f322
+
+COUNT = 11
+EntropyInput = d7d42b877f8218852ee0c0337dd9c3a1c927cb0ee419bf036fdb86be0672be4d
+Nonce = 884bb0124d8b295bcd50b352da505a50
+PersonalizationString = 7da1995b6b54e9a35a38eaf17a6619c678c38435e99770673f4b22b17654e429
+EntropyInputReseed = b1195320b169f8a726faba9f27666547a9a613098e54e37dc6d6dfcadf42da21
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0583189e41455fe4dc47aebd4e40efd78d97540ec1c149e23bc963a491683b304162f67410fbbb3d051290b9cde09e0ad923f150becb35425a807bcf017c6f00354f8560c2d1a8dfbe99a618040eb122e03296da22f63f4f152faf7c013920e9dbe6c412e436ea41832ab2de227fbcfb6629eefebbb40258df06fc7080b6aeaf
+
+COUNT = 12
+EntropyInput = 123f98d097955df998b23880a7a58b1e2495e20ede4018b12019e32731c0676d
+Nonce = 6512a88d5cdde4044f31a889999ac844
+PersonalizationString = 78e33620337cc95cd69e7c0678d87cfb680f28e5ed6e2c71043e0c96a6e5361e
+EntropyInputReseed = e329d04388924f30cdef6a3d311e9446c94ea5f98056d11cf15aaee73159d2c9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 43c80451d74a51f9c337059d79922016483885adf9acc5e6635a778bd4659c6886577c4a366a8a1e7b5ea8428aa47d53d83d5580ef4698793f7da8f057db6796283b0538e8baddac803a2d3332cb9b2066af55a4d7c508add2874e9b7a0b67bbeb1ad516257f83bdaf2a99fa58bf18b971072608162fa234b97226442fb17051
+
+COUNT = 13
+EntropyInput = 6652d6d1fd863f87695f535508e5993cbd66f54e60ec68b1471dd35e327a1158
+Nonce = b299e639776275f40143345eb76196e0
+PersonalizationString = cf4c67760a55f8392665044a394d9afae057dcbc80b7b3b1ffd7e0e162cceef0
+EntropyInputReseed = f1b8b2b0f53c8f27f6389c297a6a2f6ff7252c4f822619904d044937ba6eff4c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e0eff94958c69a6117563515a0353c8705ed946f716d874ac7cf5ab67bfaa6a1395dc4722c33437f25e3e6c14afe229d4f2fd2729dbe59384d398a06a7bbdb275cb44257d568599f1f2ae87716697ac5b003dd2aab0796bad51058abe6ef22ae5fc48e90369d3ee13f2aab38f3e87340f1ad2c10f0470afbb7507c7327c92a02
+
+COUNT = 14
+EntropyInput = 6f37b18d542ae6e132e54449a3eeef7de3339112d1f9d99eab9fac824f3fedf6
+Nonce = 646fb89a9e57fd890ded39a5c134f918
+PersonalizationString = 056008bfc336170281063a4d14b3aa899ebc57540f2dcc6a06aca05bc66a8dcd
+EntropyInputReseed = 4dd1c625bf842ba6af3b57994094d749b6902ef5d09f1a1bc36b6cffe89e715b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3c7fd08f8d25c4719fd08945593f28229a6ac54030c78e67af0350d59782781a1154bc0d8322323a0023d8164eed3e2c60954df4d0cb8eac74c1b26963dd83bceff5dc2f125a0321e48c60a677673f28dae144438230fe2cb8929c43ec79baeaf5c01e22d6d199312815bb6cb5e39663c9240b202a7ef6b2ff06a32aa78a7bb7
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = f05bab56c7ac6eeb31a0cf8a8a062a49179acf3c5b204d60dd7a3eb78f5d8e3b
+Nonce = a14508534168b688f05f1e419c88cc30
+PersonalizationString = a03472f40459e287eacb2132c0b654027da3e66925b4212554c448188c0e8601
+EntropyInputReseed = 72d402a2597b98a3b8f50b716c63c6dba73a07e65489063f02c532f5dac4d418
+AdditionalInputReseed = b30d28afa4116bbc136e6509b582a693bc91714046aa3c66b677b3eff9adfd49
+AdditionalInput = 77fd1d68d6a4ddd5f327252d3f6bdfee8c35ced383beafc93277eff21b6ff41b
+AdditionalInput = 59a01ff86a58721e85d2f83f7399f1964e27f87fcd1bf5c1ebf337109b13bd24
+ReturnedBits = ff2796385c32bf843dfabbf03e705a39cba34cf14faec30563df5addbd2d3583f57e05f940305618f200881403c2d9813639e66755dcfc4e88ea71ddb2252e09914940ebe23d6344a0f4db5ee839e670ec47243fa0fcf51361ce5398aabfb4191bfed500e1033a7654ffd724705e8cb2417d920a2f4f27b845137ffb8790a949
+
+COUNT = 1
+EntropyInput = fe615079f1ad2a71ea7f0f5a1434eec84635544a956a4fbd64ffbaf61d346183
+Nonce = 9da78756b74917024cd20065119be87e
+PersonalizationString = 775dbf32f35cf351f4b81cd3fa7f650bcf3188a125570cddacaafea17b3b29bc
+EntropyInputReseed = 18897bd83eff38abb56e82a81b8c5e593c3d85622ae288e5b2c6c5d2ad7dc945
+AdditionalInputReseed = ef96c79cb1731d82850a6bca9b5c3439bad34e4d826f359f615cf6f2a33e9105
+AdditionalInput = af25c46e21fcc3af1fbbf876b457ab1a940a85164781a4abdac8abcad084daae
+AdditionalInput = 595b4494388636ff8e451a0c42c8cc2106383ac5a63096b91481b3a12bc8cdf6
+ReturnedBits = 8b1c9c76c49b3baefd6eeb6cffa3a1033a8caf09febd4400fc0fd3a8269cee01ace3730ebeda9ac623446da1569429ec4bcd01843225ef00910bccf3063b80f546acd2ed5f702b562f210ae9808738adb02aeb27f2d9202a660ef5c9204ab43cced62497dbb1ed94126a2f03984ad4d172f37a66747e2a5bdeef43bcb98c4901
+
+COUNT = 2
+EntropyInput = 957fd40750d39492110474b85e7c45754e0159107d059fe4d750adde714274af
+Nonce = 1ad8bb3d3d234f8a2699f48033099b2a
+PersonalizationString = 463d3e2c20c7467e258e1f7b4d6a7e60a24b82e017c2831f78ed7747ae82d81a
+EntropyInputReseed = 45a5c5729ef7c7f0a67cfa13be5ee7f0d71359148f22edf8d4c2ce61e4b64105
+AdditionalInputReseed = b6dda7dd4a69eaccad4a680d07c654e95dfb75f0021f23bc5ca874469dbc8d43
+AdditionalInput = 7cd687f16faf3420b1ac23189abcc427a6b5a88e6362b2652f129ff044a58ea4
+AdditionalInput = 93965881baf2f1bba36795510b958e732df850acff6e06316d4a99a824a97876
+ReturnedBits = 234b423fe363a3c8948f7458e934e2b93fce8b7d06c54b03f745c57cffa146fecfae3f63b78524b2972c709b0b32b2a08894ff8fc85090255e9ecd8d5e95d41ac8387a87a37205c7d87899ad27d5e8839619221089bf2e568d39c3f0785ca35085ff5a8c60bb9251160b3b93e63c4ebccd68f8f3f7e46bc24df0da0c5734cd11
+
+COUNT = 3
+EntropyInput = 892f5a7bea64ad281c13f1857e161d943424ac17fd6df2ba91c3b8b94ec02131
+Nonce = 9b62974e4e4c98c385784c1da434a3bb
+PersonalizationString = 73a70e8bbd75a0e8420f3906499afcf3acb819f1bcd4a1cd5e471454ee8318a1
+EntropyInputReseed = 731f91c2a131c41ff8934d04afc36a007a20e51fe67c937516c8be17d789e75f
+AdditionalInputReseed = 42c1ab5d3bf7d420e4ce50bb39b05bdaa68412cfd82d587c9212cfeca8c8c30d
+AdditionalInput = 21e368ca81d8ccef39c3ec6c7673cbd49b268409737006b15aebb2722895a7ec
+AdditionalInput = ca3e010675d4afb364b849f5790a11686247c82d8e296c0aaa4eaeb1d974e1b0
+ReturnedBits = 372c0d2e9921fa01ecb562ab333c4208153fdd77998124206bf1511a7012e1380f77b867a1e1d7577c506018b5d66f272a11b5989aaba41f7c37c101479812f7021c9a505dc605105b0974cd7b63aaa68df3469e92cbd2498bab4b7248d4b8de9ddbae04281bedb7ff497f607f3e51a909b3b8545ff25e80941d6341c4395bd8
+
+COUNT = 4
+EntropyInput = 4dc6e0da3df923c2ea7d300331263c4c2b40d53271adffb92c932ecd9b288a8b
+Nonce = 25302496a882f86a71059b0bfbd734dc
+PersonalizationString = c6c23211e4f7931bdd4b4f7784061b2ef45aba5a64082d7fdaf16759a4807c48
+EntropyInputReseed = 7a93d5cdbb90473b2d85aeac20eeb69b45424a062e754a8da188c684630bb88d
+AdditionalInputReseed = 8c7908579ee0287c2c9ac5d7208a6ada29159d99500895edd3e247c8998ec4d8
+AdditionalInput = 47087523854ad0fdca89f03b5010ca67473d084fe8bef8b5cb10369d145023e3
+AdditionalInput = 8eedaf754b8a602c54a3e4c515577fdc47608067bf706b3b7a65623671d572a5
+ReturnedBits = 613a60f8238a94f10bace7987549aab1d51724810776075b673c722f1f7245b0e4da8ffa50517d9414eef4c348e16178395c02411649fdb58fb34cbc7f3951f765dac11b075350910887d0442270502dd0f897b77591d7631cde0a811f9e092bdb865a9d0bdcfa4274bdd46dcc72435ec09122d5bd239378eef62a25dd6c6fe8
+
+COUNT = 5
+EntropyInput = 1b8d0847ba8c8cce02f5e814f1804c6695870f4c0419da093b89c6ea42222c4f
+Nonce = 5d484ee22d42e9f2cff8239496ace215
+PersonalizationString = 84f81d778cd78bcd0a374a469e509741efef46687bcebee91af0de3644f331a1
+EntropyInputReseed = 1fcb8e105b07e7e696913926c16c9cf07c5e8826a28bd04e6ee2c2f09f8dadb9
+AdditionalInputReseed = 353dcfbf12d31fa6f114b647b4e51ad3039dfea2f1d73ad22a789ddf7a72c9fd
+AdditionalInput = 131617b1e13791a5b60e9ca1b154bd8886d723b3483694b2674dce7c5922b17c
+AdditionalInput = b69141394aa8028602b5a7557e20332f8414a66bcf58b8b4b6711e738bf3d19f
+ReturnedBits = 89fd76da2ef7b56eb38db1dca7be2cf6733feebd369ca408f57a9bec9ebe80563e500b632eb1557f73187b91fb0ba6241a4c9082ba6250d522d5d371be8443b702c4a34d2ef6b66baad58d6263f5c757d6bb3cd1f43950e449995e6cb49e8bbb9ccd03524974dcdae6124d82efbc24f37aaa2da268d8090de2473477f024df7d
+
+COUNT = 6
+EntropyInput = 4b23e0eb578133c5b5836a56c76a42c1357ffef9450a0583a454af438b0b940e
+Nonce = b6d7f93484f117db7579a2e74e71171b
+PersonalizationString = bea62f2a8a54c779bff84db9f6ec55f80bbf89ec828da3abf5ff26b395bb6743
+EntropyInputReseed = b4af981013bae510405bd64f757f22341a5a975c48a37f6ea8d078e32b218340
+AdditionalInputReseed = d69b16804225b774fe10452b402f434aaa15ae485ae5e075485d9bd9ec13969e
+AdditionalInput = 876cb7db89ff1d5feef2be4fd401f225c7de2118115c350207925b4693425193
+AdditionalInput = 1747c2bdb753d0faf42ba2ccd1ce1b0eff7da6829ec4e565c539d53ced8ec691
+ReturnedBits = 2407dccca3f341cfcad0b96dfb97e6729188d40990ba5d094854ff7214d188b9d976dace2cfa03501fe62349a672f9337737c53289ade7f36d707e65c90b38ce208dbd1ecb98403eaabe33f2aeac89ca546d18eb61ebec87c38ef2b8e9dc13d73bebb9c225af9937eb54a040f64f12103a22083947d1afe32c6fd20bf43f7ab9
+
+COUNT = 7
+EntropyInput = d09a8aef727fdec717e70abd84760dd92ed731a06ca75d63abac931b63151a6c
+Nonce = 115cf13876702f8976bf3ead8af03268
+PersonalizationString = b34e70c924048c83dd2036f450b142a4c742263831450c382d570d948f986e22
+EntropyInputReseed = 384d2d85299849ed931081d32a70645bcca18f8b106f6c6826087ad28b71ed5b
+AdditionalInputReseed = 56bf7b29af32090235eaec45f590b4036c44ca7069cd15fef4995a29acba67d7
+AdditionalInput = 49f82c6495d2f5f42a26b994412e54631db2585ca5d04fbb87b78c1b60b9757d
+AdditionalInput = ec5b44cf0204f4682334aac8b0dc24fe66b7bec222afb4b7e0a5d832632685f2
+ReturnedBits = f6671424debd1326a547b5584e653da380c03c3c039a1d9250e5b7a04f1b925b4155cb0b7a0b1424662b0cd8cbd517f944a6f2af05b8966615500a0685148ad8fa491f6280fe3fee65d208c1166839ac8f1923e33b9a845be7aa6ef7ef1d706d9123eb4755b91ed6a54f771f6474b20f1d662b9cd814cba7549edf23dff4d0be
+
+COUNT = 8
+EntropyInput = 071e961e987097f77c09f76209e5e5b3f8be0c4c27075735e1fc202f6081abf0
+Nonce = 03d588d5947afa87db319a5016137ccb
+PersonalizationString = 5192482a6f4333de109be8208cbd8e68ffcb1675f4706e8575f6732b1b82eead
+EntropyInputReseed = 23f740adb634a4a849cdfa0dbd8a2dde4aeffd45e220022ef50ffa841bcb0900
+AdditionalInputReseed = 5f632bec5a1d76b89e2f73f2f386e6a877fe4b32f63330e76b1a66c7501dcc78
+AdditionalInput = d405236d30f51951e3c94368368d6df335113b36f3221f8f84bc5dd0d1b86e53
+AdditionalInput = 50d9f7004418b1d0860597abdaf2f1b07cbfd8e62ede69f70c917f0ada2f46fe
+ReturnedBits = 517d565484f879428d020e8021e36fc58b24e951c6bc6a3b553175430d5f5b45df65b7ba98421d6805b0eeb80319c081914582705d8c67f8be89a3ee6b2ee175e186a49f8cffc958d355ba5b133125954825b04eafef1cbc069e6b132bc385c52055d5aedf6f185de20afa6f3bc470a040eec5b304aad006b11e0e2567359610
+
+COUNT = 9
+EntropyInput = 18f68ebd74c499a71f3a06b5a60cc55f2db9c9f2b64e8581d68d086e77acb28b
+Nonce = 2f9dc7746348fbe399625bbaffe32455
+PersonalizationString = 6b8cc4c861a908c19b61a227e9889b3120751a219dcd6beb3b633ecdb6870e58
+EntropyInputReseed = 17e76e390642206f33f29bb19361b8fab3c674c16a20ea2410789e69fa4aa883
+AdditionalInputReseed = f90085669d488cd17d66a35eebcf5dd05efbb4c6094d0e01c6fd46a81f655795
+AdditionalInput = 4456e8d93d1e7363f903ca9df29ec3f8336a9c62e37b0df6bd391b545af0b372
+AdditionalInput = 00335103bf87ab37763261207d63f3915c1cea0f9f00ac9ca96f21c374e06d55
+ReturnedBits = 6207ad87eb092a362382ce8b903ba9434e213d49bd52ecd78192df1519bd12db0a6e4aa6fa02da2571da1f6e0294b3ef3bf534da8adf7edcc30b6360e19705bf2d6cd494ae8a5da3fc77032403ffba42d4e1e1473a2ab16c1493675739551ab1ea5aca30c9498b5c7d45e3a8ff9452669afd4e1ccfe32faa461a33502f68480c
+
+COUNT = 10
+EntropyInput = 299878bd3ee2af42fdf4ccee414ba7a2df7d35d9c2fd44cda4d897b1d9204c09
+Nonce = ab938037e11d95fe1456ceed58d4f9d6
+PersonalizationString = d33074a5f01a93be6fb78e43cce0d178351ba7a18a5c581699dd8f03a00bc07e
+EntropyInputReseed = 04449840d91afcc2f16ea5e025e3509bf1599e8932c22bf4fda6a0e95657cc47
+AdditionalInputReseed = a723eb227ec6ad93dffb0b3d4b90b875b677d75bf083c5c8acd36eb8294e03da
+AdditionalInput = 26d294ddfb0acb9bb4d12c7cbfe9ffc7d187a98543d9a891ca6279a00d100c65
+AdditionalInput = 8c39dd962346f1286ceed3641e8a8c94dc5047f2350c587a474baa3590ed99f0
+ReturnedBits = 4f83430e0621d23011b499ea8028c6f702c56bfa4acc247f88a72fba678d15db5cb8c9ef48c64731078245129461ad0c99a8dd82e1b5526f27d6ad23059d3f73c5aac778561841e82eda0ca9648a62568d1d695073a9eea4cd4f7d709a1b48dc8547ed00ba8f1705e93649d843a8bedbc93f50b14cd0fa5e845111d2c4107a47
+
+COUNT = 11
+EntropyInput = 1a0d0a6abecc6b61b23f5a611569765723cb882ad2053429cbdc3280e78a4283
+Nonce = a92f2939b8aac7d6e44165c956c65d8e
+PersonalizationString = 6d0be76157a77c6fb7fdeab164c1d9c288154fd58aafb1f13d9250d70e03d4f8
+EntropyInputReseed = f271cf7459e3422b7790c69be2db354b99acb0250572e0d9cbfc2c8d2e2e826d
+AdditionalInputReseed = 65324b5b990e196334be868b73ff1379d6e2445149d83714460ffe9feb0c2aa5
+AdditionalInput = bc94148f4c78ba3ad3da777e7b1acaf7569ef97a4ddb47a57b67ee1b5dc61149
+AdditionalInput = 28152d9de7bc9df3a5a1bbea96e4e16e5c854bf7a39953a00eff1e91d6dfc503
+ReturnedBits = c6c158b3be20aee57c527cdd793be636220883ac8145b1877c690aaa0f0ce05485d94a6936c946b48f03c8e626b5ab1d7e05fe276727047c0f54608e7000edc7ed44ad3d4a6bd084dcf716efc93740397d55e294e95b883a696e7d8e40c1d5103fb184c0c8663060059fd25ccdc8d78e658b82f20ac6ee1efe69564975074801
+
+COUNT = 12
+EntropyInput = be17b941700a83f584fa2ac66ebae2397e2bfb409d7438610cb1b57f03d88244
+Nonce = b531698feb71442c2daa1c3d58cecba9
+PersonalizationString = 6751369d7fb8012f360a6feb5bd240f7c9fb506a09d1f226c3247058e84b3d50
+EntropyInputReseed = 446c936826bc1c722fcf8781345dbdf198143e15a0d7d06453e20362a8ef9e2c
+AdditionalInputReseed = 2da333a622a82e04c15d9880002b6e9a3dfa7375c9d7b39f04a7c387b24f49be
+AdditionalInput = 92d9c9181e2b61179e81e5596d87c36cf19be1caded08a61e8fe5846ee396d79
+AdditionalInput = 8f9021aa420e3f1ff0637b1a3e044aa563d0a2195c6c24f2bc568ee603a4899b
+ReturnedBits = 337946786c72f86628e80df7d4d76a2c7a6554989e6b8c3b36d0abe1e1817f318126fcc6effe7c90373ae7eb06d5eceaa4064625a30ab51ce684bff6a21e64630450e633456d0afed27e6448ee8980f2c88cd4d45af51ada29ea029d7858ef8982c5be6d9f93aee498b7627da1639fc636c7cf8688b62f9b7794357b5496ec88
+
+COUNT = 13
+EntropyInput = afab84e28344f7b4f5b069add940d3f99e399c82ac9f0655a330068fcff589eb
+Nonce = 059cd73fb7a2f50cbe9cb404fec8b0e4
+PersonalizationString = 6da5e7e2c657b6a7687a5796581de9942fcf6c866c846d689d94f2629cc5ee26
+EntropyInputReseed = 9fa6f7561d65898702601fe482c38857bb890dae7ed7b682cb8d8e4f37b7f782
+AdditionalInputReseed = eafc8bbda5495f10306d2232e9d5f34b5140a197fad8c057a085f04c7d2f9221
+AdditionalInput = ea96ce4e296fbd07681b1899bd8d45bb9d015e45b6329fded54e6d6f9afdfbca
+AdditionalInput = e8da5fc94446a348641343cb83a31692e3161c4e7eb9d2776c88d9dea9cc1a73
+ReturnedBits = fa4f9ac8516c13f1dd63bf0d2780bcfe97530f4dca043324ad67d7ba17a8ec9b85d3340ef7904a8957d4d46a734af04ed10783eb9cbe8a857918b4c57e306b4630dd565a3e2f6b43eafc6a287aba19c34e91f9d6de7ce061608901df32f1d9e4dba664cde80f8e37cb3fafe2ddfca3017d37ef6b6028d03a9dedef65a80ee0f2
+
+COUNT = 14
+EntropyInput = 40da1c95ecc20ec9e2e2278c40207762006fd2b5e1dc5cc821d2325f0541e5b6
+Nonce = 6197e864ff069c5a059a323f2147be65
+PersonalizationString = 9d3dc781820012a0908c4aa43f9006af5f160cae2b4cfbfdff4dd35581c8e2f4
+EntropyInputReseed = 60514a033a2da73f0eb6f532bb316dd4c48b4b3f2d7c62fb13fe241d3071e5e7
+AdditionalInputReseed = 1233906d0a92403f3eed5770744cb742880d28c2d523924907f3d30ceb4cd9bb
+AdditionalInput = bcc4dda285cff30cda51832a8d320f885c887ab081c1c8bd53a1d68993026f25
+AdditionalInput = d579d4178cf490d2d7738290834771df387f5256204a575b5eb2fc4da3f9e91d
+ReturnedBits = b98e479a117e8b34e6862269515563641ea6953bb7e6e44165c03a9b5e0f24d4c333fd9e98d7e73e3512db8b36a4d49361f736c75dc0b252bea84b2b7ce42069336c4bd30a77d65148f5305ed6292e672aff77f9f1f4effd7ffc92f425f4505835e9e1868ecd8ea93f0deb273ae01e63969b673d88c44c11db7d7da46f875c6b
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 2d3e072e78b3d5af2d60424b37a1ca56b24ad1b1fb27a9c327db0651cb75341c
+Nonce = 147d214920513cd539ce383f810d9551
+PersonalizationString = 
+EntropyInputReseed = 7597a56fdbaa0cb66cef235ccb6bbb423ef2a2f19e5a65a7b86dd11d0cee6cd4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5d3d1c5ea9e8c219d43511288fc65dbc1a2f6284c59b26d4375f156b75d383d01ac6773cad41bf5b6d9fc41416933c0459f9b6d481412e38e9dde34cec3529a313d2e7815bc5c29a550dfd6be3365d0f8fbbe3a33bc07b6b96351834462a2e624d4ffa0bd1bf9adda378f4ddb6d4f6a99f7e3fa2556e52006b40fe9caa30ff4cbed3e574e2b3752680ce7117ab880dd3890be9c19f6442b0e2e04684e05f4fffd90f97112f0766a589ed82c07af7cba239c36a3d2bf52a25df2c84678556cedf
+
+COUNT = 1
+EntropyInput = 7d1214060baee8c87c7d1fac9ae734f3108c0a72060fde971afd70a5281aa08e
+Nonce = 7eec3656357ffbce815e77eeb114c347
+PersonalizationString = 
+EntropyInputReseed = 6ac3d36724ad82afd5a9c9e49299a706a0ca2e4bf399c2d220bd20985bd8f39d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1f7787142f1246802223ed7386683a20ae8fe62fbfa923800fa8b94873fc7ef2cc5490d56a3ec070fb6caa0dce5db5b2709dcef5f36b55e06b83faa4b6557bcd2b9208215ef9d22a1fe9b5504d02a18db05b18bd6cea91767365b4e7696f8bb064a79000e63b3479bfc8f7060cff2aaf01ec87f58ba02c06a32b1f81c1d9a83300890d17dac3f76a63ee733e1332be959d08addc49961ae19df69c39560e6b59d65d5f5457b8bf5b1ec77d0003926765fc084214e8684045e5dd91312b88afd7
+
+COUNT = 2
+EntropyInput = faa384b3da916061880ecfd8e8a87da317a1eff2fbb1a3369d3bc98f725d446c
+Nonce = 050861f172c57613861c4b8e1f5d42a2
+PersonalizationString = 
+EntropyInputReseed = 833770cc3ee64c56cbc284db6a746dc232d278cc8ce1c5fe5940b18d8855caea
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e77c5c2b457626db18d6c28c8fd61e8cf1379739f8164a773f2d0e67d5a218dc455fcda374d84b6f1caddc8514bd1dd32b75e9135fc740cf8aea0f2e33adf4fa3e1b5f3181329f75a8dcfae79c737ac67961912b4fae9d92a9f8f0f6c1f8af031e7615a80b512d9f965b6484944dd74ad9a3bf9d035cac28b533f482fba3a7e48d958c6ce96892fbdd54af9f02f61242d46ff73185ca5358e65730722f086a7e29a8a5357f91d19c89adc93d1f2130f3e1457cf976527724ccb59b65b7c3f21c
+
+COUNT = 3
+EntropyInput = 7ff504f2fb97cadfe571e9383a550b12804bd82c79a86b2b8f4843495cca0108
+Nonce = 18f772f22f3425fe1ed9274724cd9335
+PersonalizationString = 
+EntropyInputReseed = fd2b8483712ce920dc9c712a3b859e02832f988d6e555c8b33645684cd9b0d9e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7cbf3541c05343683522bf1e0a6f9e07e254d927c66dc1486804939ab52b79aa7dba3b4d4ff6714fb50f0d18c0829a43d57cb515534176ed33a7e218d4112c07f7ec84b35a1e34f02623c3a43b85c59c9c537abf603f7aef50479187f0a689e2ad800b84a627f652a8131b5ef1226c330989ab82d7315e097eb6cc753df846918deb7b5212bbf29af86d7f6e828c7c014207308522c56f6ff389f699fd3f6ff9e3ecd62390d6f8d7a42a8dc22d30efff45d903ea19938b4286ff4cc6afc38113
+
+COUNT = 4
+EntropyInput = 330f2fffb6db135a8e72fe33bde9828911daf97578aa4f9ecd0de1e53094838f
+Nonce = d6f755e49d2b1f7112573179a17172e5
+PersonalizationString = 
+EntropyInputReseed = d02af6eb4f5453d0c7c0811479244f6290d17c103407057e4585670bc3870ffa
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 97b2496582d25dcc45619286dacaec17e83be9e6355be8ccdff115bfbcf49429b41967bb8ec8ed9252f7c47b4610e67831a27eccdac5f1b42998378c8ee69613a279476fda00df80fff99078e0e23c1a4afd86fade421898aa1e917e17f1b4573644a1ef7f8c7059a6b27fe07cb41b48406efd11777aa2eb909e9609829fcb9e22cac9c9c65e76674784bcd0ea8a3a61a7f5205007901d7c3d9e6cfcd46b65c4b38fb792038abae76c5ef13391bd0966d59d9a408228f8606efd7a62d990419a
+
+COUNT = 5
+EntropyInput = fe21a45baf8d27cf2e96eb99d9859ca38e822ff6336650a52c81259e9a8afe56
+Nonce = dd45448016be4e0fe9322e43b2799547
+PersonalizationString = 
+EntropyInputReseed = f6bcbfc74827b610e21bc7aff32d2358eec0ab2c51f0c95c2764d5588d8d24c2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cb0733a43dabfa4f7a470ff551f60cdd6db91eafc1fad0eae315e9c2f69c9fb90ee0c166a353bb68a73a03cc86d05a4b91da48a6e1df1dfaeb269ae5f99725328e023f58003200cd65d3a8788d5d5e3dbc75acee6a0524f4f788da5e2139a0f11e7a26c58eb9ac434f59c71e65244f1a25d02ca180ea3d4fb13f0c17015ceae4d1b71ddcb82c952bd3ef2058e60fc60c52140340897d7ef5f934be497a25fa8d4995d57d1bce85b1910d29636f5711847e4c5e97be03d58caaf4a7c8bcbd8c3b
+
+COUNT = 6
+EntropyInput = ff233baae192e5ecf8d5ed5df1f3edd21551af21fb721ab2befba53ae50998c8
+Nonce = 42f63fcdfb43fe201eac9bbb728d3f62
+PersonalizationString = 
+EntropyInputReseed = f562458a50f08692f945b6264b9b8ff49c0ef68e8dbefb4bac080c5d54b7a9d9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fbd2eb4e7c060d897d5dd661ee7e9f7639731339c08caa38dc472e730692a42e17351cc5d7051e7e75c381f802709f2c9ae3b39822d9426f467ac445c149cdb841fe1bd511294c3329e9a055f676aa0a0bfacb1aee841075cf710cbc9b31bab2b927f936f2288f608e98ac8dea6c6a2a23720a31f30a249cdfae64325ef5bdc40ebf0ca9375893591210f10375d48d7e7e490f4fdf2ed095a095d16b2df3c49e15f2984b5be300d0998a69a6aca7397f874ab73a8682e5150d1f2f03348b5c47
+
+COUNT = 7
+EntropyInput = 9dfa34bc831265fc31218da6eb8641df72972c94c0db3edc5c3c04b6592f8c49
+Nonce = a9ef3c675cda2a61c26e2f289812d1f8
+PersonalizationString = 
+EntropyInputReseed = 1d68c34eb7939cb17a68c677c95d202d4de712c929989c06ff3375f214ba8573
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2bc5d40db5f22e00452a0394b7f12c25f967592c932331fe8f6dff8cc775f74d1b6fae6fd01f5c84ae590ac857b9b94d4a2305d46a76e03ce841160ee48ab0d136facca1478eb3f32f96e2c0f11063b2b3a2ffa5f0561f4f6a64e569601a8c208bed31d18fafa3ee4f5698eb059d8eb80c458082d791ed1e8ec54f75aeebf81956b25fc42f5b097f5ac6816354576798ec651a906cd14e1632cd60707598b93ff9b3e291f84cbae33d08b54d70b9e14017b81308919ee9bac38fa65c5978f8ba
+
+COUNT = 8
+EntropyInput = 476afd970c078e389bc9eb391035c181f62761a7b170615930f178ec12a083de
+Nonce = 8a4777f06ac1fd19d563cbfbaafbc0be
+PersonalizationString = 
+EntropyInputReseed = 9fea22c23e44b9c7789a5f8b87d8baaa6118a27f50dd719b982c5dd5a6a0dcb4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4b6f8f0f8b36037ae84fb9fbfab67a5a4c298489b0cdf02d42bb06a768127a5a9e6275ae1bcbc346c3de1777ff2dfe21447444bc2f9f743afacc39f43290655d76603c0d4d2000e6f3bd8794abfbb03bc57c1bf0456f8947215d9338f3d69bc669614e0246ff439a84631c613c05b69a03a251966a23d0955e2af236a7b3f5998a72fc034e2b0d1f1c39887e8708430837d9f36e9f19a721b0b38b5c99695a21089588737cdbf8366331a86ccae547ac490767610515117a82133d4fe655e29d
+
+COUNT = 9
+EntropyInput = 6e91a708c5d7a286b791d5637d4cac923c66f198bdf70d95bce8fa3c6016c460
+Nonce = 775040a7e125db0611fe84660e18fada
+PersonalizationString = 
+EntropyInputReseed = 400971cd873edefb83942183f81ca108532f05a8252917de1d64246112c5c676
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 076e660f98db0064423a136f6f8f73c2f44d6295d635d6f1501431a5148133d4677c3e8e4cb5ab7645a1d723da69817b48380d514409e60e861253185d9eec26f12408d66553793ba335e863890aad4e047cd70903e3f79895c9990feddd6ab2525418c4a04e7e00f87c4ac84db133327a56929565db7e582b36f52a8726209f277af2cb23feea555ee7ce592d6d7e482476223193b0add5363cb8ba38be110c2388e0eaead771ba2ed31348e375c33f2ec23ca551261cdb32f7265be77181be
+
+COUNT = 10
+EntropyInput = 6f828a9e17bb2f269c10e8685f053de21d6f44e6fe4fe28579fabed15af2f7a9
+Nonce = 11c0f06c0cd4ed48fcdeb0e4f5d87d25
+PersonalizationString = 
+EntropyInputReseed = 2871b7a1ac2bdec0122c6c355f1897e9abd232eea193f42fd6ba304be1682020
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 01a8681d258ed9f01c88265f769a4d306306d3cc7adc14934b54017ddf3d0633d9f629d6051200041f164fe58df4c0055d6039eedac64060ffc5929a6491a800f335c3ae5d68a2a01b59a6b5a3fd31343270c35d56ec0cbbc668285dc57872bad21ccfdd4002a6fe25cd10abd031a207126fa09cb0babdf9b142143944466dae506552a2276f6abc18ffad9ef3f5ae7bf53ab3d27d1b21c01ea88bae68238a7f7bc607dd9eda3dbc3ac5331c32dd4ec0a3fb23ec81cef37712762e3b81a6a598
+
+COUNT = 11
+EntropyInput = 5bc4bc624b8ab7b9f423bd22e2e485d3ad6815f242ea26dff94115c5d69d2a23
+Nonce = 6c8300f429d4a8d8ba7289b81181a3eb
+PersonalizationString = 
+EntropyInputReseed = 0f5a0326a4352eeb8bcfd0c8c451c27008b4e9903fbeeb31676abc67e3cc4c23
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4b01f0f7a74fe4ee30ebf53f292ac434d484f2f77d915760806d49942314ae34b79e339a16d911ac1e7b35396757f92c3ac9d90f721a9e3a8613a632db27c4909b18ca9252f17cb96fa910a2bdf7a8c4dfc5866f277f8e562024149f7ebf8da862916ca34c0b2132b4602de351dc6de84a3b9bd7f2765017dda0440d97eeb0c97b88ff4ed021f7229ae1acba85a4a4c17fbfcb83fdfaea91c60125d2b2391d1561c44172c8da7426ef236a122526141d344a6ff8ca6162b2d104d551012ee4cc
+
+COUNT = 12
+EntropyInput = e429eb27c7221f906d2fc1f66d2d96366e58ea7f88e5ccc5507a1a1ca5d27883
+Nonce = 7391f6acd7500212a5b01b998472288a
+PersonalizationString = 
+EntropyInputReseed = 4bff8d30247f4b525196b6350d8a1df37cf874ea3609680600790de9ac46afa7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8b39ae19edfc376e29e5d130b2352e23e9c79704239df2e550e63ff3881152571c4e3bd7351cc3d76a32bcdad42ba5f00c50a81e6d67a2fc9014913a052a0e952d2521ffdae459ac2466a00804e7cc18f62765ab287ca8dc44764006683368efa564685db0813c0ef4cf155634207f2206293da2e39dc007a535e90587df1f00b0426906c31b3a5fb4a6155d5d6f568447120fa9c714ee31cfbdfc4a9d60dc9fd4ca38ca91255207923951eba254d3761564d34cb6fbff7cf852abbcc4819f7a
+
+COUNT = 13
+EntropyInput = cb52ba610167f08f7ac6e9ff075a37d5e361e1ae661af2d628643950382279e5
+Nonce = 08068a43f277bed3f932356479e986fa
+PersonalizationString = 
+EntropyInputReseed = 5d846424b680012a007fa2fb03d7b0f1a3395149eaf31db3d0d56c3fb78f971f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3c1138ad9b29d4951f2fd53177eabc53955ff6e8f816dc468de4092207c1bffb374d5bdda6033adaba3674e157d56a12f7a00816f1dc48421a27a9d079b065ef3ea31893f95b8307cf14677f8618b742cbd7e9e52a3af776f7b3d650cae80fe480199695b7ff375d4cb445228871fe409d7cb323b32b2f3c3ed93f2b0de8476493e7fc3f8fa86205c7fc1dae96b2fc3023e9415bc557cb2cffd2a15a597d3e2dba017824698b6e8607231a61d587de676c5bb747b1000c1d9c38ce47bd872e4c
+
+COUNT = 14
+EntropyInput = e0c44736f9703799d91bb8a4c213c45b8c2279c82da98d2c723db827d52281cd
+Nonce = 75e0198a1a4a8b369209fae539a143ae
+PersonalizationString = 
+EntropyInputReseed = eb5924d9fe71bfdc8692ffae612bb80bd3b7dc2dd439c6d68a12e8d21169ace0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e97feabe1e91fc74d5e3144269f2e938cfba62276a125af34b322bd9e545afe8a1092835404e56152f46351f9e1443712a5a50c724680f8abd44dd4b886f7cbbfccbabb23e76c51ce0002be693f1bebebf78ef488aef6892a3817f5ebea364fd99c0de55797151439624508cf6926cc28cb8d718d4ecca7b33fff2236085be1a24ffe3efc5bd8f558ab9cf8542ca6c9969f492a4419c7f355ee6b803cc3519c9acc710bb1f68aecc82c44049ad263b6dc5a65b19bc00d98eb7ac608cd632354b
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = b9096646daf8ff1e539c4e18ff6a5419184d6e72cf2be0e6727765af291b01c0
+Nonce = 63bc9d90cd3f497076b51698802704ef
+PersonalizationString = 
+EntropyInputReseed = b1f5a39ea5c332e8733e101a1e08f298200bf4462cba56301173d2da3e6dc3b4
+AdditionalInputReseed = eee6742ae6b5d0bb669cdea0e33fbea1930577ed82ddaf0fb7ac0d496086d0f5
+AdditionalInput = a293e23d2c206912ef7e0957c6fc77979786c3eda754f628dc226ab0a8237c46
+AdditionalInput = 07bc38ec01ac68a9ba95ffea1101df965b0a7a0f9bbd363c1d293c60d024cd46
+ReturnedBits = a3bc6e5945673964518c18363b2b94882e029f22be9da39e6bbff7c3f59da35f02faaff903b4b9f9021042ad20c8ecb494cf3242ee4208df783cb22914174dc7b0f614580fb67ee4026fc6935155feb338e34d0bc37364328606b91d8fe6690d7190ce094f031340370deee4d1b4fd9da80673ef2a77debb280fa5dbc6f4e31f95809fdeb39555412d115c217cfb9d68aee8739c3e1210519b4e5506b6e059d45c51aa09ee1d067c3b546e3e83b72ca31c13046f3d5f61b47a4efbca4ebd6226
+
+COUNT = 1
+EntropyInput = 8f491d6bc59f581b353d836698d5eecb460864573d30fa438544b327b8a42424
+Nonce = e0934ea8b55eea442de4cda7a835dfc2
+PersonalizationString = 
+EntropyInputReseed = 25c6bbf8bda61fdc913fe6d369e4fd477244718cb28207eb2bce7724ba366ceb
+AdditionalInputReseed = fef9101a538cbdee70bd9559cdaada044b4f63d7b0f53c89f7b0ba19143e1004
+AdditionalInput = 757b1809a53887f5d03b22b499668ffc113b16c4c63a1de3b15c6f55d9bbfb09
+AdditionalInput = d324e79474dce6bc4c5ae89806e30ad315d7952de7a7224ba1013ce5ec03d274
+ReturnedBits = fcefc87ed42c43c8841faf2e52a699be3d5c1f8208aeeeef2dfa90e7dc81839f1ebcf1e58d840d77012bcc69bbb6da5ee7d9b7f75df6128c08a6e484be1fafc942f3c1e1075dd7e250c2d54d68f9ca3018ab55cf6e53958e1bb25e8a00c65ae30563ec8f9f26a08be80a0756d1d8ab53b798ec5cfdc1c102e1c10f7bc3da6e0119dc34167177d0eae42077b42500d5971b21a37f22d10bb5b36ceaf71d22e09c1c1a47d70595506ac628aee0c939a6bfac44384e82e57be4299a184f91d9a220
+
+COUNT = 2
+EntropyInput = 10be70ec0479ef2a2cda2626f5f606447caec626280143fda60c143003cfff82
+Nonce = e2301d47aa02d3987b6547c6df42c655
+PersonalizationString = 
+EntropyInputReseed = e34c12788572dc308d6404ac2fe3ba27605e67f1b11e77180cfc934bfa053809
+AdditionalInputReseed = 885605f723f3db83c30b0ed7d8e5d8801615be1d4a3043bb67a7f0c17c146c78
+AdditionalInput = 7d687fdf6bb4f3b13f613e92a5792b75bf297b9969c2c9e44eda6450fc5e3ea2
+AdditionalInput = 0deaf55047051c9f8edcb28e0fe4367513eccbaa18b8d7ee438c59f0ef019a86
+ReturnedBits = ee74d44e7f060cb14e313d632a36b5bec18d290d7e507a964872ad16573d271da6fabcecf799420106819e5e7e3d0a328c5d835caf67237e61beb8421a11fe6380dd42f242f7ccab71bcf67740ebed56cedb5f9655416786f38476da4a8639f62880650a0b92285e97f1dd540e71928a8e3823efaf5862343ce7ce6f0b5b5b65e74ecb2d8619eebeb7967916cc7f1e52d4fb6ff015bf15e26b08671e114a1d88a11238568b0832cede3bbb9b25bc0d7a0d20815f007393098073243ac4abe055
+
+COUNT = 3
+EntropyInput = 79a12d037f4865d37d242dcbfa6602d26d5b9057bf0fa117d92cb54bd99ce26d
+Nonce = fe40dad846f132dcd06c1a87b16c1748
+PersonalizationString = 
+EntropyInputReseed = d09bf2de4f6228d74388aaedd1f909f0e0b44e35b837e0ce17557d3aa5edea86
+AdditionalInputReseed = a9675092cadd8d7535c1a6b22ad7a0e5f76946f265a643f3d8bd7116d0d7562d
+AdditionalInput = c2340ed985be03b07f1c2e0d332cdae494912dbc8480c752bcd6143c5ae661ab
+AdditionalInput = 675aa3d7d1019987c2046b3758933a121db4609067c3b622384d504b976ff97f
+ReturnedBits = 42fd0e14581a05a61627e0231e4443279a2117dff10122daa4700deebbb5223074034d4f8cded99367885d1932fa84e854a1955bd4e4ece1d395a8eff7b4d7e5386232038a7c4f4ae536abca303e911cbb7539cf70d618e98adadced3018f1dbcd4d4ff9772030cc31aeb1543630b1338d2aa52782c3ba0425e3d49ec2396bbb6367a106e87e178d5f02f8d1aa6f3a954ea727d43ea6089904e8178d21512c0861216e9d1efcc1e160246ec80c2cc11e14241428372785af8cdbdf710af2b902
+
+COUNT = 4
+EntropyInput = 7e6d9980270bad5b893f8f627038d63111f2ee9c55cfb0cef04dfd11bcf6af2c
+Nonce = 23f1156eb3c544c15cbff2a029209a43
+PersonalizationString = 
+EntropyInputReseed = fae5a8baa27990da2d0666946d139014d2a92325fd04c7dfd8a9f12b1e26f577
+AdditionalInputReseed = a130fa1f2da080a4aadbbcd8444651acae9c5066a3aaabc20fee8c074603fe14
+AdditionalInput = a43fe1ee4b63a138cc5add19a44b30d00a562c56a10eabadab6dccd2049a1e03
+AdditionalInput = 01f72080dd0a8f472b1b7653113bfc779fef4ca88037a9338a57976388b2689e
+ReturnedBits = 215673057455e77495b93e8982b8d3cfdc851c1afa0a03f96690089b112be62be285fd70020d300ef8481ce1252b1f5313c0cda3a2420ae74b63a0cc0dc54c429c3efdb3f8bab27765a1fa3ae4882d6898ffb22bf23abb91c5fbe6a65eb845bebefb98aea0026f95a513885ef54a8014cecea329b225fdc775451797729ca70df4c8bac94f1381c08181910f1cbcc177fff2b62e810070ba50e0da03e482a08b1d4ebdf004b56087e57d15ab6649d07f99db7ffae671e9cb4a0f30a97532119e
+
+COUNT = 5
+EntropyInput = 150d74f97cc5d1f8f015711da6e0b74fbc9d2bcacb026b5364409a975b7565e1
+Nonce = 58850b3f7a01df7b4fdd031b08fad6f8
+PersonalizationString = 
+EntropyInputReseed = 43f4721d3b33b8d0c0022220829c803d27132b923d6b598f45c068b6a99253f2
+AdditionalInputReseed = 2c529433c61de1b0252361231c2362417ae34900c32ea5986a195aecf4c8b46e
+AdditionalInput = e0d72f10a0241e27b28a66b6613b145871b194196b26d84ae64e35d424f6f4d7
+AdditionalInput = 8fba18bc1f0967549d7527a49ee84589a3791c7e7ef723735d2e7fd93fb087f9
+ReturnedBits = 7b5fe4730d60cf2a1f878396ae3f644b7b6ed08d290fbfa936fb38cc0ae402288b3011e9ba6fe4f1b7253ad5854fcba12ada5c83c23aef9868a958163ddb4aa07a11aab2aae7979df456cdac3ec96d36599941f0789dc1db5d6510592efbd0a6051ee25973199017fc4057e1da26295150015f9ff5066390e2327f548f76f1509cdea4d6b62ff404ba1a7cdd65af2eb658ad14937eada087f48823ae7b86cadaa2bb5691925b7b5458068c4524db397a999560918629ee6fde92d78b59f9b27a
+
+COUNT = 6
+EntropyInput = 54855241ccd11d165e9edf8243764e874e441f7e741e920d648f15431b28b2cb
+Nonce = e7002c35fa4df3696a38c01006a1fa8a
+PersonalizationString = 
+EntropyInputReseed = ade9b69cd2ddd4f9d41a1fcfd1f7dfd80e91d17bce843bea83be473213023fa4
+AdditionalInputReseed = f86309ebd361c2b6e16d53469aa2dab53c0fc210f9bb33c1348d5e96e4b8a7e9
+AdditionalInput = 5b7b6b5d73e1fd46251295b5998043e595df5ae8f05336e1612109a9a6cd4fff
+AdditionalInput = 8ea9b5136e9e1da5ae4dd030a8e6819b1d14c6d712f22bef9af7a9ced9e057e9
+ReturnedBits = 6cd4bb7aaec4267e223c8547d669660f6ba10227a9628987964d9d1bc6af9f023325b9a3770740dd68fab1e9fe0eedf8aa889dbb032c79004920933cee9645e07592d78921785aff013731540b98834bc72fca00257bc7fc566465003d7f4e820e4be3c7265c8b2566510f527e5ce36d03f1f416207b54a2683cd66ae43dff1ab190a480985b755d80090bb4539cd38674a2bc07ba0b49bacbb286a57ee72a567d6b3ab171abf5868ad5040dbc16d3336eb62dbc32b4978e331e9c947e4dfbb5
+
+COUNT = 7
+EntropyInput = beb9e3316c4160c98a8ac72a98fabf2e400e5c9d9ba46ffd9c9b00035fdf10b6
+Nonce = 2818dcb40e17e1c96c690bdc574f86f7
+PersonalizationString = 
+EntropyInputReseed = b82bebfa2233a8d973880ebeff77b56eeec4ac06c77486b8dca8d104dcf873df
+AdditionalInputReseed = ef93a7f2a004a8a3934ab1f880f5082fc00e89615752d8ffbc792af3a6283ef9
+AdditionalInput = 7a6203801befb66b56f3ef7241d33367c55042bcddb11104b3f7080c5c127233
+AdditionalInput = 95dbbcc9e41f9bf87d07cc85b540fc9597f5498595aa7d1f6162b30235876004
+ReturnedBits = 1886f46eb7cbce6ad78a230c97c49dd4357e5bcdb5ec364383963b584068d45bce4b6011a7b0ad3560d351ef12ceae9a1d3373fb5e23fa7f3070f45d001ee8a8b39a2b7854ca71df4361366470abd40d9a8288e441e11e5d28d82b0ec446e1daf187d4f8b99808b4ed624c09f014b74813fa65e50c4a38c9730b52754a8bb5e46474b3bc6fcf1bd876963c2b85bf351f886b6a7e153fe07f7df1d1a2435e47788de13d6a182ed0bfe7ac4ddb0ac511d5c32f40f9157414538c360bab7a1592d3
+
+COUNT = 8
+EntropyInput = d7ec482f7868fd7e1c739f8c78492ac786cb7e85bd8dfb023d806f0d2742ee80
+Nonce = 8efacb48fbc8169453fbc89fd53f741e
+PersonalizationString = 
+EntropyInputReseed = ecb0fb4b17f8771736260d01ce07bb76111a05378de06e7a12e8133674f54006
+AdditionalInputReseed = ed4f4e01b82544730dc3fa3a6a326f2fc983922df259669b8b381deb61dc5fe6
+AdditionalInput = 0684c1dcd1f44626209647be5493c2bd22f2731e4424bab9dc958b34ad889bea
+AdditionalInput = 1cfb501038208079c13155e79dba5e8236f2f7a58dfad267914356b1f90b865d
+ReturnedBits = 443a13c4e891ce5a23c645e02aad2a7309ca1a57a73a84b8712494a1ce7852c35c1f578727bde6cf8caf7a5bda3504c1bac1118421b63df6311fb32180ff89c6ac04efc60a93f1f9e820ed5036bee312d605197cf99bccd208d130ccdc5415f7d724842d841e80645b087ebef5ab305679c14c7e82dbaa7547f4d264fb78a7fb2d0ebdf1fbf03308fc497795d4aa1b8287a4001c1c1041a35fbb85005e4debf1def48d4fe3f771908b891f15439130da0c12e16f889990fb9fc1838a5610a45a
+
+COUNT = 9
+EntropyInput = e0dcdc14099ab737c0d0b0c8c3572ebd3dbb28f42834147628764854e7e81f50
+Nonce = eafc0cb26af09f7e7fda9a6ab230726d
+PersonalizationString = 
+EntropyInputReseed = 0d25df4d6d913354b49f4ddabeff6d8dd328d06fe1dc6bcbd69979e3a3b691d7
+AdditionalInputReseed = ee71107ee3e042fb3964664147dca2f90221faa6d81282e5dfc06bd6b11de2e2
+AdditionalInput = 5b3dadb744e56cd02c8793326fb24157c2a724b5f632c0b7598a51dfeb059397
+AdditionalInput = df1a31dbf2507fd055b3d8e52f73fddcb7e73afb9bbef97d0897660f8bccc1d5
+ReturnedBits = d17ee42809d9ad363982daf009e26359ee0d70e135a11ab60fdc5525649ce0cea8046e03f75c5d75b2bbbe50fac6ec5e2eeaeab63dc9d5fbb74bfbe7878c7a866766f5ec4b970906cf3755c9d847657f242c55582f1bef75a11dcb3c8f6dd6163eb0c3b53b9e34d44d9a55492f5555acc76be483e3ba79d2ca64a446ca373e6089557856593456c4e7b8132f2d591e0539fb0b512caae185a7472e16e9de25bbdf090e72f4be07b8c2154e18299d08ec184c74a57b48d09860ad47672fb9e976
+
+COUNT = 10
+EntropyInput = 4bee2e93154ff1965135208991cf9237a0625a8e1f142e90973bdcd4481b910a
+Nonce = 53982a4d8069110e2b8056f9c5628939
+PersonalizationString = 
+EntropyInputReseed = 7105a8266dbb47caaceab8765d985090e57e355a3fc20288e6b866c39bba42c8
+AdditionalInputReseed = 25f8f7d4e4e14654ef2c6908abf59e7b579c9277e505c6820ea4ad0595d59825
+AdditionalInput = b1a740806a202d5da0082ae56d69382b378a482db44d7ebd097a6042de6d9156
+AdditionalInput = e7af421379ef377618de862d95e09165c89067849fa11abf597953dd09ce70c9
+ReturnedBits = 183cdc530817e49c40cdd3d01508f027a4898f47ae934b25b725758fdecd483dee7461a0b37604aa585a62d30e23bd3e1b053bb8975dbd608757b05db95ae449931e173b7280ec5385ce7e7f029ad40776da9fc8c84cd2c4c63b5a54223955a5f158cfd8afcdc869f7bf1d99ff4882519e76f02c2e6e62b27f2988a5b666c3030adb729c9a5a3f257310ef1520ac77577539272ac896af5cf3f275e2d664b05f90f00b24520580d4b3e45bd836a6e565976b5f68c7f656d2629438b433d9bfdf
+
+COUNT = 11
+EntropyInput = fa0214d1de746f23696d96ea5f00c22bf573ab047a1647c3d37511520cb9b4fc
+Nonce = 22af8732362df8e472659292b1d1c8c8
+PersonalizationString = 
+EntropyInputReseed = e33a9858a48594b974c1c72a06ebe09f7b0d1a09f9930e862e22c1583eb92654
+AdditionalInputReseed = fb057fb13a81dff9571d7c04afad90610eedddd60c2540f61f28613fd0892438
+AdditionalInput = ca14f3ac55158ce52330c960dfe0b8ca3f00a752591f947f4904caf0483a1ecb
+AdditionalInput = 6d0116dd3915a461620d84598d766685961d862d539e98be2d1baa48ef976d3a
+ReturnedBits = 8a6481729b3b543419d8f9c217b0c90a40cbc8a42f55f488a0b464f53f8f1b0b0744824acddf08fb47ab4c771e97265875e53feb3f9815f94b7124970ccc80b46ee4832d611b2dbd021cdb84c27c1fa051d091904bd98b4d210337eee56341f778facee7fe0e1bbcdcdddbfee2ca0a0ea44eb3237d67026bc2d1f68b6211ddccec2ecb2b8901e59179390dfa8a675924bd9b923cbbdbb7fc9581ea0efcaddf1821fed432f8953e30648a177262772e6668ba33c52d875c8b5ced8750b90cced2
+
+COUNT = 12
+EntropyInput = e4ae2eb4f1c7fe11bfebd16fcf9770f1097ba9982e887c4540451973da009712
+Nonce = e2f4f875fb6dd698f8fbce455e6fcc34
+PersonalizationString = 
+EntropyInputReseed = 0eb51a0eb55cfe69c9accd9390af2c79cbebf3c4fc5b5af1984c283ad5f83f56
+AdditionalInputReseed = 1a3ca6ea56079fe100955ead59b2a30176b755897ba33effa582b8c54f40cab5
+AdditionalInput = a8f598e9a83c3df9c07da50d12ebd21f46fcf3d4ee79eb12067f2de8e41208bb
+AdditionalInput = 0ac86d66f4f0ef7f295473950ff0b29507334a341e773063c572339e6e165e97
+ReturnedBits = 3adc8c50574b0987c33987e148634c9fa64bd77ba182d33b695271d9c3f5d9a3ec506d55c9e61cbda281c4a955d9a3f03a70a2627f9ec69803b04a27b2936d155c28d3cb1fef06ccb69bd1e2d7ad27c07ec2c88fdcd5fd34c96e17f27a60b5a676967a31e22b497788e47cdc54393ef6c1c87e29bb3fe0eb8b482355fd69395036e7b88d355bbd88af8b3af097c15c051e188b34aa8152dae6629849db3086aa4a8b82d14aabd6c7fff9dcc1df5eda3bfd5d1205540e2fd068a43915538abc5e
+
+COUNT = 13
+EntropyInput = dfe24c46e7d47be9aff72bec236fb425df618ac1181349bc09059f1b955056a1
+Nonce = 35fb9d485ca92b881312f1fc20e24fc3
+PersonalizationString = 
+EntropyInputReseed = acd99b9bd2072267cede7691950d7411f3f13f10b2925ee8fc01d53347a59932
+AdditionalInputReseed = 61073170fb42a40a81019d6154ab906b7f0fa2dc42548ed1ed890f529414f002
+AdditionalInput = d4e9a2ce4f87d8497667f5b9ef1abf5c68f6dc183f51810a03a59300cef7d022
+AdditionalInput = d034e4046ebe9826c820e149faa0492049ef6413831d966ea313b68003633395
+ReturnedBits = e1c61111881dceef937b20fb8e55a189055da1052108277f03c96e4e0e26f28c58ae4c7eb64576d7a7c36ae39abaa3141fa8e80a3325f58677cdfc00687ae478270ddaf41a095581c7ccc61926d19f6310d80874ef0339db26eb30450a7357f69d7dedd815207c4e35d81ea56a3ae47b864df1fdca60a66600751d965e0b0772b7aa775e00671927149ca48956cbea4553b9a2693570a01ec8d1d29ec0447c7bcbd58d387249cddc8db7226b3d766a7d6cee49f27be4d07d3f131d79166cacf0
+
+COUNT = 14
+EntropyInput = 264e75ffb8b39bd67e5ab8c9da2902f68b7fc1fb68db3aa23c8058eb9407a76a
+Nonce = 8d6ff33cbcb71b2d0b972e17d97c0b81
+PersonalizationString = 
+EntropyInputReseed = 7e9a57a924ebf874e2f3465d71661ce1019e1dfc6d552bc69f13cf0a5fd886e8
+AdditionalInputReseed = da62f2bb6984ff8d488311da187676f6d4007a3e0ef14e9456b5d7bf318a9235
+AdditionalInput = 855d222ceab7c2303d73f6748097e82dd0efbeab6d543a62993e248b2f617972
+AdditionalInput = d116e25161c960248f1ebac704a1533d978e7d2c78ee4f33ed95686f289154d7
+ReturnedBits = edc93d49fdd159c933ba28ec7c0b1a8ef9cde600802e48fd1b2bcc511bf4b4d4751962fa70cde8f4a95b057c1f828f5d008bd54d2b2d9cffa32597e195a029492cf94fd4e0733730a7b3b0796f163c0e242f041b0f9e8d5c5e11a5961c3bc7d6585991d7395b371b4bfb3fa7449a94aedbf12db5361c7759203a05eb1d6da440018fad7bab27701400a2f0285de81bdd35c6dbdf5039a3a311077104d3403bbca9dc887c4cad1cadeed9e4a3b6461903c3162aa5ae831359a4a4b70f2a2f06bc
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = f5ed3a633230ef9935a1f5ada4d17df903a04fe82e8780d24e4099e192c354bb
+Nonce = 904ce6a59de10f91df5a4c5735d18cb5
+PersonalizationString = 69758a0bc5a050ebe8f5a823a1cd1d1e0c28a40392386816a1070140f6683bce
+EntropyInputReseed = 075792dbee919fca9af14e694bfc2be0402f1312a28873b58f3f9c270eec97f2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = da8cf54fa4c6a19688211d5ecec28435151b0a136d14661ebeb5e34ef82f615bb784036493939fe462af78dc6f5b5935f043f9c4f21af4d261b8c8de569a2766cb57b818c722f84cd374e8f4cea5218cdb3c4a793c8d3f6dcfed2ce416d2266feec5216e8fac70971f9ab34fdf0033a64a9d2769fb40568190c8bb80a63f5d4c6b98eb4cd2b6fbc41f7101c8ac776597e5816f9191cb3a4d6ac477c8e2c6ef981cb37824a70b92dc394f00c9938f84c1e2407086003acdf6b4907fd628681fc8
+
+COUNT = 1
+EntropyInput = ee596201f7b674f5d72b2b824f9a96d6cccbecbc99f59e9679bfc2d5d47707b4
+Nonce = eb05a8e9c923d3b3f9d11a1285a10ee8
+PersonalizationString = 1f4f70c287723c8eaaf1ea1e89e457dfc3666c881776f158f4f3125afd5e8b8c
+EntropyInputReseed = f1b11bd611d3af541c5e5ed1119c473f49c655b792f73082e675234ccd302722
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ab1d0a7625c29de8960b0f950cde29698bdd5dfc2f2da0c3b1e2b195012b091c71fe77afc7ea7546dcf7a4a0e321bfd66c3a8489085d5627b24b5fe8b76df6ceca8339648946a7c0a2c8bfbeb6b437c0b2ac7f9e75cde0f820db65413db8a46719804e4507ce4e6171357a969b01b272c4e70793f4b6d3c33eab8dc784cdcd6eec743ba309a4dce40bf10f0db9b532352cf6fc202873a76a854b62d6f35da2338f3e01f6b080b0d451d5a55c79e6c7aca1aae32fd7ac719c03c3a34360f097e4
+
+COUNT = 2
+EntropyInput = 314102b84e0e871b36e15b0327526f83bb9f7b42f6e760ddfdea36198ad479ca
+Nonce = 588e17f2520a117544072c146d337e83
+PersonalizationString = 844af6982008d4784a6888295a8969b5c0b4d9cee88e6ca23777e1647bb8a5e7
+EntropyInputReseed = 9b7d6edb4cd3ec5b7e4617cf05eb8c5e05a4fa8384552464a990e1c196da62e2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 868a16d37fb706a79efc3f5272e14c4e64bfec1b79c3d8d3ddac7bcb89b48dff1162a659c3f4ed1145be12f7bd54947fa794db734a8506885348486450793eead6bc53816055e3c7cd5146fb5c910f43fc2b50cffbb5ca98a30c36b20d14d84a020e9403e2ac8845324db38f210d8734c63c4fe06ecb0fcf7ddfec8f225eb12a19412cb06635ef5d110e5299a77144aaeba842565955062a427a92a19ed67e9bb148605b69dbbdd19af48208cf68ebc3d9eb9ddec3cf0d464393a2f8e31b2f7f
+
+COUNT = 3
+EntropyInput = 82bca3cb2d956a88b262931482cd97f757f8cc412b141f90d174f5b27ed27851
+Nonce = 187b5b82d0b4160e7f247f41923b052b
+PersonalizationString = 11d4b7844ca7541f9952550e543270f0e737b5fba618ccdc87457a5180a8fb76
+EntropyInputReseed = a2955f4d3d23c16f274fe2f519573cba24b83b03b342fb0a1ce3c76ab7b32791
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1fb0345055c950701453e84bab50e45d95828f1e0eede9748cbd7a9232d68fdcecd2d1fbd5c95f75e1f883bc0dbea299cd6081da39031b86e84e77bda7b6265f25dc4f398c1d786f539705218e7e40e4a1e991d5312302a6c34b0cfd0aca9160be9acb76bdcc60698c06c9f197a04f84f31e8b2dd6e5a03070db2216ed1ea34b89805d1e3b6cbf57543075f54f4a3e9bc8c3d55e2a9af6e945208b16b86d925ad0a9046f3eab192e3ba23eafe173b4436c8a114d4ecb7f3a1fe6d3a7329bfd0b
+
+COUNT = 4
+EntropyInput = 2cd749f4138fac833fac5306a64fa67cdd6b509b990af1a6bb17777741adf83b
+Nonce = db2f3b2560f01f809d5ed5e7cbd75ea6
+PersonalizationString = 0569eb8ed53854f69fe325bf5f3c7d59f446dac2d053205eac6b929ae3fb9c82
+EntropyInputReseed = bf9d1429517cc11d708a30bca8ec5df4fec163dffbcc0e32585b71aed55ae1e9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bb2fd351e47adea13895fd37c5dc2977d941a443a1ac68cc2ef5fb0af9cfe9281b06f6e811190ad3f1dc1f7fd347817f666cd47ba743dd8a86cfb186fefbf38c68e39eb913142502470972385b8e7cb20ecd12b5530570fd12f44a2ce23caf7762a72c12f710d3bf5466fa03b91a713ac898b1bf8daa310667dfb1c6e994fe94636b88edbea32035d9b08c83803c6aa542b5a8b2011437ac1184dbd432b3f437f6b55a28d7200240af3c1bc873091fd1de05780de3b905b092f5468de0810a8b
+
+COUNT = 5
+EntropyInput = 6a5ee01676ba0e28f83cdddd3ac8b03db86ce6d0feabdf4e33c9a5b00c0b9767
+Nonce = befdcb804b8bbe3d99419d721ff49252
+PersonalizationString = f5cf18bdaf69623479f5391b79342a90142cf1997e7737ed8a44b06450751439
+EntropyInputReseed = 4ec9e2ff2b4893eb5762d45751259d903ddebb93dc17c9528d24afcb73a843b7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 40095f15bdeaee5024686dbd1e54b9a7f8dcd8ac5d87479597268eff01f2fce26d3eb33e5227b0e68b5301d4e9e066ba89060259b712798e3494ea7c11b669b02b7f7ce9b33a8d0c5ee0a90c3cea074d1194976cdcad57e9c1094a5f02f86b727da65cdbb71ffcc8e198dcfc177b89d9d60082bcd6abdc9bd2e23f97b1038680f1db5a631bf44e65475bfb21bee3627c7ef07220df18af1c7d657e90c11b3d36280409eaff3b7841fa78567a66a512c46702ae31451741ec0f1eb9c3eb492e88
+
+COUNT = 6
+EntropyInput = b4062a70b090552d2ae2b99c391ecbbec93da8e3643e862937f592e2d024b876
+Nonce = 3d07276c3a010d591dcb13ff86d13297
+PersonalizationString = 20bee2f3b1ecf3c9ede23f14b80bf8a67d71dd178d0452a5c7617718d029312f
+EntropyInputReseed = 7d3f013a5e8b0f9d2e714fe450c7a0afa424633175279f4b3a44554bd1132ed2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ba1ffffceb1df91e3f8e435eacb30aaac725a58b78555822522e68916af92dc6a59656d1b7383a2d0c476111077c85c4a6aa8324f87b02bc5b2c558540d4602249c282930c147288ac3955258477c02179437b5eb55de7f54ed1cff8d9e50a5f093d8687995a4221d0852edc03530680f6154f98c83a9a0545937ca1c8f56119f0b20d65778018e58ba2d81a53ef4408585d4010699462e313049f4dbfcd9f033ac627958eb5b6478ef2f7909c9ce4fae16115cc98186a34ade5f7f7712c46f1
+
+COUNT = 7
+EntropyInput = b213294ea66561423885affc971917d3ecb5120a000c73ec520a7abe62e49169
+Nonce = 0614f11d4727bf6e9381f5dee5d45866
+PersonalizationString = 117fd49175e29b692e79fa8a988e718a35c46c07cfc367bd34a7c96debeee8fd
+EntropyInputReseed = c1648a83a9368bfc1780ea27181619f65940d85f131255f451721dac93271b50
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2e95950abe48470bfff8bc4e2e747515764eeac07ab0368763e207e89bf8ce819c625bc4a052796fbc77385e33854b5c676f8ff832fb05ac2e2d86f8162cf036cc399dca1fa140eabf9d05f9acd4519ba7c82414d20a6dd3e123983f156c22a65c1263b6e2803b3f161aaefcb99c24df2c32655b0b4265484ce4f5a522bc6ce4b84583a207209e4253460b43c2ddbc6b4f4cc8414f85855b6ce8e5b43bc73ae9dc1dbed6f7245b881e071b79a0e06091eb1607b73131d7a03a51f5c8b1523881
+
+COUNT = 8
+EntropyInput = 22b375c2fab41f9213dd1eda02079d871dd7eb7b4698552a3362a4b1303f29a7
+Nonce = 5bf8e37c661114dc5ff5bfeaf790c342
+PersonalizationString = bea98caaadf74a0a9b52135ccd9cf3ae767078df2f43eb4f5d6214420509e290
+EntropyInputReseed = 4426cc7228127dc7bbe8c151f7966ae41f4d7c67501877582558afb5067cb1d0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e213711230a5cd82ba54515fcb3c180f4168c579a5119436e4eebc9e18488a8d3a569b02b3f356c7e330369633675cfc3db7fe4f376d0a1444ce99ea883edf737d2adb83aab5a904ba1ef58014836bd3a7646b4b9bed9ba9d047a566c9a724e2ea73183df3f472d58bda2530ee0474e52983c68e69e87f4e550cb738109a2907b1198ac017daa5e5661a51ab711edfc50f9a18a94d3b0eb5e4ac37453aee7696e13766ffa2d5321e75ce857e586f6884f33da67846b4e00c353bc15db4759734
+
+COUNT = 9
+EntropyInput = f25baf4c9f29b5f5cf5c9d575767820b29588e00600a9a52bc77242b806776f7
+Nonce = cffd182641950ce0d2c0b07b2e0c2ceb
+PersonalizationString = ec2cc3bafbf630b5ef6792ae240ef38e943cab41c7d5e9663be936d956a03384
+EntropyInputReseed = 28bcc2459af2ceb72c247ac632712536771db073250500e9269887943189a45e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc927c7128f824f830065c8f2449ea0e25d4fa30dc584dc88b7d9c07ba32bdf42692dbbd12f035ae7b11ddb8544afc06cc61dac1dd8955c74403741d4f156f0ba8189d6b53d7a2df9807a40584e78c3beb6350ed0b9f82858f91b2b01818abe1008ef2047ee42be7a226db73d1369502d1f3e072dff5bb405547272a87824037aa20c049024858d11e5480b8f01c8c0353466122422b81ca2cf33056cd5e675fde7d939ee4467d78feeaf5f0f90f6b4c4d5f4bb8697dab649a0b54de4cbb0b34
+
+COUNT = 10
+EntropyInput = 53b63ad6ff8aa2044854265e5047902c78f165649d3b536a1290fcdf5fde8422
+Nonce = 4d88360602217dfe09caabd9e63bd5a4
+PersonalizationString = 343b29bd94eb479f2cc41eac4b30d6e9b6872688c7016db38351a40f1ac78c94
+EntropyInputReseed = 76fa9ff74422d02841d712c14f987a60ce50b13fdf4ce0a65950c619eaba422a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 40f8d44a94ed7101e8ca967d008d639db9dac5d7b10f35e46c25790d38fa52ba09f36ac01c2352d581b2a7d2656f227d27fb0072cbef56d6ca0544d04e3c5e6d129aaa40bb3c5e8e8e7fd0ef3f07e6192b131c0be72f98e96c9ad23284f64cf1eb0a74f2f79a2ad84883041f99cf063a11129928d15293895e02fc52174b644de853a30c0e98295edcc323e13d4ab58ca17bc9ea4e47f6cf70cf18fdffd703854180fb82cfe48a6074e2f324aaac64712f0f56bf9c91d75bb448a4360e42d6bf
+
+COUNT = 11
+EntropyInput = a04425c9f86cb07606f5b78ed6a7ecd05b0733006000ed09f79503a914c664ca
+Nonce = 19bf5b20804b21a1c079eeb615e233b3
+PersonalizationString = 0f33174333b68fe84a6c13ff678c3d2ff12203e25270796d703ecca03afea4b1
+EntropyInputReseed = bdae4f8e1eddb933250a98f6088ef7518a6c36d0d09407e8390d8e9c5e936fd7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c9e8bf5226f4240006efedf239f94d3bc69c0f5fbea4fa816e2687d08e8c874d20fbb357a487c4551d759fb3c4f57874c550e9e97e5914bfebbafe054bf8bec2388e22360599a0bdb307f0ff1bdaaf5b20f5901daa39c08dccf7891155ec8cdd7d8c1a09ec33cb30ea570af200edc0b203be0b2a7d208c8dff28cc1a4fcf59a98dd0bb9f361700590b1f9a5c549fb3a431a1a24caf616d46d6b33c935a84ef5e1d154c1c0c2a148ea4aa0a71ca4d71e011732427246d0358451e7846cba65330
+
+COUNT = 12
+EntropyInput = a2961f9ef35505ecacf3aab4d6812d7b0741f135cc2608027388d9ff318cce6e
+Nonce = 3ce148d94cd0ed5864c103a248752847
+PersonalizationString = 7e246b890c9596c88f84d7f2a69001f42b0108f0fa0ee6c739393662bef54e7f
+EntropyInputReseed = c7c6950a2aed9d78805965e142cab7fd992a543897ee0d229c089c892035d2a8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d2a5a80c490c2cce9eed001ab71b8029a49c187d56017b3b6c0aba2ab93ca90b1a3c5d96bb6dc2813d944e9aa92c922c2821344482a0fcfcba854e15c90ca1f6fa747decef1025f137a53efda2a50537e7b084d53fc904d26af47cb1501a88eccd6b194f2b0dc9b95e55e5913e935fe29190ddfb99aaf8608c8cc1aa2c87bf8a945bd186bd38c79778959c3e81a56deb0fce1c9b75f1ba942fbc0f8237eb3fbf65d0214a60294899556c8714987191314751350382577eb01710fbaaedd96d2f
+
+COUNT = 13
+EntropyInput = bd976651fa9853af723dd803e238af32276f62ed43dd23e7bd880a318e654b0b
+Nonce = 8af845903fc95cfa56488e76cf0a8f72
+PersonalizationString = 281e41f0ed7bc9a4a01030a16d9ec0dc03da13f3151e5367b7de6e30fd66d564
+EntropyInputReseed = 78f11c2c4d55836cc16742fff4125fbb28017203c3ba6be48a9748b366e73430
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 367ddf9a683014b0accb42381d90079143a785f780493a51b7ed84e5d6f3922168dc2149783ef8ca8a0652fb1220fb95abe323a6415bb7a81dccc3389181e0154236c85a22998b764204208d034f2f2a9e4761c1d612425af3a34cd0cc5491299deaffd02e0ba6990a2485238962ab541f6baf36a05967f28e85c3200246cd9969fbcc6a52cfcf3fa281e5b128fdc7d31534a0885fd839d4721f018a8ca6a60afb144f6d4b50604a374c605865d255c228bf6bc232901caa003659b458659da3
+
+COUNT = 14
+EntropyInput = 3fa9eff4d04ecbdb062aa91143d695a3c5a2cbee1ffba0c560c71975017c5388
+Nonce = 1675d87a212fb4a151682f6324d2b795
+PersonalizationString = e9cdcdaf950e9974813d9390d1780e5c2e45b6516125d7c272cf2428891c8c23
+EntropyInputReseed = ee28792109b38e65161f669b438e699834eb511254e117ac59d7de5ce0f719cb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b8e0833e91c7ce17868882fec5de47dcf7217c2e00096f3afbd176ac0be18c2638dceb052fac4b75e230ab0e6aabba90612521f2bc135db40415aaf49a6589be6d96d8b7fce90aa131b16cdba0332ab8be0bffab0607e314f905f721ba134d1dafaec8435d5e5ad95fe31a2f915b817f17d2ce034cf06c5cd1311428a6682febbbe90d7ef6d2888a8507f6fa81de6fb72f0aef79bfce77696dc5766f55fe1fae70085416724f16f3691ee599946a1aea600475f671957ac0ff332fcc29df708f
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = f411e1feeccf01c0d4bde61ca2384a2640b41e383a055b374e0acfa8170c2f28
+Nonce = 7cf75b960dcd0a0a9d2a4e7e8d5e47d3
+PersonalizationString = 25d6dfee3e74d3b6a9f459094203fc76e0e589fa879cc445008c80e3736fc0a9
+EntropyInputReseed = d222df563773906b875d55dc1aef90337ff59fc3ca5ed0af5e46d306d630c7e3
+AdditionalInputReseed = 07a576624662253737789e543734d7c35ded8d74a3b53919b1c28c21a2b5ebc5
+AdditionalInput = 2561c8591281f0682d3811387d0cdc16c137edfcc9527134212701f73550c572
+AdditionalInput = 870441d9435f2cbf16f1168f50e32d9b8811be7adc10a5070c5eb993372c5732
+ReturnedBits = 9107af002a8bc3e0f0394eb0db3a801ca73844db0600873d1d576ccfbdd88dfc3eaa101e52e4c4ad9958d9d0e5f1eb555cd0d93ad2745a1302dfead60c42ef28e7211740b1dc694fdf72dd066d1d66a58aceeb9a8c6a9c67a75326f97b742b85e7abdc853b01bd799bb9f3e8e6b5f2a41919543b17c0da4e4e25f04e1c2859a56466689ab85c46cb9f593abff0f058f7d26f2c09e379e5e0b6e123f24fb9bcfba9a468dcb38a9577d63251d20f09b8d2b4dad74fb52e1e8dbdde6e0436563d66
+
+COUNT = 1
+EntropyInput = ea942580c38fe2a61e9c6c2197c3795878a0bd253c9037dff668e001740ad0e1
+Nonce = 2de5f7a4e10b884c0a65479dcb73b7e9
+PersonalizationString = 30d76c95d36b272e97b548e26ba3372aaa82fd0fca1bb3bc6cbdab99c4633f0e
+EntropyInputReseed = 47a372af41f6e48f322b43b25059542bf2bf0ed0c0f718715f83a4efc7ba2fae
+AdditionalInputReseed = 95dc648083f1523081e52cd6c4e22a388e618ba8fed3f7a6e28aca763949adc2
+AdditionalInput = 96833fc4e2eb83ab50a21aff86c8d6581cb4796ffa7b8b85281f7cf4db74afa6
+AdditionalInput = 52a4425acccb43e74d33cf23e3458c1216192ac20b3843053a3005c18a4b90ae
+ReturnedBits = 611bd6aba0192a028253934e864c2cd14adfe80bcec9e2b0e56448e65f4e691c4133e7dad7ab3cf3d2e295d69e142a95aeaf4d6d5875916374870ad5123ea364e960d93dfe512e28fefdfa2ed5097947d9d154211aa8a4ca89c6eaae9eab4dbe9ba8b8d7ca37b9b56ccc8e8efda6aeeb64acdd73166c7a8b4e7157a53236a77620e8c96bb220bbede276a4e3414f2d6d96f2f875e10b6209815e20d8e252c6fe982092cb7078d3b539c3fa31b06dba7902137fd80bfa55f21d79695da6167370
+
+COUNT = 2
+EntropyInput = c18bc7a1f600be34357dbaa4f5a57d196b3a1896df9e6a5d23afaa54e75a0d6c
+Nonce = 25cae1e3b58826f2a5676a1e48b7ae54
+PersonalizationString = 80570ac85d1ccbca7030302ace052e0d864a062c15c27ed564c0d28554a42d79
+EntropyInputReseed = 38212d0e84d21ed1d17095595a666a6bfa7d973ba2e4470d8b15d44441855acc
+AdditionalInputReseed = 16682c713133be4ed01118ae586d739fd4c5d586050376683c5fd5b9c26b40d2
+AdditionalInput = 061867fda15bb1fc56ec674c36ae06dbf1f50d7cc71cbf6f9be50c05622b8a4c
+AdditionalInput = 41b63c48a6fc90a3b3ea2494527afdc23a39a674b91a5feeaaad0505a394d305
+ReturnedBits = 732e4f9053227b80589e2cd0a0d47714d64e5e4e1357c392538c0a8c2ce37cf2a8c15d228615075b661d55ad65de34ef58d2582d5f339efe740fabf47d0c7caeb69220623842b815f8a30d34a36197d8c3264624162a2e704b367fa31df1469060baf5eeb2126c1272d20385df4fa40b22842237877ef3d7b2f09c0c462e247e38a7839c56b6bf79191267ab7efe6b46e37592c537b439ea27c6279dd31a8e44cd6a7468e061194a20db796f8098aac7969ab85506d61f6e1531e5dfd9602211
+
+COUNT = 3
+EntropyInput = 8f3f31bc61ccb4f15bfb50833ff301e1528d9b97208e2111d59f3ad389579434
+Nonce = c171f219c534a8ce6d52f6b56f3ed65b
+PersonalizationString = 3da1986ee350a9861bd224917db38127127cc978f8f9e7bc11b98dc7e4191c00
+EntropyInputReseed = 33f6579b41ef8ece5b059c70ebc32c8b623a6c0d0c2d67bba0be8a57d8399594
+AdditionalInputReseed = 7a74c99c7c7c25af30311a8729bc295e1f37aadb62ee87f180ccf11862110703
+AdditionalInput = b1b6059c1949d0e7fb5665494c2e596f74ff897c741de64a2512460621b92658
+AdditionalInput = 209202ee2ff620d1c5e2f7f408b26a03a59c5c8dfb2d6856ef1f48a579656a7b
+ReturnedBits = 6f0f852a406eb79c91413a81d7c442ea4316f4b48ffcb07c3079460e24b70b8cf0e6d60e924cc2f4480a1531548a82d841bd93c918295cb814779296fe50e1a9a0095d8cf5942c149af2a2eb39927792509871e9954caa815d76856f607bd6c20775a272c8bd70bb9e453875bd98ae2890f0e443b1609bd496433fa755a9e97e78bb6bc6d237a4d08d14d15ade4966d55191cb983b1c56e1ac96e225bdc4f385cfb4b97ce71a37c255f309210da20e45bbe05f154969b5ee1a7192d88e6aba72
+
+COUNT = 4
+EntropyInput = 636a5f0e244d80b8818de735904bf53f7e7a410d5c0e2161b23811596c28c765
+Nonce = b4a9f5494458feb1dedd8513506d6f4a
+PersonalizationString = 002cca42f8d06266ee4a203c3ce9b8ed3ffb8db975c1377eb3708e9bf711596f
+EntropyInputReseed = 94a8276f1d5ea640c08a3326b01339712b9377774f10a948d7927c2b27d40f1d
+AdditionalInputReseed = cf338301794bd25f3c391e2ab1f14573dcd3bb097470a85e0ae306a3d0317922
+AdditionalInput = a2f876c54c16dd8084bec2729fcd3145daba987a53ceda798bfbb3e0e328cafd
+AdditionalInput = 238c2f3edad223d774b7f7aacd2cecdcd3de43510e3710911e85a7224d32060c
+ReturnedBits = 280ea2e313f3cebfd236c7a8710624b3c3c11b00c34774dba12cb41a4e9168852c97d0095942caf9b2b2441e2ed7892f09566836f89ea46b9bab85b9f3fafeeb512a8771be2c6957072cc4e3705a64da1d14d32e6c44c5446bb7603f5e364dd74bb6d157ccbc191621f249357619588041120e907f8711a1d1aba88a0865baf4f889f4fbe979553ff40add189a5c1027deca80e0cf0951594f4fadd3161745c414b6b6701fe7b66db578b79917f7c67de4d576bc1344d9627c2e3ea9019ed214
+
+COUNT = 5
+EntropyInput = 7aa9dfca122793236de2ebd9c4fe8b85657e5c0ba151cd6954cc88ea8b65ca61
+Nonce = 47778b87de8ef52fc961d1635766b5fb
+PersonalizationString = ba6a8366e7cd2cfb9bfa7a50f1a0752d53bc818ba62377c93072f195bf7c14e4
+EntropyInputReseed = be5a4b2ebca0037a9bc2287c53b955a676f6152a2a8abb6e7d351746e963a714
+AdditionalInputReseed = 3f5eb0375d877f56bf4a200b6638328a30e3e05faace75a87d50823e439f2f3e
+AdditionalInput = 1ae87e2d5a11f1439e5e722ddedc2f0ab86097e80b5a4fb5400c7ed16b4457c6
+AdditionalInput = bac5bbcfcc22d2d14c7243e93319ae32bcee15cc6f0beb9a8a39e08f39706d01
+ReturnedBits = 1fba482f9c1bd3f37b715adb2e3a720a39b97d3c27417fcde755ecdd5c3b48a93ecdf3058d4b8bb84c10182e65c98716658a91ba89e63c9101450e33e9a3386336906abc701618d73d53870f8a837cd60adc07b8be756d835eee15ea1c6e2a6fe7f05887def4b20d8ff368e0cc83f474a4d329cdea4ddfe79a2ccdceb12719092e1d6d397c362f18e49cbeba07f21d48a7f28ddcb7517140d98222e876f7a4b4b9325605742b1e05e4ae147b1012c0a282b2c21608df2bc006f9ff7f77f0ddc6
+
+COUNT = 6
+EntropyInput = 6dc70275e5a73d509acb50879af5c88db891b1004696b026f6a44e5bb3e538d7
+Nonce = 252b56149b90f7cce8f1a2755e09f455
+PersonalizationString = 6afad10734867d6cb603ac577d3d0b1edb9c320ffac1356cfc6d96e3b0fa5a69
+EntropyInputReseed = 94c1f0a7c439f05da20e687e2625c895a65bccc21efb338c06346cb891b1a50a
+AdditionalInputReseed = 7a27f7c3a99ba1d19f95c13a285b7d1b5464b42aa3ad4634764061c2210009d9
+AdditionalInput = ee85551ace764ae0ac9396b8c90a0faafe16ec5c74241f09e64498c42c5625f0
+AdditionalInput = 7506d40f191048a9b4a6eb9bb1f9875863c98e82ba80f05dfc858bdec83c6fb3
+ReturnedBits = 76cd185d1dee33972c1828bb1d76f15e24d31b2f8469da442556bcb7959827ed6c85c3983c297d410b24498f1dcf13c57347563c9972efadb90c4e0f58b0693b9f06de3bf01c0fdf11c8f300667f9dfb284bd88cdfbd450a12724f82b967fe6b10024efa3b04b9779e74e31e73eb07f5bdeb0d276f4089b5c806821f1c71e40d293ebfa5ad2b34dc76c4a24ac814a07da34a369cbce7cc70c6f1b9186969021fe6ee80052bc8abb93b206a310e3716cbb5e2bf4fbd63a133fbadbb1a878c9ca1
+
+COUNT = 7
+EntropyInput = 9f563b473448b1e5771fcc68598659d2ac71acad29df9f279e3a273181724fb5
+Nonce = 82de7f15432712213784842d8e148e8a
+PersonalizationString = d5992b094cca8b39c13d1e9d7e2c71106d003f85c7571ec665260d5471e600da
+EntropyInputReseed = def8924a3c2a7e171ccddbe83c6b3662a281106ae0805dcabf2a07b200e80415
+AdditionalInputReseed = ce22dc0d50181523da1439a87967c7fcf2408ee066bcf40c31293ec90fe437ce
+AdditionalInput = b3ca6a107cfc8bd305059109842324e4c36a1abacc857363636f398e72cf867c
+AdditionalInput = e5acc4d7e1dba248c00ee62f4cab534d917502799f4a5ac2af18941288390661
+ReturnedBits = 12c8a5056fb966db1d9321803fa6fc7cd9a708ddf6678e11a6bc9900156277e028878bdd5fb8745e5cb74b7de3751bb55233dc39ebb220154a745597cc22304c202bb8dee622e2674676d78f119e5b299656fb60608bd75187003ef479bf06c5e6af0168b1c8767090328978e1b1e438ddea7bce8e2f859dc38f62cd7df9f42dbfd9502ef4a5a94406189ed4d35446a7d1c7ba23f6c941a518bf2bcd4debaef1335d96e9ee69840ec5bd8560ab530ccfa509c1f9b26beef3be2ec8f646adc810
+
+COUNT = 8
+EntropyInput = b3ca92d2bf64048e96490e01b7485c24790d83e812dc8a5d727c6dab21b3d95f
+Nonce = 7b4ac14730ee185bf33ed90d1315e144
+PersonalizationString = 051d6bdd4f4527c4cf375efd9892f986a3936164cc81fe7dcf87775a458f5936
+EntropyInputReseed = 49f6beec788732a762f1803917c969404ee153ee5db81289499f93b1b3708f4c
+AdditionalInputReseed = 59a25cebf8ff95f0834cd9009ee3b20d431195bf2298fec826b6ff0fdb700d7b
+AdditionalInput = 10f62a2749ee8fc2e4d7b067f390cbf969b05a8be5de0f866c6d7f90e99545df
+AdditionalInput = decceb212452be23deb5c96ce6476a0ccf2bfb942967bc287aa51424c130514c
+ReturnedBits = 358c48ebaa7434a20880e014a793009c291cd2a5f570eba2f7eb3be44dd983a49046aa59945b7c04d3d37f312d329471887ea7eac33db9c72daa493c53939109c41189b93e63c29294dc65cd83cbbdf6adfc3eeaa748938560603bcc31f8c8d7a582a7d14fd2b2a98e7e34c4e82dab2fee9e5e17b84145e1fec785be261993146f8f03bd277d6c6646e2eed0ab7c6a9fedb3fe39781a42668bb397055c45f7258564295c280ca7df89971b1d67063d3251e1a75c2844b359ae85f8ca849ae3c7
+
+COUNT = 9
+EntropyInput = f6501e8634912c63a8b44b1bc3f629a6de0ae37c900831f36be820842d091275
+Nonce = 90b402554f678b52f17457bd9721fd56
+PersonalizationString = da44c8ae746c1bdbae05b024ddaa3789756c4e40635949764c5e8e5223c7d863
+EntropyInputReseed = 05d46bfc1cd4e85f684604064da460ec821a20dfe1105f334608297056cddb12
+AdditionalInputReseed = ee9319baa9fb8cf7e19a65798e057776f9e6f105a5fa55f5cc6a3623698d36e0
+AdditionalInput = b0a091115e9ab0ccadd3a80243ad901edde4ddd364489b09375d999466ffac78
+AdditionalInput = fbdb656e0a92648d4cdc6840124c20eaa0070878721e51c4e9a7e3d5e4de4e37
+ReturnedBits = ee3a6aae9f7ada18e9b4ae6b93b9724718774fa7cdb4954d555204bee96ac2105757ea71f431dd90b5c2e8a7b7dfc97b7422a350fcafcdfa33a8f2201921bda45a5e171ff5e1f6f55c0b3f2e1aa16224294728e71734da883727d9f4dd127c3df4fc465daf4267fec242f677644798d38ea007f41bf4cde6d0d43821657a0e8483645ef4b96e27db684f5658ce8918b80bb5d691984ac5695e0aafd5d3fbd087c621d7ff368a073abb0c9fcbe49de47bdf721bdf6d636f03d9a0d3bca98c42f7
+
+COUNT = 10
+EntropyInput = b91a02907a7f03bff31ecc80e375296186b6ffbb13c13e1713668348ce260620
+Nonce = 42c94945dbbaa518d2a77f458ac9204a
+PersonalizationString = 624b2009276d7e7c3fc6e68892467d4dba3b4b6ba33698422beec8f9c316a23b
+EntropyInputReseed = 6ad28ca4143a5ad24e95137c7f2afcb36d46ad47268946ac7d1d56c23b06168a
+AdditionalInputReseed = 095ea77f31e52db2cef7043bdf1107534c5d89d1bfcbdd475666f6327affe6ef
+AdditionalInput = a6e55f8365da6b7d6292e488c3031174ff91d563f3d9cf9ac52b70d0c05cccdd
+AdditionalInput = ded47b5440a0b6378ca94c85c795dd57a3cd3829fa0d7b5e5950dd93a2589498
+ReturnedBits = c7a42e4ae2bae922995408b2c9e9646cfc9da05122b49cba1319606fec2918cfcad2c76b70525634f7642492ba2f1aed418e2aabb2c17cbb7506b9a30385afbf95bb499903d6118aa12be7e67ff8301feae259b0529463b1c891c290d14c5324cc379f79bb1f5b1034079b4dd7cbabd696c1969f2b1a437d52107e14209e312e3925b2c5aaa8377735dc573fc460f502670d47cda77549d08725920f36d4d10e95a30729b0bc3471b0b26319a55b5c86009d87576146e6296b51775beec55547
+
+COUNT = 11
+EntropyInput = 232e1bf5545c13fd207f37153117b66d4bfc5425d9d2b1b291b9c94fbf4f40ab
+Nonce = dba71b8ef0a942bf2c1616029572c7bf
+PersonalizationString = 11e0ec7e96d22d4db760d99f03671816e04ef8001d7873de8e8351be8e7bc39c
+EntropyInputReseed = 663fc6663d5281fdee1c6a643b28c1c87e9c2911da3cbfd17b687dc0615478e7
+AdditionalInputReseed = ff2d0789bf9b8d76317678a48fc2311843106aa1e6dd39387cb65dd895483926
+AdditionalInput = d27bcb5825e67ac560486a70ccde5a2e3b20d117781a425d25f992084deb313d
+AdditionalInput = be41025fd274a40c41bffa56a9df2ef72b0063a10993d56284a86f8e8e9f3c91
+ReturnedBits = fb9a465c99ddd6c3e1162ec7539b2662096397bd6274c1fb2fae9d24ddbe0d28d94b0d54dd9fdb8645cf3d3ad106f854fe7469672f467d518be172e80df0ac65b7c5c1150c04d25df762d243f7a60786ed817756cf58620dea09d89e726b37df7569f474d4a79ab56c82c6e6fc6ab1f3bc5468c7f30ebb7f133211e4ca9cc01de4285494e01fa4b8e925b59ea56f97f412603f6f07a102cbfe75e04ae8ad1d03ce49366912badb069266cc467b8f6805cb24ae185111282c6af24438a6f0714f
+
+COUNT = 12
+EntropyInput = 045c359307e388fb7f046ef9286e5b03f019ba0c3aabc416f5bed4b76e711795
+Nonce = d41af5836f28fe922f73271694e57fd5
+PersonalizationString = 1b5ec47e5f4e30ae087afb0409508729ade418825e6ced6a5c90f88ff29c40e0
+EntropyInputReseed = afc0071e4ccfe6c3039b9258d9eed5bd98b3e0a7a7d0f4c60e64b255716750f9
+AdditionalInputReseed = c814475f77336df248f20ab7e1b5540293d645d478dacf1c64676de2187c9731
+AdditionalInput = 139e20e8e383cea63669bf2cca6b43d76f1133df8fef9821a5e402d3fc3b8a66
+AdditionalInput = 8abdb9c0f1df932c7c28786727c4a263a3676d1865f3ea61dd68bcffa46aaa24
+ReturnedBits = 1ecf3495285807b58d4f7baf59c184766ef65cbe6825c5749f45cf05db9b2ef0a712a85542f5e8bcc08a29d114ff65a59ff91816b361d1f5a982192f59a47451bb5b5bddca565f3ca924ec4178bf0dc9ce78de1f3f3e421ca7a70b5aca971135635649f3b757e3c20177ca7eca6ca3d09ff079c953ee09693a9a9ce3a9a3822477b0d13d78f031ee67b385d8d6be07df713da8ed5b8c4cf164146899f71d16d32bcd2227f9c7883f9e45d1396da0ec77b31853b215d0a04047ced0599ca9c071
+
+COUNT = 13
+EntropyInput = a1be78509676117f73f1a8100c34efa25fe01acafb39bcdb2cf3b9733d33c9cd
+Nonce = 8a1e2cb0ebb5131b950f6cb789401924
+PersonalizationString = 626e3c96e0ab4424ec95e71141db524b4f762a11cd0f4a6625a23f7caf1a478b
+EntropyInputReseed = 70946a0b37b368c2218769c5d43786c56f7c7055dd846f6c29b6c31e7547200a
+AdditionalInputReseed = b2c97a8161ea655851d050dba3e9f8bc3cfa55446f2e758f9cf3b34ce8f31e2d
+AdditionalInput = 748c53acb9bae2bdd10ebddcfb41be9fabc08098efe1f10e2e7da5c9dbc5a6aa
+AdditionalInput = 10165552d8d7220aa8b7db1f761f9d8b4be43643b5c8161b4a87c6a9d9981f5b
+ReturnedBits = aa81ef460fcc273f6eed4756982783dad0f4fdba573ece6ece48bc0120a4c088af8e15e35cf045ed01381a8a95de2fc3fce99fee85b7076274a8779828fa3ae34033a3e5be39021dce764c4eb2637e50b975fadd542830515bba34cbcaef07414a7b1ae2ede1e879ab3903fef13e9102f3fbee728fa56d885656b930572bb43f5082c24d9f65d3ddbbf664fdfe6596e11540208eac913259b7723a112f531aa0c734643489c88cf0903459537b36541ee82c3dc003d35de6bdb45b0cc03143bc
+
+COUNT = 14
+EntropyInput = b610de6f6e1502bb57738697f1a6927d456c28272a203b20bbf82d833f6e02af
+Nonce = a9c303a9753df483874c32e2cbbe3417
+PersonalizationString = 3a207dbef6daa52526b6f2f3a069ab99e3f1c0abd500b1103d3b0d5b1083c774
+EntropyInputReseed = c35db3a67e03cd4c489eb8fd075a2089bc76d7182591c781f981fdc5ca466be9
+AdditionalInputReseed = 18bb96858a10ce7bbb824b5d84ecc6776d3e458db18e8e3fcef429b3373abf96
+AdditionalInput = b06dea5af511b49e30d0bebc49c0015083e574519d28b8fa91ddf80e592a3c61
+AdditionalInput = 9452d807777239ee41a7b72845eecced4c4d40468f51a9d3a17e346c9f87c55a
+ReturnedBits = 2bcc2f47b559e87f703204e0cf612bddb45cdab51b3b0e0c40d7cabd499a0d07ccbba89c4c0ef3d32bc0da03fb2a78fa13f6f98994c59291f152b72a2df5822333bb7efbc152280f817a8106efabc59aa5a1b2b9df1e90b5aa2c9bdbf63fc84b121223c45cb53296699c30eea48b7ddbdb81ea758d8ec1b7fcfaeb912c73cbe388a1b5a758b37d29b74a11468b04ce9b1ca11268baa27a26d809df3988383d9923390bfe414e29dfc3c0c63da3608905de0428a55d5f939af2e98ea379562881
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = ab3d8163871b68221c4155e985b3b910c6c93c9d0c50cd9b86ff41f2e4823a2f
+Nonce = c683822011529215473a41582069ff93
+PersonalizationString = 
+EntropyInputReseed = 243b9438be5b3c46c7becfd1ae4bc6b5c4f18b367faa09e6105ab170eb86fdf7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ee1f37b9f91d7a9758eb74cef2737a4030b2834ad23bd61bb7404339c764e13adc946a511ef967fc886026f1aee01443dea433e762943384c269f0fc280c9a925751ada1e96211b80be0f3b99b7efd74eaf7b7f021b4fd9a68c166c02a21b8b15fb4469c108a697aa125cda2f274cdb77cd0b4d39078a58f32d3aeb821262ea177dd7af81da5ebc2c3b716a1688bff4ac16d7997d7abfa6ef3095f76ecf272de5efe167c4db08dd3c5d8390c5aab348e8caf136cd1953a0123dcbf9915fab300
+
+COUNT = 1
+EntropyInput = 15b1d7bd80a10dac21dbacb9f0640e077cf4c6cbe4776f071f3c70f9c0e73f64
+Nonce = 425bb11fe75ac98d8d20ebb2d0d69ef5
+PersonalizationString = 
+EntropyInputReseed = bc0aac35731dcd624d9b45d23cb0428f9b447ae3723001ca794e139dab593b66
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3107eb3851ab842fe68b86ed7fae779a1365cf312c73754a4807c82d4ac79b80e5033709eefa9a748ba42d22d98b84d7b3ef6e357c2b9322dd84d2a8974f1a21ed863ef8295a992dfac4663f58bd273680663f7ec8f886ef6365b17fec8a3da20c3364d4554662244f190452e7f7fa93615d13e7544cdf6c5ca5dfb2fc53349ec1752c052aaed9490f4fef6f96627af4f84a97df763301142326dd154d848c461ec1eb65bbda7f9da55edb8e4a65deac3340907a82f773e09ec1b0d74a3d1716
+
+COUNT = 2
+EntropyInput = 98724e73a444a784718d46c65d1acc69e3e8d36ef37199ddf62b3e67cbad9b1d
+Nonce = 068bdc84c45f0ce27ef1e5f321806466
+PersonalizationString = 
+EntropyInputReseed = 9ed202e0f270239d75f867420fff3a1df07a4b577d5cb5702bf5c65b067cd33e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a22b017e918b30d2856c2682bb82d984a2f69168c05fa9b8bbaba58fac7adfa3b3b4229a12c64f3e7a8c87ca0afbae24487ea294b87046c071cd0ca6d683f6931bc30c6bf33833d18f5bf9c3594ebc4c8bdd439c8347106422bc3edf3d28a44190635de5ef48970b8dec15e14821c6e29188ec116c4fd0b637eb259619b13419d4482cbc2f3d830f3454fa109660d22067ee0f15daaeeac48a107be1149c75ea50d38e18d027cd38fba3a50c28956fdc80c8a5d9e9d08132d75539418a3e90a5
+
+COUNT = 3
+EntropyInput = e95097c235ece37488580696df624d04690f4124bb20c78480a24061125f0caf
+Nonce = 31068dbe4458086300d2394c785857f7
+PersonalizationString = 
+EntropyInputReseed = e54ee3502ab5faf6c88a1691d37322897e65d252a375777ac092179e8400c1bc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4f26d14e8a1a7ee72677ae42f65b1dba0d325f07563787f2ce0785f911baa14d474d05f7d5a97bb4b2932f887361e369368ce111665e5bc5a4cfb2f210057fb54dd785f16e6b989a8dce4ffea508cc56f00fa1685223fbfd59955a2f73efcc298a313bc5e5072047cd0457d9ed7470f084aba7efa3e7af8d7beefe68f4f85336664456a2dec8d7d1b7db1c7e7c0b8c46761ea2f6257469c5e5135f7109485fdf22a24c2dee3821133d0a7335a86c67ee06cc0c449599fc7f60e7d9dd17356983
+
+COUNT = 4
+EntropyInput = b24b95a40d978e6f663bbfaa5fc4e612fc0fc814df4f014cbcaaabf6d41e62ca
+Nonce = bd9608decd1a97f2c1a31ece04fd79f0
+PersonalizationString = 
+EntropyInputReseed = adf1e5083394ee24214b5e3f104c28e795018d2eca64cf8675174bd3369da3f2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 803b0338c4f820199031cdd43015563eeb9b0363559cc18ab1354683782157f00199b2712400167fe0789824c03c58d3f3d022e1757416144b10f9b74309e8bb40b668ab6fd50ae2f34175480b2899ee7474505cf8872025df1b9144f95a2b22db112723b50365097f63db97b5d36790ab5f92c7100f2555197343a4ca00ae5ce3bf582a5bfd302be7224eaf97274accb30f2dee7bfd3f48ac7fa1ee29461d94e3fde58801af4d7a55662129daea09bbd8d6786838a0c5ea6cd805e6aa2f7767
+
+COUNT = 5
+EntropyInput = 76358dbc9b5373a54838f436136d91b7665844c486b3887d70f18f7e1f08170d
+Nonce = 8eb70710ace7ac6a2b3e0439e28bedac
+PersonalizationString = 
+EntropyInputReseed = bfabfa85c9f7be70a8fe974cdb8b2cb3c1b35c194e0cf13436e2e96750310567
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b67e7c996b8d7d8481d4cbc0fcb220a13f84e2efea1638e8ae8653c71cceabfd73a1713006a0cb2876272174675124388bc61f254af12cbf9ef4725efb2c7acadfa63587d5af2de82759fc5d1789fb7f0a67a438f7ab3adc62b8b16ef32a35b347374e7340bc82b12208e2fac06a1d18ac5a39d5a4873d2693a762b12fd9cd81d8fa2378f2139f54f86729893366f27179c428e3ea9fdc98cc47673f9d05fc4018deca1d2353a37301a04d70273f686a2b5a5f66a7b56a59526912c131499b19
+
+COUNT = 6
+EntropyInput = c79fb5b0de8af70355d97226bf6b6674c94e27f49c565229ffb5cdec9f4ebb3b
+Nonce = 4f857f09e3b943d8440c477c9d63b3bb
+PersonalizationString = 
+EntropyInputReseed = 8ac927beb9d3394d9114bb882889f5942c363b45c96fa22e04970e196c3f2a56
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 790d100766b005226ea9c858c6f2349c26c3b3084df721a13e953be9f474919447a719043fe7f43b77774f7532303d91e65756eb9f995514de4de0ece3a7a59de7017d611f498112c39d15be6a3d3fd4f607093e2d998e7c8183f27b0b7455926bd291ca5a5c58108e3145d1f90f52ae0a0f99c77806d10a3e02893022766b369bdbca5cce989aacfb1386064c6091edc81921e74edd2eaa0979123252c2e76998be4d89a5a22fb1bd84417a324631b69e22ac93d6c6e043a6ead3d403998a93
+
+COUNT = 7
+EntropyInput = f2bae9df47486bddd728b61ec70fbf20894e50c3fc45e7c74cf61924cb0f455d
+Nonce = 94e84685d8f488053fba7b31fae6fc9b
+PersonalizationString = 
+EntropyInputReseed = d3c19f0828ea11b05a2195ac82f2f9e217f9118569044cffb654a909a09822df
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d671194ddf88ef6a6f3216040e35a00447477a843523d03826df4f6697350551e5b5031eed1841d6ddc1e78959667e486e3a868dd5a945851f010ec1c3b07ae798545b688d48320b17714d3664ef36b619ac0e64e5cc9fa9df11ea5f4ba61dda8ffabe94731e64911c8df950e804e3367709d4c46b36fce5e2b9d0c78e0c89d98d5c004c24faefed467f4f8994d7dd7ad4e76498a2a68824a7413787797b0301c8d023651d04d338128dea6fb919fb3d404336a595a3e1e01bb6375bda6c891f
+
+COUNT = 8
+EntropyInput = 5f64ea30495b5f8c9868510facffd0253da151eba846774af5a68c1d4df48fa4
+Nonce = c324921486f5a566af006aa2dff2a1f2
+PersonalizationString = 
+EntropyInputReseed = 3ba35cc25940b0ff20a4b6e4f37e0dd61a0b95b97b180b73c902d69effc4dbf9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 56fe310743d26a7530fe7823e73dd68d7fd02c78f787575f237ae041133a01297237c42cfbc73dcbe4ad4583d608724585e1b923fc941a13af34899ab9ce30c15342569ff08385de1aed1c335ac42dc2dee0aa2613e738764c24666c68884c96a7ca477001d7c7f9892a4dee040c93e71016e103218dbb5a3bbb194f645a6d6f5435430e34fb221cd42e2f892969da477577caa6da7d2b47455870a4d4d222ced7764a8f129d6b5b7982f845be6d9172ccdd1462e8d3dd952cf5036ba74f9028
+
+COUNT = 9
+EntropyInput = eb141ec5ab0583f39e69913b6ad46aae6245598ff5756824428e8b6a8f240a58
+Nonce = 1953c8e149e55d16da1a920252fd9b46
+PersonalizationString = 
+EntropyInputReseed = fac96829ce7385c36effd0bb564326bd41803bf361bf54486de0233d36e58a56
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = be5447fcd3f98dd36e9689ed63f5f33fa2d6883f4339ecf86fc0a6bcddf1d650b4c97aa993b5958e948fc8ff4598c246cbac68290000d771e7cb61c06408651a8fada1a2130d268317eb16272598a74baf7cb10d3f46cadb7acb89d42e9d28ca2664eb266f9e7b1bab9ca9b91ed853870c613aba8ef4884b4f97f09b9a460dad8857f475dd01e3c02a8207ede8497a5c35c489877f8f2af9fe84ad2e808407c02dd0c6352c8b5a75d96c4aa5d8a713f86b61ce3cf22787ae1b891a88cd28c4c8
+
+COUNT = 10
+EntropyInput = 93bacbcf7b016994c0777b911bb6652339f1a1f46b209c4bdbbab5abbdada6f2
+Nonce = b9fe65060323440e4b95ed9d1b8a11fe
+PersonalizationString = 
+EntropyInputReseed = cd078df0558a25b3d51c7549ea075fb9ac39ede81e29819cfd20e620eb8d28d1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1b9c30361f8382939f7ffa825d532042d79d8d30d1af9f8a852dce52778d832c3e9bfadfb9e98446d5e90eeae03e71f24944daac16f4da1c3e05fbb567eea2acf5fda48d7f8fd1302253fc32712da08a92a9be756950ae111e31ebc66828f551c09a0339e16491441fa478997c98172333238285c2aa2344b1dac9e0daa2deb6cecff4340f2c70d12e50e882831c332900879a5c69fe73b5cc1dc2c12960873c749f43f37d6aa873b74c390f66e04f1a0998f0b3233d645cc3039b967338d2a6
+
+COUNT = 11
+EntropyInput = baebbfb38e8019ee1da0665e37fd42419c84b5f42624f4a578247aa8f8b89024
+Nonce = 72f0a9d161f1c72b0d10709c189be8d9
+PersonalizationString = 
+EntropyInputReseed = 9dea855944b834dd7feb8831955bc16d3a4ae3ae218b8624195d7d7dd1763b59
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 659ce24cbf6cac220774a87a82a708463f8b8ff1f8d7d4976439e40295127651ddd18957904fbb6e34cf69720155705cba099a0478f2b77c336a71efd3d9fb85b5a54a3e398b1e9e93526cf3f905787b4e08831c4f673f0aeb2eb9c05ca29375037943df14009d2223eb83efbe0238e5317167067c37e35e5a95dfd32db0289a6eabeab8dcd0552a65db08694ac508fc32df627e863a9d72c62a6308e4e911f8aa03e5fe5a7177782d1bde17f004ce2e00ead7878a3482803c879fd410c5c6c5
+
+COUNT = 12
+EntropyInput = 60197716b71d7a38873329c8f8dcd1a0767b7964d1bbfa0e572cd43d4e05b2bd
+Nonce = e0e01f861ee027758d5122e26de8dffc
+PersonalizationString = 
+EntropyInputReseed = e1e1a24cb191f866cb02a963bf887b3200c979943480360db5ce4ecf7ede875a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6e0b88137dbb2a2ef454de144eec7db82582b8698b9292c941cb31d11a563369a8effcb6ce70d91f26194ad0a4688f731097f03ef17296cb3853410050b5cb449e237b896ab228a6f462a072bdd4da72eb6423cc406676809322209f6d3bed9f37de6331910a55183a5d5362eeb62384d73599d7bd2a1abb10c997c9d119bf6ade3e4eb0d92057ca4b2760230b16f6948bcba51e46a5a24950e6a191265c14115c0741201e1c1ad22d71aa36fd1f1b57fc67950259702382af5a48dc7eff59e5
+
+COUNT = 13
+EntropyInput = f8f9930e66784aab9980b63de1a63eacdbfb30ef1977da48a738d3cfa86153c2
+Nonce = 191c9abee5dafca70921e07c2fc4d037
+PersonalizationString = 
+EntropyInputReseed = 2b2456016b42be416fbf5fc73128a0a10ea03aa82c4c92102f946743ac366039
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 020b841cc0e11842c9c2491fbfdc0cc5abf0b66ac08370ace918aa6fefaa64166d3b11aa9ccec4730939c6b61519ab0e2098f92302f99cfdb10e9f43f50994068d23b8a7ef12333b97fee53db69e5ef7e1300600642c5c709f41eaa4dc0c85a46e92fc26e9bd8e97c0ccdcb5aa9dc384a7315d1c850106d26f0d5621238b4dd0ac0de6bb8678afa19ffa93a3753357b9806a1dba071ab9c70ad7c2b31adfd479335379fc1421548616e8329475414e3ebd4a898a05cd5bad1d454b0bc0950007
+
+COUNT = 14
+EntropyInput = 7c92d53da9f31059138bafb9c441713967c6ba850fcd7569ef8ed9018634219f
+Nonce = cac3fe3315ccf52fd6b9067bf1999df9
+PersonalizationString = 
+EntropyInputReseed = 7f720e038d39ab0bc9a796af729fb664dc1803ce364721a21e57a2ac889498a5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fbaecafc7ad92943d5ec09cad51ca2e566afca3967f717c4f4708c540f13c92acd67c7b5a71889b60662d032c4c814c7db17f54c985d30b672230e4081f9b9127bb05017f321994a050a1f0fdad28246449175940aac21cdc8f536fcb41a673088c5e5dfbf4aef8df1fd90f6c039edb880c28dcbb336fc32c61be46c8884b68d14711c6a8784b6db6bbb1c2e9ec03e6497b73bc4cf3983edb31fbe559016ef239585dbb663356a1e3506974d11b599cc7b7b21796381a074748512558c44495e
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = dd47600892f43c5d7c246af1eef90d061b65648f9686b473ba41ef6f0a019e94
+Nonce = ed7e3450263d088a1a0d5d157734d8c4
+PersonalizationString = 
+EntropyInputReseed = 626683607f1d8b8d81cc04670ad9f6d8bf13f017b04028ed007a37008449d9e4
+AdditionalInputReseed = 3dbed34bd97a16ab7cff173c58c3f8a814d8f49e9cbb41974941b54d95e05463
+AdditionalInput = 6bcf937bdfc2fe9ffc8c8f26fa143596fcec1647b5ed0a8132eed2cc1f62a99a
+AdditionalInput = 49b425582e89270751bc83818f95c7603a1f8baa7f150e7ba0779049ebb469ba
+ReturnedBits = a2f093a2b87041a90afb00ce7e7c42ba84c763f517c7775890ee5da68ffb93b734f06479a094f8a266174b13b348367e80c73959d3c213fe06a75c6ff47519c2898377dbd10bb4cb9b3cbd65e134e6e58f793f8701d27634eff1ec3b9e50027460533b8f2f8065b3ea313b2afd5301c814f2d0d0ad747e78d60f7c3115d76afe807d7f77108c127756771c6120322709ede9fb24c6326972b60447b10631bad73caeaaa25ee83fcf0e0505568721cc71dc02d641e2642b145197fc6009a369a6
+
+COUNT = 1
+EntropyInput = 5f53f31ca427fdd246649e0ae659df13f3216a00b080f9df5a2b6753bb323d9c
+Nonce = 92d7925fd87bda0c08668d51f8bd5a7d
+PersonalizationString = 
+EntropyInputReseed = 190cae2a40f8fde9c852c1aea6d7b4e08d07a3a6d6cfe71628d02343f9ea0bc9
+AdditionalInputReseed = 835368636221d379c0c2e2e31849ded8c89f26c33a0f4f1bd04bc28963318c1c
+AdditionalInput = bce29e3741fe0e5bb3fa2cdf48afe8066cfa3eb70f158337cb9389e215e7d194
+AdditionalInput = b25c5a9a4c6b773013ab01ea1d48fa3a33654380f9cab47701743fc2e99fd7ec
+ReturnedBits = 7b9fa3e3b2bafc82e0488d0a811094f628c50cbcb8561b09af8e0db9b50f92b8d494a7aa134a09d2037f3efe4dd459b77c75b9f5a0fa1707668dd172c6b39282482ae4816122055617d7ebe4de4767b3a2cf1c120867b9ffeb93ee44ba04ba19ee897b4834b52014abd7bf316141b3806a642e24971123a7d87b6cadf111b833007f6aebbf66f98649e9e9682182e3a501034c9024fc233aff49c3a761f250051239e2afa4c859d4ee658d5cdbed93c5118bd9f054209cba3f7c7218c45d1262
+
+COUNT = 2
+EntropyInput = 946bd773976ed17356739a28cd17572117a521d3cf24f599759c8c88e36d11cc
+Nonce = 190077a05ff5e22cab229f6ade17fd56
+PersonalizationString = 
+EntropyInputReseed = 34aff07b69351793e8aeca3f5a88fcaa417f546ff64380ddc74951758d484f8a
+AdditionalInputReseed = 694e176aeb0b81c953253e7ca2a4cc63bba0744949c5f1109270c39e904841b6
+AdditionalInput = 74780ab6fbc6be835325a81b424e49ef90864cfc003a8a921671affd07200358
+AdditionalInput = b247156a24e90bb198c39ecfff45f0f22cf8c99306e565163a79071a79c9b1b5
+ReturnedBits = 19ad50714a645bb3cf459178440c00ccaa0cacd95a750fd4685be554d9aa5b7908a1ec0c873159a5387340d3fdc164668490d8b21d32be42571be09624bd8c1fa78d5040a5aa4b73c4f2e992795a0226dec6ab45b9cf01a27b64ec142d8be90f8dcb7c54f83250f4bad973863339921bcaf5b3954b2676be46e56027fd815115b15181ab194def5059c151bb6c97a54e6452924f83dcdd12b5a366cfdab7301d0a710d7dd45644774407122817d191530e1c7d8431f6c47a26d46e5d6151195e
+
+COUNT = 3
+EntropyInput = e9f184e6d81482d86ec4f5e8e1caeab14f69bc6b16baf993847a553a2b540163
+Nonce = ac227dd1fca1e8142789d532f03578db
+PersonalizationString = 
+EntropyInputReseed = 1308b5b133ec640058c9b8c248c8c2acce1c4a87cdcd8a857ad1442156fefa6f
+AdditionalInputReseed = edd026528dfbbee3b9f106386ddeeb023327c9516d7258ae5588c5a5e0ce96e1
+AdditionalInput = 8d29b246b3acd5ad430c92aa70a6ae0ea324279b31ccea847677c992f33330b7
+AdditionalInput = b6eac0ecb5a7664fd079c8fe22ef71ec52bb8585bf083a2a036a06b11fc57749
+ReturnedBits = 9a8ad4ab474e9ad72cb5705fc0f5e2dd4bff8b2447b49bb5d021e97e851beb9f61180a1f892fe7515ec5636f393c712f49fd81981bc075e9186bad318a26eb8cde8f81d945aa21103d9467afe576edc1f4a7fc9b4fe36bd0bbf01623080f90e3e4a3b614d95a2e1f550acb05cddc1c29dd57d7a819f00d863c18528d1c14831ebbec13ca15c39401ad77d72290a1d3094ac86f3afeb30b955c0bd5b762952678f5c9d8ce69aa771681a313f76aaf09d3415a533760774caa4ab5ff5a635869f1
+
+COUNT = 4
+EntropyInput = cdced268dd6085bdbf4b5195c3eb13b68b10ae8e57de4ef81e73a304da71296f
+Nonce = c1dba690be9d365330f42616310e9dc7
+PersonalizationString = 
+EntropyInputReseed = dc43ecfe89bce3209754917dcbc0dee4ccda46339c93abfea06ad07439941c8c
+AdditionalInputReseed = 2584a60dfa835c3fb423fd2ce3988801651d9ff535d5acc6e37921d1da876880
+AdditionalInput = a3fd4f63361afa7498aaf606372d6b092d5bceccc2e92f6fb0e1dd8f8687e030
+AdditionalInput = b68e78a33f63859c160f83f1107dfb54db85f979e6923691f8c2881bcdcc1ca3
+ReturnedBits = 2fdc62a3b07b759407b2cda72bf44f3e646e5ab3559649a263b1fc2ddc8657688f6d906150f8178118768c1a27e169e23b1d2b9cb4ad3ffcddd2d2d53e4aaee12875c864347242616203d69786abd16984ef89c6b8e1d06e25b6d74e151284d1dc071054db88691fb573c1158b6ace5ff2a0ee5a2e45c197e9346b0f7db16c8f64ee76a145270216dc3b63d7ff7b163996efdb1bc3b137dcb1760874dd4111a00d2aff8e32f02eb27e87082bd97d8c3d2de018edb6fc03d7601a4c5f9a9f5f13
+
+COUNT = 5
+EntropyInput = 7ee93bdd999cca295728a9bd3ceac69a5557465ee00ce12f92388d5509fc82d3
+Nonce = d18f579a8d6f4d38176724bd4580c7e7
+PersonalizationString = 
+EntropyInputReseed = fa7ec9a57326d2235832c460e9933e422b44605201775e17e3697fe0b9ff7e73
+AdditionalInputReseed = f42bb78f8fa23c6c294b04c8e5bd94765e0fcac4a7441d8647ce5cb7cc8e3ab8
+AdditionalInput = a322ca6dd30e26315d4758c4900a3e9b89f01286ddc7c5e08fd1f989c4ad5d1f
+AdditionalInput = d403a4657ad43492f609ce29497936459b94d5b39d7fbef9bb279a33bfb4318c
+ReturnedBits = 74ff8c2bfbe48172f41a8fed770ee74b47f5f868b454d229142780917031abde9c75aaeabfbbebf14851883ef47a775f2d1151a8916516c8c0c76e3dd13d6ecd7c67e7adb4100a11d1b364ca14f75547cb1f67f3e53dc2f8be2352124c8e8a70a2364a8250cf1c061a3fe10f4120ca2fd52e65349232c6e447086703f09e0b93e0b256651f7341cd7f3fe3e0a5cc16be748d08ad04a4e029dcfd1de0f174e18510b1dc91472890637af58392118db8c2372cae0589db511bb08b7ba94c86d8a1
+
+COUNT = 6
+EntropyInput = edd786bef88030f499bce447c7af2ee35d2283a56ac2c35791722a38e8af1d13
+Nonce = 536068adcca46d6ba48dd27893745184
+PersonalizationString = 
+EntropyInputReseed = 8dfd6a15d09a6d344785a059d8e66b4eacf2cf4db1a9f74dc29d5e50f130c66e
+AdditionalInputReseed = d3471678ef008dc5c623888d5572378851aaecd16b4f6eed31724ad96f876999
+AdditionalInput = 422d4b0c4cc732988d579ae784f99e137fe2a326d207442efefbaa0079149d2a
+AdditionalInput = a9e42d5245760530a0e4421c926416249317a24d84edf5d43ca2f510994e6a2c
+ReturnedBits = 09fa4b151db58b14e31e5702a4cb72a7ba9c09467e0044a099bcc1257d894ce9ab82b84618d87f2c93e2aec4b46a746d53b7b6a9d2d05abab5b1d1fe333cb615f5162fc635e4af981f455bc06b8d13ac506ae1500f2da52f5b082666e153f66c49917a2c966ccc34401d1da5bb5de04a5b823e5b69f1b3ee0d7c4378bf580e7f819f916a9582552fdf342ff9d6b90376b07eb3d9a5c69c72f4e8584c6ce1974314609498ab4e76e9e93074c2a487af31e3afbdc56006b6fd1a8fd0330adbf052
+
+COUNT = 7
+EntropyInput = a31df22f11c86265f8b28d0dda72ca53f8e147334ee60fc1c434e5f549870881
+Nonce = 335a7ebd35e56e240dc9d661b1365435
+PersonalizationString = 
+EntropyInputReseed = 7f3451b9bba6a82797e5089419173bf34cd1c6946fddc7b63ce6c747f5988992
+AdditionalInputReseed = 3fd08f0c2259b6378bb0454af40d095fd25911e25be571f64e3c8517c7dc452d
+AdditionalInput = 985fa1d3eab4892c8c1cf29f4a4ab308e13b05cc4db553614f136b3bf5dfbdc2
+AdditionalInput = 18d89ceea9819e69e34c8c89e6edfc7e02f0d3708633b1454a5c0ecb11119346
+ReturnedBits = 5259f46fb5d3230548ceb3f770eca0dd16989ac8b41144cce9ab14cc9e86b986c52d46029fba21cf08b6c73edca8adcd7f67a567cae604a0a90c95f98c23579873343e73874f7d8d6d1df246d46f356316186435e042d2fe40582e16591f9f2e4c138af329371bddb294b2ae417cbcf8daff99a9eed9dd0d762e9a42cd3345eff8d86a21d4f3f49cc42036fb28b5801a4db4bb11ce9dd890386210ce62112d5b634354bd0527bd06bba9fc9867299b707c9bf158cc6f3a560c517e094c41ea91
+
+COUNT = 8
+EntropyInput = 6b764627d26f1df6a7d57279723539d88a3252d885e4ae07fc4a4b971b062cee
+Nonce = f10f714e59165356cad77b44db300466
+PersonalizationString = 
+EntropyInputReseed = 3c0a2c25969023716f977416d553910d6b6516e0cc4ab87d503c4dfb06b27c7a
+AdditionalInputReseed = 994de5cc4d541eebea202367588521b364dca95b9a9cb44cde0404c898c77980
+AdditionalInput = 03850735b6305f0327a5063fa5f4ce6d513643102861ad1896be447bfaa9beb5
+AdditionalInput = 717b9eb7700c1e44902800e1c939a02bca6cde460c6e6344dc86a1735b123722
+ReturnedBits = c17e5254062c9fbe9400f6fcbf16193d0dae6c68c64eea64e88c95e480fcbeb1c747fca75da2f8c5bfafae5d1f0958e9d320cadb21dec5b3b6f9d3d6990e4a6333ff7416082aa4c782440ffed6124ac0f99c648db9c868a0925f475b0a285d67cb25c5638779eab11e4c526f732d3c3b8ff2de64d89099168a5801562ec34b851932398887f8e3f0ab2f4af4c07f785d82a1ed18355b247857593f446c0fbfed76e03d0dd93c7ad66a267d0f1513cb7694fc6e96d3211067ab2786d9da8f3e5f
+
+COUNT = 9
+EntropyInput = e4c601fa7a83dd02c7801b3d6a2704645e78c490d240d63438f92c65d347231c
+Nonce = 2affb40cc1c1f6d56800415190d7d2a1
+PersonalizationString = 
+EntropyInputReseed = 6cb913dc307665e81c52e8388351fae60155061b6a4c4e30a6f0db208225bc71
+AdditionalInputReseed = 6efe17745392a4f0de3e0c334f2c69f6997b4427f749ce6f76d27634d5e09e90
+AdditionalInput = 2c8027879c1ffe64c1eb21bac28abdd76f5c75a65ccb828c927a4dbf4091aaf8
+AdditionalInput = 592fb2623c2c60c099d2e116e728b4c9d6d8ccbd5be302902ef2daeb2b221949
+ReturnedBits = 638290d238e040ef6fe4f521284833b8c7ae51920bc60ff533d8ebf81cb881c9507987699e5a35117b21695f8c89c5ed6d9971b1ac9598ca630799aee58a76ab3d1f677f59662ce58c59cc4a7e9478b0eefa636b73e0ca28453a6ef16734402512b2f1a212ce7439336392cab328aeae5dfd420f991db4f10e83e6d5055075e7d6ef03bb1324875ae7c590f277f7c36fd7a5329c721c10ec28b1b0cf38276a314f864460f5c6a34ed0b324b0246082fed9b69912c4fadcdb2eb8002333a4092b
+
+COUNT = 10
+EntropyInput = ccf9793ad5e4dd22c8e28a85eaca4be26e4effd15b6936399c6b5d865d999a21
+Nonce = 8bc1f7a7094ea4e364684ea9cfc214a5
+PersonalizationString = 
+EntropyInputReseed = b0ee47ff9de873db4896e6f068cfbb98d24928e3e306633423ca136e27736bf7
+AdditionalInputReseed = eacb7801790790e44a559b3c9c9547a8c42c321c24c817fac369c5a571fba6a7
+AdditionalInput = 9887f77e706d365a66d4faaad800141556408463f96764846c77772e0fd290ea
+AdditionalInput = 86280790f8abd8e9d09629a63c2bbd89672cacdf67a611c6775235f6c84ec881
+ReturnedBits = ac301031657c3861c93d828e03bbe6bf57a81df347b40a1997e230df9eca0538a8c8fc6a0486a727a5be05263338107ac63595476cda77b1caf14a0cdb2b6b266a1981c4dcaa4a1a8a991e56b3cd6a5e76472c45db0590b8d8c496c7ae7f728636580fd35913df27ae95ec6da988f8a32ca4109d0f801842ccf963e352a946e1fb0fcb58ab75c4fba686894364f4a335a68be2d8fa110f05a2b422c57c1675361cb3960edc94017033c23add521be605021f3c164f0c4e4fdeb22021f5e737a5
+
+COUNT = 11
+EntropyInput = 4587fc39e428653551e23f305a51f8851a559a1814ae163f3615f8ef8c50aa0e
+Nonce = bc1a8dc17bf1316a947f4ca3d7d3420a
+PersonalizationString = 
+EntropyInputReseed = 77a6f8db86e2fff7dd39a6c7dd30ab5322cec5838eb7138246439dd0b028acee
+AdditionalInputReseed = 0ee2050c86e0a21e42c37231e387b1dc06113ef78d97449474e7bcb39648676c
+AdditionalInput = 60acec79d7ac46a5d26434ef437d2cd1f97c737d61661f8eba3cb8d7bd824b2e
+AdditionalInput = dbc04ebca39033ca34806f885ca5620421e9f545087553d3cf442dce74c7feba
+ReturnedBits = 63493bbfb1d705fd0937b2dbd93408622ea2acdbec219bdeca12945270094e0398fc786a3605e297b411096855f42df136bb47f3304bff2cc4c94fa8b478bb8389fdb9c1a5f032306db823d7a916701458eea198e52c05166dc29d6a0ad948cb0056dddffd1b56a5065a408c2096de0ce99864bc16347e7505fd4d0412cefeb9ff658795439eccc09e032017fcd6dada33e3af334c77a64834cebcc7bdb817709fd519b69f29170ee46540c1dad9be2dcd6a66d22e3c0d61f0e29ba60e2a2bed
+
+COUNT = 12
+EntropyInput = b3cebfd06129097c4851f6d5b22f778db245f3bbd70bc21979da9db78ae6d7bc
+Nonce = 0c0117b41a71cd4f457a2ced32798299
+PersonalizationString = 
+EntropyInputReseed = d97dbc8818c095db334ecf2ab5b9230705706720aad17eedf37a6cd8052bed98
+AdditionalInputReseed = c14941d2a4cff91f13c1ba0235e7bcc157c71efd3a3cfa606b66f76d860de3a6
+AdditionalInput = 8a7570b03ba6d08110fbda5ecc1465987a76622d2fe08b778a14d89b7401e52f
+AdditionalInput = 37fe7fce6578749c0e357650ae51848c5f73aa079db4441e2a680a0cf4acccd9
+ReturnedBits = 9a2aa2133b0d004d31fff4fc439e41aa0f68ab82933c2d6cacd2e5f7bf4b22529c1f15b99a44d5e5dc116080d4a822e677a4ea5a473cd3b86f7736286819a70a4829bd71b1e15507919012c8a3d211798fb1988ecddfd8348bcc59bddca0702ee8b6a876de6aeca0e67aca130f70bb13d30b6771fffaad0631c0bbdfc36a6a2ea738f7da677306fe1b382f7fed28dacffbf88172f53f8ebf1b5bb2cd0daf03cd2822e2e5598ce184002afcdd0d3eadfa06e956d928faa199b559ccde40353ddf
+
+COUNT = 13
+EntropyInput = a6620276c74e4ede4b377d81bc7a2d423c5b42d104b1b8b1ac107d255bf8c0b1
+Nonce = 1b8ae0243e7a773b6feda61fc7331b2e
+PersonalizationString = 
+EntropyInputReseed = c26cd1629a849b9d1363c5b3c74ffbfd1df4fa3aea9e145ca3ef80fd11cdc549
+AdditionalInputReseed = 89d02af20d8fbbf312c27bf77baa31e03a41046275a6b6e7b161580df67021db
+AdditionalInput = e9e8f4152883fb1678a94b4764954375ffc34fb8d5a8bf856315ac6d8f09690f
+AdditionalInput = e262f85f576d1b5e2e6c4a8ac6ea699265050649ee694efa3507f024776a40e4
+ReturnedBits = 73732bbc6af29452451850ad1dbd8d902e361988f4873b427c0fd02db6e947f60d44403c8568318f817d5dc945ef4fc33e038d62628eaf62bf4274daf6d9673e53e1a7db17010bee58b713dd7ebe7632bc8abcdffe1c76875532d93dbfd241ba76f1addf24b958b11a121811473028a5b57aa4db1341c5c765e9ac5e159fa78d66748f3020ab800a2d5cd82b529452eb991b648aaa53584efa93a2f6c72767a03d9c95f2bf3f6c1d7e64bc90669361684f1de53a6784264edb899b1d76b1fba5
+
+COUNT = 14
+EntropyInput = d62d1ea457388eec38ad2dea9c9caeb1db2b9aa91a185e1791aa9f56519480c6
+Nonce = be7aef076616921eaab9651c22cc888f
+PersonalizationString = 
+EntropyInputReseed = 17147bee785c3ab3ebe976e274e0321b8484bc560cfd9aab0745d6c9aca07c6d
+AdditionalInputReseed = 859bc1bd8d2562dbdd4dc823251ab87bdcd93c00f0511e49b8acf59952f39121
+AdditionalInput = 34db5184c08013fee175c439bb0463e94c1337f0b394507d482a5af00e1ed64e
+AdditionalInput = fd7dfec40c27d7502d037caa90c98e661fc9da05e7eaefa6011d100abb89c00b
+ReturnedBits = 47c4eccd0795608d9a2049558afa728d4ab959aacecd2abe6c2f430871161daeddeedee774f3727685ecefb99f320bf008e241bbb0fc3ab1e6ea5e0b5e3e2eed7ad7101d29e9693fb59eae588755a392b635888aea09542a8f8d0d549bb92543d216d4104df0dd643a0c1a5ea2086ee6cf32ad3cf8145066e4c5a6cbdca83027dd1072980de97aed7b34cad78c23e42376aecbc6f0ff226d78373f3506f21767e59031ebd406848f2b80168ba7ad2f66d772e75d6c39d6622b30250ec71a89e0
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 4ca74b8a44a7b48da3dea78194ea7a940538dde8eb7d76a1252189da63defc5a
+Nonce = ca78eda4bc14c38cdd717949ceea3785
+PersonalizationString = 3d9510a181c8f29e71e5bd43819dc50cfd3df46acafdf7b19fe072d1496c7bd2
+EntropyInputReseed = 4045467cd567fa0e18767f830ed20fc9083ae4ed3256d1f8aefd7aa941bb5a43
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1e1402bcb4ed4b48ba3a8c60e1fa99b75ad3c58d855892096c2801bed53b129a72e78996eef894a59790c038760ecad8879eb720d5e57a68077abdf1d1e53f6ad15559789f753386822ad2a2a43848061b559179c2a01b97b3e915808bb59e8a2e2447c04144aa3b5b4d0227b81babeda54427a2fbb83675fc7b4530a23b3084b96a573ce3fb4323f0147012a7d370442403429793fee435842197b13bca95b377929a0400f8d129defc66fdda70b25a784747d117b25f601150e0a267e793fb
+
+COUNT = 1
+EntropyInput = f6972a26b29de047c43345a76bc3753577e1ac9417933722847dbd89a6b4bb6d
+Nonce = 9362bc1723af097c8c598be8110b8a42
+PersonalizationString = a102e4fd242498c66922a35f933f7d528b167695b18d67cdc10aed53cbc7aadd
+EntropyInputReseed = 86410bfc8b1349c0cfd4dd555631811fc4f2dd546131a506489252fdc55ae94b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4f5138b34f8b21227fc83de2491fdd772a164a09de7eed7baa1dc424f124be713a47aca03f2c0c05af918bd6ce8d3e2e022e6d103da3ed72a258f41affbe68ea3b9786f920c794dd6624381a0422f85a30c53d33bc388708686430c75ec4f063f862061380e7e12e0778d9d8587b193d2a8e487b2c27cbba741e6facfb9e2e8443076220ec3c7f9ad58116d8360d3d3e204b0730f57b615bc971239489baf03c41412cfe0fb5ab12339e92a2d03d8f0686a40fc38ef4959fa57666a2f72b236c
+
+COUNT = 2
+EntropyInput = f36dd7a8a4b77c22c44bc7bd2efee79386c2716582d300a259ea3e276faa8bd2
+Nonce = 481f1f0de3f33a1ae9e7faa5bfcf6ec1
+PersonalizationString = 62442c1a6824cb7aa4b8abf9c702d14f631c50707e6281f2f549a6c8f2cc1253
+EntropyInputReseed = d486f001ed1c6f526da533de71219ca444ad5abf473786e84942e90055d4f388
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 56e924b71f6baef5a14bdabeb1a1344d542f78b3b471e06e70910f93132298b6cf890ab43e37526a4db95a03fd0265e099b15ca7edfd15355f07633c342a5a2ab0c129121aff32d29ca42f717627fbedec866c3a72695143572b3d454b4fd91d6bfe37667c3c227c4d9b84ba2fb8c5800cb9a3eda05764f76f9e8366d6295609956144f4f06e8600f07c9927eb9f9ccda20c1d1a55c9b5b73c7e168151d9ac1fbb34ccde83aceaa73d24d5b3b3a70f24250767760d18e30a91ff7628ad2c6db7
+
+COUNT = 3
+EntropyInput = 3e0ca4b057ebf647659277a056f13558ff1c0741321ff71e12fd18082eaac791
+Nonce = 4157d1aa482c35b7e9ba73fa7985eba2
+PersonalizationString = ef23c6a748530feda1de2cfc32ff061ae31d898c399d75f0463babfc0de9a155
+EntropyInputReseed = cf4a74f0c3918c2f273e18034bdd63d0df8a22f14b61474829494cf9c4896285
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 200370203d7a3e4afd9e0ae02f066af6d1bbfe3c84f68a0b3e3175deb400438ff1256b98759cffde3db63dbc2ebb6a51995924ff9754ff9b16e73790228705f71889d808af418eaa1ec9f435bbe313f017574d54146a99c8981071d7e1a42e501a149de20e3942f09f9787666c00ab2cde33930067f4db24673bfd63d499b828f6d0e5984464af08ef2e81c42050b6cea3192b775733c566716033261fa889860994f92ba16984263910cb109c3f202a09a2acbaa70737b6355e865eefdcc7cb
+
+COUNT = 4
+EntropyInput = 7f47f28813061e3e4f132237e6a908f65b5b1620293a2531c8ea1c44f2c6ca62
+Nonce = b41c4c21da4d1b67e1809c9a6eb6756d
+PersonalizationString = 466ab1ce90fc84f6ca57020530bebad84d4594ed5ac7cf084e9ea38d6d01db1e
+EntropyInputReseed = 67caccf5be8eb8d9eba2a8cc4865ac43947d5466e0a32613fdb9b2c34ae4746d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9aca27f632590923e07ef29588c96993eb8bf8c7c1f9aad8af3b2398b67cdacb3132dfc692a147c5dd3ca619e12ca2223560759309d716d0a7ae24f9cab9d3e08f88e2746349850c0ee091d37470f95757ec65cae822e043a57d637487d553e3dcf015c8da16590f2825f9d7162654be5720ecca288ee68efc93e97d0cc660760e3e7db54cded92d0fd6c616dfebc36de0b0ff1f32c713a2c12274243b3eb55dc4a71298f6e5f98f3e4c3a6b498a39911551b992b10c87204020e8cc0cda88b9
+
+COUNT = 5
+EntropyInput = b49ceb0631fae04d3d0c0b21dd4a8b02f63add7b0dc663b4956c8cbdd8976579
+Nonce = b672f475e57f348e40cc33e7a94d9821
+PersonalizationString = efeb44ebdfee7b5bef20e3211ebcf9bae5808f1a6424c069398573eaf341bc78
+EntropyInputReseed = 0b5359760923fded3866a1304e623b2aaaad8c9eea3d8f6811648646dcc993b7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 59777afa22f50a3fb05f9e8ffd891ecef8e7e5f9b2a7a74dff9fcbf0274ecb1470de44c36a34b4a04867da2e2609220de0b7163239c36b8e4fe2927afd9c5afd5a11e0dbc43dcfffce825df47b6adf4e3aa3a3435a880b661a8ceadfecb9825f7d6b974062cf97d3d6cbfefe77d3ac276685c013e656d72c82e9263a97fc670e0575c90c4890fcecf6585b4e3f7cf9e23212a0be35d53b62a37dbfe8db7c2a8fdc17d41d5f8deeca4a2597d95f82018a37ff7e9ef4f969c38b2072b152411634
+
+COUNT = 6
+EntropyInput = 40bc39c172dddef200e2b3cd4c7bc570b1d5516aaa64c062b13277160632bb2f
+Nonce = e7cb4974a87e9d51e4886e3c1605094b
+PersonalizationString = b1619dbdc4ab1e714c815104254ac0dd9c891335ae45c7032c5967e3334bb1b5
+EntropyInputReseed = 2cb283901722eaafe74980c91ff3752e02e4f53e6d54c67271278d576d954f8a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6fc4893819d690fdd13c16c3f93f83f03c1df88a1cd758a48a03de95790e83dd947029de34ae1989057a39baff01fd0f308abbc05291432ae9636a687b88505336fe7d093ab08a88b403de6f80dcaad25e9e5cdabd20fc76974b598117dcf571bdb528c4caa0cbf3b6437a04450e79dc59868084381c945fb8ecee6eb38aaba39c8a43bd7835265ba448eb7cce1cd4a0d6177357a54e1ebd5debe1dd091f26bcb060fd43dd3687e36acfa5f750af35fc1b98b93cf4bea13e3d2bf37e49eea8b8
+
+COUNT = 7
+EntropyInput = 5e03c2a2d9c5bb9b6bbb0f650e9aac1e665588a3582f20802dc2dd3356506e27
+Nonce = 32a6ce996feee3bcc191311cdd072096
+PersonalizationString = fa4480e80e0dd8d7105e72587be400d16d18b1d1dedce2dbe6a9ba74a2bcd22b
+EntropyInputReseed = 3d24c75c159cbb04de0ecde112ce6997a72b23e971adf3f60400b31f950fd71e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d9e412e6fcbbbd28722778f0fe3b14758db9d0138a05663d8e07b3f176ea391fef9e3d155c5eb2f60fdccbd0938f27b706e0fd5c64043f3f6b2fd5691844d48e6eae540434c3135d81d721af7ba817d2680d35b0c21556b872541a5f8cef979e71f7b2eca0a0879b5a65ea4da83a7c64fc0fc46131489668c5fb118337f86ff72eeeb7390223bf6e290d4329683e56e4d38c60da747841621ed9f5c02e789d9378fd3863bd5209352596603882b9f1357ac535528328ab006f18a56d4ac94c90
+
+COUNT = 8
+EntropyInput = 7362e7b3abc42def1852cd25c3576d22a928ae9157f05ca514227225521c1161
+Nonce = f0bcd040f55c36143ccfbc0a0c483efb
+PersonalizationString = a04eeba1e20694f2b9cc691b4ce128af818112eaa57ca68c11a80180f7c896bb
+EntropyInputReseed = d03db56344cce151e1c3aea03dcfa2647cce657390a77e1b92840d43cb0f7cdb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7937f5dfa1e73a0cba064d947e3aeebba3497266cd9ae498018c92015873b27c4cd1138ecfd6c6ccf44a1a4ab818e9519e11d7d3e1031cfa46ac7dfd3687ed544c814b55f0ab35760556c050b2083f094b8c08352f17b27be45657edca5276b0d1fcd81e576710c9aec84ae0ebd2a69eca01c12e5c847353089c9af9f737a9a8ded8e0b0f3871a8060dd04372ba39e9dddcc07b5ca13d7469d095eb8c19dfc6771d1bb181d71db21cae1817bec36e9f97e23861912a38c822d432c94c6cdd26f
+
+COUNT = 9
+EntropyInput = 803be39f89c6300061c589bda41c0533dcc5089b07cf7b1e5467bfb7a6d94b43
+Nonce = 8d79d1d17aa204acf93b5e487b4bc1f2
+PersonalizationString = baa3d2410b8e31cc1a8c2de6044c3fe7be2b69474c79333aa044983f37b3755a
+EntropyInputReseed = a672f57111a579cee411365b631899f8ea4242bf579e8cf39b2a2aa32963b6ee
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0362f1243a706f3520ed26450e3cb1b69cdb4ef49601bd6990177a4197ad12b36cb48e4358bc1f085f72959661a28d8a8d9dd41dee93c38a99adac02e4ae517660df9ea00d6c92647a3684134abef8331e338e123ec4998621dd51c06f7a36373ee1251b411ec1b881200c8eae26bca333aa8ff59cfa368354bc9d23f371a1c3272a9fcc2593a6147ed13b73fe28ad906d3e1f48e70da937fa0f6e673aec0efff824d7136da4a1db463691af655042a416daeb34dfc9fbe4fe530f4f2424f8d8
+
+COUNT = 10
+EntropyInput = 3e433738d587fb186783303c779ccefc8e1d15e2db882c6afd53fa86b89ff578
+Nonce = 80946678a7f7fc5b11d2d59747fb7ce1
+PersonalizationString = bf316564f0c6d1d68a8c7f92064c9d448e408c044775d95ea27063e61bc11b53
+EntropyInputReseed = 080affb45cd5fbd182501d23fca42c901c92b13d22d8446439762234fab80a0a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8ac74adcbe5127759d57ae3f294465505d10a9d80cdbaf85c4273c01ac7820644d52dc9ef094c927ba5cb8e83d70bbff3d05afc469748bdc47fdb3977bd1a9209657d0a1df7950785aa023b48fc5597c8c073000f32f6d8e4f80561446e8b3906426856ac1c2bfab704ff07e3721420d6ef88b0296e1bfae7f33b3f785238021064355c0659b88bacc90e7dab0e2eaf99eb53900772ca298d49e9586b4c5630161802a192c82fbe2fd2f09b86ec533908160db71ec0ca1d9d9a23f3c072f7724
+
+COUNT = 11
+EntropyInput = cac4707928097956b4cfc56c6a8b3769ee87b5258505710e0568c13defe2c4d8
+Nonce = a11277f7fbc6128976f7222b3fda435c
+PersonalizationString = 066b8009cac91a59d3460d3bdbb283345a4cd3261364193264d3dd59faba2c4c
+EntropyInputReseed = 175db3d767583c0f0f8e2ba0ca29346b9fa17645ee992f15da521116f8918dff
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 995e5447709a9c21758d3de669ad4497dcb464e89847df78877132ce64e52c0d6e2055902cc59fb173511fd492ef64054a91bc066fcf0f9ad8a5838e84f8352b2a54091108ad7acd1da2efde652ac39afa1a018b3bda6283bb5201d2f40dec91562c57237b7369f46eac6cf76c366d5ced40413808060b0db338f836272d44dab4ac7d11aea9b9b7b7134c294d491cc6c6a6fb261914003e47b9ac8250758b17cb7171fb19c9d39c58dca41eec2b582246eb543bfa4f700e7bda4bb3c049c002
+
+COUNT = 12
+EntropyInput = 9d6b91782698bbba1ad8da6e4c4310eb9b3160a3c52aa239eab1ad921135cb6f
+Nonce = ef7d91058bd213a3ad7f824c5af18b73
+PersonalizationString = 7a45719c6ab8c87e3a211509db52098e903e6e8e20741ba5e4a791ea19fd98ef
+EntropyInputReseed = 7a9c3b87583fb3f5aea4c0c139d77f56a7bb67c52e519b96082a120bf8621240
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4aaaf023241db7c1611374a5241bc66f3f0a7cc8fcaa35fee2a2c607ccce1c3578ef374b5547ada01f1a1ca709ee817ca22eddf35b25c22c82e111fa43d19c0f450b3161101a9cf57582a637966b14e1e86d60ee8115f5b7637b4c2c0b2b0026204cae931dc3ada6254c00f66653211bfe7c44bd65d087962d16ae7658b21756f63337cf050e8cabd5426edaf2ce81fa6ea0236629a481459ea718fdf8a7111bc769ee5ea0d8a5ef3c4159eb5398c2125e6d3aa6647c7727ce5e3a4bf8112179
+
+COUNT = 13
+EntropyInput = 0277f4f48f6cddff9481f6287a61960bbfcd36d54bbe5b0050fe7bc4f7f98a17
+Nonce = f39164861d05967de41c95dbc12ed2d3
+PersonalizationString = b167d406b7d8625b0c6b545b8ede35012627d6d4607863cf663da82ccf940a45
+EntropyInputReseed = 187e535d675170c3e20a74bbee35e82d9f385d8bd03ea5126d5ea5424ef9eb51
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 07df5deab86dad9564da00a05192dae58e057ff9a21aa147f3b8254e6cc2ec073f647610de413d37e2b6b64b1c8ddd96a0c06efb82044dd844e5eddcbf5d321e16587c4e8091953817bd9f1e135a0bddadf8cd34a26900ce4151b48edd8f84996f3d13a28af1844e64c30daa7b019ae8728bad2a8421a2ca021786ef8a49f03f2c003e95f47d1bee89a182e9dcc0c1b07b289e491f11cb016fb4a541b27d46a43e719fa83cbc4fa7c4c5edc81add01dd439aa152217133df5ed2e8e1b40b9d0d
+
+COUNT = 14
+EntropyInput = f939995aa6051217dfe6c80b3123c983669df4dfecfb413fa3db8b0de6d6d8d9
+Nonce = bf8fdab4bacef3c167bda56cd6602065
+PersonalizationString = 10f641187acad8d6a614da7b8045bb4e78519f1aa83dd06bbdc30cffb012c5cc
+EntropyInputReseed = 133c1c25aa0064f8a5290ed0c602b833d6d899143bb567605e1d8258494bdcff
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 79b4d74df2c621eaadde86ee28ab351aff0030aaf36782681245bea134b1dc5cc1a963d712668b89fa6d67a3624f1ee205428e649bdcdeecb97ff131078583b4beb1ce139aa357a7ae9ede304b891d776cfa5191d1cdd6c3f32ee01082b54efd0202d4ad3120940f433067751ca7323ffdd2723971effa1e279ec7c331eafd277d0e5ce827244a5aab717e175475607281592c19d5be070c46307e0a3f85a0591098ceb2d54c5d529c3b66a7743b60af9c7bda9ef354b305d15be191c3df8a7a
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = d590e539316f21d0201caf7712ef4fe278401a864572d046e5bb7543948c77ca
+Nonce = fc38e14d4d9f919b317757c2c62ee82d
+PersonalizationString = 471edd514fca3d6183fa91449f13cec443f1bff44d6960745c4e35edd41a4493
+EntropyInputReseed = 9c8fc6ca5bc11dd171becca66cfd449b03920171b03af3b7e97a19b77fc56187
+AdditionalInputReseed = eab6c07c881a00d9a129ce3b9dd1ee274bce032a056afbf282beaaa331ad86b5
+AdditionalInput = 95cd4131eddf94958e1f8fabf5e855f848189bfe381926c514abfc21f49a24db
+AdditionalInput = e0bb271938da954cb0bc13a5275276307d1995596461fa6764b1e69c598b7816
+ReturnedBits = 47afbcb9725e248fc10cdea52cd4e9e18da263f46f524f9eaa5c945b7578ca62fa063586ffc6a4643b5ac4394c1e0dc880589eb7ee7f663145f78b69ab51c6c1c7c96738538d77ce83a229faf89e1f75d14e6ab94c0cecc51da931b61d42f0b67b0b66330e183980c9a66539eec33c94f41d4c3955d47b19a2546d9ed031618f3698a0915ada23bcf8812b02ea50a540af9a397f9c3b8e1302fee609745231e86bf28536c52a8c93a5b5e29964f98ca8ef83e4b94394fa6afba98e84f50efbd6
+
+COUNT = 1
+EntropyInput = 1131d29ff15c335129364ff7e19eccfb7739d16f19bd21d774cf4ac6da190c66
+Nonce = 7de813c05fa6556a82850f33c2470b61
+PersonalizationString = 5504f7f75710d128b55842cbc34d0086f96eb55ce8d2c7b96b46f8b239451c87
+EntropyInputReseed = 99adeb9fd7cb52531405a94666c7ea61d5e5d262a9e447fa80c34fdd41d985f2
+AdditionalInputReseed = 666e2a3ab4c3e52f83698a5c4a2dc6510d9c4dac906cb6ddd40b2e89e41c2aae
+AdditionalInput = 65c39a348b42085bacf7897f0fc1782e141843229fec8c54a4d9384f6fb480ba
+AdditionalInput = 1cd0b974f346117b6855c83db4eda1dff8cb6023f2105498fd459fdfea5588f0
+ReturnedBits = f0d009ddfc4894d7a88db2d9a181f342cfac8ec4533f2699e348439464945ca9ea0e83f81d5c568ab04fdcfcbf6ada5a46d1f1db1d8aa64c0cc93169168eb4e2629bd7a3f27df8152b8e8f9c824ede23c6ffcdf455fb8c49fe77be64fcf2296dde5ced33ddd96939802d68ad8090fabaa232984c5d11a7e9de37d41d5fd5687c4f53c6004b6ee0159454e9062317da8fc3fb9ee6592567f4ff773973d19ba967c80b2098d508e44a54480398acdea6e4c3d82df25805ec3e36777b3e8fd66c85
+
+COUNT = 2
+EntropyInput = 6001b629198863fcbcb3d638a21a89f5e44e27448d933d1ec5e995db04d7b0af
+Nonce = 6c5e879321e728c1791a7de586c1a062
+PersonalizationString = 017db479a92cd5012d84227365a1eaf7cc6a18616c9750e03fc154a29668acb1
+EntropyInputReseed = 182b514bf192de0ee51492fc9e1879b357cdce0443bea968a16e482301234d2d
+AdditionalInputReseed = 56306863d47a448e745e487e9a07700c0c9b31100ca4b7012ee345156d28b15a
+AdditionalInput = 307b71f447db1360d60e93ab27d55503c8eb431ba9f93f871b5b69e1acbef597
+AdditionalInput = 5f22331b308b96b95de664816cfbf247f171ed9a559b5a970a4a67921c518ebf
+ReturnedBits = 73698cdb130daa90094291ddfd8f4f877d00c4c1caaaacdf4f47ddfa4c3a69f6b851698d5c0bc8d72d4625bdac42e5b8d51174f5f196e4285199534fb5b8d3ebf85fadde50c167092cefc9f51985fc871d6eaccb149a74da02d83b6f26f2a800b75065240b2b120504a9b18d0c7fa93b8a7278d0ac99745cd3d19106ee9eafc4100821e81c21795825f000b7fee603794b8b8591a2d45f6921362bdf1d4f36e57112c80672466aaf71bc4ce642df8ed1c63ab102ac2b142e6f1cfe6f4dbee1f7
+
+COUNT = 3
+EntropyInput = 57a7ab6fba6188bb3ba64c237327cad97ba8e8abb3e0e5f5cb7836eac6f84220
+Nonce = cad1dc0ae7cb76be386d84036a8ca256
+PersonalizationString = 5ce1e7e8784fcd5f9b3c408e37404dce6bfe3253fa77d724698fb03d3717c0d5
+EntropyInputReseed = cd2688318e41678edc118ac09f643816d00b9a982ab2d18d9d8834758b175152
+AdditionalInputReseed = 72defbb8a3f9cf51dc74632fe54508177fa21ef75a2d77b08a8e4ef67da6926b
+AdditionalInput = 0073f4088ee65a124f92804a58fe2b17f7c9aa98e0748a16390996259c015b75
+AdditionalInput = b559bc0b29802941df1ffffa4e60f89dd6c59a42aaa03f51aec9c70817ee4d49
+ReturnedBits = 56e78fa87827f0917af6c54f3e9cc5450ef20a293230d2dc6e44c3237f1305e92e9094302e04144e750a1816290e6015d63f0b6934143f739bf90e65e75943cf4899d5a1b9955e2a3cdd34947bc78eb17411dc204403f254c6cee5081ef20a5e4a68a7c32d2bd6ff5c2776854cab9bff863f8ac11f0f5d6d2252da573e68ce83e4559f932c74bf2c0de30a0b9b6b49f6208400db543e6434a59669990c69a782db3e9c4d7dccf266c701c4163c9599dfb0768ecb36d0b31fe9bcac295c40bcbc
+
+COUNT = 4
+EntropyInput = e5540d64d735136d926f300adcbd6934c505839ba75b6aab1dd30d1df7b780d6
+Nonce = 14b40c845f6b12ad151ce7c99fa00081
+PersonalizationString = 4c84b273052a5b3a81b6029ee2c059b2d53f49ef9a202420dac71987e6b4239b
+EntropyInputReseed = 7320328ad79d39b374c8d22d031c78efa3a36e34cd18f2656b1877802c215af7
+AdditionalInputReseed = 8f68db40b219c931a2fabf22b9beca8ca35606e45c28c1b2a2de9e278d662c1a
+AdditionalInput = dbeee1c63e04e57be7b655a44f9889ae91dd259535c06eb71ed92419b0d5a4ee
+AdditionalInput = 48f65e58ea017ebd01232d725554c0d90a03beeed367dcb4b7c095d488399b8d
+ReturnedBits = cb463be4791b866563ead4a0776c50dc776c47f7f832e7f46b6eb2c74585b8288aaf9547e0842b8f67e99ea21e7f5e7a0931ca2f7a613303340b24394d9cb0cff47fd41722fd042948af338721412559bc4fdd03b303fb9e6ef4a7eb82a6800f049493c445a8978226ad42b4977e0956fd097a5da3f09c8c9b729a6925129c7de30974bcb7c7fc5be1950db084e22937dc8d7545cf1e799b59fe3048dc05b8082f3041ba5c68de7abe826e5958782e1e3bdec00239e54c6de794d6040728e71f
+
+COUNT = 5
+EntropyInput = 0b890b1ee5592b57441a1da251898322309d9fec2360da39d49c1b0e39fd43a9
+Nonce = 7f49c4dd126480ccd0c686a843bfec09
+PersonalizationString = fe003a1e1e20ae73211fd34846b0c2c00c06418d8e077122c93dbfaa81c7cccb
+EntropyInputReseed = 2c696dbab103ce1f72e4d34e435ddeb5917822d3d5a0f844cab4813ce53298b0
+AdditionalInputReseed = 7a7202af0e67020f37a19c3291bafb8728156ad8b287e0a032f7244539ef9cd9
+AdditionalInput = 6a53c95d57c50a71be4343f458cabd56b8e8afccc7fab6d541d32ed88e22055f
+AdditionalInput = 63248b1cb483ffe2d796f289a00619fd308a5dbad18aa2e2d5126506e4537fd6
+ReturnedBits = db5d8293b981b1afec51e7160e157d50c3f5cb1bd7c426ec9ca04b24542b4492696da0be5998a05546d24e42df0c819a095bfed16e1db4a2732ee2e357e6863051ea9ef3ade4590a32fefa21abeed5ffa8754e7dfa657a1196944278cadb7bd04ef52410d4ecc8f2effeddb0f4bc60dbc3f1d288a8f9ca734108e92aec727fc21e97edc4180c81c6f71dd95fed31216b12a3f51b92d1cbe5b189c2a7b08e469724c7560257641811ff95681db76645b90609fa55459450878e2b1de3ad1dcce2
+
+COUNT = 6
+EntropyInput = ef6ed94db263c28593532d5a5b92e571ff893736dcbd92ccef249728b86c78a0
+Nonce = 98270d9c794a9198facfb8cbde48306e
+PersonalizationString = eed7020a2a7daffc2cee39f860c6109706b6363d6ebb09ee0dabd1debe460bc0
+EntropyInputReseed = 84174cffdd93796ba5b164f38d13652952ad14f3365316e78b4a23b9c608c48b
+AdditionalInputReseed = 79dbd6631fc43e664e0ca693d6211bec458ddd4c19d9a3baa3943757709277f8
+AdditionalInput = d6180a0dc8ac5525f31f17e6b0095ba87225f24a5011eb6979dc28714d3c2274
+AdditionalInput = e0cd424fbc68101ef21b75abadc32d0476718f6cb66a8f3164830337b3a76958
+ReturnedBits = 01617a514af26f86d5700b9858bc0e3b46c22bf6813850b5f4037829a07566f4f38defc52b16a8a2cdde264ca81192d7ab9d22575654b5ffa2d1316701860a108faabebba90d28cf10f2233259b193ba1b9410cde14b8e065d2f5891608c88122a37d673ed24c09fbd4ccc71100d835711a36f4c8c0a311b76e0ca7e48ab42ce6af5783674d9573f5c17722b2bbcb7a15e838ffe2cb385d06dbb8d6e94e2d6af62b5b905cb38a9ee3dd85c9c795de9ac36f47d78524ea711f0c8a633aefc4f53
+
+COUNT = 7
+EntropyInput = a36f5d5b7e19aaf433f2dc98ed6a659c1c8c2af9dc801813ddae512427eaf95a
+Nonce = 1163fa40edb9ecc7e158b4c478696c8e
+PersonalizationString = b4194c1eeec98147f07ed70cf1662671a2c5465d3c4f9b5c3306fe1297c38de6
+EntropyInputReseed = b083b96c9ac0f92846ad91ffb808072a1a69edd0883756f825a07a8386652fec
+AdditionalInputReseed = 0fd5dbb2bd6ce3c0514b07278081d64e2ae54ded4a458000ef47c3d728f0c472
+AdditionalInput = e761d087547c073257e718a5d3f7e7eade0b39de68988df96d28df1dc9bb0cc5
+AdditionalInput = b2fdbe227272bb621346b8ebd4a556fd25b47f2a69bd317160dfc6e003da6c50
+ReturnedBits = 56330c6b174a6c3a82165d0c9ef7a2fe3c2f5b2b67bf7ea4382a0c06b07d30d8288cf99d1f7e6e19b15cd5325e50189d2a994fd252bd80d5e0d24a1ed95ebc3db9ac4bce6b884725cebee031b5912214b9128c8ba57668806c279e1a67288b9574dcca697558531d093a2c14484919efd98241fb687f420c16f447d1ce0685f178b2379538315f590d61bbb823ab096fec182d92dc09e08de5bbbb26fbb930f14a662e31a9fdaef559462f1913868d3de76f2814affec170dcd3e5f7fd4962e4
+
+COUNT = 8
+EntropyInput = e46873e78e1128ad856e9029e4ad18260ddf864c1cf5ca2a8ef7a7bcb78514dc
+Nonce = 42e1758d50edbd72202a22f8eed72ff6
+PersonalizationString = c6f2d3cdb3621dcc61417cab936ce6dd6e8c25043c43f6122f5d51ae195c413d
+EntropyInputReseed = 115b3535fdc439990fb1c7dc1070c5f3b4bb95a7bd385779d7a61cac69b4145b
+AdditionalInputReseed = a9f73dc28c743a0f521b449b7febfff28e460e2f944282f1e5cebc7f89ebcb3b
+AdditionalInput = 3cb9ca33f0e7b6f825d9e08fbea99f93e6347b021871024077d23b4dd0c5990d
+AdditionalInput = b2ba05db9e1d7239662d47a40a3774bfbeab3ee56d3dd74d7d3919877df9c8a4
+ReturnedBits = ebb190a0a25725af7d133b9a5bcab789e984a2b644d313d9d3e1a6ad357d18b551504ac455ea102dc4ba0ca89b6fffff45f8e04faab078dfb5796eead685ade17851df81b0a6f526713339582548bc124401ba0de7f6c5bbba7b45de4d44129f5ebf82c417019712afa9bc8a5644ce2de6ffecb1da2494a01f0d241f4400979722a370b030001fc09e9c24f4e8627392b6a0885717da53255bbc743e33fe224867a0315cc59ee1cf8ec080c9ddb3c38df090841b09ea6d087594ae026f4ee9ce
+
+COUNT = 9
+EntropyInput = 0aed7cd9e51e965a89ee628e607fcbe2fc71bb1e610ef6c17ee40c7fcbde59ec
+Nonce = a62f30421f93edc727c43979cc17499d
+PersonalizationString = 2bce22e275abd56ae0ed54c369b36c4c4d773c32c27d70ad703f711891577460
+EntropyInputReseed = b08e340275b52c99a24b68b889d5bd14e3721e1f11ddf698b072c5829c62f55c
+AdditionalInputReseed = 4cad97b6733aa6e2bdb9ab87af0533cfce5663d488685da85344ef19bd7848d0
+AdditionalInput = 313e3b97dd599085047726642c53fc7fa4bfc24f6f6fac63df0f78c4fafcbcde
+AdditionalInput = 32d1ab7a47218472aaf5b7b50279162e215d803d27c5f495fafcd80a288f75d7
+ReturnedBits = b2578583990ded3c1e7959cba622339eaff43b8a4903d993364775db17efae5155311bb7e960ee5faacd8b19747aabfa39c9a87cb06d24b7780e5c51832ed53a32868aa1fc85c8230a34488b45a58c079a2eec313a298ea4ce6e4e403e1222c0ded49007ec69d594af35b199c30981d2cf9a38da5f1b02a47a5812bbf3f39f16d50c1696712ca95ce8fda4d5fc3c5624ab61c63fe0d27d85e5b74ac265c4802a9589aa16d861e14ec0ece99e8a636b54f05229bf31e28c85698b7296f2c2c155
+
+COUNT = 10
+EntropyInput = afc89579a094ea535a393b529d48fbd8f4c8d2e13ca3cb1a875f78cb327c447d
+Nonce = 3bf2f4aa617f83052f1e127c50c66cf0
+PersonalizationString = b0fb0a65edaeb27b7854074833cf22b0fc84da1ebc0b5bd5292826ad697f61e2
+EntropyInputReseed = ef2e9d94e59aa744308fa0295de6bca5c7c3490f74d363d17d5f87d5b63d14a8
+AdditionalInputReseed = 4851eade07c2f8c8a24df32101766581f8f7980710590d9f797deaee2309f133
+AdditionalInput = 0910ddeea8c1fdb4c6614dfb4f42381a2250494167794dfe449d8c576c7b6f23
+AdditionalInput = 3e48a55b2d39800f465460636fcf91a56f0694559631161396c774fec768efe1
+ReturnedBits = 49aa71fac676b098f2c8d30717051e5ad9a7b6f152ab86260dbc297485b79b225ac3ec5b12d54119ea16262ceb94c9c662cb7617ef10b1da8ba249eff5ee9297b8ea2487d4f2d30601bf429028f6b850f3b7b1d48d388dbaf067f6e53247d496128ec29d99a363b1b69436cf519012418da694d4f17b999df31b6ffad94a364ba57401c23eb1b308d4bbf3a4e5d636b8526d424da37fd010c18ab92ecf6551475edcd618d01dcc9c2b88c3e62b57cc58b95853cb86c242d01dd4846357f4fcf0
+
+COUNT = 11
+EntropyInput = 8b418373c6adbf3c5c6feaaa15157c93d331595f5724657f547a4c3131fae19e
+Nonce = 9236a820899dab6dc8912ed188c2f05b
+PersonalizationString = 9b204d4d18aed17a53568186314ba22195619986d19ca5a68c56ff8e59c6614a
+EntropyInputReseed = 2a025cb9e6891e79dcb7ad69d055fecf6569b2bd066b34b874f6fba77354995c
+AdditionalInputReseed = 2c0bcd37f8523bb604e1715116490cb5fd8da2d4b97385d15f67d533da435c46
+AdditionalInput = b50931cd1d18286a313e9e5f7dcd314e860e67c09b250c548a02d13bb01f0013
+AdditionalInput = e91ce46e803cc464074c22d569e0f882f1e6cf3edb8a3a3a1e4c55247803cfd3
+ReturnedBits = 53129335883cc7d67a44870b4d2d5f3b2fd1c58c4afd426a76ac3958f7ba51be4fe4189caf6c7f3a7588cb044a9c6c30c28d4d5dce05d59fa5c24a2218ab4dc489e68f07df355ae0624ec02324fc4bda816e7f491cca67fc1e4f994433fb1ae35e6257083f1acf451c715d428705f87f69b2feff5cbb0499f583c1d2c6b908a95b41b595552ddb92c99c1360ae7e1c53d7062ea83e6c3c2ad6d0d6a2494ab2024b4ee83c5b3a9473f9ba8b636c59e4ae1a90bc097b05580cb060f47660962567
+
+COUNT = 12
+EntropyInput = 86c6592a1e65fa9412802252bb7449710614965c45b5c827190b5daecb9184f1
+Nonce = 6c9ec40e1cfc857f81b18aa230884ab9
+PersonalizationString = cc87926dd68d6a268324aebb786672199fc4d0556be53a07d45c431f310b703d
+EntropyInputReseed = 06d762eb36e6cf9958cb257bf439b125598ae1afa425b9211ae422da6d1e11f2
+AdditionalInputReseed = e7b338dfb48d52e81cdc91ad3b431e0afb8b1f8869ca5aa8582736faf9bee76a
+AdditionalInput = 702c10399d92f9c780d6c7797f6cdd732adb334a38e38ccc03ad2932ddc0062d
+AdditionalInput = df0b8383940427b32a41137536ab4e9f9c9e0945f9e384ded8410c0fda707aa0
+ReturnedBits = 1c3432d73586a23629c1cf93c91d56cc1c46208198c12bac0c234407e97f3a84b3d1e87688bdbc5f8ee54d52ceadda4df29c657a1008d018973458c552af76bf146b21cc0ee98c8b9749ffa0e55a87ab24c11d9a8099f4729b9b0ea1b3f35468db1ad23361217cdf04f4c9f044bb9481949a5a5d07bfb04d832b5313034c25f32fb30b92629db7c7fd53bbc1501bf544bc3feb4ca25b27e3bef2e284c7bbc16ee9ad97a208c2df2302559528cac8dffd191deb4f32e7f27e97594ece3f752749
+
+COUNT = 13
+EntropyInput = bef2f173e73eb38e87675f4d5ab52bd3659d6be094b524cd32effb217cf15c03
+Nonce = 51438254cc16b6f7066a54fa197d17cf
+PersonalizationString = 6455367b521f0809c168e9fb47498c39733ac17bda864d0944394f1f1b3198a5
+EntropyInputReseed = 7685872f96fc2188d0512d97fa467c1a6a6c4047e12e5370dec992f3969c34df
+AdditionalInputReseed = 339611122b08b8eac442cc51b1bc6832ff07688cc3c0e1c93d258434e9095e64
+AdditionalInput = 473782dc8d7a65957245562ff45e9dfd0a8ac5c9c279e5e98fe1d356912edbc1
+AdditionalInput = 538b09d0e458c916ef75f6f64f0b55ebc556ffa24453ec191f17cfc7ab655436
+ReturnedBits = 95715bb172924503b6153e68c7b5656423ebd13215d3c9a6a8280636ce288031a8d4407063d4dab981c9454c7c822247be65ff9f3f4ba0c470eba79cbec0a6bfac935b99945e3824ddcc9faeab3e6ad3a914792650f28eaac0439a75f724dbb827c1c6d462ffffb56d8806c4850d258858d1f5d0a30da760fd5e7e73d026dffc20302fff67d6bb08a7912b585bb7b2d1c9633f6bcea3665ff0f9171d12d18af2c0c01652ef63038c6693459960d0decd1485e6ff837c2429838cfe18b8a5e2b0
+
+COUNT = 14
+EntropyInput = 955f1b30c12e617e5f93020fc851c9d0b51a0583bf79d651db4afbaf63c15d75
+Nonce = 57a59f295e80b4da4d9b66ae974ead1e
+PersonalizationString = 75c7f45c26d3c22bb15d16ca7f24cba12f204a374e139a2beb071a5686a1f358
+EntropyInputReseed = b51d6e90261533092dc5df7ef9d9bfa93ba97f868918dbee524dcc7851cf3255
+AdditionalInputReseed = 8ca7d250e025036f03061eb1d7cdac6561e21cb7a834e18424066c166eb7bed7
+AdditionalInput = 4a74bcd4a3f67dbfe5570bcb0aaebc1381e1d978051431c65fdc492299b63904
+AdditionalInput = 7f2c22c73d130f083705c2093fcc4ac19a8bc238fe66b617e1840814ad83c162
+ReturnedBits = 56ac85f44b9c3c7dfa5b7994fe3908d39341a035df8a4d0deaaf17034248a010763c37767ecb7a5309c3a5c7588a1bb662db02e0fe9c36b7cec39693e2f3c4d8b81fe6f213117cbaf1da94d5c147001e7526a389e364428a12c5b9be1cd4c9e7ab75f8a3026e1f388eeb4d50a3c1ecd72bfbb762d12c9080cb956543b44f056f6d05e90742bab6e4611463a0e11d9f61ae378c774de3486e229c63697ffe7cd058ed6883351fa8cbac514ea433657d6d8c7161f018b6163cad00794bdddd779b
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 3a1525f7b44bda3a769db0132eef35b8f5ebc0e418f86b810891f4ba15929447
+Nonce = dd861c8849ab7737ba2bd9ec77274ed1
+PersonalizationString = 
+EntropyInputReseed = 79d68de6103a532946f7d585c97cdfbf8d48d3647ca86d4461f0d23c4c59c30f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4ee1e00177f66662422ee7843b1292e350bb35e771010998d3ee6d54f820bd0cdf7d4f2fd3347814b6b39f98d518302a6dc929a2a3171b96cceaab8496097431776ae1a1b227280361ea3b65ab6b0f893e6d89ceaeb67a0a20f3b98501ff97a184db4a4a0004720ae928e1522d6d13d721174caeb6f2d08741d2ae8905e184253d7a98860925d85e52fc857da8c5ef504cd7922724f6c29e7149b1f5c244d1d287fea8e16eb4ad5c9df9bb7a6e214d05a720d112876e87435282143be237ffba
+
+COUNT = 1
+EntropyInput = 87abfe2b975293ed04d650b6159519a77303817a7dbc8e2095a270067bdd612b
+Nonce = c358ff1c67fefdfa03c586e33f812dd2
+PersonalizationString = 
+EntropyInputReseed = f90609fad8e3b9eb10dbb11740608567b14b8a5390b860c4419d14a83032f33e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a57e746817d6e4081cd91d613439192b2725f42047ed1066bf9635480090ba9ab7c45356dc85612ec266776bb54d8ce1c1374383619f8f4c49569f228ee00ba2066db3b11fd3f95b55781485015556ea1c61d94da740b3938346a558a75e62d2a6c4673f05776f58f5973db357908c71aa2f12dc56fdfd2a9139d23a81d17b99ea90773f439229722777faf5775b062c05d20a0d46f28bc3242c7fc55a6ad3e8c70c6435fec8c30cfe8bc43fdc35882ba1319906f849ef532b176ce10094e53e
+
+COUNT = 2
+EntropyInput = 722e75afc665d4e34e1d15209b69e85a062a9d853d82b5d9b7e70ba47668862b
+Nonce = 59a97d2c6dcc1cb75c389cefdc67866b
+PersonalizationString = 
+EntropyInputReseed = 4c2fa28afd4d036e06f381cb4adde29db272539930bc3ecbc9c7c1e29ea10653
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8f80ed11ce60a25e2484f4bcda192a70566ab88475fc8cc741cf996eb482062cce91e176052e4d1c367f0413f78906b6456dca8e46c1e516f4b903426496f6d3e2547d21c08ff69403380e12401d34fb09b0b5ef74406de44a8646cfcb7f90b016f536b1b547bcf9a23253904dd49a985c45cbb188dd746b49874ba202e0885048668230646f93fc4f5baab40ef1b0c2e9d6a457f315b9f3d1d9b5a6b9148384c74386b2f3138a058a6a0197376cc3cf50911c94935d218b138100f00377ef69
+
+COUNT = 3
+EntropyInput = bd787bcbfca643a816badea5be543d408971aa836b5bcd979e52ec4603715160
+Nonce = d3f32bfab60f9c8bba0afec7709ac045
+PersonalizationString = 
+EntropyInputReseed = 057cf8a4eed6f58d08a443c84e8a08b99438bfaa3ca308916dc13ecae64ae875
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c4a8ac17ec39686823865b08008d7599e72d28e54c2f35bca55144327b7cc5cf07941ff39699e6b595034ab53f5bcf7dc0318827fc3796419c5c4c80472b53260c11b4daced6107aa9d3fb828e5363f0b959d492d7695e20ebb57861d3a18d9e385162aad85c1733d2c7342d93fc9f2a118555627e89e20de2223a61fba0f09269e754e0573918506016b326e2badc7a69890bff9decefadcb9e8399c1674be02b642e9d0766ba30d52c6b69869fb3779f887e1278a7814bec295ac557a48287
+
+COUNT = 4
+EntropyInput = 74bc83bccea012367f7eae57355ed6720e05347230b001da967e57d4fb937493
+Nonce = f3191bbed8faf01c8ff27a47f3778e3b
+PersonalizationString = 
+EntropyInputReseed = d07989ab8932dde735ae78013920ceb54658e539ab81b376941bb79f4a93e0ff
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 833d817dbba46cd9fd74836fb74e67dd8d1a023382caacc8b62f3d314d2075e2e675485003df137af149b338f9d7b4c0c40067d0ea626fed5764379c6d4fc562d7650fc77b0aa8486f4961d98bba03eae6e25830fb3852aae59f4aa02aed535fedb98e173c7e54060ebfe8c4a19cc76ec6ae56780d5f338261594d3499a05c543f5d9deada94f408d9ff0a33f635d0d35b78ac91793991491441d00b38f3c8b675ee60123853a6d6cf0ab97dfe3262509dbd94e26b104a5551630b147387f11e
+
+COUNT = 5
+EntropyInput = 94999ef5db32769d1bdf777b83c3b6e96172dc87ad99658b6b5b46cbb0597984
+Nonce = 3e18b75d2a203958bd346c9b99fd863a
+PersonalizationString = 
+EntropyInputReseed = 537d08ed111a377e853a1de7cf025a83416ba4b8a3f5ac533c01b1bafdeab9b0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1797e8ab27181ed1566adbe45c541747d678168fbd72078b0d55c203517a14800b52d1159db147fe175627e5192c913c068c03734fe40588c39eb5371478ce51982fb7f8239f448b8fda022987053458811dabe7b7d88dc8d0f2b084a8afcb91fc87fe61780ecff8c827661f7dbf44429d369d6193a9dd25b3b41502f5f35c742f10979c1b553600c2ffd05024c8f82d54d687f6bbe775e57bcc0a147bb3385ee8f3ebb72e6804d0205d201ec0a8d297ff92810971d195e45de778e1e102a5bc
+
+COUNT = 6
+EntropyInput = f2787e00c2f51244d9bc3782a440017c570f46c5d663d59121440ea7d3b9a4b6
+Nonce = 37f56af47a98c8cf51a6083ef5a78360
+PersonalizationString = 
+EntropyInputReseed = a348aec9b60f840ff0989bcdfe0d4f964b4455a9b61dc1349cd97870f1cd2c77
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3cc0c9205d4967946fabd557e6fe01188c142486e2c849e24d0b46e291691035b2277b00aaeb0b03e3954e8490456904f2bcf868c913ece4beadc44684e16e194db70bd64e1d3331ac97f8169b5bf89de5b7d17ce5386e358bc99480377b876b2cca518775efae2ce738bbe44e44d9fd38855343a76b6d3f47d6afdc6653037f2dce1cf12b57972f1b716be87e920716c01a51504733d607fe8f6aaf0683190da7a663d14fc7806d439449030b3bbbe31a43b662b436e69be650177291834405
+
+COUNT = 7
+EntropyInput = 199e1e386db6a147bbd111e26b435e424482f3579288e49ec4cd3c3ca5c8f610
+Nonce = 658b4c4213030045181202c40b80fb84
+PersonalizationString = 
+EntropyInputReseed = 40faae6a5f89c643db2213882f3d78743d4c7a2c82d9b457818ebaee770c79e2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d7efacc64efa9b16061779a2e5242482972f56093c3704b2b878245664bc6ec25a4e8458838c675228bb9216c31557d3dc34f5d8122c37826b0eb6d49d849b9205b0b0630567074f4fbcc2afdf36b7e484c4e94bb1eb67944bd58ab9d51d67ed6f9d788ef2fa420505897a55a7d7f266e22ec22bf593271475343a79b411c0694c7d65f5a6687492332f66fd2dedc3abaab8745b33aeba7768ead8e37f016814491962918be3edf6a7770528ff8e031b1c428f8412d01a7526c9c4da630e47a9
+
+COUNT = 8
+EntropyInput = 6d0121afb3ecfe5d8f5ab369690059ea22e389c3c917c9e3d11e43f028e84a7c
+Nonce = 7a1dbcc31d667f4b0ede1be363ff590c
+PersonalizationString = 
+EntropyInputReseed = 60dddf34c1aec40e64a61ba8569a775b0ad16b1eb9734296341ef93464fbf4aa
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9cb4168ffd0c8581684034a69dfb926cee692ca862b50a32e8fbc61edc17121c56ccb4e476649b7ca430a985813566e33a6dae83492c6232fecdef213c7f88f260d4cc233a0f4df746a016a8b8d972160b49c5fa17d6df895c1abbb708eff472237ed5fc1c7663ae5275b2f075dd5fd3a8122c2a36b6838c315d851226f562f06eaf2451bed70536a9da6b03e65afddb189eadb9bb489d2ab30ed49eb176a1ab17c4f318595624875af39ce7ba93e3a339bec72dfbde726bc6983c6b6cdf5b57
+
+COUNT = 9
+EntropyInput = fa457931cb2185a90b20567b46821ccde5ff2a0ad624e96ab7572a8cf4c31015
+Nonce = 858e32ead686de7107a564198370fd41
+PersonalizationString = 
+EntropyInputReseed = d301376719f4188d6e165d61ee2a1c15ed9687559b287a175240e5033a827f36
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1ff39eebc56f2be5ad2d497f717a99af2c01a12e95fc2aedda6e89f771e89f0fa101e9be7e524c2df4ca5f9ea58371464b8cd8646cdd0d173db564a929efe36bd9a8e0d590653c8a0dbe9f56badfd9ae580b0590c16b6e965298c06a1351d4a1108c0449f7284ca4f380605eb626303c9fccecd9458a5a5f0b9c21d9157b8788d6ec1a88840f2af135bab5d9c20b0be190867c9a5d462bb67e84b724e200aded1fc03428a7218445d7268d5141f3f9cea3e67fdaf12b9d2e8495348a5c66327b
+
+COUNT = 10
+EntropyInput = 864a923f9893e7b95a6ebc54945cae4c86f1c137f5c152e5233f7d7721713ee5
+Nonce = 5fe1b8c035a74dea52a2ceeb726f2b6d
+PersonalizationString = 
+EntropyInputReseed = 1a3395c354ab1fbec94b921d94332782e1791683df587da5c9ea5d10db02a198
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5d7ae9c206dc91c2c639215a00e1e62203a3c61df5615abfd5de5d448fd44639cc5f422a17b443879c2ea5255b918abbe6c7f2b995e3e493fe859617125890fb03013b943959a12db4b59eb259ad2534b14163d4f2f3a18a29e8bf0aa02ddd7ef9f9e3eff2c9143b1f77072d862fd400d8451664344f70d191480e278360f516800414e2685a20374961605a5f82cf5d2c9eb69e5fbf69d9c6d8ca30208e700e4fcef8866d1495e59c8117d0c0d8195061dc4ccb052b57c190901034db9bbdd7
+
+COUNT = 11
+EntropyInput = 1f257fd989a33158e14c52298647dbc4f1c155e2e36eb742d9ebe13985017b24
+Nonce = fbe848abea206ad6b4e4322ae36b1073
+PersonalizationString = 
+EntropyInputReseed = 7eee4e65db0e902519550d23ad29483a157a08aa925bafd84b890f3e1846b04c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 72552162572c361374a33ec92928e8944f54c479a19aefdcdc031f69f40fe5e19b51061c633a4cff1ca93e24077a9c61a64bb078fcff763a055d0225e73c8d14621ddb440b74ef1df5d521932d2da5d64616c91971202a8091e341cd391bce5e73ca140502a523a818af465f50f6a75a4e0242fb4362a196a2b90c4a6ed81faa1fe5a1bb558fdc911dda64b1e6fc5759bd13723a80c38831ce6f5331f9e022578cb87659f0cd22ea1e89933ea8a9c41bbefc75792b0d2a65b151feee4d60d930
+
+COUNT = 12
+EntropyInput = b2f0b9455505586124f018d818d230309335651993fc66a1a5f845f9f4d04096
+Nonce = 40d7a9c35437512a30af23cb96f2964f
+PersonalizationString = 
+EntropyInputReseed = 6448f042dcf859c0d2d5f62333b6cf5c59c109bf93b53977c2a34de736fbc1cb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 91f6e9a3b6311a2c1794f2910e522373225f25c33b71bbdc73e0f2374ae5e9724580b8467bd3bec2451512c1e108ecab60b130037127df4995739d6a6a2620c536939d3a4f9b6b9d1b31bb5f1798b71e8e00bc11444041e59d65a8fadbf874ccf059552e763857a2ebae7cdc0d8bcb537c09814434ce0add7cb58eb5671460fbd52b876b5fa297a173bbbd30d6c4bb6680539ba7fa4d987195507d49ab96d1c17958adb9b7a5f048dd7e29b12b94062ec6623614b2d55456914092512ee2399c
+
+COUNT = 13
+EntropyInput = 50d09c1c3eccb57eb084cf4fc8aba0be5d9cb8b0fa5f87d3115576635176e7f5
+Nonce = 31918b1dfa5b1ecf88a495239052e0f4
+PersonalizationString = 
+EntropyInputReseed = 7cf3194025093ef80248b1fd70ae38025bdbce1805677aaf50491a57f4193934
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc08b2a391573eeb7f77cb79435fdcf88fd88e82ad09cda33d2580ec9a11486de39ba210fa1326ab76390b8bd927458121c0784c3f9d947dbfa1fe227f0c5ac64b94d3839cfd9ca093b7c490051c187e72977fbcb3e0b248d870af3bdaa69ab022eab17c58a3256916d7b4033a183f44e94fd4e9586c52efd2df0e9db4487ff9a7664d668c4760128a2e2a22e81f590c7735db60161b01f7d791acef8fdd1f63e9d07f7bdda5f5a6cb2e7d9b1b9b405b09a5ae255a3a5e2526fdedf8b39b7637
+
+COUNT = 14
+EntropyInput = 8b16394443b333bebf4020c3519d91b8a813a957a9d0767bcf9b459c73769466
+Nonce = b022bc3c5136a69d56ed554fdd4021e3
+PersonalizationString = 
+EntropyInputReseed = 746c7e786f324979c172baf2589aa30c29be16ffd10274c8c04bc98cbb29e262
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c126ca7138c07c3503018458c80186d15c70885c7551caa3699a8c168db06bf810896906be69085c3584d396cbbb69af58dc3ef8c50539bc2992946dc2127a8fd2d6f8b37c5afc4a7c9f247ec54462cf3c923df8e18c3562d41599c08e1c646f22b43563605e6475439815d269aea38c3a4222930f6139dca799a411a4de77b176aecd731d6a3f676db19bfed39834501e2dca4097a4dff426f579d97aee39c9f8e022cb91fc6276be84ba335f14918a345418a4574d04558d9b396a15e670f6
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = d82aef0c80eea1cf49f892282a2f929bf3751f54e4717dfa004b08d84cf64148
+Nonce = c9ffd92f7f54e31b39c5d58b3bea0a8b
+PersonalizationString = 
+EntropyInputReseed = 3ed87aaad9aba5dcae35feaf6e85e7767c4838451ccb502e5610ad0495b852e6
+AdditionalInputReseed = eb52b5959a25ce1030cd6a6077ae675af2eb0ecdea2b710a196f1e36da40fb6a
+AdditionalInput = 8fbf6a38c5e050d5bc6288132050ed7eac755462ac3781fd1300f342a4566054
+AdditionalInput = 5af9e2b27a5283fe3c88cd70eeea0379b007ee0e416d48fe17921ec182c22865
+ReturnedBits = 3c998261e415d33207332fd9a076db3efaa5440bda02affbdbd5533695c10dcb77e0f05e17591ff57977dc4bd15e4d88ef741a9b4aa0b4b0fbb438f65295269f812bbe86fcecf76a9852f30bf1c829683aa5e642057df423963a7da0ab08daf516cdb04bc3e43bfe0c73610db59e6718f97433093e025352d2a0e537ef6e08d4b8c63edd0a05e9a43be07178a305f8c1f2e02431931262dc85d28dc5bec9856fe3eefb1869da8ae7f0711c3e3a157d3caaef8192a4c1879d40fb3bed8eecae4d
+
+COUNT = 1
+EntropyInput = 09dba618de17089c6d05474847e6f84f7b412b62a3d4e84eb0b2c19195a3ac66
+Nonce = ef0fa139712c043f2c131b7d0f0a7dc9
+PersonalizationString = 
+EntropyInputReseed = 2ca2aadb5b700ffb4cd97a078c10dcc4367fa598f1c0740e775c1dc5917c9d3e
+AdditionalInputReseed = 1522cb884a7bb9e35c347a01118d8c76c0e01325c92ce1e94138c337193b5680
+AdditionalInput = da37236597fa4aa0aa70ba591ec2682dc9bbc65b0dfded3748952a2f4493988e
+AdditionalInput = 43670ca6b4b93243db4f28d47722381f14d005e2cf5bd2f5c4e3e5d2eaea139f
+ReturnedBits = dd333186c5307253f9daf1451f38a0cc5d8605fa2c7df35638137ac87d9c9dbc35bcae54741bc7c139b55408123332ca2bdd949ba2791a7cbaa240ced48738e0a603bce126d7bd4e18de8e6baef114851d0aaa4af3f64b4654159f6277da0576cba1e5bf3f515d19b9baea67d287066a9c35d7cdb664de820884cde082542305295715d0217b149d1c6dab9b7bc297ad61cc4716f1a718171acc57e17a820081773ee402eb8ce57eb15bbaa8934e2d5e1ffe51972a23b85aaff9c1a607b806ca
+
+COUNT = 2
+EntropyInput = c419a14544d205fe1884d07d0734cebbdc739b8fe4a4f9d894504e01f94d2029
+Nonce = c982e021437fb30ad039c613d1e9c3c5
+PersonalizationString = 
+EntropyInputReseed = f856a36e9ef960e8cee03a8d09b9094b95aaafb9dcb1dbe1b7574792cc498ad9
+AdditionalInputReseed = 83da55702e36dda245d8b50a9ff53bdd2aa4add30710261506c2451b0f27372b
+AdditionalInput = 9d730d4607118f85bb7c6acda94fc6f9d5287d7ef4208dded8bb687f857ccc5f
+AdditionalInput = 4434c3a44f56b7ac9c840795cca2f1264e619987bec689ea384fd081232ac270
+ReturnedBits = 791a928a1f11a26e8280b48a9c6f2b4652f4a47d9744ea3e1fc274a646c1bb7673f7039f6c041b177044e710516c6ad9de9501ad780ae9694475163737f900e67282e3b15ec898ed4a2b2ac1a07fd643021e59fd5d365f87e07838ee922afef2b8b5fbdc92dc00466d6d1e32258a02999bbc7e9ab39f7206ae6b92c325bc064e56b9ea239feb37a7d4fd091d23c5d5f8f1ebf80aba67fbfdd409c964b5f7cdb17fd1cc0742c85967a5d7e7989217723e64267d04187858828fb6ba646f450343
+
+COUNT = 3
+EntropyInput = 62a081a16b6c44e346cc313f85c874bd5d54fbb55c4f23a3d9610ba1e9c22543
+Nonce = 9829b90609642ba802dad8294694349a
+PersonalizationString = 
+EntropyInputReseed = 477f969f0bde02695b65d1d9718c81bbf582eb0ed9ecb8ce42592729cdf3ee4f
+AdditionalInputReseed = 0b0bd6abcb2cac274ba17ff6553fadc4ec5785327025f2ab9da972d5e9c3b62d
+AdditionalInput = dcd67ff441d01669254815d63fc34069515a86d316e9ac16e7ccd4089647b2dc
+AdditionalInput = 442a223390f320bd85e5afae39f8e89611f2b538429439ba06189ecf47a0e86b
+ReturnedBits = c8f524db77d9fdde8350bf54d3836bb2d6f90af4f9bc58f7e3fe7c1d0bf5b9d957371cfc14f14e05251da1bc6549ff365d495568853976e1c4c0a72cc274470fa4187857d9c8a0d18c67328f4658abd3e185bc509ea13155bd025144d9c1e32b383015c5cd00c43e8158b7c3e2114468613942bc79819534925cbb7de45f51cfe3f02067c8da704fec8ff90214a23f5d5f215173d7ca53dde1965ce1813ea3673c59f5167df72d3d0f0916baae7b79c0b118606c18335e025cb02fda4edb5acd
+
+COUNT = 4
+EntropyInput = a3ee987d7ee7192343e2e3a6562117476b605eb4f870fb6225c2aa6ad919294f
+Nonce = 227321cc479b6eb406c9be712fdd12ad
+PersonalizationString = 
+EntropyInputReseed = cb68f2f00fca6aa667276f8ba4dc18ddf978faeb0ebccebe33b7bdbcdccf916c
+AdditionalInputReseed = efd522aa9e99a3e657a17fbbc8ec9a42b1fb1b60d29d6c3e183f9b61a0bc7ab2
+AdditionalInput = 73d16b17adb32965f1e8930aa8c11e52eec50d78da41a457b07e1f5f9486880a
+AdditionalInput = 06f42b7f335932d0a5096a78992077326c405304ef142a5d5a7008d86cdfba8d
+ReturnedBits = 1424ec1a1d15cc8e368f711df2a92d7829743e30e0bbf76666854df4e15d72bd52d0453f370d82d438db2f458576197f4fe78b13d05339787d91c8563ec3d10701a794fb3a55556a80d8a485328bcac00dd0d4871e0d19902f09b1de9b663c02f794ef63508a15bf1cc4b485ff5df34f952da22dfed07a5602b555a74cfe6cd7462d0a9d1f83c72eab6f48b63443601df6d169424c32348580a8961f3b1a16924925b04b5440b25ccd159ee598107331ace3674ee4f953f4124b258855d76c07
+
+COUNT = 5
+EntropyInput = 0fc7b980de08121262a3479867fc2fc737f775cd2514046c49724277f8fb5ada
+Nonce = 223f8de6392e2c25d67ce8930d797450
+PersonalizationString = 
+EntropyInputReseed = 3ae78a5cb3ede31ab5d25776313be0821a4bfd7e865d2e4ea97a97528c345f9d
+AdditionalInputReseed = fd8ff4b35175c8ca806ddaad94aafa4414c7379452139114bc9f8e9c5c174b57
+AdditionalInput = 666167e7a8248c9a2e557969e65e7c81cfc0e58b90745b3ab9f4510923d514b0
+AdditionalInput = 5146cb9efd5b254b345fffe25821de097b2dde651d3438c9d1a654c6c2fd9e8c
+ReturnedBits = bf8e2edd558fd960a27eb926f634863a2e698cfe69a07885246170ec2d3d0dca5c4b7da486ab0272672e110447594085dba6c6d526e77a66159c3bdd53d1a8eccd11ddd105908adb8e4b2e8c3f192dd190e4b6eea9d5501410674e1b7c776e86587e55cd61066966cf0191f4c183250cc09012494560bc60c1179823e75dd77eb6d498acd3b86c1717d88fb77545f11530c9784e71f3866bd28c61fe606ad9cee7c0460d5bced0b35f2e66487cd6170166d181bb0ff0ce829d3457bd4047917b
+
+COUNT = 6
+EntropyInput = 46efe757b0d0af6d84dd5d0ada0e0fff7edc9762cae0efa4e1712a81d11d39cf
+Nonce = 38092de5985c03ce920d3fde5111f648
+PersonalizationString = 
+EntropyInputReseed = 9856c5928bb4909da462c0b5073e707a85c2da39feff257df76d644205473351
+AdditionalInputReseed = 56d626c07fc9c0875d7cc52f8ed9f94c3407670c83a90574395de983d9ae6a62
+AdditionalInput = f62867a436484b5f53e311a5e5b30cc49a0826f7a9bc0c2b774a960f1d4fd6ca
+AdditionalInput = a5f3d9d91523047bfb4df62f9f63ab532c8dca8613089134dffeff53b5f95a09
+ReturnedBits = 2a5007b7db39faf09f96993621cb222d4799f4a388098b1350f95fe5e20a27e9ccf61acdd615b8109e9fa477556e05b03aebe30ceb1863b2ae8da742dc50f87d1aca8e5a7592d4a0cbda0d9d28deaf9a2ffb7b96757a17056cbbaa953a49a1a3d6e804b430361212a242617758f87257f68dee946f0af935613ce83c441b89b4f0faa5bcbbdebf8b060947699d67b4c0dcd275599a694f9ba887edbc617962dfb5544d465fb73b47fb0d8d13d23e0f7b13fe16e03c621116324ae5fef72daf9d
+
+COUNT = 7
+EntropyInput = 79769700e563592dddf3eb61178353560170c8ad7c3b60bfccfd71279665c619
+Nonce = f4e3ad04c5c450797f6a9fee9624bc33
+PersonalizationString = 
+EntropyInputReseed = e0fa8b7b93c17bdfdcbded4e45276688bf9aeb228a16c25598d22f9af368c749
+AdditionalInputReseed = db066fad926c6eaa72c548136701d88a73bd3ff6da466760b6f6e8ae8831ddb7
+AdditionalInput = 963d46d4a6024eacceaa04b93d7133dac7b26c0d5a53d11ad42d4e086cfbbda9
+AdditionalInput = e771d2f66a2f6cb07dde980334d0628b4a0e65e31f0a3cf725cbb07e5638170d
+ReturnedBits = 5fc3ef5f9456920fb1cabf755f6ef8a06229de7c4005ddb75191c6f7c8bdc3ee55fdfba96364fa7e75754f349a4bbbee4c77f2a76c53d64170d50b6555b682e467784e1b2b2cc603a4359e83c7d7bcdbe19b24989d3b1afaa3240900f7e7939752bbec1255af4845f56c3feca34341c9ba4b702f821acf4c843136ca7b139bbe080b4cf92467c785f2c6b2e2f770474da0b0c650113c72c5a9ff18cdf642d3d1f16d049828762d028e016dde517a7d17b7ec18f3294cc6abaa426998257d2586
+
+COUNT = 8
+EntropyInput = fa59d3175f75ed97f0ab3d29edebe84866f272a0bd374e4c2791a7b3416f4371
+Nonce = f75f45d4ac6e0f09b8e666b595e4e3c2
+PersonalizationString = 
+EntropyInputReseed = eb832de6a86fac10b7c98221cb3988fd9845cef10d2ce6ce164c89cfcdf6a0e9
+AdditionalInputReseed = 555f44cf176c3bbf31ceb096f679893952c7243183fe3a5807cc4c4162dd4ac7
+AdditionalInput = f1ef466b039d97ec3234d5ad92a2b858eb648f5d515a098efb2516b00765c349
+AdditionalInput = d4e3b7f9e521e6bf383ae661438d9e8dd288651c3f7ee2b5c19e21d81c9b1ac3
+ReturnedBits = e75567e98121de724b5f94d03389e16bbb912b17abaa69500348175b841fb7e3da40f8f971e636f29b91928f28fd3e7d99f894d0329597afca4eb3250910ffa8461a9830b75b7791fe4cd08f7fee8811c12f184f7a397a007338b10ee1350f621497a9a7a842ef3ffd4d07c7970f1a279b9bf6c9fc9fa2de78f3685e1ae72aef68435326da9d2c62d61bd2c0aba6f6d3a30a071b9eb750d22694cbc19ec099016abe9af19a9dab0c6b507a03348eb37a77cd00c4f60734b868fda7e04f09128d
+
+COUNT = 9
+EntropyInput = 8d003eb399263a3afd3e3f532de76af4690e63df468ff456bb594ab29d6ac7aa
+Nonce = e0f0e1dac5031890ef273b90b4a30359
+PersonalizationString = 
+EntropyInputReseed = 12b5084d4fd06202d01137f6ffb3a6e06372159c4df8bc89aadb8466817acb51
+AdditionalInputReseed = 3ed7e847787915405f8d1d6e6b168c1a47f81f5aed95f85f47d217dad04e964a
+AdditionalInput = eab443d9f2d5cadbf3a04dea4653ee2677fb3c052c7f373de8b746531d1e092e
+AdditionalInput = 0515c6afe81fa70d595842fd27615cce9b063536ef28d89b53c8c750fefea69f
+ReturnedBits = 1ac6e6408f63ad402821abbf68d6e5580ad76f153ca960675e582b3f570baa5e282505955f37ad9e8ebc2afc8e191f963860043879e89c43624f598055413494763ae03a95d4d49156ba58a8064cbc9e2a45db632a784904585a2aaacb4a3cf405f268bb68331835c7a110963723286e60cef0257c60600a159336cbc81c6200d18f7f2e6bb5b7cf2fde953da659f578efc8d264aee02d4a1dc75c02b423f851adb8bb9deb2a306ef1d722d8856c4e3d57201b101e05b041a0e41ffcb5ec6fc6
+
+COUNT = 10
+EntropyInput = b3e29ab6ae8a0668c100dc774b3e2c2186845cc6e66180b6ca78888b63d0bd55
+Nonce = bdee9ff5fdb1e07473e57285503148a4
+PersonalizationString = 
+EntropyInputReseed = ad21d2de5f190d95bab2a09a043315e208131876e35b40b0e64eac1322183c72
+AdditionalInputReseed = 27afd8405fc560696fbf8f83a58479f148d3cdfc914918266dc4269c49a39d75
+AdditionalInput = c13331da766445f57ff04b8a0ace56204798e4047c9ab9372c1a59fbb51889dd
+AdditionalInput = 4ff41805b9417b2e5c64f1b08c184a656b9045f3b0f0dd2e9b883b2c436e644f
+ReturnedBits = 35bae27ea2e4417f764ac9901821492646c43bc963f0c181cccc9f6b6aa31f0f3e3f21826d65285474a4a31175275bd0d02a5e4c50bb5d1ee2b0f6200e30d06ce4f8302febf65b006281073dfb5c2e236e50999b85ea38cc559c956ba187dfdb5bf1498c70c4827380fb68d111ee448ccb715021073e24e9605815dc523f6f9b2a8e062a58844fbc06661d94c39179277a10da4f27e4212df438d5f0ddf6e3e8f7f5161ba9ed438b0b40b870fb225ccb2a9f89cb073d554f1b62f8e6e9e00e93
+
+COUNT = 11
+EntropyInput = f7a9c3ecc68061f23afe785be51e561ab734139fe02b3217cd0792679eae4247
+Nonce = 91249ea5e1240bc90db6e3840feb6331
+PersonalizationString = 
+EntropyInputReseed = 0613bf7e1466c1f31389476b1d1d2ea74a79172fea00fedb3001fb43ac700380
+AdditionalInputReseed = e69429bab405e19d685758c271f3ec461f465c0f6915f9c8e502eb988eb31398
+AdditionalInput = e92042096e0ca8088605777ecbe17064000e25a1f038f87b70d1b6e50919c347
+AdditionalInput = 8a1c9bd62b1d1665cc446a0279f674a0908b2e592a6b1ea5cf5fe8e653994d4e
+ReturnedBits = 1f7e25ebe35eb64f3395c3df5b9e4d8d2ecbee1ab64358fffc5499fd0c9af0d2bfc95266e8d56d1e36a42922f92ef5e3938c0b24acf91d261df0de370d041ea04005339cc590ac223547f082283da74a2b171294bf4eff1430a783587ed85407dcc163a91eee0f60b5111f7a3c2ffc33ee95d97ba0c7b99df475dfa0c2ff370ae1febc191b4cad5be2b146a2d48b1813baeea3a3290b769184ea43852c291cdb6767e1abb1b2d27b909b045c66ad546701c1b3d9e50af0651dc471fa9ee75e2a
+
+COUNT = 12
+EntropyInput = 7516e1fad74a630743d995df29d1f2d235f26d3a3a209b5a2a6e037877863c0e
+Nonce = 1782ede4a80a49f378acb94e9b665957
+PersonalizationString = 
+EntropyInputReseed = d72e6648f7ab95102a27be6eff2d29c7329d704f45432aaec031c1b7f53d94bc
+AdditionalInputReseed = ab142823960dd00ccdb69e21fa8fef5cf84c5073eca16604de67fc2a980b9e2b
+AdditionalInput = d2398c306a5151d07dbc669965d42f1ac0134a48a1555714f8e2e30892c519d0
+AdditionalInput = d71ba73af2863ee35d7f3dbeb0f762892cd18dd72c18a1ce272d891d95df53a0
+ReturnedBits = a33c22efd401bc468b309ddd325236dcfb53d4f38fbfa10f0452f74ddf8fa259599fce07ce8e3ead675083dd1f66ace52f76fbed51b1d41e30245a0501fd3c971bb5cf9c5b8e0c16443d93d757ad7e52f8e7e4c1189d997e391664f87a59c157e72faba1886d8261963893b646f7144fee968f3413f0ee866c4af23933213e9281b7df32fd772e5117db5c98efcae229b2500118048cc894b88d8a3c18e588ff5b8cabc47fb80d7e040c3a26d1b4aa6a45b3890ad91b97ba9cc5f257162e2a44
+
+COUNT = 13
+EntropyInput = bb3c27ddbe58ece2969b78693a344137f00db4b6e6ae08f89223c098cabb0aab
+Nonce = 5f4c9dd8ad3dd61756b8dc9653947231
+PersonalizationString = 
+EntropyInputReseed = a676bbbd85362ca39f25ee14111164bfa6829567bd431e2e791758eb3473c3b8
+AdditionalInputReseed = be8dcb2cec1847edb93d2a5c831997f80726c5835d82779029ec99cf87f0c3e0
+AdditionalInput = 4a3072e2b8629ae36c9a19fb621cdb0808bae9563e5973092dfa9016feb81f55
+AdditionalInput = bdb025782014dacf7598c9d68037906ec7fff15a58d41ef73c8154a09f4ac539
+ReturnedBits = 4ed999577aa6ac7af993cbce49463a535155a1c41f6356687b0e807ae928577e83a5f29fe4643f4014e1303c87b328ed7f3d8fc51f8e38c2027e70f55618270a5e6bd2d8ca4e6dcaec7141d10fbb886aa7dd3b27336b0cb544b24c102faa49724c4e30bb0dcce51cae78102003050d7fbf8b8e0b697a8f35d36b3513ffc96a21c6f9c08812eb934256970c6642aa107aa89189eb81895eefbc5e53f3f097e52d74007a02fc3d633b4556241badaf2f4208cd55f194d4464b328fffaec6964e65
+
+COUNT = 14
+EntropyInput = eb7a944fe0208186d8c573a134aa287d0afe8aba8b80c89a81aa6184024e8b6f
+Nonce = 49fdd380667f79bbe46ee4d22839465a
+PersonalizationString = 
+EntropyInputReseed = 9286a2f8df4de98c385c58432d3769a7ec17d16bb7d2e07b169b3e45fc09319e
+AdditionalInputReseed = d4051a5a566462aa092d1491e3ec0e9bbfa1929b4d477037946fee62fde34027
+AdditionalInput = a27c7e302d863e294d7a1310e3eb68267f6b7f576b62876a5f6f5943340118e1
+AdditionalInput = 06efb41aaeb68011fd0445cc3bf026d8e13a2e3ffb9446ff49600d94ef275b22
+ReturnedBits = 74da7d098b3f39a9aea683ba85f5973bd0923fd9d89d53679bc223723ee454a6dd2f70b59d9455b247b492e424c263c5f2b1c4a11ec197ae6e53e162ba66c2b2f06f7df358fce1a28c821bc1eb866360ced8b5d6f92227c1bbf371938048413ea39576864044db82dcbbb596125e94b548f41195b45767481c2d1b5787d51e9470902ce1a6be33b2f5e735805fab30e0c61f07c4d3375e6047ce080a952470fd2b5e31de03b02986e855502d4bc113f3dd1d674efaea293a9e47e77200c92371
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = c35a931bb84420990aead0112699d095fa68f129e5f52a1f83254905ee0b4a1b
+Nonce = 2a3d564cf9b4ae726b4091c6da9fa539
+PersonalizationString = 09e2b98eedd3f54559d1ed6a4b1bac16118ee9aafa714549f4cf4db65b0f31c1
+EntropyInputReseed = dfcedd71ed381189786a518b49a46201b9481943ac570cbf2886e09c0881de1d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a499bb231a131ed24bf428e5c3c27abee48d9b843caf29cdcb3164f387f42192b1861f2c5fea7296d02e8e8c68589572ac601adcd2ad189cdf0f966a7dc0e6d9ce0480943789bd9b2cf23d34e9b42ab37a05f05f8c0a154db1ea426f44e5b1a28cc6e3b98258ca87669278a6202655c1c9ae035dda1acd23d7cc22ec47b3e233c2c2f2d5d085bede83af52e438547f4418656496b8b5ac5b49f87c7d708aa06056fa247369d0f73dd8a2483cb4fba957e68428b57fa77a15ec58c104f7c140c3
+
+COUNT = 1
+EntropyInput = 563ef89707aad90f5fb6f87efbbaa7ef82128cb4b4ddc4430a3c5f215b60bcab
+Nonce = bbb95b0c75f1240d3d336c61090aca59
+PersonalizationString = 15b0fbda2a45338119e6e483ed39affd270993e9b668566601ec817272743ed4
+EntropyInputReseed = 52ae350f05abd50c6ee744375aa646a70cb9f2e4924e1fd527efba6eea26060d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c94fb7f0f74003c0fc9e2c0326ee8772c0aada4efb2b6f4826b4328fb97c52b826bf3badb17c74c1bf1947247c277e545b9286172eef2dd511140d47e14f00f4356c2c79ea6d24e03ad9b9ea3d80a58b3a0452bca2d0d742fcb17da22af59732858c4e6d8c1b88a2da7bb04977b9ca635a129a4e9749d8eb6db4861cee6c0779db362c1385db37fbae294da30bee248e05f16995010acf76f713d01c01ef6a2a1d632223b7cd2e8dec2d79ae1ac59e348c19acabee134c71fa2a3b7e043d8567
+
+COUNT = 2
+EntropyInput = 090c5d79e687ba32824326845b9ef81935a8e7f285d6bfc5941cf0b44d10536a
+Nonce = 5360862910c954a305363c66ebba3918
+PersonalizationString = bd21783d867e3ec4673f18d723f2fa451a38dab23e3813139a2f70fc8225f746
+EntropyInputReseed = 656e51f0f9c48efef34682094c37bb33324b99c1522a7833229dc6994fea2405
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3643c99f4f8df301f24ae827de36023d603099ba722ac5397442c65d6fe9ae5c5e28388db3cc34b1975620b1ff171d248eef6c56ea2c0df488824893b47085862951159ac9da422c2534d86e79354cf3f5a271ec7876a9e08110e8a473411111e86c3eb6455d156a4601b5c4d089bc472f44e7134556a47d4dfe4025873d8500b3386bb35aac7f9c51bd8103eb9adda1dd25f14edd673f3217e8d3757441987129a5192c1fc31f550db3d0a0cda3a73549edda89cdf5a25883ba09d260fa9c8f
+
+COUNT = 3
+EntropyInput = 72a207d4d0340d9cd6c06d7b26cc04f21f27518801c7b10ea3a0f6bf027546d6
+Nonce = 827305d11f7e8b2e7d41f145318be6dd
+PersonalizationString = c83b61ad0e91ba849da0f1fad9cc9169b3e1ee17b8b94c3a77e4842a8e39a1c6
+EntropyInputReseed = 0677aec1fed5c73dac024104aa2b9344eb85682b9c56259bf34e87428250e289
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 98566e688f326e791bd7657ea7d5b3a46d46832942d0d9275b8136a4cfe0afaeaddefc8e62a645366085e085d57eda438c67914f6597771d984f5fa0450522c4adfa9cafae256e7055a47b5cd775c18ec71063b2480c8a79d708e64a6648824b0292bd02adc06e12ff2c5a996fa603da245a06cdf4e7be872c2653fb3c23e53957a27a46ade5d2712bbdfc73a93c853d9ee92caa7ff088f6fb5ea728133c84f950e908929b337b9c2de45f37a4561a9373c855f7ef8e97b07bd15d976f02e7c8
+
+COUNT = 4
+EntropyInput = 779bec651145032bd0713c3aa9b0491efce1b98eb4345827943ea8933fd5f4ff
+Nonce = 35f738f861e13f3d573d573df8726314
+PersonalizationString = 3e9c02f2dce4e9e6e0522a68f2a5c439a647b561cf89f5d556e37e43faa80654
+EntropyInputReseed = f0bbaa37d08fcfdd87c42ec1b3518286ddc33914df079bf0bad46ba8375e1d87
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 691ff0bc12a9496336447e7146e98c8f3d2e3c2743e81acc6e856fc41ba05039f04538288cebd9ac3666d86826c3e845dbcbf69e11b8527ed0327430fd3028c5b6e4057f3e207812806adb68322b56b0d0a71ec6881a6b4cffd8ee307152ed48e4d3105d2391abe7fa6620df3eb0d2dd27e7cd9647a954d6291ffaf8c8ac266ed5e3d147d68778c83cc205782b087257c27f4060b14323676ce0aed00637d6b62c06db06cbb5bb9434682b6ba34c8ed74059461dcafdb5b42f74a30fda467d51
+
+COUNT = 5
+EntropyInput = 7fd67567bbb53862488ab13bc36891c63c2ea815611188a830b9e231dd179666
+Nonce = 5ca7045318a3f7c263b057ea199a8472
+PersonalizationString = 8b25db16aae9365fefcd63c8977bd432a85dbf226adb775f6389dbd99fbeb46f
+EntropyInputReseed = bf8f5b6276b089a0150110704a443f7b07d5bf5b3b37b252eb55e06ec7c51938
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e5e8c433cb7877eff22e1e6043cf43e92a4b60668628d51a9f9885112b03a160e97a8e876aa14e6085b1f6e5006ccf4be763ebfc3a6118dcbd9da6d886596d88d9d7565baa83bcbec08bda78d4e3ea985c42403c7dfcdff216e259eb9fac502e8fadd9167cd2e7a4df12ca69bf266e37f672f4ccff8bf250043e162a803339642f67f036547702abdf0b4adeb6ba6eb786a73901459d67b2f9ace9b9b21c8dbb67c14968353173db07412f86845e2c6e46f9d24ce693ccfce07fc0203cf21a2f
+
+COUNT = 6
+EntropyInput = be155b2a4546d0b0c20ce59b39b17908686d071cc32a9dfdd2fdbe95cdb1c624
+Nonce = ac7495cd72ed48c79c3d3aeefb7ab088
+PersonalizationString = 7303a9f8158b811ebb16767ba50f0e9da3d86b83346f57d75a3917fd495b94d8
+EntropyInputReseed = e6f458747e3c5e5adfb1b9e38bbe585898f327537ca192df8f9ad514eb96238e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d288809ca87f04f3539058a78c853cab3fa6747782ad8f2ae4386ce4f7a5444bf343bee039e88ab14bf0e47537b9070aa8e9455885953ff8508b04ed40eeab4636bf134f25e307db9869a99f147e9099c8f18f8611716079e7f7b6e42f3ff76c2b2161941b650df6ee2efbd3f87f9e1594ec81ffbc689e2bda0a8df3bbd5046b0f27168293dda8fd8a2e308ab6e7ac575a2d2b9be0b993b61c28b4a44234785ba68b606c7e77ed62e0aa0487d532ebcd69b90f470f42356dc1f25cc47e1133e1
+
+COUNT = 7
+EntropyInput = 9030d858c22b3257016fd806cae03634191b5ae4f35fcb1773f9088622af8110
+Nonce = ebaacc5911aae0ee5dbf5bb60ee34824
+PersonalizationString = 4ac1c0d3e2bd8782d85fbab6a59f047deb59fa59a3e9b945c5878b7bf360c0c7
+EntropyInputReseed = 0f3975707cee387bd7b560f110b982ba5140ab8e79027f053a7494813524391b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1be0c2fd623e6a302aaad3b6d100c179ac6d7cd2fa6f0ad3be8dc58363a186d874289849f3dabd501dbffe8b295d55210f582d179d485f54395571f69a491ad56a3155708cdf3a370c12f75170cac97ce99e437d4a697ff527d52cc5ceab28a60167672001e67bc2747419a1826252eae44943d9909dc5cae2d36c91c5ef080556f4d65504c8f046e9df426c944c4a5d8521982e8ca32869ae7dcd2cdd3a9caa4ad480efd7d8fdf83910dc73b3941d0a51ca808740640727fccd608523cae3f4
+
+COUNT = 8
+EntropyInput = 1001e1a1a1883e8e8739378535bca0a00f613696815ea23c29a0c1690013d3f1
+Nonce = 5fd2a904de907b85e130f8f2d9989532
+PersonalizationString = 747c4a696633f76ba4b16c09af0a0e1a8494add46a5530d2d87c1a9f2908e5cf
+EntropyInputReseed = f53ce9b62df721aa4fd64e43a9422396ca76349b309412fce8fe1e653c978854
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9c866db03d3ef46c9f2d002f51daf09faa36bf6031d1936ceb0e73b50eed6533d36692f64906bbcfda0c607cd54e3dd3a890e95f166db70e87679b2cae43b212a40fbeffc99eaea1caff515b9d0f9855684368d2a8d165395f0ddc86cf516bab4b0a5c8af9b1bdadd40fe65dc7dd3b67536773e13a6a9e4ca6b12dca05cb76dbc427e2674ce71bd179396541580fcf6d3359fd421d2d66586b70aa15fac242584c8462538e4a2f04308de30bdb055c9bb167fa0b299c006656928f7d5ed762ce
+
+COUNT = 9
+EntropyInput = 4aa0194b17a6b95910e144f1740e99f57d54f5f2ea0ca42144c8451cf5416712
+Nonce = 6c513662098f533d6f02af05804ac4d8
+PersonalizationString = 82abd42e935f081acea645f420203d0287742dfa7342786bbf3e31895b93a0e7
+EntropyInputReseed = e31a3f260784f3b51a6cfb155bfb1ef489476aecc9811cebad3714c429901be4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 21a043117eb1c0003075d0ba65e0551a0055db90709b266a8322718fb704b86a76f2f8f6d351f8b59b3a68ece4d634372a8e331e2af94b4d8e5dbcafa3de607cd62413e52e9a8d56e718244b9d8478a6aee7c9cd9c7d8890e8b6c35a7c0736ff15abe04b224191148373442628f4efbf9a2a460757c272e4fffe69ba70b6b6d112aa3edb78ff194ec5e276065f8236b2483342c07f2c602a1a57a5a4675d5572db40c08c1fce2a2aa31d4e5ffbc0f8972a9fc3047f6e9af0ccf41c168c553a62
+
+COUNT = 10
+EntropyInput = 8cd3872a0dcaa0cbfefa655a06dbc110dcff46ee94f0add5102eb6200286ee92
+Nonce = 2f7d7b6b88b69bcde73d5a1e52f6f14c
+PersonalizationString = e45a8399c8e94876c8af10710031d2952eab23fdb6db4fce826c239df445ac0c
+EntropyInputReseed = 2ff5c53d85b6311c2f85e8d4e4a909beba16c1726aa70b7496afe8859b79f3fa
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9e8ce5dbf205cfdc4b789241ff533a690d4417b6a2fb5bf4bb135dd4c34ba6087e09ca2622f815f463e669b20b50f2857a12800eb5b428901e96f1d4820ed11cbdf14586eee8a02b19e57aa55be96ea3d6dec54a0f5639fefce10e392415d5519aab15b95bd5da4148f2a172066e984480d6a3651547f76cff174e1412e401b992dce066e79844d6f274b81fea72378d4d529fb9446d2706f8422ab20a99e6b55213b7101bd7b4b255bfa8d95a715bcb5e5cb923c6211b69d5d0816851e74fe7
+
+COUNT = 11
+EntropyInput = 906588f032daa4432aa181e3cb78c7c7cc7f656a297d9b27d9295407b81d5909
+Nonce = 60124ccd64ddaec032d6e92bbb9ef3d2
+PersonalizationString = c9720358643f1ff44454cbb8a6a653ec4fe02aa1674a3b411af1e4217dba0d89
+EntropyInputReseed = c28e002905b48415512bd4279474ec6c76094adecf41493e7b7cbcec4be7094d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = eb5621150e6fe152f2945bfb2669dbeae9919e661f88d05e6e0b7fb8172580d3ed712bdcea6dbe2e1060b179e175f37f170a6bf030333e82a64d196856dbc3a322cad714a9db18c9cd6e83c8fee137c999287720818d7e62b4055a9b0a1a66a9f38e02d2c3c01d75037825a46e81fb5fc2f2abdc1040144af146be769ce8209d0234cdfaea115665e81fc420b2e1b2d7ce405b4e4a3683beba3185fb0c420c00a88f83307b685d3bd856dbb15258c17264a228fa1bf20386948795894c1158a0
+
+COUNT = 12
+EntropyInput = dfea4f3d6cc40415742e2ab03bafd7f0c6f5b0a4ccd900f66f9396e1a782dc14
+Nonce = 340186bb74e888b11472036cf3a98e3b
+PersonalizationString = 332da1b8af63cd12bee2176ddfbc05febb60cdd896f5f517061509594c031f97
+EntropyInputReseed = af4942e6b9c968ebb8c68f4bdfc7855942c81964508befc1e3f149ac3843655e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5a8ca5e3e9450a2d978ca5879d0966aa95625dc88ae682e4b211a65a63e93c108be8e40eca93b2e86ca75de82a5826b061308d253f3ae4726b0037e6ee43b57d4c31c8279d5f48b80968f4d0082a6758c6f83fa3f1e259572ecd456c9e82ec379d1b75b84a6ab86b837bbe9ced3a27ba4337f3ab04d60490a9df71ef54de21dcdb05a200a9f86cd44f12be7ec3d81eff9c05a6b0c52b3d22bc55344917691448ebb0cb39b953a0b39e40e81e053bc6b3cfeba47f8b19c22143bb263035fa8906
+
+COUNT = 13
+EntropyInput = be5b21270fbb0740b90238935789967e6aace17e11225c78e4c9fb71bdcd026a
+Nonce = 270b9582f716941a9bf0f34a78212d13
+PersonalizationString = 41c8f472aa1ffbcbc1404b273356f4309d0b1b2540a3de7995fd714750751ece
+EntropyInputReseed = 405e9f140a3b598e3d9b934e8e6c37dba0df80957e77a29fdca47cc0eb8a35b8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c38ddf394f8cd2226d2e4a0c9f8150f0788c88195b563c6686f796d75cecadda010165bfe12f1d6808d0a650a00b088fcee871d680adf782970551409d3276a5d7208632932f8f389da153b18d91fae70cb18de804448b56e7c320d87bf963db5a9efce1695acb58af8d6b045185cf882801c99176ed4bbc3e2a01ac2058888e0b858e4cd14942dbfb4bde93b9faeb2a061c69958e3e68d0a909c1efc8b956a03d46aef7f430b738625bc4535ecc1bd06d90dd3bd04f95bb0e9249ac38f14d98
+
+COUNT = 14
+EntropyInput = 46e8193d7e14b0cbd0d45f10e9ff5572e92ed6a1d0f6eb2d410c74d337042463
+Nonce = 174a78af9c6563aa118828e233a50948
+PersonalizationString = 5c1ef9aee8fc465698c1e7f986cf0726701764b7a21e0721e80c69633e5fb56f
+EntropyInputReseed = a4b1da00547b221f7a635752b86abdb07f38e7c508a3befe3a5f86b56b5fb8fe
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 210483c1d4c54d63ad8221782b424283d3399bf10e2472b397e777db1aefa27bb9174683a29f36a70b80a17e6b468306373bf5e6e3c980fae618be97cea5a32b56dc4c8f45c59b27d8256c426ffa7b5c3dfebd0019f140fc45631f6c48540e269260657f8b2e4341ef3edcbeb25cca6e02fe92c1cece684c9db112e6af368d06b83ffe29a993c14c13a86fb61aba1a451e5b32bf56aa4f79e71781ecb71953c3c948ec1e7a252453f8516235c2965d3429113199814bc8f007bfad87361d582c
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = b9ee2488c47e5f50008547dd51a65125ed769c84ba92bf081651e514b9a26e44
+Nonce = a3694ca961dbc6755194033fc6ea3bf3
+PersonalizationString = 2f56bb821333c4d41d8ed19cf424fa99ed590a21695832f6966e5a612f4b0830
+EntropyInputReseed = 7985ddb1532c9efcda423c4cb8f8d5e6686446b6af5230e7150246ff8af7d91e
+AdditionalInputReseed = 2e133688852acbcf3a1a06a7fab4feddc787579827997d329cc61f24f2f71794
+AdditionalInput = b73d3b74b4d6932683113cc571a72a6188fb96dd0f46a0544d27a03498cb5352
+AdditionalInput = 3d4ee87dee5ffd3553914f68ecab44f661bd53f3762f706ad7e7dbcf5375b051
+ReturnedBits = 3fbc26fdaf4bb82b6e4fea0c558fe8012045e976020127b0ed76d01d551efc258a6472c2d7c941fffcd884d4f481ed06f1f7cb32783dbc77239f5c4efb4bf1506d131678c6d1104d19df775470c77d4e58f58c834c4f49a67b362aca1c2e4b997c55a40549cad89dcddeca3580d2951bc4f5a205d7eda5990b97a0829db6c99d98b5a98f1de2c458c1cfa98fc136fad2af87e96d5dd7551299c29cc717d26db4ab7429094787e5c51b3a8705a6a21d0b7acf488706fbe7bfa50879e1c85df295
+
+COUNT = 1
+EntropyInput = d69fcf00509002021c68732937fa730d6001434a672a315b62d2c88c9f6b6de9
+Nonce = 5c9b2716b5081eaed677f99ab729f39c
+PersonalizationString = ee0e90712f60af953295e4f86237e6b704a1a06e4bb822813f2681a73bc1b366
+EntropyInputReseed = 834e8361c9b785366cd24f3cef3932d6894125858e6f99034a2996ac34aecba0
+AdditionalInputReseed = d209ed3ac4bcb6e2614d1297b06c157b97ed7a1798a491cac98208063d467bff
+AdditionalInput = 1f272f83b43b46f3f07ae34e926cf5734bfeb5a07e214471009138f23a00e20b
+AdditionalInput = e4b479796c7679412b52b602b8d1fea6acfba4321e4d7a42a01968a7d536f5be
+ReturnedBits = 7bc7765ba5f63031004bb9fbaf97e851dd691d999e1ae21675abc698fb8a2adf59e1a323f0a82119323c053d2a1929e57087bfa4b6eb705bd14f909add808c9369a6df8abf4b9bb281328539701ca42e99144009dd9ce9e02992887e35066ac48234ce767128d52d0d025ae1b656b69ce75b7b6447727799540b159ee47924caf5a7eaecf2b2bc93698b1b9d63130caa1c51cfa2762c88b35b80ed1156ee67ca277511dddaacb06643e0d119185ed7097e13f80947cbfa29be69781b4c9b23a5
+
+COUNT = 2
+EntropyInput = 7b8d015a9d668630b9e79845b93f0ff4b50d60f6149d4e94296c3267f450a698
+Nonce = 7f354382d434e2c3e96c928117ec5c1d
+PersonalizationString = 89e931c192d21229ee6af6e75c577445d8b253cfe57577604501668df46532e5
+EntropyInputReseed = a9859240095e556a591b43627f49d476bc58183b348e959cdfe0edcef34273e6
+AdditionalInputReseed = be2e8b57567698b11ee369dc2077e5cd8c8e3e4eacf88ecb630a37fb0b8c222a
+AdditionalInput = 049f414c3c348ab69b50f27aa7413434a8bc58476ec918a0370f7e10450a3c23
+AdditionalInput = 6e7228b61f2d69e4e7cdfe5f47b279a057575db0637f6831a73ee297a27d604e
+ReturnedBits = f05664a8504307e89576efdaa68d2cca13ab0ffeeeba28caaa40399ce4bab1481ffaf699a56e5daa661008b4e7ad80ac27e4c3b70fb34642231e5b1eb6b2a9db814929421941c239e5fcbf1b07d777a1a2103f41529e117df0fd72c4aaf4ae3cbe07dbfdb3448b243f85fdc9142e889dcd15df0de666e2308cd6899dc2f2997648afed69c0767f9ce8552dc00cac746e50303ae6fd4d50f2103e1e90ac23e041dc80794e30341d9fd74ccc5837336f9350dcf4527161d9b8380e35eff5178a3c
+
+COUNT = 3
+EntropyInput = 3c412aa1bd31bc812de9452f6e77ec34a07f03f4ade63de31d9ec6d415b45c82
+Nonce = 5b8fb10ae9b0aefbfb8d9c458c6ea924
+PersonalizationString = 3ca16aae236c6d65c817e42d1f8349467179bb758958fa262e432afdea07eee6
+EntropyInputReseed = 953133de56bb94e6144e71e4a806ea8a789ed148040a45b94ccfd79f503bfc82
+AdditionalInputReseed = c52f89aae6b8b20d206aadf54ba996476ac281f89266d29de57534bf2c46c384
+AdditionalInput = 300bc7e5abd2a64070f083150069085b7aebcce45a3bf3989c7ff7212c3c0c53
+AdditionalInput = 594ddc84ab01dc4bffb0135e9ccf0b3ecd152cded3adb18b9087f33dce58fb7d
+ReturnedBits = c64461f0d873bf5d2756e30be21ec3f32ca5275e5c25aec41734441f72d8a64009aabcda36b1b509c9a5051f93b51d32fba8eae9b4bae279c2933a08850e265aecb338326ab176c8f512e4425c9ef1e9df6a2cc9e3e676042c49998123d2db91b9e6c547c0cfceb2ce018cfc34bff43e183d742acb84814fb7bb9f1235b87a51e607146efd3eb8b1ca4a280d05c7a3ee351d35549516883adc3298704bd6ad9e934b0e6b21a1bd4c312ea3aad6d80d78775bca882a51d43f9789736013884016
+
+COUNT = 4
+EntropyInput = 5eb55daf4b82918dbd9169db0c68c58c0bb60c9526f9f7d3d719742e186676f7
+Nonce = 9a56b9f1846fa834056d2027072df0d1
+PersonalizationString = 98269bd1229b402387000b0862d6631af5eba774c4965cb4c747a7712c8d1c40
+EntropyInputReseed = 0316a31a0443a4f0ad67e8546ffd5099f29ef6fdc1e3074ca38c17941f2b28a3
+AdditionalInputReseed = e4c96e773a96c09e4ce9f09fc82e8a0a866efa2f08cd59f0fd03f169546748eb
+AdditionalInput = f8c3ab18c753521eec745095c28fa53b7a55fad8b8c0ef0a8b8972863b24856f
+AdditionalInput = 74aa6d95643d43d6cc376f5da3ca6529ddd8e5fb2d4933fc57da093f2b0f9b4f
+ReturnedBits = b8bf8cd978a45827d9a0f426d4dd3bf1453bb107b4a5bf80b23202356ff55a1f7fda87851092a008ed946b8fb7ba251900beb78c862ac24ec8f2f4d8c949ce60fa8300a316c49deb1c650f1643999c5ed0e1c90f4594365a4846e20e5082e49f6f2864e378637619641b27c536c94142204c282b115178e69b7eebc42c365307fff4d5d6e7e09febccca309cfae047710e2674e43d32bc8e08e111516c8b092a385652c4777ad7922ca670a06d4ff8f71bc2de0ce1362b866cbea471fc799c56
+
+COUNT = 5
+EntropyInput = 11e749777387b9977f10df2fe41396117137abcef9e5f002cb0d7ec20f35918c
+Nonce = ed74eae237dbfda6748c4cccd3bbfefe
+PersonalizationString = 5f506a12673a3b858ec12458bebb9aee83642cc672c57feb1c2ce21e23e309ca
+EntropyInputReseed = 77c74fe2c19a3eee159a090bf51fb53dd9f4cbdcbbb0d6572c54ea73669efa48
+AdditionalInputReseed = 76da7286edefa3791bf175d1f622747cf5bddc62c5e03ce25c7f9c403446a667
+AdditionalInput = 1c205e04a553c9f737dea8d9cf64433637c213ecc48c1f01c87e89e29d14c619
+AdditionalInput = 2286e7e53cb859f9f7f745f50bbc8f8ffb97d26043ee9669a9657fbceafd44ae
+ReturnedBits = 1bd7fcdbe41625490eabf5408889445010257b21d69bd44c088dd035c51334b28229392777168253bb5e739c57cf23e10526cba45aff10ce05d1d06692372a9ad0c27a1f7cdeb8c0c1be32174d53af3738789d23279310de24ca2e19853e9d4860347db8502b694ede979c57535c64905fa38a111925a53b11facb2178ad7aa05e7d1889dd032d765534a51e4d57c218f83236bfb8a2905c2a5353ce4d37fceed8e981c1f1f44f297d56b1ad4c6f14615982ced23fbdb4bce4e0e2bcfb744b58
+
+COUNT = 6
+EntropyInput = f45b2447c0a9c0eb76d9e9df68770eb7599ab6aa6561703edc4970a008e2874e
+Nonce = 29e0186f72ec51df704135e9636d731a
+PersonalizationString = 6a65a4f07cdaeb93c2fc2fe2698b4135fce6a1e167d1f40ec81427987fc571da
+EntropyInputReseed = 07b53f0491d177e8ec6857e61fefb384cc09697295776c2e4f7423bd94d0c17f
+AdditionalInputReseed = 03bde7373e2fdee8b4a7f02493a62018d4e726b227a212ac4e23b4effa8a023b
+AdditionalInput = 9a4b4650db43fe11fa092c8cbbe6af6036bd7f36e006f19ba6a7b40f262fd866
+AdditionalInput = 36eef0101a9a7a91f280d3f108166bde2938ebaea3c967a28d9d5882287bdb2e
+ReturnedBits = 12907fe4380f4d1332f5f9472fb8eeeb7200f8a04a360b746c9cf2a33d395cb8f33d2a2d3b9e98e1f8b180e2131bc92352e5d25ca57806c76770add956bcb843853b027315e87bb9cbc2522a49cd1dea49605180f331b641a28e2311314b0395534a9a73c1632a925b47c304bbd549ddd02e1717fd09057462fa3e78644c3df7dbfa28acc3ffe03f5ac79e81339f05423cc525f1e541b4f320163fb61a284c0d4c24c148d36fb892457f3537b9c835d0e61a0b2a8861f02b8bd55f25b0296fce
+
+COUNT = 7
+EntropyInput = 4d5a9c31c59e4e7d371ac7b26e0a23035c87ba01fe6d739170039f3787d29e6d
+Nonce = 666c3c837198c40508654f10aed7c62f
+PersonalizationString = a78dbce2974a8c529221630289921653c257753010c95d70c3a64953bc8ffc06
+EntropyInputReseed = 2295d141032eda1475f0ce5c741f7b13d61141817bad8d702b072e3927609cde
+AdditionalInputReseed = c0151683b918d2d06f940455fafd506b0f29549963ce11af96f683bb47c14577
+AdditionalInput = 2b4c3f2227bcd4c403963d703b0d34bc061b0b736822114faa304ede0649c028
+AdditionalInput = 20783f0860100f1d9ebfda92b494978ce2d5fb83688edce52882496bbcf36bc3
+ReturnedBits = d0c491c6cd80e1d521a470d1431ce45b760dceaecc2f4731d4d49506e5394267f893bd9f2e3667fb17cf4aaedc44b9e9d7dc11280133a70da7090573ced1aa3cacfedf9a668048be2fe348750c2b2b209234eacb56866d3ec5f2e83318388ca5f79a7474490b30ded17be335200dac2c686afeeced611c748b541003db9f53721e1538edc1c02773e3aed8e283dd23595a606973291a6895d30db8868cfa882898a443d70abd372ad54b47654f8966f926eb9c2c00f09b9958536b1cb561adea
+
+COUNT = 8
+EntropyInput = 39855f44ea3b66b88ebdde9c1ae8dc9e0ed34213669781856be8a51446b90ad0
+Nonce = e75bb1d7a41b2fdb7bed4d9f795ab2b2
+PersonalizationString = a196062c2f86e89ce7dcf5cf14f0f770464284629440b9738a2fa8f6f1556513
+EntropyInputReseed = b4d8eae968e044cf12330d4f12a0003944b7a7597feb78dcd039867877fb8e35
+AdditionalInputReseed = a740f14731f9fd6daf9938f32b601148d73e80b2ad43e86c4568011df39eaeed
+AdditionalInput = f6d8554af65629f79b0520179cf4f48cdc1232f547c7be3bdb25d22f65498a1e
+AdditionalInput = c925e1317b64b1b64838a711307baf62b1fd574b6d5ea7810f635a313eeaa3a8
+ReturnedBits = 48445eaf1d608b11975c9aff1455cf30b7cfe8fc834a6a65c77faf77d41216b3ce7efa41125dac64620e893fb45aeb59de152a908136a333913c5fbe182b5e3e06babbc3a64f8efe96e1346c32b883cb09eac794162d4e7c7f3e8a67b5adf6c08b38ab6aeca1528cf3a719a131207c35de1be891116aae10102dfad0c4189302a30568e15a535ed1401aa428cd0f3f99c1ec3ca1a8712dd9ad87719df92d0e281baf90643e362b688a679720340263e0df0c0d10acb3fd352f1eba78391bd3df
+
+COUNT = 9
+EntropyInput = bcac662c65a444940e97332b0ceef0f17800d6daf9d511cfc5cc354dc571cb12
+Nonce = efdfbe0f79e488977fd396993e7c6f56
+PersonalizationString = 3bc91131cf3246e55a03a7616ca140da51c1b520b4cb006dece74e16267df865
+EntropyInputReseed = 6ae81e99cf4e59b06dd4000aa2c07b6a3aa0c51a9a5cf629dc4bd5b81706413a
+AdditionalInputReseed = a5b525c09e121aaeefc41ec4e19a518edfd5755f16d80710a333aaa52b0ad20e
+AdditionalInput = 5a1e853098329a7b53470152fe1b5c11c60f8b0c0683970599eb90d63f6f3d88
+AdditionalInput = 07420543a4938f9e5b3ad6ba70c99aef9e575aefeff3e39fcaa8343f56dc62a5
+ReturnedBits = 764c27b34f50e5d3950895fa8f36c12f3c4be8b2f1718b85bc50b08c98e7d46fb5279ed3cc73b7688b4682e25c35b0ebe0306a8384da405903e7871cbc97ee65614a2259bc1ca092d0bdefdfb24470a98712ee30cb7e95751ef547d8080b76f83d25614d4f5094070d70e13400ca7b67c7a18db18cae2295d6f1dd9bce1073151f7b02a331b37b855e1693ff5bd6dfca451e04f11e94209b817f595f5da32b5f8b861ca8111d3fcee3ae3fe4c9d643b0b302a3dc17176756525174c4691ca91e
+
+COUNT = 10
+EntropyInput = 046194afd40e1c6bb44022175e22617193f749c43fb05f031520f74f9e386e7d
+Nonce = 055f55252c2f04bdfd950cf829cf1f08
+PersonalizationString = b2d329914633ece09d0d38e37483d4d31fbfeb581849c69f95d3e7d8fbcd0ae2
+EntropyInputReseed = 7516e7cf38a134d210cdb868772788cad6277a052a3ef8282e693509a9f2d585
+AdditionalInputReseed = 8c258848821ff10bb44bdaa7dad48772d294da2805f55020867bfe3773c27060
+AdditionalInput = db7d5d853dc680644add62cb35a9bf763874633e4d48e52110c3f580c3d3216e
+AdditionalInput = 6192a40e5f1f59c8299140fd1fa4f1d33cd88b8f04f8c0486862c944c737ea10
+ReturnedBits = b49a50335bf288d899fe255f07074e677aa814a0a5f129a6aed29bec947114c99e0772d35cd271c0a591536d1e1dadaf104acbc34ec744b3c6d77da809d0a3b88788c958bc54ac8f42548fd11b2722651e8188ea4300bef613a323c71bac55ae0570fba7eed2ec6488c8fce629923842ae285dd2762468555acc01e2e16f47c3b2df092707633db6e55d7ef02ca8e7f30e063c0bed3fefd70f5cefb7f55d471538a320c33a7e0618f3f80cbc95f83eff26573ca79ce4eb74fd153a013b3fb771
+
+COUNT = 11
+EntropyInput = 04b066c5b6427298762341a83dc69d8713a7b06459f50bbef8a0682fac963b2a
+Nonce = 3c7088ec7714929303c467683c13052c
+PersonalizationString = 16e884f11d41a5cf0750f94928ca79fd90ca3f5a7601e525c1f7cf331177a69b
+EntropyInputReseed = eb19b9e7f82e11963fbeb2d478931a487e61d9487ec9caff7ec3a360971fe751
+AdditionalInputReseed = af7e2eb000f51bf6fa321f0491f84f753c20e8e23831b1a7c52efb05a37a0222
+AdditionalInput = 1574e2c2ed2d1a5ab5a19ee7527d79b19f9efd80da5734752c22cf37d0d1577c
+AdditionalInput = a7545fe8f32d4036c164783fbc327f36eafbcc24afc88b176c99406777da0f53
+ReturnedBits = f00b2c09f9ef0253c08f84e07776a35fb88bede970b96529b2a269e4e88d094f78a09382f5bff5c928e48937d6b78a379c687ec32e5a3d6fc272f698b124296ad0d113aa133aacc70e4c83244d28d4ea2815b55de1b71010faaae6dee76d449afce4b7f85d540287c635639db50e9fdd141114eca7fc76d57eda87977b91f3aaf7e1e94ca0544304875277f932adf2dc562d17cce5f12d438fb8a747639124a80f2a0ec0794d780cbea81124705b294677a76adbfecf3d2264b9990915d2e9a7
+
+COUNT = 12
+EntropyInput = 5dfff808bc0c2af0a7ba25423dbe7cf10db531b9de357829b75bd1365d1a48da
+Nonce = 815f9caeae95aec8bfca1592ef97eff5
+PersonalizationString = a5933e51ce9fb2342aa5a3a41a55401beb5c8cf19f2f94556c4a17a3f5043a3d
+EntropyInputReseed = bfc4e61b92146cd6dcdb42dfd80c289e55f3599093ad4961d13c09fda6e55e5c
+AdditionalInputReseed = 1bd3231114f11415ff34d071159a0423535f69ee5b895a77d178bbffddac774c
+AdditionalInput = fc09612f7cb6244f3245bc996e6c96ff7493694b30a7cfc5b0f669c95e7a6b5b
+AdditionalInput = e21bbf0ea30d095b23fbfb32e465c1682b538a69215156f8ac02a9ad49f00714
+ReturnedBits = 5d00f24a6dd8b3259127aa2f1650d71abe16d416738a36a8d47576f9cbfb435f3702733378073bfd9369a4de8870e06c79dcefcacb2074e56b8c4a16f950e3b00b4e66ff73f7736378e64b6447084dbb9fe75c6f19170a45bf46c73e8e96b1cf9ab0da5d894c190fb22e48b2d3e884fa7ba30b523be30ecda834688af4278ceaeb1cbe1c6ac97eb6bfccddd4982d59bea01c593d8621615a11a48edc60abf9a2861fcda9d42633de2688bb19886931bd1bf21fe74f32ffe35c32706a9ba4ea41
+
+COUNT = 13
+EntropyInput = 2ec77f6835193b0c29d939384ebf391bd9361c5558a1ff404e405d78511f0b6d
+Nonce = f98a6edfe416ad234731b436a213ddf9
+PersonalizationString = dc88e59fd38ebe8e17fff0469e8e177c7219ba25cefea84b85f33cb15883afa9
+EntropyInputReseed = be5951ef10deed5aed79d820de681402e7e312eb0bf89824de3a52d521f7570d
+AdditionalInputReseed = 33cd5272d507f9e54c940892b35f37df968a884f9998e911427a1ee08c540447
+AdditionalInput = c66536f21cb947bd7e635272df666bf02c9df4b9fab504d36551c914f8d055a8
+AdditionalInput = a27df065f08268be514b2eda2b0236baa257583d9e4bda9059c9072e6b0e4b14
+ReturnedBits = 3fd9d3090102762ad3151cf65318773dd845ebd15370811224bb6c66e719e90b4380f9014272216c1b1be645c921839da8554088aadf852327d4604cb229fa85d95b6bed604a4dd2620c25223cfac3feab74513fa1b78758500dbc137b88e509b185dab88c7e966c2023b2b9f550d4efde5863b88ef1d03c5db33d18870129584ebd16781ea8c0006b8909a953499b37b861d6addaad93510ca4ddfee94e038770752992c749e4cd8c6acd4e33aab1ff6aa5371a427c98e8a365506910a1b82b
+
+COUNT = 14
+EntropyInput = eb16eaef9616d415fea6d6947fa53992c8e1133f9f88d4ea59a0a860a2757bf9
+Nonce = 8f4784b738e1294a4c3e5c9ef6924f31
+PersonalizationString = 25a429083b7f8f5d74999ac0fdf0e79c7f8a1351d49b8204205c6804b4f424c6
+EntropyInputReseed = 655fc827c32a2c407df183e2873a423df0bfee96807136122dc7afe4281c66b4
+AdditionalInputReseed = 120d95c112c58347649b02946f38ad9ab60e3897d779f90c6066ca9e1268b7dd
+AdditionalInput = 748f6d38a6f6e9bf1ad80d3b67e977a08dfa02762c2fbbaf66e2ff84d3681a36
+AdditionalInput = 8bddb28f4a17a712ca93a3ffdb32cf58ddf5e57267d6977f62ad613e57397077
+ReturnedBits = ab5bc292b30130a37ba979749276261a58d2fdf26f357419904c4457e4f97fb261de3f239ff5289d30bb0d0ea2ff45f00a612970ae27956d4b74b0438caec70c97edba27405663cdc6e82c08d912792889d3ba584862af212620bd4f254a1e09bf458f84e7230ab5ff0bcb271edfff3dab7cbdcd8b362c33a8db9bec9c8fc674923e23f839fb6f4a790544f81527cc71a7f8327c2a0b0b400c7c064d64b9c7a300d708fb82c7c0ae6da27f093fb1261802c0b6761a0ed6b6d3cdb90878e54b1f
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 6294f06a45fafa58eebe0f237c5f6423ad6ed10ef3315339bd7816b5b3f2675f
+Nonce = 1e2bf057781e031e9108f52172d68a30
+PersonalizationString = 
+EntropyInputReseed = 59417550f22a383d9a1ab7e23087f577fd96062191e3bd158d1d5b357b5303a7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2bc3e0683048ccfc87cd7f53bbc735325c01d04cd723a3a79474e7e6493b345bf1959b493c864c9b4dba3b84a5aa0fe77db018a215a85d6835f47a4bbfb9a98555de864cb513aca1bf091902e76a250ef538dfd2e3046c8b91f35c01fa92eb50f054456e78ed052cd72a99f597a25ed24e3fe2cc71c33609342d85a11052e740f92a409c3d275024988b4472460bfeac691c461f3459a8b851ebafa9fe9e272fb07179c26b4ba5953e90c74fa2c74797757cb0452602382d2eb27f33be7bb736
+
+COUNT = 1
+EntropyInput = 00a98ed5f616f028233769ff777a7342e57f9a8a1406a1ca486b64b23bb34f76
+Nonce = 56cfa1f545d782b0ba2a392b25aa55ad
+PersonalizationString = 
+EntropyInputReseed = 794f957660899ae0e4bd509b5dc5af6971c4095a3acba7bd2c5b71a178690860
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b7d011a04593310885d1e5d663efc4410f59408193f2b44d67dc292f19e7099b0ec4ca102058b7a4bd2ee41dadc017bd1849a32560ae3b57e7105f1653c8743b27e912d9b57b8bb638bd019779aaa0e3e84b324e42863ba9595320a812b99249793af2a7fbf557530259d3c1ba827bf052e0db6d950f6ca76976e7eb7ebe241bbd4b6787f80b17afbea6b19a671b2a256465669e2430651c70d0dd9e8858ff8f3fec81ce05847a15c8ccd81c1971f19405835d4d0e56bc302e9ec852ca31ffab
+
+COUNT = 2
+EntropyInput = f54f459ae81747c007aec42ccaa0573e6cef278568eeb4b7e152ff6be5a3cef5
+Nonce = b86e79e81a7a1186d82ec161fe23602b
+PersonalizationString = 
+EntropyInputReseed = 19a2a4b9f8977ef5648a44546e97cf76968ab9b19d2c4d6a80e4b7603d0bef5c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d019f49a826eabe22be8f7f65e9933f7f101af27baaad9b87fdd6dd7cee753ef95e687eaf906c99c892c54347154830592309a6118bd595cffff09d06a7229940c393b4f2935f5c1a56548ed7ddec4fd857472e3b910e52d2bd69344debaba86f0fe01b186ec056a1091dec94394ecb626da1cfaedc3b9ee259c6d1ef6e0f4de4f71a46a78861dc753dda173556ac6b4f1ce2520514ab70f44dc64bf63762194f7c173d7c02ab779813748a00c0a35e50a821e9237050b5da1869541894a5c31
+
+COUNT = 3
+EntropyInput = d2aa1e32cbea161d386ab33a1ebc229cc2cd465faaf02fadfda181c45dda8a4e
+Nonce = fc99b52a4cfe0a71b6687cb64a87d4e4
+PersonalizationString = 
+EntropyInputReseed = 31b7bcf67cdbaa9ee6acbfb64d012e6f35cf26325f3cca1d59581f08985ad499
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a2899b52bfc35a0514c4a662e102dcb44659aefd3eadf153324630d64a016023ed42a30ca2722419a7bb098a27b4f6b04cf3c3c7b47e4a32a3268248c38fa8acffde5e8dd11a94636065e92fe2c375d9e21cd8543fb92601dec991d2b6433d7e061efe931400939dde7a73335f2d969f4f46ee81b97af2680d36e6aec181970780d56f5ecd82ed444d386b572467f6a51cb4fa8dc62625f540965899d017b1cb23efc6497fafb676b3a0ec1f7558dc7e024d72bfaf3f1eb251e1863f4aa1a592
+
+COUNT = 4
+EntropyInput = 401caf007a395bdc6aea4a88161560c2aca5d33c6abbabd9b05fd11a28dfbde7
+Nonce = 9a3d41d22d88de61a8a814139946c189
+PersonalizationString = 
+EntropyInputReseed = f20ebfa5094d2da919c2d5d0e925ff4e180a8fe408e05fa985bfe1e3741bd840
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e8926e67a7ab533874956c280c3190176d5e4a6d8c74b53fed8df0e012f29de658e1737a41640fa2e6eefc0db6c1121a6ad7d496eda86d471fe4c14aebc03c9f2152016a0b4c9291eff92d3c60a43081967e76e6bb075812b901253a3f5a9700927514ad1515a0aa1364ea7f476aaf4c75bf05419ed5ab45553dd949cf16652a980c5b558b808ca46872ea9153852f48601de21dd191aa76d5e6a118ec6bd6cfe90692f4a2553a6e78ff9cd79709b2aad4dc62670e8f476263495274a0c2be9f
+
+COUNT = 5
+EntropyInput = db25a3a051fddfb54322e4d28e9302669bbbe85e7c5791403f9efc154528784f
+Nonce = b3551eeee5958f2fe1eaefeb0c73e1e4
+PersonalizationString = 
+EntropyInputReseed = ea0c3a27edecd0868532b6779ed8326671bc599c7da811d7bc5d5dd2d8c824ad
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 89fda55cf7819a30771c2c64eeaab2f875486abd54ed35d8209e25d363b8d365a12537861b0b20e26477b60bd97f8c2bffe9958c631a4e322b5e41110e57e4748f12288f014c4b3a15c5d9809b36bbdbdcd29876da72dc2bc0b85a08e5a3656806b955d44b9784ec5a5b11538fb8887cba2a0c77bc6da3b0e4b2a61335bce2887e032ad840921a7a605ecfd563af25f9387cd7eda0c90961b56f447ba7b0938f41326511a9929f9bad19bd2b5498dda572c48a3d2a2e6e94612ea2ad016f0649
+
+COUNT = 6
+EntropyInput = 7b07624910407d7ec5b66905298488dd2c37f00e30c1349c59df95653b190cac
+Nonce = fe5bb4928bc74609ccb7f143f91166cd
+PersonalizationString = 
+EntropyInputReseed = 745937de92da59eeece61fdbeacbfa8643c473cc0aca2a0212b891d0faa66bd0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 075eeebe7736e69bf48b9513a9f94646805fb3071a7c8744437621983879af6359cb4839673ee1f95c25d4261d4ea984999d3eae1296ddbaeabd7eda1024ff87922e100ab847713bf2c20628d2f2d4fefdb87eacfd6d093e9818727974a5294ae9d76cbc3848329c9cadb86a527fb523f191b24ef50daef05ba5fc8de531c207ee5b63c7b525d061f969996ea446fdd68a2a73d9ca40a1275d7f4e58c4fbaa86f273477c2f0b0dd6ada60ebcd2a36e3701292aad2845dff2c04475a727a23eb2
+
+COUNT = 7
+EntropyInput = 1eeed76a8658f823917369ef4ea4b4cbd5b82977bf8b022dfc8b05870a7c4cd8
+Nonce = 8403850c37834168eccc4a6df3e7680a
+PersonalizationString = 
+EntropyInputReseed = 94d16d186b5082c9240d5b3fa5481fd8aa971549077873095cce51c7dd2be7f9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f48c2d9ea93dfb452843b6d1f8c58c7eca4db970877a3f1d9d68ffecbbd71838758ba1fddbe4899efa70a58c3549139f00f13d09704c41aedc202ce5ecde24b70e44b61d645068d660f346821ed1e802a44cfeada75b5ce924d4343a6195543b8d1432984b59b1577129ff795f41555b14abf4cd41b1c4d45e7123a007629b6678202f147cb735e7a4112bc10916cebf39ee4d078b7b70067792804dee387fe34bf9e7c791e2a783987dd1fd5ab04d4c93c74bef05e267ca5be75e37e8d21f1f
+
+COUNT = 8
+EntropyInput = 1d79eef601e1b93881d70e82538111423967479aa393473fa02601d15e5d8f56
+Nonce = 0a7b9a19f55ba77c7816a9396d06b316
+PersonalizationString = 
+EntropyInputReseed = 8978903be82ae3cd6ff61b7dce51a885febfde9e08e87303b5ab79169c9f2c2a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9f25bd4defaa0a1b3e6cafad4e6a1d5c8b87b713577d4dd5fa1b978a6a911df63bed46f58f6c3d7a5454bf98c4f78c0925980ed27b342836d7250f5d0b03ec458f7b18eade74532377ee8df1806a6028187466f65b8078a3e8139105957d516ed4fe8b762bf8b51029e2615c80640e7f2a94f6686ce94694951813234ecc8c81fc1923310c39f7f855a47ddd56d20f2077e3cb724e8bf0da33a9acf7eac70bcb1a7d3a07af5fdc28624b086a4eb7a71d7f85562d7c553adc55180b858b2f41a2
+
+COUNT = 9
+EntropyInput = 2dc0fd5e687c5c32e351a31aa51dea83d05791ebe6da35ddb6d860af7e46cd90
+Nonce = 0f78abeb9c747ded6fef858db8665c0d
+PersonalizationString = 
+EntropyInputReseed = 2fb04fc452fe35a1996ff48900798f02a605409cb6e5bd33706cc4ae96f95333
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d25ef5ee3df8a6cf9b6e7d57b121b41a84f4e38e6a7475e1cf21fe2c059480aa48ac5a137eace7e696702974b4383e8531a79fc8076236e6be78cf3d2ab83d3ff172fd00cdcf3b46be7b555fe98c4e7fff3eaed76420385f434c1ea90e9bd7ca505ebfc43a72cb98d450c10bfbb2896d252b771281bfb08ff3e654cb06165e8ff8748181bc6df081a675f9acdeca8ec82271b2101a9f9dcd657015a3267df2373e3c95b8c6cdc76c030a3a847335e6b0a3d9b1695cc385616f3b660e19e71604
+
+COUNT = 10
+EntropyInput = b5805e8495b256e7f4fee860451d7b354643619209a5fc96590340afc73abf23
+Nonce = c393c11935b01c9c297713e9cf552377
+PersonalizationString = 
+EntropyInputReseed = f8d607c7c0e6d8b069d741a82fa450d2584b10969d8628fa909131633d7f7726
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 85c3df595efde90b5e0c3ac3d5108e4ba04652471afd83add325a4976bdedb323ead51fc7be75964d84f93cf3d8f1c5702b6b4e22d0fb94ad5401faeca637723773243ffebada6c4d686d0aa6970ec13040835263d6263340a08a81ea7143b2b2af3f27e39391e82f815763cb9b31483bfd21ea87e04ae32d162e6ca57aa0ff2f474154ba455de0d4206f3c35b129855e535a344722c8ac699e74b9857ffdf9cc08468df1fd9384b01a1f7406ae7c68ebeec6f2a400c63fda85f2142ca980482
+
+COUNT = 11
+EntropyInput = 7910947f1d2ea6e85c47e852df1049507cb2d7b8f5be5ac7f247695615320efc
+Nonce = dc8df5af9100ab2aad9b161b4cc834e2
+PersonalizationString = 
+EntropyInputReseed = 2cd053013ba7d0baa451b8fb1cde62d6b4d572c0582d15dc2b70aeaf379557fb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ec0f89e6c74b7549ef7f0b5e1b956f6ab7121c228cd2634a66fc7330f490a89f489bf39c94397e3e7938537a28afe9bcd73a668116ad5bec4d98098a124393218bc9ccb8ebae80beedf5a782bbf4f543ca41c8ecdebe9f7ac3c0afe04542c29ffddd77137c161dee1ca3428894027ec19f448d7014089594b2a01febd1592bf88dfad8e7ee13c93b18e8e88c778054ebbb4ea88079dd6e7c423b7e316adbb52350540c9beb2d34d59d577a4bb2220086ab0e86762366382033a1d91e723da366
+
+COUNT = 12
+EntropyInput = 023e1d9257936c2fc80373fd82bc33eeb408849a378e1eedd449bd1cd32aed20
+Nonce = 81e78ad590da034952300c2e9ce5c37d
+PersonalizationString = 
+EntropyInputReseed = 093282fc682a27217b31778f98fca1fef77c0b76e4c0abed2f8d42df820108af
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 836af114c70123861314bf008ac7b8ec8e11e0eecd7b0dbebd6ba39916b6e0de266ad5503cc048b29f00e94a0e13cc56dea1119ef70eefef794b5568cfab500873c1e4f6f3e920433412b68a22603fdfdd3c8bc5afa88ec5344de7ac8635030e376b5559b4fb5bdf9b593b465336fe1ad5ec8021174e16d702a9abe3b01a64e4fab18abcd4d2b1e3c688b475a3b864d66f95245da0fd3ff7ec0c0c0efd90809accde09abe48e2b951b3581cab60a095ff1e5488759e1cd18e84af8406e0dde13
+
+COUNT = 13
+EntropyInput = 90ca30f4485ee87fba5967b8568582a284ac90dbf1ba2e837de2f71db4911230
+Nonce = 60ce5afab61dd35cf593652ab5161550
+PersonalizationString = 
+EntropyInputReseed = 7fae2c8789c61e9485fe7dc49330222ed0d5726a3438bb1b136ccc1ffe30d919
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 15af248ec1330b05aedb9db4f6e8074a88348d3e1e330398202f5a87c7f609116a1f1df74e09d571bb4d6c41f3e4e62a418e275f5facf361ba6098b0cb5ea51d89be389dcbde3b64a9a4ab2c8322e3ed8172611dbce1b0256910bdcec7f50b4310a6716385426b65159bf0fd8f7d18463ac0f86ebf976859070eebd4f4274789b7ba89b87d9cadea0b91c75b3531d5887467ea200cda30d31596ca8d3703ab89dd111f3ae6e52e46ca7714d7f024ba847e709adea87799e0f0df5f852dc4978a
+
+COUNT = 14
+EntropyInput = 4eee234eb899eea7df25403a204996135f7474dd9a49e727ff29f0931796ddd7
+Nonce = d120d530b790187e08c6ca4a21e903e4
+PersonalizationString = 
+EntropyInputReseed = 944c512bfd4e70142a0121dbc350286f85c054939df01b1ca7fe6532f1f9752d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 034322d3686623e3d9132f07e4fdb666284ea571214a6ec22e6eb4dd37718f4e900036448a8e2202614796206759276891d0101b36ba9a865ef80bb6107738904128cd1d52e25202642d3d5c8a94997f5ce1a39d8fcfc8c882d329d17b02348010925ebc519b4f0346a8f8bac10516f9d5153d8c9e8f618e1ff03d7fb64dd99d8e1c6dcecf6f818fb898590a0360e209d3b3712a6e96217778b6c0dd99b896027df04e772dc9226ebb6cbe0aaab3ff3c74c6ff0ef74f6adb213d84c054ff41ea
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = d46e1171a01593075d3b13f1428f21ce5d64eecc530f6d21da3a9a575ad230c6
+Nonce = 924b6d369df497e2ccbe09fe2e2e4362
+PersonalizationString = 
+EntropyInputReseed = 9d59ea5540d2436cdbeec2338dc24819fb0d5892b25806f4bc28c056219b346a
+AdditionalInputReseed = e7ae80f150516a861603d890257b50ef8adedd985fd12d00eed389de57d37166
+AdditionalInput = 0b53875ef5da4b477fadaa34409c2a4ba5dc6cfbcd9ef0416b24b634b7f520f2
+AdditionalInput = 4ac192aea56f44343579fe2d4791ca2403af43022d5c6f8d5f3833adeb61dae6
+ReturnedBits = 1fad71a8584099a41f0c78a19b7c42e3fe8317d7db0edb6eefc80a1c8b6de7ef85c411a413a62f4bead905e8c7e3b8857f7230dd78f1b5b20679807f5c94de6630996069fc3488fb22ac462b010942d5b3c79ba8a69e318ea9c6b3564bd92dfa5387cea8a17cc8a802471cd385a73dbf49a5e2e7dc930c0b1ca4b246a25f1f1ffcc252c631fd856f8a76df5664a47e7f767302af90385c9ea28b395f6736f0c9e0342add5a92e4b970ecc63b4206bbffd281b9039fefc0c041eff9a7fc229dc8
+
+COUNT = 1
+EntropyInput = b10b3e8fc0dee3361d14ede5e745d04f8430abe7403e50149e05384e57c11afc
+Nonce = a0d524195d9d71d2a9daa50ce225cfce
+PersonalizationString = 
+EntropyInputReseed = 9dcc34854fd85a158d4316be97497993d622d6b83746f2a9b1764cfff85be3d4
+AdditionalInputReseed = 2bbd20152d2b28982315715a30cd8fc575b8f74784cf3d943313eac7a553f545
+AdditionalInput = d8071917930ec1b9247dbe5783228b0c4c9694b1be3745011760ba2a934cdbbc
+AdditionalInput = 3a9fc5323f24fe28172afed4402576d47d10aa748a630ce0933ce5501a133737
+ReturnedBits = c252b5f699aa578299b1f967c9edcb1e7dd21915b8119236229c7cc72bc2ca5c5c4de123c3110d11d6afa0c65bc425bfb584a6e3ee63b6b1e16fc3c84d96cff51c15e097360a10817144924fa0af094696d7934e6f31fe5c699841c803216e020bb41430abe045d6225c16eee5a4dbb50da8f609329f19fba2d65afd7a68d7f7a51aa2c12c8a11d652f929affabfafa7c14f55b5d4856de4adeb885e9a59068db9ccb441d5b1d4415f649be15e736f76eaf6bf7854675eb7f5e09539c1644429
+
+COUNT = 2
+EntropyInput = 4852a7715a4a97f7afa91a683a127caf2cab4c450572316ea7a809daae403415
+Nonce = a0c9565d12d2bd6628f1d1b92670ffe8
+PersonalizationString = 
+EntropyInputReseed = 891ad9c623c3bcf7db3ff006bd466a8fb68d2e560c2ffca41f9b5ca4a94d860b
+AdditionalInputReseed = 60435c5259ca985e02a9370e67c5c9f951b70255db9f53987c181d39b6df0e33
+AdditionalInput = d0965ce9c6c98d877068e8e962818f303787a3be192781f54060fb419b7cbe9d
+AdditionalInput = 20ebd9491fce77dd4002bb0cf3ca065e36297bbc47d7be29b4ba83d635e91a39
+ReturnedBits = 598d4feeddbafd462913e7ab458a0ffa9690fcf1d76a87490f6262e9919cadbfed332f23765028648a73e448f7d7e8ae8604def08db628e0379e09ae121768ebbc0f8818af5906e41f37391c4f542a5079a3673c7c3f7c961f04ab07e0c4bdf6577b36a55e169511fc89e9c3aff4d1a8d2de4e8956d8cb13e458802683f75f8320ca0131659b8bc2cafbaaae496c3946c2c494e56dcb9ee0efbc9c0d84c8d06c09768dc40b8c4f33dcf7b87c8d12ffc8b22ae99bba342db51d7210eeba459ae1
+
+COUNT = 3
+EntropyInput = 3d54f286282a5474c36d8e8e2535183040c569e49245b5da22f7f7f2e2c7f337
+Nonce = 3f42b3b80886707684a0304ecfab593b
+PersonalizationString = 
+EntropyInputReseed = 2e2031bf6e85e4a8f48c3608400f0e830e9333db4fdff063270d4fc858f22378
+AdditionalInputReseed = f882d2a77e20ea79f7aba773f7c86d5fcefffe1208d18eb64668386ecbbfc80c
+AdditionalInput = 332d2975fdefc31e4e7b381242819129624e7b270e84450b6d6633b7a64fa9ba
+AdditionalInput = 952aabc00ded6dcb92c4175842f3259fb17301cdc9bbd85d8b033dc84276056e
+ReturnedBits = 361e82acb072a0e25eff093a37be474194e5c0846a1c3983bd7dfef247c372a3bde3fede4a9736116ec61069462f41640bcd706d6c556779f4dcca9730f46a9fc79321e242f40f8aa8cc4ed9d318ffc761602ff6a7be6cb120682b594c224dc675451c4546c5c748558ee1791e3db49f4da0a374ba8b926bc08ee906fe42d3f62c2956729a6d4a214568be5c68d148179401d490a6dd07cb7f514c12a311e6690b6e8b5e5bd3613791495d24f248f7641c4d9a79b7d411de4c2287473ef0d375
+
+COUNT = 4
+EntropyInput = 6ac3771326903d8fe7732d1c59b5a6bd73246e359aa49bd5b00e820c283afcde
+Nonce = a64549cd40b57fc84af61e09897b7b0c
+PersonalizationString = 
+EntropyInputReseed = 22a2f332f18d587575fbff14a26ca8ab945fef3f763c79edce33019a1e53275d
+AdditionalInputReseed = 2d3fff5e1e2f582f40e0906200445c8d6ccb268aa770d5a2fac7541f76947ce3
+AdditionalInput = 8b001e27a0d6c2acedb8bf32af60d7a682db1b52139df9c3f229e4a07f30fe33
+AdditionalInput = ce15f804329c1f41b090707c24731c33609b7d98af1ef54d0abebc86f58e6438
+ReturnedBits = bb347b7558f92b7fdfafcc984b054e8f3974e6194135574944054b2bb26122e73e992a2467f816a3afa40f78796c47151f027958918b339c275c39478f30b7ad3273ce6783d47900d18423b798b132fc55fd2cc104cf21a3853fa6d324e41125649b5f77f62f7b52ef02bffe9d868f2885e2190e050a2799493f30ebdb517ca02bc62723efd15b4e8ca78ffd2465e132f15206dc11cb787fba9ff6c425c3787a46cfedd4a3a31448e3d5f85f8b7e1b89f1fc881c00f3c29e90361745f993932b
+
+COUNT = 5
+EntropyInput = 60873ccd3395fb795a721d7a958e7cff104b955c43d5485cba92d1021cf8ed7e
+Nonce = 5d93345c2170fc5d2b118e7bae202f8a
+PersonalizationString = 
+EntropyInputReseed = 115c106ce887de783927f50a5df78da17f21dcfee95730326bbc1694ef4320aa
+AdditionalInputReseed = c0401764b29e72461ac86a2534d6d7c542d0e47e88216cb784612742da53d427
+AdditionalInput = 6f022e177f8b5e03c119ed58aa8dd0cab6cbe1385fb7acbf9b87ce2a185e7b0b
+AdditionalInput = 8c48813fe34cd6b6311c0601a979215dcdf29dfdfdd10473edde2efbbf9f49b9
+ReturnedBits = 00c5549966a84eb083b5e2c4d3399b7a739c9a7b088a0efda777021f49524102ac1eb47d614449a183165ccf839835ffc73bc4cf5720ed1cd81b84fed33af8cdf564a600c6cd3ee06a58f7718b97f463ab3c9dd295f500b6d80e5b6a1b39f11d7430e7c18f1bfcb62f6ef19b39c655bdb737919b96cdcfae71d113719cacc13941cc9823237aef323d77035a6fb3382f1de0b2d131e61431ec637d0e9b80cd0bcc3927bdc5f477788535063ee8bb000623a8faedd2bcffa57c73b04924dd3bcc
+
+COUNT = 6
+EntropyInput = 3fdc4aaa9fe0371df0ac1e8241d3f058cd4370f167cc1f7c83fcc3d6806f46f9
+Nonce = fecea93ab58a60dbde0ddcb95ec4fec1
+PersonalizationString = 
+EntropyInputReseed = e7ee3fb9df215e576df97f1adbd08c1e671ff77a48d83cb3eaed127753b04282
+AdditionalInputReseed = 7766768cdbb60aa386809272703e312a5b0bcd455a4b8bc4a8286b5c5116e3c9
+AdditionalInput = a3948972e8eb2ddc433be774f2b70b508a582563054dada9c4160082cdc6b855
+AdditionalInput = d29b80b66edb9faeed77631fe33b719be1b2fe0c657f7c9303d416d6db098539
+ReturnedBits = 7713ba9b4430ecfde6f3797e963b504c448c0bf65faeace69096fd39f2ce8ae5bb8cdc911b5b30af02eea7600f4fd4f7f8cbda952b30f943d382bcd0f5adbddb31fc3d2e97b1719a63195ade72733b889115a996eb4582a71815f9d7204566dad0aed6a1673dd81bd5cee842e6552f17b6ab9556c7a494744d55cd7e97904a7c7fd4bea6d267233837360f926468105615a7890c53611e051f78d721a1c4a59f784e2c6027d2dd9b8c338c08cf0b3aa69823456b7b357d4f3817d7b93f1d9102
+
+COUNT = 7
+EntropyInput = 9dffaca2b0ddcffbfb945bbdebc328f8369006b82700b8669436c106449b41e1
+Nonce = 570bc574366e1b8656422fa0d5a9ea2b
+PersonalizationString = 
+EntropyInputReseed = 1528746cfa4e9867c574cf1b7bddffbbfcca8e978c0719d055522164b4a372f8
+AdditionalInputReseed = 13bd8303220d9beaba8c523ea0139773b5a980c8e47ea82ca80585622a9e3006
+AdditionalInput = 50f0977b1b02b0c54d83c4c948870ed86c08969b870cd7b934840271599e4f1c
+AdditionalInput = ae217360d7efa796b05737c80f1f43a96d20bd8b0dd1bf9e68c47f9d7416f9fc
+ReturnedBits = 544167af857462c3f21c4408b87647d8c26fefe554e4535df0a27254cb904a1bdae2d290c48c11ced17984e6f42ba7b19c0499eeb816d51d143a0050bd0bc1c13f23d5649a7477c402c936ece1bc9223f87eb7f7c8f85a9c6e3761aab0eff143765c8e22152a1da9267d6ad6c723bf63ef1bd314c5a39eb78f0b094f4aaa841582e51bbf294251320b2097cc4727ad053c881fde6d11862e73041ecd336fc6d904e1db54c820571560c22c9da3f99b23aa367da2ca7bb4d43c4d8f62ba191412
+
+COUNT = 8
+EntropyInput = 38ff55a01ef58775a5c512a587b673f7968f4b13ce574472a7f60f4fb3e08702
+Nonce = a9254ff56600dee6eb2c88ed847dd77e
+PersonalizationString = 
+EntropyInputReseed = a88de1b449037b6b4ccac685b43e8d3b916b389a8806767d1798d929c85c1ea2
+AdditionalInputReseed = 89c7b49228c9ff951e4e1e355491c4c0bccfb933e06c187951584cf4bb4a66be
+AdditionalInput = b2348859bf8e790e9dcf38414d18b0481ee3aca9befd3070585fd705d7df05fb
+AdditionalInput = 6498d8e10af09f258dd027e51ebb1a91bd2726bad38abda4a7eb229a65532079
+ReturnedBits = d53b091a7463ecc60a876bdfe97e91ad6d8be0900349288c2c2b28388b78cde372d975a819c9911ee39ee2792f1c85ec700fd00d76a9c714c21a21a51d8ae0acf00ea36099e12e77335e0ee9ac4816890e0c44a265f90e15585b0af2032c7427835f0aa024bd919abc379c45902d2fcb0543f74f39bf1e975fae7340f080614f38b1f8a9fdcc417d8e566cb8203f88d381e2afe199ded8b98c29fbdce5d731bd19dc9ee54e9ddf3f82215320314213b859b01f6cf39e8ce322108c18a3d3366d
+
+COUNT = 9
+EntropyInput = 10ab036947123ad2294282c92823d7af2535bc20acdde030eaa5528ef9800383
+Nonce = 5d8786f28c108f087721ea5608546b13
+PersonalizationString = 
+EntropyInputReseed = ee30b27d2beb23bf1dd9d7db25619df130fe941929921444bcb1f3a229c2ab05
+AdditionalInputReseed = 784adeb67e2fbc6ee5ffc8682fccd16ad2dc7c78ab9044afe001d65c05b8df00
+AdditionalInput = 2c4e20ce0cf6aad11fd325d87ff30607966e1de8c7f0f49d4b0979694a6d2416
+AdditionalInput = b393089c9d476f7d8963468f722f83f935a3af0689cf48d1791fd764654b946b
+ReturnedBits = 23e57072ffcadf35e36946bdfe6f5a998531f6eab3d921f2026f07eca3952cecf15fb60a88593867a2e848916761e9889ab22a8f028abcfca573c8fe6028cf4d139f19b28d821a191be3af42783501a515cf909599f1be6f3748c341307f94a5d5f2aa7efbad403f710a0b2851bb8a01fae0a79741d4dbd9c60fd40e12905175c0ac1b5e1361e686ba98e8d0fcf4a09389857371d8ac80d2638178814dd57edcd8ab28ccb51dd8f9818214a825efe9acbf68d5d528fab9dbcbdacc43bfb55497
+
+COUNT = 10
+EntropyInput = a0b144bcc5c40ac6d01b0cbfc49e1ac6850d6fecd23b3ee0e941346a9eb175c2
+Nonce = d4cb1517c9da196fd83301acdaa86909
+PersonalizationString = 
+EntropyInputReseed = be419af9bd237ec370784c44dcc8be24721906c57b7bc66fdee5692fcda56154
+AdditionalInputReseed = 7cc6e6ba858579c9dd95295d1d156be32b2b5fb82f3dc000e033dd9ef6669512
+AdditionalInput = 26ef0855f6deef3a10018c730f06f7db30b4df4816a2f903b5cf6b640ce7c1c8
+AdditionalInput = bea765b83bf590e643e1dbf74f686b042fda2c58cfd1f162fc924df43b8fb160
+ReturnedBits = 31a0d9cbca285ffc88f2047cb67a39516a58d505203bfbf6dfebb555830179ddf7dc1f0332873ab8cfd2b5079987f073e24bbb680f0a174e29cb679486d1a0916c992edf351b425f1270da6f02909b2cd9d5845dda494413f75ef400983458e850007dfa49f69dd5c9b32f9cf8171f984baf052ed57455084c9ac1de59bae9b3eaf00130f8f3cdb986e77390b6aa14e6800034c3021be048a5ae06b4a72e79ada78c36471a63baf014d1d938a9f1dacc600114774a4cfaad377e0c2859c63163
+
+COUNT = 11
+EntropyInput = 6e74db63664c435632349b8dfca8a26d0e631a763273f49765d79d78f4e21c42
+Nonce = 5880e1e7532243c903e464ca5eb52d2a
+PersonalizationString = 
+EntropyInputReseed = 7d109c0ce36f55a07ef5d0c88559b009f488013dfc48ce81d3e9e3324caca19c
+AdditionalInputReseed = 96580eeede224ce67ee3115c41eeb820368e91f50348724335bbe5cfe25427aa
+AdditionalInput = 5432dd04eae8b887b2f1e6f0218e5602f39d6a39b5d90bf2bd9c36c88f91b7e1
+AdditionalInput = 2f98ca8772b51cb630d8917b02e8beb8577b1ab8e2c94d269f425c1134faa106
+ReturnedBits = 94e934e0eff60831ae5ff14ec5d7a0724d680a856c986a1036468ce364971f422c32f6b491e69570ec7e1509f25d181293b6856e8fd6b52e07aa316820dc914722fccce702c5ba9007e57e7b70a477d4511c4367339ff4796ffdb3903342b9f929400abb032a182c0af235c78f12c6c6cc960641cd35b979e3d58dfe50dff7f62586634b645067870ef0a094ca357f4e3265220c3203d15fe311136b6d215efea887f78d4ccfdc86ddbd0bce0af3739d1809d68b496b05314b5ca8bcab24cda3
+
+COUNT = 12
+EntropyInput = 374d915a32eea4020a68a6eaefca3261a6970840a4c16a419c815ca62d07c3a0
+Nonce = cb9f0a0ddcc5f993165f8a6c00134f81
+PersonalizationString = 
+EntropyInputReseed = 0d1da108fe7cc4ab328dbca7b33b4d431c4d9c9544fa32606770895fe5a791ec
+AdditionalInputReseed = fc9008abdd6699a81e04e44f29a16b563e933bebd878acd61328cc2b2d515f88
+AdditionalInput = a6787d0e3500264ff8ff11956787903eda8c12c4baa501d15d5dc59e30d05ef5
+AdditionalInput = 11daac9f46dec0433d89f2a0581d1e3b0c17e785f17993f5542a70f9fd19dc4f
+ReturnedBits = a4f05683429d4ca4e2215399b047c4c19ce2e224ff23af8290ffeb919e654cd675be95de361983b23fb1951df65e499fa35d51200ae9ecc3f66ef9cbbfa6e7fd985d6b44ec22b067cb820546517a598ba571bbecbb942cf121193def39ed9decc1f73971ee67d421baa552ccffb6183fb74a9494adb1fb0858c808b2019125cf3430c302d6f349cd421996c8478afc169a7cdb9d42e9c53c80f14f54fd5187ce03b59fb6b977733150367b0a9812e9b2edfe06623a08bfde0a78a5cdc3c2f801
+
+COUNT = 13
+EntropyInput = e7ac99c8ad460a4236b6fef2f628903d6e33e728a61c67c011a18f3de150e004
+Nonce = 9f6eca444a1996daa6dc8a5253eaef1e
+PersonalizationString = 
+EntropyInputReseed = d46106b78499e2cb05ea88ddeae5746f6fb35ea064d2b981efac7b4724508639
+AdditionalInputReseed = 8d08675af6a0ca49ed1de31e5f1984416901ead33c5f87625499115f315ccca1
+AdditionalInput = 9c787c7b6482704587b1618462b0f4fa46b5a9009b6eea9c33c1e97db295aa2d
+AdditionalInput = 58e9bbc08ac09cf9ccd61235a3923d8de15853ad220410170a07828b494dc530
+ReturnedBits = aaa8cb4260c3a7c259a1f041b4820d3aec9fbf902a075caa4d93016aec01901e8cc6ad344dead6d8de558c4be813a7611f4b3ab52dbe8aa21e3888e2c93130d3143c9bdfbc45a7c5df5768ae7aab83e9dffcd7aacf1b95ab500c0296ba824d0dc8c951b983082dd804199e2c681ba5f09d519671f2042215f199ba35819efa83775ec3b23b010e94fb418ae28ae6527f3863f53187eee4f2945f1325c5d9317da977934d185ff7c02166ff004bed070239ce2e7da5fa46346d0347c49208a785
+
+COUNT = 14
+EntropyInput = 58c9ab9847cea6c8419ee5f387b5712f7d97b829dedb4ae20f1c3a24bb02d052
+Nonce = f7963fa46dc8ec0d00260d5c2773d89f
+PersonalizationString = 
+EntropyInputReseed = b770d4b87c6b867a9278a01329514601148a3f3cd92303526b435e5363a053fc
+AdditionalInputReseed = c669c32fcc2593d5dafb3009ae1a443780e4213e22be6eb398509e24295397e2
+AdditionalInput = b7768cc6e21863f1d112fc71ab46c754cd2acee54c2bd0b32ba1e659a7c6c6d9
+AdditionalInput = 610d7d1a4f28c74031be673ba7c1a8fbce20316eb3a45d8866849818e8a4d785
+ReturnedBits = 38e8823928228da2c9cb675da8f9ac0da596bec15088e9608e23c125d77246325c8ecc44e18fbabb632fdf788e6fa46f89fce033bd9e00197ddb6923e55a41bc893ca12b85e7697325845b19b747dc128e8d8f87acaa75446654e6a8eb6393d0a5a8a828b896a708206d9207b00a6b613d812d26fd44c8503ffb91698ba1f7c0a9222e88688e4f0737d2dad468f4180c50dff8d55aa3bdbae12a6f1bc3f2a13ef95c5d6f76d811fa519894329d115ec20769fb91e065e081e35e1014134ebe9e
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 0e85d8000c4fbc91c6bf3f900675d9d87213eca8b4668e8f17e4c2c49f633d46
+Nonce = bb1593e57ad5dd83f8b7fa7c8ed2a5a2
+PersonalizationString = 0def1e678a41943762bf49c3dd9b02dfdc5343d735f1a8da2c5ba55fb926026e
+EntropyInputReseed = 17b4aeaedd33ee253ef2f7e26cd75e5e97fb6934b20c67827c165bb2f1f516a1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 057c8fadc511cedf3747c0bfe7575c8740443646229e81e28a6dda3c33473aadef4a2c3551f64e301d52cc7de5eaeab78e16a45bb025137a4c810d9eb77fcb01a02be67a426142036ce638e991711ad9345364f18836e6c30684a7358a73fef95013dd2d6c2e9b7b0216d54ab032ee5edaf715b17c478a0bac4a7309db3e9284c27cfc97fa2a11a5bbfd12052468ed6c2ddeff7960c447e374a46cd588ccd1bcd2731b38db9b89835ff14f4966f2ba3a87646f0598f478445d5c7e1d7af8c704
+
+COUNT = 1
+EntropyInput = 63de6aab690dd38a90fe83e3b9182fbdb0a9acbbbbb1f2225d2f4c4bf95d58a2
+Nonce = ab4f7f6153521ce541d2903d99cab9d5
+PersonalizationString = cbdf965fa47298ba2481ef6b9dd234bf64ab50955219f2fe4c619a91ad7196b5
+EntropyInputReseed = fe944d8a1018331987fa975c269eef2c4dc7c4345fb7eeb6bd493cb3bb34493e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1addb8394be9d094f377dcda5fd186780f6b5914eef173c77fff2a889c4776d7a4a261d3dff45370d8790d860ea43afa14d9bb9579228c6976bb048718a422e6f6fbfc2dd724a836b70dc6b9782fb6a35462897c846c7a19cb9c079880a5c71486fb68163def4fe0a77fb3052d5c4176095cef85c59d22803aa9f556f6bee8b64f525c84c8ad75eed8565bec9690552367887e8dee0a3e913c79c714b5b54b7b3c6b169dc7ea4fd84da1642551b770d443c5ff2724e9bafc8dc153cec44ce5f5
+
+COUNT = 2
+EntropyInput = b57fe8f221e0b763be820f09c879ae93e7a1c087bb6b4663c0f8636ff223d272
+Nonce = 563cda60f2f70dce3cb3358755caf58f
+PersonalizationString = 8ea0b88ae061af0be6971dd63db7b0b039c31db568ac933bc4434db3f8812c13
+EntropyInputReseed = 5966502790e9d3276f9b7ba83bfe69f9f4ba49acd1001e6308cd0f66a7495c67
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2170f7385bdf12064a9ec2e2196687266050d798c22236ff7fd20af638bf6e4070bb0f982d647b1662f217bac86c809409cbb2c16f44b3f6dcba3dd00d41c6605c831e9077356e11320d188fbd75f5198b4f6bfc9c10b17a83a9162ad52ae896c31e4bbe0b017f24ac85891be24d4fdf68e7ba4440b6e848e3ab7ae40cbdb6794174aa2d8cd9182f1cda19baebc8269a4288adc40bde499e98840e2fa26bfdc45b07fa1472d94fcea118cf39352f2745bc83eff78e8bf7d36a9da98367b308e8
+
+COUNT = 3
+EntropyInput = b8950874c6eecf83f3330f09ba4c05a67812b5b2b8d9e70eebc5b9ce16fc8859
+Nonce = 2317912b11dde6143493791981a164c0
+PersonalizationString = 0b80a9aca665eaa1e6163fd4cdc1f65f63c3c359864d719a47d3b2817db95cb5
+EntropyInputReseed = 7e80c4288fd0d979d9c073ace587a54a82bd5afca08acd1451b189ba0318b982
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 483adbe72efc9764e921af0a7d61651d983babce9b05b7cf25a0b173f4312c50052c1defaea50fb858513642128b8eeaba35aa5782066ba6a006764f442f4a50ffa73e86a8cd262c536640bb98998d2ce5174611b24455d8aff74a968f3c7e903f55ce3747fcbac1f0616036127ff0491261c7399f0032383baf74f33c7c7dee6624b4f12694d94d2c1014f5ef365f337ba7fe032e60d111e74088ac72d9af888c9e2af05f21f89e34c73e43e65865c51d6c39d4b63bd37d4d1fd6f1dc38c8bc
+
+COUNT = 4
+EntropyInput = 473f8ef53b3e64cd1f881ecc4fcdd3a23da7dd3338eb797d162ce05beed6a922
+Nonce = 699b9221f163fc3295abf49d26d3ae37
+PersonalizationString = 335b75b96459ef8b5ae6bc132334611c3d2cdec659369c1cd6c73a4361bbc6ce
+EntropyInputReseed = d7e9cd4f970f7ca62da5b60cc710dcfbaeb4b8184f519272264d0d947882ce6b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9c54f3921b8b57d66f512925e3621588d581046fdd3e8656027deba01980fef16853aa99df656294fd768399cff6f871f3e5b53e6323311237cf70d38f3e59f95b1b3ba728284485fe6215deb78bb3f73d407543b0beb1f0bd58f8eef4c275f7acdb9cf9aa5666f63bb43cd514e3c0ec32223e2ea487484990f8a2f520c033712c1697736d3c750034cc075eae40ddc6a0d15432e2d886f71680a992b2d9101e2653b53927771d08f74e467139a73367992a62b6495baddef542de6a191a1b5d
+
+COUNT = 5
+EntropyInput = 2e566be8b1952035b43b83872b249eaa94050527026bef50b21025cdf28472a0
+Nonce = e5b89b3be1fbaba65ba2b85260f7cff7
+PersonalizationString = 3aa8bf4a240cb14afeb9a9bd2a981f5c13c8e85a432e1c78f739e753292f63cd
+EntropyInputReseed = 73d6a37ef64e576825bad01597cbd61494ab84aab24d476ac0883674e977254e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 46a186f77b6ea62e840d7869e32a996358d2c674b7b8887644b62cb3baad2753b100b31ff54fdc0f99839c65210e6564d27719de0a4508931513fd427747d2a3c1b5c23736abd5f073cc09f4722cf8c44e5baecb36071e3088f73ca25d5ec773fdeef388406d7a27c14b50cde3a3c219a20336006f3f1d06d975b09141087955863e6eca5fd04b026d7a5301a756b6b951bf6b2785e48d93182d67ac6be5a0794dadd5d1c15967094abddccd12f66e36ba95797f879c315d6ab1354e0c28f1f4
+
+COUNT = 6
+EntropyInput = 351b87e31bd09fe658a45b2295cf3593ea7b40bdc2adf168d1def87061113a5e
+Nonce = bc16c35e8e348af6e173d8011ed830a1
+PersonalizationString = 746f5a9a9477eb91555b8229e32879afcbd2c621981898071daf45d0321d10e5
+EntropyInputReseed = f2f345f65de40f2ed90030edf01a7fb639f21c6d73b633deece50aacb5e55569
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ceeb3eed305923c6c76fd438d7ecd9bffda8458260a96f1f428cde80c0079610bdd452c03ae95d293518bcc542379037de9e0283e6dffc4c2bb77208e7e327cc53c0b1789921ebefb4c4d113ecfd1c9c29694b7c9935d43147387e65f6524a3d6f4f6223bed0a217ebc95aa7591476f66562d65adb648ef5b1666d6765aa08f03c1aed6494662e6e818b68ea153f3635827219a97678557cd801e6adf49d2746b000bcfb242c73276ed072d3a3e533b5cdf2a7791e5dbd73fa6284e009d13d10
+
+COUNT = 7
+EntropyInput = ee3248f8d2d9e90ee7bb50d0dd3700238052f47c0602d8d7a86d19ca53519f04
+Nonce = 4740c4aea73cd14da580c158dbf24c57
+PersonalizationString = 7c7651924d2aa643f925f75752612b0f625a202f5adbb29044e88fd5496fdbb4
+EntropyInputReseed = 615ce0fb36f81af95a9f96f574ac180b4b394ee2311a531faf438231e4a8567d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 87b257e33ed4c4ba9c3b8a06e61b76285946fb4c88ecf8be0ff3d4c67c6cb862f1970ab637410feee9e9dc01782d6a6344f957d36a0e282451f9d496cf8f6b223acd1814d7d9d1092a696cdbe5cef74fe5f8229b206907452f162acb9ecbe945929001bf87085b4cfd18566b7a7ea721f61c1c74c97677f73affa487790a513446877f8c9247d1c25c2da4fdf04a5c2a39bf637361798d2aafa23e91447ba8b5eed3a0b822d956d4e014512982ca1cead793b608600613be85958dcd5be0d673
+
+COUNT = 8
+EntropyInput = 95d2c170a788f611c7e420d4075a38743b05b13da93c73d9b53688c6b5d099d4
+Nonce = 9b68229175ad53c7dbb4b8e24abd9b8a
+PersonalizationString = c93d4515278dfbc9e4803c919865ca79730f7dc7f2d1fde914ac56f304eeb687
+EntropyInputReseed = bac72a76a030e83398607acfa93af9bf8038db2a2cde4324b7417c4ee4ae3ed1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5275712ac6dc6a596c80c40a3bf584cf4a3983cf56b202ec892ec58af4fad3d1389aea6ed37d54af2b61e8590fd0a30f299db4e9ca50f6315e5843fc6e41b8423db4f96a0559d875f92f636fbe3c613336976b3146ace9f6b6e57c7ce37b36f2f90ff11d5828ce9c3aa10de629fcad6d62d2f6d49629f47b9065134ed392d096b74bb4b262b3b454b8261f4c857144d1e8cabcffa0d0d153f60efc82c15ddfbba5fa3a32822ebef2503f1f41c76086373ac6022491d2502542d28fc145e20c53
+
+COUNT = 9
+EntropyInput = 54ba2a92af8a6e198dfc7236fa60b679d02707a0dbb1aadc4b82d5c9092f46d4
+Nonce = 620062a5f802a0be0ddc7619bff9de01
+PersonalizationString = 4d2e0bc06571581e85efae2aaca4f577d84d3afc5aa972a2f6d63a0bcf64795a
+EntropyInputReseed = 629b4d53bc7bcdf91500b9317844c68348806a4aefe7a23f7c8d07035b502376
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fa3a2822f188a7cdc5b317fe4b8f9463ecd3016d8543dc4776f317811b8e3751be35c292520604570e35487ca6eedf74b4818f131a1d41dc73334e2265cbf8605933484577be0717d10b219b3530e95f6b4221cf377efa15c62ea1230f77b58a1280ec77e38c49657c59deb56af058cba2c26febbeb223439522ad4062f158790d3652170f29567436262a9c796c2693b04bb2571fefb11044ab6ba956a21b240ca09273cc629a1a1a44c7ffdf3558d09223860a1b1b5a6b65ed20728c681bc1
+
+COUNT = 10
+EntropyInput = ff496287e549ab2bc0bf530864e105580c3cd9c757aa2d6cbbc804e77819460b
+Nonce = 37e0e6e4026c0888bef81473b0862690
+PersonalizationString = 6e51c748c654219b7ab5750be8f794210e70abf03787d49c65147e89f0cf92a7
+EntropyInputReseed = 9facb539fa017674ae8e4b81f5888394a38e11e6ef7fcc5cd5c1ade06723dec8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c8b891484d8b52f623537b0a2ce4533917d971e1b493c9c4e23407ba4033c62baab21b9e505b55c9fc91687103b68d0f6adce7d771bf41717b727c33b4bdefc10e0a202310fd6b2cb22007ad5cde1dcd19cdcc7d3a40866b76b6c4390f9a2c8dc16855069a8d1a3f41fff4212caa9899670d2039fb12817d0db32bb8c85bb5c6ebcd5179b4e972f259b64768d693cdb75a98b2e55c4a29038df3cce1e595b292dfe09a6ded051becb35b4969bfe0c6b61ae5726769e44a4a684be785a16b5ee2
+
+COUNT = 11
+EntropyInput = 0c32c96d1769f6fd0fe9b16b6e629b5cb2bfca7e135dba4cd9be40a693721c3f
+Nonce = 1385e6d55234febf5bb26d11a7e8ab40
+PersonalizationString = 44c662fca5cf8dca574b4ff8af88427555c6985a3f0ce8e99d3e9c741fbb3f75
+EntropyInputReseed = 080a2f0c6c8f5bcc4a4103c22d40b2866c20cd24b85905960865ed4b2ef2320d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1e752da2ed94716ac424860212f35c92bef70bfa4cf3b6619c65412e40731147b72a9d9f47637f5cb1b05a5c0e1c4558d5f27c7bd4decc02551cf2f8ac746befb5ef424004f60c69a84c6f5c3bd1fa7f7ae67b46158cf5a64067627a48ed1efece7971ba0e2fba5c373b4af72f868422c89370a22914885f3a3d9786dccff7cb88d51e0d79d4fd0cb05691b2f160c58e5d39f8b8ebaa9b16c4a15d74be7accfdec62ebfe83b0335baca1811c509ccc2ddd5ca8aa7e57f717472eb23ca6029f74
+
+COUNT = 12
+EntropyInput = 9ad3fcce89e24eeaeef1f4f22f9d0584ab6f134f100dd03b8b1132da638284ee
+Nonce = 2189b89d304319610b546c9fde4ff4cb
+PersonalizationString = f2bb0a9f0222696a22ef1f07932bd0a00ed62b05c9058422295a4669b46b493e
+EntropyInputReseed = d548a878477d86a15b20162e6418cbfa8e71f34f2ebf85231a2032e5ccadc034
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9883b4c921a9b724142a9202593d8ce9242a768815956b7cb6d61a2a3822142412a3cc6396a1015c9eb92c662a50991bb23e1d6e9f8979b9f82817bf11f76458e5828839d295803d3ce9cf271dfbc3859a4a55495ab26e8e71a708452132dc30e1a9b83e660c7c30d42c8591b07d68ff9be74d118ee8223509147da61bc0602d9cb95823f897155f2e933c379a44129e0b8950fd6f7371420b0b52549d760b745a2524fdf1785e4f0d08b79d9deb2f4754fcb84c7a8bfb9277f644961b3f6add
+
+COUNT = 13
+EntropyInput = 84d94805910413b64b70f86fd2c1c233c3d953c668bf365d6c815e5a898f7d10
+Nonce = 3cf366748a5250aae0795e68c82ef097
+PersonalizationString = 613ece7fcd1dad4f26153bd13064391ffdcd5e59948a22a25feea4e722416133
+EntropyInputReseed = c617f82b8d6bd5099235cbe94f42465872418dce687e3ad46a820e383e7535f6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 828dece2a0e7aa546e8e343f13618528af038d0c01a1389b4a528fbb9cb45efbb2b5363f73c5581a268aca56773de0c6542e3ce462251a4f575d8aa0a352301a6637b1563b5ae9a19e9f940db25d6abbbb021bba0837badf7dad66dd9dfed7d9b2e19925f3a1f3632e86c0e3285d7cab0b701b4a22a326c2b0a9e40beab0515e350b01996b0c5108575fc7bc0f3d44ddd607e5cafe5d84dd97fcf89f2baebddf81a0712809b596e726382c0fe892ac1c2cb61ada11e12633a3310d9109312b23
+
+COUNT = 14
+EntropyInput = 324a19c371484263e08e50f3d93c813ea39f51a1f0e04a5b1badc69145ed6e7a
+Nonce = 0b0b0ed49639021bf53f7c33344e8659
+PersonalizationString = 5d47a1392b32e4969167af52e1373af371de0f3ecf0085c83640df4eab7a923c
+EntropyInputReseed = 39c95ed378bf5340c006c71e7d82745e4177997b66edd6a4b4f516bd63c426ec
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fed7a7425c670ee2e36f02693e8b71771055f8beec91e15a36cf070a13900c12fdae21230f6bbfb5d77d0e1ea287662ab30519aedfa8032a08829c54da91f8c7c3b768554f945d9d709a1d4720a8f058e1464c5f1777b830ad4e415706ac575b71e19b0c41a44007e6b0be129f5687a21473e982036df70bc66ca4181b5e384dcbc5c7b6a9ce3a6d1b91ff660a49dfe1f863b5495af25bb42f61f5cf68cb5ce4c4e49c9decb426dab9f72505dbb5ac368958042dfcf65ad0071f81bb703e0d08
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 07237be288c2884b35bdbfdad69aff2fbbbe19309c252dd5667e515323a5fb0b
+Nonce = f4749e723a50981f295a8285d3af4637
+PersonalizationString = e39c5ed918966ad81716b36ae9d01f978d950c90e25cd90771fbbe0eed4b739f
+EntropyInputReseed = 62dc3c93d06f8e7a31047d668e7313a616cf66dc61dae5bb460bc05d61970381
+AdditionalInputReseed = 46560e7316495f0ea259825a4492c827a85691da822df25f9ac746a854c75bab
+AdditionalInput = 9670ebad8432f09d4c9d842e1a3c5a933e356f1ce245e6687c300b0b453b7d4d
+AdditionalInput = febc84bf83d83d8a0c5c253135b37756df4bdc3dbe8c142c4a9e243036cb0eda
+ReturnedBits = e2ba7727aaf71c3bebf4a657afb948036dce7aa4e7fdc8ac8df3651a50e422ec77d6ff7bc9d0e5ef02e9a630f3e6f45d04311f0a07ee3421c6c4beb56df848a5126f8d21163f23f9ddb5d7530e36f500e316da53b83b326573e2904d511db6d6dcb72d3a1e4b2aef3966dfbae57fa7fe62395d24812b1e3248895cbb3b8b574e6b708598601dbd8597e0ca229be3e65bcf9eea7a8e0d007acddb465293562ef5414f0f86e9473bcbe1037233be5bcc2efb7b4c1a7a9d117d1a2116999883f45c
+
+COUNT = 1
+EntropyInput = 90419bf5722b072e0a502d4f594a25050dd90737edd932e439f2abafbc3116a8
+Nonce = b9c0c9d4946bcea2a3296c0fb737f9f4
+PersonalizationString = 8a213199c0c64cb5874015e918e411d556b8e5bd68075e423367b5492fa97754
+EntropyInputReseed = 403ef4307243b8748995badea0f965b43361d513d63d7e944ea43876b9cb2055
+AdditionalInputReseed = aaf93948a3225d9e1369d8bed330953fcad50554b71f31bbda44f5f447a99b15
+AdditionalInput = 70ec163e9c9fe1e6678ebd6688b358d5dda5ee703549ac91bb6db3222ad3420a
+AdditionalInput = 58fbb0de7872b26ebcaeeeb29c8d1a7b53a7fb437da20863eb9d789a8d35675b
+ReturnedBits = f534b72f59e0fef2620eadc299459c4e612a15a51b7d341668ab7a90a5740a8a49701627de6cff6346234bd1f94bac0c958523dd8356157d60ecc3a575aebaa2929e9eda9c6323544baba39d03d8c110f80bd63b4d84c59637b48d3a6319ace80a72fa05c444556332d0d032cf8d39316eff4a8f24aaafb21fa0e6ddb8446e4afb6fe801905223b9c96cf18d054b3d8f6cfee552ab249bc44567f24d9549ae24c0cdc52c34f166ac24305aad4d4e92f782bb4edd3746a93aae1ebd0da14e8298
+
+COUNT = 2
+EntropyInput = a1f805342d5f5f64018ddda543b5a8bc521d02beb4dc846b912065220d20a246
+Nonce = 3b453a4594d703684d8da87e7365e944
+PersonalizationString = 66e893a00e05c28049e648a5455068cc309a6e65408d8f0fba91a6c9a7fb81b1
+EntropyInputReseed = 15313606c73db025c86406febeeb3bc27fd207cb5d942ab316170bcb6768d398
+AdditionalInputReseed = 76c1742f131d28095ddb52c09452ea9b9ed2b90ea90fcb9b481d9d620705dd7f
+AdditionalInput = a2e87e4d60a502cbad7160050ab3d79d5ba519382f881839c4d7185f009d66ea
+AdditionalInput = 73a824541ab0f0ba6e315160e8dbd7bbaf97da06cb18e35e83016d850422d5ab
+ReturnedBits = a56e36ffdf09512e5f56133ee5facc80bb161d20052cff00fa0b2e44dae512c027003de4edc6c70edf306c85590095a83c9d324c811b3e7ac91178ab6d94bb6cf95dc20d8773fe2590f65717438f3be2881d4e4b80a749227f396af45b4a5b1a1fe1c9c78de4023f8a9b805ca7064e07bf159a346a15c6dccf8f91043acd7f105687b01a020859fd5e7db11a0578b716362b2e6e1834cfb32f495f101a82f5d3d4075e3abc2ffdb1fb9bb1b3b2d350ee90a0c6cf5af56ab2af426d83150f3c4d
+
+COUNT = 3
+EntropyInput = bbeb712ef99039f4d2b609053ebf2434a37eeb78339f034a49bb3d37d44272a1
+Nonce = 2fb44d7fd2e071e8afe4fc3730b69fa2
+PersonalizationString = 7309e597df52d096755fe5415da69d5f6d42441dccdcac16981a690dd4b1eeb4
+EntropyInputReseed = 0b117d54afe156df451528d407b29434d7befd7596e9f3c03daffb5b30cc6f30
+AdditionalInputReseed = aa024e2f08f9576fcfd7518bfa459ca7d1d5878382137d969ae6e7270edc8dbd
+AdditionalInput = 581f23920fb2dfc603d462b5defab97e2c2c937e431b43f51f98945c0b919844
+AdditionalInput = 979498986ddbd981ff136933e5f64cfb0e19d69b2dc75eebfb5233331d1eeb92
+ReturnedBits = 7995bff96ab45f52701033d0da9dcdcb9261a4ad818c31878218f1997a354e896303940eb62f9cc46c62d39ad2941a24d076e884ed9e7a1316f7184abf34aafe96dd5bba23aea6ebbb993425294430327762b7d3fea652ef68306d525c94cce3b58bddc897a4f2b4044c753338707a86f789ea412c3e19cac5580baf30b5e7067658cbd04df84c822c81e178465a94f5cf72545b5446c35d9a3dabd8ea4f8f850298ea49ab086f7cea04bbe5c803e9b641d0a1bdb0924e8be7254dfeb5c6ca90
+
+COUNT = 4
+EntropyInput = e6101a6f75f2b24d489642bb96f86792bab52a495dd19992b21e440bdbe83e68
+Nonce = 8206c12195af12b694d06de95b30abab
+PersonalizationString = 147c89530cda1ab847d312fcffa5bcc77e1e24a421986ca6565538f99699ef08
+EntropyInputReseed = 07aebd88f5db59d11adaa295ea05626d453235d615078b742fe0e68a316f3944
+AdditionalInputReseed = 292b4a4af32c41c94882dfabfa915100279642a0545a477eb80ee8cff660f4c0
+AdditionalInput = 67c180324b132d15d72c87b41cbd41c9d81d211950b56bf3453b53492c7a78c5
+AdditionalInput = 63a2fcf9017f742a8552e834cde6fe1d186ee8a97753fa31cc7922c652be0109
+ReturnedBits = f9e285f919171fab163f21efb7f9329e213253751bec86b0cc51e20c2d5d16d4569f90601dcc8cdd21a81dafab331531ff3720e72d4e847af004c50c29f053fffd7d3325a7d0abdfedbea4570400549a87ef4485cacf8161d18524d9897e5c88852ead9747dd1373581553b1f0443c385179f1f24054522d6054851829348829988447a6e621d06dfc8052b3b02d6d36e19c7f60d9dbe723b9e5f2a57d7f260f19d6335c366036b33cff5d4829c57a18f8c1a397e34fe8ce32ad3359e586facf
+
+COUNT = 5
+EntropyInput = 01d415cde6308dd619d4bf8f36108e3ce39ff3890e34f19f277844817a174b4f
+Nonce = 9cec55965bd0a7fd007a32bf1094d2be
+PersonalizationString = faabe5d2be77e14b777d55a36ed71f7bc52c7dee5688104daef6d7461ba9be30
+EntropyInputReseed = 0bd7e0e7bbee97d90458d1a43461660264f4a4ecb8fc74a52df60368e8c29e49
+AdditionalInputReseed = 9df6efef751a483e1e4e60fbdb4ba366e6c077917bfaea48f7c7b90d5f8e70a3
+AdditionalInput = 79a2f420a9526a21c0db3cf407dcbe3b77df908936ed95f7f0be558e17fae349
+AdditionalInput = 88429b1546ed91298328ab25f74b2e980688a88420187647722d073fc2a4701a
+ReturnedBits = 066188b3b173827cd482de572d3cba9bba2304c64a3c1fbdb4d245f3a3815fcf76d4f2af1ce494ec9fef447b745eebef32fe7dbfdbd401a6d1246ceedf50c04cb8a811cae9b84b8071cb021d65073538d1d8234a8c77d965e8656d9aec3f15800472cb783fb101a065a030b1afc1c9dd601e71089fe9541f31057b36454c537df579e7e41fc95f7e730ac95e9b40c02aad4d45abcf4a109a567f554af98fc67887ed03fbd2d48e96de86e218d156b0c41802c53b713c1fa2b2cb114cd3f55aa4
+
+COUNT = 6
+EntropyInput = d768c4dec9ff9b5f0f711692a01f8f6a57667e21375f75ac57d0400defe87d0a
+Nonce = b7372fd3c55f605f2e8f3da25ec2ca7a
+PersonalizationString = bc5eb0e36c7e5d4c79ad2f115864ad06a76d3998e4b81759ba42902b13bd9089
+EntropyInputReseed = 7b5cbca72b56a5fa9d27e73d3d037f48a902da26048f0c8c36c9014c8f79eac7
+AdditionalInputReseed = 473419eb5fd7094290202382d20ba7de9d774508897777bf9a2073ce305fa523
+AdditionalInput = 5a06b905ed83f294506a0e2a96aac7623926e94f84e001987308c75f864b78a0
+AdditionalInput = 96a705e6dfe50a41d056abcc14c6411812496fa409c9ca7bb8f42e1d42b87353
+ReturnedBits = ab93a90ae36626bc3a1669acd71adfb9aad4fb5a6169f64e2d599d42fe48ff3ed26463ea95787c9b27e9de52b72c5ff6b994014cff2de06b576aeee6f0a1ca3fa9e5ff05296797702f55534a6a5c0e9281ca4e5860bed63d8c671b46a0cdc183e20e33756a9a2bdb01df5ee57e05d18ec0ce3fdb0d4431522aa8af3845b957343f2f88077e0b61c5263e1bc0600cd1d3bf5650d0030c88e74ea778764b363ff21ba0555946984dd6be7d122318543bc47f66d88e38f06f9b06f22cc4ac578df8
+
+COUNT = 7
+EntropyInput = 18743950dacbfce338136c60757c3e06b73852c941b76fbf5982a3bb67e1e351
+Nonce = c850477cab129b08d0eb63b9efdaebc5
+PersonalizationString = b6525d8b77d91a6da9be5f5f1d88bef8e84e972d2a38fd161f6957a968b607bf
+EntropyInputReseed = cef52e2d4845b9c5a0d1cfeafedef89305d8b39c00e744eea1381a03cbf15f76
+AdditionalInputReseed = 26e7585ffca8af799f8487a2d5de505c519e4b69d3f42c49686244280a772eea
+AdditionalInput = 4d30f0c893291a423293399052bc7c01209d52efcef185c74f1ba37d5e93fa48
+AdditionalInput = d139ca9cdb3bce9dd4f5c10118daed4a2dd28d2d3cbc43be0faa756bdfa61494
+ReturnedBits = 41cba5d2948bcd6e1d843df96bd993bc88767b7cee40f65c5c02290283f30703af6000d01b29bb1bc195058002e270fcfdec607538e673f9064458ba5fee0849abb92e8d49e2354196ced6e3945821f5fbf7fb11987f2baee4b0d6c3aaf5e9a7e30a0e63d77b1c77f1d96bcad881ab4e22d6574d065e2f2c28d2de515d9553d1c6dd2efe00d8da11946f886f2ce7c013889f7c3593ac136a8bab9247295a91e6ea5279cae48d4bf3762822c65637cb3044862050caea9b6db526281d1275758e
+
+COUNT = 8
+EntropyInput = fa42e1e2035f38f876e687e066a2944f67090ee8c1f3084675cfe178e7db48c5
+Nonce = 9ec4c2f7db6d84b9c9ce8f93a0919fa7
+PersonalizationString = 50d68eea52bdd393540269f2dcc551bee8c0063f4a2eb5b39a8e53676c704018
+EntropyInputReseed = 869c93cfaa888ca82df735387b1b5ee6a1c7b3e712c0db451955dcb5a6a1f29e
+AdditionalInputReseed = 112b0e5d3f8ec0a0727ff75dc363f7cb275a5e66640c886b4bab474b720e1ea6
+AdditionalInput = 7996f22b1e45bc96f8f349f242ec444e450b142f492c41925f1ffa18c6da169f
+AdditionalInput = 6a4c5396027ad9d2628ae77b7102a2921c773266eea01aa070c94046a67fe18a
+ReturnedBits = 6715c385b2a1b488e12aaf24585df619bf1b704b71ef16cf0caa23f888f9eb67c72aaa997621a841495d9c56c780479a01721c1a4fbf865876ec635f8c37a35919387fb7a0cb6a6af3be16982c3df87baafa4dd59dc85d822acf814ed23110f4d9392d42251ebbaf51da9cbdf909d9acfe340a90b110c2eec4257b5439f3f70d78bdbbf58cd59667ffc184a60e90e7832e72a2ccab570ffca0e91c1b41fe7eabf4fbcd0ec38f6e35094b9a69e7ea4719c7cba34905520f268f5bee8cd6f66a6a
+
+COUNT = 9
+EntropyInput = 7831d9eca3e2e4daac8e8a6fc15220a4cf38328102e55c9e04139bc08111e5a3
+Nonce = a6086ff9fdce4dc27a55aa9eb125c6c9
+PersonalizationString = aea34da702814b9be80e3ac17c40e7b51b4ab2689f32a871261f9e75b9b0eeaf
+EntropyInputReseed = 7f3f8711f2e2c0430ac385f5c7bc15023555357bdc4be69757a2eed6dc48cca2
+AdditionalInputReseed = c513c4f1a67ae0175b9eddbfc838a7f8a589958ceced7c6782921c0d60af511f
+AdditionalInput = 6b90a5b02a75e8604a86fe809adabb181262187bbc9b5ce807153da3f5e50a5c
+AdditionalInput = 1e6c83a34af04c905bbd9fc9509d78b19b47d2eb6533377877099f77a87397cc
+ReturnedBits = 946010fba612b7faf2a7dee171763aec6743e3967868469f051b150155281f917ac38065d3bde57fb393dd72f43d6d05739cdd32d1cad0ed69a93b695d5ec3b15d03db5593dfde629083eef7c46ab7d2cced0a0cd9fc201ca3f2cd000d32ee7b4d0c9ac0e36cd63af3422227a644ffee8f5049de5d4da8ec79060865f60a40b206521d8ef07c465253110e86e5000b37fcbc1a06b28a6462e3c42213cc767008e017ecdf8c42606d7d9b43c169a0b09e9e93ac7266b0454f1323c4890064a37a
+
+COUNT = 10
+EntropyInput = 560d5fd68c5a82178dab25b9fffd802d699e832f5be11987ac2122dd8b3e31b3
+Nonce = 6881e35b73981565e12f42fc4805c487
+PersonalizationString = 2bb7ade3e505d1a907647e92006bbe3710a499980e27fb61f715b15ef1ec5da5
+EntropyInputReseed = e15d0d77cd358097ce9190724e315a792d9ede40b0c537e4b40238de7dd6d402
+AdditionalInputReseed = a38ff3589b09da0cabd08722532761cfe58d0f084360fb3e3cba0c87e4d0712c
+AdditionalInput = f7e1b2ca5b1d9e57918a97de0fc3cd080b55cd98b1b9bb68d61f0da0f4e6fe69
+AdditionalInput = e14b0bd911335f38d621006b057f9cc3bf6079785402de5d113a5945d995691b
+ReturnedBits = acfcf2c1ae8044808e3655aa90b39601837cea6a62d1e8a497a887b7b0bc286ea508e312b8abb89eec650efa53e0a4e256422090f987f90a6e3d74692b18f1fbd9760adf36909040d2c9cf7348c724982bcb427ff4796ddc9097239ee7f98b37a5caedb6aefa54c572978df5965895a5533a04e7e0acb6c6178ecf005189ca6f89a7364f76933e1b63347e2d9174a96beacd3dc45a072a6c2ba5b6bf684a4279000642535997d48530bb5f6f0f95024922bba653c91081a306321aae9cc0da0d
+
+COUNT = 11
+EntropyInput = f9ef6b04a0d271c160d1009bf3e28c70aaf76ad30fe25b2de21235593b1bf64a
+Nonce = 81b194a6476101fc5a3e657344d16a31
+PersonalizationString = faa1cdbde64d49a634d67d4156290632a152f61ffc93040ddae1b2fa907c9649
+EntropyInputReseed = 94003ae96fc3df1124e77852c33cc57ac8f67b029da9dd73a29f3c09b278155a
+AdditionalInputReseed = edf4a16229d6e4ce9cccc6cf834673052355efbe43ffed9bf4aa4a4d455086dc
+AdditionalInput = 782ad5d7a29cd4222bd060f98e78093b15ad0c82ee357ec7db6f30880e631b27
+AdditionalInput = bb203205243bba438c0570e1be779f667e774177e7de5099493147005e333867
+ReturnedBits = fab72cadf754dfd0554f095c44d9c1d835eb072bc134cd941311ecf15a55fa67e801005eca75004dd67bb0edb24adf21e07bce88464199016102b486394a025011c54054a3eb278596f833dfd841deeb84bec5a6b8d7d28de3caca8acdae10870062f5d4b43f96b1fe637589bb0d98435225b58e56555e4fea8eb982bf9efc91ceb357d0fcf4ad42dc69ea7f0769832daa40a40500f1942d7a2f1f477a016e18b4bf7b53a5ed5c3b8d243f8c1c7ca71b3060c37ae189e2da0ecb68ee59ac0636
+
+COUNT = 12
+EntropyInput = 479397d4a986c949204d45526b25eded9829a78174023e7be2af1b2a051b90ff
+Nonce = 8abb910827edd40d64e3f9d12f0c1c9d
+PersonalizationString = fc3c8eeb0c1fc37deda3fff0ae51154d24b1609a95260541ee4f993cf7ac2e57
+EntropyInputReseed = 8aaabe4050a5b019fd4846ecd180b36cd3e93f8f9b33e35c08c5dbb9352169f8
+AdditionalInputReseed = 7789d72740caccbbc9a4752492a4f3617af3410cbebcc3d8abb3eaf0557fb20d
+AdditionalInput = 784f27212bae4a9be92eb5eab381cf4c20ba5e6e25c45caf5fb1f8cd39545264
+AdditionalInput = 69472a1007482c8d4b310269ea9cdd503dce74e83c86945b4c6fe62a6b074fae
+ReturnedBits = 5298cb9d3189060022f267ac769d432823a503261404fb64cd6b1550aa65d3ad8e9abe54e3fc2c56bf04f39192fbe97b89656af0b0f3767b01a56f726021ff1128ee6e90caa0e39a0049e59b04cb188439e4405f852aa37a5a920d29db2a289c652633a9cd6cb9fadf6167d985ba202dddcc0673e483de7d30e40cfbe1e6257d961a1a0815c58bb40cc15d7068fce645ec5dfaff3ead0f5a4594faf05734815312be51c04e20aa6c91c1f9321d9dda02ac1bfd010d341959cd072b012479cbdd
+
+COUNT = 13
+EntropyInput = e6d8ea405652ab0d9d1e64baffebd9e190d24679cb53e62e4eea0dfaac20c794
+Nonce = 10e0a6bce3cbe8003b566d6b6ac0ea27
+PersonalizationString = 7a2f0b7c967f6cfb1b076467b43bf35a5d143d78c5faaeea627dc1ecdac50eeb
+EntropyInputReseed = a56f441145d8f022d8172994fd9f467098e2e09e9c8403f60a208e28002c9e2e
+AdditionalInputReseed = 340d73136d601f943c8b1e33b1e157060177c5d517587b366715265087faf240
+AdditionalInput = c84f3cc10af82168392e6f9b6a81d61f41bf21cf3db4a03794a51e49854a19e4
+AdditionalInput = 471fd827f2767f4256e822c4c588ac4ac9fe97fdce239ebf71d11f80483f7cb4
+ReturnedBits = 68263a02c5676f40c01634b234f1665bab4c4d48c0bbf7c7cb229a6935cd19cd1b1c55f8c0775f01a7a7ff6d366b73de6e011d0918afa61b85ce6014e5b9011c8831b343cbc1421cfdbcf85bcbed1050e85ec3fbc7e7f056fc5b7e67c0f15ca0df7ce8346357fd30b060940beed9dda19c01fef363721d18dd7246f583516c3fedb8cf23653516dc95042807de8533b452d643a8db4510abf933c1bbfbf1ac6efa3e43127f0eea8bfbe095806a54188c3015c9811cebce9db9152d16a6596ac6
+
+COUNT = 14
+EntropyInput = 8c7a290338afc55babc6ba537df4434d8ec5bb3c12f1e14701148a8f1a8c7e7f
+Nonce = 20a8b2be4a7227868ba88405493b99c1
+PersonalizationString = 0d99021d0971cdb3958e9cef60bcd1589362e35089a16ddda006e47775b8d460
+EntropyInputReseed = ce4fdf89d4537a64a58116c4c42098e8e097995e35dcd04d0352505732930f05
+AdditionalInputReseed = 44c70b3409f1eac6df3b855a97a1af6407b974e84d4c3e28f039fb103592b53e
+AdditionalInput = ed7bc140313caf349271327287a307947cdab6d9aad72e63b69e48c6a40807b0
+AdditionalInput = acd2fcb552f38b00a37c512c24c279b27fb7abebcc2b5a2e93b965922b3ac878
+ReturnedBits = 933a3da029af2dc9a8804162c2f88b311043c996f2bd87bed59b0a5cc885a794029b7dd0ee80ed25a241de4e2ac2e7a46e46b7f72d7e315105e28cf5ab6cd5bd416379122c6d22204fc5304a6bbc7eb4f6e916e1aab7b669dd6a1464b19b684985106cf411aea9ded8f38c0a48f0f7f09aa9d00f5676f09b2dbbe35f31d42d505beeb5fcc4059e05f4bd1951f923cd6f9eae5212ee2bf325327b41cd5e9ac3dcaca73d03c4c2126e162c2a562fa55a84e9019f6460ddbb275862476eae680978
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 3144e17a10c856129764f58fd8e4231020546996c0bf6cff8e91c24ee09be333
+Nonce = b16fcb1cf0c010f31feab733588b8e04
+PersonalizationString = 
+EntropyInputReseed = a0b3584c2c8412f618406834404d1eb0ce999ba28966054d7e497e0db608b967
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = efa35dd0362adb7626456b36fac74d3c28d01d926420275a28bea9c9dd7547c15e7931852ac1277076567535239c1f429c7f75cf74c2267deb6a3e596cf326156c796941283b8d583f171c2f6e3323f7555e1b181ffda30507210cb1f589b23cd71880fd44370cacf43375b0db7e336f12b309bfd4f610bb8f20e1a15e253a4fe511a027968df0b105a1d73aff7c7a826d39f640dfb8f522259ed402282e2c2e9d3a498f51725fe4141b06da5598a42ac1e0494e997d566a1a39b676b96a6003a4c5db84f246584ee65af70ff2160278166da16d91c9b8f2deb02751a1088ad6be4e80ef966eb73e66bc87cad87c77c0b34a21ba1da0ba6d16ca5046dc4abda0
+
+COUNT = 1
+EntropyInput = 322bae6dccdcf2de956014d8b247365602b24c91d7ba37dc096e4cf7fdef5742
+Nonce = 0c4e8937928ac7303f4b29a92f799129
+PersonalizationString = 
+EntropyInputReseed = f0dedcbc4872841e11c435e9d903096ca30f23450d54fc719ade64f3b941bb56
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 78120acc1fa978e53b6dbdca5dedc650f90f0f5cc3b01bae63b34d1e880cf00dbf89c0861b516b3a4acd006284e865027b3648588c7aad4abad9406d183ce5675cd7d2005fa3bb0e33fa6435a3c567e999703138060bfd090474361f8b2a4bc849644a79292c41e6e9a93cf4fa795698e4ea54698a1af9b2a438be608187fc407efeee547703f42a027130a97bc6400cf8944c0f3e79e96a4d4edec5a326a54dd967dcf89d747f4abccf078bc2fd757ba72d54e010883f2f3c1fbb5e1cc372245109f6831fc22a9af4d1da2ba506f01f52183b547d3066a6d0b3a919524b08ad3ee1325dbdcab4858f15179f99f89f4fd2f808e3d7d52fbb0fc0653e30f7df41
+
+COUNT = 2
+EntropyInput = 00bb3a19b17860089bb150e0342c7770b66bb782719f1d807fd5c5a5c071a5d4
+Nonce = ec75141ed5cfd1cb461a03c7c1f96ac4
+PersonalizationString = 
+EntropyInputReseed = 36ce5fb242a58bc624d927738284c0bc16890afc49195f04af6796b803cd45bf
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7678118419264edf03c97fd519d56321b1fd249f25409438e18ae5ed314c553d78f021cb3b58fdab846a762bac1c30a9e659c795d9024ebb0491a6b6f9c489db6b9f2278306fd429bebcf97bf32c914360d863a9fb9e6ccd37bfc9bfbff16c0d2ed79d8bc64e62dbd37d076e7bef607fe660151b5c9fa0524f171762e40c04d54b7648d10d7b87e94357356e9916e41497c139b66659c3548b74dc67d7257412df47d3b580bb5419313a6d86208d8526d96ec73489c6693f75b217e5dda61baed5ff0aeb460fd9aa6e64ee861f4251721431d0fdef7741f43b8f884be9d466cecd893d110f8d41cc73b883538b3740fdb35cb1cc07378f95df1c2a5fe28deb3a
+
+COUNT = 3
+EntropyInput = 76fe58e240129f52937bc909c24d20e980855181dcf80b65cfd5c9a5183ce07b
+Nonce = 285d8c71c6490de92ca95093a3ee7f81
+PersonalizationString = 
+EntropyInputReseed = aca7d420885f82010a2a3d07122b2027538955007c033e235555732b430065c7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7242dcb7533dd7938a4abe7a99d3c9d2194534247361320606a482df2f11b04b2be20ebf88468c032e8381199e83122f51f9502c7b8e2f316b149db26cb9e36962385b04cbc915f731ede5122840cd4d826085b4c3d368c04041a8f8dbd9fa4b3ee937a51689838b4d8fcb7f1f5c13d0cede84449b9191b123745777c44d1e207debd22cc9e63548dfe98328cba2e1c4ec63984c81e67607b64db201349db3e4b6934d1ad95b1a073e7f91fd2b7c31227999a5a3f00d3bbda4e97fbc610cdcf4e51bc685953bd698eebf3ae366f6dbd7b10fe0828ac3099bc29af75113aa023cce7ea4aa315e9a8c0bd8cbe4f35458ae95c595b8ac1e55028b8a496a63866e7b
+
+COUNT = 4
+EntropyInput = e38855b7d6284509f696c9ce7311149119447cb59e465efd1233948bb66f7c0d
+Nonce = aa968cf91916d7e4b1432515134a8c81
+PersonalizationString = 
+EntropyInputReseed = 83d1e55d779f5f642bbe47e6ad83ddca81c82cdeae6c459ac2fb65a30504d030
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 92eebe641687ed6c81d2f64b1478e84cea3e73f38022945ff0e50aa393af45be7af45abf4cc5a1d2d0698fffe858990735dfbefb6ce02f5885e24ff676e4dd233dab877dfaecb7c38eacd704db8a0a59bb5627217987dba850f611ffe5c04b02066f511328375f1e6db9f0b09d8fb4b65fd0ffa941e706f6f26ba5d9c40e1104fea8dba9ec7e975dcaeeb1c9401d5bfe263f22c3c7a68d603480e3328e031c46d93b6e3180592ec5e0047db0ff39ba02954a57ae62cb439a3a9726e45520dbe9b70e9e4dde65dc380500759d0b752db2eb2e7d15c8ff95d34dd270409a9850bae9b579006ed40cfe753bc8d87edfc568c0ed5172ad9c58e1684d1aa9673ad4ba
+
+COUNT = 5
+EntropyInput = cb6ebb2382557833740855a15e76265a0997f798ead62670c56f3343a97c75ce
+Nonce = 1636f759a131a3a828773c8ce197643a
+PersonalizationString = 
+EntropyInputReseed = 1cdebd2eec082cdfc362b21daa23edb4c90af0b754f38cea358ac974c9dd8582
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 901da818ed786fd6b3812f20c868f31c0e1af69582dbfc369a58b4832a560ec8eb0c8a054b43997f7bed3f8360df0fc253aaa799944d9beaee3bf64685195ea6413c3a740dff52a9aa3f8bd888aa9f1e205cdc68f763c14f67d0f0094b5a2372657596fe9cf3887cf9278d7f54d38b501eaf47ce621291eb6124030223a8cb90d2c928fcf02ceec92b46b2c6eab53c0cf8e9c2c80861089a3c3519a6f505bca0be898082b5bc96a9b84261fd1d059009de7d4ae8497f9ffb93cbcaa7b34a5e6de278c27588ef2a8f2966df7f941d19e5dbb4b1469aad92a6e11aa0d83805d78791418d8aa9475f0770609edf989caf95ed51628239c67870166d8a95f1172341
+
+COUNT = 6
+EntropyInput = 29734d4d18484a45c82c13f78eee9b772b99cde1547db06d0bcc066513cbe672
+Nonce = a1944ac1b50bef509cab0fb9ef8337ba
+PersonalizationString = 
+EntropyInputReseed = 629f84483da62e3629500172efc2c812da80d0cedef8a816b0ccfdde205de224
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc824bf3c690f63a346e0f3bec5834e90cb35df35aa5f025c64cd70ee98d6a76e537629364cd3f0e7cc08143e4408dedd82873a2a6f58b08d2ed77a06c2aa61ef7206f9675837c233f81ceb6368295cb017c796891f1291e213700ecf062884035d6004c292e04caa188d86bbae63116ae92f0269bba50264121256355258d2ba83db3f78acc1160af02a2214f33754e81b12bd3fdb9c9d4697bb203a2a702adbcb8ca1c713d04d6135d53e26603248c711ca1d481658af1492008b2b340cb4e701978503c16a0621e09a2e604c7ad3c9833c5cb5ce0074ddc9e554699c867e7893969653a09ea48bc2e63727c6ad792802dfc30fced1c5786c130cb033ac3a5
+
+COUNT = 7
+EntropyInput = ec316425c0fad733121ff0c825672e49b0add01b3623bd683b313b03d71abc86
+Nonce = 7f58a71dfc67a53e6f0bcae3cbfe0172
+PersonalizationString = 
+EntropyInputReseed = f634d532fe345e9d5180521e50f7beee0622c898b061c91128a9df14b0db7ddf
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 28ccda364e787881c76eef32367a4f41571c27d2343e37eb54a6455d671317fbbb440a82516bee4352f907c4ca07b5f9524a63908b0b6fd09787e8358559798042c5f468c05a7ff51c277ab6771bcccc3a4a4c1248d4027c9604bb7c99516b749cadb6ab26363038c6767cfa5a4f7b7ce39ee34112211d240717420fdff6a487d6e9f9b606eb30f17988f094e2fab4747ca26d4783a977487b8d59dd09019e90519e280654dec664346b78d70bd6700716f560ac11c1d85fed257a3eeafb13089c0d4398ece4cff5d252fe20096651a9db04eef9710424e1346001ac7685849f34de8ad27b229f43e504e30eeaa5aec7e9a321eca9b89115d73f5e305d487462
+
+COUNT = 8
+EntropyInput = 1af338f56cb540ceb009b300e57fb7819a3d949a239c15709db553ea4107b7e7
+Nonce = 6fc922b60e4bdae5637e65c1a32daed1
+PersonalizationString = 
+EntropyInputReseed = c20776116c8ebc1714d9a930bd2ba427f8e3a9f4b2fb7da3f9cbb493610cfcc2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ab9dfaa423eea3045422c3c52a0bd11f4f0d92ae6bc1b7a7000b3cfcc0039367bc04a7f9c4a50531d93e09e45c69ad9e3bad460354459192e4a19eb4187e14f5a879bd2e2fe8bb4a41db5b69713b11a6a7f1c729d82f954c9d201541762a56bdcc56a4842d773d681807880c5be90551e78242e78e7255d35a965df66e38c14ed38aba864b5bdf87b3f47e1e19a7f4209a53625080d23533eabbd34206c126b8f0606fbb6f5cdbfca97dcd18ef3e2b3be869ddcd5299c2824b32616063c76f124e1ecbf438ecea17382bde80d86848dfe5851cc159131359ae71fc4d0712da38225b2043ba20d045a47ef2f97043d7710f7192dc6b9fd2fca88e18866346fd03
+
+COUNT = 9
+EntropyInput = 314f01ea0c6c3f6ce124c8c5c5874857c82e79556e050793d25e13a0147f4cf0
+Nonce = 5548778595f96d31e390e2db699e0d8d
+PersonalizationString = 
+EntropyInputReseed = e67f87612cefa81e4ace5c44265b45a08ce46eb92274c3c0e83cd159bc602c87
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = affb707935fc5ddf56392f778fdf5eccb244e704cc8ebd1030a8fff5efe423e8965416e36ffc5e9d2c639f76e58de32d4d69cc93a7bab199209add77277007067e48864df207376552432294d7962091879b3747c84c9668ce92c3900204ee64e60ca26213c3e23fb31518d8a3fa6d5a1158cfc96e2aea76fa349c8c2b3f5287c21e93e1de68a39b70d9491ec1a13b7bb0a0192b754428efd0fecec1466412738e11357e4b0b2c9d2abab3261854e31d18803039d31e29984aae3eda2133d7d3203686f3a9970928138650ff8cd165a64e71ec7659ebff286e9bc8479e8f4667faea6aa1c57ea5b675b07fda14f1f6c9e5bfbee6ff255a3765f37217ebefadcf
+
+COUNT = 10
+EntropyInput = 9e83df0d5566c74f8956c7e0860036c947a301252b1e817e6d0c202cf9d2a308
+Nonce = 9332743f05778bd47f50c49bdc02a394
+PersonalizationString = 
+EntropyInputReseed = 0d50e29816729fab148aede2a603bf693e716b5641d1e8158b5ffa916d953ba4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a7643bfe540d4cfac23f48920bac2d238b7d1bdf0e36de1e82335266f41feaa19dbce9264e6810b4865047acb1b3d71872172b6d8ab7d779bfb302a79ef570373037d1dec14947e05e1103dbbb9a69178159edfe466bd9c7ababb8338aaff70c9a2e1d4c8607eac81df38391cd85cd5c0605f9c169dc3cb0bf75530b7a889c426a4a2732678f39d45f80301f3c8e0f0c6e24d4ce70034de809c600056b18475de478d13a01423dfbc215740b5e7a42ced5c33342c8d3e88c5ae0deecd27f7a257bd14368478f3d2e7ba30a87f9b999f437c988cdd1955adbbd4241df79a331db44dfbda56a4a3457b6c62a99e4957a0faa69dc142fc21789c12230749e419fef
+
+COUNT = 11
+EntropyInput = 1b1ecbf5fe151df1506e7a9620f7df01db1915d0310c65d16718533f65dbb19c
+Nonce = 9381de35e9ab0281dbfaab246548dd51
+PersonalizationString = 
+EntropyInputReseed = 9ce8eafb1e235578a6271cf54ed54bbb0046db1ee923f901bff8f7ece800dcd0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d567dd21bea62bf5826b32f917a4736925fb39b3e81db32f59951bfb6d4669ff484968944165fda1673369aeebe964eee7325bc9e51b160e356f7e43d5266ff4bc15298cf902ebdcae5409c2a6449ecb5b30d0bc383c278db9aa0767763776e2db7ff1f484e2a0f8970aa1d8f5859a65e62e855149301eb68ec441ffa2772989302695581089c2de7240bc9e141332d31099386eeb249caa3228185c020449bfc8306d8842778c4002fd8d2c95ffdbede65450ba5d4701de1292fbb549b6514d1e79599c36899979cb9f963c20758dba2412dab7c3de8763ab67402118e025666fc9031bd4d46318659908d2e41abac0c34969bb2a659c691c1e5eda5ed7eeb3
+
+COUNT = 12
+EntropyInput = ee936c2f3bf0a07abe3d400f343d790d82f49835bf56a355bbaf069104e843db
+Nonce = d52f8fcbf25a4610e2fc09fc85f54df0
+PersonalizationString = 
+EntropyInputReseed = cf1a194acde6f5bd20778f25e8f77a456be92708c0ee418b3d4986747c8a6ec5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f15a059af4648c034cf8adf737c7a64bab5e8100bed7558a4e5d3f6c5598b7cb818814ac1ce9d7d0bce652a8ae9df2738207c8904f432c1aafa29a275aaad932ad9e6e0d32979031d110a95d2f479b541cd5b47fd44e48082e40b6d176f6b498b32fe7c7da5599b586716af1d5431a1225ac2e33dde79af580530cd0b51667076bf5d6bc94b6bf58a905899dd73f3045a9152ee52780657262a43d52da59e9b63524be768a6164cebbc70664d53ccc83f573a864ce8c73c307f51675379e824b43238dac8984d79e0fe150e5766d1692c5762f462dd4d5190ea4ce978d36f3ea2145a104a7b2ab38d278056271829bb88edcc6153ac251f4d7878d7a51d44552
+
+COUNT = 13
+EntropyInput = 947ea89ac332f8132602ca76c418623fba4a2266a54c9a22c4e8001cb0383b47
+Nonce = 81f35d00b22aa6bc243c26d10f7155ce
+PersonalizationString = 
+EntropyInputReseed = 1768bc4734ea315ae73e2d30b499ac7862f19bf60f22ced7908ae35d9123f055
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f42d9d372907b21b82bed1fdfd0d6aaa58cfadae22004844f15eafec32039a2b170621d2de8f775faf2441712825419051dd53eb4cc9ccdbcec711e2190a60a76e66978b04732d14a0ff2d319eae227bcd481f2a4663d6d581e0af351c6281ea031ac29120888246d8bb364114c35aa3518bd9f9dcd82b5320a6efd6ba10e98a92fd52ce30fc5b0989e1bd04c11df72032283f47bec684e2d5082e458ccd957bb46744e3b105dbae91c851585b708c42f27822e0d364af6ac04d1c88becfb2f63409960ea76319b4c4c812e5618c273607ad0360a002fe10ea4ab342e0f66894fa500821798456bb07c0f1950d35378a1dc795cb862e52da874e605e51c16b5d
+
+COUNT = 14
+EntropyInput = bf8f1e59621bfeb81f63dc078d856cfcced685df990e4fc8735ede7e7802ef7d
+Nonce = 029bfcc6336b9bba56e0702bd1cc57a0
+PersonalizationString = 
+EntropyInputReseed = 530cf5480d2aa8c54ae7f63a6f28596b5a060902c7764a6a7b9829f66aa8a440
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e05e053efa1ae9ae41cabbf34a9b3eb48d1aaf5d27b3e1002c6f8dbf9844394837aded6f6b9e0754f200764150b27a23003523282044ff9a73f3604ebfc86ef063869f97976c7a5e4e9a7be799aa71ee1cc695c620703e85ec774c467bf935f2e210563be78e3f3d58946a037f7826a2cb377e1bb7c2718b29708f9efdee04055ab35a0e06d2b63d823d69cfbe08be89c1a78007044bf7337e749f6fb11c80d22beeeaf1edebf00ffe6a9e24874ae8dd482a0b4a53be4b290abce59f9e839602f9cf466224783d827b3e53eea6f0f740652d2adaba3f13a3f02c65f4e0ddc417aba3081325f73789500c97d6ce5b7728feb7353e01536706b62eb226a23b43b0
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = c73a7820f0f53e8bbfc3b7b71d994143cf6e98642e9ea6d8df5dccbc43db8720
+Nonce = 20cc9834b588adcb1bbde64f0d2a34cb
+PersonalizationString = 
+EntropyInputReseed = 12dd2aca8879046d23165c60f8aedc20415783e156d42a94346826aaeb02eacf
+AdditionalInputReseed = 9b59ff78a34eabe0060c2792ca9b49e9781e6b802badf7dbde27caaed3343706
+AdditionalInput = dc74a9e480a6ff6f6bce53ab9c7bdde4b13d70fb5196cdd5e3a0555ccf06fe91
+AdditionalInput = 8f3f229011209b2f399096afb054bccca6bc46aaee98845838fb1fb78b66f3bd
+ReturnedBits = e6c96442582811ec90e587525f36c555e2fd6361a0c5b0284917a4fa6f6e8ace83f11a1fb26cea6692b225ae7c5be286dd27471f323d7a2e4431722bb337b1ba0e648ea2e9f0918b50e9111f2377636ba69b0e1cb5295078d76c549c8656940eb15ca5aded7adc46e6fa4b86948f212fea3f3befdeece8b20e420ca84c760196ddf0b074df0a9f097a5db8f6125800f5fe746a62df1208042f1255b524465a17efcf6a537612968430e2adcff30f7407a51ed7305334384e512e003642cca175636819f021c76a2f44e89e6fe39cf164477910379cd314f735c357f9379de22495276b401c98ffb09a6dc03e484b355a9464511401eeaa05b4556e73b55227f8
+
+COUNT = 1
+EntropyInput = 254b5c33e030039d1f4efd2700e7bc679f403de18b872fe50a97a3c328463a6e
+Nonce = 96ba5ea50d9ba95c854212d2e3f8b93c
+PersonalizationString = 
+EntropyInputReseed = 7025c735741f9348220156076f60cf4acd20d264c45a0961ad80186ddecc2bb0
+AdditionalInputReseed = 611f69f111563c9756013f069e4bdec2b59b5d1367607f7d750ad697bbba13fa
+AdditionalInput = d037dd1198944999bd9f62186c4860b80b791780608d074652490b9e3165063d
+AdditionalInput = b8c710b0a60bc077d5cb875ddd4004ac8dd1d80bac948b64d0b24397e543cf4f
+ReturnedBits = a098ff412d68725266e84cd604057aec01bc683c0f867dcd42a5a0836ebc5b3fd3700d52179a5a69728a66181fdee061c70bdacb4aad3fc814977758dcd8a79bef5cc05ca89a64c5c1633ff98e09e5b9bf5e9cdacdac90f9a934219153d8b57e24c1ecac130521157e4b4957d5d88f609e5165142e47dd4e6c6be7ad276dfb5f6df855e2a683dbd5525ef84ebfa17381e2e1ee07843882e8ae2ee5dfe670d67695ed2a43611115fb784eac2b2d8f1dacde6de9ac5257bcd6c48862cf10dde0b0e6b316e410204fe72ce2caa364dae5e2407107f40d68000dab207e029d78152d5384a85cee5fccc21852abab5056a7551aca56f6e5596d4f3907a6bd1adfff20
+
+COUNT = 2
+EntropyInput = efd5a06b8abcdbe0f586b9055a9d2edea114227b0701ba38287628de399211c6
+Nonce = aa66e3dca83c0fe6ebfb793880d0ad2b
+PersonalizationString = 
+EntropyInputReseed = bd238175d4b1a9502d2d92437e2710e8882c390036ee6193d72ce7d25f583de3
+AdditionalInputReseed = f290a625f42747dc8110c7b5550da78814e507279a47bbd7b27dabd32c0e23c7
+AdditionalInput = 1e365fd3cd0dd02a303dc99314c6d06f904e11acebc7cbfb9ee47a0a02420876
+AdditionalInput = 94c5376cac81d7a33ff2e20b34fda52f1bd5805cd04a492cdb7f60328d393348
+ReturnedBits = 2f4bda3d8aac032504450ae69a1e763add160ca35756de8aa122747d2df7e5671f026b9bac78c2857a83ef52d18c11cfcd435e7b85548e92c0b8fee84b5b1907424908039ecbb0275dacce2706637af47d5f2ac3ebd258a838651be6d56a9b7a4f86013e79a2605ac4530085a05ad981a77de2bd08a362ce602aa817f74913e0cb0f239f0e56dadf8ca46d03fa4f8b10f23c1e04d0c7c11b73d23f39a87c608a44e8fe259320289fee39253cf1051f643918211edfdf757f4bfff4ef8b33492ecc565b7e0c9a7ddfdf533a445942c6c39ac29da8e2f1cfd228a2beaa52b8097b82ce652ccb7abafaf85851b11681d179e21e57ead30ec661192b671397252628
+
+COUNT = 3
+EntropyInput = be855512e110e1efb210cd9b5ace0dd11b7bd0b61f99115029807075be98ab91
+Nonce = edba45c5b1220ddb68265c89218f78dc
+PersonalizationString = 
+EntropyInputReseed = 50f854e8ef0342e32cf80f5178c163550c0aaeff955e8baa5fd5a532495d4353
+AdditionalInputReseed = f2753fa879e576ae5923cbc95f7f4c15cdba520f262b9db47e3b2eb3ce4e0d7a
+AdditionalInput = 3c438c9ae95e297377253deb742d20d9dec95380894e4170405102f80530a0b6
+AdditionalInput = 7ac5848b7b51e3ac7e13351a3c6c5bf52d6e80154c297adcd9d4f79865b46565
+ReturnedBits = 292c265071d54ccd59c94369a71c77aac7546b637f53bba20eb1db8cf78c6f4c3e834e3dc655013d43167172f36194ced864cc202faf0c4dc2a1596ec44a7e0333d2ce63016aef4b88a5286eab3d4748d651ccb5c18da540df16bc2472679cb1e27001b91ba50d92369e69267d5caf1e147dc263ca88942a9e1cad56fd3e145d6f99d715e5e153a4c69328875fee80fbda2392003abd659154814f8bea608b6a27b02663395c669f832d6c9ea4f6196baf29ddbc10eb894290011138668a8d0063a273a86af06729e928bbdeae6d596a294221916647744d95e72b26d14a035b3325a001389fd335211ddf5603cc28b5be27018bd99f315dbeecc118e6875d38
+
+COUNT = 4
+EntropyInput = 32ef1ac338229527ee446e5e1bfe8e26b85e73e0620383a5fe8cc0cd272b1d10
+Nonce = 233ffdf1fefd2f49243ca9aaf7d59b2c
+PersonalizationString = 
+EntropyInputReseed = c29899bad134030e43ee136af28f327abacf4664e1683d293a7b19c8e27656f1
+AdditionalInputReseed = 8ddd0569c18a458028eccef3658d3d3a2adf922e4f75375e85d56038419ed240
+AdditionalInput = bc18b1940cd5f1b5646dd0058c61ba3e60e678d8ba5b7b07352327423541247a
+AdditionalInput = 0767c48a3a1f5a028096704a7c68499cb493ffd91489e4dad7dc4c3a82a5e764
+ReturnedBits = f4fe26a03a9bfaa0275526e866d5339a0aeebe9c73484d806bf8e971e11c337b3028467234ede58157385ac30f2944621c75eaf5c03914706b6a8239007926b92c6c821fec1042aac05baabfb37501a736e4e34b283b725d63b8b7e9c789a454b06ffc7c55c8f5870e9072996e25b9f1e3de78cff9fab856f9f5941f39c065c5ce49669fb228ace3e8e6456862233039aa76aca530da29608f335907b68b1952c44d33be1bc53a7d0379d0c94d52c9b17cb1c6c4872c5ac6753cc7c38dcda3ec8e7a2fbcc1cc277bb0cdd06ed1c35a0103558424b10f93546e0ca8041265d58b7ec81b72962658013b42f9da2f177c43a062273f02939600b12ed4bc36998538
+
+COUNT = 5
+EntropyInput = be5de8edc3427d7886859283558dd499b245761de4f60de3ff777245754aa785
+Nonce = 5a779894edfeb83d1795f19a475ebd41
+PersonalizationString = 
+EntropyInputReseed = 675f850031727f6f699bdd0c5cfdc51158308a06579f44dc71e35616ba9670cd
+AdditionalInputReseed = 1edec79a02f8b7fdf7005a574ea2b2487ba726f3babe40b8cdf531ad30c46f8f
+AdditionalInput = 5510613cb4d5dc5a4aac9c0744c6bd6d65c8f5dff38180cb68165eebe4d01921
+AdditionalInput = 3be6b670b192d4016f62b543a2966a3c83531d876c3a905ff9cc7dff0d9b33d9
+ReturnedBits = 6310c96f0d63eeb481cd0bed115f70aca647781996dfcc8ab7aadeec92591e09e78d62c9bd9c37ca0a26358ccbe6281625115981b9caff522f521bb4e7770e8d5c38ac347309beb35dc6007ffca3057f3508e2f9fcc2fd2b6c2b09bda1b1d5a70d21a407fda5d26aad7465fa9cd54b5cf16d9f3f1a5dd9ed7b0d7557229a4022a3841999e746263271a978671ca827d1cd53db2e60247840224cd60e4cc453ccb6bfecb76c2ede754bbae210520c248ecfa74383c7f473b8cdbf1e2324f7fc01027e7f43506826b4d8b1a4853e15f7f52f623af2c06ad857de5f9618447ee3d2baf6b00d01931c69941a898cf5bbdb075d89739c44752098841c9876b5ffaae1
+
+COUNT = 6
+EntropyInput = f562ef7a3696f637c3838566ff6fe6b3125c982c0f8cbc3e5845e8bd68a0492c
+Nonce = 0e9644beedd33ff7386d9f41c8e348b4
+PersonalizationString = 
+EntropyInputReseed = 75c727aea1b7809e06c63a7b68161d717b969e2be4b36569394a388f3da511e3
+AdditionalInputReseed = 9096bb6fbd56bc5385c8b9ebc74b62f315018b0922fc62484d48702583b58271
+AdditionalInput = 0be90391ea94af1dae91b09b4c7ae866d91556763beeeeffc5225dd1f4d968bd
+AdditionalInput = 006e3f57dd81f86dce657b5a82ba639ecfe631501eba869b8e55259dfc5ea392
+ReturnedBits = fe13a475232962878091dda1995e89e36f5adc4f1ba23986c7381ae849729951249290c66d07c4ab0a6107fe808da48f263e72a0b8c179a4028fa6fb11a8a7fe3692d11ee1af1b92a06dac13d3d7023ecfa43293d016d319c7056e6d384cdd771b675145b61c9bf393c91e83814dea2c71c1cb3c4087edf51d2b6d2205edd427eb3efe305bbee220cd42db8e17355f3496c4d4c57afbae869908cea30d02a69b06729149f00b211dd400e93bae01aee36e6240a78a8368920ed90607890992909614349ab4491cf7ec083b48db91c87d840341eb41cea9156ac87cc8a5bc5fae9faad91b5ecb30f13f7554a4e67d55c8ea96a9bc9c425c7a6cb7e57036a07035
+
+COUNT = 7
+EntropyInput = 91c8168fefc159c96b96aff859764e86f62849cb8447c85d6af9b9582d85e7c8
+Nonce = eda45eeded36a7c0a80b0ea24306bb05
+PersonalizationString = 
+EntropyInputReseed = d89ae1b4677976427accfaf9eafe15d93365f8895a99ff4a69554fec3a7d773d
+AdditionalInputReseed = 0dd07745e9e9acf0984d59044596f0689874f5ccf7620c64ef7d5cf42691b9d6
+AdditionalInput = dfe8801d8bfa7ac4ea8fe53e16f38bc2989143f848a7b0be5894fdb0dc223662
+AdditionalInput = 489a0fc0bf9d7b662492ad88319055f0b0f605c1bd6989d19df279ccd7b5cad6
+ReturnedBits = a7cab900db1bdc1291518afaffd754042d022cedc26fec73bfb9d5b3cb60e7afa7fb55442c3ccf48fb01df4718e1c171b5d190ba4e4f4d29456ccd7955c4137f2b1ccf9387d83f96db993b67cac42699dba6dead461e297b54f77645b145c1398bc3634998ed2a1d97ba77aaa7c61bb7ae8ca2fdfd6e4e8aaa8af79f582a255679abbb314bd6d3a45d685b8a783b3d2182ebf3882488dfdc009c6a8930b70a4fc0fcc7972fbdef5bb6d318b3a004626c033357f78a105b8a5be4de1c3301b45ef1f74e433bb068658588f931a8aa3d91aa6476034365e56c96b45a2d88d79704729a1ae33a16ffa40a61ab8bb411d16e881b3e74842e878b450371f4b86bdf25
+
+COUNT = 8
+EntropyInput = d891dea0ad11bc0d345f9988080432979a54cd8d51e5585c1d6a87ba0bfe74ec
+Nonce = b885c87aacd7e4defba6412415d3e533
+PersonalizationString = 
+EntropyInputReseed = eb4109b0289b21bc704d76e5d23acc01aaae684ef9a26f15ef656229998c03f6
+AdditionalInputReseed = a17a2b676ebc1ab993fdd0588173714ce86459a0fad7d98f39d8ff5558bdd385
+AdditionalInput = 6fa0cec75941698452146862fd36c74cef702ab3420a4303f44694f71e29772e
+AdditionalInput = b149979239eb5be0a017f664d0a53b639c691b8a32073184b18e3e0999587581
+ReturnedBits = 0f181f0002ffd58e477b3e04dc78e8014f50745bb32cbbcdba2c43d34a15f92b78fbc29c3bd76b34fe012edcef1322dba751f01955e09c95cdf5fb62dbc996e1279a42bf0cc941a74014cee03525c593f06520d4d04d6b4934a68f3a6b2aae2fb5c691b3ced690d0f847dd63c9628cf581f83c567907111e937e2f5a37706c919d946c56dd4e6d123dc1bc606b5b307a5dfed38cb3f5e4b9014feedee4171802dcd5d1403feb4f0254db4e7cd4b325bd6876fa8b8128145eafdcaa776181cb5e3d968e3726ffb05994331f9c7b7473bedc69bd2895108aa33ba8ccd87fe6ccfb1517084f5634f7e80d26462a08470e08ed603b27bf0b8d0a508fba386a934648
+
+COUNT = 9
+EntropyInput = d3945888fb533882a5a6b5b7e708f086ef1c8bca23cc57632074d3a70caf66b5
+Nonce = 65c1740a5be41dd5e1cd181af286ecee
+PersonalizationString = 
+EntropyInputReseed = d2f4c12761c1612cf939cd8f8a7c22a93c2528b931aed742db7f3c44a4ffff81
+AdditionalInputReseed = 560ee5f225c187ed1981690f9773c4278cdf0f9eaed663845881e6fe6257058d
+AdditionalInput = 400d7158635a9feb73c884e3ef2fda8f7497e3a3098d9151875cd17ac5ba1b02
+AdditionalInput = 13afce5ef8aa04519ef802c899b6416542c681a7d1d96a6c31a90b1a8c8933f5
+ReturnedBits = be08acdc3a958443a8b30393f3be248319199618dad1244237edc8c10a6996fa65f8488a3f5899c63522bbd694cc2ad87f0a7b08a7e7306b3c7c40999d76b09e2067121e4a6baf6865713b2a8c8723a525b35590769c6c59a034428dc6064f96c056fa8d3fdfe8c9790fb351102009b3a75c19f23a40e82ac8d997e312975ed678e54994231a1d581c1dd24e00ca8f50005342ba5c7df0a284a462ec7a4a4d8f35b60e42abe987f1516d874dc93629e374713b5b9167b5c526f7ff5877f456e8546f7e60f70486c5a5fdbee4077cf889e9411fc06965ee4b4abc159d1ffceebb2e570f4ccf5e77224b00fa066134e8e02bfcb744481869fc95fb219d7a949251
+
+COUNT = 10
+EntropyInput = 33f914e4797790cefc1c8bc879d60973f1ee089cd56c7accadd12cb066962932
+Nonce = 3d1387bdf56f26d6db346bb291fc4074
+PersonalizationString = 
+EntropyInputReseed = 1e375c03789ab6d582a1adc45284e8eb4e5392d7eae9f7737f594bb5a124a0d5
+AdditionalInputReseed = 14738d54493323a3cad83692b203f3df94d3e591fd46d89e4c8e6a65528d2f57
+AdditionalInput = d309e3b427c86d24daee6eef4f175d1ced839ef3d9350fd74d39ad4dc8c5ff76
+AdditionalInput = da2fc4c03d1287ce7dcaac0bb12d5799710cc006ae566d57da9ba2fb0710062f
+ReturnedBits = c5c9368e97d2bbacf71a57dda9baefa42cd369f4fd154f9830821a4fb102d9d8185a107582976147b2f5043bf9dd1b928778e30830416fb9312ddcaf5752eee14dc8093d687b5b56ad83a89051f50e8125d98b354b7791a7026b96c49da9ba85c7c889a66d680271fada193e67d63832fdc5f3ad258cec22e06f6604a849d8339dc8335b293737be19a46a06766514faddad06affab6f3f42dd76471fb8cd7e26515798b2d6c3c4fff75afe7cdab3f9b585c896b26cf899438a8911eed8e894e7d6e77fdd98903038de74f98c9fa30565f41ade57329533d0c5abd426693832126919a49af4a178bde09a14764dfa994bfd13fa5a289f414eb89be6bc50e6b11
+
+COUNT = 11
+EntropyInput = 0524395cfa40a37be591fbb087aa5900027c8911d9d09139a36e631320d7e9fd
+Nonce = 435f1a471a07465b6ccb15fba065d1c0
+PersonalizationString = 
+EntropyInputReseed = f347b1ced1abbff44c197baf6db8aa813c30176fbfe5111bf848b1642d43ebe4
+AdditionalInputReseed = 131ed808f7f7f1fe856fe0fd542e24bfe470239c9b344a6069b4df45c03c9e57
+AdditionalInput = 19910e8fd5934a9542d29fc5a6618a38e66b542aa1f7d44cd205e0e6c8ea2524
+AdditionalInput = 7809caf3a7fbbbaea93da68e598d787e3437fedf0f607e7304a796644b50d57d
+ReturnedBits = 74410341d55b4c258574d0b5a32a99ae1e125f2b21ee9a39d1559b9636ac2af9feccd14f03b8088ddc4a242ebc0be29806842546222bdbae15cd12b0f621e979510e3a28a0ac37a17820825844b83a72f48952739b7ce107ca4fdde875395684bcd112b4bfe54f4cc26ac6bc8ec2da5e58f120b2e44974f9685c0b733a3ec54518b7aa67e5343cafca630315100b53302a90cbc77445792687c93250b42419c5ab6344390dfdfced9bdb4d7a6c5a07dc11288b68d567eb03ef073d486afe6146274ec37e25b6ca1f950c21515d645e68ce09ef295fba6215549bb1afe21aadc8da9925c39a8047ecbe9d8820d2f37a7fb685c3a46c91a16d7da78c7eab2d246d
+
+COUNT = 12
+EntropyInput = 5caf6a10fc6109e22515f245c4ee4a18861171e5fb7fbf803fc59fc41e3cdf3b
+Nonce = d26b7b1b0b45b27a143d8f24eb66667c
+PersonalizationString = 
+EntropyInputReseed = ab806696da642d299181e474d1622eb14cb5044316bac67a1cdfde91e42a547d
+AdditionalInputReseed = 79b6af92ee9a18c64016a86e810ad1049c7145feeee01e46a700b81770591c85
+AdditionalInput = c56409ed85509ac9084398f23ed6983e8eaa3e0b90f77cf0b5006fd8d3d620cb
+AdditionalInput = 61250b889bcd054b6e9465ced35d48309385a29c311f4eaf5c2dfa3c236ceec6
+ReturnedBits = 6e0301ae0947edc81aa38676b1b6f6f7cc8688e0adcf631cc0b05a9f02f659c751055ffea71a8114ab2db74efd02149927934e6b5a77b574f25d847579ed63614351cdba6fb299cf3ae2a4ca2ec35e521cebde9e647d338e8a68913f0010b09cec9eb60df8a15ca1a5832614c8367fdea317a2b4fb0aff9732395399f151f1fab518c7ba839023ad1e94ca8bc6f2a3c7f336bedeca28982438c27de56b91909de929ba17dbb34cf9cf9396a84de13f5cdef6c923cedf424c98ac5ac3ef735bc55019edc8471e193a73be7fb367e80eefde7b251a92ac5c811f5d3e204ec6b120e6acc5a2451bda9611889a4d65c3c82b215f92d6241632bb668108a885793466
+
+COUNT = 13
+EntropyInput = 7efad918f6ce90dcb7b372e8558fee3afdc945b149da1fb44a5f7015b6c8a5a7
+Nonce = 05ed6a89fc8a5a5ea6deb4c651478a73
+PersonalizationString = 
+EntropyInputReseed = ca252a5100e4ba47f90d68176dcdc91f2bfad93d9f2d6d87b26f836ffed644dc
+AdditionalInputReseed = 9122c8dad6bf1e2dd29b670b88f56b994c818d80ce2a5addc5b6029f96cf40fe
+AdditionalInput = dca741d0a3dbe9110ac1c9b46efee45411b9002e53b0c5395dece5d04a3709d8
+AdditionalInput = 2a48e41db06722fe522efc09b98288ea5f108e455f7c50815f3560ef18a0b7be
+ReturnedBits = 14526ada3848e4d2367a8335c2e745b83773ce87b29e1a0314b3169020a8f9a64711b1ae6cd3da3107f8746923927dfc2993948a3063437398cfc119be37cca340c998bc29f7aa6551169c358028f09da858688081c9e1f3e9d45333b67df6deb7faed2ee7e9a5f8cb85fd3c378eb50fedcaa36ba55db0f9e8e8d8f9946654267f647eb86206e2a358f3ff15b5e75af043f040690fa41ba1062c12ad83163ef00f4c3469348d798c21c76ed62834c8234c9d29971af11e8d8fc2adb6a3ca436766badcd82358e6147177763cd3c1b26c9d96dd1df88518fe54121371aa4a39d68dc733551496c6902b07323176eec4f448d5cd38860f177b87663fe33e40d456
+
+COUNT = 14
+EntropyInput = 3be72137297b6803534e9d35ae81dccb799a7a37440b4ce9d2d1d3118a04e78b
+Nonce = 1a9f04273fa0d40d3e0c048699485182
+PersonalizationString = 
+EntropyInputReseed = 796cb7fdf239e0318a1944e7ad1cf9ee7788ee7872f8f6b85fd857c94f361655
+AdditionalInputReseed = 54120d9bf28e719d68574fd5e7c3fa3d4393c5843899fc5118f95c7961af76a6
+AdditionalInput = 637e8d603b8dc6e7771f56abb5afbb8ec55ab776fd74245bd1e8e10ee5ba2460
+AdditionalInput = 92fbc0c0c3a5b1e71946df5ab25c2e111d8d28f3d9abfa12f646bfd4ff81e081
+ReturnedBits = 41f4f3aea0b9616f3b6e3c18e5fa88a47484448f074d0f96e7cf51f518f1aef3c0eb7dc5bb095dd9f4a79139a1e708adfaf33325a00942d9793b354ae31423aeb156e58ad8e82cc769626b543fa31e431553dea6d6fd161f9b4f5b7bf9e31ec2b4778c4170368ac00acbd69622c6834efe8e9326192e6899333f98fac9b5afea8ad1e09a064eb760aa90167cdb0b01f025eee73b0d33e959cb04fc1a986dc4b02086c96c72c35d88e0253a3bf35c54ba003ee44c849b2d26daf52aabae087fd6e443e70895a1fb22b09cd7fcb48aa6c202ec6b4a33001cdd712e246fc2b1a228bcf4eee74bfeedc880cfedb0a97473dfa48f259fda5e6c61cd07f09708137f84
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 83bff60214370ccb1c8f2142b528ef70e71dcf343a42f149737c43c869886901
+Nonce = b7dd677ff8891a3a6b3e63920310bd82
+PersonalizationString = 84719a3399ed20d47f5912e888623f8a0929492951d65d8b01376150f13fae1d
+EntropyInputReseed = aab08d7baa18b6b79e908bd7c48ea5188577988be95c34b6aa952070db27ac4f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ae39d5886dcb734d7eda77bcf0f9492672fe771a4a196bd18e547eff62abc3fdbd426b0690092699a28e49fcb64b036cf4a2e51321214ad742edc099bb5bac098f834d22bd6dacd006f3f9722556d335ff748378ef12c48d1c3ac223554616ec6af318b6357025792dca4ce687534918c8e8c569339fe9282174035c1a74bd453a84a2458fa58e56e265aa10573e248dacfcb0150d89c60182076111a461b5acf0201bd0f2206dc24a6c9a846f7c0773f3deed13447f4b89788e681a6fde808590cec544bc31af29d5164306bb353bc09ca6bc8c95ea14b18189cc4131457ab734fc02b6a39f2defecfcdfa5fe65b2589800edf6eef92d1399bc9281b05083f4
+
+COUNT = 1
+EntropyInput = b474aae400040144581faa5cb8e246501713ccce68a38505caf8a8e71c156946
+Nonce = 3d7901a230510e3b2e164e0e42038767
+PersonalizationString = e09b25982b821345fa97cb52fbdeb80296db2c21a8568dc5f62fa3c65923a9c7
+EntropyInputReseed = 9bd9a8d798b3eb9ea46f88d2334ad053785f8b1f1f25264b3bd2eb46117bc7c5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 21a6b592f770ce29c040d18942794f91eac151cc7767e7819f7f9804b073b365142905f86e384f7a7282af9c92da5ed27302ad500b548ded8811d058b45aad6d1cd820235b2618ab2d014faae0dca4f2eeb805ea6578d4872b1e08fc601d7c16a294350d3f4d0711fa24625d92e288a7c587e8a1b756fdbbe1446427573cf93f3177bcd8d52ebb7a21515f3b509218b9bfd0569bdee004f009ca2e83994fcee5c7f3cf3d18ae771441fb7493635881e94dfc89014702ae01da88d255e914da947105be5063d18e9e92fde862488be5014462b561e7bad096f1820931ced8164b501e47073bcbaaed1523ab9c60dcb73f5735634c8d8c3f17e6dec9621e0afaa1
+
+COUNT = 2
+EntropyInput = 1229665b53001e84d143fdf582a6b4de5066ccecad43fe6926f01c28ea58fab4
+Nonce = ad50fbf406c66c92f2928d81c3ede175
+PersonalizationString = 13ec27d912bc09be1be65b66f8e229948f29507a51a3ec20c0c6ebf093968db8
+EntropyInputReseed = 453de799acd9ff543a26474e73103bcc8546aa34d18c800ee7f73af3ca6f796a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ee57d24d2a2ecf7eb3246e75539ccdfe809cf3bd1d5d9e935dc8cb46b9818a6cd0359f5ce466440f3e865ad91154d141547646206dab6345892c2f14c577c9131a095e022075d4bf023104c0f472a7657ab2e7dbcd285e898c8ffde5a33b3c1bdf94c647e02875856b55f194acc0de90b0a0842c8360264c5ddddd04817c94fc4f8ffc0b09264210cd2e541a5bc9b9575898d62d98127faabe614c6d12cf535e2c124efc260999acf311b4610e2b09dd281ddb85e4df8ca14b9b38437be6ed10bf966bfad8973d343744a21c2d72ec10082cff86ceccfe83161b93082f8789de90312bc1956d8832c31cd66c81e8a31858764c95d671fc0485a10ddec694da44
+
+COUNT = 3
+EntropyInput = d02812b2142bed67c8847793dcdf72e69d0d83fb0f7adb7eaa97ad81aea9f4d7
+Nonce = 5d2785cfe101031b2b0c813cbf74976d
+PersonalizationString = 4f7b05cdbfd0ecae00aa0983e6ccfd1e1a78c974e63190644bf94d7721792c60
+EntropyInputReseed = fa8af7946c71955860939942d659e78f341995c0214189ac04339a8b68634d59
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f16d3374fd78d22efdd042bb852f7440e5c05d46dec8bd73a72ac7646c169fdf37fd5b105b0a2b172173f17c2d53132f8ff328553e849f821252d7f18f4e65b132b07b69ec99984f1a7649dcc053ab377d74bdc6d995f2e8671b0147895651a10aaea6e57a73c817098f98ca9b8935d452fe5e16747b71cc49b9eed9e7c9a41effcc031df306db04b8aa7bdd048f933f2a8461fe637d35e5c30331b8faa768820a467aff0d9a7f8b23acb5b990906ace46b2e8ce0b9a8d53cf0079b8c927ceb93413cf01d4321db93bebf04c750b59fb4868a9c3bfe128c43459f9ca7980ad38b2f038f9f4e502642d2e73283eea76632cb7636b95128c14d4e75128c6464bbf
+
+COUNT = 4
+EntropyInput = d62cc8a565562feba75d65cd12f1a15db500c2ce0c91254c41f216fd208480bd
+Nonce = 8d7ba0d23ee2fe8fe49da92b5671e958
+PersonalizationString = e129010193d8db2ca355cf344be6058993e80d151e01d0f909fae5ba7f60052b
+EntropyInputReseed = c20911f6bd2f5d2ba6d1a7cd7c90ade152a2fb9158eb6e666e73acaca355e65e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 16bb2b05f8670e5cb27f8476d71a875b1bdf67a73c3559c95f75632c696d96b350b16e9dd9ffeb63773b6e609c087fb44d9f0f9af26f3cf9d6887cefc3c9826dc3e09ddd5f43b2838f71265cf003fa6ae0d9a95c3347cb9e23aa473bfad094ee4228fcdc3fb58dcc96f6fdc78282d51d5e0616bdceae214d9197fe5c06f0ef21dfb6836ac5876f16162f943697662152ddf25c99a7a685f88fbdd3342538a72ff7c25ab20cb28c1f2213a8a479efbf2f3fb6df025a522bcdaac5d1d31a605265dce146677448d608bae4e1b1eb3a731b23648705bbe844d01f4603c940a54ec7122469e7a97c9e743b2a8c1a29cb3cb9cc2b0d6ef8b44c9d6a3728fbe2ed31ba
+
+COUNT = 5
+EntropyInput = 8f5bed7d928b943dd2029c9454ee9b1b5659f6960babe79a2ab2c02f8571ebcc
+Nonce = 35b0cb8ee6a671591985695b793f6920
+PersonalizationString = 4c04ffde760da76cde9545dafc306b7661caf29cd383610105bc6ac6e6fe3d30
+EntropyInputReseed = 09a54486029938d60ea76c8aa3f739a1221a35949fcd750a303d0c24e1fcba23
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9d2911c56e34c9ff1bd40865a0302e1fd00ab3722adec18c9f705ea873415ca70df59bb8ad4b13c3a9fb94893699e6051f868ecf3f093053e7bcee940809832dc676978e7800f04c781dbf8fd7567a6d20aa5dc3b9c62b355c2f35331606df8b8ddcd521016f725fc63df0563550f66cdf684ab55fb8ad39ac35c8de3990ef673fc0b142892ade4fcec0fe50302daa9d725d787446664845bf30b33c08cc31e9bbf52b441957961948307a2adae5c96fa0c239bdf70dbc3c67956e8b0db1887acb85b3887335fd381eae362f6416d7f6e3b944041f9f118b1427ec69ce440a068dca95504fff7cd58e65d312a7ed44c7f44373d2694fe670b44378eb0452900b
+
+COUNT = 6
+EntropyInput = 15083d7474e3ec14743fbe9905477183bfbdde41b3132b9d55f3b361cb4eed6a
+Nonce = 1f1d909266390e34bcc4c5fc8b9bc0bd
+PersonalizationString = fd8e67539dd6f68c2f16abacd0ffbd1782323a4f110259956998125e09831d08
+EntropyInputReseed = 54d03cde16ccc69e75d59661705c3618e54e65638ccc1a1aea668404487cdb51
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6c471cc952ace783f6edff124ef73589ce7a074cd20e704bd84cd7506fb80e7c2ec5babf13322c53c53eb299685458f574a2da6e1152edb92497fbeb4eb7cb966619324185b379eaa886321e6c6dadd24087f5211a1bbfb3b18ccfc35f64b5bdc93fde681c11eb9033a093b04281964ccc0f76e1d2f345fa7dd315c3f84d121d644327292d2fdc7fa5fa8552d62853c6edfc23cc55ca77604000a83aa370e64ec3a7b6d1f3e59c8e99bb8c7a3094cfcca9ac740843026cc84cd8663e746aad95b0dc966106b96508687ab45a62f2257c4c2b59f4c9b21360c67f7191805e6c33e77b5f47af951455e62106d05e3b7f4e8a5d5a440d7bbb29103bbb7a005a8f09
+
+COUNT = 7
+EntropyInput = 07900b5a3957219f53632dcc05055b2699c2099d9981c76740361a4cd9179ba8
+Nonce = c0317e5ca360f389bbffd2b2fd4aab5a
+PersonalizationString = 4518d8eddadecc173c7b4306319a44887dd3c328eb5ea596d68ea19d97ddbf06
+EntropyInputReseed = 7615323915e6e206f1cdd6ce8b5008b94cf35cf5f83ebc7968ac83fbc3cd47c1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 172fb0ddb26f98023464c35e0c381b6285abf6282b6e296974cd83dcf26f0cfbe558e0ae8b86b91019cfd140e97aefe9e0f6e467332cc3d92c0a7a31f1685fc9ccdc0f2e5a26350964419de38454f45d81cead79c8d93aece61a2805a4582070029a97c1c2f03b104daee9bacb1775d240e414742ce2b82172089a644396558b3c584f2cac00d03e8e04ad38ebf8ba7ad6de9aa376ee64e8276a900ceac6103fd50f520e304b5365f4c536d8576dc426d5263670ac0e199dbecbb01843bbce981922ba29d2756aa0f37b31b4bda76fa5ec7d2aeb9e564eb3a654030495487b08def499c0db73f72803f0f51540ae724d7b6b44ebb31c6351d09b9b4cd36e5d6e
+
+COUNT = 8
+EntropyInput = 3a35e59d1d8e98114b2397a54c5fed5533e6f4fb34b796f22c98a8d08789521e
+Nonce = a644e52caf295a8de446338a4bf1b611
+PersonalizationString = 9b508d12d2bdec895e3500fc983d1964ea16dedbd749ca78b89cfab4bc7af303
+EntropyInputReseed = e6bf18d9b1aaf6e1a656ea4590dec605ee2b67ab3e0e178a161cdefe3bb02c8e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = db304d406e540421c9b874f6dd8a3869ba9a7dc1cbec2959cd393e6ca46217637f35935a1019186b905f3af88414a522bc0682f45cb861714a2379beda2741ca6d4ff8014f8b8c2ea8b1aab79b3a2a04c4db6c41e7fcf3cac5148a9a6e3b0cb9272ded6b77aeed42e09a02e689b2f36f3385fc32e053ef2c45b6fb01d70f8285d19a3f516653924baaf8e8725150d23bb3ee37b992b597a836605a598c4d296a2f630cd30547324224fae08119ee0b8a94528929f766a0966de0a8ca28202b1ddfa0c177624f64108060b7899d3c611d1dfc7ac2980aff688317a94c97a9b94ae75bf594954ef91fb68438dc9e21f457a4965ad93c252772cc31e4794b73ab56
+
+COUNT = 9
+EntropyInput = 5ac87bc0562000bcb05f5555d2b1247233c75addb0a79f03f575f956e0ca34df
+Nonce = 6bcd45ebca437341d1641d3effd9292c
+PersonalizationString = 918856eb731af4af6020078ba239d371b73afd7adc0befd194c42c448c6d5ee2
+EntropyInputReseed = 8df6b7d251dcbed69a557ed52858c4552cc04f91087e573f8ddbc7d952cb53df
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c9bda7613102f1781c41df615536fc8d8c6ab70f64cd784ed6488b4f38371af6bba1ef976471d1f1e31459ca821f20bc03575869be9cf4466914619d96ed095c2d0c2d31d10e431a8faa1641583f468ea7d300574551b8bc3e494633ef8528bd29227e00546fb7132091f04c6985003db8bbfbbc40c1daa4153f120699c3bfb578da6e89a3e92fdb7d4e118c88e0b9b735bff105a1663f3a5980699d4b9a9c53b69dcea0e26741949a9397e77e91d2ceb93d37537a1c71adcaf1a45de72d70572538a5a9578ce4223061907885d4943a7e431d201e0382352f52a1a0badfeb74d47de174047ad2321fb1d625f3eaf2484274b5efb096a4b44001a58d938dd2ec
+
+COUNT = 10
+EntropyInput = ff164d57b5b27cc24cafba6215f6ebb0348ec39330c7672b8d52679cf172641a
+Nonce = bf7646961cc28c8f4ace338318f58b99
+PersonalizationString = 6011d3719289bc8ae516a42a19423300d6cda0c4391f7b5a07d204066b1b8ed3
+EntropyInputReseed = 6851cea95885bf7fba374e5e3b4af8a692065fdf00dcd5d8af7ce43cd6833de5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d72a2b0fdc6d69bf7f46aac605996bb434a580065707ec7391b7fc36d5b098e549ef5d0d62cbf8f50951ee3fdfcc8c1b31328640bf0df672c38d85aa7cbec5d8aecf6b8afd4cb621f38aecd6ceefdeda0ea28eda12247d007645c4450ea5ec47409b0b50e8c564aa2a58519cb014491e160d59252d460be23cce57f09b292faba8692b7f2121549a3979404fe097e0829135400fdb789d541f7ef0c9063440aabf39ebd673f38533ee96233414f807789097862b8c4520ab23889c81fd3da5c3f5d88a8ccb4c3a77636da1c95534143f0fd3be2c8b780779e3e1852da98602b0e0a2a7b9183d160badc5c31771aa328a9f89c8ca4ea856f346a97d037b5121fd
+
+COUNT = 11
+EntropyInput = 8c9a93e90760f9e6a92114d907c83a34d99f53ee631d086e40097966f52d6366
+Nonce = f8447defb777a0fb79d985fdac841e7b
+PersonalizationString = 6db51dee5e9072f434fea76007cd303e25a337d4d44e22605dd3fa2b4c8bf783
+EntropyInputReseed = 43709920a57fe7aed106f3406acdde5adba487773989f721642a8db99e4e5000
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1d6a2bc062b99129df19607a41b04ed7ff33c7f5c97715265db40111d28147452ef5c26d9f7d3850de9b9d4719f32c88b16715d2a9cd8013397d77d0140195e2dc3587894a58de923a27d414bff316095a2857ab01169bf5f01fca0d33f39cfcc4b53d1e5802f0af7201c66d294f3ed77f5579ebbe72c522b8294c5fdd902ee2949b94b193fb94c6a62173d42bd04952334e8c09ca027e2fecfd675618940c9f7fc4635bdba3b79b5b3a4c455b1b5e7323bd478770a92540bfa6417163c0ec433291cfabd42c8c2c0439593f762fa971a1813865312fb92105998ed022bda7d14bc68a338d71ae7c68fc8f8114184c233bea98998466b80f9861a2b152b2f7f0
+
+COUNT = 12
+EntropyInput = d9541eba8d71d5eb51f9926a7c7f2d265f52d781c86c980d6ecdc9a5d1c65a3f
+Nonce = 8e8e3f7f0d044873d071447b566cf53c
+PersonalizationString = c9aadc0ef01475da0e0ff0cddfa5c3bd93f6c092fdd7920eaed2f4a3430bb35f
+EntropyInputReseed = 463934a1582bf82e55f2a83acabf5f371bf6f88dd528cedd3e35b4779af10b31
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0677afb06fc1397cc3dbe53e6ea1b0737fca756bbc976226913b53988a3bc89c83b48e6236a96da1bb963e92053d6f7a26a0b024691f82abe9d9ee92beaee24d319bf58dee095b0f6f833417137165c9529cff7d73abbbe5f3efce8bf721c97b5cf623f4fa80b04e569bced842c3d31621ab5bd3cca141d9046a6483c4351a5f79c3dfcf4fcad19775f0e1916def993efea8f9e6b3566f5d214db369d6edd6db98f989714693b9f5b647c4e048bfae16d985e14ae293a3edfb0a50c7144412b0e73a0daf747690847b96b3b514d2b122ed6dc2e10e6f03c55ede0da06a74acd427bcb413b09c634bcb784f54ff683d11c10dcb3d439a13f36e611f7c5e333939
+
+COUNT = 13
+EntropyInput = 9b57904c2a49bc902e114b486e1d8f5c0ae3568b2dc27fc24b251a47615fd885
+Nonce = cac57244fd2c991c7367ea9661a45f65
+PersonalizationString = 58908ebef9b5a438583b9a11f6ea03e24e8a54d91838f2d3832fa7f15378e82d
+EntropyInputReseed = 53e7af068e863aac2921f910c8e924e2840a52ce534daade22ad7fe11edcc968
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f97021f2e15776acafc63c5791fdab4f27c1666168ae2c53b309941b03b88e8e848ff2e6f62fdf5a2380d4afac644ebe27b0aa888cb5c5f5c26cae5bf8731c064ff8eac1cb83d696ec5463563d4f1ce1f803efc40a8bf53ddf29f855414f461fb1685004fa19ec58d69d731f27bbcd170a5febeae2a2984b077632e51bf49079bcc5664b159e1c598bdb40ff3f71761d9e05da11f3d9cf4b107e734b06187eaefbb72e7d04e5652b44f98eeea495da863a60d25320078abbd17dde281f93493fb36d083528e86b35336ab3be04720a26570ec667d62dcd53401f1fdca34a820982025dda387526ae4c1f93e11c89d513b625997e6c2969bfb7f1ca5d5e996259
+
+COUNT = 14
+EntropyInput = 13af1abe6169ed47a2facb2852716861b84797156ab0fd02a00f84717f084040
+Nonce = 1c983b588b7410942506fc2d53ea68b6
+PersonalizationString = 3774868dd2fb58fdb51536aff9b8e0ab76fc42fec227dea910e69f02861e5f23
+EntropyInputReseed = 7fb27faeba254105689452ad111a163e7c21f43904f4dedd4fe3f9242eeddd2c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 797b0aa425016ce3d650148fac0d63a6b26d7ea659d6d0825d39db856db3d47f88621038a3426eaa3fb08409f8c1ca6b3b9eb3cdb0497896e86551237a9c5aebab71926ba0c3103f77d550ea496e1d0e90441882b2efde60f05acb0d8145fce5c049c9edbebb91a07cfaa3dbcae5c6ea2351ef2b708dd4fb8d278076caa968055f1c4874bb10ae99cc522e9386d0b0021b61efc03083f880ca8d0cfedea8d31343ca57d65679f3c9849eba98f5afc7ce4dbd2e88b3c3dc145865f1d9ac3af4dea88859e087c1008b13e36d323878f4dc06cc9a0dd11d2500180ab009b1481a6a176b4e07dfa43f1de1a7dc2290ddfe4342eefae542cbf29aba1131e715dc4adf
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 4b23595b0a3640cfabb0ec34df6a613308b0448488a5d9ff99da4278e072eb34
+Nonce = 8e696bffd9ca3a71d2e2f05e600c8364
+PersonalizationString = 010ba93ea68a3d4a200e5145859e299c5b5349b7645fb5bbcad687aba7d67313
+EntropyInputReseed = 04de4babdbe143bde99aa4452f9aa43b0a164eb927555c0496aa0fc9328a521c
+AdditionalInputReseed = 2b0c7c3efb36b71b917a44086d168313675b426b17c5ab3d0eb6af753f6040e0
+AdditionalInput = d0b7d1d12ab15d3bba8f4eba07fee0974838962b247be480683b8e3d4a91033a
+AdditionalInput = 66c78ca12e45bdca003b49cb6440b977dd85b167e7c803890ed1a73666eaa869
+ReturnedBits = 4008cbd8281dc82fd6c368f650ef2609bb771e80c63d478a77fa938248dcbb8b79e54ead0265f6ff1ebfafe4e387c6e27df9f03e4a5225e86a4436e56ebf03b3be2cfbcb49c89c92ec1dfa5ee445dd4f6f64e02a2423a0b18ebd02eec52f5cc21bc3565e796b3ded6552f1b5a574a201c3b11018222806f9618d23d77fd02db879cf87fe24ed7ba11b3b108b559633db1f95c5121b28011aa4dd20399bd4978e1f8b8880c333a47ff1750679bf28d329347b26d347aae90ee562ae8029579cbe0336e066d6b8ba5e0169fec804c30189a4434c1bf8a5b0a249951d3d89554da38ff0751b8b1fef9ae18a0aa2bc477736d199a06f61d400039a4cc03869bb10ca
+
+COUNT = 1
+EntropyInput = 3094636e4e46170e876a4aa9f9117abbd555908800c00a41416f1c352a4619dd
+Nonce = 254f5523f570de4a5f7bf0e1d936f311
+PersonalizationString = fb566830159428620ba10710047d0bdb5a14b3e253b75db8a8960984c53ac2e6
+EntropyInputReseed = 652a47ed38f2a7b4d0648c86bbe0c210c31b673635739bce954b565f95fe7f20
+AdditionalInputReseed = 9c970b82363cd8bd09561cdad2354e9edb62aefe00c35caabd239c2b60224c7e
+AdditionalInput = 47fc3d52bc6f947eb513b7cb83a81efe28d0a8e90c9ac80dccd7e35a285ac0a6
+AdditionalInput = 706dfd451416e86fe77081c0c920b952e10c1d50c77b90690a9ccc6390dc9d83
+ReturnedBits = 70c84aa12d96bad015c19fdf6ce09bc235d6d84e8a3f180860c903cb5971a4332d2125465812c63414f40690674ea14c5a0d3abe943e47f6fd91ca17b9a38dd990168d86bfe2bee5be88b95d3537e3e3f08aa503e3d2616e4acd380fe1ced1cc5a992d734dc4aae7cea5cf0cc194367fee086e91c0d1f8f196ebcacd467227e1c5b1c88b98b3544ef08b90131fb6255f5620850e4f8a54096bf765284b9441ce2e0d72c562ef6e6a6866d3f91e8b11b08135386c2648a48dcd4354cd42607002c78e5d007cb2971bee64299f996021ecdb012c4db2f67fd0886dac89274b6fd051707ce8d5789014ee6b6f63b0e5e2813631ab71215ce7af4e9e6793cf0c1a33
+
+COUNT = 2
+EntropyInput = 3004580efb356c34bbfbc4dfd084443f7d1ae08b26a9f4f92e579f231977afb1
+Nonce = b49da206bd0fe00c08650d3368e22f52
+PersonalizationString = 06c8cabbc543ea6b984cc6ab506feaab4f5091e27d9809c2bee73b592e94735d
+EntropyInputReseed = 6386ea3d07e52e72e50d4895b25077f116b244a6e9a335a9bb118cb76f42aa8b
+AdditionalInputReseed = e589d2c45c4110b45ace4b309eebf3a7acf8e9bdb27cf5bf0f9c0af60ecd5acb
+AdditionalInput = d9dc02809ad14b86af07395a53f5c703c1db33e91a73938bbdedd7a9b1dd598c
+AdditionalInput = cf414a664965e1b1a4491d7e5415fcbef5ceabaf51a680c8bd7cbd218647b6a9
+ReturnedBits = b2cbf4c81ea6968336dde8ab38d74c4f97f0954e2dd5371a0d86a131ac741799777fec35413871b0a260c24d743a71f57d54da2c68bdfd1d8dbbd54870b61ba318d1c35397550777ee8f827dea4b18ddcd1b69d8b8e9b922cbe5d210a7ff76ae99547fee8e71f484117622ac7dda35e551eb3aceb5d5a014bfc1bdb6ea8f9dddf95405a78df60f9bfb84c2e4c42be678fd00e7592bdeaadbf0b506e171855729a22ad760788c58d898f51f3e853907308482537fe728ff7cd965a446a408937b5a1119c39480184c3c3af39905f8b0991184d663817d55b12da888ac9187857793435c6d12241d6c84096caf2f9e98f9a7d8ada5442c60e03d2a206f7c93758e
+
+COUNT = 3
+EntropyInput = 72b1128a214af7f52513701cea405065df24abc7016a2952eeef396c1754d1e9
+Nonce = 95c70475f4e216e1706b6a315d81f5f1
+PersonalizationString = 7eedfb6a0058c687a438bb97ff76a5df9e52e9b964592acae28141507fde1f50
+EntropyInputReseed = 689232093a273e6bd3132d72cc54b688e5ad735675aaa0aea9a8963ae2e41db9
+AdditionalInputReseed = ffb226551299a0ea05af7be9d08280da57031b693c241ac29b1e1fb899f17f99
+AdditionalInput = 5e016b61013dcb5427e675602d49cd2da91c3b27ad427e64bbbca9b9ce04ca8c
+AdditionalInput = ef940e1f43dc8f5c055eeb9eedcba66f599736d58d4ebb9228481eb1a75ccaef
+ReturnedBits = 0f57f15ab361a5dbb80a20a7607a4ff1ca907a58534fb421071162b2a722565c7189cb44f38fc49a98c2ad9bf73b566b38c89b2582dc47ae50039e263373ded9d4045019b22fb04497eb9ed2beef48cbed4ff4df423b57d40d30339d196fb4136b69e60c2800de72ec353caf91e0984711b9e8e8f19d9f86913e122b54a999b4fdcd5db98f9fe61ce849ba28c9d3947828b39f2bdbae555f6d063b31953f15d348b13e16af78c2c4473676ff5d703ec951753a35c9bf7c715cac5f5ce78a6f5f03dedda19f506a8d83dd7a603d87c405b94a2006093adfd32641f86a14eb8a51695d9b2faecf25d640925b2716572a60e469308695bdcdc7ee2fcf9b845bd243
+
+COUNT = 4
+EntropyInput = 4c2a0fcb62ebd773133ee58b4a941742698d18302c4e703b52a106d573e04840
+Nonce = 2cc32d0d5fc5d3862de2ed7de104bd5b
+PersonalizationString = 55f2cf13391195ec493b092e121548b69ea8b614126d588cd19e2b5eff2e08ed
+EntropyInputReseed = 3761df52de5f0fd0b87a0416c3fcec10888e6bf030b8926cdd0a34a16c9c1c7f
+AdditionalInputReseed = 21323e9f7265f8c73087229c4d607bc67fb6cee24e1e56db6170de973f9440a0
+AdditionalInput = 957384d2e2501d2af4ed3c50a55b0cdee08be1d85f04e33fd6198edb216193f2
+AdditionalInput = 7297acd35cd4acca23ed027b95e261cd1a73d5d5a4e56f8d2e704ab83ba5e8ce
+ReturnedBits = b310e411a5d0e457518a96941805a1959e88a15fcc09f5c0e43895b54083abc30adf730a10fcbc3c14450c0d6de50cc08e94ee3df36753aabaff564cbfd26fc1470b53cbaa3f31a45d269e2485863ae8cd978ec3c033fabb02ed9996e90a9a2854ed5127f2b2281ae6038453922cd03b9a186bb10019cb012520d12db72f72f70e44808068e3083126e2d2215f301e1a0083fdb416621043786243e07174c7d0aa5417d92b48f113315d5564b6f4375824dab1b7931110f0f7b52a75cd11bb98402d8d3ebd9c337f725d90fac4d8962ed18627204a1b08cb2d7ac53926e1db6138603666bc143c351166d5ba48c0757d980dd5d254dd24b7670e4562ff76af27
+
+COUNT = 5
+EntropyInput = 9d56678235c0d2a609bfebfa1b1209672d42cb792b9d4fd4dc1292af6cfc3105
+Nonce = 3c9c1d182c31b5cb5b4c55657b50ae3a
+PersonalizationString = 5784dc35d43d6c9e6c181b0c51042dad73cef82453f3e92bc50158d130274601
+EntropyInputReseed = bccac8ff5b17d588fcedce6b892ef8dc9ace523d11089af99a4006532f2a98cc
+AdditionalInputReseed = 40ed1c59ba3118fc28ab6fc2af4dfe3b30f716ce184f50bfbcf73817161d8f07
+AdditionalInput = 4f96724fe14dfdd475aa8079364360871108a34abf2e4ea4025a6e1fbe752510
+AdditionalInput = e18d86308d601c83f15dd6fcbb93f0b14ab8a1ab2d1bddcbb44f6d28bcae4e5d
+ReturnedBits = a74d19cb67348e6676629316b800bd799ad20a70f0ef7758c921048f239c651e6991b9722642a7ca08493913954fa7b698640a86ac125f1a2105f6ab00a218d72b1a6ca60fd28e3d083bf4bf64c42058c906d0a010f3366921f4e26a1ea3308ed555795ebf60e8e131f84d46a4c802769f8f0cc2a7d9588112aebd583de2cf6a6321828541e6fa806c8d9a6db9e51e38a7aa1271154615e0e42ac34484e3e00a6b96683da5f54796090e7169eacc2e74178651017eb77eaa233d5c280b59fa6aea2419f1ab9d97f19636d6077bf4937d9651d1132c2112b14a68d3e9d366a04638a7aaacd32cf31aaf5d17edda9f3cd46060599269977d13d60171be0033c1a4
+
+COUNT = 6
+EntropyInput = d62b907e32df9221212d70f4f735a18e2255bff0640be43555e9036d5592f70a
+Nonce = f68ebda4742e500468c231299b1d40b1
+PersonalizationString = b8c56fa1e2948585b93180572fef4626c350e209d95fb59c7b9f1860657a2ccf
+EntropyInputReseed = 0e13c11a181eda94a49f2c17c92a1b23b47536bafed2218e2b3caf9d6ab41419
+AdditionalInputReseed = b952de59000375b4dba9f455a641b83f1db977301a089bdc0128946a5443912d
+AdditionalInput = 36f14008a40509576ce7dd6eec39c42050aede77252c1f844a229ab331cd23f9
+AdditionalInput = 8cbbe5135e47c8a84d3308ba390962b97d940a1eb369ba826ce2a976602988cb
+ReturnedBits = c305835fddc34b1eb7b34fce6b6d038cc98cd1afde36c3f077bf0b5811c03f379fbafc61c322c276da17f84ea22d838ee81f0cdc67a7ce661249c814df6c8539ec3f2484f96db76726c5fa92c11df104a359ec285421e617d7779a75b071464f6e485c417a07f2238e4c82cb95481c01146662bacc1c1d114718e95c08d1a4fff366eadd29c0f253087edc810bd7443563dee520120f6b37728e0dbcb31118cab7678954b7939eceb2a640bf5e46cfee45683daa916aac3f2c1df1042df7b276ac9ab9178da17f8f926a139439356a717f6523b0106f6759823e8d0c81f73cc88afef310d61b4b354dd417fe3e10bb53c821177705b76e001e40ab7c895a6fd4
+
+COUNT = 7
+EntropyInput = c080557db018d5fb4589975cb2dedde19a070393cc291fef224e1599b07e1ca4
+Nonce = e3a2362c0b9a05b457a48b1983ad2e1a
+PersonalizationString = 0780805cd1acb58ce199c76fd66bfa5496ec257a0cc7555589b8a0731a1e21a7
+EntropyInputReseed = cc89879f5b345e865ff415e9c5b29455230b4652544a0df58ddbc3dc46e348b4
+AdditionalInputReseed = c8fedd87aa61716694334fd513b7ad9291666e95841f4d62ff491d5ac2b030df
+AdditionalInput = 34a3b0d935886b7e9275f202ccc5590d20cfde2d0e6309c41630273414a6b3ec
+AdditionalInput = 874306fb7787c7a8ea12eada0c6559cf2971209d4dbcf6cba42f95404b54e3e1
+ReturnedBits = 30682a9f8570ca91c25896f5f8904407774abac708571e3bf4cc7b5c1a43285ef795ea099095eba79892ba3fffe3f2b7dc7600abad7e16774a9f2c0c730fc96f4c8180da13031d9c2ff8faf2b95ab82c5f515fc5bdcb84538d164e7225ac6b177e5edb4e8c956baa0e5bf54e76292d7e98fe2e34cc78de83f3f5ba71fea7b313b3f812ede6c888d464b896a714264425cea8944422206bbfc3f488f53095fe41976c1a69965cb8552ab38f8cfbad9c3d778436e0010f9a150f56470387fed34bde5f6adc78699d7922438b79d16d5b319499444cc0f7ad579e8e07998acdaaed043958d4da0e6a9949cdc5a7af0035b14510a091f8583bebee9700fd4312cd2f
+
+COUNT = 8
+EntropyInput = be766e2b2ec3d4edad27a5cd7442a3a5fb96b533067f37e11cb9e3ad7273362a
+Nonce = 4fa36cd236494589885f2aecd0329f26
+PersonalizationString = cc4d4f2a296c659e2c7b715cc6d86ac5407b52d06a8994cf5634d3f58d6bd1c3
+EntropyInputReseed = 8027a6cd744cc6170e854199b0f5a4a223a0dae8ad11123eda03a8d5cd458698
+AdditionalInputReseed = ffaed9904a19184860a1f763842152b34943a0c28e30709d7016b87a23ad1fe4
+AdditionalInput = 5394f70733de42f0b91556ea5a772f160eaac67f58762227512be364bd5b575c
+AdditionalInput = 8e3ec6c2c0297930514d9c65728458abb4578ec551af6a92e416072685647cd6
+ReturnedBits = b9a4098e4cafd5fe6515389705304ad7d2b8f18fc1baa4713eea89e322e687756657f18944b06ff433b2f9fd5ff831d7dba20a97f39c1cee849049bc3bde1402d68026540d7aabb4bcb772a1842913d66e77bc2c0968d0e6f50bbd2a21835e163b8569fdc684fd8091d9dada3b138bb067b7ffe9f6ae0f371192bd6e6aeb230cc4cf37321265bdd405226bfec310832e6957ed69c928b923e5943834f39f2c291f8243be582fcd3cd052bbfe00dd2a045f6c1dbfaa06b10fe435255441604587eb3c1b05c94c19a2716293fbd2169d1f3d5001c26f834db48cbbf6b53a9f34ebca5b3d3fb2fa981ec4f28d1131831cf839cc0abf4234c8ef811acd3dc5abaee8
+
+COUNT = 9
+EntropyInput = dab50134d86975b4996dcaccef9f12bc7efbb0b814ac603a98b154456314384b
+Nonce = 2e46f043c7b27b388f597613435a7ecf
+PersonalizationString = efb9aae41310049ea1048e4a6032cc8fa009287cd93d30d3a73f51ba52ac154b
+EntropyInputReseed = 04cba3a941dfb34282abae26bc9ed840934187afd1e058e8022c62a2a7880793
+AdditionalInputReseed = 63c37a839f24f39ea00b3f4c3a7c78399782448e44f28f51119cfbf68b74f65b
+AdditionalInput = bc594344157c1d1a4d4c065bd81347551ad7ba5df9449e86a2b773752c05867e
+AdditionalInput = c33293a302b9e806f57df8d2985f2459ff752ac3c15adb4d09c51ee848041a5b
+ReturnedBits = 92c5df73b793aee7ee8a2c24fbacd817bbc6374f9b87e64e47298a2f0871d39dc32a1ee9c02ebb14d5db6673d8a71c9fd3ae773c86b068aad646cfbfb5aef3168f5f225136ceeac797399b5d6caf34ee3e340b768528568bdbb30a8139ad6dc017103140f06367958fcebed1c4da06ac0b10ab06acf815982468fde26ac095ef49c2fe01481908b22b3ff21c4aa30d17bf07fb9b0c6a454cdfe54c1d039075c391f45ee5cd7d0a2a9ae31d7af3ff1f4c67d6ff60a004110b5717f5269c98b86b3b19d1fd6827c9f70826bec0b68af4075a392886fc97a0162be54a1c749afbd8330a22622715afd2567f67bdd7c94c3f6d38d7d14be6d2ed8aade524ae0b735d
+
+COUNT = 10
+EntropyInput = 64acd92f1c27a949ede841613a46de138dc572d43dfad13804690f29308378c0
+Nonce = 2a46c7a35ac92601b855bc144826d6c2
+PersonalizationString = edb7478a41c2126b3ff93faa0aa8e977f834a8e405dbd937a886779b0461e242
+EntropyInputReseed = f7acbcc3e261354a5db11bf77c4286ceba0c7513cb45da15274dee699a2e3578
+AdditionalInputReseed = d92c6677b88209e553af1c8df9958fa40029f71fe809599493c443cbeb3cf575
+AdditionalInput = 6cdbc488a090823756e179a090fb2a510959052cd2a0e053f36b987d91030537
+AdditionalInput = 8dad20a31492eb41df44d1d255590cdf173f0b1f87883eaba3c0a0a6f9449dfb
+ReturnedBits = 0e47285df2b8a1d83a12c858b8c68aa29bb977efcb428f952f298686b77be91d5b5b0c5a136e16a8e192a218fb3b911022d9eb660e3a4deacdc95393bcd605b0e4ebc5e6dce072b534352a99cd6a0ad5303f5ef525e558b215e389f4014cbffe4b3eaf55366f51afb04575a3ad02b8007171d0d0f37d280edf78e25176854de67e6c54a260ede0200f6ba436d1c052e13600ea307156cbd093dbcb6c3ef137d209a134b1d58e4d48ff0bb92d2059d9414c3e31526f7c69606b5f7da7dc15b354afb0ee8916b25f90e163c7b62842d9ae5ed2b43cc919cee9bc68cbe0f26ce1694688ae319910dc7485af2af8a5b3b39745093de3e8c8da03359612d1d3fdea43
+
+COUNT = 11
+EntropyInput = 4c492f75593e1362016a4f66ed5a62ad78ac679ee0f764f1c7f07ef42618f48d
+Nonce = ae9870fa007a80afd49ea7cd68e8892c
+PersonalizationString = fb9dd496b472d0d696978f5d0ba97ea00a00c3ea7e4353ed2cebef8524e2929a
+EntropyInputReseed = 77257e9f6e925f45070f1f5c84397d535b2ea7c9d37694b9f10d834ac3cfa9e8
+AdditionalInputReseed = aa8b76e033e64cc0b29e1b3eab5e2070a14bea66f92d45da1fedfe291b03ee1b
+AdditionalInput = 9aacfc636f366a00aa44ecad93f124a5ac10fafe27537e09e4fa5545d5903e7a
+AdditionalInput = 9130cdbe5201611a195944a00d3110d6b42c79e605b794815b58f5d1ce01faf5
+ReturnedBits = 79f34401c395a2e325a348ff14c7c8c927b907ca1f584a886c2d29b1e8f8a0034641ba29e2c9c3976cb9a33feed7f6c0838bab66bd6eb211e97d5118fd5b63235274bcfc9e2162f28785c92a933b1f91e277e441331fae1a661fe5ca31d3f09562f763d336850ba3edacb61836337c6e19a7c43dbaf386738b4641ccc6dde3369d00548ec2a7416e4a7ec1758c75634e989975d620c848896cc754673716595af04fd681a4582e9c5d94719b4de2d66269c4da4c2ed6791a08b87478dd8a81afee35e6f4fee854c69ccb4bd1c528b6ce27006dd45c1f0e1877f83fa61dca2d68aa5d60ea05ddcb14e230329c8d41599b71fed02273ba9bcfe9ce26d66dc628c7
+
+COUNT = 12
+EntropyInput = 3385a512a8b9cc5ac7006117401375c4a31ffc4c5f7ec3d56ed6a4df8bd03bdb
+Nonce = 352f8dd1356e0f011e53714895d7d058
+PersonalizationString = 47c5369ae18cd8934344254d740223db100ae3bdf4a226fdd0acd3ad63fec91b
+EntropyInputReseed = 6c5a42f7a5dece2afb76fb3804a726acff5fa8b04bb5ed3b850c390e1ce564e4
+AdditionalInputReseed = 52a34fbc8b1fc4a845c093af7d3d9489bb8c8164b451f94802a8e7dfd67f094b
+AdditionalInput = b1f584ee40c33c654ef5fb5b04c953c8c99a1f97109f6b40faf103e11ca6f6d1
+AdditionalInput = be1316013490e3508fb77389afdbda7b5d1152f74e19edd2f3b39b927da06abd
+ReturnedBits = a44772eb47a785314eaad2b93788995ac7dea2cc70663d092eaa33442e9db0c2f8b5809621d4be2ef4f50d239314017451901f8ce5262cea545844d6bceda0c4536365cddf6012697b5d5771480d21573acc1ea7d0fe305980f1891226f389503cefe0cdbb9be8bdeb046849e5795654b9ba454af65c5b342048eb6f55a5a8bf1515fc3f4c5036bb525f92bf7d2a3ca04a763f29ecff53708b1719417e868c7835c1c89e91982ec2bc4abce314ff0e80012c667b6f8e064530576aa47332994a5cb647ce9349424787a03c240ae52cbfa31dfe740d9f090e998423dfd1903bb1ebc7b0a26624f5cf116ab1316550df4e751bf3af0a529a8f4b3cebc29d692184
+
+COUNT = 13
+EntropyInput = aa306eb3b5d299fb70ec56c2aaaa10ed501b39d8491d9a5017e7282ba2d250de
+Nonce = 83d3373b1d193e0dce8fb756791c888b
+PersonalizationString = e163606f6328e296eb17e8914242614160c9538db0a5f514f01fdf6081349d30
+EntropyInputReseed = 39b14c8a53704c96c5fa806775c3defaa757f7c731ef0becfb1b9273d95611bd
+AdditionalInputReseed = d50800c786cc6b81bcb4c22d379b1b60be599d53a4b7cc4ff55208b92212471d
+AdditionalInput = 10048f81e8eb0d309081bc6a908f057f509f11181364e88eb8cc12e0ab1109e5
+AdditionalInput = 0b2bf8ea2e0fba3437954ec437840151ee8071ccc6a5ab4b11213cb27b89e4da
+ReturnedBits = f051ff9b21a3351107b642257448528bdf054a7bc0503c7564ebf3b237c7e4b7407be66f80a88ee79bd1c003ef03c555c5ea4044c71f6b2eeb8a0b0c361ccd251df0f47876d09c4aa1a128ab0c607f5ff653694b705e31c3b8eef3881201f6754f1161f91c814e7c1b7ef617e804cb05a8aeab3e3515d5a975421fb62690c330ab57723935ef022e82e52e2973ec9046850de20b5a9ebfc6386ad5679ece3f0c568c68675b4b968a3c4e57446bb41503abf2954e55bde56b4945a14f3e04894a30bbfd578c0cb5f1a1deb848971dabff490bb7c02925cc1d73ca182dadf3ef721acae156e869bf791b5cb459e5530a2394e3d3d10e5be1ae59c6384d6030a7cf
+
+COUNT = 14
+EntropyInput = f4e641f94683cd8d86a9dd5933cf8eadcbc6ec8c713cb7a729c2f7dcbc626d53
+Nonce = 5e690a98a55188dfe781b50d82229134
+PersonalizationString = 3675965c6ba1c6c466fc76a8430c9cf307329493648a641ab7d8cb20214ec170
+EntropyInputReseed = 55e8d7cd89f492b6303670310fcf9c2007cf2097e5984cead33bb88e35938b71
+AdditionalInputReseed = 1f1d4d671a5da84b31ba5b8a8e26cbb26ca62eedef763dd0687c37e656b286bb
+AdditionalInput = 555efcf90944b3f09021939c648ba2bd7c1eb3056a85fe94045e181e7d88a044
+AdditionalInput = 4391c07685a2e6b0c5122868262efeca48c0e86495e8748fc18aaa42ffcb2dbd
+ReturnedBits = 88dee3e8458f78fe13a49966dcba5b3db44dbd4b07fe8e16fc079c51761fe435a78485611a71f6f37cc33e645e47dde378b3dc33f5ef577c26e62cefea218fdc2ba83990ad2ba1b878df5955fc779cc739670653f695d81a070522e291727695e8b2f7747fe37c451b1352c06ee277e29d24c6fa81952f99e1eeea371849fc4d0b24f7389e16718526fc23b05b90da2c821997dc535584f3c560aa1a7e18280b85b42bb0c9fcd3974880f29feca76a10b6aeedf745c1374f2e34a9830e52ee518fe662b7175018212496377113c14664ff5958644eebc7093e2f6af8fc67497f49162f641281efb21b949cd33fdd82797f073601ec17f181389006a22fa10b77
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 2915c04e0de52c7d4a3223df4581ec070b7b4494cad3a8928981d74ccd78623c
+Nonce = 9cba4cf2434d0f4d903668e28b674922
+PersonalizationString = 
+EntropyInputReseed = 1b248e3421d9417eb9d4d010b6d12b64bb3b0f1cacb7f7ea3b33512ef670feb5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 508f16039546fd38aad1aa5d2908d0cec11420e0c98fac0c0ceeb092608e034d71668b18cfe4ee49971d8efff39018b653918c431e22287f222e1397c460471520e07473963bc5085ad8e6ae1fd22ad978cf0e6888fd854246b5a36467087c1efd49bac8660ca12a8951c639f4ee97274e1097e21e3785d028d332516afd02a7737df6f9558b3116b09f150d6ce30941eb4809476fb536e22a4099b55c407f4dee8a6bf32bb71bda74f654a78131dd86d1a2ae0b0d8fb3c145bd2924e5730335742d89f2e9d1961700f57406c709635a7020f6f1be08b85b09a53c0529253f690563902dd6f6af244c9f1c5d8cd95c49636d2ae250ea443af13985e378f25195
+
+COUNT = 1
+EntropyInput = aa20e9a152f429f12b13659912d948a9418f0a295d9e68c8edc75cf9ebb3a3e4
+Nonce = e43028b10812393d327c8017d1b03984
+PersonalizationString = 
+EntropyInputReseed = f1a0310d7c252a041ac095103a8e8400ee6e604c850544efff772e037350c5e2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = eeeb4da92c08373e0d0c8b497f14039a395f8f883da1e09c100867082ccde911008720acaf71ec4f6309c5811afd2b807eb9fa0b019f08963902392d2b2e3cd9b69c35a351d26fd2375aac3257e588e47aa583505491cddbacbb605070acd2762d2ad16ce19b220d36392640643a1d4aba8a674ba33e06b5ef268f6638e8c39df95ac8e82409d7159d5430189fea762d4cfc48be8fb0f47944d390759dbd2cc3ef85f25178fc4f819127cc073cd6d01b6add8673bcf804233f847cf4204343be6463922e9ad48b1b4063ff0df6d350070eca409929b1857354d149b011bcd0817bce676d12c1f61a92d3f4f68ea4956ed55a9cbc5070f7f75ea062e8e8bcc477
+
+COUNT = 2
+EntropyInput = 147da4b8f082c48df3d65f506a4ec3176d45ca1c4a98264d2eff237d3077550f
+Nonce = be027a0203e1df108597e405d25e215b
+PersonalizationString = 
+EntropyInputReseed = 03f49d655aa1da9261509f91ed2d464757b11dc90347659a94403ce3a0499305
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 46787fe78cd8fe5cd75b8239955432ce2a574ebf8e4946fe169b7f624851e00946f89acefbb0ddef372637f823ff80866293e9b2f9430fead6807157fc15fd5d4128623a3ef9a01f2445bb7e5738718f2842e6770291970b50d93813ed07e040d573fc681ba1b2f832481f97da4b937918433a7661d291b47417dc536d32e85475d4b9eb5772f6f018463decc43e4b3c455d0b17ebb6afcc6a6d2642b7323b100e5807555fff24b576fc257600d026dacd9b04299d4f2e33323f465f1746572f7e9409da9a986ec576e4b2c3ddd28f37ef4c1e7b3581408b5b2206c81f8d039ef39efff23050eb86eb4297fbab73a46d7f28e72cbc754f84bf5d5ed6f1bb7764
+
+COUNT = 3
+EntropyInput = 5cf591ca8b376252f09e59391107f41de9d12395b561d5914aa4d69129476e9f
+Nonce = 2e42f7346a48e92ca61e18e9c20fe534
+PersonalizationString = 
+EntropyInputReseed = 8b879fd02ccd791c68998f3a6f0d0587896a182440a892a874a7ee78ccda885b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7f038c6e36a0e1a4359cea912a5e7b739832720528671a4e3e556902dddc4976f38fbffb4c01353eb1a02dfd2ffe496f999eeed1c6e17ae55b37d37633ebe0f7012749a4ba5be6a703062ff91adec5959239478d1f01ea5b53340ae2b0ecf644019bfc5757c8f28590360089f93c66224dacda7923db0c51340b0c3fee2ec40deaa64cb9bae252356b20a77b3afb70468a231be19d4ebd6f5b63a56ac097060b2f95b2f9473b7123e0d00373f5d708ea9a97e36b20a3836f77a790dd9e388bc1078b2eadd5d66ad58fe856d37c4587dcf28d4f765b08467536a51e6f2aa9a6b5737734436b5cc0c5a64c26db1c21ac3829341d316904d52bf81a4ae890e6c7f6
+
+COUNT = 4
+EntropyInput = 99ed4ee0671d9ea2aaaaeb6b80910b058132804139cac9e0c9e1152ac2128514
+Nonce = 805e6a27ad849610f832365c243af78e
+PersonalizationString = 
+EntropyInputReseed = 99e064b76a604bbb609523ceb0085902a6d0d74cc4364c9649f73d7bc94ac4f6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2dd59dca1c2b3654d810261fc01f3a0a9ebb20d4cfac664806665e128245fb94be9379adb0d96f03a7a5e2a1d47f17c43186a4e6d0587a9a20ad96fe26769a470a6edfa7f489627d020eb5b657b9b82fd935344c612295d9b732789829867e46429a3f5f058a9c7125a13d0633087fc714990a2a21345c70dfe990b7ac29956d5c89b3c08730725dedd04929be477fe62e66d52ab056c500be1d10da01a1cd5096f4069760e5f3ff83695e6b91eae226d57586eb104b5f837a8014ddecc5e618dfcc97e35e40a541efe8b80c4f38c6157d77974327c4c029663a1bda4169cf4d051f3a2c82d84a38f3a2a283c082f65e1f689cad4ce30699c217f1b8d1d614a4
+
+COUNT = 5
+EntropyInput = 1c8400bd67893185c1fe0d77ff0d467e3b8f92ab022066c77e493a76ba08722f
+Nonce = 69b651540599e3c319ba302123f270ff
+PersonalizationString = 
+EntropyInputReseed = d25b161f8112555c82fb7caf97604ced6b273767dcecbe7ec16ceb33bddc9fb8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 88c83ccaff5b95d8876ef8c11b9196993451cfc704448f8be7bf0c5496804abccf350c0d6432e5078f4eb879a6e31a735d93b6e5cd523cd48125c633e5cb307b3a2c35091a141e0cc658a1becbe0edf453eac7b6d033eab5de03a3e1bf9e4f5c3ac8c65c4f08f9814a450cbb2b49a7fb52f7f06f0672b8d7399e78c4e5f9cc729c277442ac842bfb541e006e26554778572e00bfc820cd1450fe9064b89dfb08a0360d290364ddbc5a713158caee524058c1d55ab6788b3c7387b3081b13e1d16651ab9d77be6217ac3e0e2fad370df755f5640ab9c584d7274056e8bd5560507b6d7d7c9983102a6cedecd03f4ed8ccff41904302a78bb1c000559d622a90c9
+
+COUNT = 6
+EntropyInput = 22d8485191f1777193b98bd73305862a0b862b14ca56f81be17261ac3469ff15
+Nonce = 42adc9a11c2aa84d4eccc0a653be3895
+PersonalizationString = 
+EntropyInputReseed = b7d5f7bc51f8c57003a5092178118f7ca84ed53c9d0a156c6aaac0dbc8a081a4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 63f47b5e9ed1a9fa7c50348d07eb938cbae11705fa8ef45d51c73b3124b5fcb10655d8f1094d7a2f045a22ebcf562cdeede0de38121cb87e2b6a948612b8f83a79adabba64f93396036d6500fe06437e0abc388fb937d0b3972d903050f451c70fa1c284af16bbd3a83728160ef7c354b8ca8b099e10cde4df46eded748213e197e14eb9b58d0b1ac5388befd964abf22f6d810ed66fda716d7dbcef9f489021d65ff54f345446dbe476f73847329d5de43d4d6f266e0a6c8c7431277d506d04f1a0faf964beac87c464096640a7bf491b477ae5eda850abc28f8870b3e87c5c62a4a77bed26905b9a6b2d0384f8c0f2fe5dfb9483d19ad4c2b83267562d682d
+
+COUNT = 7
+EntropyInput = f83cc4bd9be34091c18ae7bfc1020889742d45cb7b8de8b539361d3dd5cc6a05
+Nonce = ba30232f535ad754ca5901a8efdd11cd
+PersonalizationString = 
+EntropyInputReseed = 0abd672952edf4dcd36c5aacdb83eb681750b0354096756506a88f40132c52eb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2d21f674874828f5a153ace3d555f62964051d326b64ab7457ed96219ca015e0cf60e9747a615373ec883a00978a11088ac146a34390e39795596a0a6dd6674a761f39dd01b607d77a87a37d1d958c2ed8870aad719e1f3856bd8b453ab663a37cd8231848abeb9dfb05381f4de83c2eb4724a41b814456568c2b8d10e82ca196b75b1a0b3ca4a71081c235e25000ad1b3ff4bd658bb55de5053aae2bb277b850a27c854b5e3a3916d7c97b4beace2bee8c9607eace87d20b3d0223a2ad09854f749557913cf392b18bea73b41c8165c695b02d4008ca88b7797839154c378229c42d413c871e4138dda604fc6d064ffe59597c4b50c8036b44022b5302a14b0
+
+COUNT = 8
+EntropyInput = c3cb1d0956678a55a269f9b432be77dc36ab9773cd8faa0deb46ba6c7f9afb6b
+Nonce = f42e25a9b84815dc7551898e12eadf71
+PersonalizationString = 
+EntropyInputReseed = 0d58a8a9beb07569a98bca5165735d2fc5067a0532a788c9eab3e6e851e7ff9e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 324a429b4ae4238f541ecc6b148fd2a00e8be4d9b35b030c08d0b5eace2c0af8433b47df1ab4c0c83067ad50499ac72ce59c837c8a9cdc8f87b7d1aef099607a3682fb99171cc191b31296c60aac138d0f365676a0f5c4d9f1095bedf9c009d67d7dee5f70c97d48c4e37122f203607f6efa8fa0293099d55d1d9d14081e2b78fa5b0e6ef3cd3648f3582f7fd330beae068a3320048155f505bf95176a2d0dca5579269e38f597a55cb54d83372623c087e4b02874afe8211141201aea1f914d66daa06c972985e096750e8a50651caae5030ec72009d75327fd0dc717546555e4f01e3529e93995e1ae9a2aa7742dbc89a4266aada5dff289c3566fe39fd4a5
+
+COUNT = 9
+EntropyInput = babf3a219eca8b5aeb7ca039fadcc905c26fcff5b3aeb88f5894d22dbe10f344
+Nonce = e223685ac3dd91a761f33960477dd540
+PersonalizationString = 
+EntropyInputReseed = e07e4b6fe7e2c8ca476616ac333e1d5e208ba2613a53dad7d77d2b27ab40743a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f84d73f85d0f98c2c1116842658e7da733de62f745912dabcfcb0a8a2dc714c4dd7be208ac6aeb7b785925b9efb1e7d39bd99992423239ec908d56277cf0d8954f8d7138b75b0948fc40f877deaf80e62b4176b1139b71c948b0e0e40da6d55b9628f7865a56ad1969f8a83e9ae785d79a9692540b163e145f17a87c4d2be58f67256b323a25d4a05168a412dbb48ccad17e3ea32869c0d7f21ae32c562dff0c4219f2e5f437f36a67bdb600f38025bcbe9d8bd4a83f36ec64f0330869b965d45623a31b173d9449561e0d5e86c61d7381763cedcb858cf8ce1b94f91a1001e9760b863da675bc76a185997ec55115b0171397ee4880a990a96e09850295ffb4
+
+COUNT = 10
+EntropyInput = 9f7912d777ce01255a10177c2b133b5b756ed38b0323f5298b3532fdd29d2972
+Nonce = 285006a477302385c9d0e72641ec0049
+PersonalizationString = 
+EntropyInputReseed = a751165d89829340ab93df377e19682f79792171d6c0cc0f27c5901f32d535bb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bfa762e1f47a6f5394f0e11b3f92c458e6aec3147675f67b6ea425fdc05b49179365d3e5fcdcdf6b4e80f0f8cc259935c8dc28a7302c78d5672e538a49c66575f7372494d9fb901f3b822ef8f97f69bcf88742a7c7d200bc406bd15539b70eee9487b65adbada97168df01786995c761a2f58d69ce178eb08ae22299af5efc69782053c8fbccac316024e27d4928b999a5c9b5f07b2147eb67527fe7c34d1c01a2ec25dd5508268a5888f683c18d2a28f2e7f28bad4c47373a593a85561846caa45f1bef947d4beffd7c9902cd6e4b398c9aab5cb307d7e593b6759e0e97ccafb7f5126501868171481a92206c9013f18c97ee5f1e33e4dbc9702d5773622f0b
+
+COUNT = 11
+EntropyInput = 5f0556f1ebc5802dd01ec86f35b32c4dc94c3d4d83833a20bd5a089df492f251
+Nonce = 19eb53fa268520b80700ba5090fd2a7b
+PersonalizationString = 
+EntropyInputReseed = 8abb07abd10ed0491135f8c99e298b47a1c9d7a2c347f22d50778df59e84c0b8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b286e4261fd7f68ec19bd6abb859d55534ef0d46eff3a1a0c44d538ef0d5601e7f2f437f05fc841bd1466cd84752983cc81cca493f4a6db3a1e888a829ba9f495569f0d9c9937caac383ec1db5a872979dc2d48e2caf5c09116a36d1208d0f22f7186791f3c6309ef86ee5a32faf25cd3609dad7e14a572e38b57af56cf7d7c2418b408fc7d4860ba2ccd39d67b9a36ec82eddc6575298be35a70bdde50520fadaf0d213591178ca6d3b9c3a22a0a616ef3f2aa4a99ba920c5dc851c0290e686b5fea66bb1c212fd8e6dd9628d56f3155b25f454df9c6779aa511da2c45d5f96a4646292072833e87b4b62a43359321d00cabf8b5566b65debf48ebb6735a408
+
+COUNT = 12
+EntropyInput = d33e7912d0226f284437f4d5b1d3f604e448a1518231a627e155c87e823db695
+Nonce = 6ca6f23431d59cf82d3735a3431950ca
+PersonalizationString = 
+EntropyInputReseed = d5dfc35c1583599cde4895578b35debd6eb0d1bd89724689f935702872a46e1a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1fa926fc0d0a0efc60a1605ed047c998384a7a69a5ca21ce6e89855f353d0efa1c872b19d07675e10c9836197e73561d6aeace0e7da0cc2ad740c876d7ee81f9a2351d866cdfc7c81cac40b5dc27360cc04dbfc65d1f85e67e96d1e2c13d34f05635b2d0f8a213f1c927782f164a4e52955f0b4463c23c0d94161dbd293f9dce927443cad8a0e8e7b93348d257736d9b1a921c4ab6ebcdb1834d7c85fbeb8b5f7acd8520f78ec05c7fb10e1788f12a5ac7e1d8c726359be1038c91eb117b4047c33cf449569e7abe1d3b317d4177b6dbc91ba7e252863d5ebd801460a16aa997b41ca8036aaa8c40a9d9ce84bcf52884100b2726bacdaa33a1647313a9bd55e3
+
+COUNT = 13
+EntropyInput = 0b88c0f8ca652c7ef3cba55e1e0ec020512447dd59f7d3d5686ead84dcb134d4
+Nonce = 078023cf94084bc804f98b02432455b8
+PersonalizationString = 
+EntropyInputReseed = 0a16e8cfcc0bc99a09b5fa04c3067cf90b6ecb510aef2de3912d10e56bd4ccfb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4721a85c7860dd0c1724dc179e629233bfa3855e59fe2db1d96efeebc0bf586a8cc93055e12b76e3d2f35ececa774692d3bce9f12450b0de355344cf7a6a073772d9b27dc0959452b5204075aeb234490af8f02c3e5258e27e107df01334fb8c4990edb6bcd356b0216565cc200dcfda26b4e696a49cb0510aaf2dbfec4ac10c9aa08eea11bc2daf77fcafd2f99e9d4b12cb69b965c58906d6967dc4d29aab6502fa7a9d57be69e655b3dcbcc9bda5c1d86e4b703afd87408bc9c64e65d8ad02215125d61d0b2567cca304a8feef71c3f90e89fa89700ce23952539ce7307b3220ec07a63644f92f3fe66eba1c9dce272ff90ca6047a2224ae3a46452a773d21
+
+COUNT = 14
+EntropyInput = 5ecaf5980c3d9b135450ef40d8cdd20885cdfe1471e47cda7de3dcfde280b12d
+Nonce = 8d894a3a92b28aa7356cd4f88ef9256f
+PersonalizationString = 
+EntropyInputReseed = 556127694e83df568c8c964ee5276a50954421ac18ac5408ce2f16fbb85d7edb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8bfdb9f58d2b55606464e7cc5373575cf99a402ee18f74bb022bd19bfc219106a775728e2219795b906d09dbd7b31f4e5a52fdf020fbcfb99782c652dd71004e7535ab375d79bedbcc9034ed3fbae5953f76816db8ee2a6b9dfdfacf8fea9fdfd614c825bb1d04782ac376cae6c667df2cabe5d07c011ddffdb9ec008397d06d3aff9a9f57c2e311824c6159b34eadbbb967f0a43745cca536d5121457483695c37d4b43644eacd7c689ea555156a2e42d86b92077e5ef5270d7dfee1b82c34707f6734065972f425e182a1f1fab0036fd1f5cb5e6b8f08f72271dcc745d8eb1dce770b2fa20f3d0d69357dcaa5b68d5630b8aee37fb130075d089b120f128e4
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = b34b8b0cd22229235b4730b721f221add3d5700f42aa62c034a41422b574e1ec
+Nonce = 487fe0819c877fbd0463b7b6c577fb47
+PersonalizationString = 
+EntropyInputReseed = b8f2140a0185bf2a8990c6553012ecd86256073d5568fba55b23a221c0f4a89d
+AdditionalInputReseed = 2e719ce4af8b46148d058e8ff906c557a92d0723b88921a548a9378b9205af04
+AdditionalInput = 98948b72d5507575bc4f5bf33dbb481026c0f637cf40e5a8eec2055576d5fbba
+AdditionalInput = 2f45e58d9ca5277cf45d863e74ad77e4da913999687ddfe0da7e5b7b8cdf5171
+ReturnedBits = 1cef882900ff614a30458be5be5afdb0a778a7ad1ecc143a13cd70340d0ab655a67d432c28f58d90818e5d22313b9504cd9fcb2a594edde78c19d4d3ec802e5003005f366d74921c239ec1405a5da385ae5f130cef141760d4d32154af05667ff2fea79e49878b0f4d615e7ecbb390ab6efc93d279b91034bc359bf8b26d381fbd45177845ba7f2598eee181796fe574a0374091bf33b59b16b13f6a8729f6a30cbae410ae9ca197827829b79534791ff38d81644f78ea1606febeb077cf4a66677ea5ee864d36b36a8b90ed3a34e212dd773934f417c4affecae86e1916fc057d5689578d10e8ee782d856c8c888d516fc231906070399adbcbc49521cc3d09
+
+COUNT = 1
+EntropyInput = 5ef09b694696b3dd537371134cb037676b8ec73e4932fced874badccdf14cc1e
+Nonce = 22b1ddb0c3fb709120a7db91052ab7ba
+PersonalizationString = 
+EntropyInputReseed = 827d0633aa3c4581cbb33c15c8b0baba6546553f69006845298a5cd88bf9c84e
+AdditionalInputReseed = 80a35db464e75a44d7160edaa75ba4edab7224701a08649352fedb8d05a4bfad
+AdditionalInput = cce8b79d910dbe48da6af3d773ce83e77354ee9e75019d3b31f2efbbf46a1599
+AdditionalInput = 4e72e944232829c21b14fd866646d8b0bed2b7727f988be6c25932911a083b7e
+ReturnedBits = bace0f86888874685dc590cdd7206f501b43cb2dfae72eb60dc5e1b19be165cc91719d62adc0ade55721b28a6676a9d70db02fb61eaf9d29b6617f02deb4f12a11b13ae9215d6c271a8e53950b2bccd71e9c193f07106fc58bad2cabec2c8c971671228f50884fabe7309eb85ce0f5f684d9f2dbde6916fe5cb333a3917915a1ad17919eafef0d80dbf076370956798a485a6c865bb584d9a0f864f8e2f16b25ff03050d4f9a8f8d7933dbd5020e9102e7fb0c90383e635aaf4c828be33c8c98dae7766cc5335dbaaed4338caff221e2089a1b9e1938c9cc6f93b4d3c1f57e5df596628d034ef8739a8ec9df82acc6085e4605271a023ed460f69f304e3cffef
+
+COUNT = 2
+EntropyInput = 69651f8d8b2af6a9e7cc13a3bbc6810988cc4b08378257c177b3908e5e2732a8
+Nonce = 26cd875b841c1968cc45a3580cbb29a8
+PersonalizationString = 
+EntropyInputReseed = fc1e63664bc19189a1170764a7b55d3f15cd96abc0ad348fc0dfd5612ba6e512
+AdditionalInputReseed = 9669d1b2d978eaf0d4fc414b821fbe288b578c55e435ebe7b09c07b0455a1fd0
+AdditionalInput = 7d31fd45febeb0fe501036c8c238a8256b94dbf023dc1fd39562b6e3106d8d29
+AdditionalInput = 34b5add67363a2633d677c1b1fbf6521999f34308722e6190526b5369df4b23f
+ReturnedBits = a8c8ee1302c659ebae887cfd13545027e8262c7b6080de1b92a358a7ceaae98d38d8db53a840defa34003748903b95be55376158b30ff744e23be929a0d1e53494cd838efc845d855fb7fdf79698455c07ada1d5a6855bed9ddb1669aefd88cd036d45830f808e5fb2d0db1e8709b5bab3f2f89a7ce626b61867abb5936ed91b140992496ac1a4f0aebaf616bc74d96665775f29ae2fd643e824ba1fea67e0122d904a26710ee629682eb1ac37906402e6d8042b0ee6be3986bf7a21432966fa562cc44019dbc093877570daa7d336db193fdca40a0d0b11f78b70b7887254ede5cd4d56e8682f3ced495d8e7a6ac8e1dff82df906a44e506c318fc148dab8a1
+
+COUNT = 3
+EntropyInput = 76803a1b46b4d925372f9d3421d26afe18589efcc48661345f99b27561cbdfb6
+Nonce = 37e47b3323be19205176469674de6ba0
+PersonalizationString = 
+EntropyInputReseed = 4614de887d3b31f25120f4354b73e0200ce7d3c214ba09a7e7bab5dc2ccfdd04
+AdditionalInputReseed = 7b5a454df07307be1ade4602bcd4fabe6c1449d240f29f0eb7cf1cf6ff1c6bff
+AdditionalInput = eb797f83c22f655e25bb8916e14aee80388822ca930723676624403c62ecd444
+AdditionalInput = e98d4ce2cd33749ec63f63eb5e6712f946cac2ba4b024ece56c8bb7cc3c83003
+ReturnedBits = dba368b3526c984417305a6d784d3c15deb5fbc1e89206c49a89f93191b1f721ec8e63168865c4fa86a9a3b856bc7eb54a327bf660665a89b76fb510733023ff7e85ba6fbe9d7b38158efcb5a7b3fc118533924bbe157e586064e76d2158df8f10b1ba3b51db7b9f21e210746d56a8ceae9c5c5842ee5f3e0ca8c88a840f5fc4d6233084c5170e640250eae15d9d9b90be6f588418872342d8c88d6c3fdd01e1a77fd30017f4935eea0b86975be94dfbfd099c9bdfdf5cb09c9ffbce576301412c807fcfe6f30d929a1aac587d4d12c109646a4ca1d1cd8b1c48598cfd8d8a9e290db238bb8846afcb0d075c2b2e77ec6307ca04abfe2c6310cf86bd56018073
+
+COUNT = 4
+EntropyInput = 475846c2b5c94321956a8cc33131ac5ae677b98af7ae243ee79f31c19e5ee547
+Nonce = 4853081014616287bbff231ee38fc6af
+PersonalizationString = 
+EntropyInputReseed = 447f3460cfdaf5500cbf39d8208f59d8c3f4555cc25d3362f6f47f3899838f23
+AdditionalInputReseed = d2369f31a0d629e774a10bd4c96975ca03b200c208d5e354a233747beb7c4a5b
+AdditionalInput = 51d7c305452e79de234a263677cdfba0b5b2e1d46b72ad3e1f0278ff1546ff4e
+AdditionalInput = 039b63e705f9a25a53595089905038bf888d6df9365f9f80790acb9a04799703
+ReturnedBits = d8037ff51c73eeb02a272568759ba1900276ffe6aeca314afaa0eb12b55e729e99f10c792b5570373b9674ab8e5f30e05615cf3dffb490b557d21ab52c0d0201d525e0286800528cc5a332f02971e41df55538f2fc4568889c3710ae18e7ad3902872446d884f60a23b2bf953ba2f0ae17d542399991dfd76b39b59461520dad20eea90a7d2486f49e5f7945f43c4ded04c84eac726fdc1794d1e5b593661a0814949f34fb44f80b6104775f0412a689bc363236cbb405a0294a0ee3b6e74314d804e8a84ea7256040b4c9eb9d4daf555cef76ede69b7298d5cbff7284dfd20e22f8c11cf3826c2b652e8d1b3926c86cce1b94479e6f0b6d2d2b0f4d85174b9a
+
+COUNT = 5
+EntropyInput = 930578f9b6c1b5302e37888ac5927b17bfac1c333a9da0147203f99214cf7835
+Nonce = ed63793a404053cf1be5feb589f5b0a5
+PersonalizationString = 
+EntropyInputReseed = 14d06d24d001a8ee287aee37024c560c4a7a68b4ec9217baa2170181372bad6e
+AdditionalInputReseed = 4d58c7e2ab59078a5b32cd72a89df80babb315f014dd9045a41dcfab55c27c6c
+AdditionalInput = 82e689b79d4a2cdaa07cf87f455bd842883c066a19c80240f04ba87d763ccbb5
+AdditionalInput = 5684b5abd202d04e6880577f6da30a8b5b76c730b0d146d0e342cffc4b1ebbd7
+ReturnedBits = e53b14d229d5b4ef9161724145bec8169a927e18af4031e20a852357becde323ab2cd379f425b83c4cbf6c90127dda4cb413b57d5f5337fff193e199886e50ff52ee3d3dc67df093311a91b3689041227350af5896bace2df3ea61120c30fab9d476ea19339ef14b040fec75171ba349070b7b786ef0b1f1392984a8368fd98126602db8a71acd6691cfec4939020b9f2158baad435f48dbef26235bc94d6052cafc3957c79ba7eca731101f7f85790105379d91064e905ba169c6cb4d4b58c70282dc220f7f9978bf1a8548768993ef7562e21f65ab1389b1580410d8a185ea7851756180d588518440b93d21b9d7b1ce8a6aa29b7261584ce8a9234e0bdb0e
+
+COUNT = 6
+EntropyInput = b28fb966a0c73a848d0761c668bed84f5014ac9f4deecd1a06fd69a5ba9a4b72
+Nonce = ecd7d4284f86737f3b23eab153f3a6a6
+PersonalizationString = 
+EntropyInputReseed = df885d32ffc9ac4ff9202604c5879ea65c883d7b7560fde13067f672c3bcbf84
+AdditionalInputReseed = 0262f97acc7bf05eadaae6b446420db2f64eb99ccc19b63a31f1643f45d58291
+AdditionalInput = ff96cec4ab7975eae5c92e9f9d78b4505449ebc3f5c78527c59ab01761ba044d
+AdditionalInput = 5ba9bda782aee6ece053851fe7c4ad092f16d84e6951ed252c9c2c3fb250df42
+ReturnedBits = 6fc32937d193417d90ec393d8fff9d66ab614b4ebe4491d6a0bd9d64d7aac6ab84f0d479b505c3c459e88321992fda19709d078d5d1fc4551b560ad4121d38e224b4be8acf704383054152c8b6b135cf12ba27a6e41213279642cb3f08a83ad0d4b892b95d23a76d8218b6f352679473a8676177134206617cec921b16d59bacb495eaea343cf039dbfc25ddf9c4076f77ae52199dba0a645f8f327f1b8b4f6ecf90609c6162ad752a4d859b3de2c590ae20be0573b49342ff140ef34df56463422cd76e42ab8d34daec99d2ae42e0b91ba3002e1683517f430beeeb5f1e82d63521f12f4b571e5971c3d34d6430b176495015d2647f22a823da4fc8aaa565dc
+
+COUNT = 7
+EntropyInput = b814ebfc2acdb94edaf5b6018066d99830f2e5b3b456443238d59780d03e90bd
+Nonce = 5191f18d690f0855222588e44b7f620f
+PersonalizationString = 
+EntropyInputReseed = ab3b009a188ad166e67c403261adfdd41bd0070c3e5243e8d6eb45f57a584abd
+AdditionalInputReseed = 51f5da82f4eec822681c357a80317f50cf73c743a0d02575055c5937512687da
+AdditionalInput = 8d53b7d043aed33d50b12863280b7d81a9c9f8ee924cbb57ae22cea99cf00bc7
+AdditionalInput = 5ee89062f15fe3ea6abf74d53bdbe8f9adba96c9b34bb478bceb88ac125403c3
+ReturnedBits = 85c2da7ccd5ad4909966e7d6e8b07d44fb4aa8220468c18e1fa846774e00f64920c019146dd2dc5e6687bec8c3e024833536a18abd69390f46b2e014a1880c2809ff22233ad67449b483882a0443586490f4dc76703ea0fdf40e9977af1b40399b7bca8d3782944acbcc1b320d59a945b50457f13e0714a0c1cedbb141a879e214a8d30c09753dae950ce1ebcb59b4f6ccc4d81d874037d8b80282f592a2c645e82756d3bac528487f0fddeb48a08a6d13d43232c0e46b6836ff78eb7a6c485b63505d03e7bdb9f63fbb959b4ca776bcaa4b2dfebb0c38aadabb489b47aee60dea8a497f80958935cf07cedfbade4dfebfea737f941daffb2ee59b458bd59f8d
+
+COUNT = 8
+EntropyInput = 2b5ee7de482da18d4e433b3802bd039e748f245a3be615ba6d5a05975861232b
+Nonce = 1e6e6056627b12110e13a3b1dc742cf1
+PersonalizationString = 
+EntropyInputReseed = c45bf4d2ffe15cf82e453f9ab21edc0a087cea691d5f82e65242a8779a5ede4c
+AdditionalInputReseed = d8caa71a3ab4ac19a13e809a8267240f8e2e3d4ccad4d3e0d5642257e3d1281e
+AdditionalInput = 998f973533200b1e6d915515020daaf6ce77cc0949a58f811905b258c7ffe44b
+AdditionalInput = fc553c0b30ab7c4d30a7bc5330207bcd4eea016521f1477dd76af7bd050263ee
+ReturnedBits = 4d3b01359994132c69a15e9e4fe2c4c85e52fc7f25e822df7bb2fe12d5e78012c554b6d3c8ef67e43bac0c437e5ba63cb5b3d6a8b9b07e5aa63ef810a90d5c945131b917cc1968b1d61cd99a54c844ccb8bcb6f71bc498f6de212f8fab3697898e709dbdbbf7be2680a22ae0381b1253ae0876a685b30864934183ec7e50e3586cf98dc8af420e16a00f32b5c94fe5cbb29a86d2dd5d637f2d01c9be61d8c6ab51c41292a6eab1e9f5d34412bcb9f77e142ac59b64ddf6a3f96e59a0ad5970e280670d29a4f5350beac139bfe17cfc9cb79692a456ced081f22f21c570d588d704ec4ad0900a691e18d38641b61180fef2ef6c5da6cac97e57ea2eae38e84eed
+
+COUNT = 9
+EntropyInput = e2ff109ede3f98126784b95f2dde3e6f27c875aa8467c830babccae9f960c1f4
+Nonce = ca51b8e1f389c92a37320144f1314c2d
+PersonalizationString = 
+EntropyInputReseed = 66b0b46577db58cefba4fe808c80d425c6a0135857a546b7f27312ae4254e755
+AdditionalInputReseed = e06babd95e325ffbb2f49a4546c5f35a4515be70dee15b86d6cf8046f0bc2aae
+AdditionalInput = bf7e360f1791264354a70b2d5cc121ce702ae0cb208ef97263513b10ea48a61a
+AdditionalInput = bbad6059e8b756d5b4c57f50100a2efa551c1de0c483bb474463e2517d040066
+ReturnedBits = 72c01414a8b1371669d9c169220513cc1bc16fd0449c119e9ec467a2d6b018663ff24b632a9ca0ea7ebe375cddaa2b46c39c9ecf32931a22aade5e47da0acccce0c7fc7a8a0d26f9e91fa8e8306aa543f659fae99e2290e1e5682dcb940252912c7a41239392dba493b5ad7206ff3313a2216eea6f64ccdb873d98894547fc3299b4742d087f2bbffe34ebc9e9afc78ed6b42d893277533dcb04b4d3abe4c07d1f3910297e70e7726ed206f872b38cfd082bef584613995bfc18ff53fca5cd69fcfd09cc09963889897e0a6b3cc8403143e3a8d2c4a338e2ef9c594f5dd7cd1ef15f3443622f91c113ebdcc3a581974edb1397a599e25fc3d3c17c0133417aa9
+
+COUNT = 10
+EntropyInput = b3a7fd06af5ccdcee750c9215aae93457d604e76990ac703f173613dfc0b6e66
+Nonce = c0778a9b7e28ebc80b664af2e7fdd857
+PersonalizationString = 
+EntropyInputReseed = 86d5b77c8497a36e0317316bd0cd1801179c6038fea3fae43feebd3503e9d9e0
+AdditionalInputReseed = 006dbdbd9374c073e93d8e0ca4b4b5e5f1737acdf020e4305e7732fd5acbd328
+AdditionalInput = 4b5efac4d1a1a48cc4351688d87f4d7e67b965af14a515584496328f0211df42
+AdditionalInput = 5e5e2bc6529f34879eb3ea1574bc7bec1922db09a6985dea788f03d1465010cd
+ReturnedBits = 77f5f8803f17355de81b5c9c5a56d8a3abe6794c7f9b47cd50a97410e14eaeebef823f16448463a1de98a12c4ad5111fb1d8a1f9eda91f5f6957a1e84389802fe596574228c1982c54980b8d4d6692800e0ed9b4ba9515c7b7fc1078a7aca4e32a71da83cfa4be3fd1c51cc7bb5c555750756734b59349f70d12e0f29f9da6fbe6f20d145669569e6147c5e346a9eed9e2b4eac5de6712955f3c9b225c9eb765811771cc9e216d462a735956de5391cda6a7c1d64229764375685f0bbc02910f9d3fb959bbe50ff39bd378e3bbc38e4ea88562e506ceb9871e7eccb8e948c99c59356b3160034c92a08a4bcfc9c41cbf4c9c3d328c17540057ba8489cfd63fbf
+
+COUNT = 11
+EntropyInput = b9a57de2486498048f03d95588020f881546bd06e5da8aa6f0bf98b1104692b0
+Nonce = 05c1f9ce3720297f0b1c55e0557c54df
+PersonalizationString = 
+EntropyInputReseed = 353f047eb275d6f32990e71460a858be54593b3b68d5c17ae9602c2b1affa2e6
+AdditionalInputReseed = 772a940c5bb5283a6f34bc118338ef5b2c391bf01af90cc98c0788d3d6508441
+AdditionalInput = 202ddedcc086e43cc565b64594b6024818ffd3d2302b80901a3dd0cccd11f458
+AdditionalInput = d44375c6078d3bfbbe647562deebebcf4c3163b42f01ed80f1f29a81fc215201
+ReturnedBits = 86d7635ba25db9e25787dfd77dd99d7f6dcc3c286ffef0c487a20edb8d19101b2fe6898b24500cefdb9736cf6517c976cb182707578ab094b355c7b785ccb7aafe381da2b9cf0fb65de90c4b2aa3931f533a3490c6ec55503002643fc637a42dc83fa5c3687c8340a09b93cdbb8200a3c9251bec730231a048c582e0306f7e5b99deb6a9cd400b01ae104c8e29608a3d844224d5ab2924569c7de4cb4b3fcdb2e371cfe61c953f7e998385f7ba28f9b7b5947358d1ae01a208f9c04b1bb555a7a77309e6b8df34c8a21cf5279ea6515d3f4ea389f9afdf1b87e023801228792add02b5c8bd98354d7a041d0fa78a1d160d5469a622a542fa01a42f3b56c45dea
+
+COUNT = 12
+EntropyInput = 151099bb30284200d5bd476d7676c5b0bde1014509821032f4009b39fa8f0345
+Nonce = bb6481248a9066bc65aa8d52aa33625b
+PersonalizationString = 
+EntropyInputReseed = ab0b0a5968535887bb06784c0e5eb9583fd197555f9711f96bb4a7454b442815
+AdditionalInputReseed = 30ed1a9a08bd7e7f17d83af7d495851c5ab2ae3108c6b83b0f4f406b71c0a76d
+AdditionalInput = e070c1dd25a0aa123fab7c6bea38512123238b003a57eb38e133739859db2f13
+AdditionalInput = e14d40bc2817d494bd81bfde1725be096d24d8dd47e3a168579e093c4f1b6056
+ReturnedBits = 0dfefa72c6be1b74045268db82587fdfabd790c6a8dddc260c2fdfd89fc9051081cc46b32e7a721f63f367a9a2afb09ee56961793d508695e2f27ef7db4f91e66352f5a3bf8cfd29ee0e9708cc15a4ea09d5a76079325dada64a8b1dec2e6a21ee8267e6dbd237a19cbe09b00bf1eb5e83878d2ee362806c6995cc3d1ae36f61a0f8d11990597929e33547fd463cb364db47ed42c0f912daa9b7c139b203781fc190e9d034ef8da031e20a89e5ed93e5bec3c7f28d7394a69f69e3682d915b6a4b98794d2faed02da4cbe4c5bea07b39aca1486b82106584cf704caa224a9f2fc5c33a2fd3c1c11dfe184d8160acf48771b6acae79fa71af6c4e0fa466f603a0
+
+COUNT = 13
+EntropyInput = 2658403ff2f2bf89757e97e329d1913c28938fbc7e86ce12852cddfc98f10934
+Nonce = ceae5617183cdf7fec5910f6cc8f921a
+PersonalizationString = 
+EntropyInputReseed = 11e8cb4b6caf0115a99fc846367a68a0f2ddc23f28c89109b851f1e5bf1c7276
+AdditionalInputReseed = 22354dc4fdf4363745333dcad319cedf14ff600baa9bdc4073b7d73f3f385e5c
+AdditionalInput = 9cee34676eaa53faeeec725a1ad2a0ff7767476542258a3faee0e805c1ecb08b
+AdditionalInput = 4643064d51f522bc5cc7cd86a3d19a4f4517d59083236101685626d83dfb1c79
+ReturnedBits = d6b4b8ecff2af5ba05d87db5e3f59a76c74806f2eb5672e686e5fb62c029461d27626d7c7ecb2ec23592526161aeed6ba0b08fd7d13f62af2732f56b305d6a970d37a0066c6ebcf4e1026df161462f7fcdc7244e32999767cee5e96b97aa467f9a4bc8d6c1247159a65707d2cb3b37d0ac39c37b0a3846051c71b5bbfc6de2e6f0e9d7a84745ca187484751ab41f878f1efbe4a9faa16d5e3bd648b62e562841d82fe52ef9dd5565f657878095d673bfafebf212aaa4561ce63cd7d29ad1c673cd91aa4f1092d1adb662a9c6c1c1afc5d026c5c750e681201b3ea737c489baa67db9828519933029db58d521351cea3c4c1e11452f8444b00a41e6968d3642af
+
+COUNT = 14
+EntropyInput = 73526c7509723c58d3e39ee589e1269fad4bf17645f5955efbed81242f695d24
+Nonce = 3f06f1b2a97772134d707b94b5784af0
+PersonalizationString = 
+EntropyInputReseed = cf4712e5490dbf42f995106339c964afe4430d1e380a014ce8a0fb5b1057fef1
+AdditionalInputReseed = 1d4fc33c9563543c17c6216e8d969f32849ca232fb5b42e505af6d96318c93da
+AdditionalInput = 9f488da135de413e746a367685eacd5c191209ba0458565285419f6b950a3ff9
+AdditionalInput = 7b48678423b711686b91cbc7f5ba2750e06ded99cc9f3b7fdcc2556f0998b243
+ReturnedBits = 3d321a56cb18c6d69fb68e38c0c08d807618daf05458c2dd888a467e3f4445135a782f92e67b945cb526281ad6e9776bdc7d52040bb4e0b336b1973dee6c281cf40421b016341bca5682240aae04fa097a46f4ac6852ebcf0ad9dd171bf9f844e01f846c60288b57459bc9cc0117d927a6315aea908dea843d526f214e9c0e46f44de6f037033c6ed6248cb32b06efc77ea26cac01260342daecca664cf1ad1b048c8715b40be06c78eb9a29b4b9cda6240b93087e028bd8824c44311c016810634cb7ef06aace61d8da758194ac831223373752cd0ca820d822cfe719058b4ab040361480ecdd7a7cd118a6c882d745a88b9c13db96e6788de7794ba94abc19
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 5b8230da2790d030ba7e57c509d3bb2aa95aab5f788e61789d7cc4dc9cf160c8
+Nonce = 13948f391e6a40b9f3ac36d79c082804
+PersonalizationString = 79d362a64ce266dc571e112c644560db9f7d84bdca9e03c4aa60e8a98162d541
+EntropyInputReseed = 49a4c9ed852897ddf143b8e1db3008e1ea1d04829f9c8c49026c96586ad005cd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b0e432813fb600f2edd22abb283867cfbb22bea8871b22a9cef78ef97bf178ae26c5b062ee007fee9a7fe2be8e72d22d225fc2305d34119cde21f927f67fabaf455e77ecac534a36f445c62dbb29f91e6169972f7d2f3cbcba40319f2fc48c532cb6ed3be47980b2326815c7ce689acdba1f8fd9410612dc9a7f6e611a062311f41069f5f108827c30b7962b49c7f70be4e9504f729e66b7af3d5c3de45c4722bc04449735a4864818b920903a649cab961ff8c68973bcc261751c3c6bf2f1101799e1b5eeb44010937551f1c5f1fcae2a6debd2ca8dc3e287bee716cbac7ac8469d13614f7f3881fcf93a7a0f36e7f2e822792e38b1b8ead6e2563fc1b3b7d9
+
+COUNT = 1
+EntropyInput = d9f3cecdec6989da44bbd391a12c248f1e2771a1bad3d7e69eaedcd4bab9e3ca
+Nonce = 926c38bbbff0714cd1aa989c71f42335
+PersonalizationString = 4e0916b00ec4066a1a9e5df71e1ce2f8e19f774e5853be4672d952328fce2037
+EntropyInputReseed = ff0280f7f1a06adee613ea1d94f5180c4bc42c65225f31cacce016c62d6a030e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = efbd1c73ca54e21a213f1e9b2bb5e059943542d5a5c01b75ee4ebd02ed8d97841fb6f6f1ff360fd25c6e8af7433024a28530b8da744e2db050659619ebccc7da4d344eddbdef9927e632eebadcd3f86444f1c19d5b34aacb61c2b20e81ef79374c71aa3d58f4cc26a41081d4c32184eca991e7fa09ae4861dd777eb610a5bfa6e6464f821b6c8c3f4d01e6cd714fc04676d20933580aba905df50de86888fc8d1f3cf3ff1a2b6efad3902b2e2ce4c96ef04087de1a571e444735a4838a192431dba7294dc1e49dfcb1533296fd93cdd5426f5aa40917434bfadb66d44309156b41dffab745210bd5854b5e25925f018ab0ee2e457477194d98c163df52921413
+
+COUNT = 2
+EntropyInput = 9132b042b72aaa98cb9eafa4bb12c3b4f9b731a1915217e7dfc4f595feaa8759
+Nonce = bb8803a7592645d73e81a5453732a060
+PersonalizationString = fd7553348c58cc4f0df621ba958808a7a2bb32ab87c6b329367cc33db00cd1c3
+EntropyInputReseed = bab06704293d1f066c4bd22392498ca99271ef0163a79b19b3806b200cff0df5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d6298deab9d5225412480d310ef9e78f0c446fdc3de690dd36278e55e8bf885db05cf2423c6cf4274379af967f1511ddc0371e5947c372eb95d82144e98355e60d9456c2689de50cbd2b560ed98e7c757430d39524ed990c61d942094dcec2ebc0ce86f60d80198ef46f1664f73ac0d4ef5d57b06715e1a2ce2a5c316f2b1f4277442be9c2afcae848b4d060d9c976601aef1b109214cd7d437e35e5a3907851fee9ad5828391d6b936ec91785d19950e281268185e93d189314e55124aa8b85c06d332cfa04592e953e6c55f11328e2d1d3f62dec78884f9d468695c267201a52dd79a38029de8cee00113c99d99038f44c88684c28937ea8e883b6c4d5bd24
+
+COUNT = 3
+EntropyInput = 5432d72c476f1f0926d93711d7122b407576764f8aa338e27afc740b50cc8344
+Nonce = 15f91f5f8cf51420e2674a2cab47a642
+PersonalizationString = 76e6291efa26a99b2c427b24900647077f5b47e4fbf4c43e4bf0b182023a1754
+EntropyInputReseed = 963f91935b1ca893cca7bcc2c6edd0d875af46e85c947ab25d7ed41cab8c7eca
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 426e4425af6e824cf04dfdffa541659f8bc9ed1041a3397ff4cd00414a1da55d0b3fc375cbc64b69d9fac0caaed81dc117355428e570f2dbaa621bc9e45c6009a0501e023b6b83e9ac12eaab226b86645ac47d5634125204653ab79f5cf99e7304bfc732a18e2d700c96e9f836a8158ccd53298f90be418915e0c714faa59407ba396bd43bd57ab0c77f63b830565caec9448f37eaf39bbfc5ae68345702adfa8c9e5334fe93eeebf40a15491ba23c0dadddfbd47c52a627cb0c3baae3893adc48a4a0254de9852f0adaea4016295397b3328af9ce2375b6a0858fcc8683b6b8619a2f7836eec4f85d2b4baf1f54942dfb1381b23ed53a6bc30967bb617ab0eb
+
+COUNT = 4
+EntropyInput = ead7ab61abfc6279087da71c96b61d659967dce03731830e5f29369e5d5b43f8
+Nonce = 954bbf723d2dd061851d0764bcdedb13
+PersonalizationString = cb1bb9ea3b670e6d6e7daf6370ae7cd15c6691360a6cab413d32c1b9e781e86f
+EntropyInputReseed = d3878d88a698559ab425460658cb6f15fef256e97bdad5d3eac68c20bb602030
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 104a753d8553ffdfb0a0b32568fca2c12746fa16c1fbdbf152ddd1734c2f96507c39541a7e0aa5e0f0c51d4cb4bef0fb40651eb68a82ac80e51dc1ed0f4983deba5f341d3660f9010bda22e72c794a4e63c40d165ba8c8c3a28bbbfdb5bc423287e3d89dd1ac02eb6f305124d73ecfc74bd0d40bd889be977ddd8b33c68b271b3bbf8bce203b650c359e0a561dc5d10b5db0a8034a6e9a68deacd10ae2a39d4aa406162f50a208c888cbd7f2ba38fd27dda566dd0726bc51803ef49ebbfcdbcf1922e05f160d66983a8bc9f1d08858a5be502e662202bf61b0f5c8b1ff780df547f2289f1e127d941194caf1492229416c9e78404b3dd23bc4a62635401baa1f
+
+COUNT = 5
+EntropyInput = 356391c1229b57db3360f0eca03685c3f1e424ac1c3d69834a9e26043f99ee76
+Nonce = 914ea5fb98d2c75298d4a640561a0ac0
+PersonalizationString = 8a6a08c71199a7af974e3917fb494cde267b7a9b897b4f387606b757a4d359bd
+EntropyInputReseed = deaf127a755f5db2f324852746139987a96e969c9889139d5f235a25c5784296
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c887dd1925e856056cbeec8f1dab7fccab4f6e79bdbbd4692cdb3874bc62094cd4766471d1688d3c2cb8f44893ac948072efb69d30107a18656269bf2c66ef08cbeab2f12bdb59c4b65badadefe8e821df17a21505e8c8809c0c7c6558e5e9acfbdaef92d311269c9e2d38f153dea1755a6bd772aabe5981a957cd0853ca7478a9307c098771ff0ca4bc75193e4924391f05f4f861a95705916733b7ca1fa4e3c94aea86f85b7a86040ee8ab0f0faff7e52435ad13fe38acf2e806fb88b905343ed6d1d63e6e58d93e4d1625b7df728f5994e08fa382ccaafca2e91e91823fe3d357ce44b93e5d0e366c5072b96def06080089283a22e5c4063d946cb5855e3d
+
+COUNT = 6
+EntropyInput = c1215ebc843083c0912254810c82432f607a0db69e28539da436fceeb2a1d942
+Nonce = 67349c8a9ef9aa26bb9dad28bc7d6dc9
+PersonalizationString = 1737376eafb863215d7586de466199fc2941cf13cc391cecd5aa7266664e4b12
+EntropyInputReseed = 7be2d4d228b99561032a656e88b7596325b4fb2c3be79921b15f42462c7bc727
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 42b1c733c43dbd47618dda3e4b7b38a62910a688c9b7139817adc7b26b64e94f9188dbcfc2055f3955963a02dd81eea527aef694d3bf06191068add9cccca341e364e93616e32f03976727577dc7b9ca26cc9a6b1de6ca0ff5c9577d8eae40841cb8e51f1a92297a3c998b528855cc4118ffe87bd48f9eac349d6a7118b7f760117e982539e4c4a2cc1e77011a05ed45ec16c6356d9ad08f620074f948ddd2fdf78f3f1bff0d9454f9b6de8db5e3a4d59bafb8c441e8f92b086812012904e70b4247dfc09b63a8ccaab8fd44c6705a613371f3e5703c3939eae01fad0526b6bb27b886e2b5263cddae00aea907c813f495f707d275207f0ce6a598fdf9e26dd9
+
+COUNT = 7
+EntropyInput = eb305333a13bfad6c79a12caf1479fda7c6e6734b46679ab46df75d743533f49
+Nonce = 40b8c53d937e9dbcbe809683158212f9
+PersonalizationString = 225781d466bfa08e6c19e12d3be83221313527e86b952edebfdee61073f77596
+EntropyInputReseed = 62ead56bc719916a15ca7d56425e3b7f6cc1594c39c89150e3fbc37d7d4f07ae
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fffa7156fcdedc87aa3ea23cee16234edf95b8d504c0fa2de9bcc59e06b6f8778acbfd17e8c7fa32a993c4f7d0b52ee4a768fa1e3388c01fc84a53ef0370bb017411fb45ff7a38e79ce91e63c7d92267f5b6051d7f51ab95b7490a662038bde192361168f26ee5b5aa6ffcb5417dab81d8ff605258aca5654340c69cd7bcc37ac2fa6f9dde4540f29efd42a65818d81068f306d7ddfc82744e2c3efb6b6bcdb4bc2937fe3aaada0e6733df65982e520be5b5abeb2102dfdf0a68a974fb5bacbff2e251969bb9b6baf72179540ed8cd0daae1767f065a6d11095a35504e231a74eded7cfd285bcdba0604dac3f1e8c69d43dcaf0435be46d8b51044a35364cfb0
+
+COUNT = 8
+EntropyInput = 47bdb61c7cfea6ac4d5e0a6da42141003f400a932e1249d8415e6e89a326eda8
+Nonce = 4534ba1cc278b7200ee9a1fd3b4a5749
+PersonalizationString = 66415e8fca06441dcb914613a5c25f923155082754dca7d12aa03759e7fe060f
+EntropyInputReseed = 3864882d7e179ac5b249ff3fbb997e745007dcee8de072b52e928dc22d8edef1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a6f4a84d6337813d47fbc290de6fad3a53beee75e01b2541129b1089517e435af5295bd727792f43190926957fc6b6ae7099af51ab207770d54678dad22a4f152d1be695e4f46fc5b7b717f3d9d664567cd84ff836d7b735b5bed8aefea7335ecf3cf54a9cd52885c0c4b2fad4ae541d042a44c3f20219312599271b7f335516d2b757ffdccac7853a4dedaaff72ebe47076395e9e6234881379116102b517b21ed979377691c52d058db932f78f66c78ce0111920c9f46bf7382ef1456bbb2bcee8dfd024675097320fec3737e0690bd475c17594aa8d6307b6310c25a48c999710a5a71572fb3f44baa120be5ed8edca428dc38a690fbed556dc411ed0026a
+
+COUNT = 9
+EntropyInput = 27fd2e4c2ca85fd4e92c8507d94bbe35f7a0eea3dc5c41a82c3ebc4d2689074a
+Nonce = bcff9b53f31a2cb59db76e5e4f1e9414
+PersonalizationString = 19b0a4031727b179905592e0f0bc4114a15e19e49410dd19751f1ed44bedb6da
+EntropyInputReseed = c4d3edbe825ca8e27893500b7f4ca76987015813bd562334783984e2793137c5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9bcab99c7cd46401ed82521f9a820d5032938e695a169702221403c85e764860f979b617eb8ecc6f96fe7982ba40b82090a64a1b2bfab92ffa94e1e4d5977860902adf36e959b7ed2a2f7bf9bfeab8860acbd62d33f9c178b44ab6c754cca794ce6fa98f773a23324f3a03222f03e0a87b232f50d1f170dce5bd8a5e8eaa0d8fa7cbec44d70e8e25ca77c38099b46a252d06e43d016e0957299ed6e71f84c96945c7d5ad70af0292c6581524d285c5413c1930c92b4994dd000bcca6373cdcbbda3873de541b2093616c3e532245e3a0751bf009020038e411e149dc114c19be07393973288edf09c854f880ef0eab8cbc7c42c486a4cd945a609b503044d56d
+
+COUNT = 10
+EntropyInput = 90cf28b3f5293016b7511cb2b4f04982bebd6a197b9ae63aa550376bfa0e3a7e
+Nonce = c5e3084680c5de6aaec2802c277a2967
+PersonalizationString = 3c685c1cdc1cf4dbde7f044d5fca6cd49d75dda569d8b7c087d988a8b870594f
+EntropyInputReseed = 767d9b7a1d56dbf77969742cee28fcf3af9f74a65a49b5a73e0f7eaedbcf713b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7cfdb7b432a5db24e3493a3240f4b08f1270d5346d5ab0bb4108ff8d284099af2464ef10f1a862e12133eb966281780713ce616471100b374fca886555a5d08e7cc5af8908e28e2e31a047f36a2f8cc334d7066181a4abdbb1f333f4bd70a5bd28227fe791e6f4d51f2374c956391f43825b4d840282da6fa737e1c0502017ca0ecf916d37e9615afe6993771b4aaf5c7a1382d28918f1f1b7e96d2291fca1a5b2b30ffd271fb31d094d7568dd7c727dee6a220865d906b09e4a90bed936b4bf77b9d4c87230bb351a59a395ef866bac557326d4793f22da962078db3ae674f98b606412872e3e1dd85b4543bc9ebf9b74635db6eb7032323476289a349d75c1
+
+COUNT = 11
+EntropyInput = acbe1c1f0641879971269abcb514feb1768ae42f736d6e25cee100425c9b8430
+Nonce = 2f198f20811a20ceabb840266dfb3e4a
+PersonalizationString = 9aaffc9ff1eb1924c7561f1c65017de378914eee4a96bd95f584ad263469e95f
+EntropyInputReseed = cf08e4654de7da73c61acbba62255c4d412d02252a3cecc90f686c7665fa741f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 17baa6990f0dae2c786b9f4dd429187e29f898a39513b0d58f7c4af70e5f73692dbe7011bd3d348a23d1e0f294cd0b99bfb76622b6f5ebb69439f0dc319c4bbb33adb3d4c0dcafbef5aeaf15742798d9ca8624def61be557c4c21d862fd61b127b026faa3b15adfba7c7ab49489e3e13c1a9676a4c8741a8b009b32f2a33f4450ab162131758f9d38babe66b63c6802d9971a5242359f935d7ed71cb33596b2152216f0688cfc0289721a82f8dc3d634eabf724442c8c8cb1b1bc1edbd61f287ccd8d1a2a5ef6939c928d6fe160ca0278143033f9a48740583690ea1f3b7f9688292c98e4e1dbf2f9ff55e58d84e8c6abc2cea9606c59a89b1cbf5eee7f1a370
+
+COUNT = 12
+EntropyInput = ae974ffdfc45d0cb80234e598b52c8c18f963034d2148890b837fcb655966220
+Nonce = 6d88af454572354e3e5baa86004eefc7
+PersonalizationString = b1b625c0354adc75713d55176f91a565c73166cf0d0c41bf2828d892a9d52bc2
+EntropyInputReseed = 1323e97d7f996e42c744a84bb0f4d61e80648a9ee0ab37709c59662db80145e8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8538d2703c4567748adbc19eaeb9b886afb2d92c67a6288cf79de4f420f0e3a4db710264fbd4e44bb125a8c7de731b255bfd0e14b099caa9031c956959ef9b4b8718ec26d8d6aa3dec28bc117f4bf74ffd6693728063e580c37c4d8069999c398644bc1c1c3b51e33a6491ab16e609f327ed3c1134f7664fe4a515033c94d0a5afda6964d46e95f0eb04b1ed029535580a85515452857ffc7ea2fb92bb3ecbd189a22b27203a51cbdf15b011cb22756760bb3f4b0fdd3df3f34a1ce5b5c589378669b4dc252ac9eb2c01fc66c7935b6683517c4985b2a76792feb4a9cf9843bf3b684874b85ffe986fb00129c21fcd315fe26a8c4c820d57fa1bdb8e15d4d26c
+
+COUNT = 13
+EntropyInput = 6273470ebbf1300355fd316349de903bdb74aba7efd34f122f6ec656d9f2d99d
+Nonce = 3b8aea46731cef00990ace7693a5ec53
+PersonalizationString = f3f3f2a29631c7bbeba970d70b10ed4f6a94a58b32186ce831860e36a9de4380
+EntropyInputReseed = 3644db769d0cccb57d2b0b0e62e358de8f851dfe52f4548eaa9a533bb8bda6c6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 62fec6a9f3347e1b9ff6655157f1d38f67901bacdf35689cbf3db65ed959fd7cec09eba346554924f00d2230751ede0b142334c9ca6a7819d2b5f0215034d9788cdc27ce94eac7446e3cc190fb501331f4b29db5133bfe9402f6de4f69d07ab8e92170973dce0b9c6466aa92421f052b2673e63827a94d61717a9f7b5825b990256729e5f545f6f25f820453a090f46c1cf02f8a781de0cf860074fe79b374b267b8f22caef10f17cb622463f1e39cf16b7105c14338f660589da3b49d1af8ad832b0a0c0af367639dc9ebb487ed0a109f27722471de76e818c003a01f02bd1a9c7b29df7e1c50af1b584da0b342e38d039ad687f2893a905983b795637ad3a2
+
+COUNT = 14
+EntropyInput = a50e0885c00bf9263664a8261f87f839db69f4009741b016ebf9f3b0a198b0dd
+Nonce = 9960d278ad62d87726041d1f908a9c0d
+PersonalizationString = 0dd2b2cec55b594e0d893e7032546fe0ee5579b404e050f7a703ea60016b8206
+EntropyInputReseed = b94cdf758be7958c8a70fb953182b9043ff2020d4f237d6c2327140b65738783
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fb0322e38865eb487cd817968092914a8e495389bfc16fd4b414d27850cf1868d26541817b348195e8d01e6402bfea17bfc8a2235d74eb7ece57d3c59685ad0b6ed692b9de4830212fba6d7ec06213d0621d0a569e4edfa0e13be6cd725448f8f4a4a65b7cf28099c53eef851457f55a8ea4ec8a8d892d262c1c5fb566127348363ddf03a72acd6047800a34917c09dfce8ee77a2e0edfe8005d38bf3e9a3fcf8f6ede545747762eea1ce5dd34ef31d9a5b80c5e3161592d2d2b508eee7ee8ede63da94ae8a166ca65407646cac02c6ae6419f0d7de8c696ba7c0402860bcb6c1b4289c177e22176e390d0381e146c59c2e58dca176226392212bbca794b7363
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = b545ef49fe99637d6a528e20dfb7a50fd4147139ff5d4906fe40dafdbf02ab6c
+Nonce = c0a915d8997ede54fef698e8d89400cc
+PersonalizationString = 5aeeb4b701efb0ef5278fad1c14fc9219999fd01381da37652363b5eea52bc10
+EntropyInputReseed = b2fbea285c181d52a2c7fa93752adb9b1a84ac38bd67b8e575d09d3ed8e743d4
+AdditionalInputReseed = 0192986a85f548332f0aae6751fa3819a5fbaa6c86037c882acda6f00e3b9c37
+AdditionalInput = 729e51f3cdb2b6c89f514795686228373021cc8a8d961e3dc72c57c7854b310e
+AdditionalInput = d1aecdd87ffbcbe5a7d545f12254e59f061e10e9232d1e554ce402adbc65e893
+ReturnedBits = 1af05ce7beb2605822acbc23802f3b56bd34aeedd56a770b99bcf55c7fedb7e17cd4225245d56c416e09927fbbaa16ce7f01918b63706d47c98796a513ed6bc43f56da45d51a6fe0a43a957e2e0c391a4e5be8dfa6e74008d1cf9e0527cd16a79af90732611d424e6e0fce6efb8d1b33467bc5af835678f5085f44119095fb9ab7d9ce35b8ec0557813c7af3a3257daa85f22deae96bb1955dcdf6d9ab7a22ad9f86bffd49f15b0ef9958e406f14810bf2dfd90182909c825e518b3401b5297846d1f877d66e0fc7e31c98b9d4af6b8cc13a943f5538f194527a74da74f2ba596cfa5e772264bf8f783ecaaf1383f9f32f990c21663c2cacc185be547fcc9a76
+
+COUNT = 1
+EntropyInput = 1e1eca23c5412c143835fc230ca33e5363e7d3dd444c5497b3ba19582ee23b5a
+Nonce = 025b010be727212d3c7b558489ea4384
+PersonalizationString = 80288b30ba0e25eddf3c1fb8427acc4f56e44ecce76821825ceaadc42456f24e
+EntropyInputReseed = eecd89943bd669d640009324e12028e1ee6d0d71f89e47a0df0f1edd7b8c6b5b
+AdditionalInputReseed = 900de40c2cb248c1e169af8a734a153e2cb9519a44847a42c0fec562abfaef6e
+AdditionalInput = 2fba56cefe418f2596c6fa3becc6e1f52b862549c33fa9aa97cd1353b3f650ae
+AdditionalInput = 1285004f8b69bd3d128eb1c47bf3ddb8e0c838daf4576529c95f4e8fbb0051dc
+ReturnedBits = 4d41ccd38abb05c6c1d4e7a8e7a65ee532a8560187dbb6c6c2bbca9fbee9c3b55fb46762531b62122d08a695b62334c6af71dace7c4ab7b20673af17d9a1372316d1ac0fdeca77d1ff79b0246dd00f856807cdc6bcb1a5b0b2581b67d373f975637f1a862ee4a661c69225fc589f61541f4434809d89a6dda302bbd72716b5b0e812362a674e5881a0cd8cc8c115cd7f6e45191f5956d17c7eec40c042cb26b8a985fa6f5e6495d7c70625a527f31a294b717894f059c6362ca7fa30298b7383fa36279dfd3a177f586299f55d404a7efc44563a6672b2050de9900a1ce6e55a336ec6c0b8ea0102620bcf965e1c4700cdcccab1e2f9940e070249b12cac9d2c
+
+COUNT = 2
+EntropyInput = 92201c1c720fafd53aafd9c22c8391bf821c7344d89fef61cd68edae47af5b4a
+Nonce = 7b5d92dfb6eeb09252ae20a7d734b06d
+PersonalizationString = b4dc2c746a966f3652626c75cc0f3ba97a098dfce9c687c1216753d5864a2ff2
+EntropyInputReseed = 9d9a9141b12eefe76ca97847bdf2c7d5324f1fab4f7974ce0431d1c263bd4db1
+AdditionalInputReseed = 169844b896792b77108ee8c8ef040c54f2a11abb77b1a920a779e97e6bb0ab44
+AdditionalInput = bbe8c1be45fdbc4a9cf59a712ac2dd7ca1136f572e5417816e87c9ded6390525
+AdditionalInput = 840aeee22757687b885de6ff597989d4ed44ece21d7949c0aeca47fc00a57de9
+ReturnedBits = a35e92923c92d3e3b6fe81fc5fb814106aebc8a77c7e2da2712e252f633f0ef0489e865304b8a4dc23ef537a9916a1e8c360afd053207c479975d4b0282eed8ba82909f306d04aac937920f9b9b0d61915f23f5fdb4a209448decc03c741a9319b779d25cccbcbb699f0d82633170e77ba1e2d3967e48eccb1d8338aef54ee1f31fb995a6410c7522d8779712209a0ba2f3f08d22ddbdf7b349269e5d6a2c4e11291cdbe4add39b8816b9a706a42c627fa0bbbae33227c4005398f6909a3fac855b2a3f2fedb404fe0eb33b1e021385bd8c0361fc7e54c9505bfb33697c64dd962a264cbe73979a0298f54400b34b4811dbc1d16cf0652cd61dad4798501d4e7
+
+COUNT = 3
+EntropyInput = 8fbec97ff2146c8c029a44b8e8793b8dc8c27fe8e7c999ec2c96afe15b991d9a
+Nonce = f03d2811c2ebb1dc60e8f2aaf0e09882
+PersonalizationString = b33edfac957986bda915a3dae2c52f3e30fd733a2a3ed1a86c1d8ddf24fe5850
+EntropyInputReseed = f44250d9a0af62b7689da45ccba03a8491d1385e24dbe545e08a151685573320
+AdditionalInputReseed = 0c7b25f06bffcaf4dbd8cb269cb9dff91b99cfcd17ff498e6a4db98a941987df
+AdditionalInput = 1bd62ee6f4a272b35da20240a017d1ba8849a9a2fe6e7904083876ba0394be17
+AdditionalInput = 0bb6e181fb9bf1565cec093bf44c7dd1e70e14953d3dbfe88ea8389cfe004e27
+ReturnedBits = c91defaab53d789c7dc519fab443a178b9432aa094fe7e4f52100268b2393066ba4c72f6fa2f1941b2ea2766d10fd43fe7143db1b920fc58276fbf742a09c4a9cb66f6a555034053195365e2c49ec73042605c4c8e54e7a2b97dfcefd7d0023f29922f9ffdebfa5291f81c1ec189d7562b1eac819b33685d958402197045905dadc19e35d0c80dc65e8b307c6c6b4be7caee0519a799482b6c6f3c69f5a4952d22a40452f8a8a4b6e550a648ce3588f10984fe6f675b761f707a5370a71a851b6274e64061046143585dec6d410edf3e9a66ea70f858afbf3640a38c6f53eca0aaa52e15c8dafe434ac1cc42d22d2f33ce0dda43f679f7e1194bc1eb4f391d51
+
+COUNT = 4
+EntropyInput = bfd40725f5ebec659388ea787224f8f075eb72687bbd67935a7e71b4feab9b03
+Nonce = af6dee25b154680d761afca5897cb8ad
+PersonalizationString = 3500f2b4ea0bd30fbd2e143a29c6b5d1b519b559453b1260e57a42bebc3a5d2f
+EntropyInputReseed = ec2f712c397f9aaf4e2e3faa843910c41359f7900beaeb90ddb84c95303c0ecb
+AdditionalInputReseed = 6c0ec59eba1da6cbbd7374f36f3177c855a2a65b4d75189741738a6f662f77ad
+AdditionalInput = c3d39ae88b2ea360d25692c4ffa1bf9be63d9e194ced791c5edeff42fe8a8b9c
+AdditionalInput = 1d68f8c0d86528f73a9b3f53bd1128dd1f0319f78e31454c338d62b49f208381
+ReturnedBits = c84c664333cca8d6b236afbd44183aa75e981d72b6a3fe66129d8c1223a85bb2d425ce3da6d362dfd16dd6f5e6315c7edad8e96f70df4a8652e911a43304b9330174ac824d8d0d025f4b404afcab89c9e75fac9819e7ea2e288744c35c0ff92f8f9e83458e7548f8c1e9d6f1d7e95400241422a556f9c95a4351b65e4f1dd423347653f2247023e5b8f0a9a589041f3daa82fd2dceb1c8ea520ede22ca07e1c56a211b94405deeb98f91098505c827020e70b8beedeb4fcc30aeeaf59fcf11b464a51d20ddb0bfa5606fe10015588d49c17dd429aaf1da309d494cff47a6a62e0df4d0918e0fda7e9080221a25476d6e32cb1314cd9356509635475eb7329f25
+
+COUNT = 5
+EntropyInput = 7ead26007fba35ee7aa4d9a9c0c4a99c773fbdd9da07cd151eee3eb6ba765f4f
+Nonce = 685f28483d6018d01d78de1eec5a4114
+PersonalizationString = 01449c471736a99d1aaf17f1a76d471915397b5ef4bfb8fca485c8684a4bface
+EntropyInputReseed = f27a853d08bf950735b100cfcb158a9bad98bdff852ca7b536cfb779171ebfac
+AdditionalInputReseed = 82fb1308d455387cc05fe40e1a5edb81692048eb94ec63904cb15cd11bfe0599
+AdditionalInput = 035feeac96c20456aecf330c410591d9ad7ce6f65a247532ed68992d3df7fe1d
+AdditionalInput = a86d6b506a7bb92de6a1af3f59f4af037362a902d0350b0cc55f8266657c50a0
+ReturnedBits = 03b771fc0bae9cdd5f646f8573918e48d405163808a86c0588b541eec81765e1736c2a46ce7f0bb09a794755e971e29f122cab661f411f6f1f4ce0bfbfbd32282f08edab2a26b3a5430a8a286493f4f6ae47c93c1d19601de757aff97fad38fd656e026a9aefa10efd9ee942e63d2a503967e7545ade90c5e4105e3867169247166d0a10addb91827e2483382f85641ae688f89c05d100f223101a2e88ae7208d6e5318469a424e043a96540e3d6bbc3904946948d15b19b61d4fdb26be89a9fa35e57807d55aa655daf84b466881e8ccbd751891a32319f3463af04b964ccde08a9b4aa82ab9e2f60b80cc79b81eef211e2ed40aa30a74652fc56ced34ff8dc
+
+COUNT = 6
+EntropyInput = d9fb4fe1010973b7a1a596985a813cc410f33c799a5491b2e830f6b301729eff
+Nonce = 4f1d3493139d0bb0c235c5f4128b3b5f
+PersonalizationString = 0b0b01abdc9aef47d49198c25e0929883f790f3c6aec2af68909f289e375ef66
+EntropyInputReseed = e8836ffa1e94b003ee87714d11b0f5c201756a4b247834e8e28a4d272e79ac10
+AdditionalInputReseed = d77281872e7e646e9545d3fb1afa84bf6c11319d3140802e9e976a9af2d19522
+AdditionalInput = b4739221cc4c372110c57918b83c956445d44c715186499dbcc758fc064c9e42
+AdditionalInput = 5038b993ba92eefc2f0d730f1054ebf7e16714402c3d4329433eded0a679b06c
+ReturnedBits = b454f3d8d6ee50b3f82a126e0ddd39be33b646f2c210cb732a7ddfe546fc4c047fed269488465f4173a06c3db8e80b8107c7763a80df43af8742844475f8ce00efdeceda768512076f3cc0ac45216e0c9d2a86decf7d2be83c9a3d5448171b7d6f1b24ed6417f6c2410a71d5bd91e6ae3ae6113fed3a8402526ed301f507b3307aaf9eedad9dcba67090a487f384a0e0cde7939ecedcf9c8760b2d0113854150007d4ee87c8052843ee0e36b0185d81ae4f68e72419fe8da8042cf7edca077d08b97ba772d7dfce7a0bcc591af155fb2847ed7f6e9c541259317d7b05835ae5368b8ad08e9c6d00b159da27761fe99303650a5653e88c865ee352e402d17b8d9
+
+COUNT = 7
+EntropyInput = de7ae27c942eabeb04d15e5c780e8d5f7dc760b187a0e1260205fe93e28cb93b
+Nonce = 8add3bedf4d457fe164c44377a8f6bc9
+PersonalizationString = 34d29ca99219a1f169633460fce8f48a92ce9c9d209501eaf8e557f29d085248
+EntropyInputReseed = 1b806bfce476387e08cbfd3f2fa5e27fd5fc6fba8b9ea73b96d0d9a1718232e3
+AdditionalInputReseed = 3e39c488ac70e8cff43ab2aecbcb741528348e9aa778bac9a4f3888021a1817f
+AdditionalInput = e0ce337640e247b91d999b389bd052639b7de6d8df82a8a3640cf05d2dbe91fa
+AdditionalInput = 15f6562340be54d873f415299ce19a84f244b758d5720c22de4e83cec8f6d337
+ReturnedBits = 484a01d12efb77f7218d42d0c0307bc3fc2fb2a201efdb3444c079f525d675204928cc55296708d0047f3fc39a4d178493bf46d5e7ff000934e27341b90029c827c7fe5cc023db23bc242a4080129cdba0eaeb3a428f0449f7e970982c2411fd29c471eb383ca095ac5c9fde00ea67e447a50887ab9801d3723f826acb501f2d207216a30dcce1da3438c874b506a4e137dde314bc980895fee90ef18a723caba97edf6cd210d51deed40a88b695d865748bb4b1b94c773711504b7f4cbb8393689c193da46efe02d45b13c103787c9d0b2859795f15e05f7a1d0102d0a19295ef6da4ef311e9049f0ef356595bbef28af64813ca8c4f7a594c0b88deb9b0a1e
+
+COUNT = 8
+EntropyInput = f359535fa9d1ccfdb4d0a4c4be750ace90a3d8a0ed1cccd691bff6d3d12f9d71
+Nonce = 5d1e328ddd290e3534fce6e59ca2cae8
+PersonalizationString = fa736eb7f62028314d2b516b36b1ae54d50e8650928424131f0a0fbaba559470
+EntropyInputReseed = e8d16f9cf6d52911d59e5925eea69b49b43c948cd10dffdbe787973025038a80
+AdditionalInputReseed = 84060d9d45c87336aa5ccc8db21cc940865d99f7d56a8f1366e10f3723349fde
+AdditionalInput = 4556bbfdbccc5b778d66e89a241602007cd01d058c47cfb69c9a53a482d618f8
+AdditionalInput = 328129c5f1130865f90973df9122cf84f50d01be1b7a7ece85585a7ccd044751
+ReturnedBits = 0d3eede6df5824ccf7b8909f6a73271bd085459e95dda8e5644992a2bee5bdddf578b0688d47a31ce5ffb54282cb319130b6a1aead266316ff26ec39051c3ea3afec003c8f06b9c55593b404571ca9bb166f97af7e8b28aefef43d0d934b301b1d903753378d792030a0711cd4753cafdd0b6ce1b52944668a37af91d460a16243fb8081b26c4bc42d496169deea05dca6d0aa4f5b89eb8696cbeaa2c8974f5a797a1d6c55ad1822692c219f37c498a002d547cb4b018416bc9ab4aba07b8e91883fd9d63f91375312bfa822c25c04934c8a5ce5081e83e87c2ef39914df50b516f11a1842505b1271f0079329924599c143aa48ad54837efa7fe726f5737d98
+
+COUNT = 9
+EntropyInput = 0fbf07ece426b2e8b5f876c27646c80d65de48e919c09bfab25c3cde47d9a702
+Nonce = b2dc327cedd063bc2b1c2e6479e02940
+PersonalizationString = 9aa53110da68ef97cc983bcee957f6316a0cbe7c41c0c96ca2065cf8d66e4618
+EntropyInputReseed = 2cc8adff06de8fe82ea3d35f05232f5ef0338f915a0502f4d34e99030e828c2e
+AdditionalInputReseed = 78c3539e3635e187d7e9f3641d33fcfb58865f2d4658b859e27f6cdc1c7fc085
+AdditionalInput = 7b44921d9560a9b4dd5c74c2b50a233e1800bf713f0d20744e236b93a3cf1773
+AdditionalInput = 218b6e0da75fba14ea4a9ffbb73ee1818808ea2d5657ca56ceb298d2ee27bf11
+ReturnedBits = 13033e50d686e0fbe162dc08abb92f7e66b1a9cb024b5de998b5b75b9fead7ec0c3e756a6c627d541f355a800e10a845fa7cc4b9d5f87a3ad75504f363c743629af4a5028fdb837fc7d06e17522c856c162a47b1bce2c11395c02078a4b10bc985ddfd55106ac4935a1deb9f961fb05fc1a049e1035c4b751bdec08150e4ff9cfd40285e57144789c9c05b2019742d39eb5b5220ead70c2c8376f53131fcfa98065223d144644f0ee16bae82642903daf63f14757c360283f4bbb1d25b2542818e470b27deefec67199e03123c282279d85be0c765d0841342d93489fe7ebbcee9ae1033857b2d87ea59ea7baf953765ba54d4b6dc3430709331aa067e3eba9b
+
+COUNT = 10
+EntropyInput = e6f94ef8b1024e852971a5bb6eab5c86b1c2a1d8320e9d121dcbfd90988c6d1f
+Nonce = 7be7c57eddbcf2cae79db86b8e87a052
+PersonalizationString = 12640878f67f34704394383867b9c4229455c72ae1951090d1d5d98d410863a8
+EntropyInputReseed = 66384504ce7fec2d222a0c5681e2fd889d3dedd9f27b5b83ba2d0a03c7bd1202
+AdditionalInputReseed = 9ddab6933d972867056b0f6703d4ece71e973c6a4099b60114464e735921970e
+AdditionalInput = a5de2fffeb439014118f1176fdf313272d661306ef252b62e62ea6168efeb8d9
+AdditionalInput = 544280686c9f764ef0aace9afd51e1bda5a6e5d7ce4363d454291a51c7785f2e
+ReturnedBits = 1bb49b4b54aaa70c1c093ab313354abc280148bf66ccd2946f76a8aef582630af565fba6622b23d6a176439ead2c9540d075324cd88e35bbe9ebae84e821746f5d070dc9045d2b21ee894b9b8d9ad0c02391df13d89a7175ea1c62bce80c0f90ab69f7f6c8f5640fc2004e2afebcf61f1aa6c5b9b2be2bd0d847bd9c2dbd4c7fe92558d820b3b4d1c09338dd78547937e2f11d81d27624c5e687a83e9d972a8867d0b822273be99dcc11c47d8d7966ebd241b433f4951fb7316cab9a8f55ea266c5896d768fd7aba0d8282df80ab4cd59acb3c687b3e40f3f8339617c8fe383ec2e9c9eaa221e1bc3d1be6aba7c999f3bce66751d13e2e8ad3a76c77c63e522e
+
+COUNT = 11
+EntropyInput = cc23c83d8adc10a5a64075bd09416a93892ccbf970fec570b983904240c31a64
+Nonce = 7c77f8a756d434d0bb35dba587a9c0c5
+PersonalizationString = 7a6f59c10758eefe41b0e4523659a46407e32b12e00ad9268ec0edce118a7e6a
+EntropyInputReseed = 59d1c016f02d01ae6cacc75df5e26f60731faf4552958e4f8d35b0b68c51251f
+AdditionalInputReseed = cfec594ffcf793d986aa4302e5eace0f0e6ff86b909fb77fe3ff13d26bb24fcb
+AdditionalInput = 6b177bc81e4a1f8be073cc57166dc084d128c5611d11e8cc88ae3dfe22a437ff
+AdditionalInput = 7c73f0835a7e93d760d267a245717f75ed6ed9492c7e290ba8ed738566efb5f6
+ReturnedBits = 45074d690363661e0c31b6ececb0d88b22d08125c9c8dc76901b778f4024312bafb1b966f3eace34cbab6320b1dc0ead3ba37ffb9880532ca9d12445825db719803f8319c046af77a2724e86ceff9665c295f0f9ecf512b2bae688d8a989ece674cda3caf554e7ba51d1d8106af73ad11e1c3464e76a5d0e700dcbd06b68975bdfc4f1faf156afb959cde76e0b63383dc274a2acfd1d0ae729c66144d3c9188cc4a5a8ed0b70156fea75cd636d8a43fd030f58a620707ef9a428ebf8d59f9dd221c8bccc5a0ef65d918403589e66d72ba78650486d970ca07344f42aa455b26ddbdf76eefb092eb698e94fde1f25a8361e902fb1c5526b51798cd8328f67d251
+
+COUNT = 12
+EntropyInput = e82faedf6e8e245945ecc51965a4a8dad340d65d79ac0e138b0c5db55597fc27
+Nonce = dabe25386b7f4bbdaf05019b73199fdf
+PersonalizationString = 7aa4fb5b44a1e6342f389350f062931a5b23687e3c2a97218877103fed43da95
+EntropyInputReseed = c0c2490fa364365002cdc854a88a5e57b9ecbda1a5519e0aa50f788a00bdeb2e
+AdditionalInputReseed = 44df1f7641aa6f99a44016446b1ac351d6d26cad43a5e41332f08f6f50cf74f2
+AdditionalInput = f4874ebdf79d3e8db93b14727c2d5a6f6887efd6297c5951268a3eb5be26cd66
+AdditionalInput = 6ca8921fbf960e45b6afcbbe0b5b6b87ea845b7c2c11f396f576dc3af90fee89
+ReturnedBits = 646aa646de1bf4ca0d000d5d188effa1a5d362a3763fe0c2b3848e4b67ae76bb4e9d5cb78ce84bf8be49d9e89fe02ae1e2f22d4d59e7b815fb168821c5e17fba1c89ce00d96322fb1ffd59cc16afbc8aaf9f0800b06d466b88b765bc22a526b98c9bfe7bd91f9d455b370749e9bcdc129637c8a01ca0c824b7e94db89e643ebe82f0ab4bacfc850ea42da8d0b42b9ba795968cf20f1939d28aebe4024ce8acce877bf5b71f6ea8c1eac5a101b31185b0dd899863f308b69ac5a0d2161790d4a06496d5c0fbc93f2f066f2abc86f1f8c381f3d2ab05b71c9209462d07373bdb161c233b939c24a4a035239ab0f204449b80cdcb9d0e148706701df602238a1249
+
+COUNT = 13
+EntropyInput = 927a220c03c098ac455f9f776dca44266eab2e50545c100eb962fdf67d5d7e16
+Nonce = a6eff02b6aad993fafa4f6648372effb
+PersonalizationString = 410ec43783f62fb52f6dba80cf2f073ee17ad28b6986ec10c14ef355fe357d8e
+EntropyInputReseed = 04a1527182330918e32c4eeaa6579517447041b63476a7133a2aaeed9ad96683
+AdditionalInputReseed = 53ed3c47fddb3186bf1e785876be09dcb5d7a29714c1e92351e0a02f16691f6e
+AdditionalInput = a9bfb51295065eb18b47415450ff19085525ec2486523de3e0dae82288c2718b
+AdditionalInput = ae938f43075f96beb9c3f583fa434e2426c4058891e584482affdb7a462de344
+ReturnedBits = e50f0aeeeae2dc48de77bd84b68268e634037140e0b4b498f53ef56594e7f53e1ebdf470a2bdc004c3c57095bf8135a74acbf3c20c220ce1f077083847de4b1e326ad21ecbfc6ffca67e051891016f754629bdf10b73a081b8f46790fe9eaed0296bccd1d358bf38472cf0baefcf5d5d52297a6054b4509289d8698d87af35cd0bac444f7124f76b1351a83165dd65b59bc2e0f93fc2d738fbc1c4c889f894c380813a80fbe7d43f2dcaec255e9091d0173604af09a3cef6fcc0061fac771374318dc99f93f5a46edd3dd333fb6e3b8e505512f3f6cdabc303c4673d1a59fff979d842ca3ee6ffffb3f0079097996946e874d6ae0dea4f23b2f17d39f1fc343e
+
+COUNT = 14
+EntropyInput = a77ecb4c58587d88f8f00a5f7ea95780260ef0b8e4d888726bef70de0e16b312
+Nonce = 345a0811a9952dc5a7ac6cb929276159
+PersonalizationString = 23acae13f89bf03af7243b42ba19bdd550f69832027c1f4fc254049349e026f9
+EntropyInputReseed = 2b84125f319eeee08c9db2c929bde8cc99bbcf498bdd1526e98b06a2831fcd38
+AdditionalInputReseed = ac465b3260240368353f2123d221f565183a82976f57f523be2b02ecd394b634
+AdditionalInput = 5c9174f58ad1d33047efeb85412b6a5f2b15aa9702fc22ffe06f6a6d3b461287
+AdditionalInput = bdc48b510e5e2cc922d03b4e5e1ed29b414ca0f9280f4584fd68785b4dcda711
+ReturnedBits = 5b020aa9d2f9a379b50a92b5e11f0074cf60b2ebce9eac5a8af7f88cba3c44598d961266206de7365cde732c1e6c666a02596c336b70e7c7925dbcfbe2ef33ede69fbcb19187d5a19c64bb53216d6a5303d88573022c76fadb3fe212560386aa7a475231c3ab39b3ecb66e55a2690cc2b86eac39b4b663d7790dcb662bfcc4f56e8fa6b18dbfefc75353c93eeeaa400022e6ad8827db4d8dc2c458860a8d618034dfdf3a01a388da8606bdc25a252ba10c51bcd9a7e7882616a8b8c130ea09e661f2084595c22dddeba42fe64c276f5746f98ba7440e326055e1cdaaae8bdd3842891b11ea7e812e371c185d11f56b507a2f3b7eb3a242f1560776acc5978861
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 2d5f0d905d7c18c45c92fab826b123706675e44a91e8f8b44bcd84d182d85e7e
+Nonce = 33b5f3fa654153a1bf3bb266b1620a29
+PersonalizationString = 
+EntropyInputReseed = c7f968f135563c3475108da15f11b6521d17ce502b07c7191c8db38866eeb15c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f7e6aad60386318aca8a635a1f0e5f169a38e21bdceb6745b50bc37dfb64a5cb67591e56cfd84c21d2d049d270eca77c1b168f6517f65c6059c5b7a9a5e90ebea0b391a66ea1465039cb407415ec5fc76ab2be80c6f01dee411aa2470bcc24a30525164411837171d2ab4fa7b96ef157adf220dc6ec496c61f775549cc5bc05147f365adbf35d97f31d0eed6f648c23dfeefe12516f2372f0eded94745006ec79fcebc3114774ba1474311e2883858af3d6f8db3efe34567201276458cbfe34599357bfa8568ed3279ed952d0a732793a73c86963269862b79fe9d8c923abdca8cf087c816807fd7b7c1ea882b3b2c16c96198a0c9cdf7202024dab05d8e6bd3
+
+COUNT = 1
+EntropyInput = 25fbbf3c9e02607677bf0528f5767210dde70b95f301f6d71eb7a6a8764f6324
+Nonce = f8db06298288194e27f88a6c17136ec7
+PersonalizationString = 
+EntropyInputReseed = bb75f846dc1013656de20c06bd06a528014cdcb0feb97844e2764b62fd53ca88
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c98e795cd181e814b2338640f0597ec917850327da2dc066c7d3dab4efa30285493984c2fc4b0184d8fdfcbefe90a8f37ea79d29d88a7c96fabb90aaec74fa08813b8ae8d00aedab7449b30cd18a0d95d315d5057aabd026eda0308900f2ec73c33fb0ac83b4d4f888bbcbd055287d8ac50f6d2417b0251f00143dd11adf53298dd298dbc4dcce8dd46f0c86402384b106308ba50ecccd0b857640a459a0588c844b7954146570ce52517cb63b8f2fbc21511ca1b8f4f0a4a7f50cce5699ec014fb6831f95d826d63d6b4e3932561f625176dfaa5b13ffe6fe1dca26dec238d318403063ef61fcb111b5e3fd8dcd5a2ff8b0a88311e0bc8a6c7d845a0ce056db
+
+COUNT = 2
+EntropyInput = ea0993ed135dec3e580f8c1e144a2610f309a6adbbd1d9496bdb92edfbc7e074
+Nonce = ef7cb430cdb9b1bd834baf131e3d84ac
+PersonalizationString = 
+EntropyInputReseed = 0631a62c76443f2c3354d9801199d55ea65eb7e3bb4077ae351044866ee23c5b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 731639917bcf3c23015a930c49f64f3c2d71b31ddaac5c638daad231ae70ed4d3d688532f519e10beef74108f062d04d05fa852fb02c0f8559ea415a52e65df73bb896c89b957fcbb2a9b61aa91d3aa4672ccf7592e5fa361c52a8e2a0ff9172b05a5340046ff324eedc5fef9808b4b07722d548db7adbb6b78715354868fa70686f2e1f2034d415346fec06b17f0ca769c54782135040aa9c598999e52c71f132d82467a5ca216cdb0191d70e4eeac17945e29595fed5b73579d299fd5853998af2c54ab25f67ebb14484b1c2f21b69881fe68fa35ebcbe23e5868f4246d558ba5b8d08b7bb1c4c0d2231c577c02a07dccec272983d413d12e12e978af85c6e
+
+COUNT = 3
+EntropyInput = c77f87917943cd4e6300de9ada8da86b74020c754546e7ed31061bfe0681800b
+Nonce = da7ef9f55a0c7aafaa67a9192586fa51
+PersonalizationString = 
+EntropyInputReseed = 268c5b00b41a649436052e4726de1dcfbab5f5b03f9f5bd7f8b1003e05c250fd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1b004764820885980ed0a8a3c67d70c55088fe2129d1906bd42b5a0b382d8a14953519b3b60f462a5e05d8a4f90c048695b28c95097231846ba9df8869d1ec4ac700f2f04dd2fb4066f0963512cd77759d1e240ba53effa4052e9ac55e1dbecece547941003ab9d33c4d7d6a98f1e82e59e3a19694855c1fd07e988e01023f5e3b371a5f9dc1d2949d7a3e858d95c2d96c17499f89ec3946e60131aaaf7d7418e1e70271fc43aa9f4c441ce315222a9857f2858415b2435f062f86ff30259bc3ca44e2e7433a294a7b6da4b70f5ebf9e57872fbc7465ad1ee325e92e1fd71dbfab3a6e95de23439fb88e0563f9d61a5c57b273f1aefacbbea2ca934aa461c389
+
+COUNT = 4
+EntropyInput = 9e69b475ea4e8c9d17a811c1ef66862a439fec852c30e675db433c52b50f2ac2
+Nonce = 7f5381ba2b1de4b1f75c418ac1a4709c
+PersonalizationString = 
+EntropyInputReseed = 7ef0212b9f674ac5818264075a2056798b90191c4ab664b6b54cd73d0e1abce1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f0ce7ad20b0d314b32ace269fc6d31345384bd314c4398aee7774c04cef603bf0a3d284842ea3a0982ce3b85760d5c060b66ba704deecbd2694165c3479736e8018a07301da84b20cb20d84af76304dccda84abd17bea3e403b20f5329ae8df8074560d59f135204ef431b298351a5efeec3de73de9a29641ab3c3edff6e30f672c45eea05dc76b5495b2e8a5f88d0b52560304e0adf97b8fedef699e4dfdee20fde9ecc8eb0e582a65605a29a6fc9047079af88cba9a6b6a3ce46b321c9811997dd21d5c649c1aeb25ee867ebb2b90cec225119e5aa18368b3929e0607be08e2f2adf0b71cb5ab60b0ab51f4fb856dd08b21c339fe29fa06e6d9bb03fa7c6f6
+
+COUNT = 5
+EntropyInput = b60c6025dda77e81b33012ba0606f5761058f4a95e4bcdc25ac25139d583dc55
+Nonce = 77647a4a5862afa07d2fbf636cc430fd
+PersonalizationString = 
+EntropyInputReseed = a900e505e5b1862579a18596c2811732f3eec77538ec2947adb7efb9c8746090
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc4ed7e55f1acd14c37ed45957b60563e6582544feea536a13873c61f2ac56b424b231bce32150267637295490076bb4d265977277b15d850f7eb1f601d235755324c33420828ee50b1a37988a34d384e6cbdb4b299d250886424855569786e1da38983dcfd7c282901139ff5af7ece37c3e10c5594c61be6b8a603970fbbffb2197317ce55e7c3948430f433a3be58edc48ba7f8f763e6d3a45990a3a96cbc73403c6e40dff3a7cbfb71900cc8657cbfecb2a8d479d23daf8801598f9dcdf84671310e04a646a04f9c8c0e009631e71365fd2a990a952225e62141f8996797a664703132ff7a39b5dd03894ab7ecac1db658d705b768d80d1d872de12a95f52
+
+COUNT = 6
+EntropyInput = b499c831cc05acab1f47ff562729f8c99c7bcde1e7844e6c7f824c9e6998a8fd
+Nonce = b508baf779478667447328c8cfd8c6d6
+PersonalizationString = 
+EntropyInputReseed = 381d1cbea3b4a810bae5e08bcb9f0796ec4dd07cf1ecc65583e3cce4de5180ca
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cdb03bc6e2a4c36834b8cc424d9695078771abc6c2858bb43209517a652e1b8c799d8e7b5c8356373e6af5470f52cd4d9a76bb622d0ccd743fa02480edb0a5522566b36b29a077af37c865772a205a349b8719528a6e5eace4be5ad3151009926101f5a7ba070ec7480ced95ecf92d86f19d9ee809dfe7b770e76e558afcd7b0fc9076453e782bfc9029accb6925baac61cf16047e2986859116d3a8128d08370bc9199657f789ac41e944a3a655f93996f18bb5644c955cb8eb101dfbba82efb080cb7dce959a9bc6f08fc50b76a0bb96d64d1809fb4b959854cb985ad8f086d3f5f0277ebc6186162fa646e12e4dbe0e2ab26602814ded1d410fe2374d94bd
+
+COUNT = 7
+EntropyInput = 2f340b34fc9fd49118e5cf7cc5e338a8b15d0c72a638dca503b9ce603684427a
+Nonce = 9dabe82aea68970e3d0a99869a48c5ae
+PersonalizationString = 
+EntropyInputReseed = d34f7624ce48487b1005b33cb278787a5da2b0304481fbb01be0aa2164213bf3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c1d5a197161c379d060726a64a06d981ee0ca571ad8b64466cee0e0564fe5b79265fc78b86a20723add737846e5e9e732758497b0ce5a271394c336d496fe1d7f40c9f9d5b8829643cae9dbfeff925d391b3031bb566d32f2c0280dd82ec4a3cf5a5dd2085670fcf77cc5bfa0e0375f2766578d74b17a765ccf23ac779a00609ab4fadba2e455249f707d7010b94f3f86603529f49fc32ba5d7c54ee6b9667254dbdf0c9a74fe57f7f82a44afef387afad9763a4f0bd5c965f3a4f6363762214a145b327147ea2d20fce4ec755749f2f021de2ec0e341b0c17a41ae9c00125ff204f98676db0e4114f5caf91ec1044a240616d66d3fa6c946ab2cda7175959cb
+
+COUNT = 8
+EntropyInput = b02c77e2626030fffe5e389f3fc8489dd98dc513aaeaf3a5cff24a8dda68fe05
+Nonce = 0f1127fd5496c7830d760f2f8b04eeeb
+PersonalizationString = 
+EntropyInputReseed = 7b9304b4dc018a5f7866c1135bf3d46d248da2ab9dfc822fc538d31449b336f9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8ea8608408511f7d4d824807aa5ee675d9f375309bb1ed7e330b2001c6625e690750076e1c5281f05d6d47f18d2df622b4cd2824dbd9962607d9782e338cd8173855629fe850226c040ac478993fcdbd5300498132ab2be78877ec6c955d4121a4edec8eb1016084a98eb1bc8b18572009afb77fc1cc9e86b7eaf677b36b233de2eb888bfed86d3b6bce730b77bbbb7f9ab5bc35c1061595f7718e0d1ced6044ebbce4f010346a3f0e296ef13631fe4fbdbd62bf7e85a605f99509a369693dd87bccf34fe447592bec4310dc03300e5d176853e9b7947b5fc9a4bf77f629eac5d9e4138af211269e18f04bdade9597ee277f81cd491af6c8e953b3c3e7dda9f3
+
+COUNT = 9
+EntropyInput = a0db952d8e465ffefe32633ff269b0c9c765d4b2c6a57043ba283479e7c14aa3
+Nonce = 3003bdbff71e855220f239fdee507911
+PersonalizationString = 
+EntropyInputReseed = 3a9a35d1962d68fda6f8a511b1209f3c83e96fe2c47ea5885e35747463104388
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d97c2e8fea5fbe9f55cd6dcc492c75ef939a3d1d3f02b1c7b86f34c9c4a4701109929ba1e7789606938ecb5ef84472d2a285fe149cf60fe1701ce7c2e38aa4c19da2c64f7ba7407fb24bbcb8643255d7be6207eb09e1c8bdc3dd85eae4f38f0cd1cae9ce511da609a6706483186512ed9e02e50e78ba295a8c5e7fc4630037ef764efd48e83d5e571de39fb92d61cc591c0cfefbd96244177126b5b6eb0f44110f6c5bea50c921bddee466d8a70145d96365dadf9b1cb0de85a231d761d534d7fadd00de73e48d4a7ff8a43e7bc732d4d83ad7873a58d5d37e371ecb25c2e800eaa609e7a2bc07f8351cd55b6751a685d1fa6c5b2c9ea8ac3b15037344a7030a
+
+COUNT = 10
+EntropyInput = f24789cadd6a21713f0bd1b34d803633df381251bbbfe7f62007306285b96af7
+Nonce = 418670e1c6a303c4d2d7c1bcf78a970d
+PersonalizationString = 
+EntropyInputReseed = 906be495fc78e01a7f104d79694d5844288c3d950e2b1d81aae4a220e12fe661
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c20fe53b607e3eed98b6905cb229b3fa4614e7cc6366c2e1550383d9f8c0eeee151945b3b3caee164ce6e2316fa6ac117c4681d71f766c4ba7454668866fa290002cd8af680cdce0fe27599410f9171cd1d03222c6c28b3971c20f6548b7d58b36e846b4739f0f09268e596aae87f49d669fc0b2860257a4d6337cd6fc4531b7815bf08f98da0bc2ff805ecf573459ac4de16171f408394c69dfa4cdf48fb4b99a048421667adeaec08d04af97ce1eb1b6e6579d17edb82b2d9deb97831ad3577c7afe9c5a1abca0a3a8a56603e6ac14f3bcc0f87df398a62da1ca286942116ad53c9e33363279b5adc2a39b79ad3decac25858220a8264d6d6c6cbee98b92a2
+
+COUNT = 11
+EntropyInput = 6bad0d3f277bdefd691f9c28569d8b2bb46e0e620b91536c6d106608f90e1600
+Nonce = 8d9d5443bf983070a2cc357d13501f16
+PersonalizationString = 
+EntropyInputReseed = 26ff4a61ee5bd4061dc1ecc52cbea7c39f0a83815378ae8831295dfcf707578b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bf1d57c97c03b7919e78abf6845567e5a404d928743073f8bc2134ecea122e39c1249683aab058df8c9115cb0b58f7223c2fff686f60534a388da3b64101c13caa95d234a6fa9c09a5d905e32c085a1681cc37a36fed5f999506dac4ddb89ab6c16d7e5b33b8d08488d7490ad95ade82865a76ef38e07fbc3d40ba456687c1cc20bd102eaf4b9e7c5f9615a1083676031ebd67e84887e163ba5a8469dc9459be17c5afe83280b052e85d06afcfeedb65e5564a4ea59d73feb91e3a186ca361d86f143541b73ffdcd1de47653380546e4659e176605fb7669aeade086a96156af1a6846f7eaa7ca5e197ff034cecea48cceb797b01d5381b92b3888c2e303b5c4
+
+COUNT = 12
+EntropyInput = 4ff816134b5c4fc66083315e0d25c973cd592c0436a23275e149d941f28a5098
+Nonce = 8e79e89f8c4327a0527c7e60013e43b0
+PersonalizationString = 
+EntropyInputReseed = 8709406b3c7ae89dea03a8c085e4bae5feb472c3e2518d1ea871bc4fe2e3617d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a9cd992846d2b03dad398bb1923373e52353901a9922e50e1b037c89b2b7ca968673175303523316388368427c48068f4c69dcde7d046c153e8a255e4c7c48b848b25b65fc3563352e5873c73b410b28bbb5640e9d3bc553364eb7a3a566f70e54204c501359feaaacbd72841200e22bb7ff732fa9205f9c9c8d93baf9dc1d67e3123e601d18b585cdbb7db0c275043cfe133180900543c98d94d9fe193df37526c1249c21c8207c78155d86087c392566f9c8e361f47dbca9039dbd8e82806144a83ce9c3dcf47fa9cd566d14acb99f0cb19ace5a3bee5d07d75d98472521032fa24116c2d5f9f827fad88c7f9920ef735da193fec818006017cda980772797
+
+COUNT = 13
+EntropyInput = 3c776d28b3ccc7e2e09c400e0115315b2d2e9da7ce3bb9d19ead12fc92dfd746
+Nonce = 51205967665ea8af2bbad0fa8a6516cb
+PersonalizationString = 
+EntropyInputReseed = 11b64d1fcd351d06e2f6f0446709383b73b61e0398bef7d9ae689c1fb3c69424
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2ab2cddea3a1eba3f1ff017ebe5f7fb34ce6a3115906ecab007d9ef3172b2815d188576994dbdb1065ea70a883f04a90d35dc6b789dea261eada4be9d209ebdf3dff6d1f63746f9336909bf9ca1ce4b6c3ac24bdba3db1bee063408b99a1908cee6b873cc60a147d85238e0c52ae417dd75dfb864431b5d944f1b934e2cf8bbc43762ff006c1af01fd2569c93b1cb0b5ace0ad3f8a7fbd9bbc1f0328d568b3db6f09520005e3b71f4e19681801c0fc86c7902096f64fd754cd703ccfd12c91af34f4040abbc30b9dc00273273d099d2518544876bab3d8d8d5a209345c26450e91d89187b57138a1175cfc96301b5a133a2bb0531d4308a9f6d8cfa7128dd417
+
+COUNT = 14
+EntropyInput = c06e90c75129f5a1ac3ef97a42c257facf35d283f5f67a01ca198c2be3e5057b
+Nonce = 74f34ba655310588dbf232b13aa3986e
+PersonalizationString = 
+EntropyInputReseed = 4efc60348e489153ee6ea0234563d1cd8adaa7cc5b5f1a8b4a246254907c185a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1ab3b1907b9dcb216faa994bd21b3759f8714b888359f3e31e59fd75dddd18a8479996cd2dd7fca3800c9c99cc4f47c72aae339bd2e8713afae5c2a81864f454543af89dec2d72b9acbf0e290331957505d5977dad642f6b6ddb2df042dc725e10d191cb3353a3bc63e6f49b8ce9d21fbbdbc83285c18e4b54c01eafe4f92cdb63d5a818b5c8b031cc28f45d22f7b6a6a737491f8302e852cc232642600085dc17aeeb878d06e8071668d18f051ea6ce24c0dee348b6af66b0ae95e7eeb1f2ff8a0b9b3aab19f77bef4d5cdd23a9bef0452784359f7d5699bf4833e3b247e6b8fa88bbc3d9be1fe59b9e9360195193cd36b747bf30da00500cb2d68ed159f34f
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = b59f098843697902325815a8e8336cb6fbc9b2a34dadd9451b2512c83c21834e
+Nonce = 386109033862569e66f8d42df29171fd
+PersonalizationString = 
+EntropyInputReseed = e4837bec8a56c8e0357ed89f4d163dd0fd816cbb825b74e94170c4696db39763
+AdditionalInputReseed = 3f304181d2b255f01a6b15e534541292aafd3cedfa2180a40b4404c665a3f8d7
+AdditionalInput = 5c77c4d34e1a3adde4998d53ce2ac7d4dd10eae30e67f3e7754384d6ea6c15f5
+AdditionalInput = 6c70e060c309373c32e0fe7b57b04c30f1f906fac1bae69bc814b6d9b8ef8c95
+ReturnedBits = d04baaed72234c5c4de9c9ca49090929fef8f5cebd90fd1374714f0711fb24f8417ffdacd301d5bcf35561a120d4118f3b2d254f17e7c996e62f12c2a115953c4c16d476ed1ed65fdfbc7c3476e99ec7890af362330193ebb3dbc2183d784e0b72f77dc45b87842b676e800e8a5ef3f9c1216ea45e7408c048c180ac1ee1bcedd67f0bcb1e90047d95c1c766cf0df7765ac64e9089db45a0fcd80fa884bf517c64dafd286aba897c400e961b74f6f521cefb5810ade9add80916c6508b9e02997e7bfe1024e94f9d2bc5c3d55aa38f8e9614c000f9c0925ca2226d1ca06b1681a5a3672a550c7d56247a0164ef7680364199d00248e5249fdd934ee7d8f288c0
+
+COUNT = 1
+EntropyInput = f5aec332fa02612db68d7870e33e025b80c902d1401ef2208ed09086acdbd1d8
+Nonce = 4d7841c74afe0634cf533b198cdec0d8
+PersonalizationString = 
+EntropyInputReseed = 31089c6ab9bcb0615fb014993ed0e1904b81edd43743c10051fe45cd1163af09
+AdditionalInputReseed = 1b96d97c3c79b419de0fa9ddcb43272ff0dee6c523cab9bdd18cceb900ccc904
+AdditionalInput = bda9529350431798d9adcec796061a4053ca5b9a0905c42fa68511b98fd27151
+AdditionalInput = 471a0bcb4ddfe961ddc0d5cd2c9c1f981d7f3255559414f1a4af28116fca476d
+ReturnedBits = 9a9ce21187ff4d5757966b26493849de379dbe3e0fd4401728b43a3a2270e8a184eff6a2a0b3fa5d7d4fd9290cd4c6408e65435a0f15c182cf1e75da08b8beee0fad02bf4aebb64ecb514654826a34a621650ef35eb51f43281336ad401a8f8e546e649be3b64f247718bc5dc6e85758b7f3ae21371c40211078bc8255ca75bc011c3f0a6ddc0e37e9a34f26ffe3cd3d0aa224d7b35e75a8212bdea2632d5c5b043637dfc36a2beb50d47e2e2562473efe9e3090000cfe0369462d2607de3cccef28534dba01bb2af0804099f91b94b8b7e57081a2ca0b8e4023f4c19e46b4205bb4ec419503cd763af2807247f84b03a673549042c1eee8d3506b2d0bfd247a
+
+COUNT = 2
+EntropyInput = fb0cca1f8851dc279ba95ef437e8cd04eeefd59d565e7800b5eec8ac4a42a607
+Nonce = e5b2ca096e545dbf7d6e452b9e526efc
+PersonalizationString = 
+EntropyInputReseed = ecfe6ba8df0c54da226c4db48346e2fe28b34936a44fe8fb1440cfa2c28b26f4
+AdditionalInputReseed = d78fc0bbf8905af45b74c3b8a59ad18d2e4067ce201ec559291a80e21f0793d7
+AdditionalInput = 9b554261be36ffd99e47730c99edaec8428aa63b7a5aa82ccd75cd0d1440bcd6
+AdditionalInput = e303c58d69690878c8121ead4cd49115ff6e0df56fbec460087b1b9c160988c2
+ReturnedBits = 9e9c362ff1eaee4440dfb866b7c7373c63e5dd207ad792cdcedacb7e3e036e66420daf33e280fc686cf7fc7f3481bb1a9f77b94d5dd4959e95fc1bd1213e9111713182eb21d464599a8400451deb56ea900af59bbe207dd56d61ca89326c20468bf53a850758db79f94ed22d5b749eab282687512832ed4c734786ebf2d4b506aa6341974481abc614b4b91ee0f7d3d5556d6da60cdc85c7a510ae79f5a77d849b194c5c6de72168d8d02fccbe5341cdb8736588160ffa84b1b5fac94084b5eef6a7961af2192000122dc98e66fbe2ec864218c86462f381ab4c92b3dc048b3732d4840fe6c361e5b4808f99a617552440b4b8142582e06cdba0eb84b7e0ff74
+
+COUNT = 3
+EntropyInput = d2c32beb78fc660123858ebf0834b3297256985c56bd4d7a72db43078ce7d72b
+Nonce = 95b418548d796ee60f6379f2c61630e4
+PersonalizationString = 
+EntropyInputReseed = 64b1a7796efff4eb7910a3f74b9919f8773ac29289a8f28ca3e2ebfceb0e488c
+AdditionalInputReseed = 87434b5c67316909fccb5bac2334ee5719805b96c5817ed583a9e11fd0457425
+AdditionalInput = 9c0a9e09ba80d375d3a8c1b276744f443f33e33228e83ea9ca4a508f7902c16e
+AdditionalInput = 6e41564baccf779b09823717fc2c6ae8c3b3f01b260f9ea23f73d787e26a0699
+ReturnedBits = 77a5b1ff59cdac6780825a53461c5c004214e3ec62766b4eb431e6ee6ed52b5f63fbb0c9df70185370b62f6c40a8a81caad543b1e06eae3c778286f5d430f6613774bb095be0cc9b4cd45a8b7154d7c2b6fd85f5bcef27d76dabb1e5b51ef152222ca5dbd7c155b2f15bd1febf793e95e4ae5768175aa1d98cfd7a54504cfb39469d0539203b93113868f72c6914732cac078e2bbdce5a4cc3c7dab70ce84c4c484fdbece3944912308b04e9513a7c6831dc5a3a1233b8ef61af8a3b4d556fee42b7683360aa5fa72ba69e7936ffe1eab223d80d52cea9e9c802bbc8405858e5ca50fae635a51a1348eda553986065df90ab31358f11db424b9b478f3167d11d
+
+COUNT = 4
+EntropyInput = 5c25ef9963b57d08b6ed88eec92b3d74938fca72c3448601eeb100b57b143b06
+Nonce = 6572a902f2558f8b91f809708222766c
+PersonalizationString = 
+EntropyInputReseed = 655c49b058fc5d481b6c61dcd23ea37d6dcda687eddc188d563a5fbab260223e
+AdditionalInputReseed = 56bda8fb338e02a86ceaf75dd3a7665372944b06b57b12ad6739b759c9e49ae4
+AdditionalInput = 887295e5955b196340ff27bfb5dbbf12bd5e51f9923c6c4b89e56b07be3f509c
+AdditionalInput = 286ec25d25c2e7eecbe8fffda1709c7eed4d7800848136371edb89e4fcd45b96
+ReturnedBits = 81b0c43c19ae6ff5b996b93a3beb2fd298e410ba978c776b5c8273068358895485645fc177260252edbab804ec7b1ca9e9c5a65447f5da6d8e402b0cc21675fa7d8375db0ab93216c9ce3076609488c4661f65849f2b960906c5fb61db913b304c8c16f6e32dece0467a78278773305b23ff2db0b2d8ebf1693b9de116edd7e8a2e5af7ef889b8164f8ba3f01cc1aa92fd15e08c975c75af38ab8ab2b8df2e42cea76b3129c7ab7414ff84c2e51c888635242154c01dae63b591fff904090272282780cc0a6a9f6a1f424758d440fae1f36bc4dce749d9e3e775f75101dedf6fa1a54be479d3808d5bc5209b787de03f8c577d506c1a63ba122dbca7d5a64759
+
+COUNT = 5
+EntropyInput = 8b435f303964fb50e63b077309bb5219753756cc4d2c28d65ce8bdde4c0335e3
+Nonce = 168e6a2ce6495691c731005a3281aa57
+PersonalizationString = 
+EntropyInputReseed = cbb2bcaf3152233abc33108ded9527d5d3f3ce5186a6f59722c9baec8bfc28de
+AdditionalInputReseed = b401fdb63bc3903fec513f381bb90f01b42e67e8fb6d8a22389beb5b8021757a
+AdditionalInput = 7d5088c5e7565ff013e4735141513af6aae784fdbe7ad197c2000d0297c61533
+AdditionalInput = 2b2a1ffecbcb33efd3c21e3edca327f40aada7e33c8a104214b008f6614db48a
+ReturnedBits = 83cfdf969418f1459b450578e2704ae47b25db45132b329aa479aa26c9c182bc9bfa703293f4e0b2e9cb901e36ae5102b923607e2cff551caba263b16821d6c60db48129eb0ba6bce3cdc515fa5f47dc6307ab14531eb3bc347a9b279641d66ad8f6866d89e93500d405abb79bc6bb47205371679c4d01075207139bbf1579c2a155a40d55b3bb7e592cb7363dca6108007c77263f7e143ce5d73026de4ab1df7c3d93053ee13ddbc91fc3a1b225f52171c53b6f6aa58066e5b961109d34b2a647da18ed0bbf6f9d35198b8c472c855089d3fd5661ba35a59beb05173d584d36b32407a60c2e921ba13d03bea0675f4369ef2494f7478ae73f27a4201bada22a
+
+COUNT = 6
+EntropyInput = a310c144f11c8b96fc472b0a7394d2da4199e01edf296e76fce13bce2d64bde4
+Nonce = df5ebf161d0df9329b8a63f3e04f9011
+PersonalizationString = 
+EntropyInputReseed = 6eeb0242208399def484968bc440e5720c0513baa2cdedaf2e015d74978e2a87
+AdditionalInputReseed = 79b355dcee8d127118ab89c63c0d08207307e1f3c497c79521e2235cc0085ba8
+AdditionalInput = 0ba728e7790641cab0d0179e0f65d4ba7111e884477cd9dd753ac5ce0e044b32
+AdditionalInput = ba59d36440f5207da47756336c85a4079da6e15b147accf8898aa1bd6151ffb6
+ReturnedBits = 597065f96721b6a3529d8679116123e2c8ebd8590d8855cb773e56d35c1d56a5995672577ecda4c8270fff056daf616d0a467631fb894e6e5f23e7eca3e8f414cc96a469631f3de2054ded1bffce678d8ff8745832c7f3f2cf122dddcbeaa61f02ad35020165f9745398aa550207bc8ec535f0c00b24bc71ddadf57cc4ef703c2d5bc4d069e6f1c106a0635fe69d21f8081297965bbdb7ec4086d53d5d93d027afcc973d34b198a2fee76d7ac93195d1aafdd4b4f9901154fa2af89a7e11859b26a5fe545371038bf11dbfc895b0997e1580a89a9297dabe1a6e54a61609ba05f5c500ee822315687dbc997d77f873176275c12f9406ba4c9d62a7fafc570f60
+
+COUNT = 7
+EntropyInput = 549173c6181f89c1e6f4e669794bb291fd9a0ed9ade7fdfe424a4b1cafb99366
+Nonce = 2ef3071b34720cbc0f8e8192f417b547
+PersonalizationString = 
+EntropyInputReseed = 284487bbe571a950d36ef35c1d488a2846e62cba31e0d0394c8574d03b969679
+AdditionalInputReseed = 02a6afe3d6188eb6796142ed50ef350088bab751726009ab708e48ba65f03e34
+AdditionalInput = 733a370fcff98a8aeab94c4e21c2c331f0345dfbbbeeddf5df733f9e02e2d71e
+AdditionalInput = c4421b8ba19ba3a2f57450a5ce55a4ca164cd4033463ce5f128c9ae0ac60851f
+ReturnedBits = e4b1e7450793a953fb399c20f88eab2740541069473924fbe29a96caf0de94910fc1c7703b64a14bd34ae056cd2c7afea11bcddc42dcbc83da47a25087efd67700bf36fbf278a9b432017cb22aaeaa08a27716072d8ba7de3be8eb4b5e38ede5846aad3d9a24c6bbd6a8bbaf8a5bf2b4131f4bd2a61dcb327f133e628fc973ad99cca3128d31601d754797fe09ca51603f043db46f0f5ba6ec0e6937e905cff48b76983b9c23b35f22c4d20bcb70053edee4251b5272ab93038a6736148704d628f725e9adcc063e5591abe4bd01e1ef40f432094a32fa0abf9519be8569d052846c4e8de522354d8dcd71f5a09c015ad40b74f285750e78fd3a949b48eed8fa
+
+COUNT = 8
+EntropyInput = fd55a8817065961dbc43e2fb7f8f997c129219e3d2b2e8526dbd9aabda1f0288
+Nonce = ae8ece5a98cb0a5aa4f795a8fe60f549
+PersonalizationString = 
+EntropyInputReseed = a4e85f2ba5116a935c98013f0c011488618b6dad74fa44b92160c66ce9dd4356
+AdditionalInputReseed = 749f7e77fb54b943eef8ee6b7639fd31d668f19242052f7e9bd5f2a15e47a184
+AdditionalInput = bd3b641ba132ced276dd0eec85f5a5a56189bd63a4aa5530763993c3a0b24289
+AdditionalInput = 91e16a242bc168495ab037b3614c397240fb2936e4db40e7658ca286f913c40a
+ReturnedBits = d3a347d51f1717da71b93adce2c27a8973851731462790084497a60b2cd376091eb909cced0eb9160c5732d3232e950e365d42bbdbb8a77c4003e33c4254de2456fe0405e47298ee8143fd0b5063e3a9daebf68dfed1b44b97faeb40f0d2dee6d556128e397a77f4fe29f7475f9ea506aafa16c28b6e8f71956b67ee8a1fdc5f0d0060f7966bd677db29118954ccefac8f7780b1d7c7507ec3df63a063d03ea94af156e7295e6cdc98da7dc391654ef5c9f0e04dc74d058117e46876d384cf77d171d4dcfd4dc8264b65fcaaa020ce0e798d4517754358e534f0f34cab6adde69bf84bed7791ca95d3079b68e47136c1a9521fdef78a677c8716d079245b582b
+
+COUNT = 9
+EntropyInput = 276bf285550559c4536d7233de46c90da2713faaefe8c0bd8898c39365eeee64
+Nonce = 88ab42d72ff7b0e827611bfaedd46063
+PersonalizationString = 
+EntropyInputReseed = 244b13e37e94c237dd61376b5090ca7c1dbc1d01396c578778d8693733a9d123
+AdditionalInputReseed = 53519a4da98012c97ad92ce8a75dc0fa0e82a4aeff11fbc680842808236cef9e
+AdditionalInput = e2bfa081e9e18ea08c70dc03c40b0f4830f0c2c3ca8ae4254cd08b8aa455739a
+AdditionalInput = cf7c7e409d2dcac196ad7e2cd785c7dba234b8e92523caf6976eabc7d1e5d10f
+ReturnedBits = a363ea085bd09be8358ee8c3d542b6bce284ffb21106fd7d95e019d557471b8f95aeeca189b0acbf9f55c950e01c00f40c41aa7cffc3aafabd3984b63d119f7c9e8090b1070c8408d0d8cf81ee9e4f1c110c34fa5de6fc62c61938f757b470e87147840fcec434b790ea8a4d02cb4e9076f7cf493144b95b310b587537e28110fe44e5b9f52573ed1bf5154b191e866aaf30b1f5e6f1edc64f68451eab4c0dd7acb2dff57cb9557ac9a74745ec0cad6a95c45ee6629c5517168e47b5a5711254cad38e2eca842b302ae30d2918d34fff71650fe37671b13e8a009a6e5a5ab31306f003fc08f0ca7dba39ee3d5d29d2c23116684815f535464af2142acaf39db5
+
+COUNT = 10
+EntropyInput = 9133df0a676e806c04b63b57a4e660f9b92f438322b72c683836e6bfe81583c6
+Nonce = a8950245ee3dd789e02f4a78db71ddaa
+PersonalizationString = 
+EntropyInputReseed = 5a667f369b625f7e178d01a35bb9891f57c1a7b26c7974dfdeb6edf95e5b820f
+AdditionalInputReseed = 0ab32c9bf88f312509494a1fd9138c4efd791209e19c6d4ea5171c8e52b675af
+AdditionalInput = 33758b477d46b91442b8e86b26684c981bd2cf2d4c3b7aa32e1e5046f172dcfc
+AdditionalInput = 4631c3d05787fb8ff998d66e3719c00ea6cb2ddb81e83b1c86241386c3ba5d3d
+ReturnedBits = 071b3482a7e661039183cebd31a693a0cea480447dddde3501a931982e3f572b59ceb65bb9579d5a3fc74df0976927b22d8c71d62217d78dc5c79f2dafc8db9c65a4ab24f1f10ce8fa991ea7054ca90709a58d42547cba5007716dad596dc4ce439813be5ebfa0353328db8dcb5c9b8823107a533038f4b44236faaa4d8f4ad438fcef98bbe1209bacc2f051c514ce384ae86e7e041cabb779a98e8255e7d7da835b13e302ce832d835fc47bc5893aa48e667c0594ee4ad5414aa2301f71d0bb0f7c28cd6157872942450dfc2d59b25eb33e3cc3b9ecd18cea4f022d96eb2a85083cbd13e238b22f62b97aec4bcb18f87408a191b0425176c5840cdbd449a199
+
+COUNT = 11
+EntropyInput = 0cd62295d435e78c7288a14d64bbb1eb440219deae1488304856cb566d3cacbb
+Nonce = 150a4cfcf033d9a5ebab5ab6da68def9
+PersonalizationString = 
+EntropyInputReseed = 6edc77f147a985ac6e20de1f80ee4e5bb62d2e31c2ffff092cdb231046e24f91
+AdditionalInputReseed = e95a76d6da5d41615a78caf48844e8b1873fe76752edbfe506788f355f3f85b5
+AdditionalInput = 1d70801f9f63e8247a8087c7b90cf9fb524eb45b0b641bfcb05cd8d90eefc0d6
+AdditionalInput = 3679663fb40fb47f6050414b4f99bcd3dd9e6d6604d92be698a638a8bd255db3
+ReturnedBits = 1d6863bc5c5657a266d73891c243dd8a4d25d96d1c4575b86f00dd67bf67bd704fd93e8de0ababfdbb8827ef3f6a26a9ab2e6781ec1c96f1fad3687868d2cfe0747990a48941b309c80eab24b433890fd839237b652c3c8c8ff21ef3785518b80f61a78f89f5a19f87d865ecbda2a40b3e9911a2055f89fea3a298076e6cc03beea87a5b8f49c04a26c4b2b045291cad68f00b2ef2d8bf7fae317513aca21b9e666ca6c22b128295da4d0356fb61636cf4302f175370a849f17fc7c7c662dd977941596c775e5c90929c050dd2cf25f65dd44f8318a6c39a31f4796fd45d6cceb2face9782bb5f16a6f9fbacefef5709e29a2a3fccc4bcc2a030e105e57b639a
+
+COUNT = 12
+EntropyInput = 6a46584bc186cdde3e7ef8b1bd600190cab1658c94b8d2fce0647dd5c84c61d8
+Nonce = 07083c6ec8acccf239ad3ed013b5df55
+PersonalizationString = 
+EntropyInputReseed = 5fdc5a8cb85d96127d2d14a8a5ff477eb59f37f394168ae0a1ead5ae719809f3
+AdditionalInputReseed = 2781e209019677999cf47303f0d22c645ff158fb2ea013962f3fdf3ba7a33f97
+AdditionalInput = 026dc3f83c476111f0968ae199fcb257bc3ea870d84db011b42471a574769dde
+AdditionalInput = 845a2d7e67d18eb432ea33e5f54eb6df17cbeeeda91be8f328b52db32a27ab6e
+ReturnedBits = 9ec3211dfe074fb70dd0c50796c1202f2eb32c09e80c6d642857fdf5ed3efd212d96294ed0123dc92e63f58e3996d104c66bebc1700ee8f67bf5d714016edc955afe8af3822c8fd72354919402bbe3867f3fc2401f8722a23b4a46685e529ad732c301f77997ae9a43dafbaed1b353f892eccb96f51ced0ef1d7180530a6d8873f2e2cc3d2afd0be05ba2eb2b32507eb1ecdb82c3939da10ff102973f6ed6337cc525f1eced3e704280516ceb12dc691eeddaa6bb682ca98758fdd0c4894ea35c58ec473d772314dc9d14c8aec1df639014b8308bb03eb9d54d529bdb10fa61d8d452e3e8430253309bf26b798fb6efbaa2f2d8f565b664a1bbf90c05a6584a3
+
+COUNT = 13
+EntropyInput = 17f6558422096c315c90f677e3b981d4588b274016d68bc6cf983526909b0a35
+Nonce = 6bec0e7c8236a0ba5a02aeff7d14f627
+PersonalizationString = 
+EntropyInputReseed = d65dd18492d2f4084252eba533e83353952d31a9cc73a2b1095b88a3ec16e350
+AdditionalInputReseed = e7f10fef660317512f2a7076a56790a20dfaa844ace419d1475a3dec89e77e4d
+AdditionalInput = 199348ba17963717e0c5e7a1d299861809bacbc1229e66d0df82a40beb51ba6f
+AdditionalInput = f2aec87130b03d7690881ef1516f3bc24da2a041e85257d076b648c29e1665ff
+ReturnedBits = a0f0cdfb26ca8c7a2a6efde17ebac6745be136e55e9641326acf0c87a4dd6596baaf580bc8b5114cce64e7ea418cdefc317ed74e3e762c32e260b8159c9d6cd2ab21ccc42d10817f523472acf13df6db9ceb490890735e90659f3fd181cd42e8ae34465cb38b8c13a2bbdca149d0eee38aa73c65e1dae727e60a0d1684cf7a06dd29c33db46a6de0f341e9c1b0768e3ea183c89db022735c5a03e2910d3f63d5c78b83a70006c0bea69076e8fd3d9576aaaad09a97ca973c94437e64ee39ae81c7a666bcfb41154b2c1864e627f041778514284bc31a04acc8a29ed1496940a6f74aa77850433462e3b61cf12041d57064bf3fe2ada1de03bb1d1d057e036789
+
+COUNT = 14
+EntropyInput = 0152fedbcc60606396131cfac31f5433c3f222ac60852f314c16d5fb2ccd8d37
+Nonce = 728f8db21d19ad150497456e542f81cd
+PersonalizationString = 
+EntropyInputReseed = f464adc53792f938bf77dcd5ad1988a2252725b8f5a199369edec5c148c61bef
+AdditionalInputReseed = 56e55db916f7962b265945f7f88492f105917a68c5e96f40098c5cf9d71ac692
+AdditionalInput = e5b7e8a1dc48dbeab9bf2cc939dfe07bd6da4fdb853f6ae706c79c50978ba20f
+AdditionalInput = 30ad3575a75061e4d0ad73c2a8e62e5127321b6ae3a38a94c8659bed2cacea02
+ReturnedBits = 6dd8125e0e337c315b0cb6566562fd6d6f968fbba01ba29c419fe4a7e316662caeae9cfa010f64deed9257f38969ec45b99b837d5c4f1073b9f3353164226c874c7c7ce09c360f65515bd1389055d097c3f78eb0246a5e151879dcd596dc6795ec00a579dbb03002b53581e9a02c2c97ccbffd0654a672527903a4b6ff11f638dedeb680828279bdfa488316764f5ce47af69af36f2325cec633fb513c64bc79e4a70e22fd15c949d5cb4d9d7745e0ccef3561f26310bd4ae591d26c6aa23628e0b686fce168411dcdcc6be82618be9c8a02697de95a00b6101a936e9bb2db50c423c50b6dbdbfa64adfd5326f17d298db5f3c39548e90ceb8c5a9aac8e699ab
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = d35a92c957932b159cdf5d64aa9728f6f487a15031185a9436c9e0195c0511b8
+Nonce = 82a397da4f436fa8e084f2974477ea24
+PersonalizationString = d98e4f1d807362d54e2d17601314bc4ca0b625e7028d8bac3fd0e960507ff140
+EntropyInputReseed = 95bc52673918316bac4ee69869c5166743e69a6a3571ae752e02428f879aa212
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bb0f228463421ae057ee27579750e01e15f037c5286af4587ac4cede172411da4d557285ff2a3b77a6040754f5df18c3dc4d4d445ee0873bcdc46b364ae905b90c6ceeaba02d6d0392634c1d255784a521d6aaa4c8c63d9f401010b350e3406eb89e4dc666242b80ff07e84d95025c00964fe7ce764a9060a664bfe3ad84bce59911dc2cf3590f8862217d4b743324d33f3e7c1676684d2bdf89290229372d0fada5b8a592bbb4b406b69ed9f3a59d6c3f0121398bee43e2a4abc805865b47620eb0d963a35c2d933743c06d43edfa7bc618b5548a6e5ee23128397fce9adf1b29d2b2acccf88d76ff98112b9140bb82c49b08fcaa2c10e42b7f935429c64068
+
+COUNT = 1
+EntropyInput = 946d47881fabb3faedc6cac82092a257e29e4dfcb83e99017df6dff2e3cc4884
+Nonce = 1c8554a4ecbcfb8386bcfabcb95936c1
+PersonalizationString = 25d14a1d154cf5f2f08979f5288037b2307f8b2d6d110b89879309e0fe3f2cd5
+EntropyInputReseed = 04a80547db907db87561f61af382ceab2b9f00a066c8c1e53601f4bcd3161645
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 95ac17e8e10ddf2f8073ca64771a825b6fdf33e6b102fb06eb2159e5d625b535458e7f0ac84520d509f4e58c55723b783fa7f7ccd77679bea824a1dbef0c368c2baceefe87c03b17f9c066d38156af6a73d15c39cd74517487e38e3b177d9a6b19c3178fc7d72d097492e8dbc2610fb32f9b3f116154fe5a5e8090012583aec3d22d7ff8fea5078ad6c08420ac1b41f18b339105863cf995fd6adaf9057c7b9e080f745b9046b68383fa01bd52b99a49f46837880a17cc07ff1d742f8af38e45c22b1cfce6c5c072fb69c562b5ebe15eea78c218e8e31d3ac598b826977fb95f537a1576c3a84a3ee0286fc458967297e6d2e6e5995748cda907be2221281b0f
+
+COUNT = 2
+EntropyInput = 623a62669c678c8d18f547b40ca437b864aa8c90e1f43ae44c8de20a12a1d3ef
+Nonce = a7accc00b74304f4c659cc8768d282d6
+PersonalizationString = 5cbc549598fc80ab040b477a9189306c7996bba26e69e190cb3881b127f1406b
+EntropyInputReseed = f07f5471e6826a8f4d99ed481b8b8445bc913888e47230b9334a81db231b2691
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f3a5c881da2488605784155e6b4cd405ccfe5b93f61da365428e4d0ac9df9449c9c80df881dba443f1951e1661bcd917c50348d8feec7dcd39b84a2f483868b3e1d681e47f35d0b219e110e3ea3c631f9a6e465767cf54c2d0696ea7ebbbca1e4ecc2aebafacc4bc31890b6b2cb2d369cd1a0af579f637178089f94d2ee88a91b78d5d31899e107d0b9785b707413960516720aa35d7db5ed5bdc13385a70af4623d7b4c95fbda9ccbc032cb6c951db1973f12950cbae82a1bf733e86d82cbbd1b3d7faa62618beaf5fb10a1be8d4a4c12bc9efeeb1e3d9db0ca047c9e9d7eb84715b95ca1520a60bdf344a795b3233840804a4b25cc7bedd9b8ee84529affdd
+
+COUNT = 3
+EntropyInput = 08ce55a4314ae8692d0bd2a8166dcdd6e21b9462b3488aff1700566cd17abffb
+Nonce = 1011c67e3d9939a1272d44b8db9e197b
+PersonalizationString = 35c1925d340c15ab469c65830df85d92743359fb9a7c277e56dcefba8fb9ed57
+EntropyInputReseed = 06a8e464c4b3a76e49db132101c75b5cc0701f2d611d9729fe7a58e2c28ccd23
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b728c0124b35f5d48f0d255bd6da07d550a8b7ea27e1881beafa3203d868043d2f9a380df20cd1eb2bb6aff006d0c53dfa936cf18ef5e57d3142905e9a50da2fa083afc033b7fc0b2907eda90f469b27c11d4b1622fcef9bbe5fe8dce693b4cd82ec48f37eb5d1559dafbd1546cd428f8641eac16c9af45b69215d0522dc8b39680fa8337ee95450046dbb23290121ce65b9da45449ef728598df68553a9230b0c149e384719f1573e09d9284314c0f2e935c506d8c2054986c2ef3b7923045db96ee1c4c6947fc53eefd3be3835028d42011ad34a326029696aa8eeb3feac73652a5ccc693e42fff659ed4750567b52d636a3f78d6cb0acfa1145873c514050
+
+COUNT = 4
+EntropyInput = 3407e666dcb9e5a47a31606346eb8d80608c1c210c450235ccd9cb17e61b2202
+Nonce = e8e4a3d455dc30d246035f69dd474c7f
+PersonalizationString = f37a8901f4ecadd266cab8c87fab7c4d7cfad3e265959f590ab813a59df7260b
+EntropyInputReseed = 433bec7a616a39f3c6057683ed4668858750dcebafb8c7495feb69895b8f5f08
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e39b55ed5b03f2aa4fd4781e0322c6a73691987b4ecde2e96f4aea0f8440fb3fdfe4a12a9098f81b20885fc0468eeaa8120751e7eed47d198fae3003bc87e1c85750e1827fae103327f1499815abf9ace5d04ff04f93c66429934929b840ef8666691765e5afd57da14d45d8149139d83c3b794f9a9854046b455cf45bcf7bb8dd80de49a660a7eb3e833e131c36f1b6f80c2d0a43ff92b5e68c69676c10e02d8363ca9acbe5e9e8332d1e29d154c0b750952fa535121b711ad99f002e14b25ee904ee4f6de0f438622068ad431e6edd8ca89a2ae546e69df7792d7934063310f8c9eb0ab1ecac952e70e8f0bdd6982f1ab3238bc6a2550f23b949d73d102536
+
+COUNT = 5
+EntropyInput = 38ffe955b0dc3137255c6f291cb657f9c3332a7115e996c5ae9587b3b6d5338d
+Nonce = 53eb4bfa6a8fe768b1a0ec1549983827
+PersonalizationString = c1a0c8c989304396329b1adedeeeb3ab06ac2bf967e1540b186a47965f20ea97
+EntropyInputReseed = 0f29b0241fd086a5c15194f67b0615b790258f9810164853ce7d0cf25919558d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 71eb038c1b4356f5a7259dc5de232b527d4db8ab8e6690086957e77c600a8090cd8e78f51411890ca9ce189fc7b7ce1e506d8fb33b9e36a0b12258f99d471a0acb3b1af193d9393f78b70549f9c1c56add3f103db3e29c52ad7dc73c9eb0ea37540417e026ef2ea9d98bde002aa5e4b59ffc9093deed93f8ef27003dfa0c17d7e1dcff16d365927565da9b283df6132b54487a78adf5ae703e68360810dfc3be0233ee795a843d325745c352e9a12ce84439d73157fb0ddf3d266c222a08d3a13ce5a71f6820d475ea1d828827ced118865dc08b1e44234194fa048420168f8aef50d9f86644abc63835c8d78f57054cf48bec601d82bc47a8a765f38b6ad731
+
+COUNT = 6
+EntropyInput = 45e924d73fe2bc8391f8cc7b5297027a4c2d3fae76fe387437b84d83501a6460
+Nonce = a658b87198685e2749782b2b17f0d03b
+PersonalizationString = 46cff5218cdfdb3f889b885a1170987fcc9a6f035e95ce23f9e67d57c3a5ca2c
+EntropyInputReseed = 4a68662ee0bfd76291741e0da51ecd3b5e7709f2c09f47548667c50342f69a92
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a69afe9d05004c3f4dfd99a58e7ccccf45c7998f8ce3c3b69a6ef3058cebc27fe698e6df53b582cdf168e5844a76d05845d305c7755194df580d771b4b977761ec338fa311f0e0e645da965ee90ceab2f677bb029e04ae05fe8645d8a9eb77436e58ad4f1589fadfbc4ca38f4f1bff60bedc9749b8a45ae86e18cf109134484d0699d7a86f378d5724d5c202337ac46a3c14479e9d0e43c28770aa636918f0796c9ff28e32669dac7d2f09a0a254b010c7c985a6310180ea4f202e2e933e163fe8850850c0172a8446303b5762ef3da12de23f547701082bf26a0a09a048c2b50680d4b4229422fa65815cd42f8c2793046633ca3226f23c0bfdb6265333bc4f
+
+COUNT = 7
+EntropyInput = 3f58de03b2dc7a27081bf2fa23f33d15b21083511edf5177e1cecd9a0e4ee56e
+Nonce = 2e1d214b8b5cfa98344f5e2363de3050
+PersonalizationString = 7356a58e1f70a1e62d8e6d35c81f80ec92edfd5c83efda0d188d7a48e982a1ad
+EntropyInputReseed = 148f6417b2ec7efbc3198d0c045d72aed49ac88e9941ed4f2cd7bfbe0567b064
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ca227e4671960be6cc5812e86d0eaabbe4c2e99440f561a334da0257e94c08154c54531496e1a563446a388547565ff8f8c50a763dbd9d7711f59e5a4d3cb7fa7151de0aa61415dfce3f55cdd9a41fc13cb77cf06aeaedc1868356af7172993e2d03edae87e913483d5b80f5ac918a77203a0c58e9d5b791b2ccf39dd5f0d0ab04a580cf0ef057af937e8244cc7389a854948c012cb5626445293d7f45ade0df925d717fe64927436530383cf1353c0c2c5a5c57a3f8a36ac9ddf47b2a1c9d848656144cfc083bdf47d49cc0cbd1aa1af3b0a8f108391dea4b6be2eb5969f72aca605234ae912addb1d9cc0ea8cfd2a25824cce551ed5018404f61ceb1977a28
+
+COUNT = 8
+EntropyInput = 8a41b87b91eb5fd6f1fc287f497700326788040e89e78f4566a095ec398c450b
+Nonce = fd975059af8b7d9b834899362243ad6f
+PersonalizationString = 0f6337aaeffa6b97060b2c1d55dd650853c8b7ff22bcd04b9d26a9a49b15bed5
+EntropyInputReseed = d4624cd83490ef7299f2851e970b5d4392420052d5a0188631e1d91080729bf9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 78912cca929228aeb14aaafa223480653c97a65d90f730c9a330d3d57cf6acbc029c7d584a5bd16a269fd900a370e54eea696996e05c6157f224127ccf0e721768e9782bbf38bba6c1f4b6fd9eeb8231fc71a06649f564c498e65df942e80ab408f6a2bd11e1f02532984ac965db1a37c2d2fae85a243810eb5c795cd66765c34c2fbb2cb0e396179891164b0d50ff3f382ff36211e45693b6918795da2caa8c1f1ca98446c58a74a7c9903a6763f06e8ba91da251b16fff8ad793dddcfd90dda4217f546eb4ec2ec27ca321faf78d740b3fdce8593cf0492b90e115153b27737159448e43cee29f055bde94d0528cd5f0a54fd8f43db1db92bb58aeb840b31d
+
+COUNT = 9
+EntropyInput = 63b4507164427908200349b5bea929cc27f0885af8910abb5bfbb639f01879f4
+Nonce = a2b060a8f1eb046015bcdf41de26eadd
+PersonalizationString = ff2538d8b2eaefe11daed282bcb902ec17e427761f52876e0f710c16a66fac46
+EntropyInputReseed = 95dfc171ae19f98eaf3042867ec0e693afaa647899b50172cbda1bb06f50d9eb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7d67cce088f9b12f1739dcf6df39b7235f007c7f4c3fc1f871e9e4abd44efaf9aca6f92a00bcdf5b0497aadf076edfdea2ec35120edad81637357c6b35f82650731f435337e990704db2c1f2a0f705a9707d04b6f50881601cdaca650f146df9dac9ce974cb2f94c91f1fba16ac36ceb61dfc1cf4a7a81cf79a2c8a81b5fe8b6a2a24127db8ac4a4ba34db5bbcc0c8ac6f753e9090c3cc625f88a6c969c5bb86e23dc359146d0490e8d55160fc291bc04b1aa7f4c51dd1b6d843dedcfd66c3167330c9633eee926e1c38092f3e87629527ba3ebdee5910933ff0b5c27f6e23625d1ea1ba38017d402a3437a1e0409f1498419697edbd26c22354f53c997b5142
+
+COUNT = 10
+EntropyInput = 50f6c8c043f46beb5d1fb612a73227a4767c4b73ee7f3321a60f96ff2f4b3fe7
+Nonce = 185eb38be58768e3d2830abc1f86e688
+PersonalizationString = 9a97d6830a3a37a97a13e41125e1959adabb8138b03c64fcd7269d3efe79e04d
+EntropyInputReseed = 567e184ed3cfed2f22c6b2e8f04f6e44fc5168627269284a4d4ea0ae81674098
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 099f98641d077938b0fc380f4053aec7f4170f8331b27eac2d0b38bbaf9749ca8a22cf76feb8f5e87e134836fcc5e8f916063f652334dc6d9307f0be08a3bb7768f092dccb8a721998f8544d16a436b470c5849267ed90fefc11d2534715c51e71acbedfb0f534f7b8a90e255f090e6768dd14c09e3c6ce4eb13ff45493807b9a3a855348143a60ba63c5b2fe99968fa666e39e4013a4af251bef9a4b80950839d372d1831fd3245968c78f74d02902a191ab05e328d9f93f95b7de7b4f42d651992267eb1ce0da73ce416b8bf636ef5681cda090b832472489368b6bbb55d9e292c397910b964e4c6fc44d9b43d31843d3a1276793287e45b5fc6d38fd29b54
+
+COUNT = 11
+EntropyInput = be9258e373126d68b0a9f3d90c5ead7a81f811227101add9130eeab4efcab40b
+Nonce = 282204eaee6b7ec530176287315f91ba
+PersonalizationString = 49d6e0e551aef0e9a46d9da24e0b5b4f4d2831750d7e4504201a977af601d5d4
+EntropyInputReseed = dafb0782e9b22a3f508ff28d9d57af716447c680bb3171caa76b8a649743b4a8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = aad569803946fd12f786bb910238400ab5a0d278f26c9fa2d2bb8c5cf912e990b5bdfc920bf76b87084691908a3eb99da9f41b538dc59a94d65bddbdf1d86ad25b0f560119644d43d2a3497d076789caa81459dfe2f38c4b8795702eabf85a61bedbbdcba46e718e503720acb78319b5d218cee42578ca627c2fd20046a40bb0b7c96e1ffd673d6c3bbe92446d1bc25c450e0592a44c37832ab59a085294aa23ea500d1170e03ef2ce04e916b0f3f08bff3151114341c6a4564a41ba144fdd61251f59b416348c824036757c3bcb2785fdeb0731a581dcc7629754ead205e54c261e555b2cd74d869755072b81aec5adbf11629640fe9a10bc6d51235f2297f2
+
+COUNT = 12
+EntropyInput = f94e2555ab870be715361edc1bbf283ddcb439aaa761d303022256f24a5cebe2
+Nonce = e644ee0e049a08b4aa98383ac1f39a67
+PersonalizationString = 01d1e3c6e0e1445c2514ffa383ed78321206efc6fb8737bec14dafc9f9eb23d2
+EntropyInputReseed = aaf5768cf73e330f516b4f870f2128651b5b4ab28f90b47a735afcdc42a51ab4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f4e0145971e9a71e6e88d36f6a792d1cb6b798ecc74ad3452bfa61d6bb931a6578222313a8730d5dd013a53dfd5a1d1967cd6b8d0a5cf5a90d1e2ca86718a56951b73d37513be1811318cfe36d7e951504e4890642bb2edd3fc9c6e73031cc5489fc3c314fdb27bb6f70f58162bb80b8ede284b75580bd4d53f68d67bf927c5b34f63a172b22af6998927a3f0d633ab8191594948e57149e890a27c48dcc5f8f72423ef2937c155079e7c7304be8fe977e79581d6ebbbac1fd5cc1c9f3d1430174d9c5d9c8a61efd999667d764db0390212062d5109b511de999f0ea0b673bcb9eb8e25c6320153a5df5d4bbc93dbafe68d12d953f680551914279769cef9aec
+
+COUNT = 13
+EntropyInput = 39503f57760438e7ccd25721083e2123e52488b7e26db722a521bf902a92816a
+Nonce = 40945c080bf62629d111c1d968815032
+PersonalizationString = d514d168cbdb9e9261f6c451f4a1e354153c00093177998a2c649e787ff47ba8
+EntropyInputReseed = c5aeaa8aa2dd28b58e9da88dd2b59165b105dc01f03c6a45f745f7fd542bbe59
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 37db4d9498c9c3b4b22da7bf71fb33fc3eef21d140c196c3fc32671005d3ff53fff22d5985e0d40784a459a189d4bf7815bb1eb60e6a1d64049013492a16a3aa0738dad282b4a4b74ff99d5e4fe397a1a78b978e62b3504c4621de1c4aab05b109cecaad54202b511f0ef00b2ac5011c87b1bc61366044714d47ae72a34890dabdb89ce8a8fe3b849d98f517cc693fa25a40a169c20faa6908d286a7cd61376663d485165d7782de36fc04dedf64f113081a888091165142658c7ff405305f7b7e24885c47130d2c958d0a9ee7af1a4e4f1e90f56793e753756b7e7a03574f60b1e37dd92db2907d08227333979a6986fe5fbd9f22703c4a59d7e0c83e44cd53
+
+COUNT = 14
+EntropyInput = 3b915501e56a00a53c47b2b7de16a71df69b42781e58586011f552d477432624
+Nonce = 0883667b098dff05c6da0b11171de0b5
+PersonalizationString = 9b55175326677bbfda8ee98988ae2776accc8a65547fbfe5b0cc6d6ee46b1a02
+EntropyInputReseed = fa8675a5b5c64cc395fcee8d692d9b9675ab37f9a5830c340a7571f5f2cdb0da
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 107926b005ab5205c04e1f9370e095c8fdc5c7ef550810ed7ad9b0663483ce3d93987f72fbd7eebf64848d064a14a0602956d40574bda19dd94438c268dc497fc2ee99cb226f6b3a17f7a425c4fe7beef212b3f69727a2259d7fab2e203490a39e94076f48b773f24d31abf1666fc5525067a74f2577af3742f1ec37a432859216737f7d30b069b32b17f62fce93956384e6d1cfdce0c258a6414dc77f944bc2fb96d92437ff5dd5d5cc97598a99bb02c3a23830a704d700a67ab0bdcd5fb07637cc58538fa91191128ca97832fcabb74b7d5b87f27a08eb35b612e37e93dd12ba35d5d4d37ebf6b6026d65c9f0af9bc91f495d22b4a7e4c125de7979e8bcc25
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = a86f848f2a5da28b0a68737a2f9fc7a5f9092a13b4236feb913ce2240b28a429
+Nonce = 2cc7750a39cafd1e12605238a73f7d6a
+PersonalizationString = 289186885a709ce92912776b9bf7ed4d3f5e144a59c03cde4c59e62cb50dab41
+EntropyInputReseed = aba3acfbbad9f8ff43926ec6e3c247ad16ef94cd7e555849cf9cd2bca47f83c6
+AdditionalInputReseed = 2a68a542a457b3c016d5997bb264c23257d969a9bb188188e28f3410bdab32e4
+AdditionalInput = 86ee2416ceb20f832075984f285a76d9119eeaea37197f0930c69f498ace6e2c
+AdditionalInput = 92189db700cd712bb997d67e2975754b8dc4a59651c34fb0c9438d0305cafd41
+ReturnedBits = 8cdbb0790234fcef29c80dbfd3cb31a677f912efb31bda7c6b202413f2baf39d751594d96b0e12b88469615a21ad23a8c0be5e40c64f1279b1ffe75d0a70f172f7742baf1965b039c95a67387ac9b02754d4c41d98b3b8d9fb2514c26c4970e358fe11b53c91fcba513139206bfd53d2aa8ad555c8a365355ed22c6944b7687ac78cdeb25d2e4b553b3a59272943ca46d69fcf3a60568b05499b16f95c9824539e66caab991c54f99a0f08c71b9d3a6bea6d646e81fbd121f6b272d4f2766748ac97990741816a1bc60cdd0c797d6c0df8b02e8e84fa031be14c1f86e8be14eeea09d3ac3c9b6c626f7b57ebccc8f3bb197b6512a8e58c8ef20b4a13a928934c
+
+COUNT = 1
+EntropyInput = 23eb204c804606b3adf47e4a3400ad8b3ab79b5cb9b30fab5c9418fc76febcd7
+Nonce = f0f839ad4e69cb31e70df3d68b7b2ff1
+PersonalizationString = 86644db937d9cebc3e9f2b4e1d8ce1772cd23e606dad4f5b4c61f106dd23f6c7
+EntropyInputReseed = b18b2f81ebf5f2171b5c2b09725d32f1f1eca376179e24ed99a3b517504a393f
+AdditionalInputReseed = 4029cad350b4879b9b9514429040b42aa3f5c085210202d5f2eef74d58bf37b3
+AdditionalInput = 27329a916efe52c2aa3a9a2b58c18223638a700c386ecf8dba6577cdf6db7159
+AdditionalInput = f337283f299cf3023a262fa118c9d14fb9cc98e56e7d1a2153d2f103d2bec761
+ReturnedBits = c9b16a02ac460626d2127dbcd1c3608b03f13290e33379ea75bfadd161dc180afc0616328aaf805e3209c307e443e897401ef0b63995b779b5450385a8d989e9a535713366b372a69b7d322aca7b9b0c95f686636b4198f60ad846559227cad2059acb626240e8370eec108ea5c82851b733b060c56bb2c437e73612a1f35f84cda5ae96f6edc9f8f794c6a40142dcd8d58f36cacd95084b837d23bef2f079870a3bcd74aebf58a20ae738e6252d47c5f7f4816e4d85d6ea356c17c56f7bac5001ac0da335d4af5c5bd50ce66625616fa8525f2c582c0f2d7cf735a47b7614d9facad97704db2519a146faf5498c98c9dad4dbe2c1b4ea3d94a38d6124e4930a
+
+COUNT = 2
+EntropyInput = 21752c7dc32b37267638fda100a819010a44e61e6d73191c8d7ac02ddce48926
+Nonce = ef4a97508f31e388292e2f72424b2933
+PersonalizationString = e247b8de0bf626c92f515940422e7e7c29dc2f0c1cda0d0d1030cf562926ee38
+EntropyInputReseed = 7e37e3d183019f368260a05cd866c59e23b8349f90d3bf7d82f8aefc5e83e796
+AdditionalInputReseed = 33a8853ce8211fd2995863a64c5906706060f0430c2ae6e22dca565e1e41d2d9
+AdditionalInput = 046e7dac2d14615c113162e4ebb271c7ecadc5b05e9a2c201a75dd7e23256dd9
+AdditionalInput = 39a92e4fe789331dc7e5b1bc1c3bda068a20980a184f45472600d2cf0c2b0a7f
+ReturnedBits = f97fead8329f754ad45f7adae6f840e54bb352173dfff172fbb6467e3ca84eab22f265f9d8c4ba0b841c3337cbd6a2059c1e565fa3f1396f2e3e83a10e1d3001eb45bd389ffa70d207644feeac1a964185601e7c28cf623a390fa9695e10a88a9d6c1eb508a1710661b02ed0cb069a5194322cf41575b21ef6d6dc7a769fc76847802ac41e872bfa18c0512a8d22e3539132fc1b87d3238485dd2c5e0605a7c0f25cb106a37a86b35376983aaf46d84c7dacbdbadf14e54704aa2310001a0dbd37fb8481f1c4ecde625c43aa5fdff3fe78c80de01baf3b2701fa897c410ac989b3b7287c658ef4915a53b55519248d7b110639c2df61ce77fd751ba9ba378899
+
+COUNT = 3
+EntropyInput = c3b5e4d0d1c6d2ed6557d9b5b3528a2cdb2b0b06607c8f17474b77225fdcbd51
+Nonce = 91d60a0b51515f51e74dbdfb2b4b2b2a
+PersonalizationString = 96c848b5296b099fef027ac126f7cd0f9ee054669684d3029f9554f5789b55a1
+EntropyInputReseed = a55c9194a69819d27bf47074110c1305476e79581115994ffb3eb8c3a60b5a5b
+AdditionalInputReseed = 4a340dc5ca90ba1c402350bc8dfce6fbc16483e0cbdfda989560d1d1bbc70986
+AdditionalInput = 8abd9323cf0ab16a779c6c0e566c4a0a0ff60b7d45868635ba8bbdb5c6877764
+AdditionalInput = 278e4991417c74e9b577d4436350614c50340d60f0ff68f05c291a7840c22609
+ReturnedBits = 177a9a461fb841db2aa698b1bbbd1f0e044411cde8687fc4a28ffcb3d82f1ce7a30f23c892a57c60b00e194f4c9b312b0af2fbdc45a0741858e777a6eb67f8c2e49f80a7ed6f9d04264fb17f057224feb97ef37472e4f22d49c08c3256d1d6e8209d3f762101f3911a0628cb91456d1660f350adeed9a91c7aa3a3f8ca4d87962fc77132a3607ba11ed52acbb99bd24bcf04fe2be4df3976d97251c37fa27eff5448a5adfd8ea2c35d5acb4efa24cf735574aa7d6e70fb93bf69099dd7773d56df2b1ba95f5671201c2332c7fedb7fc0e935edd0d4dc3e615d0667193c287df7e6f2abeab5463161faa051bea1fbe170bcef179179dd1cb856f5aaf407a1b588
+
+COUNT = 4
+EntropyInput = 396e5d566eb0795445e577664159f0a1884e0fc74ccf695be885e3e71c154bca
+Nonce = 64ab056bad609bab6e18886912cc6e6c
+PersonalizationString = 239624e9284496a6efd5e3866a7c375a59f52319160219358a6dc4c995dfa83b
+EntropyInputReseed = deea680fd13ce87624b09429b8c7cc5a5be903fd0c5586e812bc067cb14ad428
+AdditionalInputReseed = 42719f8adbf1daa5b82daa5954763b790a690fef236f369806714982cd4e6a64
+AdditionalInput = fbfc21c589420e3f4c3409a7407c8117a413a8a3354659bfe4c382db4fdc2092
+AdditionalInput = 14ea9a9ce264306fb7da581d140e7c37e28fdefe82de58c06d3540578e56a4d6
+ReturnedBits = b4de93472486b47f9f817e9b29dcbbdfd3e39133625f158067d5d06f9ef47127652c4d2a22e4329cab3d1e7102a0704dcc027a70978789ed562dd7180ed321f12d9ca0584b9b1c9e0c426160ded7c0dd13cdf6cc4e7628492c7d7658595afe7412ddcea2fd688e9418aa7ce15840b64742089fe93de7483c1f6a8d2609638dedf7d443f20c06a0334a6a8e5ae8848fd128ff3f1cfdf9d8a14e3fa9b1c5682c4312e308aa02cc17ace7c0d9a623b68449cf58789db36bf469643e867d95bd5a3da04039e1a1f3e46703358a843a0dd16d9313855f39ff0e5b41bd04d3d40359bc2dfa1919a29bc4c27c9e3b24709b460fbf39abd3ad3ff3d9f6d2e0abf693deeb
+
+COUNT = 5
+EntropyInput = a1620db9edbc1415527e13e96e93cd4643f8ad52c73ea875c3dfccd3f55f8779
+Nonce = c4e4408b6ea4aa187631253bab1f27b1
+PersonalizationString = 73695897d8c7bce3fd51331dbe676f5232ff4e5407809ab9ed675c18643f45a2
+EntropyInputReseed = 6dcf5f4120e88a61af24ad520f63dcfb90966c663a3404b750e17c69626afa49
+AdditionalInputReseed = 083a9ced313ed6e2c25f7a6d0013544a4174026b6f3d7f723c2da3d2a95e2be1
+AdditionalInput = 9ec4df36060e1e471da6f716b3811e065d507cd0b5e647eb5b58a5a09226b571
+AdditionalInput = 6712aa9e76841eef4eb9c4d46cab29f5b58f56aeaa00aa2aa13ff23280503236
+ReturnedBits = cca94b9c5ffd584880cfc848a1dae3c09785157be4fb49821ab3bc494e7efe5a534160c0b3d703d0d8e497cf6bbc6d0283e1c8965ce524b6921f94327a5e305a34f8d32d7830526f8f70c90d263138d6fea614d45e2a5cc886058c342bb830f69a1993dbc06abb32a84a8f74cc0b79f4d6a162cafbb2d96a82dd411df7258444f3540531eafbb58c5c9e2e0b19c89a2e4ab26c4e15401460c39ff573cfc9b40bddeb7e43399029c53dce7ad657e3230975cee307cbe478d100e827b441e33dc1f4c7ee6b51dc710bd7a78c8c7ce82bd4b1d1c72ed4433dc7716e8487fcd3580ffcec2c4ccb91cb57ff2d3a666bd5687c3269933db0cc741ce7670e56daa54421
+
+COUNT = 6
+EntropyInput = 7053cd408288a1b0425fdae1471e4b0741ed5de9795beb80c26bffdcd1b100bc
+Nonce = 96f998acca08a8da8027de25a68edae6
+PersonalizationString = ec127f372b18d4a1de61c898fbc7a94f3952bd30c930e6291014b262d4f6de70
+EntropyInputReseed = a6c544eab719ae7629526b49c6961e4ad0b628db8faef59f5aeb9f55c0cb7298
+AdditionalInputReseed = 0790adc5c261a902b924253fc2b8c3d2f04f61bfe24fbd17da384162fadea6da
+AdditionalInput = d9b0eb22a6b64d784210781d872b2453b0e1d463c8081330e04df3ce2687ae23
+AdditionalInput = a80b3f3f74f3e7014134bb52d34ff24e2a434efe34f138b7279bac99e68d54cf
+ReturnedBits = 00385e6f9496c3dc36a2b6369cc01b6c21fb54cbfe1387a209766c40c55bc7774a6c6e5ea2d3edb5b72b91114451484d9db007751c8c3ba16c76a8a8dd9d0988723cee9633abcd0ce4063ffdc8cde3c8e7eaf9d19ca6a3837c9ed3aa4869667fb4e03e99a5bf5011eca581f4185679994fa9e2ea40840fb64cc344296cdb5bdd81bc771ac58181920b7997945b79c4740b704ec9ab4752887d819ab74fb20d68a00eae1fa9a1919faae6cf33c9409aaba291cf9748487895f4222b7abf13fe785b5b9d4cf25dcf9ebc0132e4b5387fcd7b4f66f0fcefc21dcc3bc7dbfcc8d7717812c25f27bccc942b937db3e52fb986887a6e5a4b8d73638f123ec0acfed534
+
+COUNT = 7
+EntropyInput = 96448c5be576b0c05d9dcc7a4847278650199191aebaa361594afe00a5025ba3
+Nonce = aa6c52efff5adad96bafd145f510d5bb
+PersonalizationString = ae3ac39960c7504b5a492e88c381a6f949faa3db0e76679ad1b9438ab43ffc42
+EntropyInputReseed = 75ae541bb6fea486b687700e20fe2caaf79c2e91306721cade424dfa44536f13
+AdditionalInputReseed = 1e3a659f0252ab74076db19ff5bb537c701c9da3b08d82f182945bcb71c9506c
+AdditionalInput = 439e8f3703f281a5d4493e0286257bb6fe8c674bf07e431a72b5c3610f170e08
+AdditionalInput = b0458fc43db375b247fb529c71f6ef3090b59b4059036ff0eced36c391b2fab1
+ReturnedBits = 302ecc70f2dba161993fb9650b938aacf60876ef09b025ef8893d656e0708aef7352ff3b6c166d313935fb29cf130fe4784ba29673d32e53e8df64c05fb17405a30ba17632b37c0eff1af77b2cc095bf977177d8b9d51656093b1b5612f33737b25bc53a9ce5d60a1710d562f255f68f8b3cca5b71f3106861ccece926cdba0897f3c599536bde6b8c921a38760c40f8246673de621201295d4d153b652efde6de3566f63c1ce71b2fdbe0b39b94074dcec716d99867fdc350b51acc39907e21d30d892dd25ed6a2ba032ff1ba0fd554419ffea680bdd88844aae9b42e9ef7908ab2a5ddf783b3d83472b4cf4dd30e9bd49710676363be36b0ffb969ff8d848c
+
+COUNT = 8
+EntropyInput = 73d7933ed39d7ec0a504d79ccb218a55df470717d0f989b3015675ff49abd3ce
+Nonce = ca922bb78c637956193505d5102349dc
+PersonalizationString = d5927bb206696414fe51610d48d6bcf5cb06336363d8bc95fd3ee751eb8d4e21
+EntropyInputReseed = 39a72ce2640b341956abfd9e32a23b82b830ea23ccaf51fe99a62680780dbb43
+AdditionalInputReseed = ec114d7805edb548ae961ac83af23691a9df44a1b5324bbcf34fca490a2eea85
+AdditionalInput = 827887563a299c393363d1722b48792b0375f4c1136dc128e616fa94a6eaf882
+AdditionalInput = 3fca0bf3d7d50a453411e11f330c2ef301069d9a9a23d3689c0b7db1f0981831
+ReturnedBits = 97e00fd3dfe9faef2741849e604888b3f08cea5e383055e4b694f5907efbc72f5eafe88be91fec11493e2bc359f17ecb44962efc14d4e6f1bd2c7d7d9c7dbdb93deabdb475b94b66b61ff71d5f237e5eba1ad880287c845435d4d66300505bf6f14fa038fab820428649e2d96767b227079ab00439d887ce6a58d19749ca853ff1281264958ec4360ca77a120c118a22ea83542c6d4edfbe9a8c70c911d198e5b99dd895a056f80160d64227761ed45dfd39651639534d4e6d21d4d2e36cc95a0b9bc293d62e6d1cc5a55198fd4df1188db0a7454af9c16becfbe48f0f361c59d400ab81b5353ed2eeb00e02e220b3cedb49e402ddc6a12be95d644d37e16ea1
+
+COUNT = 9
+EntropyInput = 449a1b5d5ed5393686abc28c5a8ac9ad68cd0b67fc0d3b801b6fc4198996f889
+Nonce = 54b0d5917b1619c0ed62127018704a04
+PersonalizationString = cfce635c855dd93d50d7d954fe3c59beaf0ab3cc0d083ea5865e0b8327148cb1
+EntropyInputReseed = c55987676491d127b3c95c570bd97eded35a128ff3bbc6823122e0d9469b22c2
+AdditionalInputReseed = 0e19985fabc3b3617da26f2e84cd0e7efafabd2fa377ebfb939f733ec3b47045
+AdditionalInput = 7d1b508e1d51c384c0ad19821e86be9dee1f338375356355b9814b1bd99dbf21
+AdditionalInput = 6dba825a91db5e24437a92d85c692bcff7d8d5dee2a2ceb6fe82d80c6e0288e5
+ReturnedBits = e7d2809c4591d13e67906d5bf58d05e7e96744cc21f7c4b9cd7f36b7159e739abdda510378d82383c61a61af107fc92a17bdec5a197c926ca0b32d93ee5939f343afeb4f6efc51148f070b4ca6fa9a3421e27ba0916c008492e88b52016173c6565137c4cb72d300726bba93823ed7c991a8a67aabea4014fbd576a7d4fcd946dca9431626d89da5ddd8c490259a8944c48e0d55b53f3f7a8acba8a91a86aaa137dc7b00b8d3a44a99de0db3e4e6d6d35ef933c468b6b53fa2e92d45a71af9f4b85077a8fdc78dc046ca3192de7054f475b804ebc420381131abe308c394969bb59191975bd32e15302089e99a4a9f6e359ebb25c3e0487c1d7c9bee468aebf8
+
+COUNT = 10
+EntropyInput = 3c834da8b99e228ef0a8f2dcb7d0dec6b0103ee2da5e25136ea792c3f7048a61
+Nonce = 5d5d724e0fa0e5c7b3fe6ccc0c9048e6
+PersonalizationString = 17be89635e58522d8caa3c7b7340d26a70fb2b6e798f73a58c529ba5e92d969c
+EntropyInputReseed = fefe87bbe72a13bacdf0aab0f7a99ec269791a0bfc6f3844f807dc64d8e736c3
+AdditionalInputReseed = 0df852f6232ceda51a8f2751900d9f170c00140d494ac13ccbae46e20be839df
+AdditionalInput = 39f35a23ff6ba451436c662b436fc56959c53d1f1f2b374a99771585187342d0
+AdditionalInput = b69ca7ec3357e9c24a37069ef73cc3b506f493fd445accb99f24fad351df6c16
+ReturnedBits = 5280e65d86c72957c51c63cdeef87fe9163ac05c93dccf279ff9bc47bf4d8dba90395bd5a4fe3828746b6f7de947c43b4c34bb1bf06912d417d0fbf547110fc3a7f51a9a30c4d0792c5f34fe686079126c792d844d09b8ed80476443797d4e21a69e3b0fb761e0c8460190745c42e204c27a2d8e6fb8fbb8d1cca56eed366e5c7f1a2f3795d30b6d47a1bfc7b2c9b851993272f8e91daa40ca5dbea3c1ab272b33a91ebd6e36bcd3ffd7e296e342cc04ac50f5f6d36796891f229e3c222ebd0896f37b99c4049621fcbd47462d122d2dc0a774dff94b40ad2bab06059705667080f34a52d4d54c432a1d1ce3351cb0d44805c45b926759f760db84e3ff764445
+
+COUNT = 11
+EntropyInput = c5464da02b08a9c40e6a84c1825548e8bf355cf16d2fcdcf355b7878c9bfbf16
+Nonce = 8d8eb753e5e17a17668aaf4780c4e589
+PersonalizationString = b879545349ec0a68d86db0e7d774c2106aa58e41080f46ca47743bf8bf8beca8
+EntropyInputReseed = 2552ae9d71221bcd51b85ac97460c0c323832237bf1d8459df4dfaa3cbc008c6
+AdditionalInputReseed = 18cdffd079956a24a0c2bdf3eeaf6bb76aad09ff56510b374eb40a9f0dfb9749
+AdditionalInput = 79a2a2d9e73bca96f05f984507c6739a47cf2aeb61e4e22a52ccdd5b6a92bade
+AdditionalInput = 3c96f2542ff37484a7131db931cda56bc9152b9a9537b6d3e7fc1a22f3b8db0a
+ReturnedBits = 04c2af11f4b5681db56bb4ac8da8fa1a903fd5668592241ab915c07bd34747e2a67d2f6b24d81b7c68f46e2fc773334a25bd31f36e0dc362714695c3fc22385c3a6199160f66b421073b0c2f09f1fd313c5e8952384fb88118e5531b4d83ecdb659b088fe63af490d9b4593f163f642e4eb956c7c2cdfadc04c42e13dd4ee81bb49c98d7b939d354e96946548b54b0f3c6eb3b610e471ab864c7ce257ca1fd64f4642bb9c971205f03676add086fc042be64c250f656466a163796dace672581d9671e83b4ca20e57cb5fa9f48c44e8ce416959f1b929c26702d4a4463e8f71985cc339a71c191a262fc8240033e6978925b6d10245fa5cb028b0b9f89082044
+
+COUNT = 12
+EntropyInput = a15098fe07743b2e071918220c0ab0228adfbee7a282e07c5022024b36cbb0e1
+Nonce = d5597573d28d21787436d4b316d02875
+PersonalizationString = 22d5319dd2cd689e75873062c4d1b993d1eed325ad2d53b46f437ed4de468d48
+EntropyInputReseed = df2ee577d86dc12f8ad40ce346e70169e657766ae2d64bf83a0172415774148c
+AdditionalInputReseed = c28c391c2e92f46eeb33cffa537e295f6ec492e32b25000086d38c05fb530af3
+AdditionalInput = 3fd1e0aaccac114d434182b06c9c4b363013c81252d40a8f704692b13251b0ad
+AdditionalInput = 75d15ca64d3a0cbc8ca74c9232245fc1bb4f5293b63b031407106bf9f401f118
+ReturnedBits = 41e479203179d23a759611040fc32f4e429ac3061b375ef769a5a3ae46e8352d96fb473dcf37345ef34d55b9fd994dd053abfa7c42939fb81f1713f62bf764fd1177601eef5421a8e62c8b8ebf73f1c6854eaef4ce4efe67b464e977f9e495f8cccd2e85666683852e9b0ccec993054abbe7df9d4097681294f79aaf27ad99d51c6bc9bcf720cf4cf4d95ad0ce6541d186a311077447916e273b2bc055f7dbb58de86c50cb889dc3c32fdc8697e801b6c9acfbe7dc654d397039cce538266442f8eafc82dea14a660e478a040ebee425000994d5193a7531428f76ae1d114dd7fd6445ff246f4ac5c6263c231db241a14b420ec2897859fee2958ccef7a601a0
+
+COUNT = 13
+EntropyInput = 70ae9d4023e35b193f7aad62cd97d3df136f6b0d82b15970d31495b32174152a
+Nonce = 951e4e9b333964f845156b938254f6cd
+PersonalizationString = f6d7bcc9e070be960014646e86af22909d2e3d9cf5c5a9659fc8239179f43b21
+EntropyInputReseed = 9acca68f28c0a28302253636a0840189e12215809931f48178711f698c758c0d
+AdditionalInputReseed = e0910808c5251065186b2266fc329f20c4d4726032235bc1766c3182c57724a3
+AdditionalInput = 7b666420b73a6d23c29aaae8753ebedc3c18f2cfde9871510632f38077c4602a
+AdditionalInput = c6eb8fd2b3671ed603381983ae5e77612c20e223f6659bd60820af8f561e7290
+ReturnedBits = bbf783da821b78afea3fa6f4401e0277dc0f67f61f4f26302cfbada11f313e7ff80d9d0693a39388fdcb4b1e3ebee437e733d82b72d394cf3c927e7e69b866a805a3b3cfb6119731b2546051eb5fe1cac21f4ae925d0999d597a191e43b90f7c640f21f1e0c718271874dc3cc0acb1dfa623e13e76e9d0f194ace63669de5af1c66a4ec01bcb8a98be7c47cca36cc355e617a37ccc41a142d22a59a358e3d930f08a60ae4613f6ae5be560ddf819f4df322d2aa818bd0a7faf127404b625d7cd75e7f6f3507654c136d46db0f0ef7a593a15fc2384814eadf55bd402be2c9e04123958e304107638bd929aabc1ce5272477ae316431e67a4abd8a53545710a78
+
+COUNT = 14
+EntropyInput = 2623a267c3f802ecba12689f98de987eca93f1fac8e2e1d4d97b8e495ab888a0
+Nonce = 678eef61e1342ac5ec47c7d77d7fcd4c
+PersonalizationString = f77b8f9ef68b059eae57abcb323f490e5a7f80d6bb8b1e523ddc3fbef0051a65
+EntropyInputReseed = b47d1c0e4a8bb7d249f6b60d597a8e17209cb5ca6c136905f9535e4f88c04506
+AdditionalInputReseed = 7624c54438e423a872ec5540082dd59de9858984c715a5db88f475208af17437
+AdditionalInput = 42850b1f045a645a650d6393579c9b0c92d54ec23ccb5ea5330bcea6ddb81da8
+AdditionalInput = c28ef68b1e0111db027dfedd782f8fce882189370aa8a55de4a7e2048a07923b
+ReturnedBits = c9426c662a292dd02aece39ca6bf9ebf4400dd5c7994062aa6e7cf855bc19ff9e14f461414d19102ea2e7fb9ca43700de248a367ff10f0a1605d41ddb89c8927a64c4ad4c113efae99d72975f6c1a1d3311b4f0d6dac05aa5a78de52a293f3448c7a2032f31e2450b7eade4bbf4e44597abcfbdc596f4a83e9c580211f62d76f9b856f207a48b4a63a07b866ed4482a362e276ae06abaea2406089c5422dc7089f70219c71b7dfb9b847d9554190f12b9659cd25ea1379496d1650084c145e7155ac8da23015f51a90050ae4b8e285c54cfaf32fb91539434f434dbc18a20ac11866de7f0e8708de6fd5f00a18a22cdcb0286ecf49a21f7cbff1065d4a5e925b
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 2519241f1936bf801768d78ce24121aaafea760374f2274a5f0dee259c8456ac
+Nonce = 95197f7a254639ded795a598edc29c45
+PersonalizationString = 
+EntropyInputReseed = d83a938ee228887fd93e80a0c4778d98895dbafe90fcfbd0f38b3b09508b7ba6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 55fc2749b8fc921bd60e3d9bc878f3f3c6ed87b36ac7d82ba3a04ca2ec68d43d19a3538b376279e7fcc421de0fa152b1270ec539ae248dbd08223aba1e7a2eada1dd942ae8827c39b2cead65a1d6da0a450118fcaff270a592580732a3cf59f2a7bb1fe4117dfc96ec75785e14fdfef3ede18e6813e1a575a257b5b309f3f7412b58d787a189caae2a96db8075e07849b9fa1e9d86f26ea53fbd622add4743d7892f31cc97d5f2fbb11b3b022fd505baba2b3892a3018c195fc20d7cb579ac3bb44a6c42c3e01526ae4eba9bdd3251d6f3a978dd080f50e24deb37ffc59192bd183e2499c490639c1f5ebf672535a27474e0094402dab75c91b3643adc1310fb
+
+COUNT = 1
+EntropyInput = 573a46993331d5c4d899e7d9ed885712422d891872518f7c931bdfba00bc0545
+Nonce = 891665eac242758e641dde147c3bc37f
+PersonalizationString = 
+EntropyInputReseed = c3ac3f767288139f90d0810b07d90d0b186dc5a432a35a89331e9e4ee8b2552a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7556cdcde6060b683452103c08f91522d904a3cca42a9a3f5971fb8b7c6fc504d39f4eca690d11fe4a1c2182266e69323381f9b25f4258cae6ab29195a61a30e2d5c3a1e22baf04d4c8f943ff74205cea7485cc285b0ff9450be7e125d18b026e044ade3e68c00426e45925faac62880dffb40b55a6521ec33ff081950b500bcb32d052c4e960a74e43049e9c6d4a60f5650120dfc952697e07a26688f72d737c507e6eb49bebccbf975997df606ce027d1a746f8bbba25cf550f0c862f2eb09a306be95fffe061cb7498fadd24149719123a44872565033b8d4ec06136b35e7145a6fb94101cfcb73574b3ac0530f3a250c2e53a3b25c23ae44837d034e1483
+
+COUNT = 2
+EntropyInput = cc44bf5aa5806e19b97129543be48d42a42498050c9d781070b4302c91fc0d54
+Nonce = 7c08897aed3537e8964fcafd8c9ec6a4
+PersonalizationString = 
+EntropyInputReseed = f681ff0ba894ce8000ca8c17509396024a75a49c4aed5c70b8f71b5dbe4936ab
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f700b3bb5aa6662b3e6c25d58c900ad5d9709affb68579c1853959340c147f23d795fca4b1af2e528d858a8f63521e699c6c516edd291648e6c96eab4aaf9552d2137ac3baa3ec6f1e9a259a07091f20cd0bfba01fb5a63c83ab34252930f7dd12da52c03fe456f0a9372312565cd292b04fb9591d6637b32f8fe08326c44f00181d0e5f69aaea87772b17c611f102e8dce0817796245a69e57916c3fdea3ae4a81ac4f32d6861a1ca4b8971049131f99e374ae180df3405d576c743a1ccccaf10d030c966ea4aa6511c79ede376d0368b2f702f428cf7f3f64f9a5c22a198bbb276100c6e5df87d99bcb5f72c55d6e8372da8151834f07175f8a163879adb2b
+
+COUNT = 3
+EntropyInput = 95ff08b2bcdcf42e235f3d6d3e708a1d6ab2c771ac125ae4e427c0f374927d4e
+Nonce = a59c1b00ccda0640dc8b8eaef8d6bfa5
+PersonalizationString = 
+EntropyInputReseed = a0696d9bc616eb507087306f5ffd2ee49f33ee0c26e926350bcbd4d760420abb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d972f4dc2ada13ea2ccd543174e7181f781f4b9ba4054d7decddbfb5e16cd3b5a69cacb3a2ef7f90cd014ce8079cfb6f0d5b47e7b718ed8957db64fbdf77d7a3fd3be00e7c81eb8d442992a46c22d0892bf2a4b3b76b75dc9caa2562c2851077e6ba23528455f94d9c3b6068642414ee11340757c52865088108a4acfaa7c1ebdc75ede19f4431a0cbeb607adeb3b6e4bd5a65dd83ed38def6362734d1239e9248cd0c0652ce887e1106beee776b3fa9cd11de5131b64a4cd55110b1cdd9b53b5c4256cceac80374c8e1b12cfb781fb0da914104dbf928f3f298e33a39f2329732fb970b4027a250af829f3b4ce6377bbed690e9ec6ecf78c8d1a56985ece711
+
+COUNT = 4
+EntropyInput = fd99514d0e29c8b66f60598fe26307799c98f0f017cc7231f30278d463c20ac5
+Nonce = 1caabfe73440d673af2509eda989b184
+PersonalizationString = 
+EntropyInputReseed = 3de1922690e93e6626c86fb47e7a4e0f80d716d8a34fee989e3de8f5ad0f61c5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 03dc3421302f438eb1e7fcec671cc0ba28fb06dbd2ed204019a7053b2e1a6f78b98df267a969b5175ecd81993188a87dcd87a1511597a85852a6fa36cafe7326a4007f3bc9941af99480692d4a62e8c0e3c7f42516af9ba19c8bf504609a27e8eddaf022a4f7d2105616c34e06d690bc9d0289024fa7fdb7084c69bdd7ea0f64ea7182cee2ebf2272adcab304b0ec9d827f89a76982bf00e33645187de55900e6a8b9153d382669e581c83ed514a345ad58fd8908bd64cfb6ef2bde90ebc81953ac03604771a908dd2116ca3e0480322d3d1bc02df2cd0595c81f15e888d1494e31e07b2a5ed2cebe3dd90f3144e4290f182c78962395d34e01db3a5dfc916d1
+
+COUNT = 5
+EntropyInput = 9e44fd24e7e42b3827eb3ff48c28c2052ff73d6f85117a46ff9cf72f1b33839b
+Nonce = a4670150baf26c8110a9536ade1e125a
+PersonalizationString = 
+EntropyInputReseed = 508a8e56c4a1ca0a41223d7594b7d9720685638869df4811ff99a0ae22dc4ce5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4fdbe1c93a68c8eaef00324610e3d919d81d390746627a52a84f5d8b9de8bfd5563145160158a6f5bd22830584d88da36127f2f7e00ac89c8dbe548633f5d6b49f287d0684feb5528a48beba5a5a70dc8cfb28f285e580bbeac0248c602a5f8f7cfbdf5b44302472d420d99ca01f55b8b114a65ed980d24f90ba00ab01d59c9e844b9d02f56481ab53847a71e1c66bff7a195321a7bf57a2581126c400f6a424550c424fd2d3e133ec09262992bc09449606036467cca2a51315f79b5a4f3547a681be388b31b21d27100f525106a9c0199dd5c538cebf6ab26b0a9720314bbba7c04a7b4403ef61c4dc6fcac134004e6facdfe933a74a63a2adfb05734a871b
+
+COUNT = 6
+EntropyInput = 24d5f398b39e55494433b83d8d3dc00f2f3416dbb4f3e0dd2376dd1b16328676
+Nonce = 5bca3eeadedf8563d8620e61a7c7b0d0
+PersonalizationString = 
+EntropyInputReseed = ed36c59e31b921a0b3cd0c2c2250ed104b30ee40d8b703fc13dfc7abc1b9c261
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = dd03b7b6836818c603668f1967f2ef012e277cbe76f9690ae54326cebc2a1e2fe6b7e57ae4cf93e8229d311fe66f8b467cfd9615c8cd2bc799a8be942822f44f4f6d0e6ab16218c7562e0072f7bcf28effca89ee29de618c5c60fbc20c817d394ddc03672e7dd43294372c2e84295436c051c297d2c6719ec7b40806963db2d7d550888c8a6baf7147b65b4b85416e587bbd072d7ff6010ecbbe13857e3edec85314f4ba4f7e0626339be42b1f26bce34a987ca81027664a3cfcea4291f110c0177fa10a4e318f31cf0caf0efeaed9845f9c28c88b9061f55369a579a9cd004769dc6846cd375dc8b83f7117297fb654f9de22c6b1607988fe926ae522e1871e
+
+COUNT = 7
+EntropyInput = e79c4f1058cbc8749734ae9b433ef9dcc9030292a7c1b1d33df265ea9c421aeb
+Nonce = 3c25c16ae96406f4cb4da908030f2cd8
+PersonalizationString = 
+EntropyInputReseed = f070fcc47f494e247cbf50de216febbd7f2bb4df49ba20be6188352875007f97
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8195a0f6eadb8f853dfa10cd3739a33bb319e10da6a5fe51d4b3561e0e82b297ffadf9f603cdaa3af521823accc513682c07a25583869bcf79687834e103885c9c3d4dd59153b6ee9d6dfd46bb9ea558aac90907e5ef72e4f3bff222087aa53cf491b436672f569f8e742bcf23d06eda1a15a83bf5bc3b039ff9d49e2b6a330ff47e9e99dd6d272810443b01cb5b7400ae12a35288b6df857f7475f8c382094651cb8f92f2b56149747b6ad2e3bfad45dcc5141b25d00413b4e2a2eb27bde245f8651d597c862126852dbebd5344ab44ad6300e5d7bba78e7cb6a9d50184fede6631f3a1f4936b25a07135137c1b5d3486a4786b3510f1c140d82bc503a1cc69
+
+COUNT = 8
+EntropyInput = f5c0107946da1cd32222a14c3c48b934b0abf27b0aa7af72f52abc9aee6840ad
+Nonce = 340158e3ed4cc4b04de079959812831a
+PersonalizationString = 
+EntropyInputReseed = c75b58f91a47636cc393cba6b6dec3b938bda296c35624a1af2681781b69d03b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cb3765bfb8ed0882cbea7756773bd376fd17b1bd819df48ba2deb0be8b2f53d384f13cc50d841661a72cf9edf4bb26f595e2bc9ca42dedae8110b3f65fdb494f8f06dc35e9d87dbb7ed1ce3d50c59fa4e7be8fa4732c9dbb6bc25754e845d1a6098dfaffd6c92ff62f994ceb743a38c15f5ecf7548f907278271f5b4d4eeb04a959d54b28d8fc21f2f57c01c9ebc512df47fd7e0ae764d756bee5ab15274a5bc4aa84c35faf046c5cfa2b842eed839d97eebca9e4149a1165afe867d1124fc941a4503095f9926918e6102361faf15923ea350c5632984652e198fb754bf0a7140fe9bde0bcfb594c6ce510799ba62d62b14de733da1bba2c22b6b37e75a9ef2
+
+COUNT = 9
+EntropyInput = fea401ca14f8d0bfcb7c57551b748a9347e62340267ed6fc0955ae5fa054ee0b
+Nonce = c3e0debf7ee875ba26af1b8b0bfce58e
+PersonalizationString = 
+EntropyInputReseed = beb63c936967d083d40c508d5ec7011ddd778e7fb1bc7bf7a8aed92556f8a94f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 40c0b6052846642bb170e025414032ff3e5f5c134297033af239e5229b53d8869f709bc1515a47d57c9789783ef6d23bc4ecbac7520cfeb84f7b770cad869babeb68ebc31276197ddf405d7e9f97b0c7a6d76096347db0ee3e6fd1eb96678a3df1b28d421e13891bef0b3d8c56fe027aebc7966124bcbdeb6605ac12d882578d6cf8d83f40f76ebfef5f2b55d33f8488ebe76da9738937afb6d1139b347792edd96731c82ca7878cb8e02b19f9b81c15c3c20870cf3874fe8e49ef2a62a1f974c9d9dcb198d3c57440742c9ce2d3713305bc5e61161a208cac18ee53af28f4807af0ce705a7b27c7623c9fae695b813febfddf20005d9b204d12fb5ecdc485e3
+
+COUNT = 10
+EntropyInput = a6a795b575654571853ed858ef8f8b250fe7a6b62cba5eeccd3a26f9ed89c2a5
+Nonce = 0b2b965d6641f57216c331485a21ed7c
+PersonalizationString = 
+EntropyInputReseed = daf3a59d697dae18c0f450501bd99605039bcb17711fe980f39363ca3e8c6807
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8b6531af0640382b8b84f069a60f8958c938700749871ec11625b370c9a4138aaacf16f8c76b2872e4d3bacf2332113b00a74cd328fd78950239298adff3af1762145bcc4b2aa7b255539094c478934b088605cb25cb63e22bb4368624e46b4ff63599ac94989ce5a646b3e4a48039bb0bef88414b86b5407a85a7ab3528e50eaa89848e8d1722cf298665f42041a798be428c9378f31336b0e2f1f3ca8129b7e786cc1aa835ed74a8cbbfd6d244145f789fef39cbff8b70741008616d9c1dace9128ddbaf04274e3bdb49d36977d9cc30fbcddbfaad8315302d1b099207fe8d6198664bab24e10ee6da68a5dcf94d117a1da86dafa0059f4bd901efd4409b01
+
+COUNT = 11
+EntropyInput = d7a3a0a2909d015b1a2e99d4a6806f8c91f2903e14c1515ca5cafc4d71cc42b5
+Nonce = 8ec85da24d6e236bcd741d6379a3dbf6
+PersonalizationString = 
+EntropyInputReseed = 25b095fdc34392d29d9739158507f35e7f544570def1bf7c1170966156cfb0f8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 77481090f55dd65d46cd20a933f07b06c61e6c8419bcaa825e1b47ff6ffcdf1c5d320a333600edd567794462c98c7ce89bd584a10d0a9d523cf8b850efe263877fcd3eadaa45e6924e7e78292233274387fa675d9f5aba14ed9cf7aedbe60a66f4cdda180cae7d1b3a492b7e46243c3dc8b9c7bebd7fd6876febaa66cac9311f390317c24f125ec300fe28f000b59f89e767b670f13c4de068923bc73276b000bf62607be9dd8ab2beca1aeaf91359b4b9fa484847494ccb0e47913afe681eaf48ea28641001f49048fc254103aae5e643ad940e3d4cd5ae3af7aaf9b9b6c8ba8651a148bc0a0c705230e02a71f2a4c839ba9e49d79c2b1174d3d166c3f2cbd2
+
+COUNT = 12
+EntropyInput = 4f08809489b2bd1f07547ec350e83447491d788c6007c7edc2cd4c64a7134dc4
+Nonce = c85f4de70bec19486d463de79a501233
+PersonalizationString = 
+EntropyInputReseed = 32caa7347f7dce491895445721269f2bc57faf64defcdb71eda96c8a96d98925
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 642e4e40aa2e494e28a9aa794007703a381a0ecf961133d519a51d306efed03c4c441fb1bd339787faaa798e3cbc0ca8e81006a923eb8453c339caece24d35ecad46f49788ef960d4f8db6592be31f06123e2655cbb751b19cfcd12fcc03d1fddce53b6dcef8cfb676831a9d8945d4e4d5b21697ee140847d4530ea6d4bd3fa61e8b3f6c5af07cfbd35231146e62e0f0fdbe2e5b32222c7ba488722dd1424361f7e13407b397a35b0c551800b5c15b311a14024a8e1351e1ebf5a5ec8f8907fbeb501ec5bfac31c2595df7e64626fafe93f007558ea245ac64f9d02b034385a726f14ba641c0b076904b784b8410a94d5e2fce62678389f8d5ab12aee78d38c5
+
+COUNT = 13
+EntropyInput = 7b259b5188233e839a439253b4c425f67bfc54112b49c824cd4c8c71a1bf3a23
+Nonce = 4d60f38934108631a370032e9b294fb0
+PersonalizationString = 
+EntropyInputReseed = 2f6db8958971d55995756147826d03b067fd6d32890b392fee53d3fcfe15e98a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 91021ca5eb7c985613048f3a10b2802cae86548a2e21bcbcc2904a1a92c548629870576e88be5c6e0e3b344a5feee0ddb8ece3b9fdcdb1b2f1378eadf7fdaf8fe1532a4eafddfba9f6b23d8da370d22dad8ea3ec07026cd3967a38758729d1d7c7c2e4e939a3fe58820bfdc774a837c7d5293a3b1ff7b2ff801ee799d8e4f47b2e2b44753197732ae44d35ed20ec09053b420b0c36e402ae5c14dbfeeccbe851912ab53a34858a0eb09ae5a3fe30a2edfa1481ce27ac601445d9f837174534282028ed55938b8041d1fcf47bb68e4ffcc78073b20cf32d60107daa63557e787d8f714bf50bde3fc435af2261a41d447aa7a91657d693fde5b1ea05f18ed78cb9
+
+COUNT = 14
+EntropyInput = fb166642df51525253e85be1708b8191d5664e4cf02e6d3b659e106ae7639590
+Nonce = 386c872274e13c8a539a7c649602e2d9
+PersonalizationString = 
+EntropyInputReseed = 6be3ba39cf8c8fff904bc1ca5be10736b3e549a57b5b9c97db911d398d51b5f0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 727c8529531b7cfca4f12dd811d96db928174de263781ab0dfa69a5f3bd8fd51ce1d1f3c0923fad893b07ab6c39d960ca11e8eb57aacb4f90975c1259f5e2daff2f38bd23c3383557b7cd1e7faf9950cf4420d078d0599c6d045ff2f381f6c01266348494c08f12a1bfc3b36e1fe8318646dcaf4116466fc36a6236a4d7d865b2dce885e25ae05b458a3bad69d9ea12cad43f0e13fcbdb1f8cc85ad943cd3f9c33595add02777c0196a26698454c78a6ea1a619c8bf8909e425a75495d1257df0954f1bc6c22d6fbc5bd72fbff3889ace83a77b1960f6e163394593f981f1aecc89f83c221ee53a5541358689661f84492210b88556a30b7c51c68dafa38b0fb
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 8a0c9e55900b51d4ff443cba402de46fd673eb74171ce4b50f5660b6da679584
+Nonce = 490e999862e742709ba3642d78dfba64
+PersonalizationString = 
+EntropyInputReseed = 81612721ff46e55fd5504aca6a48398e123a5983bfd7282c5971880683eac443
+AdditionalInputReseed = c76cf10595ad4d1d95194ce5894118b62cc17900385624aa42e5514fd913654f
+AdditionalInput = 41666d83474e31d45fcbc7f28ae765ed4facdbabe1566febc689cb4cae333721
+AdditionalInput = 6788ff5a93234df5d0856c063ce8d041aa2db67cb98579c66c0b66ccb075e306
+ReturnedBits = 6c6fe076b861fb004bad06965aea3f9e72017ba8a8149fbfea486ec3c8744f99e30f9d8a6d2cc3d36c25c2d95aacb16c6bce083c0f7f48937c3317fc5ee559e3380da19e8dc1cfb4abb7a563b7608dfa237046920cecc505b0ada621189d04afe8239723ddd3fbbef5ad5a596e9b1094365d01361e79066502fd962351da9f43c0bdb44f8ef86d7850df801fa3ac55b358504deb6e789e7697b755fc3844058604a57404dece4d06e76f4936feab7e333261228f75aed5119bad392e645737728b152a7dbf871e3fcd184ae905591676f5de565ae8198d32a959e81e8e567932979bc34aed8c4bf200b0c21f222867310c3752fa70b2545307f00f2d231924c7
+
+COUNT = 1
+EntropyInput = 1d0b34cba884d618c531907dd482743de1a736b4bbc5e961c8c5c5a11977e3d1
+Nonce = 17aaa50875636bf80f97b5121bfaf5f5
+PersonalizationString = 
+EntropyInputReseed = 7fb727b7e83486d4ce73bfdef54798cdc5f5b5be46841e60e766b34593ed4b69
+AdditionalInputReseed = 11edb2a0df066c1dd9b299ea3411fb875f1a25f44f53f3f40e83fb1f2d445ada
+AdditionalInput = f190ac36bf9e04946c91dc1041e5eb6726392aad6751094224d6c783bba8d3a2
+AdditionalInput = a0529e1e34ffe280a8e638483ee1ba5bc5d8f65c0efb31fabb7cb5f98294560d
+ReturnedBits = db197c24c4cec0d437929d5ada31a82d0605dde38a3237703790c46982796e8a1f2624cd9d55f6b93200c098e202854a98fb785b2204bfd90a3871d5f7d36c8a151b4d9a4299c830bc27a58dd196f9057b713dad28d0cdeac7368e52258845b211d6c3ff3a89fdd760d625f54729e8774432dcaf240b0dd9c74940bbd0ebe26dca0a8d33f9fd608f90233b256c87645e916719843047ba55c0f842b55141b280f46400d16284367f24d2ff281bcd16d7e70181b6a96c7d809d943252688470a82ba0408ea22fbcd3228cc8ecf8309cee1f04e96763579aeb232ce828864eab281659417f8fbe1cf2a8224516d064bbf87b29a2559defc4f37f06fba25b1222a2
+
+COUNT = 2
+EntropyInput = d2571e656dbf4c3f45ddb965744498545287f9dd20f6d68c3eb2e378550147cf
+Nonce = dbd5f0de6357ec1233ff0dec4981efa9
+PersonalizationString = 
+EntropyInputReseed = ff3c39a9a4f2b38e4099f7bfa9f1897d0c3cea2283e5a600c4347fe725a95294
+AdditionalInputReseed = 511b5f805fddd0cca3437c89cba5a0860563afb0f29a0e22d150d56c3279cba5
+AdditionalInput = ea5e2856c439c8451e72e6895fe23d411a2983d79e5b32184611de06e36a0938
+AdditionalInput = 24efa364a6411c33a70d746168f2799346596eb26e4bdcaa420112ec40f9c651
+ReturnedBits = 17c3de6aa824fc19c9cbafd3158d546cf71c2168c1ca73573a2d10fd40df5a8109db82b40215f104d6da59c5f4bcb0f61ac7dd9b23b0a2b928d70b0deb98790b1407849f844b0de7fc1c821b8f724d584984ab69d0ce115e6bb3308ce713d733530c207423d0b10c23768380ed01925cc7fce8f10819cf67008ed0fa7465dffedd645e1bd83db454c6a45ba807e748f32ea6e9b01df34867af79b8440d6549a4b1a9dd280b2a21dce71d86ab8e2fcc84e339c00fad6e16c43d23a60962ba31c6200af40ed6d6f834f9bdc844139aa1bfb1c680791ab0d2a029c2cd8a73a873c685dab2abfd1e9a2c2cb9189ee68980858c1bfa8f711bcc8c5d46803b109c070e
+
+COUNT = 3
+EntropyInput = dc877a8d6bcfec3a4d6e5ae03b9c65ce5401e19967726b060cde7877c9218416
+Nonce = 4f01a27c467faa6b1f5cb6951d915249
+PersonalizationString = 
+EntropyInputReseed = 4f77eed50c1a21ed2cd10372a2e2c4509c8dea51153ceb055266b8a0ed794db4
+AdditionalInputReseed = a9588a7b17fa4ab5bc3eddbd473460743784275cb898b5bbb833ec32af2d2901
+AdditionalInput = 38b05b7f8fed393b82b01d64fb99ddb11e25e583620a925a315ba30db12a46a6
+AdditionalInput = dbd6149a503e92b8b3659d7014bb53373b170cd1176c12d5a052d2b701cee567
+ReturnedBits = d889ba0085b2e6cbb06067153eb94f77be1a479bbcdbeda1abf31ddf40e28861726db7d82d6b093450d6a80120ca7a4c53e8535c64f6de551dcbefe537a3d06fe3b52c1ae4f865bf8784b598a2515b3349fc2f592327ee8356a93cf373b5a6f912f6de503835f2b66f0666ef2b1029cc3b295a405110d9630803a02d2e53f160ff5898ebe024aabb73ce8aa2eef542228ae4e508da99693bb49d4717b05f5434a29301bef8e96468688be7cc603ffb45a24a03f2562edf24382acdddb6a699a76854cd77c2e45980a443901a2acb09c960dc5a75b99f785f6a55394c41c1a8707d38326cf056e806d32cb00c8acfec13c79311745b8cd6bda82fe494a8e648f8
+
+COUNT = 4
+EntropyInput = 2437d39f7c3539daa6b309ac1777aef196b205de599400b60d10e40a369f0168
+Nonce = 8401fd164f6d070993058b539fe20075
+PersonalizationString = 
+EntropyInputReseed = 7488c2942262a90c1c6958a44b58c0649ecc43a8e1dc6e9248fee74c9ef891ae
+AdditionalInputReseed = 7255f728bfde86e03eb8155a9604037a7e17ae7dd64447f60fa823f429d6638f
+AdditionalInput = 8fad4d9742a21a00311c804b9aebb3a0ae49953ee96d7d622f04f18a2404e51f
+AdditionalInput = c4e26b863518b556885024b91eb0a171fc7d008b0d6adfbb4974ab407635a289
+ReturnedBits = f3bc1951e950512d819386114c718921d7e26893baaa6477fcd101cadd3a6cf5a2e0e126df0db7eda99ae61a93449c8b16ddcd417a41e17fab7cea0a821aad27140dc85c7b4f27e54195a23a38dccbe937546bbc41f39e4562cea4ad8b6bbb6a2c9fcd845cb3b64b79a88106ba871dfd8885f204368d27c04d6a31be5ed18250dceaca4004d5121e46bffde4e78495d3e6363a9cc5be4eacd779e811bbc6d4a72809c3ade298220de296501834bde28fa004ca7460b6a8c398616cf4a95295de2ce877c69b70f2067920786c5727a7f89380d5601f65dd9be137911545f56e78915d2c763be8e621ed02bc619b64f9da9a59c964c8ad66c64b167374ee614e6a
+
+COUNT = 5
+EntropyInput = 7e42555bda17e98dfe1eeabc4930b76872f128931dec0c6caa8c691afdd0cb52
+Nonce = 8bfa47daa1b09b3a2bd53ffccfaebba1
+PersonalizationString = 
+EntropyInputReseed = 03b8f20a7fcccaa90e899265957058ca10c70f3883d15f24da334c45e5b3c132
+AdditionalInputReseed = 308ed519a2b4ff1e8b1a3d4be72715ade7814474b08537f30dc46a327d6d8575
+AdditionalInput = a22c075c8b50598d9fba9ac079953271125da5e32bdf03eb58b835acc0e0f7e6
+AdditionalInput = 17e25e3192711ff0b1f1683249aa5d20415bd65181f230b91ca87bc5fb4d10cd
+ReturnedBits = c8c190dd7d72932a150d8b4ac5e394afd2a77c299e72fa5cc8a6cbd7c16dfd50ddafe8110b6743323765e83dac5ccc755039c14c9c104ffd70a541ac44a2df61c0f047c848e4a913846a95245a5b186ab7dde2595f7c3060538b970cac197980bf164fb283d85edaa4d9ffc0efe5aacbae5aae27185c571f9bab76427279b8147f46c36f5ac943ee2c9f0bef6964bc7a6bba56fb4672b13c1c647d85db705b9064e6ddba480b68b6cf6a24bccbf449cb830bf17b888a8eeb126eb20b3bbc58f6651c23b199857c8eb9199f74652067ed5959b8e82f21cffb1b23c00b81a95cbc20667ecf7d567ba478754e343d08117d43ba4677a9a8c87019ae9501fb78ebe8
+
+COUNT = 6
+EntropyInput = e6879f8350a48f3e604144160b088d3a47478de068ccbb3ee5d007452cb465d2
+Nonce = 97ef50c6c0b4337485a7febc905eaa4a
+PersonalizationString = 
+EntropyInputReseed = ab053572556cf35cd2d20efacfd365017a7bd927a636956cd52d05128a43db9f
+AdditionalInputReseed = a086363c52c6a69f633ef11a73842c8e47cc5948ab0a6373d41f5dc8ba6025f5
+AdditionalInput = ac7d3781827d0219c0e0252d4af6749eeb057400bd0c1e72581589ec3bdce5cd
+AdditionalInput = 04c9169d8c7efc88ee097c537a72541393b19cef0d503fd4ca0e272921ab53db
+ReturnedBits = 81ca9262b96157a22d98303fc0565d70c670586e98ec9471426fbe3a164513e509a0c0ebf2e809f180eff298632c27aaab20c1c6f1abb846f701403e28c51f80e9b680202610dfc4044b9ca964d68f4ce5b73bf4728b388ed3bbdeee32cf6eb037e3f38950620c7b1a3530f6d420440c4a09fa972a069143f28c5a0adbb11d740f728fce24a4295157eba91b4ca4be90c9185026827db27a268f4a8040b6e5a83e82e7a5e9b9ba4b1fbe7fdfe877bae93b39d1bfa4c971aa1a4c16b8b98911476d3b2b76d4edf3770498b67fffe9b68eb4a0e3f643e16c06cc61cc777ea930ae35b18223f224a4862a11d511fa5ad7117d063b117205857023a8a9e6b6448a18
+
+COUNT = 7
+EntropyInput = 7cfd0edb3c97abec4f24938d66e03b5f408b8ca7ddc522b7c1ca7c85c2080fbb
+Nonce = 046f62f1fe66588c73f4d5e3da5123a9
+PersonalizationString = 
+EntropyInputReseed = 40caa6c0214b1790f737ffc5d475162e6e68885876dcf3bd4c83aae32080ef4d
+AdditionalInputReseed = a300ddf9a2b6601d1ac74a51c6f48598747e4181d20bb67c1ff10b3fc8bb46e7
+AdditionalInput = 2ba6d180e144be3056dbfa75007859082adaae23b4c742bbae0cdf1a2049ad85
+AdditionalInput = ca05d7b63ab3968f7a2c53ffb365287f22349efaf81ce932de9c593f1131cd65
+ReturnedBits = eefddfde6f8da38b419f45a17e28bcc022ddf5b85c09b53bb3d274a71236aa7136bc59c45c8041377774bb7b89e7c8567d8016c73120dd4dbe85cf419b2765a839cfa00471713d5e51e2407b2212c51e434effdc642a8984589a57226c7d04651a323b3c43cc0b6ad66d3656977994e25b1b19848054e99aad34e2f980e1e2aea75fa10292f9094d11b12a797b9015b5876d1636e633092aa4b3736d18dea2d35c7ab27a83c4a16da66f1e76fd5c75f0db51e3a40f33c09097f4207eaeaef86d72aee68b77b3dbbbfc888eb6d175fcceb8ee61c6ee19aa0a27db1aa514d5d86569011910734e93cee5ea7c4e82d19e466a90f3b14fd8fc4391f1a7b83a3cc8ea
+
+COUNT = 8
+EntropyInput = c8cca9605a144471f1d5fbeb563b6104dea3b03a0b52e3087790e86c2e9636da
+Nonce = ebca7d5e5638d69474691aba72692103
+PersonalizationString = 
+EntropyInputReseed = 2effc3035a8b6d2c5a37cdec7247ae1eceb87809fa3450428b260ff1a32aec28
+AdditionalInputReseed = b7f2ce337572c252989b2f5523085d326d1fbc069970bd81f3b353555ac633ce
+AdditionalInput = 601fa6b58ba950d48e15923f909ca0dc987ca891cf6cadbd9422eb1d7cea4c77
+AdditionalInput = f9483419077a5f638452aa71c852f0846257f6e727b9f249abeea02d36b7e595
+ReturnedBits = 92bf73e31932771cfc1a6ea6e8f03dc3377a73825c2cd254c0c719830c7075718e0ed13af7458576cec54af2e5314ca80b227028ef4a6414a8563c895dc6643dfb34b9b947c5616c7bd410a8430f5d759d78ca3ed77c08ca70f99009d85022303bf319bc1284ac2ec81dce4e47bb663cfbdd3fee180de2818fd5f37567639e714764a921edb74dab2da5a8e7d591a262ee6d0f4a8ffcc525273d1795f7196000e55ff167cedb5e6f7ed0f5aa1e9ad257b6360836f0f26546c12c632e3299864f620e1eb3eca124e2d7206907da2a86108cc11f68bd0798183cf00ff7c916b73f53c3fd25c08ffe325dc16d2aae8a9335767871b61f512e70455f612082301c28
+
+COUNT = 9
+EntropyInput = 5953a45e46e50119103d4265fc6987681c459d9b6cc8e142a479e05efce522cc
+Nonce = e815d564daf2f339b9a673c1eeb9574e
+PersonalizationString = 
+EntropyInputReseed = 9ad6cc399903b9f401870f48414fd80e5f35a41ec9bfda2f23f6d79516dfcd72
+AdditionalInputReseed = 6e57cef4ab030de60e63747adf907eb3d37f7ac20ebca816e6bcc3e20df424fb
+AdditionalInput = 5b133956e428c92a62d83e1c204d6f84188464fbf30f7ac10c0f58319fd210b1
+AdditionalInput = d6a963a113868474a988c391e9dc9f39192b96e09c8ad6f5b8860d08c9b56476
+ReturnedBits = cae0086f2d1485f5626510a351f9b00508232e4436b5d6b83f4711908148fdaaf79f8fbc59ed302b94b589cdb6acec4d8729272723b97808990ceed3edef33acc0900927bb287b832bbb167bd54622612537e87360cd57e7ffab16bd040f584f4576d3cfce938a09c18f623fa2f1c2dbd7cedcec4df6a527f24eb81e7ac8f6ad2e63d73c12f79804e604ca9d3a705b8978b464eb28e50f6cb144e2cdb9238f0f789418df1bbabd4d74795001fa3f2429e40016190a883b660259f694a069069ecf548750fbe0528d64ce79d33228021d768da4178eab994f3d8eb555f38337c6b5bac1faffcd029a72c215f48ae009a79647bbd07a3911581450ebf7c1c607b1
+
+COUNT = 10
+EntropyInput = a404c778eae15a5505af2770ff78653daa22dfa62421e6cd2c2d116bfd3276a1
+Nonce = 1c310e8cec4d77d046bcecce4fb4356a
+PersonalizationString = 
+EntropyInputReseed = d676f56e7e4d0962078a13e5ee84be0e4d962f36dc5276e602214074e4acef7d
+AdditionalInputReseed = 95a08b37cedaa661b76ff212c4bb67148195e280cb196368a6f0aca223506201
+AdditionalInput = 2518c16172681df5834bfee95ebb0415a867944176b5036e3e5af7cf0297953e
+AdditionalInput = 10ec30f351c84048af33602bdda379914ecab9fce47fda2f4feade6268a3e6c0
+ReturnedBits = e3edd8832172dae2b0488e4e08d5a50bce872fa200b23a8a4fff9b9f0547f3138e877374d40922e0affe5d9cce91ae384dc41bef304d5140389a9ec8c026244f5c728ee0d2a6eb9ec3dadc462cc36f0653821bbfe9e70b40c85e8f3729a7f56ddbdc9432fbff5faf76d1df5afa689beba9c1698d79a4186897734a4aea871086a59d1ce5bed4123f8a021701f233b63eba2d854cf117069387e336d0d55161ff5e5ba8e867f182a22a1987ddd43a8172e33c40625beddac70af4c960cd1062e2fcc5b4cc30b7a56e3683d6e7164c54eb33c3c379ac2f5a9098fc655da9e6b7854aacf699dab69712040ccb090ee50759b1476ea887334fbad9df27881ccdac07
+
+COUNT = 11
+EntropyInput = 70d05953dce8f81deea9ab6db57f7c15befc3bd79d31ff0c445aad2ce98e77d5
+Nonce = e922681a407ffff800a03183e21733c2
+PersonalizationString = 
+EntropyInputReseed = 3278078df8a589b2bb92b13e9a219196628cab4839e650c07a059bc6205d696a
+AdditionalInputReseed = 9385a89ac77cceb4a7e221fdc0bbb6c16a1d3276a08341e7352d8ec0454a07e2
+AdditionalInput = 92994a5375ccf13704064b05a2ae3fd295e1feea9b7cc58324be07a82e8e5f83
+AdditionalInput = 6a77f585ef58cbe4e313e80819387bed26a125ab38769ba2f405deada99cee9e
+ReturnedBits = 435a09fc736bf694bd0f872bd9bf107c974308ac5ee9b3072f154e63c3204be78f577287ce4f32499a26773b9fe8cc9297e653b4408c5fe7aa50e546bbf73e2f073723cfb738e81558c04f7c938033c53ef7a3b19dad975c110922f4ad7da634649f6f0bd81ab05e8dda7d1fb12a40e9d314bed8f5d775d42cb320c97d61cea45bca0624a1fecff6f8d88b8a32cea6b88770069053f30e21c1487d3d072cdb8bb9d1b14c9b81c22b4e8fb4f6b1228f2fd36c11012e74824fb08aa2cb28e9f4529b20440f8b6a0f1b42c86c24da9b81d2e3a38a0d0496e1b2cadccc6121d6b9eeb8a08f2f118aceecf57ad5aa787ae64c47eeafd6b707f834c575efb0c96349c8
+
+COUNT = 12
+EntropyInput = cee549d0232d61fdd77912ab01e2e2dabe0a3e79af017843ffc3102b17d43449
+Nonce = f19fb4c7c5dfd8e1f52620ff6320186b
+PersonalizationString = 
+EntropyInputReseed = cfdc2d67fe32d6eaa7f6f1328b7e3e020d2128df8493cd7e0bdb18c6db593905
+AdditionalInputReseed = b1f20036488d3fdf8a11cfcd619d8ec667cf4ecfefff4ffc0d6f4856bb1612ea
+AdditionalInput = e44413ca8c5a7f24f633e180b29ed8d12971d43cc2148781a583891bd705a95a
+AdditionalInput = 5a5b4997109aa10fe2ba3baef3076ad730d4a6e5f52a3696f671ae460896ed45
+ReturnedBits = 751abcc05bba6a1f9496081e9e67f7d3b2e4b985dedc4f1ee49d6d4943caa0051794af3016ff5ee0d51e3b50f0096d3acf0b2dce84f87a08821c8c09f82ec57c044d6ba0dd7474969c4e4d6e89d6d53dbb2824f1afc0bf3fa84110a805e92447f86bbbd2dd748550bd147dc14487b4b36c769f2d52d03e1028254ca10854db02fc0afe199b2e5aae19e6fdee31276d8dc0a06aa0344c7f8f1d26453673adc1c4bcedd8e9e7833150656499a613bfc08f1c670866c3b136770a8e72800297012e2a9ad9cf8ae6b97014430c8e757fd4d2583372bf9bfa93ccc2345b52f58a54448f21fde535fa098cd09543337b518db2635116cc1acc51aec38d0a7090345631
+
+COUNT = 13
+EntropyInput = dcd0f3dd952ca9688f9b2f4b298220f3c22cc0596303ff41dec219e732c869ff
+Nonce = 9c548ec0fd9fcd83ff1dc306f46330c2
+PersonalizationString = 
+EntropyInputReseed = 15d37cda1f24e910a3321cf5d4109538d4464bc60778d2ce93e4d925ad495e72
+AdditionalInputReseed = 2b0a5d34bf92c50c2d4c25f86e697465a7e5a1bc9f6d79eb058d7fba6cbe4ef2
+AdditionalInput = c86a4cab153daba68b02977f2a2af8df5d007edf6a5c57fa2edf77325e8a97ac
+AdditionalInput = 1ef8d92d6febac02ba702d0c93724cab16a986bdc016cabab5cca4960750f59d
+ReturnedBits = 41aaed73a7631c312e339ce068cc19dffc09a331bd1cbeae518e7977010f362f8310d0f837413cc432313c244bac06e618cb27e21332b7fa7dddd4bf23231d6c04370009bfeaa5ab47538b113734257d31f7b9cd785cd0fc53e68d2491dee56299b641f1d9420aa66897494b15cef831424a748baf89ff51f93eae25d53f6b34e7496585e97a9e8b01c58f8b8caa779277323e5c42bdb491593e664ac4698bcf62ef6c7a91d3375b72706cd67049b42882d06172193a04f2e52cda06fbc4c7a25872bfdfd0d95a22d94d20b0191e0cdfb43e3f5df1be488cfefa0a0c098c8bfb1d854c133617bc79367817913be16da2d44e6973a5b1f9f0d03c53e2c3ede5d9
+
+COUNT = 14
+EntropyInput = e342ccc1a8652b617f28be79119bdea5eb8f7d6da8fc8407c76a71b83306eff2
+Nonce = 46c12b22dd4c0696b46e5bd057e99e35
+PersonalizationString = 
+EntropyInputReseed = 39e481828f3196d48185bee8fb5617939b5bfd0e63c34fdff06fd56108b05021
+AdditionalInputReseed = 3dd6e20bf2c45ba2f33c14db928e2dd6eeffb7ade543cb4e7e0ccfdff6b2e86e
+AdditionalInput = e12f4cff164a721c752a52e36f008b82b74c253c99d4be366bbfa9112b8ceda4
+AdditionalInput = c6ef50c58f08b93a768a5a29e1787aa3227c0bddf400e3ad02ed3270ffea7d4d
+ReturnedBits = 7781cc73939c8c3ffd9936c584acc8b60246ce4eac9e6c616ccd464ef708abddff8b89e084468043211a19ec155a1f3ae8ed99c7b0e8cdc00890367d6374e4cdbfdb29484dfc765bf592c9d4c768145c4ab9be43b24580c06a0b90bdc6fe4786ede47d2ab1bcfac35c4f4b2bd0ea9a1f1094935cba4ebfea76cbb19100b74597ca702280717dedf2b75c9e762a2379472c87b824c948ca2d35a2a62c0458bc2f02cefae53e6c751da68be486bf7843aca22d9bea771d215914a283e36abea0964227425967481bc560d230d5f9b287bbfed89f203b15e25503b933d7576ce271131075b0643f0433e5d769ef57cd46b02ba4796362820424858a829e656b0c92
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 12c22031d03a850f7696c927d4dc8dad4c3dd717e60ee5681b05db6426a0e167
+Nonce = cd32e3eb3f8334d9698dec627b2eaabe
+PersonalizationString = 756363f68178dac09a5c8d64effbab23873a3bc2dfbac39b6d47ebf929ad9854
+EntropyInputReseed = 17ed31bda64b08ece50edf5b91f6a0862e5690181734a0134e05e366640b7e85
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bc5d8d11be22679e33f40374175716e67c8b5fe6819ac53a9b208dc058170431ffc29ebd1a8151caa3e9156d4c7e89e39c124f7194095102e869310674471a7f1dad4e58f4786e96b7aa1ad7a5115923ba01d4e7a60a8f11ee9c47266c0f1ae434168b7b1fb61ec0fc292c6c2d3a8778dc7b881642fb8a3e9fa5ff3720f700ff89001d21e97c61c246dd4f87bd8a64fbcb92014d52f6e64183bdca84ec25ed3524b9abc86df2bc4dff2b76299855de61b7da7edec027893ab4edd0d6ea6348e7610e6d940af4225463886859ea4f5c53fea2c398ac2fe74a9b318b115dd46bbec6884f077835aa95150ef0b3ed34d6d5b144ff1c1e2388483d9b5fca8a2c5bf3
+
+COUNT = 1
+EntropyInput = a521cb5f91c89908e1b2d1bb9c43e0a36dc7bb6b274ed304a4d87b29841f97aa
+Nonce = 70fbb10f0719866fae61f23d1777c3e6
+PersonalizationString = 63761bb75783c01135e1467c3ca0de679a20073a0513e71786c554dc093a4a9a
+EntropyInputReseed = f274655d81b86128a4986471f217133cd8a7d23de6f276f301326899f1e2768a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b7103a13b41f36294323b0650e7fc77b68fa36d92ef5789a9efbb69b52f5e8d71a62c5f6dce7c4afc25c33ae6fa1376472f2fd4ae169cb5b4a9064e8686a96a395979ac8b61b826d38a0f214924fd38669958fffbafbff121877ec7c404ab365f0bb3a79b79a7aa5e8cefe6c73df16457b6d5ec06c30016697478454d4103780ad8850764a52f7670c325dcd160bd95e73b6b5b0f0033a54996de79d0a17e6b61a2a4a852c88b65b0c278c7e9aa4d3ddd3ae25e94515f7220b68ff7841a397e6495ba9ccc1fe94894ea9773c18ae0c22d4bfc947e3c2f3d7a75931ee75332666065b0a175495db838b397c8981e251dd0bcbd961eadc2e1f163b10669e66a027
+
+COUNT = 2
+EntropyInput = dad6155b155ae5a8e9b5ba985d9883c24efbc7b0b90cbcf831d58ac5eba6c41a
+Nonce = 31f0cd81da9ec64eef75fdcb6d5943cf
+PersonalizationString = c90242d4b03a8bb5d7624dd8bab3bbfc28860d68cd33a38ab7afdd616289a6aa
+EntropyInputReseed = 2d4d48c4cf14595cc5d00384a8133565a48ac0895fd9fcb1652fe5e165d4e394
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5ce033555b34155070611e6c451725e844352765f0a8f096a37ca3e97422f6f5dbd04dca00f16e4337af2c290a678027fc780948bd7961e0cbcb2bca679f38feb09dc44ddea2c96e3f9b8bae398db11a7d5a094cdec0cff1314e08a6b1942294d0ae1060cd9ff027aa9f371435ea1f4e58fcdd44b204eaaee0052cb905533d3b3b308bab0ad75e14e19fc9970845aea0a256d0ba23092262be7b006d19c3fd8e61ac2f2a5ae8226bce937f2393a53bb4b1b2d1b248202c5311b43fdebf4a1b351c90756f1b125a927422338fce50d7a6e2f18602425374a5661caf7ea3976f2dda758ec7aef4a85648a71bef2f9039600cec5a47e543128b890441c3213b80e0
+
+COUNT = 3
+EntropyInput = f89ae0bc93ea6db864be52127ed7768e9a8e804714699ece3d13cd4670e1dfb2
+Nonce = 37ad998afb41a0b0e9c98cd4193ffd1d
+PersonalizationString = 52115a38065de57d34870c12f02f4a2e8906c8b0e0c366ef294c766fb1cb0035
+EntropyInputReseed = b67f044f3e238152f9ee5f5c8832af7307d6b061d8de29ae1cfa28a6afe43951
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2df5be56e78df5fad447f5bc0e9f02cf2ed705f8ab145abdce24253e9dec98e6a8cee77d59f9699ca85890a91de221e962df85d2cbddef958c485abc2b5a44af49ad0772b0f2183a56d94d6f17720624a4fe553c7d8d410e902c9a9bb42bcd9ec0c10198131a21ea92ac4a7f53a5c15a2b348e9c80a817731244a6b0909461629b3f243257fc15a827e357f6a48e1f5ac0ed525df830e896c492e605b9ee5fd49f39b2a4219214b8b93ce7b2fb6bbe2832d6ab22df90d6d33e6cf51bac751e199d27abc76ca34aa1758e04784a9a7be356c464c155d5c54ebd3296396231ad3f81f8db026dadf7f40b2ddccef6756d0cce061abbb76d6bed900cb965e2f28b64
+
+COUNT = 4
+EntropyInput = b030a50026b0118c419edd4380d3ddf0d80bc446134adccbb1534558ec32501e
+Nonce = 937247304ef13ab4fba9844d7f9bd276
+PersonalizationString = 372aaeae281a11f691832058ee884bff1e3e79b3ef218045a2f5d02c6fa8a8c6
+EntropyInputReseed = 49c7d993a6cb9032fef9904f8b614598c58db81e1a2bfa48e49826e9f6b5e042
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1154bb54f38c53b73224c3e50ab22b2865503fad39f0479b04c297ddf205bd151c6e36d85ed5323ef11dc4a32f01d733e09338979b5463298448ceb369226f9706e27ec0ed17838a7addf86b160e75b46cb94938863784d4a7509476eaaa287902d5cbb9b389bbbafb5b53245c78315cbb98884e932adebb574f47fdba72cb6f47390db4498b7a1b994fb9d74070c11c06f95ffd501499295ea625241d262acbaafb1da5346122448e5a6e5aa322bdc8c55184f8111f6c87b30d8acc52efcffb48f7bce3df92c2ea51d139c35545a86d8e5077772c96c167d0f2cb1ec1d5c7a1a9a45237e9caf8fc067ad45313c5d3e7174375a7a27ebb42cf1b14ee26cb2109
+
+COUNT = 5
+EntropyInput = 5a7775051b440d9ec535574f830564ee279dd73d2e74502a0d6132c09dbb26e4
+Nonce = a30d2bf2a369c45f044744c0e1c05213
+PersonalizationString = 184cc86dc549bbad740a608f99dd59a0850539cfff0a8de83bd1a29600d41321
+EntropyInputReseed = 331e4d09536ad86afe84b0a0834b549d2b3f0b26d6b498c07e399174b7f4cfd0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 618e62c489bafadc6e60b76795702d4ea77537de67e6ae460f02a710e6bd2e0273acabcf35b8cfa04e9e00b0edd59156129a823a7fe1511b9c66e6b4d07f62230e07abe28adb637b9df0b7789a2d33dbcce01a1b6f4c4bc455d499a0f3a171f62f6691f062c21389aff04448c4bf012c2b1bf57c788e641e853da94324b7fc4a19eca858b6ad4aeb0a71d4c71c3d7092084ec663531b588f6e259f7cfe151485f789a63f33f9b922810878c4d5d8897bfd29447b8a91c5f9586b22bb41a769902a5f3aba27dc25dc1d3a5b1bd9c34b1f95efe79fc4ef368f90eab30437311a3a99ea66a451cb67bdcaaaa1ff3f36f207164a96a0f91605c609215e830e0c7c43
+
+COUNT = 6
+EntropyInput = e3ef9f669ed46eadc2dfd391e58e2175b676c90f6c00f5fa8e9a1865413dcf70
+Nonce = 15cc925e9127b1e88d9881a8c38e0e9d
+PersonalizationString = 83facf0fbedb21a097dbca43c3752962086ef0270e0d5c55151bfbc6ad5bcfae
+EntropyInputReseed = fc8e745b8a0521c182b48ac84322ccc801e34707240be6ddf060264725e9e5c2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 98e3cbf5548309f1c8b617de98bf4c314b01cdde3a269ecd5f9b582165d184869e500fd080ba8501830e31b8632c4517a8937192440fb259bd0cdabc33743d401732031df36d564bd0d75d0cc582e31739ced7cab8746350f2c1087c61329b4a18c3651a538a9196bb0b90c6ae3728e67d824a4e8dc56014d4c19142258a194d9fd87c5ee50520cb6338cd188274b65e18d2a77687672d33483f50e9a543d3696836a056335ad9961a7dc91aa0e07fe76c71d754d6b6d815cc009e616d4bed2b2be5b9b008b97ecc8cf4d85f20200ab63bf32fb2116db579a2c0718990d0f270fba6870ea1d705c05875cd3a4c1458392070b3ff2d2c71254720b48548d2d03a
+
+COUNT = 7
+EntropyInput = 78c972df6a57a8c226fdb71fb305ac30597c539875cf38995884891c3a2a89e5
+Nonce = 176ee854514568da95422dc8a89ce9c7
+PersonalizationString = 63aa05187ef936709afe882d98f30fee4842274277375888e3a5f3ec0e97544b
+EntropyInputReseed = 7e1c670157994a077ea091f7086cb29ede91b46abba728b6e2c1e0d02cac5cfd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f3c8ec17d780024fdf3505804871b137d95ae3155b4bb867b787cffbdaec57272af1382eaf8b602b5eab3ec0d850ed5dde799371d578d93a657cc4357d494e2a8871cca96adb0f5dc72894187d9c0ae9766ddea13536408e29c14da25373b59f943e6641dae5978cce18a5f5c84ae43a235bc569556a9312b665d6b4dd81ff1dcb890aa312a9572be34b8ce88293af199c461f7ccdd6afa6ad0bb31a2c69666cc3d45dbf86c9d66900e2a220a17c7032db5f5f9313e35e9636c14c7f6af016f29baadcf6b24772b1d9fc7be73bf7ff3546fb0d3064d88317947d30058785a583e2a8ca9c840f439ecf9d93c82f60eee04d6573eb6abeb8927e452821c6c537d1
+
+COUNT = 8
+EntropyInput = 93ce3de3e0dc853e8ea3e2d6c2576229f9dbf2a278e547f9e06eede3866bd892
+Nonce = bcaa0a57177407978a446cdeade3e815
+PersonalizationString = b4962ff5227018f4c48b91f9d5f88ccf68bcd596944b309fec776fca64708cf3
+EntropyInputReseed = f0e5299e62b217cb65d760a18b2600e90c7e676ed3df459e0664fbd677c568b0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b68dba6303cbabb9773e499093323f8c1dac2a669415d472c18b85c4a800128bfa5d30c890a3d78ef0cc1b90d01a177808525c3d1489f0bace0275c65d9a2b4adc30060ed3f6627222bbb95b1d1d5e26f3981511af874d1ca797912558c1fe25a2556ffddf4f779da9d28a471200996c7e062d87291ece039eab37b744bfa7220b38352c57f43a1625dc9bc2405b9cf36b36d95ecda9138871013590702bab9230e4e53d5d71312bc65c5ddde632b582a5aa34363c799aed8a5b74843c661adc77b42c26290c7158233175be4a4b4bd414e1965c027c363dfe87b547887e8bd7c3cbdc08e039808c62bddccfb26d36e042d997857395ad2f350490f59d4b56b0
+
+COUNT = 9
+EntropyInput = b75982ed790447a297bab82d1e579049a671a8b01bed7f01f7fa2470069751cc
+Nonce = 68daa92af87c871269d48f4b558e4c18
+PersonalizationString = ec11cc872d7b6ce95b096816e4e0d50db1cf8d5b3df9568ca31ac5cedcdb7d5a
+EntropyInputReseed = ffa9affa41f3c7ec36ec530a392c4170cf23b9845a04a1fae18ff86d44515462
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 99161f1dd7afcc9285af35128e9dbfa60e1ccf46416ab7bec59f40ee6de65ffce79b2d426138cad6b24e0940b0fc85d507a2cbd403177eb356238dbfd20a078b3b987a343a0653d7c1cd8c675596647aaa4797d4c6747d4d945d30e04984132ded477f1e4b66461d4617c8eec57458ebbe7d0ed3340a744f766ef19b3690d0d622f381efe099f987dff68fe8647624746e8e6f02dc36fc492eb86e29f8914ebe923e4444d171fccab0f35c1105c3b6a696c354b650af8638c0e0182eec00b5a271fd8020503b73013df23e59e0f7f4a989c17a62abeff0d28d7c4425349992a76368de4ebf2d4c9d476923a28694755cf9ac8b65b6ba922a33b3115529f7795d
+
+COUNT = 10
+EntropyInput = 7b552ef6693837cc86b4ace87172fac9e5b3e42100384e4476e8c9648e85aff5
+Nonce = c13ba80536317b45f402eca083b67813
+PersonalizationString = 2b02ebcd2d4ecf80e5efc4b3662c88bc981330e5cd4ec2930d0542f73d772a01
+EntropyInputReseed = 30fe542b2483079740b19bf5be8ae80bc9e13d253c9e5bb41f60a97310cbff73
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = dc706f353e9bfa2b81fed3f0ce74e22e73abb87281c4b636776b0a62332ea87e08b1aaa2e99ed6cf8cd6965ad7bb9a076a464c8121b0339e6bfb83aae5e6dd0f6f02a23a26bb196101c153a2df58324a1d711254b78c78fd613521ad19c68e5571488d88e20a63716a8f004bf4f4014656cfb6fe56d3b9faf57db4102fb6aab7247748d369d3cf5f766b02dd06dd49f6557efad3fc2d77a847ef13a637f3d27ae469b84c72932dbe33165e4488518d1b8ff4f8dc7e01cc31a0c67d466002bc4723482cdc3f869f9a15e44272f2b237495363941b7c301cc8a0a131c5460ba2cbadbeb587ef18671bf17f2825bc6a2899f4e7903b9d79788e6c70bf289b0c22fb
+
+COUNT = 11
+EntropyInput = 63579af3c9ae882837f1960e39449350488d7b4ade68d1e6760f7c020234c595
+Nonce = 9a6a0aa23cad3ef207b5615782720713
+PersonalizationString = e225c701cb6aebfd6d9050ad6d0c3ab3ef47269d1f63971271b7305f55e2c6a5
+EntropyInputReseed = 35be4df589aa0b4d889d0276ffee4e792e61e8cd6fdff4c63d7ada30a2ea640b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 958b59d3d4a0af6d896991c79ce24c794b3417fea81cd87bafc127c2464ceae1a69d3658c1c3cf497f5f7c2576caecfadbebfa6e30e25b33c7055a6771f03219e85d1af88ab94d6e59ae835f281cd848cb4a8054023b9f895baf93ac6c1bc6c97ac2e32ce79f6fa96d795ebd6f7319e15257207348e6e3aa34ff0f96d1d1cf70a57c43759160adc787b685c41c739f8f298f1129f2a45cb441f633d1ff1b74d36806f56bbb942f33851ae4ca82110207f222fadf697612306c533c802f52f9fb9de04e273497fe881c9fefbd595c59c544a2d9b62a54932f2c277cb7e07178f9601e445ec6de392c5990801e0f3edb26c8f7a1deac165c809f779339751f67ec
+
+COUNT = 12
+EntropyInput = 83da36f1f9d70ff8a9e0fff614e5c85aa4acc8041b2f29e79d5e3df1e2820074
+Nonce = eab80247a9016fbb18fef0918f34fda3
+PersonalizationString = a0e04025945130540fbf86e88b34eb9565987325f01b88e6c213846f1647f185
+EntropyInputReseed = 6d297e34ab2590cfe03b0fecc1a921541c159b4c8423df4699e8ddb1dd1575ac
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 00aea5b924c99170f1b053b670d5ed2fee55b8cae317fa3bef1d5dbcb8081560704e63259950f3db5b9b4922e3887878889b7232758e6136b581fed7c068490ed7098f6cfb19109d4c3b949f7123f45e52b9a6f3321e3db040ef96652d2749463af1e6958b4f0487a7dc60b8a9d0e10c368d8e80b843917415de3f0235da1d352072843d774dc71cfb1d2e5d972a52a2ece7903151cfacaaeea8ca9c1f1c5aad240c8281cdc8d33668f9b03ee38b2429c9fc661b83769347bf617b72b76d40269d4f94eaa00da6f3473c56e9fcc0f4af852039aaed5cd4c317a99921b7028cb09bc496b92084e026df02ade8aa57a44deb22e179cd3e91ca57b31e763fb36dd3
+
+COUNT = 13
+EntropyInput = 3802dbd36565952e32f807e72ddcd16823f0d8cbc7e344871968fbdf7251041a
+Nonce = 729198bad4a78541ced199acbd0070cc
+PersonalizationString = d56d9aa9bc1d5ab27bb7a450f8ed104f47bc7961416eb84afe77f036346a6ce2
+EntropyInputReseed = bd79f436b4c1d00f45b11ee9c0ac98044baa8f178b15de34cfc06941adbd7d9a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 591853dd1d59046183ebcfad5208bf020f7463b06a57932b429c724fd71d8324e5f446ddbefbbec33cccea1d57e6319309582cfd8969a8c1dc1c677b3186bb2ac5b2360cd3d512de3a7108ec0113b24201463bb5360933a1ac4935de9c8935ae245ba5e2cbc77566bea51783bd7fd553e66480e28977a76a5edcacb89b0a50659cd6977a251f89f9a02ed2df4b7df80e7711372714e7feaada6394976b58d8a00188034ba85314faae1df8c9bb361ae03d8e1e62cbba19eaca4e121a8c316d154f2f8a19eb6c8a3c7a84d574a39afb6a7d680ac8adfff2f6c65c0c72ebc25325739df1bf8ce4206086fd7871f39f7af16b33c97d605fbedb7dfa7fc1851045e0
+
+COUNT = 14
+EntropyInput = 7dbee2037b56fa5628633915c9667f2db0ee587656bd43e87b1a8c9d29492b70
+Nonce = 9720d7c43db649f998210a8e2818a5f3
+PersonalizationString = a3eb4fabcef43cee0b6df871ef2a7dcce385492300e503d38a800bf423347bc0
+EntropyInputReseed = 562bc5aca3fba2f4337cc45d4c402ddf3a9c81659f848b74f9e4ed018b13d2ec
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = da4c79ba4e383185a814b6ff22d4442f9e896093a2700d095af5a35efe5203fdfb8cfbc14f2551cff49adc6b003149a6d92d19612b7256e52cdcf84e3578689d6e4af6843ca48cac7724e5c4e33bda9d41c7f260dc7d185872f49384e11cfb1c9f3ecf4f49c24dccf996703d5618f08819d7627278355c61a826f00e2e072381cb920f7c8af0b26e07fe147e5acf3550761f056df6ce66b10d234eb41f62a5c0919e405db7105c5470980f0370288948bb5f8198c8cb4ad32e389b55dc9400e946ce02ba92170e8600dc3e2ab77e102a05dfe1fa31ddd132c1299b65507870b7b624b14d0f9d01d36bcbefcb5745b9bc766d8333603060914b1c47188147c0bd
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 554e8ffdc49ad8f99ae5d5f81af5dafb7f7553d7cb568ea73cc082dd807625c0
+Nonce = f08978de2dc2cdd9c0fd3d84d98b8e8e
+PersonalizationString = 3e527ab5812b0c0e982a95789398d9ebf1b9ebd61d0205ed42212d24b837f841
+EntropyInputReseed = 78073e86794b109588f422f9bd047ec0ceabd6786bdfe289b316439c322db259
+AdditionalInputReseed = f26bb1ef30ca8f97c019d079e5c65eaed1a39a52af12e828de0370799a70118b
+AdditionalInput = b09db5a845ec797a4b607ee4d558567035209bd8e5016c78ff1f6b93bf7c34ca
+AdditionalInput = 45922fb35ad06a845fc9ca164a42bb5984b43857a9162348f02f51612435b862
+ReturnedBits = 1f20839e22553b1e6cd4f63a47c399540f69a3bb3747a02a12acc70085c5ccf47b125a4aeaed2fe531510dc18e5029e2a6cb8f34bada8b47323381f12df68b738cff15c88e8c3148fac3c49f528123c22a83bdf144ef15499344836b375dbbff72d2869662f84d123b16cbaca100121f94a8d5ae9a9edac8d76d5933fd55c9cc5bad3973b5138b96dfdbf59081df686a307242f274ae7f1f7ffe8b3d493898347c63466eaffacb060608e6c8353c68b8cc9d5cdfdbc0414448e611d478508191ed1d75f3bd79ff1e37afc65d49d65cac5bcbd6913751fa9870fc32b3f286e4ed74f25d8b6c4db8ded84ad65ed66daeb11ba2945254ad3c3d25bd12463ca0459d
+
+COUNT = 1
+EntropyInput = 0c9fcd06213cb2f63cdf79764b4674fcdf68b0ffaec7218aa2af4e4cb9e66078
+Nonce = 431c4d659396addcc16d179f7f57244d
+PersonalizationString = 7e54bd87d20a95d7c40c3b1b321526d20667a4acc1aafb5591682cb5c9cd6605
+EntropyInputReseed = 75b84954df3010162c068c12eb6c1d03645cad105cc31769b25ac17cb8335b45
+AdditionalInputReseed = d5749e56fb5ff3f82c732b7a83e0de06850bf05750c855604a414f86b1681403
+AdditionalInput = 9a83bb06df4d5389f53f24fff7cd0ccf4fbe46798ece82a8c46b5f8e58326223
+AdditionalInput = 4813c4951099dd7fd4773c9b8aa41c3db0939250ba2398ef4b1bd253c161dac6
+ReturnedBits = e17e4beed1654fb2fcc8e8d7c6727dd2e31573c023c8555d2bd828d831e4c98742518766431f2ca473ed4e5012c4500e4cdd1473a2fbb3070c66974d89de351c93e7e68f203d84e673460f7cf43b6c02237c796c86d948809c34cba123e7f78a2e4b9d39a5861a7358285a1d8d4abd42d5492bdf531de74a5f74097fdc297d589c4bc52f3b8fbf56ca480a74aeffdd12e4f6ab83264f528a19bb9132a442ec4f3c76ed9f03aa5e53794cd006d21a429db1a7ecf75bd403701ef2472648ac35eed05840948c11d0eb77395aa3d5d0d3c368e175aac044ead8dd133ff97d211434a58743a40a967700cccab1dac439e06637056eacf2e6c6c54f79d3e56a3d363f
+
+COUNT = 2
+EntropyInput = bae483c94f3e4521753589b4f2b72e2c8274f4e4c2359ea5e9de56cd584ce4cd
+Nonce = f5f106d412095ca4d380f4b655217f2d
+PersonalizationString = 2693dde6633377c9e399f332dc50bfee6b6287d0c58b452cade3ac1711b3b5da
+EntropyInputReseed = 65bcbd036f7c5354e8b8fbc5a72c135243ab53d0fc2cb1a58b3e02f33a38d44a
+AdditionalInputReseed = a261c178acdfc5d56ea941eae290fa949ae48813994c694a18fa76380a77e8cd
+AdditionalInput = 3c12f018cf22d5c553f1c8d6f73b01498377098808d76bb007936f077af7a5c2
+AdditionalInput = 9a3b7c836457342be51592001a5362d25fbede69b8688901ae6a1c3ee84d5393
+ReturnedBits = 137ee45eaa4f3a175174becbb42de66a800e13d589024ba806e7e94d0a34c893c66b838993f0e9c854b819949a1be843e9570e3db8bc1b734770370433f92062b2e1597a2a61dfbdf78373478a24b951157bbddaacb319b0ed59de6c599c9f076ba0008cadc5be2ba19c8c36ac98cb26428b19be20ed37f22d11d9b54ec24b4fdd61f9e9c0e91b9394320279cd879a4546370be64e196a1029c203782b1295a44904deb05930664cf2ae9e315050ef0c0227a33b8578944be29fd8690d3f86be90aecb856644a867ec86236485f54fea6046b43b1bb0a1725d3af74908c1ba43c15408e20a6eed33eff25f5d4dedd738930d5741e25bc24f4a12eedae4395fdc
+
+COUNT = 3
+EntropyInput = fad292c99862db90f7983cae018e49ac08980072c868cea53236a853cbd019de
+Nonce = 1452db14eb178c39f4dc7dd605824f95
+PersonalizationString = 3e210bde62413d4882b8e419f859ecb7d3eef1959266380f560ad90a0f6de0ed
+EntropyInputReseed = 8cf5e1b46dae220150893e83c176e1aeb0415d5599ee82b7395d74f5be697bd2
+AdditionalInputReseed = 976ecac5caa93a4277b545001b57351f2e5c4fc6fddf79677ef603f7aa6771b9
+AdditionalInput = b5cd65a636179be28e0ef16a456de0c0135a938f294b418747c13defa9d963ad
+AdditionalInput = 74410718bd2ada2f124d68c14cd071fab761bdcd605c3a4a4822d66271b7e30c
+ReturnedBits = 6b8ae32ece00ab02756bfec0b67bf9f147f0b9d2ec856a912bc00238e092ede0872f11ef74cc7a82a5c5298ea497e6cec2507a95f6a649ac26b4e762dc228a6d11df175d37f6edaebe3c69a68c0a196222a2612f9b4ed986645e19220b6c89ca9c9c9fb0ddc621e269749fee8cb05c8b55cba6ec8d542d10c26d886afae0b5363e3bafd4ec16aa94edc994c7aa49ee6be1e7bb9a448d67ce5345aa4b751e040a003eaa4df612412aad63f86c87804afd4582d498bfd586a5063ba4c6fe536b35deafd0ffd07662ddf2ffc2ca679be2580d0fa66eb00237a3dfe25afaa6a74c0d187c59e354e031e9cf9edd7a5605ad1aeb5e0c8db4c23ce6075f3be481546dc5
+
+COUNT = 4
+EntropyInput = 209512d2442a50441dbb3bad16b277c13e091da123027f49ce20fd55a3bf993a
+Nonce = 5eb5021f952b564d131b100a026f3046
+PersonalizationString = f15d24390c8e98c2d5eaa08bd0a51579d3458721db5925d3412509eddc67099f
+EntropyInputReseed = d7641b8e147b1d617518e3d66bf9388f76f2318b01695ab695663e3d946ab142
+AdditionalInputReseed = 28c801b4e36ee32e694a9a61729dff1ececc953399f3ce19131ac0a3fcd91d89
+AdditionalInput = 3cd659ed45cc8bb099f30b0f65aa6c2c972f755292921ef5b1fd5d99e38e723f
+AdditionalInput = e101cd1d5550e355b9bbd3b8dbb83b49b5d5c257be120cffdd27c9de3c0c2359
+ReturnedBits = 02f417de4a968e668195ad1bbd647955e26be3fdba1b9a182e0f9c9e14b08f58b7b756afb5f0190ec3573f0376f51696b1b6a808842c187eb2a3c2ab6149088da1ac314c8d51651ad748b1a5296554a42355d14d61eda5ac70a648cbce45c918fcab9e053dcf60d1c3a75e824c8971141d393049eb19deb4b44ec953a0d275d9bd1424b66f1587b00f60b87e346277fa784579bfd0aa72bb18b259d275f1622caaa85e780ab77557852e332126a8c3c4e0ce335a7e76a56001e3990b53dd78b0233ddedf3313bd1d6e873c280f39c1157c24cca47ddade1dc824048561bfd96d6c9d2dffa927bcb1a0395b6f808c251ed9b0598b39d3e778e13baaf756a5d498
+
+COUNT = 5
+EntropyInput = cc202fce16e538b58b085ca132e6ba98bd3f5b27542d2823050a6959101ffb4d
+Nonce = 9a9a105ea3d97c49162e6ebc379de5a0
+PersonalizationString = d15e5b2c5a760ecda00108812e9bee55c1beb347cda3b0c2d21b93f426ef2c18
+EntropyInputReseed = 973e3529ed9a8879fcb3f99c1272ec77524918a7788814b0cf3bc31a9ac37a47
+AdditionalInputReseed = 224e915525a3c3141ad86012a7e54bfa9202bf1d55f3602879c3504648c46114
+AdditionalInput = 9fd4b64450c9028210aa3ef9782d170d4eaeebfa91fc79c0f123144e3c5076ae
+AdditionalInput = a63b2a7accb6bc2c370e96ce303ec369884714620773d7848d8911fd74afc257
+ReturnedBits = 6f497b2f95d7f3d6dc33d957bfb8d3537b1cfad43a3ce8d16e1d42c844f1050d627e10bbb00fb8cc932670b5fcef154badd977ca5b626bd80ef232d175d693a97da75372a361d80ecabc570219bf2b09d94ca9767ca714b7c3887aac185376ae45c81322106b3e0603749349431361d41264c38df19cef49e7be3f56d0212cbdb096908af5bf0a131a14255fa1b2eeb5d576e31d2b04c4bb229b918ec47753f0999bb6f5510db4b54c408df4e985fca2dc79190d7baec002bd2587866db91f12f95678705db9a087dac5a4591aa401da6810dfa45a0e9a41e6fb8d0438845ad6ab2f63ff95d16b899121972d2d17f0e15065499b615c5324cf18560760312e2a
+
+COUNT = 6
+EntropyInput = f668cde883e5984295aaf8851e5d1de5a0fb7adcccc5d0cc54f06b8347208353
+Nonce = 55a1248975035b872da59149a5b3fbdb
+PersonalizationString = 60e2a5b3f54818897b83a1801892cc7256234181942a4cdc9ae65d0dc4a84593
+EntropyInputReseed = 47df458dac649f65227870d5897927f2d0953422202f9c1233ef1c1b2af6ee08
+AdditionalInputReseed = 68a5aadf78a142cf2629c97fb13a38c9c88490c9885ad6cef224ad33319647fc
+AdditionalInput = be5f433b166eb8796bb43c259cbc6304e1d557d24c3cf3b587a523dc51d7764e
+AdditionalInput = 57c27115b62e9936c78056b6255d32979ebaa74a8a94c92e73ad26b287285621
+ReturnedBits = a295d586c7f3365172b54618cdcf475b6be376b7ac9f965aeee06dfb35913eb36dbacb1878896b7e345e7d5142977ae80ec6147e9d59c57160ab7f0139e25384a9e242724d2f4b6b7d339e6940aea684af2e425823b20c016719cbf36eff9160b9a5d63bab1d691eaf20ffe2d706c9433e2e52f4f3bbfae39d3e6891b2c1609dc45f6ae7b844e15b6bf77e223c4c1568cc0523066f12257c2a676390ea50c6e7697c9515278f560844827fdd13443cd558c7a4d248b12cbdf8539cee1c7b3d0980919c09ad54f149a4f7cea33f4e0b2e217f525e9f58149068dcde5e70923c57525406aafd54dfc18271ffbe5050508406dedbc968b3b1a0c2541ca78228ed17
+
+COUNT = 7
+EntropyInput = 3b9c147d0795519add7cd1f0df5bf8871d49479b006b915f3655073e4f0fab91
+Nonce = 974caaf8bf17b2d826d05e6a92f38e1f
+PersonalizationString = 3c2bfd43d57afa44774d2caf8c6048ff0f1551f7169e7b6a66d27e1832c1da74
+EntropyInputReseed = 61b81087338403d5a97a93b0838836a231fce4d5557cb31d3990ad1eb9bd0f0f
+AdditionalInputReseed = 2954ee82a3a8586d71d016836983eae80ae3885520ca430de4053b324c364fbf
+AdditionalInput = b0e9dec1796c3bc3d0d41165f532931e14af8930520d584195c7080bfcd0e7f5
+AdditionalInput = d96608d581fb6098db8d58c335fe58caab2fc3d9ee011ab99d565334768bd4fb
+ReturnedBits = e0461a26245b672483590ddd099da51b3048028c43938ec0fff0e176f4fd3cf76b11a6899d766acd8535d23b2f7c167a5a894fcf6bed637d64ce1b102c3a60d2a2b3540c5a01b62e2fa3c224bc77ddacd36a00aed71a6d4fa8889b9718f5acc1431640f9a77d283ed10ef3f2e1f335e32f04e9901aac83a448f20af09c0092deafbbbe9746163f3b914ea63c65f5f3c2ed5f7f953b53e87cfa22b65ffced19c880a0222fe60ffb5b0c4234391325f6ff7a0c00e46ee20e9717bb6225d265522b95a1107f2181bb8d4811601c3b73758789c2ed349628dec2360f62073cf0e1b3b9992148a1854cb9de8a2a9afa7d9b6c2255b4cea89d4b58a8b708ccbbcd6a03
+
+COUNT = 8
+EntropyInput = ba97378d99300208202fdbcbf76fa7193d4eaa50493bbb10f40b4f9cebe1e4a8
+Nonce = 1c352e8e9583432417097310471ffbc3
+PersonalizationString = 61487e71547fe8b04669e1f82b83f7e7ff28bb32f912e2a82f4001cfdae23005
+EntropyInputReseed = 9b0ca1a60e96169481e2d51024d8c4592647081a73cb3e553f1675f07122c5ff
+AdditionalInputReseed = cee76d85c0b767b2a286deb93b1ece29d021fb06b9d21269a7deea5f031613a0
+AdditionalInput = 076cf7c64dbfa07e9fd4f18aa192183e9ea59a9d67c2f5e7bec5d241bd67fbb0
+AdditionalInput = a9942e98202f7138ab9ad863c874a909c788001f581d0f490e5dcfdefc933385
+ReturnedBits = dc9bc3dc354c322ae8a41bae0617f1353740961646dc7a97734f7e3f29a79b445a7db2be0c37ea66487b9f757b810cf64878db58172274a39cc8354c32da10c71d687570c5872042b99ccd75d5832901de56740ffa5ceb0ae8883f523ee7e6e3df30e440e4a0542315810e8cba750aec302579820de8fb56056bad441d1871744291925cd3a058455109dab2778f0e57cf90d72b73bfcf4355c704b8d9228b1c6d24e0459e69a43af165f2c88e3f14d53c31dac5480f79b887dba392ff25f27f1a87bc4016865565ca107522997be9edf241a4c9a4402963f1e3b0b4a27ab4a3ee31e46d11a91385a67cd675f5a91c0674577bf228be2ea19d2c4dc9bbceb85b
+
+COUNT = 9
+EntropyInput = f7b60651d42f71dac4e6a2c7af28e2a5456d2a838bea0a75ba8f41c29b300871
+Nonce = 9cfa2c9f6b88b1739da5af96e3aaffeb
+PersonalizationString = 6628f280b046f478f248855e588267ad18454d7828f27f523ef5340483c07a28
+EntropyInputReseed = ec43df6057d281386da6e23acaa8a5fedb3342d15b6bf0dd7c84849097a6e9ce
+AdditionalInputReseed = e5a0588ef4e11499a91922d61924cc2621fa7e4dbe20c8f137e0648445ec79bc
+AdditionalInput = 53d4621d55a2a2269ada8b3789f03710bbeb9ee3d16c801051cc814c5957295b
+AdditionalInput = be96a7dbf9f9b36309b46a7f4b160d6c3135d21c2caf0401aa4d0b6ac77a1b2e
+ReturnedBits = 65dd80ea5c8b4791241ddfb0b1aa32e48bb66e9d0992a6e2bf81fdca94646b978ae8a111f70a5dbb780923a835ad351185fef0708d3482139c8d3e2c85da69ce0d5a3ea457f18eb907d90161b4992a70c324eacf47c72a16fe6ed7153b8c740c037f003103cc46f9bb3eba04e625c4805e16fe88a1f97577478d4c48eaaa37e7bccfb3c51cf43f158ea93ddc5fed49eac0c8c1caa829c3f386c2203c9f4cdc577bb0acfb94aaefdf9fe816c74dc83f8eb3daf75fd77f8396d84ec2c734633a19634dba4425212edb2edb518bcf91fa39d5f668565f4ef8b8ece9dc6c732f5870990f4cc7e181490029c8ea8927631be521158d4a926dfe9aa78a1473c1b59b86
+
+COUNT = 10
+EntropyInput = b15a940b8005075c98d2be2a504f10731a4d88442150225c4ab5957d2f67baa7
+Nonce = 26ee6bd76b263c7a3782c3bad56cf30f
+PersonalizationString = f0764c484f3cb8400b9e9d0957f15ea101fa73c84a11bc4d3204166f7c9d7121
+EntropyInputReseed = 659e3a5bc3ecdb42926c1be020a110f01a095781501a5df7b537827e87deaf22
+AdditionalInputReseed = 8a480e1ccb3d954008766fd549592ebe07220fb311f40f3ea147a2cba96471e4
+AdditionalInput = ad07c7f6a55637086d0f4fbf03c85138d45d1b07c7333c23b84cde4879197867
+AdditionalInput = d454d503019ad4a5f8d99b77d331b9f9206b837a101bf1f3cd52ebb9b49ea77d
+ReturnedBits = 34e35dbf751aed03175a122596222ea390a63678b036e7aea1bf92101907f12101e8e77e18aa953feb61390641b894b5d9db1e53d72cb77e175ef5a3a922a3cc4ba815b27fd9e27123cfd258279d67281ac6e1cfc22a8e2e3d9ceab7036482c23fee4ed0839609d228b84cea6c8e95c6f806b2dea2d3a5c76ab447daafa668025c61093da525950241e08363861a049ba2ebdddccbd52ad8f743fd9900d8d2a64d8c90041e795b7b46630f6eb69ed081a7a65bb43e286e680797e5a611da2d0e75f5bf0999c9dcd915336183885e501a0301e34b7a13ad924a75f56d103303c7e6d982271fd30a6d49ea4a30585648a5f09ec790ec5070af585d56d0c0d1c956
+
+COUNT = 11
+EntropyInput = d6993401ec44ba675783ef67522e782cb33f9d2980f1f8b5794dba094d4895a4
+Nonce = e3395eee7122bf03b3a1fedac097eb41
+PersonalizationString = e3098148f33646d7572861f3e4586d64f5d5b2df2970b305a904cac2d13cf28a
+EntropyInputReseed = 9982212ad8b00aaffa23091208108dd30a5a6539f676f227db1f68e8f0baaada
+AdditionalInputReseed = 9166628d9a932c8bb7d8720d2125c07cbe13bb557e36a7c6cc18cfc27ac1582a
+AdditionalInput = 66a3a483ca4ac7e03c70ee75fa404ddb9bf043bf6de8a246111399c52d3996b0
+AdditionalInput = a29fb458c0465d2971b59f4bda0a81c02a96d58d64948282e6f29119253d7f36
+ReturnedBits = 30ef7ae97c99a893149bdd341b412ebef24f65df227a3e1a9d0e04f7d31e77115cda07522375113a686f1bf1832d42e2c3f0ae53b93350f6d08621896995085233e02d5dacec966c193544072a792a4256257280e42eeb844152972cc68ed4f016a0a75db18ca31ebd674768cac79423b079d61a0b6aa950d42186add02ef0d28b5c09524360bda274af0f4a6ed9ba465f46494894c5b7b02f974ae50b9702834398299aeac3fc26118a9ba8a6d4b19f778259a366eb262d8f93a3d25454621e2f21071c107592dc35345df2b9ff0f2356693db626670f401ad18786f9daa9a2a7d426566b3822c67ac3131b349ffb2a6dadd7110ac32516248ecfee167183e7
+
+COUNT = 12
+EntropyInput = f0d5b6eb43fef7131894cc9e7ca8c9122140da4723ab16444d4abc5184655e07
+Nonce = 16df8b4ae54188812b8f93eee07e1d32
+PersonalizationString = ff9d0568208d1eec79b43bc00a6bdd5c0cc86f3d43c53d64a9caa6e619092ef9
+EntropyInputReseed = a0be1ea46e520c2cc175da7c8f24d2edd665acccf3937a18a421a9c270fac8db
+AdditionalInputReseed = 8cdd3888d8fe646e758e0a43d47a3acce4b48cac4deb5f4ca224181de3daa6bb
+AdditionalInput = 25c8d649e6c9dd52dd264a58c7ee1cbe5160e1518ee288880fcc0ccd4ab2dad5
+AdditionalInput = 53828a4c568b3fd70f01a0e49a76d4f4c9b2710c3cda18d5cace8aa22fa99f2b
+ReturnedBits = 78230fff1eb5c5c62cbd5ff9d373ce57b377c0dd2d3ca4ea83ed21dfad1cdf51b5c6fadc83f66a2f38a6ebb5ca829f57a5e5f95aef8c765c76d457cf44a648391beab3bff9305ba85b75f39e2e6f26eb52c53c5c2785102a1e759f2e296b0c29ce4eedcda63cfa84f83323e2ba31af00d1b356dd15458d8da2a97cd2b696da5d008b1431bf9df99c81982403e077da35fc586b842584533ae99587f88046a5cea344f49783c80b75f316bebc584411018126e6040bee0800212638a8a7031085795fc9fb3c286909df9955775a89ee9e24399919b8c5e633754c2041cc346b7d78dca3d61ec74efe1ab3e8db37fefb704e3ec0ad8358b2a6001cfb98946dff8f
+
+COUNT = 13
+EntropyInput = 5a71f4701cd5e9f79e4b1f3a7e45d9721dfd2ca5a72ddc10518eb8e51c8e17cc
+Nonce = 940fc3d13281eeec1e69413ecb15a34c
+PersonalizationString = 71b7422b938e4460ebf7378eeaa59f70569a8ce7a9e9f4a8cf355fdbe637c59a
+EntropyInputReseed = 55ba8d09ef4f06cc5ea3f24a379e1df78cc4353c532370339f1af13f6b955942
+AdditionalInputReseed = b76734100d5fd13979c83900fa16fa7b201abff087a071ad2e40e842520c2f3e
+AdditionalInput = 4dcfac6238b1c2a38a404213ab1dd554d3593dc740b2a02a267496381091748b
+AdditionalInput = beb17eccdd995123cc7a562b68b964ad2f6b2c1b5e9ce1582032bf2ff5388281
+ReturnedBits = 43a384421dc7e14bebfeb9daf71543b15c356a9a4f08a08166e93f433c067c765a54d4e1c7086bf66f5a3e7ab19c3217638a03a15f1db3ee87c98012f4a260cb04ba26e0e9448e920c634eddcca86617273e68e46a511d88fcbe89df6372a9ffae5b1ee0579163538f94f330ce2eff5b8a28397018c02fe68d36de9788750faf2875c0e5a840727d45ad6b169359cda0971a511fe64820436598505192ca1aaf85958d201936f2af505286473731d89a1c664d4a528c25b334011184fba1fa6161f1cd58798134f9f3f6316db951bf6be1a11b0661eca2375009ee1f836a20f2897bbd8826649228c703d1a7660f4af2fea012c3ceba1870beea525b6e2311a5
+
+COUNT = 14
+EntropyInput = 2c482cd392d9b8677ff319a7ad539cbd8a24ebdc2b8dbcebbc1d1d0d0bcb698a
+Nonce = 27cb9fffccdd7a3b2856fedd6817f1aa
+PersonalizationString = be95711754beb1b25a46d504d19bbf44232c39533233f6ea84140ca1d470fb10
+EntropyInputReseed = 4f39a2b6309af32a1c721bd2a31a97814807644303b1d132239364a36d266f10
+AdditionalInputReseed = 947d7b372c909eae57bae64d7a9bbf75234f5cb05c093927037f632dd8567693
+AdditionalInput = 651f03a8023434b2af28a1fad94b31910152d49a1bbceae32bccd74dde60d92f
+AdditionalInput = 934a97d6ee4685250ac5e51159e5bcbc48a6f92c7ce7bfd1c61d0e7b0a0e7f61
+ReturnedBits = 77ce58af822a11f1d6dfb2be246aa6549e4c089e1532aeba3e6f13d19635930f7024f94399ba6c84dfa3cd9c7806d7b769c096d33415a56be1096618d5bd80d7d649950ebcfe7418e9f233acdbb7c2ed3681f5dcd07e741eecd2a4675ac8db7becd2eb77f164cf5c7672a6e9e619254c5f231c85344c3461fadb5f191706dae9fc2cb5d61c8b36b3e1af3e82cef8e2a9ca76fafbaf4d4bf9e0f9b0cd5907d4069e0ef4e1f11a259963c9d8282f36b27b75683958a165073e692dd98208d6dc17a791fd9c3dd54554ca6b656750b77b1961c917f486ba3dcffe78de2b346cd38b4de234af1a3566ccb86b7614e99d96624ab3919523dfe9381dd57d4d00f00b6d
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 260d86f8b7ee3f7dc662217be46ad23f12b12078cd8f7135
+Nonce = c7dc27b23f994a1e88db890d
+PersonalizationString = 
+EntropyInputReseed = fef2179e045b8d0bc299ccb96e270c01250d2bd315a7e9b8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = eba8851530bbb11b07aba83898e2d9bce4f94080f2547b088f609582b0ad8274e9e59cddc24fe5709d7b4eb83fc66df0f55e10647350807d708a105e9d0a54cd16771dfe2e6915a818a8fcbd0cf0119f869e343810cb1a0ecd83f70de10243d34fcae5f0d8bf568bdd5d1392a82b52ab
+
+COUNT = 1
+EntropyInput = b3f6af4fa2560f54e46dfcdf4bfa3276047a6c6fcdb680fd
+Nonce = 9f01d50c604b43c8fc1c8c47
+PersonalizationString = 
+EntropyInputReseed = dc82b6024cde6616b1834f60c0dc7de7d24a19206f718a52
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d97d85f3b35ac3deb6b988a9a0500b813e9667f8e8b985d3745327f50dcbe6a8123ac41c8815fcc71273a7d3a2328abb0b2c94120257eaeadafdbdefc6d69ddba21d903cdd16f260d37163cea9f250e400a3ce17dde6e71dc6a64fcae60fe568600240885b925cd0ad1dd2a1206af12d
+
+COUNT = 2
+EntropyInput = 97b40741c9b32da61852c558e1ceb8a3aa603f3b2f996063
+Nonce = 36254e2be63275ff194672f4
+PersonalizationString = 
+EntropyInputReseed = 66b8dc297de67009e750696a50986606270dff524a030a26
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e6f533714c266857ac525e2463374c75664c7ea85027e1c3c09a6fadd9e1458f3bc07eb243ba49704ce062f54d3daf520cbcfac18eae07eaced0884e44d2e60ccc295b1692536a76f4c95d45ea44c5fed8dfd8dd2262e3a3561d5df34597b472a13d961128b7d06dca702f359e1fdd59
+
+COUNT = 3
+EntropyInput = f1df3394202ab67fe37676df884f8e2a20c5002fd132afad
+Nonce = 56ff2368eeba58d3cae98451
+PersonalizationString = 
+EntropyInputReseed = cadfc9c6e0644993a0a98fbfedcbf899c49d0a95a327d959
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1d315bfb00c9ac1cab6daa84773de2d340e02399aebda22328c1bef122610b7620c4adc5acb5513d3ec11714e70fda8fdf94b53c3dac6452f61d7f64773e99b9118c6dfaa173343bbafb13aaa66ee788af71631e9dc3d94e69d4a775203a4b95df73193f36d46aaa5f65b46f5f25f5c9
+
+COUNT = 4
+EntropyInput = 06301f14293e1724b7acaa465e19011a5ef78e74249cacc3
+Nonce = 87ca9d1d60482e107fa35289
+PersonalizationString = 
+EntropyInputReseed = 126659528692d6a14e2608ef9fd018163144e85056f1c769
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d49b7925e68380b4a2a9c095779eff01c5831e4f61569d77c16c1d0dd8eec288300c75ae37acd297b2b4cfb5a30077cfd8a99b8d838f18e5d5945285a1a8a394eb8183bee1c83908515cd35cbf92092a29f2197b75110922b89a87f5e0943dddb7182f865e2fc2d6938e6fd009b95899
+
+COUNT = 5
+EntropyInput = d72de2fb6840bc8a5bfd546d22d1d54ee72d8ff87ccbdfab
+Nonce = d53f5b44a00a24b39565733e
+PersonalizationString = 
+EntropyInputReseed = 977db97f0bfaf00530e3eaceaec0d0c4e8271f296cff40c1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 20dec880063cafcff6ca985fa1d4a780bbaa56fd92b283950eee094da9680bada6089fd32481d7fd98b96d31230ed86bd6d70e47562f6be438997475789b9570284bc8fd2227ef71a3b19e8053cb9f597fb115642808c95ae25a9e757c461a4005eaccff042a2f0402d9e4b43a404e06
+
+COUNT = 6
+EntropyInput = 245a7070aae3ea6218a6de5cf7a55a3b3732df389da61ed8
+Nonce = b333d2820e77f6b6eac05c05
+PersonalizationString = 
+EntropyInputReseed = 02bcf63f96bde3128ca400f9b0ca7ab710f931f597e20fa5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0fcc18bb1d43adfa6142a35911bd332d651940a265ab68d5c4154143358465da44d821d6c1c73a6197c8ca1dd80369acc6d53b45e5747aaa79bdeb21faad1b945245b7bbb9fa750e847a5135bb129e39fd7cd95edcaa1310d89cf8160f472dd3a87c706b5342a27f8ff0faac6d041f1c
+
+COUNT = 7
+EntropyInput = d12dc5d5df2ce6a3aae3cc2e3a7032a20f8fdf0a3ccdedd0
+Nonce = bd37f6b5370037f1c24cc881
+PersonalizationString = 
+EntropyInputReseed = 5ee1a765b59a89cb92057a25f1c961bba92a787d49c39700
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8220827ad52f9a8b64de24aaf08c2ca25393a8fde1480dd04c79810f026defeff84eb92daf405241a9559010b1910f4c4d52333a046b935f1e24ce045028bd2882700b9453cd3b8c65ccfd4b83a994de2c0f67136e753bd9d7f0c911cc6687873d42e5f4e8c18a82049fa8e1b0e7edf1
+
+COUNT = 8
+EntropyInput = ce55f83dae31a463776c991786295308a09f5d3bd7e48401
+Nonce = 5a4051f94a007f63fcf7f81d
+PersonalizationString = 
+EntropyInputReseed = 9d176d3368521f675fa8872da695a4c3500f5dc5d2476ab0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 586883544dab78fd5d4f5c42f92bbbb7bcec21e4f6f561248fe3a984b594637f799ee337b21375ad764d3ff2fefaaff6dd8f545f8e998bfee5f5146311a398f9d52c993c9f76d63d7dd397fee0f3cdb2b92c3a7fee18fd47e37bfbb095f9cdc0b10ee143e7beadd13cdfa64954c5a7b3
+
+COUNT = 9
+EntropyInput = fb2f10748d5c8533a5e4973786466e50f8aa9c5ff391be6f
+Nonce = 96c9f4c90047edbae19eaa31
+PersonalizationString = 
+EntropyInputReseed = ea8aa3541cad8d6d83f529220e094a01ae4338af632f011d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1a5163ee055a87fa25adfb0b2aa85d5dd2ae8702fbe05c5447f9a9bd92c649d6444674d8c88ec9a85e33e0e296bc45a64c43c7f610f82c90bce2d13a3d8635e59f0b5fbf2e249e69ff22546241aa7d71cae5c01ee26223020ae88af9b8118ebb7614406b25c5194fa188a82e2ac54a20
+
+COUNT = 10
+EntropyInput = 310141c3c35faaa706adea3091a10d7553e1c0a931e3465d
+Nonce = de0104cd4f2c9ddf4dbd8121
+PersonalizationString = 
+EntropyInputReseed = 1a46bc6ef022e24e6de7e705cf7fa37dd5a00615d543e083
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3542c5a6bfab47b826c3f30b3563aef746d4e4fc58d4e4f13e3eb1db59dae1e3c6c1f877e5a1ba7e01cf8efa82df173dda74e6d0e0a571b6ac2b09bc646557eb3947c592fd46484df4bb6dae97ec6a109814f36e9492b4abf764fce534f99b4faaed0b4db11aea12a668d055100504fb
+
+COUNT = 11
+EntropyInput = 4fcafb00bcd3d00951e7b22659beee436900f224c4b58016
+Nonce = 31eb04342260a7a5c157103a
+PersonalizationString = 
+EntropyInputReseed = e747638b74b7e2418e0078c3130077729607c65406b3858a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0e8a6e2f1c8f553dd8a7d0e841415840c70df90cdbed063df0a1dc68311ecf1513a34b8a778591ab58388f382c97fe82e37156241ad2d592a44178d2fe95566141a00eb3f681268b6f35a4fb74a6c399b2bcfd0663243de955a7ee3dc0faf7ab4debe90e0230c4eb160ea1560e4a3b94
+
+COUNT = 12
+EntropyInput = b8865e9e77ce1c2782bbdea529693665427cdc3df90d4a74
+Nonce = 4c324f02e39d00ab05bfe626
+PersonalizationString = 
+EntropyInputReseed = 6c9d34501993e8914b547adca292e09f15042a716a649242
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5673ec1f690d9080a216ab063c73696f7404a1e354049eb1987df9d85b39ae2c9f84d241d3c3add85496c7c186cf5f16959e593f43c40da18a14de096e5fd37baf609c1be1b525fbe8364b2053bc4e75db52470115637dd22892479492ccc4420ea3452c760e9847c7eaab11e7bc539f
+
+COUNT = 13
+EntropyInput = 23c8444d95fe346ca12be34f440280070d47883ab6406cd5
+Nonce = 38b303f0f939c9ff4e98defe
+PersonalizationString = 
+EntropyInputReseed = 0e74c74a56237176fe84aef5f05a5be6f7474bdac6d49f97
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 80404b790ef337c274ef914d95952b5d7536e4079ebda64952a034abad9dc01e9358ead4fb5319f5393d30b82c2eeb7ed02906b57f4f82bdf7d6f6a3b973681f00c42b2e5832bffbdf5a57829aabc399c627a823d5fc2dd282d8a1485629509c13a88fc29a97022b7935a80725c3440b
+
+COUNT = 14
+EntropyInput = 4b0d4b4ea1c100937b9ce9cebffb9c18c45ac1a69ede4d28
+Nonce = 122adfa9f63141d87c75f310
+PersonalizationString = 
+EntropyInputReseed = a2d3e1403c01d81100d3d580ae67807c9a71efe7a31ecd3d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ed855d5fcfb9befdcd771eaf0a570c37aa43585480bcd6a1af9e97e4fc57a869fca71e929c98866a1c397ec0839bbb94d12d604d2235b568663b436c4b5e244f160dd7f854aa55528186976f558143bc24507d1d58c3319264ef05b1d12950b71f11a7c931dc9e2cabeaf134b26dc290
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = aafd15ebcc9e8f166f6fc0a3383f2f8bf251ea961c3118b9
+Nonce = d91d6963b545f1bc96411d03
+PersonalizationString = 
+EntropyInputReseed = 51b48d4f8128270db78a2c89559b20e4aed78378a6b7aaa9
+AdditionalInputReseed = eb8539d5990129baa80d38591fd2051a7177b4bdb40aeddf
+AdditionalInput = 4790e6708b44c18cab523aa7c0180a250a3a6197e194890b
+AdditionalInput = 653ff208221b287ee3b7d9ef43ccbc4697ef2cf472ecdde6
+ReturnedBits = 3bf977fdd710bf9624386cf5dc5c3374f2f0e89098f6b7be3a95b1c74523b8456e8f00bfccbf92036007f288ea2b54322c69b092bcc43296b81ed61b5f785c40b94a019bfd6a8514b782e23d9bf153987a7ecb68f6f64af60f1bddcfb57c759da57801c6ef5656bebdcfbcb5615d762e
+
+COUNT = 1
+EntropyInput = 5f2fb6838fed121ff938c8bcaa088c4a09b1226ed4911c09
+Nonce = ab73cbc9b192e63f00dc7e30
+PersonalizationString = 
+EntropyInputReseed = 2a337695e7256648f25b2cb7c1019c8f4506fc6d2f76fdae
+AdditionalInputReseed = 7a011ed55d61b9cdb542a879a178aea7f22960a7689007fe
+AdditionalInput = 735779b8ba8f8872ad0a9bb31f975de2a49902615cd95914
+AdditionalInput = 129e406a45765eab1a91e902162d6aad2fcea15071df3942
+ReturnedBits = f3162b96264f53b4781ebad35eb94e97be464d07cec465cf436019cd12f69c0a21367788154463cf8cb7c131f47737a0a62665a5e8410a0c9af91395320ce9c2ba11e77098027e469fa3e9c4af5edcc3be909ab31c1a4c1a6a5baa5d5f9b2ba2c52cae5560734e0449616022dfc2aac6
+
+COUNT = 2
+EntropyInput = ce905d2bca6b7ced2ba52b23c1d351d0f54d4ee28873928b
+Nonce = f52b849e7ecc7ffa1a3e436c
+PersonalizationString = 
+EntropyInputReseed = d802f22d4fd439533f39335aa7427d3fd04c434bafc18042
+AdditionalInputReseed = 66676f381056b51a79254db590c2684e51f4e64df565d84b
+AdditionalInput = d505fa87f7aa533b96dd1951ab96a33039f91005a0ed4d6e
+AdditionalInput = c89ac0bde33b6b738b398048db0d465c58a157e7a51a2ab0
+ReturnedBits = a20a4dda15eef777295108ed561d82bd3778c0ed5960e3972a23bc0bba96ee0deb21af76ea87e8b5e913d423917d716b5f7d996052338ea1f64eff31ee4bb022728f2f2aeb37d527d926fa99f8ed07be582535b445795dd19addf336dcbf6f5d8de9d7518051dd6a70dbbac3c6f85dd5
+
+COUNT = 3
+EntropyInput = 98d6b89ccd5244ac9e766cdf62ed018624b76629dcdd7794
+Nonce = 2fbc567aa417fbb1cdd26535
+PersonalizationString = 
+EntropyInputReseed = e1c598de6cec57dbed8195c366828389f1296900a02ace46
+AdditionalInputReseed = 41aa79197d5a882d3c49cd3d302b39e68aee35d8ead7de4a
+AdditionalInput = 39809e9b2d6b6c26f127edafceaebb72884cb29dfca52163
+AdditionalInput = e3c81fc45569c9a5d5913fb1beb9f4663475b2a4af596ac3
+ReturnedBits = 26ca3a639295bdff8c5cd4aad8ab5d57a0dc13a01a1dffc734667e94315d06063a9b97442eaaa47cb00a68b7e69cb1d37a1b53d25659b4701213cecdd78326b4e0cec4557e6b20a43f7482e990106d04b1225ebccd0181d86c1b58e6f9677e2d5260706410bd1bbaab77fa9b12671418
+
+COUNT = 4
+EntropyInput = ef6fa238aa4220ab6d0ed23852d268f0b919381b00ec737c
+Nonce = f6eb7584b5aedd1fe198137c
+PersonalizationString = 
+EntropyInputReseed = c894218a1395c7f8dba849937d7e588ca265984373c69aee
+AdditionalInputReseed = 08d8ff4ad58d7a3841df0485f0e634839be4df971e43718f
+AdditionalInput = 567e39490ef396b60016cb696ec1c4a8817e845abd2dc594
+AdditionalInput = 7ef00c091f15ea34a22e0b0c82b0d7b25a3dd7f4e1f53bf5
+ReturnedBits = 47dc5b0bdf633310a6f770335add1d1aa2dd645cf3db665daf147869b4a50333a013055aaf918f89c302bb8e02c397f97cff729780492301459f4800c63c99a416dba4e7fffb349e24ae99d37f6b4588de9d87c802eb16d0f9b7718b37507b8aa7d4c8173eb516956f6a3e6f128715d4
+
+COUNT = 5
+EntropyInput = 57778d8706dbf6247edaa6ad5fcb6488d579b7393cd2ba30
+Nonce = 86da16e3ed0faa7562cb7b4a
+PersonalizationString = 
+EntropyInputReseed = 89116cf64ac8af1a7378a53f3aa4be6115d77603051466d2
+AdditionalInputReseed = f2389ae8745afba8b79db93800d654ee22aae2b41ef705fd
+AdditionalInput = 1170cea2213014db8dce370fc58384e98bab5983096fe17d
+AdditionalInput = e83ad4fb888d106d41936b87e851da1917350e7b08329b41
+ReturnedBits = 914b1c1b9eccc48393d10378f715ca355d68a2e66734d1d0dcdfaf5594fcf79672e4612a3f2ef34d78ccc3899c8d6a341f7d4a82f166a17b93d457542b12e60ca983f27b6ea290a0d63a3f6ff7035d90a2c3cb92fb3229fd7296501e7914c7b8ed0f2fd5e514c94ba5f78da40db00800
+
+COUNT = 6
+EntropyInput = fa9299b00dc5383a12b860686dc584f625c401f2f86c5126
+Nonce = f02a7359711321a489614af7
+PersonalizationString = 
+EntropyInputReseed = 1bced3f0c546cfe2317bedd814651770a464f44123a093c7
+AdditionalInputReseed = 7d6cbd47d4e35f1f3df74e5a14fa4a8f124ec2fffabea2a9
+AdditionalInput = 42eb1c045d0cd4793f848ba5656f2c7eeb40521a750a578c
+AdditionalInput = ee02060c4351460154074ee2a5b3319e0d9f4b65e931f1df
+ReturnedBits = f626c62ff767fac54f691926f89e9f0a91f875a1b23af743fa91006f2d1fa7fa3ff21bb568e83548cbde8460cf3d490e43cc159c9a1ba1a8ff1535fcade9017dc1c467fd30b5898e015daf4f676b23938e9e3e3bda9a6596676302cdb9a589408dbf075cea7626dd888bab32b70cd06e
+
+COUNT = 7
+EntropyInput = 70b467c9eda81a9a3476e69dd9b341ac9c2ce8a00ee0d496
+Nonce = 4df0a4773acea5762264113c
+PersonalizationString = 
+EntropyInputReseed = a1a7a4af68ed91eca34118928bb63ea8b30fba6cd524bd45
+AdditionalInputReseed = 57bc1c3f07d724a3aeb4b3cb78bc361df23ce8e5b31d10a7
+AdditionalInput = 67ea718fae8685ab54206bbdf7e39d38a539275073a62c0a
+AdditionalInput = e8d2d8b97f429b4f76bf91d16b157d3bdc71fecd6d73d0b8
+ReturnedBits = a6b9e0c6aec59c7fd53aec5bb3d9730acd189d26baf6436c3186f623206e99b739bcde9147541b653635ecc82cd951ba341b1a258d6c0c6f680cebc645ef6c140abbe4ea052c799400b55813e5baabf3b3bf7483e6b9045dbe9259d8161764e909c4d66f3b876eccc31e278462cacbd6
+
+COUNT = 8
+EntropyInput = 9d88418d3d17faad8b12815c512d5fa4f0dbc0545c8b88b0
+Nonce = e849b768266c24d74f527fe3
+PersonalizationString = 
+EntropyInputReseed = 68b7db03a26a704f2d1e838bd0300452de5dc9cc6f9fbba9
+AdditionalInputReseed = 4640cd7e27ce29680f3664361a4b2db1112687a686b25ad2
+AdditionalInput = d10ace012a794fa8711548ea3d6e4e7919a4dc0199cdfd90
+AdditionalInput = 60b5d266f84a8db1e2b4c534c5744a811923093e17588527
+ReturnedBits = 82136348db26c1815dde2f0d8b1cca0a2167133faa7580ca251f7325d706bfe0878f9e7ee57c259f39e18a1bd6f53cfd6d070ee2fbeb5b67b46899769ba56d8171db52abd9713cf455aa82318e12b9264b22768b57d07bb6a6b7bf29cb41b7b64102504e9b36b6d09278ec3905ec1606
+
+COUNT = 9
+EntropyInput = 85a430ad2fd37884e52ed8a1d097e37f9bccadece47ca353
+Nonce = 53f17a149e14c6bf126f8f7f
+PersonalizationString = 
+EntropyInputReseed = 0d761a17e98d1ccec3f0ab3241b9d75adb9b612b56be4242
+AdditionalInputReseed = 73dfd15dbf24d81d58588a932af8dc25bc49d340702376be
+AdditionalInput = f26ec11ff9cc7dd0385f83f51d55c23ee7cfdc8bbe6182ec
+AdditionalInput = 1c2357b72c058718715cea8b06155750ae5191a32247d48c
+ReturnedBits = 08c1be569a3b619ca57e7d1d0ec3769a3d423a156edede855bdba38b5a0b53c7f91bca0125ae0b4ac2d01614d9523491a762729d9f575b222d0fe683d895f40a3a74d8ff6ef42102e06374a838af0f2d15c86bead54faebd7882698d2b2f4df665f8154a591c003fa869f25a4a7e8591
+
+COUNT = 10
+EntropyInput = effd176fba3d9e1c275579b07ba130cde571d0c6676318d8
+Nonce = 506d2b8004a79db1c7850fe9
+PersonalizationString = 
+EntropyInputReseed = 1b310870da923bfddc2481af1aeda060faff5316aa7ee64e
+AdditionalInputReseed = 23a0cac5de2f94a57273bba87d87490250fe18fafc728918
+AdditionalInput = fdafbcb85469bf7cb5fd581bc6885900837f2545dabd1941
+AdditionalInput = 341b60d8368300d8b2c81f84d3fd07d3c6937d7443fab12a
+ReturnedBits = dcd07c0abcba7482a64c83eaddd12403d93d59c611eaf41cc311915dd2923c0bae9a0e66be7db2ff264690e77960d9eb37a0473446c97c078c33822202d34929293344757f2c87e74eb38e4d97c72effa36ec172a422cb2aa221bcaaca93e682ae4cdead8bf57b80f4371176934f5632
+
+COUNT = 11
+EntropyInput = 8d4e4414c721d7458be0c56adacc1d1fae36b83fe2956436
+Nonce = d10546cc598b6993afe6632d
+PersonalizationString = 
+EntropyInputReseed = 3c4f869b50b972fc991263e72040a79ba4947d1d11fabc3c
+AdditionalInputReseed = 70c2394138f59ba60247b717d4b4732deddba2617c01e876
+AdditionalInput = 0a1900ccdb35871ee7e6db0ac3e95df2bbabdc39ca0d9042
+AdditionalInput = 97ace36cd3aab76c497b5730b2e8af14d30bc6c2686d6da0
+ReturnedBits = 9113b573250b64c0a33c851483ff9cb11ca0c6f59bea79c32774629a7b3c72cd7752468fa98b168ddbd8b458562d17de79690539edfd20c91befa8136d6efb88698e5a17933400f636bde5c041e4b4f955b05479f57573ab986fb7a9d67a973d48ad191258ad9fae563d69cd225f37e3
+
+COUNT = 12
+EntropyInput = 7ff5f6e0383539e23150335f876ce2c285ee1046e9f085bd
+Nonce = 6b4e62f5b15ae3223c3b73b8
+PersonalizationString = 
+EntropyInputReseed = 71a7bde9c0de7944c0e38460c7004819385b24e88fb2a384
+AdditionalInputReseed = d190b9b14be08a77f05ab71e3f27bcfca3129b09dcaff8d5
+AdditionalInput = 7892ccb258e758b2d67448166b8f543219f63ae7d51c05eb
+AdditionalInput = ae60ca011bab549b1c349a8449ac87db4d9d0c9a0ebf52ab
+ReturnedBits = 6a97ba88bf73e415e2bbd07d541ee6aa7d5f5a87b96bf55850b19a7422a9676c6d7809c1d3807aa43babb47c468f1b8efe3d6360b6fc1b1dc28f71cb66c90fc9fa8e6f5843dd0918801e71a5fc8a0bede29ea8f977a2c3de41316ab4f96269372b314900d354a137873bde40d8a5f8e1
+
+COUNT = 13
+EntropyInput = 57ac65efd64b57b2b9e9e48acbf9a77f008811244cc1bcc3
+Nonce = ac13d6534631a03506e0ff47
+PersonalizationString = 
+EntropyInputReseed = 7c844d5954d4eca49215d58b5db571b32171099c3aff4725
+AdditionalInputReseed = ac94b68edc51edd55276dc4a79ceb0439ac26aef824b1c3d
+AdditionalInput = 76cacadca6d7402546413f923ebbf9b533ad4df9f0bdaa09
+AdditionalInput = 0d0bdfda9c7162ff5f3cd9bb2e30a5464a2a978c13126ccf
+ReturnedBits = de12e11e042aa4aa3e2f4c2559e2d084887267ab260cfe6f482d73ce59499006ed1846a459528cc6981bc0ca963d0c7c70970842175096e94d509c1dde65475df1b147409d27fdeebff03a5dfc40b1044e837388c4c7266a93bfa792089d731d41592acfd995fe152fe9b93a23007158
+
+COUNT = 14
+EntropyInput = 6bc57a30e3111ced90156998d6b9ecae90567318c509a734
+Nonce = f55a13e019976eb01d886cc8
+PersonalizationString = 
+EntropyInputReseed = 3426a9046f4e288ea649974b0ce5766fed59e16e2a55567c
+AdditionalInputReseed = 19e6ec90e11c450e33b89ddc84247743f3d4feed2514f0e8
+AdditionalInput = 8267f1ae6ecbbab8666daf4ac254a1b3d78c0642c69f2f41
+AdditionalInput = 289cec3ed5686690ee2f978798388d134211cae8b995404e
+ReturnedBits = ab3996fbdaf88f8a868cbb31c2abeff0234d7de6672c208a0ac7546bd50b2924002d8c300b9b0b0364308c60208191e306fa68b78d2feedad9cf4a61e5b3f4c90524f38cc091b11284de7fe2f1f209a01db82e66f169764b359f46428986303d04f3fdac650b3d3bb2931c281c4073ad
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d91a90376780f37d2d6d77afb72a569f1a754f4062079d63
+Nonce = d97e7f4aab4d0cfe416f1741
+PersonalizationString = 0dc3f7b7a4a4287546b5c6b75f28dc54356eba97977553f4
+EntropyInputReseed = 1dc951da88089f02be08c40d4a22e8f2cadd0b372d74095c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b596ba8ff6e6012319fe322ffb7700cfc33a368682f53ba6df5e835e9e52fbeadc3043d70d540f5324e030d07c9b930b6b6bdbb198e04ca0ff3a3b167016c78b612b4e0c94fdb87abf52033e6153c1331f5fb52f04f7051e7df091fcacfa85f5fae555401207c1a5d64d504562db63a1
+
+COUNT = 1
+EntropyInput = f8aa1dd61e3893ee4c8e9519f39486cde1ce14f6770f3601
+Nonce = 9b538dd1551aa1884ed7658f
+PersonalizationString = 30c0500b7a779b5bf7e94b306857bd151a956a1de09d0631
+EntropyInputReseed = 5e575514f00ad3ffa1d7ad7070d68d3811a1bc999542e4d6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8bdc79ed30b65fcf6ee9672b57a7cb9c6ec701b8b875bf8228297989a39adfc86340d4470accabcbde90fcce9a80a6bf4918997ec2805e960822b44aa1d89719d0a545d9447057d59784a61a4c1a6ca9bf940c5c82e9aa8ca9c4b9fec81f2e33039d6bd7719fc39832d565ef06e1f7b7
+
+COUNT = 2
+EntropyInput = f1ab044f02683bc272687d3be80c8680c7a135d09b23e4d4
+Nonce = f33671d7ad9613b0d5f8edc1
+PersonalizationString = 34a492e66faa93a5c260078a501a1025e4467774c6a8b412
+EntropyInputReseed = 24bfe175dea97d869fb0f710afa3d59326e171f3800eb9a6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 60c6eb80f8c4c1951bf50283289264a1bfb99b90517e03cf5ea9f6d3ae1b8e8d7ccd651b9edda76717287230dda0509dec09400f18ef9c82592ab2297541ca1b7b67672f58ca1095070d08be67cdcca1690d50e7098baf8a74e5febe5352ff8f75c0b27757b90830429b7e6cd15b3438
+
+COUNT = 3
+EntropyInput = a6fc1c6b1d1fa25036852df44835832212a433ec0b36db73
+Nonce = 5d715846aebc84b94e1610ed
+PersonalizationString = 96e2a7dd8fe39f08b0ea564b90ed49d06ca51d9b34b9eaaa
+EntropyInputReseed = a8f2fb8f4280f6d53b6cefbee6b965aff3bc576ac81cccea
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0e4c32fce423523c4e9ed745b6b7e4d768fe92366f733d2e09ae33430a6433ae238c798a1a1fb738d4e1ba614c028be64d24d67b9cf885f25e34a0975cb849e6c137fd3ca8050511307dfbbc1b7a7d806e2d4f2a418b375f5935b28adb6f7afea8dfd6e8cd7d5447114bca56bd76d536
+
+COUNT = 4
+EntropyInput = e4f9fcb486bdebf2423ca2a6454e5353d8aad540d8f3200a
+Nonce = 38a76e69d8107a0577baace5
+PersonalizationString = 4dc84f1c92aa130545f896499534f0b5d73b3aa0b4093cef
+EntropyInputReseed = b28118bcac8deaf4408fa9d084a6c0d46b07d5d6059a137d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 199d829a04a2b1f59195f43fc71e67e3512001e576ace2d3c326a3eafd813097d2ed9b71f7e59d483fd7d433c23bc10cfb49c592c786a333570171bf9b30efa6bb47bf26baffb988419e561e918aa172504b5c5e498bafce77702030d5a5b2d2d5e94af93a2d004fab501565eee3ec54
+
+COUNT = 5
+EntropyInput = 3c77efc9366336e64159a19330f15a1a12d7b9a1d432810c
+Nonce = fd7ff576a1565de03c9dbb2e
+PersonalizationString = 69a521cc6d6d70ef60a025389f360d8ee7ed9fe295c0c655
+EntropyInputReseed = a52f7795665eed76d31474d39e35700bf9d1398f96a131fb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a8f90dd6a08ff2b9e4e01ca7af6e52fd52183a2d95bf4679121eee66a2be8d42e644866f698a039297c707e37813076e253ab7299adb7b2f6de4a8a2211db99546837630a1029254eef757f00e981f5dedcb0f47e723b445d3ed1c18257529106114a60831662916921afcf8b024027d
+
+COUNT = 6
+EntropyInput = 70bf635a30dee0a7920ba22cbea51e6c27510e75a19439cb
+Nonce = fbd6f5b79572df6da4432656
+PersonalizationString = e45a08551de4df3a9edd922ed14f15bdf84a89e285e2ceb1
+EntropyInputReseed = c0e6b0ca6b9273ecd12d320c393a92ca159062ff29374b72
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4198f16229a06d4d8d8ce4a16aaf6c0d566d2ab785d85fee3a3e7bd080db45ba0c832d59fcfc8f0a24b51d70daaa3d8247a8295d7c3dcb9df59b64ded2940ae634e8a13e0895fdaabb320266b70c42a9720ee1e08ecb911f6816e09bb350e1bd427d73bb56e2da6247f6fd16a5ebee6c
+
+COUNT = 7
+EntropyInput = 67a47b11ec380a3914b0ba05611fffec9063ccca639d4dea
+Nonce = 04231a04d8e45e7e6d6efeed
+PersonalizationString = aa80da2bfd91204f750864b3e0fead8c307332aabc7b3f11
+EntropyInputReseed = 4c6a2f75ac68046daad8c09d664ad9ceed11cc50127516b1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a695d30435482cd2357140d81309288b66b9894697886786e5ac4be0b1c9bff5b21c07cf1b64a36cba4cf632df3cb15a41b8a2011d0a144254ee5f1733bb2338a8b7cfd60cdb6879c77566064ec24c91f3d175f3a8b29b9f01f09ac422dc33f0aeeed50add32cb0bf95d88429e6e814e
+
+COUNT = 8
+EntropyInput = dcb1138dd105ec427dd3894bc517313a2733b6d9f08519ba
+Nonce = 755ab3ee1db71301a8410b4f
+PersonalizationString = 4f429c706bf8a87ceafe3e989d435408259298ceacc16e97
+EntropyInputReseed = cb9e14f97881a274895d4fc7a59c3e433d46cde3d38432f7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6078830c7aa176c1c6e84802a39c414fcd80adf1e2478bdb64897dce10649c34ce354bfef921da12e5f48a940a71acf9b7d6cf831277aa3c30b22e654064df8baa8af2fd350ab0ecc58d160b5cb92d946870ecc28cd57f725c1fd4abc23fd148183f36790b1be978bf13170a898c0b5a
+
+COUNT = 9
+EntropyInput = fb1550ba3d1bd3104849775fe271856b1fd8221b1e6a86b9
+Nonce = 4ba9c64c5c985f283a9c4e61
+PersonalizationString = 8dcf24d08dd243d5173ab34b1e1cd82fe02c6f11e4fb34a4
+EntropyInputReseed = f27a12d5f5d18b2889bc982e70b24e30c33d3c821c8bab83
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7aee4e3cc5c7cc706055d87b9481c37abe3004eb13f7567e69d3400091e26566a26ad0bf7a71b0427ca97ca197ea26eafc883ebc7e87915d0252b474b07cba5b1962a939d98bfd742ed8d3873cc32fd68de82d224bbaafc36314028b331d9593484ccc53d7b26c2c36d120bef40450b1
+
+COUNT = 10
+EntropyInput = 94773b7812af907f59f406567e3374fef667692a06a13c35
+Nonce = 7d52148313bd6552b763a010
+PersonalizationString = d52d506d24d72fa4a1b9741ec8a43132c948af064afe2789
+EntropyInputReseed = 4b5a0f91282e0a031edbb56cb9521dec8fac84ca42af15c4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4a22d5817eb531c92e99245bcea04b4e09e763b0ad74025ec0951e146c7f6132a676a081b67cad77e667ecf4b0f0b0aee82ca044aa30a53825c22a804e09d9ee744bf9c133f253fdd226d47e38f0deaa00e786e972cfb3fe43371ec8c76ee89c5917b7197756bb88ee582f9661d4c53b
+
+COUNT = 11
+EntropyInput = 5a6de71a6b06ce6fd5e835bbc53369117456e262df9179b1
+Nonce = 27c762aed7a2cd500e6e0e9f
+PersonalizationString = 1b5ad0a986d2c420651791db67e7bf10577d26bf8ed123be
+EntropyInputReseed = 2da586a79a96497df9464158590b30e48b63dfc58d1bcee8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0d9c0f4c94320dd6af02cd9a944209a21e6e6732f3bcb9f90b5583539d357c2bf92565a7c96cde5a91c04cbbac195c6ade403732e30a4251b6efff1e88af8fd9c628984a82a0926dde3b1c3a9646f26f77be3be27b3c3e57d5172ccac418eff30cb5f73e7b138fe08aa8af627a76ffbc
+
+COUNT = 12
+EntropyInput = fd9a49f3e86f0d6ef0ad30b2e9a2c12a6bb1748b32966f29
+Nonce = 60e6d09b9a970d3d8257f095
+PersonalizationString = 7c8c614411f183e805727d86a3451a1c03ad690ce6fe6cca
+EntropyInputReseed = 852ae97714c3102dd77d961c99e6ddc76c7f2b92770ac3b0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = af94022304bdf8d8129c72b5f64a7e9df07d71cf58610cbe2b0ab0b926629c1d2c9a5bce85d7018e85e441d669934b531264fe757939bfa7364439d567dbe5557d9c736c75b9fa798193f0b12d941b4c2e08870df2da80f6625718d129f219bf49b7e9535f0e605250f5c7cc8d31a190
+
+COUNT = 13
+EntropyInput = f095966dc8e8da6659dbc84217735eafb2133d74f5bbcc4e
+Nonce = 02631592daa0d1f1fb4b4a6c
+PersonalizationString = c7e3f29d3dc35822cd6f4b045fe29f61d49f7f981a0c2475
+EntropyInputReseed = 5ab8efff2022b84883533384e6318fe8ad1066649f9695df
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ec4b922105cc5473f3b249eba0972ecdef3cb3c6cc69390e3cf58aa048818cb8954ad4e3470d6a1f018541c8e7efcb687fa77f35072fb13ffbfc8b5155e908169a5ac29941a0942eb78c3a6cb6ddbaa5c5942f0fbf67d6c539df253b7ec7c3829439ea0b5f1803fff311c2289ecb8048
+
+COUNT = 14
+EntropyInput = de63c885839c5bbb0b524c2b57dcadd24cb0f370f680805e
+Nonce = 70052de8b4b5904c06b623c5
+PersonalizationString = 65cfd784054972f685850452a04dfa73930bfa1d08526aac
+EntropyInputReseed = 677462a1a7dfb8106b8e23ad5c9f6b052dc1817c337082bd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d4411df7e901c66a1b667cea66d2e21ad8bab76fbe189469e03b16a4b2346aed640278fc346097b6d494e74713edfd3fc75b9a89b51a05e0a295b05202c66ca95f7627f2dd3e7b70b3eb1fa1e007b443b47d5aaa3b6a3eecbaded109c9a5ce3e9534ad0f7e8eaf808280e1d31b82fe2c
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 4a94d8aa827ba2b0f354e5d20977a488b76201311b789e6d
+Nonce = 6ad176d4a3d713fe4d1a269a
+PersonalizationString = c3619cdff70457dcff4a08e498003bfb7050afe77a7ca841
+EntropyInputReseed = e16e6ce422207a2b8c98fd4137f5f35d5127cb6d0eeb72ef
+AdditionalInputReseed = 738594682f2475217220c64804f231a323e1321cd657739a
+AdditionalInput = 7ea2ea8fd7cc306275189d55e78ba809e5f28d58cc5db8fa
+AdditionalInput = 6df7388057a8388f18bff94b5f9c6545e275996a600d8e15
+ReturnedBits = 945c36e2e285da9dcf6ae59db153fc39eda3c5c5a035d68b7565981eb2b6dcbfbd1333a607159fc55cfeeed516e8956303473e07d3ae0c9754d82d4d6833e570ed5e9c548ac8038534bd8cecaa3def4ae86bccccf10fc2b3bf666e8b108cbeb237da2d299aed55d9790329f78a70d296
+
+COUNT = 1
+EntropyInput = 0904c6d8d491d0426a6537f40ff80e49d9ca411ef35e64a8
+Nonce = ef8c77a9d1da78d31c444b88
+PersonalizationString = 5d117127e78c8fbe5e317b55cee5e16969135ee3e58412b6
+EntropyInputReseed = 609580bfa4092d9dd964137fb67ccb7ec9601a1bc1c872df
+AdditionalInputReseed = f6c4ecfe957aa029f38ba791e8852aedcc21e4983ad02b44
+AdditionalInput = ec5538f6ec3646cbd1accef230076f38eaf644759aad95b3
+AdditionalInput = f5969fba084bc9fa097e7412da650e53eb59dcafd8667848
+ReturnedBits = 61a00ede66e9da95e96a9a60cba9f9873171264254a3d58df716ae32063947964d7f64bced5bf847a3cd570407e7baad960b796d9b656a04ae554ece7a0b02d6857b7690494c20d4c00711ab55c0032f246c608ee1ee094ae4658bf0a0374cd3bc2ccc9f36fa7ae8deee6e2f2794a896
+
+COUNT = 2
+EntropyInput = c51d286d03135f706324a2cbdc70b25854d725dc7c65deb6
+Nonce = 7d24acefbc5a4c3db2ae0cad
+PersonalizationString = 1e34506e9252d830d89ea0eba084bf5648c675fb69a10efa
+EntropyInputReseed = 93a70f60e1a3d2375d0a72863267eaca289a70db4f1ef4a5
+AdditionalInputReseed = e9cfb12e74fe501493179e95f4dfc9ca17a2ce8cad768c8e
+AdditionalInput = cd66144970ecea4a4b69313ccc8715723b004386f83bda1e
+AdditionalInput = af2b9da08cfb8eaeb987476d1bb3d41437c18b6b3fcac9fd
+ReturnedBits = 09af8875689ca70066fb3470ee9ed2ff4a1fde43af58f36351862dbc746d794d57e17b137d366be5fffa8a6dd480fdf719734dec65e8f934e5980a20ef749464afd73611bf7e6a326937328ead582529cbbe581d4a08d2eeaa9c84fa68a54bc523c45e5556681594f18ffa87663fa310
+
+COUNT = 3
+EntropyInput = 6ad916e2a4217e5a6a44a6270e6ec25d6f374d68cde746ae
+Nonce = 878150109f5ff956e7311bd8
+PersonalizationString = cc13fadb0a14b4f6d5cf1ff30f1797c27d032b370a28a5af
+EntropyInputReseed = e973b680ccfb51ce8cf5b94e9b03baded565b268d182949f
+AdditionalInputReseed = f1b35d904cad45fbdc122e665ebda2807290e364f0f1c6f6
+AdditionalInput = e6b3d6a196de2e407f4fec0f74e3661816691ff3d66e80a5
+AdditionalInput = ad62c59562b4c086683467fa5c0474cbbb073e5263eb3bdc
+ReturnedBits = c9f2c33ad578966e0e9adccd50fce4529aed241688a86c43db69f064f5b114fd6c08476af6c6ee8fce67200da5f469290dca87c7eac3aee6f04b108c5d5e8d41d6c0e123915f1d962a148fc33378c1999d18590840f246e004d24399eb3270cc063e3a52040630f1a598e871d5bba8d5
+
+COUNT = 4
+EntropyInput = 88593266dce222bbd4f655f8fe0aec1e5f6650f8bc4deb38
+Nonce = 356dece5f0482b4c803ddca9
+PersonalizationString = 82f6cba24f023966984e6ce106cc34841b7c30c72e3c1947
+EntropyInputReseed = a10d03cdd37d8e685840e00e76dc21817371f51ab55070c1
+AdditionalInputReseed = ab51b90cb1d780d6e63436e4a3bbc297297046ba0e9ded9f
+AdditionalInput = e16bcb6a719ff2a564d56b7d3548ae8e2cb668db6d6e3605
+AdditionalInput = 9c23a3c496fde05b51cbca630455b0cb1b1e056908a38184
+ReturnedBits = cf4fdbc791228ddde7c72179da8719c06e6a9d10ab17df33eac483d04050afd8b17b6fe72a66d9847822a3d57516fb62f4c008096612141ce33d977bee4f52c2498fe9a05270fd84e9137f10b2e0c5573825ee9c8e5ab5379b73856d863990e40709871cc979524ca2bde97a2b43d80d
+
+COUNT = 5
+EntropyInput = b0ff6e0251724c632d62787d81ff4e9467a58b5a291b0196
+Nonce = a89b311f9e12cc5e61c79c9c
+PersonalizationString = 8e3edc84fb01cb503959111e65aab552016f0817284c6153
+EntropyInputReseed = 5383c3afe96ff7117612c0251b9793f61510ae77c192d068
+AdditionalInputReseed = cfbbf18cd67a8ef4d156a354f3a1e60a44beae3774747939
+AdditionalInput = 399d3f1d8441fc2c3cbefea2055704dd26bf909299d877f6
+AdditionalInput = 9063eabbfc43fe3744dc2711c48754dc06d7a606e30bea5b
+ReturnedBits = c311e8625a3bb77824dc2fbc7ac1f19d50c008d1c353d1a0f133c64feddd985b85e1865456bc003041810da31101c3220b32dd5966e2f53f9a91c1d18d9ab83dcf89537d286c129986e26248bd50af0931e54933ed563d4b7e594d9407c89f51f0c9933575a99c671737ff682a53bbdc
+
+COUNT = 6
+EntropyInput = 77c7ba088c60166e73c92de357fab5b78a148aab203b2d46
+Nonce = a3d9253512dbaf7a73dd1432
+PersonalizationString = 70112571d94db2391beb16e592bca565994c245e931efd00
+EntropyInputReseed = 4f815fcadf6875f569f8297570943df2b9fa8ce1b4c58c60
+AdditionalInputReseed = 5bf9a9dd478706949f85c3441c6e562bee5c3e75d5a95cbe
+AdditionalInput = 7a4901d05dafb4fe492fe6411bbc1c29aedeb39da911a112
+AdditionalInput = 911275a0dd6ba306b19ec3bad4b1715db698e15dddb867c5
+ReturnedBits = ad4081f67d2d92b15429e3618ec615767e964d14f00089a133e4fffc7e8386aec7cc2658f0bfd9afe496005997210f1bd24566aa5a064ef43b7366d377332b6b2e953584ad675ef48cedeaf83a11dbc767c2846ab936eb61ba291b1618b7c120587a5c6a9d460405581fad3992394ff2
+
+COUNT = 7
+EntropyInput = 349c92aeec0a35080c792425bb93ba845a7bbed30bee7bc4
+Nonce = adbe966b9a6305a97d3aab24
+PersonalizationString = 2face675e88bf00354d80ad86d6aa8e636cbdcb5dfa87b05
+EntropyInputReseed = dbdc97dbd13e7c1b0de6fb44aa1e1f5aa8b5dcceb5f18e27
+AdditionalInputReseed = 3087f6b4b9d6331b2e3df9b41f56882c15e27eea016891ea
+AdditionalInput = 24c6489eed7f1c0cd2d4712bdc5cffaf5b7a04133bd9f98f
+AdditionalInput = dab73c99329aebd6e29bf1e28eba3a3877cd83bbaf0d6bec
+ReturnedBits = 903d8e811e278a88a6fb34c731adf394d3e0c6f815bc574d2ab24b869cce3288ea3788ef625f9ed954c954809e64faf6aef0dce6761742cf7232bae18b812c394f31171d217f1dcfa1e2da63111f326d307e46f745774b91fbef1637dea80d876fcdb46ac413181028fb8cacc2222531
+
+COUNT = 8
+EntropyInput = 44636fac8e351ccae387d7bdf949b168d0bd518874aa8f6f
+Nonce = 61a6b35479503ad5a0181875
+PersonalizationString = 51e4f46e312d4e68d09aeb35cad6cda216a5f8747197db23
+EntropyInputReseed = 8538e05849482ba371afebad9b4270c8f5a726c36a28a8f6
+AdditionalInputReseed = 384d6d0a24b28d33b8a597bc440ca75c6fe24866a7e6f03a
+AdditionalInput = 5412bb19a80f2f528f4675aa0b00124464efd7d1abc22b73
+AdditionalInput = d04f1645121583e6f9a1b1e0a8cc6af24451e970d476fd1b
+ReturnedBits = b4a27a0e6e4537deec4421305de9f133a4dc53e81dae545c0c67a82dc416eae1652f21f2dc56fd89198ab25827a0bff0571429ca44ffc07073fac68a178f1b8f306be547e187900be50883866e906de8095629c68280ab9b3fbbb98de53c3175730a68afe582adb41472d3456914f73f
+
+COUNT = 9
+EntropyInput = 81151f9776d8582bf8c3aa34e1f4c457b837ff8abc3e053e
+Nonce = e255f55b6fb4ad10720de03e
+PersonalizationString = 4dd30a4ce06bab02d8ae6f260720694a79bc93325d66db92
+EntropyInputReseed = 183acb35005373c812305694f3ed7ca46ab3f97e49753f2b
+AdditionalInputReseed = 6d7d8e4988432fa687cd5f9a9232a23a14f80b1b1738f9e1
+AdditionalInput = 789be40a3156463dbe74b5b87f44ce199a9d31111a9d97e2
+AdditionalInput = 4dd1497a743e56236efbe8d956e1d18d8eef98e8d4ebb5fe
+ReturnedBits = 4a322a23e19356d7c7dcdb95d472cd4da76927f6ac015227146b9372d23f8256195a32080a353fd1b087f9d55bef68123b687d7102ac6eac55cf1036a9c4249a97dcc7c9249c03b63e94f7d7d91236bd672a752cf5d0643d2f4e42f46bcab3b5aaaef139ed2d87c00592606a3a082d2c
+
+COUNT = 10
+EntropyInput = 0d533e5718a9bc593ce5d7b5e851d71b720124e73907920d
+Nonce = a5967d8198138cbd700917c0
+PersonalizationString = ca2f83f4e417c33eb5578245d0da4eed213fac6b614b9d06
+EntropyInputReseed = cf6fd97e4251960a1642d991115e3de192e4e16e13462592
+AdditionalInputReseed = 1c49fe7e4313af0999b5e6ada620593ced8b15f5567c7357
+AdditionalInput = b0d89536aff7910d13dce592accf218352060780caf0224c
+AdditionalInput = d84d45220cda4584d575ade1e91a0f81776c864ac923b007
+ReturnedBits = 46dd266518c1f1ea06cce8dbe5d4f8343cccdff87563fb5c33f8698fb23450e44ece62db618d5daa49058ce8fa9c0192490e40a9a2cc592d81bfb4dc811460394288d2472aefdc239ccc4a77b0aab43eab248677992db7b95d2e9697db1bcb31237fbf147c1ce572ee5cd383c27fdbc1
+
+COUNT = 11
+EntropyInput = 6999da9cf94c0e873ef8e7a5fd69807f10d7019882103454
+Nonce = 98a217b025f9c0f5cd8028ef
+PersonalizationString = a9f5b47ea02819be41a5a64c3ce24f0168803b2e5b921891
+EntropyInputReseed = 8a5d97d71aa824d6954aeeb86ca59d7dbf8ef392686a0cb4
+AdditionalInputReseed = b032ebd5f664add9e8ffb40003a2567ac7452e84f07df811
+AdditionalInput = 167f00d534023e8165e5284a2c32f49c0dda217db664a43b
+AdditionalInput = 3cb837b13a48dba786934eebc9eba39ffe50b56cd1ba52ed
+ReturnedBits = 5b3d10ad6bdab91dbd9e5242bc1a93aae13eac6e3d46566e4624855899e1ebceedebffd7d5769ddb193f8cc34d54c391851f0ad8d8ea937303485559793b10b3fea1c82418e4dfe898164f2f68880e8b06a91daa85f51028032125ce44ab0132cb42d9dd44aad73a75d3facf9a63c43e
+
+COUNT = 12
+EntropyInput = 22794fffbf6897d2c6948475b679063f904f8f35d89a25cb
+Nonce = 12eb1b0874c9841383638135
+PersonalizationString = b9e1911f45806b4f84ad6d103851c80c288f7e1e8af3db84
+EntropyInputReseed = 49412f51a1f47b19ff2eaa0dd68eadfa4b7a75617a0556ae
+AdditionalInputReseed = 3697a2b90bd289b33d9f2ad92b8414d8cb14887c8f5322d3
+AdditionalInput = 0f6e6a04fc967e29df56a8438479a8753f586c38589e1299
+AdditionalInput = 19982e62a8660bb62e1fabba151201f1709b0a6470ee229e
+ReturnedBits = d78eefd63edbbf1d7dbce75df512b582398add5f310f689d68bc518412990f1d4afb16f0283ace28475c17035e919ade97711fa50569ec1036fd56585518fc5e7bcd5b4b8c54f8a08b6dcd7632ae5649c4af2e778be00a65ee228b1ff907821f323937d8561ffb611d293574740e5560
+
+COUNT = 13
+EntropyInput = f446bcaf0675a55d51a8dfcb97d8e3abf715a598fd6a04f2
+Nonce = 312c8b098a9c081fac608a26
+PersonalizationString = 056e8f1855d8d95b44f35eb3d5dcc02ad56041f75b54cbab
+EntropyInputReseed = 666cab89088406c31cde3dbe14a70288ecb980c45df593b6
+AdditionalInputReseed = 6ea5f565f1d0a3e9244eb3808a41d9d2d522a70317ae0516
+AdditionalInput = b2113fbf73ce982bc3959d4d1d4c9fb3c53d3987e5465c11
+AdditionalInput = 3c021c0b2672710bb0fa075bbd4737cc134c9428319a5b9c
+ReturnedBits = 0e535776543bd623debd2cd1d0684a5c133123844cb6cd9af49229a81a8ca92a7b7560f6d54b0aa963a5b0f5fbb4e24dc9ba714b24071de62f9d952766e040cefcf025db781ad57b53921c9fc3e5ec2da6988dc4b6cab7a2f27e8611661ba73c32f61a1f46ec77a7b76515de234edb25
+
+COUNT = 14
+EntropyInput = 2b70ff655eb2e4541a5ecab13d25551ce658a6d753d13a72
+Nonce = 461b829287f7b065ba3dc0c9
+PersonalizationString = 1e17a7283a82ab408e27dae228c025ac8daf4c3c781be3b8
+EntropyInputReseed = 173df680fd61fff7fccacb8b538ff40b252616290cec6e78
+AdditionalInputReseed = c68715e5b2517c324cbeee93837f3633a490cf787ae2e4ea
+AdditionalInput = a3de9279e1abd88447b1703e913f760f8484900aed46a041
+AdditionalInput = fccfe51e0ca21c2a3e70028c32f1bfaaefca22ca842705c1
+ReturnedBits = b237a08a113ae7341752f2bdea1cbcd40afafc995f7d8f7e8a25c48e41276b21200b640f16284374effee04330b04ee5d7501d3772e056be5a7069f7437fcbb4f4530373b57ed05041b4a354e809b5b6b32a52acaf61d445c716072b3dc9336e969e43cb55a92cdb62f17968b5a8cf89
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 6efb27c62118d9a61aa2cf1aef979ac16ad6c42e39b3aac5
+Nonce = 6525d6ff5811103afccc6146
+PersonalizationString = 
+EntropyInputReseed = 42b59e2a29eb6ab1b417d10e3cc19fb371962a77ac76463c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5138c6d2c4bf42e525dcceded889e81868ba6139b0fd506bfa5a6f7f9ab659e15a02e3fffe4950616348e1a78ac432c963ff183a93c32b02e69fc689721a3ef6a53cdb4f9a8553a2051050c5b1fcbe57b5ceb4db14e551686727d4cabfcff137cc7706f635b07333600a422956355364
+
+COUNT = 1
+EntropyInput = d36d1c952214dd0a00d8c6eab6c95a0cb682a56e05d7be08
+Nonce = 2c07f72c63a66c73e9a2a493
+PersonalizationString = 
+EntropyInputReseed = 7ca6a0f3fda2ffdfcc60a9b95fbb6ee62c336a6ff6c3fc54
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 453a7d216a9fca889714161f20efb90f54d377b5abbbc89f0d01d2657449c0f604eec9268916a7bd9c48b626254047a8918991410e86cd62c03a14ca3bc0a2e34b01b2e5cf7ea99e30507ac8997014ab58847661223edeada46ecb2b05bc68320aed32589a38f02e4cdf49371e46f00a
+
+COUNT = 2
+EntropyInput = e63bb317e7272bcf0d7f9aeca4230284b59fcc891e442f44
+Nonce = 40363d3fbb8380c40404c78c
+PersonalizationString = 
+EntropyInputReseed = 6a15a725c8f674724b6a4a867c6199523875d68e3cc699c7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5f582e144d8c2dbee03aed3991cbfb4ffd7fd925edadfe6b1045420b8f2d488f67bd1f42e7fa39a41ce48b9ada9c9270bf22af16b290583bc9587ee3019b7eefba5dfb6233727c13e7761e3702c87e5d77963fe548cd56253f43014c9b1054569e2817e571e104a03d0269df7948c511
+
+COUNT = 3
+EntropyInput = 7c601acbd92f71154baaf55d6809294ffc43c08c9b6a380e
+Nonce = 7d77218c4ace95b1f8478495
+PersonalizationString = 
+EntropyInputReseed = 4b0c4ab2f3164b817dba4d6046684346a50fd5a67507804c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7bb7bd1f304488b31254951af497b285b455a772c60223586905c735c2759886cd8d4eaf3828c741574cc8e9b544cb12c17f407b2a97a86b59145dedb75ff28758c9886c38f45d2d48b25353cebc14ea1b5c42ebe12b41a2a6c34aaf3c83c14876bbbf3a07cdea5c51f05c691134b7a7
+
+COUNT = 4
+EntropyInput = 9954c5b61383c22eb87f3a7a353a64ede1bd548a3cac52a5
+Nonce = f59bf452ff844439228ce70f
+PersonalizationString = 
+EntropyInputReseed = 116fc108fbb24fbbfa855f89f32054a309abdb0f05c5ec05
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 86ace04243d3b77ef2c3241a173abba9ae89506b5cf4a9e1f3c8490e2b45f7775b9662609468de52640d72736716baf0590fba238804db78efeaa54fa748fd17a4fa1516a37f8ba1abcc6cd88d9688da17b47fbaf60730e3083175a0f3d6592a2549ff09b5d35f0f5e8b31eb2f8153ce
+
+COUNT = 5
+EntropyInput = 6639df873edbdd346b6de75eb5c14b5ab6d4c4eef257a204
+Nonce = 0a2ca06a348027396f43b82b
+PersonalizationString = 
+EntropyInputReseed = 42641cf8009bb2bca94034c98b4cbfc07e061f9fed774f06
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8760bdc7e23978e93b349c190f7bb674319e5fde7c41202f90caa02812b5616c4d996eb248e49dd75560bfe15b506a34172e47867cf1d15d0ea43c091d8d424c219b761e4c951c935960405a8311ed4101d00a1c0a8d786139363b7679cbb8fc7d3796ddb1e27934867063f6a6386def
+
+COUNT = 6
+EntropyInput = 4990bf54d8996a8e4ddd0455d102fc5862a2ad5b5b857909
+Nonce = b4fd0edd2a0a4ddb7d979aeb
+PersonalizationString = 
+EntropyInputReseed = 97121e5730810f626ac129462d16853944107508cc460034
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 135387fab2f30b0574ce1ca6e1be143a0faa1896fe72f957791c676f5c7e50d92cbdaa67ae26c63e918e99fbdfd1d1435cfee5fd361be3d3179f928dcd4bccc12a1f80be9ef7ee1a366bde19034185d967e6de7d898af8f5125ecb71e2a40d698baeea73f6f0c271f91addac9cacfb4d
+
+COUNT = 7
+EntropyInput = d08df45082cb8ada43854a029406b252f9f16f1f7be20399
+Nonce = a4c05b7b558b0b1ae576a3b9
+PersonalizationString = 
+EntropyInputReseed = 499e23a843038a96f7452f5d05a20c438305da94e498c974
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0214ad1232aab6e61dc4e9ff5c0b51480fac7d3ede95f24dc223fcd435b8ab73a2610dbf5acbcecfabae04d6bb28fff96cfd8e44e76594d2a82ba9a2a5fbca086d162e43808ee5839467c20b3b05916beb1c9115717c88b78897833dc8e9a949a0251a0c12041756169a772d887b89b3
+
+COUNT = 8
+EntropyInput = e86c1d83d1626a103ae06baa6130d06e677de3260b0eb555
+Nonce = 10a3d3a6df8aae3ec1daacaf
+PersonalizationString = 
+EntropyInputReseed = a1049715dd2d42e2136046b8e4986269d084a72582bb0330
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1341548082638f86fddb340fa240085c64a5a24a557b44021d60e1e1c3e15f56f7b67f90f90c72a1c629354ca4afb638a190dfe824f0e860f265f91fb48db4faed19ed095a903c3ee63cbb8e909f610ebcf74e66201b90ab46ab1c4ef72dcaa53e5d33b6830653ccec0ccf3af70af5be
+
+COUNT = 9
+EntropyInput = f811b91c22869d3dbf6e7c58e41a3e5800b43013bd42611e
+Nonce = c0866954f6976c302f8d08a7
+PersonalizationString = 
+EntropyInputReseed = 9a66ede6604657799ed89c24a486df17aa97bb9e5601ba9b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bfa403cf2c268144dc964c77ee3babc20fa5e37b0151bf757628478bda985379e3079fb6f6cca654ef83b83831553d21644118b0b8a269b999b342e41ffba7c3659134b954f776b7dcbe1317fa37e0ea39ac50e4a9ee101b02547861dc86e39161b6cd1245109bda0696cdba083dcc4f
+
+COUNT = 10
+EntropyInput = b259c3f8cb09993680c2b9e187075dce07012daeb9e70f0f
+Nonce = bd59bf46777713a43e5dffbb
+PersonalizationString = 
+EntropyInputReseed = 6ccc876c3ad54d813657c5a402ddfab07599e42da3f19ed8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 82dc2b590fb3c4c1c6840ed25300e6a7c7a73e056dbeffba1ac3de9376ece6b09714f16ae80463f8bfbc8655968cafedac219e47857daee084a0529e9c2aaa3a1730dd560ecb4e0098ba85bbbb3d89778fb952a5ef4c095b87945fe6340bddc8418ee0c591237e41d050ec2e4ddeda64
+
+COUNT = 11
+EntropyInput = 77337e880b950916299d2c6094a29c49e72607ec3e341f70
+Nonce = 906d79c408e13a5f9f64c11a
+PersonalizationString = 
+EntropyInputReseed = fe2d22a464569a3b91fba6ed429d923e8c2055b26ac74724
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0b5cf8df4e8affe9167f250c67f3b52d636425e8a027a7ba28e14ac7cc7018387f06d4d0776e580224695c93805abaeda39495b93dae142571e33e72cb8a264ad407fcbfeb49a252a5445d8cc68f67d2a3338ba93e9d86054f9ec22e6e9a6991e7b09083ed4e1c0549d9d592b0c41a51
+
+COUNT = 12
+EntropyInput = 0b4942d229a406cb476f7b4432b700159c3a036fed819a9d
+Nonce = 4eabf5b41349ded88f23a038
+PersonalizationString = 
+EntropyInputReseed = 433dee7418a46acb851d69b63bbe4fdebd4ad59f80369d35
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6a379db3dc670e8f80a142c72803274e0e72e3966752185dccc0ef6994ba07a0e97239690685148c35706148b271ebebca736d778d2a6cfce61f0e426a3df3fefd29cdb3a76f531aca6ab0d05e7797456ca2e5bd34f8320ec72ae233db42fdacdd5b7c1e411bf17c4f385563827fc54f
+
+COUNT = 13
+EntropyInput = 00c41c5e773c296ddcda6e09e8d5b030c4f5d41f0484a75b
+Nonce = 667a4e33097cf12e788d19a4
+PersonalizationString = 
+EntropyInputReseed = 57842a42d50110cf29006f662d1b5908defcedf87f323228
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c1044f99fcabcc664c363ab56445859bc1cba0b06e5c2fc4d51c6f5ceb72a48a60826fefb6c6f6c18bec703670d2345bde9615452ff3031922ff2681084f769b33105810cf727b31046665f3d81e2465742968e85b376f49227b4b4e28a9b3617ef4214900ec38097195111564080d23
+
+COUNT = 14
+EntropyInput = 7b8b312828db717eec2252c565a27b42a6ca6f27a7ff72ac
+Nonce = 990f1633f80800f40bb93e58
+PersonalizationString = 
+EntropyInputReseed = 6c6e07608daf9476312e5e71eda322c2799b337788fa5dba
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c3e0db0c8c232f148f2720f39cdd3c1661150a4799d1288a0898f558714e86dd663aec880b4059c61ca3012d2b9ea6b2aa28edf48473a5ff8ae2740d25c922af3ddf4ab9c1d5a484e9bf4ef4590d7b87ef08d5683e973974e6111afa1e713f0f0a95e4e9eb16765a27681e874d5aa504
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 238559325f393e8309c0083a5a68c395a2944af88abfe788
+Nonce = d9b3a68b5e56dd6202b241c8
+PersonalizationString = 
+EntropyInputReseed = de7f19b6aadee249fd592d07e0f07c6c31eeef5030375991
+AdditionalInputReseed = 1fe991d409e87914807dc399cdf744abe38015f5aa1af442
+AdditionalInput = 628a78950c36ad58e9c5195a116a9845bfe10df14d3fd260
+AdditionalInput = bddf48e5fe5e64f304addf93a1fba2117344654d8501bb4f
+ReturnedBits = db86c8344f7b2ef65a5667f8e2f6d136eff0a21f22f240ee5c33a26ec1d62bda3e7a21f7c19a3bd18ea7dcc21d25b9b3ffc51a63e920fdd9520fb564473f2fc6b301af4fabaea913984912bc05816129f47932c90abea85670735fe602eda24feed0af51fc4fd93248c2e32d836c41c5
+
+COUNT = 1
+EntropyInput = da777f06a3c2da6b763786cf2fd83f6e708197680f4d86c0
+Nonce = 5f8913509584d3c662f46115
+PersonalizationString = 
+EntropyInputReseed = 13afaf26308b5fa76b76e3a0f4e9fa10659abcbb9c610d1d
+AdditionalInputReseed = c6790f20e47812db27ac978154a29bbce18c3cfa3bbe59e4
+AdditionalInput = 80f58dfe818efd5d0023a1379c9e9754528109a452f7c730
+AdditionalInput = 102817d5613a7c7568ba8c37fd10a009d3a0bccb73faddef
+ReturnedBits = 4781b241db29c34cfcb1d8faad51d9f0f6cff4e7cf9be10609805e3cca059d70e05abe028466324837bc41c6c47b3ecad46d39479bbda8781804d33cc634093f343e523fbdad75fe960ca5eced2f1cda0bbe984dc008b84f178e21b0a0f88c223e9c4b288373b89271d02cdd77694b65
+
+COUNT = 2
+EntropyInput = b7464cf28a7c98665184b98b55a42f551ca128b6c6bfaf3b
+Nonce = 0c752e89573a5f4011886312
+PersonalizationString = 
+EntropyInputReseed = 5fece24a5ca17790dd13bc2ce29e5f3d110711c5348a6b7b
+AdditionalInputReseed = ae1a01e146f59f846cf212d643805878deecb89169429508
+AdditionalInput = aedbb54a97641716cb0b3373f9ecff1fa4269dc73de30847
+AdditionalInput = 5ad35a1087682c80b31993ff8a4e035b29412bb5ce331a4e
+ReturnedBits = 497d5e5c4054844d89357d86db3172849cff88cecd97e8b92dfac0545faa34883c9681f12a68aff0d5841731ba615a1dd316bb3c304c975ab23996a93a8c092adf4f43fb69da8a81dc44179e73680df089f650026f2a86de9aff7dd284e341281cf9c6adf39df9a3a964107585550d45
+
+COUNT = 3
+EntropyInput = 853fe514dcf00746c8e3eb161598077ca2e4c22dbba76e44
+Nonce = 83362be057190dabf0c3f536
+PersonalizationString = 
+EntropyInputReseed = 79e805b808caed536d7e1ade22d1f95fa611a1f82ae54236
+AdditionalInputReseed = b9930701e00f62b5217621cb038039ef5969f05692a03f8a
+AdditionalInput = 4e235d1cee79b92868298b2558b44638fe6f05782d265cd6
+AdditionalInput = 9da9b3546017fbfec6e0288d993ac48cef219e27606caff6
+ReturnedBits = 14fbe7e4249380cb315397227782a1f775e7e58e8f563293af89aeff9fdeec9a5a04cbb93105837b02ea1c11df8ae627b833a71cbf8a880decd9414b526e60ede099b465c158fe7daf736d37cc05cefcd12be858a996fd277c4b5af49c44e48253e3e1df61a62159945f1ed64c4a3cd1
+
+COUNT = 4
+EntropyInput = 33094b2d1ab430ddc45c8ab03e84dea990b5bc8dfe16d9e3
+Nonce = 26475023c7ee76c3a4f07d81
+PersonalizationString = 
+EntropyInputReseed = 898befaffcfae3ab8e8fad6f95b4b4b59f1e4a34a377bd48
+AdditionalInputReseed = adcb2188d5eceabe4a5dd6583caffe00ff22524ad01b4a7d
+AdditionalInput = bddae49c52ada0e462a48ce24b7a96e17f6f75006e470e3c
+AdditionalInput = 1a5df68a9bd047e82ffbef8c1a00b6d77dfc3ed93051c3e9
+ReturnedBits = ba13f1e9a92666004f1b6747cf6ca93ffac82e8b6be14e981014bd39bafe96ef4f02ef98d2fc9ce5147fe5d625a8c78028c4da00130f434ca654ba204029b4af0b5022d2089911f3de7bcc8f45acbc5c8cbab46bce221daa4cd605f7c097b6b5dc4c87f94703b6f6d12ecb8a9d4aa6ee
+
+COUNT = 5
+EntropyInput = c85667b0890e1fe2ccdeafc24b192433e7447debe7a59bc2
+Nonce = e5583f79702477773936db4c
+PersonalizationString = 
+EntropyInputReseed = a7c7b61eca320ff64104ceef27d93fa8f5eb0dc8c4c6e811
+AdditionalInputReseed = 2396a52896c9f2fe12a859b4b69cb452fdd35f1b800cccdb
+AdditionalInput = a9b9b85994f7840432c855bdde248169c0231a0f18a6505d
+AdditionalInput = 9f0dbf06148694a8d1d6e53cf1cb78b27bde9ca7caf709f8
+ReturnedBits = ed10d96a23caa1d74ea218feb7a6b9386d3ee17c65283eaa4ed40721b9ee75fe13bcdea03cb954abdba5a6b7c3254b436c693ec096611c01dca93d13a1de65b989c2c436b08a1e2f7cbd1f9784b7922a0e078bb3ab41fa79e92d7f1f3c4417fad350af39992885ed7a7d0e2f531f4163
+
+COUNT = 6
+EntropyInput = 41c1cfca005ac0fe9e0319db4e08c143b9b48de19c447986
+Nonce = f726a7d8719f0da81607a060
+PersonalizationString = 
+EntropyInputReseed = 4b01ebea0a17819dfec20e187c81409b38094fabd2d0ada3
+AdditionalInputReseed = 654098a948f8981094541463aa6d6ccd82f7cde31e38a49d
+AdditionalInput = 085de17e7b99c0496114f4f8c292b4e7cd88d24af30e61e2
+AdditionalInput = 9af273008ab0a3d4c3dd9baf66dd467646493e4e320cee21
+ReturnedBits = 42eba0cdbed7f50647c5cec0d2055f850263a8074eaad3823f20dc6eca78c166e24ddc7436850cffb7a25f2feef5d68233dd38e6205ba037d491e7129734017c2fcd468f38b3ab095d94e05adbec0f3a9cf4aea2f11071d2e5a277ad4a518c0965de872d37721dbb82291fd12f870dde
+
+COUNT = 7
+EntropyInput = 9bd0dab28b44f2875daea49803dbcc87b4be5538371d4d2c
+Nonce = 97d874c0658981c3d6ddf780
+PersonalizationString = 
+EntropyInputReseed = a227f895d2a9900cd9b9ff3902cbbfa9c08830e07e074f16
+AdditionalInputReseed = a76e6657aa786c81665fa6e70d5a7457624ccf9952157537
+AdditionalInput = 8893baab46686e00a52a147b87f7d86b26e8dcda35e1bdbf
+AdditionalInput = 45f530d4bd1a02cab76aa3c617cee5efd3149bcc944f6c51
+ReturnedBits = 35db1d31e81a0c8e3a45f5574c978b9d82446f577ce59b31c3b9e1ab27f818f3e8bdf0e1f227c7d7a34f4d9765615047ca884873c78bbed98b9254f79a9695930502236e23fb058ac6bf2aa5f1e5309bb495293eb29099be45ced3e458b4bc267475b7305b3ee63d7017b8b43cd9934f
+
+COUNT = 8
+EntropyInput = c046cc98075c1ef4c99eb99dfd7166f021caf31fb625a078
+Nonce = 61df9e071cf2d2b22e8bab25
+PersonalizationString = 
+EntropyInputReseed = 21b43d5a5ed6e7fec4ea5c3a7f5c0d1ea623bb324c5de921
+AdditionalInputReseed = 57b31bee0723a5a0e4bd65f26437b0519d268140a134daf4
+AdditionalInput = ad402e86c29a1fffe755db6756ec2a533d981fe566fe4d6d
+AdditionalInput = ee35a835a50d6988f731839da7dd81f0d46ea4e078bbecd4
+ReturnedBits = fd68efc2b87453b5fe6b1668570365958d9ccfa1e1d3ed4e2b680b7c6257a83f76334850f688505ba898e5623318e966008e77f6f759e39143894197fb7077167f01d2d2399c36543eb45e6354517b449c658adf472c3de5a0ba0e5df45942337c6b273e2c4a478a0a6be3c4d4970716
+
+COUNT = 9
+EntropyInput = 159586d878c7ab5a07bb3c17870d8cced1e659b3908e2ffd
+Nonce = c1ce5836959327c155f2deb1
+PersonalizationString = 
+EntropyInputReseed = 69f03eae9aef56129ca974aae537bec346f9803356b7ce7f
+AdditionalInputReseed = b3b42efa5ef6618f1c3309a9c125a739f70a652343c9b16e
+AdditionalInput = 66503d0b01382eb3664b4d296472b2d1d977c8febdd69411
+AdditionalInput = 5c8945dc8694050db6480eb8db682f8cec35a1a377471d2e
+ReturnedBits = 2d415a5bb202da620f9f487c8380807e1af027f253ff775ba87c0693ee172fe28928962b8945b6104b949fc4023cb807f90b44e83359cf42421dff45845448dab8d35bb477ed7c919eceddf00524f7d5a5bd98d9c83c37f345f7c56c8dad4374cbfea95affab94a417b06e01ee566a0c
+
+COUNT = 10
+EntropyInput = 1292af200e9a59479f7e2489b886741c4dc27708402bb30c
+Nonce = a7976873bfa145b1d5f2d0bd
+PersonalizationString = 
+EntropyInputReseed = b037f9890797ea6624cbf53cddfa7651e092914b978de871
+AdditionalInputReseed = 33d7347c0881e383a09446f3e3472aa89dfe85586b3e04d3
+AdditionalInput = ac89e28d81c2c67e240b4f65cde536d2758a4b62fe6f94ab
+AdditionalInput = 6c2301c38ee2fe6c405c7f80ffbfc7253b4d0c2792d63272
+ReturnedBits = aeb28621e3878f3e84be41c5ff570a8c754dac9606a794ec26c685efff8bd615953c20bfbf4e361b7df76b7bbdee0056c21cf8309f0374eeba27286df9706beaf2b2c3baafd1245794a12eb5184dcb90d562c6fde250a70c738d9602b3bf514b9f9942fc60fcf96dcc9f0d9f1bc27151
+
+COUNT = 11
+EntropyInput = 9e7e2731157a21eaf007b05f9f9244a77aa8840d54d2a31d
+Nonce = b9ea31daac9f1e4d058ddc9d
+PersonalizationString = 
+EntropyInputReseed = 7294dba58485373091e20ad7b3c7cfe949a67f2578178fb3
+AdditionalInputReseed = 07b98989f1a419629cb46d2c973edb7d808a26fe2802c320
+AdditionalInput = 9c34bda90f30c0c2aed5dde0777f7bb7fd48a38e9c929340
+AdditionalInput = dba99b479ea832be597c65e343689ef9393a169358f2b69d
+ReturnedBits = fdf3a4047b5e912173e6454b409d5afdb5b161bcc1734337d157ab57f41c6453b55204a4a6adc286f1af9d37dc2b48b4a56148acfb0220c3762f20efbd3f7fd94c2ea9cb45c6e54d62128387f5e22d9f4b003b7ed9609336f44905ae93b4921464735b12c06016dd4824ffda85beb176
+
+COUNT = 12
+EntropyInput = 2fa98eef080dba6ebb35d47d9d070621e7acfd5bbe60dbc8
+Nonce = 7b3d2824695b055ff38de526
+PersonalizationString = 
+EntropyInputReseed = 9d348392dd40455a3764b6bda37d57a3fd180e384eb6f1c0
+AdditionalInputReseed = 45c6806894978dc6a78a42ef3b8c0550b1b6f3c138494a33
+AdditionalInput = 91445b48323db9379feaba05a167ef19e61c34831161a905
+AdditionalInput = 9b698e4dad1350ad794aaaf170e1cd20aabf9dbe40d40bc8
+ReturnedBits = 53727c0d49580df8bdd71250797350b8d424fa0dda419e3a18266816d61fb5c824e9f8c0be1e7689a98d309a228b4a424eced3fb8fe310464e38062c01d9d27a2900ebb61d11e20c1e0d1e216a7f4a1b4e6b0af3ec0e59076042048039022779646a4f841c4d8c4b4a2d55f2a731f14c
+
+COUNT = 13
+EntropyInput = d94b6d02fdae375a79e1ee3489b933b83546fe6430af481c
+Nonce = e57274d19a4ed47961106906
+PersonalizationString = 
+EntropyInputReseed = 0527ae54360af63dd76b0114724181b8393867456c72b86a
+AdditionalInputReseed = b3d88a66a40d60a62706a16e829adb0ccd6930ae0c2d3992
+AdditionalInput = b789c64191cb190e11d95d72623e048a2375e6bf9bee900f
+AdditionalInput = 88ae5458dbc5f6123a2bcecece2008ab14d49013590229e7
+ReturnedBits = 2cc1189295f6556a2470d3044e896b319d2bd37b8088fdf6e23659cdcfb3a2a9412e1ef4aefe4a55bfb33792bc7edd078630b3e3890a5f499a6550e028203564df30a650864a94fab305388dc2d90aeecd85c14483b9cb2c797638183209be73067c8f348580b215ad97b1f5ec2ba239
+
+COUNT = 14
+EntropyInput = 21d586598068c5f622eb3c8e15be8975f2ef39450ce90e38
+Nonce = 3853a8d032fba12dd32b6fe6
+PersonalizationString = 
+EntropyInputReseed = f31b13ac9002a71e2d62b1c0ded7a60fe82bd752a449e71e
+AdditionalInputReseed = 43d005320af0b83eb9a0e73952508828d2a65f910de063c1
+AdditionalInput = f6c4ee7af22bdcd4bedeb6e510f97615a0409ade94e1d585
+AdditionalInput = 734dd60c81e1d7e0b4540251b7b1c1a8a5d4dc5e2119e594
+ReturnedBits = c8ef5772a86b25df7a2f997c984a33fbac6a6c680f773aa8c874117fbf8c93d86cb8e069afaf1e51ee23982f8b5053de55622242012ab28bd9d433ce860a440bcf30f901ae5cf4f10464a1c41c0e2416bc576391fc8e78c167d357eae2ddbedd02a21c7dfbb2cbdc9344c692e8a77361
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = f8bab047d56d90c2e5689c1afe4cacff3df96da82e5c2ca2
+Nonce = 5ba75f11be974cf303cd6543
+PersonalizationString = 7a65830a6bdccfcdfc6227317e73b2172f7e13968a78fee9
+EntropyInputReseed = 24a5da2ee26fd8adba2cbf482b42376061f62204f218c0dc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0ae1fff30b266773abb05d0fccd57b0701210cd27748100f56053e5d9f61f13deedd88d4ad91642539165b79ea925fc6dcb0ff86215b32dca51d9e9d112b6f8edacac0fafed61a4e3bd8e5343c917ddf56049c774a19569bcfce8ecf3cf94073d3bbc0ab081de47973eb95b0b21bb571
+
+COUNT = 1
+EntropyInput = 81ec52b70e6b26fddb9d7b547ac236940676ed1bf9ff2041
+Nonce = d0467e6386d520dc43d908bd
+PersonalizationString = 8cc4663035ec9f798566fea93a07d8e8d268cbe93ffe8d78
+EntropyInputReseed = a8a2b0b3abaa6f939d6c7b050543d40fa5e89290bf147d4b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7611d29dc0a75604050ea9be0b700a9296da31c214255e904f057a84efb429854fcd950ffaf4411971594a579e99b17389b31d816192fbe86c811d9d62c3e0d3eb9bde9568365c436deedcd904c7d07a8b8164ae781b0146d1f16861fffb11522e4d194a510a18be3431b48678144ee3
+
+COUNT = 2
+EntropyInput = 879d0c04004b16f3c73046058a8eb51e78dbc5f25b6c7d18
+Nonce = b15d146246299c0661b93cb9
+PersonalizationString = d34370eb1eaad2c32bb474587ff526dcba21ad86d3e5b1da
+EntropyInputReseed = 62d82b7a289e3d632b67c4d9f02221bfd026cb4d57ddf622
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6d99e6ffc1259532e95735dca594e15e2798a0142fa7b3f4e1440bb3f5b5749d9424b2e47873d31db1cd42b7205dea3b97fe97f7305fda73d801e2c6ca9efc4957c9cbdf3a6575f979f8e2dfe5d3335ba24a8ea8864e2d5f001c7bdfdd39a297d71d7e895d7d0ad28f6c758577f5a1f4
+
+COUNT = 3
+EntropyInput = 4746e6460f2628cd32e999336183475ad0a66e19d4eca3cf
+Nonce = 295946fd41b42a770d7b9c69
+PersonalizationString = 7d1a3e8095d6688ac7fbeab2d60371de0c486a53f48de78c
+EntropyInputReseed = f8720a18b163ffd21b135762fa9b2041c0baeeb4d7a89451
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0e8659f07e9d52d63d854c216c864fec244191e0bd1f7f5419c01e16caaf2e5b83fe0ab030881f5ef3539bdf81356ea21378ab3c29e6e4024f7489fb01409456dff49da2dd526a607435fd1763bd231c2a18da0a8efa8ea5320e4a3e0d84f4442e739c3dd0af40a73114a2d9c885b994
+
+COUNT = 4
+EntropyInput = d14c1f7ab022176fa296424b57c85f5c864576e06681278b
+Nonce = 9ca28a07d12942f6afa1acc1
+PersonalizationString = 185c96e8576e5e274c9d6c99b14014577223382c1fafb905
+EntropyInputReseed = 978a02cdb7bac8425395447802f1096d0703a463f78a22c8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 12632f93362c7aab0be84969b9869f2935651ca0f3fe593c60a805504e84af1f7b4483148ce2d1261c547829d73a2c5d43cb194e285eb53bda7bb08da8204b8d37c361ecbbbb41812ccb4f0d3c86a26563c5017117ce65f34ddda6e0cc272c6411d707699a5310b005bc6813d4f8ce44
+
+COUNT = 5
+EntropyInput = 32b2a810869e9a8ae4d2a4dbc4d3e524fc9d13c4fda3ccf3
+Nonce = d8afa296c73dfa7f832ade1a
+PersonalizationString = 58e1b1b2cb421e83ec6003f915b42b1e2b97f05f588e3047
+EntropyInputReseed = 72965171e91cc8d2800e9f53c9d65d6a00e238c374862a12
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0cba00c7fc76a9d328ea7e65063410dbf123804984b188dc989295787953b2246db76a0add79d7a2f2e4bbb2036363ff97016e67af6a4a21634545515ebfc43446230af57e6427f088c076abd2690172cdf95069a770fd2a1de98ac693007f2d7856c2b74b31e2d4e470b8802f07bde1
+
+COUNT = 6
+EntropyInput = 3d80f1bd8021f078c59d51821705406d7a60ddafb8c276b1
+Nonce = 0586e0c1ed940694872f8901
+PersonalizationString = 418458ada82078e3e1dadde4e9653155ba02f41e8f4a75a9
+EntropyInputReseed = 3df0aee4a729e590d255b337871c352655a3c5e4bf8b1f6e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a99c6b7565d496da4b8b0637e2e07b06d807841374fbb5aedec943bd2ab54b3268bb7ff598cf6f52a2a6c2133562c77e276caa1f3ffd4af3c7689c8fc0dd2152a814e166f644099bc9d959d97af39e6a97fe18d29dab97fd2d803d5b1d6fa5c4c2ec996ff908abda32d445195223a80b
+
+COUNT = 7
+EntropyInput = 87baaa77ece3c57815c35bad1628fa7e4bda2ec1ea4e6da9
+Nonce = 40bf3a15636d5a0b61fe0df8
+PersonalizationString = a6fb8cf2fd46f3f0e4dbe467f8aed45ea710a3a53aca6422
+EntropyInputReseed = d13727a2be37f3be6b67d683a6ffe6b39a6f8d845d71d554
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9aeb7600ab5b4c267d822e41e196d8ac4c8353e0687480ca2015535cad65a4df50482d44393ef1f3000eafdd5a86fe8eb9b8fb7aef79a6f62e49f64f68c8afbe458d848b5129e2608fb9d672524ce6301b9867dd9a86fd8d0220a722f9be0a6bce54dee26832ee05db0fadba6a5e2940
+
+COUNT = 8
+EntropyInput = 9e24642273e694ec9d32aff0e721293754f043419b983608
+Nonce = 74a141c02154d8302ee4e895
+PersonalizationString = 059ec9e70112cff772117b7e9043fab082056fdba95dd73f
+EntropyInputReseed = 45b652418248da268cc4aeb0316ca838987d715965fc9b84
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ed69d41092183ace1a2cf2c3552cddd16270fd88bd42592a41bca491a9d5658c99f973962922c085a2b0a6acd2a9895395b2521f5ff44f557abbc2eadc17eb5144d2c27d8b6cf3f8ff49c025da302ef928c1163a03798984470ea33e5360cf5d390739722a7d22e51d3f5f325e595446
+
+COUNT = 9
+EntropyInput = 6f82006dbe521404ebfb84da53683c2d702075d8b8ccdc92
+Nonce = d2601aa8a30791771aa81f28
+PersonalizationString = b2dd949021e2e6408fcfba47134e5dfcf133312e04d2f607
+EntropyInputReseed = 505f99b0e1433d0c457ebe8f7d0f625c27715f91d97f62e0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6c3209f8ab15f76bb21f51bf5c369f789ef9ad1791c4db2598c303e248ee5ec95fdefcba356058bc952086699720560d6324bd203f21b03fa46954caa9b5a6ee2ae68dc59638912b5f5cf5d6462723e30f60593355c2b706e21ad6d8fa1a0c686f5436a0afdf0dbcba2d13d1625c41bb
+
+COUNT = 10
+EntropyInput = 45338e5a51846e3d51820623beda888b7ac20e95018fdca3
+Nonce = 67f1f1b17081b549f4f95b32
+PersonalizationString = b545be4d08f761790ad401edcc0633c5a8c4d8d6e8191647
+EntropyInputReseed = 5d7f03169a274acb55507c6b63f3145cd41216dd2a13755d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 48a8a83d82ebb2325e921156449fe728286d8c3ca7e4aa564b4bbe70d5db7c6ec4e0e59bd2f2cd25580b6597faa44c29a9dd2a1001b3b019ad15040b3dbb33d453e0d9fbc627bc1df39c1cbf92275ac18091840d7fcd71ce60ed6940d126860e9de27d2edb4c981c012ab5a1bb9daea4
+
+COUNT = 11
+EntropyInput = 545060fbeff3415fc5d6c16e9dbf9575e87c2e660bccec90
+Nonce = aaf8f30892481b3206456dfb
+PersonalizationString = 19e81e70a2bcb4393205de2dae53cb0b58f0777faac8715b
+EntropyInputReseed = 6ef635809b360b97e7c8421fd0ff474da554c701c8d09c75
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e025787afbeed564238ab0085c925bf5c62b51c39a6f493cd1cce715265b55591f11debf267a515b492a98a6fde2329ce9d48d1ed72f51fa6375002bc97fed32af0bce61a47915cc22ddcad5a9667dfe2eb8ad076916c8ecc1190ee3997cd80c699d7066a100d61648979841ca21e5f5
+
+COUNT = 12
+EntropyInput = 6f1a3286e6b0923adc80ffbe23f302371a00a299b0e1ad55
+Nonce = 1292767ee542151e1464fce9
+PersonalizationString = 0164fa52d58c1ca178fc0822a1891613fa70c6fdd9998846
+EntropyInputReseed = 8680c7d22fd600a5cf98314f39437911ddc294abbc75f20f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 589e96fae3b1ba66ae37c9f9dba1aae5b0f4f70356c92992f8d6221220ca993545e5b95468313ece422f51d94562e7ac21f34acf9b9e1cd93fc21152f7fe85b0fa425cdede4bcb9ece690cbf9e5b0879a50a93d6f78c0e5573998aedb9d63571a70d8f5a13c2f81a91cc366c7a3bbdf5
+
+COUNT = 13
+EntropyInput = de41ba08b654b0c618ea840180812518be2f7f5b4d6ddb06
+Nonce = 63b2b7435ab41c1f3df23979
+PersonalizationString = 9add706045904d1700bd38334d69277dbdf585aed777850b
+EntropyInputReseed = c4204ea4cd4fe390847d67de17ecf3da8781570985f2f047
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6518fafe0a120ea291e96caa14af9c8693b54e09e411316a2feb8762119eec497dbc84f68e5c1c387968072b9530fd14597667be785cf575bba3d6e78e79866862b68a1919963b003705f1074c0f4659afa85100c4855c9e638b980f49fad0a4f96bc8f082baf7e2c62a0bb66f811049
+
+COUNT = 14
+EntropyInput = aee74531c9334c70495ce1019249c43858a65e55e4c44bc2
+Nonce = 319f880ecb327f7f101f44f4
+PersonalizationString = a4707743355569cc1dd6dde18ce7b647821d61166caf8b53
+EntropyInputReseed = bef3ce1783f967118b558ef05f5b39beafaaaeeb6fbde4a1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6bbe667c88e28e94390b1c615814e74184e8c74b4ffd3b008bfa37a3c768a4f4d460a5f34e38d52ef63c4291c25eaa428546e7ad11769240c45e3b4eab278a01aef2a3928f68ed15cb673d17003563ce64ae527cdab4257fdebba1c46b52f9a4306b5ead1632ed391e8068342d46a6c8
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 4617be4a300ca35d10224b4b9259ad83c271d7768dac8154
+Nonce = cfa4d649c4e2709ede1d271a
+PersonalizationString = 7163efc8ca9e10febd6bfa4b1131794b9ebe1053fb90d26a
+EntropyInputReseed = ecd1c895e1f341d26555aacaed1cfa1ff71e64ab2522de76
+AdditionalInputReseed = c4d2a86b21236af447bfbaa4682873892002a9fdb38b15c5
+AdditionalInput = e6c23d90aed598a76a2b2bf3acb16715d16be6d52eed2e6e
+AdditionalInput = 3296c6bb24ce10d08b27a5b19b30a0fd52cedfccdfd78b29
+ReturnedBits = 1c85b0b26bffa602ecf5223ae61e866e286804a3bcc71109849acb7d02d88656acd4c0303327b9a72d1411098463c4a6c34b1a4092441cbe925dcfc70f50ebd3a3053ae36bd68bc62c266d901f18bf1c93548024ac3deb0c0dc570fd7d5aee5d8f7a43e9f1f4ac4a4dd88f2498a8c1f6
+
+COUNT = 1
+EntropyInput = 59a8aef3932b1ac491e8542dadbaf3d724b2c62a3ca22e68
+Nonce = 96a9954dd3894a69808701e0
+PersonalizationString = 961940615dbe3f6351edd3e1fedd02cb430f57b69f21cbf6
+EntropyInputReseed = 160ad901de5623d35fd7d279b62dc53837ef7927386a4969
+AdditionalInputReseed = 99e82b0211e3a10980ff5db8482a8ba847e7c5b8ace6e852
+AdditionalInput = b74309816a9215b76defdacd79a7b49030a0c80c407ea1b1
+AdditionalInput = b76c786e9dd6378401ad7f94880b5a604d149fc0f0fef2b2
+ReturnedBits = 64b54cff7161b04fb79631dd7e2aa9c9a03f63d8ee003c38d3aed6c264b79b431e6f568a21ef2c8e47e22bacb3a9391e9c161b89503dc25c51fd55e3c0e32076b50172d5d851318a42111fb5d846aca592cf3a2e9cc29aec2f19ea0e90d0aac8f130aa332689c435a64673c64c012a35
+
+COUNT = 2
+EntropyInput = 25f5d0cf5a689e597234dd50f12e655a8e6d39a16ad1bb55
+Nonce = ed923f7c90725b56862addf9
+PersonalizationString = 558be30ab907a1d0c995f82d39f96a8f22f471f717accfab
+EntropyInputReseed = 31795b133aa7c391ae6f09873d900f8f454ba3c9dcfc62e8
+AdditionalInputReseed = ab37b54a0cfc94ef20719ef9d2ce78c5660e7d2b9ad91a60
+AdditionalInput = 2fa921cd9645f6a67540203424fe0f43c14f16a78a4c8e96
+AdditionalInput = 719b92949e9c99e726c152e4ae2a5bbfe35e7ea308fc26b9
+ReturnedBits = 6a8d802229ccfc18a635725172b3fb79f54673ccd5787ba245468d841c1b8e3d9598cfdfcd2b3934d93aac7ae9ca326821db5d2a7ae3bbd17433cc4741094f977fb08d26b6deda10064977cc5c1f87f17bc82ac47387c2abf33eac743b53ac7f5c2ac0beec634d328f27ee9005d18936
+
+COUNT = 3
+EntropyInput = d6803c591e756aa371fd58342021592b2727442d3f47e9d2
+Nonce = f9c207bf88e548bdf0f0be38
+PersonalizationString = c5e5d55a6e3f0f63013ba908777a134e30b5693d785c364f
+EntropyInputReseed = 4367756100a29fda1ff383242bff371d50cbba0b9eac2dc0
+AdditionalInputReseed = 36dfc1704eafbcfffa31405b20a0bce6cb45c4b1d9b8b61e
+AdditionalInput = b1bf3f8577e7d9ed05e4f6292d987e46843a8350d4202593
+AdditionalInput = 36d7d9d2d19ec8c94957f8a6fc814119629d49631330421d
+ReturnedBits = eab708f4ce0cc0ed824db20733a6b9f33f3eca2abfe774c958c1b6d5a2c383e48032324d2f2a7224c4e484ba62e7a7ebb3a158906bf43a3df748212347d120c0852264743ec90106553545ba339a78506c59f3abf041184061199dbdcb2f559cf2dbbab03c8a660ae668b0f865a654d7
+
+COUNT = 4
+EntropyInput = adbb274b3e4114151ef855beb0302b21cdff76fc426a1a51
+Nonce = fc4d9540f91ef6db5fdc19f9
+PersonalizationString = cd046ca2381fe42685258eb5c972897e8f0e2f268f13c5c5
+EntropyInputReseed = ae7775c8dc6444d03ebaf3960ec35b862961a7a16358bb4d
+AdditionalInputReseed = 945f0d05a6408a5375b5934a06361876c972bdc38767ad40
+AdditionalInput = 800163f7f697e5c9f97a14dbf31e72ea88796bbed8d741a4
+AdditionalInput = df3f3f6c69aa40d5c9d2f3ba4e6899f62c20b71677610ca9
+ReturnedBits = e96ec8c929fffd55f57abc4661a6b29cbc242679b72b4ab9976c5be9b82426a22cbfa70061866bc3678fbe07c576007ae08f95fa77a37b3923b76ffd52a2844b8a6ad6182601c8e6a449f0e7fc1fcb69bd09bd47981852ea2906754d41754b82a3afce212a730069fcbdd28a46b70aac
+
+COUNT = 5
+EntropyInput = 722a7a3f82dcb209e07e67e7455dce1b8d98b34c66faa763
+Nonce = 425988aa7979bfdbfba4d980
+PersonalizationString = ec1252ffb3ef0d998694a420c1f6176bfe6787e6468baa57
+EntropyInputReseed = 340488817cd6d934ea51960241a5fdd22257c55473ba9275
+AdditionalInputReseed = 4da25e56ef5f1d8125522dc36749a5f9eb4799282439d13e
+AdditionalInput = 7d02b1ebca5e6abfd15b367a543367839394c4a9e5d0a413
+AdditionalInput = d37180a4f8f28b0866c5a9a48e647f537cd045c664d7562e
+ReturnedBits = bc3990c0db906bfbc3d5cba975c48b916d720c214b5582cefd9903419f82051567d79111692fe5843697b3fceb80a6e941ae7cb2147eff124143beb693e2aa1973c68f1bb52817bc9ea35743be1d1a5641fece4cbd3f48fc65d06762f96e9fe3aca50a2444d47865262b6df2980c532a
+
+COUNT = 6
+EntropyInput = 50363290b4e9c69dfd766af67b55757d7c61379fd7930119
+Nonce = 8b9234fe29739bbd8c2742c4
+PersonalizationString = b1e024b1e430d217d05be5f89225ea49f83b0aeaebebc98b
+EntropyInputReseed = 5175ad24caaeb3a44f110c9ccdfb6e452a54a3636de60259
+AdditionalInputReseed = c81416f4500f322192619e478985e72a01aa8162a669d21e
+AdditionalInput = 4c9d3d96daededd453748476411757e37f7120861e4b6559
+AdditionalInput = f331de9c8ae671acfbc55c84625ba384a3d1382698353aaf
+ReturnedBits = e67b1dee73db5779357da0f94184c77694d5342128a686c17bb0b1ac953c234c808055060d532ea3680b8cc9f6e9de19e7b7e305ff511aad6095d24695b0c0584bcff945796bbdd774088e2455a96a525d301321cbf5398cebaa853172f4e9232eae46b560a546a899b2ca26840384ed
+
+COUNT = 7
+EntropyInput = ebc330565af8b37be487313d90385d4cb1eef4ea099f0ece
+Nonce = 66ccd0bc522cb4d5c2ea0403
+PersonalizationString = 6d375d50b630ed2d967d43a0e0fd9f1ff1cb14a96f45c028
+EntropyInputReseed = 17eae9ae482eccee3a7816f0839e56eb709d25b5fce4d5a0
+AdditionalInputReseed = 06ff033e96511e0a8d12dd6fd1ac34da162328274e1dec16
+AdditionalInput = 4c0424662ca10950f191a539dbeb804c91c6e919e52cb6b3
+AdditionalInput = 1fc2eedee9fb3669a89461b73134629640e95e52407c9b1e
+ReturnedBits = 656f6b390bca030b029c9989965d0ccd2dcf7fdee0c3cd52e78c20b7806c71ad935e5d8e8206a230d9b2260b637a37911056c3d6ad75761186931e45577ff6aa29f35e41964a7376e7d0abe5737508782e254e0accbbd1c207e9076437a9217066bcc41025e8bcfaff04ee061d613b19
+
+COUNT = 8
+EntropyInput = df9c4ce0b551d4cbfb5d54de4f872c8d2ecfb5ca9fdfb6d1
+Nonce = 604e29e3b0b27cfb019f9e83
+PersonalizationString = b0425421c612e95faab5b009eb85cfb666db526d5d62eee9
+EntropyInputReseed = 9f46b356b3dff8cfda4457a1093adaead07e0baf0bf16a50
+AdditionalInputReseed = a14866a7672796fb73b9a99ca44ffaee4374e7d82ed68768
+AdditionalInput = 64a7249204bdfcadf36be265c122bc80efdf31ef70cd5e70
+AdditionalInput = 61e8e958d9f4a0b8765bb1f9a57ecdd423f21e456f033e1a
+ReturnedBits = 0ffe60e0a1388fc69a7342c165f9ac0b78677270ae752629958a1e44d10cd03bed623e2a787be02abb0c3530738a7fb43de537340acfd9b1f3c06296e8acde8a0136d16246da03f62c3ce8f44704d86f54b50694d7248cde7d4743699f9625d689dd39e228af6269bbabe0e6fa32a20d
+
+COUNT = 9
+EntropyInput = e97cdc3911015f6ba49c02fa251c1dfc7439949a81455ba1
+Nonce = ec76d6252b3ae7b6ca0ee7e9
+PersonalizationString = 68edeccbce19a4f0c786e76315b20e277376129b954cf39f
+EntropyInputReseed = bc38e84da955be0efc583b81453eb5fe1a4673bc7d5fa046
+AdditionalInputReseed = bb70d8d370ffb47c2ec9c9b823dd1832d027a46d975042d0
+AdditionalInput = 02b9b11076da195df7ef3be3b5c1fc406faab96cada458f3
+AdditionalInput = 453f58d228c526ba46b1620b2d584b8a91174300040f3912
+ReturnedBits = 07f97c3ecc3889894805ec531a6e218ff02ef3417711d3fdd591a8ea836ce75b24d87f87dda3506da2831d27e7d49aab88092d72df12197153c78fdbd9b82b9e99a9186630921b241edd333206815cb068bfca91162020bad55d7abef4c481d77b0ba4498d4ac9c60b3d1122e8df5609
+
+COUNT = 10
+EntropyInput = 554b4d1c9d8b37ec0e985794ad677a3885971bc51339642e
+Nonce = d024520a2ea80649888e0235
+PersonalizationString = 57811afc75655418fe6b41bec5ce0ac6b85a4709427b462a
+EntropyInputReseed = cd831f875df850eae085be04dd62120d92dfd4bbe8480278
+AdditionalInputReseed = 30759411e3a78498dac81fda2d229b5c94a1b968fa7030c5
+AdditionalInput = a79430618415596286495b11010cbc4bea9bddbcefc0a098
+AdditionalInput = 5bc9cc19b1302ae01a5d94134d41d88d8645f1e8646acdb2
+ReturnedBits = 2e8047f3c2a3d419d5ff4b83eb4168176daeadc48087acb821921cffcb03ffafe74137b912910f3eed6826867dc36ac67451dd1676a65cd9903184743485141f56503893543e5d3269b9bf5fff67004bd81d6592e5a6736994544b79e643afb8b193ea461ab9a87a5bc8f7087d8a265f
+
+COUNT = 11
+EntropyInput = 34c8953e7ad014c75ea3265f520ca193b30e6eee4bdf3ae0
+Nonce = af1084ffac14685dfaccf0ef
+PersonalizationString = fbb56eae2e6bc87208f6805bd148b63d2b03452c5cdddf45
+EntropyInputReseed = 7603b97540351b97c1607abff96d18a77a1d8cf3611f10b3
+AdditionalInputReseed = d4e8102516d0d4b6bdbfde91b0198c1910f25e0a5a9a87e3
+AdditionalInput = 32c22b5193641b5d2574459d152d8fe92d9066add84ee18c
+AdditionalInput = be25fae715bf9709562d6770de1d1ce29eb4caed184c12fe
+ReturnedBits = 0c2b0bd9a58cb7db93e887dda8c0cd8fd5b49ad3103049b38a15cbfb321c2b4bc100777549938dbadfbc1dad21c760e67f256c76f8ba5cb0af5ae7626bcd272786908bc89271c822a67e2abb8a691a0adf7143f9efadb1ae4212152349c34a73652f889d0fda77869c1af0dc85c2cdb3
+
+COUNT = 12
+EntropyInput = 7cec973b9302ec919e1df8127229d2b7c2f39280c2e4e309
+Nonce = 3764c7ae6ac644ef015c3afd
+PersonalizationString = 98f9d53ad8eed4c12a0db269ff02322f18bdc14310942d3d
+EntropyInputReseed = 7338c051de6764df8595ee9656c870be0e79617692a3aaa3
+AdditionalInputReseed = 29592fed8f40f5ae073172308c50ea5795b5bca8a64f1916
+AdditionalInput = 2b19ca40c58974f2224dfc6074889f29d21689a50c899ecb
+AdditionalInput = 02e91b8813ef852dae28d9f9e9caca430ea8d223029b6ece
+ReturnedBits = a80ec61199e5cd1e096ae74ffab5c68cc4dff21b0d3e93ed2cf5b7b0573a2b320135aa3056906062e9c211d0af6858b594f9e6f45b515dee2e6d5237ff0973f5bc61dc1296e23acc68f8308a9cc7deecfd820d984e89a3c5ba354247375c6ac6145c890ae27aa0732abaa0665b1567fd
+
+COUNT = 13
+EntropyInput = e463ce95fce1f164738158457e2a76f80ac8d2a6149594d0
+Nonce = 679175b6abd03ebf008eb87e
+PersonalizationString = 7fa21773b0c842748085e7d0494278de315a489d4190cb36
+EntropyInputReseed = aeed449a9dce56201795b3f0e9db6ff2d95c1ccacb56369b
+AdditionalInputReseed = 0fa1ba8284e2d58a5702d3927762aecdf7dbf5f25a4c4f23
+AdditionalInput = 912c23b384a1816550aff6eae59e0b897fa084f9b7fed7af
+AdditionalInput = 275c24f679753107a4bef15bc9278f6813c0ec1c49d91759
+ReturnedBits = a9c06dba6f80be04144032f92ef9294897c2951b395db8d64b62f71e13b22471c59fc3c3d496a5feca30d87d16e4d2feaa797b436444319e990128fd50cd6f7821c90db101afd877fbf061cee2ac46d7de6b1547ffba010be9345200af2d7e5076253274d417fc6e3ae018ab52e871de
+
+COUNT = 14
+EntropyInput = 1552d8ea865e6a061487558eadbef3de8e86b86e4a3e7f1b
+Nonce = fd1b06c1ee732ef8aee69ee4
+PersonalizationString = 5db001536f3841b37643657536e9ee30a339e322505c902e
+EntropyInputReseed = a488d0207e57b4e816a931b6651ce0359c46d6b25a7a3fc5
+AdditionalInputReseed = 2e6035f3136561f9d132a9296cc521fd36ee7c4bd7986e22
+AdditionalInput = 1d68feccf638852d884e503d35094a6c803c2b1c22cfe1e0
+AdditionalInput = 9bac00c0729c3fd8b4662db75154a8d2722ad02aff2d769a
+ReturnedBits = 1afc4b6bc25998615b522c910626dc3fd8cd63f7eff280a3861863aa30809e60ceab8e5c3a97d0fcd581164f187e4a4110bf56d3db3fe780e1f30eb9502b4ffeb46a57efd47c9f3e043b3c1a9693ff059ca89b8f43665b69ddcb151152933723954218391b6fb59b52eb99cdeb01d482
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = ba72b04282dbaf8662ff8412c7e0364df6251626f0dd5926
+Nonce = 367d5990c43cf924f4cb360d
+PersonalizationString = 
+EntropyInputReseed = c05604dd53e8bfc465491f3941ee86a49ac06c7085aa26c0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2f1a7c01e05d3c99d595a01f233226ac1e76a6d5c63aac84edab2c336eea5cd47d7fc1e4f31d56bf50b64786e6a696744db1700b7345ffbe34576c1bf2d511074ae1c8eee2d3e05df23b6442c26499415154bd746767c66df92e9b754abba7f1cb5e3ac6e54d62899f0bc781b881ee4d
+
+COUNT = 1
+EntropyInput = c3633a786b02bfda873e560c478859b669f30fa12a0d9d2a
+Nonce = 17f762d7c159ee2ae3edb39a
+PersonalizationString = 
+EntropyInputReseed = ea87d45071948d8ce89e77640fbfa496a53bf683cab12809
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4e3cb41e691e7430d56596763fdd648e3856a0c757484a867fc381bd970daf2b3417009f8f4ed8a9b1ab669462b0cd5ce306f8ed8c0607643adb7c3da16db74f332dc7ab730d19c1697de2323ebf53d28fa3534a304f1be4094759fafdddbb12d2c80c432dee824c9fcaad5bde558468
+
+COUNT = 2
+EntropyInput = 80b71274f13358e02aa61a479429619481d4f4268225bf3e
+Nonce = 070df33ffc4426d1640aeb50
+PersonalizationString = 
+EntropyInputReseed = 7773a74e5ae2840ea532a91a50867b0ea61a678fc788207b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c8c6059bf98021e9f300f16a8d94a538f5c4c89e90e480fa5666d94be4e245a393d4b0b415f854cae00bd2bfeb5c5c8118fd4cb5c4ca6ab0791beed93856a56d820142eaa9d09878dddd3362ddd04822a9ebedeef0da1de5b2718e43f59edd54eece02468e3d6f07e4186eb5af3cc90d
+
+COUNT = 3
+EntropyInput = e16fada4f72d3724a8bb7c578f217e7325b19905b4481d95
+Nonce = 428c57cc7023f743763961f6
+PersonalizationString = 
+EntropyInputReseed = d930a93572c6a73ff8c801ca328ed221b68d2df6169db0bb
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8cd9e192240224f231e8d0ff629182a4e70944337a88d5889b37fe8a5f7c2d76a6b9cec03aa214e40679f5f1bb5532021770268e5736762ebce7f27e0a30ad653b036af5805210d5fff5dd4a0ef14581d0c53d2bdc804e71c025276d83c27ee9ea0ed5436b571381268ead6f810b89fe
+
+COUNT = 4
+EntropyInput = bcc8ea92cce73293d575a8093ccc4cb1dcd9e9faa69d9c23
+Nonce = 13b09ce7b0fc20773f297fb2
+PersonalizationString = 
+EntropyInputReseed = eaef1c3ba7f66e9692bb3067645cbccb7dd3ae61243e1a2a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5a0ec2f0be4629d99ace8d2d0dc351e56e93fea26b8aa86cbb4c3d0b184f070fb5f1f9bf032dac383a54670813b904a5f1059b85e94c0c7f333ae80c70e4ce3d4d52cb33dab3b44973a3467edaca3bd2938be6ce1ee0311ed57b861e3b8a55441c6ef97c79a776f79aed3a5f239c1daa
+
+COUNT = 5
+EntropyInput = 80782410e2d920c83f0f27f7f83c4a1e312e6f1e9333d89c
+Nonce = 8574ea5e1a76bc63097ee1ba
+PersonalizationString = 
+EntropyInputReseed = 1a9d250db8e8aae70389e5a073430c6a4592cefff77c4337
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8aa5fe3ffd2968164a0ca70ffe6a4cf2bb3cb6e13ab9714671273bc4933b40a65e8b79b7425c69468d51dd89e87c9cbc8e0b4c5c0f55a21a1967f2142b972658373115ef85d1c3027e296abe06a851edd3156bb9efc16bf18acbd59b1dce8511114dd9b9bf647209cadec0e340d484e7
+
+COUNT = 6
+EntropyInput = 2dbd24e0f743600bc12ecd68023bcfaf32fcf77f5503c0cd
+Nonce = 1c2f2761301aba1b24d0be0b
+PersonalizationString = 
+EntropyInputReseed = 7fe383209cd14fe65f4801e8abb6a2f351bfebbb9693e257
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 745508dc00e94eb432d233038872d5e0556081e899707d6f18a3b90cc8309d6ae92ec5d4a6aa43470455831b43923e8451acfbadff0dbaa1df1c6fe4123b24bcc02bf8491d1d6844baa3c8bcee33e878dc5464459b41876efa3426ec9542b22eca0d9e1767d6f1f539e9895e5144764f
+
+COUNT = 7
+EntropyInput = de08723b2ddbc617a68b0fd915d4c5223773909b6a39955c
+Nonce = dff80ef4d5560e8a09a40105
+PersonalizationString = 
+EntropyInputReseed = 6ca0d21597fd3eb003b5caf14ed90378b1f6a1b688c01a66
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8ef722855c8225fe154498b95de2cedcd501a383676c4666e973e291db626f8e1c8493e1f39fa92de202e1e595b525a21ae02261a0d8c01501c43399730325489805e5e425b22317facef64ad8e25b17a07b0b342f3514aae5d31b3303d30bb578ea32e2e9413e5d7b9cbd83eb9d73f4
+
+COUNT = 8
+EntropyInput = 6ed5548b0db20b2292bea014138de122de03e4d3a37f28d8
+Nonce = 993772c1de5f77be87721c0a
+PersonalizationString = 
+EntropyInputReseed = b0a27942ddb2179919cdedb8382d39a37ed9e7016f7d8008
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 76c8a9198c6dec7c2b993cbee8707955752a2f763e4b9d5c539595d75d4b9a037b7c9abf9ebc1b73147912f8dafc6d4387d92d7d1a4082a66aef9ed6d391c7ab6c82775403f45064f6ea7016779f809b5ea7da8b7491b22fc76a32d7b9c76e6639263ec4ff1539cc265c43f835a7bfad
+
+COUNT = 9
+EntropyInput = 604ce45f0accf6ced2d1c19e399cbcce9ee2be0d6ee5a888
+Nonce = 2aa6b1ac9680bf8f6a53e6e5
+PersonalizationString = 
+EntropyInputReseed = 70cdd41e2c03b6850ded28813359a8525d9cb2065796dd1c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d978bdb3438e3326ae6aebc4830dfbd82d523a6944845fb30012eefe0ca13f76249d491b4958cf76e5c3306d8c1be4dc443dc4e1f98c73fe763eb4caaf4b22d2dd77120635876ed62fda9b83d3392287bc4ced6c1e78b176707856b4621bc2a6a5246d359b1099892199f86a458adaad
+
+COUNT = 10
+EntropyInput = 2dcf2472cab46d6221f1360ffbe992fdb2733df827633b9a
+Nonce = f1cccec329488e1b431a758b
+PersonalizationString = 
+EntropyInputReseed = ef90998b29518f18165efa8636d491ec28b805d431fbeba4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5d73610846d80361ad3b63b4993e48153a1cf01f56336fb84e241711ac785c740d8712a53d7d3a367be082d1c608458e70b1332a0125c53f614c376064b9af6ea095204efc8468cbc80532d4e5bcdd47c6f78af19273dc3d9ae41d8cc3b60e54febb9c7dae0e31c398a32c625d59d038
+
+COUNT = 11
+EntropyInput = 991375cdc347b3f70fc7e565dc2af364a05bf057df587bb1
+Nonce = b5eb29307af71a7b6b17cec9
+PersonalizationString = 
+EntropyInputReseed = f290b547b5fc76282524854b843dbcbc28837b8f4f82be21
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 60c2c6e1a5a92859d4f392265bfc53f7718e7927bfc409867a88552f2ff7f3862d626454b7cd5718c6fa3406cfcdb282d8f3a8589b49714dbc8900438387d27d9a532001f44a80b670599353a5ce98daea7f195c0b9c66fcc3127dfd73095fc8c5a874eae8008e029a2ace1c2a4fb007
+
+COUNT = 12
+EntropyInput = 99eb577261e1fe73c85c6c4ab9549f3421f0b4f3755aaf8c
+Nonce = 7f03c5716d9b148149b265a8
+PersonalizationString = 
+EntropyInputReseed = f28c8b6ee75aea69fb50ea608247bfe988e161b9b1261bef
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5f530e615804f8a3d63d0173e26f5d5102ddbe2c3227bedfbd48d23d9dd95438925c8e1eaaa4219cd00b84bd8c424e9215c3bcdc1b03c087ca9d1662719759702abbd53ea235eb34ae0a5dab35cfee23aa83b1c507dcd24b3ef520b3919990235da7a8b4a7f3790ff47831644c3d2f53
+
+COUNT = 13
+EntropyInput = 9b5c575e06e4e1e5faccf76598cf2c0257cd45631238bd5a
+Nonce = 7919ff2cf5270c09b8ad3957
+PersonalizationString = 
+EntropyInputReseed = 3f2231dacab4e7167dd748c365b2388481f1fcc22828f546
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 41acb548b7f3dafc97310b37ddc13238fe82646c7d25ef8079c50ab5b8fd671a13079fab984d34dab31b6faa6d80f257b440783ca42bc8c6d0a7e971eac90af2c5d307d6d60a142f61508795d03614bffabb4450ab6aebc9b5f0c8a461c185e701208a111f7b70286b630d79df09007c
+
+COUNT = 14
+EntropyInput = ab57fd009184afe0c40499bf459b33e2721e7fd577ae9e33
+Nonce = 19aaaf960f132233f2c90f34
+PersonalizationString = 
+EntropyInputReseed = da3095cc25d10936959e73be621821de6eb36bb527af0c40
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1ee0f4b24f8baa5ddea66a65886ee212b3ef61399916fd15857c7fb506c777b05d14a7b272d3f5ef50ffd6f4638372821774005c8d3221e0d256a148ee0d23a705e1cc26fb6b9db4e236483de9d771120925dbc64f657f2df097cca104f6b90969f92803c74d8f64e11ddd44ce6169ec
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = fad885e0c66f621a763d4a9a3778c83c8eef30a25fe88d29
+Nonce = c248b79c91671f135c1878df
+PersonalizationString = 
+EntropyInputReseed = 57b2e90496108966ec69abdaad0fada4179fbfa6657956b5
+AdditionalInputReseed = 229cfa582c7d51d617a49de12088169e3099c260ffd2247b
+AdditionalInput = 7c18d74d17a0883135a0e9e5f7efa3603b7beb766746279f
+AdditionalInput = b48049b80fae84f378ff4a67489ab6cd26a2a429e9015114
+ReturnedBits = b68c2dc5dfb779ded8e2acfc0074eb1e92a54acf075d26558bde1c78564cdaed6578860274c705b81ba3e625f47d3027a2b47a07c87b04d5ed43d67295ed07b0b072ea354bca18a83b6e54fd5f06d91a1427fa3610268abf291fc7930ebb852c0272bb08c4f01bc2ae71e02ac9f28627
+
+COUNT = 1
+EntropyInput = ee1f193658f4936cdbea25d5e1b86af0d56157dcfaffc3fa
+Nonce = 26c9e026f06b2015052ca4ad
+PersonalizationString = 
+EntropyInputReseed = 2825412d47b72d610105863ecbca10cdbb520029ca2e9ab8
+AdditionalInputReseed = d601eebdf6453686a73b893cf4b362dad3edf3c3db13fdde
+AdditionalInput = cf499e18faf1d9be3572af7c2035de65d84cc0871a0b7805
+AdditionalInput = 7febd5d2b19746caec3dc3b8a0241e5f2f8df3d1bc1fdd54
+ReturnedBits = 4e1b3174f74c0e0d24698db6b492f0012facc508c1dea70a565937bd28b915d5254b9802e0b32c7bb128871d9bb8d8ac6aeb79fc87ae6e01c26d7a506ab8c15e16017d8effd792e945b759a59f7d21272f66753c4d530353122458faf8ebc75634fd3986bf1bfa93d2e447ac941ac9f9
+
+COUNT = 2
+EntropyInput = f81f01a6b310a04be907bcb7c729ed0352e16d515159c7d4
+Nonce = 99adbd4a5f2d801c2364cd89
+PersonalizationString = 
+EntropyInputReseed = a95e16abce8479eee9ba139525ceea38e98a8c302c81583a
+AdditionalInputReseed = af710041dcc8ab84b3e7cac33b70a5533b49254f2a20ccc6
+AdditionalInput = c06c08a34da60cfe7e20f9df5e94633e2829a1b7afd852f6
+AdditionalInput = 1e9d5f01f12827d39a48eb718519164c140008113a658bb3
+ReturnedBits = 1629bbe34969f2b958d78268c42f42f63355c67456fd6cb1112ada7266071e3c7384c17b4caa5ac1f966c688979c7e259bfcea17dbade6b7c50306cb345b5a9d6ec71acd7c1ca119699793a86b3dbf7593f6c250cc8eae8fb2876356777e07bbf34156d9ebba9c5c6d0bcc51f5137303
+
+COUNT = 3
+EntropyInput = 2d398cd152b7c385e8f0769a87ad5880f7720cab755dc667
+Nonce = 8f5146a889c2c060132dfda4
+PersonalizationString = 
+EntropyInputReseed = 84bc35a525555ab09a901031fd84f3f2f8f3420d92d53940
+AdditionalInputReseed = 2d59b6998affb88a93c93f048218a852cbab079f852a6aeb
+AdditionalInput = 37232c1d45eed8d5b27fd5473208cf4424412101699fd38a
+AdditionalInput = 6196d3c7a51e0dda906ff747bf2c6367f4465f10715675e5
+ReturnedBits = 0caf21bdd05fe496998df6109be62e554d157263500e6c0c49dff9bf9e8c2b525f290729821b692c8f9160975ec4d4f8d18a1f40cdd30a07ca9bf0d8ecd7c1558e56386ba9b227b897fb8a06041766015ac06030628eab87bdc5a71bf0dc4a53e2a130fcf94c79afd84c3e98237d5f1b
+
+COUNT = 4
+EntropyInput = fa357799ca4ed55d2412daa0f14f7a9e2bd60d1f805a682e
+Nonce = 0c58b4466a2384430aa74321
+PersonalizationString = 
+EntropyInputReseed = 3eb9cd4e401140c8cbfd52114df58a2e78c2cf1f6b47887f
+AdditionalInputReseed = d219a507e837dcf508dcaa5b1a503a8b3d223eb10c0451fb
+AdditionalInput = 95dcb201728f246b8e78c053ad4a69528b64e6ba0b1d4222
+AdditionalInput = 0aa51af6f1c60ef2f33434eb534bd68c138fdbfa720f1824
+ReturnedBits = 82f574511ea2355129fd126d12a720514bc5aed5292db98c40795b49935bdee13fd96bb7b4172001003e5c09a2136ad8d3082b67e4459b0f01bfc36b73432f7eaf1d0e8a8152e8e9cae96f9ab62305c0f06edb3b9433c4408021b89369659a069964017b6a5e49350140b752044c8713
+
+COUNT = 5
+EntropyInput = 4e6fd7779481dc86c422ad063d0a36b145379f1126ad3f6b
+Nonce = d78e8aacaef06929eb593502
+PersonalizationString = 
+EntropyInputReseed = 999f28eb331bbabb55ee3536c427a20e4e9547ae252b734d
+AdditionalInputReseed = e5fdfcc35195ee3c93ea9d612e9b1e8c95a1aaa75768fc52
+AdditionalInput = 9977817ffd579a2e57866f8f6fbea16bb9eb302043aef068
+AdditionalInput = bba1b99e675677cc5913e0a62bca9dc3e66fe7223e4180cb
+ReturnedBits = 2d0abe7707bbedd2dc7c524019cba6602b243582e20ad9080d0f9d620706218d197066b29211d44f4de2be1c41faef07129fd3da5dc76a5cb73dc9e8a6708841e53b4f6f8776f516372838c645e3bbcf348d02da9231dc1ec23b577b97cc554487dfc5c88a6dfc70a354caeff839d00e
+
+COUNT = 6
+EntropyInput = cdff418708481e6e7db777fa3e7b54df9aaf448274d68b83
+Nonce = 37998974f087a4b5a428817c
+PersonalizationString = 
+EntropyInputReseed = f9bf7d7234003c5a6bd9498f44218577f97eefa6e91d3875
+AdditionalInputReseed = 097ef5cc39fb2181fc0475e944107fe5833fe837420b72c0
+AdditionalInput = 42168291b8fff8079c6932c05850362fcf1b51927ac50187
+AdditionalInput = 0674d377da9cc7841ab6a71a7308f3ed69fd0c0d88f28543
+ReturnedBits = 4157f879655620781f70efccc79a85ebee020ce025543f0093f6402b1280a17485c1a59329fe3fab386b5a0a6b510288e7305a389faba325946fd0e6c027efd1c36ae2d472ffa6a5e25700def11d7abb9f5a1c99f0e5d1a9e36802e869ae4adc110ad766d75badfdef864abcfe483b7e
+
+COUNT = 7
+EntropyInput = d5c355b1ddd270663b57c395ec5f43d9ec9d60fc20b6d4b5
+Nonce = 5aa0b69448b37bb99650fc7e
+PersonalizationString = 
+EntropyInputReseed = c467c5a754d165038b8b68ef2503d044d7952d02f79a58ae
+AdditionalInputReseed = 4f47678ceeb13a7522f16aaa6c977506ce4b2fdce81b6cd8
+AdditionalInput = 1c9a76aa52ba22d1626ce66fba84d3c65998ef731ae756f8
+AdditionalInput = 5ed3052c68e1e42a71b93810e5ac98c6a6896089481b5ca8
+ReturnedBits = a10c32dbff74e47359a8f0a45b6691939375dc06cd6485d2cd2feea6237cbf58641709c99d0a26b8e241ca23c4cf994965f58d06f8ef6a9698f4ca1dc06b4cd1f9b2a2bb1564331e8c8dc2d1dea4c7daa3fd79854ccf5298ff571aa6eb84e0e8df2e88753dbdf5717f8ee94f27381a08
+
+COUNT = 8
+EntropyInput = 9b540e2bb8170d11ff757a0c214ed1667190309e0b470784
+Nonce = c0a83779c18cece4c60be6f2
+PersonalizationString = 
+EntropyInputReseed = 0dd0413095a249476b620d64dd564946406b5006a48a90e5
+AdditionalInputReseed = 41b8e2721dc38e983214bd328181edd66ae9c6a488b154f1
+AdditionalInput = 4dcb7d297754e72f1f12624c662fe4a319d0d6ba78d32231
+AdditionalInput = 7b73a49cd0bae1840cb0a6b993685ba5cdf19fd75426c0c3
+ReturnedBits = 20b96bd80abe66419937b258d8c2cb883baba4eb27d3b97aa4468fa1a417d663ce8c7185cf93cf58e844a19920a1284e5057f29900334a769cd0daa35712ca1b0bce2c750a7289ff7f6fdef4486808042010051f01ecbe386ca6477105375eb8540eb9223a4af8abd5760043ccf6a50b
+
+COUNT = 9
+EntropyInput = 27ef4f5ff27cce8ea758ef986e9598fed7d8662b6295ea69
+Nonce = ef3aa0daf6d482018510c20f
+PersonalizationString = 
+EntropyInputReseed = 0d336b2fe6412718e2c19dfaecfefe3fd12e0d2860e4bb73
+AdditionalInputReseed = fe82632966f2b41322595647597498aead9b9304f0da25ce
+AdditionalInput = 433fb7b3ccc486eab6f8d5fad08ef540091b1ed6f2e767d2
+AdditionalInput = 5e2b37cd8f3aa40bae0b289902ea11ac4c633b759feb350d
+ReturnedBits = d9bd14d709ab5aee138733d799275842620aeeff2cbc53f728e1e25a4f188c884d580b59b361aef507b2aef867198daf8b67d7547e18547735fc8201cdff048296d4019a1ddaa18e7ef68557d75ca3e073513415795b894fd11345eca93c812e3971bc96386b391450d12577ddba70a1
+
+COUNT = 10
+EntropyInput = 76e6a7fda1e20f4c86a66ba8e31bfc16c615f1356eca15f2
+Nonce = 341913c9a1b01e86bfa9a833
+PersonalizationString = 
+EntropyInputReseed = be086ce74c37ae6ecb255b2b3971e1b756b78d7fabcf6ec3
+AdditionalInputReseed = 89ba420d853d343fbecc9c53a5196645f3003f81dee4727f
+AdditionalInput = 60f43d61783fec1aca7fac3a1f5b985f339d3f449df26053
+AdditionalInput = 25b901cd8957a7a63f626b1292e6b98bfcfdef27ee77adbc
+ReturnedBits = 975da45545647181d428c5371b8226a688d0c65e01feb84aa53f3ec51411817ec9ad1596a809f765f1ba2af910cb34958c499b87d1a44c726d8c3ffc1d08475a12c0b59472fadfa0f1090a6018fcac6f481f37c057e4a465ca36b3a2c6af0229dc093048b5ff09f9bc04ada420b56365
+
+COUNT = 11
+EntropyInput = fb4548f4ed94e39bf55919597c37fd5ba1386e100132802c
+Nonce = 182044d8488ef08ee1163d3a
+PersonalizationString = 
+EntropyInputReseed = 8a71182cdb68d9356384139350d2c980bf5d2fd64f0e1770
+AdditionalInputReseed = 807c444bbfbaca243aa982ce9fea2ef49f7f2383c138a762
+AdditionalInput = 8d46af199b2b3463e13b07cfcff08352afc90556a950f164
+AdditionalInput = e9a3ebc4dd711cf218bbeb7705405e8efd4f65b895d8594b
+ReturnedBits = f28f9a31511fa144284a5cae255da7f2eba1a2343784cdb4c11c7812cfd9798b790f479c8ff9c06acd458f2edb411000a556979171c23918232bf482c5a2d9fb2d3faf1f7c6af4a3654da207d9391752f2975daa22d85e82de7766d4a5074208de12282cc0e38550accbf4279f7efb4f
+
+COUNT = 12
+EntropyInput = 6af9ad11eef708d3e3332b66d0e02d4c049225050415701f
+Nonce = 27d0268faffdce20ff328f56
+PersonalizationString = 
+EntropyInputReseed = 70e2e6e007a4a3b0164fb849f8687843d6ee90fe93cc49f3
+AdditionalInputReseed = 8974269fb2a42869a7a4abc91e5c1c534e8cffe7781aab6f
+AdditionalInput = f3e67593eb2bf8fe069829849df15609b6413c6ec8530880
+AdditionalInput = 3ceb7d46137ae3021ac72874a7ae622495dee46cb15b59b7
+ReturnedBits = 6bbb178f56bed67a776596cb2c988de8facced72b4a34e11aed0897e018ad94d543146585c47fe7b43a2c94a8e5388514b35a4530439f1943d4c0fd7f55a3bf13ea16080cd73bc05fb22aae74f5796d9d6b83c805960372aef38be1b6de44032abf3bd23481e834830a6de1d4c0d1572
+
+COUNT = 13
+EntropyInput = 1b526509d5341f07451783330867655dfda7829405fca78c
+Nonce = 3c5e0d93abecb924b1235dbc
+PersonalizationString = 
+EntropyInputReseed = 0a665697372c4bc0f06dd56cb04c9e14350cf2eca9006c13
+AdditionalInputReseed = fdf180b8386572f5440ee2f3059ba7aa4985c67103ee6b15
+AdditionalInput = ef871a19bf9ab29ab895501182045a8e5e899875111e4571
+AdditionalInput = 77ee24d58e0c0e1ee52cd29f8c2bb4d7566f1f39020f7250
+ReturnedBits = e0fae40aec21aec73f81040dc73d3e5304b3d809823a1bdb07c697dcdb37611c053abd057d13a3b6a5a4280bddb4970bfea7d26d628a08b97c970df9d8e3c938f2ededd02e25d934dea4ebd7a49aae5942d32b3935d142f4b593efdfc251c6136bc0927e80e1e246ad4081528ec39b0c
+
+COUNT = 14
+EntropyInput = 6c6f5adfc58a5575bedbdac04dd76a47002f7b2847e537c4
+Nonce = 633c991ed42e24d4cb1a93c1
+PersonalizationString = 
+EntropyInputReseed = 92fc2275d7f9f171f99042ccda9634d3480869ab4d0922ae
+AdditionalInputReseed = 99b50d9e2fb9d17d7e17b53b0ac513eb05423351091a1e97
+AdditionalInput = f5b9acca5c22015948457287ed15aaf5f04cba4f6a6e2a0e
+AdditionalInput = 56329f12213226d58bace8dbad203535198cc471ae628e16
+ReturnedBits = dcba95cba6d779d8fee09bdb785db00464910d2097225fbfa4060ce67ad30598d1e60d9063da02422b68cb7ea2102803ecb0f35439d4a1d60e67f4fd5750ee460a5de89a4b9d07aad72b3eb91c14cef2fa041406af954fe0d1ae8448bdf31ac45072435f8f0d2b40f7e3922e28ac536f
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = a68826e92785ddd32d798d0754caba6e4b42e5015c41e2d2
+Nonce = f080bcfa86a6344e24fefc88
+PersonalizationString = 074942d3d467bf101e019e6414e787b8a3b1d866c2e8d3f0
+EntropyInputReseed = 27239674c9465bec820e2ab648ec3e9908d36fc1a7248415
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e9aff0ebc74672529d8ca4b05455e3ccfa6971319b74bf46d84c6da46b9b9076f92e31f426a62d9b3b165abbb4b23da032050c180230f22ab17ed7dd3512103351ba65ed915233b0c801c671b9f2212376f4e6be7396e50bd21f3218e3484f1c3cc87a9f3f308d15152c3d6a4555f495
+
+COUNT = 1
+EntropyInput = db5c03dd4ced2b82fde32c1e48cfa1b666acd1a468dcdf9d
+Nonce = 6f7e66607a6daefda5873528
+PersonalizationString = c947e8a6e8f8b10da3d22b040c2cf1f1f8f807e58be8554c
+EntropyInputReseed = 4e9d25ff217921b421870e1dd2651cbdad8374d7d9ea9409
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a69bb5c0ffdf96102cd6b9f77b4a2fb458636829737acf5bd2d40c0fc8ed7294c270b66dba2d3d69aba24b96ba895683c4024c4ceea0744972489a2bf8a29312d608f518da423251a0b06ac9fe971736e17aaf8adb343c09899391c5881c1987a664ce744295a320b5893fbface0d800
+
+COUNT = 2
+EntropyInput = dbfea4a7c0493df420f5a941fe399922cac53746e0b4a640
+Nonce = 9552a3500d7f832712bb9ed2
+PersonalizationString = e0e36cac176c70ce6a37dde598559ab67f484041e9dedf96
+EntropyInputReseed = 20f7c981d9e84d552bed9c4f51f0774fb0812abaa1df531f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d46f2927a2485ab2c0a8ee4e76601e1bc22248d7cfe7a1bafa96438af5dcc60ef83ea32638d363008cbe8efe93b8aea8d53b0f666b7327f3f832e8015e5d43a33a8ba581e023144cd51ed312fb8adb328f6adbe9d98b96373042337f1e896f674c835368858911a2a29424dada920f33
+
+COUNT = 3
+EntropyInput = 3b526f764dc20e019d7ec2e8cd160ee8457d8e66f84a9583
+Nonce = 38029d853715e48e2afa9752
+PersonalizationString = 0965827ae07e1ad20e1df8db787784e08c56efd901636e8c
+EntropyInputReseed = 06c5fb4da1dd2b49c1d6e0c4842bec85bbf3b2ea442f4567
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ce060d8697ee33a21f4ed516771353ef65276f13d28beedac506012b16a726dc3c9da84d756444141f1618843999287e7750e28b5811eeeec386b6d110e2491a396e60375e7b44d938700c3837bb1c376ccabd6b12ec18c165f1f377028c629b5f475b48930a7a810afb82d3b536c2e0
+
+COUNT = 4
+EntropyInput = 24044c7ba5835f374ef9ea049d7455191f69534f964ccddb
+Nonce = 90991c56ae5c9f4064f3a416
+PersonalizationString = f580bcc7782d0d1ca63a6aa47bf79e0a226086766d548fdd
+EntropyInputReseed = caf5ec39227dbcb246d71faa6dc41b1947a971baa3d39f02
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 577144ee8d49afc152c0d8a1b8d4f25978a103a9fe2dd16be0d8bfbb9cb184255ca793f2659cffa9fa7e71bfd48be23c524e6aa11048ad7742e256db6f4b9177ab3f1bdfb48d8ea0d54b41e44cc3277df31acdeba6b78f8542d0a2d441961ff8d62278dbe39a1f0f84a6debdbc42f940
+
+COUNT = 5
+EntropyInput = 38869cfda6a46e0f71343fb446101c923ba249775e89d7e7
+Nonce = 882f53c81946eee98c52fd2f
+PersonalizationString = 2d277e827be1b1b86d813202a25490caaff1dada2cbc63ca
+EntropyInputReseed = 6fb8de60036d992e1e77020817a3181204be02a9e8576c66
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d08e20fd84f67c56fc6498e12b02a60c9277359717a567b1a560816b5ddcf746af8fe93a915d2ffebdbdd9c6bb2483a0cdeec933efce8be083c0643da906af4112677e9e2a77e63b8f053cdfa1e12b138735feba5280e1898b648a00556e8245d719289a55a71058a726871ff43f2fbf
+
+COUNT = 6
+EntropyInput = cfac02ddd38df18bfee40ef6d2bc0c247f335fbdb22f1602
+Nonce = 414e706e3e0220df4870b284
+PersonalizationString = 8b8ea02681e6f5027602f86795b20eb7701983e7384ac2cc
+EntropyInputReseed = 9bba186d25218b971f9a5906f0192e467adb536538d0e2fc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a7f99ebeb29331ee7c99063ced89865cc5c397d6b5d15934332119c5f94855dbc991a4e7c1057a707e5c38d539c02c526195bed77e192c6ef3960ab1c44d5d446886de77c9454fe9e2e2c87330c8abe03f439b1b4302318fc3e087620d114781756ce5cdd448cfe1f05c808405fae49e
+
+COUNT = 7
+EntropyInput = 2740fc385f6ad6b7e9fde78d2ab58c28685d0f178d8dbdf8
+Nonce = 229380b08601b6ffbe7a9ad0
+PersonalizationString = 950f585babcf18337160cad32dcebb560133bd8fcf6877e9
+EntropyInputReseed = e75d77b57fdea756176cea0dc51473852b32cf7ed55d7147
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 72d2d08c809a8b80662d00a521fcda26654444477769a5aa1d8b67fabb32d3b6e1753290c1a819534c86b1d6bb00a8cd42c94b072339d16c3d30e22852a023f43e52fb720ca50cc0f762d77702a5eaee8154ad077acf166b599bff1ce0c6f5203a166864a07a4a656499a8cbcd91a562
+
+COUNT = 8
+EntropyInput = 4341e55a792af8a1998493bce8eeed38d5d890b7a74e9121
+Nonce = d4573ff309827af810c92c2f
+PersonalizationString = 13ca74bf166ef3065315d950ff8f42ba71ff806d86ec6d19
+EntropyInputReseed = 1c5c4f65148d2809257775ba9573ae6f8762867ca7cf394a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ae40d28587e163b7d2decd55f1c95deba5525002b6127fdc6c830c1c28847c874f7b31c1f003ab5e46d2f2ae9bb67b9ba8db3f00eb66d8dd1e3285f9d17896ff623ff7817e32ca623a69096eccde559cff972998058eff40560322c490dbffc2ccfd50bd96a1ae7f77d17144a9999c53
+
+COUNT = 9
+EntropyInput = 45a5546d5a7174035ded640dce12c3e4f8b4b5512ddec81a
+Nonce = 92f96fbeb2084b1ae9e68be3
+PersonalizationString = 13f13c6189f2e34a8fc0ca6b6316df5b59fd58458e9f49af
+EntropyInputReseed = cd3cc4f0e13f6597f9dbed179f37673fd0a8109067b537e3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 637649077521409a729548e13b5a05532dc6b3dc60fbd21abbf40142ec55b0d73735d07c5e8eb85aca5da2a13870d2de819390654a8098a1a708e2f7af5600a0cde1388624e14fa231df02e5f79bfc1911059a7b9bdb159ee3c82eeba9cfee36b798d635645e5c020307187596adfa1f
+
+COUNT = 10
+EntropyInput = b7e588b991c5d10acf44c197b8fce7a469af0b4e12a429fc
+Nonce = 250575641f3c36413d390cbc
+PersonalizationString = 4df8d96882cea89875398df569ca665e3bbd88a6b8a9df63
+EntropyInputReseed = 59a99bf479e6e5de588f4acc8e4359ec09529cc01d228e58
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 32285fa5bc2c55b68a74045c6d3c0fc4c89bdae02f2149f6f2184fc7d6e07a7a3a0a08691ff45d3f70f318c6d35432df1ca3f481ef37c3de2e49d16596dd71e58a9866ab63c9c8363bf3e30ed7c5b4f0a1f6f4ab646dc0b69c48b8edb429ef49168d3298711677ac0532133f6760d728
+
+COUNT = 11
+EntropyInput = 54357d75e1257b10f0461bd7679498afa51ba705d2d39f3d
+Nonce = 9c0cc6c7fd9b94b6d53efa8f
+PersonalizationString = 37d410b899bec27a5edc00a258c4950a342df1674df52a46
+EntropyInputReseed = 6b54367d9557ba0480582f4736c50131ba08b9c56e3ddcc2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1f1c25bfa1ec8671f31d41aea02a745b15a05625dd099348403f4555afad88c465d6699bb2d1f3958a2077c0ea75aadbe61048abada4721c39794ba62e00097540086876bea543ea685739f1eb266f7540ae1e6843b22f6603ce6455ce3855c3b2f1433d806f9d7bc0217c27e37e421e
+
+COUNT = 12
+EntropyInput = 2f815527eb6b79a93b4849dd69a66837216f4bf04d499844
+Nonce = d4f1cfd9f28b67b7abd31094
+PersonalizationString = 705881415b3b21a0ac5cb6d021f4b6e95a36e74f379c4074
+EntropyInputReseed = 5e0492ce449cfa61e5f5bb77e26e8eefd025d444429c4900
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3c11ca0aad23c5163fd169f09ac9d64eb16afd615a8c0f32e82b198665574c521599612d35f7bc968c99ad6ba2b00e95d4d008b872b483f7647be81940d583a6c2bee184a08bbdb8f5ae17a79afc873c5024491a1a205840c9140930a56588a19730fe220e638e9ec075fbc390f61dd5
+
+COUNT = 13
+EntropyInput = c8469b8546417eb464c0c13f00bbcad97785bb1d22ec99ff
+Nonce = 3da65a2bb742c45afdde0f36
+PersonalizationString = 97ea01253d9463c62c08678a0486d54fae42ceb91fba7aa8
+EntropyInputReseed = f5cc52e3e2d174d5b4af680875016649e690271892a091e8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e41e98fb0d1a0dec201742157ae5a8f9882d0152713e721e0c9135bcb67a90e5908d5dca0f1297d819b0cf45530e5a743c11d21b48a50b0699059e3db3687480fce39a367245e1bb0ed5082f3627b173383367df33fec0b6785106c5236f2d0be52017945eb7f34979c4d37f12217f41
+
+COUNT = 14
+EntropyInput = d6ebc843255614872843fd03b1412b655a8714ec861522f1
+Nonce = c51afd218800d916b784e407
+PersonalizationString = a302b992e2d633292eedc5ccace3728dfaaf92513b27cd6b
+EntropyInputReseed = d743ddadce4e500ee40349b9071cffc5a236116abb85adf0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 50187775c5a9133f6540d314f4cc84da928b5fcbc37413e11fa28a0c0ec9ea57de3881335c5b94e051a8d6b29a9bc2668b6b11907632a802e761492a68b4f11c32df82cbcdd46a6539caf9248bf85a99c76b1d0d6051f22ee9fb638b4e7eab7e789d75eaf85c8028601dff65c1803dfb
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d9d333943717fe6456bb862e6abb2da873d956bbd251e6f0
+Nonce = 8e337d3f1e8a7952ceec9cf7
+PersonalizationString = 0bb2f3c6f64b282d216b6d8a99297f6179af2ad8c8bfdb67
+EntropyInputReseed = bd9a821ee73219153679944a6b110716f87f5a64090fce1e
+AdditionalInputReseed = 7e2dff2759e9a020e95188fcdeda0b7f24cb789d39a7e447
+AdditionalInput = f84aa3e6e46ca8aa7ac473a73e339691ef058da942b1c128
+AdditionalInput = 3a94eace36c567f86401b8df0e76db8bde693742d1f699a8
+ReturnedBits = abdcce745ff6636fc9dadad32cdf004e1d72f298421709eac295780b98bf4bc7658c56e0865a1840a02eca53145aca320164346a64aba2afde7c86e86a28149ac0a8da114af9a342c4a26dfacd63bb0f3414260f6287db9eb8da3d7edb82791feda5cba7503665c955a62ebe21b26fe5
+
+COUNT = 1
+EntropyInput = fb75418a0d60f7893421994882e11cb41dc66be51ae2cd5c
+Nonce = 5e48c27e85c75e2de544d0f4
+PersonalizationString = f7973a5dee9c92bd8f0be30208919a27c3990ea3264b17f9
+EntropyInputReseed = baacc8acfe9e05bea0cae875089ef9990c3d69678e9a48df
+AdditionalInputReseed = bceb919c51f16a95c335bcbeb4ac1c911d29151906c41dd4
+AdditionalInput = b6428a345fe7b7feacad3c93f277799b1d42b16856eb7130
+AdditionalInput = b022eec8737b3128b5964ab109605748ddd9e1a29db37b23
+ReturnedBits = c5a9eec1a948ba7d02a1d8ac2d193e8762acfeab0cb963eb5e3539cf2f5750c469cbb9a295e54799ff4dec0af7faa8cd69b039e55d5538ad7da41d30328de0dafb5f939143babdf0457907afba35b0445519d126ab835e4eac40ae832eaa54267f9dd99d8680ab0c339c99f849f2fe25
+
+COUNT = 2
+EntropyInput = 0679aee2c7f181c9f772b9c021494097409303a3ee942a5c
+Nonce = 974960fb8d4e541a17314de5
+PersonalizationString = 339bb5b49ce83512dbe1169cdc59e0491942879f75855d66
+EntropyInputReseed = e40bbc8b4fff94792575e90086adae6569188854a5595178
+AdditionalInputReseed = 5afad9418ae3af35c35ad159a4325329e92b061d7f0efa5e
+AdditionalInput = abf70c5da2e0431fa5945f6bfb31b62ed272a087288fde1a
+AdditionalInput = 9c7b4c1bdfa1324c2c7458b8375ed26a398a965da2a58cbe
+ReturnedBits = 7dc96efac17cad090342090104f14f27dcfc5799f734c25b14e35ead5342272604b246c32c2d1ab837866ad89c845ff4ebd91b303806c0fcf96d0ecf7798f0300f09e320f0658bf5653e1160d71efc8724038e7afdc0d1879973d54a3f5bb5ed946f69af17071bfdd3cc5bf5722d6ec6
+
+COUNT = 3
+EntropyInput = 2f1f60fc8d137afca7759a44a386385cc76710d8eba3b94f
+Nonce = e7ec00f81b21d08f2f47da63
+PersonalizationString = 5167e0bb29302e7fe9bccff887a9a7ea93e3728c23a1bc0e
+EntropyInputReseed = 58e3ed01ad599e7a9146dd55941ce8283806779dd342134b
+AdditionalInputReseed = ad0e83e7b4e06122584051d196f99fefa95f7aa6f541bcb6
+AdditionalInput = a37b6ea146e33fda07741db8fb2f29c62280bb4c82dd4090
+AdditionalInput = e01256ad8e7153c354c00d536de9d36640a06b6be8e2f1d7
+ReturnedBits = 49b68499d221a052167649038f61b4ecce9d1cbb246dfee84c4d1b20a8ddcf4c8a9c3178cb17cfe43a1cefbebd79b7498fc242d59515fc0c50c08385f0a4efb570c47066965a0aa5552bce576a1ba009fffdff762676c7ee457d8fcaec5f46894b040367411b235ca38167fdf6cc0a03
+
+COUNT = 4
+EntropyInput = d860b38e61dbc4c9c035aa8abbb77e064f20610984f5a14c
+Nonce = 4e4fc976768111fb65308596
+PersonalizationString = 6945439f28d1cf904e0974375aa435832edd590b003ba70f
+EntropyInputReseed = 1e771a807de6eca469f69960f8fdfc8c37e0dfffd72d2d43
+AdditionalInputReseed = 22fdcd5daef6c86f5b1744c46bce561fbf57ddd5b117d02f
+AdditionalInput = f6e344c827dd08b2a2d9400d6180ccefaead2c52010d0114
+AdditionalInput = 9073f7113a46e6909b16a33574566f1c0ec2674d8a75e0b7
+ReturnedBits = 67259053f22c2d6649bb0366581489dd02eca1151e65ed6f7509aadb4c0e5c9faf019db798cbf963b4bd53bb87508e82d1257f9f569c9b12b01ade95ff9dab8c5b1bbb5932ae740ffd43027bed87ac8041655319c7fd1e3b3ba9549c49b59dc1a72137312ff3efd642d8535cf289dc0f
+
+COUNT = 5
+EntropyInput = d45d0383207d782feb219616a98c9e45255d378107ef837a
+Nonce = fe696a927be58c5f91f45c24
+PersonalizationString = b91068d9ac144f309a445f18ed40b082ab745fc3445c7421
+EntropyInputReseed = 4a62006aeb9723886f80e054eacc8a62fb6439f0189cebb9
+AdditionalInputReseed = 2cc53c602465ed4af0f5a48badb9dc44f403c2a109655fce
+AdditionalInput = 8bdc87f6b2f96d73cdaa3013fb3d8c5514ed4d6e1b53635a
+AdditionalInput = 9c5d4c19675757b934c859d4235d3dfbaea14f18eecb06f9
+ReturnedBits = d36c3fb8cfd2152ab9e6e41c6c778a8bc174639bcda8376c43b51b2a2e539e006de7e39f109ac875e478871a9e5b5fbcc366e0f00f3813b82c35c7c9652e97c3eefa1efe5b7bd85c65f5622d8ca91f50ec6a760467fd2a3fec39f1ee0804e4f900e0bc8e4090128763c67af0978a7ab1
+
+COUNT = 6
+EntropyInput = 5d8b4c555ff8c530e6e0f9ea2001f4ccd7f7116f0df693f3
+Nonce = 6fdb3d4833f07d1858adec74
+PersonalizationString = 46b38381ff4807b270cfa59d9fd02f84bcc795c8b3aec77f
+EntropyInputReseed = 02a1a27b8ad744169cde58735b56b30dbfbb722ad67cfcee
+AdditionalInputReseed = ef735a28c55a5dbcf8fb4dd673dd39da0a87d58ac40a78d9
+AdditionalInput = 3dfd5b9ddf0c4e71f4bf05e5659178f57d3625536397cda0
+AdditionalInput = 2da74060a74f64b2c5866d525ebf93c42b07335a3b7b31d7
+ReturnedBits = 5ef8a1ed44e845291240101dbde2448d1c1270876be105551dec2d602684a425dd38ae9d1136b188f1a5786d344b2f24f4b7f5f1961c585c1e2d266b29416d988754e68dab230ccca223113430fd12d8714ef75bcd793180adac7b7b706f1aa2756dde6463fb13d8648b99d548a33b93
+
+COUNT = 7
+EntropyInput = 82083d92c8a87e869a1a7e0b17a55316f464239e6033d998
+Nonce = 443b3d6d57a336b549ed88f9
+PersonalizationString = 3f9cca85521a420d316456fc38b5dfa6007aab31043d0e35
+EntropyInputReseed = e32643d866c537a1135d12536db73fc80af2be295d611ef5
+AdditionalInputReseed = 921acf0a5fa7e85e545ffccb026dc0f762a17ffb3fb6a977
+AdditionalInput = 9fe643a37d9028273b75bc2aa780e3dd4c8f6a0e9dfecd8f
+AdditionalInput = 2fe01a28d13f16bcac19cce4e4703b04639c7f6a6f0ffb3a
+ReturnedBits = 7e1cf6cc16252f3133a9fd7295d555100be5bc378a666978ba992bf4f8ccae7e89f2c7fbc13ffab4cdada0b46d367313a52d11dfbe23872b4804ea551c69743ccce27e3113aaf9dda6b99046edb697b3dcc3a733bf92754aae8fa76099e82eb472d0f5ac86f3dded71025ead6fff0c0e
+
+COUNT = 8
+EntropyInput = 45426fe3c9f747115c21b8d317e52d3bf3096e07ab60c35c
+Nonce = efb888aed4ce283cf0a92d51
+PersonalizationString = 63a9710a01baca0217b5d926b03061432dbcc8c7c9f77e00
+EntropyInputReseed = 3239d03846e6d0cb575bccbf5a564fae07a8eaa855e056c9
+AdditionalInputReseed = 261d7136a18629d1f63579bb5ceee6406d39f6113bc591bc
+AdditionalInput = 18b4efa7dd48c063a17db55b6ec160c9d5224910dd6d3883
+AdditionalInput = b1dfc2c97c44c6a6ec344c8f3487f5b8e4eb75d135618b69
+ReturnedBits = 7afddaa4edc02c95a60225676baae8d226ef0651cbd26e60eb2cf943948ee7faf7181c1e07e83a48e98918e9c323e4c0d3c4097699257ead7e64d26e0232f0282b5cc67b92b935ea1d5b40df9837c633590c45290cefdcf2b4df1d3af3cc94a7d8b15396070d78332acc5b3e037278d2
+
+COUNT = 9
+EntropyInput = 0fea4d8541c23a5174ad95620d91c87527669419593978f0
+Nonce = bc9e389501478d0357ed1f63
+PersonalizationString = 4f3f7ab05039f1e6b827ffc94f3ee2650846257a1719a03c
+EntropyInputReseed = a722627ad70407350263fbd5352c43fbd85797dda7d3e30a
+AdditionalInputReseed = b9f8593db79b55cad5032b2e61599341cfdc15e6dde39efa
+AdditionalInput = bda8d2e8cccbabc1021f827129664d6350bba4d46f8e7fd5
+AdditionalInput = 6a3b96e68955a33fd9ccae55f9e0f6910c4c22ab01d13674
+ReturnedBits = 912c7eabf104b0aee7cdbf9fa350355bf10d5f64a14f5678f07f563bf47d7fda4fe57a34964351dd42ad31d5a12c7c71135c600004766b5ea4d92756fe5d15b1e67e9ee49790043040f8dc61fc8d6b6e2d5f5b6e36c6c07011fbadf6c136d1a840bf012514f44a2ad4fac606e2fdd439
+
+COUNT = 10
+EntropyInput = 878c4af663e4400f5b29627d3191116e422af33b22af6f14
+Nonce = 9c6752c982e3953fd9dfaa35
+PersonalizationString = fe8dbe050c8865c29ac92845f6f28ddb77c6e40c336d8e6c
+EntropyInputReseed = 9f3ec933ecf6dc6f57959619531c2119ef0f776b1bc565e4
+AdditionalInputReseed = 1efc05522b91e6f28b35384143c3fb730954d645acd8e156
+AdditionalInput = 93502a9fa86d8eae25d6843e04fe8c82a0382fc2ac0cf8c7
+AdditionalInput = f9aacc8237b260a126f95b3c0b8ca62f0ae4d71f74521a56
+ReturnedBits = 85866f935318ef1573036656f62294453225868925c75c247548877cc38e9f6a1b4e66da422f4fdde3e158b08e8197b52594c89dcdebab79f27395cf0d942225546fd3fb96db50b03ae6c4bb1886f6f759b54f8af663357f17a63e524dcc2887609124c70a7a44b74893c9b06c8a4e34
+
+COUNT = 11
+EntropyInput = 7da2fc0977fd43ff9eb0321d25a03e4cfdfc80d48fa14773
+Nonce = 18ccb30b5ea5edca2870075d
+PersonalizationString = 7937f081519f39eba8766d16c5339b7cbb45c6273dfbdd76
+EntropyInputReseed = 285063f821d95db851eb84d5a3d24de811543d9646263cf1
+AdditionalInputReseed = c9239379b7dff6c1df78009b0ac30e80f4e10b5eb330b1f5
+AdditionalInput = db17d0c7f202857eca471584b5a57542abd1aebaf8b6b9f2
+AdditionalInput = a900149d9d5236906479ebd89a72c0b878db02550242f3b8
+ReturnedBits = 008a1f7143afe17713df02654a36b284a9828cb0eb207af47079c399840efb5c74dc903b0f2e1fbcb0ea93ff290327c60715567f9bae7d67429ca6cc67216c1fb7a0ca5818980827fc20bb1c4b666fc82a9c09b8f09c2a6140f28f5ba36b7bea6d9bcda20b6a359a29c16ecbc5c36d0c
+
+COUNT = 12
+EntropyInput = 9ecd1f90d4d5aea4182a75fff938d8a8cb86484f2c878d26
+Nonce = 471480fb59da6ea72ac4b603
+PersonalizationString = ce45e03b16a00072714200cca6efa748fca19c25c3b374a3
+EntropyInputReseed = 0f86a95e24ddd59c1615e9584c845d13f94f86b429c452e8
+AdditionalInputReseed = 5dd9f4315df76923a3ff7bdac6eb0c1f6d927dbae2284a6e
+AdditionalInput = 1e5ac5f0d10b829f5add21649a75a04fef80068cad75d83c
+AdditionalInput = d741a3ef6707c93bb8d65575cf60a313e3c7494fd126b995
+ReturnedBits = 6490662dc4779167d70108b458ad96ef8ec4f677215ee5349c90d3560c843dbce947a9004d45066af72066b211be874a28ad01edab4d8c7e807821dca3f9234da621fdfd7c8a180478b36b3fbd011589a116a3cc9fb8c53a13e3a4de3e19f5aa6c5e0180b099a0db7efe5659462f51e6
+
+COUNT = 13
+EntropyInput = bd6943ba78fcc032c7a9e7016fc498ed379f670686a60a1a
+Nonce = 84062f178c87df67f56cbc0c
+PersonalizationString = 548a3b8fb0f8e76f2edddbcf95e9b7b3aa7e9720279ec4e2
+EntropyInputReseed = d3c48858521f837cd6a157bda0a4e59aa4d4034cfb63ab4b
+AdditionalInputReseed = 3ab57b7c62d5472d745088e4da0439002788ba29ae2c891c
+AdditionalInput = 4e200e05b336e2d9dd72be2e41529ce92c1ee54d5e04190f
+AdditionalInput = 8452979fb7f2e3ebc1f8fadc1a55c980422e7bb2db7b24ea
+ReturnedBits = 3ecd062157a85a061e276a82df4aab55b5e37360d87484d6c276284d5de4c6a1d7e1676272110c8331882163d3f4feb6b4babcb85b4fe780ac0c52937997ab439f46f3d942750fa081c2d7fdc4a518b219218890318f14336045994ee8b4379b2aa0543624ca45f265a13990db7c4f4c
+
+COUNT = 14
+EntropyInput = 31fe2e570cb3b5367fe15263a11ba4a600cb04b476bc2633
+Nonce = 314cb5324246325ad47d2335
+PersonalizationString = ea6b64a87a5ce9473c189d2284d325a1a414d5d769bbaad0
+EntropyInputReseed = a3f6bd21dbdd31cc195f58856f51ad3ec3549916d098a53e
+AdditionalInputReseed = ee1cf9b456a6d32292c1c085b01bd9cd5b2a7f2badccfa4c
+AdditionalInput = ae9e04fdc01dc3d0d1e2ca2164e4fd31f298b3d37566cbe7
+AdditionalInput = 350292c86c266d0cb5fbd155fbdc36e5f5f41c98a60a296b
+ReturnedBits = c3ef9cd90afd3fc84397886267c1759820817a298556cae2d5af2533c2448440bde8fa76990ce57dc3d28a902e34f124d09c3a1e152ab6c369da511de9d2b820fe6788dc6c0a4eb8915ae91a99797d7709c53faa7d647a386f7660a9299e30de2f67270f299ca66c3f273e871145955b
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = b87082bb20ade9aa1963003004668af6eedd13954069ca8f
+Nonce = 5a0165f192a8e58d1feca1bb
+PersonalizationString = 
+EntropyInputReseed = eef774ac48fe034cfbb2c02a464ffaa22f85da6f7829c32a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5cc221a934259d5f4d792d7c07a9e55f192d5de139ae9d2117d01e8bd1b9993eb5a8cac21c28e283b855bf3fd285267a2dfba694dbb384a8cd5da9d9472eaee3082bfff471629e19d68c3afa4c9fde3c354c2eef3bb7bfc69b589a17912ee9856115f353361bd67496813f14420dbbe0
+
+COUNT = 1
+EntropyInput = 0b292159831e5792d5707e32cb37f3ab0f959217efe2b522
+Nonce = 18e1451ffb0882d2776efb3d
+PersonalizationString = 
+EntropyInputReseed = 955e1f9b48e5de5c2401f8c7cbe4a8eac2a231a3831d2152
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc7fca440d90087a277223485311684e0388f2db1bc34d462dfe206777124d16480a637b1e5def1e172b94c20357bd9e69427c66b75d316483846b51fa800d19556efe16c67e0c6332a30a0ddacbd0c97c378d6a4a06856ddd2094387c0ef6f57528d5dc14ac5dabea7c363e111488ce
+
+COUNT = 2
+EntropyInput = d8a7e1ca90a715cdfcf510293a7878da48f92c9fd4177144
+Nonce = c584df8be52dac27bd911e0c
+PersonalizationString = 
+EntropyInputReseed = 7af2d889dc46e25d73da30b45a776b7d308b56fe04e31a04
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 17ac85151bac67468b93a976e68caaf2942518099660e040d1f0fd34fb6e6237fff91dddbb5e241b4eace1ecc5c78aeff457fb3382612de0002e685a6e674adb847c1ede2b3da7f2e4fd4417cacedef80aa6c02f3fe856204dcd8872133d2d61eb0f2ed281f031f3fe02d175b4ddd9d9
+
+COUNT = 3
+EntropyInput = a541bbaef9bf212140841204a1edeb60a295da94f1e79ee6
+Nonce = 8affef2e80a6c644b03a65d9
+PersonalizationString = 
+EntropyInputReseed = f40448408656e9a1813019f9c34778464dac77f566cc85f6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9d76de1148d5565a8ce4d88c69aecb9b7ec01b1ee0173551fc89f452468e4300739799a2c5297b6c165a4ad6e3249a00cbd09fb347f01258f3cf1a87694ed4cdec41dfb21486fb89f5e59dc87e88683c14503b66b04d1a4b94886943b1fdf898e6e6e23aabb96ea1b4b9d8687845d02c
+
+COUNT = 4
+EntropyInput = 8c74be22f9744aa85f1c4dfdd800f4fc739fb217970c2304
+Nonce = 129952478b991763bb7d499c
+PersonalizationString = 
+EntropyInputReseed = eec28a03379a8e5d27b2e802602cef82dd04d4100a4c53c9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 918bcfa1a74cac31019b365f42b02e3ff221f3d9c9042e9779c6211bc24d746a54c746feed1b8c09dd2853ba52689799bd5f9ff38b7764c6049ec7cd5fb9083868e33a9b3bf47e3ae412aa8f95b29ea5190db4d4583aada7ccbefcca03befaf1efff4b5cb71a2c5abeefd42e12e3b390
+
+COUNT = 5
+EntropyInput = cbfac657865b9f488cc5ce87824f2d4fe0fe6512483e6b7e
+Nonce = b03c27ba96d08d92455b1fa3
+PersonalizationString = 
+EntropyInputReseed = f1182c118e12a35a38aef6b4f7cce3b13d92cdf2cedb31e3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6bd43a18c177f51a28438c13080f4a850b5bf3176b1991eb0a9d29f62b58a0fd78a415d8850b92d30e4e0a61728c7d159047ec08aacab5dbf501054afb14cf403acf8c2ee3e2e488c74f64bb5a6dda21f8e74871401f22b08a2b771344c77d89691c870731bf4c0e887578ef02aec82f
+
+COUNT = 6
+EntropyInput = 07908172b571d330c8ec9518ee249d398434a087776a7fa1
+Nonce = 6a3ebb9be8d70c0ccec3d3e6
+PersonalizationString = 
+EntropyInputReseed = 3f4c470e9bb706c760d5d40c02256623207fd4c89546da6a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 89defe8a13e12422182a2e482981515c3914e6c204db068edf9b352eb509594f558234f89e43692c85e007be7e7e779b646b06890f7e64d619281544a13aedb8e7e1500d6efc43e965deb3ebd1fbfb9e970a8905a2702be0a1d31422533292b6a0b75b5bb8f9ddd3a155db9413430ebe
+
+COUNT = 7
+EntropyInput = 238fe08af957faa7a5d4d0b550f1a2399189621fa12f6155
+Nonce = 201c8191cdfbb92bf5c6e0aa
+PersonalizationString = 
+EntropyInputReseed = 2520f7da15dac6276213717939892a63ff199340a77d5809
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b44d850f1ddc7719a680748354b9d62fddd203b9ff1a403c018e8d50ec561849ea7f4a2788e6c957f70fcc69ff070dd2a9a87194994e5e16ea728ca5bc656eb74a952a4b55ce89a2a761c6baa03384c3d84d87be11ec5b0c7c53272272b73e84d1efe1b3c57a168c8ed8417348f080a1
+
+COUNT = 8
+EntropyInput = d3ef130e63830ca3532a2ff1cd24f479f7dadddfa47a9ed2
+Nonce = 74cdc95d610ac76707c48a90
+PersonalizationString = 
+EntropyInputReseed = 204a23355e3292b4c9aa9c7b8b51a82a0d74c580e531c22c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = db859b39308c9ae2c3bcbe76847ffb94c7499fc31d3992bbe827aec5cfae1e2be53c16c35e5e88966528f1598e719b3dd2ec19154504a163fd31024b826f6a1f20532cf1428e560226767d818e6a88961e698db53c95933d4bc008ac29eecc49d8fdb62dbb11771ac8be16ca7bdd6fe1
+
+COUNT = 9
+EntropyInput = 03969d029d0146a888a0e1ce7933fb54d7e6abb4ee1f9bd5
+Nonce = 8da0ffbc3e9cf6a208356b02
+PersonalizationString = 
+EntropyInputReseed = 7d7e8f0e1b6a2052e749f5b5636a9442b4dd6846429c6d29
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f7fb77bd89de819dbf4dc3fb3a2357afb5b36749bc660ddd16e8d6e036ba1a8fbb2b85a97e1ac25abb2e11db25603cee1fc5d62887498545936941aa5fe33c3a24841dbad4ec7e8b50a8d6242e0667ca683b438333077576a8d2ff17e8a7aa7234b20157540c8adec5cad30b0b25568d
+
+COUNT = 10
+EntropyInput = fafbbf3fe2e5ac54b7e7dba0950268259591edb6dbbcdf59
+Nonce = 739f54433c33a1875410bd0f
+PersonalizationString = 
+EntropyInputReseed = 82bc3cdc45e11ac82156690096d9ae6666108ef65601124f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2e112a36c8f46954ec450088312a8f5de0be2a8ebeab0074d8dc83e203e3c8925a393730a7b2f5816a44d6d6a43d9948d9f5217602a7fe79ea135f06c579a5d6379a11f0babcd1dcceb58737d18189a79ea85a1d72b96fa05d9a1b9a5f7b6a63546865a4ed34c8702aa5762740717864
+
+COUNT = 11
+EntropyInput = 976da7b1f26c42815ec7c8ca8e1b1af34bc7e4c79441a020
+Nonce = a001314874d5245509729adc
+PersonalizationString = 
+EntropyInputReseed = f72a0abd140d53af0730efe9441638519310e6eef7db3042
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = be9526bf8a2399b84ae61494b8842c45ac71894dee71ad09360e55460e1d432493624e75632dc678380177d80283aa1e159a45015c1e867f32e22e3b49edb6b0ec23603d021fc3e7335fd4fcf4c5442be7cf4fe63147dc550f1c7f4e45649c3777dedbca3f3f0e83fe95b294c37797b3
+
+COUNT = 12
+EntropyInput = dbc38eb839cefba868318dcbaf2970378a994f6748da4257
+Nonce = a840e839a48c6d821392168f
+PersonalizationString = 
+EntropyInputReseed = 1578bfd94ad010e4ef57934e1ebbaf241e03c6fd0d3b1712
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4b8bdc9f96bf9653157446c844518b0887c59921bbf803d7077850ef752f36e1ba85b6da0f5172fb31003db5bee3f0935dc6e6d5a640a639b94eb6f74c84c194d56807a0ada7f18368bfd0c9d7a9333146b832276cbb489560be6a07ef9796d1700c3e86918fa23b3e7a5c0437f7caf3
+
+COUNT = 13
+EntropyInput = 02c12deef00281efcf7ced56651b86701a345234a0725023
+Nonce = d8affde155725f493621bd51
+PersonalizationString = 
+EntropyInputReseed = 1751fb9451551e155279465234e07614eeee45c2beaf9ca2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 686a9e39098a7e530cbb3f6a51be75c8240264ab0bc7abb72ea8cd807e487fc39703ef6bd77d005b0481cdfac3cd0a852068116b632dec22427501356c643e0048ab7c0122b6d6221d95ff4bf6578a4e0666d295cbe33351a2b237eaf4761e7918ed4538056b6d58400be56799c3445b
+
+COUNT = 14
+EntropyInput = 83b38ddf03d7e2f7eb6bdaeda857682d15329213014fca77
+Nonce = 49b3291d93607d5d995eb572
+PersonalizationString = 
+EntropyInputReseed = 6b1a31e6c709a782f3bac467f16b55756eef36f09c8905bc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ebae58a12ee1723c51d0c850c1ad177f4583c1584203cce91afcb63d6ca2f9d95b933fad574df0fe5bd255724718481b3565001e7ebf3f752f72e4a0cfcdae35cb4a7d0b3e82213ff74c160c56a539970165441f4f47151cc608297715384ebb9f7ed1ba0b2fe7bf60e2be3de761b433
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = eb9a891426241d5a86c7dcf932b6557c7f86144d8cf2ba4f
+Nonce = 14d156e3053f949c1fdcc5ea
+PersonalizationString = 
+EntropyInputReseed = 6714875cdcd975788e520f7d5c081b91d3d5561aca0e982b
+AdditionalInputReseed = 5abb328f83310452c3e7d0d90af1af5513ba397a6f2f8933
+AdditionalInput = 22294ad638b7c35c5effdea670b3ff8ac304eab7f5a92f49
+AdditionalInput = 53602ff330e2fcced5b42d7adf1c241667d10ab7035db569
+ReturnedBits = fe6b5a3b09f3ffd043d9c961d7c905e942add00c6f22a51278e9cefd9eb5ea5979869a5a877782c8dd7a3325c8afc20bd524f39d6e90684cf0e0d99bdcaf09fc2de83d867786aafea90d61b6497494b208b5a7ba3e4377f7453333cc03f6941595b68f51b8f6170762a86777d06eae95
+
+COUNT = 1
+EntropyInput = 5571ed42a924fa07272a3fc0dd8b6089b5f7ec7139e536d3
+Nonce = f5523d4d01d80ef30e2851e4
+PersonalizationString = 
+EntropyInputReseed = 0b11afa6e1355c62bad0341ee10eebf89305e9dbe9bd6939
+AdditionalInputReseed = 73439bbb08d80b16ebf3473c2485e6211b2d3068fee54786
+AdditionalInput = 431bc835c430fb2cafe29b03a20c9bc6f101ce64e5397d3e
+AdditionalInput = 8fdad9f89e02cb453206ddad4eb005bc011b6ee714277b69
+ReturnedBits = 292cab6f6dba00c433eeec1a06381da6feaa10c83384255b3e65599221da1d797210a0d6a3cea1870586b4bae7b29dbb57b575d666c1ec2eb42bfccc10300d189a9139c0f2151f1561a092e87bc4e98fc0d2acbc16513e3d90cf733f24291e1a53f77906aa62299ab7c9e5560f646ec5
+
+COUNT = 2
+EntropyInput = 1028facfe895046cc77b00cabf2ffa9c3fe24131db5449f3
+Nonce = 9b3e6d8576a19126bb3fba0c
+PersonalizationString = 
+EntropyInputReseed = 7dc0e1df93575813387fda56257fd5f47b51f2b37292aa5e
+AdditionalInputReseed = f2150102d8b47a97a4e9af8b4bf5d38e957c3159a07e051e
+AdditionalInput = a2ee04b4fe1be931ef82f07070788b82f9afebdff65d66bd
+AdditionalInput = 9ff5cbb00d307869d959f7ac74bbfe82439953dd15a23527
+ReturnedBits = c568dd589a58de8b080cc5f8245cad2fcadca76a5ff286b679172700e77f74a0f260b17ade2cbd79b1212ea2a7f2c8a67e188db3823be23df6798a561eb3c8164cf139f02eca7c94f127cad26a930378ac67b82595b53885e96bd1d6e3badfda8af88cef2c6195461e15b7c6b9f8abdd
+
+COUNT = 3
+EntropyInput = 0a1f6f29e0e0fe9541298cd934ac9eeee125e143be49a587
+Nonce = d790a6b0dbbf2e6d2e62ef6f
+PersonalizationString = 
+EntropyInputReseed = bf4e18bdacd72b70bce81fef9b02e5e9fc5948e593c8c450
+AdditionalInputReseed = 2d4a12c1a36015082b4ab3c72687ba4f3534ceb610ad5ef6
+AdditionalInput = ddb9d93a8d28234992cf18b701b14992d9e82fb234378d96
+AdditionalInput = e752666b8a4a7519aefddb895755217c06735b167949c2e0
+ReturnedBits = 3f863ec90782bfeb1fcab93618af3c3be4892cfe9bc8b4bb9ff8474ef4ae7a213229797dc440c0b6562d095fb5550b7095adc4673630dcb50421fa9635eb6ba06c845c3ce5753b343a6aaef5dbcc73a3b823a9c864a13beb431ea2e3c71445a978a4fed6fb7768f891c79c02d72185cc
+
+COUNT = 4
+EntropyInput = 80996e0ef7ad95c46a107872b8ec1145baf5a03a9a66d952
+Nonce = c60ecf948d5684e0f425d4f2
+PersonalizationString = 
+EntropyInputReseed = e23fe488d61129a53137f3b23c0dcfd9ef02830439e0616f
+AdditionalInputReseed = b98f927515769b21bc16b3892bc7131c14e75550e7a5a3da
+AdditionalInput = 5b508a1d42231088fee137415beea39b4126d3859f175abc
+AdditionalInput = ece79b1c7c5b7c6e9a25fcf9a000595b57674667bfb3b204
+ReturnedBits = e5467d9306763f439571ed32f970191adc17a531ffc7c6604382f7cdd0c63ae9a3d0c9f129e53f683377f0f52deb717ec1bc8897ca22f2e63a192bdeebb7d912cd2a5f67c632fde75884df0c1144589f5dce0ecc77393233c517c405b4263beaf577b71aa1c497e84988fbf36dc4e3ba
+
+COUNT = 5
+EntropyInput = 10d018dbc1094c9af6f9ee864bca900db0202fd7a76188a6
+Nonce = e1f8c5229da819edded6d5d7
+PersonalizationString = 
+EntropyInputReseed = 66fe0a09afedce07ca560abeaafcf472c60c2af6d5e147dd
+AdditionalInputReseed = ee7ea52eb6bd33a6086b2533209157b614605b58122772d6
+AdditionalInput = f200d99885e92e85e93fb0f6ef369374dd109f9c92e61a05
+AdditionalInput = 2ceba42d44b77e0db6325ee7168e3b6b45babe8827d50631
+ReturnedBits = 1829e5f46f108bbbd7350c0a93c6035d9d86032d76e32d2e56ba7868e332cd537be9c0de33043f6625c24aa070611c74bb0be325e1ff566978cfda89f5a5857fa40b96cc46888e5694301852505162f781da09740c08b8d5d50a01597ff8b6737b067a2d269a1a2b0efa1e3ca4c05a67
+
+COUNT = 6
+EntropyInput = 155cdeacbe0218f4d6b82371ccb20a0cfd6d49557bb1937c
+Nonce = 691d8402b16e9b12ddbb5634
+PersonalizationString = 
+EntropyInputReseed = 2f71df597dffd043d2793cab07ef877c4587b9cff0173692
+AdditionalInputReseed = ee9a936cc67c162ad7ed2f781a7d9c7ef6d7c63ab163d567
+AdditionalInput = 2cdce7b7c943d40f9cb27e76c2a9e3e68cb73818f29b6889
+AdditionalInput = 359151559d8e1315017aa72c0eb4e528ecab9fc40e34ce31
+ReturnedBits = ede50c9b420077ac604051f21fc63282bee64de5263da16f048df98121f822dc4079765c317d9a45b465aae42fd7c23bcac0990049eda4f5afee0385a3f78acb96ca74133689ac9f949d05199815f497dc0bef6f3eadd24ca572bcbe7d08db9655e41ab5cd963f419b590e741f63048d
+
+COUNT = 7
+EntropyInput = 89bb4d3a7973f495e25424c92c7753a6fdd6502be1e77dfe
+Nonce = b24bd9775c47f2a045876758
+PersonalizationString = 
+EntropyInputReseed = e9ff5df08707a764b4da25d52d42550171f4d5bf9e0a02b0
+AdditionalInputReseed = dded519547bce80f963e4281e0dedcfc20591eed1946be89
+AdditionalInput = 5d8e9ed604bca5dbdee89de54144eb49157b5ee2a3a46ef9
+AdditionalInput = 259de34687678969795fb7f20fd448c828ad50177adc3355
+ReturnedBits = 023710c89bfa5fb70d6372fe7ddfb3d50c9199773ac1f7a2faeac134c5b6d22b3d86201820c910f5c1947ebc4388ba3b7c560bf599b193a90be13a7bbc7a302fea6e6dba516b7fe7512eee1bc246340882a3b26f3333d2b8a0a7437007f4aee4791f863b4a9f66caf0065001a1e39a03
+
+COUNT = 8
+EntropyInput = 90693701e20d455a7079ef8fd33a7c7b6edea174d737c1bc
+Nonce = 96aec4e48381a9f943dec370
+PersonalizationString = 
+EntropyInputReseed = dbb754bdc170002fcceef9cce1506b7946e6f6d45287b8c3
+AdditionalInputReseed = 797ee86e68966e5d72878171a81fc67d4a778831f9dbbb4c
+AdditionalInput = 4a56fc282ba5f239b23c942e46b577f0659c0e77cfa763ce
+AdditionalInput = f4b9234778ff47fbc28b47266dc0392d5637eb4cdad2a116
+ReturnedBits = e33b556f97d8a87b6f00eafea411ca8335469659e97e22a5438c5aa33e8194dc407fa59b04f02d6b156470b5e7fa5ddd39d1d3d4e80824031420f0816de0d46c9d707b9f3e25ce917a4bb051782872134de9c4b7e866706b7c1a36aa2315b4dcbb7f6fd0bebe0ca4d71cff8219449083
+
+COUNT = 9
+EntropyInput = 465e86f76d7568e2d4b9d4b716554c67b26df868be7e9f95
+Nonce = 2f79d508c430986b01b1a08f
+PersonalizationString = 
+EntropyInputReseed = 662bb0d8f1040fdde39ff7cdf817da9658425c2b1920f556
+AdditionalInputReseed = 1f13aa4d219b6a767e7ed0242e66368221203ed20bcee6e1
+AdditionalInput = cfa8cbed9487c1ae8b813a8e8c99086773bac8704dc77b71
+AdditionalInput = e18c9cb0d87006af1453e0baeb22e37210cb9743a209b326
+ReturnedBits = 0b44c3feca5f48d515a43bf2d05dce8e155ed5b99c082744e7c529c98d09991f07200bec149affe6c989cc38f268abbf4722bb3a41b25bc4aa1be8afbac4dda3d9696ddfcc539a03d1042002743722efcc07a7899922da61cc621ae91940c49b58bf436ffb7ebcd92d0d681ea10aa41b
+
+COUNT = 10
+EntropyInput = 246dcaf0c46e05f7578c14cf46882412887399e6002e83ec
+Nonce = e73577d09cbb867b68b2de90
+PersonalizationString = 
+EntropyInputReseed = 8b2001872e9b14e2d1c2f8cbcbe106365d719e575b8fa6ff
+AdditionalInputReseed = 0659e58e7a62fbddb5cfeddd2d11071c4845b73c110426dc
+AdditionalInput = b64b1053681055055c6b01055d4290b105c9d368cb546eb0
+AdditionalInput = cb18271a562d3ff7c26182cbe3d7a2440fcd0db58e4514e8
+ReturnedBits = 0ab1c7cada2c8c3bc335843000084d3b24a6eb4cc5dfa930f25b89e163e9c68fab1c0f0e78d235e940174bc0bda3362f5d55fd1709f19928602cf3fcc1eeb8485200aebd0a91ebb889d78fc94fd1bca4bec405f8e226a05517f83e7023774faaf8057c216a8f37c7a4bf91faa1478cf4
+
+COUNT = 11
+EntropyInput = 553d744c4329a04c6e1f8833d1074146cfcb212cc08fb1ef
+Nonce = e8f5c5514039ba4d25cda95d
+PersonalizationString = 
+EntropyInputReseed = 36bec82b2944bce668441802015e1fe14a2bf91356cac52e
+AdditionalInputReseed = b5eb000f1dfab7d002d31b4638ee86e1fe0c5c8d96e16473
+AdditionalInput = 1ad6ffcdbe5b496c1dfc93c931427ce20c47615c243c0252
+AdditionalInput = 65946a1a8d37ee67e14522d866e511948a44cced77ed934e
+ReturnedBits = c1ca38b337f14aaceec18a7bbf21daf3efb4242b57b6ea6dd16f995c22a3a831b57d438968b1de612fcd1aabb90cfa26345068d90a186d5b6083d8771ff0e199daf715f409159a5794f2c1e6a05ee9c31b24491e60c21457759599cac4e56feebf40cb090fa9f4ccd59260256a492c1f
+
+COUNT = 12
+EntropyInput = 897efb68080f2ce465ae08e19f4b3947d761b8b77a5a291f
+Nonce = 8c7d40e98310a16f394dbdf2
+PersonalizationString = 
+EntropyInputReseed = 66fc2876f8c3558ec8b98d266f272f5440d2866222d1a6ed
+AdditionalInputReseed = 277597e6a468d0422dfb712cf7d0d8b095b033a62130d41c
+AdditionalInput = 0fd0d3454288c3b520b932cbd692595c29c119a9d1895375
+AdditionalInput = c5427b9eba81b269e4507a9918b66d1bf9f4108447c49a5f
+ReturnedBits = 6fc92c5790ecd366131ddf27a152a33371061da6c8e430fa17d94b9a332d69df8369aca30a4f98306c86baae69629bbc2e48ac2a69b91f1114be08ade586a6e60052eb751a405862de5c6435b4717f69dbdea37638c07524923ddcaf42d1968e8ecb5cb50523469b7635d0b98f6ef3f8
+
+COUNT = 13
+EntropyInput = c9f2e09ee494acf8d426c5abc979b1ae01827270ebb76ecb
+Nonce = fd264f5a699b9631e513416c
+PersonalizationString = 
+EntropyInputReseed = 3ec7d820cc91178a4720df599fc5c14c85d2bb156c5fae1d
+AdditionalInputReseed = 47674f6508e5e66ada6ab404e77476d026e2b4948a7b4076
+AdditionalInput = 351899c573c494f97f060abdabb840f7afce818b2461dc12
+AdditionalInput = aa8c50cb41b3fd625367e6c31b91e422ce56e87ee8b51b2d
+ReturnedBits = cbcd9b83504d459d28536f630cdc8c13de029539d372868df48e8999e28b4e3d918f4d2073d40414b577c7517dc05d519e39837531afe8b509bcc7ea05af8cd95b6bec4a86e74ede455045f196708aa3a0ca885838d14587ab3a53a759f6d584a3b1cc77bc75c6b308d8d739475ccedc
+
+COUNT = 14
+EntropyInput = d86598676e66b75d0058fbf6ca79d68b1446532beae7df8b
+Nonce = b0c2dc48c592738255b24869
+PersonalizationString = 
+EntropyInputReseed = ec63fed0de3f9b9319797f9748fe987294032f90d55cc513
+AdditionalInputReseed = 7853c789f2eb81eff58940a6ad3d0d05c146a85453dd2cc4
+AdditionalInput = cca77ca08f756dfa91d7b0d83b2d1155031a58dec52c7a7c
+AdditionalInput = 32b130f5b098746b05e65f4f93dcf518ffb044f3d56ee091
+ReturnedBits = 9a9ad7e3fbb2a12051e06f9373543a2259ca55ac75c37830f4277eb157b203ed8f7874bfdc0916a0b55aa3e4cd37db521c8e7fadcb105612bc62ecddf3dbaac21685cb31cdd2b72395769c668660a7d72e603e6e436dccfaaa2fbacd89466131baf29a45d86e2730c1185c9f1dc9464a
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 9a343285be5e248a07342395636b84cfebc8aa15ef4400b9
+Nonce = 7e367fc9954622581bf0d616
+PersonalizationString = 1f079d03cc6ef78d80d76093385be4a03635d4dd5a9642b5
+EntropyInputReseed = 73b459167dc63b9794f7bd4becde4e8bc6d85ee5c32721fc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 22218fed5dda0ed24241791d46d795d28de0b326f540e511def83019ce215ddf651bb9a475a34da5ea8de8658f0927dfbe1c12d6d76afa80c4b3579c1ac7c0879058447a8d5d413b79af7ece8622c7193364e66a0c4a4460f63b5c4df16847043e90f0feab732553ebddddbe40b3ccd4
+
+COUNT = 1
+EntropyInput = 0020657cea8f3a15fc370a06edd994c43ca3fdcaa81de7d8
+Nonce = 780fbf7deb157c468beab213
+PersonalizationString = 7902c5ccc94ead533c973e232803a0d1c2f2c4d6e52b0da2
+EntropyInputReseed = 74855868baa03c1b0ebc3fed8f1dd6405ab93e3781370de9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 10c66f8d64b13e71ccfc72855688e467e046eea11e9686bbea0e84b69885ff45acffb0941d097ddee466fafee98c214da885c3e472abdefd6cede9395c53445831836adaa224a893e86afbcf8f2bdbf138d5a53e90e0bf3934d9b0798d2f53aea67051d971c198155ed9486c75d9e6b7
+
+COUNT = 2
+EntropyInput = c58e2867f5932493b5ddcc8a986ce6775cd42aad678af932
+Nonce = 063ff398a15e8a1438acdfca
+PersonalizationString = 08aafa8cbf0b4aa982e14da67f4c0f45d67c9777ba46bae3
+EntropyInputReseed = 15300486a484a206d9a5e7e3af096b738280e627c521a876
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 789a868c2fe4e9f900a3d7e6066c54cff138c039161ebcfb1a8db33c60927aa31522759ca1a986744efe2bed05dffc06fd1a666b9cd1b53b5f97f02e2f5a6d294c79a68fb846ab3fc991c1c28d3841186308a7d423c9319feadc0b8d9168978fc6b60e26221248677ab5a7edb90073a1
+
+COUNT = 3
+EntropyInput = 05224b0075a49e5a4c0e1f262d53d1fc3e4f6d0f764823f8
+Nonce = 5d8156701e97b9ff6358a762
+PersonalizationString = 1d1b5e09cb438652212d7dd89075b55a3f8cc7fc36e2ad68
+EntropyInputReseed = dca4f30651b71ff44100a5a4bf52c7c174066eb667780928
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 660f3393264e8fef7c8deb7ff9d8a3f2dc474ea79689baebd4dd8eaf50623dbcc6897c40c9e98d184002587b4ef4532dc1f7bb02a74d4a5e76c393617f1a7b8ff60e9749be2228c88befd14784258302d4011d36609e2c169efb3cd67e104a2855d8bb4d41af69df516288fd5e525676
+
+COUNT = 4
+EntropyInput = a05748a02a42186cd8ba00340d4147bbd2d6a10ae03202f3
+Nonce = b6b601b532d93ca89c0ab062
+PersonalizationString = 59a25b2b8d0b0f0a57df614e588daa5d06ae7d78199b0cdc
+EntropyInputReseed = 2a1da97272b7213d44e436e799a09797b199627e1c23427a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a6733ea39471122c6b7055930ef808462c671b75c2ae4aedf60842d06eeaeb9ccae30904406662e0aad0c3c64eb2a5dcc832147faeb649bfd7aa9fada1eea720a67576adce7c30ee4937c95260bcbbd93138b37bb7cfc1df151d9c6421d7ea908ce75f06bfb8d52b2a52f2bb7a323cf5
+
+COUNT = 5
+EntropyInput = b56645bbf976da3e20b212bc3a8ab7ae6ae307b7a5d21897
+Nonce = b82fa35d93d1990b446de8cd
+PersonalizationString = a64819086a878194570a4d99c10ad63f03ba80075e2bcbc1
+EntropyInputReseed = 2a4ff36a22b347573edbcbbf3789347c8eefb96a6e359efc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2515b11ac80783a76d09c9c17248d159f4ce79d6eeb20f6929d85f0c4e9adad157a8970cb224538f22d04ade508a64a28b0d34686171adf3a8dbe6d23e6d484f8299e90d9f97bf905efad537d52f90c40dc83220f89c781ec5c7bfd1641d9d37badf56104073f91621cc331fccf30b12
+
+COUNT = 6
+EntropyInput = 7fdbd8b6c2f84824f891080df8a870bcf120b6e0d25fe0e3
+Nonce = 7b158a65abaf0a2fc9853485
+PersonalizationString = 475d43b509340aaf00709a154ee39c265d46b45c95c60401
+EntropyInputReseed = 009782c2f729e86a945ad3e6f922be416c9bed0f5de17583
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d8730a2140d65653982b042af3b27b8265fc72aaa90df8550de72645bffbe24266ec550f9c97fa5be93493ad7b0f2c760b34b1f81db22d89d711c8e319193e45b725ce76e6aa93a6ccc044ce3031fb6ae29f587119502a6327e9dad15923c4c213464c2cdd1c670c021640e361e8fcf6
+
+COUNT = 7
+EntropyInput = 7c286fd3a98b53b0a14246547063e49110c831e34edad581
+Nonce = d96f6148d8ad43bddb17a96d
+PersonalizationString = 4547b7fbeacc896cba5a577a9bef55423c15f29f94c33a35
+EntropyInputReseed = 810598fcaf7b5b3bc093ffe02844b945ac48c1e17cf439ab
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = de13b9ebdef9717e4fa8b3d7fe09f25f8cc8369500f3f6ddf772886a841802953ad8cb71c2e90583c07ef3006dbf00c62b61648865dcfea70b931a0f5097e35a3c7639d826a5d426485496e20831fac4622844968161bdde8256c77ee8b175d243b24b853cf8cc9b6da59c9732970f7c
+
+COUNT = 8
+EntropyInput = a44bb10e0455c5cddef4ff7b4dfe1e945ec395f1fc47a93f
+Nonce = 0fd9989e6557d59c4e88ba31
+PersonalizationString = a7f334e751aa6cdfdbc983556b236fa57be411d2c15f9fbf
+EntropyInputReseed = 10014b90867146a1b4634f5421981b2cc6f8caac5fff8c1e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ef0e7ebfd41bac0760a808e7b64cff734fb4385f713b5f62cca129494c251609edc7d83ca3343ea297c677d86d248fb4e572a1bfbacfe6e346724a782287920545e12780868619023a4fd43f22cfa45d072bc261009b48a9df0b2e1a38dc4ad83f686df120ea0f4c411e5c569d59e7a5
+
+COUNT = 9
+EntropyInput = 84113c30ae7c2dcaccc0fe1df9ae23fc29bf34d1923e3db3
+Nonce = 2c857fca5f83e7e4806e4c7e
+PersonalizationString = 6470b744dbf7ca4def84039e779302a18f75df4cd01b25c4
+EntropyInputReseed = 7bba9cc9bd5c5c107642a8adbae61f0c74910a970df776b7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bc868eac6d2608bb445d01f6af1c4089ca216bbad2ff111d4a56c4a9954e1e8b9cf76352fd88a40f0333d2cf8266b2ab037c82f9a7ca2319b919955e15753ba49c6dd19fc4693207d1d87d6c4074498b7be10acf0c7fac9b0099a268c4aeabcc504c8c5d75d9163f1e29ec5662c39936
+
+COUNT = 10
+EntropyInput = c18af724c195d19ecde415923ec543e2d3f71891497f351f
+Nonce = 50a53e94befb9e3db6573131
+PersonalizationString = 1939af899c62189632511bd0ba90e53b427c4ce327974552
+EntropyInputReseed = 673314f6d484605c65d1b0753307605929dde71392e324b7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3d877b3405aa1a747b5be92de62f4e217a77ed4686ff3c8b0a77abd28cc776c3ed2747d8b3be88c8080cabbc731e47e85956dc6db5ab0cb2d2c593bc6e0ec852d9373323538162e06b450db3cbdf6f77e682a68bc2569b834ad136b4cdeebad59fdd3c9421410e810e129a8654764613
+
+COUNT = 11
+EntropyInput = 6b7bb877c3ef50ba1628288b0038edfbb043714d0ae06f1e
+Nonce = ea0f034cb8304230fc37ca8a
+PersonalizationString = b943666492b6e426e06c3fa7e9a2fbb5ed950ec80be2a4b9
+EntropyInputReseed = 7d993cf6c2417daa3ebcc887e3eb13ab64aeffd2480fa55d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 715ba17993dfe472325aa9e902e93637aa72e8db4e96cad8143a7a97a7e66e1721e69453399c2528e98800782a34738a7bd9dece452af7634c9f502e2392dc50b9c70270f51c3273650a21394ff262ec72ab19621f1a573fe60fb1fe852d2cc0c34ef73b2cbcd9f16b53a61ecf78496d
+
+COUNT = 12
+EntropyInput = 70b39c77245b0da3005badf0dd6d59a4f86e6faca253ab97
+Nonce = 9ff849d524bb9156ce79f950
+PersonalizationString = f352b715805f8949596184dbe6b18f33a88eaca256752c91
+EntropyInputReseed = 09e806ade68d2a30de12685431497de36e4921dc710e0c48
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d6d13ce8b116faf00f64d7b07e8e5f64e38bd647c6eb8dd070da150a034ca64a3f63477e1a6f5d6d6da11a05b29ebef667d8cfe6a6f7944b7327ac1278d4c930678b5ef0d4b75be904240403a58ae5797490068daf0c399d96ae280bc31b21e33429ad847be7a5c500985300116bc611
+
+COUNT = 13
+EntropyInput = 2df3b80213db6525e2b74d6279fd9e9e518370b697c213cb
+Nonce = d65540e532affb1fa8219d4a
+PersonalizationString = 3b1d7c80c907ca4b1bd469b31a01f4e98429597c20ce3435
+EntropyInputReseed = 83c903ad3be2a3edeb571bc1c7f40d9f711b52365003fdf1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5fa28a593cad68459ca1f628a37097d088928a980fd01cc4e404247c8ae157d2448f91133d08fdd5234b77e5b7bb9e4773714187132723de0bff816701c9aaba9a43b824a096deade1f9de007f71a5fa8cc4d75f1804b485bdded3afaaa3045245d0ddabf8130981061d6cebb4149a0f
+
+COUNT = 14
+EntropyInput = 48526befe3ceaaad80ef9b32508dd22ed3ad69be23a989a7
+Nonce = 2ff8b83c299bd69fde890a75
+PersonalizationString = b6fde7130a3089c09dfd21f48a981d5077ed48822bb1ef81
+EntropyInputReseed = b2a7412047190e416333347b77babb0fdfb9abbb92932113
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 74dd08172f3e99b59c4f54fc7a531646e72f13daa25547d4efce1ae97270cf5538fefa2ae2620a554a0b605f9ba2c2acf3a8531a91cf73a53b333c8226967fddfb956f9a43a6cc9ef31e8c9bc57f3c89b82fe5f922096def7fb7c42ea7985442ac61c14e0504f53d357568a64e9ef385
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 6e42e3d19c0521a079f0a432852e418ecab88645a74c8d30
+Nonce = ac32ed505751b0b25afd6780
+PersonalizationString = 62d28a14d266c887375466ee5e9fe40eca3bad0c68405f58
+EntropyInputReseed = 6725b17d61db79908948db4369623ff2040e59c2ee2eec83
+AdditionalInputReseed = 02e5d9af19bd1aea54d09a379c83ab6dc7a9236222701359
+AdditionalInput = 9f618bac413f620cf177f617e51bf0f77f845a3e265b987d
+AdditionalInput = d65f6032405a812ccc81f422fb12efa0b07bd4f6a0c43955
+ReturnedBits = 73e7efcc8d61db8c764dfac4c83e54664c029350ebf653178ee05926f340f22b7569f02d1437dd371fe28d4c8e6f72487b157e5519f6b38a188a9cf92a1c8d4b5c5d5ee137daf6de203bd488e433803091a338f01574748cd6c624ca1c82d36d1ff71142cec9421eb114238f6c12b765
+
+COUNT = 1
+EntropyInput = 518e8f4f41a3264258081b7e5bab19277fac1f0df2d81c17
+Nonce = c8d896eb764569fce258f05c
+PersonalizationString = 5708b7a10bc0b22b32cfe89961091ffc0f26d3e3377355a7
+EntropyInputReseed = 3b657e73af4fbcd5c9878ab908f0a24bf355d3eb1c3f7092
+AdditionalInputReseed = 3452392f23050f2cfc2984c5d3bbd38f0c8ffa870e67219e
+AdditionalInput = ed710e5e2bc9b9030acef3a54a4c41fd0c6b98a1f85d940e
+AdditionalInput = 4de0ad2a6aab12e5d912f07858f8d656c9d187e45ea9a2e7
+ReturnedBits = 60fb3668316309b885aa27ed4da49cac1b3d0564557a6dde1dda878f3c85a101f26d94c2b73d344635f6319807c669c2b6e119f2da4f0955e34eb6d5587bb6fc695df5beaec3804f90208f34c25424e946f9c7431f11c55763a9e79461a2dcf89bbc32ea36bc59f7ba2017c967ffdebf
+
+COUNT = 2
+EntropyInput = a3f32e615ff86bed6f6d4de4c9eb47481314cc21fc86a343
+Nonce = 94a05be40b07a355bbeb3ea3
+PersonalizationString = 412c995345154e80803fd9d191e578a284245c6b4d2227a9
+EntropyInputReseed = 043dc317266cbfa7b2023780f58b64acaed838bb69bcfc4c
+AdditionalInputReseed = 0f28063b9db829619fef2fed2805c4ce96f2d68471bc659c
+AdditionalInput = 733b106da6e7aca102a5521fba45788afae41040424262f5
+AdditionalInput = cd92894bc5f8e6d87729b7890267e4527dc4d725780f41a2
+ReturnedBits = 461c06e5f04688cb2c82f7626343166a3caee3aa5903c08fdb10bc93f2770928f2a55bcbd6cf198b38e21851ddd639740a6dba90e8763ac830452a7213bf2002d28036b59880bfaaafaef16ab26aaced7a51a01ff84482751d0378dd6477f2ccebbb54019a24f60f3aff3028438a7873
+
+COUNT = 3
+EntropyInput = 9e526ca4bc0e0a0f42b027b34c386d80233a6e28c53b9079
+Nonce = 6a2aea87bb351aa65cda363b
+PersonalizationString = 0d3bb3638d8da12fd9de7d23e3214b29d918504438615901
+EntropyInputReseed = 9302135dc7de9bf5b3f98e98f8003853198d62b1597c2c00
+AdditionalInputReseed = bb5863bbc155aa084e8d00fdf779e38353ca6756765ea246
+AdditionalInput = 9b0a93bc4a75f161e5b0207f66405be6cb7bbec2bdcb77a4
+AdditionalInput = e1c5381be169161ac2675209b9811f41ae28dd7ebd77df82
+ReturnedBits = 384573d0fbde5d5babfb0e2a27bf760fa5aac7ca401ef43207a88d210e65543a93a1565451948d9226c58f7e3b61c194b193c440321a0d7f282923242ca8f1aec3e02b86e3f618d91af7376377c094d62fd5a23a9541a77560d4edfe4f60e245988dea0f79f5297e4676977fab142ebf
+
+COUNT = 4
+EntropyInput = fcf7fdda4f1ee2acf2d849a6eeaaae7a2cf56581ae43fd47
+Nonce = 3e7e753379e4a522205b5768
+PersonalizationString = f6554031382d7da6f02651b5d81d0eed01396fed1290c1d4
+EntropyInputReseed = fa8377df3cab75d6f17afc43068cc770f322d70f4457029f
+AdditionalInputReseed = 1de7771014355f0e4155c874f40d72cfc4e7e78142e42d44
+AdditionalInput = 1a22a454fbacbf6b9eeae2250e64fce58704bdd9f65a366e
+AdditionalInput = 857d30940a9a242b936c0dc0b2656b2c5dd2572812f5a1a5
+ReturnedBits = 9b5d1b98416fe52d1a6680ec9c7ba279c5295ebc4a73be92448d449ab7253c97d9846e558ab7b8fd3565019dd72fd1cb90e72e68516513203f454f20dc5f38b7e3ee6c810188d414466f7db5652f381eb6070dcf3aec099a0ba2f18a62ce9b7314368bd8c7e56a19032b1af75e98de54
+
+COUNT = 5
+EntropyInput = 24bbc99ed64e385ccb84ef04ce6a21adad55fc1f30f5dcf6
+Nonce = b6852a94d5f97af8ba988696
+PersonalizationString = e7e47fe1526ad0367ab4238f9e1bb8e3552fd8568f85d383
+EntropyInputReseed = 59ab4bc3fbf8ea0787f537102490f3a7b6bacc4312207d39
+AdditionalInputReseed = 2e31a1c020676213380402272359b261db226df3d4b7edeb
+AdditionalInput = 6968021729def430d1aba33dd3ffba23295fc076582b15dd
+AdditionalInput = dd830cd724f37f2e79bbbc2afba136140c6cc93ae807207c
+ReturnedBits = a7ca0fde7961b7d472cec6759e182d0e1f1e3d6593be4b70d8043ff62d07ef3b2f66c9eaf15ce08629468a6b7fc8ea6e89b750abf3ee46dc3206fb35ec630102b78257e2c36495c189769d47ee195e73ff010d31ff018ed34bf868f0e57614b6e882d017477108ad669bb5f198d90977
+
+COUNT = 6
+EntropyInput = 7665e81681c3b88af4b2b9fb5deb5bbde6200c605e3f84bf
+Nonce = d07da1b39a10dc236ab1fec3
+PersonalizationString = 8d5997f382d59fc926173c30b9faff081fbe27a106545295
+EntropyInputReseed = 1bf81e5d37cb2919d4120f597efb8efe925206b7cc7c7580
+AdditionalInputReseed = d0c84c33176c9d58bda4baa9e4879839cba3b2541fbef595
+AdditionalInput = ec81d12ca2b13baab30ee79b15097d9be2696dad96374b29
+AdditionalInput = 7832a39fa8a0f375694255d3755aa5e76835bff2236ceb3e
+ReturnedBits = 07861cb3216ab8fad021a0a894ee39cab7ca3004f85422930a53cc37e2c043881915f45f3714008d7da871b04cdefdc9c351e6d9750689ce4333369e99cefb4d399fd731219a319acb4f4b67c9db73ef974e429ae3cb013fae4e48c2396c14a45f151f36ecdddb1f0b0e136cdf3b26a9
+
+COUNT = 7
+EntropyInput = ad56ce13874b738b970a01a0f02453c302a76674e6651347
+Nonce = 1d17075300ddd1c406c6a8d0
+PersonalizationString = 35167dff556f02e12fa71a3e27268391ff653bd2d0bea772
+EntropyInputReseed = 8cad31d45513a017f50a3fe0b6d9f899499025b396fe7d45
+AdditionalInputReseed = 2f05c322bd13a463264499c2a0aed737be3e33e7f85276f2
+AdditionalInput = c87636844d243faf6324df31b89aea05704626c335689efc
+AdditionalInput = 416cbd2b175ee03e63e2077f29e7e29ff8346566d5d9bf4c
+ReturnedBits = 1d698e572f09dc9aed5eb8748f0b735c8d66e2146324547fb0252bb5dadbf8944d4de32f9f3f08198df3636dd0f092110af687ed36ce1ac506586df053d8fd3e7c58dd8db6074ffec4002e80260116ae46616ce3efc1fe49046ee3e77c399e52cc8bdf73bf904a84f2a5b16682095e49
+
+COUNT = 8
+EntropyInput = 79be524b0328ab43ef8f2239907fc0dee3fe3e5fccdd0270
+Nonce = e1152c7e6d0b9c3540a89f63
+PersonalizationString = 376136e81f8038c6f029e757c4a8c9c975610859ba023e0c
+EntropyInputReseed = d807115286192359e9df8cb9e7daeb149ad10a2a5330bf97
+AdditionalInputReseed = 0969eb37d39ee68a81491a133688db440168baf55e5c0c98
+AdditionalInput = 32822ad85e56a5ea9aee92d0e6a6f4af516d93eeb89e6421
+AdditionalInput = b95d9f3c74f1d366c91f5fd18afd56a5ab7f2084c775ccf8
+ReturnedBits = f4d16c2a2c9b6f2c6f9335935c6aab6bee8585e2c521e4a8211cc997221039ae7604883b0c1525e7a9822ac8fe0befc23d29187e6355bd204a74f8c9f1fadf2c4e5928b82f99d010a52b7c81cf28195a3fc9cdd224666048285342f357738d1b4c0f3f62e67271d28c431057919a4ee9
+
+COUNT = 9
+EntropyInput = 79a7d7c087e3ca306d7d03d8794a4b4d92fe937c410a094c
+Nonce = 1f2a6877d1a602b79dcfeed7
+PersonalizationString = e342a6495978482dcc8d3cfe2eaecdc50d41b377c30cb868
+EntropyInputReseed = f574cad7c3a3acce32b6e94143a3419aa7cbfa7be5bfc363
+AdditionalInputReseed = 50166f17b79fe48cc5be4864024760ed8b8b2eb78c5f3334
+AdditionalInput = 6964419fad4dc4084ad74dd9a44f1e714a19b817be10c888
+AdditionalInput = f50a3709540a9092e0ffdba76ae4bed12f3da01a440a059e
+ReturnedBits = 4a97844ae600417033a37b90421dd0a556b2e1fd145714cd9d7e35442cc5bb7c0aaabdfbefeaa4267392ff89299edd0a689276a664292aa7ec1c505db34c6dfc7918bfc956219f9af21b6409b208e1c80b4b4a85800bbd7ebb7c484d27943f6171a796cd44eff6bc57ce684e6858dfab
+
+COUNT = 10
+EntropyInput = 3548e7917355dac079702269d8fe13fdc0828a68cd7f254d
+Nonce = 609027f0500df47c73f8994a
+PersonalizationString = 1c79d5c06a2aa3a35c21d168b9628d58640ea20877d6d5ec
+EntropyInputReseed = 29b0a7a769a37535a2e22326b0c689cf79611e420def8f3d
+AdditionalInputReseed = ff7429b698967e4cb6730eeb3ad7eac6865a6601ccd5f7d2
+AdditionalInput = a700136eb099e333becd2891ab9815c39219d906adeaedfc
+AdditionalInput = b182d34caa6797ac47601206e920edd3f9759473fbf8b156
+ReturnedBits = 7b88452ba483f6b305418de790f8858d3898639da7935db2f3ae352b62cbd50a26213b2556788b9305a919c2d370ae46aa8054999527d1b8765a4aa086462a310de1ce5a0ef6ff005843b665577c1e45f83066e3bfd02e7d03694b90950e35a3cf759aeb8a353326bd19a489b5b8cffa
+
+COUNT = 11
+EntropyInput = 77710bfb135dfe29f471771d57e8e70e4637ce70b9e2bf47
+Nonce = 56069a6f32699fd029189003
+PersonalizationString = bb286ff69391c645ff8f02a4771ae5efd4df693d8e9fd334
+EntropyInputReseed = 7ede65400e62e452db9a6ca39ec13cc5a223de50fc1fb5c3
+AdditionalInputReseed = 7029bcf0d9572bef1a29bc77f15f82e6dccf639b0517232a
+AdditionalInput = 1245da17aa76b793088f050aacff153f7f848e71d84b3d22
+AdditionalInput = 41c3c19acadd4ca660793ccbda3215fc32b0beee5d17aad9
+ReturnedBits = b07bf3e24101ee6c9dfe8ebb8868484e28732ea505f03702851d5e9ea04141a98713f1de1e4489c00e5773ca2c51c640b1fe227274db722279cf9e93d97274daf75b7de7515b83371282cfcdf2f2ff826d638824b1f905160327f17668cdd039f8bd7b4143a069c6eb195a6522ed8ba2
+
+COUNT = 12
+EntropyInput = 39ecb4e8c62d3b32fa9f4e03983a6eaf3170c5179a856d86
+Nonce = d6b1274262f2ba9726d1246b
+PersonalizationString = 8f220686c4864616cfc335e10e3bfa46a5f4de9bffb4b4ca
+EntropyInputReseed = b0b27ae6979cb11e92fc8b85cc628118ce034ab8f9058c67
+AdditionalInputReseed = 78a532099948c7834807da2d1ceb62bb3e2185eb45db9036
+AdditionalInput = 63787b77f5abcae651021b74b6fac64951b4c9f94b29f8b2
+AdditionalInput = 8a53104115156178d48602e3d8a50b2222e38c29c3c8cb76
+ReturnedBits = ba2507a6e51f0e8ddf0acde14c9f39672b63708e5ed70b512f9b922c93d5385ab0b3efdda1ef5bfc73edc716c1d69ab0c262ddf98313511cbc2e16dd840485b97f61453d12f22298fca55b0db26a0194331724261d761c8faa07d5429c58b6411dc650048c62f3fff09dff87a563493d
+
+COUNT = 13
+EntropyInput = 9d260005673708ec1cfd09dbc9565ba26afd82dafc6d21b6
+Nonce = 9e7a897130f375ace18c7237
+PersonalizationString = 0161bc5d9d8f2f2442a6993905584ef4c4cb64a5c2688b5f
+EntropyInputReseed = 697b24aed1cc0b80c7a184e58b6f5e43037ba3c1a565daec
+AdditionalInputReseed = 45af4e1a67c875ab7cfb45f2b0b0753157e5e83554193749
+AdditionalInput = 8a93cc3b2d9092b94333135df0b6dc8da4c72c349c2c58fb
+AdditionalInput = cdb4b1b224dd48c2eded73551ed4955d9ce4edb4ff7c118b
+ReturnedBits = ed6d911c60f0db25fa187308f10a24016806cd0d7c5c4864c34160b78ce4baa7fb814766e5769c26b619f16481b2e9b2384fa6059fa63c2ef6b6983357af123cc87dc37420f824250c57fcd29290140e588e29cfc54abdd699b4a5c3360705a064f7e7bafe88c74e64cb91b4f16148b7
+
+COUNT = 14
+EntropyInput = 195ec9d40c8027860bb3253b1fbcef75ee27c42473b46917
+Nonce = 1b48d29fb81f80b11fcfa5ab
+PersonalizationString = 83211f13d40ebd2d3e2363b52186477ef8ee3a7d859b2e1f
+EntropyInputReseed = 1d99fffc5ca6496c96783590632a7e4705b876ea8f50dde2
+AdditionalInputReseed = 5224a4b038ed60a5ed152ea243ac71d4056f6939559150e5
+AdditionalInput = 8e79ccd8692835c5bbd07f10803670f9602f1594cfbdc4a2
+AdditionalInput = 24d28afd672c518e76a556e665442c8e27f17f1ae7c03a46
+ReturnedBits = f9efd5a56af1beb66bcc002fffc1ffa8bd7c3de520dd6ebcad3c2928b8f74d2678171faf505c4d9ddb6e1603471abbf9c3937f48621f4042402a3fca4ee9e93118af3dc87678e2328d163a8b28127f3b2d1de60814689cd1be4c754443615246bd046d256de7f6dc5381442cebf847f1
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 561990b88f065730e52950dfed63ff91cc30b25f334fc962da383b429e238a38
+Nonce = b7c000251473e03ea2dc1fe8bfc0f75d
+PersonalizationString = 
+EntropyInputReseed = 294cc1e6cec4eaf93e55dff324975f018f4d47308083c001e6298b5ea269e8c9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fa422720ebc7ba86836c376c2485bc19302febb339e2688eb1f95efc6f8db3d2d72c4e6827b750c8ee6d73b28304d6103fbf85edd16a78840536311a4feb6b5377443013f465f17f664ad4d099279135ea10d0f21e42ee57254ced1e95231d67e19fb00d8631975b8367c4a9247ef59e81f996b35782b206b6e9f61d9aa8a02b
+
+COUNT = 1
+EntropyInput = 56575a31ea7e9a3d078c1c3804c4750c6d3bf3608fde8d44b515f1952628e49e
+Nonce = 04fa00ef160d91bfabb792ca6638cf89
+PersonalizationString = 
+EntropyInputReseed = e28b9a0fe0d6cf1ae579bc7d406a4e05536ec11ca97cc35bc576b4024c6885c5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 16d35ca0c89813d190913b2f7bef50a300974d3e9a08a80ef81982aa4d7a482a212436f43784bf5d77b2052a9bd066bc67841a414982394f199f0d2b9e77e41d95f4bb779fd31075bae23598354a4b6cd841dca78ac2caed895dae6e82a27f0b5fccbb32f997fcecf983d0eb2bbf96bd439686de0987912a81acf13bb7139807
+
+COUNT = 2
+EntropyInput = b0b3bfd1162c4fd09b5cb1535a076743348d59714bf28e00440f075453a977d1
+Nonce = a87bf5a3f701a2abe809376b4069c562
+PersonalizationString = 
+EntropyInputReseed = ab102a81c6575fa3e0f5b3c2e4308a89deba50f272299260152721c3cc4397b6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2ee98c89652818e3b2139e7e3bdde1da5b8bea94fd6e11a2af880d8190243f40b8aaf0aa5958dd77fe5ac821400671c49bd4d488e3e021b09dad1c5fc520059abd38df2ce6d8ab8135ce24696b5e02845a7ecb6e7ed90c53e4c70edfc754a743030cc6ee6c26a87c56a4acaca097d91a3d44ff15e438bdccb93159cb918b77bd
+
+COUNT = 3
+EntropyInput = 7166efe1f1503bc9ccc9a28d76d690ceb889cff7a0a9596baeabb72b607a5a36
+Nonce = 2aafc1495ecff5c0d2f51ff7ee97fb34
+PersonalizationString = 
+EntropyInputReseed = 9306652837f51f5317b94a25a7cc2f7635996e44d84bd5a7da75ea717123bf08
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 393fe27cead6a25f24974c51ca12f45cc4a22159179ad340b5093199b981f2b788487960d9605211ec979d51d6649bf2c8d4880ea19683de24c6ba685d74081e58e40884f8150a5d2772be3204c677d5ce251465bb4153621af351251d33aeb2b904a300ae322169da57ec73a9fc7e60db646e583f1d41f1f2920f6dca5870c3
+
+COUNT = 4
+EntropyInput = 828995071f29c65f68c4406afdc2490417a124ac5048232e878ccbc92f9a2929
+Nonce = fc42e40284a90eb50353fd74ca1d73eb
+PersonalizationString = 
+EntropyInputReseed = 9f2d795b7aabf34b05f822b1b026dd6cb6443eac99afc76ec447f3e4d7e61449
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d7709a70c4081f7ad34e3d5b5eea17f4abfe7fb9941f6cb4bc330f9a9056cbdfd57dec01f310acdbc454a5221f77eb59c3fa103c304aaa0c01e55539e763d800eda6bd5b1ed0b057a4be235b083a1f3832506336820542ebbfa6bd4998801fe8bf3c6378373cf7f8c5d5b35d15b41647d870aa4d75d88bfae309ffa9d64db442
+
+COUNT = 5
+EntropyInput = 0a4ff37179ac0850feccd07b235599b35274b2c0e8173956ef524923be41a31f
+Nonce = debefda38587c15b8cb79b970a9bb1b1
+PersonalizationString = 
+EntropyInputReseed = b1ea0046dc9dc332ea7a76c5ba48cb15d267c9c52552c0ed69ccc756a004736a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5e06e5e232d53566ea35145a44ae426295f3ba1995669ba00e337ef0e3cd8d4ae6cf919299e293e34d19c01eb46cb1b8f7f11522687c9db5ba4fb103fafae86d357e57b77262626ce17d56fd909522e605a999e2e48a6ae687c367363f22f5a23c814fb41c86e2d4f91e77899de6ebca387a82a7e8e1148eebe6a1f4e6966f8a
+
+COUNT = 6
+EntropyInput = 8dd97496f25999ae1e7b74e0a4d79bcfdc2404518a1796c82e42c028d3aea154
+Nonce = 9c68bd602298ba109a27f29c2b1d8cae
+PersonalizationString = 
+EntropyInputReseed = a039cb96a2a0bb1a6858f366641e9afec8b248ee2355c4bf7ee227695b1a911f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6dae18185ee2d53038c36fc5d629e6ab2c8b1dceb957fed33f6dcb8a410b16d97f899ee9a38e96b286f2ae05ea6aeca20c48e683642a339248c2a603179adb9a47e1da759f62eb66570a2a39ae2ec1497318a771a813f7c246d21178dfbc7b5ce0d1dc4fdee34ee5aa3d5968892f23f7b020d4024a678bf860e7bf22bb941920
+
+COUNT = 7
+EntropyInput = 3a91c006102640bff0784d38d7d0f4f6ad640a23b9b163f1540a25569b812347
+Nonce = 4a9c2b771708fc04ff65d4130029ee7f
+PersonalizationString = 
+EntropyInputReseed = 56246dbf6d03ba82d7f139f72a970b19a789219314b77fa07882a806a3be0446
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = dc71055060ae2b6b21bba77cd598a689308c1e16713ba377d7793815880c77fcdf471316cb6d0b289d4c0725937878e83530259af8a1781e8856315df586f51d0f6d6c4081612ddc6c304a5c72932f9e799633daddc383497f1014d44ecde26a9a107119f63d5fac53e1e2e94035db282b2be8e7cb3cef59efdfa99d383d62a0
+
+COUNT = 8
+EntropyInput = 1cdd354402c4d3d6ab1687ad764120de2e1327ac83a251de78f472f38b4e2976
+Nonce = 8d4994e8897e337ad1b08fff7535b31b
+PersonalizationString = 
+EntropyInputReseed = 6789818b9650625eeb0016deaa9a80d3a121186f1661714ffe73f79c8d41711c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b85b21fa539c2d16a86b72a0f85144c4a15175f4ab136f91858f6a2c9757110a42abfbe93255a3c507fe3d317ad7b9a4de80eb8e87c210bb316e75dba1bd5b390d9b98a666f732fa0213ee772b8dd958456815dd8b433b3909d518bb5929c89d3195347129c8c1d912c6bf5dcc0c3514b0155a52a7fc61dfa8d6c2d49d18c503
+
+COUNT = 9
+EntropyInput = a2bca08478e429266d13acda8d722f64375f445451f8582f8e9354bf16408b9c
+Nonce = 35f2be50018186f1dcf7a102cce3415c
+PersonalizationString = 
+EntropyInputReseed = c747747305fd69bbe69599cee283dc7f762e22898f3e6e9113c2f3d43b2706b6
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4fe67de4629cb541c99744c7cf366c85e45eb0e1a5f28f9ed8a4f3adae2aba265892e375f38828216018cad4affbe40ac590bc2ab16b537e907743efc80f5da6893add2d5e4596a7b69e9ace79c4edcbdaefd95c16d8d67dba157d59f12356d52af5a0d4b56f8e521339654b63f2383a6b38ea96a0f761f7856627c6cd97cc40
+
+COUNT = 10
+EntropyInput = 0c64bac50416301cb1ccafd98e0fccbddee4628e6f1866e76f26125ba6fef354
+Nonce = 2ff1e39ff881ef747728cae9542fa262
+PersonalizationString = 
+EntropyInputReseed = 363d02e334f145c0802acefb015845a16aee3a246989381fbe4bc6723f2ca837
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 84b5a5e327017a275b871e671a172725fd7d9ab0f42d59cec93563f1bf84563e5638bc36ed3cf0e54e8f5b63dcb9fe03076fc2d081e57883f38150d287fbe3c75814ff755f0abaac4bb5c5f3ea4191c6f4cab72749e37dd9c0ba99b282d965df494ac0f7be6a8fd5670a9101e443c024c61c035c470f67670c729d23f28442d6
+
+COUNT = 11
+EntropyInput = f9f5eca9658f81dbbb2874524ee6b91c0013c6badfdf5341c78544e89acc7db1
+Nonce = aeef9144e46cedffb3927e029362b39a
+PersonalizationString = 
+EntropyInputReseed = 7b01ba5a2293569839d32f3a6e28390beea8e6695c873279464419a6a1fc01b7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5851f3285d61ea9d9e4ef9596e0b1a641fae062fc23f0080e6d58197662ca65ccc37021c6e54e57785173ff240e940ea07b0f816a19be028230c86dccd5c9c545fb3e5b3e0276ce2623cfe03b92b76fe53495b50af5b17dc1f9e7a5211c0e63bce746125c9f18e78dfa1f7f821fdb94b4136191fce7b31b1ad813534ec3c580f
+
+COUNT = 12
+EntropyInput = ec509fc2e2ae64468d7676b84237df81e73552928751c529f0c813248d191b7a
+Nonce = 476c92b012420aa93e57d7021d72553c
+PersonalizationString = 
+EntropyInputReseed = 0bb699e84e141f0cc1ebea75aa70fa01e5c144785ef2cf2ad5ce348ad6fe0d0a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5fbe6554e6b59bc022ce869e09ea6534dd1b5f88f379f2895fba82800e7ec63c7ecc9f19b667af359982cc5fc683d7be7b7a724e1c4d42e9847d8e228a2062afd91cff99ff39ad5298306d41a1d10f87e84785dfb5efbb4020281f229ad5790b97f3d8f58074e7f3feb7a8a305f97310439bde4ccc478214c11688253d5033c9
+
+COUNT = 13
+EntropyInput = 6863b79692e71cf79c4dc9990335db39b9402ca505e4127ebe62c2f12c718c14
+Nonce = e12e75a2fcf555b618ae8b589dc5e4b4
+PersonalizationString = 
+EntropyInputReseed = 83e01e2a868c87bc238624b03f05862f5df4c3c3db25af60e6eae3f6b07b19f9
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6518539f59fd3c0ef60a11b2cb265a7f3df16a746b34c4811f363a1c1c1f006f835c43884179ba9d1e36ea93bc45ec1368fa3a9d2ec85db66aec5740b8d79cb8b028336b59386282cf818e7aaecaecfedd46fcc30dc1147e7f09e026b780b8a1210d0d59260ce2dd3c2c29e17fc9212af1a4ea497eb4172306fd71d0c54fd2e7
+
+COUNT = 14
+EntropyInput = 3bb727d0e6ef1e2db61581ef75bc101b3ba854aaefdf2f9ac39526668ec9474d
+Nonce = ab89cf7e251158bd4a597cf47bee4530
+PersonalizationString = 
+EntropyInputReseed = 7cc4090115cf78fafacb4405f727a98e2e840bde6a4f8cd08cb038d22cf229f1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 774e2ea99dccda60ab2fe72d756459c613480a09ea9de0cd592266aafc70f90fddf477fa7c2b91b689682694fc6910d23487cf3bb53e046a71ecd6ffdce24f8efe3641401c975a21bef892eec5c967f6bed27a2dac8e9d03b223e0008583f0e8b9df2018311b09c640bbf9887f842590803ba203b58e494cda7c60beb6c6ae02
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 64af5c3eb7222d00484dd3203c09bdd4345120dd2d68c5ed1f073fdc45f35320
+Nonce = b337103a5a3eb8e4ac9460fbc44dc5b8
+PersonalizationString = 
+EntropyInputReseed = 41b0f0f24d914f2b0688bd1edc7928efad8d9d663e95028a6cd859457e057822
+AdditionalInputReseed = 61982caa36be9694b3c05fa18df3b859f2130bf775e023be4dc9698fcb27ecbe
+AdditionalInput = bc696bbefdcc8bb62488418695908b60da8918e9bc6db9e0a8fb90481341ba67
+AdditionalInput = 023955f0f82f071012034b86a122c12d7774b8318e01de6f5f27a25346738969
+ReturnedBits = 2a69fe7fcc6e2fd7d63f272de821d2ff81b04a1907c07597e4e130ac9e05f4be621140c5a1f2f9c3d1ea992a1d54f466033ecb786538d3722807f11ecd158b9f54c8daef9c0f60f306144309025330be8b4edbff5e5cf0ec7b3cbb5e1cfd6d726ab4fbc6a596ea91aef91e55f9345e9dc0e72843299dcf861c3e857bf29eed3f
+
+COUNT = 1
+EntropyInput = 60dff05d77e9418be59839b3084bad17fb6a15db5a23faf4d32161766dd53a37
+Nonce = 65f8f89a010cdb784efb91de88f8d9c0
+PersonalizationString = 
+EntropyInputReseed = cc94c0c1c04b7a7c81e39e7c118001e281b61945908345fbf94c9962bee121c7
+AdditionalInputReseed = 609f67b86c5f8d267c084dd482e0cb2ef3c02554983bba677a5c0ce3bc889877
+AdditionalInput = 9eab7d6c57928676928e70172c41887f5ab170260a024883898127d6db3cb91f
+AdditionalInput = a1918aa64d985b59f62d6520a51b553395da6d8036edfd58927a0e73e89b82da
+ReturnedBits = adc36223c60053343f8bc226fdcb6507d1a058410800dbfcd0b20bc7212d4c01507472ff92fbc1faa7465992d9d208ff5c3e512ab790873423f47779d061f7a9b21c3771a7d86d7e79387c8a4e10188fe8bf64cb55cf7943edf22f3012f64f88dd06c2e50b6e6ab8cdb1bc2cce9ebed97327ad9729d09ed147b0501ba81a3930
+
+COUNT = 2
+EntropyInput = 9e538a66bb1e1cab88bdc5a5cb2d6bf72fd0571f4c7f104ecbf6e1c2b4ac43e0
+Nonce = c5624ec3c5b2c1287620f35cfc75a448
+PersonalizationString = 
+EntropyInputReseed = 377692c2b986b12b092690fe5d6d886430b4b32621ded6fe4fe85a917cd51b09
+AdditionalInputReseed = 79a1bf12ed855724eb61b011f2bfb346cfeccfc1226d7ad0498a181dcdcdf33f
+AdditionalInput = e3a4e8f8db698c703307c671c17f4287eb9ccdb376fc0a2d0882eeb0e8916825
+AdditionalInput = 1a8c420abbc2e2b84f99602f7e96951f0f0f4a56d33f628f9e9dbf4d0ea73206
+ReturnedBits = 1e32da5ee66876a94c6a7e1d895967b6da8bfc0839883891a6400e46847eed407773af29276a47f387346b140ac84e77570376f782dfdeb6458fa875480ce9405160486c400a32c03bd93291d6b2e171e03445f380b01ed006477b792e1a6369cfc3ea1e5aa3b619badae18e2fc76921d86cbbdabb610be03abdcac0421614fd
+
+COUNT = 3
+EntropyInput = 037fecc968de34bcb369e9ec6cd58d0e1111d14e69dff6509c6ab74716e9a026
+Nonce = 76eb9573a01848038e7132931c3c88ef
+PersonalizationString = 
+EntropyInputReseed = 792941a0ccd46b63a03e0f5d0bcfc3637c352770480d1b9bcdf7f29e879ffb6f
+AdditionalInputReseed = bfa3efbbe27640e4945c3bf274b3a6426c5591eeec708a509e1c47af4b71d0f9
+AdditionalInput = 184fa46017ee0b759dd76462c304ba3451d29f9625627703e25b3c0a9110ded5
+AdditionalInput = f5b7d8ee5fbe3787ae0380f153da4e239ee6296febda15d9bf596199eb1df202
+ReturnedBits = 2385a2e96e7984221997b396f52d9230a3cdd09a642225976766c669eb4a5348c5bc29e2365ee2d9c1e9ef339a7ac288da20ec026d74604361bbe250f18e5c5f0193e604e8a2e349ca8766380d423c403ef41162e469eb42b75b0e43e9e5965e3d3473dcb86f02a494bfc34061ad6e282a44ac71b23e95de976d436f4c956dac
+
+COUNT = 4
+EntropyInput = 9a073f4d56d07370650f1fb8ac472decab88cb3f27d728e76fbefd9f29bfce2a
+Nonce = 975b59cc9723b25b856c1f9c79e76ca2
+PersonalizationString = 
+EntropyInputReseed = 46e5a9ddcfa9b4c1b61531786bd99b44c19b770ca9f28316089f33d6afdb13b0
+AdditionalInputReseed = ae01a36eddfa7832c532c04c0a7da692db6d5fb75d841b09626747cef22a8821
+AdditionalInput = 5bc8ff53ffdd3f427ef43d4d5e7d272c2a58501a794e48fa567070978342a50d
+AdditionalInput = 7cb55af2f3d03029caefa36fb6b1e5bc04a69a595a31a3c78ecf8debf8f87e98
+ReturnedBits = eadf1d0d50617aaf0ffb31497890f36540993d50999027b2754b73ebcf137476a3b51ef68437d647d6df658d9dc3cea1dad7c7c6863a7db6890ebe5688d2633d39147f6d8cc316b85695b9ae766d4b3a27dcadd443073b816363b6350d2fff3894a4df4e92519d3ed33fa34f123fcc4bc3eb3598029dd7f718a1505a128c8b21
+
+COUNT = 5
+EntropyInput = 5d097201960905a6fcac5833eed29feba2aae5bb99869bf154ba97c8a107e5e6
+Nonce = bb34831d92c32a7cee9369bb593bcd94
+PersonalizationString = 
+EntropyInputReseed = ed7975b097f14a1bff59b8390c01a7f814c754b7fa2bdb4e80ed1e59fc2cc49a
+AdditionalInputReseed = bdc86d7ac2429517989c1efecb1a42bc500e052834b6dbf239b530bdf52164ea
+AdditionalInput = bf18d9e54432c28ff7f140f550ae8e7ab8cc8a9b17be0f4374eb5722bd30070b
+AdditionalInput = f3311fda92a73422d6e22a352e0bf9e00831ddcf51ad46cbf028b3a772c66fb3
+ReturnedBits = 05bc5757cfe935bfc5624c1050651e9c8245d286e086ae3020819f2a8b047fa1c74f85b505f61f7797bcb15828b62aa28d0f61005f31c0120aa11d469c204a92e73071dda27052032631b3dd27d5bd27f72b052c5019809963254bc3477853f8f4b6304c7e71107e99f779d37ebc504e1770674ac5b7ae322e2b8efe67cc3519
+
+COUNT = 6
+EntropyInput = f16b63c57fe53a9ebd36773c1ffd828022dacb47fe66d63dd00ba8045aab0c5e
+Nonce = d96c33950d8f1926f207b76a20207f58
+PersonalizationString = 
+EntropyInputReseed = 4e163f88f780e7878f1993c84bdb1fea323d0a7abcd6b484a1e1f87f43450f52
+AdditionalInputReseed = 6fc7d2c881b59d73d8547fc9e2e7113e77c05c76c77bf4aa694b8073d233bcca
+AdditionalInput = 84a7ece7eac72aec6372517e57a9238d3f91af923378adfd970e1c787eb1590a
+AdditionalInput = fb0e59f4a9020a7fd11a3bcffa12891b3bb16443d9f45dac59f5895553dd6ffe
+ReturnedBits = 63369d9d1dc2b6fa1fb79ca080241333556be87a680fd0514c5290cc37091d1451877f54a700e1b79a34266e53f0e1e19cd39690c4a3347143c8658d4376306c7922f14760e411d9ba70672916ee9d6f9658486809f3a22176c43777df60cc608d6f8f7d9411aa2b883e1d40ca84c37de5991eadc4b43cdbf045389227104765
+
+COUNT = 7
+EntropyInput = 3031927fd8fc528db90977bffe5aca14267c9b380240f96648546572dba8f3e2
+Nonce = 95589a02d1aa8eb37cc4e195419a2611
+PersonalizationString = 
+EntropyInputReseed = a0a3f56b4637ade1ae53e8c36901029fef17021e6d9e53a8d31119c57bb77ebf
+AdditionalInputReseed = 35ca0e1d3701c99a7cdb4f547032df29e8325e37c9832862be2ead3193ee7a1d
+AdditionalInput = 659cdc03e6650cae64924efec0916f9daeeedf93c4c007382242b9c02b1c4882
+AdditionalInput = 185dae5021545b706b608b7e3f22187a187a315360b0a370241785f534b4ecfb
+ReturnedBits = df85b9f90f7109748ee4b48c99650af4ae6066ca6d66d7e5357abaed71204b61b847b93776a1739342a032d64076bcaa857334979c9413ca6f6bf589b8706928cf28aa1c887b7c7732574adb70b32e207b5bf8c6336dd99ac9ad3487180c4d29eea4e4525d2a3f316192c735f80e77c009642ff654538c3b5f33cc5e00b99201
+
+COUNT = 8
+EntropyInput = 17f6549d617d845534130dad26dab37858d09ecf1e82204328fcd389904b574e
+Nonce = e33a3bf8e024c1ecc88b9bf187c55933
+PersonalizationString = 
+EntropyInputReseed = 498039b69262153df4a5330339a72e81af1c4c915e80cd3eba058ea7f3a8163d
+AdditionalInputReseed = e185a776b9246ecb9b172af270b85b78ad9f2f46d1e2b16fa9e28488f258c2e2
+AdditionalInput = 1d46c4d8b58212262e2f5f9cb8ff65d822414ef6d2c1cff27eea8f6c9cac0285
+AdditionalInput = 34162d27213a35d96526158d8bb8e48de9833ceed4feb8771cb476a418d8305d
+ReturnedBits = 7d1a13f0f8a36ddc73689978a84f6321a27d0d34594a6c4da3676ad9097f73eddf137af847ab38ee569a86a56477e82c7759b8fc6e697f8b8ab271719acc625bb603dc2bf9e37c5b00282551fdc14e9dc9edcff137e469d2867f9436ffdfa1b14ee34651d54664d0d43947277eebb51fc14af223ecda2259bf949b5bf1db40e7
+
+COUNT = 9
+EntropyInput = 0d546b4b3cac4047e6215e1ef672b85db12ed87abfb3680bf886be37d9b98ccb
+Nonce = 747b638625c13500965f02835fc9c654
+PersonalizationString = 
+EntropyInputReseed = 6e6f8cd62aa98df3a43e137544aa80a8201dcd607e3f37608b578d713a1d3744
+AdditionalInputReseed = 6e17b33a316fa6ff538253f4a83db9534cdc861f8cbf156ee0c5b02b6f54e37f
+AdditionalInput = 333e1fa3f0d92839d238f66e9f5f790ade07220df3bf3232af910b9d135f9e54
+AdditionalInput = 6f6936a44fae182ab3a58908974c648b4ccc5f0d31c77b715aa04caa1cf4dd92
+ReturnedBits = 01242c8100d1fd0fdc4c3e21a5fd882428e657ae562b309638c5b622225820a14e92876b4b0afa033f932967ec0867cd7fc556d4d1f821d24ab5acceeb190654aac1e306f3621a0890f21f9ae141b659b7c118cb020b24a408e7096b2909b484d865cdd8c9667dd821d0d552d647a429fa67890baedeff5007414fbabceae37d
+
+COUNT = 10
+EntropyInput = 3df63aaff558195ad9617a958ba516138f9900a19c224902a9edbbf3095765ea
+Nonce = d2ae16da36e9248db5381dc1b16a02e6
+PersonalizationString = 
+EntropyInputReseed = d9572dacc37e18986ee9e7a33c5d1f54ce92b83667ff0e178c9a15f12cc40033
+AdditionalInputReseed = 940c892fafa11779671152a64c499340a6019cb8343d8633e8b5827128a992e3
+AdditionalInput = 4f59529c1300f2617a659d2755f6757dee1ce0ea1cbddb9f4a01fb04bfcece8a
+AdditionalInput = cedcd256765dea40d7d2cf7646fcfc9654b36f98a7b520cda5dcccb2126c8c3b
+ReturnedBits = cd1ff6e75794b1b49f014d5682a379f61f78db5b393331deb1502179a8b5e08916669789073717a768fcd5b85fa141d9216d759a6e0946fc8900d6da1f579c2d1857491e620292173ef9886c2326529ad85b5161d31106a257bc7d56f07bea30010b5a0d523395e89a54e3cb35ec2d466700cc3425b3130fc194d6077af6d962
+
+COUNT = 11
+EntropyInput = 5860fa8e80ff5e80f67e1f8e468683d24a9bfeb3a4e1d6092b1d84f49c72e476
+Nonce = 93f1364edb87c165e43579691b5bc164
+PersonalizationString = 
+EntropyInputReseed = 8d1c7c6e7f1bceb5a8e6c47668931d4cc1ba84412b18974f71ed2575e3f746f9
+AdditionalInputReseed = f8545aa9c091e28ec3f7e2788d4b235b505c41d105523b181482ee8dfb26de6d
+AdditionalInput = 2e58139f339e1924bd7874832e6028813f92f9e827c307f490ab343c0f179e80
+AdditionalInput = f24fdba1f96318f0adb6db6a75f6579612fb37b558d062ffc67cc6b8a34a0d74
+ReturnedBits = b6e77fdf3dfc9af768148a52dc04f9cc309b3a97b6763a534cae19c04e2db2fc9b88b58c728b85ca77e64da8015c5999f95bfc92cbdb40e82128462f737751560023aa4725e93229e2e2e596a8ef36a23640d83a87c154f53b17f0ec02c4286d078360dbff26ef387995c511cbfdc6274d5f36e97e6c996ca0fc3e9d2fb04df7
+
+COUNT = 12
+EntropyInput = 84435f1379e8137575140ee5d144ba6fbcdfb77e877e55fc9374d96c7e1fbb0d
+Nonce = 3fd559aae9eeee800cc729b2fc917303
+PersonalizationString = 
+EntropyInputReseed = 0a7154dedf5572a22c62c8028e51d3f96140b72285ffe1c31cde20706a1a2a1a
+AdditionalInputReseed = cc34e7f9a1d272ac608289f080fc683d71a3619e8d0d8449d2c2854ca6d3b419
+AdditionalInput = 72c9493d3695ecc93f8d049e7bca178dfa7950ff5db43db178a3aec39af2eeba
+AdditionalInput = c259e1fae1963a22744ac11594503d3dcebc792a5809c64d0ec40c4ccc0efa62
+ReturnedBits = 2574442ce82cec1fee9656c967ef53a8902feea6f5c9bed4c401f02be1c36d955a3d7410fd5d56a60af4bfcf063e36257a0ae68fc7dc55233c9e484a1c175363d3b541024a4744f0ac0269574dca8e65ff01d0a25f94a17c1d1a86ce0ea2f36cfdf564c388d5a4916782623526f3324d1558167aca837927fd49a05b1f3bb233
+
+COUNT = 13
+EntropyInput = b4f17f60358e09f1cbc1b481d16a91b17ebb1eb4a4833ae07bd16a72bab4a23c
+Nonce = 1ace4429d4421da16afb7c3caae3a2bd
+PersonalizationString = 
+EntropyInputReseed = ae6e6421e90a710905c686dfbf3abaab077702e511a3bfe9f11d183933c31c59
+AdditionalInputReseed = 8dfd6a12c50cc9732b860c4105729ca7e17d81c69c8b81f1a0c729eb5924ef96
+AdditionalInput = 26d1aea563b369271eced9ac07abe309ac474e7fa976a4240d6a3503f941c86e
+AdditionalInput = 4af99b0916bb8c149b33dc667b77ee8879d28844f38593c78666887eed4cc535
+ReturnedBits = 9c688cf305358c4bf9e8ac67365cc00340ce9e32d6fefe4d800f336fe6f8fc48fbfcd18c1518a90dbf00d65c8d2d245a2afaba2d68e62d7a470391ca377fa72f08fa8e0f2126926db96f2fc8cd882aea84862ced6d5d81c382604de73b9a847bddb701f61cc3fbd41499f1e95bd4c46de1235e4210f1c8ccb15a4e7bf5e75979
+
+COUNT = 14
+EntropyInput = 7fd9e2c09d4e728b255e7728d2c36df4deb61bc4dc73c563604c8b6f96912de7
+Nonce = c2eabfcb887e0f37dba0f4138f7d6ca8
+PersonalizationString = 
+EntropyInputReseed = e63ed682f3c1c2f4851f489c0913b850a58895798207a5676ccad9d36485e669
+AdditionalInputReseed = ba85dcaf7d9fa072788904eeb437981f4e17db6e26a31e5d6a880295e538aa66
+AdditionalInput = e896677e4d8a18bf9e08dc6f1815c3becbf62ae8dd8e3add1a222f2a67faeca9
+AdditionalInput = f276580020c7a55fb4faf24e1b93e380e4a8b36fa43c6679ad3a9c3db40fe263
+ReturnedBits = 0a50c77e30366b62a911f3ce10049465b86f5c71d3cdda3d364473893f1526d9b892311a76a767a27a7a15befe940eb2b0d18592387af34f348fa2e7c1251e4724d624fb1f15477969ab224ab177eee1d19ccfb0cf59dce1cdc418053fb9923bf0c9519fd39f50f90c29393e807bd3b20c53a428efa34b069d90c9bd2d475acc
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = d1beda2c6f2b0b141b6da6038bd24dc8958c1e2cf8970c830f1c82f4a875c18a
+Nonce = bb0992088555710adb90efd674b5cfce
+PersonalizationString = 121b30fd8abb4765ded97217b3045aee1a74f942e65b855f21b616dbebe33537
+EntropyInputReseed = 73f1161619054e9ad10c37e15c86fba2a9070b96ebcb502fe7079c91e8859d93
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cb4953120c747d981c8b6b6f12f9b376c1390ceec72466db289aa1aaee67a425382dabcbdfe2067c2aabd89abb4a16f40b3cce3194624edc6aa4b8d296056819045807864f565fafc12041f62996c4f47214d7c47f6439d3c98fbbe0ed27278d78c50334b28388461021c6a0f7ef6857c862dc70416005ea938c2eda363ab319
+
+COUNT = 1
+EntropyInput = 2f6c7788a66d1198a48fafa5afdc654de3774966c3e4ae2e3a09b994a1a1b66e
+Nonce = 98d4066fa776c4dcf7a9ff9432fa6460
+PersonalizationString = 94ea29fd6732deef51f8731e1bc6afb71dda0c87c3a09705e4b0d1e34c4b4305
+EntropyInputReseed = 540b745cb6340c316cd4f5b552bfd2d5401613c9c2b5092545bc75415465c282
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4e64b602b76f191e847b1820a7290e6dbeeda10a7db8ae42e6e4552db6e745cd58d66f2a3b3c1d135dfd97e0308496332bd7ed7cfaca925e9b4c3c9a15049aed2eca6d4d55567abf449fade7ad35c4b620e7d5bc272e4ce37f42c7be78cfd5b0eecc8e18426c211b96f28d199393499e0639e3bc8e88ee2b5b19d0d27024fb11
+
+COUNT = 2
+EntropyInput = e3505cef4b3a2c0c3a0e9739b7787fd6041f8b633fbff10addbcfc7e8e1661f2
+Nonce = e6765bebf2805d677406b623cc580276
+PersonalizationString = a75c184177ca690ac8bc7fe5c3219a8bc5a2935a6111dfe4f9847ce30857904f
+EntropyInputReseed = 5f706cf340db410ed3eed6e460e20e501ee4dcb8670f7c1478ca92b717d35af3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e7c9847448d54d9d1cbc369d48391f2ffc518228e6df3236c37a86cf889ca903b25be7c009f1443cf5857c74a2a134ac321b9af7fdbc089bb3c2933b24a3cf3b465902d7e5a338f5cac8149c12bf85b08f221c8d32b7f0b18634e39a37aba8f8a102a8974fdd51adfb225f7e1764eb46eb13ba97c9c7353f550168570cd9c5e4
+
+COUNT = 3
+EntropyInput = bd2569afad5f050c39854aeef9e833ae617bfddb604c0a554ba6fc5741794400
+Nonce = 40d0c1dc62100fade5f0c56b40de0cd0
+PersonalizationString = 2d79cd678ffd92e9ca8df78abc01cf5c8ab5eabe715ab30d5da52943775ff83b
+EntropyInputReseed = 5dd846fd8f80799cb522236997a998385026c888db9e70ca042794e784ce2f00
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b4aae1ab9968d860829b8532a4ae5345cb88edb45ac9861b51e87145e477a8bf4f6a35c959ca8be6083688bfbe99efd57b5c01b32906f553f877cd6bc3b3aaf83409279db80aca602e0b9cbbe6408c18b154b1f1bef46e50bbda937970449af35ecf6de49f0ae54da1a7455db8fe0975d84075aef1463e8566c326d103d96576
+
+COUNT = 4
+EntropyInput = 5b065e50b53bdca13151f6aededce5f73aec14d40d7da5735266c281e5d6996c
+Nonce = 07dec5f241c919bf008e00c1cf110c2d
+PersonalizationString = 0d10d10cb808f09f115de01c35fa006506b0f3ffa0d836bc75f7aba3e56d536d
+EntropyInputReseed = dda8ff092849fba0df2948fc8e6c590df1ec851223b0b07c2572da8cd261f5cc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2dfb382fe54af46e7429a2d55c8127c65c238cc242d9279fb329aa39d9007f947e2c21f901b8abecc7811bf7493284712cfa46cf8666989309153306860319731391bb1fbeb0c7a063dd0ba5f69559f5999c03bfe1cbccd7bc4a74d95428096ea528cc5288d8022f6b50d133fd9efb154c92b653c997aba727b028192e95755d
+
+COUNT = 5
+EntropyInput = 6d825b6c05f1a72d8fa84b9396791e0c9869f8e7f0e7ac1ffbc79aecb62aab58
+Nonce = d6de5bd1574dd34833fe6fa0443e9085
+PersonalizationString = 4938233e9485f0097dd7a77cf102e9df4b00a4164a6f8f9137ae26f7a08d497e
+EntropyInputReseed = e61193cbe5d63da701a67a37f4cf16027d0e8a597ef2b5fffdb7db5ac15eaa1b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1904ddfd74099d996e72e80b90c70a23212059fb4d7ec6ea4498f8c8f7d5525ecbb6daadf177bece3b8b6569b4f1467a43b5fbc4961aa67575270ace0682a9a3cb819b76aae2f52b052af45de2eb21eba1371aa5de464c3b8fb2b12469017039b83ca54cf3d31a847f98e26729292d6d08c4c1d270d5dc5b302fa811b42e7998
+
+COUNT = 6
+EntropyInput = 50fab608960d112db7f5ed4bc8a9d900c62e5889ce7881b5184370f3a40cd6e9
+Nonce = 22a3cede0bb8de213a2cab93b3bfe0bf
+PersonalizationString = 381a2531fd3b38209c3fc0545c044a7a983a49c88a3e2a81ebf25f19bd45cbd4
+EntropyInputReseed = a05d715b87d8fdf3df753e1d8d4f951994768416d81b47caca6a823f97741e64
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 73b265dc7be63003ac4c3448bfd084e10c50dd4bff1393c7a518a507001130cca861ffb09e9fc620987e642154f6402cced33b98588be98461527ab3e211a889e89da18072cb747098147895e611d2fe40966be95b1e08a352669b92920b07ae692f9ab21e2c509acac5534474d151bb0a04c1dd5d195835529d9055c51ddfee
+
+COUNT = 7
+EntropyInput = e2a6393c4e65f41b2eb558407eb349facf6b3845c4dd13165baf610dc116caf8
+Nonce = 40a2c18d8e0d9b68060d24f7fa31decb
+PersonalizationString = abd18f4b7e0101aac292a113ba6ecbadfc8750cbede424b18133907b44adff03
+EntropyInputReseed = 78ad92d1382d2334083f54867b23e249c6251929fe43919147c1ec9d36db80a5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = da2cdb7decda7cbf4b50aa519672a91dd87c0b78028d5a92ad25c9404e9301a39be501dcbc08804d7beea91074b25e74683e91a9e3ff3378bef6c0c26404a05f1862e5419ef5d8a950e9e23c0b9165b140d047b5234e8113f54e85a9590e910498d39b9522b2b764a3bfb9f2137c736e622fbc9ea1403b398b9d7adf4b440eee
+
+COUNT = 8
+EntropyInput = 27933a4d95b6433f2ec81fc3e8039eebd8f8b6bf1394c85e1bd5cd936b805885
+Nonce = f8598e6f65e2d67d8316d56b60b0d82b
+PersonalizationString = a42605ac9d169a56b22fcab3c815092e9cf7ce682130b52726f80abb428ac042
+EntropyInputReseed = d432dd535facd82fb88b3968131f1e4ea3f7b21996652198f59dfd1db16df515
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 597a458e86fe6de7e6ac8df1006b498e4e62115e862680b10394d94e1603d8961e14060bcf96d7bde84292829c0c038901c3e89461c38b93cc6c510857027e58f5e54f3af06d8daf528a28c9dd30ffe9ab16fe5bd6a97c02acf34f5b3142fddf53d82b9eb0b80910861bafc1a0f3b6f1f2fb51283dfad8e0e7d63dac2c1615f8
+
+COUNT = 9
+EntropyInput = d6f8fe011a2e080b216d4b7357aca6f3822a58706a8517c7cec521bfb0227a1a
+Nonce = 41adf41dcb754a65aa9e2154b5c825f1
+PersonalizationString = 838829b7a3f5c6fa833eafbb60741519206d5d34d85fe0a5915ac99e12dc6609
+EntropyInputReseed = 73edd052b39cd2ac74d7c17ddb0136e354809f8048a0535e0b4a5ebad64d8ce8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 89c683035b7c0c5af68c1446bc4083a7cc51da09f4a1e9c66d96e839841b259c02ac6c960c12bb6242f4ba03383bc4860ca18dc912b97119aef23cbb1cba16829b7d9dcf8ce741258ceff269e8fea7e9ff07337e7a623bc6c26242c78abf41e6a89879956c6915bb1f85ed9efa366e3599d3e8607a4164a2c61452f74406ea7a
+
+COUNT = 10
+EntropyInput = c45ae6d7806786dda15e300f26c91b5eb109601e6118cac56e347df9708e1652
+Nonce = 85ff3557a92db12ef005b93866ff5f41
+PersonalizationString = 43ab6ea902920a965b15ea7b19bfe6b2ec7b6761754c8fa88b7460a556cecc64
+EntropyInputReseed = c2c49f57b7b1efca89a1e030dbc359b8acbc0bf88ab5733ffc3591d15207d205
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 790a8f6a3a816169b2c63062dc8f4ea6b5dc1112337a8365ca2573bb9d52903f9ef635496bfa1753d02764bb7fb3ded597d0076bcc17471e0069c18ee2d0df63d12568d0ded10f5fdd42cf4b18aca9ecbd07e3ac80188e7bc5b22ca0a4ff805b2d269ddebf3d514b0aa08581291bde6bbad0483f804bca7de03bb8b16e1500f8
+
+COUNT = 11
+EntropyInput = d297fa452e5659f39e000b45778007248b1d2b81c78f0626061a914527d418e2
+Nonce = 720ed1f7f7f4fce2e19313ec5e5178b4
+PersonalizationString = 53f20c26e83bcf014ed2e452d69a63b47f04ad0724ef1b5ba3083e279e64000e
+EntropyInputReseed = 84eeb5769bb93f6b4f472b46771a464c957c2ccd6f07dcbee31f09edf11d3fb4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 32dc229728e6b1ea8b4357d88a087e59454fa60d8e3843369ecd306fe89517738ae6bea1094b62bb04a99d838d96d024ac7b75ad83d018260147964c60ce9b7dccf78dcaa4e3c03fc084052906908b9846233aae7623997a92685bb389ff14bd4b8ebc765d170be87d2faae89530a903ec838d678d22451c185ebcaaee460e31
+
+COUNT = 12
+EntropyInput = de01f45b2dd8df80fd5c0c57e1eff623213170199912772fdd731c33709475d3
+Nonce = 6d18ec744a1943fec980ac5938c67794
+PersonalizationString = 586605bc3abffa25b3960b259b1c8e19c931b5eee1ee48f48ccfd053424002c9
+EntropyInputReseed = 24c51ce6f1b1fc8beaea4b02647a48205fe80785f1469e16149bbb748f458b95
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8262205906e1aa1c6a93a64876517ab771f6727dda55f120c48aee6a77a5a7b73477edfa7f9551155f7c2b36661f2f44fbcd8ff6f3955c2f6e3940f761e59767fe63f93fc3c58c0da7973e4bac1dd6038c1819c66c95468ab7c438ffdce360df45c5dd2554754ff7d5e5d83cfe904ae791e85786074514a969e538ade0721567
+
+COUNT = 13
+EntropyInput = 4c76639e708982cc7e59f836722b4c0f602ddeeaf49ad98fc9a8b72195c6ff34
+Nonce = 162e69a25c4f7818a562ccde5a74c3e6
+PersonalizationString = 7be278014fc689afdc1fa75abb794703ec4fc19b0f0b266adb870b41d3966efb
+EntropyInputReseed = d5c328e466830c87212f656d90a2f037a1c54a922b216bf422714fec37779a02
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e18cab0e9a533e9ac50df426173fe02cbd1e22e88fb96ed4f3e25af67c3535f0b4866fbfb371b7856a28c2eb611ef8bee99d001542e73cdbe01af29d8488336a69ed81d38e14b50f88bb6fffc19bc21beee0e4e1550c70264e4e9954cf7f09da663205c03e3ea4411b1ad84653edf3866c3ff6462aeb506b3a17d38b7c7b98db
+
+COUNT = 14
+EntropyInput = 1f2d244d29cd6fb53cabb5e4d931c70ae2aa43ff46e6d43bbf325279b4266fe7
+Nonce = f6db19aa792560b2e180c0ff9776a69b
+PersonalizationString = b77ac6d22c2c6be63633c0ef05d583cb732be155ea0f72d02bec7e8b3ba51731
+EntropyInputReseed = 78d9e4b62aa6a004b36ef4fe974cafec66076a2c6d85d95af124d2e336ac52ec
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 80be00a12bbbc6f683d632640c03dea75184fbb764e61a06eb4f56cb13021fc2107dfb9e0bff0fb89ed0038118d75c122ceb31a32be3f359020b1fe651bed7c81f96a39e399ae26c3fe09136c3261b045e987d14867d624a173b466d831c492e58a0d0ba90b1aa874b7dec73959c1936d6af5cebb9568e99bb9fb2fe882b4af2
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 6990734750a4e9b5c59374ea4f2ff4695817ffc94d166ce780206caf9f8032ce
+Nonce = 9167fb62fb5bf1b1c32392adeb3117cd
+PersonalizationString = 1f7e7245fea86f9abb1999f6638a2e5a4bd1121f52960db80dcef970b6696f1c
+EntropyInputReseed = 85727d6e385d55878dc10b84d38937db6a7530cea27530d6e3f41c30e60defd9
+AdditionalInputReseed = 34471bfc6854d46d5da8d624680f2d9e7ea7a2e7e47652245b1a3569066d5e41
+AdditionalInput = 2a02ffe392da0577f3a10eb5a86be2ea8a7e1cc2ee69be0570beba7ce672bc9b
+AdditionalInput = 79b451e4e97b14610ff6a8a80ebc9fe05b0fcc847f327416b8f5dfcebdaff3f9
+ReturnedBits = 08a1a80fa014eeede9f74af9232c65e32605ab2bdcb5402386b04abd6b839fdf78d5c86b970f99c3e48bb83a9dcb60f108910c3026efea635e3b5cb1513ffc3e6d7601b0e4f9c7a1a2d8bc7b287aaf9cb441fdf5d57a8fc9c37a61be19a20632078ab2ae36bfc243934feef7e3d670bbc7df3d4f08458be0102f648ae23c8ce4
+
+COUNT = 1
+EntropyInput = 5175849ff1a3e214c26254c011b0c72d30c4b8322396f891c1745bd018a596c3
+Nonce = 272d990d8447cf9b57a302fab8f1d25a
+PersonalizationString = 875fd556e46e9ac8a2274bd4e3a3a73e8d818cc55c0865445dd1ea5e00fe0e92
+EntropyInputReseed = b0d3b3718d7c521e48a1c4468712cff657697c9e0f013c762561a338fcab5d93
+AdditionalInputReseed = f3cd1d650f2fc203cf60e8911f12c5572ae80d6b695265a7ae604cf0da9c1ec1
+AdditionalInput = da0fbfd8d002b5769dec4b8fe5980a10fc6a8b6e5b85f191e14f5836351e4d18
+AdditionalInput = 384c29a9faf4302d808efb3bc081b2216ac98bc36b75d949707c9a4e87c254f4
+ReturnedBits = 7ae718f0765c97b597b05b44ffe5ae491620821ef95677b09caf20d62e9fa96557af49483dd0b8ef879ac39cba108d4dd0e676075def58a3451797e7365d87bcaa059353d9355071ab625acf872f2658390250e42019a2f01a70f226c0325b3d74170ed178859e27edd9452eeabbc48d76ddb516519dfe1480d877d971f2232f
+
+COUNT = 2
+EntropyInput = 41fa07443a25ad20bb685e85cc56731da9570f1c74b5080518a03a2ee54d81c7
+Nonce = 7b27def4e68d8fa8b79d364f47f44675
+PersonalizationString = 3704b8f74aac12ceff56a2b82b6b9efa3442551c71defcc7a859e4b55bd2433a
+EntropyInputReseed = e7b9ca3e969b19e190d1ad954d026c686cab97b4dbc21e3632dabf53f8262051
+AdditionalInputReseed = 3ff0994ad653e1019c1ad5e95cbd81a060bf3863e8bd1178609f9973a2325d37
+AdditionalInput = aca60296ef555cdcdfcc7139ab92f505f30fa181a1f8931a37d2c29cf2c549f7
+AdditionalInput = fea6a89023827c18de12afa2e92dd56e93e281cceae89310d8f20ca09240d385
+ReturnedBits = 458cb686f73772505872d68ef9ca019804256677de02cefccddeb8be4cbb866b828a7f2c0eff717ff5e534892f5f0994c2642be1efd2121f8e1a31c311ed595a1e7604b4e0549d546e4c6ca69d2b7150eeab8a34b94b9dfd7b69621755acb0d3b8eb55f482ca53db6866e4c49c2f4a2f801f72c97ee775acf7c77c7d4c443f6d
+
+COUNT = 3
+EntropyInput = ea4dc7dc2bb8710c5a159cd315b8e02b841ed0d877ef53701c6141f2db80c865
+Nonce = 849013a9f7563ce4d2b71df7a86458d4
+PersonalizationString = a9bf108c3d22bca5c548f22b0f81937068142a5546c7bba811e1ae1e98e455aa
+EntropyInputReseed = 962ab681315c225c119f58fccaa0d26ad929712902bbf4273617dbcb4e451689
+AdditionalInputReseed = 8d6b4695344e29ec97ebc85e6288187794d422a47bc9bf3e522d73198bcd8b05
+AdditionalInput = 46d28298fc6aa313b0070c9e4e8bd55cb528c2adde7649cdf623841ec6b07449
+AdditionalInput = 3522ff6c3b02d6909b9cc342096e94e12f83a7d305c6a7affca1938be0831217
+ReturnedBits = c2a6f115934e4c6161523640773cdb17743629e7c2a328f91f8038abccb7d26001408008cfee9b1f8c2ce4970b6937a4fec7439369c90930df80e1713ae666827c1acaad0de4aa67c944419d20c8b26b1919b7b1a9fd960b8fc31d2f02d9a91b73d01c75202c88e54f9349c22b7c7f6a56d9dd70b1148ce0192f30068b1b5539
+
+COUNT = 4
+EntropyInput = 7cbe691b40c09ac0d4e9656eb8dda705ea798bd126c914a6da5988fcf1f4888c
+Nonce = 65f07d2ca8cb42296075b09070d2de20
+PersonalizationString = 68aa6607b69c682da5e6ec8eaf0b34a7d7674dff5241bd23a01443224e1980eb
+EntropyInputReseed = e0ca4f5071e78120a578391c8372e4d47a96d0f53098ad89ada98e908a7044c4
+AdditionalInputReseed = 1a8e06247c8e5b34bac5efc875d88bc1ec261355d87a8dfc66f78ad5f0bdf36f
+AdditionalInput = 4bd78f0830d04cf369d3068f520ab109f212e0869381bf100bbeb3c795f3a3e9
+AdditionalInput = 182cb2b90230b36a6ff49e8d01825cd11bdf533ceacfdf90a4570628a5d13133
+ReturnedBits = 07a72c27c416628e28a5dc34046e8d8a5d979bfd1e8e46a443cb5e9465e74151b60b905194ac34df0548e214e02adbc4eb113a4110084c97bc6f28c401b3918bc012b3921c69facc5597af1c24725b7cd266367fe0f9430996e784b61cb656849b6181616863448ee9401c60aa520a841b0858974eba7095f9883e99111c7b04
+
+COUNT = 5
+EntropyInput = f7d4f3d64494caf72850bb57d421e36bf290176babdb4582ba003807f1c827c9
+Nonce = ea0103719ad6ef7da692cdbac1e1c247
+PersonalizationString = 7a5ed50ff21914936697415a02471b272ba1b0989df7c2a9d2b22333ed1296c4
+EntropyInputReseed = 9f8123bda186305be88cd92743bf0d5daa16778146029846c52fb0d1c53425f4
+AdditionalInputReseed = 6ee5477eb509e66f86044888dcc4cf6e46ffbeabf673f52e1dca43e54f7cfa01
+AdditionalInput = 7d47fa0cd1efe85b1e780d78f4e46e0449f360bf8cd4c92e3d5065926331bfc4
+AdditionalInput = 8269b3e4aa0f88c4b2d11db86a16138317f5082caee100badf0be13dc5b65c1a
+ReturnedBits = a38784fa14f505d888c6c2159c728d105c0cec32739c043ba04b8dc21e0c06e2b15c54217cf3326c668687ec17e13cc7219e24eb19bc60cbc334a4b5ee149846d33f602c8560538d718879f83b4a72ead6591553a5fccda6bd5b1fcdc248022b508b057d2976664a70b5ea5ad8b2e61ba737dd60a492713cd629e63ff0f0b70e
+
+COUNT = 6
+EntropyInput = 8468d148b0db195113adffb7b119d8b0e91a03b29bad6b3401b8326e9dc2154a
+Nonce = 11f38ad6bbb5bf8599f561d823ebcd41
+PersonalizationString = aa900748dac7a660d249c2d132bb03fe6ab52e581d6a953b29909d258a305afe
+EntropyInputReseed = 8097887849ac53713e2af2733b7d35153134b8f42ac3ba39af06c4d270f0a7dc
+AdditionalInputReseed = 2da8e5b4eedca1190283dd31d8113f255fd0551699d95ed24c0230cefd458307
+AdditionalInput = 4423133c011719246d138545444ddfac09f96832449f2525d003cf468c7a267c
+AdditionalInput = d7e30913de892acf4f56e1280b71bf9013cb1fb761d43d891fb81d659530221d
+ReturnedBits = 5e533fdf45f7e4dc9b6af088f0619b8034b75ea25baba3cd42529535d4bb3753762b7a7b91d353ca9d339b3b5a8e3cade90ab360ce4f9e0b6f982bdba3308ef7f8ff74d936ac980f7ed24b767aedcb7df37e2fa5aa973a11ce483c0e6c05b8482aecfffb2df5fda686b82c9ea07b520bdf0d3efbce7ffb86818d773803386aec
+
+COUNT = 7
+EntropyInput = be0b982448d333fea2e94e41de700666a4a74eaf65a0e6401c541c61d530df73
+Nonce = db2bacf0b219b90f5790350599a7305e
+PersonalizationString = d049d8cae0c92ba1ed32505323c944b5875968cf3bbf4cc0094963e25a82dcf4
+EntropyInputReseed = dd9628832c0282dc3280386a8f89ca5ba48edb2a2a35a952ecd476e322ad962a
+AdditionalInputReseed = f03133cb78b284d5151721f241d70ab2d3264124cd130221b6c9d28b243d594c
+AdditionalInput = b7b3f9dab15c8930eba3d8d9e08cde90a80c4eefc3816092aabb36a8d62d3fe6
+AdditionalInput = af0b63f411af3f97db3302156117d736b1b9c2d8be193532e368214afd2e1f74
+ReturnedBits = 7d70273063c51489aae2235349a0dc81299e460d5ecdcb7b00b596a5e423757b6cbf4b2ab18efc14bbb6f54c5da4ac7effabdac6dbc3adbf3074dac35d2a3086708dd2a8dba3dd71de97d008ffff00d5a5c3c52f60907a9a488b72158dc66422cec5e6e4ba2544c9d696729bb042bc44df0a00187761c4aa76ec8896a423f5ad
+
+COUNT = 8
+EntropyInput = 93a9fd5da0d076d1f4cc45dafa133561964cc964ab24b30bb8f7f192bbbfa754
+Nonce = e6eb35f58adc1e138551152876d278af
+PersonalizationString = 10567b6b63a6f3a9c1ec2c39fa0041e7b0283d3c2debb2889fb15e371e904981
+EntropyInputReseed = 9845b682ab843107dbfe3fb600af166c30e6803c600f8b35ea342a0a628a021f
+AdditionalInputReseed = 81a84f906079cea5b532db29d0ce7e282d81fbaa8175591b706d917526a4cf38
+AdditionalInput = 9d32cab75ced653db5d56d902d353020e05e8cd8fdd819892be220d873514faf
+AdditionalInput = 66ad568f713f4bfaa312801eb5450420b8e8b8c9050ff1b7743cb3da98173887
+ReturnedBits = 78846481aaec97587a87b121fb35f8ca8a6f539fbbd9da00103d3024257cafe28ebe37105d8d8382467e7b3653b86bdcdcaa7ed3a9ac018ec63aad57f4ea1997d1203bd3895a135af8f6a38ebd6e0e366ec1075c05cbc93289633125be314969e9facc1687502e238168b6e90b2cf96f2ecc1562316bf7c3501bff9e8d785e33
+
+COUNT = 9
+EntropyInput = d1b191bb689770945030a354b2b34d10b1efd017751ed0e536492c36a1922fba
+Nonce = 312bd4e68027a51d35e1880172d4545e
+PersonalizationString = 84425f04f3390d31ce4343ad6457919f0e26858f85711d85937c619fc64a0222
+EntropyInputReseed = 6fcbc901b5eb8e5ca64ad7dfdbe2f89b67d527788ddea88757db4c17e20e6d97
+AdditionalInputReseed = ac9cbe5a1a22ea085ca7dc272ba7281c78e1e69f7a50f77735e7161b0db913a6
+AdditionalInput = 36678c4c6d9604d39db459754cc0c30cf6bbd8efa24ef5903d06cfc24aaf9984
+AdditionalInput = 71acd0dbdfb8f115715b863f3e6d567c738c0a58f0361cf8bea5aadf6f0de9a4
+ReturnedBits = 45d6f916c4f37bc3dde943c3cd4429b2a5222277738e95144cf76769fd80b806d2271086a114fcdf1a557fc7ca9e8b50e7dc96ab3f079aff0c558c630b54d05716540279c4b081fdf94e0cc2a36a995151b1a596de185d61373dc4ac1412e3bc737ed7f473fb9b43fc429467ddd97f389824342b25c764e58db51572d930656b
+
+COUNT = 10
+EntropyInput = 59a6ee705dc019268fe9f237732586c9e09408c671805e48c9724232f3689967
+Nonce = 003216a766aea6371d151625f42c924e
+PersonalizationString = 9f848e10f31ef7790c107a35eeb4d2e7872a7c0a7a6577942153a06a5009b1a3
+EntropyInputReseed = 75b12bbae7481235d3fb6d49c234b389a56474d071bf3235523c7650ceea9363
+AdditionalInputReseed = 65a4d97780d7842263324da4ae2f1764fbe0bd320122d8bae409879da6f41877
+AdditionalInput = cc3b5d8db2ff3cea3c9d886f375b39cee2ec8d6b76f14f63d2f99710045478e4
+AdditionalInput = fa3abbad036334faa5554cf59236dc25686962daddbde91ad790e6ae660e4526
+ReturnedBits = a110d5c14345dd1e4cc5a2d0be4ec126faea09578ab9dc257732c0645f42278fd99cad25c6909c0e78a548ed41eb18250887df508c8ac1fee8959dd525b7e5f461b65bc5294e89f428d1bd7d2034a2ac4eac435796f2b1dfcb3271b6df2edac7ec69cf156aa1df91a861c43ab713a3adf1f9fad883d200611ac3590e80f6e902
+
+COUNT = 11
+EntropyInput = ee1421f302ff4864f32fd7abe39ff200ec66214137f7881154c461ec504c1c4c
+Nonce = fbad3ec66d0310268d8e20cac3bf27a6
+PersonalizationString = ed834befd05a5d647675ea5a01bf57689b150945e68d27c4b2a6d3ce18ad1028
+EntropyInputReseed = 37eb246842cb3044ab8fb422938fb4c21e80f50be19f1236782c53a0e7de814d
+AdditionalInputReseed = bd9e6e85fd97cc39f9ea67f1f175d2dfcce6d7aba208784d64c52b6cb2e5c6cf
+AdditionalInput = ddeeeb2b0c660c52f9416819a8113fcc8dee7a86343de3e6191abd123aa5ba36
+AdditionalInput = ce1a2880b0aafd50ee5c6a3e5f92d315e9fc731e32d1b9e31a111d0e97b98463
+ReturnedBits = 449dbc4a162d15bf5d50aff660c6adb9a79002a059cfcbd5febfa5a616ad9d0347d6df750ce46e640b4ecdc77ebf722f6e80e9652c12b51b92cad994fe53d0700dc43b635b7c3db734f003df3d6d2b17dab7ce2f96d232f7f4b2d678a8449c9ee593a9d4a73dbd7da1fb73f149a5618477d9a4cde2ed538a307ae217cd8b8d2a
+
+COUNT = 12
+EntropyInput = 63cb86d4a92e1883ec0df5316cb294f576304585c425f9b22107552c85ec2546
+Nonce = 66ec3d1ff1c3ca7c90f2a2a384fd87de
+PersonalizationString = 358d6de973ccaebd660048a945d014aa73ce5c262c685f9bbb86484bc2fbb10e
+EntropyInputReseed = 28b9eb1921c8aa6355270d531dafdf380be0b81cae8253d7232eec88c754cdee
+AdditionalInputReseed = 74b2dd8bb951a4036e2fbfc124166a0626ae3e97991a0a7bffc7ccde2cce4133
+AdditionalInput = 18075ae3648feacaa873a22efe1b3a2890144c950c6a01ed8a065ef972d6953b
+AdditionalInput = bab9a65c861c24aad23cf23ef1c598dacb1e65a3210fa83405d299e5a051a0f1
+ReturnedBits = ff791f2ced869c1b6683fdaf518219bb8e9dcaa0f563f713db41626015ac6e072309675ce674d9038323c7c868fef3e76fb807c640c019cbdd6b9a69c03d8c5982361d9d64bb741c20348da150d542a6641e7065475ec8f225c34277b1d61ee828d486c1a02bf64d7b822c4849492fdc46c7dc092d978a055033853d3188232e
+
+COUNT = 13
+EntropyInput = 39267160b1234b196114a54bdb3d4d11974b76645f93afff05a0322a33051243
+Nonce = 637a21f1b84c2f7da89a05816f82bd1d
+PersonalizationString = 781f6e98f8fc73ade6af7cdbb22744ff44b23b871d4d5fb9b05bd8340f749353
+EntropyInputReseed = 95314dc12a4a8ac5048a4ee67e867d3f8808d8d076021b22be9aa4bbedbbfdf4
+AdditionalInputReseed = 167b54ef0949b12ce3351ad29400f39d85e2d7b102f3f6283549d279980a26f3
+AdditionalInput = 19e4e806b3c6f9fadfc7ccfafd0bdd9e18b1a18aa7fe6ec3a9c5e925ce03e9f9
+AdditionalInput = 016929cd3d969238f52332cd1f0ce2facd9134211ea961890c14185040424513
+ReturnedBits = 2ce4123a103c0c36633e3249dc645727f731a71a51f612e6199d28fbc041554041ed3f13cfc0dfaf31ca68b2ad581bcd5d9731b5f1a0a7f60d38ad9eb983db2bed30d3b7b620acfbcc05cdc46a81acabd806e1493337f2906efb2e9288245e07a47dbcf583884f6dfd74f0b85aa839f36f6f88386348659c19c00e7b3f5e8667
+
+COUNT = 14
+EntropyInput = 7a6b45cd1c542f62feb119a58a1dc329623beec892e431758101e4ca8f1a8ae6
+Nonce = ada3c14f954c94e3a78f6d42beeb7456
+PersonalizationString = d3cc4d3a5302babf92ba842939d7280a46c490ad1ac791daa531bcd967351c75
+EntropyInputReseed = 3226d0053f39f452da63dbbc32f73a4544102495dcdbc1982b423d441b8f197f
+AdditionalInputReseed = 9d4c6eab761287c733e5372cf68e7a04c19263d2ac56f75c8f3b914b83b9c153
+AdditionalInput = 9542f4efd56cc5ff4d422a16bac3ea7e2f2c6afd85b6e6cdd9128e8e7d9585f6
+AdditionalInput = ba4ea3dcd8975d227fd653743be5021bf3c4d0dc3063ba95f59fc3133576fd59
+ReturnedBits = 472081c3e98500c6349c2a0b51e45219e0c12608b9042b7e6b8ee59fcadcea764ea4d7b555d273ce4d9a28891ba54b9ddd9229e9a65a3e3f2ee9fa6bf6df98a119f37f8e7d725743d17c2c53bb0654f6df53d6fa522e5186b5e5c7844c37765434ef0f1d54be41eb8615a27d33c4acf14ac600cda72ab5ef0587426858152602
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 5661047dd2e053a91269696aed79ca80109d3ae95d61aac21137cdf0213a26b5
+Nonce = c658197c390382e084e00d2b0a7f5778
+PersonalizationString = 
+EntropyInputReseed = 5b965293e66cca9b7aaab22c906d4d1121c6589c30f41d768085daba5cb2d968
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 47b061f52438858f28b562df9e64bb59fac776ff3271b110c3e52907b1b75f30460575b5d568b723f591a67e975074207f19423489bcc88a2943c588b40ef789d9b66c355aa1aa821723faf02e1e92dff82c4209eba2c80af454f2ee409e79d7afff6f1e60d2f592d4c5f6e4656a7dfd667b66887da227d8bc51f970b3963e28
+
+COUNT = 1
+EntropyInput = d5890253700672f813b957b0e60a6be64718deecff06013d454ffa777afeda5e
+Nonce = e738bde2aede7250c19ee41b89343c7a
+PersonalizationString = 
+EntropyInputReseed = f1d569a373968274654e2221f52f94f1c89d87eabe2349dc5653c38a0141463e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0706b207a4d595f53fb3bf31898044781ae7193414f3f8f82a7017443b732f988d9f24f3629e1d317b484e32df7383443a4039c15ed5c2970f5e016700451c73fab346185ee35c4d3ccb043c29fb860d60dee3fe42e6afbe87763c0c9dfa202e63a805360f1798e6907c5dd42839dafe9c7d7fe492a797dbb3826ba0568bbddf
+
+COUNT = 2
+EntropyInput = b108844081cb0ea7112e27213bbb3e451c394022da96eaffbbfeea618960a031
+Nonce = f5d7738a1e7e78516152fd5d8c85fc3c
+PersonalizationString = 
+EntropyInputReseed = 20b5548529184b052b4e6280a30c7033d83aba50ce6f2524db9b7967ad049e18
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 71050587cb15f4110aa361e11b1b5e622c2a486c06f8f65f35eefdedf24fbde327d97cf40970b554fd80e0bce2f3cc5edd4f39f3612c08b7c4bb17226345e9e783c44818158ad0c477649cd79707cdab9f7b072a1d0e60d21bf03d2cdaae798bb26c040c39fbf48ec8ee71a5b35f20ff42030c637ec153e423cab7130446a0a4
+
+COUNT = 3
+EntropyInput = f1063885947ed782c356af861cd1477611eb664fb1dc9bd8078e8f6dc6acea42
+Nonce = 407762b1baedb468aee4d88a4af92c01
+PersonalizationString = 
+EntropyInputReseed = cf9bba9bc6f324daaf625f26a5cb7df8e8e49afd0f1046b4ecd427bd6f6e5bb7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 167d4a54583bba77225d5ce88ad81fec343e706a399617c5bf1390653ec81f983574caa1d988b8349f480fbb2a59b00cfe36d96eae166e6df621d931884fc3810bf9181e607d8b5a5a40d8f6eaab37c13990d625ed920127682a0a442ca4477b2864302714b0a79ecba6282e7acae065217ecc5a687c38bca7713dc59c026de8
+
+COUNT = 4
+EntropyInput = 0f471f44e9d3e1a19ed30c2710aee3fc78838363e7078b1d1f5d0ab293dbb618
+Nonce = 8d51fb96f02c3ca81580cc847f985cfa
+PersonalizationString = 
+EntropyInputReseed = 709093ca2a3f483a1e016ba70aa34b4d1d35ab9ff4cb92e6fb39be89c4a7ea87
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f4345ef177a516e4ddfc35cbe9becd67187846490fa8372f9bf372fdbf0404abb105186921bacc77108474876c998ee20167b20cb69cb04bfba5056f91b569606829345b3471f827aefd72a3601402c304b26f9d8489d85e065c538d5e400f569091fe5abdbb133fd23be3111e58413437b4d01ea9cc7a76f514927e814e3582
+
+COUNT = 5
+EntropyInput = 5338e30176fae9a418377b607e836ec56c61bca1ae81b26c80aa62381573e787
+Nonce = cff6adf530d9e62cafbca67066fb1dff
+PersonalizationString = 
+EntropyInputReseed = c9e4116e4bd5940e657ab11c86ae25bc249df8f2a23e0b6239a8b8ec2e739cac
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ed7fd7d39604fb1b78db0549cd99821738fdf45c973087088b12c585aaefb7bc5b9ad2446c36b867bad63513bb33d03d3ec78de7060e4d8cb99881e88e4bf470e1fd1f526af4e8761d9e014ada47378d4d1ee5809e6f84e3fdd409217d85334787163cb2b10199e869e112e9437913d5f752b53ffce57f29ca6eb982242a8a57
+
+COUNT = 6
+EntropyInput = 0ed9cc3a2fe2c5962224c904400b24cb528a34f129b78ff1005e93bb28a230ea
+Nonce = c9d5f38e2fd8e73f4ff26e4d6695a139
+PersonalizationString = 
+EntropyInputReseed = eeabc2a8005a58c264e32e945cd6a8e0ff08a9287c5172121e6a525dac730237
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2a505176f6bb0f79d945a9b14504fe991af7c1ed5dda06beae9a11dac932f178ff5354b921a3db4d5a48bac7f2d58e7f0fc964d41d6b8384bb31ca557a9fd1829e6439f462e5da13c1db7aa6a93684a6aefb35f57649499f2ebaede9caee47769da4fc259396f6f62bda0dd5fefe3461d731a73a737e04c31d87c779fbe4411a
+
+COUNT = 7
+EntropyInput = ed806dbde9a29a5016c9c8181b9b21ffa0d0fc848f26b73f1f7e2d1992beded9
+Nonce = 93267fae77342255573548fbe18e1e06
+PersonalizationString = 
+EntropyInputReseed = 7c0fc90bbbc041b80e0bdaf42a87e3a683de3a6e0d494f04f30971c49be20dbc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = da7517c1d8dc6f6e92420dc10c3106d06d9fd8506e161866230b9a6a1981e150d84544e425509c4f69815a5d516d148a24bbec1137264c3ca655f83b179f44a346ebe5515a47bde3b0df21be83801a839de191b9a83343be5a08e4e9412d821fc81cea3475dfc8fc3ce0d7fc989e05de42d4e034c6d83c713bd5b504dcf4f8ed
+
+COUNT = 8
+EntropyInput = ff0a0ed640a93263446fc5f6dfa94a48e64292130ffc1ea882cfc158a1e3738c
+Nonce = 8f6305e13711a9c3574dcb346c4f0f62
+PersonalizationString = 
+EntropyInputReseed = b192aa9a37d01754ec5bd43e216e0bf9c5f8039d50fdd5b76beccf827ff1704a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 98ccf649cc8b1ccb38109e641a09ed0e049698da47ae5af638bb7e1954f1026db88cd6621d555c0d872831d87017ab033534327f5228192ea9cece87153cb5d5e13f91cce05bb934a8b0e39bce54e4d7faaae07dca8df15e6504f1fc724745fe15f417d377d734deaec32fe2d41045e13de72d16b59641e893188832077d225e
+
+COUNT = 9
+EntropyInput = 424fb353dcb299a8de6d2b56271b69441a847b923dad190cc9cad7a13cdbf540
+Nonce = 39a6cd61f7b816ca914ae090194a1935
+PersonalizationString = 
+EntropyInputReseed = 19b65e76f9751bfcd76a04a5acfe14702b2c3e7afbc92fb559edf9aa8b953a39
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2c9d10a06519721386d720ff3e51a5d6d2d23f98ada910dd9e085af6bbc7d262cabae77514fe9bb026dc8f1a9b252cec8dcb4bfb1b54c06523a441932ea1823c44c758a6c9f88656cd42fbcd3076c006f1acbf6722fef767ccef8dbb5abcf8e758fa189b616d9ee6130b84bba2ecd1d26f8408736f1cd71d92333681e064b5a6
+
+COUNT = 10
+EntropyInput = b32f28fef09893230ae7024714e010efc880ac923d05f4d62ed973635efc10ec
+Nonce = 1967a747e4ec1d5829292abf68561c29
+PersonalizationString = 
+EntropyInputReseed = 3f52dc2b3d4ea95b7fc02cca5cab3c2cbe14f28fb274b415ba353c43a0bfa3e3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = e30653617d01a6726aec9d5fe50e807dd3745e885c0aeff13a07196fff0584e590751bc0059a9242b2b31641a515e240909df8bfbd43e66a5463baf095ce151e62b7c494c21b61f6a275a5f52d32395e00b47db6448f7627e7df9542b5b0a6414f2650102b14f0f96565e73a563e8719e2b322b28b2f3d836f4129e5cffc0144
+
+COUNT = 11
+EntropyInput = 32c11a5cc81f8e15a3efe94f7cf498b338dac28c49d03f287d84d5388bba2e9e
+Nonce = 70d75cc1c53b57fd757f484de917769c
+PersonalizationString = 
+EntropyInputReseed = 98ff17b375f8cae80e8614afe81e96e0bf24bd161a5226dc700375d6c4972782
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4884c573dd45d6046202ccade93f92438bbd6237066dbe124a80d0eab6d3768ce2e4890650f6b16978eba3d69350ec9d4d23360d5776086ebf2136215f7df18476b2acc27988a01da4bb3ef6eda67c40f33d95850c167a73f4c968c7adea24fcb9c37226a8a79fb648edb433af4f9b7667fcd4ba4959a46bd8cbc49837b10dbb
+
+COUNT = 12
+EntropyInput = 563efb029a7eb80db9e0eb56cd8f9f08375be04697f99bdd4132db4663bd38c7
+Nonce = dc073529a2172891533effd7225b2914
+PersonalizationString = 
+EntropyInputReseed = 1ade27b1dbc69e7457f863be5ca1e7ad84907f21a235d8df9d901a0aebdf6c6f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4c8bfb95a75837b4eabc8914435c6ca9a12985116d8e75d1465afa72b49121e4134104211e00ea4a255f28ef0b3ca6d3071d39d370a70c0ac4d28cfcb5cd2e6fb523949b02355b7e55dc83822396bf7751838942ec23fb017fce87da43f6a3056ddd24a985dde9956d6e5b03e82f2448e6c5a739e270d7789f4189680a93cf6f
+
+COUNT = 13
+EntropyInput = 67b8b11e7448e83e74751718a1ba0ae39196e42e50610a12e82e32000fc3e3c7
+Nonce = 07fd7526ad35051012ed733f0bbdfffc
+PersonalizationString = 
+EntropyInputReseed = a6c2993496d792f2c7107a2799caaa1ba43a15810088b1d896bab248387f0814
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c58db2f786d69fd30322b7deb74365f19043500c4aa795d66799eb3986cf5d9df2b4b3f79f3d374883a93a1f2f39660793aa5970c7a9d8c45a8a40b7dadbb78afe540bc15c17d83fe6a89d344381e1335ab5d7effab93f08da060f68ffd5113511a856c703b95d9c5f90cf838b12fd0979b4be0362dbf05fc4a26aaa3e8a974c
+
+COUNT = 14
+EntropyInput = e4addf4141e0ceca2db1ec27663d8f77a66ba2d9c84fa9bdfe839f55c48bc822
+Nonce = f4a62497fd0abc14b60097797ec90280
+PersonalizationString = 
+EntropyInputReseed = d363386c86a52bdb14a438110d56f524123db43137c048c2e2c7afe38232aae7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5bcd6df7fc2037c47fcd4d5a21949f406b7e0966ae85de0ca1f95a2bc9fca4da9f6cf58b6689860ba0622266ce18a21f4dd8b91a0f4fbef51978d2e1b3986213e5fdd71f8b2d3cd43512c8510378342ceb98805c0e5a33d840c73d18e7cd33b8f1af8bb73dcd4a5acb7f855c03984461a507fb7babaf21de1fb4b7bbe248b82d
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 94450b61ca24d8f4d0a63097f76738be171405715c73ca48b61a8be5599fdd2c
+Nonce = a4109a4a88f8d52cc382a839cb303123
+PersonalizationString = 
+EntropyInputReseed = b3b9cc78295a99c34e9e6e2387ab159ba74efdf47e713e9dccffe12444fa3e3b
+AdditionalInputReseed = 49202706f38088327f6331526ac6fa9ec933d6097c4ba1f3adc154e73d296cbf
+AdditionalInput = 980f3f13304900ad37ca3cf95e549563e408950a8304539c4bc8c56a84c7b009
+AdditionalInput = c8ff9fbc5212b4eaece03f1114c1ecfe47da36013043f14ca164214e17f9e1ce
+ReturnedBits = 3e05d7a574f94b86a50d006d63c51d64f59704a9b833615bd0d99034019cf03b3c9206fc1a592fde416ac782f60a10f1c98117a882801eb8e6c737e1f5ae816b76620ddc68043c5924321ac96be218b78c29c44e78042300d14250b7c688b444789f2dac1e3312bf7e6909b7ae439039770f645f3e5b360a350b8f1ca1a254b8
+
+COUNT = 1
+EntropyInput = 4e19b98a077bd3593cd51c42eca0d30e2a4785de0976e827bbae71913691f1bc
+Nonce = 88859719799402a7ab4d74d60806d382
+PersonalizationString = 
+EntropyInputReseed = 73175f1cd3b7322be01b8cf3caad706e9f8da787d26e0ce8bea9ce6c23ad2d38
+AdditionalInputReseed = 6ab4b41b485a6fa481c2e22aed3cbe46559d7f18551cc6ce7a776b4525cc0269
+AdditionalInput = 36b364bacf04addc4792b6edc248b9b62da5daea639bae150a40451e9d3fb618
+AdditionalInput = e1afbe32e651a76cd0e145f42e6c9749a49c9439df90379d555a29059ffe9f4c
+ReturnedBits = 046b0ae7ac703c274e590f2282261fbdeb176d2cf86bdc0a1c6075682087b18b931433ed2fdb710cc5f54fd226e8dc7bca7ce14e40fbddb8fae4ddbb0dc1199973ab638dfcb1e1280334a03f586c80c2f2d9a0022014957012bd34e647eec2693430268407fbe3bcdf9f8f2d3a433a99b7aa1b22fe0d47b6d6aa3f6fa5e4003e
+
+COUNT = 2
+EntropyInput = 03a1f70ecb64aa0768ffeb2d0743113045f3d7e5e377796b9ae8b826024ff4d7
+Nonce = 8755070bd7bcfef9e1a7a3e1067ad3dc
+PersonalizationString = 
+EntropyInputReseed = 70266b7938fbef75e77fbc95915f14480f60b1b75b50a3f2a38d17daffd14ee0
+AdditionalInputReseed = afcc3687cf456129f13207fd031d5248f4b70c36adbbba96047ae960fdb67843
+AdditionalInput = f155e92a5dc7a9e2d9f4611f150952b6aff89f662ab8c62e5ff20008e5c56fb4
+AdditionalInput = 7f287d793471ad08a9b2798eb8d00af794c4737ca683a1d1ad51b94785677755
+ReturnedBits = 5dd58db1b8bce05c8297694f0e771ce79d76774ec480369cbd6381bdc7f66946aa6c5870a0029c4ac78638b2610fa63700fc1faa2103af7a2fb9a87d94201ffa791cf983c1375efc2e6e7d6565ac423a0e89526efd4fe0df1ff94ca3978e46459b9e90f85737b002f3d3b4d9bb1dec26efca44fd55c484889ac6a55362d489ab
+
+COUNT = 3
+EntropyInput = 586ada42d6ce87bed4e3909f920177a27cf22c5a5def98b65f63560bdfc11d18
+Nonce = 447d4cc5ed6f686e4ec60757ccb0cdae
+PersonalizationString = 
+EntropyInputReseed = c0d5bcc408f37002914e7b5efb1d2177c90f1150a34df5a57c43a948de86766d
+AdditionalInputReseed = faf6309f2b6935c364dc6db5c880a5e7bd931f9e4fbc0bb83b7be9240c9f9ec7
+AdditionalInput = ab2cf5f613513946668ad75eb928ed80ad1d9ddb80f33ab1a71e8ea0d6290984
+AdditionalInput = 329f6a1444c8ad0756e32d5d99628622d5513beaf1247a4d7bbf693de2e22396
+ReturnedBits = db9ffb84239cba529d6f043fa256dfde2f80cfb30f74238ed740178a77f71e0d1c05ef70fda03e4a4a8000e1fb2b46be45b6d279e3dadda3236ef36a480245e6b6c5e8fe92b54667aa0e19e0c122e20689d41d2b0218e176d55fc8eb921691c6b8328136b6dc360f1d495a217769a87fa4d182d87ac6e58791087c603f2973d3
+
+COUNT = 4
+EntropyInput = c1dc28e3e035abaae6c633dca5e7fd2ba1f3f15db5d40bc39dd45218ddff851f
+Nonce = 1cebd4e3354e886a523e2a84b23389df
+PersonalizationString = 
+EntropyInputReseed = 6bf203bbafb8ae6cde82ed77bf2613f9a52483ce2a8ddc26b7c2b96886d54c2e
+AdditionalInputReseed = 85631356a695deb16852fe71b6d752cb7bb7873cde59fc67962060737b1490c1
+AdditionalInput = 1b7474e9c607e3f281cf7fc239ec6ca0d88e672d5d35c951060aea1cc1d579d1
+AdditionalInput = 8a67be8a3fe2675ab8bfa530d8b8af6dd5f4c202fc242e140f954202e16f4379
+ReturnedBits = 9e53f08a518358aaf833805bd5cc5f1dcc251380172c75f04a03d69d5e58b1572a3e507223e645c414a5b33719dd695f6926d586387998fd5ae2edf6d4edb9daeadb7478d79354e9120cef2bf709a8771e33e5f89fe749b7f6a22419dbfb3f5c5b0ffbcdf6951149cb08c73fe7773c354a7bd4844f069cde6eac3526172e1189
+
+COUNT = 5
+EntropyInput = f0172bd7e0a48df01c352d0c8cc26bbaa67bd32cd37223b1d0119876ae141538
+Nonce = b9f8180103cfb6d7352204d35d94a096
+PersonalizationString = 
+EntropyInputReseed = c0e8784d96a0b1a8b32afd376ac4546c6a6120c32384e25dc41d203314905622
+AdditionalInputReseed = f9292a9e6ce580a559034fb19ad17f116b81bdb1dead2fe1b06a85a53baada9a
+AdditionalInput = 8f1b18ae1147a5be5c275ad9ab47340632cf7db0c99a34949a13ca2909ea18c5
+AdditionalInput = 8f3c2a106c0f22c3f726698e837afb4e06d3ca631d4cc714600f76dc404ed10c
+ReturnedBits = 28dbeea1b0cc04681e3f9932e31f4a247f5293c9dfe6ffaa2d0d1c1edb2c724dd6d31b3aedbf57430abd1632e9a3ab1aec3c0d159adf5267b7a33438d38725f1febc38bd104c0ed1f15f657fed167452b2a7e20ffd75ea913cbc34410f45d27d130e1ff2b83aa800c11a9379a52b1ead74aab1df1e89bf4a85d446aa989787a5
+
+COUNT = 6
+EntropyInput = 1f11e8c4e20eb5d0c5ef94faef02e9a41c58972e1448c94b8733e177ac9efc7b
+Nonce = 28849cc0387edfe6df8a6f06b252be29
+PersonalizationString = 
+EntropyInputReseed = c882f6fc84bd5da55d0766eb62e9c8f2d96e6bf77446e2212c11395eb64f7e7b
+AdditionalInputReseed = d1ec6a80616479316596b64b037b4f3695cac535dcf507299db482f96030a0db
+AdditionalInput = 0db1e66549ba325f02bafd460c2750de4a8a7b3710582a4b9fe2764ff9081129
+AdditionalInput = 9a827def44e983606f5f397b734909fb7940ce16535d667aa21b6cd3600707e3
+ReturnedBits = a408f3c78a34f7af3044f66d3fcd57e1375a52a280d9221b27d35a136943323a7647a5df2ed8ed32efaf2b5cd87ae915a82cea21c4558b0a4fd5124e0628e659e7daf3aa5c04ec2d73ea635e984f9dce6826d3b2e53ede2ba0655353fb1cd06df72d5c11fa792a748180150f457b6017b3fd5ca1d7923ea57333ea02f8903ea4
+
+COUNT = 7
+EntropyInput = e544e6521bb0f86593f62903fb41a3842e2111ae98b7b17d889bcc549981a8ce
+Nonce = cdf599bb5f14c0742843f74d5b3960c0
+PersonalizationString = 
+EntropyInputReseed = 4e5c6b57d2a931c35cec58f347faa96115dee6d6b25e1eff59ba5f7450a89715
+AdditionalInputReseed = cb9e5d244a1c2d719df75a38ca012d9740c902c16f26f4a2eb3d81e88529b15a
+AdditionalInput = 6c1d66cf72c9a4b6cce62e0a5d238ace945bc20a5210aedcdb13768e17e3d13d
+AdditionalInput = 1fb00679086596ce174a046a609f03f7156dbdc48cd6dceac4cd65bfa856dc6c
+ReturnedBits = dd9ecde9034653b3fb3b318e6ded01d9a543eba622eb46f7e1f29121720e2cdb6d7f4f462adfe1b0c39153db5150f09aa7fc18c686cae9aae4d49bf7bc024a6489f8032c38de422f116c16aa56b15fd80f97830c8fe682b7aaa7cf9eb58dd3c045eeda325f336df5a2ce70a662b994bcc64b4cce86eab0215b70d77a107e6637
+
+COUNT = 8
+EntropyInput = 97a9e6c63cb205bcd67ed5d3282aa35ddfea480369e822c544723dc0e1f9c9cd
+Nonce = 296ecbd6f94e27f028583b0dfd2f83f0
+PersonalizationString = 
+EntropyInputReseed = 94b7b27da9ea0adc34a4f158f1dd5e15eed56dce5408f02ae86c275ebebd041e
+AdditionalInputReseed = 6246a9f14810cf2fe102ff7e9d6c6a9d5da188e3e02b09588e2d701f2eabeb5c
+AdditionalInput = 4611b1aeb3a082b439a88ec5542d7b248edbb663e90915ad0249c7a5e6821cd8
+AdditionalInput = 1474a36c6be63d774bb64741b0306d68545cba9231574747409df1d12b9c129e
+ReturnedBits = 42cbb599ed3cafd28a99e8c4dc76661d6b15370f7760938112b0d70d6c2af3ede37ddc27cb557cc608d0155aec44265a239a6ed0d691003d332bf7b2006796b0104518acbdb4b4d181be27fa132eae329225f283f1b9f7f4ad6c3811d5720f5fd65753fcf908ccab261804e0eaa6b3d230c19a15a8cb93069a7d8b9b41e12b2a
+
+COUNT = 9
+EntropyInput = 3f8e6bc9cef58ea39776baceae8b732a102d25cdd5122aebcade2b315a5cb4ba
+Nonce = cd37c2f2d31ede70ede22d193fa4b3ca
+PersonalizationString = 
+EntropyInputReseed = 5367f267bb12aa5ec24726a7c00c06b605ccd8b08bc92b16d1b7580ddaae9f8c
+AdditionalInputReseed = 4b6453678e7503eeeb0378daf5031c2a7778674c8f3750616080e2f1afac93ae
+AdditionalInput = a84ed49fc9be9761123704aa6f8eba44f4e8eac68f783e8b9766b22891621673
+AdditionalInput = 70e01b607eeb6dcc56a5ae9d04e526463614a8925d6209d864c47b9eda57e553
+ReturnedBits = 7d22552a12bfe973f5eb65a30db49ebb251677b154a5e7d3f7f266b72864befa06bb3c6c2095047277a0766be3d0fadf7e2fd2de0f67b5c0b75caddec9ddef8ee114d21f61fb938e3810f2bd67c4e723f8d5bb83a15facfa8730dca10398c4c66bc97756aa93ac033f3ad89cccca99cb0dc52eb9c598c981869703f7a3886355
+
+COUNT = 10
+EntropyInput = b91745853274ca7bee05738b3c60376059d2bb29988b08722754d0e560faa71e
+Nonce = 36e8860f34acaafc687eb5ddf748c816
+PersonalizationString = 
+EntropyInputReseed = ef1d845caff8de8b780b2c1cc0494ec7bdd05c50251f9b3bdc9616dd7293bab9
+AdditionalInputReseed = 024f155d33d09a20daff75d48d452f90acf22b1eb520591418174526bb0123ce
+AdditionalInput = d3dbd11aa479723647c97fa6c9ac528cddd70673eb657f8cd98f30f35d7510a2
+AdditionalInput = 7fcb6ab463ff45c9e3bdbce4d508d409be8ad9b3fbf1f7beaabead68ecedf824
+ReturnedBits = 92cb0383c1fd11062bb35970c613ae07f05d7748bb69ff73f79195e7896bcf99fb06974f1cd037ea1cfa9e88b7f2f8c07dafa7ee65b0d950766539edbc9bf7122199ec652f049f3d95a8d7f8e516e54bd9edb913c5271e002e51c3464744439215c8787cb6290794fa9374afe70603647542da9a2a3434a460759a056f0e3b6f
+
+COUNT = 11
+EntropyInput = aa8d8905ae9aec899560766bb852136ab7645529f2d88e2a4189b93e194cf6c9
+Nonce = c6ac78ae7620c56f8f8fd03b59c1f265
+PersonalizationString = 
+EntropyInputReseed = ed729bbe79e33a899a07bb8781e76c30e1ea06b3035776e8c0f1051f62bb2150
+AdditionalInputReseed = d1bceb0015d99a43623ef2990c30c84456de18fcde9fd9b5435dd3d8e4f33622
+AdditionalInput = faa7d4de53547ac73249fb2ecb76500749a62aa7d4e968d64aa2daefba0caa0a
+AdditionalInput = aadd2dda23b0e3e4f22af95652b74291ee21d845916b26e76bac7308fe7891c4
+ReturnedBits = c6929e2775218f55b669ea8039c70bd1509be3f03fa43609540d3d8fcc0755c3900c0111fac88990de069685f79744f19ad4de3eeb09f1e6c58ed616ea1b874ef5974cc64262af8451201c80a038ef4a4a155fd25b2a493f87bd75dc5cbdeee10e48823030a7f1577ac05a586b5227e01f062a2c1d075f3c28a59d7f5d69c102
+
+COUNT = 12
+EntropyInput = 171f9d32f44a5cc82992f1addc428ca6cd32327f8e0f53725bfa08cc6d275558
+Nonce = 6145a8d7ec54491711ea56d856157f3d
+PersonalizationString = 
+EntropyInputReseed = 29d94deee6479e54492861c263081d08df92bb249f5fedbcb78be00baeae2e45
+AdditionalInputReseed = 2af19c59e0c230c8612aa66def07632dac1a9a3631d03bfa1e0d8bfd99e2f658
+AdditionalInput = ada2a035faad9677d8ce3791cb30cc058e5443217a6d44e9db2bf8248b6f4e4c
+AdditionalInput = ff69251fab740c51656f17060f10b93fea10217dd84658d2a46efd2f1b93b30b
+ReturnedBits = 658dfe962f1b62ca83b4046bd27caae9d7ce40d940512ba593dbe3d67fd5b2532568ccb37eb82d5bed0b5feabb87fd6199df37a153b4964e508eb7601c7d4114ebb24fc647d7b288356fc22ea85722bf6dd41c9b53904f48f4842aeae3b0adc326701217401ca8dc15c36b4e3f754f1bbfa9edc13fbc2da69f433111ec9b224a
+
+COUNT = 13
+EntropyInput = b1843352182ccdd5068e1c30e698ac2692e6a058aaf1aca37bf29f51299a03ed
+Nonce = a736ac9788517b2f02b72a8f19129082
+PersonalizationString = 
+EntropyInputReseed = 530ec9ca7569223914689214f9ecb28f11e86845ef8c24bc1da1b2f3680ef5d6
+AdditionalInputReseed = 8cabe31c6d12ffcd06b736475ae8019a1703d77b7a476444b402fbb4dd0b5646
+AdditionalInput = c8beaa58639f0b33b8b7b114ace91102eaf8b74576dcb87cd4453845dc3358b5
+AdditionalInput = 2db344fac93809cc98705720343837cada631d3dabde7e60443f566d8ccf07d0
+ReturnedBits = 025007cf5e5cd56de6f21b7df36b1819b7b8efdb4be69394624ef6fff6a90b737b7d1da7f86761249390397977dd0c142b130261ed6496d8e1a2ec626fdcb23b68cabcad24822c535c3242c413d1af83fe3a209a68ff7dfdbc04eab90ac8bb54af24e7ade03793aa8879b534f6ed0380c23d58d2c24cffb55a64798b070175bf
+
+COUNT = 14
+EntropyInput = 9d918de3530936dfc2e148e85cc92906eb6659484a2b6cd26d08293704aa7196
+Nonce = a26045960037e0436a666ed75a64fd18
+PersonalizationString = 
+EntropyInputReseed = 3df1449bb4fb73fb1c80715db48d0e421560e7467a348c4442737cca96c43837
+AdditionalInputReseed = 77ba6172706c6c5ef6726e2516ab98d66d963b4ca043f858b67977f24734176b
+AdditionalInput = 5ae32e80fc909238acc6d74b99966f38c3ca948de56de842b9cf68e0dfe82d97
+AdditionalInput = ff951304734609938e04b075b5d2b77605340e94f7ca182217b4441ddd6a083e
+ReturnedBits = 2194aad121a3ff443e58bef142f10536fd0042064051082b83239acef54e07ecbef89bbf014e80d025c3403e60d46e6148d92b2384b4c9004a2162821c150e0c005fe1f865a49869ecb3f68c6bf7f257d7c9dc152b2d6d0e8d0f56a2c396dce2a7d222cec149d0090483106491fe4dd9121a516d7c049a7129cebe156f0d880b
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 235f349d7ba798e2ee590820660b858a71bd9c14443b95abf42a777b49353013
+Nonce = 00f8c934e3b52266af11554dfa880536
+PersonalizationString = 0cdb83a2da79774daa4d3f76e9045579ac65b424d89778e4a5512683276fabca
+EntropyInputReseed = 5a3918027f129629f42ad49fe7ba3763ed24265e8b4511eb2d709a10aa711da7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6167f042fdc288f9ff23702fc4b9be2c9f997718775e02d954efd2dd24467f172701d47ca35b50951384df509085e76ac33f158fb1da0cdd916e7f92905631f1fab0e9441e4424ae498ef72cfba7855c8033fbddb8428d20e99d6bf6fc71d4990d3d8da855782c5d13c28daceb29175fbfd0c1d923f6b4d1fbea12d9a9f4901f
+
+COUNT = 1
+EntropyInput = d8ac43f5123d2d3981f8b6b823f197dc3020555b4f48439a1bb963a571345244
+Nonce = 979f83705db88bda087a9c9493a1b27f
+PersonalizationString = 075db0176b9408824cce3acdcdb1c65a4377945f5abefa1d698e0dd0e99ea25a
+EntropyInputReseed = 3e7b78a7cd848199ea128d782992c54b9810bb243c92d23c5adbc00398108c62
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5005a71a686614ab011007a93afd1cc3188d2a0e9a005a353cdd21356effc792d5d5d95f6431241e75936993b7fdd873f31e90695681e929d7d5a97b500d64679738f65d4da0d0eaee86cbe286740fae671301d9cdd5795e0ff709c4da46fec7511a9ea67022dc2156db32b0e2681c44b191f227bce3a0c568892b53d02952c5
+
+COUNT = 2
+EntropyInput = 2998dc4136c9b6f1042feea93b86779637647eaeb66c575dbc1a893a12f31a34
+Nonce = ca9c8b7140fa53baceaa8d1d6ca899f3
+PersonalizationString = 04de8648a582d4c980d3ede3352b66d291fb84e6e7d690192555057bf771375b
+EntropyInputReseed = d9912dff1c342998395c8388884bf0cdc9f27f06855fe55d35ced3d2e6d684ca
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 8c34d465fb130d4a7dc7bd4db928328b37667860dafbb0cb712462a6fb42f7b2d47a1f6fd0f9946653d150eb4d1e098e4eb2871c8b6116794873c126f5659588bfcdf8873779401446d80b1fd820c714ee9d4f853bb63a5f41dc151ac421a57d6e100618cbbbdd04a89992634194817a00c3c0ea244bfda2b3a87978448b9cfe
+
+COUNT = 3
+EntropyInput = 1641e3fd901c5da915214c51e4bb85828b65e0a10c2d5c6b5ad5c618f87acdf2
+Nonce = 9ccbf89695673ac2da43624a7e88a4a7
+PersonalizationString = 2b17b60b0280642fdd773a99dad3b786e763f64958c6142260f70b2e3b7994d5
+EntropyInputReseed = 9593b59e31ee77f787b0da7ffb48612dfa3006811740c139be7e82f1414d5241
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 832b9524e1eea8341c4cb95fecd268a758a89d1fdd4921d892a2b3511bdac8a1399ab181c0a7b2c6d17ba00d6ef526f45eb11d5d3b7f4ff308f4a9273c30993f3fff8e4fc5bccc6ff569843280941061d38ca65980ae2313fb945c0f23d74e2858d984fb8cc8c335c3e294d9c2e98a8967aab616a773f3466535a2853ef4afe7
+
+COUNT = 4
+EntropyInput = ae3552e0a8fd07fcd89086abbb92295fc922b7f36467c086ce3ae490c54ab3a4
+Nonce = d75ac30f239db2f0319df6c7ade7c4f2
+PersonalizationString = ab0c66e445d080d94138cd32e78467a85197d84f0914b36368d5f57a9e2ed88e
+EntropyInputReseed = abb013ab7e8a27efec6588bcb714cd4da8e765542cb0add650062a0f46c3daae
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2be58b327bd7b1a25752fbabb33e78144a966c60baafe4e29b492c1c673454f8ab3d58cb049003a2ce25952823e151caa49ecccafa8a26591e6bcf0858e1517a5d95b8f21aa73aff96d5d0bbdee855477009f0a918f5aca72651f000eb3fea2e4fcce0380b9148454463fdba0312c9f559aa27e90a75c62946126716758a080c
+
+COUNT = 5
+EntropyInput = 43108503f4326b07c72ff7cb4d8ecac8e03e28060689760771b0a803e66d9520
+Nonce = bffe6671c68b5a9d3328cc0467040ca4
+PersonalizationString = 072e86a99cf8a84e68d6acfbeedbf222d7b8111a5ba16471f33d54ea4386c3dc
+EntropyInputReseed = bbc82efa21dfc6f0577ce06aa20313078212fa6e7d65b25f7779722f16734d27
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b884849ccae8c40898ca31979c14b5488a4ba2855e26d81626c4704859f8b4ee0722489119c8abd2d7f75bf88db74221b754d3ac6d18edd108e0627d8bdfd0e83c54c174c4df28d0b0fd82bac66b127ebe3724de74c70ba1813faee3610266fe69cb9d4c29920a55d19cc9d6b60f2120b97ff47d84f090ec56cd1f189ebde3c7
+
+COUNT = 6
+EntropyInput = 65f84a74fb3b242013c3ba505882095acc2ab3e8f7fd5822e24668adef87075b
+Nonce = c1b3949610c0f83785de7cc53c6ae552
+PersonalizationString = 03efd8de317c8e5087567e3f52117f0c31f49c4d88d6aa67624a28a8ba7c33f9
+EntropyInputReseed = 569c911fcb31e722b60866fb5a5e7311ea0afc4d2b246c34558e8e6c42dff154
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 087cce258bebf999a65feda5a3cc67af9b6370cdf17ac9bbc622a840f2983811e534788d0487f5765a2d04cfa74d70efae81b1afb46bc388e8ab7de1881072e82a71c0e46e0990fe1d9f32eb7ee94ce9075105ae228625682970659b10f38231bbb43d06f739e8e72ab1cc54c2e4c3cccc973932493812a65ec777974ec4a26c
+
+COUNT = 7
+EntropyInput = d15352d0ba48860ebb160f11b76a195e1b73233bd1baff1ab90692cc53ffab5e
+Nonce = 26672535defdd049e38e4bb4d5d1a3d1
+PersonalizationString = 37c2bc099ba9278b80f55587701ac84502965075de57c9b0ca1611f9da606734
+EntropyInputReseed = 3dbd380ad972ad323120baeb55715b10f9d8e1efb1468ca0ff39aaedc1d8c0cc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9d0b49d64334c990952f0907fc4ffd61082b89e06f4c24252339bcc47233971e7a2aa49194af18a989031b5bc87ec89ebea27b24ac600dd60ee5cc37ff0ef1bd8d32b0c27d78081664850104cc5df8624617a943b5350c7d99cce674113d9954ffa05b6312f6775bd9db27e4ccf0b20e4bd113ea77b54c1c6f240ab21d03cb0a
+
+COUNT = 8
+EntropyInput = 646166b9463a1b36381ddda57576b6db8ea9db4f2692562b99a8dbf3535f5f12
+Nonce = 62a64f28943a5b200b93be1f46923cca
+PersonalizationString = b5f64f4a6d63a4f59b1934b717c2485982f7a1c429af6f474f8179a2f37789db
+EntropyInputReseed = edeb6f747546c9a390adc6d7ab795ba7409d83b5a0fc39ca130b068c457bdebc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7e49aa688a2b8386540dc03e5f094c552430e0397f3662e8f7fa450395cb391e5a76d00255fa0c4ec99b2f7bfd9428a68950dfb9fc4e22a5972b0edbaabc1bed54645b95480314d65dafa3793eb692fcd412cf5b3363c63178db6f53d45091b24e6426ba551660278354b674d00a061cfae0e7f4e304e0a8ce97d347ac134ad0
+
+COUNT = 9
+EntropyInput = dbb67a65a60809fb3db077ac4424ab83dc9998db4a49de5ade94327c931379e7
+Nonce = beafc76ffa265e0e56f7a7bcc9e8e213
+PersonalizationString = 62eba2c67d3f8183c783abfb91f862674a2ecc5b1220d140edfc65ccce4afbfd
+EntropyInputReseed = 7d8a4f831abb82fed746b375087b0a94ff210e8f9a5686280c9146415eaf3b7e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 39e6eb5999fecb56694feb507f4c51cf96e0619b320314fe44b236bd1d66083a1751dca09aa60f9ba45cf1143f068c7b61ffaef455820e7f980e09507fd63cf0aca28cc5d6e7a96394c7110a0973c0b4364dc64a872d6365ba0545f854c83c014ce84e86d9b9508090f3ea519b9253ec2afc8e9fc3e28120fa658ee139d9c79d
+
+COUNT = 10
+EntropyInput = 3f78ce0552bd65bf20b6279aa8c75fecbe894e5b55d1f60b1b3d19210bef8fd4
+Nonce = db2079fc9af91f4c7a4f3b58f0e77d2e
+PersonalizationString = ba4ae607af0b8546e6036e3edeb26a220c65e677a469ecd3e2d6ca57b9520fae
+EntropyInputReseed = a8ceac04932448d756d3eb3ee7afacf62df2ad2c5b8cda4985ed48e02a4c34ef
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6d472824f4bf4f3f821b6468671e83478b3a9f8eacb9c797d0ce5306c5509ff6b504b9c8e58e1055a67e0558e97371ed1addb04274298f7be91f7e9f416800f4ed280eeeb8b33d794d80c8dcc2034613f64cb652e368d5fad8b7bce438e7fa91d07eaa2f0dbf1967c878fc28c2782aee0cd5b6a4941f06ea6c7aa6c5dce70b96
+
+COUNT = 11
+EntropyInput = 2d8c209b15f1b6c009785fcebd396135f69b416a66292815ad250d06df3687c1
+Nonce = 6f56d361478d54fe8f2621e99e806a94
+PersonalizationString = 8d822e5d814031e3d41425b15691a272167d1edca3efcfc4b2e56394a172beb6
+EntropyInputReseed = 13eb16a203d7a69b28f8accc40bacab38368694d0366672703e7f219f6b314a0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0ea48915496eab416f6420344436abc9ec563735911ec438ea94347e8cfd8c618420a8e631da1be630554e6f2b24da4c7fd22d68a3bf6358b895698ee7e320a81ec9a6f684c7071a2f0e8c268b6a91d148593e5c847a5f92dbfe32e1cfa4f0c689dacf3ba1caacf4f1836954c835d5add7dc56a75f63a8185ab5a156b4f9c97e
+
+COUNT = 12
+EntropyInput = a08d760e3ae1f3e648ebc82e5793ed507bdf291ffb3ba9de7916bf37aefdbc14
+Nonce = 102a305bb49c1e045b0028257b4a6eba
+PersonalizationString = 821e85fe3efd9aeb4040cae09dbe7b3baa6fd4189b9601ecedc5457453658980
+EntropyInputReseed = 7538cf5c8e2728cdb4ccb88852298dddd9e9b39b7e12d7f8e2c3201ab54e4b99
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 77dc50cc3bc28bddce3a2a5995d32323a71ca65a66450d5f5f22f02289a1ed9b9018c009cdd4fe9b98a0eef6d702670e6c113389f180b23dfc96a891c16facf3b2c7f6d8a5ab4c74d67024b8aba7d4bb913249e94b0e60c5127bbdd307fa28d362d6330c7838e50c29cbf93b10afddd389d8090b0b9a1a8eff30e5b0d0c99236
+
+COUNT = 13
+EntropyInput = f11c97d0d343b928180a32d61f852c08d6ee44710e771750803b83dee22a2a0e
+Nonce = 2f7e26af2ed056e5c8b507a32204e662
+PersonalizationString = 8a60002a9b21bcb2e544206bdea00692def5b47062510f10b56e5a972cce18db
+EntropyInputReseed = cdca33cf750fc134ae4a4b6d2e45bbcac7a4e66380c02954645fc8fca6a85b4b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 85bc17acb984ed2f47d424e07a9251d519cf5c58fce0671df3a3e160c58b0b9dadf30d581097cea51a46c56494627d9fbf97dac5a38e5f5e7a794be4756e014619cae0ffd95db0acc13293a46bc5b8194b88d8734fbea9fc3f1dac4d714cdfcbe8c28bf6361f832fa594e7752853bd718d0135ae0a79ef55410f90909e67d04d
+
+COUNT = 14
+EntropyInput = 355be61c368eeb9fa3f761826ce1ca932cab4128b999491162e8aeb47d7379ae
+Nonce = f5c08a86b15bc9f5f9d5792f51ed69ae
+PersonalizationString = ac3515544638a3fbbf5e4a534df581fa57a85a3be680f7e1197993e018c7f6cb
+EntropyInputReseed = c791826ac17d695c46038a1fa4c3370d645efa8f70e84076783b53b5d2266e9a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 04bafe6b991a93fc2560642c8c424a535d88b79a75410a0422c0f78ebb1b5e4a2e5dcda8494c2d13933f3d5c1130bb8fabe8cc5bda45e877d15618173afb79cd6b5e7dc2c65ad53eb0098942ac866721eb86c6b049fdbd22bef22a42f7c8b398a88e3cfc8eb498b5ab197762b46721e20fd781aefe4e395e701b2e2b80fde359
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = ec3eed72d3e5b6920bd678b579bc9e4275646cfc205bec25ed406b321345f205
+Nonce = 73c83711e56fdbe024e2dd66e10c240a
+PersonalizationString = e76d33d663ead0f2ebb39735590cf1783bd0152f7379a432f8de9cd4e77f59de
+EntropyInputReseed = dfd785c503e1b54e9befbfebc107f13c9ed408d5dae13adfdcb87fe8c5404437
+AdditionalInputReseed = 80c8b783ded40f4e6d0fd28bedd1272700513213f27cff80a3c3399c38b6887a
+AdditionalInput = 51264a43cf673e634fbe0ba5ef2e92510a6f72341c64204fbca9fb1d814f1bb5
+AdditionalInput = ed5fe0f2d9b39f677adc45e2df2fb8ed7ef0908c1587a6e358ed20be9b5653a1
+ReturnedBits = 4c2cc343798bce0e9aa0bd0480e302b204f631cc312884cc0323f13499f3e91109a576918bdc6baef708de98369961f06c007f3ee1beffaf80a9a757462189e12cee45d2c9a1bf5437d8313dedce437fdf5151e1ab89d570b39cb259f0b1a55777fcef9fc7d5113bd9aadfb8c1c61d1f3d6c6b9173447a3dd1c5ebf62f6a8e68
+
+COUNT = 1
+EntropyInput = b0aec44ad54afe87f2d815b603a13627e571045ab69d9c39973395bced1ca770
+Nonce = 30075c874fae44e3e293056a8727d920
+PersonalizationString = dcffea5ab0e0da14cfa5bc5c7e2fac23fd726a20ff8ec90962662ea52840fcc6
+EntropyInputReseed = f958f779f51a1515d47a6b3479c8cea18f6dff93812b18f0fe4c612d2c9b2ddf
+AdditionalInputReseed = 2282fb1753111e118fe5711ed4a34fb12a07dc53294ea94f34c6250a04a979d0
+AdditionalInput = 24a3d6526a02a7627dbdb34304183267ddaf1b9aa6adfed9eb6a7f1e6b938409
+AdditionalInput = bd87c052d1f3c7c9472c2142f0055deb857d29932cfe9c6c6adf154b1733d601
+ReturnedBits = c7a6e47a9799c7793481a9127accd459db7516b15cd25fb750f3f0c187d8d4b5cfd658969414ca99cb0206758a7d862c36d2b4d063abc1680ef922df8b9a5a83df5131ca248fc275ef6841b481568c24ea06d94f75b418ff6fd95fe0edb4dc38df670655e0ca557b294dcd0d798ab21850d8572669b29f86d980e23dcdcf135c
+
+COUNT = 2
+EntropyInput = 60053fbc255e3f77bf1be4ad7ae6c9d0b918a3bb29ce9d33379be68c4b31bf0c
+Nonce = 480ff14bc93065ed18792ccbbc747860
+PersonalizationString = a4f0886f99bc38038982a18fd2c96ed1f5b3a518ffbaeafd7a5cfee61107df7b
+EntropyInputReseed = de4178679e9302fb0df92ed6b1d23db39a5273e108dc0bd32118f930bb885abe
+AdditionalInputReseed = c3fb187ced356499c754d0e9a9c6b144d1415836a7ebc025d61c035750ebe39e
+AdditionalInput = a8df923338d2b7e9b878885cc6645f8c3eba7424ee09c265e256d60ad522e84f
+AdditionalInput = cee25530faa1fcfb19bde20aad356a63362c03b5e8b2c37cc7151ef8af0aecb4
+ReturnedBits = f711be31c9ba7ca68a3169b2e19f175ab656cd7ed78787d8e0c71dcbbd37b7930acdbd62688fb6319654b204024e649d52d8868889d403c80d49831229894219ba71101a5a1b61d57990d82e9af04e8669810525211b3dc8250189348d9572439d9f1196a22ee0fb4a2647fb81b2e7b03eb109c6833bc4e2d5550d4160666fa0
+
+COUNT = 3
+EntropyInput = 65636a9df861843ba0fc09f5ab08a5a9423fcfe74759c9c507478ba4ca3a8051
+Nonce = a3a1c4603cde543b872762765a35f1b6
+PersonalizationString = 7c0a229a563f3f5b3b6c52f1e3beadd331a05551a5b8311a10b4b7d18c31f296
+EntropyInputReseed = 5be4cb9315e334b62810d14e54ae5a776a4b81307640810cb66ff02a1ef2f857
+AdditionalInputReseed = 0d1f481bd7f110561212a9bc4229d5a9384f27c49c7b91c32a3d00dae70b37df
+AdditionalInput = c96ae6e9defb84937b3283878a92a8d7637b2697231fb687d1af61909237f4e0
+AdditionalInput = 5409f4a26b5f079cb431e530559b89813c9552af64b932518f88b5082c994d26
+ReturnedBits = d680f20ab27e09e07acd5a65b4c0fe6210e1823305e6ceda61d81a5b232fa7290358656fe2f45f8f3483ecd75b96399db015b67798126cec7edc2b059e9eb1bf49f0a8a1d8dc9b7a74137895eb321d107404d08ee4d4d5fec8feb9d31a17e27f353a5e6bd15a61bfaa64ab2ea3d3151975646eb34083ad8ea6975f80e6cda63e
+
+COUNT = 4
+EntropyInput = c46d2328980976e7e88ed26b9356b7ad920659b8dde0ae5629d232bba18a685b
+Nonce = f3d2c152b4084dc9e27847cc29f80e67
+PersonalizationString = 36d7d577f457375a4c6f28e11568c23529b6da98519d41c0765e58c87e89c966
+EntropyInputReseed = a95564ccaed436a4d268b0e13d56295dd9eaa99b26a2e2f87b434e3f5ead4aec
+AdditionalInputReseed = 1126a4fd29374f3acc72cbd11580f5ea29fac78baeff4b61c69fc79a753233bb
+AdditionalInput = 15d539e43398f79114ffbd3bef65e410bb6f8bfb0bcd5c1cdd185ac472fdc15c
+AdditionalInput = 1545428de9393a222712f4ecc58f44741fa0c35e7ea2ed9522f9bb51f1153a3e
+ReturnedBits = 0c664dc6a293a89df0f53b39a7a10bfab425b79f37ceea25e8d1ef05932f585863ee555149f6627e2cecc0101e65d34f9be256e84a1c7dafdb7635636330f6d7d208303cbc8e726dbb94522187cacf63a5e458ea041ae63358cc634610bcc6667328f23003863c2439b14d96b28e91e797b3081a752acccef5e93c6093b8d606
+
+COUNT = 5
+EntropyInput = c7dcfad33626ce1efb224fbf7511d7921bebeea85c6c3213e02f812a623c4645
+Nonce = e9122a8ed342b4e23651556f43a22e1b
+PersonalizationString = 244fb79e02ad0c4934891eb6da4334ece3053594b3bbe0c6a5522d3ca949f8d7
+EntropyInputReseed = 512c4b07e9f479f1a8d2e0193561fc9e3bd9691d4040c1a6074d55805df131a2
+AdditionalInputReseed = 91155e07ae25d19361dcc0b40d2ba1e761999d4e0d735caf3a35c3c7dbdf07bf
+AdditionalInput = dead2113243348cdf9f9e43e80c39bf07a329551cc153482aef40b018fb3bebb
+AdditionalInput = 4aef240553e62b7c3296d37fbc3161b5b76757e503289b01930452325b085f3d
+ReturnedBits = 50c032cd007ac64ef06a1a8f40071d8be976abc49214fcaa756cac9ecad2cbb5d7d208d106d2f8d66231f94560f9a8f1ab85b6480602a3dbe5cde391051574b094d44b4c76f751e345b0039f1d630192e86b18826593dc52dd97b182a38cf469f57a262a48da17357593425a08dad3551cf70da818bcd3b37bf11e287d2f4910
+
+COUNT = 6
+EntropyInput = 7c93de4cf817629edbb86d814c3cf286ff303f99dc8d03d95b3a10bb645eb9cf
+Nonce = 4df23a93003d76405a8f87a4b47eaf66
+PersonalizationString = ec10f42ad7097f47c8b1f762b941cd0a0c7d42373a59b955e0c92a050215fe77
+EntropyInputReseed = ff5e2fd1b8b3f5d89a6c280f8966b613d59580f625c139cb888920a43887d732
+AdditionalInputReseed = fa0e5bc0c19a9aaf26a80be42a549d145e1ce257576e5cee648bdf83544751a6
+AdditionalInput = 3fd473305fc70cbf558deb5437c660e51170fd59151dcdc90270a59abe12daa1
+AdditionalInput = ec12e966173fcc117e1c0fc0720ea69a5fb1d3a3d7e1e6fae0e9c864a715a205
+ReturnedBits = 811fc49340eac737349eebedf057882d1f5577a5838a6238a4dc0545a81fc324ae6f31f92be1ce5fa6e7b73a2d9f32955807eeb7227e48e8f491ce5cf6897e50b2518b8fa04671bddd207655d850c9b8d715a2a6fbc7ecbb6056beb3d562a4308e4c3677bf66686774712f125ff19f9816cb52adf3970d10dffe1da88676cadd
+
+COUNT = 7
+EntropyInput = 90a9f2d931e484d47fb02fa7c0373ab91a5a1743acf015afe36c1cd7b7026fea
+Nonce = dcb1c7edbce714757d64ef8832bc65e5
+PersonalizationString = d85793da4bb56badd892c5958603174062f84df5682b6f135c06a95e73747898
+EntropyInputReseed = 6eb93be84285c57afae8eaca82c02ec9658fa01a9fb4dc48ed78e36a125bb688
+AdditionalInputReseed = e5a7fa7f1b57a1b45c26556a88e2ce959267c1f6122e36ae5f405ad2cbe502a7
+AdditionalInput = 48808171c69ca6f8eb972083ae9db80cfffb0605a20998ee3f870502780ecbc2
+AdditionalInput = 5d46e7331e3adc6430064d433d894753f7af81be464685ec61e1789a6f209ace
+ReturnedBits = 207bbf81e91589c19b2dc1588d3d5aeabe1a5c4f4a28fb9416390aeaaf9507262d0b164571df67b6bf0121b365c0e26fac8608dd3cef97388033d9aeb6062edfce6f05ac3f3b0bd533371541b243ffa8e06e8554a6172fec4323475dc143f4811714a985197fe33050927178e35c549811618217ab7bb177e7d787a282db253b
+
+COUNT = 8
+EntropyInput = 17f263b82faaee3bdcd3dbcb2612cd5022238abf6a98e56d44f9d2758c8e46df
+Nonce = de85546ed98ddb9fc867cb8433f702d0
+PersonalizationString = cf322af5d40d415a0fc80074fd09addbb6eb2cca186bb9619463d91a028f2d97
+EntropyInputReseed = 37af5610d361fbb88980e4bcb164601b1e45396cf85530d60bc20757d6207f4e
+AdditionalInputReseed = d5fe9efabdbde7e2cd44dcfa54e75fc2055a04f25adec371e648e55c37b5598a
+AdditionalInput = 71433d5db501ae0bf7741107158e359ccabea7cc73b9b93241509c09d667c406
+AdditionalInput = c48398b1a0199aa768011280a401004ec2c4ed4694f196dde26ab71ff304135d
+ReturnedBits = 572d719a01ea7d259e5604f36b8c398ba3396b5c9746617a5c8e33e2d81796fd892d4b7c8672023c958f045a3bd8f131c462845c404f7dbdda05c6383e084f8a08a4719f947ce2516b376502a3743025f3ee97a8211d1469660155043d3de71a3c036530d20882702623cf6901600685e790abb8eac3691a637e04b0e8c8cfb7
+
+COUNT = 9
+EntropyInput = 871e2951629768e56f9a56be504b3e4380158fce7c8c8b66fd07389e844bbe34
+Nonce = bc61b8ab7bfb8f94e3fb5edf47c667d6
+PersonalizationString = 8cfaf4b1a43e6e562c7d7359a45baf7ba75133b5ed3a7b277e0352eb0db4fb3e
+EntropyInputReseed = de946c2c71494e6cab384df5817fb35fb1b7817cd22f801143c503dd79ea5a0e
+AdditionalInputReseed = c64695b2fbd7e4635e9d842354d6d94da05c135621893b0f3f2c5371ce47e35e
+AdditionalInput = 595e7a21fc98b205e2785256542b292385e505e784ec93da802432f9da85b1fa
+AdditionalInput = d34fdc4140655148743530995a763f84c30dbc5cd72f1b76866598da7e985678
+ReturnedBits = fbe346d3597eea3d865ad0dcabe1a1a9c5462287ee5d661c726ae0236037d3ca4f46815de4a4759dc55c6e4922740d639f9dc1075b3fcabc390e2c2dcd2fffd5f919a2f6e6e4c3e93c03bc218970eeed8aa95407c3329105a6fe292bf53cc055000079ea8ce502a172f8a3208ca44797077ec640120f6c848d7ff5fb9f8000e5
+
+COUNT = 10
+EntropyInput = 369e482d23903d18cf4d8f8172de4164d10fc73c2e3234bc2961b1663d705883
+Nonce = e75b8c992520c2aad607c66106c5ccfb
+PersonalizationString = cd084840bfe7759af8a6ad8ccf00a2f19eb783a7d69ca776344bd8871da04f84
+EntropyInputReseed = 8d495eccd46a698b0d04ea49c3eeacb102f10d9aae40d6cadf84aba63673d68f
+AdditionalInputReseed = 37276f93b489663187f63307b46f9857a845287eb75c5eca5d55d711cd7b39b3
+AdditionalInput = a24e1118aa234c9fb965ae53c8a3153d27a43860db62fc451d8e8b68504b4664
+AdditionalInput = d9b24cf35ded780c6693230aec604513970a1b0aaa232abf0c78ba89c0e2b961
+ReturnedBits = f9d814a241ed40176872a0a240dd5996dab5131c9f9b3d44299067a4469d5a1eab060735f4378781194b06794d06e0e6529a9c90f6dedfc802306c2afa8f91c381627897d305ff4c43c841d5256395cc5158a2b34b1c94d1279362317513025273bdc5c073cc52ff036eee4089799440f45c77ad8b230938e996840efea33429
+
+COUNT = 11
+EntropyInput = 6ff03b317e5a3a6e958758d8cbc5cc3bf7a49fa8956f2159abf8a71f4302f3f8
+Nonce = 0203b0d4301a2d2e223d2b23b253c80d
+PersonalizationString = 3da0f2a3e99e83b37d79881355a369eed200d66f8efa5144fffd8729c0857a6a
+EntropyInputReseed = 5aeded77ca0916329bcab3ea5e82c1cb6c0a3a76198ce638d029d8485593cd73
+AdditionalInputReseed = 4d3274cfb861a660345758ed18460ec7cfa371054a36ba0133b3aecabaa84e44
+AdditionalInput = d25f4ace07c4b272d80db27333dc4642409463cc93b879b93939f7a419065a08
+AdditionalInput = bddd03d8634ef86daff6be6db8578c957c241ca94dd4cf95d4a503667608960f
+ReturnedBits = 40781405049fb8eeb5e8b145f8650942c03d24c5c4630bea12bc4331aea6ca327bfe7d98df8b31fc506076bf787cae66d9609f088d3bd76c8657fbccf92701cec4dbae29517ff2f71abe31853adaeec693e048d6d3ab37bc299d8e00ea2e98726e178ed77756b6ecf1500e6add5c0f239a39a9b57182e97b156eada784a8724b
+
+COUNT = 12
+EntropyInput = 2caffe34d18b475d525585c2472ac3e8b90b37f9be191cf575871fea5c55a633
+Nonce = f43928c0df5496c8fca8b5d20870bca3
+PersonalizationString = a55efd76b16f9cb0274d400517f5bb2452aafe261dad5dbabdca29f52df66efc
+EntropyInputReseed = f5d06f245b38aced81486777a1e21a3506473ede266e2ac9158a67d83ebc05a1
+AdditionalInputReseed = 4213f864b8f6b862435aeb3e33f553884990788f17f162a68187266253cf9137
+AdditionalInput = b851aaa00c35ab43e8f3c67021a8c4f4b9effd84dabdbabfaf2d3246e4a79d40
+AdditionalInput = 6e5fec69597a87ee8a3d9d3e479f5b08baa4ed6accaa93e8074efbcda9b54279
+ReturnedBits = 89670c3a559c2ce032d3aefd953fd8a43e51fb06c095760215806f571355de161e13b3a135435fde4ef1ea7be68112e591edd7f2deed6ef40ce6bec3b9a64607bbc2daec42d4a6fc6fc8bd88ee5844596d69243e4162bd925eb1b08fb0f94dd23fd4d4b36cde3c7df065c3a372eb8f1b7122ae27eb5cc7dc5a54d179f01d08bc
+
+COUNT = 13
+EntropyInput = 6802fc80622359a3cf86f2beaecf8c582f34885209777c09608c13902a7dd482
+Nonce = a319ab196300ea796cc532d763200554
+PersonalizationString = dc3c845bc66cd5113d5a6ed28d5b7b9aa638c30dd485c896bd5e4667cb966207
+EntropyInputReseed = 46ce8f1d76650dfda9204c17413f5cfa096c70b12077eae36a87c0ffc3c76eb4
+AdditionalInputReseed = 11fe7cb2ed7ed88bef40ea6488a792465677c2261db4b63bb4dabcc78fb5ca86
+AdditionalInput = 32d05e8661f57ba74e7d9fd9f4e9fdf71abe1f074a136ca2db4ae4cd1380ae28
+AdditionalInput = a9804da0b5f1b8bc490576b55a4878d29ee340828dae75eec2be15aa93bf4be0
+ReturnedBits = ba029e3f307bd49aa8d337e7e4381aba4d39d9cae9303e2ee160ef60bee6da9f990cf02cca99e5ea0f27b8066ba82f2d6f4e3c7f88e43562ca0f810fadcbb059ba63c0bccaf2d6cc5784627d05a29bc06c3a7baa0cb3f4184f599c7733666e24369b5571f5e9acf10a33514c47ca85cbc6a58bc6fcf1e2c28be73dbde9168c6e
+
+COUNT = 14
+EntropyInput = be81a04b75f3235ae432ef1d63a0ac78759c6193653f4419e254ad4f41a0952b
+Nonce = 9ec5d0841c9f157b8db7244dc61ad513
+PersonalizationString = 7d799eb6b40be63ba506d6f5aa705d4853096af2f810170a2756f2ba20af63b6
+EntropyInputReseed = 241d02cb64229cb1b336ef1f5ce4113f32c88a6e555aa39e543ef66f5b22f3d1
+AdditionalInputReseed = 8c203ad8dbd2e94f86c82eb0224fe9e8a7a7203a7c6eecae71fe9633b94fd12f
+AdditionalInput = 1d47c207405a6fb497d951a30748830edb4e754c7f2529a474a8f4f45e8fa1b9
+AdditionalInput = 75abb409a8e2ef4e19a0eb526127c591dfd52edd6c8d0c729c102ba1a268d987
+ReturnedBits = 273ba25b0f69e5ea31e011dcc2f2dceb34c8bd32541323a3aaf23510d21d6738ae865584e63a896aa3fa3c6915196f91ff2ad1cc2a7b1659ad04440fa712caa73c41bc47f052a564f0d2150a4cb49a1d15fb9dbf41d0883b2e04471664bc21b9c13d43389f5a7897e185613ca97dbc948be87c74cff94c600700b0bb7687ca7c
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = e5701a7b27835afddbd2c40dacc0b669d706c56f7608a5076a4bd22cc6cb4fe9
+Nonce = 61b8c01b48b54b137ecfad3050ba5bed
+PersonalizationString = 
+EntropyInputReseed = e601c5d38bfe28e45e930261e723665fe751a98dc7571e6b3dfe4bf36561517a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = c553311f244dba892c30975e26dac49f6fcce8c32a4815417754da9c0c18fe8cb35af8cf09af1b9bee530fdc0761d8d3fe96abd8ccfdc3e3c9149e56de6731596b4dea85e4d0f53a57f38370cfd42b175698125718838289e71bde792b343b5c74ff13fb6665302131b8773e37cdd34824ff59d3e15184c41057e7fd78534f28
+
+COUNT = 1
+EntropyInput = ae57968b688866d61eba36d8d2cb19f5d0689874b4e25d610f7092872bf622ed
+Nonce = cbb2aeb88e920400870768f949889bf5
+PersonalizationString = 
+EntropyInputReseed = 053b484add88b1bd696419c4d249b30cf107c995e5d60bacf75b611105fee5bc
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f15273147f975378e932c8e2f6018f4a7c6df5acced2bd21859bc90e1fe78f986ce6a107d9b1c9a55aee357125c1ef76facda02544c826dae74451ac01516b5f68da13a167aee8c3bd508100efc44536cd243ca226b9d87ee1e32b11dcf1b152f399f42cfca5607ecc4f8a37bb7bb9de0e782d52fef464e18dc2eb9a20e758ab
+
+COUNT = 2
+EntropyInput = 07e272b97a3827efa6ab255d2bc6bab81e43087c32aa879b5ac0bb935d1f72b2
+Nonce = 9035f9407a30d75adaafc4c1b1f53227
+PersonalizationString = 
+EntropyInputReseed = d9d33d1cf4444640e18ac43f92b0930d85346656ea2b72162d1191d7ed828e22
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = acc3d0f866908ef9d7014a68809e0d04eb9babc041a134ba15515afc31c340327e37243b8b48fa46dda2f41fff8ad9ee81240796a3ba8bdd436028e527cc22c7a90c1e39b0aa106c18b635ec61cf6793bdf56f8aaaf568bfacd518d56a2cde83302edc18cdb2c5a2f66588943423535411742be7d5198a642e92097879dcf31d
+
+COUNT = 3
+EntropyInput = 6c99ebeff732b7756170989f0b15f50253be22f3ff97ae6efd37e8ab18b304de
+Nonce = 77811f15b928b2274e9065438959dc13
+PersonalizationString = 
+EntropyInputReseed = c2566497cc7aab074d112fc9d6aca390828575f14be160ad0c9e0b15619c5fb2
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fc5358d55c043aef9f3192a58813c6038a60219c99bb4d0ae979b5e68b1ca5e57402348c3c430785aa960f38c9461aa760f0c762fd45cf974c63bb3be2dfbbca68bb89bbd9e7062179b586f7aeb51aaa0c004385259c2724a928863e1daba844e78d11f0f428069a85d71023c0dfdc933fa711be38df65a6f292630c41f46e48
+
+COUNT = 4
+EntropyInput = 2dcc761a40727c66e60a22190973c4a591ce0b7e1aeb3c394b6666aba600c195
+Nonce = 8a78188be701a7a77000046a5bea425b
+PersonalizationString = 
+EntropyInputReseed = 5fae1d6cb1ae904f3af5999d5c1d219dd6d91e39d385ea542dc45d0602fab80c
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = aff005ad3948f360601f824bcb3c56602c583c74280886ac8533497c4c5941924c206aef0d2c9a9618d4b1c5466d17eb8aa52ac7fed713cc0c81484f6eced984ac861c24d632ed412e266daa5072e30725415064b78458286f5ac062cfc04f80aa7614141273635724d455ac683a6a7bdadf6b5831711ad8aca8ec759f454de2
+
+COUNT = 5
+EntropyInput = 51963f0ad434671a83057a0624ccf1d3452af2ed95da2e3f30d4b0425e5cc004
+Nonce = 8af9464470cf49cf9cc206e9de52567d
+PersonalizationString = 
+EntropyInputReseed = 852c8958fb77819e5f27b5902dd3a70baf8abfb65a7b2de123e29079a3b7c1d0
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 125db63b92d8745b668cc1c1baaf02d589ead0892e07553c9911ba0d5978490523bc29547bb597b9cb9fdb45551eb4a0cf94d03607d431f342aa9c51bb4b144304e0bb439dcdaaa6146e4b5a4e5e4db3d8f4408a63ecb7a78190f46de6a5021f30779fdbfc1b6fb30d09facb44f816525cb4cd0ae52f1c34331f9a7d8fb39c1e
+
+COUNT = 6
+EntropyInput = d8a6ccfe26a34a23c429eb071325c3c7ce61d98e394bbad48430b579d36fdc1e
+Nonce = 42966a2aeb8036bbd17adf1023dd0452
+PersonalizationString = 
+EntropyInputReseed = 4fb96f592abe27e6ad3429caf5bd63532995b0b6568e713440f611a1e0636230
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6a65c6c23e1d27ef9900d4e901af70292c1ea7e2d9e0215c01318f8ee3af542e2fc14773e6e80167cfe0e27a73572740683e0a9d724691ce64ec595dfa205b888f4bc77ed0cedb2519cd915360b91f38b1b07189054422a25ab38117267ef6a63cfb6f5c11f068721e1e715f2cc6f18371beef8963fc3df40936df70584ff5e3
+
+COUNT = 7
+EntropyInput = f861825d554217c7316f9bd4d5230907504ac5fae35e6f36dc05bcaaa2785580
+Nonce = aa0cd27ba96417a2b3f13a4d6036a97e
+PersonalizationString = 
+EntropyInputReseed = 9ac2065743e447b3c5c7dd34533174394a1ea98f60a41e027d2975b9be27d485
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3bfdce23fa2fc655471347efd94eeadc3ab386970353c75866b2d4b500c9d862f0b6078e75558fed46a8a77a61c5c1611c4212f700faed05dda39c35259fbe82455f3cca08e92ea20d1403eeca6da8101a478826c9d0ab6f6c30feb58a468a9c16ee965efc37f44b950b132168a2034825bdb123c6eb603443b842114c5db0f1
+
+COUNT = 8
+EntropyInput = c82c9468d5499633a1cf77d45df8ced069f43fa8f87c2008a3233e78d9c37fe0
+Nonce = c47c555c154decd24c0350905176c492
+PersonalizationString = 
+EntropyInputReseed = d580d8c3a3ca72fe538093103e9f5dd4dd0032b86e2df71777a74ab3a7104cb5
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b2aa5e232ab245caf14a60822706ca8bd8e5e181c11ddd16a18fb0159c309577c859a4ad59715783341cdce9315a6aeae3b4f12c3112f4763ab487ff86b8e3fea8f9b4136a29e4c83d3430264e8ee3e646d3eb620c67daab6a74173b5ce86080bfcecae65d11efed10c68d8f2f4dc845b75e9328756db14b197414ac4eb27b77
+
+COUNT = 9
+EntropyInput = c2ab76dae1e66b2672d567af47aae64ea5c016de1a4b473fd5b57e9595cabd87
+Nonce = d8dace830915340c26b54f08f252abe4
+PersonalizationString = 
+EntropyInputReseed = bfe623703aa294d199dce8858bb1b0dd5329e17410b5745770c9d900ccfa405d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f0993a1aa58bd057d61ac6fef7dbfa65839e16d8f5c738f1c73b7ede5a535db7eb1fdd6378ecabba18493261c6e67294182633fab3b33f16fcde34d05e8f9413df8dba5bde84cb54ccf5d40e34d9a9baa644dbf284c5e50e23a9fc4d55012239b21aa568b48d7a929a3332fc41cd39a116c8898fd243fbdeebea6a75f1e7975d
+
+COUNT = 10
+EntropyInput = 1857b509195c9d17d036fd58ae52f31a733a9287f1d120336b49f96286ed18aa
+Nonce = ccf3b16552600604c5dcafe32262ddd7
+PersonalizationString = 
+EntropyInputReseed = 2a7cba05522a4aed466d8d8df29921ad6ca0fd123abcd4c2aefac2427f5138d3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 04d562d7e51346c1a97c99413249e863380a714bf4127577ab64ed0f4c2ae956ee8d0c952dc57d3408eb8017712193a2ed123157827a18795c61d89097a9c65c543a57cc19992a3bf99a76e0523e5146fc73e651eaa0172a25e111b46d053acdf66268eebf533364d3c34e0243cc07af9fbf42fbaa6d440b4caa3a14ecd77068
+
+COUNT = 11
+EntropyInput = 80ff659c41bba24d949a3188e64aaaebaeed48472e6ddf448bf47646243c77f4
+Nonce = 6c26e5f583fe4de005b708fd2efd0ce7
+PersonalizationString = 
+EntropyInputReseed = 8624e708708552a7ae40ba77cf014001021422c0ca1b76b9e938a1801182dc9b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bb598bb7b5defacda8e746cc3a0a20b17408ef34deca100465a595c2b48f05c2d9ef18759fcc9f9ae9fe5eea9e4f4fe4e0c7910a41ee244831bdf0cc3af038c2cd59bd9c2e73251d1a0596e4265f01b2caa3f5f34be5b2b97e76039d88df34d6f4bcb682a51e4916b0bd2e54cee1c6793cace49567555370395813471a7a549f
+
+COUNT = 12
+EntropyInput = 4a86d4bf4804eeb1479b1b3ba7492d23560255d2e7eef27b0d9e73a911bddde2
+Nonce = ac67981042286ed3832ec304bae1912a
+PersonalizationString = 
+EntropyInputReseed = 9016df4b3ce764d001ce5dfd4aa0523619d0f03e3a9ac1ec028600fd5eea5960
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6bd1308e623ce1163153e833296b89016272b2c9dc59f5ed21670d0ba78e03c80cbb5b24f1ace88053b9c62e15196d30f21990c69eadfda13a7645d3b1510ba67c55cf56fa9686055817cb2f87b61741bd82eace80e033e8152c2bc04c62f311f9ce7046c6d410abc448bca13dfbb7b89d900cf6ffd5c454be8667845fb349b6
+
+COUNT = 13
+EntropyInput = 895226215f6d276564914b6772ec2664e69af692a7fb936c9c436688edbc62cb
+Nonce = a9572553b6ae846c3f11446333b9bcb3
+PersonalizationString = 
+EntropyInputReseed = 9bb8ef32f07c50c777be034f97f76b4ff43f20a95c21a22daf46aa1832c23bfd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 936d0951f038f4d53fcb49aad0986e3ff208a035096653dd6f87d1d1d121fb57204b950e645caef58fdb6d96ba736d3f3a40789f6435d49e3173aa8a9ba66bd177c33b280ac77b2ef499f138109bdfeca97680d4256e526fb2487a5dc28c2834c3decd7b7c10e5bb59a7e6eee0b2cc2775a8e91af5513b52db755cc7eddb33f0
+
+COUNT = 14
+EntropyInput = 62841da5a07dee3586ce0226c8b459e23ad4d7d3d7a0da93247344e74e237a79
+Nonce = 25cd414fe4484589fe3df8cdfc24259e
+PersonalizationString = 
+EntropyInputReseed = e95a49a1df44253238865442cd27ca845d880339faafcfbf09c5bae7fba5d799
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 86e91fdc329ee8fe0719c46752e25d37c3d6da4d3683851f48591a38589e647ebd49fe085ab398fc6f16c82155065a807253517fe77ef75cb87967754f6ebd9c126f349af535d298554006231196d4200d3e1ca34ca13e9b65745942e376bb0fe5462e0f08729575a95a41f61dcf12ce164fec57695896dac585e62c348a29fb
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = c6459fc24d16efd98ea1576184f6ceb8fde99607439e6be01cf1dfeba7736d28
+Nonce = 59b8f385c48859f4cbbca3451478950f
+PersonalizationString = 
+EntropyInputReseed = 555b190ba0640288ae5d68e2bfd96901155a9f06c030aa7c018356619b79e29f
+AdditionalInputReseed = 93038592b990da2e5582027597cba54dfc3b4023a5ff92412a6f73da8e403a88
+AdditionalInput = cdf79d3444b9d1e98fd60bbc7447b64583a43e36dfbc9a5c8ef0278a631e601e
+AdditionalInput = 3a596bc7bf1b155506eeb8c69d6150548a193074043eea984c06d2c98d25ce2a
+ReturnedBits = c8d8e125665a4595b2eb534228916f3c1f01b1761d1aaa7cf32fa5a3a0a5c44091d0164a53165267544e87222d61acc7bb26ea5f29c3d0a0dd4658b846bc5affb985a3bc4ae295258324ab2ae0fd64dc2c00698dfc27a33a02726b6a3ce6d1b388e8e379d7fbf6db1caa8f4081333efdb21c2d0def4d93f1b135345ace9c098e
+
+COUNT = 1
+EntropyInput = d2173c09eb854a133e89dd81678c68cc85dd2003b99ea77c4fa77f2d9be3e899
+Nonce = 1f176078a2ce0942a9f31227135c2028
+PersonalizationString = 
+EntropyInputReseed = 2593228c39c25ff12c9508f815293e4f789982904e5562554cf46bd6f50d12f2
+AdditionalInputReseed = e37268b35cc3b9e7a5c880206e3b4f29aa88ad97f1d73f6d25d723b2e1dd699f
+AdditionalInput = eb56828207b8168b0a81287dd3a2920e24f3b8117f93569a9cd9a4a56c6707c8
+AdditionalInput = 39787e29f5f784aa3ddb61907f40dcc3b950014001e7a82aee83474884449f7a
+ReturnedBits = 5ad84381e8aae0c0d2dbc22b6d64d7bd4c562e11c32ce039a38748977d16bbb7a42dc8953a9595657092bc00b13b9460271e87955c94acadce868561e63384052a109b20ff427290df3e4eca90eb6d156845367af0a5cfdbe9b789d8d303bd8812514c52a6020942a934719900cee3a025dcd762761b352b43b55b3deaa9c3fb
+
+COUNT = 2
+EntropyInput = 3ce860b2f263f5a3af097d593b20c8b9cff355222f61c3ca2d061f4758a152ed
+Nonce = 4c6962ad0cde672679f1173cb7d44fd2
+PersonalizationString = 
+EntropyInputReseed = a24e7709d56eeec0f170d3e592f48fb597a90223cee1363d32d11dda1f9fbaca
+AdditionalInputReseed = 103e9e06c95a3d9e91d4a526042b46505fef7337a690d7183651018f952721d9
+AdditionalInput = 123fd5cf3a6e2112f63468a1879be42d27ea961669c8116f7b1c9a4decadc42b
+AdditionalInput = 35ee851801ffe045ee4c82e1301b5b605847dadb486ada41fd10a14c3d44045d
+ReturnedBits = 01120bf339fd23c7a57416de328fecee0c6361fb662542991c29553a0d1343f868138d49e53d4af69bdf193b89e47aa7ac0f2f78c8220bc959df79199d2b7c2d9de2c3b9c777b274e109df147cc4355ef5e4091f278010e489ecc37e244d5a977f6bc24d06da5ef4b8a99a2db18f10e6f644c38a17a2314870e4c7a7a5c9dd64
+
+COUNT = 3
+EntropyInput = bcfdf9e3fb3dd96b72f754d1534dd90ce58f0ad9dc523d7b48ab8309108ffc68
+Nonce = f17887289f63c865cb1aaf7aecbde562
+PersonalizationString = 
+EntropyInputReseed = 0257a1ccf267e1e59bc6230433eac9ec1694f17fe7ca238f15bc1d67168bc352
+AdditionalInputReseed = f01dba143bd6ba1e4102d01f10cddf868e99e4370247ace6f84e723f7cbade2b
+AdditionalInput = dfe5632760b5ecdbfc05b55df014f808ae690aa2bdff172e5effd79cf429aa15
+AdditionalInput = 0fcda4029ad1f9b16bc3f0386c6ef897f446b5a4c5604ae5c50b38b4f2d77e82
+ReturnedBits = d855ee23bc14483f4c2b5ef44ac3a3510fe6fdabe721e5dd143fe6c20362ceb72008aa5c2979f5c2915640108acea7e0dcf0f68f5ca85830cd7e42085b3b3e994109c094beaf7798c4e68b01dc23d1c3e60fd6ee5c243545d6cfc98712edc4a0d188458095646fc126c7dec1a5888dc107ff4de9ee1afd2d5db04796d3ab4178
+
+COUNT = 4
+EntropyInput = 31cbe4035a5d5162eecd529b074e34a8b22277790734fe2ee68c2f71c96c5d27
+Nonce = d5bc85ca6f4e60eda148cb6d1185c492
+PersonalizationString = 
+EntropyInputReseed = 6a80886c428484d51616a95205bb4efc9478fdb3782781461dae4999b35d012e
+AdditionalInputReseed = e525d6cb638c62d07a8bc984ab10f224a340e0b9f6fe60219a920dd55b2634b6
+AdditionalInput = 05240978d5d7e812e0f626b6e45e469cb1eb0a3e8410ce38004e2dfa74a368cf
+AdditionalInput = bd8ccf4665d16dd9db5ffd1f740007aeabdbee09fedd16561afb7b8e3ce5e318
+ReturnedBits = 991120b7e87b711b0299e6c23c76910f3c57227db8337f445a650d697bcef9aeac8937148cc67b9b48797ff26dd19ebbba3bccc8e06760e54ae887263f67ab502d7abf3db52cf3808091493b5a7786ad2332fccbd1dd6ff321a68a11594ad85289accb95b77d6ef2cf294d291395f77bec6d1d600592bd2750d7c0dc1eb56db3
+
+COUNT = 5
+EntropyInput = 01380a06d4e6b9204780f2e3e2fc1ab8ce98de026be812093fcbb887078da6cb
+Nonce = 2478d63e27769fabb9738d971295a872
+PersonalizationString = 
+EntropyInputReseed = 658bc7b3b4c4b8ed801e60084070844a5aa9aedf8a5bf5ae9323669a989e8bfc
+AdditionalInputReseed = 537d50ded11a08b9b307cc92a8d5f5ea5016802e9bcad955d163d2141c6e37b0
+AdditionalInput = df2b057b19a9e3239d86bb120de2a0315fb3a939441cf3bf31b8c1ff9108ab12
+AdditionalInput = ea7af84983224c69b23429f762393dca9daf24f2f64ede5fa9e382049520a734
+ReturnedBits = 26604f664c716ab90da0c79487fea6ca115b6b3b73d5f7a93eb0fb82b5573b008777de9a53c7c3ed49014b64fd30d491346da8fbbc78d604093b6aa816aab748618e17017c95ad2d1e1b87e6da2db2d225a9f7e7a9ca9f3955e82591c08953817ef80e559880b0a6e02baec2d557759fbf0ee3d06d3f03c02e2aaf86b764c363
+
+COUNT = 6
+EntropyInput = de045f9ec302685a69bbd044142f2fccf85e394a1f3e7630a96f9490c6b44806
+Nonce = 209cdcf3829425a2797e2aea9cbc1767
+PersonalizationString = 
+EntropyInputReseed = ad9676020bd17670d483b3fca80f8b822f10adf2670fd382bd316dfaa6e233df
+AdditionalInputReseed = f592b78e992c0b8d3859b64fca9759faedb54f1dd773df303efefacf32c1e60e
+AdditionalInput = a18f3415cb73269abd47873bbb1013ae06adcec23149d3f51bef64b93fa36d76
+AdditionalInput = 59d6cdb465b33050f9a4993d1f03b3a063f28da64f0eb9d779c3f4a6dd4d10c5
+ReturnedBits = da1c652e69afabe0245244a71682eaed5e34ac72eb3241c182aaa443141e453d396ac5009b56dc75bb01874dd8eef864d7638d01a55d12bfca276c1e2b7125b411fde8722cb4098ee639a1c8cb5f6f160e710b777781396982cbc80d74dee74f7a395097a6882bf60343f99de4d20ff8f30fa1832643ca74f7002a57be77ce57
+
+COUNT = 7
+EntropyInput = 2fe25cd9b9a4e558ecd860df4636db6f5a9619cacc4012dd0f82e3a1ebe59bf3
+Nonce = 96cb549e231ff8e40fdbdf26fc814826
+PersonalizationString = 
+EntropyInputReseed = 3cc4a2a6224b91f1c5f55978b98e70fe260e1d29d4aec227497f12584a55d733
+AdditionalInputReseed = 10e7b6158b558492143fc9989baa8f0a78438c257570888b6fd9256469a84c6e
+AdditionalInput = b8485695f4271f75573438069c76f492118cb879a93dbb3ca3f600a94eca5e7c
+AdditionalInput = 791bd7ce4c079fdbafe283f8b0953e42e6e78a61f11a1870cb8f2b7e1926569d
+ReturnedBits = bf5387a560cc18098bfb7550410389167b73191f2a9f8cf7e74517f5364a053af807fb693f9fe7bcc3638b2aeb75df2b2456bdf2a9d93ea64cd38c1d8fd11c6f769dce41f4451ccb4ae11e5eebf34dc44ff860ad65aeeb3083d11a70aa4de3add3531fb4283fe6ca8aaa99540440956c15dbcbfd21ee7ed48a4e7644a1781052
+
+COUNT = 8
+EntropyInput = 6e5cd43a7b6da4b5843ad6ae639a220d49ea3ac5acf686017420d695aa3b1cea
+Nonce = 81c76941e1014bc7d083e8c957005f5f
+PersonalizationString = 
+EntropyInputReseed = c41e40bc4b38ef522fc4c8246718abedb720acfbfb6b0a714097c6d4995f2556
+AdditionalInputReseed = 20f310c8330d6dfa40569dc2eae38d2960776a94a4f83351df11d5e18fe7bf8f
+AdditionalInput = 0e18e0a12638ef9d939dc37d352f0d97e3c6880aba367cb9421ede15ef257b6b
+AdditionalInput = 2a9f0a1d263e7ac1fcda048c3192f1f7bde55c7ca0cb646884f5a71a9815c325
+ReturnedBits = 9d01efca07bc85fa837d18b926196abab358a4ae6a601165bef19d465fbc6322dae0766c930ebf35f438079de283f325d5242a90d6cc587ff6185f43bb035260b4680ecd861cdb9a1014c49d6742b47129e91b7b53349b6e9bfc31a34d8193b00a9402641d5d14aff1548c1a8f4ea89076450ff547e75d4ba2c2b4b33783add5
+
+COUNT = 9
+EntropyInput = 51c5f7e4b6bdce7c34b98d0b68de8d1ef8063d7a5240880bd9cf8c37a22ba55d
+Nonce = 35da4528f042387e6f61d4b98be5f4b1
+PersonalizationString = 
+EntropyInputReseed = 1c717013d06aa17c2d6a6c46c45d969c8ada1b206a31220ffe47ecdc1bdcb115
+AdditionalInputReseed = 9ab7930a1b0c7ddd3899e7dd5a32755582617619e87704349da1f9d9694d13f6
+AdditionalInput = bfaab1f4664f781c027bb56d0279de1c371441b5266f1676ad3a4102847af13b
+AdditionalInput = 2ddb00a1a10303a4874bf775d3bae7fcd4891bf422a4714555364db99be91df7
+ReturnedBits = 4c1c145123ef0cf2506119bf4225d27ca46eac126041146475d89cbdcf7196d3ef02057844e3df29ba6d6a0b97fe8c6372bf434b9b26e25d44870c84765a4d10138bb6000ff169fe49fa3c7b35f7d01bf9bbe90cc1ba2e1db42c9181202c6cb5f53573972badfc002254e4f6313ffb47a1933022620c1039a29bde67536047b2
+
+COUNT = 10
+EntropyInput = 8abb492e8bdfcb7ba83b54f3c09f7ba72b8eae9c673879d92775ba8b44ec8845
+Nonce = f0d87e1b58978c0b1e8c906ace08c75e
+PersonalizationString = 
+EntropyInputReseed = 68c42ff47bb9cda08ee18e6c56bf4cf9425427fd02dfd7456bd6991c61d1cf4e
+AdditionalInputReseed = 93c3a1c58f3830779e723fdc62e6080b9015ac9ad9b68a302b67c8c7d18a3c98
+AdditionalInput = 46f585f7585d1ddd16468fcb3e7da1730b29cdcfd52c384296fd6e5f73acc136
+AdditionalInput = ca7ebe30b97625890b90e46688a4f1dcf73ff1229813f44fceba83766eb9e4b3
+ReturnedBits = 04e664f4fb24bd86bf0f23b62b7feaaf38e4f8b69e5e5dc84f6697cc774f162888fbeb31f570ca371417a139d6c0e2b85e5e1c1229b3e9dabf1880c59f09fa093313220d3e42e14edc898ea5098836a817ec36c3337ded4b921efcdf31dad02efebf67628656f38fd233b196861f02e1f68dbc059f38665507d9ffe94f9289e1
+
+COUNT = 11
+EntropyInput = 086d91cb27bfa15f19f116a361f5d83ac7f43388416e1a39a6a185b2b44ba05e
+Nonce = 620250b21970267967625ab5bd6cc6b7
+PersonalizationString = 
+EntropyInputReseed = db89e435b7045e1e783f2ac139c1c09aa900c5a1cc9403ba960bab8845109ae0
+AdditionalInputReseed = 36ff00966df30bc6268f9bb442074e172e7f8884a6d325f12b38ed4814baff7d
+AdditionalInput = 59b90de7a0a66fe37d19493442dbd9b4cbc08d3bc16c152e688bcb76d14415dd
+AdditionalInput = 276918fd0662f3b7b8c389e5e807fe087d89484caa9ae36f72a625f8ec36b965
+ReturnedBits = 42a82cc0fd84f0f62e011b46d01e63d963db55e1ea644ba8078b97d12b0c732cfc77f97cc98e689dfdea4cbe4501df5e150c674e18067168ea1f8acc3e6fd4c65254a6136d0f44b0e4f26bf13a923c7668bf72f0efd58f09191ab6db611b26fc25108e19956c81a2acca3342bb3e51bba2977f746f29a3dcfe5a42816a67aef4
+
+COUNT = 12
+EntropyInput = e760d8db7bbc295c110b44fc20e1fa8c1b8249c2ac6ba0ef8d6f267e7d29edc7
+Nonce = 85d5ce77c26c78fb3c723924766b5624
+PersonalizationString = 
+EntropyInputReseed = e2ee85112f2eec91568627795354c735c76d2b2811797705ad0757a41f357c30
+AdditionalInputReseed = 78f4fb0641638260af2984a4266bdd8c1e6633873e5542b0373d5af8c274e007
+AdditionalInput = f34ec4cac5b7aab2067a4101b94a3bd2f911d6fdde660a91e00f1a122119a912
+AdditionalInput = dd6aa5996ca270ca6f326258333aaf9eb1eac1d93bb0752062b2abfd1281109e
+ReturnedBits = e6dd0f5504974cd26f30a470ad8ab985e2175e16aff43bb88937dc52c2258aed6706b17e7599d152b0b29a5cddac8ee60c052017789d65d797d87a3d7496504d840954bb5adfb55317140821507e7648c8baa7ff0b56ebc89ba6d602e07505b0b2d84070a2a0291388bcc8ef112a2bd3fb62849e9b9cd78651dfaf1bb46b0978
+
+COUNT = 13
+EntropyInput = 821a0b06a6276bd2f30f2c2bf4c1f6a5d890ad15bed9532e7e4eb16caf75395a
+Nonce = b1e0a10ef01853213185529e66d356a8
+PersonalizationString = 
+EntropyInputReseed = 0d9142bf9931b2648f73164261ca35dc76c357e74ea192c7c7dfc1f40cfaa459
+AdditionalInputReseed = 10aff5a45d9782fcf72ac06a54784062e0b9c9bf152e1df62d2d379ab3aa7bd0
+AdditionalInput = 7299f152f8bf9da8c2adb5e0a52d0bfd9e23f462aee1e2ac83f43cc051b6b34c
+AdditionalInput = 1662a5d55d065b90b28920370ca49ce4b05bb83648596f062357462e85f8405e
+ReturnedBits = 9dfae8b06118af28bbf322ff756781b78ea2f76899bd35272fe7c121f7c079bbedc970e388fbc7e66c4927b0c15967ba92cc9dfaadd0d8413665b3a58b0d739d5173fefdff08c13198c94eb9de0ce56e9c4f4a6544b48d189c4863e179f55f34bcf2bf19641c5788cae8b9ce2b5ee35683c88fdb1106440f49696aeeef785004
+
+COUNT = 14
+EntropyInput = 7337406ce4eec1558eadc3ef4c7b4660548f7cbc090c108c50bbd38bc2e97a42
+Nonce = f28b2a6e2aedb2eb379d7a96e7fa60ed
+PersonalizationString = 
+EntropyInputReseed = cc152703d86f756bceba560d2d838c81dce9cc65ba4784eecfb2e29bc33610d5
+AdditionalInputReseed = 4ef77988cf1f8d76011cc0d6a4aa2d0bceddc40724a33db3f79509911ac8ee67
+AdditionalInput = 0bbbdb5aa6c597ab9180d833a4ecec0b022c1def899a9e4b4034e5757b9a6d2d
+AdditionalInput = ea89752756e74844ea372d3e6f729ef6865527b2979e44ffbe1a7975667b12d3
+ReturnedBits = 61d4a6ad51bc7f4dbf52e6d9b52f2335a6e542a814e49723d3a365116bed38f39a9636f0f16bd4554fd1a202dfdef71a40c51b1e8f93f76cc4622c4336465493a8c8fe5f7f152c9901e65ad83c5857166180b72c31671beac8f45793c57c763718cefb036db2832760f8a6d961b9c9b04e0fe43178e4919d4a5a24dc44a1bee6
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = bcba2cbc1c9791fc89f0ab2dec2b11a5b7e9bd87cdd88e305ec70c0196f10c0c
+Nonce = 0511c10d243ad7e4d5246d3a757910a9
+PersonalizationString = c1f18c48a62bea81b6e261aa7514e9127714d3904bc9a64b8153290e428a1b77
+EntropyInputReseed = 50793585a0f3bb37d15723b0cc18d8680c8624ae38309625719fc919503d90c1
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fce8160695400a4552448232bec1f45a3a8982d919d4de6c7431c46aac02e15ca9ba3cd7a2c0dfd9f73e27f7b6608cb87b186092d772569ea406e3a9562b3af58c9cd3fe7616df45fb2fa5060da0b883fc26dff6fc76896226b1bf9c7f784947754e3652bebe97fc2455fc36b3b694cfb9f37ee51790eb5e4ed3d5ff155393a7
+
+COUNT = 1
+EntropyInput = 8d485c24b057911796c04d8ad40b7dd6756cf35c3ba6d79926891d9424ce8fa0
+Nonce = 344b6f28f5e83af65b2a3eabd1c5aaa9
+PersonalizationString = 269cda11bc81fe85d230d64c801eda09aa3051d6d712b6736ad4d651566090e6
+EntropyInputReseed = 2456f3b2df53d70eb83ffe6e45c91233b28aff6665aee28fd665c3aa5519be3a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 6cc3a35cd2d63e87488ab3c7aa02d16a04d672593c10a61c9760fcee4ce6f370b813c26be8b83234720493582a92b816ff445effb7448de768572836fa941e0fee5bfc4bae9726ac2c3d3b0b9796d7c706121c91e699f6b7746b88983772418bb496961aef29d168c707d779ca92168dd4922b3a1e20c273aac912ce8ce5e0ad
+
+COUNT = 2
+EntropyInput = c6c41771817b5986da758c738a62466472a7e9cc72d2fed9c8dfe58f797b7fa5
+Nonce = 5b9dd666cbaf593d16c500adb1e8a077
+PersonalizationString = 5270e554dd0eb0f87800a2e90f840a46e973c8288fa97f9d7a6eaeaf253e493e
+EntropyInputReseed = 822ba8d6c330c246c488e274659bb4ca533cc18656b9d7869f900778000c64e7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4cf7391eaafcecef489d1cde06881b74469ff04b9b9acd20544c859d79aa04ceffd0174f7faee644dc801a4420f9d02543c0f589b048997c8d610081e31b5d1e5f1e39ba6fd515312b7ce2f006791d79e7dc02d2f39d77f276399fd7097848fb1438c2fffcf7a686221bc127df2e1cb83d37067dc329b980299d5e706b21ddb5
+
+COUNT = 3
+EntropyInput = df164f8827dbfaba39edea6a902828ab8f0dbf7d5da7002febdbfea84a9d6b62
+Nonce = 817d7b06bb08109e51ccf8fd00259809
+PersonalizationString = 1c7575a3bc41b1d08e88dc27185114094989ca4dc4bbee073a0157ff5dee0cb2
+EntropyInputReseed = 98f5d9d49c30cea2879ab1a6ddfc139ddd506416171b4603d8fbe52e933cef3f
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0ea237947223711f5afc5aaaa44b88c5ef1e86a7221936dbe3a358efb0888ed79392989698022cea9e8af69bc59e11291261f7739b8216ca949207e5deee6bc85b4a967a0ae858d20f9ad6d4c5d18bef3bea6bd94aef25c5c38bae9cc498eb44c6dfab61c6260df1b1e398257ae71495450753be05b15b5a4922922934685460
+
+COUNT = 4
+EntropyInput = 3eb600d5090c5e9cb9d1aefaaac71164b3822e056ded343fa7e0f15cf5fb7c44
+Nonce = 9e9769f81fabd6cc68d015f25fb46e16
+PersonalizationString = 91b24a5ab0186f530db5285bed7fee1574f80346d25de312e612addfe08b3794
+EntropyInputReseed = 84c4466523ba6553205658ae9b8ba56e09aa3370009f548792341491f27340bd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 394f75635c7f1de32d2304a08e282c1d0e7292ad4a9955a69f0e3b60a363a9e84d39bb5ace2718b7fd10b3c8e7b500be8c6356f7e74c141c54b2628ea338dcb3da8213ca02fb19aa0594ec008a4f5af4e3bec15d2c00d7f49a1c81f7a4041213ce5d41fec11f56580f0e305f6edd2154804e0440e77a5010f7eb78304760d5fe
+
+COUNT = 5
+EntropyInput = 3772974147cd3e3b00d39b1cf88a2672ab8127a5dca5580b38b94dbfae668d98
+Nonce = a7de66248f502ecf5a08769b2b46f8cd
+PersonalizationString = 9be274631fb55b81d3810cf0d2dffd4ae7f9dacbaadc0342f7e7c5472b5fd9cf
+EntropyInputReseed = 30640862670f368d8bd86fbe59553e4619d0c4bbc4b34de8eeaf8cf952fe200d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = faff9fac229a9d5a8f8ec6c4a71385b73d14adda41cc5da2043afba5652e7bb974b22b73caac181580dae23c47f1c069001e4b81aad01c5c88d21b62480a1ff594041291c0c1ed6a8d67dc42818598de5447acc13284a5088e408d09b3bc8efc1f03a3047b4717f635dc698e1b78c5a1e2a60e80443174064d811c808521c213
+
+COUNT = 6
+EntropyInput = c8c12e08b3c7a4d81b6cf7a6fdb3acd9ffbe7766a8b52c657f74ca0323f36e70
+Nonce = 29ea62742851205f1eaaeee678f64b8c
+PersonalizationString = c6828c5888a769cf88d7d37863f81d726c52aafee9ab0243ddfee2e0ab69041b
+EntropyInputReseed = 03445cac9e1a944ca07f091d58ff155e939f668c2312a06879077f7d1d21a249
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ddb9986a50b6c1fa4ca8b03ba89c588a6a97b2a293c1b99866a5a52d5c22ce00fb84a0eb7466607336910778c9579b41f30773ae50a93ce6a6e15f0afa42f9c485fe4dc792abf9829c498508b5df058739873b7ccc4e8a4056e4820b1b772f0ace057fb49763d5cecce49f608373b1f2355254bad081a7abd7aeac0f4364cc8d
+
+COUNT = 7
+EntropyInput = ee170b8bf9cf900a8dc0586ffead46fba7ed6f7b9ca219fd2cf38e80ef1086af
+Nonce = d51dd7df7e16526d9a58d21f7384a7bc
+PersonalizationString = 049719203c8691ffd613c96f3040f134a4086c54fb6f1d3befead91017fa6edd
+EntropyInputReseed = a9e9b6bcbb06805e9ab1128c91c6cb86e78c88e5afa4ad7de9da3c89d1910b81
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7023cb8cc3ff87b8505e88f174830722d9cf44835d26140d810c6afb27e546e4be5f6a75fef5e57d71286522ebccccaab8c56e6e07deceec4369091447ac6a681048f0a313fdd216d02323ea972b9d9f104b995b2442bb8ff42c518bd83b60df95edfb959f3133117a51da58c0a314329e7bd2485cb4646018174dbef126a657
+
+COUNT = 8
+EntropyInput = 5ef165d75a9560218b7922535b61f601c0f729a91f02e236cc2fe4a8890d4891
+Nonce = 07f0da8237e4ed2773bd2d9cddf06203
+PersonalizationString = 3c85c73fcdd1a5276a6070b1bbd5c77cc34569ce716abb69dae39457bb83d771
+EntropyInputReseed = d77e2434059b791d7b6fe36ef5e361714ca7e29be1537158564baa244768ea90
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5341e01be7de7f2e80333b192c493511471c2c509e69bb8d3ab9c62e815c73893846e3efa297aa8d195398610ae7e9ac2ebb25a4dd8bb3cb0d6a847615b6f856cf3184325694bfdb17a65f48a4b91a6954c82156256a77a1701394fef38a84c265e643f74e5c810ee35cd0a95f08815ef5533e250012d60a4561323316ef05fe
+
+COUNT = 9
+EntropyInput = c99a28dfb7caf801d76353d38f2fc3eb705e36e24c2af9e49dc28cf06cb1f768
+Nonce = c5281cd8dd979470e7812f271cc7a8a5
+PersonalizationString = 977d3620db131bdb42aaa0427e564406fbababc6fd39b4b67d80ea73d601c71c
+EntropyInputReseed = 6f2430e12def384a0d3dfa2038d3f078954a355ac13510d27fe9c96e05087bd8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = bef87a5784120dee0a650b8ada95f6ad2d39ba6526e4657789f4d50585770825e2949a5899dd2af996620d87214b26f7b1c9f6e08b2d3554b8c763b1f24bebd8739eb72db21e4d3075f239b60164e3fa51808178af384da374571a705e162ff29627cc93abe8e2df92155f7ca7a493d6f9f271afa39e6b2a6292d75ccd395972
+
+COUNT = 10
+EntropyInput = 9f356b5d23dcf7c2c334ab0ec2c98b444b801f4ec033d7448b703d88347f5f57
+Nonce = 0a757acbf989cdf0ccdda4db88d6f20d
+PersonalizationString = 4dcac228a6acb4a3233ed46c3a4d3cb544fbdc187f0a56b144a9e058ca20e42b
+EntropyInputReseed = e782988929133e80977e9aab62625c14cc047a3588bf191456883985ef536680
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4509ab3a80b1190971e2ccd5f23fcbf0f0cc12e6b5ba3b3c96dd649c98fe031e7cd330226aaf12c24fe23d9cfa5fa18fe1dd6d019542adbf17247b58d4f653da1c2370fcf63478b1aed78d3e486c1b877c8115a0c12fa1af5d8155ed90fddafe2db121ce697b869a567045e00b439359615ee909a9286e711950d62b66ed0421
+
+COUNT = 11
+EntropyInput = a6885ae6116997f0486c12f911b467b3a41b07fca9ceee9ea3bcc95397fdc98b
+Nonce = fa6f84dd2c46714639d3e9e3c9e27b03
+PersonalizationString = 185095c9192699777aec9a35fb822fc9ed77b7c1fc46490731ba857ced589aec
+EntropyInputReseed = a6c9b8fa3a6ad4784f68541779b9b8f4838a2bc9e48adecce4c53217e9b49821
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a893f83897c001291e28c18c9c5ec588fad08842aa6c22db5863ba80bbeb923f79b7bef80cb0144c0da02fb6d372a2fa13c9ecf00d4415e5a734ee65eca5446c21cc8982dd75429abbcde6faec27d4e3a77b0f621f30ac92d06fd1b7b22d2bf8a8750051b3863187357067e6cbe3c599b50b0ed7a2da50ae6427a2f147315864
+
+COUNT = 12
+EntropyInput = b2e60639a237f6e6468cee8b64a420f230a870540cbb2e0e8e415ce0d0bed2ea
+Nonce = bb25b808a5f94bc52ba593a256b8a6c8
+PersonalizationString = af61a7d32f27d9867ee92a4bd29457131f965e05bc1463a1d40844b3542987f7
+EntropyInputReseed = 9085bae1fec7309ef65442196a4cd3eec3b62f7eddbabdb5c08911b09e1f047b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = b3c74b8e3061a2b25887ea68b28b23c10e477246bec3a45bf4a4f1cd362ca9a8c1da7dbfd40828738e40ac0bd35692a036220e2854b03e04057c2bbed32231f7584a8f1444aedda7093cd3ea3be855e9bc2cf7a2396e3cc2e2b154a188b4dde8e337ac9b79ef1d1471f1546d74251f3842a016023abf9279404f9f899571db9d
+
+COUNT = 13
+EntropyInput = 1db46589b42243db6fe8ffef22b02d043b7a04dc379eff96636f5e86fe5a042c
+Nonce = d162aa3b89574eacbda93f92cda6ea5b
+PersonalizationString = 9636fd261e2ee6f7ffccd3bb614f835231a48a60234fe456140fa08afe2f593c
+EntropyInputReseed = 7c9c24789afc96ab44621fb37f4fed523f40614966554a27c9cbbc61a9e517fd
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d312c8f275bcf4637478b030413daa7a62c26253bc523de1a55bb031e15dd4ab94bc2a86fd77a2cc9028a44340d735b26e6b61883c5b3484e381bd2de4403c4aeffe43584e6f829e43a821d93f26da3680676912cf64f827b6ea05b19c9c05275cebc73989b412fadf23c8c551240d35f32ca031101e69e89d607a87935b7d07
+
+COUNT = 14
+EntropyInput = 7b9e7545d3eb5c28fbf9e4ceae860bf77cb349ebc8aa7b55286284d34eafffe1
+Nonce = 6407fbef5b119107a72f8c68dd3d83dc
+PersonalizationString = 78fbbe340d3f64262a3da5cfe9fb4d4c78bd5d526233ed17cc00b690a3ea01dd
+EntropyInputReseed = 80d6249c047f9039553d1e476b406a93199a65a7e1a8208f85592582d0f7fbe3
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = de398481d3df49d329d54eebe4ceb47965ae75a72d6f1603da4696268efc78349907cc63fa387f2d566d0fd0a941eb04787881b73d19524fc6471c6d66ee763e89ffa7150b09fe324cf4b7739e9ed185c9e2c81a6cefb394016493ee9ba28ddb4732cb470eef916278039b6b2bb1b317805842b89c1309c7f90960945e4d4772
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 29286254b5dbecfc64744c6a97486ecffe887b644994550df4f89b6c3e268f93
+Nonce = 252d57865aa145d14ec0a1527831100c
+PersonalizationString = 5c92073f4d6de35c40dc771769e56a0029cc3ef2cbbeae5519044321697062e1
+EntropyInputReseed = 7ff1f24b8c99c380eeb95ea98ab886cff22b8cf3808a9df36f428a020db9cf71
+AdditionalInputReseed = 2a79a7d6c8f6ac9c729c92b2aef4a890daf3bc3bca0f225fe314c215a4ee46f0
+AdditionalInput = 25b46bb4e5854dc4883173466f70d7697c6662220959b4ba17ed590562a6c78a
+AdditionalInput = f6d7ce0cddfc3bee16acf0f1d7bf0662efc10126f6a51dff8aa0a1d7b39449bb
+ReturnedBits = a4f62dfc15bf4decb2e0a83fbb06c2188fc83a64b9d6cb555d160ddba3a9ae9ee1bb63530c9dae6a880a27efce0c201a8d1ebecc80f393361128e89434847b1f45a8e2fd180e6d768fce8b193e62e7960b447b1e523cac6e1e48de6d4cc1e8a462b35965efcd8b382d0a8832b6b7f07839049a666a6f75d71ba563250ef1ddc5
+
+COUNT = 1
+EntropyInput = 31b481407fc52afc0c890a77b0895ad214a456e859b2c4379a5065a328d17528
+Nonce = b22dfc3ae053e47915f3c5f588f5a5d2
+PersonalizationString = 07eb0650b5ef5fefb8cbb00bd22e2b52572331e5a04b11d763dddbb8ef752b4b
+EntropyInputReseed = 66721dc25f73f70c51645a0bd0fbd5561f6d0e6b9a1c69464aa3d41fe39ffe5e
+AdditionalInputReseed = 0a4073b239855a94bc6bafb698b24eafacd8a54480e8c54dced7332c7783b7ed
+AdditionalInput = a30cd2a57417b2826d790e3da69a1c80f42cffb825f07c7c6cbe9dae35f560a6
+AdditionalInput = e30cc33498e9be01e77a1f36454c09023bffa9f3d4425978410c60f9a981ac66
+ReturnedBits = 02edcf7bd1e61e9fa04f1433282674700ad3d4694ccb86b30584737bbe3cec5b6b90072c54b54ffe7c5475b98d9a592d4effcd0ce827f162dfdcaac167800b0c05ba8a2881fb8feb35b198b3f4f15f85839165477a40af324d8df207ff17e2040080c491c2cd4f2522baa08b9c02a3ba9a98d6d4a4b37c4d55689d795551662d
+
+COUNT = 2
+EntropyInput = 766cec7f6a59d987e3d8015bb5e68a0731f50772284abf92ae0751addafbf0b6
+Nonce = c664c1939418b5d6a9e85ed1acbada76
+PersonalizationString = f6376d81c6fd1aed4f119e78fd7ac85b8b3e8de92f2f722ab3b8d836b0e747ac
+EntropyInputReseed = 0be7c8154df9440e97c65a2e588855b4531a073045c5014bf9984f15352f182d
+AdditionalInputReseed = b5df070bd4f7934c74d705c657eecc52cc21a57776a7ad4ff9478438e87db140
+AdditionalInput = 59f17ac9dcb7072542e149f8b68dfe5c22898c4d3877756ee88d8efefdf875b4
+AdditionalInput = b2503740f6ac6d0ee80e4e1817a2706f46615218a1a36350012f92c8559580aa
+ReturnedBits = e429406438a1a2a69d8593c40866ace2c78d69aa34ff6e67935bb77390625f207f7f4a52c882b0ffe3361574107002c6064ac806402135d1035c99f98618e074a28a0c302fde9b834c64d646fc06a64f1bb67f95fb09a9b83be3fc0e1296298b452f0b5f25a4927c54f6eff96aff3d804eb35f43e5798b5f71dc1c2d3f135aee
+
+COUNT = 3
+EntropyInput = fe15da4e042c27386e080f9bf17c89041a667262679107feb63fe1620a566fe0
+Nonce = 5d6ae4338524f53159a9673fa1fd57fc
+PersonalizationString = 08fdf1c42e1cd062ebf35c8aab0bcff86f3a66480fcca14f9e26e1d5ca3478fb
+EntropyInputReseed = 71b22c246ad371259c307562bfe4a9f0b760d0f6aeb4a1d646c38a8918508162
+AdditionalInputReseed = ca04e9ff15385f0532804c2dfdffa2e209d42ac09d181b480a8b8e597a4a8ed8
+AdditionalInput = 2576e9b49bd406a07e15054a8f93eefa186b59564745b0a2ecf7ea91dbb2e850
+AdditionalInput = fade8e20781fb07ff9336f745ba9613df8a8315b5da1f3025c2df8a2b8a4e671
+ReturnedBits = 3ab79350f55140a43800d1789d1b9dee9d82ed27dcbbe23ca005abc94812383486f659d6c1f684897e4f8ba9495e265e9ef92f0848dfe392422bc2a30a7f6b184111ca101b7788050be96c7b39538412ec841330d4a90864e6c1a06aee2f3e9afa016e1e644361b5f158490f6db3cacd9029caa598efc49dd6425d6004fa3454
+
+COUNT = 4
+EntropyInput = 1763fa8e6a1138dd225a28809878fd453178cb43fd209c3f57ec4075410213d0
+Nonce = 0fd39ed27b13bb7839c734bdc5007c2e
+PersonalizationString = 6af53639c6e91e534dea38b20b602e44c473dc2b7ac14116f3710d0dd8710862
+EntropyInputReseed = 4ae3f6b0b8a1c62d061239b00e11840c28bb676c1bd3b54c3bd001dd1a620137
+AdditionalInputReseed = 15be9a4c7fcaba1983ec9017cb51533ca650a1769ef46390e94d355fe1923094
+AdditionalInput = 1d05b6f8a634b958754bf644106b2b509615f958992cf5adb2956851238a84c7
+AdditionalInput = b45590876ad7a1cfe241b8091e8b1d3f421be69be3ece5896d340ecc2632a10c
+ReturnedBits = 042f4070afd8e14c96b768d2b31427174ab2dcdfcf272f03984ffbbe734d3058dbe5875db0d8a17620c6695dfe1ba30a96b4a61e4b4e7114d776dce1ab306332990a3d35b9fa58f5ad41b0319953291c6f3143e8a45c733b50cf4f022d956f2ffe036b78327793b79a707828364d88ee67b359542c8131946bffa2da0c5ba180
+
+COUNT = 5
+EntropyInput = a0d1355624bb8a7cdc20ec542c007240ccf9dfb567596bc5b17a28f6b605a4f3
+Nonce = d830f0011588887f9f5f09361102824b
+PersonalizationString = 81c4bfc93f4cbbb64ea8491c85500fa33ef14a818fcae4fdc092a00b370a1e27
+EntropyInputReseed = 79daeb15ff47fab92a6efdb1e63645141f795924d511c268b2b03a4070399365
+AdditionalInputReseed = 2e40d5bd44f89da04afba8765979b5aa3087fd2faa3906249cae6d5a822dab73
+AdditionalInput = b096a7705b262fffef73a94de5bade670f56099b7f5ec9f333ebee84da7a3af8
+AdditionalInput = 2b5a70169d642029eabcf1d06de0a39ceb9a41ac0f087cff54bdf5143242dbed
+ReturnedBits = e81024db1651d31d4048dc6d8bea785aef2c47aae75582488b8d681e77796eb64a3d3f0c5d876fff19b12a2f2939f49fbb0a6e709d86ebe69443c0071ba75c8c3587f2960bb2daeb78e04fe3424daeaf0c7ae3a272e4c8ae314b5588682d6b3b852c4bfa5ebeb169ef5c89bf1a935fbdd83b4bf8275df4674de54143a091d842
+
+COUNT = 6
+EntropyInput = 2504b161cd34ce441baa453fc3a2c05ee5817ac737665a5e5a297207cd4cf206
+Nonce = 43fbe12ab48c9e81c712513eeb672b63
+PersonalizationString = 4c16ecb056c492b89e8b79e5b88c7cd1238fc7d7fd65e999b37ee2d4c615ebb7
+EntropyInputReseed = 25e54726a2d91245669ba73af2c12cbb13eb234626ad6c8dd00ebb53bb55dcc6
+AdditionalInputReseed = 539ee1e8da706f978247cd055e6a95c25199844c2b484c940ace39938cd285ad
+AdditionalInput = 7fe2ea090f3dd6fa1ae2a55a202918c420130694e5e603f685f382fe862f9b8a
+AdditionalInput = 1a07e403b01b72f029deabeef248e090b58f417e97111246db13727565f6167b
+ReturnedBits = c2e01d180bd3b53c0032f543e89ca6a6ee834de2974cf72079a7280b27e7976c5e4e3836bb5115152ca381330c24f46da637cd9f22ef895a5d11bf928e0734e38cb5530a2e916af4019d462a49fd3bd07a2312b95c30ad8cea1d4f8db8f230e984172266412fe5d9d268734611841064d928d23dfb8ef1335f502d0d7dde9e8a
+
+COUNT = 7
+EntropyInput = 8d2e8b33b20b9543459c5b1d4c1e156deda303f7ecad27ae14c7221b25ab6633
+Nonce = 21a991ef68e3f8d9dea0515fb20101b3
+PersonalizationString = 965d830cb8de3b3cb1f401c135e936f5bb79c6e411d552736cef1142bf45115b
+EntropyInputReseed = 1e8d7e47c22bd0a18c431e221543ce040f1210a292d639991c943b03743f9a64
+AdditionalInputReseed = ac433644e838f834fba80c54233057017d3af265ab18d0ffce885839097bdbcd
+AdditionalInput = 0fac6bab66dfd3e17577aa5e5343f6d175c76152413d04dbf31782cc06e4f4b3
+AdditionalInput = 3869f098577d261e54ba8ba49abd8ec720502d8ddc441d723e09eb81a4f4b37c
+ReturnedBits = 18981e56a0507305b13e7a768f6ae6835a0cc8afcdce313dadbb432e55c58dadfb6bffe5b590d1ecd0da4049fffd4e3b552c994b03c51ef0d4d5fd9a763308702ecfe45b253613ca3cbfeb8b658d320f09c502190d1ab2bebb4bd9a24ba3aaddc5d1264a52976c1866e2ac83ea46b7e02c1b72e44e2e2f72e7ee38adac986a69
+
+COUNT = 8
+EntropyInput = 1d1865fbe30604316a5ecf9df040423440b7156410d3c532fe80a552422c7894
+Nonce = e9f978612779caade2975e37bd1e2ed5
+PersonalizationString = 46e6c89da4e6d874135b7c13702bfe7273a7a33e527f53cfd1c2555d420baa51
+EntropyInputReseed = 5ee0a130b668d3530ddfda1fa3783c73d0538be77c366c9a85fad1b820f401b9
+AdditionalInputReseed = f84db1c6c34861d1aa5d3a423137d6421cac3f606f3ef7289a7a8c7b56c20b2f
+AdditionalInput = b6dd72a82955bbc12e5bd986652b4848397bf01847b52aa06fb91ed746ebdf0a
+AdditionalInput = 69310a389cca4db2fb0e15e1bcc29c625ea8a0bac7adf804c2939130b952181f
+ReturnedBits = dcceb2940660fdd89962d726b883bd868cb585917cee36557748c6caa8532ae0359d4a5078cf82776816ad133036a3f76a9b67f3e520da8a89fd4d7652982e89eccf976621cded491f4ecc4ea47d5685f8fc51f19d65eb08b6997282ba3511ef7aaa965410f78252b721b9fe2d2f2b5ac969b50bbdc6e6f65ee9fda10601d915
+
+COUNT = 9
+EntropyInput = 7e83f8984adeaa78a76b834babc4eb1bf31a011b60868c5719f15667cf3f256b
+Nonce = 62a1adbb4ba48e2ec87630485d764dee
+PersonalizationString = 57126e9c2e682d1faff74fb2d9e71fd2383bcdd8bc1e660ff5e9a82887a2ea66
+EntropyInputReseed = 5d4313eacfc767612e0c3d7535e664fa349f29d95b0eff0103129638cd7d80de
+AdditionalInputReseed = 6fa503ba8c0d4093eb9495ab085e6c7688b3882fd85f4deb57a3f172a5e7a9a3
+AdditionalInput = ea887d8db2159c947aff3a0efe2a5a9ce29d163268568cfea7340b9d3a500883
+AdditionalInput = f45bf3f928e8d09a7972fa037145f394e8d0bee542a6678322a9eba765da47c5
+ReturnedBits = f4ed77f1b7fef3e448ae9844a8163eef1ce98de3174e9250f58fb9b2c903bb0be27cd11f3a24e36fa3db11d00022b392045aa6391fd9607d71069a006eefded096072f551ad2186b02e5a743e628697729066475e1c86f9fda78ce739328eeabbf36a281b9df8597e784f2294757f234822411c8378bc3aada15fbd0d3313450
+
+COUNT = 10
+EntropyInput = 87e8b894f8be64ae6383f1053316c3afbd5730bc52de611631c2fa9e6a94a239
+Nonce = 885066488558432529f1c30abae409e9
+PersonalizationString = e876df9191d29fe86656a91be0c8c5c9c78ac0c405990549770abdaf1ac51f2d
+EntropyInputReseed = 2c2317a39b1027743e42e9492f260914f84b200fe7690ca49e1e2c6ce8ee7538
+AdditionalInputReseed = 4a5c2f1a7a83c875c50ecc2b26d99ed9afc0d58648abf16b23f0cb0619fc85f3
+AdditionalInput = d8efcd6eef2f3ac4cb22c607c83791e458ed546f7b31ce894684937f12a8491c
+AdditionalInput = 17c8182a8c07de48125231356373a5d8117d8b5aa95ec20875b6944c426ab8b8
+ReturnedBits = dbe2d3117a793a4c6351731971aa7667f4e60893b31002bedcb3323efa996e643d6e1c378f0b0c52a94bf680093cbb447ace465c0a4de7db19a63e62968cf59749365099fc250bccca07ebc46082a3f67671ce1ed4ae1f58d47bedf1499f3b112ccd5163fb6df1ff31be184c4183ba27165c804c791669959e606b354f3ba18d
+
+COUNT = 11
+EntropyInput = 990420cddf1f4c60852c5916585f182e0b354e62793dc250c5aa31eaaa1ee2a3
+Nonce = c0645b6d9fe7138dc1ab4059823c09e1
+PersonalizationString = 3352e7cd119a83c4956fd1baee20596ddf564777227828505dbb32680a66ae74
+EntropyInputReseed = bb4939c39e768d2c0decc1e785bf00047749caa81178a3157226b57d5beef566
+AdditionalInputReseed = 81fcf7e97db7008b5fa63447677a46fa8424ed5a5c67d0c0f59e4767aee638a6
+AdditionalInput = 34eb5adfe128144d1944f9ae194d1dee4c1b00cc93ddac2a1a52fe7e95333291
+AdditionalInput = 9ed8ff9f5b4aaf6e602a8716739fe300ade5bd06f4cddd22ff6d3bfa62e36119
+ReturnedBits = 0f7f06abe944dbd464672236c5b074660e8fc7a020bb3ae11ef8e389ede8d6cdd7e4e49c4eb3d3ab47b1b244fd4b6959bace0a4bd14aa616579dec233ac28e5d3e6eb34870460ae1e397003ddbeff2b5fd49b4afc4b26eb196a98b1433a130c961ffd343acea143886d68f33dd95a8f5134e7517bf3a980685feff930763885d
+
+COUNT = 12
+EntropyInput = fbdb06cf8fe3e15e6e192855dd5fbf2731cf563c40f6926c102fcaef9f6b730d
+Nonce = 8b17c9fbd7e39669127ad0a7d84b73cf
+PersonalizationString = 43eaeab92aa01dfae5c76522534949cf6a29468eb6dff390a45f53d6ba816b6b
+EntropyInputReseed = 55a07443262f8163f70c89702e0617c89f80ccc3d7a38aa03f08e7acca57808a
+AdditionalInputReseed = f3aa910e17d7dcb0ffd8aa123853efda339042cbc6b289e48f77bb8bfb2e2bf8
+AdditionalInput = f72da3cd3da628edfc43b667030ac0a9ff94db1426febb808fbc70835f0a7bf6
+AdditionalInput = 8c6872a2c66389940f731ddfee36c557b9e5608833f9e1f04f25c265e20d33ca
+ReturnedBits = e4087a4079c46efa2ee08177d008345d35778474dc5926bd1bd67a61ca4da9b49713890c8795487dd72c7d8fc6b2f527edbf220dfee6b7d750822aea3b26626aaee5a337456c5aa297cbb6ebbe8cdc11f21f6b825e03b9e87fcd5b6bdd0ef301595ec7fbc2548b93ccdafa85abe37a46e438c0ee4cadb512f57171b0a8be75a8
+
+COUNT = 13
+EntropyInput = ebae68d91247a176e0c4e31320bb2168494f5249752973b83bd1a6eee17d0815
+Nonce = ba0726ab5f8c7aaf631c37f3e081a0c9
+PersonalizationString = c4e2b376d1550dcd36e818cc48364aad5cdfa2dca87b1218025338ce8f6ab2e3
+EntropyInputReseed = 03ea8b9babc1bf0fe7c90813bbd9c572eeb8187aa589307deac0a14f7f32a290
+AdditionalInputReseed = 0588b3e2667556b486deda175ec58910776e299635139e1c0b021373374edca3
+AdditionalInput = e5aed9d8bb4b58cfbf237eef00caf550585ad906c40a10971a25351a92331fe3
+AdditionalInput = 57c614ced1415f3d16c060b004c8041c9fb26d5ed245576d43c676029ed6491b
+ReturnedBits = d65043c24e894cf33609c9604521fac06806b4657d7d3b4ad59fff70a488f41013c1cf836c4ea5d3b6066089a7b0881d56fe9fcc670ae9136e1494efb0085b96861f9590b62488d47220969cb6305d9b102b4c4607a8a5c4fee6ebd68d09de87667a2a8c0a3dd56ba680d8ddd3801a2eb9a2ad1c7d67efabf0b3ce44c21b0ce2
+
+COUNT = 14
+EntropyInput = 1a987a88e2c490be07b12473790230ab05066c9614401acb7903c3523b57dbfa
+Nonce = 44b47f7cd3cf53f1981289311a3cd417
+PersonalizationString = e1348663a0f754f283641ab95c218017616b9da189a30ddcf13c937baf662a41
+EntropyInputReseed = aabd29e89ff981f5ab1acc7e1707c96eaf930a4d301fbe84dc300bf937a6eec1
+AdditionalInputReseed = 2ae8ba955e499186c1fcf9f9d557a7f9d963b2f9fa91421397e65c4bbf1efb9b
+AdditionalInput = 092b418c28e34e5d2f9a9c0ab4d6dd55c0c31c68c14b487592c448571f899811
+AdditionalInput = 8ec2a4e7e257f1fda5d597f3c61438b4fb2abae915ba022186491893b3b53987
+ReturnedBits = 5bdcdff81211ef87618f8aa3d25764f8b80d4a76bdfd3192fc0daea3a0c085650f337f27d6f60459449f82262b163790c8a08f350aad4b8ceb37ca5ea2dfeecd14a7cc128979421456d5e75c6717e7e5ebd2383c3ab26f29606bea67c66efe17e4b365051f204bdaa6c22891a27c6474a8b9dee3061b5844a9a3cd2af887fdf2
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 8431d61506397e80ef35e229755c853afca9ee0a70f43f48a70bbba193719a71
+Nonce = f84eddf483f6972bf7b3305ce063bef5
+PersonalizationString = 
+EntropyInputReseed = 39e8615359d8a653bee4d969e01f4d71b6e9808097871659493e7a7f59fcc439
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ee532248399f165bd429f3e4b0d93cc29ec6b1b268ab0f55eea07e8352650fc6c02fa9094d9ff4bad76f0ee04e31e3938094d0b46b1392167a458dbb3552fbb8fb4355d1d556158d73d89e745d6711ecd28afab21e15541a9399581c96236e53b828e2ac633faebd35856bdac8de491686ba63514f336d44c59bd69c118911ec
+
+COUNT = 1
+EntropyInput = 866a3a712e3e98adbdb4bb597cfa462d3bb7e282fb2c9e147286bfb4b3a21912
+Nonce = ec1e3bce9e9345dc8106e5bcd6a36a6d
+PersonalizationString = 
+EntropyInputReseed = c13be4d68e674937fe58ad5dbb106756a87767176cd565434fd73a8ea5cf5597
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = fc766d1446bc2a834031e45ac689e4f8f66ce3a688f56b06c87dad6f6b471917e2887cc3e1946a2254e940023bfc02419cccd813e12c8c5756c67a84c47b0ac64e806889e32ab8597901fc36c8cb8a5d515e9ae85c50ea939e1a7d1a5895e71f6e92bbc88fc47a340b85097d25a5d4973b7714d17f07c77d1686af0d8886ce31
+
+COUNT = 2
+EntropyInput = 822b84b701bb87d90697c3c952ddf465f1fee6bb91bceee20b1e1be8260f0b4a
+Nonce = 537312da52387e8e8f87a0b50b4a2a54
+PersonalizationString = 
+EntropyInputReseed = e2eb4a5d2daf8de70acb0b075494e0fd3278c9602b45db94c062e4b8f8666e9b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 57bfaafaeb6fe3730551160e49d17ca7c2163e5db6161a3ce8c7ba0613f210069b82fdfe0f3787083822d0cfd22405cca7bcb0958351935895b0bc17eb2a99e2362a973010b3f7a69b0aecfbfcafa6d8a7e89bfafa4774e2f7b49bc776ac976dad43b9541dd5d3be6bede6abde326e21da7f48a8d43ddcb8b8c81b9d3e9a8fcc
+
+COUNT = 3
+EntropyInput = 10978df0be846987409b7e567ac685cde4ec84b28cbf1f4baa183eb47ea9ef09
+Nonce = 5f46249f4ff2d9dbc8cf98c12dce2dac
+PersonalizationString = 
+EntropyInputReseed = 0be8dc5142eda9832cfa4edddc782b732ef1ab578dc0cfa50654320d6b4e6fad
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 650df01dd3c977a065ac54cc9fe6bb588cebe60e2a83f03e9818d175947270d2aa0999aa6e5fedee5ee3a4ab7c62a19e95babb3596bf567dd7be9cd6b73377831b09d1533efec4890ce955bcdff5a1af813101b1ec3e3f3666efe7c587a2d69118a6cac0f8b55e9e96ee528895a6a5ef02a2f5a2df7fcbf118eaeeeed370a64d
+
+COUNT = 4
+EntropyInput = 3e0771195e8cdea0207d296354c6dd09f73569b31649b58e64b11917dcc3bc2e
+Nonce = 8baa3addd1c9b2d5fa6fd93473d119e7
+PersonalizationString = 
+EntropyInputReseed = 507ebc83973c4ee594849698f53a719f8e27c6438c91b6ff3228358b83bbe981
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = d637787ae5e1ccb2b1ae8875c0aca9ef1f4984c4aad6437e51844ae86635dd05520b1abe5f17bb64e90d9852dfbe383b32f34810d23e6c5e891f9ff1be4d730b765e9f94d52fbcbc9745f5ee3fd9bdebbee1dc8c70efd903a1718069323b93ff4a86e8db6ec2e2f6e735c3fea3e75771a244f1f57c1528e0fc60fb8d9bbda9ae
+
+COUNT = 5
+EntropyInput = 940463932905fa8a8be58d2898a613dc303baf0e76a61fef11d9fcb2af6c2bad
+Nonce = 58f6f3ef216a208310249c721006a443
+PersonalizationString = 
+EntropyInputReseed = d7c186253abfaa995d72ef3c9a2ea70954e2dde001e7d060dcc64f5a997e81bf
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 5431ed8874efdd44a4cdc3263449e186ef35aee56b57f5c0f590589e8f0117cbc4d73564ab7ada08528798d191e47333d6a186384d3a518447f86b50401786c680d43812230254cc16c441eb72b15200efa45f463549cb5e15adc2441a035de16fb81c12d1924e7d280f62fb1fe0f3866ca5cb6c569e006c39a17bddf013849e
+
+COUNT = 6
+EntropyInput = d032a9414c85d6c5c6493f1b402eabfe4c9b3fb12d2143f27dbfbd10f5647c48
+Nonce = a29b1be8e0d887b4412c404b694a3b2f
+PersonalizationString = 
+EntropyInputReseed = c3280188e211f945bd124f1577e29317d0d4f1f6f90c4065d15976194dfa2407
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 0b24cd5291cc94e00148fb6617fe2203afe49e3b6b4997842022cc2113a391f282eda00aabd6414eb162c06d15909522da8c5245f53d23e15d1e29d7c07afabc6e1dcacd14e4ed8e7a3e73aae66612ed63352bee779d43bd137855136abb53d2f8ccf0a8b1d17d52171501fcdfb5a125d02408817d1d03e7dc5c979968646ef6
+
+COUNT = 7
+EntropyInput = 1505f115d9e6ad625aab241bfead47928366827a045f98f82b1544bfe7b36228
+Nonce = a374caff7882fae81dd5a27a7a9d6139
+PersonalizationString = 
+EntropyInputReseed = 4612abbe1f52ae0c08d839d5f11fad3533170fd793e513fe77d72d715496a8a7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 9edd8d1d30d7a91f7bf96083bf31ee5cd25c52e1f6910d462bafa5a3e4023c09258d2abae2833b0bed88ffce076577cc5ac8b5193c669fb03141dc4cdf4d861a53545e656540880c9f4a60f43de6b8c148ef5be349fd3b9ac2985b11a53625a004cf8486d9fa1552ece2941798e76f51349ecdc87649dcd823f5e42517daa5d2
+
+COUNT = 8
+EntropyInput = ef7385f43deb3adcfce926a175f408844a582de4642cecc82e783a25d0490853
+Nonce = 839b47fb7536297c9e2cddede828d816
+PersonalizationString = 
+EntropyInputReseed = 485641f95e2ca1b577d313435c703c1a7cb3b4bb79a917360929e3d2060aa066
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7b66505145409d865b86eba61c238ccb01d9a24438c3a291723066bf19a8bf1e102f2eddc758616738797c6348c784b28989782f144aa43eb7e72dc83210efbe26cb09946e493b6574001fde6f9f09d427420511b3cc021addd3f6c3bb741b4dec13592414a5e1bd911fa1ae3b3fdf2e704dd69406325e61fe37bcee2e5d86e5
+
+COUNT = 9
+EntropyInput = 60bd6a8b6c0a2de61f24dd06e18fd14006609ea4b3f82c94e00a7a356d65cdf8
+Nonce = 0454f25a34b7ac46a9f684248efe99cc
+PersonalizationString = 
+EntropyInputReseed = d10fe87566eae778b3614820a7713a06d702fcb9d412760e98deae73e7a8d846
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3bfd612a8b92605e83f6328545060c98672910f85543ec18eaa302eb4df3a8c8bb86a3ed4266eef62d0d9b484b17a77b83d07d086042fe511add4163883f859729127bd38e5b5e6658ded9cf8af7c6d0b144dc7938e8aaa7306a4e99a5e83091ac43007b8584244d96a9296f3e7c3c777fa130196dbfb283663feaa565f03841
+
+COUNT = 10
+EntropyInput = 818b066c4d78ce4f2417209b3e7b5bb48eb25a2ac56c41245ea7f8cd027a752c
+Nonce = 33ea5b625fba106c2786aaafce1ce015
+PersonalizationString = 
+EntropyInputReseed = b38780ae620997b8a686f782e02585ca9babcd84c852a39f1a37a449aa3ca437
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 42462aff5d6fcac225a736f7df0caade7574a5cd83ed7aa4839c8c7bd46b5174e0fb2f884d4ccdf30c64c5bfb7d8a0d08536d7e61ad46f920f1176f0ba54bec36cf67963d8785d54d3f8c69d072270a61b59db9071d24621c967860009eea3220b6b82a86e1f764c21f232aaa70af1c162a8fc5882a748564aed2f45ae996e07
+
+COUNT = 11
+EntropyInput = 1a7027c35f66181650b942c5385287c63e3861439d3b7886564ba18f4cba278c
+Nonce = 3f31f7a44d71c46f444fc06476e241d0
+PersonalizationString = 
+EntropyInputReseed = d08f7e7bfe973b3f703d96a26e643282dd6a5b3496219033bda3a2e98731939a
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 814ac73c93c2abbb4e0786192a0b8ee37f5aeea75f9753e5a0c559d6e13b9bde00d2db9334844638c67c7fe48451f67888b979409bbc5281ab98604ea6ace8b72fc17e3d6dcdff0b0c4391ddb051031a604b027fa9c7956afe9040ed7d6ba18e032a91d2d0044b5f584b7ddabffa661c36c0c2fa6f05059e02ff5ad73ee5b0e2
+
+COUNT = 12
+EntropyInput = 47ea48f882117548af1f836cd2defc0a15fd4071fd95d04207159901fa9e4e0f
+Nonce = 24f93f2bfd670a680fa5c95f3378a5b6
+PersonalizationString = 
+EntropyInputReseed = 70dfb527604396fb42204d6273464870b797a9105361a4661977edd000e6c9a4
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 15f57eab409b6e3cf85590671dd33813d3e44f5dafc225889ce19c8209350e64ece6217ace826196e7fb890e30927ae4798d6906192f98404a916479d689df8301bd85ee5889fe84b7637afc49514ffac4777fd827f8650dcbf4b90619e929ee29b7aded59816fc2ddbff4f767bb580aedaf0f1444a692b1158964b84fd1f659
+
+COUNT = 13
+EntropyInput = 2795a728fa5d1ab52321efa6b8e07f0a5406bd3379d5b47b2881d05a47b1dc84
+Nonce = 9424605793983327e8e98420b859a7e0
+PersonalizationString = 
+EntropyInputReseed = 4df5356180423bd174192e59c0472b8dcdc29a1e02bff621eef8907f7e4e246b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 4884e5429d76361c12ac1db26dc6e4ce8a2751c38b17686863e7920eca739519825544b6936db3c05d11f31c151632ef176d50407bcc2ba8393b62721d82af6bb1b53d8f1609d5ce89d827a51f9fdc9e1884a5fc4cc84dad51deb56edb98241b42f45048da77d3db8c1b93453cfc6b9ce46dedf12c3ca97d6163c9634d94a919
+
+COUNT = 14
+EntropyInput = cb391e64b5ef694c5fc9e8d225aa825a07b327ce286391184650f7e925829bf6
+Nonce = 853640e7f7188a5cd2448cba272fcdfb
+PersonalizationString = 
+EntropyInputReseed = 71ddc8aad75e2c0192cddb92376129c2cb9b8b736715c2ffceaf19880616a088
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 875c36c142b6f20d3141a867a78559422a413e4aa5098bf9de63b465a63a5a4147c781eea933297ebccebbbec9e2b73925283087be9567191f5c53cd344b9e652ec792ca4179dd8b39c5b3f2796769c3fcbd66d0b8ea3e8055c40fe330da9e95c3a547b64c1231b3bb95de54ba682f662db91e3d3170fcbce3dc6f2eb9dcdd22
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 39c18e4471905c2141b79e0b5fe5a3026ae7bb7123d890603b43a41475176a29
+Nonce = be5d18725e17e9728a08068cc96bfef9
+PersonalizationString = 
+EntropyInputReseed = 54feb3b45798cb785238eceb750b3c6f5dcb8bdadf5fcaba7d8e8778a3a6d4a5
+AdditionalInputReseed = f0b773f3e8da00498b3f167f6cbe39b71995e8798f9f9c3798933c854fd570c4
+AdditionalInput = 22850fc613ae480c1aa646c292992714bf23f014384e61aeed84b8fdb1b53496
+AdditionalInput = d75c1bd9f7d8b87c7c00b323c7cd585cee6744ec17ed7b0007648573cae90402
+ReturnedBits = 5c194d800030333535369413f0ef17f7ee62a6809ef474e4817962a18a53d4335fea4796af552577bdc0e9de2b30ded67e87964a3da1a650185bb5bab8d83c53774f9df92aa7991fbe67e08223a90b5d75259ef883c1044193345a3ceedb5e4842758625b270eedce4ac55f1ca17f751eaef00f7a35a7c0fa879f64f8b0f9543
+
+COUNT = 1
+EntropyInput = c61fbbdb9ff5457fdc8318a43b1a6920e58967d004cab9c66d0150ee43c38a5c
+Nonce = 756dcdb77b91852759c4848772c086ca
+PersonalizationString = 
+EntropyInputReseed = ed5e67f3fb78ccbde6b127e0c244e687c6c4a3b8107dfc4b943dd09231e9723f
+AdditionalInputReseed = 7a01dc09c0109e65fb73c655952432a5480a3797a3e7485f433618cfed3fa834
+AdditionalInput = d1d3ac7a2f1b818a98ba7fc7b5ed32b302ace92e2b11105ee6674cab5d2a5d6a
+AdditionalInput = 261a87e7434df9efd173a12b3b0e3d3756fdf0f3707498b8ff925de3a2286fcb
+ReturnedBits = 1e28ed6af58f00feb6d4bac56489faeafb6bdfc54f38b3ea09bdf4cbe49aca9f59362df16944ac245d5405af2775620b38f456da1d246ffcd371c717cd2ad1a81c6490d20bf2e50465cc0d293692375f93f40c12d678306ecbf127769e0f771d93e4ead3dddf3da43a7a136703680ca3c42c53512dbc63f68b7179cc632d987d
+
+COUNT = 2
+EntropyInput = 26a0e233e82b652a8b1bc7d7022fc8cd2a68e448cb229d736a205a686c702050
+Nonce = 6e672ada2a7d91f32b6782665ac4fe05
+PersonalizationString = 
+EntropyInputReseed = e10b08da08bfaa79862556e43d5044e335ff06432cfaba132c244068b0584902
+AdditionalInputReseed = fdceea92c18b2615c93835fbb6601cd33711faf6141592008fc3c47a4a15470f
+AdditionalInput = ab1b981a6381f8a800cde41e65bc5a8708d78a3473134ca16c93e723d8c13096
+AdditionalInput = 69982960fa6f299a3cece71017c0bf9e9ac2de1609e4044da25eab6f3d346b45
+ReturnedBits = 9f0dfeebd0226f1651570fce4b6c398da61660a7bd6fbca587aebd876ce393eb92c5948808081a386e02af7a2a390347b7edcced072dd261dd18fe180a0e0c1dc3af56193c3c0c3b222bbe6cbf5c582429c0a9fa4ecd3f2f76c205818bab205d8a2a06d49824853d8a7b65c42586df6783aefde96c6b8d336abd7cbeb97eda1e
+
+COUNT = 3
+EntropyInput = 78d887bf3e73e00310f0b0b59e70ad8c05164a1ec7ca3bed53a9af11d56ca7be
+Nonce = b30e2aaa9fac5c1fd38be61497211ab1
+PersonalizationString = 
+EntropyInputReseed = 81f7e689028c9d45b2c8b671a6098f5347e04b44bfd68689f9129566445b322a
+AdditionalInputReseed = 40b061d63d1d93d317e3ad81a7c57849fb4f306b79cc78d027fc8f3d6e2edec3
+AdditionalInput = 0af607b892e83b3f342cb6bbaaf52c5341875eb0d8cbd45b55c2de959248a111
+AdditionalInput = 499f904b8dde43100106a5c838868abf7b7219bfeb843c4ebcf7b8549a86a7c0
+ReturnedBits = 97e0ac7ebfc82df49ea8b9d1a936ca66e1fb54ffa747f641bdf50d22b5dab6367c12e0245b73b911e951357c50fde0eaf32224981379149e454ac74582dec3adbd796081ed61191eb4e5e37c003682e83ca4043833d2ac8a77ba0af129e747ba5f2809dfbd1998a6525cd43ce8f730f9e63541c08f1401bbe076879f0e979884
+
+COUNT = 4
+EntropyInput = 817aadcb5cc04f69ca219cc57ceae78f070c1613413f5ce7ed086ab9635d8b85
+Nonce = adf1136f1da10acae16150f25a68b690
+PersonalizationString = 
+EntropyInputReseed = 22f6b1363ea98f2e87985d685dc696258e87d820b54029238f8bb463cbdf5a31
+AdditionalInputReseed = 50e48b335a149bf35cff6451082dc6af870eb9aa56d7c5dad7f58483ed384d79
+AdditionalInput = f1c5a47564e90c16d04391d5001763352fb9f1688184eeb77bf60d582797de99
+AdditionalInput = 5aa0886f486d2b56844d7992155311dd317ab4cbfcf161819b94b7b6854fc457
+ReturnedBits = 664a8f0aff57684efb85570667e206c72e4d9b004d6616524de5630489fc757ac36d94f9b9e4ab376cb5d70fe51acd7545e3f23852cb545fd0485b34b1d5236f393017555d32120f3e1753fb44afae47b94de7be4fee0a31526f0ca2ca80c272dafba701b90e38a33e1b9d4744745f67f1a5c41791198aa63bb2f5a3c4a50224
+
+COUNT = 5
+EntropyInput = e1432538d0bdc43ea82345d046ae2b073ef2deab0fa65d4a65cff5a3996881f7
+Nonce = c39424489f1f27e1d92e694613d031dd
+PersonalizationString = 
+EntropyInputReseed = e16a4ea77936eb7a55a17eeadef810e123b79cf60658ddab3da86585063f2116
+AdditionalInputReseed = 6c5c504cdb679e45605f5a491596b00b2f1010b1c6ec4e17c845cdc660274b68
+AdditionalInput = ea49ea7d63d1dd4ca882c3f0051489df1ce3e204d95a8320625791df9accdea8
+AdditionalInput = d04218ea53b21da97dc63d37194400c0e2cdcef2b427a303a8b8dbfc6e54efb5
+ReturnedBits = 58679378fd3a839e3ff758a2104811211b5a6f63e998eb5326e3871870c5cc09a649a46e03030a8104fa52aaa1cc0d00ed81e6e83b4a9bf6c531879be728a6f4fd5ff683710047f2db42c7498fdb1de73674b79264ecc17d1e8656953802a49d548c7fe850f53fa743ef8fefd32dee3f6816d38648ab6cb7aca8c83f8c3925bb
+
+COUNT = 6
+EntropyInput = 1487d793e56dc3867d3f33c9204a8d057bfd228208215eb0f161e11792102794
+Nonce = d5e871ca318a6cda1e4aaa0d697d79df
+PersonalizationString = 
+EntropyInputReseed = 76f885f6c18187a06b75e52a6a1a438d1ee3fdf3440e2aa9d3dd34ab46f44b9d
+AdditionalInputReseed = 643d12c8cd8fc6cd718d91a77670db6f90af7b7a4e5b05d1803660833aed5678
+AdditionalInput = 4df6c1e02de6cd38d108eb61818cc46a5e3e31195f3ae62cb15bae1e442164d7
+AdditionalInput = 347d96accd3a0017f575470a480dd3768b32685e92980740fa6598bfa33fed76
+ReturnedBits = b5c50f0d9bc591d1df754192f6333d13bae2ac7405c3ef659f6271863ce16089315574dcf7aceabb40dc02f898a9296075745c6bd266bf39721ff834e97d64b9ac4988667b677b1e5fc87a2abad191f7269c1884912722d7c00e6d589603fe9764bf43fcd69a87f639b5d779e9b26f4e15f30292cf42d85f89db57dc91c8b9e7
+
+COUNT = 7
+EntropyInput = 40366f06f40d0ed1a25ec7c671586cdb094b3c48998a3621d54906421dd6397d
+Nonce = c843b6a39d1d6c79ebb0a924554a4409
+PersonalizationString = 
+EntropyInputReseed = ff78a5696f56d126012a152c8327f3e4b2c2ca5f05a9e26e326d145c53130f65
+AdditionalInputReseed = ddb1cd17ed8fdeefafa2a2170b894f0dee024402b6fa7d1156503a3166a3238b
+AdditionalInput = 96dd841a1f1a5f75bb0e1dcd6b462dd4021f2476547a7fee54842c77913d2349
+AdditionalInput = 43f267ffe203227d50d258f7c66a3133c522e3a76e0d2510062f26f05d757e62
+ReturnedBits = 3fc93a1d874f87f7c5ade39f41a0db2da17e4388f43da41bace8fe5656e3053653224ac137e030ffd271d7d8270039e4cff733ce3d6edc01b329d240c72928500a2ba96fb899d5f5473021248e903d9b9bf1ae5ea4df091cccf02b735eb1ba6bee80deb879386966e9905ed3895daf41905ad52430d069fb791410a302c14bf5
+
+COUNT = 8
+EntropyInput = 7c95533ba72a6cb2c07319060f447bf149e6fdc6da76cfb472eb54724b021f1b
+Nonce = cab140848787266a25c9ca47227d5f4c
+PersonalizationString = 
+EntropyInputReseed = c0c5ca59a1a97b3c39632bf91d23ed8237978b306ed0b2b5680c954489e622e5
+AdditionalInputReseed = abd2ee5dd73713488c2e35896213faa4615c412dc3be79e4532bd2732d73c6d7
+AdditionalInput = 9675e94cda0710cda4d395337f8fa5e340d3f35c826fde187302ce518b31b1a4
+AdditionalInput = 2b79becaf40b9f5a1d6a4e1153f837c2da3b5c16c0470c1c0fd71fbb6a75caad
+ReturnedBits = 17c0b863ea766e7da05606128617a75356ad76c77b939e021a2cd62ded01725bbd97da64749e0fd1b82112d30022dcc00c08941874e83e44c6854a9d3a188144ee91c8afe72acc35d7136e45f563fc57be606e071a9f25f8f4cfd2ca3ad0858ea70aa5cc62c395e8e58f4883f04e5cb1b72914f9c69b9abf7cea02b58b153ad3
+
+COUNT = 9
+EntropyInput = a2a45c6c2dc5cf02ec2025cc554d1a0f53d09b5af0655173269c8fd4c78df823
+Nonce = 711c71cbec8fd52fd2fd62fa85967663
+PersonalizationString = 
+EntropyInputReseed = 1378333a5e89e2ea1caa47a9e954fb19cdc7aa883884691dd29a4fa630feabee
+AdditionalInputReseed = fbfe40e62f9863ee7b5310a0dc8b5b7dde2f1812b5edb5ae6429b482c2ecc79b
+AdditionalInput = 93271af872d04b680d5e3dd58f96cb63c7dfd09c12f6886729ccfb7769b63e46
+AdditionalInput = 1dd8d97dac13761a9aad9afd5f6c1040ac270a006d8a236398e752f3e5358ca9
+ReturnedBits = c260a8d21815cbaae5d80089097c7cc048183bce547b22e3e8a71e19e0199a5d1512a4531d2f19b7ed68b02896704dfb3b8a5b588deb4182c5e57cc0a1b94fcaa1cd53f56b5dd2473136fac6395925d1f79d0d514ec039228238c7be9bbefcd2e69ec6abe09015d240bb09fe3a10fdd413a5c5ac9dd5c0f1054fe00892c28855
+
+COUNT = 10
+EntropyInput = 94335cd1fc76b0d42518f6d110a008666743f2ab25c94c6a4a81d00fb499672e
+Nonce = 8ecc9cc471cea7e5371950c7fbaf0967
+PersonalizationString = 
+EntropyInputReseed = 2ece128928e401d68e2f5e70d8ba9b6071a2dd9b4c4791cb32c8c9f829c11eaf
+AdditionalInputReseed = 2da9dd0eca2b5837795c2a3a380dc73c5eb7bb6d1cae50e20bfebcfee8aaa8d0
+AdditionalInput = b3dde869016fe7f3648b3ad9240bf386c8bc6b4755cf205885c198884a7aab73
+AdditionalInput = d45b298c45f9f6d01083fea6766e0d40e33630a2f6fb7bda6c81bac4291abf93
+ReturnedBits = b112892a3943ec96ac8ea4d9ca10bde37c8d2c93d5b7e61ceae108e8b62d15143d698321714af5d1a31787e4bf64378dabf69c7f77616ae704e30fe4262d0fb13e96c405175f13c74031c6bdf9f629c075813da4cbf33b2a82368e37a68f2f66f550a7ae3e30c9261fcf40da8defec3f5b27daea31214416ae8f2648c04c9f74
+
+COUNT = 11
+EntropyInput = 49cfca43ce2d1a2658ee33295061e06ba54b0af99615dcd01acee047a84415e0
+Nonce = 716633bd99f2fcbdb69e15d0f8fa83de
+PersonalizationString = 
+EntropyInputReseed = 3314e32a22dff3b39a087051e01fece69629aae36d7a78648b33747b446c72be
+AdditionalInputReseed = 2651e8b3cfa53e684e08dcd4ac095423d9d58aaf99df0cdae66104f923d97e8a
+AdditionalInput = df93ddfd30ea7f0f7efd12cf46dbd69cfbf6d487ee7a6a178c29294428697c8c
+AdditionalInput = 578321607ee9d8e8ba0c1009fd0bcc34bb9651ba8f4bf978070463dbf36b0ca1
+ReturnedBits = 671fc9585a22addb52c6c19300f48210029c9f4a75afc9cbe9d3c9c5b8342e0dfed5089ca158269521b173709cab51de0e1113c063d217096a7906daad6604ae5b3de8612f79b9eee8cec4771052fbfdd0e799a3aa0ba25ff68a03f51d1fbc3277451b71913b51e04def500f709ba8f3eab2055ce51ac752ce73745c690ebc71
+
+COUNT = 12
+EntropyInput = e22404ea13f8b54c52b4c017b727dab7ddd0da3b30298f9034a4529d02c2758f
+Nonce = 98e4b090533af4fcceb53f76007673e2
+PersonalizationString = 
+EntropyInputReseed = 7423beb12f1bbad32b109d354e4234d24beee40668b1d9129aff0c5ddfaa8cb5
+AdditionalInputReseed = 12290535f046a8e85731408518d8e6c07bba128622c754d2270f1b8efcb912ac
+AdditionalInput = 3b6fe285197b493bf97a3a08534eb88fc5e86d569003bdc1a84abaf44ecbba52
+AdditionalInput = 060bb157194d5d8ea2eb561e9fd34a42b1d6ad8ac98d310b1f16be011332757b
+ReturnedBits = 89ca4e473d4f52628b3ea144e47cec863e87dbd97eae61f76ffdd4315f0fe81e828e9ea49fae82f6ff122a160834edbf7355576887cdb1e9069f62e72268fe1ecc915c3701e9976bc1b6557f9d3ab40e0e35e1cf98d6db572c7d38659ddf367a3089e0a0d4d5252ba4b03ff559b608bc91c86651148d57390689eda1d312e449
+
+COUNT = 13
+EntropyInput = dbdfad30f70774e58df06098828cbee5fdf676e0ff67acbef7b9e539d50ec6be
+Nonce = 0dbe1ac3bf600e33ff4173ae5af3a19f
+PersonalizationString = 
+EntropyInputReseed = dafd010c52578eed93b777c007fcd9b6c63939bae457576a34989e072a00ea88
+AdditionalInputReseed = 6f192039abee3fe77955d31a4e0c2d82b718a1ca5608bd2d822b0a5bdaed8fd3
+AdditionalInput = ef8e36079918a8d503122fcb7e722b76f69ae05102fe60b9a4f43520f03f3091
+AdditionalInput = a6fa780b883b49adc28ef85622f0415ecbfb2deb0c8f4d356eded9d5044af28f
+ReturnedBits = eebaf267cac6d17b7da157c07b9b227b9468b07958ce640010ed287731d63cec1c209ceb560ef50302d0cccfbdc38372e21e62c9b7778d4fc1b9f102cb8a84f1ce0d56a0a8fceb9828670cdec900d2feb253696c1db83b78af37d300539bd6bde6fbd7f4b002718fd169fd960b03db8748d1e6c7c7f497aea48dbe38e488f59d
+
+COUNT = 14
+EntropyInput = c604361c40df73b500f2d78566c0f25de3a92508cb7e690c0e6982a7730d96cb
+Nonce = a9798f0e17277fe24512bbf64c4a8acc
+PersonalizationString = 
+EntropyInputReseed = c4a8c2310a0c28ca8ae126b1b8196f846da1b83d98494a2b3218111f8640b4de
+AdditionalInputReseed = 91bd389904cf3fc2529e92e1da74f7ef4d366a8a4de13d61a10163a6433d0070
+AdditionalInput = e477f4a8da464251a84d4027f67e9845bc3a9168571efc399811d9ef588b0acf
+AdditionalInput = 5b273c52c337cfa17b5a4f24fbbf2210d7b9d2cc11d1f22fdd3ef789d0d7d7ad
+ReturnedBits = 7175c03bb75a1a2669886dcce083ae15e52bcef053f8ef03c7b988e460c6899d4dd6afc4c23ba7fd012d602625cfd648c909045e1780e4861022e91f0f839a4671100b0854b1da64b45b29b753aa0a4161562b6b1677b6e7d89f0d45756347daddde7c71c05b94d20793ae46ae1d8b5b062dbb3dfa0eee84686cf2faf82f3764
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 278996dbb037a275971698054e7de85eb44b06e7a608aa7d9646e8a0b1f3ea1d
+Nonce = 393bb47171896e6b3ade83e3486d8cc6
+PersonalizationString = 9de1512030eb0dbd1b933d600edef66564677820175d10155551111ddfcd6b16
+EntropyInputReseed = a3be69a635073f21fc4dc191084229774afc6131d208160faefe4f7205b0f510
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = ddbdd96e206ab66cfc72e95f1d9551a549d01042f327573ea362e60684d10f07bd81342c9e0535391d16f61f9bae076714798fc26fff729e334212554a186d46ac4907e9720c23e9e7da96ce830d189421ac79e457203cdf208c058e1aa2980ed3f5c826a6c093b7af36252d17cf6de8a9bc1b05389b90d4749272b547190bd3
+
+COUNT = 1
+EntropyInput = 3cf9890dd9eaa9012acb5ff2d65603e33c1bf64bc66edab6059ee198dc9d9d14
+Nonce = 1606491231df54f4f855ccae7857ba61
+PersonalizationString = 338e3608dc403205cb5547563b794eeca9af0cab129e3d4fa44089d135bcb653
+EntropyInputReseed = b9de51f9d39d11d4eef221a6f406df37f6d83f74b5b061723601b4706f9c1be7
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 406adb505387bed7c59c16df80ceca9869f4e7584d3813eecf9177fffa36d356917f6397acdc697ebe6b8a56e8a5f064ce647ee36926ce5cf33da8be966d051a428bd96b39892bbffdc341927996a4c2018b227188c86755259af2469fbb19e20cad5185fa40f6c4558b84f333279b81186209193fd66b3147f5dc925365b8ec
+
+COUNT = 2
+EntropyInput = eafa9548440c0785ae3b939bc5cb3e3c17062e499add57da97ccc16d39cd22a0
+Nonce = 62e7b24bd0ff845c59bbb4c6c5fb1363
+PersonalizationString = e7d083b972459270bdc9b3303e87ff80cdceb6faa284dd53aa3ba44b60805707
+EntropyInputReseed = 3f386c5e53d99e78c519c2f8ddb2add43d71a4060f13ab29cb27350672d8a7de
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = efa3b13abd300fd5be3c27d4e38078fef163a4dcf650a60f25227304a5fa57049143df874ee55a5d5049a75a176739c3adce128c83d217c264eb9bac95b8ffe210d7b67830448bef8a471b11372d8b52d21190afc7c924e73debac48ed8bbae58c76cbe98d3ed221e8906b41089cd0a7e3b0c029401d24568aef7413d6dc889c
+
+COUNT = 3
+EntropyInput = 970f192838af08b37bed93144af2149146a4cf6cb18051f9e62c82294f88b40c
+Nonce = b4477a47379e9e4cbfafa54aa4f0c15e
+PersonalizationString = c9ae9ec24dd6f28380aec8afec784f22058a8323256abbbf625978949f485fc8
+EntropyInputReseed = aa72b2569b39bb44ac61e3bbffb5639afddadff29a4881b3867b2157bafb512d
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 709cf6335eb02287a94f69e59bf54a6ade807b638c6e7a984928c6c87028c541230d94683d22c016c2d11599dfd5f51ac7396edbefd51b2fa1cfa1231f7d836f0041094e86aa85baff7774821569ea234fa454dd80a536c8b3ddfc0373401dae417180836931408a7ebdf63f985bf4dd6e9306706d17f273b898ac8b4ec5443e
+
+COUNT = 4
+EntropyInput = db5c8c35f1a51ebb258cf3c2094d67e68f9cbb1e78cac8d6e18096cccdb6f029
+Nonce = 10418fbacad1658bfc3b47ac647ef296
+PersonalizationString = 5343b9c77328da7188b89fcd42d0189bc0839418b9a552a5549b2c0aa8d0ab5c
+EntropyInputReseed = 7328ac1baee6106e858909b579e77139d595f4e0eba3736b53c5d1ef91c9e201
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 55c90c50fbfe6843d89c77e06e9bc1f4733e5b775d4f9360d7fadb0a5daef32adbb4749669ca5b0a7558d35a4ff2969487832583099be3ed898f6b95a44a34d45c624dcc0197ceb59c71231ab7516df819c9c241461fbb27401f54f288326bf1eb5cac89c3e6c8167c64ecea382b4c756f35709274e628a6eb5fa5149a653ca8
+
+COUNT = 5
+EntropyInput = e32040d1d3ceed0d21dba6e6c5b46f9f9ef7f80a9abae7644c9dcc069e698462
+Nonce = db1de042dd469240b742b55bf34a61eb
+PersonalizationString = 235e3fb0b26797ead72e116d82ff3734bb1a02b6be5c2a109f63291c141d678e
+EntropyInputReseed = c3c2c044ce90759ae5787ee3037e9f2925dc8041aec240679ea54fbed2711732
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = a97a0d5e2289de5e6ca419bbbeb35aff62a14c579516ac6148a046bd891dac4734c79c4539233517b5914e4a9ee2a3d51700e7486aca79418fa325928bed7afcadd601bd799cc982440a6884cd5cf527a4efc0f4d475794a1a3289209e0d14bc5301f00a251132121f42e23d2498e181f947a97fb617ffff45b984a09526aef9
+
+COUNT = 6
+EntropyInput = 5ae9f2c90e39cedc578f18acb14394db49cb80a1317f5ab567a4c8b63a9e6550
+Nonce = 39de769c5f4b894c686db2a2a3b97ad4
+PersonalizationString = 23c2d91bc109dae6f88ade1b37a399409bfe3abb27f09fb025fe18f485bf4b22
+EntropyInputReseed = f333c012f5f7012927693d93d6b3d2a978f20beb7a6fe9097c98f65cf506cd07
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = cc5ee87e9874271158c684386745f459cef08c66a348a5ff218d7be578bb3daccadbaaffd7e3078084d918fe60bbf2ff6f7849209b40a83da4d9b0e20055db2e7e068256d43e6e9513af874a244baef7a8b09a47be0632a0386d8d18ff4de5c72a9d0b6cc7d3a7c8dd382ddf82ea50f21b2cf438acacf8c8f1cd6f945fcfc12d
+
+COUNT = 7
+EntropyInput = 90ee010553829e81ea71c62ac412b60703458ede8aacab15e648dafa892365c4
+Nonce = 21ebe01086e154f90b8ce4be93638f3f
+PersonalizationString = ed0abc312898b7f93fbecf2dd3182876057898355e446f9adb3ca79cc2194737
+EntropyInputReseed = 32a75ccb9d7a7f6c88b42858311100a4f221fdd9f5ec4558b9d0b04ea5416f97
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 1c75a2ca380ff16f5451bd66bdeff1e4d039b5d84f5aceffc6743eea079ddfa501afc131cb816823f57c6128462fa7d5da02fb2afe1e1b316e4b608e332fb3d32fb1c1bf52dd41cea2727f5fbf5bb554f468789305291a1c40b90693bed092a30ffafa222ddb9ceb4a12234be56e73fa677b483a8a74d837797f170d58e0d216
+
+COUNT = 8
+EntropyInput = 5becb2000835817520c2c4edb04b65f94158e5c57696006418fdd389cb7d16ba
+Nonce = 34a0bff67e1ba8b4e094b6929215fc7d
+PersonalizationString = 77f0602fd969bfa3b11c491f3807a8db031fcdd36562b15bddc8d149b5b783ed
+EntropyInputReseed = 9e48469e184947288143aa5a5d125446c5f2634fca489b369952ec58f8ddb181
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 2d47788e75f5323d276ceef04285d14ddd1b2b8fa93ba36c0c75ebc133f24499d32684d8b95ff1e91b2527bc4149df188caa133d1d598a888c53fd6e4942a9bf7d0735a924c2ddbd02536b96aa68e699d82709ec2317e68149616a834adcd40f83dc353fde30a58733519e66539014b70fce662dc0cbea54480fd3054a9641aa
+
+COUNT = 9
+EntropyInput = 524b93986270ed76ea32a889488019031ff5621a0bc31eb5c39f2bb822f97b64
+Nonce = e49c508b8a63909ccd45ac12bfd05d70
+PersonalizationString = c992da7cdd4feb6b8b90590b28cf3998879c2677b03ec36083baf66808e72ca2
+EntropyInputReseed = ef517ea595b58a86f450fd337b5db814026d14a6c99e6bd946c8bc9d9369650b
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 3abbcb5de10fd9b7468f37ce59b46955477ee0af263c38d0cecb5c5de541ef94b8bdfc935c121a2e51562ae88ff65ef2084a51c1b237da3f0b10db908ef4a278e288378a18ddb7432b9ec8de684b8381757e3d97f2fdf3874718067e7f7d0885e80a28af75568d3a007efcd972b2616e4f8c5664cbf5a4b388da4a3b538ccf85
+
+COUNT = 10
+EntropyInput = 0189d5d3d0137bf3f03f4f162b6dc488c6182c396d926fba3248a4c376438403
+Nonce = 3f733070b647bb218d0c9ad20001b8f2
+PersonalizationString = 925a4bf63558dbc46301f5012d4c9c152c2bcaa547e9d055747a66009238e2e5
+EntropyInputReseed = 54e42fc749068b558d5ea0f25ac104d1a85f8ba82da688ebc60924f749a4ba36
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 7d1223c4eff6e6f9cc7782b4cc71bb22dccca0a0ba5548ada4a9bf35f9b2f91125651152b825c5bb88078c39d777a69c382aafb035306b8a1f4c2447b871448e46e60faf71826e1c6205eef9e563a57cec8e5b0f485c72ba328d15c3907ee4144c248f2b3217dd62b31973be65c8871c35d84e9801b172e3de255fc96b4d013f
+
+COUNT = 11
+EntropyInput = 76ec61e312d61f39d7485824af93d2c4f0db9302eca03f45336d97f5cc93afeb
+Nonce = b224540bda117cd6b1fe4d452f089178
+PersonalizationString = 8f85076e7975b51d2961846b376330fdfe2c43f30d015747cf9e890972344e7b
+EntropyInputReseed = d047356ac397afcfab37b7cb70decc10e6d7f36c9651755db80f061918ad2128
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 18b2f8ed6dd6bfa1e6c82e6538899d000516ce71e5695fce18019dc8da4ef36ef3f2eca1eaaef8c459cbb95e487847994636564410d179fe63129d920b09cfae8a0e33c91831e16813c6c106a253f5adf15f8210409800d1b1c8d6c9d4c92621c9af90bebfa34e40dd27f95cf284ded7c6d3bcbca7228dcb10530ec3f1e086a8
+
+COUNT = 12
+EntropyInput = 5328e4373cf87d07454348f0b3dea49f50e3c774abcf5f5fdfcd255431794300
+Nonce = 760b360508f4e356e089ca22cc86bd78
+PersonalizationString = ba26cef77e762bc34cb01197a819d43b4d1d5fa6f67c6c9c39f052cc90ff00d8
+EntropyInputReseed = f408edebb6d965ff477fe3023fc58611814a48a76c3cbc8fd60e007ef3aa74ee
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = f9dfe7ef8115e322f081b3e5d2824cd07f951a8e3094e115c36faec2611026e719ea50899c9fefefc19b607c4610326f49801d6038fa0fbf3968ecd05291e96cfb3e0bee30e3992f4a4ca4ab442e131ca1ed63822ca93c66f264b96fffb27007f03ac00a422c7f8dabb8c15061f7b519c39282b5e7240fd27c17921cd958eeb4
+
+COUNT = 13
+EntropyInput = 68e99ea4077b1d44e9a87e5d3559e3a8ca831e8177f1a80e0ab775c5a37b3f54
+Nonce = cac3a47f2e6733225896aca30bd03863
+PersonalizationString = 6bae4878fa3628795aede9d57b6d08529da08772f50dd148f52fea773143b97f
+EntropyInputReseed = 722a71a59487103ae3c0c1212f7cd3bb6eaad90d75aa24f43d18850d4478584e
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = 594dfa973b7323f3f2ec08dcaaf1e4503d7e30eb2c64a2eee11a9adefd0e2a9b4c3e24b51af23ebf3e057f1546edaafcf3ad899a0cf7736f7165c33d4a241c0e46d6938d3d14bc384099cfd4f3a5e65e9ff246ca15ac587d2e2e82e02d1a7e0cb6c8b42b2f0ac94ab170fe32b6c8c33157da73349c4e091c976cf9ebcc97980e
+
+COUNT = 14
+EntropyInput = 91159b129f0d12460e7435165cf9cd35828d88fe5bb5a30198f1fa1f59158e98
+Nonce = 65048e5bdbfd1e37e59e810459ace34c
+PersonalizationString = 0aad93d9610421151c9bad2721b105e005cf2c26a75f4145de763863a7387db9
+EntropyInputReseed = aec01af48fe09bc6d646af49b1999567e3537af08853bb250be9ec413a2259c8
+AdditionalInputReseed = 
+AdditionalInput = 
+AdditionalInput = 
+ReturnedBits = afc10652630d2e29e34dfa6e99ee96d3ed88912b820dd71551bcc7ab99254087ef973b63782e8931ce25cc7d294b9ef08bb7a00245d97f8884456d65a2438005d61e9fa4de1199d9e701f7d379ebd02655bd1fa1ef2c74162e7454534fff46860bf61540c8a7c2c579c39aeb1544a027eac4f7771f68e4e7f2d859eff66d505e
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 46ca177944263f486a99756fff510eaff6a2e7e1328e6f880ae254b332505495
+Nonce = 85d52505eba6c3e68dbfe02fd572d70f
+PersonalizationString = b7ee353d3958e3e5606ecc0eb882c624eba8390fa17b7612d634131b5d3d0c91
+EntropyInputReseed = f7f447fdda2794d01aa72839cd58be2e44df932e577a11bb61421ad55e9cdce8
+AdditionalInputReseed = 2af675a85cf6d8f2e637c2cc4f05ba7b7a12f1981f13e294983e23015d97f03f
+AdditionalInput = 75951248cfe53e98da1870ab6f3210c94ace3a8abc432676283c4710f54d1c67
+AdditionalInput = 567337c9184d4341265e522b50b0afa9efaf5cd9d9dbef30c998e0b5dddbcad4
+ReturnedBits = b7f5614844965092aecb481fe6550c6aaa8c54c87a7492946756aaafcf1b567aba2a1b801adf7f62804a77d32c1278f365568b6f45cf70d22875a898a311f14d8a95c6ed7d3f23fbb6bcf5dd9863079895cb15a29bd908142586ed5b98254986dff772fcc208b69b84710f5f1de2e9d704ed4d6fa6fe96937c9cb3fd19ee9a61
+
+COUNT = 1
+EntropyInput = c416a96faa2b48844401c3d159dbb416ee0b6c30cfd16ea508a6fbf79aa3ed1e
+Nonce = 2c67731aab41b578024f4a31c718a6df
+PersonalizationString = 7bd6b83fbf4ef9e8d9d65d6ca0da01d3f3fe97b349d9ca30d52abf2a5d7a1a57
+EntropyInputReseed = fb31b00317f9a9a36d8a5b4aad97d22fec69dde88cd6cc71b06f0168603cbb5e
+AdditionalInputReseed = 415251a97ca5dac0c28aff80ec45216ebabc735bfcbfffa6dadaff4acc9d43a0
+AdditionalInput = 444f99f4c1bd9305da4e92097e90abb59723c22fb264272a1caa2b093402a597
+AdditionalInput = 084d9cceaa8c6ecd509979023b8bbda0feecb37dc7c0c798439072ed0c238713
+ReturnedBits = e62d27b5479bcad5b6e502424fe7e94f696528356de8be6a9e2a223d5ef48afa999c824675d29dcfa1cbd4312aa2d5f9035d89d91641cff1eb5d5f4aa09cafce9b3ebcf51c6a768435c27b1e666435c5e9c9d971ed574b14ed7ec3dc4fdc4205dd6cba84e381c8819acef98ff47e1198cc3f66b99d19910fefafa34819d8763c
+
+COUNT = 2
+EntropyInput = 40a4482d87b47c291a36827ae572c1aadafd323319b3f46b9a8d2e03959ad602
+Nonce = 45a526431e42de94d3cb4e325d3eb953
+PersonalizationString = 21e11c5a4c3fce3b499ee439678a8fd19c84c33e9a6f06f79b6aacbccc9d87a9
+EntropyInputReseed = fa2571ab6b6868cc9ef38f443ea04877e7ac66d9df9d6883a657cce904c53dba
+AdditionalInputReseed = 29da3c00155b1d97b551de9fa6e33673be8103ef974cd7de3dcd3410c443ed92
+AdditionalInput = c2f7b7f20b6e7577382ace705286ca6e739b4ff3cc395bb76476f013f74fcf1e
+AdditionalInput = c6ef4b5485a7d579b06737733365ec70fd3b03ffd4b46546f42850f77b452788
+ReturnedBits = a22d41cc403edfa43050720d9c76cb88777726cc22821376a512a33857f5fc3913c147c1f3f273b6957c2d7d340b78f8bf8600cf745e61687aa080752f7433e70c34355490980d8c508d5fc687c45569ccaa7aa70f4d18ecfaacaac2986c8537b6c6d0d2dca0cff9cf019c71f9aa6127ab8875d9315906f6d51a694860cc7817
+
+COUNT = 3
+EntropyInput = a4b1054ca2f6f13989aec66cc041bb9ecfcf53b0500ab5c7389fc8c8ea01a9c6
+Nonce = ceccc989f2831a94ef824a0c52fd8659
+PersonalizationString = e14711b413c2b8f6fb98516c2a3cf5e53aef84e4d5a07766d463f69d550ba3bb
+EntropyInputReseed = 479e2f870bd9614efd9bfc66d9588fc12c734884e5d426718f56c23b3498bc7b
+AdditionalInputReseed = 9dea3d1c0b24025036acf4e0e7056b0d0a9ece4fb928b8a6161593ee1fa358e1
+AdditionalInput = e48f7879f6d9c6c807471d768fb14f2eaad4a6309a0cb81c9b250478bce54bfc
+AdditionalInput = ab544116ddb1d90f47359b03f393a04e9b6a030194bf0551cc8031a3dae175a1
+ReturnedBits = 341965371d94892471d5e7e352d6fdcddb2d16ce5c853fa04c8479837d600801bee51e15ca53499597913437309eaacbe6bf44cb42b90fd2d1dadb2572d7934a296d6c47767da4a56726cd68cfff2aff9ecacc4358981045fe5cb158b02dae4e017c3cd4cdbcded7b4e6c8d8273112e899acde822f171d1b17a17247b9c71d1f
+
+COUNT = 4
+EntropyInput = 53158db6deaf023ffc23e3247aebcb4c8fbd0c80fc674590c396a65e767c61fe
+Nonce = 70cb90bcf5423a981f348b4678042beb
+PersonalizationString = d8d9c44ed254502325f3b685e7e8908f7ac4e92bb872cb2a3ec26ed9b35e22b9
+EntropyInputReseed = 7f31b403ea3446099a8feac19eebc789f32a71a7596f03b9929967284be33588
+AdditionalInputReseed = ece04b1232ba623e0e990fb9d9a6e4967b6ef3e8994d2bd8c35358b118b194bc
+AdditionalInput = cc0d5b04faa966785ece0da3dd9008cbe875dd7f7887a4eda50d8708d9147a52
+AdditionalInput = ed99231f13abd1344c902b7ba4669398a2684c3527b849e76d2216693ef6ef76
+ReturnedBits = d72d1f368ee46dc46c8d717c19b4cc5e66528ce6bd9c144ca326f6ecaabbfbcc2a18d41b787ac3f3a81be8bb9e849c4c291b7a2bb873b624fca521b38ee91f7966ffc5dacf570d5d36a0ad12c0701223d1a22cd67491e187a1f93c1d9af38f6b76107700455c85315ae7cdb9d3b72c5fae7b279772e272b283118b54ce2d093f
+
+COUNT = 5
+EntropyInput = 1a5e4307b432eb4f41cea44417495a88f3caaf996506d4d1516bb135b210628a
+Nonce = f9d7cf8c1ae7531eb1a27b57fda590af
+PersonalizationString = b8dc667c8f6c9960439ac9244154fa84d221e1d98a02975d04a4d3c9870bef63
+EntropyInputReseed = 02410741de20bff31fa249f29a3e64dae237dace062b7e1f2e09725fbf03880f
+AdditionalInputReseed = 15bef494a8730753512a1e615b79b8324c19f1a441c1cd1a1e7b0cedd450fd9b
+AdditionalInput = 6fb0116e73c648c0478ba3773bba84ec4132cd92e4417b65a82ffb6682c94246
+AdditionalInput = ede86e7671b4401cdaeec77aa66b35cc704a1234240c2fae5b5b1d4963b0aa4e
+ReturnedBits = 940d9c6a27efe35e5fa91c3da900118c1fc1496f5e65005c4bc1ce20b0adb8e6e0f40330b9226f0346923b2fb41049d9e0b4622d9ceac7c2b0b07c94a1252d15be28c5b693577d97be3d168624d837f54685a7f99b816e71ecc13cc269c424e845f0b5a9c03ac3dc768595780781d0d05ac491d215e683abd01e28dc25192a5c
+
+COUNT = 6
+EntropyInput = b15f4a942cd934fd29781070648d86b6a0196ec0d983b8537c93473dd1806b26
+Nonce = ef384d6b94d85eaeeca8ea2891090a86
+PersonalizationString = a731ff7a73b24cfea6e3c66676a890f017e8283ad5298a46ca1e2d00ea349819
+EntropyInputReseed = 93a23969d473d6643f36afb20fe2ad0f6bc93a9741f656cb1cd64bf35a06a685
+AdditionalInputReseed = 503c6c0b42d41361b34f0594f832d4b75a9d1312b26232c43e49385193c00a1c
+AdditionalInput = 1ac649746d07cad3a743f7822fb3dc9a5885f99ba371cdaa980ac43745b1917a
+AdditionalInput = 0425ab53b1e8afcc103e2782118c7db97d2eb24b4ac80f83c43e03d764d8ed0d
+ReturnedBits = c4cd14aa2271adf405a38318882f1440291132cfe9e36a1da5fcc07300572711241771bf4d095930f55c18751d473e516d729f567a9198490b37d928b31acf3c10c8b3f7c23218a03dc76b59c10357cec99c4b7f09793e2c71962da7d3d9f6981d9915060ceed7a2f1e1e2772ef95bc2f12e1ae1218d53efeb253167c39b14f4
+
+COUNT = 7
+EntropyInput = c6c5713655132dbe09dd8a5b3f570b1ddb03c09da083d9ffed23d419935c70e6
+Nonce = 88b8a3a0cf74a27dd9d5ecbc4b762bc3
+PersonalizationString = 2692b006478572eb1e329c035677c2b8ea7b59e9d35414ecd3acdac61f5d2248
+EntropyInputReseed = 4ae3ba1548a192290453b89cb76c49b30ae37b0014d365f064f5470d9f5b259a
+AdditionalInputReseed = e2c66aa33aed7d848b864e749668053953b730653ebe08a5df87200e7799b6cc
+AdditionalInput = 892d36fad080d1e7c15d1d4a35d74bb4d79ccc9ad75fd459c0800325fbd19ca2
+AdditionalInput = b1982ce364fded9d9a947595888b8a2c42ab330834328f75fdcb4ae9bdb12c3f
+ReturnedBits = 3de39ae38d34127a412a2042811b2a36d230bbb5c6b03821cc87eb950e0b9f31b9aa6c5dfa7a9df6e3bf788378f6fd50dd29056fa5d9a660d72c95e2cbb7ddb61b3c479c915c467bd11c3fb7cf94039871c98caaf258c47a2f37db191b5b23ec60eba50ee0be55f0f69893478fe6ceb0be885d34814c7d7c6d851975a7168c95
+
+COUNT = 8
+EntropyInput = 960df46bb61039766fec7d4b784cff590be1667a01b859f60af8a0ae6d43f999
+Nonce = 8137a1ae9a0c8ca53e69cd8038165800
+PersonalizationString = 08b9a97c42d8a1ac756d98e198154b6eedbd3cfb2dd14eb7e9c8f75a25f1e1e7
+EntropyInputReseed = 4d76b9cca458ffd515082fabb6927ebb9ae391116abc2ee912e77bdb94364256
+AdditionalInputReseed = 53a5923455f00ed5a9123df9d9d3b110265afaef234b5ba833ca3e69f9920ef7
+AdditionalInput = 721d089947e4c859c238392f96778c7af37da210b28fb0ed986cdfc393aba22e
+AdditionalInput = 2840e99aa3fa7aa5ea6d656be369084f614397eedcf8468d78e9f8766fa15ad3
+ReturnedBits = fc323e530a95ba6578f250fb0614b373789cc555c86983f4858f4de1dd2f975ed2f95fdf8c4f8795aafd18acb85ae44fad09320e55deef74a94d55b00f4099ce9592f50f5943188604b6923fa3809e6a0cf7f9ac36c879d467e4aba13ded84175eb991313c8a9d7b718c9026aad81f34826c7ee38d6bcbe1617ae6b064bc311c
+
+COUNT = 9
+EntropyInput = 47841a194b24550d9616d0f315522162d2ed73f018771bcb684e75b86146ef6f
+Nonce = 2b24eec8bef61a64dfb0dc7be6f168e7
+PersonalizationString = 2ebb99e2f1ce722366b3a2007b043cc936dcb06278393ab7c6eef733e47d7069
+EntropyInputReseed = b5e5491b292389094261cf5bf2421541f509b1c0f69b3d2cfe21aa53d6b1aa8e
+AdditionalInputReseed = 2251df4ae5f1fda53db7e9e871162cbba34263d5d6a1e57d036508157b7f4596
+AdditionalInput = 044dc81263ec7d116488eb60d4a0139cd6fe8c1ed2baf1077861a4592457bec1
+AdditionalInput = 102b945020ed5e7fc5616490e924535316ea72d4f079edf2b009dc2021f25711
+ReturnedBits = 97e8d4369b6b6e0c28010417cb4f63cfd7bc2617207fcbe6071e9b548f27421897767a328f8c6ab451d413603756e5627ea4b65b16825416d780cf89f598d6d61ca9c44024cc6100b7fd20f13ed765ab616da7671deb2eed3a8a329ebf33cba520d39dfa866d208be151b1bcb4dd6f61ff804a4684eef23cbbf8755056bc6404
+
+COUNT = 10
+EntropyInput = f26c94e16825e3d191a54c9e41b309864d3a5f6e5d465fe800656db4559fe492
+Nonce = d87f7aeea20d2973f29bfb0e7c6268a4
+PersonalizationString = e93b19349cec91cc80125788ee9b4358d3b4b914ed87d64bf27f492195e8dc75
+EntropyInputReseed = 2e8e61afe366d09cd707f3f48da8d0a0c51eb70157b3da268baa3d586612bdf8
+AdditionalInputReseed = b96ee0b7dbc7601833833799dc928bb8299827ca06c83cd0f4d78e248916a88a
+AdditionalInput = ba4cff264f7a4035e8aa3b5e3ab272fc7d2b3a10138ad4cd8f6eb101d758ab87
+AdditionalInput = 47fd86eb4dc873f3641276e8a7a2a0ba411530eba416146ceee6588ef1d2b583
+ReturnedBits = d64a77e7e21e082bd8d64c077dc739abc9b00eaf1c6c517b59d395aa24952c1cd5f5de13d2efed5a14aeef0cdfa6d6fae083ee34f5a52ba2c824f41416d669efa080b678b9f1cbf447aafc475d43c7747318f1e7558a59e2662afb1b4a386c94ebc76c207c67812c98ed2df69b9ea6f20c3df9c98a6b7134e883068bb665e20c
+
+COUNT = 11
+EntropyInput = 84a30453a236de73856f5e40652d1f7aa5409615fea1c6728d0da43475e5f3b3
+Nonce = 4eea0a251ab6664e5a348e4108208921
+PersonalizationString = 0f360997ed574e028c6b4b3b400d8cf2d64841bc397854f35c03875f6658119a
+EntropyInputReseed = afc107528990fbd80cf33fab0a58a02b754325bffa41e1aa24b061a674ac8f03
+AdditionalInputReseed = 6eb322a810d32e2c014703921d93d72969a55e88cdd71bdc0be8277812d93b6d
+AdditionalInput = b98f5457fb0d96bb98c9b1d75a2333b4e2842da6cb776dd9e69b69266714f701
+AdditionalInput = dc92707a506b3b54f82a5dca99f878f1e6b1273ed74834930cd5906ddf51aef6
+ReturnedBits = 14db52153bcfdd5b67945d9200b553c5cf601012bb563ec040e73ff503e551a77ca985c5b601071876b7d95739d1f1d95d02a4905bbc1cbdfa0e16acfbd61e442b99710eebc137e312188a4770f08202b7c583446aa367993245f1658986f04e8d451c0efbfda7563a00f4bab9f31f7bd46c591e7ca4fb19968a4c8f02ab4bd4
+
+COUNT = 12
+EntropyInput = 1a708367b6f7efe69ed8bd3b716db7ed843a1bc7f89582e5373ebbe2a3e49ad2
+Nonce = bdec21c5e289812e8a25014607fe1d64
+PersonalizationString = 64875ae0951dd1643b74ac2d6787d7a81e0fdf2d6c7fce7b9eba31a933ecf86c
+EntropyInputReseed = 9df17efd3e591cee31122a8710768b28524c6cde5ee7e5982a614c667f694170
+AdditionalInputReseed = 8f7eba26bee6e82eec4f883e5f91e34c6aada32aae67e3b2f4e7a13a69f73a54
+AdditionalInput = b315b4af0cc349d77f1073af5809739a207f421da857cd3c2fb28e19674134b7
+AdditionalInput = 1db94e361cbb5e3bee77e0065d15dd7a02a54db5d59741720b15137c09e09def
+ReturnedBits = 2aaea0e46cf63504b5419e1b27641c3781e3b2abbd59a1258536934b6bf2fe971a772b6b54e53f9cf061dfffedfb080fbabe6304266cc029ba5b737aec9657fa97da4eaa3e58ca55e30626ad8f5e441c62cfb56fb679ad28f69a26805ed55dc2a7ac5de898c09fdfb77a84642e42bf0be7e1141ed0c8d8f6050f2d45a63659d6
+
+COUNT = 13
+EntropyInput = de129a837b2271b3c7ebb08a0bb7ea884371784673e93cb26660633a2ca1e386
+Nonce = 3acbaca42e3ed33f3018db73785598d7
+PersonalizationString = 943259c6032aba5c0ec5305eb47c1ee60a74c3390773aadc244011e84426c17c
+EntropyInputReseed = a4cda73690ce008b641af1a96a0bde2e383953b04911b77fb24e717f80e50709
+AdditionalInputReseed = 8fdcc0b92a3c6c4ef78737db2a3e7679df86ba509007874316b3843745507b44
+AdditionalInput = 5b02cd3c2a17c1b3ab7d2d3bf1f350a861fc63675dcc8e22ccefce74f9710b56
+AdditionalInput = 11686997e883804cb8d9eecfba76538c3f1048136bd87ec5e39b882e95bd901f
+ReturnedBits = 54c0749459510e16329d89ec4efccf7d8682e65ef46dbb45e3565f486cf95ebd40e987d543b45082ef2d7a948de673cb0b7459d1eb853eb599394755bf7b59f93d119b4c07e9a5811756a5a9911fb3842fb6163ace41b59dc37242eb8994303a8288b103b8cd499f649aca6fe5287a8d89056b57f72dcbbd4751062f5ea94200
+
+COUNT = 14
+EntropyInput = 5c1582c13134bd984ba6c27d32bdf3fa1847c6f9c37f9a5cb315cabac9c8f2a6
+Nonce = 5e3ebae1c1b11507e0ce8ce680657518
+PersonalizationString = 261f0fa2fc41d20363b0975c58bd79548c133a66e8edd7c440b7f69d37b03232
+EntropyInputReseed = da390dbb1977a89830cfd02827ecf249af17baf6812961f71579b0bb0779537c
+AdditionalInputReseed = f3e9210b235796858e8188202c66e7e015c6976d4f6872b0c56b80f34b1ec44a
+AdditionalInput = 9ab299963bc96b27d5e806f105b930f49d4a270ec9b98d13ff438ea9c58f5b3d
+AdditionalInput = 9e08aeccedd8ae05eafbbfafd8790a3e3981d85c743f5e6da18ac4f041b9e627
+ReturnedBits = 518ca27afab1b58ffa9e9d04dd7bb7bfc4119a299e08727d8cf8999dc440040f6214246c56befb2fbbc4784c96799459cfac77883a7b1fb27bb8d9c909c7e62f011cbb5c5332d780fcc500593c2a7067411f246772d822b4d6dac393c6b4820bcb6cdc2659be5434cffbd535d5130575707b94358d15b088bc4637a83a97f78f
diff --git a/nss/gtests/freebl_gtest/kat/Hash_DRBG.txt b/nss/gtests/freebl_gtest/kat/Hash_DRBG.txt
new file mode 100644
index 0000000..2ae708f
--- /dev/null
+++ b/nss/gtests/freebl_gtest/kat/Hash_DRBG.txt
@@ -0,0 +1,44582 @@
+# CAVS 14.3
+# DRBG800-90A information for "drbg_pr"
+# Generated on Tue Apr 02 15:32:09 2013
+# cf68c42bf1726c7b043771f23f709303f1120174625d731b2596379534b6c923dfe792e9fb4e736551b9e9be3bd2f722dfafa9e64011ff6d4977df1bcea4a996
+
+# Hash_DRBG options: SHA-1 :: SHA-224 :: SHA-256 :: SHA-384 :: SHA-512 :: SHA-512/224 :: SHA-512/256
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 1610b828ccd27de08ceea032a20e9208
+Nonce = 492cf1709242f6b5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9e8301725d5f133b4ab7d329fd2f87ae5f89d96a9dd7e2b98beee1c707b8c3fe412d1125b58bae5dc08a11dac3be4a3147347160fef218
+	C = e5e12450450efe5fdc777c95b8c23c938fcd592e2d788f12461936e4a16131b1f2d11ce7f0159ee1e635e62f3df8bda4fea077ad5f9d06
+	reseed counter = 1
+EntropyInputReseed = 72d28c908edaf9a4d1e526d8f2ded544
+AdditionalInputReseed = 
+** RESEED:
+	V = 745c659f2944829ca6e209c8ca2dddecf9f1861383e34e94007a3a51b8444fd5ae738e7d9c0d5e69aa97ee16c49cfd2432eb32ba5738fa
+	C = a1fc40009357a024d878818cf6f979a88d4cc5d760b308ae1a5b9f067972e6f7cf92ddb129a8d3c1bb0005bcf3f8871fd65e794f1990b7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1658a59fbc9c22c17f5a8b55c1275795873e4beae49657421ad5d95831b736cd7e066c738bcbb343933c411c7c17917593c03a77bed56b
+	C = a1fc40009357a024d878818cf6f979a88d4cc5d760b308ae1a5b9f067972e6f7cf92ddb129a8d3c1bb0005bcf3f8871fd65e794f1990b7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 56f33d4fdbb9a5b64d26234497e9dcb87798c68d08f7c41199d4bddf97ebbf6cb5550e5d149ff4d5bd0f05f25a6988c17436396227184af84a564335658e2f8572bea333eee2abff22ffa6de3e22aca2
+** GENERATE (SECOND CALL):
+	V = b854e5a04ff3c2e657d30ce2b820d13e148b11c245495ff03531785eab2a1dc54d994a5597b15c5b10001f49606c88b4ff0d61acb61820
+	C = a1fc40009357a024d878818cf6f979a88d4cc5d760b308ae1a5b9f067972e6f7cf92ddb129a8d3c1bb0005bcf3f8871fd65e794f1990b7
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 550875b74ec11f906778a31a37a329fd
+Nonce = 08dd8cd35bfa0094
+PersonalizationString = 
+** INSTANTIATE:
+	V = 483112cc0ebfa12cf62c8a3a0ef35ad290dccc9c9f76c142a6b71d3685a1d72de12e3af153149385807f74d9035e76b3904fee53e7dcd6
+	C = 27b18fdbeefb7899659854af5c9e0debe702ab83dd66b96d2a6ed22b40505df5b7a82a6f84445cd7fc13ddd70005dd7a0e6065cbebc190
+	reseed counter = 1
+EntropyInputReseed = 96c639ec149f6b28e2793bb9379e6067
+AdditionalInputReseed = 
+** RESEED:
+	V = 2327deae307afc86e7b249f68586d105e70b7a13adde541f9f23482c1ea0d943fdab1b2e5be6201ba504428b5bee441823bd9020459d5e
+	C = 651981d6f6b8cfeb7824a0cedd47eef3f2faba2c0c3bf89aa659c5f36f0f5b96a67ef843d9c7c051b2e7022553ab5742135ceb853dd969
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 884160852733cc725fd6eac562cebff9da06343fba1a4cba457d0e1f8db034daa42a13ee56acf51108b5a913881a8086c9b1f6cb34ab8e
+	C = 651981d6f6b8cfeb7824a0cedd47eef3f2faba2c0c3bf89aa659c5f36f0f5b96a67ef843d9c7c051b2e7022553ab5742135ceb853dd969
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ee44c6cf2c0c73a8ac4ca56c0e712ca5509a195de45b8d2bc940a7db66c3eb2aa1bdb4dd76851245802e68054aaba87cd63ad3e5c97c06e7a39ff6f98eb3d972d41135e5e7461b499c56456abe7f77d4
+** GENERATE (SECOND CALL):
+	V = ed5ae25c1dec9c5dd7fb8b944016aeedcd00ee6bc6564554ebd6d412fcbf90714aa90d24b0422f07a2c64561285079c7282a7c302d0aac
+	C = 651981d6f6b8cfeb7824a0cedd47eef3f2faba2c0c3bf89aa659c5f36f0f5b96a67ef843d9c7c051b2e7022553ab5742135ceb853dd969
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 507ba51eb254372774af4a0dd06ccb9c
+Nonce = 24afb1e6d8333e45
+PersonalizationString = 
+** INSTANTIATE:
+	V = 656cc832a5b73b256a4e8ac704b680e98b9c8f9acee24079c2990efe83c859c50a63393470fd3f27fd6679f7340510161eb653d2c5cba4
+	C = 002859376c91b625ef62505d793213d12def6124b7cba745dc35bf1a76454363537907573167dd1ba8a71b3bb9b43a84d9268aeceb0185
+	reseed counter = 1
+EntropyInputReseed = 47f7c11fa49bceaf4704e1461d9a1b85
+AdditionalInputReseed = 
+** RESEED:
+	V = 2277de16eb78edbd5425f7d50ae721daed1723a67f5778e321312bbd9a74747c3d6598d3f7ec3c40c831c723527ebb3dfb4ae1fe7a01ce
+	C = 2e03c750d6aff44c52e502ee5bfa1040c8b74d1ec6cdf01263aef07d4a1926fc00d38ac033a8cde08b67124f351b7a0e3122e6ee326da5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 507ba567c228e209a70afac366e1321bb5ce70c5462568f584e01c3ae48d9b783e3924145705bbf6f16ab9c4d2bed6c4f6a828906f212a
+	C = 2e03c750d6aff44c52e502ee5bfa1040c8b74d1ec6cdf01263aef07d4a1926fc00d38ac033a8cde08b67124f351b7a0e3122e6ee326da5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 542327195681a3c14cff019b9deae48a1b1b6ea475a9e7c55c5e0b74b257474179693edff166ae515137670abc6880868dce6ef93f01c5f57085b6f8a7570db4f2e04287419fa88425f6446ce2c0ea46
+** GENERATE (SECOND CALL):
+	V = 7e7f6cb898d8d655f9effdb1c2db425c7e85bde40cf35907e88f0cb82ea6c2743f0cafb256d5ffe640ab1159f651bd9ca293353d3e255c
+	C = 2e03c750d6aff44c52e502ee5bfa1040c8b74d1ec6cdf01263aef07d4a1926fc00d38ac033a8cde08b67124f351b7a0e3122e6ee326da5
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 176c4b4bcd00beeb3b3006ce7c79b1ce
+Nonce = 00570adea1b11d0e
+PersonalizationString = 
+** INSTANTIATE:
+	V = c147a6dcbe1a1f085cfb3882465c59f17aec386ab5d9787bc8e65dd706e936a0f2febb772965ba9c65beb635ab59885355fe751232b300
+	C = b35b2f09a67f250a79d5edc9f0aacf5048fdeaca1e8833f41f032662fc36a761064a2a616216fb735e6d06363fa8e8709dc1cfb02b2eae
+	reseed counter = 1
+EntropyInputReseed = efcdb4a860c38f12822508b08ad0e381
+AdditionalInputReseed = 
+** RESEED:
+	V = f553545aa9e0800158eb42b6be7f8850a3ea505e9059cbd6525841bdfeecf71f339e6370a989cb7d2d8d3d8afd05594cf98efefb0a00fe
+	C = 84a2e4051f95a5da8c41e6ec1081bb1739b739087cd9e593d33421a615fe60a995bc9e8538743d2e2c81313796a4a6c9ee2e4b3a1b8022
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 79f6385fc97625dbe52d29a2cf014367dda189670d33b16a258c636414eb57c8c95b0240eebd3ea435ff0f834901fa46e5a53ae3947b73
+	C = 84a2e4051f95a5da8c41e6ec1081bb1739b739087cd9e593d33421a615fe60a995bc9e8538743d2e2c81313796a4a6c9ee2e4b3a1b8022
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3ec0a7b0824d74c6fe84813199e699953f5ccd4c937d6224e55d258a4e4513c5f3d2b7119c68070b92c71200329106208cddf293b288a1ba1794d189d77b706a920138172f25bd2c8188699a4e1633c5
+** GENERATE (SECOND CALL):
+	V = fe991c64e90bcbb6716f108edf82fe7f1758c26f8a0d96fdf8c0850a2ae9b8725f17a1c3f73e896382b834ad6f733c4a9291af94b8310b
+	C = 84a2e4051f95a5da8c41e6ec1081bb1739b739087cd9e593d33421a615fe60a995bc9e8538743d2e2c81313796a4a6c9ee2e4b3a1b8022
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 618e4b2e79bf0544e41e48510632e99d
+Nonce = 11c09a3f14787b62
+PersonalizationString = 
+** INSTANTIATE:
+	V = dd1c4f87a7d0ba17938633ff94fbc048d3e0a6e5fbcac161640c57c046b854e9e83c2cdeca4c0de0598803e4fb14baab0d03c48b183464
+	C = 8a7c45f80fa7e046ee01af4c58b07b888661b5bb11d4344f1becdcf2c34b99912fa9ed7c0e1a48db6702248a4a135cee3e67d4a2b32c99
+	reseed counter = 1
+EntropyInputReseed = 41a4aeacbb827faae7f3f3c1ddd99016
+AdditionalInputReseed = 
+** RESEED:
+	V = d14542220d3c3d1e5e8839692a200abaa6f28a550d44a36c8a4672392ddce36c357ca335bb7f56b6057796fe48dd728ce976e15d41099f
+	C = 59594c99c889e4d7a335b8ae2925e9167308e35a51605ba5962c033e28ca2cd057fd2ffb08edcddcea67eb47c060a676166e7a1173bb84
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2a9e8ebbd5c621f601bdf2175345f3d119fb6daf5ea4ff122072757756a7103c8d79d41711b53fa2123eb24af86bec2f6976cfa751ad52
+	C = 59594c99c889e4d7a335b8ae2925e9167308e35a51605ba5962c033e28ca2cd057fd2ffb08edcddcea67eb47c060a676166e7a1173bb84
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9543339c5d0ffb2e4d7e79416ee89611aa456f23fac0a0a4912c12077bc99d2b1d81ea8b28c1984702deb8279b5e4a2865e047cd344ef3c8595fcb031fc3794e08e5f95aa7a313def1b1f54d0875b1d3
+** GENERATE (SECOND CALL):
+	V = 83f7db559e5006cda4f3aac57c6bdce78d045109b0055ab7b69e78b57f713d0ce57704c97c82f3b88bfb0689d82aae3d693bf1c1fa5751
+	C = 59594c99c889e4d7a335b8ae2925e9167308e35a51605ba5962c033e28ca2cd057fd2ffb08edcddcea67eb47c060a676166e7a1173bb84
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = bf5d896204b2d71a9a9eeadd58bac275
+Nonce = 1310b8c65a0eb394
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2a590ef375ab39c06fe644b6a4827d2630c3251e151a2cee813b0e849e732ad7db838cef178f3a745d2f9eaa0feae05e64bf3a400f2bf5
+	C = aaec371dca99547e8127d60b2174cb8aee782a0bed902545ace15207826bb70dbe9d7fa1e8959830c95b5cfa54724ad8a4f1837f89f99d
+	reseed counter = 1
+EntropyInputReseed = db24715d9c747b8160ed1df59829e231
+AdditionalInputReseed = 
+** RESEED:
+	V = 62847aab62d7b39eb56f898d9e1f0a4400a6938e2a0d091101a9d56dde611064c5d38ad78e098581108e29cd045344eddbf2d65d24abe3
+	C = c9dd1df29b3f1673ef86bd0c99e73b703d94f2c32fd51d626540081ce0ce005c912907ba98665d5ed986504d7c046d8c6f5394df026acf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2c61989dfe16ca12a4f6469a380645b43e3b865159e2267366e9dd8abf2f10c156fc93029091f4168127fa5f197a99443f04d7f084d7b6
+	C = c9dd1df29b3f1673ef86bd0c99e73b703d94f2c32fd51d626540081ce0ce005c912907ba98665d5ed986504d7c046d8c6f5394df026acf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0d6af856bb2e06db94f3f87e49e376236d93023af557a1f012eb7018cbdee4fb1aa41d0914c2cd760b329e40e3df8495c47d8bf62e50d90a094304541df4414ca69f9539f5c5e7fa74f6aa90789eb68f
+** GENERATE (SECOND CALL):
+	V = f63eb6909955e086947d03a6d1ed81247bd0791489b743d5cc29e5a79ffd111de8259b531aa04f2a82fe7809d34f447ef4340a347d2f21
+	C = c9dd1df29b3f1673ef86bd0c99e73b703d94f2c32fd51d626540081ce0ce005c912907ba98665d5ed986504d7c046d8c6f5394df026acf
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = a7dca72a320967c867d8f1872cc36f38
+Nonce = 0bd4fcebe44e97f2
+PersonalizationString = 
+** INSTANTIATE:
+	V = fe793abd066c40d38c19f765674475b7d09d6054bd6047426c602225a3a5b8b45027fa027f83d90f57a5c9e1455dd8ef5136cd1abcc77b
+	C = 03bc74774204aa58c221175812fb5cdae4abcfff0fcb1d1abae3a4d63c1136b5e7d667d61c4cdc37a3e6978469d0479f9484b44bd6d13b
+	reseed counter = 1
+EntropyInputReseed = 1f038f2276f994e8591fb7a61956f505
+AdditionalInputReseed = 
+** RESEED:
+	V = cb5e1d2913483d718a11f62dc03e0ebb33a09f338f688423da1aeb1eeb424a6e213988a3dabb97d058f587b518e17bb7dafa189b29e363
+	C = 39109bac85ff32b7c232616ebcc65cd8512f2c8d394426f515bf453390483822095053dfd1c73a71faf6756acf07420920f4b45abfdfe3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 046eb8d5994770294c44579c7d046b9384cfcbc0c8acab18efda30527b8a82902a89dcd23bcfe1c143e6861807ef85a0c7c4ae9f40d13a
+	C = 39109bac85ff32b7c232616ebcc65cd8512f2c8d394426f515bf453390483822095053dfd1c73a71faf6756acf07420920f4b45abfdfe3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2853bd82112a794129b2fd527cbe4d53b5cde0ae7bd30e9177af7191d4a9261aa1eb8dcc3ed0ef59eeaa3b79ee8928bdc2043f7e64e23efa5820497a18092ce5c0dd8942e26319c1c3643add752db1ed
+** GENERATE (SECOND CALL):
+	V = 3d7f54821f46a2e10e76b90b39cac86bd5fef84e01f0d20e059975860bd2bab233da3129e6b248360ab9b92c77876200ce2122bd42b826
+	C = 39109bac85ff32b7c232616ebcc65cd8512f2c8d394426f515bf453390483822095053dfd1c73a71faf6756acf07420920f4b45abfdfe3
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 0a0013c6ce7bff5bd71c88d9dc2b3ee3
+Nonce = 6d9b2c2901c5cc41
+PersonalizationString = 
+** INSTANTIATE:
+	V = 367dc217003d9bf4217d4fe876cd02e8a8e0a97f0db745655fcd8c040009506609959c461c8df7a8da64aee6c5ebbec488d3cd1b5c52ae
+	C = 17253618e28f0448e2d07bebb6053742cf23b995f7d4016acf0cd1d01c0b4474d09ee743824666b0a029492ba93880c8f4b673b3142455
+	reseed counter = 1
+EntropyInputReseed = 6bad427539359fcbc85a0cf102983601
+AdditionalInputReseed = 
+** RESEED:
+	V = d103eb254b3b9ce1b21feb3c41aaf10962fdeddbdcc5f28a1b95d812d1a2439b7c7b8f34b74be54b9d49175c04698f1e5b31ec832f8ebc
+	C = cfdcb5e6cae66aa207b18f87dc4ecb83f23d8ac35da410575d835189984bf7571b6044017ec3a9fbfb428feee60d1be5d24f7a33b87187
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a0e0a10c16220783b9d17ac41df9bc8d553b789f3a6a02e17919299c69ee3af297dbd3aa5bf748edf7559fb693dfe98874d00026e1a2d1
+	C = cfdcb5e6cae66aa207b18f87dc4ecb83f23d8ac35da410575d835189984bf7571b6044017ec3a9fbfb428feee60d1be5d24f7a33b87187
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 75c2514d553bd8ba341e5cbc02876790adc4e1b7fc65ffe2da79dd0b213ab53d34a5a4f7b0ce0a0e5c89180f061db8ebde9461d541879edc2000093460674660df929b4e6f566260b1bcf9d465bfbc98
+** GENERATE (SECOND CALL):
+	V = 70bd56f2e1087225c1830a4bfa48881147790362980e1338d69c7b26023a3249b33c188a958ce08c60c65031f5811546162717cf10ff8f
+	C = cfdcb5e6cae66aa207b18f87dc4ecb83f23d8ac35da410575d835189984bf7571b6044017ec3a9fbfb428feee60d1be5d24f7a33b87187
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 3d6b261f3fb19de1082bba9a46f403ac
+Nonce = fd976be5cbfe4c5f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 172e79b5edf05e0804f5ba8b2c671848daed850cf875b1023763c8860d7b96a040c619f9edc5364849ddf7223e7c545f025a3af76f519b
+	C = 34e7d59f726bd4787956a9b5f9c910454f6832b64110089692c0b7a5780c2ea4213479cdae0be15a5adfb953abfdde2a52c3485dd307e7
+	reseed counter = 1
+EntropyInputReseed = 2e8d73b4fa4bb348900cb247ea88b297
+AdditionalInputReseed = 
+** RESEED:
+	V = c9869dd2bf2442a37836f19555d02b823e1d660282131d1971263ef982eb802c20d05b5cca7b6f305929440ffeaf9b8b81200f713ec99b
+	C = 731490475db9545e4c5e0c71f3b1a6901ca2837e54f53c03832f6428df3eb325244caf613a4aa477688d860d1bdd1c2f206b4a2d28c8ac
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3c9b2e1a1cdd9701c494fe074981d2125abfe980d708591cf455a322622a3351451d0b3cae4cdfa3ed2c48ba6a8d07da93b7a4a399911c
+	C = 731490475db9545e4c5e0c71f3b1a6901ca2837e54f53c03832f6428df3eb325244caf613a4aa477688d860d1bdd1c2f206b4a2d28c8ac
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = faa7ae51a990dd67f6e19c11e647f99a64556ba225ebb7b586df899eadada5eef2689fb5e34eb5734355922e57b41395254ad17b39c4d50db35ef141c724fb8dfe6626bdd9ea097bd2fe0bde9e215881
+** GENERATE (SECOND CALL):
+	V = afafbe617a96eb6010f30a793d3378a277626cff2bfd95207785074b4168e6766969bb7d94a0cfd8b4b3d432e9b20e0a31b02510d9342d
+	C = 731490475db9545e4c5e0c71f3b1a6901ca2837e54f53c03832f6428df3eb325244caf613a4aa477688d860d1bdd1c2f206b4a2d28c8ac
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 659521dd7c43c58cb0e0ae953b829c53
+Nonce = c79eb036b2c0e722
+PersonalizationString = 
+** INSTANTIATE:
+	V = 170856421da07ab92072e9c318cbc9d28f8325badb21c640d7982c40776dceea570a51b5127e33a349340752a7b844bd57de005fcd4b8c
+	C = 51b1140cae9fb64a1d9f932017433571a06655288bc63d464270dad6f0ee1f258ba2d29ed389e195edfcbf81593b812a8dc1366561f1f2
+	reseed counter = 1
+EntropyInputReseed = 8fbaa9a580c943f150f557b6262dbed4
+AdditionalInputReseed = 
+** RESEED:
+	V = b7a7ac99a0a7db0e951e35e6f8bc61c06a9158e480634a23016224c58d08ebf3d0d9a938882f09fc347b779a470abd520fe7c7c279b213
+	C = 90c66a9faa83c7e3a5b126a591983cf21cace71a3b8a1895326e68f729a477f055a555344f2adafb2c4623a342de6dff7159a26788ee7e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 486e17394b2ba2f23acf5c8c8a549eb2873e3ffebbed62b833d08dbcb6ad63e4267efede82eb038003cc3e1b0256e527881799d4884912
+	C = 90c66a9faa83c7e3a5b126a591983cf21cace71a3b8a1895326e68f729a477f055a555344f2adafb2c4623a342de6dff7159a26788ee7e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0de2196912f843d943e975ed9fecaa701b873b2a6cae4a862f4aecf7211574de82f43608dfb7aee3db3c880e22bcac175e9c45fcc32cf3f42f58681d51dc8fcb988f9e0ba6a45106becf89b9058a95b8
+** GENERATE (SECOND CALL):
+	V = d93481d8f5af6ad5e08083321becdba4a3eb2718f7777b4d663ef6b3e051dbd47c2454f96bd4a206c5afca12a8355d728767ad2af34588
+	C = 90c66a9faa83c7e3a5b126a591983cf21cace71a3b8a1895326e68f729a477f055a555344f2adafb2c4623a342de6dff7159a26788ee7e
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 58dbf71b96a3d390f071248c2134601e
+Nonce = 992f3aa2d208fb8e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 67bd8271dfeee5668a260884a00faa040bcfe6509e2a673869aeef4de766b9bc419658a0efecddd70eafe1a01e537e6a4d72c2d39497f4
+	C = bde5a68c3c61d0fbda1adf3da9f0bc7f6acc67f02ffe7a09eb386a525338623ce1e60f6ec64bb56c680a0d720b76e51aa0f63e245356ca
+	reseed counter = 1
+EntropyInputReseed = 4d13f73089b45f61dbde74959ddc5204
+AdditionalInputReseed = 
+** RESEED:
+	V = d95f1710c6454adb0b6cbb90270e24733a157c0b8d55d328003b9003d179e9ecf50fb50ef4b519a0513334a27a62a79d4fbd04da57555c
+	C = 341a9b944409136ef316557bd2f95178ec80a200675b7bf3cb03eff28da180b97ca0e90a8110588ee476835df8f1fa7b3f55cd04042b6e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0d79b2a50a4e5e49fe83110bfa0775ec26961e0bf4b14f1bcb3f7ff65f1b6aa671b09ed226b3a3deea29e9e14333b622addf69209cabba
+	C = 341a9b944409136ef316557bd2f95178ec80a200675b7bf3cb03eff28da180b97ca0e90a8110588ee476835df8f1fa7b3f55cd04042b6e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9685966e1c496cd01e4c5ed607aa7f43de3f4cba7bad20587afa7ebf9ed5398944b725d1e4e139c3ebd1fa3eeacc9759f5cd56675ccc82d0a4e51b0019384082485266732479cddc354051e51c2b2957
+** GENERATE (SECOND CALL):
+	V = 41944e394e5771b8f1996687cd00c7651316c00c5c0ccb0f96436fe8ecbceb5fee51883bf3afe925f9e63a2184e4d933d769f5d025fca0
+	C = 341a9b944409136ef316557bd2f95178ec80a200675b7bf3cb03eff28da180b97ca0e90a8110588ee476835df8f1fa7b3f55cd04042b6e
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 7fe8b23193eeafc639b38dcdc310d0a7
+Nonce = 2d1164529f277715
+PersonalizationString = 
+** INSTANTIATE:
+	V = d300735e871eb3fd640f2ce835d66762f3f742b6862582ad5cad3488d9a9036e6c9b6ec8122086954fc433d91850ce95a7c4b60025823f
+	C = 8915a229965e96fc3e88c87ddcc7de31236c2db832946e62efd4813ca9755c7d3e5311661219ed76e844f8d5dc20f9cf36be295007115b
+	reseed counter = 1
+EntropyInputReseed = 40faf6201f2dd1a3b37a7979f5579fed
+AdditionalInputReseed = 
+** RESEED:
+	V = e7b0abbcbf1d81c2553c8d2326f1610ab95675fe3bb8d8b834136e6ab28e935e3889de6cbc5cea15ad1653615b132f9b9c7cc6e5a6a11a
+	C = 21fe05bee04f7dce284a15804c348293007a1c53d92a79e8edf104aac6def379eb66bddf3070560eecc965f342082c0a7231d68de450d4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 09aeb17b9f6cff907d86a2a37325e39db9d0925214e352a122047315796d86d823f09c7b91741f52771cbc8981cbe0bd983aed42593e43
+	C = 21fe05bee04f7dce284a15804c348293007a1c53d92a79e8edf104aac6def379eb66bddf3070560eecc965f342082c0a7231d68de450d4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e43728c19c611349ec8a3747a6b1d4dfb7583a851a9feae7b85c7afb5d804a22cac9b961a3d7a1947c8557dde11ffb47d0b2397a02c450cf4cc9d906c6a110d840eef120a32a00fe4bf64a72983cc816
+** GENERATE (SECOND CALL):
+	V = 2bacb73a7fbc7d5ea5d0b823bf5a6630ba4aaea5ee0dcc8a0ff577c0404c7a520f575ab03aba8b85171d88cb13538b347074304d6d0d83
+	C = 21fe05bee04f7dce284a15804c348293007a1c53d92a79e8edf104aac6def379eb66bddf3070560eecc965f342082c0a7231d68de450d4
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 3b45a424d559d13685260d3f5e0c868f
+Nonce = 93fdd53fde18ab61
+PersonalizationString = 
+** INSTANTIATE:
+	V = 61b222e343e329549e3ddd8eeca55c3d18db9d766570023bf972feb14c47c05bf9fdbafaa67b6019315d6a75a1e32d3424ed0cf358124d
+	C = 86a8196ec5ddb3825588868a47698aa662132901b46545d91688f28ab0a11e9bde0e5f3e5758fdd23ce81ccd70ac387e0ec48fccb063ee
+	reseed counter = 1
+EntropyInputReseed = c49d004cc4a4293b82bb0fe8cb23be4f
+AdditionalInputReseed = 
+** RESEED:
+	V = 22b6e223c191dd296c46969269d6e9834e3eb8e8407c8df7a1c42d8ffca1229f0ee47b9c67863ec714fa3eee1bd026a0791ef2d5133575
+	C = 0ebad21c464405c44c5b2c8f0d9fbdefc085c05ad4f06c9221dba0e282bec3850e7d820eff24b981b312cff10ecb74246cc8b959738c48
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3171b44007d5e2edb8a1c3217776a7730ec47943156cfa89c39fce727f5fe6241d61fdd59bb0a6e83703360b0c326d41ebbb3e515e1b10
+	C = 0ebad21c464405c44c5b2c8f0d9fbdefc085c05ad4f06c9221dba0e282bec3850e7d820eff24b981b312cff10ecb74246cc8b959738c48
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 77844be2987b1324f06cae9a29f0654e7d94d2a3ec7d79d91f6bb34c6b03deffa19a1f4a7106ff7edab80f666246eead47ac67deabbcad346a7cec3194e6252957a2fe7e921c1eb804bbd0381f92a523
+** GENERATE (SECOND CALL):
+	V = 402c865c4e19e8b204fcefb085166562cf4a399dea5d671be57b6f55021ea9a92bdf80879f92af723ac83cca80bb5f0d957cdcee0209e8
+	C = 0ebad21c464405c44c5b2c8f0d9fbdefc085c05ad4f06c9221dba0e282bec3850e7d820eff24b981b312cff10ecb74246cc8b959738c48
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 9d08544421f30ae7855ae1f3860a1279
+Nonce = 237904c40c13ddea
+PersonalizationString = 
+** INSTANTIATE:
+	V = 760edc18ad98c7acb88f6013e3c9eb999612c0bdb4f056b0b89e7d950f54cc950e9ba784cf0b88900902299884441b39fea4066aa40816
+	C = bf96b6c10ec6f98ce7213b7e3ebd1a4e1911b98d36c76b62d60eccb0b26a79e8f021bd2c4a5ecf9185e0ccc1be736d42636026ad36da9b
+	reseed counter = 1
+EntropyInputReseed = 26afd4f369e5d33f11de1233041c4f6e
+AdditionalInputReseed = 
+** RESEED:
+	V = 1dfcadbc97cc0b0615bfc6daeb15e5a05dba171dffcfc3089a0f3e61f90a38de4062dd12910bf562a9c9aacd0e18de3f371afb3963815b
+	C = ad599d4983d3770c98308a43c04a163cd5c776268582361c476d2d0ebcaca3893e63480189fda1b51d3146108de9382e3c136ecaee7536
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cb564b061b9f8212adf0511eab5ffbdd33818d448551f924e17c6b70b5b6dc677ec6258b8354f609b33d50eb62a5efa895fcd46d9299e2
+	C = ad599d4983d3770c98308a43c04a163cd5c776268582361c476d2d0ebcaca3893e63480189fda1b51d3146108de9382e3c136ecaee7536
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c72464c3200cde538c5fa90fbe93a30c633daf47376692b6f6f084a76540994e38a88b40655d52c8028ebfd446eae51d7ba5600f693a4b7344c16862896d34e86cdef235b1035e794672c19f99bcc23c
+** GENERATE (SECOND CALL):
+	V = 78afe84f9f72f91f4620db626baa121a0949036b0ad42f4128e9987f72637ff0bd296e0e0fd73840866dcc8c23699bf7357f02945bacc8
+	C = ad599d4983d3770c98308a43c04a163cd5c776268582361c476d2d0ebcaca3893e63480189fda1b51d3146108de9382e3c136ecaee7536
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = a332a07de61bd55a25a4ca4e07715363
+Nonce = 70a713a6937746bb
+PersonalizationString = 
+** INSTANTIATE:
+	V = be5bf22ea7da0d13c51f3b767df0869d450fd44e2538427c97ad4c96cae63476106e03f176eeb81f7b76803d8c6baef382c87cf3bd3635
+	C = f94464971c077a5e1cca0d46e2d870bf4743283290b87e30d7118337810eef89b724baebe7e6519e8670121cc0aa9d986e849d414b6b24
+	reseed counter = 1
+EntropyInputReseed = a6dfe8d5b5844ba4b66522de8be68b9d
+AdditionalInputReseed = 
+** RESEED:
+	V = c36b8fa7159bc32dd7750e619b629b1ff12f062aa3aa14c0047cd902563c3ca0f6ede33a15ea8e858ca8717a64fed87b115624e5f99929
+	C = fe5b9f94c6697f0b0cda57195ba54b3899fc2fba649c7a288e6f955c62c302858b591c75605683620147d5776f670866098c813c810f7f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c1c72f3bdc054238e44f657af707e6588b2b35e508468ee892ec6e5eb8ff3f268246ffbb04715b840d276fbb5dd4378e704d6059b091ff
+	C = fe5b9f94c6697f0b0cda57195ba54b3899fc2fba649c7a288e6f955c62c302858b591c75605683620147d5776f670866098c813c810f7f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6d323d527613472c7e553831d8eac7aa470e26d353f6223de9ef7e5aa73507f5e23931a8bf307b6ef5ec71b5e152ceb2ac0b2f48411b98d18eaa734bcbeaf3874fe98e8355303e346447c74182a23d1e
+** GENERATE (SECOND CALL):
+	V = c022ced0a26ec143f129bc9452ad31912527659f6ce30911215c03bb1bc241ac0da01c4ec0773f2133f1dba971f1fc1316b1d8e77ee0ff
+	C = fe5b9f94c6697f0b0cda57195ba54b3899fc2fba649c7a288e6f955c62c302858b591c75605683620147d5776f670866098c813c810f7f
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = d9bab5cedca96f6178d64509a0dfdc5e
+Nonce = dad8989414450e01
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5e07c6b72aaa5afcaab1cc3929239debde7f590886ba5bf558b90345f8518cb87a2bccdefa0c22283538e505efdaf2bd643059fd842106
+	C = 362aafd121de087197466e77b9bf6924841c01bd5fa98d6bc0a75b95d91166ec80e1516a10fff3216a7ad0b0c6e4f4d9708ccd69677134
+	reseed counter = 1
+EntropyInputReseed = c6bad074c5906786f5e1f32099f5b491
+AdditionalInputReseed = 3e6bf46f4daa3825d7194e694e7752f7
+** RESEED:
+	V = 66165aed47c55d963e25aa856553e0a5a590ed06e3cec66254c6a3d8ac8b30da6b334145c466a025b445938d84151bbdbe1509e1cc7189
+	C = bca1bfd5a1c718d53cd73eb584eedc19d5a3396bf558f659ae673106d0abe1f194e695ca67c2e8ddc8ee95ace21e6b12751faa695ac727
+	reseed counter = 1
+AdditionalInput = 04fa2895aa5a6f8c5743343b805e5ea4
+** GENERATE (FIRST CALL):
+	V = 22b81ac2e98c766b7afce93aea42bcbf7b342672d927bcbc032dd4df7d3712cc0019d750e811a157c71db2340f6d022bd498dbd4dd4669
+	C = bca1bfd5a1c718d53cd73eb584eedc19d5a3396bf558f659ae673106d0abe1f194e695ca67c2e8ddc8ee95ace21e6b12751faa695ac727
+	reseed counter = 2
+AdditionalInput = df5dc459dff02aa2f052d721ec607230
+ReturnedBits = c48b89f9da3f748245555d5d033b693dd71a4df5690205cefcd720113cc24e098936ff5e77b541535870b339468cdd8d6faf8c56163a700a75b23e599b5aecf16f3baf6d5f2419971f24f446720feabe
+** GENERATE (SECOND CALL):
+	V = df59da988b538f40b7d427f06f3198d950d75fdece80b315b19505e64de2f4bd95006d7c6d774e39237115e40aca2d4a88ddec412b67ee
+	C = bca1bfd5a1c718d53cd73eb584eedc19d5a3396bf558f659ae673106d0abe1f194e695ca67c2e8ddc8ee95ace21e6b12751faa695ac727
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 28000fbff05722c8899306c29b50780a
+Nonce = 112f6e20c029ed3f
+PersonalizationString = 
+** INSTANTIATE:
+	V = ce6eed5ae747201c95d608f1da5082066c981683637f069e26b7eafa33425cea1cb01844a3789ad947ac0db92defccf6b1cc7fd5aa310a
+	C = 8d5bd3a9551086fbade646debc8f6cc27e3a41b6dc7b29f3e2e6da832d9c23e45bad7aea2066031a4522936440b27e994dd35fa7cc822c
+	reseed counter = 1
+EntropyInputReseed = d9958e8c08af5a410e919bdf408e5a0a
+AdditionalInputReseed = 911d965b6e77a96cfe3ff2d2e30e2a86
+** RESEED:
+	V = cf489334d77559f2ac2f305d0d7347b72eb0e7a6a87fec36449fd45682cf72f14b15c9128a895ca186f36319a1c426c45aea64a41484b9
+	C = af9aada92980038b99ca40049edb1c771e69ee6d5b566e88aba04423a3d8ba5734d8e988df1da2790fe15e378633ab4afd0b6f9cdb9c2b
+	reseed counter = 1
+AdditionalInput = cd44d996ab05efe827d36583f143182c
+** GENERATE (FIRST CALL):
+	V = 7ee340de00f55d7e45f97061ac4e642e4d1ad61403d65abef040187a26a82d487feeb3ee3764305f3e6b628bc5b196851dda556dc6e91c
+	C = af9aada92980038b99ca40049edb1c771e69ee6d5b566e88aba04423a3d8ba5734d8e988df1da2790fe15e378633ab4afd0b6f9cdb9c2b
+	reseed counter = 2
+AdditionalInput = 9f6a318212184e70af5d00141f4282f6
+ReturnedBits = 546165921e714ad139022f97d2653f0d4769b14a3e6eefa1a016d69ea97f51d581dcaacf66f9b1e8069441d6b5c544605407e8e7dc1cd8e470ad84775a6531bee0fc8136e28f0bfeebe198627e98e0c1
+** GENERATE (SECOND CALL):
+	V = 2e7dee872a756109dfc3b0664b2980a56b84c4815f2cc9479be05c9dca80e79fb4c79ea061b148f59551dd46b68370833fa21658639516
+	C = af9aada92980038b99ca40049edb1c771e69ee6d5b566e88aba04423a3d8ba5734d8e988df1da2790fe15e378633ab4afd0b6f9cdb9c2b
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 501903be9f3db7c9c2df6ab142477052
+Nonce = 7ca694dab1449f3c
+PersonalizationString = 
+** INSTANTIATE:
+	V = db01ffadae75c86389c1055d32df10805d72b0d6bfe8f5ae487725c567dc6b0b32c3d080490ef6f3e1ef332c7ba445171cd8d9f698fe79
+	C = bf7568a0c2b72d23f68014222e0fddaf93d5c13a9f0cea2e394625251763d0552888436c14d3ffabf46911edb3838effbc13c8ec70959c
+	reseed counter = 1
+EntropyInputReseed = 060d4dafe897039abdb0f5c63e6aeff4
+AdditionalInputReseed = 76bd230eda0702586b6ab8ef2fc93bbc
+** RESEED:
+	V = fdd4180f6fb47bf9987362b8707fd1934f63f4db5262c453389ea191cc589681169942cb274f225a9c4d9b6d5ca080327851d83c66081a
+	C = 8e663ba850e1be21f7b67efda071ee9358dff75d3561b8f04e05d71682a4a88579aea7747e8d991d52cfd307a177f3912b3cd1779b4574
+	reseed counter = 1
+AdditionalInput = 66275bc4e0ffde0f238ea23e33e52eb6
+** GENERATE (FIRST CALL):
+	V = 8c3a53b7c0963a1b9029e1b610f1c026a843ec3887c47d4386a478a84efd3f069047ea63c3e9608f0727cc3b99d59da1cf4669632f35b7
+	C = 8e663ba850e1be21f7b67efda071ee9358dff75d3561b8f04e05d71682a4a88579aea7747e8d991d52cfd307a177f3912b3cd1779b4574
+	reseed counter = 2
+AdditionalInput = 2418a8665d99c01da45d6a8f7f957b39
+ReturnedBits = d85e9dee72baf075a02223927466c79cc614b9c0d56bcb7badb29989f9858343e5059a711b6037f30556102f4733dec617ca169687de9b88381098cc79e9c2f8478164435cfda05e18ae2bbb142a9584
+** GENERATE (SECOND CALL):
+	V = 1aa08f601177f83d87e060b3b163aeba0123e395bd263633d4aa4fbed1a1e78c09f692f29b971a31f61fcbccf06be625902a55f96585a0
+	C = 8e663ba850e1be21f7b67efda071ee9358dff75d3561b8f04e05d71682a4a88579aea7747e8d991d52cfd307a177f3912b3cd1779b4574
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 40dac959cc5b2a734888b35f053abf9e
+Nonce = edb4853aee19d66d
+PersonalizationString = 
+** INSTANTIATE:
+	V = f77f873496a101f38d9bd771a1b8c0a4f51f0968a36d1fa697b339dcdf6d46993e6acee0a7ef2d3a47be864ab2c62548e5f06c37eda9c3
+	C = 83cb4a65eee3b0551772ad75ed7ed3b0a7ddbd3ffb6e5d1ef2b69bf13931c9a279640a48d36bfd1b29585925b2b2082af50511d08ebdbf
+	reseed counter = 1
+EntropyInputReseed = 533b49ed110574868bac7298c667aa7c
+AdditionalInputReseed = f9ff6699c7c47c2e7b41772b54a1d96e
+** RESEED:
+	V = 41268812486c5257cd96c93e93bfba466a2381a32da17f22d8594df48abcdf0254f875b528b1ec24702631aa4467d3e2e7b8191c621d44
+	C = 016932d8c927abbcd4330c815a995009b56039637f41f1a46a9445e4cae7ef2f901109c66fda11c33db03ded5e9d92314b8229eb8f22ce
+	reseed counter = 1
+AdditionalInput = 675f61b1db3a8189c27616bec012c4a9
+** GENERATE (FIRST CALL):
+	V = 428fbaeb1193fe14a1c9d5bfee590a501f83bb06ace370c742ed93d955a4ce31e50980e8eb9071a90f824c3981906ad6895fbf53165378
+	C = 016932d8c927abbcd4330c815a995009b56039637f41f1a46a9445e4cae7ef2f901109c66fda11c33db03ded5e9d92314b8229eb8f22ce
+	reseed counter = 2
+AdditionalInput = bb18e94041826bd501cc5ca406f30399
+ReturnedBits = c4fb05ec4d020447b2f9b19bf88148db5c634b2167f3c2c9e26a088d20820bd5fd3e04c8f8010a6fc457b9ca4c4b715e5284c1dee0534d2b7ef576b0e0183a4a5f0d4b5fba63bf69a40e7d82243e16ac
+** GENERATE (SECOND CALL):
+	V = 43f8edc3dabba9d175fce24148f25a59d4e3f46a2c25626bad81d9be208cbd61751a8c06b8d71398f695d1761cb8f1bdef9866a277c9f2
+	C = 016932d8c927abbcd4330c815a995009b56039637f41f1a46a9445e4cae7ef2f901109c66fda11c33db03ded5e9d92314b8229eb8f22ce
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 6f0c7506d87bfc86d460ee1275aecc84
+Nonce = 45f926880d96d9c5
+PersonalizationString = 
+** INSTANTIATE:
+	V = f668fa4db3784e95c7e735ea1185b8d4848a9ab264776178478eb2f02f5e4d160cb4a992c24f65a35831b06a13f05d7a6dc70dc1434633
+	C = cdcd8f380f7ffe818695d4c2ad87734aec0eadcf76019e6bd517050ed8025a4a0262451aa3fc0ea73216c1247375643bb0e0762923550a
+	reseed counter = 1
+EntropyInputReseed = 9ae7880d98dbc4460041fd7ca20e7b68
+AdditionalInputReseed = 017eaa6be2fe6776c719d32d16e8f694
+** RESEED:
+	V = b44572a6bc2c8cb93838e046951c1ae8f1ae7c184d2076af73a5d8fa9340a61edabf92372796bad984741fafa9a426f118b78eec0b7097
+	C = bff102b479710eb4fab7351c3bfd55390b2db6c0c1dcc0dcd8c7e3310f1e7f6c3665d13a9c0e9f3d90f7201c8358f0d2c740db255b6f98
+	reseed counter = 1
+AdditionalInput = 7833b494a30026ca028f3609d1e562e6
+** GENERATE (FIRST CALL):
+	V = 7436755b359d9b6e32f01562d1197021fcdc32d90efd378c4c6dbc2ba25f258b112564bfb21ee31fa5491f2ab289b00a8f9d480fddf2bc
+	C = bff102b479710eb4fab7351c3bfd55390b2db6c0c1dcc0dcd8c7e3310f1e7f6c3665d13a9c0e9f3d90f7201c8358f0d2c740db255b6f98
+	reseed counter = 2
+AdditionalInput = 22af9e39f75a6c5e0d4b0ce203c2ae84
+ReturnedBits = 4c60dc976e1456f75188f4d2b9ac7992ad26959a2163c7c9ea26e4339f6f67ca8515df708a3c1c79d4b1c463f56957efb5f978fb2436928acd93afa3869480b242c55190bdbfbd2cd542c558207ee96a
+** GENERATE (SECOND CALL):
+	V = 3427780faf0eaa232da74a7f0d16c55b0809e999d0d9f86925359f5cb17da4f7478b36c0f8b46ab40d649fa0c3c5d1da8cb3e1f69c89a0
+	C = bff102b479710eb4fab7351c3bfd55390b2db6c0c1dcc0dcd8c7e3310f1e7f6c3665d13a9c0e9f3d90f7201c8358f0d2c740db255b6f98
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = c469449db1fe34757b42b6a6bc212326
+Nonce = e779dcac53d6d3db
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9d97296fc870174a331fd7a728aec2ad6f5f8e401772083b921126243d2278eefbd4c014f57b144d7c26289f128232b53d87a12e3cd833
+	C = 55cadc0f913aed30e9738c95338ce5b083a76dffaf87e9c314e7c41e4122b9cea405765152edf9969de789488c5e1e021492be8a127073
+	reseed counter = 1
+EntropyInputReseed = b0df3131ea59be278c7c42a03c0db060
+AdditionalInputReseed = 15320da52b3010fb6ccb8c4f58c103fb
+** RESEED:
+	V = 10f6098e64a4d0c652b08607f04d6e2e2f4cdee377ef26d43d2ad0d1fefca1db1b109324fdbb7de89055520f4a5848daff7de8a9d0202d
+	C = d94a54f3f2a1a8f9397586dbbd5529a9a5726a3f523c7bd410aed99b71e5dddb0a2517cc951607bad3399ea7e18a4904c59849fffecd6c
+	reseed counter = 1
+AdditionalInput = af5a6a9be88b4af2a1f7159d8c58d537
+** GENERATE (FIRST CALL):
+	V = ea405e82574679bf8c260ce3ada297d7d4bf4922ca2ba2a84dd9aa6d70e27fb62535abece656c4ec21a797c5150e7c4774600baa4fa1a1
+	C = d94a54f3f2a1a8f9397586dbbd5529a9a5726a3f523c7bd410aed99b71e5dddb0a2517cc951607bad3399ea7e18a4904c59849fffecd6c
+	reseed counter = 2
+AdditionalInput = 0256ee98141a351b329232b1ddb3577d
+ReturnedBits = 76d6b71a1227cead7976bae7836c016abe98691c58724195f5130376a11ccaf1998fa1ff8bd96b7fb0b801b1a512144b0cc9149205b506765ecab1d03330af554090358d3c2b20802128e534a2a7f6f9
+** GENERATE (SECOND CALL):
+	V = c38ab37649e822b8c59b93bf6af7c1817a31b3621c681e7c5e888408e2c85d912f5ac46bf16ba7796f90a4695259b3dbf635dc4cd9dfae
+	C = d94a54f3f2a1a8f9397586dbbd5529a9a5726a3f523c7bd410aed99b71e5dddb0a2517cc951607bad3399ea7e18a4904c59849fffecd6c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 6918d283610c5afc5efe0bbc5fc971a2
+Nonce = ee798d0209bb4a3a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7cd7a8e95c954c0c53ac67f445c16b194b163fcf9e129328e3697f185ca5e7b6b6ae183604b66c7dbfd796df31553287c85e21f77b6004
+	C = 74b1add1f62f474981093a454d918e8b30693e1485d23d3d87c5c4a6cb69964256de3abdffc6afa8d09f0a6eb541f2df3e3a27bcededd1
+	reseed counter = 1
+EntropyInputReseed = e6eb96c622522b950927b01aa3efdc5c
+AdditionalInputReseed = 669850210a254f31eccb271d9aef3fea
+** RESEED:
+	V = a2ad859284c33f4cc5fba94a90003739e9727201fc27cac2ea508b7d4a92968de6c6d5f2d768660977ae727c2b964286f462d756cfd3a6
+	C = 93062aa03a1e53b03c1c4e28bff26c8ae72a137354fb5a5aff78fcb2394105b7dac3cbabc69ed4dbf0599dd4c849dc9eb9cf3f3abdb88e
+	reseed counter = 1
+AdditionalInput = 96880965ee8794991e9813d2b87e4244
+** GENERATE (FIRST CALL):
+	V = 35b3b032bee192fd0217f7734ff2a3c4d09c85755123251de9c9882f83d39c45c18aa224691874405c7144d4910ad7ee9d9447cff258b4
+	C = 93062aa03a1e53b03c1c4e28bff26c8ae72a137354fb5a5aff78fcb2394105b7dac3cbabc69ed4dbf0599dd4c849dc9eb9cf3f3abdb88e
+	reseed counter = 2
+AdditionalInput = 76e10d8f9c3b38f0d21aa8d57ac5b084
+ReturnedBits = e5f786b2143a89af61dae53ceddde787e6338fc353ca273a90fea682b3064e2bb5e6410f697f1b6c80b0a423660f5210f1d62315f09e2b7dd192f509ca77c9831bbb8c6a78108021cf8f4f3f0b856975
+** GENERATE (SECOND CALL):
+	V = c8b9dad2f8ffe6ad3e34459c0fe5104fb7c698e8a61e7f78e94284e1bd14a1fd9c4e6ee9fadec95980bf8fcbfdfc75b6d316fb5a520902
+	C = 93062aa03a1e53b03c1c4e28bff26c8ae72a137354fb5a5aff78fcb2394105b7dac3cbabc69ed4dbf0599dd4c849dc9eb9cf3f3abdb88e
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 6f58bff2adf6f6f524ac81324743b960
+Nonce = 1c684725d4c4925e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 99c644ea9e8c9eff733dac64c66c8d138807e6b1eb837ff8638e17a4497f43ca527b95996b0e05fba8f1e959fe0c203409b4318630749e
+	C = 057bb1cecae41d40fe7e4aaeae4854213d7f5f659c71767473a1577e614190c6f188236b036b1a95d2048d8b2ee7146e17c7ca86ef59a5
+	reseed counter = 1
+EntropyInputReseed = ad77eeb96579fdf26464f61db846e841
+AdditionalInputReseed = d966564d70746f5d39cf2c52ef6ff5c0
+** RESEED:
+	V = b90c944c34b930cbe3acaa1445cafc184919971c571e4ea2d5f93c753169fa7dce903013380dcadc76cfaabca3dc7be157c979b287eb03
+	C = 6ce1a9f4c35602685c9850c857318ff44484180b8d784cf4238fb992341c0175869c014ab2962934ca12273037378cbad3007614872ec6
+	reseed counter = 1
+AdditionalInput = c30696404ddc1cc3f293cf927b732da7
+** GENERATE (FIRST CALL):
+	V = 25ee3e40f80f33344044fadc9cfc8c0c8d9daf27e4969b96f988f6076585fbf3552c323a2df97495c2eb96123bd6c69d6438ce9ce61574
+	C = 6ce1a9f4c35602685c9850c857318ff44484180b8d784cf4238fb992341c0175869c014ab2962934ca12273037378cbad3007614872ec6
+	reseed counter = 2
+AdditionalInput = 6bf112a12d67959df984945119b19caf
+ReturnedBits = 1758059d7c08cf93b4c00444285f669a89b6298212deefb535647f668afbbd75f115f3687156dc8af14cd8da48374e72d774ce8bb5e95304102b907b7adc0a729a0fdbbc54e261a725d7ed57b34bba6a
+** GENERATE (SECOND CALL):
+	V = 92cfe835bb65359c9cdd4ba4f42e1c00d221c733720ee88b1d18af9999a1fd68dbc834a207d04c7ec5336d06194858ff811eacf2801a5f
+	C = 6ce1a9f4c35602685c9850c857318ff44484180b8d784cf4238fb992341c0175869c014ab2962934ca12273037378cbad3007614872ec6
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 5fef241523b7568fdc16335f956c2206
+Nonce = d981adb56b590c5d
+PersonalizationString = 
+** INSTANTIATE:
+	V = f14533677ef73be6e0d3d97496684a02c826774ba492c193366988285c9e2b722f57f815bedf92c600bb10e0ba51bf2b5adb4eeedbf642
+	C = e1afeddf0383b9875898ae7e9ac109e24abb853c17e86d41fa687e445e6d9275d142cb1807a0df84591759703e80da40da96432dbe17ae
+	reseed counter = 1
+EntropyInputReseed = 8f0fa14f90ea7848aff8da233622ba49
+AdditionalInputReseed = 0d0aeb550853c45370784db3ef5527e3
+** RESEED:
+	V = cbdad1f9259e5254a7d9af9de7cf1f734c37cf0e5eb66b50eeeb7c96f12b3be9fec4638819dc179b7a4cbd7f93cb8d01f8e2025bc22449
+	C = a38ec037f481d33fe18aa7c89ef6aa5c08b4b2bbcffa77fbed142e5721e8619e1bbd2bfd5e953ea00a0142910ad8ec74ece4a6fa3b7dbf
+	reseed counter = 1
+AdditionalInput = f56c312dbe6b014b55e791a0617dae5b
+** GENERATE (FIRST CALL):
+	V = 6f6992311a2025948964576686c5c9cf54ec81ca2eb0e34cdbffaaee13139d881a819101ef5ca31679cd0b4425ec17023c6363f93e5494
+	C = a38ec037f481d33fe18aa7c89ef6aa5c08b4b2bbcffa77fbed142e5721e8619e1bbd2bfd5e953ea00a0142910ad8ec74ece4a6fa3b7dbf
+	reseed counter = 2
+AdditionalInput = 9b668f0fdb3bfde22e9fdea92c8e583b
+ReturnedBits = c18b754f903d468a4521dc2b4dd2978456d731d565eb55af1f7426ea76c26cc63771e31725723a3e661e31cb35ab87aa02fee4e2e03ac213ccfceec180e9c068b5c0ccf1213073a7f5af86f6868f9f24
+** GENERATE (SECOND CALL):
+	V = 12f852690ea1f8d46aeeff2f25bc742b5da13485feab5b48c913d94534fbff26363ebe7733d703f4bb6476bb923751da86a719908417ff
+	C = a38ec037f481d33fe18aa7c89ef6aa5c08b4b2bbcffa77fbed142e5721e8619e1bbd2bfd5e953ea00a0142910ad8ec74ece4a6fa3b7dbf
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 667fdc8b2d7d84aec2715ff20007f8ea
+Nonce = dc0fe02b686c5a15
+PersonalizationString = 
+** INSTANTIATE:
+	V = b1537640f37749e2fd6878647c53b2fbf8688de3fcc4fcd469a499ba21b5caa66c0d821e99068de496d60f5e16f49d3d805a61deba84e9
+	C = 681cd227d4879d0c8644c0dbc8fb01f95f80e48c62e15ef3d9b36d50d026b473bfb344cba0b31d56d756a7e9ed410c65cb5f11ab2c75c8
+	reseed counter = 1
+EntropyInputReseed = 5f90cb529bc9288e20c014c60a8f2794
+AdditionalInputReseed = 0d171290e9a951e8f846c6153fcfb3e8
+** RESEED:
+	V = 49572955c7f9c438c02685ca14e74ec59318b11297c93c8feed9f0dfc7ad006e60d307c662b44ed4e060ee86c3bebc4ee477b1993a6957
+	C = 0a8b9339788cb0beacd10ef337a620df0fb2ac9086e86ac6326409f1a75b9e169865f56cdc7c001c3c128e9fe4078009cc1453aedfdc67
+	reseed counter = 1
+AdditionalInput = c6f4ec319aafb2409a30ef74ce18ca1b
+** GENERATE (FIRST CALL):
+	V = 53e2bc8f408674f76cf794bd4c8d6fa4a2cb5da31eb1a756213dfad16f089e84f938fe57d2783aaa99264c21103d0f68d3507b6142cb41
+	C = 0a8b9339788cb0beacd10ef337a620df0fb2ac9086e86ac6326409f1a75b9e169865f56cdc7c001c3c128e9fe4078009cc1453aedfdc67
+	reseed counter = 2
+AdditionalInput = 49df61061d180283d87bea451e3b997a
+ReturnedBits = 880929748d47f310b86dbb675e7c2c798c58b9bd1bcfea968b13246ee56edfa819d7ad686b7cbb52253a32bdc4b8e0858b9eccdd98f604df14a2544a91d762f84ab5886fd5577128e7d699a8615dd535
+** GENERATE (SECOND CALL):
+	V = 5e6e4fc8b91325b619c8a3b084339083b27e0a33a59a121c53a204c316643c9b919ef4548792361bac2f06ee2af0482b4b3233dad6317a
+	C = 0a8b9339788cb0beacd10ef337a620df0fb2ac9086e86ac6326409f1a75b9e169865f56cdc7c001c3c128e9fe4078009cc1453aedfdc67
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 6ae879656c288e1171ba2e1cb8ebb53a
+Nonce = 8d4d1c154ac6ebb6
+PersonalizationString = 
+** INSTANTIATE:
+	V = b884267e31b220c9d8e1fe6c1cdae14d7b64e94c530891b509dd35cb6dbb4683003cc2e0638967146a4cb8c678514014fd0a5a6172dcd2
+	C = 64907a4c896ae2c51c3904fd6972cec41f8353aef62d662e3fe4efe0b1ccae98c4bb6d4330eeba7142a85c61c84896b8aef36eb526633f
+	reseed counter = 1
+EntropyInputReseed = cb1384603d28a542a0ae6b0dd4dd8522
+AdditionalInputReseed = 2eae690075264be6a7b0e5110f49d76e
+** RESEED:
+	V = 2e839c322a917724efa4e40d6db8539c5572bfa031126f4ff2715b76db1ee9aea2364a3de155e4f355deb06b91009c702336d126bda7d5
+	C = 3685da34077f79996b67e7d85466808e9ec8e05b60d6184dca45183a049a86b009509d05f3d3c3900ccd7d05b5b5c00de91750d3b592d0
+	reseed counter = 1
+AdditionalInput = 64e32b772a9fa1dda487c9d6a5d233da
+** GENERATE (FIRST CALL):
+	V = 650976663210f0be5b0ccbe5c21ed42af43b9ffb91e8879dbcb673b0dfb9705eab86e77c4b238cc372a9b3a1f40f81fdc596ebb144b452
+	C = 3685da34077f79996b67e7d85466808e9ec8e05b60d6184dca45183a049a86b009509d05f3d3c3900ccd7d05b5b5c00de91750d3b592d0
+	reseed counter = 2
+AdditionalInput = 42bc03b991fb4b9b3d68a3d6b84c88a3
+ReturnedBits = 4b3523e211b4e2b6256fcb6546e3b3b833d427c00e5c6545952c23849b50c4a6408ef46cb30c8135ce765b965add13ca1ff12f5766479466e80e1b7971cc12069951ef0fa1aec71c33ca309b94518853
+** GENERATE (SECOND CALL):
+	V = 9b8f509a39906a57c674b3be168554b993048056f2be9feb86fb8beae453f70eb4d784f3030b6bcd825b4fe969e806a64f0d729c214103
+	C = 3685da34077f79996b67e7d85466808e9ec8e05b60d6184dca45183a049a86b009509d05f3d3c3900ccd7d05b5b5c00de91750d3b592d0
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = cf11b8a783dc69df802a1824bef8cb92
+Nonce = 1ba377e3c42e5485
+PersonalizationString = 
+** INSTANTIATE:
+	V = f2ce2cd201df92aa359c5bd64eb93299f64882362fcf4717c432a011ff93bfa1699943cd18985ff4c1ac656521d0e060952c0e021286f1
+	C = d3d0cbdcc30c29efcea3a948c6582a84deeb352bbc93d13d091655db18ab3b5ab0f2c107048b23351f020c77bfdcdb294d9907d462d30c
+	reseed counter = 1
+EntropyInputReseed = 77e6030aa93502503bdc22ae5ac4b20b
+AdditionalInputReseed = f34bc51b7da618732d031a54a261305b
+** RESEED:
+	V = 648c95a272c92e8a9b4774363eda81db11225f87015665a6f3a89bbc124ffbc8cdc667d6abea3a255ad39d95b3e42a3bc4066147564a68
+	C = a761216ff287cadd744314ffc89313c818c37ee41b79200fdeea0f7172ae3925331e3385621f2e3e7133548a34683ab774b99159630124
+	reseed counter = 1
+AdditionalInput = 0ddbb76b3f5cf42f0a9a420eacfc00f9
+** GENERATE (FIRST CALL):
+	V = 0bedb7126550f9680f8a8936076d95a329e5de6b1ccf85b6d292ab2d84fe34ee00e49bb79c235c3e71102f136a1ca4506789402c2bfea3
+	C = a761216ff287cadd744314ffc89313c818c37ee41b79200fdeea0f7172ae3925331e3385621f2e3e7133548a34683ab774b99159630124
+	reseed counter = 2
+AdditionalInput = f7c15f77bb09133a6e9b3b940ab6e084
+ReturnedBits = 40e2fe9b239212267fde1445794f67278832b8764f804bb0c85514bd9cd0d5357ae6287a9f4c542e9b06ef001e91d58fc705579eb3629da2fa73dffdb7a8ce75ec03ea797092d0195df137bbc7a9a730
+** GENERATE (SECOND CALL):
+	V = b34ed88257d8c44583cd9e35d000a96b42a95d4f3848a5c6b17cba9ef7ac6e133402cfa696d9fb098f03665c19880acada0585a6268e22
+	C = a761216ff287cadd744314ffc89313c818c37ee41b79200fdeea0f7172ae3925331e3385621f2e3e7133548a34683ab774b99159630124
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 8f81a12f9404a980c29f7eea312a33aa
+Nonce = 96d579a35b317762
+PersonalizationString = 
+** INSTANTIATE:
+	V = a8f2d79096733bda274dba831e7a13b235927a8af90ef27b9f22943abb889dbde6d5772941cc140c8f83cf4dc8d692813f349e1b54ac9e
+	C = ff8a5a7b6ba5f4c2df70f202c719c49b4e6086d85127e6169e6eea08688536350795e40bff4e6f4779892782407f141d11a9098143cc38
+	reseed counter = 1
+EntropyInputReseed = 800859655fffca9ac5a8538148d123ff
+AdditionalInputReseed = e4ae9fe71cce6fd55b640b1bcd8fdd54
+** RESEED:
+	V = aecf5d97fda6163b8378d58eea257824b201f7a42c765c140c6e2fd3c5db6b7286602b08993a45f94f8a8f18f674d5106a6e2b544d3e6a
+	C = 1ad063a874a59ce504fc8aba090106cc12e5437bed04b1107f1ace13e3c74500715003d38dee02a3e9db3f1215b320d641a2c4ffadcaea
+	reseed counter = 1
+AdditionalInput = 1aea66e4458c147668ee8123e750f86c
+** GENERATE (FIRST CALL):
+	V = c99fc140724bb32088756048f3267ef0c4e73b20197b0d248b88fde7a9a2b072f7b02feeb7466bdc08a4ea634186c6e278f5c01a735401
+	C = 1ad063a874a59ce504fc8aba090106cc12e5437bed04b1107f1ace13e3c74500715003d38dee02a3e9db3f1215b320d641a2c4ffadcaea
+	reseed counter = 2
+AdditionalInput = af9da0fe2e36252f5b29e8a1fe14c9d1
+ReturnedBits = 8b5cec54c6bdbc8966b6b450f7a931d920107abe6a72860a046c5af1895814fb1309791008b391ddb4f9272c0d612f2e87c2642bfd5cabf41655ce51544d19e227f43d1c5b3ceef48b75ff4bc7e1b805
+** GENERATE (SECOND CALL):
+	V = e47024e8e6f150058d71eb02fc2785bcd7cc7e9c067fbe350aa3cbfb8d69f573690034f090a152e6be152b7dfd49a8357c2e03d9e71184
+	C = 1ad063a874a59ce504fc8aba090106cc12e5437bed04b1107f1ace13e3c74500715003d38dee02a3e9db3f1215b320d641a2c4ffadcaea
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 3fe6105da2e04e904e3784850bf33bfc
+Nonce = 355445318fb1b3c0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2cc3554d25debf077fb24608a88c7a81361f7a8358edea02517fa7b55b934c2db78ab1f1bf8e85a8beb005f2177a3bda857343de17b058
+	C = 07e9313b1d1219607708f35572947c178be7fae06dab9c1aac3e2a73e580246a4f46f8c19a7bde1c3ab30e5d14a17042ab57e5ff39281d
+	reseed counter = 1
+EntropyInputReseed = a27e65099d70c2480632b726532eb1d8
+AdditionalInputReseed = 04b8b3a5cb9d082bad1ef4cb34b0def8
+** RESEED:
+	V = bb122ed71a0e6a4f05ec4a2081e5ebbb7ddbbec3652d15ef7a936eb749ee490da2b72b0bbffc87dfab4b8bf8f5f62baa2dcc1eb9e23d3a
+	C = 8b130303c2a90920b1542226ae32fcf5c99dc2eda1b2f2ece995f37893204e9ae23eee8be424a57d78244afb4deb949867cbb79f4a0d4e
+	reseed counter = 1
+AdditionalInput = 560a6ace26ae2bf8e3be0864041860a0
+** GENERATE (FIRST CALL):
+	V = 462531dadcb7736fb7406c473018e8b1477981b106e008dc6429622fdd0e97a884f61b77cf34e710bd139c78ff68fc6cbc8c9731d0ae94
+	C = 8b130303c2a90920b1542226ae32fcf5c99dc2eda1b2f2ece995f37893204e9ae23eee8be424a57d78244afb4deb949867cbb79f4a0d4e
+	reseed counter = 2
+AdditionalInput = bfaab0077a8b0df0643f9f16c0379ec0
+ReturnedBits = c195dd67f0b9139d1944cba7c8e198502f17eb35e5994f7363489cbbea01ef81ec422777f7bf265dd8506ff6313e459396dd85bfa9456bf26203a76d63b6059059c01d349538ebd7615c3cd2aea585ad
+** GENERATE (SECOND CALL):
+	V = d13834de9f607c9068948e6dde4be5a71117449ea892fbc94dbf55a8702ee64367350b4f02d8e7e0d4dd93043f1a62d0821b68e88e02fb
+	C = 8b130303c2a90920b1542226ae32fcf5c99dc2eda1b2f2ece995f37893204e9ae23eee8be424a57d78244afb4deb949867cbb79f4a0d4e
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 9e36736e57d038f7b0919d43fd1ec237
+Nonce = 06a959a28fbc60dd
+PersonalizationString = 
+** INSTANTIATE:
+	V = ebe73672e760e3663ac87226be456ef1c68ca1f14cea4d2b847bff8db772e895dfe314cc464950636417e402be0bb9e901379f12c051ae
+	C = ed36f28505da3896b0178e491d265489e1af274f4892cbd2734b53b70db03554422101803311606d3a9aaf86375255003f5efc00fcdebc
+	reseed counter = 1
+EntropyInputReseed = cf46584eaa66519cb19a08edf2f279ca
+AdditionalInputReseed = a0b70118f9a572d96da92ca25e1d6af4
+** RESEED:
+	V = 9eabc856be985aa0cc960acd58b550eb4a873d29d92b758300b39a56fecf5c4fc0032e653133d8d6bd9983ba8655ba380f3d0c010fc36c
+	C = 2c5e9c08de59a7705d3c35c9760a3a126c4188d9f304f7ace4b5859791903eae22be84994afcbcdbe541ab90e367388ac9cbfb049e9021
+	reseed counter = 1
+AdditionalInput = ab8336f25e8cb235e456109085985900
+** GENERATE (FIRST CALL):
+	V = cb0a645f9cf2021129d24096cebf8afdb6c8c603cc306d2fe5691fee905f9afde2c1b3fd2655aaed55849c139d4ec79b975130813ec572
+	C = 2c5e9c08de59a7705d3c35c9760a3a126c4188d9f304f7ace4b5859791903eae22be84994afcbcdbe541ab90e367388ac9cbfb049e9021
+	reseed counter = 2
+AdditionalInput = 7e81606fb31837932d9fd39ac6937119
+ReturnedBits = 3ec372ccec496596deb1cd5ef840155bcd17003afa11b24a85e9687b8b465cfd3554d56a2751f822cbbeb2e10a73a8765973f502136cf43e6b824ac198c371a3e506c4dfa2b1101e9310172700aff890
+** GENERATE (SECOND CALL):
+	V = f76900687b4ba981870e766044c9c510230a4eddbf3564dcca1ea58621efd9ac05803974472d9c799a1471cd0db5961297691614166d5e
+	C = 2c5e9c08de59a7705d3c35c9760a3a126c4188d9f304f7ace4b5859791903eae22be84994afcbcdbe541ab90e367388ac9cbfb049e9021
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 0ed54cef445c617d5886e034c09736d4
+Nonce = 2c8b0713556c916f
+PersonalizationString = f3378ea14534304112e0ee57e9b34a4b
+** INSTANTIATE:
+	V = 18ac51929209c501348d39227b6e283626700c318a8a1b06af9616fe64a1824d9d1740f7bc099c25f486b17ae7275f602427b0edbc143d
+	C = 8d9161a264370f690287251ccc62dae2d807c016a0cef5be1fb87f6b8e5a41ab999f231a3814bab145c9439122724e8f474f7a9084edbc
+	reseed counter = 1
+EntropyInputReseed = 0b9027b801e7f72ee6ec502b8b6bd711
+AdditionalInputReseed = 
+** RESEED:
+	V = e6add129e05ada17f12ca256d90740a38fd23461b24c764bf7d3d66070dcbd658d91bf7410f9fc9f23ea1e2337dbf85e6b5db47e264728
+	C = 11653a7b8fa7b05d173c78fa0ab7e48ac6ed9094705130588a3538bea12d9ae1e520a73c6ac1f1aa76a31f57e678fb4429781ea3b1c582
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f8130ba570028a7508691b50e3bf252e56bfc4f6229da6a482090f1f120a584772b266b789f0a5b6dff3df4c4d961d348c2f6c6de25122
+	C = 11653a7b8fa7b05d173c78fa0ab7e48ac6ed9094705130588a3538bea12d9ae1e520a73c6ac1f1aa76a31f57e678fb4429781ea3b1c582
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 55370ed4b7caa4bb673a0f5840b39f764edad285d56f018f2da7544b0e66396235961db7f6dafb30b6c568d8406e2bd43d23eb0f10ba5f249cc9e94ad3a5f1dfa4f2b4804091ed8cd66de7b753b209d5
+** GENERATE (SECOND CALL):
+	V = 09784620ffaa3ad21fa5944aee7709b91dad558a92eed6fd0c3e47ddb337f32957d30ea4df2afd6e78bbe6db397ebabff51c99698eac67
+	C = 11653a7b8fa7b05d173c78fa0ab7e48ac6ed9094705130588a3538bea12d9ae1e520a73c6ac1f1aa76a31f57e678fb4429781ea3b1c582
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 8f2a339f5f452130a457a96fcbe2e636
+Nonce = 0ed0e9a5a4548ad0
+PersonalizationString = 45e4b3e2638762572c99e40345d6326f
+** INSTANTIATE:
+	V = 2a7eee960e11454acbad03d6331322cbbbf2ae50ee23a3f2b960cf35aabf000ba2015dd341ea9968baa20dcc600b7f057d82ea24d0df54
+	C = 16f180ac0a525bf65701b38739e642b99a5af925d6dd6b0a8d4e8936e9e64c7c82ae81318a6c740ec449c1955f99e7b69f43b553ebdfc6
+	reseed counter = 1
+EntropyInputReseed = 1fff9e4f4d663a1f9e854a157dad97e0
+AdditionalInputReseed = 
+** RESEED:
+	V = 5d6682e9e1ae885e9dd368a876d79be0639c5b28d7c497e84afb356fe4048db6ff40c196e58b1b78039ce4069ab067b5660b9d98ef541b
+	C = 7d69a60aff8fbb5bf43e2df29cde504e630cb8358a6f0ef0964de6f5c59d337bbfcc26f1a2ec5c07c8b34c17e27cd6f13b221e5c077f8f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dad028f4e13e43ba9211969b13b5ec2ec6a9135e6233a6d8e1491c65a9a1c132bf0ce8f6e47a7c7890ae82593656ec32edd0746acdb324
+	C = 7d69a60aff8fbb5bf43e2df29cde504e630cb8358a6f0ef0964de6f5c59d337bbfcc26f1a2ec5c07c8b34c17e27cd6f13b221e5c077f8f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4fe89641f8d395c4436efbf80575a769746e0c5f541435b4e6a6b3407ca2c442a22f662828cf4aa8dc16bc5f69e5bb05d1438f80abc58f9c3f7557eb440df50cf4952394671155981443ff1314855abc
+** GENERATE (SECOND CALL):
+	V = 5839ceffe0cdff16864fc48db0943c7d29b5cb93eca2b5c97797035b6f3ef4ae7ed910265a5cb9e66994c2fe958079581d0cb1fecbcf1b
+	C = 7d69a60aff8fbb5bf43e2df29cde504e630cb8358a6f0ef0964de6f5c59d337bbfcc26f1a2ec5c07c8b34c17e27cd6f13b221e5c077f8f
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 1d57c713eef2386e067965333f435172
+Nonce = 87f232366a369d1d
+PersonalizationString = 8f202d70d48dc732ad220ad6554eb241
+** INSTANTIATE:
+	V = 46c69f21a3e1e7f194d28b8014cd32917b1e84ac1114583f2c31a86b67325abb853b447f5456f99a2a4c1389274f6d05f66e8b8baa984f
+	C = cf98b936fddb9755c9b48a25e467b2c431ff07d1bcc1da55b8b288b4fdd1c2a13c7b9ad052685205fca6e0d412fdd5409139b0922c63bd
+	reseed counter = 1
+EntropyInputReseed = d9ecdc8e447b01a347b5697897ddc0c8
+AdditionalInputReseed = 
+** RESEED:
+	V = eae55cf27f3780faedf65ac9715b082d91353a9348cec6bd81fde50ce67be553a6410c60cb46daf6f39266a7dc8dfd70ad4118262a9f3e
+	C = 5fe01231d168fc734f886ebf18ab7df29256c80ceea7044e5f2c8cce74e755c623b5ad9a2ddaff21a13a7cb23b4f4f327e54f0e157eb31
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4ac56f2450a07d6e3d7ec9888a068620238c02a03775cb0be12a71db5b633b19c9f6ba60732cba854451d2bdeb4ed3b7cfc5faa416df99
+	C = 5fe01231d168fc734f886ebf18ab7df29256c80ceea7044e5f2c8cce74e755c623b5ad9a2ddaff21a13a7cb23b4f4f327e54f0e157eb31
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4503bb8463f2101117be877f88885e3a0ac146c9c0c6695bd9521e9e56a593cd8fbab0f80dad6f1a168df45cec13b0b68f4dd4180e28917b1b5e10dfa351eac460301476104bcc9e032bdd18bbe7c22b
+** GENERATE (SECOND CALL):
+	V = aaa58156220979e18d073847a2b20412b5e2caad261ccf5a4056fea9d04a90dfedac68029d7ab058d3030d40b0efc2ec4e1ddc2cfa4e4a
+	C = 5fe01231d168fc734f886ebf18ab7df29256c80ceea7044e5f2c8cce74e755c623b5ad9a2ddaff21a13a7cb23b4f4f327e54f0e157eb31
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 3c76990bc4ef3e1c0ba0748c5c5a82a5
+Nonce = 0d8d1e425d5cfeea
+PersonalizationString = f961a0573fc52050fdc44c8db3438c13
+** INSTANTIATE:
+	V = 5edb593b4bfc307bc414e6e43f879b4526131a05b8c247f505928ad1d8596df94c6f44c89b17fda98f08b6a7beca908ebd9cf4c4176722
+	C = e9a9be3dd283e38c9e86f059d6e171eead9c2ca87f0108a114d32c68b1e0d6442c923c10eb9704aadb26bccdcad2fea5a1edd668170166
+	reseed counter = 1
+EntropyInputReseed = f8a95057fb6258fc1566827568d57bb0
+AdditionalInputReseed = 
+** RESEED:
+	V = 4202aed81d559406d7e6246f3799df8c47a6ef6712b3b17f7e6df0db949525bc3c7094300125cce8fd083d066a96134e754e8db2aa56be
+	C = 46ac7a4e6246b1d53fe27aa91f7d3b3be1dc4cc98c1abe24d0b5116fbd211ef3755279637b37dd6efd6df410dac5c37b83a9422788af2e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 88af29267f9c45dc17c89f1857171ac829833c309ece6fa44f23024b51b644afb1c30dc57f35911664cdc323e8039a6383ed4d593d99f3
+	C = 46ac7a4e6246b1d53fe27aa91f7d3b3be1dc4cc98c1abe24d0b5116fbd211ef3755279637b37dd6efd6df410dac5c37b83a9422788af2e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9ca5eabd0d0c44cf0c61151fe72337825b94a2c13d661a91a0bf6e8e31ebb46e677d8484637ab2d6760e0dd8515d6b99e781673ef7dc05d659184b5598cbf1174d7fc59a86afca13e073dd8e61d0dfc9
+** GENERATE (SECOND CALL):
+	V = cf5ba374e1e2f7b157ab19c1769456040b5f88fa2ae92dc91fd813bb0ed763a32715875d36e8bb9e44d1504619e54d3f67b76412acead4
+	C = 46ac7a4e6246b1d53fe27aa91f7d3b3be1dc4cc98c1abe24d0b5116fbd211ef3755279637b37dd6efd6df410dac5c37b83a9422788af2e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ec0d4c25031ea07762cc4e68c8bf9413
+Nonce = c1e70c4488f68024
+PersonalizationString = 8ba2a33c7839055f05ba9a030bd1a512
+** INSTANTIATE:
+	V = d5c1b798057d408b40bbf5feadf7e10c2bfbf439e8b4180ac8de4d31570781902ab4be0b6e55ae3bdb238ee65b12856564eca5fa199899
+	C = dc459b5c28d5fca69feafa7d22d5a6032b2b59ac39550233797a47b50c497b2e9b75841bb1468f8f99c0a6d7ec34d75b0c690b024fe757
+	reseed counter = 1
+EntropyInputReseed = 924893a36422e4cef173313ea416074a
+AdditionalInputReseed = 
+** RESEED:
+	V = efb7e0fa10817efdcfd3718b1c602b73aa3d7c74dceca8c76d967f4733de1738c10d5c43295ca3bb3b8583a6f42523c42bf14c9ff9c917
+	C = dd759936ca5684bdb1cd835083a3731a2fa224ff63d295ae187b83e23d3223e0483bb9844d731e069d9d4ce33f9409efed87e2e39931b4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cd2d7a30dad803bb81a0f4dba0039e8dd9dfa17440bf3e758612032971103b19094916a2c07e75838d6d4b437d2fea58212c0b4d6618b1
+	C = dd759936ca5684bdb1cd835083a3731a2fa224ff63d295ae187b83e23d3223e0483bb9844d731e069d9d4ce33f9409efed87e2e39931b4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6b1687c94bfe8f06f6287acb5fbf84f50a31f73dade75eab0bb7cf52cfbfdc0134635317b14fda0373746d3146116ebbd789402c68af951203b0f6db3652605002389bf98bb1993bf877ff7c4656db5b
+** GENERATE (SECOND CALL):
+	V = aaa31367a52e8879336e782c23a711a80981c673a491d4239e8d870bae425ef95184d041763f1cb9b3c792987862baa79e26463ffcdb7a
+	C = dd759936ca5684bdb1cd835083a3731a2fa224ff63d295ae187b83e23d3223e0483bb9844d731e069d9d4ce33f9409efed87e2e39931b4
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = a4078d3105bd364d7c0f5965baf49bd2
+Nonce = 80c83576fa024fa2
+PersonalizationString = 10ee38baead5cc7126583c7d63056038
+** INSTANTIATE:
+	V = 9549f8066fd6fc727c96f03db5bd36065f8f3e17b984bc8eee6491ba4efb07f057b95e9449880a4a9aa20341f0fa565cf802d2e4a0fbae
+	C = ecff9912e746971678fb376da61271982eeac95e747037f0f1a5d5ee745ffa4d7d7260bb045eba3ee25b8148e7ea26fb3b7aa8419a50f6
+	reseed counter = 1
+EntropyInputReseed = e2eee82bfc03bab0f6a59795455e3339
+AdditionalInputReseed = 
+** RESEED:
+	V = cc5913867ae722151c3dd9f880bec7132c5696e60f3db621d84fc2fdb813b626db7efa3c50dcb2696a199034056d6715576122c3fd42e3
+	C = 35d139c9738db7298c20f0895c46599ffd11a839376fe4a77bd6b0e9688cec71e8b9c1833157c80facdbcec484216d50543e3797075f0a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 022a4d4fee74d93ea85eca81dd0520b329683f1f46ad9ac9542673e720a0a298c438bc87bd1962c2e8d5eccd84452937559a44e287b2b1
+	C = 35d139c9738db7298c20f0895c46599ffd11a839376fe4a77bd6b0e9688cec71e8b9c1833157c80facdbcec484216d50543e3797075f0a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 41b0c2440db2f5a0e2f6047bef43016add5ab6d4249c51f38d5cef35afc865218bb582e24309f5288cd1591c98a99d4b62fb20666b056d43b15d395ad810c93d8766c04bb4010e5da3817e9f387dd2ee
+** GENERATE (SECOND CALL):
+	V = 37fb871962029068347fbb0b394b7a532679e7587e1d7f70cffd24d0892d8f0aacf27e0d6ce46accd4a12e09528f31c6db3f7b4a892335
+	C = 35d139c9738db7298c20f0895c46599ffd11a839376fe4a77bd6b0e9688cec71e8b9c1833157c80facdbcec484216d50543e3797075f0a
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = a311cfe145f7540d898ca10c215ab106
+Nonce = 36cfa2ab1e88eab5
+PersonalizationString = 9740b20f80b712e4d5516eba0dde1821
+** INSTANTIATE:
+	V = 0c4e0a77efd2c4d15661ad06548d0f304a3fcd141449ad2845d40c8e8c0439625baddacdec36506d4aeed25a486ee8a8ff00e8c0a04e6b
+	C = 007bf3b22082326409a9786cdf6b9413be201c5537e3f77bd011883d68b51b5e989063744b8622463be08607282a426d44ec5c0cf5dc85
+	reseed counter = 1
+EntropyInputReseed = ffa44a64c219595eff640d0259a3aba0
+AdditionalInputReseed = 
+** RESEED:
+	V = b0cf977e10d5e66300bf09f9e287a62dc986d248d66bb1df0951b034d91b22de2091275b4b4d8cda1b83a4af6ffb99ee6399176ce5b796
+	C = aeaf34b534ac8e35b91a8ab898675b59325bf6148edfdb6292642cb60af7671365fa288f5209f60e0792a78089a19a0fa396c818d49f11
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5f7ecc3345827498b9d994b27aef0186fbe2c85d654b8d419bb5dceae41289f1868b50c9b9d08cf4f2c4fd9b56701a8342adbaee338b29
+	C = aeaf34b534ac8e35b91a8ab898675b59325bf6148edfdb6292642cb60af7671365fa288f5209f60e0792a78089a19a0fa396c818d49f11
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 932c3ae5ace1e1ce0c3c2cc66a7d3544baaa815074f9ae25144baa02d52d564d5d50cd88a291a28b39b175925c8c725c3d478a64c5ee31aa9f51b9a12ec19b75d35a4b39d32a84e5dbed68c0741f91f1
+** GENERATE (SECOND CALL):
+	V = 0e2e00e87a2f02ce72f41f6b13565ce02e3ebe71f42b68a42e1a09a0ef09f104ec8579d7f2b3b76bbef72bf2ca3e2157f115c2b67690d8
+	C = aeaf34b534ac8e35b91a8ab898675b59325bf6148edfdb6292642cb60af7671365fa288f5209f60e0792a78089a19a0fa396c818d49f11
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 11d91a374c9b3983bb82acdfbc98322e
+Nonce = ee8d28eda0409be7
+PersonalizationString = 137039150d62fc19a6bbbc0bfd7d8b13
+** INSTANTIATE:
+	V = cc09f689b219e86ec4396bbafe3349e4d522753f0b5b32e3d9e389a8e35b35a92df4092f9441d383bd38a55ab91642403ec5253e18f303
+	C = ac5f659eface5d867ceccb86b285fa439348107ef6d45bb164387542b2fbd1274f6ecfe2511a5bd8454352e3eb8be137a1151153f86de6
+	reseed counter = 1
+EntropyInputReseed = 797d4a63161b3ffa795365c6b4fa0442
+AdditionalInputReseed = 
+** RESEED:
+	V = b6f0174dc359bceba3bc8ad9704b0b25162882265737477ec1188e39fe2454de32e5846d1542f8ec559b006a1fbcdf3ba164171073705f
+	C = 764156ff34a835c090c16fbbed07bf9dd6d8fe6554740135f789bcb2ede225d5950124cc1e4bf794ff3a84fc39a8f88e5232650b180b1b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2d316e4cf801f2ac347dfa955d52cac2ed01808babab48b4b8a24aecec067ab3c7e6a93a843edfc9e320e5fa58dd45a7f6161280e6ec47
+	C = 764156ff34a835c090c16fbbed07bf9dd6d8fe6554740135f789bcb2ede225d5950124cc1e4bf794ff3a84fc39a8f88e5232650b180b1b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 346a92b52ea583bd235ef16b3865b4d860c0e0e84c2baab870f439bbed268178dc56c08e1add8a6b1866cebc1bb37a372a1519c6d2f56893af33fc0c1dc8196ff1314e68599801980f878fc50281303d
+** GENERATE (SECOND CALL):
+	V = a372c54c2caa286cc53f6a514a5a8a60c3da7ef1001f49eab02c079fd9e8a0895ce7ce1058fc2d0a93f7a5f355cef62dd6b1c3a288d3ff
+	C = 764156ff34a835c090c16fbbed07bf9dd6d8fe6554740135f789bcb2ede225d5950124cc1e4bf794ff3a84fc39a8f88e5232650b180b1b
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = dc130de18d085bc2a5db2bcd271f7b78
+Nonce = a1332c575280760a
+PersonalizationString = d249c67029e702284a35ce489e320947
+** INSTANTIATE:
+	V = 78eb5a089b81f109444451c761dce4fd833fd52d06b9d4c1f2c8eae27319efcf79ccd20dab4506d7a35edb8c5a4a81124a1f633f113966
+	C = 97da44c320f383afd0b4984e02dfdb87a57269d38392981fe6ee51215a2986afd512a990039bba909c106c7be3130c958c272c12af2a8f
+	reseed counter = 1
+EntropyInputReseed = 2f4c382535f3c51fbeaa590b2599811e
+AdditionalInputReseed = 
+** RESEED:
+	V = bbecdcec062c549963c898bf7a81eb1afc42fc8b16e6d99c393fd7d2d92bf28d712ddccfa95d487a7360180ae011424d032caa91c0699e
+	C = b36bd43652e7b0a026f6fe19d9d4367e672ac0718478eb7c7198084707343df4201e145768bc7a06e7b57dff9b6fa25fbe87c91896fa6c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6f58b122591405398abf96d954562199636dbcfc9b5fc518aad7e019e0603081914bf1e19e772d85bf5c06ea3df8f077868a1726749c1f
+	C = b36bd43652e7b0a026f6fe19d9d4367e672ac0718478eb7c7198084707343df4201e145768bc7a06e7b57dff9b6fa25fbe87c91896fa6c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f3f48146c210b5ace02042856fba084102ffde981bd480fefeb3a0ce6983b5593ad682f15dc2c83f68d892a65049d701b0dc348858c0c83e9e1a6e49f84081708720e01c3f85b20927157421ba01ffa3
+** GENERATE (SECOND CALL):
+	V = 22c48558abfbb5d9b1b694f32e2a5817ca987d6e1fd8b0951c6fe860e7946e75b16a0715ff1e0b3b87bf37f15ef1e69be29223f0ef483e
+	C = b36bd43652e7b0a026f6fe19d9d4367e672ac0718478eb7c7198084707343df4201e145768bc7a06e7b57dff9b6fa25fbe87c91896fa6c
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = cefbdbff9e42df35ae7b2ee1bfa903c5
+Nonce = 5819d34e52a12ab2
+PersonalizationString = 743c180b6784a470e37de62ee9d6a6f9
+** INSTANTIATE:
+	V = bc261535bc6c37bcf919f3bf60f09a5398ecc54554c0e7b864f512157b67a6d75b876111a0fd1ccddeab26a40f91cd079fae8bddec1936
+	C = 84a8344fb347c486a5010d4bddd3101f6d0faa6f06127ffa001adf3f05c65473e4928b211b1a26af823df4f69bb6f8049d431a14f43e0c
+	reseed counter = 1
+EntropyInputReseed = 31d9fb93001549ab357bc51095da0631
+AdditionalInputReseed = 
+** RESEED:
+	V = e5e0aedd846749b02d62cf54ac003afad7a448da35f2eb68525c69cfbb25233b8a3f9cdb42c3533d62aea95cd4b8cbb1cd7b6c46aaa14b
+	C = 1b939f2b517921260ebda7ad8d3f38a4425ce6c8af1b63993f5e1110a019d146afe082e5ebc936a11e1238c92da661108a2c0f7055bcd0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 01744e08d5e06ad63c207702393f739f1a012fa2e50e4f0191ba7ae05b3ef4823a2020579d9514a3211af7353a2565cbefe514901ab054
+	C = 1b939f2b517921260ebda7ad8d3f38a4425ce6c8af1b63993f5e1110a019d146afe082e5ebc936a11e1238c92da661108a2c0f7055bcd0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 862e0431f42e9c888cb0483dce79c1fca6d0fcc450852d786ed208bbbde9835da6ad2dae292fbd494e822a167a8efc3b9954a4b25f53c9335f9c74e77e23dd8d84b0c8dff3eaa8707c6fc03be1de2ff2
+** GENERATE (SECOND CALL):
+	V = 1d07ed3427598bfc4ade1eafc67eac435c5e166b9429b29ad1188bf0fb58c5c8ea00a398f3749f38672d36c8417eceab5070ddf4227526
+	C = 1b939f2b517921260ebda7ad8d3f38a4425ce6c8af1b63993f5e1110a019d146afe082e5ebc936a11e1238c92da661108a2c0f7055bcd0
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 2fc37e43cc278fe8db16beeb16625d9b
+Nonce = 3a5c14484913a8ad
+PersonalizationString = 56dec9d515fc2b53e67ed057ebdb671d
+** INSTANTIATE:
+	V = aa83be4bc6065e8fd49542d8d24ab2b6c6abea8b6aed630f8adc414d567f230f80f693dacb4d854e121e02b799005cac331f2b4fad4750
+	C = 461fce5cc43752fa93ae5be8f85e2acdab1ffe7983cc3a2a820bdf245f8e019ac249c87e78bbafcf1421c5aaad6a562112641dd9762928
+	reseed counter = 1
+EntropyInputReseed = 2a9b95685ee2190f2b8f67329cd4b223
+AdditionalInputReseed = 
+** RESEED:
+	V = 3c4d1571288a33e2fee96c48c6cc2c8dbe84c12557e8d9ef8e3e786382e9acbe6e279b214bea75df8193ba51093a4de6192353d08b36a9
+	C = 9dded0265a3fc44a9757d86230843b325d2dcb286a4db907cbde80454290b2326daf4d08d9bf883377f403fa8c92865d0d821fae45934e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = da2be59782c9f82d964144aaf75067c01bb28c4dc23692f75a1cf8a8c57a5ef0dbd6e89abce3aa702f0463f418ad295657f5d58c44ca97
+	C = 9dded0265a3fc44a9757d86230843b325d2dcb286a4db907cbde80454290b2326daf4d08d9bf883377f403fa8c92865d0d821fae45934e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 13db156f13faa870b1a873bb0141ca2d59bf0b232de966cd913db5e10485f2ee84dfd7f475061e13cc62db81322a367e08a07999dc9320a501b758048b8f54f99c0701b260b6a6958f481dc1321ea7fe
+** GENERATE (SECOND CALL):
+	V = 780ab5bddd09bc782d991d0d27d4a2f278e057762c844bff25fb78ee080b112349863699ac6669ddfdce51aa899c8b95d870dc6ec6b847
+	C = 9dded0265a3fc44a9757d86230843b325d2dcb286a4db907cbde80454290b2326daf4d08d9bf883377f403fa8c92865d0d821fae45934e
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 35f1e9cf655ecdbf5f554c09e6ff6277
+Nonce = ff90f6a1db94ed11
+PersonalizationString = 5edf950b45fb653d5a39668f59e2be17
+** INSTANTIATE:
+	V = a12d705d185e138d8d538372746d6410f217bf202ae452735ce443ca076832f32931078e47832bab71bbd581d315c48130ea6e41441106
+	C = aa66f2ed2acedf922ad0af6d3feb238ef76ee5eda39374f25e23090d126d65f1532cfa60c34ebc708325318edbfebb4b05b833a1634314
+	reseed counter = 1
+EntropyInputReseed = 4cc1e7b6912f48ba85a9a964d49696c0
+AdditionalInputReseed = 
+** RESEED:
+	V = fe7b56e39488f6074b4fd7dd72b57c09f0e02f20798499f4dc86bd2984eb89eeaa03e479c90388b734c275bfbf8d709d0f3f9d1258eb56
+	C = 59ce5692d77de2265be91a06a9846779479ead989f0bbe0cafe5b09202f22b116e776e23817da0955e57575087e3db68f82fa05af55052
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5849ad766c06d82da738f1e41c39e383387edcb9189058018c6c6dbb87ddb500187b52d5ba72630168f8d83ba09b10a86aa7906530e707
+	C = 59ce5692d77de2265be91a06a9846779479ead989f0bbe0cafe5b09202f22b116e776e23817da0955e57575087e3db68f82fa05af55052
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8cd1f3644981ae310f226f9dcf0d05f8a6488fafd0af96bb43f857e8050ba12b87b8e9e6fdee7023e4bd2b5c2bfd69fbcc04e9b1518d9efe1f1c303f3bbe3413d2f3695dddd32af0c61e398179178eec
+** GENERATE (SECOND CALL):
+	V = b21804094384ba5403220beac5be4afc801d8a51b79c160e3c521e4d8acfe01186f2c105b0ffe56cd4b423a8ea42bb9696fc47f4acd4b1
+	C = 59ce5692d77de2265be91a06a9846779479ead989f0bbe0cafe5b09202f22b116e776e23817da0955e57575087e3db68f82fa05af55052
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e5182ff930f1838e5719481e474b09bb
+Nonce = 410870379fe115c1
+PersonalizationString = 384882329e318ac45359afff57e67169
+** INSTANTIATE:
+	V = eef97e14c2ec69a9376e7e47b04bc19e216977cb1ab80494b43bbb6ea738371705615351a8bc2f8e7da0b58aba41b9460e5d420e4fb53a
+	C = a1887d693aeb5ece4e568891417cc3a5eeffd7ad7a15efd1f40f0ea5cf27274ba8e4a7064f3d6b3d73f047675b49f8064d03c482d951b6
+	reseed counter = 1
+EntropyInputReseed = 8c107528c286bc996734beddddfec1a3
+AdditionalInputReseed = 
+** RESEED:
+	V = aa48137a1af7cbf19766df0dd971404c6de2447ee536e30d1b0ff2dcf7ae0a13dabe278701127a66cfb81eac2f15e24503733d49267b4a
+	C = 8c3aba43308348c75db2a9ec2460370bbf18277664a57af71eafd1c02ebf301fccff2cf45dee346c4d26963aabd613bd49b061b7c6df7b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3682cdbd4b7b14b8f51988f9fdd177582cfa6bf549dc5e0439bfc49d266d3a33a7bd554239ec6558b8821be15712035e4ac2003daaa043
+	C = 8c3aba43308348c75db2a9ec2460370bbf18277664a57af71eafd1c02ebf301fccff2cf45dee346c4d26963aabd613bd49b061b7c6df7b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 41374aaea5a4e96bb6f61cf586ce20f342d44176a75ee382733a461da9e8c5777f624184db06842ebfb100177c096027a5499059f34c9ec6ccf4b15322e837e8ce42fcade4c24d3a5a844541ad3dd092
+** GENERATE (SECOND CALL):
+	V = c2bd88007bfe5d8052cc32e62231ae63ec12936bae81d8fb586f965d552c6a5374bc82e725dafd44d1b21f69239922581f8e09a43f322a
+	C = 8c3aba43308348c75db2a9ec2460370bbf18277664a57af71eafd1c02ebf301fccff2cf45dee346c4d26963aabd613bd49b061b7c6df7b
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 3f14904418bffc31cc082f72d711c88a
+Nonce = 3fe000daa9bd716d
+PersonalizationString = 8970e4c308fce92e080a537d776a35f7
+** INSTANTIATE:
+	V = 6bb386b5036446efad796b5741181f615ac7cc1bbd3d879c6fa3ca6f6c6951081e04551df4ccc6189c9b62a4ea8d916e5b704a08320733
+	C = 54af7797fb8082292d674d74c0b834e806bca21eab9107fd12ba4a7fe49fbf9fb5f572b7a6146a02e53a73593dbb9b6e861fa2e788a778
+	reseed counter = 1
+EntropyInputReseed = 0d94959447193ea5d2df6a387cd68d28
+AdditionalInputReseed = 
+** RESEED:
+	V = d654625642f2aeb111db448639d029a58bd366a5c4eb6701556f73833d8bbb01f665a00427e58ae7837df04041a147930fe80e75807753
+	C = 1505dff5bf81aadb6ad5566e5b1cea751363b69418708a033f59d57132e2048c03a5f112eb467bf260881752feae966da1e4cb6c2ffde4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = eb5a424c0274598c7cb09af494ed141a9f371d39dd5bf10494c948f4706dbf8dfa0b92162f79fab3cb057c7ec836300af262d3e39411ba
+	C = 1505dff5bf81aadb6ad5566e5b1cea751363b69418708a033f59d57132e2048c03a5f112eb467bf260881752feae966da1e4cb6c2ffde4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 73efb49cbdb2a822caa154477e01e1f9b363e6029cbd85afccad5ff5eec26fabe6e0f52493d32371faa6e919afed5e9ab493517d715d6a88ae8d697db9905071f00400f44f8c2a4dc1b12793f8d20f08
+** GENERATE (SECOND CALL):
+	V = 00602241c1f60467e785f162f009fe8fb29ad3cdf5cc7b07d4231e65a34fc419fdb18374cda16136c4afe84d8ce0c336d8ee00a91676ca
+	C = 1505dff5bf81aadb6ad5566e5b1cea751363b69418708a033f59d57132e2048c03a5f112eb467bf260881752feae966da1e4cb6c2ffde4
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 34ebb9e909be8023244749546b7e2ab8
+Nonce = d29204fbbca38440
+PersonalizationString = 0af2c08ace9e7c17b7f3b2949a8c3be8
+** INSTANTIATE:
+	V = eaeb9d4989e04e4624263d9a5fc8966e2fe79284d0775f055ec231757fcb17a2012c23576941eb5b50c174f58fa0331ae369f827efcd17
+	C = 646cedeadb7a26f25a6ac8a1c4334d18691488808352e60f24939cdd2eceeaf445a6479e999bb3b2d5ba5f1be4e00187d73497010e31d4
+	reseed counter = 1
+EntropyInputReseed = 5c11ac5a47f9292b2ed51f40489b9c96
+AdditionalInputReseed = 
+** RESEED:
+	V = 7ca2460fd345572fdab62e31620593524b4a0adf70723839fec07b215ac4e3372b109c822f2ad68ee04dcfc739993a4fb6765e4314d79b
+	C = 566f6056762882ac2a6000a9b07aee76d7d241788c3be43ab4af2c67478fa43b81662910f52b3fe4161f18b4103609b5ebc8dc5b43154a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d311a666496dd9dc05162edb128081c9231c4c57fcae1c74b36fa788a2548772ac76c5d919ee83bec3c99ddbaa6fd4e1c5612a0df506d4
+	C = 566f6056762882ac2a6000a9b07aee76d7d241788c3be43ab4af2c67478fa43b81662910f52b3fe4161f18b4103609b5ebc8dc5b43154a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1eec7fff06306acf38836a2ac4c3efc85a9cf44200653be96dd43c94424a77e7f64842100f8291ed312e4dd21397de4fdd592f1070069ceaad507c9c5b716a97fc68e734d192934ea4a9cdc15a4d362a
+** GENERATE (SECOND CALL):
+	V = 298106bcbf965c882f762f84c2fb703ffaee8dd088ea00af681ed3efe9e42bae2ddcefe7fcebe153094830fb52b0f771d254916fab41a0
+	C = 566f6056762882ac2a6000a9b07aee76d7d241788c3be43ab4af2c67478fa43b81662910f52b3fe4161f18b4103609b5ebc8dc5b43154a
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 48a1a97ccc49d7ccf6e378a2f16b0fcd
+Nonce = b091d2ec12a839fe
+PersonalizationString = 3dc16c1add9cac4ebbb0b889e43b9e12
+** INSTANTIATE:
+	V = 6080cbec71943ad4c293c9b737b28847e4a643d152898fbe2a43fc3fe223b1a49d61747f1bb44c7f382f11443aadf82e5b765a827f8629
+	C = e234e54d9acdf58f1086c7442151aa629a56494c2782b4fe46b60d159b058417cb5ebf9b7cf287299e32ba8730b74b9a33e359523f1a96
+	reseed counter = 1
+EntropyInputReseed = ba5da6791237243fea6050f5b99ecdf5
+AdditionalInputReseed = d123e38e4c97e82994a9717ac6f17c08
+** RESEED:
+	V = 6ac3b70773aa9cfb1bfb27d16e4e2b6ccb3c73dfcc732ef8472a09558916cf047ea0756f8014f4fa8acff8abb50306ec747cd3457021b8
+	C = 831c9876e6fbf21e61948ea6fa02b667f1f14171148f95e5df0f576e9a19e3bab0e5710178adeff97055506d9b3ce70e7e7ec51b8d2ddb
+	reseed counter = 1
+AdditionalInput = 800bed9729cfade6680dfe53ba0c1e28
+** GENERATE (FIRST CALL):
+	V = ede04f7e5aa68f197d8fb6786850e1d4bd2db550e102c4de263960c42330b2bf2f85e729cd30dff50c4c41d77f7131b8bcedb8e5ea9663
+	C = 831c9876e6fbf21e61948ea6fa02b667f1f14171148f95e5df0f576e9a19e3bab0e5710178adeff97055506d9b3ce70e7e7ec51b8d2ddb
+	reseed counter = 2
+AdditionalInput = 251e66b9e385ac1c17fb771b5dc76cf2
+ReturnedBits = a1b2ee86a0f1dab79383133a62279908953a1c9a987760121119cc78b8512bd537a19db973ca397add9233786d5d41fffae98059048521e25284bc6fdb97f34e6a127acd410f50682846be569e9a6bc8
+** GENERATE (SECOND CALL):
+	V = 70fce7f541a28137df24451f6253983caf1ef6c1f5925ac40548b832bd4a9679e06b599177335777392ba52b092428f0a2aac1262d56fe
+	C = 831c9876e6fbf21e61948ea6fa02b667f1f14171148f95e5df0f576e9a19e3bab0e5710178adeff97055506d9b3ce70e7e7ec51b8d2ddb
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 3bcba83b6dfb067980efc31ed29e6857
+Nonce = 23fe209fac7045de
+PersonalizationString = f225f4d96b9cab491eab1814b25e78ef
+** INSTANTIATE:
+	V = 57dcd8b24b086e3b0fb2305c654d84987a87270e11f1ba0f6b80156575fc984cffa37ea3cb6f4f2c20c376ab47c210c2ecc4e42907978e
+	C = 6ea9b0fdb254943fe1bb7e094baf195a3e918989a36e44b8411dbb5825059b5908232e28801dcd415ebf8f4adae9f09a8814d191d6ffa6
+	reseed counter = 1
+EntropyInputReseed = 2fc9874919cb524a5bacf0cd964ef86e
+AdditionalInputReseed = 575b9a11327aab8908fe46119aed145d
+** RESEED:
+	V = 6ea3f344f89ce1c01b7174743ec5b53cc9627c97222d9ea7572d462950ce50c6642222803fa28614437cf88f4e302a1f2f32f1dc78cc33
+	C = 7c1c1903bad9b2b093a20a1f52dbd13d22e137e229a99875137d3d2bd2a1d0eb111572701301ac6935565e55940e170e76e3938ea0d93a
+	reseed counter = 1
+AdditionalInput = 5d19cdedb7e344668e114296a038b17f
+** GENERATE (FIRST CALL):
+	V = eac00c48b3769470af137e9391a18679ec43b4794bd7371c6aaa8355237021b1753795ee1399edba7779278183065c1d32d5805c4f938d
+	C = 7c1c1903bad9b2b093a20a1f52dbd13d22e137e229a99875137d3d2bd2a1d0eb111572701301ac6935565e55940e170e76e3938ea0d93a
+	reseed counter = 2
+AdditionalInput = 2bafa015eddd5c7632753435d13772fb
+ReturnedBits = 1d12eb6d4260bdfba799b853cc6f19b164fe2f55baa21c89d4d0e9b4bad4e5f8c5300641bac43d2b739127e931c0555511e8b657020dce90ac31b90031c1d44fe7123bcc85162f128fb2df844ef706be
+** GENERATE (SECOND CALL):
+	V = 66dc254c6e50472142b588b2e47d57b70f24ec5b7580cf917e27c080f611f29c864d093664430cde5664eef35934c5eb2fe9a1699deea6
+	C = 7c1c1903bad9b2b093a20a1f52dbd13d22e137e229a99875137d3d2bd2a1d0eb111572701301ac6935565e55940e170e76e3938ea0d93a
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 0d16babc319f53671847859f7d721468
+Nonce = 25c706a261654e7b
+PersonalizationString = 9d89dca150815354a64320d768d6b163
+** INSTANTIATE:
+	V = cf3b2266051b62a53dde18e245dffc3bbf45238ea880e8364ebbc393d07458ad84cae0071a88c1e5b2441d52fc1e2d9558037cf47fdcf3
+	C = 1f0312f061514550ddebd60331ab74abbe4a5b80fe41442bd8ed08d45905423327ef2ce9e656c7adc8ce17ce326e157c15344597f38742
+	reseed counter = 1
+EntropyInputReseed = c4623d5f1be33b194e5d1b1d603ce113
+AdditionalInputReseed = da842e6a479d1345ad803dbeb2745850
+** RESEED:
+	V = e3ab757c4995253c8f80199a0442b97195ea3d3417bf6f4adc9ca1c838695853cb7659bafe7fcba82ec9dba219340811a61b5722068096
+	C = db8e79de7e9089adcbd7103eda8fb2510eb4b3fa8194e47c1cdd90b856d8bd26f2561f86326cfb8388feb19c94085aa30fd22011ba1990
+	reseed counter = 1
+AdditionalInput = 5b21701b3a8931503d2917127c07c68e
+** GENERATE (FIRST CALL):
+	V = bf39ef5ac825aeea5b5729d8ded26bc2a49ef12e995453c6f97a32808f42157abdcc7ac63d74a8fda3883f3840e293346e369e679b023f
+	C = db8e79de7e9089adcbd7103eda8fb2510eb4b3fa8194e47c1cdd90b856d8bd26f2561f86326cfb8388feb19c94085aa30fd22011ba1990
+	reseed counter = 2
+AdditionalInput = 4ef2a334acbdda3e769036716e510320
+ReturnedBits = 2346ce4c8437869cca88014af4108b6df88018e9c9b8f969fd96ecf267f926fb9fb4f1a6f45bfaae356990f66d0b76dfb402693ed603b3733aabee6c46aa720b0b9c42985efbd635ac9cbe75138b4c28
+** GENERATE (SECOND CALL):
+	V = 9ac8693946b63898272e3a17b9621e13b353a5291ae938431657c338e61ad2a1b0229b02658b9396e90b9096f0ac6a840ffc80d151418b
+	C = db8e79de7e9089adcbd7103eda8fb2510eb4b3fa8194e47c1cdd90b856d8bd26f2561f86326cfb8388feb19c94085aa30fd22011ba1990
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = eff39bac144eacb67651808aa4d70f0a
+Nonce = 1843b75b19094983
+PersonalizationString = d06aade2fdd295a742d9ede544ada966
+** INSTANTIATE:
+	V = 3a004872d4a4eb21cd6abde6b284cff9b1392dd34e02f395b0b7e0ef6d86c04b18d6522b7dacdbc5240f98d8a4f5a4a8ee462ba5b6ef76
+	C = a0e09a09c7499e86a0038bfac778bc1899427a2811a51f64124aa8b68a2652a48371257893d50c2e24b50193a74335516e6fe107a6ddfe
+	reseed counter = 1
+EntropyInputReseed = 04144df3cd4bf9d87585b53f968a5b03
+AdditionalInputReseed = 4b524b39c7427eb67dff81b91aff6470
+** RESEED:
+	V = f83e3854b9257074959cf10f9c1f0aa2d289ae996f914344ce9b8dbcb9409347534e8ad56c2c816fb2a888e72a94c2cfc8b88670822ba3
+	C = 6aef50df74b95c0995420731d4942f6725577ffe2ef498205274ae4bf9138d213d98fa6aad74305dc2a744297c33b8ec6306c626d99e8c
+	reseed counter = 1
+AdditionalInput = f510fac434d5ce28463705783bcc599e
+** GENERATE (FIRST CALL):
+	V = 632d89342ddecc7e2adef84170b33a09f7e12e979e85db6521103c08b254206890e786658bda07b85f6d7a85674996208963f9ade742ea
+	C = 6aef50df74b95c0995420731d4942f6725577ffe2ef498205274ae4bf9138d213d98fa6aad74305dc2a744297c33b8ec6306c626d99e8c
+	reseed counter = 2
+AdditionalInput = 7463af9fff985c0dd756b9b4858d78ce
+ReturnedBits = 6e226d24c9899880ab4808e24b9edc84dd57dc3ca05edf68eeac2fa079380f875f8ce450c7a4e973747dd4e96244b18b819710f0b0ecfda2c490e075e1976e6119eecaf3ef1ca581d6fabd100ee3e0d6
+** GENERATE (SECOND CALL):
+	V = ce1cda13a2982887c020ff73454769711d38ae95cd7a73857384ea54ab67ad89ce8082908bbcd56e76ecd642956b9ad97064d00d42c9df
+	C = 6aef50df74b95c0995420731d4942f6725577ffe2ef498205274ae4bf9138d213d98fa6aad74305dc2a744297c33b8ec6306c626d99e8c
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = b716c9edcaef5d4c3655318e15c0e438
+Nonce = 214d8a6009030886
+PersonalizationString = ed7934acfa5458006ecc2914b28a94d6
+** INSTANTIATE:
+	V = 98fc280981edfdbb48d213f0e9257c50b88ad9842af14bd5679d920f3e7a7f829ccac6a7c07229b2eabbabd62a6e673caa96a21564d041
+	C = fe92b200b922ad511bd60dc5a1345a35faba48de0f38d66470d96193d53441288d8070e80fdca1c9ebc8df574bde896a76020a1c2387f7
+	reseed counter = 1
+EntropyInputReseed = c1324cc2507c39ee57fa0abc7f0987ae
+AdditionalInputReseed = 7aef8715891d916a3c4bd9c222c55cc6
+** RESEED:
+	V = 37b9cb1ca4bde28b8c5bdd2f10776c5f93345647672659f59a6cd275fccb82b6235d20c3303704b1af2789bf2d6472b3b887844ac14cc2
+	C = f66722059ae2f9ac212c85cfc06c005c9414a54069ca127a28de2c87a129f7f4d4c2915833d2e00be73bf45fe037632eccfb264806173b
+	reseed counter = 1
+AdditionalInput = 1199553d3479ddb1cdad5ebfb429715f
+** GENERATE (FIRST CALL):
+	V = 2e20ed223fa0dc37ad8862fed0e36cbc2748fb87d0f06c6fc34afefd9df57aaaf81fb37cef77c864887479b890cf49fd408f51e99562f8
+	C = f66722059ae2f9ac212c85cfc06c005c9414a54069ca127a28de2c87a129f7f4d4c2915833d2e00be73bf45fe037632eccfb264806173b
+	reseed counter = 2
+AdditionalInput = 518d768c48dc38824a8496bfccc0fca9
+ReturnedBits = 7c3fd1d804b28b569bdf62e61b3a29b9742d006df3aea275e3c4304b4976b1fce279a891e114b9c068cd50591617fb52bb673d7361f8e0e6af5c3594c5954097afa9547a7923f0e49962eb236f16260e
+** GENERATE (SECOND CALL):
+	V = 24880f27da83d5e3ceb4e8ce914f6d18bb5da0c83aba7ee9ec292b853f1f729fcce2453c4b49882acdd1cf01d68732cb3719ea7b181cea
+	C = f66722059ae2f9ac212c85cfc06c005c9414a54069ca127a28de2c87a129f7f4d4c2915833d2e00be73bf45fe037632eccfb264806173b
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 2937ef18613aebcc8776d63b6e85bdbd
+Nonce = 3d1cbe4422e814d4
+PersonalizationString = 7d0e5826d928f8d3d0908b3e6c8b4705
+** INSTANTIATE:
+	V = 3f6c32726c215f97592e169747902398a7abc50214c0b96b14030619f0c86744fdd1318029a9fdc68563a848211e060f482b807ea51255
+	C = d95853a6087326e9a50718ace246d18e2dc5bc9068c8849d43ad26ad3ee3690ec8ecb2427b254b920928504f3624b37be711752a85413b
+	reseed counter = 1
+EntropyInputReseed = a75fe0d78511af38fcaccd3bbe8c6136
+AdditionalInputReseed = dab76d6b894632983d3e199ef3cda768
+** RESEED:
+	V = f2f8537b088191b9f8638ef5ab6703941ea17a3c04a705d12a88a5e6e5dd1627f350d5063de2518c1b31d39bc976b38cde90e0e99bc2f5
+	C = 2e4b97d77558ebdc7ef436c104080c3e0c67a01540e4f0f97b3580f147fd0909d77ccad8410222f0884181845526bb7e0054e6e1ce4d1e
+	reseed counter = 1
+AdditionalInput = 72d6d65bf135a906e8c2feed1db54aa2
+** GENERATE (FIRST CALL):
+	V = 2143eb527dda7d967757c5b6af6f0fd22b091a51458bf6caa5be26d82dda1f31cacda0db89db72309ffa60452c467273c4c1d5e4bcf91f
+	C = 2e4b97d77558ebdc7ef436c104080c3e0c67a01540e4f0f97b3580f147fd0909d77ccad8410222f0884181845526bb7e0054e6e1ce4d1e
+	reseed counter = 2
+AdditionalInput = 90dfe589a1feefa29bd54499d9935c7e
+ReturnedBits = ef32e13210528dcd04b78151060bb52a053913d0cc6022f778e5a693ef2603b85c57b4197cf12cd4be2005c6857573e4990242960fd7ade21a91a8408c750c5ed77f6aabe735b178b2984fb9ec149cfe
+** GENERATE (SECOND CALL):
+	V = 4f8f8329f3336972f64bfc77b3771c103770ba668670e7c420f3a7c975d7283ba24a6d8265645d02512b194d9b0a52c559ea613c1a9e90
+	C = 2e4b97d77558ebdc7ef436c104080c3e0c67a01540e4f0f97b3580f147fd0909d77ccad8410222f0884181845526bb7e0054e6e1ce4d1e
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c3b1bcaca9e8266e779c4cc9bba8704e
+Nonce = a61a5fcf2951f138
+PersonalizationString = 47bb102586c9a0ac82716194b02002a9
+** INSTANTIATE:
+	V = edaf44b3a1a453a82ee1675dafc36b31fcb9aa279f28704a5e99e267f495dd1ec5eb1d35cca81fb6fb417822d37a1dea349840bb49e0f3
+	C = b06f2e6a1d60105816aa402095326f5277283ea924e7f02d62a275d0ce7533ae5f940f8266bd3c6bf444cfe466c44b03e571079d6f7e21
+	reseed counter = 1
+EntropyInputReseed = ec0ae223447fe2dc9d7c094fdac5dd3d
+AdditionalInputReseed = eb8cadae3f0138a55a38440fd44859cb
+** RESEED:
+	V = e30d67f9440ba53a515b7d6a18c9df7ac8886addf851b0d8fa26026a8c61dffc3638819b11efc4dbfd31b2d39503bd3c82f382d8e4c4b7
+	C = a6b19cdb15c95e5da3e57a276aab2a701c5519bea407f192ba133c412e6ba898800166fc72f9800c8950d6e184b167bfc68adc16d8e01b
+	reseed counter = 1
+AdditionalInput = 25e0784c20affc55bafbdc2217d92190
+** GENERATE (FIRST CALL):
+	V = 89bf04d459d50397f540f791837509eae4dd849c9c59a26bb4393eabbacd8894b639e90a8c6f07b47a56851757f0e4469c56bbcbe63773
+	C = a6b19cdb15c95e5da3e57a276aab2a701c5519bea407f192ba133c412e6ba898800166fc72f9800c8950d6e184b167bfc68adc16d8e01b
+	reseed counter = 2
+AdditionalInput = e765c07a5018aaeb6d435ee705399f77
+ReturnedBits = a64812d698d599f8107582ef8c768dc0bd0e30a9d1c2b31836f618b454eb373541a49297a2a3200a0d15cebdae45a89f39352588d636470b27ad812197c23a298578ac13ae3520b53b9ac007cc08e7f9
+** GENERATE (SECOND CALL):
+	V = 3070a1af6f9e61f5992671b8ee20345b01329e5b406193fe6e4c7aece939312d363b50f8502df1d714fb33cdeb614cd4d610f58581919e
+	C = a6b19cdb15c95e5da3e57a276aab2a701c5519bea407f192ba133c412e6ba898800166fc72f9800c8950d6e184b167bfc68adc16d8e01b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 686cb77c71069c6f8b22ef07522a4d49
+Nonce = 9efb2513429b7570
+PersonalizationString = a1a2020f8ea3866df840bf25f18597e2
+** INSTANTIATE:
+	V = 909fce71b85faacc3182c6123d3da36d172b4ad3030c73339c0878c4b0d621efe6e70f827c22476ee4c40d2ed59ffaf351a20f2f2dc5a8
+	C = 4aa3fb39ce6cb2e47497c1d31ec4d535b41af94c7259ab06bc21f7136db64521fabc9daa86ff59dc93964d13382992c4719456e0bc4332
+	reseed counter = 1
+EntropyInputReseed = b95fc39f84f5293b0189c5d1b0f52b42
+AdditionalInputReseed = 0423bdfc38805669bc1a5c5f7e65d33b
+** RESEED:
+	V = bccdd5996dea91dfb453c3532a5d0aa1f2e09a8471a9f6c85b2e93c5a488a0bea1120f0e6875374f8e02249ff6bb0a651b67cc6d949fb6
+	C = bb6af953a72dff29870a904abb8b240ba5bc9530d6f4a66301b5d929fdd22acc18ee304346101b28cdd7e8ea117363d077ca80720343fc
+	reseed counter = 1
+AdditionalInput = 639986a4412961e814efe8c83dd4f4c4
+** GENERATE (FIRST CALL):
+	V = 7838ceed151891093b5e539de5e82ead989d2fb5489e9d2b5ce46cefa25acb8aba00409420f80cddb16b1a08eb7729ec97ca997de1da7c
+	C = bb6af953a72dff29870a904abb8b240ba5bc9530d6f4a66301b5d929fdd22acc18ee304346101b28cdd7e8ea117363d077ca80720343fc
+	reseed counter = 2
+AdditionalInput = de0ac3dde3365bffa68996ab76baa02d
+ReturnedBits = 66e6fe5790afee0fe513e0c32fc9e189a97090f24364abf7cfbd928077453590baaaf930bf2f457ac3acb4cae87bd2cea8d90e95db09a1007f227f396602543d18916832ac77cdf8fc6c2907451966ee
+** GENERATE (SECOND CALL):
+	V = 33a3c840bc469032c268e3e8a17352b93e59c4e61f93438e5e9a4619a02cf656d2ee720d27ba535694d69aed16ea9b5afd96828c0cca4c
+	C = bb6af953a72dff29870a904abb8b240ba5bc9530d6f4a66301b5d929fdd22acc18ee304346101b28cdd7e8ea117363d077ca80720343fc
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 4a089b520369ef86e98f8cdd584c9d83
+Nonce = 5c7d1d02717b29a2
+PersonalizationString = fd7bcc0a1e813e0089cbe86fc519d1ac
+** INSTANTIATE:
+	V = 802c961da15360265259c3861cfdf6ea68dc880658920a910cde4c5b940658cab6d3ea9323604b17c21e41d027b2b6e5f3d6e2ad41d36f
+	C = d51c39e9d9c08efcd25627939260b85dab838f54830c49f71343ae451f58527b1ac652dab3672b984214e203def5c591b23ff223e59872
+	reseed counter = 1
+EntropyInputReseed = c6079d8225eb5d0fc95e30e00efd6e05
+AdditionalInputReseed = d2710a02f6e96d4fc94cd46a661447a7
+** RESEED:
+	V = 25025f0a64a1252afc0d0ed9c3d397da6bee44a50f632f0ec25335d3beeb19b3413369089eb1100e99db48638d1653c7afff14d6746246
+	C = 2072751c72b23d3618ea023e2aa713d141dd0bf702e8d50c6cce98d98be495c3d2d661e31a218ca440c0f0fc52c205a4e020df6daf0f42
+	reseed counter = 1
+AdditionalInput = d94ed0ba327c2b85f0331c2346704be6
+** GENERATE (FIRST CALL):
+	V = 4574d426d753626114f71117ee7aababadcb509c124c041b2f21cead4acfaf771409ccae2a0a048997f5654326e60de56d8050137e268c
+	C = 2072751c72b23d3618ea023e2aa713d141dd0bf702e8d50c6cce98d98be495c3d2d661e31a218ca440c0f0fc52c205a4e020df6daf0f42
+	reseed counter = 2
+AdditionalInput = bce59487fa8231766d1f3ad0c6ebea0d
+ReturnedBits = 2828b454a9fe4f1995bac7f2cc4cc6d622a4c159e8c9757c08d9fc8233cb4980f1522ff3808d50be0c9c28d18c16d15a377c3bcf9c91428696b996906a82cacc8e518309f622fdba14633a5c916727d7
+** GENERATE (SECOND CALL):
+	V = 65e749434a059f972de113561921bf7cefa85c931534d9279bf06786d6b4453ae6e02f12c333e855acf073ec4fd12d00c0f206f3469d7b
+	C = 2072751c72b23d3618ea023e2aa713d141dd0bf702e8d50c6cce98d98be495c3d2d661e31a218ca440c0f0fc52c205a4e020df6daf0f42
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 7fbc0453aac2a829d24d3383da7dac06
+Nonce = 6a925acc818a4356
+PersonalizationString = adceff1abcfbaf053a178b51110c0eec
+** INSTANTIATE:
+	V = f64c2a1abb034979b2c94c2dd269513a6e853bda2a516c8cc0d704fa553e143f5ea733bdc12d1d08a6d3a574e92835585dad32590b8c67
+	C = 4389378d6c7e5b16fc8224287c41e29213a044219c0ad7e0b13d1c3c1c175fe112b78f3325a52041ba19ed5e7ae825f9a6f87f7762d2b3
+	reseed counter = 1
+EntropyInputReseed = 908f50885ba7705713efef3e63efc2fd
+AdditionalInputReseed = eb2738d13b1f0c42001421ce9ba53a7a
+** RESEED:
+	V = 06e5e0e697462110e579f5395d84cb39dd8dc74ace0345757f060957985c93c4a6ce1b8b22b17b4f6601894bde33b6c77f97989ad0042a
+	C = 42477541497504b89d1a519d532080fbe07cf71e65bd151f8372d372915ac584d2331cf685a53f239deef4741a8a49eb95df2b979a95e7
+	reseed counter = 1
+AdditionalInput = 133463768bc1d1fd647a27b93241ea29
+** GENERATE (FIRST CALL):
+	V = 492d5627e0bb25c9829446d6b0a54c35be0abe6933c05a950278dcca29b759497901396b32ea607b88632331d0ede126be03857b97eb62
+	C = 42477541497504b89d1a519d532080fbe07cf71e65bd151f8372d372915ac584d2331cf685a53f239deef4741a8a49eb95df2b979a95e7
+	reseed counter = 2
+AdditionalInput = aa6a3ae3a35d2749cb524ac1a1316c12
+ReturnedBits = 2453f24a34044bb687dff8045c746816009e4a84ff69e5687e7d7de6734019910329ed5c6aa0ae156a547a2230b47f09477e078e5bd7f72f4e787f22770c676acf9d1c616153db3ce03961cecb8fb1ab
+** GENERATE (SECOND CALL):
+	V = 8b74cb692a302a821fae987403c5cd319e87b587997d6fb485ebb03cbb121ece4b34578bcbf34c0d1b9a4ef94817cc03cd06db98a9e2cc
+	C = 42477541497504b89d1a519d532080fbe07cf71e65bd151f8372d372915ac584d2331cf685a53f239deef4741a8a49eb95df2b979a95e7
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = f986599e3d8ed91eb1d995514878baa5
+Nonce = e77e66897661aca4
+PersonalizationString = 6827d96019ffde63f43fd65a49c7989e
+** INSTANTIATE:
+	V = cf398697e48837d4390b2c256e19a751cb63d15d5258745ce8bca4189b5315d1964b933e5640910b7ef118cdcb4dc473565961f65fa77c
+	C = 47da163a96c095046a955c49250f1d09ac463ba6c93b021fbedb4a3ca9301f029ea131ddaf9b0215eec85fed3ae2a0485813ea44ada8ca
+	reseed counter = 1
+EntropyInputReseed = eeaae13f1fa3709788ae06c21571eb4b
+AdditionalInputReseed = b6b0a458a7fc45592084581a70fe63ba
+** RESEED:
+	V = cacf490cdb552ea76159bcbbe508c9cb1d6c89b2bdc5deeb6a0bf449a18a6115b746591bae01bc0f056cc241ddfbf36c4c30e69dac217d
+	C = adfb86935c1ea03d44dc08a1aeec3919d3b11962094cea200ccb9a84ac5fc28378d2d282cae1048cb5220dfb43f67d9eaea233f21c9bab
+	reseed counter = 1
+AdditionalInput = 21a28fef4bc9aa7a0c1c4418e96047de
+** GENERATE (FIRST CALL):
+	V = 78cacfa03773cee4a635c55d93f502e4f11da314c712c90b76d78ece4dea239930192c81bb8746e43fb8979f7e696aac0b59ede4994547
+	C = adfb86935c1ea03d44dc08a1aeec3919d3b11962094cea200ccb9a84ac5fc28378d2d282cae1048cb5220dfb43f67d9eaea233f21c9bab
+	reseed counter = 2
+AdditionalInput = 10bf7efe99d0f8118f332aff812770b5
+ReturnedBits = bfc374bd3bd3372428839eddf3181c1766e18a54ccb7dc07f700ddab276fbc8045737ae8b40cb325eb5da7245c4f704be8d21bdccab5c799ac512a0c1eb690409730f1461bef47324248b64a80982db1
+** GENERATE (SECOND CALL):
+	V = 26c6563393926f21eb11cdff42e13bfec4cebc76d05fb32b83a32952fa49e61ca8ec00bbed205109bb61f63dfbb1e15747987b789e1476
+	C = adfb86935c1ea03d44dc08a1aeec3919d3b11962094cea200ccb9a84ac5fc28378d2d282cae1048cb5220dfb43f67d9eaea233f21c9bab
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = a3c4c4964e1f1e426aab84b82f619ab0
+Nonce = 003c9cdd7396dc13
+PersonalizationString = 864e63bee6708e2f481ae363b8d1138e
+** INSTANTIATE:
+	V = 6e424621e7a69bfb0c61f5cfef873e111d349381a953db79d1d6c7fce6c2e23173252339d09d1530ccf9c595f445219b6bb64ba6e73551
+	C = 8914821b51fc9ac4b186e4e8cb85b8a7ae5557baae6d5f162c5440632f95260524a40034c09eeaa46a144f9d465698f2c452c1601a9a29
+	reseed counter = 1
+EntropyInputReseed = 3d24d7cfb4ab8faddb5983b7962feb54
+AdditionalInputReseed = d6162b29b6ca174259e36fb8c0ade5ae
+** RESEED:
+	V = 8f4924ad5cbcc24a28fa7bc24957344cf50d175cef68797e88315b4c1a0e89dc43ae5e1d937472a6590ab286e9aa91eb75125b1446efbc
+	C = a6fff377283357c46083eb2028931c3466a999021b772e5c1820537f7bc9ca3fbeb8132956259138c1140a9dd938eed2f8f5cffad79b86
+	reseed counter = 1
+AdditionalInput = 214435e16d3ea149a89627131b3948ba
+** GENERATE (FIRST CALL):
+	V = 3649182484f01a0e897e66e271ea50815bb6b05f0adfa7daa051aecb95d8541c026671da0a65295b4ad00e3712196a4caf33c041d17da7
+	C = a6fff377283357c46083eb2028931c3466a999021b772e5c1820537f7bc9ca3fbeb8132956259138c1140a9dd938eed2f8f5cffad79b86
+	reseed counter = 2
+AdditionalInput = be09a103c7f37a10c6ce734c6c247f19
+ReturnedBits = 19bbe52d744e5aa09593151e076e9bc15ed1a237fe6ae188d54b80468681378d492d8934afdce32d7b135679dcd2556ee54b47f7e0072a1380681fe9694449cdbd73c8cf21aa9a867c1dc6e88dc31e67
+** GENERATE (SECOND CALL):
+	V = dd490b9bad2371d2ea0252029a7d6cb5c26049612656d636b872024b11a21e5bc11e8663ea6facea5f3eaafdf6bcc329bbf32cb710c923
+	C = a6fff377283357c46083eb2028931c3466a999021b772e5c1820537f7bc9ca3fbeb8132956259138c1140a9dd938eed2f8f5cffad79b86
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 7ab72ee4ed68e632d40d797844bd4c5a
+Nonce = ecb510e767a2203b
+PersonalizationString = 25e72500186674253508ee28906203b5
+** INSTANTIATE:
+	V = fa94737edcd3c79a52907142bd8e0f42f050a145f7ca833ac131924f10641d6e0c5dc1bdfad76705b94ddaaaffe85d38f686cdc7477476
+	C = ad376852dfd633040a540cabfb63751d05ca66981b78cac0816015fed3dae883ba2fcd39dd354ba1e236d57efc4e89b47c4e5dc5768858
+	reseed counter = 1
+EntropyInputReseed = d351042b6bad7335569fd84a0a8a5e91
+AdditionalInputReseed = bab2fe328dcddaab18193f57db0d1da9
+** RESEED:
+	V = 0af9399d8f078f959e7cc7e363bb1b447e494cb845925abe1cfa18285bfd03010745c8336124ccccc49d00d417e2d78aa4a34cbe23bcd9
+	C = 13f50e24db7b18dda03213634d0840f4221cb36a9b9e247d0fc2fa68d0fb00c23cbb12de8470773f7f7fbf55606b4b91dde0ce11673b7e
+	reseed counter = 1
+AdditionalInput = 96177f483ff9c37ff5ba6ba687e4f9ca
+** GENERATE (FIRST CALL):
+	V = 1eee47c26a82a8733eaedb46b0c35c38a0660022e1307f3b2cbd12912cf803c34400db89bc29aff2269d9288b2aec941f9733774a5d84d
+	C = 13f50e24db7b18dda03213634d0840f4221cb36a9b9e247d0fc2fa68d0fb00c23cbb12de8470773f7f7fbf55606b4b91dde0ce11673b7e
+	reseed counter = 2
+AdditionalInput = 51d2469f1c065b8467507bb4ebdba306
+ReturnedBits = 1e40e31510cd08c870f5271aa1c0aa910ae3534d06e8929929136a288c8df36fc9c9f3dc62dd5a4e1113ef06d9b7d93f59ce565c61366e58bd0cbaa9154bbd6dc976bfa33e3d44d02f025be5a42f210a
+** GENERATE (SECOND CALL):
+	V = 32e355e745fdc150dee0eea9fdcb9d2cc282b38d7ccea3b83c800cf9fdf3048580bbef67a7559e100cee89877cc81c2546585f9ff78683
+	C = 13f50e24db7b18dda03213634d0840f4221cb36a9b9e247d0fc2fa68d0fb00c23cbb12de8470773f7f7fbf55606b4b91dde0ce11673b7e
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = f75be7b984d061678ce7b3238291465c
+Nonce = a37d65afbcf7a5af
+PersonalizationString = 45212d23d7c337148cf4b82a4444a6a0
+** INSTANTIATE:
+	V = b124988ba512f2e71e4cbd24ec0348543cba77486e2cda4ca3fd0d710916dfc2978b74c9b5f00aa1b687f2313b1da8ec70fa05c965360f
+	C = 8b98925d953d99cb56fca685749e7c25bd8464cb826186951165067591c2554730f0d1c1ce0a18ef01c326ce8ae5ffbbccb1e7137208f3
+	reseed counter = 1
+EntropyInputReseed = 15b6fc09f0e2fa4a9035df6d3c5b3d38
+AdditionalInputReseed = 22ea4233c6f668cdd72391f3e0cd989b
+** RESEED:
+	V = 4d323bd78f935bcefe1a485443bb4cc3f1b6f7b84e73ba6f812179d2ef5b6698449a974163b37278864c84e1abb6cc98d2484b9984b497
+	C = 37bc6b708165634d29ad782076c98af38b600feede17e9d53d3b5214aeab8eb3c28b7da58c3d1d2d32e9ff9a3032492ee26afafdc4d2ec
+	reseed counter = 1
+AdditionalInput = b05d5665fc2013b90d7ae1918a27a278
+** GENERATE (FIRST CALL):
+	V = 84eea74810f8bf1c27c7c074ba84d7b77d1707a72c8ba444be5ccbe79e06f54c0726157638ed974b5950072d4241a40d979fa3331d870b
+	C = 37bc6b708165634d29ad782076c98af38b600feede17e9d53d3b5214aeab8eb3c28b7da58c3d1d2d32e9ff9a3032492ee26afafdc4d2ec
+	reseed counter = 2
+AdditionalInput = 6c22a9dda9966f1605d6a77dee587cbf
+ReturnedBits = 5f731f8dd7c23d4e058f77cea62f796afb706fb617d88caf25df3768e8e686e63dcaa9e8e415b559f34fea783d87b39170411e3ba979bcf0d00f54826d0d5fa4d3761dbde46074b6adc3d32cc2161258
+** GENERATE (SECOND CALL):
+	V = bcab12b8925e226951753895314e62ab087717960aa38e19fb981dfc4cb283ffc9b1944c557371b4983e28dfbba71ae3456d333ff6cd7f
+	C = 37bc6b708165634d29ad782076c98af38b600feede17e9d53d3b5214aeab8eb3c28b7da58c3d1d2d32e9ff9a3032492ee26afafdc4d2ec
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3225bd1b4249cdf171bb515c1ab02e4f
+Nonce = d169bf16e1c7485e
+PersonalizationString = 31feee1693c8da64d82ab510f74b098d
+** INSTANTIATE:
+	V = 90a211da2b77dccf12e8dc8cba8cfb7367d2c92e5f02e6993ceb67937be345aeacd4b6c9228efb86479703bbb8dd7ad351da73dca41cfa
+	C = 49640c0e72814aa5962189bd8c161e78ce7d66fa226f04a2c0a157031c1064da8b3b9ac245eaa5dccdb83307df804a6261daf8c3f7a92f
+	reseed counter = 1
+EntropyInputReseed = 57432da8af79008087af484cd8e48878
+AdditionalInputReseed = 10d435b4dbe701e9063bfe9353cdd2bc
+** RESEED:
+	V = 239f6271a6ee1ee3371435fdd537066bac6c818f13253b3038a9c8e1c1c5f89e3bf6355212f294b811dd558cc02247a073ee241e466d58
+	C = f5af3fa72a6e1690a227036825a403264d40a2d4c5d257c4a67ef39252842a1a08c917e945797793585d3cc1fe8bf8f4ccc048255f9bca
+	reseed counter = 1
+AdditionalInput = 08b8dcc89827db52d49183a4a1e3638e
+** GENERATE (FIRST CALL):
+	V = 194ea218d15c3573d93b3965fadb0991f9ad2463d8f792f4df28bc74144a22b844bf4e1a2a86bfe9ca2c6d51d73fa0db6fad0809e106d8
+	C = f5af3fa72a6e1690a227036825a403264d40a2d4c5d257c4a67ef39252842a1a08c917e945797793585d3cc1fe8bf8f4ccc048255f9bca
+	reseed counter = 2
+AdditionalInput = a21ab665b35ec79a50d0edabe8b7809c
+ReturnedBits = 58b343da82489dd586329dc8c8d54abe7376f9642174ee7147e89769e9b3573c100770531c484ff86372ebe1985565e57e351308999ab8f3f186b3286f38578b54a7c08a12684969fcd3b24fe05c57ae
+** GENERATE (SECOND CALL):
+	V = 0efde1bffbca4c047b623cce207f0cb846edc7389ec9eab985a7b00666ce4cd24d886746ec7b013172b0fb16da7ce7436002d90766bc8a
+	C = f5af3fa72a6e1690a227036825a403264d40a2d4c5d257c4a67ef39252842a1a08c917e945797793585d3cc1fe8bf8f4ccc048255f9bca
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 4cae82dd4124d4a441b31ac9a9663a63
+Nonce = 409366c5091af7f5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 02c258dd70c20f9ab328458e0a6d45207bd319ec4dc2f9219e01dbb773c0c597e0614b54f62f685368062656fdc6ad24f89596324f7cab
+	C = ad0ec54bb07b89429491de7f6ecbfe0af0d9d345d2f7d5de3e99260a0418824f039a964ca870d8058ce825f1cf7cb28d7c5ad6de42a70d
+	reseed counter = 1
+EntropyInputReseed = 0973dec18cc56346ca1ec25a232cbba1
+AdditionalInputReseed = 
+** RESEED:
+	V = 23cabf27b6feef2ddf460de0c58c7a336f7c7f5c035b2184495116046fe7972f3fd040bf9a7842eb714091c1731961f567b775f62f29ff
+	C = a6df705ff5f03589e5ef1f28e48aed0fe9e3e4caad1dee494f67f8774f31909f0f69ff949c9f4f09f0979efd4817fbe68e38486c23a600
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = caaa2f87acef24b7c5352d09aa17674359606426b0790fcd98b90e7bbf1927ce4f3a40761400172d3180fd676ba5728bcea3c6f7d84e25
+	C = a6df705ff5f03589e5ef1f28e48aed0fe9e3e4caad1dee494f67f8774f31909f0f69ff949c9f4f09f0979efd4817fbe68e38486c23a600
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f062896a7204574be3a8f7118a936d9ab32510d7cd7e4aaaa9217106ec9a2aade4465ed6d741829ec501713403e97673954d9fe73dc2e77a711f0f118b47f507dff8bcd0b041f2ef87c68f819bb2e54e
+** GENERATE (SECOND CALL):
+	V = 71899fe7a2df5a41ab244c328ea25453434448f15d96fe16e82106f30e4ab86d5ea440f893c041fdf6b5904e7360b31a6b9e21380666ea
+	C = a6df705ff5f03589e5ef1f28e48aed0fe9e3e4caad1dee494f67f8774f31909f0f69ff949c9f4f09f0979efd4817fbe68e38486c23a600
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = e2e45a23bc2400f0d6a4653e22bab0c9
+Nonce = cd3e9275beeb6477
+PersonalizationString = 
+** INSTANTIATE:
+	V = a17e9830258e8e1b82c0b051786b5cd70bd61744c10e2f2390a3609f952dd5f0368020976f231a7c20435f58f0c8c0f586716055c4bc2a
+	C = b840071da740891913ed6b7f78d5062b65b8b9275f20421be4fae40bbd3897204ff6f771650ce315a891320226e6654fff74504bc908a2
+	reseed counter = 1
+EntropyInputReseed = 84fdab233c4547231d98d2a22601f8d6
+AdditionalInputReseed = 
+** RESEED:
+	V = 5dfa13745d66de83c59ff05b531511391e94eefe78cf954611efd16b3ab16af70137f790419696c6de3c68f793fa6766a4b766ddd64ec6
+	C = 76a4da74704ce0792c659771086c59b5938aff2d75936be46e62027ef22b2b477f7f13896a98057c511f6e6cbbe7d750f6ed9867d6a043
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d49eede8cdb3befcf20587cc5b816aeeb21fee2bee63012a8051d3ea2cdc963e80b70b9d6ab83fc6c8d35f5c7f4ef55bd4bffe7237e530
+	C = 76a4da74704ce0792c659771086c59b5938aff2d75936be46e62027ef22b2b477f7f13896a98057c511f6e6cbbe7d750f6ed9867d6a043
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bd4625f5eae6f8b3fc246ebce913b9aba331251bb518fb0d5c8116b56b6ba90ba3acd523053a0f2bf6911c07765709499e795cd9c46283aecc6eb171e52eb50854f028e3f677f22b80a7d90520de9121
+** GENERATE (SECOND CALL):
+	V = 4b43c85d3e009f761e6b1f3d63edc4a445aaed5963f66d0eeeb3d6691f07c18600361fe2c459b1669afe409b64284ae74defaa12dfd82b
+	C = 76a4da74704ce0792c659771086c59b5938aff2d75936be46e62027ef22b2b477f7f13896a98057c511f6e6cbbe7d750f6ed9867d6a043
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 7e94733572b42b190e09cb66d2c084a1
+Nonce = b8a95d144a0ef306
+PersonalizationString = 
+** INSTANTIATE:
+	V = cd247afa973f1a4c65ab8411c21edc4e98ce779b68a4953088f1b31b9bf27019b971f738af85a02bb4b42a12ae4cb982ee17ce7cb904c6
+	C = 27bc5ce76b0cad877a449a0598290c0beb0fc977a480d74993202ac2a2220e8c347ee5187c993df07fc2f8c6e875eca0ea90fabbd82e03
+	reseed counter = 1
+EntropyInputReseed = e627919a94a6a0ed758c1b40041fca86
+AdditionalInputReseed = 
+** RESEED:
+	V = 9594f25ff66e2fd4904282c20a77722aaa72fdc240a34b6dbbb018c8489f50bbee7145f773f7a5abc003f3e1f754b49dcae8d9539d14d6
+	C = 4a20d239e4bc66632125295ddd3f66018d3fd009a166048c7b963e84149feeecaac077a5bccf90f121a38c9bb2228f0f0d18f2ace354ca
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dfb5c499db2a9637b167ac1fe7b6d82c37b2cdcbe2094ffa3746574c5d3f3fa89931bddb6db740a0fe1e024a214dc9380cd59cc067decd
+	C = 4a20d239e4bc66632125295ddd3f66018d3fd009a166048c7b963e84149feeecaac077a5bccf90f121a38c9bb2228f0f0d18f2ace354ca
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 57657d2859e365dfdd5b6eca33de232ec3d0bb96ab384f7718e3c0cb253de474a556df447204f322fb944ddffc21f07fe3f480e801d65527f05cec6d1bc907e77f44e25465f2c53d0a468eac793a11a8
+** GENERATE (SECOND CALL):
+	V = 29d696d3bfe6fc9ad28cd57dc4f63e2dc4f29dd5836f5486b2dc95d071df2e9543f235e41867f9bf19a3c17102fe96037f5b6168f08399
+	C = 4a20d239e4bc66632125295ddd3f66018d3fd009a166048c7b963e84149feeecaac077a5bccf90f121a38c9bb2228f0f0d18f2ace354ca
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = cf21a25404c9e1eedaa60a66d8c8c4f9
+Nonce = 74d6783781f3e389
+PersonalizationString = 
+** INSTANTIATE:
+	V = c0a49900e94e27f08e38481172972197a54c8a747d42d589b1b70e0ed26f24795795a3c0212b7fcfb80486a00a78899877dd79b2641973
+	C = 0ae31215aed112728aae8ec72d6706cfedea8779674fd803c4d512a9db14b6396c03cafcf4046355b758edebde94d914a37208a0d4da65
+	reseed counter = 1
+EntropyInputReseed = 1bd79fbc7866f13fac7b2115a5d1ef3f
+AdditionalInputReseed = 
+** RESEED:
+	V = f3413dd859cf21ef945ab709b736c3e4c49d0944bd161dbdbc3a0da93e6ad483f232918c22d8bacbfb71457a703f34cfcc8faa009cc31f
+	C = 12762db6b936a8083633e5cbaeaf53ee03e42ced6efebdd5695be42f831c87a78a8d1acbe20d18b8e46bcaa1876d90c1798f512a63a753
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 05b76b8f1305c9f7ca8e9cd565e617d2c88136322c14db932595f1d8c1875c2b7cbfac5b56795180cdf624172eca24c0e4ad264d00288b
+	C = 12762db6b936a8083633e5cbaeaf53ee03e42ced6efebdd5695be42f831c87a78a8d1acbe20d18b8e46bcaa1876d90c1798f512a63a753
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = feb8c639d397a3b940c68d893a2c29141135a00d15a78539401bc7d32783ccfba664c6408f2b6d1257bfb25fdf8a1b0a33e065b416aacbb6576d2cd949abd18c3926376bb29ead32fa9c6d7d9c17c69b
+** GENERATE (SECOND CALL):
+	V = 182d9945cc3c720000c282a114956bc0cc65631f9b1399688ef1d60844a3e3d3074cc7852d96c33b43243cdaac7ccb203abb1d6d08a28a
+	C = 12762db6b936a8083633e5cbaeaf53ee03e42ced6efebdd5695be42f831c87a78a8d1acbe20d18b8e46bcaa1876d90c1798f512a63a753
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ae2af78e32a56b2e92b5d464fb6d51f3
+Nonce = 5a2d67146c7b0b53
+PersonalizationString = 
+** INSTANTIATE:
+	V = b2d590d13d8678c0bc18915414fb6832a65a59fd2c953514cf14b6e09f1e6659d2c151768427a30b6ab145fddd5bead79e660cc8c37609
+	C = 480418ba27a9d1cfd799a6bdc5745fc9bf39b9b18cd869ee670f83e4eebc29b5aa59dc76db4675359d94d32bf1a3bdaa2c3cc993fd2795
+	reseed counter = 1
+EntropyInputReseed = 46bbff6ef65f0b5e5be6644fd60ca174
+AdditionalInputReseed = 
+** RESEED:
+	V = 30a9fef974e1d423316ac05d2468fa996dddacbde2a762a4ea4b0fb94213d5904f3a3affce0f629c5d88c4814fbe381df037c317ff5a1f
+	C = 6019341db0d5256c1dc2bf1a7c348fd6c7c3a76489677cc4eb3d2a27606a167afafbfc35fda951b0681ddaf140daad0fc8c6bc621d906a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 90c3331725b6f98f4f2d7f77a09d8a7035a154226c0edf69d58839e0a27dec0b4a3637d532502e496d84c8b6ade2a827be31177e71d1db
+	C = 6019341db0d5256c1dc2bf1a7c348fd6c7c3a76489677cc4eb3d2a27606a167afafbfc35fda951b0681ddaf140daad0fc8c6bc621d906a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6f08859ce9b4a2d3ef9fb82694b575f72679af021791313512b2ddac02512c129fe0d1d6df45dc61608aea151b7e1a3e0daaa6553ed546e7f017e1b5ef894b8ff4fa51bd7b1aa3d9aeae54092174c1a9
+** GENERATE (SECOND CALL):
+	V = f0dc6734d68c1efb6cf03e921cd21a46fd64fb86f5765c2ec0c5640802e802864532347224a2aa3a67a7141af8b4f6227a693b2943b376
+	C = 6019341db0d5256c1dc2bf1a7c348fd6c7c3a76489677cc4eb3d2a27606a167afafbfc35fda951b0681ddaf140daad0fc8c6bc621d906a
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 3eff06b5047fa403441f559c413524b4
+Nonce = 918e1da85d6edcc1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 338fb66c02104def352c9bea9ca36dd739ce8e9a3f9b3f36becad7f7ac97197bc55ea387cece3011973dac4c8b27ead5b08bdf6c769113
+	C = 07ed3c90e86d01cd0a584a167bc50c21324b3c99b1d6529b8efa06c44ad21cf786acf17cbb0f43775cb4ad89b571eede548225137709a6
+	reseed counter = 1
+EntropyInputReseed = e9ec50c42cfd20296a324d71f0fd0240
+AdditionalInputReseed = 
+** RESEED:
+	V = 3d348cd1b731fa6044c2762fb40197a08831b825667665f988072578929f108f7b0e92697421927c659f1b55aa1ed9791199498abe8d37
+	C = 4ade0ae1e8197929b87f7c7f1c0ed52af20902274b786c15c8b3d12fb00032ff525e08170ead47706315f1216ed9688d81479004cc0aea
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 881297b39f4b7389fd41f2aed0106ccb7a3aba4cb1eed20f50baf6a8429f438ecd6c9b3060208aa63d08450b93199036a045a0fae0a5f2
+	C = 4ade0ae1e8197929b87f7c7f1c0ed52af20902274b786c15c8b3d12fb00032ff525e08170ead47706315f1216ed9688d81479004cc0aea
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c73515ccdf230804d3679d80e21a49ecdf331dd1a759ba64878ae37d9e980ac654ea7f839579b8660b60206e9c3e938c0805867ed5bb110932677fa9a24b02472b84c0d5a551250ee1ea393c00fbe749
+** GENERATE (SECOND CALL):
+	V = d2f0a2958764ecb3b5c16f2dec1f41f66c43bc73fd673e25196ec7d7f29f768e1fcaa435745b9456fa89b493083da0594b6011f4843efc
+	C = 4ade0ae1e8197929b87f7c7f1c0ed52af20902274b786c15c8b3d12fb00032ff525e08170ead47706315f1216ed9688d81479004cc0aea
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 2409e212fbc11c625d4cb283f42b462e
+Nonce = e4bd228c316adacf
+PersonalizationString = 
+** INSTANTIATE:
+	V = 133f763bde34180cd010e74558fc9bb10660e633adaf1f233aa18845f8ad45af4909a701c8297b44267bc84b876520b3959c395a4df8d7
+	C = d66a44d6f43cf717590e3ec61048ca2715077e6d1dce7aebd7a6a8baa66c7f35ff9c8873eb1468d828e02ba2aa7e42d1dcc434b51ee2e2
+	reseed counter = 1
+EntropyInputReseed = bb92af46b9a5775aab33ae4621678452
+AdditionalInputReseed = 
+** RESEED:
+	V = d265dcf06fcf4def6a0308eb964026a22bee4d3429e37904b8dd7166f664c0ab27f7a397eed8f3346fdd16e241821ec732979cdfd50e47
+	C = c59e5cb944762478cfe949f75a3f02c5f0fe484907d57e2162e66d796b09a07407c848df29486d5d44a8cbcf333227d9000894c85c3eba
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 980439a9b445726839ec52e2f07f29681cec957d31b8f7261bc3dee0616e611f2fbfed3c126b1216e0a3037a1fe6e8339ad221574c3c55
+	C = c59e5cb944762478cfe949f75a3f02c5f0fe484907d57e2162e66d796b09a07407c848df29486d5d44a8cbcf333227d9000894c85c3eba
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 60efbed017103dcbd04b15a52eeeb61d897220dea53ec4794df7bb1d694bf00aa23c7234d84b730ce4bbc212800791546ae143e08ff8f521155a742881329c1a5de0c47413448519d12628feec5db30d
+** GENERATE (SECOND CALL):
+	V = 5da29662f8bb96e109d59cda4abe2c2e0deaddc6398e75477eaa4c59cc7801933788362dddd7544189ba904393e0158cb4a52c5e2898a2
+	C = c59e5cb944762478cfe949f75a3f02c5f0fe484907d57e2162e66d796b09a07407c848df29486d5d44a8cbcf333227d9000894c85c3eba
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 890777e83c982e9d6315f7475a6b9c5f
+Nonce = 29f813e424a28be9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 82f9cbaf0118f86832e731f824de71ef468db329243c441d9981792fd2d27088b9716e34cf3d4f26c456f42e91ba6eecc287c10f913624
+	C = 4b33001ab2c1108a1c9022a03eef7c69bb9a52f35df0e1c63bd6f3e6a45735afdd0930246a08ee70688273b23eb544534918620590db4b
+	reseed counter = 1
+EntropyInputReseed = 0e588ae0bc753c5807f5e74852d1d14a
+AdditionalInputReseed = 
+** RESEED:
+	V = 1bea63d126dc7d3328f7fc6d6aeaee4f122fea8c70f8b49e032d62105a791cee875f5b371a61e8c0e3fc74b3e080cddc4c3089b4d571e8
+	C = 60c40a1493a9734c0ec989c9d599c532de257836f0624dbe1f0807e02750277005dc80311959855ef5986c0bb134713bde977a0eb234d0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7cae6de5ba85f07f37c186374084b381f05562c3615b025c223569f081c9445e8d3bdc3cbd3a0af4448d23cbb7ae20600b7c82c22a2a7e
+	C = 60c40a1493a9734c0ec989c9d599c532de257836f0624dbe1f0807e02750277005dc80311959855ef5986c0bb134713bde977a0eb234d0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9327fdc8049ee71b6d6b594cd994d30e653ee746b3ac4302d7ba8eca1fc2618b1c31127abfdf2e155e893673ee0194504bc9b9a13e037221e5dc30eac8ade2cd8b5795566a9d9bd35ce5a0355377e276
+** GENERATE (SECOND CALL):
+	V = dd7277fa4e2f63cb468b1001161e78b4ce7adafa51bd501a413d71d0a9196bce93185ca3f786ddda9dc7c8dba9f2a9ef7b3834f9057d01
+	C = 60c40a1493a9734c0ec989c9d599c532de257836f0624dbe1f0807e02750277005dc80311959855ef5986c0bb134713bde977a0eb234d0
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 53857c37a460265fc3e57b86a2a8fe0e
+Nonce = d75b8eb747f2b77a
+PersonalizationString = 
+** INSTANTIATE:
+	V = bc056f65796ec518bf09d719552f8ecffc0e2b341ee914d635e132501508d18f063200b8d4c81707fcebb645273d9c699bb0ff4730b3b4
+	C = fa8a96e201aac8934f2237120de5b3135ed85d58c83cce6bd0e967a7d3ab683f8dae534c3b95babcb8fdfd60628f57cd49f3536e6b8e19
+	reseed counter = 1
+EntropyInputReseed = 792e9291da0208516caeb7fa93f3f376
+AdditionalInputReseed = 
+** RESEED:
+	V = 76da1ce815268641f1ca7afb0d7460452f6c562e298019aec105d10d63c3221f6ae83c565b36b547c3f9a047187388b27bcab1d164ca59
+	C = 05abe0429d2f77a9fa213b4c8b9f3ef771ae001a7e534a392a1061cb1be83beabf4de842b121d7e66f400764733e380ad9fcf673899118
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7c85fd2ab255fdebebebb64799139f3ca11a5648a7d363e7eb1632d87fab5e0a2a3624cb089013cb94420120667d56cbcf26a65de94a6f
+	C = 05abe0429d2f77a9fa213b4c8b9f3ef771ae001a7e534a392a1061cb1be83beabf4de842b121d7e66f400764733e380ad9fcf673899118
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = efb8442c6e1fda43df74e064f9734e7c6c2b46ebbb1dadf44ea12c070ba9b39256b3164696ff8537e357503358ebde5dc7da7f63a104fd4d5d428ef75b9c82f7f8e4f889e3f10b6bbbcf5f0a040bc9cd
+** GENERATE (SECOND CALL):
+	V = 8231dd6d4f857595e60cf19424b2de3412c856632626ae21152694a39b9399f4e9840d25f9ceb3c3731f12d76674fc23524dad95e8f054
+	C = 05abe0429d2f77a9fa213b4c8b9f3ef771ae001a7e534a392a1061cb1be83beabf4de842b121d7e66f400764733e380ad9fcf673899118
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = ab112b2c7150801b89c5d686d3cf42b3
+Nonce = 252b7d5283413019
+PersonalizationString = 
+** INSTANTIATE:
+	V = cea5341ec1a93c96b8b775fe2d6f84534f7a639f77267ea0a8569bfbb52c0bf05da6f83548f76b1ee3df484578b4fb830b01d67d3ed25c
+	C = 19b32bb56bf8b654b4f9a6629dc92ba10143fc2c4fdfe87bb807f7c20e98852ad9d1a11247f851b86403d4c18e9380a48fdf60c8692685
+	reseed counter = 1
+EntropyInputReseed = d47f6ff181a0f475779931196abfa5ac
+AdditionalInputReseed = 
+** RESEED:
+	V = 0e8d2ab077bd623b5c33419949f1a27d38433ca53cc13c3b22428c8104baee0ab425b73e4b08207be896b91529efa3315bf0efe3345a88
+	C = 8d6f5de1ccb7abf2304ae2ebc60c9cc2b205a4e9b16b0bb9eeb989d45916cf3bf561e15ccb7cdf244ec039d7548a36b9c7675503cc76d6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9bfc889244750e2d8c7e24850ffe3f3fea48e18eee2c47f510fc16555dd1bd46a98798c6dbd9e6ae55bcf1f93c7bd09f92f2bce05fdfb3
+	C = 8d6f5de1ccb7abf2304ae2ebc60c9cc2b205a4e9b16b0bb9eeb989d45916cf3bf561e15ccb7cdf244ec039d7548a36b9c7675503cc76d6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b705636c0ae4df0a33f5f18292468ae40796ada0c4318f96aa795114300ede83e37101c9198716cf8b3909696830fb696655f7f0a9c78d763ad6799322ee159d8c3fe45b59941aa750a2ded04c298056
+** GENERATE (SECOND CALL):
+	V = 296be674112cba1fbcc90770d60adc029c4e86789f9753aeffb5a029b6e88c829ee97ad749366c3dc830e9768560c1fddf2d030089615c
+	C = 8d6f5de1ccb7abf2304ae2ebc60c9cc2b205a4e9b16b0bb9eeb989d45916cf3bf561e15ccb7cdf244ec039d7548a36b9c7675503cc76d6
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 044e23d92e94db1ce7bd629b7746b53b
+Nonce = 8bf4eeb369ab1eb7
+PersonalizationString = 
+** INSTANTIATE:
+	V = fa15a6d42397f990e2d814e659625b85fe3f8b1cb00213e2746cdc010e47e8a4bdc2a048c68c143d01e769bee346029b80f20d3eaf0216
+	C = 92480e4d2d4c76e81f9ee19e5197f5b983653703f4b219f51219fd242b606b1cc46e141310bbf4d0c8e1f383b59afab5cdc677d6f9a75f
+	reseed counter = 1
+EntropyInputReseed = 225a181b44529f83f6632aac895a139b
+AdditionalInputReseed = 
+** RESEED:
+	V = e1e2f4a285ee3cb1f3e944d0ac3430bfa73d16b4585d2fa6bfe06f3bc65c1fe6ba3b0f30b33b34764064f814bc7bcdcb4c0627f29ee986
+	C = 0202c638112aa466ae3efd3b8cacc1a16797d096b18b10e67f59cd90e59ad6b9bedd4efa72f958d8bfb4db65095a48abcb900355e2a2e5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e3e5bada9718e118a228420c38e0f2610ed4e74b09e8408d3f3a3cccabf6f6a079185e6ab2dd63bb482414a8020e90b80f9f50919570df
+	C = 0202c638112aa466ae3efd3b8cacc1a16797d096b18b10e67f59cd90e59ad6b9bedd4efa72f958d8bfb4db65095a48abcb900355e2a2e5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fff341551e1ab3e6d1f6472722413f831671b32e095f45cfe0f001fbe09b6ad3c484f237790378f9d6d18bc6011524516af4a40b15b5f50ebe2b1e8b0242c86a491de630035a9f387617949e2dc5fe0f
+** GENERATE (SECOND CALL):
+	V = e5e88112a843857f50673f47c58db402766cb7e1bb735173be940a5d9191cd5a37f5ad85db6039911a60258840b24263a302c7ff273403
+	C = 0202c638112aa466ae3efd3b8cacc1a16797d096b18b10e67f59cd90e59ad6b9bedd4efa72f958d8bfb4db65095a48abcb900355e2a2e5
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 690b28094b640842e406b33d031707e4
+Nonce = df19c613d926cbc0
+PersonalizationString = 
+** INSTANTIATE:
+	V = cdc45f4143c75ff5f0b07d6ca0c77910155513fb6a51559353dd61eecdbbd239ae717f8a35be118a8de9a6c1dd5ba24d7742b978384bad
+	C = 4847c11b72c93c0ff30b7227b64e9500362bdab0394748e4403f62528efe6d7084db148e5f619c096b35609e6bb459f46eff50fdbf41fc
+	reseed counter = 1
+EntropyInputReseed = cc6a973e3d47be5190f9c9f7f4adca80
+AdditionalInputReseed = 
+** RESEED:
+	V = 990b366872f181aa8d18ac76aa54bbf5ceb26e8991a2bad235efb596c390b84b9c451eb29f5e0850e9192e8b5501674ecce0608b0a7b9c
+	C = fee67541bc55147ac95839aa2343e78d46489660ee9093243a2103c0c3f6f8092040f7153902b304324a6dcb385c6f2c3a4d5a1dbf63ff
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 97f1abaa2f4696255670e620cd98a38314fb04ea80334df67010b9578787b054bc861646965aa694d38591a5e9170cbe1c1ced050dccec
+	C = fee67541bc55147ac95839aa2343e78d46489660ee9093243a2103c0c3f6f8092040f7153902b304324a6dcb385c6f2c3a4d5a1dbf63ff
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d6beecd6368a8b4f8bd700568ef48dcd25814d2d3ea032d2402c6424afcdd39b76d37aaa7c677dc4abd8ec9b96c999afd1bfa0250fc417a5e7ad2e31a89a51770cf238f8d94561cad33e376758a7ab28
+** GENERATE (SECOND CALL):
+	V = 96d820ebeb9baaa01fc91fcaf0dc8b105b439b4b6ec3e11aaa31bd184b7ea85ddcc70e1cb6fb449262857af1aa6d9814a751ad0394b675
+	C = fee67541bc55147ac95839aa2343e78d46489660ee9093243a2103c0c3f6f8092040f7153902b304324a6dcb385c6f2c3a4d5a1dbf63ff
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = a20483c91fda30d93d51a787823784f8
+Nonce = 60c4903da946a588
+PersonalizationString = 
+** INSTANTIATE:
+	V = 25e7b4a4f1b4463cb914def33fb500894676ef8247c1b6483236e67ee66760def11c47eb7e3fc6e1a49bb77945b2a5b57408ddde44f1ba
+	C = 7c3c710106d33bfe116136fc5ce4e9e8f04f4bcf005684bcef04ca05dce0751c17a53df3d8f736adb16968a540c92b28ae1296fe194a16
+	reseed counter = 1
+EntropyInputReseed = b039c350265e9d2a0ae7eb3c09a59172
+AdditionalInputReseed = 
+** RESEED:
+	V = 74753f44ed371cd7cbd59e1cff1692e0fc5648d08e27abf1982202f4c305e31c7f3b083e99fa6f20c80cfeeb321c448b56cdefc9e61646
+	C = 2c19a345fe773a6e93050cfbba641e307444b2db27d881d93c9e107b703ffdefe9ca356f59e76e8e598f4bd08ba8e34586e3a22c76fb3a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a08ee28aebae57465edaab18b97ab111709afbabb6002dcad4c013703345e10c69053e746c82164bfbeeaea5b903cdeeafbc4519796587
+	C = 2c19a345fe773a6e93050cfbba641e307444b2db27d881d93c9e107b703ffdefe9ca356f59e76e8e598f4bd08ba8e34586e3a22c76fb3a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4794031bd9b82b64718c7dc593efc73c9283e0400e8816f400dc93215019d1943d487c3ccb9ee578b4b2a8c079f3a8264d9d16819cdb26b75254217a510baebd853c4b1a1c646bc1609385dbf409987f
+** GENERATE (SECOND CALL):
+	V = cca885d0ea2591b4f1dfb81473decf41e4dfae86ddd8afa4115e23eba385defc52cf74b5facb96b4f2985f3ab9de21d5d87e18e5548285
+	C = 2c19a345fe773a6e93050cfbba641e307444b2db27d881d93c9e107b703ffdefe9ca356f59e76e8e598f4bd08ba8e34586e3a22c76fb3a
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = a2127d5992b3e69bcbf41fcd4a3b4e9a
+Nonce = e961782b3f40f4cd
+PersonalizationString = 
+** INSTANTIATE:
+	V = f52ed27597cf9a0cb4781b203e4aa5b6593c1948cb257f3624c78568bf354b34eb6eef602e94a6ec22f813b1a4c065e6b3c40efc70cf70
+	C = a0ba7e63f95b30ac40ea64bd4bd66109fc0f267b50859f124cf193eb838592cbfdab990a775c247de1e0170ff6fdcff69b9f7c91333d48
+	reseed counter = 1
+EntropyInputReseed = 1a231ed80c3eb0969f438ac11674afa2
+AdditionalInputReseed = 
+** RESEED:
+	V = ff2cdfe69c0a7fe777dd60e2bda529f72cb5184b1288f7c404120acc07eec4a6ec21cfdf0c13d43bf9078db51b3ab3e1358a8ffe712302
+	C = d8d83aab6392889d1b68ea635489cda67237d6f619d719e74fdcc06ecbbadadbbb1fefa87d945823202d792e202f78bb1511691bf00807
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d8051a91ff9d088493464b46122ef79d9eecef412c6011ab53eecb3ad3a99f82a741c054414202230d0088d6351d4d9669670b7edf47d8
+	C = d8d83aab6392889d1b68ea635489cda67237d6f619d719e74fdcc06ecbbadadbbb1fefa87d945823202d792e202f78bb1511691bf00807
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 05a7bf0fe9fe12da2492d0fc0b5dcdd499c8eff1d90d4a606d63a8e3fa717310c2867655fa28c698681943a49dd33dc66ba75824eecd78f5e6a652778758b2223228ee1e371efd9ed5147b5e661cc82d
+** GENERATE (SECOND CALL):
+	V = b0dd553d632f9121aeaf35a966b8c5441124c63746372b92a3cb8ba99f647a5e6261b0e1e1580fed6556a491e5e81baa3630a26e58ebf4
+	C = d8d83aab6392889d1b68ea635489cda67237d6f619d719e74fdcc06ecbbadadbbb1fefa87d945823202d792e202f78bb1511691bf00807
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = f217642654e18400222a9bb1bf202d9d
+Nonce = a59de3da92630338
+PersonalizationString = 
+** INSTANTIATE:
+	V = f57695b47101d3586b3d79bf8a936d5abd23def5b723f6a3b92f01927d9f383baa9b2d177b2390c76945dce2b9b2e0ad4c049ee766bbc2
+	C = 0bd6c7a53a3021d5c066ad9f2b7fb9b51d5f578e622d0ba21d47cb90e16ff3d0e37b784c6785ee6d46a9bed4c833ac7c47d31f7f33515a
+	reseed counter = 1
+EntropyInputReseed = 46d5145a20e25e0939d12cdaf273fe3d
+AdditionalInputReseed = 
+** RESEED:
+	V = 5ea153618977c6415cbc1f0f1a26cdf7acd799f8bad64e73e97048a5420f011d38748bea8b0c5c12a13bdf570e16a2c608e8f34c89503c
+	C = 35d8400ef2f5a41a596f061f86e7b04d7abad4470f356053280e7a2dc9c82d15475f82882240147daa914e9d62a5b049022d892efc6bd9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 947993707c6d6a5bb62b252ea10e7e4527926e3fca0baec7117ec2d30bd72e327fd40eff02fdde496cdb5245be00707a91c6167c308432
+	C = 35d8400ef2f5a41a596f061f86e7b04d7abad4470f356053280e7a2dc9c82d15475f82882240147daa914e9d62a5b049022d892efc6bd9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 68d345d8e7a87139c3cb0f820077acbde8985de55df79bd12aa18e8a8c91d1510f101537c446fca6a69751b38850a39049c45308768e82b2450f528d590d7cf3b4263aa7ce85f17e18113e43d9a5b14a
+** GENERATE (SECOND CALL):
+	V = ca51d37f6f630e760f9a2b4e27f62e92a24d4286d9410f1a398d3d00d59f5b47c7339192f6a93988d88024ed62bde844caa6162d99fe9e
+	C = 35d8400ef2f5a41a596f061f86e7b04d7abad4470f356053280e7a2dc9c82d15475f82882240147daa914e9d62a5b049022d892efc6bd9
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = b277439c082ff848fbc112a0d7a5fb7e
+Nonce = a39f32bc946393f7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7d18c9c98da70c68b85a722648527d94e5c9254c9c4848c11c71947cc35dea104c080875f45103eee1cc385d7789f786b538384ded912f
+	C = 2ed4f0553bf3c471ca7f412913d280714c27fa7bba90720bcd197f6fbde0b4fd7912bfcd3890dd2b5bc03150b55f0515a786a4408ffa71
+	reseed counter = 1
+EntropyInputReseed = fdd17b8ccee83fa49a3b388df60fe5b2
+AdditionalInputReseed = 19e97baa9b376e11ab6ebf345c326b48
+** RESEED:
+	V = f5a688dc9fbc132c7a2d704d9c802aa71b9fe29811dea40740a82ca720682d34e1471f66cb14d0a6284854237609a529eb6f945947398d
+	C = b6bf4fa5ceb60e6bdcc58ad36fc2cd0f39f1184d7e0fd3b6a62b2b4b8b59559eb0cb2f9db680e991e93fb8f30481c99321d6ea866b0fa0
+	reseed counter = 1
+AdditionalInput = a9dd1b98609da49f13f071cc62205c99
+** GENERATE (FIRST CALL):
+	V = ac65d8826e72219856f2fb210c42f7b65590fae58fee77bde6d357f2abc182d392124f8ecf5a437e185be368469261f8c7a73ca74aad3b
+	C = b6bf4fa5ceb60e6bdcc58ad36fc2cd0f39f1184d7e0fd3b6a62b2b4b8b59559eb0cb2f9db680e991e93fb8f30481c99321d6ea866b0fa0
+	reseed counter = 2
+AdditionalInput = 6763377423e251c2bebad529f5722438
+ReturnedBits = 9a3893d558eab44189ddf1d88ebb70cf37411359f9735201ca03eca5b97438232390e28e4cb51a9a45c1a870968b915a7f69bd796d8b3c563faad05a860849165bd1b8fdd9fe96cd1876bfbe301895cb
+** GENERATE (SECOND CALL):
+	V = 632528283d28300433b885f47c05c4c58f8213330dfe4b748cfe833e371ad87242dd7fd074cae9de76da1b81addb85b4ca6914ec35bc68
+	C = b6bf4fa5ceb60e6bdcc58ad36fc2cd0f39f1184d7e0fd3b6a62b2b4b8b59559eb0cb2f9db680e991e93fb8f30481c99321d6ea866b0fa0
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = b259889226dfabcfb9f5009948c63d6c
+Nonce = 4f4d8ec7d33a15be
+PersonalizationString = 
+** INSTANTIATE:
+	V = 258ee8f78e4e005472517e52f35ac6605b4202dea9614a97a73c221191fcb6a481dbebdea9c2d66fc55d90349efb9a20888c174d7566b4
+	C = 73017afee6a68d767cc5ce670609c072811fcf34961737a303aec717deff12ee4889bd1cf5fcc7192035e0de55fac362b2e5dad9ee3b7d
+	reseed counter = 1
+EntropyInputReseed = be6df62edd1024111ed4ea6b70aec1ef
+AdditionalInputReseed = 7e1a86e7b97fa62bc3a95e44ebb386e3
+** RESEED:
+	V = 322239c79dadcc0e2718b8fe1d495a802ca8640b6be5ab3f2ee90dec08d6694a10925a4d39f482994461a24dd56093eeb399a0214fd625
+	C = 9e13effdde1c6ec312d09e1213c289cc689e9283ac15211318cb19281d40afc9224ee357c4ccac01db930bed2a058f0eb3457caf03c7d7
+	reseed counter = 1
+AdditionalInput = 891c7eb2e610aaa3c4d61e67afffca0e
+** GENERATE (FIRST CALL):
+	V = d03629c57bca3ad139e95710310be44c9546f68f17facc5247b427142617191332e13ee92704c16af280b6936d504f9c11bce3527c548c
+	C = 9e13effdde1c6ec312d09e1213c289cc689e9283ac15211318cb19281d40afc9224ee357c4ccac01db930bed2a058f0eb3457caf03c7d7
+	reseed counter = 2
+AdditionalInput = ffb0b9ef8816ceee7452f4615487b868
+ReturnedBits = e3cbad614a12885d3233572db2d19e9deb67c8324c1ecb919cf74325570b6396c8874edaadae87252c4d62a486648ce33f669c37ec35dd39e3f22ff565a54854b4608e6367127f7b9adba36da342f706
+** GENERATE (SECOND CALL):
+	V = 6e4a19c359e6a9944cb9f52244ce6e18fde58912c40fed65607f403c4357c8dc55302307d080c8e67f8ba0b8bf4e1178db8c2216ca078e
+	C = 9e13effdde1c6ec312d09e1213c289cc689e9283ac15211318cb19281d40afc9224ee357c4ccac01db930bed2a058f0eb3457caf03c7d7
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = a34e8851db9412916986b8584dd3b78c
+Nonce = 0681931a50a93192
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3e4dd42a13854f69568f6fd21ddcb64625920507d78af109b5d59e5bbd4fbd51da8cadcab36ab6b0179cd75ea3be1198f01f8a66967a1f
+	C = 3ae3d34d86b3ccc1fa26960b48f1f7c0d978977385ce3e0c695e3ba5ea1fa6003148d81e2adff5f64767d0ab3c15cb1a40280422ead65a
+	reseed counter = 1
+EntropyInputReseed = 68da5d070297efe7d4fae16e85366e80
+AdditionalInputReseed = d1aa4ac05954dfe8389f688872686e0d
+** RESEED:
+	V = 0861610b5894c2f99c0b081222353658962a8b4a7031ebac20d47f46ddb7fba7dc4649eb581532ab9eb212b1299e40e2a698f2e80789e0
+	C = 0bec229e54afbdec2d693e7b75112a235388d05edb135b6fcaafced528c1827d156f4684380eeadf73db916f9dd5dab7139fd54a62061a
+	reseed counter = 1
+AdditionalInput = bb2e2b615f4c1892689b992ebe04ee31
+** GENERATE (FIRST CALL):
+	V = 144d83a9ad4480e5c974468d9746607be9b35ba94b45471beb844e1c06797e24f1b591a723edb3c218cae5964337f4262e6f010629fe62
+	C = 0bec229e54afbdec2d693e7b75112a235388d05edb135b6fcaafced528c1827d156f4684380eeadf73db916f9dd5dab7139fd54a62061a
+	reseed counter = 2
+AdditionalInput = 97f5d7afe1ab9dc89fc63a6e3d5dd4dd
+ReturnedBits = 9d3b665e29bef6a760a2608e4dc7c1e90dfc0ec00e6f986fa45d42527cbf6939526f9baa010aed6a223ec190800d594f09154c633f3236259ee00ff84460c1a33acb3d632712bab60a9568c6f2920e4c
+** GENERATE (SECOND CALL):
+	V = 2039a64801f43ed1f6dd85090c578a9f3d3c2c082658a28bb6341cf12f3b00a20724da1a13843694b0a02a5f11f840014487767a461bca
+	C = 0bec229e54afbdec2d693e7b75112a235388d05edb135b6fcaafced528c1827d156f4684380eeadf73db916f9dd5dab7139fd54a62061a
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 147ab6b2bc03a552c715faac89816cf3
+Nonce = f635bafc3860860e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0ff36ff4c1a4798264ee66909444577fde63115155471d4eaef26eb36535fc2626b646194912bf0d07d65dbcd59fe1e378cf914660be3f
+	C = c13d0756074f29bb232875c4c5acb7b26c2d7405240e43d9fd39ebcb90584887a27525fe56f1cf42afa8fe994d5c56ab3ec5dd7a400242
+	reseed counter = 1
+EntropyInputReseed = 7c3ef601d8fb41e348f0473406c71c3c
+AdditionalInputReseed = 6207a50fceecc0fac5c4cfed1281b6ee
+** RESEED:
+	V = 478d860c7d9581a55c66aad73a982dc279a61cd83ef39bbaccad72b40e121877319ad24345f41aa1df6a6917c01e87ae16953a73360d02
+	C = 3b83e5182cf2815eaef46f2c91951633ef939f9858b67aedbe2436960c498f235ac1a45c830f30fcdb7c28203e01977754f1258cbaf17e
+	reseed counter = 1
+AdditionalInput = d7182df0018990f03ffd794cec22fd9d
+** GENERATE (FIRST CALL):
+	V = 83116b24aa8803040b5b1a03cc2d43f66939bc7097aa16a88ad1a94a1a5ba79a8c5c77478c3deac5aa0f19e1ed6d20238a729edb3f7624
+	C = 3b83e5182cf2815eaef46f2c91951633ef939f9858b67aedbe2436960c498f235ac1a45c830f30fcdb7c28203e01977754f1258cbaf17e
+	reseed counter = 2
+AdditionalInput = 7e4c01d79f8a6176b8c319e2f4d38516
+ReturnedBits = 576ad4b63a6c73194ec7af8a1204ddeaa72e60b0f6c535c382a9bf0f27d08f2f37183a69acea2f855027ae2b1d602cfcbb6027a4c2070c70a5220882ddf5af7d3233a2e31fa670cd068ea723fd889392
+** GENERATE (SECOND CALL):
+	V = be95503cd77a8462ba4f89305dc25a2a58cd5c08f060919648f5dfe026a536bde71e1cf207afb36252f6ed952b9ed34f0c266638e8c6fe
+	C = 3b83e5182cf2815eaef46f2c91951633ef939f9858b67aedbe2436960c498f235ac1a45c830f30fcdb7c28203e01977754f1258cbaf17e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 49d84a3337ab18a5e0e9583b16abcdb0
+Nonce = 7121743a98cf8c20
+PersonalizationString = 
+** INSTANTIATE:
+	V = 41340f1fa5fb81087c6ebc8740d4891bb0319049585ff7c76dd2a64ecb2df2770273b7aa3825e0bc6659602ed645f9f006a941c93f50a8
+	C = a4b10b2331a92e899cbf34b717a868eff2c2fe09e8cc29d8eb147addbeafef24c4e79c1fbe36c985d7a585f67ab02142b030279eac68d2
+	reseed counter = 1
+EntropyInputReseed = f3cf8a370ff8c754bc363d4ceb6f140f
+AdditionalInputReseed = 60b1c4813b7f67ebcd3165bcc8ae8eb3
+** RESEED:
+	V = a0b52aad4122635876eed031f7a80773c628dd9baa34d72e6fef3a75753b55c71171152170556bec8346be9c4f6e7ca9cb49652c1b3b9b
+	C = 7324a7ec267479c03aa5359d831a2e440a39242f3f5c9f631f8682e0199209df98e1944698495fd17d5c7b6245abb606c8101158c49498
+	reseed counter = 1
+AdditionalInput = 6798c8dd6c16c5aec58bc178b6c1e6ff
+** GENERATE (FIRST CALL):
+	V = 13d9d2996796dd18b19405cf7ac235b7d06201cae99176918f75bd558ecd5fa6aa52aa66b0551753826601b53775d853ea7bd589ca2d7c
+	C = 7324a7ec267479c03aa5359d831a2e440a39242f3f5c9f631f8682e0199209df98e1944698495fd17d5c7b6245abb606c8101158c49498
+	reseed counter = 2
+AdditionalInput = 2ec28ab1b68c8fdbcadb3ac6476526cf
+ReturnedBits = 8f751187b53447269fba940c292bedbe125364776853a1a5f7b76f74fa5606c7818ca9f57132f42a9f89775574d4319b981feacbdd4f2e779abf49ca73e1de5cc02dc2d2bbc27bee3a57fd77807614ad
+** GENERATE (SECOND CALL):
+	V = 86fe7a858e0b56d8ec393b6cfddc63fbda9b25fa28ee15f4aefc4035a85f698643343f6617ecdc2f0e7a618fe67483eae6beac1ad79a8e
+	C = 7324a7ec267479c03aa5359d831a2e440a39242f3f5c9f631f8682e0199209df98e1944698495fd17d5c7b6245abb606c8101158c49498
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 1664df8e26616372055ab02bc303956b
+Nonce = 856d3fd3ab316160
+PersonalizationString = 
+** INSTANTIATE:
+	V = ba32b269914e452df87141ea09dfc5a8dec4e246e339532805dd5ac2b8ad647df4d54c6456cdf7c45c1063ff16110d0907239734d350b6
+	C = d73ee0e1f56ed86fc5dd7e96f2661f83ad3781ce575a59fec5d361b10084df4b534add995621536b0dae464b9c0564e0fb6f21538fc863
+	reseed counter = 1
+EntropyInputReseed = e253741349eb5fff62d33fd28294144a
+AdditionalInputReseed = a10c4710e7598844abb6a5223d5daef2
+** RESEED:
+	V = ddf67946d4a4aa1127472fc3fc70af75a8c2555fb42e434bfefcd22fdeb4568a87dddebafefdc028c782a01b16952716c1d15410d03e9b
+	C = 7937bc3aba06f3ce5712e0a60d1048c24d3a7903ce8fe8b7841e3d4de647c5bd073f208c488af90d277ffa480a617212662292acdb8f41
+	reseed counter = 1
+AdditionalInput = 2eea6d53d9c1fa5ccc9e1cee391002e6
+** GENERATE (FIRST CALL):
+	V = 572e35818eab9ddf7e5a106a0980f837f5fcce6382be2c03831b0f7dc4fc1c478f1cfff25dd9aa87e3c26c8e902c29e00497ad454adefe
+	C = 7937bc3aba06f3ce5712e0a60d1048c24d3a7903ce8fe8b7841e3d4de647c5bd073f208c488af90d277ffa480a617212662292acdb8f41
+	reseed counter = 2
+AdditionalInput = 8021c5b60e2c70029bd841c79b912a7d
+ReturnedBits = 92f6c69e43c257ce388fd1dc0732be02e95fecb50c7edec1b880bdb0ec7126c6c8566761980c6be71fd25519934177109ef38fb0cb54015ba9f5ea8721939d4036f74789bc5ea08fd1d4c7b68e11c1f3
+** GENERATE (SECOND CALL):
+	V = d065f1bc48b291add56cf110169140fa43374767514e14bb07394ccbab43e204965c20ac9bfe4abccf7bf2c36fe92f48b52ba4946e265e
+	C = 7937bc3aba06f3ce5712e0a60d1048c24d3a7903ce8fe8b7841e3d4de647c5bd073f208c488af90d277ffa480a617212662292acdb8f41
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = e258263f7c7f9998c265b8876f3d3904
+Nonce = cf01cac1ae4e4a17
+PersonalizationString = 
+** INSTANTIATE:
+	V = da264ffbe5a4af004d4dda53962478db6ca6c6ca4404fdad95b3a1fe621ea4df8a63f97c853eac2657feea6c8ce2577ecba6aed97600f0
+	C = 8e4cac3def5c9fd220e5a24e3df4b00e1dabc532050093dbf202f852a09b355569608ca8d79d788b10c4dff99cc627c891a858bdd6fd42
+	reseed counter = 1
+EntropyInputReseed = ca5437f15dec2732d9fbdb3ae4e7bfab
+AdditionalInputReseed = 218bf78f96b39d64548b30c58a4f4a55
+** RESEED:
+	V = 1dfda337be74ce5e2ba574621930e3c814dae146a586740abb0e616308e4965ef98f0ba7b9ea6b014f2e11a9d506cd6cf29776dc2fff4d
+	C = acf4327bcda4f3ac50da57d545aab349efd2dd928b957aab6a1c6d7e0ac7c4fc09b2cd97e3f96e5cf2be64ef7a79af0614f8820ee563fe
+	reseed counter = 1
+AdditionalInput = 1ddf6b7f2d9943112d8df4efb8e6aae5
+** GENERATE (FIRST CALL):
+	V = caf1d5b38c19c20a7c7fcc375edb971204adbed9311beeb6252acee113ac5b5b0341da1aad88ea7f053cdf6fcd8716f9e48812c01cbb3c
+	C = acf4327bcda4f3ac50da57d545aab349efd2dd928b957aab6a1c6d7e0ac7c4fc09b2cd97e3f96e5cf2be64ef7a79af0614f8820ee563fe
+	reseed counter = 2
+AdditionalInput = ee17b25ceee9a541a947ab2b5305442d
+ReturnedBits = 9a2fb350d1faa641af2c1f50eff8c9108d81d1cb43d69d5926d0e9e252b56ea0b414e3b420d060e2b3da8ffae3e965fb3ae3c98f2b27a14e80dc75646fab5470b32a9151b6d110f6306bb689b60522d6
+** GENERATE (SECOND CALL):
+	V = 77e6082f59beb5b6cd5a240ca4864a5bf4809c6bbcb169618f473c5f1e7420570cf4a8e49435753449ce30a7bc923af29d8a41e7e52df8
+	C = acf4327bcda4f3ac50da57d545aab349efd2dd928b957aab6a1c6d7e0ac7c4fc09b2cd97e3f96e5cf2be64ef7a79af0614f8820ee563fe
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 96b099088c1683b461fd7da408ebafef
+Nonce = c99b2bbd02499ee1
+PersonalizationString = 
+** INSTANTIATE:
+	V = b191bad71c37ce00e5a58df456d14e7a41fa314bf62ad2a40d648d83519d5ab9b8f6a80e3444e60169573ec81093e7f95795ab1a38af9a
+	C = 42e56d8433e29fd7034c7177a374c667c05cacafcfb191158acc0bd770c27bf7d33a26a83ef32dc26ca427df78072f58c3dd9c12940e82
+	reseed counter = 1
+EntropyInputReseed = f923c7c5a58c77965216019cbd11f624
+AdditionalInputReseed = 4477582184cfd326d6f15982a953ccde
+** RESEED:
+	V = 8c846c2264cff0ab62d834664da09802332e88b1a6ad907fac09be0aa3a0dcd267c2ab6ea18dc094d0e425c9a20d7515f802e706e528e7
+	C = 4a0b91b0bd65f18f553d59a43d5176626751b0ec8c4617229f22ca1b7ecb6ee4cff8579bd2f89495fc157e18a6524dd99ee381afa30706
+	reseed counter = 1
+AdditionalInput = e42bf542598ee62ae50632cda58f617b
+** GENERATE (FIRST CALL):
+	V = d68ffdd32235e23ab8158e0a8af20e649a80399e32f3a7a24b2c8826226c4bb737bb03fef34c0766f82c18189c0fa37489a040908c67e5
+	C = 4a0b91b0bd65f18f553d59a43d5176626751b0ec8c4617229f22ca1b7ecb6ee4cff8579bd2f89495fc157e18a6524dd99ee381afa30706
+	reseed counter = 2
+AdditionalInput = f2a93f4900507880703ec7b951a07a61
+ReturnedBits = e7e13f7e72fdc60c05c416ea48712594f302ab67b80876ee86e1bbbf5f3d81cb8f329b2af917a1cfc4901181f5a81144e3c65c526baa6faf060e6982bd5414f163e9176f4203c47893cc91f4bc77c587
+** GENERATE (SECOND CALL):
+	V = 209b8f83df9bd3ca0d52e7aec84384c701d1ea8abf39bec4ea4f5241a137ba9c07b35ca7c75bb259590c4ee2998946cfedb97be5b5ae7b
+	C = 4a0b91b0bd65f18f553d59a43d5176626751b0ec8c4617229f22ca1b7ecb6ee4cff8579bd2f89495fc157e18a6524dd99ee381afa30706
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = dbbc7908dff242ed851d67bf8ccee23d
+Nonce = a08422139d02f2cb
+PersonalizationString = 
+** INSTANTIATE:
+	V = d86c87804f2b131ec5d9e997de1777a81cfef6e40803eb098815e98ffdc678bc4b4ed3bbfb9be53fe31399249848054b0152012975cecb
+	C = b34955c8c8e42e75248dd1ebf902e23d4765340a7870ef3bad154131067c655f0ecfe6ad4b11193fbbbfbafbf0310eb2b902be65a62367
+	reseed counter = 1
+EntropyInputReseed = 7a2d47e9a810e69a1e7857678e5664a2
+AdditionalInputReseed = 1a7d0e8609666ad66035f9b3f8ae6b87
+** RESEED:
+	V = 6c55dfd235adefe7026e9b169ef56b06572bebac80c15140112eca588547826ca2e915bd8ca433f9f9e1136cf6bfdebabcad74831640b9
+	C = ee0ca8a8538748316f35fc735ffcc7ba06ee10f6758b3fe0ac8a5f892923f0deef3d0f364ed2bee14ae9218b04d47c703e833a30f3a4ce
+	reseed counter = 1
+AdditionalInput = 0850b39da87d71e2f1d6c9b75df303f0
+** GENERATE (FIRST CALL):
+	V = 5a62887a8935381871a49789fef232c05e19fca2f64c9120bdb929e1ae6b734b9226258c1b966084300b808ed71070d49944c3b74ec00d
+	C = ee0ca8a8538748316f35fc735ffcc7ba06ee10f6758b3fe0ac8a5f892923f0deef3d0f364ed2bee14ae9218b04d47c703e833a30f3a4ce
+	reseed counter = 2
+AdditionalInput = 62b716c6505b81b3ed077ed95f4138a7
+ReturnedBits = a9fa07abd09c13f0f99ba7c2dec4d7e343bb693be3a13a4013068d14b351da90650d02abcb3a41220f6f4802d4f940be8d634519eceedf604763679f992abf58f9e176cf225f64d4c2c5c8a13755e609
+** GENERATE (SECOND CALL):
+	V = 486f3122dcbc8049e0da93fd5eeefa7a65080d996bd7d1016a43896ad78f642a8163357da68b45e46dd3dc6cbde13bf4d9fa32baecc995
+	C = ee0ca8a8538748316f35fc735ffcc7ba06ee10f6758b3fe0ac8a5f892923f0deef3d0f364ed2bee14ae9218b04d47c703e833a30f3a4ce
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = cd9edb11f8d2b8459ab780e330eff008
+Nonce = 9265c20d9c9aee6f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 036469a9dceeb41b62c724a8618ba916bfff0d4374a44b54d601ba1e69625a52885c99c457fef7f314d491a0c0cb436ee970fae1704d3d
+	C = fddfc1cc240fbe62c7edc521638c534658bdeacec30b67376de8d8c78e9662176de519b5a8fe6c065722526801c3567bc2e9cb2d071db7
+	reseed counter = 1
+EntropyInputReseed = 8824d10a880d9decc7a38f26a0f81d10
+AdditionalInputReseed = d58de71833075ee25fc13073f2d26fac
+** RESEED:
+	V = 1d7d626288fdff07a88fe42b8137c1479551459d0bfdff4cd9424c9bebcb48f8d7814622611194fa906c700d34c79ad24870ffd95d624b
+	C = ef975d6df7d2b87a19b82ad033ac23155c6724c46d7555f996e4e64658db0769ba4744202840ac3ae8929a90f07b01d341e4fe97caa705
+	reseed counter = 1
+AdditionalInput = 4fe09858b128a437c5d6450ff1225b64
+** GENERATE (FIRST CALL):
+	V = 0d14bfd080d0b781c2480efbb4e3e45cf1b86a6179735546702732e244a6506291c88a99a6f882369dec93ccf9a1d78643a0e724f435fd
+	C = ef975d6df7d2b87a19b82ad033ac23155c6724c46d7555f996e4e64658db0769ba4744202840ac3ae8929a90f07b01d341e4fe97caa705
+	reseed counter = 2
+AdditionalInput = 9a39802f9aeea6da718d3072cf7ac153
+ReturnedBits = 0a461ac64615278db5dbabccdf967dedd4e3040c0974602570380d73f46f15f6e1fba5e857386de09e91d32c40a4371300fa1a8ed23c89565569d5513dbc59d1c0ae0b2c095c0874a1aec79dfce89554
+** GENERATE (SECOND CALL):
+	V = fcac1d3e78a36ffbdc0039cbe89007724e1f8f25e6e8ab40070c19289d8157cc4c0fcf4b624c0fd18e78e9301c556e2b1616a8cc866cd9
+	C = ef975d6df7d2b87a19b82ad033ac23155c6724c46d7555f996e4e64658db0769ba4744202840ac3ae8929a90f07b01d341e4fe97caa705
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b10889ba78d85eaca306be6844adf915
+Nonce = 19df66330ca3f490
+PersonalizationString = 
+** INSTANTIATE:
+	V = 08079c2bdc501dba48d4ae1b4f0ea960a9be0a3c2fe1cd249dda0a886b4d618a6b937cb220c5dcb4fbede796bc8854b155b0f93a119749
+	C = 26ac7f5a355389031261181ba6b99e1731c905d55fc872ec72ccf53fbbbf28a98c0ddc24d59a2c192a5d1f8aff252a5307e1b7e8941be8
+	reseed counter = 1
+EntropyInputReseed = 736cf5182b6673b85f6082479c1f8fd4
+AdditionalInputReseed = 98f6450b6f90d015c30591259f22a229
+** RESEED:
+	V = c1ce08648788f8a593b71b65617ed6cdcdf2b50e2a8e30ac919bb7a7da23dd47c823961f53b17eb8ce720e444bd31799f6148621b0b2e9
+	C = 06d79b1e2841a3e1b0120b2276f4783ad655b67886a64d184addc16d814d28090441db04af60545c3658bba0ffd18393b3109b1bc20087
+	reseed counter = 1
+AdditionalInput = b8b5e4c6e1b986d4e9b8653aa8f4f5bd
+** GENERATE (FIRST CALL):
+	V = c8a5a382afca9c8743c92687d8734f08a4486b86b1347dc4dc7979155b710550cc65724fa485fa816934e6d96d20e3c999edcae4c4261f
+	C = 06d79b1e2841a3e1b0120b2276f4783ad655b67886a64d184addc16d814d28090441db04af60545c3658bba0ffd18393b3109b1bc20087
+	reseed counter = 2
+AdditionalInput = 0db8f743a1ad102125f559536851b98f
+ReturnedBits = 84cb7ec1a2600b970851181bb5651efaf7b725649d73590fa280a003886c2a6cc384cb0cc01a28fa8c380b82410af1ead6edf58bf823cd7fd6bfcdcfddcb1897316d51f4cc8c87b8a8c1cd95c6fc2ebb
+** GENERATE (SECOND CALL):
+	V = cf7d3ea0d80c4068f3db31aa4f67c7437a9e21ff37dacadd27573a82dcbe2d59d0a74ecba4f2c299c8b4fedff03212e3d4f13236e09050
+	C = 06d79b1e2841a3e1b0120b2276f4783ad655b67886a64d184addc16d814d28090441db04af60545c3658bba0ffd18393b3109b1bc20087
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = c85994ed9da6e5dc1599fe8f7e055c9e
+Nonce = fc81e66b96004c12
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7a5a15573cfc34c141372048419c358b77460cc62cf831a1b4a96458791cb5446661223617e13e890271ad67865c1618f8b6f111086125
+	C = f4fd7da577cf3439cb9ab52117dfeae7d12aa4a753c292c4786d3d491a3b496f8bc1e997f68e70ff6c2f3986ba51a655bdc5a8b4443438
+	reseed counter = 1
+EntropyInputReseed = daadf5ed5ac95d5aa19d1a2c0f0d2186
+AdditionalInputReseed = 9e30708e0702f8d19cdee8ae6743b942
+** RESEED:
+	V = fc6d69b303e1ed909146ccd00a835bcac7c3d86ed26be1089a9faf3ead4524103eaf3e4bb811e0e01a1318c00e5df0a1bb67401b01538a
+	C = 9c76b83cfb57f0a3600cafb219b711b15282bca5970b5721803ebfc77eff6f676bd0440cced199d70f510ffccf2cf1767090391e3f1171
+	reseed counter = 1
+AdditionalInput = 29cc6d804d33238083892321c8cd9ae1
+** GENERATE (FIRST CALL):
+	V = 98e421efff39de33f1537c82243a6d7c1a4695146977382a1ade6f062c449377aa7f833111833fc1d131b82e0dc3b2d6d0e3772a817888
+	C = 9c76b83cfb57f0a3600cafb219b711b15282bca5970b5721803ebfc77eff6f676bd0440cced199d70f510ffccf2cf1767090391e3f1171
+	reseed counter = 2
+AdditionalInput = f632356c73de5bcf821fa0127f71429f
+ReturnedBits = cc1e30b7bab9d96509c5e4b8d16ad0d60486fac77e33363a55a2dfe1da4baa2a37759d2fd3d260049d36bdefe1703ec59520be7e140986ba59488aafbb49e8070f046c4a374dcdda9ccd78f49d90ed38
+** GENERATE (SECOND CALL):
+	V = 355ada2cfa91ced751602c343df17f2d6cc951ba00828f4b9b1d2ecdab4402df164fc856f54d8fbdcd72bb712661c982ab15b536275415
+	C = 9c76b83cfb57f0a3600cafb219b711b15282bca5970b5721803ebfc77eff6f676bd0440cced199d70f510ffccf2cf1767090391e3f1171
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 2e5d1d131a8cf5700f0a8871a54e2518
+Nonce = a8587e6caee9f822
+PersonalizationString = 
+** INSTANTIATE:
+	V = 938991b3dfcc9eb2b0cea7eb96e224ab19fd8da1847b34906f0ef69f915ece0292bb3ac1b041ee961f2362b3aab7630aa7452a803ab5ce
+	C = ecf2cb80ff8d52f77e62d2eb649827051b31307cdf7d30eaaceb0dd4409f7a6d7f90ce34d71f81522d0a6238398864e57b3637d8b382ac
+	reseed counter = 1
+EntropyInputReseed = 73de9a17c1594e99835d9812777fa0b6
+AdditionalInputReseed = 59c9c65a19637a5942558e0ef173a9bd
+** RESEED:
+	V = 75df1c84077a014bab91b484232bc1b5e7761669478ffaa6873441b5f3f84ad7d90d63e239ff15d8b4d09941f55cdd4cb7f43340a0fee2
+	C = 2237cd2147961d6fc72ebfca96271084fea5f627f5262303cedb8c578115e9c30d9c387f28b5b57e7cb04a18803555d26f86f1ba396cbc
+	reseed counter = 1
+AdditionalInput = 38951c21311c0ac847068aa0f8f62a7e
+** GENERATE (FIRST CALL):
+	V = 9816e9a54f101ebb72c0744eb952d23ae61c0c913cb61daa560fce0d750e349ae6a99c9848cb35286482d1554393d3e82e888a4d3615ab
+	C = 2237cd2147961d6fc72ebfca96271084fea5f627f5262303cedb8c578115e9c30d9c387f28b5b57e7cb04a18803555d26f86f1ba396cbc
+	reseed counter = 2
+AdditionalInput = db97cd173bcc5dbef19ee81d8b25976f
+ReturnedBits = 0410267354736deb5c4e7cf224e46fb82576440d5baba0cbe3e8f2d21bdcd2a1e4ec4f4b55dd7aaa3d23ef11ae3017be89fa70ae456cdad5b26f42652ec4d5a64108dda1c15f507b0dff0d00fa063e25
+** GENERATE (SECOND CALL):
+	V = ba4eb6c696a63c2b39ef34194f79e2bfe4c202b931dc40ae24eb5a64f6241e5df445d56b7ee705ba253c743c18aa5e987896840d4f580d
+	C = 2237cd2147961d6fc72ebfca96271084fea5f627f5262303cedb8c578115e9c30d9c387f28b5b57e7cb04a18803555d26f86f1ba396cbc
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = eef03ecd416ed1e87ce12ea465890c8d
+Nonce = 3867e8c4e5bae84e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0872ea95984a0bad2d713637b3404ed188b89edcb900574aa703c675b696429aba8a30fed09596dccf1b676018e23ee7be14c286558c27
+	C = b3cdf5f2607d23b2009a3fb2959a43591314a9a825516548eaee27efdb6d86342a1cba91061a0ddae21f4cca00cc6b43b275d165deb30b
+	reseed counter = 1
+EntropyInputReseed = 724a3428391d7e9abca768a0cf82001b
+AdditionalInputReseed = 56dc2f8856f250bda9886f6d75d3eebc
+** RESEED:
+	V = c79bb111a2fbf1aeba6a4c3b866b68a7251dee24f69cdaacf4a5834e2905593d025177fa84c8709d9c7ccd12e09f58bc43d2e2c6be1ce5
+	C = a2eb2cd6c397f4761bf2b03fb7735a9de2f2f9c8fa490028881e18a8bc418c4bc021bfe45047f36058bb628c9f592b66ea87a6d3bee261
+	reseed counter = 1
+AdditionalInput = b281326a7592cdd63c88a60139151b50
+** GENERATE (FIRST CALL):
+	V = 6a86dde86693e624d65cfc7b3ddec3450810e7edf0e5dad57cc39bf6e546e588c273385f30f5526b19d348466c2ffcefa44272a16a2ec1
+	C = a2eb2cd6c397f4761bf2b03fb7735a9de2f2f9c8fa490028881e18a8bc418c4bc021bfe45047f36058bb628c9f592b66ea87a6d3bee261
+	reseed counter = 2
+AdditionalInput = b189b688a438f0a936c83327b41f2c8b
+ReturnedBits = c689905594d74e4d695f367018ba352656b74fc9208de7b697862884c30bfc94f313ff09b9688684e5285709e07d97325cd801ccd4f90fbdf1d7417b26425e4d21e3facf6f8b563d3a4d6cf0ccefa5ea
+** GENERATE (SECOND CALL):
+	V = 0d720abf2a2bda9af24facbaf5521de2eb03e1b6eb2edafe04e1b49fa18871d48294f91623fe0e264eede516ef4392330b826b8daa97b7
+	C = a2eb2cd6c397f4761bf2b03fb7735a9de2f2f9c8fa490028881e18a8bc418c4bc021bfe45047f36058bb628c9f592b66ea87a6d3bee261
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = b69a0db55d17b91d13fefebf233d47de
+Nonce = eecf80609cd4d678
+PersonalizationString = 
+** INSTANTIATE:
+	V = a6fbb08ebbd5d43fd887e74d0f8d6230da418737294bc6573cb32d4615a49cc001c127f5bce6b6b6feb82f34f302bd861419d5888bff27
+	C = f2ca64ed554654dadf971f6d9e86e413d3e2327219de0426480fa49dbf8d961fe465aac2889f8ddde6fd279cffeee158f89529bc513bcd
+	reseed counter = 1
+EntropyInputReseed = edd00829d1b67bb0455365a4a8cfb146
+AdditionalInputReseed = 0848d5584da0327e6e9ac11f3c269baa
+** RESEED:
+	V = 1401a0f68038e4ff3b19e3af1d1756344d04cee13e162e839be269a226f50822c0049f8c81a0d28140f4f091250bdac2304b85b65b24d8
+	C = da71ce64b341c869ed825596a09ad59cf8e18a800d784f877c23b309850bec6ac1bbf732bd4d458811235c088d3b1cf66de73771afc1cb
+	reseed counter = 1
+AdditionalInput = 5268ad7ab535cf7ac4fdb13b8b61971b
+** GENERATE (FIRST CALL):
+	V = ee736f5b337aad69289c3945bdb22bd145e659614b8e7e0b18061cabac00f48d81c0978bbedbe298ffe3479882d06b7393e2a52f47eaa2
+	C = da71ce64b341c869ed825596a09ad59cf8e18a800d784f877c23b309850bec6ac1bbf732bd4d458811235c088d3b1cf66de73771afc1cb
+	reseed counter = 2
+AdditionalInput = 9da472005043cd824a2c0ad35242818d
+ReturnedBits = 898f038468bca56c89d7b579cc0ff8c9cd2d2fc9d843186e797520dd762d0caa4ed0f27380ed79ccafffd6ea82c855ab59ca1dc4cebd64cb936bcb59895c076912e74e69207f24cdd0e473e6a7719c56
+** GENERATE (SECOND CALL):
+	V = c8e53dbfe6bc75d3161e8edc5e4d016e3ec7e3e15906cd929429cfb5310ce0f8437c902a4e4ca6622f50e3f1f8582ed2f39d349cbdf5b5
+	C = da71ce64b341c869ed825596a09ad59cf8e18a800d784f877c23b309850bec6ac1bbf732bd4d458811235c088d3b1cf66de73771afc1cb
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = df6442693c492c65f0e62f769247cc5b
+Nonce = 1d86b393ee2777c1
+PersonalizationString = ff64ab60c6ee2491b1bbf5d44ea76811
+** INSTANTIATE:
+	V = f936742696a0c04aca7872a1746133ad598359287229e689eb91c9e0cf10090a8e123095d2af507a9a857d798c953e8944ce9b749bc083
+	C = 6c5802d72656371cd3af760bb9beb7bee21b723fe6e86eb2d50fbb04fecb27a4b1dee4f117b455fb86f2bf3bd30dc543e815e361b489bd
+	reseed counter = 1
+EntropyInputReseed = 6bb41ff2d3654440b027905d054b24b3
+AdditionalInputReseed = 
+** RESEED:
+	V = e0b4fd734464340f0cd0812bc5d461d6ff0d6634e2460f56c4fc4987e681061e88692ed9a61dafd91a5b4d585363502b778fbf18dabc1a
+	C = 786daa895a6597eee5615b09b8727c05590c6d134da7eb2a52a9128b3493f81fa2d8e3988421425135e509c82185e79bb249f6cea6abad
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5922a7fc9ec9cbfdf231dc357e46dddc5819d3482fedfa8117a55c131b14fe3e2b4212e75505256fe3e2654d3589ac67916db506c21a3f
+	C = 786daa895a6597eee5615b09b8727c05590c6d134da7eb2a52a9128b3493f81fa2d8e3988421425135e509c82185e79bb249f6cea6abad
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9aba6d3f93dcb2bdb4cd19c29ac0657725ed0cee9a0d929efd931750a2fb0a904c7f019ab1634aac16fae83ca351e83e4906c9071bd737cf611eca7445a2bc279ea1f05798bc556ac0d78f722b313343
+** GENERATE (SECOND CALL):
+	V = d1905285f92f63ecd793373f36b959e1b126405b7d95e5ab6a4e6e9e4fa8f65dce1af6ce4130140cad8d8241ef38a1f935f577209026f0
+	C = 786daa895a6597eee5615b09b8727c05590c6d134da7eb2a52a9128b3493f81fa2d8e3988421425135e509c82185e79bb249f6cea6abad
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 2bec17c06b8469841b564d4114d3a632
+Nonce = cc821fea842e9cf7
+PersonalizationString = 42fbe575d1a6f0e1b1fb455b43c7d08d
+** INSTANTIATE:
+	V = e9e30f800f9e1079311282bead93328018ea08c96bb1362b4668b35e68b90cf22a38c8d08cdd161078614a8d84dbc31c7ba7b577422723
+	C = b314a13f288cb66a181cfeaf27798d7b74fbb82dcbaaeaf58bc0f0d2f7a0622ba942413f28f7042cb98d052b1fda4d38897b3cca013e89
+	reseed counter = 1
+EntropyInputReseed = 69cb6e22e5d7b532bfce61c36a7f4a96
+AdditionalInputReseed = 
+** RESEED:
+	V = 6d0f0f813ff025c967c4ff3bc5789ec24a7ce4b419d0b874aa4add17aaa931f3ddcf6db3884200aabe6cd6690a4b9207593739c02e70ad
+	C = bf6b557bac512426f3dca6e3529d820f91ca0957e2b24c1bdb4c45c7744ac95ad082f876362ab2952a18432d78590fa44ba2e913808b46
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2c7a64fcec4149f05ba1a61f181620d1dc46ee0bfc830490859722df1ef3fb4eae52663fa6541eeb72786a068768e22e4206e7c0610f26
+	C = bf6b557bac512426f3dca6e3529d820f91ca0957e2b24c1bdb4c45c7744ac95ad082f876362ab2952a18432d78590fa44ba2e913808b46
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0721db47794ec631a6c5e2c7f3367f608bcae824bc532bd6042b4e07d2f8d40a341ae242da36731c5d42299ca7f91a3bfbbc36d5f114ace7ac01602f89a24a4649276db2943dfc09da913c3083d456b7
+** GENERATE (SECOND CALL):
+	V = ebe5ba7898926e174f7e4d026ab3a2e16e10f763df3550ac60e368a6933ec4a97ed55ed4d42dfb5c7e8e176715379e1439f4e00d1bb748
+	C = bf6b557bac512426f3dca6e3529d820f91ca0957e2b24c1bdb4c45c7744ac95ad082f876362ab2952a18432d78590fa44ba2e913808b46
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = cf04cd7612e1b076d0b20514606657d5
+Nonce = 9afe5550efb48d93
+PersonalizationString = d9410bd534d91986d03a129976338338
+** INSTANTIATE:
+	V = 119ff5112748b5d5421d192f71576133d081e629094bf066faab527d72ee3fe5d621aeac0ddd727fba95d91df670713cf1e7a4f78581fa
+	C = 3b1c5502b3635397f3b1b40bba363cadc1fe7fe1ba61409935fc998b818a492a2ef1c0a34dc560cc39838e6059f7dd6a06c9aa5db2f7ca
+	reseed counter = 1
+EntropyInputReseed = 5d3fa2092c20fbeed0f43cab35bbe15e
+AdditionalInputReseed = 
+** RESEED:
+	V = 16afc37dc276fae7467ec79ccc47d7f968dfc9cae47d3ba34ea441ca30d08ac42ab27a6eac6ba64c27bae81c73dc408eb2934694574581
+	C = 9c9183c6c8a3099d5850d2400bf3dc0b33f6d94ba4bfbfb2dca9768ad0fd94ffcd5be99364bc7177aeb447f74729e4771d68444b167e97
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b34147448b1a04849ecf99dcd83bb4049cd6a316893cfb562b4db85501ce1fc3f80e64ccf7f10bd994e21556e3ba5dbea8eeeccd8615d5
+	C = 9c9183c6c8a3099d5850d2400bf3dc0b33f6d94ba4bfbfb2dca9768ad0fd94ffcd5be99364bc7177aeb447f74729e4771d68444b167e97
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6c8b9de910823fcf6df6b0e1572c13b197eca26287cf7ad17a6fdc0fe99a90f19c1fb5ef70292cbc6260bae04d70ce06d2acd63e7d0c37fac662e898536286012917f3083222148ff677ffe2e1c0ee77
+** GENERATE (SECOND CALL):
+	V = 4fd2cb0b53bd0e21f7206c1ce42f900fd0cd7c622dfcbb0907f72edfd2cbb4c3c56a4ecf9ad4b1c83e92ba3708cb40c2e89472e6b18c02
+	C = 9c9183c6c8a3099d5850d2400bf3dc0b33f6d94ba4bfbfb2dca9768ad0fd94ffcd5be99364bc7177aeb447f74729e4771d68444b167e97
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = ca3382e2c6afa8090dab10ed332579ac
+Nonce = d6b304b5abbb122b
+PersonalizationString = a7af3f9071528b9d361ca814f3fa21d9
+** INSTANTIATE:
+	V = f63046e5cd5215ed5e3ff7b29c24de94eb7db445529484837d9817299f07aa9d3090687a725e2099a43de87ce448901dead26fc5a11869
+	C = e79e56ec7c5f6264187a06c6ad7f2d696db93a74c1ab7f15daf8578391a741a669612e142382a1d27d4b2a5b803f7d192dac42728bc567
+	reseed counter = 1
+EntropyInputReseed = dc37621831f091d6078d448856aaba89
+AdditionalInputReseed = 
+** RESEED:
+	V = ed910220ec7d81f0fb06dc3edcf10e9653a6cc0e1b10bfc0c03b6163955156249fcbe08101502567d15299772c15474787354607157ee0
+	C = cef6b0005da6e7f69ce4865487046d9bdc2e0bc53284feb8c17305b27e6f914b501899435a45260c8d05cc8bead4c3d804f1ec443a22ed
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bc87b2214a2469e797eb629363f57c322fd4d7d34d95be7981ae671613c0e76fefe47a8b9857962b7081c52f2a15d21be54aa19ecb26e6
+	C = cef6b0005da6e7f69ce4865487046d9bdc2e0bc53284feb8c17305b27e6f914b501899435a45260c8d05cc8bead4c3d804f1ec443a22ed
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9f31474793381444b5b2a3d9c53eed022b779e405404b25b4f8d6af54d11b8130e15905cb212dadc1907451df920d2702c0d6fe843d786f9638eea06f364f91e113aca28f81557c9720cbd5733d30108
+** GENERATE (SECOND CALL):
+	V = 8b7e6221a7cb51de34cfe8e7eaf9e9ce0c02e398801abd3243216cc8923078bb3ffd148b4d9635dfdca3c012e3e4cd00328b7cc63f72f3
+	C = cef6b0005da6e7f69ce4865487046d9bdc2e0bc53284feb8c17305b27e6f914b501899435a45260c8d05cc8bead4c3d804f1ec443a22ed
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 9042d8fe759cc3106fe8fd64b54494b9
+Nonce = 3133ad43ace959a1
+PersonalizationString = baad641c6cef0212fbfd0682196a79b0
+** INSTANTIATE:
+	V = b9fbc1a98f7b1ce390206ad5065148d4293ae0ae0a5261373caa4f2c33ff5497272a5b529aa0075e70ebb68aff60538e0a5c236e662558
+	C = cde825678bccc9338aa004e39a8c20a43623180b0c7fa0ad85698e940f608e6849bf0509614bad10da8a55e0eff4de2d30ddff47a1f2dc
+	reseed counter = 1
+EntropyInputReseed = 5690cb878e8a09779228ff1414a8a75c
+AdditionalInputReseed = 
+** RESEED:
+	V = 3538e51a69cbc31e6b4e264b21eb513757f7ba669c04f68012f369465a6abf5722b60fd5c5ac043879a782ce473ca01081019893e1b0f2
+	C = e68aace2a55563126641f0574ddebd4ff0cb54fbbafefce50cc3442064df959cfd01d70b43fcbf300e1da4ebe4b54aa60fd02bc0d3ccfd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1bc391fd0f212630d19016a26fca0e8748c30f625703f3651fb6ad66bf4a54f41fb7e7dc2bd54060daa00f99856e493ed1433fd4097a82
+	C = e68aace2a55563126641f0574ddebd4ff0cb54fbbafefce50cc3442064df959cfd01d70b43fcbf300e1da4ebe4b54aa60fd02bc0d3ccfd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c8364a852e9241a437f062fcbe12d2cb8e94b00f889a2a397c12af1d2a5f252c7c3e368728421ccab2b2210b0682384d533ef4c13da651d498480e6e23466369cddd97e54cf41966cdfff9b3422b7b1d
+** GENERATE (SECOND CALL):
+	V = 024e3edfb476894337d206f9bda8cbd7398e645e1202f04a2c79f1872429ea911cb9bf24ebb1806a6e48718f44356119181e7fb5be412f
+	C = e68aace2a55563126641f0574ddebd4ff0cb54fbbafefce50cc3442064df959cfd01d70b43fcbf300e1da4ebe4b54aa60fd02bc0d3ccfd
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 55814c3232e2eef1a6d28a821b22bc5e
+Nonce = ddfd92ddb66e9b6c
+PersonalizationString = 0e6c0d3ff2db82fc2c7223293b78e1fb
+** INSTANTIATE:
+	V = 52e613d4224dea6a4e3fc123976371edce001c7e45decf093a1ae2ed09a439cee9317b9735ecb67fe685c26ebb2a7b5ebcd937ae1fb6dc
+	C = e1a258da107110c945ef925384449c9f39c8eb71627cb7db0319de46a2fe74409ddf2ede659f38b0f2701b52def5d4a9ae5a26c585bdaf
+	reseed counter = 1
+EntropyInputReseed = ed1c26b91ceac071e4db23b0d81e075d
+AdditionalInputReseed = 
+** RESEED:
+	V = 103cdd34710c3e9c0ef925168892067d84552b557d5b019a5d2822c54c8574d4723575bc7c4c519a8c120ee726c7545830052e8ea6c527
+	C = 24d35b53192f92604a297b89d0fa8536e991093c3e8216c53ffee505576ecc8be5082804628dda7c2a6a3113fb6fc9ed06bae044abf922
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 351038878a3bd0fc5922a0a0598c8bb46de63491bbdd185f9d2707caa3f44160573d9e768909f353a0fb468f0168dc8a1809ca15433c68
+	C = 24d35b53192f92604a297b89d0fa8536e991093c3e8216c53ffee505576ecc8be5082804628dda7c2a6a3113fb6fc9ed06bae044abf922
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1b814091991153c98f1feff2dea2959c163fc27ab2f447dafb2708cd4ec937e2a648a1b6df911ea528fa6190ea2731f05a69dc08d60e9c5e81ad9f83f3d322adc0a43956f1282cd04804f44d63cee36e
+** GENERATE (SECOND CALL):
+	V = 59e393daa36b635ca34c1c2a2a8710eb57773dcdfa5f2f24dd25eccffb630dec3c45c728f33dfaa06f6f11d9571d3bba9eb6a5eb6e4cd6
+	C = 24d35b53192f92604a297b89d0fa8536e991093c3e8216c53ffee505576ecc8be5082804628dda7c2a6a3113fb6fc9ed06bae044abf922
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 304ace3da57b849061d013be67dff5b9
+Nonce = eb7759e4b85558af
+PersonalizationString = ba4aa19dac3ba5135e8d4b5f22b6f190
+** INSTANTIATE:
+	V = 83c987caeb5332b3b16a0081aa6d32af66f2900438d0e3e3167238f04ef23a9540648ef45dc399a75277ffb24a8baead3ee4752963a287
+	C = 39c202a9b7251e0d32614b0fe0aa74efc128e09218c08ea6d56756ec35ede4f30958956cb20b67abc704a7243e461d60a10323699ac56f
+	reseed counter = 1
+EntropyInputReseed = 79d7bb8867199d8d755be4aaab2b8ff0
+AdditionalInputReseed = 
+** RESEED:
+	V = 781896beb7690cb6b08dbba2881d831f36c020bd34133ff147101c8f7107f4adfc053b7c66252255f6fb069db8441a1eb3e600b8e1e721
+	C = 9f26a6c50ca1eaafccbac44984012853fa81b0747e29274de23bbc251d0700b82a1bcb23535894d09a460c4a2314008f48f9b0d5a89b28
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 173f3d83c40af7667d487fec0c1eab733141d131b23c673f294bd8b48e0ef56626210702e337f000fa2a9b4c05ace7eea1c6eedd2e5f0c
+	C = 9f26a6c50ca1eaafccbac44984012853fa81b0747e29274de23bbc251d0700b82a1bcb23535894d09a460c4a2314008f48f9b0d5a89b28
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 38ad786ac834524ed4082afa134abadd1d3e3ba582da5d10bdd8f7003c382204ed10ca0466872a325e476caac5e12893b0ac612b141d64b83be5af3ad45c02d051201029a4acaf8e8cee88c16e745a73
+** GENERATE (SECOND CALL):
+	V = b665e448d0ace2164a034435901fd3c72bc381a630658e8d0b8794d9ab15f61e503cd23d0d17b9186f1cea3cf0bf5870e76a3a5297d294
+	C = 9f26a6c50ca1eaafccbac44984012853fa81b0747e29274de23bbc251d0700b82a1bcb23535894d09a460c4a2314008f48f9b0d5a89b28
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 278937302893bead0bbdbcc633016d6a
+Nonce = 957547c91a999c77
+PersonalizationString = f00eeb8aada4e3daf83d13d9850874c3
+** INSTANTIATE:
+	V = ec69e97cb0a707ed4d19e0553fac6d5ce95ae81977d3209ee211666bf4246d4004890fba4184b6857f2193ee1b90a679b3b8e403cc005f
+	C = 19eef81fb66fed71e8c073d91a4dfad9866971b185363052b717f17adebeacd28354006ba47d2828b7a987156426d3a9d82cec7c5c11fe
+	reseed counter = 1
+EntropyInputReseed = e62b90a6a4a11bea34f77fb0018c29b2
+AdditionalInputReseed = 
+** RESEED:
+	V = 1f00575fe2941c1ee4de0c3e34169a8e99bc31c9514e757a00142414272edf08176cebee6963898df334e3e116cbacf0a3f81922b87da4
+	C = 9297bd41bd437942dec9716c7ce7111a30847c0be6c24732591f6f447d4700a8ec725f7c9e40ae7326e131c89ed91a6680a3024df67813
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b19814a19fd79561c3a77daab0fdaba8ca40add53810bcac59339358a475dfb103df4bba34c30a78d615a5d53a7122146b18335a3f5f60
+	C = 9297bd41bd437942dec9716c7ce7111a30847c0be6c24732591f6f447d4700a8ec725f7c9e40ae7326e131c89ed91a6680a3024df67813
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1804a61c02b58316d92c0540161b97535c0611ea9b8960317259e448236812b96bc8e46d0ad692ea60589b96fa83aa5984adcef415d9fe53e9eca111e0d05f3da8dd0b574ac8ac8e518dc84adbdaf394
+** GENERATE (SECOND CALL):
+	V = 442fd1e35d1b0ea4a270ef172de4bcc2fac529e11ed303deb253029d21bce059f051aba2177dea2f53ab52dfdde0b0b7fc455bf1ebc5dc
+	C = 9297bd41bd437942dec9716c7ce7111a30847c0be6c24732591f6f447d4700a8ec725f7c9e40ae7326e131c89ed91a6680a3024df67813
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 7d81f1565c9893916bc61d660cc99e11
+Nonce = c07b7bca723e52a2
+PersonalizationString = d2ddb56bbc35d73655070669f4a2bacd
+** INSTANTIATE:
+	V = 2c4876d7a9f2a800010854be8cb85f67a44e5875f5ec659ce29d1670f5f0ddb2574b44081794fab7ba934dcf2f19217c3c4c14c2404e58
+	C = 93751579c62eb45f09f07f4bab5235b2ee59ddbc2a1f6b8a6ddc90de4f4538361ea3c729b4c4fe24605e6876f446895d90949037aedbff
+	reseed counter = 1
+EntropyInputReseed = d7012474ee4ad5b0272572dae6fd6af4
+AdditionalInputReseed = 
+** RESEED:
+	V = 89f7eefa5041b5a3a409ec14da61d7b421d80a6c88febc7627161e47dbf2d29dcf7820fabbd70f8cdaad5ea4393fe48164a9c7d610e893
+	C = 0f560960128189f0f2dc1a495861bc35eda69096aa8a1b0e2a6c17982b6e3b4d2053e940437edd3fe5f8e53e02ba0f70bc483533c7632d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 994df85a62c33f9496e6065e32c393ea0f7e9b033388d784518235e007610deaefcc0a4c72a8d5190c4cc0717e47df0549dacb923ec985
+	C = 0f560960128189f0f2dc1a495861bc35eda69096aa8a1b0e2a6c17982b6e3b4d2053e940437edd3fe5f8e53e02ba0f70bc483533c7632d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = dcd900b725375668deb6d86e93f68353942e55dfdbf89063f7a46e03ed6115557adf5b84f78adc6fac815dd8b5cc9c8f66ffb377bb5a0436219b087c2c55ed338a33b9fa04f7a8955051262b6523d887
+** GENERATE (SECOND CALL):
+	V = a8a401ba7544c98589c220a78b25501ffd252b99de12f2927bee4d7832cf4938101ff43cf1e624347e4315dadbd5d4758e2650b1275a76
+	C = 0f560960128189f0f2dc1a495861bc35eda69096aa8a1b0e2a6c17982b6e3b4d2053e940437edd3fe5f8e53e02ba0f70bc483533c7632d
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 1566b52f4b3b8c9aa9170203a3fcd819
+Nonce = b03d89a14be43710
+PersonalizationString = 631aaf4e04e6dc7cd1ba8d7fbb828cb2
+** INSTANTIATE:
+	V = 8485758597dee4b4bb01e321b7431e3a65bb69cc591f3f276810c7d4a71d7a504145759e42cd6393287bb6a40291f75eef48cabe66ddf5
+	C = f3b4615841e6ad8ec5416ca8aa7fa62480e6cec24661c34ee7816375024ac1b1bd09c7a6c0bcaeb7be88076ef024f40cdcce0c9640ba49
+	reseed counter = 1
+EntropyInputReseed = 39deca3c0116a6517f5a1920035ae8e8
+AdditionalInputReseed = 
+** RESEED:
+	V = a92cf7e57e570ceb7787ad69673c4911f06d6cbe5376a10ae72696ea4db7ddd025a69f8075718436fc9352a330af7a08bb6eecb2f9c32b
+	C = 4c1de5d033c89664096c8dee5b0abbdc5b2a7147324d0a8c8b9d9bd8a1e2b5b47d8cd981037438cf387c4e8ee9824005156f100ad65666
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f54addb5b21fa34f80f43b57c24704ee4b97de0585c3ab9772c432c2ef9a9384a33379035671a3e51c916ce03e605630b08457de769ff9
+	C = 4c1de5d033c89664096c8dee5b0abbdc5b2a7147324d0a8c8b9d9bd8a1e2b5b47d8cd981037438cf387c4e8ee9824005156f100ad65666
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5b399647df27efabb03263f3a303c3b2376154697c3ccbc51f8c2c77c7dfd2bd5b6b88d82ac2143a96fe44619624b62ed66fb4aa773b1d20f8948e7cb06b1eb1709648b8d894185b5fbf613337642378
+** GENERATE (SECOND CALL):
+	V = 4168c385e5e839b38a60c9461d51c0caa6c24f4cb810b623fe61ce9b917d493920c053785119864fe08267efd2196e75d4d2240c4da284
+	C = 4c1de5d033c89664096c8dee5b0abbdc5b2a7147324d0a8c8b9d9bd8a1e2b5b47d8cd981037438cf387c4e8ee9824005156f100ad65666
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = a4bc33afe038cda8d55ca3dd37fc5d72
+Nonce = 8ad815f9be6eeb45
+PersonalizationString = 9b9cbb081487c1ea40534d29cd79e8bd
+** INSTANTIATE:
+	V = f12f2910398f89b92bf9103f8c9d127920dfcf9504d5bd277c76f8f39347d98dc2195d100f2c2a18f2242c057f0d1053b5da77ec2eb387
+	C = 90cefa8c73c84585e37422e95ca14e5b9c8299472dc511cba4c6f7f5075bfdcd9690f1a17477863c351cf0cc394ffbb3ad10c2516da91a
+	reseed counter = 1
+EntropyInputReseed = c933fa73c99b59db0e71db0c9c44827d
+AdditionalInputReseed = 
+** RESEED:
+	V = c8766bb10e3130db3ee82c5e51e513d4721cc30c72cd6c9779d501eb557ebf04f2d467fd1797d1248313cd21720a92b163b20308d6865a
+	C = 2f4d5036b71dfdc5f05158eee26cca05efdd1f6aeeae63719f3f75db519856ef7613bfabeaa864b02f2b111c2a022d3d70a17cc4122e86
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f7c3bbe7c54f2ea12f39854d3451ddda61f9e277617bd009191477c6a71715f468e827f04710a2ee13459dd3e6427b342d88c8d70cbac3
+	C = 2f4d5036b71dfdc5f05158eee26cca05efdd1f6aeeae63719f3f75db519856ef7613bfabeaa864b02f2b111c2a022d3d70a17cc4122e86
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = aa6fcc36f21a4cdaa8cc0120ba2247f40115aa3a32e61010e4d69a02bb6dfd17be5b645fb248a55abc8a7caab4bc003c1806d5e151a2ea2c78b1e804307ed3f182d8d13dfd3c13075bf22c3aafd0ec29
+** GENERATE (SECOND CALL):
+	V = 27110c1e7c6d2c671f8ade3c16bea7e051d701e2502a337ab853eda1f8af6ce3defbe81003299b842b31b5849fd07f4ac13c1efb5b4154
+	C = 2f4d5036b71dfdc5f05158eee26cca05efdd1f6aeeae63719f3f75db519856ef7613bfabeaa864b02f2b111c2a022d3d70a17cc4122e86
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 1a80bc4e395c812dfd3140ab74224068
+Nonce = e785f5a8d3681258
+PersonalizationString = 08ac198c6122ea2e63291f12f98b71d9
+** INSTANTIATE:
+	V = cc3918dfaf395040b94664cfebc35980b03efe0484031b5905d68e044d5530ee6e92ca9ab87967b0f17d6a39f17aff44bd3512bba7ba6e
+	C = 7b92fd1b588f8220e7d014676ccc6d179be222699fcdadec9876d025ca48c9bc5ea9003cda4d6ad69ba3320bd6a8c95272f0d97ef319cb
+	reseed counter = 1
+EntropyInputReseed = 76e76922c964bed1bd8ec611682a092a
+AdditionalInputReseed = 
+** RESEED:
+	V = ac30b1a16cbf1910967d604f3fa56ce0e01387400e85b07b7502d38d1e35c452a81d02daa245c309ef7e2569578fb2fa52e0837a6bcf84
+	C = 7c254a6b6df08966119662eda5afad0b5f01de15876476c3fa354bc3924a87c8e7f0ee097ec0f39d253cac7028725e7d10fda10c353c7c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2855fc0cdaafa276a813c33ce55519ec3f15655595ea273f6f381f50b0804c1b900df137c00b981b04632e74f8cddf7be64808bcb1ea1f
+	C = 7c254a6b6df08966119662eda5afad0b5f01de15876476c3fa354bc3924a87c8e7f0ee097ec0f39d253cac7028725e7d10fda10c353c7c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ac1ae9717329b6c7f818f4a00dc4054c3ad16a72ee7fd7c3a5c3dfe8198e2ca984c4156f7868a7e8d41311068c7e2257dac4f86b0986af2992db79f16588cf43e528fff9e1920743424a73169336d800
+** GENERATE (SECOND CALL):
+	V = a47b467848a02bdcb9aa262a8b04c6f79e17436b1d4e9e03696d6b1442cad3e477fedf8a31c87e4b4d6624dacd375dccd75d05c17d6683
+	C = 7c254a6b6df08966119662eda5afad0b5f01de15876476c3fa354bc3924a87c8e7f0ee097ec0f39d253cac7028725e7d10fda10c353c7c
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 6429a48bdc27456889f9bd4ad4d24690
+Nonce = 92c78d2ba2a489c9
+PersonalizationString = 80f49bde3e4ffb5a29874adadbf97c32
+** INSTANTIATE:
+	V = cc190e183393556d136e49607f1632f894554a1356a5587c1f9e8bdd6cdc0c012078de6781f2168ce9a55dbe67924442a8509d00ffd2e6
+	C = 1430fdac4eaafc67bea9dca183f044ea25e9018ba4e373a832bb5174e6432ec933cd33197f4f1c94dbdfaffeb639a518a8ce9bc4c6f15d
+	reseed counter = 1
+EntropyInputReseed = 543fcfbc9dfe870b40bf74213a4cc830
+AdditionalInputReseed = 
+** RESEED:
+	V = ddc2c0b58632003f7785f6dcbaf60536a19fda308dbeb75f9901913259324ffc9d215ef47d1278351030064adba525d32587df642227bb
+	C = 3ea6276c9c4894436fa7670a0079cc520beb3f5c69fde29d732577d8f828ee27575a1284d8944a18e9bac1975aa6825169999113ffad35
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1c68e822227a9482e72d5de6bb6fd188ad8b198cf7bc99fd0c27090b515b3e23f47b720f8a39dff67a32e595bd4130794e7f6e3cd08912
+	C = 3ea6276c9c4894436fa7670a0079cc520beb3f5c69fde29d732577d8f828ee27575a1284d8944a18e9bac1975aa6825169999113ffad35
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ab3412a8ce277f3f5da0aec483ffbb0a325511e58564ba23e5c140407b3e35314a6b7c3455ae66ccf82982b498fb0bf17eeb44ce1a5faf88ae2417623633363f6a7f7839b893bf6d100ec63a0a00c039
+** GENERATE (SECOND CALL):
+	V = 5b0f0f8ebec328c656d4c4f0bbe99ddab97658e961ba7c9a7f4c80e449842c4b4bd584f188c8b260f5375f370fb31adac32d2ac2e6dd98
+	C = 3ea6276c9c4894436fa7670a0079cc520beb3f5c69fde29d732577d8f828ee27575a1284d8944a18e9bac1975aa6825169999113ffad35
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 78ab6c8af92433b8671435c95e3815f6
+Nonce = d65529b57ab2921b
+PersonalizationString = e270a86b8ee5f9f92789679bb08611d6
+** INSTANTIATE:
+	V = a5d30cfa09ee0b77ea1262bc8c1d998edba1ba143ec8c3ee87226455a1f02dc1bfcacdde0c322e822a0c46546d67375139d62efb0faa66
+	C = 85191ed4142133904c12d7e5163266f048ac2b785f6422c19661867a97dca7b5e4d8a9ce573364c6d2ddd0f503c4c922cf719bf293055e
+	reseed counter = 1
+EntropyInputReseed = 94c7f0a336e494d9c17f635944e5ef91
+AdditionalInputReseed = 
+** RESEED:
+	V = cf308b2f2889d1b124f00e7fed4085ad0fb0f79f5091b4fc974b555ac9b603308ac0636078c9d8852aeb6fcb53e3c45e0ca778629ae5c0
+	C = 82187c17fe0a86ae5d9da4cf131ee3530c03a17e7d90ca6761e1946e51f2e3ea0c6df24671051c1d43eea18607b906c704bd84686c40f7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 514907472694585f828db34f005f69001bb4991dce227f63f92ce9c91ba8e71a972e55b5e1d4e9e3b194aade1c8cb3fab11e721161832c
+	C = 82187c17fe0a86ae5d9da4cf131ee3530c03a17e7d90ca6761e1946e51f2e3ea0c6df24671051c1d43eea18607b906c704bd84686c40f7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 248473aaf94968e0de6f6459039b4a212b55df7cab4aab8895655aa00b10f334ef3d9a7e09e845c30284bb4cce389b4c35d220efa8a932cf02d44962da8d55132f810bd4eae09f67b42c5de3374906f0
+** GENERATE (SECOND CALL):
+	V = d361835f249edf0de02b581e137e4c5327b83a9c4bb349cb5b0e7e376d9bcb04a39c48676180b4bedafe13ee3fc375482c5c2ee3aed92a
+	C = 82187c17fe0a86ae5d9da4cf131ee3530c03a17e7d90ca6761e1946e51f2e3ea0c6df24671051c1d43eea18607b906c704bd84686c40f7
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 0671c0ba246f11b99e291dbc981bbc93
+Nonce = 216583cd4cc22b06
+PersonalizationString = d4d9a017a6ffd443d780c2c88ee92db8
+** INSTANTIATE:
+	V = 528c21ba4edfb36e91f32992069be67ccea7d9e8d450ac100e172e03d7ce3dd65a5f6310c119f03b23f5e05c6208a87e471c3f1e8d4886
+	C = afed6104383f00608e42d4b90cba9dd4bfa36ea5ae9b73e091e8733d46aaf01a7fe4483eaa1c0057ff60c08083293f4193d02c9d776b0c
+	reseed counter = 1
+EntropyInputReseed = 5f2646a5cca8a883140a9cf410b9429c
+AdditionalInputReseed = 
+** RESEED:
+	V = f1c91d4fbd436a24d1e672e293ee9c6e2c32da1c393a131feb93da20ad368e59be9e177dc9cbba6643cd335f0f0f8dd5fa2329c97bf8ea
+	C = fe1636728798d972ce80f395d0d68b830e7af0966098990eb64ea76cf0df5cb448890a142edf77390b8051a005ea34aace0c7cd337be68
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = efdf53c244dc4397a067667864c527f13aadcab299d2ac2ea1e2818d9e15eb0e0727220bcfae305e12971c518f513ad6ffe63b52a8473b
+	C = fe1636728798d972ce80f395d0d68b830e7af0966098990eb64ea76cf0df5cb448890a142edf77390b8051a005ea34aace0c7cd337be68
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = dac2008a1bf3295667eddd90e6059906f92203667572b3bb235bb00d0ba80ba950745203b7f72c80dfd9b4302a4a446bbcfdaac66112f7954c4b8391bad6c5eb1b5c104450d68d313a8d225f30699761
+** GENERATE (SECOND CALL):
+	V = edf58a34cc751d0a6ee85a0e359bb3744928bb48fa6b453d583128fa8ef547c24fb02c8bb81374d9306355c6d81baa0b4ee44577a97784
+	C = fe1636728798d972ce80f395d0d68b830e7af0966098990eb64ea76cf0df5cb448890a142edf77390b8051a005ea34aace0c7cd337be68
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 01a5d726cb5534776069badb6ac2c5be
+Nonce = 7632c928dc72c5ac
+PersonalizationString = 10a366b42cec847cab9e50070e7de853
+** INSTANTIATE:
+	V = 07635a341e88d2754adcd60f341c42946995884fbd62a695b6b61c79719179caca458368c876812abd18105016329a90ef51d5a5c5eb33
+	C = 53d823d26d712607f6e896f8667a9015bba4d8a14cd1672d10000116c51733186d587923f6bf28d498d808cf9d483bd64861817da44b92
+	reseed counter = 1
+EntropyInputReseed = 9e0991fb5a8b6e712f56707890e5efae
+AdditionalInputReseed = 38e619ab86aa7788617b4990aa43260f
+** RESEED:
+	V = e14720e4d88c0e7584b2d989d7ce6b64aeddb34b730c35aeaaa4025c68d8de95942761b6ebd40f54443438b4281f7210c8f8b44f175f83
+	C = 8da033dcdef30caf5be09965658facb1641d309ada5278ec56b563a2ea882e661e1ec433b31180a9b1ba9bdc3821984d8f09d4658a86c6
+	reseed counter = 1
+AdditionalInput = 24062587b7ffa7c66d5cd04e24f09738
+** GENERATE (FIRST CALL):
+	V = 6ee754c1b77f1b24e09372ef3d5e181612fae3e64d5eae9b015965ff53610cfbb246264be7b312c567ac92f72e51eea02578c4541aa998
+	C = 8da033dcdef30caf5be09965658facb1641d309ada5278ec56b563a2ea882e661e1ec433b31180a9b1ba9bdc3821984d8f09d4658a86c6
+	reseed counter = 2
+AdditionalInput = 4f04e7a107b0c8c18c2b68fae4de2e1b
+ReturnedBits = f87c842f3608f96e3e238f92017af0082d15eadb33ff6fe9068a42b004d7d0093dedad2b1504b2dc1ef541d714b2c1c7f65e67fe42236afad4dcf268fc9799d58d401f2689334c0909eefc832d87d570
+** GENERATE (SECOND CALL):
+	V = fc87889e967227d43c740c54a2edc4c77718148127b12787580ec9a23de93b61d064ebd65687d8f4588d57ed8fd4473cf17a8b9b1ee14f
+	C = 8da033dcdef30caf5be09965658facb1641d309ada5278ec56b563a2ea882e661e1ec433b31180a9b1ba9bdc3821984d8f09d4658a86c6
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 2c331df607258e8c3e6d41902d9ae148
+Nonce = e6f60cdc3310b188
+PersonalizationString = 2bd79cf845e93e18c65b62a8c332bed3
+** INSTANTIATE:
+	V = eee1491a4331ab32b954cb3f5b7e89fbc88101f984b0456517309f08c64bf18a0f110be08fc8748ca03153d8874f518d6a30069a49eea2
+	C = d68bafa33bd68d791ccf7a7329e1f3018bc7439fb3b3743c30e10929b9e957f025af6d7d55c7d61204e3834b3c3c1e5ee4b1ba4f8fb138
+	reseed counter = 1
+EntropyInputReseed = 9e5e7761c4df6342f042d38fa8595ae7
+AdditionalInputReseed = 3425f6731d2b7e77e2856c043fa43a31
+** RESEED:
+	V = dc53d6259233acbcae946f73071496fcdc95d66ca6adc4ed80faf0288c46fbe3e1c4821a61c4ee4be7b8c430c2add9220b637630e9679a
+	C = 67f9ac006dcc2fb5af9725913ba9a40dc5e48a1d64256c8c51ed9ec915d941b6a7004ad06f12cce9c428a3861ca63579e196cd97d32eee
+	reseed counter = 1
+AdditionalInput = 908f8faa1286a9da48104e182d77a091
+** GENERATE (FIRST CALL):
+	V = 444d8225ffffdc725e2b950442be3b0aa27a608a0ad33179d2e88ef1a2203d9a88c4ce95c6e7eeec29f96d407887f74eab714427a80610
+	C = 67f9ac006dcc2fb5af9725913ba9a40dc5e48a1d64256c8c51ed9ec915d941b6a7004ad06f12cce9c428a3861ca63579e196cd97d32eee
+	reseed counter = 2
+AdditionalInput = 403b281138bafda56a05a4c5c6fa3914
+ReturnedBits = 16c63d8cedaebcafd272ce787c84090880e29e3e9e81089644e72428ec5d7e77f4acd5150d0f396ef110fe3b6118b8d8143668ceca64e599936b96fa96d71fcf11ebd4cf743b1ccc7322a104288d8213
+** GENERATE (SECOND CALL):
+	V = ac472e266dcc0c280dc2ba957e67df18685eeaa76ef89e0624d62dbab7f97f512fc51aaf8887f1e549f1c70e47f41532703c12637580e0
+	C = 67f9ac006dcc2fb5af9725913ba9a40dc5e48a1d64256c8c51ed9ec915d941b6a7004ad06f12cce9c428a3861ca63579e196cd97d32eee
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 270c76337d788ef2ef6061c9d25f277f
+Nonce = 39fd596c50313147
+PersonalizationString = 3df4e765755c2e446a8b10bc252d40c9
+** INSTANTIATE:
+	V = d28a0f1410f9c5d437f41a2bf4decccb32db55a2abbdfd5d731d2a44c00699d019fd7505cecb8201da2289cb026910a41ed1013ca26786
+	C = 4c24cda585e224855eb0e70636d8aa369c566e552dbb047823080932a390e014c15259ed0250004cd57ac46385b3fb600de3e2ee6f5352
+	reseed counter = 1
+EntropyInputReseed = c35eedaa188d3134a055cb5911aa2c8e
+AdditionalInputReseed = d8de9bc628b80e7add9c4f5b5fbf37d5
+** RESEED:
+	V = bea8a01d2c2a44dcbe722ec2f6314cc1a6683093e9d18a820ec2cd6ccc06133c7e07091bdbc36d6ab88dadee0044a60fdc43ef94832b49
+	C = 4de70bcb8ab0b980dbd82a3dc2b2db40ad3a4510e1d2140f662aa08834741d4989727d2bb0ac9a67d134b5174e62b1df15978943148f9a
+	reseed counter = 1
+AdditionalInput = e24375e6ac75aa06f4e54543dba0d739
+** GENERATE (FIRST CALL):
+	V = 0c8fabe8b6dafe5d9a4a5900b8e4280253a275a4cba39e9174ed6df5007a30860779868de4609c0bcaed6faae3c699df49ed1ad8004f10
+	C = 4de70bcb8ab0b980dbd82a3dc2b2db40ad3a4510e1d2140f662aa08834741d4989727d2bb0ac9a67d134b5174e62b1df15978943148f9a
+	reseed counter = 2
+AdditionalInput = ab8050ed99990fc315e9e82ca2050e89
+ReturnedBits = 2091cef4125b306b690318715d0c471858184223ac3d7b2db22741f980441c5e5d965baf77b23820f1cf9c1cdb59db796e73898862c10239780a4c3e443d6008d64e5925442c8fe8ea61dff657a1d4fa
+** GENERATE (SECOND CALL):
+	V = 5a76b7b4418bb7de7622833e7b97034300dcbab5ad75b2a0db180e7d34ee4dcf90ec04fd5c0017f2580292d65212086b443cfd006e9e1f
+	C = 4de70bcb8ab0b980dbd82a3dc2b2db40ad3a4510e1d2140f662aa08834741d4989727d2bb0ac9a67d134b5174e62b1df15978943148f9a
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 1b388e2cfcb3f686b0a25397c7143c96
+Nonce = d43c5ff2c25ba502
+PersonalizationString = bfea405c80a045af6760da1dad911bc7
+** INSTANTIATE:
+	V = 9df14a80cc6ce49e95a7921432a8cfa7e5202ddd550926ea0281edb1a3195f48b3c2263146423361d449f5c89bbd4a2fa623d3deb76994
+	C = a66a996bd639dbd5a97fa3210b7a889903b30647d09f4a29eaaf288467bee6c7a870966b74da8aa8daacd5bf9de0c1fbacfd6929d1ab81
+	reseed counter = 1
+EntropyInputReseed = 1fa3a94f9f0592220f2e3947e976b49f
+AdditionalInputReseed = 77df1412476411e343f2e6920764b482
+** RESEED:
+	V = a58906d520eca6c786a2fc8c3fd2ce40f364d698a5221c966398415a6b599c8ba3343b118d41525dae96861dffc45bfaf03cde9ede2b72
+	C = 6df0b1316e33f20d111ccbe15f7e762313ab4cd603fe29db7275790b5647a4fa1072f78aebdc9548f112d1ca672bce62ba36ac321be73f
+	reseed counter = 1
+AdditionalInput = b61ffd8fe5bbec64c02bf13ce337784b
+** GENERATE (FIRST CALL):
+	V = 1379b8068f2098d497bfc86d9f5144640710236ea9204671d60dba65c1a14185b3a733e36b00ec2b7398fe6798eb31dc39f410d82b9e8b
+	C = 6df0b1316e33f20d111ccbe15f7e762313ab4cd603fe29db7275790b5647a4fa1072f78aebdc9548f112d1ca672bce62ba36ac321be73f
+	reseed counter = 2
+AdditionalInput = 8a4def83a2620ab7e6216fbdfa7cf46e
+ReturnedBits = 9cb958e5f044425b241d6cea1d2cb480772ba0e38b86f5e7cddc3c50dfc28669bd9ac428567ebd364a46b59cc47a89b45a0a8a4a93ea2888b174872f6f21b141f70b8eb683419525df17342ac75b3a6a
+** GENERATE (SECOND CALL):
+	V = 816a6937fd548ae1a8dc944efecfba871abb7044ad1e704d4883337117e8e67fc41a2bc71294b602eb5e11807325432d125738a0cd4444
+	C = 6df0b1316e33f20d111ccbe15f7e762313ab4cd603fe29db7275790b5647a4fa1072f78aebdc9548f112d1ca672bce62ba36ac321be73f
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 352b3d60da9a1df8bfbba81909b09e2b
+Nonce = 83fde0d46e7f076d
+PersonalizationString = 6de5c6ff46ebdf0b96359dd88fe29dfb
+** INSTANTIATE:
+	V = c85b4b4a5e457099951d854ec888fa9935f5efd497e8f9d4266e3213c495562cc08d812956995bc805c8ef801523b05224ec764879053d
+	C = 4d1196a415374087ff2b549014dff8f7336ecf413d97e980fb1e0ee4f6d7b596bde7f9e84010368240330a011c124c8c44879036aaaad0
+	reseed counter = 1
+EntropyInputReseed = 6e8ccac33c5b506a3e07d0ad7af6f11b
+AdditionalInputReseed = 836952ede4fdeb985b7945a53449f932
+** RESEED:
+	V = ec20ecf8f52143cc6cd757a6759e815d17c267523ca76d2801cc85b52421d42277c6faa9aa590f7dfb9d901609b1ad80ae2e8cc8f3f9c8
+	C = a41b2cea759b184ec59c2f326e5036d54159e9a242ec754ff9d333ca80aa0fc900a21e50f35bceea499a8878a645e990d1fda453e9908e
+	reseed counter = 1
+AdditionalInput = 820c5724cc967aff13c6421ca04b99c1
+** GENERATE (FIRST CALL):
+	V = 903c19e36abc5c1b327386d8e3eeb832591c50f47f93e277fb9fb97fa4cbe3eb786919d6f1435e804bdb1b1edeef31baedfcc619df7b7c
+	C = a41b2cea759b184ec59c2f326e5036d54159e9a242ec754ff9d333ca80aa0fc900a21e50f35bceea499a8878a645e990d1fda453e9908e
+	reseed counter = 2
+AdditionalInput = 14c1e3e8e56abf1170f9d06354644fb5
+ReturnedBits = 51ed77d769081ef6c064b2a3dad45d49a218d25564a9d234833bdb2083278bdb87dd5bb194d5701fc194a05d020106b5a36f304edf6d7a15417a94c741c8cea556d99214d644bc722037060046288466
+** GENERATE (SECOND CALL):
+	V = 345746cde0577469f80fb60b523eef079a763a96c28057c7f572ed4a2575f3b4790b390b8f5ef110983b5ebaf34bbcfabd516af4602227
+	C = a41b2cea759b184ec59c2f326e5036d54159e9a242ec754ff9d333ca80aa0fc900a21e50f35bceea499a8878a645e990d1fda453e9908e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 9774d927a8376e42af35fe915fb11d8f
+Nonce = d5f31e41787fa611
+PersonalizationString = aa3a0f35246d64309c47139d9eaa8f1c
+** INSTANTIATE:
+	V = 9438c9e19fc2b74431ad45d1e6d25f88b74e37785fef94f8ef9385c63e77a76f93a06e356624ec230f7b100580337eb07d70912d8202a9
+	C = b3bb50710628071123d6e590b72b1577d97f099d8d522f2ad3fad1ed072f5762852f3624652e74b6d661f700a8ff29de765890071de079
+	reseed counter = 1
+EntropyInputReseed = 29a9996b5358fd1f2a7b4f3618e045c5
+AdditionalInputReseed = e62d60f74ca232e4ef125e272eda7938
+** RESEED:
+	V = 4eca676bac713c2984728c92682ccf285a93dff6c583505d9b81b1a6472b2c6fa377ca0a66900fa908c1c27f507be5b4c2f30e447bb97e
+	C = 9bfb8164d3b2bbe12d8e1257584e754c007bac45c9b5ce528e44eef031c7eea78695396fdc0bcf794e2a41d6660c05cf001400c0526a20
+	reseed counter = 1
+AdditionalInput = bd26b0c7e66dcb33689c5d57c340d76c
+** GENERATE (FIRST CALL):
+	V = eac5e8d08023f80ab2009ee9c07b44745b0f8c3c8f391eb029c6a09678f31b172a0d044e8b81441c7a68f15863703e3152d39e39bc2022
+	C = 9bfb8164d3b2bbe12d8e1257584e754c007bac45c9b5ce528e44eef031c7eea78695396fdc0bcf794e2a41d6660c05cf001400c0526a20
+	reseed counter = 2
+AdditionalInput = 258f5a44086c1184e982ad9ff2d6c8b8
+ReturnedBits = a5d6c1aacb3682c9a95f12df52378705aa7ca1a8b37db882ec8ebce8316e4f036232fcb1f674fc2e0d0d7d8450697917f7b2396f14f391bf21e4648bff0879b27f4b0496945f18878cd39897abd0ec1a
+** GENERATE (SECOND CALL):
+	V = 86c16a3553d6b3ebdf8eb14118c9b9c05b8b388258eeed02b80b8f86aabb09beb0a23f339a6baab2b46f62dc91bc880f685cef29c5eaa5
+	C = 9bfb8164d3b2bbe12d8e1257584e754c007bac45c9b5ce528e44eef031c7eea78695396fdc0bcf794e2a41d6660c05cf001400c0526a20
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = e3145564f86581ac12cbcdddc455f51b
+Nonce = 32b03bedcc5b436f
+PersonalizationString = 01c03daa085575a12f2e5f101eae83c0
+** INSTANTIATE:
+	V = 08ba0de9ac40a3ffe29931685feec90e7702461b10cb009d51644a1386cbd19d274c715bf1b39206ea392aaaaea3d7d98789db0fb3948f
+	C = 76627e2f7aee399e5767250fc17ca9dab4b68aacd07cc6f967e6be2a724a43c3c866720c656614cfdf0d85357a06659ce1394471c4a042
+	reseed counter = 1
+EntropyInputReseed = f2be12ec00a8947d2c18a765cddaadeb
+AdditionalInputReseed = e98b61a88bfa89db638ac3a6f1c6c956
+** RESEED:
+	V = 5f4f11f79020221388724f776b0a1ccd9383a0a013995cc3d9790865829e9375ec80ae1781e0b1dfb6d40f25a71b0f9844a421f0a45e6d
+	C = 09d6f8912216cd20a01f6c61f115116b5c585a44b407330baf51781675d8ec3ed20ba26d4615f1123994381fbda72faea019779b7c68a6
+	reseed counter = 1
+AdditionalInput = 4f5ddfbe9b741474a07d223d784221db
+** GENERATE (FIRST CALL):
+	V = 69260a88b236ef342891bbd95c1f2e38efdbfae4c7a08fcf88ca807bf8777fb4be8c518e3913a055af6e6084efa3d5a049ed073e7a6f8e
+	C = 09d6f8912216cd20a01f6c61f115116b5c585a44b407330baf51781675d8ec3ed20ba26d4615f1123994381fbda72faea019779b7c68a6
+	reseed counter = 2
+AdditionalInput = fbf88344b5eef32f11e63cd7f3622b63
+ReturnedBits = ad68a6fb48bf2f22cfd978243fcbe41ee5b6d00525fd7c0750639425e5d9c8075147eed55e1f9734e0bb7aada8523b7f8a0d3362dc44f3a7360448f900062eb2d1df01aef2e040950f5af605445d75da
+** GENERATE (SECOND CALL):
+	V = 72fd0319d44dbc54c8b1283b4d343fa44c3455297ba7c2db381bf8926e506bf39097f54a749e0922406d2464684cd22982e3e9b61eaf22
+	C = 09d6f8912216cd20a01f6c61f115116b5c585a44b407330baf51781675d8ec3ed20ba26d4615f1123994381fbda72faea019779b7c68a6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = e26e88437bbb2699d7f2c8d05873b74f
+Nonce = e4832b85f333311e
+PersonalizationString = 4e3de0721a8955c761bf3384266ec143
+** INSTANTIATE:
+	V = 57c73d4bf15b0fcc54431c7c055b57be5f86ce2c307dbe3e12d67e4d438166d9b02fc2ef9a1e275ddbe559d4180cbed45e13aa81c8429d
+	C = 33c39c82714420f3819ba1312ca2465728f659945b02f124a8963793b38ea0e0a5dfb5f85b8ffd5dad6b58394d9a383a5b48af8ea021f5
+	reseed counter = 1
+EntropyInputReseed = c0e4f3be1494413045daefeef3a6f358
+AdditionalInputReseed = b54a7156c2e1e2694dce2a97134b82d3
+** RESEED:
+	V = 92a9a65f16623bf904c9b07984043ebc908586a8ad7519a9fbb92367c1b92034a33e67d45baae75b3bd2d4bee04a42d7f543023ccdbc50
+	C = 5a36493bcdc563dd942815fbb539b6ff2161360db612f0742210b83d79052d506e2cb4bfe608b06fb29958d9d121961a9ace7cb6f77afa
+	reseed counter = 1
+AdditionalInput = ae9fbca391949dddeffc7bebc6c4733f
+** GENERATE (FIRST CALL):
+	V = ecdfef9ae4279fd698f1c675393df5bbb1e6bcb663880a1e1dc9dba53abe4d85116b1d98ccb19570c0319b5e88be6f184d7e97b8ea109a
+	C = 5a36493bcdc563dd942815fbb539b6ff2161360db612f0742210b83d79052d506e2cb4bfe608b06fb29958d9d121961a9ace7cb6f77afa
+	reseed counter = 2
+AdditionalInput = 599c43a9ade72266dfd40309706be3c8
+ReturnedBits = 2d8c6103643bbe72611947d73ca3a253581ec6802cd80e33b34b8c60ae6a839539d060493dfc3625bf221bd509ce34d7113e6560d43077cce5e329c554a65bfb7816e01575153057935a538b4f6b56b5
+** GENERATE (SECOND CALL):
+	V = 471638d6b1ed03b42d19dc70ee77acbad347f2c4199afa923fda93e2b3c37ad57f97d397577335ed157b7a99fe947e93e26307fe5ed38a
+	C = 5a36493bcdc563dd942815fbb539b6ff2161360db612f0742210b83d79052d506e2cb4bfe608b06fb29958d9d121961a9ace7cb6f77afa
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 82499bf46d5a74744dfe169ab2d6fa8d
+Nonce = 4729c9b8a3325ead
+PersonalizationString = 8ad06693e566c8485cf55c7ea7e30ef6
+** INSTANTIATE:
+	V = deaed53a0d35439c9b541ff376637351fb503e1e4779422c94f1d89396b95660f3ded471e634f85b58f975fea269f36a1de0cf3ae3da16
+	C = 29b37a00bfc41806e8047b92800df0c96a72e83d3cc745bb311e97e2875bd803bf312e5b50c47ea190a6b7abe21d7eec1fa872d6b161be
+	reseed counter = 1
+EntropyInputReseed = d81307a5abacc60fc5e3695e67830656
+AdditionalInputReseed = 51ea86a8b393834f41d69ad1c4e539ae
+** RESEED:
+	V = 3619df590530ca4bcd3c0c6f2f055b466dcc1159b1e422c2f2f324234cf21467bac28ad5af610c087e4d238f1d0d49f3f9e07f1ea1a723
+	C = f9cc92edfae48595d5aae727254f0976c8d9d1658a3970d939bf15755665ccf60a6150dde1be82bc1aa05f8fa04a65aaaed3e70cf4b9f5
+	reseed counter = 1
+AdditionalInput = 6e420b2b651521087fa51ffe65579ca6
+** GENERATE (FIRST CALL):
+	V = 2fe6724700154fe1a2e6f396545464bd36a5e2bf3c1d939c2cb23998a357e15dc523dcf31f2959a2822098b5107e9080eeb33c11fe221e
+	C = f9cc92edfae48595d5aae727254f0976c8d9d1658a3970d939bf15755665ccf60a6150dde1be82bc1aa05f8fa04a65aaaed3e70cf4b9f5
+	reseed counter = 2
+AdditionalInput = 3c6ebd1b50f7e565f253c624c1c1eeff
+ReturnedBits = 35b721134045293520b2875e1acd0efd39db1d9a5c5f1087cbd61ad3ff96933fe49bdb75cd120502c8b996e0b88cd05523085e5d36aa38b832dd3891ace5d67297741602465f61ee72f86eb10123db26
+** GENERATE (SECOND CALL):
+	V = 29b30534faf9d5777891dabd79a36e33ff7fb424c657047566714f0df9bdae53cf852f8ec1942f660e1ff57a7dfbba29b7b8a861fffffb
+	C = f9cc92edfae48595d5aae727254f0976c8d9d1658a3970d939bf15755665ccf60a6150dde1be82bc1aa05f8fa04a65aaaed3e70cf4b9f5
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = b1aad873f5359cdb3a3ccc1cd01e5a35
+Nonce = b72f77dc2791826e
+PersonalizationString = 7a1c25d65e2f1944dd166ea7894b9856
+** INSTANTIATE:
+	V = a8158db22e6b06601a5dc7337d592d5eae577c3e6c5bab786d275d8b2b15c051a42b831c58132de1dac4734396d4faeebe659dbf5ef20b
+	C = 960892ce44d1ed66119828e64569100af68bc874cdb0da6e82d3851929ece7cca4948bd0590a2ffb3f7dc1f3afa4c4ad5f610afca30338
+	reseed counter = 1
+EntropyInputReseed = fab70f5c317c10abf33c465d95a2c9da
+AdditionalInputReseed = 14afb87a0bab1ea5cab76d8f2e9873aa
+** RESEED:
+	V = 70ccfcd321e301d6054f032e20300e9e0de5141b2f965cf268b3fd578da9c1b530c8d330ad47ac3eecf6b463d36a7f72d25b1864085d9c
+	C = 2a2233993b9a9b3d63b61448fee17f4ac75173278f594f5f28d0e56ecf11e8ca8b5e05c81f74c43c294a2f7d09f393cdbf281709d75306
+	reseed counter = 1
+AdditionalInput = 369fb78bc650ef5c8bae7605e301a84b
+** GENERATE (FIRST CALL):
+	V = 9aef306c5d7d9d13690517771f118de8d5368742beefac519184e2c65cbbaa7fbc26da4e2ddd0fa2b7bf2738e82946f4a88decdc3b04bc
+	C = 2a2233993b9a9b3d63b61448fee17f4ac75173278f594f5f28d0e56ecf11e8ca8b5e05c81f74c43c294a2f7d09f393cdbf281709d75306
+	reseed counter = 2
+AdditionalInput = 1c96ac6fa8fd0bbfe41186638ff800d9
+ReturnedBits = 725be10f863001d5edced7aba92afb1c16b1af5dac148bb5d807481a3f3549deb8d6309859acfb7a25fa638388de01863c67b71186e162bec52805a611786a9f03baf088d0041c8bf5b22582a3166697
+** GENERATE (SECOND CALL):
+	V = c511640599183850ccbb2bc01df30d339c87fa6a4e48fbb0ba55c8352bcd934a4784e043a17ca10eca3a9c6f417c364f0c3e566bc88f79
+	C = 2a2233993b9a9b3d63b61448fee17f4ac75173278f594f5f28d0e56ecf11e8ca8b5e05c81f74c43c294a2f7d09f393cdbf281709d75306
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 106659d4329545a45196f3e5be52d061
+Nonce = a7e113c9fbaa5b20
+PersonalizationString = 04207cfff115e48e6968baa2e76ef9c4
+** INSTANTIATE:
+	V = 746201ca45a0d380f43365a3ca08095b49059dee7bc719732db6d722dbca708bf00d040b34cda17d0f8bfad69c1876407d9c23add750fb
+	C = 54826a4773849dc0f43bc61027997997d34bbd5acc589f1365300d8bf0b5a0034dd3865972f029d7e84dde7175a65b6dc835c476c41243
+	reseed counter = 1
+EntropyInputReseed = 46cbdbe5f4df3287f2d36560ad88b038
+AdditionalInputReseed = c14158d95abf78ae4985897e19e4f41f
+** RESEED:
+	V = 3f84c15f58252e3805e267fa48d489c6c8869861a167c5a0d634b86a3979a75372966884cc46714b76c4ea438d01c46085cac163f03cf4
+	C = 85d29359a1fee6df69aeb26a750416553cf0cb18fad6fc9f48ef538d037d9347bbee63e06f19fcd29e2bf7ff0832319b42d5ee276204a2
+	reseed counter = 1
+AdditionalInput = fdf20e3b013301f018c1fbaec0612388
+** GENERATE (FIRST CALL):
+	V = c55754b8fa2415176f911a64bdd8a01c0577637a9c3ec2401f240bf73cf73a9b2e84cd24345ed06cd8b3b33384aca664f84cf3c64dece2
+	C = 85d29359a1fee6df69aeb26a750416553cf0cb18fad6fc9f48ef538d037d9347bbee63e06f19fcd29e2bf7ff0832319b42d5ee276204a2
+	reseed counter = 2
+AdditionalInput = 78b068136ab3590e2d3b67daba402e85
+ReturnedBits = b0a0f3d1e46519c179e90549b4135e5f6f72e4c9229622aab7a1ea09ec79185249230c3f8aa6f46eb43ea3c5aa7df97345e6594cb2f8d343be44f9ea519a4b50afbdadf520a954b43fb8920da852bdd7
+** GENERATE (SECOND CALL):
+	V = 4b29e8129c22fbf6d93fcccf32dcb67142682e939715bedf68135f844074cde2ea73319ce3453fc1a8ebd11c7d5c98652fcb0ed934a8a4
+	C = 85d29359a1fee6df69aeb26a750416553cf0cb18fad6fc9f48ef538d037d9347bbee63e06f19fcd29e2bf7ff0832319b42d5ee276204a2
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = fc99a35949266f7bc68df4dc0775a324
+Nonce = 764003438b573723
+PersonalizationString = 7be5566f259424fd69b487ce1fc2014d
+** INSTANTIATE:
+	V = 8195b16ee168cc850557389553a2f6a65af429d7edb3ae8e2fbb9cc75e8dff120012f65bd7a306616a05cba661c15225d57bc888ec0301
+	C = efc30f6902e3f3c57e2b39c4b2a1bfc8be4958eb2080fe5d5b860bbf658c8e3b28549ba0ddf51774681e6e347cb04199156ff4adbedc3a
+	reseed counter = 1
+EntropyInputReseed = 039150e554ab13624c07151418b08c6d
+AdditionalInputReseed = ab7f7059afdaa3086f8aed599e8534d9
+** RESEED:
+	V = 5105dd396940cbe59ac34a024ea3d1fd194ed5b0f46e1a96df446bd08d4c504d926200df28aaa990bd948913bbbc4a90e2df669ea2065a
+	C = 93600369a6daf537116cb60ccf2cd45ed0db1d94b64bb164723e7a65d1749e1b203c69d357a3695a612ee75ea90e75678f82d0a17f7bbf
+	reseed counter = 1
+AdditionalInput = 71e547100daf36b71e378e7735d5873f
+** GENERATE (FIRST CALL):
+	V = e465e0a3101bc11cac30000f1dd0a65bea29f345aab9cbfb5182e6365ec0ee68b29e6b53257cb186c86032cdd282b7442bb193d12904a0
+	C = 93600369a6daf537116cb60ccf2cd45ed0db1d94b64bb164723e7a65d1749e1b203c69d357a3695a612ee75ea90e75678f82d0a17f7bbf
+	reseed counter = 2
+AdditionalInput = d11eb4afa12e7a7fb453acb7340595b8
+ReturnedBits = e62f9a854ee9b00143d48de071f3d03bcf9fecf3c4d9d2a47e0dfbafdea78ca8f7b80beb11f9a6dbfd4ddcac11cff8bf9967c7bfe051d417d5f34bf24a00f16830d1b9aa5511ffe7aab40e36c36317fa
+** GENERATE (SECOND CALL):
+	V = 77c5e40cb6f6b653bd9cb61becfd7ababb0510da61057d5fc3c1609c30358c83d2dad644d12cc8210d6a0784884315cdce01504e1d990f
+	C = 93600369a6daf537116cb60ccf2cd45ed0db1d94b64bb164723e7a65d1749e1b203c69d357a3695a612ee75ea90e75678f82d0a17f7bbf
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = ad433c9a70669333786c45f4b731432c
+Nonce = bd884d3041c94b2d
+PersonalizationString = 4e95c8085ad2a31e9271b37d1053c9ec
+** INSTANTIATE:
+	V = 2862c50011095069cecc602eea26d994b806c89c8db631b141f390e35e764c2d91d8df54c48258199919943f2dde095a3944e9a83e45f4
+	C = 9feb9526d971dc88def502b59c7610e05e948cc1ed6f8214798ce81bb7c86c95753759ab4fbee57b203b6b0320ea4ea2f1fd3c561e0802
+	reseed counter = 1
+EntropyInputReseed = 826a80571170b66a1025ef831dfe2796
+AdditionalInputReseed = b9715bc31aaf9c85419dce42a347e10b
+** RESEED:
+	V = 06fee26d4c83d1b6e62d0357413fcfbc0ef7cd9142f4fc87676f60074e2fb63332195b9e650234170571e8acfd4a794e06f6d7065e317f
+	C = e38661d14b32699789fcef0661cc3a40b0c5dd1564e928dcb9ff613fc620570f27a39cb0a5b413916f0261a6f9b22254739f1c9fb393a8
+	reseed counter = 1
+AdditionalInput = 0386a22663e890e9715fa120e58baf49
+** GENERATE (FIRST CALL):
+	V = ea85443e97b63b4e7029f25da30c09fcbfbdaaa6a7de2564216ec14714500d4259bcf929cf3c93a8ee04ca82155da86fef4222a3cb12ab
+	C = e38661d14b32699789fcef0661cc3a40b0c5dd1564e928dcb9ff613fc620570f27a39cb0a5b413916f0261a6f9b22254739f1c9fb393a8
+	reseed counter = 2
+AdditionalInput = 7816db7625095129fc83e9a46fb9f540
+ReturnedBits = 066087a91d24b7777861dd028f57f7ac10b5a7bcd2a738a5e126f2393bf5b528725cde893c60b594d9589fa5c3927556c6e9fdf87a1460f400ba5c7069ede75b6a12b04c0a05bc12ec1d97d492bb6873
+** GENERATE (SECOND CALL):
+	V = ce0ba60fe2e8a4e5fa26e16404d8443d708387bc0cc74e40db6e2286da7064518160969a07372aae89da3f62e08a13dac6c2fa028ac8cb
+	C = e38661d14b32699789fcef0661cc3a40b0c5dd1564e928dcb9ff613fc620570f27a39cb0a5b413916f0261a6f9b22254739f1c9fb393a8
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = ebb73627c3ed18da0f82d16c1f4603f8
+Nonce = 1f9915d585080a18
+PersonalizationString = 27e9def9e7b3cf6a6897be7223c92758
+** INSTANTIATE:
+	V = 76f1fb65720d8f418f4b0e5c78632f621140d447b233a0d056f937379d6cb03db7b7652562d4b28eb1028f8fb05facf5c8ddd4b8007f38
+	C = ca9ed0c09453b688bbb9b1013d2e9934ce8aa760b02fdc529d9dc7cd94c66a5787f6485c0a92636dc04f30e6bd74ea5fb1c5a7dd270f54
+	reseed counter = 1
+EntropyInputReseed = d12fe5d13c5c27fb2e30dd3b3c84eeb6
+AdditionalInputReseed = 577f11b4bb0cd9f35f7c6332d40634e7
+** RESEED:
+	V = 40d928f59de03a264266c4036b15f0c8b218f48b390a8a60624f89ced0b4c5ee934ad37dd3077ab0c51c583999080e6aba921b0830efd5
+	C = 7f5e2b3c78bc289245622faef8ad83caf25628f8121eb2422600f8c7b2aa4b66a14feaec54cbd7841e783f991484f2db0985e4559046ee
+	reseed counter = 1
+AdditionalInput = bb02f7da271e32affac6bc0bdd4b9cb5
+** GENERATE (FIRST CALL):
+	V = c0375432169c62b887c8f3b263c37493a46f1d834b293ca288508296835f1155349abfc1c52f1071192bc7a4c28c024c2a65606a3366a1
+	C = 7f5e2b3c78bc289245622faef8ad83caf25628f8121eb2422600f8c7b2aa4b66a14feaec54cbd7841e783f991484f2db0985e4559046ee
+	reseed counter = 2
+AdditionalInput = 02c69cfb4427fd7426e4f877ca708ae6
+ReturnedBits = 351590bc0480e8bb18adb9b4f9f04e9596a6dcbcd8aeffe0ab5b8737addee60715918a2a3ec1e82980a7690c41746b72b55ddccf399dd72be18c3e6eae65f82efa3876913134c7a92dcde3ee82631923
+** GENERATE (SECOND CALL):
+	V = 3f957f6e8f588b4acd2b23615c70f85e96c5467b5d47eee4ae517b5e36095cbbd5eaab963e03c66441a9008ad26758d9603288f80d9fc9
+	C = 7f5e2b3c78bc289245622faef8ad83caf25628f8121eb2422600f8c7b2aa4b66a14feaec54cbd7841e783f991484f2db0985e4559046ee
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 46f044e83cc972f0780c82b25b349cf4
+Nonce = dcb57d46b5e60b8e
+PersonalizationString = e168b00f9246e361b43d8b5b181fd2f9
+** INSTANTIATE:
+	V = fbf723fa9e47055a03775c453ca3b0eb6fd6c48a450c818a21174df62a21a270d5deed21f20b3444817059f8215041ecfe5e12b92537c1
+	C = 1647128107614ce0713554291179f2ea940ba0979fcb7c3774589f262351fab93fd393c78b1076bce0e6d51bbde0801624861b64e2dbfb
+	reseed counter = 1
+EntropyInputReseed = 99761ddbf2dfe9dc978d52a8d962ed0d
+AdditionalInputReseed = f2daf709790c4f796ae507961f9bf2c0
+** RESEED:
+	V = af7fa32fa316e467b20a13d3ef13656e4afdb7cc5c6df89ef938be11a267a98bc625229eaecb20fa9c7c8c0cf29186f33696c3032c6b4f
+	C = 9982837610f0ebf2c20e221f6ce5b0566af95e51bb5c958315802607227768b93f673721ca9f45de42177b36c8fd2b444b4c4e9bc1b227
+	reseed counter = 1
+AdditionalInput = b05a3ec514aebb01a3fb5fcee02852f3
+** GENERATE (FIRST CALL):
+	V = 490226a5b407d05a741835f35bf915c4b5f7161e17ca8e220eb8e418c4df1245058c5a6febbb701efde68dc0f15a27c3aa6461adf0160b
+	C = 9982837610f0ebf2c20e221f6ce5b0566af95e51bb5c958315802607227768b93f673721ca9f45de42177b36c8fd2b444b4c4e9bc1b227
+	reseed counter = 2
+AdditionalInput = 11661afb8fbd897c4be0e08556ec6a25
+ReturnedBits = 462a30b5fd643b663dea16c5ba03e815565dd2ebf597bd5365992318718e383bbe76df397092b63901debbed60c0f32b9c8796f79b0cf920e6722bfed2b37fd2fee9678ad114b4cff245f81c1fd3ff89
+** GENERATE (SECOND CALL):
+	V = e284aa1bc4f8bc4d36265812c8dec61b20f0746fd32723a524390a1fe7567afe44f392709141a159f37a1f327c615efdd32d8bc36877a4
+	C = 9982837610f0ebf2c20e221f6ce5b0566af95e51bb5c958315802607227768b93f673721ca9f45de42177b36c8fd2b444b4c4e9bc1b227
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = d1a2c2f6812b63ea140d3818b82b8273
+Nonce = 4af22c7b05372aa3
+PersonalizationString = 
+** INSTANTIATE:
+	V = f77394b6d0ddbcc7056cd7915d5d8a5776d7843a36606e6a5015de419c7efd1ece0036cfeb73faa11396486716f523e55310c0c9337c82
+	C = 400561f7b327d830741d274b1bf113211b2df0f02dfc2b737982099a805fdc8e4a17b7365f6523f7ef8a41ab44b91787da763fe94257a4
+	reseed counter = 1
+EntropyInputReseed = f54893ab7486b3c17c7087f106f68748
+AdditionalInputReseed = 
+** RESEED:
+	V = 83dcbed562e82e9c11b387d9106489b399d114ba8de90c909deb7fd3faa3c3ba9e9e20c6b75d836e6cfc204af87bed3013f8eb5b239074
+	C = 2b225db319da700de58c46b5dc189b24fb10533da2b3adb5c5ca6e91014668ce873320a8733d4599dd2e4e33243596418fc091e157a5cc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = aeff1c887cc29ea9f73fce8eec7d24d894e167f8309cba4663b5ee64fbea2c8925d142302f8d6188b97761eceb51b48eda79b3207ea16a
+	C = 2b225db319da700de58c46b5dc189b24fb10533da2b3adb5c5ca6e91014668ce873320a8733d4599dd2e4e33243596418fc091e157a5cc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5331e2db7416add30ea4a9480d8921686aea554975a0eb995a701f181fbb5ecd604d48a3754471b32f66979fe630772ca8af81cc69466c80980f328d9776f8b80e8a85ffcc554145ce51440d7920e83d
+** GENERATE (SECOND CALL):
+	V = da217a3b969d0eb7dccc1544c895bffd8ff1bb35d35067fc29805cf5fd309557ad0463c8a8f6f7ed11617f3736ac0b74bbfa64e95b07c4
+	C = 2b225db319da700de58c46b5dc189b24fb10533da2b3adb5c5ca6e91014668ce873320a8733d4599dd2e4e33243596418fc091e157a5cc
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c7546d3949fda30b0e64957f41e8e16c
+Nonce = 529add4a709dc7e4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 92057a9bd989490060e16272ca1a9235b2b429c8cf5f9ab0b089b8bc59e2c9a64463f9d50b0ad5e39170b8d7dab1dc03e953f72876df01
+	C = 3ef290aee5a7400e2454f163253991edcdd102c9f6204f5d1def8de6597ccb6fbb036bd5fc01279732c0ed3f50f85bf8d0d6197c8470eb
+	reseed counter = 1
+EntropyInputReseed = 1e747b958fb40b97fb8d1c3857e8d65d
+AdditionalInputReseed = 
+** RESEED:
+	V = bf43cc9e6d0c1df0806481d1bb7f3a1420c3df911faa6b18afacba0f7d3829df9a2516d6631c39db18c53e099321e4904e9de617b32eb5
+	C = 45cba83cd1cbd05fdfaca98862be84a0227615f5b8f3a4e1d5080ac3b68e26d17b6e6dbd9997ce9b1cd2399ae00a3ab992be60c78d0a0a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 050f74db3ed7ee5060112b5a1e3dbeb44339f586d89e0ffa84b4c4d333c650b1159384a0c09a26e7e6bc67684fa3248f2196779ef56ae6
+	C = 45cba83cd1cbd05fdfaca98862be84a0227615f5b8f3a4e1d5080ac3b68e26d17b6e6dbd9997ce9b1cd2399ae00a3ab992be60c78d0a0a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d0033cf08f36c1921a3797afe5ad6acf85b16bd22e0e1b2bc058c1905690d5d787f968caaf9c1df4bb96cc94f91113502b0c719c95673159d693e8b65c245682883476e57984097aed281477e865c7b2
+** GENERATE (SECOND CALL):
+	V = 4adb1d1810a3beb03fbdd4e280fc435465b00b7c9191b4dc59bccf96ea5477829101f28bbad848e043f940b950db53f704d74a831ad3b7
+	C = 45cba83cd1cbd05fdfaca98862be84a0227615f5b8f3a4e1d5080ac3b68e26d17b6e6dbd9997ce9b1cd2399ae00a3ab992be60c78d0a0a
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = a515b054f17593a7379087b5e4d670bf
+Nonce = dd3759fb140222b9
+PersonalizationString = 
+** INSTANTIATE:
+	V = fe1c54dc5950514a8a263f27ef577d359daa6372e7c6718817334a3bdc7abc94e1c05ad33eb46bd04e7577ef938622611131c3d66525b3
+	C = 871ac9e064507cf2da6e937cf953d1da85369aca1f8708c888a73eb4a393c1c81b4ffd07ff500bee4b1f9fe08b61f28fab8b962461e500
+	reseed counter = 1
+EntropyInputReseed = 695f9ad37bf5bd694855986dc7c387c5
+AdditionalInputReseed = 
+** RESEED:
+	V = 0f4cf6e553540ba102c8b3446b7e1c6c6f7c0430a4644d5666c32db73a1fda1232695ca4effea1fa11bb6fbf267d4d937ad16d3b772658
+	C = 74936f1de6d2d38ccb6483100c00f32468306485b55776ad6b6b295b89f6dd06fb9f4b0225ce8002bb95cda0f7d0f4699928da08a6d062
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 83e066033a26df2dce2d3654777f0f90d7ac68b659bbc403d22e5712c416b7192e08a8743dadc530bea2901cded845d1e11be92191c4e5
+	C = 74936f1de6d2d38ccb6483100c00f32468306485b55776ad6b6b295b89f6dd06fb9f4b0225ce8002bb95cda0f7d0f4699928da08a6d062
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 982a08160c602ec7144109e7eca470fd8a867d50eecc4aedec60ff39e9f37405e193d67bf01821d130bf62d0285c817baaac551f40f6cf70c791c52fd39c58c695b52839ca03b0024d07dd076ca3834f
+** GENERATE (SECOND CALL):
+	V = f873d52120f9b2ba9991b964838002b53fdccd3c0f133ab13d99806e4e0d942029a7f3dd4b208fac53a9416139c432c1e8b0ef84cd94d9
+	C = 74936f1de6d2d38ccb6483100c00f32468306485b55776ad6b6b295b89f6dd06fb9f4b0225ce8002bb95cda0f7d0f4699928da08a6d062
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 63e22fd902b77281a16c28aeb4540a46
+Nonce = 3ff45171e49c1342
+PersonalizationString = 
+** INSTANTIATE:
+	V = 54de9a1500c7e16d533c68379c26477a243295dfbab869b67459899ed08a561716dcf91ce8405c64245f2ccc9e6791054bfc8aef1543c6
+	C = c2563d58754fe24bd9f895166b9664a85c1c1a772f8efd2c68d7bd9dbfae94ead635af09b841f7b5816739329f200af72c084815cf2e2a
+	reseed counter = 1
+EntropyInputReseed = 05101fff75a48ef80bee0d2b28e42873
+AdditionalInputReseed = 
+** RESEED:
+	V = 949946bfdf2a30b5ed7a683078dff67d452b7f649a5288ebecb0366827325627d2f3db517e3ec422a8c13470499cb8e57673b2e671698b
+	C = 9ecbd66f8a33115bfba07e2e432c23bf3c05b3ad75b2b965d944df247cf9dd2c632704f5f79942539841b2a469f8aa0f0fa0a4f73c7db0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 33651d2f695d4211e91ae65ebc0c1a3c8131331210054251c5f5158ca42c3354361ae07d3635500ffe018a20ddeba34d4134078e30a059
+	C = 9ecbd66f8a33115bfba07e2e432c23bf3c05b3ad75b2b965d944df247cf9dd2c632704f5f79942539841b2a469f8aa0f0fa0a4f73c7db0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4e7ec53a6a28f84ee02648da098f9aee33c348d489da59885593a8ba1e62343b4972536e500c1d1350a1ecee1c07c378cb08ca5f0573178bc9de82248e6f043e4cb989b2680cc0c473fec71afe9012df
+** GENERATE (SECOND CALL):
+	V = d230f39ef390536de4bb648cff383dfbbd36e6bf85b7fbb79f39f4b1212610809941e639621322dde52482608e4cc81485448353850282
+	C = 9ecbd66f8a33115bfba07e2e432c23bf3c05b3ad75b2b965d944df247cf9dd2c632704f5f79942539841b2a469f8aa0f0fa0a4f73c7db0
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 2385464bde566e8de6ac54fd7668157c
+Nonce = 6dfaf07f5a3860e0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9f6708ccf8bfd0dc9d2b75571012e4f63712d6818bc8dc4e84d95f266ab48cf3ce157c00156956f06bd8d86b903609dd1d5556e79ec7ed
+	C = 67fd0b52e92e2d9addc97fd53ad09a90e90c94ed7ee3489cb286848105ac376ae02593c6329322ddd41c2b12994bd7b037d5a2468ae8fc
+	reseed counter = 1
+EntropyInputReseed = 1d50f8f51521a748176af4647d1cd89f
+AdditionalInputReseed = 
+** RESEED:
+	V = be7ebc07b3e9d310dcc61ec8fb3530bb27f714f55cec3ade9fd29f455d2127e0f4caacee54c31aae9c2b7ef5a834e985995edf89e5a6b3
+	C = 04d80c6fd05090338470a24381ecd46e5c762c1cbc89e5041e4974c85836e31d81750b3838d5e5c4b2df912825ba88fa3f9a39c4dcb711
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c356c877843a63446136c10c7d220529846d411219761fe2be1c140db5580afe763fb8a297632967be6102d86ccb3f0e8ad24be99f0288
+	C = 04d80c6fd05090338470a24381ecd46e5c762c1cbc89e5041e4974c85836e31d81750b3838d5e5c4b2df912825ba88fa3f9a39c4dcb711
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7991011635a5c7dd835781f15605bd36c2e37440d058e62a0cc4e1bae6b531a126a7c29f47a65bf143af54a431eefffcfa946cb3a4375d30d44ef28293f6f70d68fee893477a57458fd2076c0d91aad7
+** GENERATE (SECOND CALL):
+	V = c82ed4e7548af377e5a7634fff0ed997e0e36d2ed60004e6dc6588d60d8eee1bf7b4c416341b15c3941973010d89d42f08f7c17d9a4a5d
+	C = 04d80c6fd05090338470a24381ecd46e5c762c1cbc89e5041e4974c85836e31d81750b3838d5e5c4b2df912825ba88fa3f9a39c4dcb711
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = e46c1071f54a27bf079aa03eadd86f03
+Nonce = e4827a8b67a62636
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3715e90cae82dac702f9d9d279132eb398abf8131cce61551cf21babad8d795c59a10f188ec46c187bd06d7f5f649d0b4c6db851cda44c
+	C = 0831083eefee922843f48baaea81ff163ad1a741bc9ada02079b139652c139d0c27a1e8847ec8aa2bfc1b56725036a437f4c978af74606
+	reseed counter = 1
+EntropyInputReseed = 4317e81a1d6c03e145a35bab09045b91
+AdditionalInputReseed = 
+** RESEED:
+	V = 7037e6bf94b5cc7414493015e14729e77220943f67e63df151aef9f9c8a5d67307811e8e29285a7d1e92a3ec575e891d619d69d81fb023
+	C = 5ce16bb85e43e28559a57b92d4756dc3b581fd5ec4a6d0d557153c19401d04811243f607ee1e62def7e5b1f7315775c97cb3055b78c42f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cd195277f2f9aef96deeaba8b5bc97ab27a2919e2c8d0ec6a8c4361308c2daf419c51546d028ac63dd5cf049d7579e7e8c090ff22cd295
+	C = 5ce16bb85e43e28559a57b92d4756dc3b581fd5ec4a6d0d557153c19401d04811243f607ee1e62def7e5b1f7315775c97cb3055b78c42f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 01e4d32d7dedf3f6fa2b390b324c5549e1c55238649ef1085df56bc0d8f9f5f297821072c210cecfbb465a0f89a28eb661ac59455083259e75fe27b06e74a847c399acfec661a2a4caf1ae2dcbf286a9
+** GENERATE (SECOND CALL):
+	V = 29fabe30513d917ec794273b8a32056edd248efcf133df9bffd9722c48dfdf752c090bd1e3083f904a27e09157e146e9bb38898391dd1d
+	C = 5ce16bb85e43e28559a57b92d4756dc3b581fd5ec4a6d0d557153c19401d04811243f607ee1e62def7e5b1f7315775c97cb3055b78c42f
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 5ec4fee9732c3ab3a9ebad4982a443d4
+Nonce = e78f247da8c54a66
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3b7e4a7b98d028131391b9259ec2d914f1840f8a173316b3d20f6a8e616f93373cffa9f26387da931b39a5abad63c2e2dc9fdbf7742489
+	C = c5f9ad372c55dd98c05bfdf75bb061d444ab870625b29ce7ba2629da8022452b09b27f28a7e608955a953381d60292ae13c9ed4e017643
+	reseed counter = 1
+EntropyInputReseed = b7c90d2958eb70708ec5f3679408dd8f
+AdditionalInputReseed = 
+** RESEED:
+	V = 62a6ff4dc99a4e2308064f3149a777ad6165db11275e91a3e9a070c1f6707c85692211c9fc6d00415ebcac9fc5e8e8aa3e9931eeae1c7d
+	C = b79e0f6622b46a053ce974cf75d94176f783523fdf417dd90a106a1ecffa01a66a51f3d8b2fc387fd3cd369155fbbf2b0e7e50f88f2877
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1a450eb3ec4eb82844efc400bf80b92458e92d5106a00f7cf3b0dae0c66a7e2bd374064a90100154655984d74b924316e04c9ef968c997
+	C = b79e0f6622b46a053ce974cf75d94176f783523fdf417dd90a106a1ecffa01a66a51f3d8b2fc387fd3cd369155fbbf2b0e7e50f88f2877
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4260b2520d2d2a3b1505ef871ca2343b6de4e8ef0afa26c820c32a92c6d573675a1d5fc07d0dc593265610fd47be57db5b9eb5310a119ee5e4d9c94b201a4934eddf3af1ef3619d4cdd929d6e7297a65
+** GENERATE (SECOND CALL):
+	V = d1e31e1a0f03222d81d938d03559fa9b506c7f90e5e18d55fdc144ff96647fd23dc5fb0a754f350a54610be6fcf5f3918e6626000d0a98
+	C = b79e0f6622b46a053ce974cf75d94176f783523fdf417dd90a106a1ecffa01a66a51f3d8b2fc387fd3cd369155fbbf2b0e7e50f88f2877
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = aceeb8239bba6b69fb741d36350cfd78
+Nonce = 127460d4d2207e26
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1e6221eea375b5862598421e524e713deb1f2eea38817ed7f40022965a18587495e91646267bfb8bfb9ea175167d2f9aa667690c2d7420
+	C = e77280e9882ea8a46d7e47b7ff6e536fa35bd5f82082a2c2e65ef951230b2ed06ce091ff971dd59a27c69b3eb8aecdca6482625a3e7515
+	reseed counter = 1
+EntropyInputReseed = 27c90d7e26680ba66365f4fe2a86d39d
+AdditionalInputReseed = 
+** RESEED:
+	V = 73d9702e4702e82e1f82eb4d25a4758f957c6b544761031d933945fc5ba4a22f333048728f2bde141096d97c5c7942545370ba5e2e68f2
+	C = a3f775f853e7fb4ee850677a5b3520b72dc33a2698ca7c29bfecdc2130c08c6f7e0a2327ea3949f4ad37459e96e9961e897e7bc8806455
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 17d0e6269aeae37d07d352c780d99646c33fa57ae02b7f475326221d8c652e9eb13a6c08a7c59e0bef29836de22425ab0cd9027c177e52
+	C = a3f775f853e7fb4ee850677a5b3520b72dc33a2698ca7c29bfecdc2130c08c6f7e0a2327ea3949f4ad37459e96e9961e897e7bc8806455
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 87eaad47260eb40bf9edb176774ced0cc30560ce60c0389b8eeea9482cb16ac522bf65e8f78b9f9a59a5431747cde920de48d1a301859c325816b82f294a390ea8bc682a79c6de37a59857e860eeb96d
+** GENERATE (SECOND CALL):
+	V = bbc85c1eeed2decbf023ba41dc0eb6fdf102dfa178f5fb711312fe3ebd25bb0e2f448fcbdf655c9ad7673fe7aefc37769dc2b0118f8b32
+	C = a3f775f853e7fb4ee850677a5b3520b72dc33a2698ca7c29bfecdc2130c08c6f7e0a2327ea3949f4ad37459e96e9961e897e7bc8806455
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 3ac2fa1fae681f07f4e997fe83049c08
+Nonce = 417d84940690c8eb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6a59deec73a3e20859c9cad31f27215a091db9f81c1e355932f59407fa333ba1fc220624a51122fff9f1f86697c938fc7b4860af4b0ef0
+	C = ad94f066bbadd2d70ed6e2d1e5e34751b4147b09a5540713c065eba26bb445fa3e1259457ab6ef3ec554c40a283e25a8f9ed5f1ef50154
+	reseed counter = 1
+EntropyInputReseed = ac7b416ee8b0b0eb336edc545de0d938
+AdditionalInputReseed = 
+** RESEED:
+	V = 36f64c3a05e4fc38e02038b7057a6795ecf1da1e0e3d07b2e45b1d7803e7f38a2305cea80b290c389bfd916a2e3682abfe43c913a9e155
+	C = 4cdadea3627e83afeeae6b466b11f46d1580c0ab4dcbcfeaca51fddd47e0a05969fd3adf5b62ad81ce6e91280a0883d3eb27f0c10a50bb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 83d12add68637fe8cecea3fd708c5c0302729ac95c08d79daead1b554bc893e38d0309e38c6573a3bf315abbafba2af16342dd5f3a3d1b
+	C = 4cdadea3627e83afeeae6b466b11f46d1580c0ab4dcbcfeaca51fddd47e0a05969fd3adf5b62ad81ce6e91280a0883d3eb27f0c10a50bb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 06e354a901e45ce7064afd0e6a44c1d01b75176ae522f65b7a376b623804365935a5ca38405f4dfa7d5c7b74f2559cffa6f82081c1cd7098e2e0ac61f37eea5f144c1b307105c5de3a53ae1478601f7c
+** GENERATE (SECOND CALL):
+	V = d0ac0980cae20398bd7d0f43db9e507017f35b74a9d4a78878ff193293a9343cf70045b2fd504b2a77dbd49020518da08c9b0b874fa76e
+	C = 4cdadea3627e83afeeae6b466b11f46d1580c0ab4dcbcfeaca51fddd47e0a05969fd3adf5b62ad81ce6e91280a0883d3eb27f0c10a50bb
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = eb285895a837ac2f9db6c976b80ad9eb
+Nonce = 911216509a9df810
+PersonalizationString = 
+** INSTANTIATE:
+	V = c73f3fc300cc6ff09d2b1eab1d517f0511478f48d0e2fae31a3e05588cc2e0a7758039a0ab01dccfd0dcfb3e7278d01a4d5b32ebc0ac71
+	C = f04266b961846827f01668b9efd8221e4c4f80aeb8e04a7ad54fe6a57eb50d88e22cd18eea16b838a3e151fbec378e14f324f905d821c3
+	reseed counter = 1
+EntropyInputReseed = 32e473c2a035c3c62b713922c45184f6
+AdditionalInputReseed = 
+** RESEED:
+	V = a1744f44ef6ea8c5cb2e6f0e4968fffb895ddd1eb6953938af0e8ea802e5c50048117bf2d2dca3a75cef99b4d1ed9cf716d56a6d3f1a6d
+	C = 99cbedad9fdce950e96d35ec48a0c006db6864a12a20d07814407c13903e6c0a2f3e693678daac4566c98fc9dc34df706d3346a2027745
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3b403cf28f4b9216b49ba4fa9209c00264c641bfe0b609b0c34f0abb9324310a774fe5cc62430a3634942aa8e199ad0c971c39015bea70
+	C = 99cbedad9fdce950e96d35ec48a0c006db6864a12a20d07814407c13903e6c0a2f3e693678daac4566c98fc9dc34df706d3346a2027745
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5890f5374dd7159cb7ceaae8269bb0bd96de0b0828f08e30e2d241cf7e299cad87c7c0ef812b9f4df0475aa74c03d0a9fb9d412785fbb7a64ccc1ff407631ad59159cd65419cc4260a4b0cc25caff34d
+** GENERATE (SECOND CALL):
+	V = d50c2aa02f287b679e08dae6daaa8009402ea6610ad6da28d78f86cf23629d14a68e4f546ee07a20f33dc94215fbb63fd370085b15e6e8
+	C = 99cbedad9fdce950e96d35ec48a0c006db6864a12a20d07814407c13903e6c0a2f3e693678daac4566c98fc9dc34df706d3346a2027745
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = dbf8ac783ade1983bce1404ccb1107e0
+Nonce = 97742b57e9457504
+PersonalizationString = 
+** INSTANTIATE:
+	V = 154bc2ecf3f7ea22da7f420a8fa55be58cd3f85341bd298759da2fb303d948df61c8fe79947a468727ab578f1ef083a3d92f8069b76a92
+	C = 5bc03939f12ea9e2bcd6065631598eb45df65366c537367c3957227bde39bf9f7e38f0adc6e14cddcee9dd07247f5a6f364fc20ea49ea7
+	reseed counter = 1
+EntropyInputReseed = 7f02e4faee9a4560c217e73cdfaa2dd3
+AdditionalInputReseed = 
+** RESEED:
+	V = 3f46bc1cdb1fc987c7304b87b2e70ad052b2676b50dddd94560f4124fd2c265888f62dbd122254001e0f448d7fa216b0db2e7c4ef4bed4
+	C = af78ed60ecdc1304e2fb4cf3b6f55403261f98b7864a46d5ef6143fc3f8d239210e8a4a1d07c3e07e810c70d824934b9a029a165b1ecb6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = eebfa97dc7fbdc8caa2b987b69dc5ed378d20022d728246a457085213cb949ea99ded2f9a43f8da36a9d9b0f916a30063f9d9b9d7fe60f
+	C = af78ed60ecdc1304e2fb4cf3b6f55403261f98b7864a46d5ef6143fc3f8d239210e8a4a1d07c3e07e810c70d824934b9a029a165b1ecb6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 85a842eed79eb224babaa1d4bda1b19434bdf3944bfea6cad175bb8e0066c58db71a0cc96dde7d316ee598b60da6b5be3a91c83376f42dcbe2c9e351d326940f732ea13fa9aa485d07df856ac93e9192
+** GENERATE (SECOND CALL):
+	V = 9e3896deb4d7ef918d26e56f20d1b2d69ef198da5d726b4034d1c91d7c466d7caac777cf03f492a7206a61e3943c603c3763a0b4d6bbaa
+	C = af78ed60ecdc1304e2fb4cf3b6f55403261f98b7864a46d5ef6143fc3f8d239210e8a4a1d07c3e07e810c70d824934b9a029a165b1ecb6
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 890c9fcec7129f3567e20584dec9eafc
+Nonce = cbcd3772d2d6ef05
+PersonalizationString = 
+** INSTANTIATE:
+	V = b56a1db0b5dd5198d4aa95e11b279aaaf5a16373989dd233e93963d6d7a66b70d5b266ebfda3101abf3c02ec86db99a62af45a86a024d2
+	C = dd5de8c7fda2559075c88d95f7e426ec313087bbe45a342bf3b001be815ef364c7d56d3ddfdf610e7b01554eed52a7169b18d5133f13a8
+	reseed counter = 1
+EntropyInputReseed = 80f0957e64e02b8ff81b062f0e63cc79
+AdditionalInputReseed = 
+** RESEED:
+	V = ed8bd7dae4d81f437576b268b483a7bf5cc9246d44bc111acd1bd2c042de4d35624abd62c1073ae2bd9d9655c1b498b0038a60a92c205b
+	C = f7777c4b01e422a7c199fda4b0bc475df184b1abd6c5363415b64b05aa455693fc345aab5ad0b2c1fbbdceb892a59c2bdf8f2c53c73c39
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e5035425e6bc41eb3710b00d653fef1d4e4dd6191b81474ee2d21dc5ed23a3c95e7f1873c3cbbf0927ac5105a3dba5848598215e255317
+	C = f7777c4b01e422a7c199fda4b0bc475df184b1abd6c5363415b64b05aa455693fc345aab5ad0b2c1fbbdceb892a59c2bdf8f2c53c73c39
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = de29430ad7221cdb1e71a3a89a50e610880592caf048ef2e1abb8de68f5a1380341680c82b230e1827eddc5428af26bf251e38b1adf507db6c3497a7a0c062962e17823291187d70e0be9a46b68ee670
+** GENERATE (SECOND CALL):
+	V = dc7ad070e8a06492f8aaadb215fc367b3fd287c4f2467d82f88868cb9768fa5d5ab37332a63ad37991e50f00b9bb79fc3efc6c13705603
+	C = f7777c4b01e422a7c199fda4b0bc475df184b1abd6c5363415b64b05aa455693fc345aab5ad0b2c1fbbdceb892a59c2bdf8f2c53c73c39
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = a86c28798a0fb0a4030e384e6fbbc6f3
+Nonce = 4f78b54ea10cf9c2
+PersonalizationString = 
+** INSTANTIATE:
+	V = b798a8dd67de6c99fea4a15ec8e2a54ff5c4a14bed09f71fcf0544e31958b96344b923a1f808ad9615c008976133ad47825853d3b30bd6
+	C = 3a00c14c3acf89ba9e19a6131db6512b366b50decd7d197b7b0cf2128b25686e09387634ae86701573567e17d101b79324c70f97525c37
+	reseed counter = 1
+EntropyInputReseed = a5c20788ed12db25f0745798a19b6e2d
+AdditionalInputReseed = 
+** RESEED:
+	V = c58f0437b4778f09585b69a30178f94471ee425ef665f4abcb1204ad65291dcd23aebf7d10ce50bf836351159bfde6d62169091677efef
+	C = cf82944f33ca6787a894f7346fa11afb868686ce14eacdd3f532afcc96bcbaa09814d4b049e57effef9754ae07eb75334af546d2bfa888
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 95119886e841f69100f060d7711a143ff874c92d0b50c27fc044b479fbe5d86dbbc39524cf8fb7e40c79ef4bb69aa32411607c917064ab
+	C = cf82944f33ca6787a894f7346fa11afb868686ce14eacdd3f532afcc96bcbaa09814d4b049e57effef9754ae07eb75334af546d2bfa888
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 72c3d8df40c46bd6765c83471f60dbbf4147073f4aeccfae739866494cb36f89a0c681ec6fd39b0718ef058c019ce0c40bf9341d89d08a733772018c9e6463e2062a5bbf66fa1ae5f4abe35748e4f234
+** GENERATE (SECOND CALL):
+	V = 64942cd61c0c5e18a985580be0bb2f3b7efb4ffb203b9053b577644692a2930e53d86a75becb7b8e3255e930878d8a3d2d1a8f78f86e3f
+	C = cf82944f33ca6787a894f7346fa11afb868686ce14eacdd3f532afcc96bcbaa09814d4b049e57effef9754ae07eb75334af546d2bfa888
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = b2de3b2bc48d6ae7d42845e15f63211a
+Nonce = 017175932f55759f
+PersonalizationString = 
+** INSTANTIATE:
+	V = eef0ceb876c3092cb6814aaf0621ee66a2b1398fe47b277a111cd89fc9ff29ac9a6b04161eea48e971280d115a464daac92a25873eba1f
+	C = ad59e26a0892e96474ab6d0678c42ca3f259dbce47b190f67619d12a8c8ade851ad4c5047f5db129b440993fa7dee0aa6785fea95dbf59
+	reseed counter = 1
+EntropyInputReseed = 27e6380f3ad03d410dd82e61f010b359
+AdditionalInputReseed = 
+** RESEED:
+	V = 3edfbbe7f1dd9581095e2e2d2aca72aa198e7633306c36afb178bab180ef31aa9bdb31a0bb33c7dbf039f3a1f4c6e4d801e65579967e72
+	C = 7b41b89816704323ae9af33d9f5956aab281b296aace4f8d0989effa4303d079a99255cc6cf636117b4219c694c2d4599d2ef1fd81e0f4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ba217480084dd8a4b7f9216aca23c954cc1028c9db3a863cbb02aaabc3f30224456d87afa693b11c43ded432aa25e904a2b6072961135c
+	C = 7b41b89816704323ae9af33d9f5956aab281b296aace4f8d0989effa4303d079a99255cc6cf636117b4219c694c2d4599d2ef1fd81e0f4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 126097a1fe2616c4e51542ddb2af639c4a71af1854d2010b019a6c35deef4b00a77abb6c5830637bae2225a294191cd7b938b27c3b41da908f30f1e36411141bedea62b457e40daf79ea721f8d00b4cf
+** GENERATE (SECOND CALL):
+	V = 35632d181ebe1bc8669414a8697d1fff7e91db608608d5c9c48c9aa606f6d29deeffde4e1d97fbf3cc39fcabb213ee49186f8e38a3f96a
+	C = 7b41b89816704323ae9af33d9f5956aab281b296aace4f8d0989effa4303d079a99255cc6cf636117b4219c694c2d4599d2ef1fd81e0f4
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 28ad887a24414de555d1d5902a2c21f8
+Nonce = e4bd33c11ecf17c1
+PersonalizationString = 
+** INSTANTIATE:
+	V = f62e06c94d9e39f9d80f845c181067f20658d6ee5933a7dbfffbe63f823678e032caa0d98e122c02161d2e69eccc5cb961e0a872496dff
+	C = b51971f675df1b0a92a56f8e09afb8f76d1eb4798b0480f5f603fc5a89ccf20248cfe58ef5ee2271f5ebedaf9db04b0faa3ea9b8961c51
+	reseed counter = 1
+EntropyInputReseed = 5be4be4add05d0241e1adfd93b3bb52d
+AdditionalInputReseed = 
+** RESEED:
+	V = 21a120a3685a3667150502f518c39bf4d49db1f9bffcd79b5b09264eef70b6b50311afec7cff55f9480ec436fb1fc56edf9009f005b10c
+	C = 3c5e2d228864be6fcd83eea4947105f0d63cb0a48ad3d3402ac702e3ca34b3d77f5641d4fab7ca4a48f35eac6942faa85f875f283bc426
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5dff4dc5f0bef4d6e288f199ad34a1e5aada629e4ad0aadb85d02932b9a56a8c8267f2a6f810aa1ad20c596cd237be522935274d7ddf50
+	C = 3c5e2d228864be6fcd83eea4947105f0d63cb0a48ad3d3402ac702e3ca34b3d77f5641d4fab7ca4a48f35eac6942faa85f875f283bc426
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 98cad340587d0033bfe99457eabfb4a1ddcd4f685fffc5da4608cb9dc97da84ffeb674131ec8178d22737fce01f16d930756d8b29f21623d73a91901529cb24582d8f49424809eb0b5a0185afa1fe3fc
+** GENERATE (SECOND CALL):
+	V = 9a5d7ae87923b346b00ce03e41a5a7d681171342d5a47e1bb0972c1683da1e6401be35009cad918792231e10f72855fc33989398573bf1
+	C = 3c5e2d228864be6fcd83eea4947105f0d63cb0a48ad3d3402ac702e3ca34b3d77f5641d4fab7ca4a48f35eac6942faa85f875f283bc426
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 6501b61d190ff2a1aaabe9f6101aafaa
+Nonce = 86690830867431b8
+PersonalizationString = 
+** INSTANTIATE:
+	V = aa26621ef9049f81aa48b24b2bbdcdff187b4324fa606549255dd02159be930664ec60d7b71ab33b5d35839a43e5c175c539413c11ac4d
+	C = 7c9f57e634d730fc89c61b16a77dadf126a1b05c8c8dfcaac3a2dd20689a122fcb2ec969a37d258c3034402154ccd3dcc51be1127a7577
+	reseed counter = 1
+EntropyInputReseed = 92ec6354269bdab2aec98a61900ac99c
+AdditionalInputReseed = 60ffe5a618e324c52838f24169e13d7f
+** RESEED:
+	V = b18a31ed40be8d30a47ec0eb78135856dd4224ff02432a273ac947e3e07e38f9bb1f87d59ee7f32151e322ddfbff28732dbdb6ed1add7f
+	C = 2cb4a68ba393ed31560bbf7afba31974e50e8b6cd80204bae296e0ce5c94e3e4e6c98ad27a6d05b20493f786c0c19ac7b8f07695781778
+	reseed counter = 1
+AdditionalInput = 8832b134467a5e5dc774f14985063b60
+** GENERATE (FIRST CALL):
+	V = de3ed878e4527a61fa8a806673b671cbc250b06bda452ee21d6028b23d131cdea1e91448761230a461e2d1d10caa0a7e9bcf1291ca8675
+	C = 2cb4a68ba393ed31560bbf7afba31974e50e8b6cd80204bae296e0ce5c94e3e4e6c98ad27a6d05b20493f786c0c19ac7b8f07695781778
+	reseed counter = 2
+AdditionalInput = 37118f7cd97adc39eccd7030e0668ca3
+ReturnedBits = e299d33a9e1ce7aa94a84e0cae6d5e78be5b73009c25a832354fd12fbb02967e126372c9af6c95fe2a0f03fe2458a8978c3dfdd7844ade83a82217537f0d2ea5abb90e07bbfee8deebf45315ad258cbc
+** GENERATE (SECOND CALL):
+	V = 0af37f0487e6679350963fe16f598b40a75f3bd8b247339cfff7098099a800c388b29ff2c16e1467c2dd55fcf480c38e462d3522b811fb
+	C = 2cb4a68ba393ed31560bbf7afba31974e50e8b6cd80204bae296e0ce5c94e3e4e6c98ad27a6d05b20493f786c0c19ac7b8f07695781778
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 081b2e7a5ea9ce1d602f272e675a787e
+Nonce = 167ca2728fb35cf4
+PersonalizationString = 
+** INSTANTIATE:
+	V = b7c715c61b11134b4b2e20a0231d36811c56e50402c7bd288aaaa91b364fd497042e8f1ff448921a35415136bc63fddbe23b443354b2ac
+	C = a7900b092d368bd345723cf30faa8061ca7d1e71a916f11db5007c6ee91b6e5ffb9e69dbeb0ebc40848fc65ae2e8d2b0fda5b1b97e4e32
+	reseed counter = 1
+EntropyInputReseed = 98f0f03c706a6e694543404171e734bc
+AdditionalInputReseed = 4162a08f17f36ea1e1dd5a87a371d1e7
+** RESEED:
+	V = fd1fdbd8f4b3ebb416223e590be4cd8dc7f9e72dd3e3e30318f63d1ef1926992e7c3cfae70f79729fe9897987bb361995b5da56b7c1b15
+	C = 68c0d948c24dfda5a22ae122f480120805f468e0a9399485c14b77c6d3f0b9554bb30f38581a0c878054edc183f4738928f36f217497ca
+	reseed counter = 1
+AdditionalInput = c9229ce396d7938d8930b1fda83c1f78
+** GENERATE (FIRST CALL):
+	V = 65e0b521b701e959b84d1f7c0064df95cdee500e7d1d7788da41b4e5c58322e83376e05ba68ec228b00d35e34a6ef190a7d513eec525c3
+	C = 68c0d948c24dfda5a22ae122f480120805f468e0a9399485c14b77c6d3f0b9554bb30f38581a0c878054edc183f4738928f36f217497ca
+	reseed counter = 2
+AdditionalInput = b043db8eed6e30338fe93de9e79256a6
+ReturnedBits = e22f7a55ef3f3cb7f866ece2dfcd080fcb3d162dc90b712c0564bcf5e38a513b96b7fa2f9a3e36279ba3ab09ce683737d6ddce42b473300827c2f56d49963dcfc51878b15b1544d3377a1ab8f987e1f0
+** GENERATE (SECOND CALL):
+	V = cea18e6a794fe6ff5a78009ef4e4f19dd3e2b8ef26570c0e9b8d2cac9973dc3d7f29f0a39c5f6e5f170a50527ddfcb624360164f9f7c99
+	C = 68c0d948c24dfda5a22ae122f480120805f468e0a9399485c14b77c6d3f0b9554bb30f38581a0c878054edc183f4738928f36f217497ca
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = e97b694b27b7683e4119e565d5c86917
+Nonce = 469717305674a5d2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 562c3e90da7a07b2da9f76c9bd45ee58312245bf9a9cbcb2f15e64b277d6b98463601a619384e737933ab1bc548b8413341905100ca35a
+	C = e3f114cab78dd7ebd99c8451be82a279be4012c2f9c596764831060868060edad2fa274558f8930e325cd94f225bb8ae0f9a86495c0483
+	reseed counter = 1
+EntropyInputReseed = 060cc31630bf9e3ac2ccab67d4ca0395
+AdditionalInputReseed = 5ef3dc56e2d26bcdaf9802913b24e7f7
+** RESEED:
+	V = 3e7a7b4477c918b755d62f2434cc5ece29dd070592a7f7e5786794838ef1a44c14b87a65912dd84df4e4b58c51201cc6de34f283e12cd6
+	C = 22e1ea55755b0a726f1012b66930281d2640b2b9f6f391707f97abf1b0583ae37abb383d94cfc34be33fac4780f6025c45886c519c2b69
+	reseed counter = 1
+AdditionalInput = 31b8460ca4d6a3755d97caadf1e30ae0
+** GENERATE (FIRST CALL):
+	V = 615c6599ed242329c4e641da9dfc86eb501db9bf899b8955f7ff40753f49df2f8f73b3c5465ef144709ddc1aaef8e4594cdcc8d4d3f374
+	C = 22e1ea55755b0a726f1012b66930281d2640b2b9f6f391707f97abf1b0583ae37abb383d94cfc34be33fac4780f6025c45886c519c2b69
+	reseed counter = 2
+AdditionalInput = f690f1c6d4545d06ab9af83bb93d6b97
+ReturnedBits = 5bc45bab73bbefdcdea0b625469fbcb65057daaaa021f0c5b5ed88052df93e20347223623e3f532d98ead81db82760391b64289b1c1bcf8b2861393f958ed2a43223972c7a7b80a923ee0ea2d96e7cb3
+** GENERATE (SECOND CALL):
+	V = 843e4fef627f2d9c33f65491072caf08765e6c79808f1ac67796ec66efa21a130a2eecf7ff80d7f23506064d4a170c595e529c1ad28063
+	C = 22e1ea55755b0a726f1012b66930281d2640b2b9f6f391707f97abf1b0583ae37abb383d94cfc34be33fac4780f6025c45886c519c2b69
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = b5c48cb4689c3e63723f39bb6b5ec73d
+Nonce = c4e64d63424db71b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8c2fee695bbc49df9cc76a71b174ed7c04323d28d5be296c15c30dbdefc09ece75cfec8620683ae811bd8a5c491bb0bf96b69ca40e07e0
+	C = aea2b22de41ca38fe2e079647af3d8b39bf05a5e876110c1a7f0729bb2c12ce40ff94d97b2d6c535a15c12fe079a32e1913397c2fdb84b
+	reseed counter = 1
+EntropyInputReseed = 44d3415293439d25add42eba295db840
+AdditionalInputReseed = 79bc05165859219e84f2c2ae1d93a8b4
+** RESEED:
+	V = 45dc8d756aa608f79977296316443183f2d1ae800cfb7b8f84860614532816016db3a1ee07064a17fa1c99c383ceb190ac9f3e0beb1abc
+	C = 3aaadecf24c3d13f8c631532966c445ab7dfd5978d140fe2220404db2745818817823133d23af44978a10c5b4c71b3ee4be5c02508c3a3
+	reseed counter = 1
+AdditionalInput = 952074aee48ccb8ac0d619e907a0ec89
+** GENERATE (FIRST CALL):
+	V = 80876c448f69da3725da3e95acb075deaab184179a0f8b71a68a0aef7a6d97898535d37facc0d4ac9e1b8a5a3ecd0704b3e58fdfb62214
+	C = 3aaadecf24c3d13f8c631532966c445ab7dfd5978d140fe2220404db2745818817823133d23af44978a10c5b4c71b3ee4be5c02508c3a3
+	reseed counter = 2
+AdditionalInput = 98253c70258861bad59e5407dedccafb
+ReturnedBits = 9c5839c4ed368c2e38840855a95dba0df211494b07fcd70eb247a9f56249c31aaa199f65416e772987a949d8c6a8c99cabf436eb020ddabb5c48d387c74c65e0a6a216c8227d3edab770d0be4fcc37d9
+** GENERATE (SECOND CALL):
+	V = bb324b13b42dab76b23d53c8431cba39629159af27239b53c88e0fcaa1b319119cb8062186749d329ab2565d3d1be29378b46a2442062d
+	C = 3aaadecf24c3d13f8c631532966c445ab7dfd5978d140fe2220404db2745818817823133d23af44978a10c5b4c71b3ee4be5c02508c3a3
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 033b20b3d8e1abe542aef9ee39e80e71
+Nonce = f96caf9bb659adc8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 90a68797b8ee18ff3f23f61aaa5ef3305a4d87d75532759780ca4a24f5658b5d0b940c3241631af03d16083721f143e1c54c0c1c02a582
+	C = 7e348c5a2cea8ecce7e5625bdad8a971ee1f9a1e2c12a3aaf3296a0a00bb9530609506db4c3ea385f8262911f0bc98668f72ec9a042ad4
+	reseed counter = 1
+EntropyInputReseed = 966b0cf2bd05c2a7061cef2a1b41a064
+AdditionalInputReseed = c669f10cfc7872ff66cc99308a41c24f
+** RESEED:
+	V = 9f00597e87f7bc9369782cc03f509f9aff649603b1cffd042dd98a48f4019bfda3de7730ac3ca4c50225cdd483f9b6594608bf1244137e
+	C = 180a42cd692cb155dce3ecb48fb2be8fa91e9d0a67cbe176349267ad1d92543b9502eaf709ee37322f2767bbc27be5dbd6416413124fa3
+	reseed counter = 1
+AdditionalInput = 60467f32aa01e3a4b10f0c7aab773c66
+** GENERATE (FIRST CALL):
+	V = b70a9c4bf1246de9465c1974cf035e2aa883330e199bde7a626bf1f61193f03938e16321ba4bef8a98e5a1df4a0c57ff9ef0c37709c0c5
+	C = 180a42cd692cb155dce3ecb48fb2be8fa91e9d0a67cbe176349267ad1d92543b9502eaf709ee37322f2767bbc27be5dbd6416413124fa3
+	reseed counter = 2
+AdditionalInput = 7a754d665987996f1dd11d14f84bbb3e
+ReturnedBits = dd2f522f3fe6153ded39077ada175b4cfc848a5c9c053a4386abc59b2d77dc1dbdfea51495deb3d42becf8af29d6de1e05fcb986225f15840ca271ebac6f464ab3befb8447a0e915c6897fad7d2e1f1e
+** GENERATE (SECOND CALL):
+	V = cf14df195a511f3f234006295eb61cba51a1d0188167bff096fe59a32f264474cde44ef904f3378cdaf4576fccef61ade6f7e5ab157f29
+	C = 180a42cd692cb155dce3ecb48fb2be8fa91e9d0a67cbe176349267ad1d92543b9502eaf709ee37322f2767bbc27be5dbd6416413124fa3
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 4cda35e84cbc0b9b61639adfc41706d8
+Nonce = f8089123e4990541
+PersonalizationString = 
+** INSTANTIATE:
+	V = ea0b1bb0fe6e22f68ca99a226bbb989e98c129fe5a43fddbeb130e0dd78d935f9c457bfc28b76c486321b31c30b57b17eb95fa0c8dde96
+	C = 2ad2b8cea51002dc9b377450462661a4721130d5d6dbd1b9924cefa0ee332482709487e88b1c93fa8676ba57287176134bc69037a0808e
+	reseed counter = 1
+EntropyInputReseed = f1b191ccfc897dc47a55f44ca1114951
+AdditionalInputReseed = 127c6df989497363bc352dfb7e57ee94
+** RESEED:
+	V = 6797cbd9ab4f13a769b8137b56ad08e8b077b9c811747500e66103a600520f8580a236dc81e0e644a1ba4278717f293ae75fef6ced656a
+	C = cf34f6d1db11d72e1fd9290fb1e5debe4e8ae563a5acbca598235d30f94f39361a2822d86c6f35aed7326a16cdafa33227add097a93276
+	reseed counter = 1
+AdditionalInput = 01f838085dd1970c56c86c0ab517c2a6
+** GENERATE (FIRST CALL):
+	V = 36ccc2ab8660ead589913c8b0892e7a6ff029f2bb72131a67e8460d6f9a148bb9aca5afa504fc7d02319c228e6969824704e6c1d2135ff
+	C = cf34f6d1db11d72e1fd9290fb1e5debe4e8ae563a5acbca598235d30f94f39361a2822d86c6f35aed7326a16cdafa33227add097a93276
+	reseed counter = 2
+AdditionalInput = dac4d64a82a931b1403be0bbff4d4e1a
+ReturnedBits = 8ab6b307d52f1f51ee42831fcf6e57c0cee69f3eccc0b352f1c85a9c0dbd25aaa7bb1b2810e207ee14ab784631a646a63685e6ccc295c6f162d0e8f85d0e0571aa64ddfb1d771360dcb0e75c2d473223
+** GENERATE (SECOND CALL):
+	V = 0601b97d6172c203a96a659aba78c6654d8d848f5ccdee4c16a7be07f2f081f1b4f27f93bdcd95276ba709b72d1e5f10bf955b8f128735
+	C = cf34f6d1db11d72e1fd9290fb1e5debe4e8ae563a5acbca598235d30f94f39361a2822d86c6f35aed7326a16cdafa33227add097a93276
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 1a5fadb4dbd948cb14cb4f8e298fa3bc
+Nonce = 19fb38a0a608ccbd
+PersonalizationString = 
+** INSTANTIATE:
+	V = ecbd88ba345ac831c42c6ec413fb36d118207a3ff41b3dcb84c98aaeb942454e9c62202b84123907f1505e3caccd30a428a5b3e98c1c43
+	C = 9d117e96ee617d64f89e264cd6d88eca92f1381709acccda7adf715968ed1b75babc95b76d04e28a4186adc78f8f51b21c91f78c70218a
+	reseed counter = 1
+EntropyInputReseed = 09cd5a0bbd8901f14e54666db88967e7
+AdditionalInputReseed = aa4100c8ce6e317f5177ea3497f9c590
+** RESEED:
+	V = 11a48deb35a6bf45d506a80297ffe1e48b3439a575971a673ad12f2b3d8fd93e311e0309377cf7d790abfbb800c349f628817452240dec
+	C = 0d6a44bcf05b870416ea83a459c74c639a7192955512c80d0e73fb3668b2e61abe08135f32c1bacb8e13e27340e8f8e4623606e3b438f2
+	reseed counter = 1
+AdditionalInput = 011656f23a855ba3abd02f8fdf20621e
+** GENERATE (FIRST CALL):
+	V = 1f0ed2a826024649ebf12ba6f1c72e4825a5cc3acaa9e27449452a61a642bf58ef2617942df3c6b95e07225dc8abeb19456b85f3c11245
+	C = 0d6a44bcf05b870416ea83a459c74c639a7192955512c80d0e73fb3668b2e61abe08135f32c1bacb8e13e27340e8f8e4623606e3b438f2
+	reseed counter = 2
+AdditionalInput = 41816b1ce43f89b519c4bc820b5dec71
+ReturnedBits = adfe1e36b8e996b813959be221c14e9933a25b648a5270fe57a05ee7bffbb2eafa87d85b9a087ae01fc5e4192623cdc6dc51b011ddc11bb7a4652ecbfb4a75a68c82556f0ccc34520045a4d2ccce89c3
+** GENERATE (SECOND CALL):
+	V = 2c791765165dcd4e02dbaf4b4b8e7aabc0175ed01fbcaa8157b925980ef5a573ad2e2c07df22ec96e45f0a5966d4d9897a64fefee4f4b8
+	C = 0d6a44bcf05b870416ea83a459c74c639a7192955512c80d0e73fb3668b2e61abe08135f32c1bacb8e13e27340e8f8e4623606e3b438f2
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 342b1e477fb5c61d140475222dff324f
+Nonce = 31f3b7ad39676083
+PersonalizationString = 
+** INSTANTIATE:
+	V = 31ecef71368764db9cf33706619f93e008f3a01981b162f0909c91b351c728f65a5bc9ecbe2a47950c6caed88505259a52df485e67e20b
+	C = cb887ea33c1d646afc7b4d240e05aafc64bb610d1942bb423e4952303255ee1dd2a737d79d3f216e955d67dc140930d6488e818ebed0de
+	reseed counter = 1
+EntropyInputReseed = 2b12071317a784fe98c447923c35726d
+AdditionalInputReseed = f62a92c16b5211321666ae24221b9cd2
+** RESEED:
+	V = fc9228bb298a8a4e65bccd3fb519cd3a6dc5fcb4869effcdf31b082c00bb450152494e8a3ea27ea07bcc74ca2df04fa1892151ed1c392f
+	C = f04adde8489c728da757aceb3cd27c33a0f277301ad8655fee4e63211dc466d04f2b865be1aa6a1cbe6ed253b338b39ce270d4f95025df
+	reseed counter = 1
+AdditionalInput = 0c2e90c0b47a203a292ec0a649540038
+** GENERATE (FIRST CALL):
+	V = ecdd06a37226fcdc0d147a2af1ec496e0eb873e4a177652de1696b4d1e7fabd1a174d5c94f176478858b71bc73d971d5d125547800140a
+	C = f04adde8489c728da757aceb3cd27c33a0f277301ad8655fee4e63211dc466d04f2b865be1aa6a1cbe6ed253b338b39ce270d4f95025df
+	reseed counter = 2
+AdditionalInput = d15617586959de2a1cfa3208df469803
+ReturnedBits = 1a09ff361ce29762e1f87f011d640c9e40a518da90546bd372aabbbadc20a163102bd2490b28e13f716c630135ca9d90cc9a5a319a702602a96fe3f8e4c11ef38619cd4d55b8e97226996d5352930185
+** GENERATE (SECOND CALL):
+	V = dd27e48bbac36f69b46c27162ebec5a1afaaeb14bc4fca8dcfb7ce6e3c4412a1f0a05ca4046a26f112fbcce90a9f9985d782861043fdab
+	C = f04adde8489c728da757aceb3cd27c33a0f277301ad8655fee4e63211dc466d04f2b865be1aa6a1cbe6ed253b338b39ce270d4f95025df
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 3af24ee39e95364c3c042571dca9302f
+Nonce = 2539d343eaccd5f4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 71e0b4f325f795ad396dcddf00ce00ea3a40f67c85259f164f1ff1110531acd50d5dfad3b9b8cf385c6b6991f9c3672e4248042c84c0c6
+	C = 1f0458db10a4401ec9ed9c4b85ddb9dbb9696a376fc47e8a23692eacce0c40c2d82426721310672c0d73c2843f13c969eb346192350ff4
+	reseed counter = 1
+EntropyInputReseed = 2ad0382d2903b34eb1af0b92fa4d0cb7
+AdditionalInputReseed = e56dbc941b5e623ca923fdc797105f25
+** RESEED:
+	V = 4d3fd6b476779f36769a324bbd2d62ca2ae1af13a82501c6f34561175bec834265a3e98e6781c1dab29ca4ed4821475c806287609abd58
+	C = 0166357691e0b4f46d21262aada726d9b72d47ee5a1efced2e97d03e326a3e0fd1138ab165bd76e9a003e804ce5e54c1f7874d9f9f4b12
+	reseed counter = 1
+AdditionalInput = 6d5420f13684316525852a26986e3f31
+** GENERATE (FIRST CALL):
+	V = 4ea60c2b0858542ae3bb58766ad489a3e20ef7020243feb421dd31558e56c15236b775c3e7731be74a9af81da38c372ad3624a95ecf880
+	C = 0166357691e0b4f46d21262aada726d9b72d47ee5a1efced2e97d03e326a3e0fd1138ab165bd76e9a003e804ce5e54c1f7874d9f9f4b12
+	reseed counter = 2
+AdditionalInput = 1246164c9a925f97693871e8f54b78b0
+ReturnedBits = 99914f45e5c0829c688a8172b2de77d3c9ac0fa93cc2339015f20af0a102da877ccfa9d6be2fcd7b7e5c244a48ea589649ab90b0ffad167c1f5dc3522c485cd47f78a7aa9971ddc23a540c671901b784
+** GENERATE (SECOND CALL):
+	V = 500c41a19a39091f50dc7ea1187bb07d993c3ef05c62fba150750193c0c0ff6207cb018d58d23a0e3c26747878c20cdc59894964daf8fa
+	C = 0166357691e0b4f46d21262aada726d9b72d47ee5a1efced2e97d03e326a3e0fd1138ab165bd76e9a003e804ce5e54c1f7874d9f9f4b12
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 569a3976f8bba86ad84c7fcb713a2b06
+Nonce = 224b5003b239667e
+PersonalizationString = 
+** INSTANTIATE:
+	V = d53522f87bde1da7adadfebfc59417a70477a26ed43309cc829946eae9b0f544f510406b59a09acd28349b63763a79a82fd4100ecb9037
+	C = b6bc7e0fa5834226d12e6beff9a9162109ebc82864f504a71b9b1148677599f70455ac284fa717a2a994129cdedb4e4bbca5468f95346a
+	reseed counter = 1
+EntropyInputReseed = 9c5be17c210b6ba78d502c4b6d71ffa1
+AdditionalInputReseed = d5d4a3c97585cf34022d81e436b6ef7b
+** RESEED:
+	V = 542d0d94fdd3ed8624b1c442a7beccb5f75054fb7dc5ac426abd890b5d76a283999496ca19616b79e9c945ee476ef28eb25c0cf6f14b3e
+	C = b37ea7074561e2c6b3f5a262c051ac6b8f8a0c9c095d50019b70f75e1df4b4912190f287218dde57a515a0e7bef4a8a5bca4240fe7d2fa
+	reseed counter = 1
+AdditionalInput = 539521c78413d1ac390106652fbc3e2a
+** GENERATE (FIRST CALL):
+	V = 07abb49c4335d04cd8a766a56810792186da61978722fc44062e80697b6b5714bb258a64789c8c295ccde30412b8edbd63fe410e7e614d
+	C = b37ea7074561e2c6b3f5a262c051ac6b8f8a0c9c095d50019b70f75e1df4b4912190f287218dde57a515a0e7bef4a8a5bca4240fe7d2fa
+	reseed counter = 2
+AdditionalInput = 1ec758aae6536a9d048712c2130866aa
+ReturnedBits = a239260c69a0405a17614b98ee78f81662db445bd125912489ecd4b8f68284d44d2dfed7459af57ad3666b933e95fef5954bc8a43f0666ec4fae2ea7e00ba01dee3ceefdf50bd64c0f88c0a64eb5da18
+** GENERATE (SECOND CALL):
+	V = bb2a5ba38897b3138c9d09082862258d16646e3390804c45a19f77c799600ba5dcb67d9bb160d1fd3dc287c6b5e002577f2f9c7bc4f2e0
+	C = b37ea7074561e2c6b3f5a262c051ac6b8f8a0c9c095d50019b70f75e1df4b4912190f287218dde57a515a0e7bef4a8a5bca4240fe7d2fa
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = e8dcf530c20eaa247a849fbfa61c55de
+Nonce = 70e76fb7931feef8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2dfa7fc1ef6f630ee2c984bd3dcde6db7acfae4bc188e6f22a442c4320fcc2aaf055f97bb9249b27a34e285ddf490e0ff918a66d965b76
+	C = af98733c2b306c97a5e626fe6c428bac0afe2ab38b40849b8e71730cd91fd487cd9335bf498774c9d256f3733388090d957c17404bd242
+	reseed counter = 1
+EntropyInputReseed = 9d1a3eac6607fbf478f9f70c62538972
+AdditionalInputReseed = 640249e1b193d0ff780caea979b372e4
+** RESEED:
+	V = 02e09e77786b9e5331e2f474aab169b2175b956c512f61fc66697bd5f9261fb0db0af4872448d229186992417992e062ac2a08cc26a7bf
+	C = 5f26d55be7d80e31e2b37c408952815012f5d2a6421900f6328ceda1610e54c072d07f7f28199474dbf1db01aff919483ace0ae9a5dd0a
+	reseed counter = 1
+AdditionalInput = 45e8b53d4366c630e23ef00bf663ed63
+** GENERATE (FIRST CALL):
+	V = 620773d36043ac85149670b53403eb022a516812934862f298f669775a3474714ddb74c90e1f76f52ac6c27fd9f14896d9adaab4b3b436
+	C = 5f26d55be7d80e31e2b37c408952815012f5d2a6421900f6328ceda1610e54c072d07f7f28199474dbf1db01aff919483ace0ae9a5dd0a
+	reseed counter = 2
+AdditionalInput = 387dee32c7405e8ec1bfcb150be10099
+ReturnedBits = 27208036d3145b33ab193561010ff5d4325bb4df8aa063b367312466ef30fdc4355f48242244b0023dfe7420f6c3c61c764eb16b96717997fbbabcc1724984aebed67d5e732c5dba9c65c13b508c20ba
+** GENERATE (SECOND CALL):
+	V = c12e492f481bbab6f749ecf5bd566c523d473ab8d56163e8cb835718bb42c931c0abf56149f3fb676e80f4ce0f6d265fba3ab84cdd2fe6
+	C = 5f26d55be7d80e31e2b37c408952815012f5d2a6421900f6328ceda1610e54c072d07f7f28199474dbf1db01aff919483ace0ae9a5dd0a
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 38ad63f96d6f41216b24ce00e610b296
+Nonce = abbf2da253661e2a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 595252b40089ac8a64bd09f7f32ae066c10f449d029890422042d75b571f694d4d68da6f5ca25b1552adeca617353f2502dcc4950674e1
+	C = 5b97840fc8b750ba25c40a6839e9feab820e2a12faa92ad3260fd2e2667d22483a7c4a7acb5071ff52c47beeeb3f39baf4bdaab20f5952
+	reseed counter = 1
+EntropyInputReseed = 8577e6917d89e36aa7b898313b28205c
+AdditionalInputReseed = 59279b852c43a7baea6619801550ad16
+** RESEED:
+	V = 24d75edfd76e09fd7b53daef113c94bfdbcedd7f674680c3a2522e929c7ce6129fa0c68e01bbc76134d2dc0c2c48a7e3f1336af8ae706a
+	C = 3170a3eb0bf4c65840cb1ed56b9a7204a96ea61b4907f0c0f73110e712553278b835140f96e923cd7e35380f670202e99d98260ce62c40
+	reseed counter = 1
+AdditionalInput = f2005c93a3ed265138aded6f0f3bc938
+** GENERATE (FIRST CALL):
+	V = 564802cae362d055bc1ef9c47cd706c4853d839ab04e718499833f79aed2188b57d5dac66b03275931dd59cb96296acffcb742515eb40a
+	C = 3170a3eb0bf4c65840cb1ed56b9a7204a96ea61b4907f0c0f73110e712553278b835140f96e923cd7e35380f670202e99d98260ce62c40
+	reseed counter = 2
+AdditionalInput = dc2cf3e797098e114cbd6b3a412f4b17
+ReturnedBits = a12b1d89a5571ca442d46cf7ca9885959231e8794daef693864e5068190b9e4c887737f40e05541d82d2737ad9b15833cdeeb823f1a383d71e10c6dcae811ff4ccba521457f51f73f9890696f7ad4486
+** GENERATE (SECOND CALL):
+	V = 87b8a6b5ef5796adfcea1899e87178c92eac29b5f956624590b45060c1274b04100aef2c54b961d98cfee43443b89904370e3729ad197a
+	C = 3170a3eb0bf4c65840cb1ed56b9a7204a96ea61b4907f0c0f73110e712553278b835140f96e923cd7e35380f670202e99d98260ce62c40
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = a70e8d4ef1fb23de04f66ef5a48bc860
+Nonce = b2f69cfca27e2990
+PersonalizationString = 
+** INSTANTIATE:
+	V = e2a73abaecb2e17efd3257c4826bc3fa33c3be4f94dc92b3ca288e113e27a9cd34cb053c689254a0751c6f5290aa725a433abfa164a1ea
+	C = 1adb9899e6b222afe6fe81dddc75cb165828487047b62ffb5cc4551ac2caec1382f1fd53aaf8397a49b91fb76921169f604f87c972068b
+	reseed counter = 1
+EntropyInputReseed = 6348878dc501973a9035c293f4c9a80f
+AdditionalInputReseed = bab59a1401ef880afd65313ce64fca23
+** RESEED:
+	V = d4314fb1cad44735d3100b10dafadf83f7a630a522b9c3195b365a968a7e1df5c8ba6ad881e36c52000188312e6f0a9260f915e10b33bc
+	C = afa8bd980b7446ceacf2bdaab03467dd0f7943e785707c61476c97a19c16d13992dac954fa370e69c582521cc6c012f60f52faa70660b3
+	reseed counter = 1
+AdditionalInput = 7abbd4145627e510d21f70785edda731
+** GENERATE (FIRST CALL):
+	V = 83da0d49d6488e048002c8bb8b2f4761071f748ca82a3f7aa2a2f2382694ef2f5b95358e0685d2eaffd11be03de6071803d018d00792ca
+	C = afa8bd980b7446ceacf2bdaab03467dd0f7943e785707c61476c97a19c16d13992dac954fa370e69c582521cc6c012f60f52faa70660b3
+	reseed counter = 2
+AdditionalInput = ac55a078204b3d00849095f23ed442d7
+ReturnedBits = 4d8b197c84baf1677cf1a61a8086efc3bf0e6f3c211cfe60a6eed83f48107a0dacd89dffa48a6ed8e87fbfb02cb95fdfb8e82911ac61264decd3673b61a482572b8336c8c5975d1ccae5c4c53d6bf59f
+** GENERATE (SECOND CALL):
+	V = 3382cae1e1bcd4d32cf586663b63af3e1698b8742d9abbdbea0f89d9c2abc068ee70000f491becee38e37d631299eb64d38ff33b41e658
+	C = afa8bd980b7446ceacf2bdaab03467dd0f7943e785707c61476c97a19c16d13992dac954fa370e69c582521cc6c012f60f52faa70660b3
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 73a0dbd103682524b9dd80e0ef5528f7
+Nonce = 9985b25f4419c1c1
+PersonalizationString = 
+** INSTANTIATE:
+	V = a2593e75d52637cdfcd48d70780cbfc40529238e455de755304816fda1176fbe939eaefebfe4c71f045aed7f3e256d3f4dbf7dded30370
+	C = 088ca011b86c54bff854943ba127e691a25b0199a659c5873cce3b83c6a6507a18458c49032e528074f9920fa0d336b014689b7dfb9876
+	reseed counter = 1
+EntropyInputReseed = b3973a22fe7eb708246aa19a1ffabfff
+AdditionalInputReseed = 5e82086b561a7929640b7f48e96aff0b
+** RESEED:
+	V = a9246dfaa5b578e822b46fb81cd2d49684c8115d526bb1e84fbcf28ffc1e49a00cd11faefa44f516c0aa7bcfc8d1706d2b4377cee5acc8
+	C = 81a438e16115758b0023918646893987f6323651dbc10c49b8cda626dc01194867732d9ca070e1841925cc47307b8dd4cfca2d69d29bb4
+	reseed counter = 1
+AdditionalInput = dbf867108e1f033f4d46dfa7e5060db5
+** GENERATE (FIRST CALL):
+	V = 2ac8a6dc06caee7322d8013e635c0e1e7afa47af2e2cbe32088a98b6d81f62e874444eed74161e2806f47957d35fb7d86298e91de0861c
+	C = 81a438e16115758b0023918646893987f6323651dbc10c49b8cda626dc01194867732d9ca070e1841925cc47307b8dd4cfca2d69d29bb4
+	reseed counter = 2
+AdditionalInput = 3caddedd157579f7c28a567ed4638808
+ReturnedBits = 8758d0344515b3c2dc0bb7bea087642c73890b776f52aac6a7574b4c44a4f4869fe72720839f2d93ca9d194b5b6188283077d0d07d539ff99930c57ecbe715eec26449a29a4bdd8a893da0390a6adfb8
+** GENERATE (SECOND CALL):
+	V = ac6cdfbd67e063fe22fb92c4a9e547a6712c7e0109edca7bc1583eddb4207c30dbb77dba27f24e7dbc14139958dc51f20bb71850b4c22a
+	C = 81a438e16115758b0023918646893987f6323651dbc10c49b8cda626dc01194867732d9ca070e1841925cc47307b8dd4cfca2d69d29bb4
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3174d0c6e8eb2fcd117444d9b0357f76
+Nonce = 4c9de440ccfb893d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8d247cc53823e18766ebaaf800a3d512c93d96a4f3465255d586bf88524bfacca6006102f0ff9bbcb97fa3737728b91e601290e043d118
+	C = c69979b1c04f786edaf197b4f273144bd8c81f95f9b6ff5163cb214bacf2427caf47195a84af58ca3d8a62a1319d1f894fede52022a88b
+	reseed counter = 1
+EntropyInputReseed = 81a83419ce3679cc396e1f588806a7d5
+AdditionalInputReseed = d87de5be122baae7f3f4e359a2cfeff3
+** RESEED:
+	V = 52b3aa0206d0111af1b9b8042b805d470ab5baf28b2b3359cb48c7894b38fac73507fe82be000dfdaa2581b6b8a07d566aadf86deb4c9e
+	C = 3aa28540cc205ec80d9c4d428cfb504017a70183cbacb574628be47c6ce6458472aafb80201074bbe82929ba965dbb63e8fa7174ba6c20
+	reseed counter = 1
+AdditionalInput = 488e0e9cc228b5229687d06843832b03
+** GENERATE (FIRST CALL):
+	V = 8d562f42d2f06fe2ff560546b87bad87225cbc7656d7e8ce2dd4ac05b81f404ba7b2fba276d4278169f83425d219020bbb3548cc014f53
+	C = 3aa28540cc205ec80d9c4d428cfb504017a70183cbacb574628be47c6ce6458472aafb80201074bbe82929ba965dbb63e8fa7174ba6c20
+	reseed counter = 2
+AdditionalInput = e5992f8a2ac65f54383d44899ea1e74c
+ReturnedBits = f3a252bf182cfa2404265c571da2b2bbca801453a7e7b9e962b34417cd2033e3118c378b4ce6aa6a048c3f89a8dc203fa1ebd70f1046e7863dc6887525c8025bda4a46421fe7c1d1fcb3e56dc71973c0
+** GENERATE (SECOND CALL):
+	V = c7f8b4839f10ceab0cf252894576fdc73a03bdfa22849e4290609082250585d01a5df86fd1d0bf85a8d1c053df5fed828226f18b22323f
+	C = 3aa28540cc205ec80d9c4d428cfb504017a70183cbacb574628be47c6ce6458472aafb80201074bbe82929ba965dbb63e8fa7174ba6c20
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 3f8625833f7cb7f17e0063fe6ce94639
+Nonce = 37ade6e5e06d90d7
+PersonalizationString = f7ff05d21829c34dd4aedf29ef64d13c
+** INSTANTIATE:
+	V = 18b4c72ee74946b39dd1c0cad0490fef06d889fe13d069e37405f086ff93d78c7dc325184d88edc605b7f87ae94111295043fac484838c
+	C = 6293a47fce3e53954f28f95a65a23844572adc85393139a9ae40ea24b2c306a12b092513925a9ce5bcba220642f275749b81d9930d8586
+	reseed counter = 1
+EntropyInputReseed = 3e4bcb401a589d8f07a05cdeab2b6a08
+AdditionalInputReseed = 
+** RESEED:
+	V = 65b3ce92196ab7a6899abe7bdf480ba85140e6024ca2d3cdbdd7b39b51109c968a73bee152d0517a2789f3e718c8859b88d616cb18e911
+	C = 6868c7d29be054b1d2231029d405f719bcf9922f7f4ad922e1c81cfe84c972d65ab1b4188df95d7f8af2962c07d142cf7352c0bb89740e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ce1c9664b54b0c585bbdcea5b34e02c20e3a7831cbedacf09f9fd099d5da0f6ce5257327d184ab72ead36dc57b6e978f436c75cc302844
+	C = 6868c7d29be054b1d2231029d405f719bcf9922f7f4ad922e1c81cfe84c972d65ab1b4188df95d7f8af2962c07d142cf7352c0bb89740e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e26c14a2b7a96b591ae8a0142895afad2493a1ddbf971eeafcbc20886d7fceb1afc69ddfefe061432fd5d2ef58597b05de7a7ed14921496d1509fef47297e6ecb33a39c1dcc4902b2347f5d425b79e1a
+** GENERATE (SECOND CALL):
+	V = 36855e37512b610a2de0decf8753f9dbcb340a614b3886138167ed985aa382433fd7279319c8d178fa3caa32362d39a0d8cce6fee02a61
+	C = 6868c7d29be054b1d2231029d405f719bcf9922f7f4ad922e1c81cfe84c972d65ab1b4188df95d7f8af2962c07d142cf7352c0bb89740e
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = ca073f096d4c8967ba8c9a48f221e496
+Nonce = b0c23feac9d76958
+PersonalizationString = ff0decb66bd0911900c5955cd6d2c3bb
+** INSTANTIATE:
+	V = e5a37c55d2e6a10d6c83d6c24981b18807881af1becc39bb55faa8c7d3716679aa5954697e64779a273135255894d515a7fb8f36eb7226
+	C = 711f2403ea326bfb19f9c89fa0f036869340c07a858a534fa8fdf030189a419b793bacfa5474abb0a9dcd0160a7bc094a86a5d62caa2c0
+	reseed counter = 1
+EntropyInputReseed = b6cfbef368ffd2052e0407a18d45b8bb
+AdditionalInputReseed = 
+** RESEED:
+	V = 4036e8e7bdd89585b58ef2ffceaecadd5ab4fb5b1104b1b09776721a49d3b59e24d2a62fe9289e17696b9c6977e50e65fb51f7c38c7609
+	C = ad50b71e26569ad9ce5a3e5bbbe9b348df3198f9bedc8fc23bc1b6568342b4da9ffbb1bda41d2eedc0c1a02675925c238e0b877e164b14
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ed87a005e42f305f83e9315b8a987e2639e69454cfe14172d3382870cd166a78c4ce584e8ebe4ffb3ad424ec04c166fce86cbe56954b93
+	C = ad50b71e26569ad9ce5a3e5bbbe9b348df3198f9bedc8fc23bc1b6568342b4da9ffbb1bda41d2eedc0c1a02675925c238e0b877e164b14
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 264b9336d0d145ee701a758f540100d6a46d98c74da9ab96c27cc378c5f0b24a3a458ffcd1f1f71820101c80fb0c9763baeda916916f90fca2340bbbf7025f373f2ac850cd425adacedf5075ef686e98
+** GENERATE (SECOND CALL):
+	V = 9ad857240a85cb3952436fb74682316f19182d4e8ebdd1350ef9dec750591f5364ca0aa496e67e30b2d61a0bf07f0eb22e9e06c1eb80f1
+	C = ad50b71e26569ad9ce5a3e5bbbe9b348df3198f9bedc8fc23bc1b6568342b4da9ffbb1bda41d2eedc0c1a02675925c238e0b877e164b14
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 8121d2994b195cfb5eac2ec874bc53cf
+Nonce = 53df56cba1f434a5
+PersonalizationString = 716934494672c28f9fd4f84705f9042f
+** INSTANTIATE:
+	V = 6c5c1cd6145e253899e78410d0351f49edc388bc33084b6d66dbed1f752c6200c7166e0690f0c4cffabe66044a87dc96a8abaeb0b3b8c3
+	C = 9d7b88707fb6b015c8feefedb2977f2a790cba74fa2bd2f28e4ff4d6a08b165ac9bcafcd5eb6cdf2a9d75dcae5e37b80c5128016d2cefa
+	reseed counter = 1
+EntropyInputReseed = d02f560a9e4dc443867258f0b1162709
+AdditionalInputReseed = 
+** RESEED:
+	V = eb59f6f806b92d865804651eb2e1815b282d0aa419b91a1d8e9aa425c26dcefbbc6f07aee66b88ea039629eba40cba319993c7bb4043a5
+	C = 4443e8e5d2af09fc11ed64d43883c5e220a756c0f445b0cabdb1471bc86a3f7e963fc5b89ca5f677ada205657041c0259a62ac892da71e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2f9ddfddd968378269f1c9f2eb65473d48d461650dfecae84c4beb418ad80e7a52aecdca41c2a5b4a16686c236d14a4acd69aebbe68bba
+	C = 4443e8e5d2af09fc11ed64d43883c5e220a756c0f445b0cabdb1471bc86a3f7e963fc5b89ca5f677ada205657041c0259a62ac892da71e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4a0b38464547496663d65f4c851d63aba9c129b2d95163a97e2936e3572293ee62d6d9561de771d4c70fa68ada2c775a09e9622085d47fd80e9f9b42650bef38ad0f2c35d3b83c754c56e9fb8adcc150
+** GENERATE (SECOND CALL):
+	V = 73e1c8c3ac17417e7bdf2ec723e90d1f697bb82602447bb309fd325d53424df8e8ee94419b7d73ed98defadf387c1ee7c2176e0843d0f3
+	C = 4443e8e5d2af09fc11ed64d43883c5e220a756c0f445b0cabdb1471bc86a3f7e963fc5b89ca5f677ada205657041c0259a62ac892da71e
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 02a78e54bcd53dcf7c013d076eb4a354
+Nonce = b95e9c2800b59dd1
+PersonalizationString = f554a18f92d3442f60996556677d12f0
+** INSTANTIATE:
+	V = 241813aef7f0484c1339106e4f2f49f2b18b17ee8fa882bc09d710dd359dc3939300823f200cffb4ad0ce6924eff6f3a19df4f1eed9a6d
+	C = 1ece3be086b46e51212adaf71de88582fc8cdc6cd752bffd5c8f41011a459eb53603bb9219238ee2a74522dd48374d859d51fca02b7d74
+	reseed counter = 1
+EntropyInputReseed = 568faebbe953c09bb97acb5ec053df6a
+AdditionalInputReseed = 
+** RESEED:
+	V = 958949e7c54c4b637c5c4bb7807f36fb142bef6a9116000c08e412fa607a8d794cd03f6141e8e552e9eb0c4998a910c618f489d4bb8b75
+	C = 3659ab47f55ac7d5a4bd0960d88e2ddeb0c24932f660e76b1aafe88e9d4b41bd0d66e755264fa2c3fae39d26a5b7b86a35714fe6e40834
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cbe2f52fbaa7133921195518590d64d9c4ee389d8776e7772393fb88fdc5cf365a3727736e63e4647365b61411ad21445c055dbdaa70c9
+	C = 3659ab47f55ac7d5a4bd0960d88e2ddeb0c24932f660e76b1aafe88e9d4b41bd0d66e755264fa2c3fae39d26a5b7b86a35714fe6e40834
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5bf26195fdc47d3e3354c1e9f51fd366362b4c4dc1f0c31e729b8c465055182777cab99a9433d56d23f28ead9d77ef70d1311a62861fc37bcb9a00c9c84893a2b32b2eef7765270d6e58809ef2ef7ad5
+** GENERATE (SECOND CALL):
+	V = 023ca077b001db0ec5d65e79319b92b875b081d07dd7cee23e43e4179b1110f3679e0f16fba3a06db9b702db3901912030aeba2b29c08c
+	C = 3659ab47f55ac7d5a4bd0960d88e2ddeb0c24932f660e76b1aafe88e9d4b41bd0d66e755264fa2c3fae39d26a5b7b86a35714fe6e40834
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = cf2b0f84765134c208863a0900b86036
+Nonce = 323aa749772b6e55
+PersonalizationString = e17eff4edc0c2e38b71ac2205c57d444
+** INSTANTIATE:
+	V = 127c38ed203a72e355fa3e2b80638e2301687574c6f25c0285a7b8dff2ee340786a6f3215ce84cf0b3ec553788de9b481bac2b51b3ecc9
+	C = d9caa7681082aace2d86bfd33dfe6d63fcc6fccb89202dd78a00c3b5d81b35079ab2f8d30ce3a868baba43e180f26cc3654a1b8020d9c1
+	reseed counter = 1
+EntropyInputReseed = 22efe699121d37e16d2c0071c340de48
+AdditionalInputReseed = 
+** RESEED:
+	V = e0b402c6f222db5d6def2a6f7d121dad895d6dfa3ad5931591916f34cd2744c89e783ba69787730c65b75844616508533a031bfbee01eb
+	C = c2d75052cfb154aae352e23fd2e847945a28c35ba247ac099a49b4a2e73a434190f23c532eff4de4ad172ba8bcd5467c50b0ef3285feaf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a38b5319c1d4300851420caf4ffa6541e3863155dd1d3f1f2bdb23d7b461880a2f6a78de36cb3a108674d80fc5882c3f9553984017d9ab
+	C = c2d75052cfb154aae352e23fd2e847945a28c35ba247ac099a49b4a2e73a434190f23c532eff4de4ad172ba8bcd5467c50b0ef3285feaf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d4b6d25416a481b5baaa28ddafe6762963444ef1307604bf64fe6062bf08a32794ee88cc29cdba246f3b60e022b1242a1c2813c1006e04a744eb61de167b4bf4167e027d2e63d550e11551d20b546484
+** GENERATE (SECOND CALL):
+	V = 6662a36c918584b33494eeef22e2acd63daef4b17f64eb28c624d87a9b9bcb4bc05cb566dd8676fe4a4cea0998b1b69ea08e9c5375c5c0
+	C = c2d75052cfb154aae352e23fd2e847945a28c35ba247ac099a49b4a2e73a434190f23c532eff4de4ad172ba8bcd5467c50b0ef3285feaf
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = b0d4e9594ad3c2d4f9a0834f97dc0c87
+Nonce = 61dd2290d758599b
+PersonalizationString = 99a3b1ab550f89a4d453017db87a7dd5
+** INSTANTIATE:
+	V = 57bccf38ce27637633784895ed8e875b0b54199f62b96eb39891bfb87ee9458390fc16caa8e43bcb0d69707017256acf8712dff77ff1a5
+	C = 6b1b8df2cf4424a68c4367a5ff913162017e481359099cf19af730438073a611f014f9ec8122958b7ef53cdcc355ee2aeb04319fdc8882
+	reseed counter = 1
+EntropyInputReseed = e209ecbfb7d675585c5820339936eb53
+AdditionalInputReseed = 
+** RESEED:
+	V = 3ce202119745ada062553187d490312b32411f15673fc60cf73336c8e14a9bef6837366d745e7696b846d3980d8b9091ea4fcec19c1c1d
+	C = 1054dbfce706edf636a75923b398d404d1c1c60c4dba2138039be8e6bfc5965fdd81bab49211203778f06cf0f96051d00a73575d8f6fc2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4d36de0e7e4c9b9698fc8aab882905300402e521b4f9e744facf1fafa110324f45b8f1ccd585385f6662da0407139434b0761dbf5baef3
+	C = 1054dbfce706edf636a75923b398d404d1c1c60c4dba2138039be8e6bfc5965fdd81bab49211203778f06cf0f96051d00a73575d8f6fc2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c7191dd8ea3ba521b96868ff9c629b56a9b6770edf4d05d3a42c6b48a5ab2d8720a0b409127b76ba6f94dc29f79380c5f7786233ffabf5086148b96668ad33c20e10b902f1e6e8ef9c68ab9e11acae6f
+** GENERATE (SECOND CALL):
+	V = 5d8bba0b6553898ccfa3e3cf3bc1d934d5c4ab2e02b4087cfe6b089660d5c8af233aad4e5e7336eee86f3534d9b987f438c0d297753f22
+	C = 1054dbfce706edf636a75923b398d404d1c1c60c4dba2138039be8e6bfc5965fdd81bab49211203778f06cf0f96051d00a73575d8f6fc2
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 5e598130075a84d0450c4905caa58a77
+Nonce = 693f75b70ed0cdf4
+PersonalizationString = 500302734b2d675fc4bc7a7a88fd2bfa
+** INSTANTIATE:
+	V = a988c904f7a51cd5ee75fca4479124564e644379bb74fdd8457e4c54b097c3d276ec3fe54f4190a8e89b2432c2faefa264d06c180b671f
+	C = 67fcac876b2a8c3df376350e4890112ac4bf7a23ca00823980087652ecb7409f90f37a0fa1f544bdc5bc2672a0ecc0685ab3512ecc752d
+	reseed counter = 1
+EntropyInputReseed = 5ea3d1bface140890f5a585c65f567f0
+AdditionalInputReseed = 
+** RESEED:
+	V = 46eb6d32a7ad522dba27cdb9e8d8cb93ae251c43e1b3f2482337d8c107ceb84c6a6fc99085c31943168850d7dd0554f58cb47546b4b2c9
+	C = da1ce9198389578ba3b08570f90656503bbaeb471ae0e87d44e850ec23af2d7aba8a35cc09a40bf131f06acf12fb11fabf724a3c3addf4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2108564c2b36a9b95dd8532ae1df21e3e9e0078afc94dac5682029ad2b7de5c724fa0013faca4ec969176148017f57cd78839974ab3a89
+	C = da1ce9198389578ba3b08570f90656503bbaeb471ae0e87d44e850ec23af2d7aba8a35cc09a40bf131f06acf12fb11fabf724a3c3addf4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 20fd7b34c3111d353aa413f665c8cf942da200001fa414b628cef5f8a70d04119281e9d582732629c63db323269ea9b65991b730238b4cc437797fc93a7646f6759e597378c7dd3fe563a9c9610aba34
+** GENERATE (SECOND CALL):
+	V = fb253f65aec001450188d89bdae57834259af2d21775c342ad087a994f2d1341df84362221209b2d6e4dd664a8ef43c8bded0ee1592666
+	C = da1ce9198389578ba3b08570f90656503bbaeb471ae0e87d44e850ec23af2d7aba8a35cc09a40bf131f06acf12fb11fabf724a3c3addf4
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 4fef062daebf0ad2197dc5aa40cb4400
+Nonce = 4a159ba31e74982a
+PersonalizationString = 144c90a8c1817e6445c43f054d149638
+** INSTANTIATE:
+	V = 056cfb6a5e09b8491f0e329fcf809642f790fbcc895972a01bcb6428f0ce2a7dec6594330fb48be914562b0dd1672090565ea69614ab1c
+	C = b335a0282e4d154db1a466023b87ffb04649ab08ea02a2ea28105495a4fd33f3a030bf64c6f832207953153756fdf5d3fb889d438c9915
+	reseed counter = 1
+EntropyInputReseed = 86e57f828f731c65b913465fcb935b7b
+AdditionalInputReseed = 
+** RESEED:
+	V = a06b785e9f8e1c28294cf0426b0038f4df954889463317c4a197045b0e400cc4378c5cee357785f8848509e23ba5fa50a3dc288c897a6f
+	C = e7dc9bdee3d20a49e8739917512e7ccad10ff965947aeebb6c33473fa579914dbed204904d6156bf4233e9b4e05bea2afdf9c307bb8d0e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8848143d8360267211c08959bc2eb5bfb0a541eedaae06800dca4b9ab3b99e11f65e61c8a48c642d058c2a6bfdfdb0439ce5a93af3f237
+	C = e7dc9bdee3d20a49e8739917512e7ccad10ff965947aeebb6c33473fa579914dbed204904d6156bf4233e9b4e05bea2afdf9c307bb8d0e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 82ba3a8aa70874892fddf4f230bcf37d81a9ffa1c8e8efd03d6e01bd99714c10955dea40f56cd62faa7980e27f6dce4e462d10453122fc5e161ffb190b765bbe333fc406b872d6386f94f4f088b47370
+** GENERATE (SECOND CALL):
+	V = 7024b01c673230bbfa3422710d5d328a81b53b546f28f53b79fd92da59332f5fb530670d033721e8c5d19cf15110a9e9591aed5bac8ecf
+	C = e7dc9bdee3d20a49e8739917512e7ccad10ff965947aeebb6c33473fa579914dbed204904d6156bf4233e9b4e05bea2afdf9c307bb8d0e
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 62c3b136316a4103f227e1bc0c4e8c60
+Nonce = bd532876bcc9e160
+PersonalizationString = 54946137295729db9c55d679ee2943c8
+** INSTANTIATE:
+	V = c2d4a5166e8f7db1536c65830d37cf59d501552c57aba6ade2cd46d6bcf918f90e7e52ee628462b8e4b6259a1d4e23622a2c9b6a2c11d1
+	C = 3a04dcf7ab010588f5d884b74f87d0ca8db4d3da0f63a7425980c520ce2787eab57ab35599d19e1ad5efea11c75f71ff9e7d05c979e600
+	reseed counter = 1
+EntropyInputReseed = 89679b3d7cfedf094b238db1196fee9d
+AdditionalInputReseed = 
+** RESEED:
+	V = a370df85d3a122ae6079c3d29598d2788d42c566a5bda95afefc80ee363410701039658e900494aae782a5373d09d26b7434693195d419
+	C = 8a623b16681627d18bfc09887541748e0cdc1062b6968f7f3a3fb73817e21832548031fe31e9974ef14649603d737a13a7c0ff33bb1490
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2dd31a9c3bb74a7fec75cd5b0ada47069a1ed5c95c5438da393c38264e1628a264b99797cc726cf42c92afefefe487fb59642f80490904
+	C = 8a623b16681627d18bfc09887541748e0cdc1062b6968f7f3a3fb73817e21832548031fe31e9974ef14649603d737a13a7c0ff33bb1490
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f40f908ebff3164a1a1314bd5c2415f9a4dc375063dc88367b60b23c3957e63275df5a22cb266253670076c3ce908c0dec248f06017a750ed054f9e1f74139c210cf62474d3726148900722b577f55ff
+** GENERATE (SECOND CALL):
+	V = b83555b2a3cd72517871d6e3801bbb94a6fae62c12eac859737bef5e65f840d4b939c9b9bfb84978708f453a96a16dfe19da2f6eb54f32
+	C = 8a623b16681627d18bfc09887541748e0cdc1062b6968f7f3a3fb73817e21832548031fe31e9974ef14649603d737a13a7c0ff33bb1490
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 5ef8d09f83a76c5ab43bfa1d2436da63
+Nonce = 50cc2d2d992ef6a9
+PersonalizationString = 98dd20822519e9e618eb924b26b351fb
+** INSTANTIATE:
+	V = 3bc705a21b25e9b1043bd00c128d37542f3ce22d015203a06e190d54da076416685668b5c13312642a177f8854c104da199298196601a0
+	C = 939e747abbfedd791a6e1adab5964bcfa661d5eb83564c8f11463369f6d0ff23e9f840b86d277fbb84117b1e5a883c6ab2da81b1beaddd
+	reseed counter = 1
+EntropyInputReseed = a28341d1eeb8db33549d635d2bc6177a
+AdditionalInputReseed = 
+** RESEED:
+	V = 34e64b63d7d1d66bb22f17a069c004eb143022a16b97eb78541fe2ef479b7b3396e6a02ae2e9f3de7104dd0c16879f546b8893201ed21d
+	C = 4db52855455128d99893959587fb30eb60d45929776101f817d4fc1e062bcdf9e44eead1b796057705345544cb3f0065aca0b73873e34c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 829b73b91d22ff454ac2ad35f1bb35d675047bcae2f8ed706bf4df0d4dc7492d7b358b1e6248d1132c84c9683fa5ab5e1fe94eda887a08
+	C = 4db52855455128d99893959587fb30eb60d45929776101f817d4fc1e062bcdf9e44eead1b796057705345544cb3f0065aca0b73873e34c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b4de82ef6dbce35ad27b7e672cbc43c408713709f2e0fdc9c73dc292f80ba9de12ac886ace37e77379fded3a0172b7c4d14e1f8d3b968c8765dadfc0fb6e96796074fe1af779add7a0c1ba9c9d101603
+** GENERATE (SECOND CALL):
+	V = d0509c0e6274281ee35642cb79b666c1d5d8d4f45a59ef6883c9db2b53f317275f8476699907aee7e73bbc2f0fd5a65f36fb68ae9d4267
+	C = 4db52855455128d99893959587fb30eb60d45929776101f817d4fc1e062bcdf9e44eead1b796057705345544cb3f0065aca0b73873e34c
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 044cf841aa9b8fd8f374fb0c012d0f6d
+Nonce = c7357de427c551f2
+PersonalizationString = acab89233b7161a6ac70cb64d829e306
+** INSTANTIATE:
+	V = 65e9bb31f2e881b874b64123b56c59d818b0221211c7725b945babf7325abf6bc8f6c9c416ae398c0927e06336544a1101305278cfa8f5
+	C = 63703170869c764f9802652da2fcd8d6ecc23e02e6c5e840da5f3494d3dd1edd68aa9740b08c5a08b9b72d391d2d71869dcead22489de6
+	reseed counter = 1
+EntropyInputReseed = 25215fa0ede363afc913036216409d71
+AdditionalInputReseed = 
+** RESEED:
+	V = 91c91a0d61ef1bb06339547277f427fcc68dd06a81febe455f5ed460eb7c7114487d7581bfde7b7a011424ebd8c20210d6ef00932df42b
+	C = 69162d77dc8a25cbbf1fe1abd23df64f58e79819027fa754ed83d2e5633d73af3e39e0d14af41f8497d0e5c9af6427efe5ed3b1ed7be80
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fadf47853e79417c2259361e4a321e4c1f756883847e659a4ce2a7464eb9e4c386b75690c8518d8c48df4821663cf736039a085b816078
+	C = 69162d77dc8a25cbbf1fe1abd23df64f58e79819027fa754ed83d2e5633d73af3e39e0d14af41f8497d0e5c9af6427efe5ed3b1ed7be80
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ea7d73534e64cb88b7bf29623e64c9e62554872d8bef824e5d6ccee8603670385b0a01bfeb6ee485c1c6f7e54ab2cf9e5332f5d8cd290421ce2fa94c06c88dd4d39b0f789de12740b666ae65a8731932
+** GENERATE (SECOND CALL):
+	V = 63f574fd1b036747e17917ca1c70149b785d009c86fe0cef3a667a2bb1f75872c4f1378841881ba5843b895ba2154c22ee14bde997793d
+	C = 69162d77dc8a25cbbf1fe1abd23df64f58e79819027fa754ed83d2e5633d73af3e39e0d14af41f8497d0e5c9af6427efe5ed3b1ed7be80
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 2158d6bdf151fa9df205069891b2d6b6
+Nonce = 646bf06220262ba2
+PersonalizationString = 3d2fff3d59cd5cc2b52a8f31670753c2
+** INSTANTIATE:
+	V = 3cb7f66948473c0a1eed0d0c2d3195ae76db10a96ed7ad2de380769be7a228531b9c9c2ed3061b5620fb1f27cddcb3bc3e161fca5ea0ba
+	C = 4b6b24ac45c66e4e941cdae7a42fcc922f729c4b5e3b4c12f65f7fbe38c15c57a555092295861caef254de78e9b97b00ae0ed27b5b0239
+	reseed counter = 1
+EntropyInputReseed = b8a40877df591b965a779e81e751f1de
+AdditionalInputReseed = 
+** RESEED:
+	V = 441bcc2deb64a2074697e737a6bef9af0792cd6f0f426d3dc571e37d21af79c357cd005319f5c83b7bf4613cc9c0372ebb98119a8c959e
+	C = 82d4f382a64f6d34c2e4217200819d38b8ae46b8c290d5954ea14489136950330f0c36d4fee67c48124c108d94fcf3ea85dbd9c3fd4f32
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c6f0bfb091b40f3c097c08a9a74096e7c0411427d1d342d3141328063518c9f666d9373e28d4e7449b8b4d183c847e69a0939ea91d48fd
+	C = 82d4f382a64f6d34c2e4217200819d38b8ae46b8c290d5954ea14489136950330f0c36d4fee67c48124c108d94fcf3ea85dbd9c3fd4f32
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e5d986a290eeb32c280152bdf3861d7241a01fb32648deb903c1c36a9e435fa0991ae2634c1e1417785639117fc04f1c54dd4adb5363d604aca988ffa4170fd982cb00c7628543870a5a292b85e1db7a
+** GENERATE (SECOND CALL):
+	V = 49c5b33338037c70cc602a1ba7c2342078ef5ae09464186862b46c8f48821a2975e56ee7dab8b38d3094763dbb963a200cf18ea110a242
+	C = 82d4f382a64f6d34c2e4217200819d38b8ae46b8c290d5954ea14489136950330f0c36d4fee67c48124c108d94fcf3ea85dbd9c3fd4f32
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 603e445ce636774e37bf3bd4413401ee
+Nonce = 68d5c44042179131
+PersonalizationString = 841726f2f9d58551f37ebfc61efc5ba1
+** INSTANTIATE:
+	V = 38aa0deb085608bcc619a4da0aef01f2b144c295876a60753cee5d3c52f6963b539b684098432a1903e2799e04fb171ed435461a608d6a
+	C = f0285b0f6170740c845f594efb4492a21ebcd3637f037983c10904d4be2e6c363b0ab553334d8e5ac492de5fec35f23eb6bc16243b9666
+	reseed counter = 1
+EntropyInputReseed = d02d8bac9eb951e3418d72187013daf0
+AdditionalInputReseed = 
+** RESEED:
+	V = e3044c91d3831f806a3fafab61a19ae1e4e1ab0f5d593b54642ffcf2f239222f631fde81f40868b9933d15e7609d4a9c25f340f546ec6a
+	C = 6bb20e78c3b66b0753d3b330b30cae66712915c97e478b61a5dec229111a4785d29f5b21ae81cfcd580be59fa28332c1f7141b1c3a6bd9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4eb65b0a97398a87be1362dc14ae4948560ac0d8dba0c6b60a0ebf1c035369b535bf39a3f28ac802853aaeac892f3b864f1a433f21eeb9
+	C = 6bb20e78c3b66b0753d3b330b30cae66712915c97e478b61a5dec229111a4785d29f5b21ae81cfcd580be59fa28332c1f7141b1c3a6bd9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b37e2556ec9bb5c5c88625e5194dc153e61529c8d921f8b271135e67e17e2ed6e2de06f96c13a85fed55dd222e936cb004a82e51eff61af061050cb1d13cde85eadcb36cd56214894c11156971911930
+** GENERATE (SECOND CALL):
+	V = ba6869835aeff58f11e7160cc7baf7aec733d6a259e85217afed8145146db13b085e9516217b6ae390b736456644f0712072721cb9f8a6
+	C = 6bb20e78c3b66b0753d3b330b30cae66712915c97e478b61a5dec229111a4785d29f5b21ae81cfcd580be59fa28332c1f7141b1c3a6bd9
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 8e139aa3dd78e3bdb29e16c901cfafaf
+Nonce = 6a4219d0700a18bd
+PersonalizationString = fdf01740d04026faceda82c1040151de
+** INSTANTIATE:
+	V = 7f2f88714fd34129f91d5ea4bc3c724c438d0fc17aae416946be1ae3cff3c97318e051c6f99ea444dccd7ca9997c15c9560f1868ddc565
+	C = 1b432e46fcb65035f3a6fa97750dcdfb219d1f3105d65ff72b35c19569d9816891a025f5014e22326a8280cde097962ac2521ced6634c0
+	reseed counter = 1
+EntropyInputReseed = 449ffeaf53b721f317857481894b0c1f
+AdditionalInputReseed = 
+** RESEED:
+	V = f2a8ebf1aabf773e841bf77a5925df025c81c0fce7b975f4d43d252409aa8f0c36c7390dd8a20f1b5841fe32d43b010444f7b7ad394227
+	C = d1572d1a6cbcaaf1391c3755c2d06f1b557a6650cd378c793c151642a7603165b416b5afc26d5e24957fff056cb78976d9eba680c3053f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c400190c177c222fbd382ed01bf64e1db1fc274db4f1026e10523b66b10ac071eaddef4e84cf3a081fcff5ce86776d4c5c9823da44861c
+	C = d1572d1a6cbcaaf1391c3755c2d06f1b557a6650cd378c793c151642a7603165b416b5afc26d5e24957fff056cb78976d9eba680c3053f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1a7c59b5bae29a4a0e2209d32892542b50b7712aaa1470b1201389030eb6be6c9b8bcf428ec1a57f774737fb5a2642f8e803c2ca2382fc46a1caae8b709f8dffda515be8e73701bd26fe05aa7ae5b8c6
+** GENERATE (SECOND CALL):
+	V = 955746268438cd20f6546625dec6bd3907768d9e82288ee74c6751a9586af1d79ef4a57f1589df24f6d14dc30e4ffa011fac147008d1ea
+	C = d1572d1a6cbcaaf1391c3755c2d06f1b557a6650cd378c793c151642a7603165b416b5afc26d5e24957fff056cb78976d9eba680c3053f
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = c55aa2c782cfe7c83cb297b33a1260b7
+Nonce = 0b07e7c5f53d619f
+PersonalizationString = ed906bc42d34327cbcd6d591e92ad5ac
+** INSTANTIATE:
+	V = 0b1eaae76c03c0e4d6e5a2c8a04ca5709db0f8c5ca0f262cb120068c07677d092a5c25f6e01c8ad038f7d0f791771bd5bacfcc5a3ff789
+	C = 3ad962884dca457906dff087f195a5dfa679c943c3f39246f21d8cf19bcdf25025cede7ec8b3d4d3b30c5bb0fcb1cd1cf726ae02e451a3
+	reseed counter = 1
+EntropyInputReseed = 8818a22d80014520becc74ea1c7cd93a
+AdditionalInputReseed = 
+** RESEED:
+	V = 3048c82d8f6ddafd3e28a1203a95a95b37ad4e1afc5e358718e9c54a2b9d2bba6343a83c060c408c9323f713e2b95a8f963fb4f83d5dce
+	C = daecd06ccc4cc3a831f34738f0b178d73ce3382f8218d838723d6b73bddfdf2002aedfbd74976c6fb81716221085cf6dd10b6d69130a02
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0b35989a5bba9ea5701be8592b4722327490864a7e770dbf8b2730bde97d0ada65f288396529aa2df7eaae4e84138be444c113c653898c
+	C = daecd06ccc4cc3a831f34738f0b178d73ce3382f8218d838723d6b73bddfdf2002aedfbd74976c6fb81716221085cf6dd10b6d69130a02
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bfd9f23832a9d3e1ca4224a43b818d406795275b88c27654130d7bc09614380559662339fa46319614a89f720678a86987d82de2120d27c2e7c4bd75b2b6bd52741c4d5ec01255f4e118af65b7f69b2e
+** GENERATE (SECOND CALL):
+	V = e62269072807624da20f2f921bf89b09b173be7a008fe5f7fd649c31a75ce9fa68a168015f10dbbf9de7858a320934269bab77f34e1854
+	C = daecd06ccc4cc3a831f34738f0b178d73ce3382f8218d838723d6b73bddfdf2002aedfbd74976c6fb81716221085cf6dd10b6d69130a02
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 48898635eca886f80938f110bf835002
+Nonce = 25c6b62601b707b2
+PersonalizationString = 8db57639694c2ae7b0d37bf3d9f000bc
+** INSTANTIATE:
+	V = 5329b82ce08b5f801b52f7e4687836a027aa7d326266ebbac1d6c3650fbd16f3d263324869e4ae18c5ca2747363d4d806e9cc706bc2ed3
+	C = 1375d0cce47cd48dcecffe0e5a03f1684e751423e2266c412240ada798ee777b745674b25145dfb90b81a7a2f9b8c6b8fa925fc23ab9b2
+	reseed counter = 1
+EntropyInputReseed = 6594ab4c802e7985df96379902211f60
+AdditionalInputReseed = 222baba152c124cdbfa44c3a5bd24be5
+** RESEED:
+	V = 3cd255c76e015e4203f28a270bf336684f23d8ac84a0ae2b3b71f298e11883e41a3470fe3854458e81a14e7562a01506f2effa519ca9df
+	C = 8148d3c8f153325279150adf4b15a7eeeae84707a78a72d3bae0cde91e698fdf1b58b7c8c76bfe8a5e7e2b230250d12b17a4bcb6b5bf53
+	reseed counter = 1
+AdditionalInput = f5e1f0add419b2ab6a02f2c87a2abc2b
+** GENERATE (FIRST CALL):
+	V = be1b29905f5490947d0795065708de573a0c1fb42c2b20fef652c081ff8213c3358d2a00871aeb0e992da58fe1f009e4560ad745ae9735
+	C = 8148d3c8f153325279150adf4b15a7eeeae84707a78a72d3bae0cde91e698fdf1b58b7c8c76bfe8a5e7e2b230250d12b17a4bcb6b5bf53
+	reseed counter = 2
+AdditionalInput = 13847401ae1485728b3e8d911abbd8b7
+ReturnedBits = fa65319b8be1fed064d380b2c091c08c71d7edd0f521701f41a1fa6fc6e37ffd60946d12e1b957059c49e2219dcd48ec7ab6ab5a324dc65370c1e08664f2dcc45bac4799ce00ed2f2d3bc882b5afabbd
+** GENERATE (SECOND CALL):
+	V = 3f63fd5950a7c2e6f61c9fe5a21e864624f466bbd3b593d2b1338e6b1deba3a250e5e2c0ece48124bd21c423b2c1c942481124f590d2ec
+	C = 8148d3c8f153325279150adf4b15a7eeeae84707a78a72d3bae0cde91e698fdf1b58b7c8c76bfe8a5e7e2b230250d12b17a4bcb6b5bf53
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 8a8fb0b8531fe230494b9297ca027267
+Nonce = 75093bc8f3c9045d
+PersonalizationString = 60e3cc61d51398001bc598a602d3d458
+** INSTANTIATE:
+	V = e1ee2cc265b91dac954fe46764dca0e1035b5ac57a6af12b572515a71c436d4c8522a23d3b5e091dbf6240536b1d640dc36872565eff7e
+	C = 6af82df117e28c4e1c132c276e2b214d509ba55ef24686d443331e9239beb2e57aed2c004d0c87ca084a348fa654ac0c06ba211fc5a154
+	reseed counter = 1
+EntropyInputReseed = 24fd21da156880c98788a8941c0e37d3
+AdditionalInputReseed = 6282da4d541e504a19de4b6a56701f92
+** RESEED:
+	V = e391e1e4264ec7b02e0991cd77bdfd1c4fb919a296e5c5a46aaf50fadaff21b044af83cfba105ac3bc2c0996094f0bad88b1eb1ed5eda2
+	C = fef0993c37eaf831f167abef2822bf581b0fb5fe54bd122e0fee5201dc678566d492ec8d33eb66daf66d8592ae6d8f36192f57c75dcdeb
+	reseed counter = 1
+AdditionalInput = 235db96fa7033e8193e79b225a43377d
+** GENERATE (FIRST CALL):
+	V = e2827b205e39bfe21f713dbc9fe0bc746ac8cfa0eba2d7d27a9da2fcb766a717194271528a586489a716347f59c923eafcb030b40997ba
+	C = fef0993c37eaf831f167abef2822bf581b0fb5fe54bd122e0fee5201dc678566d492ec8d33eb66daf66d8592ae6d8f36192f57c75dcdeb
+	reseed counter = 2
+AdditionalInput = fa711b08f37d7e8cee53b552e62e775d
+ReturnedBits = e99f10d15c3d4b088998348c8846147df9bea027777e4bfd0f38357bca095357eeed0460cdc955ef339470218716afa8050e8751c77981a14bb2fdc03e7c02d92fb9714bcb4d9142ae6116fdaa20f11f
+** GENERATE (SECOND CALL):
+	V = e173145c9624b81410d8e9abc8037bcc85d8859f405fea008a8bf4fe93ce2c7dedd55ef0713ed9065b86a11ca2bd8f450fdb812546ec05
+	C = fef0993c37eaf831f167abef2822bf581b0fb5fe54bd122e0fee5201dc678566d492ec8d33eb66daf66d8592ae6d8f36192f57c75dcdeb
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 14f5755be88184bd538b3f6b7898f442
+Nonce = bb35645851a74f7c
+PersonalizationString = 9d997e4d3d5a041161657e445c468a60
+** INSTANTIATE:
+	V = 7c99c66359e14ae7619dfd8b8d783d7a7c9c971b8586d94816eec864ba3fdfcc3f6cb03e666f743a59cad25a897eccccde9b0e91ec9377
+	C = c785cf7673b83060a6d60595b0a8d60f2f236c2b34ae61d612da31e59fbbf4fd8ac59121d6d7cbc548cd9e5f1b16b4168a44e14de9c1d6
+	reseed counter = 1
+EntropyInputReseed = a8fe8d500b797186b969c7345ea0f2e6
+AdditionalInputReseed = ab1db0fd9eea8858c09537d0140691db
+** RESEED:
+	V = 454a0560c3fe7c1723e81a5cf2bbd35b0f6f53999f7f4549819b7e6a8817c61cb16abdf9c1d7d3a97d5f863aecb34a6a26a4ac3d026123
+	C = a9d3184755bb07afbabef26bbb540568e9624c742c62abf9dd7e58d44781f1f898debd36e506923635d900f1be70b601953494ac22e82e
+	reseed counter = 1
+AdditionalInput = 77066352cf8597d8106bcf5157de8036
+** GENERATE (FIRST CALL):
+	V = ef1d1da819b983c6dea70cc8ae0fd8c3f8d1a00dcbe1f1435f19d73ecf99b8154a497be84e0835e4f33c3b3304900efcd81658c794636b
+	C = a9d3184755bb07afbabef26bbb540568e9624c742c62abf9dd7e58d44781f1f898debd36e506923635d900f1be70b601953494ac22e82e
+	reseed counter = 2
+AdditionalInput = 49f11401b16dc94db884e9c65dba5586
+ReturnedBits = 5c7621c1b8bb2e3beee126eeb68026c20abf7f267f230beb9feee62a671310e1e36d589885a62e509910dbc4051b4e634e63cc41527393c617e922a81d5433fea8d5702eb9b38e53ce4dca7f7dcef20f
+** GENERATE (SECOND CALL):
+	V = 98f035ef6f748b769965ff346963de2ce233ec81f8449d3d3c983013171baa0de3283a4d016ab26d1aa5078be95cb94504bfbe8ae0f249
+	C = a9d3184755bb07afbabef26bbb540568e9624c742c62abf9dd7e58d44781f1f898debd36e506923635d900f1be70b601953494ac22e82e
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = bebed27795c631bfd0ae8e4938c219e6
+Nonce = 4a31a211e3ad38bd
+PersonalizationString = 88d341d4370d7bcfed187100c002dc22
+** INSTANTIATE:
+	V = 01083ec1af756ddd6dac8986ac26179867b10743001e722d9f037d251d9185c6f201bf233bfbce5572c48f74425ebd5e640bb11faf5db1
+	C = 3e37eb3741630e5da3075a5a741d0a53565494aa10fde60ced743eb008cd1eb2c6dc75de2cefe4d45ca3f27fc8e5b3ed6996ce4fd7472b
+	reseed counter = 1
+EntropyInputReseed = 17c207b74c63143c168749e044b1d836
+AdditionalInputReseed = 475e26fdd43eea8d0514be11acd8a897
+** RESEED:
+	V = d0806f057862e3159b99e890e1061ed07e2b22a3a92efb5471ea2b490deaaddbb93d68c0755f62efa2fbf2bf64984f62691074acb74ebf
+	C = f3a940663e9e785c661a555f85e48058030ba3d3d3bacbe30d2f4aa4b82dacff0e0318333d4298263d06aedf95a678f514f5573ec11898
+	reseed counter = 1
+AdditionalInput = e0d8c4c44cc006fc146eecd18545d0aa
+** GENERATE (FIRST CALL):
+	V = c429af6bb7015b7201b43df066ea9f288136c6777ce9c7377f1975edc6185adac740824c8310a8a5ba41719d120f029e18afb6d6f336cc
+	C = f3a940663e9e785c661a555f85e48058030ba3d3d3bacbe30d2f4aa4b82dacff0e0318333d4298263d06aedf95a678f514f5573ec11898
+	reseed counter = 2
+AdditionalInput = 8f1bbcc3a926a7910aa3b202df0fc58e
+ReturnedBits = 5b0ea97fc443160107abae7bff53fee0426cf8c8672e7e7906728a836b361237a2bcb2c9f87129bedb28f9f42d66f225b7a2f002f237ede2597a26be66fcb7c57fcfc8ecd77220058b1607ecf9df4f37
+** GENERATE (SECOND CALL):
+	V = b7d2efd1f59fd3ce67ce934feccf1f8084426a4b50a4931a8c48c0927e4607d9d5439b66623adae780dc1778e0982afb1e09656b1600b4
+	C = f3a940663e9e785c661a555f85e48058030ba3d3d3bacbe30d2f4aa4b82dacff0e0318333d4298263d06aedf95a678f514f5573ec11898
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = d2f699b9f2199590aaf3959b4e2ddc20
+Nonce = 9814e71749153c3e
+PersonalizationString = c447b14cfb743203a10689180a5235b2
+** INSTANTIATE:
+	V = 1e695cd7aba3df52341d895a80befaa2244ac5a1dba00d0c1770770db1c801b4d5d02b20921c5ce44089a23ff904a62f2c271827894c6d
+	C = 8b47234e4282ec6d808a10da3da88daed91d3023c73d4df9d30897a8aabc5dd2212e79a90e5b556ae362bbc2c058b44f0e5ee50bb47fc5
+	reseed counter = 1
+EntropyInputReseed = e8481785f2371353a182bdcf2b77f85d
+AdditionalInputReseed = cd527fd6be465840abba45b15494a57a
+** RESEED:
+	V = 0a97cdef5476992641a762393bca632c8341f7fadf6778e34548f167997d04511c0ff5a4189b7f0ca75733f061c6c5c25824ef7a44e8cc
+	C = b72b4d594805be1f90a8bebb42b35872299c899649420a6067f7293183e66a044d2ab612c7b442d1c97a26e761a87e3e02776233f85fcd
+	reseed counter = 1
+AdditionalInput = 01c663b3db0507acaa5d9abea60a91a1
+** GENERATE (FIRST CALL):
+	V = c1c31b489c7c5745d25020f47e7dbb9eacde819128a98343ad401a991d636e55693aace1139562a26f2695d1b79000ff07be922fd58c34
+	C = b72b4d594805be1f90a8bebb42b35872299c899649420a6067f7293183e66a044d2ab612c7b442d1c97a26e761a87e3e02776233f85fcd
+	reseed counter = 2
+AdditionalInput = 8a7f2c602d00d5c7dbf02dd6aac5b726
+ReturnedBits = a664b5d8d3f2eca171f985216ea27d58a97cbeb8b88bf32ce6e50562c9aa397f1a5c2684cfe3c43ce664c1d7069c2613fcf86ed6202741d6d13bee7700deaf142836e52ebdb1b901ba7900e973439301
+** GENERATE (SECOND CALL):
+	V = 78ee68a1e482156562f8dfafc1311410d67b0b2771eb8da4153743caa149d859b66563639c39badb87f6e9c2fb5b1fc7261c9d3c214e71
+	C = b72b4d594805be1f90a8bebb42b35872299c899649420a6067f7293183e66a044d2ab612c7b442d1c97a26e761a87e3e02776233f85fcd
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 52d503f78eec622d50083ce5ec6dcf9c
+Nonce = 117448163f9cd31b
+PersonalizationString = 1d82f11488e4143c288343a99bae8c68
+** INSTANTIATE:
+	V = 9ce44aa7f3c3db029ce8661cf8ea7c50444f7c79b3c94a1a63cf3d4655fde5f6971adf32a50b2710f9e75b4e6d78d41ca85ef62216caf1
+	C = f5639e17f13d7d751e8f5c9c1cebe6d200221f5e38b7aed67a3cfcb8663b9a0824ea84e4f7207164f28239cbdf84cb7ca6987abd3df0e7
+	reseed counter = 1
+EntropyInputReseed = 3e49c4fe82135e1b8b6a660e0480c1d7
+AdditionalInputReseed = f6a6b1af21bd8138e4ae43c88cab42da
+** RESEED:
+	V = 5fb03b14f8eafef23b025cb91c2bca26acb41a8e3afcda1f0cb5cff3264830d996a9bdbe4e2f0798f02569c291980b58dcff608905357b
+	C = 9aa65b7778985a6175f497e80872eecebe72a90e362b0d590b8f8a2c6705737673e959e62ac9313a9189148fa3cc958f53f683b371e8d2
+	reseed counter = 1
+AdditionalInput = 9324240d0f3fe446391db28aee33641a
+** GENERATE (FIRST CALL):
+	V = fa56968c71835953b0f6f4a1249eb8f56b26c39c7127e77818455a1f8d4da4500a9319067e6708b5ad86629e458d81b6bc4ba023725f69
+	C = 9aa65b7778985a6175f497e80872eecebe72a90e362b0d590b8f8a2c6705737673e959e62ac9313a9189148fa3cc958f53f683b371e8d2
+	reseed counter = 2
+AdditionalInput = 8ff0e3d609dcbb6a25dd7a8fb48465fd
+ReturnedBits = 200b784839f66e7ca10f4934b04ac5109de3fee41c5e34e049cb9f4285d2985d488738b128d14426ec0d1b639e65e1fa20ba4b3a4ccc015434d870a63c04c9dcfb4c46ead14b52fc4da328ef96cf8ebe
+** GENERATE (SECOND CALL):
+	V = 94fcf203ea1bb3b526eb8c892d11a7c429996caaa752f4d123d4e44bf45317c67e7c7322dcb3efc6904ebc9bd4a3f44c98e5f225b879f6
+	C = 9aa65b7778985a6175f497e80872eecebe72a90e362b0d590b8f8a2c6705737673e959e62ac9313a9189148fa3cc958f53f683b371e8d2
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 6a2e2570923cb127693904991ab03b04
+Nonce = 2cf4bdcf43572ef8
+PersonalizationString = 5eff53d2ce8a7fe9ed1fc0fab22a48b5
+** INSTANTIATE:
+	V = 37dd53ff6f03f5ae82f4329f8b6ea6af56ae7304bfa8d91ec21ee5bc12a6c8acf99e5d51fa29b03d8d1e3b324c5d47295101e4ffd9487c
+	C = a1d7f16dd22ab49510de663c268603e18400065f3c1030b77180dca75514b76143b3e5bcb70d7f1860a56299d4f562818b76c78959abca
+	reseed counter = 1
+EntropyInputReseed = 2bf78473636cb1da7e2816493fbf05ac
+AdditionalInputReseed = 125fa3bf7b30d4600bca768907045dcb
+** RESEED:
+	V = c70d7698fb3457dbf2ffaae90d6484e70ae064ba7d479e916b2be2294732a61020f11e3f6529db2724633f0cc4b9988c0d4ce358912a56
+	C = b15bd45e7c29ecab29aea0f5bed590a324189b55651b676140eb7d78873cc4a9c0434f5c596d998c828fbf726f5ce3bfd763c947f2e323
+	reseed counter = 1
+AdditionalInput = 50003ce709669da84b8ef2fb94de3577
+** GENERATE (FIRST CALL):
+	V = 78694af7775e44871cae4bdecc3a158a2ef9000fe26305f2ac175fa1ce6f6ab9e1346e751db1f7249fe19c213b98f32b4cd639f2df38c2
+	C = b15bd45e7c29ecab29aea0f5bed590a324189b55651b676140eb7d78873cc4a9c0434f5c596d998c828fbf726f5ce3bfd763c947f2e323
+	reseed counter = 2
+AdditionalInput = 92756c9c57e7c784264336dfc035d3b5
+ReturnedBits = ff9a28da0bcf184466b6668070cce1695cc6622610a1c7ad0918ce1fe69237edff7ab03ce19e74c5b4328d3770b8526c5db7ba7d0f6c00b89f4d72ac04c5d2453a381890927aa3833d7ab79aaf450922
+** GENERATE (SECOND CALL):
+	V = 29c51f55f3883132465cecd48b0fa62d53119b65477e6d53ed02dd1a55ac2f63a177be8e7ee3a27ce94f08b4260645481e6f190176f128
+	C = b15bd45e7c29ecab29aea0f5bed590a324189b55651b676140eb7d78873cc4a9c0434f5c596d998c828fbf726f5ce3bfd763c947f2e323
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 6f870a9bd731e5991a9c698de2ac3213
+Nonce = d56cdb8683b377df
+PersonalizationString = 329906dd03288c3f36a5f4d607f8e30b
+** INSTANTIATE:
+	V = ab377f14b5b304c84f2a05a749f1842de884e975c957dae331e1dc51f1ca2e29d154d2c2be190d1d907540c5154ef0d7d85cfa8c943f2f
+	C = 69d3471ce225ecafe4f80b514af591e457a91e77e3b79326e6df739b5732a8b121d64747a3640c777af0b6a175b194d38e0bd124530e5d
+	reseed counter = 1
+EntropyInputReseed = e943e2dd9af6f6b41b2c403ca6594130
+AdditionalInputReseed = fc39e1a2eb8c5cdbdef6a2b6a6385ce4
+** RESEED:
+	V = 1668358f098354a1e2da6bb6e3b62d6617e6099db96aa3aa61bb6db0f3e65eef80d4d63c43129e76058fbea915058ee0b1057dc8abde17
+	C = 33c9857ea2975896ea2b2e6bac755a914cf6f3fb72df0fbd2b2a306b7880dca55d475562579f6c55dd81a332f4268733be63e2708dc4fe
+	reseed counter = 1
+AdditionalInput = f75c53de9d8fbeda86b10f70ece2c36c
+** GENERATE (FIRST CALL):
+	V = 4a31bb0dac1aad38cd059a22902b87f764dcfd992c49b3678ce59e1c6c673b94de1c2c1b8064ade050131dc3724c91e1abd19ffc9a000b
+	C = 33c9857ea2975896ea2b2e6bac755a914cf6f3fb72df0fbd2b2a306b7880dca55d475562579f6c55dd81a332f4268733be63e2708dc4fe
+	reseed counter = 2
+AdditionalInput = 947a5d369ab9c6d637407adc050e77a2
+ReturnedBits = eaa24a29aa1a34a0cd2a1c1e14f83f2c5de503afa4d0a7a5dd924c0f7477ebb53e7c59bf911b4831b99fb3624698924dd94f33406d86b9eb7349a360c207bce292e3bc77fe9768f0bceb07025a7c9195
+** GENERATE (SECOND CALL):
+	V = 7dfb408c4eb205cfb730c88e3ca0e288b1d3f1949f28c324b80fce87e4e8183a3b63821e9f514bcbe39a139848a222696a33d57b41593c
+	C = 33c9857ea2975896ea2b2e6bac755a914cf6f3fb72df0fbd2b2a306b7880dca55d475562579f6c55dd81a332f4268733be63e2708dc4fe
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = add2f6f44e6a13af3e134e34b6704e80
+Nonce = 20c7a7a00dada26b
+PersonalizationString = 3b87a8db4fffd095cb0a3342c36d8330
+** INSTANTIATE:
+	V = 614ef7bd88666989c7fd7cd4874236e34dd51762d2b9e301441504021d429399748b92e2c2c107b88f6d54ed69050febdd971f6b724666
+	C = 86a66d45e8233b6ea706d27cc205e2146baeff9f3d00eb7e75694ea7a3e376b754b874c0b362263f01bf94e82cdeadab6eea527a88cc04
+	reseed counter = 1
+EntropyInputReseed = 5459d54ed8ebe837d88220cdadf7d9cc
+AdditionalInputReseed = eabe9ecfbc66fbaaa2728850c2fa9c40
+** RESEED:
+	V = ee3e7c27c4d6c8abdc0c1b3c961990c119f7b49ff7ffc3cc53779b69f9a2c9c52c9d7a952345d9ead56f86f6bc6722a4e773f082394cd3
+	C = b38b24f8f138e486347d3b61a8a2b4fd695648ce47b59cd4a166f63084af2965b3f8ad1ee985c815b9e6d52aec047ef5a2d32272c512cb
+	reseed counter = 1
+AdditionalInput = 79da3977c95589d0fff897307740bb91
+** GENERATE (FIRST CALL):
+	V = a1c9a120b60fad321089569e3ebc45be834dfd6e3fb560a0f4de919a7e51f32ae096286aa9895b7c4664570734b6c5a80dec657ade222f
+	C = b38b24f8f138e486347d3b61a8a2b4fd695648ce47b59cd4a166f63084af2965b3f8ad1ee985c815b9e6d52aec047ef5a2d32272c512cb
+	reseed counter = 2
+AdditionalInput = 086fbfafafd37430a24ecc13d087c711
+ReturnedBits = 183a6ec24a3d911684eff18ed8464c76f2b06bf1de44b085f2b57f0488635ff20ef60a5d2c565bf7671cf8c15487eb51cb15052497ea80058a71d18b33d3c8446800d19803defaacb7f9261b52ccbf13
+** GENERATE (SECOND CALL):
+	V = 5554c619a74891b8450691ffe75efabbeca4463c876afd75964587cb03011c90948ed6957ab206844230fef8165b7bf9892a86c82543b4
+	C = b38b24f8f138e486347d3b61a8a2b4fd695648ce47b59cd4a166f63084af2965b3f8ad1ee985c815b9e6d52aec047ef5a2d32272c512cb
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 25ae04cc6df4a774f4823597ea521fdd
+Nonce = 7923a3e3b1502a85
+PersonalizationString = 44ece259631ef1a7925da70640504e92
+** INSTANTIATE:
+	V = 87695a2bba8e4d473470ea7d1a94d86a5e940a905a4e994943a1e51e895dada666f08da36350804ec6d59fa9b7cca6bf4e20a38a12368a
+	C = 7dfdd255a802b8a1244875a34f1729a10e78b81c639bbd86afaa9ac86e9f979f700744e334d0ec6d87a5f63359a405cf51e862efca96c6
+	reseed counter = 1
+EntropyInputReseed = 700740b899f9a66b82be22ff1f7e42ee
+AdditionalInputReseed = 2aa16ccff42a4408ee6c901383081c88
+** RESEED:
+	V = a46badd4fce7457e792627c9cebe70fc1cafb46584bcd56863f84d5277e3751588a70ebd3c69185c41c543b74112bf7aba22209a8e7c18
+	C = e9b8f3f99d697bcb346d8d78dfa1e84efcf3d98fe9eb3e710420088cf3782b55884367f9cb413091257eacbf7d8d6344db5e4f6d2cf285
+	reseed counter = 1
+AdditionalInput = c80254c4c539aba8c7aeaa6ae31ef5f4
+** GENERATE (FIRST CALL):
+	V = 8e24a1ce9a50c149ad93b542ae60594b19a38df56ea813d9681855df6b5ba06b10ea7812bc895bdf2e5ea0f98bed4dc82aa079ec97875a
+	C = e9b8f3f99d697bcb346d8d78dfa1e84efcf3d98fe9eb3e710420088cf3782b55884367f9cb413091257eacbf7d8d6344db5e4f6d2cf285
+	reseed counter = 2
+AdditionalInput = 1069147d6bfb5891db7ffb70d4f8a537
+ReturnedBits = 3a6d68f2457aa7cf29922259cc71a5f6fa7e5a582f77ccb157da461675e116110ca2a71fc1f4ad5014a21d6e23b97ad768d16cae82509c61097429adc96ccc372daaf29fd09cae3194cf7a6058e9c7fd
+** GENERATE (SECOND CALL):
+	V = 77dd95c837ba3d14e20142bb8e02419a169767855893524a6c385e6c5ed3cbc0992de18fc619963b597f10e439139c870a1fd38b6bb196
+	C = e9b8f3f99d697bcb346d8d78dfa1e84efcf3d98fe9eb3e710420088cf3782b55884367f9cb413091257eacbf7d8d6344db5e4f6d2cf285
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 038ddeefacfe2756560ddaea4f37e9dc
+Nonce = df6d25a5dff97491
+PersonalizationString = 09089f0a6944235bb0074cca04049038
+** INSTANTIATE:
+	V = b0b0ceba78128de37d6fa91f615b40eb2dbe165dfb4de2d98d1db65659a54e7875446e55d8966aeef9f94539c607219f469926bb8d1e7e
+	C = 81f8976e83a961b11b79b22d0318cb0389992372d668494a809a41f23d07eb69629ae1b95b2e47d2e7bab5dd66378b70a115c3604cb488
+	reseed counter = 1
+EntropyInputReseed = 4cd25feb768238cb56fac02631ffd781
+AdditionalInputReseed = 2438f9cb82dc539c37bad226f2117a25
+** RESEED:
+	V = 07a06e6c3652bdfc7261cb98b0748c3e98c7a12aebd6b7a68c8ee759e2b7357f7850c7de2addf18fbac50060cd7678f9ac9b79879f1284
+	C = 8d27921ddc9d8528b917fd5b8150d683df81a416e1ffb820efc32b585cc850cd2257c1daa970b613166396122f3723e7b416e72a5723f3
+	reseed counter = 1
+AdditionalInput = c458efd3c5311ec19db660f80f948672
+** GENERATE (FIRST CALL):
+	V = 94c8008a12f043252b79c8f431c562c278494541cdd66fc77c5212b23f7f864c9aa88b187b2a940fe87f5f9c32b6581ca377f854c1be67
+	C = 8d27921ddc9d8528b917fd5b8150d683df81a416e1ffb820efc32b585cc850cd2257c1daa970b613166396122f3723e7b416e72a5723f3
+	reseed counter = 2
+AdditionalInput = ac64f67626812078f6459230481c8e75
+ReturnedBits = 1801dc5aed241268647049048c8bf24552c6d2a2e35d9a951bad2803aea8a1713abff1482634650955b1fafb5833a2ea8545d6d8115c04651bddf3f595f7b0f36a615b449cf26fef76c91b7fb8fcaf5a
+** GENERATE (SECOND CALL):
+	V = 21ef92a7ef8dc84de491c64fb316394657cae958afd627e86c153e0a9c47d719bd004ddcc54ed3d9b67f0bde2709b2dafe076b312a0e78
+	C = 8d27921ddc9d8528b917fd5b8150d683df81a416e1ffb820efc32b585cc850cd2257c1daa970b613166396122f3723e7b416e72a5723f3
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = a0b622857cb949033ec23db119363fdd
+Nonce = 40c57c3029f85343
+PersonalizationString = b63200d075cdcbae50a47d8d346be91c
+** INSTANTIATE:
+	V = 426b171bd9c1a80279adf9f2f0313545c05d252fd733afbed351defa01d6fb33954f8fea6c5ef3534549b4adec3fa2bce8a1c8d9bb7ab8
+	C = 99ed111e86b717e7fca3556f75f812797a7b8edc86dbdfcba84fe681d95e1566207044bccdd136d79dfebddc31112670e75a7755279382
+	reseed counter = 1
+EntropyInputReseed = ffc4ce08690c116468f362d8bb71e334
+AdditionalInputReseed = 166025fc45f597339116bcc86a42d518
+** RESEED:
+	V = 505ee152c5c5db7c3a343fc99be77a934badfa7a783c7e003cda16c4eeb4eeb3ba28111943c743e1fd103418231ef40a18e6e0e7a4dc65
+	C = 4e088e7f4a77cf9ce45971b3f1bd129c7c8b1c2d00ebefb38f8de9606fa41f1ed6b29e8fc1c3b5e6f6e08488a9875fa98d77f6eab6d531
+	reseed counter = 1
+AdditionalInput = e994c5bc729299a519c672e5a9f59216
+** GENERATE (FIRST CALL):
+	V = 9e676fd2103dab191e8db17d8da48d2fc83916a779286db3cc6800255e590dd290dab0bf2ac0024d6ab5d2ac3b49fcb59157b837fb2cc7
+	C = 4e088e7f4a77cf9ce45971b3f1bd129c7c8b1c2d00ebefb38f8de9606fa41f1ed6b29e8fc1c3b5e6f6e08488a9875fa98d77f6eab6d531
+	reseed counter = 2
+AdditionalInput = f3c5dbfbf8b62813592e4f0fedfb2e2c
+ReturnedBits = a33ccbae65227f6bd153e4493839a2e4a128a1d335fbca3e9f3c3e5d1bab5745ae3ea23cb22d586e0bee919ead3bb07868b5c9fef46809239689a1229881fd723a61e655a98ba0c288680268935541b2
+** GENERATE (SECOND CALL):
+	V = ec6ffe515ab57ab602e723317f619fcc44c432d47a145d675bf5e985cdfd2cf1678d50e918d26be234f846655cc20d4ddf29a8491b706b
+	C = 4e088e7f4a77cf9ce45971b3f1bd129c7c8b1c2d00ebefb38f8de9606fa41f1ed6b29e8fc1c3b5e6f6e08488a9875fa98d77f6eab6d531
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 5785a9e5f4b24bcf2743b3aa6e503d5a
+Nonce = c2d81f3ec24f98b5
+PersonalizationString = 3d4eb99eda9b7a2af2798c42b1cbd47f
+** INSTANTIATE:
+	V = c317756148948a676ff7cb60c03d6a55dea212eae1b7961d14ebb8592b78d7c12de52643c290c743178e05a48a6780c7dec334e7ebe372
+	C = 530e693fb40297aa09dfc934012908b2a5505899432995a17a6235100c6bf837dbf135e121d02eb3dfbe7737d808732bcb0b248dcee06b
+	reseed counter = 1
+EntropyInputReseed = 4aaf305d3734ea540fa224ebea780728
+AdditionalInputReseed = 0d5a3ebb14f3267a86dd161a4bf2ad7a
+** RESEED:
+	V = 4e801ff5ee42a8ee2fbf9198132016ea6ef89aa41a71bf758b02f3d17ab9d4ae0b4fc04b0388baa42d201022337a301ddcdbe7d8f0f8fc
+	C = 0427b6c1095d5e8ddb36deb31e32a505078be1255e43bcb5bc4e6e4b661f3de2fd3eba488df72129479ae9cf0ed02d3e4b0551b2bc5c98
+	reseed counter = 1
+AdditionalInput = 06c2bd4e48782a55d821a0930184a5b6
+** GENERATE (FIRST CALL):
+	V = 52a7d6b6f7a0077c0af6704b3152bbef76847bc978b57c2b4751621ce0d91291088e7b72658256efbb60c6c6d24ebf7f8b2069a7b525f5
+	C = 0427b6c1095d5e8ddb36deb31e32a505078be1255e43bcb5bc4e6e4b661f3de2fd3eba488df72129479ae9cf0ed02d3e4b0551b2bc5c98
+	reseed counter = 2
+AdditionalInput = 274d036dc973e6ff4082eb8bb05c4958
+ReturnedBits = 3a0420a606d8f18281c9d50a5cab739871967d201a96c44925850a82741e9dc4471df5a3ba3c01f932dc5d012bb97a586258b21bbfebff3b25dfc49b58bc6c88edcbb4643882c3e20e7bbe697d702848
+** GENERATE (SECOND CALL):
+	V = 56cf8d7800fd6609e62d4efe4f8560f47e105ceed6f938e1039fd06846f8507405cd372ee5832a964d603d2b19a1f33cebb0c29884201e
+	C = 0427b6c1095d5e8ddb36deb31e32a505078be1255e43bcb5bc4e6e4b661f3de2fd3eba488df72129479ae9cf0ed02d3e4b0551b2bc5c98
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 692bd8abe12b5c30c1d208d5ee7b61e4
+Nonce = 8999352e525427e9
+PersonalizationString = a34941fe91e8d48837867057869d64e9
+** INSTANTIATE:
+	V = 98be3ffdb3713bbbda25c16b21ead2caae2a4c1c60b5fa79d2f3d3eb423d461a8ff3cd53a752d5fe7bb0496b2a879b2074121b99dc2c63
+	C = 52c0f5c915da072828d7d75ab77e7b738508c60d070978742fbbbbf06bde8c5e85f66050ca34e24ad710b1415f8c1c5e7fa30d93bd0b1d
+	reseed counter = 1
+EntropyInputReseed = 2248af8790fe71915e311b276ab01d9a
+AdditionalInputReseed = 24fb112c676b39fb70de3f86a8a888d0
+** RESEED:
+	V = 30ecce1b5da07dec45802752a965b46fc43b6319d3954a5555bb75420163a8b31811dde667b9f666f574115740148a3f35ed527b8a08f9
+	C = 995b8828018253d6f27000ba2d639bc9db8a50016a488dac688ba33d868e70d9b308ac0094f7a6fb5105055f706977ce42436f3c2b5d13
+	reseed counter = 1
+AdditionalInput = d0ca8dc88f93b363fdcfbdd89d515c9c
+** GENERATE (FIRST CALL):
+	V = ca4856435f22d1c337f0280cd6c950399fc5b31b3dddd801be47187f87f2198ccb1a8b0a4563533f17f5278fef040518da0298fda1e5f1
+	C = 995b8828018253d6f27000ba2d639bc9db8a50016a488dac688ba33d868e70d9b308ac0094f7a6fb5105055f706977ce42436f3c2b5d13
+	reseed counter = 2
+AdditionalInput = 7b0ce774b17755a0c47bddbe6896df1b
+ReturnedBits = 4246d4878bb6bc548b0f58b677602993756bdd35556928f0e9a5f7d966966f80a5e16d9abf6604141f2e3c1792b6fec1061bd43cf0e67190f4da699e64d917449a793280016174ee887eea0847a673b3
+** GENERATE (SECOND CALL):
+	V = 63a3de6b60a5259a2a6028c7042cec037b50031ca82665ae26d2bbbd0e808a667e2337c47272769353409f6ca6f40f968cfc6fbd461975
+	C = 995b8828018253d6f27000ba2d639bc9db8a50016a488dac688ba33d868e70d9b308ac0094f7a6fb5105055f706977ce42436f3c2b5d13
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 86cb25c15d0ff889727aabc33a9c714b
+Nonce = 7f2b785751be76f8
+PersonalizationString = 753a5d9d00ebe875bff9be5a1c42ebfc
+** INSTANTIATE:
+	V = b5df1150983c890ec68a547ce8fd804237ca16a7083f5b9fb3c701bfa7ac787dc356730bec73c267e7463c0a8f4ed60e506fa3165d6743
+	C = d6e9438cb507055ff600d6db8ac518a68a864650f9420d6b40f87c7d997322467469e423445bde868a8b719d3e8f30a4d14e0cd419e5fc
+	reseed counter = 1
+EntropyInputReseed = 13ebc4651cfc0de611b1be999f8b3649
+AdditionalInputReseed = 8b4d9f6dbfa398735146b70722f1fd49
+** RESEED:
+	V = b48efcc3d497bd95b7f793fa837f528017fc10bb39a0d4ae29b7fd4d9ee63204cafc6232c59a44f712905ec6a832560cdac43cdc7e761c
+	C = 70c571e270aa89d95fddf45831ca1e81b8348d48d7c13e7d74d31d266eef4755c5ef9a562bc8f78653efad8edfafdb3299ebde41fece30
+	reseed counter = 1
+AdditionalInput = 8c03bb62ef876138266cc16e101a5eab
+** GENERATE (FIRST CALL):
+	V = 25546ea64542476f17d58852b5497101d0309e041162132b9e8b1a740dd5795a90ebfd8351bb4d3a9fb231c693cd00137b3f6d67be929f
+	C = 70c571e270aa89d95fddf45831ca1e81b8348d48d7c13e7d74d31d266eef4755c5ef9a562bc8f78653efad8edfafdb3299ebde41fece30
+	reseed counter = 2
+AdditionalInput = bff032f314dfe65bb811430a54bac2d7
+ReturnedBits = d177e527b80d5ddaf26a111a6a007bfc3484044b9c933c21a208edf882a5c5f7b432f28463150db100ab8e07099d7d8faa6f446c23d7134b7b20bdbb8f1ac527fd9628baeabfd760a63d2544e764eaf7
+** GENERATE (SECOND CALL):
+	V = 9619e088b5ecd14877b37caae7138f8388652b4ce92351a9135e379a7cc4c0b056db98051caf2669d59fcacfe225492a43f8c32de7cde4
+	C = 70c571e270aa89d95fddf45831ca1e81b8348d48d7c13e7d74d31d266eef4755c5ef9a562bc8f78653efad8edfafdb3299ebde41fece30
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = daf80d4e70d6a86d7abc89d4352a99d2
+Nonce = 6c0c51a77833cbee
+PersonalizationString = 
+** INSTANTIATE:
+	V = 742edd59a9d5d91c7fd3cbe339e9d9aadae3b793d5fa7b5766afd79a22255d1f0ddcb76e6431fccd1d24bbfd148efcb0ee46a4b9885149
+	C = 6058bca0fa5f40bdbfe8f68c132f896713076077a52d99636160b5eacf77e43d2dbaa58a2a4738986b717dca8c5e7bd7edf41ff83051ec
+	reseed counter = 1
+EntropyInputReseed = e03101dbb133978f967632ef213ded4f
+AdditionalInputReseed = 
+** RESEED:
+	V = bc42626bfd48fb72724508ef064d6ac3cc5b1c95763a99c29da648f8ad18d65607a08136967577a56dca5d312428b612a1daf0ef9fd11f
+	C = 3c70d82ebb9e71665a1d7b0525cab3163e81c36a24a0dc28be6bce4d3e8cb00b8fece5f3dacf73145426f9887e56c0b4233c356a30f043
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f8b33a9ab8e76cd8cc6283f42c181dda0adcdfff9adb75eb5c121745eba58661978d6732843709799c05074fea6544cb3e709d9bac4085
+	C = 3c70d82ebb9e71665a1d7b0525cab3163e81c36a24a0dc28be6bce4d3e8cb00b8fece5f3dacf73145426f9887e56c0b4233c356a30f043
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0bad3bbd05a2c6a2398f42809449141c064d6aa41da66f2f749e65bd0a1366d63374adebcb41a24d7ff262413dd63f93483fad1b027f9a83a39cd02202bdb1720d6f85c9c8f81da65ff37ef5e53c60d1
+** GENERATE (SECOND CALL):
+	V = 352412c97485de3f267ffef951e2d0f0495ea369bf7c52141a7de5932a32366d277a4de40cd99e419ff97d79d326af2da183ec2d9c944d
+	C = 3c70d82ebb9e71665a1d7b0525cab3163e81c36a24a0dc28be6bce4d3e8cb00b8fece5f3dacf73145426f9887e56c0b4233c356a30f043
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 126d155b8bd02ddcd5cb78862bf84831
+Nonce = a65855d4192eed9b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 82c49e6fc8ef15e1d048b705cd76d8a4371bd7f5e89854ed2fc95da3aaae1a146b612101e2a66ed5c52d01ba16ea142da59c141d8636c4
+	C = 5a8a4aa6e2d926db5dd45c497fbdff4f9763101e039c8f3aadd557b50a13d9570a6a48287daa226fd65c150380c1f38423183b3d272266
+	reseed counter = 1
+EntropyInputReseed = dec6fc448cd022026f6cb5c9dc184d22
+AdditionalInputReseed = 
+** RESEED:
+	V = 54616bbe53f4e5537395c4c8a92e082743cf27478309926d508970d793d1b277f44a3b4b3a71c7c2d67506fa9c43a41426d35fc7bf809d
+	C = bb81474ba657b3b995abac12d323c6e8a8b967860c90ae241ba30f77208c2d2310f336dcdaf1a6ee267f84f37d974f40335a64a05050cc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0fe2b309fa4c990d094170db7c51cf0fec888ecd8f9a40916c2c804eb45ddf9b053d7261c33b740d6b200e3d0a7e860286df8e40b471f2
+	C = bb81474ba657b3b995abac12d323c6e8a8b967860c90ae241ba30f77208c2d2310f336dcdaf1a6ee267f84f37d974f40335a64a05050cc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c4e68f4c618d65b14730b92e4056e94bea8afc9e8b0eb2d3f4216c417fc25c99288a439071aab676235efc941e6caf7483536e28b7b3aa23da249cf84235cec76e0bf72a72af24f5dd0f0e51c5724836
+** GENERATE (SECOND CALL):
+	V = cb63fa55a0a44cc69eed1cee4f7595f89541f6539c2aeeb587cf8fc5d4ea0cbe1630a9762b9d7f1d7e782cc9d07bc2a9d9b70e526c745d
+	C = bb81474ba657b3b995abac12d323c6e8a8b967860c90ae241ba30f77208c2d2310f336dcdaf1a6ee267f84f37d974f40335a64a05050cc
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 431371789d5a197fadecbe0ed847a851
+Nonce = e1e66f7680e1a2d5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 978874f7684d43e9c3fb13291464540ad534b9521e067c653b26e6d998125a7ec673c505bb932b65545295ac97b8c9563d97c3a7dde781
+	C = e8929b0b846f26f54f23d5519b581ff771c9881d76a5aee68926341fc1bacf773b92a4e374f70ff52ad69fca4a0dc0c0bbcb87f0107406
+	reseed counter = 1
+EntropyInputReseed = 941c67afcae9c2a012033ff801d08f6c
+AdditionalInputReseed = 
+** RESEED:
+	V = b3fc4732f9e8655ac5998912e0cdfd06a6b65fca5819fd391d8a98653a9ea35d5095311668335e0f2d518510fcadfe0066ac45edcb8812
+	C = abfff7315f69c9ac07f9f21ecf71d5ace2c0bf659100b5b661492c34fddadd0dcc5841b421c9e5c9c3220e5af639d46b1792827a07d830
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5ffc3e6459522f06cd937b31b03fd2b389771f2fe91ab2ef7ed3c49a3879806b1ced739576295f6191f8c5655da1fedfd74aab30a6f020
+	C = abfff7315f69c9ac07f9f21ecf71d5ace2c0bf659100b5b661492c34fddadd0dcc5841b421c9e5c9c3220e5af639d46b1792827a07d830
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 41608d19686849e5ea0e4c8e10be24dabe0c82392f1a8f7a776e22e2eb8c612e9e103bbd6c8f9654c51f45218b6559909a695a6ac298729f6befbac28e482ea9600b788f47340ef99a4d6a9796d97b0c
+** GENERATE (SECOND CALL):
+	V = 0bfc3595b8bbf8b2d58d6d507fb1a8606c37de957a1b68a5e01cf0cf36545d78e945b5ec6a37291128c9975ec429d1fbfeeecd6dce8837
+	C = abfff7315f69c9ac07f9f21ecf71d5ace2c0bf659100b5b661492c34fddadd0dcc5841b421c9e5c9c3220e5af639d46b1792827a07d830
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d79bf5be36dfc58e38893b5fcfd7660e
+Nonce = 8e6968acb23bcdc0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8586918a3323821a2aebbc3d721606650d96bb057a23e0a8592afb07c67ba2cbce27ebfa18c34e865aac367d129931491fe6b2d15434da
+	C = d0b428ad60023c6144a84f8de48d935961313e906609a269ff05db19fe59f4698d78bba8bf4dbd559c53e0b4880b22c7d15eb9987d9099
+	reseed counter = 1
+EntropyInputReseed = fb70a98a722e98f5bf513fea6699d1c3
+AdditionalInputReseed = 
+** RESEED:
+	V = 5c6b3dab97a026608787dfa1344d6f41c15aedc5e1ffc57c67f86ccd80661ddac43f969fa4b82482617ddca5fe69b62d0da1e5da9a58d6
+	C = a7ef0b2a169aa42ea4261f8353f891235e90400201f50fbf4b086d4cdbc8fb902addd23cb99362f00a4b4070d2109387c6a8aa9b6ab257
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 045a48d5ae3aca8f2badff24884600651feb2dc7e3f4d53bb300da1a5c2f196aef1d6902142588624dfb49fd07a0bb2509671aec85564e
+	C = a7ef0b2a169aa42ea4261f8353f891235e90400201f50fbf4b086d4cdbc8fb902addd23cb99362f00a4b4070d2109387c6a8aa9b6ab257
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 775c29ce754fc4d25e7b288817401ca22f45ca60bec308890f979fcfca33d9fda5970422b79cbb30c68b32e8ba832b7cb1a9c47397e3b62f00a36cca6472f44ab6590cb60e1f086933653274b051010d
+** GENERATE (SECOND CALL):
+	V = ac4953ffc4d56ebdcfd41ea7dc3e91887e7b6dc9e5e9e4fafe09476737f814fb19fb3bc69597bff474517636a7ae5503d7b5f4fd9c68ee
+	C = a7ef0b2a169aa42ea4261f8353f891235e90400201f50fbf4b086d4cdbc8fb902addd23cb99362f00a4b4070d2109387c6a8aa9b6ab257
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = b67c9c80f5d849c3818d6450a2610934
+Nonce = 905683bebd4f858a
+PersonalizationString = 
+** INSTANTIATE:
+	V = d13cd25e194416e94cf130dc71b14b4521897bed3dcfe66b978134494ef0d1fcdd422515038581a2e03a644cb37554728099e73e2d2a2f
+	C = 7b0ebcaacf857ccafaf51797fdb8a409d8e34a87bf018b2563f757ec7db8485908068dab37a61b91ae98fb214f45685733376d3c0f07bf
+	reseed counter = 1
+EntropyInputReseed = b5c2579c7fd4cc806a9f5dd2becdc412
+AdditionalInputReseed = 
+** RESEED:
+	V = 15895d5d67115e7b0abb510008333c7ada6353212793824506ff1c50dd1b3995eabbff09afc3dff5bb6c2e12c9861b9c1583d9de57e659
+	C = 54b931c47d33453b81e2dedb75854f325b12fff818f6a9345b63cb20df3739abc438cd091bc06bc582409994461e6cea6441a81c3f5c92
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6a428f21e444a3b68c9e2fdb7db88bad35765319408a2b796262e771bc527341aef4cc3de27e49682af2f2ea424f9f86d9772b128bc50a
+	C = 54b931c47d33453b81e2dedb75854f325b12fff818f6a9345b63cb20df3739abc438cd091bc06bc582409994461e6cea6441a81c3f5c92
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 649f08a9fc5bb9540c2cd6c67863d9437f84fa133a241f95dae1fdb69ace602368558a8582a08b61b4b3cbe119a2a8fa2c90b0a95f360c0ef2e53abcd337f5272b6af1e135de793f8524aa82aeb7d969
+** GENERATE (SECOND CALL):
+	V = befbc0e66177e8f20e810eb6f33ddadf908953115980d4adbdc6b2929b89aced732d99675b8ef167b7845cf2b409614fe3d89c78c4367e
+	C = 54b931c47d33453b81e2dedb75854f325b12fff818f6a9345b63cb20df3739abc438cd091bc06bc582409994461e6cea6441a81c3f5c92
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = fb4dedf71afd509d4cf81a055fd96f71
+Nonce = efe11c98dfe54e94
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4a420075ad2ef3040c77d4f066bab045b3c3f89d9b8abbc5657e6bec7a89ddb60821dfaedd0ea287aa1666e8e495befab32a8b1b17eee2
+	C = ccd9d83518c7431ca39f7e7067681193e674f2ecf6641dcb678455697da1482b3d9fb580d91788be8c43b0f9fd8e4a86a937feaf49c394
+	reseed counter = 1
+EntropyInputReseed = c981d2c468deb37a2429369eac52a730
+AdditionalInputReseed = 
+** RESEED:
+	V = 1564b423a947b8da830cc4dab315b7070841d51571557c69b0df2fb5dc564ed836406ba3e957f0a6316e7a7f9a41e67a677204145c6904
+	C = ec2622222c30b4582b2ce7c11007a739e853660e915c1d5e32565c9b84465118da7fcbb6c642b1c27392dc461d179774b9a773f786ae44
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 018ad645d5786d32ae39ac9bc31d5e40f0953b2402b199c7e3358c51609c9ff110c03767985f9fac0f1bb4cfcbd500e7441c0c115ab834
+	C = ec2622222c30b4582b2ce7c11007a739e853660e915c1d5e32565c9b84465118da7fcbb6c642b1c27392dc461d179774b9a773f786ae44
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5d8897886013e1a32cbd09acbf00de5714cd40795fe27d60ad866c159d7a75f1161f6eb6dd2b8238f72e43c79327c13b1f85ce2d3a50abeaa2f5f6b097df36fa2ed6250b4b1291f2981ac45e656cdf95
+** GENERATE (SECOND CALL):
+	V = edb0f86801a9218ad966945cd325057ad8e8a132940db726158be8ece4e2f109eb40035c7805fa319fcd47bd5260bc08da5366c1a0222f
+	C = ec2622222c30b4582b2ce7c11007a739e853660e915c1d5e32565c9b84465118da7fcbb6c642b1c27392dc461d179774b9a773f786ae44
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 2a593a65dd5be58f2f0d7279b2e51c70
+Nonce = 9dd9a0e5586e96f2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7b44c7e6feeb3c05e7e2822e6d401258e2fb0413bee7993d6c805e3b947084f1fa9122908319ed66f03d056b020955affe6225b2bd7b58
+	C = 6ff3813ba45c9dc212e7ad2b5095854cb420f39e38b63d7bcf762ab37f6d8af417a6d320c3316df1ea38f66aad4c0261a8b282f914936a
+	reseed counter = 1
+EntropyInputReseed = 8e1905c43da672c1c02e632f010a0ee7
+AdditionalInputReseed = 
+** RESEED:
+	V = a6d28cf7fe20c4ca8208263303956ff64c7f30de8bcb994d22bc2113cc135874ba623927de5788e5b12d273bcfa7d0d71fc4e5437fb01d
+	C = 538fa8e95c02a7e3eebfcb7d9ae6c97027189d80150f8086bd691eef52c5fe46ad3ae5858928020c8ef935960b9ba32466f7006f3c8473
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fa6235e15a236cae70c7f1b09e7c39667397ce5ea0db19d3e02540031ed956bb679d1faba928a340c067402dd1cff6662a5edbc6798e0c
+	C = 538fa8e95c02a7e3eebfcb7d9ae6c97027189d80150f8086bd691eef52c5fe46ad3ae5858928020c8ef935960b9ba32466f7006f3c8473
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 997cb33d413cfc231289d0b1df5479a9fab8c7f18f83e14e951a1f9287cc6e88b3229def2a0a0af0cd59f837c8e2eb2118b02c168023b0cdeae4b9e4b042ce6f9141c5f520d51d837807fae32104ab33
+** GENERATE (SECOND CALL):
+	V = 4df1decab62614925f87bd2e396302d69ab06bdeb5ea9a5a9d8e5ef2719f550214d80581c753c549029588d2d5d2165f291dffd5b77ca9
+	C = 538fa8e95c02a7e3eebfcb7d9ae6c97027189d80150f8086bd691eef52c5fe46ad3ae5858928020c8ef935960b9ba32466f7006f3c8473
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 2717d6d07dcb45c21163986c2a27fdfd
+Nonce = c3ac8354b35c431e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8aca19dc7f7b525f92d77094d5de069412d2ee1f8283cd1de991ba154b6cabdf6dea2119821eb5797c6207962959297f26aa88b4f3d820
+	C = 3e5861b8898c4e8e5ba67d7eaf79ae0ff4017caf1743f1ca6c0ef5dcd55701be995d8529c4de96bee2daa48224aac8f35c6d1b8b661232
+	reseed counter = 1
+EntropyInputReseed = c72901afd34bfa85efdcc70b013bd575
+AdditionalInputReseed = 
+** RESEED:
+	V = eb60a13a16f0f562d64f4c22fcd188cab67752f69a07919e78fb5e0c616695863b00de7f59fc163f18a0c138e90eef07441c1e9c5c5d13
+	C = a7430bbe5d3e9e5da364abd7ca6f39bee80f2a85f6265c478fa641bd19526a8c64dae365820bbc60ed8a3c1ba1983fb64c5d4817d412e1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 92a3acf8742f93c079b3f7fac740c2899e867d7c902dede608a19fc97ab900129fdbc2c31819c5f2a7ddc7a4996bb7f3d241ed026f3a8a
+	C = a7430bbe5d3e9e5da364abd7ca6f39bee80f2a85f6265c478fa641bd19526a8c64dae365820bbc60ed8a3c1ba1983fb64c5d4817d412e1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1031dfd089f0ebd379fe159e7557f148cda61ce6915bd4a95c06517069bff106707eb81cb8f22bd06a47a8a5e36da3b5c37d2b477bc5fed4658e0bd72e1c8806b9afe378c9dcbe72ce61461ca610efe7
+** GENERATE (SECOND CALL):
+	V = 39e6b8b6d16e321e1d18a3d291affc488695a80286544a2d9847e186940b6a9f04b6a65dc16a4040430fb1fe0e872e1ed2e6991fa2f028
+	C = a7430bbe5d3e9e5da364abd7ca6f39bee80f2a85f6265c478fa641bd19526a8c64dae365820bbc60ed8a3c1ba1983fb64c5d4817d412e1
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1a0c55315a0addaa456f1d8b1497ad75
+Nonce = 67702e35a409cc14
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6c0186c4679de1b28494c3667def3baec16ec07567b68121cdfdf0e97c76b343f0fc9ac51986db870acda628a8329baf968dd90e785755
+	C = 0bc5debcd40d87e5033f57bb4b57aa9651b9ddba546282a36514185bc7d00fa63c7c0be2d25bd78a5fea034fe1e9d036c0cfbf766f9bb9
+	reseed counter = 1
+EntropyInputReseed = 8c815e0ad5bf33aed81e33087b1c0edd
+AdditionalInputReseed = 
+** RESEED:
+	V = b77f4ff1b5a7b7f9d65cc2a1eb4c214594135f4f2d327093834d486e412793f6ae139a5441ae39325890a0844777bdc9ea876c383e7af0
+	C = dd60f74ac9673eea282bdf61d3762b2686ed70c79af2d5b603efe931e19c3c6f968b51b978deb2c6752415b681762eff863e922c889af5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 94e0473c7f0ef6e3fe88a203bec24c6c1b00d016c8254649873d31a022c3d066449eec55a3fa9f5b00f60d3fa9350bef639f672d7c7b43
+	C = dd60f74ac9673eea282bdf61d3762b2686ed70c79af2d5b603efe931e19c3c6f968b51b978deb2c6752415b681762eff863e922c889af5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f2953585673fccd82d364dace7cdb7c100a8112a9d04902cbc966ec3eeacd182ee9039dc394c12f20171d1e99fecc22c58d7137bb023cb3cb1d9e0dbe4a8a06857e3dc0d73afbc4eb0b0eb1ed1d534f3
+** GENERATE (SECOND CALL):
+	V = 72413e87487635ce26b4816592387792a1ee40de63181bff8b2d1ad204600cd5db2a3ec555ca489e4b10c372d343b8de5e0d72228fe570
+	C = dd60f74ac9673eea282bdf61d3762b2686ed70c79af2d5b603efe931e19c3c6f968b51b978deb2c6752415b681762eff863e922c889af5
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 657a91b05e832b701bc9ea0f58747d88
+Nonce = e1e52cb87a0783f9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 992a92834a8651b106a6f712ea91b2c3476cd7312ede3bb4a679d26431db5178a5c0a9a604bfb1ac05712bf0936af17fd00ca94c15c63c
+	C = d193d87111bb44eec25c97ffa0c0f1548df1024602b6f65ed917dddc862382b9404e123bc82a283183a46ddbea114c1f8c90b1bfcd7102
+	reseed counter = 1
+EntropyInputReseed = df1324c51e8bb6fdd4de809f130ee20d
+AdditionalInputReseed = 
+** RESEED:
+	V = b85bc62a1e5d796f061be0012c1ba0c26ba8a686a4a60f687f87243b7b6ff114e64e2d05c8f348fa095aa16c2f09340679517dcbb799c4
+	C = 3578abd254421d0e748565463ad26f1b298ac24e3f1cb075a7a2aff30e05ea3b9c1efd5e0b9731f0aa77b29f451f65fdbaedad95d50137
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = edd471fc729f967d7aa1454766ee0fdd953368d4e3c2bfde2729d42e8975db50826d2aa7f48a33be6879ddc953e862fbb42b484cc574b1
+	C = 3578abd254421d0e748565463ad26f1b298ac24e3f1cb075a7a2aff30e05ea3b9c1efd5e0b9731f0aa77b29f451f65fdbaedad95d50137
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c2f0978318cb112f1212bf948ba9978e426272bfd4177b7ef7fb7c7783320209505636b16a35155fb8515900aaf86c98c1c289f6ff4399ebec63ecf5d9c0ade5c4a88ae54f04a18589e9423084893663
+** GENERATE (SECOND CALL):
+	V = 234d1dcec6e1b38bef26aa8da1c07ef8bebe2b2322df7053cecc8421977bc58c1e8c288e8eba357432b2b2eb2ce5c6566e255fda588f50
+	C = 3578abd254421d0e748565463ad26f1b298ac24e3f1cb075a7a2aff30e05ea3b9c1efd5e0b9731f0aa77b29f451f65fdbaedad95d50137
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 44f0dfa4a0edd9e464b1e0c2e3f0584f
+Nonce = 63da40c20da0f5d3
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2b71c90186f77c58383d539795edbb8adf258f4f842d0c024ca898f1c731549995119373bed8ffdaf09af0d066ef308a8e62dfaeed4389
+	C = 8c29fa4c1185b68c7fcaa0dbbad371667d4e5ca0bcd5ea62f1e6f701f4341cecc22ff03ce296209da00dda91dcd4e3d4b71a514fb00445
+	reseed counter = 1
+EntropyInputReseed = 27f250cdd67ecee02c84830d40dbbe6f
+AdditionalInputReseed = 
+** RESEED:
+	V = a5fa24d8cd029908d21f95892af0f3bee6501f3c7d551cfc443c13fe56c75b745aea520d241f41d7f0d8961f17e0ec88d51687421186d8
+	C = 536ed53e86d1592139baf76d4cedaecbc76ecd4f2d365eea1333796b802d8bea5a5f7a95bc5b80c264c38df2b1bc896d3d328b01b899c4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f968fa1753d3f22a0bda8cf677dea28aadbeec8baa8b7be6576f8d69d6f4e75eb549cd943f172eef2637f0771d6e16805c7b62cd8c8a6d
+	C = 536ed53e86d1592139baf76d4cedaecbc76ecd4f2d365eea1333796b802d8bea5a5f7a95bc5b80c264c38df2b1bc896d3d328b01b899c4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 06e51a5f7c80eef002ea3547e64b430aa0f5f6345b093644c998b4d917f4b83d0610df52e0b3090afcd74409ddad1462f24c59b812a9626e72d60f60df38091ba44b9d31416205d63f2915b5f3c3b8e7
+** GENERATE (SECOND CALL):
+	V = 4cd7cf55daa54b4b45958463c4cc5156752db9dad7c1dad06aa306d5572273490fa9489ddc97a61bc837ffdd50c506879919f0d612a7f6
+	C = 536ed53e86d1592139baf76d4cedaecbc76ecd4f2d365eea1333796b802d8bea5a5f7a95bc5b80c264c38df2b1bc896d3d328b01b899c4
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = ff89b0bd43dcb902b1984602efa80f7e
+Nonce = 27b7810ee1022089
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2dd5f635cf01066524f54bf79c8ab7522a40302d07e4da55db7b44731bf5651a5c0dd4d4639f263d42b67ba0737bdbe86ef98d22b1f17a
+	C = 661e2c22e635b17adb81c669eb0d70534283709e061f3caabca21212ce289b57af1d10ed7893ac6b349cb7cdc95f5bc30d74efec390c14
+	reseed counter = 1
+EntropyInputReseed = 7715fc44c1c6ba6ca48d0723214574e5
+AdditionalInputReseed = 
+** RESEED:
+	V = 0fdb7e71a473466aafcca774754b3924a868a23553f68ad242e454a5f93bb03ac31e8b96cff8f54f8d2272a07d120ffced66c0a960daac
+	C = d9990210361253ab9a6ff114d0791d54d9d025bdcb0fcb4b06dcaed4a7b77a3b5823fa37c10bcf40df8e9473d743be7bb2fe6b7ee96739
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e9748081da859a164a3c988945c456798238c7f31f06561d49c1037aa0f32a761b4285f72f3f401c6268a24c77254d0a041009a429cb21
+	C = d9990210361253ab9a6ff114d0791d54d9d025bdcb0fcb4b06dcaed4a7b77a3b5823fa37c10bcf40df8e9473d743be7bb2fe6b7ee96739
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 91aeb666797fc48ef6e2d6be25fa872be9787bc5ce0ffd06711dbde86f9eeff68e650a20e193de06448b8e2b0d35d2fa576280459fa416c64f4fe9c789f2634471c8e6aa1df420fa6d56fda63928defd
+** GENERATE (SECOND CALL):
+	V = c30d82921097edc1e4ac899e163d73ce5c08edb0ea162168509db24f48aaa4b17366809bf2dd689ba8d49036bf10b06bb8cc92d7cb213c
+	C = d9990210361253ab9a6ff114d0791d54d9d025bdcb0fcb4b06dcaed4a7b77a3b5823fa37c10bcf40df8e9473d743be7bb2fe6b7ee96739
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e39f149221e2d7826f97203b3e5217a6
+Nonce = 9c9cc918e967c8ce
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9f82dc3d2a5509640b0280b7a5be78d3dc545877b0953532ba638fbf76ebe0464ecc9352b57fba70f590abaac52af84ec2881307a77140
+	C = 33674ad66b0669d0769615d107b77b70b749aeb25e699ea88a6e666cfdf4c88dc9e425b49074875528aca631f434aee002aace4ceb68f6
+	reseed counter = 1
+EntropyInputReseed = 94ca0d22a0f97f1800ef4aa044f30f7c
+AdditionalInputReseed = 
+** RESEED:
+	V = d06f13b7abc387b7b6799d7a8ff69c74c4e93bac713f71015492e67e9c59016754794ee25afe7c7088374cdd3c8050dd2f1a23f64c9dcf
+	C = 7b90c5f3837ad9adb3c770bef61a7b8f828e29fd6589f766312a108f4bd597160a1cdcd9fb6017c434741f507846f80ea4e5789713d688
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4bffd9ab2f3e61656a410e3986111804477765a9d6c9686785bcf70de82e987d5e962bd2b0e30a3660736a76bec0daac2a6c3fd6468b03
+	C = 7b90c5f3837ad9adb3c770bef61a7b8f828e29fd6589f766312a108f4bd597160a1cdcd9fb6017c434741f507846f80ea4e5789713d688
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2c54fa55f536a0929c65966efed2a0ee6312521ec3e688254afc3af0837a5bc1e550deccf63c13b601bb1cd71e2b3446813b8a340ae5a5a47731002921e90bbeaf6b9835e37958d265e3f7eb507cebf5
+** GENERATE (SECOND CALL):
+	V = c7909f9eb2b93b131e087ef87c2b9393ca058fa73c535fcdb6e7079d34042f9368b309a5f65d09b7370041b5358be4ad1a60c115717663
+	C = 7b90c5f3837ad9adb3c770bef61a7b8f828e29fd6589f766312a108f4bd597160a1cdcd9fb6017c434741f507846f80ea4e5789713d688
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 9867c540fccf5942c382f8e7e383306f
+Nonce = 1adb7f48d8140c27
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8bea2d0a6273c89bf9e29fb73583f58282965e0dbaa815759d17175f55c3a2470f16e6fefcf5a7e3a375e5bd81ac0826433da55389022a
+	C = 2147583b7473ee05d0b800d775048c0494d3d89e81f00378a3e11a6f4f799a75df4c2fa63f8d3f6926f11337bf80ec911b1c44d530d06b
+	reseed counter = 1
+EntropyInputReseed = 8567e12adc711930ee3626c8774788af
+AdditionalInputReseed = 
+** RESEED:
+	V = 7c388e05ec3d6a0743c64f5e6e41d4028c4a643332c779ed1a8d4348decb21d223e336aeca5beda02996cef25182f4ce9e07c511f53abb
+	C = 5fcdf87b6f3d878be4efa508cfeaab7f2e5b1c2bca0bb0076b233bcbf90b31f88240798b42555f55f3f10a6949a5b9a6ef5916465974ba
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dc0686815b7af19328b5f4673e2c7f81baa5805efcd329f485b07f14d7d653caa623b0a19c8e9ddb4bf54503398b9b0e5fdccd269b610d
+	C = 5fcdf87b6f3d878be4efa508cfeaab7f2e5b1c2bca0bb0076b233bcbf90b31f88240798b42555f55f3f10a6949a5b9a6ef5916465974ba
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cbda8dbbb61a13251411d3d18c51cd9c65c7d58016f9be96c1a99cfa30ed50653a8557c14d72f351d27c6084527bf266d4af931000ac1f2d8ec61eded90e8119dd75eb1716ee559893c927afc805e0dc
+** GENERATE (SECOND CALL):
+	V = 3bd47efccab8791f0da599700e172b00e9009c8ac6ded9fbf0d3bae0d0e185c328642b1480b8ff7cc7e29d97ef0ebeccb0106fcea97603
+	C = 5fcdf87b6f3d878be4efa508cfeaab7f2e5b1c2bca0bb0076b233bcbf90b31f88240798b42555f55f3f10a6949a5b9a6ef5916465974ba
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = ab4b1daf9ee4ed51c585bb90c6ccb4a0
+Nonce = 432a0c1c722e9722
+PersonalizationString = 
+** INSTANTIATE:
+	V = 02583a83eb6f526dfe61007868dee6d7e755f9d9317d0d2d811088405f41d3335f6d25c08cbee52ffdb4cc13a4aeaed00724f0d06a0167
+	C = 4370d5cb3ad70bfb10761f2db6b3555bba21c8e3bc8f5af20b3ea4a7fb4401cb2a07062e7a7c4ad6b7d61b3c1b23538a122dfd360c3b26
+	reseed counter = 1
+EntropyInputReseed = d28284b85af03ffe3bdccfec978f478f
+AdditionalInputReseed = 
+** RESEED:
+	V = 33af3f65d7d1a7b8b536bb76f554e18b9d588d0470010af59b2910b35a56502dc3dc6eecabff5366d617f8cd3f2e9524331b55d154891d
+	C = 9d5213a19c2f9fc561dd40b01291101f5537aec3d610e0e4f3d72f64b48ba600c99d680ca3bfc65afdb68e2020f436577063b0cf4e28e5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d10153077401477e1713fc2707e5f1aaf2903bc84611ebda8f0040180ee1f62e8d79d750e52516b7f09efd13185b34b5456ebcbe187087
+	C = 9d5213a19c2f9fc561dd40b01291101f5537aec3d610e0e4f3d72f64b48ba600c99d680ca3bfc65afdb68e2020f436577063b0cf4e28e5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c17a7fb26de22c3f8d1ac64c8a7b2c45fa693e981c5cff04ff2ccfb628a8d526effbee45a6b3ec35cdbe910f20b1e6f8778fb8f1570565d26487be1895f9b666398b1434341eccfb638dc6872622a874
+** GENERATE (SECOND CALL):
+	V = 6e5366a91030e74378f13cd71a7701ca47c7ea8c1c22ccbf82d76f7cc36d9c2f57173f6a8455a5fc63864485f483d3fd52d178fde5b837
+	C = 9d5213a19c2f9fc561dd40b01291101f5537aec3d610e0e4f3d72f64b48ba600c99d680ca3bfc65afdb68e2020f436577063b0cf4e28e5
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 95e98f7b1330013e982b810f683e5fee
+Nonce = fb4ac42d4c9bafc9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 66036961872d928f78734ac2bbf1b1192ab0e3c283e502c5696ff3dac5f7b88f85e4f99868d7f67feaf2b60167ed5a2023ec2f0d489f2d
+	C = 6c6f97474927d5b15fb7462d6b2d2a7f869916da057aa8280f4f25886c6f06b5b32d040e14460c74097683956c35feb98950762e379e02
+	reseed counter = 1
+EntropyInputReseed = 93109ece2d1a590ed174299561068539
+AdditionalInputReseed = c96d88cde76e021ec75137c5aca4e610
+** RESEED:
+	V = 1b173bc2fa1b1f0bdda7c057e7e5732973df76d13f63c0d430d98d0e708188bdb82c09c24e4943cd89a419ce238c70a03538657b317884
+	C = 8ebf1abfd1168c9a67a1c1ed3ae44795a2ca80851d9d97617219792f105460ffa8123cf8efbf222b1eb42105a1697fa5bef87af5bd0dc8
+	reseed counter = 1
+AdditionalInput = c31069714981f6d539139d0ba38f5bd1
+** GENERATE (FIRST CALL):
+	V = a9d65682cb31aba64549824522c9babf16a9f7565d015835a2f3063d80d5e9bd603e4771576bc6579f5d714ccb44ca3b715f1b0f5bdf32
+	C = 8ebf1abfd1168c9a67a1c1ed3ae44795a2ca80851d9d97617219792f105460ffa8123cf8efbf222b1eb42105a1697fa5bef87af5bd0dc8
+	reseed counter = 2
+AdditionalInput = 9aa8477c0df793f0765d8b58181eab4f
+ReturnedBits = e4a1f1a7a5edfa4f9b30241b093f815c29ef0f30402ac0f1ff4d8c426521516bc7fad9985c5e3ebca7d4d3e96e2fee624feef9da55714c513d4a1be23198e829a989a4872cb302e384a6963d306d9c5e
+** GENERATE (SECOND CALL):
+	V = 389571429c483840aceb44325dae0254b97477db7a9eef97150c7f6c912a4abd0850858393987a13e7e048f47b2dc3a0837add83304797
+	C = 8ebf1abfd1168c9a67a1c1ed3ae44795a2ca80851d9d97617219792f105460ffa8123cf8efbf222b1eb42105a1697fa5bef87af5bd0dc8
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = dab17b0eacf52e2986c6ffb790e7eed9
+Nonce = 2622b29bb789bf23
+PersonalizationString = 
+** INSTANTIATE:
+	V = fc894adc77d42b4d47f1c02e87d59d08aaf5b04e0c2349cb51f1ae4e63225a261f7c77ab9bd5165b6db97080db6ee6394827ba278857ba
+	C = d802313979a10d37871ec5a2e146a5a01cf77dca3002f13fbdf81c7c62d066b5995f8cd77b8891aebdd21472495d7cac62671e51ed6bac
+	reseed counter = 1
+EntropyInputReseed = 35406c1c317f67fbfa0b341b3860b2be
+AdditionalInputReseed = 4a738e860d1abd9fd9d3f57e207eb8d2
+** RESEED:
+	V = c016c8f88a22751b9fd45dd5220f9f1017efc1d71cce1291ad2eb376529e082ac46627a9851e8c6898d26900e39ddc236b0ba2fe7e4c76
+	C = bcc9e3d588ae95077df4f63bc216bc3c0fc21e11f4b17d5032702e6b632873415e19c7305f8dcd907e52573b814b0cbe75479bfcbadf1b
+	reseed counter = 1
+AdditionalInput = 3536d4fab1b6e03ee9d44cf8f8da8630
+** GENERATE (FIRST CALL):
+	V = 7ce0acce12d10a231dc95410e4265b4c27b1dfe9117f8fe1df9ee1e1b5c67b6c227fef8ef2e1a87f71fbe44999d8f5993b8912d36cbcef
+	C = bcc9e3d588ae95077df4f63bc216bc3c0fc21e11f4b17d5032702e6b632873415e19c7305f8dcd907e52573b814b0cbe75479bfcbadf1b
+	reseed counter = 2
+AdditionalInput = 0da7aa3d403e8c6e3406b1a9077290a4
+ReturnedBits = 35d4879e5904347449ec6aa8e83e344cdbd2d2b86eb422f602bf121ef59f89273974597548b598295e00c44b2f2cec656a4ed4b2e7b9837a8412eca8b14fd49313c18d2b5e6867a83438e88907d37e49
+** GENERATE (SECOND CALL):
+	V = 39aa90a39b7f9f2a9bbe4a4ca63d17883773fdfb06310d32120f104d18eeeead8099b75076dbd69f2982a8dbfcbdef7fdc1a5085ee5d6a
+	C = bcc9e3d588ae95077df4f63bc216bc3c0fc21e11f4b17d5032702e6b632873415e19c7305f8dcd907e52573b814b0cbe75479bfcbadf1b
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 91a94f73f1c8ec153f68adb27b6840dc
+Nonce = 2bcca0f791ca90ae
+PersonalizationString = 
+** INSTANTIATE:
+	V = f831460bf15fae4810bd0ba58bddf1dfd6028fa53054a066c559014bdfcd7c78dde1d928c14ebc4b064a5364e1c7526326365720b92c24
+	C = 4d941712e60c6d9ceecf23bbbcc9baa788b9b8b2f0e6251f029baf2781adccb70b8241272ab47f905826b9df8ff224d809c43d8cecdd60
+	reseed counter = 1
+EntropyInputReseed = 98f52450e5b04709f7ec5a276a562128
+AdditionalInputReseed = 61ed1792c2d081ca1b692675cbcd0f5c
+** RESEED:
+	V = a97aa1348631f5510536cf791a7491472f34dc02f5003b21b2dd924fe494077a1cf11ded3593a4a37d530034c3c1d2521fdbe7ea241d10
+	C = a7591525b5492a9033413b949e5d7aca456e5f490b4eed7412b20126e78ccd7f354e0695cd1784aeb59fbc060baedab89c2840d684d0b4
+	reseed counter = 1
+AdditionalInput = c24c0a1c69f6683a32a775be7a7943be
+** GENERATE (FIRST CALL):
+	V = 50d3b65a3b7b1fe138780b0db8d20c1174a33b4c004f2895c58f9376cc20d4f9523f2599db6c539db982fdeb5b389165b878fcff97b79e
+	C = a7591525b5492a9033413b949e5d7aca456e5f490b4eed7412b20126e78ccd7f354e0695cd1784aeb59fbc060baedab89c2840d684d0b4
+	reseed counter = 2
+AdditionalInput = 3908b6f78f152d9bf564fc73fe02a123
+ReturnedBits = d7e9eadeab458a93508ae879f101c98954f30c92263fde54b3dc78993fbf8e22ddc2a26dfcbad96f230ec791329e6209ecae67dc4655ac7346799b7e6a09df1675b372b01ca93e711f8368f3bdaf94e3
+** GENERATE (SECOND CALL):
+	V = f82ccb7ff0c44a716bb946a2572f86dbba119a950b9e1609d841949db3ada278878d2c626de189746bce775488c0183834039b5ee0e816
+	C = a7591525b5492a9033413b949e5d7aca456e5f490b4eed7412b20126e78ccd7f354e0695cd1784aeb59fbc060baedab89c2840d684d0b4
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 50d8c59227804615f3353e997e07c6aa
+Nonce = 03a9420539b61f48
+PersonalizationString = 
+** INSTANTIATE:
+	V = a4546f2e6b9b577ee43dde5de5ca1455e70b93a5988e37f54a6618fa1cc39dba13d3cb43328bae9af87ecdad0f4eb7669e453c610fff0e
+	C = 2061d0219d2b9820582807637a79aba3810d19081e8d8badcc89cb25b840018520a51eee20176119f05aaae35ba090fb033de6cbe3d9cd
+	reseed counter = 1
+EntropyInputReseed = 66578dc7e4a64f4b8ebc2d61bc45d750
+AdditionalInputReseed = ec30c1d18e927b8e2e31d89211b5e3ba
+** RESEED:
+	V = 6f6f89fe01c76582dfc4634678a26688416de7e6aed05a454182f4a7c803e7c20f72caf8f5a82286d88e894ee314d7adff2a77aba9ae7b
+	C = 6996e7a75295cf8927da7ca3b7b21c2464214c681cd13779678bebb435e3a01bb4806a056722fe84ce29c5daca24ddcd6c32db589df501
+	reseed counter = 1
+AdditionalInput = c815f8fb5264ffcb283df35df031b4d8
+** GENERATE (FIRST CALL):
+	V = d90671a5545d350c079edfea305482aca58f344ecba191bea90ee05bfde787ddc3f335d2a8c22a6669316310d2e2f0c4af2868e12806fd
+	C = 6996e7a75295cf8927da7ca3b7b21c2464214c681cd13779678bebb435e3a01bb4806a056722fe84ce29c5daca24ddcd6c32db589df501
+	reseed counter = 2
+AdditionalInput = b1152e871364bfdca16ec49fba4a06ce
+ReturnedBits = b0293a8d0429d550136d337f557afbc1345c15ba75dc756b1a50edc0ba9f7e427de5249bc53794af964a64bf65bece742cb701eff5249721244abbb09d83d4bb4d7f4269a36326f89d0db9be71a4b015
+** GENERATE (SECOND CALL):
+	V = 429d594ca6f304952f795c8de8069ed109b080b6e872c938109acc1033cb27f97873a06f7353812e5e0f4d884d873f34cb72129c294463
+	C = 6996e7a75295cf8927da7ca3b7b21c2464214c681cd13779678bebb435e3a01bb4806a056722fe84ce29c5daca24ddcd6c32db589df501
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = d5855b764ab10c7f45a9b36274b5f692
+Nonce = 90ccadb66744c939
+PersonalizationString = 
+** INSTANTIATE:
+	V = 10f57b5150b499e7badf103db026264914cdc2adedda5c0dd44f351a90b49b85039db097f1b59eafdcdf3d2f5ba87685e7a0dcb03b2c16
+	C = 2f2d6abb6de0d740ff25add1775652c6199f8b51d3cdb5cbe508dd04e17fe63b173f33d0089b8974efc8e461f74809036e6714aeeef5c3
+	reseed counter = 1
+EntropyInputReseed = 66165ae3a450cf1cdfdef0620226a981
+AdditionalInputReseed = 76a08637b50d6be6c01943ebfb6f57ef
+** RESEED:
+	V = 6a5e48db58eda9c4c668e276902ea8fa40ba804f51a1f5689ec65a58f0b8fc9b946093c190ffe7fce5f74ecf0020e7940a6c542f75b0f4
+	C = dcc41952f84b202f6d25162c3d2feba92be7fd600fc62a4961452152301dabb18b3fec4fa55a098461c473cce65de3ffb064ce69953097
+	reseed counter = 1
+AdditionalInput = 20f063a603fc98cc1e4d5f44c9b57e31
+** GENERATE (FIRST CALL):
+	V = 4722622e5138c9f4338df8a2cd5e94a36ca27daf61681fb2000b7bab20d6a84d1fa081770f8d98a440b273f4266922f7d0abfe9822176c
+	C = dcc41952f84b202f6d25162c3d2feba92be7fd600fc62a4961452152301dabb18b3fec4fa55a098461c473cce65de3ffb064ce69953097
+	reseed counter = 2
+AdditionalInput = 4282f4bd5c9f3cc6daae5264f94d0937
+ReturnedBits = d0621aba3dcbf0e59d4814814119622e470782f6edc59085df81a5c2acc3c26ef89285a83ee2c6c55d56eddfdf9ce6fc5a5bfc4d3d3577bd007b28ff54e0d2b1a59a5a3340e08b0cd10e7d6f12914773
+** GENERATE (SECOND CALL):
+	V = 23e67b814983ea23a0b30ecf0a8e804c988a7b0f712e49fb61509cfd50f453feaae06e76d5d6539e2f3d924d4908cdae94ea68469f3482
+	C = dcc41952f84b202f6d25162c3d2feba92be7fd600fc62a4961452152301dabb18b3fec4fa55a098461c473cce65de3ffb064ce69953097
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 56b514d571bbd49a32657aef942be309
+Nonce = f4d37f11c76a0836
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6b4a90fb84e1984e44cd3612f7d2302ffff5bb5d2b4f2a59692ec5c6ea57d0548f7b96ade768bfa57649e79979e66b62cb7fc6f7b002df
+	C = 0d90e9ef2ad473d8e30fccee396eebc6c69b305d556b2521923744d39d9d0acbc977eb075a3d1ef6d8d04c6d0966a55f6a1628861c729e
+	reseed counter = 1
+EntropyInputReseed = 4fd65715096301a5fc2ecc38647f12a9
+AdditionalInputReseed = f1bca36ba176c1ce69bdbd1387fb4182
+** RESEED:
+	V = c9be84ae5aade4fa98489cfa952719e308ce232e6bcd5a0913c68bcaa51703de72d98082bdbfc83af9c5aa28ae0a063733a7cf475b735c
+	C = caf7b9aad0586a9437a144ad48b3265f0faf437b0cb68e7c471e6204fd5b81924f5d3bf12c5e87a34b593bbefb7566f9300750f903f2d1
+	reseed counter = 1
+AdditionalInput = 24b285a4223a46d8fce03520c91db42a
+** GENERATE (FIRST CALL):
+	V = 94b63e592b064f8ecfe9e1a7ddda4042187d66a97883e8855ae4edcfa2728570c236bd4ff68441c0e44402415dfb7d04dea3b3291b80fc
+	C = caf7b9aad0586a9437a144ad48b3265f0faf437b0cb68e7c471e6204fd5b81924f5d3bf12c5e87a34b593bbefb7566f9300750f903f2d1
+	reseed counter = 2
+AdditionalInput = b59619baf154d930d81ac8a266d04f94
+ReturnedBits = e3d43732748d5f111861da99d7151af704e3e911957d5e1119f4d22159b4cc4fbe734a9906b4145ee75b39003ff072c05d704de4b94f16e772fdf7c14a4931195054b150f6b8fadaa946491b2ac7a59e
+** GENERATE (SECOND CALL):
+	V = 5fadf803fb5eba23078b2655268d66a1282caa24853a7701a2034fd49fce07031193f9e8f29189166e725183d586d6794d81ca2316b5de
+	C = caf7b9aad0586a9437a144ad48b3265f0faf437b0cb68e7c471e6204fd5b81924f5d3bf12c5e87a34b593bbefb7566f9300750f903f2d1
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 9d2e8a78ac3a9b4f4c0333a0452731ff
+Nonce = 19ef086d862fb006
+PersonalizationString = 
+** INSTANTIATE:
+	V = c75421ffb9c9e6e0d508f4fa6002959157233e0a68b84b675fd0bedc827c09345582f0dcacbeb5aa2f5d980c04a10d36a1ae88268591fc
+	C = b4d105f74571f5e220ba312ad75f5dfe6d906fd7237d51cf2a477e7d4115acb8684f7218d350ba609a51a86e6eb0c876829fe2643a70e6
+	reseed counter = 1
+EntropyInputReseed = 6c082037d8fe2a7eac23148ce7d37096
+AdditionalInputReseed = b69b58416cc75cd630173e6fdf1868f3
+** RESEED:
+	V = c010bd5da536a4a89c8f7861b71a94fb7d234d47b1249700a06a8c7e520638e095f0c07d664e6a75ce6513a03b2298e479f1b654f1c4cd
+	C = e2ae1d20ff45bbc85bc0c9984713a6c2578b24101e75f3ffea76e697b5fee60273e81410d743a63865facec7dc389333a79ce74f684438
+	reseed counter = 1
+AdditionalInput = 0c3063fd7da72a1bf7d9adeba00b41b7
+** GENERATE (FIRST CALL):
+	V = a2beda7ea47c6070f85041f9fe2e3bbdd4ae7157cf9a8b008ae1731608051ee309d8d53acc803f81e51a9705e951649d8723868b0c1410
+	C = e2ae1d20ff45bbc85bc0c9984713a6c2578b24101e75f3ffea76e697b5fee60273e81410d743a63865facec7dc389333a79ce74f684438
+	reseed counter = 2
+AdditionalInput = 904f27bacb410d78db5e4fd108d7f4f2
+ReturnedBits = c54c3c8e1ec22d24843e3131cdee80523cc86504496bde6f38093dac15a97d9981af4662e6c74a949bf533064fc209288ac4f4b7f865698d58cb3606f515b7c13454103fc65aa9bdd3f1d1773c2aee56
+** GENERATE (SECOND CALL):
+	V = 856cf79fa3c21c3954110b924541e2802c399567ee107f00755859adbe0404e57dc0ea24131be3582f2bfb4d4eaba80a9eb5fab84842f1
+	C = e2ae1d20ff45bbc85bc0c9984713a6c2578b24101e75f3ffea76e697b5fee60273e81410d743a63865facec7dc389333a79ce74f684438
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 5d2aae847ecea64e68501abb20eac1f1
+Nonce = f082930e89f5c566
+PersonalizationString = 
+** INSTANTIATE:
+	V = b2e338c410d0d2c2bd87047c6b3907920a8815d2164aa9975b746a0a2fb8c5c8fa7f0e6d17ca6b73fb7f48b20780011f54e4f2151ae928
+	C = 01daa568e5f1bd62c442cec8bb9c240c9cc0d191deb798a70796546ac2283b4946a3a5e14af15f1720780450cddf38d772f96ca43fd0cf
+	reseed counter = 1
+EntropyInputReseed = b5844e9578c8e2f17f34aead46c43a87
+AdditionalInputReseed = 29eea667312afc26da201c32d19f0823
+** RESEED:
+	V = 8fb03eb41b160e405f2205a08fd699a3d91f42a4a0e931f821f1b1502eeb90249c215c592c31183268abeacc1c8f29dff157c806ed8e1b
+	C = e57cf4c1386abdc2dc7dbc497f15e4ddaa07c901c12c21779c8fafa68f0c7c22ec48889d7b85b57c0fe94ad6b95dfbe8cc6cc0a39d1b3f
+	reseed counter = 1
+AdditionalInput = 57ae7fa0e243959080f32a94d6a18066
+** GENERATE (FIRST CALL):
+	V = 752d33755380cc033b9fc1ea0eec7e8183270ba66215536fbe8160f6bdf80c478869e5de28e94c304aef2f884f45ed6150946b79c1e2c6
+	C = e57cf4c1386abdc2dc7dbc497f15e4ddaa07c901c12c21779c8fafa68f0c7c22ec48889d7b85b57c0fe94ad6b95dfbe8cc6cc0a39d1b3f
+	reseed counter = 2
+AdditionalInput = 2b936582be7a6793752a0b25b18b2f00
+ReturnedBits = 6797b8adb315330b9c5a52dd9d123ec847c620909818003c03670e3afc741009a895d1bc06c9d9965f01aa183f0754fef49a361b62cf423291c6a06b5a93834642e3b22876d9b89f12bd4575aa32b1ef
+** GENERATE (SECOND CALL):
+	V = 5aaa28368beb89c6181d7e338e02635f2d2ed4a8234174e75b11109d4d04886a74b26f8c936c1e7969e2b65074c6197fa69a63b5e83537
+	C = e57cf4c1386abdc2dc7dbc497f15e4ddaa07c901c12c21779c8fafa68f0c7c22ec48889d7b85b57c0fe94ad6b95dfbe8cc6cc0a39d1b3f
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 70de24389f8cdcf9df40460a7cbb4be2
+Nonce = f7ade1a15d30bb66
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1217d9e1b764a0057c2ca947d55793e61c4c64ce02690ae50056f1198b4241dccf1108894e6bc9689e9ad6667655d4b911b74e0996e9eb
+	C = ef7d4a4f7946b44f9be3bc1c986118853675e403c67f2e3615b33b7d6bc104962dc994732c88d3cc8405ce208ba86c3302001d5402ca04
+	reseed counter = 1
+EntropyInputReseed = 54183582445dcc8016993a9bbece400e
+AdditionalInputReseed = b708322918e0fb65ab784fe36db7e39d
+** RESEED:
+	V = e6276b6ff355ced93a5cdf065ca98b21e98ca2d2a2a781c22076f61edd4cb85500338114caff288ac1dee67723a815786e4e45082d0979
+	C = 3a3e7ca349134f65b887f96436767f35567db00183eae32361d13eaa7e12a6a37e17e28afc31c951865ab80b744195973fe62695071b20
+	reseed counter = 1
+AdditionalInput = dcf5dc9078a0a181fb1e87ffefc893fa
+** GENERATE (FIRST CALL):
+	V = 2065e8133c691e3ef2e4d86a93200a57400a52d4269264e5824834c95b5f5ef87e4b64dd417325a7d9f7a4618dadf87ec63dd60e3a9404
+	C = 3a3e7ca349134f65b887f96436767f35567db00183eae32361d13eaa7e12a6a37e17e28afc31c951865ab80b744195973fe62695071b20
+	reseed counter = 2
+AdditionalInput = 2344bd82488a42db34184ccb6c5b2399
+ReturnedBits = 590abae34ee5a8d3682bbd71cd8e12f7689db33d09cf13846f7d2abc3722eabb96aa7911efc857e11780c23406ba129cddf87752156f3688bd95006b9b8b703784a1225c92343c86309d479020436ea2
+** GENERATE (SECOND CALL):
+	V = 5aa464b6857c6da4ab6cd1cec996898c968802d5aa7d4808e4197373d972059bfc634854f9d744f2f5c1132a511efbfe8261fd877b0319
+	C = 3a3e7ca349134f65b887f96436767f35567db00183eae32361d13eaa7e12a6a37e17e28afc31c951865ab80b744195973fe62695071b20
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 386dfd2316c0a898cc78069425dfe9c9
+Nonce = 68b4ac988e9c0702
+PersonalizationString = 
+** INSTANTIATE:
+	V = f488627764057cb03e68f6ba381e2b07063ec6bd9166fa1b8e19fbf11a7c1143dba025ddf7cf8cba736e18084e6edfd8e3e8aadeb1ca0f
+	C = a9e4405118a93d9da92640ec2d7f49a69a2a0be8a31f8780c1f8cda38efd7541bcdca9560428033de19d05806ddfa6ad5858becab35ee6
+	reseed counter = 1
+EntropyInputReseed = 4c480bff73a0b146c4776ef47c063d29
+AdditionalInputReseed = 8d4d4681d4cd5e769527e3e7242f11f6
+** RESEED:
+	V = ac6679daee5fa4eda6a8b9123ea92748add1e4cc2347ba441980b1b09a93634ba1ae07a8cca427ff222aa92c7b3aa1c6d8a7c136c73d2b
+	C = b77d4ec2d24e534f7d7e0ad461e8ffe258e0f15c2ba48636c0f742258e908dda8290980997790cede7efe5a71963f9a217fd319a65f7be
+	reseed counter = 1
+AdditionalInput = 5f81050ad89a1e9aa489c880d7955cbe
+** GENERATE (FIRST CALL):
+	V = 63e3c89dc0adf83d2426c3e6a092272b06b2d6284eec407ada77f3d62923f126243ea07317740253248d7bd9f360b4dd44cc94d162ec80
+	C = b77d4ec2d24e534f7d7e0ad461e8ffe258e0f15c2ba48636c0f742258e908dda8290980997790cede7efe5a71963f9a217fd319a65f7be
+	reseed counter = 2
+AdditionalInput = ae4d935aa3f78cc5f40a31a701f650ef
+ReturnedBits = 80efc41d1975a017d970bebca3a8a6373c06376c325fe11d5ecb7bde69f2fa39bd43c24add5eff77419d1c0927af461b0591f1b0744483e8a3038fcf3eaf51f22f9d65430ab7dce3a02f2177e89642de
+** GENERATE (SECOND CALL):
+	V = 1b61176092fc4b8ca1a4cebb027b270d5f93c7847a90c6b19b6f35fbb7b47f00a6cf39aa987150f4954d80e7602d92515a5c7097ce70b0
+	C = b77d4ec2d24e534f7d7e0ad461e8ffe258e0f15c2ba48636c0f742258e908dda8290980997790cede7efe5a71963f9a217fd319a65f7be
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 4e0ee9b3a2fb68ad39fb62f3ea5c1f11
+Nonce = bc3f35e77a0fffc6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 17b77d76c2198eea6f1eaf3c87e6116c955446cb0b75e41fec668d980327728b791e9888e2be8d95442c3355c089d50e727eae16d21dd7
+	C = 71bceb4e6ad738fc0308f9524ded6924c3c292ac45a148cdef474d245d4a79962bca03f6dd03f979d7553e6b09c00f300f89685fc64ab0
+	reseed counter = 1
+EntropyInputReseed = 14bcfae14a8299ff07a961a2aaef2abf
+AdditionalInputReseed = 41d5fb003c87395f69180c5445593b12
+** RESEED:
+	V = e5c72049a79d2e364f48d5fd4cf27e4aaad11b3d8ee886329e351ce81b7b882fcee079549573414736c27a0427dbaa4400d0ddbc8b2f6e
+	C = 8717a7735b1cf635c5c907736dc23cdc26b3165320b8c91bace5c7c5ddfa4b7164eb934bf4fa73a4138f1f5f08c66c8641f2de2cbb3ec5
+	reseed counter = 1
+AdditionalInput = f3cf22a91eb407e645554698f91678b1
+** GENERATE (FIRST CALL):
+	V = 6cdec7bd02ba246c1511dd70bab4bb26d1843190afa14f4e4b1ae4adf975d3a133cc0e08c63e1fa36a7bfe19824aeed869c6b28fe3e56b
+	C = 8717a7735b1cf635c5c907736dc23cdc26b3165320b8c91bace5c7c5ddfa4b7164eb934bf4fa73a4138f1f5f08c66c8641f2de2cbb3ec5
+	reseed counter = 2
+AdditionalInput = 781e6c1d5050fab3988c28414ec28278
+ReturnedBits = b721cced80fa417d610a7faaa90dcc5535f2514b584dfdf449708236f96298c561ce5b1cdc891b84891d2981ef734890cf197402d7a3a89d88f8031e57d813da71f9249db06022c7fc5595d98274d477
+** GENERATE (SECOND CALL):
+	V = f3f66f305dd71aa1dadae4e42876f802f83747e3d05a1869f800ac73d7701f1298b7a1ed33b791b51a8504c7101a132de299af0583918d
+	C = 8717a7735b1cf635c5c907736dc23cdc26b3165320b8c91bace5c7c5ddfa4b7164eb934bf4fa73a4138f1f5f08c66c8641f2de2cbb3ec5
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 3c8b0443e2de85e6241f4de6bd9d5a73
+Nonce = 8f78efb7ea6e76db
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0b815ac961ed88c635f564cc1a8ac0eb4b0e7aaf49bccb245f6e661d1b0e33e8181714af493958b1c58075d024c76344ecc338db230e2a
+	C = 75fc8280ca45bd59013d1ca853a19f6a890635026f2c8399fe0d0d528b93e66b054bc05f2ffc85a152152c8a6854eaad1ea6d43fde009b
+	reseed counter = 1
+EntropyInputReseed = a07d5c493efac504e5f67b6bbfc4596e
+AdditionalInputReseed = 7a921fa0af03d291d4b1a3bb1be39b40
+** RESEED:
+	V = b8b8d569477dd0736b02f086e99ab4b7a08027b0bf8a3bd36f6670f20dc97e76764ebba7e93a79a243eafb37f822461528fbea3d829ff7
+	C = be230ea5392575645d4094f8d8ec0b8d24e9149b4feb26545000eff7d2c438fb1552e037d6b78a69512f76f3d80666e82295b6f4438973
+	reseed counter = 1
+AdditionalInput = 6825f88352606dfb34e162028ebef521
+** GENERATE (FIRST CALL):
+	V = 76dbe40e80a345d7c843857fc286c044c5693c4c0f756227bf6760e9e08db7718ba19c9e8d66d024774de820568a422f878f81da7a5473
+	C = be230ea5392575645d4094f8d8ec0b8d24e9149b4feb26545000eff7d2c438fb1552e037d6b78a69512f76f3d80666e82295b6f4438973
+	reseed counter = 2
+AdditionalInput = ca1f2dca78de83b1285b7a52cf59cef8
+ReturnedBits = c107b915e6017bbb187cfdd354844378eb616cfe074569c956b19a4efd20ea44ca96efbd0ffeb7a2576ea8c366f096cbd9e465739bc3a841287309fd2a1e61fe3d33078468d8bac3b835f6ab2ec27dcd
+** GENERATE (SECOND CALL):
+	V = 34fef2b3b9c8bb3c25841a789b72cbd1ea5250e75f60887c0f6850e1b351f06ca0f47cf4eab82f8afa788513f98b7c60f924831025b569
+	C = be230ea5392575645d4094f8d8ec0b8d24e9149b4feb26545000eff7d2c438fb1552e037d6b78a69512f76f3d80666e82295b6f4438973
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 18c30a25fbac0c9c1198bb5d1b3ea0e0
+Nonce = 2d4b8f656ca88282
+PersonalizationString = 
+** INSTANTIATE:
+	V = b48d87e6b131d7c431f361f3134aa401c963f71a212dbd3b2569ac3ab3cbea0a291868a5262d2013038189bc6c5d33a807dab5680765ed
+	C = 4399b75f7e354930088d7b69bb4bdc33f9152120604d533b4589407990f0706bfdf1f442928bcee602ab341b2be57028d8e7a6e5715095
+	reseed counter = 1
+EntropyInputReseed = 0e670a49350c9d274c905e9a416e145d
+AdditionalInputReseed = adc68b877938b5ebcd60958aed34d486
+** RESEED:
+	V = c8f337297c723c59f6d5d9687a5222f581deb5a12f0cba2013399d99751d3eec5b71f2a80d8db0f7683e4d84bb66720625ae0c7c7f003a
+	C = fd3a1a3eaf94239a18ffd697a14691ebf8be0978eb54d310a865a27a837534782f02ee1b68c2209f56613965cb65fa046dbf39084db2a4
+	reseed counter = 1
+AdditionalInput = b102b6b78a0ecefa0d1f2196df3ed426
+** GENERATE (FIRST CALL):
+	V = c62d51682c065ff40fd5b0001b98b4e17a9cbf1a1a618d30bb9f4013f89273648a74e2066a9bfe0cffaca43657af01c448b2f5861412bf
+	C = fd3a1a3eaf94239a18ffd697a14691ebf8be0978eb54d310a865a27a837534782f02ee1b68c2209f56613965cb65fa046dbf39084db2a4
+	reseed counter = 2
+AdditionalInput = 763adc6b405a8a121d0fe0dc79c0dc87
+ReturnedBits = 63989f28bae649036fc23564d91c8a1530e7a010a3f58cc843a4dbb876ac64d161be1ac3f26a32a5b49178d573c735e40cd418bb14ca4be101e5988241d3381109895315a4937d8d04eadce731da6268
+** GENERATE (SECOND CALL):
+	V = c3676ba6db9a838e28d58697bcdf46cd735ac89305b660416404e28e7c07a7dcb977d0bffc810870086edf8107615249a06df89cff8c9c
+	C = fd3a1a3eaf94239a18ffd697a14691ebf8be0978eb54d310a865a27a837534782f02ee1b68c2209f56613965cb65fa046dbf39084db2a4
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = a72d37da79ea55b94ba55dfe6f3fad5b
+Nonce = 3405fcd61b2e8a70
+PersonalizationString = 
+** INSTANTIATE:
+	V = 79a5bcf4910bbaeecdeba562ff456020b011794573c54e5f5e3b8e2b57de9d9496db4725bbe263c7e339b21d320e7557e032ac826a2996
+	C = d99fa7a3cb3a19d809aee71fc97f2c3f59ea79611d557f1478a42b39c879688c224a9757b14b4d04379ba30c49dd4257b07aacc1f246cf
+	reseed counter = 1
+EntropyInputReseed = 3b6dc17bf82798427a554d0d4828b6b0
+AdditionalInputReseed = 63db0312140accb82cae2f5288c00932
+** RESEED:
+	V = 6472efc8a34d6ed04fa24b886f6474fc1539f9082df786ed7fe904e067ccc05d546631e18c5c4b421eb70e8b12979169d01d6954d5b9bf
+	C = bc06572b526ef9cfa8c3d38eed52efec54b321a4d127278c63d615bf21a3e4fbc445c39afdca9bef3a90260913b521a64a2d249cd3f238
+	reseed counter = 1
+AdditionalInput = 26d358a37b88e51b60cd2ca97d0f1fff
+** GENERATE (FIRST CALL):
+	V = 207946f3f5bc689ff8661f175cb764e869ed1aacff1eae79e3bf1a9f8970a55918abf67bfa2dc85a8905371f73b4970eacba326560fb36
+	C = bc06572b526ef9cfa8c3d38eed52efec54b321a4d127278c63d615bf21a3e4fbc445c39afdca9bef3a90260913b521a64a2d249cd3f238
+	reseed counter = 2
+AdditionalInput = 8d272521b0f268795787f674fe0f41dd
+ReturnedBits = 1d5244ee5056779c48abb9e40ac0eaa20dd1c142d529242ffb02170a88db1dac10bf04b2d97371b6f22fb2bc90c769327de88664fcb7c033af9125fa8a55f3d3622d7431a8eb24078765682ebc4b02fb
+** GENERATE (SECOND CALL):
+	V = dc7f9e1f482b626fa129f2a64a0a54d4bea03c51d045d6064795305eab148a54dcf1baad31060981fbc84e2b91c27f61ef6089ca1b2ce0
+	C = bc06572b526ef9cfa8c3d38eed52efec54b321a4d127278c63d615bf21a3e4fbc445c39afdca9bef3a90260913b521a64a2d249cd3f238
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 9a73d38066be81d3988eef3589aae246
+Nonce = 104720af121eda72
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5572334e42b9fc4b0b43ef1642a8b2bed9c8586f293912733608005cedf99972bd111abf3def3c937d57cfc45e9ecba2dac9abd3c76ae2
+	C = 29cfb3e99db643987a29fb1338bfe852bdcb59459289284a4bc3f12bad232cfe2b3c29233a6e707574d1378121a17e62c22c6ae6cac0a3
+	reseed counter = 1
+EntropyInputReseed = 33221c76db385421efbe153fd59de7f5
+AdditionalInputReseed = a1b82c8e8a3cc505c11af9797e385163
+** RESEED:
+	V = 97d30f7ca4f9db0ce6458d3627e75fb8f9f2a1466157fa49f1e8aa6da053316f72bf43ad8d36a9ac40f3308ed2f78585d8c9dd60bfc55a
+	C = bb52105df8310dc3104732541a5a88c427912dcaef5b1e04c9e8fb48d24351079a2030fea698c4f6c4b416276b4dc66fa997b921d3f6a9
+	reseed counter = 1
+AdditionalInput = 717d01683450a42c10a2b1c699f79a35
+** GENERATE (FIRST CALL):
+	V = 53251fda9d2ae8cff68cbf8a4241e87d2183cf1150b3184ebbd1a5b6729682770cdf75cc6e60225ed34eea383fd860ed0a772fab68405b
+	C = bb52105df8310dc3104732541a5a88c427912dcaef5b1e04c9e8fb48d24351079a2030fea698c4f6c4b416276b4dc66fa997b921d3f6a9
+	reseed counter = 2
+AdditionalInput = 1c7aaaf732e7b2c8d5f120871effb45f
+ReturnedBits = 1ebef48df3989dbfea4910eeb4ecd379bb4f97a1d729e58a067c6c883944a6e6f27eac20e38e9f88158ee7054f5c83705fb969ca2555f3576e4580ad72b046cd8ad28f3e3d0b8f80b18138a74db2b602
+** GENERATE (SECOND CALL):
+	V = 0e773038955bf69306d3f1de5c9c71414914fcdc400e365385baa0ff44d9d37ea6ffa7cdc1c84a8a670854fe3c100301ca6098026895ec
+	C = bb52105df8310dc3104732541a5a88c427912dcaef5b1e04c9e8fb48d24351079a2030fea698c4f6c4b416276b4dc66fa997b921d3f6a9
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 1f3bfa1a0e1f1c87cdf899103fe53eb4
+Nonce = 2db008a1e1fd4c46
+PersonalizationString = 1843f02f67b62ca76b205817ece829c0
+** INSTANTIATE:
+	V = e896d7122a36048735ad19fa6a3266da4eba9a2f7e13c357aeaaef38cca738bd920c88e8db229f6bfbcb527c7c6b3472ebbc77560a63a3
+	C = bc105958945eb5223a76bd3f9e37da6addd3c2c4b486c1f283e3ef9a78541bd0590eb37613cd3eeaad27dd0400f212f3a6f37431ff98dc
+	reseed counter = 1
+EntropyInputReseed = 9a68bb46f10bb4e33a555a0011893590
+AdditionalInputReseed = 
+** RESEED:
+	V = 170fdbb21f30acce52afa8aca946b2226e041fefa0b9592d851f5d2799054f70b077104f64dfd3c4ef5e2be4b471f5fe80cf1b08304f81
+	C = 07e3cae7463e5168cb7a7137321e707e73fb676b3de5d2255ccb16d7d2b0bf207f1e01c8b0922627305feb69f91b09b56e1ffb9c01ec90
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1ef3a699656efe371e2a19e3db6522a0e1ff875ade9f2b52e1ea73ff6bb60e912f95130c1f9f06dc66f7ed37f53ff85da2ccee10433d45
+	C = 07e3cae7463e5168cb7a7137321e707e73fb676b3de5d2255ccb16d7d2b0bf207f1e01c8b0922627305feb69f91b09b56e1ffb9c01ec90
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0d24bb0d9c24492d8eddc63c0d41e07d471a59682b676fac11f426afe9db9e38df95271349541ce1bad71d280641e47448dc4671679e0729e25a400fe7bc4673d32f23c85c67ca0e0e40a68aea14c149
+** GENERATE (SECOND CALL):
+	V = 26d77180abad4f9fe9a48b1b0d83931f55faeec61c84fd783eb58ad73e66cdb1aeb31585914dc79b216cf85300795643b846de582c6835
+	C = 07e3cae7463e5168cb7a7137321e707e73fb676b3de5d2255ccb16d7d2b0bf207f1e01c8b0922627305feb69f91b09b56e1ffb9c01ec90
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 2127340c16f6d9b9547f12b9ca4152a2
+Nonce = 1504e7a897368684
+PersonalizationString = 375b5e97ad94a410e2a87e00639ea0f3
+** INSTANTIATE:
+	V = d41944af81c3bd5226d976ce75008ef1afe414d871022f5d21d4933277dc75642a8de3d2f3e1502cfacad5865a68e97d4b513df549f417
+	C = d2caf56bf59e752020a932a0a6579250f89090f0f420c11ee224fde8fdbc61ef88b9f5e6ecbc0945fb1254c5c53222225b50ee6588bd6c
+	reseed counter = 1
+EntropyInputReseed = 16494343cd5f7cf3cd7fce7bb44cac54
+AdditionalInputReseed = 
+** RESEED:
+	V = be57e58b227f768937de5c4ee5403af12142bc583a2b9e523c085ed3ef115ce1c68954e793dd3be89649fb9c7a3aad3441c0b3e7eb7ae1
+	C = d6a2d938d450873e6689a4f2322374d40fe10bf3a5950458d1d357c1a2ad206541bc85b809354a200a2c47edd3701826015586604b4d5c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 94fabec3f6cffdc79e6801411763afc53123c84bdfc0a2ab0ddbb69591be7d470845db065e5bd9e33370f35b9ee862215e027e2f86d774
+	C = d6a2d938d450873e6689a4f2322374d40fe10bf3a5950458d1d357c1a2ad206541bc85b809354a200a2c47edd3701826015586604b4d5c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c25bf2ab607dcb508d0e5f4ae058c5af1b69f1c67bc01ee3c8da6c64f12b97cdef04342b56f0b777beaa819b1ad85700bbec7042ef8f5ebb7b6b87626e6d7c4c2f20dbbfca0c6b0d1f02b1f9a1e7b0dd
+** GENERATE (SECOND CALL):
+	V = 6b9d97fccb20850604f1a633498724994104d43f8555a703dfaf0e57346b9dac4a02614a0ebf6a4dc1fdac08c2766ad23c29f0deeeeed4
+	C = d6a2d938d450873e6689a4f2322374d40fe10bf3a5950458d1d357c1a2ad206541bc85b809354a200a2c47edd3701826015586604b4d5c
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 03a526eac6667d8fc50bcccc77131b3d
+Nonce = 89ac8cca35d7360c
+PersonalizationString = dfdf1129c867154c8fb06449cef55604
+** INSTANTIATE:
+	V = b9e97e0f985454f65867ced9f063c8d891ec7ca4e7c232be186790df78bd727809ac25dde2d8345ac5c4c0e61dc98b6e4ebec69bfc1ab9
+	C = 4d36376fdce94f3b6c46e79b83a76b78da59c0ec77145c07956894b9fd72af7cfcae8d7c5790703c4237f968b4c9efc1466b4ae698232c
+	reseed counter = 1
+EntropyInputReseed = f5c69275583a8b137e73911613de32a0
+AdditionalInputReseed = 
+** RESEED:
+	V = bc2bc4545a8d0e28e98733869f2ed58f0ea5a852a3099c86b1d57f786b6ac96efbd359fc659cec6a8cb3079c7f6c8a2372af483cb172c7
+	C = 3b98f7bc10cdceff8db934a5568430ddaec53d0f93bebe7000180e148a46c117ec46cf99497af92550b090ee6276305ad21c667035df02
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f7c4bc106b5add287740682bf5b3066cbd6ae56236c85af6b1ed8d8cf5b18a86e81a2a0ba5f0c5289e8b6a88e0d47db591864cdee5d949
+	C = 3b98f7bc10cdceff8db934a5568430ddaec53d0f93bebe7000180e148a46c117ec46cf99497af92550b090ee6276305ad21c667035df02
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e6c6ca6b8c3f9fc6b60b9ead5a3d99a311b36c035d057600a639853ac838037ab143cc9130d833047492acf1f6ab5d310af848e17421c7f2ce1b27879548357b327fbad8f2ff19c9c511cac74ff9db28
+** GENERATE (SECOND CALL):
+	V = 335db3cc7c28ac2804f99cd14c37374a6c302271ca871966b2059ba17ff84b9ed460fa8f4c6c511ed1b1ee0741b0851d0abff052306084
+	C = 3b98f7bc10cdceff8db934a5568430ddaec53d0f93bebe7000180e148a46c117ec46cf99497af92550b090ee6276305ad21c667035df02
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 922a1eb491c5aa96255a425a557b3a0b
+Nonce = dfbe98a0625f6d27
+PersonalizationString = 3b1661708dd5136adb3b90276203807b
+** INSTANTIATE:
+	V = f31b63667b942d5cff072d4076c02123337a3fafa9658b7285e0c3d44a3173bda789cfbc4376cc43e2e42b6812b1c2c4d716ca2d52c845
+	C = 2823b179e602129cef228f922b04ad21a58ae2996ad7420c176c8726a9d80f4192a9e583f56f9bec6c6f1f06fb47ccf10b2a66e59cc999
+	reseed counter = 1
+EntropyInputReseed = fa41b9d95c60bfcc18740dcb7365afa8
+AdditionalInputReseed = 
+** RESEED:
+	V = c1775196a061a905ec2aaec74b174366ef68382d41f8689d13ae08eeb134f5b6de0ebb337ead25817a157a05ff1c7efd1b5cce652cf8f6
+	C = 3607a7f6165332f43a1a240aac7619f8c582bc82853eb2defc040b1da25b0bda87c47386b6e377b9e77ed1e6dcaf23ec60e761ae9ae141
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f77ef98cb6b4dbfa2644d2d1f78d5d5fb4eaf4afc7371b7c0fb2140c5390019165d32ec3f037229d2fdf03ae9d9fd4a50477a46c572125
+	C = 3607a7f6165332f43a1a240aac7619f8c582bc82853eb2defc040b1da25b0bda87c47386b6e377b9e77ed1e6dcaf23ec60e761ae9ae141
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 491b2250d85f43b81493d77441e206b2d24a442d826de6f84feb3fcee0f3434ba1279b8f6f40036bfc98a54335b0ed129fb9a1b5b9da709792609b7318e2c6513ab139bf596f40095162c0135d8281b4
+** GENERATE (SECOND CALL):
+	V = 2d86a182cd080eee605ef6dca40377587a6db1324c75ce5b0bb61f29f5eb0d6bed97a341666f03d651b8ff7d9af70c517c0969d57e501d
+	C = 3607a7f6165332f43a1a240aac7619f8c582bc82853eb2defc040b1da25b0bda87c47386b6e377b9e77ed1e6dcaf23ec60e761ae9ae141
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = bfd1cde72e3018e38405fb78e780424a
+Nonce = 7b522e636704aa30
+PersonalizationString = 68dc04bf3ba9a49bfc8f5d3e178eee90
+** INSTANTIATE:
+	V = be4725fbbbbd9b323e1371776c644b9cb18ab20d76bc4a46040b3f398713fb89714d6b84db58dee81a53ed1ef4a41f5a7b4a28e0d77468
+	C = 6a2707d55732480466fc15350eb04caa7fd09a0534c37a2ed855b57bd63d651ed321d3befa5219ee82dd9a15a7b9b6318c8358a20a08b0
+	reseed counter = 1
+EntropyInputReseed = 0ae631fbebf31311c70db5218055a109
+AdditionalInputReseed = 
+** RESEED:
+	V = 9aedc13ac7f680b5dab1772f722721c66db0720f254ea7456d45996dba34d4e2c6eea5823887efc3d4361afdc4d38539333bcb8a743a91
+	C = 7ba90f413b6b5092c1d1b887df61800fb334f218148ce773ceeaf45339f1c26000363f4170dfb8c6a7a03b39b6fb29f81d74864e3a5c40
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1696d07c0361d1489c832fb75188a1d620e5642739db8eb93c308dc0f4269742c724e4ed72d5037114a1d2a55922b49ca17585ad23a53d
+	C = 7ba90f413b6b5092c1d1b887df61800fb334f218148ce773ceeaf45339f1c26000363f4170dfb8c6a7a03b39b6fb29f81d74864e3a5c40
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 03f4152f569d4e75171178390dbc3375f5dc8cb39a682dda250eecc8cfa94c81d98c572f5f8d057a7bdc651a009a67badd1c5c353ab56aaa5611bd5aa32d1e14264375d72a9a57480b0a8094551dc38a
+** GENERATE (SECOND CALL):
+	V = 923fdfbd3ecd21db5e54e83f30ea21e5d41a563f4e68762d0b1b82142e1859a2c75b24653494d9b20c0c1fa2758264f363ca6ef5b1634d
+	C = 7ba90f413b6b5092c1d1b887df61800fb334f218148ce773ceeaf45339f1c26000363f4170dfb8c6a7a03b39b6fb29f81d74864e3a5c40
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = aa6468f37fd732892f1aa494bdfd33c2
+Nonce = 1188096a0d03e7d4
+PersonalizationString = eb3205f89962c9298ce89032313b4aa2
+** INSTANTIATE:
+	V = 844fc6cdd943bf9074000cb22676775a0a5afa4453790c7237cd9da7541f742e4bc75e0107bb24be6910699ed6470f3603c133044590b0
+	C = ba0e92942482b31aeae74fcb03cbe91c51be30773ee956a9e25f637758b8a22c41145cfdd061e154b39c95e4f1e19e70135fadb795318d
+	reseed counter = 1
+EntropyInputReseed = 1f19abae74321faeb81ba6e0b856e10b
+AdditionalInputReseed = 
+** RESEED:
+	V = aae410419b93fb9756783d415fdbb5ccaf191719325495a75a4ec34a55773d3428fdd82dd4c41e29f80bc6bab4c45c10b151422daac8e0
+	C = 04e1910ffaf1e0567fd52d0bac991f6694c40122c809bde80e16b6feacb4eacfd748c8357d0a8663d502e2508c35e3de24714fc97dff3f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = afc5a1519685dbedd64d6a4d0c74d53343dd183bfa5e538f68657a49022c28040046a0a034e1fc6a00013f4f5e921364020821e3b60dae
+	C = 04e1910ffaf1e0567fd52d0bac991f6694c40122c809bde80e16b6feacb4eacfd748c8357d0a8663d502e2508c35e3de24714fc97dff3f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a22fab2ea7f42ccb0ec4ae8ca539f0e5066465730144cdd3b1cb2a9a35981cb91d11b2c580b61b7f36663a8dfc182dd6a9fa4f2fea4b1115eaef4c2dfd80049a5816523435dad83c58ed659ec2ee4911
+** GENERATE (SECOND CALL):
+	V = b4a732619177bc4456229758b90df499d8a1195ec2681177767c3147aee112d3d78f69714aaeacc858716921ba94365714f93707f54aa9
+	C = 04e1910ffaf1e0567fd52d0bac991f6694c40122c809bde80e16b6feacb4eacfd748c8357d0a8663d502e2508c35e3de24714fc97dff3f
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 2afb7f99841fa8c4b7aec208b558723e
+Nonce = 0d991dbcf3fb1ca1
+PersonalizationString = 07ea27928db183899fe85861bd337412
+** INSTANTIATE:
+	V = fd3ce1375e6e7f1f48b75b5dbf7814a8cc20b31d1cce2c1beecc2887991d2cfbfaa0c4edb6c8c9a0ce8b6644a046d3b3bdae566435ba4b
+	C = 09888d0feee6c4e7e1e7c052384ed5df224a16758523f678f2626b041cf5cc2e78b85a0b4c6e9fff4e81b287c4dea452ff061087fe89f3
+	reseed counter = 1
+EntropyInputReseed = bf24829032f3796e5d8ff9024623750e
+AdditionalInputReseed = 
+** RESEED:
+	V = afed83739058c625a0cc92162904940280bb69dadf8edc2f60f95606c0df5118c82301613acce38f5ae1bb94ec5565c8c4fa200db3f887
+	C = 99cecf0e7c8a03449e5f027faed420921bd4db0b67c2c3f98990ed7d7143f9c5271424e6da91f824bd6b2a01306147af5db1427de3a4a8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 49bc52820ce2c96a3f2b9495d7d8b4949c9044e64751a028ea8a438432234addef3726da05296638232e4b64889262a7f3e15ae20b0569
+	C = 99cecf0e7c8a03449e5f027faed420921bd4db0b67c2c3f98990ed7d7143f9c5271424e6da91f824bd6b2a01306147af5db1427de3a4a8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 24e82522bfa12528eabc9006246a4917438444e7ce836146c6b8735afa745a258c9c6c444faade0f2f9869f48ba584b175690ab50bb8cec953ff7c4594bba4890b6b35d1e0912e0fa098515eebf33af5
+** GENERATE (SECOND CALL):
+	V = e38b2190896cccaedd8a971586acd526b8651ff1af146422741b3101a36744a3164b4bfcc1b9119fb0eb1d7212f116e6fadd2c5bd101e8
+	C = 99cecf0e7c8a03449e5f027faed420921bd4db0b67c2c3f98990ed7d7143f9c5271424e6da91f824bd6b2a01306147af5db1427de3a4a8
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 8610922bc82818d169800d712e08847b
+Nonce = 07b79840f4ab8675
+PersonalizationString = 6848ffca7a62f868f995763e0a6fb474
+** INSTANTIATE:
+	V = 35cf45add9a3da127dd5641c7176837cb914ff0b0205531ea837191c278bc62ff27c1365b3bd32b7aee8cdf99f4a687fe0d43f5e7e7e6c
+	C = 2205e0092b113e3a1d98c3206e6d767890dac0464942d269cc8d2d94cb99440d564ef7671ff0f3cf1ef386451caa3ecd099246db256839
+	reseed counter = 1
+EntropyInputReseed = d7fdb5c31f04a27e2a29109b5e9ef9e0
+AdditionalInputReseed = 
+** RESEED:
+	V = 52e7d4f8724ee6347cf3a24829333a20484af19c3913aa2081db3843c26fbefab7091be2e43adbb7213e0885507a70890d9711603e9d8f
+	C = c112b3ac150ff39341bfa7f965366c7ac4d1bfdb402d2ca12c36cb70acfca25c6cae754037d9db0fea2fde21be8950e3b0a4820f1757b0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 13fa88a4875ed9c7beb34a418e69a69b0d1cb1777940d6c1ae1203b46f6c615723b7921626171a717d0135315765f9647b8239a7113c3e
+	C = c112b3ac150ff39341bfa7f965366c7ac4d1bfdb402d2ca12c36cb70acfca25c6cae754037d9db0fea2fde21be8950e3b0a4820f1757b0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 21a015772a341bdc2ee658bb599fa34e7226b8878a60a6446a65659224c9b57c4a5d9e49dc616525ccd67be36bace3235e3b260276409236464a7144770bf65f5930ab2bac61eea030d7dc5068103418
+** GENERATE (SECOND CALL):
+	V = d50d3c509c6ecd5b0072f23af3a01315d1ee7152b96e0362da48cf251c6903b3906607d886dff98be12c0c7fbcb5a14b3b05e78fd96658
+	C = c112b3ac150ff39341bfa7f965366c7ac4d1bfdb402d2ca12c36cb70acfca25c6cae754037d9db0fea2fde21be8950e3b0a4820f1757b0
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 190ec0418b24810ab222b79d2a7293a1
+Nonce = d6f2d3173bc9a10f
+PersonalizationString = c7827724c8a85e09854f755eff774ce2
+** INSTANTIATE:
+	V = 358acda7900f6dfd872e400dac712279dc36f7e72b9e6e212555a9465cc70e35973c5b52e0073fa956a78f50a215943f561777bf3e7297
+	C = 67cef8d2438f8250f01f507b59b4ea66a013ec327d6c9225d8ade74d548906a0040d3df9d42ac49b3a5d7f216eac2f1be7e807a5802f74
+	reseed counter = 1
+EntropyInputReseed = 6ed328044dd8ae29b7fc31cea8a201a0
+AdditionalInputReseed = 
+** RESEED:
+	V = 12dfa2594c98d4ebdca58611ebc08d4a8fae5f9cc582293270ad6299c2b1534b58a89c4318f9ba70aa422b26f2f4c314be166891bb1bd1
+	C = ccad4e76a3cbee4f38d03d1019f2e8bcb814b0f8a343226181d020ef74f4ca72d4f405541c40d010a2af6f765c718c6d0cf9c254b929dd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = df8cf0cff064c33b1575c32205b3760747c3109568c54b93f27d838937a61dbe2d9ca1d3c2abc8dfd396de10d95a532ec9cdee92026cde
+	C = ccad4e76a3cbee4f38d03d1019f2e8bcb814b0f8a343226181d020ef74f4ca72d4f405541c40d010a2af6f765c718c6d0cf9c254b929dd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b29330f84fa192c1ba8d8b2c67314fce779ae8d735c2681cc4a0c7d79eb1fdfa301eea4a37dd55b8b28faac3ba6caebf206c826b190a5c05c63dec0d3bde8b5ff0414a587bf0e4fd0591c3732457d61b
+** GENERATE (SECOND CALL):
+	V = ac3a3f469430b18a4e4600321fa65ec3ffd7c18e0c086df5744da478ac9ae8310290a77695152f0a88ec7549d7a6536eac6d15a5849be1
+	C = ccad4e76a3cbee4f38d03d1019f2e8bcb814b0f8a343226181d020ef74f4ca72d4f405541c40d010a2af6f765c718c6d0cf9c254b929dd
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = ee118811435c2ff1e09c23283a915adb
+Nonce = 072fbe922ce76004
+PersonalizationString = 7f9fcd1470e9877fc97f6fb181c34e59
+** INSTANTIATE:
+	V = c2796501446b91a5ed6007ccae9ca72b5d48465a4a5fecc9e584bedc1fe545dd82c567f7f62ada93e9144bc1f944903bc0af93f1d6d07a
+	C = 66bffaef7dc91af98f6d2cb22de921cf0abeba12233d94b8701e6d721610176c88806c768eb57b8b09273a6af1917aaa3bec53fdf753d0
+	reseed counter = 1
+EntropyInputReseed = eb7db32f1bdfeda21fa9b1c1d38a139d
+AdditionalInputReseed = 
+** RESEED:
+	V = e9925ddef709009d1252e3fe620bc565ba1bd2dd4187b74a13b87e0d53f3396b9930c161c99df81593648e4806b141a951a250e6a5ed19
+	C = e4a610060ea21c1bb6e60e3027d0dc0550dd5d45e78c59bde2581162ab43a295e3f0e660d50dda3df5f699ffb1167dd6a4258d6394018a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ce386de505ab1cb8c938f22e89dca16b0af9302329141107f6108f6fff36dc017d21a7dbf28628ab67c13b2e9946948b6f8d8ca562fcb1
+	C = e4a610060ea21c1bb6e60e3027d0dc0550dd5d45e78c59bde2581162ab43a295e3f0e660d50dda3df5f699ffb1167dd6a4258d6394018a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 75a3c2daa08fce7b74a27aaedfb1a725cc66283ff5ea0fe7accb4d30155a90686f3b0a7c31b602e5140c38e6ea44822854a5419b1d563afa56b4defbcde59d69feff80b9921cd67a873f66e32c8c80ae
+** GENERATE (SECOND CALL):
+	V = b2de7deb144d38d4801f005eb1ad7d705bd68d6910a06ac5d868a0d2aa7a7e9761128f1b79f0f835b5cc8295f9b2386991cc74412ba301
+	C = e4a610060ea21c1bb6e60e3027d0dc0550dd5d45e78c59bde2581162ab43a295e3f0e660d50dda3df5f699ffb1167dd6a4258d6394018a
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 839cadcb77a351b0aef7a8d86a65bd6b
+Nonce = 4ca209b825a220cd
+PersonalizationString = 806978904e4f037a94c5d53e5353539b
+** INSTANTIATE:
+	V = 227d369eaca3b5283ec3fb66d30bca854022a081660ad32fb969b90ec876af2e7727b49d5f188c7b7242e3cddf97135dd322a572c01e65
+	C = 61c6cb2a8a781c731d4bfe4f3c4d0034a09e446e9f808ff60ce9b8dac1096d9c0865dcb2d60aeaeb7be48983dcc30b33de891990c50b65
+	reseed counter = 1
+EntropyInputReseed = 668639fca0e047e3acacbd04e8347108
+AdditionalInputReseed = 
+** RESEED:
+	V = 6ad5341a0ef7ad0d33eba827fe0b548a4efbf4290e7cd9a5d1ae01c30115a8cd1aa8301ec1241688027ed924d95282375b712b7f467a98
+	C = 5ac9efe4761c549065eae2ad1c81e9fe82645a1f77da8048a1640a54c037641c5499c6421fe09c4a5c11e85800a74a97edf58a76404178
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c59f23fe8514019d99d68ad51a8d3e88d1604e48865759ee73120c17c14d0ce96f41f6cd9c00069f0186b0409a10c9d8f70ac0967c18e0
+	C = 5ac9efe4761c549065eae2ad1c81e9fe82645a1f77da8048a1640a54c037641c5499c6421fe09c4a5c11e85800a74a97edf58a76404178
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4215bad99cffef8fa4cd0a2759abdc92cc1b69a52389cc41ab24d5b969a012cdb4358c064131b7784ef0efd1a7400e254e4946851b7025454301aa32b581d3a3df22dcfe6f9659089f662384ddd7d706
+** GENERATE (SECOND CALL):
+	V = 206913e2fb30562dffc16d82370f288753c4a867fe31da371476166c81847105c3dbbd5aa48c7e5f89543773a476dbf504b5fa20d90a8a
+	C = 5ac9efe4761c549065eae2ad1c81e9fe82645a1f77da8048a1640a54c037641c5499c6421fe09c4a5c11e85800a74a97edf58a76404178
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = dc2454760ceaf6c01ba54393d4ff6606
+Nonce = 19b2f382d93710db
+PersonalizationString = 8ef2b249910b4c57a63d1c45ca7efcd3
+** INSTANTIATE:
+	V = 5ce6b748592b641d0b0a19dd67ce38962bfb45c358690098d44741bd69ed11445a3bf56a5a138bdcaf2301f49d2348eda2b8b2662fb7c7
+	C = 51d12004e1b2bb98c4cd88a203ae3f9d96bb79f842d0cc7d860152c01efe1f456780bee87255ae40c2c4ee5fc3d4492c3195e257ba40ee
+	reseed counter = 1
+EntropyInputReseed = 3f4d0810d07d33b854427cc29c1c531d
+AdditionalInputReseed = 
+** RESEED:
+	V = 149bcf26537df33918ace230ad508e99fdd4834c0b3ec08768eda3312a14dc968a42f2965c7a44a1cc2e825221cc72c3a203d6d0e32fff
+	C = c76197904f969235f40870013e800ad7e29d215ff81a2ce09f06fbec9444d21955fba0347ea1f49b2d6d61c74a0fefc46c42076c5f1e46
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dbfd66b6a314856f0cb55231ebd09971e071a4ac0358ed6807f49f1dbe59aeafe03e92cfd02231f164c5c2c7fea045f744d15b9078f0e0
+	C = c76197904f969235f40870013e800ad7e29d215ff81a2ce09f06fbec9444d21955fba0347ea1f49b2d6d61c74a0fefc46c42076c5f1e46
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 71543b5891e69d3bd54321ce8fbaff09a3f17593b94a19f247436f3f9370eb06ab905ce94533a0b1b97dd5c69c63733915904236ddf706b9cb3a58b7bd478d2e8d80cb51491b329b4f7c9595f323dd8c
+** GENERATE (SECOND CALL):
+	V = a35efe46f2ab17a500bdc2332a50a449c30ec60bfb731a48a6fb9b0a529e80c9363a33f739381317a01c02121181effa71d1eff6f00578
+	C = c76197904f969235f40870013e800ad7e29d215ff81a2ce09f06fbec9444d21955fba0347ea1f49b2d6d61c74a0fefc46c42076c5f1e46
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 60bda9c5923d3b9de66a9914c447b663
+Nonce = e5f70aabcc2f620e
+PersonalizationString = fe21f6ed04774f9a93232470a9268317
+** INSTANTIATE:
+	V = bd552cb78cdd571d80c61175ee461630e52afa4174b460812446fa5ec89ff6763eda89c77904b3b89399fb041b90e8f4bfa4fa9083323b
+	C = 178479879f82ce8d60f2397c39e942ed66de0d96e734565030ba546996a88f57d08966c0fe152162bdaec8ddc67e98dac5bfacee2a90b4
+	reseed counter = 1
+EntropyInputReseed = 27364f9af59947d6c03e9a8ba859899a
+AdditionalInputReseed = 
+** RESEED:
+	V = 7d931566da7e9be3c52a42888d3dd74cf840e6ac6cc31512eb44c4ea9796b03aabe417b07f57bffd4bac3143d9f39a32fc956b09c96e72
+	C = ac83472d94a7f5f195ad47ec59ce5e6f919ebde29b9c990773aaffcac8e26e8bbb37c0d576d8656c48b621c05289216202fbcb24489c72
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2a165c946f2691d55ad78a74e70c35bc89dfa48f085fae1a5eefc4b560791ec6671bd902f162644d0da638342413c1400a67ee4ff47815
+	C = ac83472d94a7f5f195ad47ec59ce5e6f919ebde29b9c990773aaffcac8e26e8bbb37c0d576d8656c48b621c05289216202fbcb24489c72
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cf0385e3164ca12421709589b86958bf5a83f312f71595cd6ad8edd7544a67a024aaa475e4cd2e515dcccc3b8c14811885944cb3efdeca1ebfeef3edb94d6f71c0215f0618b3677a4316a67f52ccefa5
+** GENERATE (SECOND CALL):
+	V = d699a3c203ce87c6f084d26140da942c1b7e6271a3fc4721d29ac480295b8d5222539ac2a247d3e9c7b6fc9201292f7699564c4ba4c547
+	C = ac83472d94a7f5f195ad47ec59ce5e6f919ebde29b9c990773aaffcac8e26e8bbb37c0d576d8656c48b621c05289216202fbcb24489c72
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 523460ce5a3f54c013074d0df90759be
+Nonce = 07f779b108a52135
+PersonalizationString = afe0be933748c61a838f3dded8ec423b
+** INSTANTIATE:
+	V = 2fc4c9759014c8eff0055a95adf3058dc50b1e42a7522272fd408a90cd1533cf99a80b89417dd3330ed27abf5aa8392489bd904839f798
+	C = 39ab47be70cdc17663ee36a85ccfe029a23ded97bf5045fa2997d74413e42a6a72737a4eccffaa8e3d6cbb68b348412b73ca97b91aab15
+	reseed counter = 1
+EntropyInputReseed = dba4660ccf5613fbe2c04a6411fb3ef8
+AdditionalInputReseed = 
+** RESEED:
+	V = 2f2339c9fa173172d669157d197ae7b0bc37abd70bbca08c0109b99bfefa85a3075cb9bef540443456ca9ffd0bb2cdfd60fa6ef1f5b97a
+	C = a086414c8b2a0d25fcfedc3ae0774f4d5fdd78a2f2d445725cad723f1572bd1607aa08b78748b3c5aa8f09f5e557b0da753592f96f9f81
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cfa97b1685413e98d367f1b7f9f236fe1c152479fe90e5fe5db72bdb146d42b90f06c367945f810945ceee5d8af8351d0c66a2cfcbb6e8
+	C = a086414c8b2a0d25fcfedc3ae0774f4d5fdd78a2f2d445725cad723f1572bd1607aa08b78748b3c5aa8f09f5e557b0da753592f96f9f81
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4c987e74c6d0eb96aae2c1103ea8ca6d30181aad261c3ce4494741f9154adc6199d14f99581c75d2cfda2429a0b1f57dcaa9b008f2aee8d38ab09496d383fd258de76cf890aa1e5b860656db8458268c
+** GENERATE (SECOND CALL):
+	V = 702fbc63106b4bbed066cdf2da69864b7bf29d1cf1652b70ba649e1a29dfffcf16b0cd18ef40db51bc1f48f2342bcc51682b47132c31ba
+	C = a086414c8b2a0d25fcfedc3ae0774f4d5fdd78a2f2d445725cad723f1572bd1607aa08b78748b3c5aa8f09f5e557b0da753592f96f9f81
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3e9aad8f60a69f78552e62326de71d08
+Nonce = a129fd429f6c002e
+PersonalizationString = 64fb2750e55bfe3c580ce797b4982a5b
+** INSTANTIATE:
+	V = 4adfbfdd0f2596ce3474ec1ef230846d16ea8ca36d872b8753e7cd7cf0bfd6cd9620b277391bf7ea88b8e2a99e7b7afaf4c7ad31ad7cc3
+	C = a2c04a5d43915fc4bbf38a3dd4d3a9a8e80c28840f26c56c378d5723e9dd601fe995fe2047393949e9093af219e95f2d01a1ea060aac6f
+	reseed counter = 1
+EntropyInputReseed = 9a1ed501c2e2e7fbfa7179b49983c318
+AdditionalInputReseed = 
+** RESEED:
+	V = 646011792415f4cdc979c82334f43efb6053668b584d742ad352ecf9eba7f27d6bfcce49521327905e73bcc8b2fec13516af32ff65bc48
+	C = bfa9855eb3626940b2ec17006c5c19820d93823b52aafcac6dcd8dda7a59e0855e273eb32c3cb8d7fdaf365ed1fff8e95ea5db782ff9c4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 240996d7d7785e0e7c65df23a150587d6de6e8c6aaf870d741207ad46601d302ca240daed3b478d3ae8feb34f59f7dac94b31efc379836
+	C = bfa9855eb3626940b2ec17006c5c19820d93823b52aafcac6dcd8dda7a59e0855e273eb32c3cb8d7fdaf365ed1fff8e95ea5db782ff9c4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = af3e4545aa85cbdf1049bedef9fc8d07d24bdf004ceb1b0d0271beb476fa265a8140ad36482e339b359325d69a2cf8af0dfd7eb86c3caa9cc5c70629c00fb441043e3d32b33ab44f856bb51abfc80c13
+** GENERATE (SECOND CALL):
+	V = e3b31c368adac74f2f51f6240dac71ff7b7a6b01fda36d83aeee08aee05bb388284b4cdbf7dff2f342389b38674a6daf5a309cf9d90f22
+	C = bfa9855eb3626940b2ec17006c5c19820d93823b52aafcac6dcd8dda7a59e0855e273eb32c3cb8d7fdaf365ed1fff8e95ea5db782ff9c4
+	reseed counter = 3
+
+[SHA-1]
+[PredictionResistance = False]
+[EntropyInputLen = 128]
+[NonceLen = 64]
+[PersonalizationStringLen = 128]
+[AdditionalInputLen = 128]
+[ReturnedBitsLen = 640]
+
+COUNT = 0
+EntropyInput = 4cc9f7c5f20ad9b38e4950216439917d
+Nonce = f3a03b749fd9a504
+PersonalizationString = e22e6c37d178daf2294213ffbf1353fd
+** INSTANTIATE:
+	V = fe79df3e59f76f9c80f2e57ee2250078f92f0c2c7bf6bb13c2082d0c43b9c1dcc22261c5a030a9a44ed7163f9def903e0c43524456f86f
+	C = 2763f288049b8a99da685d80bba233a086f64679a9c6aa859e59a522bd9113af89ab2a0dbce460f57aea59a083b8cc4ac51551d4beb9f0
+	reseed counter = 1
+EntropyInputReseed = ebe40bf605e8899050fb1b2b7a13d393
+AdditionalInputReseed = a65de1f61f5dffabb944557ac0fad3bf
+** RESEED:
+	V = 134985c5c2c8ae7cc67e526dce9c351112299cd8bb59a9bbdc81bb8c41a39327c6aef0a148a8255e5deb92e6a28159a5c20b4e707fbdda
+	C = 3d0624624fa266c318998e57ba7178f28278cf2fc7fc851fd4546e334470e3e698b9be171d36fa5d93b59da6bb878568144a7ba328f61e
+	reseed counter = 1
+AdditionalInput = 504d736ad88d2bd0ea73bd00379b63ba
+** GENERATE (FIRST CALL):
+	V = 504faa28126b153fdf17e0c5890dae0394a26c0883562edbb0d629bf8614770e5f68afac9737e5452c5b5c1b483a6cf11930000c06843b
+	C = 3d0624624fa266c318998e57ba7178f28278cf2fc7fc851fd4546e334470e3e698b9be171d36fa5d93b59da6bb878568144a7ba328f61e
+	reseed counter = 2
+AdditionalInput = 883eab441b2d5f15e24546f5ebacc1b1
+ReturnedBits = 5a6e6115d8c767151470aca459c3f46217ef00c4b68f98c7dbf07f4be215b746ca380270ac0bb04cb5e8c918b2a7062564dbc705975ad275a369c8e9092acdeb0801e8140fdbb158c6ac85385ad37db4
+** GENERATE (SECOND CALL):
+	V = 8d55ce8a620d7c02f7b16f1d437f26f6171b3b384b52b3fb852a97f2ca855af4f8226f09b415ca9aa58d5b360b80d9e43e5c22cd3100d9
+	C = 3d0624624fa266c318998e57ba7178f28278cf2fc7fc851fd4546e334470e3e698b9be171d36fa5d93b59da6bb878568144a7ba328f61e
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 16129142501677bbbc7abbac24345634
+Nonce = f95597f5af717b22
+PersonalizationString = 9a5e9790934755fc6e1aeeeb5fd91e94
+** INSTANTIATE:
+	V = f4b0409a4f53b9dc79cc43b96db6384b851fee0b0d27becc9a6fa43aebfb90fc66da45b4ede6188b290d91cd589dfe7b527ce9b82ddbca
+	C = 9049de4eaa421083636ef7a7aa1ceb78a76cf0fd783d91f8763479788b8881a92ea8b16c85a380a7424d2d440714fd53cdc6d2fc5ffdd1
+	reseed counter = 1
+EntropyInputReseed = 5b3e74d3fe52084b100364e69a52b2d4
+AdditionalInputReseed = 91eb7ee6197c9aeb2d704c031b16253f
+** RESEED:
+	V = 6ed875d8f27f7365844777a010892de104ef9901b9f6d8812e1f94baadcac518486f74a339268a4d297cb6c8d859a998e46e15a6c815f0
+	C = 4147f52ffdc7803ef5955f431a01ed8f46733618f82143d313700eec4c140dfbac024108b48ba787ec2ca4dc062e024511bc56765a2c9e
+	reseed counter = 1
+AdditionalInput = 49cbe6262bdec0a816fe6c871d998552
+** GENERATE (FIRST CALL):
+	V = b0206b08f046f3a479dcd6e32a8b1b704b62cf1ab2181c54418fa3a6f9ded313f471b6675631cc598d7e31f666e1f0d4aca135726088f2
+	C = 4147f52ffdc7803ef5955f431a01ed8f46733618f82143d313700eec4c140dfbac024108b48ba787ec2ca4dc062e024511bc56765a2c9e
+	reseed counter = 2
+AdditionalInput = ce03ef853830918c4b94ea4cf8f6023b
+ReturnedBits = e3cebc464e4ad69ac7b4730fc7a4164af6d03adc951a75225fcc7f2c3729501b925d8e3bb812d28b4b351509eae8c94c578315920b8d1b4f6f6394a4479c001b10f3abc5e7cb3f55e0dc47252c4084a1
+** GENERATE (SECOND CALL):
+	V = f1686038ee0e73e36f723626448d08ff91d60533aa39602754ffb29345f2e10fa073f81ac054a6df37ffafa24571b365bcc78149f05e42
+	C = 4147f52ffdc7803ef5955f431a01ed8f46733618f82143d313700eec4c140dfbac024108b48ba787ec2ca4dc062e024511bc56765a2c9e
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = ea5fe3ea0b14bd632788d16aad37dd1a
+Nonce = 9c49f9b6536e1121
+PersonalizationString = 0b4ad92345e528f6de5a5cc16e3858dd
+** INSTANTIATE:
+	V = 8b93c82b4c0329365dbd3c611ad67514af5f956ce99a52374fb93ae7d9d5ea223f6dd310b03cdce86333edb88c8fbbaa6a529db561768c
+	C = dbc966230517ef4f283deb31197b06e7a226f53342a048ad551c7b61903564020b48b83c1fedbd6fe320249cd5fdd3c3ae5d3427f0e664
+	reseed counter = 1
+EntropyInputReseed = 118973245758fc1290b06223011496af
+AdditionalInputReseed = 2b0ef5432eaf0f4bfde86c147f91cdcb
+** RESEED:
+	V = 73c939c88b00515e1586d380e31f50de87295015ceb894d599890d94d680a0723c3f4ed442a541b103ba920434a97d52a49465db6e46e6
+	C = 5957484ca707b5279ab17993a28a7d3cf99e8d167ce96bcdc88e27550a77afab60f6078993dec522360ed678f66dfc12862e15eeca14e1
+	reseed counter = 1
+AdditionalInput = 3588432568be9e5fd4413953c8575dcf
+** GENERATE (FIRST CALL):
+	V = cd20821532080685b0384d1485a9ce1b80c7dd2c4ba200a3621734e9e0f8501d9d355718351d0debd1d831d98bc0b79c3f2c2146d2017c
+	C = 5957484ca707b5279ab17993a28a7d3cf99e8d167ce96bcdc88e27550a77afab60f6078993dec522360ed678f66dfc12862e15eeca14e1
+	reseed counter = 2
+AdditionalInput = 8fb5929cdfc67a71014d08e467134e21
+ReturnedBits = e1ebd525c54b9a19f9692c1d1ba70be722b8bf28a0f4771b507af46da407757f6c737945d5ca7a31a42af48a0e72ddc68715e4541e5589ec343b340cd768135f24c9b173181370b8d808b58df2fe6f66
+** GENERATE (SECOND CALL):
+	V = 2677ca61d90fbbad4ae9c6a828344b587a666a42c88b6c712aa55c3eeb6fffc8fe2b5fb4253ca3af2184aa1562da4a754bce8ed2ed6c79
+	C = 5957484ca707b5279ab17993a28a7d3cf99e8d167ce96bcdc88e27550a77afab60f6078993dec522360ed678f66dfc12862e15eeca14e1
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = b6a76e6dee65f2ac5e13233b8a47af3e
+Nonce = 418873e87c05c8ab
+PersonalizationString = 4442552271dd96531c632981a47d93ec
+** INSTANTIATE:
+	V = 216d8a1e1bb08d980c93bd427ea067643e50cc4adc8c5ddd4e59454d7960e97edf6f3431528ba6178e7406ab81041d0b86174ba1a8629f
+	C = 067c18338f336471b9f92162347b0a0cae151871c67af0026cbfdca95663032845ab2f3f70f68a8595749c0ec6d57cb98a77b00f7dba80
+	reseed counter = 1
+EntropyInputReseed = 0dbd5cf5d73074b853b74bdeb0013ec8
+AdditionalInputReseed = d13a58ff69bb7c29fd423fed78a12c2a
+** RESEED:
+	V = d8963693050e114a96eb6df44eac4b4f7cb1d95adcc3905a741024dc839f9204781136ea82ec51f8ac4c67882208efeaad44204f3bb025
+	C = c0b96d7194f2fc8e967a21be788806970ceb733186eb51dabe4d1d0b13abf5ce8b9948319f6234b0cc6ee301e6a4df32739729ce7317b1
+	reseed counter = 1
+AdditionalInput = 2d21074c75b6d4676eed684f00cc39da
+** GENERATE (FIRST CALL):
+	V = 994fa4049a010dd92d658fb2c73451e6899d4c8c63aee235325d41e7974b87d303aa7fc9ca36484aa5482b2ad6627039b0c9550c0bef9d
+	C = c0b96d7194f2fc8e967a21be788806970ceb733186eb51dabe4d1d0b13abf5ce8b9948319f6234b0cc6ee301e6a4df32739729ce7317b1
+	reseed counter = 2
+AdditionalInput = 7d3f33a0b5f4570729e7b5fafe912a47
+ReturnedBits = 7be9a0a3d4c550825d9386a06dfb81df3811fb62ba46eea5297554289b50661bd1105d38f9fff2b15dd472e7a2023edf97d25a260e0ed6f04d48c7c5f94f67c2fa5c72443fe015959a8ccaa996c574a8
+** GENERATE (SECOND CALL):
+	V = 5a0911762ef40a67c3dfb1713fbc587d9688bfbdea9a340ff0aa5ef2aaf77da18f43c907dd500d8cdfe5a6d42fc6f7a14a6b49f14e1b45
+	C = c0b96d7194f2fc8e967a21be788806970ceb733186eb51dabe4d1d0b13abf5ce8b9948319f6234b0cc6ee301e6a4df32739729ce7317b1
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = bcbc894f5b1326df76bdd825ca5ba1b4
+Nonce = a4486fe30fe073a7
+PersonalizationString = daa711fc9e6229575083bfaa65c8f215
+** INSTANTIATE:
+	V = cfc1cfeea7268e951feb2bd9138a2a3b4ea6a40fb9ae70118244db9d07093f609ae90c6c53289d303008a291f5c3a47e041478d751be82
+	C = efd4126486a731206d879c337977d8a0962833e28d77d6c6f0cecdf220e70b8e7657bd399915a7deac6d6296a706c9117eb97e65fd0820
+	reseed counter = 1
+EntropyInputReseed = 808a11c1553dc9d8ca30552b2caab363
+AdditionalInputReseed = 92776c6f5855c51eef7cbb4e0a8267f5
+** RESEED:
+	V = 1752517e5fd7b366c8864164e114244a99e449fab81a86033b858df50eecd29413e720399b78a757cce804b0bf7e7d12172916475baa24
+	C = f498bfb9fa21ea5bbd9536464ef05f6a1f93c096671af2ae919d2affefe82b18c03d1143cfd20c2bcd9c7cf558bb4c8c3cb34ca1713dcd
+	reseed counter = 1
+AdditionalInput = 561350e9fa4cf192eb5e68d7aa6595a2
+** GENERATE (FIRST CALL):
+	V = 0beb113859f99dc2861b77ab300483b4b9780a911f3578b1cd22b8f4fed4fdacd4243262aed46de5a292aeb4efba2248bba4b898223691
+	C = f498bfb9fa21ea5bbd9536464ef05f6a1f93c096671af2ae919d2affefe82b18c03d1143cfd20c2bcd9c7cf558bb4c8c3cb34ca1713dcd
+	reseed counter = 2
+AdditionalInput = 71eede0afdf6b877ac795c6ab695cf6e
+ReturnedBits = 25df93fd7ae3bc6ec553bdac602f4f61013a426123175c0260f6ca6037a751cef8c795549a37dad254bc28611f9fe9f1d36b4fd14eb48dcfd899302d2a75c9d28e1f92bd78f9257a71f0b0241604d14c
+** GENERATE (SECOND CALL):
+	V = 0083d0f2541b881e43b0adf17ef4e31ed90bcb2786506b605ebfe3f4eebd28c5946143f740d9dd39f0f2fccf6a6acf28d0c0d92c265103
+	C = f498bfb9fa21ea5bbd9536464ef05f6a1f93c096671af2ae919d2affefe82b18c03d1143cfd20c2bcd9c7cf558bb4c8c3cb34ca1713dcd
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = c06f2df94f8cec218223be9dc3238728
+Nonce = 8e4e8cf3a3a59a35
+PersonalizationString = be49660f29b52ad63511cc0607eafc66
+** INSTANTIATE:
+	V = a68080e7c87760e4f31f3dcab3b238832416260cedf65d5e6c00c15c325dc07bc02ef53b1c867a8070b8a69ca89a738a144d9ee7b08857
+	C = 2f7d7323589febe363880afffe44530ddd5477508a9ca50effa610a6cfd4efbcfdafba3e89480adb8d3788d6b64ce3d77016836601c2a7
+	reseed counter = 1
+EntropyInputReseed = 513d68bdcff2d3b73e0d5ee4914ac8a2
+AdditionalInputReseed = 648803c6f74943e602a859c7dcf7550e
+** RESEED:
+	V = acf6d566b4b05f87c0fb028ede21ae065a0d18bc8f6e6b70853a0c1b6262d8196e7a04739945829cf7f42a040cb2c45d9912afddd5e9bd
+	C = 10fa5fc7e8dc602062d421db5340ef5e55db704e03865b2c60ff387df4ef61d0e5c0c8fce036d864a35d19de213f28ffd3d01e45bdff0e
+	reseed counter = 1
+AdditionalInput = 8b34f68afb6480c9e21d9601d6fd6ebf
+** GENERATE (FIRST CALL):
+	V = bdf1352e9d8cbfa823cf246a31629d64afe8890a92f4c69ce6394499575239ea543acda7a3acc4daae22205cdad7d4d1515bc61994b5c6
+	C = 10fa5fc7e8dc602062d421db5340ef5e55db704e03865b2c60ff387df4ef61d0e5c0c8fce036d864a35d19de213f28ffd3d01e45bdff0e
+	reseed counter = 2
+AdditionalInput = eb857cc8966604df9c2144130dc6981d
+ReturnedBits = e2a7de7334c8687823fdf85bb58125c7b347114bb30f4221f7a3452bf34e5c877be9013c19ee1705b19797a05395d106b91359198e02891543e460528fa40567a2387faad95f4ec408289ecfc5a75a87
+** GENERATE (SECOND CALL):
+	V = ceeb94f686691fc886a3464584a38cc305c3f958967b21c947387d174c419bbb39fb97228729e5561a384b7214b20af1d4d2c6d4c38913
+	C = 10fa5fc7e8dc602062d421db5340ef5e55db704e03865b2c60ff387df4ef61d0e5c0c8fce036d864a35d19de213f28ffd3d01e45bdff0e
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 5adcb5b71af8504297bebde1ba2ca85f
+Nonce = f3f793eeb2c013ce
+PersonalizationString = fe08c362d31f561d29a6861eebe63f33
+** INSTANTIATE:
+	V = 2421e7a43d641e7ca22b05e434040f20e4b4a7cbb582096ed4f5ea29b6badc16a4ca23d47f4c6e6a389e364cb38b51574ead9c035cba00
+	C = 6ec8580fd35e009721feee11880bfe7d41b5aafed47af823d9ff7fe3108f12af9fd8b3d044403c11ba2ddf15b9da56af34d6aab8eaeea4
+	reseed counter = 1
+EntropyInputReseed = fe069eda5cfa85270a87aaf564de4e58
+AdditionalInputReseed = 1ab2d68ce0bd0fae19f47256a2b5c488
+** RESEED:
+	V = fa2152ae3fd93859b880b47ff654821edf40d681b79f19d6fa4d0debc31b3c11be2301ebcd3d50a653f797c43831cdc03404e89201f4f3
+	C = 181dd67a42b5175689b3c921c1d271acb8e833ef007c570c8c35619931070fc7103ee4cb9ed4cf150655f0a16737f80d9bb61ace9e847b
+	reseed counter = 1
+AdditionalInput = 481534a00fbb61da26346bf7b1a8568c
+** GENERATE (FIRST CALL):
+	V = 123f2928828e4fb042347da1b826f3cb98290a70b81b70e386826f84f4224bd8ce61e7dbca14f97d363cc590dd2aca62faf052fadd9dd6
+	C = 181dd67a42b5175689b3c921c1d271acb8e833ef007c570c8c35619931070fc7103ee4cb9ed4cf150655f0a16737f80d9bb61ace9e847b
+	reseed counter = 2
+AdditionalInput = 926acfcd0a7dbcbae4fab435a1625d13
+ReturnedBits = dfb3d7ec69b350d398e8e711e943135234046fcf1cc61f4869c5641c40d9e98284aa4e9061df3a9c1a8476d5799449decba749a2be282fd54377e6102952ba4fcb09a065cd3d2d0809d99ef7c1858a9b
+** GENERATE (SECOND CALL):
+	V = 2a5cffa2c5436706cbe846c379f9657851113e5fb897c7f012b7d11e25295b9fdea0cd86fd5d32cc0c0377555dbf20cd80e1a031e48824
+	C = 181dd67a42b5175689b3c921c1d271acb8e833ef007c570c8c35619931070fc7103ee4cb9ed4cf150655f0a16737f80d9bb61ace9e847b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 867982f8e098f13df74165a88122fe51
+Nonce = b3d317cbaa151d50
+PersonalizationString = e44a4d59e0742d3c66ed2b48ec85bb90
+** INSTANTIATE:
+	V = a784a1b013c54a9bab421b513b3cacfb7ecbd1094eee3bb901f9d24b3f266755755483530ced4f14104830564b1e7e735267941610c7f1
+	C = 1b5cd3de556d0d1352d70bcc1dedd7c78beec0bbd251e7142d90811d57057c2e58740376e05edb554cb03bdb0be14820131136cd7f660b
+	reseed counter = 1
+EntropyInputReseed = f76a7052b09a1042b6436dc375ed04a0
+AdditionalInputReseed = b63332ac2c66bb572e21a8ab5c444e3b
+** RESEED:
+	V = 3484ff8424e50a3213e65088d661dbf69864a91df4777746412541bc0eb6266ddcad0092fe9f021a84f5917f157e20e936e4077fe89c91
+	C = d5ea7ecde3c1f4290989bbf0bb2cd024ae062a308f57a3d57ecef7bb888a4ba98fa5f3822340f7c79ed8e6f73422ea460a4e25d5963781
+	reseed counter = 1
+AdditionalInput = 3ac12d6df7b1f1349636888dc16b0925
+** GENERATE (FIRST CALL):
+	V = 0a6f7e5208a6fe5b1d700c79918eac1b466ad34e83cf1b1bbff43977974072176c52f5ed6689d4401363eadb1ff9d789a37ed751ca16dc
+	C = d5ea7ecde3c1f4290989bbf0bb2cd024ae062a308f57a3d57ecef7bb888a4ba98fa5f3822340f7c79ed8e6f73422ea460a4e25d5963781
+	reseed counter = 2
+AdditionalInput = 1b2b644694708a2ea9eb443e8fabb41a
+ReturnedBits = 40364671abe43d28abd9f3280a7a47721a952d42d3bba2cc4507401a863de55eb5d7f7bff17498f1bb7ed2c9958165c980e2f9c7dd647754529533d349db618dd9fa10c4ec410fa1d20c2fcdf0119c5b
+** GENERATE (SECOND CALL):
+	V = e059fd1fec68f28426f9c86a4cbb7c3ff470fd7f1326bef13ec331331fcabdc0fbf8ea0b8f9370c9ea3273e426f510316add9cc9605451
+	C = d5ea7ecde3c1f4290989bbf0bb2cd024ae062a308f57a3d57ecef7bb888a4ba98fa5f3822340f7c79ed8e6f73422ea460a4e25d5963781
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 811cc187b51a7e7080f0970859c78783
+Nonce = 0e315a222f3696f8
+PersonalizationString = d1186154335794e99c77f9b53e9aace7
+** INSTANTIATE:
+	V = b2472e536fddb078b51c05fcb02c005150433c986593429cd242cee918f60a5913ae06aeb04fa8b369ab3b609d8f2aeedf514b1b6fca92
+	C = 1ae6bb97c5fc6f7277695eeb7872b9ac4d8125c1dd3460ce5b65bc64ae848d6169d90762b461d4c5662578bdee424fd16ffd2e05f1bfc7
+	reseed counter = 1
+EntropyInputReseed = 2c623a3f98f3246acd88b67307ecbb2c
+AdditionalInputReseed = c2be6e9f1cf7f7c588c6b9b89b3cd914
+** RESEED:
+	V = 4501a67fdc8409ef06566529310bb5e3a5a03b71b6b097508726761ae391b030899fca3c45a290f0e59600ba59daa0d9212c7cf5811fc9
+	C = e4393a1dce9ce1baf96372b58e74a1ef6616bdd160af601d8255215788a706360cbc4c6e133a20970e89d54af4cefd514e6a70a53f72f4
+	reseed counter = 1
+AdditionalInput = c0018eefee4b8bdc43a00701138608cd
+** GENERATE (FIRST CALL):
+	V = 293ae09dab20eba9ffb9d7debf8057d30bb6f943175ff76e097b97726c38b666965c171a1a4ccc45686d5c4aa18d038aeabaa0610ac0f0
+	C = e4393a1dce9ce1baf96372b58e74a1ef6616bdd160af601d8255215788a706360cbc4c6e133a20970e89d54af4cefd514e6a70a53f72f4
+	reseed counter = 2
+AdditionalInput = d241de8dee2ca5745f021d3dd6dd5be8
+ReturnedBits = cbdc22d220b7493cdca9c9772e0edf98f5efe27326cac0345335839fe88ba03ced0d5c1c9b0702f122ae664b6b0ff25631317264b802f3f12d50e11d0789b54118aa2420ea9877c92b6cb4e02e1c9203
+** GENERATE (SECOND CALL):
+	V = 0d741abb79bdcd64f91d4a944df4f9c271cdb714780f578b8bd0b8c9f4dfbc9ca31864a39871685e48bf12e852e7caf8eda68aaafd84aa
+	C = e4393a1dce9ce1baf96372b58e74a1ef6616bdd160af601d8255215788a706360cbc4c6e133a20970e89d54af4cefd514e6a70a53f72f4
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 786f80a8f48beb50b3ca56e837693e15
+Nonce = 2ec835695eb0fa6f
+PersonalizationString = 5dc2a8da2e1ab33eae6f3e0aec6cdbf0
+** INSTANTIATE:
+	V = e6040a46bff4f637b3299c400afa617409cb3d1d92382ebd74c2298ac0cd58877fa33b131de8b51e6d9a0abf3f39be5b052d737b8ffa67
+	C = ad3267ee03434141bb485a5b1bdaa59efc8d08709f8775c202de68b26e132ece32f9f4d4dc08c4a5baec2d36561536692efa0322eb1c30
+	reseed counter = 1
+EntropyInputReseed = 3d759b56d12ec071066994fe00a4464a
+AdditionalInputReseed = 603614ade1b9f4ca371fe4c6d941dd8a
+** RESEED:
+	V = 5d9e4d0e347feb5f98b189b0a35b2242b1895776c4b17443a474513a1892b2f4233fc23f0c5fe1f835f1064c9034190b335814c77aa5da
+	C = 33ede65bd692ccab18d858c394295c1b180f9020deb57ccf94b23e1d37cec7e72fc25458486757ee24ed762467be71b98995273a3f6554
+	reseed counter = 1
+AdditionalInput = 926b9c46e4e5fedb3abf9b06f1857a68
+** GENERATE (FIRST CALL):
+	V = 918c336a0b12b80ab189e27437847e5dc998e797a366f11339268f5750617adb53021782e7dd248927ac502a42f55c4269e4703686abfe
+	C = 33ede65bd692ccab18d858c394295c1b180f9020deb57ccf94b23e1d37cec7e72fc25458486757ee24ed762467be71b98995273a3f6554
+	reseed counter = 2
+AdditionalInput = 83679add00177ed94afffc6b496ea4fb
+ReturnedBits = e9860de33e70fe4d7007d9c860ab219ad748b0f3f914eb23d1e479c6d60798fd89fd915fed23abf954bd9d567d00728003b260c4d6fd59fc97a60c43d57f2aa79e642acba52e23a5f828e6a6393e30c6
+** GENERATE (SECOND CALL):
+	V = c57a19c5e1a584b5ca623b37cbadda78e1a877b8821c6de2cdd8cd74883042c282c46d9e1b63ee6b62870ad245c49dcd4af21944a3eda6
+	C = 33ede65bd692ccab18d858c394295c1b180f9020deb57ccf94b23e1d37cec7e72fc25458486757ee24ed762467be71b98995273a3f6554
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = a2a8c1f763ace0e9857dedd1eeeabfb2
+Nonce = 96125af30fc17484
+PersonalizationString = ad4b1c6aee3939270a48a063267d8651
+** INSTANTIATE:
+	V = b2eb190d54e312dfbe0428bcffc7e00fcef1c20a76eacc7a625dea3cc64477bbe190771c73bf6754df85b5f3dc2241abb230462209a9d4
+	C = 6b0cf0212022081d529fd2d5ad4c6f7bfc327b827aba51908baff92347e266e4a0ae893839e0a0bba9fdcd1d87a490e1a0a92458457a92
+	reseed counter = 1
+EntropyInputReseed = 756f83b99e98eda501a67001167a2277
+AdditionalInputReseed = 2dd5f5711825bf33900679b8d4c31e5b
+** RESEED:
+	V = dc74e452444b08ab3b41813ecccf0d881639489f90eaedc0af13ef5f94cfecbe7f142b2cd7a24f02aafef19ee2cbc170431032915fcf70
+	C = e496f981f9af58fba7c29ac33aea8b7ac31016b060fdb23c6aba7fb0adf7063907c5e825a532b04373e48cbff6abef88a4c5fc6300df3a
+	reseed counter = 1
+AdditionalInput = d14673bef7c01c23dcf192ba14fa46a5
+** GENERATE (FIRST CALL):
+	V = c10bddd43dfa61a6e3041c0207b99902d9495f4ff1e89ffd19ce6f1042c6f2f786da153b7119ae81a909014bc3adef576bda2b843d63d5
+	C = e496f981f9af58fba7c29ac33aea8b7ac31016b060fdb23c6aba7fb0adf7063907c5e825a532b04373e48cbff6abef88a4c5fc6300df3a
+	reseed counter = 2
+AdditionalInput = c6b121baa5a126e59c9766709f2a9c94
+ReturnedBits = a3495a37012933b8ac12a6893703a078c332b1c266fdbe1a36e7168de1908a521af97275716da642bd5be724f07f650ac213353df3c60c8918664e10d307bbab3346b981c7430b16fa11da49d4305e8c
+** GENERATE (SECOND CALL):
+	V = a5a2d75637a9baa28ac6b6c542a4247d9c59760052e652398488eec0f0bdf9308e9ffdd160b3d7516aa954f2d624b0d6834ab85b8aa018
+	C = e496f981f9af58fba7c29ac33aea8b7ac31016b060fdb23c6aba7fb0adf7063907c5e825a532b04373e48cbff6abef88a4c5fc6300df3a
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 13eaddc5753feead44a2b33e963d5597
+Nonce = 557d0a22fb2ce08a
+PersonalizationString = 40e643d8b26269d5f9bb6c71e6cc27ea
+** INSTANTIATE:
+	V = a67310b0456a6ab831ead56254c57a4ae3e5c6b2a0cbdfce93b454a5bfce87b2899c07a0334c10667531ab85a399aa9359cdeef02b93fa
+	C = 9444e8e109a217e00d3a56965214698f855538f1134d7e0c1666038891c077c18d25e071af0340fca3b8f76308d6fdf9f9b590f41ef722
+	reseed counter = 1
+EntropyInputReseed = 4b05204fc360991015b60e51db9743a1
+AdditionalInputReseed = 0b1b362167a09d23ad987a030c86e93f
+** RESEED:
+	V = 2552253ba8244ab06cc35c9399879891850bc1ffd45bfc00ff4fdf0b5bdc276b17f29b4713376994e818311cf4e7c97846f49601a941a9
+	C = 1275cc88e6022dd53d78c37b4e6154e1567fac04d9c531574ec2fd026636ddfe14a7aa0d9c7b72c48a0f15cf13243842e7490997c7d932
+	reseed counter = 1
+AdditionalInput = 9ff22c745b6716200155974609519db7
+** GENERATE (FIRST CALL):
+	V = 37c7f1c48e267885aa3c200ee7e8ed72db8b6e04ae212d584e12dc0dc21305692c9a46b78f929b35e50f227ecb98136102e88bff3dd120
+	C = 1275cc88e6022dd53d78c37b4e6154e1567fac04d9c531574ec2fd026636ddfe14a7aa0d9c7b72c48a0f15cf13243842e7490997c7d932
+	reseed counter = 2
+AdditionalInput = c10f0740b65dc9b25cda1324710c4ede
+ReturnedBits = cfa7e2b5622c4610ba921e001b6a9ded2fcf6cb9dfc6f65b2224f142dc3b3335acfa199200581a3363ec5096fc8c825710796ba17fae8a19d80ec7106546fa4014fc2b53306d0aff535c884ab016396f
+** GENERATE (SECOND CALL):
+	V = 4a3dbe4d7428a65ae7b4e38a364a4254320b1a0987e65eaf9cd5d9102849e3674141f17703a51ba77f102679cbdfdaad9e535cfb34c2d9
+	C = 1275cc88e6022dd53d78c37b4e6154e1567fac04d9c531574ec2fd026636ddfe14a7aa0d9c7b72c48a0f15cf13243842e7490997c7d932
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 4e9cc476fa583315cf35ab5b773d135b
+Nonce = 676d0a49aab84b92
+PersonalizationString = 24a0d72d31c9237d671ab5cff704a609
+** INSTANTIATE:
+	V = cd48eb9311014396457dfaf2e2169de29e9e61599826a1d93c8c06d1aafac26eb3feda1eec39a38f05b936436f19adeac03dadd5d7d10f
+	C = f649e21ac9d43804d6f02b73ca3fafc318911136697c12bf375b843947000af36f94824a208f6ba87f01036f7fc6ef8da8f688779129f3
+	reseed counter = 1
+EntropyInputReseed = 2efb6d5e73f3be7f392706c6070223b6
+AdditionalInputReseed = afbf95c02d0fa3e892092a9e5e2e45e5
+** RESEED:
+	V = ffadbf5e430041b23eda0211fe7aa5bf0725d2f693deeb2b8ffd49abe3d94f30167a882b9a5bd35c0413fa18e501eda1aca0a675147e63
+	C = 68f06de4dae8f0d784cc983f4c2c5ded9aac36b4a51a7ec6e05f1672431562d7ccbe12fcf752e4dbd9ae3a69dc5aec63c31f2d4fbd4de8
+	reseed counter = 1
+AdditionalInput = 3d83756d0b06ff7616af97dfd0b1dd20
+** GENERATE (FIRST CALL):
+	V = 689e2d431de93289c3a69a514aa703aca1d209ab38f969f2705c601e26eeb207e3389bf4e450e848440d0f7a9a6f8c8de9daa862fc8806
+	C = 68f06de4dae8f0d784cc983f4c2c5ded9aac36b4a51a7ec6e05f1672431562d7ccbe12fcf752e4dbd9ae3a69dc5aec63c31f2d4fbd4de8
+	reseed counter = 2
+AdditionalInput = 31bc832eb41a66a8c77328d7c28c92ee
+ReturnedBits = c1718cf236c95d893510163f8b77c815f103c52e1a151424b2c966b4188514d119dbf404e8dd1016f859b478d4f49ac9ceb0a93809d7ce00a920fd2c616fba36a05bcc6b79487e0f84150773d5bf4d83
+** GENERATE (SECOND CALL):
+	V = d18e9b27f8d223614873329096d3619a3c7e405fde13e8b950bb76906a0414dfaff6afbc3060dbebec5b003cbc7bc98955c57e327d82d0
+	C = 68f06de4dae8f0d784cc983f4c2c5ded9aac36b4a51a7ec6e05f1672431562d7ccbe12fcf752e4dbd9ae3a69dc5aec63c31f2d4fbd4de8
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 1b0a3224528288fe051f98a4234e0447
+Nonce = 1b3b2f3e6e813278
+PersonalizationString = f21d59202386e1d258ce845434c37c0d
+** INSTANTIATE:
+	V = 55b9d8772697eba76270c76a99b3a529acb1a4339062beb8642ce69f284c6b2a917feb35b02fff3a8a571f4b8633268286def0d3c18d0f
+	C = 571a04d7ee9a0438c6161f5c7efe35f77e1ec97943e47635e631c391e31df3ab85eaf2bb19451300c878e7ad6aaa427b14f38592e56262
+	reseed counter = 1
+EntropyInputReseed = 14aef368b2e11cff7218a44989f7e744
+AdditionalInputReseed = 56eb3211e9246aa317f5188a1675a691
+** RESEED:
+	V = 83bd651a527a083ba3e79ae41f5f00e94022db31ce703eb10012378aad693c529a6de9b1eb25ba4baae345036fba2ad2a06d9b3b8cde60
+	C = a523f0d17c2c4492e56a32a3cdc1313450aaffe6aa281ae9fce09f10b78c07d61ba8dc4223a71e178c77cb01c4d9b43dcb9d99a848ce5b
+	reseed counter = 1
+AdditionalInput = 38a77c78aed9c77aff1c9a043f53bef2
+** GENERATE (FIRST CALL):
+	V = 28e155ebcea64cce8951cd87ed20321d90cddb187898599afcf2d69b64f54428b616c6a6412bdfd403c738454943a10afe665e0e5310a9
+	C = a523f0d17c2c4492e56a32a3cdc1313450aaffe6aa281ae9fce09f10b78c07d61ba8dc4223a71e178c77cb01c4d9b43dcb9d99a848ce5b
+	reseed counter = 2
+AdditionalInput = 9d477b58d6e1f5d5a2cf9e9b91d14400
+ReturnedBits = 9cbbb7471aa72a54a4ba2bd3b1e7c872447fef9b2590cc6b3bddd88a8e970cdc6ae5da795708c2ed56936bdb9120a762ce3e9b60f35c6778fef87d01ace231710e31edcc206eb5186a8277a23f8fae26
+** GENERATE (SECOND CALL):
+	V = ce0546bd4ad291616ebc002bbae16351e178daff22c07484f9d375ac1c814bfed1bfa339995c91f02bcd3ef095b21d8f63c5288d0a57ff
+	C = a523f0d17c2c4492e56a32a3cdc1313450aaffe6aa281ae9fce09f10b78c07d61ba8dc4223a71e178c77cb01c4d9b43dcb9d99a848ce5b
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 682af7295b118fe464a60c9dfe489d03
+Nonce = b639c0def20001dd
+PersonalizationString = a5b7ddc635cc7bccf3f450b87b12ef35
+** INSTANTIATE:
+	V = 8b2b89562c778a4a0cc21f208949219069fc712e48aa7aec0708333a913e91354178773cadbc89cea9c9546b124abe1a3b2e558e9b59aa
+	C = 27697d946aca6c4b8b46d32960f04abaa0a5e8223467833d1eb23b5e0e25134e62de06d82c824e999680f0e6d820c7d9c9d92205f3f704
+	reseed counter = 1
+EntropyInputReseed = f3d87e2f3baca2650af1089492ae6c3f
+AdditionalInputReseed = 4367b1856f5a16f0dc064c8bfdcfdfe3
+** RESEED:
+	V = 1478503ae50aa8dea1d82638be70fcbbf64053a3159e748aee184887c2824f447b30d246c81957d35acb45d2ced4aa801b4e8dcd0657f5
+	C = 1b3cbe9af62482c1713d14add391057f29b1e675cf0d63260bba328dfc72310eb4bf787360c1f8b4ce295adbf417a70e241e513c0df467
+	reseed counter = 1
+AdditionalInput = 5b74923119b70dd71a230075b54edd49
+** GENERATE (FIRST CALL):
+	V = 2fb50ed5db2f2ba013153ae69202023b1ff23a18e4abd7b0f9d27b15bef480532ff04b0b2585e1d34be1e9fd6016c4cf7cb21f75f7903e
+	C = 1b3cbe9af62482c1713d14add391057f29b1e675cf0d63260bba328dfc72310eb4bf787360c1f8b4ce295adbf417a70e241e513c0df467
+	reseed counter = 2
+AdditionalInput = 9398e0de9c3fe5ede761095cbbe473f6
+ReturnedBits = fdedebff763209c77914b3e7b17b7a9e586044e475b7ced4c68b4920d84a550d92baee38b435d686d9102fc6aab3810e3f672f371e58b139d9896f1306283a0b1c28c08743842656d11f2bf069a4605a
+** GENERATE (SECOND CALL):
+	V = 4af1cd70d153ae6184524f94659307ba49a4208eb3b93ad7058cada3bb66b161e4afc4285434d12d9deca796fd3051b9e28aada79d2dd9
+	C = 1b3cbe9af62482c1713d14add391057f29b1e675cf0d63260bba328dfc72310eb4bf787360c1f8b4ce295adbf417a70e241e513c0df467
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 0201719d6919373269b6df1b8126e5a9f22c189b44b7399d
+Nonce = 3481566fb30d10f0926b90ae
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6c053c83807b2b307cedc9163dcb82b1f09124bc7c39ed4e8c28d26eb7d668a943011677c5252a67a125ea4cca798502ba40948fd3139a
+	C = 4ed36efc48df54ee1aa7df7eeca315cb1e45272eef0a6deb23d0f0a4ca88c84a13b96a6b733871a81381b0917e13408ad0cc76748b3bd3
+	reseed counter = 1
+EntropyInputReseed = 4fc18c7a495cbfc2fcefa7ec41b470b773cb6e82ec98a0e1
+AdditionalInputReseed = 
+** RESEED:
+	V = d82d9d2b290df6e47b437c284072afe40a98abd399ef893e19cc6d11bcb478f1b48e42d5e3a5dea1419cf81852532fb6f3b60bcf34ccf2
+	C = f3c1060a547d8a6cd73158e0ff6eb3ed344010cd3084ada3b78ba1112e789267e4c0c8848ef67fd6c4128a13d05ce48f7f19b92f61cab9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cbeea3357d8b81515274d5093fe163d13ed8bca0ca7436e1d1580ee848550d86d992173a91963bdc2bfe08c7e4c31609b6237712d64165
+	C = f3c1060a547d8a6cd73158e0ff6eb3ed344010cd3084ada3b78ba1112e789267e4c0c8848ef67fd6c4128a13d05ce48f7f19b92f61cab9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 12aeaad94d5e21d17d97a59584fba1c9f07f2b7c46e01da88b9b6f594098e60e4460c74f7bc0e1f211e606a58ed993177ec81895b6ba58728081c9eb88e308b3f9626b2cc67224a23fa8aa49a4ef84d61b48ded338d7b21dfc05f034de1f0b9010635db93f559d9334ef8d5c8725ed43
+** GENERATE (SECOND CALL):
+	V = bfafa93fd2090bbe29a62dea3f5017be7318cd6dfaf8e48588e3b0c7c1d2ad13a47d1b1b2eaf44bcca708f6a1d1f62411685a35fd5b0e4
+	C = f3c1060a547d8a6cd73158e0ff6eb3ed344010cd3084ada3b78ba1112e789267e4c0c8848ef67fd6c4128a13d05ce48f7f19b92f61cab9
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 02f3ecee144ea1ca9eb45c57229455d7eb1c6b5b0abf8dbb
+Nonce = 8d35898b9e69be26453cb6a9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4725cca58b9c0471a6eada15dd6f7f6fd63ba45c81a52c805af99dbe7823af7b60a2fd5aa0888d1eb344f4d00f90abcc38179f94cee6f7
+	C = d71f07341724adedbf2edb400d4378aefcf3b9712e489f69f1c24709406a6427dc8ece611e7a94a853599fe6b816cc346ade01da971e8e
+	reseed counter = 1
+EntropyInputReseed = a2d2a92d768aaa4cc7525085a0a3434734dc8cec257f3d7f
+AdditionalInputReseed = 
+** RESEED:
+	V = f92d4152b4a8605a41faa5dead1db771c22cd36554c37fc5ebd4520ffd37460b288bd2ca3ba0d52c8661cbf54fe4ce0ab7e2b18e86336d
+	C = 8a74caee8e09bd8b8a37a76942590eaa26c3ed641b8890e46f38e4b3483cdc30990295de65c8db3791fe75051b467a1a11606135470b47
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 83a20c4142b21de5cc324d47ef76c61be8f0c0c9704c10aa5b0d36cfa42d1d28a2a9c801173b318dc81022dc313547816e138a9891c95a
+	C = 8a74caee8e09bd8b8a37a76942590eaa26c3ed641b8890e46f38e4b3483cdc30990295de65c8db3791fe75051b467a1a11606135470b47
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3babe89c6fd6deb4f9f50f2f23ab9e41c769a9df218e19e12307b0294f57f29c7bd3f3f3322948eb2137411e673aec0ab1bcea581934fcc30e9799fec5a9947cefdd258b7f515253e164499ead86d54f36a6c569f25c7eb200362dcc5da944df807550d0dc69401420e687f3235e7187
+** GENERATE (SECOND CALL):
+	V = 0e16d72fd0bbdb715669f4b131cfd4c60fb4ae2d8bd4a18eca461b9ae627f887a368e04336e16a0821b39a542fe13e28eacd9914309fda
+	C = 8a74caee8e09bd8b8a37a76942590eaa26c3ed641b8890e46f38e4b3483cdc30990295de65c8db3791fe75051b467a1a11606135470b47
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = a9ba2b14482ff35e29ed93e50115fe6038c11cd7a9f50677
+Nonce = aba1956b74b2bef42febba58
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4124260798fc428f6a55f0639a0976c1c1356d73444ad147e82fcaaedfb33957ba8e8ed2f5b7243127e9151b7e6b52b72f68125dbd40cf
+	C = 972c96ab7e48455cde7c3998a1298684c4613d317429a7b0cc86f81db5c4fa474f2ab69a058c5d6c698b9c79b8a1fab44230992ff6671b
+	reseed counter = 1
+EntropyInputReseed = edf91666713ec05f78fe4ac80bb0c8cad74ae1a8e3550587
+AdditionalInputReseed = 
+** RESEED:
+	V = cede10578fe5f8139d064d5c1411601bf003f6b0c6f98dff4735ae6e373cc49e242ae0a6561d282b2c33d139bf569e43db7efc7fc00039
+	C = f971ef929a06b85b2134889f7c652e1de229ac55601ac977dfb4337ecf0b004ccea4f822ee4c8045b9adcd3e5c08f3d5ca721876dd2a9d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c84fffea29ecb06ebe3ad5fb90768e39d22da3062714577726e9e232c1e78cd5c29cad9418abd28d9ed36f5a1e48deb5bb35e7e6746c31
+	C = f971ef929a06b85b2134889f7c652e1de229ac55601ac977dfb4337ecf0b004ccea4f822ee4c8045b9adcd3e5c08f3d5ca721876dd2a9d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3b347dd03c5e57efcbe1631e370f82202a6d913f4af29ad9282bf2d985d0d35d2e4eb1aa1a0e846405201ee87ca5429025a14889aae7b3f07a156c1646099119ffadbbe7bf6c939a381c6a141b66afd1c971b4d968ab39e6eadac3445e8a32df64b0aa30e4ad1b66ce54b86ea0a09fd6
+** GENERATE (SECOND CALL):
+	V = c1c1ef7cc3f368c9df6f5e9b0cdbbc57b4574f5b872f20ef069e167d290ae00e30e083bb561dcd7b4a07548575aaf502bb5061577d1e9d
+	C = f971ef929a06b85b2134889f7c652e1de229ac55601ac977dfb4337ecf0b004ccea4f822ee4c8045b9adcd3e5c08f3d5ca721876dd2a9d
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = b87cfaf6c456ab4faa887160fcdc5a2fdadd8b0ea8dad2c6
+Nonce = 0ecfa48284dd9a1bce94df6e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5ad73cd04f3e818b4dccecb9c6186597e2f00fd768c2551376487eeb9396de87fc81821917ac0eb12b9f6385f69073888d45e80628b2be
+	C = b108d9bc4418d9117afe282b8a2f70a3f4245d9a650a4861d642f70cec06a84590dfc36e744dbbcafc52efbb8827128cfd64b366bcd104
+	reseed counter = 1
+EntropyInputReseed = 65582473b84c3ed62e5cb6b6a5007896b7065d9c9b32a09e
+AdditionalInputReseed = 
+** RESEED:
+	V = 85577cde3ee451db279d7b716605db7fed815280c4e5db362cc4117c1658c423c3e11da2b113f25d4ca90d8be51380611ab69ba67c8f5f
+	C = 21e1c5eae6c9ee94d04a69f68ba8fe9f38a9d010c136957746d80676f4ee760bc2cacae2221b98f5cb1bf0bbaccf4a242c24f6f641fe2f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a73942c925ae406ff7e7e567f1aeda1f262b2291861c70ad739c18b2a24dae43d306d32aeb4454b1945289a52268a639025e4a134a29b3
+	C = 21e1c5eae6c9ee94d04a69f68ba8fe9f38a9d010c136957746d80676f4ee760bc2cacae2221b98f5cb1bf0bbaccf4a242c24f6f641fe2f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a9d66c6b599461c43d5b2c4361b25f6432b158a856bf74b154c1a0e4d69c7e84f6e815b165f539bc910e7b8d8acabfc26a39301b48c4c61ed9fe52cf1e5b1ac9f8288c201c04eadca9980fa1c3fcac34d15bf08bc6d743875ae4b45e4f58344bd0d5f73afe26938dd0ec257b0f1a7588
+** GENERATE (SECOND CALL):
+	V = c91b08b40c782f04c8324f5e7d57d8be5ed4f2a247530624ba741f39a8fb17ee5c3f1420d0f802c67ba1560f79f63c46d05d71a528e7be
+	C = 21e1c5eae6c9ee94d04a69f68ba8fe9f38a9d010c136957746d80676f4ee760bc2cacae2221b98f5cb1bf0bbaccf4a242c24f6f641fe2f
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = c3753158874e033368698a7e069850c4f39f23f2949f2b77
+Nonce = 63ac598ed2553777b1983683
+PersonalizationString = 
+** INSTANTIATE:
+	V = 797691aa77eab524df84d88d916fce998189ae92378ff79c468b4d62e0a43a7eeac03d067256afc26fd8b41e53a8c62fecc853e3f13b82
+	C = d7492fea2d04ca8573e0404abd337bcf0e5da0e7286b3fdcd4ae889fff98ae80639f72e2d814bc01a843934b7b81ba6f9309c32fbf9a8f
+	reseed counter = 1
+EntropyInputReseed = 946e55d92a6fcce4cc4f5c7f598e4e85c8ece5e4bbbdecb0
+AdditionalInputReseed = 
+** RESEED:
+	V = 21bcef13c2ddf699b7c9651e33eff34d88e292f6f8d8c8a0f6f27e9ec44019fba8ecd0d588221abdaa351051fdf67224aadbe2d453f616
+	C = c092f79728e572383d75e887ae5621e6621beb5e1c8eeb7626b24f1dd9ac0af8d69feb46b7c6404f1809aa750bccdbb02052e09931b21c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e24fe6aaebc368d1f53f4da5e2461533eafe7e551567b4171da4ce9f239da0315ab70caf8d67d1344b2c512f940e2968a0ca0e5fb4036d
+	C = c092f79728e572383d75e887ae5621e6621beb5e1c8eeb7626b24f1dd9ac0af8d69feb46b7c6404f1809aa750bccdbb02052e09931b21c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 43c35c08f6a8134a5472c5e6de1e0381bfe303de02df7af7f26a87803b7a784d56fbf63fb58698e265de03b9c3ab99e88c0e65dc71e619124255b252121b2d5cbd50dae44e17a89418e6466a10a56d3e73baf68e15200b82b9a059e9c3e210156e123a1f780a1b151b42121de6169e06
+** GENERATE (SECOND CALL):
+	V = a2e2de4214a8db0a32b5362d909c371a4d1a69b331f69f8d44571ddb8d0af2b2bfdea8a4d9a00ba3c50f669e51de4659c44e220a96034d
+	C = c092f79728e572383d75e887ae5621e6621beb5e1c8eeb7626b24f1dd9ac0af8d69feb46b7c6404f1809aa750bccdbb02052e09931b21c
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 1db75f62e6fc289f1bf9c58e3662c4653b61a908dffbd5cc
+Nonce = 192c4df14e80b7db2cc895fb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f065cdd0b1eb5eebf180f11fffd55c558a72480cbc4cf8676d6218397f848b9ba2e6ba88856843c5b3265f82b5c1362da8196e64a8498
+	C = 9f29656b971de9a7edb928005cbcc7392c104c68a9cb1be280deaa08fb949f5fb3b4828bf10da335311e53c5d7d2c96693b06ed80e2c10
+	reseed counter = 1
+EntropyInputReseed = 305a9f24283b5b043e4ec82116f80f51417675b616342446
+AdditionalInputReseed = 
+** RESEED:
+	V = 9d26183cf501536cf5efe26c1e0900ca35c3b92c0234e1f6d0b284a0030c90128e2cc7efb82b307f16574926bfe08acd57663a8e8f893d
+	C = da7b15da4aade8f9aca9a11d07964d1efe80a308523f3dbfd842d128c6bf60a7db7cd05f4a48f8f19d72af69324cdb7b7b7068ec9eac2c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 77a12e173faf3c66a2998389259f4de934445c3454741fb6a8f5563baf8cfa4d2433ba1b1afda800de0ffd1bdfb276cec727ba6cda78e3
+	C = da7b15da4aade8f9aca9a11d07964d1efe80a308523f3dbfd842d128c6bf60a7db7cd05f4a48f8f19d72af69324cdb7b7b7068ec9eac2c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f1206eb7f187f3b055729ae2a8178d59ba04e22eda6bb74adc7a46710a07056dc7fafa588084f200a8f7eae213ef093814a201d95d53fb102cea7cb02f23877f765ad103fb8e48fc6a6421e0f67b7dc0c95facedae63c573cee90e85432f524c9725b5c3f566abfb478c826ab1c92891
+** GENERATE (SECOND CALL):
+	V = 521c43f18a5d25604f4324a62d359b0832c4ff3ca6b35d768138281d6310d987e9cfb5811d59c322cc8c79a29308e8b5efe20a6bf0ea9a
+	C = da7b15da4aade8f9aca9a11d07964d1efe80a308523f3dbfd842d128c6bf60a7db7cd05f4a48f8f19d72af69324cdb7b7b7068ec9eac2c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 6fedf27c610af0565308a8beccf608a7fdd835d7e9a02a2a
+Nonce = ac9f248066d2a9247dd02a29
+PersonalizationString = 
+** INSTANTIATE:
+	V = 233ada0e01636999ec5b0b61158f16f059eb58371b5357fd8d48714ced053f468242a1c839c1b31c55161e5a761f342fa3515df608035f
+	C = 2778132da48f30e8781fa11cbae7dcf43daf2f57a04bddbf3e35da1fd4e9654a0094b193740e77403120f66e09e0fa946c384bf95f1b9c
+	reseed counter = 1
+EntropyInputReseed = cc4e4805213af43751acfd4391b8e9b3bed2570b208fb6cc
+AdditionalInputReseed = 
+** RESEED:
+	V = be967ed1a91a6ce6d38ec58c3c55c599995423b54a4ea8c6343eb69d5955441f2ba1af2e0ef17c05f3666f91d1d840eeb5569087439ca8
+	C = 3b28bbaede269f9b6cea154ac9170894667eeeb66f521af69e47866225e3015722334c797be7b66f97334c5d7c64f6b360508fe2ec2a9c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f9bf3a8087410c824078dad7056cce2dffd3126bb9a0c3bcd2863defb09259fbb2e547b6a2e884a71dc660e402ae911e48b07632d52cb3
+	C = 3b28bbaede269f9b6cea154ac9170894667eeeb66f521af69e47866225e3015722334c797be7b66f97334c5d7c64f6b360508fe2ec2a9c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5daf8b651762e1b4675c870fb8b9b0e92dc85a8dcadce763a1cc48cf1f9de0c6e834fac62c1b77c6305078ac8586805caf850f012b53d42619423aff027d8072a0c087cb7e349545a6c383bf3311b4d488259c387c5c95c41b9f9edf78b481efbe9bcd03f98c7b0db47c45f42f601aff
+** GENERATE (SECOND CALL):
+	V = 34e7f62f6567ac1dad62f021ce83d6c26652012228f2deb370cdc4c82d7f828ea03e60d9695023e36c951f98a215d0681a1f35b9b49176
+	C = 3b28bbaede269f9b6cea154ac9170894667eeeb66f521af69e47866225e3015722334c797be7b66f97334c5d7c64f6b360508fe2ec2a9c
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = af4096fb34eac3d8304b3ed09867d8e941134a0a55f99142
+Nonce = a56cda38151a625dbac03d31
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0e17e18fea175577d98272761db19692e432993601ac2801e02e80502eb83781cd07893066a1013ecfc6113c2423d0bd21909f7a69d550
+	C = 5b6e529da7a39e95fed14d2440a180e7892c68056ea3961e61866da36f181b80a5a50811ce551b3adc22a02827f2bb61c054ae48ad8fed
+	reseed counter = 1
+EntropyInputReseed = e871eb5953fcfb04c4b6b9234a6c14234a56b4ab068a1f6b
+AdditionalInputReseed = 
+** RESEED:
+	V = ee88cd081465e86dd037a852c846d6a6f4b7f39cdb70be2a31b2c74e11e55f4ad786b7e51b2ae35deb530cb95bf844e3efd6493781aa5e
+	C = fad85d7393011388c8ca66823be7e2f1cf9270f1725f9923ee42e0cc44bdd3552db7fb2a0056b98bb56542f2d5b77ec915a6dc6c5bb4b8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e9612a7ba766fbf699020ed5042eb998c44a648e4dd0574e1ff5a856da5fd3aefa46600cf5c69f8fd38dbfbfe0144f53dd850bc519c31b
+	C = fad85d7393011388c8ca66823be7e2f1cf9270f1725f9923ee42e0cc44bdd3552db7fb2a0056b98bb56542f2d5b77ec915a6dc6c5bb4b8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 06b9cf494163ffa1d0a3ab0d364bcf7911f03a97d4ad01a9c2837cfae907f17948a2f6f3014bbdba045455d6a63eedec6857d5ce3ef30ea33680080bd0b3a11d39ead356f88580e4483c089d4303986b339fd6243dc53ff0c86025e83010e6924333cb77c39c9b9e95645d56394738df
+** GENERATE (SECOND CALL):
+	V = e43987ef3a680f7f61cc755740169c8a93dcd57fc02ff0720e38896ff7ab42bb729e638f19211e93437ea465fc3f88ccf5e707d57b9661
+	C = fad85d7393011388c8ca66823be7e2f1cf9270f1725f9923ee42e0cc44bdd3552db7fb2a0056b98bb56542f2d5b77ec915a6dc6c5bb4b8
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 3f843bd0ebf7e4edd76c6c2f6edf013c39c1af19409f3860
+Nonce = bb8b49b54e639554db9182be
+PersonalizationString = 
+** INSTANTIATE:
+	V = 76b1839849ecdf49363e6cda7349773d4a474988c7a8a68269c9f216bb620afbc54726d3a0c3c336275d8d62a4718dcda9448a9f55a7a7
+	C = c08e693f972da55263d91a3c65f3e172dcca3dd87879a25ee66f237606aa146d786a2d23609ce1455987c47acc89f08994544766798f48
+	reseed counter = 1
+EntropyInputReseed = 3c73f86a4efc0add813f6cc47ee9c4f3dcd668b58b053791
+AdditionalInputReseed = 
+** RESEED:
+	V = a47cc1a53775f0e66017feaab3ff9830a3c171041f9b5c78130aff4b0d5691c10225ce3e9e0b7304487d2d32f2a9f78f119f99fddf19bf
+	C = dc6912a4f1c93d4aa17e1766b3775f0980e2a38f9dcc40f7c4066d74dd4a3fe92166edd64a0bbf186033743587dd7badee523847f14ee8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 80e5d44a293f2e31019616116776f73a24a41493bd679d6fd7116d18825a101de5344eab841040c46898ee5c665a49e11f22c85cdccb7d
+	C = dc6912a4f1c93d4aa17e1766b3775f0980e2a38f9dcc40f7c4066d74dd4a3fe92166edd64a0bbf186033743587dd7badee523847f14ee8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bfc4d4faec1d7d36ad6c2678d38fe8de6da2c716f649eab882aff04c1b6c31b5b6698fa376cb601200e5aa093a3bb9c2527fb4738a7af62a0df1643f48eaa3a66305a3ec42acb3bacea3de510ec04ed5c1afe4e23501b46c26d1428980a03ce9b39e277e06100f8ffae1b44d9bf29f8c
+** GENERATE (SECOND CALL):
+	V = 5d4ee6ef1b086b7ba3142d781aee5643a586b8235b33de679b17daabee9e084f43a49c0fe55e2aa7a80da4b8bd1f608abaf57884df7049
+	C = dc6912a4f1c93d4aa17e1766b3775f0980e2a38f9dcc40f7c4066d74dd4a3fe92166edd64a0bbf186033743587dd7badee523847f14ee8
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 3ac6ca86f4dbc45cc9af2304c19d873235c741571274af68
+Nonce = c8dc8319aa1c49c6ea6835fb
+PersonalizationString = 
+** INSTANTIATE:
+	V = c0089a60e901592a11d1d062f828c4b7bce0db80458b562030691ea574ea746b097c05e2f31be6eb77757c324f2330e753eee4749ea4d2
+	C = c9793f3207eedcef5d1567099f1063d54918a701f435aed4b73ac792899b44cb525f3abfc739eb85453a0783f809e32d6d9615f47d1d84
+	reseed counter = 1
+EntropyInputReseed = 4f4183dcf3fba8886890846b942e8823c77262e9cb14c8a2
+AdditionalInputReseed = 
+** RESEED:
+	V = 10b2519d94e2a317aedc47802173a58c971f393b5f6325ff0358016d21beabcaeeb0640492578f72c8a6fc7f069ad775dbda5c6c27745c
+	C = 538c5ed2a88a95b07468bb4bc5b09e09f35269ef21ead64e19730350b68aec01119bc1adeee86e0bfd4feaa8789a5372c88e9fd08aaf41
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 643eb0703d6d38c8234502cbe72443968a71a32a814dfc4d1ccb05a802d7828d504edb4d0013206342272956c51d4d4b05efabb1222bf0
+	C = 538c5ed2a88a95b07468bb4bc5b09e09f35269ef21ead64e19730350b68aec01119bc1adeee86e0bfd4feaa8789a5372c88e9fd08aaf41
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3b03482298771728a4978e2fe019e262e7cc2526502424343ecc89aa1e87ec6fc6a521959c7510c5109bd58540716473a09ac084649314dc9e6f41188c6b5f65874576aecd60501bed97e2f0588b0099835ccb6ced10b0e19488ff4fd394bba8ea209f95be935279177cb172848a0a75
+** GENERATE (SECOND CALL):
+	V = b7cb0f42e5f7ce7897adbe17acd4e1a07dc40d19a338d29b363e0906c40cbf9af76a201389938448f63552b8dd1959cd053d36e6771840
+	C = 538c5ed2a88a95b07468bb4bc5b09e09f35269ef21ead64e19730350b68aec01119bc1adeee86e0bfd4feaa8789a5372c88e9fd08aaf41
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = dcef48f166311a619f59d4cfdc5ee7bc7346d3394cdde36c
+Nonce = c537ed309a5a883f0eef528c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 730b33027893f9021cf3a97b24f4f2276cef1d1fbe8453ce476d4d032cbfcad9c1a2df914317eeca236db6455e75bc836fff06aa9e178e
+	C = 56696f17f9d8e70d54da961fd6809563ed794745337c9ba5f07d85b0c309bbe16670073d0007a090466c7ab572172da7428e58e941c1b3
+	reseed counter = 1
+EntropyInputReseed = ea391480ba5e25ed3a516b8a3a4a48c5b7b1e590d89c164d
+AdditionalInputReseed = 
+** RESEED:
+	V = 8499eecd76062896fe161f48263ee4706ff0ad36b84fc78141c9387976445c6c9b4ecde22bcd0a11a50fa179960a412570c1812971bf46
+	C = 876d9adfd059340eb750c2d2f055eecbf0bb3bd4cb7d21c4c870c1e4de46c540e96bb5fbc08f8dcfd9a1f84ad091f67726bfbe249f754b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0c0789ad465f5ca5b566e21b1694d33c60abe90b83cce9460a39fb1f97cabe91086f73ed79841dc374145feab9cb0603c90f92832315f9
+	C = 876d9adfd059340eb750c2d2f055eecbf0bb3bd4cb7d21c4c870c1e4de46c540e96bb5fbc08f8dcfd9a1f84ad091f67726bfbe249f754b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a9503aaed26ed82076b5bd13fd60358aee97db46a6cad325352831dad9288a9af69c603b8a4f259acee2a9ff613f22625f808a26ee9d79e150f41413358b7c88923496a395148a1d7d07b4ce053485594ec40549d6ce5d5c10cdc80ae76c8616f079815996ab926bab8dcd2439ae57ba
+** GENERATE (SECOND CALL):
+	V = 9375248d16b890b46cb7a4ee06eac208516724e04f4a0b0ad2aabd056a08fe0216431e3de26e8564f661d11be4d3306be4b986bcc1e569
+	C = 876d9adfd059340eb750c2d2f055eecbf0bb3bd4cb7d21c4c870c1e4de46c540e96bb5fbc08f8dcfd9a1f84ad091f67726bfbe249f754b
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = f542a824f29c1d60e07c34b6019e0071c1982fa463be765f
+Nonce = 76395bdc73d6887bb1f58c02
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8bfa720841d0e67a9e57bc88c25f7c72ca8e529ca8b99599363290a1e7bf5d2dffbde32ac29d0a3fb88bc661b1a377a33be2834ab230e6
+	C = b66099c43045533fbcf6086928f49ab40b2b2cb882bd4b2b7e1a66f3be2a0b43df08d7cb14a4ce6ca0a695f624ce235d2b28db217f7660
+	reseed counter = 1
+EntropyInputReseed = ada21e48bcb847395c2f5da36691b0e8be957c901f7fe6bc
+AdditionalInputReseed = 
+** RESEED:
+	V = f764871844912c86aafab6f01d3e6b9ac8f1937eba9a7c00802157927474853a543dc24c8c1395dc6e93184cf6b3d4d484ac49efff7bd5
+	C = 1a27b10652d248f5edee7064f8620be80f887f77a7282962f08a96817ece0d8cc5aa58e24ae03c5a6419b29e0ab4a9eb3f31ae1d405606
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 118c381e9763757c98e9275515a07782d87a12f661c2a56370abeed84a43ac71641f050778b2effeb375c44fe2b8485faa3bc271753a46
+	C = 1a27b10652d248f5edee7064f8620be80f887f77a7282962f08a96817ece0d8cc5aa58e24ae03c5a6419b29e0ab4a9eb3f31ae1d405606
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 49f68219e9da6f06794d2b31e442b4700bb4af52636413fd96a03b8eddf9a76c780603c72ca4801dc97d72f154c058de26f79fbc44bfc3eb0b89ad1972bbe890be6e6d5ff5b6e8a2066873157c1187e1402d57a7a34b9e54f483e248650cef3df1631526a142e73b9d65d1bbac2d3b78
+** GENERATE (SECOND CALL):
+	V = 2bb3e924ea35be7286d797ba0e02836ae802926e08eacec6613685c6f0e076e1ecca15995ff2fd6d7944f90327b358d4ec67c49445733b
+	C = 1a27b10652d248f5edee7064f8620be80f887f77a7282962f08a96817ece0d8cc5aa58e24ae03c5a6419b29e0ab4a9eb3f31ae1d405606
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 2923649ca4be9595cce5937b17559ced113c8ea350a158a7
+Nonce = b1c89b2f4c2f3b51dec56871
+PersonalizationString = 
+** INSTANTIATE:
+	V = f835ad7708e4790f224da565819ed4c7e03a8863d6ac0bb5c6c9aec67ca4f35a50e25a76abf0ad88c3d8ba1e507a82357f479205959a91
+	C = bd728c61c1436862ede06e5caa9f6de4b802f45e9eff8b992e660f314856adc16461a745574f987a09cfb8663162be43ff8dcadd3a20ff
+	reseed counter = 1
+EntropyInputReseed = 7f1534571f0a7c27a10aed842cc5fe9281e1ba3012ce09f2
+AdditionalInputReseed = 
+** RESEED:
+	V = 703efc4931f99f837e4eaca58b7b9bce53f5915cded33f344399f64f776c9ec0429315c679d8931d5b6ba9dbdb2a9d1b394eb5a0960d8b
+	C = d2582e31a5bf363a08f41904589842a9788d5633aa6de6156fe45e709687c8b057a5ffff086d3056198924f72288f1649222b3613a78d3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 42972a7ad7b8d5bd8742c5a9e413de77cc82e79089412549b37e55746407067f21748d355f181708cc3405c85b0e3fcd927b92e500f3ce
+	C = d2582e31a5bf363a08f41904589842a9788d5633aa6de6156fe45e709687c8b057a5ffff086d3056198924f72288f1649222b3613a78d3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c023c483abaf5619bdf0a21cf6e0ec28f4450bf017b70c0248dfb8777dd81426bb6523f00f537c89eb1bbf9693824088f43ed58d90573a2c82f175e55ee2a14b04855f73308014a643566f538e3a058b6afa758884d38bd9170eb5aa6ce1f7276174ae7810735c19a2968d22264e9db6
+** GENERATE (SECOND CALL):
+	V = 14ef58ac7d780bf79036deae3cac212145103dc433af0b5f2362b4701594be149db4f4631687aa265db9fef59845c279de7e114648b76c
+	C = d2582e31a5bf363a08f41904589842a9788d5633aa6de6156fe45e709687c8b057a5ffff086d3056198924f72288f1649222b3613a78d3
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 5bb2b2a16e5122a72a8b1a2d7f97da6cca012d341e9faf72
+Nonce = 1d13e2ed14eccd37f984b641
+PersonalizationString = 
+** INSTANTIATE:
+	V = 00379dabe6732371ab90fcba76c474deafab2c6e4ecc64d630b7a81c37b29c37fc19f988c2a09fc5c55d1f6b7009118a01f738cd9cd153
+	C = c10da5420a8df132ed92a92a19f17e995845235b3ca69f7bb3e1e39f77c80b6b94499141d8c67d7a2de01b9e83d2d80cb2563560ca7344
+	reseed counter = 1
+EntropyInputReseed = 2579f25ee498bce11eb9192a637f9fedc716626938298184
+AdditionalInputReseed = 
+** RESEED:
+	V = b742d2a6d68701f1db58da0257772edd0ba8b7904406ea95930ffe19256c421fefa9e50efcd6c9dd1d236cf04ff745ceef89a620d9bd1b
+	C = 35ddb8e2160ea264e689dc666504c7c70a6fff26ab84a238a0666a55d96a18ebefca38826ab15f87aedc52feca4600b2a328001e008456
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ed208b88ec95a456c1e2b668bc7bf6a41618b6b6ef8b8cce337668f0892dab47177c3a9fcbbea44298c772233d1c4030e2ab36c3ed51eb
+	C = 35ddb8e2160ea264e689dc666504c7c70a6fff26ab84a238a0666a55d96a18ebefca38826ab15f87aedc52feca4600b2a328001e008456
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 85cedd05905e03203c43bff679954b47e2bf3e307df89bafaed5b9dbd0d54fd92186a8f09f0033442fd236fd5ed55b285346d656689bac52a0d194742776452d8dd295f919f48be23dce98723916cb7bda3d25a4e8399cc6c3306e8953720f35ed15fdd7483b7ee571e63d07fc4efe19
+** GENERATE (SECOND CALL):
+	V = 22fe446b02a446bba86c92cf2180be6b2088b5dd9b102f06d3dcd3c6ca643c59b2232ab787ba953b6e6aaa53ec409095ead4c733d9983b
+	C = 35ddb8e2160ea264e689dc666504c7c70a6fff26ab84a238a0666a55d96a18ebefca38826ab15f87aedc52feca4600b2a328001e008456
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 31ed25e1ea468728102cb4bac6571cd44e93a1140630075a
+Nonce = 6a3c3d322944239abfeb60bd
+PersonalizationString = 
+** INSTANTIATE:
+	V = fa35ad55245f0b50d6c935e6f7bf700b834520726b62eca8132f7278c0b27bb2ccdeb199da691705de308272d8615d843b25b054bc6308
+	C = d4f1a08b6d5966c6a684e878ce8397c14ebb9e8c23ab50ae36bbd56f19c7e1e8f42ba2741fd272008fba2c35a1ee7dd6179ff3e44c1559
+	reseed counter = 1
+EntropyInputReseed = 0b083b3d17fbf8b427dbbcd4bd9dfe4be635271f01ea1d5b
+AdditionalInputReseed = 
+** RESEED:
+	V = 6dc288fbdd8deeeeeead16a3d10155996aceeeac9e8db8b303716ac15ce00db7ca937b2c8f04e839803d7a79f63be0f23bbd71fc0ae1d6
+	C = 6740ffad98f1ef658ed0aeefbb7667794edea79b5a6f541ac3a18495f7b1fd991afd140fe567f61751b391196147ab11f022214df523c7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d50388a9767fde547d7dc5938c77bd12b9ad9647f8fd0ccdc712f00aa0e57f2433f3b2a19ccba064598e59bdfd765b27cc3031e53df614
+	C = 6740ffad98f1ef658ed0aeefbb7667794edea79b5a6f541ac3a18495f7b1fd991afd140fe567f61751b391196147ab11f022214df523c7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fd452266e86774c37074474ecd0c8a54b49ffd2ebd95fa5fb9168fd0d7717480e350d312eae7ad9c4ab2fdd2e07110c84968124078d1cf64a2449728796a8cf1e6f6196bcbd50d8fcae6094a6652f8c5f3eec897102fe0dca937c1352fdf603eea43cacfc874c2cb397899d2b61e18b0
+** GENERATE (SECOND CALL):
+	V = 3c4488570f71cdba0c4e748347ee248c088c3de3536c60e88ab474f38e6cb42a6b1c5634aef004cbb107ff1e0f0f5e5abb5f6681e29036
+	C = 6740ffad98f1ef658ed0aeefbb7667794edea79b5a6f541ac3a18495f7b1fd991afd140fe567f61751b391196147ab11f022214df523c7
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 07b142637bfb28966322a176ca3f9f4f820c0ccfd34a6d58
+Nonce = 767ae1b33a9b3b9909496365
+PersonalizationString = 
+** INSTANTIATE:
+	V = b08e1f3709e6154acf9647aca540b0eb42f7f0680c57ffa5dd840f7e3a3325401d133110cc49c265d1cf3e112d44b3cada3d99a740814b
+	C = 19b995a3101fb4ba669d9840c6c53d7d7c09e35302ae847a826ce25897482ff2cf128da88cbfda782c5bbaf0868dc9ed39b74a29eba3bb
+	reseed counter = 1
+EntropyInputReseed = 7c184c7ac4975f4d2e1b322ad1de3573f2131485e8e5c947
+AdditionalInputReseed = b23f37a267ca662249f963b8ebb2bf2f34041ac21291d5cb
+** RESEED:
+	V = 88ae6fc63ea784778f8108558cf89af57268f09aa40ebcddc7056d149acc7fa5e082e3c48bd52b2e2d2b7af5dd6244132de53d5f174fde
+	C = e11a9fe1deaae5e83dd3743dad2a3e054cc8c2f747e16802c2fa8e211fdccd2efbcb27844e27c0dac3f277d2f85b1e13bafe1d5fe0f29c
+	reseed counter = 1
+AdditionalInput = 331295350825186e98c4aa93933d17eea21d78578fb9228d
+** GENERATE (FIRST CALL):
+	V = 69c90fa81d526a5fcd547c933a22d8fabf31b391ebf024e089fffd0f78beeff59176c7c9a6481dd7fab9e609e9dca9f202d06d997f3aef
+	C = e11a9fe1deaae5e83dd3743dad2a3e054cc8c2f747e16802c2fa8e211fdccd2efbcb27844e27c0dac3f277d2f85b1e13bafe1d5fe0f29c
+	reseed counter = 2
+AdditionalInput = 7a5771a6359211cd8fb8e6107a6230a7767553191216dccd
+ReturnedBits = 12e7c8b77cd0b4839d78e7522fe2c2c5942c4f7bf7b2750162418174f951e063fb9e5a93bed90922d47cb1cd7e8f98c0319cf07f33440f65b1cf4cc30c69c19eebcb7a978f4cb7c6b5845e59ae845cbfc19fdba1bf66babb4669d6f0edd74cb630e96468e0220299660d00357ec5e17b
+** GENERATE (SECOND CALL):
+	V = 4ae3af89fbfd50480b27f0d0e74d17000bfa768933d18ce34cfa8cadc2fc94d3cda0fe3628f20649ef4a76d7be70aa1d57ee9578627064
+	C = e11a9fe1deaae5e83dd3743dad2a3e054cc8c2f747e16802c2fa8e211fdccd2efbcb27844e27c0dac3f277d2f85b1e13bafe1d5fe0f29c
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 0e9eb0738db584bb19e54c371a6955939899266e7a0aecac
+Nonce = 0669e91514988ea5e2897ee7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 022886729c1daa53d9c196874bc75a77001c191a7d99b3df101934d9a874ae98db1861bd5d0fb3d039c5b9d74a5579bc148158e2c23c2c
+	C = c3d2640439fe8c3aeb6828d0c6753ca19d2a6a85f4f3936518686ec5f0aae52acad8e509de7bb2b471b6abd831caaafc4ec92fed66d686
+	reseed counter = 1
+EntropyInputReseed = 5a2df35208348951cad2aab13048d8d88a3402aec22202bc
+AdditionalInputReseed = 7b2d700d810e41e2ae8302eed86b97c2ff5a9b61a6ce9179
+** RESEED:
+	V = 7399eb7ae5e56793acdd0813e3bd9955b1e04b36ee3282d095b1056f709e628bbcdf0c5281ad168bb71b62817bdd0ee97e58cd1e64c005
+	C = 2abbbd29af77ce170cf02defe1ea16b36808799cf0d6e3a87e5f7806eb5f661ef162b0ac501f65e4a2217495dc15afebb11b5cabdf0564
+	reseed counter = 1
+AdditionalInput = c9fa05f54429dfc6726dfd78c0c1da095cb8e51d0e3e3850
+** GENERATE (FIRST CALL):
+	V = 9e55a8a4955d35aab9cd3603c5a7b00919e8c4d3df09667914107e3695a2393c2c6816c73d71e3ef4b5b1f207d775e76a84442b11da53d
+	C = 2abbbd29af77ce170cf02defe1ea16b36808799cf0d6e3a87e5f7806eb5f661ef162b0ac501f65e4a2217495dc15afebb11b5cabdf0564
+	reseed counter = 2
+AdditionalInput = 423a21d3905befe8f4d02423e4236dc239184a73c350dd44
+ReturnedBits = d377861b9a573d6cfd568eef4753788bd91aba040a254bd53ad8bfe26dad53f0b89f073dbd335ad903fbd4881b202dea73869dccfa5462f6edf8e1d8f70fa063693ca874349136c94263f8b2cfb2a191263ba27e4b3454b0fb27c156e26a741025b5f3d2d020c7829b41c085a9c81b59
+** GENERATE (SECOND CALL):
+	V = c91165ce44d503c1c6bd63f3a791c6bc81f13e70cfe04a21926ff718e1b740fbfe5f9999688d7bd22316c2e48e10c957244e885ff505cf
+	C = 2abbbd29af77ce170cf02defe1ea16b36808799cf0d6e3a87e5f7806eb5f661ef162b0ac501f65e4a2217495dc15afebb11b5cabdf0564
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = c79bceeb049c80e965082cb9b93a6cb8af8d4240860240b5
+Nonce = bc9b4eb25ff01b2d142fd28b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5d80d6b5e2ce9638ebb6fce0ed01ce7ebf5cedabcb935ec372279a418de136a058490211733bf8cfc37be9244e9d18e595b7d470a6ca16
+	C = 83ac3a84224b55062afbe5ee08feb0726aeb47672116cc94a5167d0576a239e3ec597a0f988287c012432dcfd4ea4e4611b812881ab676
+	reseed counter = 1
+EntropyInputReseed = dc891256650cd5a679f967423a876ad1f7f826b04b452488
+AdditionalInputReseed = 6e899e327b79993d80bbda2180c4e1eec8394d57db53a79a
+** RESEED:
+	V = 30e856bb8058f474115f280c719e74318d8e3329d173ced0ab1fa6d1097d481b460ebff4fd90dd646357e4b6189a9267ecf5d21106ddad
+	C = c03a16b4a297f6d997ea1780d7cfc423595a8efd22bf78e3df81a584dd889c022d166bb3b57e65fa228053367888195c011a841a7c899f
+	reseed counter = 1
+AdditionalInput = 2837640c83258ec9a32083d51db8036db706dc7d02a9447a
+** GENERATE (FIRST CALL):
+	V = f1226d7022f0eb4da9493f8d496e3854e6e8c226f43347b48aa14d75e8df4f9a4ff9c23a1732615c310c1b84b938e76bb6984db1ab4687
+	C = c03a16b4a297f6d997ea1780d7cfc423595a8efd22bf78e3df81a584dd889c022d166bb3b57e65fa228053367888195c011a841a7c899f
+	reseed counter = 2
+AdditionalInput = da745a58e5b7a06f79bccf8956955555ff684a104e32f2bf
+ReturnedBits = 55aeb33b75bada2c7c6d4cf6f6c099189227c2fee336f55f89185008f68cc635f8f7e3cd6a4fd17f5bdf80b4b203e3d4ae86af7069dea67bb52513c51d978b22e1cf674de42ce2f6df977d8a7430eaa1481db6cea675e25299fee158b666f51fd45b05dc964f80b01717f09f68ae9834
+** GENERATE (SECOND CALL):
+	V = b15c8424c588e2274133570e213dfc784043512416f2c0986a22f45f222935e8ff3b0d196794456a47301818604bc93bbf001a2b598855
+	C = c03a16b4a297f6d997ea1780d7cfc423595a8efd22bf78e3df81a584dd889c022d166bb3b57e65fa228053367888195c011a841a7c899f
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 57e141a0ab18b4cffcc428d8f0eee6c12292e2ed004ab26a
+Nonce = aa30ee6701f5afb13e0ca365
+PersonalizationString = 
+** INSTANTIATE:
+	V = 48b53130e24994d6272a1035f6028aca7c3777c89f162fcac74c88defbc241cbbfda700c95b0c3c47c20a32cde9c118aacffe60c907719
+	C = 4e0a383e1797aa2a3c987442a149cf4f326db966e529371f307706fc7d49d989b36a0ea015525d9eb7a66f5156ec92f003330732c179db
+	reseed counter = 1
+EntropyInputReseed = 8747c3ddcaec1486f37ffbab96c81b29e08c37335401c5a8
+AdditionalInputReseed = 7386e11629a972095f6aa0df5f931b21ec4661fa41c36a28
+** RESEED:
+	V = da8d1369c5c6a7d11813da8a4d7feb9c242795253629c45ec9b0e13c225e91cb9b27cd8e6fd4ea7be04503be9862e41fbfbeb97cbf9e9c
+	C = 3c11ecdcfabb52e7a8f432ad1a7247707c385d29caf282fc872238c6b70ad5790e34c9835ae4365ff3d5d299b01384dc878059cb6a3f69
+	reseed counter = 1
+AdditionalInput = a820b17d47415610a8ca72a06d302e95f2a4dfa4e0a6a40b
+** GENERATE (FIRST CALL):
+	V = 169f0046c081fab8c1080d3767f2330ca05ff24f011c475b50d31b6c99405edf347734095efc127140f9abbc1cbec21878cd8057e0e5ea
+	C = 3c11ecdcfabb52e7a8f432ad1a7247707c385d29caf282fc872238c6b70ad5790e34c9835ae4365ff3d5d299b01384dc878059cb6a3f69
+	reseed counter = 2
+AdditionalInput = b8b0b9685b0036495afc07dedc3dbc56f33ff98edb88db74
+ReturnedBits = 18bb585556121c52d6fb3a17c7e4e50ad05a8ddc64a7a55473ef3558f59c78d7ab051ea770ccc9ef3972b24822ddf75bcca6117011a4d6f798f6b65959326fb33fe36f56b8576a1670b1d0cdcbaa5de22eb5012e0a3e71fe2da1c49cfb2cee794475b8fd3801ab0ef5d44d67bf2341a8
+** GENERATE (SECOND CALL):
+	V = 52b0ed23bb3d4da069fc3fe482647a7d1c984f78cc0eca57d7f554b86dee8f55eafab69de56e2eb23bef90bdf1fbbde38e3bf77d1363e4
+	C = 3c11ecdcfabb52e7a8f432ad1a7247707c385d29caf282fc872238c6b70ad5790e34c9835ae4365ff3d5d299b01384dc878059cb6a3f69
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 8bfa621acd9f96f74ddbd0ca163348e8d93b9bb403c34bb6
+Nonce = fa26b0d2e38df2a5572ff6a4
+PersonalizationString = 
+** INSTANTIATE:
+	V = aeb30974cb6bc89250d0680410381a9e818cffd6038a5d8e62bd7b5d607b323e17ba9c86968bb4b8640acd336f7fa8286b23d3a9042c65
+	C = 8ebfc1e4212b3e59021a39877ed0ea7eed70b37341e044db149cb0a7e58650856b7e74804527ef120dd8d974ded158c14fafb4c0f16912
+	reseed counter = 1
+EntropyInputReseed = a183d4e581cb9f1183467faceca255894907567efb5673d4
+AdditionalInputReseed = d5175ec115c8462984d9da9cfd019995da8ff3fa75cd7760
+** RESEED:
+	V = 81d666e5a0f16f94f4d910daa002327ac64cb5a0cca9a52a8ba57310effe65902ec9d7196fe5ee9d8cbe04d59533fefaa4d7b3d666aabd
+	C = dc59dbc0538ee7fc9f463ebad32c96b7543bb4f59e5e8ac8bb7727bcd06fca7457a7dfc79540806a64cc26d731b22c354dc7a6054ed1b1
+	reseed counter = 1
+AdditionalInput = 82283f3ac813fa256126494901348d12889bc3f8adff8546
+** GENERATE (FIRST CALL):
+	V = 5e3042a5f4805791941f4f95732ec9321a886a966b082ff3471c9b0eea8ed29499137ea3d1559041c9c961fad2d1937642c40d56cff9fe
+	C = dc59dbc0538ee7fc9f463ebad32c96b7543bb4f59e5e8ac8bb7727bcd06fca7457a7dfc79540806a64cc26d731b22c354dc7a6054ed1b1
+	reseed counter = 2
+AdditionalInput = 07d337864c17a705ff652ff750129b94455fccacc6dc76db
+ReturnedBits = 75caa843f39424f637d6bd2414084b22715f167b341d79c3db9b9b51718e1b8000a737632b11e29565d05104a140785632c64bd66ad76218085d490d7720842db47753fce76e77a1b158b34dbd51e2aebae56532356cd79f4bc6f68a363709b7ddac62e12f0d6aecbbcf802bbb2b6541
+** GENERATE (SECOND CALL):
+	V = 3a8a1e66480f3f8e33658e50465b5fe96ec41f8c0966babc0293c3eca67d382d4913bd8f10d9fd5039c3c9b0ac468b14b5c9bbcb536ff3
+	C = dc59dbc0538ee7fc9f463ebad32c96b7543bb4f59e5e8ac8bb7727bcd06fca7457a7dfc79540806a64cc26d731b22c354dc7a6054ed1b1
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 404087fbbb3a30e7facabb8a7caeb27454883d6f822ec289
+Nonce = 63f9228974e0ca16d085a15c
+PersonalizationString = 
+** INSTANTIATE:
+	V = d8bdb2bdb24a9ff49230d0b738757379bb80e10d546d99a687ec0b8c16433c05f906dcf9992136bf4322e1bca5a1103eb20501e6aadf5e
+	C = a6ee6daaa41ae3dea3bb7a5d9ab7f7cbd269e245d376b8e0589b5f68dda023a0306ba78f8b5e9ec147dba475391d490aca517471ec50b3
+	reseed counter = 1
+EntropyInputReseed = 863518bb7d3fe3c87729d970a43ef8ae9bad4161e0a7e420
+AdditionalInputReseed = 1eba890ef6363df5682fd9ef77d7671e257438b4be2485b4
+** RESEED:
+	V = f49ec3665d2ec05b344be4cb3acd16f2aea9736df24ae6c82baa2c99fdc78edb140523c77158916aa9c60bbf6f1cdadf9b753f633e436f
+	C = 8f86126a342669dcf9c33252e604d1e50cc3456006c188bd67af3c0d377613f2118c3a30c5e8eda09abca2390d917a306d17674df05432
+	reseed counter = 1
+AdditionalInput = 50186b6e0e5ced6872e29e6e51958d4b45a76ddcf2193a09
+** GENERATE (FIRST CALL):
+	V = 8424d5d091552a382e0f171e20d1e8d7bb6cb8cdf90c6f859359698e546a6ab16421997bf0112ba9aab6e3a56495569392811074128616
+	C = 8f86126a342669dcf9c33252e604d1e50cc3456006c188bd67af3c0d377613f2118c3a30c5e8eda09abca2390d917a306d17674df05432
+	reseed counter = 2
+AdditionalInput = ffb8f0ba582993acefe943d9edb1f1bc9e3ea21eb4377fe3
+ReturnedBits = 5719e82d4d260e11f9188f4fd455e98c9e7c9330e6b067bb5961db43bc01098163702cb5cd0369f32457e38adbd04aaa621c0f9d378c9dd6bb6ef9c5850d37ce61fcaa548b73c6d3e7169c6272700014aabb975b3cf1681e5e496160ab578d140dd626084066a326fab4fe871d7fe534
+** GENERATE (SECOND CALL):
+	V = 13aae83ac57b941527d2497106d6babcc82ffe2dffcdf842fb08a6c4e27f7d5c8ed4e38e3be00f4dbee5414dc088e5e71e40410afa0a10
+	C = 8f86126a342669dcf9c33252e604d1e50cc3456006c188bd67af3c0d377613f2118c3a30c5e8eda09abca2390d917a306d17674df05432
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 3d0b15d10c703f302a83e4810d4ffec1b08145eeefa3be51
+Nonce = 395476ec321df48789c3a366
+PersonalizationString = 
+** INSTANTIATE:
+	V = 84989b5e59cf6a8a5e7a629759062bf6eb22780227ea5f31b228c44164e1b3e233a5e64690110ef78811c41f173ae74d3250c9af4e6780
+	C = 584a802730699986f16bde32723984e1351da38a00022998e0159bb017187d1e2ed96904ce08f9856babe370fb9579a115a03d86c11de2
+	reseed counter = 1
+EntropyInputReseed = d8ee7d20aa4ab35be86893c6d019189032c8e714c50cf638
+AdditionalInputReseed = a9e3d51745325d04e4f6742216790426f8a98044152578df
+** RESEED:
+	V = c799be6a8c31060f79c63b29aa3c58ee2b18a42787d76edd6a8c8c81ce4065d43837f6e30307ea4c959c81613cc3cbec3134a518a34c98
+	C = 3209cffcfd264126a7df55af565787465587a8fafba521b1e7427b33b071ee0d5725ce23c0c95cffc3d3c330048ace17dc218056da4783
+	reseed counter = 1
+AdditionalInput = 4805e47959dabea4c303b76f18f0f019bdea8f245bb661ba
+** GENERATE (FIRST CALL):
+	V = f9a38e678957473621a590d90093e03480a04d22837c908f51cf08aa588bbeac4b6bea076801d7205157e666f38c5d7c92fd47761d0859
+	C = 3209cffcfd264126a7df55af565787465587a8fafba521b1e7427b33b071ee0d5725ce23c0c95cffc3d3c330048ace17dc218056da4783
+	reseed counter = 2
+AdditionalInput = cc50c6023e02b24b107fca55808d2573d024b72ebcb9c44a
+ReturnedBits = b193160079edaba72e9c8a04edb5de51d54361b75d128659b2103316576f11f4cab2e97120a1d58336d0af717867ec8c4294a27c18d0408e8e3b8c053e6be5ed3546f09822da4f5b94e03d39a64c1db6653ef768b91c4cb59e06a65ab5bb125b302d43a31249f1d9277175f2f43d9643
+** GENERATE (SECOND CALL):
+	V = 2bad5e64867d885cc984e68856eb677ad627f61d7f21b241391185197e801a0155ff4c25cc2ca72b7445e5ed49e87566023cde10debc5a
+	C = 3209cffcfd264126a7df55af565787465587a8fafba521b1e7427b33b071ee0d5725ce23c0c95cffc3d3c330048ace17dc218056da4783
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 9fdcef9d7cacbb8a647cc6c14e3eab134af03c553556e78b
+Nonce = 5d4b37824f13ce6dab9b2c10
+PersonalizationString = 
+** INSTANTIATE:
+	V = 67cb1b740d23adb27681645c9a3ef4ad9be3514ce6cc77d4712db42be06a7645878214aabfe8fdc2079bac7d92e9c48fddb2e06a34c44d
+	C = 97e57e214f95e7d2d7db6f59e13914bfc8a90a6d118145de03ec5987cdc2858932fbc50de2e98841d4496db023074768e13c8f9f8c80da
+	reseed counter = 1
+EntropyInputReseed = f9a710bac04debfd324b82dfa614735072a6a3581980e8d7
+AdditionalInputReseed = c65bbae3bb3b27befe552c1c2e46f330901c180fdcb76376
+** RESEED:
+	V = c692131bddb753ba3b5090bfc9ceb522c6cf3aca1f43547f60ce8f305be032ddcc60da73acf7fc7ab8c3f5b8259cb01eed2a0b14ddf470
+	C = a9b7bb438c0e53bd0da38e0165f4c74e03f1643e3a8c848df9d28aa353651610232a8e0820d7d148316dd444dba8f0d32964e62c395086
+	reseed counter = 1
+AdditionalInput = 43bd1a47667969bf760c0bdf701ec3057ee0e7c5e0f4afbd
+** GENERATE (FIRST CALL):
+	V = 7049ce5f69c5a77748f41ec12fc37c70cac09f0859cfd90d5aa11b4adc4d31acad3a07fef307b035d0535ec29653a5a5d5674f526e74c8
+	C = a9b7bb438c0e53bd0da38e0165f4c74e03f1643e3a8c848df9d28aa353651610232a8e0820d7d148316dd444dba8f0d32964e62c395086
+	reseed counter = 2
+AdditionalInput = 7f78088fd8904c2594d2e91c1eead3aa76e32343c5513711
+ReturnedBits = 8143fe77e8c88833c38207a5a4330e5fc76a8b367b7f0083772bbb2ddbb2f8bdfb80064154ea7161c36109c223094ba4e1145509398c75b905a703f84a1f255141fae68121294ac6ed7150b8a2813824ec03778e49ff7e42764701b4cbaf5989bcbd3770c2962b2bc89c26cd71e4aa42
+** GENERATE (SECOND CALL):
+	V = 1a0189a2f5d3fb345697acc295b843beceb20346945c5d9b5473a68eb1f4ea24a0ac2cfa84c6f4730ec44c474576dac4fada53c40b19c4
+	C = a9b7bb438c0e53bd0da38e0165f4c74e03f1643e3a8c848df9d28aa353651610232a8e0820d7d148316dd444dba8f0d32964e62c395086
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 98d93297dfd3476c551d667525cf0d0adb07ffd110976278
+Nonce = 469d2c9c7317e518c70507af
+PersonalizationString = 
+** INSTANTIATE:
+	V = dc243c397492846aa3e2734eebf7e51339babaaba784814acb6466b3839bde5a08fd59eca5753199a88813cb64dabe76638c489da48575
+	C = f72e9d24df6e4a0eaa32e8830e1687a96559b50b8b52f93762d5d7d3f0a2db00a5bdea1f8cdf069ef26beadc243749dab42e211f7af343
+	reseed counter = 1
+EntropyInputReseed = 787045f054d23d87b0449f6744d8983929e624e9f1095124
+AdditionalInputReseed = 0837082a2399c1f49fbcc48f1ec78112f04abd6890a77c5b
+** RESEED:
+	V = c6a00576550e5404595c3cb2f755daeec42ba66895a21b19c0d986e27e7a0cf4de5331df45eeb84e5b3095c29837fe990758cfee2adeec
+	C = e80a8bea95227177296290d9996f807875954eb9e5bf9d4d40123886610bd7272de40042b2f23ecfa0e9b2df835f53242a8a1ad3584551
+	reseed counter = 1
+AdditionalInput = 4a9fdd567223fe5a0ffa429b1a0470aa4155317bcd6493aa
+** GENERATE (FIRST CALL):
+	V = aeaa9160ea30c57b82becd8c90c55b6739c0f5227b61b86700ebc043ec956c0fe42ddb3ca1e3cbb1e6b3ea7e227583da9cf072cadc0a4f
+	C = e80a8bea95227177296290d9996f807875954eb9e5bf9d4d40123886610bd7272de40042b2f23ecfa0e9b2df835f53242a8a1ad3584551
+	reseed counter = 2
+AdditionalInput = 6a0798e3ffa997a6507d423b0e6b6eace9adc358dcf3bd26
+ReturnedBits = 88caf576334e63893e31d13d6e575b53b070fb2769ac753dc18be669e2f0e257cc67d00453362e34d983bfab521c1843b1e6e24ab90c2b8ea58ff7be5f04ad220a217948bd7c54e8006e19731ea0098eac1311f3f192b0487f3fac4b2d63fee40a290760017e8a3847a2031a2a8891ff
+** GENERATE (SECOND CALL):
+	V = 96b51d4b7f5336f2ac215e662a34dbdfaf5643dc612155b440fdf9e1736d2a84640a36d6d8fc3d9331a8a28bbe73fd00675abccb39c482
+	C = e80a8bea95227177296290d9996f807875954eb9e5bf9d4d40123886610bd7272de40042b2f23ecfa0e9b2df835f53242a8a1ad3584551
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 003ac987ba09cfe3983e09469ef8ca0f7c432fb216e80ca0
+Nonce = 28cabbae26f4628ac1923e1b
+PersonalizationString = 
+** INSTANTIATE:
+	V = ae0ef23843a844173bfae85d1502863e909f6816a3106a838e83db31a83c9f74e12447b6ab661882d28618d9e9fb5acaff179a2eebd863
+	C = 473eca22b016e77fadc3a3ed733f8b041cfd992a8045c22d33ee5cfadbac94717c121d39b3581f5adc7fd95b4d03e293cd370df5b9319f
+	reseed counter = 1
+EntropyInputReseed = 045b0c94d3b860dd9a823f6cf9f47006722136899cabbc2f
+AdditionalInputReseed = e087cb1380d67d436b4f0e7963e240b541af3078bc04dd70
+** RESEED:
+	V = cef539c3f2495918749c15a66ebb164ab367c90a008d632fd5a28977faf1c608e4af42356847f349bbae7af08110ddb93585891b40ae34
+	C = 695464b8e04725bcf033c49bb7fea8efe86c3d578a780df81ba79518f8f62fab26abaf6e07e3613328e9c4c874ccd4c1a1750141ce0f26
+	reseed counter = 1
+AdditionalInput = 3908a2e4b26c1c72c542e9b28453064edb7d95c81da0e66c
+** GENERATE (FIRST CALL):
+	V = 38499e7cd2907ed564cfda4226b9bf3a9bd406618b057127f14a1ed7f4cfcfa86d0ef75a09fcdb82758a846f7edfb16c8680ada1c51fe8
+	C = 695464b8e04725bcf033c49bb7fea8efe86c3d578a780df81ba79518f8f62fab26abaf6e07e3613328e9c4c874ccd4c1a1750141ce0f26
+	reseed counter = 2
+AdditionalInput = a2dca9db510c6df83ff81f2b7bdb77dc6c93f7db9fb0c640
+ReturnedBits = 4b4c17c1d9d5e27322978453a216d3ee31ea7ced4e425288d3c6363350df9177c1f2b774f51ff02a0c5024c179183fecc35811ca4f3bbb32ca9017e454f25717f4ff8480150960ab174861498fa4853f44277fe8a68453c818c298305af6b6d9c55c2296f0dee560fc2ecca15aaea597
+** GENERATE (SECOND CALL):
+	V = a19e0335b2d7a49255039edddeb8682a844043b9157d7f200cf1b54f63c81c384d675db03392edff889b64762a1a9e36bd9be97051d335
+	C = 695464b8e04725bcf033c49bb7fea8efe86c3d578a780df81ba79518f8f62fab26abaf6e07e3613328e9c4c874ccd4c1a1750141ce0f26
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 42445aec2c544bd8d6daecbe0c21509ad2ae92a35bcf9b25
+Nonce = c92bc1c804ea84766ca481b1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 66db816db01e13d8f556e33115565eb4bd8c2f7378c78424f6a4245098904b6b46d8f03f0eaf2351f92cb5c5dd91208064e4d46aa9f620
+	C = 2fd5e35818bd350afa6d62e1e34a2a3825bfa54ab452adeba018b48375f371e309450e198ea8e00ae37eb359e1bf15ee0154e3f762370b
+	reseed counter = 1
+EntropyInputReseed = f7a52977362d48a3083a51fca7c4085b7912c54e359b2859
+AdditionalInputReseed = 1ed21748b44df50ad37ef0c457536df0d72ff59754eed4da
+** RESEED:
+	V = 35f648114c86211d2e2accb270d1fd94302f04e64a3a19665e8d04b5fa8f7014b4fc1730e66130b67f965cc4aff268ea6c4294778b537d
+	C = f5a85d4f2d473875b0fbdb5fca95c382a6752c0073b048b9dd6e5c3155c9db8dcc9df6ae7d023609b8b73c1f0b0a2966a7718f31ea5b38
+	reseed counter = 1
+AdditionalInput = cad402f9180e2fca41bc4baba934f910945762906b782e9f
+** GENERATE (FIRST CALL):
+	V = 2b9ea56079cd5992df26a8123b67c116d6a430e6bdea62203bfb624d983ce7229b812901d74322f54eec23d53378cc3dbe64b826609e1d
+	C = f5a85d4f2d473875b0fbdb5fca95c382a6752c0073b048b9dd6e5c3155c9db8dcc9df6ae7d023609b8b73c1f0b0a2966a7718f31ea5b38
+	reseed counter = 2
+AdditionalInput = 2a84f3c85aa95fffbe19f4e5a2211c0a2b9fc1c9d7de0df6
+ReturnedBits = 44805f5b9c62046c261beafbf086e9818a8b3191374ef76a714a39cbaa19ae30884ff834d2e971c9b2fb05c98d0c3e631b4b422343d28a5ab7f82c799d7c6bb8757f8639499c9fa4ec6cd93dcd588a5d3e78508f73f4874cb1d9e5902e46982b9e2492327afe986fe9923d8aab0baa4c
+** GENERATE (SECOND CALL):
+	V = 214702afa71492089022837205fd84997d195ce7319aaada1969c058fd59d2ac9fd4f99f34ff021c5d407c411cea217351036b8f6d47a5
+	C = f5a85d4f2d473875b0fbdb5fca95c382a6752c0073b048b9dd6e5c3155c9db8dcc9df6ae7d023609b8b73c1f0b0a2966a7718f31ea5b38
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = ceec03c1f6be26a3f51772945de7e1a7a3c45f3c6f79438b
+Nonce = 4606c9f2d0a1b3530aa7fb14
+PersonalizationString = 
+** INSTANTIATE:
+	V = 411dcd4cef8a979eb728dd96ce1c0812598c2058fb35e84ec2bd04ef46420b8a78327cc0c173f435d2ce80b7caee46fd8d66aec2128b27
+	C = 2274965c595014d30f58ac2ae8eff666b1ab6339f4120f68122e23438ef993b4bced1aaceb94d7a76d1b16452c9a3f7cda2d10ff70a65a
+	reseed counter = 1
+EntropyInputReseed = 0090db711f47a5f4819a665ceaf85c6ad7533c7bf1375070
+AdditionalInputReseed = 5559ac4b3792924f7048e73d241f85953f8610922be4781b
+** RESEED:
+	V = 632bca98b944b38a2e76cc9fe4ed815febed46b674d3ba3c3801b2db0599f1d62180cae549c5802466fd1a42bde581eb6eef997475249b
+	C = cfdefbe01ed72c17a8e584d7bd6aa360532f463288bc058a0eab7bd11652ea26f15e262f2d41855d8fd27d2ae7162ba7907127469fe64f
+	reseed counter = 1
+AdditionalInput = 624a18cc439acf472abfc83add520e4e2322c5f3986acffe
+** GENERATE (FIRST CALL):
+	V = 330ac678d81bdfa1d75c5177a25824c03f1c8ce8fd8fbfc646ad2fd1181f64b8271b0c26693a782dbca9baee371ecc1ca8c83b181d195d
+	C = cfdefbe01ed72c17a8e584d7bd6aa360532f463288bc058a0eab7bd11652ea26f15e262f2d41855d8fd27d2ae7162ba7907127469fe64f
+	reseed counter = 2
+AdditionalInput = 1764b16f0a5881539e08ed6562e5ef415a2631be69d6ca42
+ReturnedBits = 8a9e2d553c5392a1b4adaa10191ba0d97986bbdc51be7794cc564d20721304802d061cbc5baf75723611b8a4f2d56183c71e824f265737170c16fb9c3c8852300589189537de5b8cbec0c4fa118e2eac609f893462050915ec086679ccf31740e424fde1182a52e1a3a12ebf83a8ff3b
+** GENERATE (SECOND CALL):
+	V = 02e9c258f6f30bb98041d64f5fc2c820924bd31b864bc5505558ad49d48bb6dc2ae2e3751599cf9ef7ff41539cbb02fc9e19495e328289
+	C = cfdefbe01ed72c17a8e584d7bd6aa360532f463288bc058a0eab7bd11652ea26f15e262f2d41855d8fd27d2ae7162ba7907127469fe64f
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = f9e8894619ea4e92c8cd006ff1afa8870fe9ac7c998c75e3
+Nonce = 79c3c3993f38070f3544c18f
+PersonalizationString = 
+** INSTANTIATE:
+	V = a9b9fbc3f756840497dd961c074c970189c24aa28ca64343f1a1b5593a5a7f5cac4fe0e9e1f10cf4bf80f1014c7efd22a1d91509c75f72
+	C = 8947a235892826d7127a41c0ff52277db708cd2ccef08944b95f4369a85e143d189e13862d70135fc3e7c50b0b6723387d3cfc1a32c51c
+	reseed counter = 1
+EntropyInputReseed = 19a4c85332b65c24bb0b705dde2647f1261c5f02d50f0076
+AdditionalInputReseed = 015c55a4a10dc0dca4d2297e7a9354735d956d7e8b003193
+** RESEED:
+	V = 6fb4472face0343a2ad73a783a28a6c869e4319a58eee3cf5e5e176a26174d452b3f8ab31db5852b7645679aba73272b5f9f1236266b1b
+	C = 5db7bc15801c391a16d929c70285ee8db2c2fdb168962e159a55f1e259d61c59bc3e8c879c9206b62216892b44d2df1bd3052d6c69f98a
+	reseed counter = 1
+AdditionalInput = c40041aef87a67385749fc078b5def6840a93c7612741d95
+** GENERATE (FIRST CALL):
+	V = cd6c03452cfc6d5441b0643f3cae95561ca72f4bc18511e4f8b409fad188283975fd9accf56d99cecbf1a2b4cbd8846d671c5e0701217b
+	C = 5db7bc15801c391a16d929c70285ee8db2c2fdb168962e159a55f1e259d61c59bc3e8c879c9206b62216892b44d2df1bd3052d6c69f98a
+	reseed counter = 2
+AdditionalInput = 682c162e7f4e33ca60fa52f583818512fc4f0b2996e99568
+ReturnedBits = 2a9d97b312132a84bd852dffa04502d3cb274b0ce9d92e8a49c3a34fba92c3ece83a2cf7f2f8b1b307b99f36623ae93a3031863e2e3c1815c7db3782d39c321e68e2d283bed5f3ef57aa79fc71afb99a71963ec38962298f9d629b784268dd800515d22517359c1b867ca3ff8bc7f161
+** GENERATE (SECOND CALL):
+	V = 2b23bf5aad18a66e58898e063f3483e3cf6a2cfd2a1b3ffa9309fd6458e0fe8b742e1cc8c31127a3a1dd8c79a7e912dc2f57765c521b3b
+	C = 5db7bc15801c391a16d929c70285ee8db2c2fdb168962e159a55f1e259d61c59bc3e8c879c9206b62216892b44d2df1bd3052d6c69f98a
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = cc9e05b60921132a92c2be06ba6d6f38e9962823e88eba38
+Nonce = c8f362607d934bcc8a46d5c5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0324770a1ce60762c1f72b751d6001d4f2b35584286b057c4afb7029f5944919c1da59d4110608c80acdba41850705b72f4942f1db9a64
+	C = b2cf5929f71690ba3cfb7aa8aa792cbf88a639e01dd634c2a37737e4bff088f1fd4930cdc9f03755bd327846c0db5641ca6e29908adc1f
+	reseed counter = 1
+EntropyInputReseed = 9bf860526fce9cf32976f54e8aee16cb04e71036e4a213b2
+AdditionalInputReseed = a3e1c86d9934aff23a1677ea40ebdc13cbcb17bfbdc20547
+** RESEED:
+	V = 4761e943ba50a56c3ad7a7146b5a59f26aa30ab8faaa34168fd0371c3c916d0c34c81c90cf8aea9bc79c77cdb59e7640f80a4d182565a2
+	C = 26d817abeec538f4e5060308f19d35661ada060c6117a7ddafc6097b6b8bb27854960b5586511525af0583ffa32addc9665acf9a7af0e6
+	reseed counter = 1
+AdditionalInput = 1abdba4c6c7967bf8119a49d2bdb7646ed88db3fb24f0cbc
+** GENERATE (FIRST CALL):
+	V = 6e3a00efa915de611fddaa1d5cf78f58857d10c55bc1dbf43f96415fb2733b8ac64c6a76b5189ef8623c59d3470c2d79b8a65d96465eaa
+	C = 26d817abeec538f4e5060308f19d35661ada060c6117a7ddafc6097b6b8bb27854960b5586511525af0583ffa32addc9665acf9a7af0e6
+	reseed counter = 2
+AdditionalInput = ef1fe93137e16fcc30c903e03b6942d212eb2c1c55065e89
+ReturnedBits = 009d43f01e0e8f76c2468a4ec840abe7de1010189e23cdfdcdb547bb53c4e1f2ccdf487658aec6fef86c2fcc4b86d3b99123fd6dd664c8bbe1e50511d4e577d87dd2a3dcbe1d281eb6077e1a372790b3e662406d151cd16c578a16891f8377f2f2802de9e6e0a286f589b27908ad74a5
+** GENERATE (SECOND CALL):
+	V = 9512189b97db175604e3ad264e94c4bea05716d1bcd983d1ef5c4bedcbeb746751f2f80b32e087c202d202d690a64ccda7b79a3c7d09c8
+	C = 26d817abeec538f4e5060308f19d35661ada060c6117a7ddafc6097b6b8bb27854960b5586511525af0583ffa32addc9665acf9a7af0e6
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 141b79f0fc4d634816412b39a37e9caf4e9bb3a9f82b5649
+Nonce = 4476136091a0fe4d1e65835b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 37566f49c39aa147390f97aac0060020fd9a201bc6e864fc229c197156c8d5001a04800e2359851aad310e3392be3fc7b0bd68a42fe517
+	C = 956d8f59254a76ba222e25c36496e90ae2e19f556f2312cd84c3a0c31068c49a8d1b9a125675766522577df00e45852f84c88b5b3d8662
+	reseed counter = 1
+EntropyInputReseed = e509b4081fed1cc6708ea3646409196cfa75d8716050854c
+AdditionalInputReseed = 96f718b79e774a9e0a19bec88dbacbb0d058036dae778475
+** RESEED:
+	V = 5704007db2957f9665598c463395d99209c12594a3ea4ed4f59b6040bb728b40309b67bac2219a6f8459c6ddabb470b557db78dd4a069e
+	C = 65d65f04d82c6db7545aa0f10c5f1346bfef5627b4d1e283e55a1c3cadf78e4b33f47cca0d4c055958e735c40e698f2907656e81232cf5
+	reseed counter = 1
+AdditionalInput = 1b08aa985003a5e490fd7427059609feaed65d185b2dc7dc
+** GENERATE (FIRST CALL):
+	V = bcda5f828ac1ed4db9b42d373ff4ecd8c9b07bbc58bc3158daf57dad45133e28666f93bbc5168256b3e4d428cd40d1e6aa316b04c41d14
+	C = 65d65f04d82c6db7545aa0f10c5f1346bfef5627b4d1e283e55a1c3cadf78e4b33f47cca0d4c055958e735c40e698f2907656e81232cf5
+	reseed counter = 2
+AdditionalInput = cff1c0728d1b1a5cdd4d1167d03a18bba33af2179db847c7
+ReturnedBits = 197c17e8379a81ee0d7425cd91f8cb94f4ae853dc2b08db5c249738a85ef4107c284ce83d19c1d58e00ce53bd2aa57a999f871629b74aee0f7fcb8a02910163479b8e18b6eda583b8196699c1a6f716feba584ac4bc19b073446f834186e9ac33cb5483667ada7f2774fb1e1ff037181
+** GENERATE (SECOND CALL):
+	V = 22b0be8762ee5b050e0ece284c54001f899fd1e40d8e13dcc04f9abd64c62fd8064788686293cd3e174c0efe1950b758512fc69f796001
+	C = 65d65f04d82c6db7545aa0f10c5f1346bfef5627b4d1e283e55a1c3cadf78e4b33f47cca0d4c055958e735c40e698f2907656e81232cf5
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = ccf03b9a3c5b772c572c8f6c02e107c962946dd7bc33dc26
+Nonce = 1bfc3bfcfaf135874c0b29ef
+PersonalizationString = aaa09aa0a501c73c89add0b5eaa5465a42407d231196c1c2
+** INSTANTIATE:
+	V = aa559f6e40ebdef9cf9696a10d9aeafcc20d1477877a1a6fc1590e411ba67e8bfd57ce16ae0d7e4c5fdc9ea89d41432c37828681f5eebd
+	C = 4ab135538a397702be1b20af052e246f14e049b37637234ded48dd01050a8d811edc233c74811de79760dacbb0cbacd3e994af5552ca8f
+	reseed counter = 1
+EntropyInputReseed = b5ef235b434c3145297bb715eddbf21d1645a9720e1c167f
+AdditionalInputReseed = 
+** RESEED:
+	V = e861452aa87614ecc0d502f377ec3c19790f6ba67f005afc124b3c2ed31ad63a5f442b61911763e92ce25602b4e5b78edeb6d3cadb3e56
+	C = e4c84b5371fac802c10c305fc907198eb374ce3d13320a2448ff33b88f4f2693ceb061e7f0c749ffdc48bca018cf00891a391092479ad4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cd29907e1a70dcef81e1335340f355a82c8439e3923265205b4a706a5b36ccd4eb63976c9b512fde5b0b408a53521d5b150aceaa655b47
+	C = e4c84b5371fac802c10c305fc907198eb374ce3d13320a2448ff33b88f4f2693ceb061e7f0c749ffdc48bca018cf00891a391092479ad4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5c97763dc7bc2c0cb7bb74635b49c21e1d81d54ee1ddf1fe2413a5a7ed361779d7382788314b245b214edfb06c6569b1f5ff9d246126c449fabdaa716d8b540196a19d7d11a22ee132f6d02e821750ebe4054e7b303fc4deb10797bbf251d699beab7ee26596ee6de8feaaf5f7d7530c
+** GENERATE (SECOND CALL):
+	V = b1f1dbd18c6ba4f242ed63b309fa6f36dff90820a5646f44a449a499fc29c99d6b2c419856682a4003f6e2afc124f6a5e2650368295367
+	C = e4c84b5371fac802c10c305fc907198eb374ce3d13320a2448ff33b88f4f2693ceb061e7f0c749ffdc48bca018cf00891a391092479ad4
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 6b9ae3be5582734e2ed4b2c51029ced2d7eceaecc7da7a32
+Nonce = be13c44f8b7ba0221be45be1
+PersonalizationString = 68f90cf3c712c8419d60bce1672c4091d2091733c5b0bfa8
+** INSTANTIATE:
+	V = 1b2a3857c8fbaae7d9beef322eff0ed2ec0a77711282e8395e02f172ec7d9525f321c72f4b5548bfe658088313a21a1b43aa4f3f660829
+	C = a1a0c1bc8f5cd94b029e4c268a3eeb59c8adb90bcabbb67fdb719f9578fe7dcd8e6d91ac62bdf98034240b202c3191a68bf9ce038b091a
+	reseed counter = 1
+EntropyInputReseed = 773def56eed59d1ba45c9aa10781e71789c4e604620b5f3b
+AdditionalInputReseed = 
+** RESEED:
+	V = 33a2a175c0f01adeec191b216c0c1d6fb5525e10260426dbfe3cf91f02f832e74ecb367fced10c7a6fd3cca068459b8faaa509c82d14da
+	C = f34c0f6f904dd37eae9878b59b5addc91411c0e72da4d0a85420fb52a8029ac9dfbade6dd576a0be13280e2bcab67c617aee2ffe90941e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 26eeb0e5513dee5d9ab193d70766fb38c9641ef753a8f784525df4a38b3558765b7793f014de0b159030207a7aee7a8aa59177646fe77d
+	C = f34c0f6f904dd37eae9878b59b5addc91411c0e72da4d0a85420fb52a8029ac9dfbade6dd576a0be13280e2bcab67c617aee2ffe90941e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 66acef742c657eddf5b5450db6a503aa80d1b5257ba81e0c2bcc0c0e62a0fff34032b94384e91c1d75aa04dfd37dad2d8ba275b5bc779c45e3f189e4c0c954d0437086504ece8c5ca0c3d90ea07bfdb7b21d2e71594a78906267848385d8f5f9b050ab099d9cb532f10afd913f6d3b01
+** GENERATE (SECOND CALL):
+	V = 1a3ac054e18bc1dc494a0c8ca2c1d901dd75dfde814dc82ca67ef0988eb384c3c2ce04400f42e372815d51f44392b95f9f952cab1ce5f3
+	C = f34c0f6f904dd37eae9878b59b5addc91411c0e72da4d0a85420fb52a8029ac9dfbade6dd576a0be13280e2bcab67c617aee2ffe90941e
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 6d48c344eee304fd79e7ceddef68434871ec89a7b82270ef
+Nonce = c36901d21202d75539eb2f3d
+PersonalizationString = 949737efa2748a833457f5c09a5e86abba79e9219fe5091e
+** INSTANTIATE:
+	V = ede5feed2395eb2f64227e9222cc74b430878b8188995a452429c527278378c202fdc2fb6e77be26e8ec8b456b04a1ff36a864727a3b58
+	C = ed22228213ef2fe78fa6d4043d09ca30f538f7887fee800a66d40d64831c1e4e405bb4b238ca3d3d07def35ed0b4d87481ab6bc091f6fe
+	reseed counter = 1
+EntropyInputReseed = 4001a7f35ddf9d82ce957230b8f6256dc6e2534beace4746
+AdditionalInputReseed = 
+** RESEED:
+	V = cda6ca9bd63df42ca83b5835e24acd6fdde87e1fa1255470d81994130a65cf740049eb1ace736df3221fb7a869a62a1dd75fe976632ee6
+	C = 96b1595d7e852a3d91ad96aad529c4e244ca6a1b2f241b1461118483264c75a3a46ec18888b80dbc26e198c487100f7d47c441afb071fe
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 645823f954c31e6a39e8eee0b774925222b2e83ad0496f85392b192653a302ee19d1ad82280e4511722da1385072f358d154b5d6236462
+	C = 96b1595d7e852a3d91ad96aad529c4e244ca6a1b2f241b1461118483264c75a3a46ec18888b80dbc26e198c487100f7d47c441afb071fe
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 40dcd7fd3dda2cd39979bfeb1457bf470247c9773af713b179c4e38f2163f09dea722f3edd4e47170c96809d642853101b922644858fa41d69098b4b662e53b9353ed0200185c232adc502eb5fec8af35178d6410fdbf4f8e868d9c9d534d8a605e6583e2efb33fa2486fe2563e0304f
+** GENERATE (SECOND CALL):
+	V = fb097d56d34848a7cb96858b8c9e5734677d5255ff6d8a999a3c9ea7687d51b7c1fe187d72181a490907597c51449e3905c5e5c12a6c30
+	C = 96b1595d7e852a3d91ad96aad529c4e244ca6a1b2f241b1461118483264c75a3a46ec18888b80dbc26e198c487100f7d47c441afb071fe
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 9c19a272c65a333ec6bcca15b52b4bb5786b28eac7999d2a
+Nonce = b2ea2e7770cf659a6f1007eb
+PersonalizationString = 5b96b5166cbcfecbc94f42da81b19260e10ec9b7aee65f30
+** INSTANTIATE:
+	V = 14fe13f43ca3fcb3ea428f36cc8a21fd10a424a6e5b19a67cd4f14155554c6ff8197ee3882d5468f3de421ecfdf5c3a8fdb07f1d973128
+	C = 22964359e8bbb0c15edb5cc7d2e8e90bd35dcd1657387c776f3f770bd7302b2cae8922c5aa5d0dda0f6b8c4c42dcfda3cf39fa9b77c978
+	reseed counter = 1
+EntropyInputReseed = 71f3ab9823f874275b9a3aa1e9f1399ed9bfd4ff5f1e7f1b
+AdditionalInputReseed = 
+** RESEED:
+	V = c0b81c4ee1d08adccb78ce77aba7f9ebb6488ea90caefb8b8076e8ba036157ffdbb64840eb356bd5f0575310ab0b4a44b90abe49e3d9b1
+	C = 950182c6ecadddd5722412e88980764f1827fb03b7e0dde359945655635c55019702e933c77d5926ce8949ac73dc47f80603c4ebbf4dcf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 55b99f15ce7e68b23d9ce1603528703ace7089acc48fd96eda0b3ff0df95746879c195a061f8d10f995d0881f99fb98989bba10d2a7f1f
+	C = 950182c6ecadddd5722412e88980764f1827fb03b7e0dde359945655635c55019702e933c77d5926ce8949ac73dc47f80603c4ebbf4dcf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 47aa426971d6a19ac2853514bde8e9c4bd69ae55f6327d403dba8b341995c6691710fa1bdbc46517a4342e922728089a0659711d8fe6f95c2e2ff22222b94d1d2fd012e2262af1e8d9981628b017b64060e45e2d4ecf7522500ef753ba843b9d1844aa6a2a84c00442be38cbfc72d542
+** GENERATE (SECOND CALL):
+	V = eabb21dcbb2c4687afc0f448bea8e689e69884b07c70b752339f96abb53e5298bd75a9a1e32920335d971855a8b7a69d1fc4947c63bdb7
+	C = 950182c6ecadddd5722412e88980764f1827fb03b7e0dde359945655635c55019702e933c77d5926ce8949ac73dc47f80603c4ebbf4dcf
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = f5c67e33043266c50afa48f7e0c37d5ef65e4cd7fd276354
+Nonce = 302c97ed2579f4b719042946
+PersonalizationString = b720aa461024d3dce03be545fce3fdab7b1493c779a70b7b
+** INSTANTIATE:
+	V = d51385c0233ac4c11e2cbfaf15e512053b31684c7b2cf537e39258e27b1174b49e89c914774356773ceac0b0ce7697b96ffc842e07092f
+	C = a4ef38463248c5928e1544315a0eeba03f61a84a64ba14ed9d4288326c1addd5787baef5198ca042cccf06c1fd63fcc8540f1f2f2bf368
+	reseed counter = 1
+EntropyInputReseed = 3d71283ec325d364a00a11312eddeea0685d0e303832c1b5
+AdditionalInputReseed = 
+** RESEED:
+	V = 2e19438de6496e103f79031e77fdf36d79d37d6d1d37a3794fa9202e44637bd5d4ba682f7844c29e2dca08d33c85990f6376f8fe667ef6
+	C = 3c76e7465fee57a85abb4565f20e753d419795da3ecf5a22d435eea408b73e32c9d21ea739e3f082329e804f8bdd3adcb8b74517b7ddab
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6a902ad44637c5b89a3448846a0c68aabb6b13475c06fd9c23df0ee9e541ef419469cec9f5e1ddac2a057ec9ac190296587426370851a5
+	C = 3c76e7465fee57a85abb4565f20e753d419795da3ecf5a22d435eea408b73e32c9d21ea739e3f082329e804f8bdd3adcb8b74517b7ddab
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 094c51955da9c54495e4210556009212d8318caaf8e8c1d1383fb6ac3e937ead735a0a6e3a4ebff7e591751e664c215d53f23fe7dc0acac4dcfbd01eeb0f3025d34e6bf67dcbb8b7d0b57836edd795ba466652e52085607c3de234256b8c1716a98589957c48fd5e231885aa328780fd
+** GENERATE (SECOND CALL):
+	V = a707121aa6261d60f4ef8dea5c1adde7fd02a9219ad657bef814fe736e337c17745bfcdf13ed4b94cdf11b3de5d67887075436c1e749ce
+	C = 3c76e7465fee57a85abb4565f20e753d419795da3ecf5a22d435eea408b73e32c9d21ea739e3f082329e804f8bdd3adcb8b74517b7ddab
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 9f61fc258736822c94bb75dcbf822c9cffff894fc8b6a0a8
+Nonce = 7615daa178f0accedabf0b89
+PersonalizationString = 0c7b38e496a3648779af3b8dd1293999186373a34c8e7c59
+** INSTANTIATE:
+	V = 68549f55d5e483c604ac91fbce8196fe6201f00a6911706d4e5160951fbc79d3be24e127adadee7cc255f0cfb5d94348e3f60c7b215e96
+	C = f352f9e08045af922395df79203d9ebc590b5f9ebcf261c661428becb86287d82fdc43e6f77e2f2ce0939cfeca3cd5339e2a98ad93af5c
+	reseed counter = 1
+EntropyInputReseed = 88108bd86212dd6bde6b57cb37fb1a0f02de3af422b027d4
+AdditionalInputReseed = 
+** RESEED:
+	V = 56430705229fc03432051201327f431b0f4796500bcb88a69b51a925f253586578dbb24154fd9899c6423d0d127f631de1452a9c1b670d
+	C = a841f78a8fa679bd5b0d8622ef3b1697bbe9679bb1680dd4ad4867fe2f95fa2b2265cab0b84436176c3cdeb99be0bbe67f1589e495164f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fe84fe8fb24639f18d12982421ba59b2cb30fdebbd33967b489a11def6def124cd757d143401c125c4c0147f3608f47006a68d7d349217
+	C = a841f78a8fa679bd5b0d8622ef3b1697bbe9679bb1680dd4ad4867fe2f95fa2b2265cab0b84436176c3cdeb99be0bbe67f1589e495164f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6ad5cc7cc4c48d0ad407060dfe9e5a005de52d72e5268c031a666d150ab61bf6c22ef0ef5d9b795cb745eb6428ae8a39025cc65c5ae27d2f861d46b55c4623fb92461fd587c480ae02ce06a78cb7e6191ab9e7e3e3cccc09eda13371b25c2bf0ba7d6e9f5098032b32a239fc6d8380e1
+** GENERATE (SECOND CALL):
+	V = a6c6f61a41ecb3aee8201e4710f5704a871a65876e9ba44ff5e27a6b78160b4fb511650273a866cd8c77f82578a260e6ddea66669fd39e
+	C = a841f78a8fa679bd5b0d8622ef3b1697bbe9679bb1680dd4ad4867fe2f95fa2b2265cab0b84436176c3cdeb99be0bbe67f1589e495164f
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = b70cf8a177ebca0befec3c479a6b6333a02993a08dd153cf
+Nonce = 281434b8a15b898aa46c1e01
+PersonalizationString = 7b14dd867a630d6eb05e2cebd8b61b2c79816e305a5e074b
+** INSTANTIATE:
+	V = e58a3bab5aa5176ba47dcb61418e955406af60efcf9e9712c8a18e94844589ae2ed91730795731775b4cc22823070627b3e5cc204cf649
+	C = a171616c3e1b098b8771c10d532f539576ff822db6753815c5809294a205ff00018cb06a03c64d6ccc476577fee202764f3c9f8274d86e
+	reseed counter = 1
+EntropyInputReseed = 2558b17ecbfcda82ca41e70c8e185610566f938f0e5e8906
+AdditionalInputReseed = 
+** RESEED:
+	V = 32e04e964aa9d1849a93a2d3c97adb1100d67c585d5d325ad296e98e92faf0558ac358313547a3d60b86674812d42d2b23127e58890284
+	C = e3d9c4dd9bab61fa26cefd79e9a981ebe885cb7d6dfcdaf21191bad6e3a274d57884ea28521ebb50c3d205a2f683023e11e8e58581dc0a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 16ba1373e655337ec162a04db3245cfce95c47d5cb5a0d4ce428a521899367ac47ec1b29d55c036a7666e576403ed9a6c9e589e641370a
+	C = e3d9c4dd9bab61fa26cefd79e9a981ebe885cb7d6dfcdaf21191bad6e3a274d57884ea28521ebb50c3d205a2f683023e11e8e58581dc0a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 695bc75bb1ba5ed8fce5212997fe09f26c66b6cfdd63a9230efdab95c52f9c010eb8453912ecef534251eb3cb04e42d170010f13b5e79fa0c4dc6a0580f1bbc86ffbaac168b1e1612fcb298b6bc7906511af5d76786f4d66bef4537affdafa2bb82142e318e8ca0ba1512c3bdf6a1204
+** GENERATE (SECOND CALL):
+	V = fa93d85182009578e8319dc79ccddee8d1e213533956e83ef5ba608e28a4f1e3185f2c0aa0b5ab039ebfafe6a0985d90f434575a1693cd
+	C = e3d9c4dd9bab61fa26cefd79e9a981ebe885cb7d6dfcdaf21191bad6e3a274d57884ea28521ebb50c3d205a2f683023e11e8e58581dc0a
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 5ae5cb9fa2e9548150f3c48bfc8512c03492c9d6fe839bfe
+Nonce = 150642776f96edd9a1c7592e
+PersonalizationString = c7dc71cd16fc523365ddd43fa2e98f5fb14ecd9f1a3dacde
+** INSTANTIATE:
+	V = 2eacf3e2aaef9b93be9e2eabea7772ffe79e121839522fdb264d7cbf8898be52286181274913c6c977f6ed31cde4684b9c2fee0a3c58c6
+	C = a5fb3c8002607fa1d55263a5844f0f95fb9eb3137c25a0b2e7a4dbd6445d811826b90d8e56b7312e739de1fe090edbef321aa806779568
+	reseed counter = 1
+EntropyInputReseed = 55b29f60ec6005fa570679a9b13c984d887c4828ac54997f
+AdditionalInputReseed = 
+** RESEED:
+	V = dd6d826fd98d9003c20ae0d725fe8475c4a5801c1251b622790304f775dd0233d326f900b09c17522d5af8025c8a9923d0b898d1fbd367
+	C = 19b24993ea975d2c54fff7f986afc97ec3e967b2eaf6d1890cb6b504404ddd52893b033cd9035dd62f2f7815a58b45e3abdb9beaf65ee9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f71fcc03c424ed30170ad8d0acae4df4888ee7cefd4887ab85b9ba9e6b1d4d7b61bed72da3c2442cbf3a69562535bf408673c9bf569e52
+	C = 19b24993ea975d2c54fff7f986afc97ec3e967b2eaf6d1890cb6b504404ddd52893b033cd9035dd62f2f7815a58b45e3abdb9beaf65ee9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a7a1ec53b85b1270a302aca99760a0ae3e3ad5de3563d1b5c8da368f7aeec726ea8854935d94a99b877d6443188270c1971eb9078274568e9708956934fb0ca12232cab6878e13fe3b6402418107c9ea27cee238d635da910067d426d1fd7e4b75dc44eefed05a673b27be13658b9d99
+** GENERATE (SECOND CALL):
+	V = 10d21597aebc4a5c6c0ad0ca335e17734c784f81e83f593492706fe8faed5b2dc9a26893be7a0eff5de052fe855b3cf890bc4f71c147c8
+	C = 19b24993ea975d2c54fff7f986afc97ec3e967b2eaf6d1890cb6b504404ddd52893b033cd9035dd62f2f7815a58b45e3abdb9beaf65ee9
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = a7c1e29d88359c2e18375a03677bbfefe765390855719141
+Nonce = 514ab7b2b58a82cc5ae7696c
+PersonalizationString = b75e10ea1ea39c00975b0dd12d4138258020f28baec19691
+** INSTANTIATE:
+	V = 2217e73fd764c9a720e3fb4906909f758398f24fcc1cecc8aeca441a4c65433bf8fd615e4ada68bfab2468d3c316db5ecfc34d55aa28cc
+	C = b3fa725b8badc09e37d5488312ba3b1e851e831ec0d8ae958e56015a2d671ced0d89620e74882f2fbc581abc9b8e4d42be8a25c34cecea
+	reseed counter = 1
+EntropyInputReseed = 2662827203c244f83164c9c07cae2d2f0a2bac8cda10a6f6
+AdditionalInputReseed = 
+** RESEED:
+	V = e59640a2916076f1c58dd7f887cbe068db185fd984392ccdfb330f5bfb643d4cf3e21cb6eb2418ab2626dff67a083eac0634daf650449c
+	C = 2cad3db13ea756efa73a41c231a58e835d6f0978a760978b4ba3ee91ec8c117fb56c9ded54418898c98f29a7fe425cf9bbd46f5de65b1b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 12437e53d007cde16cc819bab9716eec388769522b99c45946d6fe8d693184de4312ac754c550c160ff295ac7c9442c3dff7c5b7a0b1c2
+	C = 2cad3db13ea756efa73a41c231a58e835d6f0978a760978b4ba3ee91ec8c117fb56c9ded54418898c98f29a7fe425cf9bbd46f5de65b1b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bcf2fbc24365422223ae0e6872c54a7ac394c5bc8d223d98618c0649b75e6c8467181c1d33edb2afc09c3afb9915909b85854662fec9a4a826c3f7706441faf2be82b1ce5bb0c2ca734cac2474d31eeca2e80f1cae427b85436693decb192ad4df48c35a9131ca86d6f1407deecdfab3
+** GENERATE (SECOND CALL):
+	V = 3ef0bc050eaf24d114025b7ceb16fd6f95f672cad2fa5be4927aedffe92bf2c655bb9321933c599bc8e83498857d753f3da3ef064d75dc
+	C = 2cad3db13ea756efa73a41c231a58e835d6f0978a760978b4ba3ee91ec8c117fb56c9ded54418898c98f29a7fe425cf9bbd46f5de65b1b
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 8cd19351ecae71ea9a0a02402e1afd4ecec07484c7e618b1
+Nonce = e79c1929c749680aa1dd0a8c
+PersonalizationString = 18ef6b5078acab9e3b3f324ec5b6e8177a55036cf87f42c3
+** INSTANTIATE:
+	V = 749f272ad042f448e95f9229325aaace013402ef2b0cfb301efe284b44ff18272ed83401cfa36923cc08559556590a8fd1244efca0ae0f
+	C = f93abb1a48e53c7570486800dc12dc024c405e2c7dce6f06edfff15bd3adc0ed4dd84cbf7366b664b916b31490df6b813dae4355e1fe69
+	reseed counter = 1
+EntropyInputReseed = ff68efe9d589a6a4bb96cffc3e9c9ded9d12e899b7464d8a
+AdditionalInputReseed = 
+** RESEED:
+	V = b446f9dc4fadd84c3aeabfcdaa0d39d5468fd56586f125c35919edcbfd1ac4e6c6eb6758af70d0794ed1febac8207705a7d98c8d7cba46
+	C = 6c65440a7b7c44a6a4dd0397487f55dd77f506cbc73ae170e76bfd33627d64ac803dc5da357e77f40dcc78bc72c7abcc85295d19fab869
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 20ac3de6cb2a1cf2dfc7c364f28c8fb2be84dc314e2c07344085eb152a890d17ff26eb107cfc1f3ec5b49a546e926ccf00e03bc1edd161
+	C = 6c65440a7b7c44a6a4dd0397487f55dd77f506cbc73ae170e76bfd33627d64ac803dc5da357e77f40dcc78bc72c7abcc85295d19fab869
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e1375a41cffc68eae3114fd68f571051d6a27a7f300fb99a71a2f1e78d64f52e6e4b122e39929532377db29d6608efe144905e5554e3550bae5f50e81196a16c53f69915d171a4440ee373a4081d94b9e9e608fb748a56dcec820c72f7dc056ed55b9b7ec6e675ec7fe5020c8d42ba76
+** GENERATE (SECOND CALL):
+	V = 8d1181f146a6619984a4c6fc3b0be5903679e2fd1566e8a527f1e8dc5cd36d0c876effc83fb09fa52609e511e65d3f61efecc7c059a184
+	C = 6c65440a7b7c44a6a4dd0397487f55dd77f506cbc73ae170e76bfd33627d64ac803dc5da357e77f40dcc78bc72c7abcc85295d19fab869
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 394d8a696f503b2ef55ae10e97780a3f36817d06c87d4e29
+Nonce = 6d8d98e8a6488643b669c2b1
+PersonalizationString = af9e9abcce1c3b8df84011e884ba8ded8c0f356129917c39
+** INSTANTIATE:
+	V = 148d23fdb9c5913bbe13080aad1fea1395c6592b9d8503fa7cf1eb44a025819e09ee7b6914d4c6c49f33da437a4d7d743112526b8322be
+	C = a440efa28c331387615326adc4fc30f3e60c33dc11e08f2f6589b0da780806b530a243c098c315b8c48c70b7388e26fa5f2a65cb339447
+	reseed counter = 1
+EntropyInputReseed = 17607f949ce01f7b8c03cd39a7219c7dd1a0690c454c8a94
+AdditionalInputReseed = 
+** RESEED:
+	V = 692804f44a4a931ba03508b4257d3a3a738cf31876db2ac2ae60097bea27f460dec7a398342a8e7290534ae531b4522222efc8271ef420
+	C = cbf1d2c45cb7b0b23231042e195889c7d809ce6c25e566bb8688b6b4d7c840104204fefb03462264ccfed4539cb16db737d6288f7245a1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3519d7b8a70243cdd2660ce23ed5c4024b96c1849cc0917e34e8c051cc050da35447fe260167668df174d57f5f1b0ecce59289134104b4
+	C = cbf1d2c45cb7b0b23231042e195889c7d809ce6c25e566bb8688b6b4d7c840104204fefb03462264ccfed4539cb16db737d6288f7245a1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6f8673b1c89433800c74f082711b4f40e762f0f6429ad1b9461fef707868bec7e0bbbc50b95aba593de810c84820e8b0907d98304e14fba2b69707a3924665e84ca3d3ddb3d4481a3f9fae6db7810640d536c86d6332f742b427b4297b5b0a4df5d084e80d82986d7ae179bf3827169c
+** GENERATE (SECOND CALL):
+	V = 010baa7d03b9f48004971110582e4dca23a08ff0c2a5f839bb717712034a07393786d686be8702a0d34ade5c7c0a9a748c12f469323626
+	C = cbf1d2c45cb7b0b23231042e195889c7d809ce6c25e566bb8688b6b4d7c840104204fefb03462264ccfed4539cb16db737d6288f7245a1
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 90dfc8f862603a61b28096438552d3a805e1b29b94b9a525
+Nonce = fab221ccf10c742099be72e6
+PersonalizationString = 4742467ca6d1189ab9146138ff837a69fe912340f14b1546
+** INSTANTIATE:
+	V = 1e33a3127fd370517fd18834dbca489a9b9f503d9567255f93280fc72d1823d1343b0e2ff4c219f3aab43cc69e563f3a6f5d89abaa6281
+	C = 855cbf3b1a3c37bd037411a969bf180fcce05599760e36c02a5f52df5d3b4c4e7ab7dd969bce52bed256ff27665b413311a0e98b117ff3
+	reseed counter = 1
+EntropyInputReseed = 7a3cdf594cf16edabd2ba83f27bdbca6ebc82bdef5a7668b
+AdditionalInputReseed = 
+** RESEED:
+	V = 3a8675c8376656223cf67f674090d760a16ca403852a97ce26021b6d0b48549f82330798507b696ac006f45c149fb56a484f25fb251a34
+	C = f31f17b2b2420bf0092365619125658df9353ef03b064a8ad132760d347e36df648639aeaa290ff4aaabe7e120edc18eda5d7bf0c68b14
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2da58d7ae9a862124619e4c8d1b63cee9aa1e2f3c030e258f73491d0614bd00712f6a3c9e7c7f4e46474190930142d1bde4d3d8c8138ef
+	C = f31f17b2b2420bf0092365619125658df9353ef03b064a8ad132760d347e36df648639aeaa290ff4aaabe7e120edc18eda5d7bf0c68b14
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 03a4b7a2ce6d085b0e809dcbee779a80822dfc9543725783154ae3e7d932e5dec70268bbd4de2eda7b7877c45052c29bd3b5e9bcb97936e29e52f4e5a722156d0e607829e7b1cc10bb100e6b635c201d7a3bab8875b73b3756de1c310542d482566a6168ea4fc0a7b8d92de225f5edd5
+** GENERATE (SECOND CALL):
+	V = 20c4a52d9bea6e024f3d4a2a62dba27c93d721e3fb372ce3c8670898ab6414eb8704431d68be7b495aa055bfabbc24d40e3716b5756565
+	C = f31f17b2b2420bf0092365619125658df9353ef03b064a8ad132760d347e36df648639aeaa290ff4aaabe7e120edc18eda5d7bf0c68b14
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 72110904d5e985266e814280c77983cd70beea2da31ef476
+Nonce = 983ad78333e867cac9cdfa73
+PersonalizationString = 96a34ac6e0d19c471bcc6a071cb130ceb8841bd2e9727af9
+** INSTANTIATE:
+	V = d23473b88328e576c0edfd3b5cbe10ec4003819cc5bf16fd4c5734f13c61a6031618aabd5bd873eafb26c2d9c176a9b05bc54ec70a382d
+	C = f1db31386ed695fb239c41587f353a366ed508f8ad8ea488c06821f2265312830451eea6429193557e34f184d05627b010f83bbd57ed61
+	reseed counter = 1
+EntropyInputReseed = 054c194dbc7a42baa741750870ceb6033ee6c8ef5293d2a0
+AdditionalInputReseed = 
+** RESEED:
+	V = d4e38e8481fe5b761748cd72c9416ac2b346e589a91e063d038b070d92df953a164f8e1ad213261fceacf291fbd3e222c245808e2faa7d
+	C = 898d8afa15258f0c006ca25b94f8e7d883e6ff79ac003baccaa3d9cbbce715e11d848c95f65f957481f4da8c694d6d888f214d0aec20be
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5e71197e9723ea8217b56fce5e3a529b372de503551e41e9ce2ee0f43b28da5cd81aa872e162afdcbab8e02d344c5a3bdc217487cc1bc0
+	C = 898d8afa15258f0c006ca25b94f8e7d883e6ff79ac003baccaa3d9cbbce715e11d848c95f65f957481f4da8c694d6d888f214d0aec20be
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 700111fa475975a00bc92db8d620edb0690d6cecf8733a18c403d831a43affb8dcf27f0c99da78991d2cbeea4f26e69b250123c08f3c9bffe8348931ee27291c40e7ed0bb74c3779c4e133efb5bb6e1cd1490335b34cd166fa25ddd86c080f2f6501f6d2fdbd0ee96828c41eb5dcc008
+** GENERATE (SECOND CALL):
+	V = e7fea478ac49798e18221229f3333a73bb14e47d011e7d9698d2bbb70f24f95ee60cfe83d654673168e343778699cac04c91e6f488650e
+	C = 898d8afa15258f0c006ca25b94f8e7d883e6ff79ac003baccaa3d9cbbce715e11d848c95f65f957481f4da8c694d6d888f214d0aec20be
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = ce010a29d81278f97ef1c9ce0f748afcf21e3250b43ca24b
+Nonce = ab4c3cb1f6d8a62b8492e457
+PersonalizationString = 1c69f502aeb2484f126443f4ef5f0b9201226d2c26d650d1
+** INSTANTIATE:
+	V = 1159a1195d73d939d1ca932b61ab726f1e846a9b44dcfc39312b6e612a2638e9e72208738e0468739233aac66114020117470c93734d79
+	C = bb86ed39ba9a3a95ef0d9742e661c53f6c8798ecc5368c1fe44b2400247727bccffa7b25d8f7e7ebfbb6fc86d30a2482f55b810417a52d
+	reseed counter = 1
+EntropyInputReseed = bafd1c600c64a3b083ada052a4e4ed3801c1e5a2ec6d9116
+AdditionalInputReseed = 
+** RESEED:
+	V = afe489380c9bf6313db25c3755325d550f15e747cc122881c2de327cebfc17191743a542ca4971f76cd631e74a22e4d209e260742c66a6
+	C = c3627b7838a240a6b69e49140d30943107eb0e9054f8fcf03add35f30ae2c41b15cd510696d152c8598ac20e8bbf4fa384c21a4a42e612
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 734704b0453e36d7f450a54b6262f1861700f5d8210b2571fdbb68cb94805cc06f4ee927616a33d35f238418c386e13dd5793ca0fc8838
+	C = c3627b7838a240a6b69e49140d30943107eb0e9054f8fcf03add35f30ae2c41b15cd510696d152c8598ac20e8bbf4fa384c21a4a42e612
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b2ef00f8d2fb49372d79316f6ac80d853daa0879adb7ebd03f286ca807a45e76ef5fa8270a3c1e6e9d0920fe2fa4556d5afae3023ddc2a026d34bdfecf3e1312e7b25bad903f970d30cdf567dceba29215cc48eaf5a42a5e2a7060e99ecaf5e38752b9639dd54fb0ff31881267a33299
+** GENERATE (SECOND CALL):
+	V = 36a980287de0777eaaeeee5f6f9385b71eec04687604226238989fb49ccd26c0f8b9cc09621b762e283fdf718b9729a11c3992cada3f7f
+	C = c3627b7838a240a6b69e49140d30943107eb0e9054f8fcf03add35f30ae2c41b15cd510696d152c8598ac20e8bbf4fa384c21a4a42e612
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = b2d50293ed125632300a93b46dfd29b17100fc31a5516879
+Nonce = c2b331e9d8e760ee14992ad3
+PersonalizationString = 6e13d450a083f98771418e6b7f42c34e6fcbefdad2c7ba3e
+** INSTANTIATE:
+	V = f5b258383f959b9db00ce06cf43dad80534e3d8b311ad1b90547c32e5bf79bb263be373905c50122874e04ff551c1d3a994dab03f605ec
+	C = 8d05da0c81686c1196dfb91de6003b3ed2d9a742f1d241cf560d98d39677166f15c8249c8a87d1d4710b1b3fd7aea6613655901b8fd187
+	reseed counter = 1
+EntropyInputReseed = 85268d65dc5465ff76d2673218b12afa2aef9e07f40e3581
+AdditionalInputReseed = 
+** RESEED:
+	V = c927b3581393c7e038faa35a8146bda2bb4848e6c2f427e651d17cc18b74f0c8a3e241669e67072686b984a9f9d5a569510c0311cf2222
+	C = 7268849ec6d8dc9300183d3f6e15dd54705e349e303810e5a4d866492854c502c1c6576a8613f0ff40aa2ae4021af947c8bf52bd30d3de
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3b9037f6da6ca4733912e099ef5c9af72ba67d84f32c38cbf6a9e39131de0990f70d46451f0064972e276e440f6db55d52470967e87322
+	C = 7268849ec6d8dc9300183d3f6e15dd54705e349e303810e5a4d866492854c502c1c6576a8613f0ff40aa2ae4021af947c8bf52bd30d3de
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cd4f63b88ce42fa6eb815132bed6b611bb3e1d0bcd2d55c439fb5de4b8965b1ad6fa5daff103846bff7c695117664306604fe417261ba05dd91131bed364a7d12d45c36a5305a82b856c26f8e72abf707b67dbce330ef6c499ec8a60e0a58bffdcc6b0ad7c5ef7f3fde1c8d898e6c719
+** GENERATE (SECOND CALL):
+	V = adf8bc95a1458106392b1dd95d72784b9c04b223236449b19b824a5e93e2c6acf847e9a3003d0e0a126a0352f89654dc2d0d39ee165135
+	C = 7268849ec6d8dc9300183d3f6e15dd54705e349e303810e5a4d866492854c502c1c6576a8613f0ff40aa2ae4021af947c8bf52bd30d3de
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 184cbf7f1c462f27fc640ccf2aac1b26174ee41e42dcceaa
+Nonce = 09f9d8acd06aba74b9f849f7
+PersonalizationString = 5a5afe330e898ca94fad05b0e6b3f8146f46c90379a0b1eb
+** INSTANTIATE:
+	V = 72c7a47c48eba765ef10bd00304cb9a0fd2f4d4a4343998e1dd5a68357b66abbe433213fcf063e039b5aeb5a9120ae5f82847753fe33a4
+	C = c0b97c5ab37e750bf018088e8c9612c94c70fa76c26d81f6052e81705284145ddf13d5277ef67119bca68c1cbf3b9e73e24215061fb800
+	reseed counter = 1
+EntropyInputReseed = b5eb44d3515c74d2cbd28c4ac5edb5fb95846e74e8398ce5
+AdditionalInputReseed = a793fefe0f2ab3e9a0d1ddbc058d78369b03597f44099a81
+** RESEED:
+	V = 4870bccd89168ff224269ca5ae3f5625951cfe8ec44b86dcd451c2d31f328e32d7086fbbd8e5c1a18cf278facabc5251c5a15988304f3d
+	C = d149f05125c079e8386c20714ba604ca25334b6ac3221b48a5cb126b37bde244bd90ea9f066e24bf02c7c1e56c36ae41e02674cce92628
+	reseed counter = 1
+AdditionalInput = 930ef8531a344fef957660cbb401583afa0f016b7023a9db
+** GENERATE (FIRST CALL):
+	V = 19baad1eaed709da5c92bd16f9e55aefba5049f9876da2257a1cd585a6f3871d20fe2e74945c843979d4a3f6b46cc7214946bf640fbe81
+	C = d149f05125c079e8386c20714ba604ca25334b6ac3221b48a5cb126b37bde244bd90ea9f066e24bf02c7c1e56c36ae41e02674cce92628
+	reseed counter = 2
+AdditionalInput = 2ee03b7314fb00e1e2616799c144cd58f051cde370588d70
+ReturnedBits = 22b856603db40f1b6d439d5b88fbe4734f7fdee15f4df47dfd418b362f23e48fef0f48f03d1a7b7b0de607c2a8288b1aaa01bc84646c322a88b2351855d7fa1b66b0b12baccbaa5ad6cc71833998f8998712bddf54ab8af329c55791b7576cf36ade4b921009ffe32a8d22ecf4747571
+** GENERATE (SECOND CALL):
+	V = eb049d6fd49783c294fedd88458b5fb9df8395644a8fbd6e1fe7e8f8d2d05096f0f28f4cf8c053fe23a8e9470bd4306a8bfbd44d180645
+	C = d149f05125c079e8386c20714ba604ca25334b6ac3221b48a5cb126b37bde244bd90ea9f066e24bf02c7c1e56c36ae41e02674cce92628
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = cbd73b73436e8eba55d80e680fbf0b3993ff3c32ed3b39c5
+Nonce = 5509cad8958288606f1b6e5c
+PersonalizationString = ab4d25d4d936e5c5dbb7ad509c7872d9c421758be611a2f5
+** INSTANTIATE:
+	V = 78504a8fa0f82f4a832eec38f6e4577214dc951b3d961614472efa035cd662def873f1f4f972d4a7101d6316db4a58316b485cad32d4cc
+	C = a0694e100fe6819a312ff04f39190486b4513b27ee91e234966def0e409279c0e7b8562a1bfe70ac5ae3947621ce923c5fa71ab4ae976b
+	reseed counter = 1
+EntropyInputReseed = 25878dfc58788afbd908effe0eb288a503813d28f4d3a5cb
+AdditionalInputReseed = 785a6625a529c6041f9b3d45ed7bff6fb4dfcd5f2b893d8a
+** RESEED:
+	V = e9244b7170d5fb102307e4cd7d40498c9e0dc1838f8679893c3dc58f80fac7e4222c31065abe6c8c9c1be02445210fa4dbf3ecc64f7f61
+	C = 587e29bcf67c8136fd21a8b2734f7373f379d81c55e91a16e6d4cc8dd5f1fbebc6fb74785ed71e7dac708e033d5fef1c906329884a2732
+	reseed counter = 1
+AdditionalInput = e84b7f8eb2b23fbc06abd455768b8da9cff2262a73df3577
+** GENERATE (FIRST CALL):
+	V = 41a2752e67527c4720298d7ff08fbd009187999fe56f93a0231293824c99d27d76e15908b362df38ef009704a876a9ae845ab6da6f9818
+	C = 587e29bcf67c8136fd21a8b2734f7373f379d81c55e91a16e6d4cc8dd5f1fbebc6fb74785ed71e7dac708e033d5fef1c906329884a2732
+	reseed counter = 2
+AdditionalInput = 344c0ad64c6b73ec30a1e093fffebd2c4a7eb87755b3744c
+ReturnedBits = 4b29dc33c856ec6b0e0558fb23ce5d2cfef672923f9de1cf8792c36bc3a8799ae6600b425b6c1a3a625c92107cdad742f0938f708fcfc16fc960a73a646c33e70d88ef449a347643ea14c8c013a4d84afdba5c544a7e4df30203a5813939eea74f699569cd51c1677e7c023eec7e5d68
+** GENERATE (SECOND CALL):
+	V = 9a209eeb5dcefd7e1d4b363263df3074850171bc3b58adb709e760d59cd5214fead99444a39a762c6f80cfd8a5f29fa3cd175e38d157e7
+	C = 587e29bcf67c8136fd21a8b2734f7373f379d81c55e91a16e6d4cc8dd5f1fbebc6fb74785ed71e7dac708e033d5fef1c906329884a2732
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = df215c47a2daa095612557361142e2535a60f00f3596bf2c
+Nonce = 456221499ff3ad857056d806
+PersonalizationString = fdc7ea9f39d2b82662395589293900285e300ceb745053b4
+** INSTANTIATE:
+	V = a528aaec35af13f5aa6ea7dcc43bfdb9ba8570651a2d8bdee6b6e50050a9c677b5ec0474e2a3b1fc2f9c8847e8b8dda812fef908e18c6e
+	C = 49dd38d8d332b68bfdb710901f014402079f8a3348158a3c3fcf07aeb2f902631447a9a6e7bdaf99e5f6add94478e5b3e59d0262750de9
+	reseed counter = 1
+EntropyInputReseed = 25bb7af661332c0c53d4dccf8b98df0e4b82aae3d28abf16
+AdditionalInputReseed = dbf38f5337bd42c9b293e6d9fec41c38e15daf130c9543b3
+** RESEED:
+	V = e9d76850341c88adb79b931f1c81dbe72a6b299415b59569d7ac578f5cb729aacafa04f1bfed084931d1c09172e9ae207d0088fda11b78
+	C = b8a3b753e6bcd0233ffffd5a1d73ac6bd329b0625b928c7dd4e55887abe1113b4b4114cc4d4bc08d71aa42f689e989721d8f37e4ef65ea
+	reseed counter = 1
+AdditionalInput = 82e641865e1967909e7d649c11742d8ffa68de41c554c5a4
+** GENERATE (FIRST CALL):
+	V = a27b1fa41ad958d0f79b907939f58852fd94d9f6714821e7ac91b1342e995c46ca8f0677e9211156af75c9cdec8ba31b6341e344baeae0
+	C = b8a3b753e6bcd0233ffffd5a1d73ac6bd329b0625b928c7dd4e55887abe1113b4b4114cc4d4bc08d71aa42f689e989721d8f37e4ef65ea
+	reseed counter = 2
+AdditionalInput = 44453c3dbd95fdf9f7d2eeaddad062725fcf614c6b404770
+ReturnedBits = 4432f68788e760615ffad5112438930447c5b8d101071f90a5cf10f258bceb21dab80ebf2142d453182b713b4088d9dcd2eed3a49a6fea8fc4149583b0023a803593e9dc2435de6c7b1611f489452360a31f2dbe9aa7f4bb52f9ece477ca546690f8d345078b7c0a96fc304433de5bf0
+** GENERATE (SECOND CALL):
+	V = 5b1ed6f8019628f4379b8dd3576934bed0be8a58ccdaae6581770a4a0339e4c89d9c1f88254e20a1da84240498c0530b65b43920fd6c52
+	C = b8a3b753e6bcd0233ffffd5a1d73ac6bd329b0625b928c7dd4e55887abe1113b4b4114cc4d4bc08d71aa42f689e989721d8f37e4ef65ea
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 00780048d560f3019f6501397c7f835724861d8f99b50052
+Nonce = 809f64b92ff91a9ba1d0dcab
+PersonalizationString = 59a4ffed025b2cb1bd97a16a1f60e76779b06ba15b3f9a4f
+** INSTANTIATE:
+	V = 3f39ccc6e2e41ff5853ba2772c9b4d3db03d372f88610492c81fd34318f86115d91b8d9a926dc49b45b652be425455a2449920b80d3e83
+	C = 35b99adaf1489d5b2badcda0e5435d155450d03cf4dbf2ea1cfa19a58c473685d488868c698ced103c04546ff80623dc7f675d15d595b0
+	reseed counter = 1
+EntropyInputReseed = 06b8b461916476861b0a3e8fe5f618091297bdee85ce53b1
+AdditionalInputReseed = 124df340fee2ae570f236e76bc6ce3815efad09963f278e4
+** RESEED:
+	V = f6677c3a1bc191ad1779c4125f48b28092e4b450520cda7451c3a053994ce3bd38f825bc49b22dbed5dde89bcc4dcf6ce78cb4fe2408d0
+	C = f275c56254f9ceb0f1aedcf866d098da6a3ce62558e7d460ded113bbc7cda7053b0d003c3c93152111181a4586aae0ebbd232c4f78548e
+	reseed counter = 1
+AdditionalInput = d1afc014c86102a91badb1016f944cb1f962eda706bb4282
+** GENERATE (FIRST CALL):
+	V = e8dd419c70bb605e0928a10ac6194b5afd219a75aaf4aed53094b4eef567ba898d69b2247f122487830b9c3f9d718f031024c3a81797c9
+	C = f275c56254f9ceb0f1aedcf866d098da6a3ce62558e7d460ded113bbc7cda7053b0d003c3c93152111181a4586aae0ebbd232c4f78548e
+	reseed counter = 2
+AdditionalInput = 53f96a21346cb90fd2e91c599b1ce6d237447098eaeb694c
+ReturnedBits = 646c3cee70313bdef251be024cc5e8a31e85eec2f6a7bfc37f35d779ba19368dd03196b0744de71b8ae132e29d4e48c3cba9764fab356cc087656ca0877d0f76549bcfddcd7f2ac422c429002eec5b207cb030c850f8f3153156c04bcb7dde2eb2acc4d920a42a46a2b8468aaf2726d4
+** GENERATE (SECOND CALL):
+	V = db5306fec5b52f0efad77e032ce9e435675e809b03dc83360f65c9881a950e0cab4acfab5ff4cae8b00146739d21046bc8d087a0b17e25
+	C = f275c56254f9ceb0f1aedcf866d098da6a3ce62558e7d460ded113bbc7cda7053b0d003c3c93152111181a4586aae0ebbd232c4f78548e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 0cff9fbb01d5adb5c24c59abfbf935dd4976a6d04ff36e1d
+Nonce = 2a6ae386c92ef535e2e2f266
+PersonalizationString = 91b5c9b92244546774066bf2ddf2b7c8d4d802bb57d679e0
+** INSTANTIATE:
+	V = 93c91f923823be291f669603241730b7b66c445148c3bf1e7163a59049c45326addad4eb9a7da67c0f3a86aa09ff156667d2da1d1787b4
+	C = ef000b19b7af07e5b06b44e80e98b2e1b69544be0a20d7dc93c0e6ab4c6af7fe88e3bba052d340c087a684b4dc520db7ecb8f753dc12f5
+	reseed counter = 1
+EntropyInputReseed = b71a48486fbac7f087d7dde3a15a02f2d33d3739fc4afc24
+AdditionalInputReseed = 9ae69cfc06d38638f77237fd8242a0826ccaf76f28db5ac8
+** RESEED:
+	V = e147fbf1c2cedf6e120daeb4a9412467512f4cd02cc42a05ba4b8cde4e489db7cba99519c8dcce9be28a1dfb3d47f59949bf1bb4bd0e52
+	C = 1736813778ea8a9ad3da0cb7690997aa1cae59a212f1d3c7e46abe4f9e89f5f4dbd4c277770258942055fc3c332cd5b5a19e7ae2ff307f
+	reseed counter = 1
+AdditionalInput = 797728d2aa8bc057af269871a3204dbf58c760cc450f335b
+** GENERATE (FIRST CALL):
+	V = f87e7d293bb96a08e5e7bb6c124abc116ddda6723fb5fdcd9eb64c6fb3cfda3287411a61faa4de1f228204c743dfe3214d34432ce755f7
+	C = 1736813778ea8a9ad3da0cb7690997aa1cae59a212f1d3c7e46abe4f9e89f5f4dbd4c277770258942055fc3c332cd5b5a19e7ae2ff307f
+	reseed counter = 2
+AdditionalInput = d53513103c7dbd00ea3cc4271341f9fabcd86a083607022c
+ReturnedBits = a7f65f9540adace37223fcb7ff4770f1b4e1e76ea0d9e3f6c46e1146f14d665ba2e4ef7f242743659797ce100a88561af2de062cc3d7c921762308738d6e67c2e5da25601605ebef4c135bb10ee514291a36af202c6b711234e0d7968b88d9295432e172263dcecad6c1a009d53cb7c2
+** GENERATE (SECOND CALL):
+	V = 0fb4fe60b4a3f4a3b9c1c8237b5453bb8a8c001452a7d19583210b6151f65eb9d1b66b2e791142dfcff849977bed9b6a848ef0b9b8a438
+	C = 1736813778ea8a9ad3da0cb7690997aa1cae59a212f1d3c7e46abe4f9e89f5f4dbd4c277770258942055fc3c332cd5b5a19e7ae2ff307f
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 2e9ba063bb50e7f4676b8f5dee5d7b8e2712b84e49b6b261
+Nonce = 74e167cab2d2e4725ca9800c
+PersonalizationString = f7aed5cde2f3616ea712321980f8366ab3f74446ad0af20e
+** INSTANTIATE:
+	V = e9c94aa7fe057870911bc113c0fe69b835b409d06ac9cf21e6c7eddc71c494290a02d10754814d6894bbf68a1f5c2a1b9b0d9014a99969
+	C = d59e76857a09834961d48ee344924c01fe99ad7f856978a6d5978b31694deb3a16f8df1d8b095e6f539fb60a391d44a1c710402bfcee70
+	reseed counter = 1
+EntropyInputReseed = e07924ceea5ba00c1b390e574a7c1d348fadc05fcfe1b54c
+AdditionalInputReseed = b40e416b40f64ca0fd644019bba90631d0bee4a808462eaa
+** RESEED:
+	V = 8e38092e3feccec6e61e9808dfa7d78c84b36e1aca6a306af7d57d493f654ab0257065b9143eee4be9224ca5e457d59f1e464577372e90
+	C = 2320cdf923f6ca317ab979d5845ebecdccf5003e6f557fc8e485d8944ae11349ff33d081713bd87fc306064cad062cca80290d42a48db5
+	reseed counter = 1
+AdditionalInput = 3560c1db548a75689ede2c7b903419715660e9bdd5002957
+** GENERATE (FIRST CALL):
+	V = b158d72763e398f860d811de6406965a51a86e5939bfb033dc5b5684cb09e677c62ea5f75f1f4f67b1cb01e40de3b8be4629bc232bd0c0
+	C = 2320cdf923f6ca317ab979d5845ebecdccf5003e6f557fc8e485d8944ae11349ff33d081713bd87fc306064cad062cca80290d42a48db5
+	reseed counter = 2
+AdditionalInput = b6204da93632075c0a753d3c0b2bd519a33aa55f38414536
+ReturnedBits = b2f2d977ccf73c9494783380f49914fcc0de557769e3a0ba66a9806c99901f976681e5f5924894df923547480ff995aa1b8571eab4d835e25ea87bd904cafcbc8fbabf9486d5a732a503cee0de6186f0ad866c92f895bdcd1cac87bef049f1f867ddf50c7d0a5f7786fe1ac82063a26b
+** GENERATE (SECOND CALL):
+	V = d479a52087da6329db918bb3e86555281e9d6e97a9152ffcc0e13066230a5e8b16745c6c158104f0ca64ef188d67cce61f673e71beae33
+	C = 2320cdf923f6ca317ab979d5845ebecdccf5003e6f557fc8e485d8944ae11349ff33d081713bd87fc306064cad062cca80290d42a48db5
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c14a374376a53489f460750b265349f60f321be98ae55be6
+Nonce = 73e82cd9cd5a966632441d44
+PersonalizationString = eb2f47d561cf0c9c900fcdcf60493496345585c35356d2e5
+** INSTANTIATE:
+	V = 09924fd698c8d18a9f9961630c0bbf9bef8dbca09ff661dab06f2cf1caee50765e6582d6a8590156865e73eadffaf8d4556981a5f8595f
+	C = 729673eb91120d012cb57d3b383d56003e5d1aecbd822b6c2871479cd21eaa9aaad33805f9812417baadac5f57a28107e5fd539205a2cf
+	reseed counter = 1
+EntropyInputReseed = 817b93dde4d21a75d04513477260e61e90afa85cb4299e9e
+AdditionalInputReseed = 5f16379ff1f93fc094affe0bbdd72797fe5176feb83d2280
+** RESEED:
+	V = efd3d95526d37908b7ec9d07c1fb3efd39e7bebc60bb5d56dde587785f4f85f40be526dc7aa532833fbcb1a0897efb354d7118c4dc8e5e
+	C = 85c0c0ba1eb455faf7620393742b0ce3d584f9b4b1bfd1c100d527dfff135f5b839a26d97097d42456616152c75d96a3d7fd92af6b9bee
+	reseed counter = 1
+AdditionalInput = d89d2fdbacc58d7117020c0cd005c32a8ba77b4131cfcb7a
+** GENERATE (FIRST CALL):
+	V = 75949a0f4587cf03af4ea09b36264be10f6cb871127b2f17debab0242f8c2e5fade3f95ea7419aaa90cc94b362007c7f0bbf864ff78da3
+	C = 85c0c0ba1eb455faf7620393742b0ce3d584f9b4b1bfd1c100d527dfff135f5b839a26d97097d42456616152c75d96a3d7fd92af6b9bee
+	reseed counter = 2
+AdditionalInput = 691ed9e6d398ce3fe35e0905975e34287a4712f1dd38f703
+ReturnedBits = 0baf0b943cbf161e42a35b87082e7d27c7e7f9c24ee924523fdf80bcde488e8f7a56767868b88d08f76035bed2ebcbb3eb30305c7ceab1548909286156c83a31e5103ecceb008ddd80f39d41f8cb3582e5907e47f322c7cfca2d8e62c7e5c0c503a4e7f50dd3c4609bb9fb71951219a8
+** GENERATE (SECOND CALL):
+	V = fb555ac9643c24fea6b0a42eaa5158c4e4f1b225c43b00d8df8fd93e4f4eb71ca3796d3c68e888ff09511952ac902330349a01d5460fd8
+	C = 85c0c0ba1eb455faf7620393742b0ce3d584f9b4b1bfd1c100d527dfff135f5b839a26d97097d42456616152c75d96a3d7fd92af6b9bee
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 8d62df4ec17620392bcfc9cb10d168498c469d6fa9c1ecd1
+Nonce = fba57a7a504128c631185eae
+PersonalizationString = ae026ebf5f6ecc2f50725d023da31129e308afa83125de1c
+** INSTANTIATE:
+	V = 710270042e517b93ecbc28c31dc0e4efdb3100b877242fa5ebb5e9150157a3c57625b6ab9a2a608110fc3d3159eb1a5bc31748789ca27c
+	C = a04ade08cf40f7b1efe94611f2365b17d02faeb5d6ee3ef943f1622c95ca449ab7ac5ebbe089fff4bf713d19953691978f75778451943a
+	reseed counter = 1
+EntropyInputReseed = 9d2c2ed155753a377227054e4424232e2eaee097887a441a
+AdditionalInputReseed = 5b53f18442b22023ea12e38fb5261ece26138885bc013b71
+** RESEED:
+	V = de56f2b067065b70f746a0cbeea840ebc529744fdbc6badea8397198ec143abc89f9ff907a5463e6efee977faffd9893da74be58735044
+	C = 7bf99b436d6af9f8e3fd62babf68abde84527ea19579f1253267d0c513e08197a9c2df9dccff066a402f998763809366661f6448fde22f
+	reseed counter = 1
+AdditionalInput = 12873da88ec72f301a127f4a8e28ffe67de3d2c43ed21812
+** GENERATE (FIRST CALL):
+	V = 5a508df3d4715569db440386ae10ecca497bf2f17140ac03daa1433e21f38ab906467cc9dfcdfa6a0727c5cd33a7ea0eaa3c14040c3658
+	C = 7bf99b436d6af9f8e3fd62babf68abde84527ea19579f1253267d0c513e08197a9c2df9dccff066a402f998763809366661f6448fde22f
+	reseed counter = 2
+AdditionalInput = 7d0494510a8d4898826ddee7a7c03966bc8633027caeb2e0
+ReturnedBits = 618024bbc868cf417c37df909cc696569ea3d8495b9f9de6ac10cded6808d7f75f041307d4efb7ec43a11457ec67044de1d097efedf4f0421c856ba9451a467b223331bbf2c5909025059bbac5feb9e15ad88dc44444fe5f08f83953145b616a0b1d2a14817b53a8919d3980af5a1bfa
+** GENERATE (SECOND CALL):
+	V = d64a293741dc4f62bf4166416d7998a8cdce719306ba9d290d091575767fa5c85f628cca7e8e004c17e3c524a656ba8b7ff7a522441e4d
+	C = 7bf99b436d6af9f8e3fd62babf68abde84527ea19579f1253267d0c513e08197a9c2df9dccff066a402f998763809366661f6448fde22f
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 749c7b03e866ba0d404166e16f903719f4b90b50c3de7701
+Nonce = b658f3d3a9f386a13b78e9cd
+PersonalizationString = 777297df39a188238a8073de68b63c800746a037b15bac79
+** INSTANTIATE:
+	V = 70ea1313add44f89cf79214ad9765460a02cc671af85e843b979833e6527b883c73832ba3b1a39b6a5037e98589250887515b326b90888
+	C = 14d46035edfeee3e2628c0c86a53b5af8aa9c35961ea6d6307e5d46c40ead69115f24b3ddbbae2bf9ea6ffe34232d989fe7628a8c9e9cb
+	reseed counter = 1
+EntropyInputReseed = 67e8b94a8f2f0a63345d1be944b33b8df015ccf1e8ddb235
+AdditionalInputReseed = 1dd56bdcb120ee97813e156aa3081cd096eee508443ff07d
+** RESEED:
+	V = 072fa15a388cf9de8f246b58331ca13430863973f6f6fccd42ba2c6a33fae648c84d2965e445b5bb087cd525be2ebdfcceb55da7510568
+	C = d6717d7c02882dc508457f032502eaf6de4eb8a97d85f5af14025f2f7d13d47269728cfc48be8a65b844df0df3d40c3f9ee848824a2bb6
+	reseed counter = 1
+AdditionalInput = 74dc91eed0e71819ad490a4414d788f5d564e0640c4e1df4
+** GENERATE (FIRST CALL):
+	V = dda11ed63b1527a39769ea5b581f8c2b0ed4f21d747cf27c56bc8c87605c8d1dd32f62e12e767a47be64bea4bfb76e7dbaef51c76cbf12
+	C = d6717d7c02882dc508457f032502eaf6de4eb8a97d85f5af14025f2f7d13d47269728cfc48be8a65b844df0df3d40c3f9ee848824a2bb6
+	reseed counter = 2
+AdditionalInput = 9a7f27655f88bc6314eba5ae9292774442439dd579c3b169
+ReturnedBits = 8db8c1d44efd55d80c2c7954015209e34c676355a25425e173c89ddd0516a1dd346522e051f41e7ce1dd8d69d9aaeee9d7de2eb25df8c63b4572cd0f781f1625e6a5d114075d4b07350974e71fdab2e8f53d3aa4f36d7e95708c79f0ad7cbeaf0682fd86893cf27911a38dfd0c111d9a
+** GENERATE (SECOND CALL):
+	V = b4129c523d9d55689faf695e7d227721ed23aac6f202e82b6abeec54f9f9ceab8712a6d9370785b1cedb24a2f26f1ee1a30c885c0b2257
+	C = d6717d7c02882dc508457f032502eaf6de4eb8a97d85f5af14025f2f7d13d47269728cfc48be8a65b844df0df3d40c3f9ee848824a2bb6
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 15cb43b0f434096c921b8185100abebe5f4446e7f703e558
+Nonce = 71babd656bc73e7545d97fd9
+PersonalizationString = 0dc645e5c2dd090e3695404c97bfba385cb1fe8a58b22c5e
+** INSTANTIATE:
+	V = 98fdaabf19afbc58b450ce12fe0d9e9de8ade40acb3c7b886c7d073651ba682be13f999218b21219343b56020bab8a72ecb4ce56b38671
+	C = bcf963d915552685c020e46284f6d5b1ebea9ca6912911280eba636d9dd1c92881bd5a7d21c0dfb6840fc5a6c2af3470a626d8fbe38118
+	reseed counter = 1
+EntropyInputReseed = 0b3fb9d46b83f17ea013dd78bacfa4d30855604992116247
+AdditionalInputReseed = b25cfb61d7247b8dd3e7fcb759b0c09997fa9ca159d0c842
+** RESEED:
+	V = fc620fa3f439273127979a545d095f40d4f37424ec48d5d82abf6fbf04377ab50f43c150ac1bf4611f642ab18817276dbc3e281628d86f
+	C = 539ac1858a20d3afd8a42ec1e51c6d36c832619b4360432243a3911ea5c38d7bdf73e9fb9ceef37dfa94570eb09b07a2a4e10874b12993
+	reseed counter = 1
+AdditionalInput = 6f4276abfc9fe8d7f8b850f2990bc85d662ba5f0df4d7a0e
+** GENERATE (FIRST CALL):
+	V = 4ffcd1297e59fae1003bc9164225cc779d25d5c02fa918fa6e6301ae5c6ddcd2373799d8af083ee784406903d49d3522a0692e3eb19c58
+	C = 539ac1858a20d3afd8a42ec1e51c6d36c832619b4360432243a3911ea5c38d7bdf73e9fb9ceef37dfa94570eb09b07a2a4e10874b12993
+	reseed counter = 2
+AdditionalInput = edcedc09df40bc5c64e9741fbcb14adf7892bc5b030d70d5
+ReturnedBits = 77a54c85e6322357e7115b0e958d28bfcd99e7bc86059a88cac93125ecfb78c1a4c6c9f7d976de42e65d4509c75e6473cc1d7e498e5206b965d2789f3070c1397e64b4e546467a706e4706073b6a399f663e50bbf23bab5cee643f1b8329af6e10baa5790f7e1325fcadfae4347c76b8
+** GENERATE (SECOND CALL):
+	V = a39792af087ace90d8dff7d8274239ae6558375b73095c1cb2069347e4a68ccbc074c3dc20b1967f44f513b56e1f04e33e355d138b72cb
+	C = 539ac1858a20d3afd8a42ec1e51c6d36c832619b4360432243a3911ea5c38d7bdf73e9fb9ceef37dfa94570eb09b07a2a4e10874b12993
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 403419ad862677b4ef7892e654cd5a002b25446aad34049b
+Nonce = 89ce4b8c957159f034941541
+PersonalizationString = 298c4ffa88455a52b3448107f3615964f93ab5a919c45036
+** INSTANTIATE:
+	V = bbb87db85047d066ec339fdca5030df3f4943bcd406d864dac89ba57c9a5d7018ac058f1c6e6f00e4e9ef822e859cd5477d0b2acaeb5b9
+	C = b1aa1c758f1289ce85eaf1632c5a7dd4041199e3762512d493828b77294094fe7cf810e889d00a62d7524300009a2ca78440bee9595e81
+	reseed counter = 1
+EntropyInputReseed = 4d7070c43dba17c4e22c7aca56f1496c496f2dc2b2a61590
+AdditionalInputReseed = 2cc718fb0f3ca6753e40b10132cd5a6cf2f69b3b6ade3e64
+** RESEED:
+	V = c0e2839af35057166d239fbad64f5c83a3825fe5c0fc6e0a3f458b7d18bb785a71fac03a4863d731a39caed3fa73281e3f3d2fa5a44761
+	C = 5f9157496f5e86210b769829cad247b477de03adb62e11920bb22d6fac62245b047d01345646eed3bd60280278e5aa91e900f0ff6c2021
+	reseed counter = 1
+AdditionalInput = b7c3b7453f4356de81aec2b4d828cc00940167ddac29f0aa
+** GENERATE (FIRST CALL):
+	V = 2073dae462aedd37789a37e4a121a4381b606393772a7f9c4af7b9c147c14bc2e03a2a9fceb5a41146995566a15839964fb201bab05a40
+	C = 5f9157496f5e86210b769829cad247b477de03adb62e11920bb22d6fac62245b047d01345646eed3bd60280278e5aa91e900f0ff6c2021
+	reseed counter = 2
+AdditionalInput = 609174200dd7125e5605ef1ba12079ffc49a063e7aab8737
+ReturnedBits = e0fe309de3df90d372cde34aab6371e67e403f03824db2996c653ed09e32a3813785eafb767a65536b574a6fbbce1cf1af5491bd46839d38bd2faa585e8d82ed834e8cd8d2ea3c2ff13773665d7f535f57d6fceb216c12d1454f40c565a59ee9a43d02e01c356b2b5d1fc53b38831a6d
+** GENERATE (SECOND CALL):
+	V = 8005322dd20d63588410d00e6bf3ebec933e67412d58912e56a9e815d831bc5020bcda58c5375b51ff55014174e0034f407cae43b95903
+	C = 5f9157496f5e86210b769829cad247b477de03adb62e11920bb22d6fac62245b047d01345646eed3bd60280278e5aa91e900f0ff6c2021
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = c44189350dbb2d70b9bd726435d5244022659a68c770fbf3
+Nonce = caeb91af0d7db215fdd4bc47
+PersonalizationString = 94f0ca333da516c1e9b5911f7a83385664346e3d4db9e940
+** INSTANTIATE:
+	V = a83acc6a82644e10ac67e5dbec6c37258cbb7e5d0aa3ae85f856c3967b36bb83934b974f8c157b2797e67328e9a846434aafeb062c2da9
+	C = 730063613476ce5b6b0589a18141b870e2b76dff5455f9dade5f9151787ba657a3ff274d5e4332a16d76f822a67c02e1472905bfcfa55b
+	reseed counter = 1
+EntropyInputReseed = b918dc2acfe39443f6294abcefc0be8211b39955884d55ee
+AdditionalInputReseed = 8ad6f14c8fee7a42baa96ae44b51b5652a477e97a4c23951
+** RESEED:
+	V = 0556b63c62ffbede947c96d236f13858d3256dd73e582df1668b7b315b3dea43b6d56af17754d89dd9e482423970a31af55d8a85977ecf
+	C = a3c86ecc5ff430f9c855ffd3e026ff0ecdc78f2c91e35460f65eed2349dcb2dc82020ec2a5072a8a20cd0aa8084a7156b6ca60610081c6
+	reseed counter = 1
+AdditionalInput = f2eecc63329d582deb6384c9755f27dcc0e43a502847fc72
+** GENERATE (FIRST CALL):
+	V = a91f2508c2f3efd85cd296a617183767a0ecfd03d03b82525cea694a7e1527cce7e6886b0fe83cff467ff697febe23c298790229b1f36e
+	C = a3c86ecc5ff430f9c855ffd3e026ff0ecdc78f2c91e35460f65eed2349dcb2dc82020ec2a5072a8a20cd0aa8084a7156b6ca60610081c6
+	reseed counter = 2
+AdditionalInput = 06f08a37335ac2c43512e2c814153fdc75a78e4196d6f7c1
+ReturnedBits = b142e21647c7ff52b6f785180c22ddb606628d41fe9df544bf66fd9ac001d123a69ba746806b6f8eea9680755c2dc8155efdda94a526ac032b8f0d66c6b44ca0385855d32d861552b7ceb6c24a3ff06afcb4478e6007d95788d9dad2104b8cd6c9e771971dddaafc4753c0123021fc9d
+** GENERATE (SECOND CALL):
+	V = 4ce793d522e820d225289679f73f36766eb48c30621ed6b3534957bd26afbc1d700129fdc85ecd5d184fd7639061b8cb795430e15dd2b3
+	C = a3c86ecc5ff430f9c855ffd3e026ff0ecdc78f2c91e35460f65eed2349dcb2dc82020ec2a5072a8a20cd0aa8084a7156b6ca60610081c6
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = de09a7b24a3d1a3f7722eaf155675beb5324ef3264f45005
+Nonce = c4152b989ec298dd9967d060
+PersonalizationString = e8beb4c3b68e2bd6f447ac34c9dcd992d7f6f60d1a49000e
+** INSTANTIATE:
+	V = bc300b46380d40c01c2fd6cc20e8c283e8fb4bfbd48efa809781e8f936f7281d119f46a464edc6e3d4e6960f39f9f4818e1cafc6b1e00f
+	C = 27c53acc9ebe132b78014d044b83176b810268ae5c9d244183c70bb9a97723740546b0a8aadc3904556b1257af22ae6713c199dceb8ba0
+	reseed counter = 1
+EntropyInputReseed = b74d062c5913cdddd4cbf56684a9fcb63bdcbc2f3bae1159
+AdditionalInputReseed = be15070a88c52fdab69c52c5ea372451db92be3892ba38ed
+** RESEED:
+	V = 1c3bc770dc691085762a054a04b3603caf50e0eb0503916497892caae2e19e62e8927489339e59721494bc2de0196009acb251ef5e0666
+	C = cd62a70f24f130be6546f6388cf9d8bc218b5eaf3507310153640c47613317bc838178e8bf4a17f86c3b48d7a685643e7526e7a43069b4
+	reseed counter = 1
+AdditionalInput = baace9fd7c3c0adf067de6bc6295de35489a89e36c5c2434
+** GENERATE (FIRST CALL):
+	V = e99e6e80015a4143db70fb8291ad38f8d0dc3f9a3a0ac265eaed3a002d92eaca78473918b1c773aa62bcf54734236a181e0b3a542ec0dd
+	C = cd62a70f24f130be6546f6388cf9d8bc218b5eaf3507310153640c47613317bc838178e8bf4a17f86c3b48d7a685643e7526e7a43069b4
+	reseed counter = 2
+AdditionalInput = 057911efcac5acb4e838e086ad15069666cb9729bb41a5ef
+ReturnedBits = 230a46a007bc6fc2db65d1ee0b1c107787afaf0427f8bfa97d2b155fe1e49a2bc339b67b4c3947f7366b91cd3f83030ff96e2caf05df53bef3e575e77c64d3c8b2c93dd0850797608aa52c616fc3f82383cd0fa56f21646c45f0833f7f8b03916baa42b909341a2219697037592d1ee7
+** GENERATE (SECOND CALL):
+	V = b701158f264b720240b7f1bb1ea711b4f2679e496f11f3673e5146d398637ff2f2df058ff6bfd7d6d35275ed07f3e0d0fce49915e6b713
+	C = cd62a70f24f130be6546f6388cf9d8bc218b5eaf3507310153640c47613317bc838178e8bf4a17f86c3b48d7a685643e7526e7a43069b4
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 664e3f58c75acea5799cd9f5f639bb88b1b56db7e05f34b1
+Nonce = da22390ebea8e1b5f5bf4e9a
+PersonalizationString = e90539a637582315234dec058e4f325d1c02f4dd3f52248d
+** INSTANTIATE:
+	V = 7d774a9eeea62126066a46d85db7b8ba54ea073acf42429ee23b8c1de8c320adb39ab2de8a6cbbb9b49bdc48778374bf6ccf1ed801a6bf
+	C = d8954a3cd371bb3978ff46928d2f0ae8f90e8f7c00be6b762359db030e31ce378e2774fb3df0fa605a5a0522d6c2909059713f025ed6c8
+	reseed counter = 1
+EntropyInputReseed = faea4e90e956a83322655dfada36c3c1749dce68a4b6f416
+AdditionalInputReseed = 7bf9137110d8422b849e9ca461879b943d2dc8b8025c362d
+** RESEED:
+	V = 44fd3d318457ef9d7b26b543bb3a0e5a38b78d9a6690efd3f5518551bde82661f86a23f24d48839b049db26a9b0cb93cd4d2ee4cd27223
+	C = 1ea7f75acd3bec7f652dc44b8868c072f5a2dac0a39106c04fba31d324972484d1968fa5a0a9e15159712275f2ec88d90fe59c74dde014
+	reseed counter = 1
+AdditionalInput = 06ef69aea79096affb68893761c77d6abf891f52a464d218
+** GENERATE (FIRST CALL):
+	V = 63a5348c5193dc1ce054798f43a2cecd2e5a685b0a21f694450bb800b6dd09ba500f26a0ce6f1c649df1e66c79fac45fee123a1f09b8ce
+	C = 1ea7f75acd3bec7f652dc44b8868c072f5a2dac0a39106c04fba31d324972484d1968fa5a0a9e15159712275f2ec88d90fe59c74dde014
+	reseed counter = 2
+AdditionalInput = a472e7ace1cc95e23ff26a7e4180a95e0652a3887ba61b63
+ReturnedBits = ee5abf3e8079e321c5e840ce67615435a7bb2af2ef1aadabb79bb7963cff796c0e39c43e26b12728c644dca25e450d6f550ceee62580a4c130f8143e404e1cbde08791fbff95f283f88e0514e88df47d8d3507c145d7a27afa2f7c38109282b475a843602949d9760efd34b6309df8ad
+** GENERATE (SECOND CALL):
+	V = 824d2be71ecfc89c45823ddacc0b8f4023fd431badb2fd5494c5eb5d8f1e24e29bacd06e08ae5d525bff105e9f43f00b3f3ec27c42c73b
+	C = 1ea7f75acd3bec7f652dc44b8868c072f5a2dac0a39106c04fba31d324972484d1968fa5a0a9e15159712275f2ec88d90fe59c74dde014
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3a5cf3309b9ec3aa089126fc98fce229ad3fd6302b30a75f
+Nonce = d30e2492b975926109a6949e
+PersonalizationString = b234966510e237b917da5edfe042aecad73ccb663453967b
+** INSTANTIATE:
+	V = 25ec2819961669af55d1c4275c820e5e6e7d573b6655924d8c1c3129fca9c00a87941968510da191eec2dc155a5d04be70984465186217
+	C = 519fe6b474e402ac7b0dec7479791015367053e1b76c64ef13f3bf7ac1cfcad0e756a07ad668f8c339ee4b40277e7e1a5f510681f6fc4d
+	reseed counter = 1
+EntropyInputReseed = 9a65fd74779831acbabdecfb2d80af07f33657a573e21f9a
+AdditionalInputReseed = 9ac8be6ffe743c3f934863003eb24f85a13d5f701d8474f2
+** RESEED:
+	V = d9adcb7908ba3df5427b716ca8338b0da3827326e7a2802b4f7348b5e5668f5ffd6c61203c93d7e1d2a8ee5e0b761fb07eb0404e6e14b7
+	C = d7af632faae2620d5eaa6fc4b0623a82a8653936e02b07325262eb40ef529d8eb813021d8e5e497393797d034eafb299387fd09211fdcf
+	reseed counter = 1
+AdditionalInput = 1b77d5824bc89e5294fcf806a5d73279d9e8c5bf7aba430f
+** GENERATE (FIRST CALL):
+	V = b15d2ea8b39ca002a125e1315895c5904be7ac5dc7cd875da1d634a0f87c440d1f6e50893c76522db3de112be51bb9cba7eb6df7b30e42
+	C = d7af632faae2620d5eaa6fc4b0623a82a8653936e02b07325262eb40ef529d8eb813021d8e5e497393797d034eafb299387fd09211fdcf
+	reseed counter = 2
+AdditionalInput = 8843b16e8b62ef300d001fc5829f97320794ac9510f3efa2
+ReturnedBits = b263c9dc8e78810b0cd7008dbb937df7e00caa91d9876756718dd583ddcdb15a8a8d1f723a40847f33ef92ecfb698a1969c84c55db91e13bd74a1be6385247585b9683603133ec697a693580584e5525fd8330c1a5c80a50dae99f331602c451e8c0fdc087d32cd288e8dcf9fc58ccdf
+** GENERATE (SECOND CALL):
+	V = 890c91d85e7f020fffd050f608f80012f44ce594a7f88e8ff439208493cd526212dc6912b47924129be18a562101c628bf6381d0be60bc
+	C = d7af632faae2620d5eaa6fc4b0623a82a8653936e02b07325262eb40ef529d8eb813021d8e5e497393797d034eafb299387fd09211fdcf
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d210e4e171dffe64f61bcf60f0b3a753df0cd9c99f74e2be
+Nonce = 8c0498b516a0708c49521d8c
+PersonalizationString = 
+** INSTANTIATE:
+	V = e23b8a67bd1b2e5d42ae3f3ab5744c40e121d2f40d39392141c0c1e76e4d18d5f0a1180c45abbe61818fcbcc6bc0e25064a66a777a2293
+	C = a5569c810e4648231e92257b0b0016f56d1a243127f3228374fa0b2dae622fb83595abe769d13f0871c204c7622222cb280502b688cd5d
+	reseed counter = 1
+EntropyInputReseed = 4cfa84acb50c721f91ce51b5d6c3ed892a72381d9ce52f5e
+AdditionalInputReseed = 
+** RESEED:
+	V = 15d3de02d8ee5c57b874b0dc3ff2d634372850ca46a8c64ad2182d73686e2d3d4d8e92f86e2c949e69deddea8fe93cc5eb95c131a3c90f
+	C = 15908d8b80909f3b2cc4ff7c23925a5aca18a31d112bd4ef834bc144a3c1c7492aea9c86d2dd183369bf6e033c6dd4cf242c37fca8156b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2b646b8e597efb92e539b0586385308f0140f3e757d49b3a5563ef5ff3f2048087dd353e4b7082eab12d5026a86439e628414ce7e2754c
+	C = 15908d8b80909f3b2cc4ff7c23925a5aca18a31d112bd4ef834bc144a3c1c7492aea9c86d2dd183369bf6e033c6dd4cf242c37fca8156b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fe51f4946be29d9bdc62075bc89236942585f2a857d943fc86f2d2e975a4b081b073156d17c49c13b69a2b0a1f609f70cfae31d023b759d926c448a9b7e9906b1b959ca01a768e23fcc96b92fe98432819a7492ff2f20f4e166dd60f6d4ec285752b161d2b0487816523cba128bcc78a
+** GENERATE (SECOND CALL):
+	V = 40f4f919da0f9ace11feafd487178ae9cb59970469007029d8afb167d2fd25b157c98898545cebb494144c5db2b0cf6a2151323b270923
+	C = 15908d8b80909f3b2cc4ff7c23925a5aca18a31d112bd4ef834bc144a3c1c7492aea9c86d2dd183369bf6e033c6dd4cf242c37fca8156b
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = fa0300d2cf7ca743951825407c8114998a2b840a7f8ed5dc
+Nonce = 5e0e7f3807c863b258717224
+PersonalizationString = 
+** INSTANTIATE:
+	V = 31413474dc169fcc2fa6765d30787d04cd66fb88091876a00957cc7672180207b9016b5f8079237e39539c0e9cce218c042034df97bcee
+	C = a27ab8f8f6435808d21200e3c7d2ad8a4b348192705e0f83e3c7c970505aea3fa3d8c61b30198a2a771fc34e4be82e54dd4f67cb617d0e
+	reseed counter = 1
+EntropyInputReseed = fa3664890242d76d0a51f049851307964cad0fdb84397a97
+AdditionalInputReseed = 
+** RESEED:
+	V = 6ba6588c2948d67342c5325d45790d099f7470aad76d46266e9dc01b7ca3ef1fb01d933b885ebcc3275fb142d7d6a3fae691925dbd275f
+	C = fb3e8c597e0783c7a061a1fd6c5683e2d9e667eeb73e50163ae804677aec9fe60b72ddca273fb5739176bd344864ce1c6398193ea8b98f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 66e4e4e5a7505a3ae326d45ab1cf90ec795ad8998eab963ca985c53a9efcf1b9499f33b1e3124ae7c33f640c844a2f07f4b88092fdddc7
+	C = fb3e8c597e0783c7a061a1fd6c5683e2d9e667eeb73e50163ae804677aec9fe60b72ddca273fb5739176bd344864ce1c6398193ea8b98f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 559a4478ea6ed883f41f446dab32747ff786f760d15c6da1e197b9388ca3678fc058f7bf5b5aa6498a83333c4d2f327ba787bd6d4755e144f198599a9aed9a50da98a108178d870303325ed1e87d5892a21ce2e4d714fe79c313c568704397f86f1357e1429b5aa4af95b3c973e3e969
+** GENERATE (SECOND CALL):
+	V = 6223713f2557de02838876581e2614cf5341408845e9e652e46dca1737c42b280fd8f0c2128653cd21206bd49df64e84dc392e58c4ceb2
+	C = fb3e8c597e0783c7a061a1fd6c5683e2d9e667eeb73e50163ae804677aec9fe60b72ddca273fb5739176bd344864ce1c6398193ea8b98f
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = ed6b0aefc3ba095e0618b3a335f6f3ca0246cfcaf7c6704f
+Nonce = 435dd259b30e428462279e5f
+PersonalizationString = 
+** INSTANTIATE:
+	V = e8a8a5001a55be062b6f99d4070149849c9f0683841e1ff7675b24989d277bc9db54127bfdc996f04298e82d24f7e23fc38270fce647a8
+	C = c79dc97718987bca05b9471553aad9dfbebe6d6d8a166aeed531c940daecd14263d68e19b9d24d9150d9a0c908ec5b1041c9fc4f1ad54f
+	reseed counter = 1
+EntropyInputReseed = 144392e141912082cd77d434013303dd285e95a4c4a396c3
+AdditionalInputReseed = 
+** RESEED:
+	V = 616f0666e5945784ec849751fd3c47fd5bf094b9e38f231f85f37fe6c1a739fc811733faaa696326be9571b9c6e0e2274b1730b43349c3
+	C = faff069952ef2fb37916aa69fc952c98eb4d1c1595048a832fe8e02dd6463d00c6449b57ef5867a8f7c30991ca6de8623480592b3c58bd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5c6e0d0038838738659b41bbf9d17496473db0cf7893ada2b5dc60c246408e6090d99d5e4e95b167dbbb58ac10f483325485445af51cfb
+	C = faff069952ef2fb37916aa69fc952c98eb4d1c1595048a832fe8e02dd6463d00c6449b57ef5867a8f7c30991ca6de8623480592b3c58bd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ab9c68c7aa6dfdccf7741191c0e5b08225ce0bbfdcf768be213c4d09b3f0a3a7fdf02f5c8423ad623bc1d94d0d6a21e5a7f2566be586bd918de711e12c58861517633238e11383bf604e5ecf60acc3025af91994af19fe7bed5b6638ae72b823ac02befd029a51d5339284f66572868e
+** GENERATE (SECOND CALL):
+	V = 576d13998b72b6ebdeb1ec25f666a12f328acce50d983825e5c5412a7906090c35ba7edbc4fcbc7f7df1c6c34adde189a8a38644c7670e
+	C = faff069952ef2fb37916aa69fc952c98eb4d1c1595048a832fe8e02dd6463d00c6449b57ef5867a8f7c30991ca6de8623480592b3c58bd
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 06e91937a3ba2edea8e96f596ccabc7ca7f0a5259e58e697
+Nonce = 688ea6f65c974a154111bc17
+PersonalizationString = 
+** INSTANTIATE:
+	V = fb91bd5db41eca1e18ced5d5a18547a461cb4d0a631606b240aeae9cc7c65a2118965f3ee6fdaf760c0cd47e1e0a95a02850d98cf74b3d
+	C = a72018489ba1c132742dc361b7df77ddcaeedcdba9e926673a20894b1258ee63eb8596287951d99a15cf376c5cbcaeef8c569e6874c29e
+	reseed counter = 1
+EntropyInputReseed = aa4a32cf9847d1e232360e296787a9ccb4b024d04553e284
+AdditionalInputReseed = 
+** RESEED:
+	V = 602d3ec248c01245b4975afde740a92ec7ab99d4b44188095ee07a9ac892686e99f0eef848367c5daaf7ff78a8dfdc6d2247608d446104
+	C = 39147a5828d2e6cdeb38ca9415d62cba10cdd7d8947819df0d0c3c9c19d36a7566591e3af90d26efea7e25ac28ad1404759310ab72c90c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9941b91a7192f9139fd02591fd16d5e8d87971ad48b9a1e86becb7632c0d2de3531ed54a85f9f8940865a7d564300eb9fa7d1124688767
+	C = 39147a5828d2e6cdeb38ca9415d62cba10cdd7d8947819df0d0c3c9c19d36a7566591e3af90d26efea7e25ac28ad1404759310ab72c90c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f11d1bd7fcb9276562a6bee413dec1f17954ac2f73c1f32829c0c7993ab0c5025a74e7108b7a314fcafaeccc806b59b85e4a30f6bcf92cbab12efc09f5ca5bbd6bd92c90899fd698f59bbcd02031c3c59c10d1d8e513e0847892a79125cbfcf9cffd28758cfb2e5670fd3a0067aa1205
+** GENERATE (SECOND CALL):
+	V = d25633729a65dfe18b08f02612ed02a2e9474985dd31bbc778f8f4fe4551ebabcd3675ceb2f5713afc75b85436ba3c9b28034aa4f4db86
+	C = 39147a5828d2e6cdeb38ca9415d62cba10cdd7d8947819df0d0c3c9c19d36a7566591e3af90d26efea7e25ac28ad1404759310ab72c90c
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 3b9110b1a13447aa9b91c86b9e9b45d439846a230bc97c3a
+Nonce = 155c5520f2a982a0b999eac1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4c1f5c904ffc769669d4ac6be37d8764214556ef13031908a96cb83fac949e4d23dfe6ef9147a83ef61aad38a3d10d1bc895eeb6df5fec
+	C = 41957f2a4c00fe40e226419d7da1289e31fd1cac7fe70863631bd5a3f61e551859732264537fd677c03c975b5ca78fa04958bb73e0bb68
+	reseed counter = 1
+EntropyInputReseed = 4766e9161e2611fb20f55d1627bebd148b7e49fdcce17171
+AdditionalInputReseed = 
+** RESEED:
+	V = cecb8d32691489f105cab06bb83969578d8f579a73fcc680e19d280b7e0fbae0e08a752dad01622d986a10edab9246aad63609895b51de
+	C = 2ad48858255532b0972e685f56e08900653e1d05394116674c77aa2f0f60c2aba156b13bb1643fae77c38dacd8fc1b0732894f0881b44e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f9a0158a8e69bca19cf918cb0f19f257f2cd749fad3ddce82e14d2911548d3bd344b0f4a7fee6ac3abba8527a7e23c30a7180d0998951b
+	C = 2ad48858255532b0972e685f56e08900653e1d05394116674c77aa2f0f60c2aba156b13bb1643fae77c38dacd8fc1b0732894f0881b44e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1fd0d4f9170a37a97b7557e5a0ad6fbcbc71923e4bf58bfed59274c43d4107147fd9a3a518a3345bb73e4c92f88f1aac594f53e369d5705c923c81f03fec57bcbed00f354d3646185bbe9cf0cea86e57857ac126dc13a21f5a530e8483afb0c0a7f9bdeeefc47814c7c7a220dfb6f7f2
+** GENERATE (SECOND CALL):
+	V = 24749de2b3beef523427812a65fa7b58580b91a4e67ef34f7a8c7cf188c48d2aabdcf8185b1a793ac7caa0d1cc9f7255b7a47e8aaf47ab
+	C = 2ad48858255532b0972e685f56e08900653e1d05394116674c77aa2f0f60c2aba156b13bb1643fae77c38dacd8fc1b0732894f0881b44e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = f74fda113eb91c2338b8aaf8a5cccfd63c45bb8535283371
+Nonce = b868fa8077888db75b60eab5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7ded8ebf1ba68070947672b1c1fce4a9d3247dafbedffbd3604ce988171d1043d0e0781432e17bed7c72be7fd828ae56d1e232f30394bb
+	C = 80fbb9865b245de3a92d904e34ce5d2617cf03b81de117fdddd45c4fb107a430da9e65c076c8c8873535ccc8cdb5b789c58beb77cd58fd
+	reseed counter = 1
+EntropyInputReseed = 46a91f48255b4596af361f2b47c99b00363d5885bb75ab97
+AdditionalInputReseed = 
+** RESEED:
+	V = e609bb9721a9bc583805631da5a74a2d220b85ea0931b8d2377c80807b30728de719dc684e38a76f6709a6f6b98f8406aeaebe673939ca
+	C = f01a7f5cf36e4efc83d2969c1c5d0944db2d9f18a5d4dae8241487307cf80cf8f8fe558bb9dd9136c3ece56c387b2949fa0f4fb84dbd31
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d6243af415180b54bbd7f9b9c2045371fd392502af0693ba5b9107e4a755840883644bcdc17d218c45715bb24d470633aff377ebbfff29
+	C = f01a7f5cf36e4efc83d2969c1c5d0944db2d9f18a5d4dae8241487307cf80cf8f8fe558bb9dd9136c3ece56c387b2949fa0f4fb84dbd31
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7998dac2ed1ae0ba3c69848b50fc579d4e14a25da41041a73dadec43833dcb8b8dd9fdee41c318f27990eea45a90b5d78940cfde84105793cb1ec01683c6e74cb6a5f87ffa8864ad9e480ef58cdf8b24e33c98fd474583473acb2e8b2b091d94297c0ea5323821770324f7499f70be9b
+** GENERATE (SECOND CALL):
+	V = c63eba5108865a513faa9055de615cb6d866c41b54db6ea27fa58f2108356a13117717c1247713fc467a539c342b6230d2650cb5504c6e
+	C = f01a7f5cf36e4efc83d2969c1c5d0944db2d9f18a5d4dae8241487307cf80cf8f8fe558bb9dd9136c3ece56c387b2949fa0f4fb84dbd31
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d78ff32ebc91778b1899bd456a4aa20e3fe4477ba8caa823
+Nonce = 5420530d0f0e8b6391e3e283
+PersonalizationString = 
+** INSTANTIATE:
+	V = d8930610b8565081af45cc1161bde1102485a533fa301de7b024d595e426a95a2be02927fde169d4a51e91f28f68254ae58bf42240d1d8
+	C = 3c8b0762d1aa0ac58236dbb568c9ff520879a8e4bb4a114a31f28672792b41927adf90e18067d5909c3ed38c3a9dc096bc45a0dcbd0581
+	reseed counter = 1
+EntropyInputReseed = a815b44623b010d6a253d83db94366c85c117212856a79f8
+AdditionalInputReseed = 
+** RESEED:
+	V = d5eff241c0e2b587fca31b9eff5c360985bb5591fed9b5841c421e823ddb9e82ad0d8d1695bd12d08237ef251638c8000501c398999c2d
+	C = b7db772ecd11b07a7f4c9c541224ebb8408eb7db3729af2a65b294f7dba0b90c388da80574f4baeb07c407d4f3604b4c6382ae4f0e86a6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8dcb69708df466027befb7f3118121c1c64a0d6d360364ae81f4b3aedb834a5e1ea36cf531f4dd9743ec08e2c75b7f9835d9ff405df7d8
+	C = b7db772ecd11b07a7f4c9c541224ebb8408eb7db3729af2a65b294f7dba0b90c388da80574f4baeb07c407d4f3604b4c6382ae4f0e86a6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a71e8cb4b7bd640e4efa224854058eaa83c375abfbb15dc25c4bb7ce0943f369bfe477a38e348a7e5759e3b336d914e712a3dba999df54850c7a7c0afe019ee22d9d3916fe9168fcedbef58d2c5849798e59dcd2a98c66014c6aa2362ca0d5709fc06278738d44385650ba340b924af8
+** GENERATE (SECOND CALL):
+	V = 45a6e09f5b06167cfb3c544723a60d7a06d8c5486d2d13d8e7a74977455b4524b011b9291ec479b157e18306549af1d1a48faf7510dd5b
+	C = b7db772ecd11b07a7f4c9c541224ebb8408eb7db3729af2a65b294f7dba0b90c388da80574f4baeb07c407d4f3604b4c6382ae4f0e86a6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = e12c424cfe20fba6443ff626a2809d3e1ca24aec23db5e65
+Nonce = ef5ab5cd07de5c96cbe19fed
+PersonalizationString = 
+** INSTANTIATE:
+	V = 32ea81bcd6715dce8321791610731c16bd90d36994d6e2d7e732540f7c215864e106966782cf527b08ab3a6e9a21afb2331ae47a06dac6
+	C = 67025abc25ae5a0e73c70a5545792f3e199a37f60ada50586c7964d23aaa127d70d190c841b5c84e3ac6e04d0f16fe959353de54fc4095
+	reseed counter = 1
+EntropyInputReseed = 328a55d87fc3acb62c7f9a2638a36372be43c6a78a243a53
+AdditionalInputReseed = 
+** RESEED:
+	V = c14559c821ffee45d73700ba3205da82ba79c4e29d87db79764c25e6a00c5f16b26236dbd9689145d4dba1efd10cc3bbb4dbe500be6be0
+	C = a4694912acd0b0e6572269e92fd4bc4f65e12955f0f35649cb2769633983c5ee969f7eef58c6d4579ee84e0bea3e5d685583c5962fdf34
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 65aea2daced09f2c2e596aa361da96d2205aee388e7b31c341738fcc688e32178f5f302a127d859b88e68a9337407968e7b770a7f20d71
+	C = a4694912acd0b0e6572269e92fd4bc4f65e12955f0f35649cb2769633983c5ee969f7eef58c6d4579ee84e0bea3e5d685583c5962fdf34
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 522a2aaf3d18c722ae0f1b8900d55dd6dc2f79ff65e4e305d93aa811d7102c2952eaa9e86e4c9e2660576bec4b144eeb58dde664d22539f6e2195d005cee6be43f3d858a8919b63b9214239c02f829ab8a33db12826ccf2c3547c4d6ad081fbfb8bf8e582722ff755575975e993ce412
+** GENERATE (SECOND CALL):
+	V = 0a17ebed7ba15012857bd48c91af5321863c178e7f6e880d0c9af9a79771686e520d5d29dd1c259d779f99d694fbe9f426cf261fa942ed
+	C = a4694912acd0b0e6572269e92fd4bc4f65e12955f0f35649cb2769633983c5ee969f7eef58c6d4579ee84e0bea3e5d685583c5962fdf34
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 30e4fc0706e2f09a9674c817e668f1cc0fbd675c33cf6d82
+Nonce = 0ab86985ae29c4f9718fed04
+PersonalizationString = 
+** INSTANTIATE:
+	V = 52013fe0406a46d99c309cf85367fb1cc438e0eb8592752aa215d03e1ec1d338adec62f06791fdc3a9b498f5d08f2faac2794b52df64ef
+	C = 4ac9eceadf4eea0e0774fdba4483ffcccef4224c2091c0b4a8c70129fdcb7636c63aee88a522d1f2a316dd125b877c990eea2f4d456206
+	reseed counter = 1
+EntropyInputReseed = 2a6e06c1a67bed1cc14eabce978440e738a4ba794f542007
+AdditionalInputReseed = 
+** RESEED:
+	V = 19681d64668cecaaf86e785f50101a5ee96c86d24f456206d0870cd03204ed4265ae9e732ef7b9911fe5d8e988639b6d4af82a8ba2c57f
+	C = 70d2258335f6bce88545a164e29df75744ce920922eddd084b029427eeca8ea5a0afc1ba6d52573b52079d0bc00d7ee3f9f6e359dd12a0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8a3a42e79c83a9937db419c432ae11b62e3b18db72333f0f1b89a1189de65eb30b346b96846f617847aa9dee6feed7ad6e92ea9d93b71b
+	C = 70d2258335f6bce88545a164e29df75744ce920922eddd084b029427eeca8ea5a0afc1ba6d52573b52079d0bc00d7ee3f9f6e359dd12a0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 75c1c1ef4e44889d857368d7c1a01de01038e75c933e34c1afb94f5efb3326130bc3734fdd28dd5326b8957aa8bfef4fa9579d74d46c60b69c458969e74cd161830cfa68a5e36291a79e1e97388b80e86af42acbf23e97064cfb2602a0c4cca8bf7c106c753eda58294c05e59303a6ce
+** GENERATE (SECOND CALL):
+	V = fb0c686ad27a667c02f9bb29154c090d7309aae495211c17668c360deb9285b928a985ea31dfadee27c8ebd1a485abe62aa334bc8136e5
+	C = 70d2258335f6bce88545a164e29df75744ce920922eddd084b029427eeca8ea5a0afc1ba6d52573b52079d0bc00d7ee3f9f6e359dd12a0
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 2283d036089ea11ac93f8fe87191eedbd458b99952a80d40
+Nonce = 41c099666fe0aa063e67fb87
+PersonalizationString = 
+** INSTANTIATE:
+	V = ef49177ff5ee6ec7e8b8c26d8a1c271231db27b9a7bbe3d75fa5d31d414f7d49d5a5234b165fd9825457a062facb665998e117f648f791
+	C = 1ae884e3a1947f90777a12c8dab053467fb58eb3c1077576cdee9063aac2c56faa5ae9bba2e488c9edb21f799fcfbf86333e729578f6bb
+	reseed counter = 1
+EntropyInputReseed = 6b257b7db4061866e3fe9c7e5300223d2c144c81f57a65ea
+AdditionalInputReseed = 
+** RESEED:
+	V = 5a98652fc14c1b6141b7ec88e3be2b7f80eb56e3914b10d7ddbb5f1befa4e4c467c5f7081927a009efc293e04d877a44340fdf224b2c90
+	C = e48139820f13a43a077cdf6b9789e18e65c297a37cadec2f75a513f2732a4f8b8c414907a7eb84d0ddd9979e8416f1d104a2e42575ce85
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3f199eb1d05fbf9b4934cbf47b480d0de6adee870df8fd07536073e17c0f34a99bf567648a245176080a241d9133fdf815495f88d7a610
+	C = e48139820f13a43a077cdf6b9789e18e65c297a37cadec2f75a513f2732a4f8b8c414907a7eb84d0ddd9979e8416f1d104a2e42575ce85
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = dd5ceca413871aba2673842218dd30e90b6b3f629357db543249029c45cd7362b0e6050d25cf065d036fc6ac56cc1ddb13d6b8b7f83efe94b54c704d1172c3e8fff28da11bd20d62e09e7618f433aba31b0715f0a750f0c7579435e5c9609e9bae5e5624f71b64ca8e050e77233e1b73
+** GENERATE (SECOND CALL):
+	V = 239ad833df7363d550b1ab6012d1ee9c4c70862a8aa6e936c905881629cf61151644fe541221d9b6d95ed24a1f986c10ea7e76e25f0c5c
+	C = e48139820f13a43a077cdf6b9789e18e65c297a37cadec2f75a513f2732a4f8b8c414907a7eb84d0ddd9979e8416f1d104a2e42575ce85
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 4dbbc736e6bf7c10e6377b1699d1eb9899a64d7c32bafd3c
+Nonce = 33bec5ea13f76d0d64cfa765
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6afad56c9e2e07549b78b1569af8f4977bccf75c33dc38e3c7e3616749f89e16d40ac04231e300e2186eb97f6c75a5c47e33f5fe1fe35e
+	C = 8517315706282bbe9a7fad33ff941cc17d10d0b0c9d2d7617688382ed22720490c77444d9c85908f962b4b44fc314d7b64ffa6398d5d6d
+	reseed counter = 1
+EntropyInputReseed = bebbdb72c75bbca211a259aaa3d105502c12f4ae916e2c0f
+AdditionalInputReseed = 
+** RESEED:
+	V = 3ecbd78b6308d97191120d27e5f77b68095ba8274f132a85c7130f0a459bbe21525bf8591192d088fb8327c16bbecc89a34ef99630248e
+	C = 6f780a8ded6ac5aa82e84bf322e94aea6006d9ad078ee33a911abb273ea506de150903323bf17ae76c2ab449da9dbb1b091ec3dede349f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ae43e21950739f1c13fa591b08e0c652696281d456a20dc0582dcb2f7768d566530e9118cf1a00d6e2f0ac3262efa00119d46a85ad9b00
+	C = 6f780a8ded6ac5aa82e84bf322e94aea6006d9ad078ee33a911abb273ea506de150903323bf17ae76c2ab449da9dbb1b091ec3dede349f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0473fc3d80adaaa646443f6a1170047f31b192be560c574ee0cd4f4aecbd6ff1b9e4e7f5ffd565777e4b68f95ccd3a265dc4936b3579857f3828411dc84d271a0c03b7b5887f96e9ba49d5c8795629ebde051bf002916f4776698612162ecf5746a155f118532487374d960237efa4ac
+** GENERATE (SECOND CALL):
+	V = 1dbbeca73dde64c696e2a50e2bca113cc9695b815e30f0fae9488681a9658499f8ba5b70ef18b9e4140342134a142e2d80f3562649af90
+	C = 6f780a8ded6ac5aa82e84bf322e94aea6006d9ad078ee33a911abb273ea506de150903323bf17ae76c2ab449da9dbb1b091ec3dede349f
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = e5ea2f47ed3d24a31ed3e98b6f36a2fa79c2781949f4d7cd
+Nonce = 9a2d51307ab287d0ffea8bdd
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8eb33683043efe812d371b524f9e3c38421e276b2c2594ba3eab84d720f12d421ebfe9c4bf57e2e3d1fe7268115f4ac854dcd3350fed53
+	C = a1d5305ba15293dd7b14a9b2674f756907d102fb55787532c5ce9ae7cfff59f1126c0907e24207a42acad14fa508b16c94c995d77ea928
+	reseed counter = 1
+EntropyInputReseed = 0801996f2addb24efb3c03aa2382392f9fad64e9fe24d478
+AdditionalInputReseed = 
+** RESEED:
+	V = 020021ba76da6959eb506fb885422d3dd36448ad4d8a9e0ecceff8bcc1ce23f5ab7d0d75d481fcf3618b30dc5626b0a8e955e94b0bec75
+	C = 1f7c33f0262cc334aceca95988efeef327209338eec6a6b8fc9c438973a8605d5e1cf0eb376d98e213c76d3ed40cc6aa3f0fc14cb5366f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 217c55aa9d072c8e983d19120e321c30fa84dbe63c5144c7c98c3cbcf76b594f7b6ccdbe6c217629562ac0c10138ef89f70d6c6a59fc3e
+	C = 1f7c33f0262cc334aceca95988efeef327209338eec6a6b8fc9c438973a8605d5e1cf0eb376d98e213c76d3ed40cc6aa3f0fc14cb5366f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6fd96cf56231054b94027549e3f299d37231effd5551ed68957d963b905f4baf679bfd835ddad8307fcf890053956da648aa7fff474c799cd346ec3d8109278967c48e5c47e9e1e349850bbe5adb60f33f9f58dfa1c34b08c1a019f161140f5f73cb60e09cacab7f1569662051628baa
+** GENERATE (SECOND CALL):
+	V = 40f8899ac333efc34529c26b97220b2421a56f1f2b17eb80c62881306119aacd5d7a80c335b42b62b6843ab48bc123a11b572f031f68cf
+	C = 1f7c33f0262cc334aceca95988efeef327209338eec6a6b8fc9c438973a8605d5e1cf0eb376d98e213c76d3ed40cc6aa3f0fc14cb5366f
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = f21a6b02889570514e7a08a8ece09dd2d36747690da21865
+Nonce = e13420c49ad54211afae3a95
+PersonalizationString = 
+** INSTANTIATE:
+	V = 011c9599f4331cb91b72aa087c46b8e83d3668f02c072d019d89f1f19470906f4219dcf3fa313f131a7fb19b7138a5e3ee24e36d27e068
+	C = d3676d41f7ec33981a05338c9118e9a789c171ba14b852ad2d2f7b3ab536bb76e550b269ba3e1eba76123979676d7007627b53bc89815d
+	reseed counter = 1
+EntropyInputReseed = 0c843cad73dfa0c1f616b539235377af8e86e0e8ce796769
+AdditionalInputReseed = 
+** RESEED:
+	V = 0f888b3696e075f17c37c005cb0acdc620a260a3a0b9d993faea7bef832cd1de5f651db51784f1dfb1f4b6d240eabeb29af689032c3d88
+	C = 1f914155941aae4a39448681cd28e7f65ed0ab3ed818705a6c399db6e4ec2a9feef1073645453b78a035de809e048b8a7ac21681c73a72
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2f19cc8c2afb243bb57c46879833b5bc7f730be278d249ee67241a2b798de92c53fbb1e5bfb54eec7bb8a7895509df1389b1b7cd014c02
+	C = 1f914155941aae4a39448681cd28e7f65ed0ab3ed818705a6c399db6e4ec2a9feef1073645453b78a035de809e048b8a7ac21681c73a72
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 643bdc4047813540899100b6620509917a2ab63c4da1776d2cf84ab8205d7cc98d4602306c6db4e9e22152e5fe1af276ac6c520bbaeabda55e3561ca3fabb5252155381c36957a90efb8e8ae9da0dddcbcc9e788f4759ae0f7c93e8809d10968ba1d1f6d3bff950b7d383c096b729ec4
+** GENERATE (SECOND CALL):
+	V = 4eab0de1bf15d285eec0cd09655c9db2de43b72150eaba48d35db8db805494b9083faff542760f5aec551b50013d91693fac4ae6178920
+	C = 1f914155941aae4a39448681cd28e7f65ed0ab3ed818705a6c399db6e4ec2a9feef1073645453b78a035de809e048b8a7ac21681c73a72
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 8e12e37353678c9063ae7dbcc712f3460b1e268c965d7170
+Nonce = 7d5963b7453429088927659e
+PersonalizationString = 
+** INSTANTIATE:
+	V = c490c0e3fb5f605731d017da7371ec73c9830453e297886dcf0733a546f60a0a53fb1a34ef78456fd94ed0d3af75cce49b7c6ea8b592a9
+	C = 95a1569dcb0a86d110028e56e3d4c1cef64877fb63ed44c3ed1015aa14a1764e1eb0281233e45ed1bc8d754a725a23c039e5d37a166d02
+	reseed counter = 1
+EntropyInputReseed = c2306edb0f6c245ff91a57989b12c41e2f230a9a364d4d22
+AdditionalInputReseed = 
+** RESEED:
+	V = 86806fcff463e9a6735f22e5e99d88ca190ce95c105621aed95dda153f064421c817f8904bf29b27ff11165312772235ce10bf3dd6884f
+	C = e23f04aed07255873f81948d24251e2f633aec5044d9700efaa5b2a891dab935f6dca5a0127770d8b0690ebb8ce622a1019dffcc7464af
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 68bf747ec4d63f2db2e0b7730dc2a6f97c47d5ac552f91bdd4038d82baad0bb21aa6c84e7a902d4cec31d063159c309a66d360bba87ad2
+	C = e23f04aed07255873f81948d24251e2f633aec5044d9700efaa5b2a891dab935f6dca5a0127770d8b0690ebb8ce622a1019dffcc7464af
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = dc2536d633a4e84308668bdf008a5699789631cd21c67d608d85586b481c657361b350fe813816871bee0da9098220db34e0284fc5a20afce6467793eaeca10a9734817a73ff946d4be67bd0955d147a24300b0393d05ec5c6a047b904efa7a2daefbc53a24d218fa70fc2eb08c019b2
+** GENERATE (SECOND CALL):
+	V = 4afe792d954894b4f2624c0031e7c528df82c1fc9a0901cccea94114a4d63350a92f9e5a9c012d773da1a70b557ded7c720a6416832bed
+	C = e23f04aed07255873f81948d24251e2f633aec5044d9700efaa5b2a891dab935f6dca5a0127770d8b0690ebb8ce622a1019dffcc7464af
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 614b80f9f8c8915bac7a08e6d79ec697947d1506a04afa65
+Nonce = c840df0456706776f0447d99
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7f6c0927ffc938a4c77b22a2fd2e59e890776f2fa59eaf17fe2b818c678b887bb3dc154b325f3b8eccdf0759b89252c257e7127351cd99
+	C = 0ded2aac30e9e6db06fd5a540ad1475ef0c4be546b74845efcf8994a03e99efde6311e1ebb25025e289d69d4260cb917ef3090722ae388
+	reseed counter = 1
+EntropyInputReseed = 461d2b699e1b97efd009aa2c89062690d9ee347464259a4b
+AdditionalInputReseed = 
+** RESEED:
+	V = 678c6fafe9db9adfb55434715f0681135086dfcbf945da3fe2e6a2a3fdc3bc3e1748cc3dd57b7c1ffa4465558c33edad139c4f3d602c08
+	C = c8295d12d29d64dbf6f1fde20f42b36ce775de3f8c586484e5ae0df83a6cdf24d4f298ae710ca42b8201931d858679ecba994454aee085
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2fb5ccc2bc78ffbbac4632536e49348037fcbe0b859e3ec4c894b16b6693fe027151cf0829b4901aafe1f2c14aa663b48a1ed9737c7d3f
+	C = c8295d12d29d64dbf6f1fde20f42b36ce775de3f8c586484e5ae0df83a6cdf24d4f298ae710ca42b8201931d858679ecba994454aee085
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b33babd4472d420eed89b7287001e85f22e8d7303ef6171c6632d9f720ad47931e4f7e9735bedde238db2448b8d8efa90ecb9df0fce2bef1e6b3603f03c284040df79b4ba52f6d6e4a9abbfa5c902767bed77110f1a65574f93693a83302b0425734e9e6c189e38d3b49ad8eaebaaec5
+** GENERATE (SECOND CALL):
+	V = f7df29d58f166497a33830357d8be7ed1f729c4b11f6a349ae42c00d173771131cccf08edcad2bf27addcc624cfd94af875804860e7c72
+	C = c8295d12d29d64dbf6f1fde20f42b36ce775de3f8c586484e5ae0df83a6cdf24d4f298ae710ca42b8201931d858679ecba994454aee085
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 0d8746816f46d48d0decbe9da5fbbec099c97d3aa9438218
+Nonce = 71ca5fc2ad2695c7e1a32599
+PersonalizationString = 
+** INSTANTIATE:
+	V = df01b3c08046360b33132b8da805bd5a2806ad2d0be28701e70004e9f0710322bebabf5aefbd4d750b6cfc48d3b93849e7aa0fd063e7c7
+	C = f8da7bebe3aa4378acf8dcb6d14c74c9e5aa470df1f0719fc4e3eee57bc1a852496977406ce1f3784b4555b7a103a387f11d7294d66590
+	reseed counter = 1
+EntropyInputReseed = 060a40cfa3ae969c42e900b24f506dc430192cb71f60ffb4
+AdditionalInputReseed = 1cb0d38c1fc76820ace30a25e9a5f0bcf7ee7beb5326e37e
+** RESEED:
+	V = ed96a9cc7252d66d55e952ca944d5889b8af79785ad3eb350be3a4dd85d54876c68c77f3c3551feb83979f976ff1bf305b2abc442ab61c
+	C = 16b89c6846c4acc6ff8cada8b9e6e132f7564092d6f7f10226524998ce63ea9ea260b79afc878526203e509cb61ed12ed6f812908c53e9
+	reseed counter = 1
+AdditionalInput = 82c06986bab01d3eca13c476a2442e115d4747954a7c4c1f
+** GENERATE (FIRST CALL):
+	V = 044f4634b9178334557600734e3439bcb005ba0b31cbdc373235efd1926ab8324bd4ab2d124cd10f75d23690867808ffaa71adcc68ad31
+	C = 16b89c6846c4acc6ff8cada8b9e6e132f7564092d6f7f10226524998ce63ea9ea260b79afc878526203e509cb61ed12ed6f812908c53e9
+	reseed counter = 2
+AdditionalInput = 33522a22682fd3c471ccd734174547c51f9bef52ebd0bdac
+ReturnedBits = dd088076298ecab0ada39ec8bfed5f19ef80781ef48a125974c5395bd733575331a960cc999b61a0c559b4ce2bc3386ee0808801103242ca1d77832db0efb6c0ed40b9616e1cb95fb21fb308f5ffc1c122a442786ec7a81abe0592027205ed8af8860f79afea881f43a7e0a67159dfe4
+** GENERATE (SECOND CALL):
+	V = 1b07e29cffdc2ffb5502ae1c081b1aefa75bfa9e08c3cd3958883a8bc5956ec4f26a4253acd503f688ef7b293162691d7020aafcfe55df
+	C = 16b89c6846c4acc6ff8cada8b9e6e132f7564092d6f7f10226524998ce63ea9ea260b79afc878526203e509cb61ed12ed6f812908c53e9
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 2a1aabd1a168c68c3ecfed546d5fbf7c565079f58b0292ba
+Nonce = 4f8dc2adc4af53367422ab51
+PersonalizationString = 
+** INSTANTIATE:
+	V = c37bd13cda5684d05c15cd7d4e3a2bcff7dbab375c664f55839dc72646593e22f44496632d791b201ee90763ad6b14ddf6aea14ea8e037
+	C = cf818195e18910ac4c8720a8a14f217571caebb609b6ef3e1d4ee6a253536652bc01a21b2c39fbe6eb9e69177632dae5614acf5bfd63fe
+	reseed counter = 1
+EntropyInputReseed = e483690b971884d59761d25ef12190f4b336d1873c4e6ae1
+AdditionalInputReseed = 90602c1dc3582f00a8f496c0568f3d2fa375e2e610daf52c
+** RESEED:
+	V = 3b9977e43b933dc149df7c845c3d9e5319955350cc3d01ceb54a0081fb0acfdc958668d0b4c2776641951c9a9309d8d2337eaba90daa90
+	C = e35ddd624c74ff1cddf6272a7b36a0d8955850741e99966fb41554bdbdfe700aef18e7c81625b1fcef99f1dfc24ffafa1136ba1e747fda
+	reseed counter = 1
+AdditionalInput = 5507634ca65cba27333256cb565176df08e98dc9c37bfefa
+** GENERATE (FIRST CALL):
+	V = 1ef7554688083cde27d5a3aed7743f2baeeda3c4ead6983e695f55df4537ed6d41a129641d0a9c1f64ec575551d6fe382a217d5554f8fa
+	C = e35ddd624c74ff1cddf6272a7b36a0d8955850741e99966fb41554bdbdfe700aef18e7c81625b1fcef99f1dfc24ffafa1136ba1e747fda
+	reseed counter = 2
+AdditionalInput = f3499d011cb6f0fbaa78cff0808f1c2cafd94d2f7d0eb0e6
+ReturnedBits = 8ce63c76acfbb72bd9036ff521556be28f5fcfd5018dea48b8c055f238a86cfc320fda6d54af978ad058a3e835d0abde9a919da75e5daaec44b5d4a336fac02c96a664286e4173b955a963f9291d9f101a66829e73370216cb3ece8ab56d04baf4d71e60292b02a1ef0ac38b4317deb6
+** GENERATE (SECOND CALL):
+	V = 025532a8d47d3bfb05cbcad952aae0044445f43909702eae1d74ab34b5f6d50b21722d71770beafca444feeed8fbc16c0ca557342c9d9e
+	C = e35ddd624c74ff1cddf6272a7b36a0d8955850741e99966fb41554bdbdfe700aef18e7c81625b1fcef99f1dfc24ffafa1136ba1e747fda
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = f514fe81d701d00cb56f123fea34c32333a82e1d5d30502c
+Nonce = d84647213560f64210c595e3
+PersonalizationString = 
+** INSTANTIATE:
+	V = f1ab0afc8b9f1f39814cec2aa6710655276d7a6b8d7c5af29b23bddaf24a0ff4355051617fa3c65c6e0271fb84341c8d074d285b118d4a
+	C = c4a64c7d3ce625e509f2c344f19cbddad1630069d72e9fe4aebd1d30ab6df4051254f700917ecf71e575e591b6df3bc832c50ba48f524a
+	reseed counter = 1
+EntropyInputReseed = d8ed63b714d2ad08ce7ada0669e7430e229c48a250fe1c40
+AdditionalInputReseed = 8caebd256977284187fb6a6048ec675806cbe0ba2fb71362
+** RESEED:
+	V = 55fddc8172341f2c2deca7d9f90869b7fdb0262afa1867a489b2652023bc933774d6c1ceb6285c62314f5c9d6e609c15b195a4a94e5fe0
+	C = 03f6f5b99374540db413907eecd2a5de70df668165a9c0716b3cb068d9179d872006b8adee19f4f91831e822a94b2d9cef428d81027b92
+	reseed counter = 1
+AdditionalInput = c1d1e670f4e1f7bab1439ad9eb095790f3eb1964988565aa
+** GENERATE (FIRST CALL):
+	V = 59f4d23b05a87339e2003858e5db0f966e8f8cac5fc22815f4ef1612311ed0adf8560fc3189a5c91e0281073e8a465b33741a0ee45af49
+	C = 03f6f5b99374540db413907eecd2a5de70df668165a9c0716b3cb068d9179d872006b8adee19f4f91831e822a94b2d9cef428d81027b92
+	reseed counter = 2
+AdditionalInput = 88e749be9618463e724683d5f7fc7c501d61fe53aae6af87
+ReturnedBits = 4216c6a37b24db0f9e564c0e5569ae95d4f5b18d6e5fd601f639cf5b306de6fe48a12d3b3a6b0a74e28947c1dd60c07c9d3792edfe89b1bd3ef09e49dfcc8d68055efd8431cdc673d29c067433b4220fe8b466c1f6d5ae371c3189bb03701d38aa902cd471fe5f57ce7916fbd486cf6c
+** GENERATE (SECOND CALL):
+	V = 5debc7f4991cc7479613c8d7d2adb574df6ef32dc56be887602bc6fe8f05d82912bea230e5acd0c294da9ed2f97d23ca3d9182d933b1d1
+	C = 03f6f5b99374540db413907eecd2a5de70df668165a9c0716b3cb068d9179d872006b8adee19f4f91831e822a94b2d9cef428d81027b92
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 5d528ee79d5fe92ac9141a367425d32d7c469aa541fe69f6
+Nonce = 4df45410004958128a2c3cda
+PersonalizationString = 
+** INSTANTIATE:
+	V = c0e88d947d2dc7fa5645361172011489ed37e94b1589ca5e73fdd7211b89be74296cd4f23bab51bb088868cf1f2544168dd89a752e5aca
+	C = b60526a905d2882713c758a4aa023e4568861af7595696da14f45747c04a183d22726a596d65224d203b97adcd01fc5b7821b6e8dddc10
+	reseed counter = 1
+EntropyInputReseed = 2ff95f54f5db7a9fc431e7970571968f556ddfe899012b28
+AdditionalInputReseed = 1f9b6940a07b5ef670115c1147358b751304a1d5b279e833
+** RESEED:
+	V = afaf892f38fbc89c6a837ba508e063c1ed5a970c15548a6c555b9ce0f184d5b90d68db0dafbd57b44de8d71c2d3c9493054c06546d4e1c
+	C = abbaf2b477d6362e4b36dfd62e527d27903919cab48bb46e821cc44f4b70d547c258652fe90422f6e0ebd8a1d3bfe6c6a9ff86d0d89274
+	reseed counter = 1
+AdditionalInput = 3218f203349cf1902c59fd0fcceff19036083b8ac8ded73e
+** GENERATE (FIRST CALL):
+	V = 5b6a7be3b0d1fecab5ba5b7b3732e0e97d93b0d6c9e03edad7786283a4b6a4d3095c4350dc4be70ba97d31743517f024171f2e373ee25f
+	C = abbaf2b477d6362e4b36dfd62e527d27903919cab48bb46e821cc44f4b70d547c258652fe90422f6e0ebd8a1d3bfe6c6a9ff86d0d89274
+	reseed counter = 2
+AdditionalInput = 1060a82bbb0ee722cf2edd5309629f614438ba6ae4ba5781
+ReturnedBits = 73bbec9c823b4eebe410400683f7f95c155903952f4b58b215dbae6bf5f2b5ac595c696ed04e708e886374f263df75de6c7f4d9d33b9d2722d7b8e95bc61866668e399bacd6aa44b4bceecc5ba7539a0f9f7bf4b3e4ad61c9ba1fa2e968756dab50911f390ea102e39b56534a0644a77
+** GENERATE (SECOND CALL):
+	V = 07256e9828a834f900f13b5165855e110dcccaa17e6bf349599527ef77f7b632611b26424d8e302b3f890d0a34e60035dbb6585171909e
+	C = abbaf2b477d6362e4b36dfd62e527d27903919cab48bb46e821cc44f4b70d547c258652fe90422f6e0ebd8a1d3bfe6c6a9ff86d0d89274
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ba00c73d7b4b9c68ee7a0308f8e45c0392c611eab36eb64b
+Nonce = da8feb52ab4cde7546924602
+PersonalizationString = 
+** INSTANTIATE:
+	V = f3284f44ff77240561515826de528798438e18615fed1c695f4aad1509fc9b312de710b703330e5ad682fb8c1f2da6dd1a16c38a329390
+	C = 743ca7d02af4059446c9aa35576335fe8f1cb8b31e0fcf76f985853cf430fc61fd7c117fed2b8c82f166ef45a293b9cfa7096346d86ddd
+	reseed counter = 1
+EntropyInputReseed = 0113cf6429f50a2b2dd4543f5ddb31a68084389c9b4e5ebd
+AdditionalInputReseed = 36e610c0e603f6393d6cd25deef17177ac448fe69b773f47
+** RESEED:
+	V = f296e141485ab98c60ce899eda60cf739305dbaab2632befc365f118c64299a497bc37ef6af9a4e42ef26d5ef8672a17414160cb872784
+	C = e12220e55186ec4e5c84c4b3240cd1444736bf52342c1983e6da5382c992fa47cf24378cc94781b46f2cabaaaa916b6d1f56b340caf7a0
+	reseed counter = 1
+AdditionalInput = eee9b172d3660bb1ce3dc25755541af2da70805c8791f39b
+** GENERATE (FIRST CALL):
+	V = d3b9022699e1a5dabd534e51fe6da0b7da3c9afce68f4573aa4045b9f11d0bfc41fea38577670e15c35b9e35594fbe09c080f09b00bcba
+	C = e12220e55186ec4e5c84c4b3240cd1444736bf52342c1983e6da5382c992fa47cf24378cc94781b46f2cabaaaa916b6d1f56b340caf7a0
+	reseed counter = 2
+AdditionalInput = 0501f6c91586455d60086ba84904bc01c44dcb2575c13d2c
+ReturnedBits = f1757f26d8d9f63beb614f4d33243b18411b4e266238e2aec14f8df0969baa79247a2c447901bc4f345cbfedd46f6c1d9ccc3d9b8263007f010c481e903141e10723d4d6fa7e12061c3ac5df6fc61737895ca8d7d167b6a508a2afaaaaa10f14e6729e523e611a82648d2ca510da3e4e
+** GENERATE (SECOND CALL):
+	V = b4db230beb68922919d81305227a71fc21735a4f1abb5ef7911a9aef07f3ab3049ad35924372a55f23b0378fa9219824fd67f39bf7cd84
+	C = e12220e55186ec4e5c84c4b3240cd1444736bf52342c1983e6da5382c992fa47cf24378cc94781b46f2cabaaaa916b6d1f56b340caf7a0
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 31b7d9bc888aa28f61547639da2cad0ae5a612065679dab0
+Nonce = 534e0ba9e2b197b93a417bef
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4dfa6feda75c79b7fc599b8f66a35bf9e86379550e50ceb564c1ad58b6a6bac02291f8cb006d9902f9e0e844eb0093ea9b296c84df06bc
+	C = b986d35c5e706ff92e63f65ef4d7bbe43a08cae28b0456b8af3ab601258c2269b4868ee987f34ac05740e1310ca658dcdbbe301b3c1b5c
+	reseed counter = 1
+EntropyInputReseed = b23b8fbf40fc736a779442356e9b01789275e8de1ca3a4ae
+AdditionalInputReseed = 968efdc792f2c4375525758e8d51fc2aacc588f555c9a7dc
+** RESEED:
+	V = 3c1a9daa9ecadc1129b1701fbd40029f04dbbe01b7eee804aa22e4d020187a6bc72576e1573b476e590fadb336a02302b4bedcab2b213b
+	C = addce0c6a7f06acdca123ec84f55925247415892066222a88a82e3287dd4ef25ae78746d5986c834282d212058623312af2874be5363f4
+	reseed counter = 1
+AdditionalInput = 71dc0d40023c4d731a4d5f3d4e70237e84f7949d1a266740
+** GENERATE (FIRST CALL):
+	V = e9f77e7146bb46def3c3aee80c9594f14c1d1693be510aad34a5c8a2545c3747393cc94d16f9c85fc1f91f6dc229361d80591e9b372c9c
+	C = addce0c6a7f06acdca123ec84f55925247415892066222a88a82e3287dd4ef25ae78746d5986c834282d212058623312af2874be5363f4
+	reseed counter = 2
+AdditionalInput = f664eaff1dc0a951592210fc7f0039c9442bd7474b4a88a7
+ReturnedBits = a2c2ad289e4a5144fc0cd032ed1c13238cda7ef8bc6426b1b1582c5b2489a53194f916f89328fa716ccd9c4e2d56040dd66fba6a2c5c97eba6b1655255d7ae2193d2d6f1da04ef491aede5a2b40986f9a48b1a6f5e1142f7bf676f285e2baa4826f35bd66ea37934b68033a34f535958
+** GENERATE (SECOND CALL):
+	V = 97d45f37eeabb1acbdd5edb05beb2743935e6f25c4b32d55bf28ac8b4375c6b6427f7a8f49cc299a437091e01382f34c14afcaa1cf5d66
+	C = addce0c6a7f06acdca123ec84f55925247415892066222a88a82e3287dd4ef25ae78746d5986c834282d212058623312af2874be5363f4
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 82bc60a3303db206ded373f5394bbf64beed1ff43a402088
+Nonce = 24ea7acf6a63ff69ab75ffbb
+PersonalizationString = 
+** INSTANTIATE:
+	V = ab82f33342b4c32dfac6484ebc68f8adf9dc4de634366df29245f17f506d98e3631ea76901b03497a26b591e1c9309ecdd09814c34ab1e
+	C = 67886ea25400ae67bb2991c68c9315ca7d28d88a6cdec04caa79f9c4b19332be4d41d0667b4c0b9169528ccaba534e73d7d164ce7d12ef
+	reseed counter = 1
+EntropyInputReseed = cb68d89c8c16f773ad49a8b274d2b39bfbe739bb8065efaa
+AdditionalInputReseed = 0dfcafd05ef820078d682477732bcca1786aedd0175ab1a0
+** RESEED:
+	V = 099ebb0d1d2ed4b4608d43a0fc579a0a60409c25ec63be4164a668ed3f7f8e98b7164a895072019cd6f1ec1da848f79050f9e37c6fee61
+	C = 50c246afc2b3ffcd5dc83914fda49f57bcee359480287826c4ec6a16f65d9faf787259857773cff1700ed659424c04dfe4c6959ed102ac
+	reseed counter = 1
+AdditionalInput = c03e8ed275260921f1773227fef8f6c967ac8166e39f8971
+** GENERATE (FIRST CALL):
+	V = 5a6101bcdfe2d481be557cb5f9fc39621d2ed1ba6c8c36682992d38ebf114650140c47ae16be7a608a1430bb81bd2ca68c64d44c224f43
+	C = 50c246afc2b3ffcd5dc83914fda49f57bcee359480287826c4ec6a16f65d9faf787259857773cff1700ed659424c04dfe4c6959ed102ac
+	reseed counter = 2
+AdditionalInput = d7ea495d5c95ab7454110d9dddfbbbca2540b8818d438fe1
+ReturnedBits = 2ad56f0fef79d26e83a4d617cb69d62c1c2b79f935fb0797f494f7594bc14a9911c0a7458cb24ab9e0ed2e7298f14e753e3383491a53b05761bb337d19e47bcbf48a89575d093668338f64cb60316ec3b03fbe660dbbdf64000c69e555cf5137c55acccc12a4caa1c279e1c6b88d9840
+** GENERATE (SECOND CALL):
+	V = ab23486ca296d44f1c1db5caf7a0d8b9da1d074eecb4ae8eee7f3e4a356562e32d3df12224bf75c01a413b78770eec8364e78c954ca64f
+	C = 50c246afc2b3ffcd5dc83914fda49f57bcee359480287826c4ec6a16f65d9faf787259857773cff1700ed659424c04dfe4c6959ed102ac
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 31687dbf6c8cac4d6df2dfd5a8f9e8096ad104083091d39e
+Nonce = 5dfb02af1ae5e2c6b86feb0e
+PersonalizationString = 
+** INSTANTIATE:
+	V = a0544820410dd8671c33e0f225eac32e1bb7322b9038e247cb6844c69be67c9cbd755f47ae74e305c8ab87d911b0af708a6030e0cf4e98
+	C = 6998aa23a93248d5231908d1df3530d22c7a92b0a542472ae5e75b7bdcd78a33dcbbcddade69ebff34da88f7b8246882e5ebf82f26a686
+	reseed counter = 1
+EntropyInputReseed = 01c6796a6361f75c266831027e913520106af8f056c8961c
+AdditionalInputReseed = c573c1a5441b26648edae6c161597d842a946555e20dcf16
+** RESEED:
+	V = 30102c072111251fa46ac4fc3864a052be1f9f81abe08a09359ca5e3998c7a62216c97ea92b2316970ada202d09a60e73e2fb49c2f01a6
+	C = df5f5564468e58d1bfff1735686a90e1c690208b676233fdc47ae1e3e7626cddfa09dc26feeb6cc9bac3c7b5f468750eafdd0c361ab529
+	reseed counter = 1
+AdditionalInput = d26c9d556a439565527e5ac210d1b6d3de024454f8092437
+** GENERATE (FIRST CALL):
+	V = 0f6f816b679f7df16469dc31a0cf313484afc00d1342be06fa17886e08a7eba9954cc9d1e0b9fca43f9c7001c8489eb4a9cb9222808eee
+	C = df5f5564468e58d1bfff1735686a90e1c690208b676233fdc47ae1e3e7626cddfa09dc26feeb6cc9bac3c7b5f468750eafdd0c361ab529
+	reseed counter = 2
+AdditionalInput = ca4459e295c0339928c2925da6e457c9ed6e0b01926aa9fd
+ReturnedBits = 5023779eadd3e29c7e4b9b77ce97f10b1867217264c3140258c6093b3fd2fe106a9bdde8f7e1883598b9b8d533f78d3863d9670f1bbbb3e50f858f0fe0370e0ca9ce0b8c408c850b35971794a4f40a5646573a09efef4aea4da2c76c1f49b3c06d4d4909d813c9334cba34feb7d28415
+** GENERATE (SECOND CALL):
+	V = eeced6cfae2dd6c32468f3670939c2164b3fe0987aa4f204be926bca335501a59dd90fdedb187b438c57ccffb68939d622cda2d4e4cd12
+	C = df5f5564468e58d1bfff1735686a90e1c690208b676233fdc47ae1e3e7626cddfa09dc26feeb6cc9bac3c7b5f468750eafdd0c361ab529
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 8519d0e52af485fe050d2efb2dc84db7c28cda48323b2926
+Nonce = 8b5243416f397c42d76c1a3f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 21b700a30305941dad616daf0381b27f5682bf7d64f099c513c1df4578e18fd2f515909de5911bfaffacc1b468a83876bea338316ddaa1
+	C = f2cf895cc957f6a3208cde4a8b2ec932ebd182765079508913030c0639d5cd0c35253c9857bfc62cd95dfbedead4fc14681d85333db3c7
+	reseed counter = 1
+EntropyInputReseed = 0ecf8fcf194c306681d36f21d2c537484b250c938c9122e0
+AdditionalInputReseed = 54f8a8df99f376421828c3bf6726e53b06fa4d7af7807126
+** RESEED:
+	V = 004991179ca2cfe3097221c0974376d09fc2de9d315189416df5aa91e4ccba0cd794c5d2792bb244dd89a6baf3b08b720eeb2aa755afaf
+	C = b4024a57f5eab309f139362150bc8a234fab1134ce2d5707369a364af83caf33f165a6ff2465582f00f5e9414dd0740f1ac3b2a1cedf04
+	reseed counter = 1
+AdditionalInput = 9901054634d123eb048f586d576295fe563c5c3c0bf24cbe
+** GENERATE (FIRST CALL):
+	V = b44bdb6f928d82ecfaab57e1e80000f3ef6defd1ff7ee048a48fe25ffc7c58332cfde1daa6e4c855bbfcb20351bb0a3e4ae31d206f8998
+	C = b4024a57f5eab309f139362150bc8a234fab1134ce2d5707369a364af83caf33f165a6ff2465582f00f5e9414dd0740f1ac3b2a1cedf04
+	reseed counter = 2
+AdditionalInput = 6c425265c5db22f0a5dcfca27a6e8d0550394f25fc26b537
+ReturnedBits = f4c8ff53737cd96cdae8bdf720b6a797f0598a4b5d8fc22edb70f7c29eb2982a4ab1f891578ac7ecbdbf51de6d57e9e7edbd1fe183ca07e0773ac54441e51bd2d0884749da70d072124a3318ddc7e57efca8ad99f25c003946b0d517682c2dd144b45fb6252a2ac122492abf09fdae32
+** GENERATE (SECOND CALL):
+	V = 684e25c7887835f6ebe48e0338bc8b173f190106cdac374fdb2a1933ee268f7d6c775e681ae4e31162391fc7a57b64595f5b1ef866a1b2
+	C = b4024a57f5eab309f139362150bc8a234fab1134ce2d5707369a364af83caf33f165a6ff2465582f00f5e9414dd0740f1ac3b2a1cedf04
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 9f1eccb34fd83c8720d0ce7a6b8751c7b9471c92ac91ad2f
+Nonce = d32e32f92b5833e873ac09a6
+PersonalizationString = 
+** INSTANTIATE:
+	V = c8a164531c73993626f129b57385d3ec032a8e5883221208244026cf08544eaab4a07eb6c0312877405c7f130f492088357d949b21ad4e
+	C = adf41887c13def505b1dee140413b464cec45e40a27c2360811baeb0c7cf58f9b3030d64425b82b63b9975ba9cd7f388b7105e23cd728d
+	reseed counter = 1
+EntropyInputReseed = 2680d41d730a9ac4e23dcaa923ccf0dac58c5a98c29841db
+AdditionalInputReseed = e0bd09baa4315caa0454e941f9be7635c255dd639ed83754
+** RESEED:
+	V = 3ef6dc261fb3176ee408f8c3d4007a3d0f42b1241ea363f2cc81948ecddcde84670c500bee280b55040b4df7ff20b9c77f52fd29492460
+	C = b0d2db8c5dda7d7525cc0ec5ca9560027d20fe281b4b17f6a73e6f8ebd31e4ad45cf988edec93db61e6d5b017df95b8fb3635c138b72d6
+	reseed counter = 1
+AdditionalInput = 29e79d0b6ab76232bb961ec7ec9f3b5fcdf9774b4646fc8a
+** GENERATE (FIRST CALL):
+	V = efc9b7b27d8d94e409d507899e95da3f8c63af4c39ee7be973c0049b140deb96f986574e1d504eb855d815cbc57327e821cdfe6b874e24
+	C = b0d2db8c5dda7d7525cc0ec5ca9560027d20fe281b4b17f6a73e6f8ebd31e4ad45cf988edec93db61e6d5b017df95b8fb3635c138b72d6
+	reseed counter = 2
+AdditionalInput = 1edc3365a7db51ba864a93e5bda20a0927582bd44be82ef9
+ReturnedBits = 2ab841ffbd8af668b13f8e5f13748ff02b1dbc8346fa353b43a8594efafc7f19cc4e627ecf50e99c9864633df0bf823a3044f24a4b5b5b1134d43b56903b8a66e392c8aa41411b0513508f4b469f5de6d5298b268b258daf6ea66b7bf0e2dd6f3c6fe16c7c28ccb94f7cac61462c0121
+** GENERATE (SECOND CALL):
+	V = a09c933edb6812592fa1164f692b3a420984ad74553993e01afe75f7d011e07642c1ae49dccc586b4376a25d7b0b0c14e407fe91426b0b
+	C = b0d2db8c5dda7d7525cc0ec5ca9560027d20fe281b4b17f6a73e6f8ebd31e4ad45cf988edec93db61e6d5b017df95b8fb3635c138b72d6
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = cb4bed609cd651aaf2aa491162f4473ca85137615c1378fe
+Nonce = 584ddd86a3f2bb036babcf8f
+PersonalizationString = 
+** INSTANTIATE:
+	V = dee51d12533727595c550ac7a113017ad1ae15628d30dc29f88d6db9b0a4c39589d7d00cccebbad6e555d4dfe8b71e115ee4919e117d3d
+	C = 7f8da71f3114df3665ebe56caf8e6a7e3854e2053b77baa4ac549e1f0ad86cf4cb24c25f64120f14896d1a8c49a900b409cefad8775ab7
+	reseed counter = 1
+EntropyInputReseed = 90ed0d20d79cde8484c426455f4a1e60b1910190d11f1c8f
+AdditionalInputReseed = f14c5c737c335d10ed7b564881c9bd0045b61fd05c241897
+** RESEED:
+	V = 64658bd3b5f8a52898014328ebfbb143038ddc6828d0776938766db479067c17a3b774aa614c9ebc02c70a1e0a93c7e131fda24845b22d
+	C = 052b492df55cfd96e6629df8911917b3afb1dfbb2c3de336044c44d82bf7ed2894a4affc832f016b3f206d0009cb00ec02526c5d239662
+	reseed counter = 1
+AdditionalInput = c891faad9aca9b3dedbc75a6e0ae9a86748ce5f6126a9f01
+** GENERATE (FIRST CALL):
+	V = 6990d501ab55a2bf7e63e1217d14c8f6b33fbc23550e5a9f3cc2b30fc79a719ad27f93c8b5a60840bf0ea685bb11d48e81243c3c7d2faf
+	C = 052b492df55cfd96e6629df8911917b3afb1dfbb2c3de336044c44d82bf7ed2894a4affc832f016b3f206d0009cb00ec02526c5d239662
+	reseed counter = 2
+AdditionalInput = 5ad454ebe4675038fcd1f1933e8d1fe15b7e9bcaa6ade6de
+ReturnedBits = 9aa5afbcf15869136009b599b03cc4d7e18b7f354bc8393cc5df24858609761fb3cf147fa042cd01124723f7752ecd20ea64f2d7f444ffd830b99d592e1a7168ee3259bd496b504f138d1a502d04636dc66cd5493209a582191a5ab1b83aa5132f60d671fab4942a3f5bda9a67829d5d
+** GENERATE (SECOND CALL):
+	V = 6ebc1e2fa0b2a05664c67f1a0e2de0aa62f19bde814c3dd5410ef8d6a82aec7531d5c4f6583f9156d8a894d35ad8a0ede4025682aaa669
+	C = 052b492df55cfd96e6629df8911917b3afb1dfbb2c3de336044c44d82bf7ed2894a4affc832f016b3f206d0009cb00ec02526c5d239662
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = d6412681392b71c5a90af1d0970763e9738e65ba740edef0
+Nonce = 3d4259845c9700180b671af7
+PersonalizationString = 
+** INSTANTIATE:
+	V = d851ab10a407fae27f55f9b4426cfd9c778bb527e08c46f7e8241970f143219d5a5b8d09cf5d1e09e1b52ef9cde8d57a2f531c2bf12360
+	C = 60bb33a6254475e1a7ed73a466c30b5132227f9339d3b220a73cebfd63008bf4de06c19154c33e7bb9f3d93bd977a95e79ea1c15fa0936
+	reseed counter = 1
+EntropyInputReseed = 33381ee9fc40336021584af5a5f02556ecb15e9fad90b2ef
+AdditionalInputReseed = 63716821fdb2bbd8d808a0a3a46a5d028a5bfac414e6fb4c
+** RESEED:
+	V = ca64db4ce13c0193d2b2d9b56e9a55df1e921fb34c109dd2a22d09a284ca4a8093193ce231a3f7efdcffcb87a473361b2511d1dd805ee1
+	C = 4250b7cf49f7bc12678a88393fa40d7e1e36b1b3b59cf4bfec04c8768ea27b547ba620b1fc936d06c31de04528688bb4399bb2f8e6990d
+	reseed counter = 1
+AdditionalInput = baf41739b86f8b5c635b877f976c6797a7616a8d62bef5b1
+** GENERATE (FIRST CALL):
+	V = 0cb5931c2b33bda63a3d61eeae3e635d3cc8d16701ad92928e31d3cfd49bee37ecb794714e40fd3cb1c4d4c64384aa0e2405d5f691c67b
+	C = 4250b7cf49f7bc12678a88393fa40d7e1e36b1b3b59cf4bfec04c8768ea27b547ba620b1fc936d06c31de04528688bb4399bb2f8e6990d
+	reseed counter = 2
+AdditionalInput = 82e2fd41649df4d88cb45b917cddb977315783acd5586689
+ReturnedBits = fe573266056a568c9439f5c7012a026e02cdd8585dcf85eb2e4982d4ba3dd2fa44cbbdaf772eaad5319c30b8f03122db215fd18d4945667d8ca536140d0fec62d975f2b1e3df9b3894a3f203f79f49bdb8ded9e7ab0fdc1ca3598f683f24c5ff264bd8694add7dfa65f2736406189762
+** GENERATE (SECOND CALL):
+	V = 4f064aeb752b79b8a1c7ea27ede270db5aff831ab74a87527a369ddb5af8f43de9a7dfed60dec089ce9c3c73893bb5a972e8d818b1e0d8
+	C = 4250b7cf49f7bc12678a88393fa40d7e1e36b1b3b59cf4bfec04c8768ea27b547ba620b1fc936d06c31de04528688bb4399bb2f8e6990d
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 980fa8309222fe77a5cd1970aa3278ec0aa966aba6d6c70d
+Nonce = f8aafaf32d5df3c6b0de3a9a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 85f68d41522d4fc1f8f65f23fcedc9b8c2a88d2b7facb8dd5325b4f6de37d29ba0e742cc16c582d6fc0bc4f3a4159c520bc7eb1cb29ef4
+	C = a4ac8b3ddd0dc692971e093743120b3be0a2e9e38bbc211d5b1478805dec09e1e8d4eb4daa2ef4e03945b372fdbb14b32a746f806b03fe
+	reseed counter = 1
+EntropyInputReseed = b0e733c4e60e8d4346fe1fd93e9d5de73d6168c870158f9d
+AdditionalInputReseed = 35d178ae34134e2ef048e4a190df401a70a4020d018991d5
+** RESEED:
+	V = 07786e78b16c19cee1cf8e699a1d57ecdce3157c235c1121fc4184e7844e0aaec6c1de1ee81552fe2efc920f9b9af198ee60a3b29d1ba4
+	C = 204ed17d80d9f9f533f7a25e97f282d73a01a686023addc731825a1aee7df57f503ee44e864bbf8dccbcd1305520eb58ad757300fa5bb8
+	reseed counter = 1
+AdditionalInput = 5e7d42aad76bcc9c803c2c3fab5f32e31a15d88361830e5a
+** GENERATE (FIRST CALL):
+	V = 27c73ff6324613c415c730c8320fdac416e4bc022596eee92dc3e0742939c6a5ed4a190467dd40527269e07e1cfd03565149b128caa319
+	C = 204ed17d80d9f9f533f7a25e97f282d73a01a686023addc731825a1aee7df57f503ee44e864bbf8dccbcd1305520eb58ad757300fa5bb8
+	reseed counter = 2
+AdditionalInput = 6b93da08db63a0362c8adba7d3b40a5587b4b47fa8f942da
+ReturnedBits = f6a8e41a31c73578897a45d90945b164543052d786aaba3cd15d2e7167f606a7de29fb42bd7100fda8218ceec57b2bfc4470f730c991f6bf0c46908e19c08ab45bdf39fb08678b59af4727d33809e6e9fc24bb4ae4c5dc0f021c34250245f1fd418f6cd1bee892d19f7efed28b2bd8de
+** GENERATE (SECOND CALL):
+	V = 48161173b3200db949bed326ca025d9b50e6628827d1ccb05f463b9171c7b0b1114221dd167d97dbfce8d22b854676015b96780b3f0905
+	C = 204ed17d80d9f9f533f7a25e97f282d73a01a686023addc731825a1aee7df57f503ee44e864bbf8dccbcd1305520eb58ad757300fa5bb8
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = eafb1ac372870c758a066dc6aa9aad255345aadb69627878
+Nonce = b905a989d91c5a329dd11265
+PersonalizationString = 
+** INSTANTIATE:
+	V = ce45037161029fafaa00d42b3bb384518be91f3e44b2c7d01cfc5ea9ed2dfcbbd5fd9bb82142c5ba7a0c5e1ad1f6060faeb26d1e206a8b
+	C = ea40af910ef97d522888215ce62a6a1b4baa751bd25eada69efe3cdc3789dfcb4cdaaa8b32942d33317b9d2998366900fcaff9dfc17177
+	reseed counter = 1
+EntropyInputReseed = 52ec165bed62a789ce1512249cd21723fbfb251647a866c8
+AdditionalInputReseed = 59459352b33f2fbcc4af65f798ca2433dd28092da24cbe73
+** RESEED:
+	V = a8da16ccd07d1926a19fb278eb9b1e5293cd387f506e78a3df928806f2ca59a0a03121eae7baf6813ddd16de397f79df22ddbcccf761fd
+	C = 0165dfe892696c81e4581edfdb3d78ed2748f7185d22971163e3ccb077d358bee85ab6362bb958a80dd1080f745d38c693c52688dfabc6
+	reseed counter = 1
+AdditionalInput = 79c56bc1efd34fa6e957f6e4cdf3f8f57f8d58dad94f7ae9
+** GENERATE (FIRST CALL):
+	V = aa3ff6b562e685a885f7d158c6d8973fbb162f97ad910fb5437655dd1623e8ae721637c9e53d8d2e7e3ca6fbe4b0a4d8a4b8fce66da716
+	C = 0165dfe892696c81e4581edfdb3d78ed2748f7185d22971163e3ccb077d358bee85ab6362bb958a80dd1080f745d38c693c52688dfabc6
+	reseed counter = 2
+AdditionalInput = bfc1b97ed8bfbd48750a704546e7eafc370ec4b834714378
+ReturnedBits = 56e3e4b75a5841faa5bd3f298c1f67cc58427900d69603905f24e1f8b078f35ad369ad866a0e1bdb0b7b66aa76dacecdd8412c74fb86fa69a420e6c79ed4d12cd6d166c505449bb268241c3c5b73a87b6b373075f2d625a8dc0de841d963c5083b2f611bdd7dc4cf7a8d8cc33ad5a745
+** GENERATE (SECOND CALL):
+	V = aba5d69df54ff22a6a4ff038a216102ce25f26b00ab3a6c6a75a22eb0358926c5bc92735162b4679f65d6e494d0c6ed04699ab1edd0aa5
+	C = 0165dfe892696c81e4581edfdb3d78ed2748f7185d22971163e3ccb077d358bee85ab6362bb958a80dd1080f745d38c693c52688dfabc6
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 619ca2be2e07b538778f8f8e9921a7663c41167dc44abb99
+Nonce = 37601911f79f144b002fb15d
+PersonalizationString = 
+** INSTANTIATE:
+	V = a5a8363c2abcfbd583b3e3578cdb82e392e378130ec064d8b0e50356a17e4a765fded8f6e3ffae0c61661720a9fe6a317982003a9e10c4
+	C = 8e23b190adc89ed19457fb89e2e9db49707f497785f7bdf7ece6f6b0781963985b6c19c027bb9cc4528198e3da02759693484be8baa081
+	reseed counter = 1
+EntropyInputReseed = a6e07c88eee184d0b4cc096302a36acf4be6db74a5247777
+AdditionalInputReseed = 98a8519c34eb1b83533e771e160e532033d77219364ddb5c
+** RESEED:
+	V = 74809c363d62e77cd0ec9530f3d34ae669f3ad46d779d8bca2eab6a4d0e64fa4a27d8762663197f2d1d51e563f65be456a6b8c460e666c
+	C = 1065c64ecd4bb420faa69c01faae59ed3c4169fc5f8fc7765e05b575a231d1521e4513893aed7ffcc267413ae02848c064df1fc6e5d9aa
+	reseed counter = 1
+AdditionalInput = be40baade1c3b370f8750085787d3964399a8e80ae0681cc
+** GENERATE (FIRST CALL):
+	V = 84e662850aae9b9dcb933132ee81a4d3a63517433709a03300f06d104a34356ade9e7ff8cd0a2dce5bfb432d5c688c9f5875d6762a2ea1
+	C = 1065c64ecd4bb420faa69c01faae59ed3c4169fc5f8fc7765e05b575a231d1521e4513893aed7ffcc267413ae02848c064df1fc6e5d9aa
+	reseed counter = 2
+AdditionalInput = ef68b9319d075beb67fd6e2238aa5051b3ea072dbe3bd649
+ReturnedBits = 1b6b65799ff5d7523c859158a96c8b32d6879c22c280c7d79b3c4f7111b4c35975ec9f518f06d8f68b6460873fb727b476b63e46b5c39e4ab8bcc4776378c3f3d0d494fb3a21fd0d34a590ffa03c1aebf1c8985862c4c344154cd7bfaad540be71751f16bf2f9144ca5627c49f468484
+** GENERATE (SECOND CALL):
+	V = 954c28d3d7fa4fbec639cd34e92ffec0e276813f969967a95ef6236fcd5f48b25134487b5928a439b59b3f07e7e854d38579b33a11abf1
+	C = 1065c64ecd4bb420faa69c01faae59ed3c4169fc5f8fc7765e05b575a231d1521e4513893aed7ffcc267413ae02848c064df1fc6e5d9aa
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d711f3fef717c55eca14bdedb76f55056c7c70a15c6a343e
+Nonce = 095473b0416991b3b94aeb10
+PersonalizationString = 4d41373345ab632f8306de0e926936a6dff1682111ad85fc
+** INSTANTIATE:
+	V = 9fe99d74a23284880a6a910bf0a9293b891d03a1577fa2ce256b89c032378febfc587f98a76bfe6933353937f44fb6f237655b5f0f81ce
+	C = 9d8f16116bf19192bba29b8d81e032b94cfef41351364bd0cfd18aadf73e3ec9be14b0154df21c11838bef1382624fc9c6b6dc13ccb55c
+	reseed counter = 1
+EntropyInputReseed = a1b2d3291ef093efe6b513ca49b6e91b5a92dd99f532352a
+AdditionalInputReseed = 
+** RESEED:
+	V = 5d7faee96590e0f55180d67af19aac9197a59fb2a69bb5e18a3592fb2672b384c545a38b062f13c1efe6c1a3c4e91b3e415a67d433c608
+	C = 50f6f812bca4a02f67a8c8e3a99d38604066c68cfe18be5e09fda1c565335c9c69bd83868b182623a68c3ae0330a6e9e60fa7a546498f7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ae76a6fc22358124b9299f5e9b37e4f1d80c663fa4b4743f94333552e13d1c540975ea5d4136d4f9ecbcf97b48076850b5cf6a19a13c12
+	C = 50f6f812bca4a02f67a8c8e3a99d38604066c68cfe18be5e09fda1c565335c9c69bd83868b182623a68c3ae0330a6e9e60fa7a546498f7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 53d05540741a824f9d1b45b91da704064b2d1f551ffcc6392ff17c7378c946ef39e39108279e2dec3845862afe595b26aa262c98c9dc9de9e3eaa6ad7648a923ac0d595262577360a5de8007a641c74c567f0ecd6682b362378eedfe11b527fa428634054376ef6084ec2596696337bc
+** GENERATE (SECOND CALL):
+	V = ff6d9f0ededa215420d2684244d51d5218732ccca2cd329d9e30d80cefd2f96dd7c94149ee5a15cacc9551030d4d79d5d90cf95ba3a057
+	C = 50f6f812bca4a02f67a8c8e3a99d38604066c68cfe18be5e09fda1c565335c9c69bd83868b182623a68c3ae0330a6e9e60fa7a546498f7
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 890e08ef78c61c5eac8b252fcf878c2e66d1e6a964e56637
+Nonce = ef771e233b36fa1fa2da6882
+PersonalizationString = 8a7f68ab1c2b86fcecd14502859abd853e839af25afc2f35
+** INSTANTIATE:
+	V = 89854eb96f965c4d6781ffc9017086e943c91cb9aaa1efe863ebf9d29d0d6400ba445177a18cc2b1ed2c7ddd5cc67a53f9b2b6d84a3dd9
+	C = 0accd8fbba5d0c9b0dbd85166f34a6be39f101932a24eb45ca9bfa4c5b6ef33825eabcdcbe567fd07f2ab1ed1a2143cad3c34cbf612c92
+	reseed counter = 1
+EntropyInputReseed = 05496bea60f41d26f29b7626071f1628979d4dbb9d944944
+AdditionalInputReseed = 
+** RESEED:
+	V = e75b839b8419a259672e9e121308214a859940eb67ca6a0321818abeede14019a7112fa437e5474692bde9f66ef00137de6e1ebc7ede76
+	C = 78a10cefc3a5dae9ed351452335091efd8e937f4bb9c1dcd4fbcaa26d460a2f5fc6cb3c22c526eafeab5108386adbd9e6a02db26e7ff8a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5ffc908b47bf7d435463b2644658b33a5e8278e0236687d0713e351d9107feb5b8722f01685487e4e3c54395a41151008f452bb18bb3e0
+	C = 78a10cefc3a5dae9ed351452335091efd8e937f4bb9c1dcd4fbcaa26d460a2f5fc6cb3c22c526eafeab5108386adbd9e6a02db26e7ff8a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 43cfce747eef5a2d1fa72b2b050650c14218339f9679e07dde66095fdecad4b8a2e6dbb110be5c8967a453313abd450fc5a1f8f9d008571c3b0518c4833a64b489f519d56fc4b46546288c6f3bd02a2c39a3a47181e60ddd1abd27e7360c7ebf41732b6b9bea66d6eda9b1c5517b27e4
+** GENERATE (SECOND CALL):
+	V = d89d9d7b0b65582d4198c6b679a9452a376bb0d4df02a59dc0fadf8fd6b4e96c97ef5e89b70e5421a1ee80427cc8bb4a48fc3451baf4b0
+	C = 78a10cefc3a5dae9ed351452335091efd8e937f4bb9c1dcd4fbcaa26d460a2f5fc6cb3c22c526eafeab5108386adbd9e6a02db26e7ff8a
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 32a70a976b3c3da73e4556a8a261570fb8cd042ac0c3527f
+Nonce = 7f4eb46c86f1fca2d90d4307
+PersonalizationString = 0f374c92e9787d18786314b851ab4dc2e090c8abd2bd3c96
+** INSTANTIATE:
+	V = ec7db72653570deccc5fea012a8dbaccc3c5e3f21e3b2ae92cf9dea4aedae283c55c103f491319a13eb01d858902c815b1165e847fe761
+	C = 892ecdf114fa382d4b0ff1024d8dab2f982a57b7660f0b16e31c02d385fd0a32e35e4a5a7a03f8ff3ae80c6d548d1d02344f478a907c88
+	reseed counter = 1
+EntropyInputReseed = a9ce1fafed80758abc0d3decb42a63249124a777820dc962
+AdditionalInputReseed = 
+** RESEED:
+	V = 696c86b68a397b2f3fc588e1795fb864a85ecde04ea592df8cd608192093902232084934e7530868bb95aced4d2886be7ae8a9cc4fa120
+	C = 9b583eaa1150abb942bf8fa0192b6ed3d0ab6fc03b8a34a65e12eafff834cf9787e31f1ca02bc851f1b79e25e47c3dc8eb3140e32b8cfb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 04c4c5609b8a26e882851881928b2738790a3da08a2fc785eae8f3905c39f3fcf64cfdc8850893da8b456598cc406ee6e30889533c2611
+	C = 9b583eaa1150abb942bf8fa0192b6ed3d0ab6fc03b8a34a65e12eafff834cf9787e31f1ca02bc851f1b79e25e47c3dc8eb3140e32b8cfb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bced7e5f69463d5ec0c5d9e0e73da2b4becd16680537ca5d3c68a38e9f980671b8025675745892403266821bfdfa14eb47e0585f2f043ce513f6d720b42679f22c728d5495e64cab4bcd96eb74045bf3f82495b6adc0c9b4c9c3c74b11968f5965c0b039131009a3ba1bfe61e01689bb
+** GENERATE (SECOND CALL):
+	V = a01d040aacdad2a1c544a821abb6960c49b5ad60c5b9fc2c48fbdf89fa8a7332023687e574c485fb732cf7109fbb856e49a43217607282
+	C = 9b583eaa1150abb942bf8fa0192b6ed3d0ab6fc03b8a34a65e12eafff834cf9787e31f1ca02bc851f1b79e25e47c3dc8eb3140e32b8cfb
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d2fcd18f9f340528ba58367242dc1f455cf066d7d24163eb
+Nonce = 01e5786bbfca3e97b1f528ea
+PersonalizationString = 0abee53d57cb7d1467c04ef542e60f7ce2232b71151b1821
+** INSTANTIATE:
+	V = 08d518501e6762a957e505ed7c9930e30f2c870b1e4129d769fcfe57afa0c6ab4debb248d552cd7466a7543c549beb25f98fa13b3faa9e
+	C = 6aadf83f8e76ace1028aa35b29cb079655d6fbee63782c2586e46f87595b125c93c3896e656afec9b9853001551820cf6695e1498c5bbb
+	reseed counter = 1
+EntropyInputReseed = 303d92464e9c05e3e36d16e76cc56d7a697d1f9f8a81bf78
+AdditionalInputReseed = 
+** RESEED:
+	V = 0fdfbb74b3d14a51b56df5af9369e2e8463ca9df3b649acea6e4b19b72f4c5730d3c7eda73a33eb8cb78983ad35572d3d96f76042ffee5
+	C = 8f3a43bc2752431e39bb90a57e8633affb99944e799e10757d73d822fc4cb5ed50950cb6f8cd5b52dbc80b6f288296f7b702dbb5d820e6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9f19ff30db238d6fef29865511f0169841d63e2db502ab4424588a07d799cd8bff1087d98237b5ab770e146de59620028a000d31324bb2
+	C = 8f3a43bc2752431e39bb90a57e8633affb99944e799e10757d73d822fc4cb5ed50950cb6f8cd5b52dbc80b6f288296f7b702dbb5d820e6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = df0ab84ec1961189fe9ebd61f56da9649529c09bc9b3c2682ca7aad98972b4b406afb263e4754bf4296f2c1547591eda0eb726ba64049d85d86f64ad58668b0110cb5313aa71d85bda945d79fd70a9d16fe0b0e00f1a7ad0dd202fe3190a94fffee7177234c26e1f94fc26f720354d85
+** GENERATE (SECOND CALL):
+	V = 2e5442ed0275d08e28e516fa90764a483d6fd27c2ea0bbb9a1cc62301a26e9468003b07d447d4b849f30dfddad5950a360a135c6dd46a1
+	C = 8f3a43bc2752431e39bb90a57e8633affb99944e799e10757d73d822fc4cb5ed50950cb6f8cd5b52dbc80b6f288296f7b702dbb5d820e6
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = cb1f8b0f14fde89eb431432f8e054b2a16e35355ae3aeab8
+Nonce = 3eba30a26f7a3466144623d9
+PersonalizationString = c29f919f478919b840ff5a10253f8c52ffed4a44fe8d885b
+** INSTANTIATE:
+	V = 4b586d93efa7798094ec6e6b516f6e08e39a38cfe1a818cfcf43a856e20bf8aeaf4989e725f299154c0b5340efd33c913c89542bb7765f
+	C = 23e3fd5a1b569d757d2851f20473edc0ffe3046d16b0774322534e9f3f3c8c6abbeee20ee7fbcd1001d2950c4afcefd5223e61e637ec2d
+	reseed counter = 1
+EntropyInputReseed = 60e18c0628c58524b87423f37af4193f65aab2825a464346
+AdditionalInputReseed = 
+** RESEED:
+	V = 8acf462dd38811605558fb44449cf60a77ad53f10ce1fe9d4c1b37f8cb0c6432a7d8a84418573731fba3b9c06d51e709df4c0357d2a4d2
+	C = e4da12b533395f450d20038e754d214d7950a9c8f1ed9a6abfa81099242f7c98992e634d6e426ba0ed4cf0ebb9f718d0336ff44ef2c8ee
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6fa958e306c170a56278fed2b9ea1757f0fdfdb9fecf99080bc348ddb9735d8cb2408a8b647ec85955c3ba58bbf8de6c5823f0851bc4f1
+	C = e4da12b533395f450d20038e754d214d7950a9c8f1ed9a6abfa81099242f7c98992e634d6e426ba0ed4cf0ebb9f718d0336ff44ef2c8ee
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = afccd0118a8d1d0bbb624ac9c096c788fff70576b4a7f622273d558a2e3d8ec14ee3d5fd0cab6afae31e1510153dba832c5d5258116eff513f1ce7cf2220a01e40fbbe8a9841563f6f222d7fe8a222d0b052aaecb4b54710049e3d38c617182dce3bc0736fbf460396c910604f2d8227
+** GENERATE (SECOND CALL):
+	V = 54836b9839facfea6f9902612f3738a56a4ea782f0bd3372cb6b5a292678e1b4e85c4c2823636c8088efc56ec5a8e36eba69dfa3573810
+	C = e4da12b533395f450d20038e754d214d7950a9c8f1ed9a6abfa81099242f7c98992e634d6e426ba0ed4cf0ebb9f718d0336ff44ef2c8ee
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 861adf9135889ca697d0e59ecda8211cb740b7cd99c121c3
+Nonce = 2a1bc3b0c64599024f02a556
+PersonalizationString = bd4056e7fa013c8e2077c1498e7ed1c67069528369cf5d99
+** INSTANTIATE:
+	V = 1583f73862a42a95d19dfe3d47692dbce30e71baf3b5f7745414599255928240a33b91063c792744924b74eac589c7225f7a4a7ed171f4
+	C = 4dc4d0e4bf0c12189d60133cb0a2150d10a2218484f5a12d1699561a26ab8279f72d51d2fa69c3f7c177a5f58f3c4843634d2131e8181c
+	reseed counter = 1
+EntropyInputReseed = 00a9b1baf6fa9fab6a991f220e2c7b323a320e60eb066178
+AdditionalInputReseed = 
+** RESEED:
+	V = 8b515243341b136f2d95523df584fb959cd1f03f3ca662e0c0c82b71f20542b97a5e1aac8688b15586a63013d006c48881da5cb284010e
+	C = 2dfd7fee883b97c92472a73df220ee7d92f3ebf7e19b31fa4e689a59dde4992be536a344e44d2d22c5719cd0aa027377ddfce226356fe2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b94ed231bc56ab385207f97be7a5ea132fc5dc371e4194db0f30c696d1c94b4c9dc4087ff7abd41b628a3e62e4e56d1fba038604986edf
+	C = 2dfd7fee883b97c92472a73df220ee7d92f3ebf7e19b31fa4e689a59dde4992be536a344e44d2d22c5719cd0aa027377ddfce226356fe2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1643ca0e7efdc54b37d4b06f92ba0c7a312eded6c1555f260ef4ccf7e7ca83ca0c20589b4267fb0318d31a4aaead512d0e4c237b2d7aea553702e3119b0fc9d1e99b9d269f03b564a446bc233e6bc39b148135af8c4988236fee5d10e0017771c1170e4d64af96e920d550c359865682
+** GENERATE (SECOND CALL):
+	V = e74c522044924301767aa0b9d9c6d890c2b9c82effdcc6d55d99612820ea95b55fb89eaffc70a7b65aa60e9b55ac84b3b6b239dee52f07
+	C = 2dfd7fee883b97c92472a73df220ee7d92f3ebf7e19b31fa4e689a59dde4992be536a344e44d2d22c5719cd0aa027377ddfce226356fe2
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 0115a5cdb6d027faf1dd6ab03ffa557d18a9703454cc27e5
+Nonce = 4491637fea575157088dc7f3
+PersonalizationString = fe49c14f2c4b9924bbe139d986b7d5b3a979a3d4c8376584
+** INSTANTIATE:
+	V = d2442ab247122b430a845f0d687f75259fec4e83020873bfc629acdb383dbd9a9b17d2e072eb518901dcc9af1217f61712d620c01809d2
+	C = 727248f634e68fcc60f5cd6d6843171b8d31ae9b0f497899c7e01c2d2536cc0957d910c053fa15b9a57b23af6fbbebb7f6363367422680
+	reseed counter = 1
+EntropyInputReseed = 3645563e66718a9017c1d34d87ad13b4b08fd2edc0dd1bf8
+AdditionalInputReseed = 
+** RESEED:
+	V = 425e83a8d0a546e5bba702723b0b1210a5676441b5d44304640bcd499019416b2c24e2b8238dd50db7bc34a948785f3199b299df7400c8
+	C = 2614d50e2884f6f74f60ebc80be94da411dce49a4001ce9e8e91341f7674fe23bcf70f663fa9266285341eadb50fdb3d1328195aa1794f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 687358b6f92a3ddd0b07ee3a46f45fb4b74448dbf5d611a2f29d017a9e1dea94adad596850296804cbb0675198324025f71cb1f32d2fce
+	C = 2614d50e2884f6f74f60ebc80be94da411dce49a4001ce9e8e91341f7674fe23bcf70f663fa9266285341eadb50fdb3d1328195aa1794f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1da4a2fff75d6bcd07436a7608331cb5f6107db961ffe41fabad37f7bd2a4801e6fea507704f8d88bd53df15a4e926cb76a459a8fad83129aeb96a6454636ae8f0231b58e1f035cbbfbec22830f19aa78bedeeab683e0c171916ae756c86056067bc21a50d26462f5a78dea6ca034bd9
+** GENERATE (SECOND CALL):
+	V = 8e882dc521af34d45a68da0252ddad58c9212d7635d7e041812e35b95bbb4f338d8aa37275274978edfaf877e5a8c090574d458acafc64
+	C = 2614d50e2884f6f74f60ebc80be94da411dce49a4001ce9e8e91341f7674fe23bcf70f663fa9266285341eadb50fdb3d1328195aa1794f
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 01840d9f0ed0ddae998a851c0abae125e356a17ca14439c6
+Nonce = 2b58bdbe72a51b7dbbcd8872
+PersonalizationString = 175d1b0217dc5de6438053de4ec1f851f7129bd313adcd84
+** INSTANTIATE:
+	V = 494da957c58142d90ea3f129efd1e2a5d6cb76652be8f331e6d45e6113df06fc3db27f230d50206e683e47fc37f99f997af11c07fdab13
+	C = cfe49a4849f7d78f5230abd6102c9c69ae65080872fda00639c166886e99fbf81255cd26f25550f1b964536750577dbe57b1fc96cd7a93
+	reseed counter = 1
+EntropyInputReseed = 1082a64831f874f99663636f9520bbc06f7bee4060e68303
+AdditionalInputReseed = 
+** RESEED:
+	V = 6be0f802b7724e78e89392fa73593df6d07efbd5f4f11eecb54f84cde69b98a8b07f836861c83637ce467103ee4fdb78a1825a01636f97
+	C = 5f2c4a625842dd380266b53d6e0a21b8782e1d33365961238a4feefd2673fd0d353683f5993757ebfa4138a4e487d56f88c5f145cddbff
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cb0d42650fb52bb0eafa4837e1635faf48ad19092b4a80103f9f7448fe323d4a9074d4e4e31c11b6e064697cadeedf38daae7033976fbd
+	C = 5f2c4a625842dd380266b53d6e0a21b8782e1d33365961238a4feefd2673fd0d353683f5993757ebfa4138a4e487d56f88c5f145cddbff
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 44367c2d4e8497959c761b068c49a8dec3396af8115b9c479d79d167742fde836a1d1e773b6fd417a3e34fd055cc993cab79ddf8d35dfd9eea233301ed5a7aad82c09d4b9d62e39bdfb9fd0a130da6a1697a68a23e94fe2c0c2e8430ec0b2a82b52b87838a02b07b95ce73c69f6744a5
+** GENERATE (SECOND CALL):
+	V = 2a398cc767f808e8ed60fd754f6d8167c0db363c61a3e133c9ef640a6bdf4caa3e02c6638bf8b6721829ebc1926c53b4bd38dbc06f9903
+	C = 5f2c4a625842dd380266b53d6e0a21b8782e1d33365961238a4feefd2673fd0d353683f5993757ebfa4138a4e487d56f88c5f145cddbff
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 2250e82a49bd80aa6f621854973d0942cde4fc72546fd023
+Nonce = 97d5bfc148a95282ec961122
+PersonalizationString = 8b360a46c97de1f75465e2bff838cd4ce36ff72b6e01133d
+** INSTANTIATE:
+	V = 3d4d6fa77abb0cb6b6e359792df35347a356e0b9caf260f2401ba17485584ee7a7dacaf81036822628e0cca6c77115130ec7c9306df4a4
+	C = 7f7950fb1207671bc4ab4619dcf261683955bbf2ff701f1368076dcc85ae7fc0196c8f349e2c6dcf54d8dda8dd67f8d6938a4bbb691301
+	reseed counter = 1
+EntropyInputReseed = 295bc0eeeca72dc412c7e858d24af775d1d4de3ca707e912
+AdditionalInputReseed = 
+** RESEED:
+	V = ff8254725e0bec32a45508bf8dfc249ef57e64bce03182750fb5af4b8da8194437dcbe245560ff6a83e3984f4ba31f71ef3571a57d4fe5
+	C = 960a779ac91db3bf3b06c15cc301d94c72cc48446075498191a0ff64dbdde83c9d2ce437a8a07fd970451a8851fc8927d4aca024085c69
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 958ccc0d27299ff1df5bca1c50fdfdeb684aad0140a6cbf6a156aee466fa31d340cdbc6c50f7f4bf6f9addb01d0ed8f9d9f537ddad1540
+	C = 960a779ac91db3bf3b06c15cc301d94c72cc48446075498191a0ff64dbdde83c9d2ce437a8a07fd970451a8851fc8927d4aca024085c69
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c93087c289c80c4397f14c81ab8d3a30c8369173a49b474b7d2aa03fddd72816a88f72f7fed6bda8951b07217d4382ecd3c50d56a97044a6ddcad2bd88ef11803eb9724231db110ac5952ffc1c30b16cf3b186a2efe40af8aed9057b4c39275f8f9b73085cdd5183fc0059a363d5adf6
+** GENERATE (SECOND CALL):
+	V = 2b9743a7f04753b11a628b7913ffd737db16f545a11c157832f7aec518be172c52939a4ce589dc621ea8a3b9787f3e6ba92e71b1969bb3
+	C = 960a779ac91db3bf3b06c15cc301d94c72cc48446075498191a0ff64dbdde83c9d2ce437a8a07fd970451a8851fc8927d4aca024085c69
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = db23c9f7826ea8bff768fc1a34d3ee6b337dc30f0c266535
+Nonce = b232e89be692e2635b5557d2
+PersonalizationString = d66b2c4c44c531df105fde312ba3e1295264bbc3f8e06c54
+** INSTANTIATE:
+	V = 7395a67ee5039306cb8d4d403b2a08c8e06bee282064c83d3e193e3415643bf794e90a61dc5b13626c916c92c83eea2e24c2b334ee1d51
+	C = 6e94f439991630d4ae452f68d182c8193af8b7b0ef4f663619e5e8864d106396c9801dabe811c019ed0b5f3edfd13c5c94fda183387a93
+	reseed counter = 1
+EntropyInputReseed = d7c77bad04e20b800649aefd0673c741b9bc4e449c6a8474
+AdditionalInputReseed = 
+** RESEED:
+	V = 08a360b2752109e750c295f6dc967e62a73b8ff55b025775885546585f6375917965899f20ff6a69e088cb15ceb0fc23b140819a3acfa9
+	C = baf21350c171145435d4d305bd3ccc2a00b54227f25a3e5724d14243ce601a1a4ec5cdbce3532953a732dac9246c97c01bc38bf119c410
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c395740336921e3b869768fc99d34a8ca7f0d21d4d5c95ccad268981de46873ce6b971265563371a5dbd3be38e5cac35c9f347c73cdc29
+	C = baf21350c171145435d4d305bd3ccc2a00b54227f25a3e5724d14243ce601a1a4ec5cdbce3532953a732dac9246c97c01bc38bf119c410
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8632466994fddd3d6a1f4934e7769856268769e2d6a5c0aed36b1d23e0269df7417a204cc0f7dff00361702a84451c8727ec74e269d156dd9daf5e6b149e8919627a047f78287018a73a8ef99de22403351fff1d5cf4a2ee9919482ed7ef47a984cdf24e7502e092448155b3335e9f0d
+** GENERATE (SECOND CALL):
+	V = 7e878753f803328fbc6c3c02571016b6a8a614453fb6d423d1f7cbf75ee2440c37d577e97d45db49a99e8d9939abd468c2a481064bd946
+	C = baf21350c171145435d4d305bd3ccc2a00b54227f25a3e5724d14243ce601a1a4ec5cdbce3532953a732dac9246c97c01bc38bf119c410
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 84117099a4b2c75123df9cd1af47b3ad6671e44c7804d7fc
+Nonce = 37c99d5c021ae6dc512e227a
+PersonalizationString = 72fad5b294925b9f500263995ef0ada26dbac0cc9d143abb
+** INSTANTIATE:
+	V = 49d92fd5d4b80fdf3ae2b335d83eec83ebb80b8cb16d4eacb4a51d1eb0e588f24522d4dc964159fa89e75207252624542750ca540d87f9
+	C = 01c8a9a4793262afc2e309a8b7d019cf91fdbd6ccc53270f45ec3845da16ef6ec4ea3fcd1762802db2e23e875377ff9a4828323d6ae189
+	reseed counter = 1
+EntropyInputReseed = 19e87a49462bcc005c66fe8f8ff1afa8b75f631fee4b77d1
+AdditionalInputReseed = 
+** RESEED:
+	V = 208d4b117b403d6df9614d4c848253453d69546b85146953ba5f8f2afb082f8426d7b816eec6704e23bbb8ea1ead391ea8e649f93b7be3
+	C = 744c40bd3f6f0efbdbc86355bd11e45e12ab644694320ba7b4df7820cf818e8f7da2842b937ba532ad7d7687790898848b1b9f4b9446bc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 94d98bcebaaf4c69d529b0a2419437a35014b8b2194674fb6f3f077e1383d7a480de930052058b3579a607a826fb89ff5387ea90ffbfaa
+	C = 744c40bd3f6f0efbdbc86355bd11e45e12ab644694320ba7b4df7820cf818e8f7da2842b937ba532ad7d7687790898848b1b9f4b9446bc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3da78edf869ad67e96ada47f2f0d37bf6d24b48ca6a5eed6265d0c9feca9f2d3ec748b26b4eae400c40491a4479f62e96fd30e9cea6b99c9ffe007431243db4f0a22df21effc4658d8e8789d8af5ead01baac596e39f85fbf887a29bae8d556b09332d0e7c3a2050d98d0faafbe123be
+** GENERATE (SECOND CALL):
+	V = 0925cc8bfa1e5b65b0f213f7fea61c0162c01cf8ad7880a3241e8007d6038bfaf24ae77e4dfbd66c015239d184d6432bf466771cecdec8
+	C = 744c40bd3f6f0efbdbc86355bd11e45e12ab644694320ba7b4df7820cf818e8f7da2842b937ba532ad7d7687790898848b1b9f4b9446bc
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 043d842f86de74d5a7768030487877a27cd2f3b21491edd2
+Nonce = d4c031dc94b7d4f8dae66916
+PersonalizationString = 577a7f5704ffb1487c79deb6452053db7c784fd3eea0bce6
+** INSTANTIATE:
+	V = b857972c97567f481f203dfbbde2b91d24ff5364b9d1e8cd4ee5ca3cbb1941518112af50f0c1bde7ac16908ad3382b8bc4fc957165693d
+	C = 37040a1a973a5dce8b7b4e128b9ec1c244fc9deb29decd85922c248032b43d690ef5c3c0d49da836a89bede8c95f2b212341326b09f059
+	reseed counter = 1
+EntropyInputReseed = a7966370fbea39c586d07936c2d4ab6d351d254abcdb5169
+AdditionalInputReseed = 
+** RESEED:
+	V = c485c2b509fc07974e4fc985520e06c165b378888959d0de4c1f50ff0ff8d81d3af4ed21a3827dbed42c38733e278cc194bdbf779b1a12
+	C = 88322866bbe2babc007b66c233f6f86745bea89c5129cf88746d59f238871c67b432699d34aced05c463be539fd67f97347a1b659c2add
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4cb7eb1bc5dec2534ecb30478604ff28ab722124da83a066c08cab0aaa584287dcca5b1e2c5fe4ddc325694d898cc8520f643f3b0fbd96
+	C = 88322866bbe2babc007b66c233f6f86745bea89c5129cf88746d59f238871c67b432699d34aced05c463be539fd67f97347a1b659c2add
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4a61527bf5802a35e3227916bf783adf33998fdee4278ec8de6bab8edd8fbf9b3701fa833bbfb5452e4535745f2b6420151a9cade5851e4566e7e3eab2e947ab6b119338ba80b8d2aeb9b991aab6a7c7cebfe935d1f2c4775cfccaaa24412afe26e0757aa7ddb7d61ca298174e663855
+** GENERATE (SECOND CALL):
+	V = d4ea138281c17d0f4f469709b9fbf78ff130c9c12bad6fef34fa05695a20fea6001712473cb5c067de6d7c99cca193231187243fa46ba0
+	C = 88322866bbe2babc007b66c233f6f86745bea89c5129cf88746d59f238871c67b432699d34aced05c463be539fd67f97347a1b659c2add
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 53c531efff4d66d9a29bef4f5d575e4549df56e364b3e881
+Nonce = ae17571fda4db4ecd3d590ee
+PersonalizationString = d720c21a14484ad0f66fe2ff0836f227d0de1b2dfa70386a
+** INSTANTIATE:
+	V = 36a6e799f0122cc39a2d1c690531356db2ebf76fc9492e755d90404113dd640ab8499b484abea4a6b52924a8b4efe73af403c77d9f6632
+	C = 2e3f409ce98ba5f99bd99a60ba67995c0a9c3f2cd2c6a9799a0de8d1986067c9fe59176916ae6fb0c9200258552fec03f498f43e68cafd
+	reseed counter = 1
+EntropyInputReseed = 635c0efb998d2c762e0915f215e686b7f8f5665daac08c63
+AdditionalInputReseed = 
+** RESEED:
+	V = 9953001c90566f606364a1bf9981a295ec0faf5af90d12f2bc984dee5c195934a34279a21e3c3ebdb57f3dfeae6a7156239e052f7e27bd
+	C = 66de32d9e9ea825c33671d59117c1489d945ce1c50d5db5be4e9f0c311f0c4f3471ba676c1b65432087f15dc2d532926001d4e88a4546b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 003132f67a40f1bc96cbbf18aafdb71fc5557d7749e2ee4ea1823ef5ecdae9aa95614b86a69d8733ffab7b067bc229b75f78342013c25b
+	C = 66de32d9e9ea825c33671d59117c1489d945ce1c50d5db5be4e9f0c311f0c4f3471ba676c1b65432087f15dc2d532926001d4e88a4546b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 918c3ab75570e8c7c5c6cce870168f67ed80d114e5b7912ce1bbef952149b97bea8cdaec4494de4b82aea294329898d2e0b2efb26c4521545916a0bcbf8d6a32665d7d3df7fc58bafb4a62074e2553ebe4cc82954963f400da183cb3e56f495af9df09d661f82b3fed9c2f2bd70556ac
+** GENERATE (SECOND CALL):
+	V = 670f65d0642b7418ca32dc71bc79cba99e9b4b939ab8c9aa866c30866914d82f8d4d4a1911aaf6fd7ac8a96789a3ca793c19d371a19896
+	C = 66de32d9e9ea825c33671d59117c1489d945ce1c50d5db5be4e9f0c311f0c4f3471ba676c1b65432087f15dc2d532926001d4e88a4546b
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 919e373cf278eaa9413b985cd51b460cb77457d47f7881b8
+Nonce = 6cc71f8bca2b3592f514f145
+PersonalizationString = b9a9d62d4721f72b60000a2a681f11ce77aa31ef8adb9dfc
+** INSTANTIATE:
+	V = 7a496b4e7db4429e8e5869727294dd25cdb5d18d26f4a06e91cf5530cfefe6e8b16df1c30198987fb35acd28b3e0206a6d51e2db9ca909
+	C = b32e195909db0e52faa0cb1bef260db14f57890d09315851d309e907807140a1391792544b7332fdd9648c12af426444a981862bfa83ed
+	reseed counter = 1
+EntropyInputReseed = 65a4d9761d72de5ec26832cbbe2bb78f992fb8ee1c09c825
+AdditionalInputReseed = 
+** RESEED:
+	V = 1ca37c1b58ab5f05844b96c7fbb444c1d625b1b2fa65566658170a2920143e8dc86f4d04bbfafb92b7766024649c67b7145d5e3cee9be9
+	C = c50efb4ff7a09827e7fb12a40ea5c598bd8133bd697202dd289168a866d86c1f56ba86ccd660615e8769a8afbe7637d1f3d24d9fbbe7b3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e1b2776b504bf72d6c46a96c0a5a0a5a93a6e57063d7594380a87384380eeb8d2ce01f8582a81d4ea4f3f9ccb56db69fa35d5363c29beb
+	C = c50efb4ff7a09827e7fb12a40ea5c598bd8133bd697202dd289168a866d86c1f56ba86ccd660615e8769a8afbe7637d1f3d24d9fbbe7b3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 54b870c134bcba2cc778a3c58040c624d10a1aa63b0f99f2f17efa9ad8d88832c3f904342f566a817b2e6b070c08baa9f8fb5a7ffec4b1c45f28ec33d6d96c9fa83b74214ea3c3a88463417a7309553d2ba62d1b7643c31d03bfd3ccda5ef6d4e8ccf9b94e61bdc56723860e07c1303c
+** GENERATE (SECOND CALL):
+	V = a6c172bb47ec8f555441bc1018ffcff35128192dcd495c20a939dd094f06dd5247d38a3fa51c8617df793094514ba0598a2a9bcec9fbef
+	C = c50efb4ff7a09827e7fb12a40ea5c598bd8133bd697202dd289168a866d86c1f56ba86ccd660615e8769a8afbe7637d1f3d24d9fbbe7b3
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7014b80e78362830e5dca5ff3159e7ae6ac1cd55bf14e5c7
+Nonce = 3be28c9410f7f9caafadad75
+PersonalizationString = 847ace6726b86e491550181e0aeecd4fa39b194d1b37205e
+** INSTANTIATE:
+	V = 8d309a1b54e643bfcc1774b837dbbd0bf778256f7bbe06722a3088e54e7b60fb1d9912aa5483cb3b867a0821cc9438f199c9fa8681d64b
+	C = ab537212ad85154fb3e2c16c674e275866ee0c837b68eeeaf1b6c7ea55101b0c876c05e1dca26ae18892c05e49c95bd838c7b4c0cc7b16
+	reseed counter = 1
+EntropyInputReseed = ef5c09c47655838e01b4b2ed227f56d64604a5a9953bef4e
+AdditionalInputReseed = 
+** RESEED:
+	V = e1307d52e441fb6127cf0023eb9e5057bc46e4afc410119ba737e2af66c20b31c09dd3fa51a8994d9e4227306aa9875db76c7b41e9e73c
+	C = b5735124dd1f7c460dc29534f4ad3b7fe2e334078da7077d08ea240893420415d44f22009ae0a09a5e8f8f67f03ceee98d31953a6f0036
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 96a3ce77c16177a735919558e04b8bd79f2a18b751b71918b022074ac94edecde3d1bec522d1a5683837956f5a51da1a44004b9463770e
+	C = b5735124dd1f7c460dc29534f4ad3b7fe2e334078da7077d08ea240893420415d44f22009ae0a09a5e8f8f67f03ceee98d31953a6f0036
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 80cc1e00cf5e33dacef02cbc669a987103a84164a58caa4aa5bbcf7e897e189d7bbc76a4dabf915d48dfb9ec30bf85df24f25ddcd70f5e55d23695147561bae38fc05288f3d0ab1b7535ff1b100cc878e8bce7d0258671b2980be2a50c6194a5720c683cc9c89276bd942993af2be2a9
+** GENERATE (SECOND CALL):
+	V = 4c171f9c9e80f3ed43542a8dd4f8c757820d4cbedf5e2095b90c2b766cf819dd55bf30ed80b72480a258ab8cc6eef17f97598c543c498a
+	C = b5735124dd1f7c460dc29534f4ad3b7fe2e334078da7077d08ea240893420415d44f22009ae0a09a5e8f8f67f03ceee98d31953a6f0036
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = a92bd5590143a2d158f5fd0b907eceab1be9e6e74e30945b
+Nonce = f2b6d9baa15c32b7d6c0d44e
+PersonalizationString = afd20d8b7c5cd008f3f06dbb5961fd52d3140570c5863c91
+** INSTANTIATE:
+	V = 4ab1e3ccd9df8d97a710e8fb628f7f135a5cd20020439d34986cab7eca796ac1de64a25e861d1f4ed87456510a4d13fbd8197872a93bf4
+	C = 2cd2797fc80fd0272622c488968f12941caa92c08e4b6238702d2c889f54a73e39beffbecd6b0fef80e49434e86db80c4cef49741d28f6
+	reseed counter = 1
+EntropyInputReseed = 3c0ae208b9e369b7eb2c5c1bed26f5bd52a75b945a8c5ca2
+AdditionalInputReseed = 118e74ae997725050b9a883b0b777c53486593f0b12b8300
+** RESEED:
+	V = 3451134cc829e0ecb8a0490b279889851ab26f0d117f3ce01645134cad86cec4979bbc6411b2af72a2edb5f7a9cfaa8100a229ad842d5d
+	C = 292972bfb537cf4e378afbdc0fbfefbcbf6e76b98e8206eea7f1feccac46f7809b6908df569826acc35cbf2fce2637b6fc958c110baab0
+	reseed counter = 1
+AdditionalInput = 1dea5a047238198ae59feebfe6fa020f273acbea5a1ae009
+** GENERATE (FIRST CALL):
+	V = 5d7a860c7d61b03af02b44e737587941da20e5c6a00143cebe3712f8b90b27b5034e148c4b8ce83c66051f812ed07e44e9d03fcc999d9b
+	C = 292972bfb537cf4e378afbdc0fbfefbcbf6e76b98e8206eea7f1feccac46f7809b6908df569826acc35cbf2fce2637b6fc958c110baab0
+	reseed counter = 2
+AdditionalInput = 0b61181d118adc0f79395e9b186df7d09d89e409ec5564e7
+ReturnedBits = 84e6691a2a1479064146b8b2eaea4f474726f9e7d7e6c1d6e91a1c354ccf8a9002b5a998879dfea49503da8aca847a17c9c572d39c22af5ece4e7fefe6d6dbbdd9e744da1a5ac0da5461065ade7433bcfd56b3e55dcf19302690f7e926c5bbbed85ca8d5bf938d9397b3ad04a4b4cbed
+** GENERATE (SECOND CALL):
+	V = 86a3f8cc32997f8927b640c3471868fe998f5c802e834abd66291320de9afcb1ac0113c424d028d7270400be0d6c77214bd0d2466c8632
+	C = 292972bfb537cf4e378afbdc0fbfefbcbf6e76b98e8206eea7f1feccac46f7809b6908df569826acc35cbf2fce2637b6fc958c110baab0
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = eb63a115597084aec36472dd09ab8030c7fb4e1ac0620dc4
+Nonce = 0e0264218b649cc42cb9cf85
+PersonalizationString = e60f3a170d043c3d7afe7757788d33d5c71ce9f6fbffb7cd
+** INSTANTIATE:
+	V = 5de37b121bc09d11c5780a5ee3bcdcdee0b9950d459711feaf6762b01675dd926d1e4178270f2e9059c4855a3fcbbe806e5ae1baea02a1
+	C = 2ffb772d5d79af03451b032710530073c5958444d83da4491b8db2a1f66550dd9d4fc4ef15624a73b857b70759917be3fc2628787c3d4b
+	reseed counter = 1
+EntropyInputReseed = 9b0f2c7328537f30964f264b5d6457a38a24fcb0cce34c7c
+AdditionalInputReseed = 6ecfe61be8801a13649e44be5c2be335ca7ac9ce49a0b861
+** RESEED:
+	V = 2cbb82019aa839897323bc04235934b893af726392decc31e7de7eea4fa92ee12efaa02471376ed1329ed5911705a4c60d74cec0c812f8
+	C = 013211310f86c07321cd4ebabd24b601e6e702f2951437a4a7ebb8f5f46d717df6339eb3f40c3fc2598ada9c01f804f9d3dd65c400055c
+	reseed counter = 1
+AdditionalInput = c415a52391ac3422e31e74bc96e3b7288a48ea5bfa8d82e1
+** GENERATE (FIRST CALL):
+	V = 2ded9332aa2ef9fc94f10abee07deaba7a96755627f303d68fca396a1891dcaca651b720102a7d5da071ca8752f19d1c625ea692f146a2
+	C = 013211310f86c07321cd4ebabd24b601e6e702f2951437a4a7ebb8f5f46d717df6339eb3f40c3fc2598ada9c01f804f9d3dd65c400055c
+	reseed counter = 2
+AdditionalInput = 8c5648921c9a037c7a866b3fa7e7332ab366db5ec85e630c
+ReturnedBits = a3704d6b12bf0af44cb2fa47f13e07b547683db70fae85e0a40ca0a0eb5d025a20ce74b99f2d7d83c61216839f6dac070416199355be30679f23070345e94a573a44a535f638256b35a6f04585c69ea43216606370fa873d11f1d88977dc0e6b0fd6203a7a8f835c7285c95fee55aeb2
+** GENERATE (SECOND CALL):
+	V = 2f1fa463b9b5ba6fb6be59799da2a0bc617d7848bd073b7b37b5f44781a21b141fb0032768caba7f6c7535962f1481009b68b14d9f6f15
+	C = 013211310f86c07321cd4ebabd24b601e6e702f2951437a4a7ebb8f5f46d717df6339eb3f40c3fc2598ada9c01f804f9d3dd65c400055c
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 63f6a7888e61467f80187d98b974ccd22160d35f2d8c8c6a
+Nonce = f0f676d6c50b7b0bd84f6f08
+PersonalizationString = fd648135009ba910048b99f408f1463aa956f61d5218749c
+** INSTANTIATE:
+	V = 414a1e6457996528e945207ee81006fdf456d711c0d49037a4e18b53f1aca756c649e18ba8ed92ee4e2927836f35633dbd97b30785b4d4
+	C = 3347d404d61b0c000273ea47591cee71b54fc08d9a2703cffddb76c2acedb7c5ad7b578d225085e5795bd071b8395144960fe7b682d731
+	reseed counter = 1
+EntropyInputReseed = 4cf2501902b1a0df7ba34fe18e0d762ff36f233939854168
+AdditionalInputReseed = 438887a91cd51c564de34b73ca7d4cc266d5efc1b65027ee
+** RESEED:
+	V = efb7b59e1748b2fc6d1e0d39851cbec65900a9c5e8490687e08288492a622b6948e5d466e91ab8a642a8439456501e168dddef6ac924a6
+	C = 7fd295bd623a566963bb72efc83cf3b76678e4b261ad5315e7d1606359cd3bf010443e7a70c363bccda3d403bf589c9a09c49ac42be408
+	reseed counter = 1
+AdditionalInput = 75039ee2bc4021f843b6f1619b3c586a311cdeaa3962e221
+** GENERATE (FIRST CALL):
+	V = 6f8a4b5b79830965d0d980294d59b27dbf798e7849f6599dc853e97a7007a427c03c46df5e54375750d45d09521f9cb789e4b64160a3ac
+	C = 7fd295bd623a566963bb72efc83cf3b76678e4b261ad5315e7d1606359cd3bf010443e7a70c363bccda3d403bf589c9a09c49ac42be408
+	reseed counter = 2
+AdditionalInput = 3bfc9f6de8cd4d7df5839224c38e5b8f06fe1ea626aa26e9
+ReturnedBits = 3d501d94fb9842076b557866ada0f4ceb8fd5d59f9cce0a6cdbc9bb316ff87b4f0f9b44ba9db97a035ee1de83f26008d11386f9292e8fb71645642c3cf2c2ba3966c1a98ef0fbb5d6c5f8fb1be292a190a0bc94e297ee67c23d5d170024c4db8b806e8fe21b754d9d4d4e165ae767d7e
+** GENERATE (SECOND CALL):
+	V = ef5ce118dbbd5fcf3494f3191596a63525f2732aaba3acb3b0254ad48b6babb1c5d0d6c73273f9e8587ba44309f86f97c598e446fd6d74
+	C = 7fd295bd623a566963bb72efc83cf3b76678e4b261ad5315e7d1606359cd3bf010443e7a70c363bccda3d403bf589c9a09c49ac42be408
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 71ce4bc0ca10027f7b7d5070acaa8d1b1285f6372c60cf96
+Nonce = c65ebc85ba7bc39cef9ec653
+PersonalizationString = 38343b319a1ef58038a9028e323ed24daad0c71acbf73d1b
+** INSTANTIATE:
+	V = 299ba28ed3db891d551f3b01071b4073681364d9e38c4da854f8c169e7bafdfa914bbab95c88732350098dc4b7fd348db98b18a8e0b5dd
+	C = 111044068089c497c2745b3adba8e9864918ee7828186ab2e03ae79874ca6f9b99a193d307ba618ab4707b6e094615fab8feed2b826f8b
+	reseed counter = 1
+EntropyInputReseed = 035a3fd30c9530b7ca011ba1ae2f863bbfe2a3d3b754f422
+AdditionalInputReseed = 8fa119881d457516e6c8f90d8e2ad58a9656c158a08bc9f3
+** RESEED:
+	V = bf8f60e14635413d01833c270317a4c23c19b23c5e25836835cb8de664a410448baf36a0ab0ed0fcbc0f72677180ecce45977a5ffc4c53
+	C = 1369f6cf44658ae0723a375f7f9a3d9fe2b19ee4991f7ce60448f1d1097c6e3615f31a38cbe5743a30f70e30945d89b036e1dbb7749177
+	reseed counter = 1
+AdditionalInput = 64f9e1ae7044e53773a193504c4f3fee465f01f002a534bf
+** GENERATE (FIRST CALL):
+	V = d2f957b08a9acc1d73bd738682b1e2621ecb5120f745004e3a148144ea1ac7c42e886956dd038eea6307709f4a39e1b07d9f58f91188f5
+	C = 1369f6cf44658ae0723a375f7f9a3d9fe2b19ee4991f7ce60448f1d1097c6e3615f31a38cbe5743a30f70e30945d89b036e1dbb7749177
+	reseed counter = 2
+AdditionalInput = 08fca5b73bef03380d7532d46f735753b67e144cc1fe2959
+ReturnedBits = 449d686c12e63bc73cb107faf5e924e3c11acc0852bff42acc0525f51496bc43f9a4d7a04abdccd90b27391fdab6aaebe5090d0cc37ded3f719bb449ceb98a1b275dfd4841e4327ba63e9c4c81f8108b261593524fa8686a50ad8576b2f328fc5e3c8f332f7a0430446e15fa2fd5840c
+** GENERATE (SECOND CALL):
+	V = e6634e7fcf0056fde5f7aae6024c2002017cf00590647d343e5d7381bc2b43821f99c28b2d9621e2d80bcd47725b396cc9ca0fe50e6ac7
+	C = 1369f6cf44658ae0723a375f7f9a3d9fe2b19ee4991f7ce60448f1d1097c6e3615f31a38cbe5743a30f70e30945d89b036e1dbb7749177
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ae75ee7ffc6425ff3a55b2afde8837c0626f8197f6deb137
+Nonce = 218e75320471c085ea8a3c0e
+PersonalizationString = c17301ff0453525bc5a5dae8ddb480add7988df58f683852
+** INSTANTIATE:
+	V = 527637b45596ba90884095ea256856f2ef9b2aa696f3401d8956bdf3e2a685050aae5e213dd823ae851fa4bc2ad09db29aabf9daec3a8d
+	C = d6e0028eebed41a430fe120cb846163534f2476d59f1903231d07152a242330bdebf7905cca7cd789104972b73e03604eea13804fc7ae7
+	reseed counter = 1
+EntropyInputReseed = 1e1bcb06b92496a5b71a200310e1aa7a4b4d05f6046914fa
+AdditionalInputReseed = 842569f6cb43c95131960a2a34ab4d266760236da99a91ac
+** RESEED:
+	V = db487eb41d0604485665393f286afbcc61b3b2328743e66229380ca3832025000aeaeec6c1a2a0f2f49a154228b468256c79f209fcb3ce
+	C = f46bfbed30698852132c8e3b4858d96eb6f668d2976581ffb48951ddfbac78e8883706441dfa7e6cf3fa1abb8b7a5dfb87ed131ddff31a
+	reseed counter = 1
+AdditionalInput = 30b479647c493b6e0a186bad9d6c1e06247bc55ecd90ba9f
+** GENERATE (FIRST CALL):
+	V = cfb47aa14d6f8c9a6991c77a70c3d53b18aa1b051ea96861ddc15f192abe3af242631278a07c19ccea499612143aaf76aa31c5c13984f7
+	C = f46bfbed30698852132c8e3b4858d96eb6f668d2976581ffb48951ddfbac78e8883706441dfa7e6cf3fa1abb8b7a5dfb87ed131ddff31a
+	reseed counter = 2
+AdditionalInput = 5c8370f09509723844d739728a39c32d74c8f5296f5f6dd0
+ReturnedBits = 5bca03c80ae4b165cc282208134d602e235e4cf028fd24d7ecb246c98c8b5d0e2d7d30da04303cc611842dee4fe390ebaa0b4c169e506734b1a618bf0786154850ef127cca5e4850a6e574411555e96dd7e5aa1880633c336973bbf892b09c19350499012a182f5343fced52acf581ae
+** GENERATE (SECOND CALL):
+	V = c420768e7dd914ec7cbe55b5b91caea9cfa083d7b60eea61924ab1821d011180ad11b194a2ae09c93d772c1ca1b5cd73e820f7747b5ae0
+	C = f46bfbed30698852132c8e3b4858d96eb6f668d2976581ffb48951ddfbac78e8883706441dfa7e6cf3fa1abb8b7a5dfb87ed131ddff31a
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 3b4a1d8056d5e79ac053ee5d7cf6fdb21d54b6507bfa5eac
+Nonce = c12a0ffc30cd2783ce6a9cbc
+PersonalizationString = caa7855435f3e05d74888ba6e87aaa9d5c8152ef553a1cce
+** INSTANTIATE:
+	V = 151cd2f26339ee858830f1abab73b640de8fb8bd9927d1398a39d01401820902cf612de5a5644afa3545b0927f48ced7fb84bb7e14b7dd
+	C = dc445ca097865b94bca6939746832c3bd6f2f4b8e92b95116a04f3ec769f046ea0949786f981eb798266a1e4f324c47bcd86b8e166ee67
+	reseed counter = 1
+EntropyInputReseed = 20f6fb058c718e8c368b16de4e38f2a7888e323f7b71ab54
+AdditionalInputReseed = 18e42a9e93d00a856e42d9a6a66dac2b33b85abd95bed449
+** RESEED:
+	V = 9051882d8a751a9741eae7a0d55ba5b9b94e0b3d1d4fd5589dfe52a91d80ea64949dcffd058a275718fb44986be70a49b3711026e29c2f
+	C = 49ce1d3dfe91600f341f4ea43a9366d589d6a0f2176210c0822dfc736cfb3c19ecb1208a5dc1e2d3ef1c1ba12a684eeebc08adb58452ca
+	reseed counter = 1
+AdditionalInput = e627057674c46bfaab16bdcd3495dcf89490f68c29502474
+** GENERATE (FIRST CALL):
+	V = da1fa56b89067aa6760a36450fef0c8f4324ac2f34b1e619202c504cc8b1947fbb40b3e22966fc290c6f4bf66d7079b93152f00668b6b7
+	C = 49ce1d3dfe91600f341f4ea43a9366d589d6a0f2176210c0822dfc736cfb3c19ecb1208a5dc1e2d3ef1c1ba12a684eeebc08adb58452ca
+	reseed counter = 2
+AdditionalInput = 0443122d0cd700b1aa89128e8e90397d3c7e4e8e4cd7ee72
+ReturnedBits = ff66514b486f98d3fdae3d832f759e2e4539152705946a7c2e7dbeaf0198ccbf37329e2a089a47d40f12f143c9989dbccaaec76efd4c22c5777b21c72263b356a099a480d1f15d156ca3a66fcc833753823b4606ffb333f59246e5d66674223278311d3add9ccc909860da531eda055b
+** GENERATE (SECOND CALL):
+	V = 23edc2a98797dab5aa2984e94a827364ccfb4d214c13f6d9a25a4daaa4087d623239c4285a5c710f5536dd6516186d5616e0d1f696290f
+	C = 49ce1d3dfe91600f341f4ea43a9366d589d6a0f2176210c0822dfc736cfb3c19ecb1208a5dc1e2d3ef1c1ba12a684eeebc08adb58452ca
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 3966a7407ed1107902d4098c264ac0bfe866e3fe8f1212a6
+Nonce = abbcb520bc03eb7976aa605a
+PersonalizationString = a07440c9bfae23896e83e449f71000b4b96d1e18d4fc023b
+** INSTANTIATE:
+	V = e6724be850709d5914f76f4b5c36b20477bccb2e34a9a4aea766aaa2b5d6d2bcadaa8ed8ad1e7c80f3f246e585a9b7a1d6be2cff14638b
+	C = 069b5a1de74970d37726b152044e7bceea5760baffb21f87401467b5ca19f48286ec3c5ffdb1adcc473d9b0a7bef066226986555d4593d
+	reseed counter = 1
+EntropyInputReseed = c194f6f6867c7027f7d76cf0483fdf122854b18fd6adb253
+AdditionalInputReseed = b55c4bc0016f9b2cd8d77730d706732030d3686409aba5c5
+** RESEED:
+	V = 1ef0b21f398a041fd4a2430d60faca52f780357a4af336f90a454cbdf78bc5b0e491955aed0f1c10a83b565084ca814c0c0bd896d012a1
+	C = 8da1c7f38998896c30e2eb5e1fb10cbc459c7ac927443303add1597aac3040596ebd04d03d68eef29e77da7cc4d3d40b275321f903bec5
+	reseed counter = 1
+AdditionalInput = c98b03d2e696f4a2d471dbb91d569384c6ef7cad63c4b52c
+** GENERATE (FIRST CALL):
+	V = ac927a12c3228d8c05852e6b80abd70f3d1cb043723769fcb816a67448093b4e3a35b02999f65bd58f0c708442a33e4da960f37a2e060f
+	C = 8da1c7f38998896c30e2eb5e1fb10cbc459c7ac927443303add1597aac3040596ebd04d03d68eef29e77da7cc4d3d40b275321f903bec5
+	reseed counter = 2
+AdditionalInput = ed5fbd0dd4ab0faff82c9dfef0b462cc8fc9d9ad8d890b29
+ReturnedBits = f098c4fd75b80104fbccc176348e9c91de516aad81c313e100534ae79072cd4422bdf59b4c7762495fc41ff365f4ff0c5d43cb541ae8c5192326d61605d0d8e09b65811c684b6f9893dc556f0341b6533c2656563aee8e8080d618a33726ac27792aeb2d35fd3d52e741f30dbe465aa1
+** GENERATE (SECOND CALL):
+	V = 3a3442064cbb16f8366819c9a05ce3cb82b92b0c997b9d0065e80198833a6b34275d095c0b2d6a4d2d1f0a14687e6afa78b45a4d3417c1
+	C = 8da1c7f38998896c30e2eb5e1fb10cbc459c7ac927443303add1597aac3040596ebd04d03d68eef29e77da7cc4d3d40b275321f903bec5
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 5b05557833e529e8814e7bbd52f956b6af2645b06dfd18cf
+Nonce = 9b3139f275b958e0d387c9c3
+PersonalizationString = d8f87930d05b4b1c5840ee76726e31847dcab16158b7b6d8
+** INSTANTIATE:
+	V = 992a6d5b3900825e27b4afda67725336f66cffd5b66b21f8e4bc209cbed901a03b4adc865e19a976d97da8bff6b9a330fa9f6ac5d28401
+	C = 1b2ac75aefaf1f6399a70c6d7cba149ed8fe4e47a0585075d5db7606e26ae01075f5ccdd2bd31e66b65382d5f9bf23d78244d5d2a84f3d
+	reseed counter = 1
+EntropyInputReseed = 58b95a0b014f20b6b89272a473ac80239a17acc4ae3c4ff9
+AdditionalInputReseed = b6100982549d155c9d24aabaffa89a06402e5ab75f1684a3
+** RESEED:
+	V = 00429c895e9f66d168042452d96dd1e980c68bf4210b6115c921984390a6db974d3838b7848f089af466116a6f7915680ba61768ffb7e0
+	C = 871a81b74406fa5e0684e2d45869f31b7bafb7120ae63b9e7c118b2d8bfe0f1a9b9d8dea11d9e7ba9fed5992ec587f0518549dd7e42fad
+	reseed counter = 1
+AdditionalInput = 416d967404e14befa21a3b7123ce762bffa900f63313c30b
+** GENERATE (FIRST CALL):
+	V = 875d1e40a2a6612f6e89072731d7c504fc7643062bf19cb44533243fa06c2cdfce4177d3deb96a373b22b8ecceedc454a29836161c4fb8
+	C = 871a81b74406fa5e0684e2d45869f31b7bafb7120ae63b9e7c118b2d8bfe0f1a9b9d8dea11d9e7ba9fed5992ec587f0518549dd7e42fad
+	reseed counter = 2
+AdditionalInput = 6a7b610a7e3dece37a9185a3eecc540c8196deebefb69ab7
+ReturnedBits = 83cc8fb052d864970ff487f0bf9f44a419324823c83aac4c12d3628b6acc6ddafa8d5f14e0aa335535e73425f2c31a82ad3a9929e3c265aba0a448362b72e8d822a42542cb89d0e2e1068807566c235f5e949e8fe68baf8b8066372ab78035498ba5b26a8cbda9cf8faed714a7e07c95
+** GENERATE (SECOND CALL):
+	V = 0e779ff7e6ad5b8d750de9fb8a41b8207825fa1836d7d852c144afa434013b7e02012ed651e8c5f92cae66d53ef7043cff6eb012afb573
+	C = 871a81b74406fa5e0684e2d45869f31b7bafb7120ae63b9e7c118b2d8bfe0f1a9b9d8dea11d9e7ba9fed5992ec587f0518549dd7e42fad
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 840b7667ca810879dfadafe5ca18c350815fde75aafb1b98
+Nonce = bb6d3bd0bc8dadfeccd63f01
+PersonalizationString = 07135a62af6ad919feb05b3e7f7e67d1aab1e9819e089f12
+** INSTANTIATE:
+	V = f0bfe1f97c23c63bb564ae781088dee9f30b698a73457eedc70c898d6c10feaef08bd7ab15d1fb12c71de722bbb4434677aecef3592bbb
+	C = 9662a1ac2ee6521b2aff5fc1fb06d5b00aaa4f9b091404c8c01f2aad19ef40d360b8d1faa0c23f8c3b76261bced8f00460b6516f427fe0
+	reseed counter = 1
+EntropyInputReseed = 21fe221e5ba7640f3acfa87f3296207aad0f93e1d1401839
+AdditionalInputReseed = 94992507fb6d1eee05c990f2e5e586bb8e3bb40db68e406e
+** RESEED:
+	V = 0dd75495a47676328d0e78a8b2104cbcd99be5bb500e032e776da415c62f1c4a1ad601fe1f2e095215bcdb8356c1bd8638d92a1cbdc3ab
+	C = ffdb4c6c103bf7faff12fb2efed7f206a5810cbfaf80338607628e9f2b5fabfe5ec05b94eb16ec4816269774cd2e5a3d191014358cd2f1
+	reseed counter = 1
+AdditionalInput = 90009de1fcf4845f51173aa09f092d422a48ca7b6730b025
+** GENERATE (FIRST CALL):
+	V = 0db2a101b4b26e2d8c2173d7b0e83ec37f1cf27aff8e36b47ed033aad15e8d427e05e1d607a1bb35f52fafb953e3584c03d06d6687e6f7
+	C = ffdb4c6c103bf7faff12fb2efed7f206a5810cbfaf80338607628e9f2b5fabfe5ec05b94eb16ec4816269774cd2e5a3d191014358cd2f1
+	reseed counter = 2
+AdditionalInput = 0d5c89e895acbe247ff964f4698bacb651e06ad72dcf83f3
+ReturnedBits = 0d216a2287fbdfbb0313b151dc27e778bd28a456cd449188d6f03bcae1bc16742eb295aadfb24621e9ab390d4e35d6c2f321a021cf03218251e9d9be6acb602bfcf6b232ba6978a50ab743bca0b84c1cd176d8cd2d25420ff005e0fea5aca71a7fdaa8b91057b8c96dd8da2954c7a5fb
+** GENERATE (SECOND CALL):
+	V = 0d8ded6dc4ee66288b346f06afc030ca249dff3aaf0e6a3a8632c39efe45f57d5593159b714b3c2e29d199a64a72122bec1271113962fe
+	C = ffdb4c6c103bf7faff12fb2efed7f206a5810cbfaf80338607628e9f2b5fabfe5ec05b94eb16ec4816269774cd2e5a3d191014358cd2f1
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = b859961c7aa1a3ddcdd48980d75d92b4f5c7d5d8606384cb
+Nonce = c1e1ebd50fafa7bdef5ae07e
+PersonalizationString = b483f35c0d320976933f7194f99e490cb31a58f5a7a87b9e
+** INSTANTIATE:
+	V = 310a606bf7884116cca0d8d743f0b0d6e5c12c333e15c2e8495050aa5a479511f6050e0f487dbb2a23661efb9b3815c31cdef5ec43ecad
+	C = 2270f2da575279cb791a6bdcfc5cf3309062864277275e68aa42e625846085eb636f5ceb5ed03ac9b754312697f5362a8c43590f0244ee
+	reseed counter = 1
+EntropyInputReseed = 5a35af4980a70ac8f7265071d1ddfa7ad725e042e0dccad7
+AdditionalInputReseed = 34ed35e7ebcc7dc6e2cebbbe4e8ee2cf73b5aecbc3a115c8
+** RESEED:
+	V = 702cc4641d302e550d8715a82804034381ea7bbcb940281a073ee58581591794e8864847b9ff7648255d95f798360c5ff6b0efca4be09e
+	C = 652f3a83f1b5338deb58c24725b2410f64bb381e00c3db58cd900969946d4edb18e67a463892955947dc017e32f423b84d6b1a037eda46
+	reseed counter = 1
+AdditionalInput = ed9ef7bb7ffda8e132847ca109608fa4fc60ca0470f4d96a
+** GENERATE (FIRST CALL):
+	V = d55bfee80ee561e2f8dfd7ef4db64452e6a5b3daba040372d4ceef718f549f095719d8be4df85449bd73ae6cf462a3b744b2e93da03841
+	C = 652f3a83f1b5338deb58c24725b2410f64bb381e00c3db58cd900969946d4edb18e67a463892955947dc017e32f423b84d6b1a037eda46
+	reseed counter = 2
+AdditionalInput = eb4826578e0540db894aa6a222eb084983f473840ae31097
+ReturnedBits = 25de01a24978c0763eeaefc56accc4db8e81f02ed063282fb2a50d544e2699178985b367b71aaef924129da95820d4bc9811ef9c260fe0fc6e0540a3ed7485ac672144fb7d541eb801da5eec1efa0f8191ef5bb4e1eec27d8beb8e729d926e7b307eb781f5481582c00c30a0e5c5eac0
+** GENERATE (SECOND CALL):
+	V = 3a8b396c009a9570e4389a36736885624b60ebf8bac7decba25efa4ef219ef05a0b0f2883443595bdc811f147e0b0260c218f013209457
+	C = 652f3a83f1b5338deb58c24725b2410f64bb381e00c3db58cd900969946d4edb18e67a463892955947dc017e32f423b84d6b1a037eda46
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3df09e66cf12a50a1da72e303ec9feeeb5f0021073fa974f
+Nonce = 41b37919e8c1e70f49d42b17
+PersonalizationString = ae44913a661b8dc544ca28f1c62087e1cf3ef528f8160fe8
+** INSTANTIATE:
+	V = cea10f0c0696b3a4c14542311e05154315c17e4a4e0df67b7f1d076c70fef53df1e77776391a2299d99e8f6f374853c041acdacb43cc11
+	C = 7a707124f8093be62bb99591811e2f3e990221d94c2fa7fc7f9c737230e0bf280c1fc7a122ca5c7c1c2639598b3e4110f83207d647570a
+	reseed counter = 1
+EntropyInputReseed = eee1d57bd0b7407788952b9722e8cce291959e07d2720552
+AdditionalInputReseed = 528032fbc4ff0f35f4f59b088b26bacef0f4f5bb3c29f102
+** RESEED:
+	V = 6c7ae2fc19a9b3b24daec7a0f693988ebdab245177f1b284d606a63bb44bf3c3fb4c29ce0da53be3408381a6c96ffc63c193512f7bce20
+	C = 4ca0e6427b2fa9879df07dd00a627c1990b98f9e405dbb2607a5db00c8efab306a7b0977f05e7aceafe61f52c6231db234295636dd0bf1
+	reseed counter = 1
+AdditionalInput = e6d3c40d5ccf5dd91bbf3f3a8f6742c800a48f0ba3424557
+** GENERATE (FIRST CALL):
+	V = b91bc93e94d95d39eb9f457100f614a84e64b3efb84f6daaddac821a57ee84e8b11a999f855488375182b07d1221af7e437a2cc6f74a14
+	C = 4ca0e6427b2fa9879df07dd00a627c1990b98f9e405dbb2607a5db00c8efab306a7b0977f05e7aceafe61f52c6231db234295636dd0bf1
+	reseed counter = 2
+AdditionalInput = 3cf47801466ed01a6fa152dda1bd34e112f9c0b70f21ff09
+ReturnedBits = 8830fa991e89e56d2a26e49fc4ad2af6244fb8dda608634bd2043a0d262fc5685c9cced16805114e2199777a4f9b17b727ba90fef0c3a507b804d3b6841dc41274104deb034ed8a787d4a3b42c9941a01391e20636443eefc2a61e9140ee453d41829ca41bd6b7f1d9a7f3910b8b65f3
+** GENERATE (SECOND CALL):
+	V = 05bcaf81100906c1898fc3410b5890c1df1e438df8ad28d0e5525dbca13c6cff35a4665508cc339c6cd19a4d543f81fd2f9d324cb2818a
+	C = 4ca0e6427b2fa9879df07dd00a627c1990b98f9e405dbb2607a5db00c8efab306a7b0977f05e7aceafe61f52c6231db234295636dd0bf1
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 54f91e62744a88fbc02c3b4cb7b12586124470143f36daf4
+Nonce = a38b441e6dbddb69e1f7e704
+PersonalizationString = 129d38491a1a5804a14e64e5af58c20b38751f36cefd5bd9
+** INSTANTIATE:
+	V = e95de614300c3ea2d70bbd874edbdc7fc6886631339ed642de72c5615dfff3727dada20212405cfb6b2a0d659f8355e6d0c2737e451233
+	C = 76e1aec32fb5cad9278aa00d80f18cf5c42ad4b6a49133e2a1915f85feeb11047adfcf11a9021bd382561cfdcd669253cfadca894b6090
+	reseed counter = 1
+EntropyInputReseed = a0bff2a1a28cc0a1d9035c227ddaef5f1e034dc510adfce1
+AdditionalInputReseed = e3757c1d88033054b4b6d5242033b926fb924595f65619f9
+** RESEED:
+	V = c3adec423af3a6da1e95289aab721b10b95d55858f289163835eb7dd35d2eb25bd994ccdfe9be4e0255bf340229c02081b383089cf044b
+	C = a148549d9fd29915c21f0a73bde7864699feeb4204a23a368be571a30fb5fc768f13cc58e1aa4d40381c3147c84ca92556f6ec8c892879
+	reseed counter = 1
+AdditionalInput = 70bf1f4c0991241f7487f7db24c4273b6ef8d04e966f1c7c
+** GENERATE (FIRST CALL):
+	V = 64f640dfdac63fefe0b4330e6959a157535c40c793cacb9a0f442b182826669a1c425faa98824173af1c6fdcc5ec7898ba1b62c1e4e392
+	C = a148549d9fd29915c21f0a73bde7864699feeb4204a23a368be571a30fb5fc768f13cc58e1aa4d40381c3147c84ca92556f6ec8c892879
+	reseed counter = 2
+AdditionalInput = 4c51d133a96aa2a1b91cbe2599b2d2e756616358695cb269
+ReturnedBits = 7b41713dd51ec0a9b126e9ea6e6f2c3d9a846ccc38eb7265e9164193bc29f1aa6b16dc5f184e6d5db3a8db5b64349b8601baf0342e826cbd036f29129c860842e1a1932e2699556cd27bf5686649d6a1e0d14058e7748c1e218ba18198925334a6b734a66fd0591bb99a3b74e10bfcbc
+** GENERATE (SECOND CALL):
+	V = 063e957d7a98d905a2d33d822741279ded5b2c09986d05d09b299dcd2a2ef3dddd0fa31c93621ca56d8f7c44c7da0c6d1fc499f12ba7d4
+	C = a148549d9fd29915c21f0a73bde7864699feeb4204a23a368be571a30fb5fc768f13cc58e1aa4d40381c3147c84ca92556f6ec8c892879
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 49870d2ee54b7f37f266f0685ddbe690d6e78b1366f0627e
+Nonce = b564aebb9f4d8bffcf2a7c18
+PersonalizationString = 89ae2e97e289eddbd36eaa0e83b5397bd99a277013834b70
+** INSTANTIATE:
+	V = 335e93b1ef6e3a67ea424731fcee87011d3b626a740a4b8714881f20424dab4c7fa2fe943f789093ca859bb017fb323c2a3d8681cd8ea6
+	C = 77fdf601e18ce23df0261af0151afdd2d098e0c3262400150b0c996bc3be698a82e920cfcf45919d57a4caa8ecb2eb8b2668b0f1912f48
+	reseed counter = 1
+EntropyInputReseed = 76a0ebae02236635dd3618d1ad8aa69ad94b671df84dca58
+AdditionalInputReseed = 7dfabf32c83e4ce517254bdad38f5c7baa57b73a57360d25
+** RESEED:
+	V = cd0b83abab88ce431b9a70c26e642ac7cc0d7638b1c9e2e086ac232f0d00fc6dc1ae08bd7fad5cc89baf5e3c7f0ea5a97745a4be4888cd
+	C = f999c4d27b823aa4a462da4b2e0b4ebd69b082e11795b9f0af0e496714dc85247138393b2bafe2c17d19df58aca4a042fd98387d9a6ebf
+	reseed counter = 1
+AdditionalInput = fa943b99bd44975e87793627b110065f050fe798015b0f1a
+** GENERATE (FIRST CALL):
+	V = c6a5487e270b08e7bffd4b0d9c6f798535bdf919c95f9cd135ba6d0e5361ba7a5b1641901e0492e98d1c88c85887417f00c17244f21558
+	C = f999c4d27b823aa4a462da4b2e0b4ebd69b082e11795b9f0af0e496714dc85247138393b2bafe2c17d19df58aca4a042fd98387d9a6ebf
+	reseed counter = 2
+AdditionalInput = 46c481f24ddb394795d4dd2c6065e6f3e1b7a34edbd0a165
+ReturnedBits = 26a5b9db4f772d7d0d251f341f4baa7cee760663956b87309db0bdeae6e9d71a468fdca41dd2cdb057e358d34729f9aea49376701f5bcf59ae8ee328e8ffccf5e8e26a28a4f37ddb2553de2aa06736dc74fdec8b8ab3a071e3230c08617f35635eeb42dcd5c4cb8d83fcdb4c2b61d66b
+** GENERATE (SECOND CALL):
+	V = c03f0d50a28d438c64602558ca7ac8429f6e7bfae0f556c1e4c8b750ecea47ea035cd49813687673a20ffda65173cd5f57bdd96067f132
+	C = f999c4d27b823aa4a462da4b2e0b4ebd69b082e11795b9f0af0e496714dc85247138393b2bafe2c17d19df58aca4a042fd98387d9a6ebf
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 80588af58db879b87e110d25732dcd48ca5ecc76df23938d
+Nonce = 46b04f7475b6db5aa67179d3
+PersonalizationString = 0e6acc0c44ba711cdd8abd5dfb58dcf642e2306b5a01da88
+** INSTANTIATE:
+	V = 5d463993d6932044494e3b1d54976eec87a0c45a48a36f830b75d73423cd91468cd33f8ea5bf9deffbc485fbc939758aca3fd2bb4b7dca
+	C = 076159e532b5341829e87e4d1b20a178437b8906e5bc259a616aa86a5069e366badd48f06479e43646f6ba35e3000a39d61e02459de356
+	reseed counter = 1
+EntropyInputReseed = bc5c317b0e66094d45fa49db911f6b11122250992e370387
+AdditionalInputReseed = 5c5a87c8f76698206625986d1f94df2d4f8be211d1519855
+** RESEED:
+	V = 2b8607731e466594333adca5ede18b440c828ad85d18f2295372f917b9213a8da18106d49f2950f1904b053a846d754241ca1f71f10ba3
+	C = 9e91527174ca841cb10e6975a91ba08ff8cc176439c896cab5653713e78638741669e04456553e4da56a2ac9fcf4ec25db81ea1206194a
+	reseed counter = 1
+AdditionalInput = b3eae1cd18dd003e18d66801be24bd71b146c9f919568ec0
+** GENERATE (FIRST CALL):
+	V = ca1759e49310e9b0e449461b96fd2bd4054ea23c96e188f408d83189ec57003b9b9435108808187b11b2221653ca7d2890f7be73f0eabe
+	C = 9e91527174ca841cb10e6975a91ba08ff8cc176439c896cab5653713e78638741669e04456553e4da56a2ac9fcf4ec25db81ea1206194a
+	reseed counter = 2
+AdditionalInput = 522fd53d89354bec859b20632f3220974f6a04bb4403b799
+ReturnedBits = e56f1175c87b8e31a1dddf27aaeda1398c766e72b7c3f9b6ef85cb0922ef82056a167ce637bf490d09f338bdf27aad955b294a850873f7fb4ef4003a5f4fa834d6a15407c6ed3ceea12ebf15b7ff5f276f40e6184581ded173c5e89bc89d69594eea71f5ad4cca3424721f981695754c
+** GENERATE (SECOND CALL):
+	V = 68a8ac5607db6dcd9557af914018cc63fe1ab9a0d0aa1fbebe3d69d3eea8e232a1b8405a886b826bd6516eab9f65624a6a04ff6eef01bb
+	C = 9e91527174ca841cb10e6975a91ba08ff8cc176439c896cab5653713e78638741669e04456553e4da56a2ac9fcf4ec25db81ea1206194a
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 15799dfa6bcae8af2f45091c0903e6dfd3f6add02f4f845c
+Nonce = 5e2182fc9d467804871c3ade
+PersonalizationString = dfbec51c065154ac80ea0dad73664ea2ff9a78573d5bc3ae
+** INSTANTIATE:
+	V = 4c5a8e4c5ba7d34d36c6ac1a4b6e3dd2c634c9086c961534b3f8e1992259844643199e282962d9c1b70632e1065bc965c74008f1dc96d4
+	C = 70412153aec6489c8379c25148769db95bd11a67ab0f4aeb1579ad7e5098212aa090909d81acc09edf95a876d05036f9ce6232fbe8a58a
+	reseed counter = 1
+EntropyInputReseed = 9b8521622a09ca5e4df656802aa399d1d9c78e252dc364fb
+AdditionalInputReseed = 91ede5bf34fb3383d1e5990251cd9743385932e734ef3a85
+** RESEED:
+	V = 51e18e25045d7d5f9513f970cc74070cd0be5b5174587f815df82dd764e01b2c7f33316342076ce3960d0562b572b392e7dc1a910a1ac0
+	C = ba9ef8603cbdfcd5a67f60e93983808940711a631d0cad12e480e09e64bca02feb3bcabf08d6ba9ebf7b1c392f99195353c33bce162b9b
+	reseed counter = 1
+AdditionalInput = 597c9d6165f87a9fcfe8ba84b619a0e2223301bc916e9a08
+** GENERATE (FIRST CALL):
+	V = 0c808685411b7a353b935a5a05f78796112f75b491652c9442790f5765e5fec6ef61727dacc3a4b335db9262a048d7b0759a71821f64a2
+	C = ba9ef8603cbdfcd5a67f60e93983808940711a631d0cad12e480e09e64bca02feb3bcabf08d6ba9ebf7b1c392f99195353c33bce162b9b
+	reseed counter = 2
+AdditionalInput = 15489fe877f249283ac9cb4281f3a683e00054104d13eaf5
+ReturnedBits = 187213d7b2c4b48ed2eb12bfba3dcc3e405653b1466512d1a474b922e1ed77744be5ed6014b1794115a50306a85b38e4c39d1d6ec9ed7398584c1a03c4631ee03d7653d0cd8e0b9669f9ec271d0dd08d6e82b0ad6aaae2594ab4b0af9147fe3ff58482c92923b3928bf8c6ee5cd91276
+** GENERATE (SECOND CALL):
+	V = c71f7ee57dd9770ae212bb433f7b081f51a09017ae71d9a726f9f1655d09277e4cec7a35a83ac8e3ef97a84d2a25d33130976489d788dc
+	C = ba9ef8603cbdfcd5a67f60e93983808940711a631d0cad12e480e09e64bca02feb3bcabf08d6ba9ebf7b1c392f99195353c33bce162b9b
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 0e95b5397dc6d869dcc7badfc4f4b66a60d0d1a563720be8
+Nonce = b44d713cdac6f890239c0691
+PersonalizationString = 
+** INSTANTIATE:
+	V = 276bb8f3d432ae93d514c0ecd36def81d0007bb4b643d57881d043b2206aeba4adda11709348235b9b62fb29ef676f251c01764d7b944a
+	C = e204c28c6ba813d2f110b441d4fad2d803a70a1a55ab704fac56f882a8ba4a59abfb2bfbf38429936b3c7d6963802f89ed75b48a48f85d
+	reseed counter = 1
+EntropyInputReseed = 4a1e28d6e886c33498bff6f3733afa7115740dc5dec74441
+AdditionalInputReseed = 
+** RESEED:
+	V = 1110de695c855f6613ba7653883fb55782ad0b04b7d03df5d5f3ed7c868b12b5e6cd73f113454dc57136816198f4d1324294f06219801a
+	C = 153d1bd1087a39bacf8c701fee7a0310ba436b75c12a286bd7aeefbacad52961209d71dd083ffa741820d2e6e623a8b237aacb962565c5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 264dfa3a64ff9920e346e67376b9b8683cf0767a78fa6661ada2ddcfa7b2973a8d1cf31eeaf1ffaa9c36b701c7d326ecc3db4f6140e2c1
+	C = 153d1bd1087a39bacf8c701fee7a0310ba436b75c12a286bd7aeefbacad52961209d71dd083ffa741820d2e6e623a8b237aacb962565c5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f2bcaca024faf6c2701161ff8fda28d0174057a3995f55295b485ff48cc8b5e3bffd3b2f80a4a40a94eddfb0401ae45b47fe42a7e64dabfdfbf1ec8a10b60d4fade808bd5eec7cb4c0e6a2648787efd92a5023dfae9fcdb546cf9403057421c7224775315e2faa3fa3821a28210516e4
+** GENERATE (SECOND CALL):
+	V = 3b8b160b6d79d2dbb2d356936533bb78f733e1f03a248ecd8551ce3a068a51f7973934b66f3e8c8e65f405d45900354114755249d51c1a
+	C = 153d1bd1087a39bacf8c701fee7a0310ba436b75c12a286bd7aeefbacad52961209d71dd083ffa741820d2e6e623a8b237aacb962565c5
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 6ee2855dbfa82b3a527f64c4ab6efd4140af639e8ed031b0
+Nonce = 24b5bc283c74b0d533f6e884
+PersonalizationString = 
+** INSTANTIATE:
+	V = df9f6e0c10de7a8c0b791962ea5c93476356740266727b892b8d785edc56809074d2c9cc91e841312218fbe6486ecd235ee6ac4dc786d2
+	C = 4fd78b5490543daf983719149b9784452833bccc31e1db5941cd88cd02c23df23a0e64e6646325baf0d8bd786ced7b3d9b39e37721bb31
+	reseed counter = 1
+EntropyInputReseed = 6bbe0cc2c4c17c6135bf6949c119d05dfd03924b7f7e32c2
+AdditionalInputReseed = 
+** RESEED:
+	V = 73a2644d379222f1fdf4c10d2ef48fd7c20a424acdbc25fa457713328cf782e5002a56a65d23d283451d2c2c23488e0813afe1f49fca84
+	C = cee0595350fb041c3fae44233b86e308204b78a764679bd82f6890d33fab2b97c406ed5d2bf1b5e3dd67744bdebde43d6e6a5804b61e1c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4282bda0888d270e3da305306a7b72dfe255baf23223c1d274dfa4b517e197edafc027dfae2e1fc541ad766f367a6c75e0474564def616
+	C = cee0595350fb041c3fae44233b86e308204b78a764679bd82f6890d33fab2b97c406ed5d2bf1b5e3dd67744bdebde43d6e6a5804b61e1c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6e5c0581a39cd1a46682df0e316856f5e2b132b986e0d31635f97aa39379dada978f76afe53a52506b6185d524a7d46147725f91df5271fff8f7ea191fee01fa7cbb37fb2f39865e30146df24baa08f584bc9520472c4d8faf8727e13c150f97b08fefa62a02b655b5388c498c7a4904
+** GENERATE (SECOND CALL):
+	V = 116316f3d9882b2a7d514953a60255e802a13399968b5daaa44836244aa308fde996be2e7167f47ee017bcf84708e169466f699cc2e4d4
+	C = cee0595350fb041c3fae44233b86e308204b78a764679bd82f6890d33fab2b97c406ed5d2bf1b5e3dd67744bdebde43d6e6a5804b61e1c
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 3af80aabd8d70ce6e0efca06a50bf7ff061a99668ed8cc2d
+Nonce = 4cb241969b64628086f626a3
+PersonalizationString = 
+** INSTANTIATE:
+	V = e28fb345328992daa5c2d089dcc7c8562b9626fc5f585c98aa188fc268391112f2ee5bf391862f48e51ad7ad421ec887eb698e5a066916
+	C = 0202a2924ea0fc82cc4aec00d340ab5b7241d0e7e57836ce4bdeb8fee409e99e946250caf33a766b2c209405977ebe58b981f79e57e0d8
+	reseed counter = 1
+EntropyInputReseed = ffb4d427b861acb3cc1e006f30654e3e1b4fd028fc30dcec
+AdditionalInputReseed = 
+** RESEED:
+	V = e5cbd666be6e6485ce546b7c3ec64a2d6f4dcd67b3f490a787b547dc4b4b808b55633d077c268b07cd06596c525afcd0a0787b83d0b47e
+	C = 620bd757fb24b0707c3b227452a221629c4615dd0885ff585d95616b955d609206ef310686e822f6a4efe06fb28060e715d105735a70e3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 47d7adbeb99314f64a8f8df091686b900b93e344bc7a8fffe54aa96c8b6aa7f0d3c457217d8ebb87f452808bee85aa89c78b2e64e06647
+	C = 620bd757fb24b0707c3b227452a221629c4615dd0885ff585d95616b955d609206ef310686e822f6a4efe06fb28060e715d105735a70e3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f0ae712d23fce72aa137f02ff6becd8ab273e6dee87c14cc9a21574b1e3d44f0e0ad15f9c407b2499bc320565aa294c7ecac0459fd9275013a30a2d32e39e3407efa0e96940d7d7a96ccfbf3575ce7a9667c1b2120c229e083c7f7a014a52764444e9515112750544f9177d4c8ac53b1
+** GENERATE (SECOND CALL):
+	V = a9e38516b4b7c566c6cab064e40a8cf2a7d9f921c5008f5842e00b5dae1a0eac28eda0114723a3041ab79d115caa884bc4eebbdcd073cd
+	C = 620bd757fb24b0707c3b227452a221629c4615dd0885ff585d95616b955d609206ef310686e822f6a4efe06fb28060e715d105735a70e3
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = deb6408cfe09a3ce9f9ffca31bef96f6eed5604bba85ed0d
+Nonce = db3cabe6dcb42348677805f2
+PersonalizationString = 
+** INSTANTIATE:
+	V = c486f3bd2a2b6273f14dfbc708a2d34999f329252d37448bc49028669b6013de3c1753b278bc506c5945bf3ba13b1a4480a8f4aec9d926
+	C = dda479ac12e17963802a261b0c299ba6c47e4d827f153baa5427eab70cd2a596c9526a9438e890e5cb4cd72c6bb4c6f43c660e8faf5c9e
+	reseed counter = 1
+EntropyInputReseed = aa0b84a65a7e4980220b91a08d2ab5ac6a13c993a2eb51c7
+AdditionalInputReseed = 
+** RESEED:
+	V = cbcfe83e9e9fe1dcc69667f893bc3e9368f0ae5e82a84244d68d1d257c35b9f9bf5a6f99df03ff4519eb0a6a299ff7b1b8569d540c0bf6
+	C = 30eb58eefef38b7f8d140ec24b0b3a51524eba36c59249ce7bf9a332cbb00b2ccc2a61696e8d67fe13b0cc266d1083da78bdda5358f8de
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fcbb412d9d936d5c53aa76badec778e4bb3f6895483a8c135286c0da83362f9960f35696f1b18b89b28904289d8b9f7e500eab7377beb6
+	C = 30eb58eefef38b7f8d140ec24b0b3a51524eba36c59249ce7bf9a332cbb00b2ccc2a61696e8d67fe13b0cc266d1083da78bdda5358f8de
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = eb33a9952d2fd41a430c487b5f9e4cd9c3511836c412e752065ea080fa3168d3c68ae0575b0a9ceddf4d153fe4deb79b77beeb438dec9333ab83e1961f99290ebe813f4ceeb2993af24a708b24b38025f9d1ba7e0b3408d13f48b64fd87102031ee21feeb96f9038ea31ff599baefd81
+** GENERATE (SECOND CALL):
+	V = 2da69a1c9c86f8dbe0be857d29d2b3360d8e22cc0dccd5e1ce8064d26995dd89fe72d57afa341d229d1face99a4c2b1c101b5608c7b66d
+	C = 30eb58eefef38b7f8d140ec24b0b3a51524eba36c59249ce7bf9a332cbb00b2ccc2a61696e8d67fe13b0cc266d1083da78bdda5358f8de
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = d5dc1a491ca10ede27c869c0ff7bc006ea7a3181c2d7bd6c
+Nonce = 248a3d829b5f4d099f5717c1
+PersonalizationString = 
+** INSTANTIATE:
+	V = d95f3a3205dc5c699e91ea1570b9da7bc2f4d26b603c43d29e25b987bc337e524fd0be8fb9582fd7c6030db22f10760012243a76f401b7
+	C = b8486ac25ce48c679ab72bf9cf7ada60862776ed69f77abae45ce290b1f489647f4c188442b1f99d236d2b67cfae3543d0d8017ebcc4a7
+	reseed counter = 1
+EntropyInputReseed = 84605708b016fe6e782a930695a7c918db0d7f2b7192531c
+AdditionalInputReseed = 
+** RESEED:
+	V = 4dd4260b6accbb87b6461e09fa9b74c43d1b5ff3b1bf9207b1bf52aa8c8a9bfd2a9ba0f696e9b90029f8ddd9579ed6ec1dd85229d8f589
+	C = 4985753df58d2256e097021c9fd62b78a6d6707665d4025f7cfff551fe528fa531130c5d7fada8198ecc0c8e9ad0f8f3d4ba8c006c4719
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 97599b496059ddde96dd20269a71a03ce3f1d06a179394672ebf48641be673542fffa1480a6f9daaacd6f232ffc32262d236045dc22ee1
+	C = 4985753df58d2256e097021c9fd62b78a6d6707665d4025f7cfff551fe528fa531130c5d7fada8198ecc0c8e9ad0f8f3d4ba8c006c4719
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 82ee0be6dd5133a1b4da542b9174ae9ccfe11801d94e55ea77e491c213d91d6f13e38d95b58dca0a7e3fe1808f2ed0590e17f754c7fa9b26d38f3213bb1e88991ee5fb34438bcb528342f09d898dcbb440538d56a9fda427c9916c7dbd2d5f786a287ae91af34ae6a12554e62dad606e
+** GENERATE (SECOND CALL):
+	V = e0df108755e70035777422433a47cbb58ac840e07d6796c6abbf3e4e50d70cc427f4ed1c5d597734b087995c65c367c4115208863102b2
+	C = 4985753df58d2256e097021c9fd62b78a6d6707665d4025f7cfff551fe528fa531130c5d7fada8198ecc0c8e9ad0f8f3d4ba8c006c4719
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 75f1eacda08ab770b20059ea871bb1b38e0665a3531dcb73
+Nonce = fc7f15f496fa19e6ace28172
+PersonalizationString = 
+** INSTANTIATE:
+	V = 61a6ac3fcad8b0d6d179968aa1edba3270564634e80cf8b6e0168403564698b92f98e266805d18a67a9900bb550c9932c7c6f64a543485
+	C = b7f775275054e8e6dca5c3f2fd206e61cd0b1c839f9e022b592b2ee1172bc334f369e9bab6720a9bcd01999e34ac6f6023efeee7ac29ae
+	reseed counter = 1
+EntropyInputReseed = bfb2e5f7aa3af5a04e68bcf893c30681a9bcd5f33dc9ee9a
+AdditionalInputReseed = 
+** RESEED:
+	V = 7fe71044921654d97e4b8ccc5e19283e05017df9fe0f2dc5edf0d7ad9b7bc3fb938e1a88a6c48104e21e62ea7c987a0837daf90d2bfd58
+	C = ed08f93054d7010c39b47de2813b53bc4a3aab7b4bcb35584da7e2622ade9620815f4404de7c5065c3e108fe35d923568897b69014163b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6cf00974e6ed55e5b8000aaedf547bfa4f3c297549da631e3b98bb080b86612bb9db912d6bc42b37f6ed9d97690921d68daf0baa2af7bd
+	C = ed08f93054d7010c39b47de2813b53bc4a3aab7b4bcb35584da7e2622ade9620815f4404de7c5065c3e108fe35d923568897b69014163b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9edb85ae94f553390e8782cea1615970ccc6f7ab3ffcabcc9afe06c1d386b561bb025ebc7ce20bded4fa8695907335450b490f1c98fed81feef24ac3aaeb4308b0b717a6ef1d87d852ca5ab2cd10b92d49108edf8d282cb3fbe13ff743911328425a8e4afc6c1dc2add92801662c6f1b
+** GENERATE (SECOND CALL):
+	V = 59f902a53bc456f1f1b48891608fcfb69976d4f095a5987689409d8fab358955023eb18ac834e1592c912308d9ef634324fcfa3f373c87
+	C = ed08f93054d7010c39b47de2813b53bc4a3aab7b4bcb35584da7e2622ade9620815f4404de7c5065c3e108fe35d923568897b69014163b
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c7a5326455ea905d1c4faae8da9b00c76bea482b8c0397e6
+Nonce = 3bc85eccf8255c661468e2f1
+PersonalizationString = 
+** INSTANTIATE:
+	V = e37bff2fa07ce5090d77714743fa64e1c05f6d67c8c2f8579fc6d32df1d404b86ef8ddfb80745109b6ff34d248829501af3bdf3db961a5
+	C = 46767769bc565b5b4309332d087c685107182507fc8754d37da7225b7fe77805b65cf1da698fc51cd5594d8692b035d0330cdc8a940c35
+	reseed counter = 1
+EntropyInputReseed = c4b350d6ade507eac9953e541cb436ffe8ae938c858ac840
+AdditionalInputReseed = 
+** RESEED:
+	V = 9c2ef830fbd11c625e6112c9cc3f1469b136a56842c17355dbd691fcd8ca392a537f541f9b430a899f42e23515715d06d4f40fb619e299
+	C = 1e4f1f801412a979924d776c874cd9ea8136d69dad3cdd4f5acd587fed2e0a57b4bd97ea262d4e164b7233d082f93c44a7e76e399b5fb0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ba7e17b10fe3c5dbf0ae8a36538bee54326d7c05effe50a536a3eab00a2b2cba56eac37f3d51570dd85a549f1054619cdbffebd5ae4b5c
+	C = 1e4f1f801412a979924d776c874cd9ea8136d69dad3cdd4f5acd587fed2e0a57b4bd97ea262d4e164b7233d082f93c44a7e76e399b5fb0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f3f8d967e2d7464922cc6c40a7bf2c38ac3bb9fd3846aedfee59d39bffd9ff92b1615a0988fe2106d5d5ec565cca706cc8661c3c9a9b414d9fac267d7b0fd2d7e5ffadafa3badf0e76b9c3bd5a86379b9f16be5cb5b29ad56ceca909c28ec486086eea4748d446da2d813ba3121af13a
+** GENERATE (SECOND CALL):
+	V = d8cd373123f66f5582fc01a2dad8c83eb3a452a39d3b2df4917143a16df8f6988853a5029d81afa1f3475bf45583f85efccd76cfcb3b86
+	C = 1e4f1f801412a979924d776c874cd9ea8136d69dad3cdd4f5acd587fed2e0a57b4bd97ea262d4e164b7233d082f93c44a7e76e399b5fb0
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 8628d1ec4ab783099dc436f3cab25cf6687f3be697902ab4
+Nonce = 38bbca03b475566eeb6e7437
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0e931a408160dc85a33ea851876c959db857daaa0e0995df9459fcb57cc90f425515da46345ceab685c97323236922faffade995f6fa7b
+	C = 1d5c2eab26b183eb5e6ebb8f6e8414ac7daa11ef87d3e0c042b1f37a8e31abe70916afc5117ecbe589b1605f8c0e7790ff39647f6849c9
+	reseed counter = 1
+EntropyInputReseed = 4f8a37842ef35b7f8d9b673d0d799896e0b409220cf39125
+AdditionalInputReseed = 
+** RESEED:
+	V = 4a2294ab75cc59782cdfbd634e8c2e583393f9c88cdc2d1cb100163b55257cbc2ed27cf1eba4edc8ebaf5fc5a5108f707ee8ef7da60950
+	C = 4744f63a5b2285af98ae0609d9b9e6db8dc8b452bcb75c42f6ed4ea9008cda87cad06f25d7a706b99a740c9327bf0be8d1fbcf24d69158
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 91678ae5d0eedf27c58dc36d28461533c15cae1b4993895fa7ed65781dc322431ab9b131375a50be49b2648ee55798b29ddeafff79c4b6
+	C = 4744f63a5b2285af98ae0609d9b9e6db8dc8b452bcb75c42f6ed4ea9008cda87cad06f25d7a706b99a740c9327bf0be8d1fbcf24d69158
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 99fbadc9d25437e80d21ac9b31649a8698a42d7a9f00f4f809660c05e7a024488c29615802b8780de43afe760614e2b16ce8318f58160852563e940a3331707ed253681ad1d196597fbe2794410f7720bf9585ac91f6764a7d2ab4f3c0cc2e7db940ddc47069deb7545e2c6ff01c58a5
+** GENERATE (SECOND CALL):
+	V = d8ac81202c1164d75e3bc97701fffc0f4f25626e064ae5a29edab4f74b5b255cf37515499d82faf8835436276e8d3c83cca3d4d357baa2
+	C = 4744f63a5b2285af98ae0609d9b9e6db8dc8b452bcb75c42f6ed4ea9008cda87cad06f25d7a706b99a740c9327bf0be8d1fbcf24d69158
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = ef2f85746b12717a820bfa5ae6edbd1bf80b63e632afc7f0
+Nonce = 646ec1ac1e959e4bf7fc844f
+PersonalizationString = 
+** INSTANTIATE:
+	V = e9d2124c9b01eadee2180f32f609b58773378ab7abb92713c9c9ab95175a590a811bacc9fefd56221b7571ac417978042a246291aa4ecb
+	C = c8e302aa8a20e6a454a45b3ffeba55daa4f6dc4b450308cea9e1a391775523c3437f091970adb0209ec929388e1e9aea4571d95852d261
+	reseed counter = 1
+EntropyInputReseed = 18e22ba3dc2ecc5d99d70002b49610c24410b612318bc10e
+AdditionalInputReseed = 
+** RESEED:
+	V = 4c055795e88eb8c6ebc83454d20c7fc4c64e7bdf0a91046ca1726c83884e4191bd8feb97141e816747219df7de25f72817318444a4a862
+	C = 9c38a45cb6bfd03e62fec9bec6c35df122e296881a0f54c5163ce226dfcb83ed610f7424e58b60aae2b80eb5a7adad7174b5382e1e9263
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e83dfbf29f4e89054ec6fe1398cfddb5e931126724a05931b7af4f91ffa50aefdf64b7e7042f9d3b273e446b4f1b655eec9dc4fe47c231
+	C = 9c38a45cb6bfd03e62fec9bec6c35df122e296881a0f54c5163ce226dfcb83ed610f7424e58b60aae2b80eb5a7adad7174b5382e1e9263
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 97340f02a1ff3ba7a92f2a2292f284f9ddc65c823e4e906dfce71af53eba9f2cf1cca0a21a80df6cc7f15abb14f42b1cefd5b4276c101ff6f64cbdbbb52372107f09926d3fc015df9d1a868486f430d3ad49b3483ea4605cba0927516529bdcfa19733d8a0f859c04cfee19d7e73000f
+** GENERATE (SECOND CALL):
+	V = 8476a04f560e5943b1c5c7d25f933ba70c13a8ef3eafadf6cdec32036543f4901d583c779fbed9f262f821d03700eaa6c033106585af1b
+	C = 9c38a45cb6bfd03e62fec9bec6c35df122e296881a0f54c5163ce226dfcb83ed610f7424e58b60aae2b80eb5a7adad7174b5382e1e9263
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 55fe67eb28c03549309c72c382cdf74882cd7fffb3e74638
+Nonce = 67f291cc51cbf97f42adbe90
+PersonalizationString = 
+** INSTANTIATE:
+	V = b04a95361cca029f89f1a50666180f7dd1e1e1be90454e6a2cafa7afbd3cf8d5a62e1c346aee62480f4700519b0134a50ffc0951373d6f
+	C = f12068ac2feab9dff6f08ac422c2ead00990a91fb9b06fcf3bbb6ddfdcb4928c7195aa3ffa76891d172c51269121c5b6b9cca798bb259e
+	reseed counter = 1
+EntropyInputReseed = e1da057bd2091da5432135ea29d2df6fb27b4ff1364c0f8e
+AdditionalInputReseed = 
+** RESEED:
+	V = 807a98359046cd59ed3b1fd4aedefd95bd9de11c735c05843f5586dde1457a595c265f0b9ec87672e65c49f4472a906eff41637a9f095e
+	C = ad724906e75fc9ddab54e5ac05624c8877d45106890d1c06e871bca74102747d267f7cf14ecd53c96b240b0832585f2d40a1fd512ca6cb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2dece13c77a6973798900580b4414a1e35723222fc69218b27c7448107b2b3c12cc5a299ddcb3c35a36bc0c997271a31d2c1745a9a432c
+	C = ad724906e75fc9ddab54e5ac05624c8877d45106890d1c06e871bca74102747d267f7cf14ecd53c96b240b0832585f2d40a1fd512ca6cb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ea9e1dbb9de2523a5573715285be43c7987880a07c25cfd412bd7adfe048018c25e043c541c7a30038b60bac242295ac849da7eee8f1a954ded3588e5d98187b70a880656228d1f92cf952571500265be159c8e0814926a09c23f6d9217642a51be86bf3bc253e24b08406966aef96b8
+** GENERATE (SECOND CALL):
+	V = db5f2a435f06611543e4eb2cb9a396a6ad46832985763d9210390193d89e84ba4f9f8e8e2c90aecbc1f5210a401a706ff65a34a77b20fa
+	C = ad724906e75fc9ddab54e5ac05624c8877d45106890d1c06e871bca74102747d267f7cf14ecd53c96b240b0832585f2d40a1fd512ca6cb
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 34e5393e36882c17094bbb27f289d250f6ce454f669fcc57
+Nonce = 40a937b579b31fdf9519cb7a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 126e673aba79403f5549a389788cf8f2cb665f9723e90fda2de383d0b0db71f83392a4e479e2c5c391473a8c35e29d7ef572c9738574ca
+	C = 3a01c5aac6f87688dec2bbb9760f61f7369aada0f62429572b40f32441e1c57c49847216408a1b7705607a02a0f0a53ea8b05c7612547d
+	reseed counter = 1
+EntropyInputReseed = 520f7c23ec754fb54ef7a96fa241737353866e233655686e
+AdditionalInputReseed = 
+** RESEED:
+	V = 5bc7ecb739690a01add5ba7382a81accd2132ba0bf17ba7be421b5e590898497d915d5bc09def6c7b6959f7ab76aba30af51918822c003
+	C = 02819d13bb987d2ab46b9b890a3787cef2a1ed430214a89785352fc5099a5fa757ea215c4b415eee1fa60e63a74af6d1f7286b83a25611
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5e4989caf501872c624155fc8cdfa29bc4b518e3c12c63136956e65eaf04a303ef8bb67b1748de7e1e071294e6dd2a2028aa4d57fc9316
+	C = 02819d13bb987d2ab46b9b890a3787cef2a1ed430214a89785352fc5099a5fa757ea215c4b415eee1fa60e63a74af6d1f7286b83a25611
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 62b9a92b9bc5875914e56ae98fe205bc9e84de9baf2c520fee7f5530d8d61ce3e37811996407a077310df5dec7d258f8332bc02fbdfa19ee48f75e0554a1f3389ea2b139efb4aab91b88bc62c86c60ec9461a6367faf69a86fcbc60d3bb4a77b076ccfaceb09d7c5738476d486b04152
+** GENERATE (SECOND CALL):
+	V = 60cb26deb09a045716acf18597172a6ab7570626c3410baaee8c16ad8c7fbd85c9478e1221a8ee9340ebb6661c7a0054e6f49e546bbd8d
+	C = 02819d13bb987d2ab46b9b890a3787cef2a1ed430214a89785352fc5099a5fa757ea215c4b415eee1fa60e63a74af6d1f7286b83a25611
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 32f925a893c393c38897edafa033ddfa1594dd9f0bd6ade4
+Nonce = 356bb5433205ea8c09782c8c
+PersonalizationString = 
+** INSTANTIATE:
+	V = b4c551406dcaf772d66f421bb2b2783c5801f6929d109a6703b9c5d3f3a694275125001c554458c1682284e2491e03d1306a7f1971645c
+	C = f4eeb57d74932e45e67cb0fcac1db5a4be53d7078147b48d03424ea6162e6b7e125fbcd7abbf1c991e48e9d319b5ab2eda042a8fdee7f5
+	reseed counter = 1
+EntropyInputReseed = 0dfd6631f203557c67d815fe2a02426adb7ac68532b1ed9c
+AdditionalInputReseed = 
+** RESEED:
+	V = fa42e96acdb18c94505257e8433fee6efcdb37052664f2e0940270a0fd2631f2044ac66a73d7455854e5f2b17deae6179d10941856dc3b
+	C = 08fc613700f9b431933310b55b9ba3be42ce2cb0e124b02f5109ab2e5d8cf2b33d2013152a7684e44df2832e97f222556d8c9253d290b3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 033f4aa1ceab40c5e385689d9edb922d3fa963b60789a30fe50c1c884321570b621af37bac4b7470ed18120c8652612ea0f1882e2856ee
+	C = 08fc613700f9b431933310b55b9ba3be42ce2cb0e124b02f5109ab2e5d8cf2b33d2013152a7684e44df2832e97f222556d8c9253d290b3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 707c2602019f30cd7f05ae2c556176a57a9eb0b771e38c9ea5f313ed641fa87d1e548107a11563067b0f2e1217898a095fb97c7e8e2ceb2dca0d9ba811e598e99fa91dd45795b639e970fe9aa7284badd6d7e098dc8bff133a315c097949b9f6116f198da110eafbf3edaec306c3e0e3
+** GENERATE (SECOND CALL):
+	V = 0c3babd8cfa4f4f776b87952fa7735eb82779066e8ae533f3615c89bfcaca9105d51c0d0c200e9ffbca199ba7620d02407307a3a87f11f
+	C = 08fc613700f9b431933310b55b9ba3be42ce2cb0e124b02f5109ab2e5d8cf2b33d2013152a7684e44df2832e97f222556d8c9253d290b3
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = fce3063ec41d1f21add09ecdc335e9f35daea6886d24ea6d
+Nonce = 54e529fc710a456d42484c0e
+PersonalizationString = 
+** INSTANTIATE:
+	V = a0f69eb41db77b3fdc2e667324322c0c738b6c8176c7c4f97bb75b2e17abce4e32fb926e080e48a588454d2b04669634b94bab66cfea0c
+	C = d635e63211bdf855ee07ca9856955181813d4726e2e94ccbdb507cae3244f702d2036b60acc14d8521baa096b1bf6c0e24f9a54bcda4ca
+	reseed counter = 1
+EntropyInputReseed = 399367a2db3090bf5e3b969f22fc8e9792764caed8ec4beb
+AdditionalInputReseed = 
+** RESEED:
+	V = 65608741292110d9c4a54230de25eea85318d6083bd7d709d007213791adc97321a6e58c109e1f1685942c5fa0072546c7c7061fedef16
+	C = f6b0ceb088e43d95fe47bee3f72722e785bef4d3fb1f3da32cb817a3d6c12ff7291cf95ce2b9f723123e30ba1452485360270c3f98ed7e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5c1155f1b2054e6fc2ed0114d54d118fd8d7cadc36f714acfcbf395f1c5daa2bdfff0a406f252c3b5942b11a65e7824f91f437995657c2
+	C = f6b0ceb088e43d95fe47bee3f72722e785bef4d3fb1f3da32cb817a3d6c12ff7291cf95ce2b9f723123e30ba1452485360270c3f98ed7e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fc41d44c54da60315fd0c83e3bea9be9fb49a7522c1a6587976234ec622548d6047f86f36f34cc753e2f843531a25a84c113b5880c6d33f4c05eb82057399c575e4724d75a6e4fd102ed23908f5facfc0a76d37cb54c37aec06818dfd6134dd10fff7cf139f2c46d4e6be46fa0442b66
+** GENERATE (SECOND CALL):
+	V = 52c224a23ae98c05c134bff8cc7434775e96bfb0321652502977511dac35029644ee259693e5960a3eb10c190ee01b9ed793084a515e01
+	C = f6b0ceb088e43d95fe47bee3f72722e785bef4d3fb1f3da32cb817a3d6c12ff7291cf95ce2b9f723123e30ba1452485360270c3f98ed7e
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = fa2b5d7344227d375163d6a64315694ae725f9eaa7a6b964
+Nonce = 1153711fbd20064edeb1688e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0e9ef2a1d50edac7741a86fe1268a4a7dacac73e787c09e322a9222dab924865e5fc1372ae5e688759d59d4725a936931b752b4964d95c
+	C = 3c10363f95728115fb62115351cd0ef1e7116bd8f5ebca8f74fe8d9b05f3077f9094a476cfa6b52ea2147553df97ec74763018cc329015
+	reseed counter = 1
+EntropyInputReseed = 7b29fe190bd45c14e6e0415e4760ae1d5bcb97d27b78c7b8
+AdditionalInputReseed = 
+** RESEED:
+	V = d4c625f488e9eb6cb08deba2ccf5f0d301806aef9133f3983f5fa53c6d5593411853277eea2186cf7393bdf1d55ddb51151b945585bdce
+	C = 361fcc04b7cb683e9023e2713d05e249ee5c24355614743d9c1c2e3888a70299a4a3b254a1d382c1d2c5fe948327c6a932e63f8849aca9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0ae5f1f940b553ab40b1ce1409fbd31cefdc8f24e74867d5db7bd43a851ce338f920f768e78ba6da62c6a23fcf05e9c4b063b1e3b342bf
+	C = 361fcc04b7cb683e9023e2713d05e249ee5c24355614743d9c1c2e3888a70299a4a3b254a1d382c1d2c5fe948327c6a932e63f8849aca9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fc336d6464d823c23b88802b36cf38c7f872ea73311b2d75ac1aea3fc1d3c1cf57ef2eff424563ac88e55994923dc0ed6ce6509ba7e16e4c7d1b7aa7d396fcb29d7eb64162648c162010c9fc833243ae33fd1957fa324d70b1185a3252d656250f4dea369139dcf74bf88ae5608d6003
+** GENERATE (SECOND CALL):
+	V = 4105bdfdf880bbe9d0d5b0854701b566de38b35a3d5cdc13779803710223b4075b137679b0492837721e4c8b3f6d920b6aa38fbeaabb5f
+	C = 361fcc04b7cb683e9023e2713d05e249ee5c24355614743d9c1c2e3888a70299a4a3b254a1d382c1d2c5fe948327c6a932e63f8849aca9
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = e443e50dcf848e1cd5988dfb5ac14acfac0a1350570c3a81
+Nonce = 873566ec7aeabb6e2ebd6e22
+PersonalizationString = 
+** INSTANTIATE:
+	V = 074d6c842fdca9728961a75d9889f24ebc2150dbf8452d18418e1e0b2b5009c363bc5000d70c3a31dd7f04b9d7e78a47bad1a1669ec247
+	C = 707fdea05333a37367ebc941e05f25626338b60de763f755a270de25d5cfd9f3313297ef2bf7c4a5b83dae90f7c0854dba2e1c458221e9
+	reseed counter = 1
+EntropyInputReseed = 6433cd4afd2f0efef269bb99d884445d05d2a355c1ab2274
+AdditionalInputReseed = 
+** RESEED:
+	V = 1771bfed55dab82490de4ba3ba9502b2705d9e0e331e56faf5a6d5612a137aa22878b3732d02f921bcb7e8a0f5f7e01612dcfadd73a5eb
+	C = 452ed4998302aebce9a961c91f9238a7f3b214a62e9e9f38f9957649090aa6b86ce54f3d10dfafcdd0984537261854d2b4f238367b6136
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5ca09486d8dd66e17a87ad6cda273b5a640fb2b461bcf633ef3c4bed6a47abdfb441284096573c69ace467ea99465d729bde4d97a3ee89
+	C = 452ed4998302aebce9a961c91f9238a7f3b214a62e9e9f38f9957649090aa6b86ce54f3d10dfafcdd0984537261854d2b4f238367b6136
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 315349774ee632596ea68d041c45ed9ea134e31074af401314c0dfe39720e5721a073d8a502b93bd66ec1d84bb586965f1523e25b0f996ef8293d62448997004f39ca4b37a5fc907915b75f613735cac46eb0164ee7273602cb208a7bc6c78d8ce60dadafd5406faeb07e037cf010ccb
+** GENERATE (SECOND CALL):
+	V = a1cf69205be0159e64310f35f9b9740257c1c75a905b956ce8d1c2c6d02b94bec090446eb4b44e6946e1a79709339fd0a6321b9029a0e5
+	C = 452ed4998302aebce9a961c91f9238a7f3b214a62e9e9f38f9957649090aa6b86ce54f3d10dfafcdd0984537261854d2b4f238367b6136
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 657d5c3024e143223b44bd36fca677795285c0e20488ecad
+Nonce = cee95274a23f7fe0f45e5b6f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 45762697992ff072633541fbd6b60fe4831851843913c744fa9ce90f13ed1ca65c613936dd05b96052b2bfad306be9ba8669f26036c21d
+	C = 6669e6e7a0b5ce42b4b7aa1af3d54b4382e6026b0b466920d83393c3e91cb3fa09d36d17718544bf103667708816100517e8da5549a0c7
+	reseed counter = 1
+EntropyInputReseed = 3776f206da67ea4eb94a97f7b1ad6382a1fa99b473eaa0a6
+AdditionalInputReseed = 15a492ea6f796290734c957935aa36d3de191063811f2322
+** RESEED:
+	V = e0961f55cb46b551df463a7a0af97bc54acf8f84e471d721973702bbdf358559fde8949844797097d31bd9d8b16d5e2c72aeb742b94df2
+	C = 7c1eba3de6fbb196659ab1dee5d4ef3bc949956f3ffe7148432488ee97962e04d922232c0066dfc15a2d965f7c2133fa7d9b098cf82e36
+	reseed counter = 1
+AdditionalInput = e4a4742011ab52133fc79235809741c986e0af7686008424
+** GENERATE (FIRST CALL):
+	V = 5cb4d993b24266e844e0ec58f0ce6b01141924f424704869da5b8c0b95ae86356c265f2fc095d9cebce78738ebc6f031315baa6ea56955
+	C = 7c1eba3de6fbb196659ab1dee5d4ef3bc949956f3ffe7148432488ee97962e04d922232c0066dfc15a2d965f7c2133fa7d9b098cf82e36
+	reseed counter = 2
+AdditionalInput = 5b45882dcefb0823e2dfa022c6796496aea111cef3d27c3b
+ReturnedBits = 05f8e14af8518b939515f625d8e3b013f337184c45984017b895cc4722746aa6ced845dbf7442ee3de495077159e1a08901be78a610bc34b24bb7db4bfa448d0e2e7ea65975d9be26158bfde6a98966e8a0e2ef1cee8298ad233db9f783811c7552f49835104d7fe6fbfebd02af48082
+** GENERATE (SECOND CALL):
+	V = d8d393d1993e187eaa7b9e37d6a35a3cdd62ba63646eb9b21d801630f3d101499248d8be6e486bed6403a124bb19ff8e458e78792a5b75
+	C = 7c1eba3de6fbb196659ab1dee5d4ef3bc949956f3ffe7148432488ee97962e04d922232c0066dfc15a2d965f7c2133fa7d9b098cf82e36
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 6f820f69c85b8503212bb75be96db2b90d91027e5aa054d1
+Nonce = eb0c11b0d09e9ede0ca8b470
+PersonalizationString = 
+** INSTANTIATE:
+	V = a47be081abfaf44b6f3b4f0591d3bcb22b13c01cfeaaa8d361ca7e1f3560908700546fc7cc1220bfa90349b2088462731eb7f9cc19645e
+	C = 524c3ee73d723a4bccf7fcd95044fe93043bd0b0107664c704676899c9ca638b7086005267212238b9b80ca6b0b6e6d194ab7b4ff7890d
+	reseed counter = 1
+EntropyInputReseed = 60ee1addc0a2cbdb62defe7c1d482b5f5f74a42cf7982d31
+AdditionalInputReseed = 78483611023a22fda827189e1f66a9629e087928930711f5
+** RESEED:
+	V = 890f990c4c09125abf11a8a7e5dfc60193d06ed551e8f098fdaafaf39181763e7ca043a42902f3dbc2e5181ad4a47f01aebbb928febe90
+	C = 5db75cffb651e58b017a9caa755c605a163a3cc727f9a21cc1ebdcadb47e52d9ec5c068dca8d51042acaffd235f8593d843eb402c3bb5b
+	reseed counter = 1
+AdditionalInput = f0f9c009c5efa9cd653aed74e55c01857edd266d2b69fa16
+** GENERATE (FIRST CALL):
+	V = e6c6f60c025af7e5c08c45525b3c265baa0aab9c79e292b5bf96d9227b299b228aa063e70916eb16cd79fd40bc06f533fb064cb3fcdadd
+	C = 5db75cffb651e58b017a9caa755c605a163a3cc727f9a21cc1ebdcadb47e52d9ec5c068dca8d51042acaffd235f8593d843eb402c3bb5b
+	reseed counter = 2
+AdditionalInput = f79ef0ac2693167f4a9436e371645010dd7d41f4cfd80362
+ReturnedBits = 1494fdc18e7365354cc67dc081df49819d6e40450ff86eecb15c8754f1c9a0dce67728909f3816b26a315a969e28b5154755f71a1c2767d19cfeff1d30765064d74833f45a191655e190379e2c54aa1a4813b848207a8de45ae3ca79eb6d5b53c1c55c93d10736dabfce536c358cb7ca
+** GENERATE (SECOND CALL):
+	V = 447e530bb8acdd70c206e1fcd09886b5c044e863a1dc34d28182b68d9287078ed9b9e156660eab1a9e45ea16815fef5c70ca14fa12fb13
+	C = 5db75cffb651e58b017a9caa755c605a163a3cc727f9a21cc1ebdcadb47e52d9ec5c068dca8d51042acaffd235f8593d843eb402c3bb5b
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = d31d1c861025c17d34d83ab7afbad89711157a11ccb74976
+Nonce = d02eb488afca5cfe6eb66362
+PersonalizationString = 
+** INSTANTIATE:
+	V = afbb3768884551e4c069d7dd70b5dea46e8935f8817a3d1ebb4b77838d86b7b59e1ab34d3dd097bca18543e0ba41c9f334fd9a0d023567
+	C = 6ca67fdf6d1f3ad5b0ac184355ac915523b43dbf74a006ad3bbadaeaf5df19b40076e7828f06650dd1f2fe54308a52d59ceb116f05a117
+	reseed counter = 1
+EntropyInputReseed = 59bda27b0b30912ce01ef7a15b1d7498f8ee46892ed3a3ad
+AdditionalInputReseed = 5d74439a073d943243ea5b59eba3653798e7b36bc1a3425c
+** RESEED:
+	V = 3885d666f7995f80eeb79d1adf986d8f0463f4be678dc6e2cbfb72dc5bbd16fb3d604ce7446b7052c82414fa9a14fbed1743be31945b77
+	C = 1528c806e6566ca3c6c6cd5404352c60e82adf6e1cc12c17d413f355cdf7fd963cb84c1f22b600cfbd2720be7d26dc8461c0394ffd40aa
+	reseed counter = 1
+AdditionalInput = 8f3810ef90351a23b0cda02e7a6a58281ef05a21bcb330ca
+** GENERATE (FIRST CALL):
+	V = 4dae9e6dddefcc24b57e6a6ee3cd99efec8ed42c844ef2faa00f664af6ce0bc66ad5014ec8a462bd7e23d4eeecfcd06ff5e2231c402d53
+	C = 1528c806e6566ca3c6c6cd5404352c60e82adf6e1cc12c17d413f355cdf7fd963cb84c1f22b600cfbd2720be7d26dc8461c0394ffd40aa
+	reseed counter = 2
+AdditionalInput = 5a8c3569b155cd93f06715f88082a130681bdf57db0e6723
+ReturnedBits = 89ba7e16705823a063d860292b99976801e26bba8c26d8d5f893a48727e0be5b3f8e960f2ebf474eaeb6b15ceb4197fb1a940ade6144396e24d2f390aa0430a693dc6d59a61a9a0b12a77aea51de6450af40619ac317a590377bdc61059750fe3cf0a543a6c01edfeffac27018415a41
+** GENERATE (SECOND CALL):
+	V = 62d76674c44638c87c4537c2e802c650d4b9b39aa1101f1274235a8adb4f62b21aceeb8d7946a5f9044348c2fb9f2b96eff2ccefb61051
+	C = 1528c806e6566ca3c6c6cd5404352c60e82adf6e1cc12c17d413f355cdf7fd963cb84c1f22b600cfbd2720be7d26dc8461c0394ffd40aa
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = c251da2d60f2b5d5747ca39e08b10e19b3b8a968d625224b
+Nonce = 8691a4e0747aadfed51471df
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7a869dda2c83b743322981449971f54fba6e3a087f9b8eea130e304bf0109a9cd216e7e2248938e485c2d0d08bfe306b9e2fd4af7581e7
+	C = 0a7b0ee55e18aad7397236b489bb8390349cc4fe2b7833d68f1258a51d85a28f486566c12b88c5ba7f8b33e8a667663cab6b755e68b5ef
+	reseed counter = 1
+EntropyInputReseed = fbab01c53d86d9418efd98b68b10bde87aaf1e1f66299128
+AdditionalInputReseed = 3fbb8df9d16ec08f3df6a391aa29ea4b34c62d36b94232f5
+** RESEED:
+	V = 06b3fac9703444424a7e452c53f84df8590e4a3af5063272123438683b922ce99ca59fc13738cabae342d3c2e9ba011788d9201b6bf412
+	C = 69c252b22bc77123c6e879371fd586773092b27f84a167dd10470b9a35c92a31f69a2258d3e544be29fa534094388b3b4646df2a2bfa88
+	reseed counter = 1
+AdditionalInput = 5d691cb61641f3d2b02d572f697d1d7cf68ab92cd0ad0b68
+** GENERATE (FIRST CALL):
+	V = 70764d7b9bfbb5661166be6373cdd46f89a0fcba79a79a4f227b450a750b001a9ec09164198549af067c2fc7f2ad023be4710318f59003
+	C = 69c252b22bc77123c6e879371fd586773092b27f84a167dd10470b9a35c92a31f69a2258d3e544be29fa534094388b3b4646df2a2bfa88
+	reseed counter = 2
+AdditionalInput = 3d61543bd67cdec01c74df0fdbcd65856d4a45fb07bb020a
+ReturnedBits = 0d1ddc9dac90b63f603b97762e9f7554b504d9718a89c9d8f179a7c11dfe53e533f7071325f2c7a7ab4c84ddd327702065da5b9b7edd73e7d723cec8ad53da55cf4d99c44bec678d36291961d76adc63d68c17b71f0781b05fef97074106ef78c9d6890c3c35df2b2ec22050460da76d
+** GENERATE (SECOND CALL):
+	V = da38a02dc7c32689d84f379a93a35ae6ba33af39fe49022c32c250ffc41cbc68cdcd4b255c74b37d0364faf2bd651a463aba4768764b5f
+	C = 69c252b22bc77123c6e879371fd586773092b27f84a167dd10470b9a35c92a31f69a2258d3e544be29fa534094388b3b4646df2a2bfa88
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = df8641153be92f1ac8fc07bbbafaee5f400c65a6ff07bd72
+Nonce = 277a8bec193d1f7c149fdb65
+PersonalizationString = 
+** INSTANTIATE:
+	V = 319724776b0c090f1cdac829d7dd3e4ddee85bf6ef5cd1454bf735523e13e833c4b64f8dbf07aae4eea7a8eebf40ca7f626d1e09e127e8
+	C = 9ae774d864aa7ad5fece886394faf5d53a4466eb451bc4500a5edc13cf44857158e649aa81464f0b299c52b96ce6dda0cfcdf5e2068717
+	reseed counter = 1
+EntropyInputReseed = a7f0ede9bc677f85d78d4f823539e2a0b4d4e0f039db96d3
+AdditionalInputReseed = 5c1ab245b7e53e825586258ecc18055494d1aa3b669f225b
+** RESEED:
+	V = 061505c67124d0325c1a4d078e4cbb6c4afdf930ed363b0751ad3d4653ccf7b0dfbcd9738d71578e241691ba0623ab9da7e48b47daee7d
+	C = 0b1b09c800f5cec2f3e092bc8d1d24e867b5b0367dc690d86937b564de733c616994bfd7295a7d3733db8f271e86b8725d22e281d6c922
+	reseed counter = 1
+AdditionalInput = a8c5ab3e6291aa458aee72d4c845cdbb54a6be5a140f87a8
+** GENERATE (FIRST CALL):
+	V = 11300f8e721a9ef54ffadfc41b69e054b2b3a9676afccbdfbae4f394fbb9883d5212fc16217ba62e8d49d78a50551a6c68a87b2729536a
+	C = 0b1b09c800f5cec2f3e092bc8d1d24e867b5b0367dc690d86937b564de733c616994bfd7295a7d3733db8f271e86b8725d22e281d6c922
+	reseed counter = 2
+AdditionalInput = 4fc0aa10b91372bce41bdf0ea5b7bf8e7ee59b7153d8e827
+ReturnedBits = 0d33ae47144b118d9cdc5ce6c1076edd27af1e493c063ee54a07c939b6c565e5ed5af1fb65dc9f4c79d017c4231d14633deafefcfa8074d95182bcef9624fac8c1ef346f3f091a4d75e785487a3feeeadede3d0f97174fafbf7b1614de495d8302832ccbe9750ea5ecdd74e5a4a2f7f3
+** GENERATE (SECOND CALL):
+	V = 1c4b195673106db843db7280a887053d1a69599de8c35cb8241ca974edf0d282bb9c83c999dff46862f401344db46a796a18a4c4b9b2de
+	C = 0b1b09c800f5cec2f3e092bc8d1d24e867b5b0367dc690d86937b564de733c616994bfd7295a7d3733db8f271e86b8725d22e281d6c922
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 97ae77688724f0b1ca8bc89fd3d0dfc9f40644b2ff8a3c77
+Nonce = 01f493eac0126b562e813f9c
+PersonalizationString = 
+** INSTANTIATE:
+	V = ac5046562bee50f98f723659e277b9f7e8a82ceb877779cd4c02348e3fa28671b194d85f080a2f43c16bc9a68cac2290805e457b747cb4
+	C = 928c7423987a5ab8045fd0047b65fba9852d15365f9feed1bde65691eb815fdbf9d4673adfd2c604771698e727e9b710c288ff04ea9e51
+	reseed counter = 1
+EntropyInputReseed = c20f8bd571fca7bef2c3a5eed39be4b7bdc182042d70229a
+AdditionalInputReseed = ab17a029f264a256e08cf4281d28f450ba719e8e8a4f6b37
+** RESEED:
+	V = 158831fc71d42060030d1b4b136b2181313bd3105299495b16bf1520c69a4cde2794fbc22c7965a45e6796d4067f0805d4bacf3ed46905
+	C = a57e848152d5663b02b4ddc6a894ce5b6546e406e063dda5cef88b619a5fbc072523feb43e5e1af0b03f08977033ac8421e0a46a33a066
+	reseed counter = 1
+AdditionalInput = bdfcd1a25da34a414c0b3f0c0a154a875ad793cb834c0373
+** GENERATE (FIRST CALL):
+	V = bb06b67dc4a9869b05c1f911bbffefdc9682b71732fd2700e5b7a13c07c045c38195745be239f177da3ca817909dda64a15187dc183bbc
+	C = a57e848152d5663b02b4ddc6a894ce5b6546e406e063dda5cef88b619a5fbc072523feb43e5e1af0b03f08977033ac8421e0a46a33a066
+	reseed counter = 2
+AdditionalInput = 5b26db1fbe1745c607c37e36e8c57f18cba53acbce0324ea
+ReturnedBits = 6988cc09f66ba2a1a8c57083dfb82b029ec6a32c5e5abd0a40655aaed60c9e5510ad3d718dcf89dc96fc2d1605b0f80f3b79d8051ebe4041512ca518d1d3ff7d372865814fa63e4d117c4e8d21dd62419684382266ae12301c0b65dccfbb056b2707e582eb61552b7b1ab8c5b81dca87
+** GENERATE (SECOND CALL):
+	V = 60853aff177eecd60876d6d86494be37fbc99b1e136104a6b4b02dcd2abbe8876778db9b755b48d77a7769e5b5965462735de31ca91da6
+	C = a57e848152d5663b02b4ddc6a894ce5b6546e406e063dda5cef88b619a5fbc072523feb43e5e1af0b03f08977033ac8421e0a46a33a066
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = b2fc92f0c15db921b6b40cf7d2ef90bfaf4132d7b0e2df58
+Nonce = b12cd09d86d7db6d44aaef82
+PersonalizationString = 
+** INSTANTIATE:
+	V = a1f8ec42bc802dbe88627379190bb131877887eaddf82eea4b2ab55d88209e380103bd063e10a1cf28e00243988025a9c6724d2f42d573
+	C = 09ae8dcafd7d07acdb5ca1490d173e9e0e2c700aee11b45221781f50b20f241abf5a4f01b00e049cd9496e421309185a1ffd05b2f32a9c
+	reseed counter = 1
+EntropyInputReseed = 8226cf7046617168e2f086e86527bc52bc29a284346304bf
+AdditionalInputReseed = 2da70d227ac84784f3708ecbe233698e0bce6fc876b38449
+** RESEED:
+	V = 15d4b4cdddcf86f64bcb5f1af9b991da5b25f50a943695faa501e81d56a887cc87e26f5bde35dbffeb41eaade2bda5e79584a2d2651f22
+	C = f6ce25795a28c200034728222d8e4096e2bd8b23a901db56f4482c0a4db2c120e49a205f42ef84f9e11591c175258ab4519f945b0b847f
+	reseed counter = 1
+AdditionalInput = e3c42b50e8a42219fbe6de60eba00b0e8078ee7e4f11390a
+** GENERATE (FIRST CALL):
+	V = 0ca2da4737f848f64f12873d2747d2713de3802e3d387151994a146f7c61c299fa1a0b29cbeb3816d1b54a4086dd0da56bb8b968dcaf95
+	C = f6ce25795a28c200034728222d8e4096e2bd8b23a901db56f4482c0a4db2c120e49a205f42ef84f9e11591c175258ab4519f945b0b847f
+	reseed counter = 2
+AdditionalInput = 611e389f34af997e6c8d14a2ab497fab3feb66bff2df671e
+ReturnedBits = fd2ca0d11c9f3082313ff26ec3641ab50f31e9099dfe2c5348c7dbbe6cd4911b0d5ff3d21498dcdc1820f8c5a81acec28be95ef89aa87d15199938829ecdf075a4cb59e24cd9d70a5df65f3590b6f6aede983e59e4a24acca5e418c240d4f5b069c6f9a2fbed7cfc626c7cfec20fd20b
+** GENERATE (SECOND CALL):
+	V = 0370ffc092210af65259af5f54d6130820a10b51e63a4ca88d92424fdeae5186fb43951ba2d5e715a544331b8188dceb61caf91d1f7e25
+	C = f6ce25795a28c200034728222d8e4096e2bd8b23a901db56f4482c0a4db2c120e49a205f42ef84f9e11591c175258ab4519f945b0b847f
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 1441936e51a7b9ac18c784d48140b8ed6f9fe8e5a810d2e7
+Nonce = 281c1243e06912c1a19b20b9
+PersonalizationString = 
+** INSTANTIATE:
+	V = e5141f4887a51a45c64ddfbe157fd30b5f4a4226e123422cf11869bffb38205fd6bc00f70e8effeffb83f18ac0e86c1d4adb981d9db98a
+	C = 33c74ce1a8a8f68378ce2a47814a0acf84e2d986ac9c1c579751736bf0a53f28eb4202621351b461c084b4f489be3ca41814e0f6dd054d
+	reseed counter = 1
+EntropyInputReseed = b2d909aabc518f59ed6cb99fe65aa49c3fa783e684668b81
+AdditionalInputReseed = 711d9101dd66e4806884e68652c90d9fadeca2139236d6b3
+** RESEED:
+	V = ce505696f75b6409d5258cea36c221008f5bb5ef8098ccc718863b181fdbae1ae00f0bbc00deb63a270a68008e445a03380387c6118a55
+	C = 0a48b0eb8417b36d069334e5f87cfbfe50faf00a248940ba49f743ab0bf2dd26bc3bc8c85119c8073fa0f1e2e927116d876db8ea881577
+	reseed counter = 1
+AdditionalInput = f1b44a5d5c55a0e48c7c6648177064a520a531a32ac12ad4
+** GENERATE (FIRST CALL):
+	V = d89907827b731776dbb8c1d02f3f1cfee056a5f9a5220d81627d7fe49a2d7eb3c367fec9095b2b5dcdf8c86228f91c350c1100c60d6dca
+	C = 0a48b0eb8417b36d069334e5f87cfbfe50faf00a248940ba49f743ab0bf2dd26bc3bc8c85119c8073fa0f1e2e927116d876db8ea881577
+	reseed counter = 2
+AdditionalInput = 853c9835a7c9a7bf85273b6167f49c9e2b5c3a116e531efa
+ReturnedBits = 17b2b298a39bfbcf44535ad7e9735478b571a9b614584ac4eaacd1532df0ca142b5389a1132e20e8fb50037c47b236e315147d116262355b005f243d079b81602825e06e6e87c960be15ce28fefef1766f1d3d213b4ec2205436f7e970670038740e01b1a8a3a49dbf5d8cc2c319342f
+** GENERATE (SECOND CALL):
+	V = e2e1b86dff8acae3e24bf6b627bc18fd31519603c9ab4e3bac74c44f0b301c354841d91e56b9283dbd6611368f95b69612c5a9285ff25a
+	C = 0a48b0eb8417b36d069334e5f87cfbfe50faf00a248940ba49f743ab0bf2dd26bc3bc8c85119c8073fa0f1e2e927116d876db8ea881577
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = e772f641e969d48e539b9405490a05f15ccb234046b01a42
+Nonce = 3d2728c803e78fd099f7fb5c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7ee3c6af1354013e0d553d46fb657857d56993da5c8ea227f7888e69b396745ceb0fde5d15d08f668bb464cb6190a6184034a3889413cf
+	C = 8bc9b5812f783d8046fde5e7b41ba57ceec2501a9ee4cf001e59830c7eadd6a955e162f4d1bb90662062edabef9ddc6d6a603e98ed592a
+	reseed counter = 1
+EntropyInputReseed = 7700d73e963d9bd53c6feb8ce3889be6416810e9a14dea69
+AdditionalInputReseed = 4530845aa616756f3e0e9fc5a5286ae40caca0c86e31477f
+** RESEED:
+	V = 340804d658a8a584a938be21f63336f4f0faf251011fb62032d0cbc4191160f5bca858ccf9d5ae1fc1fb9a1035814441b640e05066dc6c
+	C = 5458431d554ee43173016eb0cabc7b7adb45eefb3db770d2a7215442a145db47c1101e9c42fced2aab8cfd786926daa4cb63e515e4187c
+	reseed counter = 1
+AdditionalInput = e2681ae0a5adbb139d1115da247d4fa1fb8fb6ca243dc5ec
+** GENERATE (FIRST CALL):
+	V = 886047f3adf789b61c3a2cd2c0efb26fcc40e14c3ed726f2d9f22119fbc3d2e145dd620ed8b397f613b2cde685c9693f3100f7d5685079
+	C = 5458431d554ee43173016eb0cabc7b7adb45eefb3db770d2a7215442a145db47c1101e9c42fced2aab8cfd786926daa4cb63e515e4187c
+	reseed counter = 2
+AdditionalInput = 7ca473017b8c7cac8aaeaa79698f96dcd9c8f772aaff522c
+ReturnedBits = e06b56b1ab4f974551b2087c7ad4fe5d8bc9ab10b121fb2f9e130a9c9043c6989792218041b5fa8eb2a28fae27118d203f659b5dff2fc1411a79fe9b87168bed34323cb806504e51fb67a5f60afc5978e6511785c3645438defbc0c1d79aeec3170a47c4e6c97307579a8d2958a05b4d
+** GENERATE (SECOND CALL):
+	V = dcb88b1103466de78f3b9b838bac2deaa786d0477c8e97c581137669309a2a89c7fc20fd1cd7e5b790689a25b529c3cfda55822e3be776
+	C = 5458431d554ee43173016eb0cabc7b7adb45eefb3db770d2a7215442a145db47c1101e9c42fced2aab8cfd786926daa4cb63e515e4187c
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 355b934ace4cb459c4b64bbb9e32474cce7e9f3c182547fb
+Nonce = 995bc81ef6627bfab6f57d05
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4e1420fe55f91ece37239c6f405bdf1af92dcc9b6390b7e15683a1246628175258d60b6bd236f2b2d70c39060052c2bef1d3a2b07d52cf
+	C = 0420cbd9c2be43888039cc82e392b48b6dd100f18737d0850b50c9065bc1a99d8dbd5b18f491642735bf648d916a26704395b7de78b4c3
+	reseed counter = 1
+EntropyInputReseed = fd10d8661732ae32cf58b1c97f512836049e8fc8864ffe61
+AdditionalInputReseed = debc3cc097e45ad3fec1397f4a3061d9ea5babe1378b2365
+** RESEED:
+	V = e364c7f37fcb55b433e919095344c485a7cfda070de2cb0d90bbe48585a5e46b63be49faebbaa2f25f28885a3479644b99ac10b3c1a884
+	C = c9529310a2195d55e0bf18d1b70ada1fa4f9213b52d30f2ec156c1d45bd531f052bb7c088effec7cd1e78eaefdcee0abdd26cd41c6df60
+	reseed counter = 1
+AdditionalInput = 90ab8870fa25369bc4865d6e69fafa81cc52cbbeafdd3305
+** GENERATE (FIRST CALL):
+	V = acb75b0421e4b30a14a831db0a4f9ea54cc8fb4260b5da3c5212a75edd54fe27fd6a691b9d56a4afbd7c88f9a1099d3f8d1027e2121a56
+	C = c9529310a2195d55e0bf18d1b70ada1fa4f9213b52d30f2ec156c1d45bd531f052bb7c088effec7cd1e78eaefdcee0abdd26cd41c6df60
+	reseed counter = 2
+AdditionalInput = c52e3faf9a2858f4f22255c0453641e14d198c7f2616541d
+ReturnedBits = 37cabee18ba579ebb4476f4a19261d6a98b9a4f7bebc08cf8222bf4b31fe497027cdd69a1e206f4543cd46da8fe62efd56c62af32ba980299fc3617d3f34b73ed59d8c9b8b4ee6e92cad0f90a50acbd6278a8e80c0f24062d38cd33778ef89b1d34b4aaf9e6b99f574c0fe78b61dd5f4
+** GENERATE (SECOND CALL):
+	V = 7609ee14c3fe105ff5674aacc15a78c4f1c21c7db388e96b13696986568be7580e9f7239434d6020e4dcd2eca466ba859c024cb07c3038
+	C = c9529310a2195d55e0bf18d1b70ada1fa4f9213b52d30f2ec156c1d45bd531f052bb7c088effec7cd1e78eaefdcee0abdd26cd41c6df60
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3625e6e80239e00f90ebc07036c06c67559324a33cd725aa
+Nonce = d97a8f4ef1ad3567d407cf76
+PersonalizationString = 
+** INSTANTIATE:
+	V = e074c11b71e9616898d875de6ecf6c5d779ccde86951f9034cbeef54f3e684b9ea85ad8c7ef477dd7f1c594d9e6007c832ddbdc28a31f1
+	C = 1739472528b82f2bc614028494f43e817e79650e356879d0fc2195707be6dc42539ed079ded88e4dd28cd871a3c385bfea0b9a5cadfd88
+	reseed counter = 1
+EntropyInputReseed = c41806b28df9b0cf2ed79f5c29d7f6caa9017ce28ca8c4d0
+AdditionalInputReseed = 96239c7cdcae6dd3caeec7d5700d51a41148552b6c7cd995
+** RESEED:
+	V = cb3503f8b3e8b702744498dc89365057bc40d395f9261850dfb5c1c2920f86ef877679fa7748d27a4a8d5d93b7376c4ed4324d1951c67a
+	C = 55589f86d8b2abc61506c56637d526fd8862270d31c6d2b7ddf2e4c87dd600d00f378648bd8d9ac88f22d5d6d2260c7055f1b75a882c8e
+	reseed counter = 1
+AdditionalInput = 6d22ec039d0d1587ea3dd824557fdc2b1d6df873986b7ec9
+** GENERATE (FIRST CALL):
+	V = 208da37f8c9b62c8894b5e42c10b775544a2faa32aeceb08bda8a70a29651e7047259ec38dc4c8009c9e42c83041b069ff4f5686052a2e
+	C = 55589f86d8b2abc61506c56637d526fd8862270d31c6d2b7ddf2e4c87dd600d00f378648bd8d9ac88f22d5d6d2260c7055f1b75a882c8e
+	reseed counter = 2
+AdditionalInput = 0e00eb97ac8a962088daae11ae055252d46b6bb2b438cc46
+ReturnedBits = 8472e0c91db07c55d549fde895f0128e048ef2783051fe57d9927b5a87f494943b3e99fd7f9a4a7395948cb1fd8491b309b326382b9e8893999fdfab35792b19a6fa903b052f1127cf2a35072c881a334af522332bf5bfee659ae37300de98d37e7f97ae96c4841ac9421b7f7e7048b0
+** GENERATE (SECOND CALL):
+	V = 75e64306654e0e8e9e5223a8f8e09e52cd0521b05cb3bdc09b9b8d6fa646d12d4f6220158a25ccf4c91cf8ae9074a38bf4b1d08bd5ec46
+	C = 55589f86d8b2abc61506c56637d526fd8862270d31c6d2b7ddf2e4c87dd600d00f378648bd8d9ac88f22d5d6d2260c7055f1b75a882c8e
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = b7b5e782690e66c43128f2337d803d9445371f4a4a8af298
+Nonce = a45e525bd91ee533f623af7b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 51a060545101f168e44fb13d61490dee1d60b759022b633b83015fa9338721896f531e5af19c6f2f1f6fb79f32135b597f6418e5a9f7ba
+	C = 53f29c9f7c05b4a4ed89f3d67be0b3327297d86c2d829c3700ababc48e14bfb048126ec17294fbbbea681c6d85bfb9ad93818c5044cede
+	reseed counter = 1
+EntropyInputReseed = b0b0805777df43116c5f62644c4c26ac04ce4823b333f5bc
+AdditionalInputReseed = 22bc95a74c978d432f33e28c3785aa1887bc8c8d2541a2da
+** RESEED:
+	V = 52a0dd89fadc17062ad4a5ff71aea08133350a921a2791d3531a9350c592391c6234b6deff2f5e6096a5e79fc4f677b4a5d617c4098323
+	C = 2116cfcff9710520c4730676d6ae221bdc0a6596ced2cb510a287842c89ed07b4d6a86521a656f0e5d2d6f416d6b552739a4bf9f4a46a2
+	reseed counter = 1
+AdditionalInput = e3d2a5cf4bdb49b4564b54aab6a385c67d1120a561ad0910
+** GENERATE (FIRST CALL):
+	V = 73b7ad59f44d1c26ef47ac76485cc29d0f3f7028e8fa5d245d430c8e513369dc41157fae60730b8e834ed50e614ef75f16d312dfc9ec64
+	C = 2116cfcff9710520c4730676d6ae221bdc0a6596ced2cb510a287842c89ed07b4d6a86521a656f0e5d2d6f416d6b552739a4bf9f4a46a2
+	reseed counter = 2
+AdditionalInput = a1d05cde97106226d3f40bb6f18d2281ee141522e2c4e0db
+ReturnedBits = 9dffaecc8dd42ab719be78f026e408ac6202c98df801b62e0e17478d9ef85427cd6ba1a3c73322746f91ac11a7061e27ef281fec53581b3d8b89673210adf71ee1b26e740866e09971dd917cc22377645767d6db584e6bf880907303677e205e421d34650f88395032b550558e5e9894
+** GENERATE (SECOND CALL):
+	V = 94ce7d29edbe2147b3bab2ed1f0ae4b8eb49d5bfb7cd2875676b85536f12ac25f5c8220a35da1ff16b06b6e2575050975e2af44a4e0fab
+	C = 2116cfcff9710520c4730676d6ae221bdc0a6596ced2cb510a287842c89ed07b4d6a86521a656f0e5d2d6f416d6b552739a4bf9f4a46a2
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 7b2d7346d34c5ca5d6b3613be91a0023ad6503adbe43b216
+Nonce = 5a0b849fc892b06b284cc476
+PersonalizationString = 
+** INSTANTIATE:
+	V = ee3a84babb75dcd86d644c99d084479408c4924c0f2d6faecd29429029920eba40628dcf405a63788be7cf1b0471e5d6065a5711bc4005
+	C = 06b6c38d481f30454779ee48e924181e878d8928ca20b9e060baa07947f1e40872291156839e1051da283c64d3981e6ac4b2716265a301
+	reseed counter = 1
+EntropyInputReseed = e0daf0ab4b586ef67e5752087c0356e2445a2f5aa5fdb846
+AdditionalInputReseed = cb1e06f13bba60d1fb9a9e775075dd38a8bfe705857f3e60
+** RESEED:
+	V = 69fef38b9ba9903366098595c008c116d937b9273161168fc3a84c3d592e0a78b10015b8b899a861acee7f9ec8161c7bee68947057d6ba
+	C = 037abb219cc21711817955acd0317c6c81d1ac558998ad931eacb698cfc9db72fe7acdd0cd418448a3f03e2b53e55ae4a142fe51e94b12
+	reseed counter = 1
+AdditionalInput = a13f0d5690f697f525a83bba81facef2459d64600759a989
+** GENERATE (FIRST CALL):
+	V = 6d79aead386ba744e782db42903a3d835b09657cbaf9c422e25503ed6bfec5fcb3b39d23065010cded9003f80c861c152aae5a7fd6f989
+	C = 037abb219cc21711817955acd0317c6c81d1ac558998ad931eacb698cfc9db72fe7acdd0cd418448a3f03e2b53e55ae4a142fe51e94b12
+	reseed counter = 2
+AdditionalInput = a2651012970c758745269ee659efb6bc795de93ead39b4f0
+ReturnedBits = b68a77ffd1365d5d6bc458f263f93ac95fb317d983655a891f77fef6c72110077ea50ea0f9b6dd5a05ec596bbe54c3b5f0712cc96cb3090cc4f04f2f87fc13134d42c2cdb6da6a87a4798b543fb8b9cc2bdf01520a28454bb90c6b3cf6ac13e1963f154c62ae3d08ec0ca7928f21bc79
+** GENERATE (SECOND CALL):
+	V = 70f469ced52dbe5668fc30ef606bb9efdcdb11d2449271b60101bc4948977c8c23509c71e304de1a3f8b0137f56875954a31346563c2b4
+	C = 037abb219cc21711817955acd0317c6c81d1ac558998ad931eacb698cfc9db72fe7acdd0cd418448a3f03e2b53e55ae4a142fe51e94b12
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 9d30d0843b3f8b2ca15a60ce26312916df306ea8661c3fb8
+Nonce = 4c2d22ff5bbdd53f982be135
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7004ebf739dd32ff7acb4fc8b33f53b678780c987700b2e660a080b5207997d7ea1f88a4e2d71273db2fcd8d052ec36f7a6e3ad05b215d
+	C = 1d09b16349d40558d5fb1a8ddf90b7f76f1a69adb6da25fa7d801e8948beaf41c66d90bdb4088757ef63582770eeba0b1e73aed9195441
+	reseed counter = 1
+EntropyInputReseed = 0aadd3ed3844a3e6db5d3da5b590b4ecfaa8ab9fb8b9b4da
+AdditionalInputReseed = 948c2397cef227d8ffd5be195a2a06f8de767559b987c874
+** RESEED:
+	V = 2e5bdcf10054f5cc9dbdea457e1a2e07cc3a164767bc4be643289f981a204591f3a7a23e82d097d4470e282da475581f6ab75a165cec86
+	C = 0b12dafed13d81ec94249d5e54a7fb55a133a48986c83c2fc058121d3d4404fc45ba9c18bd9b694ed72c41732149e9547195a02d575568
+	reseed counter = 1
+AdditionalInput = ef20c5fa81c43931f223f2ace3c659dbae3fbbe4d1292f2a
+** GENERATE (FIRST CALL):
+	V = 396eb7efd19277b931e287a3d2c2295d6d6dbad0ee8488160380b2f40effc8ca5bd668588aa34c973a2d489be1251c8231876e954689b6
+	C = 0b12dafed13d81ec94249d5e54a7fb55a133a48986c83c2fc058121d3d4404fc45ba9c18bd9b694ed72c41732149e9547195a02d575568
+	reseed counter = 2
+AdditionalInput = de6db9682899672ff2c557bc0385cce369fec9e9d1249bc4
+ReturnedBits = 608ff594cdf3e8e056ce057e2c3a33672df58f474aafc0fcd3d7e81270d63938008fa7fabf87e871812aaaea9c3ba3acb75cb1f27485c40c78eb2a7f33b3701476506ccf4525b9754a6edd3c06440d0904ab73ae11d636dc0a80fa7e138861857a3f2e63a0abeb85aab83bc75abee4cb
+** GENERATE (SECOND CALL):
+	V = 448192eea2cff9a5c6072502276a24b30ea15f5a754cc445c3d8c5adf3c22a50d14aad1a737bdf92cf5b4b0cddbb932f1fce80e7aa68b7
+	C = 0b12dafed13d81ec94249d5e54a7fb55a133a48986c83c2fc058121d3d4404fc45ba9c18bd9b694ed72c41732149e9547195a02d575568
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = c9482b776577847619bdde25ffc90eb8431ec59d8e92ae83
+Nonce = b2461c12ee8cbfed5998aabd
+PersonalizationString = 
+** INSTANTIATE:
+	V = 94e1a6d8ce31b323038c3d036264a3e9763efe2ba2215f8550104a3beef85558f0f07168169ad75a90962cf6c62b9b894b9e509283377b
+	C = d008cb0a1fb84a8e1ed39dae475aca6825fc1faaf24bfac82453ff5cad2a07c877995e7fbd031aa8ea83786e4e7d5dff9740e5946a9ce9
+	reseed counter = 1
+EntropyInputReseed = 1f6e03f6db3e86229adcaad32aab04a0b56210b0c6e05f30
+AdditionalInputReseed = ecedadc9cdffb45c114e6e21e1ecfaf7c20741060bcfd972
+** RESEED:
+	V = 7d7cb7a79f22ce40edd2c00cf7d7cc1bd5b1c78ed3cb36faef9816af6b1e6bfd07e102417131081b9e5af5643197f01644473798407a5c
+	C = dc8bc7f276b01515475102b620ce78e8b0797a014afe9e7b7d733bc86a67a6c0ac44f23ced83db17765f81b765f4cd9409c0120f2e3875
+	reseed counter = 1
+AdditionalInput = ee0472df1c2722d06785e50c7a6b6c9c682d97acd0561719
+** GENERATE (FIRST CALL):
+	V = 5a087f9a15d2e3563523c2c318a64504862b41901ec9d5766d0b53951432fb42669c9d5f33fa3e1bfb218ea21796db973f0a2c1fde0857
+	C = dc8bc7f276b01515475102b620ce78e8b0797a014afe9e7b7d733bc86a67a6c0ac44f23ced83db17765f81b765f4cd9409c0120f2e3875
+	reseed counter = 2
+AdditionalInput = b29a5adaeec81040ea28537f9c1fc7cba2d5a5bdb81c0415
+ReturnedBits = 7190d35873ffe6bdb05031f37b0aa3b9837116281bea9c923bac2b3c3c3c022d17b9158f8a1dc1b7ce248f3e4be6c9c2e305ae7f4346ef0ba2c9937592db98f83b7f0078700086df36936962d548ab2528590035af65208d8ecda01d72e7dab73bc6d8617d99fa23b2d63992ad4cecbd
+** GENERATE (SECOND CALL):
+	V = 3694478c8c82f86b7c74c5793974bded36a4bb9169c873f1ea7e90e433cb283daf04bb0f7d5ebe226b77859807a3106e91c3d26d0efdb5
+	C = dc8bc7f276b01515475102b620ce78e8b0797a014afe9e7b7d733bc86a67a6c0ac44f23ced83db17765f81b765f4cd9409c0120f2e3875
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 2bc55d9d061fae9c4d7ba1d67a3c9b3b30ed28465737d54b
+Nonce = 8a59d8ab229af76551a3c520
+PersonalizationString = 41ffc5e336039a8e0c2f984dc66198106d06e757cfc2ae6d
+** INSTANTIATE:
+	V = 25d07c6fec166e9e623324892816dde8e873a1312b7787aa67aae9d26ce54f07a19f364af843c3119a0d7a0754fd558de3513de10c4c40
+	C = d587ed628f34f2b3269b75e52f23e56c9268b5f047a557fea5debf6e32f3072bf757db6d0af76f4d352b43b0b456dfc0a8f89c874e8cca
+	reseed counter = 1
+EntropyInputReseed = 26dbfa60142dc5e3d2a02e32291ffe111a6cfb9d97a687e5
+AdditionalInputReseed = 
+** RESEED:
+	V = 25c9681b627994560d2a20e453161a54c513eb35a4fb22bda00fd8f0d372c1036736c63f01a158a907bb0032684b415847f703a8e8f7d1
+	C = daa00749ab77d42d341c1c88ec012856fab678a840d2e6c81b991cd8c8fa92ccb74e5c1b310e2b615ee7d96fafe92c78f0198662076451
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 00696f650df1688341463d6d3f1742abbfca63dde5ce0985bba8f5ebab8f5a03ac4e04dc57098ce9a45f051e460c6c9b91a335fe834981
+	C = daa00749ab77d42d341c1c88ec012856fab678a840d2e6c81b991cd8c8fa92ccb74e5c1b310e2b615ee7d96fafe92c78f0198662076451
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f219f77770c27457df92e94496fea69f0eaac39f65bee77cfaa0a4d7bd8bf48845980fbc08d6d7be4347310b3955a3fdb488187545201d662b06e6ae45efa6721e35b0c2c26c7f75f62a67133bceb59577d1af79af177d4b1e815ff453d0fbd6a5614da3c24a91add73b9ed8387a6839
+** GENERATE (SECOND CALL):
+	V = db0976aeb9693cb0756259f62b186b02ba80dc8626a0f04dd7421313ef075da0f99950a5701359ca5b07c4ce6e1a208e7b065719eb8a61
+	C = daa00749ab77d42d341c1c88ec012856fab678a840d2e6c81b991cd8c8fa92ccb74e5c1b310e2b615ee7d96fafe92c78f0198662076451
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 25eaa84a5614b0f1f4a4b0766e2a056ee1dfbdb24bf757b2
+Nonce = 460ed5185d48701d76579076
+PersonalizationString = 8360398f0ee5d5bf20bcc8e177985d0da5762f72007eeb8c
+** INSTANTIATE:
+	V = 224faf2a9fcf969cc05920cd2a549b03f4db3713c992c920073597da470123a4f2247c6414f29ffb5b4fe531a0e0f611bb6fb7333cb1c7
+	C = 12d2c9ab8277406767905c4b93c549565115ca95747fd8f7e4e27c3a9a32807c5d9cfec2f93e16157209bebdaee421476e02e52dfdf49a
+	reseed counter = 1
+EntropyInputReseed = 9224a9472fb9e72bd39abd665f385c932d472aaaaad183b4
+AdditionalInputReseed = 
+** RESEED:
+	V = 1fd7f046df7d4df477baad615865d96a2fab9e76a9ef8e61b19f1d2a8373aa0aa84d539fc707049ec4a5917c28da195c178492b90865ed
+	C = 2d949ef782ad8f62edeb9b8e7166ca8fdf36ca0aa29018cddc61e307b7df6558ae12f725fde7b68d12ebf953f9cce9b5aab574a8e12fa1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4d6c8f3e622add5765a648efc9cca3fa0ee268814c7fa72f8e0100a59d408207b762d63ca819e6196d05026065139f4539d1a3eb953308
+	C = 2d949ef782ad8f62edeb9b8e7166ca8fdf36ca0aa29018cddc61e307b7df6558ae12f725fde7b68d12ebf953f9cce9b5aab574a8e12fa1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e9e8e57d2f3cfcb3bec5492e57537bb1aa8a65a06d991474062efb95af81179ab78a43023d1e46317e84addc4fd3d4799a72d2c7f48a82a7561c739cadbd986a6ac547d5cc522af30bd543a723dbd0b7a98509915df9133be0bc44e9082047592399bdd68bd97e43776badcc83d2ff0e
+** GENERATE (SECOND CALL):
+	V = 7b012e35e4d86cba5391e47e3b336e89ee19328bef0fbffd6a62e44a001221f00773cb9169f8607f117da292b74d9b1c78b05fb50c64ae
+	C = 2d949ef782ad8f62edeb9b8e7166ca8fdf36ca0aa29018cddc61e307b7df6558ae12f725fde7b68d12ebf953f9cce9b5aab574a8e12fa1
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 66d34534bf7ae44153e3b85d98cd6856cd724a681348a93c
+Nonce = 43a7cc159b2e17c4deb5ee66
+PersonalizationString = da4e50d70535c994202d5ccfdfa1e05d32f34ef3b013a9a8
+** INSTANTIATE:
+	V = e274066d1574c89c976dff0ffbcfb4c06722f391021d60fcc50799bd30784313711bca278098595a1000b9fede7e2e7fbad5439bf641cd
+	C = a2649c1fccadd92d39a82cae6081881bc36fe5efacedc376006c4ba3775f9ab607f16fc380cd355c45009aa69ce9c7732dfc79cdebbde4
+	reseed counter = 1
+EntropyInputReseed = 639ed258a54e3d3e9d9d20a7f66bff9c9bcc514479b064a9
+AdditionalInputReseed = 
+** RESEED:
+	V = 1da97934bb33c816614feb8f5c9340373c39dd056acf4bf8fc67a49f986cf21cceff87a36694367ee9af89267936bc5a149f0ce26e7311
+	C = b64fc5267256ee6f577a057326c333d1e1f32985aa60cf31127726087213eeeaa3c102ec36b3269e17e58066b17482821886e7e106e26e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d3f93e5b2d8ab685b8c9f102835674091e2d068b15301b2a0edecb4176b3b1ed12b1324b8323013326f7b1e5f756bda29ea3f924b7d0d7
+	C = b64fc5267256ee6f577a057326c333d1e1f32985aa60cf31127726087213eeeaa3c102ec36b3269e17e58066b17482821886e7e106e26e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a278d0df3ffd93fad642a7f2940935cdb7e0f6c0613a45f2be28f771ff043ecca1abfe12ca90cc7df1593e189d46d6078a653c047d20633f40ead6dcb7558015342679135d7bef1ac35cfe559e63e0ecf824b927c2bac5962285add370f5c19f47822fc88fccdcb8d08ce88a7d8bf973
+** GENERATE (SECOND CALL):
+	V = 8a4903819fe1a4f51043f675aa19a7db00203010bf90ea5b2155f1b107f9f4905df9d3b920b3354fb6a7e599a1cda8af22904b7cd54247
+	C = b64fc5267256ee6f577a057326c333d1e1f32985aa60cf31127726087213eeeaa3c102ec36b3269e17e58066b17482821886e7e106e26e
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 2152ed34ef7ca2b762b21fed069bd3309b627a1342054d0d
+Nonce = e7481fe1de46f38a018caf2d
+PersonalizationString = ee17821d3dc147781019fd926a9f879715382d93b8c672b6
+** INSTANTIATE:
+	V = f5b59762b2843801b4c2b3148bb71ff2d1540c529662362079fc258ede3e1ef3f0be88e7561fe0b84d4290e3f4709c22bff6a4f98e3a88
+	C = f59e1913098df2e334be6e1ef8676e018bf0c63357ce6660128310c088eefc6f96e90f1fbec205d44582875741bf0f2ecad5b180a2314a
+	reseed counter = 1
+EntropyInputReseed = f0d686cea91a7b2790b6b4160d4860326bc7fdc1f289f6fd
+AdditionalInputReseed = 
+** RESEED:
+	V = d00a9474974bfec379378da2250f0308b54dfe0be6bc71adcb737c358233e1c2e34e58db335a8af6d9ffa374b449633e572978d55af0e1
+	C = e2f0e8d17c2fa447714d7f2e2b5b55dadf80be3cadc8b34b4e80494b691408884cd5d933162efec1ec32eb8f76fb4d52dc04e0a4ac8214
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b2fb7d46137ba30aea850cd0506a58e394cebc48948524f919f3c5cdd5df15a02a25c4234ec97e7356fa8b4b3b5e911d63adadb27acaf2
+	C = e2f0e8d17c2fa447714d7f2e2b5b55dadf80be3cadc8b34b4e80494b691408884cd5d933162efec1ec32eb8f76fb4d52dc04e0a4ac8214
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 83ccb736f08293091b9c46642dce18fb1b8c65eb083af01597a1ff16a9324781758d8359552e70196b80b2b72039469286836d4c2d49f65597412013d8d0c567899af4df757b4ec77c2c435b51b356721c2a4890b94490bfee1fea6ee377139ef516c468d28ae84b22783fe4f5016d54
+** GENERATE (SECOND CALL):
+	V = 95ec66178fab47525bd28bfe7bc5aebe744f7a85424dd844687410051d7bc7edda9d73e373fc6a395c1c7a638f0d96d687819e318fc4bf
+	C = e2f0e8d17c2fa447714d7f2e2b5b55dadf80be3cadc8b34b4e80494b691408884cd5d933162efec1ec32eb8f76fb4d52dc04e0a4ac8214
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 8f990c533228723a7cd7eea9129b85c4ddd29bb51b65d465
+Nonce = 6710b84fdacf8442ba0ea30b
+PersonalizationString = 7006011e529b76e51458f212ee7887865dcc27c631105c49
+** INSTANTIATE:
+	V = 4bf0f856168312cb23a9861a57f58b71f449de499dd8d675b0f4b93cc38b0243d4e5dda9265445bdd35eeab8d150a0d57b492b61d9aa8c
+	C = eaf8537121a6fe1323bedb7fa2e99448bd220fc701957298b9023dfc5cb2939d75ec5f9d164b731ca9e596436b31c1b6a3d919fb1bf4dd
+	reseed counter = 1
+EntropyInputReseed = 76014f10653c04b24d8ffe7bf4ebbdfab0403c55f0ccc2cd
+AdditionalInputReseed = 
+** RESEED:
+	V = b95f8a29fa1eb01a00199f843b88e35f2f3f341721680de11d5476ba4741f08e7e3edd0f071defa6697ff0880a3c21bbacf6b4a604583b
+	C = 0481e0b988d28c2cde0789f84360527e4f928d0c2652d52b27fdc2c2bd614159d30842705087adc6210c5fe0c2ca8802e68eba0cdbf196
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bde16ae382f13c46de21297c7ee935dd7ed1c12347bae30c455239f85852f65c036e276b7c8eda75629afc6b1c4fb3901fcf93612ba87b
+	C = 0481e0b988d28c2cde0789f84360527e4f928d0c2652d52b27fdc2c2bd614159d30842705087adc6210c5fe0c2ca8802e68eba0cdbf196
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 386be1b336892e23c54608cd3cfc5ccfe2378b6ae1a6a4bf74c3ddf202499ffb1cdee7526eb58f5887501850b77f24ce626bafe0ed8754fae323758cf19dd4da7e91a50ee290f90a3be5aa3615374940f497e49fadbff485ffd52e5be40192074ee7dc15e3e85ed1453ceb53b6bc2354
+** GENERATE (SECOND CALL):
+	V = c2634b9d0bc3c873bc28b374c249885bce644e2f6e0db8376d4ffd1a3b2677c3385ed8a701d57aeb47204f790f88486c2df8b11a6d1660
+	C = 0481e0b988d28c2cde0789f84360527e4f928d0c2652d52b27fdc2c2bd614159d30842705087adc6210c5fe0c2ca8802e68eba0cdbf196
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 4c87ad56cf4ef3ab1efc2f96326e6023cc8e3d284a98614d
+Nonce = fe5a61fb8fa30ad9f64b2e56
+PersonalizationString = c2102942a6bb7ef7b6c860f34ae56419ce7bc6ff72b5c7d4
+** INSTANTIATE:
+	V = ca1bea8f3fbff386bcfe47ff6019bcb9bc6df325b40919ff55458409ebbe12b8f5a2d0fc9fdadd8239e5bbb8ddea459e6c2247fdd9f80c
+	C = 13b3919c8e0f2ac50e017c31084b76b12ec1ad6c7e70218c487f0c5a79811b197265a9c5a70ad059c8125d825066a5cdccfc3af5f9e5b1
+	reseed counter = 1
+EntropyInputReseed = e747026ada5131d2f2b645a0fa3bc47157689732016fbf0c
+AdditionalInputReseed = 
+** RESEED:
+	V = afb58e8fa81cd3175ea58c3cfc3e5b9827398064e3cef7cc4521782c49d34bea776601a03b977d7240b4b31c06dcd6c08fea04d62ca674
+	C = faad05e1a8925893e35c5dd6b39aac12edebe5ba2f6a2f20638a4f14214c37f0cc37293abc4df5897aff70b44fb4072f589c70dd79e418
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = aa62947150af2bab4201ea13afd907ab1525661f133926eca8abc78d2c06453ca27588145a42dc7cef400664047fcf408cb115567272c6
+	C = faad05e1a8925893e35c5dd6b39aac12edebe5ba2f6a2f20638a4f14214c37f0cc37293abc4df5897aff70b44fb4072f589c70dd79e418
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b07a3fce14c8f02aea893bab490550fa46c1f2812f764664b9c686c360f0239ec623e429673236aba1e457fb9b8d8bebda9ef62afac43fb1dfa3a5d7991746da8276093306bafe0ee497a22b51701382801678f12a2dcc04d9557ad58efb7077a2fa4f98075e2a49f66c8c79b0c47967
+** GENERATE (SECOND CALL):
+	V = a50f9a52f941843f255e47ea6373b3be03114bd942a3560d0c361776ba0a2bc501c01920201a3c9a6669e2e4f5e82120669d0c2943f9f2
+	C = faad05e1a8925893e35c5dd6b39aac12edebe5ba2f6a2f20638a4f14214c37f0cc37293abc4df5897aff70b44fb4072f589c70dd79e418
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 270b3feb23ed732c140befb482eb575f2fc28e0a134b0071
+Nonce = 48cbc3d69f2d2721668d617c
+PersonalizationString = e298f86c9360616ec4537df12618df483564a72846ed14fe
+** INSTANTIATE:
+	V = 5e75b990f013aa5bfc95101fab8ac7aac70c9a72bc92bae6058594d56ffb0da9505fe9012dcdb8be488e740e056b0325dc42701dfa48dd
+	C = b8e300ebedb2e9729a497eda5f9a142fc6de5b18e8edf21146160b0d6d68dba4f900273abe3a0397a5ce1b87bfc07a528ae1e38ff6245a
+	reseed counter = 1
+EntropyInputReseed = 2e090543788807019130b94f4d9ff161d2e9381b2970e5f4
+AdditionalInputReseed = 
+** RESEED:
+	V = 01f7d21a4d9366bd224b6c1a6b4ee5a8d11c164bda590712c5bc817db480a618439bcf259e536dd1a09bb649a29a4c24028572016a1d3e
+	C = 0354dd1328f6280410d76c5969df22520611fa93fd2e458650aaa31358801f9dabf890e561c53e12b442d8053e75af5b83202811282397
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 054caf2d76898ec13322d873d52e07fad72e10dfd7874c991667253c20022eec5b8ad854e3218f4b251e757ae0384d7a07061d34f94e68
+	C = 0354dd1328f6280410d76c5969df22520611fa93fd2e458650aaa31358801f9dabf890e561c53e12b442d8053e75af5b83202811282397
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e6bcea10878138742bdfded287bb353129c80fee2b624f337a221b7c62c80a039331d25fe132dfef417a975425b31f84ca6f114f43537053a15b090a12231ac2618860a393e3edbcf7027edfc649158df1f2980afda003f81a188582732e8104375dd0bc02e23c691208f0137fc7204e
+** GENERATE (SECOND CALL):
+	V = 08a18c409f7fb6c543fa44cd3f0d2a4cdd400b73d4b5921f6711c8c7a0b2966b50675f23e7c3e3d2435f130006e6ec9eb28302c8c34c04
+	C = 0354dd1328f6280410d76c5969df22520611fa93fd2e458650aaa31358801f9dabf890e561c53e12b442d8053e75af5b83202811282397
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 7bd0b52cc9fb0adf28da9b0f99163af7ca55fef15143742a
+Nonce = c48332b739e2795af6d60fa7
+PersonalizationString = 79dfe849c956e190000a96c7246eca31cc9abf0fc2ad77f4
+** INSTANTIATE:
+	V = 9fe7a9331dcb164d254d3d02be02a5dfe4696100e4839f663172c428ec0d05070b9f2ce5043ed036bbfa7eb7856e28b91fd08796f16d81
+	C = 38d089d6a28a259d67e6cc2d834899ffc4747740947183a0f9397d8d9f82ad424de78e66fb3ea2e3289a81653ab091a6217178f8fc38a3
+	reseed counter = 1
+EntropyInputReseed = b68d28cc18a0be07f84a5928feccc3c945eed769b7fdf190
+AdditionalInputReseed = 
+** RESEED:
+	V = 5a63a8955fbf7df87b0c6273ec72bd1542e4a8da22b00b2a045e9e523d959a9452e904d4fd1c79920fd127134fcbfe93b4519298403e7e
+	C = dc66f369871b4153b7b97e423327f1a2513a7b4aee59058dc0472db259408d1e6a5dac3c9a5efe13772d5567af6dce131ad5490dcd5a34
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 36ca9bfee6dabf4c32c5e0b61f9aaeb7941f2425110910b7c4a5ccdc710d2844c55d0974be91ee20fb99f34d65833c408d7074bb9b8e5b
+	C = dc66f369871b4153b7b97e423327f1a2513a7b4aee59058dc0472db259408d1e6a5dac3c9a5efe13772d5567af6dce131ad5490dcd5a34
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8e730ce3d84385618951d3293404305972c0cce258efd29b53d6f52d4a2bfb97b9a12480d76183bd151517bccc907c8ce6f72839fdf5ad022a5db87e2fb98267a8cd6e519881381c5298024f0733f928dbd5fa3dd3910c4798c5ef285ecfd2988d9185731211778c6bd995a81204c026
+** GENERATE (SECOND CALL):
+	V = 13318f686df6009fea7f5ef852c2a059e5599f6fff62164584ecfadd45ea056e84370dbe8b2731177d0f53b048e89a72d888d38efb81c2
+	C = dc66f369871b4153b7b97e423327f1a2513a7b4aee59058dc0472db259408d1e6a5dac3c9a5efe13772d5567af6dce131ad5490dcd5a34
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = e0b28f5dac42ad02840d0a258692ea629ea9f693b2db6275
+Nonce = 24ff777268203949dea7c3e4
+PersonalizationString = 45c1afe8e1b9e1e2ead9b159feac7cbcb0d4adc70abe24d7
+** INSTANTIATE:
+	V = 0ee5c17e892f30fc1c332d97e49b4685e6f45fd751afda3067044fbb7c817aa65dfe6f89283de2e9e73573c6c81247adc4f91b2640a0a4
+	C = 6a25c57f45ea354b3c8829a852c0ed5d43beb651b754f8cf4ff056865ad1f6e70e62313ea62e0ceec7c549f6e7a31fc88e35407f33a49a
+	reseed counter = 1
+EntropyInputReseed = a5cd04ab560ab9efcbd34ef7778f5cf7b9559d4dfeda136d
+AdditionalInputReseed = 
+** RESEED:
+	V = a22d8ea12279ca25699d2d7fd087aa32720a86fab2bd7a5319645b4c8e8fe2d7ae077a78aedb2dcacc374203b05b97bf6f7d9b4b375481
+	C = 522f279cb4686f5d13e61908f4422e1da95c1c0154ec7a72c2448e46ee537ecaa6e2b0039dc3d38047b0d239560c33dc3891b0ee2ed325
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f45cb63dd6e239827d834688c4c9d8501b66a2fc07a9f4c5dba8ea223f8ec0203a6274c4008be1505bbc7677b87d22d9bafcbe194ac5ca
+	C = 522f279cb4686f5d13e61908f4422e1da95c1c0154ec7a72c2448e46ee537ecaa6e2b0039dc3d38047b0d239560c33dc3891b0ee2ed325
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f9158eae1cee5371ecbff4293f604f81889b8b58010c296f8aebeb026582bbb7d0f22b715fd7d006aa4454609d20c0fe11eb2302700e3493ce61c6aa6aa1015a37ffa46847cb31470fb45181a552262202956287e2fe5bbd483693199a3c749dcb10694c918bf7d2b6baa3ffc16f694c
+** GENERATE (SECOND CALL):
+	V = 468bddda8b4aa8df91695f91b90c066dc4c2befd5c966f389ded78fedcbe0958f1242aff835bb127f45bcbdb1b8a798cdcdecb97770e83
+	C = 522f279cb4686f5d13e61908f4422e1da95c1c0154ec7a72c2448e46ee537ecaa6e2b0039dc3d38047b0d239560c33dc3891b0ee2ed325
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = b25bd89829a861056059a7d8015e67fac8d607e0eb026e88
+Nonce = 602437ec70574062df4e910e
+PersonalizationString = c1b86a1c8589e7fef01a663ab4a3582a5bd3ac230de17784
+** INSTANTIATE:
+	V = 0d4acfc48ac0a0dc40ed24571ba110149d4df6020263b97c6513eb791d624c908cc0907ff7e06e1afea53dc3f256ae8160ad479efb5419
+	C = 93fc1f129653f32c7218dd6d17e650dc009040c1d8d8a8e358c36d85a005e783b17821f823491a44e9b5d32a7654294eb28ae145bff21b
+	reseed counter = 1
+EntropyInputReseed = 0f8467a5eb75c369dd4bd6e8005d28d287f92fa7f6ac6f1c
+AdditionalInputReseed = 
+** RESEED:
+	V = d1fdea946e65db602f8bb2a53820c2a23d2a1e286e218cfc947d6960bf33bb3de8f3eab7b0391b011abf1806ba2bb869b317093529a680
+	C = b7f80999b5b1d6a3ab0ccc5355fc06df7641fadb81aaee67dbc105435f3450b17602114ad142cfaff404b48d71bf23fdf08039ae042e5d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 89f5f42e2417b203da987ef88e1cc981b36c1903efcc7b64703e6ef4d9fd1fe08de6c14b040e10ed22460ba76c974939c1e30bd81bc852
+	C = b7f80999b5b1d6a3ab0ccc5355fc06df7641fadb81aaee67dbc105435f3450b17602114ad142cfaff404b48d71bf23fdf08039ae042e5d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3f6b93de0231be9202faec18f9d034e6b11fafe7d503ead76dab9d6a79f1dc0767de3a149ac2fa88dc1a23b86953e7faef129052a45e590ef7d51b4b363d3b375ed081c8e6665508945837e89157e2f9062e4fd9aba551dda7d75bbe228a8023b3639ab9949d68a545790bc091e9ae45
+** GENERATE (SECOND CALL):
+	V = 41edfdc7d9c988a785a54b4be418d06129ae13df717769cc4bff74e36cecbd4d8dbc54672c6a6ddaa189f4eae943b1e3b100acdb80fec3
+	C = b7f80999b5b1d6a3ab0ccc5355fc06df7641fadb81aaee67dbc105435f3450b17602114ad142cfaff404b48d71bf23fdf08039ae042e5d
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 8bd96e56705723e68536055ce515478120c775f53c0915b1
+Nonce = cf2f3cadf6e758b9d986ccab
+PersonalizationString = b4303b8275639b96b4bd137d1af645a0f176abb1f75e7c87
+** INSTANTIATE:
+	V = 53c14fe08880a76156ed3462a4cb9f8b4cd2475a0b3a0adc5c290a03cecbc8a33e5a3999de42d07a620420d06c840ddf0636c7ff5dfcf3
+	C = 7f1a0a9c63dd5391af5f30771178f83343781cbdea6a0f1d72154230ee597bd958806ee8c6ea13bbd10df54f5730a355faef8bc5386162
+	reseed counter = 1
+EntropyInputReseed = b2675cbcdc184d72164f072834c10ae9836c7e0c125ac0fe
+AdditionalInputReseed = 
+** RESEED:
+	V = 748bd1337fabf28146c7c1718842607ca3517663e7101ed84521f61ab507279e2ee278957963f21bfa6bbb38c379d9354c3239e3c8a2ff
+	C = 558f7771029bc802fcc52f9e8b0ad44cc67e04674ad686350ac60f9220025691776ddeda2940aab0b967be275b06479f4e66aad08d9abe
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ca1b48a48247ba84438cf110134d34c969cf7acb31e6a50d4fe806277fe6d189ec08e166a8c91a6441c5b9581fc10d762b4a1d3ce4033f
+	C = 558f7771029bc802fcc52f9e8b0ad44cc67e04674ad686350ac60f9220025691776ddeda2940aab0b967be275b06479f4e66aad08d9abe
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3f852046e0be890063af5181f0f95fb02c712b8dba1e26732aa2f348ba3bfc6d6959dc01b3639358f14bb2c8c5ce29c1b168f942cd677af3e18e6ede4cefd7baa74ae70be525a91470758b580d628a29e1130ff64644852b9fcb12ddb167c881518cbd6c55135a484471aa30d2fe2947
+** GENERATE (SECOND CALL):
+	V = 1faac01584e38287405220ae9e580916304d7f327cbd2b425aae1644310ef2a9565d03dc7efb69ffed849d76652c9014869276e0551ba6
+	C = 558f7771029bc802fcc52f9e8b0ad44cc67e04674ad686350ac60f9220025691776ddeda2940aab0b967be275b06479f4e66aad08d9abe
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 7b193763abfeed3863623bcd2d630bc22dddd8988962bc9e
+Nonce = 9cdb070cf10d4a51220e142e
+PersonalizationString = d9c03817feb5700eabea08c7c0b677aa2097cb1663c44beb
+** INSTANTIATE:
+	V = 3924e4b12c9533a2ff34903021dd0ab95e869a9e5b7650ed5699c90e55a1b067bca733fd2af67f2e73e1863195ce0ab0016d9251ea2faa
+	C = 83f725e20796d90ee67d165c34dc2bf98a23278ce2331e184a86ef5cb593ed6133decf14411bc14540514a101b2c062fd464bf6d742279
+	reseed counter = 1
+EntropyInputReseed = 48b35a57627e64a060fd6bb2c5fd9375414b3d237959d514
+AdditionalInputReseed = 
+** RESEED:
+	V = 24497611899035c475c46e6d9bda595badbef333ba4a015a14f004eed0043e692b977616715ceaf9b5c153ea3d4a20cb0cdf43a3a27d50
+	C = f4029b5ede2fedf887ac882e10ba181be8951e4d12f2be47d531215ae48a6fbce8e26566e9d83d1f97c204b530c791ffd6b848b2d9f85c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 184c117067c023bcfd70f69bac94717796541180cd3cbfa1ea2126f9f6b4168abbf559f9bb35f47de6982c098a5945938b950ece310f80
+	C = f4029b5ede2fedf887ac882e10ba181be8951e4d12f2be47d531215ae48a6fbce8e26566e9d83d1f97c204b530c791ffd6b848b2d9f85c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2f2728510554097d96337765b8f03814c663692727e8d531d106f5d38a15ff7553a5901bb1d2e1855bf0799dbb94bf838bbf4d41c412d812aed3b6e68f229629028b0e2ee9ffa34a57ceca1be8e6d7b9bd4b58a9edd9c5fd8b984bf43666fe71ef1fea7bbbb9e7badd4c607f7a88c68d
+** GENERATE (SECOND CALL):
+	V = 0c4eaccf45f011b5851d7ec9bd4e89937ee92fcde02f7de9bf524872477bae8cb840878ec81de21c0bf5626078f1c36c9d02a51cc2a79a
+	C = f4029b5ede2fedf887ac882e10ba181be8951e4d12f2be47d531215ae48a6fbce8e26566e9d83d1f97c204b530c791ffd6b848b2d9f85c
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 4d4f2d2e83f863c5078707c628e1ee009ce61eff8d5c3c8d
+Nonce = b905848981e04b54212d155a
+PersonalizationString = db7f8071bd81e1f76e8b507a2cf00b5d30a7b3de264b62a1
+** INSTANTIATE:
+	V = ba130e83994eea75f869b039e8a209702d8a17a5ed262576189c4b0cc007ffb2d48034069d1468ec4d02c4a1ab335a45e1d0344539c73a
+	C = fb7318c7782fe20417b6ed515c83d257123d343d09f3caf76c502ab17e089c558d36c1b62449e8566d83acffa8ed0b2ca7598ec4e46238
+	reseed counter = 1
+EntropyInputReseed = 4cf089d4c2f3df03a4d144a77055c7e4a157d27d060ad4e3
+AdditionalInputReseed = 
+** RESEED:
+	V = fa7d5e1b25fdb0eb6e3b7fe932bd2bae8a5a845ad8b749589d0d012e8f0b61af636eea99a186dce7d7b391da4a793460e45ed075caafaf
+	C = 3796b1fea18691fb19f04acf5220bda1b054474e90baf1ab8305cbadd0fc65ff9c731aefa4cde861d845bca21e929038c39e3db8b2e125
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 32141019c78442e6882bcab884dde9503aaecba969723b042012cd7e983fe6298e19d22cb444b28cb41bb649357f161e5e2700a152cab2
+	C = 3796b1fea18691fb19f04acf5220bda1b054474e90baf1ab8305cbadd0fc65ff9c731aefa4cde861d845bca21e929038c39e3db8b2e125
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e2d3e243db409c1b98a699ee00f70df3b3a30e622d6df31917b919e6d565bce3f06e4b89e5e5e81fb1dd425a8847e160acfc0df2f0045055071e78dcc291d57bcf6e9ea683957a38d0aee189807145d06050bae3707fa9c42f65c9b7b952a45301cc87f57beef111451d6d787f7ed89f
+** GENERATE (SECOND CALL):
+	V = 69aac218690ad4e1a21c1587d6fea6f1eb0312f7fa2d2cafa31899d0606d6c3119c30c4304cb002b1aaa1fae67449364bd7c3b6d44501c
+	C = 3796b1fea18691fb19f04acf5220bda1b054474e90baf1ab8305cbadd0fc65ff9c731aefa4cde861d845bca21e929038c39e3db8b2e125
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 2989c7e4aa1e9ed277d4a156dd6742f5583ebf4acf467b8b
+Nonce = 276f0ef848be591143ac1f78
+PersonalizationString = 22fb7e114a7a42ba6fd33729f2262e985b4b951c52952d19
+** INSTANTIATE:
+	V = 7339ded5b1d2e8da093fa35fde61e9881dad706c1f73168d6e7c9b7aa78725014c1af8725f604cf4290e09334f47d2744a31624d622cae
+	C = cfc780afb248c025a8e3a76305a08aac50514b7858d3bc6fd7b035b45dd68ad7df2c525a328f1d48b527cb4216c32b4c5f22bf15b2cf52
+	reseed counter = 1
+EntropyInputReseed = 561afea97db226d1afde44df564d39a6746bfadeb128ae79
+AdditionalInputReseed = 
+** RESEED:
+	V = 3fb730d56fb933b6b913fa3a3284c6aef922861aaac4919eb4e740339c110d2cd5c8f85e7cd05b63b8a1aa76a4adfdca02972c5a6643fc
+	C = 05719d34a1f7ba56225301dc7dfc2c537b8455fe8194838330e9b11f22176413e1821b48e12c02b1bca10a94c981211e44fc9bc31aec09
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4528ce0a11b0ee0cdb66fc16b080f30274a6dc192c591521e5d0f17db7fd7c5ac9487acd8f8970336acf456506419e31d4fa4f4cb9b3f4
+	C = 05719d34a1f7ba56225301dc7dfc2c537b8455fe8194838330e9b11f22176413e1821b48e12c02b1bca10a94c981211e44fc9bc31aec09
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fc21000e033dc5da338c63c99551c07db58815cd1afb01c7c27da595aad1c60774ca0e3ea50c62e732e359d29dc9574a00411277f64da9b4c90deec2c91cfebb55b9b75ef91f7cd93b4a085dd05a44d182e53f7ffa50a38aa5f6a7e3cc4074c298b33bf58fc1965fdd2ebc812aa6c9a1
+** GENERATE (SECOND CALL):
+	V = 4a9a6b3eb3a8a862fdb9fdf32e7d1f55f02b3217aded98a516baa3239abb10414241e579febff438f46b8c27e6079cb7cefe2176190d25
+	C = 05719d34a1f7ba56225301dc7dfc2c537b8455fe8194838330e9b11f22176413e1821b48e12c02b1bca10a94c981211e44fc9bc31aec09
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 5c6dd51bc56405f56ee9cae35e417f0f16e94987583b3d12
+Nonce = 324a9d981c4ba0fea4c0727f
+PersonalizationString = 1c04d7ed2ad9e0667ec83e00eac3278018206f6b4e614721
+** INSTANTIATE:
+	V = c87c532f8b5fd9446403e6bc70101d179eaf71e81d99ed9ec821313cb3fc8aa4ab75ddbde08bf5ab5960ba74182ecdecc4bfc7f2f862a4
+	C = 40c8acb6b4b9982c3750caa685537c496cf29432c09e04ee7421927ec4f076f7fad187c746866efe741dd8ad35f76e3155465fe7635b16
+	reseed counter = 1
+EntropyInputReseed = 2f1f90c8bf6483897b86d02374997dee7193660b6dfa9015
+AdditionalInputReseed = 
+** RESEED:
+	V = bbd19d5a5bb43a57b89314a2b6f9d26b3c18d1df8da9c47972ad1d31d209e70817e0af8ad842886e8df2dcbfbe3d3c0f743422c8cd3024
+	C = aa5ece63f82122db10f608a5b739589e61b4d152a55149ab976ceb1666a0214deec54d85c58c6fcd1230d18e6b888ff6921854670bbc31
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 66306bbe53d55d32c9891d486e332b099dcda33232fb0e250a1a091ecaedf32233bd06f26df09e9f789a5283c0c1dbe5893c0df434d8d3
+	C = aa5ece63f82122db10f608a5b739589e61b4d152a55149ab976ceb1666a0214deec54d85c58c6fcd1230d18e6b888ff6921854670bbc31
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 677ec3521bb6b5ed4b228fdb227833d57a63ea1b401c817d40ddbd7d2f70b3d874af677ecf13ff891ccc726c2e8316b200ad829e7febbef7fa9819ab801df5b147eaa149b3a9018511df0fa48cde9b989527caf9270c6d048f302fd81dad3f943c73a7a0eacfa2d7e9524a2fe8d47a3c
+** GENERATE (SECOND CALL):
+	V = 108f3a224bf6800dda7f25ee256c83a7ff827484d84c57d0a186f517126d17a78806a3767a29ebeff39753b4e19535b026110238a85750
+	C = aa5ece63f82122db10f608a5b739589e61b4d152a55149ab976ceb1666a0214deec54d85c58c6fcd1230d18e6b888ff6921854670bbc31
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 80567176b6347376b166b113c3eea83c175a1de8ae2bc30a
+Nonce = 125eb2228f828b9672b5c3d7
+PersonalizationString = 9da815ffae85de6f18f608f56ee2cd5b6c0442795c7fecb4
+** INSTANTIATE:
+	V = 7b7978048e547182093852a396df2cacff3cdf41dbfc85df9539f142f655e18e9d7f0158fb3d70f1d64e203eb89a7304ce0d60a8dadb8d
+	C = 4a35178894aefa66da28d370b3b7430e2fb64102b79897a2bdd814cdf3f3899f30dabc18045f53566f3334764fdeba49918f0a77ffeb84
+	reseed counter = 1
+EntropyInputReseed = 4a21df7666ffbd50871499d8893cec62733dff46ba2b825f
+AdditionalInputReseed = 2021d82d38fdf05fc21c30375dc8ec4c3bd0768e46dea019
+** RESEED:
+	V = d75e30730927da9fd3707e3c5a588cbf84a5c492061f9df4ce1b9dd7c0f5ff62e3524ea6a2825ced8ffc5881a5250510291b63098b22ed
+	C = 4bf3b88f5249eceed009289315ba0609f8db0d3f46b015e87874008e41f4bf63eb64c3adcdcd6df61e75332dbbfe1a6d57ea62e3403ef5
+	reseed counter = 1
+AdditionalInput = 2b4e1e4baee69d23a1f70cfec22d675e064b7deaff307476
+** GENERATE (FIRST CALL):
+	V = 2351e9025b71c78ea379a6cf701292c97d80d1d14ccfb3dd468f9f32b1069972189c9fc291266e741f7005c520e1aa7c1f802a2745a94d
+	C = 4bf3b88f5249eceed009289315ba0609f8db0d3f46b015e87874008e41f4bf63eb64c3adcdcd6df61e75332dbbfe1a6d57ea62e3403ef5
+	reseed counter = 2
+AdditionalInput = 89f0b8b3a0c6f54884ced4640633e6ff9cf358981d583177
+ReturnedBits = 6d84e421de1373aa513200a8f86e1358f58d5b5d9217e374e1e73abbede1943e161772706a9ceb546a57109f6f4e281ce95f0af13dec39b442416b064c7f304550f84ff5b09e140c969636c5593e00224018ec77608bb337bfa3b14c8ae24a53b89219e3d07354f42fb94bbcdb16fd76
+** GENERATE (SECOND CALL):
+	V = 6f45a191adbbb47d7382cf6285cc98d3765bdf10937fc9c5bf03a04e0c6fc1dab74c52de28888fece21ba34162cc90c77841aec3ec2088
+	C = 4bf3b88f5249eceed009289315ba0609f8db0d3f46b015e87874008e41f4bf63eb64c3adcdcd6df61e75332dbbfe1a6d57ea62e3403ef5
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 099a07cf0f18d548113faaf67c9e278b30729d05a22a657c
+Nonce = 6bf03c2f750123f84e32f75d
+PersonalizationString = d495b7c10b73045902e5d6178c55b9505bace6072d790800
+** INSTANTIATE:
+	V = b1fcc1f37101988b266d5fd75a17fd2855f54f1781b2948b5f346001be457ce56975a49ddd7a187b9e37e626e23e96d03e4a38b8a468f9
+	C = dbacfcc178950e63ecd8e91c1557f60900900abda2d7c5518f6f66c1e864f792ca8873dbae4a920cbc827706fa9c44f81c26eba68090de
+	reseed counter = 1
+EntropyInputReseed = e9ed6e7063763161a5791b788bde025ade0959fc12f6f1e8
+AdditionalInputReseed = 81cb8e1098635cdf9e6ccf5b6d4e62573a2f6b1e6cfc76cb
+** RESEED:
+	V = d6884c3123e7eac7c818b6a2f06309e2394e69fea294bad480ffd1e4a1cfa21bc2460d0faeaf15f7a40212c7d71ebfaa43b95ec8be5c71
+	C = 61970b390697443cb26082730de42ec6023d96b651d066c215a3bf9d59b7433b2ff3a8f528435ed03531499488aa61ad7c379710312e8b
+	reseed counter = 1
+AdditionalInput = b579a4288bb6cb2f37de180629ee4d935f366ce74994e9d0
+** GENERATE (FIRST CALL):
+	V = 381f576a2a7f2f047a793915fe4738a83b8c00b4f465219696a3929c2d85e7fddfce41d168bb5c1af56ac87226896d83c99f4312a6f463
+	C = 61970b390697443cb26082730de42ec6023d96b651d066c215a3bf9d59b7433b2ff3a8f528435ed03531499488aa61ad7c379710312e8b
+	reseed counter = 2
+AdditionalInput = 9ed40efb585f65c9cb3db04a54e3243f813255865ff2b43a
+ReturnedBits = 836f00787297417d6f14f4a5356cc6e6a40d7f6c3585b4abe73212393eac671365e17d6d62004da9ecbdf636d52443142849e6fd256910d063afe1c5edf8b2963bde8ec6c00ef2ad2ff0166800c38dfeaed9bf8db6206e79d3fa3024626d2d89a308b9d31657d1cf0323640b1691387f
+** GENERATE (SECOND CALL):
+	V = 99b662a3311673412cd9bb890c2b676e3dc9976b46358858ac4752f881d89eecb70c443e622a4dc699d8da321e10eea2db03adbf7087d0
+	C = 61970b390697443cb26082730de42ec6023d96b651d066c215a3bf9d59b7433b2ff3a8f528435ed03531499488aa61ad7c379710312e8b
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 6a331305c63a4df9cf53c8561e05c0e2c0a14bd4af0b3057
+Nonce = 225e1dae0144aedd5013c9c2
+PersonalizationString = 7835b7de1aae2a08778b813a0e39b15c053070f6d7654796
+** INSTANTIATE:
+	V = 13ed48027221ea72166cbba57a62491c9ecbb22d41c0a8dc4b71b95bdb376b17b0125accbaa0ab5811d960d7c12bb93b354e5d86ff270d
+	C = edac98dcefb985c1ae4f03f0fb496f20c9c3a698f9a727d50a6e9c1b1b787ecb7dc6a657935042f343139f7feec7baf1b5aba49cac35a7
+	reseed counter = 1
+EntropyInputReseed = 8c5566f9c31beb2509cbff4f3d0805a7d10faf68e75a807e
+AdditionalInputReseed = 734ba1cc3c423d2760669f972dbf7b44198078e941c1d4d0
+** RESEED:
+	V = c8bbd15ed4ca56856e909724c81d424bbee1c8844326c92c6c525f7bb7d9832d7c9e05d4389b14930d9d0c26e651db0245a14eb6a1ddc4
+	C = 41e98a9ad4f05fbb4dde3b97005b4263d05ab418589fb714df0a8a58e5fa03fc32e2350b015913f4f58085920f0d89578344e6cccedaa6
+	reseed counter = 1
+AdditionalInput = 411c622ec28df5c8de59eb1515bce06deacf4035a3f054a8
+** GENERATE (FIRST CALL):
+	V = 0aa55bf9a9bab640bc6ed2bbc87884af8f3c7c9c9bc680414b5ceaf043dd2150bf16d2a1de7a38cf0736cb6b0e0f0162160eb439ddd368
+	C = 41e98a9ad4f05fbb4dde3b97005b4263d05ab418589fb714df0a8a58e5fa03fc32e2350b015913f4f58085920f0d89578344e6cccedaa6
+	reseed counter = 2
+AdditionalInput = c43e5b82680320fe4628ba00c7dc37ef82e5a515c148bfd2
+ReturnedBits = 53783dcbb418e263a48607439f8aaa87d6ee20813a8f4d454d719ca54220dce438b578396af92fa47366b2fd5c9da6e8b2c2d8841c8868d444cb3b75a25fbb5d2eb169f5be3457e3e9f3303dfd6e63b0a21158bd764d794e559b43e89142a85756e3260b89e54be15a13f02be560a3c7
+** GENERATE (SECOND CALL):
+	V = 4c8ee6947eab15fc0a4d0e52c8d3c7135f9730b4f46637562a677623a186da87211abbd0f53d375c0a77e3360b868ff995b2f9a690417d
+	C = 41e98a9ad4f05fbb4dde3b97005b4263d05ab418589fb714df0a8a58e5fa03fc32e2350b015913f4f58085920f0d89578344e6cccedaa6
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = c9bf01c1189043e1a89eafb3b4ba136e0bf0e090a5749564
+Nonce = bcd9dbdee6b7d08708ef76b4
+PersonalizationString = 5558190da5cf9086be52afc9172d192c853f7548368608b0
+** INSTANTIATE:
+	V = 79f189cdc8a06f0371598e05ee57614484cdfa70763ce1396bca828500f222e6f3d4248bd2efc29e39c33e10d524e7987027f11cff6394
+	C = 54fd775e94fe5d5eb9fffb13ca506504768fd06188de7b285a2b70fe703b758d9da75a1c93696dd0e7128874b473dadfb6b78c762a528f
+	reseed counter = 1
+EntropyInputReseed = 48165ee08c29f269e1c0a56041e9d04d099645b09ffa2d2f
+AdditionalInputReseed = be42fc51a75186a5a61cc4cad71929d5d81b25b81bbc1805
+** RESEED:
+	V = c60864468de8e5023cdbdc2553770555c59251e3ae49308c1c1a104c3e63ebf37bc0430ef3aece3727a3e5c9c5ad97669d3617a8a15fc9
+	C = 6dbaef91288d37dc96fc5d31db731abc0aeed47c81f1619b5121314fff3e895011370503ce1a26657d7a1de155a9c0de400c11f5bc8e3d
+	reseed counter = 1
+AdditionalInput = 85ad9e42964a0cedb79ed9dc0be1cfd2ffab87fd535ef3a8
+** GENERATE (FIRST CALL):
+	V = 33c353d7b6761cded3d839572eea2011d0812660303a92276d3b4269f2b1ce7d15eacfb372e86629f42d2105cbf0656b06256ef6bff7e3
+	C = 6dbaef91288d37dc96fc5d31db731abc0aeed47c81f1619b5121314fff3e895011370503ce1a26657d7a1de155a9c0de400c11f5bc8e3d
+	reseed counter = 2
+AdditionalInput = 7e4f829a60f7e1d733605f087b1b668ea4ca9ee64da08cc8
+ReturnedBits = 5dd88812cf61d2c476260cc6f13efffd8a9d7ab8ccc826ac0928f16ba6d4ddb6b6b521b69e9b8e91b81fcca868d41b2765aaa0c9b6ba85d0d47663420e9e00f9cf7db31fc8f60912893ac79728994ea84ed401b764acf9d4f0b18553279512255f1cfc43c6679d35649b5348990e5249
+** GENERATE (SECOND CALL):
+	V = a17e4368df0354bb6ad496890a5d3acddb6ffadcb22bf3c2be5c750650c269f63ddc2e297ce368d099e2dc104384722b23588d4e2cc9df
+	C = 6dbaef91288d37dc96fc5d31db731abc0aeed47c81f1619b5121314fff3e895011370503ce1a26657d7a1de155a9c0de400c11f5bc8e3d
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = bdd4841f135a709c59d2588f46017201b1e59ab32813e032
+Nonce = 4656c0d34583bed1a56a620e
+PersonalizationString = ae2927cc67cc1833e1d28419cd02bcb2081885c9b7d0a9b1
+** INSTANTIATE:
+	V = 6f0a935b26bba5919391f733da350c40e860b7f25a13d382adc6d58c42d88b8ea9e4ca05429635a5abfff80c5b6e41c3e7f165bbe55b28
+	C = 172d10ec91945906270ea41122d3f596624312bcb2cf9e0d4444cafddeb6d8e73cda7190b922a83982c958d7c096eff1f82b0078af2e1f
+	reseed counter = 1
+EntropyInputReseed = fe88c01f9ed4336d849bf47de655f19c7a2ce100d9ae442f
+AdditionalInputReseed = a1f9319a6742d23d511f605f2e7575b7be5f247605632a89
+** RESEED:
+	V = a5e710601b8d8341b3084686a712655d0271d139f60e6ed91a629d1d50b42886ee96a5b1697cd0d0cb9076272329abe358029d333e14c3
+	C = b45682972020855b9be0e650f19c6baafcd7162bd0450e674bebbd71041fc4952b55ec67691526cfba4089f669a94185e2f8d1531e1320
+	reseed counter = 1
+AdditionalInput = 6cd25aa592bb1396318549c06be4968b98faff79cc944fbb
+** GENERATE (FIRST CALL):
+	V = 5a3d92f73bae089d4ee92cd798aed107ff48e765c6537d40664e5c11dda6566262fda24ff1bc5b2a3c1763c7d2d26e005cdf95ec4b9cce
+	C = b45682972020855b9be0e650f19c6baafcd7162bd0450e674bebbd71041fc4952b55ec67691526cfba4089f669a94185e2f8d1531e1320
+	reseed counter = 2
+AdditionalInput = e01d601bb148f3bcdc71a8ee729935c6381eb18b596a2a28
+ReturnedBits = e238c0f53ecf13872680b9d6a3302a00dc31f776bb21f5a8932ac6afe795230df1dc9e07c3b3bdc414b225d00e9bdfe590bc2020344ade61116f55cc5798c96fd75cd30462938cc1896353b28d71e1a44d725094ec31c58482b548a9b2776a99c5085f720e218f6d75952f0a1d84e1cc
+** GENERATE (SECOND CALL):
+	V = 0e94158e5bce8df8eaca13288a4b3cb2fc1ffd9196988ba7b23a1b17626428061ba5471e26b0b6e45cacf8bcc7e66cbda4c1ad7ab92f0b
+	C = b45682972020855b9be0e650f19c6baafcd7162bd0450e674bebbd71041fc4952b55ec67691526cfba4089f669a94185e2f8d1531e1320
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = d0e40e6380bbb794c7e07208c13e5edc85c394cadeed5a41
+Nonce = 2bc48279ee83a781fcf97cb5
+PersonalizationString = bcff8a083971157d850d62ae0ed14926b8ccd844a91f7b9b
+** INSTANTIATE:
+	V = bfcf3ea0380ae67812204eb1900740efc604836a30f1789799c7026de72838affe3d2bc78a0a1fe302c015747698640d299c9dd83b9d0d
+	C = e3784de9ab37b6ca1222fd6e5ee4a23ee48fdba0164f2bf43cf662651cf7d1e293d3c87243ff2bfa80cb63bbcbbc5651ab46f648483f84
+	reseed counter = 1
+EntropyInputReseed = b7a5b0341bd66a95270dff16c2e1212d720c24be1ecd54a0
+AdditionalInputReseed = 9f6033aeb5ea5a2972c54e3997840e15b9bd9e3d1bf4bbef
+** RESEED:
+	V = 77c432ee1ba7f638fd42bc70f8fc8c59ba9ce1daa824bf8f5506d5c657600195cfd3fdc0f2d84ffb4c56e6e1a6704c233dfdb54935f4e2
+	C = 2164257b62cd7050200d6e88381bea5433c0a141a4315b58012f4ce9e9dfdc09c97ae23b254133cf2a6bd10377c03530d0f58e546c4722
+	reseed counter = 1
+AdditionalInput = f7371fdf27afe3a9ff94459a49cf09b892e0570418885036
+** GENERATE (FIRST CALL):
+	V = 992858697e7566891d502af9311876adee5d831c4c561ae75636233dc1785f713e99da4a0cda0ecf277c96765b98739fbc1799a08de291
+	C = 2164257b62cd7050200d6e88381bea5433c0a141a4315b58012f4ce9e9dfdc09c97ae23b254133cf2a6bd10377c03530d0f58e546c4722
+	reseed counter = 2
+AdditionalInput = 020a112d8c6610404eae5f63086c383e03821a2476be04a4
+ReturnedBits = c7761e1087ac20245d53f18eeccb4be33bfdb3558f6c8f4c3829e834291266fb45c95e5c4804e672c4b67b7828a3c9f7edb70f4aea2825123fd8d9fbdf7e2de2e3e088a38a4c519fd49777348975f937b78c240df76dc6dcb8a852f3986ea759f2fa2f899dd41934481dcad17abd61fa
+** GENERATE (SECOND CALL):
+	V = ba8c7de4e142d6d93d5d998169346102221e245df087763f57657136e008b40f762e3aef8d8c396336dd08ddb0081f090afb462a491fb9
+	C = 2164257b62cd7050200d6e88381bea5433c0a141a4315b58012f4ce9e9dfdc09c97ae23b254133cf2a6bd10377c03530d0f58e546c4722
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 83866d31ddade658c5d72c7a4a69b9087e94bf2c8cb55557
+Nonce = 63702d87dd1cfab83364df15
+PersonalizationString = c829cc1b5089bd16fe77f35a642fd13b243d8a953c059a76
+** INSTANTIATE:
+	V = 0171d4616ef767824f8d7898f6d57470b7c17a8e796af75a1f4666ad8f9e073f6f8261e60406864f396f658bea64527f23b9f746590bca
+	C = 0d29f9b683977e53492338ec33f6edb4e8fad03d95b7e79aa99929e3aabc22e37233fe6e3147b62dc8c86fd44be51c2c4408b2eeea0b0a
+	reseed counter = 1
+EntropyInputReseed = 15735cc973d2c91096cb5ba5351af32378df1a5b11fdc9d3
+AdditionalInputReseed = 0cf2848b6374b8e6a9b09437c7edb96c4975f0701072a9f3
+** RESEED:
+	V = 7322ad0708cd5089dc64308143c7d5d19004274e5ce1a90050f6eb371b0b15f6d8aa861ba5f067cbedeb4ecdf6c8dd49f8bd91a7eaec0c
+	C = 7264f62fe7fd7393c1a8834ba9c947b085345bd12a030d37f59275029f1fea517e0c34581ccaca5f7f1f4f67131d6fa8f1acdbd03ddb13
+	reseed counter = 1
+AdditionalInput = 8aaa52b45e75eb58ff3b88c674cb0e2751a596b5f2076a84
+** GENERATE (FIRST CALL):
+	V = e587a336f0cac41d9e0cb3cced911d821538831f86e4b638468960b62cd872c9b33df1d10f534f1d329bb90e5331f15524a91b75db8ee5
+	C = 7264f62fe7fd7393c1a8834ba9c947b085345bd12a030d37f59275029f1fea517e0c34581ccaca5f7f1f4f67131d6fa8f1acdbd03ddb13
+	reseed counter = 2
+AdditionalInput = fdc08cb748da7219ae28583e271963a332753d29b64926f1
+ReturnedBits = 84ae382aec0eabcbf5080c9a515adc92541e792f5656e7f81891a8e99585da4aa6536ca8651d8e38b2fea904f46a714d31c86291378c8fe809e01bca2199df6b5cc6b11391da30e67e6fcc4f87b1805756a28c6249029705b865a64c358cd4fcf63d25700cfecd35688008e2393af8ff
+** GENERATE (SECOND CALL):
+	V = 57ec9966d8c837b15fb53718975a65329a6cdef0b0e7c3703c1bd67f2d8d1bbc27c288e5a4fdbf9e1fe56a718d11cf7d1cee1d4db01536
+	C = 7264f62fe7fd7393c1a8834ba9c947b085345bd12a030d37f59275029f1fea517e0c34581ccaca5f7f1f4f67131d6fa8f1acdbd03ddb13
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 62f9d21c392ce88980a1397fd39add5d66449b8ba95abb6e
+Nonce = d4f0355546680d5babf121c4
+PersonalizationString = 98bdbeb2b4ca33631a2145a0fcde90f779ff3c16f93f3b8d
+** INSTANTIATE:
+	V = 3a578e54c8692fba730d54dadd571d63300744d1a1e8c99ce3e179d22dc5e1c7abb5e005f8eecdafa62e1e3ea7aac1d07cebccb34b4644
+	C = b4672e12316caeb9f9556cc21e336f78caa8079296c061b4bad9108eeaf5197663bd85ae9283005f7efc57213e9cf6e664911b519ece33
+	reseed counter = 1
+EntropyInputReseed = 2dea731fd5f37e43bbc395777abc5acc00939724edc241e6
+AdditionalInputReseed = ce80da898cac70b7eaa0979f0a086af573b855c0df5e289b
+** RESEED:
+	V = 26ba62a98f97a948e7f62b11c2267a813339b1054727ccebc6b509af7713ce3ef61726c5a7214119d20b594e586381a374638d3de8a6e2
+	C = 054e304122486fd7740a6b7985a2ac8bbf6ba34e7d316b00e596d6d0411f16bcada9491ef61a8f346f845928f339a052c6b793a9993a8c
+	reseed counter = 1
+AdditionalInput = 74de50b45d817cd2e81cbd7e9a11850d73519baeefb682f4
+** GENERATE (FIRST CALL):
+	V = 2c0892eab1e019205c00968b47c9270cf2a55453c45937ecac4be1beef32a8205cfc9666ba76f2c1d7f1d2c88b01ec4807902a2ec2fbe4
+	C = 054e304122486fd7740a6b7985a2ac8bbf6ba34e7d316b00e596d6d0411f16bcada9491ef61a8f346f845928f339a052c6b793a9993a8c
+	reseed counter = 2
+AdditionalInput = 358575934503da4d5ba47795ae668a374a4166a4e1d9a6b1
+ReturnedBits = 8aead2a1cef2e59ea7fad3dc899d9362ec7969b4650d2d82f7b307b8a6b6587bd2fb977fd297fdf2c6029c4acf299b8905a31f1d65fb9ac22ba220cce8fd84df36f962d879cde3d3e0261e484961c6c1e4b79aa343b0814d44744e230cf82ee1c9c1594b95362e0be71809623c714946
+** GENERATE (SECOND CALL):
+	V = 3156c32bd42888f7d00b0204cd6bd398b210f7a2418aa2ed91e2b958913996d365cc0f3183fb6c8e2633334c862ed9ed371fced1aeddea
+	C = 054e304122486fd7740a6b7985a2ac8bbf6ba34e7d316b00e596d6d0411f16bcada9491ef61a8f346f845928f339a052c6b793a9993a8c
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1305766b7e952a676e65905ccf1bc50cb5936ed1f23b8c9c
+Nonce = aff73b1abbfb622da9b0ff53
+PersonalizationString = 6dcb310549675c56da51d08020b5e74020aa697c75a98f64
+** INSTANTIATE:
+	V = 9a73c9e474d6a8f2ac76da39bda9a5a328fa7f777f01b730a35a900c132661c0f333de040b9bafb284e9a0c5dd4974d965dd20659f24ce
+	C = dc8c428006c4096777236ad40bc040993bb5d055f9baddac2ae07dceaa600889ebe552815fcb7553cc8271e5bbd9d8803b6a874f2b8ace
+	reseed counter = 1
+EntropyInputReseed = ad131e6f1fef8cb0cc9411cc9bbe96022f912a0fdf312c90
+AdditionalInputReseed = 458cb247fbcdd8e01766e3bfa7f85fecd887c4a45230f59d
+** RESEED:
+	V = 15463d91db794533e67cb992d154eeb3ccfd608ccb3287521de63c8de08bb148f472c88ac30022df5c2cc0cf5008cbd112d204d3721ce5
+	C = 6ce9563ebb918cd889dc8be875a893c8f4bc14f837543fde006ee5521c6dc21d98b4c235c31e971567a3e8ce73d0e4999d0b36a63fccd2
+	reseed counter = 1
+AdditionalInput = f090b65d8b2ac7ba871bd261825549d13100c0a7fa065eda
+** GENERATE (FIRST CALL):
+	V = 822f93d0970ad20c7059457b46fd827cc1b975850286c7301e552280130877393518dbb3a4beba1a73dc0837f7e71cf0e2205f10c3b78a
+	C = 6ce9563ebb918cd889dc8be875a893c8f4bc14f837543fde006ee5521c6dc21d98b4c235c31e971567a3e8ce73d0e4999d0b36a63fccd2
+	reseed counter = 2
+AdditionalInput = b3b304afa8ad0df4bebae42135795484c59fe19da365312b
+ReturnedBits = c7efbd868ce657ebc17cb4629027aedf69860547daf1281ad85a6ddc105b8959bf54480273543c317e85e571f19073445d7db8b002f7ba14b58a23bd92e5d6924093dbbb1b2dceee8bd8a9d8f5ee5b644118eb9299ce11547d74f3db0969bf429c68c35629b4811f404a3266252f2054
+** GENERATE (SECOND CALL):
+	V = ef18ea0f529c5ee4fa35d163bca61645b6758a7d39db070e1ec408fdad9ac06795588c1d2eadea1824706910caad0ecd7eea492f19fb38
+	C = 6ce9563ebb918cd889dc8be875a893c8f4bc14f837543fde006ee5521c6dc21d98b4c235c31e971567a3e8ce73d0e4999d0b36a63fccd2
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = e376320bb33d8b9cfaaaf8507e1f8c7fba7c44d43ee473c7
+Nonce = 5e6d60239f752c8ed33af4ac
+PersonalizationString = a75a88e25fe595b2ae5f1a6ebb8255b61691710f11213ff4
+** INSTANTIATE:
+	V = 03ac4b8c48c5c56d85d6dc98f4853838cd9d9bf02d34debf997bf92601fc7d85980425b796185edad8908d76486a7ce5ea477501247f37
+	C = e99c060da5d7d616fa192a689874fac4d739430a937792e0c25b71eb71a6c996ba0947aa13b14d837531b594c3362198a4bde374191e0c
+	reseed counter = 1
+EntropyInputReseed = 47687a70be072729e0f54b6a3a92fba1907f3f2d9c28ae4b
+AdditionalInputReseed = 169c0c80eb7345963ec48804c0ae4a614667c520419b67bb
+** RESEED:
+	V = a19f250a8f1a9b48cf9f6a6d6121e139becc29180f087dcc68900c122538fc0b482ab83e7621467da37821f1446205084bca8f34efab3c
+	C = 63496be0ae37b073aeb6759a038085d72d442e8b135114a3f87210df0bc95cab6d7c7846cd569af8169c27f41234293c9d524321a73f3b
+	reseed counter = 1
+AdditionalInput = 9a49145bc32072821a2343dc4daf37df682b3a97c27ca399
+** GENERATE (FIRST CALL):
+	V = 04e890eb3d524bbc7e55e00764a26710ec1057a32259927061021deb4d8c2d190a2b66dc2d3c0dcd2bc4829efe00e319b243b259d21837
+	C = 63496be0ae37b073aeb6759a038085d72d442e8b135114a3f87210df0bc95cab6d7c7846cd569af8169c27f41234293c9d524321a73f3b
+	reseed counter = 2
+AdditionalInput = ab31d9be3d485731c3d1a53264a4ee5fc582d05f74f658be
+ReturnedBits = 4902aa3b1206183a40b895b7f833f5f46d838b06583669fb0cc097057e8be301df3658c985fd12caf75e0e3a3d846454ad5c403f2050bab3f6a24bd50c5334e6c00f90449dcbd2add3ed9cc480161416183bfba3926559171e2823abbaa97da73514589d6a163960fbd9084adf5d7cd2
+** GENERATE (SECOND CALL):
+	V = 6831fccbeb89fc302d0c55a16822ece81954862e35aaa71459742f99b6edb3d427082c125e38a166e4ce38ca4e117de3acb25859358341
+	C = 63496be0ae37b073aeb6759a038085d72d442e8b135114a3f87210df0bc95cab6d7c7846cd569af8169c27f41234293c9d524321a73f3b
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3bac99965f7a523e13f6f3f9a8aeceeb3f6efa1818986f20
+Nonce = 199d14b7afdd0a029f1a18bf
+PersonalizationString = 153f3a6071fefc330acab1771d6ccfc016347dc0b0093c27
+** INSTANTIATE:
+	V = 6149ee33a0e4298b1968d8da7844815a4be728a47d35f75226947f05dd949ec7362eaa08970b21ea3cb8dff45b354bfad7f81126079496
+	C = 5ba85c438e83711e8fdab8d48c6989e79fc42981f1fef9e5ab687d74740dc84e047351b3663b83a725231e1738113adad9a66dd7e5f9e1
+	reseed counter = 1
+EntropyInputReseed = 5ef49b621c909beeb34efd4fb83055212ce0afc700969a3b
+AdditionalInputReseed = f674eb58cf47d558093dc6071fd6361df2f68afbbfe99141
+** RESEED:
+	V = e4e93884a9097ae6b50b67a352bf238a5f43e3fed7f0ba375ae213109338fd56e362e560312f3eec2d6a5049a81dab7cd7cad7f37e81ec
+	C = e37b89bc18f61d785ca52173401865d31d0a0bc9c3c7b223e88d199160b8ea9f385c0bf04eb2295dbf269ea6bb70e699de55f788554a96
+	reseed counter = 1
+AdditionalInput = c1721a6276a0cf3246a7a90502dae8491fb963de06a3bc3b
+** GENERATE (FIRST CALL):
+	V = c864c240c1ff985f11b0891692d7895d7c4defc89bb86c5b436f2d9d50665f9c24c238e0574dc6c22621a6789ab14f1eba980fe59cfcc1
+	C = e37b89bc18f61d785ca52173401865d31d0a0bc9c3c7b223e88d199160b8ea9f385c0bf04eb2295dbf269ea6bb70e699de55f788554a96
+	reseed counter = 2
+AdditionalInput = 6ef4ccb5cfd5ef5e8469fc85e8ee67285ac10a4fe8e3827b
+ReturnedBits = fd1c183376d41aecc6abe7dbf64679c969164af5c8150fe9cc8e15ebd6eca6b83c8b8310b4ed93d75f9698fc605056ef62528a1f87c947ff53472fc6b4bf50759e4924e742ea4475ce09187f5f8b3a550cb18aa0a2e7020b385daa6b837c4a22c9cca9224bbce67820648a389a1daf29
+** GENERATE (SECOND CALL):
+	V = abe04bfcdaf5b5d76e55aa89d2efef309957fb925f801e7f2bfc4822b7c55cbcbcb2108fd889587063b53f9a8d583503c90619c145d251
+	C = e37b89bc18f61d785ca52173401865d31d0a0bc9c3c7b223e88d199160b8ea9f385c0bf04eb2295dbf269ea6bb70e699de55f788554a96
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 5edd69f9cbb98e5bd7618c2bca6e59e9eac92224e0fbebdf
+Nonce = 74fd8f0205a22656afe61b79
+PersonalizationString = fdec49f9e9963bf96f0f7f4dbc0b0eb8a1f28edd5cedb771
+** INSTANTIATE:
+	V = 3e53e8d170f266892f8b6bb4989f2c0ddacd19e402ff12f0bd5e820766789dda61335385147b56071d8c0b5fb77642ae4d4b435454c07d
+	C = 53615e9a6080b92aac24deb7aacc921940468b281cfc810cea546b62ed72e13a625a2ec135a08d953b9f5cfc8d6e1ff96fa99a8ca0c892
+	reseed counter = 1
+EntropyInputReseed = 367997535a88dea4027995fb3443992658c9ac9d94a4f28b
+AdditionalInputReseed = 6cb79f27c1bf1b9c8992a07ff08af46d5888e6d24ba92871
+** RESEED:
+	V = 07c67a6bc664fd5a43e336eeab23da391bd47f9c3f100e066cfbe6eba301f714e6ba96f3a0b02973cd4baf77d3a81ff9bc00572c99ed2f
+	C = 7c3da7f07e6c69e326d3645d3cc749725316abb471a4359b9bad1bc4125fbaa3efdf5fd7ce87a5aca58b30b8376beeecaf293fa55101aa
+	reseed counter = 1
+AdditionalInput = 84bb819a2a994107e4dab02cc272e3253f0e2dbf561cdf76
+** GENERATE (FIRST CALL):
+	V = 8404225c44d1673d6ab69b4be7eb23ab6eeb2b50b0b443a208a9039514ba27925a61ebc123813cff7bfcae1f6c5f066187234e9398e96b
+	C = 7c3da7f07e6c69e326d3645d3cc749725316abb471a4359b9bad1bc4125fbaa3efdf5fd7ce87a5aca58b30b8376beeecaf293fa55101aa
+	reseed counter = 2
+AdditionalInput = febd4a22fb1acc88ca753fb176ce493e0d0cf59acaf41eb6
+ReturnedBits = aef58c0a05eb9b51f3f05e14f3f377c228954a60f7addec58d5cd1dacc17df91660caf772faeab1f2670e075ac2a9e129b757f59ab21318f294f5ccc65b4c15b37220e81123eee627237147ed68b71f5a9eb4a3e01d1aae6a8ef0c627cdb61ccdf51f9afafc476c78b76a76a58a4b3d7
+** GENERATE (SECOND CALL):
+	V = 0041ca4cc33dd1209189ffa924b26d1dc201d7052258793da4561fecff281395d6942093afab0113398c974abd97dc9b8a8b2301dad9e7
+	C = 7c3da7f07e6c69e326d3645d3cc749725316abb471a4359b9bad1bc4125fbaa3efdf5fd7ce87a5aca58b30b8376beeecaf293fa55101aa
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 06d32da9586c477df8d17cd62dddd7908ba54fdd6802df2f
+Nonce = 6f0e31e6d495804049dfb0da
+PersonalizationString = 47037a9645d758bfee26a2671df70577aceea8b63dffbdc7
+** INSTANTIATE:
+	V = b7aa24173e3ea747dce55eb8c26ba080383ab1f04a399a182f27de41126fdcecebc47aa118bd013adb5234cf895af980b62b5bd4fdcfa8
+	C = e7d318086da8fc5fa70758144ab60650bab4e08453be9a78622620d219cbf94348bc9cbc0debd02779cdbfb3b11dc0a669d3245479266b
+	reseed counter = 1
+EntropyInputReseed = 44af2d3124b715a45c531dd218b79924359f8bb372540136
+AdditionalInputReseed = f5b262e16b56e72d2090d491851ddac365d9286ec2c989fd
+** RESEED:
+	V = 592fa423e2a9318834aaebf055c960c6cb42695aaaaf15d88f3b5709ff443ac918adc673202bfd35a1a2d8ca740d6641e614b7a5824fea
+	C = 40a3ea6ea3b105acceffa94e5aad19de04834b487771a3c063c9ec0e24eb5f63ef18aee2b6babeb04baf160c7908bad55a44445048f500
+	reseed counter = 1
+AdditionalInput = f7011c9804bc1366c24d12cc02e8352571e327ad7d0efba3
+** GENERATE (FIRST CALL):
+	V = 99d38e92865a373503aa953eb0767aa4cfc5b4a32220b998f30543250799387eba16ba6b0dbe09bb318e9ec93bc25771117b195b72519d
+	C = 40a3ea6ea3b105acceffa94e5aad19de04834b487771a3c063c9ec0e24eb5f63ef18aee2b6babeb04baf160c7908bad55a44445048f500
+	reseed counter = 2
+AdditionalInput = 9480d6801a0bc70fb62840bca84643d8b63015b3a7546690
+ReturnedBits = 2bc9f461ee3883219fb68d89e8623a058841e30d8bad939ec9d72c4d959af63e776570448a71bb92d6c93c9d326f391f8e1ec24771ede4cdadd5cc6cc98796e9827210e95dc41d2e707b6d96a052f27d45d6789b6a69a6283db665c03c3500d3aaeca72c0633a2fd73b39b5302472824
+** GENERATE (SECOND CALL):
+	V = da7779012a0b3ce1d2aa3e8d0b239482d448ffeb99925d5956cf3089e6e76bfc4d312d1afea2f41fc0018ee8e4bb82f862c303794ca548
+	C = 40a3ea6ea3b105acceffa94e5aad19de04834b487771a3c063c9ec0e24eb5f63ef18aee2b6babeb04baf160c7908bad55a44445048f500
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 8c46493a1044bde81852b7b44ff2fc4eeff02ef558a62144
+Nonce = c26ca1c1786cf443de8d4a7f
+PersonalizationString = 8597a291556eb4d407d113748c58761b3b36b4705b4cec42
+** INSTANTIATE:
+	V = c6bb473f49725c6c706720a89d9d88866b32d281741aa9dd1ea11e4222f08c2e7dbff2496b291697a4b0e01ccdc6a42c2596d90f202cc3
+	C = 89986e256a47ea5233009dcceb008538543910ac19028ec787c763e3e545c40e82219ab43126547b9abced7c4e0713275984b49aa1c54b
+	reseed counter = 1
+EntropyInputReseed = 3d353357a1ba880ee9ed80fd72dfe93fb8378a42148d52e3
+AdditionalInputReseed = 0eb9c35b1bd4a4eee562fc60944986a13abf26b60abbbbde
+** RESEED:
+	V = 5892ee49a087d355f5a0dca6eb9654cb497b792993fb0391ae707734cbd0761f3b261224f471fe8455fe9d91bfa4d7d543e0a95a571328
+	C = 001ebdc76c7159a4dcf1ddd19e67e67ec7684f3ea7192caf57d9c84abe86f119521a1b489f8048bb39c5124cc35596a3df9b7e7b3b5609
+	reseed counter = 1
+AdditionalInput = f3e5e36e05326f7982c42aa27b22db33bfaf0e092eaed4f8
+** GENERATE (FIRST CALL):
+	V = 58b1ac110cf92cfad292ba7889fe3b4a10e3c8683b143041064a4093f2f6005459e1c78611c0c33a660f9676f2a00af773d7f3deb55850
+	C = 001ebdc76c7159a4dcf1ddd19e67e67ec7684f3ea7192caf57d9c84abe86f119521a1b489f8048bb39c5124cc35596a3df9b7e7b3b5609
+	reseed counter = 2
+AdditionalInput = 123bd6652b72c7c0182ef0bc22b4355eb0301e7b751604ac
+ReturnedBits = 7d20d18b9aa4f1629c419ea67e9f7a07d69008dec5e8f5431bb7d82f447cc636d035452605835896df559507269435aea5e3efcfebe3cf00f8374226d9870f43679d8ef575cfdee2c72756698744b253653b460d8b15442d591e86bec12772a8aa21e9f9d01df491bebaf2e13a6a7125
+** GENERATE (SECOND CALL):
+	V = 58d069d8796a869faf84984a286621c8d84c17a6e22d5cf05e24092694b95cd2e2f94db52b415e1d1752258d9fb25deb3a73bf721c9bc6
+	C = 001ebdc76c7159a4dcf1ddd19e67e67ec7684f3ea7192caf57d9c84abe86f119521a1b489f8048bb39c5124cc35596a3df9b7e7b3b5609
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = d0cb2aaa38ed8c9b9f64ff39f4ac48808ffef2fd04d0a4a2
+Nonce = 9dec893517969e773aaf352a
+PersonalizationString = 46b2342303de2b0da50044641a0e2baedd119ecada2f3655
+** INSTANTIATE:
+	V = 02c86ee8dd99bd31100e12bf21d37ac3cee3f42c73791a508dc682227734d03fb80dbbd62d85f5d4e24fe5be4c26a0bf492880bd89c71e
+	C = f1f528d6cb6ec072961ced45c955cb795aca132465f6a6fb4e6cc6b3799b0c616b9c7da9210895c4ec8187a3234231f2f9c459025a8fb9
+	reseed counter = 1
+EntropyInputReseed = e1f314f98a7852d6e72c5fbc3d16a71a7ebb591d0a6a023f
+AdditionalInputReseed = 32e1aa020334d0ebca7ff51f1d4efe491963a9c63656b287
+** RESEED:
+	V = 052393b208158eaaa3abcee3422c4b097ffc0876a55a9901230574eb590188bc39a011462ab1d39919809864c8214a2950494bc8361ee4
+	C = 62ba783cbc3a22d4356ba86646435dd2dd3939b290b033d64510547c6d96834ac24e72c4bb8a566f315f23f156f0604c683751e9927a9b
+	reseed counter = 1
+AdditionalInput = d25fe71198cd3cc3330d0f34eccf3b37a93dbe1479e6d1d6
+** GENERATE (FIRST CALL):
+	V = 67de0beec44fb17ed9177749886fa8dc5d354229360accd76815c9f5128d141c9dfa4cc21d2918732d1467bd48e7fc85fd7017b76eda54
+	C = 62ba783cbc3a22d4356ba86646435dd2dd3939b290b033d64510547c6d96834ac24e72c4bb8a566f315f23f156f0604c683751e9927a9b
+	reseed counter = 2
+AdditionalInput = e758eeda00542c0b4cc56b971c795ca7f28faa5f63924e9b
+ReturnedBits = e3906b881a37baa38d3fa07038ed03f4c00b2944a7d9b52e4cedd1a064f1da07f819fac00ad96a98fbccdd7310f48b30c98de64f91c1768e82c1b43ae67ad27094a0ddddd6d5891d376b6f80800c738ce86092753b74901b7e7795b3f042a16c8437fb2cf9d8ba696c62d8ab9f5642b6
+** GENERATE (SECOND CALL):
+	V = ca98842b8089d4530e831fafceb306af3a6e7bdbc6bb00adad261f5d98391188f2160d0af001ed15ed2935048081a55ca338a199971b14
+	C = 62ba783cbc3a22d4356ba86646435dd2dd3939b290b033d64510547c6d96834ac24e72c4bb8a566f315f23f156f0604c683751e9927a9b
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = dd32264f0e091b7329c16b3fe0f33db58a900a646f420a7f
+Nonce = 8f2a5ca766bc07399f7d50e7
+PersonalizationString = 
+** INSTANTIATE:
+	V = d46fd022a329102110317108a2acc884c44cfcf0f229a496c1475cc2717cb82dba9fdb0025a5ab105c6ef141a9080553ed092386622ae2
+	C = 9d951611cc871cd02ba5e2f78794a1d8bee2128349ac7658558ab2abd85f76527542d18c1cc0c0c58fcfc15de42fceb154cf98eb09cd83
+	reseed counter = 1
+EntropyInputReseed = f8c404012ae39210122bdb5e478d9822bccad8f364f64c14
+AdditionalInputReseed = 
+** RESEED:
+	V = 7b4d55b2a790163cbfabd75e2ddd915197002fc81ad73e32256a43e54517df374ea8f8a2865d11115303e9d5975017b1271b98de7a327f
+	C = 1a97e13fb2b9602c872ac8a0a5694c28cbb7eceb5b6ccc5535767c88e541be21c47d14eddb83d11b1435cac2afc31465334fe0fa024a7f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 95e536f25a49766946d69ffed346dd7a62b81cb376440a875ae0c0cc3da5c5a65fa3f516584222989b14f6db5150442501d6422bb76424
+	C = 1a97e13fb2b9602c872ac8a0a5694c28cbb7eceb5b6ccc5535767c88e541be21c47d14eddb83d11b1435cac2afc31465334fe0fa024a7f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4bc435ef95719ed095d961c86129c5877486f87823a6753a57a332271f2ab11d4b41f2fbf6c21e0f0af6a2af11e459f24412369c31511cee96f53f83d2bb26d94d4805168dcc7e982530d2497751348461c56349c45e401c6bb9abae95a99453acb3e580f93822d93699441886049baa
+** GENERATE (SECOND CALL):
+	V = b07d18320d02d695ce01689f78b029a32e70099ed1b0d6dc90573e038ffc96430be1a717bdc271b670f84258c3f98fb86d4a696a47e432
+	C = 1a97e13fb2b9602c872ac8a0a5694c28cbb7eceb5b6ccc5535767c88e541be21c47d14eddb83d11b1435cac2afc31465334fe0fa024a7f
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = cf80e237af867bdd85c593047939006af3d981dc044589e7
+Nonce = f72186ae42eacd6bc2d94a07
+PersonalizationString = 
+** INSTANTIATE:
+	V = 62fb66913b073e1c4a4cecb091bcfd07afc419103c56f687912d81723a3968751cbe7c032433eb42648331e98e80e0fdd1c3547170a28b
+	C = 3c98fb9d85c87d3a0065d84275cda89bff1b18289d3a9b58638bb5648956cc5eb4d0f748db1040577dae951c448e158399c37b1c11a785
+	reseed counter = 1
+EntropyInputReseed = e1dc0d6917c48f778d7d59a4e9183fc2ebd5bc7ac7b317e9
+AdditionalInputReseed = 
+** RESEED:
+	V = 406a2b5206c4134a52fac75dbc3d74f0022c39dec52acaa292ed6ce529806ca4824e5603d01251be41cb3be03c9e80670a77b96d6cdbe7
+	C = 7f3d1c9b6f27cb2435291b9c2841ae3c518a6bc4a91793aa6049c9872555a846a9dca16299ca7ae2a1c70188b51457fda5b3da1d6d594c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bfa747ed75ebde6e8823e2f9e47f232c53b6a5a36e425e4cf33736fc0865d80a71aeba8a9653db145165bc0707b893956f7d8c8b80c736
+	C = 7f3d1c9b6f27cb2435291b9c2841ae3c518a6bc4a91793aa6049c9872555a846a9dca16299ca7ae2a1c70188b51457fda5b3da1d6d594c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ee480d78dc6b15f3f6bfb15eec10abe5c260d4d1224e4ec9fb2c64c6cc80cfba24736b91ed26208e5bcb472a3b07effb2e3636a177eab2ebb44c2c47bdf907ae3816e3f6819985252b56ed4430a15127f363d3dd666a0b4bda70d6a4e96b183aac8a17d070521b5dbbdd391efdb237a3
+** GENERATE (SECOND CALL):
+	V = 3ee46488e513a992bd4cfe960cc0d168a54111681759f1f753810157cef4bfc0c84eacdbd4fee24d7a32455badfc5c099c913e544006fc
+	C = 7f3d1c9b6f27cb2435291b9c2841ae3c518a6bc4a91793aa6049c9872555a846a9dca16299ca7ae2a1c70188b51457fda5b3da1d6d594c
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = d85d39b2146867f1f307683c4a5bd05cb357a7cf38d87ce4
+Nonce = b9bceee9755ff17fe8d6d96d
+PersonalizationString = 
+** INSTANTIATE:
+	V = b2d82528ff4379da7cb83c503bf8cdbf8834da835084dbd1c6a8cabc781d36fcea3db4fe3139b4fe2da765ffe3a88a56e160074a1164df
+	C = 73a6eb1cc38c40b1bd5b37f91cf0b39e8a7127863a4290f590b025ba08ebc1aed7aa2572c596fb7ec69745202ecf176f8d3196f257ec8f
+	reseed counter = 1
+EntropyInputReseed = de205a4fb67118393411439b71c1a0eedf20756dd366da2a
+AdditionalInputReseed = 
+** RESEED:
+	V = dc3615498b29fb404097ae5a05ad0068753d8ff5cc2093b54a49e3efe8ce4aedcd4f49539daa951645a012711e0e97fa3b56235187ab0c
+	C = 136a78868fddb586cdacd7d9a73f418407d1825e29c09a4720adf22e3eababc82cab424ff00c189e90fef97570526d207ee6ae08bdcbff
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = efa08dd01b07b0c70e448633acec41ec7d0f1253f5e12dfc6af7d6a97c101ce867cc9a0b324c8ca9074b6a126f76d2eacae14ca1e41018
+	C = 136a78868fddb586cdacd7d9a73f418407d1825e29c09a4720adf22e3eababc82cab424ff00c189e90fef97570526d207ee6ae08bdcbff
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 851227813526f934efd0bfe0a61659156b3eaad22c2d7e619cf42f6d4f8f6cdef69967f9c17f4ac4831cc0a02d6e6b362f41f41d61e46f6d452d035044ed2c5784c8852308900584deccf7dae84b59214156fe4c619feaf81ca1a23bc8227517cdfe7555ec5c66cbcad0398f704063ea
+** GENERATE (SECOND CALL):
+	V = 030b0656aae5664ddbf15e0d542b837084e094b21fa1c8438ba5c994551a6f27a08b1990b5d6aea564cde39e6c1efdd905a03876d4c9db
+	C = 136a78868fddb586cdacd7d9a73f418407d1825e29c09a4720adf22e3eababc82cab424ff00c189e90fef97570526d207ee6ae08bdcbff
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 059f6003243f0cd79b9f0c32b4056f3757c319e966434b98
+Nonce = ff6c5920c55b5d7cb10b83d2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9f7ffdc56062452e4afca7a9d9bf4bfd28df16a949967429d9d4d3fdfa7f2eb0d7bfdd88f6229fbe2d154d5f6b25edfa325ecdeef26f2a
+	C = 71069d991b564a565d9e28ca9b9abce9847193797eac860a5d9bc87572571a731c38fe2e363e040a2735eaa557a8c1a51e7f3e923d0323
+	reseed counter = 1
+EntropyInputReseed = a09f46951ae68f3cb21d567d6c13cc5917c427c29beaf27b
+AdditionalInputReseed = 
+** RESEED:
+	V = 3e4191f6b3f760a944216ae27c9dbac2eeca14c886f61df6e00125ff93ac9a6fe24ed42b172dc369f897724ba4eb0d473aa25cb00e8890
+	C = 46776087dbc9b577960f77ffc98b934bc3f2e48db47d32f874137d4bb695d59b568c8939a071234caa0dd806af690ac1180509315a14f2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 84b8f27e8fc11620da30e2e246294e0eb2bcf9563b7350ef5414a38be6953943042d27a8d1295fe54bebb44005536fb4cd2007fd3bafce
+	C = 46776087dbc9b577960f77ffc98b934bc3f2e48db47d32f874137d4bb695d59b568c8939a071234caa0dd806af690ac1180509315a14f2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1dc23ea76fb5543208fc2f9f0066fdfc5a8d96f0505fcd53ea7a8b9d8f46c1965783c660869a4d5e266755e704b89552bbf693bf2c710a07ca0d23970cd33141f866a0f799938db361000a9ea2432094f1f59668e9987e79d23cf19126ed78ee8af26721ad7bf75692d02e414c1aa410
+** GENERATE (SECOND CALL):
+	V = cb3053066b8acb9870405ae20fb4e15a76afdde3eff083e7c82821b496257e3a0b10689b5b56632cf11f2c4eec5c079d7e569b74d8c19b
+	C = 46776087dbc9b577960f77ffc98b934bc3f2e48db47d32f874137d4bb695d59b568c8939a071234caa0dd806af690ac1180509315a14f2
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 8aa2d9df152233f225c83a6a25d8b55c26a5f4738476abe8
+Nonce = ab613737059589cc7c6a2f50
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0e2881cb59eecfaa3fe55dd698721446f3e47ced7a7694c72d577ddb2f2cf843389fdd9c3f080e297d9f7d15070651c6f941dc1256ba4c
+	C = 338e8fb0217412603a06996b69b79ac9c1218ea4a8ac2829db92a42e8619082e8d3b990123150d709b45affd37edbc8f6efc2b81d8fa4e
+	reseed counter = 1
+EntropyInputReseed = ffafbaca9d80624f189fb5000542f7d73544497a9348599e
+AdditionalInputReseed = 
+** RESEED:
+	V = c86a524222dca1916909310353f7ca90e2e7448741ca585a1eceb92bff48bd72adf52769850e8c5197d366a96f4bb41319b5a2c551b642
+	C = 003ed868dbc09561859e07d9585448480cfad446ec315d2210fdef73486a392ba756af8136f09fde1cbf2ef58eeab987b4e9744a31a7ed
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c8a92aaafe9d36f2eea738dcac4c12d8efe218ce2dfbb57c2fcca8f54be59dbd3266fdb40b725f46452423db561421d62803611e58af30
+	C = 003ed868dbc09561859e07d9585448480cfad446ec315d2210fdef73486a392ba756af8136f09fde1cbf2ef58eeab987b4e9744a31a7ed
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8647afbf8a4b2b24286d075c1502c82e512ffb26018a5a37fe96d1f234f5cec78f15f23db750a79209e0eeb0a525e50b23b338b91608897cd613453ffa09aae50f257625fbda2c1172d951a66a764026be04ee5200a4eb00372fc59bcc080a8fa1cfd294c67a0202ddc5cdba21b36dc2
+** GENERATE (SECOND CALL):
+	V = c8e80313da5dcc54744540b604a05b20fcdced151a2d129e40ca98fbf831888358f84d7892c4adb916b4c095063193541d6be3adbac0c1
+	C = 003ed868dbc09561859e07d9585448480cfad446ec315d2210fdef73486a392ba756af8136f09fde1cbf2ef58eeab987b4e9744a31a7ed
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 963baaae11e5db10f8c2044cd025a18738b36198d6d95a95
+Nonce = 3bdf2a0c81559b54c0d0990e
+PersonalizationString = 
+** INSTANTIATE:
+	V = bc22b56423084f6675e2b3254570b74a43d946c2e8ebd01ea444bf38ad10256d3e75e0118f977ee87284fcfc8336ed03973e8f9a906b75
+	C = 5fd8a34a969d8eafd0696d27c5fc1385f1cd67ca036c7a50f10e35685eececb34845a2cc889610c3ef58521f83be90777e0ee56a407913
+	reseed counter = 1
+EntropyInputReseed = 7b35e5e4d392ce8c51c9a1bddf8d7ce1eb4c7f78ebcc0724
+AdditionalInputReseed = 
+** RESEED:
+	V = 20fde7e9d0fe0f2ae85776d3a9a14a7c6c757328726d69ceec39ecac190368d5f1415c6e9e4a1090c18cdd47e8a8dedaaae58db8339165
+	C = fbc139a390a102aee9b8ceea3e3cee5e08d5cf787e11e4cf342cfec6f0a23ec026c7bcc0ccd0e9d1ed71e3df289ee2e6638346800d0d5f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1cbf218d619f11d9d21045bde7de38da754b42a0f07f4e9e2066ec50f8ad65383079446027fa592568e6f67c0936d6a7fb20d64869a6c0
+	C = fbc139a390a102aee9b8ceea3e3cee5e08d5cf787e11e4cf342cfec6f0a23ec026c7bcc0ccd0e9d1ed71e3df289ee2e6638346800d0d5f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 78d3a073e3dc2930466f8bfb69157917252b67b8707e91e260f2301d745559b5d14955a2ff5c7ce810a7210bdd226ae9325e3343262f095bc68e5dcdc6ae4413d7558f0544b6aeff132c1b7d943890f6dbcccd26b61dbcbe839af3607087d6be32f4b825efe1f00596b1db568e5baca3
+** GENERATE (SECOND CALL):
+	V = 18805b30f2401488bbc914a8261b27387e2112196e91336d5493eb73cf3a5cb3827361fd1fdab5f53e6a796a7df7bb1b3312d3ba13e0a4
+	C = fbc139a390a102aee9b8ceea3e3cee5e08d5cf787e11e4cf342cfec6f0a23ec026c7bcc0ccd0e9d1ed71e3df289ee2e6638346800d0d5f
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 3ea6fe175bf4d51e145f2491461805c6b7b29ffd829e7833
+Nonce = 81e68fb149d378891f90286d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 53ad2771f48f5b89f7692e0659307b72e6f5afe63d607eabb2e87f3c2ce22450136a853855c1af493f8658b842eb4cd4622768dc0bfe06
+	C = a8e8d57f8cf6fa837d7d2d8b3694771f91189daf83665a205dcad9d396b9703f5e35239d89347ea98921f5fed52ec1f9ef85b2cda3d4c0
+	reseed counter = 1
+EntropyInputReseed = 2f024c09c66651dd4976a3fba97ce02d2ad2dd5a3885432c
+AdditionalInputReseed = 
+** RESEED:
+	V = bf78be8fb42c26a6373a4986487eb04c4d017b68fb565aa339f42c0b70d51a13742c9fc2175cf17c8cf06fb8394163fd9a6ae30b6f3ada
+	C = 4389feddc0749ed1d2a3bed8366905ea21fca0fc39463289b3faa2ce7c4fc7e90f25392d98c36c5a0b313ff2d78c7b27fe911c59a3ca53
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0302bd6d74a0c57809de085e7ee7b6366efe1c65349c8d2cedeecf3d899df283103955976fc59221a3cd3d0b7919d896ec3b113a0af219
+	C = 4389feddc0749ed1d2a3bed8366905ea21fca0fc39463289b3faa2ce7c4fc7e90f25392d98c36c5a0b313ff2d78c7b27fe911c59a3ca53
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 12938c288760dd34e1076dfadd603d8706ed432246c6dd0cb3c18c21fc42cd711b9a6cbe040da65710d61db1be9dc6fd938e4bd302e409f5402de6f070b9fd8e896645c2287b8df55d4847828372753e269bb0705550d7724b233d14b47fa7779f738bbb70a5793a0ab92ff805fff8e7
+** GENERATE (SECOND CALL):
+	V = 468cbc4b35156449dc81c736b550bc2090fabd616de2bfb6a1e97215e3b54a52a615643ece419f759d8ed5d3a5e0a3d6484f4e33f855d0
+	C = 4389feddc0749ed1d2a3bed8366905ea21fca0fc39463289b3faa2ce7c4fc7e90f25392d98c36c5a0b313ff2d78c7b27fe911c59a3ca53
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = f89d78f2ef276f7a49a7c1805c2bcad8aee074a3c56be2d9
+Nonce = 0488bd1ff4a6d98a852643eb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9f55e475234418c541c0f819bb16374673f3ff518cfb43919b30418d60fa7562de2d81e798f885d0b79767546d537437c161a886c8cc9a
+	C = b1fa5dc4a4fdcfbd6426c8012a71dda1c488bf89de3635854aab23fa217d049b598f6c99b3604ea60bf088e3ba8f70cdac1f0e7792d8b2
+	reseed counter = 1
+EntropyInputReseed = 9ff20a85332bb91586e3f57b26b05df036e76ffd8723dff0
+AdditionalInputReseed = 
+** RESEED:
+	V = 9818e4752d1600ef4d8c5b25b33cce84b5d7fc3a1cd3a389c4e67b1ea9bfb5c9b06c9c0be25b861ca7dd847d4f290f3007e7a914d49b5b
+	C = d66b6bcb47009e456f3dac0c41cdc2566766b7f18dccddb240822bc406063f87ee336f27e567463da5366f2badee187dd8f5c99b0b9a89
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6e84504074169f34bcca0731f50a90db1d3eb42baaa0813c0568a79ade82f39c3c1c01ba8cb1b6a19c4c4b5f10568c0a478588f90589c3
+	C = d66b6bcb47009e456f3dac0c41cdc2566766b7f18dccddb240822bc406063f87ee336f27e567463da5366f2badee187dd8f5c99b0b9a89
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6758d40fec79a44b038efa922e07fd35991d5babdcc2508e7adc0a15bb0344b26e40123ad94cba160630efe3eac445ddd06c398329b4dea8e251cd6f9f251c7506369aa179e05350a87e58e45823c456f0211b5e1341828227cf762af8043bd15ba4c9dd5230b742a35b4da7ebb28772
+** GENERATE (SECOND CALL):
+	V = 44efbc0bbb173d7a2c07b33e36d8533184a56c1d386d5eee45ead372a8672c10e8751ca4a0a72f7722961df8317b637bc41f20a084df35
+	C = d66b6bcb47009e456f3dac0c41cdc2566766b7f18dccddb240822bc406063f87ee336f27e567463da5366f2badee187dd8f5c99b0b9a89
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 435ff8048d71035097c1b126284fb5b0d2ec44b57ffb655c
+Nonce = 0503a06339b0336ab99d7abc
+PersonalizationString = 
+** INSTANTIATE:
+	V = d8ae750b54a811f93f56ae107c934049e3e4278783e956b77a328d1c9fd972adc860b331fc793cdf0b9bdb0230fdf9d90cb74f8f5d627c
+	C = f7f753420362a7bfcbc31a7b3a649abc698df6191a65047feeef49253fe573c2717c2b030ecac6223e1f5de6190b3dd73ef742a6220f35
+	reseed counter = 1
+EntropyInputReseed = 4533498e6c559dc467aceb25c7b919d4e6c6995d2a81239e
+AdditionalInputReseed = 
+** RESEED:
+	V = 4db687612a7e49fa01aaea97444ca962dd30184816edf1ac3cbed0da6bf927a5b6ba3de1e6dbfa9fdefea3836371a7dd55dbffdc6595bb
+	C = 2678e47959a133433f8609ae4054f405d1112109837b2a1307d00ad0ec1fa52cac269cb793031e9d61c33899e35438da4f76bff8f3bcfe
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 742f6bda841f7d3d4130f44584a19d68ae4139519a691bbf448edc21339b1382b3be670594cc337b16b94bbb1a6a3c9ed5a0f7773066f9
+	C = 2678e47959a133433f8609ae4054f405d1112109837b2a1307d00ad0ec1fa52cac269cb793031e9d61c33899e35438da4f76bff8f3bcfe
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 053a14584df77a14dea9f4297f79ac6fba8aedacecb10bc6c83d13595118c3a30d124a3fb5378c03a453f6664fbd0f4e1f7cabfc2b187dc0284a7b6d278ac37323bf7212b430102328afef1ccdb3be872ae2ba59c37cb2537d7a51e7eacf29747878e4449da15bd2b05c0a098f80c6d3
+** GENERATE (SECOND CALL):
+	V = 9aa85053ddc0b08080b6fdf3c4f6916e7f525a5b1de445d24c5ee71bbb8e5a1efef98fa164b7d150875bd2657e6f6ff7928e79135cf35a
+	C = 2678e47959a133433f8609ae4054f405d1112109837b2a1307d00ad0ec1fa52cac269cb793031e9d61c33899e35438da4f76bff8f3bcfe
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 4a5700156d33aff5243b8d88657b16a598127e574cb5e220
+Nonce = 43167b6e4ebd4c50a59aa9d4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2e16d33adb738fffc3df48121b5559bdc701d3902b185d8edbdd4c35fb08ad68717b1d01eb09ff828ea84315bf058a892d8635f0d8f8c5
+	C = ab693e7272ca82fece18f2217a06869a8199c5f2abb8cbe6a0d61d822adf3f768efafb88dd4c8666cdae63d8826845dee7238fde2bc2e8
+	reseed counter = 1
+EntropyInputReseed = f966ea4adf63363a050d12382d7068d6c9c6e7cf850be90b
+AdditionalInputReseed = 
+** RESEED:
+	V = 4f112c861fa0bde35c121c1a2e5d384f3c153b585a9f97ed599dbd9b4400f023dd9137f98423f9a6872c67e7b50c411755e775c0ef8bb1
+	C = bae60efcd09796579cbf4ba7a4286541f91fef76a03dfa194c7ea3f050e140207dd67f3e2f5a2433759f2f0e9424d17dc7b39f58c34c03
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 09f73b82f038543af8d167c1d2859d9135352acefadd9206a61c61ecb0ac6c092390cf1d6c4ed3abb016effae853384febfa34457fe168
+	C = bae60efcd09796579cbf4ba7a4286541f91fef76a03dfa194c7ea3f050e140207dd67f3e2f5a2433759f2f0e9424d17dc7b39f58c34c03
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1342c78c7121c6b9363474c735c994f2c89100cf6c06344d326c05bf69b1ceec8d00823c1c816e03ccf4d13db674d7708a4c209f88404914da82bb1b6ed6fe01cbfa10c10a727989398c5ae64b7b57c048e631e3faeeab4c34df9dc5251d4e18dda3e4f12f3bc5e783d02ed83210abe3
+** GENERATE (SECOND CALL):
+	V = c4dd4a7fc0cfea929590b36976ae02d32e551a459b1b8c1ff29b062d22077db0e070eb91f5553bff2ae643cdf7fc1d859379a05d3ca996
+	C = bae60efcd09796579cbf4ba7a4286541f91fef76a03dfa194c7ea3f050e140207dd67f3e2f5a2433759f2f0e9424d17dc7b39f58c34c03
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 1c4405caf62d73d1ada68eec295ea86f0630aed709941763
+Nonce = 2df6305cffecd5d821dd862c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0ecf12108aa494f31bfa07f79bfefdb932712911b4c910966f57a3633da88ee5df808d1ec9377112d4d8cbdd79b286b8bcfd877dc3882f
+	C = 949d4c544c3050ef8061c10e9ef1e9efb2d0dd1dd7d474826b5c1d9bb361f9c8f90b2556c71b2cfc25fb6c87f22c4bf032ea7dd34b4be5
+	reseed counter = 1
+EntropyInputReseed = f99f06dba62537afaf29c55965d7eec60c19ebb503e80c34
+AdditionalInputReseed = 
+** RESEED:
+	V = 41986feb2823d26e9188d5bb2169acfc19acbab47c8908054eb8032ab558bfea34dd345462992d116c31666c5577c33a397220c9bcafcf
+	C = a062c5b8934f35c38f7991651cb7490c62e007dbfe33833494875513488a98c2adfe53e4d84915de6a815bed385c1940ab476a4eadc75e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e1fb35a3bb730832210267203e20f6087c8cc2907abc8b39e33f590b49c2b7147567ae3a3395bb2dd2daeda7c8eeac29d978f6f3613221
+	C = a062c5b8934f35c38f7991651cb7490c62e007dbfe33833494875513488a98c2adfe53e4d84915de6a815bed385c1940ab476a4eadc75e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8f043b04fae73acd55312abd4518fd458c6e869ce7d8f7d089a8e64ee9d4bcd06d15f2adf8862d923eb6d8d20fae3f459b7eb47cb0d9ab9b57bb465fb829e1988653d1e36f6f872666a82d3ce4ae7cbe332f0edf8b843da7537f1721a43d99997b270d3cbf75d05513643d0dc95871cc
+** GENERATE (SECOND CALL):
+	V = 825dfb5c4ec23df5b07bf8855ad83f14df6cca6c78f00e6e77c6af183efb4e36830a6461ec80b7a279afeda28591fef7a19f4962087c68
+	C = a062c5b8934f35c38f7991651cb7490c62e007dbfe33833494875513488a98c2adfe53e4d84915de6a815bed385c1940ab476a4eadc75e
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = c9a2b74f3ea0fe38c3bf769cbc679b3eacd3bd9659d4ede8
+Nonce = 21011d88fd24c59123723349
+PersonalizationString = 
+** INSTANTIATE:
+	V = ad15b35cd146785565574d83a598db491e0491d8a2da42924c0f0825fdaeeb5d60d5ee6bceb7ac27150259f464192268db63be2aad8a2d
+	C = e7b22d5db07b0169474940195e62f19d6ec451f494718d9ebfdcb32306d9c59498c9dd1db3d8057be2ad9c3538f11650f7b69bf90e5dd9
+	reseed counter = 1
+EntropyInputReseed = 72864dcf7710f41d98780c212aa31823fc3c22cbf4ad7a06
+AdditionalInputReseed = 
+** RESEED:
+	V = d2427edad45b1b6f23b210758aaff3103b6e00de6f18cea0b398019f57438cc6bd27584b53a9b1119284410cbb9748f326cd5f7640d0d9
+	C = 941066eb756e1944cfbe05a56d4bc5411ec700f286368139ba3baf9c8297f5b4f7e4a2c19c31c884d8b3db9542ba2b9b98846ea9ef4a8c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6652e5c649c934b3f370161af7fbb8515a3501d0f54f4fda6dd3b19acfd5414f89d56a774b7c095086fe55c96fcb3b94f02a3e8250f069
+	C = 941066eb756e1944cfbe05a56d4bc5411ec700f286368139ba3baf9c8297f5b4f7e4a2c19c31c884d8b3db9542ba2b9b98846ea9ef4a8c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 02a24885060377fe17abd2c6fac586b8f5108b04761fe85e3ab9978ead09ddda3cf00cb08533e0e21d5bcdce7b33af5cbdd4564a024b84a133f7b43a868a2fa9259cd39d84a49ccbbd2b7493366f1dc26a770bdaf6ae54432282af5ee2374a747b068291f5daa96a9764f48bacf6ca60
+** GENERATE (SECOND CALL):
+	V = fa634cb1bf374df8c32e1bc065477d9278fc02c37b85d114280f6211668306e0a0a8c7a02785ce79698e6164c7af97a0a749a2b076b8aa
+	C = 941066eb756e1944cfbe05a56d4bc5411ec700f286368139ba3baf9c8297f5b4f7e4a2c19c31c884d8b3db9542ba2b9b98846ea9ef4a8c
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = bd752adb3e89d855cfcca5c51668e624bd41c03ffb0538ec
+Nonce = c7ac9c28b4a4d6b9180dbea2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2a58e609117c11e1d93848264b16d0dae0721fd7f5d1baff952766faccf9c72aa8cf1f07165aacf2e3e32b750bb418b847abdb16324a05
+	C = 28da1c2c4a20fbd1cc5759837088567eff631d830b9328503403d3592fbbf3e03479e28981f0abadc9a78d4093b81298b639760488a50f
+	reseed counter = 1
+EntropyInputReseed = 338dd6bb923d5d257a963310f11b5f49061691049eb020a8
+AdditionalInputReseed = 
+** RESEED:
+	V = c9e6be03f72ed0803b147eaf7efb5c96802ee88daf5feea877407b678f8f53814c2d53f5277c55095ef985c907403fc31829b7cbdb3fa2
+	C = c520a250f445faacbcd9ad7d429565e584063f23a44a7cd3a3d948d679d214cc0360a44fa276b07504cffc8a858ab3c873d726b855f65c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8f076054eb74cb2cf7ee2c2cc190c27c043527b153aa6b7c1b19c444f628a160b003167ea18a83adb2f3cee07bb91355fa366a172c048c
+	C = c520a250f445faacbcd9ad7d429565e584063f23a44a7cd3a3d948d679d214cc0360a44fa276b07504cffc8a858ab3c873d726b855f65c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6359053e4fa37c05a71c375461636a4f73b8b9f2c2d44fcae4fe37887e43ebfc78a697d5043a74e79f722b9c33c3c31656cab14dca0b629f771387e285eb872bee0102835e7f034e272572eecef1833517ad1805eafc601ff31ed1022c7b47360ed7c03e5a557822bb4d1912cb4edac1
+** GENERATE (SECOND CALL):
+	V = 542802a5dfbac5d9b4c7d9aa04262861883b66d4f7f4e84fbef30d2900b49f2ffc00c00341d13f0fe6f5955a46ea6163411b0c18e8ddd3
+	C = c520a250f445faacbcd9ad7d429565e584063f23a44a7cd3a3d948d679d214cc0360a44fa276b07504cffc8a858ab3c873d726b855f65c
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 8206d0f6129eda9a36aae6e81faa497a37adbc87178769d2
+Nonce = 6ddfb0e6a8383f60b0e08912
+PersonalizationString = 
+** INSTANTIATE:
+	V = b262d322dec69bc21198d83624878579fcd1a842f646b8d1f1a8ad837a1b78114f38c4b6a1945e8d89619bf1682a1444d05cab5e609470
+	C = d792e622b22dc325724cb05fc1b9a21623b3a87d81f7fb4177ccf8f605cddb295e2f066d79edcc05239109b3f44d6f754465042afbf885
+	reseed counter = 1
+EntropyInputReseed = 225696bbb7125ca68647d67b85cb047ac5ce8dd373676233
+AdditionalInputReseed = 
+** RESEED:
+	V = d6452674d6672be917fa1a9b8b361b46c053be68d5a18bf7acb84aa92f105559c40e2d70b0ece928464162f42cd349598d3026124dfaf9
+	C = 8ebdf52e8c25d4f180c94c702938d0711e670e8f1c051a62b64bb3e63ce9b71e196808d5bdba83c37b869c486de19f77ff0dfa60f51c71
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 65031ba3628d00da98c3670bb46eebb7debaccf7f1a6a65a6303fefa1bbc071d0fd19877a87a1f1af04616853e459bb0f6a8532ce74adc
+	C = 8ebdf52e8c25d4f180c94c702938d0711e670e8f1c051a62b64bb3e63ce9b71e196808d5bdba83c37b869c486de19f77ff0dfa60f51c71
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 740a12f60e7a0dde917210d1f580f7d02dbd6e7de29fbc3828c106acc308bb26d9a9f37e78fe47f55aa68dad12a5295ae092ee0225dd8cb3530d377f53de719fb8402b8352c9cfef167024a0b018243c13c647a3fae483c9d20c6e9d5bc4ce8e08c927ac7dfa3d18e3472aa348e43297
+** GENERATE (SECOND CALL):
+	V = f3c110d1eeb2d5cc198cb37bdda7bc28fd21db870dabc0bd194fb341ce1ad1a4f634b58117917450c2a63bfd135545af8eaf306904ef72
+	C = 8ebdf52e8c25d4f180c94c702938d0711e670e8f1c051a62b64bb3e63ce9b71e196808d5bdba83c37b869c486de19f77ff0dfa60f51c71
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 815efa9d0f261eaf51c50d22899dbcba39bf202f7725ec6f
+Nonce = c7714ce6bc7483960073071c
+PersonalizationString = 
+** INSTANTIATE:
+	V = d336415b448037d3a2ecc364f86d917df043153fa9543a497efd636a45262d462d96a7086099a05b442527e21b4eccdec8f5aeefb4c08b
+	C = ab2bed0b37831ce92afa1d96aebdc52591f4ddab0c9d9909d9bedc3688f2ad733be8cad433ded20241493965352fc7cbda88e0c5c526cb
+	reseed counter = 1
+EntropyInputReseed = 855c7271562ea2d2e62f00b2af47166bcd21503f84af4276
+AdditionalInputReseed = 
+** RESEED:
+	V = 61783397144d29ba8744dbc9e9a62a1915bc725b96ef24135d47f97a90fd5eac9d3e91b37f4ee54ff7068e3c9a2b87c1f9b494b5a45b1e
+	C = 08a770f58cb88461ad843ecc7688f92c149ddbd0372b8d8096bffc01100642c305f6ae1ba12d121a5ebc3e2021fa21102e6cf834b04297
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6a1fa48ca105ae1c34c91a96602f23452a5a4e2bce1ab193f407f6203fbc9eaf07dcf306db7ca7c4834588f76ffff0172c41d8af86b477
+	C = 08a770f58cb88461ad843ecc7688f92c149ddbd0372b8d8096bffc01100642c305f6ae1ba12d121a5ebc3e2021fa21102e6cf834b04297
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5c9db0c5b3b8a313da526926205fe52c5cd0e54f5aaa40b74269432cddcbeee2430d4f36c739fc157614f3863e0213166df4368b073c7b6f18c1519acd578f790ecb729b7c35a8137399d4f08b2af98d2aca981d36ffbb70d9bdba9d7ffb54c33112db8e036360fb2634b4a24d5128bb
+** GENERATE (SECOND CALL):
+	V = 72c715822dbe327de24d5962d6b81c713ef829fc05463f148ac7f25f95988fe4f39b9e7466d980b341de4df25b8c53f7be1cdb52103c14
+	C = 08a770f58cb88461ad843ecc7688f92c149ddbd0372b8d8096bffc01100642c305f6ae1ba12d121a5ebc3e2021fa21102e6cf834b04297
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 1eaf70c6795e86e723cc9f13330c94f7fc86885ba46c90ee
+Nonce = 829eaaf7b3c00d4d4293687c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 15f50289692630650d9dc3a1cba7d2ff8271b078d7fa64c60542d56c9103d8b81c29196ce0f270bccabb0ce06bee5f8c40ec7dcb0cd262
+	C = 0c574b9b4310245ec8573e041fcef993a46e3a6d59e6cb296f47824942a393fa395dcf9191c253eea7e55873aeb5b73e795cc290dddd11
+	reseed counter = 1
+EntropyInputReseed = f2f7f156af697abb2b5593724c8c6e0aaaaa1fbe1dfee3b7
+AdditionalInputReseed = a9d90ef9d48cc0723b4ff35ae45242fe88d2dad5b04f92cb
+** RESEED:
+	V = c1602065e3f3ee53bb52bab38b981eb810407bf878fcf7d31bb6e55f197bc7ba39df816d3812989cbde02a926d39be037531589edd7da3
+	C = c6487b796fc4f3c953a2bcdf1c50c31b2a0dd207d08d9566de916d6bff353faf61af2d9e56e7e0e04a149f6d8abf110a5924f02777f1d1
+	reseed counter = 1
+AdditionalInput = b895d86be29d3beadc120572da13b54c69f47f4219e77788
+** GENERATE (FIRST CALL):
+	V = 87a89bdf53b8e21d0ef57792a7e8e1d33a4e4e00498a8d39fa4854430dadf3b260523b068a2a0cce61a1c1161e0fb213d3aec6c08ad958
+	C = c6487b796fc4f3c953a2bcdf1c50c31b2a0dd207d08d9566de916d6bff353faf61af2d9e56e7e0e04a149f6d8abf110a5924f02777f1d1
+	reseed counter = 2
+AdditionalInput = c48840b321e0d323f720504d03f86fc8033b827d861f62ce
+ReturnedBits = 7ef4fdafd899d23ce22d90a61847f2bd2766b841e2ffcb6f9499e5658103f430c1fa2dd100a36349c8e60594e0efc34256772878e16f45c7d23b1b85e4f5aca49a13071378561880aea14303277145b17433456b452fd538fbf2d30fdb0a40540527858f0322e3b900739dbbfea8614f
+** GENERATE (SECOND CALL):
+	V = 4df11758c37dd5e662983471c439a4ee645c20081a1822a0d8d9c2cf2c82cff2e0674e72620988b1bc6809c0850b0b9a2982f87c2beb76
+	C = c6487b796fc4f3c953a2bcdf1c50c31b2a0dd207d08d9566de916d6bff353faf61af2d9e56e7e0e04a149f6d8abf110a5924f02777f1d1
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = ff2cfd158c9ae40daf14c2c7449f2df33a0129e53836991f
+Nonce = 09821e5728611deb78bd0458
+PersonalizationString = 
+** INSTANTIATE:
+	V = fb2e5843514ea693fe23ce52a1114f3676b48f1629935485f2dd9714418a95c2c9f0a8bff8b4727a5736a53f94a7adf4295e37061f77fe
+	C = 7995c182ff3ab150bcdd80024f6a02f9cffe9451122d0cb732e94141998ddf884c704acd8752a1ffe435ee5fcb67bd20bb17147dda47f3
+	reseed counter = 1
+EntropyInputReseed = aff9000cb21aa8f0dc3bb9d31934da2fb169ce6efa0fb6d0
+AdditionalInputReseed = 4e65110883653802f8321a2b89b237eb004b27b1d33940ed
+** RESEED:
+	V = 08cdc729ca4d7ae3157dade9e9e9499d887c4fe5020d17195b5d45ce9c60a67b48af9787051fefc845cfa3804a30d7c337685136c0a2dc
+	C = 44db8e50503f8aafbe10d31a8c0d2f384e8066ece5dbb76fd5ecd2ee45d6a8a2511333e29e1141d4d136da8e924ab655c59fb22847cc3e
+	reseed counter = 1
+AdditionalInput = ce9aed15efd63cfe787e26d935533526aa5ae20305bfc192
+** GENERATE (FIRST CALL):
+	V = 4da9557a1a8d0592d38e810475f678d5d6fcb6d1e7e8ce89314a197e018363f8e189889422dabc81315ef307be63b811e88b7bd08d4138
+	C = 44db8e50503f8aafbe10d31a8c0d2f384e8066ece5dbb76fd5ecd2ee45d6a8a2511333e29e1141d4d136da8e924ab655c59fb22847cc3e
+	reseed counter = 2
+AdditionalInput = a434a4d087f6d740b7a28c5dad09e60c1789ff5e6e8b2c2b
+ReturnedBits = 73b77b5c73c53b20830f18b2ebbbbfb76f2366786c9cc73d6c826647e199e7415578bc4ae774c16a894a071205272eb8f74ad4b2bf8256c4623835f983c280cc3493721555b26cc6ba83b258a38ba8685f37fbf746af830f25df421630d58c8c698100f10b5ac5e9390918fbb442e4af
+** GENERATE (SECOND CALL):
+	V = 9284e3ca6acc9042919f541f0203a80e257d1dbecdc485f90736ed02c8e2067dd525eb2f5b44f69f52c5b4300256cec21849f4375e3687
+	C = 44db8e50503f8aafbe10d31a8c0d2f384e8066ece5dbb76fd5ecd2ee45d6a8a2511333e29e1141d4d136da8e924ab655c59fb22847cc3e
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = addf5571420df808796ff7cbdc2b4c97ec966cca6af8a474
+Nonce = 1733ac88de535b249f103470
+PersonalizationString = 
+** INSTANTIATE:
+	V = 365f77dd24bec1c91bef9fc9793b5c1dc03052f7a34fce3f87e56efba8c484601cc2f4d04e2a159c5d71f8abfc6411b5e180cf8d4af41b
+	C = 014ae603cd11a32d0fbfd348f5a1c6020dd4f0b72e8ce94421368085c093d86d7a94985234b91a4f48fb2f341407a8efe7ce0f0bfaacfb
+	reseed counter = 1
+EntropyInputReseed = 20371a4cd7067991c789130fca6b2d03f3421c116247d6e8
+AdditionalInputReseed = 947ff99073f7908ced85ea09476f4d97db9be1793597dfea
+** RESEED:
+	V = 12760b6ba872bca0fabb53e175312ee98b86f351a07dc1785973235044f6057e31af98e9719c984cf312f5ff4131884ba434ffcecebdcd
+	C = 232567177b4e4e78781a0b3fccd37da8b5404caf8b6234de086446afd88db17e78b4b5ffc0137e8d25e3bf3ec66ecb8bfe880d7b399722
+	reseed counter = 1
+AdditionalInput = f03b22b0cfed96fae4dacc1230619d4e9d7d5c2bba5da950
+** GENERATE (FIRST CALL):
+	V = 359b728323c10b1972d55f214204ac9240c740012bdff65661d76b2e6e4fa3724d989f63352715d9d978857da57f759c2f3338817d2da3
+	C = 232567177b4e4e78781a0b3fccd37da8b5404caf8b6234de086446afd88db17e78b4b5ffc0137e8d25e3bf3ec66ecb8bfe880d7b399722
+	reseed counter = 2
+AdditionalInput = 41f2211bddacc055f4ec3efc0faec4475d971e55b611be2c
+ReturnedBits = 9d503ef25d01e069182664e5f5467347aef73fc9aeda5194af883d89118a9dae9713771b8cc221d5b34d33cf2abdf33ee6ab609d5feff7af59ea21f4cb43eecdca0c7b1b7eae70615a507785e92f3529666d7e81a2fe0cf81889a692d486ec290155f09a1615fb0dcb5fac42970e056e
+** GENERATE (SECOND CALL):
+	V = 58c0d99a9f0f5991eaef6a610ed82a3af6078cb0b7422b346a3bb2c41d9b48e242b8520814faff098e9c732d77913fac0865a87453580d
+	C = 232567177b4e4e78781a0b3fccd37da8b5404caf8b6234de086446afd88db17e78b4b5ffc0137e8d25e3bf3ec66ecb8bfe880d7b399722
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 42d7dd88b8d21dc995c52a77fa845b318a92e8f1bd865ac2
+Nonce = 66875975e13005aa12409aad
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2570a4e91fd1e8994fff8fc0be7543811dca2a3e5aeaae3236be1b7d38e26f28c6efb963ae4a9adca0dd1c15a92e6b3046e56a8cf8fe7d
+	C = 889720cc65569cd3a7f6e3bef4d3523762480450692189b8744102d729b731e3d294eccd5978b975a10001b84229d35eea088637589805
+	reseed counter = 1
+EntropyInputReseed = 34a83100189d0583a411c91cf5dc0e11c359174f5dc85c51
+AdditionalInputReseed = 905f364018b7c0e481fcb5b1dbc62d2643142e620c377642
+** RESEED:
+	V = c49cc4c0a86f0d815f9757a6072502ec627fd44bed39dfa81c233b1d09846833e844de77223eb86911c05877bc1d50ad47cc4c6d1daed9
+	C = 44c00c72e15ef7a25a79dfe756be76a86dc0a2baf59b79af7bf97a63d8e5813be9a9cf9fb626ebc0d223266cdc9c4205f7f2b16a4e6421
+	reseed counter = 1
+AdditionalInput = fecd26b2cbdbcfc4fca630d1b6cc3ef4e427b37e0ca60655
+** GENERATE (FIRST CALL):
+	V = 095cd13389ce0523ba11378d5de37994d0407706e2d55957981cb60bc4e53d1447c92eee7ff80665173c0e96c2f9debbbd652319eff375
+	C = 44c00c72e15ef7a25a79dfe756be76a86dc0a2baf59b79af7bf97a63d8e5813be9a9cf9fb626ebc0d223266cdc9c4205f7f2b16a4e6421
+	reseed counter = 2
+AdditionalInput = 2b74ce8ee5dbde45a9de203414653c4febded3d21525fce6
+ReturnedBits = e8272949dce395f3e85c73de906941fb9232dc257eb6defcb88d30bcc79db5bcbddd0488a680334b5dc80fc4d70ef734ba9fd925e8c800c9a3faf54c58e5c50a8318763d165983c6a6a408874867148562ffa236bd764939dc68cafcfb497ff2fbb2cc92d69f4ad6770e8b47d696a8e2
+** GENERATE (SECOND CALL):
+	V = 4e1cdda66b2cfcc6148b1774b4a1f03d3e0119c1d870d307141630eebbf260aabb36be0396f5125bb9da42c711ce331814499fbe749f3e
+	C = 44c00c72e15ef7a25a79dfe756be76a86dc0a2baf59b79af7bf97a63d8e5813be9a9cf9fb626ebc0d223266cdc9c4205f7f2b16a4e6421
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 69a1593a6f81316e8a362269e6ed8de64f40f6f2301bd0d2
+Nonce = 26668affd533eafa9704b3b5
+PersonalizationString = 
+** INSTANTIATE:
+	V = de37732a15a29f5599312cd5ecbbb7160c3c2974fa0b9790b0eb8113a41673c09bbcd02458c83d750c94a85f16911895944eed1e859d54
+	C = d1b54683391df80d5890e2caf3934261f2999d6542251433cd15874d225e2bdfeb0376448abeeb5ea36ad14ac354ef30750331081d135b
+	reseed counter = 1
+EntropyInputReseed = d1133d5d225da27f4810df93a0557d5829797e2c2d7d36b7
+AdditionalInputReseed = c707bf97898f86d6262bff09497c29d39bb59be92b01adc3
+** RESEED:
+	V = 8303b8dbf7250b8b82755cf80fc7ec05fb060de54ad9558975eb532999ecb60ca06f2ab27b4775c5dc69f6dc5e355303f11984591a6f77
+	C = e2ffec5a0c118926d66e303ccf4278df8858385009d0d0512668a3bf573a0fe1c813abaea96a4d103794a2e8519834240e63e5f5e8bb20
+	reseed counter = 1
+AdditionalInput = f38d44a77c73c3b179495b4ed296a320cce783a812c0d64d
+** GENERATE (FIRST CALL):
+	V = 6603a536033694b258e38d34df0a64e5835e463554aa25da9c53f7c1ce1d540b543cb3526892c99c372151b5dd335e0dca5a1bb8d6b09e
+	C = e2ffec5a0c118926d66e303ccf4278df8858385009d0d0512668a3bf573a0fe1c813abaea96a4d103794a2e8519834240e63e5f5e8bb20
+	reseed counter = 2
+AdditionalInput = fad3f68f9472f68cb1ab37edc56cc7075d8fc1f112ade099
+ReturnedBits = 1be5e99190b1af2cd979d02b6b09b33f479861a0e49482b423f0ab30c15cccb0da09d04fe8b5081751eae8304161343baac0eb77e39dee028d8d0d7a92bc0c30564c3b716a053ec3114952eef839d5b84a8378489bb2ac10d997e8d59172657496d9daa8d23d78d70b77b842f8bbfa9c
+** GENERATE (SECOND CALL):
+	V = 490391900f481dd92f51bd71ae4cddc50bb67e855e7af62bc2bc9bf5685429031edad57c42574eb87ea15655dc17eea90f5d43370993df
+	C = e2ffec5a0c118926d66e303ccf4278df8858385009d0d0512668a3bf573a0fe1c813abaea96a4d103794a2e8519834240e63e5f5e8bb20
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = d0ccfc7f6a373445acfab7bd05bb5c0bc0cabed8cfb42e48
+Nonce = 8793ee0bac708e370c253683
+PersonalizationString = 
+** INSTANTIATE:
+	V = f1c34b7a9279c61fbf32055fe6fa86061abdcd71ce65a84d9150beb61ffaf2df899ce83fa48c5e237ec08d0e17006242a414dd790cae5c
+	C = ca9b25ff243e61fe467d919609d8da734fece41f663d0710ca51e33ea980ab9abfbf501bba59b333b217777ab2a049d0407a83b2c4b662
+	reseed counter = 1
+EntropyInputReseed = 8593f5a50db69810292180e87577ff8370f35e466c2177ff
+AdditionalInputReseed = d0dc76c33ab0c90eeaf3830113de6054a128290a80ac20c8
+** RESEED:
+	V = 5a693bf111885cfbdfa0cb82ce36512b1d8001ee5b69a051f255fe80f3e4c965c745223be11e25aa2c6fed34476ac1daabde2328c3a4e8
+	C = 994252d0c2311302bf2c9702bb4a9c0a573806fdf2cc7e06802e65b823146d0380da8055fc772cf9eae114cbe4e5a3eb35804cdfbf9cee
+	reseed counter = 1
+AdditionalInput = ccac86489666c2a6fddc3f6e2570c2307cda24569403bb5c
+** GENERATE (FIRST CALL):
+	V = f3ab8ec1d3b96ffe9ecd62858980ed3574b808ec4e361e58728465e93fbfe04c46c1e6260f7f48f18c464cfe6b100c023cf6eede161cd1
+	C = 994252d0c2311302bf2c9702bb4a9c0a573806fdf2cc7e06802e65b823146d0380da8055fc772cf9eae114cbe4e5a3eb35804cdfbf9cee
+	reseed counter = 2
+AdditionalInput = b8ced867c5c6cb136175d0d6ffa679fded3f56b575d9e6c9
+ReturnedBits = cd3ba2bdedeea628ead423161229e1255f1dd9a4181635dd1c976d289005c46c390d023ae1226de2791d1a3cb6aca0c053730d254f21135df8abcce606639617aa59847fb618fb8c2ca5b89b68459925ba9a878f4812cfbea8a06f6d1fb5f506ab29c7bac891895a36982bbae6a20711
+** GENERATE (SECOND CALL):
+	V = 8cede19295ea83015df9f98844cb893fcbf00fea41029c5ef2b2cc9d9377b29fe9f6080e22ff47adea74866410a94af6c490fb99e24aa3
+	C = 994252d0c2311302bf2c9702bb4a9c0a573806fdf2cc7e06802e65b823146d0380da8055fc772cf9eae114cbe4e5a3eb35804cdfbf9cee
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d7526cf570e493d964256ed5a799d3e5fbf919bf608623f1
+Nonce = 9f469c4346c3813c44586d79
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4298785de4a3d1fb145360b99b266abbe569253d4b55a704593a18cf0b39bc7c1d1915e53b809a82ac5d2726c1cfeca98caebfb68427e1
+	C = 92dde669f780ef4196446ac95587098d5f670419ab03b77417e9d4b540d3b3365e3772b84141df7c44e1f4f51ac095c008d0b82106586a
+	reseed counter = 1
+EntropyInputReseed = 82e45bab8d347f54b8719f3f7fa9a83143380e7e0c8c92df
+AdditionalInputReseed = 45c769abb8f6a3731e385d1714d775506180bd4517bfe377
+** RESEED:
+	V = 714de7359931e98455685d6b83fb4391ac55ac3bca5dcb35d0d64a354af036270976fcb7ee4051990afff5b9ae0b04e1822a20d1c850f0
+	C = 659d2bddb8abcdf8ef75230e6b4156eb2beb78fe9069c55442ee180343dbb746d4b0e88ad9184b497b1419e582ded44264379b3ba6122c
+	reseed counter = 1
+AdditionalInput = 1d499db0cd565d75f2050a578ecac88353818f44079bdead
+** GENERATE (FIRST CALL):
+	V = d6eb131351ddb77d44dd8079ef3c9a7cd841253a5ac7908a13c462b5e7d256f9f1f147de37f8765b402e8f1f422060fe29ed7c957623d9
+	C = 659d2bddb8abcdf8ef75230e6b4156eb2beb78fe9069c55442ee180343dbb746d4b0e88ad9184b497b1419e582ded44264379b3ba6122c
+	reseed counter = 2
+AdditionalInput = f6d4e231e3808b5d46a3c0a7eb1351aa2d1c8b457b325879
+ReturnedBits = 54eb5886741684672aee8a28cf2d769c9df417eb3767b987e4789435a82a9a0770a685bbff2688494ec2b1d49dc0e7a9b2dac63ee7df0363da40757cc77f1a972815bf3306c9c14176ead4f9a282fe2e92f5d626823e53f8897c19267139dca7747fd40ea72ffc25fc3a337a2d9e4e95
+** GENERATE (SECOND CALL):
+	V = 3c883ef10a8985763452a3885a7df168042c9e38eb3155de56b27b95d2fc79311e48a56d1fb1b72adbaf94a690db454574807f2e8f95cb
+	C = 659d2bddb8abcdf8ef75230e6b4156eb2beb78fe9069c55442ee180343dbb746d4b0e88ad9184b497b1419e582ded44264379b3ba6122c
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 0c9372869327533a59970a02ca04f1600a4dbe4e22bad859
+Nonce = de6215c3b9c2f1534c5b3f4e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8567b4ed30711077144ea50e9ebd5f63d0f697642a8568d053e84d7ab0bef3938905bef1b0cf228147b2917121b6df2e631c7259551624
+	C = 3580b442c5fea7b0c35a756019514a00fbeeb2302f7e88ec2baa945e19383de4da84548eb6f989d724011f57a746537b1d9746caf8d91c
+	reseed counter = 1
+EntropyInputReseed = f910b5aa4cc17a8b1e2d4714177d8d14f3928537139bd654
+AdditionalInputReseed = 62189fd88300ab40865121ebb175d9004e878b2195b5c376
+** RESEED:
+	V = 80912f0442f4b0f391b251c4a436f50ade981915d15f591d7848049b4cc003ae0ef32c6b453dee4ad03e0cd7dfc3ac00236a27f3e728c1
+	C = acbec58b3379a436b26674af5468f03c044649408e1e6238f68d4eb935135c6c3e288df467b365e5bb73d268b0aa8e93c91a1dac295b7f
+	reseed counter = 1
+AdditionalInput = d1598565ee6722d17ccedf404f1faabaa50dc0281e9e47c4
+** GENERATE (FIRST CALL):
+	V = 2d4ff48f766e552a4418c673f89fe546e2de62565f7dbb566ed5548a545875c8a7fddd8b1283e363fd05c988c0e4468b8cbe403b9fe27e
+	C = acbec58b3379a436b26674af5468f03c044649408e1e6238f68d4eb935135c6c3e288df467b365e5bb73d268b0aa8e93c91a1dac295b7f
+	reseed counter = 2
+AdditionalInput = fae721bd6e80ae962790eae0f343192d7b7fcacd8117c6f9
+ReturnedBits = e6159057bdae6948915d7e6f0607d8eeffa9daa5afbcc00941268861b42ed7783ca6905d46bca2222da47da80e90d7292f225a0d1e2fbb81fe77505a641a2e4ee473874e1bb118ce73439dacbd9449f65f01c8897ed2274fc10a71552f12782a2a1267a09e3a5ae730deb59a582259ca
+** GENERATE (SECOND CALL):
+	V = da0eba1aa9e7f960f67f3b234d08d582e724ab96ed9c1d8f6562a3f29528ce4af069244e3f1d02fba1ab465d023202a3e705ac2c4fcdcf
+	C = acbec58b3379a436b26674af5468f03c044649408e1e6238f68d4eb935135c6c3e288df467b365e5bb73d268b0aa8e93c91a1dac295b7f
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 2692e47a6e772202e2a65cd6f3f3749365f318172082a3b9
+Nonce = 50ae7730d89068c45d79e80a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f66667683ade61e229a5b0f6479109ec03d1c38a0159e19799ba75ca0c7dafef8b776c4c863f20bc52fe47065fdfccd226c886e8dcc1c
+	C = b07454f3a8f4333fa1dde56893c347d8cb7a2a1948f8d18c777d6664248269e9b76dba247f4301a62184987e66eeb6cd9a3c8d28879a2b
+	reseed counter = 1
+EntropyInputReseed = b36303200f24c77759aad6be65866e11f1e553b0c0f071ee
+AdditionalInputReseed = 90ddf16a459bcf0306eefb363c8b3e82f7695008ff2ab7e3
+** RESEED:
+	V = 8d397b503e210c3d2a3a5920dba0e37f7f2601d15001ba88956b1bce6d05d92c85a1d738b74c2d7a20ae1d8b0eb96e52619425630d7649
+	C = b4fb9494f027a15417e41242d09e88c346f2f80c1949c4d0986af3fe637d51b7673fc4591ea9e34ee954d1168a74ad7e252d1a221bae45
+	reseed counter = 1
+AdditionalInput = 45d4e5baf35d41286a4d917deb4d3f3dc3a77f82d1a46325
+** GENERATE (FIRST CALL):
+	V = 42350fe52e48ad91421e6b63ac3f6c42c618f9dd694b7f592dd6111b0e06174b0aa37862253029043ecf431059c457a0e36a53b57cecfb
+	C = b4fb9494f027a15417e41242d09e88c346f2f80c1949c4d0986af3fe637d51b7673fc4591ea9e34ee954d1168a74ad7e252d1a221bae45
+	reseed counter = 2
+AdditionalInput = 0caf63bac44f089137407c74e90c1e47d8f079a084e77fc4
+ReturnedBits = 40175297cf653344d3ad29e9fa86abb96be3d2e9c6e7cd308056ce92f902c187cd632d7c759426123316ff4fcd7e1c733873ff642efaf8c7b8514f129abc8d71837a3bbb2b573e638917993efa7daf0e3ba153b7f0155759869beef611ce81732a1f7a81916ea99f09e8dd99822f124d
+** GENERATE (SECOND CALL):
+	V = f730a47a1e704ee55a027da67cddf5060d0bf1e982954429c64106812cd75e68f097478066e5dbc170f3fee6f3cc6560f0e0da1ec0422c
+	C = b4fb9494f027a15417e41242d09e88c346f2f80c1949c4d0986af3fe637d51b7673fc4591ea9e34ee954d1168a74ad7e252d1a221bae45
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = b2b03d52be69876c6bf6b16cb12a8e536b53f6cc82f3a54c
+Nonce = f9abe6be30e18988792f5b6d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 755e4ddf4a8156225e2fb287a7b4f90cbd5f7ad138c81a8d1de132c080ddebafc8b0464d1fae2d061579729c14c7041195fb99c952b19f
+	C = 7548aa90c32e48a6a9c9ccb5b2266aceac0ea7f21c951edafcf24a9021f5bf66c4fea08d6597e917d37046d26140f29c8219c124b60fdc
+	reseed counter = 1
+EntropyInputReseed = 56654f8caadf872cda8ef55072cbf91bf50005dbf115e1f4
+AdditionalInputReseed = 18ee53bb6366197bd2707c456d89fba7c08f348d9e259fba
+** RESEED:
+	V = 0058a32c55da326872bb75883f1ffcf11f45582637c6481ac7b42ffe0c49298e79fb45b23f47d80460d8abf585dfa82efdb6767c99b914
+	C = bc568ce82857a05005f217f977940d564a3e5bbfae4ea1536f86fe6398cd28924ac4a76a7c27ffcd79d51135b9b8f019d79732f80a6b81
+	reseed counter = 1
+AdditionalInput = 3ab4b6daf1a3b52f2ee6a1d1731b0a7d24dea9a5377babbc
+** GENERATE (FIRST CALL):
+	V = bcaf30147e31d2b878ad8d81b6b40a476983b3e5e614e96e373b2f86b17878ebeee6d3eb4f485f8b700b0b7cb6fbbb2733d2eec4222bd9
+	C = bc568ce82857a05005f217f977940d564a3e5bbfae4ea1536f86fe6398cd28924ac4a76a7c27ffcd79d51135b9b8f019d79732f80a6b81
+	reseed counter = 2
+AdditionalInput = 033463f9cd0354ce3163b9d03a9c91c9f6d5a5eb3a2fd7a3
+ReturnedBits = 68173341a4c218bd2773d887fdefab9c7ada6f6ace89f4be8cd7b0eabf7946909f146dc68155f30ce29d279cdfc344a3ab46d53ae7d254d1c1c32ab0f039d8d6e200df7de6665fc386cf46b310fd708ae09802502009d853376818e1f1a6d69e6635d46b3d061864226524e0cc7b95df
+** GENERATE (SECOND CALL):
+	V = 7905bcfca68973087e9fa57b2e48179db3c20fa594638ac1a6c22f0351406780e9628d4f84903549700c0228a84afbc092321383dd24bf
+	C = bc568ce82857a05005f217f977940d564a3e5bbfae4ea1536f86fe6398cd28924ac4a76a7c27ffcd79d51135b9b8f019d79732f80a6b81
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 04f582559d10d842b92d719fc4691646e192631ae79ddb5a
+Nonce = 6931f5e294b422346ed72a8f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 73f965ee5efb6065496b10805ee51a682a166d5317590f9acb5f986163f44b8299c934f00ab6521d8b4a3a425ef08851150a17ca8a3d86
+	C = 56c3ee177d662d9ba248612aed6e37b02c4a61363d9925214ef0fc63d49a936ad48719badbbb042cd41f3801cea8212a4e75bc5523174b
+	reseed counter = 1
+EntropyInputReseed = 6f0b855b09428394ac34a29c5529bade63426fa2664a2299
+AdditionalInputReseed = d03ba3cb73a7408dc199757ce674edd72e32a10db383b563
+** RESEED:
+	V = a6fd87641d4b341189068a3faf07f3589f655ee38328264bfe31ee091ada9eeb9bd1c0c5134ba7a8c6f8ae9aa8f8744084a8298d595567
+	C = 99b9632fca5b968865f78301cc766d3099fa3279ac538697b1fb3445387406134b54a2291948435f4d8bdd48a6043d013d65a87a69635b
+	reseed counter = 1
+AdditionalInput = 7803efb4feb2369e3be4221d6be55a6fbd2dd4fc83988239
+** GENERATE (FIRST CALL):
+	V = 40b6ea93e7a6ca99eefe0d417b7e6089395f915d2f7bace3b02d22d9638500bc3c20fbcab9db77a416f155eb1f4dca0e9021875aee33b6
+	C = 99b9632fca5b968865f78301cc766d3099fa3279ac538697b1fb3445387406134b54a2291948435f4d8bdd48a6043d013d65a87a69635b
+	reseed counter = 2
+AdditionalInput = 5f804877f232f76698fbe1b43690ba951aa0be0628c24721
+ReturnedBits = fd69f99593d37a917a4fc57fdd19bda59b45274722e28b666668039fe0b56a7ed0b96ba31dd6869bb314a45263a38b1ed661c501ea1a81db09843e0068e62f9f69fc4be554c18f92ceeb0d778e3b21bb6853a10e1dc238b703c713dac84b52b82a32abfa54fabbd225de1883f9eb66b7
+** GENERATE (SECOND CALL):
+	V = da704dc3b202612254f5904347f4cdb9d359c3d6dbcf337b62285828303168959820ac7779ce2a7ad1085acf613386acf305ae513b74ba
+	C = 99b9632fca5b968865f78301cc766d3099fa3279ac538697b1fb3445387406134b54a2291948435f4d8bdd48a6043d013d65a87a69635b
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 07bbc7faeeee046fd96a1114bde5f1fb5ddf5b7994ba2960
+Nonce = 3c8292952b41475dfdbd7b5b
+PersonalizationString = 
+** INSTANTIATE:
+	V = f3a60ab316740c968101aabe8e75fa8ef1e595b72ed8e7cac4275feaf76dfc9acfe2faeceac737562a950507b26aad06f275b899836d35
+	C = 0f87e76ffdfeec5c3e705c2584f3c65b514b508cdef161999187d31e13fd475f1fc8418ddbe45eb5522faaa895ad8bb1b46cfc4e312289
+	reseed counter = 1
+EntropyInputReseed = 5aac4650128485cd24706f278a076a030ddd31ff56bef4ee
+AdditionalInputReseed = 5d8fbf25250538592ea1dc96c04d034f26da9940aad5fee9
+** RESEED:
+	V = 45e4e4a1fd0152d6c152875543280e68f8a42732762b87515b50a0d4c9e351119fa5ebc0bbebaed16f0433451f08d8ec10ed3c6eaaf1bc
+	C = 82162d642102e09b6dcc52139fbdcaf52e388e8dc06b08684faac1329fdf162bdc6cb2aa6c81bf1b9d5b31d21ab1290cbdd5f87a2d3dd1
+	reseed counter = 1
+AdditionalInput = 67db23cef22e84445ea5c984c9d583779f80bebe15edb069
+** GENERATE (FIRST CALL):
+	V = c7fb12061e0433722f1ed968e2e5d95e26dcb5c036968fb9aafb63b4878c469a04e80486d93b0cdfbdb5c3cac4463e90cf88d624c41da5
+	C = 82162d642102e09b6dcc52139fbdcaf52e388e8dc06b08684faac1329fdf162bdc6cb2aa6c81bf1b9d5b31d21ab1290cbdd5f87a2d3dd1
+	reseed counter = 2
+AdditionalInput = db2e026e9c24f236f52d10080ca89fd26a118391e6e5bfae
+ReturnedBits = 4b3c4d5b152fc757bb854e3bc3a1f596859129210694e75adbf37853c5481bae43c49f9ca5c4d0d28f64df00a5b58654073ff58969776581d57d3dd9f7e1d45cd1110a2673da712d7367072f19ee784f551473d6181bff3023ad97317830a18e2247c2376375d0bcb5625818f302a57a
+** GENERATE (SECOND CALL):
+	V = 4a113f6a3f07140d9ceb2b7c82a3a4535515444df7019821faa62606df99d9c24e441633a42767a9592b7d9f55ac827d111b9ae133f88d
+	C = 82162d642102e09b6dcc52139fbdcaf52e388e8dc06b08684faac1329fdf162bdc6cb2aa6c81bf1b9d5b31d21ab1290cbdd5f87a2d3dd1
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 29e15065e4812b92e9dcad9848b899d23b79384e3a11165c
+Nonce = daf1a1c1d37afea9806b8dd6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7cfdd04aa3324ce1028d0dbae1e9c712d01991cabd77cc6513f92fcb462ba49855ab4426146e51f5c10827494be1dbc91025a95533ddcb
+	C = b7347f8e7acd5c84a1619b448448f71dd3a89c6646c8d7fd1b4cc502be2b82ea3a8cf0f25cc2fccc3a5f83a050ad15a428f827326a3400
+	reseed counter = 1
+EntropyInputReseed = 720f87bb3f5c4637e753d653b569c2538f258e511d5e9c46
+AdditionalInputReseed = 14e83267590f6703bd6d6c01fb4cf470ff6e96391af8c3cd
+** RESEED:
+	V = d3bc8627737f04645af47478ec487e28440e0709e2dbdea17b82b088d2aa44e5710549e1a4bbaeb041749694a3398aa3408a79451fc490
+	C = 746feca2b6ab152e774e4be13dd0e263b8ba15dcf442c0c962efd6b3f84e3d68d6c8bd1a0d349dc2b51ef693db65ecddb24ec15acb6053
+	reseed counter = 1
+AdditionalInput = d5213647fcf2649b8580f24ffc27757dbd1c55bc55e2b166
+** GENERATE (FIRST CALL):
+	V = 482c72ca2a2a1992d242c05a2a19608bfcc81ce6d71e9f6ade72887c161d9dfe3ea81683a4a85a89068a933b7301a2c2e8ae4747190378
+	C = 746feca2b6ab152e774e4be13dd0e263b8ba15dcf442c0c962efd6b3f84e3d68d6c8bd1a0d349dc2b51ef693db65ecddb24ec15acb6053
+	reseed counter = 2
+AdditionalInput = d9d2b1ca6d1a215dac0be99347eefae0dce6226e36335bcf
+ReturnedBits = d913fb68362952acb8a18d0148a294d59b25e3a0bdd808b232e6ae4c84575cf8b6b37a172f17c3c7cc1fbd8cb691e3008c9e4361136d417aebb54f3576e5de64612a3271a253de5700c38092ece941f45c6d964dcf52957e8f7dd2581462c3861099fd92cf345c4d1c2670c6acc28adb
+** GENERATE (SECOND CALL):
+	V = bc9c5f6ce0d52ec149910c3b67ea42efb58232c3cb616034416260cc28387765a872757a41de524be796ebf4657b3d6fe79c356b14bdda
+	C = 746feca2b6ab152e774e4be13dd0e263b8ba15dcf442c0c962efd6b3f84e3d68d6c8bd1a0d349dc2b51ef693db65ecddb24ec15acb6053
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 295a13442cf72d12f38b0b5e933eff8ce8725c9079660703
+Nonce = c371a01e998433d9e1aa25f7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 13e1c059eda202ed64958cb1c2f33ebed55b56b023353bdff693ec632d58d7c807637c24334e811a7b3bd64f4273a352335b7e6c541b9f
+	C = 1b96eef8996238c04f9edb169ec231b83c668783b6f32e2bfe48c2d4b376a2909b749c23bb897d98f35861a11c097cd112c4395d47e4c1
+	reseed counter = 1
+EntropyInputReseed = 26a02fc884a21b89c4a6c9755bc5daf22ccace2639c430cf
+AdditionalInputReseed = a7d97a0af5009cce65b141a09cb60e18414253aeefe80a48
+** RESEED:
+	V = a30948518aeecc11c4d0a21242f036a026e16d23947d09c78cfc224ac361007a11121aadac0111ab04b3d1fe9e24990ab22de317ca8d15
+	C = cb7a2c44d73071223544548f4c69657d8434dd2974ef4a79330f2ebeab11743631d1819fb3999c4b99fc0467386d171b5278ae9d739576
+	reseed counter = 1
+AdditionalInput = 538a2851a873ea01bef800cbd1d855eaa1d027780b846204
+** GENERATE (FIRST CALL):
+	V = 6e837496621f3d33fa14f6a18f599c1dab164a4d096c5440c00b529da22cf82f56431d28b81d6810a3617255419a15275492ea2f61d25f
+	C = cb7a2c44d73071223544548f4c69657d8434dd2974ef4a79330f2ebeab11743631d1819fb3999c4b99fc0467386d171b5278ae9d739576
+	reseed counter = 2
+AdditionalInput = 3ccadf62072785ed9ea2da33bf641e326ddfbb004cf988eb
+ReturnedBits = 1b49b8718e90e497c8f4ef0373bbe03c8fd4724a2aa4f0b8d80d1cb07ed392079d7b7c8a2124ceff816b8dc881fc64140b1787f3fe0c63eecb3a1c25b716b60e9baea29617b355accd163544336299c9f91349264e637683e4f08f534a9ab5888b88f20ff1b0722394a9128b0e415d56
+** GENERATE (SECOND CALL):
+	V = 39fda0db394fae562f594b30dbc3019b2f4b27767e5b9eb9f31a824ff047f2f5aae7d078a85269c1bfc39d9e876c4123604fd829700f46
+	C = cb7a2c44d73071223544548f4c69657d8434dd2974ef4a79330f2ebeab11743631d1819fb3999c4b99fc0467386d171b5278ae9d739576
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7b87b9b9548920cdea262cbd1512b61a6fa8ff9d6e17364e
+Nonce = e0d763b2633e36de0fc7fc48
+PersonalizationString = 
+** INSTANTIATE:
+	V = d4945434f36b50b056f55a2d3a2c2269d47c15877c4bdf19f8cc8292047fce0adeecb813aee7c752245a8078875b8ab25c4278420a7a78
+	C = 38f0ff907952e23789c69fd83095f7f8257b6d95a05ae03a14bd18791bf18e973c6d479365f42cbfea90108c2bed466e0448654aeb64d9
+	reseed counter = 1
+EntropyInputReseed = 90e162d216858791c00ff6a96a1a60260cbb621c738f4423
+AdditionalInputReseed = 0b352873b979a90d32623c34912eabad7171c0987695f7ca
+** RESEED:
+	V = 7ae4c76e726bb166a02287a645844bcd55a18808a27bf2b9dc604e852333cdb4931e96712287871dba153f7f25de3149069938e84ae907
+	C = 70765772909822483219b2682a0973402af99da85e514b9c855ea3c85e02f0ac6b198616e641dbd3b30bcc9633655d06f9deaaff71e5a3
+	reseed counter = 1
+AdditionalInput = a22babffdcad127a6677873f6f05e313bd48c0aa3957860e
+** GENERATE (FIRST CALL):
+	V = eb5b1ee10303d3aed23c3a0e6f8dbf0d809b25b100cd3e5661bef3526ca8c24927cdd2905eef3a16d082d1b042f2d28a72c87d4d0bbcc9
+	C = 70765772909822483219b2682a0973402af99da85e514b9c855ea3c85e02f0ac6b198616e641dbd3b30bcc9633655d06f9deaaff71e5a3
+	reseed counter = 2
+AdditionalInput = aaf6789596d3fa3d8ec1ff9ed4587eb0d4331965f65767e5
+ReturnedBits = 1267fad4ed681e61517326682961d2003c3d27d32a0e9e173793b9297583b61456e762bef169d148fcc44d3d5340a155c7f47d08b09b894d91fae42ced3e81cb2b4acc51ed0f38714d693fac31fef1bf7b3b7dbe7e0e54416308441981e11f9aba134cc5cb3bd47f232eac30e4c065b7
+** GENERATE (SECOND CALL):
+	V = 5bd17653939bf5f70455ec769997324dab94c3595f1e89f2e71d9881d4569a5aa379d98c4bc42a6ca6875409b16cbb3a3b72ab76b96e1c
+	C = 70765772909822483219b2682a0973402af99da85e514b9c855ea3c85e02f0ac6b198616e641dbd3b30bcc9633655d06f9deaaff71e5a3
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = ff7de564180adfa8c569e61c11193b68a71987cdc676f1b8
+Nonce = 66219c14ea8058b53fdddce3
+PersonalizationString = ae7f41a459141a135ad26596e41c845c7d371d1fb9916db2
+** INSTANTIATE:
+	V = 76069307e4b0be0713b4391150657e7a8e5cfba2a79ef710691c46c31e4ba29d4a424789f105c3208cd9d5f16099578e80e2bbc09b9383
+	C = f3d501d922561b7ffc5204133cc708c0b83ca1ff424434a16d7f4bafb023f621dd82c5940c1af7d06b021b9878ddb0494ea0282719ea8d
+	reseed counter = 1
+EntropyInputReseed = b391be47c3047c82eceaa06003911a445b67516fcf0ee982
+AdditionalInputReseed = 
+** RESEED:
+	V = cde3a402917b9eb679c8429058ce1638eee9722afc6d135f5e039f5ccac4023aae48539190871df0af918d99390b962a43bb60ca4c21e2
+	C = f169df10fd514a03fd63d6a8dcc995caf695b1aa4dac625150ae250893544c2b832086983a330ac198004c961691e0b31d1d04da0e8197
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bf4d83138ecce8ba772c19393597ac03e57f23d54a1975b0aeb1c4ddce44ef44b60b49fded69575e279ef54b25285dc7c7130624b6f567
+	C = f169df10fd514a03fd63d6a8dcc995caf695b1aa4dac625150ae250893544c2b832086983a330ac198004c961691e0b31d1d04da0e8197
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c94026a647ec67a8cf3cac7b9f7ec70d78292facaea89070a7b0ece435525e16c744f6235775ac899fedcb0f43326d1845397978cd22f8800e6a641c2bab6d56261c154976bcaa769dfde96b50efff70789e120197258a6f5af456f34bcf2db8d2a90a824ae5c4e5a1effbdef93aa0c5
+** GENERATE (SECOND CALL):
+	V = b0b762248c1e32be748fefe2126141cedc14d57f97c5d801ff5fea925e97dc76d23e2a9e10bfc91fa672476597f03fcbf149e890b0f85f
+	C = f169df10fd514a03fd63d6a8dcc995caf695b1aa4dac625150ae250893544c2b832086983a330ac198004c961691e0b31d1d04da0e8197
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 16b96835b9f25792958fd9ff8c50573c61a2818671a1b1b6
+Nonce = 03c00436aec8a2fd7e30c467
+PersonalizationString = fd840e727433105ae5250360866d85e08c931118938cdcf5
+** INSTANTIATE:
+	V = 563c286a9721c22bba03537e16d3c0f2b138fb15dd90e12fc61f9611bbe8a4018b93e96910219169f87b1c9c4ffd7fb16e021da820f7d0
+	C = 783ca8a6aa396e9b65375752a273f050a2c229019413ee4beb4c492b445b0627981709a6305dcb4d2d3cca66090f15fc3fadd04b359e9c
+	reseed counter = 1
+EntropyInputReseed = f2df6069f0e0e32c291f376aeaff443030e73bb94eb07f6f
+AdditionalInputReseed = 
+** RESEED:
+	V = 0e9cb026e8bfd95238221efa0052280abde71e01a52a97779885279ed964dbed3f93b7532a80a7265c014227e983e43415ecc43737120d
+	C = d26933867f75180dade56febb2bbb1ce6c1ce0e9b032fd5014e785718eebe02cec33f9a04b1bc00eb59dcf48525f2149d41555b8cfb7aa
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e105e3ad6834f15fe6078ee5b30dd9d92a03feeb555d94c7ad6cad2d4405227d1a6adbf961817ef359ba2056d585b08f65bd765bf90fa5
+	C = d26933867f75180dade56febb2bbb1ce6c1ce0e9b032fd5014e785718eebe02cec33f9a04b1bc00eb59dcf48525f2149d41555b8cfb7aa
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9b4a84129f3fd094222f637f7356682efdcbed25d5a328398a983d449e92187ea88e122a2dbbbd271c7c4020ec5a241eb7fe5bb4fb5b6d84dc6b82357ce197d51516fadafb0602171c6ed982d621dc0df6df52642cd52dbe1b8be2ff851d6c5c4e8e602134735d5b1b8b972939f2c249
+** GENERATE (SECOND CALL):
+	V = b36f1733e7aa096d93ecfed165c98ba79620dfd505909217c2543386374c6ad8937db4480eea7682d9f6e5d43c3bb14a94712baaa16ee1
+	C = d26933867f75180dade56febb2bbb1ce6c1ce0e9b032fd5014e785718eebe02cec33f9a04b1bc00eb59dcf48525f2149d41555b8cfb7aa
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 23993ff7f6acabe1aaf16e88a0dc4f4865b9efcd8e5cc95d
+Nonce = 1b56a5b578fe1383b6027596
+PersonalizationString = 7eddbab0a50f0022a6c4da078ce91b612b129663b6724d5f
+** INSTANTIATE:
+	V = b2e8c1fcc45f16710a9fcfbb1faace2bb5855c06b1e09e4b580ddc1f8d8b928be72d8f383be97b6fd0e731d700c102cff4a6bfaa131e6b
+	C = 5bfe4ae97fb1880c6741c26a6976bbf004a81e20d987a1edef2fadc4dcad564a7e119ad9a336c997c677f13b8c5b98d123408b7837e7c3
+	reseed counter = 1
+EntropyInputReseed = fe356095e5c1d855563d09923854948933679b876ec44587
+AdditionalInputReseed = 
+** RESEED:
+	V = 28adfaf0f4734a8b2cfc66eb982b127e032d42a606855a2458f500aba3d41aa4d747db6988038e35252bc58dc3bb1be8abdc218ff73baf
+	C = f608ce44478a908157461f82ad39a400e5aba797d40c610da5d98d73fa5d96663a8f8ccec6dee7948bf3756838501a1d60a58093fd05b5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1eb6c9353bfddb0c8442866e4564b67ee8d8ea3dda91bb31fece8e542a7a2e7eb4f6c73620fd65fdfb2ab362b1a81e7997496d22642c13
+	C = f608ce44478a908157461f82ad39a400e5aba797d40c610da5d98d73fa5d96663a8f8ccec6dee7948bf3756838501a1d60a58093fd05b5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6ebac1ef67c15135c7aa07bddfa780c6a0a24e3e55d81b77642b0d2fa44037c72ff3215fcc85c95eacdca155a433776ccd350f51c086f6282e77a8ef9e5f70595198368cae36d92f64e8e15028fabbf48951d7cb244022a0d35582d0cebfdca705792f54a30e18e1fccf3c85e6d37007
+** GENERATE (SECOND CALL):
+	V = 14bf977983886b8ddb88a5f0f29e5a7fce8491d5ae9e1c3fa4a81c20a08b86b90d78b2c8b57538f2ad159c30ce4cd196904858de54e917
+	C = f608ce44478a908157461f82ad39a400e5aba797d40c610da5d98d73fa5d96663a8f8ccec6dee7948bf3756838501a1d60a58093fd05b5
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 966d82bccad23e769d61e6db32d8b820c58a5adb22dd9f21
+Nonce = b60718703bc8623b2d5887c7
+PersonalizationString = f9314060df2ac41fae0e365f06ac2ad4dd282cdcea3db544
+** INSTANTIATE:
+	V = 924c5219ffd861f424d65a3a637f02500954f3caf23886d7e063c5707eda841a2ea88e31f32d15caed2fe6ec446e3f075fcf39160729db
+	C = 441d4a7ca1a22bb46f8192a6bd7eefa278beab7cfafe50193c5174c388f435dd06b7cac59066ba6334ce2cd0874f97c7e9bf946ba755d8
+	reseed counter = 1
+EntropyInputReseed = cf87710075deb015e61a78064654c42f0ccb7aea18b98eef
+AdditionalInputReseed = 
+** RESEED:
+	V = 39025a2ea5034840a701a039bdd466c78a6b2156de041447fc00e17f66736461358ca943f7d52fdec5936fed1b565b9ea289b301d08d91
+	C = 1a666fed71bee2da551d3fd9238cd31939acffe03fd1dd787df936f87fd6eaeb9bdb4e3417b52a80043f6db67de66b00e02cc4f457e55a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5368ca1c16c22b1afc1ee012e16139e0c41821371dd5f1c079fa18c4f52cda1a7b65b12b1daef56c8336f1b9d41c708d3a0dba1fb65905
+	C = 1a666fed71bee2da551d3fd9238cd31939acffe03fd1dd787df936f87fd6eaeb9bdb4e3417b52a80043f6db67de66b00e02cc4f457e55a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c9232112fa9acca6a826f5628bcc54caa644e3efae6b39fa7ae0d20beefddc2ef43394af24b2cc0fb6592b8ae43112145c684b632ca289561040abbba8079d82ca4758bf05357ef524d08e2dbe6310c2722eb472a9b33ee07a2c408b06cfb03d0f8ec1ff787fddab044b62d5dbb4240f
+** GENERATE (SECOND CALL):
+	V = 6dcf3a0988810df5513c1fec04ee0cf9fdc521175da7cf38f7f34ff95a1adadfb0419f31984b7648b1b519c37e6f17dd2847c50bc83a53
+	C = 1a666fed71bee2da551d3fd9238cd31939acffe03fd1dd787df936f87fd6eaeb9bdb4e3417b52a80043f6db67de66b00e02cc4f457e55a
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 7c2f96fa61e00b6763210fd031241a17e4448a867750768b
+Nonce = 442fb392e1be5532333692a6
+PersonalizationString = e6b046b4a28da9337993a27c7ed6b7c4bc75897472b0a6c9
+** INSTANTIATE:
+	V = 45396dc3b0a397087e04d0ff6d52fa37c9a0ddb3b3808468edafb757b85a2bfa77e4948080c752de9b7a608655c25ecea0a99380d12dde
+	C = fc258abd9c1040b591fae2ed48be579600943e22f36cb6f462a94b62f56c55c2ae31e4e3bafd602817da6f64e3fd9c220407af9fb2c69b
+	reseed counter = 1
+EntropyInputReseed = 099cfb5393f04d4e506b7214c0e33f67e6a2f387bf78de05
+AdditionalInputReseed = 
+** RESEED:
+	V = ca10f11e544abbd94569b34d5966e6a2a2db15a3ed972fcbf7b5286618ce23ca3b1be428b7ad6a78b48ecc8760eae48dc4e81701bcad50
+	C = b5b2a0accad91dd4e0b200e198997a92a37848e0e75095450195d1b116d3e4db1047fc029514bb700d122ffeee361025710bc2791598a9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7fc391cb1f23d9ae261bb42ef200613546535e84d4e7c510f94afac7688013c431df1c986eb0c9afceaf7bb633621d3cdadec18ece4812
+	C = b5b2a0accad91dd4e0b200e198997a92a37848e0e75095450195d1b116d3e4db1047fc029514bb700d122ffeee361025710bc2791598a9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 953fd65283748dc4a911d3fea9259c45c4dd5a567db537570c3677d2c878218a2faf1c16ad7d3359136e946ef664ed16c58d680a04c751568e339cf32d2a908bcae0cd979db576fd8597b41489693494dbb9f5eee26c0dea804561d23ebdcec8416c858857b8d5c671344a808ff5f0e8
+** GENERATE (SECOND CALL):
+	V = 35763277e9fcf78306cdb5108a99dbc7e9cba765bc385a55fae0cd41421fea14787b9a305e5392ad4611cc136de433dfc0984eb1cfe3b0
+	C = b5b2a0accad91dd4e0b200e198997a92a37848e0e75095450195d1b116d3e4db1047fc029514bb700d122ffeee361025710bc2791598a9
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 1553d8b919183068d8a3c8948a0a8d987497cb460f7d13ec
+Nonce = c47783ee7636cfa1697a0121
+PersonalizationString = 5cc3c20ac4817fbefe0bdbf24bde8b81ed9aedc9024ba5ac
+** INSTANTIATE:
+	V = 6a87867b199eb3f38c17992038336c99c372924ac356d7da34f97b221fa1ad9322b7f5260de733be37d3e59941656be6fa899162c5e256
+	C = 5371f688bd03b669e4c877b69b7838e09dac3742150b703daa363fc6611e2b1dc3281bdd3cc7e7da7b44a4bdb3efe357293841fc7e793d
+	reseed counter = 1
+EntropyInputReseed = e62be7d3aefe4ff150c50911e2cde702fdea82b84bb09b64
+AdditionalInputReseed = 
+** RESEED:
+	V = ff500c3f63e79172c31e7717a4721dbe5a6377b5ee35c61711290e243dc91ded892ea2785f5609f062dd387cb35fa77ac7efec092fb02f
+	C = e5f855d61581e7c4e28f715fefae84b489de11e2d5d6352a63722c91e7a791af33ac0dd63a16ca75b754175e1738f0074aa23b50502319
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e548621579697937a5ade8779420a272e4418998c40bfb41749b3b3961e6ad2dfc10268267fa7789d3e5b2e55ee872d193da00ae6030dd
+	C = e5f855d61581e7c4e28f715fefae84b489de11e2d5d6352a63722c91e7a791af33ac0dd63a16ca75b754175e1738f0074aa23b50502319
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 703d19db87253cdde4e6064def735289c85f35c7d557e825a2eb19b555f0b47030e7a2a1a344542754b7d478d1ba7f544a8d31594a667868cf6b4166caa097593c6d54e4776e244e6c701a2e10601228cfffec217ffcf15ff3621d86eda093d8bbe6a910c5478cbd5cf55f4bbfa969dc
+** GENERATE (SECOND CALL):
+	V = cb40b7eb8eeb60fc883d59d783cf27276e1f9b7b99e2306bd80d67db101fdc9e7c15fbe381f3efbf2e5680ff9c5d5e2f85cca89238c8e6
+	C = e5f855d61581e7c4e28f715fefae84b489de11e2d5d6352a63722c91e7a791af33ac0dd63a16ca75b754175e1738f0074aa23b50502319
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = eb80cacc1f6f45dcd380f17ea8f64f501f49fb1e52b30d92
+Nonce = 42f972ab765f7194dc9d9371
+PersonalizationString = 54327a9024c5c1f680922458e64613446e5ed81870d95f34
+** INSTANTIATE:
+	V = 4324606961181fc3d360c06d101cf89ec98aa16fd35ed1b63aaa3abb6e90a9283c29836c7f3ea56e1cce440046b0952b04ffedababadbc
+	C = 80cac401049940667289a6b3e884401e349e065ad5a732340de76371d52d9878fe16a91ac348aa4a15d25a2ff837f4f074c4fbcad7a561
+	reseed counter = 1
+EntropyInputReseed = 7bfa0d3c09a9b69466af31e5b174427d52dcb268f3318971
+AdditionalInputReseed = 
+** RESEED:
+	V = 8beff0db5a58a7a68b72ccde4fef800494483879ac202d53c38d265e0cc39040bc12fc0c10e6753c48e4a63af2f2937aea11bcc8744aba
+	C = 94140a5334cb441f602375f876212d04eb7fabfa2c816ecc74ab2dd1ca8a321046e4cb5be5caf15af43b685a9166cecf887ca425049745
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2003fb2e8f23ebc5eb9642d6c610ad097fc7e473d8a19c20383854ca1eb209a50fd286e158325cb35bd801825333e8ad206b88f6f13f9b
+	C = 94140a5334cb441f602375f876212d04eb7fabfa2c816ecc74ab2dd1ca8a321046e4cb5be5caf15af43b685a9166cecf887ca425049745
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 35fbe6141526686141ac69fc3d89e92564d45ab6476a9f9d76e80516aeea7497fcaf657fd84346d40e7ff2a598e71feefbc43a56525bc88d3bdd3b95a282ab5db534d6d64f1e87cb216c016a1d5acb2cf30110a31ba126ab0fda8869d24c28923fbf4e714b0dfe7d1667077595ad89a2
+** GENERATE (SECOND CALL):
+	V = b4180581c3ef2fe54bb9b8cf3c31da0e6b47906e05230aecace38354a1f5806f2fbaa8107c1f3e4f87e7c7cf02c70cf70b4e797fa93bb4
+	C = 94140a5334cb441f602375f876212d04eb7fabfa2c816ecc74ab2dd1ca8a321046e4cb5be5caf15af43b685a9166cecf887ca425049745
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 7cad2dfb8bf4ad272db0cda9537eb40dbe06dc356c263c3f
+Nonce = d4e561888170ac166e78ca6b
+PersonalizationString = 68bb9ad149a5ae20740b5affe79ac880181be1bf929ab662
+** INSTANTIATE:
+	V = 77e65f80a23478cb248fd5d4611a21eab7fc1f87f8409b0bf0c533934dce275823e49d648a0d18e850d45ff23dae06cf5ed586c7a1779c
+	C = 9b22c971e74e7f2056094f68597c7962bffdeb93b06959d65a528a616c1d8b8fedda9d64cf79e175828e48d68ae122315fda072ee42fb4
+	reseed counter = 1
+EntropyInputReseed = 581b5c9577234b5e55276b0eb992eec2e1def03b6ecc0426
+AdditionalInputReseed = 
+** RESEED:
+	V = 2e7a7760558d32e357ba4261de6cf3798bfc2d7263857bca6217eb892edce00c4e624eba4dedd9c84ecaa5500ec37e29239efa608ec19a
+	C = 9aceb5cd9a85737c4e29d2dc0245505b5ce42ac8aa0db07f7c48c1ba35376c1a06228821dd66cbba56e901690f06cda48de53c76abfe10
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c9492d2df012a65fa5e4153de0b243d4e8e0583b0d932c49de60ad4d15c74b280ad5c9ab7893a79bf03aa2630b60e52e4f50a98338bf49
+	C = 9aceb5cd9a85737c4e29d2dc0245505b5ce42ac8aa0db07f7c48c1ba35376c1a06228821dd66cbba56e901690f06cda48de53c76abfe10
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 417382a610110bc53f6c578294435fbdbd84e7cea4878d17c63c8d87fc3edb11d55f18a7eaa0aab5bfb4376960071c274c44d2f44859467118db4e768a664bc4f3e1219527efaf943557079c1f8a6023d284c308c3a4a0581ba9ac70dc8375699810b0ca62e8d4e72f1fd3bc0ca89d21
+** GENERATE (SECOND CALL):
+	V = 6417e2fb8a9819dbf40de819e2f7943045c48303b7a0dcc95aa96fea2dcefd8e5077e8877701401c5ed5dac6ef30e624eef8944c0fcbec
+	C = 9aceb5cd9a85737c4e29d2dc0245505b5ce42ac8aa0db07f7c48c1ba35376c1a06228821dd66cbba56e901690f06cda48de53c76abfe10
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1a5c99f4a98dcf6ad69c08aaeb3b88d1c237c50d0810d0f7
+Nonce = de5c18c4a5908266dc45361b
+PersonalizationString = 87825f8cd9c876f7310e152d24e0393a0f2bce5823c66c64
+** INSTANTIATE:
+	V = 582729556bf9c029940afeeffabe36e286a7999bc71c32c02cf2a99f40b5ae409a5cc776e60678d93c147c529004958eda3cb1e2e3457b
+	C = c3390e335f2adc50e3715449893eeec00c5d148018fee6c502971642a766c3a549a00b57541b04ff0975b20815a869479e3a78d34d6c99
+	reseed counter = 1
+EntropyInputReseed = 481d7a63c7d37a34f56811c17f67245071ed07ce07bfb55f
+AdditionalInputReseed = 
+** RESEED:
+	V = 2e34ef0ee80f5dec0f713610ed883b5e1de11c424185902fd62c430040620866c2139e6f3224409c60408ab69d3c0332ea75071fc88cab
+	C = c7d77b3c1009a7f90a5817a7968d3328e629f19a8603655947e55b496566cd6bcd717c1ef56d920b2a5b3aeba4dd50ddd8cdf25a455dd7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f60c6a4af81905e519c94db884156e87040b0ddcc788f5891e119e782c2df2fe338110109a5645435824fbcaea030aa85098a1073898c7
+	C = c7d77b3c1009a7f90a5817a7968d3328e629f19a8603655947e55b496566cd6bcd717c1ef56d920b2a5b3aeba4dd50ddd8cdf25a455dd7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8a994b32c6374b117f04383e7167cda12241d839940646f0a78e3d12d29846ca6bd235b7a62f6f0ce320c3896ada66d00b7642746a8ecc0bfee86fc192831bfd560cc8995f1b51d7725432c6ba8b816bc3ac5801f24e0906e9a841d59fee76774eb6f07fa4efc6c5d3dca1bfa16b83c5
+** GENERATE (SECOND CALL):
+	V = bde3e5870822adde242165601aa2a1afea34ff774d8c5ae265f6fa76de76abf708d12d30987ca3de686aa73ab541f321a3ee2458e400bb
+	C = c7d77b3c1009a7f90a5817a7968d3328e629f19a8603655947e55b496566cd6bcd717c1ef56d920b2a5b3aeba4dd50ddd8cdf25a455dd7
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 34a758c36df940c0e51bec4c6aeb9214ba1c8cd2ec075bf5
+Nonce = ccc669e97f78016eb10ff735
+PersonalizationString = 9a91e1e67cdbddf97f75c0fcfb164237e340344829efd718
+** INSTANTIATE:
+	V = dea56983a1c271a5d910f09275c4761201abbf487c12037fc2fa5ed889a99186c8f3316ad3793978bf5fa537df280d77b0a4f1e8cfdbad
+	C = fcb11df658e21ab45581f5585ad3cf583840154cd1e5dfe3b0ed2e9214214f6734b852a5308190aee1631b00bf8b8ce8cd5811e1018301
+	reseed counter = 1
+EntropyInputReseed = 4c5a1c7a674ff92541926d538bde9767c55b0b03629f4ccf
+AdditionalInputReseed = 
+** RESEED:
+	V = b84f957b5c88d8c0fa7b58e4caaa11c8958837bcf8939808e6a16947f04dd044b5a61b7df36b169d6e8db4b6e667db52ec929e64818ad5
+	C = 19bb361e8e3a83a86f965115ca73cec443dec7d01332a2c1ed95f44c23837dd76aecc30d66a86c5ee979d93fb5df8ebcccb50adcc0067a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d20acb99eac35c696a11a9fa951de08cd966ff8d0bc63acad4375e7c88d3834384c7987675c2615606cd4f17861d03b7e26f96903aae5f
+	C = 19bb361e8e3a83a86f965115ca73cec443dec7d01332a2c1ed95f44c23837dd76aecc30d66a86c5ee979d93fb5df8ebcccb50adcc0067a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 28a304c21f3189bb5b942211189fead684dc9385bd89286f526343cef3e87515f8494039e2c29b0a37e113ba061882eeff151a7b230923fc8366510aaecc46c3a5dc380ac35d852426709f20990beb16105d74e86413e037232df05e5fa830c060ce2f9178ad3eeb5880d06931c6816f
+** GENERATE (SECOND CALL):
+	V = ebc601b878fde011d9a7fb105f91af511d45c75d1ef8dd8cc1cd52f78c20a4b2b674e9b707588043ec162d3922bd00779c6f5a4e743e5e
+	C = 19bb361e8e3a83a86f965115ca73cec443dec7d01332a2c1ed95f44c23837dd76aecc30d66a86c5ee979d93fb5df8ebcccb50adcc0067a
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = c235091aa2be9f4434b0685e4c1e3f4cefdda78116269b6b
+Nonce = 083b8e2b5943d56544ff3439
+PersonalizationString = 849b3ead281c249fbd987f1c3fd38cdc9542aa9c5ab15f0f
+** INSTANTIATE:
+	V = 9e3885ce4c3dab4742787af0b45a0339609f6155f98bc8e81b8f3ca13cf8b636d0e27250de062fe3692db54efd9829d6427331998e5046
+	C = 31b3b0255587b78ea19a397c0c90bbb90e4260cd8b8b6c30453efb605ec69d1f042b8c2111e0e27301e0e9a0c4bae1c2dbbc56123b6a1a
+	reseed counter = 1
+EntropyInputReseed = f06fbc5bed3c61158b71f53783944e5dc4464d2ca27ccad9
+AdditionalInputReseed = 
+** RESEED:
+	V = cb80a586073eb8715345114e53ff96ebcb6a33045b26ace37b37808169a1fd3ccdf9e4f8a080740f899ea315ec37ba4ed3767cf2ec0b4c
+	C = c7534d3db537d31947d3c689edf0340854f834f34e24f7d2258f7eeea39c18041b06b057f191a06900946bab5e06e16b048ace16c04013
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 92d3f2c3bc768b8a9b18d7d841efcaf4206267f7a94ba4b5a0c6ffc93a2b491b8729bdc8a4054e115eeb9e9cf0abb99c5899b4365605fa
+	C = c7534d3db537d31947d3c689edf0340854f834f34e24f7d2258f7eeea39c18041b06b057f191a06900946bab5e06e16b048ace16c04013
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2e3f5bd813c292bc272c38086704099c39d177fd27310b35fd5bcfea1fad9c3ae56ebe68848cfd8dd447d80bf903ae08e37daf7e3ef3f605f494f69b4b7968faeae17501fcb2d986c071d3db6c204109d7f12e6e575d3bba5c2e0bf2e673e40de19791dcae47d0d8840fda8283fc193b
+** GENERATE (SECOND CALL):
+	V = 5a27400171ae5ea3e2ec9e622fdffefc755a9ceaf7709c87c6567ee8facb43c3f716cef5e927e2675c17180d31c40cf4b85791d255f9ff
+	C = c7534d3db537d31947d3c689edf0340854f834f34e24f7d2258f7eeea39c18041b06b057f191a06900946bab5e06e16b048ace16c04013
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = be1af96725f7398894fd4bd5024eed4a1396c937f1367613
+Nonce = 8070a375f410c30a2f61a4f8
+PersonalizationString = 8f6e48e7b72cefeb1a404384d8f9bf509c99cc66eb8aa806
+** INSTANTIATE:
+	V = b7c9cb4546093ef795e4c1d58b59da677cd8849a147f585d7724bd8c62ae32bdac7da7864356422693cde4d8754ecc39713acb1448bf8b
+	C = a68ab9e7effbf7fa64d0af417d543e8ed8a85a70c1d90d55303c564acc69f0fd9e2b8f81cc94aad8d0b23510bda61ea664f5180246282b
+	reseed counter = 1
+EntropyInputReseed = 80322b895702b31e0cf0394127d75e3e426731b0062f2f6b
+AdditionalInputReseed = 
+** RESEED:
+	V = 01e137f73132b9c1c4f802dcad4c0b89e088bea0bca608626220d8ba1b10669cb1d384375640584a6a0959e11bda46589b2fc16ea5797c
+	C = 6219a5c06d50cdff0102bf1ebedd418ecfe0491ac9482d548182deb90918b27ca083e800218aa1565edc4b4a9fbf2ce23fe58dab8476ac
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 63faddb79e8387c0c5fac1fb6c294d18b06907bb85ee35b6e3a3b81f19fb93012217ae9a51031a3fb215cc50a12b491a1b6720c28bb5fa
+	C = 6219a5c06d50cdff0102bf1ebedd418ecfe0491ac9482d548182deb90918b27ca083e800218aa1565edc4b4a9fbf2ce23fe58dab8476ac
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8510d68648dd8ef59c3ad76269dd418add5b93b1b627936a6e83fc0c0842b1fd9dc948569f1f9e1c9f626b7ff22e81e750d4c8f0e6e2c9fbf2dae137cc70b22f63d20c5d20244d49620ba7a70390d31fe603398904d3ee07589ddbb3f6f88fb9fd7a227bbe779b26a652b1a86a25e8c1
+** GENERATE (SECOND CALL):
+	V = c61483780bd455bfc6fd811a2b068ea7804950d64f36630b6526973292ccc74e911f72096154f86c4064cee2739edcc487674035828181
+	C = 6219a5c06d50cdff0102bf1ebedd418ecfe0491ac9482d548182deb90918b27ca083e800218aa1565edc4b4a9fbf2ce23fe58dab8476ac
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 6b1757a5d51010f18c5070b5b2492f40e9d06a6393bdb548
+Nonce = c79474a64bbae9240e126644
+PersonalizationString = 25b7536bd7f96de739028724d46f7cd9e438d289e1a18beb
+** INSTANTIATE:
+	V = bfab096fbb74475d6d67617c93d8c2ff8e194cbdbc7c451c98363a8756a9935ee7bf102931746b69e614960afb6354881ce440f980f515
+	C = 2d157d386e27ec32fda6e38266218115de6fae387db0fc8f27be44c03143df010eed64a0991f454e01843e7e15967cc63c9b5a26152930
+	reseed counter = 1
+EntropyInputReseed = 106c34afc611c7931af46b38ac479132c0886b7aab760457
+AdditionalInputReseed = 
+** RESEED:
+	V = 02cafb11f9d46635f9a9df728d803af7e7751b2734880864d6f6d2a5270f0e93154e10ead7513bd7a888d9c8eb33a30b16cc29c6191282
+	C = 7a45d0b39c54b46422e220683595bb66cf8b5c62cc035d1492b8bfb5115b4a9e004537273b57e92287d0c8a60b13f5d7ab7e9197bf90fa
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7d10cbc596291a9a1c8bffdac315f65eb700778a008b657969af925def9beec73542076bc278ad6e33393136183a270bcf007527cdf391
+	C = 7a45d0b39c54b46422e220683595bb66cf8b5c62cc035d1492b8bfb5115b4a9e004537273b57e92287d0c8a60b13f5d7ab7e9197bf90fa
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8dc4f4b88934eacb13854aa6c52400777f367c0695cc7490d2c0f9ac28f32c8c117b04a95f2e07c16ceda85a31617d13cac14d8bd24fbd420ade1caf9dd4761e0ee720ac8edaa2915a57b87c8fd65025f9f94aeabfe45d2d92e96e34cb233a182f9cddba5deb55c0726bc8f59779ceea
+** GENERATE (SECOND CALL):
+	V = f7569c79327dcefe3f6e2042f8abb1c5868bd3eccc8ec28dfc68524b31f54623bfe9520362db1c781a2b37f697516515a612f71ea0c9c6
+	C = 7a45d0b39c54b46422e220683595bb66cf8b5c62cc035d1492b8bfb5115b4a9e004537273b57e92287d0c8a60b13f5d7ab7e9197bf90fa
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 4e6c90caaa3cd25a329d13602acbaf08e0263f815632842e
+Nonce = 21036ed420026b38bdf91179
+PersonalizationString = 0bb0fb2145c5a2c1a3a3540d638466cacc39ab7402df3dbb
+** INSTANTIATE:
+	V = 0dd699f93fe884f8c0c0f8c0406e5366d5f705db74fc8a9169b32a0c3fdf6703761fab52443d7c1d220e55247a282498980b0fef9f46cc
+	C = 1fdf644eff9e309bce3933f27b5ac478e617d2f31da29423f6e49e39ae6a65182d4ab466a82ff929139d4df3a5837d13146072ac4b50dd
+	reseed counter = 1
+EntropyInputReseed = 9311d047fa47bfdd000ef3feec4a88b41e926b780a78c2aa
+AdditionalInputReseed = 
+** RESEED:
+	V = a70160f68421bfcd1d0907c5dd5d2c3f4f3182c9a632d7a48f8ab31c1ef72ce92e438b5e6b5970ddeb385fa9c8f0740817170e3ed28cf9
+	C = 2a59198256e02e40818a3fbb755c86ebeffc0c242883c4e2ac7ca274c465b711e4046f37de751559b4446c4b519fb8a8673b942ee26929
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d15a7a78db01ee0d9e93478152b9b32b3f2d8eedceb69c873c0755fce49c16cc01fdc6765b714d758276637c66d252ce4f78d766e41bad
+	C = 2a59198256e02e40818a3fbb755c86ebeffc0c242883c4e2ac7ca274c465b711e4046f37de751559b4446c4b519fb8a8673b942ee26929
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 360c0011334849b0a4d76bd31fe9ae2eae79ff124b37300f602e147bef38540ed02ff01a1bd5bbc8a1537baef01afc2b998f275036ffa8ab9f7896d89bb096113b00505e71172396937bac735c56d8f0fdaaba6c9b01d50836d197c085e7aee9f79e2938f1cdc555576e639b23ee94c9
+** GENERATE (SECOND CALL):
+	V = fbb393fb31e21c4e201d873cc8163a172f299b11f73a6169e883f95b0a75a3fab60507cbcea9b551613ffa1753bbad4afe30a9142b78ef
+	C = 2a59198256e02e40818a3fbb755c86ebeffc0c242883c4e2ac7ca274c465b711e4046f37de751559b4446c4b519fb8a8673b942ee26929
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = df51b3740719a6b72dd37c91b1a128b97a5dc49f6bb8ab57
+Nonce = a4ee4d3b127f06e16f0633b5
+PersonalizationString = 6755de9040b85728cae1eca13a070e16b520eb45b2687a6f
+** INSTANTIATE:
+	V = a731777cf74470184e355f78eb2e4857db48f2d935b8aa6955df1030443534303761d95a037bb052e8e3eb5f7f785904bea0d5f6331c0c
+	C = 15355f26e8ef707ebb3955e6eba5699f889cebf4896365895b265213816cb4bf08ecf5402f1e69ca80ab7acbd397e37bdf477f51c0cb2a
+	reseed counter = 1
+EntropyInputReseed = fc2ffb6c115feec3302a2656da30bf719b85b695675096be
+AdditionalInputReseed = 
+** RESEED:
+	V = 1a6485010977f166c2a13c30ba3d60eeb7203318514efc790d3c70f855e4d9e704ffec2e1d7196e19a367083667cdc6473309b0b9a5397
+	C = 2d7e28aab3cf67af7232a6629dea1a8ac7b7bb00a420ef221e7414d98732719ec4fc5612e944ac0b8624826a7f978de3ff670efff08dd4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 47e2adabbd47591634d3e29358277b797ed7ee18f56feb9b2bb086ae8bd517c63901fdf1b5c8bea6549fb8f785d1ab7a3db59dc7ea57d7
+	C = 2d7e28aab3cf67af7232a6629dea1a8ac7b7bb00a420ef221e7414d98732719ec4fc5612e944ac0b8624826a7f978de3ff670efff08dd4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 36db4354bcb9902359ac925b5615051b7ee09f0b017e244bee69524d4e1effa39aaaf1dc7b22230313fe04d859abe92b998b1803746147204cc49a215aaa56527b465bc7c73b53e5af0cb5a550fb7c0306ba93fd62490aaaf0129e0ec71b377b026ed59a066972171531b9b3d5e1763a
+** GENERATE (SECOND CALL):
+	V = 7560d6567116c0c5a70688f5f6119604468fa9199990dabd4a249c718003b76c63e41b407a2461822b973ba11f98b2fa5b17a1108dc8aa
+	C = 2d7e28aab3cf67af7232a6629dea1a8ac7b7bb00a420ef221e7414d98732719ec4fc5612e944ac0b8624826a7f978de3ff670efff08dd4
+	reseed counter = 3
+
+[SHA-224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 121d0ee38ae583ee8f1f163e4167f23b681afd1e546c53e0
+Nonce = 63c01e53d318531e458db1c1
+PersonalizationString = 7de42bf46730105bf869f2b57816691f3c6609a4bf1387e1
+** INSTANTIATE:
+	V = dfb003b033e295f60968fa763d0fa058fa4be6cca17bfc7e204c7ebcd4aa0b2994be259cf908e6856e37f05e3c9d8eb0699b44bad013f0
+	C = 46ac6d046363d398ec11e41b3b7a065263bc10b05004eb356e7f86413c4942c2004c52f65d1c3726da433c8fb22fa6e39c87ef5c5a1640
+	reseed counter = 1
+EntropyInputReseed = 9050a8565dfb3c02eee0dc1cee900758a06fb1c76c099087
+AdditionalInputReseed = 1eaa6858d8a67ee6210473caa6cf5a0704438d51746edd4f
+** RESEED:
+	V = e4a1c861de575d3a7f46bdff470dadc4667af9cb0a10b166c6eb8d18da1de99370c4cb21d8147373757ba9198fec27ff6635b865c5b1ff
+	C = 2ba850cab05ad55e72843e799d038d987d0915417d45aadff444b74ab859aee74ab9e3e9a6c475ef96dd1f88dbb6a818bc41d74e2bea0b
+	reseed counter = 1
+AdditionalInput = 36112513fc730486f596d96de2ac95a902ab7ea5c27262e3
+** GENERATE (FIRST CALL):
+	V = 104a192c8eb23298f1cafc78e4113b5ce3840f0c87565c46bb30453b5038d702386dded9f0bb112f707fcd02b965c3ff507551d691e7a0
+	C = 2ba850cab05ad55e72843e799d038d987d0915417d45aadff444b74ab859aee74ab9e3e9a6c475ef96dd1f88dbb6a818bc41d74e2bea0b
+	reseed counter = 2
+AdditionalInput = 38358d2ff050b9a7d4b5dc157b3bd3d839bdb7799ab4bf74
+ReturnedBits = 0584a8d2988758906e6d32a08a506903a4b3fb0978b37000140115a0b4de9862c02488b26d2973feee79bbffb6fa88d1ba49e4e769af5d1cf669321f0958ac29471f4bced6ebc3a18b83cccf7d992f4ddf41649d4f6dff47775b6b7d9a8dcdfbae1413d368b8d8b1b701caf8a785ec10
+** GENERATE (SECOND CALL):
+	V = 3bf269f73f0d07f7644f3af28114c8f5608d244e049c0726af74fdbce0af78935ae0a5d893702f3ea6a8ad1d4ed1e9506c4f94a1b19263
+	C = 2ba850cab05ad55e72843e799d038d987d0915417d45aadff444b74ab859aee74ab9e3e9a6c475ef96dd1f88dbb6a818bc41d74e2bea0b
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = a02bc66f54b5eea2176b73775973e175280109df1819c736
+Nonce = 92a01d303d0da3680676a746
+PersonalizationString = 0b2cef5ae0cae11d4e138ab29370d0965fcaa2b36edb4a2f
+** INSTANTIATE:
+	V = ef63391ebe708f069f24c1fcceebf13df6c495df9820fbb38801c7e7d379f1f410c7ed0fe76bb86140e6d21e35f005ac2c7e4cf74863c2
+	C = b0ff0b17e1f02411adf5d29b805ab48f78ae10f855ec03f4cd61ca92b00a247eb60ee5875b541415f991ba31f9c922c18df1c9501ba946
+	reseed counter = 1
+EntropyInputReseed = 6e4c71d6610a73d8b33b9981e093fb92b80c111a47a417e3
+AdditionalInputReseed = c877077d8295e352bef1066b94fd508e703f40b22aec4305
+** RESEED:
+	V = e8d5b5a5800a20a5d0c00706ba4a0f9cdf1e27d43aa7b3e6a0b0f461d03c880aac44280a330a339923e3362e4ab8a8785926b8639ba7be
+	C = 5b055c7148c250c8d634335caf90b6d4adfe01d49d8b8d1d00f99e9f9a56872649920298cbb629ee5e6015d16a54d7c4e47415c968f358
+	reseed counter = 1
+AdditionalInput = 2ac0ffffeae2ce5e29f5d6ebeb9601f5b9bedd5b8233064c
+** GENERATE (FIRST CALL):
+	V = 43db1216c8cc716ea6f43a6369dac6718d1c29a8d8334103a1aa942f2b54d2d527b8d43c65f1ce54b298de4c895449129de6519df66b04
+	C = 5b055c7148c250c8d634335caf90b6d4adfe01d49d8b8d1d00f99e9f9a56872649920298cbb629ee5e6015d16a54d7c4e47415c968f358
+	reseed counter = 2
+AdditionalInput = 9eacb0171fa441a1bbfe3b77829e037477df8f7fd6e30541
+ReturnedBits = 53b83912b7919aa9a29f1f845ffd331c2d614c59185db8c2055108dfe480bcb1fc698213ac2dc1b52310f5958849115068fd2ea23f6a0c3894f2e37689e1da439c7c074e25ed84f2bbf7e337d908e20bdfdff93961a976d3c3bde1fc090999a852dbc979e995f6184a52ece9fe2ffb96
+** GENERATE (SECOND CALL):
+	V = 9ee06e88118ec2377d286dc0196b7d463b1a2b7d75bece20a2a433438ff9d37434699fc0bb4951c50c383a0b066940f26a3ffd1dcec90a
+	C = 5b055c7148c250c8d634335caf90b6d4adfe01d49d8b8d1d00f99e9f9a56872649920298cbb629ee5e6015d16a54d7c4e47415c968f358
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 67538d04ee966ee7623606948dad3352fd0b6de7c0d87b9d
+Nonce = cd358861e90becdb9dcb0930
+PersonalizationString = ce98a12c65bc94458cc545598d5ed7eb424345f0e8cc7c32
+** INSTANTIATE:
+	V = 1903b1d036b199c8d68f6771f73571eeccc6b4e49f8c7c1fd6afbfc3afff65c28480c11cae98cad356a3c271c7ad5ffafe213800785100
+	C = f990e52f73191643acb2ceadac2aad7e882a06acd1fc45d6c88b08ebcce6e1118830ca55f66dc4af25de8929b3888169bc56ece9c8351b
+	reseed counter = 1
+EntropyInputReseed = cc3b2c9ba7d8950cb8a3c073f10bccf9c3c26a58b2ef5ad5
+AdditionalInputReseed = d8a4597e04fe02c8e5086a70ff20644528c37b0ea88636e2
+** RESEED:
+	V = b52fbff9dbb071605454c5f44210281b9bd542a81548286702dae36949313d19b7cdaeaa41d33b291b86fe3dfff940daff62e7da9646ed
+	C = e460faf74584bc8fad2158486da89a13769a4a1651378b8e5c8a11344449a22d912b27a6ea8b07446f12e6abee278f3ac7579b11f01779
+	reseed counter = 1
+AdditionalInput = 6f665f6bdb0db0b6120a010a9a46d6c9e5957c1be702de38
+** GENERATE (FIRST CALL):
+	V = 9990baf121352df001761e3cafb8c22f126f8cbe667fb3f55f64f50ac65ffb2b4b986acda1385058f1421fa75fdcb46768900ca590ed5a
+	C = e460faf74584bc8fad2158486da89a13769a4a1651378b8e5c8a11344449a22d912b27a6ea8b07446f12e6abee278f3ac7579b11f01779
+	reseed counter = 2
+AdditionalInput = f3218cad187cbae07ba2880d12a21ed42d0094e07ba7ad4a
+ReturnedBits = cb7fff2833b82d800cd25a6096adb2487e29c753037eb6e8cfa6ea8ae02fc4c46e0344ae921b0c467f2c5c2131e1ef3aeb6ea997c9fa65ece49cd4561a225eac398a64e33c938804e5b08ef7e029357465d3e70c7759545f2049277944880279bd850d73a9e7a6d1cb6f5923989cdef4
+** GENERATE (SECOND CALL):
+	V = 7df1b5e866b9ea7fae9776851d615c428909d6d4b7b73f83bbef06d82e106b2b750a6c897f830c7055f133a2e664714bd10e27a865ab07
+	C = e460faf74584bc8fad2158486da89a13769a4a1651378b8e5c8a11344449a22d912b27a6ea8b07446f12e6abee278f3ac7579b11f01779
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 4574beadee735b4806c7316bdb59b46098eadace3d3cc8ef
+Nonce = 646ab29641e67ec67fbb1685
+PersonalizationString = 4996ffeef7d63a6c935c9e0f9b07d967a0f6f9abc2ffa740
+** INSTANTIATE:
+	V = 2216bd02ee4a8e9afc92d468da5f3f5c394884c1953eab4c0298d13c813933c28e395442a286b9f98ac346b78aa9ce26569ebc475ee01e
+	C = 5853ac3f350e485e649a214f33f65a1de9607ae91923f5094feca7dd02b5d11689dfb6869e2e0fac00f6ff7151d3ee99af24e2861ed469
+	reseed counter = 1
+EntropyInputReseed = 48696ac6a39cba92c0699629717bc84803fe153f743ef8a6
+AdditionalInputReseed = f4bc6786299e270fc90f6f6d797ad840220debd7e251b80d
+** RESEED:
+	V = d97ad8d244c32403bd4844783b87b76a8a0cdf8c30207eaf07bd833b8ae6a0668e5dadd176cb3b35c4f1dbdeac2aec55cb41c0d4fe0df2
+	C = 2e789173023eb31d5b1ad77808c69fafbd8ed7b267aafbac8b5df6ae7ce9a1a75fcf826fac901aeec8acf8ebee294a973bee5a3508490a
+	reseed counter = 1
+AdditionalInput = 69c48832913e90fbfb447c35d67426c3f3a3dc9c5af9e5ab
+** GENERATE (FIRST CALL):
+	V = 07f36a454701d72118631bf0444e571a479bb73e97cb7a5b931b7aa6a5a07117e56302a414d9ae55a1ad05693f18cf1525a61084777cc1
+	C = 2e789173023eb31d5b1ad77808c69fafbd8ed7b267aafbac8b5df6ae7ce9a1a75fcf826fac901aeec8acf8ebee294a973bee5a3508490a
+	reseed counter = 2
+AdditionalInput = fceb7dd9e4a2022cd8fdb8f0c095573d563bbed852f1d5d9
+ReturnedBits = 72fb7da0f7f14e7382771801204615e80a3e8fc4e5fbc44bbb67134d7bcb4c0767cbc582a313bfaf6a9a2279addfab15c6ec0e2941dc819a8323c71736ba3fc26fdb7d23666fd7c668dc4d0a10396a8ebf864ac1c09347fcd7e89c50eac0716994827d84c68e84ad50d13bc76caa5023
+** GENERATE (SECOND CALL):
+	V = 366bfbb849408a3e737df3684d14f6ca052a8ef0ff7676081e7972e49d74b4ccfa22bf0a2d5ee0aec8b85d1e7622982a6fce45201bb3a1
+	C = 2e789173023eb31d5b1ad77808c69fafbd8ed7b267aafbac8b5df6ae7ce9a1a75fcf826fac901aeec8acf8ebee294a973bee5a3508490a
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 17de22f59849398f3e392d2c0dd8acaf88efb5af451dc86e
+Nonce = d1611c501fae0ef912c9b831
+PersonalizationString = 469f40428b5b68573a36d843850388e91ccc659ef7009a84
+** INSTANTIATE:
+	V = 61560daf74c4fe04018e9a14534c0605fa0860d7e90a4988168d0803ed08eaaaf0345e14db6dc995f06274f0d2eabd6923162c2b4221ca
+	C = 1c07cea4e273a79363cb2eabfc474ea6fd72b91bdd4e56ed483133228e05c43aadd3ecfa265b9cb1a9f938352b93533e6829b3159acbd1
+	reseed counter = 1
+EntropyInputReseed = f91408ceda70a9d471a2244075744f809fc42e2e12ad166d
+AdditionalInputReseed = 50c986739c2da8b58af90e08e8d49d48fc7bab50e913143d
+** RESEED:
+	V = b4904dcba0c22e61e01d111bf9d54e83012e7aad6c1b861d6aa7e3af3f3261788dcbb5ef28b6d3f1a1bf1f6c03997d78b27769def9edc9
+	C = 078ee64969d80701c8dba925f050dc420cb91ed702a5f7f742eec9523701a7b6bbf320148808e33cdc93c786273ae9669f885ca959d0a7
+	reseed counter = 1
+AdditionalInput = e542a14e70d2775a8d003115362403c9e0d397af16c79656
+** GENERATE (FIRST CALL):
+	V = bc1f34150a9a3563a8f8ba41ea262ac50de799846ec17e14ad96ae828b71fa01bdccb738976ac0505aa28a7bfd7b4cca3a732c51be946f
+	C = 078ee64969d80701c8dba925f050dc420cb91ed702a5f7f742eec9523701a7b6bbf320148808e33cdc93c786273ae9669f885ca959d0a7
+	reseed counter = 2
+AdditionalInput = c82d318a44b775d0763838e25a355ed4c46848f612d053ec
+ReturnedBits = c115a5abc99fb002a1857a5eed62e03474036009062490cb6a92713736a5cdb8fbe24c7eb4ef9bdf34c5f69d06c3268cbc5e2185f7fc3b2b03e8264f7acc83779ec19c4dadac7463ea54a2e19c484d94177facbe12faf69dd930db9675260a35bbca827335f7f5f72219078054c3f009
+** GENERATE (SECOND CALL):
+	V = c3ae1a5e74723c6571d46367da7707071aa0b85b7167760bf08578658672075e9038006986717efe4c88b99ee3567812c513f238495268
+	C = 078ee64969d80701c8dba925f050dc420cb91ed702a5f7f742eec9523701a7b6bbf320148808e33cdc93c786273ae9669f885ca959d0a7
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 9014689d5b1cad2259ecc0db8d5a1dc0e678243636209277
+Nonce = f8d200ea5b95651c2e6241ba
+PersonalizationString = e000b58f874c3da95af84ae9bab055472db3c1cc30509739
+** INSTANTIATE:
+	V = 9289c8a6870f040a62e58ba9dd87a30461b4dbdd9007fa3522b0d2d584220279409f846d1a039dca0bc58979ba3d39aaf646d3c526935a
+	C = b155c8be77af01f391c4eb38a1d9fed95c0d7562383b007df04f0c576c12b64e573e643c7b191ceb2ef4ac2b204f73cdb2a12c1a2139fc
+	reseed counter = 1
+EntropyInputReseed = b24166caa16f7542ec749b3986c12ef99d1c7bcfd8f337e1
+AdditionalInputReseed = 6d900858f51036eecf6f8dc5de78a47d42483bde26f432d3
+** RESEED:
+	V = 1309800243090fc71b2eea1656361d18bfad93a6ca6df3308c3c2d0f06cec83db136854c9a219db0cd925c07247478221cfc0c4dae0ac0
+	C = a55ea6e811af65051fa393fc8bb67016722e932a5124ab6088b57d8f922cca8d48bd76a065f1f024a98465d19be591c17ea9de7ebd707b
+	reseed counter = 1
+AdditionalInput = 8775b527913a61eefd208dfe807520ae33642e329d3d4f07
+** GENERATE (FIRST CALL):
+	V = b86826ea54b874cc3ad27e12e1ec8d2f31dc26d11b929e9114f1ab34741849edd90d686564c768778cc27e85c431461a702c37ee153d9b
+	C = a55ea6e811af65051fa393fc8bb67016722e932a5124ab6088b57d8f922cca8d48bd76a065f1f024a98465d19be591c17ea9de7ebd707b
+	reseed counter = 2
+AdditionalInput = 6e8b91ba0d77bc926f6f8e0c0c7a971b474bef4eb816d79c
+ReturnedBits = faa429425c83841bae401af7bd96be6c15a0579772091e596599e8b0ec26bc4a71ec959f998467213d7274f954e5efd3e7541713c00a32739372bc0b87438cc935f53c1c1bb3f88cd5289695ef361051d0ed706ca3e89c9d92ed11eaff3094a4819ffe2143febba364fa0ff2d748ce01
+** GENERATE (SECOND CALL):
+	V = 5dc6cdd26667d9d15a76120f6da2fd45a40ab9fb6cb749f19da72aa0d7fe566b9377e9eb746d0a62d5c6e96e3ea8ef9831c3f8ebd1c009
+	C = a55ea6e811af65051fa393fc8bb67016722e932a5124ab6088b57d8f922cca8d48bd76a065f1f024a98465d19be591c17ea9de7ebd707b
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 8de0a7ccd2ed7735ec43c456f5f119d079fe2458ce849abb
+Nonce = 51d98222affd6af7f42efc4f
+PersonalizationString = 4e57433237603b552afdbe56559538419c46f6651e33f88a
+** INSTANTIATE:
+	V = 92ffb9d056781a32c6e65ebff8f2cc9625e53f8c31a2dbb18b6432ddfecf08e5c711c6315a585127cb2667edd9140623f2ae2826f6c29b
+	C = 3c84ecc46683142e738f682eb9bffebe1cb68a9f2ecdeb2fafaf185d7646147e0577092cbd37d4f10049fdcf89cc45191d57960f4553ff
+	reseed counter = 1
+EntropyInputReseed = 660ccab472c463dfcd356074510ec8c4bc25415e4d439a76
+AdditionalInputReseed = ea1e377c8b07bfee17c771cbd65b27d6fc602f6050767456
+** RESEED:
+	V = 104bc2fc17c8a1c8bd4da36dcf893ade8690ded3adc7b924c2ef897d966ed15f0ccf37bf5cd6824d720aa3553522ea051c8113b4a4c04d
+	C = 2fdcd49000a402392b7efce2a88205040eb6f6112d013f86141f33bbe3b178dc70dc30a3866e325ee11b06c12ddb29552310ffb7764b5d
+	reseed counter = 1
+AdditionalInput = 65cb2dd6ffce38d7e80a9dc43276d431b9b87a37308c5852
+** GENERATE (FIRST CALL):
+	V = 4028978c186ca401e8cca050780b3fe29547d4e4dac8f8aad70ebe57d708103ba07da9ee27d43577b334affda36a3111ba609fa11eb3df
+	C = 2fdcd49000a402392b7efce2a88205040eb6f6112d013f86141f33bbe3b178dc70dc30a3866e325ee11b06c12ddb29552310ffb7764b5d
+	reseed counter = 2
+AdditionalInput = 5d8e4a615f4322beb39149e8957f5c3590b06726da540520
+ReturnedBits = 58686759fafd2d742434a3545293a8997a2bf1ba2687a47f6fdd6ae486ee78305c4aeed4e818d6bac553f5058a42222a3f1691ee93a379a91f85031a16ee17570bff1e304261106e4fd59a189d23ba2e9e9b2ca99f4872f1f690923f96e629b550fc21094c60aae4ad3b45c69356bf3a
+** GENERATE (SECOND CALL):
+	V = 70056c1c1910a63b144b9d33208d44e6a3fecaf607ca3830eb2df326304a1353fdb435d0560d70098879b7bb4e3587b537b9928118fdb3
+	C = 2fdcd49000a402392b7efce2a88205040eb6f6112d013f86141f33bbe3b178dc70dc30a3866e325ee11b06c12ddb29552310ffb7764b5d
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = e6be30efe8584955f821230ee713e74b20d62a91679f7a37
+Nonce = cc12044059f76b8b9cec2985
+PersonalizationString = 1cc2853a732ffcc0d66673f889e758d99b4b4242dbae8bbc
+** INSTANTIATE:
+	V = 9cbd7083c3992f2da6cb720c0deea510b759ef6e36377c1ab33948e3a60adcd346b922ca9fcf426a6628eed121112ebfa19545fb082601
+	C = 46a665914e0aef85203d7bae8a39d8aaeeb984edb70a00fd1e0d4cbb54c50be4f00a2fc9e82cc7d327ad9386e34e7f811a7a6ed80c3480
+	reseed counter = 1
+EntropyInputReseed = 0559ebcc96c222ae1ae24230ed8bcbd5552d6b36a2a6deb9
+AdditionalInputReseed = 24f63ba28ab8448d3a1420188da5ff5eae932997b0346c10
+** RESEED:
+	V = 2ce710316b915e529cdc8a219e11b16b48a90b33358a78f247492a95f35ded3db9d5d06c4980382f640ba7cdd1ddf25bbdd48b0348af32
+	C = 3ee6c94e880bea1b9442ffdb4f0e52ea1c335b5f525d396558600bc6e98a9278adda5810e426830d834f07cc059252adbaf3dab0af4ca2
+	reseed counter = 1
+AdditionalInput = 81741a809b58f20c23386076c02a31cc804c2a84174e4f7f
+** GENERATE (FIRST CALL):
+	V = 6bcdd97ff39d486e311f89fced20045564dc669287e7b2579fa937b30dfe0fa69fceeb89ffeba661ee8d52ab19d46240355d86667449ad
+	C = 3ee6c94e880bea1b9442ffdb4f0e52ea1c335b5f525d396558600bc6e98a9278adda5810e426830d834f07cc059252adbaf3dab0af4ca2
+	reseed counter = 2
+AdditionalInput = a6e926ff53f17a3e1fbf530d342723351530efffafe791f3
+ReturnedBits = 5827e361babb194ca8f56f19b2af25ccc969d0cb0926307d54846713fde4be3b07533aa5ff455c4af0d940968b88da35798438969d8c72a3f7cd59dcec467ba9601a5776e7ed963870dcc45a91651b40d7f278bc1363266f4d1ca69a5c918198b3d23d9dae4f899d91e49cf63e515c19
+** GENERATE (SECOND CALL):
+	V = aab4a2ce7ba93289c56289d83c2e573f810fc1f1da44ebbcf80944137179f932038048fb0d11780a05c87078ae3ff713c2474ca0b08afa
+	C = 3ee6c94e880bea1b9442ffdb4f0e52ea1c335b5f525d396558600bc6e98a9278adda5810e426830d834f07cc059252adbaf3dab0af4ca2
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 0e3fd6f91a42ce051b6e1cf13728d255f6e33ed498acae3f
+Nonce = cbaaf31720ac30038199dc87
+PersonalizationString = 6a9c208ff2436dd5cfa8e6278a916ef0aff1e304494d349a
+** INSTANTIATE:
+	V = d22eae6052ed2b9a8b72cce17b5f362a753926128335c9e2b1cf8a9c1a5165fc1a8f5f178142e3a5d01c5f49e778345ce0f211099ae877
+	C = 47f9fd8c610ba55181a80c955fe30436e97f68050b523db1a6f78c36236db8d3e533ee75fc38136eaf547c463fe7d41abb3d6a7115fd73
+	reseed counter = 1
+EntropyInputReseed = f7cab63b6b2de0bb7eed32eab8d61d31df08ca3886b428b7
+AdditionalInputReseed = 4e390a652e3fa5b18f1132403c8366361b8713c782000487
+** RESEED:
+	V = 2efc5cafd7c4cfc9960e602333a560393c71f7f0b09f05df62c2d9abebb6761fac98627fa672503d80736d2e1d959760e40835b0acf4dc
+	C = 228a0a5874e150081a89c2f49b49a3239043b6cf001d4c71dc3d8c62d28d385ca74cacffd8426ad7da4c30871c9f654dd8d4c181d89711
+	reseed counter = 1
+AdditionalInput = 361ea186f55542782c0852c5a3ff33abfc9476963de2c5c0
+** GENERATE (FIRST CALL):
+	V = 518667084ca61fd1b0982317ceef035cccb5aebfb0bc52513f006703126641d43c94a0c6fac38d9a24a1ecbe433fcd2203ba7d55f5512c
+	C = 228a0a5874e150081a89c2f49b49a3239043b6cf001d4c71dc3d8c62d28d385ca74cacffd8426ad7da4c30871c9f654dd8d4c181d89711
+	reseed counter = 2
+AdditionalInput = 7fb74e820630c5d08f887f9b62e51f59119f5191eb2f3f38
+ReturnedBits = 1d3315862f189e987bbf4693855e41b1b73f5e314ae7ca08df43d234bffadb46ea14e2fe5af7143aaacd9a4f7845d9721da8a69600e36a17660e9bb3ae7b7b5c3bd4c2cfd633cd74f0c2d20c29bb811669121110f645e9d921f04ae4af37d133763b6319cdb44b8b7ed7cf69aa2b469c
+** GENERATE (SECOND CALL):
+	V = 74107160c1876fd9cb21e60c6a38a6805cf9658eb0d99ec31b3df4398c00f1bd420e7fb9b0ebfde9ad537a9f706521c345cbaf11dc02fc
+	C = 228a0a5874e150081a89c2f49b49a3239043b6cf001d4c71dc3d8c62d28d385ca74cacffd8426ad7da4c30871c9f654dd8d4c181d89711
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 3eb99920d157083c2c3fc0378e7844bd138b08c84932dab1
+Nonce = 2b80b008ae815342eacdda74
+PersonalizationString = 2b4577aaaa68383010646e7c1e78e359ad04faf5057e4f6b
+** INSTANTIATE:
+	V = 4a6e621ed058755481bc4dbc57669c80dd2409cfe395a0d68fafd8e1370c66410274d02d8da35f49a0e6b416d95d2a84adb645f1c389b4
+	C = 99905adfb30a6e41ef9bed3e99694456d783e35146b1d9044f6ecc726bcbe5014794a57a4be784e36815023e4518c26746553c4ab69ddd
+	reseed counter = 1
+EntropyInputReseed = e598a304ea309bdfff83bb713799715ab5849535c550d7ef
+AdditionalInputReseed = 17c0543a2f0b1390ffc4a632586fc1e9ad47b1a755a13931
+** RESEED:
+	V = a1946291bbde186878b6ed3c3766b844082be2b508880a5fd82f58d2281e19706f073c6d193e151a9e989e7a2df983c8c36dd1e0d993b0
+	C = 7fa2299b958d6c878118773f6fa4b5f0d8949db59006c09d3fc5e8c2fdf59fc67fc9d94381ac2f04c0ef275dac94a8373d523f5f6cb9af
+	reseed counter = 1
+AdditionalInput = 6cfbe170be72e9b3700784a9990a45d18223596da3dd91f4
+** GENERATE (FIRST CALL):
+	V = 21368c2d516b84eff9cf647ba70b6e34e0c0806a988ecafd17f54285602db55335522e7b96e67a4d573dfd24b0ff2101444234d3882028
+	C = 7fa2299b958d6c878118773f6fa4b5f0d8949db59006c09d3fc5e8c2fdf59fc67fc9d94381ac2f04c0ef275dac94a8373d523f5f6cb9af
+	reseed counter = 2
+AdditionalInput = 38c0d8c83c03080b63abdf5bb59a88a1478047af96203636
+ReturnedBits = e13ecc156c8cfeb7d8cc50c526e22a79ec4733ee7a28916520314dff3f46fb7bcd4bd57a2de8c12cb652821ad36e992c7523dabcbe34c2909e39ff2a783e9eddcb33588a88678bc4312aacb920d5e1469c6875ff4419bcc036c72a4ec789dca8d0d77ab3cb2a4834d4aa25c475f1fa3c
+** GENERATE (SECOND CALL):
+	V = a0d8b5c8e6f8f1777ae7dbbb16b02425b9551e2028958b9a57bb2c974123bc401c7d7e7a68763f4d1989e49c464441a9e5185f0be1460e
+	C = 7fa2299b958d6c878118773f6fa4b5f0d8949db59006c09d3fc5e8c2fdf59fc67fc9d94381ac2f04c0ef275dac94a8373d523f5f6cb9af
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 6314a2f66c89f1a5cb0ac5e14c689f31b489cbe0ece39c12
+Nonce = 4f2d5b65cdf76e24feb67517
+PersonalizationString = b0969fdc980d89920b652f1aa439b395f54c851d2af75d85
+** INSTANTIATE:
+	V = 83a17c093b0c63431bf534102e1ede27a2a94dffc12c8a6d64f1fdb12c1d7ea9f888b7e6331f403d043c0ccd6ef5f04277b7e19caffea9
+	C = 83da4699c35a1afaa1e466b72cbeb12fac762fe5a45fe64ca3591cc3151afdf7c32c00559f5c716720f9d4ed5a35fbf8bb0e79fc6cca70
+	reseed counter = 1
+EntropyInputReseed = 385b2cd072fe3d92980cf01a94fbed80153229070ca58b65
+AdditionalInputReseed = 8b1996b989259916702f51edfbcb9006f1ede5eeab7277d5
+** RESEED:
+	V = 8c08817188911b6fa8f8518182b0282f5776e7d8bfbebfc0045c2dd2b0c8139c894f62e24ef686d559311059eb9538227adc4d3cd2034c
+	C = f3ac5e5c2cde071ed4ee4fc8759b66916cf546df95409d5100bbbf99bed62fd681a30ee28599982a7ed6e73e4fec1aee92692b18775219
+	reseed counter = 1
+AdditionalInput = ac6964aabf247ad0d974cac54f9441e399a002533458d6c5
+** GENERATE (FIRST CALL):
+	V = 7fb4dfcdb56f228e7de6a149f84b8ec0c46c2eb854ff5d110517ee7b6b24280eae91fef74ad1c76a333c2c828a092c0be17536dce4d608
+	C = f3ac5e5c2cde071ed4ee4fc8759b66916cf546df95409d5100bbbf99bed62fd681a30ee28599982a7ed6e73e4fec1aee92692b18775219
+	reseed counter = 2
+AdditionalInput = 6f8e142c058883790e66bf83ed9883c83ad90d0e3dd99e11
+ReturnedBits = f7238924cc37cdd2e66a1c6f8874ee2803fe9cdbf408bb2ab7258089f210c9515242dc9b996499a81ff54a26d5848ef2efa7f80238ae8aafd48763c458a1aac2ba4bf5722c81e91fc91cb7584b24f3b728a8fa866b901d866e84cf79aa38376e41e06eb4d24bc8806e92e54aedf2cefc
+** GENERATE (SECOND CALL):
+	V = 73613e29e24d29ad52d4f1126de6f55231617597ea3ffa6205d3af4f1da5b1591ae1c6c6a9f33ce583475165aea532aa4d42990c77d84e
+	C = f3ac5e5c2cde071ed4ee4fc8759b66916cf546df95409d5100bbbf99bed62fd681a30ee28599982a7ed6e73e4fec1aee92692b18775219
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 61fa8cff252f24ceb4f6e4ec9368f264a9723c1a7cb2bb52
+Nonce = 1c41cf2ba03832f1ba5ea088
+PersonalizationString = c70afbc5bba95e3c669fbb06745317f834d7c7c9bfb7f106
+** INSTANTIATE:
+	V = fdcfdd86027df9b2d6021ed8df05ccdc5833b2fa3450a40484896ec8913f9507ee852407a7628942a0e167228a74302c4e34486177c66e
+	C = d8de641e1d1b47c5ed6cf528cb4d2c2377089cc8f870dd253d57cc7230eb120fb44689cb69b908556d7a114d5a8098c81eb6b2074656a4
+	reseed counter = 1
+EntropyInputReseed = f6b19390a7d56ede06d6fa998d34aee3ae8ee17cb7538148
+AdditionalInputReseed = f3191e286d01e2154f05e80ea236b40eb410fddd45a69175
+** RESEED:
+	V = 8cc08952f08fdbeedff1f87e9dea80b698166657b13b18ba7358aa4baeb5b25b2ef8a155383e6ecd0d0b05938080fed89fb011168a1f66
+	C = 0711bb4bd0622e656e10ca925d2f4c77142f31070c8d260bd3af570d24fa11943ed02389dc8acb7f38abf4bc3acbba508f71b0d5676880
+	reseed counter = 1
+AdditionalInput = 753d4355b4f83ff1b515b49a7996cebab227f1ca40a6511c
+** GENERATE (FIRST CALL):
+	V = 93d2449ec0f20a544e02c310fb19cd2dac45975ebdc83ec647080233fb9de99e40d5ed51363607e9c98e45bcf75917e50eafcc4559eccc
+	C = 0711bb4bd0622e656e10ca925d2f4c77142f31070c8d260bd3af570d24fa11943ed02389dc8acb7f38abf4bc3acbba508f71b0d5676880
+	reseed counter = 2
+AdditionalInput = f390dd7de6c742c03cf15ee8f4b817adf246a686b26a0c3a
+ReturnedBits = 978ecc0fc139490e62f4351d8a26c6e9787b70493a437371d4ca987a304652087c7ab1dc5552dcbab5712b2d12e4b0d8898b9141c030159f3bc959cdca7d33ceb0cec53e44206746c75affae068a3505149b3bcc26c0f9fbfb3e20c89a4df7f456e937b7bef7e2fd93c2d454db509bda
+** GENERATE (SECOND CALL):
+	V = 9ae3ffea915438b9bc138da3584919a4c074c865ca5564d21ab75a22e77106daecf49e0219e03bac5cc81e1bde1a60fc36e923b43292c9
+	C = 0711bb4bd0622e656e10ca925d2f4c77142f31070c8d260bd3af570d24fa11943ed02389dc8acb7f38abf4bc3acbba508f71b0d5676880
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 5f14e666bec819c5f4497806350c3d694cef81735cedfbe4
+Nonce = 7429831269b71836a2a83f74
+PersonalizationString = 4e819059ed7f010be1afa360da363fb2fb6cf50d5e1e20c3
+** INSTANTIATE:
+	V = aab444a4ef7a29946a2446b73771613088150ae6d7ea5c8e7aa813c7bbf613fea28be47d40408baa5350786c6d3e5aade44391dfb5c297
+	C = 2811603eb3cb96f4130f236b39ed1b59c3849e1047bc34c2bb19f322890c67de46d2c3fc42e70a0ac9344fdeee8e8b9c012181cd5728c0
+	reseed counter = 1
+EntropyInputReseed = ceeb441beec51adf077b33f8bf25ca158974801fe55267cc
+AdditionalInputReseed = 5727dec6ea189334344f401634cffbf7e3c2f0b2c2da92a3
+** RESEED:
+	V = 5bbd4316c0401f55a07257bb8da485ba6296b4a30e330f97681e9dc6acf458901b6dc891acfc26a47c98a2d6c3c714354c459f3d07a074
+	C = d12319d73ec064f65acd56e187474ff7d79118b37d7b92dc8643b4e1064bd3b15e56634943b2e6a9cb2392fae32239daa9a2a79b33e302
+	reseed counter = 1
+AdditionalInput = dbc3bd596ed41cd224385609d67984a483cec9e263fd572d
+** GENERATE (FIRST CALL):
+	V = 2ce05cedff00844bfb3fae9d14ebd5b23a27cd568baea273ee62540cbe83740302c838cbbf4d0f447e99d0ffd1912e50b647274f8db2d3
+	C = d12319d73ec064f65acd56e187474ff7d79118b37d7b92dc8643b4e1064bd3b15e56634943b2e6a9cb2392fae32239daa9a2a79b33e302
+	reseed counter = 2
+AdditionalInput = dfc4fb34df535d59758c6ccfe59f2ba8bea1986bf142805d
+ReturnedBits = d41e278ac6b595990a29a1da97afbf45b70b911cba2824b60f006ed88d8ef959dc8a2f106096b22967cfea56b8afded4de84f306fa484cd2a61b0592c6803c58331f05172e6eb1f9e4c0b3a13b1fd93639e73c68b93c4f1fce41cdfa92a75cf8e1042988893f81db3beb9c758d3a5a09
+** GENERATE (SECOND CALL):
+	V = fe0376c53dc0e942560d057e9c3325aa11b8e60a092a355074a60a52d088fe9b70a96073075c11c327968ce9250721e5040880b6ef5ef8
+	C = d12319d73ec064f65acd56e187474ff7d79118b37d7b92dc8643b4e1064bd3b15e56634943b2e6a9cb2392fae32239daa9a2a79b33e302
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 050a3a18c1c0c1cf3370b42b4e03edb51ba33899b538c801
+Nonce = 65b317a6da4f9f3b1497cd35
+PersonalizationString = f9b9726ca60adac237bfe8cc04d6eea57329ac038fceb070
+** INSTANTIATE:
+	V = b047ed60ef01c29e9116499e9cccdf5f611a2b52ce29874fc3a22720b5c53eba29bb4b102ed6bff0cbff6078f7be7420d2e9752029ac20
+	C = 4c81e94edcfc5f4b278011b72428195ded3b09e568c506e7101b8a100895489b4a66cde6e4b2f2e004895e9913c524eb689ff1f6f3a904
+	reseed counter = 1
+EntropyInputReseed = 6c21f359a4fd79c340d425ae6b8052638717e04034292d36
+AdditionalInputReseed = d1d9e601e9b2b41bbdab2646a2fd854564872d0e4579e031
+** RESEED:
+	V = 67c0ba097460980a4230fc531603a9bdc4b56dd63c6dfdeecb9fd3f3e14a43607c662348900c72f2f290c090c7fdc9bbda4f01837ae17a
+	C = 9f4fdbbf780f3634d75ad0d61483ac417659e050e229574eaf92a7976b70535dd2fad8f020e4f00ee1b084273f45fc4cd6a70951a80dda
+	reseed counter = 1
+AdditionalInput = 7d37fb12e23c2ccfc67f1bd67a83a921d57f5cc6dd4ed794
+** GENERATE (FIRST CALL):
+	V = 071095c8ec6fce3f198bcd292a8755ff3b0f4e271e97553d7b327cdffac8ac3b0758324489af7d94f7d4a8fc9b7e2ffc969601acdb3bf6
+	C = 9f4fdbbf780f3634d75ad0d61483ac417659e050e229574eaf92a7976b70535dd2fad8f020e4f00ee1b084273f45fc4cd6a70951a80dda
+	reseed counter = 2
+AdditionalInput = 9a27533804caa171a16c343066b1be99143eb32cc6e735a0
+ReturnedBits = e2dba73ed79046a2baeb1bd857cc33daf911e249d1e615572a3e2a39b2e0614dd6dc018630a19af1903532d002450fa92eecc23256aebff094a4a9c33ff8f0c8e9f523caa5c780696dd34a18389b2880499f4dad6afa9f19c4fbdc5b0eb0bcd8e11dd79344dcf84400c293708a946ea4
+** GENERATE (SECOND CALL):
+	V = a6607188647f0473f0e69dff3f0b0240b1692e7800c0ac8c2ac525186ebb18b7e090867bcc2386dd6d6cd033b635e031100f33b1949925
+	C = 9f4fdbbf780f3634d75ad0d61483ac417659e050e229574eaf92a7976b70535dd2fad8f020e4f00ee1b084273f45fc4cd6a70951a80dda
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = f7c60ea4659b29b1e5bfd4fa6ced79dd9caa2e42e2a21b9b
+Nonce = 50961d90adfa4ebe3feb3aab
+PersonalizationString = 1d5ac843fb4de2ec4d19c050a612859131b542d7c76bfb8d
+** INSTANTIATE:
+	V = b870b1c2c2151e3ac1e632e85e60b52bb76494053c8817f21b665d8a803049472a8fabfb2d7c22ef15ee6dd1f046ef910002a4b63403eb
+	C = 200f1d28f33c386ed2c361da87128f5f72ce475dab2196ff5924665fbc511c7b093c91f0bc7e8cefdb6a2fa9aa520471a211335d6c32dd
+	reseed counter = 1
+EntropyInputReseed = 59cb8e4f26b36accd7201001ab544e7a0c61ce11c1b7071b
+AdditionalInputReseed = f00b0e3cf7179722d205469d3ea9b6da4a5337e72810a276
+** RESEED:
+	V = 247f41eb0dc88417c0d1a135cd7d15a47ec2488229258e80c0e3e93d87b6bedee7adbc33606c13ea7f3f24bb3d13efe7387e92b85b578c
+	C = b89cb1b29c0d88402e1eca293965a3ecd2ff65cef4cea4e4a1361798d2c913c65bf9e0ed09876e936494e8ef436f798c0580ad06798137
+	reseed counter = 1
+AdditionalInput = 98fd69c4c295dcd0a298bec01ed2099435b5e0f82261d230
+** GENERATE (FIRST CALL):
+	V = dd1bf39da9d60c57eef06b5f06e2b99151c1ae511df43365621a021db943a262c53b13ee9e0c37bbad9c49726cee5ef001cdaf40083c20
+	C = b89cb1b29c0d88402e1eca293965a3ecd2ff65cef4cea4e4a1361798d2c913c65bf9e0ed09876e936494e8ef436f798c0580ad06798137
+	reseed counter = 2
+AdditionalInput = d245531301df554bc195bc2ac359a65aec1feb3bbbca4f2e
+ReturnedBits = 3ea21c6ec31534c38375040f83770c771d8291ee89df2b93d499f9b09f6d3500ef53b5ec0e77e59ab9d1be580e8a8519ef2cb639bf3ee68772263dce8aa83d0ff11970b55d7baa828cc7273595fa768b3320fe04bc10f9eedbfb64051f871d82221edcbe9778f1eec2c435c47ce5f3e4
+** GENERATE (SECOND CALL):
+	V = 95b8a55045e394981d0f358840485d7e24c1142012c2d84a03501a1b3d84920ea5288de28929b2e5137012f2b3d88dc80da256c2735a7c
+	C = b89cb1b29c0d88402e1eca293965a3ecd2ff65cef4cea4e4a1361798d2c913c65bf9e0ed09876e936494e8ef436f798c0580ad06798137
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 63363377e41e86468deb0ab4a8ed683f6a134e47e014c700454e81e95358a569
+Nonce = 808aa38f2a72a62359915a9f8a04ca68
+PersonalizationString = 
+** INSTANTIATE:
+	V = 32ab605ddc8d5651093b8a59bd9d3adea1249e21a69e2e4a3967515fa03ad41ccf5b126eb9f3b268080c952df88241fe4cc27bbcbbbed5
+	C = 8ea2691d1915ebb4975593ca3fbad0ba137026d901a95950a207c41dc7773e15c1e85f4a5f91002866830bebe5c4ee1785b839323fbb44
+	reseed counter = 1
+EntropyInputReseed = e62b8a8ee8f141b6980566e3bfe3c04903dad4ac2cdf9f2280010a6739bc83d3
+AdditionalInputReseed = 
+** RESEED:
+	V = 59177d93843f0550f33933a51eb488168699ab9c85651536a61f7ec71e8b274a151f17e56becaf531dcfc955f2f1adb6536d51b256d53c
+	C = 897c02699f4254e1f33c94f7bfa85da3826df6c2590ed0815cbced36d77aa3375a1582ffc1c887416afd1ba0f04b6ddff81a2b0e5b844d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e2937ffd23815a32e675c89cde5ce5ba0907a25ede73e61c9ec76d67da582c94001fda32b60ec40202a164c6a4d66411cc6b99b1284617
+	C = 897c02699f4254e1f33c94f7bfa85da3826df6c2590ed0815cbced36d77aa3375a1582ffc1c887416afd1ba0f04b6ddff81a2b0e5b844d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 04eec63bb231df2c630a1afbe724949d005a587851e1aa795e477347c8b056621c18bddcdd8d99fc5fc2b92053d8cfacfb0bb8831205fad1ddd6c071318a6018f03b73f5ede4d4d071f9de03fd7aea105d9299b8af99aa075bdb4db9aa28c18d174b56ee2a014d098896ff2282c955a81969e069fa8ce007a180183a07dfae17
+** GENERATE (SECOND CALL):
+	V = 6c0f8266c2c3af14d9b25d949e05435d8b7599213782b6eac6cd90a10d48e1c96088f5dba20241b68cb64bb05028c35e5558ef8a6edca6
+	C = 897c02699f4254e1f33c94f7bfa85da3826df6c2590ed0815cbced36d77aa3375a1582ffc1c887416afd1ba0f04b6ddff81a2b0e5b844d
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 0996a3825a456db3c5ae7c0058e6f9b5f4384074ddfe37b4ac68e2c98bdb54c5
+Nonce = 318443aaf8c66f2b81e414dee9553f7c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9d311d26c09630b0d03ccdc126fc2a6ead67eb8b3c369cd551322efb60c40bf506005692872eaaf4e008ed93305ac344f29542c0aecd94
+	C = 4a58d96753efdedd7d18f644e643b5f72bde4818c706cdcf6142946485f6612f6bddb67e6430c9db3c1dd5f34c62fcda914ae938cd98e2
+	reseed counter = 1
+EntropyInputReseed = f7d284583dc30f5ec4b16f7b916a7a89bced38bbc7d403ad358ec9196913fe6d
+AdditionalInputReseed = 
+** RESEED:
+	V = bddd40d9f6d673a5e8f0d24b56a3573fc71a0d2c230cb6e1f101fe9edb68fb65db31eb5c01d8d7191600f042c030e748ce004e0ebe9a77
+	C = c8e433a736de7cbd7e86c64974d96773b570da8c3e7a2a3417d2647fe1226e3c9f8e696191bbd97c52c0de4d3fab63f93cfb5c69e5758d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 86c174812db4f06367779894cb7cbeb37c8ae7b86186e1a01272cbaf4357aa963855f3863196f8a9796b234d3e47d7c51b41afb148e518
+	C = c8e433a736de7cbd7e86c64974d96773b570da8c3e7a2a3417d2647fe1226e3c9f8e696191bbd97c52c0de4d3fab63f93cfb5c69e5758d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4192e569be8f66820d20374efb53d2654f316c1f09c8e4b2a2fb783b0ff8a82c88b24791414b1a1f54bd00c9ce6a981d8d1d445aa55dbc8372e67e440b4d6f96b2e6ac4ee9657672aadab562297fea4c6d0b1ba066362eeb075a9f04da40c31d0dc6d30e3a236bf2c34dccd291eaffd16eae6c1cdb88712a913fc65f979dc742
+** GENERATE (SECOND CALL):
+	V = 4fa5a82864936d20e5fe5ede4056262731fbc244a0010c26e564028e74e50a29f2bae9ebaff4a79428ee2e00edcc00bdb7c7a59ec4e988
+	C = c8e433a736de7cbd7e86c64974d96773b570da8c3e7a2a3417d2647fe1226e3c9f8e696191bbd97c52c0de4d3fab63f93cfb5c69e5758d
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 3f1b92920c0d9c28718be72a695dc054ec45e75c4af04cbb97eaf285941be7df
+Nonce = b4949590b415d923671a70cf7a56477d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9b2da559f80a6478358938ced20d69ff63f747962f09a9f9715a970f8e5f895f5fe46cb7b2bb4de6d38b82b06fd0ddfed96f9b32294997
+	C = 721cc0245073e8cb12e262fd46802679d250d07922fc1c140fc66237f037ac109c9df9a42043dbc405b9acfff29e732a02d7fc7e53a344
+	reseed counter = 1
+EntropyInputReseed = 4ab6849c4477b3245a8668775ef6ef6f0496ed292088dc2d45db9658854b97e2
+AdditionalInputReseed = 
+** RESEED:
+	V = c99eff651703fa8872417fbe118dc83aca24c06963e6c46e92374eeec1fbe84bd36df17fd087c51967296591ede751a2a1443784773e80
+	C = 54d37116c360b139565fe3801d48417b03b9a9aaaf1956e94691b62bb63a60379233a591a67477cc8cccfc07d18eae0547b2006557eb7a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1e72707bda64abc1c8a1633e2ed609b5cdde6a1413001c4493d0c16e2c42bc76b4c44d7d06c255d9dea6b82a122196cc06679145ed46be
+	C = 54d37116c360b139565fe3801d48417b03b9a9aaaf1956e94691b62bb63a60379233a591a67477cc8cccfc07d18eae0547b2006557eb7a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ae9990cf69e44f08cf4af04786685f1c0051fbf8e518da98ca2d51cd337e0d635311335c944584472974d6e86eff7464d3ff55b2e007b194c8a6f7049bb56450e412e2512eccc6d23f4df28970309e251946c9cea6741e7b57802040d59db130e9a2d36db2ca0ee73634b525e41d7a6867954a127835ba54589a1d80ef0a974a
+** GENERATE (SECOND CALL):
+	V = 7345e1929dc55cfb1f0146be4c1e4b30d19813bec21973ec0cbc31aa57581bc4231bf7c0043ade100651cc1fc07add421ab55579e61a01
+	C = 54d37116c360b139565fe3801d48417b03b9a9aaaf1956e94691b62bb63a60379233a591a67477cc8cccfc07d18eae0547b2006557eb7a
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d8e6f5d4119cf450459185827ac2aa911941408e5a1c9070dd0f777e9f9b3edd
+Nonce = 5e8f00b0884c0d20590ed3be6121cec3
+PersonalizationString = 
+** INSTANTIATE:
+	V = 82c6685c3d5d3dd2d9468ed5f54a3fbcb23794e3f113cbc0c2be45f6b63703c805cbb376750d318753256029c193c8d7ae9d4155438ef0
+	C = c862d1e314f4e1b5f19b65bfbfe5351ad84758fe6580360231f56c2bb4e3dd1f15482e2a4f7ce06dba319500a308e85fa5a103389fd720
+	reseed counter = 1
+EntropyInputReseed = 7737a619f7073cbc4806f20f0dbc143ec03f05899ec0c7883b307187d5c6f9f9
+AdditionalInputReseed = 
+** RESEED:
+	V = b65e37559942df30036a7ce8368fc828664e9afca521b5d46099bd69c603eb01b5ede20f2433b91c22304c5f4e903a0cb683ab4a07c881
+	C = be657786a3121664c15f05f2fd879f179b913df4ef8a29bb1867af4114f2d5fcc444effaa6012a0774d2baf1e04d2be2ba9b05ded48252
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 74c3aedc3c54f594c4c982db3417674001dfd8f194abdfe52e75f33ad85fd7ec2fb2b6e5b9cd2a751728a3062bb16a353fdb080ba54ebf
+	C = be657786a3121664c15f05f2fd879f179b913df4ef8a29bb1867af4114f2d5fcc444effaa6012a0774d2baf1e04d2be2ba9b05ded48252
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1f2f07dc89d415c41bd73777830e1d9f80cedfad17074b7e80583798ad843e6fbf6617b3d370dc6efcf97c776a82e5eca8d507609a7870e83d6c0ac7fcd85bb593b82aac2a9726d2785e2a62e939a606867db96501ace0cb6062526ffe28f8daff504ae0ddf31deb2a2059527d33443950eea4d56ab9b00c98ff3f29fd1d7f1c
+** GENERATE (SECOND CALL):
+	V = 33292662df670bf9862888ce319f06579d7116e684360a5eb516faaec90cac57e7e2ba2d5a6385bd8af4667796d4c9942252604a3f5c16
+	C = be657786a3121664c15f05f2fd879f179b913df4ef8a29bb1867af4114f2d5fcc444effaa6012a0774d2baf1e04d2be2ba9b05ded48252
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 43a78cf773311c0a64c383616dc3ef8dad93187ee2cc2bd052186f0f89ba4916
+Nonce = 3a2b43019bf9de164cce69bd30fb9e8d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0b68f54a7c3515dd38d852a41e7f43cb4fff511ab3e408ebeebe481bc6b423697b10bf34ae93629bc4b440a3f4f7847400c29c377716fa
+	C = 6515ab848327b4e36c537ea93d97016e98cbaf70d6c6fc754c803cb6fab05d7ab336cdf80ecfbadceb238da3c7c5d49974f0074ea77537
+	reseed counter = 1
+EntropyInputReseed = a326f587c4711fba6cdad7e64358a0e93a95315df36772a57c18bf117528560f
+AdditionalInputReseed = 
+** RESEED:
+	V = 10764f7731a110d553e6cf745f6e57024a0ef65aea3e3fe9f01ef116721991904f2686d1019ad36a437b210f7523938bb0836b3acf5dc1
+	C = a90ce581c98018618e210ee9dbbb2070aeaa93be0af393711e98c779cd9074a1fe9545f1511ffe827ffac2fdf441229c327ee35d6e5449
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b98334f8fb212936e207de5e3b297772f8b98a18f531d3bd8905c14b652b559859ac51fac30712ea130257b0bf337f733e08ff7d5c316d
+	C = a90ce581c98018618e210ee9dbbb2070aeaa93be0af393711e98c779cd9074a1fe9545f1511ffe827ffac2fdf441229c327ee35d6e5449
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 404f4a3e72cc2f228faa10865b0064652716e4729756dcf677ed16f6ee78ac41f2462497876efb313df5ae609b89f6b9394c37910565399f80bfbc3a0259df5760b27e6a9181d18c09e3efc6c949f65459a643b1e41395f86299dc7266515a3a1b1697a773c0d35e3d761255db5438f35a1e8c3defbe8ed87f723d4dece5dc05
+** GENERATE (SECOND CALL):
+	V = 62901a7ac4a141987028ed4816e497e3a7641dd70025681f9ac2a887b5c60faecdc1c74549c667f592fd59e9ac0e209864467bd3b2e774
+	C = a90ce581c98018618e210ee9dbbb2070aeaa93be0af393711e98c779cd9074a1fe9545f1511ffe827ffac2fdf441229c327ee35d6e5449
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7c99816dc9b3caa478478a17913aedd8b421e87912a899ec1d210a8eb2bd4329
+Nonce = 5df63867dacefc8c6d6603cea10d0df6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 06ae5c8cb025db02fabf6c4a29edacc07245e938d772f871bdc5cccf72106f83230d81c29b1d5c4e635985392f0c2df7ce34c540f17b61
+	C = d2ab38c077e02911cde6b5d09c8b19d758e485b23071efe6c2442f536350e4556d77fc1f872ea7cd654938da3e1a6c6bcc6e9ba30f5bc7
+	reseed counter = 1
+EntropyInputReseed = 51fddeb33c017ce6ce0abba432c5bab52d76578feaeca1b9e89b227ff4cb44c7
+AdditionalInputReseed = 
+** RESEED:
+	V = 84b8cd0700a4102d0d1953eea9eff94812aec08191f2bf0f03426a46cdb37d8fc112fe68a63ceaa5c224ef57cd2e992bd8f9c62191b9e7
+	C = c5900e695d0983c13adfee0cf10535ac97ded9ead24c1405d83e79d0bce9b9c0e04e0012c9a92de4dea1c2de292272c2671aed48c25c74
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4a48db705dad93ee47f941fb9af52ef4aa8d9a6c643ed323ffb0894e65466095b4f27c493d2045af06b1f51b2bed98dde2bce95eb0a156
+	C = c5900e695d0983c13adfee0cf10535ac97ded9ead24c1405d83e79d0bce9b9c0e04e0012c9a92de4dea1c2de292272c2671aed48c25c74
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a5a765bc430f73d2b5248cadda827efaf73deabb7ba942e7a54bc70ba4100ed64128832cc5cc8d6fc3d05d4fd4a5f57032da91cb61a14efb09ff505f17f04895f59f871bfd3a9e0901a87e49e23bef769057b4852d17642944ef8e5144288e084cbb658daaf0866d8d6d882e7c7dfa7f1de8874dde290845b97a1aeb70e84d84
+** GENERATE (SECOND CALL):
+	V = 0fd8e9d9bab717af82d930088bfa64a1426c7457368ae73bff445b9be1773df295ab1e0ece3eaf87501683a48824a9ba4ace7f3cd25eb2
+	C = c5900e695d0983c13adfee0cf10535ac97ded9ead24c1405d83e79d0bce9b9c0e04e0012c9a92de4dea1c2de292272c2671aed48c25c74
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 67dbd380aba64de1571d712146e9771f0e9d0f295a78411d03446fb66b389736
+Nonce = 4d205db3d9e870ef8d6767ba98c4aa1a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0377e60eb1a2a0ea3329dc957312e6681656d41363f9e3448970d46d707dba45d4d5fef33402133d2c2bf801047098b0723c967a4c40cf
+	C = 43a30bed9d1380aa00713ef84861d3202da343c5906c860497fe0b67e67d4690deef6b222dc9c0f57d13cca516f96e02051c3c94980a9d
+	reseed counter = 1
+EntropyInputReseed = 7f9e3140cf1436e82f5c41e83345eed8362714e778ab539d0c247171941c2211
+AdditionalInputReseed = 
+** RESEED:
+	V = 0dc26c675715c76b40b41033b63340e5030f77db5ceb38ca825ae8fbe72ef80d6b0df818ef0de607b9e49b8209a9fd88d718ff0d9a0162
+	C = 3b4c5d1169176b56236bef97cad1f80bdbcab3cdd8be6eec6a5ab02003327e3974ab64aaf853eeb9b6bdcc65db0f6d5c6e57d284efc4ce
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 490ec978c02d32c1641fffcb810538f0deda2ba935a9a83c166cc8d243e972b385f6a943a104259ac1bd1f8345f36fac0f05253236c446
+	C = 3b4c5d1169176b56236bef97cad1f80bdbcab3cdd8be6eec6a5ab02003327e3974ab64aaf853eeb9b6bdcc65db0f6d5c6e57d284efc4ce
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7e7ef545744c69006bd456555627df005d0b954e79dfd030d77569414ecfeb4214ee9a76b1175056abba6ba1cd46da34a5797ebafdfddfcfe7c01a8be3e5e88db6c7b4c2945ea674890f689edc44161d6a8c25bf629aca6372a61b85c857f94c0eea83a2c86392c09e47c0ef54fc2edd30fd312d943a04f4ab0788b6ab21034c
+** GENERATE (SECOND CALL):
+	V = 845b268a29449e17878bef634bd730fcbaa4df770e6817841b2ddd776d3f405a9c32bd9ad0f32d02f0b63e418d75c940332dc01111c892
+	C = 3b4c5d1169176b56236bef97cad1f80bdbcab3cdd8be6eec6a5ab02003327e3974ab64aaf853eeb9b6bdcc65db0f6d5c6e57d284efc4ce
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = b191d6d739bef23fa86849e0ece21d753bfd8dce2e8767e41ebdb129e1e00959
+Nonce = c7729c446731129c3b9c99f4afb092aa
+PersonalizationString = 
+** INSTANTIATE:
+	V = 69888fa7fbbfefe2c7fb527c29778710ced08f70d59d030ca4604566a709ad0e06e4417e172595c74a9b9c6613fc974035e2d107bc9826
+	C = 6aa9a056b917aaccac63a224ebce541ba6445808c74ee1267fc31395cfbd51f784cd0849086be4d9c1d8e05d69b58b476be5d089813290
+	reseed counter = 1
+EntropyInputReseed = cf3a0103714b6d9c0c8b55ce0feb2ea1baec5f4667cc9aaa66e3ef53856c34fe
+AdditionalInputReseed = 
+** RESEED:
+	V = 558ae304eade19d3c204ab0692113619c7e75e6492103370993b07f34ce61ae98cd20957e6f9c4fbebc7a272b47c651983e2dab8477924
+	C = 4f6d1f69490c0a8964014a22394675b06a1c532da247a060fe671bebc6111613a8734a3edc0d219c40ec517926fca372fee6043fb4aae6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a4f8026e33ea245d2605f528cb57abca3203b1923457d446ddc321e325b54ab82907d6a31c2df954c83bac235908a5f6a617877f93da2e
+	C = 4f6d1f69490c0a8964014a22394675b06a1c532da247a060fe671bebc6111613a8734a3edc0d219c40ec517926fca372fee6043fb4aae6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = edd7933c4ad15d5d236e5bbe4a383c67875a44bab880dce95945c502a22b791812ba4ef5a3a5eae127c33447309336da075a1498ef7d740a556bbb2f63eedd3126d94564adbb3e95ea72523999135528d5140496f4f552035f5054e42e237e15d939963ea70635b7829cf16f6cb67898e791200cff6331ac93ee96cdf83d3fb9
+** GENERATE (SECOND CALL):
+	V = f46521d77cf62ee68a073f4b049e217a9c2004bfd69f757cbe55f1da29abc6b5bfb88e0bed2220ca4337604509afff35fa42c68a218f9c
+	C = 4f6d1f69490c0a8964014a22394675b06a1c532da247a060fe671bebc6111613a8734a3edc0d219c40ec517926fca372fee6043fb4aae6
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 514d9612a96b5c25d2103a04c0e3b66fa1d5cc75f8931d4780647e231e261fcf
+Nonce = fce11e3fd9cd2f1cd3d03e15b52a3178
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0085efe1242c1bfea2fe230fea1526ec0ae1317f7460d65552b5dfaf31276cd702dc2997ab277cdc7897cfb82e7304e43d6200e801a5ce
+	C = a60b27645a75bec6bbedc19022868d29355a9dfcea6869c03021659b9b63ad8f6b13527ec2501d3907d234b6772913a508bd45acc04cbf
+	reseed counter = 1
+EntropyInputReseed = 0fe75d3de113029f701f0f52fc88d35881c70164d1900c1b7892731e3210330c
+AdditionalInputReseed = 
+** RESEED:
+	V = 4c4d477eded4b0944235958ced0509c07e3947e00752a29cc3fd1cd8412f62e719e0eb7438fd254f256a804546975a397307162b8f8cc3
+	C = 2bfe7e11b3cd921621c81aeb342362c9f75fa665e7acbe4c8e90d6cd1ce70804408b40ec8dfb5c52f687294de5bae9351ca7bedafa0968
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 784bc59092a242aa63fdb07821286c8a7598ee45eeff61e365a5a5725b47fb8744a282ee562d6cfdee09d3de4fbf84e7fa37c58ae589b4
+	C = 2bfe7e11b3cd921621c81aeb342362c9f75fa665e7acbe4c8e90d6cd1ce70804408b40ec8dfb5c52f687294de5bae9351ca7bedafa0968
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5da179f8de082d3c5626e435cf8821e4561aaeeb7374f8af6d58b7c3c8ac358b939c9aaf803f5a3f43a0a68dbd44ef3f27f3703770c794a8a5c9c8ea7a5bb1dc60c2b4630b838657d2b98b8ee1535b4957cd066237c54e8b1e9defd2676247a3f4521b7c95d3be167b170fe0facdc369943e5f77bc15b0d699d3bc00c44ec365
+** GENERATE (SECOND CALL):
+	V = a44a43a2466fd4c085c5cb63554bcf546cf894abd6ac20df253c239b2dc01cf68f9a9d688321dd20116c7e4a7ff608cef10c07582fee7a
+	C = 2bfe7e11b3cd921621c81aeb342362c9f75fa665e7acbe4c8e90d6cd1ce70804408b40ec8dfb5c52f687294de5bae9351ca7bedafa0968
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = d0eaf48075407746b257a97fdfa2b48283367e99b1bce2d92e8dad6a6aa46ba2
+Nonce = 87794a06ba9c513682a26494a1f3e460
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5ea8d8b0d01d876cd6188a586a649f45856e17e434be8dbec8491872c4f03f84bc374ea08bf75be625f608d6bbd36d8aaeac6778ca276a
+	C = 1660670a8e99607bd09467c04160661dae53df24b570a592d31cafb8623b8b68b56ac65e7c7d4615adfca46efa8638f109afe00fe6651b
+	reseed counter = 1
+EntropyInputReseed = d1ca17748c45674b60aa6e0b6efb693ba0963b88fa89d0fa2faa257c19b4bfce
+AdditionalInputReseed = 
+** RESEED:
+	V = c48ca733dfd68272d3a1b2a6a7ad0ddfe1a9669e332ca067b578b7f14b1ddb3e09fa6b12c575631e7a152ee04154718d24832716bb3606
+	C = ad050c619991b037ebd57c6cdaf820915b07eaa24445ce62a88d4ecf93c7cb17bd617b8f02d0e3a330f0bc90b24dc88d02760514bb55c5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7191b395796832aabf772f1382a52e713cb1514077726f24ea7279eb548eaf1ac828a93e4df7538f04c4995874c0f4bc4b7cb820b76fb1
+	C = ad050c619991b037ebd57c6cdaf820915b07eaa24445ce62a88d4ecf93c7cb17bd617b8f02d0e3a330f0bc90b24dc88d02760514bb55c5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4aaf6eac30e0149a0ec68d0001fd32776e73581a71d0b4900adf6ea1550f006c27819338df6045e636ac6759929182ecfbcf119ebb641ccf151e5f1e148ba882ff8c0933fb7752b84f7d84e8548e9dec0d404cb901a177ad85a97b4395d1a0f22a96f25bb1851ae675f2f41d98c817bdc181e47b124a25bd340833660077dc2e
+** GENERATE (SECOND CALL):
+	V = 1e96bff712f9e2e2ab4cab805d9d4f0297b93be2bbb83e30dfcf95c4a8e66c14b19f9ba4728d5c1a974dae5a7c82a67dbcaa767076df49
+	C = ad050c619991b037ebd57c6cdaf820915b07eaa24445ce62a88d4ecf93c7cb17bd617b8f02d0e3a330f0bc90b24dc88d02760514bb55c5
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 686857afef195d825b6a1be41a4ef72a1317e80b1212e6e7cc0e59d47c69a0a4
+Nonce = 5912a733d43c96bfbb633318dd070f76
+PersonalizationString = 
+** INSTANTIATE:
+	V = 080d3b38bfb98c1c9a8b74921003bc017c145082c5cb38c9b29a290cb7668a821bbff3acb8316f02e17491ae49c0ddd28d2ccd4e245fe9
+	C = fe2782f8a86d23b5b9c81297cc18ad8846f1c3abb8a037a2709cc3ff3fdce9afc9b73738e0d73ad9e65d705d4890824918692a6a7c7ded
+	reseed counter = 1
+EntropyInputReseed = 90393253fb69513565a68dc6e7eef1698b37df5075d8187c5786542eabb8b3fd
+AdditionalInputReseed = 
+** RESEED:
+	V = 8ea7d40d67af35590fcf9d32a8870548a675d90df0977d3cab4db96b5288773b1dc399ac67dff8c93fb9c8b616baa0e3df5fc7cbb34862
+	C = 42a2a3c8994cf7a0869c2b3f9b0fc5619ac1e2535009ffd5c59d47c277131d1be29a3a9b8fcf089a8eb89371979d45b075a66c2c1b9ae8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d14a77d600fc2cf9966bc8724396caaa4137bb6140a17d5d211e193734c9e1642d33a7e755682094c846c20325dbb9ed2e8470853d42c7
+	C = 42a2a3c8994cf7a0869c2b3f9b0fc5619ac1e2535009ffd5c59d47c277131d1be29a3a9b8fcf089a8eb89371979d45b075a66c2c1b9ae8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a7470a0df817c8496ab68ef226952294b819a12672420c6c9cead4855f5243effcdebe9b12d4e9e5f47d6b6fad6bbe01ddfb42436691db2242ececf92105df10a63238d13e82442a26b239d676b9bb84bbee5c2b3771380ae67f1168f1068dc97e398355f2f57ef2d20a6c68a1124041a3da4b71dfde04c7ea41bec96bd11cd1
+** GENERATE (SECOND CALL):
+	V = 13ed1b9e9a49249a1d07f3b1dea6900bdbf99db490ab7df53150542399c0e415e0205b4d236924f1c275bf89fd854f091e497aa1ec95dc
+	C = 42a2a3c8994cf7a0869c2b3f9b0fc5619ac1e2535009ffd5c59d47c277131d1be29a3a9b8fcf089a8eb89371979d45b075a66c2c1b9ae8
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = bb281ddea39b2b03a9625bea8a5a5fa42e779d1a5e7fec3705872b3bb1248288
+Nonce = dd516f4184fcfbfc4f9494c969bf22c2
+PersonalizationString = 
+** INSTANTIATE:
+	V = a26dfede2507f9b335e890433d55eaad3fec2264bc909e9ccabbc8e331014c8702b3be0370258591c96a2c00dc7e95ac6461f1c612eb32
+	C = 627398eecef707dae56d3937f36f5ed0e34d9566cab7794cbf97c94f5e1772a7162da0dd57c15916c12093eae0493bf5b83cec2fea5ec8
+	reseed counter = 1
+EntropyInputReseed = dcfdcb4a3d1a4b00a7b8dadf1c8280558665de953ef7fc4f4a1058ac422e4bc5
+AdditionalInputReseed = 
+** RESEED:
+	V = 5f5fff77fbfcb27919ed5eb97f0a0175d8b659c6ba2b583562cfc7cbf2d13f5f866234167d819ef7dbc4dc5cf7af50a1feb8a7757653f2
+	C = 66a763d3e7a0089dc0598184dc52c9e938df53fc3dddaa2a1c69f40b8270d6986e3829d894e21751187e458a0c482a8ffcfc494c0e8506
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c607634be39cbb16da46e03e5b5ccb5f1195adc2f80902bde98655cec707244cbb6a59fda335cdf9a9cd391e02ed911064d645bd580c99
+	C = 66a763d3e7a0089dc0598184dc52c9e938df53fc3dddaa2a1c69f40b8270d6986e3829d894e21751187e458a0c482a8ffcfc494c0e8506
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 322b3d385aa200f8effa2904ad0fc92c2c89423c43f4cbd50e64468fbf6fc1212f0c7a3c5167295420f25579a39a4ea0240763d3791cfbbcabb269624f18ad3c103324945ca92661cbd532b9b1d79708b8f5ac9fa85efedf8add290fa032078f4c038e0d4f4fb485d94488fbc3a8792d349fb083c04f1072e14cf3b036874d34
+** GENERATE (SECOND CALL):
+	V = 2caec71fcb3cc3b49aa061c337af95484a7501bf35e6ad99dcac41d1c17bf6db2a305ebeb74e2bb0db84b26f909cb55068c5007655da15
+	C = 66a763d3e7a0089dc0598184dc52c9e938df53fc3dddaa2a1c69f40b8270d6986e3829d894e21751187e458a0c482a8ffcfc494c0e8506
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 6b542a33ec8bb3a46e66e682dbe3431538469e091fff1c16bd3d1ffc3c24556f
+Nonce = 471e582d85df71bc92cb670c2fb77289
+PersonalizationString = 
+** INSTANTIATE:
+	V = f9ba167e9294c2d79705c0fa792082e4c57da41de732092cab4d75dc1bcc52addc4b2b1a1522a3fddfed9f6830a9d7e6b7984bc94a1059
+	C = 84655b0f4332c6c2b99788fe82426258d468024be1d151b081d7631f4c07fd66249154b2962bf5c3de03b113f1e3e96e1d0252f31b1f71
+	reseed counter = 1
+EntropyInputReseed = b017140d1a7a5a282bd27bbc1bcb77fa26377e2dffaeeffc8c8bcaa492e2e762
+AdditionalInputReseed = 
+** RESEED:
+	V = 7fa38a5a4b9b5c5a1762912c988cf624f303fd219a66382a22d98b3e99c3f47319e9154e2473a0f4ebcd72fcfa1305d21bc9fe38a88824
+	C = 2375013442978c384cfe97d6afade960cf151a8e035281bab2008ec9bcc646db1b6c461dfbc954f00eb44d3840b3fef816f2a13dd0cee6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a3188b8e8e32e89264612903483adf85c21917af9db8ba78f755cf1c963254d329502dd9d8f4469faf6da712200be0a276068983729d49
+	C = 2375013442978c384cfe97d6afade960cf151a8e035281bab2008ec9bcc646db1b6c461dfbc954f00eb44d3840b3fef816f2a13dd0cee6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8701e859a983a352ba0436dd49e0071e95d596213bafea1c92b6f277dee83f9e94c68eadea871c7f560f6f0fe1e40720dfd53e3de3a93d6433e2ed856bc3fdef673e52841e1c5f698c6ffc560ee9be7c1af0d48815336c3ccb47674a10de84aed7b7f6e99b32b34e4ac552850f68ee27c90252420e8bd9610c3d4e05a20f345b
+** GENERATE (SECOND CALL):
+	V = c68d8cc2d0ca74cab15fc0d9f7e8c8e6912e323da10b3d32aa9af180e6afcd4bd3119c661471a0905a3518052ecbff847ffb741c5052ab
+	C = 2375013442978c384cfe97d6afade960cf151a8e035281bab2008ec9bcc646db1b6c461dfbc954f00eb44d3840b3fef816f2a13dd0cee6
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 6cc07efacf0f8db18c975c8a02bca7fbef13b13a63f76e4ff3b00f50131a71ba
+Nonce = 270d6b577651118241081936d7d04e9f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6c906f632270db5cf6ef77d11ca8dfc573070c2e22c53561e742608627e95278a2ca018d6c51f4d9053edda31533c59bd356394ef10fab
+	C = a327d4221b049f921240d0d199ad1b8c9b04de4ddb2e5cdbce53a32fcce32e937fcb9ffda1ca116b9033ab3004974d0aa221ee2ef9aa35
+	reseed counter = 1
+EntropyInputReseed = 6015eab74374ed7fcfa46c5921bed760db4b1169f733a814df9f00c1597430fe
+AdditionalInputReseed = 
+** RESEED:
+	V = af81c007f9ecb04dc3b58e2243e34347b57e6e42af238ea5542752904a5359c8eb0d5271e745893398faeb262e68a51313e7a0d001d50a
+	C = 66823a4545c0d8a7477da321e90682f2dbacbb2f742cb90924e4d61bbf9d5fa62f37c429cf4b2037cc63bcca687450b841c1613fa6b316
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1603fa4d3fad88f50b3331442ce9c63a912b2972235047c20213944e85b0a42bd0cdda7b9bdbe631621157712cdf013a22a2f86b871189
+	C = 66823a4545c0d8a7477da321e90682f2dbacbb2f742cb90924e4d61bbf9d5fa62f37c429cf4b2037cc63bcca687450b841c1613fa6b316
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d920b20eb8685ce6380c0f9d680228e215e06284eaaeec7aeaaa46d8c03c1166f3d641d88f33fd760174b92490cb676834cf9fe60f1e7255b76fe0a4743f374e68f89a314f59a6b61a4b95704bd1034f7bcc08fb47da2ccac74c7ba7b05affc3183e57c1e1d38a1d4648e0dacc8c584b5e3413ece3e26086aebe3c531d838e39
+** GENERATE (SECOND CALL):
+	V = 7c863492856e619c52b0d46615f0492d6cd7e4a1977d01418daf5113b3fcefc8d29856416b38137d32d432dd4d290c1ded4c41a558e0a5
+	C = 66823a4545c0d8a7477da321e90682f2dbacbb2f742cb90924e4d61bbf9d5fa62f37c429cf4b2037cc63bcca687450b841c1613fa6b316
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = eded7253970c8da7c81e8221804d73cbf207e366f45e1cd3b82dd003526d07c9
+Nonce = 696a322d37e2d9317e281d9a07ad1e91
+PersonalizationString = 
+** INSTANTIATE:
+	V = a03de8fb1fd57b5763cfde7526dd532444706cb86a22d6a9f1d78e878bea96e6ac36442eb114f65b0fa75fa8a536afbf09bea053a5842d
+	C = 76f8f8a4499e2208d3e2211f177f6277c452978086e2c278cd4c00fdb06514cffd262c69e19febb7dc0e7a348a293c724b7849f5af5781
+	reseed counter = 1
+EntropyInputReseed = db3f6b55ae9434a91c0ea3764855e34df859d2ef32e646f00c11d5d9bdc5655c
+AdditionalInputReseed = 
+** RESEED:
+	V = 14899df55788ac2eec06317599f1b721981a99e701ff254fecb468d415798c480e4ac95800ae1147bd1770558627845bfea084daa28415
+	C = 1c1ad6570ac6bfde120aae54a2a36761043c52ae2b8aaabd55366c85c9f9acf3ebf2fdbd1df8b01d88f920d9fbb7160ee6a3f02a8a082b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 30a4744c624f6c0cfe10dfca3c951e829c56ec952d89d099d4fcfde77c3367fd89617d8e113f328ad4dcb6d8fcba3a1b6307277ee2070b
+	C = 1c1ad6570ac6bfde120aae54a2a36761043c52ae2b8aaabd55366c85c9f9acf3ebf2fdbd1df8b01d88f920d9fbb7160ee6a3f02a8a082b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d36ec4ef06f8a0220342787375423ba505971b5ee0297a29dc8921c7e0b3b000447771a8005234040996fc4421c33dc3a16234df5c4979288f6f35ecb9769e022505af6b93537740afb3504cea5c69485ab3918f0c25eedd7fbd78d9cb0fcfa011f9291a09357479e6865a94cbff1d640423472ee1860e499f167a7c72ba1b07
+** GENERATE (SECOND CALL):
+	V = 4cbf4aa36d162beb101b8e1edf3885e3a0933f4359147c0f60a605cca1e85d015bb0609fffa056010819473fa4edcf33546f1b5025fa7f
+	C = 1c1ad6570ac6bfde120aae54a2a36761043c52ae2b8aaabd55366c85c9f9acf3ebf2fdbd1df8b01d88f920d9fbb7160ee6a3f02a8a082b
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 9cfb7ad03be487a3b42be06e9ae44f283c2b1458cec801da2ae6532fcb56cc4c
+Nonce = a20765538e8db31295747ec922c13a69
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8037eb9f243343f8af8c756475ea998f47a487c64dfad9945391004b08cf1a9102d4669492f554b543d820f18a90f453ad53acaf39f0c9
+	C = ed540b209e044dc2591923883c9a3b1b7c265bc053c40aa91971b09be4d3b3034b05f197a09c6339c7c16de14a20e29ea17bf11cbdb248
+	reseed counter = 1
+EntropyInputReseed = 96bc8014f90ebdf690db0e171b59cc46c75e2e9b8e1dc699c65c03ceb2f4d7dc
+AdditionalInputReseed = 6fea0894052dab3c44d503950c7c72bd7b87de87cb81d3bb51c32a62f742286d
+** RESEED:
+	V = cf9d4dd8a2c4fb507addbe849643acef2bcf6a4403082a026d50371bc7f2ea9d3975790238af78b750ef0334b7e42e0b1e71aeb97c6029
+	C = e16ed4378e0342deff3003334eae72709c31f5b4004ab9870ee73a6ab4c7eb6f18027c717bf8c94ccc1e06ce5a3afaacb431e2f860f7ed
+	reseed counter = 1
+AdditionalInput = d3467c78563b74c13db7af36c2a964820f2a9b1b167474906508fdac9b2049a6
+** GENERATE (FIRST CALL):
+	V = b10c221030c83e2f7a0dc1b7e4f21f5fc8015ff80352e416298fcc88847c8d0ca970964fbaa83f411e07fb6d6ac42b95a2c1abce0fc285
+	C = e16ed4378e0342deff3003334eae72709c31f5b4004ab9870ee73a6ab4c7eb6f18027c717bf8c94ccc1e06ce5a3afaacb431e2f860f7ed
+	reseed counter = 2
+AdditionalInput = 5840a11cc9ebf77b963854726a826370ffdb2fc2b3d8479e1df5dcfa3dddd10b
+ReturnedBits = 71c1154a2a7a3552413970bf698aa02f14f8ea95e861f801f463be27868b1b14b1b4babd9eba5915a6414ab1104c8979b1918f3094925aeab0d07d2037e613b63cbd4f79d9f95c84b47ed9b77230a57515c211f48f4af6f5edb2c308b33905db308cf88f552c8912c49b34e66c026e67b302ca65b187928a1aba9a49edbfe190
+** GENERATE (SECOND CALL):
+	V = 927af647becb810e793dc4eb33a091d0643355ac039d9e1e4d60a2ac023dca791d46f5e560b237047371aa1d629988772af7b96c0d0a07
+	C = e16ed4378e0342deff3003334eae72709c31f5b4004ab9870ee73a6ab4c7eb6f18027c717bf8c94ccc1e06ce5a3afaacb431e2f860f7ed
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c3b200420bf9d8efd959efa4ecc66e077337c5aa9ab834398bc33d3152e39087
+Nonce = a226083a9fe938c9423f39f0de2ee625
+PersonalizationString = 
+** INSTANTIATE:
+	V = bdea62a5e1baeff7df5ceb0b6f91d89dd1a9c863c8e9fd5d77c37c872cacf2873246c7da86fa074352e1ec770e34e171e902bd95b3f714
+	C = c16c8365771a8fb8097af99524fd05ca35906a40e9e0d289421b364e544d4e562a95b2142cefd9f971952889d61630c7735d9d74f6fa3a
+	reseed counter = 1
+EntropyInputReseed = ecbd34e657db5a0382e41971fc31bd6e83449b1b6a1a8296d1dddfc54a665d8a
+AdditionalInputReseed = 5865c8f601a309ee4f7d417eab8587763539f38541cb1b9abf8a3a6245ceb770
+** RESEED:
+	V = 2a86c110da2292d2a98c6a1b6979a049cc3e219155ab72f5145eeb354819bb2ccdac4c76b8df10322f59aaab0233811e85dfc3ab8877ee
+	C = 01ccbc4c48def215f4a177239cb789eeb6df86910d32a8119c47eb6bdca83752438a57375974aa1403632d99852704ca3530f7e86bf3eb
+	reseed counter = 1
+AdditionalInput = 932c454deb4a314d7bbafea7041c7e9ec5dab577ac2c4be5ae89cba80605b0f3
+** GENERATE (FIRST CALL):
+	V = 2c537d5d230184e89e2de13f06312a38831da82262de1b95de5ff5a0e771d530bb483ea662d3c993624c0248d5fc027ea0137df0f6ac84
+	C = 01ccbc4c48def215f4a177239cb789eeb6df86910d32a8119c47eb6bdca83752438a57375974aa1403632d99852704ca3530f7e86bf3eb
+	reseed counter = 2
+AdditionalInput = 469b3f8e721fd5af10863b568512724fcee9a8f0de6511511df313f4bdf8d40d
+ReturnedBits = a9d6d1da3fa837a61b0bd80ee63fca3f74ff073f31d2fe2cf7ee7478687594e40fd307d879dc04c7a7a9a9bd490a5e21d01d273724aa285cbb04c303a54f82906ab28b6bd3f85249db67ca2a1b92d4c2f2abe766c9a44dc87b479b58ca1437a30a95399bd5b41cd7c3b4302d42534cf5ce571479532720610621624cc27741ac
+** GENERATE (SECOND CALL):
+	V = 2e2039a96be076fe92cf5862a2e8b42739fd2eb37010c54560613367190eb11b582b18472f88d981eb1200e0b688481ad82d258c5ed68b
+	C = 01ccbc4c48def215f4a177239cb789eeb6df86910d32a8119c47eb6bdca83752438a57375974aa1403632d99852704ca3530f7e86bf3eb
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = e22a79673a2d9f835bd1ebfe471b16ab9434aafa84578a13ff1585de4698f87f
+Nonce = 403bac08b2975c26b0643fc05365bd3e
+PersonalizationString = 
+** INSTANTIATE:
+	V = a93c10599bdf61237565b3b481f6186b67c71b09f6a54bac4848fcbc7e42d0ac17ad7cd946f90f0c82dff7c774324450d2d61eacbae58a
+	C = be420350a967b7b7915621d386f1859ee4c92a492686665b2a1ed4f0a0cc129501a040554ade77f4aa2ab73dba8b734411167e48565706
+	reseed counter = 1
+EntropyInputReseed = 83f7cfb3e0f96eb2525d42bd74900161801454277ae33ca11c25d92834bdc79f
+AdditionalInputReseed = 693d4622cf57e1ae419eb7082c8777f028ff4d7434832ddc68a0c641e76f2902
+** RESEED:
+	V = e795caecb810f7364b116c3823c05120c9d388cbb32a5b3593515ef9b0ca4c19b1fa9fe4d42919a150e0aec475184d1a05b2d18e9eeba0
+	C = 550ee07b8e60380010a47cd4f9e125a3a5d32da085987165c97abf41883f673c522fc5c6100c3dc16b3cf2de29f00ef4991ee48370e007
+	reseed counter = 1
+AdditionalInput = 748a07cdb675837d900ce23ac212666bee162ce9c9c840f8d4ca69b598f28041
+** GENERATE (FIRST CALL):
+	V = 3ca4ab6846712f365bb5e90d1da176c46fa6b66c38c2ce51165faa273b4bbd5f7873e46fa1b076facb4832a3fefc4db75f2b54b89e9368
+	C = 550ee07b8e60380010a47cd4f9e125a3a5d32da085987165c97abf41883f673c522fc5c6100c3dc16b3cf2de29f00ef4991ee48370e007
+	reseed counter = 2
+AdditionalInput = fb52238f8b719357ccbfe89e8a3a20cd685d69a2a0d662c1abaf6e137e9f7e68
+ReturnedBits = 919e50807ca8dae027fd5c64117fa1f94aed42b90ea965f79b75162f0adf70bf23cfae4504c7b150c5c2474e2b9604fa8b0f7afe24f55777715980977f35b4b4e21c24a18ff3b161a5942595a9be4ea3e5f1665acfda8301256da1c97c19e65d461701f80bf6c0ae4e265a318c99b6c691e8c30b9c4bd54d25d111fae65b6583
+** GENERATE (SECOND CALL):
+	V = 91b38be3d4d167366c5a65e217829c681579e40cbe5b40b547ab17eda98a7214258d8670bbfd056a05f2217251d37dba235c2544a82ae6
+	C = 550ee07b8e60380010a47cd4f9e125a3a5d32da085987165c97abf41883f673c522fc5c6100c3dc16b3cf2de29f00ef4991ee48370e007
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 9c4afceff0bad37392cf3a06938531ff38a40ac1dfa646caf6755cbce8bd9e9d
+Nonce = 2410fd6ba3373a29000d771051f66647
+PersonalizationString = 
+** INSTANTIATE:
+	V = d1aa914151eaaba4f38c0b556f0daebb69909a1f3af7479ac532d7cba2148ded6e551422ab4025b904fa5a62145febbcca6ae5bd3d20e3
+	C = d85f9b82ab1d2cbe7c5a50e7a4fa61e2e7624eccb27ebb54232a0e2080fe8380da53738fcfe3d3af7018aaccf63119ef2d8de951720733
+	reseed counter = 1
+EntropyInputReseed = fc6748bbc74ff70da29f3e849816413a159baa544a8450f27e9ed8259e3bf298
+AdditionalInputReseed = be1bd3a6d18a90489850dd91e7aad0b01272f44c0fea6927b61bf0e446b2b2bd
+** RESEED:
+	V = 359b66615e626f54906d014bc97cfdc70022669aea550021675b1fbcfc87917875e7f6cd5c6e81fb1b3d0dbadc02378745a73994622d2a
+	C = 38899b84610407257c5e4327781aa82a532444b0dc318160464def5492a0873dfe2ec7142fe1a958b717435fd5df28cdadf9e64f1dfe9e
+	reseed counter = 1
+AdditionalInput = 4dabddcb7cec415fcf07b92314368e8e15b94821c506169c098e9af91ec8d803
+** GENERATE (FIRST CALL):
+	V = 6e2501e5bf66767a0ccb44734197a5f15346ab4bc68682d75a36af8d4e6f3e1fc5af2a2ee5e1b29493e39bf3a1782aa203f53e60d6e753
+	C = 38899b84610407257c5e4327781aa82a532444b0dc318160464def5492a0873dfe2ec7142fe1a958b717435fd5df28cdadf9e64f1dfe9e
+	reseed counter = 2
+AdditionalInput = 67a2e425f49d1a7d4e5044829254c7a834e3265cfeb360f1d83a6d28357450c4
+ReturnedBits = 33ea7954d8ce6140e93f9b0422a02b483627570309702616fbfe6433271293c43f99c0836673a15202e07c9e33c6f51c5ba165525ecc4c99d9bc82e6108ae4037dd7269e5f16b2f1249e1ac0c08f996e54bd9ad616ab919f5a17927f9dab0bc7c11a8cf021b7782c04f3ead19d572bfb8745729491463d3b8900c0d3b09b2881
+** GENERATE (SECOND CALL):
+	V = a6ae9d6a206a7d9f8929879ab9b24e1ba66aeffca2b805bc45e1ab57a06b324e444b6184a0e1dea8c43dc7ff8994d2b437ee152898df89
+	C = 38899b84610407257c5e4327781aa82a532444b0dc318160464def5492a0873dfe2ec7142fe1a958b717435fd5df28cdadf9e64f1dfe9e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = bf353c93f0c2dca35fc0c3d714a2e6aa8f606eb40c011e22a8263a6c3e879f79
+Nonce = 1a347369091b68c2568db7b636124402
+PersonalizationString = 
+** INSTANTIATE:
+	V = d3266fe7d7443b4dfe81cb842ff9b635081cf3928239923412de3baa842d9dbe65bdb5ecbcd4b3d7fb23cf8f4de140f2a82c7586fc72fb
+	C = 34860e254b09da3c7b27325b5554c9d8a2e56b1f7dfe7004a63070e2ea054321fbe402238fba6e53c334ce306f25bd2ead747003f09185
+	reseed counter = 1
+EntropyInputReseed = f30b2702808ab22e9215422089222aa8f1811c7d36ccac6b99ba23d6a36407a7
+AdditionalInputReseed = a85920c45189976cfeb2f586b2737d623b45d12dddaafba8a824c15c3b7dbcf5
+** RESEED:
+	V = d6a11cedf83aadb5cc9bf129ae9555c92477e8ec97e46ac596fb660b4ba8ae56e313ea38f1daeabbab0c6318ae722d0c8343dc732f7423
+	C = 320892def116b2420bc3550dc56cd5bc253739b00a740efa3d781e7e7523c919a144ad363018070cbc405724392cf5fa45e0a41ff77aa4
+	reseed counter = 1
+AdditionalInput = 9f8397860c8ad783e8abe301dc10f45f4755a7c481173528a253b07a577c4bd9
+** GENERATE (FIRST CALL):
+	V = 08a9afcce9515ff7d85f463774022b8549af229ca2587b882044a7bb61cb9fe76ab1dc3c5ef25fa90a633da5d52fd0706c8fb916292985
+	C = 320892def116b2420bc3550dc56cd5bc253739b00a740efa3d781e7e7523c919a144ad363018070cbc405724392cf5fa45e0a41ff77aa4
+	reseed counter = 2
+AdditionalInput = dc8cf6aeaf933d848538f3a326777534242589ff2e40168113196892291f44f3
+ReturnedBits = 37c269942c13808877ffb8f37b793bba9f2b5604733e18adb127f2df042335c50766a0b5defcc5a70758af20e022c692bcd431366992c988dd3115babc0b3ca0c6c691e19e1db02bf390087553c17c980b0a33f39c7ca91364c327b4c72c8b40733c45a00858eb17f62853cc2d59ca89912c0928abf840ca425a6ec12dbed33c
+** GENERATE (SECOND CALL):
+	V = 3ab242abda681239e4229b45396f01416ee65c4caccc8b8ddebff73de9ed12dee0a06032ebc99cfe77a3770984f821251a7c5b95249aff
+	C = 320892def116b2420bc3550dc56cd5bc253739b00a740efa3d781e7e7523c919a144ad363018070cbc405724392cf5fa45e0a41ff77aa4
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = bedfd50ecf70cc8d1586c507903e9d62547fc54f1a0aa13d5ff890695f39f751
+Nonce = 7eb96c7fd20adab487aabfe5b5c91c26
+PersonalizationString = 
+** INSTANTIATE:
+	V = 42cf35a3ddcc8115dd8b7e05e68300a3777bafcd54ffa27c9dc08f5a125242fd142c123c583d952fa13c5dc2e76bd6f835a93df18e058a
+	C = a12c592c0bf689df01c5a488cb35d6f52f607de34df3fa77c4ca9c59648927e85bc3bb6a7df094cb2bbd35bc22f1bfc1308883ba480b27
+	reseed counter = 1
+EntropyInputReseed = a703af1c615c27d9b26ec6e5121b9600663ab090063b9298556d4d78f5e7c43e
+AdditionalInputReseed = af59b6bcc960efc148053e7eac5ed7bc3505b86be08c3ea3549fc3e62431d553
+** RESEED:
+	V = c600ea2c668178ff86c2e75faabb78ff0fe31aefcab89142c1951a75b7eb07bc8c21d21f495f9654de4fd1d6594d087b65f4ccb0948c6f
+	C = 011b0fcb6a658695db6449e14b4e970754df7a0e05ae0b5b6eb282e8daf57b722a406ae8b4bf792639c3e1d9bdbcb5581fde3a1941c78c
+	reseed counter = 1
+AdditionalInput = 29e7ed10112016b64ee6185a19211c35e2932cc059bc324e893d196c3c6b41b0
+** GENERATE (FIRST CALL):
+	V = c71bf9f7d0e6ff9562273140f60a100664c294fdd0669e4fdf5fd39509d1b8aeaaa20175661c91fa85cb6eda3c7f028e25b31505b0f9ef
+	C = 011b0fcb6a658695db6449e14b4e970754df7a0e05ae0b5b6eb282e8daf57b722a406ae8b4bf792639c3e1d9bdbcb5581fde3a1941c78c
+	reseed counter = 2
+AdditionalInput = 28bfd3fc4c72ffcf83495a9b7f883f9df728f19b511462e1f65e7f80a5208761
+ReturnedBits = 2687e28c55c16269aad3705eee8bad4c9df12740963cbe55fa74a18bded5bc3aacc47c447f7b8d8ba47223d8f5791a6056d8fab050ea4294423d7f59675c3fa38785aa68119dd76b8bc5dd79fb2da48297d4fad5f127c5fdec2a3d7bb8d174609be693e362e22bbd025fb7662596bc691a9059420c57028262c51371d6d2c838
+** GENERATE (SECOND CALL):
+	V = c83709c33b4c862b3d8b7b224158a70db9a20f0bd614aa6f3538995d54742eddec0ac4acf6a9b39a0d21f4d683cc9ec7ecf79d464529b3
+	C = 011b0fcb6a658695db6449e14b4e970754df7a0e05ae0b5b6eb282e8daf57b722a406ae8b4bf792639c3e1d9bdbcb5581fde3a1941c78c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c8a2af91b97cbce5efbe4b71dd328292ece5d34338cb8ff704b3b526b102c2bd
+Nonce = ca373a0b622f61124296193e53d734f8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f047c6f52f86dfa4e1b92265ddbf0f5c9700bc5e599915dcfdc3af1d84a64ed5ac98f522a926fe9163e72fab2bbd7e1d3d6f207451047
+	C = 70df5e007ddada64a4219a60b4abca1cccd06f6cb9fbf7c09f163501e31babbb93cfb6a4d42b701b2e68351956bf549e7228494aa170d9
+	reseed counter = 1
+EntropyInputReseed = 4ee01d02e8a67214bab2f5537671f1bd79d0d233645cec94caeffe3fe862011d
+AdditionalInputReseed = bfe59fc71b1dfa05dc67e8b787372a2f4fc7af6bc2b8124d7e2a4205fa7af6ac
+** RESEED:
+	V = c94efd68d98cf4388d90f4ee9bedb08331b036ff3f4133ea4a4685c127c4e667b44a22a22ccaca7cb7956fe70198bd82a9e468e72d27a0
+	C = 030a9915e4119070ebb03c66e52d5d1203693fb2aa7db4c90deef163b52f0edcba471c244db09eb0d140ef87aecdfb33ac35ea828e3475
+	reseed counter = 1
+AdditionalInput = 0a2c8fd3a8069b4500f3a3413d3c6404c16d5e496da52704253c8c5948d43219
+** GENERATE (FIRST CALL):
+	V = cc59967ebd9e84a979413155811b0d95351976b1e9bee9596f4aba7607cbdd442f6b96f6643a28601cff13817d71f7709cd7c7594c3837
+	C = 030a9915e4119070ebb03c66e52d5d1203693fb2aa7db4c90deef163b52f0edcba471c244db09eb0d140ef87aecdfb33ac35ea828e3475
+	reseed counter = 2
+AdditionalInput = 899056bc9be635ee3e434f216126291de00d311bf73eb1b5dfc0c5d4e1497a52
+ReturnedBits = d1a3d93610752080a05513965db3a10de1ee37adae3849c17b0f3245c4452873a3b298d21294d01f243ec5cffb757f610aa47a7c2d88dc5537fdc9b85bc026f35e7f5e92e3cd5211db37bb98c34ea00483845a98fc3735bf16db38ee3e7840a3102b488aae89656220f0eba5d6dbe381cbb04b179455395f62b940d1b3f280df
+** GENERATE (SECOND CALL):
+	V = cf642f94a1b0151a64f16dbc66486aa73882b664943c9fa7209b31affc9f0539db4def077b864654bb8bf29dd2180c50f1574449d9a7fb
+	C = 030a9915e4119070ebb03c66e52d5d1203693fb2aa7db4c90deef163b52f0edcba471c244db09eb0d140ef87aecdfb33ac35ea828e3475
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = bc1b1fb2e4ed6a1ecd14a91a6425fbc92655d1069ae1004634c0ecf66183bf78
+Nonce = 760a861a0229f736f1caf10d8721a45b
+PersonalizationString = 
+** INSTANTIATE:
+	V = fabd2155a9c9b4cff9aa3c5f64b946f92c3791288e86d21c738a4998627ec2ea85883a7831f1d0b9498cfa5b267179a4c01daf379d9661
+	C = 6c22ddfd6f52f90dce350c2db0aafaad0b63bd4cff27cec89a6de34790510d0b5fbe7a1ce640ea9ff4b0209075a42c6b7a2933b5495b05
+	reseed counter = 1
+EntropyInputReseed = 4ec1c2c52a35b31551d1201b368ba770c629064318737694eec68f9078fed611
+AdditionalInputReseed = c7f1ee5f6edca86acc3bf0be4a6520a2370b00841078f7eb7d724346345199df
+** RESEED:
+	V = 59f9bbab0a3ac51d68acc7e1d4966891d50840542dfb78e7712ab9e671e3e12c2bf27c1bbabe0fd1ad92e1c763d0a185db5557b5d0af01
+	C = 90a1a8a81de9e7aa9bb9ba92b69f3e681a9338a22b823edfc7325db3f2357c6fd6e304176a4b233520c863a2546ce08f4ab63d874ecb70
+	reseed counter = 1
+AdditionalInput = 5ea24713bdf97b27f69c874254a0d402de214751ead933bb95bcc78b6305ed90
+** GENERATE (FIRST CALL):
+	V = ea9b64532824acc8046682748b35a6f9ef9b78f6597db8d83aad9f2759b756f65027504a6d59e596447702717f5614d7f90da416251409
+	C = 90a1a8a81de9e7aa9bb9ba92b69f3e681a9338a22b823edfc7325db3f2357c6fd6e304176a4b233520c863a2546ce08f4ab63d874ecb70
+	reseed counter = 2
+AdditionalInput = 136258f500d83cc032570738343a7780daf272ea491bcf53021d6a438c595d8e
+ReturnedBits = 908e2eced483ffa02e09f5dbbdab08e4f0654ae5a66381c409b0b426bd428766eaa27d6c7048864ff35f4ce19aaa30abf90ee58206b700468854179bf8b7069e9710bceee5554e0bf16dd8522817837b3d4698d2e01d59afdaea60484c3f8efa75b30eb28b0d54fd838169922837d5ee259c9e44a396aabbbc472cd7486d6a89
+** GENERATE (SECOND CALL):
+	V = 7b3d0cfb460e9472a0203d0741d4e5620a2eb19884fff94bf197fb906742c85421232b3131d0680253bd7a5ed752d7954be584ec10a1ff
+	C = 90a1a8a81de9e7aa9bb9ba92b69f3e681a9338a22b823edfc7325db3f2357c6fd6e304176a4b233520c863a2546ce08f4ab63d874ecb70
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1660367c5bb295a48801088de29fd18fc91172f6a08c65bad9cdb4f5678eecfa
+Nonce = fb3e304aa28bf35c682ef0e8055f53bf
+PersonalizationString = 
+** INSTANTIATE:
+	V = efbb79a1529893ada7dbdedea8829aa5743be084731d46fa6916bef941dd579b8397db5d111dc3d422768436a55559714c33f38a7aea81
+	C = 325c961bcaf46d39b5e62450f56668270d8623bd63abfca5f042ea4a91a7b33d04a5502907f2d92caa79d414a996072fcefac8e5dc5a50
+	reseed counter = 1
+EntropyInputReseed = 857001b5b19777c2f7df33e35b3f7555fb6c4675e562fec7e5682abaa2b81d85
+AdditionalInputReseed = e35c502065e466d0e9b9aa365f035517488830e92fbb20ab150f57c9441dfe8f
+** RESEED:
+	V = 127df7400bee9b65d73eb5ae8f51e9cfb78bdfd19a8aa2da3118ae96f850cf2a9c737aa20ac03c377be72b8a88189e5ee70cca5db57da8
+	C = 365c89e89b523a05701ded84820933a0a76f267c2261a1561845d6a02b5e5559511e9c52a2af3ba9eb575e6b118006e61abc306534ca31
+	reseed counter = 1
+AdditionalInput = 2c6922239ff2847282a10af197a730c08ac06aba2a74a1ccebfc8b9ff56154d9
+** GENERATE (FIRST CALL):
+	V = 48da8128a740d56b475ca333115b1d705efb064dbcec4519364f04c4c432fd75441ebaef486a9591ae5e9be5a6aaed0814b9ca0d238c9f
+	C = 365c89e89b523a05701ded84820933a0a76f267c2261a1561845d6a02b5e5559511e9c52a2af3ba9eb575e6b118006e61abc306534ca31
+	reseed counter = 2
+AdditionalInput = f0f841219212cfa5a116b843f9e6fb503476c0b6f9b4899016f21072a24e744e
+ReturnedBits = ef38843b35df0067286b402acad35894741359c14c19ae3db801d61da09fa2b53a15c39876b583d9e685e8ce1c3fabed305920f06a03410ce5fc4f5c6dfcf66afb119f334f9c6a9e708af498c1fa34f7fcc6e1bc219b8dd7c581d43c15bdaf6fac50569a3943ba0d8b2f8e5942eef42852916f4a41dfa28f26febc72cb9e5b70
+** GENERATE (SECOND CALL):
+	V = 7f370b1142930f70b77a90b793645111066a2cc9df4de6be84fdefdac823354001fa91c80e516f8d6171f91d521323eff6eb68ecb615ce
+	C = 365c89e89b523a05701ded84820933a0a76f267c2261a1561845d6a02b5e5559511e9c52a2af3ba9eb575e6b118006e61abc306534ca31
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = a1b0195f77f688bc3fefea419eb992ed3bdb96db999295a9831c92184f69c2a1
+Nonce = 4fc9d13388266dd4220949c60ea4acf2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 306920593cfaee7ae9b2823b906680575297df615df4301357093d927891f218abff0508538382dee8e1bcaa8541f47a8b93ec95aee362
+	C = d257a000718a71c5348e2e337170ba4e5a6d06dfe9ba964820c4ba594a96cc17c92688e9b9d2277898a52c60f466916d6b9c5871a6f152
+	reseed counter = 1
+EntropyInputReseed = 535a356623583f4f74d162afa35433f6be4fc6eb8e952f466b218493a342d98a
+AdditionalInputReseed = 2666008e7a2bfb8ee28523be575392360ca93d09530da9aab5d182b84c65eed7
+** RESEED:
+	V = b51376c0d3e5f0297379f9f68333c90b07e8c39ed393ff310a917038840050944e3080f7f106f990403e8c212d34f8ce5d8b69a037179b
+	C = ee3c1df3e7144f34ffab34186a6f5ae07910e8d72e649b6f2506f178fca68b6d9d03bf5ea5933e18c91232f6e3878b2898cd8f5cfc87f9
+	reseed counter = 1
+AdditionalInput = 0abd63bb586a5e3048ffc200e5a3e37f78d74070be772eb8e93a773702b8ee47
+** GENERATE (FIRST CALL):
+	V = a34f94b4bafa3f5e73252e0eeda323eb80f9ac7601f89b770224f1decfee11314d3013cbf7888cbabdc0e472f6ab9ae8e95e17d50d4e99
+	C = ee3c1df3e7144f34ffab34186a6f5ae07910e8d72e649b6f2506f178fca68b6d9d03bf5ea5933e18c91232f6e3878b2898cd8f5cfc87f9
+	reseed counter = 2
+AdditionalInput = f375c4a286e5ad0cce36c915aa78ca0cd110e5417edc2a19f5b8b204d0072a2a
+ReturnedBits = f6ef8bfe9e491fd681e637c9e617acb0d5cf98a143c9ae3808bd7a556d8be2699a5a6891d41edd075cdffcad952d99e9475391d7743da2c8879ccaff58282d2b5d6516b06d6a1e6d3597eb4448f2b9bad1e120d265922a7e1ac2329a1d052a1e4a34499cc58344dd52b59dd71576fd8fa30fbb4f3a38a25d9d642a1e291c3dcd
+** GENERATE (SECOND CALL):
+	V = 918bb2a8a20e8e9372d0622758127ecbfa0a954d305d3870c7ad2705e2eb015b9161d39ed1809f1ada54d98e7920695f36601b2d31579c
+	C = ee3c1df3e7144f34ffab34186a6f5ae07910e8d72e649b6f2506f178fca68b6d9d03bf5ea5933e18c91232f6e3878b2898cd8f5cfc87f9
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = f976fa66070ac087a5bb27c5ddaed1482b5cb2883434a31547f5f05f211ace1d
+Nonce = bcfd38706ef091cb69b2859540925bd9
+PersonalizationString = 
+** INSTANTIATE:
+	V = e13480e509257d7a70e5532f0c3ab151f7eb6007a72988c615f0e0b0f3049cf1197a6bf33bc9aa14fe55d8d733ab11b62f0fb68bd83ba8
+	C = 2deaec18026ba1b32388700c163457781b66a78ca0e47d45e12e7fbd9609a187fc5f4774864196192b1bcdb98a0fb946cf7f27c47a9a98
+	reseed counter = 1
+EntropyInputReseed = efdad243b81822930a7319b05ce8427eb73376f9b0b84fe6e13ff767447eada2
+AdditionalInputReseed = a295199f2c800b17dd0bf4cdbcf79ec65e79fcf9eee6e73d844e47f93d4ebb77
+** RESEED:
+	V = 80e2559dee60655a992edbcb0c0de7b9dfec5d11cbe8f95ea3f8138767e77595d9b6e4db97368e75506db66aa0d918079da4a1b9c6a2ed
+	C = d43a0046675dede3bbbafcffceaeb66d699859aba78c36494f4d9cbe583e1ec0b563d6f470a36e94b119a738b596a71c8e9bcc505bb306
+	reseed counter = 1
+AdditionalInput = 2a6452454422745eda9b5c7db4c811ac4067b711dd6eb797ecd16306d335be5c
+** GENERATE (FIRST CALL):
+	V = 551c55e455be533e54e9d8cadabc9e274984b6bd73753111d167a1350988c020b272d644c50471efa9fd8a95848b1aab138738f365e787
+	C = d43a0046675dede3bbbafcffceaeb66d699859aba78c36494f4d9cbe583e1ec0b563d6f470a36e94b119a738b596a71c8e9bcc505bb306
+	reseed counter = 2
+AdditionalInput = d2ced8844a14e35113dba2d3c45cf78fda6a278f079bcda109b815a41ee0c293
+ReturnedBits = d467f2fb9d74a710d434090a55673490bb86fc055a2decdad67e5bd0d845fe76cc80854358bb0a8794fe8db631153a97eb805f318e49e278b88f3642798cecc2d72657dfb87fb46dac95124a606add2d78082bcf7a6919390fcca9e31c65edd48688971390c4c1d3bbc76812a4d42c2edc34e626f8a5b983c56ffbf4d1e6bfba
+** GENERATE (SECOND CALL):
+	V = 2956562abd1c412210a4d5caa96b5494b31d10691b0168c89d67b68ee9064fdf07363ab802f5fc6d6b25102df39c9889bc56605dd4ac65
+	C = d43a0046675dede3bbbafcffceaeb66d699859aba78c36494f4d9cbe583e1ec0b563d6f470a36e94b119a738b596a71c8e9bcc505bb306
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 97fa51dfc485e3c7eea327a261802bd8afb738ea13045938c1f31fe75949dbbe
+Nonce = 747c6ec7ef6d1c815e527bdc6abe005c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 177fb2eff37c531185af3a1e40e11e5639d56468503d60ee0be3d1997dbca038e8167a981c11d5f6ce2179147c8fc4e69071abdf66c5f6
+	C = dac68cebbb00f882085f1f4d2f8937693984342759925f8b9858fdaf15815c1e746f8f00b12b5aebebf3d264f55a473d6453897927abd7
+	reseed counter = 1
+EntropyInputReseed = e1a391eabf45da95a90c8d817ff518a78bf5630e70d9fbad720788ab0ca67f31
+AdditionalInputReseed = 9d6413c945fae2fc67696fa258fa95bc47e7bf40cf07ee4591662eafa3c3f32f
+** RESEED:
+	V = 2ec665ed4c7e06daf7653793688bf0def0b530ef4fc7566a31ce5b13e93ed6dc9234e6d751350497aeea05ca0dd71cacdf9a09b5bbd4cf
+	C = 6876e0743cf129cd965129c0855a7eb144732827e8f862aaaa762feffa941184cc743a24337a8194a17667dcf2e9a248bc04d6b1245842
+	reseed counter = 1
+AdditionalInput = b3f1ab2d73acc14bb4d28d042fcfaf3957a04d2749fc6bf834812ce952529233
+** GENERATE (FIRST CALL):
+	V = 973d4661896f30a88db66153ede66f903528591738bfb97bfea43bf23d3f47f6bee31ef0679bfb2fc9258484127072e91fbebe855af13e
+	C = 6876e0743cf129cd965129c0855a7eb144732827e8f862aaaa762feffa941184cc743a24337a8194a17667dcf2e9a248bc04d6b1245842
+	reseed counter = 2
+AdditionalInput = 64d4af088acf4b7192bdf9bd46064fefafedd2637845cd8c93e8e9738b87cd15
+ReturnedBits = 6f56ab8fe63389955af7a12ba710c6b53b93a600a0ab4df6fbe374bb00efcec5630ada7c470926f12ffe6af7b2e3fd6d4982a31a7946f87bc9b7d770efaeb0ec36beb98da67e5e8fbad0f72fa45acd2c94e4c84d3f716b6b2af455e6e16b8ad8b33ee05cd315d7d20e0211b7fbab32132726a220f9e5ad9eb5640c4d666a0689
+** GENERATE (SECOND CALL):
+	V = ffb426d5c6605a7624078b147340ee41799b813f21b81d8401a483b6ea2e43fd6bcccdeb88aed4738470297abef59a17ca5afa69363a29
+	C = 6876e0743cf129cd965129c0855a7eb144732827e8f862aaaa762feffa941184cc743a24337a8194a17667dcf2e9a248bc04d6b1245842
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 394217d3e312ddfbd6d7eb83cb9d1b20f357322e57b48f896773105b84436f37
+Nonce = 421dc160dec4a797441568e039b363af
+PersonalizationString = 
+** INSTANTIATE:
+	V = d77b4e4cfb6982e159af52370d9d90f0dd52fb734fbb4704c94e02a88eea390bbf1200dd1476f5a9f39b643fe328c90f28c67f361f62e8
+	C = 18b3af00b9c3040e8c303be1f09b1335a60c4dec130105c83e9b5ac665fb0fe989106b3f05506c91fa965b18c891293b9849b79e2abfb9
+	reseed counter = 1
+EntropyInputReseed = 7e7ab2ab5ab64d337bbd489a0d00c13e3bba817a5c93f12e629a51e20d674f52
+AdditionalInputReseed = 57956863c7f2aba0b66ef1a539dee6bfe3eb166a7bce14844229f63e7fac8e94
+** RESEED:
+	V = 650ddf15e9af4ff947987e4bf5157448ac16a25e42c996dececbc0222c303a6dbdbfd779dff04001ca9f7fd945defe0f774559a13a4f32
+	C = 74c31a4c058f91c079ebb5dd21654cd92cc2b07819df36a24f65d40e8689cfe020b11e0aa1f6df4990c7a47d0fd235f60809bbf651b785
+	reseed counter = 1
+AdditionalInput = 0b4ea9e65d177a25dd8d3ae809d4a4c443f2ce01345c99cbd008b7b16e28159b
+** GENERATE (FIRST CALL):
+	V = d9d0f961ef3ee1b9c1843429167ac121d8d952d65ca8cedb61cfa13151bc3889cf27d497bf82d3f5bbfffe5b1d956cdcfe4a71317ed63b
+	C = 74c31a4c058f91c079ebb5dd21654cd92cc2b07819df36a24f65d40e8689cfe020b11e0aa1f6df4990c7a47d0fd235f60809bbf651b785
+	reseed counter = 2
+AdditionalInput = caafb2c9c672df58a11d44f0136a516497ffece862a958d6357224a0b439f9ab
+ReturnedBits = 35bdd5254768e9df71980a230d9b1c00104bfa09ce2473ade6c905a03e232daadd145b1c3ea8f167fa4cdafa03b87331fb07f0e7cbd0097aedb1e435eeaf3dd37737b6b7a7ecd7147d766fe2980a4577abb72af653c1a0846b2be9d867af2539729fd5aa2f7f3ba987c2a18cdc0b4404f42707012befd32e23daa42716415bb9
+** GENERATE (SECOND CALL):
+	V = 4e9413adf4ce737a3b6fea0637e00dfb059c034e76880686f3b10e8f8db2af78585e12c389d9afa502b07478b2da72a2f0946d28df595f
+	C = 74c31a4c058f91c079ebb5dd21654cd92cc2b07819df36a24f65d40e8689cfe020b11e0aa1f6df4990c7a47d0fd235f60809bbf651b785
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 1ce0b1d992c3dee97d47de163ff7b42c0e0d3d9ca39b1f27a19e8f3648d935f0
+Nonce = 2be89d7d6c583c6baf7f0bf99bea9550
+PersonalizationString = 
+** INSTANTIATE:
+	V = c0b3388b41bb31e838fe9e054f071b3c5b33b923802475029949967ceffabefd75533320746215570a35eef6e3e2841ba78cee773e9632
+	C = a0db347cc2d3a3f5cc35771dfe1050a75b454f351ac3baefff98f3389dc69483f30634dd2f827cc4d35bc871696de36251ef62c6873b14
+	reseed counter = 1
+EntropyInputReseed = 4d8d804a3d8be2a92942a3c52419fbd38c30d1d045c9533aad88b63c4f52fcc7
+AdditionalInputReseed = a727cf4c71c91f17d09c31eafab4d55c793b51a0f0598fbbd5d63711280957b7
+** RESEED:
+	V = 7d1bb5189052402a3fa4105603572d2e62a0b4cf633d8013af3e701306379e873560dd15d384c1522bd59d266e1213a2349a8adb7eca5e
+	C = c9d6c7ee337f6c85bf8d8b480c0ada4b244c999ef8e679a94da984c210f1626baab8e15e02f85cc80e81d40e41f0f63d655e52f081cdec
+	reseed counter = 1
+AdditionalInput = 55ca64df911dfcae212259800f0c1edf4dfba12af53b90362d013fdaf9a6a679
+** GENERATE (FIRST CALL):
+	V = 46f27d06c3d1acafff319b9e0f62077986ed4e6e5c23facd58facd6d61a6e767c34be7048053de3f046a1aa53bf637d9e95f62a077c668
+	C = c9d6c7ee337f6c85bf8d8b480c0ada4b244c999ef8e679a94da984c210f1626baab8e15e02f85cc80e81d40e41f0f63d655e52f081cdec
+	reseed counter = 2
+AdditionalInput = 56b90e825c616c11a704fe9125d8ca59010b534273ef9587f0b24f42c09b586e
+ReturnedBits = 03c174731989a5f025bbd6d3717e86ca108ab178c3454a0e535516fd9f985e19e1bbdd6cbef69633f7c24d08cc53d861af3bbfea358051b3e3807d2aa7560b3f2a9dfac2a5e2b89c266015f2183aa5d433ef392d633103a9a9c40a117bc31c258c4e668a8ed2e62dd9dcd5e38fa0c9a460f8c53ae2e33cf5f3b7b87868ff4ec7
+** GENERATE (SECOND CALL):
+	V = 10c944f4f7511935bebf26e61b6ce1c4ab39e80d550a75d041d9a085239b8333bbc7411722b6a64dcca18a94c6dff0ca15daf69cc45885
+	C = c9d6c7ee337f6c85bf8d8b480c0ada4b244c999ef8e679a94da984c210f1626baab8e15e02f85cc80e81d40e41f0f63d655e52f081cdec
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 48497a31bdd3d683a05e2dcfcbad10074765ceff04ce47fb52cd1df456641d6d
+Nonce = b02356b8c6bc8345fd197bda0bf00ad9
+PersonalizationString = 
+** INSTANTIATE:
+	V = bfccd844b8cc0d5749b2a82416a0833c3972aabbeb0802632db6203127844e82aca85b4627d5685ea79374a327826de1c36dd1a20c1899
+	C = 184c0ebc391a5c68198049ff94cd82ecf51bcf9acd6594b034e5fd36d36fc01b376f4e0b62695ff94af6c38c2eb563f130fba7d50b177e
+	reseed counter = 1
+EntropyInputReseed = 33d699ee8bbd5244f35fe00bcbe947a9d0e7e50abb5a39a70dd1829b0d519dbb
+AdditionalInputReseed = 7c1b207fc12fa6a7502622a08aa3dc34a42b3687f235ec5e012c0d0a6d19b742
+** RESEED:
+	V = f3b00eab88bc839586b7b39a9e8b8de5b86e598b6acce0de9a67c66a237f9fab8c6da69952ae9eb69cae457d4bba494b4cff694ba2ba4f
+	C = b2c68229579a388859900da28de36a62d3705bb30ddb629a5e8b20ab7767418629050c1d0a506251d06a39f1fc29a206ee921416381a7c
+	reseed counter = 1
+AdditionalInput = a8417638e07e9c163753ada4ed92561ff0f1f4794d636f1b07f3049ed5b8b68b
+** GENERATE (FIRST CALL):
+	V = a67690d4e056bc1de047c13d2c6ef8488bdeb53e78a8447851dc56a87cca7017a6b3f1567cdd81efa42219e49389038021f21d4e706480
+	C = b2c68229579a388859900da28de36a62d3705bb30ddb629a5e8b20ab7767418629050c1d0a506251d06a39f1fc29a206ee921416381a7c
+	reseed counter = 2
+AdditionalInput = 2c896bb2dff5af370ebd7909097b64fb3180b5d9507d7c376ab9258548d0d967
+ReturnedBits = 278a9f74dab56e372e419016ad2c95a5be943874f28db6cea90ce303a9e1eaf3e85b9194ce42fec056176920497dbaf4bb6bddde4ae7367c98b94ea2266bcdd376ee5ef12293f50f05059a5ee8ece30b0cd3cd64617c38f397a6bddd225703930fde8c0fe6ff468c02750a625bbc197dbead266b5e19f96a9648e0d974a2ff56
+** GENERATE (SECOND CALL):
+	V = 593d12fe37f0f4a639d7cedfba5262ab5f4f10f18683a85bafb0bda39fba21f2cdc8d66f937662d83073e89e98f9bf4145b798c2966ca7
+	C = b2c68229579a388859900da28de36a62d3705bb30ddb629a5e8b20ab7767418629050c1d0a506251d06a39f1fc29a206ee921416381a7c
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = b87bb4de5c148d964fc0cb612d69295671780b4270fe32bf389b6f49488efe13
+Nonce = 27eb37a0c695c4ee3c9b70b7f6b33492
+PersonalizationString = 52321406ac8a9c266b1f8d811bb871269e5824b59a0234f01d358193523bbb7c
+** INSTANTIATE:
+	V = 7fd70ab5dfa88c0ddd54c550d84759c82c15da8eda1c988b5b8a7c0d5652c4ceb19cde4bf5841cc736c96ab2fba42547b36d63f607eb74
+	C = 16026961c97fb9bba406b1a44578e0748cff70b9613ba476286c61f1be73ae633dbde6755f7fd5040107943bb953d5e0c0969398cf0f5a
+	reseed counter = 1
+EntropyInputReseed = 7638267f534c4e6ee22cc6ca6ed824fd5d3d387c00b89dd791eb5ac9766385b8
+AdditionalInputReseed = 
+** RESEED:
+	V = 9c7f7265ef7a5dfa11d180a88da5325145de40137cde150b2c31183b12565b3331bb344bf4eb068bc073c4bca93fb4bf871f95c0c75400
+	C = b67f23af8b4b926960e5cf33d95c8d01ad2d5cbcc8dd6650beaf8f7bd5519441696c5b9941bc6e711985163e50820fa0ca80dd5349a82c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 52fe96157ac5f06372b74fdc6701bf52f30b9cd045bb7bcd38a2995713d95f6bb788bfcfea43f284aeeda8e7105311d8e64a1c1b754534
+	C = b67f23af8b4b926960e5cf33d95c8d01ad2d5cbcc8dd6650beaf8f7bd5519441696c5b9941bc6e711985163e50820fa0ca80dd5349a82c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = de01c061651bab3cef2fc4ea89a56b6e86e74b2e9fd11ed671c97c813778a06a2c1f41b41e754a5257750c6bde9601da9d67d8d9564f4a8538b92516a2dacc496dee257b85393f2a01ad59aa3257f1b6da9566e3706d2d6d4a26e511b0c64d7dc223acb24827178afa43ca8d5a66f983d6929dc61564c4c14fc32d85765a23f7
+** GENERATE (SECOND CALL):
+	V = 097db9c5061182ccd39d1f10405e4c54a038f98d0e98e2890a9d2be69b7896dc55722606794b8b2ca05721c843c0518845e2e54fe8d777
+	C = b67f23af8b4b926960e5cf33d95c8d01ad2d5cbcc8dd6650beaf8f7bd5519441696c5b9941bc6e711985163e50820fa0ca80dd5349a82c
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c1ab40666e6d1e81520573714b665a84ca2332689fe0ae0718a9c81b74c85c13
+Nonce = 6c1c2001b64b094754d1d585a0531a2c
+PersonalizationString = 74b2db2665a820f0c4754cf494adc617018ca391ce44b8b06d784ace3a839e6e
+** INSTANTIATE:
+	V = 76bcf3b9a6204670595a7896a589c26b41089cf83900914e1a80734a4a695587d19240c2fdccdcabd3b84998c66499818db272cd8ec251
+	C = 9bf8023df69bff4dad4565eda46b8b15215471afb4cabd877aa2deb2b78cd27b999f97867a019cbf44313f0f4eae83bb08bcde6ed63bf4
+	reseed counter = 1
+EntropyInputReseed = ae8b773c71bce1ce976766497a4df975a460811fec0a19e8326210397670bcaf
+AdditionalInputReseed = 
+** RESEED:
+	V = 9e6fbb7e0e48115053a1c293265321aaa7f54c71cd941ec4c7c706c7f00b29fda189cf2e75671dc34c1aab7a7830097206ddaa70900034
+	C = 8ff40b7244212d2265bd3582980035ec6f4f0fd4377b773a39b728a5cbd099d670a5ae1a51b8539f683cf7d2cad695e11d3f2687960658
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2e63c6f052693e72b95ef815be53579717445c46050f964fcaa058fe4d5b6ac9d1f3e6022ca84bea00586a48b800b816b5ab7ae46c4878
+	C = 8ff40b7244212d2265bd3582980035ec6f4f0fd4377b773a39b728a5cbd099d670a5ae1a51b8539f683cf7d2cad695e11d3f2687960658
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f755aac4e2146acee080a84d201cfc2141a20744cd71a89f3d440432a81d2eb288aeb07f10710a622df8cec07c8aa5f84a88b4dd295a28953a2f589732cb43cae82079607a7f1ada3ffd4fd30f0c22281509d4ee93d18988e570fd291d8419a067a36e1098b2db849218e23893c3969542ee0c9ab0c00abb6fe72373461867ee
+** GENERATE (SECOND CALL):
+	V = be57d262968a6b951f1c2d9856538d8386936c1a3c8b0dd357908d80d36f85468e145dc8e318726f0bb5913647c09bded2b9f05275f15c
+	C = 8ff40b7244212d2265bd3582980035ec6f4f0fd4377b773a39b728a5cbd099d670a5ae1a51b8539f683cf7d2cad695e11d3f2687960658
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 30c68ec841deec8350bb821250a815cd305abdd656cf0882d5573c8bd88465bd
+Nonce = 55639c7f642dd5195ca5ceebbf9b5c6b
+PersonalizationString = d7e5afd008c3cf9ba511783923e415e1f8278bb13c9a0565342a94584ff1649e
+** INSTANTIATE:
+	V = 8a037549090c0fee946e10e3e9d5052350276ba9ebd9f135532b499e768e022b1638a30e99a02b2a2a89e400024872fdc125e6eb6399e8
+	C = 66d7367de8a4eceb84452b2ad70e8ce6d09fc4718fd141c2d024bdccb718a1a2f076725e6cf22b4df3300f4a26da62322f1d62e41c2991
+	reseed counter = 1
+EntropyInputReseed = 3eb2a99123ee921bf752ebff3d1bca724b3de8ca5b92aff9e7a95821b8883ba3
+AdditionalInputReseed = 
+** RESEED:
+	V = a7ea04030a19fa4d7e89173e99f72f914511920170ef827f3a31111db71f8b2ea650ebd3ab476c10236cd31fffe71a6cbc4332a2913c43
+	C = a5e782d794881f1a398256430f7a1431e07417528cd1ca3ecee8344e59a95deabd9d6d3aead2c951681f9f7d9ac246f90c871d27b30f03
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4dd186da9ea21967b80b6d81a97143c32585a953fdc14d0c909b137ca2c8106b648e23b1a883b8f15bf21cd519f12a2bd37943dea9945c
+	C = a5e782d794881f1a398256430f7a1431e07417528cd1ca3ecee8344e59a95deabd9d6d3aead2c951681f9f7d9ac246f90c871d27b30f03
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f842406cf9e704f2798d4224ff395e27b826abe2174f534f15943a69656c034b6ab722977a3691e4a47295ae804cc2a479df894237750a8f97ed2aa65b9706ebfadc00bdc97a66f19ad02fc1b76db4b5ece558941ae458d0836b8f4a4bd6fea24e07f890c3b84c22b3a7408ed0888face36b713237b43c8c3724a2a3911274f0
+** GENERATE (SECOND CALL):
+	V = f3b909b2332a3881f18dc3c4b8eb57f505f9c0a68a9317bddb1207ad18b5689fa4c2e052aa6e2bac8c381567a788d4d8519fc1094e2146
+	C = a5e782d794881f1a398256430f7a1431e07417528cd1ca3ecee8344e59a95deabd9d6d3aead2c951681f9f7d9ac246f90c871d27b30f03
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 9100896a763dff7682195b4931123a746ef4d2e6c232c1ca5c4994b8bc0ddc2e
+Nonce = ee543d642b4fd1bbbc0ab997a7585ff8
+PersonalizationString = 5a0db70264f2282be5c08f6bcca690f7889b217b518809976a4a0935dd78bee1
+** INSTANTIATE:
+	V = c9eb0c8e3d4bfc01446e2c64c71abe1172c242ff22abd95e7a51bb19c2e744df74d931d8f4a73006b0be4ee362b2618ded790111b721b4
+	C = e1e86f382ba19a657dbf7d7753678c464e1a25e1e754f9243ec7602613730ebe9c6d5e9f9b5857acb88e9ce389c7a1f1ccab28cb0a2c2a
+	reseed counter = 1
+EntropyInputReseed = 5cc076431ab0f4e9d4d94f7e2742e9bee956dc3ea6d3d180c619c4562d9b6135
+AdditionalInputReseed = 
+** RESEED:
+	V = 5ba0985fdb540205e685f9ae3de83dbc85497a46a4d7736353e0fcac3802c8d70845dabeb16858b93aa36684b4255106565657f8025248
+	C = 388bd6f7368bcb268bed53d80d8fd783fab4b9c2eebd173a6cd49b9fc6ea9fc81fc67d022e6e93ffc1c0c41f9d29d948c94ecef750d8d0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 942c6f5711dfcd2c72734d864b7815407ffe340993948ac7998fc50b4eee6e328e0446708627d694837badd29485e46b1fa56df75e9698
+	C = 388bd6f7368bcb268bed53d80d8fd783fab4b9c2eebd173a6cd49b9fc6ea9fc81fc67d022e6e93ffc1c0c41f9d29d948c94ecef750d8d0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 640a1cb095256d3fd1232297cdfaeee11017ca81e0ba3f49f9c5d35454c39ec512fe079d165b415ea9d7ebf18cf89efdb5f6c5c8ff6d431b60a10524813371e57cfd4990d5713dac1beca254c5ade497eaee59c8574fdf3eef177ead5f8cfa491c7e7d0797d0322abe5115e33662bfa07f5d4f25a6bddae648c3220065f656ad
+** GENERATE (SECOND CALL):
+	V = ccb8464e486b9852fe60a15e5907ecc47ab2edcc8251a23c0248f88a49b1b489e56c73684f1618b6d7d6ba533accb2c5664cc9356657a3
+	C = 388bd6f7368bcb268bed53d80d8fd783fab4b9c2eebd173a6cd49b9fc6ea9fc81fc67d022e6e93ffc1c0c41f9d29d948c94ecef750d8d0
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 33b16c7ac65c36713b8de448efbb4cc7cf2eed5e970d3439aebddf11e44c87fb
+Nonce = 7b8cba7ea83abdaf53022ee9c6988819
+PersonalizationString = 165655a3456ed7f6c9d8200cb89214187e95380c2765d2f89dfb5480d16a7b03
+** INSTANTIATE:
+	V = 3cb7a6bfa6843ecdd73597970977def375332045bf71ac59c52724b181df2ef45ad821521c3df165381649008bdca9bf364054ea7a77e6
+	C = 4c4ffcfa236969c94df9179d43324208a113e4406b669f0fad244391ffd0087aa2fa82c7e42e6fef54560a1770d8522e255671cc1794c6
+	reseed counter = 1
+EntropyInputReseed = dfe32b43feba0e06d420e311167afa68f465092478181560dfc193dd8f0f0f1e
+AdditionalInputReseed = 
+** RESEED:
+	V = 75d9b21816606175d3a2de669a93e223f6080f2d254240c749adf49cdda64de7b8a47b0c29afce144befb4ceda88e37c7bb5545da7765d
+	C = 4066fbf8767de9c9df67a1fb58c1dfa321790b0bc614eae3143fc90f0fe6c620b3ca68ffba8a94614fc5f41ffaf9cfde255add34c3ad72
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b640ae108cde4b3fb30a8061f355c1c717811a38eb572c42d5e3c05f847541e0abdf5cd718f9d6dbcfd7ec2f8649319d84848806d4ca64
+	C = 4066fbf8767de9c9df67a1fb58c1dfa321790b0bc614eae3143fc90f0fe6c620b3ca68ffba8a94614fc5f41ffaf9cfde255add34c3ad72
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0d30dfabbb2716ef3e27dab0f525869d2022a7058265ad738a3fc8b7ab99e771651d21ac3b2ff92cedbcb75dc82f25d95851747e81aacd5f1394c57b3c8a19edc47f18222e86707b3ae4edee20adeba058814913d2e8735d69741fe4d4d3532abafca554a53f8f4abd45665d292504f4512d526133710d9e29ee22c849cb21ed
+** GENERATE (SECOND CALL):
+	V = f6a7aa09035c35099272225d4c17a16a38fa2544b16c17b3e8d874b84b4d59349230249b42ce2ebe9cfd8a99d25ae0e3dbb0bd77397dee
+	C = 4066fbf8767de9c9df67a1fb58c1dfa321790b0bc614eae3143fc90f0fe6c620b3ca68ffba8a94614fc5f41ffaf9cfde255add34c3ad72
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = e2a2697797bd0d4a1b55f7a6cefb7764131ab950c48eda9293ff8ca5aa5af436
+Nonce = 4b195f3851dddcba143fbe9e80ffaa2a
+PersonalizationString = e883605d6c4e1bf4b3d452ec42d7708a728199b38c53fc586eced016a1809616
+** INSTANTIATE:
+	V = 6a94cfe871da051791ea6e921126a33241b43dd9ad8382f9fb56d1c11c674aeda4518db15359812f204e35ff2c30b69db5a7a6363978d1
+	C = d534aef867f1be1be13cbc064ca3b8d25c79858a206440ab3ee7c689357df02518ecfa6542bbc6bcb9e915bee198519698f5205fe23431
+	reseed counter = 1
+EntropyInputReseed = 22dce26b006fcc0bb6fb4a2d14ecd4e3324feea69788965d67e59f7e74b35d3a
+AdditionalInputReseed = 
+** RESEED:
+	V = 98b3172d94919064a89f71471a36687086960448271b746945b59b6337fa97973c9aaf7638414a89f37662f91f5c2268bedbc88e484b04
+	C = 1b36fc7e18af4707604253b652cc20b6ec84bed0fb95149ef15b61bee8d362f021c5e1e90a2f94373af0d05e7f1a41d21d67853cf899d9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b3ea13abad40d76c08e1c4fd6d028927731ac31922b089772e3ab21a363675b42984fe8cc6e18e9240da421bcddebd92c4c8c92922a754
+	C = 1b36fc7e18af4707604253b652cc20b6ec84bed0fb95149ef15b61bee8d362f021c5e1e90a2f94373af0d05e7f1a41d21d67853cf899d9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 15fc2b130ee19e26bf807e2e75aafa936dd468591898f971de3170716a1ad6bf6f3a5634897d067daa34bea6d1f995eadf9a2856050247ac1b5e0f1c1847de3d09cd855397acf607ba08d41e35e2ed2f7eceb121aff0900100b2525795c4d1f32a2805b08b177478a6683beb897614d7de36e82223fb8efbfcc40bd4a2d9827e
+** GENERATE (SECOND CALL):
+	V = cf211029c5f01e73692418b3bfcea9de5f9f81ea1e459ec012855e5e440b6f9046324234e2b8f3c791e94e033b9a026bc9c011be581043
+	C = 1b36fc7e18af4707604253b652cc20b6ec84bed0fb95149ef15b61bee8d362f021c5e1e90a2f94373af0d05e7f1a41d21d67853cf899d9
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 5dd63044be8005c8f5ebf920986fe59d346c675d5ff2fddcf8fe85b8a6982bef
+Nonce = dd1aeaad8939df2f111237dc5d43d93b
+PersonalizationString = aa040ec9d06492f1de2c528af3e8a10d5de9e6bb53f0e6bc81aa40aefbca8cd7
+** INSTANTIATE:
+	V = 237f4fb672ce6a9c81185bfd1c09e55fee96491f8eff078802ce87589bec2041dab1f6d217df7269ddf4af46f7365eb126037529e96790
+	C = 10e5570f1289b565c156d134f2b180efccbc6d8d3146529f3cf63e9201389d1915ce1dccb28086ab20b50b259e83dd4cf7b560437490d1
+	reseed counter = 1
+EntropyInputReseed = a71be7866959ec1aaa4a131b2fb452513f94eeb1c5e0cb36a4d5af2819843000
+AdditionalInputReseed = 
+** RESEED:
+	V = 643b882a5f3942d393d6efdad2440c310bd31717f163695cc3149877c139db76be23888546cb2c2216335551748668933fe80c203fe22a
+	C = 1e6769627fa593497aaf956eaf799a3dae64283ec15a7b7eaf57bc71a0c3a527b92e06a1e853d6285bb4758c55f674a9f59fa437e6c1c2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 82a2f18cdeded61d0e86854981bda66eba373f56b2bde54bf70040b2ceae0c07c78935a9be2e90a70903dee990ef9cb6bb7818022b308a
+	C = 1e6769627fa593497aaf956eaf799a3dae64283ec15a7b7eaf57bc71a0c3a527b92e06a1e853d6285bb4758c55f674a9f59fa437e6c1c2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5fdf271f7a2628d7cb1f9a507db41626ed699131ce81d4a0e16d85f4bba48457e34ba9892a2c61d0738aa89c2e9c5dd925a26a57f01fd0c1aca17fb37a45df92e4c1f07b264911fb7a658d4fed3e1d25c4cf1605f132891c6f0f28d2473b8f1b2d6e261c1ba6f8f0c7cda25ae84f78d8f4a658026f3f84a4db20b54d04253f69
+** GENERATE (SECOND CALL):
+	V = a10a5aef5e84696689361ab8313740ac689b67957418614519cd83e64573d957801b1bed1b00a91f2cadc12ea8e4eb677780338eb08fed
+	C = 1e6769627fa593497aaf956eaf799a3dae64283ec15a7b7eaf57bc71a0c3a527b92e06a1e853d6285bb4758c55f674a9f59fa437e6c1c2
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = ab48cfb5ee5199d3167604baf2ba482d23e3ca6f3b80b923de1b7ef29edc76e6
+Nonce = 1fdd89f317ce64c68c8ae166978df720
+PersonalizationString = cde7a26630c6a9124a6b259e501ba55a83b20e7a9c6fe398dbea1e33bbc45de6
+** INSTANTIATE:
+	V = e1b1b40413e22ca5f5d8866fc01750c0ca76acd1fa9f92a30495e78967e2e4a34f6b358e6b3de7b01746c846f3129fea9e6a9ead30e9e8
+	C = 5a49d1003260eed43adc7944bc45a002f660f61760e71a987b7c1b57948abf4bbce1cf1e3bdf3ea5a28a41e258dbedb858c492f8d79c31
+	reseed counter = 1
+EntropyInputReseed = 29c5906426a81e54fb7374137a177496ff31f207d1bab11c6c503dd325edcb43
+AdditionalInputReseed = 
+** RESEED:
+	V = fd7697dd72964ef5892edabe043089eceb4f5ea4bbc9644d3df8e3f92ec488b3a41b55fc8ffae5e07fc548ffc0a44a47d0f7c194d498bb
+	C = 6f1fc61a524b7af421be1c9af5ca2c39ead2da5688bfebdcc069b34560f3196a67595b47ffad966949a2fa8e2e309caddf7ff547fa2f90
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6c965df7c4e1c9e9aaecf758f9fab626d62238fb4489511fb7801460f098915529d972da67ae4c5cdb7ffb81102e63245770b6d785ac29
+	C = 6f1fc61a524b7af421be1c9af5ca2c39ead2da5688bfebdcc069b34560f3196a67595b47ffad966949a2fa8e2e309caddf7ff547fa2f90
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 49ba08db547becd2683c46a8489f3fe8a1f285fbbdb9f359ed855915a925eb353d503cfe80193410186342c60bfd920257578fe88d53aa5060ea22b6a08650414f2eca0a50670aae88a00f9dd67a44b331f48fdd1d320af4398f84f08bbbfa443d173e2d0d0f832e25f1a9e2491f63ccaa16588115f551585832a90a3ae32168
+** GENERATE (SECOND CALL):
+	V = dbb62412172d44ddccab13f3efc4e260c0f51351cd493da3c8aa18093f88a1bb7caeeb014e7ebe8f8e3e9b333c872c3fd601c797e040cf
+	C = 6f1fc61a524b7af421be1c9af5ca2c39ead2da5688bfebdcc069b34560f3196a67595b47ffad966949a2fa8e2e309caddf7ff547fa2f90
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = bf6813a79c9801eea31b856ef041a21da3dc5cb62d28052434cdb49d1587c459
+Nonce = 0e18fb93777447242a3e83d17fd8004f
+PersonalizationString = bc1cd8a5292cd2963e0c43c40b81ffd8c512a3bc904362c16b1cdf1d71c7d358
+** INSTANTIATE:
+	V = 33a71fa99a560e3fafb6c12bfa5c7f851ae1f95581563391f7ad8ecc27ed392d5244b0b8afbc30913e9341f326863e14d38614f3858f0f
+	C = 454fc92dede07315dae2a6de6dd7b92823a02ffad6c2f11e051a72ea4cdfe8372223796bc1f1daa0e0f80f8f6d53d4291069a64bbd7022
+	reseed counter = 1
+EntropyInputReseed = 0ef05d593f3a8709b4d80be9b1badfb2a0560007c345fd978b64c424d4ebb38a
+AdditionalInputReseed = 
+** RESEED:
+	V = ad1b9bed9b28dee4edacd0d07ff5f46b8ae0775d510750415dcdb7affa5851d54f0675c64b68ac498ccff6612c4c5b9d2f1a06cc85e1e5
+	C = c0caea25500c5044c5056205de92b0ed09cc2d3f128365ff853131f7b06744c535add32a60fa66022efd9e9441def3e9f1ce0071d2bfda
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6de68612eb352f29b2b232d65e88a55894aca49c638ab6897ccb0857f87b690d043501166dcc88d22dbd34948cc8a98dd965944fe328a6
+	C = c0caea25500c5044c5056205de92b0ed09cc2d3f128365ff853131f7b06744c535add32a60fa66022efd9e9441def3e9f1ce0071d2bfda
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 550a5cf750aa0d1f3b284dea420a5931659a5ee1d01e840b9ceb3b37bea1a7da815b07e57eeac03255156e7e6da7caed79b292e3c2518648a3f5de4b19514270047ec1a99b8ae9448cacc3a6b6e17d5e2bf5247caf7e39084c5b66f0fad01ccb358eb182d7bee22560e59b66c56a31a0e32c94351541a775372f551c782ff494
+** GENERATE (SECOND CALL):
+	V = 2eb170383b417f6e77b794dc3d1b56459e78d1db760e1d6bbd5634bdb576397aec4a2a06d7d1855d690c64c250d99e8ef02adeb2587c94
+	C = c0caea25500c5044c5056205de92b0ed09cc2d3f128365ff853131f7b06744c535add32a60fa66022efd9e9441def3e9f1ce0071d2bfda
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = bfd5a9f709c11290ba98c9edf23e50833d30540621ec9b3a585b9b0d41bb2102
+Nonce = d41874cbb1c05991dcfe7d3bedf6d909
+PersonalizationString = 5ed8fd3d19df22b6fc3b3be225981be64d3719a36a19e189a555922fb52c2d66
+** INSTANTIATE:
+	V = 959622993221bc2400a7773fcdc928f2d9752a532ff97eba2cb72edf7cd800a6335087c2bcbd05cde0cd628ccbc190e1ca1fa2d6942e18
+	C = 60d3db3982cfb9e6f924d0858d2e8ae0426ff8bd2c1a3df086437cb2481da8564d0ec26baf274c3485a6f734e86b3847824b99e1d48b38
+	reseed counter = 1
+EntropyInputReseed = 6b3a88c382f511efcb83e649be070b1c3092577ca6e4cfb35f1571e1cbaf4454
+AdditionalInputReseed = 
+** RESEED:
+	V = 59e4060c795c30a3642503286dd1fcdecfefa922b08115be5fcc3f6d49168dd4225132199b02227b7dfb0cf26cf81947fbb0637f3f93af
+	C = 3c4484ddde4f2d2064de62ab5d0184b427af4d509bacf0f488d68eb5a9fabf7bce19f077b613fda632e07978bcb9ea975aacd7303f940e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 96288aea57ab5dc3c90365d3cad38192f79ef6734c2e0705532e143f13f49623600f0e07898ee292c119771205c84d4fcb9bf3307b7dc8
+	C = 3c4484ddde4f2d2064de62ab5d0184b427af4d509bacf0f488d68eb5a9fabf7bce19f077b613fda632e07978bcb9ea975aacd7303f940e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 73ca665958f4bba1a8558ccb758c9a38a03b8ad242c710d66a0aae43e6f8d1e9da7d86f0f9959d0d9b6be043996c8bb794eb2fc902254270f83bc5a2843899fef7a5ff5b2e51c71423577d69057da81a0ad19d9049db6879971a70b3f073a66ac82f92b4ba29cab786b4a50fba27fbb44283072ac47357e092250f9072c5b62a
+** GENERATE (SECOND CALL):
+	V = d26d0fc835fa8ae42de1c87f27d506471f4e43c3e7daf8ba62eb4104b4d7f43a9ac674290f05c557d41c71372e2a8cbabf4a3fe8c7568d
+	C = 3c4484ddde4f2d2064de62ab5d0184b427af4d509bacf0f488d68eb5a9fabf7bce19f077b613fda632e07978bcb9ea975aacd7303f940e
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = ab6bbdbc10c49d9361cc86bec4d4936364302e9aac6d172ca215ceb9e76e1d09
+Nonce = e4b583474d5fbfebee9e729acaa60713
+PersonalizationString = 6e0d53132be943e1351f0067feb2cce950f8b1870bb2832215d68c7844218d53
+** INSTANTIATE:
+	V = c93c1d14c13f44d3248949641a2004509858e1efdb49362c6ec59f245a041f51536751b723f5989303087dfb0d4b7f5b74fc70b0ae5a7d
+	C = 6206ecfb902dd5332b7f4fae9f060d1f8f91a124009a82393c5487c88661ea7f193f7545c4f4a588269886fa7da1dd509678325a946b25
+	reseed counter = 1
+EntropyInputReseed = 7fcb734b5bb20e923edf2ed204f898b576c5e0fb5309585d1007e353161bcf97
+AdditionalInputReseed = 
+** RESEED:
+	V = 33276fb5bab3e4aab49720da067990594190562846fbcc63938aff7b4dc4dd04f5b7ca399cd30ce2435ab8cf9718654bb48aa75183e585
+	C = 2f207c6574d735ccca056a9ed888deb50e2c12e05bebcf68c5c0681f1a114f822d5812490a77a3205aa60283519eeb28bfe7d775af7bc9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6247ec1b2f8b1a777e9c8b78df026f0e4fbc6908a2e79c334a2daa870bcbb52360de3e0c0f00817c4c94a826d43deb00c871755896f2f5
+	C = 2f207c6574d735ccca056a9ed888deb50e2c12e05bebcf68c5c0681f1a114f822d5812490a77a3205aa60283519eeb28bfe7d775af7bc9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5555a2c5081bbe8b8ac5e5ecc52112e71e2cc409364f8f6df0de7ec999cb0e8f1cc1c97b2168afa7f5e166d371e14dd2aacede910ecc868f26579abb0ff858ed6fe85fd8247ccb5fdc84671ec06c4cdaea922ed5dbaf3955ff6ed50c0c45493f9a653334c2d683fe9faa790627db750f3505eed51a0e292e1106d01fd9160e13
+** GENERATE (SECOND CALL):
+	V = 91686880a462504448a1f617b78b4dc35de87be8fed36beacfb139cb98f2fbc43256f87f7b282989abde31b87c50e7d4c45b0d010f928d
+	C = 2f207c6574d735ccca056a9ed888deb50e2c12e05bebcf68c5c0681f1a114f822d5812490a77a3205aa60283519eeb28bfe7d775af7bc9
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 835c98328f161135fa2f6bc7f6bfa9af2fce407f63097e662dcff0e47a590f35
+Nonce = ce5c103044e2ac369a365a0276346915
+PersonalizationString = 76654d13a8e905f0cd7edd2821424e3d8514af769579ca1d805f03edb227cbf7
+** INSTANTIATE:
+	V = 196e3942e1606d8b622d0400a86102f683497bdb572ad66201fcb0b86bed3428c95a24b3ea7271f33b2f17e2ea500ac8b019c030b78783
+	C = 8fa7c2034f4fc9f3436198886a1c7cf45b4b41ca2574baf28400347d7103197d7a8becd9b2efc602c09a571889cca521010dd183a6fb8c
+	reseed counter = 1
+EntropyInputReseed = fa446eda616d0fe2a4e34e559aec33bfdb14f1eb41ee081dd1e3dbf5340b96ae
+AdditionalInputReseed = 
+** RESEED:
+	V = 4bf42baeef7179ee9c960ff9a5d7c723232e5b326a33d8385940702287786bdc5dddb100dbdcae94793f3f8a867992cc11009401f7a949
+	C = 23d6b5fbee474e167b6bed6ac4e938f2582ff0c40862dbfa59724b33b30244eec0577f73cec68c73fbb06bb78d9afad56fd3c26591e487
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6fcae1aaddb8c8051801fd646ac100157b5e4bf67296b46a5d46e0967cd8af217477c4e5493340f7641992729e157d17cd2f7b9a41794f
+	C = 23d6b5fbee474e167b6bed6ac4e938f2582ff0c40862dbfa59724b33b30244eec0577f73cec68c73fbb06bb78d9afad56fd3c26591e487
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 48337054fd5343eee9eff4817b83cec13b34370ff7756f3df48aabe727b687a503bba15cb91c0b4ebe17509606a17c3d3d6dc51d53fac06847fe1c7e92fe4f43cd70a5b53bbd637274ed90fc72757d5a755047253da6f4a4d92770ac02d4811f7a1bc01889416ef81b4ee87b8e465f5846ce58149e28fda6d4c21737bc7dcde6
+** GENERATE (SECOND CALL):
+	V = 93a197a6cc00161b936deacf2faa3907d38e3cba7af990d73e31b7ed5f3b669c6e3259f3a580f02569e2160a1576d2bf5a060a501ba9be
+	C = 23d6b5fbee474e167b6bed6ac4e938f2582ff0c40862dbfa59724b33b30244eec0577f73cec68c73fbb06bb78d9afad56fd3c26591e487
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 924892c536b3a6951b48d1fbc46ea020be85cc8e9c31c435ea134dab9d40467d
+Nonce = a752494a84aef9b1e3b26f5739eb66c5
+PersonalizationString = fe48e6db4b5b0b23bf61c4933e789bc81ed62128e16a599692053d9bc1b71d90
+** INSTANTIATE:
+	V = 5cd9566b7bea5ede09522ba0620bf8598da6a0eed061c11c8f5208a995cfd27ac4db15ff969159e02e3064a328d1fc1e89722f1ad9d478
+	C = be3a04b9d71357ad49b00ac04d3d94c67acb1e3d16bd8e6779e89c53c02e828bcb697dc8e95696aadbf1263094abf33b2506e368a74481
+	reseed counter = 1
+EntropyInputReseed = 4d42d3c4245452b6cb1eca8daabf263485c51481edeaf5ed53b36f5b982ee59b
+AdditionalInputReseed = 
+** RESEED:
+	V = 3e251f667d9fed759379380402654c27b9626ee3ce03bbcb516deed43e006e7ecdc94b51919fb550a538318a422c3b6dbf2af8f0f620d6
+	C = 9509c7278a2ad7d1f1a1b2ee1b19a21e2222aa59dabd1fcc30381f597410f0c511e8a74930e254693db8c9f1db6a93d2a698441dc2c5b5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d32ee68e07cac547851aeaf21d7eee45db85193da8c0dbc36dafe4fe8533292c750a455f51c52fb42e4eeee2426f22415e1d6bd5f44cfb
+	C = 9509c7278a2ad7d1f1a1b2ee1b19a21e2222aa59dabd1fcc30381f597410f0c511e8a74930e254693db8c9f1db6a93d2a698441dc2c5b5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 57021d5b1eefdd6c9a197abbf4802cd1b83106c0999afd43a568b5b79f9d0aa7b2d475f013902010ac60a93fa020154e89b5a84033aee28fd1a46369e2572466ab8d986624119c747ed82aaf00572b34593600095fcf71313cf05e1006f30079f3cf8331934c19a76c05cd0edc6faeed284e396e397dbd7ccf93de25d6387af6
+** GENERATE (SECOND CALL):
+	V = 6838adb591f59d1976bc9de038989063fda7c397837dfc5e0254d623632f1bdfc61c5d57b6942b13c39895a3b978ffd369dde3357be473
+	C = 9509c7278a2ad7d1f1a1b2ee1b19a21e2222aa59dabd1fcc30381f597410f0c511e8a74930e254693db8c9f1db6a93d2a698441dc2c5b5
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 0779bfbc80793d19fe8718331cfe59a89c5bfab76a36314c28387d3ae7d40fa2
+Nonce = 4ea104a180779590dd7b8fcb8fbc8664
+PersonalizationString = 4c899c0e62b7e306f0453b10661377e4de9a8b07afd06d5b13b9c94cebfcec85
+** INSTANTIATE:
+	V = 208a8136aee1d4c7e24d09034c16e143820f4f403a06cebd35ef02afc53b02a2ae7353f62f9c618dcf450e45e7b373f8b101a857f44ff5
+	C = e5cafca15f92c3a72d13619e225004632f4dc8ff2431aeb459d4a5f2cfb918bb32841634d7917c22f9f6a1b03dbc4da20331d777acfdc2
+	reseed counter = 1
+EntropyInputReseed = 09b8643f9d81653154cfd81c850967ac597ab59143003db2ea5c9d0deb2cb8fc
+AdditionalInputReseed = 
+** RESEED:
+	V = d2ff886e320a3fd9b4eeca83352c029f65715f686b485e0cf48810bc7d22280d432b1fd400260862f9207713b7f6504607a732e409a19c
+	C = 3a537ec5a7efb1a841f9fbf087c6de4ea7420e4b9a4945579371c2c36a96af120c64b2355b4458741ac151b7ae9422f15fc561ddcb5286
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0d530733d9f9f181f6e8c673bcf2e0ee0cb36db40591a43aabae6a7436ac6384cb683b8150bb42c8dd34d2fdfbfe9d37bef3f548c7be7d
+	C = 3a537ec5a7efb1a841f9fbf087c6de4ea7420e4b9a4945579371c2c36a96af120c64b2355b4458741ac151b7ae9422f15fc561ddcb5286
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 552b1c43830bb57c31280638463f9812c00442b40ca353d513e766556ab9e78fd71ca6c7514af9ec9c02ab4eb55ccb2f1ef43cc9a40a1e178cd04b16818df25ee49f6e909663ac01bdadc9327c9f0b98eec57504c969be1e1d68372676290c0e6cdee682156b18d4e3105a840793fcb40193828d234e0a7252ac72c384425fe6
+** GENERATE (SECOND CALL):
+	V = 47a685f981e9a32a38e2c26444b9bf3cb3f57bff9fdae9c5d55b909c4d81b80bda26cef35e7432f511190b9042844d33d7bcd47d832e7d
+	C = 3a537ec5a7efb1a841f9fbf087c6de4ea7420e4b9a4945579371c2c36a96af120c64b2355b4458741ac151b7ae9422f15fc561ddcb5286
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 2535cd6f0984da47deb202bff170428f19c9a38a927e74056c68260c5a4889f1
+Nonce = 31eaf3a93c79e86747e67dc545421b36
+PersonalizationString = 97320d221299f61c2b2c2d8a0743aec748fab48934a5955a94dc311e3ff2785d
+** INSTANTIATE:
+	V = 9066c12718196974ec6b44d1608fc2898298e2e7b34739f92f33e283d3c8a4933fc29e0225817fd7bd67e739760fe5e87da3dd292d9b99
+	C = a1361b2568898c1e7e37e7a4340120092419334963a4e99fa8d2ec12522a74e269f24b0e8d171be47785e38b090d49aafcb91889b0c946
+	reseed counter = 1
+EntropyInputReseed = be4aaeff5884f5747aa3a125558f5e232d5f09ab4a8035bbb57c07c8acaf1691
+AdditionalInputReseed = 
+** RESEED:
+	V = 8dc80a451cf54e3b7dc4466c967be080c78e9759d19d88b70f018935feda86a4cd70107cae36c2fc09a2df1d83fdcccbfe7506b29c6efa
+	C = c1e9bc130a24720bc8521a1a82644e172a1b6e3580c47ee222936d0780efb1ad724a5f809842b8d5dff0b6b8015e91811962fc49d38458
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4fb1c6582719c0474616608718e02e97f1aa058f526207bcfe40faee3083a8f3ba3925bcd22d863a9ed30f628d8c544e049df194bed213
+	C = c1e9bc130a24720bc8521a1a82644e172a1b6e3580c47ee222936d0780efb1ad724a5f809842b8d5dff0b6b8015e91811962fc49d38458
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2c9947d385f855f1ea6b742abe7b6b692499a441c48874692d198a6030b604c9dedc2b9cb4161ba1c51eabdaee6dca9d741621ff358b962e0d792e1c74e24f4d3701b0ee207b0dcb64d66b34abca9f62741e7fa6fe9fa5db8d9ad497a09cba46cfc74a8bcf243c17bba6a28708d9a804cb71d258ffc3834d80927ab7cb4f2d5c
+** GENERATE (SECOND CALL):
+	V = 119b826b313e32530e687aa19b447caf1bc573c4d32686dc6ed0eed5e9378c28418baec2f03025987073d53caa4ce6db286710be86fc98
+	C = c1e9bc130a24720bc8521a1a82644e172a1b6e3580c47ee222936d0780efb1ad724a5f809842b8d5dff0b6b8015e91811962fc49d38458
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 6c623aea73bc8a59e28c6cd9c7c7ec8ca2e75190bd5dcae5978cf0c199c23f4f
+Nonce = e55db067a0ed537e66886b7cda02f772
+PersonalizationString = 1e59d798810083d1ff848e90b25c9927e3dfb55a0888b0339566a9f9ca7542dc
+** INSTANTIATE:
+	V = 3fb73388bd7b779aa94ff1738bfc7b80ff907a1755589e3a7646db08df608f58e3ff3b660abc591932490a5a03f79ebc6de8e655848d99
+	C = 48723f992acce55207e3882d69ba89684d083da32dc2e2d9fc171423c27f2024701d273447e56585607dc13d3964ae35030b6e4683988c
+	reseed counter = 1
+EntropyInputReseed = 9ab40164744c7d00c78b4196f6f917ec33d70030a0812cd4606c5a25387568a9
+AdditionalInputReseed = 4e8bead7cbba7a7bc9ae1e1617222c4139661347599950e7225d1e2faa5d57f5
+** RESEED:
+	V = 9094d0cdce1ba9157c85621622fa2b5e8523cd6d96f086519d438c87f7b0f2a310f97f5846fe5891960a91fa6ab2b037a9cd0e004d7891
+	C = d1335413e567313f7f5ad08aa9b8f524cb4fa0ece21072b0e3896a62bd21c9bc31fbf4d4ec030c8db12b3218dccfa0d8e9b63aa668e229
+	reseed counter = 1
+AdditionalInput = dcb22a5d9f149858636f3ede2253e419816fb7b1103194451ed6a573a8fe6271
+** GENERATE (FIRST CALL):
+	V = 61c824e1b382da54fbe032a0ccb3208350736e5a7900f9cc455906a2a6d57a8b3ee24477c2d939a8c9800552fcdf8b84340b9d220f823a
+	C = d1335413e567313f7f5ad08aa9b8f524cb4fa0ece21072b0e3896a62bd21c9bc31fbf4d4ec030c8db12b3218dccfa0d8e9b63aa668e229
+	reseed counter = 2
+AdditionalInput = 8f9d5c78cdabc32e71ac3b3c49239caddf96053250f4fd92056efbd0be487d36
+ReturnedBits = 6e98a3b1f686f6ffa79355c9d8a5ab7f93312159d52659a2298315f10007c71adabc0b5ccb4164c0949fbdb221b43acdb62bed3099596f2d7bd5d0048173dd2360a543b234ab61a441ddb9299af84ca45c6e618fd521366dbf509d4ec06174da924361d642b107e5564ac1b32340dd2f3158bf4c00bcb4dcf12c6d67af4b74ee
+** GENERATE (SECOND CALL):
+	V = 32fb78f598ea0b947b3b032b766c15a81bc30f475b116d70ae17e68f66aac0cffb8b84c42c3733625fef107e4cb8c96ef0567087af2518
+	C = d1335413e567313f7f5ad08aa9b8f524cb4fa0ece21072b0e3896a62bd21c9bc31fbf4d4ec030c8db12b3218dccfa0d8e9b63aa668e229
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 43fe3fb0ade534abdf3a190c29dc96e9255f13728b8a2cdb05a81b9ddbef5e29
+Nonce = c50e25ec1a32e530d8459bd2508ed95b
+PersonalizationString = cd5f96bca1014b30261432a68847b7634923acfc59397f462764d234be99c14c
+** INSTANTIATE:
+	V = a3cdaff367be53bad4226d8dc2334b8f6f0cbbda1c6f19766191e7bf2220e389c18e0e30e5815fb154cff90b489d83019cd98625ad6a0b
+	C = 9fa1dd869c115d47bfeed00d7f64615d721d7839f9bf23b5beafddc5a999c84e6fd9d5fc1dbcbcd9cfb1094b3bc21fecde4a3026a5c119
+	reseed counter = 1
+EntropyInputReseed = bd5023773b0de90d19ba56fdd61dfffacf81043b5549efb43cbc57bac06fc1be
+AdditionalInputReseed = 3d4f633af072b427372406c8ae13d9660a9032f5d8dcbadd4b44d0ee4e0b7652
+** RESEED:
+	V = 9e3eb6f3065ff260392dd2f24bca5a595ff14bc230ea7f53677a5147ef45e0157a5fae22ce9f8b2b5aeb8c84afb7e6e6cddf333b8674bf
+	C = be8c777c9ab86d97d888f85f7246f6ac895d0835425323d0ec44bda06ae2dbf19a82d80e6c2a26782de8dfeccb5706dc450d0fc1808790
+	reseed counter = 1
+AdditionalInput = a2470807c3a87f8ca585139aed8fe5e45027bce9d3508050b84a09da35892489
+** GENERATE (FIRST CALL):
+	V = 5ccb2e6fa1185ff811b6cb51be115105e94e53f7733da3e3942195a7e65761cb3ea810424e7306cd907b1e36f916d7d46dfc6a4995b1f8
+	C = be8c777c9ab86d97d888f85f7246f6ac895d0835425323d0ec44bda06ae2dbf19a82d80e6c2a26782de8dfeccb5706dc450d0fc1808790
+	reseed counter = 2
+AdditionalInput = 2b2e59bae861938e6e8891d80b1712d323a99bc390eb574266b78898d274bfc2
+ReturnedBits = 5c92e22904f782d336222425f09a6181c2967decff5956dd49d196aad5d4fb7547368f51643796fcc192a42ab5ac18903d1de36a177fb060bd76ccba24379710ef3d7c86080c0f9d6db41d01f5f422ace87f6befc1efa4cde25b73bf692cf0e56a9bd526702976af0c6fb63f226e9df70fb9d6d63ae6ada1f806e6eef6117acb
+** GENERATE (SECOND CALL):
+	V = 1b57a5ec3bd0cd8fea3fc3b1305847b272ab5c2cb590c89f71078c89f8caf226b8acecb3e925a5fd39a1fe36a64d496eb0df4af3932cc9
+	C = be8c777c9ab86d97d888f85f7246f6ac895d0835425323d0ec44bda06ae2dbf19a82d80e6c2a26782de8dfeccb5706dc450d0fc1808790
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 65a1ef55920119450aedea7bdc3439ff8368928c8de810acd459564900330e8a
+Nonce = 85ec6cdc01d378cd4c093de7036662a6
+PersonalizationString = 222e716408e7d37f6f46feb910e1d446c7c45a49dc13c93e306ab99af8fc2001
+** INSTANTIATE:
+	V = 90d7126338bc6f812ce471bcf7aa2a34d75ffa13e7dd21959db714c750ca67e9ede0a574674bfa24dda2fbedc71512211c76245f1c7e15
+	C = bfcc6163b9180a297e20ee76bb89ff92b29590b4929c2bffbda801ad6638a11bd99b0d034d4d2b917c3a5a4fc1f6584f2dfc96d584a5bd
+	reseed counter = 1
+EntropyInputReseed = 377365b37ec38f180e0141510636a8356ca929216ce87638bb8ca1c7dfefccec
+AdditionalInputReseed = ec0504be96ab5cbef4f319c15d4965d5d484adcbc1c822509b56224df75f1b4a
+** RESEED:
+	V = 1827046c532cb34c53aa89e4e5fba82a7b0fdeaa4c01423053e577c527dca13e89da5f0c973de5fddc2305e99eaf55e51f182b6add0958
+	C = d0fa7bc5911da65d9897338b3b81a90eb188308b46aa1346d7d9cd2cd944823ae486b1240a593b6c8b4b8d25f06db65ed75316cc914885
+	reseed counter = 1
+AdditionalInput = 66003090d98a1eb08959e686e030b6202e007bbb66dda622d43bd8093036370a
+** GENERATE (FIRST CALL):
+	V = e9218031e44a59a9ec41bd70217d51392c980f3592ab56d21a288bfaaee7961633dc47352fa2ed5a7fdae5b0fb28cad7c7ecdd7c6e303b
+	C = d0fa7bc5911da65d9897338b3b81a90eb188308b46aa1346d7d9cd2cd944823ae486b1240a593b6c8b4b8d25f06db65ed75316cc914885
+	reseed counter = 2
+AdditionalInput = 5441efc988597a9b0e82aa7e7fa1f6bc85d8c757f467f2e9f00d2abd4cb87cf5
+ReturnedBits = 80d86ee39dd20754e3099a1298884ded14e65539c52a83ab22da749fe6db237fbceb148d4478d82ce3625d47053ff1574638d445f7e88c44ea65e6c338560159d14d3b6f3b467a8a40c842d0cb571e690c2a69293c1bf917b4697dc5ece08eda4739cf40b629ec5389c742968c29f61c72c2670d50e91748163aa4b271205f2e
+** GENERATE (SECOND CALL):
+	V = ba1bfbf77568000784d8f0fb5cfefa47de203fc0d9556b6cd0ebe4b18d1edec2c46dc99a183c763f7a27a9a085976f5bb9f27ddc28e3d7
+	C = d0fa7bc5911da65d9897338b3b81a90eb188308b46aa1346d7d9cd2cd944823ae486b1240a593b6c8b4b8d25f06db65ed75316cc914885
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 92bed71a1b67c745bacb20f6707cc796a00797d4608abd85a0a0cd51d6b225c6
+Nonce = 96130a1715af35afdf13d8dc3f2e45cc
+PersonalizationString = 8ce419eb3f91ca9b45cdde29d612567574b62aa6b00502585205d77877b6ae25
+** INSTANTIATE:
+	V = 26fbce55ec5a579b8964a7a3dc88a845eeaa45889ad7aed8b1224846f03eb048bec0f1ca0f0af1f8c6524362707c45f671a77c3f1a3c07
+	C = 8df079abf16dcfdab3ed38f9048e70d22166f811959a71f0258eef42497ea369867c8b690e8c077326634015313f6de916a452ff15a815
+	reseed counter = 1
+EntropyInputReseed = 5638fe2f2d35c4c0e8cb1b6ba0e3477d9f739f7f8cebdfe2363b64e8107c202e
+AdditionalInputReseed = c4d1fe601adf4fb1ad0e0b197216b9a0e523f1b71b7dbe82908a7a0054d9e539
+** RESEED:
+	V = d3216947bd6cae53bb9f454fb222cbd00cf53e13e0e20923ad7bb9f727b62dbc3946f700f47793ab2dc3f961eb7690b0fa8f8ebd145ec5
+	C = 6fa9a56bee0b9b5913cc7f9e8d236ca29c28596a166661edec0c61b1e903f9a2b742f9c4ae08eeec3ec9b96f04d14ed4e0305189cf03c6
+	reseed counter = 1
+AdditionalInput = 6dcb2009613a215d683e1b72cb7a8e7f890b9443d1d00d5632f31274b629f040
+** GENERATE (FIRST CALL):
+	V = 42cb0eb3ab7849accf6bc4ee3f463872a91d977df7486ca5e87f627ec682041c30fb0a0a6e81c6eee5da970ef6aa680a829dbccbc2ac7f
+	C = 6fa9a56bee0b9b5913cc7f9e8d236ca29c28596a166661edec0c61b1e903f9a2b742f9c4ae08eeec3ec9b96f04d14ed4e0305189cf03c6
+	reseed counter = 2
+AdditionalInput = e8a371c67eabf01974f7b9acbb5f749d2203406fc9441ac21bcfb101509df5fd
+ReturnedBits = 188a534891e2128a14479a6f37583e0ee32287de6d7d38d3a3776f8482477609356ae31decd9da1e51f8e47bc11a2e1c87ceb6439e40489948deb99c2e517ed2b771a8db5cec3fd096bdd3b4c5f27ba78646519d5a87ce84d806e1695a5f542fe801b4b3960fd204ee07ecb6af6c27b3c932738d12bd5815b6595bc6be7db066
+** GENERATE (SECOND CALL):
+	V = b274b41f9983e505e338448ccc69a5154545f0e80daed047864508da71abc95c60454aafa8096c344b7bfb49d709fc4c21862e524c064c
+	C = 6fa9a56bee0b9b5913cc7f9e8d236ca29c28596a166661edec0c61b1e903f9a2b742f9c4ae08eeec3ec9b96f04d14ed4e0305189cf03c6
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 1ab1e3b80c00b14ea977566bc77b3764f29d22b90cccbdaa9d12dce0f3a0fe0d
+Nonce = 8d5c64748be79d38a67393f5a3ea9ec1
+PersonalizationString = 4324af7ad7fab31da7ab0d81c4f5c5061c4db2e504d026d22dc183bc191c6c36
+** INSTANTIATE:
+	V = 689ce5dabbeb1560c51835e2d07831b8cbc96753efcc78747d8e3467bd888ab4f9caaf62b6c62d0906c2e9a686449383f93f9e7d81391a
+	C = 35dd2c092b189f872a0ebfc715df86528dd1958bb85c4834bb8876a82611090f7a8fd1888558745a95fa6de8b53f40d01af5b9c9e9bab6
+	reseed counter = 1
+EntropyInputReseed = 20ddb80c8a7df10de992f0325d3a6aac262f12b7d07166529c2eca19934b8526
+AdditionalInputReseed = 531a2eb54aee6576958efe2cabb11d26703094318b941681d82ce24fa153e4cc
+** RESEED:
+	V = 7a2fa22f89b522af5e438b2fefbe374593fa198ad72886986342fe859a3a4c37517a291eab14fa9f6fe44cbb87c47f359ad504c464a9f1
+	C = 10bb216c39f198a6ea31087f721c6d0c00db396db217b85bcd15b5b65fa209a14912527aed945566e327a8aa811c41f9894514b3066acb
+	reseed counter = 1
+AdditionalInput = ed87cf9d21b6d4229b838ad8172306ec442c79c73d1c55437f5a7f91215dcf5d
+** GENERATE (FIRST CALL):
+	V = 8aeac39bc3a6bb56487493af61daa45194d552f889403ff4c2517617429d5324f885bb206f35249e357eb4622ba6f51cac85d5a36da83d
+	C = 10bb216c39f198a6ea31087f721c6d0c00db396db217b85bcd15b5b65fa209a14912527aed945566e327a8aa811c41f9894514b3066acb
+	reseed counter = 2
+AdditionalInput = 0ab8fd485fee152e9444f8cfcca02fa32f1a9f843bf8c9f1995062c024be1fbc
+ReturnedBits = 349b992483f6809cf4d9639178224201deae555addad37f59cf945e09baa7e2dd47ae3452c62eb83e6cb31f2df2141274d5fd969b5242cefed31fbdfb1b7ee559648965b56b55497b71fc2a4af80b6fb53ce4bf0da3efa880772c83b089673d83c1a499e4848ec4fece6a3b990ae26430d86e2329ce6ef200878d7bfbafa309d
+** GENERATE (SECOND CALL):
+	V = 9ba5e507fd9853fd32a59c2ed3f7115d95b08c663b57f9e7e562a07e1c36f8fc2ecf0606f292c2347bb7fc5119ca0332f9ec2e6a94d75a
+	C = 10bb216c39f198a6ea31087f721c6d0c00db396db217b85bcd15b5b65fa209a14912527aed945566e327a8aa811c41f9894514b3066acb
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 83d923f6717b9186953e1d1e861869cbef45b4674ad1295aea0add24031d0282
+Nonce = 3ec3ac2a6cb867a0cd37314fb06edb51
+PersonalizationString = ef5a050a4be7a6800e6c583373ed439667f60d13ad0cb05eedc30152e61999cf
+** INSTANTIATE:
+	V = b050e48b324afff647133c4db9cc5ac80a917538e68a95355e332e3c0e2b0e2757d2ce9434bd05739f5824b0c7008dd18370bd96320106
+	C = a4a8ab336e1b2a9f2ecba736bec26485b6ddfc8d544a0cf6ba7c2ab502140783e448d4667ccd8122193c701fceeeff9eec082749d9598c
+	reseed counter = 1
+EntropyInputReseed = 961f97bc5a716b5442e74bb66c39324881b25ce2bdd1be2fd8b8c2ff4bf5a959
+AdditionalInputReseed = 37d559ec48e0c9e686ae799f9de0725f205a2801d2bcc8837f38924968eba917
+** RESEED:
+	V = 34e115ac1613c0ccb44f2b0e1ace802376abe28c7a1bfe0b955fdddfdbe5b863c0e41cd36b5b202810ffe0c05f51013382c06b33d24177
+	C = b7af77d8c9026ad536374ae69db7482e186ce7b5b217a4d3d40961377a6a5c9231a9886408c49321f4e614b130418e7cbd7929183bf884
+	reseed counter = 1
+AdditionalInput = 01c6e83ee8b11096cac754a8ad3bf944dc447c2e9b93292fd192bd8bc7afd362
+** GENERATE (FIRST CALL):
+	V = ec908d84df162ba1ea8675f4b885c8518f18ca422c33a3d69f85eb986d6125d432d634a69d46100a75868f2f70026bd8a2b9a98f3763ad
+	C = b7af77d8c9026ad536374ae69db7482e186ce7b5b217a4d3d40961377a6a5c9231a9886408c49321f4e614b130418e7cbd7929183bf884
+	reseed counter = 2
+AdditionalInput = 909d590361c8db2f29f7993eb9743ff3b0c66950ffef34301eac8a105e89dcf0
+ReturnedBits = 6855e7d670d50d40f1f789f2cee1fdb6879b4401788b54c6ac11e776ad5a07725c3bea17f19b2241322fc2dc23327e5229d3e25cce3c2c52abcdc5f2739596bfe609980c559b239a3c8f0f86770078ff45b3c7cc9264bc1a64e4e668c932ec3a473f8d5ce86a19c0a99009fd4695d392ab5c0c5752621342bbbff00c6e4eb473
+** GENERATE (SECOND CALL):
+	V = a440055da818967720bdc0db563d107fa785b1f7de4b49a7d5aa61843dc0c5dd9e1c9b33c06878c0dfb67a1e96ec66d054829b11a8fe90
+	C = b7af77d8c9026ad536374ae69db7482e186ce7b5b217a4d3d40961377a6a5c9231a9886408c49321f4e614b130418e7cbd7929183bf884
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 353ca81e1da9096a6ffd8728601e475483986ab1a0e8263db54d3dd68350c54d
+Nonce = d6c4a10f217fccb997c30e8c818e353f
+PersonalizationString = 96a8c724f6631d9946ab2ede8abcd1dd7f4cb466472d6baf6c2d538129d4bbbe
+** INSTANTIATE:
+	V = 1ae8d51e310ec7116b54c56f4d3c7cd625d92af6347f405593d8f0f3c2ed3ec47c14ab4903d973934bd50030c5c318e9e0d07fe97cad43
+	C = 21d727ffc74c828d2dc82f659493a009010d920e234cac8a797659b73a5027ac9b888ca563fd1b66377f6498f8cfb3a29d619c45f3c78e
+	reseed counter = 1
+EntropyInputReseed = ee8315a876cbfa0eb80a88dc00e3ccf2e130db337996c3486b78a0a2ab391e9b
+AdditionalInputReseed = 03fcd7e774878a3958dab29aad5dc82ec302228b5e6389f70d363b9b1a5c1dd6
+** RESEED:
+	V = 80ce4bed241811e22275415212cead025894d96cc4815370cc3b820251a9d14a21d26dd1a403b067310f4c036e4412650cc9e8b636766c
+	C = 04ad438890ed558b89e744dfd4a4a3d8cbb0f0fb69cbaaa384c839f3abe2f38ab18aa8f6ef8fa890553e70274078cc63a4914c0f72acf9
+	reseed counter = 1
+AdditionalInput = a6468d3e2537a8ed4a17c340df4b2d1a026549804aa364fad342f9c47af5d448
+** GENERATE (FIRST CALL):
+	V = 857b8f75b505676dac5c8631e77350db2445ca682e4cff734bdbc4c9a1fd561f658923c1fb16a89327e7221da502524ddd95fedb486973
+	C = 04ad438890ed558b89e744dfd4a4a3d8cbb0f0fb69cbaaa384c839f3abe2f38ab18aa8f6ef8fa890553e70274078cc63a4914c0f72acf9
+	reseed counter = 2
+AdditionalInput = 2b004888b9454bc8ef0a985e5a25891b4195ebaeca9debc655db5b9042b29c0e
+ReturnedBits = 051454e174deeec6266e1dfe0b20ae2e18c69a202722cdc7d939c031dea7eb1894905f69440c949d97cb139267a41d7ead35c285e16000ad515e202798a24588f905b646be8aac16196e1af90f4807e4c8b538c40115000d09e7c03134813741a349091a4790b995532b115088f4692c889b644100fcf7996aad7e5be37bc3d4
+** GENERATE (SECOND CALL):
+	V = 8a28d2fe45f2bcf93643cb11bc17f4b3eff6bb639818aa7c41750838a64da1a3a1f47abbfb203c64495d1408f06b64939d72b0f168638b
+	C = 04ad438890ed558b89e744dfd4a4a3d8cbb0f0fb69cbaaa384c839f3abe2f38ab18aa8f6ef8fa890553e70274078cc63a4914c0f72acf9
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 59d6c69bf6919c5ee744c491c787ce0eb09514dd4d1c2e3849afe5967a337547
+Nonce = bc3c23b8b2eddf743ecdf199fd6dffea
+PersonalizationString = 952aec1e9b73fd65c9549d07554ee5c46326e3df8f7bff4cf8e026785945a7d7
+** INSTANTIATE:
+	V = 3eb9976347c77d8baaef714df179da095262ba562c8c470dcbf152cc73d2887990aa399b314f83d7a230ef9bda375c941d7eb45f530bd2
+	C = 6e255f3ea1d0bc94d1d92b68f3f2dba22905426afed0cf1586e940aab63f4839c29796a9c80091da3dab16c54ec3dfdd524b2b7eb23065
+	reseed counter = 1
+EntropyInputReseed = 92da843962e1dd6b36ca9693090cb8cf40d65b01715591b8c8a0decca2a221b5
+AdditionalInputReseed = 2535c4c93016a94a0ef42beff98a00275ae5ed1ddcdf114b10b143ff7e58f05f
+** RESEED:
+	V = a0a9f19450b92c4df1ed7adb6376a17237f370709c50c32221f172eadd52f6b10f857566dd12a2976b2cf247466d16c9a15ab8b0290023
+	C = b59dbee0dc3570e4c76942c327bd45e3ff329b4f3f8f77c49d0110970c439f74915ee3332d43899d5ea1d6d5c9dace274809abb2ef4a97
+	reseed counter = 1
+AdditionalInput = 9063e26b99aa6bc4f14d8db7fe3d84243abb67c1582898d93f5be056692a5fbe
+** GENERATE (FIRST CALL):
+	V = 5647b0752cee9d32b956bd9e8b33e75637260bbfdbe03b8f6d9aae3824bece9af4571dc5c8143beb8671797ee88beb092465e646f2e5cd
+	C = b59dbee0dc3570e4c76942c327bd45e3ff329b4f3f8f77c49d0110970c439f74915ee3332d43899d5ea1d6d5c9dace274809abb2ef4a97
+	reseed counter = 2
+AdditionalInput = 1d8e8ca8b63dce062fbd9a7dc7da71e5be3ac4628fffe6bf121e71658ac64baa
+ReturnedBits = 7696c50e8d2f62e3ede8ca58fc300b40dd0074ccc9cc8621e733d04ffb6a090decf6075c0b390ab76b378bf68b2c94c77d7e73d5b33000a0f36b794e0ae75292ad8f50b02918b4fc7518916cebe14030b73338326e18932e3d08215bd2ee1a04c16441a65c19ff127dac665dd980f1b8fdb843dda7e323d21a01c823575e9593
+** GENERATE (SECOND CALL):
+	V = 0be56f5609240e1780c00061b2f12d3a3658a70f1b6fb446eff13b70d44d42ccb035a30dc726c4afb7ce28c8e0fc2f708ab5290277d481
+	C = b59dbee0dc3570e4c76942c327bd45e3ff329b4f3f8f77c49d0110970c439f74915ee3332d43899d5ea1d6d5c9dace274809abb2ef4a97
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 89bd8a0af96b13210f1abb39faedd43f69d9c38c14e430a9f77bdd90bd26010b
+Nonce = 3763b14f5e8f5fa8a6fe1c2dfce44194
+PersonalizationString = c4415ba2e7026aa9a02b834b63ed71ec080ee3c9ba68c5971d63976a321c2b83
+** INSTANTIATE:
+	V = ee9003c1183d32b480d80cd76b81717a8fc487fd71125e8e7b2c1775d67b0730c6d7fb0e484823130080faac6fa8ab047d235906917987
+	C = 3c7980e770a343bef5c4432c272a0a3fb00207033618c88eee0d0d2e94a4563e9d3f365d7846a759969fa58856d23186838b68714f56aa
+	reseed counter = 1
+EntropyInputReseed = 6be75653b095828687d8bb1e63aa89301d05f1443fc417b75f455e5ab5a2e461
+AdditionalInputReseed = 1520684249f2a2154f510e715b8376135f9a9ae6b747923f5e287921678ece9a
+** RESEED:
+	V = 9f6bc5ed6489f1ff035d9f4ebe2e147e9de0af0ff15810e9bdbcab74550fc4a0487f18fdcb09239de1623aeb9828fbab0593b3fade0682
+	C = 974fd47b0207ad6b816616737b76be2bd867344fe1e5a66c1ae1411df5a81028eb9cf21e6dd3bf2c290f08b1990d79102c934210eebe56
+	reseed counter = 1
+AdditionalInput = 927a30af04915dc00a3e9f29a1c5045427999a33300dcaec8475908c058cfc3e
+** GENERATE (FIRST CALL):
+	V = 36bb9a6866919f6a84c3b5c239a4d2aa7647e35fd33db7f45a1e6988f1210fa2fd7d6ce895419b44661c041ec2b91bacaf6a12c6b3a5dd
+	C = 974fd47b0207ad6b816616737b76be2bd867344fe1e5a66c1ae1411df5a81028eb9cf21e6dd3bf2c290f08b1990d79102c934210eebe56
+	reseed counter = 2
+AdditionalInput = 1b3b214c5b6d60d8b7004bcc7958b7f170bf0f643a2d36305e22a3a3c803bfde
+ReturnedBits = 5d7a8960ad7399b60965c13e7a63c74a5b4547be0d99bdfb14af45719128a80c408aa2be3a7f4ae356bca6b255b71d16c3519d25a923f8f6c1447dbfcdd972a6b42373bc2349075a84c010846ed8342d48b18bcbbb88d27289c5e24d44b8523d046158ac72cb786d09d0de9251820575b5f870fa2ed2bb4b958dc5c844c513bf
+** GENERATE (SECOND CALL):
+	V = ce0b6ee368994cd60629cc35b51b90d64eaf17afb5235f2acab0c805e5e465ed4fe9ea48e70dfe83ac6d00872eeefa327bdd8cfc67372b
+	C = 974fd47b0207ad6b816616737b76be2bd867344fe1e5a66c1ae1411df5a81028eb9cf21e6dd3bf2c290f08b1990d79102c934210eebe56
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 1390987ddd62538ec3e430897f67a716fcd4c3d5946c1cdf5d82d5727868e0bf
+Nonce = 5d30f2fc816f322e85bdee70321b8497
+PersonalizationString = 224bdb222e402d1f024df1cb8b56fbe2eda9d3645d63618ad52225c7432f76f6
+** INSTANTIATE:
+	V = 43b07c530d4a7eccce617a679a2183ce2f38bb6e01d18adaa2f1ceca719734d32c4e45bdfe707719e21a2a3cf310ee1f788bc6e3cfa4c2
+	C = 3c634b4eb1062bd748aef86e98de97f8fc138fb5ab920e97bbec2e1d2422c043be698bc10e7666b9289a49765e3119edbcae399ac5460d
+	reseed counter = 1
+EntropyInputReseed = 62ecb17bf06662045100d6f34b94418d28edf3a18fd919dc23f1cb9623c0a2c7
+AdditionalInputReseed = 994a82fbecfde67e143d7a7ae3650c126b1bac16c69b57855ea9755c4f8bffb2
+** RESEED:
+	V = fa306695c991e3fd5e03cbe15e301654c054b7e09fabf435f6e0ad8366b7c0575cb8ac720159e237c6507afd4a61abc54c3be4cf4a46c2
+	C = 461957e4d92234802807f2b710f25312c27f6647108dd4117c846e06490b0c295a4d5e67ad768028e3df7888441406a236b2ff1a0b9d8d
+	reseed counter = 1
+AdditionalInput = 783bddadcab6ec40c071372b344ae6a8c0070caa9d67df2292032d809e9cb560
+** GENERATE (FIRST CALL):
+	V = 4049be7aa2b4187d860bbe986f22696782d41e27b039c8bfa8f25a738ef596fb1b332bbca703d0a295d632620915244d149947833b3f25
+	C = 461957e4d92234802807f2b710f25312c27f6647108dd4117c846e06490b0c295a4d5e67ad768028e3df7888441406a236b2ff1a0b9d8d
+	reseed counter = 2
+AdditionalInput = 8ecb047eda8cd09842f2d3f031a79c2746c00b93edffaad7bde41be1feefd551
+ReturnedBits = 4dac95cf35d14ae5d0ccc46fc6f7c0af5dc009a840c5f886fb9b8406f4a1bbbc1f8a652e2b1ce1960449bae0898ef503611e6504482420ec3f5a62292b79d28bb8e0949d2b214cd51d4568e1d2c89ce7500478b7d37a9d1022cb78a6ef2a95ed588e5474f02fa7bbe9e619f0be60a902221aac427908387d605d85498c069ffd
+** GENERATE (SECOND CALL):
+	V = 8663165f7bd64cfdae13b14f8014bc7a4553846ec0c79e2dc83d417868d126eff323e8dda517da44e90b371e7a4530c064a1792614011a
+	C = 461957e4d92234802807f2b710f25312c27f6647108dd4117c846e06490b0c295a4d5e67ad768028e3df7888441406a236b2ff1a0b9d8d
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 4af34574c878d331f07e1d9b33c0ab64f8e7e2c4af6db9ad8ab6d80c9acc6f16
+Nonce = 67165bb5b1aa3e7814f9d5ac2027d04d
+PersonalizationString = 39d67ab9854a3594575c86038eed80af298b9111de343d9e6bf2dc4b62887fcc
+** INSTANTIATE:
+	V = bdb31d2e37ec3a1caff294ac57db3662d86f1ff72c50c30ccadbcb83848d7f41ab9a0a4d133fe77f1a92f923baac385f856bd357d664ca
+	C = 58b2a711d410bebbe46fdcb226b3f77f333df927acc01b7119b4f59571a80db952e00051caef53b9fec25d842b89fd0cb363b636386196
+	reseed counter = 1
+EntropyInputReseed = 3e3eade8f9fd6101b38e9fea97157fe3a2e6c9baa9c096e31ea93f05623e38eb
+AdditionalInputReseed = 6638c03d015b120a5274db3e1611bd67a8858baced899b6c4f74aac976ab21d1
+** RESEED:
+	V = a03029f748665fcbfa697594c1358da36055336eaaaf19e019d75a01d271e59eb0209778f28bd9b2525b0997ba0602ad1b87726640b6e0
+	C = 93798400089bd68216bed6c309443d050cdfc2380a32f4515db0828259250ea7673a5819e5e5fcc0be3400cd99d55ae952871fe05a8492
+	reseed counter = 1
+AdditionalInput = 208fc73960ff4a55e37bda3b46f8258830c470acff89e300ef24c9385e763cab
+** GENERATE (FIRST CALL):
+	V = 33a9adf75102364e11284c57ca79caa86d34f5a6b4e20f308218c108d07ee5db8eabd568cbbb3a8944f196c4db8545b798762fbe1274e4
+	C = 93798400089bd68216bed6c309443d050cdfc2380a32f4515db0828259250ea7673a5819e5e5fcc0be3400cd99d55ae952871fe05a8492
+	reseed counter = 2
+AdditionalInput = 2d2dc10adeeb06e69440d62f4ad6df7e02fa17119eadc3aea8aa0e2e5f9273bd
+ReturnedBits = 1fb173440edc656d1d3fe84398103a10ee3a04d6fa4a608d7e915303c925f11560a51e614f5c62c4c1c87d2bd1742ab318ed2a565b1bcc7cddfaef5cf8ec173882dc1a311b8e2e772c50c0268f04714f0620f36d0fa1cf1237b6f07df934224454ee0a7fbe1d98d6b670e2416e4c2ea720195ed49c1e1f27e0e99572fe51be33
+** GENERATE (SECOND CALL):
+	V = c72331f7599e0cd027e7231ad3be07ad7a14b7debf1504653301f3e72e1b7957121947d2b0aa7b500cd977bfcf5f292c28baa6a1d93804
+	C = 93798400089bd68216bed6c309443d050cdfc2380a32f4515db0828259250ea7673a5819e5e5fcc0be3400cd99d55ae952871fe05a8492
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = fc78215e3e873e9b573ade478b9c4f6dea547e8f9aeaaad21cb5b8fbf50832b3
+Nonce = 931c4a74d7a6b70a8c3ecf2cbb88ef46
+PersonalizationString = 91f3dee0d8e6275eca85f4ba75b618bce96144e3c27896e1e985e5041a399b0e
+** INSTANTIATE:
+	V = 471a10e3b5485e55d345f6d8abc783336ca4bc3cff5faa2d98e7f7f9ed6b21050701afe4e359b9ceab9ab85b3bad85b8af4cbea404330c
+	C = 93e3db3941fb771e23d98d2a3922260188339da8674763e57222c48144a083b3b90b4c11ee0813f69641b89498d146562d63d65c7bb36e
+	reseed counter = 1
+EntropyInputReseed = a9668ede5eb76074b9687fa08d815c99ab2ad99de6eaa4039b6a63827f5e4619
+AdditionalInputReseed = c02d58b50c710332c6d05f28f24786b6543aa35e93b36c823d012274d8aaa327
+** RESEED:
+	V = 1213aa8e1873d611c0612466ffa3e8eac0526e98357eabe7e4f0426d3cb71301cf4ace9068c80dd4a6c06521b2683fe4c9e52755a0bac3
+	C = ce0c054598a0c7f5613959e3b997de4bea558cb21ac7685f204b2a3efac66969bcaeb391bda371786baff7d89cf12d652800773a9d3f20
+	reseed counter = 1
+AdditionalInput = 2df8707d3e3f41a905a89c1c6b9552af2d148f50b3ae7d2d174f1c7fceca134d
+** GENERATE (FIRST CALL):
+	V = e01fafd3b1149e07219a7e4ab93bc736aaa7fb4a50461623787ca057baf0827473a0a9e35d165a3991cf93d929a33435c74cf697647b45
+	C = ce0c054598a0c7f5613959e3b997de4bea558cb21ac7685f204b2a3efac66969bcaeb391bda371786baff7d89cf12d652800773a9d3f20
+	reseed counter = 2
+AdditionalInput = 24b4957207876625494ce8930b43c63985d7af6a1ad2b9427a3ab23cfbc27f81
+ReturnedBits = 4fe286abf0c0fb2fdbf64e02d3190b981e46edc5c47fae9cc4cb34700b4d4070b1829450a4f7204d7c874ee4f9ab8dc9f3102b84e855f8bc7ce2c7ae38a396eaf8db1a1a13abc3841884c7df0cdcb70942efc9537c336aba84383f4d2156801aa4fd8b69995b18dbde8ea9838775356e2fe353ecf9fad8874a33d6ef7f567992
+** GENERATE (SECOND CALL):
+	V = ae2bb51949b565fc82d3d82e72d3a58294fd87fc6b0d7fe1788e21c7076c930485428b27df80009ced4ef0f188237a3e7359c05a51f738
+	C = ce0c054598a0c7f5613959e3b997de4bea558cb21ac7685f204b2a3efac66969bcaeb391bda371786baff7d89cf12d652800773a9d3f20
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e1b15d0077ad8a2ec943c70d75426ed8e030dafb1865b1ee17dad77cc91fcc06
+Nonce = 06811c893cddfcdbde74ce4548f9593e
+PersonalizationString = 0d156b2071392a9e9735e47d2160915264678e81e55fd1938be271a771821c11
+** INSTANTIATE:
+	V = b294bb729c0d63715eca7184c3fa04e320e971e28b5144a3c5e8aecc91f3b3dad99d5b4971d4bebff18cb9e17626a972c20c698b954bb1
+	C = 876ca340f6b04d98e3b63b398d05136aebe0a62603c9b94040572461048f2f87f989cfe970f0950703dfdf81667d334e8d9cca8c9ebcc3
+	reseed counter = 1
+EntropyInputReseed = e24e62f1ea663b61c422aaeda99502696c12c925b63b9b1da2a7ec5428946284
+AdditionalInputReseed = d308ee87714d6c70afcfc16e956f369ba124bfc09b85c87509227a895f334d7a
+** RESEED:
+	V = 735ea8515b58b2a60b18d3dea838fd2c3ecb403abc46c30c7f80c5d8dafd1668379cd12be9053f3e528061329c7e1cb066ed7053dcecbf
+	C = c2fb7fbef44e07bcf867428e8900132a8aae42072e6b8f1d129ecb1f63e68ea72f70d06e68d1ba3cfff746b278ce9f877cc8da82e6a07c
+	reseed counter = 1
+AdditionalInput = 52449c51bec014f10b359e28b2d891a41b097e8d1b5b6152cb0af9f29bfc7817
+** GENERATE (FIRST CALL):
+	V = 365a28104fa6ba630380166d31391056c9798241eab252f60c9c425f90da995d7109b7c61f63c4d045167c9212c1fc2c0207680e786222
+	C = c2fb7fbef44e07bcf867428e8900132a8aae42072e6b8f1d129ecb1f63e68ea72f70d06e68d1ba3cfff746b278ce9f877cc8da82e6a07c
+	reseed counter = 2
+AdditionalInput = 9ba0bd3e3f814cc7a249a752d16df4b44026f11a63ec34b06f7c1a56d4ecef32
+ReturnedBits = 2f4709aa9ee1d9dae6513bf362739fd6df0c32ce54cff46afb1a5f7526780e2a6fc6e499c2dfd16cfc8d49308a0e5d0ccbc8f2857441b225109057ba5cc0724f8fab0f58bf0a937688fa65e99f50a873caf74beab77da6f564181d2d4cabcdbdbe682e912e3dff69ada598cd2de4635aab1b1f2296b193db17ce313cceab8a5f
+** GENERATE (SECOND CALL):
+	V = f955a7cf43f4c21ffbe758fbba3923815427c449191de347bcd634c7e43bed9be1d9fb8407e69cc41bd9fc3b067437b9a985113ee17c2f
+	C = c2fb7fbef44e07bcf867428e8900132a8aae42072e6b8f1d129ecb1f63e68ea72f70d06e68d1ba3cfff746b278ce9f877cc8da82e6a07c
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 2241fe35c8801373b1ae5e092ac95a62ba42757b1ffd739ffb643031d180e19b
+Nonce = 555d9b99b2e611a72a8f487b72a4b56e
+PersonalizationString = 35794a5b27d612a4939c47dac8a4e9d303bdd28a12a8a7010cb1e59746f99677
+** INSTANTIATE:
+	V = 718dd3802eb877812696c22b2a412dee69ba42d9864b30c954f8f586bf570e08f1214b17dbf9cb5c06767d162b65bc00f0ff084b27ecb0
+	C = 991204d4d4759ac16a3c464231b76c37e642419198c68148a54fea9cd6e661ed7beacabb396dbede17e70048f5590ee451ec7449df3ae5
+	reseed counter = 1
+EntropyInputReseed = ff0257e449ca5d04dc27a86cf6a7738f61185ee84f3660a7a92eaede140eb282
+AdditionalInputReseed = eacf98e4e37a4b76879fc797ddd46afd3026d016c43536eeb337524c779cd3f6
+** RESEED:
+	V = fa3ddc385527e7ca3febb4b4d5761a08a75488ad44ed282c5f1e96c234e308819223027fb051c2d2de31b4f329b119612f9113b3f2e0a7
+	C = 4ed667a5bbe6e88ca25f91a065db79d806bd105a69edc7d0031db603e4cc88ed196c0a193172c0d7b853379e9d9a0cdaf27a6e392fe086
+	reseed counter = 1
+AdditionalInput = 3957d3350371c9f898a8d4d004c3e6baf8bb71812a49865ff82acf220f3ab935
+** GENERATE (FIRST CALL):
+	V = 491443de110ed056e24b46553b5193e0ae119907aedaf11b15bfcd1e4289372471403d50cac5b9c4d19f28a33e76fd0e0ef8f4042cbba8
+	C = 4ed667a5bbe6e88ca25f91a065db79d806bd105a69edc7d0031db603e4cc88ed196c0a193172c0d7b853379e9d9a0cdaf27a6e392fe086
+	reseed counter = 2
+AdditionalInput = 0a22783955947ed2388fe077fc23c93b4ce8a12caf7079f99c93e257a2a4ea03
+ReturnedBits = 3bdbe1afd776c637648879f334497feb5ad057157ebb6cf20febe2a0f91f60b99d8ff8f6879bfae5db03d4dd76a4d6ce3d02d8a6f36227dac80539f890dff10b630fa940d80ea8ccacfeb8cdcdc1838c91a89a57f2ffe065449cc82ce9c79bbc94712b9ab870305d74a0b16204d066abf60da14fffa9665f8ac5e40b255f6d65
+** GENERATE (SECOND CALL):
+	V = 97eaab83ccf5b8e384aad7f5a12d0db8b4cea96218c8b9d0cd5c6eef8cbca5db50aa8f5d672734de9e987aa0fb288347b4aa366a3ffd91
+	C = 4ed667a5bbe6e88ca25f91a065db79d806bd105a69edc7d0031db603e4cc88ed196c0a193172c0d7b853379e9d9a0cdaf27a6e392fe086
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 8fa32a9db549ec18326348c6adaf0dec93bda83b0a6ba43f146248b7aeab2a09
+Nonce = 2bd4beb69697ea9237652268d8e58442
+PersonalizationString = be95326377de3f4a5e8cd1b28a83331f4a9e0b136433d96ab4f0d175f7e883c7
+** INSTANTIATE:
+	V = 27f20d571180b5540ffb7a3f44b15ac840add92ef1a5899978426b6632faf0917a244facf7b095e752f23e973533fe8aea557892dee8ac
+	C = 9756d9da4b8f21e6350969937afffdedff6724da4ba9213833f4be4f40b93f8497e92a7303e689afb3ecd64746fbf039693cbbf996a4c8
+	reseed counter = 1
+EntropyInputReseed = 891e4aca8c3656e2535eba10c03fdaa8cfafdccbc408f2fe601b5f7aa2a47328
+AdditionalInputReseed = a9808b32873fd6b07d513719821121824e99d2b2512c49b7805df3686339e8e5
+** RESEED:
+	V = 1d9f4d2174f4224e88d1ad16a0912028c50d05b5e8e86ccc6857ace7d7de27b1d4e2b594fef3dd4717c30d2519f5a5c75639c798d5d81b
+	C = bebc8c521aaac35d72b3d9d41f5c0dc90d5a32e7221aaab619ffef22828f91c3890f46d710d8d54823b04278c8f85507307c7b34bbe491
+	reseed counter = 1
+AdditionalInput = 1a8a3e87f690b8ee46e229334e3fef7079646ea8e4e26c5372e7e747f7c9993f
+** GENERATE (FIRST CALL):
+	V = dc5bd9738f9ee5abfb8586eabfed2df1d267389d0b03182170a08a61a6a4cf4d3750730c14483131410c9617128b73c7fa06d68e936b3d
+	C = bebc8c521aaac35d72b3d9d41f5c0dc90d5a32e7221aaab619ffef22828f91c3890f46d710d8d54823b04278c8f85507307c7b34bbe491
+	reseed counter = 2
+AdditionalInput = 5c02214bc629611a8ea5eab5e54e7ceb1b07aa4967400df3b0a572fae1d34258
+ReturnedBits = 085d544210d76fa6b6348dbbd4475d46428d9ab4e8f1fdd264a68895d625a7f3341b186124896a91b6d668454cd7be943c7c3a8d74097465cabb4abbaefde37bb07c51b5a5d0e52921a09c155d682f4592dbdd9a7e4d74c119e2e3e5c90ac5a86471f7ed49fc6242e6cd74b0ff995319d523380b7500671b1b2dbbcbb3db6fce
+** GENERATE (SECOND CALL):
+	V = 9b1865c5aa49a9096e3960bedf493bbadfc16b842d1dc3dfe9eed0eef6bb061ac4f2053657b6c978a5e9d783f7f864a31dfa832c545801
+	C = bebc8c521aaac35d72b3d9d41f5c0dc90d5a32e7221aaab619ffef22828f91c3890f46d710d8d54823b04278c8f85507307c7b34bbe491
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = a38b08f7912b07221ee08fb2f185b5a85aea486da67d9e3625521c490043c75a
+Nonce = e7eef6fd04112925b7df7340f073e477
+PersonalizationString = 
+** INSTANTIATE:
+	V = 123abe9d8dc99983d3207dbf162363278cdc5d05452568a1599aa514bf9c3dc4811f21f0873bd245813c6cdf68b88f702a8dc99c11a78e
+	C = b0078e9f80014da7cbb77af429746bbf877d32d6fa5179fe92e209bb391c8e9036115b7c5fa3ccd085294b0686ea7584c5f154d1ab0d3b
+	reseed counter = 1
+EntropyInputReseed = 8c6109e09d49ed642991fcb939ed0e94311b9a742f630eb4a8f3d8483614c147
+AdditionalInputReseed = 
+** RESEED:
+	V = 05cf6dc8e24dec46d9863987a845d8d3140525623b4ffaafe1b9413eb6fe44d0db8a5f878254297bac1b12e37a2ad4765ff4bbb478c484
+	C = ae0b1436a714925676e9cb7c860aa8b3b1524d07a67535708e7f1c21f8f50ab81ab85fb42dc85b459aa4891aee0aca494f7f34a5b3c301
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b3da81ff89627e9d507005042e508186c5577269e1c530d9ecd6cdc63d2cb7d0d81f4d3e0a9bf82166dac5691857ad054795aee94fbe80
+	C = ae0b1436a714925676e9cb7c860aa8b3b1524d07a67535708e7f1c21f8f50ab81ab85fb42dc85b459aa4891aee0aca494f7f34a5b3c301
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 66758be9fe3efec7a9c957121469b4797bae5bcc3b6e19e542a968f368f662811a13cb67dcfe7cdb03d7175096187a26642e84c2ee33809b9e36361beef125bc901bf6a91c8dc256f255522ef4d034e4b63b75515735600aef7ee3aaf3f7a8b1e8cd029a299c809f509b6a1bb5177e7e22122efa48e617282fb25b8c2549f25f
+** GENERATE (SECOND CALL):
+	V = 61e59636307710f3c759d080b45b2a3a76a9bf71883a66f78d36d9bc5b8a60e3e517d78bcdbe61e3a83cbf1258fc348c9d99796a3a769d
+	C = ae0b1436a714925676e9cb7c860aa8b3b1524d07a67535708e7f1c21f8f50ab81ab85fb42dc85b459aa4891aee0aca494f7f34a5b3c301
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 929658dda75e8f8ba796645063f1cc178a6ee849032d9902ec090da9a280a8f4
+Nonce = 536591342fd26757dafb1cbeed768c0a
+PersonalizationString = 
+** INSTANTIATE:
+	V = ea8b70bd7a6db8692d85aafb69ae3795673d425c146088fbaa39b1811b113dd49682c0e79129b9ae54703cede182175b0660652af64431
+	C = 54146dfce960b2017441034673b03718a0fb6aad846e1175842dbf85595689d7203dc60706d8b940291ddce2bb82df799f2eb568e7fd83
+	reseed counter = 1
+EntropyInputReseed = e2093afee171cb35f0d04d898ed774c8a450f631a0285bff3c7c3a6cc42de2b6
+AdditionalInputReseed = 
+** RESEED:
+	V = ef3dde1c2b574ccb343796c09806b05d45ac1a4ceef07aa14c9fd3c7cef553a7e8b5403736e586bf4875633649199769db27ea3eabab22
+	C = 71a3d494f39576e6d3d23275f7036da110f174b6feb5e8495184ddea2e36fd4b67a4d6cf575dd07aa7eb8ae82995a9bd982ed176561827
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 60e1b2b11eecc3b20809c9368f0a1dfe569d8f03eda6639fd5e2497841739e43b54d598d098a7a290a94fe525d729f4dd6bbdea7fa058c
+	C = 71a3d494f39576e6d3d23275f7036da110f174b6feb5e8495184ddea2e36fd4b67a4d6cf575dd07aa7eb8ae82995a9bd982ed176561827
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 584c0fd6f2ea06f3fd3c28a98b631f92514878ae530bf61658981d5cbb9b50824110a27f8c3035187866cb886697f2da0608252a6dd6a8e8089bdee09aab927b001e83f045409b187610123f9aa36692c231e7431565fd67635e7c45dd2fafe183e12a4146ff8c3f86baf143856ae6d8d053bb3f47bd2a92b018df31fec0ac76
+** GENERATE (SECOND CALL):
+	V = d285874612823a98dbdbfbac860d8b9f678f03baec5c4c6b483f6b9b7097d158696a6e5f59a02e18067fd2a2a7379bc87ae5d790f4dafc
+	C = 71a3d494f39576e6d3d23275f7036da110f174b6feb5e8495184ddea2e36fd4b67a4d6cf575dd07aa7eb8ae82995a9bd982ed176561827
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 2b4edc3cd3397f16e8f5deedf587412b50fa321643192cadddc68b89ce84497e
+Nonce = f42747084740a2dbd690e15a3dd4706e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 903e26d153e631ce78cb4517adb7bf3327a52fdf5cecedcc2d14851937e101e9a57d847e05507806ff2815a36fb90066b03088daa8ea55
+	C = a0c3a71b4189e5e2b2411a850f622b5cc5e1a58123c46fe9e5f9292e23d07191f17c8aed4ceeef685c388917ce298c9b092ca89ed8ff24
+	reseed counter = 1
+EntropyInputReseed = 85c69c831ac2c38756f29f3e01db209a7c3e316b380eae378725963abe97177a
+AdditionalInputReseed = 
+** RESEED:
+	V = 593f1da86e0350b19f25535f2fbb7b1b797544cce6237925d347c6b55362105879e519b1ea371fd5524fc7a2e9a025d39df7a9bb82a8bf
+	C = d1b89409f41f03fa27f3286ad15d4432245ddf8ae97cdd02579b3852c158633bcfa746e9f2661fe1256f540a6b6f0783cfdffb0c0153d8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2af7b1b2622254abc7187bca0118bf4d9dd32457cfa056893de9f546609f788038c207be00ba7081ce126df8e7e11fc0569681a1fea731
+	C = d1b89409f41f03fa27f3286ad15d4432245ddf8ae97cdd02579b3852c158633bcfa746e9f2661fe1256f540a6b6f0783cfdffb0c0153d8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 673feacf82c02d45fc11e1bb7529bb598cd792907574ab90e3fee7fac826d1dc67e02da048fba68f9efd1b6e5cab7da8aecbfd9e1c3bceb297ec97cc9ae84c7b727a44c27bf3118de96f20ec863759aa79edb4fa2e2456a7242c66d431b35aae61a2635dd53879bb0d37904dc56f1b4c11ce2e1a2263195f381522cb700a4d64
+** GENERATE (SECOND CALL):
+	V = fcb045bc564158a5ef0ba434d276037fc23103e2b91d33964b4f004410118c1c2e41c94d8d5c1b9b44b54fd25194862554a7e07d6cd892
+	C = d1b89409f41f03fa27f3286ad15d4432245ddf8ae97cdd02579b3852c158633bcfa746e9f2661fe1256f540a6b6f0783cfdffb0c0153d8
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = f7a3813f7e40ff0cc1d8a1f10275c9aff1f29177c5cb1acf28368fba35c44ee8
+Nonce = 22dc96f253722129eae2e4c5e5b7d148
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7352141e176429e7bd9f5bc63ad7042d629ca20d43927c5746624e2f69c4a30b0ddd00a0ef1a3a03365eb1347a7fa59b043439d1e8d2bb
+	C = 1438b66544106a678514a14c08b4a2f11c4a5d359f8095e063a50d2e5cb0fa919a6d03b7bb4064b5d19774a2cd8527f34435d62059e04c
+	reseed counter = 1
+EntropyInputReseed = bec8d1b2841cd9dfc4bee2079a79485c545973ca9b0ed0f4cd232fe9ab4d849e
+AdditionalInputReseed = 
+** RESEED:
+	V = 227d92f8df04474a083e44992baa8f78f015c96e0c77ebfb014fbcef6d58a97b1726132723ecb9684757f5919204069f464b76918155ef
+	C = 225f87c9ef462bb3da051f536c1c3773749ab4308fe9f76279685a0802237c92a569f87704466a2b800747f2e53d653d7cd2735e95887b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 44dd1ac2ce4a72fde24363ec97c6c6ec64b07d9e9c61e45d4492925f1e4eedf482d4324661b169e1ccc0ad57a9bc21f73d826c32dd2c9d
+	C = 225f87c9ef462bb3da051f536c1c3773749ab4308fe9f76279685a0802237c92a569f87704466a2b800747f2e53d653d7cd2735e95887b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0ba0649caad783b23c173a6bc7bdf43700242b074a8cf8fec68051ff6c8dd164866ba8e8abae318aa1ebd02268d3e2151d782d5a2d9bdade29037efe9f6a54f61cbaf3fbb3c22e318d4162c9266069525c4b5d2351308ea14fa8e66ae8265a05bb24c70b13adbcbad1fcd0d24a1d67e695e21420059e5435142c4e894562f9f2
+** GENERATE (SECOND CALL):
+	V = 673ca28cbd909eb1bc48834003e2fe5fd94b31cf2c4bdc7f0043efb3e83d2309971a01f0b0a069a23d42c22137c08ba2b65bdfe345ca08
+	C = 225f87c9ef462bb3da051f536c1c3773749ab4308fe9f76279685a0802237c92a569f87704466a2b800747f2e53d653d7cd2735e95887b
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 3da5cc9aa43b181a1e80402caa69148f3ff442e3b18122ba8486d98a046cb9e1
+Nonce = 2cc86d6b829dcfbd48642c40e29d299a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 34b0897d16120c587877980cc0a12f964859cf53f88714f4bb0ceb0d227b287d44e233b22001b5c7a2ae0185fe92762346feb2c6f7a7b4
+	C = 9aa83117bbbb091031fac80417338485c34ae9b04cbd34833d1f0655afafd87b105b42ea8f389cc65abb9f0753d3259c96af1f61ef4009
+	reseed counter = 1
+EntropyInputReseed = 3ef32a7c40575d540e24372e90799a3193c0daa8b61027b1d1a4d3a3443ad4de
+AdditionalInputReseed = 
+** RESEED:
+	V = 5ea7429216e8f909845f6f72fd37ac449e270f264fc96a986c3823d7f2ea2be37dc7b9d456e3bd2159a73cd548d1999dcf3d30ccdf45f7
+	C = f8aba8c91f862f06f9f594331e08e3702f282796e1fe3488ab93c7995303d1c46ee8d6d1b9f92c4c234e92a5727cd2a735b48537409b78
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5752eb5b366f28107e5503a61b408fb4cd4f36bd31c79fe73cb0ade0a96f7d4183cf983508ceb9bed62edd2c9ab91c7e3782f9f0b31f50
+	C = f8aba8c91f862f06f9f594331e08e3702f282796e1fe3488ab93c7995303d1c46ee8d6d1b9f92c4c234e92a5727cd2a735b48537409b78
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 784a9c0b6d52b50c9c777ae9592b6a5750aab7383e00f3602fc0a9be250a346dd1aa6833dfbd7cce8bda9fa62c0d4ba5960b8db6c066b127ec0fac84e30168c0ecba2429055f3e7edd78c735b0011b44ce2f180c389d7d184f730d6f993b20685febdfee39e48abe66e663ea0eea966dce835708e4dfbd9b5ced2a9fbb088bfd
+** GENERATE (SECOND CALL):
+	V = 4ffe942455f55717784a97d939497324fc775e5413c5d4c209de8658d52d40d143229f8f479a1e2f871e83f0efa50729bd8efa880bd913
+	C = f8aba8c91f862f06f9f594331e08e3702f282796e1fe3488ab93c7995303d1c46ee8d6d1b9f92c4c234e92a5727cd2a735b48537409b78
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = cb072244f1a3ace81a03b2076641ee8c0537f08022732c049875041b75ae54db
+Nonce = 2e05fbf45c9cce7b22b6759065596f0a
+PersonalizationString = 
+** INSTANTIATE:
+	V = bc6e211bd6e7ac82b52d265863b0c4b3677c353957202e197dbf1f9bdaf4b010e2ab04fb02edca4412cb89dbac8a7233e0d37955e283ae
+	C = a21b684a9341e065d8468828b8b8153011088f27d75a6be40e4040cecd164076da01e1899b8664f70d89ef59ccc04f92cd0bdf80e986cf
+	reseed counter = 1
+EntropyInputReseed = eb2803ddc2655d8106706585dcd3581ebfd5a7f14f95d5beba0e8b73631912b5
+AdditionalInputReseed = 
+** RESEED:
+	V = 2c6c568d4ecb268f3217f0316cf8b8b4da24528e46a5703371fb7a290b49b0c4377875291d2a98c45e0789307280e17db9c65d585528d3
+	C = fd48b6123aa9ec91e92092e82b01fbd407d8456704fc936a24798c4098d2a17c4e65061e4dd6b75fd2071336f71ff486c56dd70f5d6b71
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 29b50c9f897513211b38831997fab488e1fc97f54ba2046ad7963798e7eef9c3e739b0a2032a32632c9291a20d1206a27712df804c87cd
+	C = fd48b6123aa9ec91e92092e82b01fbd407d8456704fc936a24798c4098d2a17c4e65061e4dd6b75fd2071336f71ff486c56dd70f5d6b71
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0c10846214bc7e0a4f62fb5753c35b02ce0b01c21bb44ac73be36d81a7340e432912d7f47c7bb7d7dc5c5c90cc83f5994300ab7ba2d216afbc1ffa3f770ded05045314e26fca1a3159a6dc04b30e3b5fbfff3c4be0996fb52484f44008d9505d2b734243444861a1ed472789d22b16d702fad94da93a9e0df01f6bf4c7dacb74
+** GENERATE (SECOND CALL):
+	V = 26fdc2b1c41effb304591601c2fcb05ce9d4dd5c509e97fcfcbbc04fb487ed5ddd822900a1513907d2c0bdd552144d5a472733d4d379d8
+	C = fd48b6123aa9ec91e92092e82b01fbd407d8456704fc936a24798c4098d2a17c4e65061e4dd6b75fd2071336f71ff486c56dd70f5d6b71
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 33d647e0b191f0c07220ae529aa84b0b4b6aac36aab1a6809d19b18167af6a17
+Nonce = 39a71560d62cd3734d29f05e2bcbcda2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 99a45b31e075254491ae6538d3b85b5f26f7850f8af09ee59ed9324322522d0158973ccbe758bc59fee5dcdd1a786f90e2e2a97ebb6072
+	C = 2b9618618a7b692dd7f24bd3e5c1f89821276c8b1dcc539e5b8e844f1efbcd0dbaac48267a30744acfe48ed1697ac73247ad3aebe26242
+	reseed counter = 1
+EntropyInputReseed = d44926120ed0f08ea2f33c2bcb0e54d6be25c62e55f04ba9be72224eb17ca315
+AdditionalInputReseed = 
+** RESEED:
+	V = 3d51f6a40dd7e4d379ddc0799908e29175414ee110ef636f5dbefc063af19f5fec374f58a1203db981b4c633c4eb92d3c6611238f3ad6b
+	C = 28652f5bb5e99d5e52329b50efc0f2bb0ade8fece475fe3f30e56e8cab3174ea8b27ff6c57e84ef23d81ac084e3f5d778f914c23515af0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 65b725ffc3c18231cc105bca88c9d54c801fdecdf56562159b6d96b5c5582e33bafada01afa980d76234ff6da3d6862170453f6ac188bc
+	C = 28652f5bb5e99d5e52329b50efc0f2bb0ade8fece475fe3f30e56e8cab3174ea8b27ff6c57e84ef23d81ac084e3f5d778f914c23515af0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7960ee51d0c4d87752e32d3438cfdd48fd76f5857ae521705b1c485c4b1c7bd9f144a5e1991f8eefbdb8633dec4ea43c5327e5c9a736961b7be8d20313accf84cf869f515ba47b879cca9b2a4fe41b300537732f3a9ab8c674011c5f1da08db56b873e2a1b6dd4a9bbe6d36c17e006ee3ebbe5fdbc9a402825f1e6ca9d595525
+** GENERATE (SECOND CALL):
+	V = 8e1c555b79ab1f901e42f71b788ac8078afe6ebad9db6079d51be32568b7f1e8920551064b3aef25fffb03fe9aa3bf1002dd2807271a94
+	C = 28652f5bb5e99d5e52329b50efc0f2bb0ade8fece475fe3f30e56e8cab3174ea8b27ff6c57e84ef23d81ac084e3f5d778f914c23515af0
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 55fb797a44a6fe1bedfda988fe76caed3729142c3a5ac7399270662eef583e0a
+Nonce = 7fc0fd37812a6ea8c53735c8e906bfd4
+PersonalizationString = 
+** INSTANTIATE:
+	V = a42cf4c13ac1e1f8722dd63231faf6ca35bc6239855678a749f8c734949c28f18ad77e9e6488f299ec7a490f4c081b900151108f985aed
+	C = 380200cee50e25c150c4633b8ccf982a625b049c2bd2a470f50e2351d0a2f418b3fcfaa9b1fa24c975f54804de5514a7966ac695bf3965
+	reseed counter = 1
+EntropyInputReseed = 8a4a61eb1fea0561c058d8ed2b435e181127b9c38b16829d46e2060d85130c4e
+AdditionalInputReseed = 
+** RESEED:
+	V = 05db4f7fab5ab2de1a0da2fe58b9c11ec0aee02f8f9f0babdb5ed7b311ae0508ba99ef944ea42895e2bc376d705bf6e620d331ffdb8b3d
+	C = ed41d4aff737bed95c030fa1e36b70f5fbb181eb7c16b0fef454b9deade968316a287ae222b3a9ff097c06656fd02e1d9a47d38fc32de8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f31d242fa29271b77610b2a03c253214bc60621b0bb5bd052177af0aabd1344db2e8d23a16876efec1ababe6df14480e86ddd13b853875
+	C = ed41d4aff737bed95c030fa1e36b70f5fbb181eb7c16b0fef454b9deade968316a287ae222b3a9ff097c06656fd02e1d9a47d38fc32de8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 889a95933a078cab3fbd9171da3746b789605a5345466c387b0b9f437777b19e37a1256239dfab38c1d18ced81868425973e25e8d3775d60fe46211c2c45d99f1f381a8bd6aa7809f767b343bd65629039b7e9ae6dc8a02a035c4aeb08cb6d54af1dd2b5d59ecbff9be9d6632a829af4bc12fecd2fb5379d748c89a98658abee
+** GENERATE (SECOND CALL):
+	V = e05ef8df99ca3090d213c2421f90a30ab811e40687cc6e173e363a39adbed737a7c0c62f3b1129bf2dcc3084aaf8145301d345e4a82adf
+	C = ed41d4aff737bed95c030fa1e36b70f5fbb181eb7c16b0fef454b9deade968316a287ae222b3a9ff097c06656fd02e1d9a47d38fc32de8
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = fdba0bac0fc660d5e76907f9f5618249afcaf5ee114830379ce02b46187856af
+Nonce = 83525fe2d6edcb4174238d2015ead95d
+PersonalizationString = 
+** INSTANTIATE:
+	V = e34e277ac4157f6ba077d8817cbd17b16b7ba3456d37da9b805f93deadb021139d7357db17eaa89681a4a50a416cd717fd2c41d62ff103
+	C = 276bc892306fdc439b334abd36226ab2ae938b4a3ebb6d4e4a3b33fc51e07eb49bb94f22b3829ed101b3bbed842e07a2248fabeae30e8f
+	reseed counter = 1
+EntropyInputReseed = 6a9b2a65e0a88b8e0186608ea8cbbd0a015a3e481ebd106ce0ab3fd8973bc773
+AdditionalInputReseed = 
+** RESEED:
+	V = f869d3f64bb893fd5a2bc4eb359b525af167e755a9fb71630ffe0616d8ec66595834a4a57562baae23c16788542e67fadeeb6dcc1f2e26
+	C = 5132eb191f7ade72db372cec8d94066217cbaeef6a9aa7c8e99c3d82e437373d44f146cca35cd5f72dda329c74ac746130f8225c2ce7ad
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 499cbf0f6b3372703562f1d7c32f58bd093396451496199dc47e8854fa61039b86d52de4bdbdc2140ba08d60e307e18bd6f2850194fc95
+	C = 5132eb191f7ade72db372cec8d94066217cbaeef6a9aa7c8e99c3d82e437373d44f146cca35cd5f72dda329c74ac746130f8225c2ce7ad
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ad2ae1de5dbeaeeb8be13882f5a3cf2726f7ce6f3d00289ded40e82e8a0557db49f31723c4dfb198680366fe698fb0ab877e957886f291ab4f6982395198f95fba9c17e471fec6f8f223845e18d2ba5f8e57967900e7d9c819e33cc259a0665b81cdc9e68f646f8f10202da22908236200a11356d3d77268a00b434d39d5494a
+** GENERATE (SECOND CALL):
+	V = 9acfaa288aae50e3109a1ec450c35f1f20ff45347f30c1e1a68564982e051c1e1897f984fa469177af6d73f21fbc6b539262e8771e87e1
+	C = 5132eb191f7ade72db372cec8d94066217cbaeef6a9aa7c8e99c3d82e437373d44f146cca35cd5f72dda329c74ac746130f8225c2ce7ad
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = fa41680f05ff9bd55ecb55adaf6eedcd7238f791e246b6608c4e32d9b7e676c8
+Nonce = ef608e368ab5f06e3a7c7628579ae236
+PersonalizationString = 
+** INSTANTIATE:
+	V = 45f242d47fd5a82ebf6b0f6bb35af67b4426272107c0bef13d8a8c8f836fdbbffd930741e03e8781c751bac1e9bac9dcc1e903b0ebff91
+	C = 73e1f3949650d09c9e50aeda449b70b5d67b4711ed9af49a6165d67dad21b1bc0d50d2e8df9d5a278e9e50e52f7e2336b6c503c2fe3532
+	reseed counter = 1
+EntropyInputReseed = e3fc9a33149e6013f5c6735309fae85248a20b958508ab171afe1a71364b270d
+AdditionalInputReseed = 
+** RESEED:
+	V = 7b1f55cd12bec23c231388c77de752ec91e6a52095ab91345412a73609f442af42a8b1899a14fd843d9d40c5f646099b064d72743c7b04
+	C = 0b6aa0d7da20cc03ae2abbf0da15b2e6aeb1a30d1d02bd222c132facc9425c6404b803e230f853ca26f57d566b1b4de0860210e848ebff
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8689f6a4ecdf8e3fd13e44b857fd05d34098482db2ae4f1d220afeaa1718fc2e6768b7a3af06c05e9615694c0e9977b693315b6e24ac58
+	C = 0b6aa0d7da20cc03ae2abbf0da15b2e6aeb1a30d1d02bd222c132facc9425c6404b803e230f853ca26f57d566b1b4de0860210e848ebff
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ed35e497523cd3c2488465b7ddc4640b884e2b9701707e7c23898f9d82006f2b5845260d3943712bc6ed7b734b6052eb88979f00ffd2399e04fd7bec0bb550036e4965dc4ff8937aad2bd5bf6ff1a86a178427b408cfb7232716ea1f2536defc9435d80a90d3a7e8171a7b26f1a85c9f93ca0cb6050d79efb62cf3e19861ace9
+** GENERATE (SECOND CALL):
+	V = 91f4977cc7005a437f6900a93212b8b9ef49eb3acfb10c8d6695c456c0227cfc35d734d825d2df0265c7b7f324f2eb20a87d9552cee24c
+	C = 0b6aa0d7da20cc03ae2abbf0da15b2e6aeb1a30d1d02bd222c132facc9425c6404b803e230f853ca26f57d566b1b4de0860210e848ebff
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = ed6d3846948c23ce34634699da5d329cb35956997f5e108a1b56e2d624b1842c
+Nonce = dad8106cebebe79f735af2607cec9023
+PersonalizationString = 
+** INSTANTIATE:
+	V = da2164dd6455274d92e6970fd31e9c5e1e66d9dc105f9fca5c9d812c85abbc1702418d6dff848e192adc84b01737000790bde05880b4cf
+	C = b06e846e90385489bc48effce3368a3932776656c97b76ae35dea5d572c669b0d02c08fd028c5bf400acfbbf3887e4d3c185f5e943dbb0
+	reseed counter = 1
+EntropyInputReseed = cdae82d67ba3a3af92e81dc453fc369b680d4ae88ded36d5d55a6f2ddc5aff74
+AdditionalInputReseed = 
+** RESEED:
+	V = 5ef1a43cb389425eb583535a9980e5b76433cbb329c4c4d799cfe355a180fa91a8d572cc9df9e76e291ec4031dbefee835008733656f5e
+	C = 018a8bb01f7537f749180d43cf439ba6b7839062ca25b1b3aa5dc576e747e6d4311d531305bbefa94f7aa56b7d57e70b165c045b776a75
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 607c2fecd2fe7a55fe9b609e68c4815e1bb75c15f3ea775faa1c47fa897eed4a7d823e9cba98ecb8e0b850054a9b7ed03c8f7be8244e01
+	C = 018a8bb01f7537f749180d43cf439ba6b7839062ca25b1b3aa5dc576e747e6d4311d531305bbefa94f7aa56b7d57e70b165c045b776a75
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d1cc60302650f60a42664fff6b9eb6b6ecb7e9adc16621598ee1692cbe70ccc8b4ac0fb972cc1a7099b0017e65ff16e689ae14ab29add94887616558452afb5a541f651fb1551e795a13864f978cec1a48935e4cdcd3478d9b14ad232e8359fb48034fc948cf86cef569dce72cb273e9c9976626fa5ab5a846ac9e5a328cf34b
+** GENERATE (SECOND CALL):
+	V = 6206bb9cf273b24d47b36de238081d04d33aec78be102a0b88ae949f2782e82433c00e53f0354b615671c76f0d45e96a5ab6c97775fa41
+	C = 018a8bb01f7537f749180d43cf439ba6b7839062ca25b1b3aa5dc576e747e6d4311d531305bbefa94f7aa56b7d57e70b165c045b776a75
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = e993aaa6aeba7550c14e22b1b7671a03a727708fe061f800ae0a8324592bfdf3
+Nonce = 07948e98cb211b9d56a6e54a754f17f0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6adf85e24a6585a26b526c89111aa8bbba3411b9d77b6c0f56e433de2a7790d6cf9f05c038f448f4503c11be59e9c17507248d281541ba
+	C = 7f60b266b1df133e6f24afd6c88df6183345780cfa2bfecae5f0afe17e6dc108c8bebd60fa6d1d471973e607a5cde4001e091e41e85be0
+	reseed counter = 1
+EntropyInputReseed = 1ec08eafddca2f29a72ce2ded62360670508f30a58da688ec2414ed3b3cdac95
+AdditionalInputReseed = 
+** RESEED:
+	V = 432e3699347bb9427bee660d528c0e4e4730104ccd0e2e17bab3f16bab48f4c2879a7b784500d9fe66604f89b029d846c2a63aaebf839f
+	C = 20d75c176b001e99757bda3d4950088667764c4aed1810c5b8fe0b3b55ea22e7989573a8eb19ce56ea0f8e808635a964f2a61179b01006
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 640592b09f7bd7dbf16a404a9bdc16d4aea65c97ba263efae9c979f50185588a1f611133d3197c62b2612e5a16c793ba81ee835d88abf3
+	C = 20d75c176b001e99757bda3d4950088667764c4aed1810c5b8fe0b3b55ea22e7989573a8eb19ce56ea0f8e808635a964f2a61179b01006
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8e5a98a6daf30666d8fbd740d96cbe3920427a089b4ae1cb26dcfc790f2d7eee18e26e60c2d4ee16139add6858d15ae6fb1b39d21cf8c93f2f9eb01c716abc5616541c7ded01f4d143a4d0e002d99462091d85f46bb2d29c1e41402a807478ca6110405cbc945c5e9415b92e7dde9837b1ea00e8e293d6adba9ccb76affced30
+** GENERATE (SECOND CALL):
+	V = 84dceec80a7bf67566e61a87e52c1f5b161ca8e2a73e4fc1e13dca6635788cd8a59002e7c9b99b57ea4ed6c018efcd2d479deec481e52f
+	C = 20d75c176b001e99757bda3d4950088667764c4aed1810c5b8fe0b3b55ea22e7989573a8eb19ce56ea0f8e808635a964f2a61179b01006
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = a4056be11297bc58a6a93bcfd6e14e1664a54943a0c66a700fb019e4f9c7e9da
+Nonce = 5d3c277a30dacf7ad8c976c023a8176e
+PersonalizationString = 
+** INSTANTIATE:
+	V = a30737d799c84ef6519bb629d8330991e932bbba616050090deaebc31de7cd0ce1c6921efb9c5f7b321b549589d3f385e92b0a5ae89bc6
+	C = 20c500d5fd302ec74ac0f91a6276e59a4f6e47e8713aa4109096a932b9bdc1e2c53bb0d00a4332769865e9b5521436bd93f281b9384217
+	reseed counter = 1
+EntropyInputReseed = 9b57cd8ecc0a8009f8daa6624ee15f6d8631e0fddb7a470d6b60ef0880c4f53b
+AdditionalInputReseed = 
+** RESEED:
+	V = 0907d1ec9c2d341f1d9cdfcdb61080a4304ecbd20476870b50a7700d2311999102a770a8abe0ea54a76fdee8248cd4157548835abf83ce
+	C = 16d613fd9ba28ddfbc69ed4ecee7ed7325ae72a376e4e9718c74837423bfd1a3a71b31ac94d0d6bc1952df2ef81b47e9ecbf661d52697a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1fdde5ea37cfc1feda06cd1c84f86e1755fd3e757b5b7093c1cafd17acf643e64076aca19592969c77d8eec6303bf2f7c5568ef47329ae
+	C = 16d613fd9ba28ddfbc69ed4ecee7ed7325ae72a376e4e9718c74837423bfd1a3a71b31ac94d0d6bc1952df2ef81b47e9ecbf661d52697a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b624c24a175d0d8b071e28a8cda21e51ac9f3eeb156cacf12b770351e2e45735aee48eaf58752ab5967bd00de4dbaa35c9d04e264185414d0ddec54281e35c6fc96f645c0265e156a8c73627dfe908837a1a584bcdf534cf2382ede27277cb8e88d648bdf51bfd893e24f1c0a013d08c4acfca7ca1aaae41dec255a845351c78
+** GENERATE (SECOND CALL):
+	V = 36b3f9e7d3724fde9670ba6b53e05b8a7babb118f2405aee664d1c71f4ef29aaacfd2575c218fb5738bb2dc45dcc018286f7ba448182a9
+	C = 16d613fd9ba28ddfbc69ed4ecee7ed7325ae72a376e4e9718c74837423bfd1a3a71b31ac94d0d6bc1952df2ef81b47e9ecbf661d52697a
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 4a609f79995e18a014c7ff98fd768a5f3a7238f4819d036a325977177788d4f6
+Nonce = 93488c3d113753a69bae2f932c7e00ea
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2e0328bd534f1463dfe308219979945e231643ffd4c220df5b03a337018ff0e78eb3bec55cc4257609acfa401a6df2b6db0b3fcc78d32f
+	C = 875631d9bd482301a8a11adf49e2167f8fe95003909eabbb332aced81cc4c3009b3b74b04f47f7cb55509d2597f9df2506feac919e7e6c
+	reseed counter = 1
+EntropyInputReseed = 6acb0fcf5ebf0c1ce474a51e37cacf589270f65157d4cb1ceb06812e93a020c5
+AdditionalInputReseed = 
+** RESEED:
+	V = 1f011c318dd3b79e087a1cffc09e926c40249f00e0bd42142246d14fef6b76310e1049dea576fc339317c3f1ef0f13a8b16243a95879ff
+	C = fb3b334d3a862757644841c1f2c4978267a3f3d125f3ca52e251ecdfb795c1242bbf1e29251ae01351640e52214b28242c7a0c0541d003
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1a3c4f7ec859def56cc25ec1b36329eea7c892d206b10c77d014a211c2f47c91d75c4bfbecb5c9bb7a43211c574d8a482c707e92cc6a42
+	C = fb3b334d3a862757644841c1f2c4978267a3f3d125f3ca52e251ecdfb795c1242bbf1e29251ae01351640e52214b28242c7a0c0541d003
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 63ea85ce408b7748a78513fdc1df7072a2f69e96ae1e74ae81bb7a915666adf88705f745e8ce793eaac96fd22aefa6d15cb090027c5eacbd2519f1c004fa6e8d4d046ac64ed3b7efc64b02cdc1ebe873badaee220f76ce707909d35656067bbfd210ab3747c1da7994a639f1e8be054c0b4c6529a6f36e2a73a4a1b7d1f85408
+** GENERATE (SECOND CALL):
+	V = 157782cc02e0064cd10aa083a627c1710f6c86a32ca4d7930abf257299516a83e4eccb10b1830c228a52c8cabcec3aef2eba19982147be
+	C = fb3b334d3a862757644841c1f2c4978267a3f3d125f3ca52e251ecdfb795c1242bbf1e29251ae01351640e52214b28242c7a0c0541d003
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = b84e35de071f4dec9d8f9c2c7ecfe8bdf6036206c5ef8536e8db2ed823b113c6
+Nonce = 27a97babb204a92403d65e45a307d162
+PersonalizationString = 
+** INSTANTIATE:
+	V = a143f90ed589e41b994d85280badd0a2003ac6eb5a493f340caf98df0b70b6180e12a345b44c795d7c5476bcd548d3bfe25e59daf68533
+	C = 28ac69335c6cee331fae3cb6e9daad2d9b11e10ef55725847c7defc90dd04c7b6e24b419131de44d53a13fcfd355086f29eefce14990c6
+	reseed counter = 1
+EntropyInputReseed = f9f98c4354dec080cc5667f759cd00ca31dd380130e4eeb93c74897800625328
+AdditionalInputReseed = 
+** RESEED:
+	V = 7a8b2439ee7ee776dde8026b388b63234a279600b9128c7c37828c73be2cd9ef1ad372d95cb0a6f242b396f214a62dece4a9fa7d0d1232
+	C = 1f578fc98e952afc12e8d5452b8dbae8e1e07fac663736054bd0fac6b840b58c03f4a1a23bf0aa5b3ec599d29dac9dc4825baa3f08e326
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 99e2b4037d141272f0d0d7b064191e0c2c0815ad1f49c2eccc85e06d0654733a2a3ab72539aa771fc222544c1fc3acfd8c840ec51939f5
+	C = 1f578fc98e952afc12e8d5452b8dbae8e1e07fac663736054bd0fac6b840b58c03f4a1a23bf0aa5b3ec599d29dac9dc4825baa3f08e326
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fc8bdc61fb9d86aba6422565bc0ffa67ee604dc30473601ce8397fc8bcb535aa095c03081dd12b53e20d7c2aa1237f73f831674250a24032b3b1e9d00e65e167bb29f6fc3e8ab5126c140382c7fad363a0dcf5faf8f014023cca0790c60c48a95e6321ec6c311b763d995bb6139f0b11727a730a4d23fa52937c36182c51a1be
+** GENERATE (SECOND CALL):
+	V = b93a43cd0ba93d6f03b9acf58fa6d8f50de895598580f94e2a859f846280a7348913a45016760589f01ea0d64e7a7d81b322d8762696c3
+	C = 1f578fc98e952afc12e8d5452b8dbae8e1e07fac663736054bd0fac6b840b58c03f4a1a23bf0aa5b3ec599d29dac9dc4825baa3f08e326
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 8e3d3160b8e5cfd5e54290a6bcf00b9a584ae06330ab994c2fee7539faf6e047
+Nonce = b3063c604537a31165e92e3c7e3078bc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6f35a7111fda0888841f8c810e666491d7e498fbca4d4ee5e847065860d5e80cb17da5399dc140087a3ab46af89519a554ae9fb21e9646
+	C = 1b3abfefebe11ad8e7bcc6ce79306b4dd3a4b7d741abac987a141051d3c2d7327f5f39b2d98fdf5ba34fbad83d07c21fca182cd4e3036e
+	reseed counter = 1
+EntropyInputReseed = aeddc28340d623c90c471752fd967ed180b28e42d9732e7b68d4dbe7c46b399b
+AdditionalInputReseed = 41bbfe767597223435cb69358c3fbe3bbb55fe50b74f7456c6bd09aea4d8ec87
+** RESEED:
+	V = bd9b37ec18e3b3a36973a0a1a064d8ec93d1c9252ef424b28d32f6fed8303c7280b8bfbaa9984836ccc3bf3f34d0cabea1ab3eee56e16b
+	C = e93ed02d4d11d140856eb7605036c5cba1a10c3034457ac71346ac27f9425f33065b40c7052afebf6f36ce7443529fb308ae2b59be70d5
+	reseed counter = 1
+AdditionalInput = 792ce85dcc2f409cce6cb105a80136f1dd4755daf467c807e1fd2e69f0f683bc
+** GENERATE (FIRST CALL):
+	V = a6da081965f584e3eee25801f09b9eb83572d5556339a127790ffc5ba626ff51c0ef98e89d9ffdccbea1b166f13690fe39a1db987e883b
+	C = e93ed02d4d11d140856eb7605036c5cba1a10c3034457ac71346ac27f9425f33065b40c7052afebf6f36ce7443529fb308ae2b59be70d5
+	reseed counter = 2
+AdditionalInput = 23c83ce2dc5fe94e3462504e55d612897e4928bdf23afd6a21efc967e4dad423
+ReturnedBits = 0dffd2d53e1f70681df4e893a546618c6a42f1a6629306e9eebabf31dc7aa856a6f1a574dfd4cce25cb1f7752de017a757508429801a788ab6b63bab22c00ed8d514708cdca02c2c06ba290179868bfb54aea0d33bde57dc313d671736f33231c7e96cc9e0f642be52430d701fb76b993fbfd121a3babf1be519875084933836
+** GENERATE (SECOND CALL):
+	V = 9018d846b307562474510f6240d26483d713e185977f1d6da44bb370947aa1a691e830ba624465b092b7dad98d1a4a9f3a5d28b541df77
+	C = e93ed02d4d11d140856eb7605036c5cba1a10c3034457ac71346ac27f9425f33065b40c7052afebf6f36ce7443529fb308ae2b59be70d5
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = b01d3c5e384773ebd6388b98bdad56a59ce26d32dae7904052fcf588b65e64b9
+Nonce = 71451b75940b4426fa9957a640637dd8
+PersonalizationString = 
+** INSTANTIATE:
+	V = deb7979242f78df6044a9e241f3b11aae308dbd7d7a17d25bb4cb0d965791abdab0ad44dbbf64fcb5c4659a64aaae7b82000ba7358c2b6
+	C = 258a144d9ef25be2691a2f0705539f2bf4d17081c2d2aeddf1ff47b41665e609d83e9e96130ab00e0c57b40181880f66d23d737dbdb448
+	reseed counter = 1
+EntropyInputReseed = 508da103414f6bca3916d782536bdc46c9ae5a706b7f8e46ee3e99ca4cc8c4c9
+AdditionalInputReseed = a1b9ef553f65f06a3db10ba33b5cc1af7dd2c2523401730fe30e9a10bca027f6
+** RESEED:
+	V = f29b5209bcbb9bf139c0da805f505e238832d4e0e798253abc086537e1f397ff5317055aac740cc7f9d6ae00d99d113ab194e966d4eb64
+	C = ae61eab8ffcdf14ebb77e2c787d363ab0adf7cf2af42da9e3035c0c6a935ebe7bd9d8e137a94458090ddfdd35f991aede0a6b7a6274986
+	reseed counter = 1
+AdditionalInput = 83e48b996d53066304c9f910120ec50037d36b36d9eb503944dc8e6a4cd2447f
+** GENERATE (FIRST CALL):
+	V = a0fd3cc2bc898d3ff538bd47e723c1ce931251d396db00d7d1670d8d3f6d65ba0865638007ba39f309d246f01039c5b8fb46f89734b4c7
+	C = ae61eab8ffcdf14ebb77e2c787d363ab0adf7cf2af42da9e3035c0c6a935ebe7bd9d8e137a94458090ddfdd35f991aede0a6b7a6274986
+	reseed counter = 2
+AdditionalInput = 4c8c836c589f89882d8ac170b59c5f58be029f36064cf27458ccfecdcdc75f30
+ReturnedBits = 60a07285a71ed65215c2027671e74128d154ea0f874cd9c9247e68c40ba86455a66eb3aa162dcd323fdefdd73108ca22e232cccf554e0fa4157b933626a34a83ab8b502469809b9e325ef392c5dac797f807d75ea93f21bc049a553af4c100c9386d109d39d2ff8d7b1117e7e8bb4b5bff937b89c908baf18e202e9525086648
+** GENERATE (SECOND CALL):
+	V = 4f5f277bbc577e8eb0b0a00f6ef725799df1cec6461ddce300d29a6995af81b37f624f6b5ea257dc4a25e237cb1203d4d08c8346f3951b
+	C = ae61eab8ffcdf14ebb77e2c787d363ab0adf7cf2af42da9e3035c0c6a935ebe7bd9d8e137a94458090ddfdd35f991aede0a6b7a6274986
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = d1124e952f7ac7b1ddd6c038f0d4f6e6ec881f8821999a394fb88e3cf6f0635a
+Nonce = 234835c3ea9c497a098001b914015986
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5b74be7e952fe56b1a0063b76dbfc59414cdc8ba3023a0ec12d9993bf73e874401ac0dab4c4584c5fd1e30851b33353951be9f31f4c762
+	C = 7dc5745e4dd23a121d467974b14cd4fbdfcf6145ffa330b62a2d84591de0e5d59d80b024a9b5bcda2c2f691c15f55fcd63909ecfde672a
+	reseed counter = 1
+EntropyInputReseed = afe5d8187a89bdfefa695576665ce6cc40a2d963d744b4e98b4d2ad3a6864384
+AdditionalInputReseed = 76ca1bad0ac8e5f6008803be4952001f2f47f002cda541460546f45c6e40b92a
+** RESEED:
+	V = 94776c65eb3b9fc81d1659ba2e92a510dae6809ced4f5c7db2848a1a8244cf01289926736acffa9a3b9a2dead5b2041ec52049545ade7e
+	C = 3cc1e4d3ab0d8b21f17036c664fe77501e366a0fb0c7bede22bcedcc1e367e8f9101bc50031c9d4fd19a2705a20eb72318d123072c3488
+	reseed counter = 1
+AdditionalInput = d87f51aa466fda01dccd399c356184368a2b14e61d7417853e547c535461239d
+** GENERATE (FIRST CALL):
+	V = d139513996492aea0e86908093911c60f91ceaac9e171cd27daacb4d0ac25e1e3dcbd8a49d557d80acbf64e7cd1bb40e16c7db26600c60
+	C = 3cc1e4d3ab0d8b21f17036c664fe77501e366a0fb0c7bede22bcedcc1e367e8f9101bc50031c9d4fd19a2705a20eb72318d123072c3488
+	reseed counter = 2
+AdditionalInput = ed1f955e7694380929fd718469f896270727e8d7f5f209d4bc1e4a91ca2350a3
+ReturnedBits = 0ee2cb162653b1997e33156b59317b3db3eedff69b71212b0ff60bc3cfc2ca4884756514fc81060768235ec19f68f2fbb15be9cf1e4c359bf3dffe98618f23301a6f2fce59b34279e009d1341e3a9854f515fcccfb8ad095aeae4e4b9a791f94c20163dba679765fabf0361219ba445f63805466529d0c3b7a9b78528ae54edb
+** GENERATE (SECOND CALL):
+	V = 0dfb360d4156b60bfff6c746f88f93b1175354bc4ededc84c81a1c47bd336844fc4d0d2bf4fd309d34ca703c112f3e931156213d16dec4
+	C = 3cc1e4d3ab0d8b21f17036c664fe77501e366a0fb0c7bede22bcedcc1e367e8f9101bc50031c9d4fd19a2705a20eb72318d123072c3488
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = f45ad9a70ff2d3f1bccb025062bda1707804f2416b75a72fe5505ff654954858
+Nonce = 6f5037dd990ce0490bced8d9436a2175
+PersonalizationString = 
+** INSTANTIATE:
+	V = a9d2f875033408eaae3d428c3ec64aa47706404b1d25e3a40a0849e727c4e3d7b99aecaa7e6770066d2969048cd0a710e453e6aaf81c6d
+	C = ed125fbb03c126ef1ed98131e1a367e80ecc90027ad778f678fc126fd18c45d7f6e2e32fdfaaa94997f183980fd2a2cb9a6a9348fa41a3
+	reseed counter = 1
+EntropyInputReseed = 0846276a3249d905ac0de5fe29c715d72fae1c9a827ea5a38ee1ec378da0909b
+AdditionalInputReseed = 699c6d4ebf08a26ba67dfe84439f8472c6c02aaa5b777943cd272d10a4d9909a
+** RESEED:
+	V = f823e919109fd830da2b6cb947fc8df62899b1556b22547ef42aa23b2fb0fa9a9bc04bcc1714e15907ca0a19cee4f7e976c01f82985373
+	C = 1199cb4142759a077d6e1fc96b9d2bb9807f36b6cfdcf77ee9359b1053471b6e9bc7d4b0962cfa23e96610be201acccf7b86c7337ccc9f
+	reseed counter = 1
+AdditionalInput = 52c20bf432a1bbdc9ceaf01dba0d0a1994bfd0d1f92e45b4b3c68c0f340beab7
+** GENERATE (FIRST CALL):
+	V = 09bdb45a5315723857998c82b399b9afa918e80c3aff4c86d6d94f0573cc58e4662ec8dbb46ee20375a5bf4c8ed6bc6155991f19ecf7ad
+	C = 1199cb4142759a077d6e1fc96b9d2bb9807f36b6cfdcf77ee9359b1053471b6e9bc7d4b0962cfa23e96610be201acccf7b86c7337ccc9f
+	reseed counter = 2
+AdditionalInput = d33074099bf9f93428c751fd35f25c6eea54dd435711e345efaf01ca6d4e08c6
+ReturnedBits = 2c01efbf7c344124c7f321ea36e8f1a07553442980ffc35a99233bc21c6557e0e10d81ad5f3a88064eadca721be539edd8b1742fc89de1783e2d1e874e1aea2c60325689ea3ef074d90e10c13e957c37b5787d108f86b9fadab0fef6bff77638a3b25eba84d1eb1e5e325647f6aef8c5bc13ee97bbae4872b9089b9ebea4d6b4
+** GENERATE (SECOND CALL):
+	V = 1b577f9b958b0c3fd507ac4c1f36e56929981ec30adc44d6e4e86b6674fc1eef330144eea8419150f921033a7bd1feeab46272cba0ff98
+	C = 1199cb4142759a077d6e1fc96b9d2bb9807f36b6cfdcf77ee9359b1053471b6e9bc7d4b0962cfa23e96610be201acccf7b86c7337ccc9f
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = c74a47a6292a7e9a7c918a9cb2852f7a4343b64f40025eff69816c0e43ea4cc8
+Nonce = d692f78ec411222436357de659f84153
+PersonalizationString = 
+** INSTANTIATE:
+	V = 417fef1e6154f7adae79cb645def145bdef872596424fa58cbab551dc8e632a6f80b299f2de1a6b2ec5dab3f5cc75577e597259a7ed026
+	C = ade609e33f62fd4dabec27ebf533b760b5c0c473e18c6dffc1cc59867a4854285d94dd4e518e78c427bd77745af908b9a5e39eb0f9d3e7
+	reseed counter = 1
+EntropyInputReseed = 67e2aa0c93579a57aa9b0d67acb8f7ad3ce2ead7842d3f88a1c56abcc95acf04
+AdditionalInputReseed = eb7c8185787647dd26116ec8481726601181ed7d2b22b3c556511e10370d04cb
+** RESEED:
+	V = fbbd1cdd6fa011c4e457c94b728a30d9c8a1eebb43a9b1b7cfb556cbbcad49ec8779fa9b28702d2b480e7e4822fefec07244e922de19cf
+	C = c3ee8d7281838bfbbfa97db3e2be8c9f96b2bad5854270ce40745586dfa80c0e8e2187c724a4e1625b6b71b76d38343921070eeea4a812
+	reseed counter = 1
+AdditionalInput = c59778493bb420f6e25ab35b7d259899983b9607b377a83e6469ec7487c2bc78
+** GENERATE (FIRST CALL):
+	V = bfabaa4ff1239dc0a40146ff5548bd795f54a990c8ec23b3c23272d9d5965c21af4bd912ebbc7b3586e101bcf06e6a8b093f6c43cd3202
+	C = c3ee8d7281838bfbbfa97db3e2be8c9f96b2bad5854270ce40745586dfa80c0e8e2187c724a4e1625b6b71b76d38343921070eeea4a812
+	reseed counter = 2
+AdditionalInput = 4501ed5569c19c443403bb4217f9a2f6cab8b67f80be8fd7a681f37d97d6a6ad
+ReturnedBits = 01a40362d045a1f8c8d2858cd49644e598b8bcf4f4dd5f54f94540a6bcd3d3bb6ca98d7840a96aca0c3c563b9626657456ddb24c0e11cae8a601babbf773c26cefb0763bad39e167019cf1e5ecdf3f325e3ccb91425434284669eb4e6134dd628ff5336e5a4a79d38e3717c5f7cb8e437a3505c8985294ce658e62a9eea141ac
+** GENERATE (SECOND CALL):
+	V = 839a37c272a729bc63aac4b338074a18f60764664e2e95a47c0b3690006968c5d72ff9e1233d412c9c1ce3150856661f6674d22ec42f76
+	C = c3ee8d7281838bfbbfa97db3e2be8c9f96b2bad5854270ce40745586dfa80c0e8e2187c724a4e1625b6b71b76d38343921070eeea4a812
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 9892e77d7131cba688688b26c4ec4454f9ae6ecf8eb1ed33673a36ddc712f166
+Nonce = dd31c195fb1c55c3c1e8a88b33ae40e8
+PersonalizationString = 
+** INSTANTIATE:
+	V = b69934b838af599b1fe6be183b607d8751a1cf7768da863c01b4732dbdf487caa0908ad9b734d784211b2f14c796640e68310937071211
+	C = dc35e0d518f4abacedc10234c06d8aa08dc977815cbffb2db5fd7e8d39ebee34b7796a98898607e0f97bb60db561aa97a3abe8773d9e7b
+	reseed counter = 1
+EntropyInputReseed = 52b768bc093181c759b44efc5ff1ca48ad746db0495bce20d454f18f9d7d5a60
+AdditionalInputReseed = 8adaec7933e098a48a6dc5d5d5c85400d6d28fb1ffdcf33e879523bf98aa8539
+** RESEED:
+	V = 4022ecca3caff7acecc0cfdd08ff1886b021a1fbe31b827f8980c248f10783b05444d4a805fb0646e8ee8f752b9456963c83b9b4bb6125
+	C = 9242d57e9e185d6e3d7eb1cd297accd3095fcf015b8aff2863222ad11b59eecd93913d4044ac2feeb825bd8aef0ff04536102bd36a8d20
+	reseed counter = 1
+AdditionalInput = 0cc5ab0f7d9ca34db1a1fec7f3989765a4e86ecf52e24dc29f9e0dcb6c7cdf88
+** GENERATE (FIRST CALL):
+	V = d265c248dac8551b2a3f81aa3279e559b98170fd3ea682ef5ad7f40af29ed5ef212bbc471741e02a482a6f1985749e34afec67d799cdf5
+	C = 9242d57e9e185d6e3d7eb1cd297accd3095fcf015b8aff2863222ad11b59eecd93913d4044ac2feeb825bd8aef0ff04536102bd36a8d20
+	reseed counter = 2
+AdditionalInput = 1ab594f4b8c0e9abfba1336b85f2e8686cf3b606b64f589579de21fbf68332cd
+ReturnedBits = d7add95ff00423febee95cedf2ec02eb32ca90b7226ffff328fa49d5e80c95b7bec00fc9354f3a641907355d819ff693c4ebcdc2239a8ff02cbea775f6bab293160159d974853d11fbe5a515c28d7e872164484f3664f4ccea77067a42c8dd6436bb4627dfcfdc405f99da7409a6b97535627c7923956340387dde9c11234c50
+** GENERATE (SECOND CALL):
+	V = 64a897c778e0b28967be33775bf4b22cc2e13ffe9a3182efbfd46417c740d1bd1e856fd2136c1d7a09d402ba21aa29f34e293349a53c51
+	C = 9242d57e9e185d6e3d7eb1cd297accd3095fcf015b8aff2863222ad11b59eecd93913d4044ac2feeb825bd8aef0ff04536102bd36a8d20
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c9424e722eb11573d5eef7a0a3488cf27b16df5e84d4eabb566a0e462a4b40df
+Nonce = c9f2d164a445455baec2d9cd59814d74
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7738ed534ef3b495c6a1e54378aa54ba101aeab9dcd67a6fc6eb7378ea3c6219269b53cf79acfe3a3aae73361b4d775df14e04f3588591
+	C = 75b0bb3e46189380ac916724a6be356c5e9a50cdf0c0bd120587438f56973eb64e347b736bbdc22c0392ee4ce7903af668b15e80c10621
+	reseed counter = 1
+EntropyInputReseed = 7f821949a3fc7febc5d33d627cd92b7bce2196a8cffa55f381166bd65957c03c
+AdditionalInputReseed = 8980295cb58731fbd7164674765aef9f8cc3943265ccbd5f660c02cb30941a4b
+** RESEED:
+	V = 20ef8bcf8e4906da65267f0bb85d9db745c5d7ff5f872378d55bf138ab2785a5b416a559dac8a570ba05eadec78d477fe0dbc34301559f
+	C = 8bfbc9c50be0a44b3f079069799660fcbe50e9a8f8678a5aa18920c620b72b876c3e6ee3b8182084c2b8622c4b20ebb3ce0386e7dac683
+	reseed counter = 1
+AdditionalInput = 5e736b2f41618954944af31cea8bce0eac67d4418d6994cf4a9062c7781ef2e8
+** GENERATE (FIRST CALL):
+	V = aceb55949a29ab25a42e0f7531f3feb40416c1a857eeaf259632f59f8e82d4b186ca454e88411f186292c60be6287250b083f3f97830d6
+	C = 8bfbc9c50be0a44b3f079069799660fcbe50e9a8f8678a5aa18920c620b72b876c3e6ee3b8182084c2b8622c4b20ebb3ce0386e7dac683
+	reseed counter = 2
+AdditionalInput = 529d04e80eba363db37f14b2651f72351fe509e76cd0542667e22f9ade090ca9
+ReturnedBits = 6c298c43d8f51ecfee6a0b7d04c2c431769d5387a68fc6f94c574343a5d29526ba20275f530e98ebb6b3390512d8896c8bcbfb5bfa6469ff6548fe40b7a48762762ed1836f889b3501aa64ee88b51acf3a3fc2608b4bac4231cd92ca8c5cea0657f89ab30bd9aa2093ada816af734429d212463735be6396c04a67215d0e93d0
+** GENERATE (SECOND CALL):
+	V = 38e71f59a60a4f70e3359fdeab8a5fb0c267ab5150563a6f4a3e594e57660fac1bf6229897871e858a3a2acba2912e2f9d398f48e6f103
+	C = 8bfbc9c50be0a44b3f079069799660fcbe50e9a8f8678a5aa18920c620b72b876c3e6ee3b8182084c2b8622c4b20ebb3ce0386e7dac683
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 3b0b4bfff28bd72333e29ebc729a5b28a3b85d46110f3db954f81e2590a6c700
+Nonce = e1a23b7205b6c119f2afbca1e4c2eb21
+PersonalizationString = 
+** INSTANTIATE:
+	V = 47632ca476791be737330ac2a158e26a65492fcfd06c15f10e6daf42c141f28f8e686f7d5fa01ed7364f0a4d8369c0a68cc71cf760c59e
+	C = 83802ce79c5dd28cca89a5c62427067bc1a03034455c5497ec1fce4cbcc386577f536e5f60d5acbe3583db23108c557a7e288697d47bef
+	reseed counter = 1
+EntropyInputReseed = 5d908251d66b6d9a718ebd354d5945589cc4e58a7479950fab99677f7f0070ab
+AdditionalInputReseed = 9adc919c582024a4da25c1560f6850e27eec900b3dc860c1001d610dee173ea2
+** RESEED:
+	V = 5dc3e79c663a6d5d8a714b68c5430b53396ac59c5ed3b7b3585f8b2003ca2d15cadf0e347fc6df7817bb3dad0ac9d529564086e42909f9
+	C = 041fc32223b33e58189d89bc423f160c7855046f8c9ad5c683ba84fcaba56677698bde6fbaed62aeddad2791187be64c6655a60743311f
+	reseed counter = 1
+AdditionalInput = 20ff1f27b911c8db0dac7f4f6863d15f5dddbb51339060921276e69db5b15d72
+** GENERATE (FIRST CALL):
+	V = 61e3aabe89edabb5a30ed5250782215fb1bfca0beb6e8eee179c144714fbc6508ca442c0710d0b6c466cbb4ae8253f831758bfd82703e5
+	C = 041fc32223b33e58189d89bc423f160c7855046f8c9ad5c683ba84fcaba56677698bde6fbaed62aeddad2791187be64c6655a60743311f
+	reseed counter = 2
+AdditionalInput = e49619860591e1ee54c0f524244f258453fd38f2e5ccaeec460e65c9d78ec49a
+ReturnedBits = 36354df1d21187316cbcec20c62c52d5f198379d2203ecb2244226e3e9e9aaf4380e4e516086c9f0c12631dacd01d1fc3753983b16420e67d4ba15239d596cf83eab7d12db0c4cac6932f99f4fb6cc85e3b8635229c41672a95b6b9b92a876e035a07eaa3e43e4f09a0a803fb137cbb7d6d91ac4dc5c9d4adaa1dd2a30b34ff1
+** GENERATE (SECOND CALL):
+	V = 66036de0ada0ea0dbbac5ee149c1376c2a14ce7b780965c2e29e0806502cf97e02bd70920c5a1beb63323cb0e8f56c51989907739e102a
+	C = 041fc32223b33e58189d89bc423f160c7855046f8c9ad5c683ba84fcaba56677698bde6fbaed62aeddad2791187be64c6655a60743311f
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = d942dae7ef77e09e467130fd9e3f542a5a7d96b7c323692914bb32895fdbd9e6
+Nonce = 17bd1a0053db4db75ed902fdf06f5486
+PersonalizationString = 
+** INSTANTIATE:
+	V = bd5d41c1f1ebe3b52f8a46a207515875cef3bc7cbb683191c498096d9817be4bb41bfd817ede0de718e7bc6bc9a7f3456db51abed263cd
+	C = 483f2b87611364e42066fe52a26f7db5e9daa9ae826d5d0d43529c5f9bcfbf7130da6ec5ea05ef5bc349fdab676f24ded01f754c00c521
+	reseed counter = 1
+EntropyInputReseed = e12787ea8b7e9161f00c8b6145820843408116b644fd803c6d7720161dcc2bed
+AdditionalInputReseed = 5bef201c987b55943ec6050a98f43407248d12fdb718f8110de108a81a445129
+** RESEED:
+	V = 01e6713c86a98db7d8597e902614b51cdeaeded3f27fdef0d19987ea9bf659e30581b0b6058e61727e66e60d424059b96371c7b2567526
+	C = dc31da5b284b0090ce2e02d8081fb13d9c861889da821e3dd83527bb1621ac5d3565b304020c0a8bf9abad33dc82da6244e305715ee881
+	reseed counter = 1
+AdditionalInput = a2c08a54eeb5ac37f02dddd5d65b1534655f3384f469d44191e573f9eec0c096
+** GENERATE (FIRST CALL):
+	V = de184b97aef48e48a68781682e34665a7b34f75dcd01fe56725a1f3f0999111bf49ee8b14985d4dca4233a0395eb61a634008effb1ed09
+	C = dc31da5b284b0090ce2e02d8081fb13d9c861889da821e3dd83527bb1621ac5d3565b304020c0a8bf9abad33dc82da6244e305715ee881
+	reseed counter = 2
+AdditionalInput = 6570633cc8f9e6490f516e37583daa550aa9719d99a98119221b605536e22748
+ReturnedBits = 2b8631968d6a6c8c448fd0a6307fbf7a7b39159a8d6f89b3d0b1d7bec08b397ba1616206ed7e3d6c25ed5100ba25da95d432ac20672bffc398736f6477b9181b318c42ddb353a3657a6b3ea0cd4a3b2a2867e2bcce5352c069738b0eeeba98db3044791ea03a563b221df59f617b2cfdf84b972e629ee2d748cd3d3c128122a0
+** GENERATE (SECOND CALL):
+	V = ba4a25f2d73f8ed974b584403654179817bb0fe7a7841d7d5309fab7465effdc9379830737f92f9c7fa720e1dd99900f372cc4b49f2bee
+	C = dc31da5b284b0090ce2e02d8081fb13d9c861889da821e3dd83527bb1621ac5d3565b304020c0a8bf9abad33dc82da6244e305715ee881
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = f5bf3c07b47c64dc616e4ffeaea7310de0c1acb18c4d75a9369446951360c926
+Nonce = 6e9803143f4c83c88c3164108e00cf71
+PersonalizationString = 
+** INSTANTIATE:
+	V = bcaea2df47eb0a6f8c3031bd74f9edb86d8233d83b2046be70bd585ed8521e8e635b7935f9e01157e165166ac6fd08a0c61ea82f489682
+	C = 81c4662d5343fcd372b95005215c2daa66bbecd03508cde297d1ef7fcd184e8302e109ace3584dfb5064ceb7e9f0cb028ac0c1b6558243
+	reseed counter = 1
+EntropyInputReseed = f8255e5ff8cceea225cede072203cde88def4e2263715d3336d2e2a34ec69097
+AdditionalInputReseed = 9028304fdabf8a21502205da145ecf06743243a9452c9493cd6ee210e22ed810
+** RESEED:
+	V = 1f5c777aca36a3050b719eefc7c86b5ec9d9065159c0ad47e052f2b5c21e73b30ba9eaa5135996b7e302adafcf47dbc6ada04f65f4fd13
+	C = ac3a8631e1243455ee957836ecaadaf328945a139be0b52e7c7c60bbb4b30365b068b6298464fca31ecfa2e3ed8cef5e370c60dea58a93
+	reseed counter = 1
+AdditionalInput = 4676fbd9d2193d04d90f9ee9af2872a67a46906e3a36849ad82c8d4d76e279a6
+** GENERATE (FIRST CALL):
+	V = cb96fdacab5ad75afa071726b4734651f26d6064f5a1631ba35c55a76e36bdbfae456ec8a9e72d99423af3d19f336e62d69d20f84c3db3
+	C = ac3a8631e1243455ee957836ecaadaf328945a139be0b52e7c7c60bbb4b30365b068b6298464fca31ecfa2e3ed8cef5e370c60dea58a93
+	reseed counter = 2
+AdditionalInput = 709145ece00126affa6e7979fe63e4c0b86216ab3fede9b8de4f7431d1bd0c41
+ReturnedBits = 486494aad1e33c437cc4c7069aa87d9a3969e0aacff5203d50551fede4b1046778f539cc1e173a510f3112f87554e0cc564464aa2059084a800f6e39dddfd48e24bc3b14b7f42cabccc74e1b2acbce4690368ab3ccf99660f69f99aeaa17c527ce36347c92533102ac24c802e6a9c7bae7183d685adc29874c7e468ac66ed37b
+** GENERATE (SECOND CALL):
+	V = 77d183de8c7f0bb0e89c8f5da11e21451b01ba789182196f80d0ec587edd1244fd8f86d863c43c722af2abfc232013b0ff04eaef23c724
+	C = ac3a8631e1243455ee957836ecaadaf328945a139be0b52e7c7c60bbb4b30365b068b6298464fca31ecfa2e3ed8cef5e370c60dea58a93
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3695e9741e3a6bc58e7e39541d6223b9e7afe8ac99a020ddfc8f637c32b96816
+Nonce = 94da5fc69e135c80d6840badb685e55e
+PersonalizationString = 
+** INSTANTIATE:
+	V = b9c5c72904db3baf040657b1eeaa16590ae20263c2cff528800bd2d57151669499914c66cf9e7bcb3ecf5afc31cc80b46bdecd7410e0d9
+	C = 5d127c636e767da8981c336b5a4d5404eceebf6104720dc1f115f7c06dc3bf7b1aa2fb781c72be6b66c50081c8f64d5e84f37bc4b67b55
+	reseed counter = 1
+EntropyInputReseed = cd039db768d214069d1e846ce1c754f486ddec1468318905b6c3b13b67fedd43
+AdditionalInputReseed = 36e1089d7cb405adfd460dec8cea332fdb62f840d2eee7f54fa5be3fdd94d92f
+** RESEED:
+	V = f993cd002a1767a710275f44c4114ca0a8f00bc338587639e61235e0568d4e1c0297d2c41aa67d5711aca56ca99706c7ade93f26c59735
+	C = 52b47e444fa76845c570d6dc7580dd7bdde543b5fdd7a51937bc752a1d8540849ee142ba65826ca072d3574bed6f2420f3b83d45735a29
+	reseed counter = 1
+AdditionalInput = 54220b8d419fe05216a5f2b4e665ea4b91ef6d31e3100bb693cdd7613faaad4e
+** GENERATE (FIRST CALL):
+	V = 4c484b4479becfecd598362139922a1c86d54f7936301c303795d5dc204ed1b148a89ddabf21e9b245e8ea9faec938bd1cc707806e01b9
+	C = 52b47e444fa76845c570d6dc7580dd7bdde543b5fdd7a51937bc752a1d8540849ee142ba65826ca072d3574bed6f2420f3b83d45735a29
+	reseed counter = 2
+AdditionalInput = cd056f86e166ad1b4d65b2d88d032a4762918761851d8d259fd617cff883e64b
+ReturnedBits = 4bf2261f562c0ba72b1cc85bd289ae7071507ff200fbc5a9de8db01a620a4e3e4049807647289579ddaf572b724772491705586678b9704a55c6e075559cdce89c18976035d25df4ad3906c50a97e2789cf977e1d4e9eb99493a2cd2409674e500d2e018ac97b871f80a34e8072aa6ba9e6f087e771c5c9149a3bed15ba08c11
+** GENERATE (SECOND CALL):
+	V = 9efcc988c96638329b090cfdaf13079864ba932f3407c2cbe87c7d7dccb9c2d3d805b94e052f223d29c1a8266bd09f31b712301c0e7b9f
+	C = 52b47e444fa76845c570d6dc7580dd7bdde543b5fdd7a51937bc752a1d8540849ee142ba65826ca072d3574bed6f2420f3b83d45735a29
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 45ed521cfbaaaa321180fe7f9374b0fec540ba0e1d4f5c2b3ca0579db4c72ae2
+Nonce = 59e619de4f904546ff8bf164d03ff568
+PersonalizationString = 
+** INSTANTIATE:
+	V = 81591b26733ecc7a5dfc4ae919af6f3fe571debac72dbbc41551138cdeb4b2118fd4d6a710e5fc52ab156bcd6f8def6b2b017fe8198dfc
+	C = 6774df272386cc6773afa70b9b79d99307b4a304095b649716468d7403e6982a6bee5e037cdbb12798720396959829b05d46eb6bddd770
+	reseed counter = 1
+EntropyInputReseed = 8c41c270288a1eddfbc608ba30a574a47a3c0bcd34ad661d6ac7c3535a9b3389
+AdditionalInputReseed = 4923d85eb81a8283f07fac186d5781e334e4608e9a72db60c187a9cb820fdfe6
+** RESEED:
+	V = 516ff14d3acdc18e3329394850887a796143f52d9d853d53d585adba4025e47c90f939d87d2773bc39151b32f586243de61904199bc7f5
+	C = 0cbfcf0a7ca36426ba3f666eb8725438e270d5567ca2f72ab157eeedf29db7658c114f301a789cb9fc6164caf68c2e32a75d7b08950c7b
+	reseed counter = 1
+AdditionalInput = ab6ecd1d55960d7d4555063c7b9c971193ece711556703466895df88115a9eca
+** GENERATE (FIRST CALL):
+	V = 5e2fc057b77125b4ed689fb708faceb243b4ca841a2834eb3c92dbdc3a7eac52af53de6f885ebac792927504eb23209d3bc68f7acf7128
+	C = 0cbfcf0a7ca36426ba3f666eb8725438e270d5567ca2f72ab157eeedf29db7658c114f301a789cb9fc6164caf68c2e32a75d7b08950c7b
+	reseed counter = 2
+AdditionalInput = dd785eecd3b7a5be50ba1bfe893af9939533bc6c7df054f6751b6f1a0e5b41e8
+ReturnedBits = 3027d4441a0da4abbabe9347186d522a9cd25719393c90de270ba09464a6ecb2a30840d599b6cd8b982227aacd03759392665e1cc07b2d6cba8b4f6f9228d109bca59de5358436a2e181ede3c67746bbd7d5ee75b88b5fbd309c6d90139812a0f2aeac82f6210494a3fe729905565cee4230e8fbd132995aadd9506dcc9535ab
+** GENERATE (SECOND CALL):
+	V = 6aef8f62341489dba7a80625c16d22eb26259fda96cb2d1c5d5a15fac888272cca2023b69bc3a98c948c789d8fccc37bc0eacabe257adb
+	C = 0cbfcf0a7ca36426ba3f666eb8725438e270d5567ca2f72ab157eeedf29db7658c114f301a789cb9fc6164caf68c2e32a75d7b08950c7b
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 1d6953239ae8f6980f19aeca187049fbaf5ea27334b8caa7ce7471bd488cd624
+Nonce = 337691da41d45658234d1992ddc00298
+PersonalizationString = 
+** INSTANTIATE:
+	V = fefd8fb21013705be995658519398324292790cfe66424f9e20d55f809350b667e3a27e5a61fad85cb095eb91843d7a0b13272c3811821
+	C = 4e225bc0b7257e1361c04efa1aaa02228f2d1972e74148e2eb40c34b4ad3694d0206f537db0d8b772f9c1cbadcb4c65a12e26fca2f4866
+	reseed counter = 1
+EntropyInputReseed = ded3f3c83c47eb77c9f218ace1e22e4695fd66c1cc69fe9e7f1168f730cb0fa2
+AdditionalInputReseed = 82c1d29b935feaeaeb291097f358d213422d118a137fd25e6297d16527cd708e
+** RESEED:
+	V = c67206f72ab99da61799770e5754259a1f90d76facc3a6358c3565cc01313a99b2001e29f06d4097208fdba4e76df7169c22f7457ffe3b
+	C = 5e709bcc1538f37e665320f3ce9704df1765e5c6728456b5072f9ca2a1bd31fcc41e722b202b27b14556a4f42a75faecec7de14e4637bf
+	reseed counter = 1
+AdditionalInput = 941c1461d93525061b06c753cc8e886cd2126daa06b85f893db47034327674b5
+** GENERATE (FIRST CALL):
+	V = 24e2a2c33ff291247dec980225eb2a7936f6bd361f47fdcf5da6d067444c0ddd39d39ab70572b3bc7ba69b5a20d8f85182959083d71e57
+	C = 5e709bcc1538f37e665320f3ce9704df1765e5c6728456b5072f9ca2a1bd31fcc41e722b202b27b14556a4f42a75faecec7de14e4637bf
+	reseed counter = 2
+AdditionalInput = 26afa77144c05ef3c07bffdfb9750d394df1be3ad405e949cc0c775b697e5c64
+ReturnedBits = 67580bc36c551f2c799d54f25b59df9a37b07293b683d832638332829e2aa8930bc51abb28db1733b60476feacdb0b0dd6e80c29b21b74135507eb0e547c8917b9b48d557236b63eae25f56c5bdc215a878e4dda0cbe1206006853ef8559246c4f68b690406f8fa173a45a2cf46b2d2214857b08d00b7a3beee76386f8e26d12
+** GENERATE (SECOND CALL):
+	V = 83533e8f552b84a2e43fb8f5f4822f584e5ca2fc91cc55984666e6625490f741f50e92a8cec92aafd8a53b658bc6e7f88442999fce7cbe
+	C = 5e709bcc1538f37e665320f3ce9704df1765e5c6728456b5072f9ca2a1bd31fcc41e722b202b27b14556a4f42a75faecec7de14e4637bf
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 4e2c4bea0d3d0ab42f53318a2a654c7d142af8a721e7c22d79c0b64cad4b8c13
+Nonce = e9942208c6caa52f48da86340724631c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 97ba523be487e35ce5539882d92d09d9d83597a83c447aee4580f0e4b1624f1568d8f782244bae6734983cef764e6bb002197d693adfbb
+	C = 0e31edf1e892dce749acbb987c52925b1a4a6d0746579e917555403079a91a83deed0d3429e14a3a3b755ef8096a37786ab8689f8b00c7
+	reseed counter = 1
+EntropyInputReseed = b0419fa1436c74887a4da9c42dd85d6b1efe5069adf5dcfed390168999c82434
+AdditionalInputReseed = 756cf5e3707d82e0956d22f4c95b451678415212f3f95ef70fa9ee94581237cc
+** RESEED:
+	V = 65196ffb30f1c7bc73830eeaefcf2e1448d993f13d087d190b020483d78bdf9d2e060c29979b69a7b0aa80c12f2274c98f85869b0e239e
+	C = 74a2734872df726b5677c8e503f55d70828d10ddf66e8b50b7e08aa7b479fd9936650c01e6c1a168563eae9fa7341c060d9ffc287df537
+	reseed counter = 1
+AdditionalInput = 5f8b379a9ef3735d837a0a805b39d251a4e776444cc07cd5ac144fb1f2528e7b
+** GENERATE (FIRST CALL):
+	V = d9bbe343a3d13a27c9fad7cff3c48b84cb66a4cf33770a0fb8d2fdeab695cafdd97afc3d94100d756c0810adb06c04b7854626f00bb21f
+	C = 74a2734872df726b5677c8e503f55d70828d10ddf66e8b50b7e08aa7b479fd9936650c01e6c1a168563eae9fa7341c060d9ffc287df537
+	reseed counter = 2
+AdditionalInput = 46659ecefc84e4cddbfdd159aa2c962687e1bc20782a2bd1a85ec70d65e5ee04
+ReturnedBits = b8f162db57229d05b56b9fc355e08ed19a9c0a9a61ff70a79da4cc0037c6ce336c546e618075a4c3fa80d06b7c070dcf42cfed6e4c2c1fcc74a4a0b8af40ef12707f2d9efbdbd629355cdf073e8fb5667f806c78a6cc3a584dff185b5b1d77ceb2b684deb00b3d2ddc2725244e03d331480b66f44ecf0dbbe8660a51cf569fbb
+** GENERATE (SECOND CALL):
+	V = 4e5e568c16b0ac932072a0b4f7b9e8f54df3b5ad29e59665e11e351f891bdaadf6af1653f9280c99f99bf12acb5a5198503f35300b68a2
+	C = 74a2734872df726b5677c8e503f55d70828d10ddf66e8b50b7e08aa7b479fd9936650c01e6c1a168563eae9fa7341c060d9ffc287df537
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 1c06eb29f572af310821115f3f57b608f0f224182813cf99c11bc64ea7d7313b
+Nonce = 23256f5c568f1527f8399cb112f8a138
+PersonalizationString = 
+** INSTANTIATE:
+	V = 66df161f806b88103974dbead232380ef538e112edbd0133bbc75c9ae357dc9d27c7bc409166fac8fc45e2065fe58aef61277e49dffc4a
+	C = a87651abdf2af528b696bc0ba9183c1e274f59de2b22762a77109dc33e3a9e7ecb79f4b1470f37738452c717b070b70abe138a28ace3c3
+	reseed counter = 1
+EntropyInputReseed = 6451f80328d7147497573bc48c1f7d018e8e8ae36600183cd480e5bf7597f056
+AdditionalInputReseed = d19b33adb45943d6eb02bdac9a92b4bed7f43c87d1217c86e7e38b0ce535fbc7
+** RESEED:
+	V = b9ce840548536a6fcbe9e60f1f3d2d7e67235eaba5c93d27b3e43c6efd54ddedd45b1e72831b80250fdce5c3588ec00338df5567dd45b2
+	C = 82777e2b3f57ee65f057cfd7b543abfefc24a848bd5a3d48c066c7aa93a40253c9445b3d94b06a358cc0e740fbdb75171a29983a34042b
+	reseed counter = 1
+AdditionalInput = c89e7fb1a441e0438a16ea8a33739a99b47be6cbcfb179f9e2c9dadad285e3f0
+** GENERATE (FIRST CALL):
+	V = 3c46023087ab58d5bc41b5e6d480d97d634806f463237bb623e4e5a8fc6eb8fba928d4f966edaa68f335d8f1785d1998541608ef53c190
+	C = 82777e2b3f57ee65f057cfd7b543abfefc24a848bd5a3d48c066c7aa93a40253c9445b3d94b06a358cc0e740fbdb75171a29983a34042b
+	reseed counter = 2
+AdditionalInput = f73aaac7a3b250f76c09c6b082b0a7e38a82fa467a6a58ad91da6edba8f55afc
+ReturnedBits = abf041573b722b14efeca6912d5df93e9b5d762cbd64829afa3390d6668e47d761b1a799e3b05b670045ded5cf040a95d6dc797bde21ff6272c7fb2ce6b52b1a9d2ca09dddc8a85dc0bd7be02c186b05d119ef6279cac636e275388c82724e6cb99549268e20f2d294fbb88f07827561cb498d4bca57efb475bdce0030ec6902
+** GENERATE (SECOND CALL):
+	V = bebd805bc703473bac9985be89c4857c5f6caf3d207db9eae033cf9f7457f4c56f776c7564e24e18fe069d9e7d85f40ffac7db8f2aff75
+	C = 82777e2b3f57ee65f057cfd7b543abfefc24a848bd5a3d48c066c7aa93a40253c9445b3d94b06a358cc0e740fbdb75171a29983a34042b
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 803fc7eafabe56158c73d966204cb3cdc735595000bcd056a0c022791514aa55
+Nonce = 060a0f3900d5f4a288ae9760df85813d
+PersonalizationString = 9ac632293ef7d862d1f299654b9904175ec9879ac43a1028cce0c9439a31c379
+** INSTANTIATE:
+	V = 8d129a550b0abd56ac93b80b6e147f900e71a6e9538e6c18f68fa39c1b32f9bd693ce1659327bce0301873e5ca14f865b1637f071cdc87
+	C = 8593b7969792d5dc214cc608ea0d3dea31adb618d22440aba7b8f348ba79a292694cacb1189e03ec1b50751268b275c2214f72939d69ca
+	reseed counter = 1
+EntropyInputReseed = 0a2e7f9aa526e68b37c81c6b494975fe4c488a02c0930312623ac9b85147698d
+AdditionalInputReseed = 
+** RESEED:
+	V = 9b79e46675e4db2a95a11063c81aa5bf53d2eed6c04e76a91da4f1cb7016d2ebce1fd894c5f8251d5f4484e01adaf0e768b87e071c634b
+	C = 05352c308eb383e54c2f1780d169ab3d5617d9414063d2d90a884d53fc29ed3926f6cdf211779339e6b997058439f78f4f8ea8d8dca16a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a0af109704985f0fe1d027e4998450fca9eac81800b24a079235c60c2e674e72a807dfd63e387834112159599a70a530c274e77a2da411
+	C = 05352c308eb383e54c2f1780d169ab3d5617d9414063d2d90a884d53fc29ed3926f6cdf211779339e6b997058439f78f4f8ea8d8dca16a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2ebdaf63a1b3d4310e01426105c34be99f5bfcf94f577d01dff73403198f51144e5aa79d5528cb2e4265bab42f591c1590b8bec0414cc8a209952e426ef88351bbe041172a7f1f7eb81e1823f6fa858906e6a89f857f2a7021c9b348bc0c9f1daa779e6b1afe2319fe3a6162d2fdc23883dc45db64400eb5a8d7a2376444a099
+** GENERATE (SECOND CALL):
+	V = a5e43cc7934be2f52dff3f656aedfc3a0002a15941161d8743be6a03025da621c384176a71a1ab6005732d6ff64569df430f1f5cf9e202
+	C = 05352c308eb383e54c2f1780d169ab3d5617d9414063d2d90a884d53fc29ed3926f6cdf211779339e6b997058439f78f4f8ea8d8dca16a
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 12460c950d9385c8b37a9f82c49d1eafc8ebf617dbff0f091f2f9940e52d6dd4
+Nonce = 35eae10896e9eee913f393c757f109fc
+PersonalizationString = 5c8e05cd8311cbf986a5828a3616a1436df70b25652e47eababc5441743974c8
+** INSTANTIATE:
+	V = bbfdcdebcac7eefbb6f3e99c258f3d2c448da2aa7abd586933c23fb3e2ad6be130fb6c81b140aa4228c265fea4bf6c71f607979359d7b6
+	C = af4bb5f1793bd54ecbfb4828fcaf6107125ac1506132d010a1a32c9fde7f296a085a6ddfe6a699854a376ab0e2ed80adae416592e49585
+	reseed counter = 1
+EntropyInputReseed = cc0174077d2c210c671cc93ea9febf3165ff63d5493f385828bb5f09fabd3676
+AdditionalInputReseed = 
+** RESEED:
+	V = 480007ee026d147884fdb955c7dee1a9cbf7af0b08c437f22a3585b7e268ca27a1560f4da724f0b7ea915b686402f26b8f00d7cc43b9a2
+	C = bb30c49eab5c2c0b90ea4f9048fb6101f234355aa45e49d4a5e753ae7fcada2c85f16f8e0e95721e8821a7529c785cb06b7f0b52838ddf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0330cc8cadc9408415e808e610da42abbe2be465ad2282299e70a1605fb13020a8a3ca69206f9cdad08843c60120753717c68c9a00dd6a
+	C = bb30c49eab5c2c0b90ea4f9048fb6101f234355aa45e49d4a5e753ae7fcada2c85f16f8e0e95721e8821a7529c785cb06b7f0b52838ddf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 91a504055e6b652ffc22af49bfc08686771a9c67a07d97e5ae64daacc2cbb629db3ea7c793e1dec1cce74f7500270515e86a0ecd1f3b41af739fc7bb8ba0897e6d4335427e70af6ea9793d56bb35f7f1e05bed102359e1c2499efa731d6234206b1275d45bb659072a722e20d022ff6f59d6f092e0a558df047a11b4bea66834
+** GENERATE (SECOND CALL):
+	V = be61912b59256c8fa6d2587659d5a3adb06019c05180cc19971dbb8e36171f464bbfe43847c09b2b81ecd8c3c8f0c0685dd2cd5023e636
+	C = bb30c49eab5c2c0b90ea4f9048fb6101f234355aa45e49d4a5e753ae7fcada2c85f16f8e0e95721e8821a7529c785cb06b7f0b52838ddf
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = ff52088d6472d1791f3641c6d30b6e3f453017fbc895a051de085dc711fd75a8
+Nonce = 1ba09cb3be54a9c2c7dd39896a3beec6
+PersonalizationString = 128adb63d9c02f1d56c2a32b516c794f99baa4abbdd7758d82bafb5df6139461
+** INSTANTIATE:
+	V = 64d04d9a727a5032abc03f43d2e1584fc1e867f45c3bd7855e5602492c70cd2a79310409ffe4d899864c291c8fe1becbff8259f76bdfeb
+	C = 7db2e92d6dc2ca7f1104adcd047e761f1b36bb274c0d681b04832eac7e886a71a74025af8e9f1bf00e30fb554710c4a7052f39b0f437fb
+	reseed counter = 1
+EntropyInputReseed = 51003589f885bf5e7461a9bc6c9ceb52f46826d453189fc46ed08f370743e65a
+AdditionalInputReseed = 
+** RESEED:
+	V = 3d4edf347cae7a6ca1b626a204b3d1cd65e380a8217572fbe669b263d21dffd5b387d17271a4d8a443a581086897bc5345eb8f5805ea84
+	C = f6a5a25fbfa9647a61b37709a489826c0cdc4d5e6608fa36f2a106b87c8f0579d7a977c8ad87ff7f0609e44f81a61823907d753e0c8334
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 33f481943c57dee703699daba93d543972bfce06877e6e279a227076859a6ba688cfab9e213122ab31bbf0d5345450b891158df8aaaeea
+	C = f6a5a25fbfa9647a61b37709a489826c0cdc4d5e6608fa36f2a106b87c8f0579d7a977c8ad87ff7f0609e44f81a61823907d753e0c8334
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a24388db24678745434e5b41b76685d5bfe89e1200dd87ab92c1a1312b6485e96c4e57ffd9699ff3347b3e0e962b8407e987e5fec1f12e201fcf4ca9ac8aa091a87241ed3d27741ed89838350aac40276539ac481c16c9d69616ab43ae25916d19e51b8b98a226e8ca852e1e3819efb644ab8ee2cb31ff836fea206e9a09a26a
+** GENERATE (SECOND CALL):
+	V = 2a9a23f3fc014361651d14b54dc6d6a57f9c1b64ed87693c339a7843477a97d77b5d2be45c6798a122c090627b09255210d56006800005
+	C = f6a5a25fbfa9647a61b37709a489826c0cdc4d5e6608fa36f2a106b87c8f0579d7a977c8ad87ff7f0609e44f81a61823907d753e0c8334
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = ea35aede92889fa3c711023e899738a2502860562973ee3c75ec33d9710a106b
+Nonce = 2d42be53a54f298cf47383b27c8ffc89
+PersonalizationString = fba36c00744ab922037fb900a200604acf68d361bd95e36f759bd11e576bdf29
+** INSTANTIATE:
+	V = 4064e1bf11b57883fa9a4c3b7ad6e7407318c547a46c231abe6f18b53cbeaf38565831695e97793ae42ad04552ee94d618f84bfa147586
+	C = ba853945c12e0b7113999a41302573a2b0887284d24aaee68bfce05ff2cb1b877af50165485875367899daef3b0a0f773b21909ae7c072
+	reseed counter = 1
+EntropyInputReseed = 41a830c067ee02cfdf74c8973cb433ccf0c128626c66c6040719e5c9e67b05e3
+AdditionalInputReseed = 
+** RESEED:
+	V = 048b6951133e085a864aaa96ebbee12a87b9095f9e270d9081a7bcd223e005ee10158995651892f776727c040c91c1396a369788ddde00
+	C = f5a261b18f3a980c0282c08e9cb18bdb83d41bf33ba3d6db5fe78bcf47ec01751c48554cc79f27fb2704b8427b1b4fad3e4a5fbfa9e9f6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fa2dcb02a278a06688cd6b2588706d060b8d2552d9cae52da42904d0fce94ac666fe88bd9caeebd7b2bf7e19cb0c7740a9f1032f5bab4b
+	C = f5a261b18f3a980c0282c08e9cb18bdb83d41bf33ba3d6db5fe78bcf47ec01751c48554cc79f27fb2704b8427b1b4fad3e4a5fbfa9e9f6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 00fe7791d0947a30bf1230bfb83557939feb381ce37067ab07a99f1630e24c5bd67128491e39b840332921ced88119f826573de57022e36369c7a11fc180c453f149fdc3972ee5754f8350d9330a9b455e1128e059fb649af280984786051bf158a5022652209e53a10af353f8b210e0884e8ff18b90f4e8ebcb12d9432d9a55
+** GENERATE (SECOND CALL):
+	V = efd02cb431b338728b502bb42521f8e18f614146156ebc2a5f560fd5779049ff65ca344c4d28c25ab693e54c5ad1a80af54373628ef09c
+	C = f5a261b18f3a980c0282c08e9cb18bdb83d41bf33ba3d6db5fe78bcf47ec01751c48554cc79f27fb2704b8427b1b4fad3e4a5fbfa9e9f6
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = e92a31edd82c952e8a927e56a4c91ae2c3b48c5c16f34245791fe6db26377f4e
+Nonce = 2cc03ba3f614d860d70bfb83b315d192
+PersonalizationString = e749001e3d910d13576e65ab6f01f0d6802f9c0ec58c01a65f6c96984df872fd
+** INSTANTIATE:
+	V = b52e0ed87a629c81466a22e3bfb4185506a0b8ca100b36d4d4fcbe29768eece9c0ee2c1c877ba4bd90b3ad80a308af290d9289a40b473d
+	C = 98da51ee805fed71cb568ed3b0fe727008d953055034e52ad415b14b57f838e2fea28a9acbf04ab8ae2ff0c0ff8a49de3eea18a35f8755
+	reseed counter = 1
+EntropyInputReseed = a2330629b0b0053f13d17570bc941f747ef0d98c612e8d0c854297326754c17b
+AdditionalInputReseed = 
+** RESEED:
+	V = 6e36095772bc39a555172992d5638bd5fd62f2b3f44efa1034d980b83943082a6ab509f3d5a9327489f74527316d2818f41d2645efb2db
+	C = 2f3b4742d5e3d2dfac9491259baaca2ef81b2a72db2317ba212cc4f6ef437b42345f1c94860f3f208d47cd5bb4959a2390b4dbced2892b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9d71509a48a00c8501abbab8710e5604f57e1d26cf72121ca931c9b1be390e06a9a78d90ca978e88c40b2fd30e69d15a8382e388debef8
+	C = 2f3b4742d5e3d2dfac9491259baaca2ef81b2a72db2317ba212cc4f6ef437b42345f1c94860f3f208d47cd5bb4959a2390b4dbced2892b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 41edb4dc68456acb1d2d1f802d58843bc9346e827c497848c758ca867ac144e723347a5334a8a0b817a7f38a5db10973b57855753acaf302e0cd1b161bd86ab7a2bf39d1279cb2255a47b4e24f49b5b798e3588b30e4e4799ed05d4bef20f1210edb5940ee49b90657a1a7c04d22875f44c2c086447079aebb5ae262d0c4e0ab
+** GENERATE (SECOND CALL):
+	V = ccac97dd1e83df64ae404bde0cb92033ed994799aa9529e7911e5ba5ccbc0e8dbbc86c40d77ffc2e60fcda28e9ae88af0335e139fcc44b
+	C = 2f3b4742d5e3d2dfac9491259baaca2ef81b2a72db2317ba212cc4f6ef437b42345f1c94860f3f208d47cd5bb4959a2390b4dbced2892b
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 8bf2d53de988404d7d62a8535ed038e7e21a2b634841d65d4d55f9bd0a9f0847
+Nonce = d93a4637ffecfd0ea66d0a95cbd6e3f1
+PersonalizationString = ea193e6fea5fd0d81ad66a4eaa20b327ce0884eb8906cefce14c2cd0701e6a9f
+** INSTANTIATE:
+	V = 87b28b8169293d75076b208d76b1327e755f8d3b60f08cf3513597d0cd7ceb440473e947dd542210a774435a75e5b4e6f739558475a9b0
+	C = 7f3e3edaedc65f28c1d8178e7d9d2bad3bccbefe1af4166fee2002caf8eeb4eca7d46f11d83962a1814b558e891a85019c57f3bff090ff
+	reseed counter = 1
+EntropyInputReseed = 77cf6d2c3bc08a67453d3456312203ff6d4b4ccbd11f948d5a326cad75a2b84d
+AdditionalInputReseed = 
+** RESEED:
+	V = d9384094ba6cbff749e5cd1abfc560b3e78bee6d8591f301a5665e6182f220bfde980951ad884d64843c304b88d9491d8e029d8f63130b
+	C = c33a631ee586af2025d7dc47981cc646751812f9728749e480f338fd3b378d85bdb06917a73894ed875bbbd9503879e0345c687b0c3930
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9c72a3b39ff36f176fbda96257e226fa5ca40166f8193da4a5daf75bb8f3f7d5597db85eb391a8e1c7481c4d77d03371df29c1985aebeb
+	C = c33a631ee586af2025d7dc47981cc646751812f9728749e480f338fd3b378d85bdb06917a73894ed875bbbd9503879e0345c687b0c3930
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8a8e4f2c23f420e018aba894944be09d717329b18b9a5f2b757f3807fe23da8329a37556562af0ccf1fda225e2241c9e290e46be1f9346cc15ce59289f0ea1989aa60d9972204af2a832533f56467bc28b515bcca20ec67938b6e9ef86efaadf506ca38f888b345f2c915d0020019c7580ab6df4fb058e09c29ddd8623b9aba6
+** GENERATE (SECOND CALL):
+	V = 5fad06d2857a1e37959585a9effeed40d1bc14606aa0884ac01ad7dd9e47b84d030f58716674f14782748c557d0ca575b77a9178967c11
+	C = c33a631ee586af2025d7dc47981cc646751812f9728749e480f338fd3b378d85bdb06917a73894ed875bbbd9503879e0345c687b0c3930
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 173bb659d72f18d689ad44092384e62470baa3f51a834e1d86491bb9b8e90619
+Nonce = 2cedc51f0d9f4f61b593ff133a8aeed7
+PersonalizationString = c35688b71247e6048abe72e64b023b085b070ae6c53b8dd82a9ed6262c38c363
+** INSTANTIATE:
+	V = f0ecefcd35cbb5377f24078220502fba3833498f5e685701677d122f5a4ac0435b97c1e44de97c9bd1225c795cb0711d2ef28a7fbdf0e7
+	C = 7d137ea72767e0c1fc7224bc8049f854aa6d0ed0485d5ad292416ba6d070de4aeb4282fa6a32a9c46c93ac5eb4badd20e9756cb2345442
+	reseed counter = 1
+EntropyInputReseed = a3a121994db6d3691da581c684757556ef76e60836474882497fa89a63c3c312
+AdditionalInputReseed = 
+** RESEED:
+	V = 0fb5778d58c9101450e8498beee66e66d574775a446e084733a4573da7da18c5fe384cc2f3adb23111b8b1535a9c9e6a871bbaac787e6e
+	C = 420c1ef7d0112ccb426dc03882cf5e3dbe00718abcfa147874dd355d83e232e17f4e0a5582c5c993adb27061560f2f6e1bb5f5c8a03496
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 51c1968528da3cdf935609c471b5cca49374e8e501681dac5dc4dc08a7a076bd529463ad29a9073fe6db288d5a8c664253ea5acc6a5cb3
+	C = 420c1ef7d0112ccb426dc03882cf5e3dbe00718abcfa147874dd355d83e232e17f4e0a5582c5c993adb27061560f2f6e1bb5f5c8a03496
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 316534a17c44e1ac221246a12f3b131b22cc03dfdf095b242bb456d795403e18f38ea746f0735220a39668521d20ac3497c82c2f3591be293369ea63d6a8b716b7ec1041d961d48477c40e353f79bfef961d97850507d7bfffeffeb26ab0c542a6d889a0050764dbc9d2d7a3e9d712228f2c8ed38dda52acd53d238e0210675a
+** GENERATE (SECOND CALL):
+	V = 93cdb57cf8eb69aad5c3c9fcf4852ae251755a6fbe62329a561cd6a05dc756f4b9a4137a5716f2166a0cf30ab4c91ac663c71e972c4949
+	C = 420c1ef7d0112ccb426dc03882cf5e3dbe00718abcfa147874dd355d83e232e17f4e0a5582c5c993adb27061560f2f6e1bb5f5c8a03496
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 5abb86af34b08520ab41d07c810819942ea59c5e73a579955834181788fcd03c
+Nonce = c066b4cf31eb9c6020aa17a5e1148fac
+PersonalizationString = 1a26290963ed0a3c511a256b0b5de7c2ac2de106ce849f795940aaa946a073a3
+** INSTANTIATE:
+	V = 73e169fee2d57661cf6f3406f19eba8888cd1f28ddc66bfd1201e58d4211ccff2b14ec9cf671b7f942dbe491553e16a75769fa9eebc945
+	C = e7f14cf736096a8fd14f258cb8f1321163c14b29024c7c2794a9436390253a039b47b01d1072854bd2c4ec85919bf6e41fd32ead4eedfb
+	reseed counter = 1
+EntropyInputReseed = c75c311c7f595057d0fb3ab53509e2104ee2aa8afe271980d538378734a7dc4b
+AdditionalInputReseed = 
+** RESEED:
+	V = 13451f0585214484388e146c4280c5faef0fb43bc48ce7077c93596cd3b56dd3dc898c89cba7c1c3e7f57dc0c31e27fcb05fa75115ce54
+	C = 1b92c6fb65209d0099b031f2af0176989bb4fb073e4a427de89e5ed02e0593f9a8916241b90062191d46ab7a061b9afa56875dd4f5c864
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2ed7e600ea41e184d23e465ef1823c938ac4af4302d72a847da1bda6082491951f74d14c3bdfac38c59df38a492093f206e24f10047785
+	C = 1b92c6fb65209d0099b031f2af0176989bb4fb073e4a427de89e5ed02e0593f9a8916241b90062191d46ab7a061b9afa56875dd4f5c864
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2964d4542db17ce7afad482f4d84994c8b7e00813092d578fe8541c46ef5ac19d2645370f48f983e52a1525f330a9a7d78fc56c4169863b180e74b4e6dcde31d19dc4b5a2f2b5af0455c899291c0ccba8cbeb0d0b13358261349098d154e015a4dde2703b521e6c5ad3bf484d2de3fa2fd6faf059bd94ab6dec90cd2ce5b5eba
+** GENERATE (SECOND CALL):
+	V = 4a6aacfc4f627e856bee7851a083b32c2679aa4a41216dfbc74e408ec3ac6c7b1a724c337071848cefe0db681bf8baa14926c08eb9a046
+	C = 1b92c6fb65209d0099b031f2af0176989bb4fb073e4a427de89e5ed02e0593f9a8916241b90062191d46ab7a061b9afa56875dd4f5c864
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = ea0f9e0fb843b629acd1524084244a2f3eb6665f2d3a3a03106437963919d24f
+Nonce = 7a8bb287860d772b23073b501fc78cce
+PersonalizationString = aa42602b8d15ccf5173b2e0a625d98901478e5d7ca251331a13f45b97d2bea8e
+** INSTANTIATE:
+	V = fd83e3fbde2f0f0640b3e3cad719730bfe86a9c45934ebddc7c824cffecd9a53f69171a123839aed4ffa6809509d6704fa9ea6064b8480
+	C = 7767a19321502c7462c387314cfc607c255e646692b89416b9778e0cc069a043b65ffdf645a05b0b71196d6f92e86332c304d9d2cb4c5c
+	reseed counter = 1
+EntropyInputReseed = 202cbc8116d3455084f6cd216a7171285ee89e3db0fc0bd2e2d1dd69e3c5d08a
+AdditionalInputReseed = 
+** RESEED:
+	V = 9d63a94703d6d84bb4585bbae938fc6854b43365c96eeb319a40136c240fcb9818835f7406a239016c7298695806e6fa693b160c7e280a
+	C = cf9de32704b60c1a0533c07d6bf1dcdcf616da3faaf37112434aab226956530b3853083927dd82aefe6dae1e33f98c8e4c60e773d40ff2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6d018c6e088ce465b98c1c38552ad9454acb0da574625cb902435ee5581cfeabd99566db2ef4b291b4af1ed2c80ae1ba8de84e106d6cae
+	C = cf9de32704b60c1a0533c07d6bf1dcdcf616da3faaf37112434aab226956530b3853083927dd82aefe6dae1e33f98c8e4c60e773d40ff2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 95d32d209ccbeb7897e6240e9f0eee52230a1990085fa148db04fe1736841393252d08344568c91f27f3f50c9aae04104b05448d8fdf46068c30943db96546eebe78fabf34496a00de2166b8dfb163456b597ee08b12f303d216895cae627eaf00d37d205a9956da93b071b2a0384e8e2941e8a75cd2a26e7e0b9634b784a7a2
+** GENERATE (SECOND CALL):
+	V = 3c9f6f950d42f07fbebfdcb5c11cb62240e1e7e51f55cea2c9ffabdfd04e72d1b1216b1c7ef2eb782a70a3e824a80a109da15b0204e03f
+	C = cf9de32704b60c1a0533c07d6bf1dcdcf616da3faaf37112434aab226956530b3853083927dd82aefe6dae1e33f98c8e4c60e773d40ff2
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 5ee8ce2aee2627e865f4e8f2e943bdd8e57388aa8cafc860ac5b4aa37a5a9db6
+Nonce = 1424e610d8e8078f721940dba363627c
+PersonalizationString = 58303f56ea4a614ae3b51874a7e0dbd772848715085de6dddc3dbb55afb50bca
+** INSTANTIATE:
+	V = 903abaf097cb3fa4bde8e2bd9a0ce578911f16c8133ea1a2dea2730fcbb3bd58009b26d776fb076eb68512fc3ae7ed475ecf7543ab516c
+	C = 7f1ab0a1de7db03b61c1f92697d72b7ed7ccf45f08924f0a18831c34db7e28f40c0fe67595395caf41838cfdca857704d236d1a15c5f5a
+	reseed counter = 1
+EntropyInputReseed = d8880643e9a1a57672b0ef5cee76c34d8664d29f9e0edbdf995b0d856d3d2430
+AdditionalInputReseed = 
+** RESEED:
+	V = 8e6010d9ee37a8e4c03edd912baee90fe1b4a869dad56cff6e8945db94899f78f95459571acdf55d440e52191d93aa8a2ff6ddd29398a6
+	C = 0a19f430cda872df667a70ecc293ade27957c7a0e72389e31f637d5de50d96c2a1c04c0a9d15117e8e1d1fa41b385d551241708948dd4e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 987a050abbe01bc426b94e7dee4296f25b0c700ac1f8f724917e0a3e44b304c44d8fc56936dc1baedda77ab05e92ed112c35a0dfcdc062
+	C = 0a19f430cda872df667a70ecc293ade27957c7a0e72389e31f637d5de50d96c2a1c04c0a9d15117e8e1d1fa41b385d551241708948dd4e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bd3d0ce728c3f762986cea941089e7f485e1d5becd5bcfdfb7449677586b9ab41651cd15a135f69141d156e8056a973310b510f516e6fd29ee9e0b3c63f6d7bece4b435e7ec9e294790737c2f3afe469e6d8423e09f2a5550713fedf9fe74e7316963c2387281828b289a7e3416a82faf741ef749011240861686e6e92d9102e
+** GENERATE (SECOND CALL):
+	V = a293f93b89888ea38d33bf6ab0d644d4d46437aba91c81ee30e4eba28db3979c1d1a2ffff30dbe4bf7eb09d3721eb624587ad0b478bbf8
+	C = 0a19f430cda872df667a70ecc293ade27957c7a0e72389e31f637d5de50d96c2a1c04c0a9d15117e8e1d1fa41b385d551241708948dd4e
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = c0e632dd2d50b11fcb2bb6ad2e88a88530730c4aa2afb7f2f3fe231829360ef0
+Nonce = ea6c50d022cdd7c1cc928fa3af13a910
+PersonalizationString = 8f9276e10df4215c0df5c52be0c47500d6799b6152a7f965b9166916626912ec
+** INSTANTIATE:
+	V = 102a2912ce0412548d7835c9ddc3a48b0a0421b90bb9e40c8977dd32b7a7d6659048095f6da813fae38a9eff263b963ba039ac0f648d7f
+	C = 1a0edbf6b292b23a95ee684d6fb38d1281c130e7e6875636cb5278fdde1a3c293f11264cdf49caf813b1ecfc7c91cb9ad90f17cc016a68
+	reseed counter = 1
+EntropyInputReseed = 01e6ee1646facc2fe6da6618b42e29c1850b40c0900d940d69ad3f9e2a142118
+AdditionalInputReseed = 
+** RESEED:
+	V = 8a197a5f77c10f2d0c6f031aa856f7cd4bf1c88ff5737e5198871cc52aa17408cef18df26cab31d1cfa813ec65ee3c56ab54066431ab3a
+	C = 288480023dcb6e7390aff9bcec8c34f4380af0819110463a575e54a89d6457f364051e38b603e458d06b4d49c0d3c821717acacd829c42
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b29dfa61b58c7da09d1efcd794e32cc183fcb9118683c58bbc038f1f62036fb1bf562c825d0f0f9e60daa5826fd817e26d0864c0ee4e81
+	C = 288480023dcb6e7390aff9bcec8c34f4380af0819110463a575e54a89d6457f364051e38b603e458d06b4d49c0d3c821717acacd829c42
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 532f85324a90884fd76b22aca71e2196a507c48a1b69c75fe43204bca2abd27b9303ea273e06866590e04e30c0388858e753d7a0617ef13d39937a89bceefa1f93c090a95821dc905ed8aebce71a984275a92b7ad20d5c7d7848479e67b508c4be8e36fbc804951d69a4a324a1db0d0f08caedcad7525c07765064b242626860
+** GENERATE (SECOND CALL):
+	V = db227a63f357ec142dcef694816f61b5bc07a99317940c96355cf2daa58ea58e910a551effd5d12e47e25f437f5448b492f9a31c52995f
+	C = 288480023dcb6e7390aff9bcec8c34f4380af0819110463a575e54a89d6457f364051e38b603e458d06b4d49c0d3c821717acacd829c42
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = d6d5f9fb504eff45fa5af4431051b4e4e94720a43ace680951db5eb9f2a02c01
+Nonce = e07db4baec9bc979921e35f35429b629
+PersonalizationString = 0c91279bb5c63f0810f71b535db9f5f52b57ea9053fbc097e738571c5a8dbc4e
+** INSTANTIATE:
+	V = 7fbeedae32418ee0f2b74aa7b8dff67b00f1a7cf8ee0b122f373425607aaa0870c120022b162ea384607230fc89c5f0b7fde3ebc80ef46
+	C = 2cdbe52529ce23fbf3c75319c23756965a599478abecad3b95cc0cf2826ef457b2ea1bf34e2607a5697ff131124da3145dcfbd110284d5
+	reseed counter = 1
+EntropyInputReseed = 9ba2986819ccc3c510dca6498bf6613de1187666f9582dd174b8b1d64ded0a1e
+AdditionalInputReseed = 
+** RESEED:
+	V = 7c2b10f8da25ce68497e49777060e935b5ebc58f4f29c0831135db660e9c807036b2c87a4c94a282cbaf2ecf2fcf562c314f114fe5b941
+	C = e84024169e2c67401be0dc9193476664a7d5f493b746201f4d278b53f648cf6d9085f8a67467d1fa42e13abe113535702940af83946665
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 646b350f785235a8655f260903a84f9a5dc1ba23066fe0cd37ac4fcd20aaecd15aefaf2ffbd11f619265d11e055902e1bc858e71c45171
+	C = e84024169e2c67401be0dc9193476664a7d5f493b746201f4d278b53f648cf6d9085f8a67467d1fa42e13abe113535702940af83946665
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 45b13893cbe4549bb83cca22d3113bc58fff4f7e302e937a8ed5bbe6e7e7aae97dcc8d660461ad75a884be79ef2d3a0df1a4fc11d76e7955aaa616c900ad11b498f91f2ebed69e405e4b6fa3c48a0a83ab2cea5f0449b3238df5b2e10aae496a74e5ee71d2a2f7309b8d5491bf2b29ae03404c3fe75fe2f5e249b05e921a5093
+** GENERATE (SECOND CALL):
+	V = 4cab5926167e9ce88140029a96efb5ff0597aeb6bdb601d34ba3c410b293a63ae7332e22eb71daecba6fd3128147b9fea55cf6867e05cb
+	C = e84024169e2c67401be0dc9193476664a7d5f493b746201f4d278b53f648cf6d9085f8a67467d1fa42e13abe113535702940af83946665
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 378f0fbc16669599925091c1dda19c197a5005f0b3db07129369aadc4cde9585
+Nonce = 8ed8e0a9711d4808cfb758262ece9dd3
+PersonalizationString = 37002959ed2fa7370a1beab5308e90a37c2e76640bd6e776b57015c656eeb84a
+** INSTANTIATE:
+	V = ea468ec0f7a4c515030051900228fb3f634fa89fb63c06b502ac4081f3dba3454737378a6fda79789bf68da7c8c5a98569afa53a77d768
+	C = 9a3fd9aa46669b12843abffa579b1fa7766af4fb05680ca83a943344fd36899d2ed14b03d8f9a912a4618fd00f6316f9d562dc0f0b17a5
+	reseed counter = 1
+EntropyInputReseed = dc8f4b2ab7f46b6e75cf085f9a6842259d608f3ddb60f09abf873d37aa3e3c4e
+AdditionalInputReseed = 
+** RESEED:
+	V = 516d6426a33706f84725e038a05fe4eb4d677701e77032fa4843565b98bfda2e84c26a95d27f00dc8373e00523d8ef194a9c6de9d692c1
+	C = 376d5fba5e3061a184308b98ca098dbc2aa443d19f959a46ea9148a979ed54ff8a754b31474eb1f4c03ada7c8de0046518b07f1db6ef96
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 88dac3e101676899cb566bd16a6972a7780bbad38705cdcd7debd5ecd0dc8d6e664efae7e7fb90ebfe653b0be703c525c0f4e389ad6879
+	C = 376d5fba5e3061a184308b98ca098dbc2aa443d19f959a46ea9148a979ed54ff8a754b31474eb1f4c03ada7c8de0046518b07f1db6ef96
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b510fb1e5c94aadfc76f94219f6f6750521d819749e14e21385745be7726ffd25c7140c5ed2f0f7a201b5e2e39b6b5d5c375accbf8f569a475a3460337c6bd00c529f702bc5cae2a057f43d1f5622c66b837537143f835e26b9b68e8f09c4882eafbcdab56bcdd9f63b2cc62e1025f5746dad2d09408f28ea52b129fcf8d01ea
+** GENERATE (SECOND CALL):
+	V = c048239b5f97ca3b4f86f76a34730063a2affea5269b6835160d1a388c70ad3515271a3941aec351e381de7799a0c1c08a9b21489b2ad6
+	C = 376d5fba5e3061a184308b98ca098dbc2aa443d19f959a46ea9148a979ed54ff8a754b31474eb1f4c03ada7c8de0046518b07f1db6ef96
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = dcd9547a1a40e08dd1350b602cc28a55a12da14aa6339f81b768f5441da6850d
+Nonce = c19afd043b1972be1c34db1fde9cf2ec
+PersonalizationString = b30ffd1d5752927b916ac4e25972e799e6255f3317a539ba24b6ba27c6fbc41e
+** INSTANTIATE:
+	V = 1327ef340aba75cb5ad351f732c5535cc623a896a0ebb4f6baa42fa865256ac08fd4e8aa00abcba9d2bb391588dfd8bbea1e916a7a2d02
+	C = 4d88acdc8f7e10c9e5f114bf12b5a10c2beab0bb86db8e3691367cf314c95941a0995dd578f41f06e94bb8ad0d0fba8b51dfd46e4727df
+	reseed counter = 1
+EntropyInputReseed = 40589bb316fa7e9bcd4c5a585aef3ce8086275e8089a4d8383edb984e8d9a9cf
+AdditionalInputReseed = 
+** RESEED:
+	V = b57996d652cfd02998033e169c069ef6c2a3ed79a4accd900072a727117f069768bee4739ff6976847a2f2c7832b4c87b04d000edd7b21
+	C = bc813656f82f981242af2f5d8b15e1e641754cfd75c31ad7dc8e4dee6e84da657ee27e2f03a839c2819d4211a7d9222096d55e757a5f91
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 71facd2d4aff683bdab26d74271c80dd04193a771a6fe92aad39a8e560016a3a54a4b9f27617261657b4057672c4743df6e4c60fc62004
+	C = bc813656f82f981242af2f5d8b15e1e641754cfd75c31ad7dc8e4dee6e84da657ee27e2f03a839c2819d4211a7d9222096d55e757a5f91
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1b644b3d36511c3e2339a11158dab5e3b3b60b3c9bdea6471e3599605c93d5e2c40803ef75c80f90bdf04201e132f92599181b28a2880897f3901b5938c158da0f10a5df61c22d2a0b03bbbcec49018c059078cabe5d92da9a7d0d2d66147211870170d492c013914ec02c423a57039c4a1399ad59dcb50299e81e1b9aa9b8e1
+** GENERATE (SECOND CALL):
+	V = 2e7c0384432f004e1d619cd1b23262c3458e8774903304507cdf297c9ab32f935e60884f34a0d2252a3a36bba841dee2f76e7da068da86
+	C = bc813656f82f981242af2f5d8b15e1e641754cfd75c31ad7dc8e4dee6e84da657ee27e2f03a839c2819d4211a7d9222096d55e757a5f91
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 72a5af6e8390bece748514d4deb0f0faf29f39f943dacb9c3c7c514692c9b526
+Nonce = a99b14d092d229af65054a511096b78c
+PersonalizationString = 343aef89d09a208c32db3bf7691192c7fb510ab85d308490fe0bd2bf1355f2cc
+** INSTANTIATE:
+	V = 8bc4182d974dd688c2d3b1df657b4580bacbaa4f897127f8da8b886a93301d89cd5070198f7cf752e8e9298ee4e6b659c7fcb87495c660
+	C = fb6d12304fd615e0782d12cfa97d800e7b07cdf866d51e37627a6ca04d182048dba26d31ee01427797ff3c9ed2d3322901be948f546213
+	reseed counter = 1
+EntropyInputReseed = 403ef914057620b24362c9e8f44672a2f345ad44db353b267eadf34460b2ba76
+AdditionalInputReseed = 
+** RESEED:
+	V = 2bc1fa880963d47070007bc84734fb93f2e1487dd2e98c762a30cb270e5b9f08ecdc8a721a1f9a571bc1ce45894f45fec6172b2f957bf1
+	C = 481bfc3e9e59016ce908568bea0f0864257fc8993cdaf87ed8525e0f1c3837b30a22ae343560a12e79fa632599f0f28b01fb86a707fdf1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 73ddf6c6a7bcd5dd5908d254314403f8186111170fc485e1e11af980683c4893db19c2c74b6c690551989451467300294f0016f8707186
+	C = 481bfc3e9e59016ce908568bea0f0864257fc8993cdaf87ed8525e0f1c3837b30a22ae343560a12e79fa632599f0f28b01fb86a707fdf1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a8455ab8576b4ca4167a8f675e0868a27515daa7adaaf7e9feb5f03fcae864f7c55e191bc18c702cb65ca8086fb32afaa6f6901dd4ab953ade8817a9a7ce861ee644f0124231e13f49b2649e834c23fa0f13c83acd9de89c562664920b6afb945ab6471f70fb4a502efc7fea19b446e15f5a28c0794f7689cb315032736785ef
+** GENERATE (SECOND CALL):
+	V = bbf9f3054615d74a421128e01b530c5c3de0d9b04c9f7eae98e18393bf82a25ad69ddfc8af5e31c6515b437ccc8d3c5b171bbfa5a88dcf
+	C = 481bfc3e9e59016ce908568bea0f0864257fc8993cdaf87ed8525e0f1c3837b30a22ae343560a12e79fa632599f0f28b01fb86a707fdf1
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 63d1892690f6f127374b74506b919a7d4ff8a89eb57513d5928b68d464fcff4b
+Nonce = 15ad942c57d09dcc3a8b852d6071138b
+PersonalizationString = 6c491832189a5d63565c3c9c078ac065a073e6faa35cb8e8d4d5e5778cce7452
+** INSTANTIATE:
+	V = 9c5403e2425d8a03aa8389e3cff787b7105d0fbc2633d3214b937b3db9d232638ad664165565ef6378b2df4a479a2aea4ff3cb72dbc61a
+	C = 32710abfc88b6e11200381923050be4dc1f7a7164120aee5a889e70e2ce624344baacf990c82d89e72c3b91d20029cc482ff65765b5294
+	reseed counter = 1
+EntropyInputReseed = e8c45a0084ceeb4c50c216c95770124f718ca7018bc27807ce08e5198e292b1b
+AdditionalInputReseed = d5a5e2f5e164d6d9f1b334083f621d7e2dca78ef8bd53c4015dd5d1b428c8d74
+** RESEED:
+	V = 35fbf227d26971f2637b79e72d06ef486c762f8f7e94b5cdee7bcd50d83199b5c2f27681d4fb8877b96fb97a853b4f9964fb8e45ae70ff
+	C = 6fb7584cb70618d0feef332f469a921616d57fd47377563020c63c4b195852632d9e0ac5ef4696734978d9d596522c186bf08990c120ce
+	reseed counter = 1
+AdditionalInput = f3e5e9c69db47bee42527dfe55ad26380694fc1ad73428f2298684f8fecd6141
+** GENERATE (FIRST CALL):
+	V = a5b34a74896f8ac3626aad1673a1815e834baf63f20c0cbb483ae76709c25eb8f318506efbe65238ebf0484f78f871210877e70c5a9a17
+	C = 6fb7584cb70618d0feef332f469a921616d57fd47377563020c63c4b195852632d9e0ac5ef4696734978d9d596522c186bf08990c120ce
+	reseed counter = 2
+AdditionalInput = dab0e3ca49e5d6f5344b8baa840545ec5aa86c9ff165d7cfffaa222483e81f18
+ReturnedBits = ee0611a32c60439ddbe2fb23ba3ad4de78ef8d7173f40481cde15207b1270281c86765a63e3f908d3b13ec73f14d80ebdc02144e86af0e99e3ed47113cb1794ad8db19efb290b4a724daf96eaf14023ffea31cdb7dae0574573470d69ce67a53b330bffc3208920549f7b1d348c198e28aaf1a83cb86d8a43adcf5c5cbe1c401
+** GENERATE (SECOND CALL):
+	V = 156aa2c14075a3946159e045ba3c13749a212f38658364324c3f16b457efaf4d5e80df71cc18a7b0f8d8792cac4e2ce6893cadee3cd9a1
+	C = 6fb7584cb70618d0feef332f469a921616d57fd47377563020c63c4b195852632d9e0ac5ef4696734978d9d596522c186bf08990c120ce
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 4a67a08d67856c40db7b517e9616e5f835fda708c6d7ca7944857d436f017b88
+Nonce = 523f99483ae2a1b8c575a512aae71bf6
+PersonalizationString = d6183ea223c11a33c8b8570ca685bd1d9a0a95209158340aabcf23db886b49bd
+** INSTANTIATE:
+	V = 50c47d26973c42c9e06af54b3ec42e365bf7e2890f0f530363a2414813e920f80f1f221b5f51aa9253796b05503996804d17c1f5523291
+	C = 866b64e36509f7e51c1fdeeb9707a522c2caa236d790fb9331bc7a4f0b043857e9975ebfbe1450576e100f656d25817674f92c77631876
+	reseed counter = 1
+EntropyInputReseed = e500dab42963b7d1f841e73b8bc0dfdc39949355678e726e15d6e9220b131be7
+AdditionalInputReseed = 953ced23d0defcc1c5b2af94ecd93c7a60b491975cd40df1b386ddd6f5f0805f
+** RESEED:
+	V = 55545f7f1d3872a4400317e7b881a6c12b5c1a567a483915f3f7ba6e925f40b1f580844e7d54b7ea5ad09defb666c9f828733f0436272f
+	C = d6b4e043db9588a7ee2d72cbfa74f4f011b9674f88880d0d1a94d33b85c8cb4ebeb88bf5411a14f88c42e156f5a0ca189bf9a8eff449f9
+	reseed counter = 1
+AdditionalInput = 56b836ff95b52bda328033f1a61cce3b17adfde7c867aa841f720c3e46e27e49
+** GENERATE (FIRST CALL):
+	V = 2c093fc2f8cdfb4c2e308ab3b2f69bb13d1581a602d046d20d25d28213c75bd87c50612b88f3139f6eb9c6b987c2d38395d0bc34776a93
+	C = d6b4e043db9588a7ee2d72cbfa74f4f011b9674f88880d0d1a94d33b85c8cb4ebeb88bf5411a14f88c42e156f5a0ca189bf9a8eff449f9
+	reseed counter = 2
+AdditionalInput = 6264ee957398b2f71ffa04041218be9093d67efb530ac030779f179ab2d62c09
+ReturnedBits = cd959453e19533efe527bb6998303241c0f7be93d565cb5d5af41dd40f4de1c627bba290b349a13a8f8373c8b1c2f7836f3c54820eb97de7fff57a093c668b20249ae2a01dee01fab54021f45a80163c251034e2c9e4b5a17c064e902dd6888ffb8e84ae1cc86c722b160a20c3f617016faf831e4ac422cca8c798bdc985e03d
+** GENERATE (SECOND CALL):
+	V = 02be2006d46383f41c5dfd7fad6b90a14ecee8f58b58549754f9f709d1e3b4d80b768195813ec959371820f669c4f9cea744e05d6cfa0d
+	C = d6b4e043db9588a7ee2d72cbfa74f4f011b9674f88880d0d1a94d33b85c8cb4ebeb88bf5411a14f88c42e156f5a0ca189bf9a8eff449f9
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 7321e3d77840380efcc17712e0ffc55774df7b258251cb10346333ce022aebbb
+Nonce = 3b8b3fce2549048f889330c0c843cfdd
+PersonalizationString = adcaf50503c0fa0f59220f0bbb1e807c0aff5a36d096693a9c70b903c22e85a1
+** INSTANTIATE:
+	V = f814fb845eaf7bba1571482007fba63125a9fbd34f99e80b1db013967f7be37b3c0284ea8c0742de5ebaf6f0d52efd1f29cddfbc1a4e6c
+	C = 9e4da7714224a1ac77e12fecf020ebad9036eca4663e9b27b44ef3d1e7968a5b456a7246c013ccdaea26ccd19e1b0e02dc0212400ba73b
+	reseed counter = 1
+EntropyInputReseed = 44294b9a4034a99b7edd3e76c8970d8fac05cbcf1d989f40d684b85455f3bb01
+AdditionalInputReseed = e37b8b2b651d96f2e0590fcf1d311b41ee218491b3fd2d3a7f6899c6ab4e32b5
+** RESEED:
+	V = e8effd53e63d88f2e3987d9752890f7f1589f4d403047a5ab31240e0697aa6134f11abc27bc25cc6fef0ea587e45cf136b8c18cb13d913
+	C = 2d4eed41f5c1fa356cc9731da56f662bc8f56f12c6341cbd5090d0beaa99d6b4296323bcdce49f75645a6d95a2bd95cdff4cf399951797
+	reseed counter = 1
+AdditionalInput = 139a7d2495c3f50023cdc0edf0f910063adf17c76beb8b63497ebc14cb3c2d11
+** GENERATE (FIRST CALL):
+	V = 163eea95dbff83285061f0b4f7f875aade7f63e6c9389760e381994d5c3eace760fb1d8098e9f8d11ced8625cb58e793945c1969115f70
+	C = 2d4eed41f5c1fa356cc9731da56f662bc8f56f12c6341cbd5090d0beaa99d6b4296323bcdce49f75645a6d95a2bd95cdff4cf399951797
+	reseed counter = 2
+AdditionalInput = 418b07a91628f5fbaa010f375265c0288e040f1a89aa297796d7eaba0c5f2ad9
+ReturnedBits = 9f0213fbcd2ed0f6ae2612c96d8f23f96fe10e628950054d502ec6844f9ece3df52ac8d6a6bccd8d7f286195df4d02ba9be3874dd45601fbac9d913105086803170925048d6acf04558348b87f0d19e6ddd2166a6cea02cc34e83568e643b59c55e9dfb08369c786e5a0d36078e4d9ede786b98b37c80dfd5cf34a59aff46e8b
+** GENERATE (SECOND CALL):
+	V = 438dd7d7d1c17d5dbd2b63d29d67dbd6a774d2f98f6cb4e6deed9acff731f22894cf8656a6a48b2e1f29a1d84cebfedc3bba3ca9796871
+	C = 2d4eed41f5c1fa356cc9731da56f662bc8f56f12c6341cbd5090d0beaa99d6b4296323bcdce49f75645a6d95a2bd95cdff4cf399951797
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 62db24cd7b875d9d2782c3666c6e088801b32cc61f64ed23a6bd1e831b416019
+Nonce = e5035ce750d03b35556d0f21d310a2b2
+PersonalizationString = 5f97b854c64442dbac3a4181f897a8f6e8e34488f9d96f05d7282e7ac0aa04d8
+** INSTANTIATE:
+	V = 8e038a94cb694b3d57323fe28395b74ae31f382066e991d83d730c8bb6ef7913daf161f5e6f0f4b62ae61f8112cf0daf2f2747e1295834
+	C = 46c6ddccaf909065aa58ee85aeccf5ee7d965fead3e7c0fef2b2307b88ad0aeb5cd253109e71b069a760ff0067edfa97316f102ef24654
+	reseed counter = 1
+EntropyInputReseed = 5d796e440c3db48cdc2d68f7e279ad196f71fdbcb4ea6a894041f0bb2b9a98f7
+AdditionalInputReseed = 68b1e21ff4813a21a88e68bce4ba8d8cd0a861453fac7d376d1656ce5fb25e40
+** RESEED:
+	V = c796281dd46feca0419b7e7173f607813f665d43170b22f6fe4c5db9855959a09ec0332643d4933f80642d48eeccae283385fe8226f47b
+	C = 89181086685271a70abb01690a0a1811bddef785121721a017e0b5aad4ecc9b7cb284b4351e702a734b41014a423e48e223ea753a84ad7
+	reseed counter = 1
+AdditionalInput = 884abd9f1abefc5265c151f8a81084fbd359716321e1408c056ef7a6815e3917
+** GENERATE (FIRST CALL):
+	V = 50ae38a43cc25e474c567fda7e001f92fd4554c82922464fb11e8810bec7b7f22955578fe76bb4064988798da3814b3efe0903eb422a1d
+	C = 89181086685271a70abb01690a0a1811bddef785121721a017e0b5aad4ecc9b7cb284b4351e702a734b41014a423e48e223ea753a84ad7
+	reseed counter = 2
+AdditionalInput = ffa2697d2e879e72c4cd10850449a009e03544f0f491b90179ff493eeeed142a
+ReturnedBits = 9121c3f4d45fe857f5720140758ec43f4bc83de16945d20e20a92b182aeb1214ce3a6a13cf20c041983deb680fa1a2df08299576f1e0709a4f0e980ac992e8aaa20cbb27e46fdc2a52b46b0499b48ab402663b6d749e3b846c54d53d6d6c4e6899c3a0034a3d101f9bfef5667b0939060d3018987e395480002701467e6494fb
+** GENERATE (SECOND CALL):
+	V = d9c6492aa514cfee57118143880a37a4bb244c4d3b3969349d3c223c50395394e11df9292b7af1ca82d5273f02a8b3ca3151104e2555a1
+	C = 89181086685271a70abb01690a0a1811bddef785121721a017e0b5aad4ecc9b7cb284b4351e702a734b41014a423e48e223ea753a84ad7
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 1f9e4ed427f4f038838e50d5853aa62c4ddcb2ad5962223a145479bce3335816
+Nonce = da045697275667cf889efc5792ff4974
+PersonalizationString = 7472be3f4ce2bb29d08f5e31eb0f39bd543f24b35648b6ec0a98b691d8a55a2b
+** INSTANTIATE:
+	V = 2ece21eee661776c0bbe8d8748397f2730e544c0966d1a1e1256bd1d3549657488a415dd2d8537597fae032503e354b4ad5e7589f21e4c
+	C = 7c7865c4502e220428a00772188a16fe9015f0472dc555cc8e12448cf256967ec149f7db129c0f1a4304e34e6e15e039dea7254d9b7f2c
+	reseed counter = 1
+EntropyInputReseed = 7215e83e600420cf08971e73a4cc1889d6fa5f9f7fef65851eceb87e6d219fcc
+AdditionalInputReseed = efb6497181bab18fbb2577cd24b23a3659dbfbce3d16c7258296eeafaa3c31bb
+** RESEED:
+	V = 865b571c709d2ab01bbdf94afa9df3d4c351c717d5a15bd19de82784d3fbcfd3c27cb582f15b5cb2b8636df2dbb44da803947b8940face
+	C = c62c7520b17627f8a7ec514863059cce06833048cb83ef5885e539fffb62fd263b2d19e51c0f50e8a21c50def5aa81b194b5640ab0cf82
+	reseed counter = 1
+AdditionalInput = b3af9562ef394542700cdd810638c853c1c574f823b1da4b243199c8f0c29617
+** GENERATE (FIRST CALL):
+	V = 4c87cc3d221352a8c3aa4a935da390a2c9d4f760a1254c838f8c0f7c6c6228affe596ad59cd404459ac238e8a8118eae310d39860549af
+	C = c62c7520b17627f8a7ec514863059cce06833048cb83ef5885e539fffb62fd263b2d19e51c0f50e8a21c50def5aa81b194b5640ab0cf82
+	reseed counter = 2
+AdditionalInput = c3c39d58332fa71fc6b53b0eb6ebfeacf5449ff65cf2823f741a73b50ab9ec8a
+ReturnedBits = 639ef04b9baf12659d7ae6310553eb97bc9a65b279a230867f10275e614d9ac73ad94651c550686a87ee9ffb84553b3262904f24199bd64812c193db3cc268ba55e3f481528c7d1f6efe2876c4c22b7c86d4db01a1f41001255dc6dbb2374f8ee84d192c6dd5bc1af4fad95110833f1fb720fe32a2e78f727642508818d52dde
+** GENERATE (SECOND CALL):
+	V = 12b4415dd3897aa16b969bdbc0a92d70d05827a96ca93d114b2d4213d30202618e027342479a1a28cd67f461dddecf7a726b12e514e159
+	C = c62c7520b17627f8a7ec514863059cce06833048cb83ef5885e539fffb62fd263b2d19e51c0f50e8a21c50def5aa81b194b5640ab0cf82
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7a43f6c5d6aee5565f62c60dd2faf0833c073395b6c3cca86ab73d57d55c7538
+Nonce = c97801f0813234d7aa019dfab00af8ec
+PersonalizationString = b5a221c25386074aaa9e71ceff8f39317cfd5c121b8660cd35b730cf32fae3ec
+** INSTANTIATE:
+	V = f1f97623c6acf35b3e8b3499cd15b36cdd14396d0f837d320c2969f904c52827880bb5fee0ac5dac45e2787416ca2916e9d9d5ac9d37b6
+	C = ce585b613cde88e3389bfe72753189978e3c39d2dcacd845631641f4206fa2c20b68b5e8c462838ec5a03727ebb481a8f1db756c5fb4c1
+	reseed counter = 1
+EntropyInputReseed = d5930a2362e16704bedba8a8d57794e4d9ea2a093550fb05b75a41768645c9cc
+AdditionalInputReseed = 94ad9691f73dff5cf3e626d0d6ecc972b02bb1b51ebe29330ce1662f2067bc25
+** RESEED:
+	V = 326a0c79c7bee072b0b028d7173995b3023b984a8f3fc92daace434f7620924a2812d19217a571aa277a9dd5a0832f9853e33dceb3479d
+	C = 2e7aa9f0df142f518b72404afef2aee96355557a4652c34d5f528b6951be91b3b62bc13d31c93d8f8242999dbbdcc5d8c8cb20156b1de7
+	reseed counter = 1
+AdditionalInput = 7342d7d91e1737d24a0e027e49edcd9b18b0a60e433a190bc702a8b6789a1d7f
+** GENERATE (FIRST CALL):
+	V = 60e4b66aa6d30fc43c226922162c449c6590edc4d5928ced6123bfba3512bc5437f72a938ddfc954cc6555df862b7a7d0415700c1c9efd
+	C = 2e7aa9f0df142f518b72404afef2aee96355557a4652c34d5f528b6951be91b3b62bc13d31c93d8f8242999dbbdcc5d8c8cb20156b1de7
+	reseed counter = 2
+AdditionalInput = 6e311ee704202e8411673101d8045aae2ffd6e9743c1d5647d0d940cbeb0f31f
+ReturnedBits = 44270d9317c9ed296aab1c35a9bae5a9c509b4913294eec111096364f755bea59e4b665b364efdd26361145d5e6c17d3964062e6b810353c3bfbb7583cbcd0c4f6555ed15eadd90339f19e78b733c4e88119b69854dfd953dc0551cf0efd604b19c6531ea3f787e2f6e398f32faa8034451e0982591edfee268bf032063e4509
+** GENERATE (SECOND CALL):
+	V = 8f5f605b85e73f15c794a96d151ef385c8e6433f1be55191276c56fcd9301329ea2a7d6b55af70c62e5761c38c60b3d2ccf05a3078915b
+	C = 2e7aa9f0df142f518b72404afef2aee96355557a4652c34d5f528b6951be91b3b62bc13d31c93d8f8242999dbbdcc5d8c8cb20156b1de7
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 785517a1a51d1eca95862e71945f3d27eb3f316e5cdcac13127e21cf02effc4b
+Nonce = 1059e07eca4a00d62738c3c352fdda95
+PersonalizationString = 6f327bcc5a700eb4d01aedf716b6727fe04bff724bbe43aacf05d8c28d9abf8e
+** INSTANTIATE:
+	V = 9b69cae0736cceda78a7b249b0b86ae00555762f54beb24960a1c334f4664050c2765f9adca7b069e77192da86a7555402f92c2bfca78c
+	C = 04ad1c87e1bf61de2501658680eaf0319c2990a7648691da11da5ba8ccec2dd0ca74fcd421ed9ec886e6480e0121f33b3bdb853aa65f2b
+	reseed counter = 1
+EntropyInputReseed = ddcf3809781cbc525b138cbc925595df5abbc2d658875447a24be356848f94ec
+AdditionalInputReseed = 8f68c6713ba4f97657439458e8e36803501fc865d2e7c2440857fe75dc593bf0
+** RESEED:
+	V = 6933fbe15d71ce530f7ac82ca239155ccf538dc4842005b7b018701313b4efd5e78d2d469516a6c143310e4fa3396a69ad1d9654901037
+	C = 85d84b06af2c376804597c7f83a3e1a60c8bce77b50cf5e3aee0504ba4e57a64ac90df38be8217774242d5673e04cfa37b2ce1da29bedf
+	reseed counter = 1
+AdditionalInput = 0f954b11f30781e52e3dec4e1113fd17a69b6887555b29ffd327113c91c7ab36
+** GENERATE (FIRST CALL):
+	V = ef0c46e80c9e05bb13d444ac25dcf702dbdf5c3c392cfc132bb49a085ea4f8f0cdae8cc0bb7147cb997d67760ce3dd5731e1f11bc2c02d
+	C = 85d84b06af2c376804597c7f83a3e1a60c8bce77b50cf5e3aee0504ba4e57a64ac90df38be8217774242d5673e04cfa37b2ce1da29bedf
+	reseed counter = 2
+AdditionalInput = a55074092efd3e2c5f0b03ca7a03c6c78067a31a505879c3f648093bd9ac593d
+ReturnedBits = f0c0fc0dcf2cff03b800252515da524c23fd2c3d1200fb9dc8515c06d9188f3dff25aa9943f8a09c754826851a375c540117b552fe487d30716f3465ef35f1e5a6cc85bbfecb1481c49344e512d4d6960ef6d92891a7435148faf846966d06c713fa7ee4fa399ef91acf83780337e26beed3b5d5187b0fc0fa49d4d9031b7adf
+** GENERATE (SECOND CALL):
+	V = 74e491eebbca3d23182dc12ba980d8a8e86b2ab3ee39f2f3c2aff9ca1ffcd5dc378ffaf48e4dc6c87b20facc8406bb51b04e5623830072
+	C = 85d84b06af2c376804597c7f83a3e1a60c8bce77b50cf5e3aee0504ba4e57a64ac90df38be8217774242d5673e04cfa37b2ce1da29bedf
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 309c1c36177539cf953d95c7d3281f4150c01bf45caf4a47e0af411aeff5c4d0
+Nonce = f8e2ac4f29949b19eda337097d7b9269
+PersonalizationString = f69a9c5a51039e72a55f50b073bd1ed0bd650ae9af968dc87b22c4d560fcb997
+** INSTANTIATE:
+	V = 049dea6f6b718c7d97f64317637f84c43d2ce2bf9949630a03dd3d7a1ea1fb957c5a6fa9edd65170f71f8a602366cdcfe55a23592cece5
+	C = 0c4b589ec8068e9c6f00a2fcaa99846d184f439607b262e8930b0fc5c6951fd8b83ed0851aa9d7a20a0c4ca99111c172bc03c895f5fe1a
+	reseed counter = 1
+EntropyInputReseed = 9c014b7f3bc223a29e7ee5b1494b93a3aa9a4c03be255b6ae1b8d1d2773ce3aa
+AdditionalInputReseed = 2120b02f63375772358c06122157fc62655f41e9d7317f29c9cf5602da20bc4f
+** RESEED:
+	V = 3e43563fa5b2a4b5c64fcefb9ee78ca89d23c1cc95fb21ce961e15b43517b40ea2a08dc59ec65315d8a24dbc3719df587cffeaf098c67f
+	C = 7a593b8a33b592d8ca4ad7f5c14a84b0c3797b812dcc52979a46c26849dc9577de2f93b6931624a02a5a7bbc3394dfa57a3e819726d17d
+	reseed counter = 1
+AdditionalInput = ead67f926da5a2abab8ddf1a1b6fbad52f15be47bc74bb3c41ce1b6621cf75a4
+** GENERATE (FIRST CALL):
+	V = b89c91c9d968378e909aa6f160321159609d3d4dc3c775b8166ce68335753a681460d047471a29226cafc273a65331a3d0080fc03c7b04
+	C = 7a593b8a33b592d8ca4ad7f5c14a84b0c3797b812dcc52979a46c26849dc9577de2f93b6931624a02a5a7bbc3394dfa57a3e819726d17d
+	reseed counter = 2
+AdditionalInput = e2816ac4f3ea4975668509fe712b334ab98d2ec2c7b14077ee18656b4f513db9
+ReturnedBits = 5dec5f796216ba70accaadc248d1c4728d9803f5e2c5ce0466dc2acd16f4dc5f289b0ac619bea866fbfa6539958c815b8a7efe3f422fbdffe7a31dc9bf4ece2972f2e221d8df0dc247fe31f7a3f4a48676b641d19afad1cb76a3b5f6f82fb81e700bae40ce0ff9392bea6e909030b6fdadae2adcae879bfb981026da6b0b1406
+** GENERATE (SECOND CALL):
+	V = 32f5cd540d1dca675ae57ee7217c960a2416b8cef193c9dd5904797046e92a233ce47620a1e67082c67eebff2a4eceff9b81e90363c8e1
+	C = 7a593b8a33b592d8ca4ad7f5c14a84b0c3797b812dcc52979a46c26849dc9577de2f93b6931624a02a5a7bbc3394dfa57a3e819726d17d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 25c4bc11c769d257ede0517a76f235ea2f5fd3cd3f93ac9e10e28c02ce7aaec4
+Nonce = 86282c6c5c5e173eb7626db398582f49
+PersonalizationString = 3fc182c51817c0ec3a6bb96508ea497188f5bb6a1cbc5f021c11dcf7e497414f
+** INSTANTIATE:
+	V = 9ac4b1c665b255e8f329830b9c0bb5d4dc8499de8e6a398f3871939ea7decf63a8a8faa67cc0b521c662a20e48ee47d6eb7f5e3144dc31
+	C = 5aed9b18428b02abb00618e04fb1641a304623b84c9e2030d948306fa799d1c0d42d0c5211acd9d3cb9cf8154c92591c4ac7df704bd9c4
+	reseed counter = 1
+EntropyInputReseed = 5a1c91efc9efbad78506793944a4b6559c9701874d5e3d0ed01d42604d7da232
+AdditionalInputReseed = 7b4da2fdbe33a8b42330cf12e16f0e24007904ec3167f7f2a1df7865e1174ccc
+** RESEED:
+	V = 7da3ebfd438f4bc53b53718b3c1fc2e6bd18c9d4187e974ae6d021c1d6e5fa8d47b3f2134d4895bccae96f7da72484f35148f0fd17e38c
+	C = 187cc5b5697e49b4ae5565499c2094997c4f74bcf3f8b73376460e0f7264f707d6754fd1f15284951fd34a84588a71095c6f1160e9fc57
+	reseed counter = 1
+AdditionalInput = 49e59f65aa6224f65258523bbd58803d5e4c159adaf4dd0a2d2593161137fc96
+** GENERATE (FIRST CALL):
+	V = 9620b1b2ad0d9579e9a8d6d4d840578039683e910c774f27f0420241cd157b0ffc87dfacedb7f131075e23a17f0cbaaecd02c0b9904103
+	C = 187cc5b5697e49b4ae5565499c2094997c4f74bcf3f8b73376460e0f7264f707d6754fd1f15284951fd34a84588a71095c6f1160e9fc57
+	reseed counter = 2
+AdditionalInput = 41c1f9a9ff111b140c311493fd9ee5e3852bbf250b6df4c8fb6d932407c67880
+ReturnedBits = c298ab851dce30bf80e8179c78a8ddbb30dcecf6340b8e53d29f899452c89e8e9c69e188eec931c7ba8c254239576cfaeaa092df4bb10138192d76b76643f81f4f57370760fe7711a027b4636a8de51e9b1db90b157b7b3b21696b3055c8d82283e922ad8fee9f82443012557bf18e99b7599d1f5c6eef7bff9ddc3ebba3a2dd
+** GENERATE (SECOND CALL):
+	V = ae9d7768168bdf2e97fe3c1e7460ec19b5b7b34e007007cf835413ad50828cd498bde2dbc95e88fba5353c77e7f8a5fc0b2d5a04c54ab4
+	C = 187cc5b5697e49b4ae5565499c2094997c4f74bcf3f8b73376460e0f7264f707d6754fd1f15284951fd34a84588a71095c6f1160e9fc57
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 9906b88532caecebbe77708daeabea9473c97c694b0ad8cbb757dc298606a6ec
+Nonce = d43585e416901598a94d3aaf53a248c4
+PersonalizationString = 800ea23ea4e741e490d14c901fb75425945eec932c194fc048dfffe92f86f5f4
+** INSTANTIATE:
+	V = ccf759e202abd6717073cdc74fd8072e2a73b4d2debefa3ca37597c3fb3baee1565ffe8e034df64c7bac9213ddf89d83392d1b9765f3ff
+	C = 659fcd6ec1466421376f1523e3291081b8c2f8f2eb4af9380ae644779ec28e203d11f94613a30cb703a253bc8f4a2eb623fbf53c2f4c42
+	reseed counter = 1
+EntropyInputReseed = 1b285e2b5ecbf0fb7cabbb618b3334582b25158e6bc8c27fd75ca86adcf8ca65
+AdditionalInputReseed = 5740cfa51134541369af1fb014d6bd9f93ac40d595567f949898f5090e58b717
+** RESEED:
+	V = cfa685d384a3674c43f8b1b96332f4861df7768be1318aa27cc94a6deefe3205c705d45f9b89d07007edc6fa161e43594fa78b41eb2257
+	C = a9e92ca4002893f8e04d80bdbc3835cd85ebab1b6a5de6e9d3fce4d3ee165bb6d66f65c4603bd6ca55bea6ee16fb904f4a2d2a0b0336f6
+	reseed counter = 1
+AdditionalInput = 7750bb23fc678f04822a2f18f863c08542487025a191fadb88f2764d4e3a2586
+** GENERATE (FIRST CALL):
+	V = 798fb27784cbfb45244632771f6b2a53a3e321a74b8f72e586c640de2ab69981c5bbacfa2947e22801f0028b93c97662f437abf4d695d2
+	C = a9e92ca4002893f8e04d80bdbc3835cd85ebab1b6a5de6e9d3fce4d3ee165bb6d66f65c4603bd6ca55bea6ee16fb904f4a2d2a0b0336f6
+	reseed counter = 2
+AdditionalInput = 04c7ed02c3d0660e2e6f5344d9abe4f334e309c7ea5a3202357461a0ca630c30
+ReturnedBits = 9ba9f9fc41c5ff92f8af68937b130aac4d69305b936d14396b0f6f6dd3fcc20b064456878f7082f7662983dd241c7108cce3d69f85989e88dc4b5318f2e4fadc251254f51ecbc3cd77e299bdb5a8863723d87ee9f400d8a02672b00f964b5e16874c17e98efe67ab9922acb80edf32a052792ad281c8cc96798b60ac8ba9a9d4
+** GENERATE (SECOND CALL):
+	V = 2378df1b84f48f3e0493b334dba3602129ceccc2b5ed5abaf4545612917c123749256db594cc14630570cc1c361533638eb5c9623861a1
+	C = a9e92ca4002893f8e04d80bdbc3835cd85ebab1b6a5de6e9d3fce4d3ee165bb6d66f65c4603bd6ca55bea6ee16fb904f4a2d2a0b0336f6
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 924d92703f5e8c563d215989858e68bae0f16290b224cbeb9d99d58c514bbed2
+Nonce = 945abf547fe67db36c01572679a22686
+PersonalizationString = ec8fe188a93cbba2fa3de8b947894739b52414b837b9b6172ba71edb36fe9841
+** INSTANTIATE:
+	V = 0003c37df12baf571ce8adf5c7f67eefccc0f9c3660fab6e681d349dfa141696836b641a3cb4d1033466e0d0eb94b387c402429a98cf0a
+	C = 113885069f5e00513e4981324ba196e66d4456caa26540c2b9ced06fe7f6be9370802ba8793fd57f8f6d4aa4859b9b005ca27eb8911b11
+	reseed counter = 1
+EntropyInputReseed = 435a3e000f5addd324c79f7739fac0d534c4b841a59ab96369888798469623dd
+AdditionalInputReseed = 845a5b22ecd8296a031ab03dc29f34b7212ead472a9642473b2e25970b5aeb73
+** RESEED:
+	V = e0d9798e5080711519c5832a194d6c7fcf09ea6a26c75b24b55726678d46971adc69f7831da02ef7b73c6342a4fe005213fca8c4f94bf2
+	C = b3ba8f2ad79999b959e049b35e9a5e35967fe6e3eaf3fd2df498510c66ff6ad836bc9494fcafb3ca430443d21e16ac36c9fcc85e65b8c8
+	reseed counter = 1
+AdditionalInput = 37cd18968960ac1f9d91a8ed5620eb8c46e0770c8b9ef9be77563519f628c313
+** GENERATE (FIRST CALL):
+	V = 949408b9281a0ace73a5ccdd77e7cab56589d14e11bb5985374f4c7b3161b169a2047aa92dc2cf7b895daf36d690742bff9d0ac12bbad4
+	C = b3ba8f2ad79999b959e049b35e9a5e35967fe6e3eaf3fd2df498510c66ff6ad836bc9494fcafb3ca430443d21e16ac36c9fcc85e65b8c8
+	reseed counter = 2
+AdditionalInput = fe44fda12447144204b690218f7c3aca8379a467b322f046184d3d18dd2eea54
+ReturnedBits = dd4346d83e2fcebc70dc0874868af522387e48bf7184e5c4de661f554c301c954e1a3bbcd38c09171e2d1e9be19f02fb0f3cf37ceedd82f6e2f2c2443bf05a5e45942220f3123ace07c8ed229ea01578b2fd93fd97229322c8d43a1a882853fac361d778a9aa28ab07c7c9c0b3fe06db985b377ac06c568984c0d23812d0e6ec
+** GENERATE (SECOND CALL):
+	V = 484e97e3ffb3a487cd861690d68228eafc09b831fcaf57a7a4c83573a9ba93cf8a83a53f9594a620f406ff09aa5b0cd8594916cd141e01
+	C = b3ba8f2ad79999b959e049b35e9a5e35967fe6e3eaf3fd2df498510c66ff6ad836bc9494fcafb3ca430443d21e16ac36c9fcc85e65b8c8
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = ecb139988c862c399e816557c1d26dc15a1ae211a18d958a3893d0e6867743b4
+Nonce = acf7a4a06fe5515a09aa3e3aad3b7373
+PersonalizationString = 2989b07dc369419f91985213ecb7e3aff54f5e1e6038dcf37c96bc2bbba8d6d4
+** INSTANTIATE:
+	V = c320e43696ee8d221c7c1eb16ff1a006434fc1db487377ccaffd810488994b70e4e2f2d5eea53a6c4b28605a4e8f4899ae9f6b14f3c552
+	C = e997a63cecbeaae0a25fa1f81726974b0fb4b5ccc8528916329cf8899fccb95be5e252f4f6ab365fb2c449cfbed0859345fd8ac4481cee
+	reseed counter = 1
+EntropyInputReseed = dc338f742df145715c613c8c20ac9b9d92f0dee14dbf8e1eaabccba2a00118d7
+AdditionalInputReseed = 47de7d1880052ca8857dedac2e5520e58f7a11d8733cd0107ae2ecd1f9f02e02
+** RESEED:
+	V = b2c629d9c368bc074bd1cd41d1b379995798ea8d9fe27bdae36877e18bbbec5aae7b27c6c2f52c276824e653116efa3c37a8585e47330c
+	C = d5e4f5aa694dc0252abb75fe693c1e312dddea1505f4fa3ec5f48917e375b7e19eecbb2d5f5aac3f1c6bda10abb8dba6635ad22cef3acd
+	reseed counter = 1
+AdditionalInput = 89428866830c50836c48cdff230831057a0a7df6d94bfc3237d0d571e1aeb36f
+** GENERATE (FIRST CALL):
+	V = 88ab1f842cb67c2c768d43403aef97ca8576d4a2a5d7764621d96525c576ea076f722700ccf9c4b9fa0355ce758c65a4d070da37585aa8
+	C = d5e4f5aa694dc0252abb75fe693c1e312dddea1505f4fa3ec5f48917e375b7e19eecbb2d5f5aac3f1c6bda10abb8dba6635ad22cef3acd
+	reseed counter = 2
+AdditionalInput = 055c2ebae240a9d0c7cea8781e878cca7ec4e2e90492944bef3e939db293b012
+ReturnedBits = 845b0a7f95a7cb195daf0cc05eda1522a38dc4efd18ee79e28eaca21dabe413c446f3ad2e4f44b48865b3625d0230184c92ff2f30bd17c77c79c75e627f4996251725d961b1128f3e3a088a3a3930fa9a8fed6cfd392cee0927d0e932accaa155a7c5b5fec38f1ca46e6c6de2235a75db9d9cad6b803df59ca5377fc148b671c
+** GENERATE (SECOND CALL):
+	V = 5e90152e96043c51a148b93ea42bb5fbb354beb7abcc7121d35a24245b8e0bcc98e2f37273101a857ee696a386a3fae2afa7fb00a667a0
+	C = d5e4f5aa694dc0252abb75fe693c1e312dddea1505f4fa3ec5f48917e375b7e19eecbb2d5f5aac3f1c6bda10abb8dba6635ad22cef3acd
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = f3d185a0363128da8ad2a52fbe21ea51c60d23e2f592443ad54ca59979e7fefe
+Nonce = adc21dc3fd5706aa721f45e8b3aea531
+PersonalizationString = ced35144ff2e4cbf9e0f0f4dad6f2c24d0be27f1251ead78e6a1c8fbcc609094
+** INSTANTIATE:
+	V = c3ac08a1d79c15ee37895c16e173ddc053719cc4a63442e724449f1ec0a134efece7e8d1e65c4b33f176d9cb3cde9b5bd81c17a5b6569a
+	C = 01423ccc02833a04782e7e9d409d84834a3fbcdaaae722d0dd75f1184a2ae0ccce80e1ffb92fb6df57a31a8a561659f0d875491f898697
+	reseed counter = 1
+EntropyInputReseed = 3761b0a8cdf6cd0021d4d46cca15d0b7b9dd814a21977a2956975113c73dd2f4
+AdditionalInputReseed = f6ed93f20e9a8bf87d8ec70f6f1391ffe32a2b518e7d2784c8cfad2f270a11c1
+** RESEED:
+	V = 5b344dc52eecd3200752259147d9b8247dfc1984f3835669e4c4767bfd882067c563b8c0bc3720a8637aab412481ab8f017ee104f226ac
+	C = d0a5beaf15f06c29fb83f27fd9488874a28e1945e55b6f4834c7840be46b32bbcef997a835fad0404cc441caa74679a34b2e5f39f12081
+	reseed counter = 1
+AdditionalInput = 84dc6e8143e07250ffee1de4497467564fe3c6b5eb996a4b185a7ba5090691dc
+** GENERATE (FIRST CALL):
+	V = 2bda0c7444dd3f4a02d6181121224099208a32cad8dec6d684f701b324d01dc5953ced38cb4352710778d09df7699df7fd070cf9a231de
+	C = d0a5beaf15f06c29fb83f27fd9488874a28e1945e55b6f4834c7840be46b32bbcef997a835fad0404cc441caa74679a34b2e5f39f12081
+	reseed counter = 2
+AdditionalInput = 76b36611ae1606c1790e275e1ac59198637c4a5f90a73dd4ad7d4511755206bb
+ReturnedBits = 0aedf11df9c858d3451ff6f634fd6aedc9e334949588a0a6d1d74c4e973ff0f9f251ca2e8620db1e461bce3a84c5f98afc1dd93dabf3acd5b43c0dc73b85512e603e61faa47af80a170298e39693ec85a5f706666ac17bd6df73d88028b36f19b9ea29ba95ba4b3f22d8bb3c0deb05ca1086bdb617ed8a1abc10420757462dac
+** GENERATE (SECOND CALL):
+	V = fc7fcb235acdab73fe5a0a90fa6ac90dc3184c10be3a36bdb0935e1125ed95942327cba8261619e7f576aeb4330ff84ba5e7fb27b11907
+	C = d0a5beaf15f06c29fb83f27fd9488874a28e1945e55b6f4834c7840be46b32bbcef997a835fad0404cc441caa74679a34b2e5f39f12081
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = c55f13235acc38435e9c5fcb0112f5f9a2ab2db6b5bb358c0df7d4364a3bb5af
+Nonce = 7bb571aa0602ace26ced3dd6f22547ae
+PersonalizationString = 8c5290a7d55d271ecbb703eab7ef67faa4ad286abc1195ee8a6a9c8ad5be2446
+** INSTANTIATE:
+	V = 6178d2926273ce885da4a0b71e4b1bc04c1e208b1eb3300f0b325a999d54e602478a9a328408506baaed9ab6ce4ec8eeb902447bfc3476
+	C = 3800e70306818c54f2315fc0e317eff39d9c5824e57e885fc727cc814e4e2bb9dfd44a4d0e95832c0d38518ab51fce1ba8a4345df159c9
+	reseed counter = 1
+EntropyInputReseed = e20cf0e468e7f545cbefd0f581131097c06062446353ae5805751fc7c450852e
+AdditionalInputReseed = b8d6b8c2f77b5f84506eacee14b4687fb970c7e597f8cb37dd587e74240a442f
+** RESEED:
+	V = 1ea630c34a2cae9af8b84cf90cf5c72d5c1e46575021140b8386562924a68e2f5cab5f298df3608edc103a0d36acdf1bc88993c9cf09d3
+	C = ef5ecd09ad8733027f0a387815a45b62b759f7bb9126b58468ef819011e34a2e233d2ed6491a75f235abea8b75abb8c0669d5d54dcc901
+	reseed counter = 1
+AdditionalInput = 28f83e27ac60d50883de843769b50a5fd425891a1ec2fbfef00849d9b7c9804d
+** GENERATE (FIRST CALL):
+	V = 0e04fdccf7b3e19d77c28571229a229013783e12e147ca01b022d6f353bf04cd17d64ab97364a73e25943b445aabbb76639c13075d509c
+	C = ef5ecd09ad8733027f0a387815a45b62b759f7bb9126b58468ef819011e34a2e233d2ed6491a75f235abea8b75abb8c0669d5d54dcc901
+	reseed counter = 2
+AdditionalInput = 6db48fa278145140261ba1001c4a93b07cc74eaf6a525d7032e9cac1e8ef8ca5
+ReturnedBits = e2c2f0142db7775c20ba08caf3cc5d014a69237c60e29822d3b95ae6cd9ba8f6dc57a4233d298c667a01fa46061b508cf1a0888af04ed996d10a9261ad982e242dc9d009c88e109182b95f5212d62eb41c2dea56be313e3027286f27975cc3f881496f5d00c35a4d70b429892e6d9ac107dd7667b26c106cf4213aa98fa850ac
+** GENERATE (SECOND CALL):
+	V = fd63cad6a53b149ff6ccbde9383e7df2cad235ce726e810d4da93b8a97b23f3b5a4943c9e3d21c46c03c1a07326a0db042cc28c680ac64
+	C = ef5ecd09ad8733027f0a387815a45b62b759f7bb9126b58468ef819011e34a2e233d2ed6491a75f235abea8b75abb8c0669d5d54dcc901
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = bc5b8d1517b6eacae26589203e0e9ae349e34f346c63858dabfeeafad7dfb12b
+Nonce = 5d8875c42bb320337967fb9baa1ec500
+PersonalizationString = 07a069c2e4e5fb4752750caa90684eadd5e3a747aca86d10c07cac97d4ffa47d
+** INSTANTIATE:
+	V = 086508d156cc4db111736508c2d469191674ca90c1a479016e6772101c29d06f3da6e9bbe827eefc1206127540013c63af43c7f93161e7
+	C = 4ca982c8f2fb10c83842ed21e9a8024b9a5d0cfaf89ac217b6910540e522b6c54d9cd281b496f4397201a5c38d07f6e5532312c3f24847
+	reseed counter = 1
+EntropyInputReseed = c84dd873d76a7742232a9136cc5126ef6fcfc3e59152670d1624eef097d4e290
+AdditionalInputReseed = 378d28289e8757b2ebb6598846443e6ef7f49a0b4dd458f3ade9c34156a8b08b
+** RESEED:
+	V = 8fd8e87483bac6403bba586bd4a6758826ea51ff861c15e42cbc02a2ec82569e80d11b4685a352869f265c8f0954e464a153cb410aea5b
+	C = 8b6bd15037ebae45a366610426479aeefea1cc019c553ee74fcf0ec231b9ad0fafe48ae031a9a24079c2a18a98b41867932dcfb2c70e7e
+	reseed counter = 1
+AdditionalInput = 25bb43ac515048cf995fc9184b62a8fe2629451007811867683c5815743efa7a
+** GENERATE (FIRST CALL):
+	V = 1b44b9c4bba67485df20b96ffaee1077258c1e01227155643a11226917ca9275d55348784e10d64525d8bfa64bb656d71a7069a5f269f3
+	C = 8b6bd15037ebae45a366610426479aeefea1cc019c553ee74fcf0ec231b9ad0fafe48ae031a9a24079c2a18a98b41867932dcfb2c70e7e
+	reseed counter = 2
+AdditionalInput = 83ea415166fe870dcd2f0fcda41b955f39ba96df50e40fb7de3a433f4e071250
+ReturnedBits = 546d74204c4b37d20d723143852121c7b7ba5affe13fbb5ae34908b00013776d6efa371062912c152261059f2ccf9231540a47ddc8853e29a2b816089fa12954346ba2d3732d9f7a39bf0d7a27865bc0aa5ee9934d4ded4e6fbc5f95a86a437a21f7635d78bfbfad491a4723b215eaefd9a160f0e81744632280b5d5cade4eb4
+** GENERATE (SECOND CALL):
+	V = a6b08b14f39222cb82871a742135ab66242dea02bec695a2ac3ff349932ac316a6faa83a1150f003a04b54aeabc7c1e2818765a79723d9
+	C = 8b6bd15037ebae45a366610426479aeefea1cc019c553ee74fcf0ec231b9ad0fafe48ae031a9a24079c2a18a98b41867932dcfb2c70e7e
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 55f8e9e659f8570606a22404e520546435439272187a8a4f89a4fc5e24d34db5
+Nonce = f3834594c1251b36dd02fc5929236d7b
+PersonalizationString = 
+** INSTANTIATE:
+	V = bc2a1b38aa9834fd5a38cb5efe9a4cc4e8dd390c4c1242f0c41e049aa24013727d9ff27976a7f491c1ddce47b2ff6d640f1724da2c1850
+	C = d4c9b6fd99f04acc9b84c881f650f76f95ea4c5886096ecd28f42bdc2bb4fc8c0c3db2d632a4a9f47092df09cf03df2449c3365f6e1ec8
+	reseed counter = 1
+EntropyInputReseed = 286e19ee192b8c39788b218ded60e68151749369fe5fadf494d5972d8979a0d9
+AdditionalInputReseed = 
+** RESEED:
+	V = 6629ea944297e028414da627d31d7e4d9d50226368b30fea63fdfd0ab2a534a0420fb2e6c4bd0dcd6fe3607a8db6c17b1069c709089978
+	C = 7d4b472ebdbcf363357ee609e25e3a40aa17fdf29b9aff294bccbffd08c600ab4be9f06f6118760a63082ab61b7f33e2f109c9ecaf35ef
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e37531c30054d38b76cc8c31b57bb88e47682056044e0ffd2b3dba6b76ec8b2d4b6670a08753e1147ad57871f35b36e7afdf3af47f3466
+	C = 7d4b472ebdbcf363357ee609e25e3a40aa17fdf29b9aff294bccbffd08c600ab4be9f06f6118760a63082ab61b7f33e2f109c9ecaf35ef
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc2a08be3e98f5603309622e764544e78de59c4be74cdc55ff31e4c7f87332f7b90dd950ca27e200f112cb4ef4d4e2bbfe6165e7e7f3f34da62c81002b5f9ec4b09d3c2cf5f0674091ce70a6b50283c3109fc26ea0c001d787d42777719e37feaf8b3f2600a75dd944caf1dd09b5664c8cc73b23489e68f862539d71d871a8d8
+** GENERATE (SECOND CALL):
+	V = 60c078f1be11c6eeac4b723b97d9f2cef1801e489fe91005dda4c1a1327b391672a045b6d3d1861a23dff3928809ffa33d49b448b66170
+	C = 7d4b472ebdbcf363357ee609e25e3a40aa17fdf29b9aff294bccbffd08c600ab4be9f06f6118760a63082ab61b7f33e2f109c9ecaf35ef
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = b0c064afe88ed86bdb310777b98410e5af389fbf00ac554abe4b567ebd18a227
+Nonce = 7106f2a36640ccfac71e7cf1042fed2f
+PersonalizationString = 
+** INSTANTIATE:
+	V = d3708588632cd0488386a3aa6c9553de049b1fbe020018aef38989bd2cac34f84ffcb8391eadd412a2283f1c004109171b2ed2088948e1
+	C = 0a0b569b81747030dc91f92300e711377f78249f732d88f114911d6d2eb29037f469f404e2e92661020a09204540cf11e713a5d3e3b1e8
+	reseed counter = 1
+EntropyInputReseed = 9fdf5ccf8e8f0d6f1e818f181c1dde55586ebfa7d970e5c734aa6b2a845240e4
+AdditionalInputReseed = 
+** RESEED:
+	V = c7f1a1fb195a8b17d6fbd840bd5002cae85a5fc883484d9edf8cc519972862a42d8430a23c43223863cfbb2a4212cff6a8a5cecdf02e57
+	C = 083658ea335229bbbaa92bee85e7bc81e6cecde0906fecfe2387ca16edf7831a6407e207921d0ea6605cc9afc79fc3f2bb09a55e91aef9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d027fae54cacb4d391a5042f4337bf4ccf292da913b83b40e18d880f21968a6753cc5a74f9c3b7e3de8ad8115002b656779f98d133b281
+	C = 083658ea335229bbbaa92bee85e7bc81e6cecde0906fecfe2387ca16edf7831a6407e207921d0ea6605cc9afc79fc3f2bb09a55e91aef9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ecd1bc17266fbe2a55518ba0ddb006e0b1c7e6b8276295f2d0c81fcbc7d4ae42ea59bbde0dcee9458b4f8bfadd3f170eac2553ebff8dda92d3974edaf97164a57e72ca3304c001d56ee5e07a55391cd2bf184d54db42848a37da261aec541c2d7146c980cc3dd38bbaf43b09bf3c02041dd8c76adc1438d4f379101d8deabced
+** GENERATE (SECOND CALL):
+	V = d85e53cf7ffede8f4c4e301dc91f7bceb5f7fb89a4282916ea0ee77ff56745a2e0ea13126b313159d8590bdebd47ca40a0fe1d64d8b970
+	C = 083658ea335229bbbaa92bee85e7bc81e6cecde0906fecfe2387ca16edf7831a6407e207921d0ea6605cc9afc79fc3f2bb09a55e91aef9
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = b7fa2264ae7a375afaae68af6a6d25b772c70f266123623ec65b84b91708ac4c
+Nonce = 92e357d901d89b3ad35b6a218e1bd2bc
+PersonalizationString = 
+** INSTANTIATE:
+	V = b865ecd812cc7e1673a2591581d897e56f46f228741cb215a3878e0c669c659efce268868e3419c8ae683a58b68fef4575664b4e48d3a0
+	C = 24ba224e8db38afe04b8e6e17f883540ebea07ecee74b2be4ed617e547f28b000596622b34ef971874df36eae5b5cb1015be66dcb7c930
+	reseed counter = 1
+EntropyInputReseed = 5d658330262c2ca399389c21c461aae4b75eae5e6e083177a63f3256f8ed1516
+AdditionalInputReseed = 
+** RESEED:
+	V = ec689091976401a3c090bce1e9232df2235fd8dae8942a16ec2485cc4454c77649daa4a1630384a7584f7a29fd8181b2913b4e53028bbe
+	C = f7a0cbe8c6311d9d63e540aeb430a603a77c0b48014239af3cf43c9ec9e60daa2aacc1e473709139e0877d8a562df5c3cc1b4a50daf362
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e4095c7a5d951f412475fd909d53d3f5cadbe422e9d6647290019577b99d6aeacdc2154327f1c533ca3cb2289c0a52a957aaa841929fe3
+	C = f7a0cbe8c6311d9d63e540aeb430a603a77c0b48014239af3cf43c9ec9e60daa2aacc1e473709139e0877d8a562df5c3cc1b4a50daf362
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 02dcb2091f03eb35fc54c37864e70ddf10405a4d73edd220ccaf9061b9f31e87e85b0a3ba1bae84e3bf5ed8d8b6948a362d2e6cc76dacad952943d64813769305e30389e6cb420c8cb482d9258a5edff4d7e80d9f9b7b0d0123a31c3be7b863fb79e8e4df5d55a7063270b61e9a9d106c71e5d9f41017b5ee4483387a6d33ddc
+** GENERATE (SECOND CALL):
+	V = dbaa286323c63cde885b3e3f518479f97257ef6aeb189e866a0e52475c9b658996c0e9a4c3764b7a49e00b559638766216898633c7ca04
+	C = f7a0cbe8c6311d9d63e540aeb430a603a77c0b48014239af3cf43c9ec9e60daa2aacc1e473709139e0877d8a562df5c3cc1b4a50daf362
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 15163dcd9ac72154f7124d3aeb4dbcbc236938dbc541674e9b506c85bfbc6d03
+Nonce = 19cc38bbad5672d29f03392e028e3bb1
+PersonalizationString = 
+** INSTANTIATE:
+	V = a752db620359b81191cc5a2c9a5bc1b496f27d9f15b9bfe229dc602a9f7fc67cc2c9c3cb66ce160e8a7e23617d72804c1f4cc7690a4dfb
+	C = 7ebd38f9dfb11f0e8ebba8029713b4b8126b02d45787debd33ecfb61b493082bb95cf3ed3ad1522f22d98794c9d5babb96bdeff3ff8f18
+	reseed counter = 1
+EntropyInputReseed = d7e8588e42992e580f54d012be117d75d4b114e51e8f2f96557d429bc52095e1
+AdditionalInputReseed = 
+** RESEED:
+	V = a659d96d39a184819f001570042fea598e90033b4b45d7afbe8ab3cb6a7054be40e2330d4b2b832bfd624d286107ed90b8431dcfa925a7
+	C = fea086c6f6c30384ad72d411a07d41838ffa47c2e879c9e72916bd9fb36475f8787f62d5d2ecbf1d3061e7ba5f59cc95b21a2a76388aa8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a4fa6034306488064c72e981a4ad2bdd1e8a4afe33bfa223f7254317e99dc1d65d9a7395c78d96d2b471abb68757defcddbde34c19af4c
+	C = fea086c6f6c30384ad72d411a07d41838ffa47c2e879c9e72916bd9fb36475f8787f62d5d2ecbf1d3061e7ba5f59cc95b21a2a76388aa8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bcca7c876655ff1e159ec7931dc6f21e9cc61839dab75b5f91ef606c29b99a7c30fcf693f7886f28b953f7aefd2d17644e50631a809841869664ae6128cad5eea3659c3b97942d290f2525aeed4b2ad1958fa6ffbf0aee49a4245e4efd51bebf843b4dfc076fe3ba3db4ad48e091d2cd43d173879dd6d01e329cc5a7031728ec
+** GENERATE (SECOND CALL):
+	V = a39ae6fb27278b8af9e5bd93452a6d60ae8492c11c396d09864945770e860be33601f9bc01670a6f40333023cfee0d7f3e74ad47441dc1
+	C = fea086c6f6c30384ad72d411a07d41838ffa47c2e879c9e72916bd9fb36475f8787f62d5d2ecbf1d3061e7ba5f59cc95b21a2a76388aa8
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 3176da18327fc42dca68ff3deedc2846a8925523698cb87c86d8fe6b94b78807
+Nonce = 226a7ea014b092a00ee51cf6789cdaa6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 75bdab544e591e1ffd290f92322451da1fe07f21c445324183dabea77b5c4bd1975c13b5877653a93a63ce415c5a30db724f75d927eb95
+	C = f5b352a4b95c3b69d847c3a03a05e8ec1bd178b198748a5e336c292bf12c86c862e641552f01b5eda2456da0b92361104a4ec4adec9cb5
+	reseed counter = 1
+EntropyInputReseed = b79ee0d4016ab5a1fc3130d0943a1d7bc8950d22ef98dbb30fe2824e78e1c855
+AdditionalInputReseed = 
+** RESEED:
+	V = c9300b64fbebf4b75fced1b40d72bd683d6a4c8dd95675cac6d683a0fa2441652cb998021edcc0debee7dd70fb79838f37eac7a8b7faf5
+	C = e2a15b0482acdae5b183e7147eb3c12e68e20cb9fdb0b76782652fb9668d998b4df172ef504c388f5571c9d3c16a019c6e58e6191977f2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = abd166697e98cf9d1152b8c88c267e96a64c5947d7072daf581eef601a35ec22f12638bbced381e112e82336a53e7a4e0319a7eb5181f9
+	C = e2a15b0482acdae5b183e7147eb3c12e68e20cb9fdb0b76782652fb9668d998b4df172ef504c388f5571c9d3c16a019c6e58e6191977f2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 690890ad2e91ffc67df44bab33e9c3443411580fe1de3b6ddc7cb42ca05a931fa356c889073aabb3f091e910095ba0ff0a72fdd8dad1b557905783d46b5fc1a60476ec3078c64963f51353556370ddf3496acc13cb2c9c489289371476dbcfad4a948770b48e97abcb5a7cc537cac0a7f8056fe95e1e3ff3375e82d079b495e2
+** GENERATE (SECOND CALL):
+	V = 8e72c16e0145aa82c2d69fdd0ada3fc50f2e6601d4b7e579c66bdeae197facb1da0e96fd75b1cda62451ea2a9dd4e239e7c1494c7b37a2
+	C = e2a15b0482acdae5b183e7147eb3c12e68e20cb9fdb0b76782652fb9668d998b4df172ef504c388f5571c9d3c16a019c6e58e6191977f2
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 1a29ef3b1822b6329af233fc2b78d879b000602a5e2ac08f124ae664d0d36322
+Nonce = bc0165c7b800ee3174122d73409baa8b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 214fcedc20b15a782081551e3ea4fe513253662ed3c6059b6753b59ad0b0f85cd63beb1c065f8d729528efc1a2df539c7138c3387b65b5
+	C = fc97bc1c9fdf5dd85d9324beed21d4387d70e404878626240d9c8df2fdd8ddc03028ca3871e45d439b025072b0617f866d251b6ea1fe9f
+	reseed counter = 1
+EntropyInputReseed = 7bd6404383f2c690246383b82eefc0edb937f04dbcbaa489cffda5f168710b2f
+AdditionalInputReseed = 
+** RESEED:
+	V = 286d45cee691ffcc19e48af329954b6183ef5d84fefcdede6de2c024669907f81a4c0bdf2c159f048417600204052807e730eab2e22ab8
+	C = 188a4800d932c29abdb8b760d369ca6547a0c5831f6bfb5f6904992dbda8874e6bb8d07167988e97c8e597f9024348a562b325e507a204
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 40f78dcfbfc4c266d79d4253fcff15c6cb9023081e68da6d91c79b69dce8a4448c0e9a27910702e986a408f45366c06ee3d3ff16205006
+	C = 188a4800d932c29abdb8b760d369ca6547a0c5831f6bfb5f6904992dbda8874e6bb8d07167988e97c8e597f9024348a562b325e507a204
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1d91ba51f2b745094f784a6c6cf317c3e5006b31fab49a54d6618fd62041f7dbc2f0083839e197d305e817bd80820275418e8b7df9d929ea48d60de332c1cb7b4bd361e9053b29a995eabc42f01a55c764d82ad88af4eb3f24e34ecaa9c8a49a6bb3f93a0fa5f595320a17638e287fc40e4c87293036bd0d38ab1c0574771b99
+** GENERATE (SECOND CALL):
+	V = 5981d5d098f785019555f9b4d068e02c1330e88b3dd4d6c115da5f057e721b5a2a8b33ef81a50bf8d23e8b9b395fa414fce9db667c007b
+	C = 188a4800d932c29abdb8b760d369ca6547a0c5831f6bfb5f6904992dbda8874e6bb8d07167988e97c8e597f9024348a562b325e507a204
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 701424ea03ccfef83255e1f4893f67d3df604ae6b0b58269420ba63a292c6b63
+Nonce = 742d0cab6195c0da7246f3817bd12de8
+PersonalizationString = 
+** INSTANTIATE:
+	V = cdb96a7a8357d86c358a06bf422fb8fbb99efac8890911cb8e3bca4b6d9b0f353f26f800ef4ec407ffed4c601ff3372eca5b5e12920186
+	C = 6a2407fe27482d67445b640ba8f3b227697732256b5aca1c9b8fff9ce876fb55cf18e88cce59d0aaf772176dd181fdba1a7cb2991e9dfe
+	reseed counter = 1
+EntropyInputReseed = 6fb174625138cfa4768acf7e610175fcbd9abeaa99400f9f417539794922842f
+AdditionalInputReseed = 
+** RESEED:
+	V = b5dfedaeedd7a5b7c05eb736747906d9fe984aaeab5f6fbb9f4a460162c26db372a2b9817f231e7409d1615ade850a3bc4672f6a5344d8
+	C = 10fd532eee1f506ca0c17d989221873ef318f4a2c9eeddcde64bccf275abbe4370313c3e495e93658c4d951c5616a43b10e41e4f235fa1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c6dd40dddbf6f624612034cf069a8e18f1b13f51754e4e5960e4767b93faae8a536cd4672b381c3482ed0d2602446cdb4414f86a74c948
+	C = 10fd532eee1f506ca0c17d989221873ef318f4a2c9eeddcde64bccf275abbe4370313c3e495e93658c4d951c5616a43b10e41e4f235fa1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6dfc046689958930118a069d1d4a836877667dba833deede8046114dbb5ca16cb34fe841a5992d3d35d663d6326a972b10bc8682bcd95e8d1f803756a1189df8512f4a6272be6afd31256160ba83ead766c2e38810419e351e5c634d68ec0cfaba217e629b008c9b22fce7d598a74b1ed97eca85cef93422e35ad44e3e942a78
+** GENERATE (SECOND CALL):
+	V = d7da940cca16469101e1b26798bc1557e4ca33f43f3d2c5cd4af84dc466ae44df8979aff019d737fc15795ffcc900915d6d9a5f91bbdf7
+	C = 10fd532eee1f506ca0c17d989221873ef318f4a2c9eeddcde64bccf275abbe4370313c3e495e93658c4d951c5616a43b10e41e4f235fa1
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = d48e66efe115f39b06b649bda8f5bc0f6aa32e2a3ce9fe42edceb237ee382284
+Nonce = f85fbb0a5e5294ca9cc1450712fd5f31
+PersonalizationString = 
+** INSTANTIATE:
+	V = 56b71535d2e1a15b2468235a460c088438b022cd898e200d1634623c61fb79bc452805e5c087f5eb18abc27e5f5a386b043ee9c7be2e77
+	C = 3c74e94d0f6abffd4608694bd076782f0189fa3f14de189fb10efc1ba11adaca567a8bc40951cd0d642d22871a5661a322aa4cf4d50491
+	reseed counter = 1
+EntropyInputReseed = 09cfb70004427f5cb0aba01eb9834eb9c9e3f4ac1964e68d029dabe352a9fc91
+AdditionalInputReseed = 
+** RESEED:
+	V = 3784fb18a14812477cf097c88353cce1fb78ff00a49d437bb74a8ee25cb8f1e109ac80985e23cf18c31752860a7057069e6449fce2fa24
+	C = 2123dc6ef388b8a3b306360f33fb4cf7f4873a71f249776328d4ac98bc0189544f7f7c458e33d9e17761bcbcfbaa9ebc2269e21a763091
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 58a8d78794d0caeb2ff6cdd7b74f19d9f000397296e6bb38947fb3ae7d0fdf7d52d65ae011ce3f0ac237d8e6c5283bd54bf600a27ab757
+	C = 2123dc6ef388b8a3b306360f33fb4cf7f4873a71f249776328d4ac98bc0189544f7f7c458e33d9e17761bcbcfbaa9ebc2269e21a763091
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = da5584af445626e298e822e8be9c7e990f86b14b62c5854a1220f115450e412a05a354ee9488c774147f333797f32e88d7473fe9017289b00a8d6b9557e29c1d176b374bb7f84bc878e708819622fc177498fecd0116308e7479b88c25d80995411834bcf1133a455e4c937d47da1090b3137b556c07273851a7fbb8a028d9a3
+** GENERATE (SECOND CALL):
+	V = 79ccb3f68859838ee2fd03e6eb4a66d1e48773e4893032fae5e0c04c2dad9bb6ce49fa0522ae098e6b130617c4df4cdb15b96eb26421f8
+	C = 2123dc6ef388b8a3b306360f33fb4cf7f4873a71f249776328d4ac98bc0189544f7f7c458e33d9e17761bcbcfbaa9ebc2269e21a763091
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 046f6c6c527e50e4429ebc431c2e8efcc76895af2b27ec372090a9cf2074338d
+Nonce = 707aab08c0f7ff0ae84e823d4450f6fe
+PersonalizationString = 
+** INSTANTIATE:
+	V = 346e1de150497e0936ecf97ebac32c701f00c9636412b14db192e4400e35cabd9cd172e01000b2410b64cd82ce1839ddf60ba41f80e8f2
+	C = 292c5fc1526e85093090dd958a33db9b3db26822bc5b3332cd84cb09f7b190058fa6ddbdedb71633218800f600e64dacaa208be528391d
+	reseed counter = 1
+EntropyInputReseed = 16b4a829ebd20c7aeb53b918ba7061554bba926e300a7d124988ef13a5ec3e82
+AdditionalInputReseed = 
+** RESEED:
+	V = dd070bef068873632df3487765d52068600728bc12114ccb2ad138c1832633f0e75d3cd8490f8b4311bf23d7f4630f9ce9eb5c33b3757c
+	C = fc7972a869ee710091462f27f3e101753e47bb086272a08f81a8cbb9ec97ac6b848bae9803a723225d94db7dbc5bf05fff1fe0af636468
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d9807e977076e463bf39779f59b621dd9e4ee3c47483ed5e7a94e5f62b48e930b650053634f92a0a433a1d6743c306e573a5625c3933fc
+	C = fc7972a869ee710091462f27f3e101753e47bb086272a08f81a8cbb9ec97ac6b848bae9803a723225d94db7dbc5bf05fff1fe0af636468
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2ecdbff5cf0fbe2b4265154de701f331a5dba59d7a6946131021159cedf3b86f8bab98a1977dc4c3cafc064cd6f823bbb8bce2c75ffcef56a571c9d66bb2c1be3229fcda4d42a8ca4677427d3a84ad2fe70b96b990606db364a7faf5b58dab837d0b7280312fd2443560d1a03325b5204b11dd6c8b2ac82536546182eaf697d6
+** GENERATE (SECOND CALL):
+	V = d5f9f13fda655564507fa6c74d972352dc969eccd6f68ee5766bc314c1d22c0de72a3eee7c7efd6b245bb9bcedc97fe559ea4c7689fd53
+	C = fc7972a869ee710091462f27f3e101753e47bb086272a08f81a8cbb9ec97ac6b848bae9803a723225d94db7dbc5bf05fff1fe0af636468
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 6a94808824a33ee1c57918af7e605092b9f60021b0fd1ea6f21f98936e639daa
+Nonce = 86b1b04f417359b64afd8dab7f4b3460
+PersonalizationString = 
+** INSTANTIATE:
+	V = c5b4b5b6b214f2e523b4bfc46cdb280dff7242353017040dbdb14750732dde853fcd0e255a97beeece50fa555579aca4ac0eeed113fb5f
+	C = e37d6a3e5be42cc508b9969e0ccf03c12516611b4e911649d9026842ee2466bbc5a3e3f438516b5d4a80a45cf615b3ceaa9fef2ba97684
+	reseed counter = 1
+EntropyInputReseed = 90e756b94f2096f495d69de62333c1b6627aa727cb6aa082e0c049e213412003
+AdditionalInputReseed = 
+** RESEED:
+	V = 6eeed4bbed386059ebced47a699d6c619d767cce2c1a4985c88c717285ce66d9e4c4b6a42d065818d3e64057c2f322446db0087a9b3e83
+	C = 57c550e1cd7fab77e2cd4f22b531f8053fe70f84eafa28d666ccf8f6108f647765e9f32970926f3fde946491930180bdbd6199de9dd965
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c6b4259dbab80bd1ce9c239d1ecf6466dd5d8c531714731591af85c25ce471bae6052a36e68426df4b8c7484f5143617bc1fe53c280a90
+	C = 57c550e1cd7fab77e2cd4f22b531f8053fe70f84eafa28d666ccf8f6108f647765e9f32970926f3fde946491930180bdbd6199de9dd965
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 709e32e79e35d4390c5447da27f475e32e9de42b43b493583ac4bf78b00ec19086126a5875de25ca1d148ba58be45ef4886f7e3b071722d2e8cf296bf436d5de0bd8115199c6a0e92488d91b96082afa40998865a17085112c09f58aa1d2c495009560512d237b46d686a18ef14d6a4d6f5c562fd6c3e7da627694bda69dbf7b
+** GENERATE (SECOND CALL):
+	V = 1e79767f8837b749b16972bfd4015c6c1d449bd8020e9c8282f32326e4d78b97b4db3a07a97986c68bfb76ec5f37b469c4d097f33d3fbb
+	C = 57c550e1cd7fab77e2cd4f22b531f8053fe70f84eafa28d666ccf8f6108f647765e9f32970926f3fde946491930180bdbd6199de9dd965
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 8e6c9dea6be300cbf771c6c97581599083e50852bea5639384d2edccc939b5fa
+Nonce = 8daec979f91f11205152d66231e48b25
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3ae9501d6af8d953e4609ecd147538cce492977c56608daeddfabb3901e55b4dddfa962fcf2c079e4b8db5f18aa8b320fd0ba608b78400
+	C = abbd3a551e5c55c84a24423dd0f956438361541549681eae22f13f169e3125ea0e200dfb6b4adb46b22a3c598acdfdaa4958b65769b4bf
+	reseed counter = 1
+EntropyInputReseed = 4fa5541122ec689bb7b10c18111124160eb8540d39cb5bd47c45a2b653381436
+AdditionalInputReseed = 
+** RESEED:
+	V = 4afce0c1e80ebd0ef2d06400d83b10403f4385ac00bdeee1c7d287fd4fb07364dfef91187c8d07e3ed6d3fb3859da740a971c41430d2ab
+	C = 9b79076046defb2d172638e6ed02a055a6ea37d431840598c503cc6be2a4a9401e7e1da559c11371f5790f97397c2dc1a57e591910dfeb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e675e8222eedb83c09f69ce7c53db095e62dbd803241f52bdd446a344ed1de5105913b96a82b7b121af9e683df2d949178ad299fd594e5
+	C = 9b79076046defb2d172638e6ed02a055a6ea37d431840598c503cc6be2a4a9401e7e1da559c11371f5790f97397c2dc1a57e591910dfeb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 312ad3c7972040633255660db79950a87cfdb5ab803142cb6332de5dae9d7ea85d96137411848f8a2ed0ef764d4028a9e315a536dd0b6ea516e5729b1e91ebae7284d247f7cbd1a8efdd1d9031b8471917ec5b31ee1b3532c72d132869067524ee30fcada919f7b2430f68d5ec56ae2496e04bcfff99142fac337c8238ef899a
+** GENERATE (SECOND CALL):
+	V = 81eeef8275ccb369211cd5ceb24050eb8d17f55463c5fb86b0c0567b6c48da856ad1fcc61def22c9172569b11872037d7dcd13545df5cf
+	C = 9b79076046defb2d172638e6ed02a055a6ea37d431840598c503cc6be2a4a9401e7e1da559c11371f5790f97397c2dc1a57e591910dfeb
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 37eb159e6444a5451c9e444938994af56830937957d761376c24087a11720ce1
+Nonce = 2b46c95eb9622015e6c19b25351476df
+PersonalizationString = 
+** INSTANTIATE:
+	V = e8666d163fdbdb36d53f25a18263db6f42f433beeb24a5edae79e856a3a3452fbc7ee0dc2edab13f409e446220f06cfcfd43a566487be3
+	C = 136de638d64a626abc337b4d58b83f629bd372a89eb9b2c6a402b9a1e345d10119c10837064f080dca82a1528afad24ff1ac98968f7958
+	reseed counter = 1
+EntropyInputReseed = 45b517412d87817d8f31e66db28a7fc50fa0428cc2fdf60d221f0e72de974215
+AdditionalInputReseed = 
+** RESEED:
+	V = d13b50c14dc3b34f3b74a0f2354a36a3a1bf4a3697d8da927e1921df13f2a845202fffcc73889167375f11a74237af8e04d18f156e08e6
+	C = 68a833ed479c7f42d7d14f8c075fc25bdbe6aed0a4ae502f6ecffb934f7a7798d47d20327ff95f27bbf60389ffa19dac0a3dfcead6de13
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 39e384ae956032921345f07e3ca9f8ff7da5f9073c872b5be87ab8ffb7c163403bc93273c14715221ecaeeb24d87ee6f09e945bf0c0990
+	C = 68a833ed479c7f42d7d14f8c075fc25bdbe6aed0a4ae502f6ecffb934f7a7798d47d20327ff95f27bbf60389ffa19dac0a3dfcead6de13
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c665319561afb904a3f34f1668f5393818d76a8ee61e3ceaf984d5a8364ddd45e80abde815f555468e009ac691b2015e2c3d4f14de2390a996a339e3a0a2798e34226796ad0e967700ad65193e914e15f6c21605161e7e9d45de4001c394263e52574ba3284c0660855f0ecde1bc6bdbf83ca930b4b62ee347ca5903cdb9b97e
+** GENERATE (SECOND CALL):
+	V = a28bb89bdcfcb1d4eb17400a4409bb5b598ca7d7e1357c48866f23eeb1debff3245fb304113d97dbcc75bbd3fbe32c9e221efdc0798145
+	C = 68a833ed479c7f42d7d14f8c075fc25bdbe6aed0a4ae502f6ecffb934f7a7798d47d20327ff95f27bbf60389ffa19dac0a3dfcead6de13
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = aaa659ff918e1868a8ef03e40d13d88ebb1d482fe155a830aa8e8cb5c55e7214
+Nonce = 98b64510942e299f935e803c1cbee4a5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9af0165f06da4c0614489e90a478b4169c843e1fe461d71c92a89c08e1cb5e79fb9bd322893043ebd934a472cf2b80efa40a284fc3edc7
+	C = 738143de609ea8c1d920c756c47444b7d1cb4ff923cc3251b46a0fb3ce7b3e333415ed3dfdf2218d6ac5c26af089d6674abc2c2d021cd0
+	reseed counter = 1
+EntropyInputReseed = 2823c143f33e9cbb47a8529b6165ee683f18e52094cf74706b8c1be07bd7c318
+AdditionalInputReseed = 
+** RESEED:
+	V = 38d2a41616a5531413d56a952c9daf9d7199e17b61fe8eb52c78b6764c52b063a7c949e9e754e3f7262914a890b331262fd42fc9595873
+	C = 847bcb01d6beefee1d4392a13a181d85cd9af0f05511084090d8df91d1a9191007d6e24cd25c4b1246c3ba00485ec7d835fe3b95ecdd40
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bd4e6f17ed6443023118fd3666b5cd233f34d26bb70f97448144e7e4ac3aa0f362b4ba1f5aa0a929a316223fb3455f0d6ddb865bc3f09b
+	C = 847bcb01d6beefee1d4392a13a181d85cd9af0f05511084090d8df91d1a9191007d6e24cd25c4b1246c3ba00485ec7d835fe3b95ecdd40
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a2368069f440f45385d4dd1b309dba5a0b6d6cec363aab9f08ae0a205b03cb6dc83f082099c576fe50b1b23749c04eaf1ab0122f43ff025e6c7748f23d8eea0488509400f45c12976ea2d452451640ac00d3c158c62ae9b9eb35f994b14f0997841de5a265bf522823c3429214135825d8c956e96c2cac2025d6f64c799b01df
+** GENERATE (SECOND CALL):
+	V = 41ca3a19c42332f04e5c8fd7a0cdeaa90ccfc35c0c209faaf8af87323a58a9eb99ecb08ffc34150d96bc8ba284bed8c2ca41222e8de6c1
+	C = 847bcb01d6beefee1d4392a13a181d85cd9af0f05511084090d8df91d1a9191007d6e24cd25c4b1246c3ba00485ec7d835fe3b95ecdd40
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = e4b473f001c9d5dd28040e9deb8c3d3cc54607f8eb0e55db51ebc32fbe06cba5
+Nonce = fda15d14c96dad84ce4b92e2860e7686
+PersonalizationString = 
+** INSTANTIATE:
+	V = 96967fda1f25d80d4b786ef194088b5fbd0bc61e2c3aa18a17786105c24913874d3b24bea53c90db2148b9f56bf245a637fc257f035c8d
+	C = e09783df1e0f02bfe918d8de135fb6a13153cb1196426eb03c74422c50dc3a8acf60781a8a0010fae6ae4ecdf057f35ad7fbd70ddef16b
+	reseed counter = 1
+EntropyInputReseed = 474299492cae38fac3bfc58110c873d7b5363c7044c80eb545b95d9d1f11fbd5
+AdditionalInputReseed = 
+** RESEED:
+	V = 05ce34dfb64ad1186947e4132e412cb3692b7c3979ef792bcaaa87a3dd46f73c1d2fb1a3c9bfbffc011f7ff6d69c84578327585031b092
+	C = c4aec2e577a139fa2f010b717f51985fb43bb766d92e63d4c695c250f09783831bca57f9d683ab6c1e9567e44350d2986c2db861fbd397
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ca7cf7c52dec0b129848ef84ad92c5131d6733a0531ddd65ac5be36fc93802203de6728beeb0925829a69912a8f0cc56c53f864461e985
+	C = c4aec2e577a139fa2f010b717f51985fb43bb766d92e63d4c695c250f09783831bca57f9d683ab6c1e9567e44350d2986c2db861fbd397
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 443f740bff85363d81c026ec0fd22dceeaa092490b65527da7f519c0d600a983039359ca27fa2ce30592c632ab0fc1f1cd736f665db8f6f2c23b196bf28c9a6bd2ae37d921aa97bb1971c8293a9d2eb9d82e583890d450521c48d3f63c3aa92fd5486ddac2b881c496dce784d0a33ad247fdb25e484ddd68d2eb45fb3786689e
+** GENERATE (SECOND CALL):
+	V = 8f2bbaaaa58d450cc749faf62ce45d72d1a2eb072c4c4199a43e014d34652905ff5e33c40cbcb014ac3688f7188bb6c5ddecd56ca3974d
+	C = c4aec2e577a139fa2f010b717f51985fb43bb766d92e63d4c695c250f09783831bca57f9d683ab6c1e9567e44350d2986c2db861fbd397
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 49b6aeb0db302ee8127d192659c9d7e0298b3aff6a0d1ecb6cce8fa2368170ba
+Nonce = 98b32c10ff894722c5c63a664ac7b982
+PersonalizationString = 
+** INSTANTIATE:
+	V = 72ff4d729f46a0df9a866f8220bde83670248f39cbe914dcc694292c194b2e2e0814e9659d8fe75445ef95b2ab756a63b1b55b3a3c0e80
+	C = 90ed70e4bc23c8d144ce754ba10f945299315d41414d79cfeb76c80906ad8cda7096cfc5dc55698c03479d28b058c418a875f12ea12129
+	reseed counter = 1
+EntropyInputReseed = e856e4f2091f9a096e455499e043017a968217f220d239955483c83beeb48a8c
+AdditionalInputReseed = 
+** RESEED:
+	V = 17e7e7f6f99fde3e9cfd79ec5cbd1f1be6a7d4949e75dc5250bf578f92482c71be58f70de6342ff4c06cdc0855e2ccd3bc06e27dbcfee8
+	C = 982ee0c58b27e91eb2dbce365fe57be7861b4cfa8644a3043dfc71f7fbb8fc03c4f86bae9298378b086a4b9d0a33835ea1c54420a41ff5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b016c8bc84c7c75d4fd94822bca29b036cc3218f24ba7fceedf003957bf94b9eb1bf45a918ffabc761fbae710a018afd79b0fb8801190d
+	C = 982ee0c58b27e91eb2dbce365fe57be7861b4cfa8644a3043dfc71f7fbb8fc03c4f86bae9298378b086a4b9d0a33835ea1c54420a41ff5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 86fbe0abe9fa81adfb72be061c7053a1046e71951b26fa13e7046b8d4d5d698a651ded01658fe1e84746efd98d98ea554813e1f5391bbad9f5b3fb11a27c6a945687f55022448bdd72f63ff9347ae991ee259f18ffd5c3c79d2bb1c976482819b5dff02fb17643b40a9a0895cb4fe531112f6bd32e68ecc279be451b5f440ef8
+** GENERATE (SECOND CALL):
+	V = 4845a9820fefb07c02b516591c8816eaf2de6e89aaff22d6ea3f5ef8f76bbb270a4f8b0115a47c92a5675db1c90445b411910a0e593866
+	C = 982ee0c58b27e91eb2dbce365fe57be7861b4cfa8644a3043dfc71f7fbb8fc03c4f86bae9298378b086a4b9d0a33835ea1c54420a41ff5
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = b6ede63ef581505bea11f5f75c13b3d569200f526aff3a4e88466311e120f315
+Nonce = f8c413d038c907c5c366f47a6a514d20
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6b8955b9f4efbffcbc194ea703ce887a5e36e7da61f2dec06414bbc5fc8539723fc533bce1a34bae39460cab691afa4d8d5e923580e895
+	C = a906e918451451316b93042b89de87c3871c41ad48673e781f74a589391054e69d787ff320e4ff75593754094d69a7177784be96719a17
+	reseed counter = 1
+EntropyInputReseed = 95189ffedbf83701c64dfe8754b8583363d196cca19b03e8043e53152949026d
+AdditionalInputReseed = 8d5f68e3bc90d659af580cd80ecee8f43c20e92c4aac675758a0bfbb4cbc5736
+** RESEED:
+	V = 49ba3f7e6b4c060cc225195a8e080de3b13a4f46abd8ff64f1664cd45d5da57a90c438ade318eb491976254a6ed94315fee43b7fd0942d
+	C = a937f29d04d770da7e45148ba174f9100fa541ba8bde9b56a3ea2ea31354fbfce440fa79ecced5851c15fb5668bbb98e9c95cbc0b04489
+	reseed counter = 1
+AdditionalInput = 835eb2664747d9341ee2c9f0abcc6a8fb528e9d556e9a60d8f0d24a63d582ea6
+** GENERATE (FIRST CALL):
+	V = f2f2321b702376e7406a2de62f7d06f3c0df910137b79c2ade7872ee518d2ef20b6e69abb190ee92cf2ecdab12ab7afcabdce338b12d9f
+	C = a937f29d04d770da7e45148ba174f9100fa541ba8bde9b56a3ea2ea31354fbfce440fa79ecced5851c15fb5668bbb98e9c95cbc0b04489
+	reseed counter = 2
+AdditionalInput = a553a538598ff314506c5c9efd4ca793b0a59a46b7e0568e1c7a89e305c40683
+ReturnedBits = 8a64e644273c9040d299ec412704f6474e0fe49c58cc301808595e36134a06e58d3141037fb6b0fa2b43f2484debc331fcb4d38f85a79fd6e5a4f9e5b3d369407dc5fbd86a88a2a623b49deada25a11b280414ada01ef0354e7f6ac0a42e14041f87d4178a619483af123e7d5a6398690711b05c81a7e6b4a39f6028cdeaff66
+** GENERATE (SECOND CALL):
+	V = 9c2a24b874fae7c1beaf4271d0f20003d084d2bbc39638a2b2a11a93f7327025dd4b772b1ddd1691231ba2de4dd04de085de34366d79c5
+	C = a937f29d04d770da7e45148ba174f9100fa541ba8bde9b56a3ea2ea31354fbfce440fa79ecced5851c15fb5668bbb98e9c95cbc0b04489
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c7e26f40a23ed69058205fad48b8899b8db2c1e52c4741807f246eb6661062e1
+Nonce = be162f5be78fcc41759a2417b685cb60
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1ea13cc0a7c1827a080e13ca6d3bab176ec7d4167989eaa48fea3b3660b9d80d2409d3c3e229c353c2e85c61b8180f249dbbb052c527e0
+	C = 54381b6ebc9401dd8a5967bf7c9724905122be4de77a536011bcdd1bcb1b0029cc23e30bcd3fab1386de58f6cf8bc7ffa6cde18a40b6d8
+	reseed counter = 1
+EntropyInputReseed = 94e0710cd576266b065f759340fa2366a3a42c9b91d5ecaaa830c6c76fbbb2ab
+AdditionalInputReseed = 172e9c98af1c64332eb624566c715e2010d7f4440f9aa0b5d03a6286e3fdee8b
+** RESEED:
+	V = 02ef95042093d040aa534fe53d0d7568000a9c5a445d5ba31f03a64063fcb35f931be282e63e7a74c273f5e8d492b64484bc3d8fe6d311
+	C = dd203cdba960309fa141e08f7f8802b07a1bc7aece1b2143fb0ade4d6497d4446a78e6dbd84297f8cd9e70214727cc967b9858f6b6d156
+	reseed counter = 1
+AdditionalInput = e19354fbb0c8c3fe829436ca094dcfe1c0673e10dedb116cbc2e38837af72f76
+** GENERATE (FIRST CALL):
+	V = e00fd1dfc9f400e04b953074bc9578187a26640912787e05dfe6ceb9ccd9aaebf48e70c773b510989d08ed3fed4d77327bf966f7e79457
+	C = dd203cdba960309fa141e08f7f8802b07a1bc7aece1b2143fb0ade4d6497d4446a78e6dbd84297f8cd9e70214727cc967b9858f6b6d156
+	reseed counter = 2
+AdditionalInput = 1ba7552c92593eb202d88bfa9b4853621711fcfcac22ce3fb4c7c293632fd56f
+ReturnedBits = e765f8bf9b893519792ac364f75f91582bb8dd02f5a3b6174d10982ceb8abec07cac35e70c914ff66ed594572fcc775826deb38b4833bdc1deee7852a2a6deeaab8ecec42001775246345a39b520cdf744f55c8c280209df5a32599486d8f1625dce35af70cbedf6ed02fe42a818903238e371a3620af749db985b53a6879709
+** GENERATE (SECOND CALL):
+	V = bd300ebb7354317fecd711043c1d7ac8f4422bb7e093a0463949eda848c5d319c6933bea8264f4756fdfe4f52b0a1e35ad330e7047d8a2
+	C = dd203cdba960309fa141e08f7f8802b07a1bc7aece1b2143fb0ade4d6497d4446a78e6dbd84297f8cd9e70214727cc967b9858f6b6d156
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 88ccf7018bec7a7878c38a61c7377c9fa5b4b686df9298b0d92cf082145e2a3e
+Nonce = d6bc90476604a0792fc40b0caecd2bce
+PersonalizationString = 
+** INSTANTIATE:
+	V = a40661dd3c4cb6f93653cf61401ae26f0705c479b51b6e64ed473371cc9b6e0d22d2a8bc1931fbd235a49d333af820699c911d6758d72b
+	C = 67c40d31989eb2db2e3718c5c44c5ffb5df1d14fece755d2f9b77c49498389415300d1e12ab49671d5bce84992591d456fe7bb4458d97c
+	reseed counter = 1
+EntropyInputReseed = d4423e75c53582f29316af1676a448596e7d188406e9d6a255d7d13540be548d
+AdditionalInputReseed = 044f90c251625c87d84cc504bd0fbb0c1ceeb0031e25f2246381ffa4026c0b23
+** RESEED:
+	V = 7973bb7175cae9b245e29a2764769400a500a1ca617f0b3a2f10ec85c1e2d98e87fb9faa1b5a5545f90a7f423c5ce2ddb8d9de4e2d4963
+	C = f5da2d9a3b76cb54a1b55fbd9ae1b58b6f4d087226ad983b1cf805e0ae061edb7e22ade0301c6dbecaf1bab3339824f7a475762e2b7755
+	reseed counter = 1
+AdditionalInput = 74fa3ad4e976f9a1fd9d154598ca7c7c49ca77e3ea1f736f9e7336cf428b9fb2
+** GENERATE (FIRST CALL):
+	V = 6f4de90bb141b506e797f9e4ff58498c144daa3c882ca472c2e578111f0bec0820bca5dfba542a6a715093e347c5aa2a4e1e7e1cd0a500
+	C = f5da2d9a3b76cb54a1b55fbd9ae1b58b6f4d087226ad983b1cf805e0ae061edb7e22ade0301c6dbecaf1bab3339824f7a475762e2b7755
+	reseed counter = 2
+AdditionalInput = fbb43e46ff2c5b8dc134c40b7d420ed25f3fbf76db9840c26e53a000bb65fdd7
+ReturnedBits = e72eefe2c433f3460dffb1b3b0c0fe4623535e05d0f47b7b3ca3fba7e7244ecfb202d2c6a3b6eaa7d38323df9e0db863e1582fa7e48e7598f6525b917790229f14d4e3b9dbdb51f2f19cb25362e1e6b5192fa3d206113e13a4f9a4ea003b742adbed2dd65a5848ef2aa85f717986164db9746defc53262865b7044f030dba572
+** GENERATE (SECOND CALL):
+	V = 652816a5ecb8805b894d59a29a39ff17839ab2aeaeda3d57871c0ae066b68729babf526e012165b368991951d565e1b2d252c5b7ff7b43
+	C = f5da2d9a3b76cb54a1b55fbd9ae1b58b6f4d087226ad983b1cf805e0ae061edb7e22ade0301c6dbecaf1bab3339824f7a475762e2b7755
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 0675092fa386daf8fe11c505aa65b3a961f5bbb41d317d2c2d82cd63cfa834b6
+Nonce = 9cc267f83399e2c5041340565d428a64
+PersonalizationString = 
+** INSTANTIATE:
+	V = 68252b0f2cbd444c97948ecb579d1a6cb55d2ded2b254660a1850b7a9dffcbbd2a4820b4ff8763c9baa63a5be49250d6d02dfc64bef495
+	C = 9cc06da32d4d3ce51fb0b5f9c9d1a010032d26e3eb6483f8351d841f82514f22302bc1c4a20dcd4740e6433c2d3fb5c15d458751d5b6de
+	reseed counter = 1
+EntropyInputReseed = 43d3b7ed2591c1b8b2fc2ea8cf526eb6e6fb369bf789e1d7ffc069f06c062a2e
+AdditionalInputReseed = 7eaa99e1b2cde122498b15d7a7118a13ebe1fcaa5a95abbf3ad1e32395a869b7
+** RESEED:
+	V = dc960f0a3aff4965ae08ce47e53cea040bb332187e7ff18f22c0b5b02ed2ffcb9bbe884ed29ce6096ec0835187a35e65bc1129427c1903
+	C = dcd9270a7868da0752d311111891e329f37a81041e85d372b2849c18d5166fe90eb48c188207a53b52438aa2a7a285574c3380eaa194e9
+	reseed counter = 1
+AdditionalInput = 9ae4fb83f486c8574abb2fbfa8d1b493c6ab3b44a454dba971af17750c3da8eb
+** GENERATE (FIRST CALL):
+	V = b96f3614b368236d00dbdf58fdcecd2dff2db31c9d05c565fdeaff67d4985c2ca51055557ba4e336024001f79bfeae9f2d512cec38d600
+	C = dcd9270a7868da0752d311111891e329f37a81041e85d372b2849c18d5166fe90eb48c188207a53b52438aa2a7a285574c3380eaa194e9
+	reseed counter = 2
+AdditionalInput = 152eb68213c399365f083b0c19521f189ad9be842578fdcc14f3f7c22f99bbe3
+ReturnedBits = 4d04f0d00c3d904543edf4319da11a14ea68079de912edea6bc0f581fb20c4e6e558ce7cbfb0ec436ef18f4b9d9ed48f3424c1a61c3342c97d670daf3b37bde0586c33a70e704e5136d839dc1ccc4f093d4ecf22677dc1c25c31cf2dac71a643607675c1155b6dd3be6b30dbe0db12e0b53f26bde95545f9d6b75f7ca7d7b994
+** GENERATE (SECOND CALL):
+	V = 96485d1f2bd0fd7453aef06a1660b057f2a83420bb8b99d3d6604a4104fb9f8d9b0580418cd68b1dfc6b8d9c5ce9318172595dda72a9ce
+	C = dcd9270a7868da0752d311111891e329f37a81041e85d372b2849c18d5166fe90eb48c188207a53b52438aa2a7a285574c3380eaa194e9
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 68762738145c9bed25ef023a5d78086f1ea5d857e7b5df46132946e30fb24760
+Nonce = 86a4537d13d2e6b142941b5a97fee194
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7731158fa83c8b51742ec50e7a6550144833855f0bc6fd5750673b9cf31a1f7e6e0507177e00ad72fb151845c17747ce995ea8bed74e83
+	C = 877d3ad509ca4ec7a39869cd9329b450892efdc3ebbe4949e00e2232dbe92cbe24b8ae1b918aa45d843a58ad3a589aa7a59a2334f120bf
+	reseed counter = 1
+EntropyInputReseed = 68718bca396a9ae9521e272571a02ca74985d13afab29c7e2a35136062ef9173
+AdditionalInputReseed = 33302530f27be9e12cbba99d6ba9d8f1cc6f4666f596b24b66d94429697dcf7e
+** RESEED:
+	V = 68b33527a1969fc6f0fcf98d9cf6c906d1a028e4700e67e0139f89d2964952c207ac5e7dfd06313901b388039e6ad895fbcb94fe84a422
+	C = 6edc871dfa32cc6313605723b22e90fb00ec571923ff3f657a47b0b3090c0456c08d82a310723b31ddbf653fb76cd717b8369a62775a1e
+	reseed counter = 1
+AdditionalInput = f45019a855fc50d7a2ed3bf26e34c28094dd83891b57385cb744602c5c71af83
+** GENERATE (FIRST CALL):
+	V = d78fbc459bc96c2a045d50b14f255a01d28c7ffd940da7d5c53975dc1c10cc6772354af66cb0aacdb1552072bc27bc9c9d5aa579bd9509
+	C = 6edc871dfa32cc6313605723b22e90fb00ec571923ff3f657a47b0b3090c0456c08d82a310723b31ddbf653fb76cd717b8369a62775a1e
+	reseed counter = 2
+AdditionalInput = ae1105d6d73a7ba409d58890d313130324c612dd1538930bb19fb36d49bfcc37
+ReturnedBits = 8b89effad9846249ac50ffaade4b756e3ddc56870662a50c14fa65e6b6849d919ad137e042da1306db59584764d3b9addafe2fa2dc53c129419b479912f90b3901a3a009bc835986a77fea85f62a7ecbc3d73e2277adc10a8343c8869ca97059720eeba520aef0a06ed53b5821787c922512675338a08957348fe4c32e1cd580
+** GENERATE (SECOND CALL):
+	V = 466c436395fc388d17bda7d50153eafcd378d716b80ce7f31f410e9a2b1ffeb43390693bc91294a4f1619b3e486a1809c65c62e13c0d6c
+	C = 6edc871dfa32cc6313605723b22e90fb00ec571923ff3f657a47b0b3090c0456c08d82a310723b31ddbf653fb76cd717b8369a62775a1e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 08537435905c5cd0eccf7cd78432a1ff9df0c5327b77ac4531afeff6fe8a80b0
+Nonce = 782dc3ad1d4d6f8306f970aa35a5a511
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1911564dff413c91e4582906c1cfec809a785a3cd31df462a7bef5889a6327a780bbb37e4c336fc2317a2c8a7659e6ece08013f3ac1aa9
+	C = 568a18e9b9301ed5f70e6078494d7f383e33b8fb04c8a5fa6fc7b548cf1292db2bbbc6aaaf995b235e7c3823656fb738cf5d35ec728e12
+	reseed counter = 1
+EntropyInputReseed = 869676b72b0297a01f463cab02c9bbd1233588415ccad460bfa2404968c39df6
+AdditionalInputReseed = d6fb4a70715b0976cf9c831fabec300b4047421895b8c5bf0101f67fdbd042a0
+** RESEED:
+	V = 2be1b173b9b8e1229ff5bd03b9c1880ac1120dff6c340abe992509d64a237a97128d9980f20323a02cd911ffa0273575ad1f3ec8314fcb
+	C = 3dcc3f6aa0970ce8fb813069792446dc6587165a18ac63e74cb754e5dd92fee758e15fb094c131651593d555c992ea327b84f2820fcaf0
+	reseed counter = 1
+AdditionalInput = 04b29acb210bd5214400734a498d59eddf3ff3b446605e3dc9fa315c1f5f44dd
+** GENERATE (FIRST CALL):
+	V = 69adf0de5a4fee0b9b76ed6d32e5cee72699245984e06fcdd8c549ffabe1486ac3888e2cb4384fb7bad0271e823afe938d61d64f6e542d
+	C = 3dcc3f6aa0970ce8fb813069792446dc6587165a18ac63e74cb754e5dd92fee758e15fb094c131651593d555c992ea327b84f2820fcaf0
+	reseed counter = 2
+AdditionalInput = 4654b033176de5c5be08ae0f57b920892c9fa8456fb2681e819429a2ff0cf32a
+ReturnedBits = 62003f1a147f91b47a1bcc23e3a6a13dda6dac3207f08637bd475f623933ea00bd1aa159ac39aadf5057ec59f91024bcd05c4c2cd7d74eff8a6fdbc000c4e5b4220104189178714a5d08a0f98191acd2cffb593247befe0788a642ca3d838549d0824972b160e7cf13f4d8f69e522d0b981f81b3a54e473f2309f58316ce4cd1
+** GENERATE (SECOND CALL):
+	V = a77a3048fae6faf496f81dd6ac0a15c38c203ab39d8cd3fa79a4f803eb45db5f4926e32d1725649f3d6da757674d6e7d8faf1a1fa5e08b
+	C = 3dcc3f6aa0970ce8fb813069792446dc6587165a18ac63e74cb754e5dd92fee758e15fb094c131651593d555c992ea327b84f2820fcaf0
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 186432952735fe165b8a3cd7f233a36efbbd7a69d9d1fcaea451bee07f5d1af4
+Nonce = 73cdeeeb84a3aa76a7f0b1f1c1b83288
+PersonalizationString = 
+** INSTANTIATE:
+	V = d6c361830195bbe5a3367193599b483dfd971dc3443ca71aa04af16a082b5f563acb6b7097cf524a745a28a41a65569ba31044a2eb6963
+	C = 70e25c6011fa7bedc2b170960e7619951ad2ee272f297e96dfe16190073e67cbb7b9d7cd7982cc3627adb7894ae2b8e4946e7e57462167
+	reseed counter = 1
+EntropyInputReseed = 82a41b671f36d7a1dbe6145c67dae9eddffd2cb1f1c09824c6ee2d0ea2db4cbb
+AdditionalInputReseed = a9acf8683326160fc63dfc5454bf1baac834f1b4f5fd29b38211f81086f3fdf4
+** RESEED:
+	V = ae55925255727b2ec7ff64665c2748ab0ab6f0a8309d4eea0769533821ad0b4f1142816e1fce1d91ffc3f72fd86edd276e01ae187ea0e3
+	C = 70a10cce2d7125e4be5d57338ee132ee97f9cb9c224d45e718a3e098c4c902d335458cad85e757f6c0774c967ba193ff5d24fe566dc92b
+	reseed counter = 1
+AdditionalInput = 989bd13d6c6d9874cbc402617888ba4f2093ac62a5ef9ce7ce1c37429e16ddda
+** GENERATE (FIRST CALL):
+	V = 1ef69f2082e3a113865cbb99eb087b99a2b0bc4452ea95d8089aa1b25c505160d7b252b066ed24b34bd33f8d4366d9cdda934471f64e0b
+	C = 70a10cce2d7125e4be5d57338ee132ee97f9cb9c224d45e718a3e098c4c902d335458cad85e757f6c0774c967ba193ff5d24fe566dc92b
+	reseed counter = 2
+AdditionalInput = d4ba8c6ab40d50b780ad6181fd2f099fe714c0bb56690f067bbb7ad611dcff5a
+ReturnedBits = 5aad27c91a55b5e714ef8743150881833be6c2e5bf79bf1705d3f30d81b1fd272eac6702bc1642946863cd734e9e538dd5e84bbe54748071d81de1d34c2286afaf8ac4a9997aec1840cfe60540e37e06f07ac662cbe00eb4ab76dc1cf98259197f2c1a7b3cb0e466ca61d57d884ef9091e357a9c2f0d90289999728af6adffc5
+** GENERATE (SECOND CALL):
+	V = 8f97abeeb054c6f844ba12cd79e9ae883aaa87e07537dc48c0d63de1c94498820d9f4399e52421ca6a01115bbe47f36b4e846ce89ab36b
+	C = 70a10cce2d7125e4be5d57338ee132ee97f9cb9c224d45e718a3e098c4c902d335458cad85e757f6c0774c967ba193ff5d24fe566dc92b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 1fd2fe2228daeec95c7536e2f4bf85c341c2539a20966f0da45757ee82e891db
+Nonce = 9709888f0154f670fe86c2e57f080a9d
+PersonalizationString = 
+** INSTANTIATE:
+	V = df9f21f0d45f11d61abf20e8bbd80fad8e628d9f4771de420627f629bf7adfb4442ad5d81dc49724d880d94d89df6542a63a1401ade358
+	C = b19cb55c368d3771c4eab102979cfcb16e020b8854cd26ce03db52e3be754a74d6b8f1bdd884590bc546e940f3012458f349830f4fa02a
+	reseed counter = 1
+EntropyInputReseed = cc04a2876bb5e4896b6c73f2609a0d3b88f349d8848330b3aebd3ca2c37309f4
+AdditionalInputReseed = ecdebda4e56b1741d9414df6f82d19f8629e5db0302763258e688772861eccb6
+** RESEED:
+	V = 8ae1b382d070befb086e6e04343cc7ebab5148575ea296b01bfcc7db93618e551f76f7187486f84af501dcace49782173810b0253990a4
+	C = f1da27e0ae3ecafc9b4452746396096e1750ecd72e39f042499ca3532da9a7b5537eadb2d2cc8b140511db4bb416c05df77ba93b349e37
+	reseed counter = 1
+AdditionalInput = 36823fc7342bf1ad34a7cb0e83c8e8e07ba750685ff1145fab1d4cbe59c96e04
+** GENERATE (FIRST CALL):
+	V = 7cbbdb637eaf89f7a3b2c07897d2d159c2a2352e8cdc881edf48c0b45049ce3550339092de35b3e403961a603bd4e04c96ad790701b2cd
+	C = f1da27e0ae3ecafc9b4452746396096e1750ecd72e39f042499ca3532da9a7b5537eadb2d2cc8b140511db4bb416c05df77ba93b349e37
+	reseed counter = 2
+AdditionalInput = 53474d42bd14e1840b42c5969eb8b4f7bb1d94f3da7c02f7dc408e15517afa12
+ReturnedBits = 8cfddd5329d4f7b15228cc4240fa379f6882c404ac76bba457827277d33e04ae9925e86aee36e688e27b53ae0c53270a4c4dc3b9fcb8dd327a32720bd7b90593612cb8e540d2d3b4b323a4aafa2baf926d71ed14ec2b8f1547cc04fd00c40a1e003b8d65f56ff81da9e09a19e329bc893b265224742d69d1fa31d699fee1b623
+** GENERATE (SECOND CALL):
+	V = 6e9603442cee54f43ef712ecfb68dac7d9f32205bb1679abb31d66c97556d6082b172be3c3ad595d3cc1a6f9245a5531d3256175573ad7
+	C = f1da27e0ae3ecafc9b4452746396096e1750ecd72e39f042499ca3532da9a7b5537eadb2d2cc8b140511db4bb416c05df77ba93b349e37
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 41b38833c5ebc7cefe9dc59f913c00525fd3dfdd7bcddcf1930ef27f91aa60c6
+Nonce = 775bea35720e5a1543aa7d847d036c9e
+PersonalizationString = 
+** INSTANTIATE:
+	V = d492c080b2c43fccd43d5d04ed7f836839840dd08050acd41ea052f96892f890b28e5a521d36313475775da07bc001f23d723a9eb9856e
+	C = a3ecb274e8018ab729e833ea522a2af773282183a148f3dad782c53acd1fa528f3421d5e8f9f50dd7ec928148e38a1cc4ea6510e2a202d
+	reseed counter = 1
+EntropyInputReseed = f5e30ab56e9ac4cd47a0c5562ed17ddaf8768dd332b0f1e0e20814a3582159cf
+AdditionalInputReseed = 561c6f52117964243a19dda151a8910bf1d6229fd45eacc53483832a0797c239
+** RESEED:
+	V = 14d078f893bc0d80f3fb8e7940e5ba9d65a4c585fc55ebe241a17e84862b18db51f8c07771407702a01a3aa81599c639a0f71b9f650c36
+	C = b76b6c9ad746cc4a0eac61b337debc1c25d768117507d313b0554679ce26ff778b017451f29c6725f669741bbf2553acfac834e72ef4c3
+	reseed counter = 1
+AdditionalInput = 140a6ffa2dd777bb6dc2682fcb6bc5021e7237160bfb78e8a3f26a9c50a7534e
+** GENERATE (FIRST CALL):
+	V = cc3be5936b02d9cb02a7f02c78c476b98b7c2d97715dc030635360293a0fb7f0465aced3d8183bab731eefe06fb324bf37a9757f9ae7e4
+	C = b76b6c9ad746cc4a0eac61b337debc1c25d768117507d313b0554679ce26ff778b017451f29c6725f669741bbf2553acfac834e72ef4c3
+	reseed counter = 2
+AdditionalInput = 7518e93a44263481bfc20f9e6b5618dacf9c4a73d7f5acc3c042256b81ab87e8
+ReturnedBits = f546ffa53f0c91c641e7871645f1615a527cc6a4ac6f2b9e4e831a1ee0fddd5747163d3515a8ddcf4f30fa03f95b74b8c9ec4d46433690c28950c985f9fdd65d2f9e020734b27217ef6233c702d82ab3e480805692af2daacd8b5f0ea75f129b90809a6023f0937a3d9f9be021b63718611a5b69b9d10f80828d87d36cf5abe9
+** GENERATE (SECOND CALL):
+	V = 83a7522e4249a615115451dfb0a332d5b15395a8e66594e3dfbe8c7e811fb4f8d85083645be322a506ad1e8068e8ae09ddb834cd58572a
+	C = b76b6c9ad746cc4a0eac61b337debc1c25d768117507d313b0554679ce26ff778b017451f29c6725f669741bbf2553acfac834e72ef4c3
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = ac437a11515b389b2217f193fb640c17a0a3773c3c4c6fac74824860cf338381
+Nonce = 04d899abbb4316c2b3ded86c951e8054
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8b198a38e3dbc9e8cea39ba5fb547d49b161fa4f402462806bb7a9d767a5b140fbca587cd0cb89f64adce9e9ba55fc99e1d45de3cba935
+	C = a23121b255d4b18fa4b76994c4aa9b0dec08484ffd39b69b8edbaaa8a071cc54cf348b02f8f69cb30b83723981c3061e51d479ccb5538a
+	reseed counter = 1
+EntropyInputReseed = 314fd9ce72824e9ec21319a7a557e0b0b8361f181817f35376a99eb09a9a98fe
+AdditionalInputReseed = 3eaebcd48a8a0bccb53caa4250426b915d4afe3288d1334ae16645219834c7aa
+** RESEED:
+	V = 4a99bda0c6615bd59c8fd3fc8007423cd6b7b9e0b7649c60c9df5ca31b683cf50028a45668a61e3b15f3a69e583e998e649db236a4521e
+	C = dbb4566b147c39bb1a13e954f5aef0d9b57547c1857ec4ef305e250c0e3902e3d707330c12fd77b07f960f37d1656366f1e39e696d3ff3
+	reseed counter = 1
+AdditionalInput = 6af7bc8fbf8fb060f181e6e4a0f696da5c2a84626d5209e90fedde76c95dff57
+** GENERATE (FIRST CALL):
+	V = 264e140bdadd9590b6a3bd5175b633168c2d01a23ce362051f050a1471fa1235904e25517689844a5cb1aefaff5fc6acc3ec28396f86df
+	C = dbb4566b147c39bb1a13e954f5aef0d9b57547c1857ec4ef305e250c0e3902e3d707330c12fd77b07f960f37d1656366f1e39e696d3ff3
+	reseed counter = 2
+AdditionalInput = 975eaeea1fde39b9df1d28ecfb12f7cef5fb5f2c35253766e2278fa05025c456
+ReturnedBits = cb5b021e6c6d22c32c222944842a4693f0ad6f7f42f4af8feb3b7615cedf9a758b9cc82ef255b829d7ef958c2d5ce6e1890e28e40187828f0f5df7ea9665450e09aa4ba12413c30041be8f9618aca428cd24234d60115b66156f70459890dc4b41ab202cbd35089265ed665344a4a85770c0f0ed8bb8fb98b8d218e31db9444f
+** GENERATE (SECOND CALL):
+	V = 02026a76ef59cf4bd0b7a6a66b6523f041a24963c262283f85085c838027857af2de5c57fb046e1c47f63c7d928d862389c25390888d02
+	C = dbb4566b147c39bb1a13e954f5aef0d9b57547c1857ec4ef305e250c0e3902e3d707330c12fd77b07f960f37d1656366f1e39e696d3ff3
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = ac9ab06f30ccfe95d712f7e3f57778ff927af4b6c68b2a63360f073b1a1b63ff
+Nonce = 3af87af38c8eeeb79c67d825920de633
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9ba8b7b1d74f01fd1cbefef15df3499a20c684ac004eeb4640740e2067d3ec0b50f88cfa0a35d8cb156b3db0b7b3bcf441bdd0657ea123
+	C = 38bcf26500044ee0ab64059d115083a90974859ac3824d9c805b1e95d4a6e3cd2ddd5bc1932aa448bf9055d6134ab313657d1cacfb96b2
+	reseed counter = 1
+EntropyInputReseed = 18eaa4f18d783fff6080b2a2145179ec3de3e6f431fffabb9a5ae53f2bef1ad1
+AdditionalInputReseed = da3753e4bd7f38d40e299906e9eabd9228bbc38cba29549cfcff325470e41f61
+** RESEED:
+	V = 844d1ac106acc45da8a23b2ca5411184a17592856eaeafaf0390f3269f7aab9f4d38575ccc30232b0a297ad0320ef05cf35b4d23dcc2fb
+	C = cd85f35e1e12a0cd3851912a2fa3429eed293d2af65438a9f592c3f6e4e3eabe4333f815165e2fe44f0b6d6c7246a4cbf8d6854c9f233e
+	reseed counter = 1
+AdditionalInput = fe6c77d68c9ad6ee70f3a5e4fdef3d78e7d08da764511bfc7d407a0da3f01408
+** GENERATE (FIRST CALL):
+	V = 51d30e1f24bf652ae0f3cc56d4e454238e9ecfb06502e994a50ee2f04f0e1f74857c35ccb4711bad069170d56f9b926d99d3958a2955b2
+	C = cd85f35e1e12a0cd3851912a2fa3429eed293d2af65438a9f592c3f6e4e3eabe4333f815165e2fe44f0b6d6c7246a4cbf8d6854c9f233e
+	reseed counter = 2
+AdditionalInput = 2db9c52787119d9f365ae51317f120925694f361532158a9d18e924a272fd2f4
+ReturnedBits = 192b48e9a7e31db3251fa412cd48619ae7810bfacc3605cb0a7ff49e2f6babe090aff3cb6e705c432bb3015fa8267f259a19672c64edbc25e82b8364f5238a40d875219497a4f79976388a73bcab1a2da8b59346f83db9bf710f4d4b646cdb776bb6a588ab3b18a3925f31497501f8e2f53fa94ca226f65ccd598ac13a6945bf
+** GENERATE (SECOND CALL):
+	V = 1f59017d42d205f819455d81048796c27bc80cdb5b57229aaa4bff865e835f6d0393143ad6076e8c27852fcfb47bc58f6d4d902d83dee0
+	C = cd85f35e1e12a0cd3851912a2fa3429eed293d2af65438a9f592c3f6e4e3eabe4333f815165e2fe44f0b6d6c7246a4cbf8d6854c9f233e
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = d1a264bbb6e5881d99a222c88d867ac3e504b458b98915cf2442e0aa826a88fe
+Nonce = 4b5fbe3f1dd17e25adc8920060ca63ad
+PersonalizationString = 
+** INSTANTIATE:
+	V = 42a9bf324d82e54ad53ee5e675f324403828a53aac09bda9c7bb8d9ca344bd14ea53d75504b6c97daac2150e5ca964fdfa1094b737d381
+	C = be256ef31f89d96df10e5410a19cd7c7024b3286a305d3aecbacc6c1ddb3f1357c146f483ec6e98ebb71f7ab96b25845733f7056e14e41
+	reseed counter = 1
+EntropyInputReseed = fde3f68d63c077fd4dd81205c036a8238119b76ffc7dfba6d730e4dbe7c1dfd2
+AdditionalInputReseed = 8e942ddaf8303fb21b59170ae21625e54d8e2ec8820c4854eca4576baa6c7aa7
+** RESEED:
+	V = 7f5ce3a0f6ffe055e6b1dae9ec8acbaa6cd43b9e8379c13ada2379f9d78be063c8e82bde7175554ca28213523fc95e27cea1c48ff57205
+	C = 05a32d448f2c1b39aaaee4bb88863a7440dab06a036d8b0d3929b44d827faddc5d222017a4528d295a245a9d25c07d46fb9694aeb59503
+	reseed counter = 1
+AdditionalInput = c2dd28ea4569f66af771a35c13538474a221921c8175e46e120e78a0d05e3051
+** GENERATE (FIRST CALL):
+	V = 850010e5862bfb8f9160bfa57511061eadaeec0886e74d5766efae75235e517659fee635dd02d8ef49fe821cbea81716e9cd1ab77dc3ec
+	C = 05a32d448f2c1b39aaaee4bb88863a7440dab06a036d8b0d3929b44d827faddc5d222017a4528d295a245a9d25c07d46fb9694aeb59503
+	reseed counter = 2
+AdditionalInput = efa204ccadcba9317def9874280c7e80f6d5ab8cb1240c21b5a1a3ed627d55ba
+ReturnedBits = 75adcbd4b5c760b83fdbe9ce71430d5584fe0ada00d661581bd1cd56c50332b8c0fb084b0a71e19768f25994b7edca52468bab4205f6274fde7e987a63b85d47794370cd2e0259ef024ea8ea1cb139918d2fa4e61484518ab9763025c2ab7761ced50f5b646cd2f0d0fc503a842415f2ffb7526c2d30375f9ae8d7aed56ebfc8
+** GENERATE (SECOND CALL):
+	V = 8aa33e2a155816c93c0fa460fd974092ee899c728a54d9930e226b03d4f5595899c2466d37a4e6328e8a89172d414062f73e6955859df4
+	C = 05a32d448f2c1b39aaaee4bb88863a7440dab06a036d8b0d3929b44d827faddc5d222017a4528d295a245a9d25c07d46fb9694aeb59503
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 4c31eec0709c4fde56d8cc6d11c7888d9970cee4a6d0ce0a845149e073d1d623
+Nonce = 6ca3c359fae66aa8db6312e61920c5aa
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f5ff04544e2d3122e6c12d3267aa751da9022f1a33e7b153d6a48911171b5fc6817ce06e7801087b750ab5bb67ee00af18d0cb369d81d
+	C = b8b516824505c5670d215de7a8580be9b1eddc1bc638439df2fb10c8cd8d1a1f423b8041cb0193178ad857b33c7c822db40267bb153df7
+	reseed counter = 1
+EntropyInputReseed = 15a7346106e493e963d167acf7dee837963626f44216ae0a618bbe11d7a16ec7
+AdditionalInputReseed = 984de321abbb0eb5ff57758dd8cf250cbd72706061eacdcaf9fe6aa2e8321995
+** RESEED:
+	V = 49a91699352032b975999375a681003b65b198b8651bc1a32e80270f05dfa357d8fce1735f7c6c374307b77d23ef353f9fe9d132df2693
+	C = 253ef192ef242fa603df53d1f5c642e9a5ef7c8e1ceeff6a01be31a8214c33057bf0a227be8a1a31bafcd6b7660cea2828fe436804f906
+	reseed counter = 1
+AdditionalInput = a83431e3a77d3a311e322a580cd4c90a17cfce7734a8afe767cf1988bb0b8218
+** GENERATE (FIRST CALL):
+	V = 6ee8082c2444625f7978e7479c4743250ba11546820ac2aa9aa8877155cf71a92189201165ada813ac278a6a81442ada68f311e9059ca0
+	C = 253ef192ef242fa603df53d1f5c642e9a5ef7c8e1ceeff6a01be31a8214c33057bf0a227be8a1a31bafcd6b7660cea2828fe436804f906
+	reseed counter = 2
+AdditionalInput = d0afee6b4de87f3bc0a29fd3d1f350da97ce5a9055959f414ba14fbdfa034a3b
+ReturnedBits = 4d3952ebf2e3bf9cac9d4bfe8224ca4eb69dc76d1fa9aaaa9c04ac63c558e84afa3927f84189d6c399e0b5efa3ba91af66675893fdfc78343cbfb376679acc156d37df3bfd2143ff1de212448b0db3d8a90d8ab347000b06214c2d4299fcda5e87c516192973be09b849db250afe256e592d8c31c35249d179e9a6d82e26af80
+** GENERATE (SECOND CALL):
+	V = 9426f9bf136892057d583b19920d860eb19091d49ef9c3047b5532eb4813f29798fd1f9cb1225d89a0b3f9af3599196bd0addcbb09bd29
+	C = 253ef192ef242fa603df53d1f5c642e9a5ef7c8e1ceeff6a01be31a8214c33057bf0a227be8a1a31bafcd6b7660cea2828fe436804f906
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 290029a7a660aa9f38519496264eb8894b316a44bab71d2703a08313705e42ec
+Nonce = 27b2cba8058cc385fcb238daac0d0e48
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7d6b1be5ae0f5e81d7a500940aec8b3d7678f2dcb71ed530bde83eecb7fd8c3e40fa43c64c34caed0833e3c063385cb2b17173edac2d75
+	C = fa34482fb4cfe22a52b12854a0e00aef9079a6656abc0f3c740976ab48c3a594112044d28c1f5a470994bae3b2f4933592171cea454710
+	reseed counter = 1
+EntropyInputReseed = 539155dabaa1924f75da76fd5ca62fbecbdf82dfd1be84588a221a0acd9867f7
+AdditionalInputReseed = 9318a7eb7b2e39bbbea207495dd3c75094072eeb24869b97abdec54d578eddf0
+** RESEED:
+	V = b8f70e5d9a4dff6492dcd5886936285856c488478c2a47c732b7604d2da352c3f58b35d5e7ef3446b03053fe967e41a7c1867c4f24c67a
+	C = 594533c4fa7a2bba30ba0bcd1b59c24a2733466fdc04ddca697aedafce46f1c80c3e81b7181833980c073b84700dff9adcb100351ca968
+	reseed counter = 1
+AdditionalInput = 91cb81b2d800ad60b136ca63da2f5bce7ca6783f8a0c699931886f0934e7647b
+** GENERATE (FIRST CALL):
+	V = 123c422294c82b1ec396e155848feaa27df7ceb7682f26ac92caf6a7fcd068e4037334ea71fc51e83c7ceb4c69da36a2716640ca7ec057
+	C = 594533c4fa7a2bba30ba0bcd1b59c24a2733466fdc04ddca697aedafce46f1c80c3e81b7181833980c073b84700dff9adcb100351ca968
+	reseed counter = 2
+AdditionalInput = 8156cbf2c0b5b7718bb92742b66cec75a4191359e16c50bedcc5e748a22d129b
+ReturnedBits = 70e62fbe676ea6a4dce2fe02eed8bbd237cead48a59c2e4595e51722ac6ff11ed8d2a42596fe788a3a07b3e15bdb4025b3dcc1c3c254d619a94afb7ac54d0c722bb983e05c3aee10bbaab3ad8631cf7b4ea76ae507303a8b66541bf7594ac3810770e2348517d34e2f69ed62df8cfb04b01761fdaca2880ceb2a63292da77936
+** GENERATE (SECOND CALL):
+	V = 6b8175e78f4256d8f450ed229fe9aceca52b1527443404ee60a54bd41c19df4e92a7312c4f32dc5b8c12924b3d915f069aeb43c0aba499
+	C = 594533c4fa7a2bba30ba0bcd1b59c24a2733466fdc04ddca697aedafce46f1c80c3e81b7181833980c073b84700dff9adcb100351ca968
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 234cb691da8e4c2e7812fb726799c0944f3e61237c782a268c0c811e26d826f9
+Nonce = 1534ed0b065729ef7fe3f9a0e5fc7b85
+PersonalizationString = 
+** INSTANTIATE:
+	V = cffbbe3314b144d6790df6978b3504d4845f4bcdf3c792b08e9b79e4d290f56db4ae0e168fefa09383b5d0fa59475bfc75cad860d19416
+	C = 37a24f68b9399d80424c7b7f21e51d44c72d8c770d36e137106aef958687bc36219f71ced176bd29611ffe95b6007b923678764af26e4e
+	reseed counter = 1
+EntropyInputReseed = 0a6c8e62fafa866f550dc59ac2538ef06a030c5ec46d98054dd949678528150a
+AdditionalInputReseed = 5bb670e67691d2d4bce04aaf397527f35089febcb42a4523a50fe2333674688a
+** RESEED:
+	V = 9161e2e930f8b96dae9774a7f041a6a8c81a607206e856f6a7a5339ed2a8ae37fd0a430d6fd6b9dd1ada6b8bd7d25672419a37e08b8bc8
+	C = bc42b048f2522532ea23cfff24e0f473c804b098d6295d65fa646df2789e493df14b29146083fd9236bdcfe1bbb456547d60150f4f274f
+	reseed counter = 1
+AdditionalInput = e1745f002a390f6504846dda08e111369d7828cb79f0e1a1afeceaae4cc4a778
+** GENERATE (FIRST CALL):
+	V = 4da49332234adea098bb44a715229b1c901f110add11b547c8009b70d079686ea8a46179b17e2f4b71fbfa082addb7dd615d75728cd695
+	C = bc42b048f2522532ea23cfff24e0f473c804b098d6295d65fa646df2789e493df14b29146083fd9236bdcfe1bbb456547d60150f4f274f
+	reseed counter = 2
+AdditionalInput = 4e3b1ddfaad296432c85cbac5bd5a2bd897d41ad56f5e37ad5f4ea9b75397afc
+ReturnedBits = 068adfb8ae1f9c7d51453f665332f99d85c92c3a1c5d68e6e967ab9c43eb2493f2b334fb86acdb71ddf9819eb31850f39b679f2a698557d046fe4b773f1bfa697e43c5f20845feb374d016552de2ad17c1e4df6e05ded9e86427832d15463cd079b5f30ef491813664feadcd6a1abecedf708f048408af161f04c3361071defc
+** GENERATE (SECOND CALL):
+	V = 09e7437b159d03d382df14a63a038f905823c1a3b33b144359a8cfc949db187b05ac0f31d08977f906ebfce9ac3c0cde16676c30607e39
+	C = bc42b048f2522532ea23cfff24e0f473c804b098d6295d65fa646df2789e493df14b29146083fd9236bdcfe1bbb456547d60150f4f274f
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = d176db726c97241c595f23c671432a634140f3b6230eb72b5c73393da11ba066
+Nonce = a446dfb8effae0ad42d2e15f18a1730a
+PersonalizationString = b822d8233c31c8dc19d0928ed013fc88455e907bd64c85e8bb2c0dc0a4a4599f
+** INSTANTIATE:
+	V = 5b3f796f8869ec776e0294ca339518c92c236d854203838a5fda6abd601d4445e2806892c2d90cceb74f8307c99e77940ba01f75767155
+	C = db48c2457806eea1ebe9a7c3e0548da6090535d013e8c2aceec12cf3aad0e608c371462d1507b2fbb0182cb0f439797213716015e0b4bf
+	reseed counter = 1
+EntropyInputReseed = 0f0e9272c0c048b18053fbf5ac02885c45167df203f6c341e00fd1268aff4d47
+AdditionalInputReseed = 
+** RESEED:
+	V = a14fbd77cb367554922bac70860bee52177a4c9976069bfee2210dc337b27486f2ee2b1095e2e318d070ac7e3f1742b52b7dd10aa2bf6e
+	C = f8c81f487f9d597ccc794b22b844e46c8a36359da37fd81a3b0e338129f63756faab7f16d48a92514587f9c3d711002f105e6b6b053472
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9a17dcc04ad3ced15ea4f7933e50d2bea1b08237198674f71bfe67e36d142418214a4d7adbb5a95d80c6dfc861b0ac2e57ae62445366e4
+	C = f8c81f487f9d597ccc794b22b844e46c8a36359da37fd81a3b0e338129f63756faab7f16d48a92514587f9c3d711002f105e6b6b053472
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2a31c2496b890e1d71805270ad70dcddc9b47f07f009adbdcbc13744618265551a43858b23613f9e35d432aabf03ad40fcf82d161d0a9f768cd7c6d7c3ec761a7fc26b6a4e5199ac61b9731f2241299a34b25b3daef9a4ed2ad924431860cb29fc4cde4b40970b65d364bec8cc9f66cc27d1abc6619f238b9db399762f4deafb
+** GENERATE (SECOND CALL):
+	V = 92dffc08ca71284e2b1e42b5f695b72b2be6b7d4bd064d2f0bdd4eef6c6b1fb2c6757908c9d086039cd82f912f5e3fe4031cb64b28495c
+	C = f8c81f487f9d597ccc794b22b844e46c8a36359da37fd81a3b0e338129f63756faab7f16d48a92514587f9c3d711002f105e6b6b053472
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = f3bc07d82860873b2af2af12302d36c160b3d974b595aa1b19025be60761953a
+Nonce = 76127b99d224b59bf642a3beb729571c
+PersonalizationString = 53d8ddc6bafc69eed4dd16448d5a0f895d20768446c7186bee6e358ebe283f1c
+** INSTANTIATE:
+	V = 6060072b19947dacb10ace2d8d560314ca55627bdd0e1e4cbcfbec3b9d0a7a62ba6399cf9c9294ff127797094fcf5cbbb310cd26943176
+	C = 26c2b9bfea2c959e61f9dce397c926af1745abac374d6765fbc70bb4d1128d34a3c1abbb5d0b68618535d0db0c870cb4db30c2105ff482
+	reseed counter = 1
+EntropyInputReseed = 5f826a6e90c7ff6b0037d785664e4a1b370910af2190af90f23325326f29cdbc
+AdditionalInputReseed = 
+** RESEED:
+	V = 52f1db01ffcad8e859ecc283f4567e4f6d49501e0b7a44930d748f95183cf84c2ace16cdd56a40f8d967ec678ce1fb491ed37e06a187be
+	C = 55c5671e4ff39008d36062295ac4a8c9e366accf39d22715a0d95cbed526647559386e62fd88b8876d2f6194ee45d9b7ea59cc843157db
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a8b742204fbe68f12d4d24ad4f1b271950affced454c6c71a414333a3d62a9f05f3037660c7458ea1649ae3d09b89731cc74eb46b2f9c0
+	C = 55c5671e4ff39008d36062295ac4a8c9e366accf39d22715a0d95cbed526647559386e62fd88b8876d2f6194ee45d9b7ea59cc843157db
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d4dc1874b4453f9ab503faa91c052350d021b7ca01be23c14e548dac39e06ac480d834d753ea140793681d67c02a9ce6707772a3eb0065ad65a3353e1ed377a502bf3c36991860fefd0bebd183f6025128f2244ff1efafceceacf34d45a1d0595edb6dd2ca4df8871b1768160521408625cf95dde22e14bcc64169cb8e34ac70
+** GENERATE (SECOND CALL):
+	V = fe7ca93e9fb1f8fa00ad86d6a9dfcfe33416a9bc7f1e941bba58d89518eceb2cc248177f2f9c39992ca04f7a284facab44452943d3d9cc
+	C = 55c5671e4ff39008d36062295ac4a8c9e366accf39d22715a0d95cbed526647559386e62fd88b8876d2f6194ee45d9b7ea59cc843157db
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 02aa754f66ace4d895b7dc743c02e2d22cd6cf07ec2a71671d825fe179b8b432
+Nonce = 07464d3985a4a9bbea4d4e27e62664a8
+PersonalizationString = 6074f8c32edc390266e1793aef32b63ba05eeda5e52f5217a558af884c61d658
+** INSTANTIATE:
+	V = f5fe6b72af7cd4af7ba1f114ad1e95ba50d42bceaa91cb566b10a6974cc48b4696c97d1ab72bdbeefb6805050eb91f30d6ceff11919470
+	C = 6c8b72d6d594c90589d77293fe9ffc624461668ea9d76ed61a385f38c0f622f37335498ff6e436298ed47f7deffb50e4bc717e01489f24
+	reseed counter = 1
+EntropyInputReseed = 866ee621493e03932db4f4f29cb14fcbd749b7e7d80153deb787378b79a4dffa
+AdditionalInputReseed = 
+** RESEED:
+	V = 8f2b755114d45c95ce2a47b342c72b45b1a1d2e8270371a63bcea57e478686c30faa956f07d99bc3b70aabc1df1b3fcaf6e60c2b024245
+	C = 1e4371fda1de6d577ad3db499a832e8159e82d40411ab57b055bc9fc94d1b61c39ef58c27ae994ee4daa20d83a75fd68849c6cedf24c34
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ad6ee74eb6b2c9ed48fe22fcdd4a59c70b8a0028681e281cb8341422ea1f515f9db3bfa9b11aa7d31decec5ac29ed35602eb3d5fde0460
+	C = 1e4371fda1de6d577ad3db499a832e8159e82d40411ab57b055bc9fc94d1b61c39ef58c27ae994ee4daa20d83a75fd68849c6cedf24c34
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7943dce1dd028052df335be48ea0ba54458f4c0e8db57a80d8ee39842bb2e24b7aa78e1b8095a72042e586498d87ba13c924d302901e3574f26144d774d7e1e2225d7880bedf4955d203ffff02c8036e21d650f3716ff392b8c2ef3b6c2631ae0cbcd68172ecde93282b1a1a27dbf05ecd5743ec24d44b110f7ebeb514b0a535
+** GENERATE (SECOND CALL):
+	V = cbb2594c58913744c3d1fe4677cd884865722d68a938de0e78917588aaa912803dc37992ffc4715f20c102d196b59ff128dde1f24ce770
+	C = 1e4371fda1de6d577ad3db499a832e8159e82d40411ab57b055bc9fc94d1b61c39ef58c27ae994ee4daa20d83a75fd68849c6cedf24c34
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = aec82330e35a2e52ea5835dc96edfedf7de2fc614c1334938cabca2f0ac085e0
+Nonce = 5101fc43799bc1980a5390058c038d66
+PersonalizationString = 2edd21f0c3359fcb2f43f4b6fbd82106ab28e98293523cb5e688c57cc302bcdb
+** INSTANTIATE:
+	V = a2cdeaf0d53fed1682737b198b1133d1f0b37fb0eb4c2a3897379d5c8909f80189ee5a9110aa82a028e6f59749120f38a2170c82b980fc
+	C = fa7b4d7c68627040ba102a472ce15505788ae9e63562677a3d6106906b223d5360de360422d2c33119603a12103a1f768400b2607fe174
+	reseed counter = 1
+EntropyInputReseed = 236a0c71b3268e702107bf454b06336f9f18e0cb3e89ae5eb324729131a9b03d
+AdditionalInputReseed = 
+** RESEED:
+	V = 111bc9fc655808306661cf95456b370b8216b039e87aad47183c70b28c06dc34648534a0b943b4fc1d4aacacff0236c6362d635199978f
+	C = f17eaf1e2a79a4c367c37795ea3568e2d2a5643983008f1cd7d7303068a0285034c7f85f007ec3b6873debd2ca64abe36c763d4b44f0db
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 029a791a8fd1acf3ce25472b2fa09fee54bc14736b7b3d55b760f1a3640590fdfa975e2dc4bd8b4f9744554c9f77e6a128bc94bdd9dffa
+	C = f17eaf1e2a79a4c367c37795ea3568e2d2a5643983008f1cd7d7303068a0285034c7f85f007ec3b6873debd2ca64abe36c763d4b44f0db
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = aa49be101140ab260eda0a46de641154bba44a2592ae1124b0c735b1cd630fed831b656335bc11098f2f56d3c1a143dfcf4f020c07fa68c21bbd4a5d0078ebf42b7d42959248989ccd99ab69524210ada69f85c06ee8b7a67336a0d7f8b64e59073212f5cbaed627450f12e4ab8dc58d5d624dd87dda63e9fa19f6855172e8d9
+** GENERATE (SECOND CALL):
+	V = f4192838ba4b51b735e8bec119d608d1276178acee7bcc82b6698603702b03b7e10e2a4dda65110de6bc7e91af8438cf7e7cd852b75172
+	C = f17eaf1e2a79a4c367c37795ea3568e2d2a5643983008f1cd7d7303068a0285034c7f85f007ec3b6873debd2ca64abe36c763d4b44f0db
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 3637734e553063dfe6d309dfe778c552a318ab0bf61d0e738161e9dbd5fd3d78
+Nonce = 32c623d66c0b70b2d7a688c3097290bd
+PersonalizationString = eb2a9afeb16bebb77833614946c0e5dd2f6fdaa949009619ccf46164e91dd1fa
+** INSTANTIATE:
+	V = 9470de0d2bc2734dcb8fd624a6f991bbcebd881fa99d3548c5c7842330c5b9c4797420da4657b140fcf5d53d27740f89341f61dfea0cf4
+	C = aa2e7de7471d7c3118f5463219d9d9953b0af5660f6f4cae38d6589bbf3bc930e167444389f63b7d438118e6ccfa61c83ddff17e483cde
+	reseed counter = 1
+EntropyInputReseed = 9cd9c944e3047be9d5c62983584c7dffd02a55bcd16e9d2b349424342db91674
+AdditionalInputReseed = 
+** RESEED:
+	V = 4c1b617730d36054f275d91894df22ee5750a6fd999d673aae6a4ba26908dc386c1fb246f157e86ede5e93416f6cc8c1d703a975a12ad7
+	C = 952f01d2a5e9fedf5fe6e019a0f61c7a48e062cf38dba5d717fd76ecb211c7fbc456927214833cfd632d11df9ab0f995b5f9e827f39c80
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e14a6349d6bd5f34525cb93235d53f68a03109ccd2790dbccd565a9bc8663a14822dfa2b314e259733d1371da063c8e4775ceff7baf342
+	C = 952f01d2a5e9fedf5fe6e019a0f61c7a48e062cf38dba5d717fd76ecb211c7fbc456927214833cfd632d11df9ab0f995b5f9e827f39c80
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5e1726bdf2900b40cd65746b80fe391b9c6e6c2392319aa1c1c4ff9d85513c61c28e54f37c4463698d08a2a66c078062be5300e339948dadbb575ad7d385974ad4fe7e7ddb1b8fac384284432671b4ed72f1a6de9bdcf485606b25d9dfeb96846377b3cecd88eaf871923e94502a9f803afe99463970ef812c2332498f060d62
+** GENERATE (SECOND CALL):
+	V = 7679651c7ca75e13b243994bd6cb5be2e9116c9c0b54b493823a178f110a57d279229718ba7177b197fcd4f76cf7eb757308c0293be9d5
+	C = 952f01d2a5e9fedf5fe6e019a0f61c7a48e062cf38dba5d717fd76ecb211c7fbc456927214833cfd632d11df9ab0f995b5f9e827f39c80
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 05c18f3068fd825a0c4a9ad646c4b0f8830c0b1050d52708fe5ed8411f75911c
+Nonce = c14087aae80adc115b52a9add4578cdc
+PersonalizationString = 4b8ed94e6b381a8484c3e4312eb3032c9ef2520c296169df57018d9edccf91d0
+** INSTANTIATE:
+	V = 8c97fe850d864848d6bbbef05c4017be34279e35619914e3a507f48c424067640adc4d791122d51d4371e9bf80af43ba2b77179c7f62e0
+	C = 9da0fd3cfe962e53f549b5d34c69a232e88d9b3063d2ce34a6ef1d435b872acf5dd84ad9248e6304669dc75a544ff6b563f12a6eff55b4
+	reseed counter = 1
+EntropyInputReseed = 539162353b72bb490a90dccf208a615e76579aa4180037461843274c9c896081
+AdditionalInputReseed = 
+** RESEED:
+	V = 1cf2b7bea16e148066661d3892c6849c7103ca21c3bc2914e5930f32be76a0af0940529b51ab014db40c10c241936d1d72c2b0208f1700
+	C = 259596b1c13d9de408389be63949aae68f91750c4ec6d1b60a35c480cbce828cbbaa2628da5119305e7674c991d7791ae24da789c39d1a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 42884e7062abb2646e9eb91ecc102f8300953f2e1282fb300a2e947c85119f50c73b7ca4371f8c4da17250884995e5f7e9a6155528347f
+	C = 259596b1c13d9de408389be63949aae68f91750c4ec6d1b60a35c480cbce828cbbaa2628da5119305e7674c991d7791ae24da789c39d1a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fdd7f81c0e5e8d9cc6f3fce2a0e5a4f92294b2b59dbfa50d894421b24ec9605f5aeb974230dbfed8ff16ac2493769b2ce2da5ade87b59d4fdb7579fc356a2790ced73f1de444d5f373784aea6cc9b74b7d639cbce0011013ae186925458865b91b679ef918d08660e5cb811f7f2673a2b6243d3f0b328d6d694c37b4b764facc
+** GENERATE (SECOND CALL):
+	V = 681de52223e9504876d755050559da699026b43a6149cd054faa596792ca2db633e54ea30cf715ea79ac98972c15f657974e7242e499a2
+	C = 259596b1c13d9de408389be63949aae68f91750c4ec6d1b60a35c480cbce828cbbaa2628da5119305e7674c991d7791ae24da789c39d1a
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 7d7d3e2c3476bb2d8a212a7156957fb39290474f141da9acffa6f3d90ad743e7
+Nonce = 32ec82586cf1334d9f5ec764e1160e7e
+PersonalizationString = 72f28afadd87569e59e67f6622583bfb70758f73ab61abb0bdd45faf2f2c7af7
+** INSTANTIATE:
+	V = 4de63e74db7623115db1ac36ec3466958e042d4d2410ebcbed21220346935c66030c8d1cc4e825bcc222e44ddd2012d2f0df132146bb9f
+	C = a3c8b190169e8d9999830f62bbdd4fc65276f66d8c032438b03f140ff446c11cb812224691d9564b1ce2ac54ccb9e040fd9eab15733229
+	reseed counter = 1
+EntropyInputReseed = 924def90b5d23a77329813c8d480c2fa441578fc983fb53dcde084e86cc57c3a
+AdditionalInputReseed = 
+** RESEED:
+	V = 22bcfb6742a67ff466d86a07bbe64682ca49c93c010ad6008837a835c1b69251402badb4778a49b0f4e68687823426e77e7bf8d61f2923
+	C = e7a74dfd6968b0fd14bf9bc70338b5171e20f36b72f98708b28f1caffc9600bfb2f2ad3e937ae3d23d8716694b899b7ebb9cca4c999e4d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0a644964ac0f30f17b9805cebf1efb99e86abca774045d0a0eaf7ffee1b927338dbb20dc970a1618e814c3caaeeb74c669ac5d46665af4
+	C = e7a74dfd6968b0fd14bf9bc70338b5171e20f36b72f98708b28f1caffc9600bfb2f2ad3e937ae3d23d8716694b899b7ebb9cca4c999e4d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 028c5f267abb8200ab49b2d9f36f33d050bc3f74cc51750b893f1fff253d943bc7b001a18794d1473e4e642f891c28d783586e8a73def44c991d8c80482e1a393b7669069d545180abe79520cc0eb6c90fc36d48df3d6382b6c68fa2fdd734da01e445c9e2751de38b53dcd38f9e2f83c8b94d3ebd52e526b6ff39633131cf85
+** GENERATE (SECOND CALL):
+	V = f20b97621577e1ee9057a195c257b0b1068bb012e6fde4722b31181a16031150941b0d9f3cca7817d140c07b6898c168c7bb6ff680e967
+	C = e7a74dfd6968b0fd14bf9bc70338b5171e20f36b72f98708b28f1caffc9600bfb2f2ad3e937ae3d23d8716694b899b7ebb9cca4c999e4d
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 867321f9161fdb547a8b47cb03c01eabda30f6bc18a641e5cb19f49884824613
+Nonce = af8c724a91277b518f99426d56927272
+PersonalizationString = d72c53cc1ab51bf8765afe77fa22b2cdc37ab1ce4b7d808e56cbf5f488f2ec67
+** INSTANTIATE:
+	V = 918c83cdb84e38e812f18bd0e4fac10294e7a07d9b6808d4bbf655f63deb2027ee8183e1c53800ce6dfc9499bfd0b3ee197dc5ce28ca47
+	C = ce59b2a981ad813e7ab9a6c965b3f2c593cb1be5e2fa0654bc416fc45742fdea25223d76523b1276596c6a331c7d62a6e081e6151b9245
+	reseed counter = 1
+EntropyInputReseed = 90ab02a2b73c134bd9a98ae5b2bfa02271185e77a632a167868f19b2d543d535
+AdditionalInputReseed = 
+** RESEED:
+	V = 094e5eb10fcf608089eb75dd2481c1990dc174258512060c00f7e2d3ac665ae2a0b2477a125c0333a35d4558d30a751b8a9efdf99a5ded
+	C = 7eea4414e2c2e28e56f8ccf7e49f85d4b2b4ebb09645f65f0f94e86541c5415ae92c327bfff9e25479d5a077bd80db7737bf470ab4908e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8838a2c5f292430ee0e442d50921476dc0765fd61b57fd58286421a31a102c3de38296c02a05203832433f8d2baac2acfe1f8bffa0a3c5
+	C = 7eea4414e2c2e28e56f8ccf7e49f85d4b2b4ebb09645f65f0f94e86541c5415ae92c327bfff9e25479d5a077bd80db7737bf470ab4908e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5fd80075f7dfe3033c96121b349b8f229ff141776323f903ed97736166c7256c10c3da2a68b04a23c195ed8ecf6be350a6a390308a0fc881126a87934a87a2fb0bf3c76a80d683457504d26514572a35f263d53414dbfdb8d4d1189d63080df6d530d03040aeb48d1682bd96da841fecd55359ee911704715d598c5cfe5bcea7
+** GENERATE (SECOND CALL):
+	V = 0722e6dad555259d37dd0fccedc0cd42732b4b86b19df3e3b35bec62be705cf9dae799d5e5fb14ed98848b04889717a045c677d5699900
+	C = 7eea4414e2c2e28e56f8ccf7e49f85d4b2b4ebb09645f65f0f94e86541c5415ae92c327bfff9e25479d5a077bd80db7737bf470ab4908e
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 64b1e454243b242eda6c74b0fb955370d891f08b2a5b777dc4f3375ac59a2044
+Nonce = a4727232f6270cbf9ced91043f8c06ad
+PersonalizationString = d9684c41f99076961acfbd9dbe30a9f49bace6ab511d7ef0433a1a5f15439f8e
+** INSTANTIATE:
+	V = 84b29dab3f6a17cef4cff4292dae307dfcdffd37be344479eda303f4ff6f8094955372300de77a10b763236e442e98bd5f25c41fdfc584
+	C = faad5b6026ad2cd157ca6ad2bd3aa50900f499b1d409e5ddcafffe54e2686d3b02381baae606231908bbf5acb488f136c118cc049e91bb
+	reseed counter = 1
+EntropyInputReseed = c718e80ab722bf1d78ba0a1f95126d5a6c35b7eb0a2a84ed6e23b8e03e33c7df
+AdditionalInputReseed = 
+** RESEED:
+	V = dd0ffab340b75d7f9f92a02c7fb1c744ac45008842afd39d7d5e0ed2ed06b3f41d5d95efc1c770ad59c576b0fb10f76f08765386b23a05
+	C = 6aa4f4ec4b36c4fdfaa96d71eadd87ddeb1a1513993a4c690185855ce877689d2282dd15ab141b716e609e20527ebef56c88e94b10995d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 47b4ef9f8bee227d9a3c0d9e6a8f4f22975f159bdbea20bb5a0de75d56e911b871229d0b4f6876b1b2d2d018cafd05ac7b8103d52b9ea1
+	C = 6aa4f4ec4b36c4fdfaa96d71eadd87ddeb1a1513993a4c690185855ce877689d2282dd15ab141b716e609e20527ebef56c88e94b10995d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9a718c716448709b7a8e1ff6d5a690fbb9295d3855454109fa7619c8716591512ae5900c807ce53ab6d40383675e7ca5c67acd9674c8428a43288a6df4f44e145a13ddd48a61fd726c2e9dd6c41914b0aaf4630b76768162ace444f369c81fc6bde6d485be9c34c4013f06682b9aeadba69001f81775089e93e1bb90531b8673
+** GENERATE (SECOND CALL):
+	V = b259e48bd724e77b94e57b10556cd70082792aaf75246d38a20d91199373c293f03d1a3dd6d66df8f5f1f944dba709c8747df22d48fb57
+	C = 6aa4f4ec4b36c4fdfaa96d71eadd87ddeb1a1513993a4c690185855ce877689d2282dd15ab141b716e609e20527ebef56c88e94b10995d
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 3cc9e3fc24e8fdf85f63310b30a2662181b2d72191b68e060a3feb9c3e632313
+Nonce = e043401bcd90565f7cb7ad86a25e3696
+PersonalizationString = cc98fcb52ec7bfb720935ac6a82ba73981212b001a0c1dd382a39abf1363e7c2
+** INSTANTIATE:
+	V = 7168701a6840eec4f2a17b83612f633567e4d648bfd8faa3bc6c618aecb612675d5ba416c050a407b3af84bcbf3b35ced2fd7e1d547a80
+	C = ffc16786f62ab5c3513398a2588226337702b1a9cc827a639fc85cca97277de072770f2f82850489051dff9979c9baaf9719ea9276db8d
+	reseed counter = 1
+EntropyInputReseed = 03d22cd2d99f07445e7556d58ad32bb01e447d93c4f31a5ecb7b1d3ce9faa952
+AdditionalInputReseed = 
+** RESEED:
+	V = 16b85aa1bb99d85a3efde3854f374af28a8cfdff9fbab31693d083d18ebfbebd327f26e3b87bc3ecbd24ae0efa9a14daf2aa9de1fcfcf8
+	C = 9485f4555bee6b17dc8c7ccd0682da3313387d02c276a74aae96edcb9ce4da7980b4da4c9b720cc6bcbd5d45a21699d3e9d7f80ef18f8a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ab3e4ef7178843721b8a605255ba25259dc57b0262315abd7434670654ecd253653e96ec24279d02b72055121af23552437babb7a93c8f
+	C = 9485f4555bee6b17dc8c7ccd0682da3313387d02c276a74aae96edcb9ce4da7980b4da4c9b720cc6bcbd5d45a21699d3e9d7f80ef18f8a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f754b05e133c867240e5611f4315e4f167e4aadb177632357820427161682905fae9cf55442f017598d529180be26dda7a51c37b96d561b1cb7dc33e3b6089b5397c5336b813e946c285d34c1be61294a83efef155b218237b7eb15d05262f13c1016213d99e577acc1db6b6a0c6743a0a7914b971090d89ca437cf4533668ec
+** GENERATE (SECOND CALL):
+	V = 3fc4434c7376ae89f816dd1f5c3cff58b0fdf80524a8021c71e82b49dce3d7c5d3fc273891ae2aa57866a838cafaf33e834a1b5e22ec09
+	C = 9485f4555bee6b17dc8c7ccd0682da3313387d02c276a74aae96edcb9ce4da7980b4da4c9b720cc6bcbd5d45a21699d3e9d7f80ef18f8a
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 8f31359dcc6a496f2e701cd927ec513477326917d37014690dcd2c25228e42db
+Nonce = 4dcb2ecdf2a738d91918990a4e342abe
+PersonalizationString = 68617fbf87200acadd713fbf04c57bf8878f83cbd0b0ca00fcc9b9dadeb97621
+** INSTANTIATE:
+	V = 382cf915f11cbda6ef202e936320543758ac86414a2f7e8361d8691a9201875f816656dde349fded2f0e5a0da69d6247de5f50e6bbdf57
+	C = d5cfab7922d781e8b64bec62bfb0ee60c1f975f4beecebad747b1b5f8b279a8d109568df1e1e1b113bec8ac845827ac3d2334eb903e8b2
+	reseed counter = 1
+EntropyInputReseed = bf87c32157a8154a5ce6795a3d270700bdc41f90ed8dcf0a801d2d43620f0410
+AdditionalInputReseed = 
+** RESEED:
+	V = 587374de954615468883627ddcad50ad9f7882291fe3c1d7b4c429beeb73c752f97e73820bfa49a42687a6ca59cc0bdc1f8d1c7c3935eb
+	C = bf88f3b4cce9ad0b31fd0188805d7974bca1ac8feb9e35b4be095fbd39f4ae8d2acb0590cf682890958adfd09df979ee91a4cdb9ece7d4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 17fc6893622fc251ba8064065d0aca225c1a2eb90b81f83866d2d09c414814998cbb1f49a413f4c734d8c6810e3fbed083f11454345507
+	C = bf88f3b4cce9ad0b31fd0188805d7974bca1ac8feb9e35b4be095fbd39f4ae8d2acb0590cf682890958adfd09df979ee91a4cdb9ece7d4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c191f9ef1b475a0c1e25ad59553391d9a3f8e6f757492adf5d3e39e602c20e795be990d71df16f9a9cde5f5d88e9b62979036b6039ba1d4495e3c3b5d2a49962373bba2d3415254a2ca39bca23aa2eb1b6fc9d3276c683c80639365a8f461e881ba544fdd05c8ffb14df48398f12a0197d1b8a428692d08c0ca77384f8778893
+** GENERATE (SECOND CALL):
+	V = d7855c482f196f5cec7d658edd68439718bbdb48f7202dee9c3eb97d6ecb7fff0698f536411b0c26ff5c7ce1f49b9ae52d5d41795c0519
+	C = bf88f3b4cce9ad0b31fd0188805d7974bca1ac8feb9e35b4be095fbd39f4ae8d2acb0590cf682890958adfd09df979ee91a4cdb9ece7d4
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 20f08354d63fa46fc6c8f0a4327c6ede286c8e46ea94489559a7d44c2bda6c72
+Nonce = 84bf091dd0f5a8a96d7d333282dbcb08
+PersonalizationString = 2a601e2926bd66a6f09ea7def48f9ec66466ccdeb1d83630731692be2deb2566
+** INSTANTIATE:
+	V = d55916f054d05b339c444638cefb00d6cca63463f22d8d6e556f1ac0c35f3ab67735653e56635269194e52739072a38b249f25edce4403
+	C = db3b2f17f24aa1a8e5229bd1bf8e1c0b714acad56f8f26a94aa07739fd767446100c04a756dc166779d38e817d0d66810e0c06c00af746
+	reseed counter = 1
+EntropyInputReseed = 842a9eca79dc4bbe8a95c5f5a7328d0862e23504906b415fea6907c57be30a1b
+AdditionalInputReseed = 
+** RESEED:
+	V = 966a0068ca8e132aa742d23fe914ac7cef3ff17cf236f43be80bdad189e8fef257fd939790f76b8029aff9c2b959ebcc7c31bcb4032cec
+	C = 8e6299a7efaa609867ff83a589369034bd58dff8612dfee33c617685714934f899fb6ee2bb995edb9bfe0d4f19fe7bca0d23603985311e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 24cc9a10ba3873c30f4255e5724b3cb1ac98d1755364f324a0d5ae2ae14284a6cf4af60462f386b281d16f44bda754daa5ac059e87e15d
+	C = 8e6299a7efaa609867ff83a589369034bd58dff8612dfee33c617685714934f899fb6ee2bb995edb9bfe0d4f19fe7bca0d23603985311e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 55499e627c91c47d2e322eca5e68ba75006587becd2cc99fd8b65673518848c8f6960afb12134d0d25fd14979ee0890100bb7cb8f40c26f8480b810386be4085accd6dc6f5113d51bc9fa1f8d9da8742a4d92eb1d03388bfe5961099c7e7a6d710f97b3a19f8762439228a12438a1fc450fab74a316f0fef3f4d60fa0d5e0d34
+** GENERATE (SECOND CALL):
+	V = b32f33b8a9e2d45b7741d98afb81cce669f1b16db492f20e15d7cf6b5dd23b7d2cd14c1d14ee3727ef08732736b741a2211297c8bb0279
+	C = 8e6299a7efaa609867ff83a589369034bd58dff8612dfee33c617685714934f899fb6ee2bb995edb9bfe0d4f19fe7bca0d23603985311e
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = feac5b160919b9b370240ec64940057bf2d4a377e41f1c83757d0ee68335d045
+Nonce = a1578aac939b40cbc9f26bb0f3fc34cd
+PersonalizationString = 340e3816e70af3096764c67181b0b44e508ee678ad01b75f106eda343ff6316e
+** INSTANTIATE:
+	V = 1eac937410c5cf187b5233ea664d0a6f62bb4b22243f11fcd54d885693badc0a07914a74b3e1404eb62e9fac1fa75de5e217342fe5097b
+	C = a20f40d860cbe547bbbf48ff387a4972d67aaf94a82da02206c7f8daff71e21af9c6c49b47c21b28c0eed9c72a23803c1c920eb7e5ad0d
+	reseed counter = 1
+EntropyInputReseed = dd0803d562ac7a0183f1e89a1074f827829d328fb245c2c7292f8c07d92cd25d
+AdditionalInputReseed = 
+** RESEED:
+	V = 4fdfd9d5d10f2275b33b2cad8915db9ea5446f9f20fbd77e04751577fd70dc49935f664bbc4b1f372518a0ac3180cecf4f32804f2ad4d3
+	C = 8b7d51aa1e510fe456734c89ba5c0cca5a8e2fa69b08c96272b45ac181feddab459a4e474ce8b5d0e638809b2a1dd201be0665138a2d29
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = db5d2b7fef60325a09ae79374371e868ffd29f45bc04a166761426b5f82bb39654bb45a0513f2764f0f2e173030aabf760904d3d126bee
+	C = 8b7d51aa1e510fe456734c89ba5c0cca5a8e2fa69b08c96272b45ac181feddab459a4e474ce8b5d0e638809b2a1dd201be0665138a2d29
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 823c6aaadaaa657b71e49cd45d51f9b544d1112a84261d374525cf94f717ff2b500809ba1fb0a4e99a9668352e293079b0ea2ef029bd65de15deacdb19ebd447b43fc92aaeb49d12e87966edc3bfc1bc11160b24d94568357c89f49871c5abe08e472b09f5bcbba8d0f33e9cba75f76d63010d42df7d4a284d378ddea59656af
+** GENERATE (SECOND CALL):
+	V = 66da7d2a0db1423e6021c5c0fdcdf5335a60ceec570d6bb3b9724f9c5d48a58887e1ec1d1b9572295b812883f0d51fe5032447faa655c2
+	C = 8b7d51aa1e510fe456734c89ba5c0cca5a8e2fa69b08c96272b45ac181feddab459a4e474ce8b5d0e638809b2a1dd201be0665138a2d29
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = fda666214f6a340150552a647f15990cb6908ca763ec5286c8c8000117fd15aa
+Nonce = ae4cd0ff70130e972c9ea5c4a1d2636b
+PersonalizationString = 13767d11a39f6ecc192a079ddfe4fde5b88268cbd62ba33049265bc03d1073ec
+** INSTANTIATE:
+	V = d83d4a3f3ed661fb903b5d121f7e4f42035516ea60794204b863402dbc771a990b9863a5d863a53d0e749f9777a11be7c8357376a44121
+	C = ab76b740fee1874eb34255c166b934334c75b8f5f70423f59fbcee3209dfa877d718fd6011c715229dc7b49ad5ed788bcf8d464207cb89
+	reseed counter = 1
+EntropyInputReseed = f2c663c25e0a30c6519d1dce960934cb50ee0100075c7b3fd8764557c97fb9f4
+AdditionalInputReseed = 
+** RESEED:
+	V = ae4a193bc275f6cbccb2696da42103a9b72a0145ed7df08662a2cb3ca6bf1962c93148a9b7a90051cd510255fe50915336b200768feb88
+	C = 2d44c047695c76742c6f55084f17cb6a8508b60f117533be03617c633c06dc4ba666152ccf5df71854e4a0bdfb4b6c8ce204232f3cbc3b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = db8ed9832bd26d3ff921be75f338cf143c32b754fef3244a2de5357a709c857f77468c99c587e25db95cfe70aee3a8140f24cdaa5b479b
+	C = 2d44c047695c76742c6f55084f17cb6a8508b60f117533be03617c633c06dc4ba666152ccf5df71854e4a0bdfb4b6c8ce204232f3cbc3b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 983c3460b9e4d1cf4e5da7f7ca0f52b5f45c332e2e46b2b4b226cff0724442ed85dfd12cd4ee307a18b3f69fc30c3d8f0df1a0015dc6e77325eeadfcb3b86425e81cef127e99da88bc6ea1f01ab2919c9dffdfba0b12e97a80f77f18ca2a020689e68d5dcb1a95c55af2553d0387912ea7da936552a14c1cb4bb749041d39198
+** GENERATE (SECOND CALL):
+	V = 08d399ca952ee3b42591137e42509a7ec13b6d641068585e2463c42f7f8db4ac0d2a2fe0f2e1113787bb16f59957137a6af39198368f3a
+	C = 2d44c047695c76742c6f55084f17cb6a8508b60f117533be03617c633c06dc4ba666152ccf5df71854e4a0bdfb4b6c8ce204232f3cbc3b
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = e2b18cfef8e9d99166e3059e02fd4a6665d2cea66a643337ac5d64d3942794d5
+Nonce = a15cecb330bbb1e43997c84653978793
+PersonalizationString = a38d744d1863a32810123bb2c03b654fc2a85c0338bbb240ce2133f71b0ad6da
+** INSTANTIATE:
+	V = 5303e16ea00b2c6d17c3ba7b0ead8021d1ee62aaaff2e9fafa60fa39de88c6d8652eda750bc05fa176d6ce554935afbab55fd95420b3fb
+	C = e528f60dbcaa069c41c6e58db06c75f400059b28d70664aa4aa69a10b9c471f213f7ca725e5c61fb0100d3077762cbc20046150e785b75
+	reseed counter = 1
+EntropyInputReseed = 8f572caa4474e584fbfe6c5b657a2b7575b19c39245fb12a0f4840d6646b7dd8
+AdditionalInputReseed = 
+** RESEED:
+	V = 38bfe84d84a7d24aac18166ed33bff4e124d7d7b00a55a24bcaf8719875160d4c1bd51f1a8d7b297fcce115b5afe0168587ddb118791c3
+	C = c5b585c6a609b04a41715061ceeb6c72bd6a66df52352a74c075bc15471fb38e5768e73c0235a962f3cc4bab54cea0e7125344a4aca466
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fe756e142ab18294ed8966d0a2276bc0cfb7e45a52da84c130e1cce4f03dce4e7e936e32e305593a43f3f01272c90da4807a5a81bdcbdd
+	C = c5b585c6a609b04a41715061ceeb6c72bd6a66df52352a74c075bc15471fb38e5768e73c0235a962f3cc4bab54cea0e7125344a4aca466
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fb081804a1dd90d918a4726c93a56ab0c9739d74921806c05c72acf240cf76bd8228a1ec4f60613be60630335a7964b3fc06a552e103c02ec666f0ad92de6064dcd0e92baa4101ccdef50ac1d70e0bdd4d8c53b0392398f9f48942d57ef9f9192a8eaf608dea08940494177fe7c0ebe00f605cd04ffd23b856a1e5c8477f7267
+** GENERATE (SECOND CALL):
+	V = c42af3dad0bb32df2efab7327112d8338d224b39a50faff12f2955c172d7dd33f105032bb4c0d539e93474fbd15e3d696ad7ee5bccac1c
+	C = c5b585c6a609b04a41715061ceeb6c72bd6a66df52352a74c075bc15471fb38e5768e73c0235a962f3cc4bab54cea0e7125344a4aca466
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = a0a809d13f9c88cb4117586a56946ff25922304ca28e94055cdeb1d7e229b34e
+Nonce = 5f1bcb91faad6387bff8e918a9228f43
+PersonalizationString = bf34b1f373bc5930ee345617453830fd670bff5e1d31dbfbe7fabcef64e30c58
+** INSTANTIATE:
+	V = 914940e724701a670577f74ceff9bf7366df8183d17446e6b122133e454d86b32b0564fc72e187afdfa897f89df028f365cc609bbcec6e
+	C = 0bafa521eb0a1e5343020fd52fe24e59f67ff4c9bfeb846d78407ab8436f161282e910a18ccfc126318114314c0a357d0c5bf736beda66
+	reseed counter = 1
+EntropyInputReseed = eff8312250d235adda4b20686477c5b77e3336a6e1fed8b09a4e1b62e00c99bf
+AdditionalInputReseed = 5b48bf0e90a70ddfe9e50f86d33ba473d5b04cfd4d43ca2ad12a6b6ce2a99359
+** RESEED:
+	V = 993f55ba6b53bb428248f85bdda81be13ae918f818a04db9494bb169d28e4525845447e82850b3e321a3c54f0bb234cfcb4b249047884c
+	C = 6de3549fbaf8f2f6e65a6f2c0cf29ea6c8ce7938951e09a5a7e65dd3d6561369ccc51b4c24c88e95db463e08b201f78b2ea1c5f608f7cb
+	reseed counter = 1
+AdditionalInput = 3532ed84a2bb6f61f787a5ffb60e9a7682954d7cfbf9525b691d344b7905aaa8
+** GENERATE (FIRST CALL):
+	V = 0722aa5a264cae3968a36787ea9aba8803b79230adbe5801401744ccccc001a07b9aed6606a304b6ffc761dfe5127ee17013aadb5ad50b
+	C = 6de3549fbaf8f2f6e65a6f2c0cf29ea6c8ce7938951e09a5a7e65dd3d6561369ccc51b4c24c88e95db463e08b201f78b2ea1c5f608f7cb
+	reseed counter = 2
+AdditionalInput = 05a5973d2f26673caa5cc76fc3381c6895373de09b136e798b44975ca4c32256
+ReturnedBits = e9ad87ccdbe060c15ad936778c6e98c3a34465c766ac719b4f678e2bc009f7b693345d129a9e42527509c9e51cbb442539087ff6621a773be759eb8c43825864c0a3092fb57adc9e2b3226b182c5171f7425e7beed3572412baf3df6dd4d58a0d45bd9b01e77c0625650ec86f3f288c462510653b034e4d363e829f6881310b9
+** GENERATE (SECOND CALL):
+	V = 7505fef9e145a1304efdd6b3f78d592ecc860b6942dc6238f7c903d3cafb67295b599b7262dfe6471c04834f9f4c6017e81ae004936cc7
+	C = 6de3549fbaf8f2f6e65a6f2c0cf29ea6c8ce7938951e09a5a7e65dd3d6561369ccc51b4c24c88e95db463e08b201f78b2ea1c5f608f7cb
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 40c5528d3caedff54a5c3ca0b9cca1e036a97c3207006ff949a58e0763e84168
+Nonce = 47efd3d608b635b280b38c027ff66002
+PersonalizationString = 33827d913942d3d62c5ca66319d5e27389c587e8592bf868154b66ef78456737
+** INSTANTIATE:
+	V = d1740c0d37d00ca4e1c7b73d6c8b106a924d25fe8c73802ee8609d1e40e4238bbab5cf1757cc36207b3ade369702ea1b7cf73858248847
+	C = 74df7ff5008680fda035e6fc96d7d95433cf64239f706937e0961070b2e3a5130e738cb97599bc6248dceade342bb4cac7cf8e6929d4e6
+	reseed counter = 1
+EntropyInputReseed = 105e6f823a4d932f9ad2fb095efe5764b45891416d16a67b548bc24bd12fb8c9
+AdditionalInputReseed = 99cebc96266a3ecb9a96bf050a7da57f1bac4ee291cb93efbb3282050ad7fc2b
+** RESEED:
+	V = eb0903f0693a88b2f32078df8811b9bcb15f69d18358bf15185a1f86d44acef3b301d1ac599fe12294373b4a1b47ac0ceaa162d3e3dc2e
+	C = bdaf2314cc46bcb4bf49f833689f2b29f618b3d99c2dd65137ffc670b9391386612bf381bf0c0ac75618ae7c9d49fb7d24bc4df60a4d89
+	reseed counter = 1
+AdditionalInput = 707602121e691423e7aeaa7a697fcb809ab7f2a2e662ac1bcf0e907cb2ade6d4
+** GENERATE (FIRST CALL):
+	V = a8b8270535814567b26a7112f0b0e4e6a7781dab1f8695c634a3ae8e7532d72a19f184f6977763cc70d20c41f800ee116a03a95efe6257
+	C = bdaf2314cc46bcb4bf49f833689f2b29f618b3d99c2dd65137ffc670b9391386612bf381bf0c0ac75618ae7c9d49fb7d24bc4df60a4d89
+	reseed counter = 2
+AdditionalInput = 826a8bedfcb5546cf747bf4e5b3d9631c6c01a635ac206447e17a128d29820de
+ReturnedBits = edb7cb26b91b7e54f95c8e40c0a9e9b15011b1cde99a2575bb5b987d77f45a88cf76d63e2780ac8119a1ea34d6f7ed60c16838997a2cd8b1a416d1c40e1875970d6c3a7631b2700f321e444e27f451cf6ca7898126f45797bb9fb68439983ffda2e810009b3461f0b7f39ffd15cb0d5d1b5e36b6a97596c18dc3965dbf54d6a0
+** GENERATE (SECOND CALL):
+	V = 66674a1a01c8021c71b46946595010109d90d184bbb46e04695fd21c903100a9c72ab6a174a0355a1cc7820466c9194cc1e375a896921c
+	C = bdaf2314cc46bcb4bf49f833689f2b29f618b3d99c2dd65137ffc670b9391386612bf381bf0c0ac75618ae7c9d49fb7d24bc4df60a4d89
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 46c88a68bde571771d3c422bb090f12f8565abce08589d530d5da60795682bf3
+Nonce = ce6b0259c6245365e18f668041faa748
+PersonalizationString = 4acd8580a32d629bb4b8e952c8e02538a594fc909a8cd9942772f3bbb66f9639
+** INSTANTIATE:
+	V = 2cf1a69576517eb0e2b90f69f8881e7a174db252f56a7efda27a2fdb9f6295d1af4b8a4165492c3029741930d3aa520eb1a34e05861869
+	C = 292d25549e295547ef3828e4eb39789888da3764ff51109547a7220015bce6805722365277c9439f1e2cb952d42867974aafbc31c3bb5b
+	reseed counter = 1
+EntropyInputReseed = 8efd8a30f2220b9aa4b469318c22a4a88e2ac9ebb18da7d7b434d41f26128e53
+AdditionalInputReseed = 7b846c1339b2ffc7140de43d8cb52326ee9c64e154c20be10f1fcfebce1319ad
+** RESEED:
+	V = 4a09cb1cf621c3b276de4c806ad07cfcb2035be570599f6cc979690e00a3c335c80b02ab737cf19177e00fa7df8e83fba91acfeda2152a
+	C = 358011bde3027ca616583bad317b13ba42d04c8ac920a8b4ff16a6c4e0a58ff216582401de94ccfb5ffe6a5ab3c5f09b0ad5b1f4e8f4f6
+	reseed counter = 1
+AdditionalInput = ec57193bff9b11b024d2ef0bb169edb67e1f161a1582dca45b2524aa81a38fb4
+** GENERATE (FIRST CALL):
+	V = 7f89dcdad92440588d36882d9c4b90b6f4d3a870397a4926fe50a9f558b6667c77a12dcb535e4bbbe1fe5fcc7dbc494f351cf6fbbc604a
+	C = 358011bde3027ca616583bad317b13ba42d04c8ac920a8b4ff16a6c4e0a58ff216582401de94ccfb5ffe6a5ab3c5f09b0ad5b1f4e8f4f6
+	reseed counter = 2
+AdditionalInput = b917da93b3abc61cd05ff2703bfd94ef82c2c3e36d6db8d5ba7c575a33193467
+ReturnedBits = f1a8a8b1a1750533444962e1a456f399455ac329ae2cfe9a02f4bd52b07eb3ee19c599184977d602fa51421d8c5d8809298dd4ccf7c72686d243d2795c1407ac8a5e6e5926510c56d11d13648f1c6724132fecf776a51a58a61bd03df872e3ae46cf4749db34f94c538d5e5769fa40f0594e2d81917ea6bc4638e4cb0896d46c
+** GENERATE (SECOND CALL):
+	V = b509ee98bc26bcfea38ec3dacdc6a47137a3f4fb029af32c507785eed55068fd8e05f6cc5ffbad7ce08202102dee0d25525ce31145b377
+	C = 358011bde3027ca616583bad317b13ba42d04c8ac920a8b4ff16a6c4e0a58ff216582401de94ccfb5ffe6a5ab3c5f09b0ad5b1f4e8f4f6
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = eabe40b4692b60630ba4267420b093a0acaee778ffc78f824a8b0f5d008c2019
+Nonce = c73641e6c3faea4f01f072d32cc56328
+PersonalizationString = 92f61b0b488dc6d6f8ce995b3a2cf45de41eda3b2eb98d9aec2e1c37f2b5171c
+** INSTANTIATE:
+	V = 6f9a6f4fe0895bf699c529f4725e68b235998573aa71ec47aed0b5d400f5aa9b9aa881f664d07691e6f12837251e15b2f2ccc12029495f
+	C = 8291195ee425d19b505301d39de92cadef4fc519eb0d8ece1add07c1495a8962db39edf7658f3c3446aa881f98a4c48be16b296d65fb8c
+	reseed counter = 1
+EntropyInputReseed = 6629b64a6fa727d7100a5bca5fb98f69913ed6661fc7c5382b2e1a73437ae39a
+AdditionalInputReseed = 117f41f100758ebebbff7f02eb38f9fd67614d2909950f5781a929207d4b02a9
+** RESEED:
+	V = 52994d46d887f39a1ab1d5df0c5f307ad19983f442713e3540e9c79b4a8d791558031442f01e87458177e7468237e281decd3e6f30dd4c
+	C = 13e1ce2d3f823ccb3bc63303cdc318c5c47dc4756d78097a23692eb4b145365b704486afab517fdf854cc5736033f880f1ffffe5374971
+	reseed counter = 1
+AdditionalInput = c89dae50c0a9a8298e50e0a6993a555a574ad2aae840f37b5387ba2a5a3cff53
+** GENERATE (FIRST CALL):
+	V = 667b1b74180a3065567808e2da22494096174869afe94858828fca8fd00f6e16c4ca9a13d5abb9107489e8e7daab2671ebadaf1402de33
+	C = 13e1ce2d3f823ccb3bc63303cdc318c5c47dc4756d78097a23692eb4b145365b704486afab517fdf854cc5736033f880f1ffffe5374971
+	reseed counter = 2
+AdditionalInput = a89e4765c96c816ddf2411ebd77aad0c873a8900a80b28c154f7b2fa2dfff827
+ReturnedBits = 66bd2143c0bbfa97775b8fdb38bbf47d32df820ca911821969b7a228a5c94c3860d6a129d0355365e2436d57479bce14a694643805284d2a3a55e7f9585a0791ac8a12b5f64d4b30a6807751a3eff5bd430e77036bdfe7d0cd88cabfc126d27681b790d9cd0560998da88c6df0051b6e74253d64c6be5f0d4e02368f809ec3b0
+** GENERATE (SECOND CALL):
+	V = 7a5ce9a1578c6d30923e3be6a7e562065a950cdf1d61532bae80f7513c6cf1429abeda964e372139d1511991f19d84158d7f7ea77202eb
+	C = 13e1ce2d3f823ccb3bc63303cdc318c5c47dc4756d78097a23692eb4b145365b704486afab517fdf854cc5736033f880f1ffffe5374971
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ebb89ad81be2d8975543be3895b2740777916f391517e5ff34bf9b429427774e
+Nonce = ae60c49360d722e0c682ba99c9fb35ae
+PersonalizationString = 3bd632f747567553aeab00a909e43eba6b9533087a218c281d67457c47d97fdf
+** INSTANTIATE:
+	V = 4790214258a95900279d584b5bf14e2b30d18055f81b3523ba472fc39d6cb36c65de58d37f507597f6052b5c4b201f86dbfe3ce654a45d
+	C = 60c80200c580f7d39da5d43f19d39fe6f344beebd28d4f4a95db48a57f09acca1de9634f3d2e88b0a9d99f418ef218221e972988299858
+	reseed counter = 1
+EntropyInputReseed = 2026bb0f3d2c68eff46920a8b0fdd0fc1b6ffb3827f84fded7bd46181ed01010
+AdditionalInputReseed = 4103f613ca177bbc2f3733d18d92417faeaa3407f3314c44a47434f9841262fb
+** RESEED:
+	V = 3d8caae18816b228655910a626877907d09952bf12a434645b71b2a0ff79a7ab3f738502b29019aa09e85f7449b60dc4f950e7573bf59c
+	C = 6d518bc93f02ee300589e7b9db290630608c957f5dd72d45d3ff366334722c2b96f2749b58c402a9029eff7020872b9b68bec979c79872
+	reseed counter = 1
+AdditionalInput = a990830546edb15e105075db882a3c0144ba2273c8b6baef48df3c83a160497d
+** GENERATE (FIRST CALL):
+	V = aade36aac719a0586ae2f86001b07f383125e83e707b62e4675d7a9731113da25a9ce13de6e001748d5d5c5679cc4f7602bbe0fafee739
+	C = 6d518bc93f02ee300589e7b9db290630608c957f5dd72d45d3ff366334722c2b96f2749b58c402a9029eff7020872b9b68bec979c79872
+	reseed counter = 2
+AdditionalInput = af752811359ada0accec2945a516c9c9a150809d593402729cebf6f007fdfc88
+ReturnedBits = 384883695b91b6fe82cd76c6bef204be68844a0e8f1f59048d65d752e74123ccb386049c96c616b76a427c47b51a800aafd1336e174ccbddff0157d9fbc583b60570e14fa27c4ecd00cccc4f1d9bc74a7dbcc464c5eff9e6fcf5b4bd7f175ab3a3a843032262f92d076bd55aea31cc4040431ae12a64e3f86b9b49e121fe8340
+** GENERATE (SECOND CALL):
+	V = 182fc274061c8e88706ce019dcd9856891b27dbdce5291a14b1b137a946ead18a1f2bb561533516fd54f1e6a118aa40b4b25347c253be1
+	C = 6d518bc93f02ee300589e7b9db290630608c957f5dd72d45d3ff366334722c2b96f2749b58c402a9029eff7020872b9b68bec979c79872
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 6d8790fec9633bdd371d505f3e2a18a6e61b57665de06172dcf757e640fa5993
+Nonce = fd889c9e576b883e2ec2ad512970b979
+PersonalizationString = c3d2ba08f24f32b0b4d8c349e4352f86313cf4c5c49720ec8aca9cc47851bef2
+** INSTANTIATE:
+	V = 72cd3b06b761aaa1ee0499b43d23d96156143302a9e4983a13db3722522c5adc40a0fd9d320ac7832d7d85d85b6203b5f72eca20414697
+	C = 2a0da346e792e572ad7a6ee583277e83d28346858aed215fd8b54624b738a425e5e3cc696f90104a5f2a2fab922d51ecf19ab21c772c3d
+	reseed counter = 1
+EntropyInputReseed = 0020477e51400c8f81399852b449eb977c44316ea8cdd0a7ddeb87804ea4074a
+AdditionalInputReseed = 233cc439a1e6795f8033382bc6f5f38fb371cf72094ee4ebefd06c18db0d521e
+** RESEED:
+	V = 57a5ec42aecf3764cd99c276625c7ba81a96b5087f084f02f032a47c575508caf7bb4fb9bac34a357852721ecf1ca7890233e978c1abfb
+	C = 913db740b4b6102b413d330619b2ff8ae2d0d2a17cf65381ac87f67b0a5be9816162505f77984f956b8e1849a6da40989de9b46c475245
+	reseed counter = 1
+AdditionalInput = e445ec189b309618ea20456855eddbbb17c5311457a896b229a60e63d421d163
+** GENERATE (FIRST CALL):
+	V = e8e3a383638547900ed6f57c7c0f7b32fd6787a9fbfea3994c8c948dfe7ff93adc3447d3bb7f1db106079598c105beaf178b65cae832f2
+	C = 913db740b4b6102b413d330619b2ff8ae2d0d2a17cf65381ac87f67b0a5be9816162505f77984f956b8e1849a6da40989de9b46c475245
+	reseed counter = 2
+AdditionalInput = 568f6324c002e8befb7784ad8b2043a75b5b49c0bfe4b4d73a4f2031518631bc
+ReturnedBits = 22e896bf8737be2d0079c26f286e0712d7c92b0996754bd63a079c2cc80128b906a13d82b6e203359253133538e919e6e4dc23f8a1508654ac16396c84f8936571a3fc1aa9de555e67c75c4847437937ea6b6d55e30f423f8e0c1978cbdb7e5ee4cd04848a98935d16934af0408cfe7df1fe2d25e8c2824101e6b969fa8054f5
+** GENERATE (SECOND CALL):
+	V = 7a215ac4183b57bb5014288295c27abde0385a4b78f4f8e604a926f72d2a3715efe9711250910385ef84a770a79a417710bbc8705cdf41
+	C = 913db740b4b6102b413d330619b2ff8ae2d0d2a17cf65381ac87f67b0a5be9816162505f77984f956b8e1849a6da40989de9b46c475245
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 4e1aeaffa8d64e9c86dd9570e75d650c2985cb0bc95a1946fcaf8b98dc2bf536
+Nonce = 33e86f1d1df9e50ded987d1e73970700
+PersonalizationString = cf272e3ba187aef4d8036e76ff8ea5c33afd09c627b04a2863fc92bf3eab49c2
+** INSTANTIATE:
+	V = bcf215609acc9cdb7fc844e4a7a5e90af73932b75d1824a4336e5336fc1008422b5f3cd2ad21a88189f3d8e57a42e4c373ff7209f00ad7
+	C = 02bbf058082d025239b0354aec70587c28d2a0f167edb1c2f818f1d38546679109433ceded7ead5fb86275c6f011b11ecf8fa203414ab8
+	reseed counter = 1
+EntropyInputReseed = 6f3fa65de621588aaedadb7516bd7ee3179f0a355d0ac218c4052320e8c390da
+AdditionalInputReseed = 567061b9d602ad112b0c43e37278ecf2bc946c126cbbe10c0a7aba01d425d9d0
+** RESEED:
+	V = 326224df3060d42d6428e577677d071867a3bb9296d1ed57ccacbe10bca86d29d7da87e6fad1c9f7bc7767145f04341669195cf6029bd9
+	C = ddddeac4204d01e3d55daa78634ee4ede6ca9b5dac180c1a50e6b0687ce5416219ba8c1b8a4f3188f3f7028c92cfc44293cf886826a6cc
+	reseed counter = 1
+AdditionalInput = 10c0714d47dc3c84069735bbfbf907ead01c5d4ae19c3887c4036868d48d5a29
+** GENERATE (FIRST CALL):
+	V = 10400fa350add61139868fefcacbec064e6e56f042e9fad8498fa7fabe6eedabce7a6bd0f16d9be096e7352ac739ce0e27812b9e2abc88
+	C = ddddeac4204d01e3d55daa78634ee4ede6ca9b5dac180c1a50e6b0687ce5416219ba8c1b8a4f3188f3f7028c92cfc44293cf886826a6cc
+	reseed counter = 2
+AdditionalInput = 876fdd806443fab7234ee6884cb6b8bd628517dd6bd7960963d5237eadbcd7c9
+ReturnedBits = 1dae85ac5116084a8e13ea9fd65cdf3a78a9616960d2a7aed28366b08281ca7d013b84aba09bc3eb768e388b358df88660501f456345a4f0ba3cc0c088fa728e63bacddae0da9dccabc665e17c8da6917c4ca00ed96bf4c39dca3bd38f552afbcf21fd0924bdb077d16818ca1edf54cea1857d511de31316044c3e28da094f39
+** GENERATE (SECOND CALL):
+	V = ee1dfa6770fad7f50ee43a682e1ad0f43538f24def02080d03892d556d34aa2de51f23d1087a0f5794edc30aea63416387678673581a29
+	C = ddddeac4204d01e3d55daa78634ee4ede6ca9b5dac180c1a50e6b0687ce5416219ba8c1b8a4f3188f3f7028c92cfc44293cf886826a6cc
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 8ddc7d79a77013a1a10d9177e98a41bf165abe0d36b7792a5d1b52ceb39ecbfe
+Nonce = 207448c0b2c2beabe3e447f1fd1b485d
+PersonalizationString = 0dab9e9621cd14ecba4e6da2f5b2c7708eac81acacf471bb1d83f539c50d0480
+** INSTANTIATE:
+	V = aae03a8b297640733ba9ce59ce99f0cc9d5de0d993656992c6f995b47dee63e643a9c5e6abc7e9dc6131e951a79d7bb12ef6166f6ef62c
+	C = e02c3f1fb79d7f8abeb15037217c985bcdf694adc1ac34887116171c616cd65e20d78c9f305339875715fe32bdc3e1d7e15d85be4248b2
+	reseed counter = 1
+EntropyInputReseed = f75442b13ba8f36a3680751207644d2cf4716a669da5b7ac79eaa91ccf8d012a
+AdditionalInputReseed = ff812538060335f4dc060ecb5c30b69ff5e38957ddc9103acfee6d8c000c4c63
+** RESEED:
+	V = 8c37a51fe22d3d008e8685131a6935653b86261290e22f7a9ee5dca7b09d9ba3121d3d55a776b99135e147f017c6d3dc30ae212490e7a3
+	C = f17f0516fb79421394c908c5076d43edc6ec87b92288c1d8dbd7a1d41a90ebab73b2a9f5685c063960cdbadc0b3eec3e8bb2e7353fc8f7
+	reseed counter = 1
+AdditionalInput = d5a054a871364d55f151d74bafcb603fbe48728d56f06895bb0585dc572206fe
+** GENERATE (FIRST CALL):
+	V = 7db6aa36dda67f14234f8dd821d679530272adcbb36af2eb8270f4fc19e252bc2ba2086201f9f0b7b7c7fb4de10c520ad5fef9b73e4050
+	C = f17f0516fb79421394c908c5076d43edc6ec87b92288c1d8dbd7a1d41a90ebab73b2a9f5685c063960cdbadc0b3eec3e8bb2e7353fc8f7
+	reseed counter = 2
+AdditionalInput = bfea69d468a619d65535cfd92c6ab2f6c069776b8092b6b114baddb255673f7e
+ReturnedBits = 2f51d5b6856be93eb70f6c0b34b4b9389f0e69953c70d492a4b646aab1707ca6ff0a232f7396e9252483d41324b645775fbbfb94318d58c90bcb962b1e8eadf0ef76a840a327ef40febebdded93fc686e76864801509233443e92ac079e0957d0b75e948bbc50d58f0cd8a1f9667424c6761834ea230187828c2a296641d21e7
+** GENERATE (SECOND CALL):
+	V = 6f35af4dd91fc127b818969d2943bd40c95f3584d5f3b58e54e63225a78397355924ad8b49ffc655da0ea8117913adb9d1a4fc3076c37c
+	C = f17f0516fb79421394c908c5076d43edc6ec87b92288c1d8dbd7a1d41a90ebab73b2a9f5685c063960cdbadc0b3eec3e8bb2e7353fc8f7
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = c00b1ef7d6a23785faf2685002b33459562fac86043b641679298c08565a6129
+Nonce = 72e6cc764523e4cc8a36a60b949404a6
+PersonalizationString = b0799ca214289cc392417ea439995e1e40f573dae68b6cc617f9e995c3ebcf05
+** INSTANTIATE:
+	V = 0f024476a545667a8fe636d1d38fe092f962864b507f7acc07997c5358d858ce8c430f5b2d0ddd9f65af3dce215bd1cb92b089f62c4890
+	C = 232c81c222b767b0c36598483df2a4933456a605836d27ffb6fe3b7d80f6825f534d134a62a5868b2194c38afe5b0f8eba55dd5f61a8f3
+	reseed counter = 1
+EntropyInputReseed = 387fd8785a6ad9010d04c626f0594014667910274812d7a8f8fa00a16383ce8c
+AdditionalInputReseed = dbb72fdf3ed3f2852e1eec30146ed923841b83ed9b2c0343a622c72ba43fbe7c
+** RESEED:
+	V = 2dc12fc61fc26f800b5a5919525bca6214f835530f940dba0514e5817355bdc5144662c6cadf88e285bce7e4157d4d944c9cdae1479d15
+	C = 701ecdf59fca052473a96960b7457a60d9f184e665051c3f69f711a63d527fbae02ef4139bcc325ba10c84caa2fb72634e7aadf7a002ef
+	reseed counter = 1
+AdditionalInput = 95ef4c3ddd100e895572e75ee09af25414fcd727a348c7895d6e85aef2cee57d
+** GENERATE (FIRST CALL):
+	V = 9ddffdbbbf8c74a47f03c27a09a144c2eee9ba3974992b041ef6f9504897c5796ac9222d22810915f3fd6860eafd27890df3f976c7918a
+	C = 701ecdf59fca052473a96960b7457a60d9f184e665051c3f69f711a63d527fbae02ef4139bcc325ba10c84caa2fb72634e7aadf7a002ef
+	reseed counter = 2
+AdditionalInput = e4e310e8fdc0edf676d387dabe59b68e0aab862fecc87bf17d88b20af65c1244
+ReturnedBits = cf17c8db83ffece762d8f68fc5d829b60a8bc6095715d5d1afa2f384dedfe855e768d928fd485edbb97bdc724ed8140a229ab18d38b99d3676d8647d2d1554c9a9406294ca95e1777a40d8535ccfc93f3444f4a0d8c80fe211006a642507fa691d9c780899eb0478d99e768665c903df4ce4c0882b3362326360546533e26ab8
+** GENERATE (SECOND CALL):
+	V = 0dfecbb15f5679c8f2ad2bdac0e6bf23c8db3f1fd99e485f3f1d71bef8673c05d38d870f6e65502bb14f169822a7dcc8e48e6c229f558f
+	C = 701ecdf59fca052473a96960b7457a60d9f184e665051c3f69f711a63d527fbae02ef4139bcc325ba10c84caa2fb72634e7aadf7a002ef
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = f923b3ae2d7ae9a01d6033595ebb48de70b3fe218a0812c0951705a0394ee976
+Nonce = 9e133dd0108d29e54ae621e84f7a0c3a
+PersonalizationString = 3e1b4b0f1b0c0a9118d127b13483145c9af3e645fa9c4ded3a98cd75bee53290
+** INSTANTIATE:
+	V = ab50fb577fc24046a93e63f166231e30ec6a2c571abb768b6b2c2ec82fbccb3a50ea3127cbb90227309cf9f325c1be9afb7135fc9db49a
+	C = 11adf714fa28a52c754f7feaaaf9f1a78344e2fb21d38db7e63e31c1b3ccf24ad52d29320657fce61374333c787efb0daea68fc8003dd7
+	reseed counter = 1
+EntropyInputReseed = dfdc0aff3ccd1bcbbeb4872ce0aca389c84954c6a894c3116e2b650771ec5656
+AdditionalInputReseed = 88cedb20e6f49122f2181b3b677edda0b652ca3b886cd8636649b120dfa93340
+** RESEED:
+	V = 9a9527e295a1df8388e5d370bd84c39249848c11a22501e82f33c5466b8d9b171ca9ec46d6c1cecf75e3143cc7cc347db0cf8ee965655a
+	C = eb470adf5a017dbc7fabee889ada539050f5f900a944ab6d5e24b8af1cee5b1f4319a6aa454f2dae5319a8e5f088d4bfde20a78d84f6c8
+	reseed counter = 1
+AdditionalInput = 7dac9a708211ed329ce4085495d288c168ea2ce3e663f3b52d10c98e5dde5df9
+** GENERATE (FIRST CALL):
+	V = 85dc32c1efa35d400891c1f9585f17229a7a85124b69ae6eca6bef7ebc90be32fdd84d073c6e9f1bc703e668ee69c02b1ba38a3f2c3565
+	C = eb470adf5a017dbc7fabee889ada539050f5f900a944ab6d5e24b8af1cee5b1f4319a6aa454f2dae5319a8e5f088d4bfde20a78d84f6c8
+	reseed counter = 2
+AdditionalInput = 2925d129d353e0d122a51fbe80a33c854ef71a1fd843bbf3fd87cec92bcfb27c
+ReturnedBits = d19daf5c2e001ea3fa1acab0381747e355c427b3321919f0b72576f61a30825decc377b20c7f18a833fe653b7360bb260ec247e37ebd1e415fe278ac1ddfd010133ad3e738f0e80866a595f6b6904285b52a0a1815ea9722c93fbc5f12585a0c5a41cc5a064738b237246bb6ffc09916c3050a5c11aa2a7a03f88166137c739c
+** GENERATE (SECOND CALL):
+	V = 71233da149a4dafc883db081f3396ab2eb707e12f4ae5b7a9f18c9c1adbab5289671375fd3fb7bc45f0adfc4a3739619bbac28cb7c48c1
+	C = eb470adf5a017dbc7fabee889ada539050f5f900a944ab6d5e24b8af1cee5b1f4319a6aa454f2dae5319a8e5f088d4bfde20a78d84f6c8
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = eedb4329a2863036fd4a688b73c9727d7ab374c49d872afb918bc75715041540
+Nonce = 168be80b9327532200b87593580d049b
+PersonalizationString = b2fe15f255750304981aff7cf5c103169def34dd48d07a88b815c10d2c14901b
+** INSTANTIATE:
+	V = c54be7d10d8d597c87fa0aec33f14839f435517cb600f57d3815b5c62e124767d5d833283fb670369b67ac13945f41232007dbcfd02f43
+	C = 7a469a30f60f3a31d0ac10ccf8bdb0327a501403af290d6be2045caad3f783b575f43a41fe745dfd512ad64430756604945df2678677b4
+	reseed counter = 1
+EntropyInputReseed = f4c6b82458acc20a96d8fcd37390004a4e53da30591db093a51f90e952dd71ca
+AdditionalInputReseed = f24303face32915d226affacb32e9d196540016e74e5643c0ea5a1e19b25e3de
+** RESEED:
+	V = a72b486280cd541d16eddf11fad37d1dc028cd311e2bc665c26668c6bdf40f27feb3ecebe60142b1113ba63fec30ced2bee4ed791bce9c
+	C = 13bfe686686c43805a38a55d6897d6616426e15e686c1593ae0985f89d15ee343c6da53706dc8fd6f42ae9bdf8d70b5cdc6c22fdb0cb21
+	reseed counter = 1
+AdditionalInput = de78f256164f8ca5d86b6f53cb0d5e8e2531d316101572fce8c1f54c0da4d95b
+** GENERATE (FIRST CALL):
+	V = baeb2ee8e939979d7126846f636b537f244fae8f8697dc161c72d82f5ce22b55d3a84a19b4694d63e9eb2e1dbc728f3ccd0c1b271ee7e3
+	C = 13bfe686686c43805a38a55d6897d6616426e15e686c1593ae0985f89d15ee343c6da53706dc8fd6f42ae9bdf8d70b5cdc6c22fdb0cb21
+	reseed counter = 2
+AdditionalInput = 1a5ccd5a810302ba5b48cc3d650d19343713ccf47de68950cbdcc884e9bf18d5
+ReturnedBits = e050da9134cf11aec991eb9c4836905b3e530da1d5d4d57c1fcd559ae95bd1ec9c00137eba187ece36842847ba94d3b347fa314c9a74a07e02caa290d3c8e4afec18b0c8fec7d9a0cf43daa2672de205124cf62d68a6165a280a58df4874cb761f89490c29b53b4d2c2a940997baca51ababde810055cba974ed0c6dc0bf0f1d
+** GENERATE (SECOND CALL):
+	V = ceab156f51a5db1dcb5f29cccc0329e088768fedef03f1e7fe19fb795d7e09d753c46b27293f954b0c457edc2ce0697620dd76923a9e83
+	C = 13bfe686686c43805a38a55d6897d6616426e15e686c1593ae0985f89d15ee343c6da53706dc8fd6f42ae9bdf8d70b5cdc6c22fdb0cb21
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 0f4c85f1ba4d662caecf3122856a90b22e55d33454382badd0e7159de4795516
+Nonce = 47581883289982b4ce0e8c2c8e4b0dcd
+PersonalizationString = 4cbdeafdabd81e1ceda48ac3c678ee161870edb79c12cbe9e7dacd8a9b3612bf
+** INSTANTIATE:
+	V = a8e88141f48ead077a3b9cc59c47d62cb8dc1360bb778568d2e2b6dc6986e946d87c744f13b079bbe4359f769db213e2b1ffe64f27b856
+	C = 4c64a076362bda3ccdd73f105da621358a9a7dac1c6633a770925dbe14e7a84e4bf41c5a914bc380ba1e693ccfd35fac617416dc61f3da
+	reseed counter = 1
+EntropyInputReseed = 82ab805948b62b63a97e9acdb7445b6a3ec1707370f65fb278e31826c09bec81
+AdditionalInputReseed = d3d759198b903cd647807bc8c3a8673dfdd4d02b2cbef64d454d639fab0ca191
+** RESEED:
+	V = 8eb0a318c7ce54c062abacbd48fe98692df4696c5f53983556b779c263708be6a8b53984f6147ef8705b364eabcb73e93780ab849829e5
+	C = 461f88adad5f18bb9880648c159c628e8add860c073d31dffd2e067abc17746a5cc5018fb639c02f9b6dacac246f427ba96e1cba7b1158
+	reseed counter = 1
+AdditionalInput = d6e9d018f12aa77bcc69f27959366b2a65b64cf3687c2915b25184a7042a398e
+** GENERATE (FIRST CALL):
+	V = d4d02bc6752d6d7bfb2c11495e9afaf7b8d1ef786690cade3a9a3e3a1b4bccffd598b5344c6632f43bbbce546091ed1284f1425f6db4b6
+	C = 461f88adad5f18bb9880648c159c628e8add860c073d31dffd2e067abc17746a5cc5018fb639c02f9b6dacac246f427ba96e1cba7b1158
+	reseed counter = 2
+AdditionalInput = 2d782b50a77e9fbba42891cc473636eb77e7f34dd3a8969f3596d9ffec2c612c
+ReturnedBits = ab7acb09532509250eb666fa85713224fb16787a1eac4286d6e01caed14600bb758a91a6aa7f4d9d9eb5dd1e4098321c5fb3a3a63fbdd255b014217f36af86736ed1e0cccb75e06b88244506c2b8a9a2e14306ca4794e2f2703b2ac0ce8fc40c7dbdf8549476c69af884edfedbeca9dd247ddb8f3aed3c846b23a04a7d98d7c5
+** GENERATE (SECOND CALL):
+	V = 1aefb474228c863793ac75d574375d8643af75846dcdfd989a9095a76f221266b20aa64940dade109104b3394cf54334a21fb20c56fe68
+	C = 461f88adad5f18bb9880648c159c628e8add860c073d31dffd2e067abc17746a5cc5018fb639c02f9b6dacac246f427ba96e1cba7b1158
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 8feec97bb3abccd5fa832d0141baa044ce48b8a38dae7b045d59e21f83edf9d9
+Nonce = 27fc14480310dbbb58f2a193723363d7
+PersonalizationString = 243f37f1c6c20edf6618db2cf89726499f2b958c1a1cf05fabba0bdfdd5a737c
+** INSTANTIATE:
+	V = 5803bd4b1ef4e49064ba10f6d3a97d12d04a97cfe4a94972c048b8b94fb7f3445747e86c0ccf30824d9167d556c0aefbc29d339bc35ccc
+	C = 2e37f9553fa3d8950d007d081ea28f8506a9823bdc70a4b3fd3cac92d0d65830a30278c5f273c451f9622033d221ef98c2d34ac0a96a25
+	reseed counter = 1
+EntropyInputReseed = 975125efe5f4d162683ffff9077a8acfdc206d5db3b9421bfaf90aadc14b39b5
+AdditionalInputReseed = 3eb73d2ed88385299cbd7bcfca64d044fe07077d477a88f553062b68983fb66f
+** RESEED:
+	V = e69f12a534913566867fa3593594e786567da70fe0cc88d2e61d59195c2a2c74549a81cb505006041cd07981e8b0eddf3174d726c20a8d
+	C = 9891eac6ef0af042abfb777b8d5ae5c1e65d431523c0c1ad90034291090aa7d034ec292dc4a7958a21a9d9eb825ca50476e264d4a0a555
+	reseed counter = 1
+AdditionalInput = 40a1b0817cef672424bb9792a1f59b124d858ae5cc2f147e292333fa3202bc2b
+** GENERATE (FIRST CALL):
+	V = 7f30fd6c239c25a9327b1ad4c2efcd483cdaea25048d4b86d4253658b954dbd4369943b5e314e23d79e94848a5da009e0c6c9f2953c3a1
+	C = 9891eac6ef0af042abfb777b8d5ae5c1e65d431523c0c1ad90034291090aa7d034ec292dc4a7958a21a9d9eb825ca50476e264d4a0a555
+	reseed counter = 2
+AdditionalInput = abc4e7bcc8e8a1d2553250003655af306906619d6a5f7a123673e11295fcf02a
+ReturnedBits = 21baa005f6d50c445ea38fa22d032ba8bdd6de26111e095346155772325f5b689cd949cfb0ca7e7dfd54717682a8e2dbfe763cdc4e4e833731242a646d975bba8de8d9287721a8b86bb4e1a5c2579f435328b6a0c25aa503214bd2611153fc57cb82eaad0e25c301785f19f0eaf1176ebd8f3a9245792462f3bf131506474752
+** GENERATE (SECOND CALL):
+	V = 17c2e83312a715ebde769250504ab30a23382d3a284e0e280cb56d1e9f8d8183663fc083e8f184420dc736cff66694459104601e86bb84
+	C = 9891eac6ef0af042abfb777b8d5ae5c1e65d431523c0c1ad90034291090aa7d034ec292dc4a7958a21a9d9eb825ca50476e264d4a0a555
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 490f6e4650c9ab12f4c105ef52ca94767ea53fb9ec2ee7dafa19ec239164342c
+Nonce = ffbcd82d8c861eb6c72ec07e7c746f37
+PersonalizationString = 169a4b7dd371ca6ad717aac91fb7ce06fca342ddc920f8b35457e99a3297e47b
+** INSTANTIATE:
+	V = 56454cfe99b41ee7f336925883048d5bcea5c6c2e5fa8cbcc607585d88e179bd1944e8b0a26953ccbde9d7a109e63139385ef1008f0927
+	C = ee79793b63e41dfe6a465b042471f3bb8a3464f73b2e3e16a9de819a34aed4d40b981dfbc9ed2189dbd55ff9c610892fcaa7434b436e69
+	reseed counter = 1
+EntropyInputReseed = 8e2994b574eeb0551d624685e0b3257a311e45155140f5ff01aef6fd7e260258
+AdditionalInputReseed = 6ed796414045ead36d2612129f683a23f911f2121baee64e3202c688469c3fa5
+** RESEED:
+	V = 38fef7ea08684fe04eaabe8abb2037d228a06f2f7f5e0c4674cfa4a726e24dce5971410e7cbd400db6778d2f3d3a6947691fcffe0664d0
+	C = 9049083d3a32c8993b116231b27349eb031e64a9048cdb6c5ec54acce41e475134ca93b5ae5035f5c7b21a1217d2cc6ddeb640f2bb0956
+	reseed counter = 1
+AdditionalInput = 44cc12574e3e5e4117ddd9c0cb18fb17b5201ba744a7a7c11819c39f8efa5cda
+** GENERATE (FIRST CALL):
+	V = c9480027429b187989bc20bc6d9381bd2bbed3d883eae8abcdce25960bdd5f1242b94ec50c5d43cb1cee422252ad8ada19bb7384984fd9
+	C = 9049083d3a32c8993b116231b27349eb031e64a9048cdb6c5ec54acce41e475134ca93b5ae5035f5c7b21a1217d2cc6ddeb640f2bb0956
+	reseed counter = 2
+AdditionalInput = 54569015831558360a787ec1030be8ed20b1d098746b8515d9846e5dc47b805b
+ReturnedBits = 99c0fb997b9b76c152a92845ea17080a699bf634a2fd8b29c341a67a89105295e05c0f6e6b993cd88aec303307b0c79093050b5b1b7ee881ad41137c699c4a004bb335ae2d5fc62e71440a08e25e78ac19a86773bc7726ff2489714ee632d7a433cb2f4fb3bb2d70bd92b4cf6810d21b3a79932d18ca3304883357cbc1611692
+** GENERATE (SECOND CALL):
+	V = 599108647ccde112c4cd82ee2006cba82edd38818877c59ac2314c9b15c5a06989d414bfe90bfadeefc282750fac6b38e2164a8abf2318
+	C = 9049083d3a32c8993b116231b27349eb031e64a9048cdb6c5ec54acce41e475134ca93b5ae5035f5c7b21a1217d2cc6ddeb640f2bb0956
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 85483423600e93df98ef818614a6df509c813738874795c44e4ff803969e29c4
+Nonce = 4202283f153e44d32dabcad1df174d85
+PersonalizationString = 0a68b945e49c0ec9d35563669fa3b92b3eac0e15292d274eb5d2510af0756a7a
+** INSTANTIATE:
+	V = 7dbbf96bed7519867d9b7157d42dcce64d3ce47ac23b761329223ca91255c779c6719927fe3e0260b001216100d874de0471e7baf8ed7b
+	C = 52645af4735ed99cc1402b05d20d2bb0e3cd2f82b68bbabbc05bd46d50a675237e81435c1b9b6c1512a1ff5386b23a0981cd275c1d1c77
+	reseed counter = 1
+EntropyInputReseed = c6344253e190c45a41937406dab4dede45e90f57e0fe5b727c1ec60b3236ae44
+AdditionalInputReseed = bc836b536e71bfddb67fe77473194236f9920d555b3d174e293cd9ebf15197e5
+** RESEED:
+	V = 42e9864e21fea40f0620e3826c8a1892686e68e1ce90f416659a4059962b53962e59b579baf266b964156521fc44e408df0735e70550eb
+	C = 9f0d95eab77e6e08f4f740672bfeffa8c1a878f101cf2687a78d4d05b4768386a5fb853a498c97a3d1595f40e94f9ac7516c723a22062b
+	reseed counter = 1
+AdditionalInput = b11f7c1b60a1223e5c514690edd2d33227df3326a99ed3a3aeca94b5e7c7338c
+** GENERATE (FIRST CALL):
+	V = e1f71c38d97d1217fb1823e99889183b2a16e1d2d0601b91c9d2b8e83d9ebbfa0094d8c5079994a40daad22e32cda8af4cd7300098c4f9
+	C = 9f0d95eab77e6e08f4f740672bfeffa8c1a878f101cf2687a78d4d05b4768386a5fb853a498c97a3d1595f40e94f9ac7516c723a22062b
+	reseed counter = 2
+AdditionalInput = 32cdcf759e0d7e1a728e1cd2bf4de8dd225c7dd576da2a565662a3d28d8d3a6d
+ReturnedBits = 1e344c946cb6f54fd2bc17753929ee881e5c6da0eaca9b24c071cfba6919cf6d9a17c42963ffa93797f72369811e9f3c0cbe7aa6f62cacd9a8698e969caa0b8c37db7ef9cddccb37f5205bee6190696a45a7c527baa49524439e67ae259897892394bb2ecd4bc7e112f3eb5212e9b9bbba544aa195f06f2a24c2929243482291
+** GENERATE (SECOND CALL):
+	V = 8104b22390fb8020f00f6450c48817e3ebbf5ac3d22f434d8d4fc17058d6b288d6d60454a47e91da4d13f1eb75192c9425bf6e521ee5d7
+	C = 9f0d95eab77e6e08f4f740672bfeffa8c1a878f101cf2687a78d4d05b4768386a5fb853a498c97a3d1595f40e94f9ac7516c723a22062b
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 1ff2e1224ecc0209b6d10c6f2e37ae1aa50277877969d1a9297a9c0c4be7bd97
+Nonce = b2ad995861210b4a2bf17b8d1aa7d45a
+PersonalizationString = 
+** INSTANTIATE:
+	V = ba4786a597e4442480aa7f9b09dff0c0d989b043c0b2c07e665a2446a26ab79a8e5c18be1bd5efac220a663ba9b348c592f416d94425c0
+	C = 139b00247bb74f8c4913b6cbfc25f76150eb8f4ca4c36479ecb3870a8a23e86932b08fb7c08640ff7c2b57bc2207c7333cf9b3a1f3b27e
+	reseed counter = 1
+EntropyInputReseed = 904cb3b7c3a9a47a178905fec0a947c56d8bde27dcd13dd20c8c265a9a23cdd5
+AdditionalInputReseed = 
+** RESEED:
+	V = 1111d8a1ef2a4be9e328a335ffb4577641417108a3bfc6388b8fa898fe0d7f96cea0bd52780cc36c0fcb64eaa7feea3e2691ad49621f0f
+	C = 60362e77fa07c92a1ba03280a3042c3884639a8d336923f280aaec535d0ef1487feff169581af80117e3822a893d252665d3af074225d3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 71480719e9321513fec8d5b6a2b883aec5a50b95d728ea70afc0774957189454d1b4828b83a4797f538d78aec64aa9cbe45d5c58998591
+	C = 60362e77fa07c92a1ba03280a3042c3884639a8d336923f280aaec535d0ef1487feff169581af80117e3822a893d252665d3af074225d3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c86c0f7a98a82dfdc7393ca2489b2aa500bc252d317e1609999e327b3af2edf1dc08ae70c816603f66e69102df00d104b6cdbbada6807094431d092fa4fb39cdd39906e35cf3c55f9c5614c6f04deb8337e6d32d5d146faa76fdc0f235dfcc6dc71768e10d5b1656984938212ccd7a874877b6283894e8d8c62398ee45b65fad
+** GENERATE (SECOND CALL):
+	V = d17e3591e339de3e1a69083745bcafe74a08a6230a920f41b6a3d34f05ad47e05abb8f2e8e9cdc657c5782568ae712b873eb85702178df
+	C = 60362e77fa07c92a1ba03280a3042c3884639a8d336923f280aaec535d0ef1487feff169581af80117e3822a893d252665d3af074225d3
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = a546812a0615295d117d1196ae893048ac6a89ac184c19e4232b5071dc95abef
+Nonce = 7faa20dc700024eeb8433bee1f07a760
+PersonalizationString = 
+** INSTANTIATE:
+	V = 57a1711362d8d2ee37b47a14500ded1aae8ebd7ec1f98ee9b2a972e0f8e33b7f73388108f3866341c9b549b8eddfdca0da435abf37ebb2
+	C = 2d754f9f2bcaa196cb7777a5c8f5f9650e9615e134bc37f503f683f4bd4d46703a878450c2c08f27e120e21087304cca9c34f646add27d
+	reseed counter = 1
+EntropyInputReseed = c9eca3d43fb3a3dd69b4e2be87e63919ae815d9458366d7c16c1794e2f89a6d5
+AdditionalInputReseed = 
+** RESEED:
+	V = 27a996c207a2a11c5b2cc4be87b63e1e63a61be4111514b255c1c3f8c8b94b9d028d179373d8c27b0b7c8db1a254fb5f42e3e16701c32c
+	C = 3237cd020752cc3168c56342718bbee8eeea2372a12cd3cbfce81edd9ec7c794a5a10e69413797334664c95c85a5e4afd1570f70c6835f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 59e163c40ef56d4dc3f22800f941fd0752903f56b241e92c8768980420ef53c49e57822c03b2172da5edeb371fd25ae3bd0eca1ae5edf3
+	C = 3237cd020752cc3168c56342718bbee8eeea2372a12cd3cbfce81edd9ec7c794a5a10e69413797334664c95c85a5e4afd1570f70c6835f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 66bc375d9ba8ff44585a87d356ca6e174381feeef7e74fcad8ba449222f4c2c5d9456fd280fef3b8797103c15c38c801e96ea50f8a5b339abe3ecb646478c1b08b875d8447a497eceacc55adb5caff32d01e3e19047fd16d2c1ab6f7b7124f0a24b75e3700292affa4149954cae934b91eb7038df811fd29f9513a15ed80dcc4
+** GENERATE (SECOND CALL):
+	V = 8c1930c61648397f2cb78b436acdbbf0417a62c9536ebd8f4979a50c121e794955f12a01159dde519c9ac911bb7b7c83e86cdf199c9522
+	C = 3237cd020752cc3168c56342718bbee8eeea2372a12cd3cbfce81edd9ec7c794a5a10e69413797334664c95c85a5e4afd1570f70c6835f
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = b46f9e405478ef1b3f5aa9721865dd0d5941c3354cbc22aae331a97a6abc36ff
+Nonce = 6c5972f140e6ed1b5439f4c6889365f6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 51271faec0e8143b8eeb2e51abd4ec492e0b8eb56854d89f2b99a0f0a4c1caf0165f2297037cff6c5a3cb5baa0e1b193b50296c3847aa8
+	C = 69a67fba6258a4b14c3d2dbcb7a1e37575fa6cd68b6d2e9612405e40b2ba31daba292036458cbdfffb317ef29bded9ee979c808ab792be
+	reseed counter = 1
+EntropyInputReseed = d20393a7e9af4594b08f7c3b373c29699d30ed666510f2a7d83adc02d4215a15
+AdditionalInputReseed = 
+** RESEED:
+	V = 42f3d1ffa0307581b952e65fa1361772b12457e241d3a8a2affc9cc08930c6ac29ea3b292e9674b0827963fbe5fc0c224c8046710da9cc
+	C = a060e70bc133c589a906ecffa8aa34b7bbd2dc769f9062c7947f4e6fc427b2e00dfc755fb1865862aeac63650483a188fb120cd4fe872f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e354b90b61643b0b6259d35f49e04c2a6cf73458e1640c21054b081059eb9c1f078c792608fca8ce5aace2b05c3bd9d67e6ee93664175b
+	C = a060e70bc133c589a906ecffa8aa34b7bbd2dc769f9062c7947f4e6fc427b2e00dfc755fb1865862aeac63650483a188fb120cd4fe872f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 483b37e0d132120586977db64bdcd9b8569dcc95111679f7c51cc015cc62266ad2d34db5f6542acc01a6bbfe6b919956fa04eed0ffc781023d14522c00a480560228b22b33974395e6a71a5a01a18b1db9c391a486ef8a8a4777078132ffcc5d6772764210b363aa5e0131f39b30cb26d44f5b0d6d158403573b22b46275470d
+** GENERATE (SECOND CALL):
+	V = 83b5a017229800950b60c05ef28a80e228ca10cf80f46f9f4df0fa34c2eea7ab5ba9024c81b6e4b3fcf3af1e94bd6ad44ec6349e40ff10
+	C = a060e70bc133c589a906ecffa8aa34b7bbd2dc769f9062c7947f4e6fc427b2e00dfc755fb1865862aeac63650483a188fb120cd4fe872f
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = ef7110f7de9e38b51e2f40330ef62444c6c355763c8aa807e7c9c4b262231ed4
+Nonce = 87dab385f835ddcd2b8441c2b4eae419
+PersonalizationString = 
+** INSTANTIATE:
+	V = ac3f71a31b30b099add7044c5ce0289dff1f01c2772f1c7bd4e82eee6f66679c87a988321678a2172a305e142f44a43254cd0bfdd47028
+	C = 72f6b028645f11273ab1e16974bfe0b24b7d3b15c8a16dd44531350d775aa53a319d74329d66f2367783d0b13aa0965e97325dbf763445
+	reseed counter = 1
+EntropyInputReseed = 1192e75d98cc596a860c6c20092c035db5fa1cc132ab324de2d55a33cf2aa25e
+AdditionalInputReseed = 
+** RESEED:
+	V = 9953819d3c6fe24a6ce6abb0874b7f54fee94bf3caca515cfedbeb78c49e6dbaf4287383b44ba73c2fdabafe39b8dcfb90a1c6beafc790
+	C = 58bfe6ec2c76ec5eb3d6cfd79c1ee62ed16dde2e28349619d94be8261ddb26f57e228406f327ef93ba80c8d7139dc1b2e58f09e8359880
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f213688968e6cea920bd7b88236a6583d0572a21f2fee84d62e3d8d34d2574d78118417b88e58cc2daa3cf54ea9ae0f1c36ca836fcbc9c
+	C = 58bfe6ec2c76ec5eb3d6cfd79c1ee62ed16dde2e28349619d94be8261ddb26f57e228406f327ef93ba80c8d7139dc1b2e58f09e8359880
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 360c9bf276ae2a6b546a01708618697adc1cd9b9be198483e366da91653b419914fb1957e64aa7080e5da9f24059c2dbbdaa0b84d24a8c5db7c2ba52fc1a5315bf409a14aa5c88036356b9dfa36461e69d82731b08639de1e78af44e9bba08459560b9f8a31b8b11329f5ffc745e09116bfab7dee8b8cc8841063f62241428ae
+** GENERATE (SECOND CALL):
+	V = 4ad34f75955dbb07d4944b5fbf894bb2a1c508501b337ebce4add04f0f00b4c4f32a372b6c1c350f54eb5f064583ce40dd9ad3f16082ed
+	C = 58bfe6ec2c76ec5eb3d6cfd79c1ee62ed16dde2e28349619d94be8261ddb26f57e228406f327ef93ba80c8d7139dc1b2e58f09e8359880
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 0e97de682641c130faef55e3c907ca2a3e7ebca4f925fcb900717ceb78dd80f4
+Nonce = 5a7afcf43ed6b38e4df581377f18348e
+PersonalizationString = 
+** INSTANTIATE:
+	V = a4b975e6d9ccdfb95a6af5f77df4c815e25b1ed0dd458542791e4574c589b7bc21e11a8dee6f7284c32de969f6658e052aed7f9fa348cb
+	C = 42ea358a9b534a9fa09612338d1b17d6bfd32c742f4387eb6da96e7ab9e49531352f38594aae685702b4bd894f2047ab37e7b89ceb31e1
+	reseed counter = 1
+EntropyInputReseed = a56fc190695e6bd3576800695df8c6442c741eae8ce8cd40233ce212f1f44e54
+AdditionalInputReseed = 
+** RESEED:
+	V = 2b226205ad7a74a19343d6bc8c71fa6c8e938a1011ddefb7199a497afebc0e4c34c223a7fbdf3ebc3abeecfe8762f836d75ea3b269a52f
+	C = dd20e356c66f567f38148178ad73d30857c5e4afba913e11e79578259b14208a78ba7c54ac972d8938ea6aeafb801b3baa0d6b13c3ab37
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0843455c73e9cb20cb58583539e5cd74e6596ebfcc6f2de22f81b365067574537f67a0cdd30d60584e04f324fcbfd8e67bd80800542028
+	C = dd20e356c66f567f38148178ad73d30857c5e4afba913e11e79578259b14208a78ba7c54ac972d8938ea6aeafb801b3baa0d6b13c3ab37
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 094bd0c3921904598051147d69b146e1f666931aa68e7cdbbfa283cc70965d7ad116309b4fbb1308cf509183f07f746831ef90789be29052982b6fafa008c2d6098547988998fad80c4bf54abee938fe5e9c7429fe5ce30e31599c3048222b13f3cbbcb607b6a1da4a9787c51c48b1ac4c8aa0e9b68db4202af3ec49d95d133b
+** GENERATE (SECOND CALL):
+	V = e56428b33a5921a0036cd9ade759a07d3e1f536f87006c2fbdefcc7baf56c33fe3e7dd3823b704b8154b31b5c8460ab2140b4001efdb69
+	C = dd20e356c66f567f38148178ad73d30857c5e4afba913e11e79578259b14208a78ba7c54ac972d8938ea6aeafb801b3baa0d6b13c3ab37
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7ee466e3551f237fcb58ec5867a390368b152a833984fc4dc4183ff85aa20e29
+Nonce = dd973b97447ccb91f6a9362d9e0865ea
+PersonalizationString = 
+** INSTANTIATE:
+	V = 02ac6b63c0bbf10aa6cf6553197f96ccb9d23408a965e7147aef96ebc6ad420c9531865d1e5cf052abd063b5436c9f55c6ee9a6146a366
+	C = 94b61a154b5fe4c3bf385ceebac8827960d634150acf243d09009b41f74f365ed929069f821f67a5106adb4589f53195bc5bf54a6b2596
+	reseed counter = 1
+EntropyInputReseed = b5301777760303ec25e44f00cf152f230836c736fd11e02e2bcd897c8263a069
+AdditionalInputReseed = 
+** RESEED:
+	V = 84e0a7154982d24d4c95097f0fa13dec64190e4ff73a4ba5c79a6481b042d18de83f695b4c71ad4a2d68d321cba4654c418b35b543f7d8
+	C = ea31403229ab684c8c52c5b4effdbbd80ea026f8553fd14747cced76fef9289856c1768a0f5ec2453cd4c396b9c8526d66dc016e01b905
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6f11e747732e3a99d8e7cf33ff9ef9c472b935484c7a1d5349dd36fb7502f1f9dd10ba0a124a48c69dc3222953c415b9a8156ab583c8bc
+	C = ea31403229ab684c8c52c5b4effdbbd80ea026f8553fd14747cced76fef9289856c1768a0f5ec2453cd4c396b9c8526d66dc016e01b905
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e7463dc9f6b8ce7b3e49514099d27854857812e88e22cdaf016c7ed37254ac26e5e512d039bced76d4a4f1982f1cb9f7a5996e551d96518c1cb3467d335a116a37a0326fcbc9633db266b63f76c24ad963b01b7af8109cc2ca626dcf0585a994e9263861a4d0719ea6a18234f98e4efc40459d408b40ffb08367578efd2d7d1a
+** GENERATE (SECOND CALL):
+	V = 594327799cd9a2e6653a94e8ef9cb59c81595c40a1b9ef3edda5f90e9d5cb48f05e78b16cb786bf41ad25bfd8dd2ed4c821245e6548748
+	C = ea31403229ab684c8c52c5b4effdbbd80ea026f8553fd14747cced76fef9289856c1768a0f5ec2453cd4c396b9c8526d66dc016e01b905
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d2385852c5c6155fa303d8e3f781bc63f4fb1eed95270768e41654c6fabd8fbe
+Nonce = 7822c35eabea5da463949a4b7bd61e33
+PersonalizationString = 
+** INSTANTIATE:
+	V = 94aaacb1435812888865e598a6e12b549197fa1ae5455e506703d850fb8c96759d93ed40ee7dbde74576b2bf3d8147c95105ed5ff23d47
+	C = f3b765f358c190a4bb0a399503f1e927ad85d58fa0c124e2464ab9fdc57d9b224168ff35cfa1ce07ca74120a572950c7e24e3aa91a5daa
+	reseed counter = 1
+EntropyInputReseed = 66ea25d238c685bb796e1aeb414162e168ad6feae1571cd6aef80c4fdba63ec8
+AdditionalInputReseed = 
+** RESEED:
+	V = a01af0d1cf8965037cd619d65f02ef3634ee819f4c1180d26cb30a6f0be8f120193e1e38ef1d86484ab005b06eb5a1a8427a40e89e9534
+	C = 29bbc4132370f5df2461cbcdc0c8186f4348ad21d307dab42d0b9bdff6976be882163d208312bfc48ea6b333c75580866edc7202c0d2cc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c9d6b4e4f2fa5ae2a137e5a41fcb07a578372ec11f195ba294bc936882bb0563b2a6f5f5c085fb0aef001399f884e5396e94747c833707
+	C = 29bbc4132370f5df2461cbcdc0c8186f4348ad21d307dab42d0b9bdff6976be882163d208312bfc48ea6b333c75580866edc7202c0d2cc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 89a5d28d6002ca0040edadbf4cdcc5c29c7fac6be29e392c1deca578f87d4660d0438bf0bb4b7f8bee8cae8b2d1e0a4e94ed66d34aa1dd09a959196c7134ee6804645ffe6b07405dfba91a91d01855dd99c79f64a817f4e516c180e3c67982b7daba1e3b923d63e56bbf333dbdb593c808e5d039028e17bf90120460f29c219a
+** GENERATE (SECOND CALL):
+	V = f39278f8166b50c1c599b171e0932014bb7fdbe2f221373fd7899989a75f97b25c3017175caa4f3cc728fde4de27646b41e7832a141980
+	C = 29bbc4132370f5df2461cbcdc0c8186f4348ad21d307dab42d0b9bdff6976be882163d208312bfc48ea6b333c75580866edc7202c0d2cc
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = b42f35fb21dbe8699fd509bcdce843d272330635543f46dc6876744c0876054e
+Nonce = d6a303f462e036e835594f68abd2bf1f
+PersonalizationString = 
+** INSTANTIATE:
+	V = be8e95c88e897c3686c6234bff625d91c7f4e552dc63583f337a31e762aa56f621e05142f69164fb17311febe51facbfec2000d3e94488
+	C = 814879caa7bf519e84ddb772de5d6c1ecabcd170cf19a1650e613960b628e0ae60aeb989192f4498c48b2caba72b447d07c174b83ab9f3
+	reseed counter = 1
+EntropyInputReseed = 778c67bee069d331784e05a122da94cc8d371a1504d49951c0f1febed8617129
+AdditionalInputReseed = 
+** RESEED:
+	V = 81345638e8b585e85b89ade719adac29681ce65bcb23fee23f9e3be4816fb1e4ce595411d9290331c6c816b9a38ccdb5ac0ad2a393b9e8
+	C = 7434b3ca81f4ea032b2f5d82a83c0bd1204f855e8945b3aa544fa8308f62d2337d27429e4e5cc996ba2a34c50e1cc5b0d86dfc826c61e4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f5690a036aaa6feb86b90b69c1e9b7fa886c6bba5469b2e6b302b657f384abe2a53a943a43d16d67748cbe5d1a0bc6a5d1ac98e3dc67f0
+	C = 7434b3ca81f4ea032b2f5d82a83c0bd1204f855e8945b3aa544fa8308f62d2337d27429e4e5cc996ba2a34c50e1cc5b0d86dfc826c61e4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c2ab909f94743581b4b87dadc590fd755e1cd4dc7017996d2ddaaa5161f0e4a9d33582dd783953c0141f6c1538a18c1a7436461d8528c71f2edb90fce3cfb67abedcc15b38ec7998162852f1300d098cd99b097b022216d027c273bb23c0405a1f683563394af4304cb9d3b4be6b5091fcbdd99e0b0ace9ac32aa7e5be4f1cf9
+** GENERATE (SECOND CALL):
+	V = 699dbdcdec9f59eeb1e868ec6a25c3cba8bbf118ddaf66a81d76d63b6b19c8d08ac7c19a82c4716d3207559b6efe3c9f5b225b28bac618
+	C = 7434b3ca81f4ea032b2f5d82a83c0bd1204f855e8945b3aa544fa8308f62d2337d27429e4e5cc996ba2a34c50e1cc5b0d86dfc826c61e4
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 5843ad1a6d301cc041048b326389669b1d2e208c6c5d119bdce5361ded3a31b2
+Nonce = 85d3094c3570ceeb5e341baff8f33e8e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 655e6a4203210c0561d3191cd9316d92d25e36ccb26bb4a0dac0b6f40d944de1a52a296808c587d8a8a1748ef16a8a0d0d1d486637c963
+	C = f5708f1afbe9b593e6e6d43e114cd168182589fc658815b91d74177e1f0e12fdd299a5f8b2586e8b1a0691ab4c0c03406d74f703207574
+	reseed counter = 1
+EntropyInputReseed = a2bd04efa70681c17e8cf26ad6ac9af5eeb627d804b57d547ee2720df051d700
+AdditionalInputReseed = 
+** RESEED:
+	V = f1332623a3ea1c48d13591b9dbcdc5df4d74dfd408f2ce2657c31bd518efe773b52585791572fccaf7e084e7d43c21493f53cfdda1e4bf
+	C = c7a339977f2523e12813fcb2fe299c4feb784c89d36b15a23bf8a64ecd6795c9f105db370c7f778a4c7037354acea26607e86ff86286c7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b8d65fbb230f4029f9498e6cd9f7622f38ed2c5ddc5de421ff2f9ed7483bb36a2ace5c5fa1db167c5d13a5e8d147cf141bff0db8241d64
+	C = c7a339977f2523e12813fcb2fe299c4feb784c89d36b15a23bf8a64ecd6795c9f105db370c7f778a4c7037354acea26607e86ff86286c7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 721c42ef800e80e148976677ad39c200b8f51e205b5bfaeb76f70b8f4c21463369366f0bc03df06ae256393fe14393266e86d4242ac27a93b4a805e300ca8c1d5f2735dab3529023d811ea4105dcaf6f4716e11e767ee20d536c462aba70e1045eff5089173e82cf9262110b371a378adc3d3cfe77b7ea4bc4683398a63ae91e
+** GENERATE (SECOND CALL):
+	V = 80799952a234640b215d8b1fd820fe7f246578e7afc8fa12a4112b7b30230a3497c9cc276a21c247c0c73499186bd1008242c093a69f5b
+	C = c7a339977f2523e12813fcb2fe299c4feb784c89d36b15a23bf8a64ecd6795c9f105db370c7f778a4c7037354acea26607e86ff86286c7
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 807e2df37d4dec6bd438bde7e8ab9f177cbbfbf952c8f2d13feb04503d6dfaee
+Nonce = fa04ad1c39aa647be41ed1782cb8bc9c
+PersonalizationString = 
+** INSTANTIATE:
+	V = a780cf899e70dfe616f352bd003c29a242397aaba7a2741fe352cb1f221ceb650426aae78a0703d041343fa18816fba8d1b4970bb4bc6b
+	C = f95f55014c58fcf7a1f2cd26bb02fb144a6d4f25654dbfb430021b14cb3576b1ca922408ebb62d409c826fefad7787e88e6b99ab093d30
+	reseed counter = 1
+EntropyInputReseed = 21d8bc6b50d1f5a8ffd4aa65cf867a2c9e92d9e355793c606db74dd873203508
+AdditionalInputReseed = 
+** RESEED:
+	V = 48157a4099db13a3b051303a3d121f7bb29f104bbdf5f3c7e38600340bd689674d691c3424f3fe04ae82a5346446c71ad81bb81e5f5972
+	C = a28eaea2de53573eb1ec164bfe6c0d84bc18da89da71a7841639720f3c71eccab66f30fef483a3a9f2fc3bc8ffd43d1a76a862cc72c519
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = eaa428e3782e6ae2623d46863b7e2d006eb7ead598679c00edce2f3f6188d3746ac0878b8027fae35cc2eee8bbd28b446bd16fb7d8ec81
+	C = a28eaea2de53573eb1ec164bfe6c0d84bc18da89da71a7841639720f3c71eccab66f30fef483a3a9f2fc3bc8ffd43d1a76a862cc72c519
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc2af6fe5a4902e6e18f1ef16288e6f1c668a3a0e3d510d5bc99c2a3cb0571797401e8acdc8f55be4afe58cb1a99aba35ce43d02e3b2f2660cfbc0f67ff6d8dc44875aa8b3b24bec5e3cc547a2a0973cad338c9a8f5b443c6206fa34e098c9d8ba36a698ddc241e7e13b50bd38150ed23c6453ee713010bfe738d74e332cd847
+** GENERATE (SECOND CALL):
+	V = 8d32d7865681c22114295cd239ea3a852ad0c55f72d943d8b90c4a2d2fba4487d0e42144a259e96c68eada77d7fed57a2f800b27e75983
+	C = a28eaea2de53573eb1ec164bfe6c0d84bc18da89da71a7841639720f3c71eccab66f30fef483a3a9f2fc3bc8ffd43d1a76a862cc72c519
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 94ca5a2acf0c9800e24a49c589b01a63a8f3041f781e4edd4169ca362fde314d
+Nonce = 40aca3c6311f756960944bc0aae76d0b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3cc4906862484534652e36372831fcb5b9c5a6d28371e670e1565873abbc9920d9694eee71f22d262a1b6137e67e1c414c023b37559b39
+	C = 4243a69dbf6752a911c1c3dbfac8271cedb713486260ebb65af9fa62d6cdc4e9cddeb9c5775a3f4979ae0706a08ad309a1fa4ecb49e9f3
+	reseed counter = 1
+EntropyInputReseed = 6e395f3ff2aadff1befa28cf186c74493dc16af7c85e92add81868e10041a402
+AdditionalInputReseed = 
+** RESEED:
+	V = 67badc7b641014458190eeb730a980985a485813b32bba193a51db8f63cfc74d294fa960c2d4666090b0b8cfcad4185ee89ee9377f7422
+	C = 7b274f0c33c450457e56b61e09d00580a60f414d58b9fa6fd2d2403075fc57501716dc9bd03261f677a059b73a2e43e2ee6fadb64039c6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e2e22b8797d4648affe7a4d53a798619005799610be5b5131a884e91c08fedf642e3918f27fc33197c6cd5c94d702bab7c80fe2b797800
+	C = 7b274f0c33c450457e56b61e09d00580a60f414d58b9fa6fd2d2403075fc57501716dc9bd03261f677a059b73a2e43e2ee6fadb64039c6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c9d7168261e6559240a56f6bb693617cb65a28abf85056fc645b14cde35940f03c1ec34a73be6233a3502d44218fee228cb35044b7faad4ffde6e0ef5adcce8552345fc3a63a961c7d0cb95f384b015d5f33c8039a9780ef77a0cdfc2f4419a7fee7200299dab9e810f07433b1ae8942ae79c7d6d74353abf497e6d8806b3822
+** GENERATE (SECOND CALL):
+	V = 5e097a93cb98b4d07e3e5af344498b99a666daae649fb0008f2faf16d3bc68b42736256cae704977c5f9927920e72ca76abc9506756cd3
+	C = 7b274f0c33c450457e56b61e09d00580a60f414d58b9fa6fd2d2403075fc57501716dc9bd03261f677a059b73a2e43e2ee6fadb64039c6
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = ae1f463c7342a222d8805018ae790f42da9cda8550efcc8fa119733256224f10
+Nonce = a1cd25b51e21db40e38e0e34bd622c7c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 514e515131593fda89a91dbfa54dcefd992f7db83f8052b622bf598a78ca4a1f518fb66cac2875381eff9b7d88abff36c68489c269878e
+	C = 6e915c346e9bd28477f06d14ff51428f42a0efd276a8233706f816af7d061b6bf7deefd37e0707d1088c4be35b0dde691a66d79a25a8d7
+	reseed counter = 1
+EntropyInputReseed = 4da7a36c3184156a565fb5c150f9c5c4b376b57434f6a82f1ac6d0bf33d274d8
+AdditionalInputReseed = 
+** RESEED:
+	V = 7f50ba83aad40a609c38f08b7ae8121958397f8e2faef82870431366b4ecc07f9e2ec7d2586f99b6f613dc947d0d38a1704d675b13825a
+	C = c65d949b450e6847e268a1c8956c2c8025d750428866bc6b8ccd992f73b326e961cec4a58f859d485469dfda5304f9d05c1eba29562fc1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 45ae4f1eefe272a87ea1925410543e997e10cfd0b815b49c211e32b40addd8c99761aaf28f72040785e2ee46122bea1a3c9c692e8aecdf
+	C = c65d949b450e6847e268a1c8956c2c8025d750428866bc6b8ccd992f73b326e961cec4a58f859d485469dfda5304f9d05c1eba29562fc1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 458bd55d52eaa4152c777b7176f895945bcf209e39abd94c60e6b21a885a3b7cd342b3cbec8f29f2c3cc4dfca9312543514f9a59e989b6d64576900fda18c34a992e1ead7a4a96d3e4ac1c68cea73ec26a57a51bde8ae94ae864e7fcc988b6e93a583eb6b9a009b9e22615b370a71b159848865f52cf7336085e8e188e892e52
+** GENERATE (SECOND CALL):
+	V = 0c0be3ba34f0daf0610a341ca5c06b19a3e82013407c7205dd2b0fafd564b9c0c4c038ba9e9b30b8c48cc723e5bf624ed686fbf6209982
+	C = c65d949b450e6847e268a1c8956c2c8025d750428866bc6b8ccd992f73b326e961cec4a58f859d485469dfda5304f9d05c1eba29562fc1
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 08209cb4b12d4f33580f0aa29059a25d39132b7447abd48447d3dd9171e57adc
+Nonce = 0989d2402e30e55e10bae1f69512628c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 73a97a07d5c3b916094b70382bd537d8de0e1b8db82e78f374c410f8d9b291a92e2a8c6ec42c400b16afdbf152e06f1adf8fadf6dfba60
+	C = b2e651a84984db6a085fd6dc2dd0c4c2276197d76a2a3f3b5e9ff4bbfe975fab7180438d778a58687ae97bedb9f33afec8f8ce523360c2
+	reseed counter = 1
+EntropyInputReseed = 59b66a1a21fbf1fd03474eda8d895f4bad0b233046147962d7728aaf18ac2094
+AdditionalInputReseed = 
+** RESEED:
+	V = 7d75bbe9416c694482fa4f3ad95c33d826d458e247ab03dcbe1864b68de2cfe7cca59ff0d6470ec162fc287b6f78b05e4cb15c748a5f12
+	C = e55cfb6563f602e9fdc8c2644ed54d1055fe1010a62a95dd9c53db4075f3a60b0717533e57c51fca463c6d3f72617b127d256fd4d8fd5f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 62d2b74ea5626c2e80c3119f283180e87cd268f2edd599c5e8f6f7e8aad189f0aa88167d61f4cd52213ca9a897614f611a8b8263e68a69
+	C = e55cfb6563f602e9fdc8c2644ed54d1055fe1010a62a95dd9c53db4075f3a60b0717533e57c51fca463c6d3f72617b127d256fd4d8fd5f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 518a62c194575d3adbd6d270ed00f153519ee0758f40be05234a9bbb077730b0e78ffe0fea7f913c039a81cf1a5f51c60d7f5c56de2dea0e125c733489638ea674bf72361fe416c15d0c7063919b6ff249c4c157fc9200260e52eda3be4c2c0936aa0bc503cbd0c3e56c1c09d72a4312485f3a9240032faca8bed734f493c7ba
+** GENERATE (SECOND CALL):
+	V = 482fb2b409586f187e8bd4037706cdf8d2d0790394003040c67add08888b6957886e2edf97430d19bda991957f63a134a6fafa5d87b34b
+	C = e55cfb6563f602e9fdc8c2644ed54d1055fe1010a62a95dd9c53db4075f3a60b0717533e57c51fca463c6d3f72617b127d256fd4d8fd5f
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = f959d95b43fb81c37f802e2084b03f2cad03f71fe8cadcb626d1130a7276c908
+Nonce = 38786171d85a7acd6bb79058614ead8b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 96aabb697d6834b5c311f673e53d03c8e05fda2e356a96b6253edf65ab56c4afa27a9299204736b37015111402e4c46f3ca1b0253f947a
+	C = ab1c75ab7cf5e1fa3d275c40d23d6d9af417fb0491cc216a6aef32d4c7e8398dc4d80c6cb134c4aa1a53b18b30d6e53e92f0708894e392
+	reseed counter = 1
+EntropyInputReseed = 50b23baf30cd7d47ba0eb91a54ce31eb6325118c778e170de8e9a59062152793
+AdditionalInputReseed = 
+** RESEED:
+	V = 5b7e523e73d874ad0e722881aa04aae5b0bfd5e90b079f2a60af9efa1991ceccc5387081b22e993f5e1ce9cdcc031ed98e98478c326fc0
+	C = dd41aaea563ccb0ca5411b07c10cb5e3db83adec336fb2f6dccb6eab162636a4d13a68ba2246a2e5d6ef70aeccf46eb5eebb34072e6ddf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 38bffd28ca153fb9b3b343896b1160c98c4383d53e7752a07d83f4a43c4449fb3193780811fc3abc7d171297a60f44cf548b4eec7c7ba6
+	C = dd41aaea563ccb0ca5411b07c10cb5e3db83adec336fb2f6dccb6eab162636a4d13a68ba2246a2e5d6ef70aeccf46eb5eebb34072e6ddf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6116a4eda59acb603686df345c507b89f84c3dc2985af6d327540ecc72efca0a5e9caca2326479f5772893da404d48093ecd8d4971802547064d8a1e275a429581c8a40462da812880dd4d863fb90997f71389896fc8a820fa1f8ab835d7cbbc2b031c3ecd5e1094c741e4efc483d2fe88d8c729b79442a4d433ceeb1a146dab
+** GENERATE (SECOND CALL):
+	V = 1601a81320520ac658f45e912c1e16ad67c731c171e705f8a003d62b2208d3a2f63fc5d9306ab009d7dc583405e1d8a9ae162af27629e0
+	C = dd41aaea563ccb0ca5411b07c10cb5e3db83adec336fb2f6dccb6eab162636a4d13a68ba2246a2e5d6ef70aeccf46eb5eebb34072e6ddf
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = bc66b8d0e870ae156e030973772e021708a706124b16f391248c3c5d8da9e53a
+Nonce = 856483d8e33e8143f7458b43865e198d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4b2424b5a15d8dd8382164d54e6da08f891ae0b8e30a0f74e1a9b982a8594c2701e552a3757d7082a6af98f7681e851f72c941fe3bf7eb
+	C = f31e3406489036a185a12d59d47a42b8f505b0b99199582a2c5473783c140b47bbbf54fcdf1426b11ffd185e647caf178b4c645a7478ec
+	reseed counter = 1
+EntropyInputReseed = 9a95de457d3d82467f9e67626142466a7e0d33255a9e50476bed14c86dae07a8
+AdditionalInputReseed = 
+** RESEED:
+	V = 29d2ff7cf005c9c5403e255c620ae6b67760d564ed67ac82c7887cdbd90cd536bb82725b3ab2521d7c6dea36c11438a1f7aae45cfa0156
+	C = de4103c2c3c365a42d4a6bf1bfffba7513a604fd002959ed0a17439f4c11034a1142016785c4a03776ef4a3356450991038fe1e4bfe26a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0814033fb3c92f696d88914e220aa12b8b06da61ed9106bbcb346ec8d5f9ea9ae5ad81359c09b3987b9d734c3374c2d347a0c3fe86af5a
+	C = de4103c2c3c365a42d4a6bf1bfffba7513a604fd002959ed0a17439f4c11034a1142016785c4a03776ef4a3356450991038fe1e4bfe26a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 63752b0404ebd38ff5a5614d51344761f2ea0db39207a75569567ff917ab4c867ee34d159561d19f381e4c77f9f762af5070daec03f5323ec3e990ef8b73ebbdfcc56f2f707ed28cbb2815241ed239e7a0d5b5418230c67d508f1e263b107505dc993d1c5e677729af8cd76458abcbb08c879b031e78ee84d31b7003ede43dcf
+** GENERATE (SECOND CALL):
+	V = e6550702778c950d9ad2fd3fe20a5ba09eacdf5eedba6119e3317dc82a7bb74778b671018c9003acc69a85f714a8795fbf9819870c533f
+	C = de4103c2c3c365a42d4a6bf1bfffba7513a604fd002959ed0a17439f4c11034a1142016785c4a03776ef4a3356450991038fe1e4bfe26a
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = f6117655719a70ebb0b1092e98c989940f5e389572c280e84e490c9a6d3d3984
+Nonce = 12a88ad4b16bf73eb7f9d9adca57189c
+PersonalizationString = 
+** INSTANTIATE:
+	V = e7bfd9a8dcc1b16980bd9de9be597760527b28eb0465d2df57039d6dc091a112107dde9019fb417c5bf2576acd7ffdf86128d9213ad2ee
+	C = b54e6167e9786b5e0be203c0a463da71cb2cd73b62a1321d70069b80c091c06a36f3777dd0550e26600e8b94c121b91906daa2c1a47c0e
+	reseed counter = 1
+EntropyInputReseed = 926da2d2742ab1c9cf186c21787692d9e5d2c4bb7e3f50d1be21aa22a734a3de
+AdditionalInputReseed = 26915f6326457449e29887bc470ecc1aa9508ad5a22844a87341f95f134f57a0
+** RESEED:
+	V = 727e330991622099747f4b19c5e7422c41920bb9efdae6ceeedce927928e58f778d995bbf0341a2e3b29e424c5499e537330421d9ac56c
+	C = 924dcc279aea58652048868964ecd5f5bae831cbe24bc152589a2d1386b5f6ff964170663f63a54cf8dec5ee5043fe33b658a3ae47a3aa
+	reseed counter = 1
+AdditionalInput = ff5d99e551fab70f5c6bbcd58d9db8fadd59c1b0345add33baa00d9d0d021d36
+** GENERATE (FIRST CALL):
+	V = 04cbff312c4c78fe94c7d1a32ad41821fc7a3d85d226a8bdf2f6ea8e33a7ddba3f230a7c1aa7a109a2f9183c3921770f0dd129adcf58cb
+	C = 924dcc279aea58652048868964ecd5f5bae831cbe24bc152589a2d1386b5f6ff964170663f63a54cf8dec5ee5043fe33b658a3ae47a3aa
+	reseed counter = 2
+AdditionalInput = bc714e2bf27ced1af26189ac59dfbbe5daf58fb1c781aa0b07f657a90e05ae6d
+ReturnedBits = ea709bfde49bbb134a8304bf4b6e3e1a10b9b46fe505d7178a01d6126060ad986ce8fdf7648c04c875b6a355540724099b739c214214a4c43a775e733d22f4c63f9ec655ddaf36e40f639703bae853c2cc915701a75f8c75fbabed42c9dcdabb82f8f667a6ce77426bdd5eee1e82396fffe36676d69dba0f89181f5f3209aa38
+** GENERATE (SECOND CALL):
+	V = 9719cb58c736d163b510582c8fc0ee17b7626f51b4726b403a15671e499657a850e554dac282217ff877e1e06e3e67a4d0f79abb65651c
+	C = 924dcc279aea58652048868964ecd5f5bae831cbe24bc152589a2d1386b5f6ff964170663f63a54cf8dec5ee5043fe33b658a3ae47a3aa
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c5a9233b8da28592237ab6adde2118d00ccca9c2ebde8f8dd6c12c56cd6be1b6
+Nonce = c491aba35c9d32bba6d538e8bcb1e369
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6f4adf92ee5db960166af788a8f96db10744b3639c7247bceda68fbbdfa6de0e76d2e4cd5cb50538235499f6fe50d26cf399e4c6424c49
+	C = 35f2dfec292e4ba1c6e6c816f56f0b3bc20b9c2be73c99dd3248c81ef882ca7334bb5882420d6c8ca1aa2b2c4380d5205c72ea9ab1e914
+	reseed counter = 1
+EntropyInputReseed = 6bdca2ebe7223766731295520cd3b0441f670f67dc85bf4ff0a5a56d320df754
+AdditionalInputReseed = 08aa6bca5922cce0440cd89e62fbb5c957e834e0fee6ddf0d72a61a28ae4faaf
+** RESEED:
+	V = c0d3fa16c3d21f6baf48ce463aef8a0eb932115c0ddd480dbac1698619fd5f7f9700bb70e71e2c5b6a7ed0f8f189117003748a2e8453d7
+	C = 15e9ca6f0b0376f0c7edc193d27f76f49d6bff829e0037161e1711f78e2c0dbe338d242a8011301ad9051a06e498086105947fe25a6132
+	reseed counter = 1
+AdditionalInput = 5ca1dde786d671820561023be0cf133b6d00a3668b3120484a426151f2cd4530
+** GENERATE (FIRST CALL):
+	V = d6bdc485ced5965c77368fda0d6f0103569e10deabdd80588f3195429446e28a84417a9d2fc9d086be712aa58ffa2b43a51d53fbaf735b
+	C = 15e9ca6f0b0376f0c7edc193d27f76f49d6bff829e0037161e1711f78e2c0dbe338d242a8011301ad9051a06e498086105947fe25a6132
+	reseed counter = 2
+AdditionalInput = 328e7e4e8f504c5c5bccec752d5bc0c4ce6d8dc33c9f4e744135b24f4c466441
+ReturnedBits = 5cf6c36662dcdd73d9586d4b3ba68ff9f658863a46893a95d6ad40e0abec24c13787e29d44d5d435de282d73ee72ac84c435c72dcee59806d9bcc8e9aa2a0e5eb64817b5f4609e6656f24fef4001ddfcc5f606d68826b18dec016d1a066dfd6145e7ef509262be0a65c69a80a560c96bb96f8a21986d4f7abfe42c919c32484f
+** GENERATE (SECOND CALL):
+	V = eca78ef4d9d90d4d3f24516ddfee77f7f40a106149ddb87533ce2e7364dffff27f0c5b134af518c7ff79b3a9199ecc0a775fe140295692
+	C = 15e9ca6f0b0376f0c7edc193d27f76f49d6bff829e0037161e1711f78e2c0dbe338d242a8011301ad9051a06e498086105947fe25a6132
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = aab072aaee6cace69ceb99c31a62fde67853370842c259fe37f0817cec80d4cc
+Nonce = a91d9e182cc6bc4921e04a13ec3e34fe
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3d480c95a124e4d7d855663c8a89cc0addaad9ee9d0ffa4253360bb071263189f929534d95f7062e4e8ad82155a86de261c039ee47dcbb
+	C = 82737c05089c1e6414d052a5ee596d0e6c270a21c5d6442bc302dc07e338c26ac5e3a2e58f44442be3b32e15166976719bcbca692263cd
+	reseed counter = 1
+EntropyInputReseed = e15fc3713b65d1b2278dc5a503b52eb2547acb74121b11420b7ea0d81ea3170b
+AdditionalInputReseed = f58d367ca1fdde7b464989764d7e732ae254f278f97afccbfe7b47fb992ea4d5
+** RESEED:
+	V = 71407cf58b91e577b1bdee37d2e6353f39780bcbd4fd0b9a63225d9e35c19301ca17812f1dd024ccf3ddbdca5fdc35a9ffa3d8e434047f
+	C = 94a2811e0f3aee24ae970c1cec1e91d336d863b637de37e203c861acf8eb146a988377520e361c18b7fbae8f2d15ae2f093f0484ac2d4d
+	reseed counter = 1
+AdditionalInput = 77c0077e5f04fdddef62fac041fc4ad7985bbef77e4dfa1dd67a457a47116e87
+** GENERATE (FIRST CALL):
+	V = 05e2fe139accd39c6054fa54bf04c71270506f820cdb44feee3a3509768df3f7a795e4c68bc99f6ab3f8d94bd43fb7be55c7c29631dbcc
+	C = 94a2811e0f3aee24ae970c1cec1e91d336d863b637de37e203c861acf8eb146a988377520e361c18b7fbae8f2d15ae2f093f0484ac2d4d
+	reseed counter = 2
+AdditionalInput = e4d8d195dc9bb97d6b7dfe0a14594b4be523fcc8d656aa22ac43814e740a61c0
+ReturnedBits = ba3cb66a66a59cc3b5ce4b43b540a7ead44436d5892031c77089f78f4d6ab6036becb4562554213fc44ed561b68e3f415060888b5a71e859d800a4d28c4823c4427b31571a1f5d77b151be9affd99f339cf34d71df9ab9b145cc608d7f7fa4168b12acd3d74dca5e114444f11a520ab4e459e4648a95df81f564f434fd86b023
+** GENERATE (SECOND CALL):
+	V = 9a857f31aa07c1c10eec0671ab2358e5a728d33844b97dc55bd75583d4a02957fde34eb8e2bde0a5e7db1c4f0e6a7201292ebd2925d7d9
+	C = 94a2811e0f3aee24ae970c1cec1e91d336d863b637de37e203c861acf8eb146a988377520e361c18b7fbae8f2d15ae2f093f0484ac2d4d
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d493a0667d3d1d6f9e525549a1560d72c0351cf9922fcb5dd8c446da390db78f
+Nonce = 1fdaeb26267ea06cdd3d8e71ec7c266d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 075f6bf3c550ec0f51bfca9b363cfd363dec1fc881b4ba95253ac273f7243779f8fb841e9b17562f57b765c6b65475da8b35820e5262aa
+	C = dd843c31abadc8436267aa79141f5782174423d139a62f4c68587a431fbdf024aa4a1b749bf4a78b20904e20c9fbf72668df82d91978e8
+	reseed counter = 1
+EntropyInputReseed = 2af64031d8f4b9c1eeb14b81fb96e2693d3add8a3b72e0b14346cfd0ea04a450
+AdditionalInputReseed = aad066fa0eacc29fa14555d5ab79ffad77f20ab9ba3d114219078d99541125da
+** RESEED:
+	V = 6fc575240ea999b9c98beeed3dbce757fd43c3b74bb4857cb5d48b1c650385ff2e9cc6501aa77c3e599d76cfd739e2fdff11f7b4839b06
+	C = 050868b6d92a62ee5d1b1f87552b1aac26b75da0f0e872a661d615be21701077ff282f3fce454b426b8584031490b6ca246bc4b530e7a9
+	reseed counter = 1
+AdditionalInput = fbee74d82db11c01417a22b72fca08d83edcf4c10ed9748853d0ba33e0339417
+** GENERATE (FIRST CALL):
+	V = 74cddddae7d3fca826a70e7492e8020423fb21583c9cf9abcf95c9f5bc1b5f84ddf6e5eb26fc81e43e0261da1ba685246b6526e59d3b13
+	C = 050868b6d92a62ee5d1b1f87552b1aac26b75da0f0e872a661d615be21701077ff282f3fce454b426b8584031490b6ca246bc4b530e7a9
+	reseed counter = 2
+AdditionalInput = bc10bd7ca7ff5c0d6a011e50b03381c878b040c3f57de42ab57e7e24f956babf
+ReturnedBits = 4d1b41ed84b19634582c8c0cc744b43c4a9add9892b626687ce9d03b074c599aa6fa58e765d4d68b0cf8b8be50dd346b05cc9c588c8004cbf45a84819d16930134a9eeba74ce8e4133bae0e8fea0839748e6ab03b4831eb8197d88da7801231b71bfc258bb3831494953eaafbe5df638ff66156fbff02040c0cd0407b5a4447a
+** GENERATE (SECOND CALL):
+	V = 79d64691c0fe5f9683c22dfbe8131cb04ab27ef92d856cab0a0ee96b975403b9bf8021549bc1c5191d508c2004271a74e4bf5c335715e9
+	C = 050868b6d92a62ee5d1b1f87552b1aac26b75da0f0e872a661d615be21701077ff282f3fce454b426b8584031490b6ca246bc4b530e7a9
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ff88640139f9eeeececf938c6b39d81cd46e1c35d14d60c224cfe2ffe623db0a
+Nonce = a343cf91a4d21d83f8466c4a91286f76
+PersonalizationString = 
+** INSTANTIATE:
+	V = 661b0972b22e1ff526d51cf8a68a4e9ecbbdf94c30197b2da74ba93ac16b777f3d2ca5265064b435ff0bfd35dbb21390f62e5f77d5250d
+	C = a0f298698badd5e46dc6cda6801d626d18b3f92f7a24a5cdcb1e4c4e3a610cfe8b1879f9f6ea42fba2ca3c503a6b8866b72be77de5a2b3
+	reseed counter = 1
+EntropyInputReseed = d7fabca339e32033b3588b0e4069557564d81aae4922dd2dd370ffc9da430f28
+AdditionalInputReseed = af6e2b4867e24d0a46ff013deca274252620d5bf8c9743d73894e9b0d81e6912
+** RESEED:
+	V = d5a7752f271bf10f4ecf50139b5d61c9140147f803eca8668080077ab34a38fad221b1513c4d6804122ec3eaf181b32f8e11b7883f4b8e
+	C = 070c78c927e584b2b447db836d4fb566f7d01c695ae464e9cbc9e081ff2e14dc7fecdfa8ce22df8ab4c9b77f4b90ff467d1b3173d76597
+	reseed counter = 1
+AdditionalInput = 55a4694e4b3a1fe22ef8390fc5cabb3a787e2f76bfa47c302229cd14ecd187c0
+** GENERATE (FIRST CALL):
+	V = dcb3edf84f0175c203172b9708ad17300bd164615ed10e9c9e6d9e59753882735f751be09bcc5548a49307dc607d40cfee8655c2d54070
+	C = 070c78c927e584b2b447db836d4fb566f7d01c695ae464e9cbc9e081ff2e14dc7fecdfa8ce22df8ab4c9b77f4b90ff467d1b3173d76597
+	reseed counter = 2
+AdditionalInput = 685f6de2e4cd3351c266d5c721367875a955ad4f898b08f022b635d240d59d79
+ReturnedBits = fd55f15d8eafdef6f9eb31299a2feb2aeeac2f4e5e8278052c438f86e8c4ca85cf0952f87486f967e65c4c17886540efd837ee89ab1c4eda9cdcbb5b61e331a9933593e8f8d31a90e7579fd446ddd1412cbdb15f813f4b95a7a33b937c0091ab4aed275e8a4bcc16d7266abf9330f5fcc3434f0b496fda2d6e9e9ed1c84365c8
+** GENERATE (SECOND CALL):
+	V = e3c066c176e6fa74b75f071a75fccc9703a180cab9b5743c5eec1764bdb30bcfff1705027b09591473784b2243ce06e4e0a58580003e78
+	C = 070c78c927e584b2b447db836d4fb566f7d01c695ae464e9cbc9e081ff2e14dc7fecdfa8ce22df8ab4c9b77f4b90ff467d1b3173d76597
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = c2fbc8f508c672b679a5b5abfe639064672bcc2392bb7220e076f1cee032fa5d
+Nonce = 8166224e53856be7ec8b76675115892b
+PersonalizationString = 
+** INSTANTIATE:
+	V = ce726981d0236a85936e49f7db7daf4a10b644e297930759a87f1c0a00419617eb7bf04f524a27976e3b144c77e55bcc186d9abf4ae86f
+	C = 603f18a5399daabfb979af005546625bb24d5f0e7d17ef831496d1b342817b11d1b424e498ab1e7bb636e2020318c62a9d9588bfb9f719
+	reseed counter = 1
+EntropyInputReseed = 46b95fc97ba24996a020be9a109967551401f315de3813598e89dd50c2fab6bd
+AdditionalInputReseed = b6132031568e9966b1312d4c3f2f0bb2372be025fb1fb173fe6c60d87342f84e
+** RESEED:
+	V = ceef10cc0d7b360977a4f160572ed873a52159f4a0242da9eafe4a362d85b58c0032501db28ac1f6da59c75df53f1608b6aba002a69124
+	C = 95e46fb702c71107ec4f9fdbb2b2c3d6373d81d06144884783edb38cc162c47d9015f4111efe0ae597f85131747499687c8e430951f19e
+	reseed counter = 1
+AdditionalInput = 7139de54e0796be4fbe6999d7bdaca7af6760061a7b71823dd2ae6074468064b
+** GENERATE (FIRST CALL):
+	V = 64d380831042471163f4913c09e19c49dc5edbc50168b7cc2881d3dda5f3bc0157a13d87690599666149cff658f4d93aa2475124319302
+	C = 95e46fb702c71107ec4f9fdbb2b2c3d6373d81d06144884783edb38cc162c47d9015f4111efe0ae597f85131747499687c8e430951f19e
+	reseed counter = 2
+AdditionalInput = b5e0761ebef794f79fcaadf0bd6ef06c947c7196afa5d7f4a252c229d304f6a9
+ReturnedBits = 50cf7a63c6f4cf48b0ef0ee3723d9641527a9d3bd89b8c705a08063404530aa2824342552f86257b19e32d8c9db621443f349496465f11460508cd72ed9a1807a4753f05fac4e57b9a3d78132539d432c7ee26c4d3e54ad82a3499179772b92f30f121820f18a47c52a2546e930c7a3d061755b57c1b828550de3f3206b23743
+** GENERATE (SECOND CALL):
+	V = fab7f03a1309581950443117bc946020139c5d9562ad40fb15f659efec309af870bd0791b12ff348de6aefdd8f5469f08265cc72a091d4
+	C = 95e46fb702c71107ec4f9fdbb2b2c3d6373d81d06144884783edb38cc162c47d9015f4111efe0ae597f85131747499687c8e430951f19e
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 917813b04829b1107846e393b11bad96636a4ef9b486ab672ff493a9af85f36f
+Nonce = c6437422bebffa22b59e652d30c75f40
+PersonalizationString = 
+** INSTANTIATE:
+	V = e882154c3405ab310995dd5a3808c55416664bbfe6e03582659bf346eca35f42a85f6ac3ea7e57b4fa96fde9707c57659a62384214219d
+	C = d5fcd92de38a736731e9efea5a35ed41ff040c563dc5091f954441d58d59d5d88ea23810b400d18a8e1e6caa1a1fae5562889c0140ab63
+	reseed counter = 1
+EntropyInputReseed = 28d38078f7c45140a18cb7368f760d15dab36d59bb5f016618116b551e77e21e
+AdditionalInputReseed = ab973ec337fab78b29afea6428d7f1ce78946505f187afc5b1f228bbbabeaddc
+** RESEED:
+	V = 37733806905471c4907d918563d25aa088b6e720a5e2093a20a2a295b63d306198b4ae7a9a94c6ac701fa1a192e91a067426abd79b07ac
+	C = 47ecb4dbf5169cf306fae3bb3c68bb62c33b2758216b01688f3d5a326cad66843d567e960700076bdd893ceb248b6f721f7879d5bcc271
+	reseed counter = 1
+AdditionalInput = 2c3396078a2286248b29f352961584ce6dde177ece2497aaa9ad977f24601746
+** GENERATE (FIRST CALL):
+	V = 7f5fece2856b0eb797787540a03b16034bf20e78c74d0c0125c2857a76b44274c768ff3f6b4355ae09d5bccd3f23bf8f19f7f19968fbeb
+	C = 47ecb4dbf5169cf306fae3bb3c68bb62c33b2758216b01688f3d5a326cad66843d567e960700076bdd893ceb248b6f721f7879d5bcc271
+	reseed counter = 2
+AdditionalInput = 0241acedaf0bb42792d47fd62fb0ac67eb14d4d95a91702fe451854d83941654
+ReturnedBits = 1948c39523438cc19076c41c419c37035b5f241fcc7ced61274f042dd9d339c9275882e084d107d4b3168a084bc4fe3212e4c878004e34ffac64e84e872db27a838c4183f50c9a4d5a3d54fb81c788511e1de9177034b499c5125e676d072f4de285ed1e3c42add4b4d4574724212ed1f2ebe382bdb4e134c167e7248fd9a078
+** GENERATE (SECOND CALL):
+	V = c74ca1be7a81abaa9e7358fbdca3d1660f2d35d0e8b80eacefa22ba790a3f31b34927e085c4fa29e9e248e69089f180b76bc6b9f8d572f
+	C = 47ecb4dbf5169cf306fae3bb3c68bb62c33b2758216b01688f3d5a326cad66843d567e960700076bdd893ceb248b6f721f7879d5bcc271
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 48532f6b35fd7599b1696059f806f0bfbc77c2b475a16af917eb9bbf611998e1
+Nonce = 5492f42699e6ef1b597d26b713bd0969
+PersonalizationString = 
+** INSTANTIATE:
+	V = 67944e5ba6ba8af6cf23adc69a3cc95b473cdcab5741bdd1c0fe9bda0d15aacea0a3bec636b8f13fbec8253af346d381078e6aa62f2012
+	C = 88701719cf7134d7b404ed94e664c5d6db159125422c8040cbac77fa298daf89a48c5fe5f5cfa3eaa99e00b80a8c81c248bb5135c66f1b
+	reseed counter = 1
+EntropyInputReseed = 884601693cf65509d8a753dc766f84a5fa19ed94db6ca30b29a196bc85d96665
+AdditionalInputReseed = c8094f9012b23be76619cf53e69c06b3fb653c400ff85246e70f8e3676048fb5
+** RESEED:
+	V = f7792f6cf2ec620b1b4b2aaed910c265568374e388530f7558aefb4af58d59f6898db652f9d31e3e20ed422a696915920f50ac1fa6e1fc
+	C = d43a9ce9c5e7a42235cf77a5039fb4913f2d70e5bc0bc955c13f438f5db634c05cc4c085e8641b982986ff4044ea81bd0a34a26196e3a8
+	reseed counter = 1
+AdditionalInput = ad42e11be73e2b70c7e01807bb6d537d4fbf400d559d3afb1e664c8c7fae8840
+** GENERATE (FIRST CALL):
+	V = cbb3cc56b8d4062d511aa253dcb076f695b0e5c9445ed91cdfd09a35ca50d8861accbb6c234b34fd81efdac6447a3934f23e9ee65ed9d7
+	C = d43a9ce9c5e7a42235cf77a5039fb4913f2d70e5bc0bc955c13f438f5db634c05cc4c085e8641b982986ff4044ea81bd0a34a26196e3a8
+	reseed counter = 2
+AdditionalInput = 4bce650b78e5cd8bc0c730a35522879851fd9ef4db7a3cc0e630d81955b4d8d8
+ReturnedBits = adf03da03e3d7045f7c7c371cfed6de783c0644a9c2a9e744bcc629ee5e5a4f2dc171ade98b30308a5ca8693c62dca292e25bb699427680aec6aad8b07c635ed0e4381232cf48fffe2df55cfbcbccb8c4fd93e21cefbb79d532bea27725cfa5119ae34970d16fc0e7f6804d4940d3b4aa0aff09b205550ed2d7788ebabe6066c
+** GENERATE (SECOND CALL):
+	V = 9fee69407ebbaa4f86ea19f8e0502b87d4de56af006aa3c0ec7d017e25cffe33e9dc6c9dba83e3c727739f746c1cc12b7a3fcada6589e1
+	C = d43a9ce9c5e7a42235cf77a5039fb4913f2d70e5bc0bc955c13f438f5db634c05cc4c085e8641b982986ff4044ea81bd0a34a26196e3a8
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = e63c3a992d0109b711b5145b165cc3f6d534bc12fc8f93badf16e35eed832153
+Nonce = cc830654285b47fd1071f880c1b8c4c2
+PersonalizationString = 
+** INSTANTIATE:
+	V = a1965438af8e7397d55873adeb586828dd1601771511ff044afe432816c51a91884d4676a2f26c225559faaddbc536f1c37ed2ed460c0a
+	C = 0914f3c5dea1f516768725c8362419d1fedd31eb80f994414447b58a996762b941f203a4b3eb50c2a1486f61a4e2fa6b3062ed5d4f53f2
+	reseed counter = 1
+EntropyInputReseed = 400936e777a9a763ea04d95bc12bafc05ca0236b43beecb3df3d6f29dcbdcecf
+AdditionalInputReseed = 9b6ee86bb013cdab92f532f0d140c66a6beef13e9fdb377fb0a1c991e1954eb2
+** RESEED:
+	V = bf848a0cb22f5aa66a7c5aa030bd928e480fcb6488caff75f05520cfadecb78e784ee4b3074a022c3b59bc24219d9b2af2969ce36059eb
+	C = ed2a7c16a41ffcc9bb6de653e2e528070e120a35e9a4263fba9b9bfb504a4eefb9acae21df4da94dba9c49678f97b7288db001babbe8d2
+	reseed counter = 1
+AdditionalInput = 4251a7199de88d13c84eb61f4d7dffcd7e69ca6c6ce7cadad24f5ba23552938d
+** GENERATE (FIRST CALL):
+	V = acaf0623564f577025ea40f413a2ba955621d59a726f267fe7cdbf517b6993a50a74dad474f68f48c526819bd16698b2306ff7c4004d97
+	C = ed2a7c16a41ffcc9bb6de653e2e528070e120a35e9a4263fba9b9bfb504a4eefb9acae21df4da94dba9c49678f97b7288db001babbe8d2
+	reseed counter = 2
+AdditionalInput = 8f93301cfb47a030fb2bb45953bfb82c970f929ed3f06566492b588503e20630
+ReturnedBits = 1a5fa69b24ccc564b1f5db84a832c429144a9d86e44010d24e58d2ee5bae1b06ee87d766782de53e8f6cac88a714c6b36b1dbe4f76f0b4086d5fb0bb9afbecca21d6c6c01804074fe104be0cdcafe9dafb250047d28ac71d9947596ce9bbf911060d05c73c3968b4ab05908a3a18029ce062ee4e46036e74d1759ce6b8dc2e95
+** GENERATE (SECOND CALL):
+	V = 99d98239fa6f5439e1582747f687e29c6433dfd05c134dd515e11e8bdb07dfe05a503db1549365cf0204aec941238da83bc99cddcd3a37
+	C = ed2a7c16a41ffcc9bb6de653e2e528070e120a35e9a4263fba9b9bfb504a4eefb9acae21df4da94dba9c49678f97b7288db001babbe8d2
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = f39f470f2ad8a377038f1fe3be35e224b347fae9a86298a9193e7b1599c361c5
+Nonce = 7ca134873a40e2409c6561398432c684
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0778204aea5e336b8262478d365c1eea2d3e12056ed5379ecb147b45c6e669fcebb5c91e697cb57b46c47f8f16e4c51676ae5055061f1b
+	C = 3c122f648a8974cd9d684425e7d2e79cd3356d07aae5e917a90aa324ecc0661b729b8510bb8556deaef5106429c799db2a0e4bb88dfc5f
+	reseed counter = 1
+EntropyInputReseed = 1401ea41fdef051cb583c011afed8d607636088abce0e80869b94b4a9a7b7b7e
+AdditionalInputReseed = 321b9d2e92e0c8c4e20abee42901b6ff5f29c819b2fb2730bfbead0037ac8cba
+** RESEED:
+	V = 19b4eb40155f699e56190dc7546a0d4ce8d63919393a56bd65d66ddabf79c2800f4ec59b37789b365d3c4bc8f9ef3847bf3db617b851d2
+	C = cd991e1494d425f4ebc843260446f5fe0fe7df9848aa4c236fa1de7eb233c48450ea36f85a1c749c01fa8f2a86894876a9ac3d3c4458f8
+	reseed counter = 1
+AdditionalInput = cab2f8102d96bef444cd4846372d26b7d1f65574ce235e9d4f08501a36fc929c
+** GENERATE (FIRST CALL):
+	V = e74e0954aa338f9341e150ed58b1034af8be18b181e4a42380226b332c56f7acb13f4f5e699b43b113175e7e9d980d43e84610891d0d23
+	C = cd991e1494d425f4ebc843260446f5fe0fe7df9848aa4c236fa1de7eb233c48450ea36f85a1c749c01fa8f2a86894876a9ac3d3c4458f8
+	reseed counter = 2
+AdditionalInput = c2992b05ab4e51847fa8d7537120ea77447c0fde5335b80fe00f660e50327e8b
+ReturnedBits = f2371b23bf165844c77f5c44d4b96449c8e994f62ab6828dfeee337dff5261a45f7184743deac217322880b9dc402ece17d875e3fe1c2e90dffe076a5ca9352798370ee9b2b717793b73313f1272b3b82a4975519636cba2600df36225ea82bdca15f8dea589e95ec81b850a3c70d7e6720df1aaefbd2cd9df16419cf74350a6
+** GENERATE (SECOND CALL):
+	V = b4e727693f07b5882da994135cf7f94908a5f849ca8ef1b44d2d961409804f27d02b69129fdae3e4ac4daebf0b289bdfa65a019fb505f2
+	C = cd991e1494d425f4ebc843260446f5fe0fe7df9848aa4c236fa1de7eb233c48450ea36f85a1c749c01fa8f2a86894876a9ac3d3c4458f8
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = d5d7f5e305cb25c55530694e8fd393159a1bd586e7f2f05e9c24e1be8d944c61
+Nonce = a05743dff2b6b06a4433ed8f514a8245
+PersonalizationString = 
+** INSTANTIATE:
+	V = d31886f6a3ae4c255987d607901e36488247cd94b22f4b3f5b639b7e81fe843d5fb0b37b47248bf08dd3fac7a9ce9d35c212cc9c842257
+	C = ab8ed4046a2cd3c144e71b6e8f6ef1518317d6b1f311994f31a6810e9caf5acc13d208896bb42f7dc21a5406e6583e3aad986af9620e90
+	reseed counter = 1
+EntropyInputReseed = 44dd0a3ff0d4eff18058ea7f4bf0d7a1907601e2b00b8402d8987517c54f5e67
+AdditionalInputReseed = cea2e5c75c58322eab0a07854b6c915fa853c690082a1377fe3d91108ec9623c
+** RESEED:
+	V = 4e15b4b1f18ab029f2a10713e5c49d480bbbb46026c9610af63fa64679eeaaa0d46381548c01a6805e1b1e75cc478909188ed09c9d34f7
+	C = 467231e208612c15f2bb45436ad947fbe19f4426d038c7f6025a30f1eb9eaca4ef7e081d232e1697265f5ace77bfdb87cbe4680b5ac39c
+	reseed counter = 1
+AdditionalInput = 84c8dc9fcddb61be84e26637784d8238f5ded6d3318ab3160dc0129a251232c1
+** GENERATE (FIRST CALL):
+	V = 9487e693f9ebdc3fe55c4c57509de543ed5af886f7022aa433d1d5a7958850a79e15ae606bdef2849c5523bff5db9eabb836a468fbfe48
+	C = 467231e208612c15f2bb45436ad947fbe19f4426d038c7f6025a30f1eb9eaca4ef7e081d232e1697265f5ace77bfdb87cbe4680b5ac39c
+	reseed counter = 2
+AdditionalInput = d7d7fe696844151a104f98841728bc6f7e167242242d8aed70c55c96f2d59c78
+ReturnedBits = fc252328547c457ca03e2c1b72de3f5af2b874cb60ece7c349ef07f41ffd8748e2590da44fb458a90693b28aef29377f53947d9309f2c882ba1cc036e87bdf35bb61cca7374ecf4826f32fb71d3dc968822b3f8aba0c904d87ea6689bab1782d1b51af666a5e918cd4859a3f9a9ef29adc03db21ec02abbf6ae2e45b6e200c41
+** GENERATE (SECOND CALL):
+	V = dafa1876024d0855d817919abb772d3fcefa3cadc73af3e51837e2cfe466ba374a9c6e85fc98bd2dd47d2530a902843b55014f00080460
+	C = 467231e208612c15f2bb45436ad947fbe19f4426d038c7f6025a30f1eb9eaca4ef7e081d232e1697265f5ace77bfdb87cbe4680b5ac39c
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 386479990cfb1fb640f569c224a00fba156c1b8a7c83880f2bfab5bf32d5e122
+Nonce = 30503518ab22ee9a30e0fcf444ef8189
+PersonalizationString = 
+** INSTANTIATE:
+	V = b2171eb51ee489ad249433e460acea7cda2c7d0a403c40381bc196c5e0408680c2eef339011a22256f7bd33be89520d0bac0fcc6f3da48
+	C = 610f6de34780256ddc206042712fb4dc116e5dc41f5c7a45b95bda56ef9874258a37b87506f59eb58b70ee1b1e3ffe5718d4cbe3c35cc9
+	reseed counter = 1
+EntropyInputReseed = 256442c47aa458eb586bf4b3c866389eb591612b15a926ed9b2493f2e65a4d55
+AdditionalInputReseed = 914758ccc203737e2ad07dd989b24a60add6b4d3b4f3968c69b0a1f3dc1108ea
+** RESEED:
+	V = 88bdcdfcd0cea5e1eb5ad5849aea206cd792c39572442a8cf5ad4a6d43c67022c502f3dfa179f73b06abab293f51b991e58dc8e2a8e0df
+	C = 20a7869c42300b70804a7784c7c7a3e9e49f9b608705b99b810f56b061ead2b0ec5c6e4c59b5f48e67e041ed91886c976ca94b5c7f8ce2
+	reseed counter = 1
+AdditionalInput = d7e5221550d450f9c2543b3a022b576f56f311c54c13cc19b95f7f27d911f04e
+** GENERATE (FIRST CALL):
+	V = a965549912feb1526ba54d0962b1c456bc325ef5f949e57c9eb98132835e68d9977e1081480671c637ba58cd78daba33b6c5157f155550
+	C = 20a7869c42300b70804a7784c7c7a3e9e49f9b608705b99b810f56b061ead2b0ec5c6e4c59b5f48e67e041ed91886c976ca94b5c7f8ce2
+	reseed counter = 2
+AdditionalInput = 9c9cfaecfed9ef3e73c73d853f6df215de91e979a1d77650be304d1b75e099dd
+ReturnedBits = 7dedb5fec4fa835d59b63bde237f5a2011c3ea142f8d9bd0121fae176e0afad481d9abb194ebd6378bbd28f3d1de29dec4f59ac22dc152ed04c6d4ee64f65cc91765dfd9ba45b7207d080c23ad7bbaad41dfdac6170222196564bf399c2774d37a333686f7f16d144104522f75048430f7ac49d63f65442997eee8ba0d70bb2e
+** GENERATE (SECOND CALL):
+	V = ca0cdb35552ebcc2ebefc48e2a796840a0d1fa56804fa0187c710077850a09c4454db7e364db0627d62a54dc92cee4dca70b69f75ad5c5
+	C = 20a7869c42300b70804a7784c7c7a3e9e49f9b608705b99b810f56b061ead2b0ec5c6e4c59b5f48e67e041ed91886c976ca94b5c7f8ce2
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 1431c496ac7a9bceacba9c7b4255a70e10fe49223d6496176f0f343f35ae75e1
+Nonce = 68d302f51fdcca107c2c0986fda88a1c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5437afcfadd506d19e0bec768b28b38f95e32f292d7fae45cb6c33458911526877dd65fa8c9cf0d4b4bf7e7b7858e7f07dbfb2479a16a0
+	C = 171bd9c85daba27924fbd4822c817859d194f1c19fa6f0a39c41393eb6e03c1244604b1813fbbc6d0e695ec20725334e09b67f884592c9
+	reseed counter = 1
+EntropyInputReseed = f2edcda32223c8079a936297a902a6b44aed7098983e7826091e99d7ba069f0b
+AdditionalInputReseed = e1878b5ce7f14fda147bbdac11109ad541ab96537791a9b924c0838af752863e
+** RESEED:
+	V = 058d126e8df3a26211877458be01c062cbd7b1e701dacfa1adc45f624ed79cd1069c0b7f2eed79ca0c547c7b71cd5b9c9b13b9f559269d
+	C = fab224b77a9ff5415a6a02dd4bbd9c6ff815969018421606ddb7c8c3123ce8a88f22132b124709979c2a6b4a4645dba6a9df47b7970afc
+	reseed counter = 1
+AdditionalInput = bece2a7046131d6b8311d12e03853a96d5f3d46ecaf06424335f131968ca7415
+** GENERATE (FIRST CALL):
+	V = 003f3726089397a36bf1773609bf5cd2c3ed48771a1ce6b57adec10b262148891d1253952da9666331dce7b6af0daabbefe777f6739c34
+	C = fab224b77a9ff5415a6a02dd4bbd9c6ff815969018421606ddb7c8c3123ce8a88f22132b124709979c2a6b4a4645dba6a9df47b7970afc
+	reseed counter = 2
+AdditionalInput = 6045a8e8ee3b2dca319cded3ab58bc63bcf5b9ca42413113c395a3216bb483e2
+ReturnedBits = 2ffdb106088615ae0eb1a88b191e031da145238600d591964fe2fd73fbabdabe097102ee8aa0c45c3407203c79c56e21193a3932ccf6a4fba9fc69869e5f4f52fe73b8c530ab9ff568f994538f3e5ed440558d960312f91b3914b326b1c1f1c5818b785c34932d361f17f423475acc7e2760aacb0c0c517b090a751ec50420b7
+** GENERATE (SECOND CALL):
+	V = faf15bdd83338ce4c65b7a13557cf942bc02df07325efe32612c8eddf4021b639a7750020ec9dbd5bd93c08a8f4d8440b9c64ada5aef2c
+	C = fab224b77a9ff5415a6a02dd4bbd9c6ff815969018421606ddb7c8c3123ce8a88f22132b124709979c2a6b4a4645dba6a9df47b7970afc
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 5f794e6a03946121688854b6b5397a1b89e758ef8abf0f814a3ccc84bbc8cf67
+Nonce = 7b88dcc3dbd0f1f87ff2c00f17845fba
+PersonalizationString = 
+** INSTANTIATE:
+	V = f0ddbbbc8bd42d6cc737347526544bcc392f9d1d07c440a3aa7dd9e1ad555b212df53ab277e454bb41a6d834fcf5a952542f3e181c0034
+	C = 674ce53afe05cd535f3d28b1227819f95e391052f01e5d118e5333cec00c41a37cb4d410741649c37e5efe91e85a22fb8f57437baf4d14
+	reseed counter = 1
+EntropyInputReseed = dee413cb76b53c90a3bec893c7b5f53c706086a9d0e10a2559f90408fc6ede2a
+AdditionalInputReseed = 6a9afc80763990828d3153271e76981dd6c16ba808c80c34a6f9afcf19cb6174
+** RESEED:
+	V = fec909eb1c0e6ae05cf6db00e7f89803adb5ed2aaee3dbff65d1ab270cc1cfaa5c951c9ac8223c726b2072e3d0ab48b4de35876a5d3edd
+	C = cc35a0d0a6c01e41f29d3c32b2c5c211d6ef6532af4eda430f98e3b77c6b4847fb172ad7074a3b3978df5b7b869cfda731c67a2189a4c8
+	reseed counter = 1
+AdditionalInput = 21a8897df9670fc7f2d90b0f9ef063a1b832d5c83b91769ba10c65955b90f4bb
+** GENERATE (FIRST CALL):
+	V = cafeaabbc2ce89224f9417339abe5a1584a5525d5e32b7a38a6a8bb240dbbc589d0e9976631127adc21b800f4dc1d5ff934177562a4de3
+	C = cc35a0d0a6c01e41f29d3c32b2c5c211d6ef6532af4eda430f98e3b77c6b4847fb172ad7074a3b3978df5b7b869cfda731c67a2189a4c8
+	reseed counter = 2
+AdditionalInput = 44d1c3b4ba4d56d391fefc01ddb3568ad204959867ea88002f34d701f68c7ee8
+ReturnedBits = 5afc0393c62b236d7d084ba970a4f57eeafcdaaff49e565c441cf74a7afd0cc6d9ce498db1771539493911cb770d4151f67acb4ba2f5e047ffb7cdd6ec9b24404e8bb5ac9a1a42be323b9f625847f07ea0dfcda2c2535d00665ca93527db9f6d9fd91e516fe0276fb399b3ed05fb657992843fdab5339d49aa5e71cb2a649f2a
+** GENERATE (SECOND CALL):
+	V = 97344b8c698ea764423153664d841c275b94b7900d81929d59974c839d3c8fc896dd5c51ca5f2e8b7b9a93a9faa13e58d09d7b33681fc4
+	C = cc35a0d0a6c01e41f29d3c32b2c5c211d6ef6532af4eda430f98e3b77c6b4847fb172ad7074a3b3978df5b7b869cfda731c67a2189a4c8
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 2a5644232a2771fecff696f5b6e0294e9c4ddbc86978c10a6b821bed8201b6f6
+Nonce = bcf79360f2e91e5e47c618368a54a73f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 86b5faed74a00eeb8e997e9726d80559fe22e7fe06fa876c37b8a718299a2ef45255a5d306349b1ff5b8bcb81fba583477c55b86124b22
+	C = 9fd4c36ccc2dc3a52185a90679490dcf679764176d57ee0af7785bc6da0fbcf65ee5ef5888c40d275134b372b9dc993ae6b1ce850adbb2
+	reseed counter = 1
+EntropyInputReseed = 5ba9413341665e3678d5d9113dbe4291d260edf3b566a1ba8d20d8f84d978786
+AdditionalInputReseed = 736e65f392904c0b8b1ecae78421d9dc68fec9715cf9e055c761e962f097b8b4
+** RESEED:
+	V = 43472c398ed071aac3fa3b74e200040884d43357a0e432087ac1cca5fe28de55433d0406b7e8044ef283e5f826b12fdc1c6362643fc7ee
+	C = bf4ec1d9422b40b2d7b240d95f9a6f5a2b8fb9a5f36567662b97689c1ddc33afa494e6c9565bdbc236ec1cf4ed0ebf0f92c0a4813299c3
+	reseed counter = 1
+AdditionalInput = 502a0b889ab2773207b50420e7c55566affed70d0eb1b03419c1e94b078c97e9
+** GENERATE (FIRST CALL):
+	V = 0295ee12d0fbb25d9bac7c4e419a7362b063ecfd94499aa1152a53492fd9433064f2167d930bf80af35d09dbfe3695545f85808bf8c795
+	C = bf4ec1d9422b40b2d7b240d95f9a6f5a2b8fb9a5f36567662b97689c1ddc33afa494e6c9565bdbc236ec1cf4ed0ebf0f92c0a4813299c3
+	reseed counter = 2
+AdditionalInput = 45c1dbebd32bbf5e2196a61ad75986b29395b9fb6729a697afc776cda4b3ef2e
+ReturnedBits = 9553738e3c63026e78ea7dafeca517389e292f949877d630029e3f0a2d805d5027e178c10b36e54c5b462207531fda07850db6512ccea3530162555e805f6675528a2c677e237842e2edbdc1176f66cb11c3ce49618c98c7ccb77ef5d3cd433c52608de9f1218d0f92665d22f01c54c2dbe1a9d6c15cabdbaf253fe23b7203e3
+** GENERATE (SECOND CALL):
+	V = c1e4afec1326f310735ebd27a134e2bcdbf3a6a387af02db57fe02ff8b38663fad340e125684e109acc922c4f8d388de5e550edcc8374b
+	C = bf4ec1d9422b40b2d7b240d95f9a6f5a2b8fb9a5f36567662b97689c1ddc33afa494e6c9565bdbc236ec1cf4ed0ebf0f92c0a4813299c3
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = b5fec6483d7cdc74c6c9c279e79311fca9f323d931db499794ce09004e1228f3
+Nonce = 837e5e3d05643f6bde744721692054a7
+PersonalizationString = 6861cb769312bcd7037a3de8994188db143e290d9c00c2ac8a7f09af3fcbe66a
+** INSTANTIATE:
+	V = 4e8bcc9c6464c8c3e798beab813d5e7feec6e5d22dee96bace8c1ce0bde3f88c8bf7f5e8e5e4867fc29b0642151c27f4d5ed72d7fd4dc1
+	C = 42f6025e29087c858915a0d1743f4cf29e951395d7e4eb22bf6b813d0b3dc6b5e085126f422766adbca7d699252f1548c7c5e38302a5b5
+	reseed counter = 1
+EntropyInputReseed = b734ab49d73d7b2ef08490d82a1d1189fc8dc1c5f115e173906357e91a8c4a8d
+AdditionalInputReseed = 
+** RESEED:
+	V = 4c1c1f9c9f77953b5c51d3ec2b91b3d1ec5f10183426c946ad188db883eefae55e097811426908e6a7995b1d6ef15e5a8b845f9d046173
+	C = 1ef418b86e486ed044276eee069fac9d695a7aedc9c63058f8542e479f5ab4cc30b3ab32672ebb64f92ad905545d0d2de3650fe15106cf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6b1038550dc0040ba07942da3231606f55b98b05fdecf9b5d90eda5d1640c4678ab8056889a7592d660ee92ec5fdad23d45a0bc3edc2e5
+	C = 1ef418b86e486ed044276eee069fac9d695a7aedc9c63058f8542e479f5ab4cc30b3ab32672ebb64f92ad905545d0d2de3650fe15106cf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 879bdbadbed240a1ce2e39de864bb480c97cfe281020126874f9394a985e0e019e723f680d764cb35ba32355ed666206c181df80ce6f79be3345e7f2f544017ad1c6297ab7ad7cb62548216ea846f0cb73d7a21de4a12b18224679143f99b7afba2f9280e4c3e0dc70d00ee00cfe24033d9cd2917a9517065fbb8d5ad6395b75
+** GENERATE (SECOND CALL):
+	V = 8a04510d7c0872dbe4a0b1c838d10d0cbf1405f3c7b32a25b6e9de2234c2bf4e8c74bce6090ac3af1eae9f81322dffd7c7d21e455dee0d
+	C = 1ef418b86e486ed044276eee069fac9d695a7aedc9c63058f8542e479f5ab4cc30b3ab32672ebb64f92ad905545d0d2de3650fe15106cf
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = cce1b49b5751310cb61cf4ea9a0b1350185b82678c23288c67ca624697dfadee
+Nonce = 7744f6276622810d3fd69ab68dc18733
+PersonalizationString = ae75fb4d85c65e22b2a7ac5c1c2628c593ec612e541da9d5a5e1efcdb8a1fdf0
+** INSTANTIATE:
+	V = d87ee7aee7193d59ee6233e7f002e1dae389f02a4380d97f0f51cff505e65e0c51846e99a1ab1509f271e18091d456c11bf22b76a8e21c
+	C = 20c7c66501483cf3a55d7e512caa8cd4797864f047ef4ca14b1e8e5207e1e788bcadfc1ce5a2286d4f73df3cd128fe7cb83f74dc4a7022
+	reseed counter = 1
+EntropyInputReseed = d8f8e0f0b61c8570c3dcfafad65c046f8efa569bff9a62807a004b69cf9b7053
+AdditionalInputReseed = 
+** RESEED:
+	V = 5a751c259a567a9563a54c37a426c1074a299af3ff386b30cd0e13de07ddc72669f78eda4253d061a8e716b5b8f05bb79854e42cda549b
+	C = 19dd12a8dc3c4732936ef60b4292366d06f85c71804edeff9f6e0dc6fee31da3e89a0eb50140d649e4d2e84ced0163b5ba95e4f6bf0a51
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 74522ece7692c1c7f7144242e6b8f7745121f7657f874acb523166aea8735b33cc591bf826cd7151a07a9ebc04c6f86ce0ff28339e861c
+	C = 19dd12a8dc3c4732936ef60b4292366d06f85c71804edeff9f6e0dc6fee31da3e89a0eb50140d649e4d2e84ced0163b5ba95e4f6bf0a51
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 278234906ffbcbdf5ee18e4e65a7718a57e34661628a25aba05c4db98a277e3cd833f4a5ea556af01af9b6db30da671ca1d929da1781168da45ef97d6b118b1c251c164b03f2607bc50ae05fc2fe091362e09cf6401b374bbd92345d0e7df098e66099fe1009d263f0eab6226e71b110cff8a7d26c2d64cddac1e2d6c0ee41fd
+** GENERATE (SECOND CALL):
+	V = 8e2f417752cf08fa8a83384e294b2de1581a53d6ffd62a90a92ef98a706c0e0e2565bd35b10b48a23ad8adf6d0b5aa224d7180940cb826
+	C = 19dd12a8dc3c4732936ef60b4292366d06f85c71804edeff9f6e0dc6fee31da3e89a0eb50140d649e4d2e84ced0163b5ba95e4f6bf0a51
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 67e238bea9338e6c0592fde45165ce9c865a294ab178db7216a4e4d61cbf9a52
+Nonce = 140863215ed4c6d03d11adde69bc210a
+PersonalizationString = c0fb641ba485266eb1540bf6b15a2a688e278d95b4e3185e778109c4a9dc49a9
+** INSTANTIATE:
+	V = ad643f2a4ae80b256ca225fbb073eac8c293481456d5900deca90a3aad2e66fd108c04c3d5459f9ae2df45a139fea8b89a95c880f0e8e4
+	C = 1173b3258b5b29a826242acecc7d4fe5eb6295a80e89708674336fb5fb16f8a2d8681fbdb8bd88271a99ed7bc99eda93c6482e38c98f24
+	reseed counter = 1
+EntropyInputReseed = a9a53df4b264b8cdc885bc21761e504182376ab10091a8b57aa79fa2f95b3545
+AdditionalInputReseed = 
+** RESEED:
+	V = ca55a4ccfb497c76024e8113edbac3b8f2a5b651c0548f620e0dd28c41e536d0ff0700a756d59d5765c3a8b2b774a41a6acad6f2193557
+	C = 9b4a5f5793f696502f657385947a2e1b30a13c1873eca6e20ab850aedc87ae9961e4daa86ac49f642779b8a4de0c0efeb290aa9d9fa803
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 65a004248f4012c631b3f4998234f1d42346f26a3441373d1ca19d99f864bcef22f17936b92644617c19bae92ffb08b7e0cf60aa97689e
+	C = 9b4a5f5793f696502f657385947a2e1b30a13c1873eca6e20ab850aedc87ae9961e4daa86ac49f642779b8a4de0c0efeb290aa9d9fa803
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1827045282e9c4b40faedcdafcb6d5369fc4a45937e41b107b834f8d9357cc2581dd408d137c481450831baf6a11a142f20dec4a0955df46446ccd2357ff99eadc31d58c8c0da30df46d5bb3038e1b1278ad208a44739e11603b91e99898e36318d3befc80c025b393993f8c65236eb2d8d60f44042fd9b577be4c897c82268a
+** GENERATE (SECOND CALL):
+	V = 00ea637c2336a9166119681f16af1fef53e82e82a82dde739498f2a91cd36397ec206a2949fcb637ba0d5555287560a53fd513ad19192e
+	C = 9b4a5f5793f696502f657385947a2e1b30a13c1873eca6e20ab850aedc87ae9961e4daa86ac49f642779b8a4de0c0efeb290aa9d9fa803
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 833d1bda2935c2df1b607d734f27cc0591cc556a86524567b62ac3fc0d66116e
+Nonce = 5a327aad1d36310a46728a5b4382a793
+PersonalizationString = 1edd70dc421b9a987a59139d348c76252687e5d52f0296d968e258afacbe40a2
+** INSTANTIATE:
+	V = 15402ba1696d6ff1e4d2630c7d94817523bee193854f1ccd92b751ddf8156dea77f1144e0517e8c0a049b0cad44841aa124ba62047c108
+	C = 7f90394837d338cd96c3e112e91b13e9ee29f58bcb03cee35d36e153726448a9308683c2531bc7e241b6b3005f37e8cf0c394a83bff6d8
+	reseed counter = 1
+EntropyInputReseed = 32827d4d8563ed5eb39e2f59bdabf6020ff0cb62641c6c17a4b8892d325ab9ef
+AdditionalInputReseed = 
+** RESEED:
+	V = 7f92daa888ff92788134233d1a8c7f2da6ed63ec3760b1694eb06b48f24abe1cf1a3bf014db64fbf5ce964743f756422d456d05bdae114
+	C = 621d197f0d4c5dabba8f2f634329d1d64f31d96ab28b5f3853b6cce92eb39e556be30e0170595b0bc990d8c93db257cf5c1b768fe6b769
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e1aff427964bf0243bc352a05db65103f61f3d56e9ec11939566d2b017daa1d17686186eb3ba8c1c2ada39833f7b125f00ebcb4233e910
+	C = 621d197f0d4c5dabba8f2f634329d1d64f31d96ab28b5f3853b6cce92eb39e556be30e0170595b0bc990d8c93db257cf5c1b768fe6b769
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 31c76b02ad2e6fc491003b0994160bc530a1ce6a83734da6a2048b7cb6d9b7d8014b270a3bede00f5b2fdcb4e9edd83dffaa3f00cc7d41388aa92f7ba41d8e6cfc642046c0614cf7bf47a079f1ddf8cff8b61e41dafc9f4e4a2757127716605e86f90db27afd18ca5d363bf21f452d6e1025f30c5dfb2e3e212d1eb73c114509
+** GENERATE (SECOND CALL):
+	V = 43cd0da6a3984dcff6528203a0e022da455116c19c777142147057cb15f65f6617113ebf4b818dccb66489ec3a3fa17ca10bf97654ee22
+	C = 621d197f0d4c5dabba8f2f634329d1d64f31d96ab28b5f3853b6cce92eb39e556be30e0170595b0bc990d8c93db257cf5c1b768fe6b769
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = b2a5db3faba61b70c81bf51b7a3b234b13c658e36c143d60111cce8f2eac93e7
+Nonce = 3dabc2621c33b5a3ced398db211b794d
+PersonalizationString = 58f9b8af5cc93bd6917866d4e26542533436d4375fce9f04bdadb68ad4c5aaa2
+** INSTANTIATE:
+	V = 12e38676c085ee3040277764c66bc91d1e471a6d3621e37fa396116cac37e343ce3dbebfe28d5729b180970b7c43ecc10b1d81700f3aa0
+	C = b771ccb626d9974ed30cff4a532c5b293b26fc6edd7ce7120405516fd91ea5812aa782c6a710cc9ca261713e5452f9862486129b86b614
+	reseed counter = 1
+EntropyInputReseed = 965663652bcebf8921e028179120cb743028b4d8896fb8f462178e722e2c6536
+AdditionalInputReseed = 
+** RESEED:
+	V = a6bb9ccb7aadf70c659de4dc270406a274f1d1d00c6c696f72e3fc3eea0b6dda703a3a989c2e131532b26dac5fcd4281fa39d5fb137a5a
+	C = 00c65a4f8f1e8c2c5e26e8378c05612508134208e97677c5218eaeea987fb90b75e7ee18070202425d97c8bd07922e31033b947e0dc445
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a781f71b09cc8338c3c4cd13b30967c77d0513d8f5e2e17a7b624980c28526c4b63f37f8f4fa351c9377d1683d93d02f9657d18c43bdfa
+	C = 00c65a4f8f1e8c2c5e26e8378c05612508134208e97677c5218eaeea987fb90b75e7ee18070202425d97c8bd07922e31033b947e0dc445
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 58a032665be7a5d821b4497740950f9b205d85d2bac6c7ff4f803b9a7276cc774e011215780a902b3bffedfce5b28a6034aa22aa179d2d43c2b429b0430b8100756d989e81daedc6feb60e70532759c37fba6150ecb17baea1d9995ca00f3a80f02d69e437d7eddc186d3f0ac12c0879be7554e443aff9826f3c71bb6fcd891e
+** GENERATE (SECOND CALL):
+	V = a848516a98eb0f6521ebb54b3f0ec8ec851855e1df595a196aae5c67ee8bc0d259da9684d7f73fd3d0997cd9d49e2b4f94175a5be0cf6c
+	C = 00c65a4f8f1e8c2c5e26e8378c05612508134208e97677c5218eaeea987fb90b75e7ee18070202425d97c8bd07922e31033b947e0dc445
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 29efd76e53d8cb29df9833a518de05883821b15c812f8bca92d0c7000be84c0d
+Nonce = 23746fde8a04e09f03c1d6156aba9e02
+PersonalizationString = e0951ec005d3a5c44ca917d68cfec5c0a62df7ab417fa9ae991a90c3aa569c39
+** INSTANTIATE:
+	V = e246637f051b343b2ae95e3844f04a06812bd99d79fac07285dd57af1d4ff8f4e71c69875804218fe7a179df8c1235b5250b123defa86e
+	C = 8bdfa684c534170506e33863a9031c4cab190af84f513e3d3d058ca902a6b4a7d3d8440996ccb9f1293288b66ebd2117120f9d7f14ddd0
+	reseed counter = 1
+EntropyInputReseed = 18e6af8b393bcc93ce3c5f332d860eb36d5747953c4caa5e4586217fb4147388
+AdditionalInputReseed = 
+** RESEED:
+	V = 8f470bd539ec5e210466e3b947c81c160b8e675faba6124a6d70cdc86c337732cc34967ca326b2e843e401fd3566c7cfe23682aceb6f2f
+	C = cb1d81857264a9e12fd7555be1a5c9e9e13834cb79185986986fd4ea11f920d9ddbaf2d5820d76bce61d594094493a305931fc1fc23997
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5a648d5aac510802343e3915296de5ffecc69c2b24be6bf94346c704c4bdbbfed33de31b35f3da3b14ed853b4fb4bb03995de72ecc48a1
+	C = cb1d81857264a9e12fd7555be1a5c9e9e13834cb79185986986fd4ea11f920d9ddbaf2d5820d76bce61d594094493a305931fc1fc23997
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fed892d28ab0b913f6f4153778f4680eaf8be22878ff179940c0aa6f58398802d466cee50d20c04574d0e75dbad0aa00c7f1e3a68ce310de09fbb52b69193fa0b23b0c84a82bebcac8be15a537b6dee0cc23980146a488dfb98ac1a2f3c9c9a3b8eb8b8cb58576e09e60bb944d4378409d53e12ebb99dea0d22af3aaba1df4a5
+** GENERATE (SECOND CALL):
+	V = 25820ee01eb5b1e364158e710b13afe9cdfed0f69dd6c5e06ace32d2005d435cab478d986632f1f56f6602f325038719301fc7263062ef
+	C = cb1d81857264a9e12fd7555be1a5c9e9e13834cb79185986986fd4ea11f920d9ddbaf2d5820d76bce61d594094493a305931fc1fc23997
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 0b4b427b783400a48ec96dc90dccb8938179370077ac87ab9a28a289ff958c18
+Nonce = afd6330426cf1ad39aec47cb3f19c2b9
+PersonalizationString = fd08793af6baaf785f921702e1793400885aeab972819454ba77b29864a376d6
+** INSTANTIATE:
+	V = c110747fe2406188ee3cf797ed6f1a191171126d30ce17d6155f19fe6391395ab6cd89bc98a49adb469b5648b721d9fe7d362c636ad395
+	C = 37b1537dac562b960a5b9aa1f790b0a77018dc1265d819f60106668f24c50817330a193c8cb52925fcbe896c833400c46dc8f6b520e267
+	reseed counter = 1
+EntropyInputReseed = 40826e4edc2e46c8f30a1a4af0dc10d86fae425f9df3ac375672bb2a440f1120
+AdditionalInputReseed = 
+** RESEED:
+	V = 058d6957fc914554513fb6852235246b1d99e6294e3fa566d61fbafb876d618a0d5d65e6f69aee939e17461c8e9c60e45532ca34599118
+	C = 45c82cb892da72f9b23a24a15747007bfa381099d7fcfd9b5c0ae82df12b523ae5077c0990cb2542f9ff2f61d9d959bbf70ea87c7380c7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4b5596108f6bb84e0379db26797c24e717d1f6c3263ca39d1734607a6f1a184932121126129ba2ab585a557dfd17c17916e5f51625417b
+	C = 45c82cb892da72f9b23a24a15747007bfa381099d7fcfd9b5c0ae82df12b523ae5077c0990cb2542f9ff2f61d9d959bbf70ea87c7380c7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1b505c60af3480cf66b1fedab69a7eb382f376a0fd0cd6fe7a448d961de68ba90b0311534823208243d45e42781324d43ee630abccb1dec543cc76316b91123822f3c7f488947727fa5698b3d1769264e332d87540ee088d92dd13e7a7b09dc4c1497bc31b3d46ae824bc510ca53d66cb2dcf5d9175e5fd02eb53d6031f8056d
+** GENERATE (SECOND CALL):
+	V = 911dc2c922462b47b5b3ffc7d0c32563120a075cfe39a1fd7b2443806e3849b8d3968d43c1645fb8aacc3a39fe8e091435caef924c0a30
+	C = 45c82cb892da72f9b23a24a15747007bfa381099d7fcfd9b5c0ae82df12b523ae5077c0990cb2542f9ff2f61d9d959bbf70ea87c7380c7
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 4211f6cf6db9b318c11fa4a248168f73109bbf2dbb014f604483e36ded455536
+Nonce = 0ac0215e549d9795a7311ed2ebf745e9
+PersonalizationString = f47541b6043a733499ac1a3999a0027d66337112c7423b2a28109770afe00047
+** INSTANTIATE:
+	V = 72da4f4e47f08d953a7cf8b7acab1439d994d0eb2e425a17f3f971a126de5fd754fab8727ff7e8293c330750ca69a4e632cef5a7933f2c
+	C = 6c234bd0c8ac3d6c17cb7477eabe0d914aa4e5471f87d345b170e393a3f658c60077b2348f394242b6a7d80b8550fc968d4e8a18a97e06
+	reseed counter = 1
+EntropyInputReseed = e8acd28b61f7590dfeb304212dbd3fabd25b18386b546a83e7973b6dd247147b
+AdditionalInputReseed = 
+** RESEED:
+	V = ff4c32a9dc870ff95a3e428ee4fd4d712e76f05640dc372f99a846b18c29bf14651a8be9017151735094c88ec176a48be325caf966eb79
+	C = 345098062f5f6b8153b6ee2ee2b5a6c516892a25c7a1dc73cda9971b0837d4812718231392a1861a39f904e3cb1fa7848bb2bd06bfd47a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 339ccab00be67b7aadf530bdc7b2f43645001a7c087e13cfadf136666abb9e0b425843304ad9a1f14d519cc7e893ec590a99b0985f1051
+	C = 345098062f5f6b8153b6ee2ee2b5a6c516892a25c7a1dc73cda9971b0837d4812718231392a1861a39f904e3cb1fa7848bb2bd06bfd47a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 54debb2eaaab220df613861b72f610c4872bef53c36a8fadd127946d97697bc7360e30417935449da60869185fb0722842f30a5f2cfaf873cb9c096e9b6eb92e0bc86d1fa0dc68881439e61f028923a341cca7a9625d00573ebfc1c9f30325f8a2b27da313fb9ab60df83271768c7ad35bd431e93c3f2f4cc7670b092927b634
+** GENERATE (SECOND CALL):
+	V = 67ed62b63b45e6fc01ac1eecaa689afb5b8944a1d01ff0d2f4b11ca9ebe1d9708d448f432e295a3b0c281b9eb09c22082d1b007bc448ce
+	C = 345098062f5f6b8153b6ee2ee2b5a6c516892a25c7a1dc73cda9971b0837d4812718231392a1861a39f904e3cb1fa7848bb2bd06bfd47a
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = eaab5b65f8b0f600789161ae43824c6f7620c16aec127d891cbc1803d0088548
+Nonce = 63a83f7458a3c8607f53bfc2a1a4636e
+PersonalizationString = 3756d7ba592982881f2db5ae576e4087a3dad8176d4be47759cedd660c21ecf5
+** INSTANTIATE:
+	V = 5d9c971e47f25034add40c3e963378affcb72336c73a0fc42c30bb785f2a5c4c7c3457337a80fece68de9ff25183c48e1afdcb6fbfdd1e
+	C = 10621e7be67aa1598322ccb473fb138293515a4445ec8839a555d480e5186b42b0cffa02a96b67c53d9e4c2c0f6e033f6d006d678d7ca0
+	reseed counter = 1
+EntropyInputReseed = 66bdcc6d2730063216210b3c5d506f119e49464db599f40349420263298c168a
+AdditionalInputReseed = 
+** RESEED:
+	V = 7f0983044abbcd637b5b5f86a141e1dad720551f973b62f11d123c44ccfbfd830309807465bdf478f4d681c17910c4efe0e4772858fae0
+	C = 06d05f8d7ebb06585fb6d16e132c5b4c5a258a59baa3e82434c1e4a5a002a91b1a2966a03393181b6fa39b589256491719c828a6b97ce1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 85d9e291c976d3bbdb1230f4b46e3d273145df7951df4ba53d920430892455b5547feb853c89660519a8b113da2d87e135d328f01c25c1
+	C = 06d05f8d7ebb06585fb6d16e132c5b4c5a258a59baa3e82434c1e4a5a002a91b1a2966a03393181b6fa39b589256491719c828a6b97ce1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 81a2f068fd26c0dea5fd798b053d1cd248d2a449b2bab88310b98884483bcdfcfa020f35b12ee3ff24b5009aeade3342bbaf9ec3b77285f88bcdbd4b6f3a343e4fd6c5538c11d3668a15248be77bc7d8f4e26ae2231116fb702f21f5a8ec92c2d21e7a45bf4efb7f1a9652b4876980240da9afad7c236849979855f8045666a2
+** GENERATE (SECOND CALL):
+	V = 8caa421f4831da143ac90262c79a98738b6b69d30c8333e42fdf6f259ca0d9eac4677b1f78f0048badb1b7850edb4f9ba07a28595bae8e
+	C = 06d05f8d7ebb06585fb6d16e132c5b4c5a258a59baa3e82434c1e4a5a002a91b1a2966a03393181b6fa39b589256491719c828a6b97ce1
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 507411227df274a32d4f4a42fc8058dbf659b6a29958f8881c51297f0e8d2672
+Nonce = 74c497a191be48687d3a0f882516cfc2
+PersonalizationString = f15fa96ec490036e82c5bc45884fb7f85e3134461f66f62274e65b93ba2cc1b1
+** INSTANTIATE:
+	V = 4fa75b9c3f7937c37b8b4121fc1e03a7a5f02a8549615ca74c301470f7e9faab0301c8eeff93d6929d1ae848098f0c7051e118f38eee18
+	C = 3a8d4f6817757b9845480c9b0656c99800be76989cfce1e3353f82ccc286158fa97e04f92d364aed1e6d1a7130448a21052dfa8565900e
+	reseed counter = 1
+EntropyInputReseed = ff3b83df614a9db66858e2aee24eab8169622264397b02f845c6bb6b5aa96730
+AdditionalInputReseed = 
+** RESEED:
+	V = 4f86c62b47157f856ec9be2ad527d60f3dd237050e7ce9bb9978ebae814c5b75664dc24ccddd0b0e15f01e4490500d7fa4f77cc86e1d5c
+	C = b76b3f18e658781407a1bff0a7b9a083622ce695140e9e6106ae141093bc3258b8bccabe08ecf11535161ebd4738cbf754258ad20bca62
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 06f205442d6df799766b7e1b7ce176929fff1d9a228b8902c28360e2c3f13b0b05edbe6ee922a1496182754bbd839a4f75463d76909cdb
+	C = b76b3f18e658781407a1bff0a7b9a083622ce695140e9e6106ae141093bc3258b8bccabe08ecf11535161ebd4738cbf754258ad20bca62
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f689d8d5dad219816f4416759bff5b48b36e54f1dba06f3ab3f8e109c4faad1164e71527985d08c9593185b45840ef5ba5be83e35551b0c4c7bb0e62663a0798eaa301d51a774bc61239936bbf4f1cbc5f2f4bcda0e9d26b872efddf23839c89965f00d2ccfb1b2bfcd66aa471dd05ba923faf2093c59ecf9150d8bae55e3e44
+** GENERATE (SECOND CALL):
+	V = be5d445d13c66fad7e0d3e0c249b1716022c042f369a27f2757776a58e50e615b02c92fe2c150106058025be5ef9725907121d48a31c85
+	C = b76b3f18e658781407a1bff0a7b9a083622ce695140e9e6106ae141093bc3258b8bccabe08ecf11535161ebd4738cbf754258ad20bca62
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = deae4cc504cb7ebf4016005740b0e1a6cd2ae53d86250878bd7c9ac544b9a60e
+Nonce = db4108249d2394917e5e16f9cb3901ba
+PersonalizationString = 5f225b83420d09eefe6d5d64bb4d2c2477b1466b88979b5173a3e151a21d3d28
+** INSTANTIATE:
+	V = f0533f23e249ad80ed6e207d2cf895f200fac6b1db2984a88cccd966a07463bf08541cea1e3802bc1815ed42b28c102612fe36febec9d7
+	C = d95c84a164f3e5c3c8d3102895f22edb868dafce1c437bcc94f51e98d42d80318c71f1fb08f530e866ec4d3c6f1e7ce7945daeced39226
+	reseed counter = 1
+EntropyInputReseed = a0bb590605464e4b2c44dfc05b55ec575fc1002980a502a9fffbd503a15aa024
+AdditionalInputReseed = 
+** RESEED:
+	V = 52b021d7a8512788e3e3dcba3834f7744558f840fad09d7becacdfbf295c6675c9193b09d5d6c30d017cc27cc95c074c1211b44857133b
+	C = b752244a50a426912c6bf0ea4a25c987b0e1337ae413e64251031d00c2833e249d29f98115bc943a224e63873b3ec437c4c3bdc93ffda6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0a024621f8f54e1a104fcda4825ac0fbf63a2bbbdee48448a712fd604a374bacb6eb6cb555b43dccd73eeb250bf470c3600f88c355975a
+	C = b752244a50a426912c6bf0ea4a25c987b0e1337ae413e64251031d00c2833e249d29f98115bc943a224e63873b3ec437c4c3bdc93ffda6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1a9e45c61406ecc73d48e80303125c16c3b2c383c3ed919664e5354b16a750a029e259be7956d98bef9fc9ed968df8e9e6e89b973bbbeca6bb29b9d66298e10421bdf05bcd52f8118baea407c739011b4f5e9b10eef06745cd27f780723770f4b7271927b52b786cabdfc6baa7568f3109e750cbcd1b483c8b2d547166c8f322
+** GENERATE (SECOND CALL):
+	V = c1546a6c499974ab3cbbbe8ecc808a83a71b5f36c2f86b0b08f25c169533a4e2e97fdfce6d15944539cd32fd89b6c13ba92fb0f66a42ac
+	C = b752244a50a426912c6bf0ea4a25c987b0e1337ae413e64251031d00c2833e249d29f98115bc943a224e63873b3ec437c4c3bdc93ffda6
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = d7d42b877f8218852ee0c0337dd9c3a1c927cb0ee419bf036fdb86be0672be4d
+Nonce = 884bb0124d8b295bcd50b352da505a50
+PersonalizationString = 7da1995b6b54e9a35a38eaf17a6619c678c38435e99770673f4b22b17654e429
+** INSTANTIATE:
+	V = 637cda83291f14e6b0de8537729828eb4dac6af9654eac0a45ba4309482d18b0bf92d83e08c620ee99cd0c1c464bb5709ad46b8c6ab3c7
+	C = 9cb6eab321208feea18c62c45fca43fd1e2f44cef766353f3d3b39946c824a4356ffbc8efce2f3021dafe15c5f05b029da056c6a1341bb
+	reseed counter = 1
+EntropyInputReseed = b1195320b169f8a726faba9f27666547a9a613098e54e37dc6d6dfcadf42da21
+AdditionalInputReseed = 
+** RESEED:
+	V = f69d15bef5ff27af4fbddc56c323409fd04e101c02b63798ac28537c2a060628df0a1dbd2da2210ddb16feb5fe824c501697ff3838d770
+	C = bd04e89c045296b3e16d860087c7944bc02be4ca90539fd606651a364a68baef4ab95f2dd6fc5c3c0d92a016fbc4f710ad27228b1d0d4d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b3a1fe5afa51be63312b62574aead4eb9079f4e69309d7d928058aa2eebc04a511b42a0e1fe2c167a6ddb6120db240e6d9412e716181cc
+	C = bd04e89c045296b3e16d860087c7944bc02be4ca90539fd606651a364a68baef4ab95f2dd6fc5c3c0d92a016fbc4f710ad27228b1d0d4d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0583189e41455fe4dc47aebd4e40efd78d97540ec1c149e23bc963a491683b304162f67410fbbb3d051290b9cde09e0ad923f150becb35425a807bcf017c6f00354f8560c2d1a8dfbe99a618040eb122e03296da22f63f4f152faf7c013920e9dbe6c412e436ea41832ab2de227fbcfb6629eefebbb40258df06fc7080b6aeaf
+** GENERATE (SECOND CALL):
+	V = 70a6e6f6fea455171298e857d2b2693750a5d9b1235d77bfeed4f257a8184ba303eb938388ae1574a5425fde0315bddf8c4c9c1bdd6faa
+	C = bd04e89c045296b3e16d860087c7944bc02be4ca90539fd606651a364a68baef4ab95f2dd6fc5c3c0d92a016fbc4f710ad27228b1d0d4d
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 123f98d097955df998b23880a7a58b1e2495e20ede4018b12019e32731c0676d
+Nonce = 6512a88d5cdde4044f31a889999ac844
+PersonalizationString = 78e33620337cc95cd69e7c0678d87cfb680f28e5ed6e2c71043e0c96a6e5361e
+** INSTANTIATE:
+	V = d3c9a532d9185f27e8ae8ce502f00026ce25dd269c3cb8a5277f431032d2dcaeb00934ea68f8f4c1cda9adba8507dd337914e6e92962c9
+	C = b55355355a3e6eeaa5570e3da8078ebd3a548a9752830969ea28a38b139dc0cb74000b6822fed8b82bf942d0123da8c7461c278402c8b0
+	reseed counter = 1
+EntropyInputReseed = e329d04388924f30cdef6a3d311e9446c94ea5f98056d11cf15aaee73159d2c9
+AdditionalInputReseed = 
+** RESEED:
+	V = 2a4ee5cbf2adcdd4c36ef7ca56f050e1277725dde1d552fd3dbdfc88f0fd22d6aa94364f52c878c87b6f0f076cbca7b3039673ce2b9b95
+	C = 750b2e3b39092a590a96dedf923be8424d59e7d063b6b01e1ab88f92e6f465cb2e4478a5c257c0afd3b19136add332b0683b3a23722b23
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9f5a14072bb6f82dce05d6a9e92c392374d10dae458c0331a866fda576aaea77899c2ded2ac7cb33c27989739da8ef29a3c46109756d99
+	C = 750b2e3b39092a590a96dedf923be8424d59e7d063b6b01e1ab88f92e6f465cb2e4478a5c257c0afd3b19136add332b0683b3a23722b23
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 43c80451d74a51f9c337059d79922016483885adf9acc5e6635a778bd4659c6886577c4a366a8a1e7b5ea8428aa47d53d83d5580ef4698793f7da8f057db6796283b0538e8baddac803a2d3332cb9b2066af55a4d7c508add2874e9b7a0b67bbeb1ad516257f83bdaf2a99fa58bf18b971072608162fa234b97226442fb17051
+** GENERATE (SECOND CALL):
+	V = 1465424264c02286d89cb5897b682165c22af57ea942b35bd936f333c7128c805b1b543646977ca0093ce9e3663e668a98a6b9004ba0d3
+	C = 750b2e3b39092a590a96dedf923be8424d59e7d063b6b01e1ab88f92e6f465cb2e4478a5c257c0afd3b19136add332b0683b3a23722b23
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 6652d6d1fd863f87695f535508e5993cbd66f54e60ec68b1471dd35e327a1158
+Nonce = b299e639776275f40143345eb76196e0
+PersonalizationString = cf4c67760a55f8392665044a394d9afae057dcbc80b7b3b1ffd7e0e162cceef0
+** INSTANTIATE:
+	V = 8706d03ea031409b521d5a137b808fa8e0e6057b0b3fc954ffd73937071351ead7020dece91beb1a486572d5519aeaec44b83777c34947
+	C = 4f82a07594a90440f0459d8d7b3dd0158a8201f97c7054f88c85a31532b45a92d03fd87fc3895e354740f297422911ca8fa5195f5a44ae
+	reseed counter = 1
+EntropyInputReseed = f1b8b2b0f53c8f27f6389c297a6a2f6ff7252c4f822619904d044937ba6eff4c
+AdditionalInputReseed = 
+** RESEED:
+	V = 968adb648a7d880ba8988be7e6473af72c637d5eda2d04ebe0b06225f7ab9178bc190abdfecc478a77519cfb8fa68a30c237c76ce4e67d
+	C = 0730288d848aac6be2fbd0fbb776204b0f051b076097c9b465cac225a3b2eaeff3987b83636fcc8e178e6c4829bd9096d78cb3dabd9112
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9dbb03f20f0834778b945ce39dbd5b423b6898663ac4cea3b055fc6c8902cfd5b3d8170a72dda42588bc8d75d2ae6c4ed52209b515f4d3
+	C = 0730288d848aac6be2fbd0fbb776204b0f051b076097c9b465cac225a3b2eaeff3987b83636fcc8e178e6c4829bd9096d78cb3dabd9112
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e0eff94958c69a6117563515a0353c8705ed946f716d874ac7cf5ab67bfaa6a1395dc4722c33437f25e3e6c14afe229d4f2fd2729dbe59384d398a06a7bbdb275cb44257d568599f1f2ae87716697ac5b003dd2aab0796bad51058abe6ef22ae5fc48e90369d3ee13f2aab38f3e87340f1ad2c10f0470afbb7507c7327c92a02
+** GENERATE (SECOND CALL):
+	V = a4eb2c7f9392e0e36e902ddf55337b8d4a6db36d9b5c98cda463d66a9f5524bb73f733384e3cea2d7777dee25a1a114cdeb391139eca12
+	C = 0730288d848aac6be2fbd0fbb776204b0f051b076097c9b465cac225a3b2eaeff3987b83636fcc8e178e6c4829bd9096d78cb3dabd9112
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 6f37b18d542ae6e132e54449a3eeef7de3339112d1f9d99eab9fac824f3fedf6
+Nonce = 646fb89a9e57fd890ded39a5c134f918
+PersonalizationString = 056008bfc336170281063a4d14b3aa899ebc57540f2dcc6a06aca05bc66a8dcd
+** INSTANTIATE:
+	V = ce24499914e958ffa2edf24db2e0a80cd0b1346ccf2452ccad16a537e02632925cef3c246df88a8b13c0d8c0aff508f6f82cc2b1e22292
+	C = 73296e4e7cf34dc0a18c349c4d1ba861f5c3a476243fa1d70797bc7b0f1c1dc7dd5751a0aa0d3c35b791e496a6c12c9cc5ff31c6dca1dd
+	reseed counter = 1
+EntropyInputReseed = 4dd1c625bf842ba6af3b57994094d749b6902ef5d09f1a1bc36b6cffe89e715b
+AdditionalInputReseed = 
+** RESEED:
+	V = 93f257d596e242ebdcc4e75394b3f30197fe79998b44697b4c6e0ac854c7d74ad2f38f9b60535b9052eb8ebda6bf74fc99133848f5ad6b
+	C = 5aa064cce6292c35d58bc7f707170bb7136bfef8ef82e3d8add47fffa1eeed8f267a01ca1b4b20d56a6328211f95b188fae47c3e62ac64
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ee92bca27d0b6f21b250af4a9bcafeb8ab6a78927ac74e33e3f6d2c895d473ee0527b48b4772e981a3d2da1b0b54646bd7f976dd4093cd
+	C = 5aa064cce6292c35d58bc7f707170bb7136bfef8ef82e3d8add47fffa1eeed8f267a01ca1b4b20d56a6328211f95b188fae47c3e62ac64
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3c7fd08f8d25c4719fd08945593f28229a6ac54030c78e67af0350d59782781a1154bc0d8322323a0023d8164eed3e2c60954df4d0cb8eac74c1b26963dd83bceff5dc2f125a0321e48c60a677673f28dae144438230fe2cb8929c43ec79baeaf5c01e22d6d199312815bb6cb5e39663c9240b202a7ef6b2ff06a32aa78a7bb7
+** GENERATE (SECOND CALL):
+	V = 4933216f63349b5787dc7741a2e20a6fbed6778b6a4a32ecd3a1c13986286995df35991cbf1fc8c70cabec32b6096150b8315a4934b04c
+	C = 5aa064cce6292c35d58bc7f707170bb7136bfef8ef82e3d8add47fffa1eeed8f267a01ca1b4b20d56a6328211f95b188fae47c3e62ac64
+	reseed counter = 3
+
+[SHA-256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = f05bab56c7ac6eeb31a0cf8a8a062a49179acf3c5b204d60dd7a3eb78f5d8e3b
+Nonce = a14508534168b688f05f1e419c88cc30
+PersonalizationString = a03472f40459e287eacb2132c0b654027da3e66925b4212554c448188c0e8601
+** INSTANTIATE:
+	V = 67ea750051ac6d9debd6251fb910479e4fc987430fa65a6c93cff3b1eb4d31363120601f092dffeb40fe0c953022bb6c4b4da160ef76ce
+	C = 9c1846671d24ab6fec65768297105cbc05c95860a77dafcd5aceb98ef826298d0ab3dfc9a6ebd1984382cd8390d42415bd363524ae0837
+	reseed counter = 1
+EntropyInputReseed = 72d402a2597b98a3b8f50b716c63c6dba73a07e65489063f02c532f5dac4d418
+AdditionalInputReseed = b30d28afa4116bbc136e6509b582a693bc91714046aa3c66b677b3eff9adfd49
+** RESEED:
+	V = 00fe5cec03fc719ca59a03897d61fce024ad5210be93ffc25cbe9b41a6a9f3e43ad947e920e1df86100a514ea5d9543f171f70657d8a62
+	C = a448b71f3dc2807227b67da919b82af35b5a8d4ebf012b720a59ae80c1d843c11932f9dcb8fcd9249920ded2e037c74feed2b31484009c
+	reseed counter = 1
+AdditionalInput = 77fd1d68d6a4ddd5f327252d3f6bdfee8c35ced383beafc93277eff21b6ff41b
+** GENERATE (FIRST CALL):
+	V = a547140b41bef20ecd508132971a27d38007df5f7d952c31ad0f9f286020e66b7c1d65eea824fbe70c97f6c42eea8f5ce3eb7693722ace
+	C = a448b71f3dc2807227b67da919b82af35b5a8d4ebf012b720a59ae80c1d843c11932f9dcb8fcd9249920ded2e037c74feed2b31484009c
+	reseed counter = 2
+AdditionalInput = 59a01ff86a58721e85d2f83f7399f1964e27f87fcd1bf5c1ebf337109b13bd24
+ReturnedBits = ff2796385c32bf843dfabbf03e705a39cba34cf14faec30563df5addbd2d3583f57e05f940305618f200881403c2d9813639e66755dcfc4e88ea71ddb2252e09914940ebe23d6344a0f4db5ee839e670ec47243fa0fcf51361ce5398aabfb4191bfed500e1033a7654ffd724705e8cb2417d920a2f4f27b845137ffb8790a949
+** GENERATE (SECOND CALL):
+	V = 498fcb2a7f817280f506fedbb0d252c6db626cae3c96583a1de76082712c58b9dc29ddc66196c032ac7df836af29f7a71ae7159d555d76
+	C = a448b71f3dc2807227b67da919b82af35b5a8d4ebf012b720a59ae80c1d843c11932f9dcb8fcd9249920ded2e037c74feed2b31484009c
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = fe615079f1ad2a71ea7f0f5a1434eec84635544a956a4fbd64ffbaf61d346183
+Nonce = 9da78756b74917024cd20065119be87e
+PersonalizationString = 775dbf32f35cf351f4b81cd3fa7f650bcf3188a125570cddacaafea17b3b29bc
+** INSTANTIATE:
+	V = 8781f1885f4a08903755b298c8f45f0e57e2c343bc0aad95337f100ae9823b406adf87a78f505de77bc754a78e8ed08dd8cafce3715f77
+	C = d1d984d64e5659dd296e3312cbe981a95b998d48e4167432300f4847f57f2089a0876fdf4d379faf28f6613be304c544ca119a23a5b848
+	reseed counter = 1
+EntropyInputReseed = 18897bd83eff38abb56e82a81b8c5e593c3d85622ae288e5b2c6c5d2ad7dc945
+AdditionalInputReseed = ef96c79cb1731d82850a6bca9b5c3439bad34e4d826f359f615cf6f2a33e9105
+** RESEED:
+	V = 80de6f7cacdcb20651742ca6a6d66d8e957a63c9d6c3704429e0b8011bae0d7cf6c2587f56a2084aed2709f7b5b4a6ed43bb50697935b4
+	C = e48143e7fcd2b1b8a0bfabf0739be956cf241b41e121aac271dc4b783a2689f541e42f4fc37cf65d9947917a73431f6bfd7c3b5ff902c7
+	reseed counter = 1
+AdditionalInput = af25c46e21fcc3af1fbbf876b457ab1a940a85164781a4abdac8abcad084daae
+** GENERATE (FIRST CALL):
+	V = 655fb364a9af63bef233d8971a7256e5649e7f0bb7e51c63f513e617137df9d9c1c96a624d4d61d2997f45278ec3ad43f3bdec4b3e2291
+	C = e48143e7fcd2b1b8a0bfabf0739be956cf241b41e121aac271dc4b783a2689f541e42f4fc37cf65d9947917a73431f6bfd7c3b5ff902c7
+	reseed counter = 2
+AdditionalInput = 595b4494388636ff8e451a0c42c8cc2106383ac5a63096b91481b3a12bc8cdf6
+ReturnedBits = 8b1c9c76c49b3baefd6eeb6cffa3a1033a8caf09febd4400fc0fd3a8269cee01ace3730ebeda9ac623446da1569429ec4bcd01843225ef00910bccf3063b80f546acd2ed5f702b562f210ae9808738adb02aeb27f2d9202a660ef5c9204ab43cced62497dbb1ed94126a2f03984ad4d172f37a66747e2a5bdeef43bcb98c4901
+** GENERATE (SECOND CALL):
+	V = 49e0f74ca682157792f384878e0e403c33c29a4d9906c90b7d4b46b2818228066e4e9ce688f72635a07bba6e0515e14fb6c1a0c525baf9
+	C = e48143e7fcd2b1b8a0bfabf0739be956cf241b41e121aac271dc4b783a2689f541e42f4fc37cf65d9947917a73431f6bfd7c3b5ff902c7
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 957fd40750d39492110474b85e7c45754e0159107d059fe4d750adde714274af
+Nonce = 1ad8bb3d3d234f8a2699f48033099b2a
+PersonalizationString = 463d3e2c20c7467e258e1f7b4d6a7e60a24b82e017c2831f78ed7747ae82d81a
+** INSTANTIATE:
+	V = df7b78ad1c9e95927e10b827f38dff359ddca5c0154e1182b6d2f24695fcc57e6c5d8a9b26092c561b0e10e5b83aac93154518251c1293
+	C = ca800ef0de800eba3b0ae27dc7383059d113178974e634888da2709997d0881027ed7a35ee5abbd85be169c56d80b4c75725a7b8bbd966
+	reseed counter = 1
+EntropyInputReseed = 45a5c5729ef7c7f0a67cfa13be5ee7f0d71359148f22edf8d4c2ce61e4b64105
+AdditionalInputReseed = b6dda7dd4a69eaccad4a680d07c654e95dfb75f0021f23bc5ca874469dbc8d43
+** RESEED:
+	V = 4f9cf89518bb329932113347bfe6b7c999bcc4f5d9f7a704476d6dbe8e137ca369673aaa572ce400212b3ad94a63eec2ede3f11a29e68a
+	C = 56a500244440be934a5a2fb5d1df286c8f78f803fb517135d465285d6afcd3a8551ec33408969646e5b62798082a666b42f146b0eb8e8b
+	reseed counter = 1
+AdditionalInput = 7cd687f16faf3420b1ac23189abcc427a6b5a88e6362b2652f129ff044a58ea4
+** GENERATE (FIRST CALL):
+	V = a641f8b95cfbf12c7c6b62fd91c5e0362935bcf9d5491965d54abdda288911e76cd613721ef695e481f9aeb38c9278b4f2739b7f591659
+	C = 56a500244440be934a5a2fb5d1df286c8f78f803fb517135d465285d6afcd3a8551ec33408969646e5b62798082a666b42f146b0eb8e8b
+	reseed counter = 2
+AdditionalInput = 93965881baf2f1bba36795510b958e732df850acff6e06316d4a99a824a97876
+ReturnedBits = 234b423fe363a3c8948f7458e934e2b93fce8b7d06c54b03f745c57cffa146fecfae3f63b78524b2972c709b0b32b2a08894ff8fc85090255e9ecd8d5e95d41ac8387a87a37205c7d87899ad27d5e8839619221089bf2e568d39c3f0785ca35085ff5a8c60bb9251160b3b93e63c4ebccd68f8f3f7e46bc24df0da0c5734cd11
+** GENERATE (SECOND CALL):
+	V = fce6f8dda13cafbfc6c592b363a508a2b8aeb4fdd09a8bbeec65a66e679f5f4007291a34b10ea94951594e473e90b3effa6ebb1251089f
+	C = 56a500244440be934a5a2fb5d1df286c8f78f803fb517135d465285d6afcd3a8551ec33408969646e5b62798082a666b42f146b0eb8e8b
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 892f5a7bea64ad281c13f1857e161d943424ac17fd6df2ba91c3b8b94ec02131
+Nonce = 9b62974e4e4c98c385784c1da434a3bb
+PersonalizationString = 73a70e8bbd75a0e8420f3906499afcf3acb819f1bcd4a1cd5e471454ee8318a1
+** INSTANTIATE:
+	V = 2a57fba8d3c235a54e7d90cfaf75a4418c9642a659fec729bf6eeef107a3784f73aa42bf1c3b39d6067716c83be545c63318a06ba9de80
+	C = 575a3cb24d952acbbeefaa4bf004454a9d8de14edaa3af790e5f8f5d22087d24dacd47bb7c53918cb97d47771b4eed0de0adddfbf06e54
+	reseed counter = 1
+EntropyInputReseed = 731f91c2a131c41ff8934d04afc36a007a20e51fe67c937516c8be17d789e75f
+AdditionalInputReseed = 42c1ab5d3bf7d420e4ce50bb39b05bdaa68412cfd82d587c9212cfeca8c8c30d
+** RESEED:
+	V = ef1902323b222088ce246c7787dfe6a56c3f60d645fb936a4f37562d35a92485344eae111b16f59b80db12b2ff18397c5b7a6a98d6c3ef
+	C = e8e4b5d70811fef79db6d51ac36cbcd0ee4213c28fc909156118a7c7d1d63b3551109a8d48162e09d97dfb49a29c085a9b864db5ba70ec
+	reseed counter = 1
+AdditionalInput = 21e368ca81d8ccef39c3ec6c7673cbd49b268409737006b15aebb2722895a7ec
+** GENERATE (FIRST CALL):
+	V = d7fdb80943341f806bdb41924b4ca3765a817498d5c49ddeb48112bca4bd4249f7ba948d209eb48b97cd0b1b4ad2a0b82b9bc462d00e34
+	C = e8e4b5d70811fef79db6d51ac36cbcd0ee4213c28fc909156118a7c7d1d63b3551109a8d48162e09d97dfb49a29c085a9b864db5ba70ec
+	reseed counter = 2
+AdditionalInput = ca3e010675d4afb364b849f5790a11686247c82d8e296c0aaa4eaeb1d974e1b0
+ReturnedBits = 372c0d2e9921fa01ecb562ab333c4208153fdd77998124206bf1511a7012e1380f77b867a1e1d7577c506018b5d66f272a11b5989aaba41f7c37c101479812f7021c9a505dc605105b0974cd7b63aaa68df3469e92cbd2498bab4b7248d4b8de9ddbae04281bedb7ff497f607f3e51a909b3b8545ff25e80941d6341c4395bd8
+** GENERATE (SECOND CALL):
+	V = c0e26de04b461e78099216ad0eb9604748c3885b658da775f59f42dd1b93f9e72b5e910e300d28b13f1c8c18cd3ac3a97ad79809ab3709
+	C = e8e4b5d70811fef79db6d51ac36cbcd0ee4213c28fc909156118a7c7d1d63b3551109a8d48162e09d97dfb49a29c085a9b864db5ba70ec
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 4dc6e0da3df923c2ea7d300331263c4c2b40d53271adffb92c932ecd9b288a8b
+Nonce = 25302496a882f86a71059b0bfbd734dc
+PersonalizationString = c6c23211e4f7931bdd4b4f7784061b2ef45aba5a64082d7fdaf16759a4807c48
+** INSTANTIATE:
+	V = b5fc55bdd0f9a00f137cc6aba7658e1ec8f80e7ac97fe7cd30022120f27b5f0b74656154048ffb8e9fe8e06cc4d787225b2941efe1bfe3
+	C = 49960a374ae37f89192c87d40c3658e059931858fcd05bc2b2f85a1a1c068ff2c61b3b023aaaaf63fe21b22829802b7300802b457a4554
+	reseed counter = 1
+EntropyInputReseed = 7a93d5cdbb90473b2d85aeac20eeb69b45424a062e754a8da188c684630bb88d
+AdditionalInputReseed = 8c7908579ee0287c2c9ac5d7208a6ada29159d99500895edd3e247c8998ec4d8
+** RESEED:
+	V = c74f9811381f326c2856a65b2ed82428c0304c854ff65ac0458cb1c08abee8fa5246ebf68aaa586188a2ee78a2ff82908c23b649d852da
+	C = f8fd49fc832e733678146c5183f0e7e053eda71a33117a72d2c86fb64e8c69098ea5f3b6d684029cb2eec00e2028abaa1a1d34030892f1
+	reseed counter = 1
+AdditionalInput = 47087523854ad0fdca89f03b5010ca67473d084fe8bef8b5cb10369d145023e3
+** GENERATE (FIRST CALL):
+	V = c04ce20dbb4da5a2a06b12acb2c90c09141df39f8307d6a69726ce751ed471b4844b6b1417e2391f0a8621c82be21ae389b026284c1a02
+	C = f8fd49fc832e733678146c5183f0e7e053eda71a33117a72d2c86fb64e8c69098ea5f3b6d684029cb2eec00e2028abaa1a1d34030892f1
+	reseed counter = 2
+AdditionalInput = 8eedaf754b8a602c54a3e4c515577fdc47608067bf706b3b7a65623671d572a5
+ReturnedBits = 613a60f8238a94f10bace7987549aab1d51724810776075b673c722f1f7245b0e4da8ffa50517d9414eef4c348e16178395c02411649fdb58fb34cbc7f3951f765dac11b075350910887d0442270502dd0f897b77591d7631cde0a811f9e092bdb865a9d0bdcfa4274bdd46dcc72435ec09122d5bd239378eef62a25dd6c6fe8
+** GENERATE (SECOND CALL):
+	V = b94a2c0a3e7c18d9187f7efe36b9f3e9680b9ab9b61951fd6f2d153017e84bfa09a7288643941ae2ef7f3fd4e28b956e2b2b1169f8bb30
+	C = f8fd49fc832e733678146c5183f0e7e053eda71a33117a72d2c86fb64e8c69098ea5f3b6d684029cb2eec00e2028abaa1a1d34030892f1
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 1b8d0847ba8c8cce02f5e814f1804c6695870f4c0419da093b89c6ea42222c4f
+Nonce = 5d484ee22d42e9f2cff8239496ace215
+PersonalizationString = 84f81d778cd78bcd0a374a469e509741efef46687bcebee91af0de3644f331a1
+** INSTANTIATE:
+	V = f3f8a95c88a68aa73422a1b1e54f9d0db30364c336e5b98ed75c56611739cfe16899ad2605be8ce872328bf059f8c81cabbca476537f94
+	C = 378175ada14b12e5d335592a94b567ae8e00ede843bd9dad23757357f7ff996cb7298e0960ed0c9dcd144d37a951c289b6807557527b92
+	reseed counter = 1
+EntropyInputReseed = 1fcb8e105b07e7e696913926c16c9cf07c5e8826a28bd04e6ee2c2f09f8dadb9
+AdditionalInputReseed = 353dcfbf12d31fa6f114b647b4e51ad3039dfea2f1d73ad22a789ddf7a72c9fd
+** RESEED:
+	V = 9c4bb31327ccb9b9d3f4a9b5e89dcafd4397d679216c574e9e8262951fc9ef7077c5b76765452370dc5ce9730bdc67b66b40d538b5e8df
+	C = 3c9714620ef3dca8e1640699d4bc6a249b4afcc1ab0e9c2f624bcb1d9c4e8eef662f2c9474f0f95c9e1454594f5b33f2f2b15b5361296c
+	reseed counter = 1
+AdditionalInput = 131617b1e13791a5b60e9ca1b154bd8886d723b3483694b2674dce7c5922b17c
+** GENERATE (FIRST CALL):
+	V = d8e2c77536c09662b558b04fbd5a3521dee2d33acc7af416a6266b6f2d7957f16b54c84c74de0fc6bcaddcc6cf29bf602d6c07abf91e38
+	C = 3c9714620ef3dca8e1640699d4bc6a249b4afcc1ab0e9c2f624bcb1d9c4e8eef662f2c9474f0f95c9e1454594f5b33f2f2b15b5361296c
+	reseed counter = 2
+AdditionalInput = b69141394aa8028602b5a7557e20332f8414a66bcf58b8b4b6711e738bf3d19f
+ReturnedBits = 89fd76da2ef7b56eb38db1dca7be2cf6733feebd369ca408f57a9bec9ebe80563e500b632eb1557f73187b91fb0ba6241a4c9082ba6250d522d5d371be8443b702c4a34d2ef6b66baad58d6263f5c757d6bb3cd1f43950e449995e6cb49e8bbb9ccd03524974dcdae6124d82efbc24f37aaa2da268d8090de2473477f024df7d
+** GENERATE (SECOND CALL):
+	V = 1579dbd745b4730b96bcb6e992169f467a2dcffc77899146375cd4439476fbb7a0205854741c5760b0d66486e51a7fde4a7e40a286d6f3
+	C = 3c9714620ef3dca8e1640699d4bc6a249b4afcc1ab0e9c2f624bcb1d9c4e8eef662f2c9474f0f95c9e1454594f5b33f2f2b15b5361296c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 4b23e0eb578133c5b5836a56c76a42c1357ffef9450a0583a454af438b0b940e
+Nonce = b6d7f93484f117db7579a2e74e71171b
+PersonalizationString = bea62f2a8a54c779bff84db9f6ec55f80bbf89ec828da3abf5ff26b395bb6743
+** INSTANTIATE:
+	V = c2e0b276087a30656bd8d7852f7f4db9d70a81f5bc9d96787f8eabbd79778df98f5dfa9660492fd4ba896d2c87f24d561044be27de46e6
+	C = 55a5dba6da74e294783fa3474f8045366f4f3feb4d0418e20f9732d5ed876e771119d1cec795b6f26625e7e5f3db4b4da84c9886909b59
+	reseed counter = 1
+EntropyInputReseed = b4af981013bae510405bd64f757f22341a5a975c48a37f6ea8d078e32b218340
+AdditionalInputReseed = d69b16804225b774fe10452b402f434aaa15ae485ae5e075485d9bd9ec13969e
+** RESEED:
+	V = 078b286b2afd62c8c575cc8e8d9612d54ad7912390c63ee24d54b89d77b9e8d0da4ce3207944c3ccd814f9d7502515a37f6db09f98dd5c
+	C = 4ff87b9bf6f864db800bf469af440e6df4ebeb41f1161484ca4654e624d72eeef03dc9df8084cb8b27dae8ffc18efb0ed06c36ec76e9c1
+	reseed counter = 1
+AdditionalInput = 876cb7db89ff1d5feef2be4fd401f225c7de2118115c350207925b4693425193
+** GENERATE (FIRST CALL):
+	V = 5783a40721f5c7a44581c0f83cda21433fc37c6581dc5432d8c96cba8a8162d5f611fac10c31aae4cba7799fa2b16ddeed1efd9eb02e60
+	C = 4ff87b9bf6f864db800bf469af440e6df4ebeb41f1161484ca4654e624d72eeef03dc9df8084cb8b27dae8ffc18efb0ed06c36ec76e9c1
+	reseed counter = 2
+AdditionalInput = 1747c2bdb753d0faf42ba2ccd1ce1b0eff7da6829ec4e565c539d53ced8ec691
+ReturnedBits = 2407dccca3f341cfcad0b96dfb97e6729188d40990ba5d094854ff7214d188b9d976dace2cfa03501fe62349a672f9337737c53289ade7f36d707e65c90b38ce208dbd1ecb98403eaabe33f2aeac89ca546d18eb61ebec87c38ef2b8e9dc13d73bebb9c225af9937eb54a040f64f12103a22083947d1afe32c6fd20bf43f7ab9
+** GENERATE (SECOND CALL):
+	V = a77c1fa318ee2c7fc58db561ec1e2fb134af67a772f2699ceadf60d9f8631e281f3796bf4efaf8615e15669d886cd4a96e2934749697eb
+	C = 4ff87b9bf6f864db800bf469af440e6df4ebeb41f1161484ca4654e624d72eeef03dc9df8084cb8b27dae8ffc18efb0ed06c36ec76e9c1
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = d09a8aef727fdec717e70abd84760dd92ed731a06ca75d63abac931b63151a6c
+Nonce = 115cf13876702f8976bf3ead8af03268
+PersonalizationString = b34e70c924048c83dd2036f450b142a4c742263831450c382d570d948f986e22
+** INSTANTIATE:
+	V = 721084840d06d39751d369b8b339d06b6052b49c620fdfa5fe26450f0aa6368cf1a93c1580b2aa11afe3182f5d8f96cfd522a2205854c9
+	C = 0a34a9dc9df183a628c7024175f29baf8dbb6d18b0551062e93f0012ab7dcc7d6e0b188712cc4f6968c2741fce86015fd323c2ae85029f
+	reseed counter = 1
+EntropyInputReseed = 384d2d85299849ed931081d32a70645bcca18f8b106f6c6826087ad28b71ed5b
+AdditionalInputReseed = 56bf7b29af32090235eaec45f590b4036c44ca7069cd15fef4995a29acba67d7
+** RESEED:
+	V = 4ada698914701c90df98f5f33cd44241a891ca9e5c3b3920c0acd2bb980e3ed7b1317467e45ae678878e22f56de06ba190de627cfd5679
+	C = 3184516cf7120731bda57c30b78e3f81fab0364bf64be5d9672827a3a8e5332213f1ad37c8a8eb9a7572acf6efa2ed4987c2e60a3ac3b7
+	reseed counter = 1
+AdditionalInput = 49f82c6495d2f5f42a26b994412e54631db2585ca5d04fbb87b78c1b60b9757d
+** GENERATE (FIRST CALL):
+	V = 7c5ebaf60b8223c29d3e7223f46281c3a34200ea52871fe553d3238531e97613da5ee96c137b9a949c398d12e133fe3803652f2979b02e
+	C = 3184516cf7120731bda57c30b78e3f81fab0364bf64be5d9672827a3a8e5332213f1ad37c8a8eb9a7572acf6efa2ed4987c2e60a3ac3b7
+	reseed counter = 2
+AdditionalInput = ec5b44cf0204f4682334aac8b0dc24fe66b7bec222afb4b7e0a5d832632685f2
+ReturnedBits = f6671424debd1326a547b5584e653da380c03c3c039a1d9250e5b7a04f1b925b4155cb0b7a0b1424662b0cd8cbd517f944a6f2af05b8966615500a0685148ad8fa491f6280fe3fee65d208c1166839ac8f1923e33b9a845be7aa6ef7ef1d706d9123eb4755b91ed6a54f771f6474b20f1d662b9cd814cba7549edf23dff4d0be
+** GENERATE (SECOND CALL):
+	V = ade30c6302942af45ae3ee54abf0c1459df2373648d30706b1de5162c91e9ac4f26f886f86dab4331f370bf6b793516c0e39c6f95c0996
+	C = 3184516cf7120731bda57c30b78e3f81fab0364bf64be5d9672827a3a8e5332213f1ad37c8a8eb9a7572acf6efa2ed4987c2e60a3ac3b7
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 071e961e987097f77c09f76209e5e5b3f8be0c4c27075735e1fc202f6081abf0
+Nonce = 03d588d5947afa87db319a5016137ccb
+PersonalizationString = 5192482a6f4333de109be8208cbd8e68ffcb1675f4706e8575f6732b1b82eead
+** INSTANTIATE:
+	V = d8d6de61d1fb1f9e81eb4ed399eb54b98b1e6a50c60038f907c3b44148d3af86e70c460f3379ba359144104b92a69f3ae398f82b7493ab
+	C = 29dd94bffa5e2c54a0c3665719eb0e5d099d0e74899c53ab74ceff3efd024996da6e3006fc997e176f04a95624826eb67bef14d1aec396
+	reseed counter = 1
+EntropyInputReseed = 23f740adb634a4a849cdfa0dbd8a2dde4aeffd45e220022ef50ffa841bcb0900
+AdditionalInputReseed = 5f632bec5a1d76b89e2f73f2f386e6a877fe4b32f63330e76b1a66c7501dcc78
+** RESEED:
+	V = b9bf11852fcd529a67cde191ee2a13cf42e03ebad378a3b6ccd4927cfaf5b3680185e50fe5f0cdf61cd86da47bbee5760e99dda3b0c5cf
+	C = ec7b5b6e17ce5c6a42f5ba6ac69106e64bb38e8ddba9e70a3cc1b907a83c9a57a184d0847a94c409aec05eb16c1ad18c8cc93f92ed37a1
+	reseed counter = 1
+AdditionalInput = d405236d30f51951e3c94368368d6df335113b36f3221f8f84bc5dd0d1b86e53
+** GENERATE (FIRST CALL):
+	V = a63a6cf3479baf04aac39bfcb4bb1ab58e93cd48af228bec76c522bb3506fef4aafb838126ca9ccfcb66a034261b57ea40a4d564a43b2f
+	C = ec7b5b6e17ce5c6a42f5ba6ac69106e64bb38e8ddba9e70a3cc1b907a83c9a57a184d0847a94c409aec05eb16c1ad18c8cc93f92ed37a1
+	reseed counter = 2
+AdditionalInput = 50d9f7004418b1d0860597abdaf2f1b07cbfd8e62ede69f70c917f0ada2f46fe
+ReturnedBits = 517d565484f879428d020e8021e36fc58b24e951c6bc6a3b553175430d5f5b45df65b7ba98421d6805b0eeb80319c081914582705d8c67f8be89a3ee6b2ee175e186a49f8cffc958d355ba5b133125954825b04eafef1cbc069e6b132bc385c52055d5aedf6f185de20afa6f3bc470a040eec5b304aad006b11e0e2567359610
+** GENERATE (SECOND CALL):
+	V = 92b5c8615f6a0b6eedb956677b4c219bda475bd68acc7495a9f0078f79a396850264dc70adcbbd4b60f397d21a64ea71681d9221d58394
+	C = ec7b5b6e17ce5c6a42f5ba6ac69106e64bb38e8ddba9e70a3cc1b907a83c9a57a184d0847a94c409aec05eb16c1ad18c8cc93f92ed37a1
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 18f68ebd74c499a71f3a06b5a60cc55f2db9c9f2b64e8581d68d086e77acb28b
+Nonce = 2f9dc7746348fbe399625bbaffe32455
+PersonalizationString = 6b8cc4c861a908c19b61a227e9889b3120751a219dcd6beb3b633ecdb6870e58
+** INSTANTIATE:
+	V = 74d41a419c4ead6041d0c8e5433123792dad7ce8e95b884355c87985deb5baab7c2721c509db8c7a9ca0bcfceb7cbb7f5fe616502bd911
+	C = 1c27740504d398dd9b59c6d661681bf3c399ba99c9eaf720cb305b8a523ec2495484848a9307d5dc3bafd4fea35b7dc7bff9bebdde79de
+	reseed counter = 1
+EntropyInputReseed = 17e76e390642206f33f29bb19361b8fab3c674c16a20ea2410789e69fa4aa883
+AdditionalInputReseed = f90085669d488cd17d66a35eebcf5dd05efbb4c6094d0e01c6fd46a81f655795
+** RESEED:
+	V = 6d49b3a745ee3c1a719304a6bf55fcbfc7d5a7a1750f9d3fc26320dad7252b31e51bf66cdd55123fd7f9d20e15d90ad19333699742bc8b
+	C = e0f33b7294ee2206c7e7b354712758eaee94fae8cecdb7fc72e5380f45f40eeea5e6f339510de71733f7a6f6a04e47db1193d811f42541
+	reseed counter = 1
+AdditionalInput = 4456e8d93d1e7363f903ca9df29ec3f8336a9c62e37b0df6bd391b545af0b372
+** GENERATE (FIRST CALL):
+	V = 4e3cef19dadc5e21397ab7fb307d55aab66aa28a43dd567fd1891c614821ac8b9972b7af08c8c93983bcfc56e5bfd3c6c93261fc890166
+	C = e0f33b7294ee2206c7e7b354712758eaee94fae8cecdb7fc72e5380f45f40eeea5e6f339510de71733f7a6f6a04e47db1193d811f42541
+	reseed counter = 2
+AdditionalInput = 00335103bf87ab37763261207d63f3915c1cea0f9f00ac9ca96f21c374e06d55
+ReturnedBits = 6207ad87eb092a362382ce8b903ba9434e213d49bd52ecd78192df1519bd12db0a6e4aa6fa02da2571da1f6e0294b3ef3bf534da8adf7edcc30b6360e19705bf2d6cd494ae8a5da3fc77032403ffba42d4e1e1473a2ab16c1493675739551ab1ea5aca30c9498b5c7d45e3a8ff9452669afd4e1ccfe32faa461a33502f68480c
+** GENERATE (SECOND CALL):
+	V = 2f302a8c6fca802801626b4fa1a4ae95a4ff9d7312ab102b218b8027cfc6b8ab86428361ce4929709e78b3c5be1618a7e394cdd214b64a
+	C = e0f33b7294ee2206c7e7b354712758eaee94fae8cecdb7fc72e5380f45f40eeea5e6f339510de71733f7a6f6a04e47db1193d811f42541
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 299878bd3ee2af42fdf4ccee414ba7a2df7d35d9c2fd44cda4d897b1d9204c09
+Nonce = ab938037e11d95fe1456ceed58d4f9d6
+PersonalizationString = d33074a5f01a93be6fb78e43cce0d178351ba7a18a5c581699dd8f03a00bc07e
+** INSTANTIATE:
+	V = 4dc9650ad75b63409dc95de83d733064e174a7cde789bdcc827a3c1d1975b15055de365ad8f5fdc9a49738ca0a63bd035bf6a4f64e2e08
+	C = a66056f5c3c557c413b0342f36d0efd55ffbe78c9ade307d50b5ef20ff1c8ae26d8a36666c6aa32d323aa37a6140d4afa21090d20c3a51
+	reseed counter = 1
+EntropyInputReseed = 04449840d91afcc2f16ea5e025e3509bf1599e8932c22bf4fda6a0e95657cc47
+AdditionalInputReseed = a723eb227ec6ad93dffb0b3d4b90b875b677d75bf083c5c8acd36eb8294e03da
+** RESEED:
+	V = f7f6631190abaefd0b39050e45d05ee8707b72c4b482c0abc3677be39d69c72171b255a27d9eaec844426f2353e97f8df036e085c10fc5
+	C = ad3e2f5448d5731150e2bbdafb83a177a29fdfb05fee0f133d0d4ad575456548f73ed0927514e28d6b7dfdaef8abb199c1efd5f6a912b4
+	reseed counter = 1
+AdditionalInput = 26d294ddfb0acb9bb4d12c7cbfe9ffc7d187a98543d9a891ca6279a00d100c65
+** GENERATE (FIRST CALL):
+	V = a5349265d981220e5c1bc0e941540060131b52751470d19e03b505df6e3e70140f42a1258272ebe68b9798d5f0687a8bdcdffae77c6974
+	C = ad3e2f5448d5731150e2bbdafb83a177a29fdfb05fee0f133d0d4ad575456548f73ed0927514e28d6b7dfdaef8abb199c1efd5f6a912b4
+	reseed counter = 2
+AdditionalInput = 8c39dd962346f1286ceed3641e8a8c94dc5047f2350c587a474baa3590ed99f0
+ReturnedBits = 4f83430e0621d23011b499ea8028c6f702c56bfa4acc247f88a72fba678d15db5cb8c9ef48c64731078245129461ad0c99a8dd82e1b5526f27d6ad23059d3f73c5aac778561841e82eda0ca9648a62568d1d695073a9eea4cd4f7d709a1b48dc8547ed00ba8f1705e93649d843a8bedbc93f50b14cd0fa5e845111d2c4107a47
+** GENERATE (SECOND CALL):
+	V = 5272c1ba2256951facfe7cc43cd7a1d7b5bb3225745ee153ce419665484b7274888c8daf2d567871541c31fc7cb613d9b05ebec8bb5fd2
+	C = ad3e2f5448d5731150e2bbdafb83a177a29fdfb05fee0f133d0d4ad575456548f73ed0927514e28d6b7dfdaef8abb199c1efd5f6a912b4
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 1a0d0a6abecc6b61b23f5a611569765723cb882ad2053429cbdc3280e78a4283
+Nonce = a92f2939b8aac7d6e44165c956c65d8e
+PersonalizationString = 6d0be76157a77c6fb7fdeab164c1d9c288154fd58aafb1f13d9250d70e03d4f8
+** INSTANTIATE:
+	V = 98d22b9d6b707401f3149bbdb6d5f92e19b6e3fcefa75edac1136ac5fca0a76a8f2aa89d84a9e752773fc6390781e135d26f9d78701af8
+	C = a38b7dbba2177d43c74d24b99490fbc06af52d1421a6e4e5f1754e39e78e4d5e106086769d2e5318291cda593519698f43b0e67951143f
+	reseed counter = 1
+EntropyInputReseed = f271cf7459e3422b7790c69be2db354b99acb0250572e0d9cbfc2c8d2e2e826d
+AdditionalInputReseed = 65324b5b990e196334be868b73ff1379d6e2445149d83714460ffe9feb0c2aa5
+** RESEED:
+	V = 9959e478b55f7bd3de3f127ecbb87f9cb917500470d882dc5c4705b65729f1053a4c79d19469e66c4a502869ca12027d99abf788a95c7b
+	C = 641d29efd36fe84d1ccb3e5f69b4211af384271acfffee25defcce4d27912e11dc449dfcc188fb8ab5e8e5f6308f71ce551ddd6370c694
+	reseed counter = 1
+AdditionalInput = bc94148f4c78ba3ad3da777e7b1acaf7569ef97a4ddb47a57b67ee1b5dc61149
+** GENERATE (FIRST CALL):
+	V = fd770e6888cf6420fb0a50de356ca0b7ac9b771f40d871f5ffce01f0bc4c05d470f524de92db8fa4684e37ac97ea3745da6f0e6e1b5859
+	C = 641d29efd36fe84d1ccb3e5f69b4211af384271acfffee25defcce4d27912e11dc449dfcc188fb8ab5e8e5f6308f71ce551ddd6370c694
+	reseed counter = 2
+AdditionalInput = 28152d9de7bc9df3a5a1bbea96e4e16e5c854bf7a39953a00eff1e91d6dfc503
+ReturnedBits = c6c158b3be20aee57c527cdd793be636220883ac8145b1877c690aaa0f0ce05485d94a6936c946b48f03c8e626b5ab1d7e05fe276727047c0f54608e7000edc7ed44ad3d4a6bd084dcf716efc93740397d55e294e95b883a696e7d8e40c1d5103fb184c0c8663060059fd25ccdc8d78e658b82f20ac6ee1efe69564975074801
+** GENERATE (SECOND CALL):
+	V = 619438585c3f4c6e17d58f3d9f20c1d2a01f9e3a10d8610299169ac7f5dfdeb56cc4d9d039db6cfa47c4a7b1302a5af7aed36e9e28b3cb
+	C = 641d29efd36fe84d1ccb3e5f69b4211af384271acfffee25defcce4d27912e11dc449dfcc188fb8ab5e8e5f6308f71ce551ddd6370c694
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = be17b941700a83f584fa2ac66ebae2397e2bfb409d7438610cb1b57f03d88244
+Nonce = b531698feb71442c2daa1c3d58cecba9
+PersonalizationString = 6751369d7fb8012f360a6feb5bd240f7c9fb506a09d1f226c3247058e84b3d50
+** INSTANTIATE:
+	V = 287a7cec30248019eab0fe76d3dd4d79e213dcf4d7b97fbe02c2209e7c5551c8d9b61f3c52d463af9ce857629f3dc3025dd2e63a7c62e9
+	C = 33177a626989e231e1985a47a1de4eee07a5422a75a03a83b072d6ad8bc8a3dcf6543dffa6adb0cd50119d933265a1bcd085c23a42dd7c
+	reseed counter = 1
+EntropyInputReseed = 446c936826bc1c722fcf8781345dbdf198143e15a0d7d06453e20362a8ef9e2c
+AdditionalInputReseed = 2da333a622a82e04c15d9880002b6e9a3dfa7375c9d7b39f04a7c387b24f49be
+** RESEED:
+	V = de6a3f541cb8c26e9dd675dbe0b46f0572edb7c878f90e7fb8ca3c818e4a51a6a2c008a4feea9c2b30238584a232969a6832894f59e53d
+	C = b1eb096de2f15e9159cb71d5eded11e12dcc5796b0100b8c8ef8d3c3803ffec916978c3c36b6f4f51d75db166bdcf66f5de08d981e0c64
+	reseed counter = 1
+AdditionalInput = 92d9c9181e2b61179e81e5596d87c36cf19be1caded08a61e8fe5846ee396d79
+** GENERATE (FIRST CALL):
+	V = 905548c1ffaa20fff7a1e7b1cea180e6a0ba0f5f29091ae514d4eb6cbe401b87edfdbc87f659fe292a9cbb6c9f645b46aaeaa86f66a10c
+	C = b1eb096de2f15e9159cb71d5eded11e12dcc5796b0100b8c8ef8d3c3803ffec916978c3c36b6f4f51d75db166bdcf66f5de08d981e0c64
+	reseed counter = 2
+AdditionalInput = 8f9021aa420e3f1ff0637b1a3e044aa563d0a2195c6c24f2bc568ee603a4899b
+ReturnedBits = 337946786c72f86628e80df7d4d76a2c7a6554989e6b8c3b36d0abe1e1817f318126fcc6effe7c90373ae7eb06d5eceaa4064625a30ab51ce684bff6a21e64630450e633456d0afed27e6448ee8980f2c88cd4d45af51ada29ea029d7858ef8982c5be6d9f93aee498b7627da1639fc636c7cf8688b62f9b7794357b5496ec88
+** GENERATE (SECOND CALL):
+	V = 4240522fe29b7f91516d5987bc8e92c7ce8666f5d91926e4af64a269b81fef0cd552607c29f2cb697e50fac0a267f2d07e93660c06497a
+	C = b1eb096de2f15e9159cb71d5eded11e12dcc5796b0100b8c8ef8d3c3803ffec916978c3c36b6f4f51d75db166bdcf66f5de08d981e0c64
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = afab84e28344f7b4f5b069add940d3f99e399c82ac9f0655a330068fcff589eb
+Nonce = 059cd73fb7a2f50cbe9cb404fec8b0e4
+PersonalizationString = 6da5e7e2c657b6a7687a5796581de9942fcf6c866c846d689d94f2629cc5ee26
+** INSTANTIATE:
+	V = 396b6a95ee45123120a194d76365184d1ea233930f3967bf09b9468ac147f31af5e9a7e7269f355615d3439331652041d5bdf961be5e26
+	C = df4e64983a3b6e0a3d144776ee7e1929a01aed9fd141bbca30b54442fecae8d4f3eb8e3ac2855b5cec0072fdc7c649223a3cea124e1e93
+	reseed counter = 1
+EntropyInputReseed = 9fa6f7561d65898702601fe482c38857bb890dae7ed7b682cb8d8e4f37b7f782
+AdditionalInputReseed = eafc8bbda5495f10306d2232e9d5f34b5140a197fad8c057a085f04c7d2f9221
+** RESEED:
+	V = a7e6c1ce1479131476c9ea9050869a65130997d5d379fec6da9370914b376bfdf5ed803df05234fb236ddaf5c07a4f7aa61b623ed439c5
+	C = ce428bf76a9aadf5301b1174349cb08ff7e8bd6def663d70291b15b27afc6dc7412dd5c2330c98ee7134fbc97533a8c47ebc8399e130a5
+	reseed counter = 1
+AdditionalInput = ea96ce4e296fbd07681b1899bd8d45bb9d015e45b6329fded54e6d6f9afdfbca
+** GENERATE (FIRST CALL):
+	V = 76294dc57f13c109a6e4fc0485234af50af25543c2e03d2acede3caf0ba31665d6ded1d344438969a5b716e6539c6719266d7776cea4ef
+	C = ce428bf76a9aadf5301b1174349cb08ff7e8bd6def663d70291b15b27afc6dc7412dd5c2330c98ee7134fbc97533a8c47ebc8399e130a5
+	reseed counter = 2
+AdditionalInput = e8da5fc94446a348641343cb83a31692e3161c4e7eb9d2776c88d9dea9cc1a73
+ReturnedBits = fa4f9ac8516c13f1dd63bf0d2780bcfe97530f4dca043324ad67d7ba17a8ec9b85d3340ef7904a8957d4d46a734af04ed10783eb9cbe8a857918b4c57e306b4630dd565a3e2f6b43eafc6a287aba19c34e91f9d6de7ce061608901df32f1d9e4dba664cde80f8e37cb3fafe2ddfca3017d37ef6b6028d03a9dedef65a80ee0f2
+** GENERATE (SECOND CALL):
+	V = 446bd9bce9ae6efed7000d78b9bffb8502db12b1b2467b33d73045d13a35f70aaa744094fc23b734f91da8f8324b833704bd312737400d
+	C = ce428bf76a9aadf5301b1174349cb08ff7e8bd6def663d70291b15b27afc6dc7412dd5c2330c98ee7134fbc97533a8c47ebc8399e130a5
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 40da1c95ecc20ec9e2e2278c40207762006fd2b5e1dc5cc821d2325f0541e5b6
+Nonce = 6197e864ff069c5a059a323f2147be65
+PersonalizationString = 9d3dc781820012a0908c4aa43f9006af5f160cae2b4cfbfdff4dd35581c8e2f4
+** INSTANTIATE:
+	V = 336de3b33b88d909a5db2c36b00d2166ab701d33e34ab8e5f996702876623a6f85f331ebceefa98d9c8564103a77a576fe1fe8da3f1951
+	C = 069219811c6effe3cbb9af7fdd11e477d95865d54d969a123e61676c033c230a041eb7da9a000cf3fd49c62280d8d75c2e61e4de48c680
+	reseed counter = 1
+EntropyInputReseed = 60514a033a2da73f0eb6f532bb316dd4c48b4b3f2d7c62fb13fe241d3071e5e7
+AdditionalInputReseed = 1233906d0a92403f3eed5770744cb742880d28c2d523924907f3d30ceb4cd9bb
+** RESEED:
+	V = 74c94a5c3f228150255ce55f0a65c8e7a93619c4cc147fce2c804cce69aa1fc8e28866bae81986f9d774258f4326b3f83b8697010b1bd5
+	C = bf44fc1775e8dc992f03a9618ce36e43cd4ec906f7223ecee696e1bfcaa526c94ae2d35df4858501ca841646bbefed8b1fb9b4d3f9ce44
+	reseed counter = 1
+AdditionalInput = bcc4dda285cff30cda51832a8d320f885c887ab081c1c8bd53a1d68993026f25
+** GENERATE (FIRST CALL):
+	V = 340e4673b50b5de954608ec09749372b7684e2cbc336bf30f3ec389f875af0d12e3670ae47999baf8b166f60557a1d20b3a1ea58082fff
+	C = bf44fc1775e8dc992f03a9618ce36e43cd4ec906f7223ecee696e1bfcaa526c94ae2d35df4858501ca841646bbefed8b1fb9b4d3f9ce44
+	reseed counter = 2
+AdditionalInput = d579d4178cf490d2d7738290834771df387f5256204a575b5eb2fc4da3f9e91d
+ReturnedBits = b98e479a117e8b34e6862269515563641ea6953bb7e6e44165c03a9b5e0f24d4c333fd9e98d7e73e3512db8b36a4d49361f736c75dc0b252bea84b2b7ce42069336c4bd30a77d65148f5305ed6292e672aff77f9f1f4effd7ffc92f425f4505835e9e1868ecd8ea93f0deb273ae01e63969b673d88c44c11db7d7da46f875c6b
+** GENERATE (SECOND CALL):
+	V = f353428b2af43a8283643822242ca56f43d3abd2ba58fef724eee7a266147c5f3b8d304d364e9c324882f0339c1283ef2a43191d59d8b6
+	C = bf44fc1775e8dc992f03a9618ce36e43cd4ec906f7223ecee696e1bfcaa526c94ae2d35df4858501ca841646bbefed8b1fb9b4d3f9ce44
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 2d3e072e78b3d5af2d60424b37a1ca56b24ad1b1fb27a9c327db0651cb75341c
+Nonce = 147d214920513cd539ce383f810d9551
+PersonalizationString = 
+** INSTANTIATE:
+	V = bd9fe59036c728dbe30392569dedd9cca0cfaf9e7be20745e28e3a86615149caf4d970062c59b8f0ae7235f5d52762820ce6443cd313289d1c84e1b0e12ee992435008dc32904ea28fad4abfa00ff54adfb7186cb4d335b54ceff76b1992ae1ee3997054e76f88108783744324df96
+	C = d2b4ad747db0dafd96edded2a41d9cb7e189cc727066da2d1253a6818ce97870cd3e07de9736eec58536a271e1955931e4bb7832604ea487c3fbb5f510c465e9985ef066d70631d4b98e77dae9b6397103d6564798a6320d9716a6826945687a3557be1132a1a23007c89c362a52c3
+	reseed counter = 1
+EntropyInputReseed = 7597a56fdbaa0cb66cef235ccb6bbb423ef2a2f19e5a65a7b86dd11d0cee6cd4
+AdditionalInputReseed = 
+** RESEED:
+	V = fbcb667f386b611aadf6d76999427af0adeabae5b4b2898bf37a57554f6dbf0758b2095f4b4f06415c8a06f27773cf0f7e48b8c41eb5d7d4d48f628067c773f7ae0b9e24adaf4999b4330d73b0c9340f51b6e9e6f2e3f3d43fb8f4421349bc4e05c4e09202124b76c83b3ecf821f30
+	C = 46c505af058b37dfd9f59932ac17048fb307ffc5c27195d8bacf5521f811c1f157ce7589258ef328a55f3aea70e4ab09880c59f55ea211681c18584465ce1732503d991566cb3651ddf5a59fbb3ac82399d358226e94204c1f5b712dbb7aa07f1868dcf0278edcc37708102bdd3b60
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 42906c2e3df698fa87ec709c45597f8060f2baab77241f64ae49ac77477f80f8b0807ee870ddf96a01e941dce8587a19065512b97d57e93cf0a7bac4cd958c1ca086254c329645369fd5f46d3907eda0be1c1e1243fbf3a30fa70edda40b7e81c39ea329990dfc9a0c249fd3b4f93a
+	C = 46c505af058b37dfd9f59932ac17048fb307ffc5c27195d8bacf5521f811c1f157ce7589258ef328a55f3aea70e4ab09880c59f55ea211681c18584465ce1732503d991566cb3651ddf5a59fbb3ac82399d358226e94204c1f5b712dbb7aa07f1868dcf0278edcc37708102bdd3b60
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5d3d1c5ea9e8c219d43511288fc65dbc1a2f6284c59b26d4375f156b75d383d01ac6773cad41bf5b6d9fc41416933c0459f9b6d481412e38e9dde34cec3529a313d2e7815bc5c29a550dfd6be3365d0f8fbbe3a33bc07b6b96351834462a2e624d4ffa0bd1bf9adda378f4ddb6d4f6a99f7e3fa2556e52006b40fe9caa30ff4cbed3e574e2b3752680ce7117ab880dd3890be9c19f6442b0e2e04684e05f4fffd90f97112f0766a589ed82c07af7cba239c36a3d2bf52a25df2c84678556cedf
+** GENERATE (SECOND CALL):
+	V = 895571dd4381d0da61e209cef170841013faba713995b53d691901993f9142ea084ef471966cec92a7487cc7593d25228e616caedbf9faa50cc013093363a424e8e24142aff71616c8b170d37b7a7a4ef1cd0c16766ee8b4af40f5005b8255caa42f6d5d17bf67f7e6d11a49b363e4
+	C = 46c505af058b37dfd9f59932ac17048fb307ffc5c27195d8bacf5521f811c1f157ce7589258ef328a55f3aea70e4ab09880c59f55ea211681c18584465ce1732503d991566cb3651ddf5a59fbb3ac82399d358226e94204c1f5b712dbb7aa07f1868dcf0278edcc37708102bdd3b60
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 7d1214060baee8c87c7d1fac9ae734f3108c0a72060fde971afd70a5281aa08e
+Nonce = 7eec3656357ffbce815e77eeb114c347
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5d2580fb71a2654dbe3e0f410cb9663837df87603e9905daa13b28604bccf05db619bf43b7be649f40bb72122fc85515e02a712f7b1a8de969b00b4faa8f52fcfd6b3317f3428913b67c0873a1f675d2756acf0cc97aa81cdcf2dae1fd23fc8d8a2709eb32bf908593edc94d43809e
+	C = d723e82dc85ede8c067b122bf95ac02ae6124624753f3d53e04d7372c455af4772eea88af003b1bca8808085340529e8d75ffd2c6344d95a94a2e97f8a23658e5012d1413911e7e045e3bb33cb1507a5841b3551f3ac2cac036716003ce1f4e3aa1ced2df07c860aa02b8608952e94
+	reseed counter = 1
+EntropyInputReseed = 6ac3d36724ad82afd5a9c9e49299a706a0ca2e4bf399c2d220bd20985bd8f39d
+AdditionalInputReseed = 
+** RESEED:
+	V = 34e6f88e3ca82a68c70dd5c015a73d99ca8cedc0e7c155ad5fd70b849fcb88c9e3c871d151aff07956595ef97cf318938bd896fcf121448916ebd9e140091ad967879e0e1dc0e4a7088a5e1e6442678e7ed5e9783d482600e307f41d4f762a55944ded3152320eabd371b9dec176de
+	C = 6ada7f5ba6eb1026b451088886fd08a8cbda774f2bba0b61a58da6e5f5d2814e25fbfb528acf5bd12f4e9883c10cecebe6a37e2d1bcf064009a0fd0ffb362cdb142619618500156b243ce84d89bfb627e56a273d8ded5080b0ae4144b6d1a972bb51fba05ba42a146d3b6bdac8030a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9fc177e9e3933a8f7b5ede489ca4464296676510137b610f0564b26a959e0a1809c46d23dc7f4c4a85a7f77d3e00057f727c152a0cf04ac9208cd6f13b3f47bae7391eb8d3441a15654b74325cc1096efcf82cef8bc48597bce9a80576d7c70676edd0ffe65c0631fb2f0fa92ee8c7
+	C = 6ada7f5ba6eb1026b451088886fd08a8cbda774f2bba0b61a58da6e5f5d2814e25fbfb528acf5bd12f4e9883c10cecebe6a37e2d1bcf064009a0fd0ffb362cdb142619618500156b243ce84d89bfb627e56a273d8ded5080b0ae4144b6d1a972bb51fba05ba42a146d3b6bdac8030a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1f7787142f1246802223ed7386683a20ae8fe62fbfa923800fa8b94873fc7ef2cc5490d56a3ec070fb6caa0dce5db5b2709dcef5f36b55e06b83faa4b6557bcd2b9208215ef9d22a1fe9b5504d02a18db05b18bd6cea91767365b4e7696f8bb064a79000e63b3479bfc8f7060cff2aaf01ec87f58ba02c06a32b1f81c1d9a83300890d17dac3f76a63ee733e1332be959d08addc49961ae19df69c39560e6b59d65d5f5457b8bf5b1ec77d0003926765fc084214e8684045e5dd91312b88afd7
+** GENERATE (SECOND CALL):
+	V = 0a9bf7458a7e4ab62fafe6d123a14eeb6241dc5f3f356c70aaf259508b708b662fc06876674ea81bb4f69000ff0cf26b591f935728bf51092a2dd401367574eac6e07a8523e8a9879647376b6f55ccf5570f6fd40ad118eebdb57e3ca6a51b5c067502d5fce0da1b0b17626c93278c
+	C = 6ada7f5ba6eb1026b451088886fd08a8cbda774f2bba0b61a58da6e5f5d2814e25fbfb528acf5bd12f4e9883c10cecebe6a37e2d1bcf064009a0fd0ffb362cdb142619618500156b243ce84d89bfb627e56a273d8ded5080b0ae4144b6d1a972bb51fba05ba42a146d3b6bdac8030a
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = faa384b3da916061880ecfd8e8a87da317a1eff2fbb1a3369d3bc98f725d446c
+Nonce = 050861f172c57613861c4b8e1f5d42a2
+PersonalizationString = 
+** INSTANTIATE:
+	V = fbbd8d6c6be4789a0a3f79614f1d8a7f03ea4030877a464f0fa84a131433b63b94b4e8b0f9e62b06bc446019e82cb69ae7a5751ac512ef3f6e86de7dcf87c897d8040159e48083d6a83bb46da0bb91cef439423cc8e41489f3d9fe3d02a12233210d4d976400083c4db39bbdc63cbd
+	C = fc315cab8379eb28338d201fbe09f24135b695442b594cf1c8b832340138989516d1724406e22e2a8e23fb8c72eba73c7f4302992a93c92b2013453f6d00d6efa09d6c1afea7dd73fd02ffb7e3ec7ce646b7889c58cb09f4c12d52ad97d1dfd0e330d441f24eec2223fa13b8cfbfe0
+	reseed counter = 1
+EntropyInputReseed = 833770cc3ee64c56cbc284db6a746dc232d278cc8ce1c5fe5940b18d8855caea
+AdditionalInputReseed = 
+** RESEED:
+	V = f809fd5f2a65a83b7f7415756d082e2398681b3578b07c0b201ecfdbb4b2a0da4c472d37b4f21e4b9f22766981f7d558383ddad66d819756f3abbd09d5bc5dbe2196457ce159ec825fbf013e029160a4257ef30e7b1706a55a1d9536fead5273ea9d06e0fcf5494e738ee16c5ab5be
+	C = 5f8cef335365f643518242cd8ffc2d78780ccf5140f5f48ec07d15b183439e6e6e64be983102127f569d2d840d04992909a88341bb218425e6750562167256cbed6f2e694b4ed711a79a6f2cac8b0880c2f8a93c94574498995e9d449c2b4dfd5a72bcf078cb3bfb2dbb6f6ab67908
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5796ec927dcb9e7ed0f65842fd045b9c1074ea86b9a67099e09be58d37f63f48baabebcfe5f430caf5bfa3ed8efc6e8141e65e1828a31b7cda20c26bec2eb4f3503a21f2dfb9cbb50345edf7f57a117ce3a576e9d840d698780ebd92608600486eea4ca1bc7b829bce6a3e07b56ed5
+	C = 5f8cef335365f643518242cd8ffc2d78780ccf5140f5f48ec07d15b183439e6e6e64be983102127f569d2d840d04992909a88341bb218425e6750562167256cbed6f2e694b4ed711a79a6f2cac8b0880c2f8a93c94574498995e9d449c2b4dfd5a72bcf078cb3bfb2dbb6f6ab67908
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e77c5c2b457626db18d6c28c8fd61e8cf1379739f8164a773f2d0e67d5a218dc455fcda374d84b6f1caddc8514bd1dd32b75e9135fc740cf8aea0f2e33adf4fa3e1b5f3181329f75a8dcfae79c737ac67961912b4fae9d92a9f8f0f6c1f8af031e7615a80b512d9f965b6484944dd74ad9a3bf9d035cac28b533f482fba3a7e48d958c6ce96892fbdd54af9f02f61242d46ff73185ca5358e65730722f086a7e29a8a5357f91d19c89adc93d1f2130f3e1457cf976527724ccb59b65b7c3f21c
+** GENERATE (SECOND CALL):
+	V = b723dbc5d13194c222789b108d0089148881b9d7fa9c6528a118fb3ebb39ddb72910aa6816f6434a4c5cd1719c0107aa4b8ee159e3c49fa2c095c7ce02a10c595111a23869afbf77e7aaa80e355f9fea58bd6e266e0a26c5e6f8fbda45c88cb03f154eb993056420237aa07a8b3e4a
+	C = 5f8cef335365f643518242cd8ffc2d78780ccf5140f5f48ec07d15b183439e6e6e64be983102127f569d2d840d04992909a88341bb218425e6750562167256cbed6f2e694b4ed711a79a6f2cac8b0880c2f8a93c94574498995e9d449c2b4dfd5a72bcf078cb3bfb2dbb6f6ab67908
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 7ff504f2fb97cadfe571e9383a550b12804bd82c79a86b2b8f4843495cca0108
+Nonce = 18f772f22f3425fe1ed9274724cd9335
+PersonalizationString = 
+** INSTANTIATE:
+	V = 290f6cf52fa7ae65e650731c2deee11778357fe6e4e08368b0311fca3e31f042f8f34473cf9cf2e759f660081f6529f5b8312463d521d0a49d1ae2d50b04c2f5c64f08625d42311458c025cd54294c1e97dbfea8d82331a4de4e035915c0a17dbe6d32ffe5e0848edf5ae683f71a12
+	C = 0fae1c80192088dfe3a0fcb8e2e4e3fcc2978ce2d61f1540be75fb482c3d6eda5084868486da24b1f69ebaf2c45ef8f902b63591b87ce05d4dfd4bd04da07aee869966e64b788a8331e04141672888769cbd6f5552c9d1ddc4ca14c56ff677f381737d16d06de607d73afaf9b13f88
+	reseed counter = 1
+EntropyInputReseed = fd2b8483712ce920dc9c712a3b859e02832f988d6e555c8b33645684cd9b0d9e
+AdditionalInputReseed = 
+** RESEED:
+	V = d34ba68ed655094f6d43803cc0364c7f7f8af229663fb269faf6d71e0b2e955cb6055aae93281820a3cefbf4a39fd8f8d91a3eef52c58b3863311d868e34cb6c1213a0db62f4b3117c09fb8f5a70f23433810b755cce84d60bdf9dbda71feb8dc05ca3c0b3154dbba8208fcb3ee295
+	C = 3121a3d64786efcd6601a92f1d0d71c68cfc1b1924ff2fcc4c87725803a28d3efc2c946ffbc09b732352f66357647cbe123999f1530f9c7671c3050e7bff8f57f0354966de1b1a3c5279898a749f1a5a72acf189adf5fac6640ca5f90a173245c31e6dcdcb62eafc7cccbb357bc6dd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 046d4a651ddbf91cd345296bdd43be460c870d428b3ee236477e49760ed1229bb231ef1e8ee8b393c721f257fb0455b6eb53d8e0a5d527aed4f422950a345b42bddb62cc1a33c0d709aeb60cbb5125e3ad238ac9cac6894209fa6f1c751f1ec8962d26078ac2fa3bad605d49054829
+	C = 3121a3d64786efcd6601a92f1d0d71c68cfc1b1924ff2fcc4c87725803a28d3efc2c946ffbc09b732352f66357647cbe123999f1530f9c7671c3050e7bff8f57f0354966de1b1a3c5279898a749f1a5a72acf189adf5fac6640ca5f90a173245c31e6dcdcb62eafc7cccbb357bc6dd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7cbf3541c05343683522bf1e0a6f9e07e254d927c66dc1486804939ab52b79aa7dba3b4d4ff6714fb50f0d18c0829a43d57cb515534176ed33a7e218d4112c07f7ec84b35a1e34f02623c3a43b85c59c9c537abf603f7aef50479187f0a689e2ad800b84a627f652a8131b5ef1226c330989ab82d7315e097eb6cc753df846918deb7b5212bbf29af86d7f6e828c7c014207308522c56f6ff389f699fd3f6ff9e3ecd62390d6f8d7a42a8dc22d30efff45d903ea19938b4286ff4cc6afc38113
+** GENERATE (SECOND CALL):
+	V = 358eee3b6562e8ea3946d29afa51300c9983285bb03e12029405bbce1273afdaae5e838e8aa94f06ea74e8bb5268d274fd8d72d1f8e4c42546b727a38633ead12cda8e64205e0a2bff0b963a7bdf285555bfc4ba7e001542497b159b19dd9587f3094640cbec46be1a2d4436e08e12
+	C = 3121a3d64786efcd6601a92f1d0d71c68cfc1b1924ff2fcc4c87725803a28d3efc2c946ffbc09b732352f66357647cbe123999f1530f9c7671c3050e7bff8f57f0354966de1b1a3c5279898a749f1a5a72acf189adf5fac6640ca5f90a173245c31e6dcdcb62eafc7cccbb357bc6dd
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 330f2fffb6db135a8e72fe33bde9828911daf97578aa4f9ecd0de1e53094838f
+Nonce = d6f755e49d2b1f7112573179a17172e5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 86eb0b7f361b2c0ffbe4bd2049d9704a91239b3ea36dd06b92723eab7cc03ccc949565d5798655163921f39cb93d0a66a504e004845651bbfef16433fc00ae8d3660ef53b906da644a5dbc11d6d17b21725dfc47cd5f9c915e8b35b3654ebf9d1f8153b1857ec30a15d8f2db0b64a4
+	C = 7b1cb5bcde3d700537e85f4e5ec8bd1c7a4403c26d6770df4735912051bd77ec1dcb0c16dde52845470ca4cdf5effc91856c344bfa51d69ed94028cf47e6f0224ce923be7aaf530601d61a223a2b99454b9240e0a319491fda1a7f57d89d0b2f519f61ce096c138aa05e6e2dd83d57
+	reseed counter = 1
+EntropyInputReseed = d02af6eb4f5453d0c7c0811479244f6290d17c103407057e4585670bc3870ffa
+AdditionalInputReseed = 
+** RESEED:
+	V = 64534a285d0cc6b19dcd4653df37f4472e1dfb7238909eae0e303c2ceb2a2aaf2ab68817f1b411c26648147cdd12ca5b97340c1aaae55d5d464ec5f2795e2c782df0f9abf026289d19dc64a4de2c65717cad90d071c6c14e60b64b5b4901bc8f09598ca7603b028cb8e7073bc084e6
+	C = c4302dfa01e5ccab771b2d098308fcc5034549f7016a914708b99be17d79f9e7d2dd4383516a383251d9751d5acfad88768f26b0da6ff65957d77eb5b65776086c53a69e30587129f825c71ae51ea2a3e889466f02c87c0f2496bfc286e1244411a5d6c55e17344448b86dd00e6efc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 288378225ef2935d14e8735d6240f10c3163456939fb2ff516e9d80e68a42496fd93cb9b431e49f4b821899a37e277e40dc332cb855553b69e2644a82fb5a2911fc36608f8664c9abda982d81165436f97913e42f3ad0faf7c1b2fc5dedf7c5a66eee67ee504c9f32b4571b2f07529
+	C = c4302dfa01e5ccab771b2d098308fcc5034549f7016a914708b99be17d79f9e7d2dd4383516a383251d9751d5acfad88768f26b0da6ff65957d77eb5b65776086c53a69e30587129f825c71ae51ea2a3e889466f02c87c0f2496bfc286e1244411a5d6c55e17344448b86dd00e6efc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 97b2496582d25dcc45619286dacaec17e83be9e6355be8ccdff115bfbcf49429b41967bb8ec8ed9252f7c47b4610e67831a27eccdac5f1b42998378c8ee69613a279476fda00df80fff99078e0e23c1a4afd86fade421898aa1e917e17f1b4573644a1ef7f8c7059a6b27fe07cb41b48406efd11777aa2eb909e9609829fcb9e22cac9c9c65e76674784bcd0ea8a3a61a7f5205007901d7c3d9e6cfcd46b65c4b38fb792038abae76c5ef13391bd0966d59d9a408228f8606efd7a62d990419a
+** GENERATE (SECOND CALL):
+	V = ecb3a61c60d860088c03a066e549edd134a88f603b65c13c1fa373efe61e1e7ed0710f1e9488822709fafeb792b2256c8452597c5fc54a0ff5fdc35de60d18d908bf2195917a88f6cc29797ac8e13e2597bbc6adb8952fd4b430051fe8601c4e5c2a1598a9c00362cff29912e68a71
+	C = c4302dfa01e5ccab771b2d098308fcc5034549f7016a914708b99be17d79f9e7d2dd4383516a383251d9751d5acfad88768f26b0da6ff65957d77eb5b65776086c53a69e30587129f825c71ae51ea2a3e889466f02c87c0f2496bfc286e1244411a5d6c55e17344448b86dd00e6efc
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = fe21a45baf8d27cf2e96eb99d9859ca38e822ff6336650a52c81259e9a8afe56
+Nonce = dd45448016be4e0fe9322e43b2799547
+PersonalizationString = 
+** INSTANTIATE:
+	V = 554e3b587513a45d32cbe800c6008b2bb9b05bd9c7aaffb98fad41bf50e429acda1ee719578a7dd70fe8a673710d48c687bf02acbdbdfa71f2aaeb3c813437651c377331381d28c696152c8f59484256ff56c2628f06ba9a5e0578d2e8021132f09632ff943b40eac73a5b25e61457
+	C = 2a70aee99c9f1a929673ff6bbe866cfd4c4fe0e825bada10cd9311bbfa0aa8b324e1e48acba33a75ca8780303fc26ce2f43e43d28e6ceef15e2411e9db95e5dcdfdb89521fca3e48d62f86d81f9422462e432a8dea62e7b1ddebe35e28baf85929c6fe29e07716599050736bd99f1b
+	reseed counter = 1
+EntropyInputReseed = f6bcbfc74827b610e21bc7aff32d2358eec0ab2c51f0c95c2764d5588d8d24c2
+AdditionalInputReseed = 
+** RESEED:
+	V = 5dfc258355a280daf3188c518b6434b3c68f0175c2cb104093ebe8b2bba957d47eb18ad38f6ea894f7b54566e613d6eb50ff97ea6762a188d2cb16985c4d0cab5a605bd055873c7b100ba8b7432e4b64456293dd95be8679e83a233642674d4348abf33079069df3006da3062ae323
+	C = fa7a03557a76d209c93cdda7c9d0660aad74917d0f50edb408aaa019bd59b65c2d78af2e633acebb25aeaab3cfb3b2ccaefc12692dd5cc3b5301ce8f888188ac202c06aafe51a1f0186550d9c28ac6b0c70c8b89de02bfbe4c58efdc85d162490966b06f98df4510caac24aaa9c482
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 587628d8d01952e4bc5569f955349abe740392f2d21bfdf49c9688cc79030e30ac2a3a01f2a977501d63f01ab5c789b7fffbaa5395386dc425cce527e4ce95c26b08393d45ee631c76b91f66547d23d707e851aff28163801633106b6891de4f79997748d88725464e81ad1e9675d2
+	C = fa7a03557a76d209c93cdda7c9d0660aad74917d0f50edb408aaa019bd59b65c2d78af2e633acebb25aeaab3cfb3b2ccaefc12692dd5cc3b5301ce8f888188ac202c06aafe51a1f0186550d9c28ac6b0c70c8b89de02bfbe4c58efdc85d162490966b06f98df4510caac24aaa9c482
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cb0733a43dabfa4f7a470ff551f60cdd6db91eafc1fad0eae315e9c2f69c9fb90ee0c166a353bb68a73a03cc86d05a4b91da48a6e1df1dfaeb269ae5f99725328e023f58003200cd65d3a8788d5d5e3dbc75acee6a0524f4f788da5e2139a0f11e7a26c58eb9ac434f59c71e65244f1a25d02ca180ea3d4fb13f0c17015ceae4d1b71ddcb82c952bd3ef2058e60fc60c52140340897d7ef5f934be497a25fa8d4995d57d1bce85b1910d29636f5711847e4c5e97be03d58caaf4a7c8bcbd8c3b
+** GENERATE (SECOND CALL):
+	V = 52f02c2e4a9024ee859247a11f0500c92178246fe16ceba8a54128e6365cc48cd9a2e93055e4460b43129ace857b3c84aef7bcbcc30e39ff78ceb3b76d501f1e2e1ef86f8190f3d216e3bf974f575a0507baf4cd141ac783936f4d2568a19605359903c1a828518934aba61605b683
+	C = fa7a03557a76d209c93cdda7c9d0660aad74917d0f50edb408aaa019bd59b65c2d78af2e633acebb25aeaab3cfb3b2ccaefc12692dd5cc3b5301ce8f888188ac202c06aafe51a1f0186550d9c28ac6b0c70c8b89de02bfbe4c58efdc85d162490966b06f98df4510caac24aaa9c482
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = ff233baae192e5ecf8d5ed5df1f3edd21551af21fb721ab2befba53ae50998c8
+Nonce = 42f63fcdfb43fe201eac9bbb728d3f62
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8b26b6392485587886f7e39fee7b030d80d50a9d0f9e973e8135ff3c8b42dbad956a069692c03f84442bd640a425b0b8d5424736818a0d08f652665b85e137799605285336ce6cf9375b18517be7937f91ba778d47f075d0b1e611a8171c305ab06c91e392b89d51e9eacf85d208bb
+	C = da3c679a7b8535f3446600b2df76a879026456e0d21592256c6f7bbf0eabb0eaf253b0e732e77f8f92313ac99202f3aa63b4eac0634a227602ad22a8580bea307dfcb49a973c483bf8365ab14bf3624093bd68b9d1cea66854ccfcec263abae584891088037212dc1f5a3728c03439
+	reseed counter = 1
+EntropyInputReseed = f562458a50f08692f945b6264b9b8ff49c0ef68e8dbefb4bac080c5d54b7a9d9
+AdditionalInputReseed = 
+** RESEED:
+	V = 292eb5564c3549cc0a85d54aa31df99fa0fed97bd898e2a480535d73d0300b990c700195f4ca294f5393cf23a8d403ba1777ddbe50d0e3e2e0f9c364533bbdc0a43160b2e13c0bc42e55ccfabb1a4a392179f0ca9ca6c7380b962133005ce1772d4e2030b7d50dd3ea9961ac330ba0
+	C = f0040f66ee4a197a6004b0c19a2ae09a7284f12eb4eb0df33aeb9624968cfd9538d4604a4615b88dadb8543118d4a9ed49b471b518d013eef91e1388403ea167f2b3b7b8f2303de9195d4ce370f1e3e542a595bc8a10aa81d6d7bb28b08a7b90c8a532ee2bca155c31af248c6073f9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1932c4bd3a7f63466a8a860c3d48da3a1383caaa8d83f097bb3ef39866bd092e454461e03adfe1dd014c2354c1a8ada7612c4f7369a0f7d1da17d6ec937a5fcc369f69183613e6dab5bb161bcd097f149d1ead10ed1982553123d575c6fd843d318a1c8a8e760767a44a69b4a8e75c
+	C = f0040f66ee4a197a6004b0c19a2ae09a7284f12eb4eb0df33aeb9624968cfd9538d4604a4615b88dadb8543118d4a9ed49b471b518d013eef91e1388403ea167f2b3b7b8f2303de9195d4ce370f1e3e542a595bc8a10aa81d6d7bb28b08a7b90c8a532ee2bca155c31af248c6073f9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fbd2eb4e7c060d897d5dd661ee7e9f7639731339c08caa38dc472e730692a42e17351cc5d7051e7e75c381f802709f2c9ae3b39822d9426f467ac445c149cdb841fe1bd511294c3329e9a055f676aa0a0bfacb1aee841075cf710cbc9b31bab2b927f936f2288f608e98ac8dea6c6a2a23720a31f30a249cdfae64325ef5bdc40ebf0ca9375893591210f10375d48d7e7e490f4fdf2ed095a095d16b2df3c49e15f2984b5be300d0998a69a6aca7397f874ab73a8682e5150d1f2f03348b5c47
+** GENERATE (SECOND CALL):
+	V = 0936d42428c97cc0ca8f36cdd773bad48608bbd9426efe8af62a89bcfd4a06c37e18c22a80f59a6aaf047785da7d5794aae0c12882710bc0d335ea74d3b9021ee78fe3499876c75a31b01dfe90e6fd38ca87eaeb2e4d861abc0a5d7bd5d6f3c7d7ab91904f12384c20fea88d8ad6ea
+	C = f0040f66ee4a197a6004b0c19a2ae09a7284f12eb4eb0df33aeb9624968cfd9538d4604a4615b88dadb8543118d4a9ed49b471b518d013eef91e1388403ea167f2b3b7b8f2303de9195d4ce370f1e3e542a595bc8a10aa81d6d7bb28b08a7b90c8a532ee2bca155c31af248c6073f9
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 9dfa34bc831265fc31218da6eb8641df72972c94c0db3edc5c3c04b6592f8c49
+Nonce = a9ef3c675cda2a61c26e2f289812d1f8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 335ca8f2167a05be8ec0e59f2b7a02fe7cdf6e631e14ee6ef3e77d877fff01ea031a07c318845246f8fd5f2391ef4efd66c99467daf4794e29e6a3659784a23742d6fcc78ea477ea47f03ebedd48456f26cf76de3fefcb1d6f5faeffb3e2197ef9f95c177b14426d7874e411c7dcbe
+	C = 18248b418e83de850ffd9a74532a7ba63890079758527b9752ce3ef2c45f6062f7b1052cda07650cdf774b321b7ccfa3784e0c4693e6c206ec12200bb233e204a446558fc7716e22c628fcd6b4d56dad4f2cbe7a6fc710e188685009f7b073ed4e93295a3166dcf55b9bd7e6eae150
+	reseed counter = 1
+EntropyInputReseed = 1d68c34eb7939cb17a68c677c95d202d4de712c929989c06ff3375f214ba8573
+AdditionalInputReseed = 
+** RESEED:
+	V = 54c35c4fc8f0027e1f6f9ecd8c5256d04665df43d9fb5f84adfdcaea9306939d8f0a7020acda6abc7f64ec3d51cd4c955a9be253fd50c3c78eecc6d33979a921e0f1a0296ff4bc255440e879d0bc27b9ccc611ef9c878dd1adaa208811f1d75628b2d27fbe8d6b32afb8913f6eb511
+	C = de5525e2f354202e712d0e28e203e513e0e090eab8c7d19cd4b4ea99feeb1d1cb5c175862961288521e6f46c5b9a0e948cef4bf3ded79062a3cbfcfb0a9ad81ef56e4811329969830ada9a64fc9dadc4c5814affe1af44e6525b4de5737fc5a7346755eec3231a15f739c166f63bb3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 33188232bc4422ac909cacf66e563be42746702e92c3312182b2b58491f1b0ba44cbe5a6d63b9341a14be0a9ad675b29e78b2e47dc28542a32b8c3ce441481b82089b4b822c764fd2a266258c6818ca10f71d62706dff0fc270687997b15093dffcda14d04ca0b4c378fba16be479f
+	C = de5525e2f354202e712d0e28e203e513e0e090eab8c7d19cd4b4ea99feeb1d1cb5c175862961288521e6f46c5b9a0e948cef4bf3ded79062a3cbfcfb0a9ad81ef56e4811329969830ada9a64fc9dadc4c5814affe1af44e6525b4de5737fc5a7346755eec3231a15f739c166f63bb3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2bc5d40db5f22e00452a0394b7f12c25f967592c932331fe8f6dff8cc775f74d1b6fae6fd01f5c84ae590ac857b9b94d4a2305d46a76e03ce841160ee48ab0d136facca1478eb3f32f96e2c0f11063b2b3a2ffa5f0561f4f6a64e569601a8c208bed31d18fafa3ee4f5698eb059d8eb80c458082d791ed1e8ec54f75aeebf81956b25fc42f5b097f5ac6816354576798ec651a906cd14e1632cd60707598b93ff9b3e291f84cbae33d08b54d70b9e14017b81308919ee9bac38fa65c5978f8ba
+** GENERATE (SECOND CALL):
+	V = 116da815af9842db01c9bb1f505a20f8082701194b8b02be5767a01e90dccdd6fa8d5b2cff9cbbc6c332d516090169be747a7a3bbaffe48cd684c0c94eaf5a90001813bdc928e9930f3f46d04bc8d5b5a85b8e2351775ff5b207e730e4d40494b0bbf83c16d943bd5a1c62f3f17387
+	C = de5525e2f354202e712d0e28e203e513e0e090eab8c7d19cd4b4ea99feeb1d1cb5c175862961288521e6f46c5b9a0e948cef4bf3ded79062a3cbfcfb0a9ad81ef56e4811329969830ada9a64fc9dadc4c5814affe1af44e6525b4de5737fc5a7346755eec3231a15f739c166f63bb3
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 476afd970c078e389bc9eb391035c181f62761a7b170615930f178ec12a083de
+Nonce = 8a4777f06ac1fd19d563cbfbaafbc0be
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8500df8e74f751a7088423642c98462c51fb62a834b1e13de98ada0d3ceed0488a68685713c8675c0de7c4e6634585e2f79ad733a9860d55e12311ce19cf80bcb8a3112522ba72f3907838ed96a094a0b7031282791bd524767e906cc8446b914fef341d7b7fcd89abef941b14acd6
+	C = 6712ec8621c2036d8790c37442b43b7149268138e70f7facbc66022e539fff1215a91a1a19911554f8f451bff3e6ea2b489ff0558f9f258e6b58c03ec95118d04ba3652d2d91cd8d399e7c9dff48ddcc8cbf0d43ba33dd73b7fa0b871e9d4e8c48beefa3d6ea434fe0f6e96ddf2455
+	reseed counter = 1
+EntropyInputReseed = 9fea22c23e44b9c7789a5f8b87d8baaa6118a27f50dd719b982c5dd5a6a0dcb4
+AdditionalInputReseed = 
+** RESEED:
+	V = eab4dbe3a0cba143ffe4c049108e7f3d2128a392f314286aef98f9153f988e45a2b28cda9d0ef6605b467535fe9855b7f25f76d6c94271e6c6d43d29868db07da042d4a52c0841e3d5833e20b0697740f827698a4dc2bd880d3873184b1fd4906e7c8899f29d0d84ce350c4722aa87
+	C = a8316458e294e2431705869768f6d1a8dc7c5e30205de08f63e0ccccde15c77e4ab5efb4680205c8fda2b08867ddd701d92c30c8a0800c449b2993b17fe5ee993b739e4483f114f6495c2a50698b0bb52a65ac5caf5f55dd9e7ad7cab75eb11b8b1a47375bfee2652bc57c5db0ecce
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 92e6403c8360838716ea46e0798550e5fda501c3137208fa5379c5e21dae55c3ed687c8f0510fc2958e925be66762cb9cb8ba79f69c27e2b61fdd0db06739f50d34bd691724300a26a18de157763be09cee56dfd3913fa41d487ee7f3d1e8f410f8f4d064bf0f568cd1157318a0337
+	C = a8316458e294e2431705869768f6d1a8dc7c5e30205de08f63e0ccccde15c77e4ab5efb4680205c8fda2b08867ddd701d92c30c8a0800c449b2993b17fe5ee993b739e4483f114f6495c2a50698b0bb52a65ac5caf5f55dd9e7ad7cab75eb11b8b1a47375bfee2652bc57c5db0ecce
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4b6f8f0f8b36037ae84fb9fbfab67a5a4c298489b0cdf02d42bb06a768127a5a9e6275ae1bcbc346c3de1777ff2dfe21447444bc2f9f743afacc39f43290655d76603c0d4d2000e6f3bd8794abfbb03bc57c1bf0456f8947215d9338f3d69bc669614e0246ff439a84631c613c05b69a03a251966a23d0955e2af236a7b3f5998a72fc034e2b0d1f1c39887e8708430837d9f36e9f19a721b0b38b5c99695a21089588737cdbf8366331a86ccae547ac490767610515117a82133d4fe655e29d
+** GENERATE (SECOND CALL):
+	V = 3b17a49565f565ca2defcd77e27c228eda215ff333cfe989b75a92aefbc41d42381e6c436d1301f2568bd646ce5403bba4b7d8680a428a6ffd27648c86598e5a4cc641da751a17dc439a6f32225c9949bf26923835f24c994cb4709f8b424149937a59a3018ef2c75f8fccb8501a41
+	C = a8316458e294e2431705869768f6d1a8dc7c5e30205de08f63e0ccccde15c77e4ab5efb4680205c8fda2b08867ddd701d92c30c8a0800c449b2993b17fe5ee993b739e4483f114f6495c2a50698b0bb52a65ac5caf5f55dd9e7ad7cab75eb11b8b1a47375bfee2652bc57c5db0ecce
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 6e91a708c5d7a286b791d5637d4cac923c66f198bdf70d95bce8fa3c6016c460
+Nonce = 775040a7e125db0611fe84660e18fada
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4b50c93860f0002f5759c0e227d340c3298f5d6d2f2b24c2733b0fbfca2167142338dcbc0d380f1c7c60e25af09d236e048cf3af3c802a13c4faa20edeecf36b344537b81c4b450967189face6c75bb2318df08625c0c8353a563dc2f7686feb0cedde97d124ea5fc338cd2b029ae9
+	C = 57b680d5be96d3bc80d1e415216b15aa1fb3b6e809545ef025547a2aba584380fc038585839ede0ff813d2fd11465adf7e9bc77fdca241bf9abdfea281293156ff4c1c3285842b2071e5ca4c7162e3f0246bdbf48deabb8e8514a7d0a8867b1edd2ba882d116256862c8fe77e8edab
+	reseed counter = 1
+EntropyInputReseed = 400971cd873edefb83942183f81ca108532f05a8252917de1d64246112c5c676
+AdditionalInputReseed = 
+** RESEED:
+	V = 45d64e8f01f27f3578fe0e64c1cbb861446c5a9b98e99a736ad761e2dc489d4f37181fedd14ca1a442b5520a21348e8627eefd71f7baa8f9d12efd140c1a041d5c121911cc10ec24637eeaed21f86ad186c6542715338ac4bf2c419a601c3d6cfe1c3cf88b07d1d940d9e19cb4c503
+	C = e2950f57cd47925e4042787a23e7604927d2e0464ae568d006738cdf567e903464bcbc8320293e11364b1912174e8bc3d3e7de3c80b45b412b914ddeb7fcce8c342e97c3ce3117d4c7a59632948b4161ea907a40b5b67e066aeb4736eb1128d90bbf6e3e2b6d5cd8b1adb520f976c1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 286b5de6cf3a1193b94086dee5b318aa6c3f3ae1e3cf0343714aeec232c72d839bd4dc70f175dfb579006b1c38831a49fbd6dbae786f043afcc04af2c416d2e2e8bef9347ff0f98bcd2451131e246bcc35641bc299c91564d64b1e2f0fd510d083185b6cb10da74aaf4018877a4483
+	C = e2950f57cd47925e4042787a23e7604927d2e0464ae568d006738cdf567e903464bcbc8320293e11364b1912174e8bc3d3e7de3c80b45b412b914ddeb7fcce8c342e97c3ce3117d4c7a59632948b4161ea907a40b5b67e066aeb4736eb1128d90bbf6e3e2b6d5cd8b1adb520f976c1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 076e660f98db0064423a136f6f8f73c2f44d6295d635d6f1501431a5148133d4677c3e8e4cb5ab7645a1d723da69817b48380d514409e60e861253185d9eec26f12408d66553793ba335e863890aad4e047cd70903e3f79895c9990feddd6ab2525418c4a04e7e00f87c4ac84db133327a56929565db7e582b36f52a8726209f277af2cb23feea555ee7ce592d6d7e482476223193b0add5363cb8ba38be110c2388e0eaead771ba2ed31348e375c33f2ec23ca551261cdb32f7265be77181be
+** GENERATE (SECOND CALL):
+	V = 0b006d3e9c81a3f1f982ff59099a78f394121b282eb46c1377be7ba18945bdb8009198f4119f1dc6af4b842e4fd1a60dcfbeb9eaf9235f7c285198d17c13a1e17897743e703bb1a3faf0bf38dc635afdb151a955ff2b470f83c9aecc28f74d835cd1c09c764753ad9a1e8c713249d5
+	C = e2950f57cd47925e4042787a23e7604927d2e0464ae568d006738cdf567e903464bcbc8320293e11364b1912174e8bc3d3e7de3c80b45b412b914ddeb7fcce8c342e97c3ce3117d4c7a59632948b4161ea907a40b5b67e066aeb4736eb1128d90bbf6e3e2b6d5cd8b1adb520f976c1
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 6f828a9e17bb2f269c10e8685f053de21d6f44e6fe4fe28579fabed15af2f7a9
+Nonce = 11c0f06c0cd4ed48fcdeb0e4f5d87d25
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8541c66c612f63c77a7a16d0c43d944e3d85e5a1583056439fcdf578aa8ed878e5ea328c80c33dd5fa73238b7695f060953c2653679219b75363ea57493f160ad32b05125a4956531124e406185c8a4849bc28c11d37144cc96080e773526d8d866f56d577f7f62b6d53671ab34154
+	C = 9a7ae359b2abe4ebbb826f2a49b59e127c9c12ac0fc2b684578c25d03666779b8394a47bb9adf1f1e43b403670fe8da21d27a53e739eddb9e8f25fcc564d1da5b43732943a6cf39bd120c661a32520f9060fd1face7659c75fc594d14bea213ddcfbd3d2d6d9d142d85a3388af8d94
+	reseed counter = 1
+EntropyInputReseed = 2871b7a1ac2bdec0122c6c355f1897e9abd232eea193f42fd6ba304be1682020
+AdditionalInputReseed = 
+** RESEED:
+	V = 47eb6264b5361ac9c6159895ce8d97fae063048f2ae4576aa8be4a939765b01983601a8352f2711224d4927d8a3b606997b5a365307d53e72fba0e3ad4f7b2a54989ba052a83cc68b40c6ecad09b0069f7e895bc00bb9aa0b2fe6b62c0962086a19f997ee00201aa22de02a971af5b
+	C = ad847061edb40f5018f8708ffab60b1ac198a5c918fe9be533a5f359029cb9a1e3123f1420e4050150fbe722aa1cd43b9933720bd922becd625fe9afb11541c30b2df94c62330781e34f98c5b73af9327c4bbec29cbbe61ca771ae35002146e1c1aae1368b0e1f38d5c281eed06953
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f56fd2c6a2ea2a19df0e0925c943a315a1fbaa5843e2f34fdc643dec9a0269bb6672599773d6761375d079a0345834a530e9157109a012b49219f7ea860cf478a295d59920cbb38bbca5bb3d59da346db9193dc4680cac875dfc2c17771539097559ec5550d50e7b00c0d07d28aafd
+	C = ad847061edb40f5018f8708ffab60b1ac198a5c918fe9be533a5f359029cb9a1e3123f1420e4050150fbe722aa1cd43b9933720bd922becd625fe9afb11541c30b2df94c62330781e34f98c5b73af9327c4bbec29cbbe61ca771ae35002146e1c1aae1368b0e1f38d5c281eed06953
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 01a8681d258ed9f01c88265f769a4d306306d3cc7adc14934b54017ddf3d0633d9f629d6051200041f164fe58df4c0055d6039eedac64060ffc5929a6491a800f335c3ae5d68a2a01b59a6b5a3fd31343270c35d56ec0cbbc668285dc57872bad21ccfdd4002a6fe25cd10abd031a207126fa09cb0babdf9b142143944466dae506552a2276f6abc18ffad9ef3f5ae7bf53ab3d27d1b21c01ea88bae68238a7f7bc607dd9eda3dbc3ac5331c32dd4ec0a3fb23ec81cef37712762e3b81a6a598
+** GENERATE (SECOND CALL):
+	V = a2f44328909e3969f80679b5c3f9ae30639450215ce18f35100a31459c9f235d498498ab94ba7b14c6cc60c2de7508e0ca1c877ce2c2d181f479e19a3722367af4655cdb392219114128dac19e3ad7ca8a729cf48f5c049981a648a7b409c464908faa502d4a89042a11d4a7cc17d3
+	C = ad847061edb40f5018f8708ffab60b1ac198a5c918fe9be533a5f359029cb9a1e3123f1420e4050150fbe722aa1cd43b9933720bd922becd625fe9afb11541c30b2df94c62330781e34f98c5b73af9327c4bbec29cbbe61ca771ae35002146e1c1aae1368b0e1f38d5c281eed06953
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 5bc4bc624b8ab7b9f423bd22e2e485d3ad6815f242ea26dff94115c5d69d2a23
+Nonce = 6c8300f429d4a8d8ba7289b81181a3eb
+PersonalizationString = 
+** INSTANTIATE:
+	V = ac7f018cdc0811851cc07872dbe43c94c000e0e892d11c7c0d66bdf82f50aeb083fbe8ae40deaf0c7d4e35efba04ac793aa06041120ab084bd0c088da2226307c5b6a4021b99747ff61c6dee48e291e50eb3bebad8dfc8524493c501ecbc698dad20827aeed144d59135165832517d
+	C = 7012bc0235ec8169f13121a3972d87c1276d495b934846298dddf46d949e2078077919a072e482b4be4a7a62c6c6ceaa1e5bcc7db1d793a662004b1b72be718600bc1f5614951b8948d685c90fc53214d65a085c00f2c7751f3f3f19e73833715ec131c504a163379feb7f2e3f98cd
+	reseed counter = 1
+EntropyInputReseed = 0f5a0326a4352eeb8bcfd0c8c451c27008b4e9903fbeeb31676abc67e3cc4c23
+AdditionalInputReseed = 
+** RESEED:
+	V = c8690a72044c045248fbf4bdd584e4c5c5964324b29031cad21647322bf1ad2cc62ea4e5f2d31c442bbbf74526f7ccdd42672b48250daee6508dd2f92fe45a6d2fea6807e6f6c3d83a47b42580c5db3f7ebc1962ce8ec5c7ed2add5d8d47b739cbc2c31184004bf8170385a3b5a549
+	C = 2d54bf01a18f7c6ada8e5c6566cc8d8927eb4743009b3b754be9c8e118c6db51ee43d664e39543fdef543b82e7a71d22717543711c519d4558e32fcf388b2d2af8dec8c27f48812a26b44778dbddde0834a3701bb8d9754b4ed1812a3c8087cf82d54f10feadc37a031e47a76f29ac
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f5bdc973a5db80bd238a51233c51724eed818a67b32b6d401e00101344b8887eb4727b4ad66860421b1032c80e9ee9ffb3dc6eb9415f4c2ba97102c8686f884056e748801c6985fc35119dfc601b517498444239e666c0d03bfd1fafa89d1f0c7ca58561db4860d63d4a2910a29add
+	C = 2d54bf01a18f7c6ada8e5c6566cc8d8927eb4743009b3b754be9c8e118c6db51ee43d664e39543fdef543b82e7a71d22717543711c519d4558e32fcf388b2d2af8dec8c27f48812a26b44778dbddde0834a3701bb8d9754b4ed1812a3c8087cf82d54f10feadc37a031e47a76f29ac
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4b01f0f7a74fe4ee30ebf53f292ac434d484f2f77d915760806d49942314ae34b79e339a16d911ac1e7b35396757f92c3ac9d90f721a9e3a8613a632db27c4909b18ca9252f17cb96fa910a2bdf7a8c4dfc5866f277f8e562024149f7ebf8da862916ca34c0b2132b4602de351dc6de84a3b9bd7f2765017dda0440d97eeb0c97b88ff4ed021f7229ae1acba85a4a4c17fbfcb83fdfaea91c60125d2b2391d1561c44172c8da7426ef236a122526141d344a6ff8ca6162b2d104d551012ee4cc
+** GENERATE (SECOND CALL):
+	V = 23128875476afd27fe18ad88a31dffd8156cd1aab3c6a8b569e9d8f45d7f63d0a2b651afb9fda4400a646e4af64607222551b22a5db0e97102543297a0fab654574fc36d8310d0e347549131d3ca61474426d550fb69e6b4acfd91c8326526501fbdd9094261d5edd0a74cb15bf11b
+	C = 2d54bf01a18f7c6ada8e5c6566cc8d8927eb4743009b3b754be9c8e118c6db51ee43d664e39543fdef543b82e7a71d22717543711c519d4558e32fcf388b2d2af8dec8c27f48812a26b44778dbddde0834a3701bb8d9754b4ed1812a3c8087cf82d54f10feadc37a031e47a76f29ac
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e429eb27c7221f906d2fc1f66d2d96366e58ea7f88e5ccc5507a1a1ca5d27883
+Nonce = 7391f6acd7500212a5b01b998472288a
+PersonalizationString = 
+** INSTANTIATE:
+	V = c42eedc7cee2349605d2e395d199f63c895c0d345954aa4644d959a84e87a6d7b5ef4aea2e86a57d8ebd081159b7b3a84b4e7bd8cceb4366ff8241fd0fd3d6157cf87125d1cc3455ba1131b879abb2156e45e886b5ab5c9c74d37e6ade1b41f808a428981823abf6fc5c214c3e8142
+	C = a80c6dfb2573cfca9a60e8873259ba30855282c850268ace5d4021ce63588f514e217969497352f5c812fbf5a5f23250cadbbb2002a41f7f79e1b823e5e3251d92ee8cc361a82e1756714f62a0e8649e8084e259182091b89a5a2bf0cd335afc34af0ebdb7376ac443a506eac3f0fd
+	reseed counter = 1
+EntropyInputReseed = 4bff8d30247f4b525196b6350d8a1df37cf874ea3609680600790de9ac46afa7
+AdditionalInputReseed = 
+** RESEED:
+	V = da385ed923bdb146654f3a33186a3e3d6d6c7bc5b3c0e5c49b06987dbf2c536958e60ec7062ebd574a7315eb25f29ebcb1dbe8e66c3f167087a3f895a3704dd37972ad229121b1737d16a6b35615a8fa376ea1e940a576a12f41b69ebc940b8bd15ae7d9537349d5fcf9d5c84f46ba
+	C = 7fb9cc9841805ae919259f352a041731002f70aa3c92b3c4dfc001d733c3326c429cedffe689f4f0245568618ea074a4390f6f0c22f4b00721b338d45704a94cf26bb1ed27909f3da077e14a86d2d1739b12cfc47c80b6c5a5f4928b5e824293425bb6143bf06f65b806070543a370
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 59f22b71653e0c2f7e74d968426e556e6d9bec6ff05399897ac69a54f2ef85d59b82fcc6ecb8b2476ec87e4cb4931360eaeb57f28f33c677a9573169fa74f73354b319d2ea97f616adff2e4b13a52b2769ea7be37480e0ad7b2b6d818a40b319792b3ee6c71b6517ed78cd746a2394
+	C = 7fb9cc9841805ae919259f352a041731002f70aa3c92b3c4dfc001d733c3326c429cedffe689f4f0245568618ea074a4390f6f0c22f4b00721b338d45704a94cf26bb1ed27909f3da077e14a86d2d1739b12cfc47c80b6c5a5f4928b5e824293425bb6143bf06f65b806070543a370
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8b39ae19edfc376e29e5d130b2352e23e9c79704239df2e550e63ff3881152571c4e3bd7351cc3d76a32bcdad42ba5f00c50a81e6d67a2fc9014913a052a0e952d2521ffdae459ac2466a00804e7cc18f62765ab287ca8dc44764006683368efa564685db0813c0ef4cf155634207f2206293da2e39dc007a535e90587df1f00b0426906c31b3a5fb4a6155d5d6f568447120fa9c714ee31cfbdfc4a9d60dc9fd4ca38ca91255207923951eba254d3761564d34cb6fbff7cf852abbcc4819f7a
+** GENERATE (SECOND CALL):
+	V = d9abf809a6be6718979a789d6c726c9f6dcb5d1a2ce64d4e5a869c2c26b2b841de1feac6d342a737931de6ae4333880523fac6feb228767ecb0a6a3e5179a08fdff1777ce9022e7a86a0ba41e049213ee11e0bce1f427c357bdb9b28dd638d27fe6722e0e5f5a90af08c25064e9afe
+	C = 7fb9cc9841805ae919259f352a041731002f70aa3c92b3c4dfc001d733c3326c429cedffe689f4f0245568618ea074a4390f6f0c22f4b00721b338d45704a94cf26bb1ed27909f3da077e14a86d2d1739b12cfc47c80b6c5a5f4928b5e824293425bb6143bf06f65b806070543a370
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = cb52ba610167f08f7ac6e9ff075a37d5e361e1ae661af2d628643950382279e5
+Nonce = 08068a43f277bed3f932356479e986fa
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6443757f63474647ff122c0758d77e932accc6f086969e4733442484ac3c34db6c450ca3e8ef48340d98a719e64585067aa72656b79532c28692179e1366e7a0f02dc62a73c3441051f4a636e8a1f975c9b4e89337417a206f280872fc686b52289621a10cb9ea80a5f9b8908a7918
+	C = 3a777af1405e1dea7a96baf0024dea0f12f8fcb60cbc724d0aedc93567fd4593621fb10cdfbe9780013de74df277191b326bd39b8a521ad5b9b389df961346b847946911289a1fcb93e080af46395c570c615c7a4fa8e4c67c96a0a2ca36e931a3e3ddb51a7c17d55a51cc022e0cdc
+	reseed counter = 1
+EntropyInputReseed = 5d846424b680012a007fa2fb03d7b0f1a3395149eaf31db3d0d56c3fb78f971f
+AdditionalInputReseed = 
+** RESEED:
+	V = 651dac90bc1583408ad380c308c407425b852cdb469610a10cb712307fd6e218c7bee0bad5f649c9cc29e0574669599503c2672336b1254d74cc4cb207cc4fc091c5cebb6dc1adc4098ca1704ab297caa46af06015890f8a815c447f092dc19694cb9e62f1f7a707827a9519d80d0e
+	C = ccb141d016869c0ecc347c1c3d771799c9408792eeddb5848966d5429b8bc6daa86e92a3527f43ace28742074d886c5b885a684735f84717276f30383b48c17f5c1b27447797369cd2b6fa1811e351cb3d9908a7f86b3378b6aaf6dbdf5484929f5b7a483f29bc454a2e56c48a3d7f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 31ceee60d29c1f4f5707fcdf463b1edc24c5b46e3573c625961de7731b62a8f3702d735e28758d76aeb1225e93f1c5f08c1ccf6a6ca96c649c3b7cea4315123d2d93338e485de6018261a6dde371a9f881fb37109d0114e8163edb99e3efe8cbae0d84e8d746b3e45d862fdd121e47
+	C = ccb141d016869c0ecc347c1c3d771799c9408792eeddb5848966d5429b8bc6daa86e92a3527f43ace28742074d886c5b885a684735f84717276f30383b48c17f5c1b27447797369cd2b6fa1811e351cb3d9908a7f86b3378b6aaf6dbdf5484929f5b7a483f29bc454a2e56c48a3d7f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3c1138ad9b29d4951f2fd53177eabc53955ff6e8f816dc468de4092207c1bffb374d5bdda6033adaba3674e157d56a12f7a00816f1dc48421a27a9d079b065ef3ea31893f95b8307cf14677f8618b742cbd7e9e52a3af776f7b3d650cae80fe480199695b7ff375d4cb445228871fe409d7cb323b32b2f3c3ed93f2b0de8476493e7fc3f8fa86205c7fc1dae96b2fc3023e9415bc557cb2cffd2a15a597d3e2dba017824698b6e8607231a61d587de676c5bb747b1000c1d9c38ce47bd872e4c
+** GENERATE (SECOND CALL):
+	V = fe803030e922bb5e233c78fb83b23675ee063c0124517baa1f84bcb5b6ee6fce189c06017af4d12391386465e17a324c147737b1a2a1b37bc3aaad227e5dd416adc72923b9ddbeff4d6678e1722dac5c2c96b20701cf194e7d85b49ddad247df7bd8b314df1c58b5132060f038a6a4
+	C = ccb141d016869c0ecc347c1c3d771799c9408792eeddb5848966d5429b8bc6daa86e92a3527f43ace28742074d886c5b885a684735f84717276f30383b48c17f5c1b27447797369cd2b6fa1811e351cb3d9908a7f86b3378b6aaf6dbdf5484929f5b7a483f29bc454a2e56c48a3d7f
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = e0c44736f9703799d91bb8a4c213c45b8c2279c82da98d2c723db827d52281cd
+Nonce = 75e0198a1a4a8b369209fae539a143ae
+PersonalizationString = 
+** INSTANTIATE:
+	V = 18be7b900019e2d5486d914c9a2d4624a99109bd0663665daa31baacc267f71a447d7c25adcdf2e3169d7f23d778f5cf4c3ae25f9263f2a98db33fab7bbb48a6c3451ec7455bb8215102d82644aa1f1e4f618bd3b520f6b054e01ebf3a957c705e76ff6f9321e30f746cb17bd47c16
+	C = fc5e950038c9cfb4983f10e459e564aae8532814da1fe9b170825fe2f0a1a13bff3f15259ae6dfd72dc1aa2248752c7151782658090c7a93f9dca4255c3a43cd6bf05870b7790e0c48bbb05bb822f98f3ab59ad4ba4a3b7358934bd831e0aa03d493813a75b03351349ab4fb0d6a93
+	reseed counter = 1
+EntropyInputReseed = eb5924d9fe71bfdc8692ffae612bb80bd3b7dc2dd439c6d68a12e8d21169ace0
+AdditionalInputReseed = 
+** RESEED:
+	V = 827d52614fabe3f930f49f35ce430e1c8fcec803e6f7f64ba97c4c5eac4475ae4f6d1bcabda2ca99cd46b233b3b01fb962c2d8196397520daf26ed3bd442ddfb99233cd8c44ad57e3450b07b0d34aefac8bddf454d4ec54ea9c4b18491282b74142deb76e99f4ad1c5a0fd3bfed6c5
+	C = ca8a93e50fcb7d91f564e3432e45a618d3d0e8153ad1ae8697673e1bab293a00e8208b73b6de8b381916438ff390686552206f7baa72252b42c04ea22ec39453502c25d25de876b28053a1fc5b8df6dcb0725c3cbc67de69365d1ba1164bed0171237d54867490986b69af2239962f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4d07e6465f77618b26598278fc88b435639fb01921c9a4d240e38a7a576dafaf378da73e748155d1e65cf5c3a740881eb4e347950e097738f1e73bde03067341c4d77bcdf55d68db948afafee4889d553f43d0ab600c3f6ce808e1e0c932de0b83687d3806bbe708a947c85ba24344
+	C = ca8a93e50fcb7d91f564e3432e45a618d3d0e8153ad1ae8697673e1bab293a00e8208b73b6de8b381916438ff390686552206f7baa72252b42c04ea22ec39453502c25d25de876b28053a1fc5b8df6dcb0725c3cbc67de69365d1ba1164bed0171237d54867490986b69af2239962f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e97feabe1e91fc74d5e3144269f2e938cfba62276a125af34b322bd9e545afe8a1092835404e56152f46351f9e1443712a5a50c724680f8abd44dd4b886f7cbbfccbabb23e76c51ce0002be693f1bebebf78ef488aef6892a3817f5ebea364fd99c0de55797151439624508cf6926cc28cb8d718d4ecca7b33fff2236085be1a24ffe3efc5bd8f558ab9cf8542ca6c9969f492a4419c7f355ee6b803cc3519c9acc710bb1f68aecc82c44049ad263b6dc5a65b19bc00d98eb7ac608cd632354b
+** GENERATE (SECOND CALL):
+	V = 17927a2b6f42df1d1bbe65bc2ace5a4e3770982e5c9b5358d84ac8960296e9b01fae32b22b5fe109ff7339539ad0f0840703b710b87b9c6434a78a8031ca0864494ffec11e255b53e5bfe905c5c94c9cd11ec4525cc3003e42d3c7765612ec05c01b7066b0cf23603b8f7311cd22fc
+	C = ca8a93e50fcb7d91f564e3432e45a618d3d0e8153ad1ae8697673e1bab293a00e8208b73b6de8b381916438ff390686552206f7baa72252b42c04ea22ec39453502c25d25de876b28053a1fc5b8df6dcb0725c3cbc67de69365d1ba1164bed0171237d54867490986b69af2239962f
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = b9096646daf8ff1e539c4e18ff6a5419184d6e72cf2be0e6727765af291b01c0
+Nonce = 63bc9d90cd3f497076b51698802704ef
+PersonalizationString = 
+** INSTANTIATE:
+	V = a023c443742bad491a9bf59b52c68494b9f60592551a60a7284c7ebea5940d45bb7a845ffd64e6dd4c8167efdf7edffc6d0f4adb286c5208ab632c2378765dbbc0779f97b48609f3c8043453a34d9fc55f9311ad383c5785cbd99ad7433919c215ea74b848bd10b53b15173e982206
+	C = cb66b13dc28499b78746ec8746ba8ebeeb9ea930c37f6fb98874178c0b23b4b8581aad3c176ef9063b067277de912de6d2d25ce38aec96d1c151498ff7fcd7a0550cb1bc6185691ff7304958d8451b83ea7df6886656c1334a041978b7147abb55970713d0c85888de3d4d39e3875e
+	reseed counter = 1
+EntropyInputReseed = b1f5a39ea5c332e8733e101a1e08f298200bf4462cba56301173d2da3e6dc3b4
+AdditionalInputReseed = eee6742ae6b5d0bb669cdea0e33fbea1930577ed82ddaf0fb7ac0d496086d0f5
+** RESEED:
+	V = 61b29972bb072c8e17e51ebb86d541384f4d9aa4e4a48479b8b1a3a9d4786c007c2694abf3c7368c37df7b66494d3e811394ce958bddf5e46aab0ab6b5fc42a27156b4d78205e30ba7b8874bdeed07997e4fafdfc2c922c21f4b7a9feea2bd062c0cf4285ef00f1437fac572f4719c
+	C = 14e9c1cf0652c24787bf7683e3698b965ed0a56dd33189c89c33959d54d7508c5b4cd6780d6af63fb0d88103af9072a89cccfa210740c2851890a4eecc75555007afb000bd1f90b431aea9dcb4ed7fa1bafadd14c143901691233d943b5e4cd9fb6088e0173a6781e41a805f101f13
+	reseed counter = 1
+AdditionalInput = a293e23d2c206912ef7e0957c6fc77979786c3eda754f628dc226ab0a8237c46
+** GENERATE (FIRST CALL):
+	V = 769c5b41c159eed59fa4953f6a3eccceae1e4012b7d60e4254e53947294fbc8cd7736b2401322ccbe8b7fc69f8ddb129b061c8b6931eb869833bafa582719864aab4af1a4708205e3d313d1ba3f24fa4d3c95f3d59128ec376a62c85f239caecf2889117182cf4c5eba26596b9cef1
+	C = 14e9c1cf0652c24787bf7683e3698b965ed0a56dd33189c89c33959d54d7508c5b4cd6780d6af63fb0d88103af9072a89cccfa210740c2851890a4eecc75555007afb000bd1f90b431aea9dcb4ed7fa1bafadd14c143901691233d943b5e4cd9fb6088e0173a6781e41a805f101f13
+	reseed counter = 2
+AdditionalInput = 07bc38ec01ac68a9ba95ffea1101df965b0a7a0f9bbd363c1d293c60d024cd46
+ReturnedBits = a3bc6e5945673964518c18363b2b94882e029f22be9da39e6bbff7c3f59da35f02faaff903b4b9f9021042ad20c8ecb494cf3242ee4208df783cb22914174dc7b0f614580fb67ee4026fc6935155feb338e34d0bc37364328606b91d8fe6690d7190ce094f031340370deee4d1b4fd9da80673ef2a77debb280fa5dbc6f4e31f95809fdeb39555412d115c217cfb9d68aee8739c3e1210519b4e5506b6e059d45c51aa09ee1d067c3b546e3e83b72ca31c13046f3d5f61b47a4efbca4ebd6226
+** GENERATE (SECOND CALL):
+	V = 8b861d10c7acb11d27640bc34da858650ceee5808b07980af118cee47e270d1932c0419c0e9d230b99907d6da86e23d24d2ec2d79a5f7aee9bcc54944ee6ee4c1701bee08a1058bd8fb0c16a4d5a84bdcb4b77dd723cb7b9f35980c0698f8afd3948ff52a96677806f3bb32b37c2d9
+	C = 14e9c1cf0652c24787bf7683e3698b965ed0a56dd33189c89c33959d54d7508c5b4cd6780d6af63fb0d88103af9072a89cccfa210740c2851890a4eecc75555007afb000bd1f90b431aea9dcb4ed7fa1bafadd14c143901691233d943b5e4cd9fb6088e0173a6781e41a805f101f13
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 8f491d6bc59f581b353d836698d5eecb460864573d30fa438544b327b8a42424
+Nonce = e0934ea8b55eea442de4cda7a835dfc2
+PersonalizationString = 
+** INSTANTIATE:
+	V = f4b882407c7c04fa27d97b2538f51e33d3d84e8658f7a7198bdfa775eeb8f5259062879dd0ffb7dd41fe1b6d64c50ded4e1d0eb7be8aec93987c938de8d5441c295ecc9ba83e8117cfc67ecebed27322808a89082cb42c4b42fc8de0a55fb4fa4551573801bf1912ec378be4135147
+	C = c3ec0ccc43461470e81a04eced7cfed4ec5633b825a161084c05be9635e59acfe904eab652be5d3bae8807d0681f444da25a63e0b34430e72fab68755e0623737b07c2ed22effd62c89d3d73d3928c88d19c61c323d234512914b99616ebc5ea35fcaef0e653b411117c775df967fa
+	reseed counter = 1
+EntropyInputReseed = 25c6bbf8bda61fdc913fe6d369e4fd477244718cb28207eb2bce7724ba366ceb
+AdditionalInputReseed = fef9101a538cbdee70bd9559cdaada044b4f63d7b0f53c89f7b0ba19143e1004
+** RESEED:
+	V = a77be3979322842438e06bdccbde559d61aa1d4ba31e7d7cb1e0c481b051f3ef8b3521f82245e5ac8cd14e473e2f71f1d4d03e4a0799c5be87b1b07f051c6368baf5a452c1448baea3413aec3ef7b30aab9797aed79a651006f98c213adef3f0847af04ac22a242ae7f260038db5eb
+	C = 941fc463a0bdb107c897ec8a5d944506e80f63112e17a19126de7031399a1db798bdab2730b724ed250abfef556aa0ab540e4e24941685ac742c52dce4c58a3c2a06ed90e2522dbe2fe6b3b920887550c279a3cf92df113543b59c68a823095f879396a64d896be4e01713ae2152b3
+	reseed counter = 1
+AdditionalInput = 757b1809a53887f5d03b22b499668ffc113b16c4c63a1de3b15c6f55d9bbfb09
+** GENERATE (FIRST CALL):
+	V = 3b9ba7fb33e0352c0178586729729aa449b9805cd1361f0dd8bf34b2e9ec11a723f2cd1f52fd0a99b1dc0e36939a129d28de8c6e9bb04b6afbde035be9e1eee40f8296bba765b73f44871f34b74fb4447585d12cc2e8513978edd9e32d9c5760be11cba9f9227ca92539c5a7d6f076
+	C = 941fc463a0bdb107c897ec8a5d944506e80f63112e17a19126de7031399a1db798bdab2730b724ed250abfef556aa0ab540e4e24941685ac742c52dce4c58a3c2a06ed90e2522dbe2fe6b3b920887550c279a3cf92df113543b59c68a823095f879396a64d896be4e01713ae2152b3
+	reseed counter = 2
+AdditionalInput = d324e79474dce6bc4c5ae89806e30ad315d7952de7a7224ba1013ce5ec03d274
+ReturnedBits = fcefc87ed42c43c8841faf2e52a699be3d5c1f8208aeeeef2dfa90e7dc81839f1ebcf1e58d840d77012bcc69bbb6da5ee7d9b7f75df6128c08a6e484be1fafc942f3c1e1075dd7e250c2d54d68f9ca3018ab55cf6e53958e1bb25e8a00c65ae30563ec8f9f26a08be80a0756d1d8ab53b798ec5cfdc1c102e1c10f7bc3da6e0119dc34167177d0eae42077b42500d5971b21a37f22d10bb5b36ceaf71d22e09c1c1a47d70595506ac628aee0c939a6bfac44384e82e57be4299a184f91d9a220
+** GENERATE (SECOND CALL):
+	V = cfbb6c5ed49de633ca1044f18706dfab31c8e36dff4dc09eff9da4e423862f5ebcb0784683b42f86d6e6ce25e904b3487cecda932fc6d117700a5638cea77a22eea69f016c64eba2dfd005b466aa181a97bf7d9842b32b5625be73383d60435c684bfbee0d9f411d21e97b2a6d1896
+	C = 941fc463a0bdb107c897ec8a5d944506e80f63112e17a19126de7031399a1db798bdab2730b724ed250abfef556aa0ab540e4e24941685ac742c52dce4c58a3c2a06ed90e2522dbe2fe6b3b920887550c279a3cf92df113543b59c68a823095f879396a64d896be4e01713ae2152b3
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 10be70ec0479ef2a2cda2626f5f606447caec626280143fda60c143003cfff82
+Nonce = e2301d47aa02d3987b6547c6df42c655
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5fdf7a4b54998b428fd239a87bfb1e3210defc1c88dbe350650c4163fb1d5d0403c4f9b638ddb0e11a3dc1cbaf0399b819c5525c3f44080c570842d32bcd85afbd78966d496e02ef235e5cd8e3d87d88f35f497c6df5f34dafb001f3c6c890588306ac79fc8e455782bda318b20069
+	C = be5de3265b73dfb283c2fbf122a0916916f62615b047b79d1d2811e8be58bba232a0093236332cdd5033a89153ba685e5b7259bffab6f48268b6ee4583b518b79f0bcfcd349ed77ec11551f08b463e91d7c65d0268331214e037d3b4229d879cab2cf7798b5345be15c149b1f808d5
+	reseed counter = 1
+EntropyInputReseed = e34c12788572dc308d6404ac2fe3ba27605e67f1b11e77180cfc934bfa053809
+AdditionalInputReseed = 885605f723f3db83c30b0ed7d8e5d8801615be1d4a3043bb67a7f0c17c146c78
+** RESEED:
+	V = 900d0233796888a9afd414eb135c472e90e9dfb82ac2359ba404dba51f4f6f80a3df2ce8ba69d1c3111e6f2814250453b1aa616c72bc049c8d318bc38e91e8e995239c010f31f13f0d9827e3210986d55bfdeed5cf76106aff8832d87e2778e6573783950da90c9676c1124c023bbe
+	C = 8b7f515934afe94ecc9c76bf00cb41ebec5d95cfd51f7ecf2e87843a12c9c2e853068b3abaa5b8429c6de8391c3c9037ba8edd819ee46eb0b203360b3d2b062fb2ec7031023b4cf514dd3becdb6278e7c63c000762e414313bc293803b067dfbc084c2521f17c699c0ef6927abf388
+	reseed counter = 1
+AdditionalInput = 7d687fdf6bb4f3b13f613e92a5792b75bf297b9969c2c9e44eda6450fc5e3ea2
+** GENERATE (FIRST CALL):
+	V = 1b8c538cae1871f87c708baa1427891a7d477587ffe1b46ad28c5fdf32193268f6e5b823750f8a05ad8c57613061948b6c393eee11a0734d3f34c1cecbbcef806a828173db7ea9c4aa3041a522816ba2f77cb27f8edb0917de4fe18093efe6f8eb7c37a3adfd013c394e60ba0e0218
+	C = 8b7f515934afe94ecc9c76bf00cb41ebec5d95cfd51f7ecf2e87843a12c9c2e853068b3abaa5b8429c6de8391c3c9037ba8edd819ee46eb0b203360b3d2b062fb2ec7031023b4cf514dd3becdb6278e7c63c000762e414313bc293803b067dfbc084c2521f17c699c0ef6927abf388
+	reseed counter = 2
+AdditionalInput = 0deaf55047051c9f8edcb28e0fe4367513eccbaa18b8d7ee438c59f0ef019a86
+ReturnedBits = ee74d44e7f060cb14e313d632a36b5bec18d290d7e507a964872ad16573d271da6fabcecf799420106819e5e7e3d0a328c5d835caf67237e61beb8421a11fe6380dd42f242f7ccab71bcf67740ebed56cedb5f9655416786f38476da4a8639f62880650a0b92285e97f1dd540e71928a8e3823efaf5862343ce7ce6f0b5b5b65e74ecb2d8619eebeb7967916cc7f1e52d4fb6ff015bf15e26b08671e114a1d88a11238568b0832cede3bbb9b25bc0d7a0d20815f007393098073243ac4abe055
+** GENERATE (SECOND CALL):
+	V = a70ba4e5e2c85b47490d026914f2cb0669a50b57d501333a0113e41944e2f55149ec435e2fb5424849fa3f9a4c9e24c326c81c6fb084e1fdf137f7da08e7f702dc81807706bd863f1a2b3f43790365de6f0592d55229701453ea3f1f7bca892a74662b65a9470ceed7c1da9070ad5e
+	C = 8b7f515934afe94ecc9c76bf00cb41ebec5d95cfd51f7ecf2e87843a12c9c2e853068b3abaa5b8429c6de8391c3c9037ba8edd819ee46eb0b203360b3d2b062fb2ec7031023b4cf514dd3becdb6278e7c63c000762e414313bc293803b067dfbc084c2521f17c699c0ef6927abf388
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 79a12d037f4865d37d242dcbfa6602d26d5b9057bf0fa117d92cb54bd99ce26d
+Nonce = fe40dad846f132dcd06c1a87b16c1748
+PersonalizationString = 
+** INSTANTIATE:
+	V = b8e54ed9704a87a968f6eb4982a1b6a7d7a71aeaccc390e2ea1c6e2d283e5f90a8c0823127ed24821d93244084f6ce6ca5978afed97d99a1cc7d534a064f7806855720f763d923b7f324804c2b8d53b19a1c4f10d78fc746cd4182090ccfb3e45836dd6f46cfde4aadfde670a2b915
+	C = 12b2b3fc390dc9fdf6ed03ea3c8c83591ad3d33e5f43d31b93cb963ae27f2b55cbb1d5b47a708e2fb4420d4711232b501e3d99b561ed48dae293b34641de05f9e93e1c2e2c3740704fb46f5e71b65e342f548d7dc6f444b52c50d67b90be9224e997e654534f6b44ea422a1381a942
+	reseed counter = 1
+EntropyInputReseed = d09bf2de4f6228d74388aaedd1f909f0e0b44e35b837e0ce17557d3aa5edea86
+AdditionalInputReseed = a9675092cadd8d7535c1a6b22ad7a0e5f76946f265a643f3d8bd7116d0d7562d
+** RESEED:
+	V = 8dce5f5cfe68315ad4227828e19fc910ecf55f3e3b231521b9709d5e202510f0368727bcff8817e44eb5b7b5db1f9114631067c00865f7df2e10fd6bde57ef6119530f1ab23d62a7ac683131d6f0ed14259841efbb286871e67ce58d279c019f1c649512fa9f6af5f2c0fee6eb2121
+	C = 3c95890bfa45889959a7780e9a7f29aba95c7e126260a1c37a0936ee762e571b0f6a0cda11346ebc7e8400ad3da28e0359ad1bfc000c179c6709bdd347511cdebdc67180bf73534c57fd4897d06e75be2130b59a511ca61dbd86febef02e778063592a7312f77dde82870d081fb431
+	reseed counter = 1
+AdditionalInput = c2340ed985be03b07f1c2e0d332cdae494912dbc8480c752bcd6143c5ae661ab
+** GENERATE (FIRST CALL):
+	V = ca63e868f8adb9f42dc9f0377c1ef2bc9651dd509d83b6e53379d44c9653680b45f1349710bc86a0cd39b86318c21f17bcbd83bc08720f7b951abb3f25a90de3ba52aa85f8eed9964eab60e62710cff564de6832867a40b0c04f5cc2c07909ee2067d07f3e5d5e32e02f49a2d57775
+	C = 3c95890bfa45889959a7780e9a7f29aba95c7e126260a1c37a0936ee762e571b0f6a0cda11346ebc7e8400ad3da28e0359ad1bfc000c179c6709bdd347511cdebdc67180bf73534c57fd4897d06e75be2130b59a511ca61dbd86febef02e778063592a7312f77dde82870d081fb431
+	reseed counter = 2
+AdditionalInput = 675aa3d7d1019987c2046b3758933a121db4609067c3b622384d504b976ff97f
+ReturnedBits = 42fd0e14581a05a61627e0231e4443279a2117dff10122daa4700deebbb5223074034d4f8cded99367885d1932fa84e854a1955bd4e4ece1d395a8eff7b4d7e5386232038a7c4f4ae536abca303e911cbb7539cf70d618e98adadced3018f1dbcd4d4ff9772030cc31aeb1543630b1338d2aa52782c3ba0425e3d49ec2396bbb6367a106e87e178d5f02f8d1aa6f3a954ea727d43ea6089904e8178d21512c0861216e9d1efcc1e160246ec80c2cc11e14241428372785af8cdbdf710af2b902
+** GENERATE (SECOND CALL):
+	V = 06f97174f2f3428d87716846169e1c683fae5b62ffe458a8ad830b3b0c81bf26555b417121f0f55d4bbdb9105664ad1b166a9fb8087e2717fc2479126cfa2b3d12af37d1153dfb00b77f7e1f74688cee3747be060bf8c2981a41864d2844a79de997762aac883ac4b8675037b29d9a
+	C = 3c95890bfa45889959a7780e9a7f29aba95c7e126260a1c37a0936ee762e571b0f6a0cda11346ebc7e8400ad3da28e0359ad1bfc000c179c6709bdd347511cdebdc67180bf73534c57fd4897d06e75be2130b59a511ca61dbd86febef02e778063592a7312f77dde82870d081fb431
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 7e6d9980270bad5b893f8f627038d63111f2ee9c55cfb0cef04dfd11bcf6af2c
+Nonce = 23f1156eb3c544c15cbff2a029209a43
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2bf7d46e97c79eff97874d54cdba4a3925a28c7a027ecd562cba97bfaeff3d73b4e77e868e8b297982bae67c1fb8d7ff3c8c2eb13b8ab983b980adae66609eacb35a7990f51e60ddc973783a051a923009040b13821527b7490e48c90337cf5a6da35a1fb8fa4867021a504c288dae
+	C = 06dfbcc8c12c59b0da1bb6d2367d5257ed55e75e8227750618fbafbcdc916a852309f92e4c5529de29dc1bf4d1925b6fd9a9f2ef91243e79800d4d7c58d2690a9616ed0378267196268fa1cfae97903bde0c8347ae83094b94a1831350ce0a67090c645aac102718a7345bc1d41a02
+	reseed counter = 1
+EntropyInputReseed = fae5a8baa27990da2d0666946d139014d2a92325fd04c7dfd8a9f12b1e26f577
+AdditionalInputReseed = a130fa1f2da080a4aadbbcd8444651acae9c5066a3aaabc20fee8c074603fe14
+** RESEED:
+	V = ec88b30886829ca2ded375309fe94228646b035e70ee3e77eb1abc390d5bb528fece619823801ad041ec79b59a1fcbbdc8a7bf78863681086be3d678feac03380418cf4506b7e6c077b0727e81a2075ab8849907e67255587ddc105ba5a11bed3555bfe14d6f765dec4b086682ecf1
+	C = fd94574ccab2dbb915951e75867cf497922e63eaa6c5989781d3296f43b003b59c28490331591ab42d85cf767cf550763ee987a148fb0cc5bfb37d82ca9ba31577ef1ad1f8d131ee37af73a7c07eb387d4332e70e76efa3e1e7396452691683949c0f613b63e3f1b6f58dbd53a359e
+	reseed counter = 1
+AdditionalInput = a43fe1ee4b63a138cc5add19a44b30d00a562c56a10eabadab6dccd2049a1e03
+** GENERATE (FIRST CALL):
+	V = ea1d0a555135785bf46893a6266636bff699674917b3d70f6cede5a8510bb8de9af6aa9b54d935846f72492c17151c3407914719cf318dce2b9753fbc947a686f04f05bd300d66d30fe1e7834da8c03e23f915387b9c22c8afda3f8c68d109593c1d0eb581b3f9bfa1206a5ffee0c2
+	C = fd94574ccab2dbb915951e75867cf497922e63eaa6c5989781d3296f43b003b59c28490331591ab42d85cf767cf550763ee987a148fb0cc5bfb37d82ca9ba31577ef1ad1f8d131ee37af73a7c07eb387d4332e70e76efa3e1e7396452691683949c0f613b63e3f1b6f58dbd53a359e
+	reseed counter = 2
+AdditionalInput = 01f72080dd0a8f472b1b7653113bfc779fef4ca88037a9338a57976388b2689e
+ReturnedBits = 215673057455e77495b93e8982b8d3cfdc851c1afa0a03f96690089b112be62be285fd70020d300ef8481ce1252b1f5313c0cda3a2420ae74b63a0cc0dc54c429c3efdb3f8bab27765a1fa3ae4882d6898ffb22bf23abb91c5fbe6a65eb845bebefb98aea0026f95a513885ef54a8014cecea329b225fdc775451797729ca70df4c8bac94f1381c08181910f1cbcc177fff2b62e810070ba50e0da03e482a08b1d4ebdf004b56087e57d15ab6649d07f99db7ffae671e9cb4a0f30a97532119e
+** GENERATE (SECOND CALL):
+	V = e7b161a21be8541509fdb21bace32b5788c7cb33be796fa6eec10f1794bbbc94371ef39e863250389cf818a2940a6caa467acebb182c9a93eb4ad17e93e34a9969c871478d2262f55c78b1d84fd7628dd4e9ebe499f8c5d44712f171d3c4c92cc8f0cb6cd75d91627d450953589e3c
+	C = fd94574ccab2dbb915951e75867cf497922e63eaa6c5989781d3296f43b003b59c28490331591ab42d85cf767cf550763ee987a148fb0cc5bfb37d82ca9ba31577ef1ad1f8d131ee37af73a7c07eb387d4332e70e76efa3e1e7396452691683949c0f613b63e3f1b6f58dbd53a359e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 150d74f97cc5d1f8f015711da6e0b74fbc9d2bcacb026b5364409a975b7565e1
+Nonce = 58850b3f7a01df7b4fdd031b08fad6f8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4eff5565be7d12d7190516aebfbfacf93f2c9b58051bf5f13e3214ffe23d711ef347ec3808c1ba2c99f27294cd879b49fb39aa4958037baad6ffc2bf5d6d4571668913070848b90309bf505730de255a798c9cd2e2fa1a4a850d2f758420dbb9c98e0e27fcea410366268a1597eaec
+	C = 0a367f7554edf6064908189708bca73fc5bff3de24659bc8cabbbe4b692b7917ef36d81e5ee11b7c3d768f199ef61d446a64e6cb21d5b48d2e364da84aa7da308a0e18c2a1365887e1e0d5512dca829c15b8defa94faf5701709b764c8a41959132490fb6ea10eb2f6eaea99373b0b
+	reseed counter = 1
+EntropyInputReseed = 43f4721d3b33b8d0c0022220829c803d27132b923d6b598f45c068b6a99253f2
+AdditionalInputReseed = 2c529433c61de1b0252361231c2362417ae34900c32ea5986a195aecf4c8b46e
+** RESEED:
+	V = f94f3c28751290b5b3a112076f61b5b7c14d86a295d727997d54a501b780ce365f09ff23fb06b514621993e583d88ac959e67a668e656a838e47c95854fcedfaac2bd5c778ebded85bac2318865714109559986adfaffa4f3fc285b3ac5548caad7c6bd15a04630ae672481bcd398b
+	C = cea9bd4746b69b1e67b6abb2be70d9357e2a2a095058f92dd5b4c6556947dbdb5c8e9a4fc27555b025fcb57cfd98aa67ef069446e5f1e0fbc9abac91c17477c2057676f28397ba2a9ad8621e959806aeea57f44d353e92b2f7e1454c1138d2473af8d6d005fa8a3e3dd8a96a2efcb3
+	reseed counter = 1
+AdditionalInput = e0d72f10a0241e27b28a66b6613b145871b194196b26d84ae64e35d424f6f4d7
+** GENERATE (FIRST CALL):
+	V = c7f8f96fbbc92bd41b57bdba2dd28eed3f77b0abe63020c753096b5720c8aa11bb989973bd7c0ac4881649628171353148ed0ead74574b7f57f375ea167167294247b18f2e4dd01537855bc44e151b499e2ea21b8fde9568ebd92a607ee6901bcc05244050766750907b3dbf5d44bb
+	C = cea9bd4746b69b1e67b6abb2be70d9357e2a2a095058f92dd5b4c6556947dbdb5c8e9a4fc27555b025fcb57cfd98aa67ef069446e5f1e0fbc9abac91c17477c2057676f28397ba2a9ad8621e959806aeea57f44d353e92b2f7e1454c1138d2473af8d6d005fa8a3e3dd8a96a2efcb3
+	reseed counter = 2
+AdditionalInput = 8fba18bc1f0967549d7527a49ee84589a3791c7e7ef723735d2e7fd93fb087f9
+ReturnedBits = 7b5fe4730d60cf2a1f878396ae3f644b7b6ed08d290fbfa936fb38cc0ae402288b3011e9ba6fe4f1b7253ad5854fcba12ada5c83c23aef9868a958163ddb4aa07a11aab2aae7979df456cdac3ec96d36599941f0789dc1db5d6510592efbd0a6051ee25973199017fc4057e1da26295150015f9ff5066390e2327f548f76f1509cdea4d6b62ff404ba1a7cdd65af2eb658ad14937eada087f48823ae7b86cadaa2bb5691925b7b5458068c4524db397a999560918629ee6fde92d78b59f9b27a
+** GENERATE (SECOND CALL):
+	V = 96a2b6b7027fc6f2830e696cec436822bda1dab5368919f528be31ac8a1085ed182733c37ff16074ae12fedf7f09df9937f3a2f45a492c7b219f227bd7e5dfb9812c6bf41b54096c6f909809f4250ad4fd864e0bb8550d0f9523c20ead27fce1c477dffb872835ba18ee15e76fbc49
+	C = cea9bd4746b69b1e67b6abb2be70d9357e2a2a095058f92dd5b4c6556947dbdb5c8e9a4fc27555b025fcb57cfd98aa67ef069446e5f1e0fbc9abac91c17477c2057676f28397ba2a9ad8621e959806aeea57f44d353e92b2f7e1454c1138d2473af8d6d005fa8a3e3dd8a96a2efcb3
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 54855241ccd11d165e9edf8243764e874e441f7e741e920d648f15431b28b2cb
+Nonce = e7002c35fa4df3696a38c01006a1fa8a
+PersonalizationString = 
+** INSTANTIATE:
+	V = bd2307cf18ae412ec31a91d6a9a3320cb817f5110c91edef314d81cb048d6d6abcdc1703696c56d9fbd99f9f480c3bbff8e19dd9a6a9ea02f80ab3b0c42a172eb8574a323845c1238e3ce8cdd95abc06a781558c3012df7c6835007e0037ddc149f89e06f6c8218337b908fc0cfe8e
+	C = 20b74e9c6c8ee4b052388b250f44fdffe096d236cd564558b12006ab6b76dbe0f5e2012184f223531d9d87c2b09c76f6a89d070190534946de72cbc0561ce46dc60f0045f7f4bafc9fae24344d4343d16647e46dd20d67877507c77d997b1119af6c93f22f56425085164cf7996bf0
+	reseed counter = 1
+EntropyInputReseed = ade9b69cd2ddd4f9d41a1fcfd1f7dfd80e91d17bce843bea83be473213023fa4
+AdditionalInputReseed = f86309ebd361c2b6e16d53469aa2dab53c0fc210f9bb33c1348d5e96e4b8a7e9
+** RESEED:
+	V = e556cb77ef6c51fc1936d338d84560c0cb7e57f55312f8b9e9efc6ebb30c70dd22790a2d172735f5baa5ed609ac8d7f54ff4e3a4d4fa343b8e161b671e049a6fe4547ec00ae095ceb8ce6a2a46c20df1882afef60ceb233b4544b0cf67f468d3a2818f1587953ddf6b6d09a180aefc
+	C = 89af0e363cf0c5d01b5a0b9ccf8e7e91ca891cbb71eb90b086d1abf288fa412e05584183fd9010ea02aaa90582ae154c6d7dad9f0ae8d0099a3504a0e3f8afc2be08e907f03907924e9cc784aba6e9a88349aaf24ddad71e6fa46ab98bdd67f6fe03e510439dcdb0579623543515c6
+	reseed counter = 1
+AdditionalInput = 5b7b6b5d73e1fd46251295b5998043e595df5ae8f05336e1612109a9a6cd4fff
+** GENERATE (FIRST CALL):
+	V = 6f05d9ae2c5d17cc3490ded5a7d3df52960774b0c4fe896a70c172de3c06b20b27d14bb114b746dfbd5096661d76ed41bd729143dfe30445284b200801fd4aa019952ae6a7172e2f67dff8b02f35de7ad668455d507e4406f69751ac1512ba7170a86f757d39b52e6e0b6ab0dcfb51
+	C = 89af0e363cf0c5d01b5a0b9ccf8e7e91ca891cbb71eb90b086d1abf288fa412e05584183fd9010ea02aaa90582ae154c6d7dad9f0ae8d0099a3504a0e3f8afc2be08e907f03907924e9cc784aba6e9a88349aaf24ddad71e6fa46ab98bdd67f6fe03e510439dcdb0579623543515c6
+	reseed counter = 2
+AdditionalInput = 8ea9b5136e9e1da5ae4dd030a8e6819b1d14c6d712f22bef9af7a9ced9e057e9
+ReturnedBits = 6cd4bb7aaec4267e223c8547d669660f6ba10227a9628987964d9d1bc6af9f023325b9a3770740dd68fab1e9fe0eedf8aa889dbb032c79004920933cee9645e07592d78921785aff013731540b98834bc72fca00257bc7fc566465003d7f4e820e4be3c7265c8b2566510f527e5ce36d03f1f416207b54a2683cd66ae43dff1ab190a480985b755d80090bb4539cd38674a2bc07ba0b49bacbb286a57ee72a567d6b3ab171abf5868ad5040dbc16d3336eb62dbc32b4978e331e9c947e4dfbb5
+** GENERATE (SECOND CALL):
+	V = f8b4e7e4694ddd9c4feaea7277625de46090916c36ea1a1af7931ed0c500f3392d298d35124757c9bffb3f6ba025028e2af03ee2eacbd44ec28024a8e5f5fc050e2ccd6a0353f08763bb46e033ff2550b85c921e683c31d9363c58e6cf8a2f208449b362ef19a5d127d9140c469015
+	C = 89af0e363cf0c5d01b5a0b9ccf8e7e91ca891cbb71eb90b086d1abf288fa412e05584183fd9010ea02aaa90582ae154c6d7dad9f0ae8d0099a3504a0e3f8afc2be08e907f03907924e9cc784aba6e9a88349aaf24ddad71e6fa46ab98bdd67f6fe03e510439dcdb0579623543515c6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = beb9e3316c4160c98a8ac72a98fabf2e400e5c9d9ba46ffd9c9b00035fdf10b6
+Nonce = 2818dcb40e17e1c96c690bdc574f86f7
+PersonalizationString = 
+** INSTANTIATE:
+	V = a5c1b59963e22ee296c3f31bd44c8804ff0e3a101789642b0f44eac9719041c4b7cc109bd09b5fc219508c7a0d42aaecd554a9bea0e8558b7c6087c013d7b3daa1007e34f3b8515a4441fcc97f551032bd9d1ebd4abc5bc54500be2e5813afa90f56bf11fb80ae670f0d6a30e8b1a1
+	C = 057bc6f4d6d2b5920570af6e2c18c4a96e5f1ce4f014fcdaf9d00728f6f42addd64659137eba6d1000eba2fae58bf05e231d975c4436cf757f51d0cc9674ccc41c9c9dfc1a0353aab11eb57467f557e49b9570897c40acda7de9c3c7559904b99086738a41098f9acbab2fb6bc467b
+	reseed counter = 1
+EntropyInputReseed = b82bebfa2233a8d973880ebeff77b56eeec4ac06c77486b8dca8d104dcf873df
+AdditionalInputReseed = ef93a7f2a004a8a3934ab1f880f5082fc00e89615752d8ffbc792af3a6283ef9
+** RESEED:
+	V = 6632a7d5eb3bcb7619eaf2d2e37cfb29c72428b0fb87c9aada78ef8c00962d7c0b4d25ed29d4e370a49f93670435508777febe7057d3e09803031aa4d92489d23179e52ca56bba96c5656c7056a05bd7d5db3c5133a6a904b31f8f8afa128053ce3ba0692a6e3fa31e8d96552a45fe
+	C = 67f12074dcd6933ec3578a5d6108cbbc24d26920ce351f0ff99647ba5ceaa577b1c6f22faf81db47bef11beca37c4264ff7cb96412b97876439aa7fcf1f97fa22ed68d14c9f30fdc1a596356e73c4f8c2747d3c82f921a0a0fe28b3bb1535c93225b0c6889220d4360d8f072d00221
+	reseed counter = 1
+AdditionalInput = 7a6203801befb66b56f3ef7241d33367c55042bcddb11104b3f7080c5c127233
+** GENERATE (FIRST CALL):
+	V = ce23c84ac8125eb4dd427d304485c6e5ebf691d1c9bce8bad40f37465d80d2f3bd14181cd956beb86390af53a7b192ec777b77d46a8d590e469dc2a1cb1e0a8120d18acad9b3b5dfa234371ad80f448f8502d6fdbc71cdfc5e2a9bcaaa677ca87a5a7d2f5b9062ea5091aa08634a3b
+	C = 67f12074dcd6933ec3578a5d6108cbbc24d26920ce351f0ff99647ba5ceaa577b1c6f22faf81db47bef11beca37c4264ff7cb96412b97876439aa7fcf1f97fa22ed68d14c9f30fdc1a596356e73c4f8c2747d3c82f921a0a0fe28b3bb1535c93225b0c6889220d4360d8f072d00221
+	reseed counter = 2
+AdditionalInput = 95dbbcc9e41f9bf87d07cc85b540fc9597f5498595aa7d1f6162b30235876004
+ReturnedBits = 1886f46eb7cbce6ad78a230c97c49dd4357e5bcdb5ec364383963b584068d45bce4b6011a7b0ad3560d351ef12ceae9a1d3373fb5e23fa7f3070f45d001ee8a8b39a2b7854ca71df4361366470abd40d9a8288e441e11e5d28d82b0ec446e1daf187d4f8b99808b4ed624c09f014b74813fa65e50c4a38c9730b52754a8bb5e46474b3bc6fcf1bd876963c2b85bf351f886b6a7e153fe07f7df1d1a2435e47788de13d6a182ed0bfe7ac4ddb0ac511d5c32f40f9157414538c360bab7a1592d3
+** GENERATE (SECOND CALL):
+	V = 3614e8bfa4e8f1f3a09a078da58e92a210c8faf297f207cacda57f00ba6b786b6edb0a4c88d89a002281cb404b2dd55176f831387d46d1848a386a9ebd178b2051f07487eeb8a6a45e29f0470f0351547a0b6553b9d6d9cbc553fbdb040bda60f7e5f8e7d8e3b2d66563b9a54273ea
+	C = 67f12074dcd6933ec3578a5d6108cbbc24d26920ce351f0ff99647ba5ceaa577b1c6f22faf81db47bef11beca37c4264ff7cb96412b97876439aa7fcf1f97fa22ed68d14c9f30fdc1a596356e73c4f8c2747d3c82f921a0a0fe28b3bb1535c93225b0c6889220d4360d8f072d00221
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = d7ec482f7868fd7e1c739f8c78492ac786cb7e85bd8dfb023d806f0d2742ee80
+Nonce = 8efacb48fbc8169453fbc89fd53f741e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 34c49fe8a5e5152749b1a26aa0ba4b0470c26b93a9737e64a22f675a3a9b2e6b9d77529c041c9dc1aacbdedcd26e05e44c729b984f0dc51066c4b5fdc208469d294b8310a899fe848470a7423ccfa515f860680df2d2a9b6f0f1d58911eb658ad996e6e65f9640c4a218a6e219cdfe
+	C = 34a36f990abbd599dbe3233a4b371908e715c148bf1b8a85e34988cf17980a20674947ac2847bf2cb1a3dcc93dd176068da211d8a549c1745f0e3e7fe1b833508b11545afd71ba10fed7ed93ee4b8b851f7cd8c426c56d25421a202f41537760a5a912c1c4209a21ec073a32b51828
+	reseed counter = 1
+EntropyInputReseed = ecb0fb4b17f8771736260d01ce07bb76111a05378de06e7a12e8133674f54006
+AdditionalInputReseed = ed4f4e01b82544730dc3fa3a6a326f2fc983922df259669b8b381deb61dc5fe6
+** RESEED:
+	V = 771737dda3d2ba37e9cecf695a3363453274303ba4d50c50c66f61ebc407e6817284608fe83ca5720af9cefa688ab80f28510c528b8f469fcb341b522f0c51bc61e09922cdfde8c999d173a3ce74bf5f834abcd20da8a2dc12d4f72755fa5bdefefc00820fcf436993f8844f016502
+	C = 9f86ade98650b3671b04ae9c9d9ffddda384e7abdf19e06f231e6779a8c5c08b9a12655fe883acafdd768a7a5784b5e45f44bd3525920decd8c2b3c2a5f7c91fbfdc2103b5635ef8b9b05eeca1c81dc63ddab7755a8ff695b2d2ebada4bc464be0162a8169eae039761a23dd7cae65
+	reseed counter = 1
+AdditionalInput = 0684c1dcd1f44626209647be5493c2bd22f2731e4424bab9dc958b34ad889bea
+** GENERATE (FIRST CALL):
+	V = 169de5c72a236d9f04d37e05f7d36122d5f917e783eeecbfe98dc9656ccda70d0c96c5efd0c05221e8705974c00f6df38795c987b121548ca3f6cf14d5041c8ef73584508f78b4852e93c72f984403a6dd06355a231ba89e8acafa98b4b7a63cda66ccb498d0e12e9975cba0a698ef
+	C = 9f86ade98650b3671b04ae9c9d9ffddda384e7abdf19e06f231e6779a8c5c08b9a12655fe883acafdd768a7a5784b5e45f44bd3525920decd8c2b3c2a5f7c91fbfdc2103b5635ef8b9b05eeca1c81dc63ddab7755a8ff695b2d2ebada4bc464be0162a8169eae039761a23dd7cae65
+	reseed counter = 2
+AdditionalInput = 1cfb501038208079c13155e79dba5e8236f2f7a58dfad267914356b1f90b865d
+ReturnedBits = 443a13c4e891ce5a23c645e02aad2a7309ca1a57a73a84b8712494a1ce7852c35c1f578727bde6cf8caf7a5bda3504c1bac1118421b63df6311fb32180ff89c6ac04efc60a93f1f9e820ed5036bee312d605197cf99bccd208d130ccdc5415f7d724842d841e80645b087ebef5ab305679c14c7e82dbaa7547f4d264fb78a7fb2d0ebdf1fbf03308fc497795d4aa1b8287a4001c1c1041a35fbb85005e4debf1def48d4fe3f771908b891f15439130da0c12e16f889990fb9fc1838a5610a45a
+** GENERATE (SECOND CALL):
+	V = b62493b0b07421061fd82ca295735f00797dff936308cd2f0cac30df15936798a6a92b4fb943fed1c5e6e3ef179423d7e6da86bcd6b362797cb982d77afbe6701a23d02f9a07e53f02f5711936e4a4bdc0bde7990f337a857b4cd5c32b74ef1cf140308724a8ab55a42e69f0f73dcd
+	C = 9f86ade98650b3671b04ae9c9d9ffddda384e7abdf19e06f231e6779a8c5c08b9a12655fe883acafdd768a7a5784b5e45f44bd3525920decd8c2b3c2a5f7c91fbfdc2103b5635ef8b9b05eeca1c81dc63ddab7755a8ff695b2d2ebada4bc464be0162a8169eae039761a23dd7cae65
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = e0dcdc14099ab737c0d0b0c8c3572ebd3dbb28f42834147628764854e7e81f50
+Nonce = eafc0cb26af09f7e7fda9a6ab230726d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 033aa4da0bc315c0ab334ea2184d89ace94adff1cee50653a272c204403c654fb3f5eb93f4337a46f3f90ffc448cb4bf14ca7393bc494ddc6c88b70d0182ca2717e69ad89b6a75d5f5b68279d8bdbdb753b13b5f3deb930d0965cfe99c003f4f76c5224c6ed2481a0eb1862a1c036f
+	C = aa7d485508903212e71d7860c607c6c6dc006acae904b5e5eabef8c376ace260d7a5197197d6fbead22349c94c396dc6d15f90d2a12b78560328a680d3ccab4889cfc2cc441d1e840ac0235c01d5925e8cfd65cbe0ab191ab5a674746de5ae19c5598df9a6e5dc69162fc12539dddc
+	reseed counter = 1
+EntropyInputReseed = 0d25df4d6d913354b49f4ddabeff6d8dd328d06fe1dc6bcbd69979e3a3b691d7
+AdditionalInputReseed = ee71107ee3e042fb3964664147dca2f90221faa6d81282e5dfc06bd6b11de2e2
+** RESEED:
+	V = 1dff29876f21c12b229b96ae8a722decfc358e0c60fc0006c4bb98ed4345586779dc9bd1c840543e8d18bfd364a5dd71273afb63065d92d7dfc48219a7f3b7565fe6555a47b28767034cad40db3f9e4d945103a3ce5765cd125d6a3b4ec5a95da5bd88e30d38c4b29a8de0c63f260e
+	C = a3237b4c8f8b095a3782b1372db001724954f31f5f215445078d0b3472200146f3dcbca16c065955c58112baa83ad6b980e6d481336e0bb9de541e202c47766c77c354f93d4f03719d86a52544c97c1999611e5b24accf14ec5266ed3478b6e6a874ac7011cb75264ef208830e3339
+	reseed counter = 1
+AdditionalInput = 5b3dadb744e56cd02c8793326fb24157c2a724b5f632c0b7598a51dfeb059397
+** GENERATE (FIRST CALL):
+	V = c122a4d3feacca855a1e47e5b8222f5f458a812bc01d544bcc48a421b56559ae6db958733446ad945299d28e0ce0b42aa821cfe439cb9e91be18a039d43b2efd7770056b9168bf42068ae67e3a84b6c17d7bfea1eddc71957cc7b37555d372de2ac6e676819a6cc12b8f9e2f264cca
+	C = a3237b4c8f8b095a3782b1372db001724954f31f5f215445078d0b3472200146f3dcbca16c065955c58112baa83ad6b980e6d481336e0bb9de541e202c47766c77c354f93d4f03719d86a52544c97c1999611e5b24accf14ec5266ed3478b6e6a874ac7011cb75264ef208830e3339
+	reseed counter = 2
+AdditionalInput = df1a31dbf2507fd055b3d8e52f73fddcb7e73afb9bbef97d0897660f8bccc1d5
+ReturnedBits = d17ee42809d9ad363982daf009e26359ee0d70e135a11ab60fdc5525649ce0cea8046e03f75c5d75b2bbbe50fac6ec5e2eeaeab63dc9d5fbb74bfbe7878c7a866766f5ec4b970906cf3755c9d847657f242c55582f1bef75a11dcb3c8f6dd6163eb0c3b53b9e34d44d9a55492f5555acc76be483e3ba79d2ca64a446ca373e6089557856593456c4e7b8132f2d591e0539fb0b512caae185a7472e16e9de25bbdf090e72f4be07b8c2154e18299d08ec184c74a57b48d09860ad47672fb9e976
+** GENERATE (SECOND CALL):
+	V = 644620208e37d3df91a0f91ce5d230d18edf744b1f3ea890d3d5af5627855af561961514a04d06ea181ae548b51b8ae42908a4656d39aa4b9c6cbe5a0082a6fb96779aa85b0db69a910e637935ff70a2b4e507556b0ca491ecab3f1f61f91840fb2bff5938661d0294a2f49bef239c
+	C = a3237b4c8f8b095a3782b1372db001724954f31f5f215445078d0b3472200146f3dcbca16c065955c58112baa83ad6b980e6d481336e0bb9de541e202c47766c77c354f93d4f03719d86a52544c97c1999611e5b24accf14ec5266ed3478b6e6a874ac7011cb75264ef208830e3339
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 4bee2e93154ff1965135208991cf9237a0625a8e1f142e90973bdcd4481b910a
+Nonce = 53982a4d8069110e2b8056f9c5628939
+PersonalizationString = 
+** INSTANTIATE:
+	V = 40805511058d0fde5c6a1ec3021bdae32dacf72658d264be7b50fbaa9e3d219f8034967fa9c2df48cb23552ca1458d567604f472c15cc14599f2f5ff8dde840abce1d3e53050958ca91462e33b486f4c93149233a18a763651863494350019aa38afc4143d84730043ed4c61fed36c
+	C = 7febf634f204dc27abb4c3cdc599e6b5c090c7d0fe867a569a6a7212890dca7d2fb8d9716208aa12dce1319350ef2214dcb886b01765c686911857830e9bd8b3a4f091cd6a1eb4fa35879d76654af9aff3f9aea71af795f15e66bdc71979d5a79af61d09423f60155008e9f104e2e4
+	reseed counter = 1
+EntropyInputReseed = 7105a8266dbb47caaceab8765d985090e57e355a3fc20288e6b866c39bba42c8
+AdditionalInputReseed = 25f8f7d4e4e14654ef2c6908abf59e7b579c9277e505c6820ea4ad0595d59825
+** RESEED:
+	V = 800f270cb8c2ccc4af55deaf55a5f5d58edd1a80d34ef8aef896b9866621af2aa0d2613e1cb1d23577adc39c8ec1932ce3d265a874442ed46cafaa146a29fe25ac81d5657c78a2ea34d9bcabc623c0531dc520f16516ef0ec87993c8720b7fb325f6bf7af37f8bda04e3f96f5f52ab
+	C = ccbebe2d483659762ad129cce5b3ce113034e959c64b0e8f398cf5a1683360554100452eb8ea9e7197ace23070f19e2a59b7332ee09e776c8494259d165a249c36a75a95820af8c4867ea6233078a1f15893d9fce38dd1624671aecdbcbfbabb06b6b35a4be60eccf23cc56dae22b1
+	reseed counter = 1
+AdditionalInput = b1a740806a202d5da0082ae56d69382b378a482db44d7ebd097a6042de6d9156
+** GENERATE (FIRST CALL):
+	V = 4ccde53a00f9263ada27087c3b59c3e6bf1203da999a073e3223af27ce550f7fe1d2a66cd59c70a70f5aa5ccffb331573d8998d754e2a640f143cfb180842413ed6fec5aff2208b4ebc361b1b0c115c17c89e4f1f198a17f90366a8143e37459d3c00de632289cc25f67c8855329a9
+	C = ccbebe2d483659762ad129cce5b3ce113034e959c64b0e8f398cf5a1683360554100452eb8ea9e7197ace23070f19e2a59b7332ee09e776c8494259d165a249c36a75a95820af8c4867ea6233078a1f15893d9fce38dd1624671aecdbcbfbabb06b6b35a4be60eccf23cc56dae22b1
+	reseed counter = 2
+AdditionalInput = e7af421379ef377618de862d95e09165c89067849fa11abf597953dd09ce70c9
+ReturnedBits = 183cdc530817e49c40cdd3d01508f027a4898f47ae934b25b725758fdecd483dee7461a0b37604aa585a62d30e23bd3e1b053bb8975dbd608757b05db95ae449931e173b7280ec5385ce7e7f029ad40776da9fc8c84cd2c4c63b5a54223955a5f158cfd8afcdc869f7bf1d99ff4882519e76f02c2e6e62b27f2988a5b666c3030adb729c9a5a3f257310ef1520ac77577539272ac896af5cf3f275e2d664b05f90f00b24520580d4b3e45bd836a6e565976b5f68c7f656d2629438b433d9bfdf
+** GENERATE (SECOND CALL):
+	V = 198ca367492f7fb104f83249210d91f7ef46ed345fe515cd6bb0a4c936886fd522d2eb9b8e870f18a70787fd70a4cf819740cc0635811dad75d7f54e96de4a1794cbc1f3bca2e9939b67a63f2ed6f1060dad5e5c9ee0dccad015f3a662123e0e68d4b0faa1208b005a7ebac5ff5431
+	C = ccbebe2d483659762ad129cce5b3ce113034e959c64b0e8f398cf5a1683360554100452eb8ea9e7197ace23070f19e2a59b7332ee09e776c8494259d165a249c36a75a95820af8c4867ea6233078a1f15893d9fce38dd1624671aecdbcbfbabb06b6b35a4be60eccf23cc56dae22b1
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = fa0214d1de746f23696d96ea5f00c22bf573ab047a1647c3d37511520cb9b4fc
+Nonce = 22af8732362df8e472659292b1d1c8c8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 689f1f4d7e9e0020717bda0dd40cae905e63c2582031aceffe0877cfbfd6189a404d6f5b0a83eac02640da798fc52b224a446f625b7a9cf3bd9f264ba82150fe6cf0d75bd679b6c73b4270496aa1b0733ed407f18982749aea425b521c7a9db570bc2d81e127a72a6b98c2f53d7e2a
+	C = 30a85e040ed0264f26e922fb433b9223a9f9455f8a5b3fd4e1c64c032b97ff20b715e2f54d88f9cf1d911d81c13ca397997e176320fc7ad9491a99578021ab9032c206c83179be37b8cb2cf22937c683333b2103d598bea43a2a2431a913352998971fd95d03312acff4a3fd04905d
+	reseed counter = 1
+EntropyInputReseed = e33a9858a48594b974c1c72a06ebe09f7b0d1a09f9930e862e22c1583eb92654
+AdditionalInputReseed = fb057fb13a81dff9571d7c04afad90610eedddd60c2540f61f28613fd0892438
+** RESEED:
+	V = 19e0a7b58e81599199a9771d5947e463bdfd0aeec624fcc2810c9c75e16c7085ef477f606d31b02e5356f5140f1bc1a1482929780ce6bb3b8409bf926b20a915af7be2680385cb809ae8183277493d74635ec3cf9c5c7a98224ef8426a917b66a1c29f993fb393bd5769c9eb6d4194
+	C = da19037f67c5d51e612d06fc3a0f303d530c5cac67d44485bf57d86b6c04c42b8fb091e093bc5706fcabb5e60165829c168056a977866aa4b03d3730f2149b2ab75111e50b4205652269df7874502704a8dc4b84c6b75c1873c0487296dc4c9e0060c4a2d0c88dec38f684a5959903
+	reseed counter = 1
+AdditionalInput = ca14f3ac55158ce52330c960dfe0b8ca3f00a752591f947f4904caf0483a1ecb
+** GENERATE (FIRST CALL):
+	V = f3f9ab34f6472eaffad67e19935714a11109679b2df94148406474e14d7134b17ef8114100ee07355002aafa1081443d5ea98021846d25e03446f6c35d35452238964393183149c107bece1eaa13b267edc97d6093d2bdf9fec8ef0099f3a56789f3f2c60027b37705854ff8cf9412
+	C = da19037f67c5d51e612d06fc3a0f303d530c5cac67d44485bf57d86b6c04c42b8fb091e093bc5706fcabb5e60165829c168056a977866aa4b03d3730f2149b2ab75111e50b4205652269df7874502704a8dc4b84c6b75c1873c0487296dc4c9e0060c4a2d0c88dec38f684a5959903
+	reseed counter = 2
+AdditionalInput = 6d0116dd3915a461620d84598d766685961d862d539e98be2d1baa48ef976d3a
+ReturnedBits = 8a6481729b3b543419d8f9c217b0c90a40cbc8a42f55f488a0b464f53f8f1b0b0744824acddf08fb47ab4c771e97265875e53feb3f9815f94b7124970ccc80b46ee4832d611b2dbd021cdb84c27c1fa051d091904bd98b4d210337eee56341f778facee7fe0e1bbcdcdddbfee2ca0a0ea44eb3237d67026bc2d1f68b6211ddccec2ecb2b8901e59179390dfa8a675924bd9b923cbbdbb7fc9581ea0efcaddf1821fed432f8953e30648a177262772e6668ba33c52d875c8b5ced8750b90cced2
+** GENERATE (SECOND CALL):
+	V = ce12aeb45e0d03ce5c038515cd6644de6415c44795cd85cdffbc4d4cb975f8dd0ea8a32194aa5e3c4cae60e011e6c6d97529d6cafbf39084e4842df44f49e1a7ae2ade342c346d6fc1f330de5dacc1d5dfea84626e4359f63d5f898389aa4bf672d7c6bada8ce8eedd80a11ec1fc61
+	C = da19037f67c5d51e612d06fc3a0f303d530c5cac67d44485bf57d86b6c04c42b8fb091e093bc5706fcabb5e60165829c168056a977866aa4b03d3730f2149b2ab75111e50b4205652269df7874502704a8dc4b84c6b75c1873c0487296dc4c9e0060c4a2d0c88dec38f684a5959903
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e4ae2eb4f1c7fe11bfebd16fcf9770f1097ba9982e887c4540451973da009712
+Nonce = e2f4f875fb6dd698f8fbce455e6fcc34
+PersonalizationString = 
+** INSTANTIATE:
+	V = 438c5cebb2ebda9b80007d3b7f1d4472deb4fa266230591e732272061123c15ed1f7c9b5460fdfb863d5c200550bef4e0080289cb11d7f99a5461aa511251adb5fdd710e53ae3297b12ac3e2d022ecb83a5f75b8e16b71c0160e49044f1801e7d8043f54bd581363800943e39ac941
+	C = f19cdd4884fc81eaf9803ac04ec74274ad827398c30c834ff6170ac4c5172ac91514232385a52acbe2c09ebdd407d4545004b8ddb49c98ff23f442bf6b9b4494c990cfadcf49f21716562c0fc3f0b77bd25403da2fb4fd638aa1928b64a04b37df3a6cec638e5cd5921030a72d9d99
+	reseed counter = 1
+EntropyInputReseed = 0eb51a0eb55cfe69c9accd9390af2c79cbebf3c4fc5b5af1984c283ad5f83f56
+AdditionalInputReseed = 1a3ca6ea56079fe100955ead59b2a30176b755897ba33effa582b8c54f40cab5
+** RESEED:
+	V = 3074c3b891be281d54807368fee320133fd0c90538887d31d577d5066082a108ff0af2e8a29fab4356ed65c903f3ac647ce85e61703328c7c1b919e6db994a93c7d216add181894b7fbc3eed884f4ba2c088d17a3877cd910f1f0203cbcfe85526091fb86df42682d692f0fdeedb4f
+	C = 4e65b794743a089e6143e7a493125c36669fe2189600e6cb057e795767e5fd06ec3f418710c8bb803848bbfbf0b6e91f907eefd604c675585c3b90d4958b361de436eaf95372165976068bdc2c1620034cdcc8804ef93009cd1b769464bcb1663ff772611b9e96539e88cbbb5ae1fd
+	reseed counter = 1
+AdditionalInput = a8f598e9a83c3df9c07da50d12ebd21f46fcf3d4ee79eb12067f2de8e41208bb
+** GENERATE (FIRST CALL):
+	V = 7eda7b4d05f830bbb5c45b0d91f57c49a670ab1dce8963fcdaf64e5dc8689e0feb4a346fb36866c38f3621c4f4aa95840d674e3774f99e201df4aabb712481ea6c8a7c8943d1e7d2d3ebc5a8dd44e6a994dd5c3dcd81165b4d003c70b5b9b59009976ffa3e6c8da75a57c8b877d159
+	C = 4e65b794743a089e6143e7a493125c36669fe2189600e6cb057e795767e5fd06ec3f418710c8bb803848bbfbf0b6e91f907eefd604c675585c3b90d4958b361de436eaf95372165976068bdc2c1620034cdcc8804ef93009cd1b769464bcb1663ff772611b9e96539e88cbbb5ae1fd
+	reseed counter = 2
+AdditionalInput = 0ac86d66f4f0ef7f295473950ff0b29507334a341e773063c572339e6e165e97
+ReturnedBits = 3adc8c50574b0987c33987e148634c9fa64bd77ba182d33b695271d9c3f5d9a3ec506d55c9e61cbda281c4a955d9a3f03a70a2627f9ec69803b04a27b2936d155c28d3cb1fef06ccb69bd1e2d7ad27c07ec2c88fdcd5fd34c96e17f27a60b5a676967a31e22b497788e47cdc54393ef6c1c87e29bb3fe0eb8b482355fd69395036e7b88d355bbd88af8b3af097c15c051e188b34aa8152dae6629849db3086aa4a8b82d14aabd6c7fff9dcc1df5eda3bfd5d1205540e2fd068a43915538abc5e
+** GENERATE (SECOND CALL):
+	V = cd4032e17a32395a170842b22507d8800d108d36648a4ac7e074c7b5304e9b16d78975f6c4312243c77eddc0e5617ea39de63e0d79c013787a303b9006afb90cee48f35f4f00facfa9062178f8ce6dd4af4db1144e6740f34e8a933a8aa17f96eb2b486448f407840eed4a3890b8bb
+	C = 4e65b794743a089e6143e7a493125c36669fe2189600e6cb057e795767e5fd06ec3f418710c8bb803848bbfbf0b6e91f907eefd604c675585c3b90d4958b361de436eaf95372165976068bdc2c1620034cdcc8804ef93009cd1b769464bcb1663ff772611b9e96539e88cbbb5ae1fd
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = dfe24c46e7d47be9aff72bec236fb425df618ac1181349bc09059f1b955056a1
+Nonce = 35fb9d485ca92b881312f1fc20e24fc3
+PersonalizationString = 
+** INSTANTIATE:
+	V = b132b1a9d8a80d6e6500cb4e922c10291f8b13a931ae96ff2216e0e568287a8ff5687f763aae0f5368c77ea3fae1e3062d1eb637428dde716cdc28cc09542462fff0b93e3ce55dedc506bae22e76cbc91a61121e423d659c46a7e36fe647b484704ef83658c761c8b1d9031e83c0e1
+	C = 3a711d13dc59d45c0526ebe04afbcb7fbde24beb41700e1daab08e95a659466774db01eeb4fe62c599f62b906b168fd84edc67a69915df7d5abcf60de9d70734e5de406df4d164a3cdaa1dc8f10b6f3710d3fb66f25502c928c58d401679523e92c7efb9d21fe2053dab8ddc5ad5ad
+	reseed counter = 1
+EntropyInputReseed = acd99b9bd2072267cede7691950d7411f3f13f10b2925ee8fc01d53347a59932
+AdditionalInputReseed = 61073170fb42a40a81019d6154ab906b7f0fa2dc42548ed1ed890f529414f002
+** RESEED:
+	V = f968a8f5a5810c0203a1e0d55bb6b41a156b884520ed5c1866256db43af537efec8b74f53d70b5b8c51507a917202f9fcf1b356b8cb07c79bf0b0779e941ff4df6e7587573a549b4813f5a584dd8481fcb66cfcaec605ffb30b13b0173bb6b8bf3cf026a6ed3186758b4a5784c4ef5
+	C = c101b9f0a6ed2d419123eca26bd1a554d0e815fd7dc7f016db7de4fe37316b92e6242c3a5e6227750283136de7c953e04fd39c25483357a2883bc3f8d5d679f34b4df30e67a6e112f67a518510061d67be81ee41db2e113bd75994c8788712fdb3f9f1688b2823ccc79f5ea229cd1c
+	reseed counter = 1
+AdditionalInput = d4e9a2ce4f87d8497667f5b9ef1abf5c68f6dc183f51810a03a59300cef7d022
+** GENERATE (FIRST CALL):
+	V = ba6a62e64c6e394394c5cd77c788596ee6539e429eb54c2f41a352b27226a382d2afa12f9bd2dd2dc7981b16fee983801eeed190d4e3d41c4746cb72bf187a3342f7ac2ea9df35b3b59e75332dbf60aa74ce9bb41884474b92002158e13a3eee8aeccaf99bf93df925d5584e261a0f
+	C = c101b9f0a6ed2d419123eca26bd1a554d0e815fd7dc7f016db7de4fe37316b92e6242c3a5e6227750283136de7c953e04fd39c25483357a2883bc3f8d5d679f34b4df30e67a6e112f67a518510061d67be81ee41db2e113bd75994c8788712fdb3f9f1688b2823ccc79f5ea229cd1c
+	reseed counter = 2
+AdditionalInput = d034e4046ebe9826c820e149faa0492049ef6413831d966ea313b68003633395
+ReturnedBits = e1c61111881dceef937b20fb8e55a189055da1052108277f03c96e4e0e26f28c58ae4c7eb64576d7a7c36ae39abaa3141fa8e80a3325f58677cdfc00687ae478270ddaf41a095581c7ccc61926d19f6310d80874ef0339db26eb30450a7357f69d7dedd815207c4e35d81ea56a3ae47b864df1fdca60a66600751d965e0b0772b7aa775e00671927149ca48956cbea4553b9a2693570a01ec8d1d29ec0447c7bcbd58d387249cddc8db7226b3d766a7d6cee49f27be4d07d3f131d79166cacf0
+** GENERATE (SECOND CALL):
+	V = 7b6c1cd6f35b668525e9ba1a3359fec3b73bb4401c7d3c461d2137b0a9580f15b8d3cd69fa3504a2ca1b2e84e6b2d7606ec26db61d172bbecf828f6b94eef4c52e8387d90750b45521643c46bf5b37d03caba2ebedd09dad75fb06448e78eb3d36c7ca17e4b11a6e8aba4927a06bc8
+	C = c101b9f0a6ed2d419123eca26bd1a554d0e815fd7dc7f016db7de4fe37316b92e6242c3a5e6227750283136de7c953e04fd39c25483357a2883bc3f8d5d679f34b4df30e67a6e112f67a518510061d67be81ee41db2e113bd75994c8788712fdb3f9f1688b2823ccc79f5ea229cd1c
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 264e75ffb8b39bd67e5ab8c9da2902f68b7fc1fb68db3aa23c8058eb9407a76a
+Nonce = 8d6ff33cbcb71b2d0b972e17d97c0b81
+PersonalizationString = 
+** INSTANTIATE:
+	V = 07c7ed2c8e49ee899473f0c6ecb9816d4c609b487d52195a5df61c18623805d15b640e10f366b73f46895b5a9700c09615ee09cbdab406ea80ed682f54b89aba4502ad43615b9b92b3d8a0876e80ce1e82512c894fa17b0870e8cd37e9325476f9069c9e266092341bc9b1b9b786f1
+	C = 212e278b77b1cdc041d9665743242425a2011f1b73510df222980a80406578bcbd1acf98f5213391ee9b79ceac20ad4399a6aab7f454fd165a8d8b86293f3139cc0ca0f4a4363c6026995897a7d9ff9f17107d085df98f8c61f7616854530741fc529627f84c32b77bb475cf8b2d8a
+	reseed counter = 1
+EntropyInputReseed = 7e9a57a924ebf874e2f3465d71661ce1019e1dfc6d552bc69f13cf0a5fd886e8
+AdditionalInputReseed = da62f2bb6984ff8d488311da187676f6d4007a3e0ef14e9456b5d7bf318a9235
+** RESEED:
+	V = b6dad62fbec18bfa9ae4f8196803bdea27169600d1167ab2469f9d074e6924555ee209db2fb82fe3c62b821cdead6ee3efa86caebb81d0045ba437abf7f5bfd2e485b76f3b77ec424ecdfd2195151e543ad3bdc262153a53ffea64210a1cdff3fa2dd0d3cfd0f9e192021fbdc7475f
+	C = f8885a07eceee3f5855f1a960871f47d0f969820da559e3c2d9bbf15dc604d71929a724b9ca8c55430975612a70fcb020d9ec028831f5765115fbece8a8eb334c25362ca375be1171ee3adb0258b8de560e8a88748e55e2ffe06cecd33ede0c8ab0d199432fa38a4f6cf74055c39ca
+	reseed counter = 1
+AdditionalInput = 855d222ceab7c2303d73f6748097e82dd0efbeab6d543a62993e248b2f617972
+** GENERATE (FIRST CALL):
+	V = af633037abb06ff0204412af7075b26736ad2e21ab6c18ee743b5c1d2ac971c6f17c7c26cc60f537f6c2d82f85bd39e5fd472cd73ea127696d03f67a828474068065a6fe21051d5d679b247288dbdd274df0ec3a8fcd800d9dc86b22e501f708f9e9ede1bd09c6f5c4c19571138bc5
+	C = f8885a07eceee3f5855f1a960871f47d0f969820da559e3c2d9bbf15dc604d71929a724b9ca8c55430975612a70fcb020d9ec028831f5765115fbece8a8eb334c25362ca375be1171ee3adb0258b8de560e8a88748e55e2ffe06cecd33ede0c8ab0d199432fa38a4f6cf74055c39ca
+	reseed counter = 2
+AdditionalInput = d116e25161c960248f1ebac704a1533d978e7d2c78ee4f33ed95686f289154d7
+ReturnedBits = edc93d49fdd159c933ba28ec7c0b1a8ef9cde600802e48fd1b2bcc511bf4b4d4751962fa70cde8f4a95b057c1f828f5d008bd54d2b2d9cffa32597e195a029492cf94fd4e0733730a7b3b0796f163c0e242f041b0f9e8d5c5e11a5961c3bc7d6585991d7395b371b4bfb3fa7449a94aedbf12db5361c7759203a05eb1d6da440018fad7bab27701400a2f0285de81bdd35c6dbdf5039a3a311077104d3403bbca9dc887c4cad1cadeed9e4a3b6461903c3162aa5ae831359a4a4b70f2a2f06bc
+** GENERATE (SECOND CALL):
+	V = a7eb8a3f989f53e5a5a32d4578e7a6e44643c64285c1b72aa1d71b330729bf388416ee726909ba8c275a2e422ccd04e80ae5ecffc1c07ece7e63b5490d1328219e491bdabb34a2f0a8872229d6f44c37262da437de15fb239396331a7ccceb6b9a1c1c9af6daa34e874aab08ebd2aa
+	C = f8885a07eceee3f5855f1a960871f47d0f969820da559e3c2d9bbf15dc604d71929a724b9ca8c55430975612a70fcb020d9ec028831f5765115fbece8a8eb334c25362ca375be1171ee3adb0258b8de560e8a88748e55e2ffe06cecd33ede0c8ab0d199432fa38a4f6cf74055c39ca
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = f5ed3a633230ef9935a1f5ada4d17df903a04fe82e8780d24e4099e192c354bb
+Nonce = 904ce6a59de10f91df5a4c5735d18cb5
+PersonalizationString = 69758a0bc5a050ebe8f5a823a1cd1d1e0c28a40392386816a1070140f6683bce
+** INSTANTIATE:
+	V = 6ef44eb594de27d14c305b90d47848f0c7afe1395c94efd3fb1d0cc1681d17a4ecfba6cf626d918a10d069b6e005be554371dc40b6b5619409801245052bf76134af54525da5ef1ca75bde2abdab56c58b95a3fb1ceff33dc96027c5ab613f83ef02a224c8775eab05a5da8c9e675b
+	C = c933febea09f7755e211f90fbc2632b6c28d33ae05083ddbb6a3a3c7ee93054e99079473c538eb3754c1922394fb70937ddbe1a9fb04c7d3766dbf5f04e42016dea343b698f0cadea437d740dd71c94ec488c90d2564c0cc41d1f3ce7197983e1197a35c7e8940ca319f6424b4ca36
+	reseed counter = 1
+EntropyInputReseed = 075792dbee919fca9af14e694bfc2be0402f1312a28873b58f3f9c270eec97f2
+AdditionalInputReseed = 
+** RESEED:
+	V = d2b3f481f6e59f68f5b492c1df6c61f02110db1834d8b3a1539c259f419253922897ab6b833b3cf452e5d7bd3d8528fa6edadc2fdff45603a2d2f75066bf2a857c1c702a34111a29da87454bea2a851625db16af247e67d86daa9b5b575fd717e9a6529491bb65581538c64db53a0c
+	C = cabad4f1db4522c7aa838636063e16d0cc01f9b99f123a19f5092208f32d3d3cfc0eba7a2169aa67c064e60f8db8bb688f57b95b765ec65c1a3c3c7e2fbe9f324fd4483c616995a06e1a6426deafd1280aad7517e79d4a77cf5f256d8503b26d8a07fb1ffa5736866942b3c04da2e6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9d6ec973d22ac230a03818f7e5aa78c0ed12d4d1d3eaedbb48a547a834bf90cf24a665e5a4a4e75c134abdcccb3de462fe32958b56531c5fbd0f33ce967dc9f28a71a5162cfcf88e94fe113dab48c44c0cb7ca688a008a4f2bda885fe6be16b15827648753dd165e7532bc5732acf5
+	C = cabad4f1db4522c7aa838636063e16d0cc01f9b99f123a19f5092208f32d3d3cfc0eba7a2169aa67c064e60f8db8bb688f57b95b765ec65c1a3c3c7e2fbe9f324fd4483c616995a06e1a6426deafd1280aad7517e79d4a77cf5f256d8503b26d8a07fb1ffa5736866942b3c04da2e6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = da8cf54fa4c6a19688211d5ecec28435151b0a136d14661ebeb5e34ef82f615bb784036493939fe462af78dc6f5b5935f043f9c4f21af4d261b8c8de569a2766cb57b818c722f84cd374e8f4cea5218cdb3c4a793c8d3f6dcfed2ce416d2266feec5216e8fac70971f9ab34fdf0033a64a9d2769fb40568190c8bb80a63f5d4c6b98eb4cd2b6fbc41f7101c8ac776597e5816f9191cb3a4d6ac477c8e2c6ef981cb37824a70b92dc394f00c9938f84c1e2407086003acdf6b4907fd628681fc8
+** GENERATE (SECOND CALL):
+	V = 68299e65ad6fe4f84abb9f2debe88f91b914ce8b72fd27d53dae69b127ecce0c20b5205fc60e91c3d3afa3dc58f69fcb8d8a4ee6ccb1e2bbd74b704cc63c698954ff50a283600dd878917b60f9c8f3b994a47fb2402650c5d0fb5f69a4c1e7c9000f457d5f072569b1c955a3a93000
+	C = cabad4f1db4522c7aa838636063e16d0cc01f9b99f123a19f5092208f32d3d3cfc0eba7a2169aa67c064e60f8db8bb688f57b95b765ec65c1a3c3c7e2fbe9f324fd4483c616995a06e1a6426deafd1280aad7517e79d4a77cf5f256d8503b26d8a07fb1ffa5736866942b3c04da2e6
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = ee596201f7b674f5d72b2b824f9a96d6cccbecbc99f59e9679bfc2d5d47707b4
+Nonce = eb05a8e9c923d3b3f9d11a1285a10ee8
+PersonalizationString = 1f4f70c287723c8eaaf1ea1e89e457dfc3666c881776f158f4f3125afd5e8b8c
+** INSTANTIATE:
+	V = ffb95aa2698b0811b590fd7e552c0f61183e365d15b6c5ea4b9e7f4c9aec1aec1e85e4917ca1cbdf8c2747e232a4a6c1da29a2172bd1363618f52c8d42255ae9609ef67c34ff32493563d41b55ca8a6b38bec00dcd7d8004a61034641396cbae1f34844d45dd1e0fe74085ce1153f9
+	C = 3ab99606c735540fec12dbe438f19b50fc786187b2c3e69b1ae47ae22c1c731b465575e406ef11e0f3dbf3f375e7311ace8ae0258898f296a68a44f8a0a71ac2ba189abd66f511103bec19c75a772e0e91467ed9ea3505e033782193839d06a552c696a62e0386361ae9b695641685
+	reseed counter = 1
+EntropyInputReseed = f1b11bd611d3af541c5e5ed1119c473f49c655b792f73082e675234ccd302722
+AdditionalInputReseed = 
+** RESEED:
+	V = 34b1c55b582f11b452363b642a00983f2786814de4668efea07a27139c6ae134bb4c28f4169283b281947f25e3436afd380e24bf723c7c790feb9820678cce402e14ab65539be8e58c32bfe450185cb157a380b766d010de29c5e7a43f2592b099c82172a1b5161d4e18ba2211a003
+	C = b9e420b8c4b56a6b2aa49c898945f614edf59acc9d28c64ea023d9eb09fe1f39c3bdeb633ac15ff16b685607496899b7f281a642f1a721adc579b07bf7c9e987d14b9d5455bcdc9964afbe1b43835ff375373920d48251e53cb77555bd51b87971500cb3d66a716c4c6bbd697c7e01
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ee95e6141ce47c1f7cdad7edb3468e54157c1c1a818f554d409e00fea669006e7f0a14575153e3a3ecfcd52d2cac04b52a8fcb0263e39e26d565489c5f56b88a08ee31c1ed8680e6ea103093db9a63d3aa5d340e949652f20b86a4bf524e694c2757c8fb6c9aacb0bd69d7ac8fbe0b
+	C = b9e420b8c4b56a6b2aa49c898945f614edf59acc9d28c64ea023d9eb09fe1f39c3bdeb633ac15ff16b685607496899b7f281a642f1a721adc579b07bf7c9e987d14b9d5455bcdc9964afbe1b43835ff375373920d48251e53cb77555bd51b87971500cb3d66a716c4c6bbd697c7e01
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ab1d0a7625c29de8960b0f950cde29698bdd5dfc2f2da0c3b1e2b195012b091c71fe77afc7ea7546dcf7a4a0e321bfd66c3a8489085d5627b24b5fe8b76df6ceca8339648946a7c0a2c8bfbeb6b437c0b2ac7f9e75cde0f820db65413db8a46719804e4507ce4e6171357a969b01b272c4e70793f4b6d3c33eab8dc784cdcd6eec743ba309a4dce40bf10f0db9b532352cf6fc202873a76a854b62d6f35da2338f3e01f6b080b0d451d5a55c79e6c7aca1aae32fd7ac719c03c3a34360f097e4
+** GENERATE (SECOND CALL):
+	V = a87a06cce199e68aa77f74773c8c84690371b6e71eb81b9be0c1dae9b0671fa842c7ffba8c15439558652b3476149e6d1d117145558abfd49adef9185720a2db7bedb7ac604bc780e620c5d8cf3c937d67d75952a42a3a5cfded83e0d96ce80c3c9aae7745286330eaad393721c8c4
+	C = b9e420b8c4b56a6b2aa49c898945f614edf59acc9d28c64ea023d9eb09fe1f39c3bdeb633ac15ff16b685607496899b7f281a642f1a721adc579b07bf7c9e987d14b9d5455bcdc9964afbe1b43835ff375373920d48251e53cb77555bd51b87971500cb3d66a716c4c6bbd697c7e01
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 314102b84e0e871b36e15b0327526f83bb9f7b42f6e760ddfdea36198ad479ca
+Nonce = 588e17f2520a117544072c146d337e83
+PersonalizationString = 844af6982008d4784a6888295a8969b5c0b4d9cee88e6ca23777e1647bb8a5e7
+** INSTANTIATE:
+	V = 7ad603c9209aff70518d60434137420935e37ee9516ca43ff65b656a1c141c553a1bfcf81160c0e618d098158e31fda1af7d575bcabecef40a9fc5e53e122667f250a2d53276389041e6bfde36107fc11439890f64f406b5c6ecfee6a62e6978e777fda270291d051f8434d9138cb6
+	C = 62eb213bb3939e0886bbc87d2c209bbfba5760ae41611029bd6539909bb98eacbadd082fdf3e2b034d6c91a5a0c1b6ae251f6212cb330e61ce79271f8b3c256c6683cf07c20266f59fbfa78de79ce9132e516cdc541d121ff15226ec52b1779cbecca4642dd39865d0768ea04404b6
+	reseed counter = 1
+EntropyInputReseed = 9b7d6edb4cd3ec5b7e4617cf05eb8c5e05a4fa8384552464a990e1c196da62e2
+AdditionalInputReseed = 
+** RESEED:
+	V = 28c4076d5fef2a4a4fac6135a66e0c57b4ac1c68774357a612d580d299c8f7f3f9714cefea37eaccc1505206c6902cd30c817229fa2d42bc89dad00f03d9de9879c5a8d2039e2b3d64920bc406acc140fc94b47f8b7d45cfc5b006c70484afd2be5b5a25ad7c24b336d7ab287e9f04
+	C = 762860463dae6ccabf718c4e3b3175f2a31c787595ae4f0f9a53a53fff2351682c44aa684bee208f7b915a78d8a0e1a363b01bbb9aed0489082e99c408d3b9fef2bd7553cb5e3e801b0f0a5f68c0136000260f0dc7406c381480c0bf5c80c2e20e943629708cb0389d5b33173a4d2f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9eec67b39d9d97150f1ded83e19f824a57c894de0cf1a6b5ad29261298ec495c25b5f75836260b5c3ce1ac7f9f310e7670318de5951a4745920969d30cad98e1d20b900d27b3981d190b9562d7c1350af17ee792652bee0d19ed5931b9534fe5111f07d40e898e21e2349544ed4b2a
+	C = 762860463dae6ccabf718c4e3b3175f2a31c787595ae4f0f9a53a53fff2351682c44aa684bee208f7b915a78d8a0e1a363b01bbb9aed0489082e99c408d3b9fef2bd7553cb5e3e801b0f0a5f68c0136000260f0dc7406c381480c0bf5c80c2e20e943629708cb0389d5b33173a4d2f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 868a16d37fb706a79efc3f5272e14c4e64bfec1b79c3d8d3ddac7bcb89b48dff1162a659c3f4ed1145be12f7bd54947fa794db734a8506885348486450793eead6bc53816055e3c7cd5146fb5c910f43fc2b50cffbb5ca98a30c36b20d14d84a020e9403e2ac8845324db38f210d8734c63c4fe06ecb0fcf7ddfec8f225eb12a19412cb06635ef5d110e5299a77144aaeba842565955062a427a92a19ed67e9bb148605b69dbbdd19af48208cf68ebc3d9eb9ddec3cf0d464393a2f8e31b2f7f
+** GENERATE (SECOND CALL):
+	V = 1514c7f9db4c03dfce8f79d21cd0f83cfae50d53a29ff5c5477ccb52980f9ac451faa1c082142bebb87306f877d1f019d3e1a9a130074bce9a380397158153182619a62df6a3e09ee0485b51ca56ce101ff045c46bf732435ff5adc327073095c48e606dd29a745876275ffbf32b4c
+	C = 762860463dae6ccabf718c4e3b3175f2a31c787595ae4f0f9a53a53fff2351682c44aa684bee208f7b915a78d8a0e1a363b01bbb9aed0489082e99c408d3b9fef2bd7553cb5e3e801b0f0a5f68c0136000260f0dc7406c381480c0bf5c80c2e20e943629708cb0389d5b33173a4d2f
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 82bca3cb2d956a88b262931482cd97f757f8cc412b141f90d174f5b27ed27851
+Nonce = 187b5b82d0b4160e7f247f41923b052b
+PersonalizationString = 11d4b7844ca7541f9952550e543270f0e737b5fba618ccdc87457a5180a8fb76
+** INSTANTIATE:
+	V = 3089b462adc6c5bbc3c4fb0009cd415c7ea395083c5b892bcc6b1c2665c0fca83693ad5c565721ee36a26f2c52be257c4937e196d460f120404c1ddc6974daba50d6dffc0d8e36ecec281f4b4aaa466b9a67b389756ccefbc5b809a3e5a3ebdde27fdacd1bd5538fb483b86781f0f0
+	C = e09d7f82685ffa2eac6bfbfd9c7b62747057aadba3a133c0ce4155f6094b4532df1b0a3fc3a81fc4183bb7906af2e1ecb1cc68e6fe9939fbe388c7e9895828cce4e040222d0ebf959cd031eb28c7d811dd542ea1e64894b2f9377ad3c52e8d2bae8a329cb760907de80ab726289c74
+	reseed counter = 1
+EntropyInputReseed = a2955f4d3d23c16f274fe2f519573cba24b83b03b342fb0a1ce3c76ab7b32791
+AdditionalInputReseed = 
+** RESEED:
+	V = f40bf4b7b2c34a297576d58e5749e45b04fdbefe2e9c9bfbe7ea2a27935c34f4a4800dce06465775ed3712b2650193ee35168cd6e051d538503f4c695e3eaeca3d94653edb7aa92058611fc8e68710454f3330d1b56a3c0e72817e8da8becfb7b1574b2bc3e0a4c859af12cec61095
+	C = ae25ca671e7bd654c828a128e6592ee7a785f93acfe745326f3323fb73b210d332b34c474dbf6a1e75f0f727704f5d01871426b9b8d8f2c78435bb70f82684ca97d0d3fa8149069f4f9237d44ac9ea4fd31949bd4c482ae937dc09cfc80dc13cca180b6450b891f0f5989e4c07a306
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a231bf1ed13f207e3d9f76b73da31342ac83b838fe83e12e571d4e23070e45c7d7335a155405c194632809d9d550f0efbc2ab390992ac7ffd47507da56653457ff829abf983b2384a396a05deff8c79d9027de5bece4237c746c295e92178463564c31f4ec1dc1211f0c30a057e062
+	C = ae25ca671e7bd654c828a128e6592ee7a785f93acfe745326f3323fb73b210d332b34c474dbf6a1e75f0f727704f5d01871426b9b8d8f2c78435bb70f82684ca97d0d3fa8149069f4f9237d44ac9ea4fd31949bd4c482ae937dc09cfc80dc13cca180b6450b891f0f5989e4c07a306
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1fb0345055c950701453e84bab50e45d95828f1e0eede9748cbd7a9232d68fdcecd2d1fbd5c95f75e1f883bc0dbea299cd6081da39031b86e84e77bda7b6265f25dc4f398c1d786f539705218e7e40e4a1e991d5312302a6c34b0cfd0aca9160be9acb76bdcc60698c06c9f197a04f84f31e8b2dd6e5a03070db2216ed1ea34b89805d1e3b6cbf57543075f54f4a3e9bc8c3d55e2a9af6e945208b16b86d925ad0a9046f3eab192e3ba23eafe173b4436c8a114d4ecb7f3a1fe6d3a7329bfd0b
+** GENERATE (SECOND CALL):
+	V = 50578985efbaf6d305c817e023fc422a5409b173ce6b2660c650721e7ac0569b09e6a65ca1c52bb2d919010145a04df1433eda4a5203bac758aac34b4e8bb9d0dd755dd5f62dbcc5a18622ce64b4aa869ba82520faaa99d6d554bfb6523f856959e6d1d0f5b0e790d0906d2cb8e73f
+	C = ae25ca671e7bd654c828a128e6592ee7a785f93acfe745326f3323fb73b210d332b34c474dbf6a1e75f0f727704f5d01871426b9b8d8f2c78435bb70f82684ca97d0d3fa8149069f4f9237d44ac9ea4fd31949bd4c482ae937dc09cfc80dc13cca180b6450b891f0f5989e4c07a306
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 2cd749f4138fac833fac5306a64fa67cdd6b509b990af1a6bb17777741adf83b
+Nonce = db2f3b2560f01f809d5ed5e7cbd75ea6
+PersonalizationString = 0569eb8ed53854f69fe325bf5f3c7d59f446dac2d053205eac6b929ae3fb9c82
+** INSTANTIATE:
+	V = 84f38bab3f021069d498ff65603a7f49fb8a298497994039005791163da87f6b107ff5a1699a8292ce254194c777bc2495cf20fd006b055c442c848a2adc9a9b7bdeb044bd7e8d3ae07a4c29950d45b8d5721a27958a4eb6dd70a28e910eb65fafc0f91c4a527d765af4d9367c3ec3
+	C = eeac25d7b220a949d5c79a7138822731f633cb67230a6bfd03b8254fab1ccdff3de0fc419eb96f46ee617110bf75dfa8cf84106e28838d07b4b682defdb0a4b169daa2777f83ff09f0fcc1f7c25f074e7d56553f5fb9030076bf79fd51febcc2b5241f203ccaf6c7bcab0bc011ef72
+	reseed counter = 1
+EntropyInputReseed = bf9d1429517cc11d708a30bca8ec5df4fec163dffbcc0e32585b71aed55ae1e9
+AdditionalInputReseed = 
+** RESEED:
+	V = 0c103eec9935bae34816545d9095ad23c958926b909c2fc4e26583f5c37d089129a2e9cb9c955113a8fc961354ba2f473bfe6bdd60d7c6995689ca64859b639608f04ebb0c3f2ae7d71de45b93cb23b2fc69d919821420dd6514c1d5643cf34c123bdf646e2398f68b9b9992db9b7d
+	C = 0911398b84c267f62b58ce1f1bfe6c67e1560af1eafabed876e4ed1d7d9eca9e5e2ee01d89cc5cda9bb5576613404aa66a640452e24f9f7a1ad1b2fee9034488f8bf1f30df2319353fedf83412def98a94b02c5e8941d96d998194dbdd0be0f2149af12663362a9c0f61d5151899b5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 152178781df822d9736f227cac94198baaae9d5d7b96ee9d594a7113411bd32f87d1c9e92661adee44b1ed7967fa79eda662703043276613715b7d636e9ea8d7ed7934d1fa048de7138f7f0c7728cc85afd97433ec19e5f1b862908652800358715eff88138f1add4a420a9df16077
+	C = 0911398b84c267f62b58ce1f1bfe6c67e1560af1eafabed876e4ed1d7d9eca9e5e2ee01d89cc5cda9bb5576613404aa66a640452e24f9f7a1ad1b2fee9034488f8bf1f30df2319353fedf83412def98a94b02c5e8941d96d998194dbdd0be0f2149af12663362a9c0f61d5151899b5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bb2fd351e47adea13895fd37c5dc2977d941a443a1ac68cc2ef5fb0af9cfe9281b06f6e811190ad3f1dc1f7fd347817f666cd47ba743dd8a86cfb186fefbf38c68e39eb913142502470972385b8e7cb20ecd12b5530570fd12f44a2ce23caf7762a72c12f710d3bf5466fa03b91a713ac898b1bf8daa310667dfb1c6e994fe94636b88edbea32035d9b08c83803c6aa542b5a8b2011437ac1184dbd432b3f437f6b55a28d7200240af3c1bc873091fd1de05780de3b905b092f5468de0810a8b
+** GENERATE (SECOND CALL):
+	V = 1e32b203a2ba8acf9ec7f09bc89285f38c04a84f6691ad75d02f5e30beba9dcde600aa06b02e0ac8e06744df7b3ac49410c674832577058d8c2d306257a1edb9a934d1bb0973d3a762158c20a50ff2def579e9b51cac2497a87c8c79b87f76d56ce0e7f72c9e085770e222e2e7e0fe
+	C = 0911398b84c267f62b58ce1f1bfe6c67e1560af1eafabed876e4ed1d7d9eca9e5e2ee01d89cc5cda9bb5576613404aa66a640452e24f9f7a1ad1b2fee9034488f8bf1f30df2319353fedf83412def98a94b02c5e8941d96d998194dbdd0be0f2149af12663362a9c0f61d5151899b5
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 6a5ee01676ba0e28f83cdddd3ac8b03db86ce6d0feabdf4e33c9a5b00c0b9767
+Nonce = befdcb804b8bbe3d99419d721ff49252
+PersonalizationString = f5cf18bdaf69623479f5391b79342a90142cf1997e7737ed8a44b06450751439
+** INSTANTIATE:
+	V = 4f79e4d4b92ce1dc152b5415dfb66c5ebb01cc68402cdc042a3aedff228a0a07bc7bde547de3aba5b588f1db9e6292cafb14481edc187972e1494c36758b325391686b5131a63a03632dc63d85336d7250f0dd06b25b0f5ae8e681826ef3f2a958315a1a87437a7398173b156a1097
+	C = 19350837a6375ac9dd56d4cfa3549311b9d3fcc89d61b4083532569597422b836e98a3690a77450588118b308789dd39e000938fc8516d7832eff402d123dbded8cd7350c8174da3e7d91b6da7ec4add4f9dd77a10385b775c5a4c58cf4ca31d4c615667dbcf4a6c1c97a21e256686
+	reseed counter = 1
+EntropyInputReseed = 4ec9e2ff2b4893eb5762d45751259d903ddebb93dc17c9528d24afcb73a843b7
+AdditionalInputReseed = 
+** RESEED:
+	V = 0967be1105c0d26e1a32a012350dbb00178b41c394eb56f62fc8941da1839061f3be0c81e0b2829fd1422490584d5ae95b17d1df31ad6295ddcbb25057eda85e3e79ff014929a51336fe691d0956e969c37fcc40caa3fa0fbaf62650cc710d728767803481845732d604a4423b7247
+	C = b8a1a7b3676a4b95382a13e422e470c57b7d0d0790d74cc5e235ad2c660cc0f2ac0d6746f79473a2dfea629e2f2b1da09535d14d6c1ac6723c8acb596ba4b5da62ee5d3d75e32c17f83bb2c069456c267ecb3f6e9c4749c480975b78ac02dd904af8ce1837f4983c4bafaaaf51b71f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c20965c46d2b1e03525cb3f657f22bc593084ecb25c2a3bc11fe414a079051549fcb73c8d846f642b12c872e87787889f04da32c9dc829081a567da9c3925eb6d4aa8aea75f2cdb79b94e8a0dafc94e1c21fdfda0f594a1ad4d23fdab692f8d4829383d02ded8eeaf36ac453b247fb
+	C = b8a1a7b3676a4b95382a13e422e470c57b7d0d0790d74cc5e235ad2c660cc0f2ac0d6746f79473a2dfea629e2f2b1da09535d14d6c1ac6723c8acb596ba4b5da62ee5d3d75e32c17f83bb2c069456c267ecb3f6e9c4749c480975b78ac02dd904af8ce1837f4983c4bafaaaf51b71f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 40095f15bdeaee5024686dbd1e54b9a7f8dcd8ac5d87479597268eff01f2fce26d3eb33e5227b0e68b5301d4e9e066ba89060259b712798e3494ea7c11b669b02b7f7ce9b33a8d0c5ee0a90c3cea074d1194976cdcad57e9c1094a5f02f86b727da65cdbb71ffcc8e198dcfc177b89d9d60082bcd6abdc9bd2e23f97b1038680f1db5a631bf44e65475bfb21bee3627c7ef07220df18af1c7d657e90c11b3d36280409eaff3b7841fa78567a66a512c46702ae31451741ec0f1eb9c3eb492e88
+** GENERATE (SECOND CALL):
+	V = 7aab0d77d49569988a86c7da7ad69c8b0e855bd2b699f081f433ee766d9d12474bd8db0fcfdb69e59116e9ccb6a3962a8583747a09e2ef7a56e149032f3714de8e51da7a642933ae2ebfb39e688aa0e3b39334c06918337649e24bae09a717217a902a052de8a6a7e4a086d9e7fe91
+	C = b8a1a7b3676a4b95382a13e422e470c57b7d0d0790d74cc5e235ad2c660cc0f2ac0d6746f79473a2dfea629e2f2b1da09535d14d6c1ac6723c8acb596ba4b5da62ee5d3d75e32c17f83bb2c069456c267ecb3f6e9c4749c480975b78ac02dd904af8ce1837f4983c4bafaaaf51b71f
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = b4062a70b090552d2ae2b99c391ecbbec93da8e3643e862937f592e2d024b876
+Nonce = 3d07276c3a010d591dcb13ff86d13297
+PersonalizationString = 20bee2f3b1ecf3c9ede23f14b80bf8a67d71dd178d0452a5c7617718d029312f
+** INSTANTIATE:
+	V = 2840bbf9fc85808a3cb4ea0b01bc3c038e4178aa000ddaac830b9a9d729d062ed527ed27b6e1899d6d4ed485316f06b4af133c73c5500fe15e331c695822ef5371dad717ca73787f3bee1b176657d0b056efd6bf306f0d9264dd315be64ff626c469ce6c2ca3ac09bba22499aadbfc
+	C = 1705840c7422aa1ab89965831c521108a63c233d74c8adb63fbf31b0828b228d33f9552fd27ef88c5d93b0faf5eed547225963f521bbd41f5a4d91c6970d915326d2e20e51843c690385d756a6bab37aa347580548ba43ff90d86aa75a3730778857974d7461249ba2e292e1f8afc0
+	reseed counter = 1
+EntropyInputReseed = 7d3f013a5e8b0f9d2e714fe450c7a0afa424633175279f4b3a44554bd1132ed2
+AdditionalInputReseed = 
+** RESEED:
+	V = 25fab151ca687a1db7156bf77983749541e082f785a528d99c02e5863ef6d53b33ff521346e10c4c7d57086269a3bc05026650b4f3b1a72af3008320140f36772241af79017be9e5cd22e0ec88caf5e1b3ec6f2f82a4abdf55ab6e7167ba79bae43ba86b98f77b9768c7357a27c07b
+	C = 3e526e93daf6a8c981831f30c5763ffeecea9c4d34151e091739507bcf59f27d040b6842117e20fce684d48fee9bb37a299aa5060bcdf5696406cae889e2419557387638509f951cf8c32d7ee0a4e1ef40936519300a367ded1553edd65282556f400636d1d14e9afe14d5455a0199
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 644d1fe5a55f22e738988b283ef9b4942ecb1f44b9ba46e2b33c36020e50c7b8380aba55585f2d4963dbdcf2583f6f7f2c00f5baff7f9c9457074e089df178f3d3eada6de1a01e08ca2af98bbd75dbe3eec1ca82ce76ebe43bacfcc712d42e93fc637ca2625013a07deea9940c2d97
+	C = 3e526e93daf6a8c981831f30c5763ffeecea9c4d34151e091739507bcf59f27d040b6842117e20fce684d48fee9bb37a299aa5060bcdf5696406cae889e2419557387638509f951cf8c32d7ee0a4e1ef40936519300a367ded1553edd65282556f400636d1d14e9afe14d5455a0199
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ba1ffffceb1df91e3f8e435eacb30aaac725a58b78555822522e68916af92dc6a59656d1b7383a2d0c476111077c85c4a6aa8324f87b02bc5b2c558540d4602249c282930c147288ac3955258477c02179437b5eb55de7f54ed1cff8d9e50a5f093d8687995a4221d0852edc03530680f6154f98c83a9a0545937ca1c8f56119f0b20d65778018e58ba2d81a53ef4408585d4010699462e313049f4dbfcd9f033ac627958eb5b6478ef2f7909c9ce4fae16115cc98186a34ade5f7f7712c46f1
+** GENERATE (SECOND CALL):
+	V = a29f8e798055cbb0ba1baa59046ff4931bb5bb91edcf64ebca75867dddaaba353c16229769dd4e464a60b18246db22f9559b9ac10b4d91fdbb0e18f127d3bad53e32e2302d100447647bdc3148d9ec3f928f1e8b8b01a3170c4aab8776ccfbb3454b6ae45af52212189bd9b7bd2c53
+	C = 3e526e93daf6a8c981831f30c5763ffeecea9c4d34151e091739507bcf59f27d040b6842117e20fce684d48fee9bb37a299aa5060bcdf5696406cae889e2419557387638509f951cf8c32d7ee0a4e1ef40936519300a367ded1553edd65282556f400636d1d14e9afe14d5455a0199
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = b213294ea66561423885affc971917d3ecb5120a000c73ec520a7abe62e49169
+Nonce = 0614f11d4727bf6e9381f5dee5d45866
+PersonalizationString = 117fd49175e29b692e79fa8a988e718a35c46c07cfc367bd34a7c96debeee8fd
+** INSTANTIATE:
+	V = e995fb31fbded64481f6e2e580eb6bb493dce2028653efaa14e4844652a0a2fd4651343b7ba20c4feaa10e2aa8877480982a88339188d94f57baf0ca212502f0df0486a0174d0a60ca8e53c36816961e07c2e6df5e2fb2f10495fe9ce5cd3549845669813eb84ecea11439c8a3d605
+	C = 932b2361e74169fe6a189756c4927a370961ac040ea5a83868eda30ae3d52aff6f928db6fac964e6516920a433a42dda84c1a833f633b7db1f3630a85f135bee3748e5b9369f6e44815928f2de6588dabd7bb38c82daf97e1b47c93c7642f672ec8ec0f7dde4988d93569457ae739a
+	reseed counter = 1
+EntropyInputReseed = c1648a83a9368bfc1780ea27181619f65940d85f131255f451721dac93271b50
+AdditionalInputReseed = 
+** RESEED:
+	V = ea3fddc63957a3a26b741bc2e6b20fda222d136f5b331886795fe41481f4de5f0138310e31d3049a5d3d8372ee1e44c21e92af06d949f7a9a84933013e27a3f9242abd28fadf868c8ffe0f3b11458e1555426514cf816830b983edce3fc157aaa9c88e36b4e084fea194334304ee73
+	C = 0533aee94882af68804985e80533033f2ac538512e477017582ab370b5e50997b1851b975497182fcd31c95b2722bf1b4ab6df1d6e2862ca97dac3a3210d20d313afb25a93891cfce2205552636e1570157cba92d510f4453c0c6ef0df867df2d63d70eb72efa619fcde96fd108584
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ef738caf81da530aebbda1aaebe513194cf24bc0897a889dd18a978537d9e7f6b2bd4ca5866a1cca2a6f4cce154103dd69498e2447725a744023f6a45f34c5a67b4fa70ddb2611a44dfdd2b21b9a0c3211971727e39d57d9f2bf67cdf8c6f8820b0c5fa99ee6976160a10dd4e0163e
+	C = 0533aee94882af68804985e80533033f2ac538512e477017582ab370b5e50997b1851b975497182fcd31c95b2722bf1b4ab6df1d6e2862ca97dac3a3210d20d313afb25a93891cfce2205552636e1570157cba92d510f4453c0c6ef0df867df2d63d70eb72efa619fcde96fd108584
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2e95950abe48470bfff8bc4e2e747515764eeac07ab0368763e207e89bf8ce819c625bc4a052796fbc77385e33854b5c676f8ff832fb05ac2e2d86f8162cf036cc399dca1fa140eabf9d05f9acd4519ba7c82414d20a6dd3e123983f156c22a65c1263b6e2803b3f161aaefcb99c24df2c32655b0b4265484ce4f5a522bc6ce4b84583a207209e4253460b43c2ddbc6b4f4cc8414f85855b6ce8e5b43bc73ae9dc1dbed6f7245b881e071b79a0e06091eb1607b73131d7a03a51f5c8b1523881
+** GENERATE (SECOND CALL):
+	V = f4a73b98ca5d02736c072792f118165877b78411b7c1f8b529b54af5edbef18e6442683cdb0134f9f7a116293c63c2f8b4006d41b59abd3ed7feba478041e6cf56d3b5055202254e13a4291d061a7fe923a720ef109e2c469eefa671a673433244e5726b65ea073234a6415a01945f
+	C = 0533aee94882af68804985e80533033f2ac538512e477017582ab370b5e50997b1851b975497182fcd31c95b2722bf1b4ab6df1d6e2862ca97dac3a3210d20d313afb25a93891cfce2205552636e1570157cba92d510f4453c0c6ef0df867df2d63d70eb72efa619fcde96fd108584
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 22b375c2fab41f9213dd1eda02079d871dd7eb7b4698552a3362a4b1303f29a7
+Nonce = 5bf8e37c661114dc5ff5bfeaf790c342
+PersonalizationString = bea98caaadf74a0a9b52135ccd9cf3ae767078df2f43eb4f5d6214420509e290
+** INSTANTIATE:
+	V = 40813ff5ee33002a38370f61d3b4194373a93d25bab5023ff301e773b52c120feadc3297f136d7f0bcf8cc5e4550977ead6f980c1eea1dc2a641e44c00c0dfa12cb5c45a9db8ce869a3b7dc03bd1f115cd846077ac5ff6290394db918588c4f1d0d6b95ad4120b07bbf06303032aa0
+	C = 0bc06a3205ca26b22b18915174c398ff89aa9fcb3d30a4ecf17ee422715271239142ee72c3ff9d010e9043ccde16a197f35a94bc6c0c650f0554654849d47f3e610de777f5a2fd5d8e325b43fdd89c7d6a7c9a84695b2117d25867add051b63c33ef45aab097bf1f2403e23149d680
+	reseed counter = 1
+EntropyInputReseed = 4426cc7228127dc7bbe8c151f7966ae41f4d7c67501877582558afb5067cb1d0
+AdditionalInputReseed = 
+** RESEED:
+	V = 79b378189688c27262fe0eeaed934f2768a31f111ffa797a5c71077167168776b1b2325f7bc87d5b375a457b329dad3ba8744e2d2a2494bfa886fc599b407ce28f222735f626a561631d3c9ebd1098088397e1d00edce71da903acd21d8796342682beacb5fbaec5e1ac267242ead9
+	C = 438fdff967cccbdaa9417fe1090e2c7d912feb83a1a9ada881376acc2a3cf2dfa1564452e246fc865c630ace871315515a5f8e967dbdd0028a498690347a7d9e7e6a4c1439e2c466684113ee182faa1c96e619ed97ca14c604683e7e0efa20801434391dfe7a5f3db52330148844be
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bd435811fe558e4d0c3f8ecbf6a17ba4f9d30a94c1a42722dda8723d91537a56530876b25e0f79e193bd5049b9b0c28d02d3dcc3a7e264c232d082e9cfbafaac63b87c4efb8b08b30dd34782696d49b3535975ab19cc9ab590305c87d8cb6750bd11fc2b6d105cb277dd8833d4c760
+	C = 438fdff967cccbdaa9417fe1090e2c7d912feb83a1a9ada881376acc2a3cf2dfa1564452e246fc865c630ace871315515a5f8e967dbdd0028a498690347a7d9e7e6a4c1439e2c466684113ee182faa1c96e619ed97ca14c604683e7e0efa20801434391dfe7a5f3db52330148844be
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e213711230a5cd82ba54515fcb3c180f4168c579a5119436e4eebc9e18488a8d3a569b02b3f356c7e330369633675cfc3db7fe4f376d0a1444ce99ea883edf737d2adb83aab5a904ba1ef58014836bd3a7646b4b9bed9ba9d047a566c9a724e2ea73183df3f472d58bda2530ee0474e52983c68e69e87f4e550cb738109a2907b1198ac017daa5e5661a51ab711edfc50f9a18a94d3b0eb5e4ac37453aee7696e13766ffa2d5321e75ce857e586f6884f33da67846b4e00c353bc15db4759734
+** GENERATE (SECOND CALL):
+	V = 00d3380b66225a27b5810eacffafa8228b02f618634dd4cb5edfdd09bb906d35f45ebb0540567667f0205b1840c3d7de5d336b5a25a034c4bd1a097a043578c8dee3c3f15ec7091707a8fa6045f1ffe9119e935f9502a2b03ad2ca5eafcb0825b38de85bbd32c77761fb23fcd4865b
+	C = 438fdff967cccbdaa9417fe1090e2c7d912feb83a1a9ada881376acc2a3cf2dfa1564452e246fc865c630ace871315515a5f8e967dbdd0028a498690347a7d9e7e6a4c1439e2c466684113ee182faa1c96e619ed97ca14c604683e7e0efa20801434391dfe7a5f3db52330148844be
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = f25baf4c9f29b5f5cf5c9d575767820b29588e00600a9a52bc77242b806776f7
+Nonce = cffd182641950ce0d2c0b07b2e0c2ceb
+PersonalizationString = ec2cc3bafbf630b5ef6792ae240ef38e943cab41c7d5e9663be936d956a03384
+** INSTANTIATE:
+	V = 0df74cebb95b37eee7083b8d0e14bf86866104439de47fd7059d06ef17e5eb800a756f63810ab506e8f8647cfeb41fa7ff4c406f276f3239a8ad3e4c0db8d67fa7a288a0c28665700cc08b5e6bc45ebff4c4e336c40735332ad5f68ebb91bf04e827d81d0cb0a145c4a60bf3aae0cf
+	C = bfd997a9986f975077c86298a06e79382f501b0d31fa048b5cef83d54003c6f9a85fb4d11a1d71e2862d124fb47d60b4291e568e4d3720c9e720a79db3bab308a8cc553fd4dc8b38d6458f4aa53d2bedd85e03315b5680950369c2e8fb13246fca7dffb30bc5a39b3aa1e68b78a30d
+	reseed counter = 1
+EntropyInputReseed = 28bcc2459af2ceb72c247ac632712536771db073250500e9269887943189a45e
+AdditionalInputReseed = 
+** RESEED:
+	V = 657a36180fe5cb1908c4f556daf144e90629cffeb6855a98738d27765815552f827e7302af714ff9c0c49ef8daf9ba9e3f056abf60d76e35bb76744dbe930786b136cabd8f67e71510cba1cb8453fcd9ee0de0ad08ffa0f4485ea4ea0a3dc9704365fe6d67d7082359d1c235aa471f
+	C = 8e1eea34e5faa1f1b6983216b2fd1866abf7678876b2e21fb8a5ffc61d1a670118c2a04331754a452d6c2c07868a9467166edd16dfd5bf7d1a483791db0aa1845932320d53f8816029688ac9621f4a6e044a448d560cfe0426c805a25c5d1110d17bc1a825bb8af9a28c5e5c524331
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f399204cf5e06d0abf5d276d8dee5d4fb22137872d383cb82c33273c752fbc309b411345e0e69a3eee30cb0061844f05557447d640ad2db2d5beabdf999da9e4dd8dd4c23efd86cf4d50befc54a0570dc61e9b4926646b86c4c682e167b2e86a4d5a744c35ae030b53c55dc6aaa1fd
+	C = 8e1eea34e5faa1f1b6983216b2fd1866abf7678876b2e21fb8a5ffc61d1a670118c2a04331754a452d6c2c07868a9467166edd16dfd5bf7d1a483791db0aa1845932320d53f8816029688ac9621f4a6e044a448d560cfe0426c805a25c5d1110d17bc1a825bb8af9a28c5e5c524331
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc927c7128f824f830065c8f2449ea0e25d4fa30dc584dc88b7d9c07ba32bdf42692dbbd12f035ae7b11ddb8544afc06cc61dac1dd8955c74403741d4f156f0ba8189d6b53d7a2df9807a40584e78c3beb6350ed0b9f82858f91b2b01818abe1008ef2047ee42be7a226db73d1369502d1f3e072dff5bb405547272a87824037aa20c049024858d11e5480b8f01c8c0353466122422b81ca2cf33056cd5e675fde7d939ee4467d78feeaf5f0f90f6b4c4d5f4bb8697dab649a0b54de4cbb0b34
+** GENERATE (SECOND CALL):
+	V = 81b80a81dbdb0efc75f5598440eb75b65e189f0fa3eb1ed7e4d92702924a2331b403b389125be4841b9cf707e80ee36c6be324ed2082ed2ff006e37174a84bb4331cdef719f3fe9f3449c40d770b8ff3c7c67b4cef250e146fca533504d615203be4faed758dd962901a7143eba9d7
+	C = 8e1eea34e5faa1f1b6983216b2fd1866abf7678876b2e21fb8a5ffc61d1a670118c2a04331754a452d6c2c07868a9467166edd16dfd5bf7d1a483791db0aa1845932320d53f8816029688ac9621f4a6e044a448d560cfe0426c805a25c5d1110d17bc1a825bb8af9a28c5e5c524331
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 53b63ad6ff8aa2044854265e5047902c78f165649d3b536a1290fcdf5fde8422
+Nonce = 4d88360602217dfe09caabd9e63bd5a4
+PersonalizationString = 343b29bd94eb479f2cc41eac4b30d6e9b6872688c7016db38351a40f1ac78c94
+** INSTANTIATE:
+	V = 9372c99eb9c87a763f1227da80f8ff900ce2c1eeccdde9d74bda849d5ef4c84f518db892ce030d8f72f2f15f4d830299acf3638d77e91f74c2091398ea1cc09b87fdb54c9fee386fb23ad853e19499d5ae0018a3a611484a2fe7eb9bd0269b41e4098813e12b06899786b42236ef61
+	C = 59b6aa5f4e14d9782a194be0380a8cb514e53ee70e3f4a58b8844d4b02ae38650f8ac1adbaf84415e78745742b7e45c9f533d8e6c3de9d9fde7a886da3512e5c33a89d81b0b4512bbccc53c10eb0151be7e7a0d69d48bcd4cba9d2766e9f8526b1a4ba8069164dad1a56dcb0b2570e
+	reseed counter = 1
+EntropyInputReseed = 76fa9ff74422d02841d712c14f987a60ce50b13fdf4ce0a65950c619eaba422a
+AdditionalInputReseed = 
+** RESEED:
+	V = 81d40a30a5ebb73bf22f42714426f472771988983c6650809be4a5359dc22b984393f07649d9975341ece717fd1a3406e091582a033a9ac42716e7268a6fd4959f477c4394f709e5b8d5fc594c4f3da09879ac7591bc3cd5316a2e86c2dcdbe237c10135fb02f0be34f9a8ee04fe85
+	C = 1b220a1eb912e87a64e131b383266ed2635310f15bb8954fb0c643a3667bfc6c90bca1a590e75d966516e3cc8ad8bb17b49b513f91fc64bdec094fd37570b5c6bd03ed1ba0e015896ac9a76ae3321eaf1d0a48d7ce9512fc6ad2d1e789adc53601f164e39f2419d2036d9955866629
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9cf6144f5efe9fb657107424c74d6344da6c9989981ee5d04caae8d9043e2804d450921bdac0f4e9a703cae487f2ef1e952ca9699536ff82132036f9ffe08a9bc017a04a9076beab471a4bee88cb483f936c86fb23eedc08de774b3438dc32fa443269703fb98dd063681a9e671efa
+	C = 1b220a1eb912e87a64e131b383266ed2635310f15bb8954fb0c643a3667bfc6c90bca1a590e75d966516e3cc8ad8bb17b49b513f91fc64bdec094fd37570b5c6bd03ed1ba0e015896ac9a76ae3321eaf1d0a48d7ce9512fc6ad2d1e789adc53601f164e39f2419d2036d9955866629
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 40f8d44a94ed7101e8ca967d008d639db9dac5d7b10f35e46c25790d38fa52ba09f36ac01c2352d581b2a7d2656f227d27fb0072cbef56d6ca0544d04e3c5e6d129aaa40bb3c5e8e8e7fd0ef3f07e6192b131c0be72f98e96c9ad23284f64cf1eb0a74f2f79a2ad84883041f99cf063a11129928d15293895e02fc52174b644de853a30c0e98295edcc323e13d4ab58ca17bc9ea4e47f6cf70cf18fdffd703854180fb82cfe48a6074e2f324aaac64712f0f56bf9c91d75bb448a4360e42d6bf
+** GENERATE (SECOND CALL):
+	V = b8181e6e18118830bbf1a5d84a73d2173dbfaa7af3d77b1ffd712c7c6aba2471650d33c16ba852800c1aaeb112cbaa3649c7faa92733643fff2986cd75514157a8ef109db5c3b763b7ac76aa32caf9a4eb06109f6c8f85c38b26a5753a64bdf4e689e07a6aa0a3cad69e7f85dc7517
+	C = 1b220a1eb912e87a64e131b383266ed2635310f15bb8954fb0c643a3667bfc6c90bca1a590e75d966516e3cc8ad8bb17b49b513f91fc64bdec094fd37570b5c6bd03ed1ba0e015896ac9a76ae3321eaf1d0a48d7ce9512fc6ad2d1e789adc53601f164e39f2419d2036d9955866629
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = a04425c9f86cb07606f5b78ed6a7ecd05b0733006000ed09f79503a914c664ca
+Nonce = 19bf5b20804b21a1c079eeb615e233b3
+PersonalizationString = 0f33174333b68fe84a6c13ff678c3d2ff12203e25270796d703ecca03afea4b1
+** INSTANTIATE:
+	V = a4c4ded433f8fdc69c1ca2ed1630349341bb449b79d03afb8bb7b7e7b5631be75da77c9e0c5e2f5d4f6eaf211466d175ae7645a4fc26b97a3dde54ea27cbe78c974f9b4db3a2492b8b469fe0c0a603d49071e0c72037e2965fa993dd0b5b11096ee59d1ad539551507b6d986b22a5a
+	C = 38d73e1383fbe0c3dad288cfed069594eea23ddbb9855d623471fc7ad6972e40091683bc073372cf5490ed34e8588c02c25c45ceaff6e96e83a96ac59f85fa8a50efefba864024195cd9c309df592e1c83b7f0da4a9e971535c4887b8611e7f8a73183ff75745d5b21ef263a825ebe
+	reseed counter = 1
+EntropyInputReseed = bdae4f8e1eddb933250a98f6088ef7518a6c36d0d09407e8390d8e9c5e936fd7
+AdditionalInputReseed = 
+** RESEED:
+	V = 60b56d6a584fbac434f07d86e5b94122d3d8549315438a19f06100507f5d488dfcc46c911c86c7c0dd0cc3e72113d34c2e593587a494d5d09f0d21424867b6499e3e4ad03c530f60954cea76f5edef4b0470559260a33ed6033f87666ffa1543cd8ba010650ab24b97f434b44bcaf3
+	C = 376031c22aa7959e99fecea89555b93a40816825ab04f90bbf6c9ab1b9e7e12f94ad58562e1f59a581580637a1b5d2cee73014041f5e03cb3b4f41d530408479981fbb8c5dc8b4f425c0da41449d843f7e2c6a0902d37173d863db4f669c0b6ec85ce1deee4aa39c3c3e60e9fb811c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 98159f2c82f75062ceef4c2f7b0efa5d1459bcb8c0488325afcd9b02394529bd9171c4e74aa621665e64ca1ec2c9a61b1589498bc3f2d99bda5c631778a83b9690dadf06c50e910fb69e0fae1b7c3480eceab3d91cec179a2e45ac199b897c9cff876b08773d381d71ee940dcda062
+	C = 376031c22aa7959e99fecea89555b93a40816825ab04f90bbf6c9ab1b9e7e12f94ad58562e1f59a581580637a1b5d2cee73014041f5e03cb3b4f41d530408479981fbb8c5dc8b4f425c0da41449d843f7e2c6a0902d37173d863db4f669c0b6ec85ce1deee4aa39c3c3e60e9fb811c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c9e8bf5226f4240006efedf239f94d3bc69c0f5fbea4fa816e2687d08e8c874d20fbb357a487c4551d759fb3c4f57874c550e9e97e5914bfebbafe054bf8bec2388e22360599a0bdb307f0ff1bdaaf5b20f5901daa39c08dccf7891155ec8cdd7d8c1a09ec33cb30ea570af200edc0b203be0b2a7d208c8dff28cc1a4fcf59a98dd0bb9f361700590b1f9a5c549fb3a431a1a24caf616d46d6b33c935a84ef5e1d154c1c0c2a148ea4aa0a71ca4d71e011732427246d0358451e7846cba65330
+** GENERATE (SECOND CALL):
+	V = cf75d0eead9ee60168ee1ad81064b39754db24de6b4d7c316f3a35b3f32d0aed261f1d3d78c57b0bdfbcd056647f78e9fcb95d8fe350dd6715aba4eca8e8c0cf63c0b6c981df6a27da0e310d43346c3ae855eeabebae3a73102e8f439e76248a966b65689b2654e52d085b25cc5e3a
+	C = 376031c22aa7959e99fecea89555b93a40816825ab04f90bbf6c9ab1b9e7e12f94ad58562e1f59a581580637a1b5d2cee73014041f5e03cb3b4f41d530408479981fbb8c5dc8b4f425c0da41449d843f7e2c6a0902d37173d863db4f669c0b6ec85ce1deee4aa39c3c3e60e9fb811c
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = a2961f9ef35505ecacf3aab4d6812d7b0741f135cc2608027388d9ff318cce6e
+Nonce = 3ce148d94cd0ed5864c103a248752847
+PersonalizationString = 7e246b890c9596c88f84d7f2a69001f42b0108f0fa0ee6c739393662bef54e7f
+** INSTANTIATE:
+	V = 62ab3f394f6b23f4dbe5d84e20dd3b5072c9d3614f8fd66a5ef505df423761d1fefcf1c6731709b4f8ea32d9b37d76f56784af8526424a6b220a51c4d17d0171f718a2be376c4165fb7291210d2a05b5068e351471bdfc8ea307e643f2925f9514067d6a30f0c7ca62232745238e2a
+	C = ea3222e669d9bb0d80d99ccf207b395a0618c1ec81c8978ea86262156cc09ea242769ef84f46df473aabd6c00cc3fe26ca3af1a09ad7792ac63d2ef20fd92e66b4e2e7513fc5e9d6edd658b0d9b8cb734af5a7118622d2d0da54375e9c0313b85785fdd3d0289ff014ad077af55803
+	reseed counter = 1
+EntropyInputReseed = c7c6950a2aed9d78805965e142cab7fd992a543897ee0d229c089c892035d2a8
+AdditionalInputReseed = 
+** RESEED:
+	V = c8045b1ad5286c0dd713a2faec4d0287870bd17d0128c8d8adf1b29eecbf12583620142abe2a15a0a2e74496796ca9b70b5d7c554cb440b851b654ff539ecf9f638067411bc07de9da68af4b91ada5fe045a6f26f270025b4ba1ffa4e4769d2d62a7c8c54d0fc5b73ab9022553ed90
+	C = 3834faabf3d21ae026b3b6baf28318f41ab42a55969b9c4aa3e0a36b6c1c238b95fdcbcb5f0630964613d972b9b4c8da032f6d887b0cba8509a3a27d8bac87cb90163f79678e2fe2586fdde78fc1cb7ada7610ce3ee8ba57451e091b4bf3863066e78db4202d1e062dfa883b8e14b3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 003955c6c8fa86edfdc759b5ded01b7ba1bffbd297c4652351d2560a58db35e3cc1ddff61d304636e8fb1e09332172910e8ce9ddc7c0fb3d5b59f77cdf4b57b4c06e58220e48c0ecfb4cd6ab0e85a3bbaa51972039c8b41c49c74c6f91ad290dcf6b8fdc946071f168e4392956fb17
+	C = 3834faabf3d21ae026b3b6baf28318f41ab42a55969b9c4aa3e0a36b6c1c238b95fdcbcb5f0630964613d972b9b4c8da032f6d887b0cba8509a3a27d8bac87cb90163f79678e2fe2586fdde78fc1cb7ada7610ce3ee8ba57451e091b4bf3863066e78db4202d1e062dfa883b8e14b3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d2a5a80c490c2cce9eed001ab71b8029a49c187d56017b3b6c0aba2ab93ca90b1a3c5d96bb6dc2813d944e9aa92c922c2821344482a0fcfcba854e15c90ca1f6fa747decef1025f137a53efda2a50537e7b084d53fc904d26af47cb1501a88eccd6b194f2b0dc9b95e55e5913e935fe29190ddfb99aaf8608c8cc1aa2c87bf8a945bd186bd38c79778959c3e81a56deb0fce1c9b75f1ba942fbc0f8237eb3fbf65d0214a60294899556c8714987191314751350382577eb01710fbaaedd96d2f
+** GENERATE (SECOND CALL):
+	V = 386e5072bccca1ce247b1070d153346fbc7426282e60016df5b2f975c4f7596f621babc17c3676cd2f0ef77becd63b6b11bc576642cdb5c264fd99fa6af7df8e114bd9140e27567edd30e141145f602472804dad30158d58dfaffeb83e74d1e0f1798a65368f9ec13227abbe12e999
+	C = 3834faabf3d21ae026b3b6baf28318f41ab42a55969b9c4aa3e0a36b6c1c238b95fdcbcb5f0630964613d972b9b4c8da032f6d887b0cba8509a3a27d8bac87cb90163f79678e2fe2586fdde78fc1cb7ada7610ce3ee8ba57451e091b4bf3863066e78db4202d1e062dfa883b8e14b3
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = bd976651fa9853af723dd803e238af32276f62ed43dd23e7bd880a318e654b0b
+Nonce = 8af845903fc95cfa56488e76cf0a8f72
+PersonalizationString = 281e41f0ed7bc9a4a01030a16d9ec0dc03da13f3151e5367b7de6e30fd66d564
+** INSTANTIATE:
+	V = cb9851bd4e12340d75641e5d07852eb416f4f7133fa021eeb1c5f3e75126fdfb78a8164d0f49a8158661acc397712d635210f727d3ee100c45d32f5b0eb2e489a168fc4b73e842c61f8fd054118e1f32a8e5de35cfde4382095e107f1a3bfab46eb3ad443482694c2115254c76fb92
+	C = 007fbfe975e98d19417d0387b3edd11290ca42c2ac6339987a8cdc80192e5117841b0f7305f54a0d09f9c5d7f1ab90362874a0e188e225b16c89f5e32ab544a5a762b81647245584bcdfea3bb90800da73ce7d0a36d8b17b8db129b58e817a86a7e1eb5bb672281916a1368579a1b3
+	reseed counter = 1
+EntropyInputReseed = 78f11c2c4d55836cc16742fff4125fbb28017203c3ba6be48a9748b366e73430
+AdditionalInputReseed = 
+** RESEED:
+	V = 5ed6ff851d184ecb1e38593c55d22e20a79b986a5b11ee3758c724208787aaaf03e072a658a156e4c7ae5716f8e6a8c64eb650882f757a5becbe792b4bab36deecbd5f239f70fc79ec04303a77609f7130e9c527c353c68f6b67c43bb00655e79c88bcc859d7a2a254074b29dafda8
+	C = 8d9144e19991265f6124fb7cf0e55be7667978d8cf97fb02cd226295df666b9a1499d6836a3b6879d5c3361d018a2ed4ae950ce2caa712516a8a1f14abf0bdc274904c041a8fc8bb608196b21f21483ee61c45eef322a31b91dfc286ada28de5eac9462aacb0705a103c1483ecb73a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ec684466b6a9752a7f5d54b946b78a080e1511432aa9e93a25e986b666ee1649187a4929c2dcbf5e9d718d33fa70d79afd4b5d6afa1c8cad5748983ff79bf4ceed3736c097f7dd89260ba7af1ea096ab874eb54624450304b364ac0c65793c6f63ccb979ae61b4d3809a6d2e8e8ca6
+	C = 8d9144e19991265f6124fb7cf0e55be7667978d8cf97fb02cd226295df666b9a1499d6836a3b6879d5c3361d018a2ed4ae950ce2caa712516a8a1f14abf0bdc274904c041a8fc8bb608196b21f21483ee61c45eef322a31b91dfc286ada28de5eac9462aacb0705a103c1483ecb73a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 367ddf9a683014b0accb42381d90079143a785f780493a51b7ed84e5d6f3922168dc2149783ef8ca8a0652fb1220fb95abe323a6415bb7a81dccc3389181e0154236c85a22998b764204208d034f2f2a9e4761c1d612425af3a34cd0cc5491299deaffd02e0ba6990a2485238962ab541f6baf36a05967f28e85c3200246cd9969fbcc6a52cfcf3fa281e5b128fdc7d31534a0885fd839d4721f018a8ca6a60afb144f6d4b50604a374c605865d255c228bf6bc232901caa003659b458659da3
+** GENERATE (SECOND CALL):
+	V = 79f98948503a9b89e0825036379ce5ef748e8a1bfa41e43cf30be94c465481e32d141fad2d1827d87334c350fbfb066fabe06a4dc4c39efec1d2b754a38cb29615a3eaf586aa59f671008f51daac12675902030b5db6d8b209a98e9f391089a6bdaca710921ec5960cd57facf35fe1
+	C = 8d9144e19991265f6124fb7cf0e55be7667978d8cf97fb02cd226295df666b9a1499d6836a3b6879d5c3361d018a2ed4ae950ce2caa712516a8a1f14abf0bdc274904c041a8fc8bb608196b21f21483ee61c45eef322a31b91dfc286ada28de5eac9462aacb0705a103c1483ecb73a
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3fa9eff4d04ecbdb062aa91143d695a3c5a2cbee1ffba0c560c71975017c5388
+Nonce = 1675d87a212fb4a151682f6324d2b795
+PersonalizationString = e9cdcdaf950e9974813d9390d1780e5c2e45b6516125d7c272cf2428891c8c23
+** INSTANTIATE:
+	V = 4b23c96e2ab119e01de125f7065249fe12f0184b7fad02ffca19022d92b34334a549aa47f2f3774fabb378ddf9419e290212b44b869bec95a7870531c9fb53b8eff5e8a0af6aa46a7bb648f8714803cb716c6a9ce526ba5d90c6ca74373d72a6d9a285bba2f922a85979035bbf0e6e
+	C = 5b48a72700a0a108c69b2d53456a571de01662703f4c95d8250754ffa11d691b29c968e186d1d50d0428fd43518bf0e140335b29a9f1afc5271a25276e7659ec8fa4661d076160b2dc67fee6f0430c07ddcade2462eea909b5cd32150a13e6948e5d47b1d20b14ebfd0377a38ed7da
+	reseed counter = 1
+EntropyInputReseed = ee28792109b38e65161f669b438e699834eb511254e117ac59d7de5ce0f719cb
+AdditionalInputReseed = 
+** RESEED:
+	V = b7098c36a9aa8610df2bf32944f11f5f71ff038cde6b49345af108d7bf943bb05e53a5b53c5da4ec51f71d9f04af182a20da245e5ee92c6f56bad5d71e2a0c4d343bca9c0728b5d47e415573c850b1cecd8b19de75de50dd2c020ce3c062de3558a3216b29616d5b1fe8309fb75d94
+	C = ec7e724775515eb72bcdd76211d5af88bd5629a2ababfa2d9729c3928635232ff91b078914aab2a14e99d8ee87f1883355e99b8bf31a8acaeae7fcc1a25100681b277db42d354f0ee5f1d7767e4d41126bdbf7f1809b44b1f184f93c0b2a44a9f479ec8341a9c82c9cc885f06c989d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a387fe7e1efbe4c80af9ca8b56c6cee82f552d2f8a174361f21acc6a45c95ee0576ead3e5108578da090f68d8ca0a05d76c3bfea5203b73a41a2d298c07b0da8f369fb858e050248f117c0147ad1b447cb8121e4e4455c55b58e98e9fd17a38bb31f2449bcf3eb30cf4f0c213fc443
+	C = ec7e724775515eb72bcdd76211d5af88bd5629a2ababfa2d9729c3928635232ff91b078914aab2a14e99d8ee87f1883355e99b8bf31a8acaeae7fcc1a25100681b277db42d354f0ee5f1d7767e4d41126bdbf7f1809b44b1f184f93c0b2a44a9f479ec8341a9c82c9cc885f06c989d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b8e0833e91c7ce17868882fec5de47dcf7217c2e00096f3afbd176ac0be18c2638dceb052fac4b75e230ab0e6aabba90612521f2bc135db40415aaf49a6589be6d96d8b7fce90aa131b16cdba0332ab8be0bffab0607e314f905f721ba134d1dafaec8435d5e5ad95fe31a2f915b817f17d2ce034cf06c5cd1311428a6682febbbe90d7ef6d2888a8507f6fa81de6fb72f0aef79bfce77696dc5766f55fe1fae70085416724f16f3691ee599946a1aea600475f671957ac0ff332fcc29df708f
+** GENERATE (SECOND CALL):
+	V = 900670c5944d437f36c7a1ed689c7e70ecab56d235c33d8f89448ffccbfe82105089b4c765b30a2eef2acf7c14922890ccad5b76451e42052c8acf5a62cc0ec711ff364edf6cab6e65d522684f21dd90c7fe56d36e3193c629b7f5582c8c2bd4365c7f6c88f66c34c5b514c74ea496
+	C = ec7e724775515eb72bcdd76211d5af88bd5629a2ababfa2d9729c3928635232ff91b078914aab2a14e99d8ee87f1883355e99b8bf31a8acaeae7fcc1a25100681b277db42d354f0ee5f1d7767e4d41126bdbf7f1809b44b1f184f93c0b2a44a9f479ec8341a9c82c9cc885f06c989d
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = f411e1feeccf01c0d4bde61ca2384a2640b41e383a055b374e0acfa8170c2f28
+Nonce = 7cf75b960dcd0a0a9d2a4e7e8d5e47d3
+PersonalizationString = 25d6dfee3e74d3b6a9f459094203fc76e0e589fa879cc445008c80e3736fc0a9
+** INSTANTIATE:
+	V = 3112c0b228a06d9b4a2a5692e93086b3eabb95273adc221fde160b8ab1fd6ac3eca809efa237b258a83a25b8b03adb4210a057f8da87ed66fea9d2c7d5de2af6d088d935fe4b398ce042bd2942664777c0040f5699c05cbdc846a8f96e7676dbfa799c16195e4671e4d810ec01741e
+	C = 24b57c104b71897cb011342123c974b0494adad7ba81a07c9cd04410c14387dffb21156d9e241230fe25da443fc563a4bfb97e48c48a8c42806a15a07ec2c8b21f4202f1073306831a73f13911bfb85517470885008108e7fe5c5a19ba50e02a563d3aa540734a85e186097e5e08ea
+	reseed counter = 1
+EntropyInputReseed = d222df563773906b875d55dc1aef90337ff59fc3ca5ed0af5e46d306d630c7e3
+AdditionalInputReseed = 07a576624662253737789e543734d7c35ded8d74a3b53919b1c28c21a2b5ebc5
+** RESEED:
+	V = 21ef99d35ffe998650a877b3b81b9f1ab02604e2111a817de6c1fec76e5ed57072655eaa7e35b758b2be8a9c4bccacbdb814193ef56f96646763229f766e47aadc0fec6a4c131ee81df6299fe74d675c072d91ca8614fc3871c4db86fb3a1518baddf32bcfeeaabdbbaca0292c6d55
+	C = 4c2340a59022630a85ecb6724c3e9872a668300513f85ce46a2289b53c06023b24152addff28052e569efb88aa9b5a49d7254bc12137752edfc4c994a1fdef426ddd96f54b40e2ec65be7a3f3a2334f002047448fc11b87420366d85fc49d1bfb40a0e8e1b724a47f2db75b9debe21
+	reseed counter = 1
+AdditionalInput = 2561c8591281f0682d3811387d0cdc16c137edfcc9527134212701f73550c572
+** GENERATE (FIRST CALL):
+	V = 6e12da78f020fc90d6952e26045a378d568e34e72512de6250e4887caa64d7ab967a89887d5dbc87095d8624f66807078f39650016a70b934727ec34186c379dac9c47177ebfbee79ee96503da12d4ee8319732f2a2d589718b7371a95597a0f9c26f9c38a5137cc10e44e09ee575f
+	C = 4c2340a59022630a85ecb6724c3e9872a668300513f85ce46a2289b53c06023b24152addff28052e569efb88aa9b5a49d7254bc12137752edfc4c994a1fdef426ddd96f54b40e2ec65be7a3f3a2334f002047448fc11b87420366d85fc49d1bfb40a0e8e1b724a47f2db75b9debe21
+	reseed counter = 2
+AdditionalInput = 870441d9435f2cbf16f1168f50e32d9b8811be7adc10a5070c5eb993372c5732
+ReturnedBits = 9107af002a8bc3e0f0394eb0db3a801ca73844db0600873d1d576ccfbdd88dfc3eaa101e52e4c4ad9958d9d0e5f1eb555cd0d93ad2745a1302dfead60c42ef28e7211740b1dc694fdf72dd066d1d66a58aceeb9a8c6a9c67a75326f97b742b85e7abdc853b01bd799bb9f3e8e6b5f2a41919543b17c0da4e4e25f04e1c2859a56466689ab85c46cb9f593abff0f058f7d26f2c09e379e5e0b6e123f24fb9bcfba9a468dcb38a9577d63251d20f09b8d2b4dad74fb52e1e8dbdde6e0436563d66
+** GENERATE (SECOND CALL):
+	V = ba361b1e80435f9b5c81e4985098cffffcf664ec390b3b46bb071231e66ad9e6ba8fb4667c85c1b55ffc81ada1036151665eb0c137de80c226ecb5c8ba6a271d898aa15c754a3b3a4e02ab86596220cd96e0153ac279cf95f314932eb525780469afc635e1b48be9452f0b9d5dace9
+	C = 4c2340a59022630a85ecb6724c3e9872a668300513f85ce46a2289b53c06023b24152addff28052e569efb88aa9b5a49d7254bc12137752edfc4c994a1fdef426ddd96f54b40e2ec65be7a3f3a2334f002047448fc11b87420366d85fc49d1bfb40a0e8e1b724a47f2db75b9debe21
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = ea942580c38fe2a61e9c6c2197c3795878a0bd253c9037dff668e001740ad0e1
+Nonce = 2de5f7a4e10b884c0a65479dcb73b7e9
+PersonalizationString = 30d76c95d36b272e97b548e26ba3372aaa82fd0fca1bb3bc6cbdab99c4633f0e
+** INSTANTIATE:
+	V = ae4c9125766f7b42d0b16377c9eb9d5742600e17f5a93514f1dbed245f7645218fd7869c3f7ebfa8964b6faf65185348d0bc69f89ab84d40f28f735dc1863f8197ceb05d0ab6440dfce1811f9d62042ab4091ebae6adeaf9e07af287d63e1e002121fd47ad5a2762996565f3776d6d
+	C = 6de9be9d76d6e4b037eafcf9b30e27b296fdf24000c14a2f30c0914c3686f97292e3e6f91c434739df978c266cc6427fc99056e7bbb0cb4498585c2a62d158ac4ceacf2e1afd03cf6daa4003c682045116aa8b417202000768694958595bb66b396ab4563e9e6deb8d738e7255d62d
+	reseed counter = 1
+EntropyInputReseed = 47a372af41f6e48f322b43b25059542bf2bf0ed0c0f718715f83a4efc7ba2fae
+AdditionalInputReseed = 95dc648083f1523081e52cd6c4e22a388e618ba8fed3f7a6e28aca763949adc2
+** RESEED:
+	V = fd9dd4a5e92664892f9698dd344413130a29d79936625cc714ce824d96d584dfb5838281ec23cd10d82f265a684591a2a92fa24b07db434e32dba79a5f66ea8f70419bcb9b1e71c5c64d04cbf90ef9f5822ca8437328417823428f2344c121a03ac49738a7cdaaad3d148bd26d09be
+	C = d6eb52299658e129da2d032835a23101ca2b41ddc3eac26bb6cb838415ae9e3b3f86885e028e7e27046421b689ba4f1ccd8432a7d4fe5e8fd70c4f60a6bdad9bcbe03e5b7cc5cd6e6c5382662a459c9793db096b089e4a6834fb019e289b41691e385bc5c7cfd1db53af4e354447fd
+	reseed counter = 1
+AdditionalInput = 96833fc4e2eb83ab50a21aff86c8d6581cb4796ffa7b8b85281f7cf4db74afa6
+** GENERATE (FIRST CALL):
+	V = d48926cf7f7f45b309c39c0569e64414d4551976fa4d1f32cb9a05d1ac84231af50a0adfeeb24b37dc934810f1ffe0bf76b3d4f2dcd9a1de09e7f6fb062498f731b20a1c7cc0eb763afaded8b3db8382b0232252dffdfad0356c20554ef1af8897c546e7930d9e791d070cd54d7feb
+	C = d6eb52299658e129da2d032835a23101ca2b41ddc3eac26bb6cb838415ae9e3b3f86885e028e7e27046421b689ba4f1ccd8432a7d4fe5e8fd70c4f60a6bdad9bcbe03e5b7cc5cd6e6c5382662a459c9793db096b089e4a6834fb019e289b41691e385bc5c7cfd1db53af4e354447fd
+	reseed counter = 2
+AdditionalInput = 52a4425acccb43e74d33cf23e3458c1216192ac20b3843053a3005c18a4b90ae
+ReturnedBits = 611bd6aba0192a028253934e864c2cd14adfe80bcec9e2b0e56448e65f4e691c4133e7dad7ab3cf3d2e295d69e142a95aeaf4d6d5875916374870ad5123ea364e960d93dfe512e28fefdfa2ed5097947d9d154211aa8a4ca89c6eaae9eab4dbe9ba8b8d7ca37b9b56ccc8e8efda6aeeb64acdd73166c7a8b4e7157a53236a77620e8c96bb220bbede276a4e3414f2d6d96f2f875e10b6209815e20d8e252c6fe982092cb7078d3b539c3fa31b06dba7902137fd80bfa55f21d79695da6167370
+** GENERATE (SECOND CALL):
+	V = ab7478f915d826dce3f09f2d9f8875169e805b54be37e19e82658955c232c1563490933df140c95ee0f769c77bba2fdc4438079ab1d8006de0f4465bace247a11bf779a37d587286a57ecb2dbde1de30f6ff93d3d31ed3f85af7b805129cb3b428993dbf82ff314c2e2318510f303b
+	C = d6eb52299658e129da2d032835a23101ca2b41ddc3eac26bb6cb838415ae9e3b3f86885e028e7e27046421b689ba4f1ccd8432a7d4fe5e8fd70c4f60a6bdad9bcbe03e5b7cc5cd6e6c5382662a459c9793db096b089e4a6834fb019e289b41691e385bc5c7cfd1db53af4e354447fd
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = c18bc7a1f600be34357dbaa4f5a57d196b3a1896df9e6a5d23afaa54e75a0d6c
+Nonce = 25cae1e3b58826f2a5676a1e48b7ae54
+PersonalizationString = 80570ac85d1ccbca7030302ace052e0d864a062c15c27ed564c0d28554a42d79
+** INSTANTIATE:
+	V = 31f31e67fb6bfd46fe400bbaa5d2971ea7608988c4507700510a1115d54d7afed5c4bc438eea906e5f03511e7bd0fcb8720c0ed487f5242ec93533cc8fd1c7bbfd64392d631be277e07ed7a697550f5e0cd3c60ee28775d2122f02ed498e4a2b5a93114c58a5b68a0fac35d6d2653d
+	C = a725c1f954f790ff95cce79d04bb1657d70016cf01cb2500f7e386bbeb95025d1942a2b79d29584fbb4d4af975e3915000cf69bcf823914bd9bf4146629e290c684f946ac5c637b85cd482d1ff605b187de194bb2e10db7e51dc1585041de49fffda6c9669751f1b7e8db29bbde4da
+	reseed counter = 1
+EntropyInputReseed = 38212d0e84d21ed1d17095595a666a6bfa7d973ba2e4470d8b15d44441855acc
+AdditionalInputReseed = 16682c713133be4ed01118ae586d739fd4c5d586050376683c5fd5b9c26b40d2
+** RESEED:
+	V = d80d7ad45a9589e5dda6853f8206c0986a74fb19a97e02d7abab22d422e23b436a4ea2134088d5e4e75d8925ab575cfff118e1bc92668e531ff5019d3bebff6f407f6ae997ff173dc2397f419f2e13e9a62cbcc48c34db2837924254d6aef803dbac2867c91eaab1e5a817958ab2f5
+	C = f379d6c9d6a0080b1951a20fbfe9950cb39ddac7b5e6155a8716aba404f8c7424bb3b65e866b24b92ca3248b9043d4f3899e5371ea9ce79bc1c5197bcd270980476dde93f71c08b9548303738a2c42a5a67e7e01094b5d02db55495a25937e92ebadf4286dfaedcc4a66f7f467fc23
+	reseed counter = 1
+AdditionalInput = 061867fda15bb1fc56ec674c36ae06dbf1f50d7cc71cbf6f9be50c05622b8a4c
+** GENERATE (FIRST CALL):
+	V = cb87519e313591f0f6f8274f41f055a51e12d5e15f64183232c1ce7827db0285b6025871c6f3fa9e1400adb13b9b31f37ab7352e7d0375eee1ba1b1909130a97d99baf5b7ea9d24e618d08fec297bb9661a8e1b6c930d8131f71a4f3f8e57e21fc89417a8a7d2ea666035a2d0213f9
+	C = f379d6c9d6a0080b1951a20fbfe9950cb39ddac7b5e6155a8716aba404f8c7424bb3b65e866b24b92ca3248b9043d4f3899e5371ea9ce79bc1c5197bcd270980476dde93f71c08b9548303738a2c42a5a67e7e01094b5d02db55495a25937e92ebadf4286dfaedcc4a66f7f467fc23
+	reseed counter = 2
+AdditionalInput = 41b63c48a6fc90a3b3ea2494527afdc23a39a674b91a5feeaaad0505a394d305
+ReturnedBits = 732e4f9053227b80589e2cd0a0d47714d64e5e4e1357c392538c0a8c2ce37cf2a8c15d228615075b661d55ad65de34ef58d2582d5f339efe740fabf47d0c7caeb69220623842b815f8a30d34a36197d8c3264624162a2e704b367fa31df1469060baf5eeb2126c1272d20385df4fa40b22842237877ef3d7b2f09c0c462e247e38a7839c56b6bf79191267ab7efe6b46e37592c537b439ea27c6279dd31a8e44cd6a7468e061194a20db796f8098aac7969ab85506d61f6e1531e5dfd9602211
+** GENERATE (SECOND CALL):
+	V = bf01286807d599fc1049c95f01d9eab1d1b0b0a9154a2d8cb9d87a1c2cd3c9c801b60ed04d5f1f5740a3d23ccbdf06e7045588a067a05d8aa37f3494d63a14dc0ded4f41b399f659fe4d495525d2b7415b7a0a5c6cb45b38a53f9c623d01ff72fdc4a1eff9b744e4cd04a6dc064b53
+	C = f379d6c9d6a0080b1951a20fbfe9950cb39ddac7b5e6155a8716aba404f8c7424bb3b65e866b24b92ca3248b9043d4f3899e5371ea9ce79bc1c5197bcd270980476dde93f71c08b9548303738a2c42a5a67e7e01094b5d02db55495a25937e92ebadf4286dfaedcc4a66f7f467fc23
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 8f3f31bc61ccb4f15bfb50833ff301e1528d9b97208e2111d59f3ad389579434
+Nonce = c171f219c534a8ce6d52f6b56f3ed65b
+PersonalizationString = 3da1986ee350a9861bd224917db38127127cc978f8f9e7bc11b98dc7e4191c00
+** INSTANTIATE:
+	V = de26f77349868d8364937c2d18f6a05eeade00ed68fc50f2912a13f25e2295a78a2fad5c9502827fb1e83ef2dbc794f779fe2523b51e01ee5943a503421e279c8fc33b9440a31d74abf89a6352458c35ac1aaf3178f7d42eb365ac82ad1db62b1d4d69b527a5d97020d4638e24a1ee
+	C = 63a65ac3355d4213dd70b5ca9a4de87bce02af0e33434a4f9458b54cbd22ca6bb6ef846e31f17cea359b3fb2c3ca7597d5c9a22d94c32c07fa60eb4262c6f114977e9178d59f1c369806762f1c21c6434e646f724bb61413421e40c4a52e9057914e07ec23fa4846b536ebc2b5eb03
+	reseed counter = 1
+EntropyInputReseed = 33f6579b41ef8ece5b059c70ebc32c8b623a6c0d0c2d67bba0be8a57d8399594
+AdditionalInputReseed = 7a74c99c7c7c25af30311a8729bc295e1f37aadb62ee87f180ccf11862110703
+** RESEED:
+	V = b1f8f2d9d3a9e941132c85c937e8654b595bd6d100e2e4a722d156a58e8bbc52f2e0e2556f66887a924d12a7bae16ab090600ef29f7333df549ad5cdb90722ed2691af907503fbf0d839c3ef5abdbb6ffc367f867fdb8dcbd8fdbe4d69533880d8755084894b51b82317818d5361e3
+	C = 7960899836b1c5b76000c2139f96fff39ab0a58912bb33472f87bda60c32146fbaebe86388964b963c24da6b285b2d5bf384ba58aae92177ff250ab1affd550f8f856eb82f5916ffbfe08224c27daf15950dfe6f0fb9574388b762943a446b597594ea89e235ff6b33e20bfbc9344b
+	reseed counter = 1
+AdditionalInput = b1b6059c1949d0e7fb5665494c2e596f74ff897c741de64a2512460621b92658
+** GENERATE (FIRST CALL):
+	V = 2b597c720a5baef8732d47dcd77f653ef40c7c5a139e17ee5259144b9abdd0c2adcccab8f7fcd410ce71ed12e33c980c83e4c94b4a5c555753bfe07f690478aa7330ed37701ecf1876ea8277567a2ee82289b73f3250c7eb92d80d585bff547e304ecb2ce9218688a448ec47d9bcb2
+	C = 7960899836b1c5b76000c2139f96fff39ab0a58912bb33472f87bda60c32146fbaebe86388964b963c24da6b285b2d5bf384ba58aae92177ff250ab1affd550f8f856eb82f5916ffbfe08224c27daf15950dfe6f0fb9574388b762943a446b597594ea89e235ff6b33e20bfbc9344b
+	reseed counter = 2
+AdditionalInput = 209202ee2ff620d1c5e2f7f408b26a03a59c5c8dfb2d6856ef1f48a579656a7b
+ReturnedBits = 6f0f852a406eb79c91413a81d7c442ea4316f4b48ffcb07c3079460e24b70b8cf0e6d60e924cc2f4480a1531548a82d841bd93c918295cb814779296fe50e1a9a0095d8cf5942c149af2a2eb39927792509871e9954caa815d76856f607bd6c20775a272c8bd70bb9e453875bd98ae2890f0e443b1609bd496433fa755a9e97e78bb6bc6d237a4d08d14d15ade4966d55191cb983b1c56e1ac96e225bdc4f385cfb4b97ce71a37c255f309210da20e45bbe05f154969b5ee1a7192d88e6aba72
+** GENERATE (SECOND CALL):
+	V = a4ba060a410d74afd32e09f0771665328ebd21e326594b3581e0d1f1a6efe53268b8b31c80931fa70a96c77e0b97c568776983a3f54576cf52e4eb311901cea4f3b04f2907aa88d280754d30c81763ab635d7206ae431f84c9f0d78d168b0bcb08d91b5d8ff5f1bc064d230a163825
+	C = 7960899836b1c5b76000c2139f96fff39ab0a58912bb33472f87bda60c32146fbaebe86388964b963c24da6b285b2d5bf384ba58aae92177ff250ab1affd550f8f856eb82f5916ffbfe08224c27daf15950dfe6f0fb9574388b762943a446b597594ea89e235ff6b33e20bfbc9344b
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 636a5f0e244d80b8818de735904bf53f7e7a410d5c0e2161b23811596c28c765
+Nonce = b4a9f5494458feb1dedd8513506d6f4a
+PersonalizationString = 002cca42f8d06266ee4a203c3ce9b8ed3ffb8db975c1377eb3708e9bf711596f
+** INSTANTIATE:
+	V = 739b586e02d7739ab0317d2d9c9adddbd468b86d3bc08ce2108afc25da7083d5584d6e878f1c930b6aecda8e11fab08e02a3460f5ed43283886f0b27ab7fb23dbcc54b02a997d412d7e37bbd68c5820f0e111e34798934bb7b9073e514543c3c4f0a5d47004c9092e4d36d166dc698
+	C = 49ff932102af08b3433e5548769f7802cacdc40e5755406a9b719afc7d0a62d14687dc2538f417e97a079ebfaff6abd8095f561cac7034866619491ae3be8ab102a5d47fc917c5df3b3874da6b53d4210d3cca1466aff9c7673a7ec550fb6b82da809f9c1b4505bc3fd3b450d12b70
+	reseed counter = 1
+EntropyInputReseed = 94a8276f1d5ea640c08a3326b01339712b9377774f10a948d7927c2b27d40f1d
+AdditionalInputReseed = cf338301794bd25f3c391e2ab1f14573dcd3bb097470a85e0ae306a3d0317922
+** RESEED:
+	V = 871e20cceeafdd3fd0a89705b5ab32ad405b1e3f34cd78ad0c904c7e276dc9b30b7159e0e4a71aed245c7c63ed3786a862ae19bef455934604e1c6d6d10472deebe573bbfa1b3078196a2b94b77b71d64cf23283f28a6a0f4b223ff20c29bf8ebd2f4b29c4b4af992c1338202a89ed
+	C = ff2c3b4466210aac1790480cb1486857ef99a44d950e969718ad84b9744689c4ebce7d768015d2cea8e0cb38d075ae3ad6a37d44e039283f243b78b69995ae8b98706645a9d49bf053b70338ceb726384dfe469aa463a9697238b5b83f5eb3e8e0b1e7eb8ecf2c6bd03466ba19cd19
+	reseed counter = 1
+AdditionalInput = a2f876c54c16dd8084bec2729fcd3145daba987a53ceda798bfbb3e0e328cafd
+** GENERATE (FIRST CALL):
+	V = 864a5c1154d0e7ebe838df1266f39b052ff4c28cc9dc0f44253dd1379bb45377f73fd75764bcedbbcd3d479cbdad34e339519703d48ebb85291d3f8d6a9a2270399e072575848074a9e81def948879cccfd2b6618b0de36f4903fb3af377dc17d0ed5e9d387c53da2d9dd8907b2d00
+	C = ff2c3b4466210aac1790480cb1486857ef99a44d950e969718ad84b9744689c4ebce7d768015d2cea8e0cb38d075ae3ad6a37d44e039283f243b78b69995ae8b98706645a9d49bf053b70338ceb726384dfe469aa463a9697238b5b83f5eb3e8e0b1e7eb8ecf2c6bd03466ba19cd19
+	reseed counter = 2
+AdditionalInput = 238c2f3edad223d774b7f7aacd2cecdcd3de43510e3710911e85a7224d32060c
+ReturnedBits = 280ea2e313f3cebfd236c7a8710624b3c3c11b00c34774dba12cb41a4e9168852c97d0095942caf9b2b2441e2ed7892f09566836f89ea46b9bab85b9f3fafeeb512a8771be2c6957072cc4e3705a64da1d14d32e6c44c5446bb7603f5e364dd74bb6d157ccbc191621f249357619588041120e907f8711a1d1aba88a0865baf4f889f4fbe979553ff40add189a5c1027deca80e0cf0951594f4fadd3161745c414b6b6701fe7b66db578b79917f7c67de4d576bc1344d9627c2e3ea9019ed214
+** GENERATE (SECOND CALL):
+	V = 85769755baf1f297ffc9271f183c035d1f8e66da5eeaa5db3deb55f10ffadd3ce30e54cde4d2c08a761e12d58e22e31e0ff51448b4c7e3c44d58b844042fd258832360f925c554d85bb5f029a7f36de2140fc285bf556aa65945b4888bda240f7905c8d3cd8226314dfbeffc8e9e1c
+	C = ff2c3b4466210aac1790480cb1486857ef99a44d950e969718ad84b9744689c4ebce7d768015d2cea8e0cb38d075ae3ad6a37d44e039283f243b78b69995ae8b98706645a9d49bf053b70338ceb726384dfe469aa463a9697238b5b83f5eb3e8e0b1e7eb8ecf2c6bd03466ba19cd19
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7aa9dfca122793236de2ebd9c4fe8b85657e5c0ba151cd6954cc88ea8b65ca61
+Nonce = 47778b87de8ef52fc961d1635766b5fb
+PersonalizationString = ba6a8366e7cd2cfb9bfa7a50f1a0752d53bc818ba62377c93072f195bf7c14e4
+** INSTANTIATE:
+	V = cf92fb491435d6813c836ba3d1bde276e3588ed3f27c9919fba1bc74265b9dec920bfd605ed3b396f7d4be7cc0220a72e26201ae23ba2a85584fb5a3b39ac3313f6a19c25bbd2b4d13eb566aba4853bf9e7c73cd1c7266d17c49a86def6a7b3e6d20b3a6cc6efb869ad5a01852b991
+	C = 0e1f7ee02c4adddc69ff594da4100177c4ce72d4707af79224392282e7212dc3db68b6764d38c6e223a6e25ff0fa77ea4938205f26064628a1365b912e1766659e1c6bf352347068e120fe172601c164216f2a4d231316b3f4b969c0637031fba41f08ab068c5439b8de59e90db496
+	reseed counter = 1
+EntropyInputReseed = be5a4b2ebca0037a9bc2287c53b955a676f6152a2a8abb6e7d351746e963a714
+AdditionalInputReseed = 3f5eb0375d877f56bf4a200b6638328a30e3e05faace75a87d50823e439f2f3e
+** RESEED:
+	V = b89982f3dfc7238593336ce6c44f08b778c28e36b129c33c707e1e5f0a67f6297d9fecfa51e1ebac99c6c45607993750c6cc06624ea33e04d197df9b3f4fa74e8297f130cb71c2d8bbeeacfafbf9145c3525c0c245cc46622790b3166f87eae8818e80d1eec5236ac03a55c75f13df
+	C = 887ecce89f8385e918fe27782b98af230a4f78806ae7783d7ed17733f193429c5598c5228fdddb9f27f0a319ea20a7337416886288dc8634eaae7811c505a33249ad449f5239e8c6ce571fc4ffbb961f698d99e8cc67c6049911965f244d251132f0a869715c25e491a66430f73089
+	reseed counter = 1
+AdditionalInput = 1ae87e2d5a11f1439e5e722ddedc2f0ab86097e80b5a4fb5400c7ed16b4457c6
+** GENERATE (FIRST CALL):
+	V = 41184fdc7f4aa96eac31945eefe7b7da831206b71c113b79ef4f9592fbfb38c5d338b21ce1bfc74bc1b7676ff1b9de843ae28ec4d77fc439bc4657ad04554bfe2eebd9c39c36a39ea718d248bc9928563d08021783cfb488ce93c821f49f5c2b5a805bc8369c8888b65655a4f9e906
+	C = 887ecce89f8385e918fe27782b98af230a4f78806ae7783d7ed17733f193429c5598c5228fdddb9f27f0a319ea20a7337416886288dc8634eaae7811c505a33249ad449f5239e8c6ce571fc4ffbb961f698d99e8cc67c6049911965f244d251132f0a869715c25e491a66430f73089
+	reseed counter = 2
+AdditionalInput = bac5bbcfcc22d2d14c7243e93319ae32bcee15cc6f0beb9a8a39e08f39706d01
+ReturnedBits = 1fba482f9c1bd3f37b715adb2e3a720a39b97d3c27417fcde755ecdd5c3b48a93ecdf3058d4b8bb84c10182e65c98716658a91ba89e63c9101450e33e9a3386336906abc701618d73d53870f8a837cd60adc07b8be756d835eee15ea1c6e2a6fe7f05887def4b20d8ff368e0cc83f474a4d329cdea4ddfe79a2ccdceb12719092e1d6d397c362f18e49cbeba07f21d48a7f28ddcb7517140d98222e876f7a4b4b9325605742b1e05e4ae147b1012c0a282b2c21608df2bc006f9ff7f77f0ddc6
+** GENERATE (SECOND CALL):
+	V = c9971cc51ece2f57c52fbbd71b8066fd8d617f3786f8b3b76e210cc6ed8e7b6228d1773f719da2eae9a80a89dbda85b7aef91727605c4a6ea6f4cfbec95af00779f6d6a9481ba2f559adfa2d5932979267523d9eefdaf4d5afd477992274f8f490d63d7f0ea20b2858a249159d7002
+	C = 887ecce89f8385e918fe27782b98af230a4f78806ae7783d7ed17733f193429c5598c5228fdddb9f27f0a319ea20a7337416886288dc8634eaae7811c505a33249ad449f5239e8c6ce571fc4ffbb961f698d99e8cc67c6049911965f244d251132f0a869715c25e491a66430f73089
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 6dc70275e5a73d509acb50879af5c88db891b1004696b026f6a44e5bb3e538d7
+Nonce = 252b56149b90f7cce8f1a2755e09f455
+PersonalizationString = 6afad10734867d6cb603ac577d3d0b1edb9c320ffac1356cfc6d96e3b0fa5a69
+** INSTANTIATE:
+	V = de8ee741f8a44df3c38ffd26c6533e70f82c2a3f4b47180a5340ac6e11bee3d2e2a93dfce7eb015ee2825d3affd3afb4c30160710753157e28946ab1caef3848ebc8495438087add54a944b65ac3a0b4e052b2e55d8447271f555fc5a30b18ce8d071e12c66f726e65e2794d475fe9
+	C = adaddeeb104299e2d557771749ff7ba292ca3e8004751ef54b6e4fa33f388c97e5ff5065c20655a34c630b2818d8ef43b96bbd23dee0ee3487e2e185b82e17752ad082ecbfed67f502e06a7df87d4f3150a13f62e79f99b554a91ff7bbc80d9ad87811bb69d9c8b400c094589902ee
+	reseed counter = 1
+EntropyInputReseed = 94c1f0a7c439f05da20e687e2625c895a65bccc21efb338c06346cb891b1a50a
+AdditionalInputReseed = 7a27f7c3a99ba1d19f95c13a285b7d1b5464b42aa3ad4634764061c2210009d9
+** RESEED:
+	V = cd46e061d2ec510b49aabfaabadbd86bea3c826928ef25983c6417b184dc00332fd0ae189e6029a0b28b8b4b8392bd5ae696f52cc68cd454b6b2cc5f3149c79cfdecf31d334a391309ba1d1f1495529bf81a8e024e49a5c646b9b1db31c6299fe59d3cf4c3a4804d0e6ecc531a4a5f
+	C = 094ad3779710512f3cfce4c86ba98ca945a23271eb3c9fde8d0175223e829c46c7114c99ed39421543c4d4ff29ae1d44cbf4a6a38aa3f05bedf19c8dd52f8f5a79f911822ca75d00ab792cd350130d32464bf4ad98b902a446a2ada721495ab533210c2f185b5195fdb394d4981664
+	reseed counter = 1
+AdditionalInput = ee85551ace764ae0ac9396b8c90a0faafe16ec5c74241f09e64498c42c5625f0
+** GENERATE (FIRST CALL):
+	V = d691b3d969fca23a86a7a473268565152fdeb4db142bc576c9658cd3c35e9c79f6e1fab28b996bb5f650604aad40da9fb28b9bd05130c4b0a4a468ed06795806b9246a069ceabe8493bc35ecf301dd3b5eb2fc18d7177b53d5c6e74f9798f0d42564b80a4b166d5f64bfdb7f9158c4
+	C = 094ad3779710512f3cfce4c86ba98ca945a23271eb3c9fde8d0175223e829c46c7114c99ed39421543c4d4ff29ae1d44cbf4a6a38aa3f05bedf19c8dd52f8f5a79f911822ca75d00ab792cd350130d32464bf4ad98b902a446a2ada721495ab533210c2f185b5195fdb394d4981664
+	reseed counter = 2
+AdditionalInput = 7506d40f191048a9b4a6eb9bb1f9875863c98e82ba80f05dfc858bdec83c6fb3
+ReturnedBits = 76cd185d1dee33972c1828bb1d76f15e24d31b2f8469da442556bcb7959827ed6c85c3983c297d410b24498f1dcf13c57347563c9972efadb90c4e0f58b0693b9f06de3bf01c0fdf11c8f300667f9dfb284bd88cdfbd450a12724f82b967fe6b10024efa3b04b9779e74e31e73eb07f5bdeb0d276f4089b5c806821f1c71e40d293ebfa5ad2b34dc76c4a24ac814a07da34a369cbce7cc70c6f1b9186969021fe6ee80052bc8abb93b206a310e3716cbb5e2bf4fbd63a133fbadbb1a878c9ca1
+** GENERATE (SECOND CALL):
+	V = dfdc8751010cf369c3a4893b922ef1be7580e74cff686555566701f601e138c0bdf3474c78d2adcb3a153549d6eef7e47e804273dbd4b50c9296057adba8e906c12d935168534d5b8c755214ff15b10b13593440f741d3d56b854720391963e8ac8f9a0d60b5fca78d1bfe476bef49
+	C = 094ad3779710512f3cfce4c86ba98ca945a23271eb3c9fde8d0175223e829c46c7114c99ed39421543c4d4ff29ae1d44cbf4a6a38aa3f05bedf19c8dd52f8f5a79f911822ca75d00ab792cd350130d32464bf4ad98b902a446a2ada721495ab533210c2f185b5195fdb394d4981664
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 9f563b473448b1e5771fcc68598659d2ac71acad29df9f279e3a273181724fb5
+Nonce = 82de7f15432712213784842d8e148e8a
+PersonalizationString = d5992b094cca8b39c13d1e9d7e2c71106d003f85c7571ec665260d5471e600da
+** INSTANTIATE:
+	V = d7af8b3cd421a9585bb1dc3d6a69d2edd8a439835e719ab619bdb517720fe1dec707aedd06ab5902e8074b6ab2cd8e8daf9bf7a2f5dfe7ffa3b3453811a0d7b217c3207e692f052cec1affaa1e2201a7f5d35c0b6c9ff3a892a6fab73bf93c443a2ab7276442bcfa0a1a44cd1c31dd
+	C = 1dfdbfa8a751d9903c4ba09f418732462bf73faf662abf3cbd4be330129f6af2c35a0f3146991bc7cb20411cb7c415b5bebcc18948194ef541a6ea235f5a329c1fe0f381bfe2979bee61db3199411f92167f9ad53a346e439314d96874b32b17aade5a42ac20b563b2316eb193b7df
+	reseed counter = 1
+EntropyInputReseed = def8924a3c2a7e171ccddbe83c6b3662a281106ae0805dcabf2a07b200e80415
+AdditionalInputReseed = ce22dc0d50181523da1439a87967c7fcf2408ee066bcf40c31293ec90fe437ce
+** RESEED:
+	V = ea472fc1ee98d183c281b9554befa7acaff21c9b876948a3a734d24d0b55d911f743c0920185140ae2948eb532d502ea8ef6f27840b824064dc75821fa4e073c7080fc430598a673f11da37eed7eb77dc220e2de1601c7c1aecc0685cdcb8113eb559a978a1f0da9961e9686c99191
+	C = cec59553bf034c87db19b9d542c8009c2a1fadc6a1140fb7355d6c0c884cfc82ea801aab38b094705fc769e922a7fc19700ec0ad0ab032ad849ee30948ce04f19ef51e21e224e75cd3b0702f6b6dc5c7a6ac72f225fc590681ea017e070515859496b950d5583733d09fbe54526734
+	reseed counter = 1
+AdditionalInput = b3ca6a107cfc8bd305059109842324e4c36a1abacc857363636f398e72cf867c
+** GENERATE (FIRST CALL):
+	V = b90cc515ad9c1e0b9d9b732a8eb7a848da11ca62287d585adc923e5993a2d594e1c3db3d3a35a87b425bf89e557cff03ff05b3254b6856b3d2663b2b431c0cc479cd6f7acf9ab1be8a604111ec15106a7050e963c961ae781b2635e9eb5c96293f5a57ec45e79d5a8dabc027530f99
+	C = cec59553bf034c87db19b9d542c8009c2a1fadc6a1140fb7355d6c0c884cfc82ea801aab38b094705fc769e922a7fc19700ec0ad0ab032ad849ee30948ce04f19ef51e21e224e75cd3b0702f6b6dc5c7a6ac72f225fc590681ea017e070515859496b950d5583733d09fbe54526734
+	reseed counter = 2
+AdditionalInput = e5acc4d7e1dba248c00ee62f4cab534d917502799f4a5ac2af18941288390661
+ReturnedBits = 12c8a5056fb966db1d9321803fa6fc7cd9a708ddf6678e11a6bc9900156277e028878bdd5fb8745e5cb74b7de3751bb55233dc39ebb220154a745597cc22304c202bb8dee622e2674676d78f119e5b299656fb60608bd75187003ef479bf06c5e6af0168b1c8767090328978e1b1e438ddea7bce8e2f859dc38f62cd7df9f42dbfd9502ef4a5a94406189ed4d35446a7d1c7ba23f6c941a518bf2bcd4debaef1335d96e9ee69840ec5bd8560ab530ccfa509c1f9b26beef3be2ec8f646adc810
+** GENERATE (SECOND CALL):
+	V = 87d25a696c9f6a9378b52cffd17fa8e504317828c991681211efaa661befd217cc43f5e872e63ceba22362877824fb1d6f1473d25618896157051e348bea12fba44dc5f42d6e512cc26a4deeca64157cb5bd43442b45103f498f19221dc6dca7e87d6eb4b1323b963774384ce7f4dd
+	C = cec59553bf034c87db19b9d542c8009c2a1fadc6a1140fb7355d6c0c884cfc82ea801aab38b094705fc769e922a7fc19700ec0ad0ab032ad849ee30948ce04f19ef51e21e224e75cd3b0702f6b6dc5c7a6ac72f225fc590681ea017e070515859496b950d5583733d09fbe54526734
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = b3ca92d2bf64048e96490e01b7485c24790d83e812dc8a5d727c6dab21b3d95f
+Nonce = 7b4ac14730ee185bf33ed90d1315e144
+PersonalizationString = 051d6bdd4f4527c4cf375efd9892f986a3936164cc81fe7dcf87775a458f5936
+** INSTANTIATE:
+	V = d4f5b436f3ef29605097d2b23895e18fa3f313a6dd6725e3d531d0ec4835fde63541d3bafabd53fd7abd3ef999196e682c0f83867a5a8e003dd941bb7bce14bd1a926fd95404f82ffb5dbce6dda3c078e89149c5e298d553b71e68f8d058bcfab9b1feb6b178ae119ef44028f7e003
+	C = a65c475e198d177ef473f70a7aba3c564a9b98cb52becda18e9588c489505b529d76b4e5cf682176b902d4d407b010e910ddcc48c2e157a0d370a487ce41dd192b12c3dc50b8df0120521ee0c92d07e17ef67a3dd2f0c1be8213130747c148b9442286757e78bb68927b615439a6e0
+	reseed counter = 1
+EntropyInputReseed = 49f6beec788732a762f1803917c969404ee153ee5db81289499f93b1b3708f4c
+AdditionalInputReseed = 59a25cebf8ff95f0834cd9009ee3b20d431195bf2298fec826b6ff0fdb700d7b
+** RESEED:
+	V = 2ed6bc5bfe6b04a660ccaccbb1623e388940ce1785aaf2ba025f27deaf349f09f9107a6c65aefc3fa161599a5079614dd392ea200714ec40e541478370f068beaa8c14432c02393e28579adadf5c372f0530208bd046516279c719bfba3bb8204941d29fcc60f9025d812f08fd5dc0
+	C = 0ac79ce6b6064bd882a3a59872b06bd1283f7a87bb632520b7f101759e81a61f00da0d42e73e44937beb423ee4e1879c8c1b2d26e1ee1e001722d65388f1394bed6d13a5e6e0adfb6320fafacadd068d766d0ef81aea735f2da960d730439736cba834e09e92c27042054d586ab834
+	reseed counter = 1
+AdditionalInput = 10f62a2749ee8fc2e4d7b067f390cbf969b05a8be5de0f866c6d7f90e99545df
+** GENERATE (FIRST CALL):
+	V = 399e5942b471507ee37052642412aa09b180489f410e17daba5029544db64528f9ea87af4ced40d31d4c9bd9355ae8ea5fae1746e9030a40fc641dd6f9e1a34614088044385739bec4d181b0fb1efe5fa0e96c2b2db04d4abfebbf5a1b7fad73ea4d8e44e8363912205801deae1259
+	C = 0ac79ce6b6064bd882a3a59872b06bd1283f7a87bb632520b7f101759e81a61f00da0d42e73e44937beb423ee4e1879c8c1b2d26e1ee1e001722d65388f1394bed6d13a5e6e0adfb6320fafacadd068d766d0ef81aea735f2da960d730439736cba834e09e92c27042054d586ab834
+	reseed counter = 2
+AdditionalInput = decceb212452be23deb5c96ce6476a0ccf2bfb942967bc287aa51424c130514c
+ReturnedBits = 358c48ebaa7434a20880e014a793009c291cd2a5f570eba2f7eb3be44dd983a49046aa59945b7c04d3d37f312d329471887ea7eac33db9c72daa493c53939109c41189b93e63c29294dc65cd83cbbdf6adfc3eeaa748938560603bcc31f8c8d7a582a7d14fd2b2a98e7e34c4e82dab2fee9e5e17b84145e1fec785be261993146f8f03bd277d6c6646e2eed0ab7c6a9fedb3fe39781a42668bb397055c45f7258564295c280ca7df89971b1d67063d3251e1a75c2844b359ae85f8ca849ae3c7
+** GENERATE (SECOND CALL):
+	V = 4465f6296a779c576613f7fc96c315dad9bfc326fc713cfb72412ac9ec37eb47fac494f2342b85669937de181a3c7086ebc9446dcaf128411386f42a82d2dd8588dfc2e4ccd64f56a8ef4e889640b432324d33eac58f2ab800506a1ada854629324e87850714b34e4a0d9656f3d117
+	C = 0ac79ce6b6064bd882a3a59872b06bd1283f7a87bb632520b7f101759e81a61f00da0d42e73e44937beb423ee4e1879c8c1b2d26e1ee1e001722d65388f1394bed6d13a5e6e0adfb6320fafacadd068d766d0ef81aea735f2da960d730439736cba834e09e92c27042054d586ab834
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = f6501e8634912c63a8b44b1bc3f629a6de0ae37c900831f36be820842d091275
+Nonce = 90b402554f678b52f17457bd9721fd56
+PersonalizationString = da44c8ae746c1bdbae05b024ddaa3789756c4e40635949764c5e8e5223c7d863
+** INSTANTIATE:
+	V = ca9ffbc4a152768630788bc0923d75338439b7cd460ae4ed99bc3f70ae3b857edebdd45a040afa17d1f4ba42b750421471369731af37a02378a816c95f35c3796191f0684603b13573bded07563aa624bd725dfe596ee0ba5226af4e4c420b0f052558ec8b4d1b07518a0614f1c777
+	C = b997dd7017664fc8b6515774bdf609f297fa990e062a0bb8e2ab8869ddea6a2a3572ca3c894d130f760346868538294dd7a5f2fe87c66c2df584d9f1430b6fcfa991331c5b9aefb0c7d072ee2fae64965b0846aca3169a9d5b053835e81b46cc6e781b9cecad85504fd165dc2ec086
+	reseed counter = 1
+EntropyInputReseed = 05d46bfc1cd4e85f684604064da460ec821a20dfe1105f334608297056cddb12
+AdditionalInputReseed = ee9319baa9fb8cf7e19a65798e057776f9e6f105a5fa55f5cc6a3623698d36e0
+** RESEED:
+	V = b1744d0e63ca198450d84bc6893324ecd82fcb798ba57196cb4012cef47ef965f391d531feb7fdd047621ca1bddc7a599cb8f99a008d8f3ad477005a26df95ee9f1ec9a9a0058464231a739db4c341a5eca158173a6ed20cc4b0bc5d8fc46dfcf3a063a85ee7b7248ad6fbd3974ecc
+	C = b257a61cd31eae0e3aa5d625952c1b9829d1c566f90e7419df18e183f04f08452ef4e17a9c11355e5aa739ba5b5c2ee003ca2cdd4e2c7f9e30a38daaddd8faed169cd53f424ad09b8016c5e5b56eaa318b8b6222012bd13b7ea4809fbd3aca25db98cf006fae8e127c36b9d5c7ce7c
+	reseed counter = 1
+AdditionalInput = b0a091115e9ab0ccadd3a80243ad901edde4ddd364489b09375d999466ffac78
+** GENERATE (FIRST CALL):
+	V = 63cbf32b36e8c7928b7e21ec1e5f4085020190e084b3e5b0aa58f452e4ce01ab2286b6ac9ac9332ea209565c1938a939a08326774eba0ed9051a8e0504b891c022437caab62e439f9cd19d6ddbecc907d3abd823f4ca2c48942af252207ab39462e6782546661cdaa7db876d9a776f
+	C = b257a61cd31eae0e3aa5d625952c1b9829d1c566f90e7419df18e183f04f08452ef4e17a9c11355e5aa739ba5b5c2ee003ca2cdd4e2c7f9e30a38daaddd8faed169cd53f424ad09b8016c5e5b56eaa318b8b6222012bd13b7ea4809fbd3aca25db98cf006fae8e127c36b9d5c7ce7c
+	reseed counter = 2
+AdditionalInput = fbdb656e0a92648d4cdc6840124c20eaa0070878721e51c4e9a7e3d5e4de4e37
+ReturnedBits = ee3a6aae9f7ada18e9b4ae6b93b9724718774fa7cdb4954d555204bee96ac2105757ea71f431dd90b5c2e8a7b7dfc97b7422a350fcafcdfa33a8f2201921bda45a5e171ff5e1f6f55c0b3f2e1aa16224294728e71734da883727d9f4dd127c3df4fc465daf4267fec242f677644798d38ea007f41bf4cde6d0d43821657a0e8483645ef4b96e27db684f5658ce8918b80bb5d691984ac5695e0aafd5d3fbd087c621d7ff368a073abb0c9fcbe49de47bdf721bdf6d636f03d9a0d3bca98c42f7
+** GENERATE (SECOND CALL):
+	V = 162399480a0775a0c623f811b38b5c1d2bd356477dc259ca8971d5d6d51d09f0517b982736da688cfcb090167494d819a44d53549ce68e7735be1bafe2918e610b7f0c9fe124f5d6d1e34831b431df6f668840f09f1528e4eb0b91296cc0221055b1aea43275f89f1ec4ee91600de2
+	C = b257a61cd31eae0e3aa5d625952c1b9829d1c566f90e7419df18e183f04f08452ef4e17a9c11355e5aa739ba5b5c2ee003ca2cdd4e2c7f9e30a38daaddd8faed169cd53f424ad09b8016c5e5b56eaa318b8b6222012bd13b7ea4809fbd3aca25db98cf006fae8e127c36b9d5c7ce7c
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b91a02907a7f03bff31ecc80e375296186b6ffbb13c13e1713668348ce260620
+Nonce = 42c94945dbbaa518d2a77f458ac9204a
+PersonalizationString = 624b2009276d7e7c3fc6e68892467d4dba3b4b6ba33698422beec8f9c316a23b
+** INSTANTIATE:
+	V = e6b427844ef88fecb4afec262c6d5d08408b86a84d3a398ce763b4ce82d6ffb91ba423565952055b201e922fce0f5cbf58cc7b4ff9bba37fc24357545ea7348e7bdafce0d4675000731354ab1cd94e32c190b057072b4ccfda030e06c4c5519a11ed75e0fa8d0b4037bddc73715b0b
+	C = cf0127b52343e9ef83e90dad260388be52642c573f970af6d9f1933b52a31fbb33d899f5a5edd9283db9590b1f0e5f167e5d491f5a313463d1407c7b3d2efeebc3934b48cac96ba975738e67502e3d21971236880c226c43728a674d0c0b330ee0f3365b8bd60146f54fc38c632d6c
+	reseed counter = 1
+EntropyInputReseed = 6ad28ca4143a5ad24e95137c7f2afcb36d46ad47268946ac7d1d56c23b06168a
+AdditionalInputReseed = 095ea77f31e52db2cef7043bdf1107534c5d89d1bfcbdd475666f6327affe6ef
+** RESEED:
+	V = 028be646ca8155f2eaa331e080b6b575a24235499802676a098163d83d6db66e7affd67850b5f864d22a321319ae2ae914ecf9e0a5975525f209e9f18ab1f404c58f8ada5b73148e4c1b4de9e56264b04274073db39530bcafca95f8d9579979d5c4ee751f3502a6265933bf05cf31
+	C = 2e0046023e69c7b2b244d3b5f4bacc273cf93ff87a6d9c7bdbe663ad5bef4322a65ed0edba84b04e1d8bf8d75fe17c8302ce5286ebabb04e0345f698d2a101ecd3d8c98fb9a1ac1dc15f26a0e82a9a996e6709203d383f9331402f76dda2538bd0f699b2fa880770068faa46e437b6
+	reseed counter = 1
+AdditionalInput = a6e55f8365da6b7d6292e488c3031174ff91d563f3d9cf9ac52b70d0c05cccdd
+** GENERATE (FIRST CALL):
+	V = 308c2c4908eb1da59ce805967571819cdf3b7542127003e5e567c785995cf991215ea7660b3aa8b2efb62aea798fa76c17bb4c6791430573f54fe08a5d52f6f9c9546809dcca526d7f9c5eba5e17972a8aa0da6758ec311e2e0c9b7a20cde14c4215dd7f4686c46952e466dcc46d63
+	C = 2e0046023e69c7b2b244d3b5f4bacc273cf93ff87a6d9c7bdbe663ad5bef4322a65ed0edba84b04e1d8bf8d75fe17c8302ce5286ebabb04e0345f698d2a101ecd3d8c98fb9a1ac1dc15f26a0e82a9a996e6709203d383f9331402f76dda2538bd0f699b2fa880770068faa46e437b6
+	reseed counter = 2
+AdditionalInput = ded47b5440a0b6378ca94c85c795dd57a3cd3829fa0d7b5e5950dd93a2589498
+ReturnedBits = c7a42e4ae2bae922995408b2c9e9646cfc9da05122b49cba1319606fec2918cfcad2c76b70525634f7642492ba2f1aed418e2aabb2c17cbb7506b9a30385afbf95bb499903d6118aa12be7e67ff8301feae259b0529463b1c891c290d14c5324cc379f79bb1f5b1034079b4dd7cbabd696c1969f2b1a437d52107e14209e312e3925b2c5aaa8377735dc573fc460f502670d47cda77549d08725920f36d4d10e95a30729b0bc3471b0b26319a55b5c86009d87576146e6296b51775beec55547
+** GENERATE (SECOND CALL):
+	V = 5e8c724b4754e5584f2cd94c6a2c4dc41c34b53a8cdda061c14e2b32f54c3cb3c7bd7853c5bf59010d4223c1d97123ef1a899eee7ceeb5c1f895d7232ff3f98eb9d0b4ea036a9ab31e60a9d059d5081ccdff11d3f3fc7298fca4031742398841f6fd4544f8f709a38f300fd7468d6a
+	C = 2e0046023e69c7b2b244d3b5f4bacc273cf93ff87a6d9c7bdbe663ad5bef4322a65ed0edba84b04e1d8bf8d75fe17c8302ce5286ebabb04e0345f698d2a101ecd3d8c98fb9a1ac1dc15f26a0e82a9a996e6709203d383f9331402f76dda2538bd0f699b2fa880770068faa46e437b6
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 232e1bf5545c13fd207f37153117b66d4bfc5425d9d2b1b291b9c94fbf4f40ab
+Nonce = dba71b8ef0a942bf2c1616029572c7bf
+PersonalizationString = 11e0ec7e96d22d4db760d99f03671816e04ef8001d7873de8e8351be8e7bc39c
+** INSTANTIATE:
+	V = a7843664045322dca2b642a6592e09bea7c51473c7fbb6f8b453b402baa37cccefa31408665009f10f712bf09ec1247b6a7b80f875678114c3681104c97ab9e92183154909bff6f680927ae5cb8b081079bfd4863522919748b6aa29df1aee0a0f599d1171ead681e2f65bc26bdfa7
+	C = 31074612f0843d91f860dece53585dcd66498ea7a2bd250cf44d7d663892d584228304276e1403edc9e2de928cec2513fd4c842b715a85dbf09f660e553e97a7d92107d28448915f7965265d556f882d0f9bdf18f6d850e867c38071c4706e9c96321783da83d294bde0aa6e1407f9
+	reseed counter = 1
+EntropyInputReseed = 663fc6663d5281fdee1c6a643b28c1c87e9c2911da3cbfd17b687dc0615478e7
+AdditionalInputReseed = ff2d0789bf9b8d76317678a48fc2311843106aa1e6dd39387cb65dd895483926
+** RESEED:
+	V = 34bee73bafaeacec147a3c1116691d9c1cdd37b0276ad27ecc5348fd87778b4ebc71257a26b68024434eceb96b91c32f319fce6f80f121834b9f1adf95a8eb3048e1b2584823bbdacdfeb19ab119b60a87ab09dbb267a1e730d1f4fbbe188c0d8b16ce62a4b4eef6977319f72aae1a
+	C = fdfb4a7cc7a19072be6c139a9d2b4851d893a7cd8dee29cd39ca364d2e63187a83edd5a941f9ed740ef910114e1450da516e54a9aa47c62505218b9bf04dbcb205fdb0e7b5c07e90ed0fad48f93e0edcaf5531078f2d2207fe29ed2052c2a15bb218092f3adc01f13d45fa69d067b2
+	reseed counter = 1
+AdditionalInput = d27bcb5825e67ac560486a70ccde5a2e3b20d117781a425d25f992084deb313d
+** GENERATE (FIRST CALL):
+	V = 32ba31b877503d5ed2e64fabb39465edf570df7db558fc4c061d7f4ab5daa3c9405efb2368b06d985247decab9a61409830e23192b38e7a850c0a67b85f6a8ece4585ddc608544d6d0619039dc8d36aef0f7e4ac3ce861bf43df262b6333dc88c7dc502337e7cc1528d2bea306bea7
+	C = fdfb4a7cc7a19072be6c139a9d2b4851d893a7cd8dee29cd39ca364d2e63187a83edd5a941f9ed740ef910114e1450da516e54a9aa47c62505218b9bf04dbcb205fdb0e7b5c07e90ed0fad48f93e0edcaf5531078f2d2207fe29ed2052c2a15bb218092f3adc01f13d45fa69d067b2
+	reseed counter = 2
+AdditionalInput = be41025fd274a40c41bffa56a9df2ef72b0063a10993d56284a86f8e8e9f3c91
+ReturnedBits = fb9a465c99ddd6c3e1162ec7539b2662096397bd6274c1fb2fae9d24ddbe0d28d94b0d54dd9fdb8645cf3d3ad106f854fe7469672f467d518be172e80df0ac65b7c5c1150c04d25df762d243f7a60786ed817756cf58620dea09d89e726b37df7569f474d4a79ab56c82c6e6fc6ab1f3bc5468c7f30ebb7f133211e4ca9cc01de4285494e01fa4b8e925b59ea56f97f412603f6f07a102cbfe75e04ae8ad1d03ce49366912badb069266cc467b8f6805cb24ae185111282c6af24438a6f0714f
+** GENERATE (SECOND CALL):
+	V = 30b57c353ef1cdd19152634650bfae3fce04874b434726193fe7b597e43dbc43c44cd0ccaaaa5b0c6140eedc07ba64e3d47c77c2d580adcd55e2321776446659b86a40b9a33c1db868589352210126c6dd538586f6c67d96d86a0050a07eb8b80b1295d1dbcbfb5c33c793879aa339
+	C = fdfb4a7cc7a19072be6c139a9d2b4851d893a7cd8dee29cd39ca364d2e63187a83edd5a941f9ed740ef910114e1450da516e54a9aa47c62505218b9bf04dbcb205fdb0e7b5c07e90ed0fad48f93e0edcaf5531078f2d2207fe29ed2052c2a15bb218092f3adc01f13d45fa69d067b2
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 045c359307e388fb7f046ef9286e5b03f019ba0c3aabc416f5bed4b76e711795
+Nonce = d41af5836f28fe922f73271694e57fd5
+PersonalizationString = 1b5ec47e5f4e30ae087afb0409508729ade418825e6ced6a5c90f88ff29c40e0
+** INSTANTIATE:
+	V = 52cce4dcdca1de86ec6c6f9d14c14e6041a90809189264417d56bc677571eab4254e06ecaf14e72fe6b350258cab170d95954d197c73eb7b53c4ac0bea6c7ad2853dbb5dcf04eddb4e452747347c13a0e183e142f6b3b71cd7b7d762d3276b25ee2b9469a1d32bcc25fe22351633f4
+	C = 0bb3ba58de53d25f0d96c298736f725a1baab1c0a510dff9e905675a02804f89e6c8d8cea64b54fa3fe363dc210fa9e08d715957efcd27e5115bb4e364fdcf57e65e5651d88623e387690951f93366387d5f93c222b3d581974819216802600481784efd668b1f377aa14d2fab1777
+	reseed counter = 1
+EntropyInputReseed = afc0071e4ccfe6c3039b9258d9eed5bd98b3e0a7a7d0f4c60e64b255716750f9
+AdditionalInputReseed = c814475f77336df248f20ab7e1b5540293d645d478dacf1c64676de2187c9731
+** RESEED:
+	V = 6495a08fb3a30e1d982c969fd8ccd7bd930eb8066d50af7fc9f1d0ebc0e24e538fc2e59a66b6b5a0a5642d23db9ca32faa8802e022422560644393a82fc90700f6c45c817b793dcc69cd5c6c266435aa1debb52e3b5bd1777c31e66d2c0ffa78679fc7b6f5793c3680387bf910cc18
+	C = b35dff27eb4de003a8e46d127928ed707b7815058d8cb8c9fc22f82a79c3e27557b42dd9022e736532b782040f34862b952687c792d8cd8469bd7ccf969c1e5c6a926fdb9d0785c082ffc28f81f9c3cb65f2ab7a05df3657c9b22a311953273d53dcbd883d2b3846071e67ca28e409
+	reseed counter = 1
+AdditionalInput = 139e20e8e383cea63669bf2cca6b43d76f1133df8fef9821a5e402d3fc3b8a66
+** GENERATE (FIRST CALL):
+	V = 17f39fb79ef0ee21411103b251f5c52e0e86cd0bfadd6849c614c9163aa630c8e777137368e52905d81baf27ead1295b3fae8aa7b51af2e4ce011077c665269cf5492c09d47776e99fe88520d421f076f1d100160f2a38a903677d95849ada5b4214782ba6b73808cea1ec32d0aa5d
+	C = b35dff27eb4de003a8e46d127928ed707b7815058d8cb8c9fc22f82a79c3e27557b42dd9022e736532b782040f34862b952687c792d8cd8469bd7ccf969c1e5c6a926fdb9d0785c082ffc28f81f9c3cb65f2ab7a05df3657c9b22a311953273d53dcbd883d2b3846071e67ca28e409
+	reseed counter = 2
+AdditionalInput = 8abdb9c0f1df932c7c28786727c4a263a3676d1865f3ea61dd68bcffa46aaa24
+ReturnedBits = 1ecf3495285807b58d4f7baf59c184766ef65cbe6825c5749f45cf05db9b2ef0a712a85542f5e8bcc08a29d114ff65a59ff91816b361d1f5a982192f59a47451bb5b5bddca565f3ca924ec4178bf0dc9ce78de1f3f3e421ca7a70b5aca971135635649f3b757e3c20177ca7eca6ca3d09ff079c953ee09693a9a9ce3a9a3822477b0d13d78f031ee67b385d8d6be07df713da8ed5b8c4cf164146899f71d16d32bcd2227f9c7883f9e45d1396da0ec77b31853b215d0a04047ced0599ca9c071
+** GENERATE (SECOND CALL):
+	V = cb519edf8a3ece24e9f570c4cb1eb29e89fee211886a2113c237c140b46a133e3f2b414c6b139c6b0ad3312bfa05af86d4d5126f47f3c06937be8d475d0146112e72bd122f992a7875475d2176705d12dd1dd754ce7cb2c31f5b430b6b85f771edd9c327208405a5a32b809ae4c234
+	C = b35dff27eb4de003a8e46d127928ed707b7815058d8cb8c9fc22f82a79c3e27557b42dd9022e736532b782040f34862b952687c792d8cd8469bd7ccf969c1e5c6a926fdb9d0785c082ffc28f81f9c3cb65f2ab7a05df3657c9b22a311953273d53dcbd883d2b3846071e67ca28e409
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = a1be78509676117f73f1a8100c34efa25fe01acafb39bcdb2cf3b9733d33c9cd
+Nonce = 8a1e2cb0ebb5131b950f6cb789401924
+PersonalizationString = 626e3c96e0ab4424ec95e71141db524b4f762a11cd0f4a6625a23f7caf1a478b
+** INSTANTIATE:
+	V = 8871c52dea7b5ea7e466c2304e018f8245dbfb105fb0cf48e0babda138cd51648c55a03320d498a1e7f70cc8a598c2f75e3747938c8e53db7634d1183883e81878a4b89f74e0e320d4f0d56616ac8f2f68da80eb377625606ffa08bda325c62a91c30d7c1cee785d7878a181221706
+	C = 3841adc9f981e64b50bed677bf093026ae3386032dbfde8d351d87b40a62c528f54bf622051beca76b447a72919c31be353fd20f1576802d2bec956fb09644503e2052ce05f1ebbe11fd60df59e58aa6820e37d557bbeba55e03b16f563a1a14156dc19a907310083123bdfeda4bb4
+	reseed counter = 1
+EntropyInputReseed = 70946a0b37b368c2218769c5d43786c56f7c7055dd846f6c29b6c31e7547200a
+AdditionalInputReseed = b2c97a8161ea655851d050dba3e9f8bc3cfa55446f2e758f9cf3b34ce8f31e2d
+** RESEED:
+	V = c35f4bbdd7506abd0f14a904f1cdf7bea0428664b023e052df016e9006447d714ac4880a913faf696151a80ea8a0b4fc5f646900a807f4df00200b2388665ebdb7e759e8c25bfda84acaefcdc8e1220b165a4cc63f578999428a16071b4c66e05b42e79dac433b69a08d21cc28e2b7
+	C = 8ff99cb25083845585cdfbe494150aa3024cf9f35035cacd443df0eb99c1fb1d6dd22695a482b35e59742e45462a1e48d048a1aa4f57977a9ed88fd4e018d1213eb827095e2ced4142658b8c33b7e89631fa46768bc529516eb10ece595ea39c6e5d54066bb77d5c5c840439d9bf0d
+	reseed counter = 1
+AdditionalInput = 748c53acb9bae2bdd10ebddcfb41be9fabc08098efe1f10e2e7da5c9dbc5a6aa
+** GENERATE (FIRST CALL):
+	V = 5358e87027d3ef1294e2a4e985e30261a28f80580059ab20233f5f7ba006788eb896aea035c262c7bac5d653eecad3452fad0aaaf75f8c599ef89af8687f314b27832c545417023c43208ee550b06a08bfb82e31127498bde77c093ff6a99c8b7aebf9eb8713e9ba20f8dcf393edc8
+	C = 8ff99cb25083845585cdfbe494150aa3024cf9f35035cacd443df0eb99c1fb1d6dd22695a482b35e59742e45462a1e48d048a1aa4f57977a9ed88fd4e018d1213eb827095e2ced4142658b8c33b7e89631fa46768bc529516eb10ece595ea39c6e5d54066bb77d5c5c840439d9bf0d
+	reseed counter = 2
+AdditionalInput = 10165552d8d7220aa8b7db1f761f9d8b4be43643b5c8161b4a87c6a9d9981f5b
+ReturnedBits = aa81ef460fcc273f6eed4756982783dad0f4fdba573ece6ece48bc0120a4c088af8e15e35cf045ed01381a8a95de2fc3fce99fee85b7076274a8779828fa3ae34033a3e5be39021dce764c4eb2637e50b975fadd542830515bba34cbcaef07414a7b1ae2ede1e879ab3903fef13e9102f3fbee728fa56d885656b930572bb43f5082c24d9f65d3ddbbf664fdfe6596e11540208eac913259b7723a112f531aa0c734643489c88cf0903459537b36541ee82c3dc003d35de6bdb45b0cc03143bc
+** GENERATE (SECOND CALL):
+	V = e3528522785773681ab0a0ce19f80d04a4dc7a4b508f75ed677d506739c873ac2668d535da451626143a049934f4f18dfff5ac5546b723d43dd12acd4898039f9af5912a3967e602ee2c0742a246c90b3b0705d94245876be9f85cda8148fde0ee21b29ebaef8bdd1ed77600a28a5d
+	C = 8ff99cb25083845585cdfbe494150aa3024cf9f35035cacd443df0eb99c1fb1d6dd22695a482b35e59742e45462a1e48d048a1aa4f57977a9ed88fd4e018d1213eb827095e2ced4142658b8c33b7e89631fa46768bc529516eb10ece595ea39c6e5d54066bb77d5c5c840439d9bf0d
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = b610de6f6e1502bb57738697f1a6927d456c28272a203b20bbf82d833f6e02af
+Nonce = a9c303a9753df483874c32e2cbbe3417
+PersonalizationString = 3a207dbef6daa52526b6f2f3a069ab99e3f1c0abd500b1103d3b0d5b1083c774
+** INSTANTIATE:
+	V = 154ef8646a6f90e0e85bd168b2e903a0a4eabd8b68c4b22cc22b32b111d32d06d6494ccd0ca91382145099d89f098a6fe95ab06e77e4448c15ea1fe736790dd9feb03e32d50a366c5a64dcd01849a64f849029015fd83761589da2b6a344ac7f91171d036c59df0df5f5bbc04f1132
+	C = f2af44cc423b6b6915533c7c04a5ddf387797175c1a2ec2917aa73b4bdf165af81a6b7e76b41fd22db0e59c9891e421ac89d653b42e071c335d70920618d8e27fdbc2623268ea38d5669251fb00fdc5e629a5a9ee1942518f0cb7f823ad5bdb80516c50371112544c74efc19c72c88
+	reseed counter = 1
+EntropyInputReseed = c35db3a67e03cd4c489eb8fd075a2089bc76d7182591c781f981fdc5ca466be9
+AdditionalInputReseed = 18bb96858a10ce7bbb824b5d84ecc6776d3e458db18e8e3fcef429b3373abf96
+** RESEED:
+	V = 5882ace41aae5bf74d34e6a30599290bb36078c6da09878cf036c53e2628e18e1cf9a83c2f25d8a120f9032f950191fd6e7410c705878ae1748d0bc59ec388eaa46f2d62047f7967a184a745f061250635e6deca5ad01a9731a41c79a0cdc10aaad9aa710e542e205cb23850f95dae
+	C = 9a3e5fc6744acb0ba77767a7b03f6ffb65b9a73b12a0153e277b53bd48f816d3c78bc7d6e36f65a3275b6accb31c737c22eb99e238dc7101c7bdb70a34b3aac624396b53686251aee68d915c10e4a8c07fc51cf76421af6e63ea8c3b62bfe533c49ed14a2866c01d937ca585738130
+	reseed counter = 1
+AdditionalInput = b06dea5af511b49e30d0bebc49c0015083e574519d28b8fa91ddf80e592a3c61
+** GENERATE (FIRST CALL):
+	V = f2c10caa8ef92702f4ac4e4ab5d89907191a2001eca99ccb17b218fb6f20f861e485701312953e4448546dfc481e0579915faaa93e63fbe33c4ac2cfd3773453db93963a0cfd0550b84378cb58804255ea97de1caa14cc341154dca0e90c61cddb640709d10a9f0e7ab247a7835e25
+	C = 9a3e5fc6744acb0ba77767a7b03f6ffb65b9a73b12a0153e277b53bd48f816d3c78bc7d6e36f65a3275b6accb31c737c22eb99e238dc7101c7bdb70a34b3aac624396b53686251aee68d915c10e4a8c07fc51cf76421af6e63ea8c3b62bfe533c49ed14a2866c01d937ca585738130
+	reseed counter = 2
+AdditionalInput = 9452d807777239ee41a7b72845eecced4c4d40468f51a9d3a17e346c9f87c55a
+ReturnedBits = 2bcc2f47b559e87f703204e0cf612bddb45cdab51b3b0e0c40d7cabd499a0d07ccbba89c4c0ef3d32bc0da03fb2a78fa13f6f98994c59291f152b72a2df5822333bb7efbc152280f817a8106efabc59aa5a1b2b9df1e90b5aa2c9bdbf63fc84b121223c45cb53296699c30eea48b7ddbdb81ea758d8ec1b7fcfaeb912c73cbe388a1b5a758b37d29b74a11468b04ce9b1ca11268baa27a26d809df3988383d9923390bfe414e29dfc3c0c63da3608905de0428a55d5f939af2e98ea379562881
+** GENERATE (SECOND CALL):
+	V = 8cff6c710343f20e9c23b5f2661809027ed3c73cff49b2093f2d6cb8b8190f35ac1137e9f604a3e76fafd8c8fb3a78f5b44b448b77406ce5040879da082ae003e99a47fef045cea2db1628f3a0cedd32b122790e35799e0a9eee8252e5f42abbf7c4feb6f5a0eeaf745c41f0d1b417
+	C = 9a3e5fc6744acb0ba77767a7b03f6ffb65b9a73b12a0153e277b53bd48f816d3c78bc7d6e36f65a3275b6accb31c737c22eb99e238dc7101c7bdb70a34b3aac624396b53686251aee68d915c10e4a8c07fc51cf76421af6e63ea8c3b62bfe533c49ed14a2866c01d937ca585738130
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = ab3d8163871b68221c4155e985b3b910c6c93c9d0c50cd9b86ff41f2e4823a2f
+Nonce = c683822011529215473a41582069ff93
+PersonalizationString = 
+** INSTANTIATE:
+	V = fbb6e52b335cd673f778816a4d6e32a72381f10d091c2295dae794af4fb1dafbd8451a2119daea86358753ad96e6ce81e7260029d96f9d40ae5bff96adab2a20a47f22d6155f3c25f6c285380b93806db42da0ecac7f3e660292a944ccc4c6ec2d50eabb3651b1dd7a39cc3b7e7d54
+	C = 84b051298cbd0c3aee094be8dc265fe496fb7065b48aca1b1e8648d4a295bf40c4c1696a718be85aba2faed4167218d7b7c806abf78f96eef6b6ce319205567c3e4e496826e61cd601ab5be8b8e05c908db9439dde7db7a41403e7b0eac1858f50e337b20ec0de67e0af3d4a12ffc0
+	reseed counter = 1
+EntropyInputReseed = 243b9438be5b3c46c7becfd1ae4bc6b5c4f18b367faa09e6105ab170eb86fdf7
+AdditionalInputReseed = 
+** RESEED:
+	V = 8ab17dfacb5aef39701d09ba436d5ca668c2417d0ba1b46781dac7f72765c993f7686d72aa89dddf9f4789e616e903a7bf6b4ee6e660ae5aa6c1991e450d4cccb5b27cfd2322192f834b5f40aba992ff153116afce76c6621488bc7546798843d7a787e8ec31f19f264c90a719ecd3
+	C = cbb3ec04ed0ea5406fd263268e59c57b536fc43bc4e433a198e7ce86de8f2162f7712ef09023b20d1b6bf3ad3a973abcc0bccf91ec1481238d3f9f985303b9f027d0b21e881d2c519f9f68b7a1de973a85b544f1a6640c57d4b0c8185d441e7b99f3229e605fe320adfb2791641947
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 566569ffb8699479dfef6ce0d1c72221bc3205b8d085e8091ac2967e05f4eaf6eed99c633aad8fecbab37d9351803e6480281e78d2752f7e340138b6981106d8a508cdeac02d206137bb71a884224cff355e09a07bb7e2f231620a769a52fa28a295eb7048b54c9aaffd7f67886018
+	C = cbb3ec04ed0ea5406fd263268e59c57b536fc43bc4e433a198e7ce86de8f2162f7712ef09023b20d1b6bf3ad3a973abcc0bccf91ec1481238d3f9f985303b9f027d0b21e881d2c519f9f68b7a1de973a85b544f1a6640c57d4b0c8185d441e7b99f3229e605fe320adfb2791641947
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ee1f37b9f91d7a9758eb74cef2737a4030b2834ad23bd61bb7404339c764e13adc946a511ef967fc886026f1aee01443dea433e762943384c269f0fc280c9a925751ada1e96211b80be0f3b99b7efd74eaf7b7f021b4fd9a68c166c02a21b8b15fb4469c108a697aa125cda2f274cdb77cd0b4d39078a58f32d3aeb821262ea177dd7af81da5ebc2c3b716a1688bff4ac16d7997d7abfa6ef3095f76ecf272de5efe167c4db08dd3c5d8390c5aab348e8caf136cd1953a0123dcbf9915fab300
+** GENERATE (SECOND CALL):
+	V = 22195604a57839ba4fc1d0076020e79d0fa1c9f4956a1baab3aa6504e4840c59e64acb53cad141f9d61f71408c17792140e4ee0abe89b0a1c140d84eeb14c1a2f7707f6cfb9a0a292c9443b42639be01a9ba341f9316f3c5ce3f699eccc8be8dcd37910a5d4a7d1949144857d320f4
+	C = cbb3ec04ed0ea5406fd263268e59c57b536fc43bc4e433a198e7ce86de8f2162f7712ef09023b20d1b6bf3ad3a973abcc0bccf91ec1481238d3f9f985303b9f027d0b21e881d2c519f9f68b7a1de973a85b544f1a6640c57d4b0c8185d441e7b99f3229e605fe320adfb2791641947
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 15b1d7bd80a10dac21dbacb9f0640e077cf4c6cbe4776f071f3c70f9c0e73f64
+Nonce = 425bb11fe75ac98d8d20ebb2d0d69ef5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0d532331c983e12abfa1cdacb17cefd64ddbbde6700e60b104470998de8169d22bf031e2b8c22b0340396e91c7cec667d7fad3d52ebaa52558fc481f7d8171494a22439beb3210787b3527b428302e4080359510a7a24544e2ea520583c9d0c4e1f81d3f91fc93ccaa4b616d2885e1
+	C = 32870990c0170211a52ceaae9b139984fdd476f584517a690ab46f998550edefee3c76ec8d318933c2988afc39ccabcb40d7b167349da72ba9936e162030982ae1afb8dc8477d10046c89a4b39944e33cbf6e5b191fee3c89ffcd3445ff0ac74d25bd23f3689280ca4a245a9f68d9b
+	reseed counter = 1
+EntropyInputReseed = bc0aac35731dcd624d9b45d23cb0428f9b447ae3723001ca794e139dab593b66
+AdditionalInputReseed = 
+** RESEED:
+	V = 89d86b42f3e69ee36c7c6b4c2d7cdc939e9b600190ace9b731e8d7775b6d945e3d8bf434d19e2ededdc00ee8fd899e6a487421b4a214b46699635a19b8b284318a213c50aac59702f255e0696922ce0170ec551f810742066222a35bc42b3be65f3dd97c931d8522f5efc8dcd4d915
+	C = 08994e61caa5da051bb008fe7062e5fb5082fa640d1a238da5a779b50e682510890c3149e320ce0f2a219583c89052ebedaf482299c283806487a4052951b9ad1a228e493138849edf2584d6134a434574c115521f25dc7d1866109785883bc1875f15340e5c23a8ae6b89fd9988ad
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9271b9a4be8c78e8882c744a9ddfc28eef1e5a659dc70d44d790512c69d5b96ec698257eb4befcee07e1a46cc619f156362369d73bd737e6fdeafe1ee2043e48e9f5cbaf9b5b3164f850c764ea72b58df0f44147458add8c2bd5d9e94f8b5ca4e96fd53eaafd20b845f5f042c89fe1
+	C = 08994e61caa5da051bb008fe7062e5fb5082fa640d1a238da5a779b50e682510890c3149e320ce0f2a219583c89052ebedaf482299c283806487a4052951b9ad1a228e493138849edf2584d6134a434574c115521f25dc7d1866109785883bc1875f15340e5c23a8ae6b89fd9988ad
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3107eb3851ab842fe68b86ed7fae779a1365cf312c73754a4807c82d4ac79b80e5033709eefa9a748ba42d22d98b84d7b3ef6e357c2b9322dd84d2a8974f1a21ed863ef8295a992dfac4663f58bd273680663f7ec8f886ef6365b17fec8a3da20c3364d4554662244f190452e7f7fa93615d13e7544cdf6c5ca5dfb2fc53349ec1752c052aaed9490f4fef6f96627af4f84a97df763301142326dd154d848c461ec1eb65bbda7f9da55edb8e4a65deac3340907a82f773e09ec1b0d74a3d1716
+** GENERATE (SECOND CALL):
+	V = 9b0b0806893252eda3dc7d490e42a88a3fa154c9aae130d27d37cae1783dde7f4fa456c897dfcafd320339f08eaa444223d2b1f9d599bb676272a2240b55f8810833195335a2738d3170109da388b10f73800b545a9de5d07ba4b9ecf274cfc43563e9d85f2d3341d9680a560221c0
+	C = 08994e61caa5da051bb008fe7062e5fb5082fa640d1a238da5a779b50e682510890c3149e320ce0f2a219583c89052ebedaf482299c283806487a4052951b9ad1a228e493138849edf2584d6134a434574c115521f25dc7d1866109785883bc1875f15340e5c23a8ae6b89fd9988ad
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 98724e73a444a784718d46c65d1acc69e3e8d36ef37199ddf62b3e67cbad9b1d
+Nonce = 068bdc84c45f0ce27ef1e5f321806466
+PersonalizationString = 
+** INSTANTIATE:
+	V = f05ebee18de7770b4fa7afe4104d147813018d6f3c5733d185eb138b200259c77b5b9ddd9d41218c6a2fde5c5f96b4073d42bfc852fe1ebaf9d128a1d5990f91b2fff1947177784aa79dcc39e0c8f657b2eb183a9b2446588972a6e991f444042c23bb2fae248982475b302d26d403
+	C = 7ab64d83e0b7a9182f0a139b83c1f19d86c2fd26cef6614671d5d4cca87ef34317e03f5094073edd5eb153e3d985bd96f6a9760b877fb0c64330dbd3a0d41dbcfbdef2b51d376fd86ff815a843e11f4b2aae56ddb9448ce997b3ce0ed92ad3ce3ac1c334f98152b68bb38d312aa767
+	reseed counter = 1
+EntropyInputReseed = 9ed202e0f270239d75f867420fff3a1df07a4b577d5cb5702bf5c65b067cd33e
+AdditionalInputReseed = 
+** RESEED:
+	V = 22e90b78b4a5f27ecce8eacb94b2940317e02a0d27e859da906c6cb38df9a313e42b473cdf0fd34c19cb2bd24b434ffb4f84b21a13b3d691e24de64846afe30656a5386193cde054a0d0287fb778689504d771e2e550585ed7b2c2d8ca8666564c53b86a48c2d1185e442cc919f0ba
+	C = 01e448266ecfaf6ac13a3e5cb597a995a3cdb599c8e1198f09f3f439050604896cc7fb1382a226fae1bca8b97030eb4f3bcc57ec266621154e7177266d7129ddf59806547712028bfa73adf3de1d637901dfdd4d570d0ba49f6d36aecb2a42326fa698a76bddf53ea7e6485a06859c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 24cd539f2375a1e98e2329284a4a3d98bbaddfa6f0c973699a6060ec92ffa79d50f3425061b1fa46fb87d48bbb743b4a8b510a063a19f7a730bf5d6eb4210db731d84ab7d2103c61cc3255af9a6cfcd84d3cc1065916231b87cb8f84535d9a85f09b77e97a2f6446c9fcdb4839d396
+	C = 01e448266ecfaf6ac13a3e5cb597a995a3cdb599c8e1198f09f3f439050604896cc7fb1382a226fae1bca8b97030eb4f3bcc57ec266621154e7177266d7129ddf59806547712028bfa73adf3de1d637901dfdd4d570d0ba49f6d36aecb2a42326fa698a76bddf53ea7e6485a06859c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a22b017e918b30d2856c2682bb82d984a2f69168c05fa9b8bbaba58fac7adfa3b3b4229a12c64f3e7a8c87ca0afbae24487ea294b87046c071cd0ca6d683f6931bc30c6bf33833d18f5bf9c3594ebc4c8bdd439c8347106422bc3edf3d28a44190635de5ef48970b8dec15e14821c6e29188ec116c4fd0b637eb259619b13419d4482cbc2f3d830f3454fa109660d22067ee0f15daaeeac48a107be1149c75ea50d38e18d027cd38fba3a50c28956fdc80c8a5d9e9d08132d75539418a3e90a5
+** GENERATE (SECOND CALL):
+	V = 26b19bc5924551544f5d6784ffe1e72e5f7b9540b9aa8cf8a45455259805ac26bdbb3d63e4542141dd447d452ba52699c71d61f2608018bc7f30d495219237c9c800b891063658231fd918f938018fd6e0abc0f51fd2ed02b7573c95b5ea0d57cdf7c34dce5304acb128c571166dea
+	C = 01e448266ecfaf6ac13a3e5cb597a995a3cdb599c8e1198f09f3f439050604896cc7fb1382a226fae1bca8b97030eb4f3bcc57ec266621154e7177266d7129ddf59806547712028bfa73adf3de1d637901dfdd4d570d0ba49f6d36aecb2a42326fa698a76bddf53ea7e6485a06859c
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = e95097c235ece37488580696df624d04690f4124bb20c78480a24061125f0caf
+Nonce = 31068dbe4458086300d2394c785857f7
+PersonalizationString = 
+** INSTANTIATE:
+	V = cfb4f970a36871ff158b3dc639417bb0999ae1dd0d2efe6fc972c742dddc5d0974fde1ad0c1162a9886d5a33de365df3f2d193e80f4cf5be48f6c3cabac27fbfbb1a0f809c7ec56e9cfeccf4fbc7f305481361e11ce96ff74214c04cc3ccec82e408909d7ebf17443cd3c5794bf8c0
+	C = 69e1c2dde891b03b0fc953302aa5eab0a4b097912fc3dba30081682a78396ca5917ebf76c83f346ee43dee2e057d99581854db91f2da2aa49178a23aa594a82e076cae9e23d60258fca2312bdc370569d564c260edb790414c66a9823768b9b3d57061b60866fe816aefc32164cab3
+	reseed counter = 1
+EntropyInputReseed = e54ee3502ab5faf6c88a1691d37322897e65d252a375777ac092179e8400c1bc
+AdditionalInputReseed = 
+** RESEED:
+	V = 25e4222ad9f22ce936acbcedb354b8e19ab76704b1aed49d79ef8cf704d655d2487150bf10f664709e2f70e85598c2ee162502b11306e90f330427b80c98497953c415be4f767afd6320ef26efbe374dae3125caaccdf4dadc196bec5021a457138829e9bb9c5ae79e6cdf821f67a4
+	C = 0c42549a50337200518be4ed53338cb6466b0d549104720f28486c32f3ce2f35508a4cf2ea9c5fc07467ccaafcc99093038ca3a0e4e6da52c48e35577746dd5d64d9d30db2fa0572769565c2798018b779f815d4315481ba21a9c7827393952858b4218f4d158e7202aa95c294f67e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 322676c52a259ee98838a1db06884597e122745942b346aca237f929f8a4850798fb9db1fb92c43112973d935262538119b1a651f7edc361f7925d0f83df27c0bfd8de70afddd8cdd4e671c44cfa040a768525377896ebd1e073e85b64fdcbc92bd736aa97576c8a6ac28bac9cdd6b
+	C = 0c42549a50337200518be4ed53338cb6466b0d549104720f28486c32f3ce2f35508a4cf2ea9c5fc07467ccaafcc99093038ca3a0e4e6da52c48e35577746dd5d64d9d30db2fa0572769565c2798018b779f815d4315481ba21a9c7827393952858b4218f4d158e7202aa95c294f67e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4f26d14e8a1a7ee72677ae42f65b1dba0d325f07563787f2ce0785f911baa14d474d05f7d5a97bb4b2932f887361e369368ce111665e5bc5a4cfb2f210057fb54dd785f16e6b989a8dce4ffea508cc56f00fa1685223fbfd59955a2f73efcc298a313bc5e5072047cd0457d9ed7470f084aba7efa3e7af8d7beefe68f4f85336664456a2dec8d7d1b7db1c7e7c0b8c46761ea2f6257469c5e5135f7109485fdf22a24c2dee3821133d0a7335a86c67ee06cc0c449599fc7f60e7d9dd17356983
+** GENERATE (SECOND CALL):
+	V = 3e68cb5f7a5910e9d9c486c859bbd24e278d81add3b7b8bbca80655cec72b43ce985eaa4e62f23f186ff0a3e4f2be4141d3e49f2dcd49db4bc209266fb260600b4e08ae584d86f2905351e9c9426424f6dff8d38faab3d90a7ca7a256f7c43bb0e321aee520c03ad5cade48f9cddfb
+	C = 0c42549a50337200518be4ed53338cb6466b0d549104720f28486c32f3ce2f35508a4cf2ea9c5fc07467ccaafcc99093038ca3a0e4e6da52c48e35577746dd5d64d9d30db2fa0572769565c2798018b779f815d4315481ba21a9c7827393952858b4218f4d158e7202aa95c294f67e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = b24b95a40d978e6f663bbfaa5fc4e612fc0fc814df4f014cbcaaabf6d41e62ca
+Nonce = bd9608decd1a97f2c1a31ece04fd79f0
+PersonalizationString = 
+** INSTANTIATE:
+	V = ecf3ead851cad84bfcd27acb4708cef5baa010cba26f0951545dbad256955b42c96659294d2a7bdaf2c429479b08c1c170f259363f0361dc04516996c6eebcbecc10604c8f112c0aebbb7b3c20bcd93ad1d5391349d927a8103b9d10379cea61e055944187af4fe4b65c0bcc9720a3
+	C = db21973a7443b9ad7b96c29ae3f4cc704aadde11e6fb6905ed5f4400de8c009748c4548e97833c40d7b427364c4f795a9674da9396ae49b0971c8224fc7dc6b3ddeda7b03cec433a665866914cc8b68b9aec9517b084c44abc1b0bd2c0bde4484fea0d09c0529757030b43a9e4b3af
+	reseed counter = 1
+EntropyInputReseed = adf1e5083394ee24214b5e3f104c28e795018d2eca64cf8675174bd3369da3f2
+AdditionalInputReseed = 
+** RESEED:
+	V = 9b182a9c2538e1e17687630c20bcd4d1e664ed60b19837e9f162da9677ced866150e3124614fcea0d3cf3a03850cab84b32de4a01870ab7f1629104d5af9fe1602c83912a5180c2228fbe72b0f80c4a10aa3e901020eb5900bf6ddee7a6175aa3e4144e332a6a6d97ba57e550c8b97
+	C = d409b60d50afe2c2114901143a3a54444ad8c009502bff64a403908330ff18c7ee4c030b2338edf1973262afe8732786fce33efe67737646019a71e26223c632eccc786505455f888fbaef21ff697dfc94b97242010df268d13d4600c5f2663cb49a8d68b7e08e2619b0c9a0564f89
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6f21e0a975e8c4a387d064205af72916313dad6a01c4374e95666b19a8cdf12e035a342f8488bc926b019cb36d7fd30bb011239e7fe421c517c3822fbd1dc4bdca6ce06d076a2286f6f1ff51168733c51b07e99e7dece58b7107dd0973597bc266a6b91f009fec0763416d19575a63
+	C = d409b60d50afe2c2114901143a3a54444ad8c009502bff64a403908330ff18c7ee4c030b2338edf1973262afe8732786fce33efe67737646019a71e26223c632eccc786505455f888fbaef21ff697dfc94b97242010df268d13d4600c5f2663cb49a8d68b7e08e2619b0c9a0564f89
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 803b0338c4f820199031cdd43015563eeb9b0363559cc18ab1354683782157f00199b2712400167fe0789824c03c58d3f3d022e1757416144b10f9b74309e8bb40b668ab6fd50ae2f34175480b2899ee7474505cf8872025df1b9144f95a2b22db112723b50365097f63db97b5d36790ab5f92c7100f2555197343a4ca00ae5ce3bf582a5bfd302be7224eaf97274accb30f2dee7bfd3f48ac7fa1ee29461d94e3fde58801af4d7a55662129daea09bbd8d6786838a0c5ea6cd805e6aa2f7767
+** GENERATE (SECOND CALL):
+	V = 432b96b6c698a7659919653495317d5a7c166d7351f036b33969fb9cd9cd09f5f1a6373aa7c1aa840233ff6355f2fa92acf4629ce757980b195df4121f418ba88dd94829a4c1051c955081e0e83765b5e9ef1f329ae83e1585b50bfca18cecb031859781f34469d8de5da1ba69e752
+	C = d409b60d50afe2c2114901143a3a54444ad8c009502bff64a403908330ff18c7ee4c030b2338edf1973262afe8732786fce33efe67737646019a71e26223c632eccc786505455f888fbaef21ff697dfc94b97242010df268d13d4600c5f2663cb49a8d68b7e08e2619b0c9a0564f89
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 76358dbc9b5373a54838f436136d91b7665844c486b3887d70f18f7e1f08170d
+Nonce = 8eb70710ace7ac6a2b3e0439e28bedac
+PersonalizationString = 
+** INSTANTIATE:
+	V = 749c5aa2922d2fde9a30198d15dcd3cba70e36e8b0e82fd6185026d2139432d2dfe6c38e40f88d248f92793b73607226092f9c4dbf54b351cf607c051856c6d7baaa1a997bcaf22a35fdaa0d4749ba6d3adb6c5038b0fd2c9f2e42688564667ae966c4381d020814279d078d61399c
+	C = 8d106ade7b719be82c202bb7020e8f9f890dc40fc84e0145184cdf3b9837466713429e569101dffa31f511cf7132c02e9e59f43b348846db31a0e920c48b6afbc9d887158e55e60c2d15f13a7c7058d6772ba618aa82f008388b3833983222bd436384581dcba90489168cae8f8a28
+	reseed counter = 1
+EntropyInputReseed = bfabfa85c9f7be70a8fe974cdb8b2cb3c1b35c194e0cf13436e2e96750310567
+AdditionalInputReseed = 
+** RESEED:
+	V = 6524381aa3a31a88f3f7c8a71531e3ad178421854d535500ce129ea2f83aa17b574ad5d2380307c67f0f5129f4ce3102f5fa97eba60001b65418e1e793586df22f92a4911b043ef609a80ea5b1bf493d9b42529b44c81d656c13fd17c7886a4a5fa34d83eae02d7a40405c1f33a01b
+	C = cb1156bf604da3e996868b031c69c5384ce21140c4f61d746f338e297d54a8765945178ba5aa51b2f066089bedf9676ba40f005109f4f947f65355d83872a7f8d05b4f2f31b5d3d1b20ee81f3d6788c6e523b06ab5a4eef3901e021850f0618c626d86870ce7bdc5ef9f862e7ccb26
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 30358eda03f0be728a7e53aa319ba8e5646632c6124972753d462ccc758f49f1b08fed5dddad59796f7559c5e2c7986e9a09983caff4fafe4a6c37bfcbcb161fa7e65265646d889c03460b73ebc72a27b8c328a516f74540d114ca21fdbaba08dd0b569e0dce64e24320627bdc5a97
+	C = cb1156bf604da3e996868b031c69c5384ce21140c4f61d746f338e297d54a8765945178ba5aa51b2f066089bedf9676ba40f005109f4f947f65355d83872a7f8d05b4f2f31b5d3d1b20ee81f3d6788c6e523b06ab5a4eef3901e021850f0618c626d86870ce7bdc5ef9f862e7ccb26
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b67e7c996b8d7d8481d4cbc0fcb220a13f84e2efea1638e8ae8653c71cceabfd73a1713006a0cb2876272174675124388bc61f254af12cbf9ef4725efb2c7acadfa63587d5af2de82759fc5d1789fb7f0a67a438f7ab3adc62b8b16ef32a35b347374e7340bc82b12208e2fac06a1d18ac5a39d5a4873d2693a762b12fd9cd81d8fa2378f2139f54f86729893366f27179c428e3ea9fdc98cc47673f9d05fc4018deca1d2353a37301a04d70273f686a2b5a5f66a7b56a59526912c131499b19
+** GENERATE (SECOND CALL):
+	V = fb46e599643e625c2104dead4e056e1db1484406d73f8fe9ac79baf5f2e3f26809d504e98357ab2c5fdb6261d0c0ffda3e18988db9e9f44640bf8d98043dbe547f1ed82d8e8a1315202f47ad4e0723e65366dbc571b6051698ba3997624a6b84770fddaed6ace2fdb053e16427824d
+	C = cb1156bf604da3e996868b031c69c5384ce21140c4f61d746f338e297d54a8765945178ba5aa51b2f066089bedf9676ba40f005109f4f947f65355d83872a7f8d05b4f2f31b5d3d1b20ee81f3d6788c6e523b06ab5a4eef3901e021850f0618c626d86870ce7bdc5ef9f862e7ccb26
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c79fb5b0de8af70355d97226bf6b6674c94e27f49c565229ffb5cdec9f4ebb3b
+Nonce = 4f857f09e3b943d8440c477c9d63b3bb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 81dcab95073dc6f637a6c2b2bb49c00110d620f7acc757371a7bf2574b74f18e439b3f4693a0ab2ae9619e1196d0daca18783fe4f032fa1f6268ead6c50cb898dfd8a0931d58c51fd48295e9f15af4f91865a4f414c0292567f118068e37e60e17e7023d3ff9817fa57918adc1400c
+	C = 9ea767251add6e638a7a0b94a36d73e3bedc75ae6aa8c4e9a35e2074ab3ed5b2bf706d94eae94c991b33bd3276b3ccdb6bf61f49d42e1cda247275ecbc327299bdf5337ac3e83637c559c88684ae41dd0a38dbcd72971c93f20b806ee70092a6a0b338d9976d61505f60d6561222b2
+	reseed counter = 1
+EntropyInputReseed = 8ac927beb9d3394d9114bb882889f5942c363b45c96fa22e04970e196c3f2a56
+AdditionalInputReseed = 
+** RESEED:
+	V = 11504762248ad603139624379976f446cb18011dd353b46027eab507aa4916d02257c83f54be5d016e604cf54c65e15c0aba2570fa17c44bddc39a1f86aa16f4011a13def7a956ec6de0f1d24edf5108bd3f5dfcfe502dccf35fb17560077feb2f080ae04a38007fa77b01ac4d4567
+	C = b4c15970a2714a1479bf7c6deaf5eef88ecc582b111f63d2f2a561dce32677807adc3b4cd5266ca05799f60bc67dff0de2b9c56c42a5f6d68a3a5a44f9dabe910e7b1334a882a3ac267e131ce0083c3d546845a6f1ca4804e588d545c810643fc4d50b1941b5aa7c5267c1c888d1ab
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c611a0d2c6fc20178d55a0a5846ce33f59e45948e47318331a9016e48d6f8e509d34038c29e4c9a1c5fa430112e3e069ed73eadd3cbdbb2267fdf4648084d5a7b4900c827db40c74886f83c70fa540f7700da0efa8495b84bf664725e5afa9e0e9cc8ed1ac4456eb1bc636d23f6401
+	C = b4c15970a2714a1479bf7c6deaf5eef88ecc582b111f63d2f2a561dce32677807adc3b4cd5266ca05799f60bc67dff0de2b9c56c42a5f6d68a3a5a44f9dabe910e7b1334a882a3ac267e131ce0083c3d546845a6f1ca4804e588d545c810643fc4d50b1941b5aa7c5267c1c888d1ab
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 790d100766b005226ea9c858c6f2349c26c3b3084df721a13e953be9f474919447a719043fe7f43b77774f7532303d91e65756eb9f995514de4de0ece3a7a59de7017d611f498112c39d15be6a3d3fd4f607093e2d998e7c8183f27b0b7455926bd291ca5a5c58108e3145d1f90f52ae0a0f99c77806d10a3e02893022766b369bdbca5cce989aacfb1386064c6091edc81921e74edd2eaa0979123252c2e76998be4d89a5a22fb1bd84417a324631b69e22ac93d6c6e043a6ead3d403998a93
+** GENERATE (SECOND CALL):
+	V = 7ad2fa43696d6a2c07151d136f62d237e8b0b173f5927c060d3578c1709605d118103ed8ff0b36421d94390cd961df77d02db0497f63b1f8f2384ea97a5f9463b8aa76cde209272ae01cf5ed4d6347a0eb5a785b52cc2ff8aa41fb23bed04cc3974fe0ba86dda397857be76b37fc62
+	C = b4c15970a2714a1479bf7c6deaf5eef88ecc582b111f63d2f2a561dce32677807adc3b4cd5266ca05799f60bc67dff0de2b9c56c42a5f6d68a3a5a44f9dabe910e7b1334a882a3ac267e131ce0083c3d546845a6f1ca4804e588d545c810643fc4d50b1941b5aa7c5267c1c888d1ab
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = f2bae9df47486bddd728b61ec70fbf20894e50c3fc45e7c74cf61924cb0f455d
+Nonce = 94e84685d8f488053fba7b31fae6fc9b
+PersonalizationString = 
+** INSTANTIATE:
+	V = e0c53f8d6e695c6a86d2c2bed8f72065a347953a0e9dabb11bed4d1edb796ee5b55f0eb1e28338ab206080e3180350393edbbed7af1cae458e589d4f044ebd88feb670f66ec5b02435600b1ea7e0be9c6f8af17fcc2663b0cee2d0f6d61e64be8c4fa6a5b2ec95f797ad587a799896
+	C = 40371f927f79dbc5882ce2f4dd16b057866a75bb2551915f502fb1380835042cab977dfd1159b6e8552daeb1a6cc6feaac9ef4435ea1ff2825b862760c5e8abeb0e83f517397ba0b20f16d11d1a024631d99f5f782032da4af55e73a47b33b6ec68191c86c2b5858e2b2b43506bd56
+	reseed counter = 1
+EntropyInputReseed = d3c19f0828ea11b05a2195ac82f2f9e217f9118569044cffb654a909a09822df
+AdditionalInputReseed = 
+** RESEED:
+	V = 39a7011a3ecbe0b67bd7f334f2a54fec2006aeff7558fb56710ea98de59a39c5194ebc0227557064fa586e68ebf18faaa8595723305428a28c398bb23747eb07d2443d52de433d5fcbacf33bd02857104cad5bfeac1c6287e38940308b1d4f0cce29b1d0debf3756ed36e1f4b14051
+	C = 84c1af5932c2d3b42838f45735162e556084d71faf6de5234eee0d4e3954c088d35c743bafdf606bffc4f24e022f593008e7234947adbac4a791eaa29361f623225168ca313ac3b601a92ccf317d1ae113047f7c4ef4e2a84c64596465c3078ec860abf1792150060c8410bb873b0d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = be68b073718eb46aa410e78c27bb7e41808b861f24c6e079bffcb6dc1eeefa4decab303dd734d0d0fa1d60b6ee20e8dab1407a6c7801e36733cb7654caa9e1cee6d014f88d1500060568d3efd642830c319aa34fcb0c8a87469a0b52ad2b66b759ffdfc6884428596a98fcbcbda7cb
+	C = 84c1af5932c2d3b42838f45735162e556084d71faf6de5234eee0d4e3954c088d35c743bafdf606bffc4f24e022f593008e7234947adbac4a791eaa29361f623225168ca313ac3b601a92ccf317d1ae113047f7c4ef4e2a84c64596465c3078ec860abf1792150060c8410bb873b0d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d671194ddf88ef6a6f3216040e35a00447477a843523d03826df4f6697350551e5b5031eed1841d6ddc1e78959667e486e3a868dd5a945851f010ec1c3b07ae798545b688d48320b17714d3664ef36b619ac0e64e5cc9fa9df11ea5f4ba61dda8ffabe94731e64911c8df950e804e3367709d4c46b36fce5e2b9d0c78e0c89d98d5c004c24faefed467f4f8994d7dd7ad4e76498a2a68824a7413787797b0301c8d023651d04d338128dea6fb919fb3d404336a595a3e1e01bb6375bda6c891f
+** GENERATE (SECOND CALL):
+	V = 432a5fcca451881ecc49dbe35cd1ac96e1105d3ed434c59d0eeac42a5843bad6c007a4798714313cf9e25304f050420aba279db5bfaf9e2bdb5d60f75e0bd8a5cef2b58a88dba6faa7b7451c0c67d1b33ac2b49eae67a8aa11d407b19a1a484bb80ecfb6f024316c6ec6460e4b6e53
+	C = 84c1af5932c2d3b42838f45735162e556084d71faf6de5234eee0d4e3954c088d35c743bafdf606bffc4f24e022f593008e7234947adbac4a791eaa29361f623225168ca313ac3b601a92ccf317d1ae113047f7c4ef4e2a84c64596465c3078ec860abf1792150060c8410bb873b0d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 5f64ea30495b5f8c9868510facffd0253da151eba846774af5a68c1d4df48fa4
+Nonce = c324921486f5a566af006aa2dff2a1f2
+PersonalizationString = 
+** INSTANTIATE:
+	V = a849c8e2025df2ca3b03addadf8681820e78c5af89d6430f1fbdd8ae557e47b4948bd247ddd31abc2d0d3acd395b203e2fd5444a2c5bdf85ff9e85ad9feda1fe6ddb3a50413e0e7a29ee2ad261f2957e0ba292ed757607bf6ee2aee6a26233e39f5f83bfbf93fe0aaf653f1cdefe43
+	C = 5c02aa26bad24071c4cb85dee91b429090ad3cf81b360b0ecf93846938b3abab20eb16680247d24ee1a5f3f7e916e3ba2fecff59c5e1e85079a1ec9bf556fd47adc7329979774e998f8caddb87716d49adb3ef22034393bf8bf8d2f7c74321753aa244acff663cb26c26bf2804fb69
+	reseed counter = 1
+EntropyInputReseed = 3ba35cc25940b0ff20a4b6e4f37e0dd61a0b95b97b180b73c902d69effc4dbf9
+AdditionalInputReseed = 
+** RESEED:
+	V = dddcb787d7affba3f0c951e363702eefd9046938f08157aa54b9d4f601c0f0713645c9525dcff90b1e37a47b1449d8dd4e966167f019a754432e1aa80c7343719a8142559580c91312a9366228f3f09a263e6fafc0fc7f4a785d48344b0416f1ae69cee2e706667a16f2728ff48523
+	C = 992a55172e7c6ff5060ae00e1d8c129cdaf50fe6adb9cfc1dfef9c30e001a1a59bab7ef2d33b18be3a2dd7d44af80cd27f6cd9adddcfb92a7aeab717b1d82f6bbbcebb74049d43ddac280150d4d471804712a3d303fc83027ccae4c371ad5a4b7991b23f18a4268307353fd38754ae
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 77070c9f062c6b98f6d431f180fc418cb3f9791f9e3b276c34a97126e1c29216d1f14845310b11c958657c4f5f41e5afce033b15cde9607ebe18d1bfbe4b737eac4694841ccb946e4613f432d01ef40518da9884ca7dbbbc72a118f9551c236cc31d4df90afce05488a906f8be03d8
+	C = 992a55172e7c6ff5060ae00e1d8c129cdaf50fe6adb9cfc1dfef9c30e001a1a59bab7ef2d33b18be3a2dd7d44af80cd27f6cd9adddcfb92a7aeab717b1d82f6bbbcebb74049d43ddac280150d4d471804712a3d303fc83027ccae4c371ad5a4b7991b23f18a4268307353fd38754ae
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 56fe310743d26a7530fe7823e73dd68d7fd02c78f787575f237ae041133a01297237c42cfbc73dcbe4ad4583d608724585e1b923fc941a13af34899ab9ce30c15342569ff08385de1aed1c335ac42dc2dee0aa2613e738764c24666c68884c96a7ca477001d7c7f9892a4dee040c93e71016e103218dbb5a3bbb194f645a6d6f5435430e34fb221cd42e2f892969da477577caa6da7d2b47455870a4d4d222ced7764a8f129d6b5b7982f845be6d9172ccdd1462e8d3dd952cf5036ba74f9028
+** GENERATE (SECOND CALL):
+	V = 103161b634a8db8dfcdf11ff9e8854298eee89064bf4f72e14990d57c1c433bc6d9cc73804462a8792935423aa39f2824d7014c3abb919a9390388d77023a3103173b24a728c914fe30e8505d99b8345ae79d89049068ab8be5c26e154dd5e7c3e8b5f1d3df5e2bdb2a05866e545dd
+	C = 992a55172e7c6ff5060ae00e1d8c129cdaf50fe6adb9cfc1dfef9c30e001a1a59bab7ef2d33b18be3a2dd7d44af80cd27f6cd9adddcfb92a7aeab717b1d82f6bbbcebb74049d43ddac280150d4d471804712a3d303fc83027ccae4c371ad5a4b7991b23f18a4268307353fd38754ae
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = eb141ec5ab0583f39e69913b6ad46aae6245598ff5756824428e8b6a8f240a58
+Nonce = 1953c8e149e55d16da1a920252fd9b46
+PersonalizationString = 
+** INSTANTIATE:
+	V = 19466966b78752ccdd9d4e5b7b9e326b6786ab2b4a261a7126e7cfd05cdb679fec24d2b3b617efbdae46b330704e8b25ca64e7ac6ea096d07065b190635dc9e8d6eb7437942478dd43588e7015cbe0391e859170fad90fda2166860387dd6db683daed98d23a295b6d6de2a867b757
+	C = f397d469263b7351500d08578fb15b3456ea5f7140437617a0d8b91039135ad253ca05cc15386c4c94752833b95502d8d9cfbd9d7cf056140731028049e325ca1fdaba9db569609e025c25f0e3107c2108d1ba60ba694a23ebdcb47c5d5eb1f8ae50ade125c477d872339a436340e8
+	reseed counter = 1
+EntropyInputReseed = fac96829ce7385c36effd0bb564326bd41803bf361bf54486de0233d36e58a56
+AdditionalInputReseed = 
+** RESEED:
+	V = f56c695625c9985a5243c284576c18a4442613085c98ce19d4850e5ad5fed98950992ae06fc08b65c9274c0c57ef1df9cb6828f2ebc997294796572e5003573f1fed2f6c6322547c21426f90bbf547c45ed233a40efb100da6f2722f64eeee3307c6f727c601cc5bd870a10970e7e8
+	C = ca8495f0f2447a00d2a5d7b88f4c0c98d899ae2675fba591973d0042258b2358f07549f71552eccf8a53bff5b6faf5b43f631da8c46d8e50574b156d12b7693a54e90861bd81eb5adb2d33a54a00de56e1c745b2ad16c42796f043d40194186aff772799f03c1696bc6cf476a67179
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bff0ff47180e125b24e99a3ce6b8253d1cbfc12ed29473ab6bc20e9cfb89fce2410e74d785137835537b0c020eea13ae0acb469bb03725799ee16c9b62bac0bb21800fd9e114331121e0d79b7be54f6fa077214111342526a52ba57252f74eed1cd2cf87c61d88d9fb93343763f6e0
+	C = ca8495f0f2447a00d2a5d7b88f4c0c98d899ae2675fba591973d0042258b2358f07549f71552eccf8a53bff5b6faf5b43f631da8c46d8e50574b156d12b7693a54e90861bd81eb5adb2d33a54a00de56e1c745b2ad16c42796f043d40194186aff772799f03c1696bc6cf476a67179
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = be5447fcd3f98dd36e9689ed63f5f33fa2d6883f4339ecf86fc0a6bcddf1d650b4c97aa993b5958e948fc8ff4598c246cbac68290000d771e7cb61c06408651a8fada1a2130d268317eb16272598a74baf7cb10d3f46cadb7acb89d42e9d28ca2664eb266f9e7b1bab9ca9b91ed853870c613aba8ef4884b4f97f09b9a460dad8857f475dd01e3c02a8207ede8497a5c35c489877f8f2af9fe84ad2e808407c02dd0c6352c8b5a75d96c4aa5d8a713f86b61ce3cf22787ae1b891a88cd28c4c8
+** GENERATE (SECOND CALL):
+	V = 8a7595380a528c5bf78f71f5760431d5f5596f554890193d02ff0edf2115203b3183bece9a666504ddcecbf7c5e509624a2e644474a4b3c9f62c820875722ad465899029bde4a85110d1bc756f83b2fb3ec5839ff4e2f3cd8e0eb40d4b3e48cc28dd9bf297750067dbcede138d8601
+	C = ca8495f0f2447a00d2a5d7b88f4c0c98d899ae2675fba591973d0042258b2358f07549f71552eccf8a53bff5b6faf5b43f631da8c46d8e50574b156d12b7693a54e90861bd81eb5adb2d33a54a00de56e1c745b2ad16c42796f043d40194186aff772799f03c1696bc6cf476a67179
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 93bacbcf7b016994c0777b911bb6652339f1a1f46b209c4bdbbab5abbdada6f2
+Nonce = b9fe65060323440e4b95ed9d1b8a11fe
+PersonalizationString = 
+** INSTANTIATE:
+	V = ccd2c40a83cf61e362d3a273d77cca6938364cc1e7f94754f905e1859a079fe6a8e0e26d6b3c82aad3b2dfd61f7e8a9d5ab0079a8b8865507eb6c0ca2760e548f14df782227818a333eae67277f672bb2bf612576c07144f0027c17fa308657f7cd3bdd42264a15b24e9b9c984f815
+	C = bcf6edff5e94b361f0ae150dc7c446fc4d4a5fcdc2378feb07620ec3fecacd01a21b2505d40a68e2b0364ae3c07b97b880c2428fc6ef63a9fb0d7494b6d03cbd62d6e37d11f2b7f2daba0cb8e07ed49dba43f0ca3ca3af718f078df320a7f9ae8c21b0e435472ee28507dd1c509b99
+	reseed counter = 1
+EntropyInputReseed = cd078df0558a25b3d51c7549ea075fb9ac39ede81e29819cfd20e620eb8d28d1
+AdditionalInputReseed = 
+** RESEED:
+	V = 0852438d5d843aa7f0681e02dcf765bd1f8813158c67f32e445314a71c4912717886222ccf4e2c2f98191437eca43c3e4a655051b7fde16019608c481c6f74892701407ff308320569af56e29da4c236392a5273775dede9b0ef9f05c3730462167dbeac60feafc01f242b386615e7
+	C = d98670dd97ab6495f6fbb3ff871f07fa952d7824cbebff18efd1cde0e824040a516f20da655d411df312da7eaadbe5765c1ce2a639eca584dccac40d53f428e1d6d1754c6b704f4d5dd1be636920feda81fd9f69750a71d2512f3969560f4f3d1302aeb58fccea4fbbc65c93913449
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e1d8b46af52f9f3de763d20264166db7b4b58b3a5853f2473424e288046d167bc9f5430734ab6d4d8b2beeb6978021b4a68232f7f1ea86e4f62b505570639dc43403f463e5beb067179aad4557262779bc321fc506ad87f893e2ab09c3acb6ceb29bfbbc17094297e4465bdd19d21f
+	C = d98670dd97ab6495f6fbb3ff871f07fa952d7824cbebff18efd1cde0e824040a516f20da655d411df312da7eaadbe5765c1ce2a639eca584dccac40d53f428e1d6d1754c6b704f4d5dd1be636920feda81fd9f69750a71d2512f3969560f4f3d1302aeb58fccea4fbbc65c93913449
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1b9c30361f8382939f7ffa825d532042d79d8d30d1af9f8a852dce52778d832c3e9bfadfb9e98446d5e90eeae03e71f24944daac16f4da1c3e05fbb567eea2acf5fda48d7f8fd1302253fc32712da08a92a9be756950ae111e31ebc66828f551c09a0339e16491441fa478997c98172333238285c2aa2344b1dac9e0daa2deb6cecff4340f2c70d12e50e882831c332900879a5c69fe73b5cc1dc2c12960873c749f43f37d6aa873b74c390f66e04f1a0998f0b3233d645cc3039b967338d2a6
+** GENERATE (SECOND CALL):
+	V = bb5f25488cdb03d3de5f8601eb3575b249e3035f243ff16023f6b068ec911a861b6463e19a08ae6b7e3ec935425c072b029f159e2bd72c69d2f61462c457c76076809e655ab6324fd3b95c4db07ccd9d2406660d036703b0a7a53bae3945e6d47395844991d89c02c7a41121126b9e
+	C = d98670dd97ab6495f6fbb3ff871f07fa952d7824cbebff18efd1cde0e824040a516f20da655d411df312da7eaadbe5765c1ce2a639eca584dccac40d53f428e1d6d1754c6b704f4d5dd1be636920feda81fd9f69750a71d2512f3969560f4f3d1302aeb58fccea4fbbc65c93913449
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = baebbfb38e8019ee1da0665e37fd42419c84b5f42624f4a578247aa8f8b89024
+Nonce = 72f0a9d161f1c72b0d10709c189be8d9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 634946350855d099cce260d0d5512249868a28dcf4f8e9921fea9a78a3d2409218830ef3d9af033cccd64417636533aed880e661f519ffd871be09250a49a1b57520bcef7024cb81429afa6f83eb54c5900377c4eeab9594dc6e1d365bea6f99e317856542147885cdb328046f2bbc
+	C = 918145da5118005470b85e9037d91a7b0126392530f26a5d6d33580248f81f0f7aa1d13d8a9e4d6e44e222794d7b6eaf47bae7a488150f11767e2277e9ac2a0d27a3fdcba7d1834b223c4aa7b0853b8602b018d55000ae7b61238915afa6f487cbb50cce585e08303cffdbbe19e750
+	reseed counter = 1
+EntropyInputReseed = 9dea855944b834dd7feb8831955bc16d3a4ae3ae218b8624195d7d7dd1763b59
+AdditionalInputReseed = 
+** RESEED:
+	V = e4cdfd28ff8717c96799b4461dd71898d3983d9cc894f3b41c8635a0c1129f8a2f2161fa62883fb064b7b4393043ea93c0dc18e571ab20666521295d7dc9957ae6852f64d75d30f9c5e7be59605ff70246f5326849d7f97fd4fe5f68526de38fecec9891d5238182977cc1d00714eb
+	C = f9704b5ea2316fb212383351cce6772002aa19c1d6b2433d07adfa74b99887d1c59f1880660175c998799982a551625ab8f26729ea7e975cac90fbf248490e18ed6f64f1cc46536cdfe2511b803fc14f8bc684f3a6a8d07a99bbf3195cc00d71e94319d78f19866dab1bdf1e220749
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = de3e4887a1b8877b79d1e797eabd8fb8d642575e9f4736f1243430157aab275bf4c07a7ac889b579fd314dbbd5954cee79ce800f5c29b7c311b2254fc612a45fc64bc956d9945016f84f1a20738139b61f2399bf9e912d0aabf18c4436b29f8707e534d5f602550a23a04f72788680
+	C = f9704b5ea2316fb212383351cce6772002aa19c1d6b2433d07adfa74b99887d1c59f1880660175c998799982a551625ab8f26729ea7e975cac90fbf248490e18ed6f64f1cc46536cdfe2511b803fc14f8bc684f3a6a8d07a99bbf3195cc00d71e94319d78f19866dab1bdf1e220749
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 659ce24cbf6cac220774a87a82a708463f8b8ff1f8d7d4976439e40295127651ddd18957904fbb6e34cf69720155705cba099a0478f2b77c336a71efd3d9fb85b5a54a3e398b1e9e93526cf3f905787b4e08831c4f673f0aeb2eb9c05ca29375037943df14009d2223eb83efbe0238e5317167067c37e35e5a95dfd32db0289a6eabeab8dcd0552a65db08694ac508fc32df627e863a9d72c62a6308e4e911f8aa03e5fe5a7177782d1bde17f004ce2e00ead7878a3482803c879fd410c5c6c5
+** GENERATE (SECOND CALL):
+	V = d7ae93e643e9f72d8c0a1ae9b7a406d8d8ec712075f97a2e2be22a8a3443af2dba5f92fb2e8b2b4395aae73e7ae6af4932c0e73946a84f1fbe4321420e5bb34d621c653ef26080dd6a85db968995477b9f17eba73a3b8ebe5940744abe18a11c4ccc53dc8fa34dbb731bd5f0ee2e49
+	C = f9704b5ea2316fb212383351cce6772002aa19c1d6b2433d07adfa74b99887d1c59f1880660175c998799982a551625ab8f26729ea7e975cac90fbf248490e18ed6f64f1cc46536cdfe2511b803fc14f8bc684f3a6a8d07a99bbf3195cc00d71e94319d78f19866dab1bdf1e220749
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 60197716b71d7a38873329c8f8dcd1a0767b7964d1bbfa0e572cd43d4e05b2bd
+Nonce = e0e01f861ee027758d5122e26de8dffc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 607446d6607c300eb26748691f0c6fc45818669a9bede975785c208313db34adc287044f40b9620b29acf0a4f6216c94c19ce0fd5e2311d1141777c4d1b53862c404642241509151ea676afdbd63de05f58c27e4b2ddb3eb81b11b387de70e775d9101513a6ff8b46a960d825c0e69
+	C = d473fec49cd410cee33f0ef819fa972e1f568ed34d5234b521bffe3e0d2f0528083b3d7469ff814e16bed4322f642ddf672ab95f3a4d636dad8e3f198771102028c961f290f2c8c9cf986ab91f37e6dfaf0cc6490c41f5b65648dea5d2dea84a080006fa4343dfabe6c8323b4b8664
+	reseed counter = 1
+EntropyInputReseed = e1e1a24cb191f866cb02a963bf887b3200c979943480360db5ce4ecf7ede875a
+AdditionalInputReseed = 
+** RESEED:
+	V = 29a0723f53dafcf11571f04bafa41be3886262dcb3649fd8925f7d8f1e3ea7b1fe65abcefa77ede30e71b4a0ccd5e94400536ed3cdb36f90e54a48e05a1054de86a9b5e6528ee2cc9e317759a40326fb81b3e892d422ec2dfbcd67704214794765e125aa458b08e0eff3d1ce0d190f
+	C = ea925ce7ea2247205f01c300dbe7cfcbf2e26c6b73c5ba37b8209a2e463d201cf297d4f91706d1c9dbea438db2203d18e3823b01e736a397effae97180f3f5c5ec1866d960f9fdd5e6dc3ab76307e3ee67cc9d8a64b0891aa917945471da689f6280ff48c60ee38aa7b5fc7f1b6990
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1432cf273dfd44117473b34c8b8bebaf7b44cf48272a5a104a8017bd647bc7cef0fd80c8117ebfacea5bf82e7ef6265ce3d5a9d5b4ea1328d5453251db044b04a11e5db56317f7ae41de924081edde9d451718937509d3cf4ad56c8b7a539932acfd284c4fa7c0e6f65cec132b9191
+	C = ea925ce7ea2247205f01c300dbe7cfcbf2e26c6b73c5ba37b8209a2e463d201cf297d4f91706d1c9dbea438db2203d18e3823b01e736a397effae97180f3f5c5ec1866d960f9fdd5e6dc3ab76307e3ee67cc9d8a64b0891aa917945471da689f6280ff48c60ee38aa7b5fc7f1b6990
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6e0b88137dbb2a2ef454de144eec7db82582b8698b9292c941cb31d11a563369a8effcb6ce70d91f26194ad0a4688f731097f03ef17296cb3853410050b5cb449e237b896ab228a6f462a072bdd4da72eb6423cc406676809322209f6d3bed9f37de6331910a55183a5d5362eeb62384d73599d7bd2a1abb10c997c9d119bf6ade3e4eb0d92057ca4b2760230b16f6948bcba51e46a5a24950e6a191265c14115c0741201e1c1ad22d71aa36fd1f1b57fc67950259702382af5a48dc7eff59e5
+** GENERATE (SECOND CALL):
+	V = fec52c0f281f8b31d375764d6773bb7b6e273bb39af0144802a0b1ebaab8e7ebe39555c128859176c6463bbc31166375c757e4d79c20b6c0c5401bc35bf841893a9b830d5317a2207d32293ddba512c52a165433a9c59ea1f9e088b4282f67d4f7ff2d5c57aef8e34f9122a8848130
+	C = ea925ce7ea2247205f01c300dbe7cfcbf2e26c6b73c5ba37b8209a2e463d201cf297d4f91706d1c9dbea438db2203d18e3823b01e736a397effae97180f3f5c5ec1866d960f9fdd5e6dc3ab76307e3ee67cc9d8a64b0891aa917945471da689f6280ff48c60ee38aa7b5fc7f1b6990
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = f8f9930e66784aab9980b63de1a63eacdbfb30ef1977da48a738d3cfa86153c2
+Nonce = 191c9abee5dafca70921e07c2fc4d037
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4b906a6d06f728b84860d504f2ad02a43329cf9598399ab9f39c205fa653d8329b133d3671afe377de84785ac4ca476d3684a5175b965b8570e4bae8a11f1d84b6b3661596171cf954652d91f3c519bd86a70a8adbb662321e61cd6b77a4057e8a2911cff4f3b98acdf77844f8f6c0
+	C = df766259195152b2329156e97803f32afa580cc4b7af441024d593da3a1a9a2c6f8b88107117890151538364d74a48cc67bf1c52d8e23640e0f6e5407117206c6a543e0e4c98c719424a72e8f96d566305d5779b9164f3f5d27e96de3b76e55919640a621d895a586e2ada24935abb
+	reseed counter = 1
+EntropyInputReseed = 2b2456016b42be416fbf5fc73128a0a10ea03aa82c4c92102f946743ac366039
+AdditionalInputReseed = 
+** RESEED:
+	V = 0da1ef3e68086db652f350eaec04df91b80052192a6248415e62b62eed24762a6b8ae8b23b9ba24eceeae78412eb22ff7629f13b0d5a9fc7e63acd4d70e30057d9be46163b7d3cc30aea47ba0b3c899dca500b81cdddd0406bbc735b49d3f9386924962b0926e249bfcd778de03736
+	C = 9e38779aa920fc19767848786c352ff885c308607fc7b032647d0d53e28bd43edadb57dcd49b798b8ec79b1f23dfb24b01961c99201420865f3a647c21af1bcf3358f427742cc99172d2faf3274e56a8e7d7d309c52140bed5112fa8cdf05dd03b09c29de9a5e47da53beb0cfa6a0a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = abda66d9112969cfc96b9963583a0f8a3dc35a79aa29f873c2dfc382cfb04a694666408f10371bda5db282a336cad54a77c00dd42d6ec04e457531c992921cda5850a67ae169802d1b910a33ccd7e1c4393de917f43f6582c7ae3778dc958e3e9fe27629e124cde1d1895b39747533
+	C = 9e38779aa920fc19767848786c352ff885c308607fc7b032647d0d53e28bd43edadb57dcd49b798b8ec79b1f23dfb24b01961c99201420865f3a647c21af1bcf3358f427742cc99172d2faf3274e56a8e7d7d309c52140bed5112fa8cdf05dd03b09c29de9a5e47da53beb0cfa6a0a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 020b841cc0e11842c9c2491fbfdc0cc5abf0b66ac08370ace918aa6fefaa64166d3b11aa9ccec4730939c6b61519ab0e2098f92302f99cfdb10e9f43f50994068d23b8a7ef12333b97fee53db69e5ef7e1300600642c5c709f41eaa4dc0c85a46e92fc26e9bd8e97c0ccdcb5aa9dc384a7315d1c850106d26f0d5621238b4dd0ac0de6bb8678afa19ffa93a3753357b9806a1dba071ab9c70ad7c2b31adfd479335379fc1421548616e8329475414e3ebd4a898a05cd5bad1d454b0bc0950007
+** GENERATE (SECOND CALL):
+	V = 4a12de73ba4a65e93fe3e1dbc46f3f82c38662da29f1a8a6275cd0d6b23c1ea82141986be4d29565ec7a1dc25aaa879579562a6d4d82e0d4a4af9645b441399b67a92c403ee4906e370e7ae187e861beadf6278f972be910a953aad2813fbd9f80afd576cefcc494719363c19f7698
+	C = 9e38779aa920fc19767848786c352ff885c308607fc7b032647d0d53e28bd43edadb57dcd49b798b8ec79b1f23dfb24b01961c99201420865f3a647c21af1bcf3358f427742cc99172d2faf3274e56a8e7d7d309c52140bed5112fa8cdf05dd03b09c29de9a5e47da53beb0cfa6a0a
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7c92d53da9f31059138bafb9c441713967c6ba850fcd7569ef8ed9018634219f
+Nonce = cac3fe3315ccf52fd6b9067bf1999df9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f5e2ac3d30f8831221218f8aa44a329bce69b031348b66359f39427d647916e5a828ba72eedc284e9888a7020f66c7dda85c6cfbc8041fc89a814eb6a8d2c88afad673eb84397adf2496be6da0ff4626c92a1ae3c646f217987250502383eff276963f1d0ec4e5a2e427fee0bea04
+	C = 39a4eda6d09555467b122eac872fa273dd57fb11f2465881f00e3e827062e2897fce8fe0f14561c5ffd68fc55ce7c01a4d8c3d7c4ce6a0d3bc9aacc2496f8991d128708215b0ffd5a729eb9372acbfce7911cb5853c06b62c8760a6ef1d0fa66195fc255a1a0c316a69e89532354f5
+	reseed counter = 1
+EntropyInputReseed = 7f720e038d39ab0bc9a796af729fb664dc1803ce364721a21e57a2ac889498a5
+AdditionalInputReseed = 
+** RESEED:
+	V = 38a9e460680f49cbdc2b4dbec9180393505821d8d7a2ee06257920fa5c88969c7554b92bc28fba22c6d0f676a46db7148cd0f27050660d4bbcffe2882f7e3873baf5a58af35456ce784c6e5b2f2742e0e313827329da040406b59d25216d229f96b6493cef94a31c07db72cd037a2a
+	C = 0cfaccbba610d6d0073d907d39a7965e3565e22e05958713992e2c71f03d7d284a35b36c67f2c2311f205fb27df5b6f8425df098825bbc7b1e8b0d0ba1b2ab25e74e2be9d03bfdb52d60c82b533380bfd2f20952147c203c27cf67eac26025fd06999d1fe3ac29ded953e59e825156
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 45a4b11c0e20209be368de3c02bf99f185be0406dd387519bea74d6c4cc613c4bf8a6c982a827c53e5f1562922636e0ccf2ee308d2c1c9c6db8aef93d130e468cec57cfd2ed4ca2a2cff48ca9cac3b2d9cade750e3607dde91edd1028af1db8bb3cbc2fa2248b9103add3017524a80
+	C = 0cfaccbba610d6d0073d907d39a7965e3565e22e05958713992e2c71f03d7d284a35b36c67f2c2311f205fb27df5b6f8425df098825bbc7b1e8b0d0ba1b2ab25e74e2be9d03bfdb52d60c82b533380bfd2f20952147c203c27cf67eac26025fd06999d1fe3ac29ded953e59e825156
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fbaecafc7ad92943d5ec09cad51ca2e566afca3967f717c4f4708c540f13c92acd67c7b5a71889b60662d032c4c814c7db17f54c985d30b672230e4081f9b9127bb05017f321994a050a1f0fdad28246449175940aac21cdc8f536fcb41a673088c5e5dfbf4aef8df1fd90f6c039edb880c28dcbb336fc32c61be46c8884b68d14711c6a8784b6db6bbb1c2e9ec03e6497b73bc4cf3983edb31fbe559016ef239585dbb663356a1e3506974d11b599cc7b7b21796381a074748512558c44495e
+** GENERATE (SECOND CALL):
+	V = 529f7dd7b430f76beaa66eb93c67304fbb23e634e2cdfc2d57d579de3d0390ed09c0200492753e850511b5dba0592505118cd3a1551d8641fa15fc9f72e3902bf4384137898c56f73ab15723b715994c34bc110833f80dc9d8d465ee48f49350640c6eaff2c54baf5dec02a04e872b
+	C = 0cfaccbba610d6d0073d907d39a7965e3565e22e05958713992e2c71f03d7d284a35b36c67f2c2311f205fb27df5b6f8425df098825bbc7b1e8b0d0ba1b2ab25e74e2be9d03bfdb52d60c82b533380bfd2f20952147c203c27cf67eac26025fd06999d1fe3ac29ded953e59e825156
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = dd47600892f43c5d7c246af1eef90d061b65648f9686b473ba41ef6f0a019e94
+Nonce = ed7e3450263d088a1a0d5d157734d8c4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 035c60231441a869e3c6bf0b2de6132cdbba6ae93c0702b676ddf3bffda56f2b9336f050fa90e3c277e775b72ec006d77f7754c017eb1bcaad68d81e5ee9ae268e9c2be168ebd46b3ed160ba9532df9b2662b8f704ce154b62d95967a09cd0b18fa68081a751281ed51c999f511d6d
+	C = 846e811001fd3cbda53023f8f8dc000cc9116fd759fd990dd90399dce4e86e25ecd73d7316f19113d26902ad520a972a8f2d1916ee73a4c26e771237091270e23fe6e12e82edaff3b50cd807d1eacb0f30d45015e3c5e6ea3fb96a312cc4834d9776f4683aa69f28aef13984c03225
+	reseed counter = 1
+EntropyInputReseed = 626683607f1d8b8d81cc04670ad9f6d8bf13f017b04028ed007a37008449d9e4
+AdditionalInputReseed = 3dbed34bd97a16ab7cff173c58c3f8a814d8f49e9cbb41974941b54d95e05463
+** RESEED:
+	V = 41ddb8eb962e50da55156ff3be0d603e24fe3a90da07a707b1a62f6ce6ce5795a5d4a2f705532ecd41f74e70d80b6655eb4562c7e6d2955725371cc64f278af307e80f146d89fe5d57b05ccfdcd7c4d7ddecb99ad2a4a76b24b5c5aba5b5759b586af32e374bd2f94b6a4afffd1617
+	C = 94ba65f140e25656b81fe7eb35f9545ed6096a324ce94937f263407c1fed0304072f69430932eaeb838035362c62474448f6b96c8bcd7f62aad8e0fcbd10ad03b93bdd9221a507cd881fe4a209cdc628a0cb112f66d771972b05c4f60b1e09a3ed0783d365f5c61ca1348387183b10
+	reseed counter = 1
+AdditionalInput = 6bcf937bdfc2fe9ffc8c8f26fa143596fcec1647b5ed0a8132eed2cc1f62a99a
+** GENERATE (FIRST CALL):
+	V = d6981edcd710a7310d3557def406b49cfb07a4c326f0f03fa4096fe906bb5a99ad040c3a0e8619b8c57783a7046dad9a343c1c3472a014b9d00ffdc30c3838ab0f1d2a6b003fc89086604d31ebefa11ce7fac1d1e3bf71f11ee350afee77715757e659f0f5712a01c9cb744fdd8959
+	C = 94ba65f140e25656b81fe7eb35f9545ed6096a324ce94937f263407c1fed0304072f69430932eaeb838035362c62474448f6b96c8bcd7f62aad8e0fcbd10ad03b93bdd9221a507cd881fe4a209cdc628a0cb112f66d771972b05c4f60b1e09a3ed0783d365f5c61ca1348387183b10
+	reseed counter = 2
+AdditionalInput = 49b425582e89270751bc83818f95c7603a1f8baa7f150e7ba0779049ebb469ba
+ReturnedBits = a2f093a2b87041a90afb00ce7e7c42ba84c763f517c7775890ee5da68ffb93b734f06479a094f8a266174b13b348367e80c73959d3c213fe06a75c6ff47519c2898377dbd10bb4cb9b3cbd65e134e6e58f793f8701d27634eff1ec3b9e50027460533b8f2f8065b3ea313b2afd5301c814f2d0d0ad747e78d60f7c3115d76afe807d7f77108c127756771c6120322709ede9fb24c6326972b60447b10631bad73caeaaa25ee83fcf0e0505568721cc71dc02d641e2642b145197fc6009a369a6
+** GENERATE (SECOND CALL):
+	V = 6b5284ce17f2fd87c5553fca2a0008fbd1110ef573da3977966cb06526a85d9db433757d17b904a448f7b8dd30cff4de7d32d5a0fe6d941c7ae8debfc948e5fe8040b0978d65d7db07b80f3e53f50c9ccfd8d398d74e271c279141267f7b81ed8ab5d417125dda50b2d601663461e1
+	C = 94ba65f140e25656b81fe7eb35f9545ed6096a324ce94937f263407c1fed0304072f69430932eaeb838035362c62474448f6b96c8bcd7f62aad8e0fcbd10ad03b93bdd9221a507cd881fe4a209cdc628a0cb112f66d771972b05c4f60b1e09a3ed0783d365f5c61ca1348387183b10
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 5f53f31ca427fdd246649e0ae659df13f3216a00b080f9df5a2b6753bb323d9c
+Nonce = 92d7925fd87bda0c08668d51f8bd5a7d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 427bdd56c35d3408da98224e8db9995cb821d75f17377484d771ff5953878b0144845da2eef11c8cc1dd22ee902237a24ff7f6a8d342465529f6e41e9b08e50902b376654e7ce456ef81bea3d331dbe0d6d55c90de45c90dad49c20b7a23e36ff274100befe436127049d30c60fae4
+	C = 675bdc73ec08d48bcae7768c9064ac2cdb8a214c101ca1b93141779c5778f9b1fe758afaa8d13264dacc6f204641b1eac3c02797d48f0bf4c491efccda7051123861e5129cc942bcedea5812b40a838820fc218ec9afb93c675dda25ce52858ac53718ee25f3f86ce9acecc9ebf3ee
+	reseed counter = 1
+EntropyInputReseed = 190cae2a40f8fde9c852c1aea6d7b4e08d07a3a6d6cfe71628d02343f9ea0bc9
+AdditionalInputReseed = 835368636221d379c0c2e2e31849ded8c89f26c33a0f4f1bd04bc28963318c1c
+** RESEED:
+	V = ef33fcfd11d356bb12d2eac07527e9ddb8792071a4e98aa8ffc4703f2e288aa61f4262e4e8197ddb4b4b64d4fb44fbd5eeed8a132cc1919eb2a294a4882c27ad7919c7b3d0c52091943a834f8264a19692c0ff841b71b9d5ad5a63a883f842b72c64aa817a07f3b95b56f93b611cb6
+	C = c8f64632a93dd6a72b062797ca50ee753469f0b5acb707c1f039387cfbcff9eba8df729c6eabc09f9df107dc50fac1e1d9effdb3cdf61d0bea7f9127f49c36f8bbf60bc3f208e00265cd942351de4324cfb06134b2fc9e8c9e79a6aaf5e6b6f49250ae68141fb05dbc2fc05231093e
+	reseed counter = 1
+AdditionalInput = bce29e3741fe0e5bb3fa2cdf48afe8066cfa3eb70f158337cb9389e215e7d194
+** GENERATE (FIRST CALL):
+	V = b82a432fbb112d623dd912583f78d852ece3112751a0926aeffda8bc29f88491c821d58156c53e7ae93c6cb14c3fbdb7c8dd87c6fab7aeaa9d2225cc7cc86039bad35cc68842d548e89e0c60b5b39f0a5f4f29d2b8407a06f251e55d2e4407881273e70cc7c2b08c729509b61b2df4
+	C = c8f64632a93dd6a72b062797ca50ee753469f0b5acb707c1f039387cfbcff9eba8df729c6eabc09f9df107dc50fac1e1d9effdb3cdf61d0bea7f9127f49c36f8bbf60bc3f208e00265cd942351de4324cfb06134b2fc9e8c9e79a6aaf5e6b6f49250ae68141fb05dbc2fc05231093e
+	reseed counter = 2
+AdditionalInput = b25c5a9a4c6b773013ab01ea1d48fa3a33654380f9cab47701743fc2e99fd7ec
+ReturnedBits = 7b9fa3e3b2bafc82e0488d0a811094f628c50cbcb8561b09af8e0db9b50f92b8d494a7aa134a09d2037f3efe4dd459b77c75b9f5a0fa1707668dd172c6b39282482ae4816122055617d7ebe4de4767b3a2cf1c120867b9ffeb93ee44ba04ba19ee897b4834b52014abd7bf316141b3806a642e24971123a7d87b6cadf111b833007f6aebbf66f98649e9e9682182e3a501034c9024fc233aff49c3a761f250051239e2afa4c859d4ee658d5cdbed93c5118bd9f054209cba3f7c7218c45d1262
+** GENERATE (SECOND CALL):
+	V = 81208962644f040968df39f009c9c6c8214d01dcfe579a2ce036e13925c87e7d7101481dc570ff1a872d748d9d3a7f99a2cd857ac8adcbb687a1b6f471649825b863f7ef3c888bd19aae7de54c25771c07323bd0da1c71eaa0196f4dcbca4ad13fb29e345dc3f434c3c24afe2080c0
+	C = c8f64632a93dd6a72b062797ca50ee753469f0b5acb707c1f039387cfbcff9eba8df729c6eabc09f9df107dc50fac1e1d9effdb3cdf61d0bea7f9127f49c36f8bbf60bc3f208e00265cd942351de4324cfb06134b2fc9e8c9e79a6aaf5e6b6f49250ae68141fb05dbc2fc05231093e
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 946bd773976ed17356739a28cd17572117a521d3cf24f599759c8c88e36d11cc
+Nonce = 190077a05ff5e22cab229f6ade17fd56
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0d070e6e042c8043e22ce4892543f3cf7709b22c0df8c058dff4d5cfe41829c978c55a2d6181d6d138754d9afd24015ff027f55847cc76a7a550fc9e743d18b65ceb02fac8f9f783e0f4e1fe48de51094d21b0291d11360d35538b13216505066ce04a4ec814a01c90bddadcb3123b
+	C = 0a91d94f9c4d38c3f98b5d4211f9aaa3e205f8b416986f2b53ecba99c5c5c5437f7dee9834205c9c50d1d3efefebfbaa7fe8eeea086fe29b887f2b13e9df022a9b656038c7c3fb99e23924b1799ca99b336a0b89895c05cfbac873056f93fb6966f482a4bfb05f649be13521978d84
+	reseed counter = 1
+EntropyInputReseed = 34aff07b69351793e8aeca3f5a88fcaa417f546ff64380ddc74951758d484f8a
+AdditionalInputReseed = 694e176aeb0b81c953253e7ca2a4cc63bba0744949c5f1109270c39e904841b6
+** RESEED:
+	V = b8a765a301f219ac17275b7f2c9f3d0903472ae1bc7668320088ca6148496f02b8bbb759049fe604a8961cdaa1adf4b9d02b292db81c3065889b05ce956a7e6c3aecd194ab37125f733c3b7d5d763a508035434bbd10698c370204c7b75cb9829b80d13ef34d834d08feac59185d7c
+	C = 1244daa87791230a08bfca1a9f90e73fc957ada0f1957b10c987b59cb499f33347f09f39439e03210b7d7d96ed7aecc67690fc021561bcbb2f5512fcbd92a8c0603f4144bf38764d2c5620d09d6ca935bb4eb01a7035a41089e5db814bbf00958148b803a210104e9a5e9937cc6a38
+	reseed counter = 1
+AdditionalInput = 74780ab6fbc6be835325a81b424e49ef90864cfc003a8a921671affd07200358
+** GENERATE (FIRST CALL):
+	V = caec404b79833cb61fe72599cc302448cc9ed882ae0be342ca107ffdfce3623600ac5692483de925b4139a718f28e18046bc252fcd7ded20b7f018cb52fd281907c2c4b0f48c6920e2e9164caab54caaa748241d78b2c3e43d4dd8e36b41e22352e32691067774838e2995db0b9832
+	C = 1244daa87791230a08bfca1a9f90e73fc957ada0f1957b10c987b59cb499f33347f09f39439e03210b7d7d96ed7aecc67690fc021561bcbb2f5512fcbd92a8c0603f4144bf38764d2c5620d09d6ca935bb4eb01a7035a41089e5db814bbf00958148b803a210104e9a5e9937cc6a38
+	reseed counter = 2
+AdditionalInput = b247156a24e90bb198c39ecfff45f0f22cf8c99306e565163a79071a79c9b1b5
+ReturnedBits = 19ad50714a645bb3cf459178440c00ccaa0cacd95a750fd4685be554d9aa5b7908a1ec0c873159a5387340d3fdc164668490d8b21d32be42571be09624bd8c1fa78d5040a5aa4b73c4f2e992795a0226dec6ab45b9cf01a27b64ec142d8be90f8dcb7c54f83250f4bad973863339921bcaf5b3954b2676be46e56027fd815115b15181ab194def5059c151bb6c97a54e6452924f83dcdd12b5a366cfdab7301d0a710d7dd45644774407122817d191530e1c7d8431f6c47a26d46e5d6151195e
+** GENERATE (SECOND CALL):
+	V = dd311af3f1145fc028a6efb46bc10b8895f686239fa15e539398359ab17d5569489cf5cb8bdbec46bf9118087ca3ce46bd4d2131e2dfa9dbe7452bc8108fd2ab1c7ba4dd18bd57ef6f342e8644147f9acf84e1edf0f33fa923190340ad97dcce0c824c4a391127616e599ecd23bbb9
+	C = 1244daa87791230a08bfca1a9f90e73fc957ada0f1957b10c987b59cb499f33347f09f39439e03210b7d7d96ed7aecc67690fc021561bcbb2f5512fcbd92a8c0603f4144bf38764d2c5620d09d6ca935bb4eb01a7035a41089e5db814bbf00958148b803a210104e9a5e9937cc6a38
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = e9f184e6d81482d86ec4f5e8e1caeab14f69bc6b16baf993847a553a2b540163
+Nonce = ac227dd1fca1e8142789d532f03578db
+PersonalizationString = 
+** INSTANTIATE:
+	V = 592a9a4f0d13c3a4493ebb0e0b4cc3d297c43cdcaaaee3c397852174b5fa61c0c9495b0169c1ca9dda36ce708bb6c7b6de6110e69997b0fc5d395366508186091127f7d69f3d3566acd33a83450bddb9ba134cc4ee69a68c05c56add11251f36675d43af311d2f3ec7792389c64796
+	C = 52a3205be8833250293b3528d24c91247ecaa87e9d72a940f5a1d2f599111285af5818c0030ce29286a548330d3d6e68a79def20b659298d0927a32ae79a70c9fc5187e2e6c202f6436fb8a6a6a26d1016091a92615d49cf85a3a72eb189030647c7fa5465ba39db8b07e0b19ab358
+	reseed counter = 1
+EntropyInputReseed = 1308b5b133ec640058c9b8c248c8c2acce1c4a87cdcd8a857ad1442156fefa6f
+AdditionalInputReseed = edd026528dfbbee3b9f106386ddeeb023327c9516d7258ae5588c5a5e0ce96e1
+** RESEED:
+	V = 44ba495f109b8cdfaed8cecf3438cfa3ebc3b59d2a6f61f9599c70f6ec143949291907f8e9814a7a3536c7b05ac7608a53a8064a7d591e85692c3e960da8c76e06560088bf15a630710e6a39d8369d3de03f47366555b1f6696486f9299cf22497bc2c53502b97dc05f36cb6eaf5c7
+	C = 530218677c5a77d665609fa15a366002359b652d4243cdab1dc29dfb40d662cfd66746df76e6f652ab9d817ff242beb21df4e5050ced3a1708da9a4c1e697dda2a3b3fed77049da22755303164199ef4fe8c6208e7abaad9e7698d79231dc1ded7f7ed7a5a335f6832d6a5d480c90d
+	reseed counter = 1
+AdditionalInput = 8d29b246b3acd5ad430c92aa70a6ae0ea324279b31ccea847677c992f33330b7
+** GENERATE (FIRST CALL):
+	V = 97bc61c68cf604b614396e708e6f2fa6215f1aca6cb32fa4775f0ef22cea9c18ff804ed8606840cce0d449304d0a1f3c719ceb4f8a46589c7206d8e22c1245d7ad3f424a8ffc703f874c88028bce9f4eda72bb1cf68df74de8ad92d764d4ba221e8c84db4dfccb4be2e3de21c67da5
+	C = 530218677c5a77d665609fa15a366002359b652d4243cdab1dc29dfb40d662cfd66746df76e6f652ab9d817ff242beb21df4e5050ced3a1708da9a4c1e697dda2a3b3fed77049da22755303164199ef4fe8c6208e7abaad9e7698d79231dc1ded7f7ed7a5a335f6832d6a5d480c90d
+	reseed counter = 2
+AdditionalInput = b6eac0ecb5a7664fd079c8fe22ef71ec52bb8585bf083a2a036a06b11fc57749
+ReturnedBits = 9a8ad4ab474e9ad72cb5705fc0f5e2dd4bff8b2447b49bb5d021e97e851beb9f61180a1f892fe7515ec5636f393c712f49fd81981bc075e9186bad318a26eb8cde8f81d945aa21103d9467afe576edc1f4a7fc9b4fe36bd0bbf01623080f90e3e4a3b614d95a2e1f550acb05cddc1c29dd57d7a819f00d863c18528d1c14831ebbec13ca15c39401ad77d72290a1d3094ac86f3afeb30b955c0bd5b762952678f5c9d8ce69aa771681a313f76aaf09d3415a533760774caa4ab5ff5a635869f1
+** GENERATE (SECOND CALL):
+	V = eabe7a2e09507c8c799a0e11e8a58fa856fa7ff7aef6fd4f9521aced6dc0fee8d5e795b7d74f371f8c71cab03f4cddee8f91d054973392b37ae1732e4a7bc510bf7bb0e49ffa0d434d9895a21c15a72a4b7b538946e3eefc1cf0a6393abe6162de2612e56287a4997168186ba60a18
+	C = 530218677c5a77d665609fa15a366002359b652d4243cdab1dc29dfb40d662cfd66746df76e6f652ab9d817ff242beb21df4e5050ced3a1708da9a4c1e697dda2a3b3fed77049da22755303164199ef4fe8c6208e7abaad9e7698d79231dc1ded7f7ed7a5a335f6832d6a5d480c90d
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = cdced268dd6085bdbf4b5195c3eb13b68b10ae8e57de4ef81e73a304da71296f
+Nonce = c1dba690be9d365330f42616310e9dc7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4a007d64ed695fd4fc929893e59c59bdd16685595e3475c37bf9e5e42971816e3eccded051a8fdd09a6a392dfe3cf9bbbb917a09ea0249ad5c7af6dbb1490d574e4fdfe5c555e0ea78934fe9f3aed42911e75646cce466987ddbbea38551f2eaacb974b7db01f02d8b9a526632f8d1
+	C = e02df9d8a9a5d3236d2567c4b47178bf2ce77e709218174bb119e5f02dce4c78ee11891ed993699afd85acd28ab4296318be3f3b855fa3ed56a347b2f945625adc3c5189981fc2b4ad25552415446567a8ad36a64e80a8b5efce9a5a6cc43fce59bf949e77a47639b8959141734de3
+	reseed counter = 1
+EntropyInputReseed = dc43ecfe89bce3209754917dcbc0dee4ccda46339c93abfea06ad07439941c8c
+AdditionalInputReseed = 2584a60dfa835c3fb423fd2ce3988801651d9ff535d5acc6e37921d1da876880
+** RESEED:
+	V = f7b1665abd912e195286bce9543628eb7962ea0e951c3bbc0ce3642589c52a1f8d9a35d2d756fbb856f06f0224e25b298264530d2514e04a4b1ec28842298da57b06d6d35d0df322d3d71be58e74db8a85b12139ecde381315609c1de60c32de803849e56f875e1a00a0a74d732d91
+	C = b94256486a84131adff6369bb7971076c774d062ece0548cfd564b2c47fd4cc939759937507ba0eb1679ede693dd561961ec6d848dda150ae8c912d61165a2ef25cc0432c623c7b0cb4190f36265eeab5ce2eac306071ceb58aa0ab0caeb5b227bec714d28ff5747f2174c0b00e615
+	reseed counter = 1
+AdditionalInput = a3fd4f63361afa7498aaf606372d6b092d5bceccc2e92f6fb0e1dd8f8687e030
+** GENERATE (FIRST CALL):
+	V = b0f3bca328154134327cf3850bcd396240d7ba7181fc90490a39af51d1c276e8c70fcf0a27d29ca36d6a5ce8b8bfb142e450c091b2eef55533e7d55e538f311ffde0556eac169be5d75a0ce859d294d7763dd78533baddd7c7668dc31a47422952bd0451f7f550ce183c93c9836e3a
+	C = b94256486a84131adff6369bb7971076c774d062ece0548cfd564b2c47fd4cc939759937507ba0eb1679ede693dd561961ec6d848dda150ae8c912d61165a2ef25cc0432c623c7b0cb4190f36265eeab5ce2eac306071ceb58aa0ab0caeb5b227bec714d28ff5747f2174c0b00e615
+	reseed counter = 2
+AdditionalInput = b68e78a33f63859c160f83f1107dfb54db85f979e6923691f8c2881bcdcc1ca3
+ReturnedBits = 2fdc62a3b07b759407b2cda72bf44f3e646e5ab3559649a263b1fc2ddc8657688f6d906150f8178118768c1a27e169e23b1d2b9cb4ad3ffcddd2d2d53e4aaee12875c864347242616203d69786abd16984ef89c6b8e1d06e25b6d74e151284d1dc071054db88691fb573c1158b6ace5ff2a0ee5a2e45c197e9346b0f7db16c8f64ee76a145270216dc3b63d7ff7b163996efdb1bc3b137dcb1760874dd4111a00d2aff8e32f02eb27e87082bd97d8c3d2de018edb6fc03d7601a4c5f9a9f5f13
+** GENERATE (SECOND CALL):
+	V = 6a3612eb9299544f12732a20c36449d9084c8ad46edce4d6078ffa7e19bfc3b200856841784e3d8e83e44acf4c9d075c463d2e1640c90a601cb0e83464f4d46a318dcd3a353ef6253793bfb7ac257d8d128a2b7271e55f0831619725bfaea1f683ba1a0c6441074977de948f3c9672
+	C = b94256486a84131adff6369bb7971076c774d062ece0548cfd564b2c47fd4cc939759937507ba0eb1679ede693dd561961ec6d848dda150ae8c912d61165a2ef25cc0432c623c7b0cb4190f36265eeab5ce2eac306071ceb58aa0ab0caeb5b227bec714d28ff5747f2174c0b00e615
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7ee93bdd999cca295728a9bd3ceac69a5557465ee00ce12f92388d5509fc82d3
+Nonce = d18f579a8d6f4d38176724bd4580c7e7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0454a097d085337a5071ae1ee4a729d0990b7e9e293d2e623d9896006e5a468ee57af0ca351dfc59c964340aa0eddc517fbfa0fdc4220412e79aafcedc8a1bcdf6e8ab8c2c6c85922d4d999584edd27d01665960174aec6280b689b4549c6585192f75b801b1d9acb4c137137ad4f7
+	C = e23f3a242514a4409d383dd206377b0859d869f40daddcf998843b1b5179fb87d299776ae405d13322af3e21639403a7e8bdf1cc798d08c958868af694a45658062565716a4d8cdb0e4f1f8f9bb561b199f069eb5bfac6fff11564f6f38a7e519dfb421fa69260e1799898604cfb94
+	reseed counter = 1
+EntropyInputReseed = fa7ec9a57326d2235832c460e9933e422b44605201775e17e3697fe0b9ff7e73
+AdditionalInputReseed = f42bb78f8fa23c6c294b04c8e5bd94765e0fcac4a7441d8647ce5cb7cc8e3ab8
+** RESEED:
+	V = ac47c9fe6d7681aa18abfd43a651162c87ebad4a98d4b450fae2b9823fd875c1cfe6f1dc9adf2bd731b035f2fb3b1e01467455078edf8afc03e88237e5af8304a2dbb9e16cd85adb57d0862d9677752cada0482a4194b12f3a315edc121f3cd744a058af6338f99571b8a6bcdcf3b3
+	C = e86bcbe686579deabd86dfb140660a87b1898d673678ae442ed8f0692e3feab3f5b1716c37bdbb96751d637a8bdff8e9b7c1e49febd2ef3bd87c614ce11c0312cb4d49ac8cd2ba93773ac4fc400d2638f0a4373da5ca985bee6b631c117ad5d1b16539dcdbde2bb9755d90722bd0ac
+	reseed counter = 1
+AdditionalInput = a322ca6dd30e26315d4758c4900a3e9b89f01286ddc7c5e08fd1f989c4ad5d1f
+** GENERATE (FIRST CALL):
+	V = 94b395e4f3ce1f94d632dcf4e6b720b439753ab1cf4d629529bba9eb6e186075c5986348d29ce76da6cd996d871b16eafe3639a77ab27a37dc64e384c6cb86e91ecd5a5adfd70c2bfab145a3e847eb5c6b82146e17e85c121f6278ba6a0fde3dd7787f7c490348a0cef0c810cf6015
+	C = e86bcbe686579deabd86dfb140660a87b1898d673678ae442ed8f0692e3feab3f5b1716c37bdbb96751d637a8bdff8e9b7c1e49febd2ef3bd87c614ce11c0312cb4d49ac8cd2ba93773ac4fc400d2638f0a4373da5ca985bee6b631c117ad5d1b16539dcdbde2bb9755d90722bd0ac
+	reseed counter = 2
+AdditionalInput = d403a4657ad43492f609ce29497936459b94d5b39d7fbef9bb279a33bfb4318c
+ReturnedBits = 74ff8c2bfbe48172f41a8fed770ee74b47f5f868b454d229142780917031abde9c75aaeabfbbebf14851883ef47a775f2d1151a8916516c8c0c76e3dd13d6ecd7c67e7adb4100a11d1b364ca14f75547cb1f67f3e53dc2f8be2352124c8e8a70a2364a8250cf1c061a3fe10f4120ca2fd52e65349232c6e447086703f09e0b93e0b256651f7341cd7f3fe3e0a5cc16be748d08ad04a4e029dcfd1de0f174e18510b1dc91472890637af58392118db8c2372cae0589db511bb08b7ba94c86d8a1
+** GENERATE (SECOND CALL):
+	V = 7d1f61cb7a25bd7f93b9bca6271d2b3beafec81905c610d958949a549c584b29bb49d4b50a5aa3041beafce812fb0fd4b5f81e4766856973b4e144d1a7e78ac0709f568cc6485e238d3f774e7a73fafe5d5a462e5a8cb5a3b24ddaeded9034aa2559f640aba68ee279f4682db6e06a
+	C = e86bcbe686579deabd86dfb140660a87b1898d673678ae442ed8f0692e3feab3f5b1716c37bdbb96751d637a8bdff8e9b7c1e49febd2ef3bd87c614ce11c0312cb4d49ac8cd2ba93773ac4fc400d2638f0a4373da5ca985bee6b631c117ad5d1b16539dcdbde2bb9755d90722bd0ac
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = edd786bef88030f499bce447c7af2ee35d2283a56ac2c35791722a38e8af1d13
+Nonce = 536068adcca46d6ba48dd27893745184
+PersonalizationString = 
+** INSTANTIATE:
+	V = 33d2441f7119942705d95db552304ed66315033a0c44b69f10bc0afb93006fa1ed5cd073d4c14a66960935f0565ee26295e5851a7cfa6e3676dbd10a31b5265bcd719edc09218d65b1eee22cfa548b508c72924d213172986b4103cbc026add2b9b30265b7affb6174923065e64813
+	C = 42e5a4d0e717cb273b21e0db33dd8bb27dce064bb0755a5dda7d49a7fa63a229fb328190a5ff6bd45e0d2d6dd712d1bcd02bfa5084d0fdbfbae9071124ac682344d40f96257ae16f185faebb2b1c6ff3bef38610ffcf485783e268e93f59055acfe1c304654b52e8141ef788eaae18
+	reseed counter = 1
+EntropyInputReseed = 8dfd6a15d09a6d344785a059d8e66b4eacf2cf4db1a9f74dc29d5e50f130c66e
+AdditionalInputReseed = d3471678ef008dc5c623888d5572378851aaecd16b4f6eed31724ad96f876999
+** RESEED:
+	V = db8cc8cc0e5207001d6b045d6322f9c609f9bed5d8dad9f18a6714832f1041f7c17bdf81b8496b9a03c496104fd7d2270eb292030fb399ae1391049e803846714851210ca6a7cafe7ac75ed1edd244d83de6e235c85abce8647adbb93f1157792a35b026bb7c565a19ae04372accfb
+	C = 54baa698cab1c803c55b92afa2cc3166c59dc43599bab44a43955cab3e843ed3813e5dfbdf8eef66cf07dcc085504d0ba39715400100b43be09dcf07cb7b7f75fdcfa935a0b1f7f08d5d13baa853792aab94ab298f5375462ab16383476a5db563854e88b67149231656bc29fd21fb
+	reseed counter = 1
+AdditionalInput = 422d4b0c4cc732988d579ae784f99e137fe2a326d207442efefbaa0079149d2a
+** GENERATE (FIRST CALL):
+	V = 30476f64d903cf03e2c6970d05ef2b2ccf97830b72958e3bcdfc712e6d9480cb42ba3d7d97d85b00d2cc72d0d5281f32b249a74310b44de9f42ed3a64bb3c6a8df12b6095d69909ac9489610c33d2e265e20949862f8c16bcfd167449182ecaba3085e7ca6569a169503171c13264a
+	C = 54baa698cab1c803c55b92afa2cc3166c59dc43599bab44a43955cab3e843ed3813e5dfbdf8eef66cf07dcc085504d0ba39715400100b43be09dcf07cb7b7f75fdcfa935a0b1f7f08d5d13baa853792aab94ab298f5375462ab16383476a5db563854e88b67149231656bc29fd21fb
+	reseed counter = 2
+AdditionalInput = a9e42d5245760530a0e4421c926416249317a24d84edf5d43ca2f510994e6a2c
+ReturnedBits = 09fa4b151db58b14e31e5702a4cb72a7ba9c09467e0044a099bcc1257d894ce9ab82b84618d87f2c93e2aec4b46a746d53b7b6a9d2d05abab5b1d1fe333cb615f5162fc635e4af981f455bc06b8d13ac506ae1500f2da52f5b082666e153f66c49917a2c966ccc34401d1da5bb5de04a5b823e5b69f1b3ee0d7c4378bf580e7f819f916a9582552fdf342ff9d6b90376b07eb3d9a5c69c72f4e8584c6ce1974314609498ab4e76e9e93074c2a487af31e3afbdc56006b6fd1a8fd0330adbf052
+** GENERATE (SECOND CALL):
+	V = 850215fda3b59707a82229bca8bb5c93953547410c5042861191cdd9ac18bf9ec3f89b7977674a67a1d44f915a786c3e55e0bc8311b50225d4cca2ae172f473a56c0b12f40aa60b93cb2c352d06532fedf7bce53d3560786b1283b6c9924ca91a00e76120ab98e0dffee0f660210cb
+	C = 54baa698cab1c803c55b92afa2cc3166c59dc43599bab44a43955cab3e843ed3813e5dfbdf8eef66cf07dcc085504d0ba39715400100b43be09dcf07cb7b7f75fdcfa935a0b1f7f08d5d13baa853792aab94ab298f5375462ab16383476a5db563854e88b67149231656bc29fd21fb
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = a31df22f11c86265f8b28d0dda72ca53f8e147334ee60fc1c434e5f549870881
+Nonce = 335a7ebd35e56e240dc9d661b1365435
+PersonalizationString = 
+** INSTANTIATE:
+	V = 26f7adc1e2cab251693f78ab881e35c0cd348ad4c68d51a9d78a013e2bef71be36ca195aeb09711c63b0e6cdb0bd123d1a33faa663ba21a4bf20560bee8da053580339a5cd762775ca8d51d6cc8c1c61658dd20cea0ea2cf63372758e0c56f2602743214de3cb6df24797333589c44
+	C = d11c4e2a8b1139f1c0c8337beb7220235ac6b0029ef43db75d33308078b95aba7144b2e40b5967e60086115a86ef1cfcf1890620f49d006cefc35d24e6b32a099c0347182c6d902cd18a8905126a4c58310cbcc97a58a99f2792e0e833bfde7ddec2882d6e70c0aabea9eb7ceb576f
+	reseed counter = 1
+EntropyInputReseed = 7f3451b9bba6a82797e5089419173bf34cd1c6946fddc7b63ce6c747f5988992
+AdditionalInputReseed = 3fd08f0c2259b6378bb0454af40d095fd25911e25be571f64e3c8517c7dc452d
+** RESEED:
+	V = 3561dd6780bf35328a7ed70368a19738c31def09336fc0a45d6915e464afa60f51f8357c49a1d28599e4d5f06f9f464287d07dee240fb7ac2e9f770bf1964f0fbd4f2ad4eb9bde7dcea741264f34c5018b1f552c253a5f28f406de790c40820c82a4d55f73935db6563cc4e77f66d2
+	C = 3a25b1aae4097ff02a993013f57fed274d0a5ab989d86e02e53c8396ab58460dae359958cd2b46ce26e84e2cb398e24d365c27eec2cc891a3b4aae60fe627c67a67e91ea712b27f728db4e9fa3034f068c5673a42dca9c82210b929796c3d954af6c64d8e12e780ca900726e324e34
+	reseed counter = 1
+AdditionalInput = 985fa1d3eab4892c8c1cf29f4a4ab308e13b05cc4db553614f136b3bf5dfbdc2
+** GENERATE (FIRST CALL):
+	V = 6f878f1264c8b522b51807175e218460102849c2bd482ea742a5997b1007ec1d002dced516cd1953c0cd241d2338288fbe2ca5dce6dc40c669ea256ceff8cc6cffe7c5402cc5beeb65b5586e56bf38f6d0959c2a0330ee193cf947d10d41475ed82793aa18c901977ed9b280154eec
+	C = 3a25b1aae4097ff02a993013f57fed274d0a5ab989d86e02e53c8396ab58460dae359958cd2b46ce26e84e2cb398e24d365c27eec2cc891a3b4aae60fe627c67a67e91ea712b27f728db4e9fa3034f068c5673a42dca9c82210b929796c3d954af6c64d8e12e780ca900726e324e34
+	reseed counter = 2
+AdditionalInput = 18d89ceea9819e69e34c8c89e6edfc7e02f0d3708633b1454a5c0ecb11119346
+ReturnedBits = 5259f46fb5d3230548ceb3f770eca0dd16989ac8b41144cce9ab14cc9e86b986c52d46029fba21cf08b6c73edca8adcd7f67a567cae604a0a90c95f98c23579873343e73874f7d8d6d1df246d46f356316186435e042d2fe40582e16591f9f2e4c138af329371bddb294b2ae417cbcf8daff99a9eed9dd0d762e9a42cd3345eff8d86a21d4f3f49cc42036fb28b5801a4db4bb11ce9dd890386210ce62112d5b634354bd0527bd06bba9fc9867299b707c9bf158cc6f3a560c517e094c41ea91
+** GENERATE (SECOND CALL):
+	V = a9ad40bd48d23512dfb1372b53a171875d32a47c47209caa27e21d11bb60322aae63682de3f86021e7b57249d6d10adcf488cdcba9a8c9e0a534d3cdee5b4a0908cde7117c337b3296da30ffb498e21fab2d3023a5cabd36b15890134c7f0c5caa4024df0673ed159b53fc4543c990
+	C = 3a25b1aae4097ff02a993013f57fed274d0a5ab989d86e02e53c8396ab58460dae359958cd2b46ce26e84e2cb398e24d365c27eec2cc891a3b4aae60fe627c67a67e91ea712b27f728db4e9fa3034f068c5673a42dca9c82210b929796c3d954af6c64d8e12e780ca900726e324e34
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 6b764627d26f1df6a7d57279723539d88a3252d885e4ae07fc4a4b971b062cee
+Nonce = f10f714e59165356cad77b44db300466
+PersonalizationString = 
+** INSTANTIATE:
+	V = bca710c47cc2fa64dd8ca617b7a337db040603c74a896423d29cfddb14fd1abcbb918a8fed959deffb32c7263303b5845673d346c05eba6165c9a2eec62c5671d08cd89bd05a7e0fbd91e4f0404ed8f7f556817b7765e430e4855ecf7d8304d0d1575122d222106b31bae2ed304259
+	C = 80e9fc9c97d2900b2ec07455fbe11214f264f64f46dcff7a17c55385cb343430c1789bee5763fe7e41e23ee8e6429f7216f03b8446265bddbd2f47dd40d1e49a3661df01195e9ae8d4d2517fb4042469fb3cc59412b8fd2ab84856a6e82a1b383ede2ed79029c8c490090817be16ed
+	reseed counter = 1
+EntropyInputReseed = 3c0a2c25969023716f977416d553910d6b6516e0cc4ab87d503c4dfb06b27c7a
+AdditionalInputReseed = 994de5cc4d541eebea202367588521b364dca95b9a9cb44cde0404c898c77980
+** RESEED:
+	V = 386e46a6ff8e86516322d9e36f154e140fb745341135a6791d31fb4872a3cf82b874c41c8b95ca05657025f37c477dbaa1f5e58ee9d792fa2a92bfcca1250c22c58c279d63160e8174529ed83d9516f9528dfe0aa7d7b5f3513a4d70c9ea08d9a111262350b4b8b1bef38f361d0c29
+	C = 4fc0ee37778dbfe30d44ba19971b86005be75f95b765329994d5f9ad2653927c7f3ec6ae95eef6e47b714c1854c040612ce9407e08d318aea8ca9c72948c44621e3cf704e386da9b5ceb8510e96f8887d596a1f686cb3228221c0fb3f2d67cd5e6f707a29331c879cbca0f8db835c7
+	reseed counter = 1
+AdditionalInput = 03850735b6305f0327a5063fa5f4ce6d513643102861ad1896be447bfaa9beb5
+** GENERATE (FIRST CALL):
+	V = 882f34de771c4634706793fd0630d4146b9ea4c9c89ad912b207f4f598f761ff37b38acb2184c0e9e0e1720bd107be1bcedf260cf2aaaba8d35d5c3f35b1524aec817e9671ac663358601c7a9ea8116e4b30b1a40366189209c18a26cf8cfa22d0fdbb1f48a808ede49e8551c93865
+	C = 4fc0ee37778dbfe30d44ba19971b86005be75f95b765329994d5f9ad2653927c7f3ec6ae95eef6e47b714c1854c040612ce9407e08d318aea8ca9c72948c44621e3cf704e386da9b5ceb8510e96f8887d596a1f686cb3228221c0fb3f2d67cd5e6f707a29331c879cbca0f8db835c7
+	reseed counter = 2
+AdditionalInput = 717b9eb7700c1e44902800e1c939a02bca6cde460c6e6344dc86a1735b123722
+ReturnedBits = c17e5254062c9fbe9400f6fcbf16193d0dae6c68c64eea64e88c95e480fcbeb1c747fca75da2f8c5bfafae5d1f0958e9d320cadb21dec5b3b6f9d3d6990e4a6333ff7416082aa4c782440ffed6124ac0f99c648db9c868a0925f475b0a285d67cb25c5638779eab11e4c526f732d3c3b8ff2de64d89099168a5801562ec34b851932398887f8e3f0ab2f4af4c07f785d82a1ed18355b247857593f446c0fbfed76e03d0dd93c7ad66a267d0f1513cb7694fc6e96d3211067ab2786d9da8f3e5f
+** GENERATE (SECOND CALL):
+	V = d7f02315eeaa06177dac4e169d4c5a14c786045f80000bac46ddeea2bf4af47bb6f25179b773b7ce5c52be2425c7fe7cfbc8668afb7dc4577c27f8b1ca3d9804936e0ad255a63f2df420ac01e84af5686a2bcb129041c2c4ab51f8d5615f06b377abd624426491835908914d7c1623
+	C = 4fc0ee37778dbfe30d44ba19971b86005be75f95b765329994d5f9ad2653927c7f3ec6ae95eef6e47b714c1854c040612ce9407e08d318aea8ca9c72948c44621e3cf704e386da9b5ceb8510e96f8887d596a1f686cb3228221c0fb3f2d67cd5e6f707a29331c879cbca0f8db835c7
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = e4c601fa7a83dd02c7801b3d6a2704645e78c490d240d63438f92c65d347231c
+Nonce = 2affb40cc1c1f6d56800415190d7d2a1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 66b5e31112586d583f7cb26a5412dceaf2abdfd4caf6e00a53594cab904ab7c5aa47d4adc126db51c12c7ef28a0e7d708adf70b35f6d98048407e974d1efd57f8b03157f97fc35bb6d29d0a612ca581a9bde7bdd69a84c84fc88cdddfd7f0d95ff0b741696f5aa8a9250c00c0957ff
+	C = 1dad6555bb9d2d4b7a6ca170a3adef6a82c9360d298158f9df99b41d06a4927600ba461040daa5f0d5243ecc0959b20c3b69e324e26c334c60d24fec250c318f33cafa694411b17021a02095fdff8f6de8577f1b17a77411192e9317da4ac068af9646b52a2844af898e7f8eb58e71
+	reseed counter = 1
+EntropyInputReseed = 6cb913dc307665e81c52e8388351fae60155061b6a4c4e30a6f0db208225bc71
+AdditionalInputReseed = 6efe17745392a4f0de3e0c334f2c69f6997b4427f749ce6f76d27634d5e09e90
+** RESEED:
+	V = 1d87db3aa7660c0de714c578ae4ec200bb386c5739a0c3d4bd94d8bed8bef1e19f68723dfc28f899e3f5e7cf85e551629bbba86f6d59d6e9cf2f9f01cc4c8b878518d74fe366c490037eac520bab3c58c0395b150281713acf4e01b9f40e559b686cf6060710b8a62a77e32489fe13
+	C = 6001ad691a9383104f391e07379c24ea3bea17f120e832caa0b2fb062f4a2398c8b896a4ec0dd3b75fbab03ef57c1319525b3c2795be7f2d29b95d0213a7be49ee4927ff2526eb3cadf81b296bd98f26f135143ee5cce4f2a63c0c46c32a4bdfbcfec0765f135f6dce27408a390bcb
+	reseed counter = 1
+AdditionalInput = 2c8027879c1ffe64c1eb21bac28abdd76f5c75a65ccb828c927a4dbf4091aaf8
+** GENERATE (FIRST CALL):
+	V = 7d8988a3c1f98f1e364de37fe5eae6eaf72284485a88f69f5e47d3c50809157a682108e2e836cc5143b0980e7b61647bee16e49703185616f8e8fc03dff44aa11455117ebcf7df9af88fcfbf3d9465c520c6f060edb30497a1c0cd010397b3be2cd852bf4c25cfe7be462dff2ee6d9
+	C = 6001ad691a9383104f391e07379c24ea3bea17f120e832caa0b2fb062f4a2398c8b896a4ec0dd3b75fbab03ef57c1319525b3c2795be7f2d29b95d0213a7be49ee4927ff2526eb3cadf81b296bd98f26f135143ee5cce4f2a63c0c46c32a4bdfbcfec0765f135f6dce27408a390bcb
+	reseed counter = 2
+AdditionalInput = 592fb2623c2c60c099d2e116e728b4c9d6d8ccbd5be302902ef2daeb2b221949
+ReturnedBits = 638290d238e040ef6fe4f521284833b8c7ae51920bc60ff533d8ebf81cb881c9507987699e5a35117b21695f8c89c5ed6d9971b1ac9598ca630799aee58a76ab3d1f677f59662ce58c59cc4a7e9478b0eefa636b73e0ca28453a6ef16734402512b2f1a212ce7439336392cab328aeae5dfd420f991db4f10e83e6d5055075e7d6ef03bb1324875ae7c590f277f7c36fd7a5329c721c10ec28b1b0cf38276a314f864460f5c6a34ed0b324b0246082fed9b69912c4fadcdb2eb8002333a4092b
+** GENERATE (SECOND CALL):
+	V = dd8b360cdc8d122e858701871d870bd5330c9c397b712969fefacecb3753391330d99f87d444a008a36b484d70dd7795407220be98d6d54422a25905f39c0a695717e983510574f27d29b6ca3f12af6918498d02b2970a48dbf92ac0b159b11dfd185e2d96aef5d37d1ceeebea042b
+	C = 6001ad691a9383104f391e07379c24ea3bea17f120e832caa0b2fb062f4a2398c8b896a4ec0dd3b75fbab03ef57c1319525b3c2795be7f2d29b95d0213a7be49ee4927ff2526eb3cadf81b296bd98f26f135143ee5cce4f2a63c0c46c32a4bdfbcfec0765f135f6dce27408a390bcb
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = ccf9793ad5e4dd22c8e28a85eaca4be26e4effd15b6936399c6b5d865d999a21
+Nonce = 8bc1f7a7094ea4e364684ea9cfc214a5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 308286b772e401ed876c23370d4ae90f8a4d45219b88d64639acb07e4cbc13da1254acdc5ed8eb22602f534be17c1086beabca912bf58befdb02a0f0fce60168e934fd28b50da5d3753c141f32cf7ed885e0f81e961bdbc8c12364541e5a52d9f03551ff36165ef520c6577ce78148
+	C = 19848113c8f2b64f18291553406e85d1484954eae1b68bd0bd1318f8b315c43993b367f3b68d018bbd154c26b86f8cdd1357a8f72ced7feeab5202ad03053cb0f815da4962692159553d9bf5d696949234b4e02f40f72cde07e47f2ed03865607fea101863d9899d5ddffb9707b0bc
+	reseed counter = 1
+EntropyInputReseed = b0ee47ff9de873db4896e6f068cfbb98d24928e3e306633423ca136e27736bf7
+AdditionalInputReseed = eacb7801790790e44a559b3c9c9547a8c42c321c24c817fac369c5a571fba6a7
+** RESEED:
+	V = b0cecf6b37b3d315386782ec57fd50652155d8c2ee8c04bda1c7bb601da76c776f4a3cc1ab5e4e6fac1bccd571d1321ab9027a9661783456a4bc1ba74cdf29c5fa764ca4a50fb5462f33307bc01335af9d4877793db718d188622e13cfa96a7b3379547fe4cf5cfb287e22ee710ba8
+	C = 0c37348c9ffd1b384d77340a9f91bb70ebae9b1a869b3ed461936779116990f16438efbb8278051d24b5afb39bfd673a73d3a3f4e71a9391a78c4878d24770c8363f858c4caf94daf194540ba0ec5d11473d533610bd16ce37ee667d187d89300326e22b74310b71ed461051b76b21
+	reseed counter = 1
+AdditionalInput = 9887f77e706d365a66d4faaad800141556408463f96764846c77772e0fd290ea
+** GENERATE (FIRST CALL):
+	V = bd0603f7d7b0ee4d85deb6f6f78f0bd60d0473dd75274392035b22d92f10fd68d3832c7d2dd6538cd0d17c890dce99552cd61e8b4892c7e84c4864201f269b9d8e08613edbfb6704eb3e1a0e939eb6f0d0a8a8fd289f77ab2defe99f53602d27ffb148ca5b5fa7f0ffe05da3297c19
+	C = 0c37348c9ffd1b384d77340a9f91bb70ebae9b1a869b3ed461936779116990f16438efbb8278051d24b5afb39bfd673a73d3a3f4e71a9391a78c4878d24770c8363f858c4caf94daf194540ba0ec5d11473d533610bd16ce37ee667d187d89300326e22b74310b71ed461051b76b21
+	reseed counter = 2
+AdditionalInput = 86280790f8abd8e9d09629a63c2bbd89672cacdf67a611c6775235f6c84ec881
+ReturnedBits = ac301031657c3861c93d828e03bbe6bf57a81df347b40a1997e230df9eca0538a8c8fc6a0486a727a5be05263338107ac63595476cda77b1caf14a0cdb2b6b266a1981c4dcaa4a1a8a991e56b3cd6a5e76472c45db0590b8d8c496c7ae7f728636580fd35913df27ae95ec6da988f8a32ca4109d0f801842ccf963e352a946e1fb0fcb58ab75c4fba686894364f4a335a68be2d8fa110f05a2b422c57c1675361cb3960edc94017033c23add521be605021f3c164f0c4e4fdeb22021f5e737a5
+** GENERATE (SECOND CALL):
+	V = c93d388477ae0985d355eb019720c746f8b30ef7fbc2826664ee8a52407a8e5a37bc1c38b04e58a9f5872c3ca9cc008fa0a9c2802fad5b79f3d4ac98f16e0d6fa01ec2d83d38cd6edde5ebfe384590fc40cb77b767fb1e457b0ab5880afcfb659c9b428d23075b224d53fd3914b003
+	C = 0c37348c9ffd1b384d77340a9f91bb70ebae9b1a869b3ed461936779116990f16438efbb8278051d24b5afb39bfd673a73d3a3f4e71a9391a78c4878d24770c8363f858c4caf94daf194540ba0ec5d11473d533610bd16ce37ee667d187d89300326e22b74310b71ed461051b76b21
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 4587fc39e428653551e23f305a51f8851a559a1814ae163f3615f8ef8c50aa0e
+Nonce = bc1a8dc17bf1316a947f4ca3d7d3420a
+PersonalizationString = 
+** INSTANTIATE:
+	V = dcc5dc0ba7fab02c0b441cfddf896cb3d4c6d0f2ef62cf1aa9f21effd3e885f9bb3b3e72dc93f725983b0a96dfe0c9611e43808f36e61dda1f63bd70692fa6f411f0c2c7e3082dfdeeadcdefac27977acd9553f4698815a76601355fdd41a6fe084fc98517116f84d89522b31c4787
+	C = eb5451b135b13fa3eaaced5d434b0c1cfda1bc3d8ed1c7f33d06612de8c54da30236906c63e0c7d4192865c1e8484523a80fc86c5865ea93d21e8cca98fd14fd9305aa913e9172ad46eb358de75bbe04e6ddde495d969a04f35d6488a8d719cc9cab0ee14eddfab8053a5da33b0530
+	reseed counter = 1
+EntropyInputReseed = 77a6f8db86e2fff7dd39a6c7dd30ab5322cec5838eb7138246439dd0b028acee
+AdditionalInputReseed = 0ee2050c86e0a21e42c37231e387b1dc06113ef78d97449474e7bcb39648676c
+** RESEED:
+	V = 87a59251bbfecd1def515ca3cdbcc1e724a3ec87551655ec52760146045e5b9f80da68c8c20e443e28dda3ca76f788394c865a2664649203bc8002e9cee393b74be4437b058e4fb27416af2fd4b254e357cf2264f6c6cd91fe688c28cccb7330e71ec995d59454e52c8a44792df448
+	C = 13857f160010aa0704f2dd0505f336b519b5409bc0be420937205af748811ca5ff0bc1b26bc521dac49636d17cb16ff11be882f22b176b44a61256328f373cf25214c79a2ca46abc328ce33b6179859a0eed04657fa4937967abb669da860bdbe11079a6f1f489f5ee2bb4b4ec44fc
+	reseed counter = 1
+AdditionalInput = 60acec79d7ac46a5d26434ef437d2cd1f97c737d61661f8eba3cb8d7bd824b2e
+** GENERATE (FIRST CALL):
+	V = 9b2b1167bc0f7724f44439a8d3aff89c3e592d2315d497f589965c3d4cdf78457fe62a7b2dd36618ed73da9bf3a8f82a686edd188f7bfd486292591c5e1ad1ac9b14ee1262ae73795e736bb762d74123a584e078a1f8395ce87c7d9dae4b1852e7daaf72bb1db876be7e51f0b1f81c
+	C = 13857f160010aa0704f2dd0505f336b519b5409bc0be420937205af748811ca5ff0bc1b26bc521dac49636d17cb16ff11be882f22b176b44a61256328f373cf25214c79a2ca46abc328ce33b6179859a0eed04657fa4937967abb669da860bdbe11079a6f1f489f5ee2bb4b4ec44fc
+	reseed counter = 2
+AdditionalInput = dbc04ebca39033ca34806f885ca5620421e9f545087553d3cf442dce74c7feba
+ReturnedBits = 63493bbfb1d705fd0937b2dbd93408622ea2acdbec219bdeca12945270094e0398fc786a3605e297b411096855f42df136bb47f3304bff2cc4c94fa8b478bb8389fdb9c1a5f032306db823d7a916701458eea198e52c05166dc29d6a0ad948cb0056dddffd1b56a5065a408c2096de0ce99864bc16347e7505fd4d0412cefeb9ff658795439eccc09e032017fcd6dada33e3af334c77a64834cebcc7bdb817709fd519b69f29170ee46540c1dad9be2dcd6a66d22e3c0d61f0e29ba60e2a2bed
+** GENERATE (SECOND CALL):
+	V = aeb0907dbc20212bf93716add9a32f51580e6dbed692d9fec0b6b734956094eb7ef1ec2d999887f3b20a116d705a681b8457600aba93688d08a4af4eed520f18be8f2975d6502effcab53686728c7b1c021fd33f19d70e6826dad45af18afb3574512a5f83335a1f78fa5a278e3c37
+	C = 13857f160010aa0704f2dd0505f336b519b5409bc0be420937205af748811ca5ff0bc1b26bc521dac49636d17cb16ff11be882f22b176b44a61256328f373cf25214c79a2ca46abc328ce33b6179859a0eed04657fa4937967abb669da860bdbe11079a6f1f489f5ee2bb4b4ec44fc
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = b3cebfd06129097c4851f6d5b22f778db245f3bbd70bc21979da9db78ae6d7bc
+Nonce = 0c0117b41a71cd4f457a2ced32798299
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0accb21a4747f7f0b2ba0f61d385635b52a0b7fc9337571e0e7f6c6fb8ae2b0942dadc1c5cf8c71f3297faaa3fa908bf70674b02b7ece8af6d953457b383a40689d9915a8b7871abd5c84905ed2b21afa82b11194c78031d8ad605653e258b4679520ffb8826ceed0ec8fda2168dc6
+	C = d28f0c8c299588b6c889035521710f4e72d8736e40f684689deda0cf7164a5c6fc5c7e91a3ffe9fd24e2dcde735ad82c7db5e69469a06d1ab74ebcd6a8020273b6fecfd840f9f82f07c6fbccc7027f5fd22c04ae9a54fae79c22aa7d761168e9dd30cf2511b89488f1e70f7948518a
+	reseed counter = 1
+EntropyInputReseed = d97dbc8818c095db334ecf2ab5b9230705706720aad17eedf37a6cd8052bed98
+AdditionalInputReseed = c14941d2a4cff91f13c1ba0235e7bcc157c71efd3a3cfa606b66f76d860de3a6
+** RESEED:
+	V = 3eee23e20a5d93014179a382ccf5979992b106eb04a32d738aa856ff7fbb9068375318e1cdb219e30fba353ec49813a2b548a22743816ff34ba63b02f8426e0bccbe9722ef18f2e00ea938d1f2b688139fc7b01834fcf2f98ae5476f7ae1ec7cd047ce161f72d4ec9b90476a47e50f
+	C = 44e1f4235372042b4cc04625b4cd3edf71f0d1bf4f5ad8f4e2b020ab21c543665eeb119c447cc73742258cf665e8c0e5412d23b23931fa83354d81feae641789944be6452ffdbfac01cb8eeca313e0818d5a9222a512b326c55ab3309a61dcfc5932f423994ed3fe83c77d2caa7432
+	reseed counter = 1
+AdditionalInput = 8a7570b03ba6d08110fbda5ecc1465987a76622d2fe08b778a14d89b7401e52f
+** GENERATE (FIRST CALL):
+	V = 83d018055dcf972c8e39e9a881c2d67904a1d8aa53fe06686d5877aaa180d3ce963e2a7e122ee11a51dfc2352a80d487f675c5d97cb36a7680f3bd01a6a6864a619bcd5abf91d3b6faab276c2bf6a44d085c6087359bfa8f4497ddcdc46bb3081d2f53111b6cb2963458c0fe420dde
+	C = 44e1f4235372042b4cc04625b4cd3edf71f0d1bf4f5ad8f4e2b020ab21c543665eeb119c447cc73742258cf665e8c0e5412d23b23931fa83354d81feae641789944be6452ffdbfac01cb8eeca313e0818d5a9222a512b326c55ab3309a61dcfc5932f423994ed3fe83c77d2caa7432
+	reseed counter = 2
+AdditionalInput = 37fe7fce6578749c0e357650ae51848c5f73aa079db4441e2a680a0cf4acccd9
+ReturnedBits = 9a2aa2133b0d004d31fff4fc439e41aa0f68ab82933c2d6cacd2e5f7bf4b22529c1f15b99a44d5e5dc116080d4a822e677a4ea5a473cd3b86f7736286819a70a4829bd71b1e15507919012c8a3d211798fb1988ecddfd8348bcc59bddca0702ee8b6a876de6aeca0e67aca130f70bb13d30b6771fffaad0631c0bbdfc36a6a2ea738f7da677306fe1b382f7fed28dacffbf88172f53f8ebf1b5bb2cd0daf03cd2822e2e5598ce184002afcdd0d3eadfa06e956d928faa199b559ccde40353ddf
+** GENERATE (SECOND CALL):
+	V = c8b20c28b1419b57dafa2fce369015587692aa69a358df5d50089855c3461734f5293c1a56aba85194054f2b9069956d37a2e98bb5e564f9b6413f00550a9e844ef4f2be6410771da63a2304fa527de0504acb0991fdc9b9faa61fda94a0e584813607aba791e7e1eaf25369bc67a0
+	C = 44e1f4235372042b4cc04625b4cd3edf71f0d1bf4f5ad8f4e2b020ab21c543665eeb119c447cc73742258cf665e8c0e5412d23b23931fa83354d81feae641789944be6452ffdbfac01cb8eeca313e0818d5a9222a512b326c55ab3309a61dcfc5932f423994ed3fe83c77d2caa7432
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = a6620276c74e4ede4b377d81bc7a2d423c5b42d104b1b8b1ac107d255bf8c0b1
+Nonce = 1b8ae0243e7a773b6feda61fc7331b2e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 40e7050e2dad36888c4e4378037d084ac060a022817718cefefe32a9a1d48719c9ac51658675dd51c5818f95f7388eee624f5a2c74ab1501601dda19ce8183acf4f1606e0bd65712cf961e99452f5029913245c5e05785e5536ca8f3999d7387d90ffe6918079ebabd21c07d4c3e3d
+	C = 69fad3de362f1c24c1d737edcc1bef7bb0ca112eafaa2f86ffd90307aee8d9eadec503d09b35e76b7d3acaf1f06aad05b79092e0bc3fc86cd29dc50feb8ff49903f1279fdea19ea3f35779ef06acb2735f325e6b72039647486e91d9f2c165263a49ec0650400a0c6e5a21e2523d2e
+	reseed counter = 1
+EntropyInputReseed = c26cd1629a849b9d1363c5b3c74ffbfd1df4fa3aea9e145ca3ef80fd11cdc549
+AdditionalInputReseed = 89d02af20d8fbbf312c27bf77baa31e03a41046275a6b6e7b161580df67021db
+** RESEED:
+	V = 6b00571e63dc34fdf015ab04e4db685b990ff689c8e0d8d76d3e9dae093154d372d4c4d28ea41a3deec903610768c12673a1c12ab0e5630b2a2df066d449f83be3a2fe81842337ef382ac602682a2ae3c5f2f9cf8883eed17dddfbbab950209bea4da5ffa894ac68d267442bbe099d
+	C = 803603c714df00e36b6ab38fdc7c80722656bee1fa317961424db46210b28defa6d0cdecabf53ce467cf47c0b648eb3739e09801d4ab9153196c205547d61ecc046aacd6e90c69a0889c07d43d82c2a330a98ef60c1744ba80ffa573c2bcec6d0d19f36a49328beabb825274482d55
+	reseed counter = 1
+AdditionalInput = e9e8f4152883fb1678a94b4764954375ffc34fb8d5a8bf856315ac6d8f09690f
+** GENERATE (FIRST CALL):
+	V = eb365ae578bb35e15b805e94c157e8cdbf66b56bc3125238af8c521019e3e2c319a592bf3a99572256984b21bdb1ac5dad82592c8590f45e439a10bc1c2017d9b0d3fccf61afb97025ca921ff45862a695e5224071ff22124bb0084a87982a70848f681b4bd3d9f8c6de5514a48ecf
+	C = 803603c714df00e36b6ab38fdc7c80722656bee1fa317961424db46210b28defa6d0cdecabf53ce467cf47c0b648eb3739e09801d4ab9153196c205547d61ecc046aacd6e90c69a0889c07d43d82c2a330a98ef60c1744ba80ffa573c2bcec6d0d19f36a49328beabb825274482d55
+	reseed counter = 2
+AdditionalInput = e262f85f576d1b5e2e6c4a8ac6ea699265050649ee694efa3507f024776a40e4
+ReturnedBits = 73732bbc6af29452451850ad1dbd8d902e361988f4873b427c0fd02db6e947f60d44403c8568318f817d5dc945ef4fc33e038d62628eaf62bf4274daf6d9673e53e1a7db17010bee58b713dd7ebe7632bc8abcdffe1c76875532d93dbfd241ba76f1addf24b958b11a121811473028a5b57aa4db1341c5c765e9ac5e159fa78d66748f3020ab800a2d5cd82b529452eb991b648aaa53584efa93a2f6c72767a03d9c95f2bf3f6c1d7e64bc90669361684f1de53a6784264edb899b1d76b1fba5
+** GENERATE (SECOND CALL):
+	V = 6b6c5eac8d9a36c4c6eb12249dd4693fe5bd744dbd43cb99f1da06722a9670b2c07660abe68e9406be6792e273fa9794e762f12e5a3c85b15d06311163f6373daa20564682b49c7107257bef8bf3319c46c4fd440a97ec0b55030ae9d9c64bcd938a37e2ce3e79187d565cb1d2d91b
+	C = 803603c714df00e36b6ab38fdc7c80722656bee1fa317961424db46210b28defa6d0cdecabf53ce467cf47c0b648eb3739e09801d4ab9153196c205547d61ecc046aacd6e90c69a0889c07d43d82c2a330a98ef60c1744ba80ffa573c2bcec6d0d19f36a49328beabb825274482d55
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = d62d1ea457388eec38ad2dea9c9caeb1db2b9aa91a185e1791aa9f56519480c6
+Nonce = be7aef076616921eaab9651c22cc888f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 06570c5dee94d85936030d47f1663c159d7c421bc4686b20535e0835b362b7f96dfa45f15c99cca11e06f3b52c75a6cea2b454c67d5887b662a67a652abf37f835a7614ececbf050fee20f8d77dc72b485aa408d00c90aed4d50f1a305b81bdd8229a2341e174c946bf59676797894
+	C = 740fa229a16dc6c78c3cf89fd3ceba469b77a3cecc4d5a3fe67f09a40e5f6f39de60af0e083892fd9bfbc7bb714ee8697c2a40a8db53a887b685fabe8a1a1d7ef3c6abbea05005a89f0c22e53dc2adf294e0d852ffcdc1073065265cad614a0cc3398333a99cf24613f40c558c9fca
+	reseed counter = 1
+EntropyInputReseed = 17147bee785c3ab3ebe976e274e0321b8484bc560cfd9aab0745d6c9aca07c6d
+AdditionalInputReseed = 859bc1bd8d2562dbdd4dc823251ab87bdcd93c00f0511e49b8acf59952f39121
+** RESEED:
+	V = 98970d80489941cd8c2d49aaf7db56501b818d2c9be4a52fc033b3bd9aba6eb921ac7b95ba9c2d6fb653551587501c1e3b565996b5b398d7247fb759255f93691e98d7ef50ee709decc3b2b3b8a3b73aa84eea45c4fdce6906a6645086cb6e8443bef17a8e6993b018881a3e4080c3
+	C = 8c8f80e01739ea4dcb019a5a6c3622e5a1e32203b7e75526530aa3b3f78922598f1b88bc60da18703eb5640a66201dc4fe5326dcf4641777653b32eee75fb546b93d6c12bed60969465b42160f50aaeee83e59e4021f2adfdbb5fbcf33e6d32178494ba1001d3ba9b4f1c39c42c3e6
+	reseed counter = 1
+AdditionalInput = 34db5184c08013fee175c439bb0463e94c1337f0b394507d482a5af00e1ed64e
+** GENERATE (FIRST CALL):
+	V = 25268e605fd32c1b572ee40564117935bd64af3053cbfa56133e577192439112b0c804521b7645dff508b91fed7039e339a98073aa17b04e89baea480cbf4986ab981978ddd8a1866684307fa992b8d2039ef0fa502a736f7db1dc0f2f18d001b9261e152897216b8202637205b195
+	C = 8c8f80e01739ea4dcb019a5a6c3622e5a1e32203b7e75526530aa3b3f78922598f1b88bc60da18703eb5640a66201dc4fe5326dcf4641777653b32eee75fb546b93d6c12bed60969465b42160f50aaeee83e59e4021f2adfdbb5fbcf33e6d32178494ba1001d3ba9b4f1c39c42c3e6
+	reseed counter = 2
+AdditionalInput = fd7dfec40c27d7502d037caa90c98e661fc9da05e7eaefa6011d100abb89c00b
+ReturnedBits = 47c4eccd0795608d9a2049558afa728d4ab959aacecd2abe6c2f430871161daeddeedee774f3727685ecefb99f320bf008e241bbb0fc3ab1e6ea5e0b5e3e2eed7ad7101d29e9693fb59eae588755a392b635888aea09542a8f8d0d549bb92543d216d4104df0dd643a0c1a5ea2086ee6cf32ad3cf8145066e4c5a6cbdca83027dd1072980de97aed7b34cad78c23e42376aecbc6f0ff226d78373f3506f21767e59031ebd406848f2b80168ba7ad2f66d772e75d6c39d6622b30250ec71a89e0
+** GENERATE (SECOND CALL):
+	V = b1b60f40770d166922307e5fd0479c1b5f47d1340bb34f7c6648fb2589ccb36c3fe38d0e7c505e5033be1d2a539057a837fca7509e7bc7c5eef61d36f41effd6e4384acdee8917ccd6ce5261f1cf952e7ffe28f363042c1828a155f58e6839270f597161b47e43703c882da4f38979
+	C = 8c8f80e01739ea4dcb019a5a6c3622e5a1e32203b7e75526530aa3b3f78922598f1b88bc60da18703eb5640a66201dc4fe5326dcf4641777653b32eee75fb546b93d6c12bed60969465b42160f50aaeee83e59e4021f2adfdbb5fbcf33e6d32178494ba1001d3ba9b4f1c39c42c3e6
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 4ca74b8a44a7b48da3dea78194ea7a940538dde8eb7d76a1252189da63defc5a
+Nonce = ca78eda4bc14c38cdd717949ceea3785
+PersonalizationString = 3d9510a181c8f29e71e5bd43819dc50cfd3df46acafdf7b19fe072d1496c7bd2
+** INSTANTIATE:
+	V = 1531393d3ac0fa0f95af052f9437f4df4d20160c1e6a17205fcbd79d80dcb3c51127633b1be91988b931890517f9c342b8563a116a59b73985c3d791041135d256766380743f3ff421768233a90bb6424807fa71cac950c427b70b9859046d264e9fdef8724d654fe86ad03bb10c13
+	C = c93e26303611bb722ee81f4c5798cf96678f5e4c96e7361a6061492859f8365044838db0f4c23329594f8e3bf68bd7a87913f4b518cf9d2053317ff4c8d78f1f346b0bdd4a33986668cfb553b8324df13ecc242ab91ecaffc0d5b749dee688f85044c6cd2a4fe14fb6c45e086e14c2
+	reseed counter = 1
+EntropyInputReseed = 4045467cd567fa0e18767f830ed20fc9083ae4ed3256d1f8aefd7aa941bb5a43
+AdditionalInputReseed = 
+** RESEED:
+	V = 673d7ac50163f5f42fb777fcd8dede0916c008314f01bdba8d6ab41dd7be50e9a3f656ec23d03c3474db6615f5881b082eafc1213d1a27e6a5d2b779d4a6ebb8cdd8f2c418ff171b52c2546a6eb1e6ed49f54ef2e274a02d4ba3192cc4eddf978e21d9283e84a7078fbfc701a4d64d
+	C = 9ec8c5a2e4a4793aa93e5bf29c7b40420a4a031fed01de577cebe87bf17440de8d360e65d1da0f1b993ce36c7cd09cbcd8e98660d002d9d138e853ec11442441160887c1a68cbcaeba3f6be8efb8d032145c474401cf5d31c8c984d7f93cf4935a81138bfe4de1be56d8dcc194cb0d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 06064067e6086f2ed8f5d3ef755a1e4b210a0b513c039c120a569c99c93291c8312c6551f5aa4b500e1849827258b7c5079947820d1d01b7debb0b65e5eb10007f4bc346073079a53091357708095c95c2d6e2728350fa18373e8188d0348795a77c3a8c0500cf94e80025cdd1280b
+	C = 9ec8c5a2e4a4793aa93e5bf29c7b40420a4a031fed01de577cebe87bf17440de8d360e65d1da0f1b993ce36c7cd09cbcd8e98660d002d9d138e853ec11442441160887c1a68cbcaeba3f6be8efb8d032145c474401cf5d31c8c984d7f93cf4935a81138bfe4de1be56d8dcc194cb0d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1e1402bcb4ed4b48ba3a8c60e1fa99b75ad3c58d855892096c2801bed53b129a72e78996eef894a59790c038760ecad8879eb720d5e57a68077abdf1d1e53f6ad15559789f753386822ad2a2a43848061b559179c2a01b97b3e915808bb59e8a2e2447c04144aa3b5b4d0227b81babeda54427a2fbb83675fc7b4530a23b3084b96a573ce3fb4323f0147012a7d370442403429793fee435842197b13bca95b377929a0400f8d129defc66fdda70b25a784747d117b25f601150e0a267e793fb
+** GENERATE (SECOND CALL):
+	V = a4cf060acaace86982342fe211d55e8d2b540e7129057a6987428515baa6d2a6be6273b7c7845a6ba7552ceeef295481e082cde2dd1fdb8917a35f51f72f34531742a4141bef2f72ff484c63b76fa860094818834ae44731d0fb2383951801e0b8642da1a670a88d00a32815c6b50a
+	C = 9ec8c5a2e4a4793aa93e5bf29c7b40420a4a031fed01de577cebe87bf17440de8d360e65d1da0f1b993ce36c7cd09cbcd8e98660d002d9d138e853ec11442441160887c1a68cbcaeba3f6be8efb8d032145c474401cf5d31c8c984d7f93cf4935a81138bfe4de1be56d8dcc194cb0d
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = f6972a26b29de047c43345a76bc3753577e1ac9417933722847dbd89a6b4bb6d
+Nonce = 9362bc1723af097c8c598be8110b8a42
+PersonalizationString = a102e4fd242498c66922a35f933f7d528b167695b18d67cdc10aed53cbc7aadd
+** INSTANTIATE:
+	V = 6e6c485d430e71ab233a2fcf759ca042cdebbc6097753f2fe1eab683c1f507c5b8baaac5e4a82a86d6bd4bac2934450c8278b9d91a68fc9391f5954a2a030a2abbe4e2999db48507d1305bf5d590c3367bdc50ad88b54c43535e83477bc430747825f886561a74328441aee9f75fa4
+	C = c855142fb313f2130c71167022ee64cd884b91738b67163285ff4bb846b68852378e04b3e3c1ae96e9964f3a726d36b77c39c1d528acb0f8db41e83191ed9f92c07cd391fe8c5d97ca34706bbe346c722abc92956ae897ed05693b515ed7f6fa1e462a8ec7f2421b8e90583cf13cc7
+	reseed counter = 1
+EntropyInputReseed = 86410bfc8b1349c0cfd4dd555631811fc4f2dd546131a506489252fdc55ae94b
+AdditionalInputReseed = 
+** RESEED:
+	V = 133cae60a699089ae99d2772714cb9e2385940242e09f703877e80216e106a1df84c93abb36a23e37f7bf382bbd12d9c15903833edec2311db52d3fa358842066af6099b97508eb584b2166cdf7464f4f226f2fb0f017f51401c81a7ace13a903c043bf6382d235a27a59ee6762630
+	C = d55ff397987e4a5f28180157f2a228853fe11daf584d022ecdcb754a8825e3caf64c244ae9da99e97f17f85c518f309a402172976e9e9a071f8e24c47749de4127a7b3813dc2f567a0f257412f28ea76ab7aaeb77fe91efc050e5c105e553b77ba1671771beac9b25e3847cbef86af
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e89ca1f83f1752fa11b528ca63eee267783a5dd38656f9325549f56bf6364de8ee98b7f69d44bdccfe93ebdf0d605e3655b1aacb5c8abd18fae0f8beacd220fd04f8a659eaf381bf3b13e4fa28af75a1d319536831247d2901d7d50a5c03911a60c7c8aa559570df11d6d6cef9df72
+	C = d55ff397987e4a5f28180157f2a228853fe11daf584d022ecdcb754a8825e3caf64c244ae9da99e97f17f85c518f309a402172976e9e9a071f8e24c47749de4127a7b3813dc2f567a0f257412f28ea76ab7aaeb77fe91efc050e5c105e553b77ba1671771beac9b25e3847cbef86af
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4f5138b34f8b21227fc83de2491fdd772a164a09de7eed7baa1dc424f124be713a47aca03f2c0c05af918bd6ce8d3e2e022e6d103da3ed72a258f41affbe68ea3b9786f920c794dd6624381a0422f85a30c53d33bc388708686430c75ec4f063f862061380e7e12e0778d9d8587b193d2a8e487b2c27cbba741e6facfb9e2e8443076220ec3c7f9ad58116d8360d3d3e204b0730f57b615bc971239489baf03c41412cfe0fb5ab12339e92a2d03d8f0686a40fc38ef4959fa57666a2f72b236c
+** GENERATE (SECOND CALL):
+	V = bdfc958fd7959d5939cd2a2256910aecb81b7b82dea3fb6123156ab67e5c31b3e4e4dc41871f57b67dabe43b5eef8ed095d31d62cb2957201a6f1d83241bff8be448e9bbcb56f7482bc6ff76302d8442151344c3597696ad0df734019c30bd1d3ecde2c75d6b3cbde950a888af44c2
+	C = d55ff397987e4a5f28180157f2a228853fe11daf584d022ecdcb754a8825e3caf64c244ae9da99e97f17f85c518f309a402172976e9e9a071f8e24c47749de4127a7b3813dc2f567a0f257412f28ea76ab7aaeb77fe91efc050e5c105e553b77ba1671771beac9b25e3847cbef86af
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = f36dd7a8a4b77c22c44bc7bd2efee79386c2716582d300a259ea3e276faa8bd2
+Nonce = 481f1f0de3f33a1ae9e7faa5bfcf6ec1
+PersonalizationString = 62442c1a6824cb7aa4b8abf9c702d14f631c50707e6281f2f549a6c8f2cc1253
+** INSTANTIATE:
+	V = 7eba5d6004b46742cae44d95b21c09c13ca33bbbfc07f9227d4d95bcca62274934d1d0a259f50e48299200d277cba85023c2a57d3c16ace21ce276ce53ba25fccd1cfafa50e1baddc5b48c79426184ef4079c0345ca7867b40ebc0ced0f213ed7d39fea53139c2e2c33baadaa039c4
+	C = 17d9adf918522092d77a11276ad5ee8e700a2c0dcb28f094e62d857dc69e188c0fcfc32ac69377e0b323e67f8412e529b273ceeecd3c6263e4b4af2de5a0a2e6dd23b1ced2874f61b7a65452860061d916044be6c4da936105d66c675f64eb56e42d0e19621840a7150654aa3cde02
+	reseed counter = 1
+EntropyInputReseed = d486f001ed1c6f526da533de71219ca444ad5abf473786e84942e90055d4f388
+AdditionalInputReseed = 
+** RESEED:
+	V = b5da30f7c0d1bf8fbee7c57f5c6dfd75fb54933abbb81e7d15ed026f9dd7ce507b947d7425b596b25227e2e8b5a030963b4985ad9f0a39b64eae1eb601888a64ed55b35c6f44bb24499ecb0680b8ca3218ad45d648ec6ec6b0e7a16c888584c792ef22a1b993c0bd2da9e6ee7abe77
+	C = 0fd44c04af0e1ef62e4a69dd7cdcf7e08776db8d3e2db305d620e02e5a6fe5e9cda5aba5c686d9f39a62832ad9a48284bd94c47f7ccaad7162060b8db7eb16799939b933b8081eddd8f46c2c9d41a098d3c22607c188e92b13ba39750ae6f1e666820029e33b696633c4ca64213b00
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c5ae7cfc6fdfde85ed322f5cd94af55682cb6ec7f9e5d182ec0de29df847b43a493a2919ec3c70a5ec8a66138f44b31af8de4a2d1bd4e727b0b42a43b973a1a33aec7d778a5c0fb5dc4af0390a28692b546e205e06b20b6bf9c28b6980a4b4a61bec8b055a31b277cfad6a19cd9dc8
+	C = 0fd44c04af0e1ef62e4a69dd7cdcf7e08776db8d3e2db305d620e02e5a6fe5e9cda5aba5c686d9f39a62832ad9a48284bd94c47f7ccaad7162060b8db7eb16799939b933b8081eddd8f46c2c9d41a098d3c22607c188e92b13ba39750ae6f1e666820029e33b696633c4ca64213b00
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 56e924b71f6baef5a14bdabeb1a1344d542f78b3b471e06e70910f93132298b6cf890ab43e37526a4db95a03fd0265e099b15ca7edfd15355f07633c342a5a2ab0c129121aff32d29ca42f717627fbedec866c3a72695143572b3d454b4fd91d6bfe37667c3c227c4d9b84ba2fb8c5800cb9a3eda05764f76f9e8366d6295609956144f4f06e8600f07c9927eb9f9ccda20c1d1a55c9b5b73c7e168151d9ac1fbb34ccde83aceaa73d24d5b3b3a70f24250767760d18e30a91ff7628ad2c6db7
+** GENERATE (SECOND CALL):
+	V = d582c9011eedfd7c1b7c993a5627ed370a424a5538138488c22ec2cc52b79a2416dfd4bfb2c34a9986ece93e68e9359fb6730eac989f949912ba35d1715eb91c0955d2b67b290cd38235fc9f56d7fa4c6a1a44c06ca9687394a37d852e94e1956dbb855d0942c1f2157ce5b3d79b4b
+	C = 0fd44c04af0e1ef62e4a69dd7cdcf7e08776db8d3e2db305d620e02e5a6fe5e9cda5aba5c686d9f39a62832ad9a48284bd94c47f7ccaad7162060b8db7eb16799939b933b8081eddd8f46c2c9d41a098d3c22607c188e92b13ba39750ae6f1e666820029e33b696633c4ca64213b00
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 3e0ca4b057ebf647659277a056f13558ff1c0741321ff71e12fd18082eaac791
+Nonce = 4157d1aa482c35b7e9ba73fa7985eba2
+PersonalizationString = ef23c6a748530feda1de2cfc32ff061ae31d898c399d75f0463babfc0de9a155
+** INSTANTIATE:
+	V = d3e9af00b3776de0ff78912fdb9c6b25fe934c3cb44da549ab4a2c3765fb2f4525dcf06ff80206bb498eb7e10fad89a0cbb2848e92b8dec2ff13a34abc1c5a0af3905fa2b6a6792c4e5e68ac9d05fd2e0d3971a0585ceae1a3f127e68f816f37c6bed4aac7b0c262c49ca925b4a5bf
+	C = e97c5e81ac736e96fac221acbd902b936adfc18a1f5721f394d0de33fb0d20ca3dfa01f53e1684073748d77044ab951fc77b2e25921dfdb78b66c308840b70ce463ee05b9642c07e2b8fc64fc3b7287e70f0ddf3835c3c39d529b9f4f5c3c9241a4a55706ff2b707f5abb28c3f5cc8
+	reseed counter = 1
+EntropyInputReseed = cf4a74f0c3918c2f273e18034bdd63d0df8a22f14b61474829494cf9c4896285
+AdditionalInputReseed = 
+** RESEED:
+	V = 658d5b8e9208598bd06ea298523e539b6f5638ed0ef6d8a855efbacb85c4c9635c35d3378c7a8dc44ab540a4c7b54b88bdf73b6c58751b0eedb1784c31a0d48318cdbeca58f263798a28f509a5974c13b61d14b56364b271a525f3f086bcea7aea5a332df51d78fede3c88286a5c92
+	C = 95e3c2b6f236b9b03f47b2cc733a5480d85ce1215736784a4c4d75e5219ecc22b65dbdb217c82b1c48fd7caada35294887e0077d1c0548ef2345397381e77de769a1865167d8026847452d1832626cd0541eace93651d3a014ede596b92d88788f0d44404d82e355cf8dcec694819f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fb711e45843f133c0fb65564c578a81c47b31a0e662d50f2a23d30b0a7639586129390e9a442b8e093b2bd4fa1ea74d145d742e9747a63fe10f6b1bfb38853526541b7afd834b36c56aa329c1f41bfee5ff3ebe9769eba5667b68737d99e38385bb6c0beb5479936f9ca3a86c49bb8
+	C = 95e3c2b6f236b9b03f47b2cc733a5480d85ce1215736784a4c4d75e5219ecc22b65dbdb217c82b1c48fd7caada35294887e0077d1c0548ef2345397381e77de769a1865167d8026847452d1832626cd0541eace93651d3a014ede596b92d88788f0d44404d82e355cf8dcec694819f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 200370203d7a3e4afd9e0ae02f066af6d1bbfe3c84f68a0b3e3175deb400438ff1256b98759cffde3db63dbc2ebb6a51995924ff9754ff9b16e73790228705f71889d808af418eaa1ec9f435bbe313f017574d54146a99c8981071d7e1a42e501a149de20e3942f09f9787666c00ab2cde33930067f4db24673bfd63d499b828f6d0e5984464af08ef2e81c42050b6cea3192b775733c566716033261fa889860994f92ba16984263910cb109c3f202a09a2acbaa70737b6355e865eefdcc7cb
+** GENERATE (SECOND CALL):
+	V = 9154e0fc7675ccec4efe083138b2fc9d200ffb2fbd63c93cee8aa695c90261a8c8f14e9bbc0ae3fcdcb039fa7c1f9e19cdb74a66907faced343beb33356fd1ed5e83e6e8dc7cc59163f6114b73033b096c8a441069cec55216f1004c05682a21d24ac9f8c4407b8bc6b3638476620a
+	C = 95e3c2b6f236b9b03f47b2cc733a5480d85ce1215736784a4c4d75e5219ecc22b65dbdb217c82b1c48fd7caada35294887e0077d1c0548ef2345397381e77de769a1865167d8026847452d1832626cd0541eace93651d3a014ede596b92d88788f0d44404d82e355cf8dcec694819f
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 7f47f28813061e3e4f132237e6a908f65b5b1620293a2531c8ea1c44f2c6ca62
+Nonce = b41c4c21da4d1b67e1809c9a6eb6756d
+PersonalizationString = 466ab1ce90fc84f6ca57020530bebad84d4594ed5ac7cf084e9ea38d6d01db1e
+** INSTANTIATE:
+	V = 5824cd85444e56e9ad56481c6ab2494fca9c566450b95e0651836fb17240f0bb48daed6c50b331f4945460a1ac7e86b1af6a3ce9d20e05b56a02fd3958387e278a73b09a3f4e431a01cb19a9e3c5200786d35b2bcc6760f577aae82968bc395df8efc4767b1b0c323f62eb8716f129
+	C = 89412d3b23804d17c940109c0824b841ec7577e12220bebd37682e0592f1380f1b034a403425c9bff99ec4ff41b32f1a518b6dc2c7896b270d0ddc159a8107b9a23f36d5f36eaa5e9c3cd9523a0f435634825994566af9b79b7fc1c080dd6235ae1c3d64720b77908727e014f57f58
+	reseed counter = 1
+EntropyInputReseed = 67caccf5be8eb8d9eba2a8cc4865ac43947d5466e0a32613fdb9b2c34ae4746d
+AdditionalInputReseed = 
+** RESEED:
+	V = 5581058350bb39c86d521e3a2837817addd9a200c541478ef637fe4ef7de6692d4b4a3d123c2e774979f875b2b859160b3328e124bc31da331065dec83fb8f28cc9e3aadf0b8f1d435e9ac36a91e951378c6f102cdab5bf4c3666101429e65975f8ed12e361690f64927ba99e78861
+	C = 7b3272f067b7e8d2a8fb64d573b4195bb553fedd29334da3df9d0cbe1095ee08d746098f805c4046663a49f764464ee9a4bf62487d061f4e26bc304ea4a79dbeed5f4d0f6c46dee1005e877001250c0d5d1263375778b7d94fcaae2d69742149923fcaacf5902537f5a9049866feda
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d0b37873b873229b164d830f9beb9ad6932da0ddee749532d5d50b0d0874549babfaad60a41f27bafdd9d1528fcbe04a57f1f05ac8c93cf157c28e3b28a32d6ed19835940d64ecebef626cf70774666281d3ea2c096a4786b47d6cded0f89b96c6c7bef2913105225df210cd432bfe
+	C = 7b3272f067b7e8d2a8fb64d573b4195bb553fedd29334da3df9d0cbe1095ee08d746098f805c4046663a49f764464ee9a4bf62487d061f4e26bc304ea4a79dbeed5f4d0f6c46dee1005e877001250c0d5d1263375778b7d94fcaae2d69742149923fcaacf5902537f5a9049866feda
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9aca27f632590923e07ef29588c96993eb8bf8c7c1f9aad8af3b2398b67cdacb3132dfc692a147c5dd3ca619e12ca2223560759309d716d0a7ae24f9cab9d3e08f88e2746349850c0ee091d37470f95757ec65cae822e043a57d637487d553e3dcf015c8da16590f2825f9d7162654be5720ecca288ee68efc93e97d0cc660760e3e7db54cded92d0fd6c616dfebc36de0b0ff1f32c713a2c12274243b3eb55dc4a71298f6e5f98f3e4c3a6b498a39911551b992b10c87204020e8cc0cda88b9
+** GENERATE (SECOND CALL):
+	V = 4be5eb64202b0b6dbf48e7e50f9fb43248819fbb17a7e2d6b57217cb190a42a48340b6f0247b680164141b49f4122f33fcb152a345cf5c3f7e7ebe89cd4acbe76b8710d62d9f46193b71fbbdfe9fd044ecf2b3bca62dfe44f9986948b7ec6301960a65a9ae31e0c04cc323b94bd32a
+	C = 7b3272f067b7e8d2a8fb64d573b4195bb553fedd29334da3df9d0cbe1095ee08d746098f805c4046663a49f764464ee9a4bf62487d061f4e26bc304ea4a79dbeed5f4d0f6c46dee1005e877001250c0d5d1263375778b7d94fcaae2d69742149923fcaacf5902537f5a9049866feda
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = b49ceb0631fae04d3d0c0b21dd4a8b02f63add7b0dc663b4956c8cbdd8976579
+Nonce = b672f475e57f348e40cc33e7a94d9821
+PersonalizationString = efeb44ebdfee7b5bef20e3211ebcf9bae5808f1a6424c069398573eaf341bc78
+** INSTANTIATE:
+	V = 0dc691e7240acca08799f336ca29754689818192f2eab626cf0a9b53a9e4f3da1a1943afd1e5e4010391cc32fc2c87ddf1621a77732deaff9b2d416a3a7ccdb820e4e3dd715c6404468e15fe7090fe7a76869399c67ca1e428e773e66db6062a5314e4e0ea29f5c63be5b7b6986aef
+	C = b487cb2dda842c515d6c4f0e939158a98eda78338d49fc4e4a0e12283e9b1321cba94985e22dd00fc35c9347642702a33e0a19a2fe078f13694c37fb6e094138b57c437bcc1dadd77a6e4d59002758995353b9fba371d104ba725454cd7ec055319ceab5b1b7a21d216d829ebd2b02
+	reseed counter = 1
+EntropyInputReseed = 0b5359760923fded3866a1304e623b2aaaad8c9eea3d8f6811648646dcc993b7
+AdditionalInputReseed = 
+** RESEED:
+	V = c7720d76c0576ca79d87fccf136531ba206f00645a3b149f5e4737dcf6f71229d9e0709436e1044856cda8ee53e470b083ce5474d02a0e94baa5035987231c8b44f5a1603b2c122da424e8f98443cb749fbfe0719d9721a49aef594bfa6ebbb071aa32e7af4749a196e6f749701f28
+	C = b937399e1617c8605b37119138f5346c067dda34a67e384e92e853136c60dd98b970c53939433d909a01fa8f02cba5b9bf5dc3c18d952d7c6d74edd5a62fd704972227bc1b2b4dfd8094bb3fb9f2a2292103c72cb10b732e97436d5209b0dbd97a336fb642239a1c1c5c04bdf1c38e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 80a94714d66f3507f8bf0e604c5a662626ecda9900b94cedf12f8af06357efc2935135cd702441d8f0cfa37d56b0166a432c18365dbf3c112819f12f2d52f416a3bd4bfc87f769268d6a4f72f9f876a8e44ce8b88c90d98e6c19c6c6c02d25169343f5c8007dea1f405e747f1d6e18
+	C = b937399e1617c8605b37119138f5346c067dda34a67e384e92e853136c60dd98b970c53939433d909a01fa8f02cba5b9bf5dc3c18d952d7c6d74edd5a62fd704972227bc1b2b4dfd8094bb3fb9f2a2292103c72cb10b732e97436d5209b0dbd97a336fb642239a1c1c5c04bdf1c38e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 59777afa22f50a3fb05f9e8ffd891ecef8e7e5f9b2a7a74dff9fcbf0274ecb1470de44c36a34b4a04867da2e2609220de0b7163239c36b8e4fe2927afd9c5afd5a11e0dbc43dcfffce825df47b6adf4e3aa3a3435a880b661a8ceadfecb9825f7d6b974062cf97d3d6cbfefe77d3ac276685c013e656d72c82e9263a97fc670e0575c90c4890fcecf6585b4e3f7cf9e23212a0be35d53b62a37dbfe8db7c2a8fdc17d41d5f8deeca4a2597d95f82018a37ff7e9ef4f969c38b2072b152411634
+** GENERATE (SECOND CALL):
+	V = 39e080b2ec86fd6853f61ff1854f9a922d6ab4cda737853c8417de03cfb8cd5b4cc1fb06a9677f698ad19e0c597bbc240289dbf7eb54698d958edf04d382cc0318818b0a800001c1d9a2d18e548fe33a89a148e92014132ec5bb54f261927a887acd7e616614f73a3e7d8143fa9cb6
+	C = b937399e1617c8605b37119138f5346c067dda34a67e384e92e853136c60dd98b970c53939433d909a01fa8f02cba5b9bf5dc3c18d952d7c6d74edd5a62fd704972227bc1b2b4dfd8094bb3fb9f2a2292103c72cb10b732e97436d5209b0dbd97a336fb642239a1c1c5c04bdf1c38e
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 40bc39c172dddef200e2b3cd4c7bc570b1d5516aaa64c062b13277160632bb2f
+Nonce = e7cb4974a87e9d51e4886e3c1605094b
+PersonalizationString = b1619dbdc4ab1e714c815104254ac0dd9c891335ae45c7032c5967e3334bb1b5
+** INSTANTIATE:
+	V = 5880be2b558618f891cfb93140aa1b60e159df4cb4102203e84497d328600c8df06561b271667ab82e350050af7d6a49d54bdb1aca7b9dc7f1cb8ebd6045f7e13e2c752d1dfbe4e8360211732fe57c9f1ac70fb1edabb20c2ec9e06e2a1063a3b67ea69f2378315b8724e6c3bf4728
+	C = aacf16b244f2edd2cd8658a6fcc6e2ff914f45a1c1ab8fb4e2108b8003ccb299b0b3ed03622c8452075f9b2ea8263f61dc3f4bae3c2e6c0871de8831c0f33611e61ca09284f99c60381606c7d69964ef52f4de7991c0db5ad3f2f80dd1049bfeadaff4c1eadb5b5dd566297e8cec72
+	reseed counter = 1
+EntropyInputReseed = 2cb283901722eaafe74980c91ff3752e02e4f53e6d54c67271278d576d954f8a
+AdditionalInputReseed = 
+** RESEED:
+	V = 09d6ff707add360bad0a9b0cbbbecc6efe426a8d089b63e096bc93a114f5123463251a70534928a1e029dc9f543ec28e1c85615a5f24ca2e09d6fd016329800fbaaf7c378394b7477ffcc4d043a62ef214fe67de2b89f64b98d0c95cc78d30c56916f67496e3d0d8e2ff907a004241
+	C = 5748a820c9fba92216691079aae33a449e51ef0ba01d2429b998765b06ffca5530a94e3499e04cb6cea099fa52d1bd920aec9aafa75afd1542211b4739b0ede4a794ca85e8850e88b2185507f13f661eedeac31a613da4e54eebabf7784fca398690d7410368f769f96507e74df25f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 611fa79144d8df2dc373ab8666a206b39c945998a8b8880a505509fc1bf4dc8993ce68a4ed297558aeca7699a71080202771fc0a067fc7434bf818489cda6ea9e4d0ca320322c9bca3b510e56dd5a4777fed6aac098fc2eb643ac0924ed2effbebc8a83a5bede36eb5a829d9478861
+	C = 5748a820c9fba92216691079aae33a449e51ef0ba01d2429b998765b06ffca5530a94e3499e04cb6cea099fa52d1bd920aec9aafa75afd1542211b4739b0ede4a794ca85e8850e88b2185507f13f661eedeac31a613da4e54eebabf7784fca398690d7410368f769f96507e74df25f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6fc4893819d690fdd13c16c3f93f83f03c1df88a1cd758a48a03de95790e83dd947029de34ae1989057a39baff01fd0f308abbc05291432ae9636a687b88505336fe7d093ab08a88b403de6f80dcaad25e9e5cdabd20fc76974b598117dcf571bdb528c4caa0cbf3b6437a04450e79dc59868084381c945fb8ecee6eb38aaba39c8a43bd7835265ba448eb7cce1cd4a0d6177357a54e1ebd5debe1dd091f26bcb060fd43dd3687e36acfa5f750af35fc1b98b93cf4bea13e3d2bf37e49eea8b8
+** GENERATE (SECOND CALL):
+	V = b8684fb20ed4884fd9dcbc00118540f83ae648a448d5ac3409ed805722f4a6dec477b6d98709c20f7d6b1093f9e23db2325e96b9addac4588e19338fd68b5ccde672f14a72395e0d6535c83971a1d9c8728e9881a3c6ccc27b9cf29142c590f4be13e2c0348e767c25467bb5dc241d
+	C = 5748a820c9fba92216691079aae33a449e51ef0ba01d2429b998765b06ffca5530a94e3499e04cb6cea099fa52d1bd920aec9aafa75afd1542211b4739b0ede4a794ca85e8850e88b2185507f13f661eedeac31a613da4e54eebabf7784fca398690d7410368f769f96507e74df25f
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 5e03c2a2d9c5bb9b6bbb0f650e9aac1e665588a3582f20802dc2dd3356506e27
+Nonce = 32a6ce996feee3bcc191311cdd072096
+PersonalizationString = fa4480e80e0dd8d7105e72587be400d16d18b1d1dedce2dbe6a9ba74a2bcd22b
+** INSTANTIATE:
+	V = c41b63a5bfb1f8bd14ebceb9a07ac88c4066707e12f427a13f69578e72f1a3200d0ba5249927dc207115f17314acc09666f03a590353a0259e214829fba0792a84600c5af1f6dc854b8c27306dfb0188473c1e4f756de0259db4030c8576ee57a6ed92f56d29aa9b82d3b8424fa45b
+	C = 063820cbf5b923b618b4bd36dfabe76797323627a1ae2ace87533936e946af555fad65edc132a176c52ddce2a1c848492044e2bb071aefff8199e4a67f1d34a317884d8152186254c687968f9ef4a524670f914f3d766287ebe4b319dcc32d499568b25b3d571ce7791823e8457cc2
+	reseed counter = 1
+EntropyInputReseed = 3d24c75c159cbb04de0ecde112ce6997a72b23e971adf3f60400b31f950fd71e
+AdditionalInputReseed = 
+** RESEED:
+	V = 80cd11c6242e665aa27fcb1f678dac10e6550ca44a5170caa66f841a05f4523ee6fca851353cc8677bb05e90ea07018f60a9f7f0a55e318851a49a9966ba444aebce1c1864ef7c1547b43efd97d88c344bd3ce17b207feea91a0cdee6336ee6f3ec1e060eca07165d32995a0e8717c
+	C = 5949c429c8bfbf17e6658752beeb8ad9e418342efd13343167dce4c34f26064655778049b90138deb50b79b1041b9533137e96ddcc46640ad5b2bc0b430dbc91961e547a5be549b60b75cdf86855304f9657c5dcd05323ae142169ff80818ee94a9753bd31d610f8c778f12bb16870
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = da16d5efecee257288e55272267936eaca6d40d34764a4fc0e4c68dd551a58853c74289aee3e014630bbd841ee2296c274288ece71a49593275756a4a9c8012f6cfb3e0d40d5a862b3ce3618cce817d5dafd7475296ebc56fb49fd88aa7e62b3dd03afbe1cf0611a22aaf36234762f
+	C = 5949c429c8bfbf17e6658752beeb8ad9e418342efd13343167dce4c34f26064655778049b90138deb50b79b1041b9533137e96ddcc46640ad5b2bc0b430dbc91961e547a5be549b60b75cdf86855304f9657c5dcd05323ae142169ff80818ee94a9753bd31d610f8c778f12bb16870
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d9e412e6fcbbbd28722778f0fe3b14758db9d0138a05663d8e07b3f176ea391fef9e3d155c5eb2f60fdccbd0938f27b706e0fd5c64043f3f6b2fd5691844d48e6eae540434c3135d81d721af7ba817d2680d35b0c21556b872541a5f8cef979e71f7b2eca0a0879b5a65ea4da83a7c64fc0fc46131489668c5fb118337f86ff72eeeb7390223bf6e290d4329683e56e4d38c60da747841621ed9f5c02e789d9378fd3863bd5209352596603882b9f1357ac535528328ab006f18a56d4ac94c90
+** GENERATE (SECOND CALL):
+	V = 33609a19b5ade48a6f4ad9c4e564c1c4ae8575024477d92d76294da0a4405ecb91eba8e4a73f3a24e5c751f2f23e2bf587a725ac3deaf99dfd0a12afecd5bddab0e8191eb5113b55c5069c71c345bcb47d6f7bce31782366cf7362b4d7a4757ebe7b4fb2b154bb552cb0e263098305
+	C = 5949c429c8bfbf17e6658752beeb8ad9e418342efd13343167dce4c34f26064655778049b90138deb50b79b1041b9533137e96ddcc46640ad5b2bc0b430dbc91961e547a5be549b60b75cdf86855304f9657c5dcd05323ae142169ff80818ee94a9753bd31d610f8c778f12bb16870
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 7362e7b3abc42def1852cd25c3576d22a928ae9157f05ca514227225521c1161
+Nonce = f0bcd040f55c36143ccfbc0a0c483efb
+PersonalizationString = a04eeba1e20694f2b9cc691b4ce128af818112eaa57ca68c11a80180f7c896bb
+** INSTANTIATE:
+	V = b7286ef4d92c716bc245918c3f2858f13ad5045abec63c5ef1f62029f1f417aa9f09e4f42ca982bda482fe6dedadfd0f4e5baaf8586bd73f747f6d446d574edab250cf86c69faeeebe4c27328669a21568aa5c0b5b7e0ff893edae9cdcf44be69a11255a2f61a5d3348b6575ba4a0b
+	C = 50baf777b072e8220e8d70a775725406b396a51b4ee1654ad9fbb0172f73201dcadd2408b71cf317d988d641c021b5e8525bf1bf17a569834a8519787f419e3999e652462e81100ae4eed7f0ffcac8f8dd7850d0b92e0561d4a7de29236e7dee72ca90b810872229685093ed39c54e
+	reseed counter = 1
+EntropyInputReseed = d03db56344cce151e1c3aea03dcfa2647cce657390a77e1b92840d43cb0f7cdb
+AdditionalInputReseed = 
+** RESEED:
+	V = 408c6ed61e52206ce936f421917b28e0e4940380ac4bb3c2367592c282a681d2306db5690eae21d44300484343d3b17701fa16d194192e9ac21a8a333e693a70a7dd521a64b51c4e34c3273239e1065358e1e36e97543162d1767f2a1eda940765c8dc170f8918b90aa75992af8948
+	C = d78810551cb8e22b00a183df9c95298c062b551701b9463b5412b40e48d2b26942894aabde0096dcc2e4fd9ef0aab921774146eb29c8ce39f26881efa59e0bfeec9a94abef7a3fb7b3948e94b0ba0fd8fdfe78ca73728d10c0d161edb307c5ead05d75a6a94174818ce4c06c14eec2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 18147f2b3b0b0297e9d878012e10526ceabf5897ae04f9fd8a8846d0cb79343b72f70014ecaeb8b105e545e2347e6a98793b5dbcbde1fcd4b4830c22e407470cbc168f6195fa01b07aec3ba2f769c872cc3d5c57a810e26989ef85df62a3c20a042ab630e9948134aed88f2701bfee
+	C = d78810551cb8e22b00a183df9c95298c062b551701b9463b5412b40e48d2b26942894aabde0096dcc2e4fd9ef0aab921774146eb29c8ce39f26881efa59e0bfeec9a94abef7a3fb7b3948e94b0ba0fd8fdfe78ca73728d10c0d161edb307c5ead05d75a6a94174818ce4c06c14eec2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7937f5dfa1e73a0cba064d947e3aeebba3497266cd9ae498018c92015873b27c4cd1138ecfd6c6ccf44a1a4ab818e9519e11d7d3e1031cfa46ac7dfd3687ed544c814b55f0ab35760556c050b2083f094b8c08352f17b27be45657edca5276b0d1fcd81e576710c9aec84ae0ebd2a69eca01c12e5c847353089c9af9f737a9a8ded8e0b0f3871a8060dd04372ba39e9dddcc07b5ca13d7469d095eb8c19dfc6771d1bb181d71db21cae1817bec36e9f97e23861912a38c822d432c94c6cdd26f
+** GENERATE (SECOND CALL):
+	V = ef9c8f8057c3e4c2ea79fbe0caa57bf8f0eaadaeafbe4038de9afadf144be6a4b5804ac0caaf4f8dc8ca4381252923b9f07ca4a7e7aacb0ea6eb8e1289a553ed250a13d7144accc7ec7d4e9ab60c7da073e12f79514082d1e108e11ddfe381bb9a9e309a62c945f0a444ff51156334
+	C = d78810551cb8e22b00a183df9c95298c062b551701b9463b5412b40e48d2b26942894aabde0096dcc2e4fd9ef0aab921774146eb29c8ce39f26881efa59e0bfeec9a94abef7a3fb7b3948e94b0ba0fd8fdfe78ca73728d10c0d161edb307c5ead05d75a6a94174818ce4c06c14eec2
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 803be39f89c6300061c589bda41c0533dcc5089b07cf7b1e5467bfb7a6d94b43
+Nonce = 8d79d1d17aa204acf93b5e487b4bc1f2
+PersonalizationString = baa3d2410b8e31cc1a8c2de6044c3fe7be2b69474c79333aa044983f37b3755a
+** INSTANTIATE:
+	V = 1233802beac7c7c167ac3cd992193f642a49de26031745a6b4ecbf1a584c562c79a6fcafb6f64cb1eedd783000fd49761a9f1a9324cba180c0b52edb738daaf214e7924aaef5c781a4b5bd6f81d10248702b6865fed75ec9dd9d743c47d893c0e6f3b542f7cdcac6212ce331f940cd
+	C = ce568697b80e989fb6efaba93ca447ffa94b958fd7359739d352b6a9120fefe94fb899df0ea13c2cfe250297b55975047cc8bc8f3ed2709b632149be2523200f3746111773dc46295b93e6c65ffe22c5f9e81665538210416d61c4750f05b234b3699b6d7c5a5ad6c0a27cb6e1e39a
+	reseed counter = 1
+EntropyInputReseed = a672f57111a579cee411365b631899f8ea4242bf579e8cf39b2a2aa32963b6ee
+AdditionalInputReseed = 
+** RESEED:
+	V = 3726c771f65bcc08f925cfdb157cae9efdbfa099abb6bc9173e369b77e120c5ad934305378ab07c6333f4a7cdc72b4a04fd9636760cd29c2e634b2d9eba0468ce4ce2881879756feeee767fd7b55d930cd0916cd5af42efb0924279bbd152487a84d38ce11ee14956dd290b6d75b71
+	C = daa269ad0c0429aa1ab514c96095317c8b20ece57872497c741931ca7d08f07464317ef2151a3ee04db1ddb91f9af8cd92eedabd2f658b6d588f1437808c3497c57bbee3bc587edd6ee715941d4d0bd31b5cf1cb34e2567d28f2de363825f35324a32af285311b0a3b474a7ccb6506
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 11c9311f025ff5b313dae4a47611e01b88e08d7f2429060de7fc9b81fb1afccf3d65af458dc546a680f12835fc0dad6de2c83e249032b5303ec3c7116c2c7bce78b8bd9e3543fa27f270611af4ca941c331bbd30dbae7fec51c0c51e36e6f5d7f2688ddfebbdcb60efe5dbc2a56592
+	C = daa269ad0c0429aa1ab514c96095317c8b20ece57872497c741931ca7d08f07464317ef2151a3ee04db1ddb91f9af8cd92eedabd2f658b6d588f1437808c3497c57bbee3bc587edd6ee715941d4d0bd31b5cf1cb34e2567d28f2de363825f35324a32af285311b0a3b474a7ccb6506
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0362f1243a706f3520ed26450e3cb1b69cdb4ef49601bd6990177a4197ad12b36cb48e4358bc1f085f72959661a28d8a8d9dd41dee93c38a99adac02e4ae517660df9ea00d6c92647a3684134abef8331e338e123ec4998621dd51c06f7a36373ee1251b411ec1b881200c8eae26bca333aa8ff59cfa368354bc9d23f371a1c3272a9fcc2593a6147ed13b73fe28ad906d3e1f48e70da937fa0f6e673aec0efff824d7136da4a1db463691af655042a416daeb34dfc9fbe4fe530f4f2424f8d8
+** GENERATE (SECOND CALL):
+	V = ec6b9acc0e641f5d2e8ff96dd6a7119814017a649c9b4f8a5c15cd4c7823ed43a1972e37a2df8586cea305ef1ba8a63b75b718e1bf98409d9752db48ecb8b0850a3142b9f1a80ee7e62f142a2c538c1c6e69e526e9aebf1797a1779169f341fa9b1013feae95c7273995cdcf1b4bcb
+	C = daa269ad0c0429aa1ab514c96095317c8b20ece57872497c741931ca7d08f07464317ef2151a3ee04db1ddb91f9af8cd92eedabd2f658b6d588f1437808c3497c57bbee3bc587edd6ee715941d4d0bd31b5cf1cb34e2567d28f2de363825f35324a32af285311b0a3b474a7ccb6506
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3e433738d587fb186783303c779ccefc8e1d15e2db882c6afd53fa86b89ff578
+Nonce = 80946678a7f7fc5b11d2d59747fb7ce1
+PersonalizationString = bf316564f0c6d1d68a8c7f92064c9d448e408c044775d95ea27063e61bc11b53
+** INSTANTIATE:
+	V = 64249384764b3c0aa3ca34e9712e616f1c116fa764bdf004e3417cda7ff70269c6e985714e4ec2f9c468276c792d35b9b5362e8251ecbfce5e40a76667cc761377820a65adda835e8f1e8c7babf740a0d1d63495063a0c10fc09105aaf064ff2adae86f6a39acb899f52058561bcdb
+	C = 7518d0e4f64368ed8b3ed16589c330d0cb50e658cb1968eb4d5ae5b6163c960ce1a7e1072fe392c50ace82066fee2a60a79199c4af42703221ac77edf67dcde841ec7d6207aa0361b903d8df033bd7dbb961f51415aa3c6fc7700bf84b85a10fa1b2b6db50ea93f3fbbc997f3f3971
+	reseed counter = 1
+EntropyInputReseed = 080affb45cd5fbd182501d23fca42c901c92b13d22d8446439762234fab80a0a
+AdditionalInputReseed = 
+** RESEED:
+	V = f8249eee43378c892518f9a1fe7c1e331af2e6bc3da0a473b8de071432a4be830e0914790b6fa35396597602b05e41169d70981d1db9b40083a8af145094d3ffec3eba23b81d26b60dfa281b4501266eae5caf440d79f1523aa85c19118ef3f6385ff7478f886ae50713382712113e
+	C = 7cf6cd7c858728275e75905320df383757888df88f3edde1840130394019e3d0d7fdcb179c6ed00823506b6fb5080849c9ff6b9e7394512cc49748877a679487d40222d7294d0a952a7f8c1a949e0fa09563c1f368473ab3e8698dd48f590049f87d5d5b6bf3f6f558165aa19d409b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 751b6c6ac8beb4b0838e89f51f5b566a727b74b4ccdf82553cdf374d72bea253e606df90a7de735bb9a9e17265664960677003bb914e052d483ff79bcafc68a9d5c05276d0d32b8063f66fe162683ab3f11c9aaee3fdf8797ccef06a4175e011b04d6e1bf46c133cda2e20d958908a
+	C = 7cf6cd7c858728275e75905320df383757888df88f3edde1840130394019e3d0d7fdcb179c6ed00823506b6fb5080849c9ff6b9e7394512cc49748877a679487d40222d7294d0a952a7f8c1a949e0fa09563c1f368473ab3e8698dd48f590049f87d5d5b6bf3f6f558165aa19d409b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8ac74adcbe5127759d57ae3f294465505d10a9d80cdbaf85c4273c01ac7820644d52dc9ef094c927ba5cb8e83d70bbff3d05afc469748bdc47fdb3977bd1a9209657d0a1df7950785aa023b48fc5597c8c073000f32f6d8e4f80561446e8b3906426856ac1c2bfab704ff07e3721420d6ef88b0296e1bfae7f33b3f785238021064355c0659b88bacc90e7dab0e2eaf99eb53900772ca298d49e9586b4c5630161802a192c82fbe2fd2f09b86ec533908160db71ec0ca1d9d9a23f3c072f7724
+** GENERATE (SECOND CALL):
+	V = f21239e74e45dcd7e2041a48403a8ea1ca0402ad5c1e6036c0e06786b2d88624be04aaa8444d4363dcfa4ce21a6e51aa316f6f5a04e2565a0cd740234563fd667c2ae93f4207ef8ecfc75232e4287c2957c9f2de55cda5040893ae6bd9068d14475a4b3de0210c5239887e2c01903f
+	C = 7cf6cd7c858728275e75905320df383757888df88f3edde1840130394019e3d0d7fdcb179c6ed00823506b6fb5080849c9ff6b9e7394512cc49748877a679487d40222d7294d0a952a7f8c1a949e0fa09563c1f368473ab3e8698dd48f590049f87d5d5b6bf3f6f558165aa19d409b
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = cac4707928097956b4cfc56c6a8b3769ee87b5258505710e0568c13defe2c4d8
+Nonce = a11277f7fbc6128976f7222b3fda435c
+PersonalizationString = 066b8009cac91a59d3460d3bdbb283345a4cd3261364193264d3dd59faba2c4c
+** INSTANTIATE:
+	V = 4d59fd915e77f4caeec5041f5b8152d490c3c4f78fed8c6d5a3a12e923feb75be24beff2bf0406679cac45ddbc0b2b2a7fbba523984cafea5420a5857d9d69403fb759d40bd50612eb44d255990f4c4dbfe7f50b079f95023a0dfc561d173f7aea57d47335e856099692c5c62251ee
+	C = d4164c9af51ea4c03d19de64a6849b6595c033a8652d9f2075d69fd564e20e20f8eec71405e8cc2c559439f064e00dc5c93dd9898b9866a1a9b795728b5a6b2158b1ded998d5e8184d545d63e5a41eabc872780d7108bae355ddd92f1d429b2ef66d943a26f7f4d0e4666caea7b7f1
+	reseed counter = 1
+EntropyInputReseed = 175db3d767583c0f0f8e2ba0ca29346b9fa17645ee992f15da521116f8918dff
+AdditionalInputReseed = 
+** RESEED:
+	V = ef5778095a57f414c9bc014b0cd2ff3df320b38b0c6846e92fe98723412b6757295bec2956aa3802dd6f26a2f6dc583bad7af717901b4c5e9e65f323fb4973457527952c2a7f50ae1531699477592bffb42c7edf540a15e3926c8c9249b293d932bd5b28aeb443cb425111efcf1e3c
+	C = d62dfb6c70cc77f1f3bc8758c64c0e926fe2686198625e34e2e87e33f6625983706df95e3fab0369b5fd5977c9291b975174d86f1428a1c846af525ca9ed8d7694f216fed45e23a3879b6790481b72c844fee744cbbcac4f0ed268763bcebe4dd8c607e79158f3e9c9be6180ff7637
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c5857375cb246c06bd7888a3d31f0dd063031beca4caa51e12d20557378dc0da99c9e58796553b6c936c801ac00573d2feefcf86a443ee26e5154580a537014ed186232a3f0e8df440e6e4adce0569da4b2888077f9f24b2d534df3f0cf15e7d45643ef2b35c58304629fb315cbf8e
+	C = d62dfb6c70cc77f1f3bc8758c64c0e926fe2686198625e34e2e87e33f6625983706df95e3fab0369b5fd5977c9291b975174d86f1428a1c846af525ca9ed8d7694f216fed45e23a3879b6790481b72c844fee744cbbcac4f0ed268763bcebe4dd8c607e79158f3e9c9be6180ff7637
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 995e5447709a9c21758d3de669ad4497dcb464e89847df78877132ce64e52c0d6e2055902cc59fb173511fd492ef64054a91bc066fcf0f9ad8a5838e84f8352b2a54091108ad7acd1da2efde652ac39afa1a018b3bda6283bb5201d2f40dec91562c57237b7369f46eac6cf76c366d5ced40413808060b0db338f836272d44dab4ac7d11aea9b9b7b7134c294d491cc6c6a6fb261914003e47b9ac8250758b17cb7171fb19c9d39c58dca41eec2b582246eb543bfa4f700e7bda4bb3c049c002
+** GENERATE (SECOND CALL):
+	V = 9bb36ee23bf0e3f8b1350ffc996b1c62d2e5844e3d2d0352f5ba838b2df01a5e0a37dee5d6003ed64969d992892e8f6a5064a7f5b86c8fef2bc497dd4f248f3e5547cd622f72b3d5b9b979e6fc961efde9025a0be1197d03c2f2cdd84de8f623e86b1555ad014a7ef7084065732991
+	C = d62dfb6c70cc77f1f3bc8758c64c0e926fe2686198625e34e2e87e33f6625983706df95e3fab0369b5fd5977c9291b975174d86f1428a1c846af525ca9ed8d7694f216fed45e23a3879b6790481b72c844fee744cbbcac4f0ed268763bcebe4dd8c607e79158f3e9c9be6180ff7637
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 9d6b91782698bbba1ad8da6e4c4310eb9b3160a3c52aa239eab1ad921135cb6f
+Nonce = ef7d91058bd213a3ad7f824c5af18b73
+PersonalizationString = 7a45719c6ab8c87e3a211509db52098e903e6e8e20741ba5e4a791ea19fd98ef
+** INSTANTIATE:
+	V = 8b881203f0bbdc6266108e8fce93e5bb30abe6cab9d696c25f108d6ac6471b2c7626e1c083b7d1b04c12f809bf9e02afe6a81d3a01adb3d5bb63ccb7b68c14b55114b2a47846caf643724327d5f2bbfac1fe6c76d41879821bbd3a7774f118acb81cb396742a97d111476adb395e3f
+	C = b0710284d8b02e93cebe3e310c8113b0172417308db7cf2ef342ffd02f049c74f3d3d4a31a50b0de57c4f39dacd89be04f4b3761f65a3acc4cae6a8c62214df7b29b8e34a27d147e1e6322c3e7cb20264952c357a54c42ad1d04cae8893747345e884178e9a05a77a0f922c8d8aa61
+	reseed counter = 1
+EntropyInputReseed = 7a9c3b87583fb3f5aea4c0c139d77f56a7bb67c52e519b96082a120bf8621240
+AdditionalInputReseed = 
+** RESEED:
+	V = 835c82fa2b03917a1581e1272542d3f1176604def2e42ff20912d86f63326748a53db5a55444a7d7bc0ad2b1d2417d3483d67fb4c3c0fa91b27eb529cec337c2d1c50aa4f9b515ac2330ee56354204a0233c3867df077b9d8575088dbad0a1a110425446a02bb614a3c8c4bc5b901e
+	C = e1a85fce086313e864aa8ad8717d6edf8f744e8a75d089224640a696fbd2653c9d906a8c3335636acf5fbb91e2050ff973c3b30481587fce1f9068a0492d5d8aef196cebf1874a1239cebe713715814972b4af4bf376fe5b5d13fb49e52054bf76bdd2b68bd9449b5375ec716ff89a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6504e2c83366a5627a2c6bff96c042d0a6da536968b4b9144f537f065f04cc8542ce2031877a0b428b6a8e43b4468d2df79a32b945197a5fd20f1dca17f095be82d4f948bf3e78db3746431119d3c457194a715664fc5516f6553f456351ada0340d3a188b583d11db2b83ac6a224d
+	C = e1a85fce086313e864aa8ad8717d6edf8f744e8a75d089224640a696fbd2653c9d906a8c3335636acf5fbb91e2050ff973c3b30481587fce1f9068a0492d5d8aef196cebf1874a1239cebe713715814972b4af4bf376fe5b5d13fb49e52054bf76bdd2b68bd9449b5375ec716ff89a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4aaaf023241db7c1611374a5241bc66f3f0a7cc8fcaa35fee2a2c607ccce1c3578ef374b5547ada01f1a1ca709ee817ca22eddf35b25c22c82e111fa43d19c0f450b3161101a9cf57582a637966b14e1e86d60ee8115f5b7637b4c2c0b2b0026204cae931dc3ada6254c00f66653211bfe7c44bd65d087962d16ae7658b21756f63337cf050e8cabd5426edaf2ce81fa6ea0236629a481459ea718fdf8a7111bc769ee5ea0d8a5ef3c4159eb5398c2125e6d3aa6647c7727ce5e3a4bf8112179
+** GENERATE (SECOND CALL):
+	V = 46ad42963bc9b94aded6f6d8083db1b0364ea1f3de8542369594259d5ad731c1e05e8abdbaaf6ead5aca49d5964b9d276b5de5bdc671fa2df19f866a611df3d721c660aac8c376005af3e284829f03fcf69801a527086729030bee393f534a4330ea7ebe2e4d06d8059e6c6f4fdd5d
+	C = e1a85fce086313e864aa8ad8717d6edf8f744e8a75d089224640a696fbd2653c9d906a8c3335636acf5fbb91e2050ff973c3b30481587fce1f9068a0492d5d8aef196cebf1874a1239cebe713715814972b4af4bf376fe5b5d13fb49e52054bf76bdd2b68bd9449b5375ec716ff89a
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 0277f4f48f6cddff9481f6287a61960bbfcd36d54bbe5b0050fe7bc4f7f98a17
+Nonce = f39164861d05967de41c95dbc12ed2d3
+PersonalizationString = b167d406b7d8625b0c6b545b8ede35012627d6d4607863cf663da82ccf940a45
+** INSTANTIATE:
+	V = 481c3f2aad3521bb0df21ed6f04592e6058b3f12755f35b32204829488b6f71d0fec0cec73542bed987c64173409886dff9e3ee9eb9876e4893a0d9640f03008305e3e8be0990780def936f96b4f5421d83ff04cf83079b35b708da00ea6747456032b153a8a646618d94cd5380f72
+	C = f5f76c89a87d6ef90c391692b83cd6d5a27aa1212478d248f74a7a9dffc78ccd85a7af948756585dbe12e9ee86a0a13288a53de4771a2c16dc2e6612e56184d891b5f245546ba9a0ae36249ad679acd8d54931130237f3d2a79d8a3835e87882b09346e03ac4266627684c9fdc10e7
+	reseed counter = 1
+EntropyInputReseed = 187e535d675170c3e20a74bbee35e82d9f385d8bd03ea5126d5ea5424ef9eb51
+AdditionalInputReseed = 
+** RESEED:
+	V = 52fc66cb5bb47d1a68644f73fffede8568e6127f32dbf5a2b6ba655a46f95a7a52bbf9aab66c14c949c08278bb8df7d6e94e1e9074ecba1e961fd1fa27acc5c3ad6a494b80859e3c8db79256c92744551efe02830a1080214e2b17de0b0e716a7013c534212e0a3bda9e1512015252
+	C = 56cec5c24eb9f249099c2ba90e461235e52741fcaaa57a6a38d81399092164fe1a511aa5902f12769f2e0a091470b8f477d7075fa412542f6c69a4969af8c68bfd43c2df9fdac0cd410ad42c9e16efc43f612f0cf089402b3d05118f1d9f55489d71a7b6534e5aa183f5f770e54a48
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a9cb2c8daa6e6f6372007b1d0e44f0bb4e0d547bdd81700cef9278f3501abf786d0d1450469b273fe8ee8c81cffeb0cb612525f018ff0e4e02897690c2a58c78c3a8565891aaa5c99a98dfa6655e1e9477faba3013727fe0935d499e0839f48c797f764275d148624145d9d395e707
+	C = 56cec5c24eb9f249099c2ba90e461235e52741fcaaa57a6a38d81399092164fe1a511aa5902f12769f2e0a091470b8f477d7075fa412542f6c69a4969af8c68bfd43c2df9fdac0cd410ad42c9e16efc43f612f0cf089402b3d05118f1d9f55489d71a7b6534e5aa183f5f770e54a48
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 07df5deab86dad9564da00a05192dae58e057ff9a21aa147f3b8254e6cc2ec073f647610de413d37e2b6b64b1c8ddd96a0c06efb82044dd844e5eddcbf5d321e16587c4e8091953817bd9f1e135a0bddadf8cd34a26900ce4151b48edd8f84996f3d13a28af1844e64c30daa7b019ae8728bad2a8421a2ca021786ef8a49f03f2c003e95f47d1bee89a182e9dcc0c1b07b289e491f11cb016fb4a541b27d46a43e719fa83cbc4fa7c4c5edc81add01dd439aa152217133df5ed2e8e1b40b9d0d
+** GENERATE (SECOND CALL):
+	V = 0099f24ff92861ac7b9ca6c61c8b02f1333496788826ea77286a8c8c593c2476875e2ef5d6ca39b6881c968ae46f69bfd8fc2d4fbd11627d6ef31b275d9e5397117531b59c7b14b132b08d8de50dc1aab5797402847ddb3f43678611d53d29587cc65716a50a9baa228b53456405e1
+	C = 56cec5c24eb9f249099c2ba90e461235e52741fcaaa57a6a38d81399092164fe1a511aa5902f12769f2e0a091470b8f477d7075fa412542f6c69a4969af8c68bfd43c2df9fdac0cd410ad42c9e16efc43f612f0cf089402b3d05118f1d9f55489d71a7b6534e5aa183f5f770e54a48
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = f939995aa6051217dfe6c80b3123c983669df4dfecfb413fa3db8b0de6d6d8d9
+Nonce = bf8fdab4bacef3c167bda56cd6602065
+PersonalizationString = 10f641187acad8d6a614da7b8045bb4e78519f1aa83dd06bbdc30cffb012c5cc
+** INSTANTIATE:
+	V = fab3e742af21d0dc54ff0bbb10558966b97b57a17484626f3cd233fb5c6a2806f018921023b69dbec31b4e964d2de0ea0f356db32cffbae7cd96d5f5f8ddc068c453bac09928b10555b37107966d76f438d7fa8785e9287a5b8a1735584eb69047df52064a5f429d7b8ecc5ff60ee7
+	C = 18d8769f7df145a2d1bb75f30c73190a1188556c222b413d356382867a425226881a1571792425c253f985cf935e405d353ba8f35fcb251cc3e2e7326fc992a5c109179702b78406eb35945f078130bb9ba7c8bcf6d4bfaecd3157b6b6ee55e2f33d188957709548d6d79cf2b4b975
+	reseed counter = 1
+EntropyInputReseed = 133c1c25aa0064f8a5290ed0c602b833d6d899143bb567605e1d8258494bdcff
+AdditionalInputReseed = 
+** RESEED:
+	V = dcbe3415d7a6bc490c6581e14722d7c44c357889724b1796465d0be259bfb6ef2fbc5c2219d3e5e00ac0160a5c85e7f7b252c807c672a8a7b38af967ffe20de843e17ea74d336a453da9e8d3eebe2b06958a9d1e6d0cf642f0eb311f4dabe1a066d040602cae93b606a7ab6cca2eae
+	C = f7f7d15c4f744f71aab70f69a386f3032d05c0b6c58b9ea4aba6aad11c45ef258ceb1ce8cc9801ad0723e38f906ac2f3db9ba4671366fc2969babe746cf3cf088561b2da8ec858c5e60835b0740616e935f11c7db0bc6b0d550ed2ff82898ab436bc745e8e77fb82a5f28acca3f2d5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d4b60572271b0bbab71c914aeaa9cac7793b394037d6b63af203b6b37605a614bca7790ae66be78d11e3f999ecf0aaeb8dee6c6ed9d9a4d11d45b7dc6cd5dd3c90ffb983987da386d815ef2221d4d8445be8aa9d3552c735348743f18458dcca71dff0300591eab3b69aa0c53515dc
+	C = f7f7d15c4f744f71aab70f69a386f3032d05c0b6c58b9ea4aba6aad11c45ef258ceb1ce8cc9801ad0723e38f906ac2f3db9ba4671366fc2969babe746cf3cf088561b2da8ec858c5e60835b0740616e935f11c7db0bc6b0d550ed2ff82898ab436bc745e8e77fb82a5f28acca3f2d5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 79b4d74df2c621eaadde86ee28ab351aff0030aaf36782681245bea134b1dc5cc1a963d712668b89fa6d67a3624f1ee205428e649bdcdeecb97ff131078583b4beb1ce139aa357a7ae9ede304b891d776cfa5191d1cdd6c3f32ee01082b54efd0202d4ad3120940f433067751ca7323ffdd2723971effa1e279ec7c331eafd277d0e5ce827244a5aab717e175475607281592c19d5be070c46307e0a3f85a0591098ceb2d54c5d529c3b66a7743b60af9c7bda9ef354b305d15be191c3df8a7a
+** GENERATE (SECOND CALL):
+	V = ccadd6ce768f5b2c61d3a0b48e30bdcaa640f9f6fd6254df9daa6184924b953a499295f3b303e93a1907dd297d5b6ddf698a10d5ed40a0fa87007650d9c9ac628532848de0718bde7ac37e2026294eaedbb5eba06f384c179fc1a1914f94e589acdf1ba6b6fb688cc7a3c584cc49c0
+	C = f7f7d15c4f744f71aab70f69a386f3032d05c0b6c58b9ea4aba6aad11c45ef258ceb1ce8cc9801ad0723e38f906ac2f3db9ba4671366fc2969babe746cf3cf088561b2da8ec858c5e60835b0740616e935f11c7db0bc6b0d550ed2ff82898ab436bc745e8e77fb82a5f28acca3f2d5
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = d590e539316f21d0201caf7712ef4fe278401a864572d046e5bb7543948c77ca
+Nonce = fc38e14d4d9f919b317757c2c62ee82d
+PersonalizationString = 471edd514fca3d6183fa91449f13cec443f1bff44d6960745c4e35edd41a4493
+** INSTANTIATE:
+	V = 4fe4ef30d72e2ecbf71b9e1734c6f2336f2e27e548bb2f59c949d5594fcc9924b5b20b3c933a20e30fc033773282a2b6aa5d43607789bea58d5d3813156ff05a6921bd4025154307d5e9c39c60752b651afdb07994e31895cf17419a2a099754d2ab5b2a912f59087031da209e072e
+	C = d125e5a6cdff2d30429a2885e0bfe9000d3c6b9993d13a7c9122d653e3b047ffb1abcb66adbb7f8c7ca562be1a41b1a3ea65417089b2d03a22a1b11feed312cd4a5dce20a26c80c5840076e00e7b7d996f125a918724b92ce71d700568ee031575d6e13f02a6a8e2d86b2f47195257
+	reseed counter = 1
+EntropyInputReseed = 9c8fc6ca5bc11dd171becca66cfd449b03920171b03af3b7e97a19b77fc56187
+AdditionalInputReseed = eab6c07c881a00d9a129ce3b9dd1ee274bce032a056afbf282beaaa331ad86b5
+** RESEED:
+	V = 9d66bbaa87f18b222757416ffdaa0a74cbcc75121065d5b0821014d173da9175d8d9d2a5bca8ec367de5f7c0130f503c0c500dcba96ecae33ddf6778b1e38ab9534a5ed103f6c8c121c97bc268e88842cb7a0e4015045e29297797730ba5ac9f7744971b5ca9af32145edb492934b0
+	C = e776138b30bca2198887f1ab5b9f2d8abbacb28e5f3c8925d00980c29a7a536c3bb741a3611a2e483b0caad0839fd1a0b60e5c653bcede6d9e577f0a7ffe6bf881978690023c9ac710eaeb22c2d15828f9de1ecb02a4c2b64fe4cc477745ab062fceb80c085791e81902ed598573e0
+	reseed counter = 1
+AdditionalInput = 95cd4131eddf94958e1f8fabf5e855f848189bfe381926c514abfc21f49a24db
+** GENERATE (FIRST CALL):
+	V = 84dccf35b8ae2d3bafdf331b594937ff877927a06fa25ed6521995940e54e4e2149114491dc31a7eb8f2a29096af21dcc25e6a30e53da950dc36e68331e1f80af7394114e71bdf7997bf14b994abd7a287362b0863d5b099ea4470bbffd62975b6526694fb032caa4859d30003ad33
+	C = e776138b30bca2198887f1ab5b9f2d8abbacb28e5f3c8925d00980c29a7a536c3bb741a3611a2e483b0caad0839fd1a0b60e5c653bcede6d9e577f0a7ffe6bf881978690023c9ac710eaeb22c2d15828f9de1ecb02a4c2b64fe4cc477745ab062fceb80c085791e81902ed598573e0
+	reseed counter = 2
+AdditionalInput = e0bb271938da954cb0bc13a5275276307d1995596461fa6764b1e69c598b7816
+ReturnedBits = 47afbcb9725e248fc10cdea52cd4e9e18da263f46f524f9eaa5c945b7578ca62fa063586ffc6a4643b5ac4394c1e0dc880589eb7ee7f663145f78b69ab51c6c1c7c96738538d77ce83a229faf89e1f75d14e6ab94c0cecc51da931b61d42f0b67b0b66330e183980c9a66539eec33c94f41d4c3955d47b19a2546d9ed031618f3698a0915ada23bcf8812b02ea50a540af9a397f9c3b8e1302fee609745231e86bf28536c52a8c93a5b5e29964f98ca8ef83e4b94394fa6afba98e84f50efbd6
+** GENERATE (SECOND CALL):
+	V = 6c52e2c0e96acf55386724c6b4e8658a4325da2ecedee7fc22231656a8cf384e504855ec7edd48c6f3ff4d611a4ef37d786cc696210c87be7a8e658db1e0655f045f5d653a7f4d9fde360466c655f21c555f42ac43b48697bdc043301cb4f989888ea23d9165b85b2a597c3507ea53
+	C = e776138b30bca2198887f1ab5b9f2d8abbacb28e5f3c8925d00980c29a7a536c3bb741a3611a2e483b0caad0839fd1a0b60e5c653bcede6d9e577f0a7ffe6bf881978690023c9ac710eaeb22c2d15828f9de1ecb02a4c2b64fe4cc477745ab062fceb80c085791e81902ed598573e0
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 1131d29ff15c335129364ff7e19eccfb7739d16f19bd21d774cf4ac6da190c66
+Nonce = 7de813c05fa6556a82850f33c2470b61
+PersonalizationString = 5504f7f75710d128b55842cbc34d0086f96eb55ce8d2c7b96b46f8b239451c87
+** INSTANTIATE:
+	V = 78a0809f7ee996f9f4e118d7c891d04faf9219b24bcd42199509d0a897d00ad4d3c65b4ee7b0c3330423c4785f23614630b5e1622fd2b2c5a4eeaf93bb8a4f4bcffba1067dfe5432960c5c68bcf71986f2912e56f9b42040eb215477ddbbb82779f4392a41a0ddd8dcbae4c649712d
+	C = 1d657574e8ec36a2207e073f8444ecfbf1fa6261e5fb706204a58ced33f2aed2ea79c988e55a839cb0b5c824f5b584b081157fc28c4969ce7757e5418d9ce692468f6f9320723bd092a158f89b2313e4c40c1798516f5c679178c2d5549ea638905e6e3d8aa4ed6989a111ae3ac476
+	reseed counter = 1
+EntropyInputReseed = 99adeb9fd7cb52531405a94666c7ea61d5e5d262a9e447fa80c34fdd41d985f2
+AdditionalInputReseed = 666e2a3ab4c3e52f83698a5c4a2dc6510d9c4dac906cb6ddd40b2e89e41c2aae
+** RESEED:
+	V = 2604e4a86303f26475052509d80f06dd7b99505dfe663e780f29ff21892da21e5264c6c797f8b4c38b9621874c9fbaec19c831874871b2c8ed321da4c1c01166f0071f9e7ae73411126de6eddc0a81ea675ebb66d5184abaeaf966b1b07486bd562016bf4125f18ef5d02205c17ea5
+	C = 579bc2c75d6ba80d3d82268247110d4194ca8af2bdd1aeb1bd26780a80b3e12d56371e635ba93469fecd4b438025e08c20be7b6b817488bd18e1e6ee011d762b16b7bb964b5e00ba9480b059787d36c3e0ff911f03c6ae91174b4bb407a3cdace4c704461c5b4a8a3a7043efe40060
+	reseed counter = 1
+AdditionalInput = 65c39a348b42085bacf7897f0fc1782e141843229fec8c54a4d9384f6fb480ba
+** GENERATE (FIRST CALL):
+	V = 7da0a76fc06f9a71b2874b8c1f20141f1063db50bc37ed29cc50772c09e1834ba89be52af3a1e92d8a636ccaccc59b783a86acf2c9e63b8606140492c2dd89068a0291c3163720253e25147fa9c27297f3ca9b2f383bc1515d4fcdb8040312ca5a83f4048e021ddf37be1f3ba5219a
+	C = 579bc2c75d6ba80d3d82268247110d4194ca8af2bdd1aeb1bd26780a80b3e12d56371e635ba93469fecd4b438025e08c20be7b6b817488bd18e1e6ee011d762b16b7bb964b5e00ba9480b059787d36c3e0ff911f03c6ae91174b4bb407a3cdace4c704461c5b4a8a3a7043efe40060
+	reseed counter = 2
+AdditionalInput = 1cd0b974f346117b6855c83db4eda1dff8cb6023f2105498fd459fdfea5588f0
+ReturnedBits = f0d009ddfc4894d7a88db2d9a181f342cfac8ec4533f2699e348439464945ca9ea0e83f81d5c568ab04fdcfcbf6ada5a46d1f1db1d8aa64c0cc93169168eb4e2629bd7a3f27df8152b8e8f9c824ede23c6ffcdf455fb8c49fe77be64fcf2296dde5ced33ddd96939802d68ad8090fabaa232984c5d11a7e9de37d41d5fd5687c4f53c6004b6ee0159454e9062317da8fc3fb9ee6592567f4ff773973d19ba967c80b2098d508e44a54480398acdea6e4c3d82df25805ec3e36777b3e8fd66c85
+** GENERATE (SECOND CALL):
+	V = d53c6a371ddb427ef009720e66312160a52e66437a099bdb8976ef368a956478fed3038e4f4b1d978930b80e4ceb7c045b45285e4b5ac4431ef5eb80c3fb00b19cfae10a2802bf657e807bd876f788a9946ec923b3476cc496c424e4169e8d4b4fd2ea61d0295c3f9419d4b07215cb
+	C = 579bc2c75d6ba80d3d82268247110d4194ca8af2bdd1aeb1bd26780a80b3e12d56371e635ba93469fecd4b438025e08c20be7b6b817488bd18e1e6ee011d762b16b7bb964b5e00ba9480b059787d36c3e0ff911f03c6ae91174b4bb407a3cdace4c704461c5b4a8a3a7043efe40060
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 6001b629198863fcbcb3d638a21a89f5e44e27448d933d1ec5e995db04d7b0af
+Nonce = 6c5e879321e728c1791a7de586c1a062
+PersonalizationString = 017db479a92cd5012d84227365a1eaf7cc6a18616c9750e03fc154a29668acb1
+** INSTANTIATE:
+	V = 2f97d077c215ec011e8a4b714e18a572ec8ae4fa94d8b3c1ae9cee3399199ebe9e6c3c49fce3d703f5b45d7ab95dd8c382443d5fcadee37fd17c294bda8b7a598c62e22c9d51df51eaf926e5b1b33db56e4fb9d9e8fa8dd29a6cfcf6aa6275d0bc1d84d1467a55c250fd39c2eb1f5a
+	C = ae5b7a9123e1962ed6825371769ad35d7822e802e69813322cf7e53eeb69123775d695e5e69124e50173acfe9ca8ad20f7c8d6a91c4f1fde40a5c0f1368ae53fe6b96728524cba748e7ce59820f4661f649509b920bb2fe0a4d9d854fbd14259d96386cb99aefce2908061162e5ce1
+	reseed counter = 1
+EntropyInputReseed = 182b514bf192de0ee51492fc9e1879b357cdce0443bea968a16e482301234d2d
+AdditionalInputReseed = 56306863d47a448e745e487e9a07700c0c9b31100ca4b7012ee345156d28b15a
+** RESEED:
+	V = 23007e586d1d1622455f35dba213e01dae2d17460980a58dc284547bee3ce82fe1ea8ba1e60f183b43ea54de5fb76d91d914a0b090c5c81344ab72a5ffc36e8207534c507d5d2689de50612e86351351d98ef86aa3e47e9107c2b00fdd79d79ca4e267ad4678030ce75a7496ece6b9
+	C = 529690cd143d9fcc5ae4ef05ca5481bb17b9fef272c6f4fbdcb77f06bc7e74df6f899c57a12ae636e26514aa16ca69763cb9bb3b8b69e8e57039ed2ddb1f0a3ebb37f0259a6c56ced5d227ec834e4f7adac5e716be165648f8dd8c5b5fec9f3c6613eadfb21fc07d6809db3aa0b934
+	reseed counter = 1
+AdditionalInput = 307b71f447db1360d60e93ab27d55503c8eb431ba9f93f871b5b69e1acbef597
+** GENERATE (FIRST CALL):
+	V = 75970f25815ab5eea04424e16c6861d8c5e716387c479a899f3bd382aabb5d0f517427f98739fe72264f69887681d70815ce5bec1c2fb0f8b4e55fd3dae27990c2503d2ef6b94e84df65d1e4906b7de6900e2102f6f547179f68aab5b526e29f1ad6c893e320b5ba600dd232d99b58
+	C = 529690cd143d9fcc5ae4ef05ca5481bb17b9fef272c6f4fbdcb77f06bc7e74df6f899c57a12ae636e26514aa16ca69763cb9bb3b8b69e8e57039ed2ddb1f0a3ebb37f0259a6c56ced5d227ec834e4f7adac5e716be165648f8dd8c5b5fec9f3c6613eadfb21fc07d6809db3aa0b934
+	reseed counter = 2
+AdditionalInput = 5f22331b308b96b95de664816cfbf247f171ed9a559b5a970a4a67921c518ebf
+ReturnedBits = 73698cdb130daa90094291ddfd8f4f877d00c4c1caaaacdf4f47ddfa4c3a69f6b851698d5c0bc8d72d4625bdac42e5b8d51174f5f196e4285199534fb5b8d3ebf85fadde50c167092cefc9f51985fc871d6eaccb149a74da02d83b6f26f2a800b75065240b2b120504a9b18d0c7fa93b8a7278d0ac99745cd3d19106ee9eafc4100821e81c21795825f000b7fee603794b8b8591a2d45f6921362bdf1d4f36e57112c80672466aaf71bc4ce642df8ed1c63ab102ac2b142e6f1cfe6f4dbee1f7
+** GENERATE (SECOND CALL):
+	V = c82d9ff2959855bafb2913e736bce393dda1152aef0e8f857bf352896739d1eec0fdc4512864e4a908b47e328d4c407e52881727a79999de251f4d01b6018427b15b790f666aab669ee56d457e0658c39d3712197030e072727890d734002cf66e2c45ddfde665939c0ef98ab1f85f
+	C = 529690cd143d9fcc5ae4ef05ca5481bb17b9fef272c6f4fbdcb77f06bc7e74df6f899c57a12ae636e26514aa16ca69763cb9bb3b8b69e8e57039ed2ddb1f0a3ebb37f0259a6c56ced5d227ec834e4f7adac5e716be165648f8dd8c5b5fec9f3c6613eadfb21fc07d6809db3aa0b934
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 57a7ab6fba6188bb3ba64c237327cad97ba8e8abb3e0e5f5cb7836eac6f84220
+Nonce = cad1dc0ae7cb76be386d84036a8ca256
+PersonalizationString = 5ce1e7e8784fcd5f9b3c408e37404dce6bfe3253fa77d724698fb03d3717c0d5
+** INSTANTIATE:
+	V = a7ddde39d8b9ead04d2a638f5338773e09969337e49654b56c16609b005fe39fd640dc5f23146eb84bdc71fb563377d88962cc28b0b348a818014be3062c37fc779c17e8d96f27c754f686479494ad9956c9a08020eedbc9f418eb212c5fb0423f0b386aebb5f99b95fa4471f6569a
+	C = 4f3d58c7e105fc66550506e814f15452313671b64b76bbea18719efbccf953ac450322f03d5c2448329117315aefdfa4d607196ee259900fdde529df1012e4e3aca9c0eeb2099b4757ed84dcd21f61becaf85175db6de92e5c0119c924529bb0b899fbfdce3dbc94581e89fd4270c2
+	reseed counter = 1
+EntropyInputReseed = cd2688318e41678edc118ac09f643816d00b9a982ab2d18d9d8834758b175152
+AdditionalInputReseed = 72defbb8a3f9cf51dc74632fe54508177fa21ef75a2d77b08a8e4ef67da6926b
+** RESEED:
+	V = c09660dc9794d24dccbbce647f0cb296610cbabe490a7b9a20e37176d5da176caaa37a7fd16663e46acd75fbf3085818976ac22101ca51c52f8156cfca771415c2ef2319454a6208996e84209cfea756a82b889f10fc21c0d6ec1e8ed9cdd58df928a65ebb42dc8476efbb5df4ca47
+	C = 95d170d8e353a540ebbcf60f67e251dd76d1ff82a29923b53c18e79fb5a628904e29f55260b13c2b8b321093481dedf33dae4af29788d2a8b7b054eb5d3a744d09db8333dcd7052b687ced70b7d1f644f35b549bcfa2bcb8265c2f7c63a164b77d9e51e8695aae266d28c47eb4b780
+	reseed counter = 1
+AdditionalInput = 0073f4088ee65a124f92804a58fe2b17f7c9aa98e0748a16390996259c015b75
+** GENERATE (FIRST CALL):
+	V = 5667d1b57ae8778eb878c473e6ef0473d7deba40eba39f4f5cfc59168b803ffcf8cd6fd23217a00ff5ff868f3b26460bd5190d139953246de731abbb27b1890d629ad1843156446e3e386904ebfcf090d734a57138ab49d9758fdafa7303a9644aabe3b5967016ce1e0ea78ea9f65b
+	C = 95d170d8e353a540ebbcf60f67e251dd76d1ff82a29923b53c18e79fb5a628904e29f55260b13c2b8b321093481dedf33dae4af29788d2a8b7b054eb5d3a744d09db8333dcd7052b687ced70b7d1f644f35b549bcfa2bcb8265c2f7c63a164b77d9e51e8695aae266d28c47eb4b780
+	reseed counter = 2
+AdditionalInput = b559bc0b29802941df1ffffa4e60f89dd6c59a42aaa03f51aec9c70817ee4d49
+ReturnedBits = 56e78fa87827f0917af6c54f3e9cc5450ef20a293230d2dc6e44c3237f1305e92e9094302e04144e750a1816290e6015d63f0b6934143f739bf90e65e75943cf4899d5a1b9955e2a3cdd34947bc78eb17411dc204403f254c6cee5081ef20a5e4a68a7c32d2bd6ff5c2776854cab9bff863f8ac11f0f5d6d2252da573e68ce83e4559f932c74bf2c0de30a0b9b6b49f6208400db543e6434a59669990c69a782db3e9c4d7dccf266c701c4163c9599dfb0768ecb36d0b31fe9bcac295c40bcbc
+** GENERATE (SECOND CALL):
+	V = ec39428e5e3c1ccfa435ba834ed156514eb0b9c38e3cc304991540b64126688d46f7652492c8dc3b81319722834433ff12c7580630dbf7169ee200a684ebfea67a46da431b0951e5c2027911d34b5a4d0f4d080aa251c7e9ce5f3809beb557f04ead742ed8750fb6dc00de9b6dbb86
+	C = 95d170d8e353a540ebbcf60f67e251dd76d1ff82a29923b53c18e79fb5a628904e29f55260b13c2b8b321093481dedf33dae4af29788d2a8b7b054eb5d3a744d09db8333dcd7052b687ced70b7d1f644f35b549bcfa2bcb8265c2f7c63a164b77d9e51e8695aae266d28c47eb4b780
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = e5540d64d735136d926f300adcbd6934c505839ba75b6aab1dd30d1df7b780d6
+Nonce = 14b40c845f6b12ad151ce7c99fa00081
+PersonalizationString = 4c84b273052a5b3a81b6029ee2c059b2d53f49ef9a202420dac71987e6b4239b
+** INSTANTIATE:
+	V = eb4baa058851a5127ba610d3459999a3b12e4a3075f5d77924eaeabdfd0b315a819c126486a6a812a12fc2d369441d3dd6bfc263895650eb8908a9b22d6ae0071b19b582dc5ee2843c6e6609c5d2e0055d10c2fa7b902feeb9843eb7ffff82dbd62ac57bf7185a8f08406320c6b1af
+	C = 9055ade932939c92f4ebcf19f80a53b7df1dc30caa74b08544dd52954f11e4ff81a5522bf2c44b500e685a9c747fe8ec8ea3dd6b3d838e6c2bc56aa10f97402cc319085e5afaabf57fd6d754a91467e475142ca66ebb596f3ee8825493c89f30888359eaddbd88e69c4bc72f80d628
+	reseed counter = 1
+EntropyInputReseed = 7320328ad79d39b374c8d22d031c78efa3a36e34cd18f2656b1877802c215af7
+AdditionalInputReseed = 8f68db40b219c931a2fabf22b9beca8ca35606e45c28c1b2a2de9e278d662c1a
+** RESEED:
+	V = c77b16997d631a0a66150b8ff86aba2c3e8c33ca80ccf57b547b57264ba60dd5e8bb29ee430b5187b6ec56e56724ab6ead75624af25b138a724199518980529f7c0cd0b0b547ff015fdd11506e8944f0a1ea2adf1c75c82dcd4064d7128690d006136baa1438632d035471795f1ddf
+	C = 22ff03621e6cb13d251eb3c0f844bdaf2ae16c298dcbc497279470db879dfcd698f922714f4f7f11150150a94fe8a1f4180c5307f0a7de6938812c86b8896ee54e9d4841df293a1bef6f2f83c92e0b75b1ba0d74926b5841ed86695723e6aeca45fcfb7f816d2eea278fa0f39ef334
+	reseed counter = 1
+AdditionalInput = dbeee1c63e04e57be7b655a44f9889ae91dd259535c06eb71ed92419b0d5a4ee
+** GENERATE (FIRST CALL):
+	V = ea7a19fb9bcfcb478b33bf50f0af77db696d9ff40e98ba127c0fc801d3440aac81b44c5f925ad098cbeda78eb70d4d62c581b552e302f1f3aac2c5d84209c2a0af743e15d3f8f5025a4c2bb5223b16f820330fb939d93e5645dd4da0aaa06adfa5ca89765f3d0635158c71b0b3bb15
+	C = 22ff03621e6cb13d251eb3c0f844bdaf2ae16c298dcbc497279470db879dfcd698f922714f4f7f11150150a94fe8a1f4180c5307f0a7de6938812c86b8896ee54e9d4841df293a1bef6f2f83c92e0b75b1ba0d74926b5841ed86695723e6aeca45fcfb7f816d2eea278fa0f39ef334
+	reseed counter = 2
+AdditionalInput = 48f65e58ea017ebd01232d725554c0d90a03beeed367dcb4b7c095d488399b8d
+ReturnedBits = cb463be4791b866563ead4a0776c50dc776c47f7f832e7f46b6eb2c74585b8288aaf9547e0842b8f67e99ea21e7f5e7a0931ca2f7a613303340b24394d9cb0cff47fd41722fd042948af338721412559bc4fdd03b303fb9e6ef4a7eb82a6800f049493c445a8978226ad42b4977e0956fd097a5da3f09c8c9b729a6925129c7de30974bcb7c7fc5be1950db084e22937dc8d7545cf1e799b59fe3048dc05b8082f3041ba5c68de7abe826e5958782e1e3bdec00239e54c6de794d6040728e71f
+** GENERATE (SECOND CALL):
+	V = 0d791d5dba3c7c84b0527311e8f4358a944f0c1d9c647ea9a3a438dd5ae207831aad6ed0e1aa4fa9e0eef83806f5ef56dd8e085ad3aad05ce343f25efa93320e6848b05b02e5b13faf34177ab8f2d5d276afd92029bfab3b53812adc16c601b4d7463db64d59d76b66f02dbe61b4dd
+	C = 22ff03621e6cb13d251eb3c0f844bdaf2ae16c298dcbc497279470db879dfcd698f922714f4f7f11150150a94fe8a1f4180c5307f0a7de6938812c86b8896ee54e9d4841df293a1bef6f2f83c92e0b75b1ba0d74926b5841ed86695723e6aeca45fcfb7f816d2eea278fa0f39ef334
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 0b890b1ee5592b57441a1da251898322309d9fec2360da39d49c1b0e39fd43a9
+Nonce = 7f49c4dd126480ccd0c686a843bfec09
+PersonalizationString = fe003a1e1e20ae73211fd34846b0c2c00c06418d8e077122c93dbfaa81c7cccb
+** INSTANTIATE:
+	V = eeaa07a587f136083ea89f3f3624556949efae8c1d232d50ad8098f84d47bb37a6207c918f7a7a82c356dbf950223c7e46da6abd4171674ecf9bacab3396cd8afa4d7f8c4d8951ce6ec8c5628800f12133cf1cf2f3dd825cc8b9709ab10bdacf9a5cc34f13766e8dc94a7ce4f16a1d
+	C = 98af34384e6c2da83b8fd72c6d8214c63cf02ff1628debd75b4c5f114984f82799f8bee98a3bbf1a77e39d70871b677625832f81426f7fe9dcd1b56c060027f73fbeaabf928b21cf3c962eae15afa3043420e4908cfb54d2570244d5f80b50d2c8084dd0af5dad92387240a173998c
+	reseed counter = 1
+EntropyInputReseed = 2c696dbab103ce1f72e4d34e435ddeb5917822d3d5a0f844cab4813ce53298b0
+AdditionalInputReseed = 7a7202af0e67020f37a19c3291bafb8728156ad8b287e0a032f7244539ef9cd9
+** RESEED:
+	V = 6a03dc007fa179b9086140ce0390c82c30c52171165bd2a6178ecb7add826f6ab23dec24d28e8fb88e159c54038b7fe3bbb4b232a36f4516bb71abc5b5f1bdacbe5afd511a5c1ed3b613aca5b8b4b4998a111b8c27a00982be485cc23981831b42ccba24aaf0a4e52cbf83907ae3af
+	C = 8672ab6fc91c3390bf801b1cd9c87349e7477947026a280148eab5f93fc0a501846ec988af050fdb4fdd7deb3f9db1e43210e798a3a3d587eb10eb9819f133c63bf43da5117fc724f20e6f21a08673662e64dcf2d020914e30b6bfc1bb1666ecd00538e248d9c7461cc1983c6a112c
+	reseed counter = 1
+AdditionalInput = 6a53c95d57c50a71be4343f458cabd56b8e8afccc7fab6d541d32ed88e22055f
+** GENERATE (FIRST CALL):
+	V = f076877048bdad49c7e15beadd593b76180c9ab818c5faa7607981741d43146c36acb5ad81939f93ddf31a3f432931c7edc599cb47131a9ea682975dcfe2f22c4bafbcb9cf4f13739a6607715a46d6f18e41f99220580bcc30f4d47d359a7133f2527af8d4eedef535c9c9e821714d
+	C = 8672ab6fc91c3390bf801b1cd9c87349e7477947026a280148eab5f93fc0a501846ec988af050fdb4fdd7deb3f9db1e43210e798a3a3d587eb10eb9819f133c63bf43da5117fc724f20e6f21a08673662e64dcf2d020914e30b6bfc1bb1666ecd00538e248d9c7461cc1983c6a112c
+	reseed counter = 2
+AdditionalInput = 63248b1cb483ffe2d796f289a00619fd308a5dbad18aa2e2d5126506e4537fd6
+ReturnedBits = db5d8293b981b1afec51e7160e157d50c3f5cb1bd7c426ec9ca04b24542b4492696da0be5998a05546d24e42df0c819a095bfed16e1db4a2732ee2e357e6863051ea9ef3ade4590a32fefa21abeed5ffa8754e7dfa657a1196944278cadb7bd04ef52410d4ecc8f2effeddb0f4bc60dbc3f1d288a8f9ca734108e92aec727fc21e97edc4180c81c6f71dd95fed31216b12a3f51b92d1cbe5b189c2a7b08e469724c7560257641811ff95681db76645b90609fa55459450878e2b1de3ad1dcce2
+** GENERATE (SECOND CALL):
+	V = 76e932e011d9e0da87617707b721aebfff5413ff1b3022a8a964376d5d03b96dbb1b7f363098af6f2dd0982a82c6e3ac1fd68163eab6f026919382f5e9d426fd3410e108bb0b3236831661dca3517de01cdfac056bc4f76dd8b8aa0ff96ab574960f5465d75de2d7e6a64d5e00a604
+	C = 8672ab6fc91c3390bf801b1cd9c87349e7477947026a280148eab5f93fc0a501846ec988af050fdb4fdd7deb3f9db1e43210e798a3a3d587eb10eb9819f133c63bf43da5117fc724f20e6f21a08673662e64dcf2d020914e30b6bfc1bb1666ecd00538e248d9c7461cc1983c6a112c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = ef6ed94db263c28593532d5a5b92e571ff893736dcbd92ccef249728b86c78a0
+Nonce = 98270d9c794a9198facfb8cbde48306e
+PersonalizationString = eed7020a2a7daffc2cee39f860c6109706b6363d6ebb09ee0dabd1debe460bc0
+** INSTANTIATE:
+	V = 5c22f404321ac98b45e541c18dde08e443d7eae785a1c5bb53da5bac430bd0b6fa6ee16da8361ad09025ca81ff1742c79458694adb68de64bfd622dd3dcbc7e071bf33a69ae393a3d9821fca25bdb224060d0d6dd17bc728a5686aef19eb96eaa77c13862ea668cca5ceeb786987cf
+	C = 578d5dca1ba81610ef3ed4c23ca94985dcfab76372810fcbca67dc0a0c965dd9f5a767494d2e70b2a4bbff6d90659bec360bfcab4d916d2d33605ed9ac326dc44d4cd7732c90ef5b679650b77c8dd3e4a21fab4815e40e510861516858566e3bef6aaa592696f01e37d37d7ea57538
+	reseed counter = 1
+EntropyInputReseed = 84174cffdd93796ba5b164f38d13652952ad14f3365316e78b4a23b9c608c48b
+AdditionalInputReseed = 79dbd6631fc43e664e0ca693d6211bec458ddd4c19d9a3baa3943757709277f8
+** RESEED:
+	V = d2db498ef115f459d306930b375ae281fda227b6e2fed7e5400761da65759e12343d5cc8b941333005efc7143e5d0b25ca92ab6030e845bae8cb33559feb0bfc6beab5ee06802a8e3668070d0ffb593206d6956a7883980facac83a470433fe66f8f13642099abb1e117c306fcc711
+	C = 190d34f1454feb378617ff9ef77ea42d04c24a269fb0e3532e28b20e6c4d33554f1cd97e4c7bdcf38749637732678174f59a00365f6ba6e52123fbd4d066b32acf8349b52d737bebad8ca0850faf44d98f577f9d69d7b57aa6814fd7d2d8d5de1673e011fcefec80c075689abe672b
+	reseed counter = 1
+AdditionalInput = d6180a0dc8ac5525f31f17e6b0095ba87225f24a5011eb6979dc28714d3c2274
+** GENERATE (FIRST CALL):
+	V = ebe87e803665df91591e92aa2ed986af026471dd82afbb386e3013e8d1c2d167835a364705bd10238d392a8b70c48c9ac02cab969053eca009ef2f2a7051bf5e8567644fe59ef69f2f04f20f5ec984293cf8a21f6f4cb38f464d9ac34bc2f3cc624b76d1f7a36a91feaeaddd084ed7
+	C = 190d34f1454feb378617ff9ef77ea42d04c24a269fb0e3532e28b20e6c4d33554f1cd97e4c7bdcf38749637732678174f59a00365f6ba6e52123fbd4d066b32acf8349b52d737bebad8ca0850faf44d98f577f9d69d7b57aa6814fd7d2d8d5de1673e011fcefec80c075689abe672b
+	reseed counter = 2
+AdditionalInput = e0cd424fbc68101ef21b75abadc32d0476718f6cb66a8f3164830337b3a76958
+ReturnedBits = 01617a514af26f86d5700b9858bc0e3b46c22bf6813850b5f4037829a07566f4f38defc52b16a8a2cdde264ca81192d7ab9d22575654b5ffa2d1316701860a108faabebba90d28cf10f2233259b193ba1b9410cde14b8e065d2f5891608c88122a37d673ed24c09fbd4ccc71100d835711a36f4c8c0a311b76e0ca7e48ab42ce6af5783674d9573f5c17722b2bbcb7a15e838ffe2cb385d06dbb8d6e94e2d6af62b5b905cb38a9ee3dd85c9c795de9ac36f47d78524ea711f0c8a633aefc4f53
+** GENERATE (SECOND CALL):
+	V = 04f5b3717bb5cac8df36924926582adc0726bc0422609e8b9c58c5f73e1004bcd2770fc55238ed1714828e02a32c0e0fb5c6abccefbf93852b132aff40b8731ab005e15b1884db676f8134c8f7642bee8abd8e66931361d7c118655b19ee3bdb78bcf30e1ad57d68fb7c158b37fbaa
+	C = 190d34f1454feb378617ff9ef77ea42d04c24a269fb0e3532e28b20e6c4d33554f1cd97e4c7bdcf38749637732678174f59a00365f6ba6e52123fbd4d066b32acf8349b52d737bebad8ca0850faf44d98f577f9d69d7b57aa6814fd7d2d8d5de1673e011fcefec80c075689abe672b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = a36f5d5b7e19aaf433f2dc98ed6a659c1c8c2af9dc801813ddae512427eaf95a
+Nonce = 1163fa40edb9ecc7e158b4c478696c8e
+PersonalizationString = b4194c1eeec98147f07ed70cf1662671a2c5465d3c4f9b5c3306fe1297c38de6
+** INSTANTIATE:
+	V = f04656fc0f600e90f2eafe08d00be900b16ee4ace4e1c1a4b60270aab1175c7848bd7b69efb3b5ed173acd1b34daca6c3f792ad189f3552576a85158c6f4195154eefc8381d47c0c029a1d3fbec94b7c652d3abc641f54fef8612719ebb0dc3884b5e16a28cad694fa94e232b4a37d
+	C = ece4c9a2140114c5c2437068c1e7d47350545b5c162b3b4513308687a573426d638a43e479eddbc5144d773e987c03279feb5c35501a7bd3244725d16fd80d050b7f7c7f0cc1c23dc12c8f2156a02b7e80b94721b5ee05f0edd30c1b68faa1b30628d2f5de842550a81ea49282b171
+	reseed counter = 1
+EntropyInputReseed = b083b96c9ac0f92846ad91ffb808072a1a69edd0883756f825a07a8386652fec
+AdditionalInputReseed = 0fd5dbb2bd6ce3c0514b07278081d64e2ae54ded4a458000ef47c3d728f0c472
+** RESEED:
+	V = f88e3230d7a5cd9f95f39f073a883a83541cd820195c6982fedca3a2e6f54d894f7a487e9284351bb68fcd687233c1d41ff016ec1b039faf50a532d9655e1461b60cc6e00ddc3622db7e4d370cac6621f091e11faf69d247fc14cbc7b09d14cf56cca677612ed5021d9502f6fc500e
+	C = 0b41d25068f5aeef218deeb3af738915235a3455d8c98927ab412aeb481069bb3a033227951fefa3c7024844d52e8609f05b48cd9cb7056d21fb4d1498a3262ab8bd60260d07c40527f79780b6df579a938314c17bf64d146daa778682c349230c66fdb12dfc8d8fe9cfcc9a34ff81
+	reseed counter = 1
+AdditionalInput = e761d087547c073257e718a5d3f7e7eade0b39de68988df96d28df1dc9bb0cc5
+** GENERATE (FIRST CALL):
+	V = 03d00481409b7c8eb7818dbae9fbc39877770c75f225f2aaaa1dce8e2f05b744897d7aa627a424bf7d9215ad476247de104b5fb9b7baa51c72a07fedfe013ad0c0262c671e2f73d22c4196b81f1b454b2c5e4fe10f63786a81ec9efcdac011ad815ef4244ec805eb469f9386a749f5
+	C = 0b41d25068f5aeef218deeb3af738915235a3455d8c98927ab412aeb481069bb3a033227951fefa3c7024844d52e8609f05b48cd9cb7056d21fb4d1498a3262ab8bd60260d07c40527f79780b6df579a938314c17bf64d146daa778682c349230c66fdb12dfc8d8fe9cfcc9a34ff81
+	reseed counter = 2
+AdditionalInput = b2fdbe227272bb621346b8ebd4a556fd25b47f2a69bd317160dfc6e003da6c50
+ReturnedBits = 56330c6b174a6c3a82165d0c9ef7a2fe3c2f5b2b67bf7ea4382a0c06b07d30d8288cf99d1f7e6e19b15cd5325e50189d2a994fd252bd80d5e0d24a1ed95ebc3db9ac4bce6b884725cebee031b5912214b9128c8ba57668806c279e1a67288b9574dcca697558531d093a2c14484919efd98241fb687f420c16f447d1ce0685f178b2379538315f590d61bbb823ab096fec182d92dc09e08de5bbbb26fbb930f14a662e31a9fdaef559462f1913868d3de76f2814affec170dcd3e5f7fd4962e4
+** GENERATE (SECOND CALL):
+	V = 0f11d6d1a9912b7dd90f7c6e996f4cad9ad140cbcaef7bd2555ef979771620ffc380accdbcc4146344945df21c90cde800a6a8875471aa89949bcd0296a4614411bcf33eda31b57a434241a1ef767f689d093969711abb939413f9f0f158439437197debcbadf90b7c3f274628722d
+	C = 0b41d25068f5aeef218deeb3af738915235a3455d8c98927ab412aeb481069bb3a033227951fefa3c7024844d52e8609f05b48cd9cb7056d21fb4d1498a3262ab8bd60260d07c40527f79780b6df579a938314c17bf64d146daa778682c349230c66fdb12dfc8d8fe9cfcc9a34ff81
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = e46873e78e1128ad856e9029e4ad18260ddf864c1cf5ca2a8ef7a7bcb78514dc
+Nonce = 42e1758d50edbd72202a22f8eed72ff6
+PersonalizationString = c6f2d3cdb3621dcc61417cab936ce6dd6e8c25043c43f6122f5d51ae195c413d
+** INSTANTIATE:
+	V = 4d8f6c4c5df5385672817e358c21d0ac30ec555e65e8dc1db5f6b871d0f843c2ef2940dde6d3152f17e90316eaaf0514271e43dbd3315a0fbeffbbe5e39d204d935e57764e21a4e8b60a9e2c4308518e66c66e0ed7e61c210cba2bb6d0839f8340ac97a4e73d15422cbfc3042a63fe
+	C = 529d88ade348f5af0dc30f9c0e274fbf881a665eda01d1a45592e86a9ae361a5f0ebe84789e1635259e67d22ac776cf89e5ffd06d241f4d664c5c1d55ebb6a01647541d8f061f57f56000d80b7db8ff2fbeb6652972055fa4d28a9d0e873af62958c26e3e11967dfb2952e94bc19a8
+	reseed counter = 1
+EntropyInputReseed = 115b3535fdc439990fb1c7dc1070c5f3b4bb95a7bd385779d7a61cac69b4145b
+AdditionalInputReseed = a9f73dc28c743a0f521b449b7febfff28e460e2f944282f1e5cebc7f89ebcb3b
+** RESEED:
+	V = 4e4f31969c7fd93dc3142a70cf8efb5ed96102b6ddd64c99b230117a68402dd22edc46576213958d405df4aae33037a69246f3c87247d2cb64d20bd6f4e300b4a8c51ebf84274542cc9b54461bd231a77d015dad225fd569704a9f2e94dcf352bd51e47abbe379e81c87d9a8eef507
+	C = 0767c4ccb0942e974463f6ff9ae5c0189ecef2930235927a062c0eb644e5ee893c705d637552e69a7b40df3de528016a3a4cd9c40f9f8dd6726970f732535da1d8b01e9ab261550761cbf0217e1a0076fa5d86f4acd4d215b0d53534224fcd162a74c7d04f944da2709fc92ef58558
+	reseed counter = 1
+AdditionalInput = 3cb9ca33f0e7b6f825d9e08fbea99f93e6347b021871024077d23b4dd0c5990d
+** GENERATE (FIRST CALL):
+	V = 55b6f6634d1407d5077821706a74bb77782ff549e00bdf13b85c2030ad261c5b6b4ca3bad7667c27bb9ed3e8c8583910cc93cd8c81e760a1d73b7cce27365f9f75203033ac73c20ee7d53acefb81accde1b4d5d8ecf2083041c7e3df455e6c6f172679e0dfc306e133dc9bb3be9c3e
+	C = 0767c4ccb0942e974463f6ff9ae5c0189ecef2930235927a062c0eb644e5ee893c705d637552e69a7b40df3de528016a3a4cd9c40f9f8dd6726970f732535da1d8b01e9ab261550761cbf0217e1a0076fa5d86f4acd4d215b0d53534224fcd162a74c7d04f944da2709fc92ef58558
+	reseed counter = 2
+AdditionalInput = b2ba05db9e1d7239662d47a40a3774bfbeab3ee56d3dd74d7d3919877df9c8a4
+ReturnedBits = ebb190a0a25725af7d133b9a5bcab789e984a2b644d313d9d3e1a6ad357d18b551504ac455ea102dc4ba0ca89b6fffff45f8e04faab078dfb5796eead685ade17851df81b0a6f526713339582548bc124401ba0de7f6c5bbba7b45de4d44129f5ebf82c417019712afa9bc8a5644ce2de6ffecb1da2494a01f0d241f4400979722a370b030001fc09e9c24f4e8627392b6a0885717da53255bbc743e33fe224867a0315cc59ee1cf8ec080c9ddb3c38df090841b09ea6d087594ae026f4ee9ce
+** GENERATE (SECOND CALL):
+	V = 5d1ebb2ffda8366c4bdc1870055a7b9016fee7dce241718dbe882ee6f20c0ae4a7bd011e4cb962c236dfb326ad803a7b06e0a7509186ee7849a4edc55989be9285366450f7f516de4a42ee758483cfa42ac01b55e7ebd8a0e38a9039e2cb57c324539f1bb342268ac489cd0d168065
+	C = 0767c4ccb0942e974463f6ff9ae5c0189ecef2930235927a062c0eb644e5ee893c705d637552e69a7b40df3de528016a3a4cd9c40f9f8dd6726970f732535da1d8b01e9ab261550761cbf0217e1a0076fa5d86f4acd4d215b0d53534224fcd162a74c7d04f944da2709fc92ef58558
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 0aed7cd9e51e965a89ee628e607fcbe2fc71bb1e610ef6c17ee40c7fcbde59ec
+Nonce = a62f30421f93edc727c43979cc17499d
+PersonalizationString = 2bce22e275abd56ae0ed54c369b36c4c4d773c32c27d70ad703f711891577460
+** INSTANTIATE:
+	V = c80eb52544cb9fed737e2c0054dfdf4b9e522c19d9ac17144921b3369e2b21e1b7046ed77ee3a8d34ac2f9258a4f786184787c26b423a52efdd2a0681ff873b2a0ffd6ab9c20764864305dedff925b5b3a2ac69029d51feadd86ce9c786f7f009c9d1c657349f6d88a59d03adab9c6
+	C = a4f56cb4e360639de66b2863e1e29893807f791bc7bffac9844311cd02e5f93ed31b1ecff3ab39047cad12bf40a25e5e5ec1dd1d98ad3e183be56f59c636dcd906255c52418cfdd8ccdbd69df57e5675d19d305031569730ad6dd8efe3ad36c1c013ba58d41d50eac6d0cc735297cd
+	reseed counter = 1
+EntropyInputReseed = b08e340275b52c99a24b68b889d5bd14e3721e1f11ddf698b072c5829c62f55c
+AdditionalInputReseed = 4cad97b6733aa6e2bdb9ab87af0533cfce5663d488685da85344ef19bd7848d0
+** RESEED:
+	V = 9283b6bd11b0d876e7c0e1a2cffdfd3743ae69c4908e4fe8f87a4465139e9977cec5fdfa9d2a6fa8389cd627832208c410462506126761ec2b16558f722168ddbf4d3bfa5ef3e8ed5094f334900bf4b76558cc19e889a5d8610da6e4af00b3b1ade70611da036c23c082360743d7d4
+	C = c883503c57036ca9eeee8fe8b625ee28f1453e507d4449cfe967737395484a566f8014dd135918c48ad295137ee7b249e4f3eec8452dd4c25c9fc54fdf46b484350491f2ff680fa564b2fe94f3a6dc2eec782745fe9f81bdcb1f19ff56d5407e480203dcdfe810b205078a853ebbef
+	reseed counter = 1
+AdditionalInput = 313e3b97dd599085047726642c53fc7fa4bfc24f6f6fac63df0f78c4fafcbcde
+** GENERATE (FIRST CALL):
+	V = 5b0706f968b44520d6af718b8623eb6034f3a8150dd299b8e1e1b7d8a8e6e3ce3e4612d7b083886cc36f6b3b0209bb0df53a13ce579536ae87b61adf51681db3046dff94752037d759784bbac67f90b47ad2810f06b5b96e8e51fcc17ea57c0cfe96f2626c9ff0d04c77c98259562e
+	C = c883503c57036ca9eeee8fe8b625ee28f1453e507d4449cfe967737395484a566f8014dd135918c48ad295137ee7b249e4f3eec8452dd4c25c9fc54fdf46b484350491f2ff680fa564b2fe94f3a6dc2eec782745fe9f81bdcb1f19ff56d5407e480203dcdfe810b205078a853ebbef
+	reseed counter = 2
+AdditionalInput = 32d1ab7a47218472aaf5b7b50279162e215d803d27c5f495fafcd80a288f75d7
+ReturnedBits = b2578583990ded3c1e7959cba622339eaff43b8a4903d993364775db17efae5155311bb7e960ee5faacd8b19747aabfa39c9a87cb06d24b7780e5c51832ed53a32868aa1fc85c8230a34488b45a58c079a2eec313a298ea4ce6e4e403e1222c0ded49007ec69d594af35b199c30981d2cf9a38da5f1b02a47a5812bbf3f39f16d50c1696712ca95ce8fda4d5fc3c5624ab61c63fe0d27d85e5b74ac265c4802a9589aa16d861e14ec0ece99e8a636b54f05229bf31e28c85698b7296f2c2c155
+** GENERATE (SECOND CALL):
+	V = 238a5735bfb7b1cac59e01743c49d9892638e6658b16e388cb492b4c3e2f2e24adc627b4c3dca1314e42004e80f16d57da2e02969cc30b70e455e02f30aed38630101f181b25112e9c8b7d5ecf9d3e98c04f0630cd88fd0e6965d2556ac2f0971f3155e454144f7f41b785d188b895
+	C = c883503c57036ca9eeee8fe8b625ee28f1453e507d4449cfe967737395484a566f8014dd135918c48ad295137ee7b249e4f3eec8452dd4c25c9fc54fdf46b484350491f2ff680fa564b2fe94f3a6dc2eec782745fe9f81bdcb1f19ff56d5407e480203dcdfe810b205078a853ebbef
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = afc89579a094ea535a393b529d48fbd8f4c8d2e13ca3cb1a875f78cb327c447d
+Nonce = 3bf2f4aa617f83052f1e127c50c66cf0
+PersonalizationString = b0fb0a65edaeb27b7854074833cf22b0fc84da1ebc0b5bd5292826ad697f61e2
+** INSTANTIATE:
+	V = f5bbb6ad3b3bc6d706285e5b5d80be81ed529598d421ee87adfe94c458d33f03e88693e3103d99d2255000f0e27a42e6351ccc0596e0cf32e0e5f52948a1497afaf8f6545be56ec01bfaabd5b5757798e1b7e11deefc9f490bb0811ce4ee7d657cf629f35be34716e07a6595c7b746
+	C = 2b5e56c54b1b9ceac459ce790d16e1232b8531ecc5fe63898ad8586be098319652437a1c6e69bf0042a68866e624c14238f329829f375e91351d599f0ae36f7c9a78c06521fb2d2411f2b62dfbac50e1d4f8b3af00cdd35711b3a4355ce5c84356796790166278577ec37d663e52c2
+	reseed counter = 1
+EntropyInputReseed = ef2e9d94e59aa744308fa0295de6bca5c7c3490f74d363d17d5f87d5b63d14a8
+AdditionalInputReseed = 4851eade07c2f8c8a24df32101766581f8f7980710590d9f797deaee2309f133
+** RESEED:
+	V = e92e78c230abd2361b379abde5853497dc8bae02fc4dba2455ed7c5c2bc9f0b496c3333ed3f1deab8a48778671ea72182c816f804633774a0a4c2a6965026713e61e9a40d1d537473f5671e0ee400f862cf4cb998e55fa7fcd9233060d90651d3a9195d545891160f5610a20f524c2
+	C = 95b6be937519e1ef609fe464e5f99b70addf4a46b4b7dde28f1585162458b8c48f71d6c36a07656fb04f0604a7b6c257cf667cb40a9add1d3c2214eb5333f4c39bbecf0a69ece27a561e0b93f1b58c90c5d8295a279ce8e5b7884b00d1c73927d14f93ddbb2f40a1582e18b8667947
+	reseed counter = 1
+AdditionalInput = 0910ddeea8c1fdb4c6614dfb4f42381a2250494167794dfe449d8c576c7b6f23
+** GENERATE (FIRST CALL):
+	V = 7ee53755a5c5b4257bd77f22cb7ed0088a6af849b1059806e50301725022a97926350a023df9441b3a977d8b19a1346ffbe7ec3450ce5467466e3f54b8365d4ab4f7c953dc9879eefcb9bad1ca984a88fde169d4e9d78844d74e05bd0a2cf1e26635ce54e84f01527cf58a05dca710
+	C = 95b6be937519e1ef609fe464e5f99b70addf4a46b4b7dde28f1585162458b8c48f71d6c36a07656fb04f0604a7b6c257cf667cb40a9add1d3c2214eb5333f4c39bbecf0a69ece27a561e0b93f1b58c90c5d8295a279ce8e5b7884b00d1c73927d14f93ddbb2f40a1582e18b8667947
+	reseed counter = 2
+AdditionalInput = 3e48a55b2d39800f465460636fcf91a56f0694559631161396c774fec768efe1
+ReturnedBits = 49aa71fac676b098f2c8d30717051e5ad9a7b6f152ab86260dbc297485b79b225ac3ec5b12d54119ea16262ceb94c9c662cb7617ef10b1da8ba249eff5ee9297b8ea2487d4f2d30601bf429028f6b850f3b7b1d48d388dbaf067f6e53247d496128ec29d99a363b1b69436cf519012418da694d4f17b999df31b6ffad94a364ba57401c23eb1b308d4bbf3a4e5d636b8526d424da37fd010c18ab92ecf6551475edcd618d01dcc9c2b88c3e62b57cc58b95853cb86c242d01dd4846357f4fcf0
+** GENERATE (SECOND CALL):
+	V = 149bf5e91adf9614dc776387b1786b79384a429065bd75e974188688747b623db5a6e0c5a800a98aeae6838fc157f6c7cb4e68e85b693184829054400b6a5348782fe97f105186abcf200b96be98497f45a2fbf6285ce74e6e125444f10107c4f65b6b2d9841da91702d491568f5cb
+	C = 95b6be937519e1ef609fe464e5f99b70addf4a46b4b7dde28f1585162458b8c48f71d6c36a07656fb04f0604a7b6c257cf667cb40a9add1d3c2214eb5333f4c39bbecf0a69ece27a561e0b93f1b58c90c5d8295a279ce8e5b7884b00d1c73927d14f93ddbb2f40a1582e18b8667947
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 8b418373c6adbf3c5c6feaaa15157c93d331595f5724657f547a4c3131fae19e
+Nonce = 9236a820899dab6dc8912ed188c2f05b
+PersonalizationString = 9b204d4d18aed17a53568186314ba22195619986d19ca5a68c56ff8e59c6614a
+** INSTANTIATE:
+	V = 362c10acd81e611e92f556dbc91ae372bee595eb34cb6c1e21623b673813c3a967028de69731af9552b083a2223ef1a7d76d9f59dd53ebb9ae7a47ebcb82e30ddc02f71342e89b3c6e705a6f3853afe7c838c18282f6de70dd067c469cc8d17faa01997a523a59683f84fe1eb35287
+	C = c6520bd5f257adec30bd42d41653434acc49517c2ac97ba86e0ead2ba1c9af799380275f6dd0531e9806e568f9c9df35d354f14d5ba89179587424a702a36a83e3f422ce19e11613c3fe7dfe7635c09e3707c643d8b431e115a4a4fdf7b73de327e85d597cf0457a6f73848bb416f4
+	reseed counter = 1
+EntropyInputReseed = 2a025cb9e6891e79dcb7ad69d055fecf6569b2bd066b34b874f6fba77354995c
+AdditionalInputReseed = 2c0bcd37f8523bb604e1715116490cb5fd8da2d4b97385d15f67d533da435c46
+** RESEED:
+	V = 1f6815967fc64606451be01bea6bbd2f93dd64b93840a48d0a5e41b99024d778108aa388defa6c57c9436e19b89dd98cef1ebc7931e3d0569a9b41954919ab1f8a116117f4c25c93cf522636dd6efe4afdd30ad8f341d38c24c26168734a8551bfb28945233f1eea9511969b5fb296
+	C = 7764b583a61f777cb838e730e7b96c3e302e757265ee335e8e8cb271a8f7c4eddf0fae495ac06adda71dc62f159d5262105ac170b1864bd1a9e2dcb23294836328fb8994328f1714d5e4b07f0908c05f795179379647baae1773d9f282294dbeb1d0aae83d08fe6c739d98c5864daf
+	reseed counter = 1
+AdditionalInput = b50931cd1d18286a313e9e5f7dcd314e860e67c09b250c548a02d13bb01f0013
+** GENERATE (FIRST CALL):
+	V = 96cccb1a25e5bd82fd54c74cd225296dc40bda2b9e2ed7eb98eaf42b391c9c65ef9a51d239bad73570613448ce3b2beeff797de9e36a1c28447e1e477bae2f15916adb8fdd9615c3f827e4e3559dd1ead26cadf3c3eafc1087f669d9ee2100dd9c1b4ff0f33c97036813bdf1a6003a
+	C = 7764b583a61f777cb838e730e7b96c3e302e757265ee335e8e8cb271a8f7c4eddf0fae495ac06adda71dc62f159d5262105ac170b1864bd1a9e2dcb23294836328fb8994328f1714d5e4b07f0908c05f795179379647baae1773d9f282294dbeb1d0aae83d08fe6c739d98c5864daf
+	reseed counter = 2
+AdditionalInput = e91ce46e803cc464074c22d569e0f882f1e6cf3edb8a3a3a1e4c55247803cfd3
+ReturnedBits = 53129335883cc7d67a44870b4d2d5f3b2fd1c58c4afd426a76ac3958f7ba51be4fe4189caf6c7f3a7588cb044a9c6c30c28d4d5dce05d59fa5c24a2218ab4dc489e68f07df355ae0624ec02324fc4bda816e7f491cca67fc1e4f994433fb1ae35e6257083f1acf451c715d428705f87f69b2feff5cbb0499f583c1d2c6b908a95b41b595552ddb92c99c1360ae7e1c53d7062ea83e6c3c2ad6d0d6a2494ab2024b4ee83c5b3a9473f9ba8b636c59e4ae1a90bc097b05580cb060f47660962567
+** GENERATE (SECOND CALL):
+	V = 0e31809dcc0534ffb58dae7db9de95abf43a4f9e041d0b4a2777a69ce2146153ceaa001b947b4213177efa77e3d87e510fd43f5a94f067f9ee60faf9ae42b3d88a500f0d4cc85b56f1df028673fa4578ad12e0c0e0584fa581d909cafffcc4f8f1683dc064bfcb2dccacf5e1f693ac
+	C = 7764b583a61f777cb838e730e7b96c3e302e757265ee335e8e8cb271a8f7c4eddf0fae495ac06adda71dc62f159d5262105ac170b1864bd1a9e2dcb23294836328fb8994328f1714d5e4b07f0908c05f795179379647baae1773d9f282294dbeb1d0aae83d08fe6c739d98c5864daf
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 86c6592a1e65fa9412802252bb7449710614965c45b5c827190b5daecb9184f1
+Nonce = 6c9ec40e1cfc857f81b18aa230884ab9
+PersonalizationString = cc87926dd68d6a268324aebb786672199fc4d0556be53a07d45c431f310b703d
+** INSTANTIATE:
+	V = f9e2cf4cebe806a777d764cbd0fa9fca56dd04a11a7644287e097a4920a70e2b92dfafb99ae126238fb1dd40b33133cc3086115e6d6328765fae5eba2f736602ad0183636b37a67ad795f3b1a11cdee82aac325d0313920004a866e97446cb988a49472175b9ea89581c36c3ba7326
+	C = 584628565b321a01639de069cc1a98a5f925ef1782cb2cc3b367bf53779f0714682a8da14e72416feb322da5f49ea67f52b9f4a1c82077c62816c4fa8e88e57be68fcbebcff1946896a61e43447f1d3ff353442d77d8ab896fa893a676a346ef55448f37d749d1e9e4d953f040d2b5
+	reseed counter = 1
+EntropyInputReseed = 06d762eb36e6cf9958cb257bf439b125598ae1afa425b9211ae422da6d1e11f2
+AdditionalInputReseed = e7b338dfb48d52e81cdc91ad3b431e0afb8b1f8869ca5aa8582736faf9bee76a
+** RESEED:
+	V = 810ac394922db1d22457f2a46d8a6a8530f7daa55afe96001a0118dad3636aaa91d59f50e4f2ab411fafa3fefff0021cc0015a623b1e4fe13859f4649d96d2eefa2e1ba611f06a6bcf0012f67e03b70edbce6687f360a9e737c60d1a9d797e8349f2c6aa88cff3ca692c4f2030ce15
+	C = 8b974dc05c064979af30d793f7050e86393c037fc47a4f53bf579ac8668f4a7595dec8c1066d46fc477933f29de0b60171a85adc39e964a072922eadc46a59dd4f77f1826da006f09631ab79b5ef03a28eb5d874cd8a08b64e77208c63659d27c220e7e5bdb22fb16344b77b4da3af
+	reseed counter = 1
+AdditionalInput = 702c10399d92f9c780d6c7797f6cdd732adb334a38e38ccc03ad2932ddc0062d
+** GENERATE (FIRST CALL):
+	V = 0ca21154ee33fb4bd388ca38648f790b6a33de251f78e553d958b3a339f2b52027b46811eb5ff23d6728d7f19dd0b81e31a9b53e7507b481aaec231262012e0f5c2cb738f930defe22cf846b9ee437c1578e179b73dc115eec73aef158fb95a52a19f0e58038a41614baad3336e408
+	C = 8b974dc05c064979af30d793f7050e86393c037fc47a4f53bf579ac8668f4a7595dec8c1066d46fc477933f29de0b60171a85adc39e964a072922eadc46a59dd4f77f1826da006f09631ab79b5ef03a28eb5d874cd8a08b64e77208c63659d27c220e7e5bdb22fb16344b77b4da3af
+	reseed counter = 2
+AdditionalInput = df0b8383940427b32a41137536ab4e9f9c9e0945f9e384ded8410c0fda707aa0
+ReturnedBits = 1c3432d73586a23629c1cf93c91d56cc1c46208198c12bac0c234407e97f3a84b3d1e87688bdbc5f8ee54d52ceadda4df29c657a1008d018973458c552af76bf146b21cc0ee98c8b9749ffa0e55a87ab24c11d9a8099f4729b9b0ea1b3f35468db1ad23361217cdf04f4c9f044bb9481949a5a5d07bfb04d832b5313034c25f32fb30b92629db7c7fd53bbc1501bf544bc3feb4ca25b27e3bef2e284c7bbc16ee9ad97a208c2df2302559528cac8dffd191deb4f32e7f27e97594ece3f752749
+** GENERATE (SECOND CALL):
+	V = 98395f154a3a44c582b9a1cc5b948791a36fe1a4e3f334a798b04e6ba081ff95bd9330d2f1cd3939aea20be43bb16e1fa352101aaef119221d7e51c0266b898f280828871e6dc5c268b7beda0b6befae6c7c5f5527a5e0c54f2d919b070d11f196ae7fd68df7df8edbded97ec1bc28
+	C = 8b974dc05c064979af30d793f7050e86393c037fc47a4f53bf579ac8668f4a7595dec8c1066d46fc477933f29de0b60171a85adc39e964a072922eadc46a59dd4f77f1826da006f09631ab79b5ef03a28eb5d874cd8a08b64e77208c63659d27c220e7e5bdb22fb16344b77b4da3af
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = bef2f173e73eb38e87675f4d5ab52bd3659d6be094b524cd32effb217cf15c03
+Nonce = 51438254cc16b6f7066a54fa197d17cf
+PersonalizationString = 6455367b521f0809c168e9fb47498c39733ac17bda864d0944394f1f1b3198a5
+** INSTANTIATE:
+	V = 8d646a0a072160ea7323930e1572b29f5646f7c6c60dce5577744237caaff1ff16b5fa2f1536214fc065ae80955f6fd84ab519b405a32ce9ae6a3433a89ef48257283ea2c3220ea290d7c6c3eb6d0375cc8ececeebd26c669c53bcd516646ff66cc8c732069269570a8a61e7982ce7
+	C = b4f839529b64d97be49a4ced5673e121ff9b4944449614013537371d0157b7b7869975ad153690932fb1fa25ac46c74ee475e4e4f679105392bf747b57c32212391fb7ed17320a092fed3a73a259f48bd3d2998d75905a74cc5bb74b8cdcf4721f0d0feeba3537be04f70c1fbb995d
+	reseed counter = 1
+EntropyInputReseed = 7685872f96fc2188d0512d97fa467c1a6a6c4047e12e5370dec992f3969c34df
+AdditionalInputReseed = 339611122b08b8eac442cc51b1bc6832ff07688cc3c0e1c93d258434e9095e64
+** RESEED:
+	V = c731d254bf348827977954d4f7614f2a4eaa3aa49abd0a7f20bf0d66d0d10809642ac54f3e645d41bd2dd515b4e43c27f4f33ddb1d947614e4489c41a6f1fccfdd52f9533dded34ae3709a35352ae3a52758689a0deb74e21fe21ce8c29ec1008869216496a8e6b12277dd016ac747
+	C = 9588a0a6ebf684950a2a8b87b53bd2c7e6b2715bc25ccb4faace14384e807364acb8e4ae68e4c77a2d829a6ab1a3ea8debbacb56141bf25db3bd96fb7bcc5e47882d4e95ee6de51a6e42775730a12de7e5ed3cf85b293cb17333b03b7bec1f6218b1986824bd9ad23cfee77b0e8f62
+	reseed counter = 1
+AdditionalInput = 473782dc8d7a65957245562ff45e9dfd0a8ac5c9c279e5e98fe1d356912edbc1
+** GENERATE (FIRST CALL):
+	V = 5cba72fbab2b0cbca1a3e05cac9d21f2355cac005d19d5cecb8d219f1f517b6e10e3a9fda74924bbeab06f80668826b5e0ae093131b068729806333d22be5be5bfd8b933f749c6f0dc4e73adbb184305d9a37a7110e1d0c22df6b0ae5c96002a27983597a8841e2e240669863b8289
+	C = 9588a0a6ebf684950a2a8b87b53bd2c7e6b2715bc25ccb4faace14384e807364acb8e4ae68e4c77a2d829a6ab1a3ea8debbacb56141bf25db3bd96fb7bcc5e47882d4e95ee6de51a6e42775730a12de7e5ed3cf85b293cb17333b03b7bec1f6218b1986824bd9ad23cfee77b0e8f62
+	reseed counter = 2
+AdditionalInput = 538b09d0e458c916ef75f6f64f0b55ebc556ffa24453ec191f17cfc7ab655436
+ReturnedBits = 95715bb172924503b6153e68c7b5656423ebd13215d3c9a6a8280636ce288031a8d4407063d4dab981c9454c7c822247be65ff9f3f4ba0c470eba79cbec0a6bfac935b99945e3824ddcc9faeab3e6ad3a914792650f28eaac0439a75f724dbb827c1c6d462ffffb56d8806c4850d258858d1f5d0a30da760fd5e7e73d026dffc20302fff67d6bb08a7912b585bb7b2d1c9633f6bcea3665ff0f9171d12d18af2c0c01652ef63038c6693459960d0decd1485e6ff837c2429838cfe18b8a5e2b0
+** GENERATE (SECOND CALL):
+	V = f24313a297219151abce6be461d8f4ba1c0f1d5c1f76a11e765b35d76dd1eed2bd9c8eac102dec36183309eb182c1143cc68d48745cc5ad04bc3ca389e8abb443c3c36c56924c7d3b887c7070c983ad93e1de0f9572fdab17d572da6d732bb2342a39e152cf72d4711e0ad1f4a2fcd
+	C = 9588a0a6ebf684950a2a8b87b53bd2c7e6b2715bc25ccb4faace14384e807364acb8e4ae68e4c77a2d829a6ab1a3ea8debbacb56141bf25db3bd96fb7bcc5e47882d4e95ee6de51a6e42775730a12de7e5ed3cf85b293cb17333b03b7bec1f6218b1986824bd9ad23cfee77b0e8f62
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 955f1b30c12e617e5f93020fc851c9d0b51a0583bf79d651db4afbaf63c15d75
+Nonce = 57a59f295e80b4da4d9b66ae974ead1e
+PersonalizationString = 75c7f45c26d3c22bb15d16ca7f24cba12f204a374e139a2beb071a5686a1f358
+** INSTANTIATE:
+	V = 2fccc97601316440dcfdcec0f90c706bff8fb880ae9cf9ce0e536f548b5fbea037461da70a2e8524a11354786a7e02d80b71d24482660b841bff4d37ec01364e370840bd53c406ad777c592bb0d7fd59526c3ab487f3e71b68a3907459b4da3eed3ccc8c3b7885ba17fdd74d890ee9
+	C = aea0bc267c3304eb009e0829566893ccb687dc6e547120d526c773e6ceb829f60ed9996330d20c8341517f8f7997edaf85d127aae815894b31b707aae2acf021a1c3c620ec560f457ddc4b4b817b5a807cdf5bf3fc26f0fd9a0fe653b8ada3eb47ddfd04962bee27f9223b1310c7b0
+	reseed counter = 1
+EntropyInputReseed = b51d6e90261533092dc5df7ef9d9bfa93ba97f868918dbee524dcc7851cf3255
+AdditionalInputReseed = 8ca7d250e025036f03061eb1d7cdac6561e21cb7a834e18424066c166eb7bed7
+** RESEED:
+	V = c785729dd4b77a95c86b9a2a9d1b0708d40b99b57cbc854e319216aabfe58bef7380030571736b07c85043e39741fba5633dba198de247d15b87e4590747468566e9abb734d725fd0f644260bf8ca182e9a61f0c742a69ce34969ffb02d6b29ebe24786f526033feb09c8ab8fb74f4
+	C = 752f65cf6fadd4a990d534e81ad32c2c63037500d840e48c53a2dfa57a6c56385de1e4d4808a849100bd6d0d163c22e580216ec0b02493825881820d4658cd2923b15ee3a7d928c44d5062a6b895dc5197bb72c7b4ba5acce323a62267e4fb4966f8839d92a7bc705ac6720012f4e0
+	reseed counter = 1
+AdditionalInput = 4a74bcd4a3f67dbfe5570bcb0aaebc1381e1d978051431c65fdc492299b63904
+** GENERATE (FIRST CALL):
+	V = 3cb4d86d44654f3f5940cf12b7ee3335370f0eb654fd69da8534f6503a51e227d161e7d9f1fdef98c90db0f0ad7e1e8ae35f28da3e06db53b40966664da0148ec8d464f279af39af0cbce9e3f280ee275223e754b7ae2e438e933e98940f9f13f196b320e42fa0152302f2617d6e94
+	C = 752f65cf6fadd4a990d534e81ad32c2c63037500d840e48c53a2dfa57a6c56385de1e4d4808a849100bd6d0d163c22e580216ec0b02493825881820d4658cd2923b15ee3a7d928c44d5062a6b895dc5197bb72c7b4ba5acce323a62267e4fb4966f8839d92a7bc705ac6720012f4e0
+	reseed counter = 2
+AdditionalInput = 7f2c22c73d130f083705c2093fcc4ac19a8bc238fe66b617e1840814ad83c162
+ReturnedBits = 56ac85f44b9c3c7dfa5b7994fe3908d39341a035df8a4d0deaaf17034248a010763c37767ecb7a5309c3a5c7588a1bb662db02e0fe9c36b7cec39693e2f3c4d8b81fe6f213117cbaf1da94d5c147001e7526a389e364428a12c5b9be1cd4c9e7ab75f8a3026e1f388eeb4d50a3c1ecd72bfbb762d12c9080cb956543b44f056f6d05e90742bab6e4611463a0e11d9f61ae378c774de3486e229c63697ffe7cd058ed6883351fa8cbac514ea433657d6d8c7161f018b6163cad00794bdddd779b
+** GENERATE (SECOND CALL):
+	V = b1e43e3cb41323e8ea1603fad2c15f619a1283b72d3e4e66d8d7d5f5b4be38602f43ccae72887429c9cb1dfdc3ba41706380979aee2b6ed60c8ae87393f8e1fb4b73d0a8fea0be14f5dd9dbcd745b65e2efcecf7769c577542c072c67701bd2ff46b5ed06cdce23f859c1e01a17661
+	C = 752f65cf6fadd4a990d534e81ad32c2c63037500d840e48c53a2dfa57a6c56385de1e4d4808a849100bd6d0d163c22e580216ec0b02493825881820d4658cd2923b15ee3a7d928c44d5062a6b895dc5197bb72c7b4ba5acce323a62267e4fb4966f8839d92a7bc705ac6720012f4e0
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 3a1525f7b44bda3a769db0132eef35b8f5ebc0e418f86b810891f4ba15929447
+Nonce = dd861c8849ab7737ba2bd9ec77274ed1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 64e9b7f49b33a44a20e964854139a50c7be07f252b1a0980c5e2520d0d67be800f9878fef163a5403860094d4e935301fea324da5903382db4004785ecf6d0e1652978b4de23907a6c9e6524a714aa29813a1ec56e57f488d94ce633b7ad83ab1268f0181ecea5c215e7c343e04804
+	C = 1a0435de5cab1346ed412bc0ab76a0a95c1913795f5545ef5996b8400511dab75130557d0cdb785eefdc0d1d66b0b5eef8704ec4fcd2161321ebc54b6e73b4b1337daec9ffcad1dc1034db79772671f583501af82688348f5b65a70736c3009e853cc09f0b7db5ea54610cf83222b4
+	reseed counter = 1
+EntropyInputReseed = 79d68de6103a532946f7d585c97cdfbf8d48d3647ca86d4461f0d23c4c59c30f
+AdditionalInputReseed = 
+** RESEED:
+	V = ea3d28b961bc37051b03d5647f273a37c847cc9e1b0de6ef0ac9755fdbd56f3ad75458eeda3a5b1ad3b7dde16a72fffd5a11e78d734063fcaa3e5d2b6b24763d63e15db0e91152a66fa94c2032018b65932cfd14f664a35a7346befdd8e2ab7aeb6d6223040146984335ade480ce0e
+	C = 5a8bbb666fd800bdce776ec7378aa04724dba266f4c9cca4cb1e2f8d1d52bff226335fcf2735d568a584806028c6af58dac9dd164886ad36336289d138d15e7021d4257d5f7945d2c650e6b1bbcdf0977c8c8cf2cfdb86d3c58f08a9c2aa0971b7add0725eae7dd47935ee3737ae54
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 44c8e41fd19437c2e97b442bb6b1da7eed236f050fd7b393d5e7a4ecf9282f2cfd87b8be01703083793c5e419339af5634dbc4a3bbc71132dda0e6fca3f5d53fc4967baa0a2b6f6f5495a2a17b78796245da67bc286a617471a4a0fbb4d7530961d0aed12a24fc8bd4a926d5e333e8
+	C = 5a8bbb666fd800bdce776ec7378aa04724dba266f4c9cca4cb1e2f8d1d52bff226335fcf2735d568a584806028c6af58dac9dd164886ad36336289d138d15e7021d4257d5f7945d2c650e6b1bbcdf0977c8c8cf2cfdb86d3c58f08a9c2aa0971b7add0725eae7dd47935ee3737ae54
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4ee1e00177f66662422ee7843b1292e350bb35e771010998d3ee6d54f820bd0cdf7d4f2fd3347814b6b39f98d518302a6dc929a2a3171b96cceaab8496097431776ae1a1b227280361ea3b65ab6b0f893e6d89ceaeb67a0a20f3b98501ff97a184db4a4a0004720ae928e1522d6d13d721174caeb6f2d08741d2ae8905e184253d7a98860925d85e52fc857da8c5ef504cd7922724f6c29e7149b1f5c244d1d287fea8e16eb4ad5c9df9bb7a6e214d05a720d112876e87435282143be237ffba
+** GENERATE (SECOND CALL):
+	V = 9f549f86416c3880b7f2b2f2ee3c7ac611ff116c04a18038a105d47a167aef1f23bb188d28a605ec1ec0dea1bc005eaf0fa5a1ba044dbe69110370cddcc733f2871d67e83a1df028b079fa0406913f37e3bde94179271fd79697f96645329bbe21b1454273e46beb133067845e2dab
+	C = 5a8bbb666fd800bdce776ec7378aa04724dba266f4c9cca4cb1e2f8d1d52bff226335fcf2735d568a584806028c6af58dac9dd164886ad36336289d138d15e7021d4257d5f7945d2c650e6b1bbcdf0977c8c8cf2cfdb86d3c58f08a9c2aa0971b7add0725eae7dd47935ee3737ae54
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 87abfe2b975293ed04d650b6159519a77303817a7dbc8e2095a270067bdd612b
+Nonce = c358ff1c67fefdfa03c586e33f812dd2
+PersonalizationString = 
+** INSTANTIATE:
+	V = a04e14a3a112c2b3a2e69b831afddd62fe692f6a6105b73ff737eb0ca6cf47bc845d6027b6ceb4e88c84653def75bc6fde42cb7e998eb646b8d95e2915fc7a08692955675408989888e81d37e4c288b6a0e3e08b4bfd25b52e2572c8e1d2311883043227e0ce8b78b8c4f7118e7602
+	C = aa9c8f00ff5c925d52005b45c9b20ee665d48b80856727ded9b5ff3644b732a71713573584dc4370746df97c2d46c5661895971daa969701b6c3148e686458309ec6a1fdb8b0cd94ee11e2b69778191c17d73534a9908c50f9f3f4b5d73535147d2510e58f04d7c28b81479c227404
+	reseed counter = 1
+EntropyInputReseed = f90609fad8e3b9eb10dbb11740608567b14b8a5390b860c4419d14a83032f33e
+AdditionalInputReseed = 
+** RESEED:
+	V = 4120444a7112446c5788e33d34c27e1b752b83c278ac81f1321b242723562d1fcd3af1ea59e20dd98720adbf6d90f8d00e3aa42c879404db8456d315d367f676b772484bc6f325613396b847637c894519c3b270b8a426209bf74093962385b86f2efebcdbe62a946887e97057a52f
+	C = 96136127af5327f58c493f73f9349fc989161a15a81fd023baca03c8a1688f3f457a396a33c8cffcd387fe02bdf1a099f34ff2abcf44897e702755342fbc8e9c8ea0e1f77e1efe774e041c5ec53b65d2f3af6cbf6bf2706f58cfcbdf5cccf3f908511644f5e128841cdf9581479090
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d733a57220656c61e3d222b12df71de4fe419dd820cc5214ece527efc4bebc5f12b52b548daaddd65aa8abc22b82996a018a96d856d88e59f47e284a032485681589ada5d57224d4fb838f8eb741140a87d9ab922a7820d43079322c8f27268f9ccede3edec8c489a625bd59dd43c7
+	C = 96136127af5327f58c493f73f9349fc989161a15a81fd023baca03c8a1688f3f457a396a33c8cffcd387fe02bdf1a099f34ff2abcf44897e702755342fbc8e9c8ea0e1f77e1efe774e041c5ec53b65d2f3af6cbf6bf2706f58cfcbdf5cccf3f908511644f5e128841cdf9581479090
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a57e746817d6e4081cd91d613439192b2725f42047ed1066bf9635480090ba9ab7c45356dc85612ec266776bb54d8ce1c1374383619f8f4c49569f228ee00ba2066db3b11fd3f95b55781485015556ea1c61d94da740b3938346a558a75e62d2a6c4673f05776f58f5973db357908c71aa2f12dc56fdfd2a9139d23a81d17b99ea90773f439229722777faf5775b062c05d20a0d46f28bc3242c7fc55a6ad3e8c70c6435fec8c30cfe8bc43fdc35882ba1319906f849ef532b176ce10094e53e
+** GENERATE (SECOND CALL):
+	V = 6d470699cfb89457701b6225272bbdae8757b7edc8ec2238a7af2bb866274b9e582f64bec173add32e30a9c4e9743a03f4da8984261d17d864a57d7e32e11457867d090293805fe0e9a210a0afeed031fe3d9c15fd7ad3b52b748198882993dd89628cb286f6569a384266b8a0be64
+	C = 96136127af5327f58c493f73f9349fc989161a15a81fd023baca03c8a1688f3f457a396a33c8cffcd387fe02bdf1a099f34ff2abcf44897e702755342fbc8e9c8ea0e1f77e1efe774e041c5ec53b65d2f3af6cbf6bf2706f58cfcbdf5cccf3f908511644f5e128841cdf9581479090
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 722e75afc665d4e34e1d15209b69e85a062a9d853d82b5d9b7e70ba47668862b
+Nonce = 59a97d2c6dcc1cb75c389cefdc67866b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 22e73964572c272e4f22e8acf35f649f8f3917869405d1e300d0e5ee03e8fd7a57ff08dc7ecbd824b4aa7f6dbe72a06939d67b0c6264e916da168bc86b75563532fe7060932bd7ce37b3bf0b8f55304da4469fb57bd4b80b1303c5d3d6935434e21acc686a357d584ca7b75d6c230c
+	C = b66b00b72882dbbefa2684fcec47980ca903e67bc7ce747a5b76ff3b33de0e2bbb02d69c9350e3d225c0ae61d5090d788b8d88ad1db1d8bd0e38c19d63e8dd10084475e066cc4ea083fe4555481ea68d127332b3583eabf49cbde18cbb7123f0fe5ca3e7fe9d28af4606be22d7ec43
+	reseed counter = 1
+EntropyInputReseed = 4c2fa28afd4d036e06f381cb4adde29db272539930bc3ecbc9c7c1e29ea10653
+AdditionalInputReseed = 
+** RESEED:
+	V = 37b50518e62881e7b46fee16744b38f28fe88bb1d0d3d2eb443e2299a95c15dd6c2009d4f5314f419c6e93671360b6a32372bc797e48785bf544702f374be2dbd67c3705cf45642fa0f9df2c3538bffc0c4c9274623b71b8ae7d168de6db388e4332da55a92a538d908c23d815bec7
+	C = e11550bf39e1e33a781a8572d958599743dfc0f55e389aed577e4484cd43bd7ca0c434468cef7cc4b568a63de561c2578d4714f519339553a049290c263c0a195e1904ace9bc58899fa627cdb084303229f6f405712682241d1a6dfe29ffeb46ea6e40385fa44168a1ccf765effbb3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 18ca55d8200a65222c8a73894da39289d3c84ca72f0c6dd89bbc671e769fd35a0ce43e1b8220cc0651d739a4f8c278fab0b9d16e977c0daf958d993b5d87ed210f72052eaf42f93ae8d55e5bde051d73895cde8c17537d332063ae13696984570bf1ae163df52cbbcde87c51be71f0
+	C = e11550bf39e1e33a781a8572d958599743dfc0f55e389aed577e4484cd43bd7ca0c434468cef7cc4b568a63de561c2578d4714f519339553a049290c263c0a195e1904ace9bc58899fa627cdb084303229f6f405712682241d1a6dfe29ffeb46ea6e40385fa44168a1ccf765effbb3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8f80ed11ce60a25e2484f4bcda192a70566ab88475fc8cc741cf996eb482062cce91e176052e4d1c367f0413f78906b6456dca8e46c1e516f4b903426496f6d3e2547d21c08ff69403380e12401d34fb09b0b5ef74406de44a8646cfcb7f90b016f536b1b547bcf9a23253904dd49a985c45cbb188dd746b49874ba202e0885048668230646f93fc4f5baab40ef1b0c2e9d6a457f315b9f3d1d9b5a6b9148384c74386b2f3138a058a6a0197376cc3cf50911c94935d218b138100f00377ef69
+** GENERATE (SECOND CALL):
+	V = f9dfa69759ec485ca4a4f8fc26fbec2117a80d9c8d4508c5f33aaba343e390d6ada872620f1048cb073fdfe2de243b523e00e663b0afa30335d6c24783c3f7a49f7bdb3c3273d4bf8078cac96349932ab3ba8fe2c3d0bfbf6dc961a1ba5fcd8a9583514d4ffcd78d8385980a668282
+	C = e11550bf39e1e33a781a8572d958599743dfc0f55e389aed577e4484cd43bd7ca0c434468cef7cc4b568a63de561c2578d4714f519339553a049290c263c0a195e1904ace9bc58899fa627cdb084303229f6f405712682241d1a6dfe29ffeb46ea6e40385fa44168a1ccf765effbb3
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = bd787bcbfca643a816badea5be543d408971aa836b5bcd979e52ec4603715160
+Nonce = d3f32bfab60f9c8bba0afec7709ac045
+PersonalizationString = 
+** INSTANTIATE:
+	V = b2f8fd3f6b47ab85341229b712f13353772058dd1ceb135f6b132f2f611fb3a0e3c64d56ba5e91f6181564ff76002f578a28ea5945c24fd696a96f6333904cfeeae8c90426c6c463355068ff17a88281aa0b59c054b7a1864741a00fb1189d06135565df758295ef4ed3004e0a5766
+	C = b3415a0531cca99a72ecf9f013f5d174af6656c5b7e26eac6d7a00d3d55d68db49dc7f6ce5d6827ebe8bc01a9cf1d7cefe67df530c0ef95800d817f518362ca350d40828871f95103b50e86ebe6b6b2d55cd84db46d777be21210ba5c6f28264bc822253be9858d877ccf9a81665fb
+	reseed counter = 1
+EntropyInputReseed = 057cf8a4eed6f58d08a443c84e8a08b99438bfaa3ca308916dc13ecae64ae875
+AdditionalInputReseed = 
+** RESEED:
+	V = fb9c25d10bd5b36d7495099c8a933441d817045cc4f8d57638b5a0d02eeb3186996295b8dd6e8967889598603fffeb1cd680fb7685d882ed9a7dd27a1c1801dfe36142153a1b4c0e6238130efd74e012c7c5e8c4bfb6bb6e960e9ac4b26cbe71dd82f4005c47322577402eed5a165f
+	C = 84b99fe76c71ba533804590aa8cdd868d5c2fcb59961fac4a22b834dd2a0d8a5b39185c70122589a0961bdb381408f713ac6ef0e40d6692f91da2ff8247a1032ddb7d4fe1ba906d382238b839d05fa92c25080b6ba080d3e6ac3bffc8617a8a01474f253a9a364f154f3beb9d78e91
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8055c5b878476dc0ac9962a733610caaadda01125e5ad03adae1241e018c0a2c4cf41b7fde90e20191f75613c1407a8e1147ea84c6aeec1d2c580272409212f7d80677bbf770866ac8235c6fb9359cae85081e7d7cec9d085c1db8f855103e2970379706cea343cd81babb4016678c
+	C = 84b99fe76c71ba533804590aa8cdd868d5c2fcb59961fac4a22b834dd2a0d8a5b39185c70122589a0961bdb381408f713ac6ef0e40d6692f91da2ff8247a1032ddb7d4fe1ba906d382238b839d05fa92c25080b6ba080d3e6ac3bffc8617a8a01474f253a9a364f154f3beb9d78e91
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c4a8ac17ec39686823865b08008d7599e72d28e54c2f35bca55144327b7cc5cf07941ff39699e6b595034ab53f5bcf7dc0318827fc3796419c5c4c80472b53260c11b4daced6107aa9d3fb828e5363f0b959d492d7695e20ebb57861d3a18d9e385162aad85c1733d2c7342d93fc9f2a118555627e89e20de2223a61fba0f09269e754e0573918506016b326e2badc7a69890bff9decefadcb9e8399c1674be02b642e9d0766ba30d52c6b69869fb3779f887e1278a7814bec295ac557a48287
+** GENERATE (SECOND CALL):
+	V = 050f659fe4b92813e49dbbb1dc2ee513839cfdc7f7bccaff7d0ca76bd42ce2d20085a146dfb33a9b9b5913c7428109ff4c0ed9930785554cbe32326a650c24127cb318718386b88cac9644bb09698b9605419d618e839901792458749bee1e8195d50cc4147f133cc34ad239efce24
+	C = 84b99fe76c71ba533804590aa8cdd868d5c2fcb59961fac4a22b834dd2a0d8a5b39185c70122589a0961bdb381408f713ac6ef0e40d6692f91da2ff8247a1032ddb7d4fe1ba906d382238b839d05fa92c25080b6ba080d3e6ac3bffc8617a8a01474f253a9a364f154f3beb9d78e91
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 74bc83bccea012367f7eae57355ed6720e05347230b001da967e57d4fb937493
+Nonce = f3191bbed8faf01c8ff27a47f3778e3b
+PersonalizationString = 
+** INSTANTIATE:
+	V = ea080591fc05fee94bb96a49f7efb8c11308fa52a7a41b2d3dd1c899afdb50e5b5498f71be2cfdf929987c7939270e91754feeb523faad2feae89cf394aa1c4b33f94c87da32fb7255bf0ddfe9252c154088662d6ef052263fc103d5540c66642c4ad4e045211bd931ab3ffa59d63c
+	C = bebe5bae4dc2f056b06ec3d7b9ab5a94887989473c72e04e10176f47f9dd4c636a63c176b6a5865a292c73892afdd33e2b9d537794fbfb16c0bf5ed644e198f424f3facc7125b828d4b76272f9f772f6efadc7d1fff4ea6c794ece80ca3e751c11c8b7ed0311f4c4122d5a6176f16c
+	reseed counter = 1
+EntropyInputReseed = d07989ab8932dde735ae78013920ceb54658e539ab81b376941bb79f4a93e0ff
+AdditionalInputReseed = 
+** RESEED:
+	V = 5355b443f84491eb44490897a126ff22dd23da5c08ef9bc474e408ed2fcaafef69fbe38217358bdadb61c51fa972d26a6df8c571dbde9deee4575f1532ddc969a1b1c11edae535cab6db53fd33b19223c8ffbb5529f8811c43aece03f61d463da66b7b7bb85fba72bfa733dd6e2fc0
+	C = 02dce3e2e5a7ff66375d2cd7078527320af126821ef6fe69d6eeaf8cbc056c7af69a775debdef44677136e7a3e10350b32e016f7d9ecf7785c92e93a4cbb99b3e4bc40599faa8488b68ea0520adb40d4039ddcf244a603b3e9c1be3e6983572aecb3d19af7422114f45bc4d8c38057
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 56329826ddec91517ba6356ea8ac2654e81500de27e69a2e4bd2b879ebd01c6a60965ae00314802152753399e7830775a0d8dc69b5cb956740ea484f7f9963d82041745951ff00843d9b8b2f0bcb8cfa82134288564d15ce6271b6a2c69c6b9b4151791462639979f56f3eb1f1717a
+	C = 02dce3e2e5a7ff66375d2cd7078527320af126821ef6fe69d6eeaf8cbc056c7af69a775debdef44677136e7a3e10350b32e016f7d9ecf7785c92e93a4cbb99b3e4bc40599faa8488b68ea0520adb40d4039ddcf244a603b3e9c1be3e6983572aecb3d19af7422114f45bc4d8c38057
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 833d817dbba46cd9fd74836fb74e67dd8d1a023382caacc8b62f3d314d2075e2e675485003df137af149b338f9d7b4c0c40067d0ea626fed5764379c6d4fc562d7650fc77b0aa8486f4961d98bba03eae6e25830fb3852aae59f4aa02aed535fedb98e173c7e54060ebfe8c4a19cc76ec6ae56780d5f338261594d3499a05c543f5d9deada94f408d9ff0a33f635d0d35b78ac91793991491441d00b38f3c8b675ee60123853a6d6cf0ab97dfe3262509dbd94e26b104a5551630b147387f11e
+** GENERATE (SECOND CALL):
+	V = 590f7c09c39490b7b3036245b0314d86f306276046dd989822c16806a7d588e55730d23deef37467c988a21425933c80d3b8f3618fb88cdf9d7d3189cc54fe73bfafd7261bad4fe5d6bcf6ce9da9fde6c591ff684e1426f6cba6b411e65cb7faa6e52ea924c70bc442dec818d345be
+	C = 02dce3e2e5a7ff66375d2cd7078527320af126821ef6fe69d6eeaf8cbc056c7af69a775debdef44677136e7a3e10350b32e016f7d9ecf7785c92e93a4cbb99b3e4bc40599faa8488b68ea0520adb40d4039ddcf244a603b3e9c1be3e6983572aecb3d19af7422114f45bc4d8c38057
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 94999ef5db32769d1bdf777b83c3b6e96172dc87ad99658b6b5b46cbb0597984
+Nonce = 3e18b75d2a203958bd346c9b99fd863a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2c1c75430ee472e044b5211ad15459cad7a9c76e366b8966201bfffbde503928ebdd238f7b6c2da0350c2dc6f1845e5a641acfc06ba002f5b628a7c3a0fe43ed755b7d96ba360e74bb80978511f447b2249ee4ac839937a89a99bacde039d920e849e78088af49665d9e47caf35389
+	C = 36e41213bb3963428c43b2cf9c5c62cc4ea1cf68f066cc784215b53375a703c265de4e4c99a23a3aec4b6bbfa178926eca876e4104a1692e55e657a2485d14d9504af5205a6b35f940b0a787d818f720845d83237ff24d2995261f60992c5f3d52ebf2bbdc3a9f6603c7cbb4ffdb5b
+	reseed counter = 1
+EntropyInputReseed = 537d08ed111a377e853a1de7cf025a83416ba4b8a3f5ac533c01b1bafdeab9b0
+AdditionalInputReseed = 
+** RESEED:
+	V = 7081893669849080522fe16d368ce4cb732bcae7d04c6eb96339cdaba292a495c42735f31d56d16caf81aef8794a351d2e71fd8779fb9a6fd59c56ead03efbd9f30b44e4f05964f34b75db0de42994017369abd5a1e792bf6830aac34b81e5fe2d6cfa7c4321f95cca3b5a92b14306
+	C = c01be66022d61e55635b76ca32147c6bc7feb014901b469717771a17542f27810e7b8c046d2bd7b71aefe51bc1b4b6c6877fc04047ed40591955c993eadee939b31648c9d25388d648a800292853cb5cfe7174f6788582255b94cbf9d767ae48275054876f9ca3e2216fec70f53462
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 309d6f968c5aaed5b58b583768a161373b2a7afc6067b5507ab0e7c2f6c1cc16d2a2c1f78a82a923ca7194143afeebe3b5f1bdc7c1e8dac8eef2207ebb1de59d1f86dab0144d0f7cab7f8188705850a45da5c221c458126fe01f8f026d1aff7103a5a1e665615cf7f0bd26fc143bc8
+	C = c01be66022d61e55635b76ca32147c6bc7feb014901b469717771a17542f27810e7b8c046d2bd7b71aefe51bc1b4b6c6877fc04047ed40591955c993eadee939b31648c9d25388d648a800292853cb5cfe7174f6788582255b94cbf9d767ae48275054876f9ca3e2216fec70f53462
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1797e8ab27181ed1566adbe45c541747d678168fbd72078b0d55c203517a14800b52d1159db147fe175627e5192c913c068c03734fe40588c39eb5371478ce51982fb7f8239f448b8fda022987053458811dabe7b7d88dc8d0f2b084a8afcb91fc87fe61780ecff8c827661f7dbf44429d369d6193a9dd25b3b41502f5f35c742f10979c1b553600c2ffd05024c8f82d54d687f6bbe775e57bcc0a147bb3385ee8f3ebb72e6804d0205d201ec0a8d297ff92810971d195e45de778e1e102a5bc
+** GENERATE (SECOND CALL):
+	V = f0b955f6af30cd2b18e6cf019ab5dda303292b10f082fbe7922801da4af0f397e11e4dfbf7ae80dae561792ffcb3a2aa3d717e0809d61b220847ea12a5fccf39cc9a8122e3e542e3acc321987bab25d94226c5916432dadab627dda81b0c6b4dd99270c2978453a5839e27c42c22f0
+	C = c01be66022d61e55635b76ca32147c6bc7feb014901b469717771a17542f27810e7b8c046d2bd7b71aefe51bc1b4b6c6877fc04047ed40591955c993eadee939b31648c9d25388d648a800292853cb5cfe7174f6788582255b94cbf9d767ae48275054876f9ca3e2216fec70f53462
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = f2787e00c2f51244d9bc3782a440017c570f46c5d663d59121440ea7d3b9a4b6
+Nonce = 37f56af47a98c8cf51a6083ef5a78360
+PersonalizationString = 
+** INSTANTIATE:
+	V = 07a6bb0fbc593c09018319eb149209a6983327d04658e559fffbd38e8fb5fb2a73cee118266012a245708c2eb6e003343d5481e14a4ac3cc191d5a3d0f071af49be4572e28f2ef42022646c51ef55fc3532ee1a0deff1b7dc0682d314fab8523782e024630fe00fe62378ba28f595c
+	C = eb0f913e8bb1106984e47e181d429128168de4831df1099116d87463535f4bc2e5bb6d2794b31c3cfb2d7419b528a0d5796746b7cc403bd10ffd3c0d3d32ce68d5a55f1b1b290bc92273e1f5302f97ddb3b536a25c180a31944ea7bd742dd8683dd87ca668b9bc82435a6aea250b0d
+	reseed counter = 1
+EntropyInputReseed = a348aec9b60f840ff0989bcdfe0d4f964b4455a9b61dc1349cd97870f1cd2c77
+AdditionalInputReseed = 
+** RESEED:
+	V = 4c291c27adae9a0346e5caa7b54d9efebcfeb60907fa5cc0bae59e9d07a0d34ab0cd72e031f9ad562cc558351026f37caeea19a12bbfc86d0609fc025fb081c093ebd5177c3fba9c799d55645fb7c313ff82d4f0e7d3957b456fb0533c5f1b19d00081006c80390351be911674c555
+	C = 95f043c0a5f2d8b33317cbbfa1183c4bb34ab5006dd2ba9aa28558b564d3b446b04af182ff505baaeed512f9c13044d0a5c2de149243cf2646f13031ec24bf0341436e7ed0db2daa1a4b3e22f840d47e5a1d743d7658ede56272c3d731a1ec55a0fe68509392d3c9d8cf91a42a66ca
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e2195fe853a172b679fd96675665db4a70496b0975cd175b5d6af7526c74879161186463314a09011b9a6b2ed157384d54acf7b5be0397934cfb2c344bd5416ca2c694bc57dd6dbe2e70db79759b3028ea1189fe7b9a83c26b1179f9853d5915618a4b29b62f652b31b0bb9afa10db
+	C = 95f043c0a5f2d8b33317cbbfa1183c4bb34ab5006dd2ba9aa28558b564d3b446b04af182ff505baaeed512f9c13044d0a5c2de149243cf2646f13031ec24bf0341436e7ed0db2daa1a4b3e22f840d47e5a1d743d7658ede56272c3d731a1ec55a0fe68509392d3c9d8cf91a42a66ca
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3cc0c9205d4967946fabd557e6fe01188c142486e2c849e24d0b46e291691035b2277b00aaeb0b03e3954e8490456904f2bcf868c913ece4beadc44684e16e194db70bd64e1d3331ac97f8169b5bf89de5b7d17ce5386e358bc99480377b876b2cca518775efae2ce738bbe44e44d9fd38855343a76b6d3f47d6afdc6653037f2dce1cf12b57972f1b716be87e920716c01a51504733d607fe8f6aaf0683190da7a663d14fc7806d439449030b3bbbe31a43b662b436e69be650177291834405
+** GENERATE (SECOND CALL):
+	V = 7809a3a8f9944b69ad156226f77e179623942009e39fd1f5fff05007d1483bd8116355e6309a64ac0a6f7e2892877d1dfa6fd5ca504766b993ec5c6637fa015ce304c5232282d7dab0d73726e795dc98258cd24bee8a4c378134ba40ae4ff39ee2ae975c6fc23a47d57c5fb0519b62
+	C = 95f043c0a5f2d8b33317cbbfa1183c4bb34ab5006dd2ba9aa28558b564d3b446b04af182ff505baaeed512f9c13044d0a5c2de149243cf2646f13031ec24bf0341436e7ed0db2daa1a4b3e22f840d47e5a1d743d7658ede56272c3d731a1ec55a0fe68509392d3c9d8cf91a42a66ca
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 199e1e386db6a147bbd111e26b435e424482f3579288e49ec4cd3c3ca5c8f610
+Nonce = 658b4c4213030045181202c40b80fb84
+PersonalizationString = 
+** INSTANTIATE:
+	V = 687f313a4f9ddb9156f0097cc5389d25fc1b6ea40f631b95546f0d1aae31c9b0e6ac0521cf0b2763f2b840b39fbbf1946855620d4ccbd73e7ab69b68c3791c42e55a8ec94ed4ec1b601ccc2d73c9e27d2d9ec665f2adafbc84d7183dd2ded5e0dff6629207248f40510cfecaa09b21
+	C = cba65ec886e74d8b98303a26667548ef4f2696bb50761dce4e42bfe1c94f00b2debaec31313d265c4d25fd6066d0da4bf55d5b7680a9e7a5bfd50729062725ed0938490fb504ab15fc1d8a90bb6da22be30eb29d102423b2812f149cfb0b01cf43bff5f490311bb8616fbe4290726a
+	reseed counter = 1
+EntropyInputReseed = 40faae6a5f89c643db2213882f3d78743d4c7a2c82d9b457818ebaee770c79e2
+AdditionalInputReseed = 
+** RESEED:
+	V = a74d07e274982e0826d39347a1451bf4d8756cdc06d1f21893db5765a8e71bfe62709f497d9025e7c208db975b7815d20b4a7ebdc11f99e0335608fc306bed8844e0d57ddbca3b29b3ed4f4c9d1b438a84ceee707c79170b3e4752972b8c2dbedcefb45ac7b2af012d12138950ea95
+	C = 52b03dff3c15883af3ba795a9fbdbb637215c70ef84ff9e994f02cff28fd39d2bfd902ac2a8e5b5880118299cf59b431774a6171dc6309c8b18da5987f7ba0f21b68dab884920db9bf4020ffb468f7b3f099581f4f47f1b6acd49eee19e41f6e4d9319589e3b2209ad643c29b64237
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f9fd45e1b0adb6431a8e0ca24102d7584a8b33eaff21ec0228cb8464d1e455d12249a1f5a81e8140421a5e312ad1ca038294e02f9d82a3a8e4e3ae94afe78f54a9a15f45bf7c11f883cbdc029d4682b3e087a279040f19152c8c0c80033918dc37191c8ffb8d8ddac4ba0a0086dd5f
+	C = 52b03dff3c15883af3ba795a9fbdbb637215c70ef84ff9e994f02cff28fd39d2bfd902ac2a8e5b5880118299cf59b431774a6171dc6309c8b18da5987f7ba0f21b68dab884920db9bf4020ffb468f7b3f099581f4f47f1b6acd49eee19e41f6e4d9319589e3b2209ad643c29b64237
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d7efacc64efa9b16061779a2e5242482972f56093c3704b2b878245664bc6ec25a4e8458838c675228bb9216c31557d3dc34f5d8122c37826b0eb6d49d849b9205b0b0630567074f4fbcc2afdf36b7e484c4e94bb1eb67944bd58ab9d51d67ed6f9d788ef2fa420505897a55a7d7f266e22ec22bf593271475343a79b411c0694c7d65f5a6687492332f66fd2dedc3abaab8745b33aeba7768ead8e37f016814491962918be3edf6a7770528ff8e031b1c428f8412d01a7526c9c4da630e47a9
+** GENERATE (SECOND CALL):
+	V = 4cad83e0ecc33e7e0e4885fce0c092bbbca0faf9f771e5ebbdbbb163fae18fa3e222a4a1d2acdc98c22be0cafa2b7e34f9df41a179e5ad719671542d2f6330b39f4ca8f1b30139283ce8e540d0482f5514d8fcfd9a3b9ea1be588300b726fbe92f3be7ea68abb37b245b9764de8b7c
+	C = 52b03dff3c15883af3ba795a9fbdbb637215c70ef84ff9e994f02cff28fd39d2bfd902ac2a8e5b5880118299cf59b431774a6171dc6309c8b18da5987f7ba0f21b68dab884920db9bf4020ffb468f7b3f099581f4f47f1b6acd49eee19e41f6e4d9319589e3b2209ad643c29b64237
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 6d0121afb3ecfe5d8f5ab369690059ea22e389c3c917c9e3d11e43f028e84a7c
+Nonce = 7a1dbcc31d667f4b0ede1be363ff590c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 85a1b061971785c4a176885d0d25c4541ef77295da196ffdbdd3473008f08cabf19caac77cbe931a7a8b38ca49be9775578fa47a5103d37e14ad3bf9692b57cd464fc46a78a6879c78de22bca3d8b67efa9c5eb26163da3efb03f9fdd905cb9fa570bc8475d6ef584f910e52291f4f
+	C = 2b6fd7918d4131ccad175f20887b9ab8145fc671f3ea3e72ccc8ff169a8f818bda7a597d597ae63a065850f70c4b296fec22a7226670947296d7763515e443cbaf8e75c384e7226070593b9b9c7b4508844fc182aa292a62d8c79ae81660000e1c7e51e3292da779a8c7473d18eb99
+	reseed counter = 1
+EntropyInputReseed = 60dddf34c1aec40e64a61ba8569a775b0ad16b1eb9734296341ef93464fbf4aa
+AdditionalInputReseed = 
+** RESEED:
+	V = caa0a887dcb722a2fc95462fd09921f4061b09ab0a4d3dc4541569e88585e3d022a78f7fd53c6c97b3a1e73209cfc8fa9ac283d85721cde14995c51ed4261514438843e1c30b33acb3d460c674d1a5a756c0378c2f1b08598ee11f9bd27833f9ee6e651d873bdd1d17cee97ed79ded
+	C = 3457d8eee39ea71b1c3a08bc109e8e53bbe60009fe35053071a065247084f3591258c4d158dcf315011351481e607203176940d107be13909be6cb58d41cf01657aeefeb4d162edf8f0944fbd0651e7f9a7335ab67570363e0f6cd1b09f418dc2f3557a394ea150bb52761fe4f4a06
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fef88176c055c9be18cf4eebe137b047c20109b5088242f4c5b5cf0cf60ad729350054512e195facb4b5387a28303afdb22bc4a95edfe171e57c9077a8430629d536b672be5f1f77d8f56018322f903484e754c045031ebd41e7c84de71b95242afa463d366b5036c945e281fe3091
+	C = 3457d8eee39ea71b1c3a08bc109e8e53bbe60009fe35053071a065247084f3591258c4d158dcf315011351481e607203176940d107be13909be6cb58d41cf01657aeefeb4d162edf8f0944fbd0651e7f9a7335ab67570363e0f6cd1b09f418dc2f3557a394ea150bb52761fe4f4a06
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9cb4168ffd0c8581684034a69dfb926cee692ca862b50a32e8fbc61edc17121c56ccb4e476649b7ca430a985813566e33a6dae83492c6232fecdef213c7f88f260d4cc233a0f4df746a016a8b8d972160b49c5fa17d6df895c1abbb708eff472237ed5fc1c7663ae5275b2f075dd5fd3a8122c2a36b6838c315d851226f562f06eaf2451bed70536a9da6b03e65afddb189eadb9bb489d2ab30ed49eb176a1ab17c4f318595624875af39ce7ba93e3a339bec72dfbde726bc6983c6b6cdf5b57
+** GENERATE (SECOND CALL):
+	V = 33505a65a3f470d9350957a7f1d63e9b7de709bf06b7482537563431668fca824759192286f652c1b5c889c24690ad00c995057a669df50281635bd07c5ff6e8b2e63fdb88ec7ccfa7a072c26e1db8a213162f6864c289629845a5c17bb2a737bc02c203b27e04e49a10418fc03d9e
+	C = 3457d8eee39ea71b1c3a08bc109e8e53bbe60009fe35053071a065247084f3591258c4d158dcf315011351481e607203176940d107be13909be6cb58d41cf01657aeefeb4d162edf8f0944fbd0651e7f9a7335ab67570363e0f6cd1b09f418dc2f3557a394ea150bb52761fe4f4a06
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = fa457931cb2185a90b20567b46821ccde5ff2a0ad624e96ab7572a8cf4c31015
+Nonce = 858e32ead686de7107a564198370fd41
+PersonalizationString = 
+** INSTANTIATE:
+	V = b0dc853afac0a04e45a5bc32dfc3d60db2b394f47882d88627200033a9dd95f78f06262afda6b677c7ff8ab05153aa4681a10dd81c90f4cc95fbf153e9b15d2dd82a7c9d63d1341ccbe677b2aa1b77104d2f3c8bdda8ddb7c15a65628145eda35fb9a17328d5e1e1515e0599d12829
+	C = e0ea34b0963ab984d7ab9c830540d354656f5f1a126b72e7c7d3fb1913613f21568064d244fa1649940f45ca73c12542d110f596fb397915ea722a37fa8705235a7cef8063d617903a944daf54ca70c3ced4d757994fd7c963ed8ef346f3dd0fe66ed1d96d22571972f7883c7979c8
+	reseed counter = 1
+EntropyInputReseed = d301376719f4188d6e165d61ee2a1c15ed9687559b287a175240e5033a827f36
+AdditionalInputReseed = 
+** RESEED:
+	V = d6bf11b61c6cac9f3d7b09a60dd05f85bb4bcee4b3059c40aea586fc5505367d790829e28cc7c756a8e978987ca2c1e62611568ac4a90b3cd5259ab5c12380290082a7c22a38623b09498285dc762b076f871206a497a887ff00dac135cf89447560723c6ac7d4ae5671dbfb64523d
+	C = 48d246a1256dd267f1f279f1e65304bab40a4ccd3694d8901b4514018598195d9c439055d3c473afd62b500b98661a23f12a0ea312117f4a690c6f04717a985e998945721e9bdb94a5827b2956c0914bce1411e7df1e55f6a91ead1159a33c0772c9237efcbf137ccbaa9c73defa6e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1f91585741da7f072f6d8397f42364406f561bb1e99a74d0c9ea9afdda9d4fdb154bba38608c3b067f14c8a41508dc0a173b652dd6ba8a873e3209ba329e197cdc377ee9336859f4f71ca398fb47c1aaf45c3ffd81d67bc9337c98c22febd22e9704c6349661626de8380678c111fc
+	C = 48d246a1256dd267f1f279f1e65304bab40a4ccd3694d8901b4514018598195d9c439055d3c473afd62b500b98661a23f12a0ea312117f4a690c6f04717a985e998945721e9bdb94a5827b2956c0914bce1411e7df1e55f6a91ead1159a33c0772c9237efcbf137ccbaa9c73defa6e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1ff39eebc56f2be5ad2d497f717a99af2c01a12e95fc2aedda6e89f771e89f0fa101e9be7e524c2df4ca5f9ea58371464b8cd8646cdd0d173db564a929efe36bd9a8e0d590653c8a0dbe9f56badfd9ae580b0590c16b6e965298c06a1351d4a1108c0449f7284ca4f380605eb626303c9fccecd9458a5a5f0b9c21d9157b8788d6ec1a88840f2af135bab5d9c20b0be190867c9a5d462bb67e84b724e200aded1fc03428a7218445d7268d5141f3f9cea3e67fdaf12b9d2e8495348a5c66327b
+** GENERATE (SECOND CALL):
+	V = 68639ef86748516f215ffd89da7668fb2360687f202f4d60e52faeff60356938b18f4a8e3450aeb6554018afad6ef62e086573d0e8cc09d1a73e78bea418b2be29a9fab28b739563782aaa77c0d73ce535ecc2f3d8061ced13ae4b1b047e944d342a280de6cf06581f60df8c3531a2
+	C = 48d246a1256dd267f1f279f1e65304bab40a4ccd3694d8901b4514018598195d9c439055d3c473afd62b500b98661a23f12a0ea312117f4a690c6f04717a985e998945721e9bdb94a5827b2956c0914bce1411e7df1e55f6a91ead1159a33c0772c9237efcbf137ccbaa9c73defa6e
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 864a923f9893e7b95a6ebc54945cae4c86f1c137f5c152e5233f7d7721713ee5
+Nonce = 5fe1b8c035a74dea52a2ceeb726f2b6d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2604ca6cc6b05b1bc2f6dae50a0286eaf86e231ba3eab79b0cf7e847b3468cdcfbe5c66e50bdf9de7731343fd5c6f856b5c470aff4ff1ec1431e243b15908cfc2d7d9909e1a43415d0ff7f4d9b57bc209d1e775907f08935ffac48b0804c0ed18d12ec429ab6df748b74014997124e
+	C = decccd7a133ce7988b862129401a5674e7777448be562f7ce171537351ca675955666baa8510c52c66257123936903225e6f7cc6ac7c31322bd0a9293c59eeadbb8139e63285a2d1fb86c764efc16b0f0708f555cba0206025e7a64e686d6de216585053b2dbe4e12e2ca7d769d5da
+	reseed counter = 1
+EntropyInputReseed = 1a3395c354ab1fbec94b921d94332782e1791683df587da5c9ea5d10db02a198
+AdditionalInputReseed = 
+** RESEED:
+	V = 3e6af146de5c3020ed7731cd453d6959a9dc44018fbdde82c9260de22386c6fb7d66e59f6c2f6f4edf6153b9ec8cdb8e752ca2aaf93bec6c1ced1083bbce351237652c4a202cca3b785663447b06812f37919c8a048a45fa8f30fbef41aea9ef3319658755262ff9f70306106a1cbe
+	C = 8fda82162990a44660cb0e0e38d810fa13189916a5e8f9cf78d748fdcf8e12c1062fd61ac1d45ae4ee97548c6abcff1938487d8c665cd743e0cb32abfa260e70551b0762c0788dda14cb9e9028ff7dda49ff72c04ca3f52453b8adcf1dc41808d3ebbde82bb9517ccf4325eb8ea109
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ce45735d07ecd4674e423fdb7e157a53bcf4dd1835a6d85241fd56dff314d9bc8396bbba2e03ca33cdf8a8465749daa7ad7520375f98c3affdb8432fb5f4444dd8eb8b91f5d63178d8719223d19ee31d5bbb3b721a31bc3dc04bde1a06e6b7109f924728f35c1708ecb9874e050c28
+	C = 8fda82162990a44660cb0e0e38d810fa13189916a5e8f9cf78d748fdcf8e12c1062fd61ac1d45ae4ee97548c6abcff1938487d8c665cd743e0cb32abfa260e70551b0762c0788dda14cb9e9028ff7dda49ff72c04ca3f52453b8adcf1dc41808d3ebbde82bb9517ccf4325eb8ea109
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5d7ae9c206dc91c2c639215a00e1e62203a3c61df5615abfd5de5d448fd44639cc5f422a17b443879c2ea5255b918abbe6c7f2b995e3e493fe859617125890fb03013b943959a12db4b59eb259ad2534b14163d4f2f3a18a29e8bf0aa02ddd7ef9f9e3eff2c9143b1f77072d862fd400d8451664344f70d191480e278360f516800414e2685a20374961605a5f82cf5d2c9eb69e5fbf69d9c6d8ca30208e700e4fcef8866d1495e59c8117d0c0d8195061dc4ccb052b57c190901034db9bbdd7
+** GENERATE (SECOND CALL):
+	V = 5e1ff573317d78adaf0d4de9b6ed8b4dd00d762edb8fd221bad49fddc2a2ec7d89c691d4efd82518bc8ffcd2c206d9c0e5bd9dc3c5f59af3de8375dbb01a52c728c246d9e8f822b4afb48f380542390936cb859709bc0a6b6598fade4564e8cff893960db2a0f7d5534060035f58ab
+	C = 8fda82162990a44660cb0e0e38d810fa13189916a5e8f9cf78d748fdcf8e12c1062fd61ac1d45ae4ee97548c6abcff1938487d8c665cd743e0cb32abfa260e70551b0762c0788dda14cb9e9028ff7dda49ff72c04ca3f52453b8adcf1dc41808d3ebbde82bb9517ccf4325eb8ea109
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 1f257fd989a33158e14c52298647dbc4f1c155e2e36eb742d9ebe13985017b24
+Nonce = fbe848abea206ad6b4e4322ae36b1073
+PersonalizationString = 
+** INSTANTIATE:
+	V = 62ba86ac9b8b3980e880c1a9a0cb1eeda3a77d9df9496fe6f0b261c6e134f037ef172e4cba994b27c045743b7a7d09b653ec21b3915e97f989abe20eaf118754e19d7a6b05dae5fc2c5ab854340915fa3cf1cc2c0a288a2b150ba07f58865ce8cba14972686f91b3a0c315a02a5eab
+	C = 8e2f3bc91a4fb0bd6955b3b28c3e67a1f20c1d9d2c78ed190b0a4da8a0de525ade29f491ef059d619a5ed8b982f89957c79fab3c70c8f57980752c16b0703e61abbc35894d341380fb39e155fccd2c0917e268390cd934c14898cfe143051d3d8566415369e5c2eaba72e68aad1dd1
+	reseed counter = 1
+EntropyInputReseed = 7eee4e65db0e902519550d23ad29483a157a08aa925bafd84b890f3e1846b04c
+AdditionalInputReseed = 
+** RESEED:
+	V = c0172f5429b0f99a721eee8737804a26855b2977c702e0602964ef7287cdf8ef9fd76ce35830a24fe0189a567bdaabb7bf4935cfcb6b469db67a905ad55160a907abb1bd879ca5f45f70c56318efc2615f918e67217aec8b02b108d2eb0eb85cc03766f59b9db02614c2d3fa050cbe
+	C = 5aeccc3529c579060b4b6b42e1175c229df4293dd743322011882b42884ee415db906bb1a51321b1c3466f3be1b471d3c6c4113453e7496ee03b41657d8f95b45537d114612f24dbe81e1981b5d6e91da7d671967292ff0cb70838fb787b95ff3a3e6241ceda6dc79339b1ce24b784
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1b03fb89537672a07d6a59ca1897a649234f52b59e4612803aed1ab5101cdd057b67d894fd43c401a35f09925d8f1d8b860d47041f52900c96b5d1c052e0f682822d691cdbe70f000610e1c575e748973c58fe4d091f9fd0c8726ceea64d0bc405ffb4748d3418fe96a4ebe250969e
+	C = 5aeccc3529c579060b4b6b42e1175c229df4293dd743322011882b42884ee415db906bb1a51321b1c3466f3be1b471d3c6c4113453e7496ee03b41657d8f95b45537d114612f24dbe81e1981b5d6e91da7d671967292ff0cb70838fb787b95ff3a3e6241ceda6dc79339b1ce24b784
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 72552162572c361374a33ec92928e8944f54c479a19aefdcdc031f69f40fe5e19b51061c633a4cff1ca93e24077a9c61a64bb078fcff763a055d0225e73c8d14621ddb440b74ef1df5d521932d2da5d64616c91971202a8091e341cd391bce5e73ca140502a523a818af465f50f6a75a4e0242fb4362a196a2b90c4a6ed81faa1fe5a1bb558fdc911dda64b1e6fc5759bd13723a80c38831ce6f5331f9e022578cb87659f0cd22ea1e89933ea8a9c41bbefc75792b0d2a65b151feee4d60d930
+** GENERATE (SECOND CALL):
+	V = 75f0c7be7d3beba688b5c50cf9af026bc1437bf3758944a04c7545f7986bc11b56f84446a256e5b366a578ce3f438f5f4cd158387339d97b76f11325d0708c93efb85c8731f1b2812e3a597c51eda296b3b64cb30303812fa11c40020383988d9bf3b2ecfe30b0246eaa46a53df76a
+	C = 5aeccc3529c579060b4b6b42e1175c229df4293dd743322011882b42884ee415db906bb1a51321b1c3466f3be1b471d3c6c4113453e7496ee03b41657d8f95b45537d114612f24dbe81e1981b5d6e91da7d671967292ff0cb70838fb787b95ff3a3e6241ceda6dc79339b1ce24b784
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = b2f0b9455505586124f018d818d230309335651993fc66a1a5f845f9f4d04096
+Nonce = 40d7a9c35437512a30af23cb96f2964f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3aaa00b07eb12f6e619d553933fc25bf9e8efafa21fa5445ec61121f9329cc0ea44e751d80bb5b75a1e2142a68078467374f83bcf7619f1dc6f1779f2083b012cb95ed02afd9fea9be8df3c929ffe3189e7709c6fa13af8b2a122be0e7f880d3d8a53743a57980c34fe0b68a75ee09
+	C = 0d5dee59b39562209cbb4197f8eba4a270f89bcd7e5915168441c87a145e771237bf4b57aeb99d5df88b5bf02bd03e4ed9e046bb736f659c4784aa3bcaf8aa6153f3ebb27ac6e0fdfd639bec863c1e7fa2ed4e8b766d4f6913128f657b73f3dae6fe6d17b0cde8d5a1aec4bf6e99a1
+	reseed counter = 1
+EntropyInputReseed = 6448f042dcf859c0d2d5f62333b6cf5c59c109bf93b53977c2a34de736fbc1cb
+AdditionalInputReseed = 
+** RESEED:
+	V = 9648efa4a3298b421724ebcc48f0ca2062e9928c625badd0f6bca5f5e725934e935be752dd5b835f86c5f943d6d6db94d6bd2d9f908cd7e2b59c69d3a917e94fa76f70617a298835d2919f95e14c0f37ab61e2f6da9a581d89931457f7afec1648cd62926e60736d5884e9ffab705d
+	C = ea5a05ec9ac23b9f07843193ee81a77e31947230018773f8f1677e7e49097101949b553239358eeac5bb61ab6776e8c895b6241ed2a4e6eb93e8b3b1def5734cce70e14462d7e3373f640605b62ee45833a65b5a0b73e10e94e7788f1cda3f62d3f6c39b753d9c7d1b1eacff0bf8be
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 80a2f5913debc6e11ea91d603772719e947e04bc63e321c9e8242474302f045027f73c851691124a4c815aef3e4dc45d6c7351be6331bece49851d85880d5cae616f6c6f3f15775a06f74c9719ab6061420c54137c1fa10f4107b311f6af12b2aa6adcc95fc6473370347ebe8f9da1
+	C = ea5a05ec9ac23b9f07843193ee81a77e31947230018773f8f1677e7e49097101949b553239358eeac5bb61ab6776e8c895b6241ed2a4e6eb93e8b3b1def5734cce70e14462d7e3373f640605b62ee45833a65b5a0b73e10e94e7788f1cda3f62d3f6c39b753d9c7d1b1eacff0bf8be
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 91f6e9a3b6311a2c1794f2910e522373225f25c33b71bbdc73e0f2374ae5e9724580b8467bd3bec2451512c1e108ecab60b130037127df4995739d6a6a2620c536939d3a4f9b6b9d1b31bb5f1798b71e8e00bc11444041e59d65a8fadbf874ccf059552e763857a2ebae7cdc0d8bcb537c09814434ce0add7cb58eb5671460fbd52b876b5fa297a173bbbd30d6c4bb6680539ba7fa4d987195507d49ab96d1c17958adb9b7a5f048dd7e29b12b94062ec6623614b2d55456914092512ee2399c
+** GENERATE (SECOND CALL):
+	V = 6afcfb7dd8ae0280262d4ef425f4191cc61276ec656a95c2d98ba2f279387551bc9291b74fc6a135123cbc9aa5c4ad26022975dd35d6a5b9dd6dd1376702d0a3208aa5bb5dcbb7b38293d4db4bc4dce4991edc7dfd9f686ca98b6a875e649e6bad539a88310b7907d79dec4b7f2a9f
+	C = ea5a05ec9ac23b9f07843193ee81a77e31947230018773f8f1677e7e49097101949b553239358eeac5bb61ab6776e8c895b6241ed2a4e6eb93e8b3b1def5734cce70e14462d7e3373f640605b62ee45833a65b5a0b73e10e94e7788f1cda3f62d3f6c39b753d9c7d1b1eacff0bf8be
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 50d09c1c3eccb57eb084cf4fc8aba0be5d9cb8b0fa5f87d3115576635176e7f5
+Nonce = 31918b1dfa5b1ecf88a495239052e0f4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0c5cdda8974144fef2655cb6ff25166e8005145fc4d1546fe270de02a8c281565a80b0741bc93c56ff993ccec04cf804d15779ac0c69131a40adf5f6cad1d620dcb1480e80611b9f9fe4d9fc9c1550804d3093afab51d56b5d979fdd00c640c7f5703e24b23adabc48ac5234e8f28a
+	C = 07220e60b72592800ed2a2f5dc05dbe9133f6136f1dd80b5057c80a58dc6ce7fe5f89166790b3becac59a952cb69252d8c69692dd1231912c199a3122ac6a6d64b2d998afe2ae40b7b782a22af274d67854cb41c01811fdc6eaf479fc7ee033b457eea7ba838c64cb3bb133fda2ccd
+	reseed counter = 1
+EntropyInputReseed = 7cf3194025093ef80248b1fd70ae38025bdbce1805677aaf50491a57f4193934
+AdditionalInputReseed = 
+** RESEED:
+	V = fb136ad0d87269f7fffa8b85c435af317feb7bbbe68002a6c37d0ae05aabad0d8d75287ee7c398da564115bb19d7dcbaa218c5fcb0db2c2dbe29defbd6f3c49c283bfeb8f0ec17533bc39583e695f094d70b7aa59de384e3dfdc9f462ff3a898b885825efbd939ab12549922953a04
+	C = bf6f98d9dc3b3c92817c00a78ede57c446993ccb375268555ee9f9a7a85153d18c30e55cc08cab3c0a7628891658ef15b68936f7681710a3afccd98c55a30f414cbef787868b0140dbbf23dad116178120e8366c5141eafcf1188761d5a497f6c93f04da5e2f9dac09845f86732504
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ba8303aab4ada68a81768c2d531406f5c684b8871dd26afc2267048802fd00df19a60ddba850441660b73e443030cbd058a1fcf418f23cd16df6b8882c96d4555576dba980144f21d855e16c8753eeebaaed58a750c23db731703acdba4db590941387c985f2db25e2d8bfe8e37d36
+	C = bf6f98d9dc3b3c92817c00a78ede57c446993ccb375268555ee9f9a7a85153d18c30e55cc08cab3c0a7628891658ef15b68936f7681710a3afccd98c55a30f414cbef787868b0140dbbf23dad116178120e8366c5141eafcf1188761d5a497f6c93f04da5e2f9dac09845f86732504
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc08b2a391573eeb7f77cb79435fdcf88fd88e82ad09cda33d2580ec9a11486de39ba210fa1326ab76390b8bd927458121c0784c3f9d947dbfa1fe227f0c5ac64b94d3839cfd9ca093b7c490051c187e72977fbcb3e0b248d870af3bdaa69ab022eab17c58a3256916d7b4033a183f44e94fd4e9586c52efd2df0e9db4487ff9a7664d668c4760128a2e2a22e81f590c7735db60161b01f7d791acef8fdd1f63e9d07f7bdda5f5a6cb2e7d9b1b9b405b09a5ae255a3a5e2526fdedf8b39b7637
+** GENERATE (SECOND CALL):
+	V = 79f29c8490e8e31d02f28cd4e1f25eba0d1df5525524d3518150fe2fab4e54b0a5d6f33868dcef526b2d66cd4689bae60f2b33eb81094d751dc392148239e43acfbb1633368ee31b1d47e9b765be210aae8d9ec9c1845e0492a18e94e9be4e108847f8b683da7f96c57f6c0ef47050
+	C = bf6f98d9dc3b3c92817c00a78ede57c446993ccb375268555ee9f9a7a85153d18c30e55cc08cab3c0a7628891658ef15b68936f7681710a3afccd98c55a30f414cbef787868b0140dbbf23dad116178120e8366c5141eafcf1188761d5a497f6c93f04da5e2f9dac09845f86732504
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 8b16394443b333bebf4020c3519d91b8a813a957a9d0767bcf9b459c73769466
+Nonce = b022bc3c5136a69d56ed554fdd4021e3
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8eb7b6d93a540138fb893e161a9f4d57e407e4d16c9c835c9ef694076946091ca5d8f1c335c1e33f5db2797938acfd963b3e5997e1d27cbfdd181b8c0181e1b63cd0c576df07a94f41f7b9bd21f878a559f75997e212f046f986618e0d2e949aa71d1e76455c90b555b56aa4fe6f55
+	C = 88fb4b64542c9e0cec0557b06e97e720574b030a38a237118d27c8bb2b8fb7f65a097763cecf9f97d513713100e5cc52c82fea9416f73b07ec2f86ac3850b1270d0beb5ca2cfad99dd26499350ca71a9c3322acb7898c4be9e00803fe9e7a55f10b536fa128f773c8bd05e9ca0c381
+	reseed counter = 1
+EntropyInputReseed = 746c7e786f324979c172baf2589aa30c29be16ffd10274c8c04bc98cbb29e262
+AdditionalInputReseed = 
+** RESEED:
+	V = d1646ab124621f033b8d69f7d0b18d7cb97c41a300773e9e294877b065a2f46eba17abcf5fc58ac13dc760ec62e9d6dd431d52d8f1104bb26014beed7a754d4f38449d6eafd59737b45cf1e740f8cdb127b8b7edd97878200905875c4a74bf9edf3f66538c9351ea1b304f13727b51
+	C = cc6612e12c1be6114efb6fed21a858127d0c250174b668906a41477d1b5e124c958c36d52e135181b0dea65526a010144990981fc8f0ce773cf086022fbf8c5f07d78f779a4de92f1447f6a33b0e24d6b11b0f70e981f42a16eafa3433b56f5a441d5e470a0b84ad3cb49a4f72c9b9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9dca7d92507e05148a88d9e4f259e58f368866a4752da72e9389bf2d810106bb4fa3e2a48dd8dc42eea607418989e6f18cadeaf8ba011a299d0544efaa34d9dbd3a48b07abbe9c618f627cd2890bddba88cd76a419b5c060ae02ffc4c71b79b439da3d81a2d8bfece1a38f2fa3bb7e
+	C = cc6612e12c1be6114efb6fed21a858127d0c250174b668906a41477d1b5e124c958c36d52e135181b0dea65526a010144990981fc8f0ce773cf086022fbf8c5f07d78f779a4de92f1447f6a33b0e24d6b11b0f70e981f42a16eafa3433b56f5a441d5e470a0b84ad3cb49a4f72c9b9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c126ca7138c07c3503018458c80186d15c70885c7551caa3699a8c168db06bf810896906be69085c3584d396cbbb69af58dc3ef8c50539bc2992946dc2127a8fd2d6f8b37c5afc4a7c9f247ec54462cf3c923df8e18c3562d41599c08e1c646f22b43563605e6475439815d269aea38c3a4222930f6139dca799a411a4de77b176aecd731d6a3f676db19bfed39834501e2dca4097a4dff426f579d97aee39c9f8e022cb91fc6276be84ba335f14918a345418a4574d04558d9b396a15e670f6
+** GENERATE (SECOND CALL):
+	V = 6a3090737c99eb25d98449d214023da1b3948ba5e9e40fbefdcb06aa9c5f1907e5301979bbec2dc49f84ad96b029f705d63e831882f1e8a0d9f5caf1d9f4672b9cebac582910be3bb3eaeff9a7e9327b6ca4f12da40bc534a21272204c3b3e2e87a7e34447651a9228653d14d7040e
+	C = cc6612e12c1be6114efb6fed21a858127d0c250174b668906a41477d1b5e124c958c36d52e135181b0dea65526a010144990981fc8f0ce773cf086022fbf8c5f07d78f779a4de92f1447f6a33b0e24d6b11b0f70e981f42a16eafa3433b56f5a441d5e470a0b84ad3cb49a4f72c9b9
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = d82aef0c80eea1cf49f892282a2f929bf3751f54e4717dfa004b08d84cf64148
+Nonce = c9ffd92f7f54e31b39c5d58b3bea0a8b
+PersonalizationString = 
+** INSTANTIATE:
+	V = d63b0c88823313f6cd8ab4a04c03b175de3cd81f16831fcd15065b6a58b3cd559abad5792b28f16368785d580facc86c742460e2b4907f231a032a6595dc0b1dfbfb2baba21421f5cab450c72013e9d19c6a7b1698db4045e94f282d6f20ce1649721779b7d0aced92bbd9f0f525c3
+	C = 47485dc85bba2eda827e4db86afe84e8f5b4d4917131eba84def78001586e4efb6b83c3590956df1f0efe7800e7bd9d410f19fbd63c0e1734c7d3c7761aaa6c357598bafe6bb6b75f667bd51d3ac1a1af69e60e2b699d761d2eef728d9dfa4109a0ba7b662effeb651c3fedfbe7b09
+	reseed counter = 1
+EntropyInputReseed = 3ed87aaad9aba5dcae35feaf6e85e7767c4838451ccb502e5610ad0495b852e6
+AdditionalInputReseed = eb52b5959a25ce1030cd6a6077ae675af2eb0ecdea2b710a196f1e36da40fb6a
+** RESEED:
+	V = 710b71dfb9b68e45efeb42a946a1a102f498f0d13b460415ee864fe4518dab4b8f145579d3a4f1ab55e68c84c70aea2e5f21cfb4d2305171b01c94e2abbb0abfa3ca69026446f8ecfcb5c6c6b342414e0ac7cbed4485c76b35d2ffb5ab9c8590c71e3489422c19d9ae1f57302ec71d
+	C = 71737a438a5461692d36a771152c686459b00ce87b9eb1bd895914f04858412a7a2a891b36fcb4027e308fb8392b62591c62e0b8a95956be5277a595b2d21bc48e32e49c61d745f651d84b9f8d796516b087d7a39efe75e71f49ed40aba83705d195658521b6429076ef6295cb6541
+	reseed counter = 1
+AdditionalInput = 8fbf6a38c5e050d5bc6288132050ed7eac755462ac3781fd1300f342a4566054
+** GENERATE (FIRST CALL):
+	V = e27eec23440aefaf1d21ea1a5bce09674e48fdb9b6e4b5d377df64d499e5ec76093ede950aa1a5add4171c3d00364c877b84b06d7b89a83002943a785e8d26e7a0f95c4cd07748f8c19954f8ee4021503d551f0da10208ed4a1662a2d54bf386a3a5e03ec4d39ba6e48674a28f01ed
+	C = 71737a438a5461692d36a771152c686459b00ce87b9eb1bd895914f04858412a7a2a891b36fcb4027e308fb8392b62591c62e0b8a95956be5277a595b2d21bc48e32e49c61d745f651d84b9f8d796516b087d7a39efe75e71f49ed40aba83705d195658521b6429076ef6295cb6541
+	reseed counter = 2
+AdditionalInput = 5af9e2b27a5283fe3c88cd70eeea0379b007ee0e416d48fe17921ec182c22865
+ReturnedBits = 3c998261e415d33207332fd9a076db3efaa5440bda02affbdbd5533695c10dcb77e0f05e17591ff57977dc4bd15e4d88ef741a9b4aa0b4b0fbb438f65295269f812bbe86fcecf76a9852f30bf1c829683aa5e642057df423963a7da0ab08daf516cdb04bc3e43bfe0c73610db59e6718f97433093e025352d2a0e537ef6e08d4b8c63edd0a05e9a43be07178a305f8c1f2e02431931262dc85d28dc5bec9856fe3eefb1869da8ae7f0711c3e3a157d3caaef8192a4c1879d40fb3bed8eecae4d
+** GENERATE (SECOND CALL):
+	V = 53f26666ce5f51184a58918b70fa71cba7f90aa232836791013879c4e23e2da0836967b0419e59b05247abf53961aee097e7912624e2feee550be00e115f43703bbe12c9fd22d9645753f9aaedeb64a929df8582e7fd945294471faa4074ab493fe0ac71ac009738767b2c9f0964c2
+	C = 71737a438a5461692d36a771152c686459b00ce87b9eb1bd895914f04858412a7a2a891b36fcb4027e308fb8392b62591c62e0b8a95956be5277a595b2d21bc48e32e49c61d745f651d84b9f8d796516b087d7a39efe75e71f49ed40aba83705d195658521b6429076ef6295cb6541
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 09dba618de17089c6d05474847e6f84f7b412b62a3d4e84eb0b2c19195a3ac66
+Nonce = ef0fa139712c043f2c131b7d0f0a7dc9
+PersonalizationString = 
+** INSTANTIATE:
+	V = f7412d32c37633b6301b0d368b5fd02e274420b671079c0f3a687f71c11c3541b6bb0dd13905931ea5e55f5ad1b0cc1c60698fb60405774f7d100bdb91843768915985cc4d9fdabc4c634262bd0ac6e02668a57ee7ce39c59d81e3f8847246431a86980c3c97861aef57eb87c931a2
+	C = d9362d9d0b8a3f9e5b169b6248116e8a661393e7fa04a4be4269293a911726face1341db197bed96a87a2f044abe3589f4bf0e3297b67b26db86a6c02804779aef1bfdcdd9ace23a085a1591ede7ba1e5391a3746606425947d4dadd5909d19c8937534afc2d8259e9bc286bee2ef4
+	reseed counter = 1
+EntropyInputReseed = 2ca2aadb5b700ffb4cd97a078c10dcc4367fa598f1c0740e775c1dc5917c9d3e
+AdditionalInputReseed = 1522cb884a7bb9e35c347a01118d8c76c0e01325c92ce1e94138c337193b5680
+** RESEED:
+	V = 6b16372db4b6f3618842f1b43b6480b12ea1229da9a531ec856d99b72d87f393ec3b5623977522ae33e2494393dfc493d40db4d85518ef77c1c49bcb5b09b91f691ccda49b94ffbd549e261b3bbf06e012894b58d390eab3c6bdd1be6e2dba66a4b525b16a7a0642ea5b076d5d1352
+	C = b4586802c0242eb225804ca638c7d662e70f5e42605453c6085c76d336c0d2f3ad538e4b53729ade5394caa50a89a9e89092c56adec90c0ed7516210e030e3d3b77204d239d75ce9b1eabf2ad62de13b324c983be3991c1f84de693e6507076131b68568bb28aac64037073185a290
+	reseed counter = 1
+AdditionalInput = da37236597fa4aa0aa70ba591ec2682dc9bbc65b0dfded3748952a2f4493988e
+** GENERATE (FIRST CALL):
+	V = 1f6e9f3074db2213adc33e5a742c571415b080e009f985b28dca108a6448c687998ee46eeae7bd8c877713e89e696e7c64a07a4333e1fb869915fddc3b3a9d18633b0c8551dbeee8d2327065961914b95a314d9005342e71ad01d7bfc00d96d5ade96749e3d49d9c00841d40e0defc
+	C = b4586802c0242eb225804ca638c7d662e70f5e42605453c6085c76d336c0d2f3ad538e4b53729ade5394caa50a89a9e89092c56adec90c0ed7516210e030e3d3b77204d239d75ce9b1eabf2ad62de13b324c983be3991c1f84de693e6507076131b68568bb28aac64037073185a290
+	reseed counter = 2
+AdditionalInput = 43670ca6b4b93243db4f28d47722381f14d005e2cf5bd2f5c4e3e5d2eaea139f
+ReturnedBits = dd333186c5307253f9daf1451f38a0cc5d8605fa2c7df35638137ac87d9c9dbc35bcae54741bc7c139b55408123332ca2bdd949ba2791a7cbaa240ced48738e0a603bce126d7bd4e18de8e6baef114851d0aaa4af3f64b4654159f6277da0576cba1e5bf3f515d19b9baea67d287066a9c35d7cdb664de820884cde082542305295715d0217b149d1c6dab9b7bc297ad61cc4716f1a718171acc57e17a820081773ee402eb8ce57eb15bbaa8934e2d5e1ffe51972a23b85aaff9c1a607b806ca
+** GENERATE (SECOND CALL):
+	V = d3c7073334ff50c5d3438b00acf42d76fcbfdf226a4dd9789626875d9b09997b46e272ba3e5a586adb0bde8da8f31864f5333fae12ab079570675fed1b6b82d5e83041e2bec1cf0e397fb03d734aa7ea5882820ef3d6def9a94bde5a150fecd49e982b454e78e80d92c7f4b6ca2b2a
+	C = b4586802c0242eb225804ca638c7d662e70f5e42605453c6085c76d336c0d2f3ad538e4b53729ade5394caa50a89a9e89092c56adec90c0ed7516210e030e3d3b77204d239d75ce9b1eabf2ad62de13b324c983be3991c1f84de693e6507076131b68568bb28aac64037073185a290
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = c419a14544d205fe1884d07d0734cebbdc739b8fe4a4f9d894504e01f94d2029
+Nonce = c982e021437fb30ad039c613d1e9c3c5
+PersonalizationString = 
+** INSTANTIATE:
+	V = bdee70c766f56f77f03c0aae24e75f2be3885aeda7a2a57bd5966fc5925d66111537bb809a5b515c288b694e04c8e056bf20902c9bbe4e27f418dba38a478231524e7cae74883be4ffeef9a5d916a513c2e13e8bd70b6c837abbe711a070417262b68d2aa0abcb9238393502cbea98
+	C = 27bd014ff3538578349c039300c1c2d682b58b73e772364b8472461665bf674e5e4474b69d99a34d5c0d28321ff1e1912e3958a301602dd00bd95823ba4ca0f4b6f985e91112db162cd8c7e3228df0fab37a1b2ef480c28417322c30fbde0d15a80e8dd86234f960cfc00cb8d3fac0
+	reseed counter = 1
+EntropyInputReseed = f856a36e9ef960e8cee03a8d09b9094b95aaafb9dcb1dbe1b7574792cc498ad9
+AdditionalInputReseed = 83da55702e36dda245d8b50a9ff53bdd2aa4add30710261506c2451b0f27372b
+** RESEED:
+	V = 5e49747f4daee96884484840d7f09097de82dc6883b9b20219d69fa0ad17229c3227c2dc82d65c7b776608f26129895b3080230a00d697a71f0ae148dd6345678da2d0ed9b0d0112d4f308aaa610b0fa6dfbb53b0cafb821343292a06b9ff79c62102b9aab4dbb901f8ec1162f1dd9
+	C = 1b5269cefa3f5eacc0a6895b952ebfdc023094cb0ead9ec89799d808a88c082b52ac2ce3b4667fce00f7e00a8798ed4d1825f0d61ef795a5ba127691204d2be58833a3a4e030c9ce8b90ff54c15ed2845b091bc6e26724c4761b1b1adc34946aebae24a395e0c5178b23db251669f6
+	reseed counter = 1
+AdditionalInput = 9d730d4607118f85bb7c6acda94fc6f9d5287d7ef4208dded8bb687f857ccc5f
+** GENERATE (FIRST CALL):
+	V = 799bde4e47ee481544eed19c6d1f5073e0b37133926750cab17077a955a32ac784d3efc0373cdc49785de8fce8c276a848a613e01fce2d4cd91d57d9fdb0728f3febeae918facb5e60348fbae9f36a5b02147db2c12de63fbc249833ae9cfdc2b9e024932950cf2080fae86c4cf455
+	C = 1b5269cefa3f5eacc0a6895b952ebfdc023094cb0ead9ec89799d808a88c082b52ac2ce3b4667fce00f7e00a8798ed4d1825f0d61ef795a5ba127691204d2be58833a3a4e030c9ce8b90ff54c15ed2845b091bc6e26724c4761b1b1adc34946aebae24a395e0c5178b23db251669f6
+	reseed counter = 2
+AdditionalInput = 4434c3a44f56b7ac9c840795cca2f1264e619987bec689ea384fd081232ac270
+ReturnedBits = 791a928a1f11a26e8280b48a9c6f2b4652f4a47d9744ea3e1fc274a646c1bb7673f7039f6c041b177044e710516c6ad9de9501ad780ae9694475163737f900e67282e3b15ec898ed4a2b2ac1a07fd643021e59fd5d365f87e07838ee922afef2b8b5fbdc92dc00466d6d1e32258a02999bbc7e9ab39f7206ae6b92c325bc064e56b9ea239feb37a7d4fd091d23c5d5f8f1ebf80aba67fbfdd409c964b5f7cdb17fd1cc0742c85967a5d7e7989217723e64267d04187858828fb6ba646f450343
+** GENERATE (SECOND CALL):
+	V = 94ee481d422da6c205955af8024e104fe2e405fea114ef93490a4fb1fe2f32f2d7801ca3eba35c177955c907705b63f560cc04b63ec5c2f2932fce6b1dfd9f8bf57ef4b8bd3d7fadc05933df60bbba5a7a02a7c186552facb3bc1e4a061fa310b22a2ebcbfffe3169fd45a49e4632f
+	C = 1b5269cefa3f5eacc0a6895b952ebfdc023094cb0ead9ec89799d808a88c082b52ac2ce3b4667fce00f7e00a8798ed4d1825f0d61ef795a5ba127691204d2be58833a3a4e030c9ce8b90ff54c15ed2845b091bc6e26724c4761b1b1adc34946aebae24a395e0c5178b23db251669f6
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 62a081a16b6c44e346cc313f85c874bd5d54fbb55c4f23a3d9610ba1e9c22543
+Nonce = 9829b90609642ba802dad8294694349a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 93841ea92899c4c0e63a595b9e086e0e576f16a1d88177eb7f06b0112c1405df54c95f88d08d2e7ebd04cde938240c336e9a70c6a2472ee6fe1bb755f86dd23a49a84ffca126aa30bac0c841083588737254a315e71a050284b5bdf9e74a92f40c44c1ae01f6541477321091e17a93
+	C = cce1ac9330459dd2dae4d8cd7d49e8e9e99a716951ea199b67f27800aa19a0d5130158a98de524c52267f66370336c153e0b235323a676c3667edfe636b68df1466b7f2d932022a1151532a6116d4a51a7b72f1ac4d7cfca29bca8749b3f3f798708a9ae974920a1daf46b4218488f
+	reseed counter = 1
+EntropyInputReseed = 477f969f0bde02695b65d1d9718c81bbf582eb0ed9ecb8ce42592729cdf3ee4f
+AdditionalInputReseed = 0b0bd6abcb2cac274ba17ff6553fadc4ec5785327025f2ab9da972d5e9c3b62d
+** RESEED:
+	V = 10345c3c6d5ff87a49fd2e91f910204b15f3fe793741e1ed71a9128313044bb504dac9b8a1f94179133962258552c6e67cff75159efb9ae13f76c569dd7bda9b25cd2876a777376fc05fff3357320e22bc509e743d76ff15e0b9f782c82d8df5fe139e611296f1f11dd27e3f7ae6fc
+	C = 37f9a075bf13520b6bac963f751b9f04d98a0a0cf85d55f771ee2490fcacbe417282de5e5906f4d1b4fbcef5943555f2b2aec5f7cdf0023e7cd5cfe81e20fece6ec215ea421194d7dd2f4e24c1bc8b08331d8a130055ff9a80797f7605532c415cdcdf877bfe626c032811a1afaf85
+	reseed counter = 1
+AdditionalInput = dcd67ff441d01669254815d63fc34069515a86d316e9ac16e7ccd4089647b2dc
+** GENERATE (FIRST CALL):
+	V = 482dfcb22c734a85b5a9c4d16e2bbf4fef7e08862f9f37e4e39737140fb109f6775da816fb00364ac835311b19881cd92fae3b0d6ceb9d1fbc4c9551fb9cd9cdc8f1df66b660286e032280531eadbca843ca08920555d9cf40e5cc8b0ab77a33c0ac2a748780a4de37f78054db3107
+	C = 37f9a075bf13520b6bac963f751b9f04d98a0a0cf85d55f771ee2490fcacbe417282de5e5906f4d1b4fbcef5943555f2b2aec5f7cdf0023e7cd5cfe81e20fece6ec215ea421194d7dd2f4e24c1bc8b08331d8a130055ff9a80797f7605532c415cdcdf877bfe626c032811a1afaf85
+	reseed counter = 2
+AdditionalInput = 442a223390f320bd85e5afae39f8e89611f2b538429439ba06189ecf47a0e86b
+ReturnedBits = c8f524db77d9fdde8350bf54d3836bb2d6f90af4f9bc58f7e3fe7c1d0bf5b9d957371cfc14f14e05251da1bc6549ff365d495568853976e1c4c0a72cc274470fa4187857d9c8a0d18c67328f4658abd3e185bc509ea13155bd025144d9c1e32b383015c5cd00c43e8158b7c3e2114468613942bc79819534925cbb7de45f51cfe3f02067c8da704fec8ff90214a23f5d5f215173d7ca53dde1965ce1813ea3673c59f5167df72d3d0f0916baae7b79c0b118606c18335e025cb02fda4edb5acd
+** GENERATE (SECOND CALL):
+	V = 80279d27eb869c9121565b10e3475e54c908129327fc8ddc55855ba50c5dc837e9e0867554072b1c7d310010adbd72cbe25d01053adb9f5e3922653a19bdd922fb75ca3c41454c0aab941135ff02121969d6c9f0273ac12ff93723631a27b0c6c60948acd2140f9594f66ceae2532a
+	C = 37f9a075bf13520b6bac963f751b9f04d98a0a0cf85d55f771ee2490fcacbe417282de5e5906f4d1b4fbcef5943555f2b2aec5f7cdf0023e7cd5cfe81e20fece6ec215ea421194d7dd2f4e24c1bc8b08331d8a130055ff9a80797f7605532c415cdcdf877bfe626c032811a1afaf85
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = a3ee987d7ee7192343e2e3a6562117476b605eb4f870fb6225c2aa6ad919294f
+Nonce = 227321cc479b6eb406c9be712fdd12ad
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2b08a5e19792b9cf532d3bd93ddd26a9ad5d906ba244dd4545d4d98997c37b84a3a406bbf58f410aa5adc8f8b1fcfa52c7946b4f0d55c9a40936f905da68b428f676bbf0b2fa3e376a065395ba4a5c12a5eccbea6324d3831ec103ba09e52df37cd199f6457c1cf2c7821526b1f360
+	C = a5e9784b415c6dd27b1584dae468d830232c958b0ed55ad1ed11c28e9053d612056c2d74569492743ca30db3712bd262c2dbf87abbf9c69ae012c28eec4ccbc37724809ad1747e5e8691d849b912e6dc8fe5544d0773b0e4442a260ee6ba19d808e6cdd17301733309c6bc70fd5add
+	reseed counter = 1
+EntropyInputReseed = cb68f2f00fca6aa667276f8ba4dc18ddf978faeb0ebccebe33b7bdbcdccf916c
+AdditionalInputReseed = efd522aa9e99a3e657a17fbbc8ec9a42b1fb1b60d29d6c3e183f9b61a0bc7ab2
+** RESEED:
+	V = 5303cc48df3c7b922f7eabd3fa0a79f605265ef08d9003bcedf8e51b7b109c1cb90075b4861db73bccde0808353ff7c6c28be4a91995741be11b7ba019adc4e32374cab30c230a5dd7d20f5610d0d5d873780856168d286fc8d55f4535d05b943af0e0df338dbb0976a5f915089fb2
+	C = 24dd040042aeb131f6a1d860b82399507dc00eb28d4ab937f153e4f76a44a29b9a5c15c5361da0b570676de8fca4614c55fe4ce376660de6389bd751aef117d414c2f35d66624af66bdcc31bea79c844ccfb5053aca60540f426a1125183b734f2ae2439e13acc50fc33d9563768d5
+	reseed counter = 1
+AdditionalInput = 73d16b17adb32965f1e8930aa8c11e52eec50d78da41a457b07e1f5f9486880a
+** GENERATE (FIRST CALL):
+	V = 77e0d04921eb2cc426208434b22e134682e66da31adabcf4df4cca12e5553eb8535c8b79bc3b57f13d4575f131e45913188a318c8ffb820219b752f1c89eddf341694c7850ed4977bd1d83ce77ff02fc2d0dafc421856c6eaa84e73f9e01403d025a98035b9dc1bd9516f9b4a6e88e
+	C = 24dd040042aeb131f6a1d860b82399507dc00eb28d4ab937f153e4f76a44a29b9a5c15c5361da0b570676de8fca4614c55fe4ce376660de6389bd751aef117d414c2f35d66624af66bdcc31bea79c844ccfb5053aca60540f426a1125183b734f2ae2439e13acc50fc33d9563768d5
+	reseed counter = 2
+AdditionalInput = 06f42b7f335932d0a5096a78992077326c405304ef142a5d5a7008d86cdfba8d
+ReturnedBits = 1424ec1a1d15cc8e368f711df2a92d7829743e30e0bbf76666854df4e15d72bd52d0453f370d82d438db2f458576197f4fe78b13d05339787d91c8563ec3d10701a794fb3a55556a80d8a485328bcac00dd0d4871e0d19902f09b1de9b663c02f794ef63508a15bf1cc4b485ff5df34f952da22dfed07a5602b555a74cfe6cd7462d0a9d1f83c72eab6f48b63443601df6d169424c32348580a8961f3b1a16924925b04b5440b25ccd159ee598107331ace3674ee4f953f4124b258855d76c07
+** GENERATE (SECOND CALL):
+	V = 9cbdd4496499ddf61cc25c956a51ac9700a67c55a825762cd0a0af0a4f99e153edb8a13ef258f8a6adace3da2e88ba5f6e887e7006618fe852532a43778ff6bec64dd5712b72911b3e44b769b0d0bda4a40b0b8b7117326b1fc52942744141d89f79a5cf2a769d9f43025fb4a4f6b2
+	C = 24dd040042aeb131f6a1d860b82399507dc00eb28d4ab937f153e4f76a44a29b9a5c15c5361da0b570676de8fca4614c55fe4ce376660de6389bd751aef117d414c2f35d66624af66bdcc31bea79c844ccfb5053aca60540f426a1125183b734f2ae2439e13acc50fc33d9563768d5
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 0fc7b980de08121262a3479867fc2fc737f775cd2514046c49724277f8fb5ada
+Nonce = 223f8de6392e2c25d67ce8930d797450
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7fed60dc860b5a64197ab1439aab33ef92deee5335c3521f5f6ef4f9dc2659a653aa7b000d48dfe2fb90caabad577a2d7fb749b83479c73841cb0ccb252cc64a51213e7ea56ecf0f8490577b6bb33da87bbcfa3813d51fc26609a532e170200266f38c324df6f9f25b1a791dcadf92
+	C = b4833f6e956ca6079cdd641f40213eca8b0575d882e7e511a93b7cd83223deda22734988996f71e0050674c25edabd6044fcaa31da2f3a225c60a47c7e3354414717d159576f7816005fbdeaa2fd766bd3ff2c9ad5ed3ad7755f743cde28cbeb064e2ab513d0d5775f82de66808cbc
+	reseed counter = 1
+EntropyInputReseed = 3ae78a5cb3ede31ab5d25776313be0821a4bfd7e865d2e4ea97a97528c345f9d
+AdditionalInputReseed = fd8ff4b35175c8ca806ddaad94aafa4414c7379452139114bc9f8e9c5c174b57
+** RESEED:
+	V = f1c9a1524caf50fdeb51fe80cd1cc7f032e1b61bada27bec814d4386d7625e602c910b4a26e8ec69ec6c78e52ad256a4b416b216be52ffff2a153608405a6d9b90324040633f39b1b5318d5897469d9b68da1936992cd26391418d730b5ead4def951308b17f69c287aabff50f039b
+	C = 55e5aa754f4d81ce4fa133433f70fed8c43482d1b1e34610bcf92cbb37ca470eaee716cb0e0ccd1580e0703337a2dae3ed2180dc941ba1a685290d74e37c6f4cca53185b944f545505dc06d3fa5de12e05b048d112660a9834d0f03c3307c7d648cce9ba819507fc28574a4e3ea98c
+	reseed counter = 1
+AdditionalInput = 666167e7a8248c9a2e557969e65e7c81cfc0e58b90745b3ab9f4510923d514b0
+** GENERATE (FIRST CALL):
+	V = 47af4bc79bfcd2cc3af331c40c8dc6c8f71638ed5f85c1fd3e4670420f2ca56edb78221534f5b97f6d4ce91862753188a13832f3526ea1a5af3e437d23d6ddbac20e3158ba4ba175b3dfb1136ef474664218dc2fb83944d1d887e88ff2522fcdc13ce5608cf71a9283bc3e5d542c8e
+	C = 55e5aa754f4d81ce4fa133433f70fed8c43482d1b1e34610bcf92cbb37ca470eaee716cb0e0ccd1580e0703337a2dae3ed2180dc941ba1a685290d74e37c6f4cca53185b944f545505dc06d3fa5de12e05b048d112660a9834d0f03c3307c7d648cce9ba819507fc28574a4e3ea98c
+	reseed counter = 2
+AdditionalInput = 5146cb9efd5b254b345fffe25821de097b2dde651d3438c9d1a654c6c2fd9e8c
+ReturnedBits = bf8e2edd558fd960a27eb926f634863a2e698cfe69a07885246170ec2d3d0dca5c4b7da486ab0272672e110447594085dba6c6d526e77a66159c3bdd53d1a8eccd11ddd105908adb8e4b2e8c3f192dd190e4b6eea9d5501410674e1b7c776e86587e55cd61066966cf0191f4c183250cc09012494560bc60c1179823e75dd77eb6d498acd3b86c1717d88fb77545f11530c9784e71f3866bd28c61fe606ad9cee7c0460d5bced0b35f2e66487cd6170166d181bb0ff0ce829d3457bd4047917b
+** GENERATE (SECOND CALL):
+	V = 9d94f63ceb4a549a8a9465074bfec5a1bb4abbbf1169080dfb3f9cfd46f6ec7d8a5f38e043028694ee2d594b9a180c6c8e59b3cfe68a434c346750f207534dded883d41588ae8a60d71927502dfe545874be1f9a3bffb99b2b66d756e2ea17ad02094223e7ed7c3db7722e2ea6c250
+	C = 55e5aa754f4d81ce4fa133433f70fed8c43482d1b1e34610bcf92cbb37ca470eaee716cb0e0ccd1580e0703337a2dae3ed2180dc941ba1a685290d74e37c6f4cca53185b944f545505dc06d3fa5de12e05b048d112660a9834d0f03c3307c7d648cce9ba819507fc28574a4e3ea98c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 46efe757b0d0af6d84dd5d0ada0e0fff7edc9762cae0efa4e1712a81d11d39cf
+Nonce = 38092de5985c03ce920d3fde5111f648
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f7263689fa9bef5cc5e3855f559da9d9952556700f423ea2f5337decf20ff8598856335cf787352a0605f0207e23ddb134d94fd6e3c3f8afed47ab6365d0be9adb3ad1f5a44180ea244df7c2e99d6e29c27c1bec567fed570bd7e6677f83e3b97f892f694046b1c93e8a486a259c3
+	C = 6f428a14e70000993936f52c1a69774b512d6a4ea4d3e26f0b2d39ff73e64dcc9878fe789a5c76fa6cc17e640b82afde6180bc31afd2df149afa46b6ef7afb526ff8772a2f45f272fdaa3807c556c6a7d070b9e7d23bd0db2974a9ecfe937121d7a0eefae99855f09707c645861aee
+	reseed counter = 1
+EntropyInputReseed = 9856c5928bb4909da462c0b5073e707a85c2da39feff257df76d644205473351
+AdditionalInputReseed = 56d626c07fc9c0875d7cc52f8ed9f94c3407670c83a90574395de983d9ae6a62
+** RESEED:
+	V = 40f40fb34c64f9b1c56c57a365b00f6775d2a3120beef69e47d90b45db4358abca288bc94ababd16b7e8f85b5c071c434e8e0d5eedff8225da7b2fdb956089cdbdcb42366fe3543402d8d85e4fb32cb6c02536898d607d31ed486b5d5a71f8658f712bbf438e088499d709d4531ddf
+	C = a07fec5787b6650a2841c639d635985bc1ee0d982440f75a5d6f787efae6b887282aa4fdea6e0b87c5a1d8215d67e217bbc348eedcd3f2c4b9d718e0c4d757b19a5c120a06a451244ec982d314db03133103c10d9a20cc16e8dc69cf66f742aea350d1b372c48a3c4ab1ab5d331066
+	reseed counter = 1
+AdditionalInput = f62867a436484b5f53e311a5e5b30cc49a0826f7a9bc0c2b774a960f1d4fd6ca
+** GENERATE (FIRST CALL):
+	V = e173fc0ad41b5ebbedae1ddd3be5a7c337c0b0aa302fedf8a54883c4d62a1132f25330c73528c89e7d8ad07cb96efe5b0a51564dcad374ea945248bc5a37e266fed5507ae0a48f20b7015f331b9164f54858f8a297f462758a8c6afc433ca4a540d09d1a9791ccc836c4bd5103266b
+	C = a07fec5787b6650a2841c639d635985bc1ee0d982440f75a5d6f787efae6b887282aa4fdea6e0b87c5a1d8215d67e217bbc348eedcd3f2c4b9d718e0c4d757b19a5c120a06a451244ec982d314db03133103c10d9a20cc16e8dc69cf66f742aea350d1b372c48a3c4ab1ab5d331066
+	reseed counter = 2
+AdditionalInput = a5f3d9d91523047bfb4df62f9f63ab532c8dca8613089134dffeff53b5f95a09
+ReturnedBits = 2a5007b7db39faf09f96993621cb222d4799f4a388098b1350f95fe5e20a27e9ccf61acdd615b8109e9fa477556e05b03aebe30ceb1863b2ae8da742dc50f87d1aca8e5a7592d4a0cbda0d9d28deaf9a2ffb7b96757a17056cbbaa953a49a1a3d6e804b430361212a242617758f87257f68dee946f0af935613ce83c441b89b4f0faa5bcbbdebf8b060947699d67b4c0dcd275599a694f9ba887edbc617962dfb5544d465fb73b47fb0d8d13d23e0f7b13fe16e03c621116324ae5fef72daf9d
+** GENERATE (SECOND CALL):
+	V = 81f3e8625bd1c3c615efe417121b401ef9aebe425470e55302b7fc43d110c9ba1a7dd5c51f96d426432ca89e16d6e072c6149f3ca7a767af4e29619d1f0f3b5610bcb4cbaa3f6a4e3a3df55fa2b45beee74c845ba33f560e080d40c16c26e4488bca2376dd00e759f68c2c1f3e3713
+	C = a07fec5787b6650a2841c639d635985bc1ee0d982440f75a5d6f787efae6b887282aa4fdea6e0b87c5a1d8215d67e217bbc348eedcd3f2c4b9d718e0c4d757b19a5c120a06a451244ec982d314db03133103c10d9a20cc16e8dc69cf66f742aea350d1b372c48a3c4ab1ab5d331066
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 79769700e563592dddf3eb61178353560170c8ad7c3b60bfccfd71279665c619
+Nonce = f4e3ad04c5c450797f6a9fee9624bc33
+PersonalizationString = 
+** INSTANTIATE:
+	V = 24ad2fcb8cb315faeeaa6b00a344b6e7f25dbcbdc301c69831c95ce6540d3167f38d2e02c962abe5bc497f1f3e921d288737bfd0b607425e5e9b89dd9eac7a90d72ad085db7910f7c91a35c2a1edc6a9d1750b8d18b4de6b368f95c42683f4f43c14c9a7761d73e69c212800ad7761
+	C = 032f1523f849cb59132a506d1a06f4e660ade59477c4fc784b5d3cf70dc2fc62d22ede3c3803cd8d80181fecd2713c4f4f87aca88fb283c26e1a40c294426595fa956077eb985f113e0222b53b123f0f09c53c5e71e431f4f62a5b39ce3046acb530d6e83eaed634164e922595cefb
+	reseed counter = 1
+EntropyInputReseed = e0fa8b7b93c17bdfdcbded4e45276688bf9aeb228a16c25598d22f9af368c749
+AdditionalInputReseed = db066fad926c6eaa72c548136701d88a73bd3ff6da466760b6f6e8ae8831ddb7
+** RESEED:
+	V = 3c3ed334feb5fe34d6fb700bc115e25f034bdd4264070de958d288109221e4180975116e0786a1f37fadd48ecc08a3bac26ef5875ba8c01adaebc02d1720d724c62a02181a30016ab3075075c1cb5fd54d01136883221b98aad3b9981f59dd617b92983e0442fcacd3522ba2b0dfe2
+	C = 70528db7be41a407e9b41c9f7dfbc04945bac96e0c726caa6d9b92117163bb06a6cc95e3b9bb7932f18e9cc8bf26450d2b897a1c26e2b660e9c9e46078dd54ecbecaed1f2962d23f5f34a9565a179bf05936ed9cfc755492cc162f0c822a9d7801896c79399dea45ff1a0238b44c2b
+	reseed counter = 1
+AdditionalInput = 963d46d4a6024eacceaa04b93d7133dac7b26c0d5a53d11ad42d4e086cfbbda9
+** GENERATE (FIRST CALL):
+	V = ac9160ecbcf7a23cc0af8cab3f11a2a84906a6b070797a93c66e1a2203859f1eb041a751c1421b26713c71578b2ee8c7edf86fa3828b767bc4b5a48d8ffe2d72d256d4ae0bf18aecff97cf6a8209702078b202cfa979d3f51ddf623bc57198fe1bb9265c33066b2bad9b6a60f2a0c8
+	C = 70528db7be41a407e9b41c9f7dfbc04945bac96e0c726caa6d9b92117163bb06a6cc95e3b9bb7932f18e9cc8bf26450d2b897a1c26e2b660e9c9e46078dd54ecbecaed1f2962d23f5f34a9565a179bf05936ed9cfc755492cc162f0c822a9d7801896c79399dea45ff1a0238b44c2b
+	reseed counter = 2
+AdditionalInput = e771d2f66a2f6cb07dde980334d0628b4a0e65e31f0a3cf725cbb07e5638170d
+ReturnedBits = 5fc3ef5f9456920fb1cabf755f6ef8a06229de7c4005ddb75191c6f7c8bdc3ee55fdfba96364fa7e75754f349a4bbbee4c77f2a76c53d64170d50b6555b682e467784e1b2b2cc603a4359e83c7d7bcdbe19b24989d3b1afaa3240900f7e7939752bbec1255af4845f56c3feca34341c9ba4b702f821acf4c843136ca7b139bbe080b4cf92467c785f2c6b2e2f770474da0b0c650113c72c5a9ff18cdf642d3d1f16d049828762d028e016dde517a7d17b7ec18f3294cc6abaa426998257d2586
+** GENERATE (SECOND CALL):
+	V = 1ce3eea47b394644aa63a94abd0d62f18ec1701e7cebe73e3409ac3374e95a25570e3d357afd945962cb0e204a552dd51981e9bfa96e2cdcae7f88ee08db83951e86d5be1d26718556c23c73b86eb56eed5fde1f469c59d27d9917d58567c5abd483e16cd27c020703d13eeb27177e
+	C = 70528db7be41a407e9b41c9f7dfbc04945bac96e0c726caa6d9b92117163bb06a6cc95e3b9bb7932f18e9cc8bf26450d2b897a1c26e2b660e9c9e46078dd54ecbecaed1f2962d23f5f34a9565a179bf05936ed9cfc755492cc162f0c822a9d7801896c79399dea45ff1a0238b44c2b
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = fa59d3175f75ed97f0ab3d29edebe84866f272a0bd374e4c2791a7b3416f4371
+Nonce = f75f45d4ac6e0f09b8e666b595e4e3c2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8be631b69b7c7e30c875cc3bcd45973cbbb8fe5e39f9fbc0d2950fe8893d9dae6dc09073c3dc82b1c44792ecc8a2df49b456f8f70bd748a2917b7db47ff17c2ea21f4fdb1547034055a6cb81ae9f873d99cfd2798308d5f1c1b0a042632cd8446597a33e7f7f52be8cb6833dfaf7ea
+	C = 3dfde9e9aa6ba0da60df47053b35706e41466df300c439310869f9afeba8a82812d97ec0d868592b31337c5a723c074a14b0524f5d07973c16412b50162c3999b49bbc63d877e9013cb351a8647d5efbc8c261049da8a2cd7d55a5934d48e4623f18772cc61e949451996b57a2751e
+	reseed counter = 1
+EntropyInputReseed = eb832de6a86fac10b7c98221cb3988fd9845cef10d2ce6ce164c89cfcdf6a0e9
+AdditionalInputReseed = 555f44cf176c3bbf31ceb096f679893952c7243183fe3a5807cc4c4162dd4ac7
+** RESEED:
+	V = 0910d05d6243b97545a822bb7f6d25f13276d56919392736c174dcc7897e42f6c207d05128ee396c5c52ec51c3bd4b7064a2a4f2f5d07696fa9e8b59a48306cfc4319b348e9bddd83ea8b456c5b5f8a5b77aadc47f0d6b6d4a917315dd2de93d0534a5b0bca1256055627baff7bab1
+	C = 1c28ed811634c8f31d1df89d11fcd32ecc6baf5549e33db967e9986d2da3b596d7e41cca1f28ac42b2f747fdeefd116cc7a6ed84f538980fefd7b095cf8ce764315b7e33b1ed21e17696f4bf6f9da3d4b38cde0b8337a5e2f9dd35ca4cb610531e005ad218528373077b8456d90cc4
+	reseed counter = 1
+AdditionalInput = f1ef466b039d97ec3234d5ad92a2b858eb648f5d515a098efb2516b00765c349
+** GENERATE (FIRST CALL):
+	V = 2539bdde7878826862c61b589169f91ffee284be631c64f0295e7534b721f88d99ebed1b4816e5af0f4a344fb2ba5cdd2c499277eb090ea6ea763bef740fefe1b5164e06913698565bd1cedfaa7d87db70438909807575453327c6dbaa29adbca37f5c22fb898862ebd699292c7f0a
+	C = 1c28ed811634c8f31d1df89d11fcd32ecc6baf5549e33db967e9986d2da3b596d7e41cca1f28ac42b2f747fdeefd116cc7a6ed84f538980fefd7b095cf8ce764315b7e33b1ed21e17696f4bf6f9da3d4b38cde0b8337a5e2f9dd35ca4cb610531e005ad218528373077b8456d90cc4
+	reseed counter = 2
+AdditionalInput = d4e3b7f9e521e6bf383ae661438d9e8dd288651c3f7ee2b5c19e21d81c9b1ac3
+ReturnedBits = e75567e98121de724b5f94d03389e16bbb912b17abaa69500348175b841fb7e3da40f8f971e636f29b91928f28fd3e7d99f894d0329597afca4eb3250910ffa8461a9830b75b7791fe4cd08f7fee8811c12f184f7a397a007338b10ee1350f621497a9a7a842ef3ffd4d07c7970f1a279b9bf6c9fc9fa2de78f3685e1ae72aef68435326da9d2c62d61bd2c0aba6f6d3a30a071b9eb750d22694cbc19ec099016abe9af19a9dab0c6b507a03348eb37a77cd00c4f60734b868fda7e04f09128d
+** GENERATE (SECOND CALL):
+	V = 4162ab5f8ead4b5b7fe413f5a366cc4ecb4e3413acffa2a991480da1e4c5ae2471d009e5673f91f1c2417c4da1b76e49f3f07ffce041a6b6da4dec85439cd855ff868e4441972a7bd9316ecada5b3209e655175484e8df21957039ef94d87c7fdc79b9c54074434e6f526fc11dc49d
+	C = 1c28ed811634c8f31d1df89d11fcd32ecc6baf5549e33db967e9986d2da3b596d7e41cca1f28ac42b2f747fdeefd116cc7a6ed84f538980fefd7b095cf8ce764315b7e33b1ed21e17696f4bf6f9da3d4b38cde0b8337a5e2f9dd35ca4cb610531e005ad218528373077b8456d90cc4
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 8d003eb399263a3afd3e3f532de76af4690e63df468ff456bb594ab29d6ac7aa
+Nonce = e0f0e1dac5031890ef273b90b4a30359
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2696e17003e67e447d2b7c4050b5f16f76f45b2d427ee73887e89bddc805b914b7a341fb0c1619409a1926c550209170e308b5204a0915f639195fb8246c4772d588733979d01cc8504f17a87bd876c4add1de69b526e878231c89425925b3d577728525803b92c19155b9d91891eb
+	C = b3b88cf6065c4a815e7d4fc5d53a23ce76460ec476caf065d15d4653c1b9510ea03689680706901f9dd75d6811f8eecdcc154bf8706e4c181f418f6b21453cd47d0124593740aa9736d48f724ab8148ea1e9bf8fe8a82ab31ae971e4ea854eb96cb8085e8b47e2fc10821ddb5dde7d
+	reseed counter = 1
+EntropyInputReseed = 12b5084d4fd06202d01137f6ffb3a6e06372159c4df8bc89aadb8466817acb51
+AdditionalInputReseed = 3ed7e847787915405f8d1d6e6b168c1a47f81f5aed95f85f47d217dad04e964a
+** RESEED:
+	V = 55e353b889ac4e5c184573d30e0186d9fe73498d2d7fe1b1ad7ded5ef290ff3d8af94afda9badbdc6a77971f767229b4b917c2865ccb600dca9e838f98312c55f5c578710ea7a54e3908226dd9acfda4b62e265ffd8d02540b32ea71f087dad1617b3b6c673116993ac9a1059f190e
+	C = df3ba3e15f7e15f41cf733c4c08729624edab216de70c186483a4948b07cee78f537d433b86e1b628a78dfcd97ea0a8de4402dd76bb635d4e3a60c927c08424246c059a13ab87ef4649e1a897d1ab342b265c2b262442c9e31cf3f4ed8300e0d5bf8f280db782037cfceb30f75a5da
+	reseed counter = 1
+AdditionalInput = eab443d9f2d5cadbf3a04dea4653ee2677fb3c052c7f373de8b746531d1e092e
+** GENERATE (FIRST CALL):
+	V = 351ef799e92a6450353ca797ce88b03c4d4dfba40bf0a337f5b836a7a30dedb680311f316228f73ef4f076ed0e5c34429d57f05dc88195e2ae44902214396f35127798dbed26c56901bfc44cee87476f5b67dfe7e32177059457c407814326ce90181a4bf351c6e8f72fcc5093dcf1
+	C = df3ba3e15f7e15f41cf733c4c08729624edab216de70c186483a4948b07cee78f537d433b86e1b628a78dfcd97ea0a8de4402dd76bb635d4e3a60c927c08424246c059a13ab87ef4649e1a897d1ab342b265c2b262442c9e31cf3f4ed8300e0d5bf8f280db782037cfceb30f75a5da
+	reseed counter = 2
+AdditionalInput = 0515c6afe81fa70d595842fd27615cce9b063536ef28d89b53c8c750fefea69f
+ReturnedBits = 1ac6e6408f63ad402821abbf68d6e5580ad76f153ca960675e582b3f570baa5e282505955f37ad9e8ebc2afc8e191f963860043879e89c43624f598055413494763ae03a95d4d49156ba58a8064cbc9e2a45db632a784904585a2aaacb4a3cf405f268bb68331835c7a110963723286e60cef0257c60600a159336cbc81c6200d18f7f2e6bb5b7cf2fde953da659f578efc8d264aee02d4a1dc75c02b423f851adb8bb9deb2a306ef1d722d8856c4e3d57201b101e05b041a0e41ffcb5ec6fc6
+** GENERATE (SECOND CALL):
+	V = 145a9b7b48a87a445233db5c8f0fd99e9c28adbaea6164be3df27ff0538adc2f7568f3651a9712a17f6956baa6463ed081981e353437cbb791ea9cb49041b332ab0eda0a972f122d6a08619e86f3b95d25bf99252434d831d92ad3ad0177f95ea78b5fd8417cdde7dd7547b3b6e122
+	C = df3ba3e15f7e15f41cf733c4c08729624edab216de70c186483a4948b07cee78f537d433b86e1b628a78dfcd97ea0a8de4402dd76bb635d4e3a60c927c08424246c059a13ab87ef4649e1a897d1ab342b265c2b262442c9e31cf3f4ed8300e0d5bf8f280db782037cfceb30f75a5da
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b3e29ab6ae8a0668c100dc774b3e2c2186845cc6e66180b6ca78888b63d0bd55
+Nonce = bdee9ff5fdb1e07473e57285503148a4
+PersonalizationString = 
+** INSTANTIATE:
+	V = e0f8621967910233c468f271126f8068f6e859a154f24d82e6e2ba5d9c3a50adf658ee641b1226ab94cea2f7deb1bd636cc05412fef665b1ce3ffe304353ddd0e0b264b511d151bf5ba291630c0817a1876fc6ffd7abac754ba2bbd4ba63629898606afc58c3a49a7282f5cba02ad3
+	C = ce23eee9024ba6b8158cbf9a2c346b65c6b92c555477a10095de91dc1216281b0794172c0e4cdbd2073fbd53db54781d000883443e333c036c5cdb020206dba63b5562a4b3186a6a2afa3bb8ede832792a58ea3ff2f0b4b48581632d3c3b4f4bc62b3c39f7d1b8af071d3c8d93fda0
+	reseed counter = 1
+EntropyInputReseed = ad21d2de5f190d95bab2a09a043315e208131876e35b40b0e64eac1322183c72
+AdditionalInputReseed = 27afd8405fc560696fbf8f83a58479f148d3cdfc914918266dc4269c49a39d75
+** RESEED:
+	V = 642c93165d57a1677a65d7ae8e7ad434fdb8bbdb15f7f8fd9ccb03744967df1e9fa5a929756d6c18abcc9ff8ce20b6e29c68b176f9dd11050166db2d863cc8fc24b55cf13b9723a4e55a998bd54c5c57aa4370fd2460239d263ab7e17470cc6d5f67400376c5c4c29ab4450ef3d91b
+	C = a2e8aee3c77a02c74ec526d49b0af2c51bab32bf714b662f7e1dfcb4f3c0ef3464f62fb25f3e064596f3f7762c7ca7013383d741eaf01b1eb91de130d86fd16d70c11652a47f5b6374450004f01eff6e74d6687447380758674ad78e1a34e6569a578351c07042011b363b428feb32
+	reseed counter = 1
+AdditionalInput = c13331da766445f57ff04b8a0ace56204798e4047c9ab9372c1a59fbb51889dd
+** GENERATE (FIRST CALL):
+	V = 071541fa24d1a42ec92afe832985c6fa1963ee9a87435f2d1ae900293d28ce53049bd8dbd4ab725e42c0976efa9d5de3cfec88b8e4cd2c23ba84bc5e5eac9b863c971dfaa251651a73d72ca4ace285bc75365eac5512585475e1ff3c2abcee7224290b13daf503deecaf2bfab9c005
+	C = a2e8aee3c77a02c74ec526d49b0af2c51bab32bf714b662f7e1dfcb4f3c0ef3464f62fb25f3e064596f3f7762c7ca7013383d741eaf01b1eb91de130d86fd16d70c11652a47f5b6374450004f01eff6e74d6687447380758674ad78e1a34e6569a578351c07042011b363b428feb32
+	reseed counter = 2
+AdditionalInput = 4ff41805b9417b2e5c64f1b08c184a656b9045f3b0f0dd2e9b883b2c436e644f
+ReturnedBits = 35bae27ea2e4417f764ac9901821492646c43bc963f0c181cccc9f6b6aa31f0f3e3f21826d65285474a4a31175275bd0d02a5e4c50bb5d1ee2b0f6200e30d06ce4f8302febf65b006281073dfb5c2e236e50999b85ea38cc559c956ba187dfdb5bf1498c70c4827380fb68d111ee448ccb715021073e24e9605815dc523f6f9b2a8e062a58844fbc06661d94c39179277a10da4f27e4212df438d5f0ddf6e3e8f7f5161ba9ed438b0b40b870fb225ccb2a9f89cb073d554f1b62f8e6e9e00e93
+** GENERATE (SECOND CALL):
+	V = a9fdf0ddec4ba6f617f02557c490b9bf350f2159f88ec55c9906fcde30e9bd876992088e33e978a3d9b48ee5271a04e503705ffacfbd474273a29d8f371c6eacca04470a0bdb6d2d08b23488dc981c45162c7dfa73fd87acfef3f7d0d1c4bae6dad8015e52490c12236afe142fdb59
+	C = a2e8aee3c77a02c74ec526d49b0af2c51bab32bf714b662f7e1dfcb4f3c0ef3464f62fb25f3e064596f3f7762c7ca7013383d741eaf01b1eb91de130d86fd16d70c11652a47f5b6374450004f01eff6e74d6687447380758674ad78e1a34e6569a578351c07042011b363b428feb32
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = f7a9c3ecc68061f23afe785be51e561ab734139fe02b3217cd0792679eae4247
+Nonce = 91249ea5e1240bc90db6e3840feb6331
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1f224c59a8b537a59c3454728445c18220fe8209e151cb3835ff6a7be10776ea00018566650116a8054dafad5b2b8670f1e0e35c693ba990fd59e8a5dd9b9af86738c5e1b69d4f185e1e34c3b6840f9ed69900af35947284ca0573ea4787af16b428c79afae68323bded28e438fe95
+	C = 07621e909ff92d9e937469afaef5e01661c23e5bf736a1689de7e549c5b58e47f152ac8d36a5a3433689502a6d75ad28fec330b74c9dd26e933565e54141cedb307405eb46ea40aa6ce4f3c86d7847057cb5d62557af519a5aa43189749d6f952f29a2a566acc3fa9436a34c137253
+	reseed counter = 1
+EntropyInputReseed = 0613bf7e1466c1f31389476b1d1d2ea74a79172fea00fedb3001fb43ac700380
+AdditionalInputReseed = e69429bab405e19d685758c271f3ec461f465c0f6915f9c8e502eb988eb31398
+** RESEED:
+	V = 5f28885beb2782934331873f394591b71ebfdeb7c57277e172c6cdde9bc1dbbdf67f669cb1916bf5f4baf41b541a279a3ce00e7d0beeadc809afab1c1693602f33a752249c1de3f1c96a3901d2363fb57d80153979c8af10bbf0b0af638c97e24502c01439d22e5e141775bebf5c11
+	C = 0120443cd06acc698dc569ac35f87f9bc170238ae5809b846597f1ce51cf215a18727512a7691f015628732d699a3d78155a636fdc8968d793f02415e2c30defedc448878aa06abc03386782e01bd53725b2929447e01d14e532cc13d9f144ea828be04642e0f7fcb95035d9c13fb9
+	reseed counter = 1
+AdditionalInput = e92042096e0ca8088605777ecbe17064000e25a1f038f87b70d1b6e50919c347
+** GENERATE (FIRST CALL):
+	V = 6048cc98bb924efcd0f6f0eb6f3e1152e0300242aaf31365d85ebfaced90fd180ef1dbaf58fa8af74ae36748bdb46512523a71ece878169f9d9fcf31f9566ee14249ba16069fe79df9e22fb2a3834265eee84ecf964947942fbef4558625115f346e16c347e815b8eccb50b2772fe9
+	C = 0120443cd06acc698dc569ac35f87f9bc170238ae5809b846597f1ce51cf215a18727512a7691f015628732d699a3d78155a636fdc8968d793f02415e2c30defedc448878aa06abc03386782e01bd53725b2929447e01d14e532cc13d9f144ea828be04642e0f7fcb95035d9c13fb9
+	reseed counter = 2
+AdditionalInput = 8a1c9bd62b1d1665cc446a0279f674a0908b2e592a6b1ea5cf5fe8e653994d4e
+ReturnedBits = 1f7e25ebe35eb64f3395c3df5b9e4d8d2ecbee1ab64358fffc5499fd0c9af0d2bfc95266e8d56d1e36a42922f92ef5e3938c0b24acf91d261df0de370d041ea04005339cc590ac223547f082283da74a2b171294bf4eff1430a783587ed85407dcc163a91eee0f60b5111f7a3c2ffc33ee95d97ba0c7b99df475dfa0c2ff370ae1febc191b4cad5be2b146a2d48b1813baeea3a3290b769184ea43852c291cdb6767e1abb1b2d27b909b045c66ad546701c1b3d9e50af0651dc471fa9ee75e2a
+** GENERATE (SECOND CALL):
+	V = 616910d58bfd1b665ebc5a97a53690eea1a025cd9073aeea3df6b17b3f601e72276450c20063a9f8a10bda76274ea28a6794d55cc5017f77318ff347dc197dbe12ba6729cb822423133946408c767d182785c52c0148d894bad1ce9c680d061848134812c7d7ea4a0abc0d774eba36
+	C = 0120443cd06acc698dc569ac35f87f9bc170238ae5809b846597f1ce51cf215a18727512a7691f015628732d699a3d78155a636fdc8968d793f02415e2c30defedc448878aa06abc03386782e01bd53725b2929447e01d14e532cc13d9f144ea828be04642e0f7fcb95035d9c13fb9
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 7516e1fad74a630743d995df29d1f2d235f26d3a3a209b5a2a6e037877863c0e
+Nonce = 1782ede4a80a49f378acb94e9b665957
+PersonalizationString = 
+** INSTANTIATE:
+	V = ab3253478c9ae8f0c7740c39898006deb99ff8c8476363805d9ffb2a85d6f2c231ea6e9bdf14aac76b350cc9d9d01cf2f57370a3193426b90c1560516d9c1d9e235504b11a00533e883a3804b89d2dc38f90285336e76843fc0ea4cedd6c1f91f68cfbd55f4e73b5554ef9f5b61d2b
+	C = e4ed7968e9a117e236268f893f0bae91051d80f75ac9d85ab1b216fc060213bcfd58c5f8813afdd8e5ca9c2d8f38beb85dc949a20613fabb03ddfabb52deb628d6673aafc62c78726a9a443e9c9ea901c8985127a950edb2d725239eec54f9d85d76e9ebb9acab267b1bd4eb9c0e12
+	reseed counter = 1
+EntropyInputReseed = d72e6648f7ab95102a27be6eff2d29c7329d704f45432aaec031c1b7f53d94bc
+AdditionalInputReseed = ab142823960dd00ccdb69e21fa8fef5cf84c5073eca16604de67fc2a980b9e2b
+** RESEED:
+	V = 6956076d4efef5b801e128c1d950ed6aad103dbf0c5f792dd5a178cca0945d73ad6c317afee427f90e3255be2620baf268d15d62eac9f2ff0b6657198cf0ab146769d1b175cba80b9bb259e61356afd5f4996397298325952ecf9130e72ca0b6887352107740af73174a6b47fc0820
+	C = bca2723f3df5a67ad9b1ee01e41ea2ada59ffd1d30cb579e42357d2a576676db8cfc8d622c3ed57b1f3a0ff0d8a455415735bad8e8a3acbb942f8d45267608ecc02c63b956e517c21644e266099a6638089b019ce98b0c5033199eecddc7f46a6326c69d00425e1c9a0f5fea0d6e69
+	reseed counter = 1
+AdditionalInput = d2398c306a5151d07dbc669965d42f1ac0134a48a1555714f8e2e30892c519d0
+** GENERATE (FIRST CALL):
+	V = 25f879ac8cf49c32db9316c3bd6f901852b03adc3d2ad0cc17d6f5f6f7fad44f3a68bedd2b22fd742d6c65aefec51033c007183bd36d9fba9f95e45eb366b4f77bfd8fc8d0718e501e87f18f90407b96a99ab3d24ed839f810769788f56bb4ff8d9e1da9d8b5c65e26d2fe53bdd831
+	C = bca2723f3df5a67ad9b1ee01e41ea2ada59ffd1d30cb579e42357d2a576676db8cfc8d622c3ed57b1f3a0ff0d8a455415735bad8e8a3acbb942f8d45267608ecc02c63b956e517c21644e266099a6638089b019ce98b0c5033199eecddc7f46a6326c69d00425e1c9a0f5fea0d6e69
+	reseed counter = 2
+AdditionalInput = d71ba73af2863ee35d7f3dbeb0f762892cd18dd72c18a1ce272d891d95df53a0
+ReturnedBits = a33c22efd401bc468b309ddd325236dcfb53d4f38fbfa10f0452f74ddf8fa259599fce07ce8e3ead675083dd1f66ace52f76fbed51b1d41e30245a0501fd3c971bb5cf9c5b8e0c16443d93d757ad7e52f8e7e4c1189d997e391664f87a59c157e72faba1886d8261963893b646f7144fee968f3413f0ee866c4af23933213e9281b7df32fd772e5117db5c98efcae229b2500118048cc894b88d8a3c18e588ff5b8cabc47fb80d7e040c3a26d1b4aa6a45b3890ad91b97ba9cc5f257162e2a44
+** GENERATE (SECOND CALL):
+	V = e29aebebcaea42adb54504c5a18e32c5f85037f96df6286a5a0c73214f614b2ac7654c3f5761d2ef4ca6759fd7696575173cd314bc114c7633c571a3d9dcbe10167fd80fd3d08cff39b7fd450b37e449dfabca0b93ddeb3f13d3c7ba5b6899e6849b4b19b358c9faec0b91868030b2
+	C = bca2723f3df5a67ad9b1ee01e41ea2ada59ffd1d30cb579e42357d2a576676db8cfc8d622c3ed57b1f3a0ff0d8a455415735bad8e8a3acbb942f8d45267608ecc02c63b956e517c21644e266099a6638089b019ce98b0c5033199eecddc7f46a6326c69d00425e1c9a0f5fea0d6e69
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = bb3c27ddbe58ece2969b78693a344137f00db4b6e6ae08f89223c098cabb0aab
+Nonce = 5f4c9dd8ad3dd61756b8dc9653947231
+PersonalizationString = 
+** INSTANTIATE:
+	V = 16ce5680e364ec166c98142b25a4599d2ebd8570c727997e39aa7bb191e991697e8b72e28098a6b7c504dd7fafdae7a889ace5718d1bb14a0401e0860a1009884263f3c93edeb4ce70dcbb673efdac3cd9647b28dac47c8b4f5ad758e3da82087e96b7a035538d05e21316697e305f
+	C = 075d79e6da96d82af4b0821ad9f577b040dd1f85875a400c2a03ac54401fcc9392e32c21a13f5da43c0ddd71e5c13d5c650e3a5bb3ca20c9366b1e5d5780bc5bf16b2b32c1b7cbdf3b0d095a19b602d9731263d7fbe0ef2a475df39d405df6e6947c64b758d85c18f96d31867280c5
+	reseed counter = 1
+EntropyInputReseed = a676bbbd85362ca39f25ee14111164bfa6829567bd431e2e791758eb3473c3b8
+AdditionalInputReseed = be8dcb2cec1847edb93d2a5c831997f80726c5835d82779029ec99cf87f0c3e0
+** RESEED:
+	V = 13f5f83a188e7126aab035303d78675f9ab3bc943461d52fd5ccdf78c0f0af6009f372baad6b7c8fa97463e6aee4324846b548a63cf1185829336339bec59e4c68c469eabea439f0738d781fb210ea22a2d531957fd20a1a7c3ce65e4ce3c8cbdfabc533d4746171ac6850bd5779ae
+	C = c1c27e24e0719b6f97740f95d683ba843c7bfb2a03eceb5f504e62ae91f7ea3eb381c37422986f41cae03a66b83e0f254c5dde12f6f1c3fce2f17beefb42a61bffa6d4c84822cd07063d9fa67ae1dd6224eee9e806efe2a0b9facee1073d0ebec39867fcce96331f3a909c37786894
+	reseed counter = 1
+AdditionalInput = 4a3072e2b8629ae36c9a19fb621cdb0808bae9563e5973092dfa9016feb81f55
+** GENERATE (FIRST CALL):
+	V = d5b8765ef9000c96422444c613fc21e3d72fb7be384ec08f261b422752e8999ebd75362ed003ebd174549e4d6722416d931326b933e2dc550c24df28ba0845d50e42d413b6ac3ef51017bbcd0691b8f05c363b602f9471d1f58ccbdc1f30495f4164c56bdc41de01ad8f7ba8ed9127
+	C = c1c27e24e0719b6f97740f95d683ba843c7bfb2a03eceb5f504e62ae91f7ea3eb381c37422986f41cae03a66b83e0f254c5dde12f6f1c3fce2f17beefb42a61bffa6d4c84822cd07063d9fa67ae1dd6224eee9e806efe2a0b9facee1073d0ebec39867fcce96331f3a909c37786894
+	reseed counter = 2
+AdditionalInput = bdb025782014dacf7598c9d68037906ec7fff15a58d41ef73c8154a09f4ac539
+ReturnedBits = 4ed999577aa6ac7af993cbce49463a535155a1c41f6356687b0e807ae928577e83a5f29fe4643f4014e1303c87b328ed7f3d8fc51f8e38c2027e70f55618270a5e6bd2d8ca4e6dcaec7141d10fbb886aa7dd3b27336b0cb544b24c102faa49724c4e30bb0dcce51cae78102003050d7fbf8b8e0b697a8f35d36b3513ffc96a21c6f9c08812eb934256970c6642aa107aa89189eb81895eefbc5e53f3f097e52d74007a02fc3d633b4556241badaf2f4208cd55f194d4464b328fffaec6964e65
+** GENERATE (SECOND CALL):
+	V = 977af483d971a805d998545bea7fdc6813abb2e83c3babee7669a4d5e4e083dd70f6f9a2f29c5b133f34d8b41f605092df7104cc2ad4a051ef165b17b54aec87785331b86358fcf1d5d725b212eb85110105e98e3a5946762f3cdd410a5efbc588b0a40444a3cb2a0f393c3c419d97
+	C = c1c27e24e0719b6f97740f95d683ba843c7bfb2a03eceb5f504e62ae91f7ea3eb381c37422986f41cae03a66b83e0f254c5dde12f6f1c3fce2f17beefb42a61bffa6d4c84822cd07063d9fa67ae1dd6224eee9e806efe2a0b9facee1073d0ebec39867fcce96331f3a909c37786894
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = eb7a944fe0208186d8c573a134aa287d0afe8aba8b80c89a81aa6184024e8b6f
+Nonce = 49fdd380667f79bbe46ee4d22839465a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2ce48d9f8787e62d78f091bedbbbd053c215ae6150daef61013c416fe8a7d71dbf0fa4a3b91e9ceb121daaaa11c622948dce4e240666649a7e39ab021ed57c16107d8b9e4a47128782ee612fe94616ba2aa29bf6cd6dc66634184313623336723cfad7300798f24aee3191e181778f
+	C = 391bfd50ef9fb39a67896d268b439e6b5bfda4c54c18738bc58924d99b7de2b0a8e9e4f072db9817ca3a05eb3d92726f6158facae920c7cc9b09094c01d33b8463f18fb1cf130f27bb17b6dcad54a56bb473e0c349efd64cab3ad1c60ef59524c13e25dad3da844f32b34da5c9f629
+	reseed counter = 1
+EntropyInputReseed = 9286a2f8df4de98c385c58432d3769a7ec17d16bb7d2e07b169b3e45fc09319e
+AdditionalInputReseed = d4051a5a566462aa092d1491e3ec0e9bbfa1929b4d477037946fee62fde34027
+** RESEED:
+	V = 05fbc1b00a49f209d9e5fa92e5fb46b7982812372a4e1f9ffb8197c0815b02e3cfe65a419c4d9047385e4d85a07380da390c131cbb4ca96b29fb02b98e068eb310012c12d1fe6b78f55ee9d5458d43b00789ee9e60f652d1089d0a05926ec980fdb6e96112371ccd35eec1f516cf22
+	C = 3b0bfa867cd808189cb16e0933c505fb21de9a13a2bc615d26cc9627e492e267e23baa2588383a9ff3e97256fe06dff5f16b47cbeef7fc42f2c3cdd9848f2c7c64dbbabefd08c9090788666756f5a6250231801408ef661cb649cb726e939b5a098b6f34a98b6c90a868c379c0bc89
+	reseed counter = 1
+AdditionalInput = a27c7e302d863e294d7a1310e3eb68267f6b7f576b62876a5f6f5943340118e1
+** GENERATE (FIRST CALL):
+	V = 4107bc368721fa227697689c19c04cb2ba06ac4acd0a80fd224e2de865ede54bb22204672485cae72c47bfdc9e7a60d02a775ae8aa44a5ae1cbed0931295bc8165fd50a333700ae994c5c604f8302332d349ebd56932cbc7130d7fa91503fa59e64b99469a35b04d43f2ba246c9801
+	C = 3b0bfa867cd808189cb16e0933c505fb21de9a13a2bc615d26cc9627e492e267e23baa2588383a9ff3e97256fe06dff5f16b47cbeef7fc42f2c3cdd9848f2c7c64dbbabefd08c9090788666756f5a6250231801408ef661cb649cb726e939b5a098b6f34a98b6c90a868c379c0bc89
+	reseed counter = 2
+AdditionalInput = 06efb41aaeb68011fd0445cc3bf026d8e13a2e3ffb9446ff49600d94ef275b22
+ReturnedBits = 74da7d098b3f39a9aea683ba85f5973bd0923fd9d89d53679bc223723ee454a6dd2f70b59d9455b247b492e424c263c5f2b1c4a11ec197ae6e53e162ba66c2b2f06f7df358fce1a28c821bc1eb866360ced8b5d6f92227c1bbf371938048413ea39576864044db82dcbbb596125e94b548f41195b45767481c2d1b5787d51e9470902ce1a6be33b2f5e735805fab30e0c61f07c4d3375e6047ce080a952470fd2b5e31de03b02986e855502d4bc113f3dd1d674efaea293a9e47e77200c92371
+** GENERATE (SECOND CALL):
+	V = 7c13b6bd03fa023b1348d6a54d8552addbe5465e6fc6e25a491ac4104a80c7b3945dae8cacbe0587203132339c8140c61be2a2b4993ca1f10f829e6c9724e95085036c2b591e21f77e7e70535301e7b6b958b3699ad4945f2052ebe5414867cca193b888f8680b0b2fbe8befa2a722
+	C = 3b0bfa867cd808189cb16e0933c505fb21de9a13a2bc615d26cc9627e492e267e23baa2588383a9ff3e97256fe06dff5f16b47cbeef7fc42f2c3cdd9848f2c7c64dbbabefd08c9090788666756f5a6250231801408ef661cb649cb726e939b5a098b6f34a98b6c90a868c379c0bc89
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = c35a931bb84420990aead0112699d095fa68f129e5f52a1f83254905ee0b4a1b
+Nonce = 2a3d564cf9b4ae726b4091c6da9fa539
+PersonalizationString = 09e2b98eedd3f54559d1ed6a4b1bac16118ee9aafa714549f4cf4db65b0f31c1
+** INSTANTIATE:
+	V = 8a96d1e28bf16fab31d8c764632c1a0919a4e80ab57c44379eface589618fe7c9aaca2a68ae347a626e93b6ecbc34697843f3ae176f319a1c877179ae5fb622a79488c213a4b326e2881a4993630312417a6a56a91666a50f0c62898343058c65b18f9895d2a1934143eef2e2b1990
+	C = 41a5cc845bd338e216a5a33a9bcf4af60a4f69a7498d01eb46ed47ec935e4371434fcf6b2ba8727cdd91952b7ec4aed8058591dac80933173f5358b3c0e3fa9599e2cb15da2c46f8b0d64992a4ac1852cc9c1ffc2bf10c53afc0266b357f9b6763354b0ffb3c68c54ccd35cb65aac3
+	reseed counter = 1
+EntropyInputReseed = dfcedd71ed381189786a518b49a46201b9481943ac570cbf2886e09c0881de1d
+AdditionalInputReseed = 
+** RESEED:
+	V = bee1f68165f60dac4486942cfcdd2d0671047a74887b0d5f8c8c0e90d134c21991433746c7b556340d51a35e077e127719f6f1c05ba94a312674ea2738b30c3f52f1f675a9e4adca83ec34bf091836794ce955361a5775ee6e479129124a16df314fad725ba2a6fbe3be9ce4315681
+	C = 0c2f4e667b13d3e7c65c8d3ce49218ef265d561af4999ec9631c96d54a9085bc173e2def526adb4d9dccd22a98a0252c852be24d123fdf8cdfc986350c5078276618a10cee699bb24b837336f10d5156a75627f047a39cf05d104c259bb8e5b7f72f53d270e8bb6fc28f8310856ee0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cb1144e7e109e1940ae32169e16f45f59761d08f7d14ac28efa8a5661bc547d5a88165361a203181ab1e7588a01e37a39f22d40d6de929be063e705c450384e738078fedd2624999417f42466865b53ad33ed6a55e416b7947ac67db261e985fbb67e96ca4a9805bbc7c48448b611a
+	C = 0c2f4e667b13d3e7c65c8d3ce49218ef265d561af4999ec9631c96d54a9085bc173e2def526adb4d9dccd22a98a0252c852be24d123fdf8cdfc986350c5078276618a10cee699bb24b837336f10d5156a75627f047a39cf05d104c259bb8e5b7f72f53d270e8bb6fc28f8310856ee0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a499bb231a131ed24bf428e5c3c27abee48d9b843caf29cdcb3164f387f42192b1861f2c5fea7296d02e8e8c68589572ac601adcd2ad189cdf0f966a7dc0e6d9ce0480943789bd9b2cf23d34e9b42ab37a05f05f8c0a154db1ea426f44e5b1a28cc6e3b98258ca87669278a6202655c1c9ae035dda1acd23d7cc22ec47b3e233c2c2f2d5d085bede83af52e438547f4418656496b8b5ac5b49f87c7d708aa06056fa247369d0f73dd8a2483cb4fba957e68428b57fa77a15ec58c104f7c140c3
+** GENERATE (SECOND CALL):
+	V = d740934e5c1db57bd13faea6c6015ee4bdbf26aa71ae4af252c53c3b6655cd91bfbf93256c8b0ccf48eb47b338be5cd0244eb65a8029094ae607f6915153fd87fbcc6c55f44b2f885210b9ce14394a77556c3f13a78dc1305e80c386ea8f648890aac6cb0c227d5f8b48c2ea4da9c2
+	C = 0c2f4e667b13d3e7c65c8d3ce49218ef265d561af4999ec9631c96d54a9085bc173e2def526adb4d9dccd22a98a0252c852be24d123fdf8cdfc986350c5078276618a10cee699bb24b837336f10d5156a75627f047a39cf05d104c259bb8e5b7f72f53d270e8bb6fc28f8310856ee0
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 563ef89707aad90f5fb6f87efbbaa7ef82128cb4b4ddc4430a3c5f215b60bcab
+Nonce = bbb95b0c75f1240d3d336c61090aca59
+PersonalizationString = 15b0fbda2a45338119e6e483ed39affd270993e9b668566601ec817272743ed4
+** INSTANTIATE:
+	V = d659803a16981d16ec09ada43b3597adc3447e8072a7c98dab562d19ac3251b334f00c62b003783b55d731ce746c602570015ed55816a5ce9f8c33361b126332c38beb4503ceca582cec10a3d8f6d01d818acdf0d52e2b26d1f0daffbad1ec6967ab989b25627edfdaf43d3a511daf
+	C = 7dda65f45a94acdfd55621594223ada529ee79d017774e25ca860f410250cffa48a9d832f63d19cc68dbe41b8d6860bce2986605c54816aff9634ad855386821aaf275ca1d7504d320dc7f52b8f8f0599c6262734fd6757faeb2c9d6285e45fe7510b0edb646df96c4a1e7be4ec2b2
+	reseed counter = 1
+EntropyInputReseed = 52ae350f05abd50c6ee744375aa646a70cb9f2e4924e1fd527efba6eea26060d
+AdditionalInputReseed = 
+** RESEED:
+	V = 702d62b93d2ffa1c6ce76bf65d2b201f9456c3d9e6c3effa1e0569a3ea2214cfd73a792859fd0d4789870ec016144eab5096f625e2e184a91f78ea89c27aed3239436c92882c77f5dd41c902d018f354a31b7d1173cee1c7d75adf2e94d0f6106cd777984433ded0534b54e28134d5
+	C = 36f9cefe53a3f4f6fde222fa8ed132ca1e588e0c3943a49343b0a29dea089d343024bc53d3d193f64ebc513171f0c9f0840ffe16907c3cf266dc48490bd095d6fafbf52158aa52568c0e98acec2ec8d3d824fcb0bed89475d50982ee3df9e83c756b4cc33507da6dd5e1dcb813f9ff
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a72731b790d3ef136ac98ef0ebfc52e9b2af51e62007948d61b60c41d42ab204075f357c2dcea13dd8435ff18805189bd4a6f43c735dc19b865532d2ce4b8404719694ee6f6e2cb57b56255494c0de79d1864d19ac14ef02b3c562e8b40d2d5a6d8629fa3c693df6d013d5e60f5c1e
+	C = 36f9cefe53a3f4f6fde222fa8ed132ca1e588e0c3943a49343b0a29dea089d343024bc53d3d193f64ebc513171f0c9f0840ffe16907c3cf266dc48490bd095d6fafbf52158aa52568c0e98acec2ec8d3d824fcb0bed89475d50982ee3df9e83c756b4cc33507da6dd5e1dcb813f9ff
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c94fb7f0f74003c0fc9e2c0326ee8772c0aada4efb2b6f4826b4328fb97c52b826bf3badb17c74c1bf1947247c277e545b9286172eef2dd511140d47e14f00f4356c2c79ea6d24e03ad9b9ea3d80a58b3a0452bca2d0d742fcb17da22af59732858c4e6d8c1b88a2da7bb04977b9ca635a129a4e9749d8eb6db4861cee6c0779db362c1385db37fbae294da30bee248e05f16995010acf76f713d01c01ef6a2a1d632223b7cd2e8dec2d79ae1ac59e348c19acabee134c71fa2a3b7e043d8567
+** GENERATE (SECOND CALL):
+	V = de2100b5e477e40a68abb1eb7acd85b3d107dff2594b3920a566aedfbe334f383783f1d001a0353426ffb122f9f5e28c58b6f25303d9fe8ded317b1bda1c1a403f2132d49b01ec80cc1f862223617d8d52862a673134f52f6b95b1384c9f5861dc1537918fa38e4b7910e7e5f0324f
+	C = 36f9cefe53a3f4f6fde222fa8ed132ca1e588e0c3943a49343b0a29dea089d343024bc53d3d193f64ebc513171f0c9f0840ffe16907c3cf266dc48490bd095d6fafbf52158aa52568c0e98acec2ec8d3d824fcb0bed89475d50982ee3df9e83c756b4cc33507da6dd5e1dcb813f9ff
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 090c5d79e687ba32824326845b9ef81935a8e7f285d6bfc5941cf0b44d10536a
+Nonce = 5360862910c954a305363c66ebba3918
+PersonalizationString = bd21783d867e3ec4673f18d723f2fa451a38dab23e3813139a2f70fc8225f746
+** INSTANTIATE:
+	V = 0dda39fe13c261c080870272b6165e9769764b29e992b2eccf76ef047c2c2c3805e3e6708689ae63e1ad09785a29be5f21729bc9e21c708bc72554f32fafa343ed889aea8223b1ccc23cad1d2c91ba979dd51b27ec8c0d4031bd6d7a6da6efbf56dedfddad6dfdd54fc0a6322a508f
+	C = f206562972f3dc546ed7ae99a6698194952bf8c3bc902403baaa5b6864606199c47b5fa6161ea8dd69d02e8d22468629520811f9544422cd397ee64b569f709413a7d4b4feed13642e0b65c2961b1aec8379abd36222e3911b7a2d4c6f8c2b46c9efcf34dc45c02a48aa76e48fcc62
+	reseed counter = 1
+EntropyInputReseed = 656e51f0f9c48efef34682094c37bb33324b99c1522a7833229dc6994fea2405
+AdditionalInputReseed = 
+** RESEED:
+	V = 191ab96586f15231644b6b1f45fafa1a0a5448480ed7fdf3dd0f5649ddc6b2b6b3370d185dbc9397850d5331fb6341645b48010f02ac888dc8335dd936e160c2ee40fe1e0b7468bde0c9486b4f18b3ab47192a8f8cdc576597c462b72689611d99e8310162647fb441719b6e64b481
+	C = 310741d862524fe3a9ba66496618d19d3fbe52570870abad2580a0e182426abed08fd45f5c758ab8682c395c3aff83407d79a8a3d8af81cc732d7873311c438729a73dc39d4ab599586795275cb4c788873705d258b4b216f5814fbf7dfe9c032287b85825db1d8566a1dc8f309c33
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4a21fb3de943a2150e05d168ac13cbb74a129a9f1748a9a1028ff72b60091d7583c6e177ba321e4fed398c8e3662c4a4d8c1a9b2db5c0a5a3b60d64c67fda4a03106f9e8429614b2562aa678955d8717dc09b58f03790b4b752121c22f93aa0be00e95432a9a55fd1348a09c284dd5
+	C = 310741d862524fe3a9ba66496618d19d3fbe52570870abad2580a0e182426abed08fd45f5c758ab8682c395c3aff83407d79a8a3d8af81cc732d7873311c438729a73dc39d4ab599586795275cb4c788873705d258b4b216f5814fbf7dfe9c032287b85825db1d8566a1dc8f309c33
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3643c99f4f8df301f24ae827de36023d603099ba722ac5397442c65d6fe9ae5c5e28388db3cc34b1975620b1ff171d248eef6c56ea2c0df488824893b47085862951159ac9da422c2534d86e79354cf3f5a271ec7876a9e08110e8a473411111e86c3eb6455d156a4601b5c4d089bc472f44e7134556a47d4dfe4025873d8500b3386bb35aac7f9c51bd8103eb9adda1dd25f14edd673f3217e8d3757441987129a5192c1fc31f550db3d0a0cda3a73549edda89cdf5a25883ba09d260fa9c8f
+** GENERATE (SECOND CALL):
+	V = 7b293d164b95f1f8b7c037b2122c9d5489d0ecf61fb9554e2810980ce24b88345456b5d716a7a9085565c5ea716247e5563b5256b40b8c26ae8e4ebf9919e8d085b25979e414d39cf8c4c5c6de418ee0df0c79a61b474c9b28805d525e5e21143b8bda44fe3c817de8855268368823
+	C = 310741d862524fe3a9ba66496618d19d3fbe52570870abad2580a0e182426abed08fd45f5c758ab8682c395c3aff83407d79a8a3d8af81cc732d7873311c438729a73dc39d4ab599586795275cb4c788873705d258b4b216f5814fbf7dfe9c032287b85825db1d8566a1dc8f309c33
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 72a207d4d0340d9cd6c06d7b26cc04f21f27518801c7b10ea3a0f6bf027546d6
+Nonce = 827305d11f7e8b2e7d41f145318be6dd
+PersonalizationString = c83b61ad0e91ba849da0f1fad9cc9169b3e1ee17b8b94c3a77e4842a8e39a1c6
+** INSTANTIATE:
+	V = 832135299283eab1e1929e8f347575d561d2d1545e4fb46e16abfb14bfa1f19e4fcdad5fcfc89edd8e24f49e6bca476db6589e143e0f085a0f9070076c233a162abb15bf9a3bbdd6173c49cfac71a48a5661842c96313af967a0ac179837a77aecf20d07e528b44b9b62aeca399ebf
+	C = b188eee2778fac372a2f64ea55685ac35d55f3af538fa347fa9ad7f8559e46f6e1fcb8f49f0d4946c55d78cf08be6bcec9516f02556c3ebae2cb8c2084dcfac7a8dd4f47403d1ece2fa44598e714bed63362011d37b6d69638a5b16e50be208f703f705653603a5b20ec486f9502fb
+	reseed counter = 1
+EntropyInputReseed = 0677aec1fed5c73dac024104aa2b9344eb85682b9c56259bf34e87428250e289
+AdditionalInputReseed = 
+** RESEED:
+	V = a8d19f744c8eea64b7e2c80186af04a3026f12b06d0aa5c227dcd6198f4783f9a7281c408cb117692ab7e4e3f8a4b2f660fc7c8acdeb16f8c0d4f3aafebac2771769ecaa50180fc9e3afffba3236a7e575cf71d5e2f05a5dd3939b2dbe3c531f6393baaf5ec6e2802401d429c4d6d2
+	C = bdace58934e2ebd615a600f22305322edccc82e15cacb4455b4b421e56be693cc04827b9d189912dce7efe423645c19513b0064a2672d942d660d955707757ea191708571531c4908c02602894c5eb3872f6989a7958b072178ee8350c8ce924bc6eda78f5452959729dfe593122b4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 667e84fd8171d63acd88c8f3a9b436d1df3b9591c9b75a0783281837e605ed36677043fa5e3aa896f936e3262eea748b74ac82d4f45df03b9735cd006f321b082caeccbdb74072a74eb3bb326b97b2879175cead7e4c209705d047809b50b37e5c1a85abb97c8a464c4a3ed7acea90
+	C = bdace58934e2ebd615a600f22305322edccc82e15cacb4455b4b421e56be693cc04827b9d189912dce7efe423645c19513b0064a2672d942d660d955707757ea191708571531c4908c02602894c5eb3872f6989a7958b072178ee8350c8ce924bc6eda78f5452959729dfe593122b4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 98566e688f326e791bd7657ea7d5b3a46d46832942d0d9275b8136a4cfe0afaeaddefc8e62a645366085e085d57eda438c67914f6597771d984f5fa0450522c4adfa9cafae256e7055a47b5cd775c18ec71063b2480c8a79d708e64a6648824b0292bd02adc06e12ff2c5a996fa603da245a06cdf4e7be872c2653fb3c23e53957a27a46ade5d2712bbdfc73a93c853d9ee92caa7ff088f6fb5ea728133c84f950e908929b337b9c2de45f37a4561a9373c855f7ef8e97b07bd15d976f02e7c8
+** GENERATE (SECOND CALL):
+	V = 242b6a86b654c210e32ec9e5ccb96900bc08187326640e4cde735a563cc4567327b86bb42fc439c4c7b5e16865303620885c891f1ad0c97e6d96a655dfa9739eb7d852a95c78f8aab0a52a386497810ae4f9ac0354ded8066a4e13218b5edf5821215f4d37df8115f99948a7b0aad4
+	C = bdace58934e2ebd615a600f22305322edccc82e15cacb4455b4b421e56be693cc04827b9d189912dce7efe423645c19513b0064a2672d942d660d955707757ea191708571531c4908c02602894c5eb3872f6989a7958b072178ee8350c8ce924bc6eda78f5452959729dfe593122b4
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 779bec651145032bd0713c3aa9b0491efce1b98eb4345827943ea8933fd5f4ff
+Nonce = 35f738f861e13f3d573d573df8726314
+PersonalizationString = 3e9c02f2dce4e9e6e0522a68f2a5c439a647b561cf89f5d556e37e43faa80654
+** INSTANTIATE:
+	V = 6a7a8e338248612e64979df691b698d95019200af3576a8aabe9c97861bf7a49579c207e79cb5537a40689498f235017fb323a27ed53b1c2c961a643cf1dc2735b4f50b07b10170857329a7ae59b2c7e64a6e6f92f97e06dec553c2e9fb5db9b8e0b019a7dd07fa297726cb6869463
+	C = 6941b84c5107d54bb79df3bc25842d3b492adff6050224c474790aed1cc54296f9774b0e843536d40ec2805e73325ae688d48c26ebda8e0cd3f1a6fe7fc06ebbdc2b77b6051a901c8d50f4a55518b976daa808794589c20f0d151a3a6bb51b3b94aed0eb3da8c7cf3c99836e6c439a
+	reseed counter = 1
+EntropyInputReseed = f0bbaa37d08fcfdd87c42ec1b3518286ddc33914df079bf0bad46ba8375e1d87
+AdditionalInputReseed = 
+** RESEED:
+	V = 830575282d900a2dc0fe0530ff820927be085aaa2068dde7c4c6f3c660f1496e026abe40b7d72b994fda9ba0fefa1beb6e934fe0d7678a86682e0c0f793c5c523b519824df13e9e6269d1520e706f2b2a3b32db77bf9e8239c03595830d8687e893bbddaeb513994fccf91a6c2a56c
+	C = fab60a87e62196ef60447eb77fef25e72a831ad6eec5c65b1b1c5d0ac8f724bd0ba3d974939afc5f546dae4800c03d98652eebb28fb53a2601f69414b1611e2c9009688d073979a9a5bd1c1b430e23f907067c43b7eea4d142900ec10c3a759c39c3d6f558545dd15fbd13fb1edf9d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7dbb7fb013b1a11d214283e87f712f0ee88b75810f2ea442dfe350d129e86e2b0e0e97b54b7227f8a44849e8ffba5983d3c23b93671cc4ac6a24a0242a9d7a936d6e68181d824caba5337dc1fc47e9a9b5e77bb08a94fa37b6f8ee6b755ac6b27f59b510e54403292cfb6991b2741a
+	C = fab60a87e62196ef60447eb77fef25e72a831ad6eec5c65b1b1c5d0ac8f724bd0ba3d974939afc5f546dae4800c03d98652eebb28fb53a2601f69414b1611e2c9009688d073979a9a5bd1c1b430e23f907067c43b7eea4d142900ec10c3a759c39c3d6f558545dd15fbd13fb1edf9d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 691ff0bc12a9496336447e7146e98c8f3d2e3c2743e81acc6e856fc41ba05039f04538288cebd9ac3666d86826c3e845dbcbf69e11b8527ed0327430fd3028c5b6e4057f3e207812806adb68322b56b0d0a71ec6881a6b4cffd8ee307152ed48e4d3105d2391abe7fa6620df3eb0d2dd27e7cd9647a954d6291ffaf8c8ac266ed5e3d147d68778c83cc205782b087257c27f4060b14323676ce0aed00637d6b62c06db06cbb5bb9434682b6ba34c8ed74059461dcafdb5b42f74a30fda467d51
+** GENERATE (SECOND CALL):
+	V = 78718a37f9d3380c8187029fff6054f6130e9057fdf46a9dfaffaddbf2df92e819b27129df0d2457f8b5f831007a971c38f12745f6d1fed26c1b3438dbfe994200f2d3574484dcb9043ef65fea44950a71a402055c58163b12f57d50821913406d4efe5c013f0d534bd12b5ab189de
+	C = fab60a87e62196ef60447eb77fef25e72a831ad6eec5c65b1b1c5d0ac8f724bd0ba3d974939afc5f546dae4800c03d98652eebb28fb53a2601f69414b1611e2c9009688d073979a9a5bd1c1b430e23f907067c43b7eea4d142900ec10c3a759c39c3d6f558545dd15fbd13fb1edf9d
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7fd67567bbb53862488ab13bc36891c63c2ea815611188a830b9e231dd179666
+Nonce = 5ca7045318a3f7c263b057ea199a8472
+PersonalizationString = 8b25db16aae9365fefcd63c8977bd432a85dbf226adb775f6389dbd99fbeb46f
+** INSTANTIATE:
+	V = 9ac496d218f9a5101cd6aa30ba4fbaf4c03ea8c200fbbbc617b2519b5c94e00ff45fa194032fd91dca84787bf54c127d8ce903f62a574fd00b174e688ca090bc436253fff90b59bfcabdcd7b9aaf8677ada3d69c7be5b94422fb96e3930db4f766fd115286539a61510127428f6b06
+	C = b1deae1825d04416f74ae1e0359f0cdfa3f51153075f107e84d253c8884d2b38fab9e2b6631988c1414560d464cead8a96106beab3b491f6dfd5195661615d326c4cae5cfcb90f4f595756d11d9f68686ce4c5aa072ea5b6e952c5074f647d86e04f7eda0d4d99b24fca322c2036c8
+	reseed counter = 1
+EntropyInputReseed = bf8f5b6276b089a0150110704a443f7b07d5bf5b3b37b252eb55e06ec7c51938
+AdditionalInputReseed = 
+** RESEED:
+	V = f1d96b5d97fe8a3adff18242a5faae55ea9a72e44e2f3d8b9771288351d16afdea2985cb4b37dfe5c73cd45693a4cae6791c0befb74027fb981fcbdf78e8e4c663586a54195cd145ecde60eba954e74db66c11d5e3831edd0e64239f528b7888026d2a830e3312c7f15a14823d1b90
+	C = 2c507225cb4d8552e739be33a662169c4f7453f58fb58cff80c8d81cc3a2cb9c93f8fe19665f4eebf1d4909b9ab5f5c501840ff047f001f2d536bd4b39dd870939ec61dc209b693b74ea4c36cda87eb1feb8bd5b4118aae2bca7104db6f515c4fa15fab76ea80c71319f0fa58e9c2d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1e29dd83634c0f8dc72b40764c5cc4f23a0ec6d9dde4ca8b183a00a01574369a7e2283e4b1972ed1b91164f22e5ac0ab7aa01bdfff3029ee6d56892ab2c66cac43ca98a36989c624c98dd40b3f4ce30c0602c63a51d42b207a4cec5a4940c290d99ece6cd2d9e1344309990b28b02e
+	C = 2c507225cb4d8552e739be33a662169c4f7453f58fb58cff80c8d81cc3a2cb9c93f8fe19665f4eebf1d4909b9ab5f5c501840ff047f001f2d536bd4b39dd870939ec61dc209b693b74ea4c36cda87eb1feb8bd5b4118aae2bca7104db6f515c4fa15fab76ea80c71319f0fa58e9c2d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e5e8c433cb7877eff22e1e6043cf43e92a4b60668628d51a9f9885112b03a160e97a8e876aa14e6085b1f6e5006ccf4be763ebfc3a6118dcbd9da6d886596d88d9d7565baa83bcbec08bda78d4e3ea985c42403c7dfcdff216e259eb9fac502e8fadd9167cd2e7a4df12ca69bf266e37f672f4ccff8bf250043e162a803339642f67f036547702abdf0b4adeb6ba6eb786a73901459d67b2f9ace9b9b21c8dbb67c14968353173db07412f86845e2c6e46f9d24ce693ccfce07fc0203cf21a2f
+** GENERATE (SECOND CALL):
+	V = 4a7a4fa92e9994e0ae64fea9f2bedb8e89831acf6d9a578a9902d8bcd9170237121b81fe17f67dbdaae5f58dc910b6707c242bd047202be1428d4675eca3f3cf44a66d326af9759b50370d3d08bc84728835baf329b61ad8abc0e00d461da065005e5b13cc03bf869d64205fc4b0cd
+	C = 2c507225cb4d8552e739be33a662169c4f7453f58fb58cff80c8d81cc3a2cb9c93f8fe19665f4eebf1d4909b9ab5f5c501840ff047f001f2d536bd4b39dd870939ec61dc209b693b74ea4c36cda87eb1feb8bd5b4118aae2bca7104db6f515c4fa15fab76ea80c71319f0fa58e9c2d
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = be155b2a4546d0b0c20ce59b39b17908686d071cc32a9dfdd2fdbe95cdb1c624
+Nonce = ac7495cd72ed48c79c3d3aeefb7ab088
+PersonalizationString = 7303a9f8158b811ebb16767ba50f0e9da3d86b83346f57d75a3917fd495b94d8
+** INSTANTIATE:
+	V = 30e7114f4516e5fe7e54c5676d5f2bc88833664dc6b397236e325fada312464ee6200493c61c932c7ad1c1519392e13bf512e8164768d3c54a49f565a950ed95eb2b1194a1c604c62ea90d84230933e4ddf3bab7c5e24596ce20d2069e4172a5b1fe6d4a73ee5105915916988b0db0
+	C = ec356ef766807883c33f8bce8f275ea24370728e5acc737c0c25c7f884be6d76b008d7a80d971690fb71e47fe62568e3985c4edac867766c4df7208ed39c2248d9202c7834ae0fb165d42740464c0304ff67aa791d6e45abe46c296058e8bb877d17b5496e184f0e3d6da6c95c75c9
+	reseed counter = 1
+EntropyInputReseed = e6f458747e3c5e5adfb1b9e38bbe585898f327537ca192df8f9ad514eb96238e
+AdditionalInputReseed = 
+** RESEED:
+	V = 5a6aee46a27b54aa4fe7d95491f4f87636a31d8f7f82432f72e2be1e78a971c4fcea43c71237238f920ce8df3b2fbd9d2728fbf087103ea4232ed0dd96f40dc70778e711c724147a602eb03336663d4b9482be38349fc11613e42e65e2b29b4397fc0e61f938695957612c2f4c413a
+	C = b2d2de01ad0a71606acf6aabf62d2b4b073240a1896a4df16dea53ff640e5ddbc47360b445d0b3dbd14e5e6c9122251d3d988b68637169b71aa6b9faec5ab8b438bc8fcfe673ed778520e6e821d3168ebf7d1ebef8ea85f1ef511ce69b49729988b06db3bc6d6e2fd99f7177fde32f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0d3dcc484f85c60abab74400882223c13dd55e3108ec9120e0cd121ddcb7cfa0c15da47b5807d76b635b474bcc51e2ba64c18758ea81a85b3dd58ad8834ec6eceb969669cdbfef4d936681ba49556f389ffbd9b7876437ecb185297c7f964f62f15657dc0227421485b62dac7506d9
+	C = b2d2de01ad0a71606acf6aabf62d2b4b073240a1896a4df16dea53ff640e5ddbc47360b445d0b3dbd14e5e6c9122251d3d988b68637169b71aa6b9faec5ab8b438bc8fcfe673ed778520e6e821d3168ebf7d1ebef8ea85f1ef511ce69b49729988b06db3bc6d6e2fd99f7177fde32f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d288809ca87f04f3539058a78c853cab3fa6747782ad8f2ae4386ce4f7a5444bf343bee039e88ab14bf0e47537b9070aa8e9455885953ff8508b04ed40eeab4636bf134f25e307db9869a99f147e9099c8f18f8611716079e7f7b6e42f3ff76c2b2161941b650df6ee2efbd3f87f9e1594ec81ffbc689e2bda0a8df3bbd5046b0f27168293dda8fd8a2e308ab6e7ac575a2d2b9be0b993b61c28b4a44234785ba68b606c7e77ed62e0aa0487d532ebcd69b90f470f42356dc1f25cc47e1133e1
+** GENERATE (SECOND CALL):
+	V = c010aa49fc90376b2586aeac7e4f4f0c45079ed29256df124eb7661d40c62d7c85d1052f9dd88b4734a9a5b85d7407d7a25a12c14df31212587c44d36fa980317f8e3c51763c6c4a6fe8169c820cf441a9a6d6d3596f53bd50271bd59e6d767c9d777bba9bc51f9955df4429b2c75f
+	C = b2d2de01ad0a71606acf6aabf62d2b4b073240a1896a4df16dea53ff640e5ddbc47360b445d0b3dbd14e5e6c9122251d3d988b68637169b71aa6b9faec5ab8b438bc8fcfe673ed778520e6e821d3168ebf7d1ebef8ea85f1ef511ce69b49729988b06db3bc6d6e2fd99f7177fde32f
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 9030d858c22b3257016fd806cae03634191b5ae4f35fcb1773f9088622af8110
+Nonce = ebaacc5911aae0ee5dbf5bb60ee34824
+PersonalizationString = 4ac1c0d3e2bd8782d85fbab6a59f047deb59fa59a3e9b945c5878b7bf360c0c7
+** INSTANTIATE:
+	V = 32d430463fd7a73d9f2c5f90de693d54d16cc92f0645f66513bf233b19d2e2112c5dedf987accb6fd73189c3794f1f29d88d1f48d04a12d346d30c3969797ac0079f58c9498e1d68daadefddde9bf82c49739a9c9dacd33988730ef9977e90919045f5b5bde05692049460275382e1
+	C = 1796a1e3f5906458349bfb10c4c46e52a63cb70098cbc6836aa5c85a6f3311d985da1bfb897a6a866b18222c2051a715f340c4b1a658308031870025331a2f542afdbe7d5433dab3d368e49add7112bd9e690b31b9eb591cbe204a0b53ca28b406f86b459f4350448cbb830ee53bc8
+	reseed counter = 1
+EntropyInputReseed = 0f3975707cee387bd7b560f110b982ba5140ab8e79027f053a7494813524391b
+AdditionalInputReseed = 
+** RESEED:
+	V = d0056744b013201a7b7494c720ac7b595e8684af4382ecc36c4314673b3d72745fb687785ce4cc4771b68b143305b1d6bc527987db259f781dced57bc1acf39541425bbe60d662b32e46a635517e7d06cf161a19d931b67098c7dd9d2491a1b2f24b709f60a3f265f163a83357cf39
+	C = 0c12cf1d31ed3d46c14ceca96254c12c227c0b391536540882a7b25eea62fe67799a10d5dc1ce739e91187bd3910adbeb19af9ea4d19ca7f5e6560663f981eb013934cdb3247733e8e49b0623443b5c97b8ca644a32cd4e11cff0a5d9ef0f609ccd27e880e1cca022149a6732cd3d7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dc183661e2005d613cc1817083013c8581028fe858b940cbeeeac6c625a070dbd950984e3901b3815ac812d16c165f956ded7372283f69f77c3435e20145129f33929648c692c8d5cc3802375e83236a307b68f57265b3d74145fdaab62b6d07c9dd9fd37670cc3c0479d164f97a9f
+	C = 0c12cf1d31ed3d46c14ceca96254c12c227c0b391536540882a7b25eea62fe67799a10d5dc1ce739e91187bd3910adbeb19af9ea4d19ca7f5e6560663f981eb013934cdb3247733e8e49b0623443b5c97b8ca644a32cd4e11cff0a5d9ef0f609ccd27e880e1cca022149a6732cd3d7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1be0c2fd623e6a302aaad3b6d100c179ac6d7cd2fa6f0ad3be8dc58363a186d874289849f3dabd501dbffe8b295d55210f582d179d485f54395571f69a491ad56a3155708cdf3a370c12f75170cac97ce99e437d4a697ff527d52cc5ceab28a60167672001e67bc2747419a1826252eae44943d9909dc5cae2d36c91c5ef080556f4d65504c8f046e9df426c944c4a5d8521982e8ca32869ae7dcd2cdd3a9caa4ad480efd7d8fdf83910dc73b3941d0a51ca808740640727fccd608523cae3f4
+** GENERATE (SECOND CALL):
+	V = e82b057f13ed9aa7fe0e6e19e555fdb1a37e9b216def94d47192792510036f4352eaa924151e9abb43d99a8ea5270d541f886d5c75593476da99964840dd321c76af03174dff07857210ef75fa0feba65ddf5ef2526820d4b6fe3a62402842be359d6a1f9b13bedec7eae755a5a0cf
+	C = 0c12cf1d31ed3d46c14ceca96254c12c227c0b391536540882a7b25eea62fe67799a10d5dc1ce739e91187bd3910adbeb19af9ea4d19ca7f5e6560663f981eb013934cdb3247733e8e49b0623443b5c97b8ca644a32cd4e11cff0a5d9ef0f609ccd27e880e1cca022149a6732cd3d7
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1001e1a1a1883e8e8739378535bca0a00f613696815ea23c29a0c1690013d3f1
+Nonce = 5fd2a904de907b85e130f8f2d9989532
+PersonalizationString = 747c4a696633f76ba4b16c09af0a0e1a8494add46a5530d2d87c1a9f2908e5cf
+** INSTANTIATE:
+	V = d8dc8d6c55ad2c3dba3ac8d5812d74e84a4013868e390b0531abf04a3e4b9be95ac60546e873df1713c0040fb72959355b9b68d2250d2ed87cd6cab4fdf2c0958b611dbe1ecacf096ab178e78bc7e2478d0bba62899a0cd1f799bde69a356124bcbb9aea8008dccc7a45f16fec2fc7
+	C = 467743f837efdd524ae36e4fb70342323126d7bba8219406787a7849270ac8c901200b02c64342354ef35ee5af16ba9a728f98f5d20b78ec9a20eb6895626aadad1f428d1e5ddde988b9fd0cc5c1d88d683b552d75285d75b6be35c543b40cb81d70a460c72a95c88deb35a9994eed
+	reseed counter = 1
+EntropyInputReseed = f53ce9b62df721aa4fd64e43a9422396ca76349b309412fce8fe1e653c978854
+AdditionalInputReseed = 
+** RESEED:
+	V = 915c335b3153fa3a1feb5f11a862ada76977b798880a5e0ffb65cbd1ad1df8b84c6e72b0b4ba7d47696996f6b9223db8eff9e44a88a026442a44f08509af2490ba6fac4762a1f29649611fae81acef801dccae1d6fc528b12ea73c0125ade7b7a7b8df27847a14ed3219836845801f
+	C = a7232a68e5dddabb113797c6fab8236ab1244c37ba4cff4ea5ea92f9b64a3dfb3087534aeff32baaf7578d60d9ec36ca6e0a028456b4087fd06f75e59b77956d59e63f66cb6c469d3da5314b0cc72204dd4ae68b7b6fa53c479a04abc003e0a3fac1027c6d814246c9bc0bfb18fcb4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 387f5dc41731d4f53122f6d8a31ad1121a9c03d042575d5ea1505ecb636836b37cf5c5fba4ada8f260c12457930e74835e03e6cedf542ec3fab4666aa526ba87b7abf1cf9d80663f40af197652d0f2cc9f96fbd67e89982237081515ed091d28e3a5585a7cae7171862bdfe6af7e24
+	C = a7232a68e5dddabb113797c6fab8236ab1244c37ba4cff4ea5ea92f9b64a3dfb3087534aeff32baaf7578d60d9ec36ca6e0a028456b4087fd06f75e59b77956d59e63f66cb6c469d3da5314b0cc72204dd4ae68b7b6fa53c479a04abc003e0a3fac1027c6d814246c9bc0bfb18fcb4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9c866db03d3ef46c9f2d002f51daf09faa36bf6031d1936ceb0e73b50eed6533d36692f64906bbcfda0c607cd54e3dd3a890e95f166db70e87679b2cae43b212a40fbeffc99eaea1caff515b9d0f9855684368d2a8d165395f0ddc86cf516bab4b0a5c8af9b1bdadd40fe65dc7dd3b67536773e13a6a9e4ca6b12dca05cb76dbc427e2674ce71bd179396541580fcf6d3359fd421d2d66586b70aa15fac242584c8462538e4a2f04308de30bdb055c9bb167fa0b299c006656928f7d5ed762ce
+** GENERATE (SECOND CALL):
+	V = dfa2882cfd0fafb0425a8e9f9dd2f47ccbc05007fca45cad473af1c519b274aead7d194694a0d49d5818b1b86cfaab4dcc0de95336083743cb23dc50409e5080ed0faf694db9d2563ea5d49d2b54903e9bcb347314b6efbe3d03d2f5859a6f6f3a5fdef18e0c181b64b10dee70c1be
+	C = a7232a68e5dddabb113797c6fab8236ab1244c37ba4cff4ea5ea92f9b64a3dfb3087534aeff32baaf7578d60d9ec36ca6e0a028456b4087fd06f75e59b77956d59e63f66cb6c469d3da5314b0cc72204dd4ae68b7b6fa53c479a04abc003e0a3fac1027c6d814246c9bc0bfb18fcb4
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 4aa0194b17a6b95910e144f1740e99f57d54f5f2ea0ca42144c8451cf5416712
+Nonce = 6c513662098f533d6f02af05804ac4d8
+PersonalizationString = 82abd42e935f081acea645f420203d0287742dfa7342786bbf3e31895b93a0e7
+** INSTANTIATE:
+	V = 0c24eafe0ed87310ff1f86f4d70b471227888f930f5b7467e4e5c4ffd4ea841e20e178023505e83a78deb85aa6d14a2cd71eb91ef6b927e03760469469678a5342512229fa70e199a18dbb02e22847b4a195edcfee64f27d391bc0d4c608d51ebb4531fad3e8135eaedc64ffc5368c
+	C = acae98c9b05a4e959ef778dc90cccbbd105d8285d145f4f5afad78cd68222ba100c38d3b7f9dabc07ca44a2b25982bb8431eecb54e1b8d8c337f8cb4007bea7f2418123e9caa1cbbb06f8964137fb553aafc3166a02739d8e37cf23780165e9110708aaed66b0dd40c616df02bad85
+	reseed counter = 1
+EntropyInputReseed = e31a3f260784f3b51a6cfb155bfb1ef489476aecc9811cebad3714c429901be4
+AdditionalInputReseed = 
+** RESEED:
+	V = f8369ed5e978fd6879ca263b7da10e63f18bd8f8fced0c7566af98e50a5a1266b68cc4dce6947d777cecaf540a313d5a4875607c8a250f3318c639450bb52a446146395b7c27ffc4c52b5605765569edec36d034ccc0c8456146e1f1eb8764875189f850c14fe863cc3d70dd7dd21a
+	C = fdf8d1e4fd7900dd426764bc25598cf33efa6036eee4b2440d7e82b8e1e56691a42ad48d9d02b647865075e7ff90cfcf5e6b7d764cb347bd0c3eed7d24c0fd4a13b45a4a42f17d5852248b3770b45bf969afdc189216faf4a3fc21e63956d340ff9472f7aaf2e87b185fdb7ab8faa8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f62f70bae6f1fe45bc318af7a2fa9b573086392febd1beb9742e1b9dec3f78f85ab7996a839733bf033d253c09c20d29a6e0ddf2d6d856f0250526c23076288a427546704119771045fc2d402007d74c19d813d4bfa502322f06f4d7992c3bd8841f8410469d8827f89aa719dae46c
+	C = fdf8d1e4fd7900dd426764bc25598cf33efa6036eee4b2440d7e82b8e1e56691a42ad48d9d02b647865075e7ff90cfcf5e6b7d764cb347bd0c3eed7d24c0fd4a13b45a4a42f17d5852248b3770b45bf969afdc189216faf4a3fc21e63956d340ff9472f7aaf2e87b185fdb7ab8faa8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 21a043117eb1c0003075d0ba65e0551a0055db90709b266a8322718fb704b86a76f2f8f6d351f8b59b3a68ece4d634372a8e331e2af94b4d8e5dbcafa3de607cd62413e52e9a8d56e718244b9d8478a6aee7c9cd9c7d8890e8b6c35a7c0736ff15abe04b224191148373442628f4efbf9a2a460757c272e4fffe69ba70b6b6d112aa3edb78ff194ec5e276065f8236b2483342c07f2c602a1a57a5a4675d5572db40c08c1fce2a2aa31d4e5ffbc0f8972a9fc3047f6e9af0ccf41c168c553a62
+** GENERATE (SECOND CALL):
+	V = f428429fe46aff22fe98efb3c854284a6f809966dab670fd81ac9e56ce24df89fee26df82099ea06898d9b240952dcf9054c5b69238b9ead3144143f5537268f4d9f56dd9246425f3f803c8eae1debd52c46079b35a335a0e7edc11b639853934d79ee8ec12e999e8dc7a38c520da8
+	C = fdf8d1e4fd7900dd426764bc25598cf33efa6036eee4b2440d7e82b8e1e56691a42ad48d9d02b647865075e7ff90cfcf5e6b7d764cb347bd0c3eed7d24c0fd4a13b45a4a42f17d5852248b3770b45bf969afdc189216faf4a3fc21e63956d340ff9472f7aaf2e87b185fdb7ab8faa8
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 8cd3872a0dcaa0cbfefa655a06dbc110dcff46ee94f0add5102eb6200286ee92
+Nonce = 2f7d7b6b88b69bcde73d5a1e52f6f14c
+PersonalizationString = e45a8399c8e94876c8af10710031d2952eab23fdb6db4fce826c239df445ac0c
+** INSTANTIATE:
+	V = fff71238bb298f20a4046f5736d6afce507191e828e41ea6a9c7c6c4df7f1cf9455ad68fb20c2e6cebf10c345161f8602009510436a9e1bb1da186d3d92b786500d6212001fe94574ad2236251da75b4f7adbdb62e2bbbf4b446c3bad68af4cf6eae6ec36d704e1cc6f5b8a99f3e0d
+	C = 34b76c50d608b9f3d9d82f9a07c1ed761ba2e5b4cea6fce0441bdd635ec65b7bb939a7976b5b5e9beede6820423142881e575779f108058d5c4aee8d001d191d1b5477b4a9c33122be844a0ca1c64d8f1ab390e03eab7758f03b4430824e940133404061fafc279f9eaf3756216255
+	reseed counter = 1
+EntropyInputReseed = 2ff5c53d85b6311c2f85e8d4e4a909beba16c1726aa70b7496afe8859b79f3fa
+AdditionalInputReseed = 
+** RESEED:
+	V = 1d7ce980e6b3190d1bda2fe6bc8437601fd483a412253af0511be041025e6a5ea60854fcfaf8b5f70716886962f877ff1fc4eac4642cc302cdd218954decdd6b151d3fdf766b73ac3d22f0756eb45a8140fe955e969ff7146cb9ed779c1b0f70cd6c1cf16337859b6aa57e5443ef76
+	C = 104dd69641ccf7a773cc30f68aa73171aa9f87c1b954a690df8c492251ab3bf5bc926125025b48f41bf5cc5e61ab4866cfb6921f37ca5236e3d2a4d87a83641eda50bbdfb09f0b02b11be2a82af0b2f760d08e94eb68def6c90ce2b74e26b635be59b26937cf29dfb3838f30ce3dd2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2dcac017288010b48fa660dd472b68d1ca740b65cb79e18130a829635409a654629ab621fd53feeb230c54c7c4a3c065ef7b7ce39bf71539b1a4bd6dc870424e64e9cbb5f647e2bf874f57678ad7e5785f9a964746f38e097337c1cfcc64a82ec086a0f77aa156168323ffa783e914
+	C = 104dd69641ccf7a773cc30f68aa73171aa9f87c1b954a690df8c492251ab3bf5bc926125025b48f41bf5cc5e61ab4866cfb6921f37ca5236e3d2a4d87a83641eda50bbdfb09f0b02b11be2a82af0b2f760d08e94eb68def6c90ce2b74e26b635be59b26937cf29dfb3838f30ce3dd2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9e8ce5dbf205cfdc4b789241ff533a690d4417b6a2fb5bf4bb135dd4c34ba6087e09ca2622f815f463e669b20b50f2857a12800eb5b428901e96f1d4820ed11cbdf14586eee8a02b19e57aa55be96ea3d6dec54a0f5639fefce10e392415d5519aab15b95bd5da4148f2a172066e984480d6a3651547f76cff174e1412e401b992dce066e79844d6f274b81fea72378d4d529fb9446d2706f8422ab20a99e6b55213b7101bd7b4b255bfa8d95a715bcb5e5cb923c6211b69d5d0816851e74fe7
+** GENERATE (SECOND CALL):
+	V = 3e1896ad6a4d085c037291d3d1d29a437513932784ce881210347285a5b4e24a1f2d1746ffaf47df3f022126264f08ccbf320f02d3c167709577624642f3a6eae3d1256a30b2df650cdab7573d3f1d4315a8f08abd9aff71cc32547c8aaae7e0ba87b134f599207428efa691424db3
+	C = 104dd69641ccf7a773cc30f68aa73171aa9f87c1b954a690df8c492251ab3bf5bc926125025b48f41bf5cc5e61ab4866cfb6921f37ca5236e3d2a4d87a83641eda50bbdfb09f0b02b11be2a82af0b2f760d08e94eb68def6c90ce2b74e26b635be59b26937cf29dfb3838f30ce3dd2
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 906588f032daa4432aa181e3cb78c7c7cc7f656a297d9b27d9295407b81d5909
+Nonce = 60124ccd64ddaec032d6e92bbb9ef3d2
+PersonalizationString = c9720358643f1ff44454cbb8a6a653ec4fe02aa1674a3b411af1e4217dba0d89
+** INSTANTIATE:
+	V = e34153df93778d8644e4880a270a14fe4bd620f773ff57aeaf6d53f04b0e9addbbc71196ff8ccbf7fce73b2c3da09f94abd486162410f8f3c143074414f8bb92cb827126dab3a16680c60b19fd06576664749bc2459c609f89fad74b3ee113eba21b45605f4abc0263fb0bc66fda4f
+	C = da720cd39dcbf77a5e0d415f65423594a1a962e48ebcbe5e4c196adfea88b752455ab34ce3faa7e6743a44fa344be199676a2b0e441bdfb8b29e1b6a095743f201856d6c388aeb800d6618d2182cb40ea15813ee75607946ea05a49ec675b716c3d6e0695b5d1b3fabf2cc35bffe7e
+	reseed counter = 1
+EntropyInputReseed = c28e002905b48415512bd4279474ec6c76094adecf41493e7b7cbcec4be7094d
+AdditionalInputReseed = 
+** RESEED:
+	V = 344b30170ed0325e00426c26eb2a6bff080ce168c57ad822d5eb1804637b3345cfcbbe47aa4e6f94cabd6ca1fe7a56ac158231537168cb0ee0bd2be9a2db0ae420d78b2ba22aceaa53f162649ba0f2e2ba4b61882dc24e0cc2762cf1246177bb943aebe6951fe41daeb6e6e1e32189
+	C = f1e8ea19854febdc7c6bddbb54dbcfa286d22b9cc36ec234645e006affcf0c1337fc4673b87fdc15d44bd72bfeae851f072064aa1981141d9e04f0c131c8969ad7412d30e5d62105045c0dcc9cf4368af0e5c2cd8c1eee25311206380f1b2f5d758df2fad4b47da1d7d66eb28fc09a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 26341a3094201e3a7cae49e240063ba18edf0d0588e99a573a49186f634a3f5907c804bb62ce4baa9f0943cdfd28dbcb1ca295fd8ae9df2c7ec21caad4a3a184b00c8829fb4f50cbc4ec25aebb552b6d410dc1ba0c642420e32a388bde4063d8dc220b931b824fdad64b0950d5fe2b
+	C = f1e8ea19854febdc7c6bddbb54dbcfa286d22b9cc36ec234645e006affcf0c1337fc4673b87fdc15d44bd72bfeae851f072064aa1981141d9e04f0c131c8969ad7412d30e5d62105045c0dcc9cf4368af0e5c2cd8c1eee25311206380f1b2f5d758df2fad4b47da1d7d66eb28fc09a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = eb5621150e6fe152f2945bfb2669dbeae9919e661f88d05e6e0b7fb8172580d3ed712bdcea6dbe2e1060b179e175f37f170a6bf030333e82a64d196856dbc3a322cad714a9db18c9cd6e83c8fee137c999287720818d7e62b4055a9b0a1a66a9f38e02d2c3c01d75037825a46e81fb5fc2f2abdc1040144af146be769ce8209d0234cdfaea115665e81fc420b2e1b2d7ce405b4e4a3683beba3185fb0c420c00a88f83307b685d3bd856dbb15258c17264a228fa1bf20386948795894c1158a0
+** GENERATE (SECOND CALL):
+	V = 181d044a19700a16f91a279d94e20b4415b138a24c585c8b9ea718da63194b6c3fc44b2f1b4e27c073551af9fbd760ea23c2faa7a46af34a1cc70d6c066c386f5c6c0e0a7ecd7438ee05b6b7506a6c13fd070687aa0b82eb6ccc09612db85e2aec9bd3104bb71578656f1fa6eb6951
+	C = f1e8ea19854febdc7c6bddbb54dbcfa286d22b9cc36ec234645e006affcf0c1337fc4673b87fdc15d44bd72bfeae851f072064aa1981141d9e04f0c131c8969ad7412d30e5d62105045c0dcc9cf4368af0e5c2cd8c1eee25311206380f1b2f5d758df2fad4b47da1d7d66eb28fc09a
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = dfea4f3d6cc40415742e2ab03bafd7f0c6f5b0a4ccd900f66f9396e1a782dc14
+Nonce = 340186bb74e888b11472036cf3a98e3b
+PersonalizationString = 332da1b8af63cd12bee2176ddfbc05febb60cdd896f5f517061509594c031f97
+** INSTANTIATE:
+	V = 7ea98bc36e4d257c5fab5c829f090226cd9334a13853cc31b064248ff08567ac3faca398a4b2a7edda01e3cdb9e9b0736134bf82f3d1c3458bb2cc4dd9ad66ee558c98935f2215e2ca033e95d05b601749765c4c8fb350e6ce05d4318a69c104f889c6dea4054030ec27d2c29df162
+	C = a2b0255ae0e7022c4e9c5cebeaa48ccdb0d6f4e7b4da04b9ed9c635e4dd2ed2566e9e2f20a200ffa411e11f9917dbdf614e0e3aa20d7b685c50f3fc31631b68f62594c7e9b148debb51499fe9ad121cb6bb2625595994dfec2539bc755d0200c00dc90745f27dcfb0294a648112cb9
+	reseed counter = 1
+EntropyInputReseed = af4942e6b9c968ebb8c68f4bdfc7855942c81964508befc1e3f149ac3843655e
+AdditionalInputReseed = 
+** RESEED:
+	V = a869292433fd85388b3b70e70cdd6dcf9d7cf0d009a5cb41209557e5b9a5ceffa315ff2973769f67a919b2e4dd0d02c28077a425f8c43997c64193e551ba42995a950aa8bf2f646922fde0959c8609e7eda2dcfc1d27325ceddd4a61f3c677c2e88321fba5cb107e6fb844752dcf21
+	C = 0eaa725f1348594c7231ad491ce83fdf09c9bc971ace5c9e2b6a7a134844dd7f68daddec22107a97f3fff2d8b52001290b4a2c3b3ceeb30e30f7cc0bedf91be78b9643e95f6ca42633b4921f8cd3c55a79fc3bb9cbdf6c756cb0dc1dfae963e5edb3d8222801c501bacc6a46d56fb4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b7139b834745de84fd6d1e3029c5adaea746ad67247427df4bffd1f901eaac7f0bf0dd15958719ff9d19a5bd922d03eb8bc1d06135b2eca5f7395ff13fb35f315b76b8b78b3b4f8f9fa8dbbfbbf3fd7060e06f6107f12acd08848360177fe0a4a1fa869d2fa662c3f57fbafd74e359
+	C = 0eaa725f1348594c7231ad491ce83fdf09c9bc971ace5c9e2b6a7a134844dd7f68daddec22107a97f3fff2d8b52001290b4a2c3b3ceeb30e30f7cc0bedf91be78b9643e95f6ca42633b4921f8cd3c55a79fc3bb9cbdf6c756cb0dc1dfae963e5edb3d8222801c501bacc6a46d56fb4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5a8ca5e3e9450a2d978ca5879d0966aa95625dc88ae682e4b211a65a63e93c108be8e40eca93b2e86ca75de82a5826b061308d253f3ae4726b0037e6ee43b57d4c31c8279d5f48b80968f4d0082a6758c6f83fa3f1e259572ecd456c9e82ec379d1b75b84a6ab86b837bbe9ced3a27ba4337f3ab04d60490a9df71ef54de21dcdb05a200a9f86cd44f12be7ec3d81eff9c05a6b0c52b3d22bc55344917691448ebb0cb39b953a0b39e40e81e053bc6b3cfeba47f8b19c22143bb263035fa8906
+** GENERATE (SECOND CALL):
+	V = c5be0de25a8e37d16f9ecb7946aded8db11069fe3f42847d776a4c0c4a2f89fe74cbbb01b797949791199896474d0514970bfc9c72a19fb428312bfd2dac7b32f797ad4ffbaf5bd89dad1645decde2cad39b08e7005741cd4fc85a8ebb4c67686d6ec0ecd9f5001223c44aaef68260
+	C = 0eaa725f1348594c7231ad491ce83fdf09c9bc971ace5c9e2b6a7a134844dd7f68daddec22107a97f3fff2d8b52001290b4a2c3b3ceeb30e30f7cc0bedf91be78b9643e95f6ca42633b4921f8cd3c55a79fc3bb9cbdf6c756cb0dc1dfae963e5edb3d8222801c501bacc6a46d56fb4
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = be5b21270fbb0740b90238935789967e6aace17e11225c78e4c9fb71bdcd026a
+Nonce = 270b9582f716941a9bf0f34a78212d13
+PersonalizationString = 41c8f472aa1ffbcbc1404b273356f4309d0b1b2540a3de7995fd714750751ece
+** INSTANTIATE:
+	V = ff159331ec312af9b4f961e360f77160f6e64a824a792d905bd0c0cbc91db519fc11d406387eb17b09889d623faeaab0ddafc7854b097de0c358e67344d3c87fe5dbff8373ab248b0a7ceeb72d91f49072334db68b0a4b6c4a2fdd10ebdcba4ee846dafa4c0a22f61330d5704aa585
+	C = 0b3f946e20a6371ddec525d4f65fd8535a79d92ef01f8e329dfbbc1488e05dbf29191ad984d828553b84e1e2aee72be4f98aa2f7ee0123ad1dd4e72cba543bc5afd425b2a280c8bf1ac03b40008aca787d5d03fa7c8524b8992ed073349ebbd1c886c6fa31fac19e192bf940b4bb46
+	reseed counter = 1
+EntropyInputReseed = 405e9f140a3b598e3d9b934e8e6c37dba0df80957e77a29fdca47cc0eb8a35b8
+AdditionalInputReseed = 
+** RESEED:
+	V = c06879a306e7337b2aba9ee4869bce6703a480c4d9c774175a1846bd8f4da715111d27353a8a9c073574fc59e658b62b7dc0b2f5f004b1896a9a652a3d523cece962e72c157f5b6957fc4f7755e7e47a7eab79e67abe74b68ed0ed1ee87f7676a97c3f87260dcfee0f47084e6f08a8
+	C = 337759cf2be69cd5b40acfabc66775cadf930d1a592d03b22e4b5cfb9c29c5177bf60014a803ce0cf2538dba0aa9c4a8c3cfc58ad1799b0374421f25a81ce053cf044669ca2fafa4b60aab7689b86c03cfe1343fe10defd6687c545c3de615197338e58d2d5ecdda53f0d6fb25c885
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f3dfd37232cdd050dec56e904d034431e3378ddf32f477c98863a3b92b776c2c8d132749e28e6a1427c88a13f1027ad441907880c17e4c8cdedc844fe56f1e3ad7ed9f94a4fc418b835037c60e2e590de1631b5fb654cf247e56d0816845ad4da7a7dbef81e5294680fba43ce3a1a3
+	C = 337759cf2be69cd5b40acfabc66775cadf930d1a592d03b22e4b5cfb9c29c5177bf60014a803ce0cf2538dba0aa9c4a8c3cfc58ad1799b0374421f25a81ce053cf044669ca2fafa4b60aab7689b86c03cfe1343fe10defd6687c545c3de615197338e58d2d5ecdda53f0d6fb25c885
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c38ddf394f8cd2226d2e4a0c9f8150f0788c88195b563c6686f796d75cecadda010165bfe12f1d6808d0a650a00b088fcee871d680adf782970551409d3276a5d7208632932f8f389da153b18d91fae70cb18de804448b56e7c320d87bf963db5a9efce1695acb58af8d6b045185cf882801c99176ed4bbc3e2a01ac2058888e0b858e4cd14942dbfb4bde93b9faeb2a061c69958e3e68d0a909c1efc8b956a03d46aef7f430b738625bc4535ecc1bd06d90dd3bd04f95bb0e9249ac38f14d98
+** GENERATE (SECOND CALL):
+	V = 27572d415eb46d2692d03e3c136ab9fcc2ca9af98c217b7bb6af00b4c7a131440909275e8a9238211a1c17cdfbac3f7d05603e0b92f7e790531ea3758d8bff509bbf50128c538f52ad9ed8095897203be31c8ab3b8a1bac846ae8aa43a6b5fc7ac99ad7c80ad84dbcd566b698770e4
+	C = 337759cf2be69cd5b40acfabc66775cadf930d1a592d03b22e4b5cfb9c29c5177bf60014a803ce0cf2538dba0aa9c4a8c3cfc58ad1799b0374421f25a81ce053cf044669ca2fafa4b60aab7689b86c03cfe1343fe10defd6687c545c3de615197338e58d2d5ecdda53f0d6fb25c885
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 46e8193d7e14b0cbd0d45f10e9ff5572e92ed6a1d0f6eb2d410c74d337042463
+Nonce = 174a78af9c6563aa118828e233a50948
+PersonalizationString = 5c1ef9aee8fc465698c1e7f986cf0726701764b7a21e0721e80c69633e5fb56f
+** INSTANTIATE:
+	V = 0249ff77040e8604f91410edf97363e3089a5b97b63bba772c7adabd740907f3145ef91a724eb3f297a41224a886955d85be322090e2211ea3031923c5e9c7b0ae3ea9a7526199fea579bd855b12169ea5a949483b738bf2d724c168577db39a770177b6dffcbc63c3396a135d7102
+	C = 7aae6a2eceb87ab91570a3ff9d111c0e4fdf7428c73aaa312a8b7cb8d1b939aa1c7940a6bcc6eda759a31b11d6b26898fb51859920570d5e1dad01c1a4a9de5010d6b3b6aaa55a68331b1caf8915ec6bb6a1a24240f7cb7ec74c0a5406fe383dd51cfdca24360ddd59131eb1ee6151
+	reseed counter = 1
+EntropyInputReseed = a4b1da00547b221f7a635752b86abdb07f38e7c508a3befe3a5f86b56b5fb8fe
+AdditionalInputReseed = 
+** RESEED:
+	V = 81e4f4d71810246d620cc08b0193bb10a826bfb1f8a9ea6f0fd357fee2e08aa7b93789b2721089f0bbfc1c3c9447cdf03c9534ad49055e0e6f4b1fe80f1e103a58f41199c63de1bcf6c18b4b6ff6c3cb23cf9f532e77a90b55d84a20628c8f4a5848241775210831fc560e34b0ff4a
+	C = 9eb92dcebce7f2daf8187c71dcfbcbce819132d5e1eb981a7c0db752c25cf38b971f9e3bc7124d6a6289b4f1a8e56e3a455f76cd89aaccb6c90b285eac9efd31ba38c469553bc49053d89cd0d4d1b0199950189a84856cf732bf5829ee745eff9e0668a5d3f58ef9ef36e3c32e704d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 209e22a5d4f817485a253cfcde8f86df29b7f287da9582898be10f51a53d7e33505727ee3922d75b1e85d12e3d2d3c2a81f4ab7ad2b02ac538564846bbbd0e263ae93a2c467a3755e423deb16bd6a7e811a8a070a54d3bcd0d16b12fba7b84b0204a924fa59e8a02aefe1c75b0cf62
+	C = 9eb92dcebce7f2daf8187c71dcfbcbce819132d5e1eb981a7c0db752c25cf38b971f9e3bc7124d6a6289b4f1a8e56e3a455f76cd89aaccb6c90b285eac9efd31ba38c469553bc49053d89cd0d4d1b0199950189a84856cf732bf5829ee745eff9e0668a5d3f58ef9ef36e3c32e704d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 210483c1d4c54d63ad8221782b424283d3399bf10e2472b397e777db1aefa27bb9174683a29f36a70b80a17e6b468306373bf5e6e3c980fae618be97cea5a32b56dc4c8f45c59b27d8256c426ffa7b5c3dfebd0019f140fc45631f6c48540e269260657f8b2e4341ef3edcbeb25cca6e02fe92c1cece684c9db112e6af368d06b83ffe29a993c14c13a86fb61aba1a451e5b32bf56aa4f79e71781ecb71953c3c948ec1e7a252453f8516235c2965d3429113199814bc8f007bfad87361d582c
+** GENERATE (SECOND CALL):
+	V = bf57507491e00a23523db96ebb8b52adab49255dbc811aa407eec6a4679a71bee776c62a003524c5810f861fe612aa64c75422485c5af77c016170a5685c0be5b6684d75b72c8f0a42885b6f4fa6c9c2715fa13ea2fd74ffa53757b6e6d618e26cdb2dcc61fe3478ed36eb7fecd09d
+	C = 9eb92dcebce7f2daf8187c71dcfbcbce819132d5e1eb981a7c0db752c25cf38b971f9e3bc7124d6a6289b4f1a8e56e3a455f76cd89aaccb6c90b285eac9efd31ba38c469553bc49053d89cd0d4d1b0199950189a84856cf732bf5829ee745eff9e0668a5d3f58ef9ef36e3c32e704d
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = b9ee2488c47e5f50008547dd51a65125ed769c84ba92bf081651e514b9a26e44
+Nonce = a3694ca961dbc6755194033fc6ea3bf3
+PersonalizationString = 2f56bb821333c4d41d8ed19cf424fa99ed590a21695832f6966e5a612f4b0830
+** INSTANTIATE:
+	V = ace6d8361a41edc6de889323cb854bb781b32d034b5ebd4ee1a6dfa283dbc555d2d903287af5320813368777261c4ac343f299499d83c30d8711848082bc90251356e42fdbc1038299d25d0a9dacb91d6a21febc7a9d26db33c86ef27c1888b3875a429bf73e3cb56013f8575be1d3
+	C = 71689a4eb9bffb5ef2fab432218f8c3f30a818373acb1f6ecbb0f0688ff78ef0c1bfba846f35fd9b8ba2d3f0bc7c75e262e1c3c8e54f12555b9b485cc414f4b8d19d53b1ca51eac8de7f54b19e0a4ba388d94e84621c2cd08c7c9f377b0a93d212c792ff1cd4dcffab589790359c2e
+	reseed counter = 1
+EntropyInputReseed = 7985ddb1532c9efcda423c4cb8f8d5e6686446b6af5230e7150246ff8af7d91e
+AdditionalInputReseed = 2e133688852acbcf3a1a06a7fab4feddc787579827997d329cc61f24f2f71794
+** RESEED:
+	V = 234ed4bf95c0bfc8f0ca4983be15e8f0f8af2e78d72a45be9142c57565952740d4424d0cb57308c721b1a5a5f8ba101ca0878196c0445998b3909144d01f93a41c701f0e55c6efb0840e9ce3d04fd43c34135af8571c58c34079d52d691206b3565bfe0fd78c04ac5d15262c774fbc
+	C = 5f9ba41883ada59460b4e57f08541e3e1c2c6d1d983ae7ec23fb0efe2f4a3569ad31eb7d109db00b551c9f2911e5800d8f74ca6b54c2e92e2d5ff636b2c5a258b5917de1866fb091848f70932f5eee3b46605a0cc39f706a6ee81168419ef8bd36d5ed5143f9f7e7bf6e8eae9642dc
+	reseed counter = 1
+AdditionalInput = b73d3b74b4d6932683113cc571a72a6188fb96dd0f46a0544d27a03498cb5352
+** GENERATE (FIRST CALL):
+	V = 82ea78d8196e655d517f2f02c66a072f14db9b966f652daab53dd47394df5caa81743889c610b8d276ce44cf0a9f902a2ffc4c02150742c6e0f0877b82e5368dc16d552bc8ce6d23a0566b5e5c25986c15ba57e537ba7c92ccd018b2a94916c7535f34fb453505f0c1eae028ca1814
+	C = 5f9ba41883ada59460b4e57f08541e3e1c2c6d1d983ae7ec23fb0efe2f4a3569ad31eb7d109db00b551c9f2911e5800d8f74ca6b54c2e92e2d5ff636b2c5a258b5917de1866fb091848f70932f5eee3b46605a0cc39f706a6ee81168419ef8bd36d5ed5143f9f7e7bf6e8eae9642dc
+	reseed counter = 2
+AdditionalInput = 3d4ee87dee5ffd3553914f68ecab44f661bd53f3762f706ad7e7dbcf5375b051
+ReturnedBits = 3fbc26fdaf4bb82b6e4fea0c558fe8012045e976020127b0ed76d01d551efc258a6472c2d7c941fffcd884d4f481ed06f1f7cb32783dbc77239f5c4efb4bf1506d131678c6d1104d19df775470c77d4e58f58c834c4f49a67b362aca1c2e4b997c55a40549cad89dcddeca3580d2951bc4f5a205d7eda5990b97a0829db6c99d98b5a98f1de2c458c1cfa98fc136fad2af87e96d5dd7551299c29cc717d26db4ab7429094787e5c51b3a8705a6a21d0b7acf488706fbe7bfa50879e1c85df295
+** GENERATE (SECOND CALL):
+	V = e2861cf09d1c0af1b2341481cebe256d310808b407a01596d938e371c42992142ea62406d6ae68ddcbeae3f81c851037bf71166d69ca2bf50e507db235aad999a2e0af4ea4d72e0eb19fd949dc9b4263cfb0e41d44ac3620e0db6d4c6025c166987138ad05d689476fc578dc7e6097
+	C = 5f9ba41883ada59460b4e57f08541e3e1c2c6d1d983ae7ec23fb0efe2f4a3569ad31eb7d109db00b551c9f2911e5800d8f74ca6b54c2e92e2d5ff636b2c5a258b5917de1866fb091848f70932f5eee3b46605a0cc39f706a6ee81168419ef8bd36d5ed5143f9f7e7bf6e8eae9642dc
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = d69fcf00509002021c68732937fa730d6001434a672a315b62d2c88c9f6b6de9
+Nonce = 5c9b2716b5081eaed677f99ab729f39c
+PersonalizationString = ee0e90712f60af953295e4f86237e6b704a1a06e4bb822813f2681a73bc1b366
+** INSTANTIATE:
+	V = 48fa06993a2039ee0f13dab65a37318b95c002a572704003c5f938dd2500feee8accbe2f92cb8d4f37ad92daaa80a2400e6ba4bb88effb5548bad198f78002f9108140eb163236205bd55523754a8d043906bab3a166d107705c3c1caac617552d1fc4e92a34b522585efa3cc38049
+	C = e2622b3d4f89b77e42855d672d7733456c9b66b82e46cc92d36adf21a7f0ca7db49b3099873a3c445ecab57db2987500ad006dc3f8345aae4ff7a364ce0d17bb03c31a5cd545eab2a0eeb3447c3fea98e12bcb116ad9ddd447cb2341052839aa52890502a3b50935659e2103369462
+	reseed counter = 1
+EntropyInputReseed = 834e8361c9b785366cd24f3cef3932d6894125858e6f99034a2996ac34aecba0
+AdditionalInputReseed = d209ed3ac4bcb6e2614d1297b06c157b97ed7a1798a491cac98208063d467bff
+** RESEED:
+	V = 48a096119148a829e45816b72d53fc39bac5add6ca9962de29e9e3265a771b8f76e76f9357cf6dd74d59228add5c6422c7c4d562f1a8c2433484863ccfbaa9267f0e4214883e831ae937bbefc0d878378e0b9309866415c1aef5d836f1754532c1f849e9e62729676ccf882b877da0
+	C = 98f738c0c415e9bccbaee1eeecc680087f93fab070a6cdfd7bbc57fbedb9170a3d6f4e14e78ff152109338d9c4c7a4e67ffec91be466bc05ba0321c13088e31a520b7d88a62167e6408fb506847052597bb751bf7040c42a30dbcbe55654b8eac826abcff90812de93a9215901163a
+	reseed counter = 1
+AdditionalInput = 1f272f83b43b46f3f07ae34e926cf5734bfeb5a07e214471009138f23a00e20b
+** GENERATE (FIRST CALL):
+	V = e197ced2555e91e6b006f8a61a1a7c423a59a8873b4030dba5a63b2248303299b456bda83f5f5f295dec5b64a224090947c39e7ed60f7e48ee87a7fe00438d525e6c1675bf9e7b51b1c57c002ec123d6be1e777f3023fea74c846bb5b4130bcc1f47d3f1dcbceb1bcea3fc9b1e2373
+	C = 98f738c0c415e9bccbaee1eeecc680087f93fab070a6cdfd7bbc57fbedb9170a3d6f4e14e78ff152109338d9c4c7a4e67ffec91be466bc05ba0321c13088e31a520b7d88a62167e6408fb506847052597bb751bf7040c42a30dbcbe55654b8eac826abcff90812de93a9215901163a
+	reseed counter = 2
+AdditionalInput = e4b479796c7679412b52b602b8d1fea6acfba4321e4d7a42a01968a7d536f5be
+ReturnedBits = 7bc7765ba5f63031004bb9fbaf97e851dd691d999e1ae21675abc698fb8a2adf59e1a323f0a82119323c053d2a1929e57087bfa4b6eb705bd14f909add808c9369a6df8abf4b9bb281328539701ca42e99144009dd9ce9e02992887e35066ac48234ce767128d52d0d025ae1b656b69ce75b7b6447727799540b159ee47924caf5a7eaecf2b2bc93698b1b9d63130caa1c51cfa2762c88b35b80ed1156ee67ca277511dddaacb06643e0d119185ed7097e13f80947cbfa29be69781b4c9b23a5
+** GENERATE (SECOND CALL):
+	V = 7a8f079319747ba37bb5da9506e0fc4ab9eda337abe6fed92162931e35e949a3f1c60bbd26ef507b6e7f943e66ebadefc7c2679aba763a4ea88ac9bf30cc71076bf0e4b212b4c9a3a14bfbc807fb591238a00f41acb0d42c943e5c11d9a40f35f9b3dc1bd3e303b6b5fbacce04dc1a
+	C = 98f738c0c415e9bccbaee1eeecc680087f93fab070a6cdfd7bbc57fbedb9170a3d6f4e14e78ff152109338d9c4c7a4e67ffec91be466bc05ba0321c13088e31a520b7d88a62167e6408fb506847052597bb751bf7040c42a30dbcbe55654b8eac826abcff90812de93a9215901163a
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 7b8d015a9d668630b9e79845b93f0ff4b50d60f6149d4e94296c3267f450a698
+Nonce = 7f354382d434e2c3e96c928117ec5c1d
+PersonalizationString = 89e931c192d21229ee6af6e75c577445d8b253cfe57577604501668df46532e5
+** INSTANTIATE:
+	V = 337719bcbbadacc2a0cd62ab62bd7a5e1c37ebe40b4dafa6dcd3457d4143cc1423150398b07e62bcf684216068c04c40689d3d60f4349a9f11d244366f177f9006e8e71a21ce1dd55ee0fd4c69cbea5cc2235514638a25aeb42e2decc1e729657250aac773e7bd3e735d6a82e5a740
+	C = e816e7f561f576561a4155596ab032b46569aeefe223842cd9ee574c0a80d30afc9d896b7f1cb7a366c2fe90f32232a142a91a3cf69ec485af0014e5a575c0dae7d57611a286d40f33b409358816d13636c1bcec20032fc6b3f032fb10342715d6e480d7c530cca8c1ac15277e1964
+	reseed counter = 1
+EntropyInputReseed = a9859240095e556a591b43627f49d476bc58183b348e959cdfe0edcef34273e6
+AdditionalInputReseed = be2e8b57567698b11ee369dc2077e5cd8c8e3e4eacf88ecb630a37fb0b8c222a
+** RESEED:
+	V = f6d3f3c5006ffdd0afe664e6923d4a34295d8370c9f80f6f32da837200e3b1a4a11c2752dc9077b1ea4e6de8c56676722d085582785eec4c83bfb64daef80d35be9a29c135ed89cd6dc79cdf64883f9bbaf664f0cd19461e5653329c8357332ecd2c34749c3d5565f66e98e3bbdc75
+	C = cf2bf7a66d1f5e2a7cca6e0b52bfc9b4f42218e02a815b61576982e93dc4f021a53e15aed15e4c189a9774ec2b300f21f7f85ba7f497b4c2f82930142ce942dd753ec08c4ea6259a23162628ccf70edb2d39c2bda4cb336b4111cd041eaa79229ba76a845e04f12ecc3b4dbb4065f8
+	reseed counter = 1
+AdditionalInput = 049f414c3c348ab69b50f27aa7413434a8bc58476ec918a0370f7e10450a3c23
+** GENERATE (FIRST CALL):
+	V = c5ffeb6b6d8f5bfb2cb0d2f1e4fd13e91d7f9c50f4796ad08a44065b3ea8a1c6465a3d01adeec3ca84e5e2d4f09685942500b12a6cf6a10f7be8e661dbe150f234a790d332381c5a512624fe9dce6cdb8ce88495f1dd1463a4ffb3ce8a283a96d04da7e980903a17824b8d4a37190c
+	C = cf2bf7a66d1f5e2a7cca6e0b52bfc9b4f42218e02a815b61576982e93dc4f021a53e15aed15e4c189a9774ec2b300f21f7f85ba7f497b4c2f82930142ce942dd753ec08c4ea6259a23162628ccf70edb2d39c2bda4cb336b4111cd041eaa79229ba76a845e04f12ecc3b4dbb4065f8
+	reseed counter = 2
+AdditionalInput = 6e7228b61f2d69e4e7cdfe5f47b279a057575db0637f6831a73ee297a27d604e
+ReturnedBits = f05664a8504307e89576efdaa68d2cca13ab0ffeeeba28caaa40399ce4bab1481ffaf699a56e5daa661008b4e7ad80ac27e4c3b70fb34642231e5b1eb6b2a9db814929421941c239e5fcbf1b07d777a1a2103f41529e117df0fd72c4aaf4ae3cbe07dbfdb3448b243f85fdc9142e889dcd15df0de666e2308cd6899dc2f2997648afed69c0767f9ce8552dc00cac746e50303ae6fd4d50f2103e1e90ac23e041dc80794e30341d9fd74ccc5837336f9350dcf4527161d9b8380e35eff5178a3c
+** GENERATE (SECOND CALL):
+	V = 952be311daaeba25a97b40fd37bcdd9e11a1b5311efac631e1ad89447c6d91e7eb9852b07f4d0fe31f7d57c11bc694b61cf90cd2618e55d27412167608ca9560b8daa47059b7db62da86ac1074ba1e45c49d0465c791e6f83bb307e756f491955a3b66ee8c750609aef8a383f0f8e4
+	C = cf2bf7a66d1f5e2a7cca6e0b52bfc9b4f42218e02a815b61576982e93dc4f021a53e15aed15e4c189a9774ec2b300f21f7f85ba7f497b4c2f82930142ce942dd753ec08c4ea6259a23162628ccf70edb2d39c2bda4cb336b4111cd041eaa79229ba76a845e04f12ecc3b4dbb4065f8
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 3c412aa1bd31bc812de9452f6e77ec34a07f03f4ade63de31d9ec6d415b45c82
+Nonce = 5b8fb10ae9b0aefbfb8d9c458c6ea924
+PersonalizationString = 3ca16aae236c6d65c817e42d1f8349467179bb758958fa262e432afdea07eee6
+** INSTANTIATE:
+	V = 7955c13f5b99b1f9f80f825d4ce60b29a7fd38f28d0b906aa6389c2b95be861c62d2182fd5a9b40ae123d6bec21ba092ae7f3ee4268c80e92fe5ebcbe452a66ea67d27bed502f5e917a700826a4cadf5d4c8b1ea388df1351fc443035c3894082d881d1f9d97a615ca59c1e10be44d
+	C = 5e8085ec1406b8dd2e5372ad92e7f1da539a1fc997f4ba8348cf1728df209f43c8d6c695f9e5d24b55d19c478796d861559ebeb07cdea3449c2c842bf097373412edde885736ad5f7a8813f1c7905dc2774af7ace6da4054e70444680ce21f552debfa156878deb46787c21df456ff
+	reseed counter = 1
+EntropyInputReseed = 953133de56bb94e6144e71e4a806ea8a789ed148040a45b94ccfd79f503bfc82
+AdditionalInputReseed = c52f89aae6b8b20d206aadf54ba996476ac281f89266d29de57534bf2c46c384
+** RESEED:
+	V = 55a01b2d78bbe0583696ad0afa63b71b8a8c7e290eb136d7ebf94e2ca859e6b9e718241a264764cd7f090dc0a181481757d105c6619f7d79083707eed8cc44b3c5adb6bd8953c8f7180fe6c026828380b2aeb1f53c6f46dad1201b791499634c4e10522dbd88befbf5e098e1325656
+	C = 10cfb116617c97499967105f4433c15da792c6a7913b11c2a5caa2135dc13652283188a4f57f33caefcd630582d2d45f7fce6e8d8882ac1d0a6152f5a8c664d7c5905d11a581e88e1c0bd1f52f7496fb492a5a0bc3ed68aefd6309933e34807b29afb9056859b674c340a5544ae79e
+	reseed counter = 1
+AdditionalInput = 300bc7e5abd2a64070f083150069085b7aebcce45a3bf3989c7ff7212c3c0c53
+** GENERATE (FIRST CALL):
+	V = 666fcc43da3877a1cffdbd6a3e977879321f44d09fec489a91c3f040061b1d0c0f49acbf1bc698986ed670c624541c76d79f7453ea22299612985ae48192aa5c60f628f2237285ff6649fb9c663d9811c1d6e0a79b7e5736c6815d16907b39c7ba483f0871294171364c17cc80d477
+	C = 10cfb116617c97499967105f4433c15da792c6a7913b11c2a5caa2135dc13652283188a4f57f33caefcd630582d2d45f7fce6e8d8882ac1d0a6152f5a8c664d7c5905d11a581e88e1c0bd1f52f7496fb492a5a0bc3ed68aefd6309933e34807b29afb9056859b674c340a5544ae79e
+	reseed counter = 2
+AdditionalInput = 594ddc84ab01dc4bffb0135e9ccf0b3ecd152cded3adb18b9087f33dce58fb7d
+ReturnedBits = c64461f0d873bf5d2756e30be21ec3f32ca5275e5c25aec41734441f72d8a64009aabcda36b1b509c9a5051f93b51d32fba8eae9b4bae279c2933a08850e265aecb338326ab176c8f512e4425c9ef1e9df6a2cc9e3e676042c49998123d2db91b9e6c547c0cfceb2ce018cfc34bff43e183d742acb84814fb7bb9f1235b87a51e607146efd3eb8b1ca4a280d05c7a3ee351d35549516883adc3298704bd6ad9e934b0e6b21a1bd4c312ea3aad6d80d78775bca882a51d43f9789736013884016
+** GENERATE (SECOND CALL):
+	V = 773f7d5a3bb50eeb6964cdc982cb39d6d9b20b7831275a5d378e925363dc535e377b35641145cc635ea3d3cba726f0d6576de2e172a4d5b31cf9adda2a590fc797bcc2e48cc7a6186a87306a8823a76b3d34a1b177de3bfacc32f5d4ad77d4b6f1699b70cfa0117ed6969b3cb537f2
+	C = 10cfb116617c97499967105f4433c15da792c6a7913b11c2a5caa2135dc13652283188a4f57f33caefcd630582d2d45f7fce6e8d8882ac1d0a6152f5a8c664d7c5905d11a581e88e1c0bd1f52f7496fb492a5a0bc3ed68aefd6309933e34807b29afb9056859b674c340a5544ae79e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 5eb55daf4b82918dbd9169db0c68c58c0bb60c9526f9f7d3d719742e186676f7
+Nonce = 9a56b9f1846fa834056d2027072df0d1
+PersonalizationString = 98269bd1229b402387000b0862d6631af5eba774c4965cb4c747a7712c8d1c40
+** INSTANTIATE:
+	V = 591fd3069a62104a34c7b2c28b3fae9d34931a512e22c4756727f21a09290bfe51e27dfcd78fa78b282f33ab6412b780da020af753974debcd15208943a6f19911397086f1613eb7843aa93eed6abc614a238883c3250ae972f6bd1eb66685f48808866b438d77603e99cee416d62b
+	C = d96e68e92be5a6ab845ab8e0abc21883f0d77432c738897a5216746c2787c3040546c396b884b40cb4a0246312addd064790adaf6a02e15bd4b8a72869d80a0ed9b9ee93f5c063011749ae274dd5f42165dea41256349a7dfe9eefcc385cf619bb7eac2fea3727fc94a2c6a48be81b
+	reseed counter = 1
+EntropyInputReseed = 0316a31a0443a4f0ad67e8546ffd5099f29ef6fdc1e3074ca38c17941f2b28a3
+AdditionalInputReseed = e4c96e773a96c09e4ce9f09fc82e8a0a866efa2f08cd59f0fd03f169546748eb
+** RESEED:
+	V = 966155359cb9144061a524d6b60a5ded1a8c3671df0908375b2ca560c28450346bac434e75eb226a100b04cd0914ea4b598cc3badf5a87818b0c94b7752abd6b5c14408662c53f6b5afe52b4d27c17ef50027fd2176ffbb64ec84653f75f4288f7d5c5887951d9600291ce0b556f15
+	C = ded201a8b2bc4d1976972b60559e210874f24777f14151fa09047b3700249382ceb53c1b389f0e59d9a7f3f76a7b46e9db8a8e8705d7362f8c1ac32fee0af26211218f498eb9d499fca08e8f010fee3ee139cb72ca3f47d2d05c7649157f1cb3e35038e71e48bc900fc42e60a62611
+	reseed counter = 1
+AdditionalInput = f8c3ab18c753521eec745095c28fa53b7a55fad8b8c0ef0a8b8972863b24856f
+** GENERATE (FIRST CALL):
+	V = 753356de4f756159d83c50370ba87ef58f7e7de9d04a5a3164312097c2a8e3b73a617f69ae8a30c3e9b2f8c47390313535175241e531bdb1172757e76335b068b63492fd11dcfdca3726f91305ca1c11cde95b7020f187d4cc8c1800ab8c41ca1336d88d4db8d622771360ffd3d5a0
+	C = ded201a8b2bc4d1976972b60559e210874f24777f14151fa09047b3700249382ceb53c1b389f0e59d9a7f3f76a7b46e9db8a8e8705d7362f8c1ac32fee0af26211218f498eb9d499fca08e8f010fee3ee139cb72ca3f47d2d05c7649157f1cb3e35038e71e48bc900fc42e60a62611
+	reseed counter = 2
+AdditionalInput = 74aa6d95643d43d6cc376f5da3ca6529ddd8e5fb2d4933fc57da093f2b0f9b4f
+ReturnedBits = b8bf8cd978a45827d9a0f426d4dd3bf1453bb107b4a5bf80b23202356ff55a1f7fda87851092a008ed946b8fb7ba251900beb78c862ac24ec8f2f4d8c949ce60fa8300a316c49deb1c650f1643999c5ed0e1c90f4594365a4846e20e5082e49f6f2864e378637619641b27c536c94142204c282b115178e69b7eebc42c365307fff4d5d6e7e09febccca309cfae047710e2674e43d32bc8e08e111516c8b092a385652c4777ad7922ca670a06d4ff8f71bc2de0ce1362b866cbea471fc799c56
+** GENERATE (SECOND CALL):
+	V = 540558870231ae734ed37b9761469ffe0470c561c18bac2b6d359bcec2cd773a0916bb84e7293f1dc35aecbbde0b781f10a1e0c8eb08f3e0a3421b175140a3e6618817c7bea88a942c753b96f13fd49ebbf7adb4db8e8ea7f365bfb3c7034030a836fd7ec5cf948a74e3e7a0d4f66f
+	C = ded201a8b2bc4d1976972b60559e210874f24777f14151fa09047b3700249382ceb53c1b389f0e59d9a7f3f76a7b46e9db8a8e8705d7362f8c1ac32fee0af26211218f498eb9d499fca08e8f010fee3ee139cb72ca3f47d2d05c7649157f1cb3e35038e71e48bc900fc42e60a62611
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 11e749777387b9977f10df2fe41396117137abcef9e5f002cb0d7ec20f35918c
+Nonce = ed74eae237dbfda6748c4cccd3bbfefe
+PersonalizationString = 5f506a12673a3b858ec12458bebb9aee83642cc672c57feb1c2ce21e23e309ca
+** INSTANTIATE:
+	V = c5d7db0932014937c08427448e6ac330b6b4bc825c29036ca049c78170f8861b301c56ee83c0014b491f516db2f630429ad4cff8f0d7a52b6bbc01cabf908ab059eb0619ff9bb9d9e60a52559b22d80c87862bc410640aaba5dfb3efa37dc0126df7374f168d92140374d35a7a247d
+	C = a5ea22388582a395871790da7240baafddf10ef40a62e68579a198cd24808cf96a40a6f589623e105334c28cd612222d1b89afce9133e2f575e28fdb220edaff741e1b0b935f7b3e286417f6ba91469bc0529ec7645e0554b124ee0b69654a4e43db6af388e027ef517090c26d88da
+	reseed counter = 1
+EntropyInputReseed = 77c74fe2c19a3eee159a090bf51fb53dd9f4cbdcbbb0d6572c54ea73669efa48
+AdditionalInputReseed = 76da7286edefa3791bf175d1f622747cf5bddc62c5e03ce25c7f9c403446a667
+** RESEED:
+	V = b33271854ce9fd75908f3704d577ab66f8299dc5acbf82c4c03b537b299ec2e49ce44d3c2d4e602771c5d745fb524794be10756886b337c43c622bf1a6978e448b3a8649c6964d6e9fc193edda9757e62217e5b068d4003924db98c97f72e400dcf0102de247b88080b9c8632483d8
+	C = ad1c6553fdb0ed4b9e316879d4c84c9d3b339049045a6dc55b7338932ddb9e3151a49369d6c79a36474dd53bacc86a9ee159f0e4d41cdd2eb5e8554dc0e021d2bcc139a435265862181acaa7dfff9e9c77f08a7a874cd12fac4d230aa834f744546bd9a52afe2aaac15780914a4005
+	reseed counter = 1
+AdditionalInput = 1c205e04a553c9f737dea8d9cf64433637c213ecc48c1f01c87e89e29d14c619
+** GENERATE (FIRST CALL):
+	V = 604ed6d94a9aeac12ec09f7eaa3ff804335d2e0eb119f08a1bae8c0e577a6115ee88e0a60415fa5db913ac81a81ab2339f6a664d5ad014f2f24a813f6777b193ab1e3a6e8a44d0383d91b6a15b3278f4d4735c11e634e1fce993f8c051e1acbcc503899e9e59da36f848b94e7eb38d
+	C = ad1c6553fdb0ed4b9e316879d4c84c9d3b339049045a6dc55b7338932ddb9e3151a49369d6c79a36474dd53bacc86a9ee159f0e4d41cdd2eb5e8554dc0e021d2bcc139a435265862181acaa7dfff9e9c77f08a7a874cd12fac4d230aa834f744546bd9a52afe2aaac15780914a4005
+	reseed counter = 2
+AdditionalInput = 2286e7e53cb859f9f7f745f50bbc8f8ffb97d26043ee9669a9657fbceafd44ae
+ReturnedBits = 1bd7fcdbe41625490eabf5408889445010257b21d69bd44c088dd035c51334b28229392777168253bb5e739c57cf23e10526cba45aff10ce05d1d06692372a9ad0c27a1f7cdeb8c0c1be32174d53af3738789d23279310de24ca2e19853e9d4860347db8502b694ede979c57535c64905fa38a111925a53b11facb2178ad7aa05e7d1889dd032d765534a51e4d57c218f83236bfb8a2905c2a5353ce4d37fceed8e981c1f1f44f297d56b1ad4c6f14615982ced23fbdb4bce4e0e2bcfb744b58
+** GENERATE (SECOND CALL):
+	V = 0d6b3c2d484bd80cccf207f87f0844a16e90be57b5745e4f7721c4a18555ff47402d740fdadd9494006181bd54e31cd280c457322eecf221a832d68d2857d50b86a8629f665c30aa9a6765e6d949b3859adcd47f30ce8d092ed54e16dccd9034999661fb967fb35ca79ab00f7b1343
+	C = ad1c6553fdb0ed4b9e316879d4c84c9d3b339049045a6dc55b7338932ddb9e3151a49369d6c79a36474dd53bacc86a9ee159f0e4d41cdd2eb5e8554dc0e021d2bcc139a435265862181acaa7dfff9e9c77f08a7a874cd12fac4d230aa834f744546bd9a52afe2aaac15780914a4005
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = f45b2447c0a9c0eb76d9e9df68770eb7599ab6aa6561703edc4970a008e2874e
+Nonce = 29e0186f72ec51df704135e9636d731a
+PersonalizationString = 6a65a4f07cdaeb93c2fc2fe2698b4135fce6a1e167d1f40ec81427987fc571da
+** INSTANTIATE:
+	V = 467c9d3a6c9456de961881843045e3ecb0da52ab0e9aba2426987d551d07e3a056d7d844e93518cea04087225565775d3a41fb9e3385de19b9c4cf5aac03e6c8baf16fce83fc5c78e69696c199b86d83034fbd1681558f3cd94b273ee85cf26f2e9e29c0ff28c3cf58f1e57b0e1a78
+	C = 0f69ed30f5d950d4e29e955af1ec6ee0a40dfbf4e2754980563eb7b9f5e760c12a06cc509a3506a08268c15675c22a4e60eb0c34a64a81b6e860344e0e8e3ec84be729ad752f43affe78c275afd79424b446638790b03f7da95002f789dae5dd82c7327af7b1eb1c3fa9e7ad6279ac
+	reseed counter = 1
+EntropyInputReseed = 07b53f0491d177e8ec6857e61fefb384cc09697295776c2e4f7423bd94d0c17f
+AdditionalInputReseed = 03bde7373e2fdee8b4a7f02493a62018d4e726b227a212ac4e23b4effa8a023b
+** RESEED:
+	V = f95b92c6f5977ca82244b5b711728b2034b194ff8428af8721d142eeac1d6ab125318351a1448a2a6dcb66a23fd80040553057eb2401a8f8fd28cc20530f8f8c5071fe8c8ce9f869ae5cf06e80f5e63baf5a81697db607543c653ca7c7790248f93d9ecacb42ffa4b36fd964030b3e
+	C = d4637612b1308050bdf01a683c8041bf304a91c4a84793d7d7e2b8f7fef93958c1ae5cb54aac8c044d98b10c934f817908794b0b5f1542f80f6a2c2c681caee54743a0efa1d330add6fd1a443f262c9b3a3aac4b8a71bf3bef1869471aa182f5a6b2e6ccdfde5c7fa4a55936757de6
+	reseed counter = 1
+AdditionalInput = 9a4b4650db43fe11fa092c8cbbe6af6036bd7f36e006f19ba6a7b40f262fd866
+** GENERATE (FIRST CALL):
+	V = cdbf08d9a6c7fcf8e034d01f4df2ccdf64fc26c42c70435ef9b3fbe6ab16a409e6dfe006ebf1162ebb6417aed32781b95da9a2f68316ebf10c92f84cbb2c402a2d465ed092147bb09f29875a7bd29d69c4d563ce97bf09a0afbee5992a8e2c2e5d7b13294539a55cc00838cc863409
+	C = d4637612b1308050bdf01a683c8041bf304a91c4a84793d7d7e2b8f7fef93958c1ae5cb54aac8c044d98b10c934f817908794b0b5f1542f80f6a2c2c681caee54743a0efa1d330add6fd1a443f262c9b3a3aac4b8a71bf3bef1869471aa182f5a6b2e6ccdfde5c7fa4a55936757de6
+	reseed counter = 2
+AdditionalInput = 36eef0101a9a7a91f280d3f108166bde2938ebaea3c967a28d9d5882287bdb2e
+ReturnedBits = 12907fe4380f4d1332f5f9472fb8eeeb7200f8a04a360b746c9cf2a33d395cb8f33d2a2d3b9e98e1f8b180e2131bc92352e5d25ca57806c76770add956bcb843853b027315e87bb9cbc2522a49cd1dea49605180f331b641a28e2311314b0395534a9a73c1632a925b47c304bbd549ddd02e1717fd09057462fa3e78644c3df7dbfa28acc3ffe03f5ac79e81339f05423cc525f1e541b4f320163fb61a284c0d4c24c148d36fb892457f3537b9c835d0e61a0b2a8861f02b8bd55f25b0296fce
+** GENERATE (SECOND CALL):
+	V = a2227eec57f87d499e24ea878a730e9e9546b888d4b7d736d196b4deaa0fdd62a88e3cbc369da23308fcc8bb667703326622ee01e22c2ee91bfd24792348f0340c5d025dbb4168fa06518e39e65afb268315ab295f7fb776ffcf803474ec38a9a8195bd2c098c2fde75f4b4c1ded03
+	C = d4637612b1308050bdf01a683c8041bf304a91c4a84793d7d7e2b8f7fef93958c1ae5cb54aac8c044d98b10c934f817908794b0b5f1542f80f6a2c2c681caee54743a0efa1d330add6fd1a443f262c9b3a3aac4b8a71bf3bef1869471aa182f5a6b2e6ccdfde5c7fa4a55936757de6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 4d5a9c31c59e4e7d371ac7b26e0a23035c87ba01fe6d739170039f3787d29e6d
+Nonce = 666c3c837198c40508654f10aed7c62f
+PersonalizationString = a78dbce2974a8c529221630289921653c257753010c95d70c3a64953bc8ffc06
+** INSTANTIATE:
+	V = 1f5ff50a6d1bd181b2fcc6821194faed22dc3aadd0e01fa1c8498e0530b855babccc39f424adeb389c25cb1925598bcb009d12dc8d1e136d8e012a584a38367bf5a82535c71415c7ec98b3ac336345bc366d8f828dad61b231e937dcacecda25024ab9e199f9289f287a8adc5a25bf
+	C = 9ad88151bbab2a340a1f1503b8c97041d9dd56d39727920ef034fd7e722f1943ed34de8c739129c0c335da94a25b4aa9fc78ca4a75481a08a8e1f7f3d56a19de549f6ba0ee0783c13ae66ea94f4ec92d6f53d57b41b68faa384c6c50502f4152b358e089beb2caa6d18a260a91207a
+	reseed counter = 1
+EntropyInputReseed = 2295d141032eda1475f0ce5c741f7b13d61141817bad8d702b072e3927609cde
+AdditionalInputReseed = c0151683b918d2d06f940455fafd506b0f29549963ce11af96f683bb47c14577
+** RESEED:
+	V = 470d7f2f64f056ee1614871233f0432ccf9f4c8d0cceebc6893e80dd4e3413fda9d894cc2a68fbc3170d13e22c23da714b9c8de6edf0e95a2c417b77802fe9084f7430aa004515411c20421ef5d1edacc1d2197832083e5a612e4987a9619a85c4922ea288958e827a94b3f6eadde5
+	C = c56cd73114212fd79aba526d245b4c5ac4d574d332e7e85723e74c9a8ebd3ff1efaf77ceba31615faa930cfa7c9eef4950040023d49018d41a045971a5d4a03b6a0ad8737d6920d61f61091c69faa7111aa4283edfe1f7c415fc1a736d0e5f0aa7b259e86455d888f9b7a96e77583f
+	reseed counter = 1
+AdditionalInput = 2b4c3f2227bcd4c403963d703b0d34bc061b0b736822114faa304ede0649c028
+** GENERATE (FIRST CALL):
+	V = 0c7a5660791186c5b0ced97f584b8f879474c1603fb6d41dad25cd77dcf153ef99880c9ae49a5d22c1a020dca8c2c9ba9ba08e0ac281022e4645d4e92604898972a10a0c4345a4bd4c0cf135af53ecb64f868139883a43cafb8490f33f42db829427e123e01b613d289b3da0efede5
+	C = c56cd73114212fd79aba526d245b4c5ac4d574d332e7e85723e74c9a8ebd3ff1efaf77ceba31615faa930cfa7c9eef4950040023d49018d41a045971a5d4a03b6a0ad8737d6920d61f61091c69faa7111aa4283edfe1f7c415fc1a736d0e5f0aa7b259e86455d888f9b7a96e77583f
+	reseed counter = 2
+AdditionalInput = 20783f0860100f1d9ebfda92b494978ce2d5fb83688edce52882496bbcf36bc3
+ReturnedBits = d0c491c6cd80e1d521a470d1431ce45b760dceaecc2f4731d4d49506e5394267f893bd9f2e3667fb17cf4aaedc44b9e9d7dc11280133a70da7090573ced1aa3cacfedf9a668048be2fe348750c2b2b209234eacb56866d3ec5f2e83318388ca5f79a7474490b30ded17be335200dac2c686afeeced611c748b541003db9f53721e1538edc1c02773e3aed8e283dd23595a606973291a6895d30db8868cfa882898a443d70abd372ad54b47654f8966f926eb9c2c00f09b9958536b1cb561adea
+** GENERATE (SECOND CALL):
+	V = d1e72d918d32b69d4b892bec7ca6dbe2594a3633729ebc74d10d1a126bae93e1893784699ecbbe826c332dd72561b903eba48e2e97111b02604a2e5acbd92ae6cac734f23cd6c8baec9355940768d8d6713b0812f0a67b386ed9060ee659082fe433f74d5c807ca7bfa46d21982bdc
+	C = c56cd73114212fd79aba526d245b4c5ac4d574d332e7e85723e74c9a8ebd3ff1efaf77ceba31615faa930cfa7c9eef4950040023d49018d41a045971a5d4a03b6a0ad8737d6920d61f61091c69faa7111aa4283edfe1f7c415fc1a736d0e5f0aa7b259e86455d888f9b7a96e77583f
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 39855f44ea3b66b88ebdde9c1ae8dc9e0ed34213669781856be8a51446b90ad0
+Nonce = e75bb1d7a41b2fdb7bed4d9f795ab2b2
+PersonalizationString = a196062c2f86e89ce7dcf5cf14f0f770464284629440b9738a2fa8f6f1556513
+** INSTANTIATE:
+	V = e02b7cffaff91ead9f25de31c5ea5ce400d4ea9308c8193b4f1f2f42394658e5f48f83acc9d4951ca7b98a34fa9383eac2d6b5ff81c73b2e92d901bbe94c91933e448e90a0a6f16e1a1306b0b4ec3a2ebe9c991b7e629fd9627e5ea5f4d0ce09e873c132e0721b72586831252458f5
+	C = a1e8fe054a1c5a8576eb4ffa1e533497fb4ddc3948a89acd8cbdaba38662aaa93cb51ff4005e932e2fece5c2231bef08de19a5b7405086106605c76c77931d3116514553595d211d407f3ae9d9af66128bbcdd45b5f8367d7ce11e886732435f0756f542b77472679da10184c70a65
+	reseed counter = 1
+EntropyInputReseed = b4d8eae968e044cf12330d4f12a0003944b7a7597feb78dcd039867877fb8e35
+AdditionalInputReseed = a740f14731f9fd6daf9938f32b601148d73e80b2ad43e86c4568011df39eaeed
+** RESEED:
+	V = b31c5e49bdebe2c844101834b586331a1fbf57eeb157d18338d4ef905db7e9466a7f5945a047176915cb055ee94476500cbc0aa4c6985865fa4a4275b6c3d2406635371f2241e44a0d8e0d5e3bc12f8ffb94d90d3d37d8867da0203f8b9fc248da2c0116f215b195fafb030a3d9379
+	C = ad613acfe34e65d54cb8d292b67c4c4da0432c29774518c98e9a464ad227182f0ebefc464cbb50e2ac1b2e037156bce362b10fb08c72053a773981bbd20882ef130e33c2964f09bc604656ce269e8a5e48f40d1bffedba539788c379111d06ec24541dd5b6953c02c2ee096e313290
+	reseed counter = 1
+AdditionalInput = f6d8554af65629f79b0520179cf4f48cdc1232f547c7be3bdb25d22f65498a1e
+** GENERATE (FIRST CALL):
+	V = 607d9919a13a489d90c8eac76c027f67c0028418289cea4cc76f35db2fdf0175793e558bed02684bc1e633625a9b33336f6d1a55530a5da07183c43188cc55722399c4085d76932c1efae54e8bb810f073a5a1c62ae8642d74553ad4136e267300ca1d3d1f607c233ac2addf025755
+	C = ad613acfe34e65d54cb8d292b67c4c4da0432c29774518c98e9a464ad227182f0ebefc464cbb50e2ac1b2e037156bce362b10fb08c72053a773981bbd20882ef130e33c2964f09bc604656ce269e8a5e48f40d1bffedba539788c379111d06ec24541dd5b6953c02c2ee096e313290
+	reseed counter = 2
+AdditionalInput = c925e1317b64b1b64838a711307baf62b1fd574b6d5ea7810f635a313eeaa3a8
+ReturnedBits = 48445eaf1d608b11975c9aff1455cf30b7cfe8fc834a6a65c77faf77d41216b3ce7efa41125dac64620e893fb45aeb59de152a908136a333913c5fbe182b5e3e06babbc3a64f8efe96e1346c32b883cb09eac794162d4e7c7f3e8a67b5adf6c08b38ab6aeca1528cf3a719a131207c35de1be891116aae10102dfad0c4189302a30568e15a535ed1401aa428cd0f3f99c1ec3ca1a8712dd9ad87719df92d0e281baf90643e362b688a679720340263e0df0c0d10acb3fd352f1eba78391bd3df
+** GENERATE (SECOND CALL):
+	V = 0dded3e98488ae72dd81bd5a227ecbb56045b0419fe2031656097c26020619a487fd51d239bdb92e6e016165cbf1f016d21e2a05df7c62dae8bd45ed5ad4da16a4386eac5a3c5d7f707ab2e29d25274c22d6c53234885d6de79a9c419bdaf11820f8a33bec7c646d6c05cb173a1c66
+	C = ad613acfe34e65d54cb8d292b67c4c4da0432c29774518c98e9a464ad227182f0ebefc464cbb50e2ac1b2e037156bce362b10fb08c72053a773981bbd20882ef130e33c2964f09bc604656ce269e8a5e48f40d1bffedba539788c379111d06ec24541dd5b6953c02c2ee096e313290
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = bcac662c65a444940e97332b0ceef0f17800d6daf9d511cfc5cc354dc571cb12
+Nonce = efdfbe0f79e488977fd396993e7c6f56
+PersonalizationString = 3bc91131cf3246e55a03a7616ca140da51c1b520b4cb006dece74e16267df865
+** INSTANTIATE:
+	V = aa1c5a6063ee9a6ffd8d3a5d816bb8b82dd018ec449167eb71aa0d1e2c9b1589d48cb705bb013f301a28c58f5f6fe5f1cf01747516f772de6d3b8460dd44fd0c50de35eb7096df5dcacb9b7589883ae69dfa3dceab91f2faed9a67665c9cefdb2da1f89e13c1ef4cf705332c4be5ab
+	C = a51845137c817cb73801429ceeac23a26976c0e695336298b814f6c36051ef7e355ed78be9d672af88af5af2ffb159c9dd004de44b1d7987611ce14dcd1b8da00e96677e58618ed460cf5d4ce450381dac2517fb0e43ceea8b1cd7f8a74229b71a664296fc321091e65d71891bfa48
+	reseed counter = 1
+EntropyInputReseed = 6ae81e99cf4e59b06dd4000aa2c07b6a3aa0c51a9a5cf629dc4bd5b81706413a
+AdditionalInputReseed = a5b525c09e121aaeefc41ec4e19a518edfd5755f16d80710a333aaa52b0ad20e
+** RESEED:
+	V = b7700265b2bbd404c253bce4f23677faba1a207f7210b5f658bd378fbec9c3bc0b0f9976371869698473b0e5ea2eebe6a31518618867523e10c007098f76914880290975d9287eacb661ac4cb803cd24b4a483379db0fb5c0e7fa9e8bb8867b558394cbb9adef3153be2195d6627a3
+	C = ac6d47d71187df1137f33e3841cb1c9a93d89610aedf41a61655bc5d20473b262079d2d3b3cfbefea8b8f097c33cfcbe995f5000c0baf61da2b3d0c1e2cd979b229a25eb2a59e77efe9f74329ac84b56ff092d2605b0db6d22168cd00d6883684d532eae31ba9a993b78747dac873d
+	reseed counter = 1
+AdditionalInput = 5a1e853098329a7b53470152fe1b5c11c60f8b0c0683970599eb90d63f6f3d88
+** GENERATE (FIRST CALL):
+	V = 63dd4a3cc443b315fa46fb1d340194954df2b69020eff79c6f12f3ecdf10fee22b896c49eae828682d2ca17dad6be8a53c7468624922485bb373d7cb724429d53ebfc7726ae17d6f99a9a3aa5d8a185003b6264c5cbf9ac8a2f868176d9c297675ece9f845233d822f645487855b8f
+	C = ac6d47d71187df1137f33e3841cb1c9a93d89610aedf41a61655bc5d20473b262079d2d3b3cfbefea8b8f097c33cfcbe995f5000c0baf61da2b3d0c1e2cd979b229a25eb2a59e77efe9f74329ac84b56ff092d2605b0db6d22168cd00d6883684d532eae31ba9a993b78747dac873d
+	reseed counter = 2
+AdditionalInput = 07420543a4938f9e5b3ad6ba70c99aef9e575aefeff3e39fcaa8343f56dc62a5
+ReturnedBits = 764c27b34f50e5d3950895fa8f36c12f3c4be8b2f1718b85bc50b08c98e7d46fb5279ed3cc73b7688b4682e25c35b0ebe0306a8384da405903e7871cbc97ee65614a2259bc1ca092d0bdefdfb24470a98712ee30cb7e95751ef547d8080b76f83d25614d4f5094070d70e13400ca7b67c7a18db18cae2295d6f1dd9bce1073151f7b02a331b37b855e1693ff5bd6dfca451e04f11e94209b817f595f5da32b5f8b861ca8111d3fcee3ae3fe4c9d643b0b302a3dc17176756525174c4691ca91e
+** GENERATE (SECOND CALL):
+	V = 104a9213d5cb9227323a395575ccb12fe1cb4ca0cfcf39428568b049ff583a084c033f1d9eb7e766d5e5921570a8e563d5d3b86309dd3e795627a88d5511c24c29ce042256c61719d0b5b41405687e50400c04efb9a7de42ea836e9b933cde12a13dbf90dcc4285a7b88d687e2a9d5
+	C = ac6d47d71187df1137f33e3841cb1c9a93d89610aedf41a61655bc5d20473b262079d2d3b3cfbefea8b8f097c33cfcbe995f5000c0baf61da2b3d0c1e2cd979b229a25eb2a59e77efe9f74329ac84b56ff092d2605b0db6d22168cd00d6883684d532eae31ba9a993b78747dac873d
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 046194afd40e1c6bb44022175e22617193f749c43fb05f031520f74f9e386e7d
+Nonce = 055f55252c2f04bdfd950cf829cf1f08
+PersonalizationString = b2d329914633ece09d0d38e37483d4d31fbfeb581849c69f95d3e7d8fbcd0ae2
+** INSTANTIATE:
+	V = e6ef6947dec29374e8823ceeda19f5a8b06129aec0909198ebbf9e67f35c2127fae01cd956f0ba7272e97847af912631b67be520f925e811436544127b92f8e36db33790a7dd1751e19fad4b98a94675db4d6d5bf0d0a88a0735947bc6e9c2f314c458e630a16dbd8ede67418f7012
+	C = 119446c96587fd49b82844825b05720765d20d3798a30c6f6186f282ac0e1bb1b11dbb7f31a7ac1fe1d27592357ad29d73c060cec7e7f61a736e363e79710d38037e642c06ed744c0e053d74568a6b6c75196c7e6369a996e2afcb1b4a2e24437d9d2c04dba57cdf618f23b6297215
+	reseed counter = 1
+EntropyInputReseed = 7516e7cf38a134d210cdb868772788cad6277a052a3ef8282e693509a9f2d585
+AdditionalInputReseed = 8c258848821ff10bb44bdaa7dad48772d294da2805f55020867bfe3773c27060
+** RESEED:
+	V = 53cdc44805c21d60e499be81841f646712715d4c8aa2d7ee60b786eea8199f9aa31d1d07bd51dfd0d79ce540bdf13a8cad08d33ff7ede0fbd49ea3e06a38452a7861816a2a02b165a73515067d4e8f023d319955fb3327d234d5cb91a3c2298be7a663c199e9076fb6838cdfacdac4
+	C = bce39268d99f42959fe1674067e7d50732e52544545e3f47e5cf6bd0cf25da1044a2b8b6f7c472a4f8f3361ca44acb7c04befeda5ef21c419f306ddcc1e9191628f5554e4154ed2ce44325ce1753e5162d5cead30d50925459093125081e000c35108aea977f0a0dba88b601edaaef
+	reseed counter = 1
+AdditionalInput = db7d5d853dc680644add62cb35a9bf763874633e4d48e52110c3f580c3d3216e
+** GENERATE (FIRST CALL):
+	V = 10b156b0df615ff6847b25c1ec07396e45568290df0117364686f2bf773f79aae7bfd5beb5165275d0901b5d623c0608b1c7d21a56dffd3d73cf11bd2c215ed489619ddea527063addee8fbeefd14c66a5f0b0959776ebe587e0176565d751123b0738b6293f3c9a4fefc8890fe581
+	C = bce39268d99f42959fe1674067e7d50732e52544545e3f47e5cf6bd0cf25da1044a2b8b6f7c472a4f8f3361ca44acb7c04befeda5ef21c419f306ddcc1e9191628f5554e4154ed2ce44325ce1753e5162d5cead30d50925459093125081e000c35108aea977f0a0dba88b601edaaef
+	reseed counter = 2
+AdditionalInput = 6192a40e5f1f59c8299140fd1fa4f1d33cd88b8f04f8c0486862c944c737ea10
+ReturnedBits = b49a50335bf288d899fe255f07074e677aa814a0a5f129a6aed29bec947114c99e0772d35cd271c0a591536d1e1dadaf104acbc34ec744b3c6d77da809d0a3b88788c958bc54ac8f42548fd11b2722651e8188ea4300bef613a323c71bac55ae0570fba7eed2ec6488c8fce629923842ae285dd2762468555acc01e2e16f47c3b2df092707633db6e55d7ef02ca8e7f30e063c0bed3fefd70f5cefb7f55d471538a320c33a7e0618f3f80cbc95f83eff26573ca79ce4eb74fd153a013b3fb771
+** GENERATE (SECOND CALL):
+	V = cd94e919b900a28c245c8d0253ef0e75783ba7d5335f567e2c565e90466553bb2c628e75acdac51ac983517a0686d184b686d0f4b5d2197f12ff7f99ee0a78d1a7950711840d342bd48e03cae3a75052d7be6c174ffea10f8188a812593c3a61edfa5c3143e267ce32ba281ec7b1ce
+	C = bce39268d99f42959fe1674067e7d50732e52544545e3f47e5cf6bd0cf25da1044a2b8b6f7c472a4f8f3361ca44acb7c04befeda5ef21c419f306ddcc1e9191628f5554e4154ed2ce44325ce1753e5162d5cead30d50925459093125081e000c35108aea977f0a0dba88b601edaaef
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 04b066c5b6427298762341a83dc69d8713a7b06459f50bbef8a0682fac963b2a
+Nonce = 3c7088ec7714929303c467683c13052c
+PersonalizationString = 16e884f11d41a5cf0750f94928ca79fd90ca3f5a7601e525c1f7cf331177a69b
+** INSTANTIATE:
+	V = 46b87203ae3e64e89893289b904887d3ea91bbf9b5a85c2b3b9a4bc14dfebe465209911b742752433453ff2f6bba55ceab868f863b2bd940a2e49f552b16ce23708f1dbccb46bf358d99634e181d8300ac685d067e2cfd106a003151248001836d458d797a4ad2b505cc75538e1f59
+	C = 4a3eec5b1b771304f36db9413cfc7e8c191440dbd518b4e308b18f030cedbf5624053cc37a4c91fce6075d95b47c9b98df711d8c65ec53f7e133228b9629a00bdd5079e66bd8beea44b0f0e41fc250c4bac8115aa8a37b9ce37bd97149ce80600064472cce5f4e8e83d5e958865706
+	reseed counter = 1
+EntropyInputReseed = eb19b9e7f82e11963fbeb2d478931a487e61d9487ec9caff7ec3a360971fe751
+AdditionalInputReseed = af7e2eb000f51bf6fa321f0491f84f753c20e8e23831b1a7c52efb05a37a0222
+** RESEED:
+	V = 45c0db5b5d93dcbd4f4fc2479ef507519e211e74f84d489543e0922e84a23cf4aefc40860a14c132e0f6e21425609b3e19d805a44b031d5ef144130ca296cc60067eb710aca919d214284fd2db9cca652d6a62af140c4d9b401e19eeee36930d3bac0152adc00ebd8a0e7c10df3f86
+	C = d1fbb5e2871f80eb0bc61f9b21d0e0d8454433b2cda4565f4c621e8cf3209de14770bdb9448761d428fa502f8574b2a569b7e0ee333a196cff6b1f259a09a961eb61ef289be8b02f03ec61c26babb0a8b2bdec2956d6f4e6bdebb992e27954c0a693df2f041bffcf2d15cdcc7bf70d
+	reseed counter = 1
+AdditionalInput = 1574e2c2ed2d1a5ab5a19ee7527d79b19f9efd80da5734752c22cf37d0d1577c
+** GENERATE (FIRST CALL):
+	V = 17bc913de4b35da85b15e1e2c0c5e829e3655227c5f19ef49042b0bb77c2dad5f66cfe3f4e9c230709f13243aad54de3838fe6927e3d36cbf0af32323ca0773254810d7b6325e5e4ac523f8dbd71fcae919f9e4e37e31fbe162a4e0b51a12eabf27b9ad106a80f930b0a379bd00718
+	C = d1fbb5e2871f80eb0bc61f9b21d0e0d8454433b2cda4565f4c621e8cf3209de14770bdb9448761d428fa502f8574b2a569b7e0ee333a196cff6b1f259a09a961eb61ef289be8b02f03ec61c26babb0a8b2bdec2956d6f4e6bdebb992e27954c0a693df2f041bffcf2d15cdcc7bf70d
+	reseed counter = 2
+AdditionalInput = a7545fe8f32d4036c164783fbc327f36eafbcc24afc88b176c99406777da0f53
+ReturnedBits = f00b2c09f9ef0253c08f84e07776a35fb88bede970b96529b2a269e4e88d094f78a09382f5bff5c928e48937d6b78a379c687ec32e5a3d6fc272f698b124296ad0d113aa133aacc70e4c83244d28d4ea2815b55de1b71010faaae6dee76d449afce4b7f85d540287c635639db50e9fdd141114eca7fc76d57eda87977b91f3aaf7e1e94ca0544304875277f932adf2dc562d17cce5f12d438fb8a747639124a80f2a0ec0794d780cbea81124705b294677a76adbfecf3d2264b9990915d2e9a7
+** GENERATE (SECOND CALL):
+	V = e9b847206bd2de9366dc017de296c90228a985da9395f553dca4cf486ae378b73dddbbf8932384db32eb8273304a0088ed47c780b1775038f01a5157d6aa215f56ac50343f8ccc2316e2dd3ef3eccad0e7cf7a7ab8154169194bb44c0f466a5621d43104813575572f1d08ad614629
+	C = d1fbb5e2871f80eb0bc61f9b21d0e0d8454433b2cda4565f4c621e8cf3209de14770bdb9448761d428fa502f8574b2a569b7e0ee333a196cff6b1f259a09a961eb61ef289be8b02f03ec61c26babb0a8b2bdec2956d6f4e6bdebb992e27954c0a693df2f041bffcf2d15cdcc7bf70d
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 5dfff808bc0c2af0a7ba25423dbe7cf10db531b9de357829b75bd1365d1a48da
+Nonce = 815f9caeae95aec8bfca1592ef97eff5
+PersonalizationString = a5933e51ce9fb2342aa5a3a41a55401beb5c8cf19f2f94556c4a17a3f5043a3d
+** INSTANTIATE:
+	V = b7224617a394a97802d9c1333b316c325f4616ce908dbeaa9de287cbc0c2c6c41240e566987dc4b51c621e361c3e4e8ac80ab8a240dedab27c88949afa9eea8edda96200df34e3a14f36e2da149e74163092be3384d5965197fae481843a807d4a7b5c54ceee291175360a91faf284
+	C = 689728d3d55c16c220f2122f2bcfa9ad8adf2d7475ee150258a5eb277c3369c0a8a5c188601e039d0c95835d25d161187fed49fd42261c2eedac067d7d84d594ade0c8f67c4abd8f3e2a0dc27b6f7f9e059fe8bb937cb391ef753a389fd82db7076ad025b9afaf64e829e057720577
+	reseed counter = 1
+EntropyInputReseed = bfc4e61b92146cd6dcdb42dfd80c289e55f3599093ad4961d13c09fda6e55e5c
+AdditionalInputReseed = 1bd3231114f11415ff34d071159a0423535f69ee5b895a77d178bbffddac774c
+** RESEED:
+	V = 7e251addc051c461c62e9de0b96f02da100f3db997e3dd6a0a981398797b5210ad8a1a681083c3286dad80978849ea8b07bab5af7e3cc74c203ae2c3c7ee445f794a6599b1da47c4c6e75fd8f69192c3432c2d6a496a6491bd145459c23e9ddb6c9bec1b410ddb82860fe898284112
+	C = 1e5e5213f51416e1091994d50454e186625670d2e10d72e3e1a81aded5977ff57fded76a61a2ea1498591f0a6a3319ac7ca7ac77c5346df49371e0e6f7b16b6f93a065c88f18051bb39bb4f2bcb9df666d77b817e425c92eb9ff80d00f7162d8886a31681d308ac1b5713b4b18a6cc
+	reseed counter = 1
+AdditionalInput = fc09612f7cb6244f3245bc996e6c96ff7493694b30a7cfc5b0f669c95e7a6b5b
+** GENERATE (FIRST CALL):
+	V = 9c836cf1b565db42cf4832b5bdc3e4607265ae8c78f1504dec402e774f12d2062d68f1d27226ad3d06069fa1f27d04378462622743713540b3acc3aabf9fb0b043f23af2f798086f48617023c33a798a41c3643a7640468eda0519a9b54485acf4c14e63bc25816e40ffbbfebe0394
+	C = 1e5e5213f51416e1091994d50454e186625670d2e10d72e3e1a81aded5977ff57fded76a61a2ea1498591f0a6a3319ac7ca7ac77c5346df49371e0e6f7b16b6f93a065c88f18051bb39bb4f2bcb9df666d77b817e425c92eb9ff80d00f7162d8886a31681d308ac1b5713b4b18a6cc
+	reseed counter = 2
+AdditionalInput = e21bbf0ea30d095b23fbfb32e465c1682b538a69215156f8ac02a9ad49f00714
+ReturnedBits = 5d00f24a6dd8b3259127aa2f1650d71abe16d416738a36a8d47576f9cbfb435f3702733378073bfd9369a4de8870e06c79dcefcacb2074e56b8c4a16f950e3b00b4e66ff73f7736378e64b6447084dbb9fe75c6f19170a45bf46c73e8e96b1cf9ab0da5d894c190fb22e48b2d3e884fa7ba30b523be30ecda834688af4278ceaeb1cbe1c6ac97eb6bfccddd4982d59bea01c593d8621615a11a48edc60abf9a2861fcda9d42633de2688bb19886931bd1bf21fe74f32ffe35c32706a9ba4ea41
+** GENERATE (SECOND CALL):
+	V = bae1bf05aa79f223d861c78ac218c5e6d4bc1f5f59fec331cde8495624aa51fbad47c93cd3c997519e5fbeac5cb01de4010a0e9f08a5a335471ea491b7511cc56aa2100c89b3fc5208ec40600ffe02b88bda9497078dfe2c9b802cf02e80e231bbd4be2aaef0a43443972ab8bd07e9
+	C = 1e5e5213f51416e1091994d50454e186625670d2e10d72e3e1a81aded5977ff57fded76a61a2ea1498591f0a6a3319ac7ca7ac77c5346df49371e0e6f7b16b6f93a065c88f18051bb39bb4f2bcb9df666d77b817e425c92eb9ff80d00f7162d8886a31681d308ac1b5713b4b18a6cc
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 2ec77f6835193b0c29d939384ebf391bd9361c5558a1ff404e405d78511f0b6d
+Nonce = f98a6edfe416ad234731b436a213ddf9
+PersonalizationString = dc88e59fd38ebe8e17fff0469e8e177c7219ba25cefea84b85f33cb15883afa9
+** INSTANTIATE:
+	V = 513d10190b94ccb76f88a545b922241e41fda62eda1f8d182547068c6f7f27c7102881f01746a1ddd3c3d3712ce7e693e59eac066f3c94fee0687fb7c96b2eec15e947fbe4b919366a92a9c0826b5fccd8c6e69854d1beb9e7c51246c22abc91979ce3b0ad9c0abc5f3ae963643a84
+	C = c5bb9b1c30a953bbe06135c662188de6133ba470e8d41eae9dd25b074577af52935e02752da08c7d3b1a335394cff8997f45cc370bba11c052d6f1d985fd4f3ac26901c94feddebb9536920d077943a87d3c30633f307fadf147283093a37d04d47a136f5152e9dcc238edd12c03f0
+	reseed counter = 1
+EntropyInputReseed = be5951ef10deed5aed79d820de681402e7e312eb0bf89824de3a52d521f7570d
+AdditionalInputReseed = 33cd5272d507f9e54c940892b35f37df968a884f9998e911427a1ee08c540447
+** RESEED:
+	V = 68b073fac054e5ac7b467aa41e353194db16d94f4a76ff2e4d4049053dd673235f588343ebee075726586912c428ee4cfcf0841fc7758cc0181d054774a71ea83e7b0abf77c29df175041e9addb3a327834c87b6f2f6474d75990fb8aef68384e3a624ed49b412b07a045839528a3a
+	C = 169cb7edef572d6b221be517543218ced44cc89978b7ef4525d18313ad262ec741844a15bed05f60977de6eb6f83662c0943524b188e5bcb5ca6bf7dadfe55d5336e0f4ebdf5c09b468bfd92d444097ee3cf65d2e5c34e04fb94ac28d278197451efc322b8f130953206ea5745a349
+	reseed counter = 1
+AdditionalInput = c66536f21cb947bd7e635272df666bf02c9df4b9fab504d36551c914f8d055a8
+** GENERATE (FIRST CALL):
+	V = 7f4d2be8afac13179d625fbb72674a63af63a1e8c32eee737311cc18eafca1eaa0dccd59aabe66b7bdd64ffe33ac54790633d66ae003e88b74c3c4c522a575569e26e7a773aece6c076756298c28e504eddfbb436bf2cbb4252ef0c361f05c5065b32b6aecc8dec8929f08822875d2
+	C = 169cb7edef572d6b221be517543218ced44cc89978b7ef4525d18313ad262ec741844a15bed05f60977de6eb6f83662c0943524b188e5bcb5ca6bf7dadfe55d5336e0f4ebdf5c09b468bfd92d444097ee3cf65d2e5c34e04fb94ac28d278197451efc322b8f130953206ea5745a349
+	reseed counter = 2
+AdditionalInput = a27df065f08268be514b2eda2b0236baa257583d9e4bda9059c9072e6b0e4b14
+ReturnedBits = 3fd9d3090102762ad3151cf65318773dd845ebd15370811224bb6c66e719e90b4380f9014272216c1b1be645c921839da8554088aadf852327d4604cb229fa85d95b6bed604a4dd2620c25223cfac3feab74513fa1b78758500dbc137b88e509b185dab88c7e966c2023b2b9f550d4efde5863b88ef1d03c5db33d18870129584ebd16781ea8c0006b8909a953499b37b861d6addaad93510ca4ddfee94e038770752992c749e4cd8c6acd4e33aab1ff6aa5371a427c98e8a365506910a1b82b
+** GENERATE (SECOND CALL):
+	V = 95e9e3d69f034082bf7e44d2c699633283b06a823be6ddb898e34f2c9822d0b1e261176f698ec618555436e9a32fbaa50f7728b5f8924456d16a8442d0a3cceda5f871ce158550e70ed0e99051e8b05c301d96e72c33d1ae72180f18e2f35127c269234eaa0ac5564bfcbc954a02e1
+	C = 169cb7edef572d6b221be517543218ced44cc89978b7ef4525d18313ad262ec741844a15bed05f60977de6eb6f83662c0943524b188e5bcb5ca6bf7dadfe55d5336e0f4ebdf5c09b468bfd92d444097ee3cf65d2e5c34e04fb94ac28d278197451efc322b8f130953206ea5745a349
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = eb16eaef9616d415fea6d6947fa53992c8e1133f9f88d4ea59a0a860a2757bf9
+Nonce = 8f4784b738e1294a4c3e5c9ef6924f31
+PersonalizationString = 25a429083b7f8f5d74999ac0fdf0e79c7f8a1351d49b8204205c6804b4f424c6
+** INSTANTIATE:
+	V = 72d75ee8e9d2ad33ae8b1aab8c28800fbae03ab03bfd31195f54adc3715d2c8d62029b6543e4be2754192d060a64ab138e7e5e2ec41289e3b4a7235b2ca3ca7d5d85f7d97bf4b0eb3391efa889e394eb8c606d5e33b7fe54f3a098f01543821ffbf5d92ddd2b89da0e5f29f9ae75d7
+	C = c5d32be9b7561d4ee9efd5e36733f31dd3ae30e9c59ead0ac6592c186ae4d1c12d8d901f5a86372efa94a92e3289102dc9a7d11db6dd00ce154a77cee7e7f8510dfbdb4e4d3ec850aced32e9df6557243861e557f9829c4a8e55f0e9db81825d41adba8596e752a2f7782246afb318
+	reseed counter = 1
+EntropyInputReseed = 655fc827c32a2c407df183e2873a423df0bfee96807136122dc7afe4281c66b4
+AdditionalInputReseed = 120d95c112c58347649b02946f38ad9ab60e3897d779f90c6066ca9e1268b7dd
+** RESEED:
+	V = fa08cc56538429846c98d356b289ef09bf811d300273f9e663242d62464ca89c0c46c1999d283d9dab99c22d8766e092fc3e0ef9b0b9651d3daba13f1446f648eb45c7c5cabade739fd69d6d3f0a1147150817f296c763ae3330eca4fb4515f3d6525043e3bf2f016a806d3ba197c8
+	C = df8080d0ca9cfa9a776a5a4d3db80fa7878f9adff7b6981670021148e77703f0c5754503c416f1c603560863ae7b3baba6bc86db9234d4bd280e657f3e23323df0b44ec144f3c735be5aa95143e74cb0e53247e3add13a071d46ebada05af793cf72f285085da35cb3778d7b4e954d
+	reseed counter = 1
+AdditionalInput = 748f6d38a6f6e9bf1ad80d3b67e977a08dfa02762c2fbbaf66e2ff84d3681a36
+** GENERATE (FIRST CALL):
+	V = d9894d271e21241ee4032da3f041feb14710b80ffa2a91fcd3263eab2dc3ac8cd1bc069d613f2f63aeefca9135e21c3ea2fa95d542ee39da65ba06be526a29a9a48a1662eb64b13ec7e57d02019a175215ccbf39086a435743cfab085a5a4f8874cf580c7fa23e2b6159afb98fdaa0
+	C = df8080d0ca9cfa9a776a5a4d3db80fa7878f9adff7b6981670021148e77703f0c5754503c416f1c603560863ae7b3baba6bc86db9234d4bd280e657f3e23323df0b44ec144f3c735be5aa95143e74cb0e53247e3add13a071d46ebada05af793cf72f285085da35cb3778d7b4e954d
+	reseed counter = 2
+AdditionalInput = 8bddb28f4a17a712ca93a3ffdb32cf58ddf5e57267d6977f62ad613e57397077
+ReturnedBits = ab5bc292b30130a37ba979749276261a58d2fdf26f357419904c4457e4f97fb261de3f239ff5289d30bb0d0ea2ff45f00a612970ae27956d4b74b0438caec70c97edba27405663cdc6e82c08d912792889d3ba584862af212620bd4f254a1e09bf458f84e7230ab5ff0bcb271edfff3dab7cbdcd8b362c33a8db9bec9c8fc674923e23f839fb6f4a790544f81527cc71a7f8327c2a0b0b400c7c064d64b9c7a300d708fb82c7c0ae6da27f093fb1261802c0b6761a0ed6b6d3cdb90878e54b1f
+** GENERATE (SECOND CALL):
+	V = b909cdf7e8be1eb95b6d87f12dfa0e58cea052eff1e12a1343284ff4153ab07d97314ba125562129b245d2f4e45d57ea49b71cb0d5230e978dc86c3d908d5d20f583ef60a5edafa1a1726febd10d06e56a93eab4ed507dee18a09470760e4f03f3d8c5d363a4bd15cacf4d1d288a35
+	C = df8080d0ca9cfa9a776a5a4d3db80fa7878f9adff7b6981670021148e77703f0c5754503c416f1c603560863ae7b3baba6bc86db9234d4bd280e657f3e23323df0b44ec144f3c735be5aa95143e74cb0e53247e3add13a071d46ebada05af793cf72f285085da35cb3778d7b4e954d
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 6294f06a45fafa58eebe0f237c5f6423ad6ed10ef3315339bd7816b5b3f2675f
+Nonce = 1e2bf057781e031e9108f52172d68a30
+PersonalizationString = 
+** INSTANTIATE:
+	V = ed33a39d30fcc67722511e8f9cffa94c8e161a11f7e39204acf362dd4a1ee78cf38d6111a63140e49ff477ee13749f7e54feadecebc53d6057d6b7304d7259b8942876dad0139786782bc8b00e0d756ecee30dd4464a48b8e0e873ceb67d1703807c0d9bec09af6b3180e7eb2400ae
+	C = 6c730527684c5cb01fe1152e25a1f29530cee60735ac18961ae80a970f35492be84fe88feb8c2e30953c871bdd4c242ece772e13f19e57c718ed5f971969af9cd475f07d65c30f1da9cec16947b49e995ab42cb050a652cdd9b6b45877aef7546f2c6e4045cd9f8bb3883a7b39c20f
+	reseed counter = 1
+EntropyInputReseed = 59417550f22a383d9a1ab7e23087f577fd96062191e3bd158d1d5b357b5303a7
+AdditionalInputReseed = 
+** RESEED:
+	V = 2aba32e605e7593a8fcf188d80a0c95cf885023fb81f54bb503d76645916d0a91a3b477e7141f5faaf786a5db714c80f010f22711a0d1788794595c0d01340e7cf55f823976f2938a154f8796100e900c42763d1ab249c6ecb8cae5021caac1cc9c57d0e4dc9a5715f064ed573e09e
+	C = aa1ea65b8e22e1b1cf0e7227b5e1a6494ffd7b384d9ff5bb6d7e5beae71275425d8a973b83f50a1394c2acdf5b5c876c63d3474a3185254c8ea63422d51f2e83b7a8ec91583507631e75f27d0113c2601f14d1dcea1717d51271deb63d234a636579d0b61760354c2b3245fe60628f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d4d8d941940a3aec5edd8ab536826fa648827d7805bf4a76bdbbd24f402945eb77c5deb9f537000e443b173d12714f7b64e269bb4b923cd507ebc9e3a532700ef771efef09e82d65ded5d78b6deb9b5856241ade3fa16424cee931ed4ff1a93ea42b28c463ac982ef465d888c24d91
+	C = aa1ea65b8e22e1b1cf0e7227b5e1a6494ffd7b384d9ff5bb6d7e5beae71275425d8a973b83f50a1394c2acdf5b5c876c63d3474a3185254c8ea63422d51f2e83b7a8ec91583507631e75f27d0113c2601f14d1dcea1717d51271deb63d234a636579d0b61760354c2b3245fe60628f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2bc3e0683048ccfc87cd7f53bbc735325c01d04cd723a3a79474e7e6493b345bf1959b493c864c9b4dba3b84a5aa0fe77db018a215a85d6835f47a4bbfb9a98555de864cb513aca1bf091902e76a250ef538dfd2e3046c8b91f35c01fa92eb50f054456e78ed052cd72a99f597a25ed24e3fe2cc71c33609342d85a11052e740f92a409c3d275024988b4472460bfeac691c461f3459a8b851ebafa9fe9e272fb07179c26b4ba5953e90c74fa2c74797757cb0452602382d2eb27f33be7bb736
+** GENERATE (SECOND CALL):
+	V = 7ef77f9d222d1c9e2debfcdcec6415ef987ff8b0535f40322b3a2e3a273bbb2dd55075f5792c0a21d8fdc41c6dcdd6e7c8b5b1057d1762219691fe067a519f78d434c69169defefeed2c7dd11b53bbf8bc2d56d85a504b65add393ee95db749691da2852e43b4cb4ff1e0c9889365c
+	C = aa1ea65b8e22e1b1cf0e7227b5e1a6494ffd7b384d9ff5bb6d7e5beae71275425d8a973b83f50a1394c2acdf5b5c876c63d3474a3185254c8ea63422d51f2e83b7a8ec91583507631e75f27d0113c2601f14d1dcea1717d51271deb63d234a636579d0b61760354c2b3245fe60628f
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 00a98ed5f616f028233769ff777a7342e57f9a8a1406a1ca486b64b23bb34f76
+Nonce = 56cfa1f545d782b0ba2a392b25aa55ad
+PersonalizationString = 
+** INSTANTIATE:
+	V = a3e27ad827e04a9d90568f216ee65b7fe18cf733b243f388dc2d8d7e36010a361187e74bf7827aeb3b4e4efc679a4fe07ee247438b0f2f46903378b0cd621bec6e2f843929d5be03ce6b85cb2315ed253b0908b7d982e23743ea8b378252c9fd5666338a67792380acbdcf33a90628
+	C = 13177a86dc041b4957975b53a8b9fccac081847b734bcecd66bd079a7cecba6a528a508b9c7ece1a3a24293079d7b1f18d536c07245e8283b1e25d2228fd12a525f2702cc8e0d3b1a80da01d2f606f4ec4f1b8a301617a6264f1872028b71bc41f71be4f5e5a50bf02a56aab336d1a
+	reseed counter = 1
+EntropyInputReseed = 794f957660899ae0e4bd509b5dc5af6971c4095a3acba7bd2c5b71a178690860
+AdditionalInputReseed = 
+** RESEED:
+	V = d057608b735742778381337008ac43897e9e59f103b201f82711204459e6408d9b6746b1aac524ebc8c87d53caa3db5625ad102ab9ec8483500f7b4eb4f4e5bfdce45af906b02a6e17515ab889fcef8c0130cacbab204286809b7d46c58eec4dec0ff74f7ebb5822de504f8590fc02
+	C = 3e9909dc727a435a31f851f89c85dc1311b24e6078ad75ba53147dcf4cdd11f37d2f8d65f4a1fc4d37d95e07104607568c8bd33f3c6e1f82b69ed69b3cf2abb84a6a07bf104873382b6c73aacc9a76ae1f72eed9b87260784809ea17bf89850bd9c3acbbb2212b920d1ae6620b03ad
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0ef06a67e5d185d1b5798568a5321f9c9050a8517c5f77b27a259e13a6c352811896d4179f67213900a1db5adae9e2acb238e369f65aa40606ae51e9f1e791ae60e374f15ac1e4d70be4850f5a26d3d9f734466e26eb71525d5c741614659387696648bf0ba44328ca88fc8dc21369
+	C = 3e9909dc727a435a31f851f89c85dc1311b24e6078ad75ba53147dcf4cdd11f37d2f8d65f4a1fc4d37d95e07104607568c8bd33f3c6e1f82b69ed69b3cf2abb84a6a07bf104873382b6c73aacc9a76ae1f72eed9b87260784809ea17bf89850bd9c3acbbb2212b920d1ae6620b03ad
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b7d011a04593310885d1e5d663efc4410f59408193f2b44d67dc292f19e7099b0ec4ca102058b7a4bd2ee41dadc017bd1849a32560ae3b57e7105f1653c8743b27e912d9b57b8bb638bd019779aaa0e3e84b324e42863ba9595320a812b99249793af2a7fbf557530259d3c1ba827bf052e0db6d950f6ca76976e7eb7ebe241bbd4b6787f80b17afbea6b19a671b2a256465669e2430651c70d0dd9e8858ff8f3fec81ce05847a15c8ccd81c1971f19405835d4d0e56bc302e9ec852ca31ffab
+** GENERATE (SECOND CALL):
+	V = 4d897444584bc92be771d76141b7fbafa202f6b1f50ced6ccd3a1be2f3a0647495c6617d94091d86387b3961eb2fea033ec4b6a932c8c388bd4d28852eda3dbacee9eefa407229a5e8558e46e98fda95108adf0e57d45fca9bae6e9188efc20ba5660c44ce79337e846656cb5114a3
+	C = 3e9909dc727a435a31f851f89c85dc1311b24e6078ad75ba53147dcf4cdd11f37d2f8d65f4a1fc4d37d95e07104607568c8bd33f3c6e1f82b69ed69b3cf2abb84a6a07bf104873382b6c73aacc9a76ae1f72eed9b87260784809ea17bf89850bd9c3acbbb2212b920d1ae6620b03ad
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = f54f459ae81747c007aec42ccaa0573e6cef278568eeb4b7e152ff6be5a3cef5
+Nonce = b86e79e81a7a1186d82ec161fe23602b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 73188ba97842fc731a19b8059abb479d80932c683101c438a7e2067176f91fb5a72f7793cd60580b19fe722c43540c892e80358cb1ac4b850fe2d05ac457d855717cb8ab397efaa23fa04ff0daf95121087de8ba2060bdcf6f1c28d06fba4b2d69b0a93bb0320a098c77491e0df08e
+	C = ae3d491609f4fcd3c7bdefb5078a82fb92156724b1139d0473d35e1a492c2c58edb328437bf159cfeefc05c880ca2a806a02f9e65ea591e34e4b2bdcd44908b0bd5a6de6dc4e4247a24b62e73692f9e3b7cbb9621a48e14249fccbbff09a9d4ab8e54f778bd0689bf4ad5a6e05c7ed
+	reseed counter = 1
+EntropyInputReseed = 19a2a4b9f8977ef5648a44546e97cf76968ab9b19d2c4d6a80e4b7603d0bef5c
+AdditionalInputReseed = 
+** RESEED:
+	V = 130925cff1ef4d280a992b8076a7f0e35a9eed4c6c9f468d7c5fccbd31126e6150d2815d0675da035204ee54c4b0924ad7651407cd93beb8d2cb689d9d760114c99a28025efa14b298913d80a52a364cffb41ee3b8100280c8817a4138a17bf6a677ed8e34833b4105fa5a73e86f82
+	C = 69163bf744aacd683d7aec36cf165d3b7133d91239952a051d37c4ea3eaf7e4aa3819425a281d854744e9f2cd881304038d9fbd83b6b459f636111d09e1dd466487ff462db7d61677cffa2988628f28a6188af750a19b083384e8724ff382fa27fa4829c31feee5fbe3d3eeaf4f53c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7c1f61c7369a1a90481417b745be4e1ecbd2c65ea6347092999791a76fc1ecabf4541582a8f7b257c6538d819d31c28b103f0fe008ff0458362c7a6e3b93d663237a26f0cb9fee2e03febed8ae21c33dd39c9db881932bef5bcd0715eb73f3e6b893e1d2c5bd1d480f385e5adbba8d
+	C = 69163bf744aacd683d7aec36cf165d3b7133d91239952a051d37c4ea3eaf7e4aa3819425a281d854744e9f2cd881304038d9fbd83b6b459f636111d09e1dd466487ff462db7d61677cffa2988628f28a6188af750a19b083384e8724ff382fa27fa4829c31feee5fbe3d3eeaf4f53c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d019f49a826eabe22be8f7f65e9933f7f101af27baaad9b87fdd6dd7cee753ef95e687eaf906c99c892c54347154830592309a6118bd595cffff09d06a7229940c393b4f2935f5c1a56548ed7ddec4fd857472e3b910e52d2bd69344debaba86f0fe01b186ec056a1091dec94394ecb626da1cfaedc3b9ee259c6d1ef6e0f4de4f71a46a78861dc753dda173556ac6b4f1ce2520514ab70f44dc64bf63762194f7c173d7c02ab779813748a00c0a35e50a821e9237050b5da1869541894a5c31
+** GENERATE (SECOND CALL):
+	V = e5359dbe7b44e7f8858f03ee14d4ab5a3d069f70dfc99a97b6cf5691ae716af697d5a9a84b798aac3aa22cae75b2f2cb49190bb8446a49f7998d8c3ed9b1ab857e9a75bec52ce7a9928a8780d8ed7d68c19b5c94b82f06af2751fff07155bb073e4e2c019fa780cdbf1425350370ef
+	C = 69163bf744aacd683d7aec36cf165d3b7133d91239952a051d37c4ea3eaf7e4aa3819425a281d854744e9f2cd881304038d9fbd83b6b459f636111d09e1dd466487ff462db7d61677cffa2988628f28a6188af750a19b083384e8724ff382fa27fa4829c31feee5fbe3d3eeaf4f53c
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d2aa1e32cbea161d386ab33a1ebc229cc2cd465faaf02fadfda181c45dda8a4e
+Nonce = fc99b52a4cfe0a71b6687cb64a87d4e4
+PersonalizationString = 
+** INSTANTIATE:
+	V = d4f13f30222475ee3986fd86087da5d49fb9969c0fd8e95cf7cfa95319ed6053f26393a74177d440c399d576a26c9b802ccb24a27d2ec62ae2620f960b196aad81e757211a899f47e944f13b2d3dd023ae7a5b70521016b5a0c3718eabe605cd69f4185a9e0c4b932b875b99a1fbf4
+	C = 606542b2c85c16f2418adb1a6443ff2ea9b69e1237dc11556dddecc9d01b3b9a0e308b4aa43760febe71dba61d90589d785635618b350df066a1bdc527aed138b4a0fedd98c38e0cb6317ba64a555420d944c264c8ddcfb12eb173bb3ab0c92e02adf944ae06dfa28811c19297936c
+	reseed counter = 1
+EntropyInputReseed = 31b7bcf67cdbaa9ee6acbfb64d012e6f35cf26325f3cca1d59581f08985ad499
+AdditionalInputReseed = 
+** RESEED:
+	V = ef4cbcff441d2e139320f42d7c9322dfad2d1302dabc1efba280c94cec8dd0061782882ca6767067c09d6dbf22bfd16d0507a274f1ebfc51cf5df29b66669ecec8ad4eb28a5d471827424719c5d74abff3f509b430f6c6e5184aa9a376897d58f36f8c7b1ff744da414d323cfa1b2b
+	C = 764c72529fd2037fdbd984a28934a079f912d90f4b682ed8284470f21bc84b09ead411aa8b7df083338c07f0d865ece7433a38f0b1faa7b6485ffed9c2592c146b5f464fba63ba1c541b3e4dd6a791fe0b2f88d5c1ddffd1bc67da7f764c47f1cd34c03b2574cd44c893714025d29e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 65992f51e3ef31936efa78d005c7c359a63fec1226244dd3cac53a3f08561b10025699d731f460eaf42975affb25be544841db65a3e6a40817bdf17528bfcb0d3691f3b74442a651cd98ddd4c0869a301f50978772c084cf85c99cc3e391f7d66a915d1f375b99a6d95bdd68a65c3c
+	C = 764c72529fd2037fdbd984a28934a079f912d90f4b682ed8284470f21bc84b09ead411aa8b7df083338c07f0d865ece7433a38f0b1faa7b6485ffed9c2592c146b5f464fba63ba1c541b3e4dd6a791fe0b2f88d5c1ddffd1bc67da7f764c47f1cd34c03b2574cd44c893714025d29e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a2899b52bfc35a0514c4a662e102dcb44659aefd3eadf153324630d64a016023ed42a30ca2722419a7bb098a27b4f6b04cf3c3c7b47e4a32a3268248c38fa8acffde5e8dd11a94636065e92fe2c375d9e21cd8543fb92601dec991d2b6433d7e061efe931400939dde7a73335f2d969f4f46ee81b97af2680d36e6aec181970780d56f5ecd82ed444d386b572467f6a51cb4fa8dc62625f540965899d017b1cb23efc6497fafb676b3a0ec1f7558dc7e024d72bfaf3f1eb251e1863f4aa1a592
+** GENERATE (SECOND CALL):
+	V = dbe5a1a483c135134ad3fd728efc63d39f52c521718c7cabf309ab31241e6619ed2aab81bd72516e27b57da0d38bab3b8b7c145655e14bbe601df04eeb18f7d57f7e77d161aae71997a1e5ab5632c7b51f809401d99eb5a1506dd5e7ce22ef49e82b8e08cd426b51525c1c770878ed
+	C = 764c72529fd2037fdbd984a28934a079f912d90f4b682ed8284470f21bc84b09ead411aa8b7df083338c07f0d865ece7433a38f0b1faa7b6485ffed9c2592c146b5f464fba63ba1c541b3e4dd6a791fe0b2f88d5c1ddffd1bc67da7f764c47f1cd34c03b2574cd44c893714025d29e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 401caf007a395bdc6aea4a88161560c2aca5d33c6abbabd9b05fd11a28dfbde7
+Nonce = 9a3d41d22d88de61a8a814139946c189
+PersonalizationString = 
+** INSTANTIATE:
+	V = 661cc215493a5f84b5a59ebfa91dec8a39df2e8f78e11de96323b53f857ec2af23673e16ccbe3ab6ab8586283eb3b3bfcef06d020d8b502b0ebd92e115467ed9b367cfe9f475e5d7557ddfd158b6bafb381e3120daf5caa47dc7f34ba7dafcf049ad3d64d979afadc03afe3c1c0f3d
+	C = ec4521618c2bd597eeecdbf4e542466f743527b43509874c84e1a5010dd9cf551d43dacf3526b2cf4cc30edff8bf3f1de39ef8def11d498d18dc30ca82987387b7a7ca650c3eb17424762a65d2e2e5a76c779185f131f6891847c5d59c8acfb488da8fed336b56294b653f9713b61d
+	reseed counter = 1
+EntropyInputReseed = f20ebfa5094d2da919c2d5d0e925ff4e180a8fe408e05fa985bfe1e3741bd840
+AdditionalInputReseed = 
+** RESEED:
+	V = 98d910bbd893bfe5e1d53ce37320d44a2306df145f19e1331c2389d52ff58516b1de67805c09b5623f850c7bc9c817bb14a8a07e01f3070e6328f5dfcce16acd5f84c7195f06e5bdf2c5621e95b91f50ed8a338d9e06e570fb39dbc2d0cd67e75172faf3030be61a9ba9974f255e91
+	C = f49d6ba015cf8ffde88c8ce023f685f52acb8761347911751e6a812568d1865eb3eb91d1189a4b86143b8de8ef0f05898d2a71ba0308ca9ed89904f0174d9a463264f8f7ccd853bbdb07211ec436738141abbaab3725574e7a2bd50454ce2917baf6d0b71987aa665cad303b265e3a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8d767c5bee634fe3ca61c9c397175a3f4dd266759392f2a83a8e0afa98c70b7565c9f95174a400e853c09a64b8d71d44a1d3123804fbd1ad3bc1facfe42f05a1491f31b1e55a5acd5843d5594ccf4b41e942080505e1624e38ddcdd09c057c5360e6afc02b4523c927a942b907bcc0
+	C = f49d6ba015cf8ffde88c8ce023f685f52acb8761347911751e6a812568d1865eb3eb91d1189a4b86143b8de8ef0f05898d2a71ba0308ca9ed89904f0174d9a463264f8f7ccd853bbdb07211ec436738141abbaab3725574e7a2bd50454ce2917baf6d0b71987aa665cad303b265e3a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e8926e67a7ab533874956c280c3190176d5e4a6d8c74b53fed8df0e012f29de658e1737a41640fa2e6eefc0db6c1121a6ad7d496eda86d471fe4c14aebc03c9f2152016a0b4c9291eff92d3c60a43081967e76e6bb075812b901253a3f5a9700927514ad1515a0aa1364ea7f476aaf4c75bf05419ed5ab45553dd949cf16652a980c5b558b808ca46872ea9153852f48601de21dd191aa76d5e6a118ec6bd6cfe90692f4a2553a6e78ff9cd79709b2aad4dc62670e8f476263495274a0c2be9f
+** GENERATE (SECOND CALL):
+	V = 8213e7fc0432dfe1b2ee56a3bb0de034789dedd6c80c041d58f88c20019891d419b58b228d3e4c6e67fc284da7e622ce2efd83f208049c4c145affbffb7ca0d646fceba1cbcc1cda1f5d41bfedce9c8580ec972097c01ae64f56d7dbad46d576f4f747f9b9770db506d03da97f75c5
+	C = f49d6ba015cf8ffde88c8ce023f685f52acb8761347911751e6a812568d1865eb3eb91d1189a4b86143b8de8ef0f05898d2a71ba0308ca9ed89904f0174d9a463264f8f7ccd853bbdb07211ec436738141abbaab3725574e7a2bd50454ce2917baf6d0b71987aa665cad303b265e3a
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = db25a3a051fddfb54322e4d28e9302669bbbe85e7c5791403f9efc154528784f
+Nonce = b3551eeee5958f2fe1eaefeb0c73e1e4
+PersonalizationString = 
+** INSTANTIATE:
+	V = a19ce1456edf65c9cb3c2e2a183d9d1310c7d5fd4cb773090b6dbf87addd855e75528d8ca83396cf354f0bd8a8be680f178c5c75e030cf5701df9fe86900b855be16c4a3e499772f4ab7e86d9556a484d66a5ae4cf484642eac24259ba806430388def26761743b02f9d144b1c1d51
+	C = 0a04511338e5957a8a216e0589e9af238905726ea6a637f5a8d144954da8704ba25a4952f69c5a4d6b771ae281d2ef956d7cb7a110b9a5954591ce3d2cfc9e1257faf4f22a03606f2f3de2471e0cbe2f08a8289c0863654f7bdf904a818a2edb7841b250970296dd3eebcc7dc952e4
+	reseed counter = 1
+EntropyInputReseed = ea0c3a27edecd0868532b6779ed8326671bc599c7da811d7bc5d5dd2d8c824ad
+AdditionalInputReseed = 
+** RESEED:
+	V = 3cee5eccdf0720f1f8380c7d4e3eba8bab71477e5f9e6cef8e4108b41c8cc9cead4be4b8d59a9644a63a166edb59866c1a86771fc41b714af38b8420fc0406591b3bfa6174bea4a364af55099c7ce8746be63fcee85051dbbf3badebe407e9505d574fc9f1bee6163d0a67afd987e6
+	C = 0cd1f2fc684557e2f1fa6f795e4ea9d48237b77517121facc5ee5a8ba54dd2979eb6a1e99b5bd3d4423c8445e80d6311b0075670fd031fb623cd25f62affe6b4f565f850aa9f82ffe6468323b7ef1b3c6533dc98dfff651c952a0e39ca2a5a5391c1f0f823af5d056e7b68a4cd637c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 49c051c9474c78d4ea327bf6ac8d64602da8fef376b08c9c542f633fc1da9c664c0286a270f66a18e8769ab4c366e97dca8dcd90c11e91011758aa172703edd3d114777ef2b984f386e0d9c6fc413a71699520d9ccf88e5696330560b29721b3a4d4a9f71cd08092fcfdb6218f65cb
+	C = 0cd1f2fc684557e2f1fa6f795e4ea9d48237b77517121facc5ee5a8ba54dd2979eb6a1e99b5bd3d4423c8445e80d6311b0075670fd031fb623cd25f62affe6b4f565f850aa9f82ffe6468323b7ef1b3c6533dc98dfff651c952a0e39ca2a5a5391c1f0f823af5d056e7b68a4cd637c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 89fda55cf7819a30771c2c64eeaab2f875486abd54ed35d8209e25d363b8d365a12537861b0b20e26477b60bd97f8c2bffe9958c631a4e322b5e41110e57e4748f12288f014c4b3a15c5d9809b36bbdbdcd29876da72dc2bc0b85a08e5a3656806b955d44b9784ec5a5b11538fb8887cba2a0c77bc6da3b0e4b2a61335bce2887e032ad840921a7a605ecfd563af25f9387cd7eda0c90961b56f447ba7b0938f41326511a9929f9bad19bd2b5498dda572c48a3d2a2e6e94612ea2ad016f0649
+** GENERATE (SECOND CALL):
+	V = 569244c5af91d0b7dc2ceb700adc0e34afe0b6688dc2ac491a1dbdcb67286efdeab9288c0c523ded2ab31efaab744c8f7a952401be21b0b73b25d00d5203d491b4d6b59fad1812412e397cec82ca04f1ff6f15ef9c154ccee3da85d2c02346b39ed5d490bd28ae710105eb2105d242
+	C = 0cd1f2fc684557e2f1fa6f795e4ea9d48237b77517121facc5ee5a8ba54dd2979eb6a1e99b5bd3d4423c8445e80d6311b0075670fd031fb623cd25f62affe6b4f565f850aa9f82ffe6468323b7ef1b3c6533dc98dfff651c952a0e39ca2a5a5391c1f0f823af5d056e7b68a4cd637c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 7b07624910407d7ec5b66905298488dd2c37f00e30c1349c59df95653b190cac
+Nonce = fe5bb4928bc74609ccb7f143f91166cd
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0e47c204c2407bba2d1a04d983d3879cfb4cf8fe350b45964b1fcd278f9f494cd5016690e5c399a32f6e8f6b3ad774e9655d135e5e1b2d650d9badc486e52d7ddf91225611e5120a6ed1e937dd9bc0e3f306faccde8aff81dd027f5a27e2ec62e1f3f7df692015ab0f6d2619eee695
+	C = fd761bb3fbec0fb4f55b57f587f14e84fcdaa2940fbb2eac428283c9dd83851d4eb1bf58ea96d2d1c93a7cebb52ad9cd6cbfe1e063e82d63faa5408f1a02cb2edc80683945b17999c0d885bca307b3aae16fdff2b2373828d3641a6d73e3d19c05f3365c6412aee8d59f212ca773ac
+	reseed counter = 1
+EntropyInputReseed = 745937de92da59eeece61fdbeacbfa8643c473cc0aca2a0212b891d0faa66bd0
+AdditionalInputReseed = 
+** RESEED:
+	V = 3ac14b49258d92923f9e87fcefd8c226e01aee244234ab9b5333ff065047eb2b2332346dbda9e6962b61e07a9ef0d15060466b4df0a338b828e2fbed34e0d3bba83f9e6a71fe1d8b251d82c62a6d6133309c3019ff03c1539f418127e0bf19504c54bbb3b26e7beae87e9c089a3f3f
+	C = 9db92a206ec793ecfa740f2cb03f9d397faa70c494dadd581b06c68ebd710096bb07cd9589aaa11d172c4491e932514b314365d3b12574b38c960cdec10aa7d598e164e757a6af32ec2c1f56d2ac9156d8a722bfda1d960a95a84bb7a4c551b2c061bfc2e926661dd3414b2c9854be
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d87a75699455267f3a129729a0185f605fc55ee8d70f88f36e3ac5950db8ebc1de3a0203475487b3428e250c8823229b9189d121a1c8ad6bb57908cbf5eb7c4ea53f49989fadc3102c03d76401cf00604565286f9904ff446a83b4e31f93d83a522acaef9f12afa8d4b7ea1f4db219
+	C = 9db92a206ec793ecfa740f2cb03f9d397faa70c494dadd581b06c68ebd710096bb07cd9589aaa11d172c4491e932514b314365d3b12574b38c960cdec10aa7d598e164e757a6af32ec2c1f56d2ac9156d8a722bfda1d960a95a84bb7a4c551b2c061bfc2e926661dd3414b2c9854be
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 075eeebe7736e69bf48b9513a9f94646805fb3071a7c8744437621983879af6359cb4839673ee1f95c25d4261d4ea984999d3eae1296ddbaeabd7eda1024ff87922e100ab847713bf2c20628d2f2d4fefdb87eacfd6d093e9818727974a5294ae9d76cbc3848329c9cadb86a527fb523f191b24ef50daef05ba5fc8de531c207ee5b63c7b525d061f969996ea446fdd68a2a73d9ca40a1275d7f4e58c4fbaa86f273477c2f0b0dd6ada60ebcd2a36e3701292aad2845dff2c04475a727a23eb2
+** GENERATE (SECOND CALL):
+	V = 76339f8a031cba6c3486a6565057fc99df6fcfad6bea664b89418c23cb29ec589941cf98d0ff28d059ba699e715573e6c2cd36f552ee221f420f15aab6f624ea280debb82e5028ded342c1e27768f484c2ac8d300176c46f4d6a3ee292c2fe58f775f881b7e1c04ed44dbc263459e0
+	C = 9db92a206ec793ecfa740f2cb03f9d397faa70c494dadd581b06c68ebd710096bb07cd9589aaa11d172c4491e932514b314365d3b12574b38c960cdec10aa7d598e164e757a6af32ec2c1f56d2ac9156d8a722bfda1d960a95a84bb7a4c551b2c061bfc2e926661dd3414b2c9854be
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 1eeed76a8658f823917369ef4ea4b4cbd5b82977bf8b022dfc8b05870a7c4cd8
+Nonce = 8403850c37834168eccc4a6df3e7680a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 25d916974a1ecf82ef0e5474aacf4840480277f643320a67bf7d53525d797f365d1797621f671154c67785cb39f79c855cc3661afa7fcee2b1719b7773767fc90aeb2b6fea2df6fa48cb80f13691f3118216fe3d97a459ad7c8736eb7f7fff176f2f0da959d6c6eda879160013880e
+	C = d36dcbdc511902652159a51336f63b62b89e2f95fd4d32a579fe66b7af05caf78eb7c2c969b8037799d9561230c5f345910c4f7ddbc595c507816a1229172cd22629b4a9ad9d584a8a29cdfc59b31b50a53f01f65b01ccf6e18c27e901c3e2be64e8dcdd94ad47864156f32aa1877f
+	reseed counter = 1
+EntropyInputReseed = 94d16d186b5082c9240d5b3fa5481fd8aa971549077873095cce51c7dd2be7f9
+AdditionalInputReseed = 
+** RESEED:
+	V = cfe76f6603f533287a39cb9e6781dc0dfc60bc2481388ca364b104e1419fa2140979d28e580c1d4bba1d86276b2047bfe860b378316f0f22c21cbfd74461acf9adce235117e72c306ff1f88408f388535ca2b7ac698ab9668004bbd86b2fb2daef52217827c9dd4be3935b0bed717a
+	C = 8b1708a1573366e7a82b36e4ee907199e409623852495d661671bcee290279905b1285ee2e9d13d03a97f2458dc3c2df91d2a27b486d7dbb8f57ebb55c66bdf3f5622b39db3fa503d3e7888844fe50e3476ca7e8e9ab8289a74208b78b9c176008c0354658624c1ec66abc923d24c0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5afe78075b289a102265028356124da7e06a1e5cd381ea097b22c1cf6aa21ba4648c587c86a9311bf4b5786cf8e40a9f7a3355f379dc8cde5174ab8ca0c86b026eda01c26dc707234b0078a92cb81c31505d7a1caf38b4fa28705f08b5d06f168d76a7222753d36f7963c0791f241e
+	C = 8b1708a1573366e7a82b36e4ee907199e409623852495d661671bcee290279905b1285ee2e9d13d03a97f2458dc3c2df91d2a27b486d7dbb8f57ebb55c66bdf3f5622b39db3fa503d3e7888844fe50e3476ca7e8e9ab8289a74208b78b9c176008c0354658624c1ec66abc923d24c0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f48c2d9ea93dfb452843b6d1f8c58c7eca4db970877a3f1d9d68ffecbbd71838758ba1fddbe4899efa70a58c3549139f00f13d09704c41aedc202ce5ecde24b70e44b61d645068d660f346821ed1e802a44cfeada75b5ce924d4343a6195543b8d1432984b59b1577129ff795f41555b14abf4cd41b1c4d45e7123a007629b6678202f147cb735e7a4112bc10916cebf39ee4d078b7b70067792804dee387fe34bf9e7c791e2a783987dd1fd5ab04d4c93c74bef05e267ca5be75e37e8d21f1f
+** GENERATE (SECOND CALL):
+	V = e61580a8b25c00f7ca90396844a2bf41c473809525cb476f91947ebd93a49534bf9ede6ab54644ec2f4d6ab286a7cd7f0c05f86ec24a0a99e0cc9741fd2f29864bf2f44d8da3c60de1440d1f92979fc13071b4d7e5f34fe9281c7e8477d4e475a84c102fd93411b1a902c3265d3648
+	C = 8b1708a1573366e7a82b36e4ee907199e409623852495d661671bcee290279905b1285ee2e9d13d03a97f2458dc3c2df91d2a27b486d7dbb8f57ebb55c66bdf3f5622b39db3fa503d3e7888844fe50e3476ca7e8e9ab8289a74208b78b9c176008c0354658624c1ec66abc923d24c0
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1d79eef601e1b93881d70e82538111423967479aa393473fa02601d15e5d8f56
+Nonce = 0a7b9a19f55ba77c7816a9396d06b316
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2dd498001221542bbdff7982bc0229fa91f5e7dac851f5c8351f053668a458c5547b650b5ec0210686dada38303495764b17dd4011015d23fa49f47309c0ac29978031a9b2c94ff52a10ff1441fee9433c26b19bb34c03a7117fc6c8159edda369e63fe7d795f9e506143db1b4fd60
+	C = 5d7c99bfe5177701ae743103015fb5f7d672619fe8dffcd51ea1a85e53a64ad25c649d1048ba2f3d55b61a0947af2dc0626f526fba1520cac380ab066d46fb6f596f7b4927a8443b8a31471c80fd76efac8075a297500728adffc354251262271244374a49fa5911a1ef1117c75341
+	reseed counter = 1
+EntropyInputReseed = 8978903be82ae3cd6ff61b7dce51a885febfde9e08e87303b5ab79169c9f2c2a
+AdditionalInputReseed = 
+** RESEED:
+	V = f73805bb4ee912e30bb4330af6744c9c3a60eaf5000dbe09be3ebd2628aceca5592babb231ed0ce1909926b98cf09bcb3d26c0e4360cb9c53ca9adc98b024ffffdd3888e9386a9caf787bc95975c6297977416470ff37c00b1824d23c28a39759f6ff0b41760c6f5ecf184976901fd
+	C = d588f5edb80b4b448eb293599f2d72a4db5d3c2c9c2a880ebe74b503771bd32c2fac2c22e84eab2e99ac3cde0da5732f6b6f7bf12d8948257bbc6fe2d3f1c265da06520c6b882a334b50a207e505326a8b5a2492cfd45498d162cec5c2865881b3d5132ec5858b794eebf2ce8efe3c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ccc0fba906f45e279a66c66495a1bf4115be27219c3846187cb372299fc8bfd188d7d7d51a3bb8102a4563979a960efaa8963cd5639601eab8661dac5ef41340ada6526b0f4f1341dcb8c7788f16ac21968fc535a57a76a6459965942e46a5b1d8152539fb4097635e6b036242bafd
+	C = d588f5edb80b4b448eb293599f2d72a4db5d3c2c9c2a880ebe74b503771bd32c2fac2c22e84eab2e99ac3cde0da5732f6b6f7bf12d8948257bbc6fe2d3f1c265da06520c6b882a334b50a207e505326a8b5a2492cfd45498d162cec5c2865881b3d5132ec5858b794eebf2ce8efe3c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9f25bd4defaa0a1b3e6cafad4e6a1d5c8b87b713577d4dd5fa1b978a6a911df63bed46f58f6c3d7a5454bf98c4f78c0925980ed27b342836d7250f5d0b03ec458f7b18eade74532377ee8df1806a6028187466f65b8078a3e8139105957d516ed4fe8b762bf8b51029e2615c80640e7f2a94f6686ce94694951813234ecc8c81fc1923310c39f7f855a47ddd56d20f2077e3cb724e8bf0da33a9acf7eac70bcb1a7d3a07af5fdc28624b086a4eb7a71d7f85562d7c553adc55180b858b2f41a2
+** GENERATE (SECOND CALL):
+	V = a249f196beffa96c291959be34cf31e5f11b634e3862ce273b28272d16e492fdb88403f8028a633ec3f1a075a83b822a1405b8c6911f4a1034228d8f32e5d60ff3c82c571dbbe69b14a4aabf35332b28dd3faccee3a6367c414cabeacf93df2c74372f31ef69e958e82f9c91a7b5b3
+	C = d588f5edb80b4b448eb293599f2d72a4db5d3c2c9c2a880ebe74b503771bd32c2fac2c22e84eab2e99ac3cde0da5732f6b6f7bf12d8948257bbc6fe2d3f1c265da06520c6b882a334b50a207e505326a8b5a2492cfd45498d162cec5c2865881b3d5132ec5858b794eebf2ce8efe3c
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 2dc0fd5e687c5c32e351a31aa51dea83d05791ebe6da35ddb6d860af7e46cd90
+Nonce = 0f78abeb9c747ded6fef858db8665c0d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9c64b7bb32a0923c6d5cc98bd56979dacee5cfeb570ef1a203e8131394a36649f40fe5be1e45e73ea50e6155a1a92c038e019af61d71ac4203cb8b68926262ef191c1aeff87a843505768dffbf03e9ad07d82084464c2ae3269e6d27baf00505b1380960c75640bc8d52a4142f5ae9
+	C = ca4d7af5bcb2062bbcd588d764ffb3b66c254f1dbd23c87a619299fb1c1e85fd1440eab08ded25224009931bbe62d8390051ca950e3ad8b0e7030f3ea0aa7074726a669e4886b55f331ff59d7a64c34717d67cec43ddde0baaa1b83a2d3f0b1590f397ff7cafd851074cd27a759181
+	reseed counter = 1
+EntropyInputReseed = 2fb04fc452fe35a1996ff48900798f02a605409cb6e5bd33706cc4ae96f95333
+AdditionalInputReseed = 
+** RESEED:
+	V = 0ea1ab87268f988236610359e670bb76ab1ba62cf2eaaf492c7e41bfdefe6692a698330521d7d3b26bc39d38cacb4e901c148ae37a9b910e857746696731436dc8cd5ad382b55f8951601821b37ccca71cd52d0ee764352cb7eefb0e035831d601ff8296c50327d329ed13ac07ae23
+	C = bc6ef907762a50800ca21bd95e686371fb753ed5fd43a9b6864b70bac4c8a8ba74a2f6edee3cdda84e749e531d5bac350cc64346fdca41e0c50c0f1130f9ec822269e2558d7f36066d2e7f350637e20fe57f3d066c93a6d98b77cac61f143387ce56da24d0c50fa06b729944dd2713
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cb10a48e9cb9e90243031f3344d91ee8a690e502f02e58ffb2c9b27aa3c70f4d1b3b29f31014b15aba383b8be826fac528dace2a7865d2ef4a83557a982b30de91a2105d3cb2079cb22a8894b15f8c015a86aef471426da450e520e4e98e471ece9b1e1056aa983df4a61f95f5bc7f
+	C = bc6ef907762a50800ca21bd95e686371fb753ed5fd43a9b6864b70bac4c8a8ba74a2f6edee3cdda84e749e531d5bac350cc64346fdca41e0c50c0f1130f9ec822269e2558d7f36066d2e7f350637e20fe57f3d066c93a6d98b77cac61f143387ce56da24d0c50fa06b729944dd2713
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d25ef5ee3df8a6cf9b6e7d57b121b41a84f4e38e6a7475e1cf21fe2c059480aa48ac5a137eace7e696702974b4383e8531a79fc8076236e6be78cf3d2ab83d3ff172fd00cdcf3b46be7b555fe98c4e7fff3eaed76420385f434c1ea90e9bd7ca505ebfc43a72cb98d450c10bfbb2896d252b771281bfb08ff3e654cb06165e8ff8748181bc6df081a675f9acdeca8ec82271b2101a9f9dcd657015a3267df2373e3c95b8c6cdc76c030a3a847335e6b0a3d9b1695cc385616f3b660e19e71604
+** GENERATE (SECOND CALL):
+	V = 877f9d9612e439824fa53b0ca341825aa20623d8ed7202b639152335688fb8078fde20e0fe518f0308acd9df0582a6fa35a11171763014d00f8f648bc9251dd0d7e51e08b4d058c406a5a52145114b604761e6acb121b958b1472334a227440239ea42e107c91bc73eb9f07cddcd09
+	C = bc6ef907762a50800ca21bd95e686371fb753ed5fd43a9b6864b70bac4c8a8ba74a2f6edee3cdda84e749e531d5bac350cc64346fdca41e0c50c0f1130f9ec822269e2558d7f36066d2e7f350637e20fe57f3d066c93a6d98b77cac61f143387ce56da24d0c50fa06b729944dd2713
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b5805e8495b256e7f4fee860451d7b354643619209a5fc96590340afc73abf23
+Nonce = c393c11935b01c9c297713e9cf552377
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1a807c4c20285d81913cc4247a48d10627bc3b1cd3bad640e1b6da309c626dcb1b0da57c2f275bc6ae205347f4f8b484fceba65313be790e667aa6d2bd3b46e112176565fee9924bf97c1da517447965f35353fdeff7193014bdeab2210b0507cd0d70679eee2150baf9fcf9ddabec
+	C = 8ec37b92971b6f3750cabc09af84f87e1892b19486d88fa7aecfe9f299f4f4998a524f66f716b3bef66248fa481185199cf72f18d33a68b2642bfe24694a75f9d6ef7d5e2ac55f1a74ae7710db7e29a9bf57ab5b38cea04c9fb4f54b9d960908f3150d828462d15e125f941d61d7cc
+	reseed counter = 1
+EntropyInputReseed = f8d607c7c0e6d8b069d741a82fa450d2584b10969d8628fa909131633d7f7726
+AdditionalInputReseed = 
+** RESEED:
+	V = 6a4a46ceef38ad701f04ca8d396030a00af4ef5d44ad259ec8e11e6a49a2d61fd70faa05c288bfcdf19d491fb78f03a56f6bf3002e4019e90ed8c3af371288a46f09f0739f8f66f8206aa9c0a7bceb5077ee6ba0da3032f3be2f22b0ca8219910a2de95de46ab491a1b68084536e4a
+	C = c53b7f3f363398e27e4c32b4b8f26cde170a70d7c2c558129284d202cba7b586c5b27be80dda1d049103b938f08418ad064a38b5c7fd1f61bf8ae7e911797b82a7a5af54277912de104109760d6719750874ba6c5164c5ad4a3f6997d529f400eb15564eaf67fe2da88bad40c7dd0b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2f85c60e256c46529d50fd41f2529d7e21ff603507727db15b65f06d154a8ba69cc225edd062dcd282a10258a8131c5275b62bb5f63d394ace63ab98488c04f165f16e455520e8d1ef79f8d7d6f7848c29752955ade187739c70416cec86535c074ea848a7be4578994a0de5c1492c
+	C = c53b7f3f363398e27e4c32b4b8f26cde170a70d7c2c558129284d202cba7b586c5b27be80dda1d049103b938f08418ad064a38b5c7fd1f61bf8ae7e911797b82a7a5af54277912de104109760d6719750874ba6c5164c5ad4a3f6997d529f400eb15564eaf67fe2da88bad40c7dd0b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 85c3df595efde90b5e0c3ac3d5108e4ba04652471afd83add325a4976bdedb323ead51fc7be75964d84f93cf3d8f1c5702b6b4e22d0fb94ad5401faeca637723773243ffebada6c4d686d0aa6970ec13040835263d6263340a08a81ea7143b2b2af3f27e39391e82f815763cb9b31483bfd21ea87e04ae32d162e6ca57aa0ff2f474154ba455de0d4206f3c35b129855e535a344722c8ac699e74b9857ffdf9cc08468df1fd9384b01a1f7406ae7c68ebeec6f2a400c63fda85f2142ca980482
+** GENERATE (SECOND CALL):
+	V = f4c1454d5b9fdf351b9d2ff6ab450a5c3909d10cca37d5c3edeac26fe0f2412d6274a1d5de3cf9d713a4bb91989734ff7c00646bbe3a58ac8dee93815a05807d473bffe1b75e5a97f2283e11b37267906ef2c739a5e69bd03e268424fa5ec88cb054b92b94686512581ebcd291cd2d
+	C = c53b7f3f363398e27e4c32b4b8f26cde170a70d7c2c558129284d202cba7b586c5b27be80dda1d049103b938f08418ad064a38b5c7fd1f61bf8ae7e911797b82a7a5af54277912de104109760d6719750874ba6c5164c5ad4a3f6997d529f400eb15564eaf67fe2da88bad40c7dd0b
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 7910947f1d2ea6e85c47e852df1049507cb2d7b8f5be5ac7f247695615320efc
+Nonce = dc8df5af9100ab2aad9b161b4cc834e2
+PersonalizationString = 
+** INSTANTIATE:
+	V = c022f98bf3be2d44493c4449a12cf74344b83e62eb94ca77af8419a1be20906190c72f3259d2b75fbfde2819b07a7dc7d38af2629c6f98b5e20bdfba82ed8e1feabd395262862f52dd64d160f4bf60e8fd463e46d6f620429963425cf08c47e33877893cfe8d53ae4f895994fcd6bc
+	C = 17811e40b87c5dedfc8eefd67da5bebe9e0f9704529220e4ff875068d38561df6b83d15d4fcb0befa6159b2a3167e437a423d3a517b444e9853b22b2db935c5f5a80b7da5c91002af948cf4bddf46da7de968e970f5cd42a2f4e92d036bd803552ae686a94f409ab2f9e61d7b6e014
+	reseed counter = 1
+EntropyInputReseed = 2cd053013ba7d0baa451b8fb1cde62d6b4d572c0582d15dc2b70aeaf379557fb
+AdditionalInputReseed = 
+** RESEED:
+	V = b0d3c33ce9093ead9b8d0af632eb89224a01b621a54d76c8764aef818d8aafab94d5ae4189615a34366de8a23bd1d0c5056b9d4420c69aa266a58c082e7525e9d239514b3977084a9a94ba9fa3dc6c0285c2f7eccd664c7cc480eadd9a8929591d7a2b32e08cd5ea0c8508366a4391
+	C = 141e12b00102b614a00781cffd2094ea2fbc82cc2d797d2727fd2731eac953319119d6c1b00d7f243fab2c2494595c051904dee45a716bfc30476de380015ed255b29e7dcdca216966b3f6a6c65a1160b96664d54b1e180dbba8b85fe92beb011c734a06581d65cf40d7360c237de7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c4f1d5ecea0bf4c23b948cc6300c1e0c79be38edd2c6f3ef9e4816b3785402dd25ef8503396ed958761914c6d02b2cca1e707c287b38069e96ecf9ebae7684c7ba800a1c8066c9a4737fa891e1fb106f3fd2abcde3876d21d61d0a783a9a86c6f40f2f8c3734b2b986a8ad827a50f8
+	C = 141e12b00102b614a00781cffd2094ea2fbc82cc2d797d2727fd2731eac953319119d6c1b00d7f243fab2c2494595c051904dee45a716bfc30476de380015ed255b29e7dcdca216966b3f6a6c65a1160b96664d54b1e180dbba8b85fe92beb011c734a06581d65cf40d7360c237de7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ec0f89e6c74b7549ef7f0b5e1b956f6ab7121c228cd2634a66fc7330f490a89f489bf39c94397e3e7938537a28afe9bcd73a668116ad5bec4d98098a124393218bc9ccb8ebae80beedf5a782bbf4f543ca41c8ecdebe9f7ac3c0afe04542c29ffddd77137c161dee1ca3428894027ec19f448d7014089594b2a01febd1592bf88dfad8e7ee13c93b18e8e88c778054ebbb4ea88079dd6e7c423b7e316adbb52350540c9beb2d34d59d577a4bb2220086ab0e86762366382033a1d91e723da366
+** GENERATE (SECOND CALL):
+	V = d90fe89ceb0eaad6db9c0e962d2cb2f6a97abbba00407116c6453de5631d560eb7095bc4e97c587cb5c440eb648488cf37755b0cd5a9729ac73467cf2e77e434d7be5d982f288b40cfb78fa3a819b252fc50dc415e2357f0870f8d0fa3e0d75b6c8450f13d71ec987f48eebc6ac22d
+	C = 141e12b00102b614a00781cffd2094ea2fbc82cc2d797d2727fd2731eac953319119d6c1b00d7f243fab2c2494595c051904dee45a716bfc30476de380015ed255b29e7dcdca216966b3f6a6c65a1160b96664d54b1e180dbba8b85fe92beb011c734a06581d65cf40d7360c237de7
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 023e1d9257936c2fc80373fd82bc33eeb408849a378e1eedd449bd1cd32aed20
+Nonce = 81e78ad590da034952300c2e9ce5c37d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5b1767fcf8dfd2d678c1f9f3500d513872596191d6d0b1b6bfffcbfbe2e51ebe7b571e1c58a445e6c784e6a8ba659b93b28e564bbb6d6545af8b44f00e8db54971554f723cdbbeb1c0add7d7502ffaacabebdd734ea36b3dfdde4e7c563f993a92878d770f03e21d73782775fa988b
+	C = 71be9205f646bee7297d3d38c6097ae020bb4a3c230bb638bd76cda9e542692e9a1f5c565f90d32ebc079e4e7d4717b3f1f59ba3ca3e304fddee67eb745d8dcaa4e7bfdc38e155bc07ae792ec0a34309c50b0f6fa4496fd9232c5cd1393c67ffc60a6061e1a5acfab2ab084ce49fe8
+	reseed counter = 1
+EntropyInputReseed = 093282fc682a27217b31778f98fca1fef77c0b76e4c0abed2f8d42df820108af
+AdditionalInputReseed = 
+** RESEED:
+	V = 0bac594fd276f3d123411fb0fc80c1b6d2c8be3ad3cd56c2bd9910056f744c8d71d66630ac8c22e42572ed8c32d38f74343d8ade74ff0ff511cdcb10fa8069ef43aece265b0460c8cd8ce9de4c141f87749346daf0a3a39e68a337889f6ac85b6eb53a82597d58808c6f30fa605c4b
+	C = f78ba51e3d6ee3529557a24b88144c8ae9294a2a5be1545f434252d7ca6b3aa6f4f15fd8668d726c0cc6f5743ca5ee0101407a185d109d68ae3f5ba9f13c7c56f14677fb333478df2897bcec229a1af73734fe6698a52e279e5c818db629ae225bdc7b13fa88cbbddfec4df0e79b35
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0337fe6e0fe5d723b898c1fc84950e41bbf208652faeab2200db62dd39df873466c7c609131995503239e3006f797d75357e04f6d20fad5dc00d26baebbce70688e74e237b625c5f09e0214916aa51dc7faaeaa65e35cf1d24d6198659080c3c37b7a813575702e510e7d2648e9509
+	C = f78ba51e3d6ee3529557a24b88144c8ae9294a2a5be1545f434252d7ca6b3aa6f4f15fd8668d726c0cc6f5743ca5ee0101407a185d109d68ae3f5ba9f13c7c56f14677fb333478df2897bcec229a1af73734fe6698a52e279e5c818db629ae225bdc7b13fa88cbbddfec4df0e79b35
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 836af114c70123861314bf008ac7b8ec8e11e0eecd7b0dbebd6ba39916b6e0de266ad5503cc048b29f00e94a0e13cc56dea1119ef70eefef794b5568cfab500873c1e4f6f3e920433412b68a22603fdfdd3c8bc5afa88ec5344de7ac8635030e376b5559b4fb5bdf9b593b465336fe1ad5ec8021174e16d702a9abe3b01a64e4fab18abcd4d2b1e3c688b475a3b864d66f95245da0fd3ff7ec0c0c0efd90809accde09abe48e2b951b3581cab60a095ff1e5488759e1cd18e84af8406e0dde13
+** GENERATE (SECOND CALL):
+	V = fac3a38c4d54ba764df064480ca95acca51b528f8b8fff81441db5b5044ac1db5bb925e179a707bc3f00d874ac1f6b7636be7f0f2f204ac66e4c8264dcf9644b4749e1ba1dbc1d5fb49ef046917cb282680612cf064c77f8500e66a2ceebcb12ae3c239d570b8a5e4ae7ee01352b3f
+	C = f78ba51e3d6ee3529557a24b88144c8ae9294a2a5be1545f434252d7ca6b3aa6f4f15fd8668d726c0cc6f5743ca5ee0101407a185d109d68ae3f5ba9f13c7c56f14677fb333478df2897bcec229a1af73734fe6698a52e279e5c818db629ae225bdc7b13fa88cbbddfec4df0e79b35
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 90ca30f4485ee87fba5967b8568582a284ac90dbf1ba2e837de2f71db4911230
+Nonce = 60ce5afab61dd35cf593652ab5161550
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2792b291e3a286055ce26d0c42107cf2af34a84daaf11f29831417be47a71b28cdfb15d66e4979a915258d8052b62ec94d7eb382e12877a014b7f359193cb44e5bc0f378f6d9c7bc9fc3dc21894d68e840f71dbdd3fc7249abb35100fb5a884994575852423c88a194be37b4cb8647
+	C = 980333a40e43338941b3810bbfdf942a49db9d16915320e6677ff8eadb29c97971e8840bc6baa0aaf128efb3c9ce170296c3135b926814e95d425671b5bcea2e80d1ac61dc9875866044468cd5be0d6f8d98015316491d450b5f59b7d619e0e555fb19450e86fb34f9a52ddec1dee2
+	reseed counter = 1
+EntropyInputReseed = 7fae2c8789c61e9485fe7dc49330222ed0d5726a3438bb1b136ccc1ffe30d919
+AdditionalInputReseed = 
+** RESEED:
+	V = e4890e00f53c796734eb2c30627c9ba783ca3778024ccc85742e5e1b86dc1c705e62677162a3647643b3a9736c369acf43235535492f6b93ce20924c6179d74500d88a767f19a4b7ebe8b79bbe902daddb77fe2515fbb88337a734fb69c0d6947c852fa71ea84de56610d8ea08f5e6
+	C = b08bfa5aca572d22a0b3f9678ca96fa8a646a38a7994646e0c7a48188c6c076d4293ecc9186b1ef23bbb151ff5cec893bfccd9e917bb5b4999b29312b070ea67ce5fa658387fa65657b71ec4ca8655f8ae29c537c2e2c3f4823857611f39c96479875d1434b078cb4e1b48455648ab
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9515085bbf93a689d59f2597ef260b502a10db027be130f380a8a634134823dda0f6543a7b0e83687f6ebe936205636302f02f1e60eac6dd67d3255f11eac24a6a02f8cf09c1465893ae85422cd487a2f743872724c33dfc62dcd45b8a87e1e2e546be9d210ca72d60a9172315a3e6
+	C = b08bfa5aca572d22a0b3f9678ca96fa8a646a38a7994646e0c7a48188c6c076d4293ecc9186b1ef23bbb151ff5cec893bfccd9e917bb5b4999b29312b070ea67ce5fa658387fa65657b71ec4ca8655f8ae29c537c2e2c3f4823857611f39c96479875d1434b078cb4e1b48455648ab
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 15af248ec1330b05aedb9db4f6e8074a88348d3e1e330398202f5a87c7f609116a1f1df74e09d571bb4d6c41f3e4e62a418e275f5facf361ba6098b0cb5ea51d89be389dcbde3b64a9a4ab2c8322e3ed8172611dbce1b0256910bdcec7f50b4310a6716385426b65159bf0fd8f7d18463ac0f86ebf976859070eebd4f4274789b7ba89b87d9cadea0b91c75b3531d5887467ea200cda30d31596ca8d3703ab89dd111f3ae6e52e46ca7714d7f024ba847e709adea87799e0f0df5f852dc4978a
+** GENERATE (SECOND CALL):
+	V = 45a102b689ead3ac76531eff7bcf7af8d0577e8cf57595618d22ee4c9fb42b4ae38a41039379a25abb29d3b357d42bf6c2bd090778a622270185b871c25bacee3bf9a7e110beb1686222262f6227a44f7cf64521ed7790c60f5b34a89591e554ae882215a4669e9c6e837dfc7126b8
+	C = b08bfa5aca572d22a0b3f9678ca96fa8a646a38a7994646e0c7a48188c6c076d4293ecc9186b1ef23bbb151ff5cec893bfccd9e917bb5b4999b29312b070ea67ce5fa658387fa65657b71ec4ca8655f8ae29c537c2e2c3f4823857611f39c96479875d1434b078cb4e1b48455648ab
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 4eee234eb899eea7df25403a204996135f7474dd9a49e727ff29f0931796ddd7
+Nonce = d120d530b790187e08c6ca4a21e903e4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5215e1f2367d59bf2cf20c1deb66422475b206de44ddacca1c9143c41cf33f24f7e80161aba73951afffd0c02713ad4546b633ec36567e01c00c428c639396bc1d6efa8f8fa53192eaeb14bedd34eb7922829b64661c223612b318e777785d858243f2bbd5a062fd112d3f11c9868d
+	C = 8ea9d8cedf296119a8454401f6a0b4f6bd4abd229dfc103510f1c71e476d3ea2bfff8dd9962718a10a7080f611dfde71e154b824e4d2eb0ae4a99daa3a55bc6e772875e14e212df5befd7c913f83546cc0e5941630c78bd10cc59c3f4854442cb044e771f1e820f64690720eef2ed4
+	reseed counter = 1
+EntropyInputReseed = 944c512bfd4e70142a0121dbc350286f85c054939df01b1ca7fe6532f1f9752d
+AdditionalInputReseed = 
+** RESEED:
+	V = 81fc0bd886c25092fc1a1ecbba4cb2a5d101d175b06a0b924afe669ad63d05e5767cdcb41eaeb44c466c9cc0ade031e1de5275fdb35710127b59c37bbcc66e47fad4e8da4334ff53a575d85cabe20c8044de1dffb4a986b077b09b66093813eeec12343359b87c96788886fe241ad3
+	C = 5472ab0272b7c4986841ec22864edb80898255717142aeccf80967fa8a307b24a1ed6269d54ae34e12c3ebbb2cb31d5f047e84e4b632cd070ff17584a20fecf8379ebcab84c0ab651f85f07cefe631d0c343c4c3af6cb1cfd09b74505f8a77efb6c840deee6b9e31105d5b286bcaf4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d66eb6daf97a152b645c0aee409b8e265a8426e721acba5f4307ce95606d810a186a3f1df3f9979a5930887bda934f40e2d0fae26989dd198b4b39005ed65b98b7b611f90fb2d838af69f021ec890536a60f38caece1300823322f3624180c55210fbb22b9d3a34d84f9930f923ab9
+	C = 5472ab0272b7c4986841ec22864edb80898255717142aeccf80967fa8a307b24a1ed6269d54ae34e12c3ebbb2cb31d5f047e84e4b632cd070ff17584a20fecf8379ebcab84c0ab651f85f07cefe631d0c343c4c3af6cb1cfd09b74505f8a77efb6c840deee6b9e31105d5b286bcaf4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 034322d3686623e3d9132f07e4fdb666284ea571214a6ec22e6eb4dd37718f4e900036448a8e2202614796206759276891d0101b36ba9a865ef80bb6107738904128cd1d52e25202642d3d5c8a94997f5ce1a39d8fcfc8c882d329d17b02348010925ebc519b4f0346a8f8bac10516f9d5153d8c9e8f618e1ff03d7fb64dd99d8e1c6dcecf6f818fb898590a0360e209d3b3712a6e96217778b6c0dd99b896027df04e772dc9226ebb6cbe0aaab3ff3c74c6ff0ef74f6adb213d84c054ff41ea
+** GENERATE (SECOND CALL):
+	V = 2ae161dd6c31d9c3cc9df710c6ea69a6e4067c5892ef692c3b11368fea9dfc2eba57a187c9447ae86bf4743707466c9fe74f7fc71fbcaa209b3cae8500e648e0ff05c3740e955a61566e3d3af82e10067d5a1dff7b7b9512b3d737e21501e01a22de1113a543bafbc6e912fab2c460
+	C = 5472ab0272b7c4986841ec22864edb80898255717142aeccf80967fa8a307b24a1ed6269d54ae34e12c3ebbb2cb31d5f047e84e4b632cd070ff17584a20fecf8379ebcab84c0ab651f85f07cefe631d0c343c4c3af6cb1cfd09b74505f8a77efb6c840deee6b9e31105d5b286bcaf4
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = d46e1171a01593075d3b13f1428f21ce5d64eecc530f6d21da3a9a575ad230c6
+Nonce = 924b6d369df497e2ccbe09fe2e2e4362
+PersonalizationString = 
+** INSTANTIATE:
+	V = ecbc782505f5f6f30bd6a2c32ee0562c736493847dc4278d0cb81610b795b8455b95c6313b8621eb8985c198079b38337542228f66ae595d8f10d6a7373185d50a237cd15c1ce07a75ba6ccabafe6ac2f2a28b2af6a91de939964ceaea240b1661294aec5e116dd6aa6a0ce0e6c9aa
+	C = 86f4ea1914db17d5b385bb702c67ecf11556ddc86438f1a214f75bf22e11591721cacc52c401d43b4d04e339f6d4ca0fdf1afbf8daf654f0fb9fc1fc4139e580b7f5b9d9d3ee4257482deb104cff3223a974f803cb67799e660d523ede2b48648cb8e16e55bd309b16c928eba6cc90
+	reseed counter = 1
+EntropyInputReseed = 9d59ea5540d2436cdbeec2338dc24819fb0d5892b25806f4bc28c056219b346a
+AdditionalInputReseed = e7ae80f150516a861603d890257b50ef8adedd985fd12d00eed389de57d37166
+** RESEED:
+	V = 889c227626f0d068d9d2574aa5473e6e0ae9adeb3bf6b54bfb19db318668241fdeb7ab4686664b76b8d6f985e413ef42b3000fd7e63ee0bf3319a55f510bf6927edb04c72f5bb12a60d55e4870dce3f3e8dd9fa81a9e4eb110d74de6cf084abe852335f8ed4d5a79899bc303c6c826
+	C = e7985abfe9b6ea914abcf119824e01c08591f91de0c04170c18311da36032d464f47bf3b925d4d8cdd2741ecaa520a4e86c00eb547b7d709c98c23660f2b7df77e718484ff58b93970db258c930c24c6f2ca0309207f744f9b74e12e8608f274ceeaf6394c30b752067a1fcd0c770f
+	reseed counter = 1
+AdditionalInput = 0b53875ef5da4b477fadaa34409c2a4ba5dc6cfbcd9ef0416b24b634b7f520f2
+** GENERATE (FIRST CALL):
+	V = 70347d3610a7bafa248f48642795402e907ba7091cb6f6bcbc9ced0bbc6b51662dff6a8218c3990395fe3b728e65f99139c01e8d2df6b7c8fca5c8c5603774bfd7a59ff9fc312b472fed5017736d0cb627702129bb576bc3fab33d399116e9cc47988cd5e3c078b4e74ef7c87e2e35
+	C = e7985abfe9b6ea914abcf119824e01c08591f91de0c04170c18311da36032d464f47bf3b925d4d8cdd2741ecaa520a4e86c00eb547b7d709c98c23660f2b7df77e718484ff58b93970db258c930c24c6f2ca0309207f744f9b74e12e8608f274ceeaf6394c30b752067a1fcd0c770f
+	reseed counter = 2
+AdditionalInput = 4ac192aea56f44343579fe2d4791ca2403af43022d5c6f8d5f3833adeb61dae6
+ReturnedBits = 1fad71a8584099a41f0c78a19b7c42e3fe8317d7db0edb6eefc80a1c8b6de7ef85c411a413a62f4bead905e8c7e3b8857f7230dd78f1b5b20679807f5c94de6630996069fc3488fb22ac462b010942d5b3c79ba8a69e318ea9c6b3564bd92dfa5387cea8a17cc8a802471cd385a73dbf49a5e2e7dc930c0b1ca4b246a25f1f1ffcc252c631fd856f8a76df5664a47e7f767302af90385c9ea28b395f6736f0c9e0342add5a92e4b970ecc63b4206bbffd281b9039fefc0c041eff9a7fc229dc8
+** GENERATE (SECOND CALL):
+	V = 57ccd7f5fa5ea58b6f4c397da9e341ef160da026fd77382d7e1ffee5f26e7eac7d4729bdab20e69073257d5f38b803dfc0802d4275ae8ed2c631ec2b6f62f2e3537b58b5e2004bfffc307bce9aea7f5698e1caccfb11932c6b68ca7c4ae32902e4e86f8d98d02041bf0186377e2d8c
+	C = e7985abfe9b6ea914abcf119824e01c08591f91de0c04170c18311da36032d464f47bf3b925d4d8cdd2741ecaa520a4e86c00eb547b7d709c98c23660f2b7df77e718484ff58b93970db258c930c24c6f2ca0309207f744f9b74e12e8608f274ceeaf6394c30b752067a1fcd0c770f
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = b10b3e8fc0dee3361d14ede5e745d04f8430abe7403e50149e05384e57c11afc
+Nonce = a0d524195d9d71d2a9daa50ce225cfce
+PersonalizationString = 
+** INSTANTIATE:
+	V = 53c37c0ae08394a873b2aea2380598c951004e6354b2de537e2dba895a051dceee185621824ba9e3d3548e6d5aeaae980db6f0f380c510bfd6192785052ab51faf1b1eb98de1add9f4ced859b246caf7e63111c3c19ef419d50f5fb03c4b820fc9e337cf2ac0f6acecb81aa7c5ea83
+	C = 9b601a04de9cfd04d41c08f0108196aeb1c52f3c75c081f2e3b0023e8394911360d6db75f1b97303ec19dadbbd12a77bfb08b5864e09c22719f4c8b91b214955d6e66c3a4a17035d2a3d053c391b33ef1e4833278a7660f21a72d09b93ed80689c093d14c70cd01510cc114408ad42
+	reseed counter = 1
+EntropyInputReseed = 9dcc34854fd85a158d4316be97497993d622d6b83746f2a9b1764cfff85be3d4
+AdditionalInputReseed = 2bbd20152d2b28982315715a30cd8fc575b8f74784cf3d943313eac7a553f545
+** RESEED:
+	V = a8eae1a2f1186e097378e710b2aa0f72e723c181c8e233ec2c4bd1d84cc74c53061284fb553ac5c6df0d5848797a1082eb8f6a7cc60f3d1847137884677b5485b7cde34d75115f7b615be29a7931015ac1865c0896761275ed1ddee7c01d30dc5e9cf5c5bee841b8df3bc99107d764
+	C = d534f43f01c7c013d7cfb7063caf88f6ee278daed48c93decb72152d4a336b9c4413e3f98e83c8f037f3a38b83fc9368d57bd14cee5ccf83a2c122e5735cb6d8256bf4eab94c281ef0eb54fcf62ff1ed56ace313dfcaf9b80bb303afc9ee218ea5e150ee4d9790ff7d74cc27b3c819
+	reseed counter = 1
+AdditionalInput = d8071917930ec1b9247dbe5783228b0c4c9694b1be3745011760ba2a934cdbbc
+** GENERATE (FIRST CALL):
+	V = 7e1fd5e1f2e02e1d4b489e16ef599869d54b4f309d6ec7caf7bde70596fab7ef4a2668f4e3be8eb71700fbd3fd76a3ebc10b3bc9b46c0c9be9d49b69dad80c1fc85f92ea7f1d61026318d90461e4634013f311febda88bebbd86a104882c728510f7643dde3935cf787a6186604888
+	C = d534f43f01c7c013d7cfb7063caf88f6ee278daed48c93decb72152d4a336b9c4413e3f98e83c8f037f3a38b83fc9368d57bd14cee5ccf83a2c122e5735cb6d8256bf4eab94c281ef0eb54fcf62ff1ed56ace313dfcaf9b80bb303afc9ee218ea5e150ee4d9790ff7d74cc27b3c819
+	reseed counter = 2
+AdditionalInput = 3a9fc5323f24fe28172afed4402576d47d10aa748a630ce0933ce5501a133737
+ReturnedBits = c252b5f699aa578299b1f967c9edcb1e7dd21915b8119236229c7cc72bc2ca5c5c4de123c3110d11d6afa0c65bc425bfb584a6e3ee63b6b1e16fc3c84d96cff51c15e097360a10817144924fa0af094696d7934e6f31fe5c699841c803216e020bb41430abe045d6225c16eee5a4dbb50da8f609329f19fba2d65afd7a68d7f7a51aa2c12c8a11d652f929affabfafa7c14f55b5d4856de4adeb885e9a59068db9ccb441d5b1d4415f649be15e736f76eaf6bf7854675eb7f5e09539c1644429
+** GENERATE (SECOND CALL):
+	V = 5354ca20f4a7ee312318551d2c092160c372dcdf71fb5ba9c32ffc32e12e238b8e3a4cee724257a74ef49f5f8173375496870d16a2c8dc1f8c95be4f4e34c38408beb87c59f09a963b205d390eca41143ebfdca901e1ad178976b0554e6fecfb51d1563902f4ed89f2e4bf9333f35d
+	C = d534f43f01c7c013d7cfb7063caf88f6ee278daed48c93decb72152d4a336b9c4413e3f98e83c8f037f3a38b83fc9368d57bd14cee5ccf83a2c122e5735cb6d8256bf4eab94c281ef0eb54fcf62ff1ed56ace313dfcaf9b80bb303afc9ee218ea5e150ee4d9790ff7d74cc27b3c819
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 4852a7715a4a97f7afa91a683a127caf2cab4c450572316ea7a809daae403415
+Nonce = a0c9565d12d2bd6628f1d1b92670ffe8
+PersonalizationString = 
+** INSTANTIATE:
+	V = b6d515d5ccd003d3c70b0115672a5aed9ef088e3bfad41e6c31bea5e92d56d557c2cc8aa098b4e8b4ce187066000e15ad30ce0c506c817f909f387a03fe1f961fbfa0526fa8e914846e67bdc61e3cbf578d8a652d3952c76354ee6bc95c88a7f4554903182aa1b8373b0152bcfdd6f
+	C = efc15d314086afa2acee85c14584c278e215bafa7e2668fb6cf659df2392679f0ebd336e02462177faaa8c798dd28be35e2df08e946cba87e0af1e5dde102a847af2f3023a91456101af6b47d20972af1a2922a796e45482332021e3386bb0f620274441bc376d0c43a16e63a0d449
+	reseed counter = 1
+EntropyInputReseed = 891ad9c623c3bcf7db3ff006bd466a8fb68d2e560c2ffca41f9b5ca4a94d860b
+AdditionalInputReseed = 60435c5259ca985e02a9370e67c5c9f951b70255db9f53987c181d39b6df0e33
+** RESEED:
+	V = 8e67109d56d112142582ae0915046dd0ef04aa866b535b3144686b13f9d2c27d2d346aec74411da4468189e38dbfa4d546cf56f82507a2b67b82e1c0daf1bdea9ac3f38efa272d4ebff61771ddce5841024d779627f8717f17a1dae5b8f5dec7b9bba1b353d8f6edbadd315fccd5b6
+	C = 2ef1e94ccba4ad4df4adf312a2203faa65215ac96093bfb96180f7a2bbfc2725db391fe9d73bcf8899381c40dd7202036044622bf4974bddecf83e52d14f08279f484871afcf0f42aa0075b1a42c5d877e450afa2f337cf7829ac972825732bc3cf534e1c487fd5e97188b3a44fa27
+	reseed counter = 1
+AdditionalInput = d0965ce9c6c98d877068e8e962818f303787a3be192781f54060fb419b7cbe9d
+** GENERATE (FIRST CALL):
+	V = bd58f9ea2275bf621a30a11bb724ad7b5426054fcbe71aeaa5e962b6b5cee9a3086d8ad64b7ced2cdfb9a6246b31a6d8a713b924199eee94687b2013ac40c7675dff14a25f63627f9665a2d35ba25a0ba1d5fee1e4ee84dc6d6104ad3bdd4af583cf64e16d6a2399ad069b2910ca4b
+	C = 2ef1e94ccba4ad4df4adf312a2203faa65215ac96093bfb96180f7a2bbfc2725db391fe9d73bcf8899381c40dd7202036044622bf4974bddecf83e52d14f08279f484871afcf0f42aa0075b1a42c5d877e450afa2f337cf7829ac972825732bc3cf534e1c487fd5e97188b3a44fa27
+	reseed counter = 2
+AdditionalInput = 20ebd9491fce77dd4002bb0cf3ca065e36297bbc47d7be29b4ba83d635e91a39
+ReturnedBits = 598d4feeddbafd462913e7ab458a0ffa9690fcf1d76a87490f6262e9919cadbfed332f23765028648a73e448f7d7e8ae8604def08db628e0379e09ae121768ebbc0f8818af5906e41f37391c4f542a5079a3673c7c3f7c961f04ab07e0c4bdf6577b36a55e169511fc89e9c3aff4d1a8d2de4e8956d8cb13e458802683f75f8320ca0131659b8bc2cafbaaae496c3946c2c494e56dcb9ee0efbc9c0d84c8d06c09768dc40b8c4f33dcf7b87c8d12ffc8b22ae99bba342db51d7210eeba459ae1
+** GENERATE (SECOND CALL):
+	V = ec4ae336ee1a6cb00ede942e5944ed25b94760192c7adaa4076a5a5971cb10c8e3a6aac022b8bcb578f1c26548a3a8dc07581b500e363a7255735e667d8fd08602717fa91e3b026fa15af7b23e12c54e34ccb4a6f334bf2e62d3f36763022aa2b471a8bbef0e3e866259274250bd96
+	C = 2ef1e94ccba4ad4df4adf312a2203faa65215ac96093bfb96180f7a2bbfc2725db391fe9d73bcf8899381c40dd7202036044622bf4974bddecf83e52d14f08279f484871afcf0f42aa0075b1a42c5d877e450afa2f337cf7829ac972825732bc3cf534e1c487fd5e97188b3a44fa27
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 3d54f286282a5474c36d8e8e2535183040c569e49245b5da22f7f7f2e2c7f337
+Nonce = 3f42b3b80886707684a0304ecfab593b
+PersonalizationString = 
+** INSTANTIATE:
+	V = a2ab1c4bafc65c4a645ce690fcf5b0a8270437d1db093c804fae883aca5979a51f3f1c4bb0e0e46e85f0c45fd1334508f5c7637c28f6be5cc7220f114eb1a409ad361f9999e6936548b51e3685784f00a804f87324f5f01551fa0787cdf7f751b7b57b823e73dcb419d64887e7ba3f
+	C = 5a437d8931f94ace340b31e33aa4b0f01e0431c4ec5d5f911b0f2a439314ca28d58616c8f2caeb0c35081a671e1cc8c03491dae7034816d042a412e8df1d9900cc66ea4f6187e4cc66e3fe6938e89e1a0f9d433636fb23bb591b581f70737f571b4b831c47d2f7056e49df547d9237
+	reseed counter = 1
+EntropyInputReseed = 2e2031bf6e85e4a8f48c3608400f0e830e9333db4fdff063270d4fc858f22378
+AdditionalInputReseed = f882d2a77e20ea79f7aba773f7c86d5fcefffe1208d18eb64668386ecbbfc80c
+** RESEED:
+	V = 16e46fd3bd54fab918f19b9efb504c4a210f2746a41b3cb2cbaa0a852c12b22d1894e259eaa02b74cca629f50da27e01c8553d301e6bba80c9eba01a501b3d2f279e755a7eee8cbed2c9a2231c150c1ed093710a27efbf4c85632250a37e8263ec32d6ed100fd56c2a823051a07219
+	C = 40d59780a474e080d8e6219fb8dac18f1e16a5228bcb7740f945f113b8ce84f91571f8d5e322b7f9566008fcb8907ba3bf5378f20a3d8d31bdbfeaff394cea42303056727d9599957ee4274ab7feede923839560092e47f0458167cb044544c2f287dc70f9c9c85b2f8a3dc5f9b795
+	reseed counter = 1
+AdditionalInput = 332d2975fdefc31e4e7b381242819129624e7b270e84450b6d6633b7a64fa9ba
+** GENERATE (FIRST CALL):
+	V = 57ba075461c9db39f1d7bd3eb42b0dd93f25cc692fe6b3f3c4effb98e4e137262e06db2fcdc2e36e230632f1c632f9a587a8b62228a947b287ab8b19896828a137a25d272f8fbc7c8f5ff52fb6da10edc8c597c6a55c565cc936bc840063fb5c21ca2e8501b8ce15fc611c4f70e09a
+	C = 40d59780a474e080d8e6219fb8dac18f1e16a5228bcb7740f945f113b8ce84f91571f8d5e322b7f9566008fcb8907ba3bf5378f20a3d8d31bdbfeaff394cea42303056727d9599957ee4274ab7feede923839560092e47f0458167cb044544c2f287dc70f9c9c85b2f8a3dc5f9b795
+	reseed counter = 2
+AdditionalInput = 952aabc00ded6dcb92c4175842f3259fb17301cdc9bbd85d8b033dc84276056e
+ReturnedBits = 361e82acb072a0e25eff093a37be474194e5c0846a1c3983bd7dfef247c372a3bde3fede4a9736116ec61069462f41640bcd706d6c556779f4dcca9730f46a9fc79321e242f40f8aa8cc4ed9d318ffc761602ff6a7be6cb120682b594c224dc675451c4546c5c748558ee1791e3db49f4da0a374ba8b926bc08ee906fe42d3f62c2956729a6d4a214568be5c68d148179401d490a6dd07cb7f514c12a311e6690b6e8b5e5bd3613791495d24f248f7641c4d9a79b7d411de4c2287473ef0d375
+** GENERATE (SECOND CALL):
+	V = 988f9ed5063ebbbacabddede6d05cf685d3c718bbbb22b34be35ecac9dafbc1f4378d405b0e59b6779663bee7ec3754946fc2f1432e6d4e4456b7618c2b5140519cfab41308262cc0426f9d11c00b0981ae10d1bc08d0611c98d213d4781c8c72d9ee3a3e4501f6596c1c50c4b69c9
+	C = 40d59780a474e080d8e6219fb8dac18f1e16a5228bcb7740f945f113b8ce84f91571f8d5e322b7f9566008fcb8907ba3bf5378f20a3d8d31bdbfeaff394cea42303056727d9599957ee4274ab7feede923839560092e47f0458167cb044544c2f287dc70f9c9c85b2f8a3dc5f9b795
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 6ac3771326903d8fe7732d1c59b5a6bd73246e359aa49bd5b00e820c283afcde
+Nonce = a64549cd40b57fc84af61e09897b7b0c
+PersonalizationString = 
+** INSTANTIATE:
+	V = ca79a8775b48464f8964eec711958d91177b120dd5ce8a753c2ff05756d46f8b2dc0dac738875ad890436a77f8e968e911ec8ec0ce03e014b99070271b4030c0b31700d753612c6af66003b644b0d8cacd92c24e3ec5b574ab02b925cbcd273de3ca2c8e506f12b342decc7da9b6ea
+	C = 28be9684313b5cad38329edc8828df4afade45fa6d479f40778e5cf33e32fb7b515d0c52a50cecfd0b314409a04a649dfbf28e5d046566fd54b0cf4ebfc00348ce763e721b32740e905b3b1e57b469d628da92b63f949f4e567eac5043849f776dfaa3e3fbfb51e83b9bba439b1635
+	reseed counter = 1
+EntropyInputReseed = 22a2f332f18d587575fbff14a26ca8ab945fef3f763c79edce33019a1e53275d
+AdditionalInputReseed = 2d3fff5e1e2f582f40e0906200445c8d6ccb268aa770d5a2fac7541f76947ce3
+** RESEED:
+	V = d59a056a111a5c941d708bbd1dca74fe53ab9ee3176844bce93e66eb5d0de8dad1a859e3bf112c9d594bdd0fdbb45e64d4c2999beb812f7930e3a2644243a8e20a78357cb9700492305a506a3e4c8c8e808ad3977f23c2b14c5dc0556b6f3740076f3ad6f21d32255c37a2ebb0ccd9
+	C = 161fba2850d83c59048740f21dd50b0b5b3918ea193bafc5ab1dfee4d960cb0b61fce4ec672668c00bc8723403186e4a219a7f2d0b8b060aa4cb6f18faece784b0669c7e303c44508a09dba43b58c778151fc0f89636a554e1c2fd258de50efa10de86442b7ba9f143bc5acf149fd6
+	reseed counter = 1
+AdditionalInput = 8b001e27a0d6c2acedb8bf32af60d7a682db1b52139df9c3f229e4a07f30fe33
+** GENERATE (FIRST CALL):
+	V = ebb9bf9261f298ed21f7ccaf3b9f8009aee4b7cd30a3f482945c65d0366eb3e633a53ed02637955d65144f43deccccaef65d18c8f70c3583d5af117d3d30910b8cc2193873eb3dbccddcc7ec1ea4e3c764e51541fe7898e84320cb344af85ba6d08480a0ef8e9729f3d66c74f58ed6
+	C = 161fba2850d83c59048740f21dd50b0b5b3918ea193bafc5ab1dfee4d960cb0b61fce4ec672668c00bc8723403186e4a219a7f2d0b8b060aa4cb6f18faece784b0669c7e303c44508a09dba43b58c778151fc0f89636a554e1c2fd258de50efa10de86442b7ba9f143bc5acf149fd6
+	reseed counter = 2
+AdditionalInput = ce15f804329c1f41b090707c24731c33609b7d98af1ef54d0abebc86f58e6438
+ReturnedBits = bb347b7558f92b7fdfafcc984b054e8f3974e6194135574944054b2bb26122e73e992a2467f816a3afa40f78796c47151f027958918b339c275c39478f30b7ad3273ce6783d47900d18423b798b132fc55fd2cc104cf21a3853fa6d324e41125649b5f77f62f7b52ef02bffe9d868f2885e2190e050a2799493f30ebdb517ca02bc62723efd15b4e8ca78ffd2465e132f15206dc11cb787fba9ff6c425c3787a46cfedd4a3a31448e3d5f85f8b7e1b89f1fc881c00f3c29e90361745f993932b
+** GENERATE (SECOND CALL):
+	V = 01d979bab2cad546267f0da159748b150a1dd0b749dfa4483f7a64b50fcf7ef195a223bc8d5dfe1d70dcc177e1e53af917f797f602973b8e7a7a8096381d7a4c6cebb1fe7901d9a500fd029a96593bb1a86ed18c0736aa71960a1fe9148995bd2fceb8a38ac246a8ac2733186030e4
+	C = 161fba2850d83c59048740f21dd50b0b5b3918ea193bafc5ab1dfee4d960cb0b61fce4ec672668c00bc8723403186e4a219a7f2d0b8b060aa4cb6f18faece784b0669c7e303c44508a09dba43b58c778151fc0f89636a554e1c2fd258de50efa10de86442b7ba9f143bc5acf149fd6
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 60873ccd3395fb795a721d7a958e7cff104b955c43d5485cba92d1021cf8ed7e
+Nonce = 5d93345c2170fc5d2b118e7bae202f8a
+PersonalizationString = 
+** INSTANTIATE:
+	V = d90136062a0609ed306220a0d4e6c22bf86615d86b2e2512295a5ae78444654bd0672e47f80fb85282bad9ede5c1f752c6fb43c5363361b0aff2e4e66208c3cf3bf92225636fa7516a2b9f3cd21f1aca87c51bafb405dc95f5a39bea14bb24a5e404c71b64b43f649320247a691ef9
+	C = 9d2d0758f5afb3ab72a2019a11ccf20dfe104e03239e61b7f03fb3931d3adf66c98e1e9b4ace28fbb98421d407dbedf80102bc33c493444b4d7b55bc766c9365845e796e023e60383ca94241b9aa0671ddb4a7e08e39a8397b1400883e6a8a4ce0e725d76ded184bfb2b73f0d1cc09
+	reseed counter = 1
+EntropyInputReseed = 115c106ce887de783927f50a5df78da17f21dcfee95730326bbc1694ef4320aa
+AdditionalInputReseed = c0401764b29e72461ac86a2534d6d7c542d0e47e88216cb784612742da53d427
+** RESEED:
+	V = c66744dd98fffbfbb93539b3155b93c3bfaf0f22a9bc84e8f9d45f82ffe10ecbdb05466d8b3be975ec4bbb6bc453a4f35d39bee9ca3cc17cc9ef6dc2751771d3f370af2ff1a974faedfe9bc41af930d9da6913702f272411b094b228e17bd25138a5ce0e021d5183ed51d8814d35bd
+	C = 33d993e912d4f41bf68918075331daafd93225d87843547fdd3184f5fba8604f87a70023287c16666e63b8117f3f1d40f2f87d5821deb6850475996581518192526199588e4f60f9a3f255ed830f9ff4c8c7d542f04a5d6de84c7286714242b5141d2fc60062cefb9bb7395a9a422c
+	reseed counter = 1
+AdditionalInput = 6f022e177f8b5e03c119ed58aa8dd0cab6cbe1385fb7acbf9b87ce2a185e7b0b
+** GENERATE (FIRST CALL):
+	V = fa40d8c6abd4f017afbe51ba688d6e7398e134fb21ffd968d705e478fb896f1b62ac4690b3b7ffdc5aaf737d4392c23450323c41ec1b7801ce650727f668f4bbbb3377f1ad6a9fed0af5d6da881bc5f079cc741131ff5f39aca72504d8cc22ba4a5d7b26ec85589c1b9a5924a7c16d
+	C = 33d993e912d4f41bf68918075331daafd93225d87843547fdd3184f5fba8604f87a70023287c16666e63b8117f3f1d40f2f87d5821deb6850475996581518192526199588e4f60f9a3f255ed830f9ff4c8c7d542f04a5d6de84c7286714242b5141d2fc60062cefb9bb7395a9a422c
+	reseed counter = 2
+AdditionalInput = 8c48813fe34cd6b6311c0601a979215dcdf29dfdfdd10473edde2efbbf9f49b9
+ReturnedBits = 00c5549966a84eb083b5e2c4d3399b7a739c9a7b088a0efda777021f49524102ac1eb47d614449a183165ccf839835ffc73bc4cf5720ed1cd81b84fed33af8cdf564a600c6cd3ee06a58f7718b97f463ab3c9dd295f500b6d80e5b6a1b39f11d7430e7c18f1bfcb62f6ef19b39c655bdb737919b96cdcfae71d113719cacc13941cc9823237aef323d77035a6fb3382f1de0b2d131e61431ec637d0e9b80cd0bcc3927bdc5f477788535063ee8bb000623a8faedd2bcffa57c73b04924dd3bcc
+** GENERATE (SECOND CALL):
+	V = 2e1a6cafbea9e433a64769c1bbbf492372135ad39a432de8b437696ef731cf6aea5346b3dc341642c9132b8ec2d1df75432ab99a0dfa2e86d2daa08d77ba77755315e538f6a007d29b8fa2802dd00f79c23ad319db3be890650510ad8c80182a1484e3a47df572c52f27199aac5e83
+	C = 33d993e912d4f41bf68918075331daafd93225d87843547fdd3184f5fba8604f87a70023287c16666e63b8117f3f1d40f2f87d5821deb6850475996581518192526199588e4f60f9a3f255ed830f9ff4c8c7d542f04a5d6de84c7286714242b5141d2fc60062cefb9bb7395a9a422c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 3fdc4aaa9fe0371df0ac1e8241d3f058cd4370f167cc1f7c83fcc3d6806f46f9
+Nonce = fecea93ab58a60dbde0ddcb95ec4fec1
+PersonalizationString = 
+** INSTANTIATE:
+	V = b8965c8c7060d958a5b564204cdcdcc990af1d85cbf042e0e1e55f821e9a8fa84c5b53772b823359ac6fcf429f26b9cac01876f5e85e81156ceddb37334c7c217035bd59f07126026b84d161f3d030a796245c544e48e9321339699051f613f61b8a4fc872b199131c5542710ce2ba
+	C = 6003739569d05e0bd135f858f9ed5290c564c8532ee968f6bb424cf06c3cbdd3c6ebb0bf91d0a8f2b18d9086cf523f0a435e2de854df323dcc7857eb84e29c508dc77cd251f9a521971581a59c486c015a436173bcb5f1fd79543019a8d5f2acbcfc28877aaebb5b0f1c3de9b78df5
+	reseed counter = 1
+EntropyInputReseed = e7ee3fb9df215e576df97f1adbd08c1e671ff77a48d83cb3eaed127753b04282
+AdditionalInputReseed = 7766768cdbb60aa386809272703e312a5b0bcd455a4b8bc4a8286b5c5116e3c9
+** RESEED:
+	V = 1464f3970bf76146d3eae0ec40a96797866e6c05ef90f2d551cb9f7ee2d0115bbdcc701bd906b42b426190212a1fccc61662c81a991b44b03eaf9c7a12984ae93cfbff3d3910a7991a3637928f22abb733b182de25c3a695e8e76db9ee258767ae2c7aa7fa32fcd42c906e4b00f51c
+	C = 5c0c730c6c4baf39e25964784d5d2a674ba332ebddc42cb40cd9720f8f13ea2ca3d693c3bb6d213e483393e57901c43d3187e915699a2b8c35c6527d14518222d8e4eb2e85d127c712a8d4f0eccb4fb3c7b8b906cd3712eff23d53d692179895dd31bdb7725d3d89359f1ddadfb52c
+	reseed counter = 1
+AdditionalInput = a3948972e8eb2ddc433be774f2b70b508a582563054dada9c4160082cdc6b855
+** GENERATE (FIRST CALL):
+	V = 707166a378431080b64445648e0691fed2119ef1cd551f895ea5118e71e3fb8861a303df9473d5698a952406a321910347eab13002b5703c7475eef726e9cdd30bde314d150664dcc15b018b8a2dd29f52623c9862109d4b8f082bbf2038bcb6116b2c6726979a2b492104623a20c8
+	C = 5c0c730c6c4baf39e25964784d5d2a674ba332ebddc42cb40cd9720f8f13ea2ca3d693c3bb6d213e483393e57901c43d3187e915699a2b8c35c6527d14518222d8e4eb2e85d127c712a8d4f0eccb4fb3c7b8b906cd3712eff23d53d692179895dd31bdb7725d3d89359f1ddadfb52c
+	reseed counter = 2
+AdditionalInput = d29b80b66edb9faeed77631fe33b719be1b2fe0c657f7c9303d416d6db098539
+ReturnedBits = 7713ba9b4430ecfde6f3797e963b504c448c0bf65faeace69096fd39f2ce8ae5bb8cdc911b5b30af02eea7600f4fd4f7f8cbda952b30f943d382bcd0f5adbddb31fc3d2e97b1719a63195ade72733b889115a996eb4582a71815f9d7204566dad0aed6a1673dd81bd5cee842e6552f17b6ab9556c7a494744d55cd7e97904a7c7fd4bea6d267233837360f926468105615a7890c53611e051f78d721a1c4a59f784e2c6027d2dd9b8c338c08cf0b3aa69823456b7b357d4f3817d7b93f1d9102
+** GENERATE (SECOND CALL):
+	V = cc7dd9afe48ebfba989da9dcdb63bc661db4d1ddab194c3d6b7e839e00f7e5b5057997a34fe0f6a7d2c8b7ec1c23554079729a456c4f9bc8aa3c41743b3b517cec128c3c953b5b8bb9c93d13a9f82c5dc1927dbd7a3a81e50a48de113d512228b9075ee81dd2f76c3ab714adf2b868
+	C = 5c0c730c6c4baf39e25964784d5d2a674ba332ebddc42cb40cd9720f8f13ea2ca3d693c3bb6d213e483393e57901c43d3187e915699a2b8c35c6527d14518222d8e4eb2e85d127c712a8d4f0eccb4fb3c7b8b906cd3712eff23d53d692179895dd31bdb7725d3d89359f1ddadfb52c
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 9dffaca2b0ddcffbfb945bbdebc328f8369006b82700b8669436c106449b41e1
+Nonce = 570bc574366e1b8656422fa0d5a9ea2b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1cc1a8d04a7889bc492349b39afb9faa006e810e5f7f2d3271f2c35afa4f7f00033e29b81c0e46cc7224a7fef7026d68994d2c6f0aed00a928e38ff46bd140189f27cfd2b3c220163a702772a1b57f698bf64f2328cc8d2197ccc43bacfb2f4d17e05ac47641dc66e27e0dc68cc7d8
+	C = 1869319e64e6461a697de9472e41999e404495162b28d2ca8fcb446add9eb46b05833ac97dcc7e3521df7f7a956865abe6eb6d2de6766a16c6c253ebaeb940e92491389d9aa2389e5873dc8ef3a0c3a41798a6501caca12e2bfb8b077682e1478b75af8e592a2ba799f1916837097e
+	reseed counter = 1
+EntropyInputReseed = 1528746cfa4e9867c574cf1b7bddffbbfcca8e978c0719d055522164b4a372f8
+AdditionalInputReseed = 13bd8303220d9beaba8c523ea0139773b5a980c8e47ea82ca80585622a9e3006
+** RESEED:
+	V = 860a3d1a140926184f6dcf1d81b36197ca47ad91a07a7865959c74ba2268c9ae1b41933129dbef8443231dae3953e65f60871b24482b93716e4200f79629647218af215ed00ab904b7b9d3f5c3463f688bb4fb60cad1bedb754034d934dedbfff64333b1371e6f937e40e8baeeecab
+	C = f6f2cf5c9f6eac122962d16619038560d892b23c88903cd8a8272856e85cb9d10f2d1ad0fe3f053bcc2977b5182ba633e803c824b42d05ad8c73db97502e97e6cb0084045cfbe90c0446b50fab2b4892737caba2c65186e549aa131fc475560e0e007c9826c5d3fab71a0892719e4b
+	reseed counter = 1
+AdditionalInput = 50f0977b1b02b0c54d83c4c948870ed86c08969b870cd7b934840271599e4f1c
+** GENERATE (FIRST CALL):
+	V = 7cfd0c76b377d22a78d0a0839ab6e6f8a2da5fce290ab53e3dc39d110ac5837f2a6eae02281af4c00f4c9563517f8c93488ae348fc58991efab5dc8ee657fd64aacfd0e096b9f0f54f470cc0f2fa105736e4946d9db93a856243953d66d6ec330a6316f32faf4ae3c91a32d26bae98
+	C = f6f2cf5c9f6eac122962d16619038560d892b23c88903cd8a8272856e85cb9d10f2d1ad0fe3f053bcc2977b5182ba633e803c824b42d05ad8c73db97502e97e6cb0084045cfbe90c0446b50fab2b4892737caba2c65186e549aa131fc475560e0e007c9826c5d3fab71a0892719e4b
+	reseed counter = 2
+AdditionalInput = ae217360d7efa796b05737c80f1f43a96d20bd8b0dd1bf9e68c47f9d7416f9fc
+ReturnedBits = 544167af857462c3f21c4408b87647d8c26fefe554e4535df0a27254cb904a1bdae2d290c48c11ced17984e6f42ba7b19c0499eeb816d51d143a0050bd0bc1c13f23d5649a7477c402c936ece1bc9223f87eb7f7c8f85a9c6e3761aab0eff143765c8e22152a1da9267d6ad6c723bf63ef1bd314c5a39eb78f0b094f4aaa841582e51bbf294251320b2097cc4727ad053c881fde6d11862e73041ecd336fc6d904e1db54c820571560c22c9da3f99b23aa367da2ca7bb4d43c4d8f62ba191412
+** GENERATE (SECOND CALL):
+	V = 73efdbd352e67e3ca23371e9b3ba6c597b6d120ab19af216e5eac567f3223d50399bc8d32659f9fbdb760d1869ab32c7308eab6db0859ecc8729b826368696c98c2daae4fb61374353eff2a814d7668f30957783abd656a97a88fa4beec06bb440ff22475c518d1fea312aacf73679
+	C = f6f2cf5c9f6eac122962d16619038560d892b23c88903cd8a8272856e85cb9d10f2d1ad0fe3f053bcc2977b5182ba633e803c824b42d05ad8c73db97502e97e6cb0084045cfbe90c0446b50fab2b4892737caba2c65186e549aa131fc475560e0e007c9826c5d3fab71a0892719e4b
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 38ff55a01ef58775a5c512a587b673f7968f4b13ce574472a7f60f4fb3e08702
+Nonce = a9254ff56600dee6eb2c88ed847dd77e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 62b36028c84832acd4264e0632ad8b1bb55f3c056d174da94235370e2ad3c3b489b46de16e1e7c176b40a5b1009e26f26e26dbea172ca901ea29ae48cd4a721aac21d553243cc1edfc271c0c06c3cf3b90085af064f0c939f9b760b9a19c62541a9695bbb8993493e4111586441f9c
+	C = 41577c608ad76ecf0f5887e203e6a380aee213399e434545a99b33ecf6ede08dd73a149e3ec88f087ddcbf0d2b1a0328a99412f16b27180a2215e15b26584df17f8715f7ca9b8626215a2371479418cdd8cf011469437712acea418780f301afdb9c3e83dbfb86e40bf64a07b3ebaf
+	reseed counter = 1
+EntropyInputReseed = a88de1b449037b6b4ccac685b43e8d3b916b389a8806767d1798d929c85c1ea2
+AdditionalInputReseed = 89c7b49228c9ff951e4e1e355491c4c0bccfb933e06c187951584cf4bb4a66be
+** RESEED:
+	V = 2f42680b20ebb7d74c4fd9b343dcb83f3048c385928997db69b1b36c094caa4222e4d97a59b4e3302771167231916f8003c0562643ae0fc76f57acb231af8c390b9d9614d577037ec4aaba71026a50c77a59a8f33d75df502940ee73b42765f2f921383348095e7795044192de2545
+	C = 7305c6f837994c6592bdc22d904f47637d1d7cf93a330d61b028b27026fec9da90701348d79ff4a8cddfa903fb952e3347867a06845704e57cd6bde15fb3e076d6a91406a7b2ac436f7c2da558b68f7549f36d2961060cdcd1148392d9a1d8c479fe56933f3e93095b755b6a5b00e2
+	reseed counter = 1
+AdditionalInput = b2348859bf8e790e9dcf38414d18b0481ee3aca9befd3070585fd705d7df05fb
+** GENERATE (FIRST CALL):
+	V = a2482f035885043cdf0d9be0d42bffa2ad66407eccbca53d19da65dc304b741cb354ecc33154d7d8f550bf762d269db34b46d02cc80514acec2e6a9391636d7572ddc1d015f7f415f7aecc6e8b99a93df0d2116cee7cc2f48e08b492d799dd1df36007f590d1d7c30c08207d50410d
+	C = 7305c6f837994c6592bdc22d904f47637d1d7cf93a330d61b028b27026fec9da90701348d79ff4a8cddfa903fb952e3347867a06845704e57cd6bde15fb3e076d6a91406a7b2ac436f7c2da558b68f7549f36d2961060cdcd1148392d9a1d8c479fe56933f3e93095b755b6a5b00e2
+	reseed counter = 2
+AdditionalInput = 6498d8e10af09f258dd027e51ebb1a91bd2726bad38abda4a7eb229a65532079
+ReturnedBits = d53b091a7463ecc60a876bdfe97e91ad6d8be0900349288c2c2b28388b78cde372d975a819c9911ee39ee2792f1c85ec700fd00d76a9c714c21a21a51d8ae0acf00ea36099e12e77335e0ee9ac4816890e0c44a265f90e15585b0af2032c7427835f0aa024bd919abc379c45902d2fcb0543f74f39bf1e975fae7340f080614f38b1f8a9fdcc417d8e566cb8203f88d381e2afe199ded8b98c29fbdce5d731bd19dc9ee54e9ddf3f82215320314213b859b01f6cf39e8ce322108c18a3d3366d
+** GENERATE (SECOND CALL):
+	V = 154df5fb901e50a271cb5e0e647b47062a83bd7806efb29eca03184c574a3df743c5000c08f4cc81c330687a28bbcbe692cd4a334c5c199269052874f1174e8fc9a2bab158c035620b8227d316d1fbe75418745bc1a77901780530a5edcc37085764d7df4fbab357c9495689aefe8b
+	C = 7305c6f837994c6592bdc22d904f47637d1d7cf93a330d61b028b27026fec9da90701348d79ff4a8cddfa903fb952e3347867a06845704e57cd6bde15fb3e076d6a91406a7b2ac436f7c2da558b68f7549f36d2961060cdcd1148392d9a1d8c479fe56933f3e93095b755b6a5b00e2
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 10ab036947123ad2294282c92823d7af2535bc20acdde030eaa5528ef9800383
+Nonce = 5d8786f28c108f087721ea5608546b13
+PersonalizationString = 
+** INSTANTIATE:
+	V = 05cb2bee990381c8b8201fb707f1d829ab4ecd78c5178a2d5a720a4e2cc600465f443772fea5f66884676042013580dd4169811a6ec786f9bba786da3889da9798756e47ac41eb28b68cfca45d93d0974978861031b0df909091862b51e27b82919b6fd0a5507d63f2d8c3a5badfeb
+	C = 231500c1947ea58923a0c37a5c1a0840b7bc64fd45ebb9717fd2663bfa0d8188c5554cc7a19f71912f4fac09f98d23f6c84fed13fd15bc1af051b734cb211d04cbcee67c71211ddeb4a7cf861bd536b43edc8a7326982414abe4f3133165f0baf7e6e5de7c955980e45fd1e32ca02b
+	reseed counter = 1
+EntropyInputReseed = ee30b27d2beb23bf1dd9d7db25619df130fe941929921444bcb1f3a229c2ab05
+AdditionalInputReseed = 784adeb67e2fbc6ee5ffc8682fccd16ad2dc7c78ab9044afe001d65c05b8df00
+** RESEED:
+	V = e94def6c400dd0989805177f856c3d7a0a7e27902ecad195cb6ca1e59b29b06b8e501ee36ba283ed06247da0fbb589e9024ad9c1eb240a0255ed6817bb7501067cc38ea7f7bfed333a22ffd85b8bd60a9918fd6770235cf55a99dd34d99fd0f59657b083ce94c6f5549cca3c556e69
+	C = 68d9244c9ce45076a3cf7b99ee25f389664bd7744c3e127ae16aeea5d388ca7046768c22625b0fa44c88af67dc40edd03a690bfbc60cf86d257efb25af838249405b090c6dcc3064095bc53b7ffc91047d1ea024811b7e561898b8993fec7b96119cd06d692e20a3a0f7ca466663f8
+	reseed counter = 1
+AdditionalInput = 2c4e20ce0cf6aad11fd325d87ff30607966e1de8c7f0f49d4b0979694a6d2416
+** GENERATE (FIRST CALL):
+	V = 522713b8dcf2210f3bd493197392310370c9ff047b08e410acd7908b6eb27adbd4c6ab05cdfd939152ad2d08d7f677b93cb3e5bdb131026f7b6c633d6af8843d100881b951c96c0fb3e1e0c427b677ccbb37a456f836d13a45621a69179d599ba51e5481441a6c6e8e1bcfcaf939f7
+	C = 68d9244c9ce45076a3cf7b99ee25f389664bd7744c3e127ae16aeea5d388ca7046768c22625b0fa44c88af67dc40edd03a690bfbc60cf86d257efb25af838249405b090c6dcc3064095bc53b7ffc91047d1ea024811b7e561898b8993fec7b96119cd06d692e20a3a0f7ca466663f8
+	reseed counter = 2
+AdditionalInput = b393089c9d476f7d8963468f722f83f935a3af0689cf48d1791fd764654b946b
+ReturnedBits = 23e57072ffcadf35e36946bdfe6f5a998531f6eab3d921f2026f07eca3952cecf15fb60a88593867a2e848916761e9889ab22a8f028abcfca573c8fe6028cf4d139f19b28d821a191be3af42783501a515cf909599f1be6f3748c341307f94a5d5f2aa7efbad403f710a0b2851bb8a01fae0a79741d4dbd9c60fd40e12905175c0ac1b5e1361e686ba98e8d0fcf4a09389857371d8ac80d2638178814dd57edcd8ab28ccb51dd8f9818214a825efe9acbf68d5d528fab9dbcbdacc43bfb55497
+** GENERATE (SECOND CALL):
+	V = bb00380579d67185dfa40eb361b8248cd715d678c746f68b8e427f31423b454c1b3d37283058a3359f35dc70b4376589771cf1b9773dfadca0eb5e631a7c078c3923432a78a6c27949e687cb6549f38cb17f1742b31d1d2f2d30eed57c7b0531f1ea3e03da193371634736271bce6b
+	C = 68d9244c9ce45076a3cf7b99ee25f389664bd7744c3e127ae16aeea5d388ca7046768c22625b0fa44c88af67dc40edd03a690bfbc60cf86d257efb25af838249405b090c6dcc3064095bc53b7ffc91047d1ea024811b7e561898b8993fec7b96119cd06d692e20a3a0f7ca466663f8
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = a0b144bcc5c40ac6d01b0cbfc49e1ac6850d6fecd23b3ee0e941346a9eb175c2
+Nonce = d4cb1517c9da196fd83301acdaa86909
+PersonalizationString = 
+** INSTANTIATE:
+	V = 99fda4520077853a3236144eeeea757662f289dcc2e9791a0e10d3bf89175d7b431a0d21d99937146031a1b805bdc702eed0ef64c43b54373ed6cce329e51bff5f6e3c05b9738f2665baa9da857d3af3d1c9de8f959c878a636aaccd7779af402dcb24a4984a90a9c2a1fca538bd19
+	C = 0706cd48a65a8e9a11347668bc08d6f3ed1e6d61292d860c09ea64cf52e63f76827100f58a374454d603ca032ca63cb405d8b695dca91717a7a9e8134e6b9d7bfcfe96edf7ff7e1217da98c4ae16031856699f140c8c7f03f4dc57bb0d6b86df1e7ec727b0382c06fc305bd3e05435
+	reseed counter = 1
+EntropyInputReseed = be419af9bd237ec370784c44dcc8be24721906c57b7bc66fdee5692fcda56154
+AdditionalInputReseed = 7cc6e6ba858579c9dd95295d1d156be32b2b5fb82f3dc000e033dd9ef6669512
+** RESEED:
+	V = 375b60b42d461e6478827f72662c375190b9a0dc7eef4d1ac9e6f730f52dccae9deb003218bc102fb3020f17de26fb5767052ae2475428c4c4cad403ef1912c1037f5e3a28376841cd79aefa129539ba7757d692f527342620d4130b089408963bb66b1a63a8ec2ef1388b414e3db8
+	C = 10d920718d0e775d9b6c8dd126ef8b1e50fea62aea1147b29e7442e286abc4d3fbd7c72a64eac21dd5f15d87311d6689696665696549c38e59ac967ff0fd8911c4e9eb6f1b3e9f1ca48c1245db052449ac3fdb4ec20a9f200b44246a6c046270b50caf40284b575a849046727895a4
+	reseed counter = 1
+AdditionalInput = 26ef0855f6deef3a10018c730f06f7db30b4df4816a2f903b5cf6b640ce7c1c8
+** GENERATE (FIRST CALL):
+	V = 48348125ba5495c213ef0d438d1bc26fe1b84707690094cd685b3a137bd9918299c2c75c7da6d24d88f36c9f0f4461e0d06b904bac9dec531e776a83e0169cd40174da056ebe4454ac8e0919d29f29e3c7a2c2793d9b3c1d438bae5de8e08d028cad1f49ff3e193b53667f1f121819
+	C = 10d920718d0e775d9b6c8dd126ef8b1e50fea62aea1147b29e7442e286abc4d3fbd7c72a64eac21dd5f15d87311d6689696665696549c38e59ac967ff0fd8911c4e9eb6f1b3e9f1ca48c1245db052449ac3fdb4ec20a9f200b44246a6c046270b50caf40284b575a849046727895a4
+	reseed counter = 2
+AdditionalInput = bea765b83bf590e643e1dbf74f686b042fda2c58cfd1f162fc924df43b8fb160
+ReturnedBits = 31a0d9cbca285ffc88f2047cb67a39516a58d505203bfbf6dfebb555830179ddf7dc1f0332873ab8cfd2b5079987f073e24bbb680f0a174e29cb679486d1a0916c992edf351b425f1270da6f02909b2cd9d5845dda494413f75ef400983458e850007dfa49f69dd5c9b32f9cf8171f984baf052ed57455084c9ac1de59bae9b3eaf00130f8f3cdb986e77390b6aa14e6800034c3021be048a5ae06b4a72e79ada78c36471a63baf014d1d938a9f1dacc600114774a4cfaad377e0c2859c63163
+** GENERATE (SECOND CALL):
+	V = 590da19747630d1faf5b9b14b40b4d8e32b6ed325311dc8006cf7cf602855656959a8e86e291946b5ee4ca264061c86a39d1f5b511e7afe178240103d11426a4bd22fd8f5f82f42b662485af9866f9439146336c093a7c9203c0285b137f9e93deec07bbc60a46ccb7a617a44cb820
+	C = 10d920718d0e775d9b6c8dd126ef8b1e50fea62aea1147b29e7442e286abc4d3fbd7c72a64eac21dd5f15d87311d6689696665696549c38e59ac967ff0fd8911c4e9eb6f1b3e9f1ca48c1245db052449ac3fdb4ec20a9f200b44246a6c046270b50caf40284b575a849046727895a4
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 6e74db63664c435632349b8dfca8a26d0e631a763273f49765d79d78f4e21c42
+Nonce = 5880e1e7532243c903e464ca5eb52d2a
+PersonalizationString = 
+** INSTANTIATE:
+	V = af5381e28b6d3de8e710592247080ac63dce83641844ca555b16431aa8c4ad982c7ef0acacb6e58ec8af07838e96101f4c126fb591cb1fe4622713fce6ff7e85dc62b209b3850b852a89610b29944ec99945bb997cf5a796662ae56fb47f8f64aebd8fe4bcb8f78df4da0b409e939f
+	C = 2c8fa0670d9c35bf3bf2d8f4e30808b21647efee537ec3822e4e1526608be5f5adc1799782f2aa6cb22cae73ff6fcde99c9083b1ff1d62be1b75d279c2fa5f9fe87d3f8f58dc8902c8bd9cd06ae8f351428932326a803bd6db047e4dd6cd56fc70ae6a0419b3ba33ec0ec2c3be84bc
+	reseed counter = 1
+EntropyInputReseed = 7d109c0ce36f55a07ef5d0c88559b009f488013dfc48ce81d3e9e3324caca19c
+AdditionalInputReseed = 96580eeede224ce67ee3115c41eeb820368e91f50348724335bbe5cfe25427aa
+** RESEED:
+	V = c9d1760bc9e9aab13bbf8a218324f845b9c2de94499a68c2009e4901b8b18361cce55757d9ee930e31cff764f8e3ec8eb00446c0f76a33a41ca2af39fb83747a7a9e091528024793ec066f55d93b254923262220d798c172e85b3b691949c1ce5d6eb500758fb66d19a5507ff8aada
+	C = a0c50a3036746b37f38f46ade9715061ab38b6fd11f6970a69a4cff4658823838eeba514ce29070f233c4d9f45372566cc32a02c5094ffdba61847c73c6ea8160a1e5b8d64dcbd0833030644f7adab59db82ec10d855672809ef4410da0388cd44821927cc2d2e20421e552300b067
+	reseed counter = 1
+AdditionalInput = 5432dd04eae8b887b2f1e6f0218e5602f39d6a39b5d90bf2bd9c36c88f91b7e1
+** GENERATE (FIRST CALL):
+	V = 6a96803c005e15e92f4ed0cf6c9648a764fb95915b90ffcc6a4318f61e39a6e55bd0fc6ca8179a1d550c45043e1b11f57c36e6ed47ff337fc2baf70137f21df4e2d9b741a59c83bc052f04db280c2af93ee9bcabd9bcdaa898f39f4de1f40c4f5e896c1a68f0079f9c703593dcbb0c
+	C = a0c50a3036746b37f38f46ade9715061ab38b6fd11f6970a69a4cff4658823838eeba514ce29070f233c4d9f45372566cc32a02c5094ffdba61847c73c6ea8160a1e5b8d64dcbd0833030644f7adab59db82ec10d855672809ef4410da0388cd44821927cc2d2e20421e552300b067
+	reseed counter = 2
+AdditionalInput = 2f98ca8772b51cb630d8917b02e8beb8577b1ab8e2c94d269f425c1134faa106
+ReturnedBits = 94e934e0eff60831ae5ff14ec5d7a0724d680a856c986a1036468ce364971f422c32f6b491e69570ec7e1509f25d181293b6856e8fd6b52e07aa316820dc914722fccce702c5ba9007e57e7b70a477d4511c4367339ff4796ffdb3903342b9f929400abb032a182c0af235c78f12c6c6cc960641cd35b979e3d58dfe50dff7f62586634b645067870ef0a094ca357f4e3265220c3203d15fe311136b6d215efea887f78d4ccfdc86ddbd0bce0af3739d1809d68b496b05314b5ca8bcab24cda3
+** GENERATE (SECOND CALL):
+	V = 0b5b8a6c36d2812122de177d5607990910344c8e6d8796d6d3e7e8ea83c1ca68eabca1817640a12c784892a38352375c486987199894335b68d33ec87460c6fe4ab495d3e5ea3aeef7213767c7cd9a989253925e29e6968c123a71348bffcbd77b87a85efd9bb3b8d4e4fad28659d9
+	C = a0c50a3036746b37f38f46ade9715061ab38b6fd11f6970a69a4cff4658823838eeba514ce29070f233c4d9f45372566cc32a02c5094ffdba61847c73c6ea8160a1e5b8d64dcbd0833030644f7adab59db82ec10d855672809ef4410da0388cd44821927cc2d2e20421e552300b067
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 374d915a32eea4020a68a6eaefca3261a6970840a4c16a419c815ca62d07c3a0
+Nonce = cb9f0a0ddcc5f993165f8a6c00134f81
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2641351a9e25dd63e4e93af70ba863d91f25ab02c26cd54b1594156e93798970915ddca0a1d74f8f9a8e1df5ff97e09b46b05ffc91700e148821426219ecfef2c4530d16592e2b6822d5fce9d84399cc641c7c3b0c703ae88e009fbb99f430457fbe836867555ca31701fc780ffdba
+	C = fdbc6ded46e88013cf3ba542c142664c952adaf945631185620132e173d84843ddfca8070d3081b14b795c6df5233308ee27f0704137bfdadeaeb03dd28cc0d65f5b310c13de68b20092c600d492153a79d6dc9770bfa59d1fcacd46da81caa5d2634e0945a36dcce4096625197725
+	reseed counter = 1
+EntropyInputReseed = 0d1da108fe7cc4ab328dbca7b33b4d431c4d9c9544fa32606770895fe5a791ec
+AdditionalInputReseed = fc9008abdd6699a81e04e44f29a16b563e933bebd878acd61328cc2b2d515f88
+** RESEED:
+	V = 8859b1652bba6f8b1726d9078d7dd513e8789c84d5a44b2de3021623805e710535bcf251a9b38b397346614e3d94fa36f7de6dc44e2da41766ab11f96c254a16023edb6bd3a31e891f65c1720c6b64026cfdc586de9726d72fdde2d9e8e22d4dbd75ce57f9ab8d6d05d4050379ae12
+	C = fae45007c622ced32814d9501c003968be76611653a8ddbddf11008d4e08f1c878a3aef3300fb566bc20d5bf63ba2e846ff8cc81321b951959126eca5a6bcf92c10464dc0a60f6a91502c9b342d3e8bda2e72e1dfcad208fe86237d7951edb920c75702843558c8dc5c9f4d2db3606
+	reseed counter = 1
+AdditionalInput = a6787d0e3500264ff8ff11956787903eda8c12c4baa501d15d5dc59e30d05ef5
+** GENERATE (FIRST CALL):
+	V = 833e016cf1dd3e5e3f3bb257a97e0e7ca6eefd9b294d28ebc21316b0ce6762cdae60a144d9c340a02f67370da14f28bb67d73a4580493930bfbd80c3c6911a6f424f6d18304c72eea64deb0aae252baaf3610fe96c09608823419c3ba43e747f1262563a2760d56005ce1fa33c06eb
+	C = fae45007c622ced32814d9501c003968be76611653a8ddbddf11008d4e08f1c878a3aef3300fb566bc20d5bf63ba2e846ff8cc81321b951959126eca5a6bcf92c10464dc0a60f6a91502c9b342d3e8bda2e72e1dfcad208fe86237d7951edb920c75702843558c8dc5c9f4d2db3606
+	reseed counter = 2
+AdditionalInput = 11daac9f46dec0433d89f2a0581d1e3b0c17e785f17993f5542a70f9fd19dc4f
+ReturnedBits = a4f05683429d4ca4e2215399b047c4c19ce2e224ff23af8290ffeb919e654cd675be95de361983b23fb1951df65e499fa35d51200ae9ecc3f66ef9cbbfa6e7fd985d6b44ec22b067cb820546517a598ba571bbecbb942cf121193def39ed9decc1f73971ee67d421baa552ccffb6183fb74a9494adb1fb0858c808b2019125cf3430c302d6f349cd421996c8478afc169a7cdb9d42e9c53c80f14f54fd5187ce03b59fb6b977733150367b0a9812e9b2edfe06623a08bfde0a78a5cdc3c2f801
+** GENERATE (SECOND CALL):
+	V = 7e225174b8000d3167508ba7c57e47e565655eb17cf606a9a124173e1c7054962704503809d2f606eb880ccd0509573fd7d006c6b264ce4a18cfef8e20fceb8f98bab9f838835a74d35eb1dd43b0f98a3860f81c214a42b21b8ed92b7f56606421bf99a71b85573acc277350f4100d
+	C = fae45007c622ced32814d9501c003968be76611653a8ddbddf11008d4e08f1c878a3aef3300fb566bc20d5bf63ba2e846ff8cc81321b951959126eca5a6bcf92c10464dc0a60f6a91502c9b342d3e8bda2e72e1dfcad208fe86237d7951edb920c75702843558c8dc5c9f4d2db3606
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = e7ac99c8ad460a4236b6fef2f628903d6e33e728a61c67c011a18f3de150e004
+Nonce = 9f6eca444a1996daa6dc8a5253eaef1e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 760a9abd9a8f0f1ed584f80a0c840488c08560b24d4a786af11c2a97f6fe3b5eb6b24c8990ccdbd8c1890517c0c28308ed6d06e3e33c801838be9ba154817a74bed2909e8914420a2456664b6751b0450f1e9170b725cb693b943bb873edcd3acfae85a6b7e615df6cb8e6cd1f5b0e
+	C = c129f56ca412560295544bb4f0613cbc1f1070abab669412b3729a37f62515ce6aace6fd84b1441d1a19f923a73c655db8cbd35fa1f53eef442c8911ea9fbd3e77b25b7939fd1e6f32957f6c370ed0a175d8e4450e2244a75dd7d70e8e34a1279c67237762bb147e5158c4a525d935
+	reseed counter = 1
+EntropyInputReseed = d46106b78499e2cb05ea88ddeae5746f6fb35ea064d2b981efac7b4724508639
+AdditionalInputReseed = 8d08675af6a0ca49ed1de31e5f1984416901ead33c5f87625499115f315ccca1
+** RESEED:
+	V = 7f93a5f326be3206d93ad3dda8f4ae4737ee9756a077306c09efc3baa2f239f94c1c7b835074ef5c4f4981519144886cbd078df2db51c1063dcca30a65ea8b490b94c39fe7257a3a245ecc8c9d29a28333fd71424b59ec3c6b9ef82a3a54b0ec211786cd5dc98cfb4d9f357906f87b
+	C = 83c52e198ee946846755ace4fd81b57cc03e8ccbb78e1162f770561e79c2596fd1717138dd4281cbac2c834ca57c88c420dca6fe8c1270670f04519d36c0bc068f4e6de7c36835cfdd16c1532f51239b41cc187176a07692e791dcedd989e8acf7f8fcad833aaef2cb07bfe311d6d6
+	reseed counter = 1
+AdditionalInput = 9c787c7b6482704587b1618462b0f4fa46b5a9009b6eea9c33c1e97db295aa2d
+** GENERATE (FIRST CALL):
+	V = 0358d40cb5a7788b409080c2a67663c3f82d2422580541cf016019d91cb493691d8decbc2db77127fb76049e36c11130dde434f16764316d4cd0f4a79cab4901012d08eb9b37786f835bd78f6b3e087fe7eddb3cf8e31b98f200d58ab9dfcef6167e2bc2d20d79a4fc2ca96dfd800d
+	C = 83c52e198ee946846755ace4fd81b57cc03e8ccbb78e1162f770561e79c2596fd1717138dd4281cbac2c834ca57c88c420dca6fe8c1270670f04519d36c0bc068f4e6de7c36835cfdd16c1532f51239b41cc187176a07692e791dcedd989e8acf7f8fcad833aaef2cb07bfe311d6d6
+	reseed counter = 2
+AdditionalInput = 58e9bbc08ac09cf9ccd61235a3923d8de15853ad220410170a07828b494dc530
+ReturnedBits = aaa8cb4260c3a7c259a1f041b4820d3aec9fbf902a075caa4d93016aec01901e8cc6ad344dead6d8de558c4be813a7611f4b3ab52dbe8aa21e3888e2c93130d3143c9bdfbc45a7c5df5768ae7aab83e9dffcd7aacf1b95ab500c0296ba824d0dc8c951b983082dd804199e2c681ba5f09d519671f2042215f199ba35819efa83775ec3b23b010e94fb418ae28ae6527f3863f53187eee4f2945f1325c5d9317da977934d185ff7c02166ff004bed070239ce2e7da5fa46346d0347c49208a785
+** GENERATE (SECOND CALL):
+	V = 871e02264490bf0fa7e62da7a3f81940b86bb0ee0f935331f8d06ff79676ecd8eeff5df50af9f2f3a7a287eadc3d99f4fec0dbeff376a1d45bd54644d36c0612cda2256192a95e33b95e30e55208fca0dcbbd4a824994b5fdbf42c3d43cc0aadca9c5dd606c4f765fd4922d208eb44
+	C = 83c52e198ee946846755ace4fd81b57cc03e8ccbb78e1162f770561e79c2596fd1717138dd4281cbac2c834ca57c88c420dca6fe8c1270670f04519d36c0bc068f4e6de7c36835cfdd16c1532f51239b41cc187176a07692e791dcedd989e8acf7f8fcad833aaef2cb07bfe311d6d6
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 58c9ab9847cea6c8419ee5f387b5712f7d97b829dedb4ae20f1c3a24bb02d052
+Nonce = f7963fa46dc8ec0d00260d5c2773d89f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7ce99a975d8afb97fb43c11de405111892c36e8e5f1006abe056208583b16af1e556222ce2195d1054db2ba9ba60d2334f2ed05d471015a2857f28920fc0bc2ed148db9e3384700b50b0d0b0c215cfa6ba047b6de85631b7b66ac3db9ff19864cfbd52f021a003189cca12022d6ffb
+	C = bec178d891538b9f7f2635e1bda2f9704478d46dcdc090966e7d039b0671ba137710dc6c6ca2f75a610846182c8e58a6b32b9c66e65b185e1563e80ea7a122b956a105ffb9ba11b5b46268d1a40902b0ed12b232e798f5fa0cf4727f487c0fd903f262385526989beb9b3c05ca5244
+	reseed counter = 1
+EntropyInputReseed = b770d4b87c6b867a9278a01329514601148a3f3cd92303526b435e5363a053fc
+AdditionalInputReseed = c669c32fcc2593d5dafb3009ae1a443780e4213e22be6eb398509e24295397e2
+** RESEED:
+	V = 91eb634d293403364bd522d66dedc46484958c4b3c3c9998c2707e68bdd6902d6a4fda3f1d8aad862a6a8f539e2638f04c14485af7928d7b8429858002ede0a4fbfa255479e1145645a820b66885fd6151fda02d1b6623afa3385eb4d62b72403ec77664e4efa4227c8907d76f87ed
+	C = e452a568769b97ec0af84e4f11fcd1b43bffe89086f225cbd9bba2b35d0474717e422c484c6a93876797061bf51f95b650f06ccb51836485dc015e4227fa24a146bd7dae1196ea7a902f09c1f791e8848730e86fcc8e37722cc45ba33aab6452a9b99774b7f62c09e92bb5f16fcb0f
+	reseed counter = 1
+AdditionalInput = b7768cc6e21863f1d112fc71ab46c754cd2acee54c2bd0b32ba1e659a7c6c6d9
+** GENERATE (FIRST CALL):
+	V = 763e08b59fcf9b2256cd71257fea9618c09574dbc32ebf649c2c211c1adb049ee892068769f5410d9201956f9345cea69d04b5264915f201602ae3c22ae80663d9d201d486cd6802bdc2d29eeb4dfc1963892bd197984f4d3af793d11de9d44104b8207015f9256dd933894c4207b9
+	C = e452a568769b97ec0af84e4f11fcd1b43bffe89086f225cbd9bba2b35d0474717e422c484c6a93876797061bf51f95b650f06ccb51836485dc015e4227fa24a146bd7dae1196ea7a902f09c1f791e8848730e86fcc8e37722cc45ba33aab6452a9b99774b7f62c09e92bb5f16fcb0f
+	reseed counter = 2
+AdditionalInput = 610d7d1a4f28c74031be673ba7c1a8fbce20316eb3a45d8866849818e8a4d785
+ReturnedBits = 38e8823928228da2c9cb675da8f9ac0da596bec15088e9608e23c125d77246325c8ecc44e18fbabb632fdf788e6fa46f89fce033bd9e00197ddb6923e55a41bc893ca12b85e7697325845b19b747dc128e8d8f87acaa75446654e6a8eb6393d0a5a8a828b896a708206d9207b00a6b613d812d26fd44c8503ffb91698ba1f7c0a9222e88688e4f0737d2dad468f4180c50dff8d55aa3bdbae12a6f1bc3f2a13ef95c5d6f76d811fa519894329d115ec20769fb91e065e081e35e1014134ebe9e
+** GENERATE (SECOND CALL):
+	V = 5a90ae1e166b330e61c5bf7491e767ccfc955d6c4a20e53075e7c3cf77df791066d432cfb65fd494f9989b8b8865645cedf521f19a9956873c2c420452e22be8f156d373c7ae70473516cb24079df8d530e67bc0775947b24361a9c2ca8f4c7545edb5908edb0d915531afc7d15ecc
+	C = e452a568769b97ec0af84e4f11fcd1b43bffe89086f225cbd9bba2b35d0474717e422c484c6a93876797061bf51f95b650f06ccb51836485dc015e4227fa24a146bd7dae1196ea7a902f09c1f791e8848730e86fcc8e37722cc45ba33aab6452a9b99774b7f62c09e92bb5f16fcb0f
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 0e85d8000c4fbc91c6bf3f900675d9d87213eca8b4668e8f17e4c2c49f633d46
+Nonce = bb1593e57ad5dd83f8b7fa7c8ed2a5a2
+PersonalizationString = 0def1e678a41943762bf49c3dd9b02dfdc5343d735f1a8da2c5ba55fb926026e
+** INSTANTIATE:
+	V = db6fb4549c4ee8ce02e764be834b32094968e25e6ff0495c157c551d32e30d9b4e747627e5d3ff5f6fa93bf8b6de68517f63a18bb517165a247989d6057741d600cbdd8d83fa7b30443c567ee3f2388de6d52a6bb31c14d2a86db9726a870a69bf5425222077f6a304ff4048f43fe7
+	C = 005ec4dd7d179246fca0d8a6fc254d2f80ce9369f43ca6cab53edd4ce2b00a24d15acc30fc4b72308e95d1c143e94f096e00f6c1147ee381eb58847fdea180fb85f1b60be2bc8ec0cf1e2fd4752c17446dfa0d3fca2ee084483f8b18f64b754a630821613bfc1be514a3eb3982dd05
+	reseed counter = 1
+EntropyInputReseed = 17b4aeaedd33ee253ef2f7e26cd75e5e97fb6934b20c67827c165bb2f1f516a1
+AdditionalInputReseed = 
+** RESEED:
+	V = 778039206fd3799e19a0a216c5fe287f488216a2d388fcced803a657900c6b6a818e092a6201601809de2f655ba2de9932e2ab9bba64763c0e2c6361f03170944a56481a7d583f751fa971075ea5d91087c03f13bb4b179fb313923281eec592a6d4f63c2285cea169cc7af3784c24
+	C = 9ceaf33c2b34919386f571e26cbdc3239efa50c87c1568c39c72599772c0f31aac9973db8ecab130693b9dc722d83b5df14a5a5a24a43b55eeff19b073a3e117933308727ab822ad9be6bcf430e172fa79d940e548d5530d068f87edad8a612e308b4c3fbabcc9f46b41973be45ff8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 146b2c5c9b080b31a09613f932bbeba2e77c676b4f9e65927475ffef02cd5e852e277d05f0cc11487319cd2c7e7b19f7242d05f5df08b191fd2b7d1263d551f4aed34004c35ce31e31315cc7709782e584df67230c2849b5e3453ed19f4d1ef861ea6941543064a14519e6e5d2dcdc
+	C = 9ceaf33c2b34919386f571e26cbdc3239efa50c87c1568c39c72599772c0f31aac9973db8ecab130693b9dc722d83b5df14a5a5a24a43b55eeff19b073a3e117933308727ab822ad9be6bcf430e172fa79d940e548d5530d068f87edad8a612e308b4c3fbabcc9f46b41973be45ff8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 057c8fadc511cedf3747c0bfe7575c8740443646229e81e28a6dda3c33473aadef4a2c3551f64e301d52cc7de5eaeab78e16a45bb025137a4c810d9eb77fcb01a02be67a426142036ce638e991711ad9345364f18836e6c30684a7358a73fef95013dd2d6c2e9b7b0216d54ab032ee5edaf715b17c478a0bac4a7309db3e9284c27cfc97fa2a11a5bbfd12052468ed6c2ddeff7960c447e374a46cd588ccd1bcd2731b38db9b89835ff14f4966f2ba3a87646f0598f478445d5c7e1d7af8c704
+** GENERATE (SECOND CALL):
+	V = b1561f98c63c9cc5278b85db9f79aec68676b833cbb3ce5610e85986758e519fdac0f0e17f96c278dc556af3a15355551577605003acece7ec2a96c2d77933c8fe326af70b65538a8239e7e85119dc276ed2650b6fa522f80307faa64f172d337a39490735fda96ff002ac51bb203f
+	C = 9ceaf33c2b34919386f571e26cbdc3239efa50c87c1568c39c72599772c0f31aac9973db8ecab130693b9dc722d83b5df14a5a5a24a43b55eeff19b073a3e117933308727ab822ad9be6bcf430e172fa79d940e548d5530d068f87edad8a612e308b4c3fbabcc9f46b41973be45ff8
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 63de6aab690dd38a90fe83e3b9182fbdb0a9acbbbbb1f2225d2f4c4bf95d58a2
+Nonce = ab4f7f6153521ce541d2903d99cab9d5
+PersonalizationString = cbdf965fa47298ba2481ef6b9dd234bf64ab50955219f2fe4c619a91ad7196b5
+** INSTANTIATE:
+	V = 6adfb7e045a7914e1521ddc3f885ac31ab03142fdda179dd751a8d6a063cc419de92fa8d72b31c28cdca69d221fd16524c44294658fea8b20942c3e85e204de954ff119fc3226dd3576e0d116c9b24a805aa19f84a462091273435f3aa599fef26c29a322f48fa369fe86c552162a9
+	C = 72deae33ae7800977708f21bdd1e4949900cef068780122a644322c844d02f5d50cedb48c7bec1a1122cbe7502e2a6219350eaaa9717f612121bf67cdb711bd8acc505e0af8e253422b9e42bcb907abdc51de201e0e00124672ede85428137d3ff296585ecc02562f6f6249fe9e936
+	reseed counter = 1
+EntropyInputReseed = fe944d8a1018331987fa975c269eef2c4dc7c4345fb7eeb6bd493cb3bb34493e
+AdditionalInputReseed = 
+** RESEED:
+	V = d91823e4dce1705cd5d5e30d58d4cd52b45fd9875310ee685c9727f174164bb0bd48e53c850b089f9fb163e1a7f44f6a61d3a121be20329e07e2f26b760647cf4d4798c30ce9416d7e58ffc4e38c06b6112fdf457801a58570b6ba5a4e048e2f14ec328d0f02a9a0f3085b1bc50d29
+	C = f28609db2c9ebbe686660c3339101d23b816878537fdeeb85bee60f35f64aa0d9bcabfbce61f058adf38a57287e0d32f0d269879123aff8601ddfc92a42e93bc1b7cb6b2d9323ecb1a93c82d97552d73d820e0b984539a6fc1f714d705784486bc70bcb2248201d5f4af59803630aa
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cb9e2dc009802c435c3bef4091e4ea766c76610c8b0edd20b88588e4d37af5be5913a4f96b2a0e2a7eea09542fd522996efa399ad05b322409c0eefe1a34dbd925fcee97169c337e7f0fc9ca82117fb59941fe5533a1b992855620160eed5f5f305b60e68e3cf6f2aacf483c6b829d
+	C = f28609db2c9ebbe686660c3339101d23b816878537fdeeb85bee60f35f64aa0d9bcabfbce61f058adf38a57287e0d32f0d269879123aff8601ddfc92a42e93bc1b7cb6b2d9323ecb1a93c82d97552d73d820e0b984539a6fc1f714d705784486bc70bcb2248201d5f4af59803630aa
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1addb8394be9d094f377dcda5fd186780f6b5914eef173c77fff2a889c4776d7a4a261d3dff45370d8790d860ea43afa14d9bb9579228c6976bb048718a422e6f6fbfc2dd724a836b70dc6b9782fb6a35462897c846c7a19cb9c079880a5c71486fb68163def4fe0a77fb3052d5c4176095cef85c59d22803aa9f556f6bee8b64f525c84c8ad75eed8565bec9690552367887e8dee0a3e913c79c714b5b54b7b3c6b169dc7ea4fd84da1642551b770d443c5ff2724e9bafc8dc153cec44ce5f5
+** GENERATE (SECOND CALL):
+	V = be24379b361ee829e2a1fb73caf5079a248ce891c30ccbd91473e9d832df9fcbf4de64b6514913b55e22aec6b7b5f5c87c20d213e29631aa0b9eeb90be6370452796b4eaa10bbdbae8d18c706b91a5ebdb5c7f159f2ff50d2c6d572e1ba505f42f15ea1be71f53339aaf73b23a0b6c
+	C = f28609db2c9ebbe686660c3339101d23b816878537fdeeb85bee60f35f64aa0d9bcabfbce61f058adf38a57287e0d32f0d269879123aff8601ddfc92a42e93bc1b7cb6b2d9323ecb1a93c82d97552d73d820e0b984539a6fc1f714d705784486bc70bcb2248201d5f4af59803630aa
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = b57fe8f221e0b763be820f09c879ae93e7a1c087bb6b4663c0f8636ff223d272
+Nonce = 563cda60f2f70dce3cb3358755caf58f
+PersonalizationString = 8ea0b88ae061af0be6971dd63db7b0b039c31db568ac933bc4434db3f8812c13
+** INSTANTIATE:
+	V = 8857c6d73a26d839da32e7449a74d63d915454398c33e025b866c3b0a5e5e1c9545962fa344818b83aa615e5fb4a40726af8bf3c4968cfed11fc7755e740d6a29bc99ea7a3fdd29e8623b6656f30f6961dc4832db25a5c0d98cba9f09fcc97eb9d9b1444d981de5d181374eaa36a80
+	C = 9f8493ced274306aafdba8fc56eca0a68e2da93c4a4c6151be020d6ea0c1d887709b8363ae59376ddce2bd723f05696d7b55a6de7a7173abe4a63124d43cb48cd1ac10f988a721589ccf9c851fbc673c1a0c78cda5301e8e5a9998c795cf908b7a15d99a6ae0ac99f4be227f018a1f
+	reseed counter = 1
+EntropyInputReseed = 5966502790e9d3276f9b7ba83bfe69f9f4ba49acd1001e6308cd0f66a7495c67
+AdditionalInputReseed = 
+** RESEED:
+	V = 63534774e21d3758016aa367fde124b716b041871a1ad9488f5ce54760039f44c5ab10c47a7fd642f5880759eac3076c870b7061ef8f49f5e6aa0edd39dc85e0c1233d61eb86e06190c97be9a474197007468a2bb7fc6adbdbf521095bea34015dafc9ebb03cb6963fb3befdf33bed
+	C = 1a3dd1a57c9e199f9ca5ee69c3117d9a9b63da8e18b557ee6ab2afcd71d954263f4ddf5c5d9e791fcfd7e546bb6d48897bf7c4a6934510dc10d3d056878dbade8af4648e6f73a9dc7c02040a2d282e1a87ae75a4126fc94bfc1d01f3dcde5db9232daeed518154b87b19e039250d10
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7d91191a5ebb50f79e1091d1c0f2a251b2141c1532d03136fa0f9514d1dcf36b04f8f020d81e4f62c55feca0a6304ff60303350882d45ad1f77ddf33c16a40cc40a31d2b47554c14b40d03c21f40af5be2edef2fa86aa863c5f047869ebce0a78cd8ec984042afba4dc3e6072b12b8
+	C = 1a3dd1a57c9e199f9ca5ee69c3117d9a9b63da8e18b557ee6ab2afcd71d954263f4ddf5c5d9e791fcfd7e546bb6d48897bf7c4a6934510dc10d3d056878dbade8af4648e6f73a9dc7c02040a2d282e1a87ae75a4126fc94bfc1d01f3dcde5db9232daeed518154b87b19e039250d10
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2170f7385bdf12064a9ec2e2196687266050d798c22236ff7fd20af638bf6e4070bb0f982d647b1662f217bac86c809409cbb2c16f44b3f6dcba3dd00d41c6605c831e9077356e11320d188fbd75f5198b4f6bfc9c10b17a83a9162ad52ae896c31e4bbe0b017f24ac85891be24d4fdf68e7ba4440b6e848e3ab7ae40cbdb6794174aa2d8cd9182f1cda19baebc8269a4288adc40bde499e98840e2fa26bfdc45b07fa1472d94fcea118cf39352f2745bc83eff78e8bf7d36a9da98367b308e8
+** GENERATE (SECOND CALL):
+	V = 97ceeabfdb596a973ab6803b84041fec4d77f6a34b85892564c244e243b647914446cf7d35bcc8829537d1e7619d987f7efaf9af16196bae0851af8a48f7fbe3c6357bb40ef0b1f8a88ad81f09ff7caafc756e037f67e5f0bdfba00224ea7d40b4a70b314fa0bbbac33cdc6f0c242b
+	C = 1a3dd1a57c9e199f9ca5ee69c3117d9a9b63da8e18b557ee6ab2afcd71d954263f4ddf5c5d9e791fcfd7e546bb6d48897bf7c4a6934510dc10d3d056878dbade8af4648e6f73a9dc7c02040a2d282e1a87ae75a4126fc94bfc1d01f3dcde5db9232daeed518154b87b19e039250d10
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = b8950874c6eecf83f3330f09ba4c05a67812b5b2b8d9e70eebc5b9ce16fc8859
+Nonce = 2317912b11dde6143493791981a164c0
+PersonalizationString = 0b80a9aca665eaa1e6163fd4cdc1f65f63c3c359864d719a47d3b2817db95cb5
+** INSTANTIATE:
+	V = 27059f242b3f1ac3494ff5492a8ed38aa2cd9e1d8479e129f41ecf49539e912944206bda390279490d1db52e802cfb2cc78e16bb2eb45a36746864c4bc5ca2ca8c9fb9a73165bd8f98d4af878516e0d65496a23cd136dd165f70dc18749d56ce1a036f484d8fbf187d0676875af66a
+	C = c8dfc244c4b7fed531abdcff6c98ec0c84795e22050d340cb577f3499b66ab74a69a0be9aa422fe0c3a2f11ee70992787b6821cfac7c9a9e73157e17bba6f11760c1002a2830289b9630be2c0dcfa7262b27049924a1be693454951dd5bbec35f8408abe58f0680dda0db1744eabc0
+	reseed counter = 1
+EntropyInputReseed = 7e80c4288fd0d979d9c073ace587a54a82bd5afca08acd1451b189ba0318b982
+AdditionalInputReseed = 
+** RESEED:
+	V = 91d28cc599443f7c5c7a452882138e4b942965257a9f1c9bdf59f7a1059c7ce4dbf5080ed76bc1ed769659b9b2aa6a7b50cebc69cbad2ca77ee420cde82d9c1a9eecd38b7654c68f94f95fba3cc181ff6f64859aceea064279c872be2bd328521a9b561089b4134aba4f552f1820b1
+	C = 151a94238672cd39174da21e99f7feeed001c74a9dd8a30854df1381e984028e7650587200018ee6e632d7f49060f3f3bbe4e8876e6554f4640ba598539b06499e1e47ffc3f3e79d446f5d7b6154a375c35ccf363de6faffcdc60e23d4c0e43f3b5656acaf9a5c6a8351ec75385e91
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a6ed20e91fb70cb573c7e7471c0b8d3a642b2c701877bfa434390b22ef207f7352456080d76d50d45cc931ae430b5e6f0cb3a4f13a12819be2efc6663bc8a309855b95a2df18920556b412aafba888013df8d82ff96d3f8b5d0f8354850f1485884d0e98a746d3da1042550bf6020f
+	C = 151a94238672cd39174da21e99f7feeed001c74a9dd8a30854df1381e984028e7650587200018ee6e632d7f49060f3f3bbe4e8876e6554f4640ba598539b06499e1e47ffc3f3e79d446f5d7b6154a375c35ccf363de6faffcdc60e23d4c0e43f3b5656acaf9a5c6a8351ec75385e91
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 483adbe72efc9764e921af0a7d61651d983babce9b05b7cf25a0b173f4312c50052c1defaea50fb858513642128b8eeaba35aa5782066ba6a006764f442f4a50ffa73e86a8cd262c536640bb98998d2ce5174611b24455d8aff74a968f3c7e903f55ce3747fcbac1f0616036127ff0491261c7399f0032383baf74f33c7c7dee6624b4f12694d94d2c1014f5ef365f337ba7fe032e60d111e74088ac72d9af888c9e2af05f21f89e34c73e43e65865c51d6c39d4b63bd37d4d1fd6f1dc38c8bc
+** GENERATE (SECOND CALL):
+	V = bc07b50ca629d9ee8b158965b6038c29342cf3bab65062ac89181ea4d8a48201c895b8f2d76edfbb42fc09a2d36c5262c8988d78a877d69046fb6bfe8f63aa1f54ecc5307da5ecda7ce3fc39ee0d3bde6246e938a416f13e10bcd0c412698c4b5f9b76d114f17fe844e428f6874a62
+	C = 151a94238672cd39174da21e99f7feeed001c74a9dd8a30854df1381e984028e7650587200018ee6e632d7f49060f3f3bbe4e8876e6554f4640ba598539b06499e1e47ffc3f3e79d446f5d7b6154a375c35ccf363de6faffcdc60e23d4c0e43f3b5656acaf9a5c6a8351ec75385e91
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 473f8ef53b3e64cd1f881ecc4fcdd3a23da7dd3338eb797d162ce05beed6a922
+Nonce = 699b9221f163fc3295abf49d26d3ae37
+PersonalizationString = 335b75b96459ef8b5ae6bc132334611c3d2cdec659369c1cd6c73a4361bbc6ce
+** INSTANTIATE:
+	V = 3678baca7d6ad4a2f00a68f0de3480351da4c6f231f5617e6610ba6c6ff249c9008b0b272f4d20e7967449ca6fcc5cfd929603f1674185d96e2ab5d1d82ff2a115fe2af00b11f5e153725a5ff66220e0f734499b654c71b9278fc9d6ffe49ec71c89fccd6f739dc98dcf18213d5ea5
+	C = a52fe6ede4a2a1efed9c1c58d573c5f994f684acb327f596c6a67a8e29d37a9bbe07ab5a306b870e66ea133a91009230064fe2fe20f69c17b93418ebb474182dac55ac5889403143a4422f1e0fa11a31431efdc991e0a4cd9db6cce0c7f989f4dd024c063fb304082be2ea2ce36acf
+	reseed counter = 1
+EntropyInputReseed = d7e9cd4f970f7ca62da5b60cc710dcfbaeb4b8184f519272264d0d947882ce6b
+AdditionalInputReseed = 
+** RESEED:
+	V = 590bcb1c2e2ba03839a9c0856cd26cc211f7f7029157dd835e0085608930c018c01e024448cb96ac055000b623b5d095cbf432782100ae20159587fab9367bae133cf0f518f2253e3f78ebf7f82b13d34ff8e31add329bf4fdb23fa72937a9d8f904cef3613a040674ccce24275945
+	C = 64f6dce7a17584fd0087e6db1ad7c6ae1698c66d17299c25a97d24d51cb84f7b9d5812faaef705724fd06551dd7513a15bdb378f264dca8b086f96cb0246848e6458410b5f42f4320cebeb7ce00949d630710b3c0092d7de06c7b335c653ca80fc9b67990d3cc8c54c676a0fcbdc4b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = be02a803cfa125353a31a76087aa33702890bd6fa88179a9077daa35a5e90f945d76153ef7c29c1e55206608012ae43727cf6a07474e78ab1e051ec5bb7d0067e4a2732a629bb3e802346a4d1ca05143d59113508eae5852a4166b70e68c6f26fa0487f9aa1fad679c7b3a946c23be
+	C = 64f6dce7a17584fd0087e6db1ad7c6ae1698c66d17299c25a97d24d51cb84f7b9d5812faaef705724fd06551dd7513a15bdb378f264dca8b086f96cb0246848e6458410b5f42f4320cebeb7ce00949d630710b3c0092d7de06c7b335c653ca80fc9b67990d3cc8c54c676a0fcbdc4b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9c54f3921b8b57d66f512925e3621588d581046fdd3e8656027deba01980fef16853aa99df656294fd768399cff6f871f3e5b53e6323311237cf70d38f3e59f95b1b3ba728284485fe6215deb78bb3f73d407543b0beb1f0bd58f8eef4c275f7acdb9cf9aa5666f63bb43cd514e3c0ec32223e2ea487484990f8a2f520c033712c1697736d3c750034cc075eae40ddc6a0d15432e2d886f71680a992b2d9101e2653b53927771d08f74e467139a73367992a62b6495baddef542de6a191a1b5d
+** GENERATE (SECOND CALL):
+	V = 22f984eb7116aa323ab98e3ba281fa1e3f2983dcbfab15ceb0facf0ac2a15f0fface2839a6b9a190a4f0cb59de9ff7d883aaa1966d9c43362674b590bdc3859992aef7181400b73af1716b659eb4450227017123c1d4896fa8c4f4d15e27f8eae2eec7c7f0ddf4073e2f2ca218d36b
+	C = 64f6dce7a17584fd0087e6db1ad7c6ae1698c66d17299c25a97d24d51cb84f7b9d5812faaef705724fd06551dd7513a15bdb378f264dca8b086f96cb0246848e6458410b5f42f4320cebeb7ce00949d630710b3c0092d7de06c7b335c653ca80fc9b67990d3cc8c54c676a0fcbdc4b
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 2e566be8b1952035b43b83872b249eaa94050527026bef50b21025cdf28472a0
+Nonce = e5b89b3be1fbaba65ba2b85260f7cff7
+PersonalizationString = 3aa8bf4a240cb14afeb9a9bd2a981f5c13c8e85a432e1c78f739e753292f63cd
+** INSTANTIATE:
+	V = e10ac694d05eb129fb5255fddcb850472e67469ee6ab1b8848857cabd434fc70fd087f7ea2883dc0fda746c7e153612ca24555b3069767e2dd3690d57710df214e88ea2c1b1e608613ad1f0762d72563c26c1d42f20d055dde0e4192830571c21d63bcd4b6b4f7cc45540cd35f9166
+	C = 039bfdedee8ec53f63856f8e519b9ba68dd41e35af3d8154a5b53a829418ae0443c06f1da1ac2b348cc4dac74c9650fc464fbec76ec61963a77633c95b01523e6482a795d3bd3810ad7501771ef1f1ccee884ad4322a4fb9adac8f41888c01e28795eb5ed224285d259149bf19d0b5
+	reseed counter = 1
+EntropyInputReseed = 73d6a37ef64e576825bad01597cbd61494ab84aab24d476ac0883674e977254e
+AdditionalInputReseed = 
+** RESEED:
+	V = 6fdce6d35cd5b12a9c31c9446657c7c6044d28db61eefcc198dd57a4037e44bebff4a5f09719757f646bbac0f770e0e0b910e4d26d50823ad63d28123df41d0848b365963138076f505428297b3a8693ca007a846e6e8c089eae263720092a9aeca9b436b4a5a4810cddf8357a4736
+	C = ebf681fb2ef23eea2ee70938bb1e9ca0a6f724ce48bcc099308d140c61d949a18c2a51841eedeb5a2a6d52fbbdb1580e4223ec6f78b6e133a710c3bf59e6994f9eebd69f8c13110c8112b7bd092e54a40eb3b525cf15fb5d0243991710a82eea851981b43a9fd8494eb66e96c9797b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5bd368ce8bc7f014cb18d27d21766466ab444da9aaabbd5ac96a6bb065578e604c1ef774b60760d98ed90dbcb52238eefb34d141e607636e7d4debd197dab6ecbbff5f54e120c01c8031532e43c17b8586b1189bde7c1d174a67247c8ac778b2d767bc04611ff6082e0792f49af4d3
+	C = ebf681fb2ef23eea2ee70938bb1e9ca0a6f724ce48bcc099308d140c61d949a18c2a51841eedeb5a2a6d52fbbdb1580e4223ec6f78b6e133a710c3bf59e6994f9eebd69f8c13110c8112b7bd092e54a40eb3b525cf15fb5d0243991710a82eea851981b43a9fd8494eb66e96c9797b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 46a186f77b6ea62e840d7869e32a996358d2c674b7b8887644b62cb3baad2753b100b31ff54fdc0f99839c65210e6564d27719de0a4508931513fd427747d2a3c1b5c23736abd5f073cc09f4722cf8c44e5baecb36071e3088f73ca25d5ec773fdeef388406d7a27c14b50cde3a3c219a20336006f3f1d06d975b09141087955863e6eca5fd04b026d7a5301a756b6b951bf6b2785e48d93182d67ac6be5a0794dadd5d1c15967094abddccd12f66e36ba95797f879c315d6ab1354e0c28f1f4
+** GENERATE (SECOND CALL):
+	V = 47c9eac9baba2efef9ffdbb5dc950107523b7277f3687df3f9f77fbcc730d801d84948f8d4f54c33b94660b872d390fd3d58bdb15ebe44a2245eaf90f1c1504155b8b34a2814094b4c4ed3f73724fd2f301c630b60b743292327bd02475b59a9d48579b3f683195580eda507d0d86c
+	C = ebf681fb2ef23eea2ee70938bb1e9ca0a6f724ce48bcc099308d140c61d949a18c2a51841eedeb5a2a6d52fbbdb1580e4223ec6f78b6e133a710c3bf59e6994f9eebd69f8c13110c8112b7bd092e54a40eb3b525cf15fb5d0243991710a82eea851981b43a9fd8494eb66e96c9797b
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 351b87e31bd09fe658a45b2295cf3593ea7b40bdc2adf168d1def87061113a5e
+Nonce = bc16c35e8e348af6e173d8011ed830a1
+PersonalizationString = 746f5a9a9477eb91555b8229e32879afcbd2c621981898071daf45d0321d10e5
+** INSTANTIATE:
+	V = 9b663c1a60987d33ccc1b47d80fb1d53c1df0b162deb7a0ac6e9e613cde71a39ce0382fe7c28cbde6f3919251348bdf7a0f3f1a7a18ec28612aae7d36c1dbd76748729f03dab623cd84ab1e4dbba9af7268f18e2f0158038f90233e29c6efc3abc18c3b434c0dec86f0dd289345626
+	C = 649e762ebd9b8efa429edcde042a77a17cf7c92251b3fa2d655b0e00bab3d83af51594829176d824156b3fddc43ebca0f17ee72a56e1102a43a18ecfe75c4d8031f305ac0b599f040d46c4ff2699efc3528b2222e1c6863d130e9111711c69066cac9cba86fd512999d64c75e56b77
+	reseed counter = 1
+EntropyInputReseed = f2f345f65de40f2ed90030edf01a7fb639f21c6d73b633deece50aacb5e55569
+AdditionalInputReseed = 
+** RESEED:
+	V = 9d1ef401a8d52a835c103de556be6c14ed1775eda53f74b3b35bdaf72c8e472b7e67fed4cc233193f789fd3468c576ff8f112237811e73f6bc81ed15ff3fa6bc93d6d4f9229bc1be1b578d1e0003d90063af6ef274967687ebd8b5ea9a3ed8b94be824be49c1ed0189832d4bab6264
+	C = bb6eb7ed3fbcf8924f56efc6620b89f3a6a28939e4db81f3592fd4bc749e923502ae0250083edbd97d6b0d7dabaa388b330aacfe84745d8955d30a273116d2f712cddd4bf06021df3e96043f072c00c100270e144ca36adaa4e201ad9d0f9efa5cf22ef7a99419bd1ad6b4b8f4fae7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 588dabeee8922315ab672dabb8c9f60893b9ff278a1af6a70c8bafb3a12cd96081160124d4620d6d74f50ab2146faf8ac21bcf360592d1801254f73d305679e1a186a818a6db848ddd484fe74a205fc9fd014d684cc70bbc28cbfaa946323c13f6b4c89b2b35ff6ad3fd50555e45a3
+	C = bb6eb7ed3fbcf8924f56efc6620b89f3a6a28939e4db81f3592fd4bc749e923502ae0250083edbd97d6b0d7dabaa388b330aacfe84745d8955d30a273116d2f712cddd4bf06021df3e96043f072c00c100270e144ca36adaa4e201ad9d0f9efa5cf22ef7a99419bd1ad6b4b8f4fae7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ceeb3eed305923c6c76fd438d7ecd9bffda8458260a96f1f428cde80c0079610bdd452c03ae95d293518bcc542379037de9e0283e6dffc4c2bb77208e7e327cc53c0b1789921ebefb4c4d113ecfd1c9c29694b7c9935d43147387e65f6524a3d6f4f6223bed0a217ebc95aa7591476f66562d65adb648ef5b1666d6765aa08f03c1aed6494662e6e818b68ea153f3635827219a97678557cd801e6adf49d2746b000bcfb242c73276ed072d3a3e533b5cdf2a7791e5dbd73fa6284e009d13d10
+** GENERATE (SECOND CALL):
+	V = 13fc63dc284f1ba7fabe1d721ad57ffc3a5c88616ef6789a65bb847015cb6b9583c40374dca0e946f260182fc019e815f5267c348a072f0968280164616d4d3da64e2796df7063a4f09c20eaf896f69c70b994cf84114c1c037d203027b97daf396cdb3539c640628c5ee8a32385e2
+	C = bb6eb7ed3fbcf8924f56efc6620b89f3a6a28939e4db81f3592fd4bc749e923502ae0250083edbd97d6b0d7dabaa388b330aacfe84745d8955d30a273116d2f712cddd4bf06021df3e96043f072c00c100270e144ca36adaa4e201ad9d0f9efa5cf22ef7a99419bd1ad6b4b8f4fae7
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = ee3248f8d2d9e90ee7bb50d0dd3700238052f47c0602d8d7a86d19ca53519f04
+Nonce = 4740c4aea73cd14da580c158dbf24c57
+PersonalizationString = 7c7651924d2aa643f925f75752612b0f625a202f5adbb29044e88fd5496fdbb4
+** INSTANTIATE:
+	V = c980301df742fb6260b4b7ce0925dc5cd3a39f3c47cd03dd3503b8e0acd82f1abb550a2c388a7a53ed9d0e9257f0f60e559e72ae923b0f7c4e2b66a1e701e00d7810a0bd0e7dbb5535b1a891d121eb6bb8fa9360c8b4e065e9e5ac8980905ef18ea26e3010e1ef220c3857426a6dc0
+	C = f64360f06e0964ca33872491714bf4ad5674e1d2ddff86d8abc062f95a5ee1afc7ccde0f8456e32558359426f6e743a0927ee918e4e1bbb9aed8d6f51e0fb6ea7e12a23a21120023797457ee3dc9e696480ece0a4e3a8a6608f9b70a3f214780883568567f2e7052aeac3b3c0702f8
+	reseed counter = 1
+EntropyInputReseed = 615ce0fb36f81af95a9f96f574ac180b4b394ee2311a531faf438231e4a8567d
+AdditionalInputReseed = 
+** RESEED:
+	V = b7d10df249e5d46032dafffad48be9c5a83861fc6a3da9088b8b7b25b65375951e004799a56cbf55a76ced22f72f113ef5d310f021af22015df23c8eb68000e79c5e28e6370411f16fbd1027ab0d18510dbec69fa12cc99168d2d9deca32591fbb0eec14f1910e3db5074a95c89443
+	C = 3a6fcb064f69a492a35e5b486869aa072bc58d7da663c91c2b9290272a9bdd5cd25ea2ebb2a98c941d3634a2b6181a7c563364babd929cd509c46a633e945a9c62f5aa150cf907d9cde1c08cf6ddb05d9cec79e94d2759a193268d07fac5a043f7e021b42e378672459ba1db09c4f7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f240d8f8994f78f2d6395b433cf593ccd3fdef7a10a17224b71e0b4ce0ef52f1f05eea8558164be9c4a321c5ad472bbb4c0675aadf41bed667b6a6f1f5145c78c3d14a78a4d114486f564d274282b9859e3fe729c491ac2e3c9397db3c1001b337d163eb53ec1f356433c902ad01bd
+	C = 3a6fcb064f69a492a35e5b486869aa072bc58d7da663c91c2b9290272a9bdd5cd25ea2ebb2a98c941d3634a2b6181a7c563364babd929cd509c46a633e945a9c62f5aa150cf907d9cde1c08cf6ddb05d9cec79e94d2759a193268d07fac5a043f7e021b42e378672459ba1db09c4f7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 87b257e33ed4c4ba9c3b8a06e61b76285946fb4c88ecf8be0ff3d4c67c6cb862f1970ab637410feee9e9dc01782d6a6344f957d36a0e282451f9d496cf8f6b223acd1814d7d9d1092a696cdbe5cef74fe5f8229b206907452f162acb9ecbe945929001bf87085b4cfd18566b7a7ea721f61c1c74c97677f73affa487790a513446877f8c9247d1c25c2da4fdf04a5c2a39bf637361798d2aafa23e91447ba8b5eed3a0b822d956d4e014512982ca1cead793b608600613be85958dcd5be0d673
+** GENERATE (SECOND CALL):
+	V = 2cb0a3fee8b91d857997b68ba55f3dd3ffc37cf7b7053b40e2b09b740b8b304ec2bd8d710abfd87de1d95668635f4637a239da659cd45bab717b115533a8b811a3f0b6f07e29794225f521abf0167e866af1183bf219af5c3347918245911578bd7c78934b593449a5d8a3e3c10d77
+	C = 3a6fcb064f69a492a35e5b486869aa072bc58d7da663c91c2b9290272a9bdd5cd25ea2ebb2a98c941d3634a2b6181a7c563364babd929cd509c46a633e945a9c62f5aa150cf907d9cde1c08cf6ddb05d9cec79e94d2759a193268d07fac5a043f7e021b42e378672459ba1db09c4f7
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 95d2c170a788f611c7e420d4075a38743b05b13da93c73d9b53688c6b5d099d4
+Nonce = 9b68229175ad53c7dbb4b8e24abd9b8a
+PersonalizationString = c93d4515278dfbc9e4803c919865ca79730f7dc7f2d1fde914ac56f304eeb687
+** INSTANTIATE:
+	V = c301c53b75691bcf8cbbc5429a47f1a1f8d10a7c0b5402a3faf966b1a6525c927d344516b26308e9b2f1f1e17475d41c6e067fc0f5dee115c73a0f210e19f3a497cb772e922ba0719e4ba11b4d7187ff9e407eaa52cf60f47c78fda09291441d42d8dc70d7aa9aeac545974516faef
+	C = dae306a941406a4cdcdf4b5d7bd31e13daf01797bbd7a362e180d68b225559dea51f56a2006e1ad319cf69757120dc3a59f50a624c372eb12da233b5353c59518c29fd1b85c6a1a4c00040158f3489614664565ad134be367d12d336c120464b94f5892d7414ff8b5a60b080a8f9cf
+	reseed counter = 1
+EntropyInputReseed = bac72a76a030e83398607acfa93af9bf8038db2a2cde4324b7417c4ee4ae3ed1
+AdditionalInputReseed = 
+** RESEED:
+	V = 3470ba311e7e87cb0c5126162d3c6694fb83d5b0d24ae03d7550ad031e18650a161432597dc7893abb50a2a4d32b25da7252d2505440291ded7128529bb4b83909fe6e93c77015177b9f2c0ebc5a13e106c1d1ee43154bb2f819bccea79b867e3093f6203d60cf47c461f96909a1b6
+	C = ad9c9fd2a48e704e707aff2c33093b98a30c05faefc855baa20c4ade95cc2477d7c9d94c2c4aba8ed70478515149f9359af09defa0cd3189439da070d17e09196837b77a0cf269ac66c73de7b43db693fbd30d48cdb5847d0cc9ba9092cfea1e8f81358fb54ebb36bff84e5ce50ec0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e20d5a03c30cf8197ccc25426045a22d9e8fdbabc21335f8175cf7e1b3e48981edde0ba5aa1243c992551af624751f100d43703ff50d5aa7310ec8c36d32c247d9c2bf576fc3fb7b97c1b31b07a410174c4f43dac4a6a5bceba30dbaa0cd475a158b7cead9f6e5fe5432eee595d39b
+	C = ad9c9fd2a48e704e707aff2c33093b98a30c05faefc855baa20c4ade95cc2477d7c9d94c2c4aba8ed70478515149f9359af09defa0cd3189439da070d17e09196837b77a0cf269ac66c73de7b43db693fbd30d48cdb5847d0cc9ba9092cfea1e8f81358fb54ebb36bff84e5ce50ec0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5275712ac6dc6a596c80c40a3bf584cf4a3983cf56b202ec892ec58af4fad3d1389aea6ed37d54af2b61e8590fd0a30f299db4e9ca50f6315e5843fc6e41b8423db4f96a0559d875f92f636fbe3c613336976b3146ace9f6b6e57c7ce37b36f2f90ff11d5828ce9c3aa10de629fcad6d62d2f6d49629f47b9065134ed392d096b74bb4b262b3b454b8261f4c857144d1e8cabcffa0d0d153f60efc82c15ddfbba5fa3a32822ebef2503f1f41c76086373ac6022491d2502542d28fc145e20c53
+** GENERATE (SECOND CALL):
+	V = 8fa9f9d6679b6867ed47246e934eddc6419be1a6b1db8bb2b96942c049b0adf9c5a7e4f1d65cfe586959934775bf1845a8340e2f95da8c3074ac69343eb0cbb5b0726451174632d3dabd3d7f75de33c8110fc1117465aaca963713e73bc036a66682b2fad94282bbbbaaeeb92d211e
+	C = ad9c9fd2a48e704e707aff2c33093b98a30c05faefc855baa20c4ade95cc2477d7c9d94c2c4aba8ed70478515149f9359af09defa0cd3189439da070d17e09196837b77a0cf269ac66c73de7b43db693fbd30d48cdb5847d0cc9ba9092cfea1e8f81358fb54ebb36bff84e5ce50ec0
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 54ba2a92af8a6e198dfc7236fa60b679d02707a0dbb1aadc4b82d5c9092f46d4
+Nonce = 620062a5f802a0be0ddc7619bff9de01
+PersonalizationString = 4d2e0bc06571581e85efae2aaca4f577d84d3afc5aa972a2f6d63a0bcf64795a
+** INSTANTIATE:
+	V = 4fdc222aad835859000d318f5fb480b68c8385e6863379c37f5e84c0f0a0285c2a09f81be535115e02930b8e6572f3344a881fe611aae3b81125e5a0e25451cf2a828e469e0be610f6e9e9ef87c6bc7753b58ad3a7d617fcd6a454135697b1c9273f3f97671493b0bedd5f4840c2c0
+	C = 9c2c3138ec001353376e9c47f5800a6c44b39a0d0c559f84b1ada5c095507d2db1e991d2edec29c2e85823ce839c8180522ddf0573cca00cacd405e1218070d49fdbc4cfc48da3d5dbf192b2ae3c48f09df29add0028c8426e5b6444d889bf06bc0e076c1acc33ba35295d0282a542
+	reseed counter = 1
+EntropyInputReseed = 629b4d53bc7bcdf91500b9317844c68348806a4aefe7a23f7c8d07035b502376
+AdditionalInputReseed = 
+** RESEED:
+	V = b000691b328a68de8ac745e73518993883a2452bccf7b499a62aad80df9d313c7c2b7a1ac95dab5b0527d19f074acebda34793183654f0a9ba93d07c8142f0291ec791512c6a96b9c7328d435d7c24b438eb580ed3fda5644e6b5862b45738b51086afa38f7ff8cc7635fdbef4b1d3
+	C = 48b5492046436cd4553a830fdb91c6c5b573f05c80939645ae821d02d68aba62fc07c82fa8cdd6828af84caa70eb8338d80754d1b81e73e27a28acb1a22d419658e0b75684542e6812674fb4d913776676cdd7278da0f6a387a409e2057b5113ae27f40bbad5f867a83348d99d6bd1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f8b5b23b78cdd5b2e001c8f710aa5ffe391635884d8b4adf54acca83b627eb9f7833424a722b81dd90201e49783651f67b4ee7e9ee73648c34bc7d2e2370323bede677721963d4a03d5119398be5949aa0657048c247e12082255ffcae00cfa6207cb5b08eb5d7ed64518940a534d2
+	C = 48b5492046436cd4553a830fdb91c6c5b573f05c80939645ae821d02d68aba62fc07c82fa8cdd6828af84caa70eb8338d80754d1b81e73e27a28acb1a22d419658e0b75684542e6812674fb4d913776676cdd7278da0f6a387a409e2057b5113ae27f40bbad5f867a83348d99d6bd1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fa3a2822f188a7cdc5b317fe4b8f9463ecd3016d8543dc4776f317811b8e3751be35c292520604570e35487ca6eedf74b4818f131a1d41dc73334e2265cbf8605933484577be0717d10b219b3530e95f6b4221cf377efa15c62ea1230f77b58a1280ec77e38c49657c59deb56af058cba2c26febbeb223439522ad4062f158790d3652170f29567436262a9c796c2693b04bb2571fefb11044ab6ba956a21b240ca09273cc629a1a1a44c7ffdf3558d09223860a1b1b5a6b65ed20728c681bc1
+** GENERATE (SECOND CALL):
+	V = 416afb5bbf114287353c4c06ec3c26c3ee8a25e4ce1ee125032ee7868cb2a602743b0a7a1af958601b186af3e921d52f53563cbba691d86eaee529dfc59d743862663d5d34d4a088838f9ec12e3e9649db668ff2a8c80a1b54cffa2747eb574a1a5f5fb9525bc8887f2470d0dd5b94
+	C = 48b5492046436cd4553a830fdb91c6c5b573f05c80939645ae821d02d68aba62fc07c82fa8cdd6828af84caa70eb8338d80754d1b81e73e27a28acb1a22d419658e0b75684542e6812674fb4d913776676cdd7278da0f6a387a409e2057b5113ae27f40bbad5f867a83348d99d6bd1
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = ff496287e549ab2bc0bf530864e105580c3cd9c757aa2d6cbbc804e77819460b
+Nonce = 37e0e6e4026c0888bef81473b0862690
+PersonalizationString = 6e51c748c654219b7ab5750be8f794210e70abf03787d49c65147e89f0cf92a7
+** INSTANTIATE:
+	V = 982461e048d981697bad6b37d9f5573c46b7334aaaf6e5ed85f0e0ea0417c9157ad3681c28f0619f3018db85efbc7b0056848666f43c27a7de16844179da8ca9e222273aa1624a6f63dcd8f0d3f9242c2266336df2eb3447d9e490080649655e437cd35a8fbcef66d3cd92d3f74ba0
+	C = 268f50fed499c8b5158696847eab0be51ed6257b141b5c6582e04b8c3cb8185f5b2e72cc8da1cd7b973aa0acc0b6fd1f08a6715757b6054e36ab100372a567bcfe805b205ce8dbd30ced3906c83ada7bc6f7e7e8875a401da505087808ef8b018258dd495acbe485a878be39caf9d0
+	reseed counter = 1
+EntropyInputReseed = 9facb539fa017674ae8e4b81f5888394a38e11e6ef7fcc5cd5c1ade06723dec8
+AdditionalInputReseed = 
+** RESEED:
+	V = e00365710213ad1f3658e2f879fc40328af6c6a5f2aaa11f3a7bd07d45480e184b982054f8c27ddb5dc50832585df97122b8053c9921b8066bd6881b996dc8ba51d3ca621cde3ccd6699bcde9bee59e8884ac25bab6df5fee821d170ed8da9fd847952e6bfb7ac7ae2e4cfdd1ac19c
+	C = 67bbbf56aa729f755dccb0773e00083f740f45b36eba44bbbe6947f966d100af29187644b1a02b2aae0dc74d135de9b528f845727788bdf155452622a0bd337a00169a5eaafe08675d5db016a9c1c1125d4aa081cf7e690d2ec91f485f2155e90c1e33a9e6e08efd7d48583a66f558
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 47bf24c7ac864c949425936fb7fc4871ff060c596164e5daf8e51876ac190ec774b09699aa62a9060bd2cf7f6bbbe3264bb04aaf10aa75f7c11bae3e3a2afc75c284fc390a17485b62ab0efce100bd3e7bc9469e8a2f568b50e17fbebc917f5857aed54a48b9a5931d8eb5342b560a
+	C = 67bbbf56aa729f755dccb0773e00083f740f45b36eba44bbbe6947f966d100af29187644b1a02b2aae0dc74d135de9b528f845727788bdf155452622a0bd337a00169a5eaafe08675d5db016a9c1c1125d4aa081cf7e690d2ec91f485f2155e90c1e33a9e6e08efd7d48583a66f558
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c8b891484d8b52f623537b0a2ce4533917d971e1b493c9c4e23407ba4033c62baab21b9e505b55c9fc91687103b68d0f6adce7d771bf41717b727c33b4bdefc10e0a202310fd6b2cb22007ad5cde1dcd19cdcc7d3a40866b76b6c4390f9a2c8dc16855069a8d1a3f41fff4212caa9899670d2039fb12817d0db32bb8c85bb5c6ebcd5179b4e972f259b64768d693cdb75a98b2e55c4a29038df3cce1e595b292dfe09a6ded051becb35b4969bfe0c6b61ae5726769e44a4a684be785a16b5ee2
+** GENERATE (SECOND CALL):
+	V = af7ae41e56f8ec09f1f243e6f5fc50b17315520cd01f2a96b74e607012ea0f769dc90cde5c02d430b9e096cc7f19ccdb74a89021883333e91660d460dae83097fe5cf3f2c53791ee46e01295be18d8152243e91125aa6911f7adca54e324c32e4dec6d6b630af376aa95918b5bb99b
+	C = 67bbbf56aa729f755dccb0773e00083f740f45b36eba44bbbe6947f966d100af29187644b1a02b2aae0dc74d135de9b528f845727788bdf155452622a0bd337a00169a5eaafe08675d5db016a9c1c1125d4aa081cf7e690d2ec91f485f2155e90c1e33a9e6e08efd7d48583a66f558
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 0c32c96d1769f6fd0fe9b16b6e629b5cb2bfca7e135dba4cd9be40a693721c3f
+Nonce = 1385e6d55234febf5bb26d11a7e8ab40
+PersonalizationString = 44c662fca5cf8dca574b4ff8af88427555c6985a3f0ce8e99d3e9c741fbb3f75
+** INSTANTIATE:
+	V = 471653dde418c847b097816fbb274fbf3d0d697d7e5011475952334091a1ef95c7b83036f602d42c18fdafdf25859e0d6ae2e676bc93c65c1c608791608c5354a4d9e08161bc42580f543cdb205faa41f678619b0b94a7bdff395895fe26491dc2c16c0272e54daeefc7c3f9b5a91f
+	C = 8c95ae169071aa594f55ba5ca2c0997a55ff6971e9265b8fb559aed31cab8406edb51f41ff711036eb03ab11bfa53ad01767fa8cd5c6b9c0acfe226671753b950a91e3dc3b0da2421725fb9096c4bdd0325c94865beff9c3a77a9bde6d98cc4d38ec5abadb12b156d12476e02f8a77
+	reseed counter = 1
+EntropyInputReseed = 080a2f0c6c8f5bcc4a4103c22d40b2866c20cd24b85905960865ed4b2ef2320d
+AdditionalInputReseed = 
+** RESEED:
+	V = 9d4e3c5a09e9d4d99b0a7eaa2b100afe4d517d295a1d687a9218859cf55231881c04b7f12c4330c0b4b4b364735c35517329708f371e1c09c7ac05503aca90f65cf887db3c4f7d1b705981a662c99304dc464d0b87fe7028d226fb29294c3a78366113878ffb3f882f04733b5024ae
+	C = 63cc0ffb9b7116574862d424af43c2beea8f435c76d8e532f24269626fea3e89801800ef68a78c65cb433b6a44713e3b2c89f23f86f1148fb234fa376c5e3efb507c5bb7f7d40e2f0f9850f5e87b15db6ab9281d5715f85639505e800269510ea280df81651716332ddd61a5a8c1c6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 011a4c55a55aeb30e36d52ceda53cdbd37e0c085d0f64dad845aeeff653c70119c1cb8e094eabd267ff7eeceb7cd738c9fb362cebe0f309979e0ff87a728d07d0d0642c5d31a95de4f9a2ccce6a445120fa1cac43e7476b8eb90188314b0bd2f3dc024a987852f8f80218882161232
+	C = 63cc0ffb9b7116574862d424af43c2beea8f435c76d8e532f24269626fea3e89801800ef68a78c65cb433b6a44713e3b2c89f23f86f1148fb234fa376c5e3efb507c5bb7f7d40e2f0f9850f5e87b15db6ab9281d5715f85639505e800269510ea280df81651716332ddd61a5a8c1c6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1e752da2ed94716ac424860212f35c92bef70bfa4cf3b6619c65412e40731147b72a9d9f47637f5cb1b05a5c0e1c4558d5f27c7bd4decc02551cf2f8ac746befb5ef424004f60c69a84c6f5c3bd1fa7f7ae67b46158cf5a64067627a48ed1efece7971ba0e2fba5c373b4af72f868422c89370a22914885f3a3d9786dccff7cb88d51e0d79d4fd0cb05691b2f160c58e5d39f8b8ebaa9b16c4a15d74be7accfdec62ebfe83b0335baca1811c509ccc2ddd5ca8aa7e57f717472eb23ca6029f74
+** GENERATE (SECOND CALL):
+	V = 64e65c5140cc01882bd026f38997907c227003e247cf32e0769d5861d526ae9b1c34b9cffd92498c4b3b2a38fc3eb1c7cc3d550e450045292c15f9bf13871036d6adaf96a0ee1546b87144a8c0251b7bb7b87c9fb5e5e2c21bac081554e766f1d1564cf60248fa10d73aab33862cc1
+	C = 63cc0ffb9b7116574862d424af43c2beea8f435c76d8e532f24269626fea3e89801800ef68a78c65cb433b6a44713e3b2c89f23f86f1148fb234fa376c5e3efb507c5bb7f7d40e2f0f9850f5e87b15db6ab9281d5715f85639505e800269510ea280df81651716332ddd61a5a8c1c6
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 9ad3fcce89e24eeaeef1f4f22f9d0584ab6f134f100dd03b8b1132da638284ee
+Nonce = 2189b89d304319610b546c9fde4ff4cb
+PersonalizationString = f2bb0a9f0222696a22ef1f07932bd0a00ed62b05c9058422295a4669b46b493e
+** INSTANTIATE:
+	V = b5fde445f4c98923647a06d142fd396a467f932205b43427abf8039bc3ddee8ef76d3efc08359cb01d2b9b8bf9f3216746ee9f02889a6c8df846ea6e3d1e0c66049cf8818d997a68e80ed7a7663ebf1bf65e683870c75d1f813c9bf2b47f1aecf9fcc568c83f24f6f1bd1e5a562095
+	C = 81c9a4c229b853b3e7e336f12cebbedc838f6640073e562bf8c9463de5b0ab3f7e4a6b49c06ae517281ef77aa411835e0de0dc25062599c90cc498ccefd2abbd713e2f53d4f198701bcde1119abf3607e4a1790cfabb8cf9f157fae0805c68fdd1be82f6b21794abe086cbf0079d6b
+	reseed counter = 1
+EntropyInputReseed = d548a878477d86a15b20162e6418cbfa8e71f34f2ebf85231a2032e5ccadc034
+AdditionalInputReseed = 
+** RESEED:
+	V = 03393ee87394864d38a0a4a68b5252eeb4b2890ec3cfa3c7c8f63b8d14a59c75d182d98c693753a356e687d9e2fefba8fdded0a2639fbe6b66f0c1a57e15dc580efdfea5a9c40e4b07a5481b9d3a338cf05b2d90035e189266a2aed5b1fa9ba7b01f3bc9504b6ebd889edaa4748cba
+	C = 37bd02a62a3f17dd85b1ee1abae00c67707c520988ed4ad70c4378baa03962643fc39fc6d71059a120998798530e0c41745e3c8ab0ae523f087af803e3d44b86b952bd12c4d7b6749f6502ff48c037e86e21a87f6c0fe25d2b3657fe9393b2ccf4bc1f6dbe43229517d5664daeca6d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3af6418e9dd39e2abe5292c146325f56252edb184cbcee9ed539b447b4defeda114679534047ad4477800f72360d07ea723d0d2d144e10aa6f6bb9a961ea28022b48afec98c582d902dfefd4ca3f50c04b9a9b4459dc190fed600fa097e27a3f018c0ee1272ece8d98c0e9b2b0f71d
+	C = 37bd02a62a3f17dd85b1ee1abae00c67707c520988ed4ad70c4378baa03962643fc39fc6d71059a120998798530e0c41745e3c8ab0ae523f087af803e3d44b86b952bd12c4d7b6749f6502ff48c037e86e21a87f6c0fe25d2b3657fe9393b2ccf4bc1f6dbe43229517d5664daeca6d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9883b4c921a9b724142a9202593d8ce9242a768815956b7cb6d61a2a3822142412a3cc6396a1015c9eb92c662a50991bb23e1d6e9f8979b9f82817bf11f76458e5828839d295803d3ce9cf271dfbc3859a4a55495ab26e8e71a708452132dc30e1a9b83e660c7c30d42c8591b07d68ff9be74d118ee8223509147da61bc0602d9cb95823f897155f2e933c379a44129e0b8950fd6f7371420b0b52549d760b745a2524fdf1785e4f0d08b79d9deb2f4754fcb84c7a8bfb9277f644961b3f6add
+** GENERATE (SECOND CALL):
+	V = 72b34434c812b608440480dc01126bbd95ab2d21d5aa3975e17d2d025518613e510a191a175806e59819970a891b142be69b49b7c4fc62e977e6b1ad45be7448a676b267f7123db627f4a598b3839bd99302e73813d6a9d2f4f556e3ec98bd995d78f1bbb7254191c9f0476d9a8496
+	C = 37bd02a62a3f17dd85b1ee1abae00c67707c520988ed4ad70c4378baa03962643fc39fc6d71059a120998798530e0c41745e3c8ab0ae523f087af803e3d44b86b952bd12c4d7b6749f6502ff48c037e86e21a87f6c0fe25d2b3657fe9393b2ccf4bc1f6dbe43229517d5664daeca6d
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 84d94805910413b64b70f86fd2c1c233c3d953c668bf365d6c815e5a898f7d10
+Nonce = 3cf366748a5250aae0795e68c82ef097
+PersonalizationString = 613ece7fcd1dad4f26153bd13064391ffdcd5e59948a22a25feea4e722416133
+** INSTANTIATE:
+	V = 502d2d95a75f2e68a30c0de005c0b6dc12c39de70e680dc6424c83dc52f8b773368568b2752c87a81b14ab60d935aeda6a9732a1f1e4d008bf3625d828ff5088749218a78765dbe1b9a1e8f4f309992cc85fc53a117a79ecaaf72fac32a15cc2eb1a39a2e7f10e9cc224a88146ea9b
+	C = 4b9d1248a6cf440778c13bcb7e058466bf57e56e3dffd4a3ac08aaaeff421d2b6895eed76ad94ffc1ef3439b3246d4a0b2057d03297c047440beb3af7aaa43f5b89b4cc415649f761edf5525d0052f11a9c3c938a1dcd98af0e96dbbaffdb8974c249cf3f700ec3a0795de4ca46a52
+	reseed counter = 1
+EntropyInputReseed = c617f82b8d6bd5099235cbe94f42465872418dce687e3ad46a820e383e7535f6
+AdditionalInputReseed = 
+** RESEED:
+	V = 548898c991f3e42498e5adfb8ebe99feeb6d5dabecd6f6b886b72d3293f6d3216a1778f39ee5cbf3540c2a2c50d6374f93c0f1794dababbe29e6e36ccab639464ba31058be82c9def7ad8a4aae1e2e4092707e237a4af155ea1a9cd438e6eb9541144e89d04941ae1d231a07eae10f
+	C = b658edd69725b4c1b3ee751441ac5d41e3771d8fd08032f43bf1a4096ff7044889daff8266310e7c1bbcdbb2ba74fdd1b1d970cff7d2adffc9d957d3b189754a6328e35726ad6d408cdd5ee3c3af9dff460d18ddedaa348198fef2b9ff8f4852ffd447bbf4296fcb7f38d18c06a77a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0ae186a0291998e64cd4230fd06af740cee47b3bbd5729acc2a8d13c03edd769f3f278760516da6f6fc905df0b4b3521459a6249457e59bdf3c03b407c3faf8590d88a55683f70e0b196d0b6267bd78e2f1b75f63fd563e06b54bc4b4fa24e059f8d4d24773a763bdb03fb0b17fb0f
+	C = b658edd69725b4c1b3ee751441ac5d41e3771d8fd08032f43bf1a4096ff7044889daff8266310e7c1bbcdbb2ba74fdd1b1d970cff7d2adffc9d957d3b189754a6328e35726ad6d408cdd5ee3c3af9dff460d18ddedaa348198fef2b9ff8f4852ffd447bbf4296fcb7f38d18c06a77a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 828dece2a0e7aa546e8e343f13618528af038d0c01a1389b4a528fbb9cb45efbb2b5363f73c5581a268aca56773de0c6542e3ce462251a4f575d8aa0a352301a6637b1563b5ae9a19e9f940db25d6abbbb021bba0837badf7dad66dd9dfed7d9b2e19925f3a1f3632e86c0e3285d7cab0b701b4a22a326c2b0a9e40beab0515e350b01996b0c5108575fc7bc0f3d44ddd607e5cafe5d84dd97fcf89f2baebddf81a0712809b596e726382c0fe892ac1c2cb61ada11e12633a3310d9109312b23
+** GENERATE (SECOND CALL):
+	V = c13a7476c03f4da800c2982412175482b25b98cb8dd75ca0fe9a754573e4dbb27dcd77f86b47e8eb8b85e191c5c032f2f773d3193d5107bdbd9993142dc9252abbe190a2c6eccfbc0fc91a8031734e92fa68b0a6a0076fe419e97ff098782c0aae4b6bbdaf4388ac252a4c8aa472ca
+	C = b658edd69725b4c1b3ee751441ac5d41e3771d8fd08032f43bf1a4096ff7044889daff8266310e7c1bbcdbb2ba74fdd1b1d970cff7d2adffc9d957d3b189754a6328e35726ad6d408cdd5ee3c3af9dff460d18ddedaa348198fef2b9ff8f4852ffd447bbf4296fcb7f38d18c06a77a
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 324a19c371484263e08e50f3d93c813ea39f51a1f0e04a5b1badc69145ed6e7a
+Nonce = 0b0b0ed49639021bf53f7c33344e8659
+PersonalizationString = 5d47a1392b32e4969167af52e1373af371de0f3ecf0085c83640df4eab7a923c
+** INSTANTIATE:
+	V = fa7ef088c56ca3531f4562fd2b149c6ff58a3fbc3744b83dd76b72e7e523543f897f60887873a1cf9fa6ec5ab1b8a2d072980ac8ea9f2a82bb4780075e7d2985c163c7f9f1a9fc286659a391890f23f2a3e3f0520486a002083b9ef17918b74908942ba8ebf2a9422805a671a2f68b
+	C = 0ca78487ccca78ea6bfc4b10817b4dfd1c198783a8eac4d1ec3afe8644eb8398277d4ad98fd8b1ebc7c567a8d38495186e999d96f260f88c90274bfd4b5c6a5a1dfe5517a238f543c2d9630c8c734a7a40fec58f9a4e01bcabbf1e18fe59fabb2e9a7409a2aa394ee438f23a6475cb
+	reseed counter = 1
+EntropyInputReseed = 39c95ed378bf5340c006c71e7d82745e4177997b66edd6a4b4f516bd63c426ec
+AdditionalInputReseed = 
+** RESEED:
+	V = 34c84e9be7a31d3d04473ca1452f234b99dfa0cf8e54c06e871b0ede71ca46d7e45395d24d8e67d903c8bf1ce12dc7bebb8c74968c1bcde758b41c81985d2b95b027a1582110ead1d59c594910cc2dd6810e2d4ef3e030462c3de8d9bb2f30dcf7e3f04e2e3f61c86d27bafa2e08d6
+	C = 9b4442bd5aceec01c8c967d25177254396b0dc3db31362cf27aceccf3137d9a6990a09aa1b93e4e768cf3f61333113b6a22b59c9d30fc0c5b92ff4b75d7974bd41a948b372fa6c546425aefddd002691b69cdcc7bd0531f460d76c412a3af276075b5119da9fca7bac05cba00a0278
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d00c91594272093ecd10a47396a6488f30907d0d4168233daec7fbada302207e7d5d9f7c69224cc06c97fe7e145edb755db7ce605f2b8ead11e41138f5d6a0eb4e69e7bc0d86dce9c1e1934c3a0d63a76e9ec6660dcde80023cc91b4d5adc87b1176ff16ea16d7c16ce35bb1fbc21d
+	C = 9b4442bd5aceec01c8c967d25177254396b0dc3db31362cf27aceccf3137d9a6990a09aa1b93e4e768cf3f61333113b6a22b59c9d30fc0c5b92ff4b75d7974bd41a948b372fa6c546425aefddd002691b69cdcc7bd0531f460d76c412a3af276075b5119da9fca7bac05cba00a0278
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fed7a7425c670ee2e36f02693e8b71771055f8beec91e15a36cf070a13900c12fdae21230f6bbfb5d77d0e1ea287662ab30519aedfa8032a08829c54da91f8c7c3b768554f945d9d709a1d4720a8f058e1464c5f1777b830ad4e415706ac575b71e19b0c41a44007e6b0be129f5687a21473e982036df70bc66ca4181b5e384dcbc5c7b6a9ce3a6d1b91ff660a49dfe1f863b5495af25bb42f61f5cf68cb5ce4c4e49c9decb426dab9f72505dbb5ac368958042dfcf65ad0071f81bb703e0d08
+** GENERATE (SECOND CALL):
+	V = 6b50d4169d40f54095da0c45e81d6dd2c741594af47b860cd674e87cd439fa251667a92684b631a7d5673ddf478fef2bffe3282a323b4f72cb1405f0535016616fcd3554ae18837cf494a13dd7d392f8ee7a4bdce0facd87d07a05fd6d072c69ea7c2817b7f3858299db55a3eaf1e8
+	C = 9b4442bd5aceec01c8c967d25177254396b0dc3db31362cf27aceccf3137d9a6990a09aa1b93e4e768cf3f61333113b6a22b59c9d30fc0c5b92ff4b75d7974bd41a948b372fa6c546425aefddd002691b69cdcc7bd0531f460d76c412a3af276075b5119da9fca7bac05cba00a0278
+	reseed counter = 3
+
+[SHA-384]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1536]
+
+COUNT = 0
+EntropyInput = 07237be288c2884b35bdbfdad69aff2fbbbe19309c252dd5667e515323a5fb0b
+Nonce = f4749e723a50981f295a8285d3af4637
+PersonalizationString = e39c5ed918966ad81716b36ae9d01f978d950c90e25cd90771fbbe0eed4b739f
+** INSTANTIATE:
+	V = 9e0fab6284f43c95f5319ce7ba67222178a95e420532db22ffcce9358cde9b884d8b5f10a7d1aa028b2c3b6518b4157495f4483f65600dac5dad51f67015a0b57f18d062562ec6c0feb697dd09f1b69b5239d410a8e74167356db5abf3db1ec4dce356e06bbd011b0c699dd82ef743
+	C = 1482f4471ea8caeec8d1743ccee1e5d8840694526b063cc2ef74edaf5baa20e3f28eb49fb61e948ca12bd2350e340fd07f721607820136416495b7131867c17fc818e6f45a0ec0ff2e786b026a424ea572b906148f6588d2253d3bcb7cd634dc0333120c5bab97fedba4dff865cd0e
+	reseed counter = 1
+EntropyInputReseed = 62dc3c93d06f8e7a31047d668e7313a616cf66dc61dae5bb460bc05d61970381
+AdditionalInputReseed = 46560e7316495f0ea259825a4492c827a85691da822df25f9ac746a854c75bab
+** RESEED:
+	V = afb68d799a2a8041c6283c4a5c9e30461d635e4b73c0842cd24793fbd9279cdf02c0fde483bd4855635c2e460f04db5aa7fb4d181ca79fb94acebf9c81456edaa381de53ff339dcd89b23f06e4d20cbd7d7936e4f158a24a76c258dfecc1c7682537e868ce6bfd03fcd975a1885ac7
+	C = c8132202864d3dba61aa76209f26f0dc7ccdc7213e3338171265f0dc90d969d32df98ffa1120ac9bfbeb6404d854b539f9ae78b85117c91b82ab6dc513367428af229c79b57e5ffd80508e81302eb4617ee132157cf32f0d74b0de7c6b156957d8222a8113ed9d535ded05370447b2
+	reseed counter = 1
+AdditionalInput = 9670ebad8432f09d4c9d842e1a3c5a933e356f1ce245e6687c300b0b453b7d4d
+** GENERATE (FIRST CALL):
+	V = 77c9af7c2077bdfc27d2b26afbc521229a31256cb1f3bc43e4ad84d86a0106b230ba8dde94ddf4f15f47924ae7599094a1a9c5d06dbf68d4cd7a2d61947be3b09ab2eed561d9a185fed0f9ac3077e955a9aafc6eb37f71f7d78476cb37077b02acd6165f13e93a4382db9c8cfec25c
+	C = c8132202864d3dba61aa76209f26f0dc7ccdc7213e3338171265f0dc90d969d32df98ffa1120ac9bfbeb6404d854b539f9ae78b85117c91b82ab6dc513367428af229c79b57e5ffd80508e81302eb4617ee132157cf32f0d74b0de7c6b156957d8222a8113ed9d535ded05370447b2
+	reseed counter = 2
+AdditionalInput = febc84bf83d83d8a0c5c253135b37756df4bdc3dbe8c142c4a9e243036cb0eda
+ReturnedBits = e2ba7727aaf71c3bebf4a657afb948036dce7aa4e7fdc8ac8df3651a50e422ec77d6ff7bc9d0e5ef02e9a630f3e6f45d04311f0a07ee3421c6c4beb56df848a5126f8d21163f23f9ddb5d7530e36f500e316da53b83b326573e2904d511db6d6dcb72d3a1e4b2aef3966dfbae57fa7fe62395d24812b1e3248895cbb3b8b574e6b708598601dbd8597e0ca229be3e65bcf9eea7a8e0d007acddb465293562ef5414f0f86e9473bcbe1037233be5bcc2efb7b4c1a7a9d117d1a2116999883f45c
+** GENERATE (SECOND CALL):
+	V = 3fdcd17ea6c4fbb6897d288b9aec11ff16feec8df026f45af71375b4fada70855eb41dd8a5fea18d5b32f64fbfae45ce9b583e88bed731f050259b26a7b259272d850dbfb6e4b5888a661045edd138cdac95abab044de54a5f3b0ff1500f4f54b754a039aac8af2a178cb00599b267
+	C = c8132202864d3dba61aa76209f26f0dc7ccdc7213e3338171265f0dc90d969d32df98ffa1120ac9bfbeb6404d854b539f9ae78b85117c91b82ab6dc513367428af229c79b57e5ffd80508e81302eb4617ee132157cf32f0d74b0de7c6b156957d8222a8113ed9d535ded05370447b2
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 90419bf5722b072e0a502d4f594a25050dd90737edd932e439f2abafbc3116a8
+Nonce = b9c0c9d4946bcea2a3296c0fb737f9f4
+PersonalizationString = 8a213199c0c64cb5874015e918e411d556b8e5bd68075e423367b5492fa97754
+** INSTANTIATE:
+	V = be3a89558bac9e82df82bf5c20fcc51e7390215fc2778bd6dd7ccb933437dc00910741936df4e5b7c7fb68f38b37617103032c48cd89d72acc4e4c4182c786a9c81b7d4f23dc7b35e16f7542fca1af7da0ce016ce9ab96fa05719bdd2f349466e9f2bb3c41165fc21c881677c10bc6
+	C = d34eb945d612cbf7d52d06ca6241b7d613810b07ff0a3eaaad6721a2c6a6a54ef30b21497d3c9b2cb1843c771365953a4dcdc909479431e1953d958eb2d5315102960c7d5e132768215472fd5e16c575ab77f55fe9f3f1ed8fda5f3b14bd2c208bfc5bb4dd8c2ad8ff695b296fb21c
+	reseed counter = 1
+EntropyInputReseed = 403ef4307243b8748995badea0f965b43361d513d63d7e944ea43876b9cb2055
+AdditionalInputReseed = aaf93948a3225d9e1369d8bed330953fcad50554b71f31bbda44f5f447a99b15
+** RESEED:
+	V = e086f471c5f5ebf3fc4cd65de0d775116a5e814e5df9e3e0d0c9d3a461f83c81a08fd7db28ac83f887e75e3647bf79195b0f6a619ad5243eaafb3e54dc138b33886a88bc00310fdba8a6b8cf85fdf86cf24fb856a40b598c163ade85867c21d501244afc2368b5bb8763d205c04b72
+	C = 14db6d40702e3fd8a693acfa217712afa9961dc77dbeac318021187019122f9ceca07a706c591a87e038da30fb983c1e18d78f14de2eb6a3a66bfba54ef026e99d0cf151dbb05187b5c06d79d955d040f5fdb49507b483a499d6ef873c551940257f5fc499bab6c24cdb2de5bb22b1
+	reseed counter = 1
+AdditionalInput = 70ec163e9c9fe1e6678ebd6688b358d5dda5ee703549ac91bb6db3222ad3420a
+** GENERATE (FIRST CALL):
+	V = f56261b236242bcca2e08358024e87c113f49f15dbb8901250eaec147b0a6c1e8d30524b95059e80682038674357b53773e6f9767903dae2516739fa2b03b24939065ebb5bbc8fa18f2ed433415ef71a766d9a44672ef1e6c9a3b2153ae7528af428c00dcbfb97dd438fe43a985d97
+	C = 14db6d40702e3fd8a693acfa217712afa9961dc77dbeac318021187019122f9ceca07a706c591a87e038da30fb983c1e18d78f14de2eb6a3a66bfba54ef026e99d0cf151dbb05187b5c06d79d955d040f5fdb49507b483a499d6ef873c551940257f5fc499bab6c24cdb2de5bb22b1
+	reseed counter = 2
+AdditionalInput = 58fbb0de7872b26ebcaeeeb29c8d1a7b53a7fb437da20863eb9d789a8d35675b
+ReturnedBits = f534b72f59e0fef2620eadc299459c4e612a15a51b7d341668ab7a90a5740a8a49701627de6cff6346234bd1f94bac0c958523dd8356157d60ecc3a575aebaa2929e9eda9c6323544baba39d03d8c110f80bd63b4d84c59637b48d3a6319ace80a72fa05c444556332d0d032cf8d39316eff4a8f24aaafb21fa0e6ddb8446e4afb6fe801905223b9c96cf18d054b3d8f6cfee552ab249bc44567f24d9549ae24c0cdc52c34f166ac24305aad4d4e92f782bb4edd3746a93aae1ebd0da14e8298
+** GENERATE (SECOND CALL):
+	V = 0a3dcef2a6526ba54974305223c59a70bd8abcdd59773c43d10c0484941c9bbb79d0ccbc015eb908485912983eeff1558cbe888b57329185f7d3359f79f3d9b31579dc588e54c07d7dd4e26ab714e9db8746c79193e889b991b79a59ae2a7c34dd761fb3066cd3bd9fc8f80e351c55
+	C = 14db6d40702e3fd8a693acfa217712afa9961dc77dbeac318021187019122f9ceca07a706c591a87e038da30fb983c1e18d78f14de2eb6a3a66bfba54ef026e99d0cf151dbb05187b5c06d79d955d040f5fdb49507b483a499d6ef873c551940257f5fc499bab6c24cdb2de5bb22b1
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = a1f805342d5f5f64018ddda543b5a8bc521d02beb4dc846b912065220d20a246
+Nonce = 3b453a4594d703684d8da87e7365e944
+PersonalizationString = 66e893a00e05c28049e648a5455068cc309a6e65408d8f0fba91a6c9a7fb81b1
+** INSTANTIATE:
+	V = 51dfda340c6efd7bcf0d155a7b464c5184a4f65520eb374ae69064fe830c55ec1fb682a19ac34caa1f240dbbfcfb4a5b0d089eddccdb6e4cdfa476ae8caf4f76af1191b759fe2ac1855e294d7479f634caa9b6fc246d45f22c520bf0ebce843efa139f75a04f976c99de140ebc1028
+	C = 5f47e287747d019f7af9449902e060028d66effa448905158c1c97792f9c9a9892eb7bb348e73cf95c4e7cebd714d15d477fbb07b1ecd041a9e313109f3db961d74dd53340cf98fcb92a2d5a6702118979169edbaa7f52c06dcabfea63dba3c0afeb5ed9d3859f8399b9974f039f93
+	reseed counter = 1
+EntropyInputReseed = 15313606c73db025c86406febeeb3bc27fd207cb5d942ab316170bcb6768d398
+AdditionalInputReseed = 76c1742f131d28095ddb52c09452ea9b9ed2b90ea90fcb9b481d9d620705dd7f
+** RESEED:
+	V = 906f47e10c30d76cd11f57c986a3cf8f4641f73c08f55c11351e509984d35a591d37ac5c04d672997c374384aebf711226a403389a8c0cc1f4000deabb65637d8f8a75afd960a959a44d4ffb8cb2cc8fefa399d4de0a324f074c658cb4de4ce7cb319c69b612a981602480bd8ea940
+	C = 167887b534044d44c94abd8daf1fe8447901696114bcc1655b11acaa459d280edd3a66e624bc9f351f1a03cac39076c5a6a1f9217db11225a0aada17631be3839cff276c131843346a69ccb6bbc6c5498d7d446df058183512e49b60fae5a48223c058e6c328f44f87ac0c72b487d0
+	reseed counter = 1
+AdditionalInput = a2e87e4d60a502cbad7160050ab3d79d5ba519382f881839c4d7185f009d66ea
+** GENERATE (FIRST CALL):
+	V = a6e7cf96403524b19a6a155735c3b7d3bf43609d1db21d76902ffd43ca708267fa721342299311ce9b51474f724fe7d7cd45fc5a183d1ee794aae8021e8147c5340de4f3311570cd5ad8c8a47cba5f8f36bf2c62afc5ecd94fddbfbe197cff762652a91b37dff8f21eeaf5f2fefebc
+	C = 167887b534044d44c94abd8daf1fe8447901696114bcc1655b11acaa459d280edd3a66e624bc9f351f1a03cac39076c5a6a1f9217db11225a0aada17631be3839cff276c131843346a69ccb6bbc6c5498d7d446df058183512e49b60fae5a48223c058e6c328f44f87ac0c72b487d0
+	reseed counter = 2
+AdditionalInput = 73a824541ab0f0ba6e315160e8dbd7bbaf97da06cb18e35e83016d850422d5ab
+ReturnedBits = a56e36ffdf09512e5f56133ee5facc80bb161d20052cff00fa0b2e44dae512c027003de4edc6c70edf306c85590095a83c9d324c811b3e7ac91178ab6d94bb6cf95dc20d8773fe2590f65717438f3be2881d4e4b80a749227f396af45b4a5b1a1fe1c9c78de4023f8a9b805ca7064e07bf159a346a15c6dccf8f91043acd7f105687b01a020859fd5e7db11a0578b716362b2e6e1834cfb32f495f101a82f5d3d4075e3abc2ffdb1fb9bb1b3b2d350ee90a0c6cf5af56ab2af426d83150f3c4d
+** GENERATE (SECOND CALL):
+	V = bd60574b743971f663b4d2e4e4e3a0183844c9fe326ededbeb41a9ee100daa76d7ac7a284e4fb103ba6b4b1a35e05e9d73e7f57b95ee310d3555c219819d2c281fe9f9c7cf443f2209205fa8d48d61676310d981c7f68f5e579c0e7d56f700de887ef3358c0b16c3ec9df3f0aca8ee
+	C = 167887b534044d44c94abd8daf1fe8447901696114bcc1655b11acaa459d280edd3a66e624bc9f351f1a03cac39076c5a6a1f9217db11225a0aada17631be3839cff276c131843346a69ccb6bbc6c5498d7d446df058183512e49b60fae5a48223c058e6c328f44f87ac0c72b487d0
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = bbeb712ef99039f4d2b609053ebf2434a37eeb78339f034a49bb3d37d44272a1
+Nonce = 2fb44d7fd2e071e8afe4fc3730b69fa2
+PersonalizationString = 7309e597df52d096755fe5415da69d5f6d42441dccdcac16981a690dd4b1eeb4
+** INSTANTIATE:
+	V = f2cbd66d2fdf316344953e27db1105f11922bfa3dcb0b05881984ae04230a18d0bedd2c0299f5fa79209daf61de878f9ed4f15ae29c37e705fa68a5718611902ba809dcd85651c215d04573e46bc92a9e12fe11db38a41ca95a86582cb1ea34991e0826f20d4c337156f2980e77e63
+	C = 06cecb33b1a8adde2c8f2f9012be53514b9e3a7600fd87bb30095ac0983fe90c45de02209b37ff03afe8e3bf6f7a67de43a16d3087d556937529213dba1dace13a17fc38b29fafd5af3493cd7d8449d172f0ba64c7a0029f47408b4b657dfb7bfe4369111c7f26078cd8647baefc28
+	reseed counter = 1
+EntropyInputReseed = 0b117d54afe156df451528d407b29434d7befd7596e9f3c03daffb5b30cc6f30
+AdditionalInputReseed = aa024e2f08f9576fcfd7518bfa459ca7d1d5878382137d969ae6e7270edc8dbd
+** RESEED:
+	V = 202c4b438ccf27359b0cc63e0cb39a2fdac7464cc03d923028229a3419f0b97773e4c5882dc4cfebfb162e041077de07e30509b8037b5a7f18d938f5c7f356162b55d19132fa9015de8f4be885346aedb659df31773712d651c4f2e251b36d0e16daa174e6fe650b19bccb18dccc03
+	C = 9c2442fd769468bb18071147b761fa17d22b853b397621ad060a52d28eb5da8052ab6b381f120e4703a0c44f0d43590088b557c55ce4db7d15d295f7da962a6a891f96ee73c79612a842d95b00ac19db3624ecf9e9d43ac25f1a098c2681b58d2cde179d466780158ef20cd0dbf887
+	reseed counter = 1
+AdditionalInput = 581f23920fb2dfc603d462b5defab97e2c2c937e431b43f51f98945c0b919844
+** GENERATE (FIRST CALL):
+	V = bc508e4103638ff0b313d785c4159447acf2cb87f9b3b3dd2e2ced06a8a693f7c69030c04cd6de32feb6f2531dbb37086bba617d606035fc2eabceeda2898168c06382f36ed1d78e1e0891c7287d88cd24226bca8657e14b4f911d97eb53778156e1a1ed1635a6450903c77d054a58
+	C = 9c2442fd769468bb18071147b761fa17d22b853b397621ad060a52d28eb5da8052ab6b381f120e4703a0c44f0d43590088b557c55ce4db7d15d295f7da962a6a891f96ee73c79612a842d95b00ac19db3624ecf9e9d43ac25f1a098c2681b58d2cde179d466780158ef20cd0dbf887
+	reseed counter = 2
+AdditionalInput = 979498986ddbd981ff136933e5f64cfb0e19d69b2dc75eebfb5233331d1eeb92
+ReturnedBits = 7995bff96ab45f52701033d0da9dcdcb9261a4ad818c31878218f1997a354e896303940eb62f9cc46c62d39ad2941a24d076e884ed9e7a1316f7184abf34aafe96dd5bba23aea6ebbb993425294430327762b7d3fea652ef68306d525c94cce3b58bddc897a4f2b4044c753338707a86f789ea412c3e19cac5580baf30b5e7067658cbd04df84c822c81e178465a94f5cf72545b5446c35d9a3dabd8ea4f8f850298ea49ab086f7cea04bbe5c803e9b641d0a1bdb0924e8be7254dfeb5c6ca90
+** GENERATE (SECOND CALL):
+	V = 5874d13e79f7f8abcb1ae8cd7b778e5f7f1e50c33329d58a34373fd9375c6e78193b9bf86be8ec7a0257b6a22afe9008f46fb942bd451179447e64e57d1fad1ba30485ef9b25559c2caaec4244451d0bd436453cdb6cf9d0947034a873d0b5e0a16554af085c6f3e88b861df414fb5
+	C = 9c2442fd769468bb18071147b761fa17d22b853b397621ad060a52d28eb5da8052ab6b381f120e4703a0c44f0d43590088b557c55ce4db7d15d295f7da962a6a891f96ee73c79612a842d95b00ac19db3624ecf9e9d43ac25f1a098c2681b58d2cde179d466780158ef20cd0dbf887
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = e6101a6f75f2b24d489642bb96f86792bab52a495dd19992b21e440bdbe83e68
+Nonce = 8206c12195af12b694d06de95b30abab
+PersonalizationString = 147c89530cda1ab847d312fcffa5bcc77e1e24a421986ca6565538f99699ef08
+** INSTANTIATE:
+	V = 071877e62a4c8509db49a1ae30a2178f296fe36f8b39235c7119e6996a709e7edf0075d54456371c225234014308ea57baccd163f54356ef8a99879b1249820df7fb188fe5c416ca2cc67163f869ddb7c7ec5564f11ed42335c4b27cda8d2d90b2714e5b4750d2ac674927a6b4bf3d
+	C = 162157f677f6a81f55a3cf8a0105f4f73b897e004a319cdc0f0daf9aa98f56128a208b853586c4d54279e7ad76c3305ad8169cf9f7270e044884290534eea284a919353b21a2dad1a79c1bf82f9db597276a198c70fc77be4d8f5403dd716385d24483784cfeab66b65c91435603b9
+	reseed counter = 1
+EntropyInputReseed = 07aebd88f5db59d11adaa295ea05626d453235d615078b742fe0e68a316f3944
+AdditionalInputReseed = 292b4a4af32c41c94882dfabfa915100279642a0545a477eb80ee8cff660f4c0
+** RESEED:
+	V = c52b478abfdd9a62c189bd959b934f63658653ed68fa7c33405e904356ba65c48ab3c45576305656b3ccf5b991c295233099992e9ddfef71a60c525d1796345f8cf4372f44559f16d9e9bc180ab3a16c76c77595f3d95122a77181516cb8dca53742c264587173fae8949aacc2992c
+	C = 2f353c3acd868925c971bb82020fdfee475465496ff438dc8b6be92bb1bbba6085040979a00009f924ad4acf3385e1e4825a468a879d1693c258e6626b6b3cb03ce1e5cdeb13cb247d366b85a35d660dc9f88c1cfcf641fc790e90885f48844b5f42dcc7bfa4e1a28b325a382c4686
+	reseed counter = 1
+AdditionalInput = 67c180324b132d15d72c87b41cbd41c9d81d211950b56bf3453b53492c7a78c5
+** GENERATE (FIRST CALL):
+	V = f46083c58d6423888afb79179da32f51acdab936d8eeb50fcbca796f087620250fb7cdcf1630604fd87a4088c5487707b2f3dfb9257d0605686538bf830171f5a1003e8105fcef19a05f5b937d63bdaedd25e99a2b8db46db388f87d1b34d142b1320e669c4caf54dd632be547249d
+	C = 2f353c3acd868925c971bb82020fdfee475465496ff438dc8b6be92bb1bbba6085040979a00009f924ad4acf3385e1e4825a468a879d1693c258e6626b6b3cb03ce1e5cdeb13cb247d366b85a35d660dc9f88c1cfcf641fc790e90885f48844b5f42dcc7bfa4e1a28b325a382c4686
+	reseed counter = 2
+AdditionalInput = 63a2fcf9017f742a8552e834cde6fe1d186ee8a97753fa31cc7922c652be0109
+ReturnedBits = f9e285f919171fab163f21efb7f9329e213253751bec86b0cc51e20c2d5d16d4569f90601dcc8cdd21a81dafab331531ff3720e72d4e847af004c50c29f053fffd7d3325a7d0abdfedbea4570400549a87ef4485cacf8161d18524d9897e5c88852ead9747dd1373581553b1f0443c385179f1f24054522d6054851829348829988447a6e621d06dfc8052b3b02d6d36e19c7f60d9dbe723b9e5f2a57d7f260f19d6335c366036b33cff5d4829c57a18f8c1a397e34fe8ce32ad3359e586facf
+** GENERATE (SECOND CALL):
+	V = 2395c0005aeaacae546d34999fb30f3ff42f1e8048e2edec5736629aba31da8594bbd748b6306a48fd278b57f8ce58ec354e2643ad1a1c992abe1f21ee6caf560030082512389afa55fe19f930cbf6f51d043e57a7ff1ee4f4ec8ac11b9798ccd93b5972eeb2339a8745282f2eead2
+	C = 2f353c3acd868925c971bb82020fdfee475465496ff438dc8b6be92bb1bbba6085040979a00009f924ad4acf3385e1e4825a468a879d1693c258e6626b6b3cb03ce1e5cdeb13cb247d366b85a35d660dc9f88c1cfcf641fc790e90885f48844b5f42dcc7bfa4e1a28b325a382c4686
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 01d415cde6308dd619d4bf8f36108e3ce39ff3890e34f19f277844817a174b4f
+Nonce = 9cec55965bd0a7fd007a32bf1094d2be
+PersonalizationString = faabe5d2be77e14b777d55a36ed71f7bc52c7dee5688104daef6d7461ba9be30
+** INSTANTIATE:
+	V = 373a3250b011f00c5e8ab2634a9eceb2f2169c590615c7648fb727be81787b8a9a063abeb93f9391e3fda94863215f033070bc7efb9941cfe9953a23cad1a50bea204363d44f4400b65d2246f0abec341d09857626a8bb04958fb158ab238c40ceab90c2d7b726710e4bb843b3dcd8
+	C = 8bcf04bdfdfaf8a369b73b575b4c78ab80b3964caf2132abdcc28123fc3bb9e14fede5bf0d1828ecbcf144edb5164d16934b9956fbd4b4a58e558128fc4604918303474332be426c07553f35234bcf2825adad4af997e6adc79ee1f8258ef5bc21aeda0d763db23ce5bdfefcd496a8
+	reseed counter = 1
+EntropyInputReseed = 0bd7e0e7bbee97d90458d1a43461660264f4a4ecb8fc74a52df60368e8c29e49
+AdditionalInputReseed = 9df6efef751a483e1e4e60fbdb4ba366e6c077917bfaea48f7c7b90d5f8e70a3
+** RESEED:
+	V = 9ff8a777e137105cd9a8cad063d2d2514eb433dcca776b875124f042381c512c2f6b857284b5a3dae8f4bb7be91cc8bd197e28da5867ff5bc198a72d1c947c9d7914488bbbeacc191113cd96863ec1d1495246c65c35eecbd3b754136ea44cbc9a78883be8b4146b72e1ec5fb1e898
+	C = ab96050346c97b4158430d69c24d1901ccb042401f9dbe6aff46c0ee49ac884d9e9eb36f7250dee044267b77c9642aa4d0cd96f7115b24bbac70e5a4a5de45360d36ff25a63bf1e66ad6ce9c34f00402aec839ebebb5bb2b8ce754a6adc5b4705197803e2dcfb86dfaf91aaf9debec
+	reseed counter = 1
+AdditionalInput = 79a2f420a9526a21c0db3cf407dcbe3b77df908936ed95f7f0be558e17fae349
+** GENERATE (FIRST CALL):
+	V = 4b8eac7b28008b9e31ebd83a261feb531b64761cea1529f2506bb13081c8d979ce0a38e1f70682bb2d1b36f3b280f361ea4bbfd169c324176e098cd1c272c2b189d1a5e74cdb5936c8df963f8269e52b11793a5a02afe09a1580eed26ccd6203ed0bc27fecd4e495241273fa6600d5
+	C = ab96050346c97b4158430d69c24d1901ccb042401f9dbe6aff46c0ee49ac884d9e9eb36f7250dee044267b77c9642aa4d0cd96f7115b24bbac70e5a4a5de45360d36ff25a63bf1e66ad6ce9c34f00402aec839ebebb5bb2b8ce754a6adc5b4705197803e2dcfb86dfaf91aaf9debec
+	reseed counter = 2
+AdditionalInput = 88429b1546ed91298328ab25f74b2e980688a88420187647722d073fc2a4701a
+ReturnedBits = 066188b3b173827cd482de572d3cba9bba2304c64a3c1fbdb4d245f3a3815fcf76d4f2af1ce494ec9fef447b745eebef32fe7dbfdbd401a6d1246ceedf50c04cb8a811cae9b84b8071cb021d65073538d1d8234a8c77d965e8656d9aec3f15800472cb783fb101a065a030b1afc1c9dd601e71089fe9541f31057b36454c537df579e7e41fc95f7e730ac95e9b40c02aad4d45abcf4a109a567f554af98fc67887ed03fbd2d48e96de86e218d156b0c41802c53b713c1fa2b2cb114cd3f55aa4
+** GENERATE (SECOND CALL):
+	V = f724b17e6eca06df8a2ee5a3e86d0454e814b85d09b2e85d4fb2721ecb7561c76ca8ec516957619b7141b26b7be51e06bb1956c87b1e48d31a7a727668510938ebcaaa879f13f50d42f7a7e503ef78b4ad26366095bc40a2cbf27b8d001cbb4556207ecf686f55c4d740b0cafeabf6
+	C = ab96050346c97b4158430d69c24d1901ccb042401f9dbe6aff46c0ee49ac884d9e9eb36f7250dee044267b77c9642aa4d0cd96f7115b24bbac70e5a4a5de45360d36ff25a63bf1e66ad6ce9c34f00402aec839ebebb5bb2b8ce754a6adc5b4705197803e2dcfb86dfaf91aaf9debec
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d768c4dec9ff9b5f0f711692a01f8f6a57667e21375f75ac57d0400defe87d0a
+Nonce = b7372fd3c55f605f2e8f3da25ec2ca7a
+PersonalizationString = bc5eb0e36c7e5d4c79ad2f115864ad06a76d3998e4b81759ba42902b13bd9089
+** INSTANTIATE:
+	V = f785a4c8112c1faeaad1fbcf4fae1f89d1ea8afe8006161876e287be5547894e9ae17e4ab457e7413c95048e0e159c64900b5030ea88c150d5b9473989c0ce991e1738af5dfb776eaf2e55469270bd3c222f8a9347acba546f8574087060f8d1f37be87b1ee89d66339ef225f7922d
+	C = 782b60017e4b681e875fdf23a17b459c43bee8e199d632807ddf68f9bf7685eb179bcf246861ec107e227977e519fc80eaa665a6f6fae06ba591830ad93ecf669a65d7bb2b4ebf2bc398343f77e52cab905077148fa69907fb0fea816f1dfd32cd963102e24a72ca734173df0944f3
+	reseed counter = 1
+EntropyInputReseed = 7b5cbca72b56a5fa9d27e73d3d037f48a902da26048f0c8c36c9014c8f79eac7
+AdditionalInputReseed = 473419eb5fd7094290202382d20ba7de9d774508897777bf9a2073ce305fa523
+** RESEED:
+	V = 5b71ff0c30f2d9a7c7677b749db312b398861cbada15e8ceb85eeb9395b71ca9ed2a04c9c8cdb64b47ddd6f19c55715bfe6b5e4b098c3ceb37b8c898aeedb71c0a440b152924354c836665f98cb93c54796d288dae09f40b7f7af153cde72526796001bc5f48e4894a59cb75241e1a
+	C = 0a733e7be8bd142b3fd9a6a9feee872bade8044fdfb5bc0bdf623a6ae354933f2b585d6183772734745f7749509ecb459d2f2876d16f3e7afeb2b73be16093b1cc9c417178de1df396dc0dae77a9fab25fd5ad181e1332d481c393ae92d5eddb4deb946e84206431be1cd237fc579f
+	reseed counter = 1
+AdditionalInput = 5a06b905ed83f294506a0e2a96aac7623926e94f84e001987308c75f864b78a0
+** GENERATE (FIRST CALL):
+	V = 65e53d8819afedd30741221e9ca199df466e210ab9cba4da97c125fe790bafe91882622b4c44dd7fbc3d4e3aecf43ca19b9a86c1dafb7b66366b7fd4904e4c3944725cd89e0cc9076cd2995bcf6771fa3cad19b948067e9479191675fda04db25a7ca8a8a422bd739588bd8c5352a0
+	C = 0a733e7be8bd142b3fd9a6a9feee872bade8044fdfb5bc0bdf623a6ae354933f2b585d6183772734745f7749509ecb459d2f2876d16f3e7afeb2b73be16093b1cc9c417178de1df396dc0dae77a9fab25fd5ad181e1332d481c393ae92d5eddb4deb946e84206431be1cd237fc579f
+	reseed counter = 2
+AdditionalInput = 96a705e6dfe50a41d056abcc14c6411812496fa409c9ca7bb8f42e1d42b87353
+ReturnedBits = ab93a90ae36626bc3a1669acd71adfb9aad4fb5a6169f64e2d599d42fe48ff3ed26463ea95787c9b27e9de52b72c5ff6b994014cff2de06b576aeee6f0a1ca3fa9e5ff05296797702f55534a6a5c0e9281ca4e5860bed63d8c671b46a0cdc183e20e33756a9a2bdb01df5ee57e05d18ec0ce3fdb0d4431522aa8af3845b957343f2f88077e0b61c5263e1bc0600cd1d3bf5650d0030c88e74ea778764b363ff21ba0555946984dd6be7d122318543bc47f66d88e38f06f9b06f22cc4ac578df8
+** GENERATE (SECOND CALL):
+	V = 70587c04026d01fe471ac8c89b90210af456255a998160e6772360695c60432843dabf8ccfbc04b4309cc5843d9307e738c9af38ac6ab9e1351e371071aee0fbdc72c147cf8a027cdfcfe499a98719c776072386ec027385ae773d7c954ca6f81dd627a022badbaa7ddc4b9c13cc47
+	C = 0a733e7be8bd142b3fd9a6a9feee872bade8044fdfb5bc0bdf623a6ae354933f2b585d6183772734745f7749509ecb459d2f2876d16f3e7afeb2b73be16093b1cc9c417178de1df396dc0dae77a9fab25fd5ad181e1332d481c393ae92d5eddb4deb946e84206431be1cd237fc579f
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 18743950dacbfce338136c60757c3e06b73852c941b76fbf5982a3bb67e1e351
+Nonce = c850477cab129b08d0eb63b9efdaebc5
+PersonalizationString = b6525d8b77d91a6da9be5f5f1d88bef8e84e972d2a38fd161f6957a968b607bf
+** INSTANTIATE:
+	V = 3f3ce6b92b4beef33b80a811b6dbff26a5a4aac254763cd1433b8e885a01617088984b4999c69d2c9201058f57e43d48c2da6b3c31c51bb2557df6ff23eeee2f1610e939d2f5ab2f7a84a5d31495a99462600aadb7b8055b6b7e4516b3eb535009f55e69c0f9dc313a59d081f4efde
+	C = c4fae844e79297e1512023c3b27370a2504346298598d5916eaaf419fc97714fa13409e4a76f83a460d770bea2c9fe09a2b17ac9e9baa43b5585f9b8923180e477f0234ced0742415f10e1c500a55107126498657c2e527ff1de85121523c88f2e76a91c95a31b1a47545007a08618
+	reseed counter = 1
+EntropyInputReseed = cef52e2d4845b9c5a0d1cfeafedef89305d8b39c00e744eea1381a03cbf15f76
+AdditionalInputReseed = 26e7585ffca8af799f8487a2d5de505c519e4b69d3f42c49686244280a772eea
+** RESEED:
+	V = 6ecc1fb693db8e670f303f7f3a5ca841405d8aef4dd9464080a791deb5cf9b18e6329508857aca8484f18ae8fc260a685030b4dc3081c2c24c3248fdce2162d3229bd7b4efe43e199bcc8a9c4209a01978410a7f516dc5daf2d8f52c3a5877a8726a31880d67a928f6cabecdbd8d5e
+	C = c71630652a6e780b6bce292edbe8924587c934b5cc971010cc1146d7fd922685aa2a46b3feb90de36aa5c5cb10c7b15450f48fe9e1d578e6bb69bcde7c0a8447f3384806211ae3405bb7bd5e35d290289ea26dee386748efdb99b0bddfafb4d4e4e1927fb61691a796875fcd06e993
+	reseed counter = 1
+AdditionalInput = 4d30f0c893291a423293399052bc7c01209d52efcef185c74f1ba37d5e93fa48
+** GENERATE (FIRST CALL):
+	V = 35e2501bbe4a06727afe68ae16453a86c826bfa51a7056514cb8d8b6b361c19e905cdbbc8433d867ef9750b40cedbbbca12544c612573ba9079c05dc4a2be823013acda958f9190dd3529c1e638a7a74a2bb3e3053fcde36f3bc8db26f68c785273860e95cdf8854f756f0b8a7e975
+	C = c71630652a6e780b6bce292edbe8924587c934b5cc971010cc1146d7fd922685aa2a46b3feb90de36aa5c5cb10c7b15450f48fe9e1d578e6bb69bcde7c0a8447f3384806211ae3405bb7bd5e35d290289ea26dee386748efdb99b0bddfafb4d4e4e1927fb61691a796875fcd06e993
+	reseed counter = 2
+AdditionalInput = d139ca9cdb3bce9dd4f5c10118daed4a2dd28d2d3cbc43be0faa756bdfa61494
+ReturnedBits = 41cba5d2948bcd6e1d843df96bd993bc88767b7cee40f65c5c02290283f30703af6000d01b29bb1bc195058002e270fcfdec607538e673f9064458ba5fee0849abb92e8d49e2354196ced6e3945821f5fbf7fb11987f2baee4b0d6c3aaf5e9a7e30a0e63d77b1c77f1d96bcad881ab4e22d6574d065e2f2c28d2de515d9553d1c6dd2efe00d8da11946f886f2ce7c013889f7c3593ac136a8bab9247295a91e6ea5279cae48d4bf3762822c65637cb3044862050caea9b6db526281d1275758e
+** GENERATE (SECOND CALL):
+	V = fcf88080e8b87e7de6cc91dcf22dcccc4feff45ae707666218ca1f8eb0f3e8243a87227082ece64b5a3d167f1db56d10f219d4aff42cb48fc305c2bac6366cff3a7a6b09f4d5b0f144d92c0108c5b002890e88fd038fa6472c55ccebbb626632df047dbb25e9df9833b534162712e5
+	C = c71630652a6e780b6bce292edbe8924587c934b5cc971010cc1146d7fd922685aa2a46b3feb90de36aa5c5cb10c7b15450f48fe9e1d578e6bb69bcde7c0a8447f3384806211ae3405bb7bd5e35d290289ea26dee386748efdb99b0bddfafb4d4e4e1927fb61691a796875fcd06e993
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = fa42e1e2035f38f876e687e066a2944f67090ee8c1f3084675cfe178e7db48c5
+Nonce = 9ec4c2f7db6d84b9c9ce8f93a0919fa7
+PersonalizationString = 50d68eea52bdd393540269f2dcc551bee8c0063f4a2eb5b39a8e53676c704018
+** INSTANTIATE:
+	V = 70d5f0c0296214e3ff549e9dddbbbe26d2ed1deeb18fca74e72d5d801b9ef25908264bbd99c1d39726a5a851f4884cd75036bbfb8998d7b948a8455eac29de10b4d01576bc7f3688160a56fdc29f779930e8b082c421781d1f328ebaf64b095c66e71283b94d4e5c15a8cdfd15232f
+	C = 8bda89827beda1dd0920ed70c68a78231e175d9799878a8aa5faa1e221952ee21fd95e9b0014155dab39b2df48501aca1971791ae52169dd35f17b937da39349e3a11a8f158387f19788a64cfc046f6bd3653f3425981e7f50c927d11c6fc7de1dcb22f23c14b093be9840f1fca3d0
+	reseed counter = 1
+EntropyInputReseed = 869c93cfaa888ca82df735387b1b5ee6a1c7b3e712c0db451955dcb5a6a1f29e
+AdditionalInputReseed = 112b0e5d3f8ec0a0727ff75dc363f7cb275a5e66640c886b4bab474b720e1ea6
+** RESEED:
+	V = e07b201017e2a3ccc1a156a27b2216c668e71e46a8e1dd0202d17441ee7965a78e641fdf61d7c4160d9c254f85be148c2f53a9bf5c0de19de7aeb15565f1e62cc0570baf5e5902fa512891d4d29c2b1f39a0892b05ef91a3bd7e3e9ca606d7d7097540963c9ae112c65b032f81ab05
+	C = b42389643c2527dbd358c684fb18c674bdae6d4f2c8c809e514e485143810bd5f5e6545171123c989ac1da1646c5d52c51c3cc6a3ea933adfc8de5dd2ec9ef8662ed37b088f5dacd9de179db3dad6a9931e582a07d711d681f6ece3f62d2c6e9402164bc9144c6ff5fd91834ff03e8
+	reseed counter = 1
+AdditionalInput = 7996f22b1e45bc96f8f349f242ec444e450b142f492c41925f1ffa18c6da169f
+** GENERATE (FIRST CALL):
+	V = 949ea9745407cba894fa1d27763add3b26958b95d56e5da0541fbc9331fa717d844a7430d2ea00aea85dff65cc83e9b8811776299ab7154be43c973294bbd6942b9b304e014f34768d255478a35d6b25f48a299e5371c03a222d075e3c282518fd76aa706fa85f82722fd648a0b890
+	C = b42389643c2527dbd358c684fb18c674bdae6d4f2c8c809e514e485143810bd5f5e6545171123c989ac1da1646c5d52c51c3cc6a3ea933adfc8de5dd2ec9ef8662ed37b088f5dacd9de179db3dad6a9931e582a07d711d681f6ece3f62d2c6e9402164bc9144c6ff5fd91834ff03e8
+	reseed counter = 2
+AdditionalInput = 6a4c5396027ad9d2628ae77b7102a2921c773266eea01aa070c94046a67fe18a
+ReturnedBits = 6715c385b2a1b488e12aaf24585df619bf1b704b71ef16cf0caa23f888f9eb67c72aaa997621a841495d9c56c780479a01721c1a4fbf865876ec635f8c37a35919387fb7a0cb6a6af3be16982c3df87baafa4dd59dc85d822acf814ed23110f4d9392d42251ebbaf51da9cbdf909d9acfe340a90b110c2eec4257b5439f3f70d78bdbbf58cd59667ffc184a60e90e7832e72a2ccab570ffca0e91c1b41fe7eabf4fbcd0ec38f6e35094b9a69e7ea4719c7cba34905520f268f5bee8cd6f66a6a
+** GENERATE (SECOND CALL):
+	V = 48c232d8902cf3846852e3ac7153a3afe443f8e501fade3ea56e04e4757b7d537a30c88243fc3d47431fd97c1349bee4d2db4293d96048f9e0ca7d0fc385c6cf685cadf8bb6f1706d49ad887339e3c0b2a169c558223fec8c41fe958abee357889a5797197ab28d8a2509d79e96281
+	C = b42389643c2527dbd358c684fb18c674bdae6d4f2c8c809e514e485143810bd5f5e6545171123c989ac1da1646c5d52c51c3cc6a3ea933adfc8de5dd2ec9ef8662ed37b088f5dacd9de179db3dad6a9931e582a07d711d681f6ece3f62d2c6e9402164bc9144c6ff5fd91834ff03e8
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 7831d9eca3e2e4daac8e8a6fc15220a4cf38328102e55c9e04139bc08111e5a3
+Nonce = a6086ff9fdce4dc27a55aa9eb125c6c9
+PersonalizationString = aea34da702814b9be80e3ac17c40e7b51b4ab2689f32a871261f9e75b9b0eeaf
+** INSTANTIATE:
+	V = 05a4daa61a7e9939e2d000e0c36e3111a506cb63696194bee7a33861dc730d16b00feabc0c353fd27010a1e0ebc91fcb96721cacdbd02bf11ef248fe13f6474647de1928fc4e19d31c71c1500049d12b1d828823cb955cd9dd0dd4dc52ae31989408338842befe42e392b8498e736b
+	C = 53c0ce059ef47a0de812a567bd1976567218a932d6b5ebff2605f1e2c46ce8494befcab7ffb5de9f56a7e3f04d05cd77cc72d2e88813d7505674d26f10fd49ef26ad66280eda4e9a9998b48f8453c43047d1eb976c0f1b9d0b37abe6dc8ff2c2e6687a4c8fe19afb49d871d7f0781c
+	reseed counter = 1
+EntropyInputReseed = 7f3f8711f2e2c0430ac385f5c7bc15023555357bdc4be69757a2eed6dc48cca2
+AdditionalInputReseed = c513c4f1a67ae0175b9eddbfc838a7f8a589958ceced7c6782921c0d60af511f
+** RESEED:
+	V = 53af9eb6ca2fa38ac6cc9deb03b301bca79e7730b4e62aa4756a16bf17a9710ba9132c8de2c67284bfd69e8d70fb6ea664ed86768f506e4a4b384ab4be8b584c9317610a5d8b15ab7a3c57f389e8bf2371c927ceb86ce93fea4527c67720847e93e886c977e0818357f4be379c7351
+	C = 7c7a443cfe374247ecf92e4bb5f426528f2a00dbffd3849c5e524c46e024216b532726399fa9bf48f2104f84e2ee83709d0de847f77d2d8df2c6d1974e323a6a75bca038adaddf1079d380fa6ae5402ebfe442d80fd99e061d1c5358a7b8197995b3301b30cb3febefa908b0ffe29a
+	reseed counter = 1
+AdditionalInput = 6b90a5b02a75e8604a86fe809adabb181262187bbc9b5ce807153da3f5e50a5c
+** GENERATE (FIRST CALL):
+	V = d029e2f3c866e5d2b3c5cc36b9a7280f36c8780cb4b9af40d3bc6305f7cd9276fc3a52c7827031cdb1e6ee1253e9f21701fb6ebe86cd9bd83dff1c4c0cbd9448f35843b2b346a22b71ad7b4731febd1e382b874b528b468685f09bc8398c7b6ecc04711710208b84817b03d1804986
+	C = 7c7a443cfe374247ecf92e4bb5f426528f2a00dbffd3849c5e524c46e024216b532726399fa9bf48f2104f84e2ee83709d0de847f77d2d8df2c6d1974e323a6a75bca038adaddf1079d380fa6ae5402ebfe442d80fd99e061d1c5358a7b8197995b3301b30cb3febefa908b0ffe29a
+	reseed counter = 2
+AdditionalInput = 1e6c83a34af04c905bbd9fc9509d78b19b47d2eb6533377877099f77a87397cc
+ReturnedBits = 946010fba612b7faf2a7dee171763aec6743e3967868469f051b150155281f917ac38065d3bde57fb393dd72f43d6d05739cdd32d1cad0ed69a93b695d5ec3b15d03db5593dfde629083eef7c46ab7d2cced0a0cd9fc201ca3f2cd000d32ee7b4d0c9ac0e36cd63af3422227a644ffee8f5049de5d4da8ec79060865f60a40b206521d8ef07c465253110e86e5000b37fcbc1a06b28a6462e3c42213cc767008e017ecdf8c42606d7d9b43c169a0b09e9e93ac7266b0454f1323c4890064a37a
+** GENERATE (SECOND CALL):
+	V = 4ca42730c69e281aa0befa826f9b4e61c5f278e8b48d33dd320eaf4cd7f1b3e24f6179012219f116a3f73d9736d875879f0957067e4ac96630c5ede35aefd05197383442781950285fd5072314853e92d5e304ece79809fb6196d4d048f076550a68775187ade88446f797d184e583
+	C = 7c7a443cfe374247ecf92e4bb5f426528f2a00dbffd3849c5e524c46e024216b532726399fa9bf48f2104f84e2ee83709d0de847f77d2d8df2c6d1974e323a6a75bca038adaddf1079d380fa6ae5402ebfe442d80fd99e061d1c5358a7b8197995b3301b30cb3febefa908b0ffe29a
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 560d5fd68c5a82178dab25b9fffd802d699e832f5be11987ac2122dd8b3e31b3
+Nonce = 6881e35b73981565e12f42fc4805c487
+PersonalizationString = 2bb7ade3e505d1a907647e92006bbe3710a499980e27fb61f715b15ef1ec5da5
+** INSTANTIATE:
+	V = 824d7301b41fdc08ac6c7672c7eb6e719868e0f286bcabe6c8eab62e46896158c30b2713e91d3ef11036cf60cba8904869ffefe958371a52fe6d335ba96c84d996410b7a7d1acd29586609d9901a30e066e9dff08447c2cbbc5cb56d2a505e380e3cdf1fc186811b9acbff9a9dbe3c
+	C = cd7f914f74a3666cfa01475048d65822db9a6bb9a8f9a4a959fa5254892f2267fa55e58b5448e326b87209ff15ed2e2b4836aa1ce3d26621ca29278a1e8229bc15a2d4e2ad3052e418c558272a9ccfa368b0c2b5974e0235e959d193eb1a61dffea969113c2286735138da6cd67ad9
+	reseed counter = 1
+EntropyInputReseed = e15d0d77cd358097ce9190724e315a792d9ede40b0c537e4b40238de7dd6d402
+AdditionalInputReseed = a38ff3589b09da0cabd08722532761cfe58d0f084360fb3e3cba0c87e4d0712c
+** RESEED:
+	V = 5fdb9ea64ad0aeebd80bc30510c05d2ca9f6ac1977729f3bacdf0a569267cc78999edb6160f94b495f2ff822fdcc423e477bb6c54d81e99928fee8146b28a43a95f64acf07c4e8a6dfd62c5029247450ce927949b177bf6766312fb843d201c50535fc1f2079176be89f7c0bcb93ed
+	C = 5a876bceadeac48aa99ac153576e2203430a6ba241d2d6819715f210897cf8580894018c3ec1bf086d4ec306fe61c2af3a8a1a99cef5e2d888e386b15e9ef250604b4383fb095f6cdf407444f374fb490daa1bd4fb3e8738dd2f7fb14a564077c44fe65e31a5db37e5959d46a732d7
+	reseed counter = 1
+AdditionalInput = f7e1b2ca5b1d9e57918a97de0fc3cd080b55cd98b1b9bb68d61f0da0f4e6fe69
+** GENERATE (FIRST CALL):
+	V = ba630a74f8bb737681a68458682e7f2fed0117bbb94575bd43f4fc671be4c4d0a232dced9fbb0a51cc7ebb29fc2e04ed8205d15f1c77cc71b1e26ec5c9c7980b70ba96585643160b8eb1a65293ed6ab56f507b4c7505280f41e933a6a1c586f71aa85aa1ed8bffbcb33cc7754af1c5
+	C = 5a876bceadeac48aa99ac153576e2203430a6ba241d2d6819715f210897cf8580894018c3ec1bf086d4ec306fe61c2af3a8a1a99cef5e2d888e386b15e9ef250604b4383fb095f6cdf407444f374fb490daa1bd4fb3e8738dd2f7fb14a564077c44fe65e31a5db37e5959d46a732d7
+	reseed counter = 2
+AdditionalInput = e14b0bd911335f38d621006b057f9cc3bf6079785402de5d113a5945d995691b
+ReturnedBits = acfcf2c1ae8044808e3655aa90b39601837cea6a62d1e8a497a887b7b0bc286ea508e312b8abb89eec650efa53e0a4e256422090f987f90a6e3d74692b18f1fbd9760adf36909040d2c9cf7348c724982bcb427ff4796ddc9097239ee7f98b37a5caedb6aefa54c572978df5965895a5533a04e7e0acb6c6178ecf005189ca6f89a7364f76933e1b63347e2d9174a96beacd3dc45a072a6c2ba5b6bf684a4279000642535997d48530bb5f6f0f95024922bba653c91081a306321aae9cc0da0d
+** GENERATE (SECOND CALL):
+	V = 14ea7643a6a638012b4145abbf9ca133300b835dfb184c3edb0aee77a561bd28aac6de79de7cc95a39cd7e30fa8fc79cbc8febf8eb6daf4a3ac5f57728668af693210ecca8f886ccacf481737b2a1d9db20f714506de047fea3aee028970f1b827b0bd02cab8a28d29930ee363c551
+	C = 5a876bceadeac48aa99ac153576e2203430a6ba241d2d6819715f210897cf8580894018c3ec1bf086d4ec306fe61c2af3a8a1a99cef5e2d888e386b15e9ef250604b4383fb095f6cdf407444f374fb490daa1bd4fb3e8738dd2f7fb14a564077c44fe65e31a5db37e5959d46a732d7
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = f9ef6b04a0d271c160d1009bf3e28c70aaf76ad30fe25b2de21235593b1bf64a
+Nonce = 81b194a6476101fc5a3e657344d16a31
+PersonalizationString = faa1cdbde64d49a634d67d4156290632a152f61ffc93040ddae1b2fa907c9649
+** INSTANTIATE:
+	V = b86696fc5cadf9b101b3bf082a0caef82ee594f20a2be511cf9e79c75a8c1ee6f343d0bb4dabe2c672720bada74dff732bf993bc5f2870f8975204c0c131b66b84cd058fa3e9447b4063853a8338f28e5357a9341f7698f5e7e207304f1754c1571f010620d25f4b0eb470f25162d2
+	C = 2a0a43c23a3525e30375008aa9a22195ef4660ae8ff97062e22c138e16e937b0bb9a6cc3da2699152c78152efb8361163e6df29e254f30584637a1d4a23b529c8f412862c07310ddc0f99468f9026d4a4644762e6cdf6fe6fbc4481830ecd0f5451132453db7704fd13b33ab0170d2
+	reseed counter = 1
+EntropyInputReseed = 94003ae96fc3df1124e77852c33cc57ac8f67b029da9dd73a29f3c09b278155a
+AdditionalInputReseed = edf4a16229d6e4ce9cccc6cf834673052355efbe43ffed9bf4aa4a4d455086dc
+** RESEED:
+	V = baa778a7eb427dfafd6a7ae4f2dff7e2001063f1afc944164148f7c08c927e76d36f5278db6ae4e176ab43597c85f7ee7ecb49b2f25bf71f42667b80eb1ca956b087a022e707de59a87d0d1bdd9cf739ec1bef4605b3aac5bd8bfe8b8b81b9a2807d03bbb6f298f34b83cddd28b85c
+	C = 939c3164e248736ef460364bf8e43112909dcbc7b0b962faf7f92ba7ffe2147489aef2efe67251ee4a7b07818cce32aa29e89baa7585d5f98b2c4c71bc3c09d582e2b8163ce1f8b1b31de02c1cd492e91a19231a4264159d68699960cf43bcc468bcc8ed32c70a9353883d247cd57b
+	reseed counter = 1
+AdditionalInput = 782ad5d7a29cd4222bd060f98e78093b15ad0c82ee357ec7db6f30880e631b27
+** GENERATE (FIRST CALL):
+	V = 4e43aa0ccd8af169f1cab130ebc428f490ae2fb96082a711394223688c7492eb5d1e4568c1dd36cfc1264adb09542a98a8b3e55d67e1cd18cd92c7f2a758b407ab08a118ae16bee7bbb83e2249d0cfccdffa15c0e375d3f8a31a0b97c5b0e80ff2e9a5da6c5d82501046bf53703b1c
+	C = 939c3164e248736ef460364bf8e43112909dcbc7b0b962faf7f92ba7ffe2147489aef2efe67251ee4a7b07818cce32aa29e89baa7585d5f98b2c4c71bc3c09d582e2b8163ce1f8b1b31de02c1cd492e91a19231a4264159d68699960cf43bcc468bcc8ed32c70a9353883d247cd57b
+	reseed counter = 2
+AdditionalInput = bb203205243bba438c0570e1be779f667e774177e7de5099493147005e333867
+ReturnedBits = fab72cadf754dfd0554f095c44d9c1d835eb072bc134cd941311ecf15a55fa67e801005eca75004dd67bb0edb24adf21e07bce88464199016102b486394a025011c54054a3eb278596f833dfd841deeb84bec5a6b8d7d28de3caca8acdae10870062f5d4b43f96b1fe637589bb0d98435225b58e56555e4fea8eb982bf9efc91ceb357d0fcf4ad42dc69ea7f0769832daa40a40500f1942d7a2f1f477a016e18b4bf7b53a5ed5c3b8d243f8c1c7ca71b3060c37ae189e2da0ecb68ee59ac0636
+** GENERATE (SECOND CALL):
+	V = e1dfdb71afd364d8e62ae77ce4a85a07214bfb81113c0a0c313b4f108c56a75fe6cd3858a84f88be0ba1525c96225d42d29c8107dd67a31258bf14646394bfc82054042bdffccdfa52819169db80a5d798ade1bce7742db590f6c5f6b41cbaaa3f50c0b3543460148b40861691ac99
+	C = 939c3164e248736ef460364bf8e43112909dcbc7b0b962faf7f92ba7ffe2147489aef2efe67251ee4a7b07818cce32aa29e89baa7585d5f98b2c4c71bc3c09d582e2b8163ce1f8b1b31de02c1cd492e91a19231a4264159d68699960cf43bcc468bcc8ed32c70a9353883d247cd57b
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 479397d4a986c949204d45526b25eded9829a78174023e7be2af1b2a051b90ff
+Nonce = 8abb910827edd40d64e3f9d12f0c1c9d
+PersonalizationString = fc3c8eeb0c1fc37deda3fff0ae51154d24b1609a95260541ee4f993cf7ac2e57
+** INSTANTIATE:
+	V = 9b4e74354f925ed0de5316b840d91347d6e0f5a7daec79868479e1c8775ae37d7efb193cf0386a2d69726ca7542e3e4a0f5d06574d243d100a47c6eb69ff7d7ed5385456b1ddc4a323430bd1e07b762c730da5ca4619c8a52f56ac32403948e1fe24a6c1a630422008d35a4a404b6f
+	C = 5792eab1eca23ccc5be5ee1c94ff96cc062f2420c34829dcaf5e2e77a2b6bca4627d6bf156046ce515cbf27c308dc57d4194e648ab2314a270c7af784169fd8844cd3f444566e4a7248e8dc36cc53af586534d81565df9d0f104ec3ee745e667caca30720ea5aa8dd98fa284893946
+	reseed counter = 1
+EntropyInputReseed = 8aaabe4050a5b019fd4846ecd180b36cd3e93f8f9b33e35c08c5dbb9352169f8
+AdditionalInputReseed = 7789d72740caccbbc9a4752492a4f3617af3410cbebcc3d8abb3eaf0557fb20d
+** RESEED:
+	V = 59299336a55bdead99514452710078515576b0045a7924e2bd89b975828c6df53b6ec93f953277a4ac1cdc0e49a2acb5f169791639b1a6e24443dec2c643f4aede499dfa7d55fcf606dd5d80616f1cae13d843f02771a0e285c2ed7994f4d761158a23d5ca5e699ff705d2435c3373
+	C = 874332fc404e378cdabdb9c70f44af3460ded7eec82077a4a819243f35dc9d90b6e7f34c92ed541881970aad1c83fcce7cf8073cf66133e6c295eedf0bef32f11be2856559e82e2adcefc5c194bd55b316fc3102def8d980cd383baa2c680f93a73a87d4a9ac676dacbfad8c7ae1f5
+	reseed counter = 1
+AdditionalInput = 784f27212bae4a9be92eb5eab381cf4c20ba5e6e25c45caf5fb1f8cd39545264
+** GENERATE (FIRST CALL):
+	V = e06cc632e5aa163a740efe1980452785b65587f322999c8765a2ddb4b8690b85f256bc8c281fcbbd2db3e6bb6626a9846e6180533012dac906d9cda1d23328e4e57d3d44ad471a2442a401def7b22cf3dca37ad1c4d03c0d904451820bb3eb692a0ecdce99434a9d6f346408128d83
+	C = 874332fc404e378cdabdb9c70f44af3460ded7eec82077a4a819243f35dc9d90b6e7f34c92ed541881970aad1c83fcce7cf8073cf66133e6c295eedf0bef32f11be2856559e82e2adcefc5c194bd55b316fc3102def8d980cd383baa2c680f93a73a87d4a9ac676dacbfad8c7ae1f5
+	reseed counter = 2
+AdditionalInput = 69472a1007482c8d4b310269ea9cdd503dce74e83c86945b4c6fe62a6b074fae
+ReturnedBits = 5298cb9d3189060022f267ac769d432823a503261404fb64cd6b1550aa65d3ad8e9abe54e3fc2c56bf04f39192fbe97b89656af0b0f3767b01a56f726021ff1128ee6e90caa0e39a0049e59b04cb188439e4405f852aa37a5a920d29db2a289c652633a9cd6cb9fadf6167d985ba202dddcc0673e483de7d30e40cfbe1e6257d961a1a0815c58bb40cc15d7068fce645ec5dfaff3ead0f5a4594faf05734815312be51c04e20aa6c91c1f9321d9dda02ac1bfd010d341959cd072b012479cbdd
+** GENERATE (SECOND CALL):
+	V = 67aff92f25f84dc74eccb7e08f89d6ba17345fe1eaba142c0dbc01f3ee45a916a93eafd8bb0d1fd5af4af16882aaa652eb59879026740eafc96fbc80de225d604ea78e082daa27389ff28d7394842c9e1537b7f3cd53c5164c227a4509acfb91fc135cdd90c236801c43a5d6195e7a
+	C = 874332fc404e378cdabdb9c70f44af3460ded7eec82077a4a819243f35dc9d90b6e7f34c92ed541881970aad1c83fcce7cf8073cf66133e6c295eedf0bef32f11be2856559e82e2adcefc5c194bd55b316fc3102def8d980cd383baa2c680f93a73a87d4a9ac676dacbfad8c7ae1f5
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = e6d8ea405652ab0d9d1e64baffebd9e190d24679cb53e62e4eea0dfaac20c794
+Nonce = 10e0a6bce3cbe8003b566d6b6ac0ea27
+PersonalizationString = 7a2f0b7c967f6cfb1b076467b43bf35a5d143d78c5faaeea627dc1ecdac50eeb
+** INSTANTIATE:
+	V = ad18a11ac9bd9fc173923b8cf9c887ef9180c6b5390ebf2f7510673599d00d0c68822bba716ff264bfc3e8d85dc80ffd2743d643400af8b591cedd47ee1836711c8bdbf88e38ab9240597579029a696249c14447cccbca41dd991da78aaa41fa2639083ce659e232b2fdf243cc41aa
+	C = 25d83c44a8b5ba1b1c5d40505ad6230fb378b58db5c2e3a74f6622752f8dcc2da8672990350cef54ac9c6cb7ba5fa7f0fb00a8a8fbf55827af23606c7776efec7a94e68bd60a8202947a547d757c500be30df1b8e7179a86dfba5b6031463aa31a502b2eb36064351207758c536c36
+	reseed counter = 1
+EntropyInputReseed = a56f441145d8f022d8172994fd9f467098e2e09e9c8403f60a208e28002c9e2e
+AdditionalInputReseed = 340d73136d601f943c8b1e33b1e157060177c5d517587b366715265087faf240
+** RESEED:
+	V = 6e896015b98bf43ede69e419966a886b74c908e96163ef46dbbdf60b0af691433834b3b3a6e7115403deb14bef084eae566060af57d38ea67051d16678a0be6c3095ecb74616d2771b80d94743397ba44dae1605a5af9e9ab7576846b5e2fa8f1716aa2beea4fd1003ca6f4ddb9f5d
+	C = 7b4c557a19b448bde1bc532007177ee4c14242d3600220e111725b8baba6145ecf374e4e197aed77c2dfb1ed8139973953f7481fc9c1a0ace6c0fb75b5b26ca7d42fd28794c61c3c79d4cf2125318bd4e0c96eedc9509f45775c7adae1407e37f69e51dd3c212e95904bd2d94d7034
+	reseed counter = 1
+AdditionalInput = c84f3cc10af82168392e6f9b6a81d61f41bf21cf3db4a03794a51e49854a19e4
+** GENERATE (FIRST CALL):
+	V = e9d5b58fd3403cfcc02637399d820750360b4bbcc1661027ed305196b69ca5a2076c0201c061fecbc6be63397041e5e7aa57a8cf21952f535712ccdc2e532b8b8aedfdc858dbca08fde60f2209c0fdd40b5ac96fec56669fd63e4a51689f358a9c480d6ef927c0b363910af93c71a3
+	C = 7b4c557a19b448bde1bc532007177ee4c14242d3600220e111725b8baba6145ecf374e4e197aed77c2dfb1ed8139973953f7481fc9c1a0ace6c0fb75b5b26ca7d42fd28794c61c3c79d4cf2125318bd4e0c96eedc9509f45775c7adae1407e37f69e51dd3c212e95904bd2d94d7034
+	reseed counter = 2
+AdditionalInput = 471fd827f2767f4256e822c4c588ac4ac9fe97fdce239ebf71d11f80483f7cb4
+ReturnedBits = 68263a02c5676f40c01634b234f1665bab4c4d48c0bbf7c7cb229a6935cd19cd1b1c55f8c0775f01a7a7ff6d366b73de6e011d0918afa61b85ce6014e5b9011c8831b343cbc1421cfdbcf85bcbed1050e85ec3fbc7e7f056fc5b7e67c0f15ca0df7ce8346357fd30b060940beed9dda19c01fef363721d18dd7246f583516c3fedb8cf23653516dc95042807de8533b452d643a8db4510abf933c1bbfbf1ac6efa3e43127f0eea8bfbe095806a54188c3015c9811cebce9db9152d16a6596ac6
+** GENERATE (SECOND CALL):
+	V = 65220b09ecf485baa1e28a59a4998634f74d8e9021683108fea2ad226242ba00d6a3504fd9dcec43899e1526f17b7d20fe4ef0eeeb56d0003dd3c851e40598fdfdd6a9ef9206f2113ecccb8e26dc55e89e33ec93a5d9aab2581dcc329bdcb621851cdf34e00810caa999fd0ecb3559
+	C = 7b4c557a19b448bde1bc532007177ee4c14242d3600220e111725b8baba6145ecf374e4e197aed77c2dfb1ed8139973953f7481fc9c1a0ace6c0fb75b5b26ca7d42fd28794c61c3c79d4cf2125318bd4e0c96eedc9509f45775c7adae1407e37f69e51dd3c212e95904bd2d94d7034
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 8c7a290338afc55babc6ba537df4434d8ec5bb3c12f1e14701148a8f1a8c7e7f
+Nonce = 20a8b2be4a7227868ba88405493b99c1
+PersonalizationString = 0d99021d0971cdb3958e9cef60bcd1589362e35089a16ddda006e47775b8d460
+** INSTANTIATE:
+	V = aa9055480eff532ff10bdf96fcde1c931f414da3f24622b4076876d1d8d9f5a87a59f47044fd11cb0ef4f17e6675580f233b19a2f87f6401e793dfed7e5ad24bff2c51fa9bc9f8ad88c1a389a89d9eecaa4b33419a922e1f243754045907f3231a60c5ecd527dd9dff5c92ce1ed7cc
+	C = 903f693e99c6637fbc91b946a57f8507542dc7f1ba7d76d64ffc7b87b2fc809ee972ffb80a8cdc586ec5cc1e7e3377bfe08e09f9a49d4707688f2da68f708ed3d56f1012e43cdd9b7b980e3a54409d08edb3216638bbbf7a009b59fa5e67e75bc9338402ff8043483f6d90e1d0a727
+	reseed counter = 1
+EntropyInputReseed = ce4fdf89d4537a64a58116c4c42098e8e097995e35dcd04d0352505732930f05
+AdditionalInputReseed = 44c70b3409f1eac6df3b855a97a1af6407b974e84d4c3e28f039fb103592b53e
+** RESEED:
+	V = 7dab28c3e2f09c372a5aea32221b96bba88ffffe5b0df1b7613d3803a59e65c6cb145b9426baade615632d59f65541bc1deaa5cbfb6906b1cacd5792901c816a6c288db1ec71d91a0647caffcf3e37bb6a3cde76cd2000a991112854c2c0471168cca7745f609f5222f781f4ec2945
+	C = 1717cf885ea64216a57501a07ea086305a130d5be30ce4a921aee351bdb8bc0fe7226a8120fe74c85038142c90edeae5ad8bb8d9ef4601e6d4501e79d3d31c1a9ba2359f276c88dadd2c0315baca3d591398a6e45a3d2b750d63c8e122bc4d3084f121c307f87e49b49fbc4a263271
+	reseed counter = 1
+AdditionalInput = ed7bc140313caf349271327287a307947cdab6d9aad72e63b69e48c6a40807b0
+** GENERATE (FIRST CALL):
+	V = 94c2f84c4196de4dcfcfebd2a0bc1cec02a30d5a3e1ad66082ec1b55635721d6b236c61547b922ae659b418687432ca1cb765ea5eaaf08989f1d760c63ef9f1259ac7b75cf14ae1581f53ad6c9c30a190f7572b11965b5c9e4c2761eea0d02b40be7372d95925b9b95549f32ca9880
+	C = 1717cf885ea64216a57501a07ea086305a130d5be30ce4a921aee351bdb8bc0fe7226a8120fe74c85038142c90edeae5ad8bb8d9ef4601e6d4501e79d3d31c1a9ba2359f276c88dadd2c0315baca3d591398a6e45a3d2b750d63c8e122bc4d3084f121c307f87e49b49fbc4a263271
+	reseed counter = 2
+AdditionalInput = acd2fcb552f38b00a37c512c24c279b27fb7abebcc2b5a2e93b965922b3ac878
+ReturnedBits = 933a3da029af2dc9a8804162c2f88b311043c996f2bd87bed59b0a5cc885a794029b7dd0ee80ed25a241de4e2ac2e7a46e46b7f72d7e315105e28cf5ab6cd5bd416379122c6d22204fc5304a6bbc7eb4f6e916e1aab7b669dd6a1464b19b684985106cf411aea9ded8f38c0a48f0f7f09aa9d00f5676f09b2dbbe35f31d42d505beeb5fcc4059e05f4bd1951f923cd6f9eae5212ee2bf325327b41cd5e9ac3dcaca73d03c4c2126e162c2a562fa55a84e9019f6460ddbb275862476eae680978
+** GENERATE (SECOND CALL):
+	V = abdac7d4a03d20647544ed731f5ca31c5cb61ab62127bb09a49afea7210fdde69959309668b79776b5d355b3183117877902177fd9f50a7f736d948637c2bc78e681d49699f3fdd3bf31fae5cac5c0edf4cd100a6a95517e8a888f69556af15c2c6faa94dfd01316d77edba062acb1
+	C = 1717cf885ea64216a57501a07ea086305a130d5be30ce4a921aee351bdb8bc0fe7226a8120fe74c85038142c90edeae5ad8bb8d9ef4601e6d4501e79d3d31c1a9ba2359f276c88dadd2c0315baca3d591398a6e45a3d2b750d63c8e122bc4d3084f121c307f87e49b49fbc4a263271
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 3144e17a10c856129764f58fd8e4231020546996c0bf6cff8e91c24ee09be333
+Nonce = b16fcb1cf0c010f31feab733588b8e04
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3a85ca10eac683d6a9270594d17f33a21dad7b9b259c2a174462a5e0c909a133db84b4ee2bdb0f72cdcef7d62854e535468452285dbe8e46bed3965dc9c66952defa48879493edc01bc07ed4973c115cfdd9947a708465351b78b804652ec7cbe7f6e2a09193fa352ff991d38c94ac
+	C = 74ea437c49126ff361feab5639a8ad318d455c94b3f999ff1606f592c27f8bf0be562c7bffa297de8512ef44b0dfc8db5cb17c9692ac0d80f066961e6426084108089eee4a759d5309ec861668ddeb1c31ceef26edad678b6f36c3ebcb9c936cafcee3d9a96ae6554e22d42888ab07
+	reseed counter = 1
+EntropyInputReseed = a0b3584c2c8412f618406834404d1eb0ce999ba28966054d7e497e0db608b967
+AdditionalInputReseed = 
+** RESEED:
+	V = b37f9aa39c5a80df56c040402407960ef6f8892d1a688ffc93bad6ebe6af44d55ccd66c1f44eb531e9dac1c9447681d7b27b2b703b490032696b32330b5edd123e5ece7c40efe70a29822ea8e4e454bb72085c6b037a8652ec227f899dd01455db8ee7b6b2e92114f6f9fb678e6332
+	C = 908ad858db2c5d21fa1cd860217bd75ad0ba1df2fd24e303964c01113a0b024a1e53640d5ae339040b4357c1f3c0be2f14607b1385e968183c53ecd9a33ddb04b3ac36dfc1353d8571159a0b31b81b5d3de24b8ae6530c838fa8712ea5d4d58763f2be0ab1989987c56bfd315df521
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 440a72fc7786de0150dd18a045836d69c7b2a720178d73002a06d7fd20ba471f7b20cacf4f31ee35f51e198b383740fb34724a0747e261c800fa0f744bdc842d37199f6acf5f4af041a6600878cf72a7ceaa750fa1c23546f962afe97c055683eaf5131d9f9c882edb93c50adba963
+	C = 908ad858db2c5d21fa1cd860217bd75ad0ba1df2fd24e303964c01113a0b024a1e53640d5ae339040b4357c1f3c0be2f14607b1385e968183c53ecd9a33ddb04b3ac36dfc1353d8571159a0b31b81b5d3de24b8ae6530c838fa8712ea5d4d58763f2be0ab1989987c56bfd315df521
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = efa35dd0362adb7626456b36fac74d3c28d01d926420275a28bea9c9dd7547c15e7931852ac1277076567535239c1f429c7f75cf74c2267deb6a3e596cf326156c796941283b8d583f171c2f6e3323f7555e1b181ffda30507210cb1f589b23cd71880fd44370cacf43375b0db7e336f12b309bfd4f610bb8f20e1a15e253a4fe511a027968df0b105a1d73aff7c7a826d39f640dfb8f522259ed402282e2c2e9d3a498f51725fe4141b06da5598a42ac1e0494e997d566a1a39b676b96a6003a4c5db84f246584ee65af70ff2160278166da16d91c9b8f2deb02751a1088ad6be4e80ef966eb73e66bc87cad87c77c0b34a21ba1da0ba6d16ca5046dc4abda0
+** GENERATE (SECOND CALL):
+	V = d4954b5552b33b234af9f10066ff44c4986cc51314b25603c052d90e5ac5496999742edcaa15273a0061714d2bf7ffb32b7000bfdeb10605f36174eb33a48a4cc007c23bb03597b4d8a6373ca7037e8a8ff08f63779da9e61878b1886cb084ba68ceef8ad4e5ba7720acbd3b262822
+	C = 908ad858db2c5d21fa1cd860217bd75ad0ba1df2fd24e303964c01113a0b024a1e53640d5ae339040b4357c1f3c0be2f14607b1385e968183c53ecd9a33ddb04b3ac36dfc1353d8571159a0b31b81b5d3de24b8ae6530c838fa8712ea5d4d58763f2be0ab1989987c56bfd315df521
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 322bae6dccdcf2de956014d8b247365602b24c91d7ba37dc096e4cf7fdef5742
+Nonce = 0c4e8937928ac7303f4b29a92f799129
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3ad1e872687b2a301e41950049cb7763b26bd6d7226f7c7442908b59e27e5352a146750416f564651f7115d2c6158db3a22389df7cdb2a100e6a2af71308a569dbcd3edad64266544096833705cc13e28b2d51e9510ad6709db3c1d0b8eaaf4583499ea1f4f3a9a27cca18e71d86fa
+	C = dbebbbb1ae0eefe8afe4bd6c1c9269f9545cad13f6336e280dd22810867fdad89ffd6c6b4831846a8e79df5e580a2dcac4a9edc5140f328851479f0d78d8036191f2530b66f4d375832de3da1280e80ae121643535cff10cb2f6a0b892249927c3436ffdb560bbb40e67b83d38790f
+	reseed counter = 1
+EntropyInputReseed = f0dedcbc4872841e11c435e9d903096ca30f23450d54fc719ade64f3b941bb56
+AdditionalInputReseed = 
+** RESEED:
+	V = 2f131773b8fe18c17ec527d8afa12b860089e8dee0df2f96f2f166d2b4eecd4bcc28eb8a4db3dc7db752aa4665e7df7447c17afea90f7079fb2cebed4f5328817a592ba8d651ec283de94847018c96ede6f7ab89152e321175f12805bcd1aafb722e77dda843662db1eb53a127c13e
+	C = e65056c1ce92fbfc370b28a873eb3f45efc8e500e246f988dbf58bdbd318eee64e919484cc5d9641335c5ec23ba3d72719404426545303952b7b340fe959af12ac9b8e91f4f046adb6a8085d0fd8fc9fc6c2deabec5569a52b1adf79592a6b8bad1fe8152029515a10a130a684341f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 15636e35879114bdb5d05081238c6acbf052cddfc326291fcee6f2ae8807bc321aba800f1a1172beeaaf0908a18bb6d85304a106642219c37d1eaa63e7dffc3915f488c28a895e9c9dc18ef9acac1d0af3afa9d08f683946de7f784856202b38b99f639045eb74929d6a51cc713d3b
+	C = e65056c1ce92fbfc370b28a873eb3f45efc8e500e246f988dbf58bdbd318eee64e919484cc5d9641335c5ec23ba3d72719404426545303952b7b340fe959af12ac9b8e91f4f046adb6a8085d0fd8fc9fc6c2deabec5569a52b1adf79592a6b8bad1fe8152029515a10a130a684341f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 78120acc1fa978e53b6dbdca5dedc650f90f0f5cc3b01bae63b34d1e880cf00dbf89c0861b516b3a4acd006284e865027b3648588c7aad4abad9406d183ce5675cd7d2005fa3bb0e33fa6435a3c567e999703138060bfd090474361f8b2a4bc849644a79292c41e6e9a93cf4fa795698e4ea54698a1af9b2a438be608187fc407efeee547703f42a027130a97bc6400cf8944c0f3e79e96a4d4edec5a326a54dd967dcf89d747f4abccf078bc2fd757ba72d54e010883f2f3c1fbb5e1cc372245109f6831fc22a9af4d1da2ba506f01f52183b547d3066a6d0b3a919524b08ad3ee1325dbdcab4858f15179f99f89f4fd2f808e3d7d52fbb0fc0653e30f7df41
+** GENERATE (SECOND CALL):
+	V = fbb3c4f7562410b9ecdb79299777aa11e01bb2e0a56d22a8aadc7e8a5b20ab18694c1493e66f09001e0b67cadd2f8ee00b9782bf69c22bc8a8b9c97f12d29ae51fac9c4e4b9f4065b3b75ede712221c04764934a3899dff8dbb863432bec1afa5093876a2ae6192b81f4a547a92e33
+	C = e65056c1ce92fbfc370b28a873eb3f45efc8e500e246f988dbf58bdbd318eee64e919484cc5d9641335c5ec23ba3d72719404426545303952b7b340fe959af12ac9b8e91f4f046adb6a8085d0fd8fc9fc6c2deabec5569a52b1adf79592a6b8bad1fe8152029515a10a130a684341f
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 00bb3a19b17860089bb150e0342c7770b66bb782719f1d807fd5c5a5c071a5d4
+Nonce = ec75141ed5cfd1cb461a03c7c1f96ac4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 26e038729b88fd70a726a509967d5cf338df5e912b9eb1efbea16f7b55329315d0e6594b521ec58b021c0a4494181b0f361f55e89ee9c69136830b96342be28e0d89510dcadb660da1ca1531ce965b75d2036a17e89f41c38b906f1a254b5c8f50788a64c512d818e45eb483ab09c3
+	C = 15bdfe1d176a4f67889a0846d64828296974fc271572deb3981d67f06e0c3e493756044aa8b2d553409464cc29100a17072896092edd82eb5d14ce3b20484117b47a356712262950655c0652cd03a3c0758a392334d177da353884016bfc7b8e2010c5fa08148ef5cd8b2a64597cb4
+	reseed counter = 1
+EntropyInputReseed = 36ce5fb242a58bc624d927738284c0bc16890afc49195f04af6796b803cd45bf
+AdditionalInputReseed = 
+** RESEED:
+	V = 2c1939a7636eebebed770a01bc1b938110599e897bb3fe43106bb5b3b2b65f1aa685061ee6cad0a208b1edfa3fcd9a1d791c2fa7dbe96272cce15316949ed0773e4bc72fd93f4f5f2a3ac7f76c1b681527f9a18efefcd5b29c6d12ccf971b38062500f04a05cff91b86f2bad5e6e42
+	C = 93d8199f98745981a95af43fbf0db9a51504774e40f65693c23576854fb666723be431cb7c64472e9cd5e628a5db39863b6f31aaedd8f2481ec836907d76ffaa9dc64053e5853e35a8d45da8dd490cd000a1d054e7b1b182093268c13fe82c89390bfb32fb94187d0bb5db0dabd31b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bff15346fbe3456d96d1fe417b294d26255e15d7bcaa54d6d2a12c39026cc58ce26937ea632f17d0a587d422e5a8d498ca02425db4d676967b17881510c70876527b9363d0c5bcee92ec54a4aae535d4378ea15964dbe4d6c7a64c75e61f11f84c418903479f77a9bf3ff53ec432c0
+	C = 93d8199f98745981a95af43fbf0db9a51504774e40f65693c23576854fb666723be431cb7c64472e9cd5e628a5db39863b6f31aaedd8f2481ec836907d76ffaa9dc64053e5853e35a8d45da8dd490cd000a1d054e7b1b182093268c13fe82c89390bfb32fb94187d0bb5db0dabd31b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7678118419264edf03c97fd519d56321b1fd249f25409438e18ae5ed314c553d78f021cb3b58fdab846a762bac1c30a9e659c795d9024ebb0491a6b6f9c489db6b9f2278306fd429bebcf97bf32c914360d863a9fb9e6ccd37bfc9bfbff16c0d2ed79d8bc64e62dbd37d076e7bef607fe660151b5c9fa0524f171762e40c04d54b7648d10d7b87e94357356e9916e41497c139b66659c3548b74dc67d7257412df47d3b580bb5419313a6d86208d8526d96ec73489c6693f75b217e5dda61baed5ff0aeb460fd9aa6e64ee861f4251721431d0fdef7741f43b8f884be9d466cecd893d110f8d41cc73b883538b3740fdb35cb1cc07378f95df1c2a5fe28deb3a
+** GENERATE (SECOND CALL):
+	V = 53c96ce694579eef402cf2813a3706cb3a628d25fda0ab6a94d6a2be52232bff1e4d69b5df935eff425dba4b8b840ef85a37913d6531b2c7a491aaa9bf04ecceab13fbef08a90898054c3909dcf704b5fbadf8716ea05a1023c1bb8a24a68c863d6a81a7b3b09cbd627ef631543d47
+	C = 93d8199f98745981a95af43fbf0db9a51504774e40f65693c23576854fb666723be431cb7c64472e9cd5e628a5db39863b6f31aaedd8f2481ec836907d76ffaa9dc64053e5853e35a8d45da8dd490cd000a1d054e7b1b182093268c13fe82c89390bfb32fb94187d0bb5db0dabd31b
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 76fe58e240129f52937bc909c24d20e980855181dcf80b65cfd5c9a5183ce07b
+Nonce = 285d8c71c6490de92ca95093a3ee7f81
+PersonalizationString = 
+** INSTANTIATE:
+	V = 411dddeb68df2aa53f0aaa8f27068f7acb5fb6a4e833ad9468df12776c19e7df88511f320addc9eb7c99bf278e4786ea78b645b6a0f29ab1d03a65860ac2ee49273d2e2cbc9a8838beaf3933c4e3cad0a2bf5893e6fb8f8d835314d5d449a30987169f4da4bee91eae7064606e28f1
+	C = b133aa3e2977672bd92d29424a3137d01ced4682cbd33474924fd08b491986e0028a69beb7d5e3de220122478e0faf9b7200780636526eef47bcae3fe16ae7769abdbba444c992104cc34782a1de8e4d34d44bc7012aa2f4f1b8f8bb550c36e6dab4b54ecb51e2fd037b496d26b720
+	reseed counter = 1
+EntropyInputReseed = aca7d420885f82010a2a3d07122b2027538955007c033e235555732b430065c7
+AdditionalInputReseed = 
+** RESEED:
+	V = f51aacd0b9509cc3673f531008c5da2259dad43b166640e5d4ca832cf2542b434d11913d9b1d576b2fc94e97a228a10976f9d05e3b4f68a979238baace3e6423622f357b135297827658e29b42b2449431ae295ea15a33a3f57d336d524b623552399c73f4433056109ef7de684d46
+	C = 8b40806dc2d6ed9fd2c503dac0052cd5485cf83bc20ae48720b4bbf1359606e2b8fbed957966f6dacdadb49b97d4c0108acd7e53411a3b198ab3f438d421588e7c9f91d7947eb0d7c7cb944aeced0384d51930103002457b10f062711a0fad4e9d8f67e99104d40176601a2e965c3b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 805b2d3e7c278a633a0456eac8cb06f7a237cc76d871256cf57f3f1e27ea3226060d7ed314844e45fd77033339fd62101ea79d205b464373e4f92a32adc5b21426fd3f2f64ee693a03ed0560c4fddb17fe19d307d2213b0d68030f6b124a1ea879545f4daef8a56f34c2a797d327f7
+	C = 8b40806dc2d6ed9fd2c503dac0052cd5485cf83bc20ae48720b4bbf1359606e2b8fbed957966f6dacdadb49b97d4c0108acd7e53411a3b198ab3f438d421588e7c9f91d7947eb0d7c7cb944aeced0384d51930103002457b10f062711a0fad4e9d8f67e99104d40176601a2e965c3b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7242dcb7533dd7938a4abe7a99d3c9d2194534247361320606a482df2f11b04b2be20ebf88468c032e8381199e83122f51f9502c7b8e2f316b149db26cb9e36962385b04cbc915f731ede5122840cd4d826085b4c3d368c04041a8f8dbd9fa4b3ee937a51689838b4d8fcb7f1f5c13d0cede84449b9191b123745777c44d1e207debd22cc9e63548dfe98328cba2e1c4ec63984c81e67607b64db201349db3e4b6934d1ad95b1a073e7f91fd2b7c31227999a5a3f00d3bbda4e97fbc610cdcf4e51bc685953bd698eebf3ae366f6dbd7b10fe0828ac3099bc29af75113aa023cce7ea4aa315e9a8c0bd8cbe4f35458ae95c595b8ac1e55028b8a496a63866e7b
+** GENERATE (SECOND CALL):
+	V = 0b9badac3efe78030cc95ac588d033ccea94c4b29a7c09f41633fb0f5d803908bf096c688deb4520cb24b7ced1d222583c7bc6485b6450ca00b82a0c43712238135a7bbd189be57d8c084664f4121cd52ab3144d8dac05e9ffe29666ca474a1ce9837d0028656de4a04fd1494371c8
+	C = 8b40806dc2d6ed9fd2c503dac0052cd5485cf83bc20ae48720b4bbf1359606e2b8fbed957966f6dacdadb49b97d4c0108acd7e53411a3b198ab3f438d421588e7c9f91d7947eb0d7c7cb944aeced0384d51930103002457b10f062711a0fad4e9d8f67e99104d40176601a2e965c3b
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = e38855b7d6284509f696c9ce7311149119447cb59e465efd1233948bb66f7c0d
+Nonce = aa968cf91916d7e4b1432515134a8c81
+PersonalizationString = 
+** INSTANTIATE:
+	V = 754ef71b5bdc1427f7ff8d9d4375db51798a6187015ee29b19c0de349110124fa51bbbcc9a58f69783b26ceeb7155e42674f17a941d92fc2aad979863d10e4baa76e2f5b61b5e773bcd02a8e249a5db96a557a19fe7e57cd4b818a973e42cda15d700fe7b34e040beb90b0dc7a8f54
+	C = 0336fc6e21acf2ee98ae629b3bd2d46adf99638485b635cfae2de0ca1e28256d095311cbbb0a30a5c3d98b564825d1ca5fdaa400a5bad602f7cc651972affe701430860c7d31888677aa8c6c1426a6bbd8673bdd941e8cb01a4c7c1b6b0649f54713ffd9bb648953ca1a21b6fcfdbb
+	reseed counter = 1
+EntropyInputReseed = 83d1e55d779f5f642bbe47e6ad83ddca81c82cdeae6c459ac2fb65a30504d030
+AdditionalInputReseed = 
+** RESEED:
+	V = 48cebb2b826f6f85debe2fa157ae91c4154085b5717b8d9bec4c1e39b1db4e02aca71d29e61c704974804136610e869be4b5aad14c06e1ca1db08fada6326b2ac43f7ad22a05f0a9a855bd7a146aa975f99298b6141925b006fc740a8fb2d0e9fb7317e3ee95fa75ed01ed430e1436
+	C = c32697ad212570ff1ad4886b4fb767c99a5d36265aa1f8a74949c0dc3c1cb074755840a3d6e138f0580083cbfc800a700017adc48f08f51b4880d6527016f9a0cbebd72f9b8ebd4bd42615e722831d825ba72c8df38619e59d67e0de11228b05f4ce724360e8e227af5e5739456f9e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0bf552d8a394e084f992b80ca765f98daf9dbbdbcc1d86433595df15edf7fe7721ff5dcdbcfda939cc80c5025d8e91ce319292e4f4776dc06823739a998bb917e978a665445bf29cd290af7b356db2d6fc03c33dd828d5911ff8a71e356cb0a0bb6e982485233956343f71a4587c3b
+	C = c32697ad212570ff1ad4886b4fb767c99a5d36265aa1f8a74949c0dc3c1cb074755840a3d6e138f0580083cbfc800a700017adc48f08f51b4880d6527016f9a0cbebd72f9b8ebd4bd42615e722831d825ba72c8df38619e59d67e0de11228b05f4ce724360e8e227af5e5739456f9e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 92eebe641687ed6c81d2f64b1478e84cea3e73f38022945ff0e50aa393af45be7af45abf4cc5a1d2d0698fffe858990735dfbefb6ce02f5885e24ff676e4dd233dab877dfaecb7c38eacd704db8a0a59bb5627217987dba850f611ffe5c04b02066f511328375f1e6db9f0b09d8fb4b65fd0ffa941e706f6f26ba5d9c40e1104fea8dba9ec7e975dcaeeb1c9401d5bfe263f22c3c7a68d603480e3328e031c46d93b6e3180592ec5e0047db0ff39ba02954a57ae62cb439a3a9726e45520dbe9b70e9e4dde65dc380500759d0b752db2eb2e7d15c8ff95d34dd270409a9850bae9b579006ed40cfe753bc8d87edfc568c0ed5172ad9c58e1684d1aa9673ad4ba
+** GENERATE (SECOND CALL):
+	V = cf1bea85c4ba518414674077f71d615749faf20226bf7eea7edf9ff22a14aeeb97579e7193dee22a248148ce5a0e9c40c51374aa42e128ef989fbd388b79e2a193dbade90022bec1e987e63bc30848e24e294567e25be032edf285519c968768914b0b432882df0a8eda0e7ec2ab7b
+	C = c32697ad212570ff1ad4886b4fb767c99a5d36265aa1f8a74949c0dc3c1cb074755840a3d6e138f0580083cbfc800a700017adc48f08f51b4880d6527016f9a0cbebd72f9b8ebd4bd42615e722831d825ba72c8df38619e59d67e0de11228b05f4ce724360e8e227af5e5739456f9e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = cb6ebb2382557833740855a15e76265a0997f798ead62670c56f3343a97c75ce
+Nonce = 1636f759a131a3a828773c8ce197643a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4f4bef172ab6732cc54f7dbc6845264fcaf2a3f71c98670ec7c2e958a49790e3de9f88c07e2558749cf0f2165bc80cb64465fa32ee9a2d5299dd44a31d0cd09aeae71f4a6f75c80780d543617bb10674c51a844482c15aa4f7c0fd3782812f8502507641c2452e37beed73d1286be2
+	C = 1c204828eb1e34d4dfc09742e4d14bd416e4de652d46650a5f93b5f8974e4615cede9aaed395e3a3096c9e6b4cab255c372d9f0338e45e7100aa1ee23edbf9a2f7bad05be6f2696709f1063fea06fe71f1584fa0954bf5258c891d1cb2cf1cfc78461598df4be8ee74a85e106ab271
+	reseed counter = 1
+EntropyInputReseed = 1cdebd2eec082cdfc362b21daa23edb4c90af0b754f38cea358ac974c9dd8582
+AdditionalInputReseed = 
+** RESEED:
+	V = a6e6680c5fd4f85814d6ba0b8f45dbf4e45a4e17077a5e67d1a81c11e15a9d15e20bd89505d2db2c2bb2b064fe00a3f9529606095b08bb14df5f5af3c42dbc6c5160efc78f554a1fb9bf66f730b233e1e427d698987386b5ba7575845cdc3ce25cd71d9c34ee4a25a5bbf866b42d99
+	C = 6a8033da4d207c6faf8358f62f4a30cac926cd14d8aec2f79891e27c3b43d46c54be90a4c44843947fb0e39e2731a23d8adf8ecfab1762c5c5ebe9e61e298de1b5473052db62246aa0f5783d173e3905b9a0cefbd82ff964ba513bae53e79cfa2360ceaf4caba563e64b04b8cac009
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 11669be6acf574c7c45a1301be900cbfad811b2be029215f6a39fe8e1c9e718236ca6939ca1b1ec0ab63940325324709fbe5ad28f73a4ae1985db73bd4aa7c1a38b0b5a83150d0cd08087c9f0f758bcc232fb950370c1b43ba407700205daca1d89d3a44c7d25bf271b50c752a4b79
+	C = 6a8033da4d207c6faf8358f62f4a30cac926cd14d8aec2f79891e27c3b43d46c54be90a4c44843947fb0e39e2731a23d8adf8ecfab1762c5c5ebe9e61e298de1b5473052db62246aa0f5783d173e3905b9a0cefbd82ff964ba513bae53e79cfa2360ceaf4caba563e64b04b8cac009
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 901da818ed786fd6b3812f20c868f31c0e1af69582dbfc369a58b4832a560ec8eb0c8a054b43997f7bed3f8360df0fc253aaa799944d9beaee3bf64685195ea6413c3a740dff52a9aa3f8bd888aa9f1e205cdc68f763c14f67d0f0094b5a2372657596fe9cf3887cf9278d7f54d38b501eaf47ce621291eb6124030223a8cb90d2c928fcf02ceec92b46b2c6eab53c0cf8e9c2c80861089a3c3519a6f505bca0be898082b5bc96a9b84261fd1d059009de7d4ae8497f9ffb93cbcaa7b34a5e6de278c27588ef2a8f2966df7f941d19e5dbb4b1469aad92a6e11aa0d83805d78791418d8aa9475f0770609edf989caf95ed51628239c67870166d8a95f1172341
+** GENERATE (SECOND CALL):
+	V = 7be6cfc0fa15f13773dd6bf7edda3d8a76a7e840b8d7e45702cbe10a57e245ee8b88f9de8e6362552b1477a14c63e96029d8906aa607652edba100d4bf6f439ea2fc2d9d08e2a273e7c6eb9b8ae67c19e8c120966ae2dc75761f18a5b33c38dd9ea64c0322a0f364e5aa3f23dc7204
+	C = 6a8033da4d207c6faf8358f62f4a30cac926cd14d8aec2f79891e27c3b43d46c54be90a4c44843947fb0e39e2731a23d8adf8ecfab1762c5c5ebe9e61e298de1b5473052db62246aa0f5783d173e3905b9a0cefbd82ff964ba513bae53e79cfa2360ceaf4caba563e64b04b8cac009
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 29734d4d18484a45c82c13f78eee9b772b99cde1547db06d0bcc066513cbe672
+Nonce = a1944ac1b50bef509cab0fb9ef8337ba
+PersonalizationString = 
+** INSTANTIATE:
+	V = 620d4f25d96c29bd64230892eb01b86d96917f6b62a92fead6a4692873308eecb7ad1fcc7bd3f49f2a4ebeab8a1b94a29a4dca24e5f2ee85aabac4ba8728ab589099f000ea7c769371796089f2385f588915feb8a111114f670747ac915547ad6052cb25a5c1116d756f44cda3ea41
+	C = 5fa78966ce08b5031ae60c8a094a31cae7f0658de8dbfebd3595bd3265bae98d951ade05b0968e111628727bf7966225f81aa6e8bca7aae70cea5cbed50585718c3bd2fc8b3f347bf28eb7d23c630fa3d7ac0b8cdad1c68801b6c4df731ec931afcfbbd1ec7c6625473cb551c6bfef
+	reseed counter = 1
+EntropyInputReseed = 629f84483da62e3629500172efc2c812da80d0cedef8a816b0ccfdde205de224
+AdditionalInputReseed = 
+** RESEED:
+	V = c5f771a7beb4217c5a963b64f56b3ab62b9288a5a3f8d8d8552cc27a9e98994fd4257d5c4d9cbf12597742183d405311647b381c1487a1b698b6fee4e54518989f5eccb3576447d2e61b40d3787735feff2211c8ac6cf27d16d118510e7d5b3d5dda483a7871b55da5f1d8a3f9c453
+	C = 09f0461cf901d837905ea621fe45aefeea06c7252ec8812391bd47bc8aa4b86fe211fb5572f1557b3fbf3ba3633417ebac5126a210e784ff80c689df8aef0caed382627204287fe7b231936a4fa13f66639c1bd9e1d5faa2af21abcb81ddc46e7feb1a181b2b59b1aec5d51b7a711c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cfe7b7c4b7b5f9b3eaf4e186f3b0e9b515994fcad2c159fbe6ea0a37293d51bfb63778b1c08e148d99367dbba0746bcc9ecb7de6f4196d24c60d9dd46f4b7a8958584e3571391ef6018e407a0eccff21803d91527fa2dc98c2380fbbe890ca6a94235d0bb5346809c3a14c41625820
+	C = 09f0461cf901d837905ea621fe45aefeea06c7252ec8812391bd47bc8aa4b86fe211fb5572f1557b3fbf3ba3633417ebac5126a210e784ff80c689df8aef0caed382627204287fe7b231936a4fa13f66639c1bd9e1d5faa2af21abcb81ddc46e7feb1a181b2b59b1aec5d51b7a711c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc824bf3c690f63a346e0f3bec5834e90cb35df35aa5f025c64cd70ee98d6a76e537629364cd3f0e7cc08143e4408dedd82873a2a6f58b08d2ed77a06c2aa61ef7206f9675837c233f81ceb6368295cb017c796891f1291e213700ecf062884035d6004c292e04caa188d86bbae63116ae92f0269bba50264121256355258d2ba83db3f78acc1160af02a2214f33754e81b12bd3fdb9c9d4697bb203a2a702adbcb8ca1c713d04d6135d53e26603248c711ca1d481658af1492008b2b340cb4e701978503c16a0621e09a2e604c7ad3c9833c5cb5ce0074ddc9e554699c867e7893969653a09ea48bc2e63727c6ad792802dfc30fced1c5786c130cb033ac3a5
+** GENERATE (SECOND CALL):
+	V = d9d7fde1b0b7d1eb7b5387a8f1f698b3ffa016f00189db1f78a751f3b3e20a2f98497407337f6a08d8f5b95f03a88416505707c36776bdb8cefeec8cbd9f50953ed29958298f4a4ec3d946b79a50540a40e210c8cc51911d382d003478b840460da4dd342c2d5f0b67f320cedf9154
+	C = 09f0461cf901d837905ea621fe45aefeea06c7252ec8812391bd47bc8aa4b86fe211fb5572f1557b3fbf3ba3633417ebac5126a210e784ff80c689df8aef0caed382627204287fe7b231936a4fa13f66639c1bd9e1d5faa2af21abcb81ddc46e7feb1a181b2b59b1aec5d51b7a711c
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = ec316425c0fad733121ff0c825672e49b0add01b3623bd683b313b03d71abc86
+Nonce = 7f58a71dfc67a53e6f0bcae3cbfe0172
+PersonalizationString = 
+** INSTANTIATE:
+	V = f43dc7103a1fe53c9ae2db97b783cd02a54e7e5380cba9e1c8c9098e71d461b180352b4296febfbfd1ae3236506eabf6918123c5119cd28d1f4501334b9dc6464b71c21fd6d6dffd8280ef39b39aee5dc15c1d36be2bfc1621ad5244cf71b47acf63503495b07899d68be63b5bdd8d
+	C = 00b66b78093f34b99d4c57ba09980b2af25f782b27221c2393a8bdbbc86e51cfa0afa5ab8e550687ed9759a491d871630f634c534d1b570f3eb6efa03faca4bfafee3697904c81cac33da85fc56d02cb29c567edfbdc836cf7c2710f339c06afae972893ce3b06445325adcf92684c
+	reseed counter = 1
+EntropyInputReseed = f634d532fe345e9d5180521e50f7beee0622c898b061c91128a9df14b0db7ddf
+AdditionalInputReseed = 
+** RESEED:
+	V = 1d298b7428dc5cfb4b0bed7929b181e9fddec2ff0d5ce092ea30d2436ef2ecf8bbc8c159948d93dba9a5c119d4f3474bbaec3a32b7d9c2426dde491062677381aa08a881e05c7ffeb5da86fd6f9b08895b1eaf2287d66d276e1d0c115cb0a88c8b14552145905e36241ba9b5cae5b7
+	C = 03e114a96ada46b02882690cce07e19a7ed8f702de37d7402932ef858693d30f04aa968aafc35b45b443c74ff1dad54cccc123e9c52f0717ed79fd73799965774f7f0e27a9d7320998b63bb445e1f616b0f84c283418c898fb546823e6167aec8bba7431ccb1c104026ae647eada6d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 210aa01d93b6a3ab738e5685f7b963847cb7ba01eb94b7d31363c1c8f586c007c07357e44450ef215de98869c6ce1d3bacc9b8d455ad0a862ac1b81b9d92a6fb515673e4f42536a0b20bc7657250e1d6166c0c27b4d2df7dd867c294c0524e8e2be9416425dcaa68e8c008c6ebea6e
+	C = 03e114a96ada46b02882690cce07e19a7ed8f702de37d7402932ef858693d30f04aa968aafc35b45b443c74ff1dad54cccc123e9c52f0717ed79fd73799965774f7f0e27a9d7320998b63bb445e1f616b0f84c283418c898fb546823e6167aec8bba7431ccb1c104026ae647eada6d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 28ccda364e787881c76eef32367a4f41571c27d2343e37eb54a6455d671317fbbb440a82516bee4352f907c4ca07b5f9524a63908b0b6fd09787e8358559798042c5f468c05a7ff51c277ab6771bcccc3a4a4c1248d4027c9604bb7c99516b749cadb6ab26363038c6767cfa5a4f7b7ce39ee34112211d240717420fdff6a487d6e9f9b606eb30f17988f094e2fab4747ca26d4783a977487b8d59dd09019e90519e280654dec664346b78d70bd6700716f560ac11c1d85fed257a3eeafb13089c0d4398ece4cff5d252fe20096651a9db04eef9710424e1346001ac7685849f34de8ad27b229f43e504e30eeaa5aec7e9a321eca9b89115d73f5e305d487462
+** GENERATE (SECOND CALL):
+	V = 24ebb4c6fe90ea5b9c10bf92c5c1451efb90b104c9cc8f133c96b14e7c1a9316c51dee6ef4144a67122d4fb9b8a8f370080e18e5a890633c98618d98667d091d485a14afb0050515c0093455b23f10ffe3cf0ccf276d3a1861b0ef6a6e1c5710f7cacd4176760921d1cf0c4e025797
+	C = 03e114a96ada46b02882690cce07e19a7ed8f702de37d7402932ef858693d30f04aa968aafc35b45b443c74ff1dad54cccc123e9c52f0717ed79fd73799965774f7f0e27a9d7320998b63bb445e1f616b0f84c283418c898fb546823e6167aec8bba7431ccb1c104026ae647eada6d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1af338f56cb540ceb009b300e57fb7819a3d949a239c15709db553ea4107b7e7
+Nonce = 6fc922b60e4bdae5637e65c1a32daed1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 62ab4a77f87cec095e01dbd824a302209ceb170974ef8061cba19512d0777c60850555e64735caad9c4055b621129a048bdf11cb953a8aeea5931199bab02463b35a4eaea376e6ad627f81b60144e870873f9a303ee823ace3614105c2423adad054673fccc2c7ab9b394155b1419b
+	C = 7dfc76f21cde95940592c887437a0c8f2ff8691a612ecba7b44411b322c1c7e6cc5ae8dc5065c14fa3f1e8819082fedbcba45e9ab3dbb3c40c76e7ef4e71cdefa268b0c634dad03827f553b9c21e7751f2ae370661f8728d23897f16bf31b618c6b92ef915b31fa201b0a07b7950bd
+	reseed counter = 1
+EntropyInputReseed = c20776116c8ebc1714d9a930bd2ba427f8e3a9f4b2fb7da3f9cbb493610cfcc2
+AdditionalInputReseed = 
+** RESEED:
+	V = 76d50f4a72ce910ff52f56b7182c9f72bd46e4511dac8796c81058c76a2db4365a62c755f1ae45bb7a707f4382e83372e8dcf40e14cd44706f550ec9d0cad1d34cf723e14e62a416da65f7fac57b1b8ab0b3053b585ea34f32d8ce4cab9b02c997888251ce8ed6034bb68eb62ee17d
+	C = 0aa8fa26e7aeb0909940417499881bb80241cdf8939b1934a0b937c2484db5b1e73c773795cbf7ed6489edef0d64b1acc2c3c7bf22a3e8bf5ef23fb1e52c62999697c1667ba799f47dbbaf6afe5abea3cf03515e065c53fcdf5ab60b323dc708fedf5e28d12cc5acdc10a45a5a469a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 817e09715a7d41a08e6f982bb1b4bb2abf88b249b147a0cb68c99089b27b69e8419f3e8d877a3da8defa6d32904ce552a64a50714017de1bf57e9ca9e37b25ab1112eda2934d1de2fbad1ab2534950e73e8999dfbc7800b213ba011734fb226899c79dd4cbebd01f68f3cc94199a90
+	C = 0aa8fa26e7aeb0909940417499881bb80241cdf8939b1934a0b937c2484db5b1e73c773795cbf7ed6489edef0d64b1acc2c3c7bf22a3e8bf5ef23fb1e52c62999697c1667ba799f47dbbaf6afe5abea3cf03515e065c53fcdf5ab60b323dc708fedf5e28d12cc5acdc10a45a5a469a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ab9dfaa423eea3045422c3c52a0bd11f4f0d92ae6bc1b7a7000b3cfcc0039367bc04a7f9c4a50531d93e09e45c69ad9e3bad460354459192e4a19eb4187e14f5a879bd2e2fe8bb4a41db5b69713b11a6a7f1c729d82f954c9d201541762a56bdcc56a4842d773d681807880c5be90551e78242e78e7255d35a965df66e38c14ed38aba864b5bdf87b3f47e1e19a7f4209a53625080d23533eabbd34206c126b8f0606fbb6f5cdbfca97dcd18ef3e2b3be869ddcd5299c2824b32616063c76f124e1ecbf438ecea17382bde80d86848dfe5851cc159131359ae71fc4d0712da38225b2043ba20d045a47ef2f97043d7710f7192dc6b9fd2fca88e18866346fd03
+** GENERATE (SECOND CALL):
+	V = 8c270398422bf23127afd9a04b3cd6e2c1ca804244e2ba000982c84bfac91f9a28dbb5c51d46359643845b219db19760cc89b030a52b54d695fc2fbd6217e174f396a20858e34f71c53349daae02faa13380e3f5120ecd484bc6310e240c6e936872e674ac4ad131078cf3e433c3f0
+	C = 0aa8fa26e7aeb0909940417499881bb80241cdf8939b1934a0b937c2484db5b1e73c773795cbf7ed6489edef0d64b1acc2c3c7bf22a3e8bf5ef23fb1e52c62999697c1667ba799f47dbbaf6afe5abea3cf03515e065c53fcdf5ab60b323dc708fedf5e28d12cc5acdc10a45a5a469a
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 314f01ea0c6c3f6ce124c8c5c5874857c82e79556e050793d25e13a0147f4cf0
+Nonce = 5548778595f96d31e390e2db699e0d8d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4814bd89e28fe012a7a329df600d11605798d68531af6f6d3f8ec3d200787cc0bc656fc684c420387276a144c5cf5998b5c41141389ba336b03af562696a741589ae08397f75026a9d81f9584cf75f5387f05ada4f2ef614f70d236d87da8f7c306edc0b913bd63b517cbd85f6fdce
+	C = 607cc033a8c2b4664a07eed696590e1d45a7376c745c302108d4746fc457d02be1188a1f7bd3798bdec73cebeaf2d473ef64743c448fd582e14d82c4f0e2d79abdb6a816bca7f4c6c4f0eacfde2f28ec1297813e5307af2f05b982844031817b0e38692dc650c458819904fe0ed7d9
+	reseed counter = 1
+EntropyInputReseed = e67f87612cefa81e4ace5c44265b45a08ce46eb92274c3c0e83cd159bc602c87
+AdditionalInputReseed = 
+** RESEED:
+	V = 380466aff0cd906a9aa8fcf8f9131cd91a4d137f1ae25ab648126191748b3246d37a44054950e5bfff80b222f4c3367cf897cf835e31c62a3111fffce29617740286053cf40bf85f3bb61a5d3564327f5af73e42ec8c8023b044ceb40c189d5fd57b1a5328dc129fa968c1e6ff0834
+	C = 61f5284fc4e49775960ecdc820b3e3c28493df10cbf22649a59a9cd2f8db9e234da3d7ff4422d1f9ace0a2db4cbbe24b8e379a62a57d91dfacd0dd3353256a12753b18db8ce34aa2d851c786222c8b61ecb32de37238d111aff8d1952ca4d13cd4a61ca3195656e3adcb5c6c998bb3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 99f98effb5b227e030b7cac119c7009b9ee0f28fe6d480ffedacfe646d66d06a211e1c048d73b7b9ac6154fe417f192abdc508a902e6348d4107ef8e5c3397d10cc53e3a6852eed4869159d6278da4d9d81e10c7142647198d3f84cb5befc2b5745be37ad23c61cde7870e55031092
+	C = 61f5284fc4e49775960ecdc820b3e3c28493df10cbf22649a59a9cd2f8db9e234da3d7ff4422d1f9ace0a2db4cbbe24b8e379a62a57d91dfacd0dd3353256a12753b18db8ce34aa2d851c786222c8b61ecb32de37238d111aff8d1952ca4d13cd4a61ca3195656e3adcb5c6c998bb3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = affb707935fc5ddf56392f778fdf5eccb244e704cc8ebd1030a8fff5efe423e8965416e36ffc5e9d2c639f76e58de32d4d69cc93a7bab199209add77277007067e48864df207376552432294d7962091879b3747c84c9668ce92c3900204ee64e60ca26213c3e23fb31518d8a3fa6d5a1158cfc96e2aea76fa349c8c2b3f5287c21e93e1de68a39b70d9491ec1a13b7bb0a0192b754428efd0fecec1466412738e11357e4b0b2c9d2abab3261854e31d18803039d31e29984aae3eda2133d7d3203686f3a9970928138650ff8cd165a64e71ec7659ebff286e9bc8479e8f4667faea6aa1c57ea5b675b07fda14f1f6c9e5bfbee6ff255a3765f37217ebefadcf
+** GENERATE (SECOND CALL):
+	V = fbeeb74f7a96bf55c6c698893a7ae45e2374d1a0b2c6a74993479b3766426e8d6ec1f403d19689b35941f7d98e3afb7af72a36a6019d6689d083a19c14ec00708ec0a6ec12197aaeb2a52ff3409dba67b0701f36d64eda240cb7f8ad524a6c04f4c65885429df87ffaf3504381ce22
+	C = 61f5284fc4e49775960ecdc820b3e3c28493df10cbf22649a59a9cd2f8db9e234da3d7ff4422d1f9ace0a2db4cbbe24b8e379a62a57d91dfacd0dd3353256a12753b18db8ce34aa2d851c786222c8b61ecb32de37238d111aff8d1952ca4d13cd4a61ca3195656e3adcb5c6c998bb3
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 9e83df0d5566c74f8956c7e0860036c947a301252b1e817e6d0c202cf9d2a308
+Nonce = 9332743f05778bd47f50c49bdc02a394
+PersonalizationString = 
+** INSTANTIATE:
+	V = e99e8a83aeaedfaca1a23af134b1cf7b36bb8d8d54fe7c04ddee3e892c1c73c50c43b74e5c2386a75d1644e89c4432d041e76de12965da926429f850dfe5c8019b3f6f88ffa6ffea7ff386938884fe64f0eeed90dac4ba1e7fc573e738c702f872ec459709cad479c0dae5465aa16d
+	C = 4154dbb013bbeb5b62f30b9f0003a6a15e34a2e05970379c2229951dea9e6ee0dc42effe367fa3ee65be8472f07d327da2f8c304dc9f0ef5f32fabcaaf6091322253b912bc26c8517b1841bb6dc2ff83e296dea0de8af290e23afd77ddd751ad0f1946099886b26e5bc85a32bd81f7
+	reseed counter = 1
+EntropyInputReseed = 0d50e29816729fab148aede2a603bf693e716b5641d1e8158b5ffa916d953ba4
+AdditionalInputReseed = 
+** RESEED:
+	V = 4abfd415e9cf2f9bbac4fe03e7f072845ef5aa2933bb14e43a1c4a1d39be730e3ea96a7b9b41eabb2877076353b55ea6ca800edba1c5a7044177939a76e8555f4868a467a866f3446e4939eaf425a51fbabaadf7a61544a964c5bd5e7b6406b56e495171907caa485d6d2e10e69294
+	C = 6ed4c46fcb95d5ae51701a4a1903861299fae17717dc847a9513293ac9e7653050178f542d872b9b8a8a52e9beb561816adc287be59f1bcf4e3e3a52fbaa128fb657c952067b12e3211240302809a048c420882e2c9f68df40a407a69dcbef28183bb8f445e18e5c207bffb6bd268c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b9949885b565054a0c35184e00f3f896f8f08ba04b97995ecf2f735803a5d83e8ec0f9cfc8c91656b3015a4d126ac06f786b14c5410debd01680892d00d986af5177d1b18398acca4f0ad9ed311f1c60c50bb3b8594a65f555a7e7e087719bae92c00e03b89944481aaae1385b6fc9
+	C = 6ed4c46fcb95d5ae51701a4a1903861299fae17717dc847a9513293ac9e7653050178f542d872b9b8a8a52e9beb561816adc287be59f1bcf4e3e3a52fbaa128fb657c952067b12e3211240302809a048c420882e2c9f68df40a407a69dcbef28183bb8f445e18e5c207bffb6bd268c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a7643bfe540d4cfac23f48920bac2d238b7d1bdf0e36de1e82335266f41feaa19dbce9264e6810b4865047acb1b3d71872172b6d8ab7d779bfb302a79ef570373037d1dec14947e05e1103dbbb9a69178159edfe466bd9c7ababb8338aaff70c9a2e1d4c8607eac81df38391cd85cd5c0605f9c169dc3cb0bf75530b7a889c426a4a2732678f39d45f80301f3c8e0f0c6e24d4ce70034de809c600056b18475de478d13a01423dfbc215740b5e7a42ced5c33342c8d3e88c5ae0deecd27f7a257bd14368478f3d2e7ba30a87f9b999f437c988cdd1955adbbd4241df79a331db44dfbda56a4a3457b6c62a99e4957a0faa69dc142fc21789c12230749e419fef
+** GENERATE (SECOND CALL):
+	V = 28695cf580fadaf85da5329819f77ea992eb6d1763741dd964429c92cd8d3d6eded88923f65041f23d8bad36d12022a439313d2117ddb78a7fb20a9ffdec56b8cc344185c5a29ce86d70db6c8c84e393118039f9d6570527c6826da6a07de1bfdc7aee68da7a880a43fa156c6a65b5
+	C = 6ed4c46fcb95d5ae51701a4a1903861299fae17717dc847a9513293ac9e7653050178f542d872b9b8a8a52e9beb561816adc287be59f1bcf4e3e3a52fbaa128fb657c952067b12e3211240302809a048c420882e2c9f68df40a407a69dcbef28183bb8f445e18e5c207bffb6bd268c
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 1b1ecbf5fe151df1506e7a9620f7df01db1915d0310c65d16718533f65dbb19c
+Nonce = 9381de35e9ab0281dbfaab246548dd51
+PersonalizationString = 
+** INSTANTIATE:
+	V = ae53563fa8910a15c728549da7eca6c2223572cd3b1b3501f347fbe0c2cdaaecb93bebfd83401ee14d4fb12f1069bceec22a4ddae8940c37c5faf129a1464220e6eb60e2f3cbc92d02f39e539f17ba160c9c7617124ea623b6334e97fc75d9409a2aee7762af3c7071c2ffec9ef393
+	C = 7c210003c22dab4417de6e6c2fba7cf46bfc91f1c8915894e0e5f2c62ebabdc8ccebc1a338fde294934e34065754b9e20a415b84fd87404ee15812bb699f2ce91d71888af87ff406fbb5de1ec2e2570f6bc8c6269e42a6eff36751e5d0697a31291941b0659e88cfa9b7f6483d16ba
+	reseed counter = 1
+EntropyInputReseed = 9ce8eafb1e235578a6271cf54ed54bbb0046db1ee923f901bff8f7ece800dcd0
+AdditionalInputReseed = 
+** RESEED:
+	V = 55848595ee0e51de2c816eac499cd5032c36517fe96d86dd928c74b101fdf9e89360ca79a8a4a787d3fa8dd0e073514736938ee649052cde92d3a37fc70de136d57b91f1b31ccb2e72af4611b60054f127f616cbc3de0faa8f9a9b6519792e2f7297719ceb74338728fe9b089b5e38
+	C = be761cf303e14875c7e72e72ddb6b3f18c7cee0c9161a12a9f169333900e26afea352e33f793f07928d54ab752cdd2dcc3c180fb20ed9fa93ac3aea0fc7c71b479043dc472310957198561af1e93bf41be6f2ae7ca142ac336a87f6f79d2ba2b4582592ce2640fa800d0bfe783cdbb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 13faa288f1ef9a53f4689d1f275388f4b8b33f8c7acf280831a307e4920c20987d95f8ada0389800fccfd8883341244bcf19f2431deaa39e0b5f3640c698fa809fd889dd8dd5f5fad52ed40fac3b18385fec3f058e7c9f4348a22822553a02353284e86f9398cb49a31d7e2b2bab96
+	C = be761cf303e14875c7e72e72ddb6b3f18c7cee0c9161a12a9f169333900e26afea352e33f793f07928d54ab752cdd2dcc3c180fb20ed9fa93ac3aea0fc7c71b479043dc472310957198561af1e93bf41be6f2ae7ca142ac336a87f6f79d2ba2b4582592ce2640fa800d0bfe783cdbb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d567dd21bea62bf5826b32f917a4736925fb39b3e81db32f59951bfb6d4669ff484968944165fda1673369aeebe964eee7325bc9e51b160e356f7e43d5266ff4bc15298cf902ebdcae5409c2a6449ecb5b30d0bc383c278db9aa0767763776e2db7ff1f484e2a0f8970aa1d8f5859a65e62e855149301eb68ec441ffa2772989302695581089c2de7240bc9e141332d31099386eeb249caa3228185c020449bfc8306d8842778c4002fd8d2c95ffdbede65450ba5d4701de1292fbb549b6514d1e79599c36899979cb9f963c20758dba2412dab7c3de8763ab67402118e025666fc9031bd4d46318659908d2e41abac0c34969bb2a659c691c1e5eda5ed7eeb3
+** GENERATE (SECOND CALL):
+	V = d270bf7bf5d0e2c9bc4fcb92050a3ce645302d990c30c932d0b99b18221a474867cb26e197cc887a25a5233f860ef804215586a819c727fbe3e694b0ab95878708e4fdd398b7fce8b2e14c7f27d7a43aa3f1a2159538c034f0be540714045ea28992015bb3c3b2223a3c63d4854432
+	C = be761cf303e14875c7e72e72ddb6b3f18c7cee0c9161a12a9f169333900e26afea352e33f793f07928d54ab752cdd2dcc3c180fb20ed9fa93ac3aea0fc7c71b479043dc472310957198561af1e93bf41be6f2ae7ca142ac336a87f6f79d2ba2b4582592ce2640fa800d0bfe783cdbb
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = ee936c2f3bf0a07abe3d400f343d790d82f49835bf56a355bbaf069104e843db
+Nonce = d52f8fcbf25a4610e2fc09fc85f54df0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0da4094d216c8b982a79e86f8c733383c634aedb8dd08c7668170092c36d68a27086d51f0e2e24011757147ebe055a963c46dbf6d60d337a2007d027a4fb88aaa888642f248e740e5f309498f6d31f0dfc7bfb9496758fe93a8a159803309cd56ef6b37ebfc3505bf902492f8a7804
+	C = 17797fc14d6d47bf27831713997e14533dc0718327f0e1ae7c2fac9e529fc74c5d722d56a0e183f47ee168f65d4d62f66f6c4be0f9ecc53c00ce24b68ad572949ac0498447020bb8d1991168eb9e5c44e450f1273a1521300b2e0bd5fa2bf17e4cc9ca4635177436ed83c47b3ff0cc
+	reseed counter = 1
+EntropyInputReseed = cf1a194acde6f5bd20778f25e8f77a456be92708c0ee418b3d4986747c8a6ec5
+AdditionalInputReseed = 
+** RESEED:
+	V = 8ef60bc266e1a2b24c31d665cd88c3fad7dfe86eae5eaa1506da75ed04f5ee919b2d1de4030c6020bddbe60052c5d0cf2a58cb9458a2f06cc65aed771cb278ec4deb7b70b9f902d05714a7c4586fa20ec968b02ee9d4687f047b6c379aa125d66917051368429c2433990c63187876
+	C = 13e61f10f1b756fa1a7004d674db9f5502ad5126daf6b2379622311e415b43e31318282380182d1b55b587330b156ef2c1a4f84a20b5d23f601b64624c19ee45331a8e4a870df6c2932230e7d81f4d2fef046a223c934dbb4bb2f905edebbe53f79f7ebb3a1b6f724fba22415dd2bb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a2dc2ad35898f9ac66a1db3c4264634fda8d399589555c4c9cfca70b46513274ae45460783248d3c13916d335ddb3fcdfb358c5061a1b6ff1156911a1aaea743615868fed0130065e7432cf139cc93356d2f4a52dd342a9b6bc24907f70823f13ba8daa8396a64a6fc22ce0d2f607a
+	C = 13e61f10f1b756fa1a7004d674db9f5502ad5126daf6b2379622311e415b43e31318282380182d1b55b587330b156ef2c1a4f84a20b5d23f601b64624c19ee45331a8e4a870df6c2932230e7d81f4d2fef046a223c934dbb4bb2f905edebbe53f79f7ebb3a1b6f724fba22415dd2bb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f15a059af4648c034cf8adf737c7a64bab5e8100bed7558a4e5d3f6c5598b7cb818814ac1ce9d7d0bce652a8ae9df2738207c8904f432c1aafa29a275aaad932ad9e6e0d32979031d110a95d2f479b541cd5b47fd44e48082e40b6d176f6b498b32fe7c7da5599b586716af1d5431a1225ac2e33dde79af580530cd0b51667076bf5d6bc94b6bf58a905899dd73f3045a9152ee52780657262a43d52da59e9b63524be768a6164cebbc70664d53ccc83f573a864ce8c73c307f51675379e824b43238dac8984d79e0fe150e5766d1692c5762f462dd4d5190ea4ce978d36f3ea2145a104a7b2ab38d278056271829bb88edcc6153ac251f4d7878d7a51d44552
+** GENERATE (SECOND CALL):
+	V = b6c249e44a5050a68111e012b74002a4dd3a8abc644c0e84331ed82987ac7657c15d6e2b033cba576946f46668f0af492e2a06bb78e89605a544387244824ae1dc97761984e3b25989ea072c75fddc1a9284b81c146c692462128e5863878c58468e6b6b270bd84f505740e791cc77
+	C = 13e61f10f1b756fa1a7004d674db9f5502ad5126daf6b2379622311e415b43e31318282380182d1b55b587330b156ef2c1a4f84a20b5d23f601b64624c19ee45331a8e4a870df6c2932230e7d81f4d2fef046a223c934dbb4bb2f905edebbe53f79f7ebb3a1b6f724fba22415dd2bb
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 947ea89ac332f8132602ca76c418623fba4a2266a54c9a22c4e8001cb0383b47
+Nonce = 81f35d00b22aa6bc243c26d10f7155ce
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4ce706b1c7e4f3098455af07ff0293dd439976e31d8b65ed0ac64a35d2461443b9cfb8389d2c1c27edd58b6e0e356763611ff0c0a263be97aed6967e259db02492dd80f2c7a8940c1c6f88e4fc70db4fb77cce4abb3eab3ff2ce3e0044b3831bce7c8f2698e32f2579556b70f5b237
+	C = 34d68024b9835f9e17f527b9ed635712b339d99fc27b006aae7b7b9323067d167054febac8a5945e3c6214e0d519c5c6c1bb76d60416ea8fac7fe77549676d2e0c597b3f4156a3914793a40e2c526f2c61298c604a47fada5085d8525b5dcabe698a86068d8a5ae308a5ae55cbdb9e
+	reseed counter = 1
+EntropyInputReseed = 1768bc4734ea315ae73e2d30b499ac7862f19bf60f22ced7908ae35d9123f055
+AdditionalInputReseed = 
+** RESEED:
+	V = b06b976a1e62a9398cd76aaf19fb9e9a11684af67ecb5bec7f9101a8f44fad52987450b0b87dc35a3cd04a9df65e710103cfdc23aa416049470bd73236e148afbf4967db7db710dd3bfe564aa4bddcdb97b516bdef654a8979bfe6e8a701daca0ee2b8af6fef2d21d7b2523c9bdb17
+	C = c0277e934fb5fe55e2d432637d83e6a8a829420db2d1cd2082c439f5cec7301429c5b0f09bfe2eb6e2464c4bbbe327ed5b8bd8791aceccc08807882cd176f2d96df75c8108eccddd7baadefbcdc172f788cf7c2c5096f8ebf8ae566b6f74895d7c02a57e5a46a9b2ba0bfeb0ef4914
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 709315fd6e18a78f6fab9d12977f8542b9918d04319d290d02553b9ec316dd66c23a01a1547bf2111f1696e9b2419952e0cff224794949eb2bd5b4313149b6fcb220a2e33d4ffefe6cf6134ff97e4fb644105c8dd7fe57c09c1368e8bf96affc048245c9b2f7f9ba71be645915c9ee
+	C = c0277e934fb5fe55e2d432637d83e6a8a829420db2d1cd2082c439f5cec7301429c5b0f09bfe2eb6e2464c4bbbe327ed5b8bd8791aceccc08807882cd176f2d96df75c8108eccddd7baadefbcdc172f788cf7c2c5096f8ebf8ae566b6f74895d7c02a57e5a46a9b2ba0bfeb0ef4914
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f42d9d372907b21b82bed1fdfd0d6aaa58cfadae22004844f15eafec32039a2b170621d2de8f775faf2441712825419051dd53eb4cc9ccdbcec711e2190a60a76e66978b04732d14a0ff2d319eae227bcd481f2a4663d6d581e0af351c6281ea031ac29120888246d8bb364114c35aa3518bd9f9dcd82b5320a6efd6ba10e98a92fd52ce30fc5b0989e1bd04c11df72032283f47bec684e2d5082e458ccd957bb46744e3b105dbae91c851585b708c42f27822e0d364af6ac04d1c88becfb2f63409960ea76319b4c4c812e5618c273607ad0360a002fe10ea4ab342e0f66894fa500821798456bb07c0f1950d35378a1dc795cb862e52da874e605e51c16b5d
+** GENERATE (SECOND CALL):
+	V = 30ba9490bdcea5e5527fcf7615036beb61bacf11e46ef62d8519759491de0d7aebffb291f07a20c8015ce3356e24c14b7558fd1f15b68050300649edc0a761d7fda6920e43dc64471fc720b74b8e458bd09c93a80206676930121202f016a2f787903733e2566f90b95888e20f3980
+	C = c0277e934fb5fe55e2d432637d83e6a8a829420db2d1cd2082c439f5cec7301429c5b0f09bfe2eb6e2464c4bbbe327ed5b8bd8791aceccc08807882cd176f2d96df75c8108eccddd7baadefbcdc172f788cf7c2c5096f8ebf8ae566b6f74895d7c02a57e5a46a9b2ba0bfeb0ef4914
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = bf8f1e59621bfeb81f63dc078d856cfcced685df990e4fc8735ede7e7802ef7d
+Nonce = 029bfcc6336b9bba56e0702bd1cc57a0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9b772e5031ca1ddfc4d636fbefd78f1e3a1107f50844f7436e31804546b06475056a3796731e08cb0b10bc3501eb346525e6c32f1da371de81c06ccdbd6e7d15d276aea4c578fc482bd1b263adbf9580228070d4ac7980fcfe4c2d1791cef9d8545fd196bcec68284054f52f046378
+	C = 3c49df8e2b6d381d5b33bc8d4f9d778e03be6ac8cbe4028220e79a10b94e95a9fbee5746ce6ee2d1b97d4ef3ceae47c8a31e483f2ca804919a2a4ddc39098f7f0ba5d88de6a72fda40a8a046ae8a55db4f509769568f16eeff670dd5c70778c2e7d9bf7d29347e9c58284f7fc7429c
+	reseed counter = 1
+EntropyInputReseed = 530cf5480d2aa8c54ae7f63a6f28596b5a060902c7764a6a7b9829f66aa8a440
+AdditionalInputReseed = 
+** RESEED:
+	V = d6bb669e43496c894a08782d1c34458e260c042e94eaf9fccb7d88b7bccc21b8fb4ccb13f4c4a7ef5520af25aa736b63aa39fd8c5d6708d52769d17dc40b431cc8efae20fdd281fed9f68c9a153a09f90657e12b5868304bf19908c779e699c9fab2a2f1c534df39db4055bb7f1d94
+	C = 3168188e51b6fddfb707e65aafa507f576833be3d8be6ec6f308a586195a3800c55cc85710c07f6997b18e48239c13a062a61ac4f7889b3b2afc934291124be149942e505d6ed371778d8de9e49f6c7265bf6372ea56186fc7d5060a8f76ed6692976291ee2c5c9529312674c34013
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 08237f2c95006a6901105e87cbd94d839c8f40126da968c3be862e3dd62659b9c0a9936b05852758ecd23d6dce0f7f444791d9356d95d4c99c27ec66219d24cd9a89c913d7d9466192f010b987a23a6dc0647c8c68dd3ed213200f59defb9c5eaa7d2ecf505ebfdf635cda435a35e4
+	C = 3168188e51b6fddfb707e65aafa507f576833be3d8be6ec6f308a586195a3800c55cc85710c07f6997b18e48239c13a062a61ac4f7889b3b2afc934291124be149942e505d6ed371778d8de9e49f6c7265bf6372ea56186fc7d5060a8f76ed6692976291ee2c5c9529312674c34013
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e05e053efa1ae9ae41cabbf34a9b3eb48d1aaf5d27b3e1002c6f8dbf9844394837aded6f6b9e0754f200764150b27a23003523282044ff9a73f3604ebfc86ef063869f97976c7a5e4e9a7be799aa71ee1cc695c620703e85ec774c467bf935f2e210563be78e3f3d58946a037f7826a2cb377e1bb7c2718b29708f9efdee04055ab35a0e06d2b63d823d69cfbe08be89c1a78007044bf7337e749f6fb11c80d22beeeaf1edebf00ffe6a9e24874ae8dd482a0b4a53be4b290abce59f9e839602f9cf466224783d827b3e53eea6f0f740652d2adaba3f13a3f02c65f4e0ddc417aba3081325f73789500c97d6ce5b7728feb7353e01536706b62eb226a23b43b0
+** GENERATE (SECOND CALL):
+	V = 398b97bae6b76848b81844e27b7e557913127bf64667d78ab18ed3c3ef8091ba86065bc21645a6c28483cbb5f1ab93863eb3829eb2e803bd8e87029d1809c1485365c0b10aa5267e16f9f844562ccb831b1290cf928a9dab5ce4b6fabcca774c91a342c80efcb6dea6e99abbb15411
+	C = 3168188e51b6fddfb707e65aafa507f576833be3d8be6ec6f308a586195a3800c55cc85710c07f6997b18e48239c13a062a61ac4f7889b3b2afc934291124be149942e505d6ed371778d8de9e49f6c7265bf6372ea56186fc7d5060a8f76ed6692976291ee2c5c9529312674c34013
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = c73a7820f0f53e8bbfc3b7b71d994143cf6e98642e9ea6d8df5dccbc43db8720
+Nonce = 20cc9834b588adcb1bbde64f0d2a34cb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 852d1b4fdd41cd7e0f597c45c8e4b401a5fecf9229b6072451ca65b5289882c686e7919922ce82de2faac83cd4c4eddfa2cdcf6244a4d2acdd34c0232136409bb50ea24d0c33fcfd1aaf1cc110b5353d32e4e6df59ae25ec124000de62fcfa8bb4cb3f3b72e2da2066ef00cd66d9e9
+	C = f7b0c9cf2ccf58fd8c8b69daa4cf24a874c95b57a9f5be16aaa71ec30070ac8f222fe21788fec14b8a9ad7ad20912c05a6f94548646779a16c787b135ce8d08c49f7e234cbd2c7733571f5ad6479b5fc50403496581b4861ef8ec848affbd2077ab164fc6bb2dd7b008a650504bfd8
+	reseed counter = 1
+EntropyInputReseed = 12dd2aca8879046d23165c60f8aedc20415783e156d42a94346826aaeb02eacf
+AdditionalInputReseed = 9b59ff78a34eabe0060c2792ca9b49e9781e6b802badf7dbde27caaed3343706
+** RESEED:
+	V = 181a302352d9ebf0b669730b2441a9f4c16a4b9d25ebc84ed01c460d293cd3e8b7bff1aca32b0ea8d281df0ef8d1ae09d4cf97690c944f4713adb9ede90763f3ed77081c37c0fc60f8b60b5108cf6276c80db14a82aaef1bf8da03781445cfcc7cdc02b1c7a2740874dd948118f7ef
+	C = 28b638d631f054eba562320e9d151f905863dd6c04d8ba41167bcf3b0236d4e5dde1dc7bf690e61b4a65997bd9c67ff908fe7e2443d01c8eac15b2ea5c80ba89f09aa9b8a81d56124bb71586812827f463de90318727102dbd5e59ca5f1af78ab73844695eee0977b754854e525097
+	reseed counter = 1
+AdditionalInput = dc74a9e480a6ff6f6bce53ab9c7bdde4b13d70fb5196cdd5e3a0555ccf06fe91
+** GENERATE (FIRST CALL):
+	V = 40d068f984ca40dc5bcba519c156c98519ce29092ac4828fe69815482b73a8ce95a1ce2899bbf4c41ce7788ad2982e3cea3266f4cadc50ae528dc61aa7c521489869e3efc6c82ccefbbab45673e0f59d5654cf910fa146d984a42c5f17fb60340c86d0d07c7e2f2e6df3cffd722a0e
+	C = 28b638d631f054eba562320e9d151f905863dd6c04d8ba41167bcf3b0236d4e5dde1dc7bf690e61b4a65997bd9c67ff908fe7e2443d01c8eac15b2ea5c80ba89f09aa9b8a81d56124bb71586812827f463de90318727102dbd5e59ca5f1af78ab73844695eee0977b754854e525097
+	reseed counter = 2
+AdditionalInput = 8f3f229011209b2f399096afb054bccca6bc46aaee98845838fb1fb78b66f3bd
+ReturnedBits = e6c96442582811ec90e587525f36c555e2fd6361a0c5b0284917a4fa6f6e8ace83f11a1fb26cea6692b225ae7c5be286dd27471f323d7a2e4431722bb337b1ba0e648ea2e9f0918b50e9111f2377636ba69b0e1cb5295078d76c549c8656940eb15ca5aded7adc46e6fa4b86948f212fea3f3befdeece8b20e420ca84c760196ddf0b074df0a9f097a5db8f6125800f5fe746a62df1208042f1255b524465a17efcf6a537612968430e2adcff30f7407a51ed7305334384e512e003642cca175636819f021c76a2f44e89e6fe39cf164477910379cd314f735c357f9379de22495276b401c98ffb09a6dc03e484b355a9464511401eeaa05b4556e73b55227f8
+** GENERATE (SECOND CALL):
+	V = 6986a1cfb6ba95c8012dd7285e6be915723206752f9d3cd0fd13e4832daa7db47383aaa4904cdadf674d1206ac5eafa99de1304fc0b6a1b5e32e34a7f4141e89353878c0d3f6a0ba5b9ed452d61260de9e5acbf8134485b3b9e990f59f34d4d43307e40ad0d0a505efdb24b72f807b
+	C = 28b638d631f054eba562320e9d151f905863dd6c04d8ba41167bcf3b0236d4e5dde1dc7bf690e61b4a65997bd9c67ff908fe7e2443d01c8eac15b2ea5c80ba89f09aa9b8a81d56124bb71586812827f463de90318727102dbd5e59ca5f1af78ab73844695eee0977b754854e525097
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 254b5c33e030039d1f4efd2700e7bc679f403de18b872fe50a97a3c328463a6e
+Nonce = 96ba5ea50d9ba95c854212d2e3f8b93c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0b26b721e80dea7c0eb414ef18c5b82a7d43158c4c8cde77e97a69c6535d4b37b21a4a053fc2b29f5c796642af587a64013618b2bd96f1f2991c95653b9112abb31433cd5b636ea1d5226acf85ce0c70c740d3595768a048ab4ffa183e8449f9a8f4e01d30c6422dc4b37a0c75b515
+	C = a56effbdac4079005ba8baa7c489f21cdb62b18159683212c7e9c1294788298a51c435698dfe591c3e9299fd66bbab7f27c53daaa54b6daa6254eda6555019aee1f471a9cdf320bbaa537da827e3155551911ee92d0a1523273078be5237182e145a89c1748d8fb8d1923424c4f783
+	reseed counter = 1
+EntropyInputReseed = 7025c735741f9348220156076f60cf4acd20d264c45a0961ad80186ddecc2bb0
+AdditionalInputReseed = 611f69f111563c9756013f069e4bdec2b59b5d1367607f7d750ad697bbba13fa
+** RESEED:
+	V = d4ba59024c1f0dc3cc78a98a0b8fe3f978ab008436e218c960b96e437cb30f3161455dc83fa30c81ed802726610c75509596944b01d5d63a85c3fb8eb7095799189c78ee86610864cda8d8e90b799bcef8958cbdea537360a62dd3f91e1f055c57f41cf7cb53badc6216ed8317a1d2
+	C = 836b91475d6a1b4b94b5390cb2d57afc0ff3760ff761132718a6836b46aecfc631b2a8270a5242a795cf79012b8b1b80044a367e6f96e056d1d3d385e47ba086ebd7e3d890c9be3dd7eb0831d7cda1f5ff53e7a1875786d20368f0aa40275af8e43ba6e01f4d5a4d7f688ea3ff42d2
+	reseed counter = 1
+AdditionalInput = d037dd1198944999bd9f62186c4860b80b791780608d074652490b9e3165063d
+** GENERATE (FIRST CALL):
+	V = 5825ea49a989290f612de296be655ef5889e76942e432bf0795ff1aec361def792f805ef49f54f29834fa0278c979180ead122b17ea27070f13c73edaf43d9e93de7f05ec49c2942537158d8768d8372ad4f30aa6b5d0f42a467fa74da4cb2b0ebd95c833d99804242dc4894d5d9b4
+	C = 836b91475d6a1b4b94b5390cb2d57afc0ff3760ff761132718a6836b46aecfc631b2a8270a5242a795cf79012b8b1b80044a367e6f96e056d1d3d385e47ba086ebd7e3d890c9be3dd7eb0831d7cda1f5ff53e7a1875786d20368f0aa40275af8e43ba6e01f4d5a4d7f688ea3ff42d2
+	reseed counter = 2
+AdditionalInput = b8c710b0a60bc077d5cb875ddd4004ac8dd1d80bac948b64d0b24397e543cf4f
+ReturnedBits = a098ff412d68725266e84cd604057aec01bc683c0f867dcd42a5a0836ebc5b3fd3700d52179a5a69728a66181fdee061c70bdacb4aad3fc814977758dcd8a79bef5cc05ca89a64c5c1633ff98e09e5b9bf5e9cdacdac90f9a934219153d8b57e24c1ecac130521157e4b4957d5d88f609e5165142e47dd4e6c6be7ad276dfb5f6df855e2a683dbd5525ef84ebfa17381e2e1ee07843882e8ae2ee5dfe670d67695ed2a43611115fb784eac2b2d8f1dacde6de9ac5257bcd6c48862cf10dde0b0e6b316e410204fe72ce2caa364dae5e2407107f40d68000dab207e029d78152d5384a85cee5fccc21852abab5056a7551aca56f6e5596d4f3907a6bd1adfff20
+** GENERATE (SECOND CALL):
+	V = db917b9106f3445af5e31ba3713ad9f19891eca425a43f179206751a0a10aebdc4aaae16544791d1191f1928b822ae3546e39fd23b08b9da2df923727065b90b410f6e1fa285a077223e9be6dd9f397c60e14c1331ac3931b71eb1799675b580ee008af68e2bf64e3305693ec9b558
+	C = 836b91475d6a1b4b94b5390cb2d57afc0ff3760ff761132718a6836b46aecfc631b2a8270a5242a795cf79012b8b1b80044a367e6f96e056d1d3d385e47ba086ebd7e3d890c9be3dd7eb0831d7cda1f5ff53e7a1875786d20368f0aa40275af8e43ba6e01f4d5a4d7f688ea3ff42d2
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = efd5a06b8abcdbe0f586b9055a9d2edea114227b0701ba38287628de399211c6
+Nonce = aa66e3dca83c0fe6ebfb793880d0ad2b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 38f21c27e940768dd0f47e93047a0bec5b928406b4d5aeddefd566030faf501fe90e88d8d462db88a1d0183f5ac7852ef416e1af5e645b7e5f33f7a8b137b0dccb463a6d14815f3d9fa311a1edfeed3ddcd7d085648edb39bfa4620bcc99c9f3ace7f855b699a7aeb963aa1e49574f
+	C = 38f4ec2455da699a473c563b76085adc0e11f77fbef6bc4b9c2e39fd8bbbfe950e7cd63bd372b4581d6b68f0470216408bf48a87543215d5508f78e4dd9bc453a3407655a6317bbe53a3bf6278709c312598a698e7a19b9c9c108ac1abb257cf71e8d96f9745680125b2286c6b06e9
+	reseed counter = 1
+EntropyInputReseed = bd238175d4b1a9502d2d92437e2710e8882c390036ee6193d72ce7d25f583de3
+AdditionalInputReseed = f290a625f42747dc8110c7b5550da78814e507279a47bbd7b27dabd32c0e23c7
+** RESEED:
+	V = 77cf5f9e8c865b0a9d860e5a10373c49fb5acc2de905cbf10e5341c1f5472c321a2395824f6bb5c1d316bfc9f489df050323bfeaf34a11e6c028eeeac8f533489268b66cd3982f81cf5a047fbbdcb231aa7f8378bb967095c61a8b67dbca8e5b1856d8483b8edb96de6bd608961d95
+	C = 5c1ca682037834478eb8201d733b4f4f023cc048d80cac851f7110d7169128cf4e653dacad6a4b6beea2ebcbc4c3c0b91fe38e96ab293c622fa682cbff5fd23173f0094463d91c9d6ca767e1d57b05d7485196c6f945e026c56356e1603f79f77f552f43b4066806a7db3dda48526e
+	reseed counter = 1
+AdditionalInput = 1e365fd3cd0dd02a303dc99314c6d06f904e11acebc7cbfb9ee47a0a02420876
+** GENERATE (FIRST CALL):
+	V = d3ec06208ffe8f522c3e2e7783728b98fd978c76c11278762dc452990bd855016888d32efcd6012dc1b9ab95b94da17ff77ffa7de0d2da8fce5fded9e6cdb64381fd159de9752444f69409f5d1bb9f09bcb47e8ff4a0d473ee8ea9b374dace4360bbdf2d03f7741c8a96cd24e88921
+	C = 5c1ca682037834478eb8201d733b4f4f023cc048d80cac851f7110d7169128cf4e653dacad6a4b6beea2ebcbc4c3c0b91fe38e96ab293c622fa682cbff5fd23173f0094463d91c9d6ca767e1d57b05d7485196c6f945e026c56356e1603f79f77f552f43b4066806a7db3dda48526e
+	reseed counter = 2
+AdditionalInput = 94c5376cac81d7a33ff2e20b34fda52f1bd5805cd04a492cdb7f60328d393348
+ReturnedBits = 2f4bda3d8aac032504450ae69a1e763add160ca35756de8aa122747d2df7e5671f026b9bac78c2857a83ef52d18c11cfcd435e7b85548e92c0b8fee84b5b1907424908039ecbb0275dacce2706637af47d5f2ac3ebd258a838651be6d56a9b7a4f86013e79a2605ac4530085a05ad981a77de2bd08a362ce602aa817f74913e0cb0f239f0e56dadf8ca46d03fa4f8b10f23c1e04d0c7c11b73d23f39a87c608a44e8fe259320289fee39253cf1051f643918211edfdf757f4bfff4ef8b33492ecc565b7e0c9a7ddfdf533a445942c6c39ac29da8e2f1cfd228a2beaa52b8097b82ce652ccb7abafaf85851b11681d179e21e57ead30ec661192b671397252628
+** GENERATE (SECOND CALL):
+	V = 3008aca29376c399baf64e94f6addae7ffd44cbf991f24fb4d35637022697dd0b6ee10dbaa404c99b05c97617e1163a43e911720bfb08bae83db765d373a5d61fda83d5aba034ec644ed54ddb4f9b92f2215a99549cb54d842546576fe94a8a8a82f8c462858b165290b92da9bc756
+	C = 5c1ca682037834478eb8201d733b4f4f023cc048d80cac851f7110d7169128cf4e653dacad6a4b6beea2ebcbc4c3c0b91fe38e96ab293c622fa682cbff5fd23173f0094463d91c9d6ca767e1d57b05d7485196c6f945e026c56356e1603f79f77f552f43b4066806a7db3dda48526e
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = be855512e110e1efb210cd9b5ace0dd11b7bd0b61f99115029807075be98ab91
+Nonce = edba45c5b1220ddb68265c89218f78dc
+PersonalizationString = 
+** INSTANTIATE:
+	V = b12b9dba29941622ee0bee9a8462821f72cdf230cee65d6cb33cfa6ae42beb3b77eb93a4eb48203e2f0d0b47ed6350bfb80281e45ec80f178f085d77b7b08aa9cde462aa72cb1f6c5682b9b34c46375fc17a0fd38e69b2b3388e9c2b4bb73d5126ae709f8695828ad5117fbf29c9a2
+	C = bb4195a049e5763399cfbf7484e3bca625799fbf2bc749143d8d80d472c99168e21fb82c67de771023ddd46ad55cb2d4b1d74d690aed71a2584f79977bac1abd47dadc715cd8ec39a6bcea9f912cf027fb40eddef09e7b3e52d61934a41451b3c14af8b8eb047da8f355f44a629d4b
+	reseed counter = 1
+EntropyInputReseed = 50f854e8ef0342e32cf80f5178c163550c0aaeff955e8baa5fd5a532495d4353
+AdditionalInputReseed = f2753fa879e576ae5923cbc95f7f4c15cdba520f262b9db47e3b2eb3ce4e0d7a
+** RESEED:
+	V = e7bb69f175ca265ff59efe3df6a3c89bc091aacf7291b0d0886a80c551d410b2c9b3b5ef3c9c98913413eee2ee6b6f6c2c2dc2783ebed03901536db29f811d3bd3460534bc8ae659970b0e9f0e8b9f6385480ddf90a550482387663b00a9507e441f70277a3a02e0398639f1b943bf
+	C = e8518c771b554eb8d023b18856fe0d3f51072010389687ac3f45314ea6390831088f4558b960372f11b4706d6fcbd644b7499f45c4e2ef92230a6e3cdd463ae396c9fb678a1233273641955f0fffbdd14904688abb1efd832f1451e6c9202dbc85cedb5995381f23c75fcdcb4603a1
+	reseed counter = 1
+AdditionalInput = 3c438c9ae95e297377253deb742d20d9dec95380894e4170405102f80530a0b6
+** GENERATE (FIRST CALL):
+	V = d00cf668911f7518c5c2afc64da1d5db1198cadfab28387cc7afb213f80d18e3d242fb47f5fccfc045c85f505e3746407ba27f33a391fb2692c80dd7128de53d43d476cc22729569f77275225c859eb66598d6a8a9c2ec03cca373397d54ac62036f36d663323c5c3b1ce55b6d092b
+	C = e8518c771b554eb8d023b18856fe0d3f51072010389687ac3f45314ea6390831088f4558b960372f11b4706d6fcbd644b7499f45c4e2ef92230a6e3cdd463ae396c9fb678a1233273641955f0fffbdd14904688abb1efd832f1451e6c9202dbc85cedb5995381f23c75fcdcb4603a1
+	reseed counter = 2
+AdditionalInput = 7ac5848b7b51e3ac7e13351a3c6c5bf52d6e80154c297adcd9d4f79865b46565
+ReturnedBits = 292c265071d54ccd59c94369a71c77aac7546b637f53bba20eb1db8cf78c6f4c3e834e3dc655013d43167172f36194ced864cc202faf0c4dc2a1596ec44a7e0333d2ce63016aef4b88a5286eab3d4748d651ccb5c18da540df16bc2472679cb1e27001b91ba50d92369e69267d5caf1e147dc263ca88942a9e1cad56fd3e145d6f99d715e5e153a4c69328875fee80fbda2392003abd659154814f8bea608b6a27b02663395c669f832d6c9ea4f6196baf29ddbc10eb894290011138668a8d0063a273a86af06729e928bbdeae6d596a294221916647744d95e72b26d14a035b3325a001389fd335211ddf5603cc28b5be27018bd99f315dbeecc118e6875d38
+** GENERATE (SECOND CALL):
+	V = b85e82dfac74c3d195e6614ea49fe31a629feaefe3bec02906f4e3629e462114dad240a0af5d06ef577ccfbdce031dc25d112966b2ef42b05b341b6826ba770ec59137f2e160a5089a19ec9aa76823f11ccf7483fe9b6235ee8049059792cef3074362689ef9c435c37a67a97379a4
+	C = e8518c771b554eb8d023b18856fe0d3f51072010389687ac3f45314ea6390831088f4558b960372f11b4706d6fcbd644b7499f45c4e2ef92230a6e3cdd463ae396c9fb678a1233273641955f0fffbdd14904688abb1efd832f1451e6c9202dbc85cedb5995381f23c75fcdcb4603a1
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 32ef1ac338229527ee446e5e1bfe8e26b85e73e0620383a5fe8cc0cd272b1d10
+Nonce = 233ffdf1fefd2f49243ca9aaf7d59b2c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 902b045e38d6cad7a42a27febb5a3438033a9c8c45732894b14f64e2c015547fb0ceb51df95bceaa7106ca8d0ccf03def2e0640d8f827eec443f1946e5aed36b40475b63d4afb19d8075728188a2cfa30c7da765a75b0bff0d95c1c0328dc97ffcb10cad835f4228432474cb1763d0
+	C = 4e63060f19add2955bdd43a4fad7e1435b308a6399dc560990271f02958c555045a33f41e9aaa0ee0b0dd3e12a24388b8c29c70be1a694b1adffe2308dcc04b23323b1542ffd5fa51ffcc3997480d4ceaed7cf9659c6cde2c87f35b708ba887cbaec8a35d3d7d7cb1396a0d96efce5
+	reseed counter = 1
+EntropyInputReseed = c29899bad134030e43ee136af28f327abacf4664e1683d293a7b19c8e27656f1
+AdditionalInputReseed = 8ddd0569c18a458028eccef3658d3d3a2adf922e4f75375e85d56038419ed240
+** RESEED:
+	V = 9838930ed8a375659c8f70a85c4e7351a323a0edad698edfbe1665f47abf9c943160e073907939f49553c9d5b3a0d19d9c9073101cb6aa655a929eeb10fec0b3bf05e84cc427eedf3ee3f3b5adeeca88107d344eb683354c87006902d84c32fa2ad97749408be9c00a374136fe35c5
+	C = c7e32a8944eee32d14fb030e899c92fb3d49261cd7da7e0ec851faab2f5990d6fda94366a4fa7b74be4f2b9fee7da0452d6c184388e125d9164d94a14023de2d4dd53f7d2568c2e2b79d2a0f85956b3c8e90ed50490c9f3cbae6ccb8f7e8ece09694dcd43b14bdab5f631ea32e1252
+	reseed counter = 1
+AdditionalInput = bc18b1940cd5f1b5646dd0058c61ba3e60e678d8ba5b7b07352327423541247a
+** GENERATE (FIRST CALL):
+	V = 601bbd981d925892b18a73b6e5eb064ce06cc70a85440cee8668609faa192d6b2f0a23da3573b56953a2f575a21e724427ebf15374263e6ecc0a8c5cae4f1f2f4a96fc58c72c026ff98a1bac512a1b2c28f2939ad9aa36fa09d4c0474131f20c9acb39107e82fb2003e542a9541429
+	C = c7e32a8944eee32d14fb030e899c92fb3d49261cd7da7e0ec851faab2f5990d6fda94366a4fa7b74be4f2b9fee7da0452d6c184388e125d9164d94a14023de2d4dd53f7d2568c2e2b79d2a0f85956b3c8e90ed50490c9f3cbae6ccb8f7e8ece09694dcd43b14bdab5f631ea32e1252
+	reseed counter = 2
+AdditionalInput = 0767c48a3a1f5a028096704a7c68499cb493ffd91489e4dad7dc4c3a82a5e764
+ReturnedBits = f4fe26a03a9bfaa0275526e866d5339a0aeebe9c73484d806bf8e971e11c337b3028467234ede58157385ac30f2944621c75eaf5c03914706b6a8239007926b92c6c821fec1042aac05baabfb37501a736e4e34b283b725d63b8b7e9c789a454b06ffc7c55c8f5870e9072996e25b9f1e3de78cff9fab856f9f5941f39c065c5ce49669fb228ace3e8e6456862233039aa76aca530da29608f335907b68b1952c44d33be1bc53a7d0379d0c94d52c9b17cb1c6c4872c5ac6753cc7c38dcda3ec8e7a2fbcc1cc277bb0cdd06ed1c35a0103558424b10f93546e0ca8041265d58b7ec81b72962658013b42f9da2f177c43a062273f02939600b12ed4bc36998538
+** GENERATE (SECOND CALL):
+	V = 27fee82162813bbfc68576c56f8799481db5ed275d1e8afd4eba5b4ad972be422cb36740da6e30de11f22115909c13561a2da981c7a5382967067e399a4c96cc1e66b430e8edfaa073ee857315c732d7b1b608c750ecaeb3dc19fef917d161b37997478f6cf99754f905edbe04e843
+	C = c7e32a8944eee32d14fb030e899c92fb3d49261cd7da7e0ec851faab2f5990d6fda94366a4fa7b74be4f2b9fee7da0452d6c184388e125d9164d94a14023de2d4dd53f7d2568c2e2b79d2a0f85956b3c8e90ed50490c9f3cbae6ccb8f7e8ece09694dcd43b14bdab5f631ea32e1252
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = be5de8edc3427d7886859283558dd499b245761de4f60de3ff777245754aa785
+Nonce = 5a779894edfeb83d1795f19a475ebd41
+PersonalizationString = 
+** INSTANTIATE:
+	V = f78bd774bfff54179cd1e60c85188f4f15e152815cf6de8eba12ddb3690b2fe3040e2c39068cf7e6a66f859de74345cd811936aa58e3ed5fa3de41023055f8f3f9acca7aa9d527cf804fda8b707ccf94611884a84ce7338394c4f312e8ca32c2be0769cc6ca58bd507d6327557ed39
+	C = 7df9bebb5d21831d448f45d6bda72eca4b0b15f9ba9c49c533f07398f918c76601e71daeb5a8a2e34b4a4fb29262844912c0eb724398d304e800a42e328e1ca304a4004a4f766a4444e691857acdd5c1d85105c355c3eb4f52af1b047b6c399cfd0c915fcd62ff9a1eee34c3636b5b
+	reseed counter = 1
+EntropyInputReseed = 675f850031727f6f699bdd0c5cfdc51158308a06579f44dc71e35616ba9670cd
+AdditionalInputReseed = 1edec79a02f8b7fdf7005a574ea2b2487ba726f3babe40b8cdf531ad30c46f8f
+** RESEED:
+	V = b0304ba709185b9cebecdcd135e68529ed00276c413d4ed839791603b6f8c8ebacad54592c3278d635aacdfb129b089c29b62c246ca2d7e83401349ac8bd11da6667c9bb6be63e38fd591b71dc387ccd08730c320154fcbfe648279abb9e350d4a93ab6f184b24ce84c6aebc52c757
+	C = aa91ffa32d824596614b044d2a1b8d9c0799d18b7e6d01bc734b1628ad1773796ea09aae2be116e7beef9e88f6ba53828431357d431a5415147a750b0ec791ba5acbe09af085f3799982a7ef0a5291cafedbbb5bb4f3a458ed81b39b4e59f90ba25974bd6416d71497b77565f1907b
+	reseed counter = 1
+AdditionalInput = 5510613cb4d5dc5a4aac9c0744c6bd6d65c8f5dff38180cb68165eebe4d01921
+** GENERATE (FIRST CALL):
+	V = 5ac24b4a369aa1334d37e11e600212c5f499f8f7bfaa5094acc42c2c64103c651b4def0758138fbdf49a6c8409555cfd4b4a031a49adec3f75b60c08022660a5de714ab80c29f6cd0817f6d2e9d6449f99211ae24865d2a9a2dccd2dc9b381e987a42ae5d67ccf94ccadb3703c8ae4
+	C = aa91ffa32d824596614b044d2a1b8d9c0799d18b7e6d01bc734b1628ad1773796ea09aae2be116e7beef9e88f6ba53828431357d431a5415147a750b0ec791ba5acbe09af085f3799982a7ef0a5291cafedbbb5bb4f3a458ed81b39b4e59f90ba25974bd6416d71497b77565f1907b
+	reseed counter = 2
+AdditionalInput = 3be6b670b192d4016f62b543a2966a3c83531d876c3a905ff9cc7dff0d9b33d9
+ReturnedBits = 6310c96f0d63eeb481cd0bed115f70aca647781996dfcc8ab7aadeec92591e09e78d62c9bd9c37ca0a26358ccbe6281625115981b9caff522f521bb4e7770e8d5c38ac347309beb35dc6007ffca3057f3508e2f9fcc2fd2b6c2b09bda1b1d5a70d21a407fda5d26aad7465fa9cd54b5cf16d9f3f1a5dd9ed7b0d7557229a4022a3841999e746263271a978671ca827d1cd53db2e60247840224cd60e4cc453ccb6bfecb76c2ede754bbae210520c248ecfa74383c7f473b8cdbf1e2324f7fc01027e7f43506826b4d8b1a4853e15f7f52f623af2c06ad857de5f9618447ee3d2baf6b00d01931c69941a898cf5bbdb075d89739c44752098841c9876b5ffaae1
+** GENERATE (SECOND CALL):
+	V = 05544aed641ce6c9ae82e56b8a1da061fc33ca833e175251200f42551127afde89ee89b583f4a6a5b38a0b0d000fb1a084b7a6b0f488557e1a78d01bfdee1d9c0aebee6d958aad697f91470cf5a4a25b74518991a2ea5007d5f6e2925d0759fc7da789f83e7bf4a65842072ecf0d67
+	C = aa91ffa32d824596614b044d2a1b8d9c0799d18b7e6d01bc734b1628ad1773796ea09aae2be116e7beef9e88f6ba53828431357d431a5415147a750b0ec791ba5acbe09af085f3799982a7ef0a5291cafedbbb5bb4f3a458ed81b39b4e59f90ba25974bd6416d71497b77565f1907b
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = f562ef7a3696f637c3838566ff6fe6b3125c982c0f8cbc3e5845e8bd68a0492c
+Nonce = 0e9644beedd33ff7386d9f41c8e348b4
+PersonalizationString = 
+** INSTANTIATE:
+	V = ad885a3ca5475f88edfcc6b26747e738d5c515659cad794a41bcb2fec494e2da0131d743f5ceb6f306265b43c6151227e4f03a4402c82f0effa71790a334c8afd27e9e3fb167aeacd9a00457d2a44fa4bffe256d2de8b18254a7f34c685b96acaf5154585945f9f89b172efc245081
+	C = bbbcef8964ab4c345b23f0c46e291b47e5d97fb4d35f4dbce789e0ad27961a6501b5fba11bc60d9a08b1a83afcf56087085f8a14ddd13a34e96df89bc9ba36b98344905860c7f65f8eca296eabd36ca622fdf594e4c7b2824c4e6acd54e276213fe7765c9bffc76d8e66263745f372
+	reseed counter = 1
+EntropyInputReseed = 75c727aea1b7809e06c63a7b68161d717b969e2be4b36569394a388f3da511e3
+AdditionalInputReseed = 9096bb6fbd56bc5385c8b9ebc74b62f315018b0922fc62484d48702583b58271
+** RESEED:
+	V = 822fe5dabb296ff8fbb837c9696e8028cfc23494e53cddc9f87d61c2e22c2965c8b2dd6c6c6273ba60c5ebc35306385490a7362c7a60d4f534c7848e3c23fa9fe1fbab2632dea1722118e46696d456027b51bccac0c8a8f199cf7f129fbeab0daf665babd26bc80b3a67c2ce52c6a4
+	C = d5eeb577b501b4381845318bdd8e54212cfa17256ea4a9971c823cebdc397dd87711c0dc83cc1713302182f5ea6ba6f0759db551662ed5ed7f19bd180f44fb6e81701397f3718bf1851c5b850823b43fe22bc97565a7c334f7132055b49d4a101dc6859f27dc4f8aa1ce46171b64e6
+	reseed counter = 1
+AdditionalInput = 0be90391ea94af1dae91b09b4c7ae866d91556763beeeeffc5225dd1f4d968bd
+** GENERATE (FIRST CALL):
+	V = 581e9b52702b243113fd695546fcd449fcbc4bba53e1876114ff9eaebe65a73e3fc49e48f02e8acd90e76eb93d71e0b9525610fa4ef0ff0beb2648b35f3890d9c243799c40556f096f73956b36b289d48c26e408809b52a181734664316e434733d424cc854ee5a03cdd7457fd1355
+	C = d5eeb577b501b4381845318bdd8e54212cfa17256ea4a9971c823cebdc397dd87711c0dc83cc1713302182f5ea6ba6f0759db551662ed5ed7f19bd180f44fb6e81701397f3718bf1851c5b850823b43fe22bc97565a7c334f7132055b49d4a101dc6859f27dc4f8aa1ce46171b64e6
+	reseed counter = 2
+AdditionalInput = 006e3f57dd81f86dce657b5a82ba639ecfe631501eba869b8e55259dfc5ea392
+ReturnedBits = fe13a475232962878091dda1995e89e36f5adc4f1ba23986c7381ae849729951249290c66d07c4ab0a6107fe808da48f263e72a0b8c179a4028fa6fb11a8a7fe3692d11ee1af1b92a06dac13d3d7023ecfa43293d016d319c7056e6d384cdd771b675145b61c9bf393c91e83814dea2c71c1cb3c4087edf51d2b6d2205edd427eb3efe305bbee220cd42db8e17355f3496c4d4c57afbae869908cea30d02a69b06729149f00b211dd400e93bae01aee36e6240a78a8368920ed90607890992909614349ab4491cf7ec083b48db91c87d840341eb41cea9156ac87cc8a5bc5fae9faad91b5ecb30f13f7554a4e67d55c8ea96a9bc9c425c7a6cb7e57036a07035
+** GENERATE (SECOND CALL):
+	V = 2e0d50ca252cd8692c429ae1248b286b29b662dfc28630f83181db9a9a9f2516b6d65f2573faa1e0c108f1af27dd888098a2118b5d5b60c6b122f097d62ee8d23b865454da650d4e830fd90bfabea5c6f665cbb5f348614a7f77947ee0427facd8007cdc85e50703baa4b15fd11730
+	C = d5eeb577b501b4381845318bdd8e54212cfa17256ea4a9971c823cebdc397dd87711c0dc83cc1713302182f5ea6ba6f0759db551662ed5ed7f19bd180f44fb6e81701397f3718bf1851c5b850823b43fe22bc97565a7c334f7132055b49d4a101dc6859f27dc4f8aa1ce46171b64e6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 91c8168fefc159c96b96aff859764e86f62849cb8447c85d6af9b9582d85e7c8
+Nonce = eda45eeded36a7c0a80b0ea24306bb05
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5eed2eafa02df43d6f43e8d3968d81e710e8a813c7b7176bfaa70c2ea4cc9adf1dedd138333019c012d169cf9c79dc844455c45bd74fd95432820203ffe2f9793b86a24c6fa7dfa8d8d8d665ce72f08ac2100c87193a39e86cdad670b7674ec3d46671f24fafd03f3ba920d4b61292
+	C = 444301f39ee0a96eb52110a760e54ae81c2f4eb14f289d16e3b21ef18011c55e1686e08e8037249207259e041e49e3d2c27a7140d70c7f94125a5436590a4b998698727c247ea98bf2f12535df85cc23ee74d4dd7eacf6a235da54a1342e50626c3119feb49a3728ff145b41cbea0a
+	reseed counter = 1
+EntropyInputReseed = d89ae1b4677976427accfaf9eafe15d93365f8895a99ff4a69554fec3a7d773d
+AdditionalInputReseed = 0dd07745e9e9acf0984d59044596f0689874f5ccf7620c64ef7d5cf42691b9d6
+** RESEED:
+	V = 7ba04bf339cb623e6cd1ff2592c4452312c859b76c9544ac9fe969edeb9758a40ae4bd8944b0f1ee0b9ac45ec16d7b66a1c2f094865476513a3171a9b85afb38fdc1de53fb8a29f5fec867facce5f02074c11b7a50ea12cc8fa614afe7df1c717da1e0bb7e4234290eed23ae512ae0
+	C = 8f5e26acbe7d6dfacf229d358806f320696b479924a22eeefb40607cefe67734d1ca1009d78b23309c3a555fe4078ecdde90bd02cfa58f445e961f72014f79a01e20fe49eae94c3a1bee5abb4dd61accf8ad471d094cdca26591d3aa6cd5327a97d81d2f9c27afcd6b305e97baf361
+	reseed counter = 1
+AdditionalInput = dfe8801d8bfa7ac4ea8fe53e16f38bc2989143f848a7b0be5894fdb0dc223662
+** GENERATE (FIRST CALL):
+	V = 0afe729ff848d0393bf49c5b1acb38437c33a1509137739b9b29ca6adb7dcfd8dcaecd931c3c151ea7d519bea5750b395627eed3b64102121143cb14e7020369023138085d2374369a2f7b35d0d7652623205900091580fe956e62faef603f1af991e9b6dfb3025d38a3f77c7c0bd2
+	C = 8f5e26acbe7d6dfacf229d358806f320696b479924a22eeefb40607cefe67734d1ca1009d78b23309c3a555fe4078ecdde90bd02cfa58f445e961f72014f79a01e20fe49eae94c3a1bee5abb4dd61accf8ad471d094cdca26591d3aa6cd5327a97d81d2f9c27afcd6b305e97baf361
+	reseed counter = 2
+AdditionalInput = 489a0fc0bf9d7b662492ad88319055f0b0f605c1bd6989d19df279ccd7b5cad6
+ReturnedBits = a7cab900db1bdc1291518afaffd754042d022cedc26fec73bfb9d5b3cb60e7afa7fb55442c3ccf48fb01df4718e1c171b5d190ba4e4f4d29456ccd7955c4137f2b1ccf9387d83f96db993b67cac42699dba6dead461e297b54f77645b145c1398bc3634998ed2a1d97ba77aaa7c61bb7ae8ca2fdfd6e4e8aaa8af79f582a255679abbb314bd6d3a45d685b8a783b3d2182ebf3882488dfdc009c6a8930b70a4fc0fcc7972fbdef5bb6d318b3a004626c033357f78a105b8a5be4de1c3301b45ef1f74e433bb068658588f931a8aa3d91aa6476034365e56c96b45a2d88d79704729a1ae33a16ffa40a61ab8bb411d16e881b3e74842e878b450371f4b86bdf25
+** GENERATE (SECOND CALL):
+	V = 9a5c994cb6c63e340b173990a2d22b63e59ee8e9b5d9a28a966a2ae7cb64470dae78dd9cf3c7384f440f6f1e897c9ad0fcff06f4f15cdbf4c768e5a29e70f8a29705b54fff901abd203477c0ecb2b34e3ac82e9d36c01d64ce3d435b7d7e2fb002db753509f3de558ab7149da60718
+	C = 8f5e26acbe7d6dfacf229d358806f320696b479924a22eeefb40607cefe67734d1ca1009d78b23309c3a555fe4078ecdde90bd02cfa58f445e961f72014f79a01e20fe49eae94c3a1bee5abb4dd61accf8ad471d094cdca26591d3aa6cd5327a97d81d2f9c27afcd6b305e97baf361
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = d891dea0ad11bc0d345f9988080432979a54cd8d51e5585c1d6a87ba0bfe74ec
+Nonce = b885c87aacd7e4defba6412415d3e533
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3e1f34e87b6238479bef755a62ca6168732eb09d67a9f75a28024da4a6f84a31be0f6c6d388cfa513211f684555a3ebb2401517b5a77ac5a1bd249330373c76ce42305e45e07bf306df37c62b0b2a3244cd4794009c8ebabe87a0757af2969be13908dec6f8a84ff09dd66ad51abc2
+	C = f749153c4d9b7e3bce4d8c6f126ac21c52bbb2e9d3b0de27bc2843a06c8e8b8b4112b53e84a9f1c82e7560af0bd2d4eca96b141044a16c25d4d0ce184a636555190a42dd9a5d850f23bf6599a95031cfdb3845b01bb6634c1adbe0879c0dc4c7f24e4bcd11de9d931485781dd473e6
+	reseed counter = 1
+EntropyInputReseed = eb4109b0289b21bc704d76e5d23acc01aaae684ef9a26f15ef656229998c03f6
+AdditionalInputReseed = a17a2b676ebc1ab993fdd0588173714ce86459a0fad7d98f39d8ff5558bdd385
+** RESEED:
+	V = c0b8581f3b71518777423c0cb4f40ea132bdb1b4429098189783a258a6a843480a07ba62adfc3b50ee0dbea954b795278742b7fb7fa7f46742d9c77ea94a4cddd15ea10fd7b9ff1368773621124837df798b16ad23fd73dd00122cce76fec696b5a68b4d60e4eeb0f5dd906963b6c5
+	C = efec8982a4648ab0ef025f73182d81a4b25814a6377e98d4973a27c332964d917ecc801d4bcd1fea42212d1ea080f7302e4b08e1f42b199f5d724878d2dc9eb1e5891b6f4d556bbbfcfa08f11b05b426586be5a48085bd914d8cdcf6db283ce67b1798f50496cd7dbec4fecf230ec1
+	reseed counter = 1
+AdditionalInput = 6fa0cec75941698452146862fd36c74cef702ab3420a4303f44694f71e29772e
+** GENERATE (FIRST CALL):
+	V = b0a4e1a1dfd5dc3866449b7fcd219045e515c65a7a0f30ed2ebdca1bd93e90d988d43a7ff9c95b3b302eebc7f5388dd41c2d6168add611eef66a69a78e61363daaec51145550004ae14d74c1a08fffb1e70d99ca42c0f29191f190b9c31689767b2b28ea83335eac631935ea86b20e
+	C = efec8982a4648ab0ef025f73182d81a4b25814a6377e98d4973a27c332964d917ecc801d4bcd1fea42212d1ea080f7302e4b08e1f42b199f5d724878d2dc9eb1e5891b6f4d556bbbfcfa08f11b05b426586be5a48085bd914d8cdcf6db283ce67b1798f50496cd7dbec4fecf230ec1
+	reseed counter = 2
+AdditionalInput = b149979239eb5be0a017f664d0a53b639c691b8a32073184b18e3e0999587581
+ReturnedBits = 0f181f0002ffd58e477b3e04dc78e8014f50745bb32cbbcdba2c43d34a15f92b78fbc29c3bd76b34fe012edcef1322dba751f01955e09c95cdf5fb62dbc996e1279a42bf0cc941a74014cee03525c593f06520d4d04d6b4934a68f3a6b2aae2fb5c691b3ced690d0f847dd63c9628cf581f83c567907111e937e2f5a37706c919d946c56dd4e6d123dc1bc606b5b307a5dfed38cb3f5e4b9014feedee4171802dcd5d1403feb4f0254db4e7cd4b325bd6876fa8b8128145eafdcaa776181cb5e3d968e3726ffb05994331f9c7b7473bedc69bd2895108aa33ba8ccd87fe6ccfb1517084f5634f7e80d26462a08470e08ed603b27bf0b8d0a508fba386a934648
+** GENERATE (SECOND CALL):
+	V = a0916b24843a66e95546faf2e54f11ea976ddb00b18dc9c1c5f7f1df0bd4de6b07a0ba9d45967b25725018e695b98560c062e1f5decb924e600bbd68a2c5ac49364f1d404bf0a73ec77125a954322e5d5dc24ff23a19c2517bb66a0f1054e6029c8577ed0f20bff2b760141198bfc0
+	C = efec8982a4648ab0ef025f73182d81a4b25814a6377e98d4973a27c332964d917ecc801d4bcd1fea42212d1ea080f7302e4b08e1f42b199f5d724878d2dc9eb1e5891b6f4d556bbbfcfa08f11b05b426586be5a48085bd914d8cdcf6db283ce67b1798f50496cd7dbec4fecf230ec1
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = d3945888fb533882a5a6b5b7e708f086ef1c8bca23cc57632074d3a70caf66b5
+Nonce = 65c1740a5be41dd5e1cd181af286ecee
+PersonalizationString = 
+** INSTANTIATE:
+	V = c26169bc15fb5e503e9cab78545e8cc1a1263fee0a88dcb423a810f1b036b04e4ff1d51ae2157874d1b3e7ae4676c04fdf5e117797615b36530a9af03eccd711e7b9e5dd75ffe231777ba2986671a259ca516db9757f1674775b1588dcbf567e789edc756a115d1ea43d018e91180c
+	C = 0c5e0192807c84dabcafe00ab8a4c90a449a893f5d0adb23aa6c5457dc0cd78adcc6063396a54326c14d886b0cae10c3cdc7355a89e071c4545a5d43e1070209cfdb3373dff66124eee85824e64c37298397f53d249eb53a74bd3951c624aa81e645c080d9c3ac82a701693d56479c
+	reseed counter = 1
+EntropyInputReseed = d2f4c12761c1612cf939cd8f8a7c22a93c2528b931aed742db7f3c44a4ffff81
+AdditionalInputReseed = 560ee5f225c187ed1981690f9773c4278cdf0f9eaed663845881e6fe6257058d
+** RESEED:
+	V = ffc8581c1e2b4b1b35d613df883a000946d3862c41ffda6ed18a0c6ed3638be0a9e7131d9343b2e71ac6c91bbd25627a996857e9ba52d894daaca77bc4cc3c0a2183dac9de158d9983b18cc61110324fba775332b6c1fbdeba7732a8f93974803c90f334752142c94c60774a6a179c
+	C = be4c23cd43990ea06af91c65312ca5aa8e766c87602e7272bccc5c0e83d76ead57f1fa8c354d2e806864adb1234fb863a2f4c1f069338595cc838a5ef7d3c520b9d46cf4b5e74980a8ad5f6ab65588d119d78472979499fb9792d7398e7aa5c26571816b2db372689db2baca292e2c
+	reseed counter = 1
+AdditionalInput = 400d7158635a9feb73c884e3ef2fda8f7497e3a3098d9151875cd17ac5ba1b02
+** GENERATE (FIRST CALL):
+	V = be147be961c459bba0cf3044b966a5b3d549f2b3a22e4ce18e56687d573afa8e01d90da9c890e167832b76cce0751bee2fc2756e1f7a760859f9a5a90e968da8c7cd5fe96cd8df7cc4b75683befc28d85b0c9fb26e3aee814917795bbd2e12638f1a2bb7d3c288df6a8b6594a684f6
+	C = be4c23cd43990ea06af91c65312ca5aa8e766c87602e7272bccc5c0e83d76ead57f1fa8c354d2e806864adb1234fb863a2f4c1f069338595cc838a5ef7d3c520b9d46cf4b5e74980a8ad5f6ab65588d119d78472979499fb9792d7398e7aa5c26571816b2db372689db2baca292e2c
+	reseed counter = 2
+AdditionalInput = 13afce5ef8aa04519ef802c899b6416542c681a7d1d96a6c31a90b1a8c8933f5
+ReturnedBits = be08acdc3a958443a8b30393f3be248319199618dad1244237edc8c10a6996fa65f8488a3f5899c63522bbd694cc2ad87f0a7b08a7e7306b3c7c40999d76b09e2067121e4a6baf6865713b2a8c8723a525b35590769c6c59a034428dc6064f96c056fa8d3fdfe8c9790fb351102009b3a75c19f23a40e82ac8d997e312975ed678e54994231a1d581c1dd24e00ca8f50005342ba5c7df0a284a462ec7a4a4d8f35b60e42abe987f1516d874dc93629e374713b5b9167b5c526f7ff5877f456e8546f7e60f70486c5a5fdbee4077cf889e9411fc06965ee4b4abc159d1ffceebb2e570f4ccf5e77224b00fa066134e8e02bfcb744481869fc95fb219d7a949251
+** GENERATE (SECOND CALL):
+	V = 7c609fb6a55d685c0bc84ca9ea934b5e63c05f3b025cbf544b22c48bdb12693b59cb0835fdde0fe7eb90247e03c4d4e15f081d68e16803ae213254f67872fabb9eacc0dbd5be45a761220d1c4e0e290feb00fcb0f8cb8084c002d3ed67b5451f522b2d7623375de89d88945476ba31
+	C = be4c23cd43990ea06af91c65312ca5aa8e766c87602e7272bccc5c0e83d76ead57f1fa8c354d2e806864adb1234fb863a2f4c1f069338595cc838a5ef7d3c520b9d46cf4b5e74980a8ad5f6ab65588d119d78472979499fb9792d7398e7aa5c26571816b2db372689db2baca292e2c
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 33f914e4797790cefc1c8bc879d60973f1ee089cd56c7accadd12cb066962932
+Nonce = 3d1387bdf56f26d6db346bb291fc4074
+PersonalizationString = 
+** INSTANTIATE:
+	V = d8d9544c476e1e90e4d8560037f31bd89ced75f360576bdfa8d9a3905d73e7047313606310799b36f8f638919f806b24b822260c6328b2ab67c769cb10cdc0c2d14399697a4b63bd81c98118bad24ecbfe8945f6ff8ea2ebc751e2cfaa33f507365358cbb6c9210facafd25d9a6f47
+	C = bad742ee42d2bba8b6f1b2686241c32417eab999bff13b5094eb877a5194397b95296bb9ee2825a259103260db7101fc82f955e40f84f74e7277200806bbb78c92abe4364eea716a96a2c83c9786e9146720207b359eba79b1c1d5c4b58feb7e8bd840884850d0eed318b0b5e1b283
+	reseed counter = 1
+EntropyInputReseed = 1e375c03789ab6d582a1adc45284e8eb4e5392d7eae9f7737f594bb5a124a0d5
+AdditionalInputReseed = 14738d54493323a3cad83692b203f3df94d3e591fd46d89e4c8e6a65528d2f57
+** RESEED:
+	V = 76ba74d5bf827090e317e4de1f41a1b4839858e011a9b5f02aeacec84b16c59ec105b2025d9b56a8392a6f5f7db9ace3a7df019cf24b95178bf9536b4f379c0b3d5c1e2aa8194ea324157c31920a6a307a22eeec812b334bc3f8a9dc679516f62f3df30a0297e936e08fcc7da13357
+	C = 6376d9675ead08f143a42739306243d0aacb8986124481239b59cbfa77657432f3a6fd2de6f926e83499a912a75aba410080cbf834e4c5b144a9afaa6806b09f112ebb352738435466a3d9e48e924a791b7b523cc2c2dd92b44f1a921c403a32a0c215131b6c6b35ed83b8b1bb739e
+	reseed counter = 1
+AdditionalInput = d309e3b427c86d24daee6eef4f175d1ced839ef3d9350fd74d39ad4dc8c5ff76
+** GENERATE (FIRST CALL):
+	V = da314e3d1e2f798226bc0c174fa3e5852e63e26623ee3713c6449ac2c27c39d1b4acaf3044947d906dc41872251468d2fa8401482a2020d40d8460379afe61c64a0f630a307eae0ce587d7f5cd5378b68ca6eab78df010e94310a9ac563ef79af72e2182028cc9fa8ab7a2239c6683
+	C = 6376d9675ead08f143a42739306243d0aacb8986124481239b59cbfa77657432f3a6fd2de6f926e83499a912a75aba410080cbf834e4c5b144a9afaa6806b09f112ebb352738435466a3d9e48e924a791b7b523cc2c2dd92b44f1a921c403a32a0c215131b6c6b35ed83b8b1bb739e
+	reseed counter = 2
+AdditionalInput = da2fc4c03d1287ce7dcaac0bb12d5799710cc006ae566d57da9ba2fb0710062f
+ReturnedBits = c5c9368e97d2bbacf71a57dda9baefa42cd369f4fd154f9830821a4fb102d9d8185a107582976147b2f5043bf9dd1b928778e30830416fb9312ddcaf5752eee14dc8093d687b5b56ad83a89051f50e8125d98b354b7791a7026b96c49da9ba85c7c889a66d680271fada193e67d63832fdc5f3ad258cec22e06f6604a849d8339dc8335b293737be19a46a06766514faddad06affab6f3f42dd76471fb8cd7e26515798b2d6c3c4fff75afe7cdab3f9b585c896b26cf899438a8911eed8e894e7d6e77fdd98903038de74f98c9fa30565f41ade57329533d0c5abd426693832126919a49af4a178bde09a14764dfa994bfd13fa5a289f414eb89be6bc50e6b11
+** GENERATE (SECOND CALL):
+	V = 3da827a47cdc82736a60335080062955d92f6bec3632b837619e66bd39e1ae04a853ac5e2b8da478a25dc184cc6f23a7977b904969e71648e60d8ec65cf0410c1adc0e3974128fe1f934bb905cd1f9142caa6d92a0fcc65322057d3ced574836cbce68c8e247581d8423c8146f7f22
+	C = 6376d9675ead08f143a42739306243d0aacb8986124481239b59cbfa77657432f3a6fd2de6f926e83499a912a75aba410080cbf834e4c5b144a9afaa6806b09f112ebb352738435466a3d9e48e924a791b7b523cc2c2dd92b44f1a921c403a32a0c215131b6c6b35ed83b8b1bb739e
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 0524395cfa40a37be591fbb087aa5900027c8911d9d09139a36e631320d7e9fd
+Nonce = 435f1a471a07465b6ccb15fba065d1c0
+PersonalizationString = 
+** INSTANTIATE:
+	V = d7465edf18d6c2f2ed150f3c9e421779b81ae6d8046390b064a0660192bbfd4b98b39f1f06b5c3c99c0fd8e30359075452ea6e30d2f5544104ad3aaf14c2d8f5aa716ef51c5e9e6a4c982ac0328ace517b97ca154a01b5062fc8f98fe740327a8c52a409774cbfacfe090034dbe085
+	C = 26f79897bc2bad92882a06c24e1d08a864fe2447e329d88c71bfb6ee4b6e91728a89e7d03dc534367529473c609695919c3b63d31140c0c03aa7151dfe41a8c640cea4069f7fcd7934527a3d18018a115bd1336e733ed10166a843be6f4ff26fb6dabc8e56bd34ecf899b644085d43
+	reseed counter = 1
+EntropyInputReseed = f347b1ced1abbff44c197baf6db8aa813c30176fbfe5111bf848b1642d43ebe4
+AdditionalInputReseed = 131ed808f7f7f1fe856fe0fd542e24bfe470239c9b344a6069b4df45c03c9e57
+** RESEED:
+	V = d7345839d89e073c2f82d3ca3236c968d3d6730bae55c86b21b6aab3df6d711046874b66897f5190e275465b4f18f8efc2ce61ca211f0cfcde47884a86a9d9c7e8fbfd6fa9f41cf64d3ed00ac6c0932c2f8b7589c2f58e8170e1830105759dd50ee2e8ef30dc44e2dd1076445aa6be
+	C = d9baf634913c5213a2f912efb9a12971f20ca5f4828091112c386f79c01f810aa0e4f1da36381d6e86973124dc94ebd6cb9b193736f5248aa4410ce647b41034a1fc1d4bf9698434974242984f12825f77ff51365bf3f73339a4a9700be2e229d0c551a472b71041aade9ef6a6ae43
+	reseed counter = 1
+AdditionalInput = 19910e8fd5934a9542d29fc5a6618a38e66b542aa1f7d44cd205e0e6c8ea2524
+** GENERATE (FIRST CALL):
+	V = b0ef4e6e69da594fd27be6b9ebd7f2dac5e3190030d6597c4def1a2d9f8cf21ae76c3d40bfb76eff690c77802bade62bc2174f03c0d610456bd3208cd138cb8f5771e8aaae0796f9dd2d1ae070f5fe21f4c3144fe404a100de7727970fd7cb8429288d84b57fa8b8e988f11c2a4e48
+	C = d9baf634913c5213a2f912efb9a12971f20ca5f4828091112c386f79c01f810aa0e4f1da36381d6e86973124dc94ebd6cb9b193736f5248aa4410ce647b41034a1fc1d4bf9698434974242984f12825f77ff51365bf3f73339a4a9700be2e229d0c551a472b71041aade9ef6a6ae43
+	reseed counter = 2
+AdditionalInput = 7809caf3a7fbbbaea93da68e598d787e3437fedf0f607e7304a796644b50d57d
+ReturnedBits = 74410341d55b4c258574d0b5a32a99ae1e125f2b21ee9a39d1559b9636ac2af9feccd14f03b8088ddc4a242ebc0be29806842546222bdbae15cd12b0f621e979510e3a28a0ac37a17820825844b83a72f48952739b7ce107ca4fdde875395684bcd112b4bfe54f4cc26ac6bc8ec2da5e58f120b2e44974f9685c0b733a3ec54518b7aa67e5343cafca630315100b53302a90cbc77445792687c93250b42419c5ab6344390dfdfced9bdb4d7a6c5a07dc11288b68d567eb03ef073d486afe6146274ec37e25b6ca1f950c21515d645e68ce09ef295fba6215549bb1afe21aadc8da9925c39a8047ecbe9d8820d2f37a7fb685c3a46c91a16d7da78c7eab2d246d
+** GENERATE (SECOND CALL):
+	V = 8aaa44a2fb16ab637574f9a9a5791c4cb7efbef4b356ea8d7a2789a75fac732588512f1af5ef8c6defa3a8a50842d32e520358470cbcc880d39e7c030aa508552f87092f1fce6f80db89a242180f39fc51beab01e3cbb6cb1ad14c93c6c428b037a9ce99b04e0913b5bd5a2e7d1e96
+	C = d9baf634913c5213a2f912efb9a12971f20ca5f4828091112c386f79c01f810aa0e4f1da36381d6e86973124dc94ebd6cb9b193736f5248aa4410ce647b41034a1fc1d4bf9698434974242984f12825f77ff51365bf3f73339a4a9700be2e229d0c551a472b71041aade9ef6a6ae43
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 5caf6a10fc6109e22515f245c4ee4a18861171e5fb7fbf803fc59fc41e3cdf3b
+Nonce = d26b7b1b0b45b27a143d8f24eb66667c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 45e3eccc789c7efcaac5168dbd2b557b95d6a1cff4ca462e736a97e250bce01a0e78c69b070ebe78e57c2c8b25b03b3bb544cae54c82520cacab27daae06a49b3af8e5f5a05f9618c5aeaa1d4ce316598760fc2ce83ba37173b4ef5080b8c9edd83c23b0a00a74a41b1ac9fefa93a4
+	C = 4df1af14c84806871832695189c695878bc4348f59a6837bdca55cb18e892c0b87935cbbb863390519cd4df3faa81da10ecec5806a01f725948f73e977d23b0896c984ec8f81e587ef9bd6aa9602d51b664ebf77c8784fa57d5134895dd13bd812ef55dd22f960a06707b839f9ec91
+	reseed counter = 1
+EntropyInputReseed = ab806696da642d299181e474d1622eb14cb5044316bac67a1cdfde91e42a547d
+AdditionalInputReseed = 79b6af92ee9a18c64016a86e810ad1049c7145feeee01e46a700b81770591c85
+** RESEED:
+	V = 6c19496129a74293c6887b378af048e11400c8d10b83078b55df5d0af0bb083f7ed14ab4474b46d415ea70673022abf960f4b8e1f568ee314c6fe97583329f1a6bee96ff22d49be02577078b8c932e8b4beeda6143e520283dde513521407bd741fb07dcc638a6beb906b8be803925
+	C = 94c875d27c9e3662dacfd279a0c9ecfd3c1e78a22beec9160ea4b9b69efcd4616e7faf42ef139ad1e65d71eb6f5fdcd47e71489ea0e4bcfad45fe4d5bfaecead54d06820cfb446bd90884b34799c82f463834c7ebae649546bbe8de1efa43d37450fd255425c0414b93336ba96ecca
+	reseed counter = 1
+AdditionalInput = c56409ed85509ac9084398f23ed6983e8eaa3e0b90f77cf0b5006fd8d3d620cb
+** GENERATE (FIRST CALL):
+	V = 00e1bf33a64578f6a1584db12bba35de501f41733771d0a1648416c18fb7dca0ed50f9f7365ee1a5fc47e2529f82898bd29de0d59cff325f1038a773b185a8a8cfaee9f435f73c7f6f29cf324aabc0c2150a03411b06febd6a705de7bd8f6d0c447f0137c260130dd675134a08d806
+	C = 94c875d27c9e3662dacfd279a0c9ecfd3c1e78a22beec9160ea4b9b69efcd4616e7faf42ef139ad1e65d71eb6f5fdcd47e71489ea0e4bcfad45fe4d5bfaecead54d06820cfb446bd90884b34799c82f463834c7ebae649546bbe8de1efa43d37450fd255425c0414b93336ba96ecca
+	reseed counter = 2
+AdditionalInput = 61250b889bcd054b6e9465ced35d48309385a29c311f4eaf5c2dfa3c236ceec6
+ReturnedBits = 6e0301ae0947edc81aa38676b1b6f6f7cc8688e0adcf631cc0b05a9f02f659c751055ffea71a8114ab2db74efd02149927934e6b5a77b574f25d847579ed63614351cdba6fb299cf3ae2a4ca2ec35e521cebde9e647d338e8a68913f0010b09cec9eb60df8a15ca1a5832614c8367fdea317a2b4fb0aff9732395399f151f1fab518c7ba839023ad1e94ca8bc6f2a3c7f336bedeca28982438c27de56b91909de929ba17dbb34cf9cf9396a84de13f5cdef6c923cedf424c98ac5ac3ef735bc55019edc8471e193a73be7fb367e80eefde7b251a92ac5c811f5d3e204ec6b120e6acc5a2451bda9611889a4d65c3c82b215f92d6241632bb668108a885793466
+** GENERATE (SECOND CALL):
+	V = 95aa350622e3af597c28202acc8422db8c3dba15636099b77328d0782eb4b1025bd0a93a25727c77e2a5543e0ee267a6fd28d78a7dde411205e86771999242fcb2f34fcbd178f4483f768a7c260be0d1c7b164211711738ea53b28f7e7a85e7c2eb64b79cc19ceb0a102e614d28f6a
+	C = 94c875d27c9e3662dacfd279a0c9ecfd3c1e78a22beec9160ea4b9b69efcd4616e7faf42ef139ad1e65d71eb6f5fdcd47e71489ea0e4bcfad45fe4d5bfaecead54d06820cfb446bd90884b34799c82f463834c7ebae649546bbe8de1efa43d37450fd255425c0414b93336ba96ecca
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 7efad918f6ce90dcb7b372e8558fee3afdc945b149da1fb44a5f7015b6c8a5a7
+Nonce = 05ed6a89fc8a5a5ea6deb4c651478a73
+PersonalizationString = 
+** INSTANTIATE:
+	V = bf9b31c10c51d65cad70b9db8de64a9dd482d731ae1fb132f6d9045672cec8c72c78ab0a4a226686cfa621973610c77b8292aa84ea843a6c0d900e6b39c4c75580b802e5a2c410e625f70bf6e1bdeb7152a06952b74614493de81a2b9dfe9d3ddb0bc4e56d9620f42c02e5bd761f55
+	C = 0c70f539ad4c4c82edae5d87c1498464eae222fb32383cd4f7c86a134db80f4ca9d6e880adbc188a74d1a751a31033b5259041f6536d79beac9cb4800f1bc8f8cf8bcdf9a82c083a20fc9258cb25a0ddbca036094e87ce9e502ee6abf6720204ebb4f7eef3974bf759d7df23e32602
+	reseed counter = 1
+EntropyInputReseed = ca252a5100e4ba47f90d68176dcdc91f2bfad93d9f2d6d87b26f836ffed644dc
+AdditionalInputReseed = 9122c8dad6bf1e2dd29b670b88f56b994c818d80ce2a5addc5b6029f96cf40fe
+** RESEED:
+	V = 8beea16ad7c9204bf3cf4d8847545ae636d02423e944328a9f655596698268520d03b6a76c9b169a549998d5eba20c3544036fa00a02d1a070654220ced022fd8bdc07df323c76211cddfdc785a2ea0b7467391915a739f6a6ac142ce977a8d7ba566153fd46521a796d2da74bb0e6
+	C = bc5a97a9062c305fffbbf60b5344708dffade07275356a66164208c4ba35e663a00976767de5d0aa93c05abc99248215c888a1be52bd5b941e502beddb029764f354faa00ca27d441d24486ee650f4f82426fab9c8043674d2245e86d1b8a2a69015391fb455e9f94d8c7b08483963
+	reseed counter = 1
+AdditionalInput = dca741d0a3dbe9110ac1c9b46efee45411b9002e53b0c5395dece5d04a3709d8
+** GENERATE (FIRST CALL):
+	V = 48493913ddf550abf38b43939a98cb74367e04965e799cf0b5a75e5b23b84eb5ad0d2d1dea80e744e859f39284c6902c31e19575627a32d7563afc065386e69312e6de535e091057739dfe415dc8a1025177426c3881ba7e3d87a225125c1bcff9bdb72db01ce4c6818fcd0963717a
+	C = bc5a97a9062c305fffbbf60b5344708dffade07275356a66164208c4ba35e663a00976767de5d0aa93c05abc99248215c888a1be52bd5b941e502beddb029764f354faa00ca27d441d24486ee650f4f82426fab9c8043674d2245e86d1b8a2a69015391fb455e9f94d8c7b08483963
+	reseed counter = 2
+AdditionalInput = 2a48e41db06722fe522efc09b98288ea5f108e455f7c50815f3560ef18a0b7be
+ReturnedBits = 14526ada3848e4d2367a8335c2e745b83773ce87b29e1a0314b3169020a8f9a64711b1ae6cd3da3107f8746923927dfc2993948a3063437398cfc119be37cca340c998bc29f7aa6551169c358028f09da858688081c9e1f3e9d45333b67df6deb7faed2ee7e9a5f8cb85fd3c378eb50fedcaa36ba55db0f9e8e8d8f9946654267f647eb86206e2a358f3ff15b5e75af043f040690fa41ba1062c12ad83163ef00f4c3469348d798c21c76ed62834c8234c9d29971af11e8d8fc2adb6a3ca436766badcd82358e6147177763cd3c1b26c9d96dd1df88518fe54121371aa4a39d68dc733551496c6902b07323176eec4f448d5cd38860f177b87663fe33e40d456
+** GENERATE (SECOND CALL):
+	V = 04a3d0bce421810bf347399eeddd3c02362be508d3af0756cbe9671fddee35194d16a3946866b7ef7c1a4e4f1deb130238cad389daeae695ee35f3c341367bc6141c0fc8790480392bf009d7858f40a786784c53cbfcdfc83e454fad26723af1c72e4d4418ad7baedcf4cefcbbd3f5
+	C = bc5a97a9062c305fffbbf60b5344708dffade07275356a66164208c4ba35e663a00976767de5d0aa93c05abc99248215c888a1be52bd5b941e502beddb029764f354faa00ca27d441d24486ee650f4f82426fab9c8043674d2245e86d1b8a2a69015391fb455e9f94d8c7b08483963
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3be72137297b6803534e9d35ae81dccb799a7a37440b4ce9d2d1d3118a04e78b
+Nonce = 1a9f04273fa0d40d3e0c048699485182
+PersonalizationString = 
+** INSTANTIATE:
+	V = b3ce297c06d5b62f411c345fac4e77feb6fef5edb589cf041e094a291cb353f39123dd76f722bda989dba6068cd2145b7277a548960c6203552c5732765bd41d3f8b8e7045e0e7de0ac6c945b45065334061a64c29a1d9a4e3ba878241c0c60bc0c08fdc7454f5aebd4da7888e2c07
+	C = b609f730cca0da835c775d71f8d35329a0b0047bc74966d3cc2eb1282c69b5b163bc3936946b10e2b4fa12428b866ba3d759ccd445cde684849e7f9d9b94ca5240edbc19c88a118d55dc016cb4b5457ca082f99ee378c4cdf8ddd99a45a0da388ca5a9c5baaa107149fdec55aca14d
+	reseed counter = 1
+EntropyInputReseed = 796cb7fdf239e0318a1944e7ad1cf9ee7788ee7872f8f6b85fd857c94f361655
+AdditionalInputReseed = 54120d9bf28e719d68574fd5e7c3fa3d4393c5843899fc5118f95c7961af76a6
+** RESEED:
+	V = 2c0e6342978325f8419195a9cf44b96c6461b8a904bcd53405a24ade2407488452988eeb5c955757242a2c7c0fdbd1256ec86dcf0927ddc13be8ec48b973a9dedc9765e8889c155c091eb7f6ca069ad927cce1ab77317bdc2fa483fedfae2325a331f8b496dda8913a4bc7f9ea6cd4
+	C = 25e79a9172adfc0ea5a384dc856d05e727f58b74d860e21cc50a5f4c5e53c96a96be21ec98b030a7f49c72d31c4a39ed8200f6008c663e831ab51139cba5febf6368f1c7f6edf70ebf81dd05965d68b8bc37a45a58c408893cf24d2ec4009e1006921bf7621218a6cf4ac8fb13366f
+	reseed counter = 1
+AdditionalInput = 637e8d603b8dc6e7771f56abb5afbb8ec55ab776fd74245bd1e8e10ee5ba2460
+** GENERATE (FIRST CALL):
+	V = 51f5fdd40a312206e7351a8654b1bf538c57441ddd1db750caacaa2a825b11eee956b0d7f54587ff18c69f4f2c260c2134855209e7b44a1ce64ec917fa2e58c54b00dd7036209e45fd911eab34ff6b01f093bae9561ea47894c1fdb94f4f20a5999087a4c70363622fa7290ef3e25c
+	C = 25e79a9172adfc0ea5a384dc856d05e727f58b74d860e21cc50a5f4c5e53c96a96be21ec98b030a7f49c72d31c4a39ed8200f6008c663e831ab51139cba5febf6368f1c7f6edf70ebf81dd05965d68b8bc37a45a58c408893cf24d2ec4009e1006921bf7621218a6cf4ac8fb13366f
+	reseed counter = 2
+AdditionalInput = 92fbc0c0c3a5b1e71946df5ab25c2e111d8d28f3d9abfa12f646bfd4ff81e081
+ReturnedBits = 41f4f3aea0b9616f3b6e3c18e5fa88a47484448f074d0f96e7cf51f518f1aef3c0eb7dc5bb095dd9f4a79139a1e708adfaf33325a00942d9793b354ae31423aeb156e58ad8e82cc769626b543fa31e431553dea6d6fd161f9b4f5b7bf9e31ec2b4778c4170368ac00acbd69622c6834efe8e9326192e6899333f98fac9b5afea8ad1e09a064eb760aa90167cdb0b01f025eee73b0d33e959cb04fc1a986dc4b02086c96c72c35d88e0253a3bf35c54ba003ee44c849b2d26daf52aabae087fd6e443e70895a1fb22b09cd7fcb48aa6c202ec6b4a33001cdd712e246fc2b1a228bcf4eee74bfeedc880cfedb0a97473dfa48f259fda5e6c61cd07f09708137f84
+** GENERATE (SECOND CALL):
+	V = 77dd98657cdf1e158cd89f62da1ec53ab44ccf92b57e996d8fb70976e0aedb598014d2c48df5b8a70d6312224870474a20256b31c32eaec080db246cf7a6a07d74e740e376c227e9282e3c8e6c2af0bb836e7ed1a98fd9013331e265ccd7fb37940128d5e45c55da014ef89d8d3811
+	C = 25e79a9172adfc0ea5a384dc856d05e727f58b74d860e21cc50a5f4c5e53c96a96be21ec98b030a7f49c72d31c4a39ed8200f6008c663e831ab51139cba5febf6368f1c7f6edf70ebf81dd05965d68b8bc37a45a58c408893cf24d2ec4009e1006921bf7621218a6cf4ac8fb13366f
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 83bff60214370ccb1c8f2142b528ef70e71dcf343a42f149737c43c869886901
+Nonce = b7dd677ff8891a3a6b3e63920310bd82
+PersonalizationString = 84719a3399ed20d47f5912e888623f8a0929492951d65d8b01376150f13fae1d
+** INSTANTIATE:
+	V = 93b68cc0060e347d9574eb6ea71111dca7be70b35088e88c3ab1a22c8b71b34dd0c0780767321ee72259dbf1bb725bd3bc97a92e5828d42813a6dc459033f80735429d6cbdd373ea2bd5855c46708f4f34a70db5c143a47d3790524b3025b839b5e19517a5ae29920991340960c87e
+	C = e7f7df39dcbc01e6a8551304cafdeaa7b305fc4f541516f362b27c558d977a0b26fcb932d5ddc433447f74a09d864661afcb5d4d09aa964165a787071abed55fee81961babfe34c8b39fb7762862a54b0699b603e6bc14fd344d7417184fafc2a68f3807e02737fdad72ca99d2c5aa
+	reseed counter = 1
+EntropyInputReseed = aab08d7baa18b6b79e908bd7c48ea5188577988be95c34b6aa952070db27ac4f
+AdditionalInputReseed = 
+** RESEED:
+	V = 7bbe12f1a7e238b71e2c364b29d05fea3c7349f7e8615692fae6263db1692d1100500404ddb1a9c2215d2e69aa7136fbaddc679c1aee49dd47d2ba4a1b70f8716cc3bb4c8097e11f860d22c2fb077a3e3e9477cd3930a5e3811e5bcede95378d5132a9a9b11f777dffffd756041d39
+	C = f60b4754c57e7589e066e72a8e3ced56a6e0d8c5cbd0cf21f867c89236e3af87564ec6723cb4ece96d39892e45ab0e48303a34308d222f98a40d2b4404906a34f8ebdcdf3861d9dc682d0e2b82157f32207a8309d2a9efe45b2cf259f01762d7f35cee679b92e4b6430056616fe834
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 71c95a466d60ae40fe931d75b80d4d40e35422bdb43225b4f34deecfe84cdc98569eca771a6696ab8e96b797f01c458cabb3b315db853c60a3b32da81cd744cb18ba200776cfe192de2923dcd4eee28d2b65404bb9786b544c406c435bb3eec26914eb83eae30ef96bc2a39c7e10ba
+	C = f60b4754c57e7589e066e72a8e3ced56a6e0d8c5cbd0cf21f867c89236e3af87564ec6723cb4ece96d39892e45ab0e48303a34308d222f98a40d2b4404906a34f8ebdcdf3861d9dc682d0e2b82157f32207a8309d2a9efe45b2cf259f01762d7f35cee679b92e4b6430056616fe834
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ae39d5886dcb734d7eda77bcf0f9492672fe771a4a196bd18e547eff62abc3fdbd426b0690092699a28e49fcb64b036cf4a2e51321214ad742edc099bb5bac098f834d22bd6dacd006f3f9722556d335ff748378ef12c48d1c3ac223554616ec6af318b6357025792dca4ce687534918c8e8c569339fe9282174035c1a74bd453a84a2458fa58e56e265aa10573e248dacfcb0150d89c60182076111a461b5acf0201bd0f2206dc24a6c9a846f7c0773f3deed13447f4b89788e681a6fde808590cec544bc31af29d5164306bb353bc09ca6bc8c95ea14b18189cc4131457ab734fc02b6a39f2defecfcdfa5fe65b2589800edf6eef92d1399bc9281b05083f4
+** GENERATE (SECOND CALL):
+	V = 67d4a19b32df23cadefa04a0464a3a978a34fb838002f4d6ebb5b7621f308c1faced90e9571b8394fbd040c635c753f33c1d999bf19685d4f4d79bcf3f03a24bbeda02f80c15f1c2cd580e5f2b1be3e0ef7813d578f3c391fb43aa08a582b2b9a96e51d6d7782f6ec1d230a7988284
+	C = f60b4754c57e7589e066e72a8e3ced56a6e0d8c5cbd0cf21f867c89236e3af87564ec6723cb4ece96d39892e45ab0e48303a34308d222f98a40d2b4404906a34f8ebdcdf3861d9dc682d0e2b82157f32207a8309d2a9efe45b2cf259f01762d7f35cee679b92e4b6430056616fe834
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = b474aae400040144581faa5cb8e246501713ccce68a38505caf8a8e71c156946
+Nonce = 3d7901a230510e3b2e164e0e42038767
+PersonalizationString = e09b25982b821345fa97cb52fbdeb80296db2c21a8568dc5f62fa3c65923a9c7
+** INSTANTIATE:
+	V = 214879b4ffd4f111d9a6e75249f407bed7fa092aadb28540b23716302a1c539be335a9deec37ebbcc571fa3c7874175691e9acbc5e7e2e7865a8a817b568f3897e9825db719467a897d3889256eec4aec5a07811898012c91f271f5a32e23dd9e93de19426c695198be1179626abd9
+	C = 33a804bb9d206a921dcdc5f4d57bf3fc8a67309d870ebccec9f039bb5dfee352f8cde0cbe6d3db030af4ef8c725f2830584ccaacc27c3dfcfac893d083fc4f598a8b55fc37a3b44d68ef4fe2b2da9e8939d78ffc084815cf7955aac1a31d8745070abed4c517f7f0fe60033cfe51ad
+	reseed counter = 1
+EntropyInputReseed = 9bd9a8d798b3eb9ea46f88d2334ad053785f8b1f1f25264b3bd2eb46117bc7c5
+AdditionalInputReseed = 
+** RESEED:
+	V = bc234e3efb735510172b7d321f5939c1205031324aed612b652de8520c78a2c696f6bc3b516f3cc1ed1684d161a696e649259d03f6e8bcf3a0b5829fc83bff187f463a24481b5103c01fb76c02bbd8b23f9bc469ec03e3aba5917c5dcb8f189d3c073988f650bc2cac478416c60d0c
+	C = c2e2d2e8c0e3228ca779f7b0c4aa2276cf6f517eb3e6a73b500f3013102dadd2618d2772fd8477fcfe78e9212c73c68eaf259b610c4c3aa9b0f7af39cae87fb3b4cdf04301d8d1f6a37f91cb10f4e80c6e2017b956073cd33dae6f1e1f22932a1aa01bea0f622abf46a82365018198
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7f062127bc56779cbea574e2e4035c37efbf82b0fed40866b53d18651ca65098f883e3ae4ef3b4beeb8f6df28e1a5e3c0117e5c5a63da9b0d648484a4cb01aacae72e179850bf97584b9e9fa74667c4354b24fd51fd5dde3fcff2a34d74f57689df7fc1dfe39fe1e80d98344f764d6
+	C = c2e2d2e8c0e3228ca779f7b0c4aa2276cf6f517eb3e6a73b500f3013102dadd2618d2772fd8477fcfe78e9212c73c68eaf259b610c4c3aa9b0f7af39cae87fb3b4cdf04301d8d1f6a37f91cb10f4e80c6e2017b956073cd33dae6f1e1f22932a1aa01bea0f622abf46a82365018198
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 21a6b592f770ce29c040d18942794f91eac151cc7767e7819f7f9804b073b365142905f86e384f7a7282af9c92da5ed27302ad500b548ded8811d058b45aad6d1cd820235b2618ab2d014faae0dca4f2eeb805ea6578d4872b1e08fc601d7c16a294350d3f4d0711fa24625d92e288a7c587e8a1b756fdbbe1446427573cf93f3177bcd8d52ebb7a21515f3b509218b9bfd0569bdee004f009ca2e83994fcee5c7f3cf3d18ae771441fb7493635881e94dfc89014702ae01da88d255e914da947105be5063d18e9e92fde862488be5014462b561e7bad096f1820931ced8164b501e47073bcbaaed1523ab9c60dcb73f5735634c8d8c3f17e6dec9621e0afaa1
+** GENERATE (SECOND CALL):
+	V = 41e8f4107d399a29661f6c93a8ad7eaebf2ed42fb2baafa2054c48782cd3fe6b5a110b214c782cbbea085713ba8e250ee04abff674c17a0382c4e515c0e78c2c542c6d1715c24a1669680ae4e1bffb39a107fff70e32a625c4b8986185b4ec1f63df4f4a1d4e519b3e04ca8a58e5f1
+	C = c2e2d2e8c0e3228ca779f7b0c4aa2276cf6f517eb3e6a73b500f3013102dadd2618d2772fd8477fcfe78e9212c73c68eaf259b610c4c3aa9b0f7af39cae87fb3b4cdf04301d8d1f6a37f91cb10f4e80c6e2017b956073cd33dae6f1e1f22932a1aa01bea0f622abf46a82365018198
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 1229665b53001e84d143fdf582a6b4de5066ccecad43fe6926f01c28ea58fab4
+Nonce = ad50fbf406c66c92f2928d81c3ede175
+PersonalizationString = 13ec27d912bc09be1be65b66f8e229948f29507a51a3ec20c0c6ebf093968db8
+** INSTANTIATE:
+	V = 7c17f3faae79bb962bf37abecb584e7e3422f3d79ba5e677293c66e384631dd71fcd31c075ae51df4c87ee65a5b031171b181b76fb5254f8bc60d03e246b686b0dedb4a803e58cdc606f89d823a3732d2bc2b830b49a7cfd26109c3b0534797310b3d67b2e1cd1926fab8b99a147aa
+	C = 98dbd035134b94773f403d88141beb088aed28c5936c7244d566adb014daa6e80eae4a43f9b5606a69547405c4a2f8898ce2784ed9e1176e8a2db5cc115a66d5ba08ea938d096fa842233fa889a0bba5bbe6833c6dda180e6d45b6b063a8f3b0a9de53501f2cb4308402c1a51958fc
+	reseed counter = 1
+EntropyInputReseed = 453de799acd9ff543a26474e73103bcc8546aa34d18c800ee7f73af3ca6f796a
+AdditionalInputReseed = 
+** RESEED:
+	V = 866535cbe85c4275c92df28dfd7ee67a333460baaed7e81f82bb6e667434c0bf350d9e947d37d24d1cdcd9654a31a7e94ef6b92b0fe68fec7b009623fec177cff0c7804ef0de9cb8dac3665152500e423e2faa4320bbebbcaeb20545369f77fbc80ce74929b1f7d61cc0a7cf18668a
+	C = 405092ab1c7169dcfb2e7a9d74410e7e865393e3767c1a815e8578d527dbbc4bed2846053933a95ee2cd42a4670866745eb5bde9499b2d56a709cce58939fc265aefcdb5c5b04570755d2b04159c8c02913db08f296463346da1552cdcfe00bcaaef81ce7b5da4be81ed67f7223c57
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c6b5c87704cdac52c45c6d2b71bff4f8b987f49e255402a0e140e73b9c107d0b2235e499b66b7babffaa1c09b13a0eddab7de19b491a89b8dd9950abcdb86c6285cf795d69135a1cbb86895272fa3c8552124e8cf879ac094fa6fad1313c0822acb5e3a16e567662ac7a941c7d3a40
+	C = 405092ab1c7169dcfb2e7a9d74410e7e865393e3767c1a815e8578d527dbbc4bed2846053933a95ee2cd42a4670866745eb5bde9499b2d56a709cce58939fc265aefcdb5c5b04570755d2b04159c8c02913db08f296463346da1552cdcfe00bcaaef81ce7b5da4be81ed67f7223c57
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ee57d24d2a2ecf7eb3246e75539ccdfe809cf3bd1d5d9e935dc8cb46b9818a6cd0359f5ce466440f3e865ad91154d141547646206dab6345892c2f14c577c9131a095e022075d4bf023104c0f472a7657ab2e7dbcd285e898c8ffde5a33b3c1bdf94c647e02875856b55f194acc0de90b0a0842c8360264c5ddddd04817c94fc4f8ffc0b09264210cd2e541a5bc9b9575898d62d98127faabe614c6d12cf535e2c124efc260999acf311b4610e2b09dd281ddb85e4df8ca14b9b38437be6ed10bf966bfad8973d343744a21c2d72ec10082cff86ceccfe83161b93082f8789de90312bc1956d8832c31cd66c81e8a31858764c95d671fc0485a10ddec694da44
+** GENERATE (SECOND CALL):
+	V = 07065b22213f162fbf8ae7c8e60103773fdb88819bd01d223fc66010c3ec39570f5e2a9eef9f250ae2775eae1842761b90d263c724dcca4303c1b2eeeba31e959e5b2854872d22726ea8d57b5eec77db5092020ba8d773765141aecd9363a80427d274f743e1e325e01dad773d1672
+	C = 405092ab1c7169dcfb2e7a9d74410e7e865393e3767c1a815e8578d527dbbc4bed2846053933a95ee2cd42a4670866745eb5bde9499b2d56a709cce58939fc265aefcdb5c5b04570755d2b04159c8c02913db08f296463346da1552cdcfe00bcaaef81ce7b5da4be81ed67f7223c57
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d02812b2142bed67c8847793dcdf72e69d0d83fb0f7adb7eaa97ad81aea9f4d7
+Nonce = 5d2785cfe101031b2b0c813cbf74976d
+PersonalizationString = 4f7b05cdbfd0ecae00aa0983e6ccfd1e1a78c974e63190644bf94d7721792c60
+** INSTANTIATE:
+	V = 351a09d24a12bb03ccb45452d5870a253f2dc6e449a9965cc9ad205014b3c1e462eaad633fbb2a9752d8cbac697fb4da7c9862f1594303f8fa1d389c0b80820ab4c05e8a32c5fcf48bc22fa137cd92d47fc09733438671d612f2e3b739004048a178c30774351db7e0b0182c6d1664
+	C = 35e363215f3ffd4480d4f5fb351e688ec88df6494430d36efcaf3e4a5d4b038a64cd3205bb9e2c8f399739fd8bd69c060cc2e80cb8a804404d943e17465e13975536b5eec5efa08761f699cebcebab0a9f49aba318866d3f65c196e288e3f2850ef7802012693943056302257c5072
+	reseed counter = 1
+EntropyInputReseed = fa8af7946c71955860939942d659e78f341995c0214189ac04339a8b68634d59
+AdditionalInputReseed = 
+** RESEED:
+	V = 8792bdc55cb5354065cd781ec46e4612673300ed6eaece10f02ab0685f351d5f8c0ab6f57153c3005903cd6abd04e8cb8fba33b143939a8f88c20383a6df0e8a2bc5d2085980f4286d278016eaeaf4438221ce3337381a3b953ed75a750a3f3d1439fbb6ddc9d39736fa4dd0632b32
+	C = 92e205b66ca2663e7b6f8ad7c56c3bba49f2bb2b86f41682cf322a967fae6bae9e27c98fe1235a1ed0d93507f260d8d22ab8c5af5670cf617432f83f61b98b0cd39476abafe4142b9c78896bc63eaf15c6f1e69c973d43c20669eeacd127df540f1a86867d234fb4479898da430a09
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1a74c37bc9579b7ee13d02f689da81ccb125bc18f5a2e493bf5cdafedee3890e2a32808552771d1f29dd0272af65c22dec0a629f23a6aa0c7433c77b5617df8e2197049dd557c77fd9f4b23b3b6a14bdfa5043791824d406344e15a88826ac35f8a01868e7b016aacbf836b32a8a6f
+	C = 92e205b66ca2663e7b6f8ad7c56c3bba49f2bb2b86f41682cf322a967fae6bae9e27c98fe1235a1ed0d93507f260d8d22ab8c5af5670cf617432f83f61b98b0cd39476abafe4142b9c78896bc63eaf15c6f1e69c973d43c20669eeacd127df540f1a86867d234fb4479898da430a09
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f16d3374fd78d22efdd042bb852f7440e5c05d46dec8bd73a72ac7646c169fdf37fd5b105b0a2b172173f17c2d53132f8ff328553e849f821252d7f18f4e65b132b07b69ec99984f1a7649dcc053ab377d74bdc6d995f2e8671b0147895651a10aaea6e57a73c817098f98ca9b8935d452fe5e16747b71cc49b9eed9e7c9a41effcc031df306db04b8aa7bdd048f933f2a8461fe637d35e5c30331b8faa768820a467aff0d9a7f8b23acb5b990906ace46b2e8ce0b9a8d53cf0079b8c927ceb93413cf01d4321db93bebf04c750b59fb4868a9c3bfe128c43459f9ca7980ad38b2f038f9f4e502642d2e73283eea76632cb7636b95128c14d4e75128c6464bbf
+** GENERATE (SECOND CALL):
+	V = ad56c93235fa01bd5cac8dce4f46bd86fb1877447c96fb168e8f05955e91f4bcc85a4a15339a773dfab6377aa1c69be1f0fc870a36a7713ed277b30af962c72ee54e94b9edb6b5bfb4b25954916c42ab843a70914df0eb6d775a35bf6f8e33ab8c9dc788a0271b8e69347f87b54f37
+	C = 92e205b66ca2663e7b6f8ad7c56c3bba49f2bb2b86f41682cf322a967fae6bae9e27c98fe1235a1ed0d93507f260d8d22ab8c5af5670cf617432f83f61b98b0cd39476abafe4142b9c78896bc63eaf15c6f1e69c973d43c20669eeacd127df540f1a86867d234fb4479898da430a09
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = d62cc8a565562feba75d65cd12f1a15db500c2ce0c91254c41f216fd208480bd
+Nonce = 8d7ba0d23ee2fe8fe49da92b5671e958
+PersonalizationString = e129010193d8db2ca355cf344be6058993e80d151e01d0f909fae5ba7f60052b
+** INSTANTIATE:
+	V = 2211e2fbe80ce870278176b0b725a9e64d14ce2dee1df7c3229a9db0d950a049a560b24f3e660f39cde1f4855eaf3833ca6b6cd051a8875a60c8e278c542e26cb3af11ac9f37be961f7f909c3a29d7e5ea8794ba94f4d553cf234d8f363998f095457ec07295a89407417e46931248
+	C = e582bf66da672a6a08d15b41eca27de045fce65c4807bcb072b267c95c1d72dba367a7870414f53464129d1abba07d8a69c459cf71e5e0ce5cf2eb9ee7329edb1ca282717ec0bbaebe038a128028cb9e5ca0f4e2f6effc2bc5e2f7fc688f810cfca06fce18bdace0cbf6c4f408fb42
+	reseed counter = 1
+EntropyInputReseed = c20911f6bd2f5d2ba6d1a7cd7c90ade152a2fb9158eb6e666e73acaca355e65e
+AdditionalInputReseed = 
+** RESEED:
+	V = d0176147156337f30ae5562c8cf294f33ee994d44b35d2ba4bb413de1c734755ad11611664ab32eca40b94ca832d2e5a2f2ae6efe430bafa642992c287b3aa5e83cbf59da6970a4b64c5f45255ae8aea3b36568ae6cc113d155615bc496823a83e761c62f574ed1e7fbc7025aab1c0
+	C = 04355ffd84b3e92f09977acdf827c9ce72f6636c0a24fc29a40998402edb6fee62d59e4c29b4aec9cf0a6be455e4d88c2b2f496e70282ab67dceaa383216b03dcf273fe62cc7856e066a67d2f8a61501c5d7957490a931443eb0cbfdf9b91ad8be1991b2a92a2f5162646c4e687559
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d44cc1449a172122147cd0fa851a5ec1b1dff840555acee3efbdac1e4b4eb7440fe6ff628e5fe1b6731600aed91207856fa73de2a1ee8590000e9d4cbd36f9281ac468485e8dfcb92543c4ca5eff92dd417dae8ea937f5cee71b66ba66d907553cb47943306029bc216a12b9be9bee
+	C = 04355ffd84b3e92f09977acdf827c9ce72f6636c0a24fc29a40998402edb6fee62d59e4c29b4aec9cf0a6be455e4d88c2b2f496e70282ab67dceaa383216b03dcf273fe62cc7856e066a67d2f8a61501c5d7957490a931443eb0cbfdf9b91ad8be1991b2a92a2f5162646c4e687559
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 16bb2b05f8670e5cb27f8476d71a875b1bdf67a73c3559c95f75632c696d96b350b16e9dd9ffeb63773b6e609c087fb44d9f0f9af26f3cf9d6887cefc3c9826dc3e09ddd5f43b2838f71265cf003fa6ae0d9a95c3347cb9e23aa473bfad094ee4228fcdc3fb58dcc96f6fdc78282d51d5e0616bdceae214d9197fe5c06f0ef21dfb6836ac5876f16162f943697662152ddf25c99a7a685f88fbdd3342538a72ff7c25ab20cb28c1f2213a8a479efbf2f3fb6df025a522bcdaac5d1d31a605265dce146677448d608bae4e1b1eb3a731b23648705bbe844d01f4603c940a54ec7122469e7a97c9e743b2a8c1a29cb3cb9cc2b0d6ef8b44c9d6a3728fbe2ed31ba
+** GENERATE (SECOND CALL):
+	V = d88221421ecb0a511e144bc87d42289024d65bac5f7fcb0d93c7445e7a2a273272bc9daeb814908042206c932ef6e099a7d45da06ecb022bdb7ca9d12d70431ac770839048a37d1313dbd1830a2302d29b6728bbf46cdea74f139e99a15a0860b86c4c4fd7fc1d2926cf4e30b0aeb1
+	C = 04355ffd84b3e92f09977acdf827c9ce72f6636c0a24fc29a40998402edb6fee62d59e4c29b4aec9cf0a6be455e4d88c2b2f496e70282ab67dceaa383216b03dcf273fe62cc7856e066a67d2f8a61501c5d7957490a931443eb0cbfdf9b91ad8be1991b2a92a2f5162646c4e687559
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 8f5bed7d928b943dd2029c9454ee9b1b5659f6960babe79a2ab2c02f8571ebcc
+Nonce = 35b0cb8ee6a671591985695b793f6920
+PersonalizationString = 4c04ffde760da76cde9545dafc306b7661caf29cd383610105bc6ac6e6fe3d30
+** INSTANTIATE:
+	V = 25b531220a38b22acfe965270c5de87387a00d2065ccf6ff11cf916480d3c07bf01037878613b87799192afafbe7af817bcaaab5284a9cc803c810ec287180522397dbdae596223c51d9cf6046be3ff56241a48a31866f8be4f72ef6a3057597d72f85838c41da2f5f8f5933cad273
+	C = 2653af59ff315cdd1a8a4015e761ef86191d6231b5116362bc998de3a8d8100e0cf914c6b94edde0ae9118b9de68824a8f3d0897394f1e1cc9ed10ca26e47bcb73515c3800d630b60cc2575b5d5eb275d6711085cb716fb2e8fbd14673b26217e8624eeb14589f607fb88f1ab39c95
+	reseed counter = 1
+EntropyInputReseed = 09a54486029938d60ea76c8aa3f739a1221a35949fcd750a303d0c24e1fcba23
+AdditionalInputReseed = 
+** RESEED:
+	V = 74458cf585f93deaa26a7a756535f0d90a6a232bb26f08d3ca3ec012bf42ae78bb53da4f9fec540f091d4d95ac10dad4d5e214320c94c4d10f92e4bd5e37e433db9123e46c672889f30579d6122c661c0174046eb1a8d7dd63ceabdc7bb33db008a01b34c051cd90cfff03e3f9ca8b
+	C = c2b19fea9ded0850eea9a1926d91d3a7ad0bb8d63d9349c6bd008b04dd70a89816e9bd2313e4a5e2bc4d24a2686d54c49d4f38dd383b28ac75166821a7ef32f5066356b3916ead94b9f52606c574498ee55dd457834f3a994318e720efa93718d3c586e6322b70f71faa183339ab8f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 36f72ce023e6463b91141c07d2c7c480b775dc01f002529a873f4b179cb35710d23d9772b3d0f9f1c56a7238147e3045d747e30da88ac52cdcc9d5998e5f481a2bcd4bd2f9f8bad08269857e3d69cdadbc9f29c5967dabd14c5dc341cfc254d89f7376207b5dbce1e8410340707f13
+	C = c2b19fea9ded0850eea9a1926d91d3a7ad0bb8d63d9349c6bd008b04dd70a89816e9bd2313e4a5e2bc4d24a2686d54c49d4f38dd383b28ac75166821a7ef32f5066356b3916ead94b9f52606c574498ee55dd457834f3a994318e720efa93718d3c586e6322b70f71faa183339ab8f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9d2911c56e34c9ff1bd40865a0302e1fd00ab3722adec18c9f705ea873415ca70df59bb8ad4b13c3a9fb94893699e6051f868ecf3f093053e7bcee940809832dc676978e7800f04c781dbf8fd7567a6d20aa5dc3b9c62b355c2f35331606df8b8ddcd521016f725fc63df0563550f66cdf684ab55fb8ad39ac35c8de3990ef673fc0b142892ade4fcec0fe50302daa9d725d787446664845bf30b33c08cc31e9bbf52b441957961948307a2adae5c96fa0c239bdf70dbc3c67956e8b0db1887acb85b3887335fd381eae362f6416d7f6e3b944041f9f118b1427ec69ce440a068dca95504fff7cd58e65d312a7ed44c7f44373d2694fe670b44378eb0452900b
+** GENERATE (SECOND CALL):
+	V = f9a8cccac1d34e8c7fbdbd9a40599828648194d82d959c61443fd61c7a23ffa8e9275495c7b59fd481b796da7ceb8594e5de31a19f83f797059fd65a00149a18dcbf9840ecd4b05c65062dd66b76fa2b710d4d68a770d37aee95d6e6891c1fd3558f0e5541560d4f7b56460032e657
+	C = c2b19fea9ded0850eea9a1926d91d3a7ad0bb8d63d9349c6bd008b04dd70a89816e9bd2313e4a5e2bc4d24a2686d54c49d4f38dd383b28ac75166821a7ef32f5066356b3916ead94b9f52606c574498ee55dd457834f3a994318e720efa93718d3c586e6322b70f71faa183339ab8f
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 15083d7474e3ec14743fbe9905477183bfbdde41b3132b9d55f3b361cb4eed6a
+Nonce = 1f1d909266390e34bcc4c5fc8b9bc0bd
+PersonalizationString = fd8e67539dd6f68c2f16abacd0ffbd1782323a4f110259956998125e09831d08
+** INSTANTIATE:
+	V = 570f1ff94a14517f7c65ab2d0bf4c2e44323fb1205637a8688468cee8072ba83582230d4c426b8c4081d0899a771bff56e08388069306a91b8d3d7450dbf621665a5a425325d4c2ce54f09caedbcf6b9d8a0c5917576b66001031c705cadae22728df7b359169e9e04a4e9f66be24c
+	C = 0d68c0870d6f455d0e3e0661e3b65167f2a93370951ae1eca6bf26ea2f41244d92c2fc77793b03f7fad0dd723116914409d60909b60ada6ac61d746a9ecac8f7ea4a1df8fe9396c9968f1dd7b4e2174b28eb1195533866676c9899bef8546747fe4f129de3e70ba255a7871c308d76
+	reseed counter = 1
+EntropyInputReseed = 54d03cde16ccc69e75d59661705c3618e54e65638ccc1a1aea668404487cdb51
+AdditionalInputReseed = 
+** RESEED:
+	V = 308f676548726299324ccfbb95005e96d7a22c36282bbb8f13eb45c990bfd922ab310eb804b5d67d8474f5536e1d5555cc0f8ebe6eb2d42ed4b8c82aa96dd775cfde09df0533b05e0e1288bc014009504ff7dbae93a9aa75499d08d0b6c54bfc6db5d1b8fb3d2322f715c75c3ac674
+	C = 7ffc58cea4251a8b5d87bd38bf23d8025adfa3d73288898aa52b052780dd38c08a843d9237dbe2d1b529dab03432086f8ba5337aebbf33df52fd1a86d8eb5a8ad99a366457213bdd6bcc465b9e204dcfd3733c3a85eca3ffab1dc885b672e4bd4ef70d1dba1e53a960754c23280fb7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b08bc033ec977d248fd48cf4542436993281d00d5ab44519b9164af1119d11e335b54c4a3c91b94f399ed003a24f5e003d45a85015314b3009034228cce4877ec7d71e415c7e09ef0c8264607c7a3646ddc2402ca59bce4baa976689dcba66a0550f3242510a73ddab47200b7b40a2
+	C = 7ffc58cea4251a8b5d87bd38bf23d8025adfa3d73288898aa52b052780dd38c08a843d9237dbe2d1b529dab03432086f8ba5337aebbf33df52fd1a86d8eb5a8ad99a366457213bdd6bcc465b9e204dcfd3733c3a85eca3ffab1dc885b672e4bd4ef70d1dba1e53a960754c23280fb7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6c471cc952ace783f6edff124ef73589ce7a074cd20e704bd84cd7506fb80e7c2ec5babf13322c53c53eb299685458f574a2da6e1152edb92497fbeb4eb7cb966619324185b379eaa886321e6c6dadd24087f5211a1bbfb3b18ccfc35f64b5bdc93fde681c11eb9033a093b04281964ccc0f76e1d2f345fa7dd315c3f84d121d644327292d2fdc7fa5fa8552d62853c6edfc23cc55ca77604000a83aa370e64ec3a7b6d1f3e59c8e99bb8c7a3094cfcca9ac740843026cc84cd8663e746aad95b0dc966106b96508687ab45a62f2257c4c2b59f4c9b21360c67f7191805e6c33e77b5f47af951455e62106d05e3b7f4e8a5d5a440d7bbb29103bbb7a005a8f09
+** GENERATE (SECOND CALL):
+	V = 3088190290bc97afed5c4a2d13480e9b8d6173e48d3ccea45e415018927a4aa3c03989dc746d9c20eec8aab3d68166c72d29bbeb54adcb75fde8b691481b0cb2b2391faf1ecb7c8b972e82ae331c0ecd42356dd4ca4018924603401288258e923dffc5d60d1fa93c6b5bceb763a686
+	C = 7ffc58cea4251a8b5d87bd38bf23d8025adfa3d73288898aa52b052780dd38c08a843d9237dbe2d1b529dab03432086f8ba5337aebbf33df52fd1a86d8eb5a8ad99a366457213bdd6bcc465b9e204dcfd3733c3a85eca3ffab1dc885b672e4bd4ef70d1dba1e53a960754c23280fb7
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 07900b5a3957219f53632dcc05055b2699c2099d9981c76740361a4cd9179ba8
+Nonce = c0317e5ca360f389bbffd2b2fd4aab5a
+PersonalizationString = 4518d8eddadecc173c7b4306319a44887dd3c328eb5ea596d68ea19d97ddbf06
+** INSTANTIATE:
+	V = e21c47cd2b885ce8775a7b2c7e8e95bd1a475caa0ca54c64d19442fb01e803d6bab9a9171f3e23dfb2029d4218524bf97a60780dd91e8a93898e4606c514cb798b15b8587cc3819c474b4a47469e7ee7da5549c87fd527e782bec82166cb47c858d0d40afe4d87eecaf220f8fe8b6b
+	C = 853afb66f86d7f52d860c81ced29a50c277263e1a966ca6b3cb144c791650300bd3f4e895fd4e44ecfbfb17da5229f39be7ae43d1c77c509fc169f21d4bb07c5a0cf7dcc4666e1099a10a1b64f9f3a99f9cb6387ba92672030d9fd79e93e3defafa28c54296e746a592b1408a61069
+	reseed counter = 1
+EntropyInputReseed = 7615323915e6e206f1cdd6ce8b5008b94cf35cf5f83ebc7968ac83fbc3cd47c1
+AdditionalInputReseed = 
+** RESEED:
+	V = f72ef49095918950bf2e99a8c26a7ab0ea634e504fe66474f4b1a1a9d5bee3c9043616ebe9fbd937a183491449357c5b63fc0857128e788e0a65eb113d908cf4952b8239c9a7da1b38ac464d74f958a3ce411d24e3d61641d9e8e133590e38c393eb32167da9450db3908c14c387db
+	C = b518755b29bc649693905e09f3639083f12f0a8fe40fd1527bffb92dc8d8271d580fef4bdebda60926e99514aa63ba5e619837281f330d08749ec9b3154326105f7b0b4e1b254aa3fbdff9d05debe2ac92aa30ccdc0709f38d0324edce71f56a31a24808e37d0b511cad684f34cefc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ac4769ebbf4dede752bef7b2b5ce0b34db9258e033f635c770b15ad79e970ae65c460637c8b97f40c86cde28f39936ed872ebd4b7142f073d6847d99f5265ee6b8378a894162785f100045903e698c6d82bf8955339354dad05fd6fef5a6875514c748981128208a0a642a49ae624d
+	C = b518755b29bc649693905e09f3639083f12f0a8fe40fd1527bffb92dc8d8271d580fef4bdebda60926e99514aa63ba5e619837281f330d08749ec9b3154326105f7b0b4e1b254aa3fbdff9d05debe2ac92aa30ccdc0709f38d0324edce71f56a31a24808e37d0b511cad684f34cefc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 172fb0ddb26f98023464c35e0c381b6285abf6282b6e296974cd83dcf26f0cfbe558e0ae8b86b91019cfd140e97aefe9e0f6e467332cc3d92c0a7a31f1685fc9ccdc0f2e5a26350964419de38454f45d81cead79c8d93aece61a2805a4582070029a97c1c2f03b104daee9bacb1775d240e414742ce2b82172089a644396558b3c584f2cac00d03e8e04ad38ebf8ba7ad6de9aa376ee64e8276a900ceac6103fd50f520e304b5365f4c536d8576dc426d5263670ac0e199dbecbb01843bbce981922ba29d2756aa0f37b31b4bda76fa5ec7d2aeb9e564eb3a654030495487b08def499c0db73f72803f0f51540ae724d7b6b44ebb31c6351d09b9b4cd36e5d6e
+** GENERATE (SECOND CALL):
+	V = 615fdf46e90a527de64f55bca9319bb8ccc1637018060719ecb11405676f3203b455f583a7772549ef56733d9dfcf1abf72fdd266734354441c6498a9f4b2027e26af457d4d4549aefe25e0f4d0be4c1487d93c255c3b72976449bfca34137491239f4b9e8384e55dcd9c86067f3c7
+	C = b518755b29bc649693905e09f3639083f12f0a8fe40fd1527bffb92dc8d8271d580fef4bdebda60926e99514aa63ba5e619837281f330d08749ec9b3154326105f7b0b4e1b254aa3fbdff9d05debe2ac92aa30ccdc0709f38d0324edce71f56a31a24808e37d0b511cad684f34cefc
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 3a35e59d1d8e98114b2397a54c5fed5533e6f4fb34b796f22c98a8d08789521e
+Nonce = a644e52caf295a8de446338a4bf1b611
+PersonalizationString = 9b508d12d2bdec895e3500fc983d1964ea16dedbd749ca78b89cfab4bc7af303
+** INSTANTIATE:
+	V = b541ea51a6a58a95f5c003c4ad3cd15c0db74cc4d3cfad1177980124d013c2a088a3c72f63a448c143209078c50a0c393934d1667e9aacac0e572b9019ab428a6d7dae778a798e040f34b5399ef44feae0209f07b60c01ba48808d47b12021c220f3f6118ad48a4adc33951dd37a45
+	C = 23b9cfb3a3150a14a41fa49f85aa9f22decc278d1676d7894896c097fddbe5be18c4b747843a939f2320118b47e30113e8235011fe7ded0b3bc162959756b50cd711598ef8053dae11a064874efdc37e82354142699d23e2a811ac5a3a471c3030c4a04b447de9a0fb20b1ec1fef3f
+	reseed counter = 1
+EntropyInputReseed = e6bf18d9b1aaf6e1a656ea4590dec605ee2b67ab3e0e178a161cdefe3bb02c8e
+AdditionalInputReseed = 
+** RESEED:
+	V = db3276209b310fff785ab65c488ec34db7ae2c43b4da5d6fdd2d3168cc41c93462fdf1b361e55cb19712de588029189bbe6667d8a576e187f91e0e27bea48664c6e255195c1d0389157c11666d02fff59819e84897db95754b185c841e0db537117346b5ba88567330eefad1eeeb35
+	C = 18c49ae600b3611a7a22b693658befca57058f82ebfcad83df866d22ebf8db6d5137c2561ac0730650c6e50a2e00fd3632a3894d1ed5efad70ed91c6df4c2bb6521b044f2e142d17610098ed55c5be02537f5dd515db0c855bf5c2ea83e2e76f406b86df0aeec6e8fc2d85924ad0fa
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f3f711069be47119f27d6cefae1ab3180eb3bbc6a0d70af3bcb39e8bb83aa4a1b435b4097ca5cfb7e7d9c362ae2a162cfa34ccdd79228fdff9149a934a74f90b6ca546e48fcd2d40be2b415de275c3fab35f1c3158f09638c5a627ca887a8b180a79ec8e1645b27865f786f548f408
+	C = 18c49ae600b3611a7a22b693658befca57058f82ebfcad83df866d22ebf8db6d5137c2561ac0730650c6e50a2e00fd3632a3894d1ed5efad70ed91c6df4c2bb6521b044f2e142d17610098ed55c5be02537f5dd515db0c855bf5c2ea83e2e76f406b86df0aeec6e8fc2d85924ad0fa
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = db304d406e540421c9b874f6dd8a3869ba9a7dc1cbec2959cd393e6ca46217637f35935a1019186b905f3af88414a522bc0682f45cb861714a2379beda2741ca6d4ff8014f8b8c2ea8b1aab79b3a2a04c4db6c41e7fcf3cac5148a9a6e3b0cb9272ded6b77aeed42e09a02e689b2f36f3385fc32e053ef2c45b6fb01d70f8285d19a3f516653924baaf8e8725150d23bb3ee37b992b597a836605a598c4d296a2f630cd30547324224fae08119ee0b8a94528929f766a0966de0a8ca28202b1ddfa0c177624f64108060b7899d3c611d1dfc7ac2980aff688317a94c97a9b94ae75bf594954ef91fb68438dc9e21f457a4965ad93c252772cc31e4794b73ab56
+** GENERATE (SECOND CALL):
+	V = 0cbbabec9c97d2346ca0238313a6a2e265b94b498cd3b8779c3a0baea433800f056d765f976642be38a0a86cdc2b143d2c94767818343a2c3779fe02c5c39b8366aa5bdafa2a62f5c952105599ef50defba0dfa47bf20349d960f67d221ed94f58cba8d4f8d6d51ae5cad25868e3ae
+	C = 18c49ae600b3611a7a22b693658befca57058f82ebfcad83df866d22ebf8db6d5137c2561ac0730650c6e50a2e00fd3632a3894d1ed5efad70ed91c6df4c2bb6521b044f2e142d17610098ed55c5be02537f5dd515db0c855bf5c2ea83e2e76f406b86df0aeec6e8fc2d85924ad0fa
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 5ac87bc0562000bcb05f5555d2b1247233c75addb0a79f03f575f956e0ca34df
+Nonce = 6bcd45ebca437341d1641d3effd9292c
+PersonalizationString = 918856eb731af4af6020078ba239d371b73afd7adc0befd194c42c448c6d5ee2
+** INSTANTIATE:
+	V = ce02161183bcfca7ee66c70e0d4daa0d8560330635d2736c55994c1c05f01c2da6c7e1460ba9718d3bda67e2584a13e28b36336cc888bf895d114c0eab4ce899126ae585718de0717f89a46e7e522abbd2fb0a033f20cd6c1565cbe39f18c548512cd9fcf9ff11a6f809de6225d029
+	C = 47e9781c1a86f1d8aa4b2480afb8bfcd19b370058dbb02ff756f2dd61d21b8a69bff21d5b55b905774eccde97ee5166d1b77af5b895d3635af5a86b6d6c31b66678d268e64d39b09850cb869dacc2729f7f59fca674ec9531acec8ff4abf8f0bab243a087d00100cfbbc9014181115
+	reseed counter = 1
+EntropyInputReseed = 8df6b7d251dcbed69a557ed52858c4552cc04f91087e573f8ddbc7d952cb53df
+AdditionalInputReseed = 
+** RESEED:
+	V = 4dd2e99bdf6e8d8f7e45d84c4bed4139b3f7b5eaa5a2a776519e41f7c1f0983c8e251550a079774027bef2c382094151e7a8de72019356441e56815754ed947092fd9d091a010dae95c7ad11e6e2ee026c4a4bb3348f9e3881f577ebc1c11e587a622ec08e1f9f7a3e5b0d41a9759d
+	C = 9232b67ad9723ff4c78aea027d7d5195615d28794acac5b3e2b3ad83b888586dced709732738f3804126cfc039fdd3354b33058078b27083777ed1d6a80452aa7dab5ba060b3725c371f75ddb8d068fc3e6cbb12e91abf0460b51e493281bbf38297016fb23759f0a09768d8ced075
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e005a016b8e0cd8445d0c24ec96a92cf1554de63f06d6d2a3451ef7b7a78f0aa5cfc1ec3c7b26ac068e5c283bc07148f60bba1836b0651b722c62cdb43b42aaf986d587e4f44a02d60861ff02190b8bc0f68eb77aca896b82faba9b2f44c4b9a08c9566ac56c87e7b0710eb221a437
+	C = 9232b67ad9723ff4c78aea027d7d5195615d28794acac5b3e2b3ad83b888586dced709732738f3804126cfc039fdd3354b33058078b27083777ed1d6a80452aa7dab5ba060b3725c371f75ddb8d068fc3e6cbb12e91abf0460b51e493281bbf38297016fb23759f0a09768d8ced075
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c9bda7613102f1781c41df615536fc8d8c6ab70f64cd784ed6488b4f38371af6bba1ef976471d1f1e31459ca821f20bc03575869be9cf4466914619d96ed095c2d0c2d31d10e431a8faa1641583f468ea7d300574551b8bc3e494633ef8528bd29227e00546fb7132091f04c6985003db8bbfbbc40c1daa4153f120699c3bfb578da6e89a3e92fdb7d4e118c88e0b9b735bff105a1663f3a5980699d4b9a9c53b69dcea0e26741949a9397e77e91d2ceb93d37537a1c71adcaf1a45de72d70572538a5a9578ce4223061907885d4943a7e431d201e0382352f52a1a0badfeb74d47de174047ad2321fb1d625f3eaf2484274b5efb096a4b44001a58d938dd2ec
+** GENERATE (SECOND CALL):
+	V = 7238569192530d790d5bac5146e7e46476b206dd3b3832de17059cff330149182bd32836eeeb5e40aa0c9243f604e89340301289bf0107115e00cb65057d8c4b5e14a8ffdfe45ccc47c17d59cead61c4187f598ffcbeaac8cb4add0560474062eba8c24078321cbd0d410c3f94757c
+	C = 9232b67ad9723ff4c78aea027d7d5195615d28794acac5b3e2b3ad83b888586dced709732738f3804126cfc039fdd3354b33058078b27083777ed1d6a80452aa7dab5ba060b3725c371f75ddb8d068fc3e6cbb12e91abf0460b51e493281bbf38297016fb23759f0a09768d8ced075
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = ff164d57b5b27cc24cafba6215f6ebb0348ec39330c7672b8d52679cf172641a
+Nonce = bf7646961cc28c8f4ace338318f58b99
+PersonalizationString = 6011d3719289bc8ae516a42a19423300d6cda0c4391f7b5a07d204066b1b8ed3
+** INSTANTIATE:
+	V = 5d6daa6f1051c9c02aa63819470036d9daca38dedd671ba5f1c8de7388ab2d084de1f20d2b66acb317bbea599d98b3ad0186b4fa70485c4db1d7b1053d98baccb9c2a6a8a5c15ee56664dc6f9dea9924ead2177ce9dcc95e373b2eb5848e99edf0f5ccbc2c49c076c78acbc7edfff4
+	C = 7d06d3b9a627c5852c42fd2ad79683da9d18d71430077dac7819e457c8eb5bc50cb4d375921919c5e5223a78de6e2868aa84c0780b537db9f734ecce8affe7a66b3adb9da1b0c8852a074dca505b119a3c05d6667b8be866c82aa76892ea926a6d31f3634b0610625e24f281fdfb61
+	reseed counter = 1
+EntropyInputReseed = 6851cea95885bf7fba374e5e3b4af8a692065fdf00dcd5d8af7ce43cd6833de5
+AdditionalInputReseed = 
+** RESEED:
+	V = adea3e29b2b84d6964eeb6fc8153b2e3d7bf893c11f2774f5780174e285d2b7885efdf429b884f07813e49b7f5d20bfd84770306968f7b81cc45cc23953a02860014c7013570fd5742bb6748e902839d6a155ea118488386e7a487ad4a3cdce1e3d48107f39558ab09be82780393ce
+	C = 0ac5bfd46d46795175de15e207a871253a8e42ab1a827cd0810f2d9810674201b7c4478b91aa004547826bade94d1640e9c7599503aac1b6ade7d8d8a304d504e2a1a351a23c06444ab2903469e4faeb0ac65fcacd6af0f741c6f2cfc28a794387224a4b7dcc9feec8daa7dcd3f519
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b8affdfe1ffec6badaccccde88fc2409124dcbe72c74f41fd88f44e638c46d7a3db426ce2d324f4cc8c0b565df1f22f3e1af99d2ef0d5e578b3f6c5ec97019dd2cc0fbcb8d9cd68b5ec65a2190151852c02a6c9c43fb3e80ba5cd819c326c759647f5d800212e4adee6066761e9371
+	C = 0ac5bfd46d46795175de15e207a871253a8e42ab1a827cd0810f2d9810674201b7c4478b91aa004547826bade94d1640e9c7599503aac1b6ade7d8d8a304d504e2a1a351a23c06444ab2903469e4faeb0ac65fcacd6af0f741c6f2cfc28a794387224a4b7dcc9feec8daa7dcd3f519
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d72a2b0fdc6d69bf7f46aac605996bb434a580065707ec7391b7fc36d5b098e549ef5d0d62cbf8f50951ee3fdfcc8c1b31328640bf0df672c38d85aa7cbec5d8aecf6b8afd4cb621f38aecd6ceefdeda0ea28eda12247d007645c4450ea5ec47409b0b50e8c564aa2a58519cb014491e160d59252d460be23cce57f09b292faba8692b7f2121549a3979404fe097e0829135400fdb789d541f7ef0c9063440aabf39ebd673f38533ee96233414f807789097862b8c4520ab23889c81fd3da5c3f5d88a8ccb4c3a77636da1c95534143f0fd3be2c8b780779e3e1852da98602b0e0a2a7b9183d160badc5c31771aa328a9f89c8ca4ea856f346a97d037b5121fd
+** GENERATE (SECOND CALL):
+	V = c375bdd28d45400c50aae2c090a4952e4cdc0e9246f770f0599e727e492baf7bf5786e59bedc4f9210432113c86c3945ebc6c177e026ca3d12d3ac8e74c4f3d34b954ebedff0f4ec24970b1bf90400eeec069994d3d3b170bb0fb93968a534704b1909433b84f6ab7bbb1325ece464
+	C = 0ac5bfd46d46795175de15e207a871253a8e42ab1a827cd0810f2d9810674201b7c4478b91aa004547826bade94d1640e9c7599503aac1b6ade7d8d8a304d504e2a1a351a23c06444ab2903469e4faeb0ac65fcacd6af0f741c6f2cfc28a794387224a4b7dcc9feec8daa7dcd3f519
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 8c9a93e90760f9e6a92114d907c83a34d99f53ee631d086e40097966f52d6366
+Nonce = f8447defb777a0fb79d985fdac841e7b
+PersonalizationString = 6db51dee5e9072f434fea76007cd303e25a337d4d44e22605dd3fa2b4c8bf783
+** INSTANTIATE:
+	V = cf3f0004439ef8d85e6d1458aa10b39851e85a1458f0d43d9a890093c20e71eec9d4ab5457b91fa0fc3923937d6265acb2b0582449adb664030ad897674e7574413f0efe6c9e19677e12479e58f2e9b4ed8b140400864eac6d04f2743475c620b4ec8afba9a05021c6bcda53a44f59
+	C = 1b4e3d7c5c769a6c01bd94fdf5134561e122363282fd6694536f86e3c2f234e259d9085747df980a3f7105259d840116e0ce436cf2e6be0d9e72743b2c96d46d8f58b831ab5b573dcb673e9553e0c32e4079b6c8cddb33283941bb49a4d8e21cca7bc881627a03ac70bc3011ad980a
+	reseed counter = 1
+EntropyInputReseed = 43709920a57fe7aed106f3406acdde5adba487773989f721642a8db99e4e5000
+AdditionalInputReseed = 
+** RESEED:
+	V = 7cc104b95a44f064d41588c6b68af3df2a2fa745ec41fed0b52dfbd9e0140ab4412f8975e1d2e2d8fc57ae0dc055988acc97f0946489c58d069d4379d88a3f62318031b2fe8056b9d605ee47e7722bb1b5f9a7cef7f2df57ebc88a2d566ff0c3d491db5caa49d03ee79f7ac88e314d
+	C = 25453ce1494e79309d13a02849fc18cb27a9de3a5a19f9a9f70569052789bd0012b592a9e28658644b8ff4c27f6310bdb6f77abf6e320b11da17ebd03f9f0fc5469121aa08815e895eb086f6a2ba867daaed4e6a278f088fb878db8c8aae135e922eea984740c9f02fc9e9da50f22c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a206419aa3936995712928ef00870caa51d98580465bf87aac3364df079dc7b453e51c1fc4593b3d47e7a2d03fb8aa2e329fc78566b0e68ce5335487a51737a5fcc80e374b1fb4eef737fcf055a7c37f270d2dfc51a209081668fce337d688dffaad7025ffdd5bac403c63001702b9
+	C = 25453ce1494e79309d13a02849fc18cb27a9de3a5a19f9a9f70569052789bd0012b592a9e28658644b8ff4c27f6310bdb6f77abf6e320b11da17ebd03f9f0fc5469121aa08815e895eb086f6a2ba867daaed4e6a278f088fb878db8c8aae135e922eea984740c9f02fc9e9da50f22c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1d6a2bc062b99129df19607a41b04ed7ff33c7f5c97715265db40111d28147452ef5c26d9f7d3850de9b9d4719f32c88b16715d2a9cd8013397d77d0140195e2dc3587894a58de923a27d414bff316095a2857ab01169bf5f01fca0d33f39cfcc4b53d1e5802f0af7201c66d294f3ed77f5579ebbe72c522b8294c5fdd902ee2949b94b193fb94c6a62173d42bd04952334e8c09ca027e2fecfd675618940c9f7fc4635bdba3b79b5b3a4c455b1b5e7323bd478770a92540bfa6417163c0ec433291cfabd42c8c2c0439593f762fa971a1813865312fb92105998ed022bda7d14bc68a338d71ae7c68fc8f8114184c233bea98998466b80f9861a2b152b2f7f0
+** GENERATE (SECOND CALL):
+	V = c74b7e7bece1e2c60e3cc9174a832575798363baa075f224a338cde42f2784b4669aaec9a6df93a193779792bf1bbb46ec18fb926c42d2b70e290bc14176d589646b7e73bdfd6c4a79d03e8c428191c9f7229bdc91a835fa8127732ab9bbe4d3fa28897cc1cad21a18462939492abb
+	C = 25453ce1494e79309d13a02849fc18cb27a9de3a5a19f9a9f70569052789bd0012b592a9e28658644b8ff4c27f6310bdb6f77abf6e320b11da17ebd03f9f0fc5469121aa08815e895eb086f6a2ba867daaed4e6a278f088fb878db8c8aae135e922eea984740c9f02fc9e9da50f22c
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = d9541eba8d71d5eb51f9926a7c7f2d265f52d781c86c980d6ecdc9a5d1c65a3f
+Nonce = 8e8e3f7f0d044873d071447b566cf53c
+PersonalizationString = c9aadc0ef01475da0e0ff0cddfa5c3bd93f6c092fdd7920eaed2f4a3430bb35f
+** INSTANTIATE:
+	V = a514152d4fa1dfa6f096505c0cd2d18c96884bf8807545394e085116df6ad1401ad89522c4688069029926f21b676b758a02c68cb907cae23506692e6f9e72f8c1dad56f1e7b17c8202911033abe12a235dee59b09852ee7722a24394ecb5b44a390cd108ac9c2955de08bbf40139a
+	C = f1a706209e0e7ab0215e09ad4f46f1839cd347da4e13a67108736db6d76e33d5335e6a59ad7221bfddeaaa59fc8bc0bbe623348c92f1cecdaabe5a91679039196d4e4e7261f2d632f0aeb015cef7813f033810e7dc185261bde061bb4b2b11d4247b665dc9cda2674fbd5e484758fe
+	reseed counter = 1
+EntropyInputReseed = 463934a1582bf82e55f2a83acabf5f371bf6f88dd528cedd3e35b4779af10b31
+AdditionalInputReseed = 
+** RESEED:
+	V = b97c6f051f2b69160daa13a26bd2b8d85301cd2fa98df0d1e10f4402b85c62795875111d15258f2e46e1cdad3c8440c1e72a50b1882ffcea1a8379aa3b27219892a0aa8db50d44ea5c2dd04aabf1fb0183203e01d9fee7ec37a17df10e34feeeb34f1f9db7b97152f42b9dfc0bcb34
+	C = 8a6390558714b2beca00072a417b3ab7eaabf76e16aff8d9a03441b61a1df055c007f061c811a0634585c9d34f3344276f30945e19261ed74ce4be5d3f9c2cf48c136291f37da72ffce4abb36f8b4ce92904d4576c5955917eef503ef87a04b7fc4d4e2dca7513dd82eae65ac59243
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 43dfff5aa6401bd4d7aa1accad4df3903dadc49dc03de9ab814385b8d27a52cf187d017edd372f918c6797808bb785967abe8a1630c88e644a1f6cf2117c889638197cd723313bf7ffc9fbc7d1bb65e195490e320010aca3daf4eda211b905bc77065f1ba12b91c1b52acc68e4e88a
+	C = 8a6390558714b2beca00072a417b3ab7eaabf76e16aff8d9a03441b61a1df055c007f061c811a0634585c9d34f3344276f30945e19261ed74ce4be5d3f9c2cf48c136291f37da72ffce4abb36f8b4ce92904d4576c5955917eef503ef87a04b7fc4d4e2dca7513dd82eae65ac59243
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0677afb06fc1397cc3dbe53e6ea1b0737fca756bbc976226913b53988a3bc89c83b48e6236a96da1bb963e92053d6f7a26a0b024691f82abe9d9ee92beaee24d319bf58dee095b0f6f833417137165c9529cff7d73abbbe5f3efce8bf721c97b5cf623f4fa80b04e569bced842c3d31621ab5bd3cca141d9046a6483c4351a5f79c3dfcf4fcad19775f0e1916def993efea8f9e6b3566f5d214db369d6edd6db98f989714693b9f5b647c4e048bfae16d985e14ae293a3edfb0a50c7144412b0e73a0daf747690847b96b3b514d2b122ed6dc2e10e6f03c55ede0da06a74acd427bcb413b09c634bcb784f54ff683d11c10dcb3d439a13f36e611f7c5e333939
+** GENERATE (SECOND CALL):
+	V = ce438fb02d54ce93a1aa21f6eec92e482859bc0bd6ede2852177c76eec984324d884f1e0a548cff4d1ed6153daeaca48d4ada3729d63be054b1543b3c603676e141f2a939fe5be0f07532af0fbba4e69581f02edee18cff6bac22ac9bb85bb1b52ed417016bdd18ae2425e4751c94c
+	C = 8a6390558714b2beca00072a417b3ab7eaabf76e16aff8d9a03441b61a1df055c007f061c811a0634585c9d34f3344276f30945e19261ed74ce4be5d3f9c2cf48c136291f37da72ffce4abb36f8b4ce92904d4576c5955917eef503ef87a04b7fc4d4e2dca7513dd82eae65ac59243
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 9b57904c2a49bc902e114b486e1d8f5c0ae3568b2dc27fc24b251a47615fd885
+Nonce = cac57244fd2c991c7367ea9661a45f65
+PersonalizationString = 58908ebef9b5a438583b9a11f6ea03e24e8a54d91838f2d3832fa7f15378e82d
+** INSTANTIATE:
+	V = a6c5dbb9406b7c854e65bfe40f3310a682f79b4f455972470698b231388d534ae88bea06ceba5e55b6cde6e709d45d67bc72ff9cc0929be20ce87b1d2a5b27e7c80e918eb6c39b6bcc82033052141a9e7141c01ab9260ddde6ed98246bd680e1483857d4fe93c17d6e25efd4f86c1f
+	C = 0e119873674fc76781883adb1aebe2ba811a31aa766f5bee1335ac0b509bd385720726bbaa7f4af32cf95b96cd6fd018a87b72a3037332ec495d63dd3f305d961e1158f8a0d316b0d8ad71196c6253e54e61021bf981c1bb2483eba8088874c5507a7330b0c0efefe35d888b30b5ae
+	reseed counter = 1
+EntropyInputReseed = 53e7af068e863aac2921f910c8e924e2840a52ce534daade22ad7fe11edcc968
+AdditionalInputReseed = 
+** RESEED:
+	V = ba788d66e362cad348c9ae60c46a2be575d08da9fc22cd3bf503640d04cfb28901cfde2747ea08c14fb98d96da53603f9da66a428a9f0881ddbbbe5363bfef59800381602793c51228a0148122d86075b8004ef32ca7fae0aff254cd22ce397782cbea0248991190f5ea3f269fa08b
+	C = eef76ed6a410ecc6ded71bc4b8ee1f18f024fd65f1b695b4871b8621832c04a0e90ab7d4873f5708fa6f25409afd019e18a7f99aab91bb4cfe2962c0b722488c2346c1d1858d87be14a97107e5efc492f15da86cbaae179840b4d3729a838b812b16bd31e3ac443af7f89050a63718
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a96ffc3d8773b79a27a0ca257d584afe65f58b0fedd962f07c1eea2e87fbb729eada95fbcf295fca4a28b2d7755062db683382da60d9c8643eda71d53cd988458852ce142024e9b1f6fb471c0940bd4af8c3644f53ac4fbfb3683907b70f978dc6f7b9640b681288a3e618e0b337a6
+	C = eef76ed6a410ecc6ded71bc4b8ee1f18f024fd65f1b695b4871b8621832c04a0e90ab7d4873f5708fa6f25409afd019e18a7f99aab91bb4cfe2962c0b722488c2346c1d1858d87be14a97107e5efc492f15da86cbaae179840b4d3729a838b812b16bd31e3ac443af7f89050a63718
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f97021f2e15776acafc63c5791fdab4f27c1666168ae2c53b309941b03b88e8e848ff2e6f62fdf5a2380d4afac644ebe27b0aa888cb5c5f5c26cae5bf8731c064ff8eac1cb83d696ec5463563d4f1ce1f803efc40a8bf53ddf29f855414f461fb1685004fa19ec58d69d731f27bbcd170a5febeae2a2984b077632e51bf49079bcc5664b159e1c598bdb40ff3f71761d9e05da11f3d9cf4b107e734b06187eaefbb72e7d04e5652b44f98eeea495da863a60d25320078abbd17dde281f93493fb36d083528e86b35336ab3be04720a26570ec667d62dcd53401f1fdca34a820982025dda387526ae4c1f93e11c89d513b625997e6c2969bfb7f1ca5d5e996259
+** GENERATE (SECOND CALL):
+	V = 98676b142b84a4610677e5ea36466a17561a8875df8ff8a5033a70500b27bbcad3e54dd05668b6d34497d818104d6577e9e9f142c1386ba5bef4ba88bc41905edada5dce6be3504ca9510806ad6a7c0e29be955fb3d411dbfe2e7c81a61f4c449c722bf01817286b8ef354102dd3c7
+	C = eef76ed6a410ecc6ded71bc4b8ee1f18f024fd65f1b695b4871b8621832c04a0e90ab7d4873f5708fa6f25409afd019e18a7f99aab91bb4cfe2962c0b722488c2346c1d1858d87be14a97107e5efc492f15da86cbaae179840b4d3729a838b812b16bd31e3ac443af7f89050a63718
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 13af1abe6169ed47a2facb2852716861b84797156ab0fd02a00f84717f084040
+Nonce = 1c983b588b7410942506fc2d53ea68b6
+PersonalizationString = 3774868dd2fb58fdb51536aff9b8e0ab76fc42fec227dea910e69f02861e5f23
+** INSTANTIATE:
+	V = 7ec5beb6f002031575b104eaf4da2b3d7b8bd9e73f3086ed182dd76c9f44f7795796f90b6b2ac7efcbf7049ba24de74266a7c48d593982115d7e1a9d42a5a665c8a1c65d2342aa46d9eb7c6bec7f78f4c7cd5c002b3f030bed5b8db4026ac59c87acc74e6fca73dd803beab3f75876
+	C = 2c2eeac88a950fe2758ff9bbd7eef27fd15c90a0e64afa06fc37fb18a3f6565f681ce7d13d3eec4e6504a2c24770eb05ba74a005087a4c2574d96fe39ace96d4d0150e8935998cf0c2fa675b32c9803134ed27e1a577fdf1a88950a3ceedcc2fcf09173766cdb7b4678ea5fc3dc273
+	reseed counter = 1
+EntropyInputReseed = 7fb27faeba254105689452ad111a163e7c21f43904f4dedd4fe3f9242eeddd2c
+AdditionalInputReseed = 
+** RESEED:
+	V = 7845570759b3f44c0436f8f6fbf8a7715cd387a6c26b083b5082b83804fdd52892c404d319a107a380445a94ea7d5aa75415fc0527455d28b8cd6f1b93c49c87f331f70eb7acea4e6b08a5b951bc8f3d69c6e7b77ca99d49c9f8514b54f4efc1b00e4d67fe60c87c426ec2ff3b4a57
+	C = 3d13c577ce4e6c99996acf55000ed54e519d9e1755ad4462954d5f99e993dc70eefd048ae75b47e52a305f02f8d47094f2b97441bdfff4be0e4d41cad0017d6779ca5d2293cc5bc9d9478f7ad9da7a400e4d7e9296c87e3bdeaab18077e8ad67437273c65d69fcb61e0a8a1463fd52
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b5591c7f280260e59da1c84bfc077cbfae7125be18184c9de5d017d1ee91b19981c1095e00fc4f88aa74b997e351cc360b4f5d29fc69565f6aa2160ba49ddbec694f164d285d7a261ff62eda186924bcb576cef607a18761e403f918f714e2e127964507cea1a09e62d30917f0ad39
+	C = 3d13c577ce4e6c99996acf55000ed54e519d9e1755ad4462954d5f99e993dc70eefd048ae75b47e52a305f02f8d47094f2b97441bdfff4be0e4d41cad0017d6779ca5d2293cc5bc9d9478f7ad9da7a400e4d7e9296c87e3bdeaab18077e8ad67437273c65d69fcb61e0a8a1463fd52
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 797b0aa425016ce3d650148fac0d63a6b26d7ea659d6d0825d39db856db3d47f88621038a3426eaa3fb08409f8c1ca6b3b9eb3cdb0497896e86551237a9c5aebab71926ba0c3103f77d550ea496e1d0e90441882b2efde60f05acb0d8145fce5c049c9edbebb91a07cfaa3dbcae5c6ea2351ef2b708dd4fb8d278076caa968055f1c4874bb10ae99cc522e9386d0b0021b61efc03083f880ca8d0cfedea8d31343ca57d65679f3c9849eba98f5afc7ce4dbd2e88b3c3dc145865f1d9ac3af4dea88859e087c1008b13e36d323878f4dc06cc9a0dd11d2500180ab009b1481a6a176b4e07dfa43f1de1a7dc2290ddfe4342eefae542cbf29aba1131e715dc4adf
+** GENERATE (SECOND CALL):
+	V = f26ce1f6f650cd7f370c97a0fc16520e000ec3d56dc591007b1d776bd8258e0a70be0de8e857976dd4a5189adc263d6648a45d143e3b650c4e56c96cf88392971e655cd3612dcf06c4e0696c8442397bad7df7541828d961276b4ac93644cac9757e8789a125194290c2abe6230be5
+	C = 3d13c577ce4e6c99996acf55000ed54e519d9e1755ad4462954d5f99e993dc70eefd048ae75b47e52a305f02f8d47094f2b97441bdfff4be0e4d41cad0017d6779ca5d2293cc5bc9d9478f7ad9da7a400e4d7e9296c87e3bdeaab18077e8ad67437273c65d69fcb61e0a8a1463fd52
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 4b23595b0a3640cfabb0ec34df6a613308b0448488a5d9ff99da4278e072eb34
+Nonce = 8e696bffd9ca3a71d2e2f05e600c8364
+PersonalizationString = 010ba93ea68a3d4a200e5145859e299c5b5349b7645fb5bbcad687aba7d67313
+** INSTANTIATE:
+	V = b3452cff6361406a99fd8c705c06d9327eb0ea88d3d76272e8d4007537ed8ae3dc0659513df4a5aaee81986bfa3c3dbad14ce20349aaed1629534393358d6d4ccc7eb17fcf9ed6bf9af24f93901ed1fc60afd67e00740d8a9c6f482c26b68e68df931ec054e293acc95ec6a2e6b2d3
+	C = 071f4fa74769c521ef0a3b50be2621c34b7dc99cd336f4c6f6005c181ba97c190033235e8a654d017127d7f1dbd0da58fc3c4b017718f9a740d5bf09d2d17f1eb0feb1bb7e961b88d6c599e5afbb160862a99785b1b30e17adac5441859207b5ca6d05313fc7f7f16a5705fbd42eea
+	reseed counter = 1
+EntropyInputReseed = 04de4babdbe143bde99aa4452f9aa43b0a164eb927555c0496aa0fc9328a521c
+AdditionalInputReseed = 2b0c7c3efb36b71b917a44086d168313675b426b17c5ab3d0eb6af753f6040e0
+** RESEED:
+	V = a1907b79245bc77853f33f1764f8e96602d88fdb35a8839c03f61b847faebf8e9214be6059423c19ae7f1432594c43579f9eafa069fca70814e8363dca409b8c946c35b7c71cc7ea348f0dc8f117db00d9d00d85421866d8c881b74d67d9493c4e99243ffdade2b941e820007399b8
+	C = 60c87876fb34b117c4c17ef61c5c935b62672b9f45d245e9632c819a78f23bc455eecaa242382bf7ac9f5e787d5bccfd2ae04cba9da779cadf789b28bc16d79ae709281e4b4ec539ef9e963101e2a582aeeba9fe034fec5bcbc143026a839715efc560803610667342847f42465470
+	reseed counter = 1
+AdditionalInput = d0b7d1d12ab15d3bba8f4eba07fee0974838962b247be480683b8e3d4a91033a
+** GENERATE (FIRST CALL):
+	V = 0258f3f01f90789018b4be0d81557cc1653fbb7a7b7ac98567229d1ef8a0fb52e80389029b7a68115b1e72aad6a8113a8150fbf7335f228ff7b308824cb293bda4e51106e8625a3cae415b88c7975255c6f4391de4d269dc67f2f4485a2ff58bba3707aae94c1b9b0f5a7eb2d5be3a
+	C = 60c87876fb34b117c4c17ef61c5c935b62672b9f45d245e9632c819a78f23bc455eecaa242382bf7ac9f5e787d5bccfd2ae04cba9da779cadf789b28bc16d79ae709281e4b4ec539ef9e963101e2a582aeeba9fe034fec5bcbc143026a839715efc560803610667342847f42465470
+	reseed counter = 2
+AdditionalInput = 66c78ca12e45bdca003b49cb6440b977dd85b167e7c803890ed1a73666eaa869
+ReturnedBits = 4008cbd8281dc82fd6c368f650ef2609bb771e80c63d478a77fa938248dcbb8b79e54ead0265f6ff1ebfafe4e387c6e27df9f03e4a5225e86a4436e56ebf03b3be2cfbcb49c89c92ec1dfa5ee445dd4f6f64e02a2423a0b18ebd02eec52f5cc21bc3565e796b3ded6552f1b5a574a201c3b11018222806f9618d23d77fd02db879cf87fe24ed7ba11b3b108b559633db1f95c5121b28011aa4dd20399bd4978e1f8b8880c333a47ff1750679bf28d329347b26d347aae90ee562ae8029579cbe0336e066d6b8ba5e0169fec804c30189a4434c1bf8a5b0a249951d3d89554da38ff0751b8b1fef9ae18a0aa2bc477736d199a06f61d400039a4cc03869bb10ca
+** GENERATE (SECOND CALL):
+	V = 63216c671ac529a7dd763d039db2101cc7a6e719c14d0f6eca4f1eb9719337173df253a4ddb2940907bdd1235403deb98e30a0fa2e3e165496ff32db41114e402ae703edb71803b4d8af044fb5c4b8be2e05a93f0d4ba851ede9628670b1d7bd88c1b30237b9d675d8f017b0a0ac11
+	C = 60c87876fb34b117c4c17ef61c5c935b62672b9f45d245e9632c819a78f23bc455eecaa242382bf7ac9f5e787d5bccfd2ae04cba9da779cadf789b28bc16d79ae709281e4b4ec539ef9e963101e2a582aeeba9fe034fec5bcbc143026a839715efc560803610667342847f42465470
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 3094636e4e46170e876a4aa9f9117abbd555908800c00a41416f1c352a4619dd
+Nonce = 254f5523f570de4a5f7bf0e1d936f311
+PersonalizationString = fb566830159428620ba10710047d0bdb5a14b3e253b75db8a8960984c53ac2e6
+** INSTANTIATE:
+	V = 9123ab24679d2687de9340de255b5342ee6f1cd6c8d23b9d2e7b34732d0b42b36ff1cc64a913b3a2ce53346eb40b09d31041b24d5d5b182a683772950b2ebb6e10c278b0d557cbde90536d423c1c73535e129fdf70ba9a720389e3f01c7db56db417b7322dd008cc80014cebee5876
+	C = 70cbb8b118253e761c67ce33c219f1594576ffd8e693d318a494097f4167ce0ba50e479be82a42f33dd98d895ac7b91fb7167268770e308f138f6953d5aed400ea1a01fec31d846c1824b034f6bf78674b94f619892feabd22e347013acd042d3f6a282a9a9d6c55e9c99d28b1f9a6
+	reseed counter = 1
+EntropyInputReseed = 652a47ed38f2a7b4d0648c86bbe0c210c31b673635739bce954b565f95fe7f20
+AdditionalInputReseed = 9c970b82363cd8bd09561cdad2354e9edb62aefe00c35caabd239c2b60224c7e
+** RESEED:
+	V = 757bac8b658e02f5f800709dec218c3463667154476515b1c6f16e99f9020b211552d3b23c82861f9e065e9d6914af27542878c01d1db9037e2f472c7e931fa83953bfc2769e7f555e7bef03d4db2f209d098d9981265d2f1959443dd06cea29a9ff1c3fbfbe2bb577952872249261
+	C = b083f71cf5660960b65a334414d6f8cfe48a746584b573d0f2c191dd518a0b1524dcdd75375ea2f2894aff535f8fdb7777f660b0426436367de55b600a6efba232c6992a614492098097d7e906887ede5f6d56391a23785d84197eda777651e533be9a5e41620225715d19346ad93f
+	reseed counter = 1
+AdditionalInput = 47fc3d52bc6f947eb513b7cb83a81efe28d0a8e90c9ac80dccd7e35a285ac0a6
+** GENERATE (FIRST CALL):
+	V = 25ffa3a85af40c56ae5aa3e200f8850447f0e5b9cc1a8982b9b300774a8c16363a2fb12773e1291227515df0c8a48b4d7a2d4bf2790b006524d160292e84fd791aabe68ab77326ca33b9549d2727d8b7032d4bed733b70aa227f3dace954f08bd7ce513585f8c2eaa29111dc6d2b1a
+	C = b083f71cf5660960b65a334414d6f8cfe48a746584b573d0f2c191dd518a0b1524dcdd75375ea2f2894aff535f8fdb7777f660b0426436367de55b600a6efba232c6992a614492098097d7e906887ede5f6d56391a23785d84197eda777651e533be9a5e41620225715d19346ad93f
+	reseed counter = 2
+AdditionalInput = 706dfd451416e86fe77081c0c920b952e10c1d50c77b90690a9ccc6390dc9d83
+ReturnedBits = 70c84aa12d96bad015c19fdf6ce09bc235d6d84e8a3f180860c903cb5971a4332d2125465812c63414f40690674ea14c5a0d3abe943e47f6fd91ca17b9a38dd990168d86bfe2bee5be88b95d3537e3e3f08aa503e3d2616e4acd380fe1ced1cc5a992d734dc4aae7cea5cf0cc194367fee086e91c0d1f8f196ebcacd467227e1c5b1c88b98b3544ef08b90131fb6255f5620850e4f8a54096bf765284b9441ce2e0d72c562ef6e6a6866d3f91e8b11b08135386c2648a48dcd4354cd42607002c78e5d007cb2971bee64299f996021ecdb012c4db2f67fd0886dac89274b6fd051707ce8d5789014ee6b6f63b0e5e2813631ab71215ce7af4e9e6793cf0c1a33
+** GENERATE (SECOND CALL):
+	V = d6839ac5505a15b764b4d72615cf7dd42c7b5a1f50cffd53ac7492549c16214b5f0c8e9cab3fcc04b09c5d4428346823413e5d481c968ea1a8fd395b03b900e49d76605164ac6a06950891d7de313adaffa5f22ec713fd3e9238abdbe4ee4900f1e522c4ec490d98d30e0693a00f72
+	C = b083f71cf5660960b65a334414d6f8cfe48a746584b573d0f2c191dd518a0b1524dcdd75375ea2f2894aff535f8fdb7777f660b0426436367de55b600a6efba232c6992a614492098097d7e906887ede5f6d56391a23785d84197eda777651e533be9a5e41620225715d19346ad93f
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 3004580efb356c34bbfbc4dfd084443f7d1ae08b26a9f4f92e579f231977afb1
+Nonce = b49da206bd0fe00c08650d3368e22f52
+PersonalizationString = 06c8cabbc543ea6b984cc6ab506feaab4f5091e27d9809c2bee73b592e94735d
+** INSTANTIATE:
+	V = 2055761913d67c6656a361fa523076621501e18a52cbfbae3d7334d1890e6820ef793805eb602bdd6b5348d24d07134b842439615aa312d2408b5f05800968a18725fdae8636e6f723b0537c83d48be007531a714664363b0ac3a6b1b48a590a05714ee9218daab7426dd523e9783c
+	C = 2994abaa6a107ba5a67d772dc09b91fdf5287fbbb41f97ee635eca2a290c15588de6eadab7fd50165b0df3733d5fc8a8772947433d4f55d0162021d23a35086017d961741d917a6c5853e93c7c972b5c383a714fa7fa9a6e567f4d4a65f7708e6b9382bcb722452e9e15998a43cee6
+	reseed counter = 1
+EntropyInputReseed = 6386ea3d07e52e72e50d4895b25077f116b244a6e9a335a9bb118cb76f42aa8b
+AdditionalInputReseed = e589d2c45c4110b45ace4b309eebf3a7acf8e9bdb27cf5bf0f9c0af60ecd5acb
+** RESEED:
+	V = 68bdb2e73352f5a1f267a304497331d599eda71c58884265d8d28452a6a0f3f91fab8e87051835b07d8c0277ab3cd66aeb4a6ea9f4f2cbda2aad8c9547871d2aec639bc73ca68632424422b83d4bc65d7585a7b9463983c51f5548f0cdf903ba521704fc6c25d32420dee9f8792397
+	C = cb414e1525e79fafc58e1116bad8cd3b98955750ca5bb31d2ccd3273d220af5b613fe46befee7953b2863e280a0a9b7445ebee4216aa907fd4f52c5102e2e6ca27858e623d714f48ed42d538500d0e21a87a47873db0c45b6db7f2948b4adbe0371a2affa2885d392b27dda2c68c5a
+	reseed counter = 1
+AdditionalInput = d9dc02809ad14b86af07395a53f5c703c1db33e91a73938bbdedd7a9b1dd598c
+** GENERATE (FIRST CALL):
+	V = 33ff00fc593a9551b7f5b41b044bff113282fe6d22e3f583059fb6c678c1a35480eb72f2f506af043012409fb54772a7d78bd1b54b7164d6f5c24967c90e347b88ab3a03c00e3c300b9ece9dffb154213f168e15daffbfccfdfed8da04dfb8683ee65d56967cdb485506d4ce336df6
+	C = cb414e1525e79fafc58e1116bad8cd3b98955750ca5bb31d2ccd3273d220af5b613fe46befee7953b2863e280a0a9b7445ebee4216aa907fd4f52c5102e2e6ca27858e623d714f48ed42d538500d0e21a87a47873db0c45b6db7f2948b4adbe0371a2affa2885d392b27dda2c68c5a
+	reseed counter = 2
+AdditionalInput = cf414a664965e1b1a4491d7e5415fcbef5ceabaf51a680c8bd7cbd218647b6a9
+ReturnedBits = b2cbf4c81ea6968336dde8ab38d74c4f97f0954e2dd5371a0d86a131ac741799777fec35413871b0a260c24d743a71f57d54da2c68bdfd1d8dbbd54870b61ba318d1c35397550777ee8f827dea4b18ddcd1b69d8b8e9b922cbe5d210a7ff76ae99547fee8e71f484117622ac7dda35e551eb3aceb5d5a014bfc1bdb6ea8f9dddf95405a78df60f9bfb84c2e4c42be678fd00e7592bdeaadbf0b506e171855729a22ad760788c58d898f51f3e853907308482537fe728ff7cd965a446a408937b5a1119c39480184c3c3af39905f8b0991184d663817d55b12da888ac9187857793435c6d12241d6c84096caf2f9e98f9a7d8ada5442c60e03d2a206f7c93758e
+** GENERATE (SECOND CALL):
+	V = ff404f117f2235017d83c531bf24cc4ccb1855bded3fa8a0326ce93a4ae252afe22b575ee4f52857e2987ec7bf520e9863248bf8c6083622931ae8c791113052a79a69827a09bbb6485599305a707dfcf45627b47149a17210f0ea962d24c3e3e0af870a40f9dc93e26a93b5780b30
+	C = cb414e1525e79fafc58e1116bad8cd3b98955750ca5bb31d2ccd3273d220af5b613fe46befee7953b2863e280a0a9b7445ebee4216aa907fd4f52c5102e2e6ca27858e623d714f48ed42d538500d0e21a87a47873db0c45b6db7f2948b4adbe0371a2affa2885d392b27dda2c68c5a
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 72b1128a214af7f52513701cea405065df24abc7016a2952eeef396c1754d1e9
+Nonce = 95c70475f4e216e1706b6a315d81f5f1
+PersonalizationString = 7eedfb6a0058c687a438bb97ff76a5df9e52e9b964592acae28141507fde1f50
+** INSTANTIATE:
+	V = 31b8423f900afe53be2b45a2443484366d74ebf7e1307588686bd0983a249cb3839e55b8c6966711f388894a9ad3c1814d0096f2dd78c8e05be43b71b5acfcc7cee4fd14086800cc479ef873012fb6991a319efd096efb7cd6a69d7ba087f1b3737df99336858f3640fefce7f88f2c
+	C = d1d3ce2b786e6847054f3cb3e900c43f507d2a487c042e70b2bf4f821a51d467d7e1d063267a23355761326fa09345108a279112384fffd55200bb45b480c371bde6a0247b18351d4fcd1b2d0e4be3b816c9739d49faed4d5f9e97139a65bf6e525db6bdad852fc888ee035775df58
+	reseed counter = 1
+EntropyInputReseed = 689232093a273e6bd3132d72cc54b688e5ad735675aaa0aea9a8963ae2e41db9
+AdditionalInputReseed = ffb226551299a0ea05af7be9d08280da57031b693c241ac29b1e1fb899f17f99
+** RESEED:
+	V = 2c2c8ce269c2395db4abfbf429f3226693fc093ab26a629ab97dbd7f859c95f6c90aa3b9679deaeef34dd6242b104eca22196b5c8d65e1cba9d46a1469c7b31a4066fa484eb69db51f198ba443a5c0148311d792c84ba871595069cca260ed88900b557e81469e4eb051b5925b6c59
+	C = 5aa31f3a9d7b7065aa2e2e3674950ca8a30f086bc40ba9dc192b189d5e1725ebf897df400c989ae67ae17ab2d7f49422233b99efa44da3afbb7710bc6e85b0c9aa46ec398182a3981d99a712379ff483796982d1d12dd24a5e8199c9ec0b5e4238bc14656cb2363d7565b004ac170e
+	reseed counter = 1
+AdditionalInput = 5e016b61013dcb5427e675602d49cd2da91c3b27ad427e64bbbca9b9ce04ca8c
+** GENERATE (FIRST CALL):
+	V = 86cfac1d073da9c35eda2a2a9e882f0f370b11a676760c76d2a8d61ce3b3bbe2c1a282f9743685d56e2f50d70304e31cbdd1a696901a6a9f4e3764ef949dc96fd16084d088cb6187953770497eb18f7f334704df0909944e9361e8787b4ded0016731c7427d9bba11f1a3278b41c98
+	C = 5aa31f3a9d7b7065aa2e2e3674950ca8a30f086bc40ba9dc192b189d5e1725ebf897df400c989ae67ae17ab2d7f49422233b99efa44da3afbb7710bc6e85b0c9aa46ec398182a3981d99a712379ff483796982d1d12dd24a5e8199c9ec0b5e4238bc14656cb2363d7565b004ac170e
+	reseed counter = 2
+AdditionalInput = ef940e1f43dc8f5c055eeb9eedcba66f599736d58d4ebb9228481eb1a75ccaef
+ReturnedBits = 0f57f15ab361a5dbb80a20a7607a4ff1ca907a58534fb421071162b2a722565c7189cb44f38fc49a98c2ad9bf73b566b38c89b2582dc47ae50039e263373ded9d4045019b22fb04497eb9ed2beef48cbed4ff4df423b57d40d30339d196fb4136b69e60c2800de72ec353caf91e0984711b9e8e8f19d9f86913e122b54a999b4fdcd5db98f9fe61ce849ba28c9d3947828b39f2bdbae555f6d063b31953f15d348b13e16af78c2c4473676ff5d703ec951753a35c9bf7c715cac5f5ce78a6f5f03dedda19f506a8d83dd7a603d87c405b94a2006093adfd32641f86a14eb8a51695d9b2faecf25d640925b2716572a60e469308695bdcdc7ee2fcf9b845bd243
+** GENERATE (SECOND CALL):
+	V = e172cb57a4b91a2909085861131d3bb7da1a1a123a81b652ebd3eeba41cae1ceba3a623980cf20bbe910cb89daf9779ec19f343729e3a67876bee5b44f2e97fa9a1fe7c11b696812b76db092f68cebf46ada9576c7bb235434e6bb2a8c698e2ebee6efd03a785e3bc364f7c5d01335
+	C = 5aa31f3a9d7b7065aa2e2e3674950ca8a30f086bc40ba9dc192b189d5e1725ebf897df400c989ae67ae17ab2d7f49422233b99efa44da3afbb7710bc6e85b0c9aa46ec398182a3981d99a712379ff483796982d1d12dd24a5e8199c9ec0b5e4238bc14656cb2363d7565b004ac170e
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 4c2a0fcb62ebd773133ee58b4a941742698d18302c4e703b52a106d573e04840
+Nonce = 2cc32d0d5fc5d3862de2ed7de104bd5b
+PersonalizationString = 55f2cf13391195ec493b092e121548b69ea8b614126d588cd19e2b5eff2e08ed
+** INSTANTIATE:
+	V = bc865d7a50529ccddb4a84321ed2a82a0d3d2f9290947b15b9c6964ee0f5003df6eeaab6a965ef39ab1244ea081e726f82b15d66e5a895aa41574cd249fa820306d308b3b1806ab0c2266c70ab1bddfe5bb117ae3c3dbca9c84f668a7a2e58ebba661a50316fda85595dc692a33101
+	C = 5d78d7f4ba840ff32c2d78fe65350e79cf3b23acee7ae0177a8b906a8e1b2f366f3161a9b01a549c3c6cffbc66f6ece6e77f5e6f2f6f98db8514519b8fe13ea7ba010c6851ac9c53e33ab6530a5aabb0b71fe928538e6cc59a2469ab696aea1ce2ae829c89fe4d7b24569348c1a561
+	reseed counter = 1
+EntropyInputReseed = 3761df52de5f0fd0b87a0416c3fcec10888e6bf030b8926cdd0a34a16c9c1c7f
+AdditionalInputReseed = 21323e9f7265f8c73087229c4d607bc67fb6cee24e1e56db6170de973f9440a0
+** RESEED:
+	V = 2e8c56fedfd8565ead4d5d6ad129214a1b385b0cd9bf082fb33e72f972b4f87abd69f6b508852a8fd49f12fcab8859c2f3f9e2c598ad2c7f66f407dc3641dae23552a92f64d9902307f1f00dcadf00001bdba8ea1e324d30175e8449765b77a739d70c1937ed537891155b58ee7ad0
+	C = 7924e044f15c8a8e59714e2c2bf8d3e15f94746227a5ce567f6531f2cebfbe5bd6ec85b4f5bbe2372e19b492af916b4329b75c835f832aa220da38a8fd8f50c3ef12f46761bf63784d9a19a056d7e9923c61f45c90aa2ae530409bb885f6be0a0e487acc2000f4b3125ca35ea832fb
+	reseed counter = 1
+AdditionalInput = 957384d2e2501d2af4ed3c50a55b0cdee08be1d85f04e33fd6198edb216193f2
+** GENERATE (FIRST CALL):
+	V = a7b13743d134e0ed06beab96fd21f52b7acccf6f0164d68632a3a4ec4174b6d694567c69fe410cc702b8c78f5b19c5713febee0f61f627d30a61fbc4ccd6ae8f1d871012aa03797dd6d1e22805b319907c515f1396d1f9329e276a769f837e744c777a866b1dc3ede5c35c87eb232a
+	C = 7924e044f15c8a8e59714e2c2bf8d3e15f94746227a5ce567f6531f2cebfbe5bd6ec85b4f5bbe2372e19b492af916b4329b75c835f832aa220da38a8fd8f50c3ef12f46761bf63784d9a19a056d7e9923c61f45c90aa2ae530409bb885f6be0a0e487acc2000f4b3125ca35ea832fb
+	reseed counter = 2
+AdditionalInput = 7297acd35cd4acca23ed027b95e261cd1a73d5d5a4e56f8d2e704ab83ba5e8ce
+ReturnedBits = b310e411a5d0e457518a96941805a1959e88a15fcc09f5c0e43895b54083abc30adf730a10fcbc3c14450c0d6de50cc08e94ee3df36753aabaff564cbfd26fc1470b53cbaa3f31a45d269e2485863ae8cd978ec3c033fabb02ed9996e90a9a2854ed5127f2b2281ae6038453922cd03b9a186bb10019cb012520d12db72f72f70e44808068e3083126e2d2215f301e1a0083fdb416621043786243e07174c7d0aa5417d92b48f113315d5564b6f4375824dab1b7931110f0f7b52a75cd11bb98402d8d3ebd9c337f725d90fac4d8962ed18627204a1b08cb2d7ac53926e1db6138603666bc143c351166d5ba48c0757d980dd5d254dd24b7670e4562ff76af27
+** GENERATE (SECOND CALL):
+	V = 20d61788c2916b7b602ff9c3291ac90cda6143d1290aa4dcb208d6df103475326b43021ef3fceefe30d27c220aab31d3e6d85428488ac3b5d76c0fa643662a6c3f7ff3fded8746fbdbcdddfab1939e1bac838df245a46fe7b08a6be00a6843849de2357ec4559cfbd13993925f12cb
+	C = 7924e044f15c8a8e59714e2c2bf8d3e15f94746227a5ce567f6531f2cebfbe5bd6ec85b4f5bbe2372e19b492af916b4329b75c835f832aa220da38a8fd8f50c3ef12f46761bf63784d9a19a056d7e9923c61f45c90aa2ae530409bb885f6be0a0e487acc2000f4b3125ca35ea832fb
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 9d56678235c0d2a609bfebfa1b1209672d42cb792b9d4fd4dc1292af6cfc3105
+Nonce = 3c9c1d182c31b5cb5b4c55657b50ae3a
+PersonalizationString = 5784dc35d43d6c9e6c181b0c51042dad73cef82453f3e92bc50158d130274601
+** INSTANTIATE:
+	V = 14154562633f6b35cb9dee9935e3c29e0e2afb10deeb951acdd638335857948d3e31c0e95b7b979b5b73a8b01764d8e7a42511814796b82063867f3e3c189f22cb4161bee9757514c60b83d0537eec272634fe094f71927f0bb0efd000a86c753847c988799cb91f1761ecf17ae4aa
+	C = 69d494944684c28a412e15bdf972d2adcca40bd115f1701b2415e3300ccab3ba82ca2b63fe502a06a33e07f5303e6539406e24da597082f487de0106d4e006e847e2df2f45c55bae3af3524e49adc218689f14e7cea15b157d3951e4b3ff41e3c33a7bb0d48dd8639612abd2bf7bdd
+	reseed counter = 1
+EntropyInputReseed = bccac8ff5b17d588fcedce6b892ef8dc9ace523d11089af99a4006532f2a98cc
+AdditionalInputReseed = 40ed1c59ba3118fc28ab6fc2af4dfe3b30f716ce184f50bfbcf73817161d8f07
+** RESEED:
+	V = da5961346aed60ef660442e97d0a9bb141f8df07c9fbda6e3d42b5caa5ffe300afcae56ceca2340ec03121058e3065f8245c346a672585e22833d0780177ece169a2bdcc4cfdace9ba585304c36d5a435730d3f7edcd23885961572982786fc20c2cc1e176920e0c762c0a5995ccc1
+	C = d15f7f04440079833163502ed62ed194aa1338131e88204b9badf3a70a521ae258284aac89c196ffe9b388019b00af33ec8f6af8daec5937e426f547b3437f0f77f77c9993b691d8166565b3d94818c9b371139a19550a025bdcd7fcc8a22d224f84436387fd2a1e5fa09f0fb1dfa9
+	reseed counter = 1
+AdditionalInput = 4f96724fe14dfdd475aa8079364360871108a34abf2e4ea4025a6e1fbe752510
+** GENERATE (FIRST CALL):
+	V = abb8e038aeedda729767931853396d45ec0c171ae883fab9d8f0a971b051fde307f330197663cb0ea9e4a907293115df8a840b6ef365464ced42ad4cc2776ff976739ebaef78059cab006a1f7222bc311d97ac3b591714c92dafeac268540b97ebbdb1d63d5963c75d4c8d68bde0c8
+	C = d15f7f04440079833163502ed62ed194aa1338131e88204b9badf3a70a521ae258284aac89c196ffe9b388019b00af33ec8f6af8daec5937e426f547b3437f0f77f77c9993b691d8166565b3d94818c9b371139a19550a025bdcd7fcc8a22d224f84436387fd2a1e5fa09f0fb1dfa9
+	reseed counter = 2
+AdditionalInput = e18d86308d601c83f15dd6fcbb93f0b14ab8a1ab2d1bddcbb44f6d28bcae4e5d
+ReturnedBits = a74d19cb67348e6676629316b800bd799ad20a70f0ef7758c921048f239c651e6991b9722642a7ca08493913954fa7b698640a86ac125f1a2105f6ab00a218d72b1a6ca60fd28e3d083bf4bf64c42058c906d0a010f3366921f4e26a1ea3308ed555795ebf60e8e131f84d46a4c802769f8f0cc2a7d9588112aebd583de2cf6a6321828541e6fa806c8d9a6db9e51e38a7aa1271154615e0e42ac34484e3e00a6b96683da5f54796090e7169eacc2e74178651017eb77eaa233d5c280b59fa6aea2419f1ab9d97f19636d6077bf4937d9651d1132c2112b14a68d3e9d366a04638a7aaacd32cf31aaf5d17edda9f3cd46060599269977d13d60171be0033c1a4
+** GENERATE (SECOND CALL):
+	V = 7d185f3cf2ee53f5c8cae34729683eda961f4f2e070c1b05749e9d18baa418c5601b7ac60025620e93983108c431c5ea5615e45ac98fdfec8d546c5a169765d99e1ee08b9dbed2472cfc56e60250a12b4df8bab1b82d92bbecf7685e041bc5e93fa15bd6e99630c65c6772d3f1eab5
+	C = d15f7f04440079833163502ed62ed194aa1338131e88204b9badf3a70a521ae258284aac89c196ffe9b388019b00af33ec8f6af8daec5937e426f547b3437f0f77f77c9993b691d8166565b3d94818c9b371139a19550a025bdcd7fcc8a22d224f84436387fd2a1e5fa09f0fb1dfa9
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d62b907e32df9221212d70f4f735a18e2255bff0640be43555e9036d5592f70a
+Nonce = f68ebda4742e500468c231299b1d40b1
+PersonalizationString = b8c56fa1e2948585b93180572fef4626c350e209d95fb59c7b9f1860657a2ccf
+** INSTANTIATE:
+	V = 551e7916444f6e97972ccb84061cc7d030c5a668f83be75175151297d517c91474e3eb90dda3e61490b47af1b704e4b666c8c808a6dff357b368d0783c2d16397f5ad033cff478af980dbd9e75d10c6b8cf76d34ace5c239c51641222249bce658d22792dd0bc204c98ea1c6822fd1
+	C = 931bf4201193a0b342271ab228a4ebe4a9d4627235417af8f62de54d097d7121b6761aca4c53517dad8631f6d35573f60160022105521ead3ba2dbdd956c6acdac59c3f2740896d00e3035bb02039a1eb142630f249ee747587e628df5aa5fa2f0ea1592c1e521b9042a87f2300e61
+	reseed counter = 1
+EntropyInputReseed = 0e13c11a181eda94a49f2c17c92a1b23b47536bafed2218e2b3caf9d6ab41419
+AdditionalInputReseed = b952de59000375b4dba9f455a641b83f1db977301a089bdc0128946a5443912d
+** RESEED:
+	V = 45818017084d5d0a176d7297822aa85df3da07a4bdae41e3e75fe44dca754fb9e1ffde2be00a800d8c4f2f2fd844c89aca7433d00cab90b335b38719c1680c1b81f44f07f2523254a9f306381292e63aeef8dd474e8c04da80088a8d5875473b94b2cb9494754ff2a3f62aa7de97a4
+	C = 7807d0d25a253623984df16ac57e33f15aea1958412a04688566c7a8de642efee1b0379c226b4bf2793b3ea8dad6c4ccb820c95809ea8797bb08716f021a44f435df7bd708999132195b2a3205d7cfa4de1a2abb3e4b1b82aa433868510b8dc8f9302df5f21561a60b9e71d79a4b2b
+	reseed counter = 1
+AdditionalInput = 36f14008a40509576ce7dd6eec39c42050aede77252c1f844a229ab331cd23f9
+** GENERATE (FIRST CALL):
+	V = bd8950e96272932dafbb640247a8dc4f4ec420fcfed8464c6cc6abf6a8d97eb8c3b015c80275cc00058a6dd8b31b8e8f777ee232d32978ff95448a75abcb5f658ca1051bfff497cb38944438488766594ba5d9c75452364f57dbacd78645411a200190df146896f45707d5981ff9ff
+	C = 7807d0d25a253623984df16ac57e33f15aea1958412a04688566c7a8de642efee1b0379c226b4bf2793b3ea8dad6c4ccb820c95809ea8797bb08716f021a44f435df7bd708999132195b2a3205d7cfa4de1a2abb3e4b1b82aa433868510b8dc8f9302df5f21561a60b9e71d79a4b2b
+	reseed counter = 2
+AdditionalInput = 8cbbe5135e47c8a84d3308ba390962b97d940a1eb369ba826ce2a976602988cb
+ReturnedBits = c305835fddc34b1eb7b34fce6b6d038cc98cd1afde36c3f077bf0b5811c03f379fbafc61c322c276da17f84ea22d838ee81f0cdc67a7ce661249c814df6c8539ec3f2484f96db76726c5fa92c11df104a359ec285421e617d7779a75b071464f6e485c417a07f2238e4c82cb95481c01146662bacc1c1d114718e95c08d1a4fff366eadd29c0f253087edc810bd7443563dee520120f6b37728e0dbcb31118cab7678954b7939eceb2a640bf5e46cfee45683daa916aac3f2c1df1042df7b276ac9ab9178da17f8f926a139439356a717f6523b0106f6759823e8d0c81f73cc88afef310d61b4b354dd417fe3e10bb53c821177705b76e001e40ab7c895a6fd4
+** GENERATE (SECOND CALL):
+	V = 359121bbbc97c9514809556d0d271040a9ae3a5540024ab4f22d739f873dadb7a5604d6424e117f27ec5ac818df254150586c4d350664922085377398659c2339562a3fc80d985c73889aebec2135e1d905c29da4131769014655d8823e3878ab80d7719a5b50b3386bca269b4adb5
+	C = 7807d0d25a253623984df16ac57e33f15aea1958412a04688566c7a8de642efee1b0379c226b4bf2793b3ea8dad6c4ccb820c95809ea8797bb08716f021a44f435df7bd708999132195b2a3205d7cfa4de1a2abb3e4b1b82aa433868510b8dc8f9302df5f21561a60b9e71d79a4b2b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = c080557db018d5fb4589975cb2dedde19a070393cc291fef224e1599b07e1ca4
+Nonce = e3a2362c0b9a05b457a48b1983ad2e1a
+PersonalizationString = 0780805cd1acb58ce199c76fd66bfa5496ec257a0cc7555589b8a0731a1e21a7
+** INSTANTIATE:
+	V = f6981ec808c450436c0ba9c2844ecdd3a6e1ed9f31e08d4f16fa7cbc4bfcacdd1368ea0df98c4e499eb829bef599ca59fdaebe8cbf9636bddc544c1e81035ddf9aa4d2d81bb66dcce6162b392a29d0ccd6211da36cdcba8ecf2a8f01ee044430df68d8ebfa08c1653188c7eb5b5f45
+	C = 77f27f09d089395c7fba22ef3bb2ae86c3e9ea0a254df52adb52552669af19781d6381152145640f38e2a0314c1c092df648d477bdcecb04f02552feb2393c0fe6ebc4c8a8847e8e5655c4faca0a40ceb1b8b6937e3ed83df52e20715a3f61209d1805e622e862d7c702731cc07ee1
+	reseed counter = 1
+EntropyInputReseed = cc89879f5b345e865ff415e9c5b29455230b4652544a0df58ddbc3dc46e348b4
+AdditionalInputReseed = c8fedd87aa61716694334fd513b7ad9291666e95841f4d62ff491d5ac2b030df
+** RESEED:
+	V = 43746a229744df5712016179ae78ee3f178b36bed8baf39585bb92ed5695fdc474ea6acbfd401ac98b1f8e4e7a7692179bec7e4c64a2cc514a279c222341ba360ae523be4af4c004c228032f302c7170b238fe73a346557b5559e2887523e749784d6dff2fb9e355c11eca94cf1dd7
+	C = 978e27286e9ba6721cf80d92b7f98e19e51c76a72e2d8e977dafa1f86f96faaacd21c8acf3539b130f26a3d4c210ee0153dd8a9201c7d7b23266c1d8bcd0b321a86d20d538270e57d690ba75bfbc572099725a533bbc6bc0b823d76737bcfd4d29ef4b56d932f204810a09181b32bd
+	reseed counter = 1
+AdditionalInput = 34a3b0d935886b7e9275f202ccc5590d20cfde2d0e6309c41630273414a6b3ec
+** GENERATE (FIRST CALL):
+	V = db02914b05e085c92ef96f0c66727c58fca7ad6606e8822d036b34e5c62cf86f420c3378f093b5dc9a4632233c8780ae9cc5f977476bd9ef8863bde97d36be7b1979da4b4702b003edd343522d8e65f17ade1cb9863217fff13c2ded0a69781cbf93633acb8169aaa204ac90ebe1ac
+	C = 978e27286e9ba6721cf80d92b7f98e19e51c76a72e2d8e977dafa1f86f96faaacd21c8acf3539b130f26a3d4c210ee0153dd8a9201c7d7b23266c1d8bcd0b321a86d20d538270e57d690ba75bfbc572099725a533bbc6bc0b823d76737bcfd4d29ef4b56d932f204810a09181b32bd
+	reseed counter = 2
+AdditionalInput = 874306fb7787c7a8ea12eada0c6559cf2971209d4dbcf6cba42f95404b54e3e1
+ReturnedBits = 30682a9f8570ca91c25896f5f8904407774abac708571e3bf4cc7b5c1a43285ef795ea099095eba79892ba3fffe3f2b7dc7600abad7e16774a9f2c0c730fc96f4c8180da13031d9c2ff8faf2b95ab82c5f515fc5bdcb84538d164e7225ac6b177e5edb4e8c956baa0e5bf54e76292d7e98fe2e34cc78de83f3f5ba71fea7b313b3f812ede6c888d464b896a714264425cea8944422206bbfc3f488f53095fe41976c1a69965cb8552ab38f8cfbad9c3d778436e0010f9a150f56470387fed34bde5f6adc78699d7922438b79d16d5b319499444cc0f7ad579e8e07998acdaaed043958d4da0e6a9949cdc5a7af0035b14510a091f8583bebee9700fd4312cd2f
+** GENERATE (SECOND CALL):
+	V = 7290b873747c2c3b4bf17c9f1e6c0a72e1c4240d351610c4811ad6de35c3f31a0f2dfc25e3e750efa96cd5f7fe986faf9546076febfbb004ad0f5fa06b67a3650584961b12e0315d9b204059d823c8ba6ab1b620e5a283553295dd0410516d6eee4a7c8755c2a4ffff3b90d9de76db
+	C = 978e27286e9ba6721cf80d92b7f98e19e51c76a72e2d8e977dafa1f86f96faaacd21c8acf3539b130f26a3d4c210ee0153dd8a9201c7d7b23266c1d8bcd0b321a86d20d538270e57d690ba75bfbc572099725a533bbc6bc0b823d76737bcfd4d29ef4b56d932f204810a09181b32bd
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = be766e2b2ec3d4edad27a5cd7442a3a5fb96b533067f37e11cb9e3ad7273362a
+Nonce = 4fa36cd236494589885f2aecd0329f26
+PersonalizationString = cc4d4f2a296c659e2c7b715cc6d86ac5407b52d06a8994cf5634d3f58d6bd1c3
+** INSTANTIATE:
+	V = f14cf13c2d8d96401e1249cd3400801726253e757a3b482b1edb90042966fd4b00c7c857b0e8e1482bd4c982701fd01032792157da82d1597014026996c4c8a7afa898036cc7b7c2f4d0fad071cb047394da93cba99a6bfbc0ad078d0bd76f7dde5116913e7b9cf52f5c98b8b5bb5f
+	C = 5ce29a8bda3cfa83f1fc178edd7141cc87a2445ad2eba85d2967419f8f9d0556788718e2f078bde518d89ee3464975ed59854b3548d9c9883081a3545411dc0d421fdf79098def9dbe1508f3e5f5c5004e021f0c75f042b3d8a44822deca92d39f7a43b64ba261f6eaf6aeca7f9ee9
+	reseed counter = 1
+EntropyInputReseed = 8027a6cd744cc6170e854199b0f5a4a223a0dae8ad11123eda03a8d5cd458698
+AdditionalInputReseed = ffaed9904a19184860a1f763842152b34943a0c28e30709d7016b87a23ad1fe4
+** RESEED:
+	V = e9f1d8520554c299389e37fd9187243082b7833df3121376e7f3725b6510245d392054e2d07913f44a6d61ed1ae7796ae11390b5b0e29a783b689bfba91190e72234fedf181e2df72fa0972524c27417985c939773639c569672b099007b439eea28a4da7225ca11a92c43f7ae0ae1
+	C = 49933e112dc1c756bb2b19766fcd32c66ec1dbc67ccbc10a2b47c5c463b8691ef8ba543b3dfaf0b327ef1b826d14aea8724e9e8c1fecd3f92b463994d41484fb1d85031e284dc9f451a3617424ed0a3a6d463ed7b842479392e3db8f24cb5e33b5e54465790300f1334012154bea73
+	reseed counter = 1
+AdditionalInput = 5394f70733de42f0b91556ea5a772f160eaac67f58762227512be364bd5b575c
+** GENERATE (FIRST CALL):
+	V = 33851663331689eff3c95174015456f6f1795f046fddd481133b381fc8c88d7c31daa91e0e7404a7725c7d6f87fc28ea9168953b4aca2b6e6caec1df5ec64676b6ac7bb0332a3fc0b69c51e80c77c1732ba65b779ca47e9764a6fa4df8ebf8a567a68ad502a109bc4d1671750f036e
+	C = 49933e112dc1c756bb2b19766fcd32c66ec1dbc67ccbc10a2b47c5c463b8691ef8ba543b3dfaf0b327ef1b826d14aea8724e9e8c1fecd3f92b463994d41484fb1d85031e284dc9f451a3617424ed0a3a6d463ed7b842479392e3db8f24cb5e33b5e54465790300f1334012154bea73
+	reseed counter = 2
+AdditionalInput = 8e3ec6c2c0297930514d9c65728458abb4578ec551af6a92e416072685647cd6
+ReturnedBits = b9a4098e4cafd5fe6515389705304ad7d2b8f18fc1baa4713eea89e322e687756657f18944b06ff433b2f9fd5ff831d7dba20a97f39c1cee849049bc3bde1402d68026540d7aabb4bcb772a1842913d66e77bc2c0968d0e6f50bbd2a21835e163b8569fdc684fd8091d9dada3b138bb067b7ffe9f6ae0f371192bd6e6aeb230cc4cf37321265bdd405226bfec310832e6957ed69c928b923e5943834f39f2c291f8243be582fcd3cd052bbfe00dd2a045f6c1dbfaa06b10fe435255441604587eb3c1b05c94c19a2716293fbd2169d1f3d5001c26f834db48cbbf6b53a9f34ebca5b3d3fb2fa981ec4f28d1131831cf839cc0abf4234c8ef811acd3dc5abaee8
+** GENERATE (SECOND CALL):
+	V = 7d18547460d85146aef46aea712189bd603b3acaeca9958b3e82fde42c80f69b2a94fd594c6ef55a9a4b98f1f510d8c3e16415504eaa797bcde2a902a0847d922634be719f97bda08f79b7774af1fdcba72ddbb5f87384337e40f6e244dabf305584ca17acaef7849fc7453359fa52
+	C = 49933e112dc1c756bb2b19766fcd32c66ec1dbc67ccbc10a2b47c5c463b8691ef8ba543b3dfaf0b327ef1b826d14aea8724e9e8c1fecd3f92b463994d41484fb1d85031e284dc9f451a3617424ed0a3a6d463ed7b842479392e3db8f24cb5e33b5e54465790300f1334012154bea73
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = dab50134d86975b4996dcaccef9f12bc7efbb0b814ac603a98b154456314384b
+Nonce = 2e46f043c7b27b388f597613435a7ecf
+PersonalizationString = efb9aae41310049ea1048e4a6032cc8fa009287cd93d30d3a73f51ba52ac154b
+** INSTANTIATE:
+	V = 614f52e9f231c86b98efdf2276e8e636b48181babe2424a9b8777f64bfb0b5d6ffdcc5c54f6e5751e15a4d636bd240180dcec3f0f122d9506dcd9658662b75022f377d59a802a87f50b5308ec42753dfe05144f90ce78298607be7790f1bd1df67c2ab4acaa492945662a4bee1b7a7
+	C = 6d5a72033930b98f247eb5efd0f8063a1f7e202eb0c9fa65ab181a3fb3733aa03f2a432d0f73e542d2375a275f53ac2aab4ef3ebd172a540c6c736ce91b65dcfb1a216b4d468a4af037227f3d7f0544c4158e43b15414b5697e0f8cb709cb689f7dcdd6d2f6a5126a5b6fdca4b87ac
+	reseed counter = 1
+EntropyInputReseed = 04cba3a941dfb34282abae26bc9ed840934187afd1e058e8022c62a2a7880793
+AdditionalInputReseed = 63c37a839f24f39ea00b3f4c3a7c78399782448e44f28f51119cfbf68b74f65b
+** RESEED:
+	V = 766eeda6f5919aaa9a81ec3b6032b6dc432a5b1ed428899c4bb593f33b5c8bc19a2f99ce56df2aaecc8e425f085a8aa898421a9d5198bd9b1bbf286f55829048c3ea8db7b359ec80250ae8a533393a4bcbebf6546922897138dbaeccdcdade332588f7f2fc8cc6d73d22df34da9f87
+	C = 98fde70365ce85ee49e912413fdd3b79dfebfa37f54d895766dad3e351cb411636f7b7de968225b1f31ae72a1c57ea727bc2e15b7ef8933ebe3005b41329920b810d7654c70fa3262b249a903bb8ff3d97ff3fbfb160096bea573eb3d6a4ed575c10641054d71fe75f13e44007f676
+	reseed counter = 1
+AdditionalInput = bc594344157c1d1a4d4c065bd81347551ad7ba5df9449e86a2b773752c05867e
+** GENERATE (FIRST CALL):
+	V = 0f6cd4aa5b602098e46afe7ca00ff25623165556c97612f3b29067d68d27ccd7d12751aced615060bfa9298924b275886580ac120ff269d18e7b8318162c921342cb5272b5034d73bb9ecf63b31697db28451e0a4596c7011fe074f0f0d2ecc6b16007fdb698447a83fc4b4bee665c
+	C = 98fde70365ce85ee49e912413fdd3b79dfebfa37f54d895766dad3e351cb411636f7b7de968225b1f31ae72a1c57ea727bc2e15b7ef8933ebe3005b41329920b810d7654c70fa3262b249a903bb8ff3d97ff3fbfb160096bea573eb3d6a4ed575c10641054d71fe75f13e44007f676
+	reseed counter = 2
+AdditionalInput = c33293a302b9e806f57df8d2985f2459ff752ac3c15adb4d09c51ee848041a5b
+ReturnedBits = 92c5df73b793aee7ee8a2c24fbacd817bbc6374f9b87e64e47298a2f0871d39dc32a1ee9c02ebb14d5db6673d8a71c9fd3ae773c86b068aad646cfbfb5aef3168f5f225136ceeac797399b5d6caf34ee3e340b768528568bdbb30a8139ad6dc017103140f06367958fcebed1c4da06ac0b10ab06acf815982468fde26ac095ef49c2fe01481908b22b3ff21c4aa30d17bf07fb9b0c6a454cdfe54c1d039075c391f45ee5cd7d0a2a9ae31d7af3ff1f4c67d6ff60a004110b5717f5269c98b86b3b19d1fd6827c9f70826bec0b68af4075a392886fc97a0162be54a1c749afbd8330a22622715afd2567f67bdd7c94c3f6d38d7d14be6d2ed8aade524ae0b735d
+** GENERATE (SECOND CALL):
+	V = a86abbadc12ea6872e5410bddfed2dd003024f8ebec39c4b196b3bb9def30dee081f098b83e37612b2c410b3410a60bc5582cfd8e4a7ba689b128e0450db66d60e5f9da90749081fd8a110a31e80e63c229ce1b49148adac2c38d352c224e997c2a2f0b3d5fb9b026a64eb9081f009
+	C = 98fde70365ce85ee49e912413fdd3b79dfebfa37f54d895766dad3e351cb411636f7b7de968225b1f31ae72a1c57ea727bc2e15b7ef8933ebe3005b41329920b810d7654c70fa3262b249a903bb8ff3d97ff3fbfb160096bea573eb3d6a4ed575c10641054d71fe75f13e44007f676
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 64acd92f1c27a949ede841613a46de138dc572d43dfad13804690f29308378c0
+Nonce = 2a46c7a35ac92601b855bc144826d6c2
+PersonalizationString = edb7478a41c2126b3ff93faa0aa8e977f834a8e405dbd937a886779b0461e242
+** INSTANTIATE:
+	V = dda60e4c3488cb1364e93d27b272d79140e30009bcbc49646097f59115bbb9ea6d8652f94c4d71ecd2d99b39cfe192593244f6af53b701b9224794e315ed2eaf5255c9e9a69140c10f566639d77827f8aa82d7042fe5061505099d41c0ab7207661767aab32453aee44be1b526d535
+	C = d876974c96145e20dd41211de82625572555dd80caa1ed476de0f62b28817b9fc2a9317f5f93beb172ca49865baedfdb4502a55e9030d1239a2f9c03a1c2bfa3bdc04f58607bfce709e3b85ffb684e3ceffe0a2a9121d11c1b1c6afffe879930a2ecab7f2a6581decff63bb5135ce2
+	reseed counter = 1
+EntropyInputReseed = f7acbcc3e261354a5db11bf77c4286ceba0c7513cb45da15274dee699a2e3578
+AdditionalInputReseed = d92c6677b88209e553af1c8df9958fa40029f71fe809599493c443cbeb3cf575
+** RESEED:
+	V = b38e90704507df10082a3bcc6f653441ca0208cef64fbbdc59a5529f759dc8f69a790195971877afade64767b93221cfb289274c70306db10dc4a9ae96bb90844b3e5cccd70af48006858623702e49212142bad2dea98128c72aafc93f12f6e0130e39a6adac4f70d1a3bb9abcd8da
+	C = ced1421a97d0249085a8e7df939db7c5925aa8444907c308f495f78051c031af090d6f374f1ae36cb862b61e453e46e2b1d68ee030dbff4164306a40aa11d1c73b70878d19799841fbd3ce4a256de188626735d984d7e7e22d370734b39e259ff143f9e015227330505000b594bcb4
+	reseed counter = 1
+AdditionalInput = 6cdbc488a090823756e179a090fb2a510959052cd2a0e053f36b987d91030537
+** GENERATE (FIRST CALL):
+	V = 825fd28adcd803a08dd323ac0302ec075c5cb1133f577ee54e3b4a1fc75dfaa5a38670cce6335b1c6648fd85fe70696087c802e8fdc874e3c6d9d9fd78757e0af0b9cdf0ae64b4a3ece33c73237ca2df81c37d921f3d22ec9ac7c65c13c85579df46d468b87ae461db75de92d71f52
+	C = ced1421a97d0249085a8e7df939db7c5925aa8444907c308f495f78051c031af090d6f374f1ae36cb862b61e453e46e2b1d68ee030dbff4164306a40aa11d1c73b70878d19799841fbd3ce4a256de188626735d984d7e7e22d370734b39e259ff143f9e015227330505000b594bcb4
+	reseed counter = 2
+AdditionalInput = 8dad20a31492eb41df44d1d255590cdf173f0b1f87883eaba3c0a0a6f9449dfb
+ReturnedBits = 0e47285df2b8a1d83a12c858b8c68aa29bb977efcb428f952f298686b77be91d5b5b0c5a136e16a8e192a218fb3b911022d9eb660e3a4deacdc95393bcd605b0e4ebc5e6dce072b534352a99cd6a0ad5303f5ef525e558b215e389f4014cbffe4b3eaf55366f51afb04575a3ad02b8007171d0d0f37d280edf78e25176854de67e6c54a260ede0200f6ba436d1c052e13600ea307156cbd093dbcb6c3ef137d209a134b1d58e4d48ff0bb92d2059d9414c3e31526f7c69606b5f7da7dc15b354afb0ee8916b25f90e163c7b62842d9ae5ed2b43cc919cee9bc68cbe0f26ce1694688ae319910dc7485af2af8a5b3b39745093de3e8c8da03359612d1d3fdea43
+** GENERATE (SECOND CALL):
+	V = 513114a574a82831137c0b8b96a0a3cceeb75957885f41ee42d141a0191e2c54ac93e004354e3e891eabb3a443aeb1715321e5b2991de38d2dad63dae07fd1d89c2038540d0af125542f71320c08f32fabb3be5253191a9044b883c669651c0e040d70f77c336ce00b864f1882c57c
+	C = ced1421a97d0249085a8e7df939db7c5925aa8444907c308f495f78051c031af090d6f374f1ae36cb862b61e453e46e2b1d68ee030dbff4164306a40aa11d1c73b70878d19799841fbd3ce4a256de188626735d984d7e7e22d370734b39e259ff143f9e015227330505000b594bcb4
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 4c492f75593e1362016a4f66ed5a62ad78ac679ee0f764f1c7f07ef42618f48d
+Nonce = ae9870fa007a80afd49ea7cd68e8892c
+PersonalizationString = fb9dd496b472d0d696978f5d0ba97ea00a00c3ea7e4353ed2cebef8524e2929a
+** INSTANTIATE:
+	V = ce3bbc8ceb4a794ee61b75727ed912933d504f8b21e47f54cd0add46eb37ff5b7944714bb7cb89684897c51db9f72ffd80712ba06154d8f90f7d3b434fc0672f983d85867b331d38d8e5b0e95e26af1105984540e91fd4d18d2a1348f3205837b68892f61545e78be6402db02a9bae
+	C = 7a1c8ed45c75788b089d500676a3110a63d84031d0735a60f1ef73a3e61e02ef7c71fa56a4f8bc0360b20880411aafedff2a2a4947d1f9b942c5e6d0a294b8eb8316eefaa3fe47e7a65fc0789944187eebc8d60d8b7b113edaabdd08f783e3280e3100a70dc042f59141c374f05d16
+	reseed counter = 1
+EntropyInputReseed = 77257e9f6e925f45070f1f5c84397d535b2ea7c9d37694b9f10d834ac3cfa9e8
+AdditionalInputReseed = aa8b76e033e64cc0b29e1b3eab5e2070a14bea66f92d45da1fedfe291b03ee1b
+** RESEED:
+	V = a7100ce8e0033712f9b46c89af99e8bb0e1c1dcb9eda5522833fc11ccfb24b08d7fd26b6403af56cdff1890e288acd1d46fcf4537be398a91783220b8dd04eef38b062c241427bd57e6834f568f22ab469a70ad87e8ecf52a578abb8261a1d8fe0d363291b16bd01a36a3a3b7fb25b
+	C = f50e5ac6b48591a9e66154bb05157cd1ac89679297f6a638b5c89e330baa0d84c5cd60748d871e210f56b7fdc7ea24bb3dae52db285550cc319b8fc10280c3199eda13cee0f45dc795a1a89b0b226bf91039f60ea77254e07b11ef04cd52db881996b9e75d691ddf77158d02c6f83a
+	reseed counter = 1
+AdditionalInput = 9aacfc636f366a00aa44ecad93f124a5ac10fafe27537e09e4fa5545d5903e7a
+** GENERATE (FIRST CALL):
+	V = 9c1e67af9488c8bce015c144b4af658cbaa5855e36d0fb5b39085f4fdb5c588d9dca872acdc2138def48410bf074f2aa110eb8bf9b4febb5e4689400daee65b254043274ca03692b0e7b7b82c467eed52046233aa23e6ffc90cb6ee5ac5ebce02927de433852732c1f8945f6442ba5
+	C = f50e5ac6b48591a9e66154bb05157cd1ac89679297f6a638b5c89e330baa0d84c5cd60748d871e210f56b7fdc7ea24bb3dae52db285550cc319b8fc10280c3199eda13cee0f45dc795a1a89b0b226bf91039f60ea77254e07b11ef04cd52db881996b9e75d691ddf77158d02c6f83a
+	reseed counter = 2
+AdditionalInput = 9130cdbe5201611a195944a00d3110d6b42c79e605b794815b58f5d1ce01faf5
+ReturnedBits = 79f34401c395a2e325a348ff14c7c8c927b907ca1f584a886c2d29b1e8f8a0034641ba29e2c9c3976cb9a33feed7f6c0838bab66bd6eb211e97d5118fd5b63235274bcfc9e2162f28785c92a933b1f91e277e441331fae1a661fe5ca31d3f09562f763d336850ba3edacb61836337c6e19a7c43dbaf386738b4641ccc6dde3369d00548ec2a7416e4a7ec1758c75634e989975d620c848896cc754673716595af04fd681a4582e9c5d94719b4de2d66269c4da4c2ed6791a08b87478dd8a81afee35e6f4fee854c69ccb4bd1c528b6ce27006dd45c1f0e1877f83fa61dca2d68aa5d60ea05ddcb14e230329c8d41599b71fed02273ba9bcfe9ce26d66dc628c7
+** GENERATE (SECOND CALL):
+	V = 912cc276490e5a66c67715ffb9c4e25e672eecf0cec7a193eed0fd82e70666126397e79f5b4931aefe9ef909b85f18ca6cded25eba5857ec449978584e19b736592a6a7cbc8da0f6d6f5c0f0ac167526fc65593dc9c032a874e0896f7f4319929dee1b809e78f305dcaf1a32fd2aa2
+	C = f50e5ac6b48591a9e66154bb05157cd1ac89679297f6a638b5c89e330baa0d84c5cd60748d871e210f56b7fdc7ea24bb3dae52db285550cc319b8fc10280c3199eda13cee0f45dc795a1a89b0b226bf91039f60ea77254e07b11ef04cd52db881996b9e75d691ddf77158d02c6f83a
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 3385a512a8b9cc5ac7006117401375c4a31ffc4c5f7ec3d56ed6a4df8bd03bdb
+Nonce = 352f8dd1356e0f011e53714895d7d058
+PersonalizationString = 47c5369ae18cd8934344254d740223db100ae3bdf4a226fdd0acd3ad63fec91b
+** INSTANTIATE:
+	V = 91b77123be05a0ffb2607b0c863e74103a985730e29c0a3cabd08331237ba4ebd0fe7049488b94af2d2c7178d676024d3418207158fd15b266c6e58b8982b4e1d777e5b302850f9705604836bf5de1d1be3aac86c99790ab425b9b98dc271cf1824da65ec2e0ede700fffbf08d40cc
+	C = 4d5feeef0d1145a774ed442ae267c786af99566b88f052c1c9fc2eb40533ecfa7d35e96b6e9bbec824653ddae0ebec238f7d4ed2ea27830d2e89b6219c86981d66017142107ca0607df6503a784499d9cd3f1ed716f574b1392fec724990bec0f7b11c9567195ecae1a747800de212
+	reseed counter = 1
+EntropyInputReseed = 6c5a42f7a5dece2afb76fb3804a726acff5fa8b04bb5ed3b850c390e1ce564e4
+AdditionalInputReseed = 52a34fbc8b1fc4a845c093af7d3d9489bb8c8164b451f94802a8e7dfd67f094b
+** RESEED:
+	V = 55ff44f9d254a7020507eac2dd8e62d2a821dc0d933b7bbb225f2a7e1e4585775a9b954230a45dcb41ef0512ae897579e62e34fefb68708a1b413544f610916f6eea3816f378809e69d393bbccee953a05e1a588b0e4c9bb773398c4e1bebaaf4c2b713121a168c25263f02b6a58eb
+	C = fcc1d18ccc55eea047c372247ffc11afc181c3a9575413f2c6b3aa3155896fa88ec616bac20139652b23a47b067486e40995c29f21639f90ee0b6e8c8a06cdbbf7fddc9b780b55650c835d4c429446d5845a4cd4df0baf56e3542e1887de7596078d12fbba7742363de1c0b1aef02b
+	reseed counter = 1
+AdditionalInput = b1f584ee40c33c654ef5fb5b04c953c8c99a1f97109f6b40faf103e11ca6f6d1
+** GENERATE (FIRST CALL):
+	V = 52c116869eaa95a24ccb5ce75d8a748269a39fb6ea8f8fade912d4af73cef51fe961abfcf2a597306d12a98db4fdfdd1422a94739c4b824a57d08a4a8cebf947f89df42e1659c577be3358c0468d2bd5d9d4b7c6404d9bd5b8099f440ba2aba8105172121f3a61d004dfa24e528d9f
+	C = fcc1d18ccc55eea047c372247ffc11afc181c3a9575413f2c6b3aa3155896fa88ec616bac20139652b23a47b067486e40995c29f21639f90ee0b6e8c8a06cdbbf7fddc9b780b55650c835d4c429446d5845a4cd4df0baf56e3542e1887de7596078d12fbba7742363de1c0b1aef02b
+	reseed counter = 2
+AdditionalInput = be1316013490e3508fb77389afdbda7b5d1152f74e19edd2f3b39b927da06abd
+ReturnedBits = a44772eb47a785314eaad2b93788995ac7dea2cc70663d092eaa33442e9db0c2f8b5809621d4be2ef4f50d239314017451901f8ce5262cea545844d6bceda0c4536365cddf6012697b5d5771480d21573acc1ea7d0fe305980f1891226f389503cefe0cdbb9be8bdeb046849e5795654b9ba454af65c5b342048eb6f55a5a8bf1515fc3f4c5036bb525f92bf7d2a3ca04a763f29ecff53708b1719417e868c7835c1c89e91982ec2bc4abce314ff0e80012c667b6f8e064530576aa47332994a5cb647ce9349424787a03c240ae52cbfa31dfe740d9f090e998423dfd1903bb1ebc7b0a26624f5cf116ab1316550df4e751bf3af0a529a8f4b3cebc29d692184
+** GENERATE (SECOND CALL):
+	V = 4f82e8136b008442948ecf0bdd8686322b25636041e3a3a0afc67ee0c95864c87827c2b7b4a6d09598364e08bb7285a7d960852c7a3e0acb3f12b009dbc5cc2120070f0fca28cf934c1aa8c6a7e2c692043ad43653fb4b89bd6ea096f0cf820787d3fb1150f247d861c9977aa02bf3
+	C = fcc1d18ccc55eea047c372247ffc11afc181c3a9575413f2c6b3aa3155896fa88ec616bac20139652b23a47b067486e40995c29f21639f90ee0b6e8c8a06cdbbf7fddc9b780b55650c835d4c429446d5845a4cd4df0baf56e3542e1887de7596078d12fbba7742363de1c0b1aef02b
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = aa306eb3b5d299fb70ec56c2aaaa10ed501b39d8491d9a5017e7282ba2d250de
+Nonce = 83d3373b1d193e0dce8fb756791c888b
+PersonalizationString = e163606f6328e296eb17e8914242614160c9538db0a5f514f01fdf6081349d30
+** INSTANTIATE:
+	V = 4c88ad2e7ca6fd0a9e01fba47cc36a2008e5beea0d42a42928b72ea70c5a0c1e47748f438d319803a078749eb4047600ad2b70721e12f0b8832c53f7356febc1cea1cad3b1c8a4e52c83abedf6ab6d2fdc3cfe7398bad9f8a4e88bd95ce6a93ed379e7083818f8cf49831363fa7143
+	C = 61d42ce0787b83d94e1805feb83123f61d49052835189fc7cab1c9eddbc6a8863ce10f3d0a2ff3db5da19165442cb5142cbeedec50380f5ef12f29815ad8a440e568f0b249607885b3192264c75cf1fa2b08905e789a24b9c6e5aa8968e7ee3e76ac123e272acb6e1192143d2b8aa1
+	reseed counter = 1
+EntropyInputReseed = 39b14c8a53704c96c5fa806775c3defaa757f7c731ef0becfb1b9273d95611bd
+AdditionalInputReseed = d50800c786cc6b81bcb4c22d379b1b60be599d53a4b7cc4ff55208b92212471d
+** RESEED:
+	V = 656bad22b963372ab406aeab1b6d2e228955ecbfdedd944810de02a1fc351832229161fbe03595dcdefd47de0609ed32d18351209b7a52fc4182dd31d0bb549ebbf27f181bbd980907b3216b02c34a7d044a883cbbac21f4445db4733014d662feeb64e8f426e46345d4165c1c089e
+	C = af32333861dc181f6a13e048f4915250cac73de492bb7842f2356a9085871cb994d940bca35ff4d87d7a4cd3ab2e1fd9a26c799b95071159a98e01ee8def044d1320bf0bdab127289836e4100b8838e710733dca7e4c5c441250081f5de0a27ef1d0f37df36fa3fd73482c99299c9e
+	reseed counter = 1
+AdditionalInput = 10048f81e8eb0d309081bc6a908f057f509f11181364e88eb8cc12e0ab1109e5
+** GENERATE (FIRST CALL):
+	V = 149de05b1b3f4f4a1e1a8ef40ffe8073541d2aa471990c8b03136d3281bc34ebb76aa2b883958ab55c7794b1b1380d52e7a5b23953aae1a97ba462afb91e4fc2b1580b1e9dd1aa9ddd49fe90880747ec55640158d395cfb5e5bac8e14ae5009a9065f350bbfe084d2eac24400df238
+	C = af32333861dc181f6a13e048f4915250cac73de492bb7842f2356a9085871cb994d940bca35ff4d87d7a4cd3ab2e1fd9a26c799b95071159a98e01ee8def044d1320bf0bdab127289836e4100b8838e710733dca7e4c5c441250081f5de0a27ef1d0f37df36fa3fd73482c99299c9e
+	reseed counter = 2
+AdditionalInput = 0b2bf8ea2e0fba3437954ec437840151ee8071ccc6a5ab4b11213cb27b89e4da
+ReturnedBits = f051ff9b21a3351107b642257448528bdf054a7bc0503c7564ebf3b237c7e4b7407be66f80a88ee79bd1c003ef03c555c5ea4044c71f6b2eeb8a0b0c361ccd251df0f47876d09c4aa1a128ab0c607f5ff653694b705e31c3b8eef3881201f6754f1161f91c814e7c1b7ef617e804cb05a8aeab3e3515d5a975421fb62690c330ab57723935ef022e82e52e2973ec9046850de20b5a9ebfc6386ad5679ece3f0c568c68675b4b968a3c4e57446bb41503abf2954e55bde56b4945a14f3e04894a30bbfd578c0cb5f1a1deb848971dabff490bb7c02925cc1d73ca182dadf3ef721acae156e869bf791b5cb459e5530a2394e3d3d10e5be1ae59c6384d6030a7cf
+** GENERATE (SECOND CALL):
+	V = c3d013937d1b6769882e6f3d048fd2c41ee46889045484cdf548d7c3074351a54c43e37526f57f8dd9f1e1855c662d69700c7198533cedfe42efcbc01730408057e73cb2c99dafd6683ba0a3c60b29c49ad72db8c4681d3954f9d4c892460a6934e64fe547df56c855b01d5ab4435f
+	C = af32333861dc181f6a13e048f4915250cac73de492bb7842f2356a9085871cb994d940bca35ff4d87d7a4cd3ab2e1fd9a26c799b95071159a98e01ee8def044d1320bf0bdab127289836e4100b8838e710733dca7e4c5c441250081f5de0a27ef1d0f37df36fa3fd73482c99299c9e
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = f4e641f94683cd8d86a9dd5933cf8eadcbc6ec8c713cb7a729c2f7dcbc626d53
+Nonce = 5e690a98a55188dfe781b50d82229134
+PersonalizationString = 3675965c6ba1c6c466fc76a8430c9cf307329493648a641ab7d8cb20214ec170
+** INSTANTIATE:
+	V = c7fede13fc87353a74fafecaeb48cb61bd1497fc302ed2c023371f8073588400e3cd1347b3cb186900c3bd02c691e7da310621920a699737f8d40e755a139bbc061950ad6d90a0ce848ee67514fa6e783685c166fdeffad0cde76331772c185dbc21488888654c30f68db68cfe460b
+	C = 726eebd05b97da9df23e0a9e62948f7f42fc1ad6dcdcb01024d6dff4ac1dbe2641e5e597d3408b9f6fca2dcda58dfa71f3c1a898a0ecb3aee9acf52bf6d717e5e6bc3d109919583a66d0230350a91242d7a7ebd82d7c1138a66f420ed409585379b747221dcb66c97643d087ef4cb1
+	reseed counter = 1
+EntropyInputReseed = 55e8d7cd89f492b6303670310fcf9c2007cf2097e5984cead33bb88e35938b71
+AdditionalInputReseed = 1f1d4d671a5da84b31ba5b8a8e26cbb26ca62eedef763dd0687c37e656b286bb
+** RESEED:
+	V = 2c7d1e347018fc394c863b45da49524eccd2c7e490f8a5ab6fb08e5e40c31a39a74a0c20b5c2375631cf7c993230862ebe9418b57e503f467e236fe8ea78ea116d95302887343d8ec6b4792ca468f19f047ca3f25e86691b3ba31cadedc600777e8d50c6fe7e33ac6543f3eb8b2835
+	C = e136b8092ec625d38c40e8fa8541cc3481ce8fe428cc329c2bbe5c5316f7967851432853034c5a3fa8048abea3f0465bfdaf199a588b42441710ca18183a65a7eb3e9982408843c81dbc388d156e74e094cc34ac05797ce755baabbc56c64cb6f3d7a323ceee1e7edc96eaca15e508
+	reseed counter = 1
+AdditionalInput = 555efcf90944b3f09021939c648ba2bd7c1eb3056a85fe94045e181e7d88a044
+** GENERATE (FIRST CALL):
+	V = 0db3d63d9edf220cd8c724405f8b1e834ea157c8b9c4d8479b6eeab157bab0b1f88d3473b90e9195d9d40757d620cdcd55626041d6eefae980e7c824dd01a63e2e4280790c940cede737464a2eb35640caede0b5a09b90afe92f542aa73bc82ebbfd374a4051d229ced98032af1610
+	C = e136b8092ec625d38c40e8fa8541cc3481ce8fe428cc329c2bbe5c5316f7967851432853034c5a3fa8048abea3f0465bfdaf199a588b42441710ca18183a65a7eb3e9982408843c81dbc388d156e74e094cc34ac05797ce755baabbc56c64cb6f3d7a323ceee1e7edc96eaca15e508
+	reseed counter = 2
+AdditionalInput = 4391c07685a2e6b0c5122868262efeca48c0e86495e8748fc18aaa42ffcb2dbd
+ReturnedBits = 88dee3e8458f78fe13a49966dcba5b3db44dbd4b07fe8e16fc079c51761fe435a78485611a71f6f37cc33e645e47dde378b3dc33f5ef577c26e62cefea218fdc2ba83990ad2ba1b878df5955fc779cc739670653f695d81a070522e291727695e8b2f7747fe37c451b1352c06ee277e29d24c6fa81952f99e1eeea371849fc4d0b24f7389e16718526fc23b05b90da2c821997dc535584f3c560aa1a7e18280b85b42bb0c9fcd3974880f29feca76a10b6aeedf745c1374f2e34a9830e52ee518fe662b7175018212496377113c14664ff5958644eebc7093e2f6af8fc67497f49162f641281efb21b949cd33fdd82797f073601ec17f181389006a22fa10b77
+** GENERATE (SECOND CALL):
+	V = eeea8e46cda547e065080d3ae4cceab7d06fe7ace2910ae3c72d47046eb2472a49d05cc6bc5aebd581d892167a1115045f62ed574017ef4d737fcaaf5420b6d51d03fa9ac4d56a96abc62e133adfb0a4be961f7f20be2b3bd7ee2f081fa12e1fa54c2cd9db10bbe7bc5e40a155f295
+	C = e136b8092ec625d38c40e8fa8541cc3481ce8fe428cc329c2bbe5c5316f7967851432853034c5a3fa8048abea3f0465bfdaf199a588b42441710ca18183a65a7eb3e9982408843c81dbc388d156e74e094cc34ac05797ce755baabbc56c64cb6f3d7a323ceee1e7edc96eaca15e508
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 2915c04e0de52c7d4a3223df4581ec070b7b4494cad3a8928981d74ccd78623c
+Nonce = 9cba4cf2434d0f4d903668e28b674922
+PersonalizationString = 
+** INSTANTIATE:
+	V = b0b83897ff5d88eaf905b112451865c4650db9d84fd648f4cf99ce41adcde18dc88c50f44700822a86665cdb9566e67ecf397cbe68e4d5bcccf12f4121fe565d576e913d6a8e43caf8decbd7a2befd7f186e2e0708577048eb5c536b44cd9c83571b062fb66616ac2e8289b67f6f2d
+	C = f504060104b6ae188efc21f71e52e4ad6e9acb538651ba17e71c1a9030a016774095b72f902a56c31c93aaaf6cc7a13e5bbfe190f5b242ea0201b9e12072fe62a82ed7d3cd3124939f22c6d3fbeedd6c0671d6fe6c64fec41c1d6202a796716dbea33fb238b507c9730c037b294ae1
+	reseed counter = 1
+EntropyInputReseed = 1b248e3421d9417eb9d4d010b6d12b64bb3b0f1cacb7f7ea3b33512ef670feb5
+AdditionalInputReseed = 
+** RESEED:
+	V = dd6c9c665ceb689e4f9f31ec44512be63669ade5f586837efbf1efc64be198d0be7811ff04cc0d87c510df38c9e9df037714e30d9b2cf2b975bbe7b3a543978f793cf305cae625a78f3fce5cd76a2b2b3462f28097dc94dda033d9009825caf8632ead51101d3705b722480ceb5597
+	C = 3ff52ea6da56a4a62382fa63ee25b79195a2972c8c1c6a2a78dc1ceeb6befaa3033fe8ea32c69158272fdd247518b47f5d8bbc7dbf0abe804a5125c014788e780499104b0ba5181df27af6c7d7c8671412790b913dbd1cfd2b0991855a8c4d4aed84eaaf19aa19563c6cc69d0270a5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1d61cb0d37420d4473222c503276e377cc0c451281a2eda974ce0cb502a09373c1b7fae937929edfec40bc5d3f02946fee87e4997a198359f3d6f11987e0f4f53974f08d3540ad38ffdd1282d1643d617b6f470f015d395c269a260df0b2df4f0a0a114ee2d3edad329c3d6b984801
+	C = 3ff52ea6da56a4a62382fa63ee25b79195a2972c8c1c6a2a78dc1ceeb6befaa3033fe8ea32c69158272fdd247518b47f5d8bbc7dbf0abe804a5125c014788e780499104b0ba5181df27af6c7d7c8671412790b913dbd1cfd2b0991855a8c4d4aed84eaaf19aa19563c6cc69d0270a5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 508f16039546fd38aad1aa5d2908d0cec11420e0c98fac0c0ceeb092608e034d71668b18cfe4ee49971d8efff39018b653918c431e22287f222e1397c460471520e07473963bc5085ad8e6ae1fd22ad978cf0e6888fd854246b5a36467087c1efd49bac8660ca12a8951c639f4ee97274e1097e21e3785d028d332516afd02a7737df6f9558b3116b09f150d6ce30941eb4809476fb536e22a4099b55c407f4dee8a6bf32bb71bda74f654a78131dd86d1a2ae0b0d8fb3c145bd2924e5730335742d89f2e9d1961700f57406c709635a7020f6f1be08b85b09a53c0529253f690563902dd6f6af244c9f1c5d8cd95c49636d2ae250ea443af13985e378f25195
+** GENERATE (SECOND CALL):
+	V = 5d56f9b41198b1ea96a526b4209c9b0961aedc3f0dbf57d3edaa29a3b95f8e16c4f7e3d36a59303813709981b41b49c8bf5cdcee5eef48812159a45bffa4126fa0d28f06c113f11e9e9b7907970a04896f6d824ae16b6f68281303052f2d1885c4ef677fad04e910a71e36d0abb0b0
+	C = 3ff52ea6da56a4a62382fa63ee25b79195a2972c8c1c6a2a78dc1ceeb6befaa3033fe8ea32c69158272fdd247518b47f5d8bbc7dbf0abe804a5125c014788e780499104b0ba5181df27af6c7d7c8671412790b913dbd1cfd2b0991855a8c4d4aed84eaaf19aa19563c6cc69d0270a5
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = aa20e9a152f429f12b13659912d948a9418f0a295d9e68c8edc75cf9ebb3a3e4
+Nonce = e43028b10812393d327c8017d1b03984
+PersonalizationString = 
+** INSTANTIATE:
+	V = e6cdd7b9eb87722cec16646739ee44564e22cb90feaedf7f762024806da01c4cc03977b25be90ba88d0ae57c9b9748d9bff87da0b882bb65c65f47039d2e14e7990f5ca6c18e8530e5d0fa7386e60634713bb7a30089a5f97dfd461df1e4aca13a834e54ce5384cf97d9ab3b6d6bbd
+	C = 2f35f2575bdf47c0dc5625cdc6db3be785c7ca873782064116554c73f4c5a895ed53d81e29b20b59e7a1398b7f7bdbe3965818510ce21b4dd26b20ab2c8b14e66ab586960e42a143a177276d8d7c176702b510b3846a88831f0b0034ddf976794679d61097ae54bb5f28e46c8b4a7b
+	reseed counter = 1
+EntropyInputReseed = f1a0310d7c252a041ac095103a8e8400ee6e604c850544efff772e037350c5e2
+AdditionalInputReseed = 
+** RESEED:
+	V = 0f03a768747a3a5d494ef7fe192ce8ed8841e6ce23e2724fac696fd506ba98509acfe296917f4f13e6d9500b603773d1ce03ff35a70ff8032db61871be751b89c2cd344ffab797dbd772de5557153cb1363916bd0996d830a6552d39acc201461dcaad3a0858b61b5aaf7380327b04
+	C = c8f8136024b2b44f70087ad8a923b3d0ccf30d47c1c7282b4bf13d5a908a75d9e84f740bfd3af1b6c6537528179789c3cea4c5939c3f78ef9df72d22d54aabb85f6acc9385c2dd7ddfb93f00e08aecff8644929735b94472351ed6a38ad01e05f335eaa77e078e39f01e83a171b3e3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d7fbbac8992ceeacb95772d6c2509cbe5534f415e5a99a7af85aad2f97450e2a831f56a28eba40caad2cc53377cefdb022835a73ec796b44a6f496f877a251dfef8750254df19fa8cb7c86b80c6753bbd41d6111fd65da48d871dd4d6de7a93b41be7069bb1708d9a72ad40e67a24a
+	C = c8f8136024b2b44f70087ad8a923b3d0ccf30d47c1c7282b4bf13d5a908a75d9e84f740bfd3af1b6c6537528179789c3cea4c5939c3f78ef9df72d22d54aabb85f6acc9385c2dd7ddfb93f00e08aecff8644929735b94472351ed6a38ad01e05f335eaa77e078e39f01e83a171b3e3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = eeeb4da92c08373e0d0c8b497f14039a395f8f883da1e09c100867082ccde911008720acaf71ec4f6309c5811afd2b807eb9fa0b019f08963902392d2b2e3cd9b69c35a351d26fd2375aac3257e588e47aa583505491cddbacbb605070acd2762d2ad16ce19b220d36392640643a1d4aba8a674ba33e06b5ef268f6638e8c39df95ac8e82409d7159d5430189fea762d4cfc48be8fb0f47944d390759dbd2cc3ef85f25178fc4f819127cc073cd6d01b6add8673bcf804233f847cf4204343be6463922e9ad48b1b4063ff0df6d350070eca409929b1857354d149b011bcd0817bce676d12c1f61a92d3f4f68ea4956ed55a9cbc5070f7f75ea062e8e8bcc477
+** GENERATE (SECOND CALL):
+	V = a0f3ce28bddfa2fc295fedaf6b74508f2228015da770c2a6444bea8a27cf84046b6ecaae8bf5328173803a5b8f66883505db1784143142bb2e4383e4d7329ca1d3bdeaab008c91a8dce05ee0cf5bcf364634779c37569112bf917cc99a16717cff45054b801a9c846f56d9251881c7
+	C = c8f8136024b2b44f70087ad8a923b3d0ccf30d47c1c7282b4bf13d5a908a75d9e84f740bfd3af1b6c6537528179789c3cea4c5939c3f78ef9df72d22d54aabb85f6acc9385c2dd7ddfb93f00e08aecff8644929735b94472351ed6a38ad01e05f335eaa77e078e39f01e83a171b3e3
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 147da4b8f082c48df3d65f506a4ec3176d45ca1c4a98264d2eff237d3077550f
+Nonce = be027a0203e1df108597e405d25e215b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1267fc44cdef7b837244efb68f4e5b6aa62b373942d21d0d243c468add13f3e76a435acf1c578bb85924caebb9ed6a24ea3bd93eab42bf23d20af5e9d8e564946cd07ba3a4201fc68b8c6c65ef778b03fa5e2af190811fc83d0e77e01cb5d278147d7f58d61eee833d53c56a320ce6
+	C = 4b340fed84334c65d62350117487997afaa848c2d1fc208e595613160c12954e88ed3d1fa1ab0ab73eb47afa7c8c60b1092071952516101ea01efd6aefec7a885b5092821ec926be65334744a53541b2a5a04606715c8e047f23f8a791b28211cca14025b0a18cc3ed110851dd297d
+	reseed counter = 1
+EntropyInputReseed = 03f49d655aa1da9261509f91ed2d464757b11dc90347659a94403ce3a0499305
+AdditionalInputReseed = 
+** RESEED:
+	V = 96fc76f46fa5aeeb4fcd0feedf6b60a83c143f21fc6f8995349b4ef72faed5d9fba52e16690385a6e9323637dc8b013616160135f210af26376e3cce4af23043d4cd310c7f57468c20a7e3622660e43a0394f644e80ab87b85cf6cdb845207436fb8378d2e01173f0730723cc4506c
+	C = 45946dab61b633f8ed31d44fcc5f348d7750eb51f315bbe57780d95c0da14b63d034079feb12ed90a08f7aa7413da01fec3d72704a9e028e0ee40f525e25a83faad553d0c60fa2361871a6084d69bbc0e67a7ae7b70e5c35810cc3b292fafcd348c13aa2a51468f8a228f3d1f9bc1d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dc90e49fd15be2e43cfee43eabca9535b3652a73ef85457aac1c28533d50213dcbd935b65416733789c1b0df1dc8a188b5049b2bf625c71012e31c9576b633c985c9db5b91d81c9430699d2db902cd52a960da810ae00e288450a3e1b6568c7ddaa2795d8f6a4361432ae3f42ef0b2
+	C = 45946dab61b633f8ed31d44fcc5f348d7750eb51f315bbe57780d95c0da14b63d034079feb12ed90a08f7aa7413da01fec3d72704a9e028e0ee40f525e25a83faad553d0c60fa2361871a6084d69bbc0e67a7ae7b70e5c35810cc3b292fafcd348c13aa2a51468f8a228f3d1f9bc1d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 46787fe78cd8fe5cd75b8239955432ce2a574ebf8e4946fe169b7f624851e00946f89acefbb0ddef372637f823ff80866293e9b2f9430fead6807157fc15fd5d4128623a3ef9a01f2445bb7e5738718f2842e6770291970b50d93813ed07e040d573fc681ba1b2f832481f97da4b937918433a7661d291b47417dc536d32e85475d4b9eb5772f6f018463decc43e4b3c455d0b17ebb6afcc6a6d2642b7323b100e5807555fff24b576fc257600d026dacd9b04299d4f2e33323f465f1746572f7e9409da9a986ec576e4b2c3ddd28f37ef4c1e7b3581408b5b2206c81f8d039ef39efff23050eb86eb4297fbab73a46d7f28e72cbc754f84bf5d5ed6f1bb7764
+** GENERATE (SECOND CALL):
+	V = 2225524b331216dd2a30b88e7829c9c32ab615c5e29b0160239d01af4af16ca19c0d3d563f2960c82a512b865f0641b9faedb718bfab5f0a71b9001097d8256b05ade669e2c977371c028cbd2579f29b50d07a79f772ef5638f67e63736c187b8c0af4d7ecf7ec395947f0367f48de
+	C = 45946dab61b633f8ed31d44fcc5f348d7750eb51f315bbe57780d95c0da14b63d034079feb12ed90a08f7aa7413da01fec3d72704a9e028e0ee40f525e25a83faad553d0c60fa2361871a6084d69bbc0e67a7ae7b70e5c35810cc3b292fafcd348c13aa2a51468f8a228f3d1f9bc1d
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 5cf591ca8b376252f09e59391107f41de9d12395b561d5914aa4d69129476e9f
+Nonce = 2e42f7346a48e92ca61e18e9c20fe534
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2e57aa6d105faa914baaddfa63fc78a35a66836f7413a57ca807ecbed93e488497a3ce4875f2ed7a54020b1c5e17a9b21a9803d754e2600cbdc980d162d20911a5283a14142ca8aa3e17c0d54913af9d1df142099bebb1870c07c5456af07f83479c5979ca298e923e5bbc5ca74c67
+	C = f8a73e03606c95a271784ebfdfda0e820a83f8def259a92840ecc23e4474abe3f1b76f2cdb30d1a27e57de6527144904770a42bbe15f0735ad6b9bb2a88ca7eea016b951046633d7aee028c44cb0d087b05f1648f29b1cc741c8392693034de6f44f11ea6c9fbaae23faf2c26a1890
+	reseed counter = 1
+EntropyInputReseed = 8b879fd02ccd791c68998f3a6f0d0587896a182440a892a874a7ee78ccda885b
+AdditionalInputReseed = 
+** RESEED:
+	V = 2a8277ef2ae26396c2144ba683a72f105dab90e2125ef4139dd530ce5afaaae051007d5665f1b8f9cf04ca97d862e594c67c5ceddd008e908146511dfb3d71a4c2f2d35ba0819f735d7bd034c41f1b56c39cb4ab208d99483e800a3b7c01de333ccba22b457eb397e5d1e975526661
+	C = 549d2456833a42f68c55c67baafe7d138a35fbe3d0c134da7f62ed3983abbb2835f111e78bb4d33ee5ba4a2f710ffaca03d65e57415c6fe67bd60410003d0378f6b0007e39d33855a7910884e64add1d65b02ae9f7a889f2a9688c5b8c962ba80ad99afe93826bde95e3828b468bf7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7f1f9c45ae1ca68d4e6a12222ea5ac23e7e18cc5e32028ee1d381e07dea6660886f18f3df1a68c38b4bf14c74972e063cbdd5cb3ccb346f7fcb54178934b5c791f2f52d6548c10876aeff55a02b859a96e3960efb290a8e2dc62eb7a7a275e83e08d28b64973e3d65ae626daf54f5d
+	C = 549d2456833a42f68c55c67baafe7d138a35fbe3d0c134da7f62ed3983abbb2835f111e78bb4d33ee5ba4a2f710ffaca03d65e57415c6fe67bd60410003d0378f6b0007e39d33855a7910884e64add1d65b02ae9f7a889f2a9688c5b8c962ba80ad99afe93826bde95e3828b468bf7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7f038c6e36a0e1a4359cea912a5e7b739832720528671a4e3e556902dddc4976f38fbffb4c01353eb1a02dfd2ffe496f999eeed1c6e17ae55b37d37633ebe0f7012749a4ba5be6a703062ff91adec5959239478d1f01ea5b53340ae2b0ecf644019bfc5757c8f28590360089f93c66224dacda7923db0c51340b0c3fee2ec40deaa64cb9bae252356b20a77b3afb70468a231be19d4ebd6f5b63a56ac097060b2f95b2f9473b7123e0d00373f5d708ea9a97e36b20a3836f77a790dd9e388bc1078b2eadd5d66ad58fe856d37c4587dcf28d4f765b08467536a51e6f2aa9a6b5737734436b5cc0c5a64c26db1c21ac3829341d316904d52bf81a4ae890e6c7f6
+** GENERATE (SECOND CALL):
+	V = d3bcc09c3156e983dabfd89dd9a42937721788a9b3e15dc89c9b0b4162522130bce2a1257d5b5f779a795ef6ba82db4aadb0455a69c9ac67faeef532eeb69164b6445f438fd88d0c7ee3b207d4bbfd6973f516ebc3c6a43f63362ef1dc1fd0fc678193078b4ce39c5913faae837c8b
+	C = 549d2456833a42f68c55c67baafe7d138a35fbe3d0c134da7f62ed3983abbb2835f111e78bb4d33ee5ba4a2f710ffaca03d65e57415c6fe67bd60410003d0378f6b0007e39d33855a7910884e64add1d65b02ae9f7a889f2a9688c5b8c962ba80ad99afe93826bde95e3828b468bf7
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 99ed4ee0671d9ea2aaaaeb6b80910b058132804139cac9e0c9e1152ac2128514
+Nonce = 805e6a27ad849610f832365c243af78e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8128244f35a555a389b55f045a4f38fff94e94fa22b80cddd74177f744e3d9fc40d297e33db0cff4dd906a6ae60fa5f4134c5ecc11003033e9352be791602f62d034e3d33edb1c6ec2e1fb6f0b54036d4227e4a6a0c863b6d9931ae0595ac975c53ff98ec3c89db4c3da887da82398
+	C = c20004e9489c6c4e8658595ee55e6c014e3f32ca597e39639ffb08e14fa91dbb6625e1922483b70beff2d7d8775a2d1105a8593e8d12e2ecc1adfb8b566dcc3c6a423873a8a0f4dc5dbea5c4c93e3973fc1107fd925abadf809937f4a5e9c57bfab5fc2316c49ce62881d677023d0b
+	reseed counter = 1
+EntropyInputReseed = 99e064b76a604bbb609523ceb0085902a6d0d74cc4364c9649f73d7bc94ac4f6
+AdditionalInputReseed = 
+** RESEED:
+	V = e7cb142227e0695132868499dcf40a5a8b17b4c3cf426f3eabec0874ae4a1982e69e14921d407160fbff8424f40f158a1cd65a4001865dd7a4b308c78d84bdf479e4899b2b146fd976fb57268d35e5fe04cc466d8315ed820bc17cd6a026992147733f537404a1658cabb347987f30
+	C = 89a706611f3a16540a48b8873fa80efea601db77751e4355a9719a57024d8bdc27f62cd54ca89bd528c674a17983241f3053a1f54b4f1b2d290ebc6018fe3f5d9067475ff48f35ca233489d41e71b242095ffe63b07666486964ce5908b9b00fe0b7ca02479c30c54ce8c9b2846e35
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 71721a83471a7fa53ccf3d211c9c19593119903b4460b294555da2cbb097a55f0e94416769e90d3624c5f8c66d923a68b804d8d657a2a47fcff92ca73e44e084df74a36cdf50109117cf945fe36eec03503d5f5092f29b9c36bd05625a1a9515fad41dc5bf32c3b7621fbddcb8a09d
+	C = 89a706611f3a16540a48b8873fa80efea601db77751e4355a9719a57024d8bdc27f62cd54ca89bd528c674a17983241f3053a1f54b4f1b2d290ebc6018fe3f5d9067475ff48f35ca233489d41e71b242095ffe63b07666486964ce5908b9b00fe0b7ca02479c30c54ce8c9b2846e35
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2dd59dca1c2b3654d810261fc01f3a0a9ebb20d4cfac664806665e128245fb94be9379adb0d96f03a7a5e2a1d47f17c43186a4e6d0587a9a20ad96fe26769a470a6edfa7f489627d020eb5b657b9b82fd935344c612295d9b732789829867e46429a3f5f058a9c7125a13d0633087fc714990a2a21345c70dfe990b7ac29956d5c89b3c08730725dedd04929be477fe62e66d52ab056c500be1d10da01a1cd5096f4069760e5f3ff83695e6b91eae226d57586eb104b5f837a8014ddecc5e618dfcc97e35e40a541efe8b80c4f38c6157d77974327c4c029663a1bda4169cf4d051f3a2c82d84a38f3a2a283c082f65e1f689cad4ce30699c217f1b8d1d614a4
+** GENERATE (SECOND CALL):
+	V = fb1920e4665495f94717f5a85c442857d71b6bb2b97ef5e9fecf3d22b2e5313b368a6e3cb691a90b4d8c6d67e7155ecdad1f1f7199e3508cbd462b68ff1477c18ea6e3a327fdc56b059c4dbd0f12acf584d877858a4218a982c19cf37d584c608ec3a0ee8b2b8463f3ae4f31afa9d5
+	C = 89a706611f3a16540a48b8873fa80efea601db77751e4355a9719a57024d8bdc27f62cd54ca89bd528c674a17983241f3053a1f54b4f1b2d290ebc6018fe3f5d9067475ff48f35ca233489d41e71b242095ffe63b07666486964ce5908b9b00fe0b7ca02479c30c54ce8c9b2846e35
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 1c8400bd67893185c1fe0d77ff0d467e3b8f92ab022066c77e493a76ba08722f
+Nonce = 69b651540599e3c319ba302123f270ff
+PersonalizationString = 
+** INSTANTIATE:
+	V = 939ce8b120430a21dad0c16d9e065116b76e788173a7ac89a4cd1de0914034ce543def0c3302dfcb15aa1fed63f9cd1cb8a39dfeed23a5d00554a4e0bbf50ccdaab8e8e84354b0fc8969bc7e73a557be0be7354d3d869fc42df8b6cd936559832a4d3db8c445450da9d807ccd2d74b
+	C = 1ee392d72821c9b7821ae245f3600ea568dc5e1b34cbe19f93a4ac6a6f7ce8de2a416a8479870b9762655bf63e94639c9aa5d2fcb2f62c690ebab7f84f88ad6d79e8bd51e9d4324c606b8f970b52b7dfe123802b98e252938fc3a37b7bfb975d9bcfa3ee9989fb0d167bbdeaedc4d6
+	reseed counter = 1
+EntropyInputReseed = d25b161f8112555c82fb7caf97604ced6b273767dcecbe7ec16ceb33bddc9fb8
+AdditionalInputReseed = 
+** RESEED:
+	V = 23646dd37734fca289aee99818e2b22578af2821d1bc35155bb26240ea51717d9ad0be205a73e66f478771ef750568dde4ae5e6c591cce500fbf4833949c05a4be6828e7c9040a4ea0188e74141f9d4378551ceaa8ffefeb619cedccfc9e16f522d4549cdf1c1636fd4e3e66be3dc7
+	C = 5b82d835aa8f982b2b5e75a1c940354e65f2ac2a26fdf103d0a022ccfe5103108ff91f9bd3dfd06184e214f112ca2c1d4d4158114b25e3df9df9a59237c22efd3d529849b1c7c7fa9086b366c8028ab1c8825c0fffa0a05439853300170422c297b68e2ee0b5a63009fe1aeb9d09a3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7ee7460921c494cdb50d5f39e222e773dea1d44bf8ba26192c52850de8a2748e2ac9ddbc2e53b6d0cc6986e087cf95d0f7ee8928939124dacd9fee3b8ff4e2826af2421331665edcdb2abc593402263e5185bc88b514111b69733c877ad104d79cf5cdd5f3185aff283b6f1b20f7cc
+	C = 5b82d835aa8f982b2b5e75a1c940354e65f2ac2a26fdf103d0a022ccfe5103108ff91f9bd3dfd06184e214f112ca2c1d4d4158114b25e3df9df9a59237c22efd3d529849b1c7c7fa9086b366c8028ab1c8825c0fffa0a05439853300170422c297b68e2ee0b5a63009fe1aeb9d09a3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 88c83ccaff5b95d8876ef8c11b9196993451cfc704448f8be7bf0c5496804abccf350c0d6432e5078f4eb879a6e31a735d93b6e5cd523cd48125c633e5cb307b3a2c35091a141e0cc658a1becbe0edf453eac7b6d033eab5de03a3e1bf9e4f5c3ac8c65c4f08f9814a450cbb2b49a7fb52f7f06f0672b8d7399e78c4e5f9cc729c277442ac842bfb541e006e26554778572e00bfc820cd1450fe9064b89dfb08a0360d290364ddbc5a713158caee524058c1d55ab6788b3c7387b3081b13e1d16651ab9d77be6217ac3e0e2fad370df755f5640ab9c584d7274056e8bd5560507b6d7d7c9983102a6cedecd03f4ed8ccff41904302a78bb1c000559d622a90c9
+** GENERATE (SECOND CALL):
+	V = da6a1e3ecc542cf8e06bd4dbab631cc2449480761fb8171cfcf2a7dae6f3779ebac2fd5802338732514b9bd19a99c22615359d485faddc1c565a058d4e2a6aa7e91849ecd0516dd0983fc31e5aab11fc59d427dd4afd17570ae520f7f72ba5b09392147a0642daf48573b7356fba13
+	C = 5b82d835aa8f982b2b5e75a1c940354e65f2ac2a26fdf103d0a022ccfe5103108ff91f9bd3dfd06184e214f112ca2c1d4d4158114b25e3df9df9a59237c22efd3d529849b1c7c7fa9086b366c8028ab1c8825c0fffa0a05439853300170422c297b68e2ee0b5a63009fe1aeb9d09a3
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 22d8485191f1777193b98bd73305862a0b862b14ca56f81be17261ac3469ff15
+Nonce = 42adc9a11c2aa84d4eccc0a653be3895
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8f54b99501c617d407fab66e365ac861cac036eb49168d59ca52d988ecda7033527f8aa222920f00712c77734eea35a09fe44ba3141aabd9ffcf8eab411bb8f61ca2ec40870facfc0008588cae322b89d13feb20943ab35355de334d9e09f8cbac587e1646735fd76d13cabe424da7
+	C = 166896beb8dfbfa0b3505b1e54e4b16196561af7b21e5bd1f780f1b4e88280fffbe280edf48ea0772bed92bb03e7b4f613fcdb91aba5516a65c152e55bbec1e65d182beb5fc41e095cbf093f208b772e2c59b185a8fe4c6b98bc7b6412efb44bbb03811c774fcb6b7e3598204b7d5f
+	reseed counter = 1
+EntropyInputReseed = b7d5f7bc51f8c57003a5092178118f7ca84ed53c9d0a156c6aaac0dbc8a081a4
+AdditionalInputReseed = 
+** RESEED:
+	V = 628ba66477372bb9fcaaf95f561b59d32c8a9301780404a4f8b7f7732c3cbf8a9b705500496a28caa163b0d85bc40ab6348502ef0a3f248a4948b88b31fc1ab0283ca7b3ab74c8004e2a21dbf9c7d9f99af18b60de566c6a1bc9251dd8eba6fe61d6d74f6606d61888cf6c17449675
+	C = 770e9965f0c30e8447b9e5a8df402a7cb3be4a684bcb0f8c56aed87c80ab89c88716be3493b6866c036d48ba4c33fb3b9012d861b42e67820b968dfcbffd2bd744f0e0238eb223135c724a60820cfb2461ce4f22403c358c45950c0a7d72b6b7458cbf24db8ef5fc3c7a48d9cb3c53
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d99a3fca67fa3a3e4464df08355b844fe048dd69c3cf14314f66cfeface8495322871334dd20af36a4d0f992a7f8060959d1608f3377b962c2d93a900b61538411e943103fc139c5f17cde111abc8e2a24598a2474f16ea03d70dbf8492b222d13559f3f2fafaea7a84f52171ab6bf
+	C = 770e9965f0c30e8447b9e5a8df402a7cb3be4a684bcb0f8c56aed87c80ab89c88716be3493b6866c036d48ba4c33fb3b9012d861b42e67820b968dfcbffd2bd744f0e0238eb223135c724a60820cfb2461ce4f22403c358c45950c0a7d72b6b7458cbf24db8ef5fc3c7a48d9cb3c53
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 63f47b5e9ed1a9fa7c50348d07eb938cbae11705fa8ef45d51c73b3124b5fcb10655d8f1094d7a2f045a22ebcf562cdeede0de38121cb87e2b6a948612b8f83a79adabba64f93396036d6500fe06437e0abc388fb937d0b3972d903050f451c70fa1c284af16bbd3a83728160ef7c354b8ca8b099e10cde4df46eded748213e197e14eb9b58d0b1ac5388befd964abf22f6d810ed66fda716d7dbcef9f489021d65ff54f345446dbe476f73847329d5de43d4d6f266e0a6c8c7431277d506d04f1a0faf964beac87c464096640a7bf491b477ae5eda850abc28f8870b3e87c5c62a4a77bed26905b9a6b2d0384f8c0f2fe5dfb9483d19ad4c2b83267562d682d
+** GENERATE (SECOND CALL):
+	V = 50a8d93058bd48c28c1ec4b1149baecc940727d20f9a23bda615a86c2d93d31ba99dd16970d735a2a83e424cf42c0199f5a3a374298baa95e73e78e5b9721b71940b61e3ba9ba81305260f01fad0199a10e7cdf0d48c6291b5be804c4c216d7bae0b30d76199238f975af731f4c77f
+	C = 770e9965f0c30e8447b9e5a8df402a7cb3be4a684bcb0f8c56aed87c80ab89c88716be3493b6866c036d48ba4c33fb3b9012d861b42e67820b968dfcbffd2bd744f0e0238eb223135c724a60820cfb2461ce4f22403c358c45950c0a7d72b6b7458cbf24db8ef5fc3c7a48d9cb3c53
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = f83cc4bd9be34091c18ae7bfc1020889742d45cb7b8de8b539361d3dd5cc6a05
+Nonce = ba30232f535ad754ca5901a8efdd11cd
+PersonalizationString = 
+** INSTANTIATE:
+	V = eea4f34aa80cbf4e70d6e5ea8aa42d47d472e8604eb9ece476856f762646c6987fe7f6002f0d35eda63cec7cb4d1f6411db17b869ef566102b41f13ce36d9ab09957486d1b4594dd8a573f8a15c6cd584c395573318a9ddb59a6fc22e06be7262c6e8fd144fb089c29cca0afc33780
+	C = 2d1154eef07afb74298511a4156f5694b7152e0907f6b3abbf6718dd39e3fcf7abe4230c3bf9aff59ef652a007daf25a402b4e61b803580c732404212280b6e19421120b368b358a36a5c1d5c86c377e199aea8b2c8fe84367375e393ef482c3a82a2717bdf5162071ae747f4eb08a
+	reseed counter = 1
+EntropyInputReseed = 0abd672952edf4dcd36c5aacdb83eb681750b0354096756506a88f40132c52eb
+AdditionalInputReseed = 
+** RESEED:
+	V = 7937cbad341e58b181c3bb08c80fff739f092e1cdd6ef505d415a8e3b7787a24b0795526e6e2afa9b8320908ceadeb9e22cf43360b66e35d01c4bc25852c73ca7e671929dd154a37953a7b8549adb21966592cbd927d6c1e75e10ef60ba93f78231d4c6fe1d6378ca61b28e57d0af9
+	C = 16e7b05d7f636d27a36507d096d0e174cc2695448dc50df80d651c36843456b410dce70ee49985b7fd0784e214d899ade82c21737078531a2a27170f409f5f333fd77048b80d80499bfabef714c027266d25b172214a49725c9984736f19ba614a7b7046e58f3b70b0035738739639
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 901f7c0ab381c5d92528c2d95ee0e0e86b2fc3616b3402fde17ac51a3bacd0d8c1563c35cb7c3561b5398deae38685bec7681414deddd8d47e02b4b4f5b351bff29f71ab9da8a0f789f9ef722e1576fb94f55c5e946d2894782b24dc5abe90f9d92e7f200d8d36aec834748c23ae9e
+	C = 16e7b05d7f636d27a36507d096d0e174cc2695448dc50df80d651c36843456b410dce70ee49985b7fd0784e214d899ade82c21737078531a2a27170f409f5f333fd77048b80d80499bfabef714c027266d25b172214a49725c9984736f19ba614a7b7046e58f3b70b0035738739639
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2d21f674874828f5a153ace3d555f62964051d326b64ab7457ed96219ca015e0cf60e9747a615373ec883a00978a11088ac146a34390e39795596a0a6dd6674a761f39dd01b607d77a87a37d1d958c2ed8870aad719e1f3856bd8b453ab663a37cd8231848abeb9dfb05381f4de83c2eb4724a41b814456568c2b8d10e82ca196b75b1a0b3ca4a71081c235e25000ad1b3ff4bd658bb55de5053aae2bb277b850a27c854b5e3a3916d7c97b4beace2bee8c9607eace87d20b3d0223a2ad09854f749557913cf392b18bea73b41c8165c695b02d4008ca88b7797839154c378229c42d413c871e4138dda604fc6d064ffe59597c4b50c8036b44022b5302a14b0
+** GENERATE (SECOND CALL):
+	V = a7072c6832e53300c88dcaa9f5b1c25d375658a5f8f910f5eedfe150bfe1278cd2332344b015bb19b24112ccf85f2063a67f8937096a407049be3d5eb81c497213008b5c3150aaa293dee75e3bb7977dad1cde2f83bccf65a50049b4d0440ddd8184ab6914172c3aec138e0ccbd776
+	C = 16e7b05d7f636d27a36507d096d0e174cc2695448dc50df80d651c36843456b410dce70ee49985b7fd0784e214d899ade82c21737078531a2a27170f409f5f333fd77048b80d80499bfabef714c027266d25b172214a49725c9984736f19ba614a7b7046e58f3b70b0035738739639
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = c3cb1d0956678a55a269f9b432be77dc36ab9773cd8faa0deb46ba6c7f9afb6b
+Nonce = f42e25a9b84815dc7551898e12eadf71
+PersonalizationString = 
+** INSTANTIATE:
+	V = 511f979ba26890e2b3cd937f19a94685c2d3c4f328df0bac487aaf9a7432bf1009078b76a2a3306478d2c6a32c706448ee44e0240cb51cd7d8a3f366506447e0c61673fee7ee1c91e841a90f5df452cef1d1f25559570ccdd366e930d10d437dfe941bab66838dafc36ae6aca15f04
+	C = 204b037a5543d3a0326d89163254f1013313a81520527a3e7177f691f2e2210407de7634565c0cd4a9512a56894fc196b87be63064f9420e403a884665c08268dcc5420e232cbf8be125770027472d99d6094183db391a5d65506c0a120a75f38d8087b357b8deee929fc93dafbdad
+	reseed counter = 1
+EntropyInputReseed = 0d58a8a9beb07569a98bca5165735d2fc5067a0532a788c9eab3e6e851e7ff9e
+AdditionalInputReseed = 
+** RESEED:
+	V = 943513350726de7c9b8534d8faaf15321128fc9f152d03eff063b01007a70167c001c4b00263f7fb849e7d08e9fbd3e1f2aa52e42433561e180d796a6cffefda238f646b0ac9dad1743df17fe526f40d6e72a232ea924e216db1f37f6189c54d6e757ff425753de0a9b0d410c8f1d7
+	C = fddef19c82b24d26d9fee76c8563fc21fb0446e65b2a7ed0de95bef0e9dc3ca3f3eec5678958a22a13bc049ea980ca9b764fc4892f5a791bce884196737ca8d6bb6d059e25501ef7301fedf471fb03689e0c2b8b47f4ec6296e14ffd3673efd471c58838b58dbeb828a08134ae64f5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 921404d189d92ba375841c45801311540c2d4385705782c0cef96f00f1833e0bb3f08a178bbc9a25985a81a7937c9f3b8566d4f27c002a564342b2d44bbb3a26eccaaa93c8af8819a060d9fd467a6d80f25c0e870de733a229f2fd049450d5310838ac1fec171a66d05bb1b3b30478
+	C = fddef19c82b24d26d9fee76c8563fc21fb0446e65b2a7ed0de95bef0e9dc3ca3f3eec5678958a22a13bc049ea980ca9b764fc4892f5a791bce884196737ca8d6bb6d059e25501ef7301fedf471fb03689e0c2b8b47f4ec6296e14ffd3673efd471c58838b58dbeb828a08134ae64f5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 324a429b4ae4238f541ecc6b148fd2a00e8be4d9b35b030c08d0b5eace2c0af8433b47df1ab4c0c83067ad50499ac72ce59c837c8a9cdc8f87b7d1aef099607a3682fb99171cc191b31296c60aac138d0f365676a0f5c4d9f1095bedf9c009d67d7dee5f70c97d48c4e37122f203607f6efa8fa0293099d55d1d9d14081e2b78fa5b0e6ef3cd3648f3582f7fd330beae068a3320048155f505bf95176a2d0dca5579269e38f597a55cb54d83372623c087e4b02874afe8211141201aea1f914d66daa06c972985e096750e8a50651caae5030ec72009d75327fd0dc717546555e4f01e3529e93995e1ae9a2aa7742dbc89a4266aada5dff289c3566fe39fd4a5
+** GENERATE (SECOND CALL):
+	V = 8ff2f66e0c8b78ca4f8303b205770d7607318a6bcb820191ad8f2df1db5f7aafa7df4f7f15153c4fac1686463cfd6a9105f7c9149701dfdec713c17d2ddc66f11ef8d64d49fec22fade4aada395fcab011ad5babef0fa767ac6e21e27bfbfa85088149cb2319e770c9d33acb2c3f28
+	C = fddef19c82b24d26d9fee76c8563fc21fb0446e65b2a7ed0de95bef0e9dc3ca3f3eec5678958a22a13bc049ea980ca9b764fc4892f5a791bce884196737ca8d6bb6d059e25501ef7301fedf471fb03689e0c2b8b47f4ec6296e14ffd3673efd471c58838b58dbeb828a08134ae64f5
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = babf3a219eca8b5aeb7ca039fadcc905c26fcff5b3aeb88f5894d22dbe10f344
+Nonce = e223685ac3dd91a761f33960477dd540
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2cf8777d15c235aa65a40e4319257d347e04260955e47aadaec77c6f6180dbdbc88487c1227a9f98cadfa8162be8a9e4c5f6c890fab81ee56e8f8a074db3b81b1a87729e38e9f69357673fa94aa320557047691b9d6ff8765ff6c5e4c8e0b7c344575adce48994310b61164a67a1aa
+	C = 89de8e4089be046394a34a335d81bcf98faf64b1614159247d3315b0d948f4eab71aa0dd91a323e5b0bad31b31abbd3d3298f932cfd729a77f6cacb12df120177da7f36db52bfa9fff594063d1e31099d398250cb8082275e11f4a64a47a48a1a20af4913e764c3abc666d3d34bc6a
+	reseed counter = 1
+EntropyInputReseed = e07e4b6fe7e2c8ca476616ac333e1d5e208ba2613a53dad7d77d2b27ab40743a
+AdditionalInputReseed = 
+** RESEED:
+	V = 4de68e4ccb771c5e04f9f840923689dacb4e53c62694c6497826a4f4017554dad034323483ce5b2fef8318570519624fc06c9a78563cbb35647c32aacb9da0dcedc4e98086ebe831c0c32d62b98fcc7e10ecf92ad841670ff6b002ac2cb2d400b31cb14fcc7e0a8c65f76bb31d4096
+	C = cfde7555a56d8d65078d867d58399da5890058de08093d1d78cb695b61b13889635db9e4ce88873319fc5b7ec45713997a4a749df6151941b9aa9478db05070aab483e9f972c8d5ba10c4454555a94e45b9558305aff9bc3424eb7d22568360dcfcd72c787fc4ab3a787008d87ff23
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1dc503a270e4a9c30c877ebdea702780544eaca42e9e0366f0f20e4f63268d643391ec195256e263097f73d5c97076107fce1ee1f55f8ae14c9a599ee1eb06b5dd23d4b62f4f8a0ce3172c7e67c242a533c522550c4b26ce4b8617214d91c8c053354af7bd5b248bd8ff50233e729d
+	C = cfde7555a56d8d65078d867d58399da5890058de08093d1d78cb695b61b13889635db9e4ce88873319fc5b7ec45713997a4a749df6151941b9aa9478db05070aab483e9f972c8d5ba10c4454555a94e45b9558305aff9bc3424eb7d22568360dcfcd72c787fc4ab3a787008d87ff23
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f84d73f85d0f98c2c1116842658e7da733de62f745912dabcfcb0a8a2dc714c4dd7be208ac6aeb7b785925b9efb1e7d39bd99992423239ec908d56277cf0d8954f8d7138b75b0948fc40f877deaf80e62b4176b1139b71c948b0e0e40da6d55b9628f7865a56ad1969f8a83e9ae785d79a9692540b163e145f17a87c4d2be58f67256b323a25d4a05168a412dbb48ccad17e3ea32869c0d7f21ae32c562dff0c4219f2e5f437f36a67bdb600f38025bcbe9d8bd4a83f36ec64f0330869b965d45623a31b173d9449561e0d5e86c61d7381763cedcb858cf8ce1b94f91a1001e9760b863da675bc76a185997ec55115b0171397ee4880a990a96e09850295ffb4
+** GENERATE (SECOND CALL):
+	V = eda378f8165237281415053b42a9c525dd4f058236a7408469bd77aac4d7c5ed96efa5fe20df6996237bcf548dc78a79c1b57473821c4d0e138385769ca139e3b98eb6565246137978c98e9c02673f01d8137b7cfb2b079ad21d564441aff704f8cc5cdde6ed2a8d25b78e122a9d8c
+	C = cfde7555a56d8d65078d867d58399da5890058de08093d1d78cb695b61b13889635db9e4ce88873319fc5b7ec45713997a4a749df6151941b9aa9478db05070aab483e9f972c8d5ba10c4454555a94e45b9558305aff9bc3424eb7d22568360dcfcd72c787fc4ab3a787008d87ff23
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 9f7912d777ce01255a10177c2b133b5b756ed38b0323f5298b3532fdd29d2972
+Nonce = 285006a477302385c9d0e72641ec0049
+PersonalizationString = 
+** INSTANTIATE:
+	V = 66469da06e0e2f9a3214fa4431d1300cfa2f5e5417c38be4c7e09b2ee379ee23a6e685407bddd54b6421f823cb0c37f03168202a232c98410ec55979a94dd306a484b76cebe03f2327d1351f4320c9a2eee43e0e1ff61afc9b6a92104642b45ec6d1971ea66e09b35fffef82b5ccbc
+	C = 2b9eaad2430bf517368d90f0a46ee70e1fe2898fe36c57e4b9e22df4285f29051e1d49e9b901126d0ff317510711e9caf42b9d212ecb34c34f00c4880e8ed6c0d2db2d869d2c460bdc46d16428304e3771f1373fc0b6a000f211f1a7e39eac4759affebce254875c1e0197611433fa
+	reseed counter = 1
+EntropyInputReseed = a751165d89829340ab93df377e19682f79792171d6c0cc0f27c5901f32d535bb
+AdditionalInputReseed = 
+** RESEED:
+	V = fbd917f1453c81e86e726d92a8332af471e61bc23fbb7e30fbf0cc0994d66448f2025ae61f0522290103b50d61fb7d46c9e3fbee72475bef530ca05748cc268dad3fcaad6eb9436f6a7781dd4845f7f6808a67eaf61411eedfef6f4c7724ba6ad5c0d423767e53b0ac36a01feadf76
+	C = e53bce19b056f8c95a95df617190cf7b569524daaef46dcfdf6609bcd63523617151b28f85575d735ff860b1ea331f3419f4d2c82f86d1b78542e3f64adf544651306ff0ac6b3501e4459acfd4bb8cde560f77acfc865b7e5aae98bc439b7fbb66f0521e3dd9c25a69aefa1466fc24
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e114e60af5937ab1c9084cf419c3fa6fc87b409ceeafec00db56d5c66b0b87aa63540d75a45c7f9c60fc15bf4c2e9d542a3dc18ce9f81b6e27b427940861de7095ba16333436d0d15c8db988ff3ac3a3f12895ffe7bf5968c14e791ade8c57a4bb320c7ebe5964c4a7b8f811f04227
+	C = e53bce19b056f8c95a95df617190cf7b569524daaef46dcfdf6609bcd63523617151b28f85575d735ff860b1ea331f3419f4d2c82f86d1b78542e3f64adf544651306ff0ac6b3501e4459acfd4bb8cde560f77acfc865b7e5aae98bc439b7fbb66f0521e3dd9c25a69aefa1466fc24
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bfa762e1f47a6f5394f0e11b3f92c458e6aec3147675f67b6ea425fdc05b49179365d3e5fcdcdf6b4e80f0f8cc259935c8dc28a7302c78d5672e538a49c66575f7372494d9fb901f3b822ef8f97f69bcf88742a7c7d200bc406bd15539b70eee9487b65adbada97168df01786995c761a2f58d69ce178eb08ae22299af5efc69782053c8fbccac316024e27d4928b999a5c9b5f07b2147eb67527fe7c34d1c01a2ec25dd5508268a5888f683c18d2a28f2e7f28bad4c47373a593a85561846caa45f1bef947d4beffd7c9902cd6e4b398c9aab5cb307d7e593b6759e0e97ccafb7f5126501868171481a92206c9013f18c97ee5f1e33e4dbc9702d5773622f0b
+** GENERATE (SECOND CALL):
+	V = c650b424a5ea737b239e2c558b54c9eb1f1065779da459d0babcdf834140ab0bd4a5c00529b3dd0fc0f476713661bd100e059c35a89d70d31f68290d64cc3baa5e38cef5032cc1c1ec84969385be0dc45ce8a95175c0dfdf01d83ddb6a86f22b878051b5502e254ad91fc1ca6fd980
+	C = e53bce19b056f8c95a95df617190cf7b569524daaef46dcfdf6609bcd63523617151b28f85575d735ff860b1ea331f3419f4d2c82f86d1b78542e3f64adf544651306ff0ac6b3501e4459acfd4bb8cde560f77acfc865b7e5aae98bc439b7fbb66f0521e3dd9c25a69aefa1466fc24
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 5f0556f1ebc5802dd01ec86f35b32c4dc94c3d4d83833a20bd5a089df492f251
+Nonce = 19eb53fa268520b80700ba5090fd2a7b
+PersonalizationString = 
+** INSTANTIATE:
+	V = d1aa9ab1619edba68632e302f4b78f8888647723a41fa7e75fb29e4138ec8aa029da77c4796325d8407ad559dd84f105efe25ed2f1b0281e8a0f8550d38f8b013012a10e627c6b2a194b57fbc8651b1296da9a7a79423673185b402950e8e273493968c3535b522d6fb6d2855e2845
+	C = b42c491f6f288b0040763dfc937c0894414e9ee8eeaec557407c6e4832815b87aa04b90c499b69b169ce2d219d21d549e51dce91310fbef74a81188915f94b3e466098a0c888f0d0a051e7591ee64da6f03a76a42805a0d9397e41f0460bd1ee2614c6c135ad11b37e6f0010f76bbd
+	reseed counter = 1
+EntropyInputReseed = 8abb07abd10ed0491135f8c99e298b47a1c9d7a2c347f22d50778df59e84c0b8
+AdditionalInputReseed = 
+** RESEED:
+	V = df8c4342b992fbcda263dbac6f6166f2d497aa94d8e7c1ecccd2480c5314fac891f0959a17d3f1bf6fa142cb0e34a4fed154c0a80cfc6ed1264d4dbc898b41a93458b3b70613a7386f21146fff85b90279589c3e34b19a02e8c75d91730d6336eb54dc089a1962c69a24a24ea403b5
+	C = 8982f395e7eaf03198d16ba6843f4f3cedfe9f1cf3a4af1986a81d87890254385a75452a6dc622bddd9b8e9caa77fcf464677bb3368d81730dc6432e744d6343ec72a6ddb78275c92b65318e63839ccec469b0dd63d17f0fa7a0ff8f30c0513c02ca01ecbd150cd0ec451f1b858554
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 690f36d8a17debff3b354752f3a0b62fc29649b1cc8c7106537a6593dc174f00ec65dac4859a147d4d3cd167b8aca2c378b020cef86f3d18346337cf9132e5423970ce3da47e38d987449af5c97d95ac3feb7c3122cd7339cdff2105712b430cc2159c497991d3bb4308674d0b1a1f
+	C = 8982f395e7eaf03198d16ba6843f4f3cedfe9f1cf3a4af1986a81d87890254385a75452a6dc622bddd9b8e9caa77fcf464677bb3368d81730dc6432e744d6343ec72a6ddb78275c92b65318e63839ccec469b0dd63d17f0fa7a0ff8f30c0513c02ca01ecbd150cd0ec451f1b858554
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b286e4261fd7f68ec19bd6abb859d55534ef0d46eff3a1a0c44d538ef0d5601e7f2f437f05fc841bd1466cd84752983cc81cca493f4a6db3a1e888a829ba9f495569f0d9c9937caac383ec1db5a872979dc2d48e2caf5c09116a36d1208d0f22f7186791f3c6309ef86ee5a32faf25cd3609dad7e14a572e38b57af56cf7d7c2418b408fc7d4860ba2ccd39d67b9a36ec82eddc6575298be35a70bdde50520fadaf0d213591178ca6d3b9c3a22a0a616ef3f2aa4a99ba920c5dc851c0290e686b5fea66bb1c212fd8e6dd9628d56f3155b25f454df9c6779aa511da2c45d5f96a4646292072833e87b4b62a43359321d00cabf8b5566b65debf48ebb6735a408
+** GENERATE (SECOND CALL):
+	V = f2922a6e8968dc30d406b2f977e0056cb094e8cec031201fda22831b6519a33946db1feef360373b2ad860046324a050fafc1e364b391629bf9c374c63c8e6bc3b73b4c284e679489182de509931949dba1c5073c4f90b9cd419522cc0fd6bb0758d4cfda0e9e6f5c0f195ab178ca0
+	C = 8982f395e7eaf03198d16ba6843f4f3cedfe9f1cf3a4af1986a81d87890254385a75452a6dc622bddd9b8e9caa77fcf464677bb3368d81730dc6432e744d6343ec72a6ddb78275c92b65318e63839ccec469b0dd63d17f0fa7a0ff8f30c0513c02ca01ecbd150cd0ec451f1b858554
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = d33e7912d0226f284437f4d5b1d3f604e448a1518231a627e155c87e823db695
+Nonce = 6ca6f23431d59cf82d3735a3431950ca
+PersonalizationString = 
+** INSTANTIATE:
+	V = 56c1b62eaf381763d90edce72b9b61aabcbea3859600b6c6bdd06609de5de10d3a0322eedcb1a0248a68f7d4257bd41808ab5b16952eeb9935007c79c2ff3a0035dba65f77257ea83f29ce475ff85c6d7cd98ca37512f0ed7b026e5d93c1fb332e213b83365533edd938994f655642
+	C = 127e36f8e11163ec2eb3775154f643cbad1e15c90bd9cded5716ddb4a80d63152a68ae860701f0c5eaf365607ada049cacb44ab1249d7ac439c38ba210ab75ca4f30cea9ed4429bf708f889b833e22c72e230284408e282495dd29e02f3614207a97dfc3da8806caea06145d6bd2d7
+	reseed counter = 1
+EntropyInputReseed = d5dfc35c1583599cde4895578b35debd6eb0d1bd89724689f935702872a46e1a
+AdditionalInputReseed = 
+** RESEED:
+	V = 3c8522e2ae891444f74eee4f09fcc8dc7fb49319ab5d38bb494a2febe3f2d128f19f46f2081811c3c149ea7309a4999db075bdb2d2a7e3100612c9f6e619a9938f2ea6a2a2afd9a72cce96c353420e0e3f26f29236860ee5364220d56fa9bbbe8762b543e8518429a7c8e88db21c96
+	C = 2da039e95cbb1b1900d310df23937c69c9a012c0a15d64672dfedf1bfd9c04fcef63b3df5cc825eaccfaeeb724eadb8d76c99f5d32b8082cc1d5c703ec31c2f07cd68e9baaf694d75b7ba6cf701e40b2309d59bc7dd413b5006a15d044d1418ac049717d63eb25b44f2844817d894b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6a255ccc0b442f5df821ff2e2d9045464954a5da4cba9d2277490f07e18ed625e102fad164e037ae8e44d92a2e8f75df7af1429eb5fcc7f8dad5418cb2518de0fa47f09e56eaec277fb34d3f78ce71c74d9374b19c2fd2cc50c9db8abff8711aba06a1e02e9b2eaeab813c85d3c78c
+	C = 2da039e95cbb1b1900d310df23937c69c9a012c0a15d64672dfedf1bfd9c04fcef63b3df5cc825eaccfaeeb724eadb8d76c99f5d32b8082cc1d5c703ec31c2f07cd68e9baaf694d75b7ba6cf701e40b2309d59bc7dd413b5006a15d044d1418ac049717d63eb25b44f2844817d894b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1fa926fc0d0a0efc60a1605ed047c998384a7a69a5ca21ce6e89855f353d0efa1c872b19d07675e10c9836197e73561d6aeace0e7da0cc2ad740c876d7ee81f9a2351d866cdfc7c81cac40b5dc27360cc04dbfc65d1f85e67e96d1e2c13d34f05635b2d0f8a213f1c927782f164a4e52955f0b4463c23c0d94161dbd293f9dce927443cad8a0e8e7b93348d257736d9b1a921c4ab6ebcdb1834d7c85fbeb8b5f7acd8520f78ec05c7fb10e1788f12a5ac7e1d8c726359be1038c91eb117b4047c33cf449569e7abe1d3b317d4177b6dbc91ba7e252863d5ebd801460a16aa997b41ca8036aaa8c40a9d9ce84bcf52884100b2726bacdaa33a1647313a9bd55e3
+** GENERATE (SECOND CALL):
+	V = 97c596b567ff4a76f8f5100d5123c1b012f4b89aee180189a547ee23df2adb22d066aeb0c1a85d995b3fc7e1537a52175ef32699541099a55f42519c2c1133edf719844a9e050cee836599e6e7c2fe08efe04cdc0fbe4e29dd378d9c3cb3b387f79154963600e746e7ce145589a05c
+	C = 2da039e95cbb1b1900d310df23937c69c9a012c0a15d64672dfedf1bfd9c04fcef63b3df5cc825eaccfaeeb724eadb8d76c99f5d32b8082cc1d5c703ec31c2f07cd68e9baaf694d75b7ba6cf701e40b2309d59bc7dd413b5006a15d044d1418ac049717d63eb25b44f2844817d894b
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 0b88c0f8ca652c7ef3cba55e1e0ec020512447dd59f7d3d5686ead84dcb134d4
+Nonce = 078023cf94084bc804f98b02432455b8
+PersonalizationString = 
+** INSTANTIATE:
+	V = e11bbc511128234648b04327b5af5459419de2914986063ff3a210ea6c842e8a0e7c1f71053a3105b00af1e67621267e64cae81a8800266ca5705288fc484c9aca17c929fb0f10d311d92eb11a890ff8d148d7ee758687de5008fd75087a8acdf313bf536c26727538d91f0a4c535f
+	C = a46203294c6e8148070690179199538f48ff8a583f9e0162d0dd785e4c4bcc6e8c4f4f597191497ff163bc7fceb9f42c4c7ba5a1b86816e975ef9c3122e6d2528fb534df34699c056f5fa67aeda46070143d2cb8eeead36559cc6f376283dfc498cd2e43c149a7bd1d8ec61eb80491
+	reseed counter = 1
+EntropyInputReseed = 0a16e8cfcc0bc99a09b5fa04c3067cf90b6ecb510aef2de3912d10e56bd4ccfb
+AdditionalInputReseed = 
+** RESEED:
+	V = b53865f4a6915b0ab968fe9bcac9194a088b843fbfcb77e9d6adc7742706d69c77411c11fa4be462cc36cf3c4f4b7cb349c1cf6124753a077eca629ce37c4881f7604918a47003c7251ad9c2e7925715f682efe1bc02e41bc982e7461944fa3b3c86f2f4f079eafb8fcdffd1dc2492
+	C = a5bc021d6620f13246ef44978b3e4fa27eff7ad58c8eabb5a8f3cb755a819c4c68bdf1b56bc1070b0569014d2a142d61fce90c9c855c226e541e930c563002eeecfafa4bbe2f34e45185430d08c31b20b0e34fb70a6e9440ba51a0629ce4ed90f469a4f4c57660a12418caed39b894
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5af468120cb24c3d00584333560768ec878aff154c5a239f7fa192e9818872e8dfff0dc7660ceb6dd19fd089795faa61b9330c81e88535998a85c7622e353581b9c40b51b9f6fcbbc0e1cd3575c7f371ea466511fe4bc548b01f20f1c43c9c06848408a7129dcd7751d5d76b3f08a1
+	C = a5bc021d6620f13246ef44978b3e4fa27eff7ad58c8eabb5a8f3cb755a819c4c68bdf1b56bc1070b0569014d2a142d61fce90c9c855c226e541e930c563002eeecfafa4bbe2f34e45185430d08c31b20b0e34fb70a6e9440ba51a0629ce4ed90f469a4f4c57660a12418caed39b894
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4721a85c7860dd0c1724dc179e629233bfa3855e59fe2db1d96efeebc0bf586a8cc93055e12b76e3d2f35ececa774692d3bce9f12450b0de355344cf7a6a073772d9b27dc0959452b5204075aeb234490af8f02c3e5258e27e107df01334fb8c4990edb6bcd356b0216565cc200dcfda26b4e696a49cb0510aaf2dbfec4ac10c9aa08eea11bc2daf77fcafd2f99e9d4b12cb69b965c58906d6967dc4d29aab6502fa7a9d57be69e655b3dcbcc9bda5c1d86e4b703afd87408bc9c64e65d8ad02215125d61d0b2567cca304a8feef71c3f90e89fa89700ce23952539ce7307b3220ec07a63644f92f3fe66eba1c9dce272ff90ca6047a2224ae3a46452a773d21
+** GENERATE (SECOND CALL):
+	V = 00b06a2f72d33d6f474787cae145b88f068a79ead8e8cf5528955e5edc0a0f3548bcff7cd1cdf278d708d1d6a373d81a9b54afb541eda0e3be8172e5aa7c7b4700f5187254909201fa24b020f1f0bdb0e09c0107c2aee43f4e0653dd9c21ec09e0fe95d0a745864d4ad6575d473f8a
+	C = a5bc021d6620f13246ef44978b3e4fa27eff7ad58c8eabb5a8f3cb755a819c4c68bdf1b56bc1070b0569014d2a142d61fce90c9c855c226e541e930c563002eeecfafa4bbe2f34e45185430d08c31b20b0e34fb70a6e9440ba51a0629ce4ed90f469a4f4c57660a12418caed39b894
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 5ecaf5980c3d9b135450ef40d8cdd20885cdfe1471e47cda7de3dcfde280b12d
+Nonce = 8d894a3a92b28aa7356cd4f88ef9256f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 160a8f30d1b6f682dc56d241aaa579107f388566b6d65f85d0a3ac45996f8d1a73d1345deb7a270f5610a40b46493f2efbe8cf7b9ce303213a4dcfc2868f04adb84da050ee16f740114844a548def10b4890f998ae39d7859a900102df214b530bcf8e40c3c12eee8e356c70cb31a6
+	C = 257b4be58f6b08eef72beac8a75d25f0b6c4ae9e59c09f46af63e44d4b8a82e47d066bd67d464ed5a6fe24e5fbacebce7c1bdf5d4faf0298390c0cc8d2795cb70d1c4a4e2a5bc7f7f07793b2aee65fa80f4386a3256ce2aed6b347d7e80cb380f9b50cfb3add80b2bbb65d69cf7233
+	reseed counter = 1
+EntropyInputReseed = 556127694e83df568c8c964ee5276a50954421ac18ac5408ce2f16fbb85d7edb
+AdditionalInputReseed = 
+** RESEED:
+	V = 1d030a9ca1c8ca939cd646a59fc929f8778783802eba156944140d20aa24b9e26820fc42308c3984fbbdce5fe48c3b7bf017301d70d8b5c0518ec50856818d4ac95d0e2baf2a6b7f716ad8337c2d8144dc5ff298590db52b2d0cc927a56e4e071a60e2600020366f5feab886b38512
+	C = 5d268d4f1cefe7f74cca350e5f39e245e4a6908958e20a9f999ea8cc5c817a48fb3b6f61d07cb49e5c14b0b2b0bca7ac3c179fa89631bee5a6e86f23d7a59e370a7441eea09db32c80ae1654cb3bfe0327d2ce760861d675e2b89a2dab5d48b6f8e6fbc0d3dcbc871fa3606ccb9243
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7a2997ebbeb8b28ae9a07bb3ff030c3e5c2e1409879c2008ddb2b5ed06a6342b635c6ba40108ee2357d27f129548e427a7213e8ed76516da3573ae153c86af6eddb392c73652978a9aba636f1bb654ea85a6cb3f8028c51b7dd8ffba417b72c72c118c747c4c75ef3f9d3ed0540c99
+	C = 5d268d4f1cefe7f74cca350e5f39e245e4a6908958e20a9f999ea8cc5c817a48fb3b6f61d07cb49e5c14b0b2b0bca7ac3c179fa89631bee5a6e86f23d7a59e370a7441eea09db32c80ae1654cb3bfe0327d2ce760861d675e2b89a2dab5d48b6f8e6fbc0d3dcbc871fa3606ccb9243
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8bfdb9f58d2b55606464e7cc5373575cf99a402ee18f74bb022bd19bfc219106a775728e2219795b906d09dbd7b31f4e5a52fdf020fbcfb99782c652dd71004e7535ab375d79bedbcc9034ed3fbae5953f76816db8ee2a6b9dfdfacf8fea9fdfd614c825bb1d04782ac376cae6c667df2cabe5d07c011ddffdb9ec008397d06d3aff9a9f57c2e311824c6159b34eadbbb967f0a43745cca536d5121457483695c37d4b43644eacd7c689ea555156a2e42d86b92077e5ef5270d7dfee1b82c34707f6734065972f425e182a1f1fab0036fd1f5cb5e6b8f08f72271dcc745d8eb1dce770b2fa20f3d0d69357dcaa5b68d5630b8aee37fb130075d089b120f128e4
+** GENERATE (SECOND CALL):
+	V = d750253adba89a82366ab0c25e3cee8440d4a492e07e2aa877515eb96327ae745e97db05d185a2c1b3e72fc546058bfc40fc15aac73ad01f3d359833e81401caebdeba861e83d48b5d1da5e3968509eb4ac816763e17a51f64ded46c4d87ae8b3fbb1b6617e6085de8e17015e41f63
+	C = 5d268d4f1cefe7f74cca350e5f39e245e4a6908958e20a9f999ea8cc5c817a48fb3b6f61d07cb49e5c14b0b2b0bca7ac3c179fa89631bee5a6e86f23d7a59e370a7441eea09db32c80ae1654cb3bfe0327d2ce760861d675e2b89a2dab5d48b6f8e6fbc0d3dcbc871fa3606ccb9243
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = b34b8b0cd22229235b4730b721f221add3d5700f42aa62c034a41422b574e1ec
+Nonce = 487fe0819c877fbd0463b7b6c577fb47
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8aa1691e877d229a2d8b120fcc868f2a00bc5525e864b189e88b256c705c9bd16529185596cf33383a72945d97ff5a6ef5820f6a097f76d73758632b26cd6054f10fc06d03faa97faa95d4588489e97b927ff662527f6478ee4c55a668be6c51129d935d16d45941cd1191dfcf6381
+	C = f3fd71cba07244f3904703dc5d9b656616d0fd0c64ecdb8a5db86c9b2fa5f5e378ca094c1e5bf882b9603a6a029413afd788047bde8bd5e603ebba2031817267d7bd6bf30076026e8a31185b03907dfb186cf4c20b6510db3e13643ab38bae1a0f81776b72d4d0b12a26ec84ba65c0
+	reseed counter = 1
+EntropyInputReseed = b8f2140a0185bf2a8990c6553012ecd86256073d5568fba55b23a221c0f4a89d
+AdditionalInputReseed = 2e719ce4af8b46148d058e8ff906c557a92d0723b88921a548a9378b9205af04
+** RESEED:
+	V = df96e5512c551d9ca023a9dba8e2c86d251b1ab4fed7a00fa6b0c32143be674d1a0d15d675640896fad4c12e153e300225a8e190e1bbfa222176c5dd388a79a593732bb729dfc46d57bda1ed13f3a83a608cae5e94ac53df69dd25dd29472c2ea7fe7e9ebb06a25ddb0177638ef38e
+	C = 15c9b3ad21b94c257003b3b6583d9d39c1b425edea5b27f8732aaf58c5bb04961a0b9d337f093f9c315e38f2d0452596090705042e2341a4781515fe3728bec237edc04fd38aa9ee63197ae989948de6c9c3cfd9af096847d635e92ada102185dd338795df423832b2e76f25c982a4
+	reseed counter = 1
+AdditionalInput = 98948b72d5507575bc4f5bf33dbb481026c0f637cf40e5a8eec2055576d5fbba
+** GENERATE (FIRST CALL):
+	V = f56098fe4e0e69c210275d92012065a6e6cf40a2e932c80819db727a09796be33418b309f46d48332c32fa20e58356cb881a839e4ad6031efded405993517c6af342a94c6c59c27595640e2aae9fa73e151903df743870c1c9638f53b4f2b6ce4a84c8ee4b5c83628fa27d9ad7167d
+	C = 15c9b3ad21b94c257003b3b6583d9d39c1b425edea5b27f8732aaf58c5bb04961a0b9d337f093f9c315e38f2d0452596090705042e2341a4781515fe3728bec237edc04fd38aa9ee63197ae989948de6c9c3cfd9af096847d635e92ada102185dd338795df423832b2e76f25c982a4
+	reseed counter = 2
+AdditionalInput = 2f45e58d9ca5277cf45d863e74ad77e4da913999687ddfe0da7e5b7b8cdf5171
+ReturnedBits = 1cef882900ff614a30458be5be5afdb0a778a7ad1ecc143a13cd70340d0ab655a67d432c28f58d90818e5d22313b9504cd9fcb2a594edde78c19d4d3ec802e5003005f366d74921c239ec1405a5da385ae5f130cef141760d4d32154af05667ff2fea79e49878b0f4d615e7ecbb390ab6efc93d279b91034bc359bf8b26d381fbd45177845ba7f2598eee181796fe574a0374091bf33b59b16b13f6a8729f6a30cbae410ae9ca197827829b79534791ff38d81644f78ea1606febeb077cf4a66677ea5ee864d36b36a8b90ed3a34e212dd773934f417c4affecae86e1916fc057d5689578d10e8ee782d856c8c888d516fc231906070399adbcbc49521cc3d09
+** GENERATE (SECOND CALL):
+	V = 0b2a4cab6fc7b5e7802b1148595e02e0a8836690d38df0008d0621d2cf3470794e24503d737687cf5d913313b5c87d4353cf7e7b6cccaadbc396a7ac44c2d3d2b69b28a682f73471d3715b8ab03d150979c481d5cd4c282ef35df2735c09fe77f1c9b2dd2e762de149d2ebedab1965
+	C = 15c9b3ad21b94c257003b3b6583d9d39c1b425edea5b27f8732aaf58c5bb04961a0b9d337f093f9c315e38f2d0452596090705042e2341a4781515fe3728bec237edc04fd38aa9ee63197ae989948de6c9c3cfd9af096847d635e92ada102185dd338795df423832b2e76f25c982a4
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 5ef09b694696b3dd537371134cb037676b8ec73e4932fced874badccdf14cc1e
+Nonce = 22b1ddb0c3fb709120a7db91052ab7ba
+PersonalizationString = 
+** INSTANTIATE:
+	V = e29d60e9ebec0284c1a8289213c73fd2cf892c8b472808d0bc2ec18917a45667f9420145e1ccfdb36cece86f45ac71b6f248a4875bb7762d0ac8a921c70855e55cacacd7418b1a5b65144cdae0b44a88fcc9383ae8b2626d9a393577233220fb4ae24d223eba762ea233fb36d70137
+	C = 27b6da9b91ffa836e10790e46418997bfbf5723053bf1139ba7bcfaddcb390c6be2345ee9e642be4e05732a78d9d4f7826ff81fd1f5c61ee3b4825293bce4d9acbfd9d237df0ac5b05468893459a4e5e15fbbd44bab59934c26245d9dcbe2894101300136fd8d2b72f558a27838752
+	reseed counter = 1
+EntropyInputReseed = 827d0633aa3c4581cbb33c15c8b0baba6546553f69006845298a5cd88bf9c84e
+AdditionalInputReseed = 80a35db464e75a44d7160edaa75ba4edab7224701a08649352fedb8d05a4bfad
+** RESEED:
+	V = 582ec3882583f55838a2a1f2e61a7b3cce62e42f3dc060d3e05e507b6adaf6041539bea798184ab31d45cb5af2e4a94dcef08a9332d8e76b61b5a294761892c9681e5ea97c3cab39136759e6ea9cd3cfecf7af0e93bd1ce1264cae285efe15f1dc78ccd3235b23e72eac340d1dc03f
+	C = 43ae72f98719f2db663856b3f331045c6ed93a758fcb5024f3bc017e13c07b02da157547056c807bd383900d6365fb76a439eabafd88e377bcf8a31cc557ad8134bc7f5e70b6360961c00a326f549b266f1957e3682197f5e97bc294881be2f1180d8feb1494026aef302c77062bb7
+	reseed counter = 1
+AdditionalInput = cce8b79d910dbe48da6af3d773ce83e77354ee9e75019d3b31f2efbbf46a1599
+** GENERATE (FIRST CALL):
+	V = 9bdd3681ac9de8339edaf8a6d94b7f993d3c1ea4cd8bb0f8d41a51f97e9b7106ef4f33ee9d84cb2ef0c95b68564aa5cc2f1e2b660675cc12010758b4065e76165cea58d12bea60a3a23a402d0818561cc718a49a56a2d7a76faa4c25251dfbb9b6baee1e08d45e4475351833b34955
+	C = 43ae72f98719f2db663856b3f331045c6ed93a758fcb5024f3bc017e13c07b02da157547056c807bd383900d6365fb76a439eabafd88e377bcf8a31cc557ad8134bc7f5e70b6360961c00a326f549b266f1957e3682197f5e97bc294881be2f1180d8feb1494026aef302c77062bb7
+	reseed counter = 2
+AdditionalInput = 4e72e944232829c21b14fd866646d8b0bed2b7727f988be6c25932911a083b7e
+ReturnedBits = bace0f86888874685dc590cdd7206f501b43cb2dfae72eb60dc5e1b19be165cc91719d62adc0ade55721b28a6676a9d70db02fb61eaf9d29b6617f02deb4f12a11b13ae9215d6c271a8e53950b2bccd71e9c193f07106fc58bad2cabec2c8c971671228f50884fabe7309eb85ce0f5f684d9f2dbde6916fe5cb333a3917915a1ad17919eafef0d80dbf076370956798a485a6c865bb584d9a0f864f8e2f16b25ff03050d4f9a8f8d7933dbd5020e9102e7fb0c90383e635aaf4c828be33c8c98dae7766cc5335dbaaed4338caff221e2089a1b9e1938c9cc6f93b4d3c1f57e5df596628d034ef8739a8ec9df82acc6085e4605271a023ed460f69f304e3cffef
+** GENERATE (SECOND CALL):
+	V = df8ba97b33b7db0f05134f5acc7c83f5ac15591a5d57011dc7d65377925bec09c964a935a2f14baac44ceb75b9b0a1ef35365c0d51a65b15480085c1e836f3cecf4d69b9a14d65dd2935fc44e1db0e66d2b90df549987ca7c064244e56af0a92afacb01d3c481ff6e2e52f172a1e44
+	C = 43ae72f98719f2db663856b3f331045c6ed93a758fcb5024f3bc017e13c07b02da157547056c807bd383900d6365fb76a439eabafd88e377bcf8a31cc557ad8134bc7f5e70b6360961c00a326f549b266f1957e3682197f5e97bc294881be2f1180d8feb1494026aef302c77062bb7
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 69651f8d8b2af6a9e7cc13a3bbc6810988cc4b08378257c177b3908e5e2732a8
+Nonce = 26cd875b841c1968cc45a3580cbb29a8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 46996dc330506d21e23acc85971820e7ea28648473ee8d6bc4062b67b999cf363c1382b5d0607a84b1e20818c7336c983cbc3ddc5f9f44e6250b5b79810afb7da7ef3cc424520aa9fff854bfc6f32f9f1d3583cb44511ae87e19973ce373469d5dea087bcb0240b58e930714511ab4
+	C = 4dcd1435b366a638db267350dbd8da86301ee2f0c2ecb6aa26a83814ac4fd85f329bb009edf6920c7d58e8bdf56edae305bff5891b5fafeb6070eade30d772d7dfea4d94a3a9d6e95ea07691df5b9a587897da0b46f442d2b71908e1e46acc1c8968e6df95ad037a264d3e281e8568
+	reseed counter = 1
+EntropyInputReseed = fc1e63664bc19189a1170764a7b55d3f15cd96abc0ad348fc0dfd5612ba6e512
+AdditionalInputReseed = 9669d1b2d978eaf0d4fc414b821fbe288b578c55e435ebe7b09c07b0455a1fd0
+** RESEED:
+	V = 53cac886e94ae7e16120719829d5b3f3d58b7d00c1055440910ce7323b3d46ee38efd1e69dbfffa40430d925c1a7a6d5439f752079763070b40b90041ac4f05058667becd9f77e9b41ffefc7a6a5b06cfede931828c3564c57c3c25081bd0881629e5065d238fc00aabca85fa9632b
+	C = c8fe7ef3c20ed86168cedc911066c87b071031f0e17526d4d9a24943be2b360ca6e53b0f03e8f1fd0423a0f4030f996b5e941b04fa281722ec95c5936c3e0805662cedd734ee45eb2e2e36c68d93cb845363d3b4acb620fb621b14690fdb4b9ab9486550ee3b20e6e4a2a753b9dd7d
+	reseed counter = 1
+AdditionalInput = 7d31fd45febeb0fe501036c8c238a8256b94dbf023dc1fd39562b6e3106d8d29
+** GENERATE (FIRST CALL):
+	V = 1cc9477aab59c042c9ef4e293a3c7c6edc9baef1a27a7b156aaf3075f9687cfadfd50cf5a1a8f1a108547a19c4b741834986d1cf14b83345b6e9d36026eed740e6016286eeb0429080d1275ac84ed9d6f288cc0040e00c890d85201729edd5ecfcf1c6e91deb5ceed1f5cdcdb21063
+	C = c8fe7ef3c20ed86168cedc911066c87b071031f0e17526d4d9a24943be2b360ca6e53b0f03e8f1fd0423a0f4030f996b5e941b04fa281722ec95c5936c3e0805662cedd734ee45eb2e2e36c68d93cb845363d3b4acb620fb621b14690fdb4b9ab9486550ee3b20e6e4a2a753b9dd7d
+	reseed counter = 2
+AdditionalInput = 34b5add67363a2633d677c1b1fbf6521999f34308722e6190526b5369df4b23f
+ReturnedBits = a8c8ee1302c659ebae887cfd13545027e8262c7b6080de1b92a358a7ceaae98d38d8db53a840defa34003748903b95be55376158b30ff744e23be929a0d1e53494cd838efc845d855fb7fdf79698455c07ada1d5a6855bed9ddb1669aefd88cd036d45830f808e5fb2d0db1e8709b5bab3f2f89a7ce626b61867abb5936ed91b140992496ac1a4f0aebaf616bc74d96665775f29ae2fd643e824ba1fea67e0122d904a26710ee629682eb1ac37906402e6d8042b0ee6be3986bf7a21432966fa562cc44019dbc093877570daa7d336db193fdca40a0d0b11f78b70b7887254ede5cd4d56e8682f3ced495d8e7a6ac8e1dff82df906a44e506c318fc148dab8a1
+** GENERATE (SECOND CALL):
+	V = e5c7c66e6d6898a432be2aba4aa344e9e3abe0e283efa1ea445179b9b793b30786ba4804a591e39e0c781b0dc7c6dc288aaa895d222abda4acf86431a390e3c766bcb957c5b807c3c4e33aca2c8f1e015f94c124151c068032870c4b1f1b9f9e14e33f309c50e46dedc419e1eb30fa
+	C = c8fe7ef3c20ed86168cedc911066c87b071031f0e17526d4d9a24943be2b360ca6e53b0f03e8f1fd0423a0f4030f996b5e941b04fa281722ec95c5936c3e0805662cedd734ee45eb2e2e36c68d93cb845363d3b4acb620fb621b14690fdb4b9ab9486550ee3b20e6e4a2a753b9dd7d
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 76803a1b46b4d925372f9d3421d26afe18589efcc48661345f99b27561cbdfb6
+Nonce = 37e47b3323be19205176469674de6ba0
+PersonalizationString = 
+** INSTANTIATE:
+	V = d80f5ef891429eb990d74fdfb38190db5420877e1eb6734c104afa4a3a61c10458927f72bde8e99f5c964f71102369341d4cba9d4538721dd4746cc67dddc7421e108f5295532ecb854481587450ff51b55861663ce634affaeaf8944b98b5c4b06a170654fc073d81f8b49b7686c6
+	C = d911fd3fe9f2c852ad5e0c09dd9e8ff57d6d8b81a30d892823eb80aa967f92afd1b8de6e71eac126e5b05f42222a6799d6438e811f155ee3f3200e2670d34d3ff5fc120ae2ec1597ab68113292fffea57a6224add313b4ae8615aa7c97a7a5fb59acfe9101f454456173203e2c0cc6
+	reseed counter = 1
+EntropyInputReseed = 4614de887d3b31f25120f4354b73e0200ce7d3c214ba09a7e7bab5dc2ccfdd04
+AdditionalInputReseed = 7b5a454df07307be1ade4602bcd4fabe6c1449d240f29f0eb7cf1cf6ff1c6bff
+** RESEED:
+	V = 0dd4360edfddde1a0a5325c17977a87c1a87a5adecee3b9450a59f9b1ff1be41eebaae24294273da65bb7fd5eb28c2390bdd4d6e05dc3c70bff419f3f5b4c6f1cf8cc0fd1e344416eef4297157de5a7258feaefcfc5277fa468433594fb022e22e2a38cdfc0f3fd5e0055d0383f60b
+	C = 94d25f4e8841b921949b81565a5631dd195d24de127a3ab7604409bb0b427e9318f5d1afd018a11b19a73816bb6b086486e52bc5f15913dd38a68ece6a8adf3de038ce0d528adb75b4b62ecc3165ef657214f46b8cd093bfffac403c78c67f1176de94515b6e2b382d072b324f91be
+	reseed counter = 1
+AdditionalInput = eb797f83c22f655e25bb8916e14aee80388822ca930723676624403c62ecd444
+** GENERATE (FIRST CALL):
+	V = a2a6955d681f973b9eeea717d3cdda5933e4ca8bff68764bb0e9a9562b343cd507b07fd3f95b14f57f62b7eca693cb6027c53e42aefdd299cfe032f214c9362025b42318ba099db29151698cb733940a17e11dc15372f6f69902404d1a3a79e8159ced0b6f97af082309cb6a6db5f8
+	C = 94d25f4e8841b921949b81565a5631dd195d24de127a3ab7604409bb0b427e9318f5d1afd018a11b19a73816bb6b086486e52bc5f15913dd38a68ece6a8adf3de038ce0d528adb75b4b62ecc3165ef657214f46b8cd093bfffac403c78c67f1176de94515b6e2b382d072b324f91be
+	reseed counter = 2
+AdditionalInput = e98d4ce2cd33749ec63f63eb5e6712f946cac2ba4b024ece56c8bb7cc3c83003
+ReturnedBits = dba368b3526c984417305a6d784d3c15deb5fbc1e89206c49a89f93191b1f721ec8e63168865c4fa86a9a3b856bc7eb54a327bf660665a89b76fb510733023ff7e85ba6fbe9d7b38158efcb5a7b3fc118533924bbe157e586064e76d2158df8f10b1ba3b51db7b9f21e210746d56a8ceae9c5c5842ee5f3e0ca8c88a840f5fc4d6233084c5170e640250eae15d9d9b90be6f588418872342d8c88d6c3fdd01e1a77fd30017f4935eea0b86975be94dfbfd099c9bdfdf5cb09c9ffbce576301412c807fcfe6f30d929a1aac587d4d12c109646a4ca1d1cd8b1c48598cfd8d8a9e290db238bb8846afcb0d075c2b2e77ec6307ca04abfe2c6310cf86bd56018073
+** GENERATE (SECOND CALL):
+	V = 3778f4abf061505d338a286e2e240c364d41ef6a11e2b103112db3113676bb6820a65183c973b6109909f00361fed4d88514490b62a501f7b916b3971223cb9f6483d966caf333ed4b53cdde19131e579083e2159fecfc573d59fe0c2433627ee4964691a00055bfea775f07318c63
+	C = 94d25f4e8841b921949b81565a5631dd195d24de127a3ab7604409bb0b427e9318f5d1afd018a11b19a73816bb6b086486e52bc5f15913dd38a68ece6a8adf3de038ce0d528adb75b4b62ecc3165ef657214f46b8cd093bfffac403c78c67f1176de94515b6e2b382d072b324f91be
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 475846c2b5c94321956a8cc33131ac5ae677b98af7ae243ee79f31c19e5ee547
+Nonce = 4853081014616287bbff231ee38fc6af
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4566bf4cfcbfb585094c0d35506ff88f94cfbae6899bfe807ae008df097c0ebd41291675fbc1f68ee7baa0d3ab526e070a621c7af9e6f22dec17a31daff5da183907fb4708e67f94d66b56c450e95be1e3784e2dbf0d1cac9e0911d6f4e3c0c2a8d7959257e52e61d35f544d1ee6fa
+	C = a728b977c23334298246886b47fcb81405574e108b611b0bd116f36fd2c0242bafb3e9c51b54f98438764df2356e4503072713bb537fd2dd6f222166735c30c5a70e8ced531364ee5adf2a043032195b864cd5fabe01a3702bb821ee69e656f94a83c12a88d4bf74ee58f26968934f
+	reseed counter = 1
+EntropyInputReseed = 447f3460cfdaf5500cbf39d8208f59d8c3f4555cc25d3362f6f47f3899838f23
+AdditionalInputReseed = d2369f31a0d629e774a10bd4c96975ca03b200c208d5e354a233747beb7c4a5b
+** RESEED:
+	V = feb1c898f6f56e88e2249abe62961c83734e73aa86b1836a881eaf77e6365ee83aeb3cdf50a6983d0ba37e2338dd8a2bb331bb9bb8b1ff42da27ba1d5e12e901248b5b4eb3b50f283ca66be6ed3dca83ddc4851899317b8bbecb82a85a7205bd782b4f00addfd2c6dba3dfbb08347b
+	C = c731bbb4576a293cd28ab291d74eeb180b440ffa2de98985ef0f04f51160de14be7352e44946f830ee698cc8630a0207bd94be76094e545a8375ce775332f8c381986b9ff71d6d60ff2766de50659fd86ba746f7ea812dfb29c6651db9e6c4253823ee42e571859aace6563adb58ca
+	reseed counter = 1
+AdditionalInput = 51d7c305452e79de234a263677cdfba0b5b2e1d46b72ad3e1f0278ff1546ff4e
+** GENERATE (FIRST CALL):
+	V = c5e3844d4e5f97c5b4af4d5039e5079b7e9283a4b49b0cf0772db46cf7973cfcf95e8fc399ed906dfa0d0aeb9be78cfca2b622fbaaf68c86abb6c1fe5881b348612946739b85efa9939ef0edf5c66ebfcae30c8c367f0354d0b6302808970efa69d950a8d39cc8e947cbaa4b1453cf
+	C = c731bbb4576a293cd28ab291d74eeb180b440ffa2de98985ef0f04f51160de14be7352e44946f830ee698cc8630a0207bd94be76094e545a8375ce775332f8c381986b9ff71d6d60ff2766de50659fd86ba746f7ea812dfb29c6651db9e6c4253823ee42e571859aace6563adb58ca
+	reseed counter = 2
+AdditionalInput = 039b63e705f9a25a53595089905038bf888d6df9365f9f80790acb9a04799703
+ReturnedBits = d8037ff51c73eeb02a272568759ba1900276ffe6aeca314afaa0eb12b55e729e99f10c792b5570373b9674ab8e5f30e05615cf3dffb490b557d21ab52c0d0201d525e0286800528cc5a332f02971e41df55538f2fc4568889c3710ae18e7ad3902872446d884f60a23b2bf953ba2f0ae17d542399991dfd76b39b59461520dad20eea90a7d2486f49e5f7945f43c4ded04c84eac726fdc1794d1e5b593661a0814949f34fb44f80b6104775f0412a689bc363236cbb405a0294a0ee3b6e74314d804e8a84ea7256040b4c9eb9d4daf555cef76ede69b7298d5cbff7284dfd20e22f8c11cf3826c2b652e8d1b3926c86cce1b94479e6f0b6d2d2b0f4d85174b9a
+** GENERATE (SECOND CALL):
+	V = 8d154001a5c9c1028739ffe21133f2b389d6939ee2849676663cb96208f81b11b7d1e2a7e334889ee87697b3fef1902db291bfccad09f109cf7b7d3ef68c0d1a704237480d6d60dc3de65940c5a95094c5cd94943e3bb048a462c67a7c94ca8a673ce8b89504a9779a4aac56d7c1d5
+	C = c731bbb4576a293cd28ab291d74eeb180b440ffa2de98985ef0f04f51160de14be7352e44946f830ee698cc8630a0207bd94be76094e545a8375ce775332f8c381986b9ff71d6d60ff2766de50659fd86ba746f7ea812dfb29c6651db9e6c4253823ee42e571859aace6563adb58ca
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 930578f9b6c1b5302e37888ac5927b17bfac1c333a9da0147203f99214cf7835
+Nonce = ed63793a404053cf1be5feb589f5b0a5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 198fea480ee2c90f2050f47c1f5608e4d670d38bf2334306d77f9f27b815489c2cd42540ba83b1d3a03828990263c3bf696f42fe0d96370861fb98d5b663fade4a6ef253c875887ccff3bad152187784ecfac5f9c2a4886d2f39d071ca50e406e8a7e426794ef5e7936f667f08e660
+	C = 2971c2cb615badf647ebe93cb3e516265f73c8aec8976f6cd9b806b4c15b14104856585991135f8a7c624e19226979b3ed386d5275fe13819781c03182190fc1804dd9f1111b6a473cbd45ab7c39f87277d332b5c8316692ae1094b6fa7d7b5ff627e6c9f59600d5e94dbca390db6a
+	reseed counter = 1
+EntropyInputReseed = 14d06d24d001a8ee287aee37024c560c4a7a68b4ec9217baa2170181372bad6e
+AdditionalInputReseed = 4d58c7e2ab59078a5b32cd72a89df80babb315f014dd9045a41dcfab55c27c6c
+** RESEED:
+	V = e3c9df9469480169f40da82d1238b9574109d8ab83eb224a62f744dc57fbdc2a93cf60c35fb5b46caf0de7a7da25967ebf62114bb588fe0f72e96088f69ad752447cf5ff557b9877e8fbd14b52660a906575469e35f30391e1f1b2071f9b7c28a106e7eb1391dfda72b44a65365881
+	C = 18bef687205751a92219437888b45e4af773d77332fbcf232e469b5d5ed253840f4f65791352e42dc035d0d782acaf08da3871a52e39fe760110f6ee4d5c54327c9634bfaab1c370a9500ff870bccbde448d782daab6e3b48b2ca15fc63ef7f195ae42e7d3a092dc82a72614625881
+	reseed counter = 1
+AdditionalInput = 82e689b79d4a2cdaa07cf87f455bd842883c066a19c80240f04ba87d763ccbb5
+** GENERATE (FIRST CALL):
+	V = fc88d61b899f53131626eba59aed17a2387db01eb6e6f16d913de039b6ce2faea31ec63c7308989a6f43b87f5cd2466a9faa5c7a44352e45741c765f180711871cc8d6425d70ca042b956ccf95513a596e77179fd41838cbf277cc993eff4c08f138e1533e497a8a58338cca4da183
+	C = 18bef687205751a92219437888b45e4af773d77332fbcf232e469b5d5ed253840f4f65791352e42dc035d0d782acaf08da3871a52e39fe760110f6ee4d5c54327c9634bfaab1c370a9500ff870bccbde448d782daab6e3b48b2ca15fc63ef7f195ae42e7d3a092dc82a72614625881
+	reseed counter = 2
+AdditionalInput = 5684b5abd202d04e6880577f6da30a8b5b76c730b0d146d0e342cffc4b1ebbd7
+ReturnedBits = e53b14d229d5b4ef9161724145bec8169a927e18af4031e20a852357becde323ab2cd379f425b83c4cbf6c90127dda4cb413b57d5f5337fff193e199886e50ff52ee3d3dc67df093311a91b3689041227350af5896bace2df3ea61120c30fab9d476ea19339ef14b040fec75171ba349070b7b786ef0b1f1392984a8368fd98126602db8a71acd6691cfec4939020b9f2158baad435f48dbef26235bc94d6052cafc3957c79ba7eca731101f7f85790105379d91064e905ba169c6cb4d4b58c70282dc220f7f9978bf1a8548768993ef7562e21f65ab1389b1580410d8a185ea7851756180d588518440b93d21b9d7b1ce8a6aa29b7261584ce8a9234e0bdb0e
+** GENERATE (SECOND CALL):
+	V = 1547cca2a9f6a4bc38402f1e23a175ed2ff18791e9e2c090bf847b9715a08332b26e2bb5865b7cc82f798956df7ef5c493f0004fd8ebfa8252637311f429fb0b0c22c6813073cac4241eeb277a715db4ee3b85c53d74a3689501d1b313919a0415f97bf73f566a80866d1ab1739467
+	C = 18bef687205751a92219437888b45e4af773d77332fbcf232e469b5d5ed253840f4f65791352e42dc035d0d782acaf08da3871a52e39fe760110f6ee4d5c54327c9634bfaab1c370a9500ff870bccbde448d782daab6e3b48b2ca15fc63ef7f195ae42e7d3a092dc82a72614625881
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = b28fb966a0c73a848d0761c668bed84f5014ac9f4deecd1a06fd69a5ba9a4b72
+Nonce = ecd7d4284f86737f3b23eab153f3a6a6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 35a64f071885539d37dc43a617f787653643b1976dd215fa50d317213efbe84c8a651154bee59880f0823c5e955c164dbbf5b956e556c222648709b917b87002de587969f41e678441a389bf846baeb0b46636634b6d940d5002a7f21c3558f7eaef9fd3ecf761df28c92bba00f7e7
+	C = fc583fa0be5a7d666e745a3c9b03a508fa5f271a3fb88362cf9c9e6642f29679a0470063b21b3e671efb0b515166658db9bfe04e62e1383fbcaf9efc7e86232ba0b700e44f3cbf928fa10d04a6e9aba5207ea8f19fe483313789e9a52dfde0351610c334854c7574bff99c896ff690
+	reseed counter = 1
+EntropyInputReseed = df885d32ffc9ac4ff9202604c5879ea65c883d7b7560fde13067f672c3bcbf84
+AdditionalInputReseed = 0262f97acc7bf05eadaae6b446420db2f64eb99ccc19b63a31f1643f45d58291
+** RESEED:
+	V = ff6aa13ad625da6bef2ddea58ce2f4dc236feb5bdea84486c74272374719796e7957ce73d0542fe21e750ec4d0900c6ce6ed98966a6f85d738db9592645d7b4bd9e611653ba3b6e72c1ae1949625c76bc6c4e14dcb9d62b59acd689d2b339ee2c389cb8fc8c349b5bed23c49f79183
+	C = b61129fa3bba0cb1822e4f7075163bef072447468d77746aedb44947c0e50d01fef7c89191ea6b208127a733e254db4555752f21510f05dc8862299969256e2ecfa5f3e9dfa9991294d41fc982a874057db07738dfc1bfffe48719bc86e41a04c8578fbaed07a7ab15400f1d19be96
+	reseed counter = 1
+AdditionalInput = ff96cec4ab7975eae5c92e9f9d78b4505449ebc3f5c78527c59ab01761ba044d
+** GENERATE (FIRST CALL):
+	V = b57bcb3511dfe71d715c2e1601f930cb2a9432a26c1fb8f1b4f6bb7f07fe8670784f9705623e9b029f9cb5f8b2e4e95ed6c1b56db92dc7d3e3dbee2922549c71174184b325c0db0469ca50c236c7e52783fc46156e0f5d2d2efa078a7491428bdd933babc91ac805d2f02122e61cd3
+	C = b61129fa3bba0cb1822e4f7075163bef072447468d77746aedb44947c0e50d01fef7c89191ea6b208127a733e254db4555752f21510f05dc8862299969256e2ecfa5f3e9dfa9991294d41fc982a874057db07738dfc1bfffe48719bc86e41a04c8578fbaed07a7ab15400f1d19be96
+	reseed counter = 2
+AdditionalInput = 5ba9bda782aee6ece053851fe7c4ad092f16d84e6951ed252c9c2c3fb250df42
+ReturnedBits = 6fc32937d193417d90ec393d8fff9d66ab614b4ebe4491d6a0bd9d64d7aac6ab84f0d479b505c3c459e88321992fda19709d078d5d1fc4551b560ad4121d38e224b4be8acf704383054152c8b6b135cf12ba27a6e41213279642cb3f08a83ad0d4b892b95d23a76d8218b6f352679473a8676177134206617cec921b16d59bacb495eaea343cf039dbfc25ddf9c4076f77ae52199dba0a645f8f327f1b8b4f6ecf90609c6162ad752a4d859b3de2c590ae20be0573b49342ff140ef34df56463422cd76e42ab8d34daec99d2ae42e0b91ba3002e1683517f430beeeb5f1e82d63521f12f4b571e5971c3d34d6430b176495015d2647f22a823da4fc8aaa565dc
+** GENERATE (SECOND CALL):
+	V = 6b8cf52f4d99f3cef38a7d86770f6cba31b879e8f9972d5ca2ab04c6c8e3937277475f96f429062320c45d2c9539c559ad31629040c9e671659017f38073a7cd948bcdf778cb475653a0d5d27a0300750f00975bdbe6bc340fa25fe3d82938ec93bf918b3131488a978e2e40a312ae
+	C = b61129fa3bba0cb1822e4f7075163bef072447468d77746aedb44947c0e50d01fef7c89191ea6b208127a733e254db4555752f21510f05dc8862299969256e2ecfa5f3e9dfa9991294d41fc982a874057db07738dfc1bfffe48719bc86e41a04c8578fbaed07a7ab15400f1d19be96
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = b814ebfc2acdb94edaf5b6018066d99830f2e5b3b456443238d59780d03e90bd
+Nonce = 5191f18d690f0855222588e44b7f620f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 40f0e2b9bd23441f0e4ff10bbb79ee6d1db768260e3cb9107b4688108512b871ff025a7044a74f00bcb69343e511cb676fb4a6ad602a44e615fad291a7b9d2ef6f3bcbc84f4f6ccc0de237ffab5417a3ff3dc64a4fc8a8e84185b77169782eae8a81f94affd581dcb0592b49e69036
+	C = b724032b8a80e54c604e968c2384d3d57aa1c4c88978ebc3a01dc075d8528e1ee968e7d40b50a4d5df28be2c4f0ccda37fc52ea3d4527c5d78b1ef97d05dac7fbb8c624e1bf4ca2e6fa9d5eb698a0358f901115d486797d1946ecf5cbc761fe984b5563b965c564e8511937c16a91d
+	reseed counter = 1
+EntropyInputReseed = ab3b009a188ad166e67c403261adfdd41bd0070c3e5243e8d6eb45f57a584abd
+AdditionalInputReseed = 51f5da82f4eec822681c357a80317f50cf73c743a0d02575055c5937512687da
+** RESEED:
+	V = 0f2e86cb4c522202d98dcde6661247d00f417112497f5007ca139995e9cf2af7bccf49951c42d42c1255453e2cb6cbc2949772b87cb1df34f37b72e0adf6805f6dbb6deb4263b29690573c9ca2cde9aeb73f0c4375504869772cd5949683496a11e6d6657b34f50b041e7a48f74566
+	C = 1d9282f9be0931a48844cc4f6f63f4a1d9b668ea5ae0fd5fab3d49fcb3a2ce178506a9ebbcecda39ec97992e9167e5e75220e9c48fe60add80d1600c75169b798e23a7d2d2b62910913b617f0d5603f5f88755562a13b3adb8fc8d8a5608f0e4d64162a0ad3fe2f3095859c2e0185f
+	reseed counter = 1
+AdditionalInput = 8d53b7d043aed33d50b12863280b7d81a9c9f8ee924cbb57ae22cea99cf00bc7
+** GENERATE (FIRST CALL):
+	V = 2cc109c50a5b53a761d29a35d5763c71e8f7d9fca4604d677550e3929d71f90f41d5f380d92fae65feecde6cbe1eb2fcd875ac67eb11afaabf214af1e188448d01d1bb152604f85b4a0da20d9efbbe9daad13c697769ca39e8058fd2b0fb6d8bc3b815690df2c31b567c0338f9b8d5
+	C = 1d9282f9be0931a48844cc4f6f63f4a1d9b668ea5ae0fd5fab3d49fcb3a2ce178506a9ebbcecda39ec97992e9167e5e75220e9c48fe60add80d1600c75169b798e23a7d2d2b62910913b617f0d5603f5f88755562a13b3adb8fc8d8a5608f0e4d64162a0ad3fe2f3095859c2e0185f
+	reseed counter = 2
+AdditionalInput = 5ee89062f15fe3ea6abf74d53bdbe8f9adba96c9b34bb478bceb88ac125403c3
+ReturnedBits = 85c2da7ccd5ad4909966e7d6e8b07d44fb4aa8220468c18e1fa846774e00f64920c019146dd2dc5e6687bec8c3e024833536a18abd69390f46b2e014a1880c2809ff22233ad67449b483882a0443586490f4dc76703ea0fdf40e9977af1b40399b7bca8d3782944acbcc1b320d59a945b50457f13e0714a0c1cedbb141a879e214a8d30c09753dae950ce1ebcb59b4f6ccc4d81d874037d8b80282f592a2c645e82756d3bac528487f0fddeb48a08a6d13d43232c0e46b6836ff78eb7a6c485b63505d03e7bdb9f63fbb959b4ca776bcaa4b2dfebb0c38aadabb489b47aee60dea8a497f80958935cf07cedfbade4dfebfea737f941daffb2ee59b458bd59f8d
+** GENERATE (SECOND CALL):
+	V = 4a538cbec864854bea17668544da3113c2ae42e6ff414ac7208e2d8f5114c726c6dc9d6c961c889feb84779b4f8699f6784f9fb1873b99d53a143d660270bc12fcbe3df31817b40c45ec2bc30dfa9eed7248f086458d1a34511e25e4618d1e3e2500db3ba0b6140d983c94e97c8aaa
+	C = 1d9282f9be0931a48844cc4f6f63f4a1d9b668ea5ae0fd5fab3d49fcb3a2ce178506a9ebbcecda39ec97992e9167e5e75220e9c48fe60add80d1600c75169b798e23a7d2d2b62910913b617f0d5603f5f88755562a13b3adb8fc8d8a5608f0e4d64162a0ad3fe2f3095859c2e0185f
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 2b5ee7de482da18d4e433b3802bd039e748f245a3be615ba6d5a05975861232b
+Nonce = 1e6e6056627b12110e13a3b1dc742cf1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9ea40f2b9fa3d6ee53efd081527f88982f0c5c24d283be9a7d82a5f595fc48cf1e4b6b364541511ad9e6b1dd4b37bc2c59bf9f4012c7b828d8f72645878e98082e41fd9bd9622aff1db9440a41928b64405c06c2a0052c8d498db30b4162849af3730815af4eeb55a2232d66035cfd
+	C = 28538f8c6e79bb91051bb94c95d42ef3bd7c68d20ee6f14299fe5680f91c10b0538b42e38606807338c87550f62b021e47d2c4c4d9138230a4a1cd8ca63c6e30349c73dcd8daa063fa38633a9009b3fc7ff2324c4370d987845fe9d3c95b4a9b23470eaed53913d0e7148a8a2c63f0
+	reseed counter = 1
+EntropyInputReseed = c45bf4d2ffe15cf82e453f9ab21edc0a087cea691d5f82e65242a8779a5ede4c
+AdditionalInputReseed = d8caa71a3ab4ac19a13e809a8267240f8e2e3d4ccad4d3e0d5642257e3d1281e
+** RESEED:
+	V = cbe0c53106bc817cdedae0f930062bcf321f232b3131054af5bb205c1ccbf2d88eca3459e106c69188030072b147c9c51cf3f7e11d30be254f39a5bbc44ec9f11149612da464d6706f35006f447ffa9a4162cd4a5fb1c289916d44ca659320df81a82ebae9b509cb95983fa7c05021
+	C = 033b0a662c25075a765eeae6d80e45c5c41540299a778e20217154c598d44514ed8305b0ca10c5443c5e7fc7f81da4c60dfb47a5f71d5f5f7de867859c32c772ca961289f9c635ceedeb4abf29d61b66ec145bbd7beeb9563db52ff0ccbacf622d23dea4dd20b9762a074e990f740e
+	reseed counter = 1
+AdditionalInput = 998f973533200b1e6d915515020daaf6ce77cc0949a58f811905b258c7ffe44b
+** GENERATE (FIRST CALL):
+	V = cf1bcf9732e188d75539cbe008147194f6346354cba8936b172c7521b5a037ed7c4d3a0aab178bd5c461803aa9656ff02b449412488d06375df3f6dbb5cea305892dae9cf15c248806303382de341eb8f5e499276c7646b11f2dd09cbe41411741fb655042cd6a050802d10794dc76
+	C = 033b0a662c25075a765eeae6d80e45c5c41540299a778e20217154c598d44514ed8305b0ca10c5443c5e7fc7f81da4c60dfb47a5f71d5f5f7de867859c32c772ca961289f9c635ceedeb4abf29d61b66ec145bbd7beeb9563db52ff0ccbacf622d23dea4dd20b9762a074e990f740e
+	reseed counter = 2
+AdditionalInput = fc553c0b30ab7c4d30a7bc5330207bcd4eea016521f1477dd76af7bd050263ee
+ReturnedBits = 4d3b01359994132c69a15e9e4fe2c4c85e52fc7f25e822df7bb2fe12d5e78012c554b6d3c8ef67e43bac0c437e5ba63cb5b3d6a8b9b07e5aa63ef810a90d5c945131b917cc1968b1d61cd99a54c844ccb8bcb6f71bc498f6de212f8fab3697898e709dbdbbf7be2680a22ae0381b1253ae0876a685b30864934183ec7e50e3586cf98dc8af420e16a00f32b5c94fe5cbb29a86d2dd5d637f2d01c9be61d8c6ab51c41292a6eab1e9f5d34412bcb9f77e142ac59b64ddf6a3f96e59a0ad5970e280670d29a4f5350beac139bfe17cfc9cb79692a456ced081f22f21c570d588d704ec4ad0900a691e18d38641b61180fef2ef6c5da6cac97e57ea2eae38e84eed
+** GENERATE (SECOND CALL):
+	V = d256d9fd5f069031cb98b6c6e022b75aba49a37e6620218b389dc9e74e747d0269d03fbb7528511a00c00002a183157671b57aec8db34ae92fe4d6b67c483be1732c33804dcf00d755ae9e2d1f72ca60759c32ceeedf0168f025a0910396639fd6bc7f2d89bd038d0c597c8a483749
+	C = 033b0a662c25075a765eeae6d80e45c5c41540299a778e20217154c598d44514ed8305b0ca10c5443c5e7fc7f81da4c60dfb47a5f71d5f5f7de867859c32c772ca961289f9c635ceedeb4abf29d61b66ec145bbd7beeb9563db52ff0ccbacf622d23dea4dd20b9762a074e990f740e
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = e2ff109ede3f98126784b95f2dde3e6f27c875aa8467c830babccae9f960c1f4
+Nonce = ca51b8e1f389c92a37320144f1314c2d
+PersonalizationString = 
+** INSTANTIATE:
+	V = fc1583389ca7ac1d094c54cc691f11f7d421ce92201eeb3d86e3d21a6322b8eb7974d1e51cf99c3d530c91f4890739d4f2422074db285d3b35aefbd7f696be7378bae99fa8160c27064c9c6fa7dda00722afbdcb4d29d0b7d088d0f2d5ad5e9256e352f87492e875379b5cbb19882e
+	C = 217f0b90b615facc938027cf91d858f72e985b6f9e3c2c2cd3fbfae1bb827005ce0b984fae222ab30e2150f832fed2a564e850f3fa7283ac076b7242d8627d5f43874821f240a31b24be34a01b8e0b15a71098388bb781bc6c4092f005f402cf35c8638edf6526cd1fc6228518cade
+	reseed counter = 1
+EntropyInputReseed = 66b0b46577db58cefba4fe808c80d425c6a0135857a546b7f27312ae4254e755
+AdditionalInputReseed = e06babd95e325ffbb2f49a4546c5f35a4515be70dee15b86d6cf8046f0bc2aae
+** RESEED:
+	V = 183583b849ac3f075995618092aad9391b74475d2a4bedcfae75ecbaa977d47df3bc33c1b5844e5a14710299d88f0a3df2cd2cb87329785b3cd2a2ca842d94b4c21ad21d177bf3acfad723a8ae5ac2fa0abbddf265787ecded0e58a576d4a579bd984d15122a3541d5bd8afa121c20
+	C = afd9fc0eb60fc8e55fb9d08ea1d2b1fca490654a9257c022db7a8c2726a0a599e9006c000f1c530278689b09ddeac370b7f88c448c28f8f81b41bf293cdc5e10792e10162ca6e271ce6ba5fce38a3c6e7d9cacf6a28847f4f3edc9d7e0473c57708dd4b633ad50101a21f39b727683
+	reseed counter = 1
+AdditionalInput = bf7e360f1791264354a70b2d5cc121ce702ae0cb208ef97263513b10ea48a61a
+** GENERATE (FIRST CALL):
+	V = c80f7fc6ffbc07ecb94f320f347d8b35c004aca7bca3adf289f078e1d0187a17dcbc9fc1c4a0a15c8cd99da3b679ce7f855beeece35bf7704b88d91466a6f42bdfa7eaaa7524a58e20a776b7a585c0f8d2c52ff0963f44ad04096821ab9a798a33e397dbfdf650e8fe3455fbd7f01d
+	C = afd9fc0eb60fc8e55fb9d08ea1d2b1fca490654a9257c022db7a8c2726a0a599e9006c000f1c530278689b09ddeac370b7f88c448c28f8f81b41bf293cdc5e10792e10162ca6e271ce6ba5fce38a3c6e7d9cacf6a28847f4f3edc9d7e0473c57708dd4b633ad50101a21f39b727683
+	reseed counter = 2
+AdditionalInput = bbad6059e8b756d5b4c57f50100a2efa551c1de0c483bb474463e2517d040066
+ReturnedBits = 72c01414a8b1371669d9c169220513cc1bc16fd0449c119e9ec467a2d6b018663ff24b632a9ca0ea7ebe375cddaa2b46c39c9ecf32931a22aade5e47da0acccce0c7fc7a8a0d26f9e91fa8e8306aa543f659fae99e2290e1e5682dcb940252912c7a41239392dba493b5ad7206ff3313a2216eea6f64ccdb873d98894547fc3299b4742d087f2bbffe34ebc9e9afc78ed6b42d893277533dcb04b4d3abe4c07d1f3910297e70e7726ed206f872b38cfd082bef584613995bfc18ff53fca5cd69fcfd09cc09963889897e0a6b3cc8403143e3a8d2c4a338e2ef9c594f5dd7cd1ef15f3443622f91c113ebdcc3a581974edb1397a599e25fc3d3c17c0133417aa9
+** GENERATE (SECOND CALL):
+	V = 77e97bd5b5cbd0d21909029dd6503d32649511f24efb6e15656b0508f6b91fb1c5bd0bc1d3bcf45f054238ad946492d75d12c1f35b2ba426f30a02c6b66d5981b58d6d72faf88163a169a66f9d1e71a29a2e918423a6e6bd97a5e51c9458181438889dbc439330f30ee0599c84d9c8
+	C = afd9fc0eb60fc8e55fb9d08ea1d2b1fca490654a9257c022db7a8c2726a0a599e9006c000f1c530278689b09ddeac370b7f88c448c28f8f81b41bf293cdc5e10792e10162ca6e271ce6ba5fce38a3c6e7d9cacf6a28847f4f3edc9d7e0473c57708dd4b633ad50101a21f39b727683
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b3a7fd06af5ccdcee750c9215aae93457d604e76990ac703f173613dfc0b6e66
+Nonce = c0778a9b7e28ebc80b664af2e7fdd857
+PersonalizationString = 
+** INSTANTIATE:
+	V = abe502064826e06ff58f05a09174169ec4184463871b2d5dd49031e47c627dd6c92eb082637960403eb50205d8144496224d42cb4803b36506acc7908b0f2cfe95b9c278de9c2f9405772ce64d748216b90465a5f5d4465f36184b29f0066fe6e844e5a07b58df715e7a55168e9ad1
+	C = 0c0d627f72f2c2385eacb66e58d4ee6a3f89635cc910085ffeabf56352cac4c3623468f2e3ea42268518e893a757c31d87abc8d8f7fab3f57b1f28be821c8bc3cdf0e3366d9c22e49ca8705d684a1013b99e7fd38206245259b1cde7d55c9a07fe64823d4aa726455ebf058d4ceb85
+	reseed counter = 1
+EntropyInputReseed = 86d5b77c8497a36e0317316bd0cd1801179c6038fea3fae43feebd3503e9d9e0
+AdditionalInputReseed = 006dbdbd9374c073e93d8e0ca4b4b5e5f1737acdf020e4305e7732fd5acbd328
+** RESEED:
+	V = baa15b32b9d5ee51fa6d60f4c1ca775c7981954235594e85936f3649b12ea4e61e4d4097d097a175cb3d5c941814a95c4c08f90eb74642d62a40fb23cce35ab3dd1a034c2c8b230b49b0de35e4fdf0ae0e412fe33891e0c1fbed753b1c8399930359ba6067dc5b63b6524c3355eddb
+	C = 05daa4788992f03158987c1ee9e3e31fca6a837d9a7631cb8d82a718eaa3652723d7b00079597789394ccb97f944f7da1bc818e6cd1e2b92fbd9246ea6f18862a4171a9d54a93185b4f79e393b1a5386aa9e4cdf4bcee8a9e132fd320f288b1fbec2e1fc645064f98be464d7fec3f9
+	reseed counter = 1
+AdditionalInput = 4b5efac4d1a1a48cc4351688d87f4d7e67b965af14a515584496328f0211df42
+** GENERATE (FIRST CALL):
+	V = c07bffab4368de835305dd13abae5a7c43ec18bfcfcf805120f1dd629bd20a0d4224f09849f118ff048a282c1159a24cdb91d6709b2548acff1ffd919ff34aec60ba60019fdc7da3e2179055fa5f61a13c55549c23d616cea9e44c5b0aaf09973a6a56a2da1dd6184703c6938fddd3
+	C = 05daa4788992f03158987c1ee9e3e31fca6a837d9a7631cb8d82a718eaa3652723d7b00079597789394ccb97f944f7da1bc818e6cd1e2b92fbd9246ea6f18862a4171a9d54a93185b4f79e393b1a5386aa9e4cdf4bcee8a9e132fd320f288b1fbec2e1fc645064f98be464d7fec3f9
+	reseed counter = 2
+AdditionalInput = 5e5e2bc6529f34879eb3ea1574bc7bec1922db09a6985dea788f03d1465010cd
+ReturnedBits = 77f5f8803f17355de81b5c9c5a56d8a3abe6794c7f9b47cd50a97410e14eaeebef823f16448463a1de98a12c4ad5111fb1d8a1f9eda91f5f6957a1e84389802fe596574228c1982c54980b8d4d6692800e0ed9b4ba9515c7b7fc1078a7aca4e32a71da83cfa4be3fd1c51cc7bb5c555750756734b59349f70d12e0f29f9da6fbe6f20d145669569e6147c5e346a9eed9e2b4eac5de6712955f3c9b225c9eb765811771cc9e216d462a735956de5391cda6a7c1d64229764375685f0bbc02910f9d3fb959bbe50ff39bd378e3bbc38e4ea88562e506ceb9871e7eccb8e948c99c59356b3160034c92a08a4bcfc9c41cbf4c9c3d328c17540057ba8489cfd63fbf
+** GENERATE (SECOND CALL):
+	V = c656a423ccfbceb4ab9e593295923d9c0e569c3d6a45b21cae74847b86756f3465fca098c34a90883dd6f3c40a9e9b71532acb7c5e3e0be3f1bf7af6ec982de461e983e63d71ab7ddcf05c8c0d8a667a291deb3002b09d2a632e1aa77eb1d311013a0b8ebd5407b7149d05fa261845
+	C = 05daa4788992f03158987c1ee9e3e31fca6a837d9a7631cb8d82a718eaa3652723d7b00079597789394ccb97f944f7da1bc818e6cd1e2b92fbd9246ea6f18862a4171a9d54a93185b4f79e393b1a5386aa9e4cdf4bcee8a9e132fd320f288b1fbec2e1fc645064f98be464d7fec3f9
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = b9a57de2486498048f03d95588020f881546bd06e5da8aa6f0bf98b1104692b0
+Nonce = 05c1f9ce3720297f0b1c55e0557c54df
+PersonalizationString = 
+** INSTANTIATE:
+	V = ea4ce20ac3d7a428af997195e9f9b6f21cc584da42c8f2a88bd8104889e04ae53127f39c3f8204ad7238decef4f03d76e77c15396e431dc4ec800a1471fd5b3b6380b7a8f462b6827b8d8f69339ccbc7cae974608e19d0e6740ae658859aa308df4c1ed22e55e23c64b56b1361783b
+	C = 9e5a0fa0dd0c5a0f2c5edff011ec2aba03ecf799082eea698d8ef5d0464211ca8d5ace5c179e3032e90892d204228006599036e1480407bf86ef4a1c00dbbb48f4d7de24c878f97e0c91cfb0af907379e501da4b4901b577f778dee4812298e5d18338b904c67a14d44a29ba56bc96
+	reseed counter = 1
+EntropyInputReseed = 353f047eb275d6f32990e71460a858be54593b3b68d5c17ae9602c2b1affa2e6
+AdditionalInputReseed = 772a940c5bb5283a6f34bc118338ef5b2c391bf01af90cc98c0788d3d6508441
+** RESEED:
+	V = 6110ad8b6eb5492cbae8272069cf58484821929445bf93ff804beeb0619f21c4011321cb71008401a3984ba2710bd83a6d5711ce674ab0579c8ca3ae713190ba9055dffd2e3a1085488ace40ab08cf9d34252fb41e20fda9eddc473e5e7a63a79473d80b0f63322eba82369545bdb3
+	C = e13fd6e8306ae931ce764e4487f1f082c984e04074e4272cdc69953d9222a3cd01abbcbc9098534b3b0806df3957edcabad685fac7d194cd8e98da53141c767074d68d73ffb3fedd2193a2863c27711c46c12d0a6d4aac911551bc8d44e552ef092ba7f1bd8f38d15ccfdc94a6645d
+	reseed counter = 1
+AdditionalInput = 202ddedcc086e43cc565b64594b6024818ffd3d2302b80901a3dd0cccd11f458
+** GENERATE (FIRST CALL):
+	V = 425084739f20325e895e7564f1c148cb11a672d4baa3bb2c5cb583edf3c1c59102bede880198d74cdea05281aa63c649abdaca8866b267f28825e7b5a940f09abb40fb03e04e71e0d526fa21bb0a916d9377e09b1c077684c625ad2f1156829cf165ca682244a3d7b6346af613f72a
+	C = e13fd6e8306ae931ce764e4487f1f082c984e04074e4272cdc69953d9222a3cd01abbcbc9098534b3b0806df3957edcabad685fac7d194cd8e98da53141c767074d68d73ffb3fedd2193a2863c27711c46c12d0a6d4aac911551bc8d44e552ef092ba7f1bd8f38d15ccfdc94a6645d
+	reseed counter = 2
+AdditionalInput = d44375c6078d3bfbbe647562deebebcf4c3163b42f01ed80f1f29a81fc215201
+ReturnedBits = 86d7635ba25db9e25787dfd77dd99d7f6dcc3c286ffef0c487a20edb8d19101b2fe6898b24500cefdb9736cf6517c976cb182707578ab094b355c7b785ccb7aafe381da2b9cf0fb65de90c4b2aa3931f533a3490c6ec55503002643fc637a42dc83fa5c3687c8340a09b93cdbb8200a3c9251bec730231a048c582e0306f7e5b99deb6a9cd400b01ae104c8e29608a3d844224d5ab2924569c7de4cb4b3fcdb2e371cfe61c953f7e998385f7ba28f9b7b5947358d1ae01a208f9c04b1bb555a7a77309e6b8df34c8a21cf5279ea6515d3f4ea389f9afdf1b87e023801228792add02b5c8bd98354d7a041d0fa78a1d160d5469a622a542fa01a42f3b56c45dea
+** GENERATE (SECOND CALL):
+	V = 23905b5bcf8b1b9057d4c3a979b3394ddb2b53152f87e259391f192b85e4695e046a9b4492312a9819a85960e3bbb49db702453b13c2d1f177207b2e80922f8dfd1b2642dcb0ded03fd20dd58b2204af10fad9ac7ffb3832a29a1d885f2e30495731995f9e67432e7ed1bbe8b3b85a
+	C = e13fd6e8306ae931ce764e4487f1f082c984e04074e4272cdc69953d9222a3cd01abbcbc9098534b3b0806df3957edcabad685fac7d194cd8e98da53141c767074d68d73ffb3fedd2193a2863c27711c46c12d0a6d4aac911551bc8d44e552ef092ba7f1bd8f38d15ccfdc94a6645d
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 151099bb30284200d5bd476d7676c5b0bde1014509821032f4009b39fa8f0345
+Nonce = bb6481248a9066bc65aa8d52aa33625b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 19ba87e2094852dca8de696422b5079029e90866c85b059fdc3d06235423d5fddd6301dd1b74bd184482b4de3c15bfe0cd14e718f9cdd700d5ead962e38593795db2adc44e0a3553b81fdfcc63ae221db0199cf60e65a02df26486dd2a74835ad41d1d19bf3dd36945186d71ac860b
+	C = b1a53e19280b0771a0a6106cf3aac7d32828bc5b8a4b87d98de350c557deb06adb410938856c8f61dc21694e8bc405704ce145f9f6a8094611dfdd3cabb31df51fcdc873b75efeac711b2ed05e08bfc3a638110d4b93cf6c839dbc474c595c77545085a296d20ac723e4a0a8c450f8
+	reseed counter = 1
+EntropyInputReseed = ab0b0a5968535887bb06784c0e5eb9583fd197555f9711f96bb4a7454b442815
+AdditionalInputReseed = 30ed1a9a08bd7e7f17d83af7d495851c5ab2ae3108c6b83b0f4f406b71c0a76d
+** RESEED:
+	V = 45eef5bdba079e60e030d3979beb168d673a3ae08bbec518f3c47e0fb74d51a27651a0d1c1732884bd046e90d6515e51886262c6ae0053d1f26d8420f221c46b60d26b6690ae88e626b713acc0cda59fc0c69c8adad689b34780b8e51d75c49ea1238cc400f15d6d82e451795131e8
+	C = 724adf2e10e9a622cae60be1e846f22bea8867514ae4389945db3bcb93726717b19a06f20499b2f9507d3d7853fa4184055b3d5e6b66a32afdd3cf9d29e692222ebc4a99d3bcab8c2cd208b47da9604cc5d8755b82d2889ccf7d62f0df782429ab560b4a40bd53baa96a1507ac0cf3
+	reseed counter = 1
+AdditionalInput = e070c1dd25a0aa123fab7c6bea38512123238b003a57eb38e133739859db2f13
+** GENERATE (FIRST CALL):
+	V = b839d4ebcaf14483ab16df79843208b951c2a231d6a2fdb2399fb9db4abfb8ba27eba7c3c60cdb7e0d81ac092a4ba0af4562737e41902c4b472776ec9a33ef5d4c8107f97eac80fc591798d0bf319fa17769948adab2bb3617b791cb734973f4a6c8c315706b65d3d42c43fa055ec3
+	C = 724adf2e10e9a622cae60be1e846f22bea8867514ae4389945db3bcb93726717b19a06f20499b2f9507d3d7853fa4184055b3d5e6b66a32afdd3cf9d29e692222ebc4a99d3bcab8c2cd208b47da9604cc5d8755b82d2889ccf7d62f0df782429ab560b4a40bd53baa96a1507ac0cf3
+	reseed counter = 2
+AdditionalInput = e14d40bc2817d494bd81bfde1725be096d24d8dd47e3a168579e093c4f1b6056
+ReturnedBits = 0dfefa72c6be1b74045268db82587fdfabd790c6a8dddc260c2fdfd89fc9051081cc46b32e7a721f63f367a9a2afb09ee56961793d508695e2f27ef7db4f91e66352f5a3bf8cfd29ee0e9708cc15a4ea09d5a76079325dada64a8b1dec2e6a21ee8267e6dbd237a19cbe09b00bf1eb5e83878d2ee362806c6995cc3d1ae36f61a0f8d11990597929e33547fd463cb364db47ed42c0f912daa9b7c139b203781fc190e9d034ef8da031e20a89e5ed93e5bec3c7f28d7394a69f69e3682d915b6a4b98794d2faed02da4cbe4c5bea07b39aca1486b82106584cf704caa224a9f2fc5c33a2fd3c1c11dfe184d8160acf48771b6acae79fa71af6c4e0fa466f603a0
+** GENERATE (SECOND CALL):
+	V = 2a84b419dbdaeaa675fceb5b6c78fae53c4b09832187364b7f7af5a6de321fd1d985aeb5caa68e775dfee9817e45e34ee359c6949ba63da109ee887df6864f324f9727053bebdd5a82ae59b9f4130b7853e2e4edead255a18163bbc3e4d8524ba8a5af01420fd95bc2823887c10f16
+	C = 724adf2e10e9a622cae60be1e846f22bea8867514ae4389945db3bcb93726717b19a06f20499b2f9507d3d7853fa4184055b3d5e6b66a32afdd3cf9d29e692222ebc4a99d3bcab8c2cd208b47da9604cc5d8755b82d2889ccf7d62f0df782429ab560b4a40bd53baa96a1507ac0cf3
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 2658403ff2f2bf89757e97e329d1913c28938fbc7e86ce12852cddfc98f10934
+Nonce = ceae5617183cdf7fec5910f6cc8f921a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 653e029ab778bedf5e16bd16e2b23e26e94e12072a7d5895314e6fae08d7248608db2cd0f4a04d13d01059f2d79e472365952757a45baa79d54fea8a11f5399fb79dfdf8519bd46345ac06545bae63bf291b652fc330bf3954a278158f953ca2cd08612c9caea6892f3704d7a4d3d1
+	C = bea1aa30a7816447d1be5c9303bbf15dc906e99b0dc42a990d59e8ce769f857e13d8790ef823306c5742695f0ca7f1c3059adf87eb49a9b9456f38bae2e73ca16519f9b361218f11489a926b3c1ecc393c8d13d26b6568850d88b3af399a24a6479a11a72fc4215d570e14b36318db
+	reseed counter = 1
+EntropyInputReseed = 11e8cb4b6caf0115a99fc846367a68a0f2ddc23f28c89109b851f1e5bf1c7276
+AdditionalInputReseed = 22354dc4fdf4363745333dcad319cedf14ff600baa9bdc4073b7d73f3f385e5c
+** RESEED:
+	V = 58416a53f2632ee850d1dde8e40e43de8df506eaf237bcf7d26b9189de287154bfd6aa3f4f7e50f149b6f34d4fda8ad3d69b32b30b8e6bea1ba00ae2931b9b528594eb34002de9d9b93fd6ab028f7fc699718b6794a6b99ff7f9532b3eec4f1efbc6bc5b5ace3486d475ef90c05ee9
+	C = 8a5e0a2af7d11caac0a786f0d2a98ca68bbf2083c0ac5ad9a4f4c4b315a46ab9588a5723cc3c764670e19e54b85520beaa9522da936df637473a60a8839dfa4c6316fb0dffdf2c0cc6395942dfb6a5e1e8c1385f0739c261f4e8b279d1aa73328313e0f2f7964eff694e5153e891c7
+	reseed counter = 1
+AdditionalInput = 9cee34676eaa53faeeec725a1ad2a0ff7767476542258a3faee0e805c1ecb08b
+** GENERATE (FIRST CALL):
+	V = e29f747eea344b93117964d9b6b7d08519b4276eb2e417d17760563cf3ccdc0e186101631bbac737ba9891a2082fabee83ec10a581f662e22fe2fcd993b277fff639a8f04b9d3cb68800e92f6a54b9c0700ccc5c444ef1938a26dc8ae5d2ca6ce7306a29ead03ba338f7da93f69c6a
+	C = 8a5e0a2af7d11caac0a786f0d2a98ca68bbf2083c0ac5ad9a4f4c4b315a46ab9588a5723cc3c764670e19e54b85520beaa9522da936df637473a60a8839dfa4c6316fb0dffdf2c0cc6395942dfb6a5e1e8c1385f0739c261f4e8b279d1aa73328313e0f2f7964eff694e5153e891c7
+	reseed counter = 2
+AdditionalInput = 4643064d51f522bc5cc7cd86a3d19a4f4517d59083236101685626d83dfb1c79
+ReturnedBits = d6b4b8ecff2af5ba05d87db5e3f59a76c74806f2eb5672e686e5fb62c029461d27626d7c7ecb2ec23592526161aeed6ba0b08fd7d13f62af2732f56b305d6a970d37a0066c6ebcf4e1026df161462f7fcdc7244e32999767cee5e96b97aa467f9a4bc8d6c1247159a65707d2cb3b37d0ac39c37b0a3846051c71b5bbfc6de2e6f0e9d7a84745ca187484751ab41f878f1efbe4a9faa16d5e3bd648b62e562841d82fe52ef9dd5565f657878095d673bfafebf212aaa4561ce63cd7d29ad1c673cd91aa4f1092d1adb662a9c6c1c1afc5d026c5c750e681201b3ea737c489baa67db9828519933029db58d521351cea3c4c1e11452f8444b00a41e6968d3642af
+** GENERATE (SECOND CALL):
+	V = 6cfd7ea9e205683dd220ebca89615d2ba57347f2739072ab1c551af0097146c770eb5886e7f73d7e2b7a2ff6c084cdb48cf996485c8b4200d64fbba641c15df14137c0c5c4baf7e209b8f2ccc7402445659ad01f94cb6f58900fd0e69403c49ac0674a5dc7d695c12cc0eeccc33fc9
+	C = 8a5e0a2af7d11caac0a786f0d2a98ca68bbf2083c0ac5ad9a4f4c4b315a46ab9588a5723cc3c764670e19e54b85520beaa9522da936df637473a60a8839dfa4c6316fb0dffdf2c0cc6395942dfb6a5e1e8c1385f0739c261f4e8b279d1aa73328313e0f2f7964eff694e5153e891c7
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 73526c7509723c58d3e39ee589e1269fad4bf17645f5955efbed81242f695d24
+Nonce = 3f06f1b2a97772134d707b94b5784af0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2763191f72aff6bb58acfdacbaf5cb7bdecd58eb9a91180d62cd61e0b31b42c9dc8778855d785a6ac6540a2256b2b91f505ff1936d2bcfcbd9d546428a7ba8943a166cbf49b21f70171fdba04178c161a6cd8de783243cdf59776a6a82b8a6a6530260537b7a4fb6ffde5de32987a2
+	C = 3f67a09f0ced66c27ae9e26e56075257604f73c930ab6f0300a4c3a6dc9616efe0fa36212f34097ce9cb185b1e87e6cba97e8b315cb094d63799656cc72973d259e9a706f1d15c9f84e51f0ee2ecde74d7a48ae51e95a54a769a3be900340fe28976281ab437d278cbbaf7d628da7a
+	reseed counter = 1
+EntropyInputReseed = cf4712e5490dbf42f995106339c964afe4430d1e380a014ce8a0fb5b1057fef1
+AdditionalInputReseed = 1d4fc33c9563543c17c6216e8d969f32849ca232fb5b42e505af6d96318c93da
+** RESEED:
+	V = 409971515fd6b1b999a759c26537f800f57786457740f321c56277efa2d46bb6473dbb1f64b97741aef4107aa57b63f2a288bf6c9e215f26f061fa07af491413302a0b605ed02f843fc1cfcae6c628c375b79cd144d33394f33419fe96ba9b43a5adc7f7bbe4844488d2cfcdfdbe79
+	C = 273c11f55f860df10af17c3c399e5ca4032d51e535fede9305849fe9cbf1068c11490504f0b9d622c5283e0a5aa979dbd3244535674c92e58e2fec237e7253d92742a3a502f32780510cf05ed9cc3dba9a55f8db01f4b5646cc39354e7378a939808697631afec32f7e31112f8e839
+	reseed counter = 1
+AdditionalInput = 9f488da135de413e746a367685eacd5c191209ba0458565285419f6b950a3ff9
+** GENERATE (FIRST CALL):
+	V = 67d58346bf5cbfaaa498d5fe9ed654a4f8a4d82aad3fd1b4cae717d96ec572425886c02455734d64741c4e850024de9c8510c15942d67056a626bb651c040d279f0a1c3b906d70c68b5163c90e5f950f4bac3e8aa1a91c4f986e06f288bf51e4c1071a75c17ce03a3f57b8d77d3fcc
+	C = 273c11f55f860df10af17c3c399e5ca4032d51e535fede9305849fe9cbf1068c11490504f0b9d622c5283e0a5aa979dbd3244535674c92e58e2fec237e7253d92742a3a502f32780510cf05ed9cc3dba9a55f8db01f4b5646cc39354e7378a939808697631afec32f7e31112f8e839
+	reseed counter = 2
+AdditionalInput = 7b48678423b711686b91cbc7f5ba2750e06ded99cc9f3b7fdcc2556f0998b243
+ReturnedBits = 3d321a56cb18c6d69fb68e38c0c08d807618daf05458c2dd888a467e3f4445135a782f92e67b945cb526281ad6e9776bdc7d52040bb4e0b336b1973dee6c281cf40421b016341bca5682240aae04fa097a46f4ac6852ebcf0ad9dd171bf9f844e01f846c60288b57459bc9cc0117d927a6315aea908dea843d526f214e9c0e46f44de6f037033c6ed6248cb32b06efc77ea26cac01260342daecca664cf1ad1b048c8715b40be06c78eb9a29b4b9cda6240b93087e028bd8824c44311c016810634cb7ef06aace61d8da758194ac831223373752cd0ca820d822cfe719058b4ab040361480ecdd7a7cd118a6c882d745a88b9c13db96e6788de7794ba94abc19
+** GENERATE (SECOND CALL):
+	V = 8f11953c1ee2cd9baf8a523ad874b148fbd22a0fe33eb047d06bb7c33ab678ce69cfc529462d238739448c8f5ace591bffc5dbba34f05c2249edfd62b88aef651093af2acee3b86d61a77059bf4dca38c3edf2d4f4dfc47ee26361aeaba62352921b115a77e3873029a7b4761fb3df
+	C = 273c11f55f860df10af17c3c399e5ca4032d51e535fede9305849fe9cbf1068c11490504f0b9d622c5283e0a5aa979dbd3244535674c92e58e2fec237e7253d92742a3a502f32780510cf05ed9cc3dba9a55f8db01f4b5646cc39354e7378a939808697631afec32f7e31112f8e839
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 5b8230da2790d030ba7e57c509d3bb2aa95aab5f788e61789d7cc4dc9cf160c8
+Nonce = 13948f391e6a40b9f3ac36d79c082804
+PersonalizationString = 79d362a64ce266dc571e112c644560db9f7d84bdca9e03c4aa60e8a98162d541
+** INSTANTIATE:
+	V = 3d6373ce8a580e9200a359bba968dbed0f4b105db53cab7b6451b7b1d820e970c42bc4bb0855ec8411bc9418e443fb1ee180f12440a32f2a52c522e6c2fb4aacbebf10ac9916b15ca5755b3946342140bd9e71e8aac7a3a7fa960afa1aad0c8c1747429fa5f204851a218cafa53ba1
+	C = ec77a255ea56589ea418536ec2413577f7c595938260e8539e839e77651b76cfe97997f873104ccb3950c60cc2e35ef07af769bf881aaad7d714be9d5de1858cc2cdce851d057c8ea6b0eae1bc49c34120848a75d1ef257b88965cfcba97d9eebfd8f752fcb31d47db80451b5b1bc1
+	reseed counter = 1
+EntropyInputReseed = 49a4c9ed852897ddf143b8e1db3008e1ea1d04829f9c8c49026c96586ad005cd
+AdditionalInputReseed = 
+** RESEED:
+	V = 77af661386cce1c9c5121c82c11a5c771ffbc7cadffb4b4a6a02855574271ec47a242919c76e968c1cb12d69e5db309a26c61beedd140e59c983edf53aa346cfc98951125b274525a61fea63028d698c5746633d85d9bc9b6ca96ff162074139774d006d96c0386344f32556e8217d
+	C = cfeb0148618f345395f42b6c0c504fc5aaac831c98be502d7f99e37d86639abb4ee06cd81edc4f0ad739ef5de502f74a6a26a33dd644b71c02bd4f1c82edf7f321927957b22da3edfc42b8d73061a96d8f38f6aace476656ecc94cb833631c48288853cf2e3bb0f3e8e8eb22fb6552
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 479a675be85c161d5b0647eecd6aac3ccaa84ae778b99b77e99c68d2fa8ab97fc90495f1e64ae596f3eb1cc7cade28b3b28bb67f4e57c325ee39c74dcba146994988bf85faeb5f64689bc1ba4245f0779383df5a94f1d04ca8a39b926f48e0197865cd98bfe7a4c1f8382905842d5d
+	C = cfeb0148618f345395f42b6c0c504fc5aaac831c98be502d7f99e37d86639abb4ee06cd81edc4f0ad739ef5de502f74a6a26a33dd644b71c02bd4f1c82edf7f321927957b22da3edfc42b8d73061a96d8f38f6aace476656ecc94cb833631c48288853cf2e3bb0f3e8e8eb22fb6552
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b0e432813fb600f2edd22abb283867cfbb22bea8871b22a9cef78ef97bf178ae26c5b062ee007fee9a7fe2be8e72d22d225fc2305d34119cde21f927f67fabaf455e77ecac534a36f445c62dbb29f91e6169972f7d2f3cbcba40319f2fc48c532cb6ed3be47980b2326815c7ce689acdba1f8fd9410612dc9a7f6e611a062311f41069f5f108827c30b7962b49c7f70be4e9504f729e66b7af3d5c3de45c4722bc04449735a4864818b920903a649cab961ff8c68973bcc261751c3c6bf2f1101799e1b5eeb44010937551f1c5f1fcae2a6debd2ca8dc3e287bee716cbac7ac8469d13614f7f3881fcf93a7a0f36e7f2e822792e38b1b8ead6e2563fc1b3b7d9
+** GENERATE (SECOND CALL):
+	V = 178568a449eb4a70f0fa735ad9bafc027554ce041177eba569364c5080ee543b17e502ca052734a1cb250c25afe1201e0fae52d0074b4ee2b67d66a8660708b3131ac386296ad529cef290ecc6f23a999322bc70c72379d9840c1e4adf7a15c622f5165661ab378960a5c0a9e8c8d8
+	C = cfeb0148618f345395f42b6c0c504fc5aaac831c98be502d7f99e37d86639abb4ee06cd81edc4f0ad739ef5de502f74a6a26a33dd644b71c02bd4f1c82edf7f321927957b22da3edfc42b8d73061a96d8f38f6aace476656ecc94cb833631c48288853cf2e3bb0f3e8e8eb22fb6552
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = d9f3cecdec6989da44bbd391a12c248f1e2771a1bad3d7e69eaedcd4bab9e3ca
+Nonce = 926c38bbbff0714cd1aa989c71f42335
+PersonalizationString = 4e0916b00ec4066a1a9e5df71e1ce2f8e19f774e5853be4672d952328fce2037
+** INSTANTIATE:
+	V = 79edc268ecc7a26db8378b453cf6294ba0c2f5adb1e2faab316c836fa619414e4116bcad3bfaa7cf662fca36dfcea179d2896e4b069e56239c1013375964b15bdc8026c5584ab8d5d7b0417db82bdc16caf72efd600d4ed3629d28929156625c321404809d4f6ec94b455a48a91d85
+	C = 772028071027c4fe869bfd86e064d33bf6a3a7186ad68be02d81ac3f9437c599f99bc1f9ecb065c77debee36331f1d9fe267200f9b2b4edf19bda48a48aeb2920054e798762bed4d8c07a85d0ef95ba058efd7131f6082b1d32421942307c31617de0d1290330941d9c50b6ca8394f
+	reseed counter = 1
+EntropyInputReseed = ff0280f7f1a06adee613ea1d94f5180c4bc42c65225f31cacce016c62d6a030e
+AdditionalInputReseed = 
+** RESEED:
+	V = cd3658bed8d0c00641288fd73e5d74feafb1ff015b93d48d443ef79b3ba896a4842b0b17791f06e5a4315604d2b2f81cf8f5ef896bbc991985640b9b511b4a438ac74d5367142c42782717f55eaa7218499994c50c28193ed2f5119bd901b9c54aec6d2f110f14091139daa540e3b3
+	C = a4219aced0bff62098c0e15bd968e7fb967fa6f72f54341fb1a03974762acca68d535a98b370d7b8667a6ecd36a1869879e6b5982bcf38e493efb969bc2c30df489b05f47ff47d65e14fb45b85508d83669b40f0b63f141851c13891fd833eaa13ef15b0f481c84a832a7ba8ffe3ee
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7157f38da990b626d9e9713317c65cfa4631a5f88ae808acf5df310fb1d3634b117e65b02c8fde9e0aabc4d209547eec5444d2150f92d59d6c57481a63f4fc4b8ab2534517e068c11f262a3fe213db3aced6ea5450077fe9ea02c7aaf71265f0a0c24dde002474c9fcd4d9c4f9cfb0
+	C = a4219aced0bff62098c0e15bd968e7fb967fa6f72f54341fb1a03974762acca68d535a98b370d7b8667a6ecd36a1869879e6b5982bcf38e493efb969bc2c30df489b05f47ff47d65e14fb45b85508d83669b40f0b63f141851c13891fd833eaa13ef15b0f481c84a832a7ba8ffe3ee
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = efbd1c73ca54e21a213f1e9b2bb5e059943542d5a5c01b75ee4ebd02ed8d97841fb6f6f1ff360fd25c6e8af7433024a28530b8da744e2db050659619ebccc7da4d344eddbdef9927e632eebadcd3f86444f1c19d5b34aacb61c2b20e81ef79374c71aa3d58f4cc26a41081d4c32184eca991e7fa09ae4861dd777eb610a5bfa6e6464f821b6c8c3f4d01e6cd714fc04676d20933580aba905df50de86888fc8d1f3cf3ff1a2b6efad3902b2e2ce4c96ef04087de1a571e444735a4838a192431dba7294dc1e49dfcb1533296fd93cdd5426f5aa40917434bfadb66d44309156b41dffab745210bd5854b5e25925f018ab0ee2e457477194d98c163df52921413
+** GENERATE (SECOND CALL):
+	V = 15798e5c7a50ac4772aa528ef12f44f5dcb14cefba3c3ccca77f6a8427fe2ff19ed1c048e000b6567126339f3ff605d01224253139cf563db331bf4afbb2d50b417911998642bc770479fb091c7bc01e759ed5c114a61d75ebda928f39626d7f4c25a268225c633540fc7a527179c2
+	C = a4219aced0bff62098c0e15bd968e7fb967fa6f72f54341fb1a03974762acca68d535a98b370d7b8667a6ecd36a1869879e6b5982bcf38e493efb969bc2c30df489b05f47ff47d65e14fb45b85508d83669b40f0b63f141851c13891fd833eaa13ef15b0f481c84a832a7ba8ffe3ee
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 9132b042b72aaa98cb9eafa4bb12c3b4f9b731a1915217e7dfc4f595feaa8759
+Nonce = bb8803a7592645d73e81a5453732a060
+PersonalizationString = fd7553348c58cc4f0df621ba958808a7a2bb32ab87c6b329367cc33db00cd1c3
+** INSTANTIATE:
+	V = e16c4140f7c8afd255bb8b0ccab850a85df6b020781181d302b060e6d2bef03b6d7959d2e15abccbc676d0d8e2dd81273f1e89a9a5ce21229849b6a94bdff420f2c53238e8e6a55d498ce3fe5e51886085c8756e0017da81784137433cf519b6f86e3931c51b02cc99909fd77c66e8
+	C = 767abefc2b03c457f1e546c74b1e4eb65875fc633701e5b62de4afad6bcccd88d9da42796dec4401f2fe3265adf87810e3463823abcb83fc0e7b5a807f3b9618ab598610afe95b2e56abf5dca23c9db9ffe01939339e9a58c7a41497b568b20a203aab2d3c38659e66f2848c8d3964
+	reseed counter = 1
+EntropyInputReseed = bab06704293d1f066c4bd22392498ca99271ef0163a79b19b3806b200cff0df5
+AdditionalInputReseed = 
+** RESEED:
+	V = 93cd0a1ab92c453112eb3047db9cbb369a5260f3b28a70fadcf2f09f650ccd87fdcda1ee29eb73b942385233ee554ba455476c7c09fbde5bf59c714d8b3de69eaa9eb70c743627e867bfc9282e23884f51785a8f0eebe9ac33a2d130dcc0552cf76ce78eb0f59fb166ad61aee95bfe
+	C = 6f300c91eda046968c358f52d33fc76d5152cfe945925b4a294fcd211089b23c7b909a434d2e99c223085b8f107a9e43bc8446beac556d5a64747568689e9ea0da980edda6554fe95c6e390355f9b4f47121eb80b8079db135436e49104ff0dc44cf6f70945da860219fa81e0f7345
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 02fd16aca6cc8bc79f20bf9aaedc82a3eba530dcf81ccc450642bdc075967fc4795e3c31771a0d7b6540adc2fecfea22bbcd9ff2c570670edbc8ddae945440cadf0b3f5e79d1e7b1743bf34d0f7f9cc67f1615e975e3ad79ce78045ba1cf168e915f7b7424faa7a7f5cdfc89e15671
+	C = 6f300c91eda046968c358f52d33fc76d5152cfe945925b4a294fcd211089b23c7b909a434d2e99c223085b8f107a9e43bc8446beac556d5a64747568689e9ea0da980edda6554fe95c6e390355f9b4f47121eb80b8079db135436e49104ff0dc44cf6f70945da860219fa81e0f7345
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d6298deab9d5225412480d310ef9e78f0c446fdc3de690dd36278e55e8bf885db05cf2423c6cf4274379af967f1511ddc0371e5947c372eb95d82144e98355e60d9456c2689de50cbd2b560ed98e7c757430d39524ed990c61d942094dcec2ebc0ce86f60d80198ef46f1664f73ac0d4ef5d57b06715e1a2ce2a5c316f2b1f4277442be9c2afcae848b4d060d9c976601aef1b109214cd7d437e35e5a3907851fee9ad5828391d6b936ec91785d19950e281268185e93d189314e55124aa8b85c06d332cfa04592e953e6c55f11328e2d1d3f62dec78884f9d468695c267201a52dd79a38029de8cee00113c99d99038f44c88684c28937ea8e883b6c4d5bd24
+** GENERATE (SECOND CALL):
+	V = 722d233e946cd25e2b564eed821c4a113cf800c63daf278f2f928ae186203200f4eed674c448a73d884909520f4a88a91a19060497096e032f6d38050b3d4b3170e040f392e00102911bd27d0e56aaea6e26ead6554a14b1484d41a93d635fbb51c4f97083e16a5ed05882766ae532
+	C = 6f300c91eda046968c358f52d33fc76d5152cfe945925b4a294fcd211089b23c7b909a434d2e99c223085b8f107a9e43bc8446beac556d5a64747568689e9ea0da980edda6554fe95c6e390355f9b4f47121eb80b8079db135436e49104ff0dc44cf6f70945da860219fa81e0f7345
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 5432d72c476f1f0926d93711d7122b407576764f8aa338e27afc740b50cc8344
+Nonce = 15f91f5f8cf51420e2674a2cab47a642
+PersonalizationString = 76e6291efa26a99b2c427b24900647077f5b47e4fbf4c43e4bf0b182023a1754
+** INSTANTIATE:
+	V = df4637c5ac9330a935e53e765d57f485d539819ad7505f9dbaca997a30a889b56e7157a92160ca7e9219bd5396e9aa08ac3136baceff35a4a7a5abbd1e393419ea0ec7cc417b1a722460d9fab87072b1545a3043b9176e5809ccbc8f99bd39a8c687001a9951421364d50294211462
+	C = 171a09ee42f8e4891dc2039e51896943b3fafea168c2a63de22e5827d5a4924bdf28780ca320d51953329c08a5ed8671fae92719c49224bb1fe84b2297756abb5363aa418e036926b6dbb3ae1688f3dedafb429fe71d3834f249421726fa2e2ae012c10bfbe0748c9f14efa4ccd867
+	reseed counter = 1
+EntropyInputReseed = 963f91935b1ca893cca7bcc2c6edd0d875af46e85c947ab25d7ed41cab8c7eca
+AdditionalInputReseed = 
+** RESEED:
+	V = 667057fffa35acb537cf953f37a1648edb7cca4ff9de91d2bad1de8ecdd39452e8fb63cea53c6cd4c3849f068d09d2f252124055f450942f39f132fe9e0b34f34351cd5f3b8c1ec5b5d73b364a4ef5890bd52b649bfc9c008f98518332fffcd48a941ab460c634068db51276c9dbd1
+	C = 59aae4697c6fd7c47c4ecdf0fac83c8230d33fd51f50e9e6fcc15842b974ea4a76239bd965d3e6b8dc606bc15d51fc59a5977b4ef44912164182bbb1ebee5bcc20463a708fc852e9d90199b45284102b941dd07f12ba350f8d477a95128e128f08eda1ca0dea25d1ca0c9d80a4da96
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c01b3c6976a58479b41e63303269a1110c500a25192f7bb9b79336d187487e9d5f1effa80b10538d9fe50ac7ea5bcf9643aa533edab3faa38877ae40769a69c1fcecb18bb4153f082c63c7714067b1da781bc0b17f2940dbdc713896f0fc4c7eafb115c7be6606437e1dc143a3122c
+	C = 59aae4697c6fd7c47c4ecdf0fac83c8230d33fd51f50e9e6fcc15842b974ea4a76239bd965d3e6b8dc606bc15d51fc59a5977b4ef44912164182bbb1ebee5bcc20463a708fc852e9d90199b45284102b941dd07f12ba350f8d477a95128e128f08eda1ca0dea25d1ca0c9d80a4da96
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 426e4425af6e824cf04dfdffa541659f8bc9ed1041a3397ff4cd00414a1da55d0b3fc375cbc64b69d9fac0caaed81dc117355428e570f2dbaa621bc9e45c6009a0501e023b6b83e9ac12eaab226b86645ac47d5634125204653ab79f5cf99e7304bfc732a18e2d700c96e9f836a8158ccd53298f90be418915e0c714faa59407ba396bd43bd57ab0c77f63b830565caec9448f37eaf39bbfc5ae68345702adfa8c9e5334fe93eeebf40a15491ba23c0dadddfbd47c52a627cb0c3baae3893adc48a4a0254de9852f0adaea4016295397b3328af9ce2375b6a0858fcc8683b6b8619a2f7836eec4f85d2b4baf1f54942dfb1381b23ed53a6bc30967bb617ab0eb
+** GENERATE (SECOND CALL):
+	V = 19c620d2f3155c3e306d31212d31dd933d2349fa388065a0b4548f1440bd68e7d5429b8170e43a467c45768947adccad00ed51278d4658c75845614a0f4f96042381e7564271bed7c7649e9079b6399d00bff050cef8dc4298163e3e74a8322a32b032da7601bdfbce3607abce2a2a
+	C = 59aae4697c6fd7c47c4ecdf0fac83c8230d33fd51f50e9e6fcc15842b974ea4a76239bd965d3e6b8dc606bc15d51fc59a5977b4ef44912164182bbb1ebee5bcc20463a708fc852e9d90199b45284102b941dd07f12ba350f8d477a95128e128f08eda1ca0dea25d1ca0c9d80a4da96
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ead7ab61abfc6279087da71c96b61d659967dce03731830e5f29369e5d5b43f8
+Nonce = 954bbf723d2dd061851d0764bcdedb13
+PersonalizationString = cb1bb9ea3b670e6d6e7daf6370ae7cd15c6691360a6cab413d32c1b9e781e86f
+** INSTANTIATE:
+	V = 843376eed37262a827972f4619f1d71552acf20830756700b1af4e2d0191ee4edd250b370dbb451812503ab3218576d841c48cf3c10cd0cc7c8c0de33fba551ba97048f28ab444c02909e066d55797fd66b7d0657b02e3b07003822204bbe74bf0ca2a26bc39dd4b95d50683939e8a
+	C = bcea11d00c454ae4d86055af40d09c8564fb8b8218049f70f40905c2ca5316cdd0239d672efe73fedcb9380537b800275458cb6e546fe74cee694cad1aaee5194013a088051904fe6924d41bc3f5279916424cd5b92a69add6c2cd1865a597e1daeb96dd414f0bec37157393048cf0
+	reseed counter = 1
+EntropyInputReseed = d3878d88a698559ab425460658cb6f15fef256e97bdad5d3eac68c20bb602030
+AdditionalInputReseed = 
+** RESEED:
+	V = 1993672e29256f8fb6d30d99b544875150a31ac2b6e9fc12abfc8cf19c1fbfc26d9ab48793cad0ebefdae19e50f72702ed96a6f2e2516d2f739ce93e1af9247b9c5d115ea319f1a081a6f3e00441527222caef24c3c386831103ecac56264887cb0104bc3f19b5d4c7527c6331243b
+	C = f9a5abb0a2baebee0eb1696579d4f6a1c446edfadfdd08bd84a4d40e8b59dd505130ab36dd9ca70535eb9f8bb5f94122906689a3ae819002ff09a67cf6d3c8572cd5250ede174cbd7cd6bebff96b2208b7c44712c8973b2073fe6900155a1f842b67086e88d91978cc800d138f19f6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 133912decbe05b7dc58476ff2f197df314ea08bd96c704d030a1610027799d12becb5fbe716777f125c6812a06f068da60ee5b13c9df117f75107d955cc8c55e2c4d1c174050fd397bdd581c1224c554e5a1e8c9ef837138b21da0a3868befcec75c232fee877a75a0f81e9e32bbbe
+	C = f9a5abb0a2baebee0eb1696579d4f6a1c446edfadfdd08bd84a4d40e8b59dd505130ab36dd9ca70535eb9f8bb5f94122906689a3ae819002ff09a67cf6d3c8572cd5250ede174cbd7cd6bebff96b2208b7c44712c8973b2073fe6900155a1f842b67086e88d91978cc800d138f19f6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 104a753d8553ffdfb0a0b32568fca2c12746fa16c1fbdbf152ddd1734c2f96507c39541a7e0aa5e0f0c51d4cb4bef0fb40651eb68a82ac80e51dc1ed0f4983deba5f341d3660f9010bda22e72c794a4e63c40d165ba8c8c3a28bbbfdb5bc423287e3d89dd1ac02eb6f305124d73ecfc74bd0d40bd889be977ddd8b33c68b271b3bbf8bce203b650c359e0a561dc5d10b5db0a8034a6e9a68deacd10ae2a39d4aa406162f50a208c888cbd7f2ba38fd27dda566dd0726bc51803ef49ebbfcdbcf1922e05f160d66983a8bc9f1d08858a5be502e662202bf61b0f5c8b1ff780df547f2289f1e127d941194caf1492229416c9e78404b3dd23bc4a62635401baa1f
+** GENERATE (SECOND CALL):
+	V = 0cdebe8f6e9b476bd435e064a8ee7494d930f6b876a40d8db546350eb2d37a630ffc0af54f041ef65bb220b5bce9aac1e546d7e642b312f36648eeeed22c8b06677f92e2b06fea56d3449c731587d777fabff4c8716ed7483d98b7424b258d763294008feeaedb02aaa98800ca52d9
+	C = f9a5abb0a2baebee0eb1696579d4f6a1c446edfadfdd08bd84a4d40e8b59dd505130ab36dd9ca70535eb9f8bb5f94122906689a3ae819002ff09a67cf6d3c8572cd5250ede174cbd7cd6bebff96b2208b7c44712c8973b2073fe6900155a1f842b67086e88d91978cc800d138f19f6
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 356391c1229b57db3360f0eca03685c3f1e424ac1c3d69834a9e26043f99ee76
+Nonce = 914ea5fb98d2c75298d4a640561a0ac0
+PersonalizationString = 8a6a08c71199a7af974e3917fb494cde267b7a9b897b4f387606b757a4d359bd
+** INSTANTIATE:
+	V = 12a17ec380e23596ac0f776d4e73c5ce9448e9806e699f855996652227a8f7c27811de6fb1b99fa72b01f380c7d180a1d21ba4b4d1c4806aff61e996d8e0e84347fd4f59e41d44acf1c3c3c0084be5860c9e4e3a57ad6660268d2dbe1c26e087cf5aa40613e84d09cd653314263be7
+	C = 43649de8fb46cbc5cd56a7bd80f736b41523049506009a08a338883d7afec28c572993d750489fa8241f53a4bdc234cc1ade8aa90f65a7855bba9b70dd53d7f321b091689409376d6bcda4713278cdd0ecc6c4208325113f27a4989aadf4003e868a7c1f2b20ff9c6532ca9a2b7429
+	reseed counter = 1
+EntropyInputReseed = deaf127a755f5db2f324852746139987a96e969c9889139d5f235a25c5784296
+AdditionalInputReseed = 
+** RESEED:
+	V = 89f81a6e36528adbb95ab6d9d1a60691495392a0f37349f787a01074322fe7325b8c17852420017b6fd0e7852a93cac706628ccc7aa7099c0349f3309b614139a6c32476d6072e22ad1ff2e4642262d66fbe64147fc23f4e536e8c6d0327082433dc4b6ccd6bd36b065b7405453efd
+	C = 6997065eace61be3087df6bd52ab7aee241edec4252b8bcc1da91ea9c5308713078442d1cd245abed943f58ed7556f5a99e914878172eb676615c8f28f274e1fe9111840c955aa9a674603bd311d076d60084b886fb0e4ee6e3103c2ba868c032a97cbcd93847711eb0249d32c8e55
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f38f20cce338a6bec1d8ad972451817f6d727165189ed5c3a5492f1df7606e4563105a56f1445c3a4914dd1401e93a5813443a8e81cf9338be87e9d9ffd1edd5720fa66de03ecd10297de5e7dbb3fbcf13e2abe27c0167aad0b87c8a765113736d5d9b98f39b1b014d0835c693216d
+	C = 6997065eace61be3087df6bd52ab7aee241edec4252b8bcc1da91ea9c5308713078442d1cd245abed943f58ed7556f5a99e914878172eb676615c8f28f274e1fe9111840c955aa9a674603bd311d076d60084b886fb0e4ee6e3103c2ba868c032a97cbcd93847711eb0249d32c8e55
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c887dd1925e856056cbeec8f1dab7fccab4f6e79bdbbd4692cdb3874bc62094cd4766471d1688d3c2cb8f44893ac948072efb69d30107a18656269bf2c66ef08cbeab2f12bdb59c4b65badadefe8e821df17a21505e8c8809c0c7c6558e5e9acfbdaef92d311269c9e2d38f153dea1755a6bd772aabe5981a957cd0853ca7478a9307c098771ff0ca4bc75193e4924391f05f4f861a95705916733b7ca1fa4e3c94aea86f85b7a86040ee8ab0f0faff7e52435ad13fe38acf2e806fb88b905343ed6d1d63e6e58d93e4d1625b7df728f5994e08fa382ccaafca2e91e91823fe3d357ce44b93e5d0e366c5072b96def06080089283a22e5c4063d946cb5855e3d
+** GENERATE (SECOND CALL):
+	V = 5d26272b901ec2a1ca56a45476fcfc6d919150293dca618fc2f24dc7bc90f5586a949d28be68b6f92258d2a2d93eaa7b0b4a4466a3dd12b2d3ae2e00cf5807dc3731b9984e57f0edc53c2f6374c4bf4f9e668cf3a368603cf7ea0aa5abe47f26f388b78f6fe60757d4978abe5fbb4a
+	C = 6997065eace61be3087df6bd52ab7aee241edec4252b8bcc1da91ea9c5308713078442d1cd245abed943f58ed7556f5a99e914878172eb676615c8f28f274e1fe9111840c955aa9a674603bd311d076d60084b886fb0e4ee6e3103c2ba868c032a97cbcd93847711eb0249d32c8e55
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c1215ebc843083c0912254810c82432f607a0db69e28539da436fceeb2a1d942
+Nonce = 67349c8a9ef9aa26bb9dad28bc7d6dc9
+PersonalizationString = 1737376eafb863215d7586de466199fc2941cf13cc391cecd5aa7266664e4b12
+** INSTANTIATE:
+	V = 8be7b7259500200ab23680fd7d3bfe95d7c241b44146ac85910bf101f68d7c83f82337f540d5ea5d04c0f4d3a17fa56ea33360ce6a2d097d487d5de13a46d95a3406da88b8fe26c8446682ef91dfccb5c95fc1fe8accdfe7704c78e74bf237661be40c4cd1fd5d00661d2631e0ff06
+	C = eb1774a08924b8d6713a562a60825300d179aec33ce382412a7f240d20114a16d407866a03a32ec5893ed45d20b22a2c99ef22cc68808c26e5192fcf25a1a1a097b3cd96e72eed1e052ca2c8db320b255db9e133d431e7241a90502e165d3c53a5f99d504ce1369018a4ed5579d6c7
+	reseed counter = 1
+EntropyInputReseed = 7be2d4d228b99561032a656e88b7596325b4fb2c3be79921b15f42462c7bc727
+AdditionalInputReseed = 
+** RESEED:
+	V = 588916823767ec16531d8e5c520b3bf73d5e39b22da833fa7996f2ee6619293de0526131a1428242e270e0d60b9ab6bc3e7a0e054f8bb3f523e7b9dbaa00ee6f8a865bec2cb32981e1557d6e1c01faf99c6edbc70edc5ec8f8a42e1a199e692d1993a0de0dde85b98ebe0be944653b
+	C = 6c0554c25b4ce16f2a57f244ef35bd25f8a6f810c02383728f7a89afb701abe0ede55cc0977e9b4a2a4970baea9b7db0e9c63d02b84a484617d7039513b19229fa5c4730a94768ab79e61b43748bdea4c43bc150acc360461ed1fa303d4ff7a6d15d9637d2a835eef745072b9265bf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c48e6b4492b4cd857d7580a14140f91d360531c2edcbb76d09117c9e1d1ad51ece37bdf238c11d8d0cba5190f636349bd2a8c8bd110831bd859cf0c2a614b260f46a3ee170057996da166ba5f9da35bc51a3da78dbf4baa764f0d12506c19e478c86cd786f974b6f84ce5c191bbbea
+	C = 6c0554c25b4ce16f2a57f244ef35bd25f8a6f810c02383728f7a89afb701abe0ede55cc0977e9b4a2a4970baea9b7db0e9c63d02b84a484617d7039513b19229fa5c4730a94768ab79e61b43748bdea4c43bc150acc360461ed1fa303d4ff7a6d15d9637d2a835eef745072b9265bf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 42b1c733c43dbd47618dda3e4b7b38a62910a688c9b7139817adc7b26b64e94f9188dbcfc2055f3955963a02dd81eea527aef694d3bf06191068add9cccca341e364e93616e32f03976727577dc7b9ca26cc9a6b1de6ca0ff5c9577d8eae40841cb8e51f1a92297a3c998b528855cc4118ffe87bd48f9eac349d6a7118b7f760117e982539e4c4a2cc1e77011a05ed45ec16c6356d9ad08f620074f948ddd2fdf78f3f1bff0d9454f9b6de8db5e3a4d59bafb8c441e8f92b086812012904e70b4247dfc09b63a8ccaab8fd44c6705a613371f3e5703c3939eae01fad0526b6bb27b886e2b5263cddae00aea907c813f495f707d275207f0ce6a598fdf9e26dd9
+** GENERATE (SECOND CALL):
+	V = 3093c006ee01aef4a7cd72e63076b6432eac29d3adef3adf988c064dd41c80ffbc1d1ab2d03fb8d73703c24be0d1b2f93b61afa7e9c15e117f64df9cdcbbf7c0559d91feeb995d3ce3d455427fbffe0f8d87ec41b310df71e4000a53a65bddfdbca52299407317ab38be4e56c94d35
+	C = 6c0554c25b4ce16f2a57f244ef35bd25f8a6f810c02383728f7a89afb701abe0ede55cc0977e9b4a2a4970baea9b7db0e9c63d02b84a484617d7039513b19229fa5c4730a94768ab79e61b43748bdea4c43bc150acc360461ed1fa303d4ff7a6d15d9637d2a835eef745072b9265bf
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = eb305333a13bfad6c79a12caf1479fda7c6e6734b46679ab46df75d743533f49
+Nonce = 40b8c53d937e9dbcbe809683158212f9
+PersonalizationString = 225781d466bfa08e6c19e12d3be83221313527e86b952edebfdee61073f77596
+** INSTANTIATE:
+	V = b756939a134ef9a96dbd28c4b00bb20f8b36546553c92412476392dc31d5b641c1ed1340a511ac6406edf106d9316b0d4110c6acc2a981eb614128c8d0bba0461fe34062f88e608cd624acd5f393df7ff912c0033ba50587cfc1905642ef9005284c6f8c45800a85af5b33cd21423f
+	C = 029a75b540fe76d385050eb599628813ad7628d7c426a27a754b7b79e6162c27ff8bd5d62c30c8c161c2302c32063f46250b7de7deaa30606dfa271cc259c145b4c8e294114fea12633082cba792f8ee6af3477a845b6c29ec4baf5b851bddc62d79559cce42bfe4b2be4f2978d7ef
+	reseed counter = 1
+EntropyInputReseed = 62ead56bc719916a15ca7d56425e3b7f6cc1594c39c89150e3fbc37d7d4f07ae
+AdditionalInputReseed = 
+** RESEED:
+	V = 7d2db4fa087d8a564fd249b2071a39e370543eb3ee3b41ac13c81bdedf733074dfc020cf3960eae3b2f6a0ead32dcef0ac4c06c580540c7b9d1515e858511e7fd71ab138e814cd2b4fa55a703a458907fa601915dcb9790dd155c7cc3437ce5cfef52d2f74cd8ec9327d28a7386881
+	C = 6798749c6f7f20d12e5335b0f7e0db011e0a2c7f3e7decb89f5aac811fcd1acf1a11eb4807fee873d92bc4ca4f51f89bd53e015f218c62708e493cd2d9eec3f93e9c4c03b0bb7a57814e54186c06787b20e104ed30ff2a78ad19df3f38d2dc9954e3e270633e108a48ed1560a6609b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e4c6299677fcab277e257f62fefb14e48e5e6b332cb92e64b322c85fff404b43f9d20c17415fd3578c2265b5227fc7caac9d23fb0583f29e4696f532c7f0ad3984f4e6cc517fa41e748e8721fe42334193cad5bb5be4d820e7e933055bf399df3b1b745a13edaeaf4e564f3f9aaa9f
+	C = 6798749c6f7f20d12e5335b0f7e0db011e0a2c7f3e7decb89f5aac811fcd1acf1a11eb4807fee873d92bc4ca4f51f89bd53e015f218c62708e493cd2d9eec3f93e9c4c03b0bb7a57814e54186c06787b20e104ed30ff2a78ad19df3f38d2dc9954e3e270633e108a48ed1560a6609b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fffa7156fcdedc87aa3ea23cee16234edf95b8d504c0fa2de9bcc59e06b6f8778acbfd17e8c7fa32a993c4f7d0b52ee4a768fa1e3388c01fc84a53ef0370bb017411fb45ff7a38e79ce91e63c7d92267f5b6051d7f51ab95b7490a662038bde192361168f26ee5b5aa6ffcb5417dab81d8ff605258aca5654340c69cd7bcc37ac2fa6f9dde4540f29efd42a65818d81068f306d7ddfc82744e2c3efb6b6bcdb4bc2937fe3aaada0e6733df65982e520be5b5abeb2102dfdf0a68a974fb5bacbff2e251969bb9b6baf72179540ed8cd0daae1767f065a6d11095a35504e231a74eded7cfd285bcdba0604dac3f1e8c69d43dcaf0435be46d8b51044a35364cfb0
+** GENERATE (SECOND CALL):
+	V = 4c5e9e32e77bcbf8ac78b513f6dbefe5ac6897b26b371b1d527d74e11f0d661313e3f75f495ebbcb654e2a7f71d1c11688e5b2dc1b1eec074cb44c1436f06ddd847533c784af40c7d7e2cf8bb83e57535e113a8e66c4e79eb53b2d86c39c0a0cc509e3be4b5ac1ab32b6013f0f3df5
+	C = 6798749c6f7f20d12e5335b0f7e0db011e0a2c7f3e7decb89f5aac811fcd1acf1a11eb4807fee873d92bc4ca4f51f89bd53e015f218c62708e493cd2d9eec3f93e9c4c03b0bb7a57814e54186c06787b20e104ed30ff2a78ad19df3f38d2dc9954e3e270633e108a48ed1560a6609b
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 47bdb61c7cfea6ac4d5e0a6da42141003f400a932e1249d8415e6e89a326eda8
+Nonce = 4534ba1cc278b7200ee9a1fd3b4a5749
+PersonalizationString = 66415e8fca06441dcb914613a5c25f923155082754dca7d12aa03759e7fe060f
+** INSTANTIATE:
+	V = 37d0d0714d9df1917f8972cd1497e10f6f7962255ea86a6285d2e15cc49e30d505132f172357fcc217a49872235961ca3f9fcf77a92fb13a9b0ea9087f4b669fde3de1713698d610f0d97e57c496e30c8945cc54a6f8ce38b074e2f6b2ecd7ead7de62a56e56e546d42487ebc86b97
+	C = fb7d428e007b16821dd3d097a61c4c6cfee5c7071c1ad1ffb3ebb1a6eeccaa803f57f2d5621e02a82ab6ae5f2f6e264f35d15e168cc1e8b978700cc79c822d0def2f9eb48f3300c5ffa1b96e228d7131a90249d2943679cadc50d9e0f67424e980ed9cad26d69ef67558c1cfee7b01
+	reseed counter = 1
+EntropyInputReseed = 3864882d7e179ac5b249ff3fbb997e745007dcee8de072b52e928dc22d8edef1
+AdditionalInputReseed = 
+** RESEED:
+	V = be1374c7d3809f6b1fd175df493a82a6515ebc37690daced43247652fc376d5d4d1d264695307279ede55cd58a854b2c2caabb0c358dec4a0092a5723ce2642b85937803f00fdd45e1b4fe16b9137f95c2136b808ed9668de4bee6dbb8215fe8da8743028dbfaae734b7320de472e6
+	C = f4a96739ad410ae3e66525a2a73477bfd19a73b4c35b141672a98156637d2f18e491936d996c6e09cbd94209303280e29229cd8b7758b7c57c1590c36876af1aad3f45c03f6f54be1cedc54084e9c37b2f3ea8eb1eeafb9edf8548dc0f48bb50601e802f44bb1231324194fba9f9a9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b2bcdc0180c1aa4f06369b81f06efa6622f92fec2c68c103b5cdf7a95fb49c7631aeb9b42e9ce083b9be9edebab7cca9c8f9d81165e1fb531bfdc03bbadfeb2f4486aaee21cfa9013be0e0976d17196287ed362bf62585fef49c964dafe7600e98f5b4147efbd06350e02a48f4f91e
+	C = f4a96739ad410ae3e66525a2a73477bfd19a73b4c35b141672a98156637d2f18e491936d996c6e09cbd94209303280e29229cd8b7758b7c57c1590c36876af1aad3f45c03f6f54be1cedc54084e9c37b2f3ea8eb1eeafb9edf8548dc0f48bb50601e802f44bb1231324194fba9f9a9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a6f4a84d6337813d47fbc290de6fad3a53beee75e01b2541129b1089517e435af5295bd727792f43190926957fc6b6ae7099af51ab207770d54678dad22a4f152d1be695e4f46fc5b7b717f3d9d664567cd84ff836d7b735b5bed8aefea7335ecf3cf54a9cd52885c0c4b2fad4ae541d042a44c3f20219312599271b7f335516d2b757ffdccac7853a4dedaaff72ebe47076395e9e6234881379116102b517b21ed979377691c52d058db932f78f66c78ce0111920c9f46bf7382ef1456bbb2bcee8dfd024675097320fec3737e0690bd475c17594aa8d6307b6310c25a48c999710a5a71572fb3f44baa120be5ed8edca428dc38a690fbed556dc411ed0026a
+** GENERATE (SECOND CALL):
+	V = a766433b2e02b532ec9bc12497a37225f493a3a0efc3d51a287778ffc331cb8f16404d21c8094e8d8597e0e7eaea4ddb9e29fb70739a3f992cbe661f918ea1729a3841d88743f44bdb6deca5177cebc0d2e967a724d04dfa8991b24e57674d2646c63349e4ee1cf74c1d509c9be73f
+	C = f4a96739ad410ae3e66525a2a73477bfd19a73b4c35b141672a98156637d2f18e491936d996c6e09cbd94209303280e29229cd8b7758b7c57c1590c36876af1aad3f45c03f6f54be1cedc54084e9c37b2f3ea8eb1eeafb9edf8548dc0f48bb50601e802f44bb1231324194fba9f9a9
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 27fd2e4c2ca85fd4e92c8507d94bbe35f7a0eea3dc5c41a82c3ebc4d2689074a
+Nonce = bcff9b53f31a2cb59db76e5e4f1e9414
+PersonalizationString = 19b0a4031727b179905592e0f0bc4114a15e19e49410dd19751f1ed44bedb6da
+** INSTANTIATE:
+	V = 3144a680ff46b0167b957aabce4048c0c774fa2a3a589d988febda65dc94e29db643699c8179254ed82cf529f48d6b48194030b3dbb46b60f29cddb6b281f418071830d482b73dcc8bbea6e943ab1a1079e1e5d0580122453865907cf8d972b005704c0854603211e13c8b73f0f676
+	C = d09120b2a6a3aebd19f3c74100bd70f2de9c85cd5946c1c47cb588e9cc31d38c0aecb986feb7c637a5745a1b62b5957c5799f75547b1ed0f6436ff907a7098d6f7a2aaa121174ecdf070bf7e722929ea8162a93b50cfa9a9f023f0d8e9003d08cf8a1e1abbea1637650d0647f7b7bc
+	reseed counter = 1
+EntropyInputReseed = c4d3edbe825ca8e27893500b7f4ca76987015813bd562334783984e2793137c5
+AdditionalInputReseed = 
+** RESEED:
+	V = bf5545a94f1aeba9557e3a8cd5f4af3476571177fa82f31dfeca31aeec232d26d219b42f31c0d5ca32a00a0e2b50b0b69255a1832fc9389ca240eec3e85a21b5b59d7800bf94a792cb50fb8887e80379370b94f014ddcce048b6f3dbfc484951726fcef2162bc36437098afb74189c
+	C = dafc8074072d82ff4fcf74accb166818605e875e39545e6b6d2bd8b2b1136ae02b5f3935abc6007851b840f2bc7c68000acb4dac3195eb7d46636ad4f09429fb2218bf55ac9288dbea17a7781dc54bed975232bd090bb1b59d22114e59b57a3217fe9176aa431d06deb4878ed1f23b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9a51c61d56486ea8a54daf39a10b174cd6b598d633d751896bf60a619d369806fd78ed64dd86d64284584b00e7cd19b20635c75d67e8d6ae1f821843b7a0229cfd4b30e57ec257ff3bd973f786ca840ab50b2384c4b1d6beea59b75d1ac1cd55e901afabd447fd9b36490d1e348a82
+	C = dafc8074072d82ff4fcf74accb166818605e875e39545e6b6d2bd8b2b1136ae02b5f3935abc6007851b840f2bc7c68000acb4dac3195eb7d46636ad4f09429fb2218bf55ac9288dbea17a7781dc54bed975232bd090bb1b59d22114e59b57a3217fe9176aa431d06deb4878ed1f23b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9bcab99c7cd46401ed82521f9a820d5032938e695a169702221403c85e764860f979b617eb8ecc6f96fe7982ba40b82090a64a1b2bfab92ffa94e1e4d5977860902adf36e959b7ed2a2f7bf9bfeab8860acbd62d33f9c178b44ab6c754cca794ce6fa98f773a23324f3a03222f03e0a87b232f50d1f170dce5bd8a5e8eaa0d8fa7cbec44d70e8e25ca77c38099b46a252d06e43d016e0957299ed6e71f84c96945c7d5ad70af0292c6581524d285c5413c1930c92b4994dd000bcca6373cdcbbda3873de541b2093616c3e532245e3a0751bf009020038e411e149dc114c19be07393973288edf09c854f880ef0eab8cbc7c42c486a4cd945a609b503044d56d
+** GENERATE (SECOND CALL):
+	V = 754e46915d75f1a7f51d23e66c217f65371420346d2baff4d921e3144e4a02e728d8269a894cd6bad6108bf3a44982a8ef6bd5e503dfeba8339fac363e54e89d251f6931ddeadf6cea1a7be5d171bb8cb0d2858ea616989f48fd1166d246979b72ab8afcccbdcc6bde9ccd94e61d4d
+	C = dafc8074072d82ff4fcf74accb166818605e875e39545e6b6d2bd8b2b1136ae02b5f3935abc6007851b840f2bc7c68000acb4dac3195eb7d46636ad4f09429fb2218bf55ac9288dbea17a7781dc54bed975232bd090bb1b59d22114e59b57a3217fe9176aa431d06deb4878ed1f23b
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 90cf28b3f5293016b7511cb2b4f04982bebd6a197b9ae63aa550376bfa0e3a7e
+Nonce = c5e3084680c5de6aaec2802c277a2967
+PersonalizationString = 3c685c1cdc1cf4dbde7f044d5fca6cd49d75dda569d8b7c087d988a8b870594f
+** INSTANTIATE:
+	V = 1e0f9a1325fea1ecd61ae41a7d24da5a803fda9a2b2432ce786108ff6c5e3998ec08eec532ceb319043fc185c774e0e34e5dacba7baa9b0dae44c2b4a6b2f42e0583e72407f252abd9a7166773f6cec12c6df43f73410f3f53b3cd065b5275813729db64710cb788376376bc9f6560
+	C = 80c488f20bc9ea821ce928cc9fa14413498270eb60fd3b14e7d03c0f68389eca988bc22fce16f5092d9224f0b9c571514fcdbe95035854ce945161d8fc28e4b4524fb5208ca0638e3f19fe96cbddf6a5c7fc60472a41a4893d757d44b8d9fd1bd561d08de060fdf2d8a1164e6b106a
+	reseed counter = 1
+EntropyInputReseed = 767d9b7a1d56dbf77969742cee28fcf3af9f74a65a49b5a73e0f7eaedbcf713b
+AdditionalInputReseed = 
+** RESEED:
+	V = 554ce268d6e92567ce800877efc0ca5c049877e8897c53f7b26c5c1909cf9e6cc89e538d49ae0293a436a31fc3f45f041d1b787f0bb9533ac3d2962532e5f4b4bf4e8667effd80c89376f01066d57d92b5cde305eca43531edb69c22474ca0e9cbf3a04f125fafc53d5350ee7a74f6
+	C = 49df684a2412abc0bee794486b60bb5068fed25d8ff2a218f92ab27fcea9edff8bd08b47f755825e596c4feb55f7afce5b1d8fd5bcc4299ce2314677a6269ac838864f437a5e22fee8c1d2728ea6a21f4926f2c9fbba8f501179b2bf9e83759d3fc067e7857a2e052cf9b5229e7a94
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9f2c4ab2fafbd1288d679cc05b2185ac6d974a46196ef610ab970e98d8798c6c546eded5410384f1fda2f30b19ec0f1de12b24d68205a89b581bd367e0637b2bfed83a17e7082dd465f779d29d17a610ad4a352e75c285dafecb7f508f51c488fbe39968e4478efb4fdb8a83328dc8
+	C = 49df684a2412abc0bee794486b60bb5068fed25d8ff2a218f92ab27fcea9edff8bd08b47f755825e596c4feb55f7afce5b1d8fd5bcc4299ce2314677a6269ac838864f437a5e22fee8c1d2728ea6a21f4926f2c9fbba8f501179b2bf9e83759d3fc067e7857a2e052cf9b5229e7a94
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7cfdb7b432a5db24e3493a3240f4b08f1270d5346d5ab0bb4108ff8d284099af2464ef10f1a862e12133eb966281780713ce616471100b374fca886555a5d08e7cc5af8908e28e2e31a047f36a2f8cc334d7066181a4abdbb1f333f4bd70a5bd28227fe791e6f4d51f2374c956391f43825b4d840282da6fa737e1c0502017ca0ecf916d37e9615afe6993771b4aaf5c7a1382d28918f1f1b7e96d2291fca1a5b2b30ffd271fb31d094d7568dd7c727dee6a220865d906b09e4a90bed936b4bf77b9d4c87230bb351a59a395ef866bac557326d4793f22da962078db3ae674f98b606412872e3e1dd85b4543bc9ebf9b74635db6eb7032323476289a349d75c1
+** GENERATE (SECOND CALL):
+	V = e90bb2fd1f0e7ce94c4f3108c68240fcd6961ca3a9619829a4c1c118a7237a6be03f6a1d38590750570f42f66fe3bfadd32fb14cc36065a481874e57256845d755e311531c28f8009f01f0140f6e3e07f347243fa60de85c4b498f9c0b027f948196f95beae35436be362c5fbe7610
+	C = 49df684a2412abc0bee794486b60bb5068fed25d8ff2a218f92ab27fcea9edff8bd08b47f755825e596c4feb55f7afce5b1d8fd5bcc4299ce2314677a6269ac838864f437a5e22fee8c1d2728ea6a21f4926f2c9fbba8f501179b2bf9e83759d3fc067e7857a2e052cf9b5229e7a94
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = acbe1c1f0641879971269abcb514feb1768ae42f736d6e25cee100425c9b8430
+Nonce = 2f198f20811a20ceabb840266dfb3e4a
+PersonalizationString = 9aaffc9ff1eb1924c7561f1c65017de378914eee4a96bd95f584ad263469e95f
+** INSTANTIATE:
+	V = 86b708af94808f96472994daa9d0668dfd47f7b5277dc5303b40f0ac097265ac95e2a4d4518658dd733b1b7409013c685358715ee60e92496f87a85f39ebe0f3df25d22c02358c08d8a8824dbd97118464a390c78f946c073854a5e5acdf9d4e46912a753c567976af3f1978fe3751
+	C = 09bc51f8d716877ecf331dbab9974fe7f94281a5f48c90ecfecdd82827b990ff0b1227d6995ea63872c300ba8e342d6c798419eb2bd915691ce84764db9506fb99b77f45b5312e970cffb84bc13397234fe87c94fbb1c2ce22f7e94421a455f98a444ec7c3e2d1fc108b5eca2140b2
+	reseed counter = 1
+EntropyInputReseed = cf08e4654de7da73c61acbba62255c4d412d02252a3cecc90f686c7665fa741f
+AdditionalInputReseed = 
+** RESEED:
+	V = d4f8c9ca3c602e49a285d39666c8235184962c7abbe732bf847ca96f2688016da9a76df4050e051d00c9d84f5119fa9a421fb688a73c2ff1eece52154ce2fe01574bb3d92a5461fee5575062fc58085b5af55da69480266ada762a709ccf209f200b0980e03186d1dc0a01408a4e95
+	C = 0ce7d55697eae21415aeba3c2c213bec887e641e243b10d85646a558f2e8781c9429106f844b6f2a0711dcddc9ebf73011356ce98e7b11d99e9f54a912ce185460ec9c4463f5db340e88fc3afa79c21e9c74eb17d66c66f190c64db7cd0469fb83fcf5c724bfcffab3655938f3b62f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e1e09f20d44b105db8348dd292e95f3e0d149098e0224397dac34ec81970798a3dd07e638959744707dbb52d1b05f26dd7ab8504d959cf59846231cf03f0936157e835600e45b26c657dcc587902fec36d2df000d753d339e15f587aafa7cc1c2547439d108e71bebd65202bacc951
+	C = 0ce7d55697eae21415aeba3c2c213bec887e641e243b10d85646a558f2e8781c9429106f844b6f2a0711dcddc9ebf73011356ce98e7b11d99e9f54a912ce185460ec9c4463f5db340e88fc3afa79c21e9c74eb17d66c66f190c64db7cd0469fb83fcf5c724bfcffab3655938f3b62f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 17baa6990f0dae2c786b9f4dd429187e29f898a39513b0d58f7c4af70e5f73692dbe7011bd3d348a23d1e0f294cd0b99bfb76622b6f5ebb69439f0dc319c4bbb33adb3d4c0dcafbef5aeaf15742798d9ca8624def61be557c4c21d862fd61b127b026faa3b15adfba7c7ab49489e3e13c1a9676a4c8741a8b009b32f2a33f4450ab162131758f9d38babe66b63c6802d9971a5242359f935d7ed71cb33596b2152216f0688cfc0289721a82f8dc3d634eabf724442c8c8cb1b1bc1edbd61f287ccd8d1a2a5ef6939c928d6fe160ca0278143033f9a48740583690ea1f3b7f9688292c98e4e1dbf2f9ff55e58d84e8c6abc2cea9606c59a89b1cbf5eee7f1a370
+** GENERATE (SECOND CALL):
+	V = eec874776c35f271cde3480ebf0a9b2a9592f4b7045d54703109f4210c58f1a6d1f98ed30da4e3710eed920ae4f1ea6a75fc71448ce51a8f4a709742d132f2ffccf300bb3fb3e19f2306613fd379479a381896047155207fb8140ec1531dcaaf2c2d6ba227595c4f63392c50e020c2
+	C = 0ce7d55697eae21415aeba3c2c213bec887e641e243b10d85646a558f2e8781c9429106f844b6f2a0711dcddc9ebf73011356ce98e7b11d99e9f54a912ce185460ec9c4463f5db340e88fc3afa79c21e9c74eb17d66c66f190c64db7cd0469fb83fcf5c724bfcffab3655938f3b62f
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = ae974ffdfc45d0cb80234e598b52c8c18f963034d2148890b837fcb655966220
+Nonce = 6d88af454572354e3e5baa86004eefc7
+PersonalizationString = b1b625c0354adc75713d55176f91a565c73166cf0d0c41bf2828d892a9d52bc2
+** INSTANTIATE:
+	V = 67042d924588baa120a0cad066e2cd102b4ce0eed4a9c75115d626cd9fc69dd34d84aced7843b15572b0f3356c1c64193de72994b4d7e1fe536dddd375cd424717d7f0071067ad7f1763c13c3455222cd0267c5600377b15cfc38c9223b0b9aa4fdb9bac9084f560646dfff2290f81
+	C = b55098148b28da248b5b6280a72f6c8e85b4bbb3db17a6abb3fa36e066999d2cfd2d03bdc2724f3002162d6705d69794d3f3af232c2d3aed778a6f245815cfa9b9e9308c056df0278f63c3113eccb29463629ccb321238acaf79a124feb0ddcad0e15817929eb85b0733e96baa78da
+	reseed counter = 1
+EntropyInputReseed = 1323e97d7f996e42c744a84bb0f4d61e80648a9ee0ab37709c59662db80145e8
+AdditionalInputReseed = 
+** RESEED:
+	V = 22633055e2156812d0ed645d5bfb83155ef5fd0593533e21abd87f9dd7d1bccad6d0f20adaf8a37e7445257cd1ca254c231d36426e866ae018aa5706bc0be1284609a6080d084b2122d2ae436f9528401cf4d26b3a705444c44e698c961f3ddccd72b52075a4f5f6f79809f95b2e87
+	C = 3ee04c34721efb02d05c541163e8c8254d51b7dcdcad69b3c7ca8fa21914421d421169d904939dbd095867dd3131264514e9a58dd77180d7f495cd1952c4b36a3a30b11e0aff655aedc400295e0b44d0239e2c713033ceeec83aaebfcf46075a1e8fd8ad3ab0ff0ef55aa6f082c719
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 61437c8a54346315a149b86ebfe44b3aac47b4e27000a7d573a30f3ff0e5fee818e25be3df8c413b7d9d8d5a02fb4be42942572aeaf9100a41c968cad39841344566a36911beb24ee800fe7fce8df495d8720da0c0d9af9c4ca7c75ca42160bc59f197c8178ef753cc9c5e2cb3a10b
+	C = 3ee04c34721efb02d05c541163e8c8254d51b7dcdcad69b3c7ca8fa21914421d421169d904939dbd095867dd3131264514e9a58dd77180d7f495cd1952c4b36a3a30b11e0aff655aedc400295e0b44d0239e2c713033ceeec83aaebfcf46075a1e8fd8ad3ab0ff0ef55aa6f082c719
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8538d2703c4567748adbc19eaeb9b886afb2d92c67a6288cf79de4f420f0e3a4db710264fbd4e44bb125a8c7de731b255bfd0e14b099caa9031c956959ef9b4b8718ec26d8d6aa3dec28bc117f4bf74ffd6693728063e580c37c4d8069999c398644bc1c1c3b51e33a6491ab16e609f327ed3c1134f7664fe4a515033c94d0a5afda6964d46e95f0eb04b1ed029535580a85515452857ffc7ea2fb92bb3ecbd189a22b27203a51cbdf15b011cb22756760bb3f4b0fdd3df3f34a1ce5b5c589378669b4dc252ac9eb2c01fc66c7935b6683517c4985b2a76792feb4a9cf9843bf3b684874b85ffe986fb00129c21fcd315fe26a8c4c820d57fa1bdb8e15d4d26c
+** GENERATE (SECOND CALL):
+	V = a023c8bec6535e1871a60c8023cd135ff9996cbf4cae11893b6d9ee209fa41055af3c5bce41fdef886f5f537342c7259a00faf026bfdad135e44216c3fd7ebf9b2af59f338b88a788b595206d0ce98330410a84a8650709fe43748c2e56e8f282483891cd92920ffc6ce20bf384e9b
+	C = 3ee04c34721efb02d05c541163e8c8254d51b7dcdcad69b3c7ca8fa21914421d421169d904939dbd095867dd3131264514e9a58dd77180d7f495cd1952c4b36a3a30b11e0aff655aedc400295e0b44d0239e2c713033ceeec83aaebfcf46075a1e8fd8ad3ab0ff0ef55aa6f082c719
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 6273470ebbf1300355fd316349de903bdb74aba7efd34f122f6ec656d9f2d99d
+Nonce = 3b8aea46731cef00990ace7693a5ec53
+PersonalizationString = f3f3f2a29631c7bbeba970d70b10ed4f6a94a58b32186ce831860e36a9de4380
+** INSTANTIATE:
+	V = 541785c53292cc530d3998ad647193bf9ab042638de39587b82cc23511eac0aaa961bf2ed06ed0a69306127cdb8ccd95b1e5ef59b8526f7271f4871d48157bdd395c311c9a4fc8b48992782cc1b2fa20f5e3506a7a06ec4f6ea3cb9533745a9bb2afef3a9a582c76d5f64a6297243e
+	C = 71d2e418ccdb7f426491db9ce134d447e6e06bfe931b96877f9faa38bf1266a22bcd4877ab0c863fb03b72b114d4cfc64b14bd7b6323d2f2ea78f029a296ff2f089eaea29cd764cb4fd522610708fcf5fbab1735b0c170bd6616dead385a791c1d6a063549a071cca59da8cea5bd2f
+	reseed counter = 1
+EntropyInputReseed = 3644db769d0cccb57d2b0b0e62e358de8f851dfe52f4548eaa9a533bb8bda6c6
+AdditionalInputReseed = 
+** RESEED:
+	V = ba98b04d0efc4108a189e39d1c8b670dba5d5d1f2cd05a32f7c71adaebd8ddce695ebc7ee66f87a9ad40bf3b22710c5937ea6bba9d595d1966911b98d69ba1f6d2976f7c29ef8a9ffe957c0f05c55d42ced7adc5316c2c85782c880188076b9266c75e3b833b90031b4fd5e3c2d93e
+	C = 367ccad60911e2cf86d8c99b834fb4c2bb382f46c5a3d76e7c0b4acceaf1c91ff54a1a3343856241e9f8c8645104c4ab7cc0acbb79c5091bccee877c9505d84a49e5b9e72b61439a0c967e82da7ea13b43086ee17f2a8ea426186308ff5fb710fd0e00fa887c9ede6b6c62620c4b13
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f1157b23180e23d82862ad389fdb1bd075958c65f27431a173d265a7d6caa6ee5ea8d6b229f4e9eb9739879f7375d1baad85f07cf351d4747bb862d349f98cafc044280224048243c24588bb8f5b5a3b78ccf8ff837dbd85d4ac044295d91585940a89117fcda80a572127fc6de1f5
+	C = 367ccad60911e2cf86d8c99b834fb4c2bb382f46c5a3d76e7c0b4acceaf1c91ff54a1a3343856241e9f8c8645104c4ab7cc0acbb79c5091bccee877c9505d84a49e5b9e72b61439a0c967e82da7ea13b43086ee17f2a8ea426186308ff5fb710fd0e00fa887c9ede6b6c62620c4b13
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 62fec6a9f3347e1b9ff6655157f1d38f67901bacdf35689cbf3db65ed959fd7cec09eba346554924f00d2230751ede0b142334c9ca6a7819d2b5f0215034d9788cdc27ce94eac7446e3cc190fb501331f4b29db5133bfe9402f6de4f69d07ab8e92170973dce0b9c6466aa92421f052b2673e63827a94d61717a9f7b5825b990256729e5f545f6f25f820453a090f46c1cf02f8a781de0cf860074fe79b374b267b8f22caef10f17cb622463f1e39cf16b7105c14338f660589da3b49d1af8ad832b0a0c0af367639dc9ebb487ed0a109f27722471de76e818c003a01f02bd1a9c7b29df7e1c50af1b584da0b342e38d039ad687f2893a905983b795637ad3a2
+** GENERATE (SECOND CALL):
+	V = 279245f9212006a7af3b76d4232ad09330cdbbacb818090fefddb074c1bc700e53f2f0e56d7a4c2d81325003c47a96cabe5ed4a3fb2de1ebd464b4ec56001deb9611781ca2477b9e1bc79fd78a5052acfa687841631dc4ccdf5d01e400864eac60170ce38f7de7e7049c6df3927bf9
+	C = 367ccad60911e2cf86d8c99b834fb4c2bb382f46c5a3d76e7c0b4acceaf1c91ff54a1a3343856241e9f8c8645104c4ab7cc0acbb79c5091bccee877c9505d84a49e5b9e72b61439a0c967e82da7ea13b43086ee17f2a8ea426186308ff5fb710fd0e00fa887c9ede6b6c62620c4b13
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = a50e0885c00bf9263664a8261f87f839db69f4009741b016ebf9f3b0a198b0dd
+Nonce = 9960d278ad62d87726041d1f908a9c0d
+PersonalizationString = 0dd2b2cec55b594e0d893e7032546fe0ee5579b404e050f7a703ea60016b8206
+** INSTANTIATE:
+	V = 0349c7655e010e2447b24f56fd1e7ca2c17d00f5c7088171fe80abee9a0000406de0895ec8c5e1cc54278f3d37dddb3b6019f8097c64b9b2fdcc72dc3a10a729ca90a9bc4d17bed595b7e6091bdb8d363d6d24d53eefb8ce2986be3a52e4ee98eb183f6aefce9ecb52bffefb476c68
+	C = c4509757ddda981d9b8ded90b78c13a1f21b997096321919f0b4e52ed2da546ca2158dbb2cd4681b3c70fbd53f40fb5c49d053d4b793d9948463269477d7fe122941dc9011a315e0635b387efd3e1e999a0f57b103e6f6bb14615b66d37d61ca24e93e51ee45c5fe75c3e5ecf7b467
+	reseed counter = 1
+EntropyInputReseed = b94cdf758be7958c8a70fb953182b9043ff2020d4f237d6c2327140b65738783
+AdditionalInputReseed = 
+** RESEED:
+	V = 44add42d37ea66519102540e584724bd9b9e9fbbf13fafcb9b82f8f03f8380670e7e70a7c37a4ebf06ce9c1f5a1450b6d4b3949edc741d51ccb4b611d95c6c1c0a62a2287cbce3dda9cf2e49479de00e18b37f4a1c5903d73fb3a95df292c50bda902ad657569b6b98e880f4c72a51
+	C = dfdedc424eae6f4a957a8c06203f86fd1d66d9d40d8aabe28e993f9634931ae1ecd384cdc816556944b15e9ed27b2a8b5a1d367b5fe43de676c7774cdc8bb00e340cf4d6798a9779dfcaacaa7389e6362523f294c2a5528b8a26c0ea9cdb78b3d0f8147477e7c8bea84dd12c945082
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 248cb06f8698d59c267ce0147886abbab905798ffeca5bae2a1c388674169b48fb51f5758b90a4284b7ffabe2c8f7b99bf7e16c2b03c0945d2d089b22b0cd546b406429626e9bcd65e72e7ca824c864e6ccfb9727bf7028fc66fbb4051044472b8fa7b1e9613338572b54e889513d8
+	C = dfdedc424eae6f4a957a8c06203f86fd1d66d9d40d8aabe28e993f9634931ae1ecd384cdc816556944b15e9ed27b2a8b5a1d367b5fe43de676c7774cdc8bb00e340cf4d6798a9779dfcaacaa7389e6362523f294c2a5528b8a26c0ea9cdb78b3d0f8147477e7c8bea84dd12c945082
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fb0322e38865eb487cd817968092914a8e495389bfc16fd4b414d27850cf1868d26541817b348195e8d01e6402bfea17bfc8a2235d74eb7ece57d3c59685ad0b6ed692b9de4830212fba6d7ec06213d0621d0a569e4edfa0e13be6cd725448f8f4a4a65b7cf28099c53eef851457f55a8ea4ec8a8d892d262c1c5fb566127348363ddf03a72acd6047800a34917c09dfce8ee77a2e0edfe8005d38bf3e9a3fcf8f6ede545747762eea1ce5dd34ef31d9a5b80c5e3161592d2d2b508eee7ee8ede63da94ae8a166ca65407646cac02c6ae6419f0d7de8c696ba7c0402860bcb6c1b4289c177e22176e390d0381e146c59c2e58dca176226392212bbca794b7363
+** GENERATE (SECOND CALL):
+	V = 046b8cb1d54744e6bbf76c1a98c632b7d66c53640c550790b8b5781ca8a9b62ae8257a4353a6f9919031595cff0aa6bf6f4c23613a5f75504ea59e3c76c37433f005416516a9a929d9bf5df02dea82b5fbed1645e4cf2dca1b831c87b2bcf6dbe7ae536ad65c7c9425a460bd0e6d46
+	C = dfdedc424eae6f4a957a8c06203f86fd1d66d9d40d8aabe28e993f9634931ae1ecd384cdc816556944b15e9ed27b2a8b5a1d367b5fe43de676c7774cdc8bb00e340cf4d6798a9779dfcaacaa7389e6362523f294c2a5528b8a26c0ea9cdb78b3d0f8147477e7c8bea84dd12c945082
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = b545ef49fe99637d6a528e20dfb7a50fd4147139ff5d4906fe40dafdbf02ab6c
+Nonce = c0a915d8997ede54fef698e8d89400cc
+PersonalizationString = 5aeeb4b701efb0ef5278fad1c14fc9219999fd01381da37652363b5eea52bc10
+** INSTANTIATE:
+	V = 3f2f3552923d95ca496db2e9b0cb04cf97f808fdc238ed6f7bf1666ed131c410c5cc087cc7570fd619913ad9d62520e9dd3bea565793b92a4d6ecd4dcc1d9490a69f00989f1cba15224d0b1de8d7b9e225a56a7327258ae94378b74c0cd7cb14773c7f2aed18c14b51ec1b9b7243ca
+	C = 4e0d8ca1aa9a2e90401f434382321862554e12482ca05427d37ed31e59eac2e634c8d848f56b677cc866604432c490a1a4bc2997ab7aba7598b781f7bffe003202ec7170fa9db08d2bdcc738162da474acb422734e8a22a477d84d07f7afc440eed6d309bd46c2bb03f12bbd51fd08
+	reseed counter = 1
+EntropyInputReseed = b2fbea285c181d52a2c7fa93752adb9b1a84ac38bd67b8e575d09d3ed8e743d4
+AdditionalInputReseed = 0192986a85f548332f0aae6751fa3819a5fbaa6c86037c882acda6f00e3b9c37
+** RESEED:
+	V = 6958d75c8011ba540f37c0de502a59c296819911e01e946431cc013a88a148b98195546aa1bc8cd0b005b10763bcf880e06d24a730dd3ea6258dc098a1f79b84538090811af86b293f1f012b9604882ac26b42b9ab9d505b7fd3c8b632dd104f8d118595cddb76e7550fb071ab718d
+	C = f739183db3582210746b5378feb02c3071d8fe6e11ded6f356eca43862001a6a1f1410b7b60037a0a734723204304c586de5ad980480de1d8a05aa88d2800c8f543c845e1abb0df990b2ca806fd7d87378aff5450edb99e6530594e9433cb2d8045cf3156e746f5c814c3d8f337b47
+	reseed counter = 1
+AdditionalInput = 729e51f3cdb2b6c89f514795686228373021cc8a8d961e3dc72c57c7854b310e
+** GENERATE (FIRST CALL):
+	V = 6091ef9a3369dc6483a314574eda85f3085a977ff1fd6b5788b8a572eaa16323a0a9652257bcc471573a233967ed45a269b0e7e07ebe00f5f4a0a7cc02ff2f5c7f3ef4c1228664b60e0823fed0f24332c8b075b29aa99a462864d8a03878eb52bf85b4ebf1dec06f7fd2245fc2175b
+	C = f739183db3582210746b5378feb02c3071d8fe6e11ded6f356eca43862001a6a1f1410b7b60037a0a734723204304c586de5ad980480de1d8a05aa88d2800c8f543c845e1abb0df990b2ca806fd7d87378aff5450edb99e6530594e9433cb2d8045cf3156e746f5c814c3d8f337b47
+	reseed counter = 2
+AdditionalInput = d1aecdd87ffbcbe5a7d545f12254e59f061e10e9232d1e554ce402adbc65e893
+ReturnedBits = 1af05ce7beb2605822acbc23802f3b56bd34aeedd56a770b99bcf55c7fedb7e17cd4225245d56c416e09927fbbaa16ce7f01918b63706d47c98796a513ed6bc43f56da45d51a6fe0a43a957e2e0c391a4e5be8dfa6e74008d1cf9e0527cd16a79af90732611d424e6e0fce6efb8d1b33467bc5af835678f5085f44119095fb9ab7d9ce35b8ec0557813c7af3a3257daa85f22deae96bb1955dcdf6d9ab7a22ad9f86bffd49f15b0ef9958e406f14810bf2dfd90182909c825e518b3401b5297846d1f877d66e0fc7e31c98b9d4af6b8cc13a943f5538f194527a74da74f2ba596cfa5e772264bf8f783ecaaf1383f9f32f990c21663c2cacc185be547fcc9a76
+** GENERATE (SECOND CALL):
+	V = 57cb07d7e6c1fe74f80e67d04d8ab2237a3395ee03dc424adfa549ab4ca17d8dbfbd75da0dbcfc11fe6e956b6c1d9207bab805c7c11097c1e81c335727913bf339377faec595cb2d1cde217f1a018b319a9cdfb833dee0d0e7377e059e116b5d180cb66ea3e19d2adb7f5de3340d71
+	C = f739183db3582210746b5378feb02c3071d8fe6e11ded6f356eca43862001a6a1f1410b7b60037a0a734723204304c586de5ad980480de1d8a05aa88d2800c8f543c845e1abb0df990b2ca806fd7d87378aff5450edb99e6530594e9433cb2d8045cf3156e746f5c814c3d8f337b47
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 1e1eca23c5412c143835fc230ca33e5363e7d3dd444c5497b3ba19582ee23b5a
+Nonce = 025b010be727212d3c7b558489ea4384
+PersonalizationString = 80288b30ba0e25eddf3c1fb8427acc4f56e44ecce76821825ceaadc42456f24e
+** INSTANTIATE:
+	V = 8c831b672ed0ba4c2228d89b2de7e21434e22fd332090742ef48a43bf0dbddd10e74fa7be4cd62c93a3b80b589066fd896a84f5a9b7c91e0e06b2fdff553be2418b03d2b41941896ca97d8f874a889f077aad2c61552c0105d513fd1e8fc3f2cd5c5ed88b3e1bf49a1d35cc69fa114
+	C = a8ceaafac09308e69afa45c0519176685ba36448ebc2a356486a6d326c12d256a4f562fc6ca1e1df95dcfacc582daac09eb0ef9e742bbde0be37c55996aa47fddfc6f11c4ae78e79c9db160fe8c4c93f271f6e39f33470da07dc57e2a23b881f313b3a13e132dde6fc6f2fc02451cd
+	reseed counter = 1
+EntropyInputReseed = eecd89943bd669d640009324e12028e1ee6d0d71f89e47a0df0f1edd7b8c6b5b
+AdditionalInputReseed = 900de40c2cb248c1e169af8a734a153e2cb9519a44847a42c0fec562abfaef6e
+** RESEED:
+	V = 664f6cca29b4a39669276534e51f7a0c8424630bfa5db315e5e20032eb5ad4fa713ce7839cb3c942ec24a0592ee5a0b011409628e2533e50f9e654adcb4da09b855936a4b5a081926b7f5a0680c8fb857113f7f3fc925230b0fa1fff691ad0d8d2db97c269fa0bca61db7737ff723e
+	C = 1ec654ae5266540a33bfc35acf74866ddae3bcc1bf2698d3dd0ba6b15aacb81e1d215c282b3bc1fff0e97eae8f7353f7c94c2b140865722d71033c5e0d4103f84712f78fa21c95d925b0799ecd1e333cbb1e648d49f8b47f5224b00a906e81ac7a50d959798de695c1e46b49018499
+	reseed counter = 1
+AdditionalInput = 2fba56cefe418f2596c6fa3becc6e1f52b862549c33fa9aa97cd1353b3f650ae
+** GENERATE (FIRST CALL):
+	V = 8515c1787c1af7a09ce7288fb494007a5f081fcdb9844be9c2eda6e446078d188e5e43abc7ef8b42dd0e1f07be58f5114ae8b41c8617500b9aeba66f3aae6bf3fc5b9ba9b6f69ee76c910f2269814ae973d460c87827aca190ccc961b6ba674a56ffc1871ec64cf2878b4806344d9d
+	C = 1ec654ae5266540a33bfc35acf74866ddae3bcc1bf2698d3dd0ba6b15aacb81e1d215c282b3bc1fff0e97eae8f7353f7c94c2b140865722d71033c5e0d4103f84712f78fa21c95d925b0799ecd1e333cbb1e648d49f8b47f5224b00a906e81ac7a50d959798de695c1e46b49018499
+	reseed counter = 2
+AdditionalInput = 1285004f8b69bd3d128eb1c47bf3ddb8e0c838daf4576529c95f4e8fbb0051dc
+ReturnedBits = 4d41ccd38abb05c6c1d4e7a8e7a65ee532a8560187dbb6c6c2bbca9fbee9c3b55fb46762531b62122d08a695b62334c6af71dace7c4ab7b20673af17d9a1372316d1ac0fdeca77d1ff79b0246dd00f856807cdc6bcb1a5b0b2581b67d373f975637f1a862ee4a661c69225fc589f61541f4434809d89a6dda302bbd72716b5b0e812362a674e5881a0cd8cc8c115cd7f6e45191f5956d17c7eec40c042cb26b8a985fa6f5e6495d7c70625a527f31a294b717894f059c6362ca7fa30298b7383fa36279dfd3a177f586299f55d404a7efc44563a6672b2050de9900a1ce6e55a336ec6c0b8ea0102620bcf965e1c4700cdcccab1e2f9940e070249b12cac9d2c
+** GENERATE (SECOND CALL):
+	V = a3dc1626ce814baad0a6ebea840886e839ebdc8f78aae4bd9ff94d95a0b44536ab7f9fd3f32b4d42cdf79db64dcc4a3af9b7487aa12e78d3a2cf84e020632b8b08b8e9d5816d2d49a3d09db745f32d5dbcafefd3eb76d79c536444cef63dfcbddcae8a6a47e94cda948a2b2f03ed25
+	C = 1ec654ae5266540a33bfc35acf74866ddae3bcc1bf2698d3dd0ba6b15aacb81e1d215c282b3bc1fff0e97eae8f7353f7c94c2b140865722d71033c5e0d4103f84712f78fa21c95d925b0799ecd1e333cbb1e648d49f8b47f5224b00a906e81ac7a50d959798de695c1e46b49018499
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 92201c1c720fafd53aafd9c22c8391bf821c7344d89fef61cd68edae47af5b4a
+Nonce = 7b5d92dfb6eeb09252ae20a7d734b06d
+PersonalizationString = b4dc2c746a966f3652626c75cc0f3ba97a098dfce9c687c1216753d5864a2ff2
+** INSTANTIATE:
+	V = ee01bd35a467dcc681b1511e3dfc9dfa5fa35dcfc474b75b0d9127df58c222258208fec3ac4268f5efaa12780a03eef2a722ceb281c8746e9a7d40dad443f2db31bd31abfd96e557cc7642cea77c3e9f30358e3830b9eed62f3deebd9b6a85e640d1f6d689a953af38dfe9007eae9d
+	C = 46283745220427088df25b88ca13b5d7854b314b20c6fa5ce9d4e370fa06a5140c1c720ec1550321352029d431e817cb93fb490d6f6dd9be6abe088cda79a17114be226eb292603a3060710ad81c0f698db874ade85ddc95a2ed5f3c5fe22f44960138dc454ada57e138c1977a0728
+	reseed counter = 1
+EntropyInputReseed = 9d9a9141b12eefe76ca97847bdf2c7d5324f1fab4f7974ce0431d1c263bd4db1
+AdditionalInputReseed = 169844b896792b77108ee8c8ef040c54f2a11abb77b1a920a779e97e6bb0ab44
+** RESEED:
+	V = 426cb0515c37365be0c300a4cabdec8a9222405a0380b0ebfe51d7576483a6bdd9ca3bab45b918eafa6205f9229010e4679b1a0c5ed25cb36f345bae06837a6bf1cd8b6ce1a3b6e1ec4b22f9fc102fbf2cc277c8f3dcc38219eed728d46e342fe249aa24718d803c5dd7bf35bab5a0
+	C = 88b8608fb9f18d00c03608c65b009798b7335478de36705653e61ad5813b2c209aa9988f7f6e909247f22a0eae109a58ee19ea6d3fe0e23323cd8d37fa8c37f643b4658d75fab29f9e7145e6cb0cd66bac4cda6ee63dc18868abe070b125c149bd448579d3f717ce9c12c12bdc903f
+	reseed counter = 1
+AdditionalInput = bbe8c1be45fdbc4a9cf59a712ac2dd7ca1136f572e5417816e87c9ded6390525
+** GENERATE (FIRST CALL):
+	V = cb2510e11628c35ca0f9096b25be8423495594d2e1b721425237f22ce5bed2de7473d43ac527a97d42543007d0a0abd147f78eafe81b20a60ccfb5376f00459e21019c12f35d0fefa3b42a1130fde2fc98e4fb78d123f9d502d861cc2bafb085383fbafbc56e80364b65c444186d55
+	C = 88b8608fb9f18d00c03608c65b009798b7335478de36705653e61ad5813b2c209aa9988f7f6e909247f22a0eae109a58ee19ea6d3fe0e23323cd8d37fa8c37f643b4658d75fab29f9e7145e6cb0cd66bac4cda6ee63dc18868abe070b125c149bd448579d3f717ce9c12c12bdc903f
+	reseed counter = 2
+AdditionalInput = 840aeee22757687b885de6ff597989d4ed44ece21d7949c0aeca47fc00a57de9
+ReturnedBits = a35e92923c92d3e3b6fe81fc5fb814106aebc8a77c7e2da2712e252f633f0ef0489e865304b8a4dc23ef537a9916a1e8c360afd053207c479975d4b0282eed8ba82909f306d04aac937920f9b9b0d61915f23f5fdb4a209448decc03c741a9319b779d25cccbcbb699f0d82633170e77ba1e2d3967e48eccb1d8338aef54ee1f31fb995a6410c7522d8779712209a0ba2f3f08d22ddbdf7b349269e5d6a2c4e11291cdbe4add39b8816b9a706a42c627fa0bbbae33227c4005398f6909a3fac855b2a3f2fedb404fe0eb33b1e021385bd8c0361fc7e54c9505bfb33697c64dd962a264cbe73979a0298f54400b34b4811dbc1d16cf0652cd61dad4798501d4e7
+** GENERATE (SECOND CALL):
+	V = 53dd7170d01a505d612f123180bf1bbc0088e94bbfed9198a61e0d0266f9feff0f1d6cca44963a0f8a465a167eb14721d36b443c0b05ca24b4b0f5fb770ffb4b9aa9ee96ad520825454c840d9946c4661ab381cf4d2c0df5e3dadb60da8a61b60b40288fabe1df4293140caac0ff6e
+	C = 88b8608fb9f18d00c03608c65b009798b7335478de36705653e61ad5813b2c209aa9988f7f6e909247f22a0eae109a58ee19ea6d3fe0e23323cd8d37fa8c37f643b4658d75fab29f9e7145e6cb0cd66bac4cda6ee63dc18868abe070b125c149bd448579d3f717ce9c12c12bdc903f
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 8fbec97ff2146c8c029a44b8e8793b8dc8c27fe8e7c999ec2c96afe15b991d9a
+Nonce = f03d2811c2ebb1dc60e8f2aaf0e09882
+PersonalizationString = b33edfac957986bda915a3dae2c52f3e30fd733a2a3ed1a86c1d8ddf24fe5850
+** INSTANTIATE:
+	V = 6a8385a53b061160990001b4e9d76dda101e031ec3ea544e80bdac0396eb7144326f8d5851241bb5423b58fd5f6acc311fec366deffc38210989f970bd0b7de6e9476e0b032c6fa149c8ec620b2e183334b5f84b964ae26363de09ce491544128d29d46e6dcd45cb27ad6882feae65
+	C = ad11aa496404bb609b2fc317729390f7a41d133e820a08abc96ab981e1e75b76b7fea654ce5642a5684f96ef1ecb57fb6619c3d94d6453592e571b914496f507e1e62179587c8b49e0a99aaf8872636115b4dc6cbe33ad5590f48a9dc8961e7866e49bb875f00dbe847e417d6b7120
+	reseed counter = 1
+EntropyInputReseed = f44250d9a0af62b7689da45ccba03a8491d1385e24dbe545e08a151685573320
+AdditionalInputReseed = 0c7b25f06bffcaf4dbd8cb269cb9dff91b99cfcd17ff498e6a4db98a941987df
+** RESEED:
+	V = 6e791b306d80e71b8d1d0ec55c8a97acbb8522aa45207f3ae54250a10e732ebdfe8cd862a76f5fbe14892772e79592e84dc140bc4106ba5a7ed9d2c2abf2d7717510ef339b564f660c91573ca6f95450ed84eb7ed91fbab0d1ae81e55857259013142af900eb414374725e19a4ec12
+	C = 95eea7641b149f6eec0b4f93eeacf61dcd0eaccc5117057d7ea0b7b1a2611611f2bcd5750a37163e40920e2c83878d7edc19824bccaf0cc83496ed707fcef532030eb3ab9af5c2d2327717ad3461fc78c12e1f6feb85b26172eba3761b5451edc8e9aa5f8c431a9aa7454d9e27ad86
+	reseed counter = 1
+AdditionalInput = 1bd62ee6f4a272b35da20240a017d1ba8849a9a2fe6e7904083876ba0394be17
+** GENERATE (FIRST CALL):
+	V = 0467c2948895868a79285e594b378dca8893cf76963784b863e30852b0d444cff149add7b1a675fc551b359f6b1d213aad69eec8d4fdfb9d7ddf497a099d1c60cb9d1b59ebc7bc4f5dcdfcaba6d35068c462d69d56ecc2d7e44d7525d74714a01ff0d390346ae0c658e194e48368d6
+	C = 95eea7641b149f6eec0b4f93eeacf61dcd0eaccc5117057d7ea0b7b1a2611611f2bcd5750a37163e40920e2c83878d7edc19824bccaf0cc83496ed707fcef532030eb3ab9af5c2d2327717ad3461fc78c12e1f6feb85b26172eba3761b5451edc8e9aa5f8c431a9aa7454d9e27ad86
+	reseed counter = 2
+AdditionalInput = 0bb6e181fb9bf1565cec093bf44c7dd1e70e14953d3dbfe88ea8389cfe004e27
+ReturnedBits = c91defaab53d789c7dc519fab443a178b9432aa094fe7e4f52100268b2393066ba4c72f6fa2f1941b2ea2766d10fd43fe7143db1b920fc58276fbf742a09c4a9cb66f6a555034053195365e2c49ec73042605c4c8e54e7a2b97dfcefd7d0023f29922f9ffdebfa5291f81c1ec189d7562b1eac819b33685d958402197045905dadc19e35d0c80dc65e8b307c6c6b4be7caee0519a799482b6c6f3c69f5a4952d22a40452f8a8a4b6e550a648ce3588f10984fe6f675b761f707a5370a71a851b6274e64061046143585dec6d410edf3e9a66ea70f858afbf3640a38c6f53eca0aaa52e15c8dafe434ac1cc42d22d2f33ce0dda43f679f7e1194bc1eb4f391d51
+** GENERATE (SECOND CALL):
+	V = 9a5669f8a3aa25f96533aded39e483e855a27c42e74e8a35e283c00453355ae1e406834cbbdd8c3a95ad43cbeea4af777849dacbf67ea92897f66deaf14934544126563392fd9fd767118f5aa0b5d53f84ebdda47918adae4a187b431db39e2a1fdd54e28b11ee8b315e760ce4fa3c
+	C = 95eea7641b149f6eec0b4f93eeacf61dcd0eaccc5117057d7ea0b7b1a2611611f2bcd5750a37163e40920e2c83878d7edc19824bccaf0cc83496ed707fcef532030eb3ab9af5c2d2327717ad3461fc78c12e1f6feb85b26172eba3761b5451edc8e9aa5f8c431a9aa7454d9e27ad86
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = bfd40725f5ebec659388ea787224f8f075eb72687bbd67935a7e71b4feab9b03
+Nonce = af6dee25b154680d761afca5897cb8ad
+PersonalizationString = 3500f2b4ea0bd30fbd2e143a29c6b5d1b519b559453b1260e57a42bebc3a5d2f
+** INSTANTIATE:
+	V = fb20996273eebf620e5f103904b2482d21b46e1b3a245e3ce23cae07c91e65a811670e69603d59efb749d91a51b23bfbde0f208d584e0ea0a777ed3aa0f7afdb836e120245077c555ceb00669e99da9363b64a67902eb5393078f93fc8b255effc89b6ee039bc8b98f6bc0e1c7b218
+	C = e8d3981993cc7f4503be81a63334b6f4c37ac337cfcd61b9ab18c19908eb7b5b1e4b1de7e5860b31cf3cda4bae85a6f6d588867d77b9f87c7d6b96af7992d43d9609277280f67ad5d779f6514df0e9b1348c9fbef4dd3a1abfa1bfe53ec0d0774d888cf976ee140175d47ac2e9a5d8
+	reseed counter = 1
+EntropyInputReseed = ec2f712c397f9aaf4e2e3faa843910c41359f7900beaeb90ddb84c95303c0ecb
+AdditionalInputReseed = 6c0ec59eba1da6cbbd7374f36f3177c855a2a65b4d75189741738a6f662f77ad
+** RESEED:
+	V = 6017553911010caa20ac5d569cd35afdb3c7641bf7d8dda55eb6552f1203d1cefce238c58cc4850e105f6bf35145dfea126b40fe54f3a7e3ec153140ef382d1196882d57ad02e8441f7f721448dfa3d71816a4331f16c6bf723b1b3f8c8614ec4f1470ed1107a573e6548c734f6d4f
+	C = d2b451e43b70e3049298d908a0f38e426ade526d016fb846d4c5a36d15d08c943503537fc202fe75c31bd74cd0b5cf174127eff921b5ffed75ff231b01839e96298264b7cbf2084ce7ab3df7e8362a049115fef679b7b9d61407effc6b1b1c4bcffe8fea3f2ba2ba34987d7362b691
+	reseed counter = 1
+AdditionalInput = c3d39ae88b2ea360d25692c4ffa1bf9be63d9e194ced791c5edeff42fe8a8b9c
+** GENERATE (FIRST CALL):
+	V = 32cba71d4c71efaeb345365f3dc6e9401ea5b688f94895ec337bf89c27d45e6331e58c454ec78383d37b434021fbb051551ecf5a307e91bad251621c882d070628895b1be761bc61ad7f07f287406360b925ab611eb90f09450c3240e092f23c6fa0abc2b0717a3b05d93179f4423e
+	C = d2b451e43b70e3049298d908a0f38e426ade526d016fb846d4c5a36d15d08c943503537fc202fe75c31bd74cd0b5cf174127eff921b5ffed75ff231b01839e96298264b7cbf2084ce7ab3df7e8362a049115fef679b7b9d61407effc6b1b1c4bcffe8fea3f2ba2ba34987d7362b691
+	reseed counter = 2
+AdditionalInput = 1d68f8c0d86528f73a9b3f53bd1128dd1f0319f78e31454c338d62b49f208381
+ReturnedBits = c84c664333cca8d6b236afbd44183aa75e981d72b6a3fe66129d8c1223a85bb2d425ce3da6d362dfd16dd6f5e6315c7edad8e96f70df4a8652e911a43304b9330174ac824d8d0d025f4b404afcab89c9e75fac9819e7ea2e288744c35c0ff92f8f9e83458e7548f8c1e9d6f1d7e95400241422a556f9c95a4351b65e4f1dd423347653f2247023e5b8f0a9a589041f3daa82fd2dceb1c8ea520ede22ca07e1c56a211b94405deeb98f91098505c827020e70b8beedeb4fcc30aeeaf59fcf11b464a51d20ddb0bfa5606fe10015588d49c17dd429aaf1da309d494cff47a6a62e0df4d0918e0fda7e9080221a25476d6e32cb1314cd9356509635475eb7329f25
+** GENERATE (SECOND CALL):
+	V = 057ff90187e2d2b345de0f67deba7782898408f5fab84e3308419c093da4eaf766e8dfc510ca81f996971a8cf2b18054a584a5d99d94b015506aa0a92591b1c4a8acbcbe234178032f7c09255bba457677a4589257e6df171eb157eb99002a0bb95a5676d11c6f883491e3d9aa7a53
+	C = d2b451e43b70e3049298d908a0f38e426ade526d016fb846d4c5a36d15d08c943503537fc202fe75c31bd74cd0b5cf174127eff921b5ffed75ff231b01839e96298264b7cbf2084ce7ab3df7e8362a049115fef679b7b9d61407effc6b1b1c4bcffe8fea3f2ba2ba34987d7362b691
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7ead26007fba35ee7aa4d9a9c0c4a99c773fbdd9da07cd151eee3eb6ba765f4f
+Nonce = 685f28483d6018d01d78de1eec5a4114
+PersonalizationString = 01449c471736a99d1aaf17f1a76d471915397b5ef4bfb8fca485c8684a4bface
+** INSTANTIATE:
+	V = 3f09d3af831bbbc7ec0bd8f7413cce550cfee1ed4027a2bd09cd4af401b5c21cc59cfd835320973af71ff70d54cb5e11ed2d96943e14554269e394ea5c8ca88bec4a601877a2b1012de373555f84d3b5a7bb9d9aa4f783257c5ab2f3cfbba2cbfd74f8fa00761a9781032bc1c68711
+	C = 44ac26d5e84a4ecd5eb7cc8a089b6172b3c440d71c0462e105cc6ee9c983e5071cffc6fdcf39eac5b875029a59fec249a4df4a6ff9735bfdebe116f16b4d00de3aed9e2a53d64f00ccea0daa8e366b24a27066b94f1169ee78966515a53cce5b8b11238c39c122d3a7a6f8d8074f47
+	reseed counter = 1
+EntropyInputReseed = f27a853d08bf950735b100cfcb158a9bad98bdff852ca7b536cfb779171ebfac
+AdditionalInputReseed = 82fb1308d455387cc05fe40e1a5edb81692048eb94ec63904cb15cd11bfe0599
+** RESEED:
+	V = e18369a0a9248d6fcb1e05f9745f88644af60f9f2d6d2ecef072affc091818ffe4595524dae71cd074f530ba8e580eeddd2132b893d69e32e3762102bd29361c5a51e3a23af4b6c65c29d673414ab8b70a07cd20cc29e2d8d7734c123eed459f7ef6cde01bfb72a9fc46d3e6a01749
+	C = 67ec223a6ae4c9e8a75f6afe5b47aa92af689499d850c03daa0ffa2aef1f350f2b65c9cb17801ec12ce02e09a4f3de6a782947663c24542a4b0f4863257be8f77d3fa495ba5310484fc2672087d927d9c73ec8139ebb3afcbef59a8417f00421d24bb07f29cd46ae383b8ad9abc8d3
+	reseed counter = 1
+AdditionalInput = 035feeac96c20456aecf330c410591d9ad7ce6f65a247532ed68992d3df7fe1d
+** GENERATE (FIRST CALL):
+	V = 496f8bdb14095758727d70f7cfa732f6fa5ea43905bdef0c9a82aa26f8374e0f0fbf1eeff2673b91a1d55ec4334bee18ece60357f302d911bb0255702ec4c2d244bf8104c07003b8eeb61c4c8c8e999108096dd3cac7bc5639add10df345617cbc6b6a7ddc4413f197f0b1cce1c144
+	C = 67ec223a6ae4c9e8a75f6afe5b47aa92af689499d850c03daa0ffa2aef1f350f2b65c9cb17801ec12ce02e09a4f3de6a782947663c24542a4b0f4863257be8f77d3fa495ba5310484fc2672087d927d9c73ec8139ebb3afcbef59a8417f00421d24bb07f29cd46ae383b8ad9abc8d3
+	reseed counter = 2
+AdditionalInput = a86d6b506a7bb92de6a1af3f59f4af037362a902d0350b0cc55f8266657c50a0
+ReturnedBits = 03b771fc0bae9cdd5f646f8573918e48d405163808a86c0588b541eec81765e1736c2a46ce7f0bb09a794755e971e29f122cab661f411f6f1f4ce0bfbfbd32282f08edab2a26b3a5430a8a286493f4f6ae47c93c1d19601de757aff97fad38fd656e026a9aefa10efd9ee942e63d2a503967e7545ade90c5e4105e3867169247166d0a10addb91827e2483382f85641ae688f89c05d100f223101a2e88ae7208d6e5318469a424e043a96540e3d6bbc3904946948d15b19b61d4fdb26be89a9fa35e57807d55aa655daf84b466881e8ccbd751891a32319f3463af04b964ccde08a9b4aa82ab9e2f60b80cc79b81eef211e2ed40aa30a74652fc56ced34ff8dc
+** GENERATE (SECOND CALL):
+	V = b15bae157eee214119dcdbf62aeedd89a9c738d2de0eaf4a4492a451e756831e3b24e8bb09e75a52ceb58ccdd83fce000534de4afdb59330fe583c298b5d833055d6b9d9ac068ddefc4ec56298991145d48d64ba496ae9faf918c522066b92cf2d417293a2812249136472ac0d61f1
+	C = 67ec223a6ae4c9e8a75f6afe5b47aa92af689499d850c03daa0ffa2aef1f350f2b65c9cb17801ec12ce02e09a4f3de6a782947663c24542a4b0f4863257be8f77d3fa495ba5310484fc2672087d927d9c73ec8139ebb3afcbef59a8417f00421d24bb07f29cd46ae383b8ad9abc8d3
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d9fb4fe1010973b7a1a596985a813cc410f33c799a5491b2e830f6b301729eff
+Nonce = 4f1d3493139d0bb0c235c5f4128b3b5f
+PersonalizationString = 0b0b01abdc9aef47d49198c25e0929883f790f3c6aec2af68909f289e375ef66
+** INSTANTIATE:
+	V = b940e39e35e82dd6c3bd00c11f2df91114e80acfe5b83aa1388d874382fb76cd79738159ad8e0caee7033f015a0659face035dcd86b294b76d8d203aab9f8f1460c1b0aaeb89570a09c7fb2640c5668eb97acf4ead8b27974aa0ab2731f1ba298df57f9527c4fadcc4261c6ca9933c
+	C = 8f357159e8deb17c2216151f95ea079f08ef9781099f4b94e0bfd47964d6759148bc7432d24c95368997f62722b4fe2bc45a0238bc91d3e5bb03ea27ba991aed72f67413ffeedf5e9f53a1977fb5b46582044fc284855134a3ad3d4880a6d197661e9b473547e2b7e6a3db1c3c565b
+	reseed counter = 1
+EntropyInputReseed = e8836ffa1e94b003ee87714d11b0f5c201756a4b247834e8e28a4d272e79ac10
+AdditionalInputReseed = d77281872e7e646e9545d3fb1afa84bf6c11319d3140802e9e976a9af2d19522
+** RESEED:
+	V = 12ce23f2719327aa64d401d68aa25268c5b3f92a7bbd2f3eba60c51d0b07710a9e1aabb82884c8a40a420c9e62a40ac10f20168159153329b7797222f8c6e50d3d4504709bfd234818c17e24807cab3f4609f3094ffde7e3e9712575dec90c52ad1e9983e50764822315ea508fc094
+	C = 06168d4cf87a3b79599d451e859a37fbcea6eb4e6b2b3774beb7329cb95653a772265e86f779b96e485921ed874a38de43f53a7baf812f7cbc3d7a05eb215f89aeb52826ef1501ad6fa79cff39c7ffdb77fbd880596fb0b531d57b034a351aab59975f0d410693da66c6b4b2b759e6
+	reseed counter = 1
+AdditionalInput = b4739221cc4c372110c57918b83c956445d44c715186499dbcc758fc064c9e42
+** GENERATE (FIRST CALL):
+	V = 18e4b13f6a0d6323be7146f5103c8a64945ae478e6e866b37917f7b9c45dc4b210410a3f1ffe8212529b2e8be9ee44e2374f8981bcd0fbad241981bbe6dfb7318924aff2be05af0ed3d255d78de4589a3087fc069c892c9af64d827f81fa5fed3d3ab5df8eed8e16d0a06554478329
+	C = 06168d4cf87a3b79599d451e859a37fbcea6eb4e6b2b3774beb7329cb95653a772265e86f779b96e485921ed874a38de43f53a7baf812f7cbc3d7a05eb215f89aeb52826ef1501ad6fa79cff39c7ffdb77fbd880596fb0b531d57b034a351aab59975f0d410693da66c6b4b2b759e6
+	reseed counter = 2
+AdditionalInput = 5038b993ba92eefc2f0d730f1054ebf7e16714402c3d4329433eded0a679b06c
+ReturnedBits = b454f3d8d6ee50b3f82a126e0ddd39be33b646f2c210cb732a7ddfe546fc4c047fed269488465f4173a06c3db8e80b8107c7763a80df43af8742844475f8ce00efdeceda768512076f3cc0ac45216e0c9d2a86decf7d2be83c9a3d5448171b7d6f1b24ed6417f6c2410a71d5bd91e6ae3ae6113fed3a8402526ed301f507b3307aaf9eedad9dcba67090a487f384a0e0cde7939ecedcf9c8760b2d0113854150007d4ee87c8052843ee0e36b0185d81ae4f68e72419fe8da8042cf7edca077d08b97ba772d7dfce7a0bcc591af155fb2847ed7f6e9c541259317d7b05835ae5368b8ad08e9c6d00b159da27761fe99303650a5653e88c865ee352e402d17b8d9
+** GENERATE (SECOND CALL):
+	V = 1efb3e8c62879e9d180e8c1395d6c2606301cfc752139e2837cf2a567db41859826768c617783b809af4507971387f90f243bd73159a3164835b176c3ac1b1d3595ee6d258770d57dd70ae7df86fb8184e0d21d7fb5f82eef24280bd89efbad95df2a31a91fdc46667fb7547aa5eeb
+	C = 06168d4cf87a3b79599d451e859a37fbcea6eb4e6b2b3774beb7329cb95653a772265e86f779b96e485921ed874a38de43f53a7baf812f7cbc3d7a05eb215f89aeb52826ef1501ad6fa79cff39c7ffdb77fbd880596fb0b531d57b034a351aab59975f0d410693da66c6b4b2b759e6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = de7ae27c942eabeb04d15e5c780e8d5f7dc760b187a0e1260205fe93e28cb93b
+Nonce = 8add3bedf4d457fe164c44377a8f6bc9
+PersonalizationString = 34d29ca99219a1f169633460fce8f48a92ce9c9d209501eaf8e557f29d085248
+** INSTANTIATE:
+	V = 0e8047a7977a7ce12b74d9c812a36f7b3bb6c55fd3be2b3e8944be1bf1edb4d6d1d5852cbeff0c7844b869ee17e232c3ee226c0b181e8a92b9df446f08c8aea95a900d14af255b3a5dea008d4f82dfabafddf1342eb45280aeca48493b47181daf253d29f81d629f5162f9ef471d38
+	C = 5eab5a70e44fc6b73b37ba1690e8e3e26f08799938524afb01974f36a70a0c52a75b3eb70092fb354139bbbd22edb16b08976a6fa3cbcc858bb638300b2c14bbda4983902c2116de32ea91f8a52c33d16b4acb7b2361ebfefccc7dba637cc6e800592430ab1c419bdff0576ce56d08
+	reseed counter = 1
+EntropyInputReseed = 1b806bfce476387e08cbfd3f2fa5e27fd5fc6fba8b9ea73b96d0d9a1718232e3
+AdditionalInputReseed = 3e39c488ac70e8cff43ab2aecbcb741528348e9aa778bac9a4f3888021a1817f
+** RESEED:
+	V = 06ddbb8dad3f4ef76930bfb7085e43cda3fd837bc40785223d6a0dccf24811c7a285cd7183b558b019925d78de7b09ac37b0a2b66d9ab56f31a09bb85209972a38a80865b875c638a35f9be2496b3aa0c37131a316d8af2da8f8e3fe26f1eaebaad7697d121f38d17278c68e1020b9
+	C = 69062789d9d5a07571233dcf02704fc3eee06b6785e8b21c8914fd5ac073976fba6d5f06612c6fd4beb30cfc263c68e14f87f38d0678ccab5679c0e1d0bb61cc7d91754a6c3ba67e234155d43fb063d3f2428591503bd0b9aa3819f608e583955d27592d0aae72f98a70641d4f16ba
+	reseed counter = 1
+AdditionalInput = e0ce337640e247b91d999b389bd052639b7de6d8df82a8a3640cf05d2dbe91fa
+** GENERATE (FIRST CALL):
+	V = 6fe3e3178714ef6cda53fd860ace939192ddeee349f0373ec67f0b27b2bba9375cf32c77e4e1c884d8456a7504b7733d90aaa006c81f30fad46d5cac9b131cf9b89e669f4c7e8873d92baf6ee71c1500e9e7e4c7bab7b606ad0f73c78c8b7742d0011dd987e5227e0c68984a4cc28f
+	C = 69062789d9d5a07571233dcf02704fc3eee06b6785e8b21c8914fd5ac073976fba6d5f06612c6fd4beb30cfc263c68e14f87f38d0678ccab5679c0e1d0bb61cc7d91754a6c3ba67e234155d43fb063d3f2428591503bd0b9aa3819f608e583955d27592d0aae72f98a70641d4f16ba
+	reseed counter = 2
+AdditionalInput = 15f6562340be54d873f415299ce19a84f244b758d5720c22de4e83cec8f6d337
+ReturnedBits = 484a01d12efb77f7218d42d0c0307bc3fc2fb2a201efdb3444c079f525d675204928cc55296708d0047f3fc39a4d178493bf46d5e7ff000934e27341b90029c827c7fe5cc023db23bc242a4080129cdba0eaeb3a428f0449f7e970982c2411fd29c471eb383ca095ac5c9fde00ea67e447a50887ab9801d3723f826acb501f2d207216a30dcce1da3438c874b506a4e137dde314bc980895fee90ef18a723caba97edf6cd210d51deed40a88b695d865748bb4b1b94c773711504b7f4cbb8393689c193da46efe02d45b13c103787c9d0b2859795f15e05f7a1d0102d0a19295ef6da4ef311e9049f0ef356595bbef28af64813ca8c4f7a594c0b88deb9b0a1e
+** GENERATE (SECOND CALL):
+	V = d8ea0aa160ea8fe24b773b550d3ee35581be5a4acfd8e95b4f940882732f40a717608b7e460e385996f877712af3dd2148d2db870925ab2b828c6fc546e7c7a626344832af630ac0494b5a90a08cd007d3fb30f01d278d41591735cad4cc260a0334752bdc6df122356bb702ae14fa
+	C = 69062789d9d5a07571233dcf02704fc3eee06b6785e8b21c8914fd5ac073976fba6d5f06612c6fd4beb30cfc263c68e14f87f38d0678ccab5679c0e1d0bb61cc7d91754a6c3ba67e234155d43fb063d3f2428591503bd0b9aa3819f608e583955d27592d0aae72f98a70641d4f16ba
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = f359535fa9d1ccfdb4d0a4c4be750ace90a3d8a0ed1cccd691bff6d3d12f9d71
+Nonce = 5d1e328ddd290e3534fce6e59ca2cae8
+PersonalizationString = fa736eb7f62028314d2b516b36b1ae54d50e8650928424131f0a0fbaba559470
+** INSTANTIATE:
+	V = 684aaec30f2ade2da63a238a657f663f80628776c437e24c39ec854208c91445b5e61224304637feeb5e756fe779817306a8c216ad94ee3aee40738ee8314971bcaaa072330133335c74e79df39eb64163e3920316ae3cbf286c043ae74fca0367d20324c5dd41af0b93cf28902e36
+	C = 55eb61040acef51f432b387ed73da8276d4b5044e22354630040cfac9069548bd8bca156d04df40d5d2677aed9765f04dc2bac5c1393266fc4a2870872180e21af451eacf4a887ef1b882525491190af8c1c3582834aad9bbeb127361b3592d3a670d105104fc7bc691d68aa77f647
+	reseed counter = 1
+EntropyInputReseed = e8d16f9cf6d52911d59e5925eea69b49b43c948cd10dffdbe787973025038a80
+AdditionalInputReseed = 84060d9d45c87336aa5ccc8db21cc940865d99f7d56a8f1366e10f3723349fde
+** RESEED:
+	V = 3e4c1946e777eab7112efd80661d16793552f9babf2a8ea9383a7a52b69eb1a20e4111acecce551bac72def20293ca46aa6c73d5c29445eccf54d878a2a4dc6f77b479790b2cc31f95ebb7e5593a39deea2f42b4c85814642a50c63580011463e1b9b98bdecb6920f3e9697bc1ca0c
+	C = 96929ab3bba2404bd0ef40d793d68bcba6250c422301f0e6962b162c9fbd33f5569373b7146e5272a28aa7165000780d65c1fdd35a6fc64b878dec0b2a608fa5a9c508dfb52344668e46aa13efece6e90140660d4548af7eba09357ded6931f905f3847b4d4c2493f274372c190592
+	reseed counter = 1
+AdditionalInput = 4556bbfdbccc5b778d66e89a241602007cd01d058c47cfb69c9a53a482d618f8
+** GENERATE (FIRST CALL):
+	V = d4deb3faa31a2b02e21e3e57f9f3a244db7805fce22c7f8fce65907f565be59764d48564013ca78e4efd8608529443e31789ca441ab6017804a4999bc3c52386db296c9869da74b99a7628ecdce4ed2da5ecdd8ef427fb495f234e54806a1916e021485207aa360a56f97b432e74c7
+	C = 96929ab3bba2404bd0ef40d793d68bcba6250c422301f0e6962b162c9fbd33f5569373b7146e5272a28aa7165000780d65c1fdd35a6fc64b878dec0b2a608fa5a9c508dfb52344668e46aa13efece6e90140660d4548af7eba09357ded6931f905f3847b4d4c2493f274372c190592
+	reseed counter = 2
+AdditionalInput = 328129c5f1130865f90973df9122cf84f50d01be1b7a7ece85585a7ccd044751
+ReturnedBits = 0d3eede6df5824ccf7b8909f6a73271bd085459e95dda8e5644992a2bee5bdddf578b0688d47a31ce5ffb54282cb319130b6a1aead266316ff26ec39051c3ea3afec003c8f06b9c55593b404571ca9bb166f97af7e8b28aefef43d0d934b301b1d903753378d792030a0711cd4753cafdd0b6ce1b52944668a37af91d460a16243fb8081b26c4bc42d496169deea05dca6d0aa4f5b89eb8696cbeaa2c8974f5a797a1d6c55ad1822692c219f37c498a002d547cb4b018416bc9ab4aba07b8e91883fd9d63f91375312bfa822c25c04934c8a5ce5081e83e87c2ef39914df50b516f11a1842505b1271f0079329924599c143aa48ad54837efa7fe726f5737d98
+** GENERATE (SECOND CALL):
+	V = 6b714eae5ebc6b4eb30d7f2f8dca2e10819d123f052e70766490a6abf619198cbb67f91b15aafa00f1882d1ea294bd7617c2902543bb1afb493f8fbef32290aaa654c4e73ce6ed10b016d951e08d1413028b206bf85981ce3bd020d6f700e14fb0f50aa889036defe5a61a1d4886cf
+	C = 96929ab3bba2404bd0ef40d793d68bcba6250c422301f0e6962b162c9fbd33f5569373b7146e5272a28aa7165000780d65c1fdd35a6fc64b878dec0b2a608fa5a9c508dfb52344668e46aa13efece6e90140660d4548af7eba09357ded6931f905f3847b4d4c2493f274372c190592
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 0fbf07ece426b2e8b5f876c27646c80d65de48e919c09bfab25c3cde47d9a702
+Nonce = b2dc327cedd063bc2b1c2e6479e02940
+PersonalizationString = 9aa53110da68ef97cc983bcee957f6316a0cbe7c41c0c96ca2065cf8d66e4618
+** INSTANTIATE:
+	V = 8edf0f5e6b0f8b6210b71cc928ac15f63d5e9e8b2e43d6bacbe4a32a27798d840607e397096f079d52099b472435f494beb15fc6244e2d02ce4983c9dabb6bb9c143830eb74f024d44fe33001b13ad922553ab6ae48d7a38bd928503d4306411e10ea663b7b367b9844866174efb68
+	C = c0c84e465d682de483bfca1802f3f746d456f107cda1abc7a9fce8a826b391051c70f010393cb4811dd6c235187ee98f5bec51e2c69cb8f0f6a4afa5ce8905a3916bfbc65ecd4c7c0afd22bed4cf3202d86b67100224e638661094941751439c6e9c5ef486c36ab12d9a6c8c0084a4
+	reseed counter = 1
+EntropyInputReseed = 2cc8adff06de8fe82ea3d35f05232f5ef0338f915a0502f4d34e99030e828c2e
+AdditionalInputReseed = 78c3539e3635e187d7e9f3641d33fcfb58865f2d4658b859e27f6cdc1c7fc085
+** RESEED:
+	V = a96cd8b7bb4ef63f2959dc6954e2498049e8c1c9deb91452a4a9621eb04ef69523c6b0cc0a3e538f8fc656cdb20332635b92ac185e369cb6ae2f53388539c81d4b5b15178d3ac589c979219022263494392060f5b6a323110fbf1290578a707275a57964838351e760ec0d79cad92e
+	C = 94a9522fecf6c4bc995f6033b05c1553cb17659b6e45d03a9c34b768ad67c3fc07b6af798026d7fe2d2d64908825e4db2ee8dbba20102a2a930ffbc054b0fa6feb9e194e4913fe25e4044786965541ba48817600376d146c959a3d0040c048e6d47f8c71ff290ae05acb160fbb7242
+	reseed counter = 1
+AdditionalInput = 7b44921d9560a9b4dd5c74c2b50a233e1800bf713f0d20744e236b93a3cf1773
+** GENERATE (FIRST CALL):
+	V = 3e162ae7a845bafbc2b93c9d053e5ed4150027654cfee48d40de19875db6ba912b7d60458a652b8dbcf3bb5e3a29183ee48352be1ebb630dfe3b82d2e6691606e0965550790bb0c56796e073f6922dbc304172d97a1971593d53f9ffd3f7d3433591d50f318dc961495acb4ba2573a
+	C = 94a9522fecf6c4bc995f6033b05c1553cb17659b6e45d03a9c34b768ad67c3fc07b6af798026d7fe2d2d64908825e4db2ee8dbba20102a2a930ffbc054b0fa6feb9e194e4913fe25e4044786965541ba48817600376d146c959a3d0040c048e6d47f8c71ff290ae05acb160fbb7242
+	reseed counter = 2
+AdditionalInput = 218b6e0da75fba14ea4a9ffbb73ee1818808ea2d5657ca56ceb298d2ee27bf11
+ReturnedBits = 13033e50d686e0fbe162dc08abb92f7e66b1a9cb024b5de998b5b75b9fead7ec0c3e756a6c627d541f355a800e10a845fa7cc4b9d5f87a3ad75504f363c743629af4a5028fdb837fc7d06e17522c856c162a47b1bce2c11395c02078a4b10bc985ddfd55106ac4935a1deb9f961fb05fc1a049e1035c4b751bdec08150e4ff9cfd40285e57144789c9c05b2019742d39eb5b5220ead70c2c8376f53131fcfa98065223d144644f0ee16bae82642903daf63f14757c360283f4bbb1d25b2542818e470b27deefec67199e03123c282279d85be0c765d0841342d93489fe7ebbcee9ae1033857b2d87ea59ea7baf953765ba54d4b6dc3430709331aa067e3eba9b
+** GENERATE (SECOND CALL):
+	V = d2bf7d17953c7fb85c189cd0b59a7427e0178d00bb44b4c7dd12d0f00b1e7e8d33340fbf0a8c038bea211feec24efdda25f257b15fd487a669f8cbcf3bb9b85513cf526099fd3d830dbb075f186ed3c40d8e73fd644e26251fb3545cd3138712a68ee05cfe4c5e1ad75dbdcb869e71
+	C = 94a9522fecf6c4bc995f6033b05c1553cb17659b6e45d03a9c34b768ad67c3fc07b6af798026d7fe2d2d64908825e4db2ee8dbba20102a2a930ffbc054b0fa6feb9e194e4913fe25e4044786965541ba48817600376d146c959a3d0040c048e6d47f8c71ff290ae05acb160fbb7242
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = e6f94ef8b1024e852971a5bb6eab5c86b1c2a1d8320e9d121dcbfd90988c6d1f
+Nonce = 7be7c57eddbcf2cae79db86b8e87a052
+PersonalizationString = 12640878f67f34704394383867b9c4229455c72ae1951090d1d5d98d410863a8
+** INSTANTIATE:
+	V = 09181c7ff107758a5fd64d413704b5950c05d64d5fc007c4c0284f2fe58649e1c8ff3dbe1f709ec6b07c1bffa5a3fca365d2c63e3f2ca9fdff9a5ad02037c76bc6a1e56b859fc4ab91e4772f06086ba8e2082a493615b8292b73df6668ed9b16273ea2713fb308c212bedcb2f57426
+	C = fc36d853c39d6ad4b6fee88d2a77362911ddca632412d1c6b7be66201544d89cfc11134a38faefe6d78d0f824c017c5d9872f4f2129435dbfb2d3d002360aba1aa321b3e95ce0cb1bfaaa51b364bd58a4396fec40632dd61e33183b0ad69dd7e971707f3daea8789d362dd4512d9ba
+	reseed counter = 1
+EntropyInputReseed = 66384504ce7fec2d222a0c5681e2fd889d3dedd9f27b5b83ba2d0a03c7bd1202
+AdditionalInputReseed = 9ddab6933d972867056b0f6703d4ece71e973c6a4099b60114464e735921970e
+** RESEED:
+	V = b35ff30aeb176a4e2436914886789fc5a4156ced545e18f1c9bf25f53decb7cff95e041c6c59006be38499a02d64841b41ed4c8066495258d95f4d04704e2019c1ead32c0501c8e01d4f13328cfe67d6147fa618eb4a9901bf6488ddc92226d7dd7d706445742f7827b55183532418
+	C = 9e81ea024d43304e3fd05b3e7f4495659d40145e9bfd7e3d0a0ca09ad9e46cca316cf468a2bd117b4ce5fc25766b8b40e2181b07abef70d89907cc1a8daf8bfe526b0ed3d37d7d00857fce84964c7c204d12159e798b136fe8711d3ed387fa606cc408899500906ca1eb6e9c45b772
+	reseed counter = 1
+AdditionalInput = a5de2fffeb439014118f1176fdf313272d661306ef252b62e62ea6168efeb8d9
+** GENERATE (FIRST CALL):
+	V = 51e1dd0d385a9a9c6406ec8705bd352b4155814bf05b972ed3cbc69017d1249a2acaf8850f1611e7306a95c5a3d0107ccfb9f31a915584ad3b8ce04e9f98325c1723bd0c83bf918d94a0aa74041a1147ba4f67dce01e87b55e075cd1d70b4cedb7d7ec8914d0d6f600a0bbe99e5127
+	C = 9e81ea024d43304e3fd05b3e7f4495659d40145e9bfd7e3d0a0ca09ad9e46cca316cf468a2bd117b4ce5fc25766b8b40e2181b07abef70d89907cc1a8daf8bfe526b0ed3d37d7d00857fce84964c7c204d12159e798b136fe8711d3ed387fa606cc408899500906ca1eb6e9c45b772
+	reseed counter = 2
+AdditionalInput = 544280686c9f764ef0aace9afd51e1bda5a6e5d7ce4363d454291a51c7785f2e
+ReturnedBits = 1bb49b4b54aaa70c1c093ab313354abc280148bf66ccd2946f76a8aef582630af565fba6622b23d6a176439ead2c9540d075324cd88e35bbe9ebae84e821746f5d070dc9045d2b21ee894b9b8d9ad0c02391df13d89a7175ea1c62bce80c0f90ab69f7f6c8f5640fc2004e2afebcf61f1aa6c5b9b2be2bd0d847bd9c2dbd4c7fe92558d820b3b4d1c09338dd78547937e2f11d81d27624c5e687a83e9d972a8867d0b822273be99dcc11c47d8d7966ebd241b433f4951fb7316cab9a8f55ea266c5896d768fd7aba0d8282df80ab4cd59acb3c687b3e40f3f8339617c8fe383ec2e9c9eaa221e1bc3d1be6aba7c999f3bce66751d13e2e8ad3a76c77c63e522e
+** GENERATE (SECOND CALL):
+	V = f063c70f859dcaeaa3d747c58501ca90de9595aa8c59156bddd8672af1b591645c37ecedb1d323627d5091eb1a3b9c13112533945c128bfc4a3d1b78098e8c64f39a9de16fe3c69cb382a04a5994fd35731883ed28f9c175119e8fcefab5941b1ad392904fcc9281d08910b21edbfe
+	C = 9e81ea024d43304e3fd05b3e7f4495659d40145e9bfd7e3d0a0ca09ad9e46cca316cf468a2bd117b4ce5fc25766b8b40e2181b07abef70d89907cc1a8daf8bfe526b0ed3d37d7d00857fce84964c7c204d12159e798b136fe8711d3ed387fa606cc408899500906ca1eb6e9c45b772
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = cc23c83d8adc10a5a64075bd09416a93892ccbf970fec570b983904240c31a64
+Nonce = 7c77f8a756d434d0bb35dba587a9c0c5
+PersonalizationString = 7a6f59c10758eefe41b0e4523659a46407e32b12e00ad9268ec0edce118a7e6a
+** INSTANTIATE:
+	V = 21f056f15946d5786196bfae7e95f91509508026233b675de8510db00b0cfd096c4dc764bcebd4966539e4c2b7c9f27a0f267293d4337e9642d5a92658644ba91fb0f505f23280c60890f1ab2362952524ce5fb034f09f321e6871fbdb4f5c22d25f4b5c9bc7ef16c7413ffade8889
+	C = ec32ae3e430b81bca5363147c80002922d175eb3e7b2739671fd930ec53b0fb38540588f237b2a31c6365416d9346825484342670ad016d980a3cb2194f7be7d2fbb04e325772a6ea095896687dd355a8f06e74dd7733fc501f7928eea775130f7d1d4080269f83e3d2aeb1db0bb31
+	reseed counter = 1
+EntropyInputReseed = 59d1c016f02d01ae6cacc75df5e26f60731faf4552958e4f8d35b0b68c51251f
+AdditionalInputReseed = cfec594ffcf793d986aa4302e5eace0f0e6ff86b909fb77fe3ff13d26bb24fcb
+** RESEED:
+	V = d8b457eaac2852065311fb4e6b852bd7cda0fff2d5dd4b6fec7be1f52e8e55eb8ac830aa0402be4891b8eae486f55dc1a0d7f9f6635ee5024e7cb1aca462d1da944f9fefba5126261f420254c16e95a1c0d3e4fa0eeec949efd946d2e1962ca046ad2f3ffd5e32dd8c33515e27cdc2
+	C = 14ede3f558d14d907212992e0c482bd940b0c573b087a7b849b70e0fb10e1067c6e479fc12683553a59906947fc590a601a7c339be3513a03753a128ba8c52e3cfa2ebd17791ff094a97595e2f3e9f4228dbe5f78a470ce84f830b3fdc36f7f79d6d72e62674de61742000565e1f09
+	reseed counter = 1
+AdditionalInput = 6b177bc81e4a1f8be073cc57166dc084d128c5611d11e8cc88ae3dfe22a437ff
+** GENERATE (FIRST CALL):
+	V = eda23be004f99f96c524947c77cd57b10e51c5668664f3283632f004df9c665351acaaa6166af39c3751f17906baef82d40cda96acd8ebd55afdff3499847db1e91169e3cc80b6f94f51e00155b376d493486793cd673853ae452105c55e2a6eee7449023a5316561576b076f549d8
+	C = 14ede3f558d14d907212992e0c482bd940b0c573b087a7b849b70e0fb10e1067c6e479fc12683553a59906947fc590a601a7c339be3513a03753a128ba8c52e3cfa2ebd17791ff094a97595e2f3e9f4228dbe5f78a470ce84f830b3fdc36f7f79d6d72e62674de61742000565e1f09
+	reseed counter = 2
+AdditionalInput = 7c73f0835a7e93d760d267a245717f75ed6ed9492c7e290ba8ed738566efb5f6
+ReturnedBits = 45074d690363661e0c31b6ececb0d88b22d08125c9c8dc76901b778f4024312bafb1b966f3eace34cbab6320b1dc0ead3ba37ffb9880532ca9d12445825db719803f8319c046af77a2724e86ceff9665c295f0f9ecf512b2bae688d8a989ece674cda3caf554e7ba51d1d8106af73ad11e1c3464e76a5d0e700dcbd06b68975bdfc4f1faf156afb959cde76e0b63383dc274a2acfd1d0ae729c66144d3c9188cc4a5a8ed0b70156fea75cd636d8a43fd030f58a620707ef9a428ebf8d59f9dd221c8bccc5a0ef65d918403589e66d72ba78650486d970ca07344f42aa455b26ddbdf76eefb092eb698e94fde1f25a8361e902fb1c5526b51798cd8328f67d251
+** GENERATE (SECOND CALL):
+	V = 02901fd55dcaed2737372daa8415838a4f028ada36ec9ae07fe9fe1490aa76bb189124a228d328efdceaf80d868081549070032d2a6ceab608c534cd1158ded01aa3689df686a4639172fc9c4398c609202a4e6c0befe60dab4af32e62dded24e790327ed078a4c5a751d6df4de705
+	C = 14ede3f558d14d907212992e0c482bd940b0c573b087a7b849b70e0fb10e1067c6e479fc12683553a59906947fc590a601a7c339be3513a03753a128ba8c52e3cfa2ebd17791ff094a97595e2f3e9f4228dbe5f78a470ce84f830b3fdc36f7f79d6d72e62674de61742000565e1f09
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e82faedf6e8e245945ecc51965a4a8dad340d65d79ac0e138b0c5db55597fc27
+Nonce = dabe25386b7f4bbdaf05019b73199fdf
+PersonalizationString = 7aa4fb5b44a1e6342f389350f062931a5b23687e3c2a97218877103fed43da95
+** INSTANTIATE:
+	V = 962d890ee95391c94fa177c5c91fed474b523b89e1b1a57b27a173c5db31a03b1f5ad9c336ed3b8775df4c1a9f13bfa993a79f5a36b7c56874036e42f54f9bda04620e9fdd80ec4ee1cdef291f776fcda0609970e8481620e76da298175cdfe5b3267e4160223056d2eadb6eac505e
+	C = b63d59b7e5c5eff5539994c3ec35dcead0322af20e21a658d6ae4ff5138cf5d1fd2ef177478ee799c2076fe52cd3f9d42d68d20172a18b3df9d46c87425a7f5cddff2c3fb87ba19324266fddbb7248bf0c9a1e5c9711db7c9837e3c6ff729081083bb01027ab2dfc6469278925a56f
+	reseed counter = 1
+EntropyInputReseed = c0c2490fa364365002cdc854a88a5e57b9ecbda1a5519e0aa50f788a00bdeb2e
+AdditionalInputReseed = 44df1f7641aa6f99a44016446b1ac351d6d26cad43a5e41332f08f6f50cf74f2
+** RESEED:
+	V = ec154948a504bb6ca58cbaf7c16f8ce159eebf9010aae43ae45b683cadbfc40c8fa5115438b076020100c5284e803dbf991dec9d1ebb5f1f9a788ff19847e677a2d70a0190f608ce03b51181454ec0eadb3d16756dc677bd697bcfae1431de1a967dff0710eadce145c2cddab74aa0
+	C = babc5445be7d25785be99abf43309558ddba92bf3d8919bfea7fac2ff97a10161dafe4f1069bf65be45107897ce5f80e0ffa6819bd65d1414ceabd0f2d0bb09e4e279e2e270fb2751971d18fbd0f5ec855209b923ea29593e430536e93f9c2a7ac4341b54d3a5d9756aba4c15ea161
+	reseed counter = 1
+AdditionalInput = f4874ebdf79d3e8db93b14727c2d5a6f6887efd6297c5951268a3eb5be26cd66
+** GENERATE (FIRST CALL):
+	V = a6d19d8e6381e0e5017655b704a0223a37a9524f4e33fdfacedb146ca739d422ad54f6453f4c6c5de551ccb1cb6637851a622373372d09672dc57c8b5d099816d8801bb384d7797c0a519567b1e396f5a01fbff65165b005af959f0ec418a64f9085c7d23cead5af58172adc0211c3
+	C = babc5445be7d25785be99abf43309558ddba92bf3d8919bfea7fac2ff97a10161dafe4f1069bf65be45107897ce5f80e0ffa6819bd65d1414ceabd0f2d0bb09e4e279e2e270fb2751971d18fbd0f5ec855209b923ea29593e430536e93f9c2a7ac4341b54d3a5d9756aba4c15ea161
+	reseed counter = 2
+AdditionalInput = 6ca8921fbf960e45b6afcbbe0b5b6b87ea845b7c2c11f396f576dc3af90fee89
+ReturnedBits = 646aa646de1bf4ca0d000d5d188effa1a5d362a3763fe0c2b3848e4b67ae76bb4e9d5cb78ce84bf8be49d9e89fe02ae1e2f22d4d59e7b815fb168821c5e17fba1c89ce00d96322fb1ffd59cc16afbc8aaf9f0800b06d466b88b765bc22a526b98c9bfe7bd91f9d455b370749e9bcdc129637c8a01ca0c824b7e94db89e643ebe82f0ab4bacfc850ea42da8d0b42b9ba795968cf20f1939d28aebe4024ce8acce877bf5b71f6ea8c1eac5a101b31185b0dd899863f308b69ac5a0d2161790d4a06496d5c0fbc93f2f066f2abc86f1f8c381f3d2ab05b71c9209462d07373bdb161c233b939c24a4a035239ab0f204449b80cdcb9d0e148706701df602238a1249
+** GENERATE (SECOND CALL):
+	V = 618df1d421ff065d5d5ff07647d0b7931563e50e8bbd17bab95ac09ca0b3e438cb04db3645e862b9c9a2d43b484c307caf2365f8a6c799a3ee44e9579d442ad631894a9f5d56aa5e2200ff0d2df0896e7ebbabf05ee2622597be1f383de11f7e6de4dacca30133a113e9bc576c7536
+	C = babc5445be7d25785be99abf43309558ddba92bf3d8919bfea7fac2ff97a10161dafe4f1069bf65be45107897ce5f80e0ffa6819bd65d1414ceabd0f2d0bb09e4e279e2e270fb2751971d18fbd0f5ec855209b923ea29593e430536e93f9c2a7ac4341b54d3a5d9756aba4c15ea161
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 927a220c03c098ac455f9f776dca44266eab2e50545c100eb962fdf67d5d7e16
+Nonce = a6eff02b6aad993fafa4f6648372effb
+PersonalizationString = 410ec43783f62fb52f6dba80cf2f073ee17ad28b6986ec10c14ef355fe357d8e
+** INSTANTIATE:
+	V = 2d951636b16906bf44ba4e55bd03953f754116ad9f8b7e637ac1c3ad217bbc3dac698089acdebe0bd45fa6e13d5fa7edef28a640478e059a691f0d356863968087010cf64298d0befc2d2a1c3769c53e8107f481f81fb76d67d18704123a4f4293e3d5b6c003bc74ef7f78ada43c1a
+	C = d562fea87d99e0dd0d1c653d98adc7fee7262d2e9d5f1de0a8a2bc8ad16c663689712b676241b6e2324994f13c82aae7aa7f3f1e6ee013971d70e0688cd8e00702531c8dd4aa0b613732d2c069016eb26d3de8d76425faf0671f794b4fa420671b63ae8ed36f3993760d2816cadf50
+	reseed counter = 1
+EntropyInputReseed = 04a1527182330918e32c4eeaa6579517447041b63476a7133a2aaeed9ad96683
+AdditionalInputReseed = 53ed3c47fddb3186bf1e785876be09dcb5d7a29714c1e92351e0a02f16691f6e
+** RESEED:
+	V = b87c9f9d6496e5b32bec9043fb76d0746d593257d4a8c8022f5c65e6b98af3612dcdc5dd10865dd0c9d3586fb0f5763f0c0dd34d4163a47ec4b1da61775ee2aca39ea5c2b514c2fd4918a6de14dd9dd4211491d84210fcc5267cefe81de8e3e9633f80983491f10babe756ae183e38
+	C = 92587b1b5644c2eb5725e5429ac75d722cfe3d0fb659c2280fe2a041e439271f46647401cbd19cb7845e75c6d5e755b1a124ddf10c61940477f25d05c77fa4c5a8ca70241e5b76498f393c3c903d20f2695c0b9eabdd2176ff657dbc84d3425ac8830ab562b946f20025f4f4132996
+	reseed counter = 1
+AdditionalInput = a9bfb51295065eb18b47415450ff19085525ec2486523de3e0dae82288c2718b
+** GENERATE (FIRST CALL):
+	V = 4ad51ab8badba89e83127586963e2de69a576f678b028a2a3f3f06289dc41a80743239dedc57fa884e31ce3686dccc5fcad8ecb8a9dc94cfb3e225789c784816cdfbd2b3ad1fa25567f472d2b5552148043fdd725cf1514e345baf4c3f2dd79fb5a156d2592bcbae9fd2e8c315907e
+	C = 92587b1b5644c2eb5725e5429ac75d722cfe3d0fb659c2280fe2a041e439271f46647401cbd19cb7845e75c6d5e755b1a124ddf10c61940477f25d05c77fa4c5a8ca70241e5b76498f393c3c903d20f2695c0b9eabdd2176ff657dbc84d3425ac8830ab562b946f20025f4f4132996
+	reseed counter = 2
+AdditionalInput = ae938f43075f96beb9c3f583fa434e2426c4058891e584482affdb7a462de344
+ReturnedBits = e50f0aeeeae2dc48de77bd84b68268e634037140e0b4b498f53ef56594e7f53e1ebdf470a2bdc004c3c57095bf8135a74acbf3c20c220ce1f077083847de4b1e326ad21ecbfc6ffca67e051891016f754629bdf10b73a081b8f46790fe9eaed0296bccd1d358bf38472cf0baefcf5d5d52297a6054b4509289d8698d87af35cd0bac444f7124f76b1351a83165dd65b59bc2e0f93fc2d738fbc1c4c889f894c380813a80fbe7d43f2dcaec255e9091d0173604af09a3cef6fcc0061fac771374318dc99f93f5a46edd3dd333fb6e3b8e505512f3f6cdabc303c4673d1a59fff979d842ca3ee6ffffb3f0079097996946e874d6ae0dea4f23b2f17d39f1fc343e
+** GENERATE (SECOND CALL):
+	V = dd2d95d411206b89da385ac931058b58c755ac77415c4c524f21a66a81fd419fba96ade0a829973fd29043fd5cc4227125886c3766866d908c3ce289ae5bc91b0ba7f41b60a4ba45d912a82b102b7824d77c4655e2a9499dbadd39030d96e29d6f2d0f3102b4ec09b31957307b7d10
+	C = 92587b1b5644c2eb5725e5429ac75d722cfe3d0fb659c2280fe2a041e439271f46647401cbd19cb7845e75c6d5e755b1a124ddf10c61940477f25d05c77fa4c5a8ca70241e5b76498f393c3c903d20f2695c0b9eabdd2176ff657dbc84d3425ac8830ab562b946f20025f4f4132996
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = a77ecb4c58587d88f8f00a5f7ea95780260ef0b8e4d888726bef70de0e16b312
+Nonce = 345a0811a9952dc5a7ac6cb929276159
+PersonalizationString = 23acae13f89bf03af7243b42ba19bdd550f69832027c1f4fc254049349e026f9
+** INSTANTIATE:
+	V = 15ed1fd2abe3c077002a705aada02fe6af1318b5c206d101dc3397bd0422fb361863a77dc23c3d12c289c62e01a602763a3f8de7e19ee97eab875813e3278543c07031b659bf6c531871e93f3d42737d82419f1ab14b9cfd2ec97bd4c7730e9b275a583756e284ac859e547dd16fdb
+	C = a33520fc50f063dcd3f3322cb28f20343243a05580f215bee74e18da3af79172772060827dbdb32214e956a469663a4887c5867ac1f01e8e3366109c42e9e703dbab928d861038830ee641e985cc732742a1cabb549b156488e8b22f26f4a664fd0376d533cd59c353a3a5bcf5b694
+	reseed counter = 1
+EntropyInputReseed = 2b84125f319eeee08c9db2c929bde8cc99bbcf498bdd1526e98b06a2831fcd38
+AdditionalInputReseed = ac465b3260240368353f2123d221f565183a82976f57f523be2b02ecd394b634
+** RESEED:
+	V = 8ad9fd7d25cf86000fc3f40200e6742633e4238c972a47ba4f61aa43b9e4e92a2111e45b4175c88a23bf7996f25bdf6ceffcf795b158d5e6426d6a1ea118b3b2921516a5e2032d27ec97a4ce397484b0207f791225ee657db5ad96607191893f9ece68ef2552bc9e04812d4b8604be
+	C = 14e65b4de7471ab0979d2261d098aef507ffe5805aae9ca9e4be33c0cf5222d3338901300264492bda93ae674e4c8caf160bc371b4bfce5029749c56a3a9aa0651bbb01a65c1f573e9520c6eb455443e93d200c443d79a43a1c0083222be9a098862c29d74c403511143b8ef2f3e5d
+	reseed counter = 1
+AdditionalInput = 5c9174f58ad1d33047efeb85412b6a5f2b15aa9702fc22ffe06f6a6d3b461287
+** GENERATE (FIRST CALL):
+	V = 9fc058cb0d16a0b0a7611663d17f231b3be4090cf1d8e464341fde0489370bfd549ae58b43da11b5fe5327fe40a86cdd42364a8c165e1a8252cf036f7e9609f75651158772f9dd4127c23304b1e18a0a9e32d76b0e232248173e4a54021b8f1ba6717b471edc5ddef16e27cf526818
+	C = 14e65b4de7471ab0979d2261d098aef507ffe5805aae9ca9e4be33c0cf5222d3338901300264492bda93ae674e4c8caf160bc371b4bfce5029749c56a3a9aa0651bbb01a65c1f573e9520c6eb455443e93d200c443d79a43a1c0083222be9a098862c29d74c403511143b8ef2f3e5d
+	reseed counter = 2
+AdditionalInput = bdc48b510e5e2cc922d03b4e5e1ed29b414ca0f9280f4584fd68785b4dcda711
+ReturnedBits = 5b020aa9d2f9a379b50a92b5e11f0074cf60b2ebce9eac5a8af7f88cba3c44598d961266206de7365cde732c1e6c666a02596c336b70e7c7925dbcfbe2ef33ede69fbcb19187d5a19c64bb53216d6a5303d88573022c76fadb3fe212560386aa7a475231c3ab39b3ecb66e55a2690cc2b86eac39b4b663d7790dcb662bfcc4f56e8fa6b18dbfefc75353c93eeeaa400022e6ad8827db4d8dc2c458860a8d618034dfdf3a01a388da8606bdc25a252ba10c51bcd9a7e7882616a8b8c130ea09e661f2084595c22dddeba42fe64c276f5746f98ba7440e326055e1cdaaae8bdd3842891b11ea7e812e371c185d11f56b507a2f3b7eb3a242f1560776acc5978861
+** GENERATE (SECOND CALL):
+	V = b4a6b418f45dbb613efe38c5a217d21043e3ee8d4c87810e18de11c558892ed08823e6bb463e5ae1d8e6d6658ef4fa9a05dc8ee3bc549477742fb4b31f6ebb31558062f64e1f11749b004043c26fb7c88911146109dc4095b7e4199efd36f21181537e75678c37e2e420067c3485cd
+	C = 14e65b4de7471ab0979d2261d098aef507ffe5805aae9ca9e4be33c0cf5222d3338901300264492bda93ae674e4c8caf160bc371b4bfce5029749c56a3a9aa0651bbb01a65c1f573e9520c6eb455443e93d200c443d79a43a1c0083222be9a098862c29d74c403511143b8ef2f3e5d
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 2d5f0d905d7c18c45c92fab826b123706675e44a91e8f8b44bcd84d182d85e7e
+Nonce = 33b5f3fa654153a1bf3bb266b1620a29
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4b5c266864fe81d56937b59b3371fd64236357d9c7bfd2cd2a40fe792699e067d1d74a84b2a423b0a921b98858a32e1f4f32c12ac264a97083dad2f0901814a2ada8fa881d00688987407e7d46672cf0442fdef653ccfb405dfdc93a3e55d9022add81708c6f25e397c490deb5c7e1
+	C = 63c2838866697b259bc319331b79db694ee5a591eb2e1ed0e0c3d52e8381d5a564cc0f9838aa496fbdb581eea16f56b1629987c2227423f9eafd85ea21ed2017dc706ad167ee7675ca73d9eac7ffa5f77477070b6e9c6d601b3036de14bc408c8b58490d7fc5cb722a23b412c59f5c
+	reseed counter = 1
+EntropyInputReseed = c7f968f135563c3475108da15f11b6521d17ce502b07c7191c8db38866eeb15c
+AdditionalInputReseed = 
+** RESEED:
+	V = b81f58f0c9d6a2842ae6b6da612747ca0746963a79477c46fb8c4d6d279f9905daf6d1206e85d65b8cb8bb94b17ad1c4f8eb76d1ef6e9f62fde09f0ab0a50281db7bd41acda3cc4f2027d5812adebd861bdaab6ca7934e68fa6073c0e8c98605345546a810cf5727488d778fd80b96
+	C = 1bed63cba7f377326e2d2080d7707ed51b641ba4bd4b949f487ed27f4ad20c5e6f4b1f028f61753fcc6a5a60fd315f1a4415c2b32b4ae2fa994eea025f6b75e132eef101a11aab185fa073fe9d0470e80fad51e0a8ab310ccd0d2ee76b050e27bc895b35dba534679e6e6e84a03444
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d40cbcbc71ca19b69913d75b3897c69f22aab1df369310e6440b1fec7271a5644a41f022fde74b9b592315f5aeac318ed94aeb07a1d6a3f2a60d20d3c27c0ae05c50b84bcf14039864d106e3e8496ce911f8e7aa8e1dcf89126fcf6513e84ab6dce1d4f99c68acb0a71ac256024aff
+	C = 1bed63cba7f377326e2d2080d7707ed51b641ba4bd4b949f487ed27f4ad20c5e6f4b1f028f61753fcc6a5a60fd315f1a4415c2b32b4ae2fa994eea025f6b75e132eef101a11aab185fa073fe9d0470e80fad51e0a8ab310ccd0d2ee76b050e27bc895b35dba534679e6e6e84a03444
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f7e6aad60386318aca8a635a1f0e5f169a38e21bdceb6745b50bc37dfb64a5cb67591e56cfd84c21d2d049d270eca77c1b168f6517f65c6059c5b7a9a5e90ebea0b391a66ea1465039cb407415ec5fc76ab2be80c6f01dee411aa2470bcc24a30525164411837171d2ab4fa7b96ef157adf220dc6ec496c61f775549cc5bc05147f365adbf35d97f31d0eed6f648c23dfeefe12516f2372f0eded94745006ec79fcebc3114774ba1474311e2883858af3d6f8db3efe34567201276458cbfe34599357bfa8568ed3279ed952d0a732793a73c86963269862b79fe9d8c923abdca8cf087c816807fd7b7c1ea882b3b2c16c96198a0c9cdf7202024dab05d8e6bd3
+** GENERATE (SECOND CALL):
+	V = effa208819bd90e90740f7dc100845743e0ecd83f3dea5858c89f26bbd43b1c2b98d0f258d48c0db258d7056abdd90c74eec98519c73627a53e5d65bff5e1297dca513af49b9d4757743167638025108a988a9f6f16a5792c61bdd5520fed1fe1032ccb87b4507359ef0c898deb226
+	C = 1bed63cba7f377326e2d2080d7707ed51b641ba4bd4b949f487ed27f4ad20c5e6f4b1f028f61753fcc6a5a60fd315f1a4415c2b32b4ae2fa994eea025f6b75e132eef101a11aab185fa073fe9d0470e80fad51e0a8ab310ccd0d2ee76b050e27bc895b35dba534679e6e6e84a03444
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 25fbbf3c9e02607677bf0528f5767210dde70b95f301f6d71eb7a6a8764f6324
+Nonce = f8db06298288194e27f88a6c17136ec7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 095042e7c9fdf8eb7e6cd67a6c96f6c2b21e00712d586b714da0a26139ae7c935338aa0aa548094ecd47b27ebb199b30a97356eeffe4cf005c4c3bb5d5a571fc944688fabf3aaa8c39c3e6224e5d45acc8653b7e4e7110000920778a034fc15b66b7ef49fe487d0c962f787f38b6cb
+	C = d4c0f4aa1a379ea3cd4719a2273d3be2d3cd0a0dd3a8053cb9917a7fa390abd04bc6c85b3037302e0fa25e180c4ad7f04b11b949cbe8b3c43d629f9552946f5eae1b3827dc19eba6a92673ad89c0429f025a38564de5018aaac011dcbed4a40a28e82aeb59bfe7c7995b35660f3c13
+	reseed counter = 1
+EntropyInputReseed = bb75f846dc1013656de20c06bd06a528014cdcb0feb97844e2764b62fd53ca88
+AdditionalInputReseed = 
+** RESEED:
+	V = 197501e2e830a95fb6eec3f9234385ca7d5fc9dad56a3b8095bf33f96b0255f2eaa1408f472d72eb452fff89bab767aae58a1334f50ac29748995fb48de0a71c518bafb1e9f23417e7247bb0f009e8f3461c0a15821e7d54ec7ee16fe7f80442a147b09e5f127282bf955590b1e25e
+	C = 4c5e2ce98ca419c309590ec508e191b4c65465428d7419b1e71a227d8fbcaf705ea720d9a670c36d3350a5449631ca8d5b49724116b321ae4b39216b528147c0ef45f885a8e5ec0df1c7db724d5363f4d4c66f462a74d5f921c4e0b8a342bb0f302bf30ab62768fd7c3a55cf630653
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 65d32ecc74d4c322c047d2be2c25177f43b42f1d62de55327cd95676fabf056349486168ed9e36587880a4ce50e93328c2beb9fc508531de7e2f545d397af9779f3b46c0d828327968a0f19e79eb7b4cd9f4f367c6ac83984fabb1b78e2b234f71e6a9f7c1bb916f9af62452580bdc
+	C = 4c5e2ce98ca419c309590ec508e191b4c65465428d7419b1e71a227d8fbcaf705ea720d9a670c36d3350a5449631ca8d5b49724116b321ae4b39216b528147c0ef45f885a8e5ec0df1c7db724d5363f4d4c66f462a74d5f921c4e0b8a342bb0f302bf30ab62768fd7c3a55cf630653
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c98e795cd181e814b2338640f0597ec917850327da2dc066c7d3dab4efa30285493984c2fc4b0184d8fdfcbefe90a8f37ea79d29d88a7c96fabb90aaec74fa08813b8ae8d00aedab7449b30cd18a0d95d315d5057aabd026eda0308900f2ec73c33fb0ac83b4d4f888bbcbd055287d8ac50f6d2417b0251f00143dd11adf53298dd298dbc4dcce8dd46f0c86402384b106308ba50ecccd0b857640a459a0588c844b7954146570ce52517cb63b8f2fbc21511ca1b8f4f0a4a7f50cce5699ec014fb6831f95d826d63d6b4e3932561f625176dfaa5b13ffe6fe1dca26dec238d318403063ef61fcb111b5e3fd8dcd5a2ff8b0a88311e0bc8a6c7d845a0ce056db
+** GENERATE (SECOND CALL):
+	V = b2315bb60178dce5c9a0e1833506a9340a08945ff0526ee463f378f48a7bb4d3a7ef8242940ef9c5abd14a12e71afdcf63a25341c2c48cc709ceb1f59ded81c1d262d2dca8475fd6befadcfacb195cfde49fb7d6209721aad9ac7f5a908e2bb71442e92d9d0c8136328d060eae2021
+	C = 4c5e2ce98ca419c309590ec508e191b4c65465428d7419b1e71a227d8fbcaf705ea720d9a670c36d3350a5449631ca8d5b49724116b321ae4b39216b528147c0ef45f885a8e5ec0df1c7db724d5363f4d4c66f462a74d5f921c4e0b8a342bb0f302bf30ab62768fd7c3a55cf630653
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = ea0993ed135dec3e580f8c1e144a2610f309a6adbbd1d9496bdb92edfbc7e074
+Nonce = ef7cb430cdb9b1bd834baf131e3d84ac
+PersonalizationString = 
+** INSTANTIATE:
+	V = 822177618640c071ffeebb563e52620e65c1fd91d63157f3a630439f71db447ff05c0c3dcc6102ee29e786b42709f0617a17cffc9ba4d05a84dd8435c9fe139ddf5ce8675ca3f8619f6d5625ab8ab2caf69183d7e22c17a973d5aff6306423e26f4ca298d2f34a5a8b50b4e7de95d3
+	C = 635057d7176562764604d506c7781fd135ebe55ed7a01ad5d8b1731f3ee74b6b5989183eae70dcd1dca209075c11f3924f0b0025b7a21bed67b17a841d05c362f0edadd0e8ced814602fa5275dceab43c218c0e2bc00192d55135855861ed37624e29131ac9e63d9ece607c38e6862
+	reseed counter = 1
+EntropyInputReseed = 0631a62c76443f2c3354d9801199d55ea65eb7e3bb4077ae351044866ee23c5b
+AdditionalInputReseed = 
+** RESEED:
+	V = 33bc468c0cade2df1d734a6c1234d7d63996fa910504f1d772d0e5f48de7cd07f0df6c2d6f76c82329a259a8eb49cc6142a5ad2f135a9714b19c523726fa6a139416207db7be22714895e19f12ef9c9ad5727b72ee9640061c5de85a98709a316d36371825788c19e7ac07bbf57a28
+	C = 6c0a683dd557f4056bfa2209f1131d914d2f82d5c4617828391386032700580fd850f3249847eebd71e68e1ebf780b3d0301efbe5a05e1f3f3da90a1c90685ad0296c9ee74cb7ec88028f0d5df94263fced938572157d3a74cf178b38031cd4a984cb9da90cfb6ffb29bc502d90362
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9fc6aec9e205d6e4896d6c760347f56786c67d66c96669ffabe46bf7b4e82517c9305f5207beb6e09b88e7c7aac1d7c2c3b2f82bfb118a5216ba0518bf003bbb425cfc0f6352d530b9454e5b7d516889b4a835eabce00ef0d1ed520131da1469eac96b0cde8a814baa393750211d89
+	C = 6c0a683dd557f4056bfa2209f1131d914d2f82d5c4617828391386032700580fd850f3249847eebd71e68e1ebf780b3d0301efbe5a05e1f3f3da90a1c90685ad0296c9ee74cb7ec88028f0d5df94263fced938572157d3a74cf178b38031cd4a984cb9da90cfb6ffb29bc502d90362
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 731639917bcf3c23015a930c49f64f3c2d71b31ddaac5c638daad231ae70ed4d3d688532f519e10beef74108f062d04d05fa852fb02c0f8559ea415a52e65df73bb896c89b957fcbb2a9b61aa91d3aa4672ccf7592e5fa361c52a8e2a0ff9172b05a5340046ff324eedc5fef9808b4b07722d548db7adbb6b78715354868fa70686f2e1f2034d415346fec06b17f0ca769c54782135040aa9c598999e52c71f132d82467a5ca216cdb0191d70e4eeac17945e29595fed5b73579d299fd5853998af2c54ab25f67ebb14484b1c2f21b69881fe68fa35ebcbe23e5868f4246d558ba5b8d08b7bb1c4c0d2231c577c02a07dccec272983d413d12e12e978af85c6e
+** GENERATE (SECOND CALL):
+	V = 0bd11707b75dcae9f5678e7ff45b12f8d3f6003c8dc7e227e4f7f1fadbe87d27a1815276a006a59e0d6f75e66a39e3b526f457fde012b6b7330f9830a0e2fe9d024409713e3e616c6932e1172579a150f1858cedcf5c12d37a51b49013ed53aab313f98355a36ec16f039b6a136576
+	C = 6c0a683dd557f4056bfa2209f1131d914d2f82d5c4617828391386032700580fd850f3249847eebd71e68e1ebf780b3d0301efbe5a05e1f3f3da90a1c90685ad0296c9ee74cb7ec88028f0d5df94263fced938572157d3a74cf178b38031cd4a984cb9da90cfb6ffb29bc502d90362
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = c77f87917943cd4e6300de9ada8da86b74020c754546e7ed31061bfe0681800b
+Nonce = da7ef9f55a0c7aafaa67a9192586fa51
+PersonalizationString = 
+** INSTANTIATE:
+	V = 475a9a721a7f3354c15e223269c5d5bf12a47216d97d85079359c42da441ddeb530eeeb6019b244157b140eef8543f2fb24b1bc5d08b740dde33abd4e443d3d9a79f23b969faf7f39b3436e5dc3ab41aa2edaa178f89d75b5b993509d235fb2853c8727ed9d858f88327df56213b1e
+	C = a4ab09b3235ca4a5a7ac0a507b044211dc1163853790d246056c569fd9cbae5a6eb745978402963b06c01446df906808b15bc0e0e19a3f545326600d9b38f7a6a942f884273d7b9f28a7e076aec65ccc42baba5d7eccd1652bb5a08fa7e309edbbe2583cb0552711f0f7e00636873d
+	reseed counter = 1
+EntropyInputReseed = 268c5b00b41a649436052e4726de1dcfbab5f5b03f9f5bd7f8b1003e05c250fd
+AdditionalInputReseed = 
+** RESEED:
+	V = bddd529ca09a176af919c6cc3af21ff70a37ef1e911cee04708d2b417787140015f580650f3c4cc1e3d2d5c5551a4b157df224755ae127aa0c6712b629c98919e3bfb3dc386b13a8e5c29798373cebf858bb1fdd935d7d9cc8b28547f97f954d5058ef043b0d94ee354dd6d801f7ab
+	C = 8440945a50b4c6b40288a91b0057b37fa91886c54cf69791e8afd0e4f39ce1dc9167ec1d80b31ff9eed6e4a0b96aee5cce3d6f29032d5005865f04b78b5a2090421d224bfe2b63caa5743590194f72d511cc99d90e09f5e17c72ee19bd57217d13a09b54183bf41782e2fcd7783b03
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 421de6f6f14ede1efba26fe73b49d376b35075e3de138596593cfc266b23f5dca75d6c828fef6cbbd2a9ba660e8539c42e68480f937c7fb3725a556870f944d81b69cf99bc543e5107abab200a516aabf23de24f9e086c09e7279e0a63329ab601c2344df8f0f22435b36c93ced285
+	C = 8440945a50b4c6b40288a91b0057b37fa91886c54cf69791e8afd0e4f39ce1dc9167ec1d80b31ff9eed6e4a0b96aee5cce3d6f29032d5005865f04b78b5a2090421d224bfe2b63caa5743590194f72d511cc99d90e09f5e17c72ee19bd57217d13a09b54183bf41782e2fcd7783b03
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1b004764820885980ed0a8a3c67d70c55088fe2129d1906bd42b5a0b382d8a14953519b3b60f462a5e05d8a4f90c048695b28c95097231846ba9df8869d1ec4ac700f2f04dd2fb4066f0963512cd77759d1e240ba53effa4052e9ac55e1dbecece547941003ab9d33c4d7d6a98f1e82e59e3a19694855c1fd07e988e01023f5e3b371a5f9dc1d2949d7a3e858d95c2d96c17499f89ec3946e60131aaaf7d7418e1e70271fc43aa9f4c441ce315222a9857f2858415b2435f062f86ff30259bc3ca44e2e7433a294a7b6da4b70f5ebf9e57872fbc7465ad1ee325e92e1fd71dbfab3a6e95de23439fb88e0563f9d61a5c57b273f1aefacbbea2ca934aa461c389
+** GENERATE (SECOND CALL):
+	V = c65e7b514203a4d2fe2b19023ba186f65c68fca92b0a1d2841eccd0b5ec0d7b938c558a010a28cb5c1809f06c7f028ed43530f58098edc57ccb368177411cacf9d73a1273ba7e4811356e8d2086e5324eccba7859fcaa95ed7911fe4fbc856e6c3755bc8e139f6229ebda196c20d98
+	C = 8440945a50b4c6b40288a91b0057b37fa91886c54cf69791e8afd0e4f39ce1dc9167ec1d80b31ff9eed6e4a0b96aee5cce3d6f29032d5005865f04b78b5a2090421d224bfe2b63caa5743590194f72d511cc99d90e09f5e17c72ee19bd57217d13a09b54183bf41782e2fcd7783b03
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 9e69b475ea4e8c9d17a811c1ef66862a439fec852c30e675db433c52b50f2ac2
+Nonce = 7f5381ba2b1de4b1f75c418ac1a4709c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 35c41dc87002e95f1326cbea3bb65deccaf7e1b9019846435d63d2f8f098c09d06b7be13dd95e64fb188fe62d690e627d0decc4148dd7189e0dc37e3b68196df0da8ee7bef5a964b4b4d5b93eb4c0e6d4b398073fbf8617e1542061f241a2b37ae3c8d529ac99a6e96949cb784bea9
+	C = c314c9ec9f74530cccbbe9954be156a911669105667f18b451d90b441a567ed3bcab35b67e2ce801bc10b0bec6149e7f5a2b87002c879101e7ef1044c4edf65fec75aae601ca06a00db6c28cf69b365459374873e8e553374b4ee6c6f4020db15396a7df0f4ade47e4855a33de79cc
+	reseed counter = 1
+EntropyInputReseed = 7ef0212b9f674ac5818264075a2056798b90191c4ab664b6b54cd73d0e1abce1
+AdditionalInputReseed = 
+** RESEED:
+	V = 54e648537e437efe259d84ea09942a0f3f492a0150d3d709f366166ac86ed428d1441feac3538f788645e800e7265d7585cefee04fff479893efc2f6ad6f5df92bea0068dcc78d3d8c58acbcd707c1832d060ce690d70c32742a2b1cee3dd49f09383107ba999c3d07f4d7aca8413c
+	C = 30e1403cf7086bdb32659f4bde979a574132c902a80396da8e2bc6e02b05972a73978aab97d68cdee2b3726676e6b7472e17653b68adbfe75a1d4c6a67c27abf4fac8e45a14e66198a965ced1588c734a8fba77666d02ab304f801329d8d6d2f471543ab2f0e970bc6d48983f7927a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 85c78890754bead958032435e82bc466807bf303f8d76de48191dd4af3746b5344dbaa965b2a1c5768f95a675e0d14c06225e87994fdbc7fd2bf41eb5a78a34f6a42c187bb348ad6ca43fbbec43c3ff985e026f8c65c47838b06e3f8988d02a3aa94ac37d68b4cf79bb32eeb971682
+	C = 30e1403cf7086bdb32659f4bde979a574132c902a80396da8e2bc6e02b05972a73978aab97d68cdee2b3726676e6b7472e17653b68adbfe75a1d4c6a67c27abf4fac8e45a14e66198a965ced1588c734a8fba77666d02ab304f801329d8d6d2f471543ab2f0e970bc6d48983f7927a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f0ce7ad20b0d314b32ace269fc6d31345384bd314c4398aee7774c04cef603bf0a3d284842ea3a0982ce3b85760d5c060b66ba704deecbd2694165c3479736e8018a07301da84b20cb20d84af76304dccda84abd17bea3e403b20f5329ae8df8074560d59f135204ef431b298351a5efeec3de73de9a29641ab3c3edff6e30f672c45eea05dc76b5495b2e8a5f88d0b52560304e0adf97b8fedef699e4dfdee20fde9ecc8eb0e582a65605a29a6fc9047079af88cba9a6b6a3ce46b321c9811997dd21d5c649c1aeb25ee867ebb2b90cec225119e5aa18368b3929e0607be08e2f2adf0b71cb5ab60b0ab51f4fb856dd08b21c339fe29fa06e6d9bb03fa7c6f6
+** GENERATE (SECOND CALL):
+	V = b6a8c8cd6c5456b48a68c381c6c35ebdc1aebc06a0db04bf0fbda42b1e7a027db8733541f300a9364baccccdd4f3cc392769acd3fd9afc4655bdd8f23c30c556e607309ddc25ee625865b450ef5ff880530c80cc0545aa42cb64f7df3b8c5a2807791738645c3711350b35526455f3
+	C = 30e1403cf7086bdb32659f4bde979a574132c902a80396da8e2bc6e02b05972a73978aab97d68cdee2b3726676e6b7472e17653b68adbfe75a1d4c6a67c27abf4fac8e45a14e66198a965ced1588c734a8fba77666d02ab304f801329d8d6d2f471543ab2f0e970bc6d48983f7927a
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = b60c6025dda77e81b33012ba0606f5761058f4a95e4bcdc25ac25139d583dc55
+Nonce = 77647a4a5862afa07d2fbf636cc430fd
+PersonalizationString = 
+** INSTANTIATE:
+	V = a3ef635b0d5d53a32c1efa37d1f0c0a323dd4ac6d2664dc994880e090697a18c740d0d2c70de94870fbcb2b7a3a45f32871c7a3c7ee2149176ede30251096f91bbf5a497fa0cd02deb2e68799e2dddf5d7f1f460a9f1270c2b15a02aede459e77b6a20a226c4e1388b382918fa80d0
+	C = 7fa497a8a319deedc1f6645b2833b9e6ed347c0fff0d534e9ab1ad2e6f7578c268ac6e20a65846bbfffeb8e165f95db1cc5d9662561f0577bece2ba06c3c2aa43a17d4885e97246e37ea6bdb7c60382b1c2a25f51c1822fa124cb0551869a6e0c63a0f107376043896624984c86ecb
+	reseed counter = 1
+EntropyInputReseed = a900e505e5b1862579a18596c2811732f3eec77538ec2947adb7efb9c8746090
+AdditionalInputReseed = 
+** RESEED:
+	V = 665f324f99333a963d8547b57d21fbc78486419c7ce405129dfc2e598dd39f23ebf4ada698f0b5875d3f3999ddb9b303ea890cad383c989a0da4ae7f07b4a0e123d91a5a8dda1e2c4c84f56ded562248faa7c1e373caf0f5e34b83737f914fb380dd1a339fbc24ba6c0857e5151a72
+	C = 9715380d4b8dd86999d01ea9d60f40de3dd47e820379e7a90c2f8d22375ec8347974c5f8dfe804f28eaca3a305774d33de7ecf943b921099dddde940c7499e654d9880016dfbfd9d25080af29e427bd9a5b7193bdc00ab651a3536ac8238cb9b57f5cb7e9b919150cf9e7572b8ddbd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fd746a5ce4c112ffd755665f53313ca5c25ac01e805decbbaa2bbb7bc53267586569739f78d8ba79ebebdd3ce3310064c46540d54f33f8cc2dc968e0200d8e5b8ae6abb3888f0ba10b921b0b6d112a71e459c6de44b56d79de082bdc6713405022cc4b6243835012dfa4ed9bccd1a7
+	C = 9715380d4b8dd86999d01ea9d60f40de3dd47e820379e7a90c2f8d22375ec8347974c5f8dfe804f28eaca3a305774d33de7ecf943b921099dddde940c7499e654d9880016dfbfd9d25080af29e427bd9a5b7193bdc00ab651a3536ac8238cb9b57f5cb7e9b919150cf9e7572b8ddbd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc4ed7e55f1acd14c37ed45957b60563e6582544feea536a13873c61f2ac56b424b231bce32150267637295490076bb4d265977277b15d850f7eb1f601d235755324c33420828ee50b1a37988a34d384e6cbdb4b299d250886424855569786e1da38983dcfd7c282901139ff5af7ece37c3e10c5594c61be6b8a603970fbbffb2197317ce55e7c3948430f433a3be58edc48ba7f8f763e6d3a45990a3a96cbc73403c6e40dff3a7cbfb71900cc8657cbfecb2a8d479d23daf8801598f9dcdf84671310e04a646a04f9c8c0e009631e71365fd2a990a952225e62141f8996797a664703132ff7a39b5dd03894ab7ecac1db658d705b768d80d1d872de12a95f52
+** GENERATE (SECOND CALL):
+	V = 9489a26a304eeb697125850929407d84002f3ea083d7d464b65b489dfc912f8cdede399858c0bf6c7a9880dfe8a84e87c36e479934986a2e5179ee9571037201bcd5a13f17f093079951447491c0d4fb1037b4716dc4b749eba580c8b38e508940bd1181f67c1cccd4e66d80c74c67
+	C = 9715380d4b8dd86999d01ea9d60f40de3dd47e820379e7a90c2f8d22375ec8347974c5f8dfe804f28eaca3a305774d33de7ecf943b921099dddde940c7499e654d9880016dfbfd9d25080af29e427bd9a5b7193bdc00ab651a3536ac8238cb9b57f5cb7e9b919150cf9e7572b8ddbd
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = b499c831cc05acab1f47ff562729f8c99c7bcde1e7844e6c7f824c9e6998a8fd
+Nonce = b508baf779478667447328c8cfd8c6d6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5cb24df5aceed37d15b567e3e1e5e8161118e339cc0a96ddb957b311909b255272e94ed2aeea29cc68d6ac1f876199f07bde248cb4f838de81a741e048cb5da94bdac5d38ed90e7a5d0b0882abdb7c35e8d885b1416262874fe4ba6bf95738629ab221f0cb454dfe713c660269116c
+	C = 338f8af846e7397cfee261c8aeca3bd66d099b9ab5ee798cfbc7842392d20073a6d6b7bbc04d94c11abb6dd8b315ce7844d9bc851cf84cd91c0ae9f8b822ec3c79fc95c21ef3644ecd2701ead82cb75f56d0ff97d2f391a05c5c8298d64137ae6974a12814ba7306531c97edad4a4f
+	reseed counter = 1
+EntropyInputReseed = 381d1cbea3b4a810bae5e08bcb9f0796ec4dd07cf1ecc65583e3cce4de5180ca
+AdditionalInputReseed = 
+** RESEED:
+	V = b4af6838bedf9e4e96bda4ab847fc22b4afc2983dc64fed0ed3a5d6415bd364fdf3fee4f7143fce94d54f213e7f844bf126cb9b58940c9d089844209fc161f53c9d029ca24c09d1b97c39c5d444132ac6264fdd9c2330e3da2eee16395df0bf2e4ae07f676842e861e5f69e47fecc9
+	C = 2d1a51596425db0845e221f76e1cfffbbd472f67b8157bb40256e243116bc281c5291c1965c304953c813c6343f95cb2a184f4374a48d568b77a76dd4487f844d05cf32a12d1a9aa8ab2b57d36229bf06e87a4f99af327126cf75092be7f96da98c813ded422f7dfb4b5df3eaedec5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e1c9b99223057956dc9fc6a2f29cc227084358eb947a7a84ef913fa72728f8d1a4690a68d707017e89d62e772bf1a20dd4b463115616de9db04cd5981d16534f3e312e7c5a70f5bc4b20d0789d314077f675a34e2eba14db82195cf85031587ec6c5b0616297984bd9c1435736cf7a
+	C = 2d1a51596425db0845e221f76e1cfffbbd472f67b8157bb40256e243116bc281c5291c1965c304953c813c6343f95cb2a184f4374a48d568b77a76dd4487f844d05cf32a12d1a9aa8ab2b57d36229bf06e87a4f99af327126cf75092be7f96da98c813ded422f7dfb4b5df3eaedec5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cdb03bc6e2a4c36834b8cc424d9695078771abc6c2858bb43209517a652e1b8c799d8e7b5c8356373e6af5470f52cd4d9a76bb622d0ccd743fa02480edb0a5522566b36b29a077af37c865772a205a349b8719528a6e5eace4be5ad3151009926101f5a7ba070ec7480ced95ecf92d86f19d9ee809dfe7b770e76e558afcd7b0fc9076453e782bfc9029accb6925baac61cf16047e2986859116d3a8128d08370bc9199657f789ac41e944a3a655f93996f18bb5644c955cb8eb101dfbba82efb080cb7dce959a9bc6f08fc50b76a0bb96d64d1809fb4b959854cb985ad8f086d3f5f0277ebc6186162fa646e12e4dbe0e2ab26602814ded1d410fe2374d94bd
+** GENERATE (SECOND CALL):
+	V = 0ee40aeb872b545f2281e89a60b9c222c58a88534c8ff638f1e821ea3894bb53699226823cca0613c6576ada6feaff7e5bbd50aad80bb34106be09b14842d9b007658065ae78490fbbe43a3d3d61677970151cb93f0739fe3cecd4f065f9e551186bbcc6b43bbc88ca0bd15baf28d9
+	C = 2d1a51596425db0845e221f76e1cfffbbd472f67b8157bb40256e243116bc281c5291c1965c304953c813c6343f95cb2a184f4374a48d568b77a76dd4487f844d05cf32a12d1a9aa8ab2b57d36229bf06e87a4f99af327126cf75092be7f96da98c813ded422f7dfb4b5df3eaedec5
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 2f340b34fc9fd49118e5cf7cc5e338a8b15d0c72a638dca503b9ce603684427a
+Nonce = 9dabe82aea68970e3d0a99869a48c5ae
+PersonalizationString = 
+** INSTANTIATE:
+	V = 583ae05988f97795c430c301dfba5015ad94084901bd25b7590e7cec715661189223a32d972d8fa3b68e7d44be1db353673fa1df0fe8c31694c3c2e1a4b1420ac77de310b639eb2faa391f7b985d5c92856354fc134a744008f2f66691370671835731eead8b0a7580fe80c5996601
+	C = f8625e0720d41e6129b9438f2cadace2a3fa7775083dfaf5ea7fec2a3d20fb1150ad9ad2aa8df1d52f2f8f9f80d7c6bbeebab5b1eae43f4245e096ada8379d148516588d7f095847413ed5a9be9bccc6ed18f6d92263fede3aa49cf5b1f5e73f2be79d99f131f1254d26ba210d948d
+	reseed counter = 1
+EntropyInputReseed = d34f7624ce48487b1005b33cb278787a5da2b0304481fbb01be0aa2164213bf3
+AdditionalInputReseed = 
+** RESEED:
+	V = e8c66311b6d736df26b5f96662c09db536f9b403a88ab122e31f79a702044af28f8c08e2ce970201478f5ee523c9c29dc26cf30e175567da9d390d679dfbf549ec22c476503747e1cfe95f684bcd5f8540545a113bb155ccae254ab49f577b20983407682a9e2e13e60ad0b4c9eb8e
+	C = af10824ba56d5a6632e7739800c2a382984a97cefc778fc1158fd04c894cdf197a04b5d9f19740ff412cebd9756ca8251b6b6c2cc8f84201112246ea43e5c738cabe8f96fa73cedec47fa3f3dd49f8854c3c97a670c9691e8fef1a3b5a0c7a6beef12978b22dffdff4bae44ca9ee4c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 97d6e55d5c449145599d6cfe63834137cf444bd2a50240e3f8af49f38b512a0c0990bebcc02e430088bc4abe99366bc0906841e09347c367e31431da3f22dd795d7c2b11fa3c8e85a3f577a248b9c4f06b6e2b9b8dc4ea84f37634a4b2ba85b8b71e34719457ea22f6acd9e355b398
+	C = af10824ba56d5a6632e7739800c2a382984a97cefc778fc1158fd04c894cdf197a04b5d9f19740ff412cebd9756ca8251b6b6c2cc8f84201112246ea43e5c738cabe8f96fa73cedec47fa3f3dd49f8854c3c97a670c9691e8fef1a3b5a0c7a6beef12978b22dffdff4bae44ca9ee4c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c1d5a197161c379d060726a64a06d981ee0ca571ad8b64466cee0e0564fe5b79265fc78b86a20723add737846e5e9e732758497b0ce5a271394c336d496fe1d7f40c9f9d5b8829643cae9dbfeff925d391b3031bb566d32f2c0280dd82ec4a3cf5a5dd2085670fcf77cc5bfa0e0375f2766578d74b17a765ccf23ac779a00609ab4fadba2e455249f707d7010b94f3f86603529f49fc32ba5d7c54ee6b9667254dbdf0c9a74fe57f7f82a44afef387afad9763a4f0bd5c965f3a4f6363762214a145b327147ea2d20fce4ec755749f2f021de2ec0e341b0c17a41ae9c00125ff204f98676db0e4114f5caf91ec1044a240616d66d3fa6c946ab2cda7175959cb
+** GENERATE (SECOND CALL):
+	V = 46e767a901b1ebab8c84e0966445e4ba678ee3a1a179d0a50e3f1a40149e092583957496b1c583ffc9e936980ea3142adf09f09dc3bec936390340683dc1325c2b796cf614ccfaee2450382a83c347fca6935e129dff7ed408e979237491e94ba8f455dfda5e7250974d4048835221
+	C = af10824ba56d5a6632e7739800c2a382984a97cefc778fc1158fd04c894cdf197a04b5d9f19740ff412cebd9756ca8251b6b6c2cc8f84201112246ea43e5c738cabe8f96fa73cedec47fa3f3dd49f8854c3c97a670c9691e8fef1a3b5a0c7a6beef12978b22dffdff4bae44ca9ee4c
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = b02c77e2626030fffe5e389f3fc8489dd98dc513aaeaf3a5cff24a8dda68fe05
+Nonce = 0f1127fd5496c7830d760f2f8b04eeeb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6ea3cfc4df8ec777deb57c13b163dfb7821e559dda33bd39047eab3f6eee0296e697e79696d74ddefd5b1f8fec7cdd09b5c15e58ef55993881390e460aeca73c5311f63b3ba4b62383d8776f6717cc55c4814c06192bad837a9d54f471ec586ffef805a357d703aa6714b4060bd332
+	C = 0db38b18c161535aaa45e181566dc5abb2aa8e769640527353db425da74201e2240c161df0d19a299e8d1125908a2a71f2d675359595bec7be1bb15134971b4464afb919c6108dee963b898c88181dc5d1e1a94f1bc30df7c53f9c6130646f97d8020914234ec9c901d58ecf829a0c
+	reseed counter = 1
+EntropyInputReseed = 7b9304b4dc018a5f7866c1135bf3d46d248da2ab9dfc822fc538d31449b336f9
+AdditionalInputReseed = 
+** RESEED:
+	V = b8317559327f15dee59883c42f5793920ce4257cc2173658852afa760b10dca3ad736ecce73e7ad943378bedc96299edf7cdff35abb46866b70911cea3aee2083aa846fab9ee44d839515ff2e9b1c839dfe1dc1da4de21891b3d259d36ac98fc2ef7f30f67c8ee954743a6817f8c06
+	C = d992f68443acecd959abe35d215ec87adfaa832fc12d2375c86b49cd3a29f0b708ae61e2799223c05096584b22b9ce2d5b6f86037e94cda54ee888fd8d5357ad3135dd03df60ca68a50c566554667e813a76aeb6c8915688173232bea5de3482698215c49f63e57fbf30e8ec59eda8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 91c46bdd762c02b83f44672150b65c0cec8ea8ac834459ce4d964443453acd5ab621d0af60d09e9993cde438ec1c685f9d904c45469bf63b812dc5461c491d2fe3ebd3b6b32f22f079f9e7aa51368ca62415497c831fe2644f2152120fa2cef49c5548a285049aab31f68204b12860
+	C = d992f68443acecd959abe35d215ec87adfaa832fc12d2375c86b49cd3a29f0b708ae61e2799223c05096584b22b9ce2d5b6f86037e94cda54ee888fd8d5357ad3135dd03df60ca68a50c566554667e813a76aeb6c8915688173232bea5de3482698215c49f63e57fbf30e8ec59eda8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8ea8608408511f7d4d824807aa5ee675d9f375309bb1ed7e330b2001c6625e690750076e1c5281f05d6d47f18d2df622b4cd2824dbd9962607d9782e338cd8173855629fe850226c040ac478993fcdbd5300498132ab2be78877ec6c955d4121a4edec8eb1016084a98eb1bc8b18572009afb77fc1cc9e86b7eaf677b36b233de2eb888bfed86d3b6bce730b77bbbb7f9ab5bc35c1061595f7718e0d1ced6044ebbce4f010346a3f0e296ef13631fe4fbdbd62bf7e85a605f99509a369693dd87bccf34fe447592bec4310dc03300e5d176853e9b7947b5fc9a4bf77f629eac5d9e4138af211269e18f04bdade9597ee277f81cd491af6c8e953b3c3e7dda9f3
+** GENERATE (SECOND CALL):
+	V = 6b576261b9d8ef9198f04a7e72152487cc392bdc44717d4416018e107f64be11bed03291da62c259e4643c840ed6376c1cea8edb0cfced2537d310f62455c4201ba70469ce5f343225a6aa2931148633c6b63b7d607c02224fabf90e1e68cc7c9e9052b9add9241b0a8a1c21129b6b
+	C = d992f68443acecd959abe35d215ec87adfaa832fc12d2375c86b49cd3a29f0b708ae61e2799223c05096584b22b9ce2d5b6f86037e94cda54ee888fd8d5357ad3135dd03df60ca68a50c566554667e813a76aeb6c8915688173232bea5de3482698215c49f63e57fbf30e8ec59eda8
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = a0db952d8e465ffefe32633ff269b0c9c765d4b2c6a57043ba283479e7c14aa3
+Nonce = 3003bdbff71e855220f239fdee507911
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1faddf6c044cb6d440558b5a8e05f34aa70c0f86e50eaf134859cece948bac380203bc63a935977bbf01f6b36134e017fab1e4aa7fa422b7a1d6c3bd0065268efd07cbac87cb4a169995c7c10ac15018303d4c798685a50f19b1e164e678def2f2b56d7a2040d2ed2ab4071b110ce6
+	C = e61da7a6b5c8ce18980e727bd28b5c6264b6e8b3fc88006b8f74b9a9554a333a29394b5977d195d03ac18fc8b7e2f2d6ed4c20154639be10f33b6fc7d4a8e729bee71a4630bdf3c65dc29fb189844205f2641aa8130675de67f5a9c606121d65ccaafa61b650e79643da419881eb0d
+	reseed counter = 1
+EntropyInputReseed = 3a9a35d1962d68fda6f8a511b1209f3c83e96fe2c47ea5885e35747463104388
+AdditionalInputReseed = 
+** RESEED:
+	V = b63344699579136a00f427092aaa8546775059a2c73b5eab951e800d48e0552d36709410058e6c861c9061072ad64628aa9c9d3f92bc7478ff214a962b4bd2e5490978aa06274af78b1d07fcb6ba042f52af2b3afa8b5f6de12e759ede007cedd6210f464232121758efa0bed66cc5
+	C = f096c49d7e6e8a4a47ce35eec761a2e8ae6b2deb720bbabde08cf7b3fbe9853eafc5477959e33680215b2b643572ce961d1e100df626383abe84ba428d51a060a58684a5723132665fff66ca26ebc6ef93ff11bb58f3f1190ec98fee88585bfb4824a64e4b08020e0c209fae5c43d0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a6ca090713e79db448c25cf7f20c282f25bb878e3947196975ab77c144c9da6be635db895f71a3063deb8c6b604915bd464165c60772611c4abf3e3254aa8863883b7473a81a5e0d3080741988e3c3afa551458f922a700f0df1b6aaa20ed511689d92d3063392f2d4d276463d7508
+	C = f096c49d7e6e8a4a47ce35eec761a2e8ae6b2deb720bbabde08cf7b3fbe9853eafc5477959e33680215b2b643572ce961d1e100df626383abe84ba428d51a060a58684a5723132665fff66ca26ebc6ef93ff11bb58f3f1190ec98fee88585bfb4824a64e4b08020e0c209fae5c43d0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d97c2e8fea5fbe9f55cd6dcc492c75ef939a3d1d3f02b1c7b86f34c9c4a4701109929ba1e7789606938ecb5ef84472d2a285fe149cf60fe1701ce7c2e38aa4c19da2c64f7ba7407fb24bbcb8643255d7be6207eb09e1c8bdc3dd85eae4f38f0cd1cae9ce511da609a6706483186512ed9e02e50e78ba295a8c5e7fc4630037ef764efd48e83d5e571de39fb92d61cc591c0cfefbd96244177126b5b6eb0f44110f6c5bea50c921bddee466d8a70145d96365dadf9b1cb0de85a231d761d534d7fadd00de73e48d4a7ff8a43e7bc732d4d83ad7873a58d5d37e371ecb25c2e800eaa609e7a2bc07f8351cd55b6751a685d1fa6c5b2c9ea8ac3b15037344a7030a
+** GENERATE (SECOND CALL):
+	V = 9760cda4925627fe909092e6b96dcb17d426b579ab52d42756386f7540b35faa95fb2302b954d9865f46b7cf95bbe47711d17c67f47df66ea503af4c90e8212bc9e5cf5ba95465688bb48e443fb3681fc60cc188a1f7858d9eb0a1dfa1916118d84f3adbe8011dd152251afac52b8d
+	C = f096c49d7e6e8a4a47ce35eec761a2e8ae6b2deb720bbabde08cf7b3fbe9853eafc5477959e33680215b2b643572ce961d1e100df626383abe84ba428d51a060a58684a5723132665fff66ca26ebc6ef93ff11bb58f3f1190ec98fee88585bfb4824a64e4b08020e0c209fae5c43d0
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = f24789cadd6a21713f0bd1b34d803633df381251bbbfe7f62007306285b96af7
+Nonce = 418670e1c6a303c4d2d7c1bcf78a970d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 72ca87e0ce3ad414b9756851f4e832967458df52ec71e185bc371e1e62a67bd18ca12a2736e106cfa9dd962e4c3bff1f1b630863e192330e7c8bd5ee95ffd5b824d36e76deb9ed7f0682226a9e37944a49498d7a916293a3704e681fc3d204b3e9bfe0c3228273c5a10762d55bce78
+	C = 0e08f6d8230fa44f6ca88c85deba48d69d8becf46889921ef016bc4639a9e788e0ed901f74571c7c4c126378004604d24620c233e53c1490789834652c6c898d51234523ef1a6cb9d36509ad2beebdbde76705c9cce5c8734ba303a286ce30d2ad61a200af878a8dc70ea096ac1492
+	reseed counter = 1
+EntropyInputReseed = 906be495fc78e01a7f104d79694d5844288c3d950e2b1d81aae4a220e12fe661
+AdditionalInputReseed = 
+** RESEED:
+	V = 196f890b963d7338f99f417a9e6ef11d08af1d9f5f1834431c2d6d24cccf9a5536e3c9153b0f837fa92cda800230d37cbc7a8aa342282d1cab542f98f43cc48922c055436e83f558b306acd8c46e1a194e08a70298f485ac34a79c27eb491154cc3687e3b647371c99f1b710799a27
+	C = c8dcde3cdbe16ad675ae3fc824dec9d36a66fbd81308526a60e42ed13b40de34dc3583149e30493fab7935b12f500c54e73862e2784b39def83281584a40ecc50962f804001761fdc03079ddb2c5d82aff9be9da962fff7cd7a929e2ef507dc76090bbb320ac9b91279feb5d257c56
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e24c6748721ede0f6f4d8142c34dbaf073161977722086ad7d119bf60810788a13194c29d93fccbf54a610313180e08db263bb90cab6d8f00a96b1f01b1474911ccafdc7836dc27b04f4f0bcfe1bcd197d16f54a0b1cfd72b74b66fc15da9c08155da60c91f977fd3449c15512877c
+	C = c8dcde3cdbe16ad675ae3fc824dec9d36a66fbd81308526a60e42ed13b40de34dc3583149e30493fab7935b12f500c54e73862e2784b39def83281584a40ecc50962f804001761fdc03079ddb2c5d82aff9be9da962fff7cd7a929e2ef507dc76090bbb320ac9b91279feb5d257c56
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c20fe53b607e3eed98b6905cb229b3fa4614e7cc6366c2e1550383d9f8c0eeee151945b3b3caee164ce6e2316fa6ac117c4681d71f766c4ba7454668866fa290002cd8af680cdce0fe27599410f9171cd1d03222c6c28b3971c20f6548b7d58b36e846b4739f0f09268e596aae87f49d669fc0b2860257a4d6337cd6fc4531b7815bf08f98da0bc2ff805ecf573459ac4de16171f408394c69dfa4cdf48fb4b99a048421667adeaec08d04af97ce1eb1b6e6579d17edb82b2d9deb97831ad3577c7afe9c5a1abca0a3a8a56603e6ac14f3bcc0f87df398a62da1ca286942116ad53c9e33363279b5adc2a39b79ad3decac25858220a8264d6d6c6cbee98b92a2
+** GENERATE (SECOND CALL):
+	V = ab2945854e0048e5e4fbc10ae82c84c3dd7d154f8528d917ddf5cac7435156beef4ecf3e777015ff001f45e260d0ed2f077a889b3e6337f8d26d5967577a4ee697a4f589d57e865e0c81faded0c803c1553f547ccf149982924abb42004870ea0d2d9d7081406e15e30e7b32fceba4
+	C = c8dcde3cdbe16ad675ae3fc824dec9d36a66fbd81308526a60e42ed13b40de34dc3583149e30493fab7935b12f500c54e73862e2784b39def83281584a40ecc50962f804001761fdc03079ddb2c5d82aff9be9da962fff7cd7a929e2ef507dc76090bbb320ac9b91279feb5d257c56
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 6bad0d3f277bdefd691f9c28569d8b2bb46e0e620b91536c6d106608f90e1600
+Nonce = 8d9d5443bf983070a2cc357d13501f16
+PersonalizationString = 
+** INSTANTIATE:
+	V = edc3d3ec7e3934e5f6ef02b00b58f78fa527bfef09f09a07f3f93df4945c069a10059782c08f0c4445b441e01a85be9a734874ee8fd8c40728a223263019b87e338071504946e7743b928ed1ff3290f3e4ed6b87cad54ad3868177e2900acf3f9a0e4856d5a626ff3c8679242ca59d
+	C = 5352f1a85b9c176dcb4be960b5d8de534215fa9bf13c4f5b2b037392f6c8fd45b87da85d5df215d962028507a09dd8dfc4adb66c530d09f7928cf90b4d1708bd97079ff29c1fcca1237a159b33e2a27290fc31fbeffd3e3b70a63054efc61e9fe7003c177a237015b38ae3b20e032b
+	reseed counter = 1
+EntropyInputReseed = 26ff4a61ee5bd4061dc1ecc52cbea7c39f0a83815378ae8831295dfcf707578b
+AdditionalInputReseed = 
+** RESEED:
+	V = a71644a5271d6254803fb3b5aa6dd18e41bdca93841f9f9979df77ff618291227f0e28a0c40cbc69773b1a5b39af8715d4db6efa9ae7cdc7d56ed8c0c824c9b8215a611d31be419457a4d02603b0129b636115262a796ba716e3a0389484b027de6d160ca99c935a7d7666c2be1085
+	C = 16bfa58d8aad2f20b5fcd049f8eb3d3a83e58ca9fb4abea1b188a0a399689577b5c2b2525221c3f6e2cfb59ac78e796be70a5ddc1a179ade027ece3a21e6cebe2fdb06e46bff29eb3e9c30d800a738995b6011838fdeb43a712ffb56645b39f47b12478992e4ebc345157831e3f161
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bdd5ea32b1ca9175363c83ffa3590ec8c5a3573d7f6a5e3b2b6818a2faeb269a34d0daf3162e80605a0acff6013e009fcbdb90404905e5b5a26d2eed9c38a477e987d079b1ef3ae104eaa12e7c0aa7ff56d4d6544ea27d2fcff537e2adc6974f090c6d012a79550b1d077fa3865f75
+	C = 16bfa58d8aad2f20b5fcd049f8eb3d3a83e58ca9fb4abea1b188a0a399689577b5c2b2525221c3f6e2cfb59ac78e796be70a5ddc1a179ade027ece3a21e6cebe2fdb06e46bff29eb3e9c30d800a738995b6011838fdeb43a712ffb56645b39f47b12478992e4ebc345157831e3f161
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bf1d57c97c03b7919e78abf6845567e5a404d928743073f8bc2134ecea122e39c1249683aab058df8c9115cb0b58f7223c2fff686f60534a388da3b64101c13caa95d234a6fa9c09a5d905e32c085a1681cc37a36fed5f999506dac4ddb89ab6c16d7e5b33b8d08488d7490ad95ade82865a76ef38e07fbc3d40ba456687c1cc20bd102eaf4b9e7c5f9615a1083676031ebd67e84887e163ba5a8469dc9459be17c5afe83280b052e85d06afcfeedb65e5564a4ea59d73feb91e3a186ca361d86f143541b73ffdcd1de47653380546e4659e176605fb7669aeade086a96156af1a6846f7eaa7ca5e197ff034cecea48cceb797b01d5381b92b3888c2e303b5c4
+** GENERATE (SECOND CALL):
+	V = d4958fc03c77c095ec3954499c444c034988e3e77ab51cdcdcf0b9469453bc11ea938d45685044573cda8590c8cc7ac6ea4558e8ec66b26f25f3de5652b7c8d6462b9daea8fb8ff1bfbf5082106f8c9a2c7590f8bc3083e4d48415e66b40dcafdb8db681794fbab1402cc67103e3c4
+	C = 16bfa58d8aad2f20b5fcd049f8eb3d3a83e58ca9fb4abea1b188a0a399689577b5c2b2525221c3f6e2cfb59ac78e796be70a5ddc1a179ade027ece3a21e6cebe2fdb06e46bff29eb3e9c30d800a738995b6011838fdeb43a712ffb56645b39f47b12478992e4ebc345157831e3f161
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 4ff816134b5c4fc66083315e0d25c973cd592c0436a23275e149d941f28a5098
+Nonce = 8e79e89f8c4327a0527c7e60013e43b0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 92f49d21eb3f23e8461d7ac156313708f5f6ae31fb1222b3bbc121e2213fd518b928dd01830bf48d036f67981bc5d035db3f3e342031628c03edf96f2532eb758af7c3bb4a04f6c7a2beb2910a84318a7f46e6e568e8eab070f50df10dcd21ef3bf1960f1c1906f920f2abba6e4509
+	C = 60e1b78b678e6325d05b7f14cda85d6ed100682b02744c3dcea8e1124cd14d8b3ace7b09b20d27f339f91a897df4e23b30afee9b062c56d51c10ef1b291bef3a72b2a33eccf17403dbbd05b2e2390177d321fecf291256ab7e663db9b9bf19bb3e03dfbf14909304fed82b7396475c
+	reseed counter = 1
+EntropyInputReseed = 8709406b3c7ae89dea03a8c085e4bae5feb472c3e2518d1ea871bc4fe2e3617d
+AdditionalInputReseed = 
+** RESEED:
+	V = 18e67cd02450438b73452a0e4c59b9cfab29138b473018a481e6366309dff83e84620e87a9302a6ea031b902955acfd771756f77b04531542961f5056bd1d9ea5b6a84da834ba18a2830b10669f750fa839920368b8af0dc99b55f41d778f58ea2873864b7940580c1e256ca6c13e7
+	C = 3930e600d5c4d99ac9c93706ead9ef282df866d8c05f16fd429f51ecf65684411dcf88990007d25782c6a9fa1f6bad9a622c9573123ce46a5bb4ef5ce13ed5d5a12cf4593c7e75ea773b8af6057b0ec9a6e2dbfe78c240708ce217f98e1593665b85abf09c4cf71a0975959bc2d4fb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 521762d0fa151d263d0e61153733a8f7d9217a64078f2fa1c485885000367c7fa2319720a937fcc622f862fcb4c67e5c9530818a0acf536e9607f262f530ad1f231d0fe17f582c3e532a68b54b45025b4f04887b4144a034e4d5f9bbf53f107b62c55d97a15cb86abfbc636c3cfeea
+	C = 3930e600d5c4d99ac9c93706ead9ef282df866d8c05f16fd429f51ecf65684411dcf88990007d25782c6a9fa1f6bad9a622c9573123ce46a5bb4ef5ce13ed5d5a12cf4593c7e75ea773b8af6057b0ec9a6e2dbfe78c240708ce217f98e1593665b85abf09c4cf71a0975959bc2d4fb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a9cd992846d2b03dad398bb1923373e52353901a9922e50e1b037c89b2b7ca968673175303523316388368427c48068f4c69dcde7d046c153e8a255e4c7c48b848b25b65fc3563352e5873c73b410b28bbb5640e9d3bc553364eb7a3a566f70e54204c501359feaaacbd72841200e22bb7ff732fa9205f9c9c8d93baf9dc1d67e3123e601d18b585cdbb7db0c275043cfe133180900543c98d94d9fe193df37526c1249c21c8207c78155d86087c392566f9c8e361f47dbca9039dbd8e82806144a83ce9c3dcf47fa9cd566d14acb99f0cb19ace5a3bee5d07d75d98472521032fa24116c2d5f9f827fad88c7f9920ef735da193fec818006017cda980772797
+** GENERATE (SECOND CALL):
+	V = 8b4848d1cfd9f6c106d7981c220d98200719e13cc7ee469f0724da3cf68d00c0c0011fb9a93fcf1da5bf0cf6d4322cebbea15a54ba596eee48a54a7f6e92c7b54bb8212904937230873b4a8d5b7000758b7fd1055dd3943ab335202c74d14b83dd955512d8533ae59697f39843975b
+	C = 3930e600d5c4d99ac9c93706ead9ef282df866d8c05f16fd429f51ecf65684411dcf88990007d25782c6a9fa1f6bad9a622c9573123ce46a5bb4ef5ce13ed5d5a12cf4593c7e75ea773b8af6057b0ec9a6e2dbfe78c240708ce217f98e1593665b85abf09c4cf71a0975959bc2d4fb
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 3c776d28b3ccc7e2e09c400e0115315b2d2e9da7ce3bb9d19ead12fc92dfd746
+Nonce = 51205967665ea8af2bbad0fa8a6516cb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 62f441821f275cf0504d812cb08885363dbe7426edc0f4ec7675a71e941353fd073bd5cb6f565d430b717b8eb5e4f793f7241609b8f2d3a36af0a4085df2a25881327ba57194279cfdfb6859d891afcc25b9a61e1b25bcce6486a6f0fe3b062f74dd7625fab721801c85ad1fe4b17d
+	C = 086f96b0276c2e8b57644eff5f963cc26fbf5c1111baa8936d74fd2f21ce2a20bd616c7475ac7161d534076a8170cda63edb52958267a59198b7cf06b05d85a6b63498bda380317ebec8b68b2d6e86ed7b35913b9faa170111dbfd0cb9b1787c25fe5b86d32f17175853e88d504839
+	reseed counter = 1
+EntropyInputReseed = 11b64d1fcd351d06e2f6f0446709383b73b61e0398bef7d9ae689c1fb3c69424
+AdditionalInputReseed = 
+** RESEED:
+	V = 622cedf7ede3414cc13bf629cafdc0d3e88f1d9b528f6170bec609edfca3c7f366b54b026df4e23978d5852b21fee83e9cf3a7c223edd7d0ce81ade49cd27fe539d6bed1c5ca7e90dc186c4ce95d327ae7dfb93ab52f77afb98c72ad0b671f4d7fb0f16a83cffc446f51eec25ca14d
+	C = 39f8bf6f2700c8e682a75707ff463644cc32a62e1df7e890c1927af06fc802a9e1e26afef6ce121a446d40af438e2515704bc9073371e99d2761cd54b8e775c3cd5f75b9e442aac5505c4eda86dee640a5c890ae8e9ee69bb1364f4821be34369ad82e7d58d4f48400eb9fd1115a28
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9c25ad6714e40a3343e34d31ca43f718b4c1c3c970874a01805884de6c6bca9d4897b60164c2f453bd42c5da658d0d5eb86b68db9bbf62bc323a3fe1ff3511b7fc0af93a18b958f345a22f2a99d678aadfc805bb528771768e715abcd0e669ab8b3fbca8da02e8a05736021ee94bcc
+	C = 39f8bf6f2700c8e682a75707ff463644cc32a62e1df7e890c1927af06fc802a9e1e26afef6ce121a446d40af438e2515704bc9073371e99d2761cd54b8e775c3cd5f75b9e442aac5505c4eda86dee640a5c890ae8e9ee69bb1364f4821be34369ad82e7d58d4f48400eb9fd1115a28
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2ab2cddea3a1eba3f1ff017ebe5f7fb34ce6a3115906ecab007d9ef3172b2815d188576994dbdb1065ea70a883f04a90d35dc6b789dea261eada4be9d209ebdf3dff6d1f63746f9336909bf9ca1ce4b6c3ac24bdba3db1bee063408b99a1908cee6b873cc60a147d85238e0c52ae417dd75dfb864431b5d944f1b934e2cf8bbc43762ff006c1af01fd2569c93b1cb0b5ace0ad3f8a7fbd9bbc1f0328d568b3db6f09520005e3b71f4e19681801c0fc86c7902096f64fd754cd703ccfd12c91af34f4040abbc30b9dc00273273d099d2518544876bab3d8d8d5a209345c26450e91d89187b57138a1175cfc96301b5a133a2bb0531d4308a9f6d8cfa7128dd417
+** GENERATE (SECOND CALL):
+	V = d61e6cd63be4d319c68aa439c98a2d5d80f469f78e7f329241eaffcedc33cd472a7a21005b91066e01b00689a91b328de31047766c68a9c44ed1a5a022fd2333c059970821d69770d2844afbdf2164514addbc5ff92dc1155b6035489ea77b36b0050d0a356e15ed2429c2b7ed1837
+	C = 39f8bf6f2700c8e682a75707ff463644cc32a62e1df7e890c1927af06fc802a9e1e26afef6ce121a446d40af438e2515704bc9073371e99d2761cd54b8e775c3cd5f75b9e442aac5505c4eda86dee640a5c890ae8e9ee69bb1364f4821be34369ad82e7d58d4f48400eb9fd1115a28
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = c06e90c75129f5a1ac3ef97a42c257facf35d283f5f67a01ca198c2be3e5057b
+Nonce = 74f34ba655310588dbf232b13aa3986e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 61e0254a6f2d0688ffe3ad5cac5449df44b17665f20fdd0bb2555494a8ce68becc46c61db8c3250b17f2fab6c6d47f7db31498c46adbaeacab4ad7de558f5e75459e565addb9d83bce3e814de9a5f49f20eb24d6fd1ff372f81d0948465d230fab3835ca6da8490c8dd0a38ee3e5ed
+	C = e116991a0c277b016b518a08adfa846ab13d2654d0d266fd22040f8b9cb26df3b9442ce8fd53746a3351f05dd25b26aa9cbc428380ce3012ff5e3dd63c00497d32f65737a8426e93252b31a40befefe4ec92256b8a92b8027063697ad03dcbb1bfe19f15b919ad7524aced49e752ac
+	reseed counter = 1
+EntropyInputReseed = 4efc60348e489153ee6ea0234563d1cd8adaa7cc5b5f1a8b4a246254907c185a
+AdditionalInputReseed = 
+** RESEED:
+	V = 4bd99f7f78033418cda3e85715352a95a8179f4ffa8f0ec7ab885423193f125267455c86b3ba2c2b4b40089a9bc1a3baaa86bf46c41b7e46389030d51c5f6675b477b716703dff454dd4f6058c70f80813664d136a01e9b589c1ff3ef0caa880429cb206b345b19d3a8ffd99317d06
+	C = f5cd2471ecfeba2d075290a4566964bf3a3c25b1032bec47222b9ea38b27ce5c6415a6942bd9e81d41321b25232b77e387b64ec522937102ac5215dbb3b290c9a274bbc2ed42ac277676c90f5917e3fc040793a304a0d55e075801a5eee65a6c9af9ad27c79d5f43b508cf17c71feb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 41a6c3f16501ee45d4f678fb6b9e8f54e253c500fdbafb0ecdb3f2c6a466e0aecb5b031adf9414488c7223bfbeed1c0a11bddafa0f5b8b7d0ce4deda1ba990f894fae5ddd774ff1d93beb44458060224a3367eea81d7087111e97e54154e6ded4686ed6e2ea1880a1d8f23c8dd1493
+	C = f5cd2471ecfeba2d075290a4566964bf3a3c25b1032bec47222b9ea38b27ce5c6415a6942bd9e81d41321b25232b77e387b64ec522937102ac5215dbb3b290c9a274bbc2ed42ac277676c90f5917e3fc040793a304a0d55e075801a5eee65a6c9af9ad27c79d5f43b508cf17c71feb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1ab3b1907b9dcb216faa994bd21b3759f8714b888359f3e31e59fd75dddd18a8479996cd2dd7fca3800c9c99cc4f47c72aae339bd2e8713afae5c2a81864f454543af89dec2d72b9acbf0e290331957505d5977dad642f6b6ddb2df042dc725e10d191cb3353a3bc63e6f49b8ce9d21fbbdbc83285c18e4b54c01eafe4f92cdb63d5a818b5c8b031cc28f45d22f7b6a6a737491f8302e852cc232642600085dc17aeeb878d06e8071668d18f051ea6ce24c0dee348b6af66b0ae95e7eeb1f2ff8a0b9b3aab19f77bef4d5cdd23a9bef0452784359f7d5699bf4833e3b247e6b8fa88bbc3d9be1fe59b9e9360195193cd36b747bf30da00500cb2d68ed159f34f
+** GENERATE (SECOND CALL):
+	V = 3773e8635200a872dc49099fc207f4141c8feab200e6e755efdf916a2f8eaf0b2f70a9af0b6dfc65cda43ee4e21894e3ac8c6fcf86ec9f27b7c6ab9edbe3a7233ce03eb321fbf762711a731700926f99784f2a40d8428b26a5dfa761bd87a0e99b2ed455d5892c4192b6c151af3692
+	C = f5cd2471ecfeba2d075290a4566964bf3a3c25b1032bec47222b9ea38b27ce5c6415a6942bd9e81d41321b25232b77e387b64ec522937102ac5215dbb3b290c9a274bbc2ed42ac277676c90f5917e3fc040793a304a0d55e075801a5eee65a6c9af9ad27c79d5f43b508cf17c71feb
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = b59f098843697902325815a8e8336cb6fbc9b2a34dadd9451b2512c83c21834e
+Nonce = 386109033862569e66f8d42df29171fd
+PersonalizationString = 
+** INSTANTIATE:
+	V = aac2608fe80dda14c251de8b16b8cb33c7262c9d1584b158104ff6410980b84506239079d71fa5d8b582ddc65866994285e63bf89b571439359726e3a725205cc72a02dc42566b04a5993c32ed6ba462feec33bc2ccd9ed518aede6f2b285f56ac2f208f57c5d204ca2dc98f9598dd
+	C = c8e2844c03e1b3cc4aeef37fe1d5549e0f19b28539384ffee46450f7ac902cded2f89473510be64584b29d74bf78ffb9234aae1921c61bc2ce458904a4b1288c9ba7eb364e074314b21d4aaf4f4bbbf29da6937a9d6e37ad3e6774baf3cac6df84b1b424246f62177220908593bc0a
+	reseed counter = 1
+EntropyInputReseed = e4837bec8a56c8e0357ed89f4d163dd0fd816cbb825b74e94170c4696db39763
+AdditionalInputReseed = 3f304181d2b255f01a6b15e534541292aafd3cedfa2180a40b4404c665a3f8d7
+** RESEED:
+	V = 68e909e477e3cb2233f454d6e8cf02a7e309b6d67096f66c5de389e65b97cc4eb703b793d1027dae682d8ab0881dfe87c709ca2b3c8866c3f38b936a0f5ea2a304055bdd44f22f8fcfd8e07853d5b95b479336bdef9913f3485e71a54bcedcea509e20b4d8c51c14cd895a6a54bec1
+	C = 226bbf8db1e3104850c337771aa53f05c171087204ba2dc2eae263390fbc1eaae33e99b61be751424ba5b89968816e4b7c65ca1ac5b0203bb1330646b47547072583867adcff9026cf3c951cf800b76ed34d2a2a2663ed73b67b2a98b047fcd54e7b51377feadb3e97c843bdb40efb
+	reseed counter = 1
+AdditionalInput = 5c77c4d34e1a3adde4998d53ce2ac7d4dd10eae30e67f3e7754384d6ea6c15f5
+** GENERATE (FIRST CALL):
+	V = 8b54c97229c6db6a84b78c4e037441ada47abf487551242f48c5ed1f6b53eaf99a425149ece9cef0b3d34349f09f6dddd6ac9c3b0bf1e455e57618bc81ddd094c07b7bd64d2c8cd0840a2add050bf0e8fa55c7d3e2c75ba9a1b697e3cbc35500aec3f5804679bec068cee127d74151
+	C = 226bbf8db1e3104850c337771aa53f05c171087204ba2dc2eae263390fbc1eaae33e99b61be751424ba5b89968816e4b7c65ca1ac5b0203bb1330646b47547072583867adcff9026cf3c951cf800b76ed34d2a2a2663ed73b67b2a98b047fcd54e7b51377feadb3e97c843bdb40efb
+	reseed counter = 2
+AdditionalInput = 6c70e060c309373c32e0fe7b57b04c30f1f906fac1bae69bc814b6d9b8ef8c95
+ReturnedBits = d04baaed72234c5c4de9c9ca49090929fef8f5cebd90fd1374714f0711fb24f8417ffdacd301d5bcf35561a120d4118f3b2d254f17e7c996e62f12c2a115953c4c16d476ed1ed65fdfbc7c3476e99ec7890af362330193ebb3dbc2183d784e0b72f77dc45b87842b676e800e8a5ef3f9c1216ea45e7408c048c180ac1ee1bcedd67f0bcb1e90047d95c1c766cf0df7765ac64e9089db45a0fcd80fa884bf517c64dafd286aba897c400e961b74f6f521cefb5810ade9add80916c6508b9e02997e7bfe1024e94f9d2bc5c3d55aa38f8e9614c000f9c0925ca2226d1ca06b1681a5a3672a550c7d56247a0164ef7680364199d00248e5249fdd934ee7d8f288c0
+** GENERATE (SECOND CALL):
+	V = adc088ffdba9ebb2d57ac3c51e1980b365ebc7ba7a0b51f233a850587b1009a47d80eb0008d12032ff78fbe35920dda80387bcecfeeec84b81b540ceed64b09c464bf2935985e117a07b6b579584c572677f66b38db2bf8c4fc53d139b5ab8e0c80774b0f171a88f3fddb3cae08efa
+	C = 226bbf8db1e3104850c337771aa53f05c171087204ba2dc2eae263390fbc1eaae33e99b61be751424ba5b89968816e4b7c65ca1ac5b0203bb1330646b47547072583867adcff9026cf3c951cf800b76ed34d2a2a2663ed73b67b2a98b047fcd54e7b51377feadb3e97c843bdb40efb
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = f5aec332fa02612db68d7870e33e025b80c902d1401ef2208ed09086acdbd1d8
+Nonce = 4d7841c74afe0634cf533b198cdec0d8
+PersonalizationString = 
+** INSTANTIATE:
+	V = a3dba8a9c799c66097ccff4a1bf0e2a2d42b9d5fb1a57f888ea6a32c7190306af6dfbcf1708927d264a2172fbac2f291354e26bac6f3643239f1dd05f3ace33cca937f238018cfff8e258583ffaf6c71c1feacfa1c615b05c3801258cc40984d03b8542263ff164125985603f6b051
+	C = 0aeb991a1903f02d839c3f170c21031d52d81646647349f7bc84fe2043787bbc2aebf47a9af939a163b05478d93216f388eb86fb7c8c36beae1b835e4ad4252984c7ed44e63343e715b524412c422ba3df4f65debc9b97f23c6a163421a11d97b8d2c6caed4c8dba7758c6b2187926
+	reseed counter = 1
+EntropyInputReseed = 31089c6ab9bcb0615fb014993ed0e1904b81edd43743c10051fe45cd1163af09
+AdditionalInputReseed = 1b96d97c3c79b419de0fa9ddcb43272ff0dee6c523cab9bdd18cceb900ccc904
+** RESEED:
+	V = 0884a343cbb0c20a87f070de053d6df5b8107e5e5c5eac52e9ee661d709a63048c67cb579ac8b2870848597d90d0dfd0e5563b62a83f6b87c21c7e3919bf4e2d32c284033dd8105d587a3d96764b53fa030e12b64d8a7263112dacdb7301d00c2241a99839bafbe8684d17410a2c88
+	C = c6dcbd6e752571a4ff181a0c2d9c9763376841076ea313bfed2b7bc9765f9a4b59c27a7a35604f394e92d5e18176cc3fc39366851c841f8c9c08f2999f54c581f764656d1779531d7e8fbe2758d3c9048909ab9176822696c986d5e0aecd7305cf32cda4f569bf91c7eeddcc08fdb7
+	reseed counter = 1
+AdditionalInput = bda9529350431798d9adcec796061a4053ca5b9a0905c42fa68511b98fd27151
+** GENERATE (FIRST CALL):
+	V = cf6160b240d633af87088aea32da0558ef78bf65cb01c012d719e1e6e6f9fd4fe62a45d1d02901c056db2f5f1247acda13c64b9a19acf53c8a23f95d5f13dde02d1a3d97875731b1154c81f7362466e5c4c233cd9cf1676c9114d38c9774e220b5bbc1e37ab69d2d80bcb8df132913
+	C = c6dcbd6e752571a4ff181a0c2d9c9763376841076ea313bfed2b7bc9765f9a4b59c27a7a35604f394e92d5e18176cc3fc39366851c841f8c9c08f2999f54c581f764656d1779531d7e8fbe2758d3c9048909ab9176822696c986d5e0aecd7305cf32cda4f569bf91c7eeddcc08fdb7
+	reseed counter = 2
+AdditionalInput = 471a0bcb4ddfe961ddc0d5cd2c9c1f981d7f3255559414f1a4af28116fca476d
+ReturnedBits = 9a9ce21187ff4d5757966b26493849de379dbe3e0fd4401728b43a3a2270e8a184eff6a2a0b3fa5d7d4fd9290cd4c6408e65435a0f15c182cf1e75da08b8beee0fad02bf4aebb64ecb514654826a34a621650ef35eb51f43281336ad401a8f8e546e649be3b64f247718bc5dc6e85758b7f3ae21371c40211078bc8255ca75bc011c3f0a6ddc0e37e9a34f26ffe3cd3d0aa224d7b35e75a8212bdea2632d5c5b043637dfc36a2beb50d47e2e2562473efe9e3090000cfe0369462d2607de3cccef28534dba01bb2af0804099f91b94b8b7e57081a2ca0b8e4023f4c19e46b4205bb4ec419503cd763af2807247f84b03a673549042c1eee8d3506b2d0bfd247a
+** GENERATE (SECOND CALL):
+	V = 963e1e20b5fba5548620a4f660769cbc26e1006d39a4d3d2c4455db05d59979b3fecc04c058950f9a56e054093be79d29ac1a53b02a6917d71707d6154c64a8fb9fb44e0a3bbe689d0a8a174075618f9f0d5843d3a710009f5f234f05f18360a87f64a9c806daa2b8b9d2c41fba31f
+	C = c6dcbd6e752571a4ff181a0c2d9c9763376841076ea313bfed2b7bc9765f9a4b59c27a7a35604f394e92d5e18176cc3fc39366851c841f8c9c08f2999f54c581f764656d1779531d7e8fbe2758d3c9048909ab9176822696c986d5e0aecd7305cf32cda4f569bf91c7eeddcc08fdb7
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = fb0cca1f8851dc279ba95ef437e8cd04eeefd59d565e7800b5eec8ac4a42a607
+Nonce = e5b2ca096e545dbf7d6e452b9e526efc
+PersonalizationString = 
+** INSTANTIATE:
+	V = f2ab3e3bd7c6e6f530b316e295dbb5d94bdb3cb82cad4a071966aaa11d85dbca42e42e6a35f453a0fec941c5cdb51f16cb07e917f873cf35293a90a2df679fa67e2de1ede11a638ccf4eeea95c4faabe3fc540d2ba109040d28853998e4c4aecb8cc9b26940917e86268735db7cea3
+	C = 1eb403ed74aa75d93b7b5a0e1cc77cc15b254768783b7bafc2d29fc59f011fd6d4d4d7cbb7f34f5eed77fe0d9d3b4cd9f54804472efe92566fb111ea0868473e77cb59e44fd6c7f46a67607229a9669877c11ec0eb30d5b03525b6a206d572c85df103afd3d3d8ab8acfbe59551046
+	reseed counter = 1
+EntropyInputReseed = ecfe6ba8df0c54da226c4db48346e2fe28b34936a44fe8fb1440cfa2c28b26f4
+AdditionalInputReseed = d78fc0bbf8905af45b74c3b8a59ad18d2e4067ce201ec559291a80e21f0793d7
+** RESEED:
+	V = fc21ae20d19bf70dff31bfeb3e6f110e78d50a6497230d3d53abaeb4828130591fedca71d9e3ab809f446a91234e2363a0836738b5fdb60a6d017ea1249371aeeec8c7aea65636d94a0f65ca11ab5976ddb33a46cc4802444d890b407da6fc8fa049cfc4378a74b62b99e3847d99ab
+	C = a7910b20cd3cfeba4c7b6ba3c58ffe1532720d03de9f79dc6af83ed0bbf1e79f36cc9eb3f5e0b89a094414f352c2376d98c6bee34c4e5a6abe16983a2af06db6be9b19f567bfd463ccae09cf7c9fa0801ca9b55a8a10f7156b5431f79121b04e06fdd67d94ca2562d1bff8c3f32b9f
+	reseed counter = 1
+AdditionalInput = 9b554261be36ffd99e47730c99edaec8428aa63b7a5aa82ccd75cd0d1440bcd6
+** GENERATE (FIRST CALL):
+	V = a3b2b9419ed8f5c84bad2b8f03ff0f23ab47176875c28719bea3ed853e7317f856ba6925cfc4641aa8887f8476105bbcd9af1aa77cf94ce42d22027a4c28790df78f0633bb9d94074cc91a3a04edefbaa805f8c938d652a2f5523033b52f65d8c80d8ac9fcd276a8ebef2a7a949643
+	C = a7910b20cd3cfeba4c7b6ba3c58ffe1532720d03de9f79dc6af83ed0bbf1e79f36cc9eb3f5e0b89a094414f352c2376d98c6bee34c4e5a6abe16983a2af06db6be9b19f567bfd463ccae09cf7c9fa0801ca9b55a8a10f7156b5431f79121b04e06fdd67d94ca2562d1bff8c3f32b9f
+	reseed counter = 2
+AdditionalInput = e303c58d69690878c8121ead4cd49115ff6e0df56fbec460087b1b9c160988c2
+ReturnedBits = 9e9c362ff1eaee4440dfb866b7c7373c63e5dd207ad792cdcedacb7e3e036e66420daf33e280fc686cf7fc7f3481bb1a9f77b94d5dd4959e95fc1bd1213e9111713182eb21d464599a8400451deb56ea900af59bbe207dd56d61ca89326c20468bf53a850758db79f94ed22d5b749eab282687512832ed4c734786ebf2d4b506aa6341974481abc614b4b91ee0f7d3d5556d6da60cdc85c7a510ae79f5a77d849b194c5c6de72168d8d02fccbe5341cdb8736588160ffa84b1b5fac94084b5eef6a7961af2192000122dc98e66fbe2ec864218c86462f381ab4c92b3dc048b3732d4840fe6c361e5b4808f99a617552440b4b8142582e06cdba0eb84b7e0ff74
+** GENERATE (SECOND CALL):
+	V = 4b43c4626c15f48298289732c98f0d38ddb9246c546200f6299c2c55fa64ff978d8707d9c5a51cb4b1cc9477c8d2950b8b1702580e4987ea653059698db62c318ba9bafd167854f2ad2b65c22fdb19899190aa61d8188fd7342443ac55b0d491523ee73799f692542baa4e9730d463
+	C = a7910b20cd3cfeba4c7b6ba3c58ffe1532720d03de9f79dc6af83ed0bbf1e79f36cc9eb3f5e0b89a094414f352c2376d98c6bee34c4e5a6abe16983a2af06db6be9b19f567bfd463ccae09cf7c9fa0801ca9b55a8a10f7156b5431f79121b04e06fdd67d94ca2562d1bff8c3f32b9f
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d2c32beb78fc660123858ebf0834b3297256985c56bd4d7a72db43078ce7d72b
+Nonce = 95b418548d796ee60f6379f2c61630e4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5f14c20e620bff7d83dff262626f10b6608a8df6a686c87d7306cd771dc5b16dc5c1f46faef765b17d8bcd080e18ac383e1b7fde8411a3d8ad5d227e48d65ecb49085a4263029b896a0681924fb229a54c1fe01c910b87463414f7138e5e648aa1697ccc343136b7dd6cb2b4f30d64
+	C = 1b831ce0bb7e27e33d97bc045c4577a84b3366cf4afa86a211a5f815e9a625ce322c5758f7dbcdc23621f46d37693cb66bdbca85108d457f3ef82195541b83a7762050ecd27fe67cf34feb0b1ace204aaa7efb64ebdabf6e8057c590dd1458b79b47fabf5340bcb6b72f3bcdc2f988
+	reseed counter = 1
+EntropyInputReseed = 64b1a7796efff4eb7910a3f74b9919f8773ac29289a8f28ca3e2ebfceb0e488c
+AdditionalInputReseed = 87434b5c67316909fccb5bac2334ee5719805b96c5817ed583a9e11fd0457425
+** RESEED:
+	V = a1ff06e202a174c5332fbb72552174a117f553bcd65320e87c0124b3efc11e6e95e12aab92dbca768975edc302ed61e3d4351dabe4abb5fcd49dc0066ee7917db3819eba9c850568999baff79564ff13307238b323b58e6c3a03f5b425ea27e3270c684f2acf6d26c6e8492e391fca
+	C = 53cadf29d1dabfe4f37e1c415c1f35ba463b52fe80e94df9b7e5350ef0629b7bad45c07bef6158f54983458f6363de01d19c9e1395cfe2fbf6ec0a5513776b09e243974f1101679a71da726bdd068571ed42446125dff8dace051182394ac1c6a301240d216b35262ed33c993e4147
+	reseed counter = 1
+AdditionalInput = 9c0a9e09ba80d375d3a8c1b276744f443f33e33228e83ea9ca4a508f7902c16e
+** GENERATE (FIRST CALL):
+	V = f5c9e60bd47c34aa26add7b3b140aa5b5e30a6bb573c6ee233e659c2e023b9ea4326eb27823d236bd2f93352665140afabf7d35dd4f5c0f39773ca30ae6f81b01db2b4ce936e1259ee12286e5111d332b6908c708485a6450eac399d0ee02cde917466d4766437a8fb3fcfefe797e9
+	C = 53cadf29d1dabfe4f37e1c415c1f35ba463b52fe80e94df9b7e5350ef0629b7bad45c07bef6158f54983458f6363de01d19c9e1395cfe2fbf6ec0a5513776b09e243974f1101679a71da726bdd068571ed42446125dff8dace051182394ac1c6a301240d216b35262ed33c993e4147
+	reseed counter = 2
+AdditionalInput = 6e41564baccf779b09823717fc2c6ae8c3b3f01b260f9ea23f73d787e26a0699
+ReturnedBits = 77a5b1ff59cdac6780825a53461c5c004214e3ec62766b4eb431e6ee6ed52b5f63fbb0c9df70185370b62f6c40a8a81caad543b1e06eae3c778286f5d430f6613774bb095be0cc9b4cd45a8b7154d7c2b6fd85f5bcef27d76dabb1e5b51ef152222ca5dbd7c155b2f15bd1febf793e95e4ae5768175aa1d98cfd7a54504cfb39469d0539203b93113868f72c6914732cac078e2bbdce5a4cc3c7dab70ce84c4c484fdbece3944912308b04e9513a7c6831dc5a3a1233b8ef61af8a3b4d556fee42b7683360aa5fa72ba69e7936ffe1eab223d80d52cea9e9c802bbc8405858e5ca50fae635a51a1348eda553986065df90ab31358f11db424b9b478f3167d11d
+** GENERATE (SECOND CALL):
+	V = 4994c535a656f48f1a2bf3f50d5fe015a46bf9b9d825bcdbebcb8ed1d0865565f06caba3719e7c611c7c78e1c9b51f17a5f426ec45b808cda6c89aab4adb78d47c6c8e250ebab78a9ba35e35c6aa63ad04212ba41f879d1ad523ec24aed01e99362cc7183cbf2ba6556e7c700ca252
+	C = 53cadf29d1dabfe4f37e1c415c1f35ba463b52fe80e94df9b7e5350ef0629b7bad45c07bef6158f54983458f6363de01d19c9e1395cfe2fbf6ec0a5513776b09e243974f1101679a71da726bdd068571ed42446125dff8dace051182394ac1c6a301240d216b35262ed33c993e4147
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 5c25ef9963b57d08b6ed88eec92b3d74938fca72c3448601eeb100b57b143b06
+Nonce = 6572a902f2558f8b91f809708222766c
+PersonalizationString = 
+** INSTANTIATE:
+	V = f96f0d250f23f9bd36ef730509bc000661a6ff7fdbe769947f7d5495d54198a950225286944f88dcd530b2ca5ec105cada1012cca61a88bb055f60ed0e9fab8f46387468bba4d3a9da44a80632c52067addaedb3bddaba0147641450318887202804d33a46c8071fb3a58948eee944
+	C = 308dca071ce284492ddff36ca776ec4925651d0a4ae133f5e4444ff3b2ef0b79bd61e2486fda78fcf5cc625bd6da8bc55485fadd35809436f4a3e41f7de0b1ea25440d69b84d11121febb136af5133bb2c53f651c2dd7df858810c0a5e9f44036cd9f930cc38da94c84942ee14b32e
+	reseed counter = 1
+EntropyInputReseed = 655c49b058fc5d481b6c61dcd23ea37d6dcda687eddc188d563a5fbab260223e
+AdditionalInputReseed = 56bda8fb338e02a86ceaf75dd3a7665372944b06b57b12ad6739b759c9e49ae4
+** RESEED:
+	V = a6d7c7ea489a3da53f8b83979bba1426d4db715cb8019d69660ec9e317cd776809c10dbee68b902130d775e16baa503a6cd5ebeb2833d367f0a718093e1dc6af6b96e55bd474e20ba591d0580c182c85772eb8db280fa915d61f20cc9b03105e14aa2fe3c62b6530edacccd98f416e
+	C = 1550607fb3b5459fe49adc24cb861889d35967dc4c9db8f21f15f4aca7063557eaa0c04a3ed79e87a5eb5b55df53d677e841b3b825191c3b70cca045f5f76bd9a214b3c08f0e6c14081b731c16ccee542fcd8bdb45874c4ead8e7b9279effd763ce3595f49df1c5c54d31fe38756be
+	reseed counter = 1
+AdditionalInput = 887295e5955b196340ff27bfb5dbbf12bd5e51f9923c6c4b89e56b07be3f509c
+** GENERATE (FIRST CALL):
+	V = bc282869fc4f834524265fbc67402cb0a834d939049f565b8524be8fbed3acbff461ce0925632ea8d6c2d1374afe28346b8a75a8084e0e5a47dd7a8294a8ab27fc935c7cadae9555e4e157c5a63e7e159cb34929517be656f3d330f17e566485384ee1e7155bb32ad77cd851fc469b
+	C = 1550607fb3b5459fe49adc24cb861889d35967dc4c9db8f21f15f4aca7063557eaa0c04a3ed79e87a5eb5b55df53d677e841b3b825191c3b70cca045f5f76bd9a214b3c08f0e6c14081b731c16ccee542fcd8bdb45874c4ead8e7b9279effd763ce3595f49df1c5c54d31fe38756be
+	reseed counter = 2
+AdditionalInput = 286ec25d25c2e7eecbe8fffda1709c7eed4d7800848136371edb89e4fcd45b96
+ReturnedBits = 81b0c43c19ae6ff5b996b93a3beb2fd298e410ba978c776b5c8273068358895485645fc177260252edbab804ec7b1ca9e9c5a65447f5da6d8e402b0cc21675fa7d8375db0ab93216c9ce3076609488c4661f65849f2b960906c5fb61db913b304c8c16f6e32dece0467a78278773305b23ff2db0b2d8ebf1693b9de116edd7e8a2e5af7ef889b8164f8ba3f01cc1aa92fd15e08c975c75af38ab8ab2b8df2e42cea76b3129c7ab7414ff84c2e51c888635242154c01dae63b591fff904090272282780cc0a6a9f6a1f424758d440fae1f36bc4dce749d9e3e775f75101dedf6fa1a54be479d3808d5bc5209b787de03f8c577d506c1a63ba122dbca7d5a64759
+** GENERATE (SECOND CALL):
+	V = d17888e9b004c8e508c13be132c6453a7b8e4115513d0f4da43ab33c65d9e217df028e53643acd307cae2c8d2a51ff474b56d824a8e5c0e13efdd7fcb747af5f0f2d48cc8dadd60de72d8f18504dacf844fda247c6aa52f485c7b999536a9ae0aed5f65f7bfc7aa3532762babc8f22
+	C = 1550607fb3b5459fe49adc24cb861889d35967dc4c9db8f21f15f4aca7063557eaa0c04a3ed79e87a5eb5b55df53d677e841b3b825191c3b70cca045f5f76bd9a214b3c08f0e6c14081b731c16ccee542fcd8bdb45874c4ead8e7b9279effd763ce3595f49df1c5c54d31fe38756be
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 8b435f303964fb50e63b077309bb5219753756cc4d2c28d65ce8bdde4c0335e3
+Nonce = 168e6a2ce6495691c731005a3281aa57
+PersonalizationString = 
+** INSTANTIATE:
+	V = 79719adaf47e823bd669c2e385cc7e8d20b9399cf58aa6791ed93a3937791aa20aca5b6190d74f4f6d2d80561a913a0a3d96f61120905c418e8656eee99c99b694c3174118195ff6fb003c58fc7e1a32ac4267432ac6bd1b655a9e7928fa0b68d407e084df6179dec4e0560a21fb4f
+	C = d3950a055edee36a6e705b7350b6935be40da05fa80d0c92d46456a7236772089486f900c3ca740918afafcf5fd329300dc960000171afdad91549bce1f97c3157f67473650df74f0aa4375d912dad98e6b0a4ce1a5ebb565a8f7add6435e6f007dc0c5ed4833727a6516edc65933f
+	reseed counter = 1
+EntropyInputReseed = cbb2bcaf3152233abc33108ded9527d5d3f3ce5186a6f59722c9baec8bfc28de
+AdditionalInputReseed = b401fdb63bc3903fec513f381bb90f01b42e67e8fb6d8a22389beb5b8021757a
+** RESEED:
+	V = d5e8cecc9808402427b47f4405a18f18a2a9626c8ebb8ad4622b225a38b31a4489b1986e94f7a59d72365f6dec8559a36cfcfd367013b5d0d9eee84a23aad6cebf6a54eea327c1fc5ecd5250feca78efb794ebc35631dd9e163bc383691e08bb42089a71f08c53ae943fa3027e0bcb
+	C = 15512036ca59df22b39814155b132057277dd5fb180a57b281491d49f86a33ae0fa5dd6742f8cfb22b8bc652a02517534c2f003277d3d8a87af1b62bfa1d8e690346d5222c0256c75bc3b8b7ae67e203b10197046934a7fed99fec7f656095f1e88dcf88fc332ee87e44149ae47cec
+	reseed counter = 1
+AdditionalInput = 7d5088c5e7565ff013e4735141513af6aae784fdbe7ad197c2000d0297c61533
+** GENERATE (FIRST CALL):
+	V = eb39ef0362621f46db4c935960b4af6fca273867a6c5e286e3743fa4311d4df2995775d5d7f0754f9dc225c08caa72064c28064b452bf157794b0b01cf5f9f995ef99e274834d760e36c71374d132f5f21df1d223009011811304b3eb8d137086857f4de3bfeb75c1cb5b4015f5ccf
+	C = 15512036ca59df22b39814155b132057277dd5fb180a57b281491d49f86a33ae0fa5dd6742f8cfb22b8bc652a02517534c2f003277d3d8a87af1b62bfa1d8e690346d5222c0256c75bc3b8b7ae67e203b10197046934a7fed99fec7f656095f1e88dcf88fc332ee87e44149ae47cec
+	reseed counter = 2
+AdditionalInput = 2b2a1ffecbcb33efd3c21e3edca327f40aada7e33c8a104214b008f6614db48a
+ReturnedBits = 83cfdf969418f1459b450578e2704ae47b25db45132b329aa479aa26c9c182bc9bfa703293f4e0b2e9cb901e36ae5102b923607e2cff551caba263b16821d6c60db48129eb0ba6bce3cdc515fa5f47dc6307ab14531eb3bc347a9b279641d66ad8f6866d89e93500d405abb79bc6bb47205371679c4d01075207139bbf1579c2a155a40d55b3bb7e592cb7363dca6108007c77263f7e143ce5d73026de4ab1df7c3d93053ee13ddbc91fc3a1b225f52171c53b6f6aa58066e5b961109d34b2a647da18ed0bbf6f9d35198b8c472c855089d3fd5661ba35a59beb05173d584d36b32407a60c2e921ba13d03bea0675f4369ef2494f7478ae73f27a4201bada22a
+** GENERATE (SECOND CALL):
+	V = 008b0f3a2cbbfe698ee4a76ebbc7cfc6f1a50e62bed03a3964bd5cee298781a0a8fd533d1ae94501c94dec132ccf8aa3a98d38e1505762727d0b2dc08a80513e209d78ddfe9b2cb3a5c0ed730000929f672af33babd9ca12ae88c39a94ad7e0034299606244fb0925f26e83bf75440
+	C = 15512036ca59df22b39814155b132057277dd5fb180a57b281491d49f86a33ae0fa5dd6742f8cfb22b8bc652a02517534c2f003277d3d8a87af1b62bfa1d8e690346d5222c0256c75bc3b8b7ae67e203b10197046934a7fed99fec7f656095f1e88dcf88fc332ee87e44149ae47cec
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = a310c144f11c8b96fc472b0a7394d2da4199e01edf296e76fce13bce2d64bde4
+Nonce = df5ebf161d0df9329b8a63f3e04f9011
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0d4cd2ac2e84c93db1a0d1a3fa6105bff07d52a1d78871f458a179f73da499546c532586a7900610ceed925ff6661e2c5d59419bc97598534dc3364f343f04b39df43a358867b4b8ddb6e39c5264f82d097669302da4e9f16485a27470b7947cae8c59dfa245339510489ee81be8e6
+	C = 501794d92b665b91c0ccae0110b05423ce1f5e2df572413becd663eeab95dba83aafefaeca4b3b3b3421c8c6f6ef340222f93d59133afd1c7f7e818a8cf35182da47443183e4da90842865088339860ad9927055353171cd224b6b1223b84b7d1723fc5fc5900e082aa40c86d9bf16
+	reseed counter = 1
+EntropyInputReseed = 6eeb0242208399def484968bc440e5720c0513baa2cdedaf2e015d74978e2a87
+AdditionalInputReseed = 79b355dcee8d127118ab89c63c0d08207307e1f3c497c79521e2235cc0085ba8
+** RESEED:
+	V = 261f6d98229ee04419cf0bf3e1fbb34a996fdabd596e6d7cbb4b40f273a61e1931dce7caef93d718d30e1993d413fb2dcf2d7fef65f29ec5039e576c820bfd7e2a343d895ad309bc1170492a3fdd2bd81339de6ef5e8dc8200c34ba8df44366650e2be80adf039fc7e152d3ab77154
+	C = c3f9065e3983fcc8977a80055c75f787af7e933cffeb950d836610db85f3604ffcc56a2819d0af871d18d79edb13b2e28c929aa3cd488e70a7397d8e693cd13121b2aaf831c527d2b73654f700cf8a1f689383e255528185e95c14776722b22f4c5783ceb9362eca691b77de45368c
+	reseed counter = 1
+AdditionalInput = 0ba728e7790641cab0d0179e0f65d4ba7111e884477cd9dd753ac5ce0e044b32
+** GENERATE (FIRST CALL):
+	V = ea1873f65c22dd0cb1498bf93e71aad248ee6dfa595a028a3eb151cdf9997e692ea251f30964869ff026f132af27af73a1988da672e18a090a6feb1442dd329fa9e8c0315459f0f02b8ff2fd1c2c7ec5628a7abf98e37e1ead7e2515f185f6afce1daf48c4cbf6b32b1350641af566
+	C = c3f9065e3983fcc8977a80055c75f787af7e933cffeb950d836610db85f3604ffcc56a2819d0af871d18d79edb13b2e28c929aa3cd488e70a7397d8e693cd13121b2aaf831c527d2b73654f700cf8a1f689383e255528185e95c14776722b22f4c5783ceb9362eca691b77de45368c
+	reseed counter = 2
+AdditionalInput = ba59d36440f5207da47756336c85a4079da6e15b147accf8898aa1bd6151ffb6
+ReturnedBits = 597065f96721b6a3529d8679116123e2c8ebd8590d8855cb773e56d35c1d56a5995672577ecda4c8270fff056daf616d0a467631fb894e6e5f23e7eca3e8f414cc96a469631f3de2054ded1bffce678d8ff8745832c7f3f2cf122dddcbeaa61f02ad35020165f9745398aa550207bc8ec535f0c00b24bc71ddadf57cc4ef703c2d5bc4d069e6f1c106a0635fe69d21f8081297965bbdb7ec4086d53d5d93d027afcc973d34b198a2fee76d7ac93195d1aafdd4b4f9901154fa2af89a7e11859b26a5fe545371038bf11dbfc895b0997e1580a89a9297dabe1a6e54a61609ba05f5c500ee822315687dbc997d77f873176275c12f9406ba4c9d62a7fafc570f60
+** GENERATE (SECOND CALL):
+	V = ae117a5495a6d9d548c40bfe9ae7a259f86d013759459797c21762a97f8cdeb92b67bc1b233536270d3fc8d18a3b636711d8b78340d8078ea741bb7208eeb1fda3de7cda3d585ade4c1333a636211093331f6d335eb883b65d65e19a1bf05fe9eecc6b76ecdaf6e51f4c2cd953e2f1
+	C = c3f9065e3983fcc8977a80055c75f787af7e933cffeb950d836610db85f3604ffcc56a2819d0af871d18d79edb13b2e28c929aa3cd488e70a7397d8e693cd13121b2aaf831c527d2b73654f700cf8a1f689383e255528185e95c14776722b22f4c5783ceb9362eca691b77de45368c
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 549173c6181f89c1e6f4e669794bb291fd9a0ed9ade7fdfe424a4b1cafb99366
+Nonce = 2ef3071b34720cbc0f8e8192f417b547
+PersonalizationString = 
+** INSTANTIATE:
+	V = 27fcdf4df7da820af56d6acf3925986c44d7579db6f65a68c4a81548e0d4dbeab7c5ff01626b3e2f5c5fdf9aa8566beccfa041c21b28cbf1faf34f05b0a11eb51f199231e7df8906fc343adde5275e2724736478df167a80f126739c7f2b844175127a21d46e3ee35aa41a2fe537af
+	C = 106ccbe60149752a15d3e3a6d06a44eafe0b23a08cb6eb3066595eeb2064861eb09a1f3e0d3717688dce4f1e36d17af06dd912f1e6238d072e5a267d40e72ce5aea99a0c190a351752491e224b5357ea9cddf3ae2cdc465bd4680e5e88c1dcf47e86111f1f8c75b2783e2aa21a9a13
+	reseed counter = 1
+EntropyInputReseed = 284487bbe571a950d36ef35c1d488a2846e62cba31e0d0394c8574d03b969679
+AdditionalInputReseed = 02a6afe3d6188eb6796142ed50ef350088bab751726009ab708e48ba65f03e34
+** RESEED:
+	V = 678169934fafea9e1b143d00ab300699fafaf7c6566853df7d735adf46f6a5835543829a8c0c99d3aa85abeeb30edea20790345e13d259c98796375a64830b1baf1d432eda7210ece9e2f3ae808d807ea7036fb3e07373261b4aa3c2a1bd6a10be89291c73fd7eda558e59dea957f1
+	C = 8b7a7ba8715a968d07a2e0573efd41a44456f843fdc4a66e543096ecde8009285dd3f8a6c11c867dbf69357b14f980fd333324113b5e169169e8cd40b8a87a1abf0630cfe13733f17f1bab38129f699aaa142349eb5a196bda52bfbf5942a8f5c3543b53039b5a94b235b18fccdb0d
+	reseed counter = 1
+AdditionalInput = 733a370fcff98a8aeab94c4e21c2c331f0345dfbbbeeddf5df733f9e02e2d71e
+** GENERATE (FIRST CALL):
+	V = f2fbe53bc10a812b22b71d57ea2d483e3f51f00a542cfa4dd1a3f1cc2576aeabb3177b414d29205169eee169c8085fe4d7309931fcb28f89250fa66becb293e8dfb349111e273aa745f069585b18ecbab1b2d9470a9e30a10247f5f22de10fb3e7f31153724c51c34614366e9e9665
+	C = 8b7a7ba8715a968d07a2e0573efd41a44456f843fdc4a66e543096ecde8009285dd3f8a6c11c867dbf69357b14f980fd333324113b5e169169e8cd40b8a87a1abf0630cfe13733f17f1bab38129f699aaa142349eb5a196bda52bfbf5942a8f5c3543b53039b5a94b235b18fccdb0d
+	reseed counter = 2
+AdditionalInput = c4421b8ba19ba3a2f57450a5ce55a4ca164cd4033463ce5f128c9ae0ac60851f
+ReturnedBits = e4b1e7450793a953fb399c20f88eab2740541069473924fbe29a96caf0de94910fc1c7703b64a14bd34ae056cd2c7afea11bcddc42dcbc83da47a25087efd67700bf36fbf278a9b432017cb22aaeaa08a27716072d8ba7de3be8eb4b5e38ede5846aad3d9a24c6bbd6a8bbaf8a5bf2b4131f4bd2a61dcb327f133e628fc973ad99cca3128d31601d754797fe09ca51603f043db46f0f5ba6ec0e6937e905cff48b76983b9c23b35f22c4d20bcb70053edee4251b5272ab93038a6736148704d628f725e9adcc063e5591abe4bd01e1ef40f432094a32fa0abf9519be8569d052846c4e8de522354d8dcd71f5a09c015ad40b74f285750e78fd3a949b48eed8fa
+** GENERATE (SECOND CALL):
+	V = 7e7660e4326517b82a59fdaf292a89e283a8e84e51f1a0bc25d488b903f6b7d410eb73e80e45a6cf295816e4dd01e2516adfa55273e6d0de6f69ef9b0c29dae2c145bd96a12c13b6d4cb5798626de36eb3e04077ae1960815436fa2edea456413f21102ad482d6669707dc9824b894
+	C = 8b7a7ba8715a968d07a2e0573efd41a44456f843fdc4a66e543096ecde8009285dd3f8a6c11c867dbf69357b14f980fd333324113b5e169169e8cd40b8a87a1abf0630cfe13733f17f1bab38129f699aaa142349eb5a196bda52bfbf5942a8f5c3543b53039b5a94b235b18fccdb0d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = fd55a8817065961dbc43e2fb7f8f997c129219e3d2b2e8526dbd9aabda1f0288
+Nonce = ae8ece5a98cb0a5aa4f795a8fe60f549
+PersonalizationString = 
+** INSTANTIATE:
+	V = e2b0b40098272c53777d8e8698ef98a9969c0620b29face7397d14a7e9595d1078b09073b5daafed6ed4f1cb56e6b694c2d3ada8e18e3189c05fce2a5e2ebebd1cf1af908442b0a4344eed1f6f520147f2ec07691fce68794b36f7d4e08db313c78d15cb16ee1682bdaf202b13dd85
+	C = 1a3f80b814a42eac643d27195f549dd9747b0a13332545fd3780bfb7f29f778100609c9084673b1f3bfd4844e04e3b708dce1c45ec83a44df06d5a9ff2b999f439db7a8e29941f672d990658ccb1896105fb7ee7f0e56df26132c2354af1f36ab0ab77566ff7b8f5f16b32449be110
+	reseed counter = 1
+EntropyInputReseed = a4e85f2ba5116a935c98013f0c011488618b6dad74fa44b92160c66ce9dd4356
+AdditionalInputReseed = 749f7e77fb54b943eef8ee6b7639fd31d668f19242052f7e9bd5f2a15e47a184
+** RESEED:
+	V = 6452d537ea49aa73fb1fbab475777e14868df7750d92180936cf78525542795351ab6b8742300b15f32e11eae6076e27fa7978b9961af06b9179751de8ac0c63d8bd65ede98c0ed7fbcd45a65861475cfe26ff2ac57a9b05b8d51f6af08748a4b696baeb45cd53a7279a65393147a1
+	C = e75d8d58d112bf910e0f21bafeae8a4ff15c3a720f02ef876507eeb3c8668fb2007b2eb38898dc2e3177fd3c1da33ed3087987da426183dc6f177d8e12b2cdefb0d16949d629862da48863375536b0c355df45856cbcd84fbb3330534f4c8364c4fd05e7207ab3e8569b20b53f1d08
+	reseed counter = 1
+AdditionalInput = bd3b641ba132ced276dd0eec85f5a5a56189bd63a4aa5530763993c3a0b24289
+** GENERATE (FIRST CALL):
+	V = 4bb06290bb5c6a05092edc6f7426086477ea31e71c9507909bd767061da9090552269a3acac8e74424a60f2703aaadf6cf244628d6a03ad9ee99793c48d30dac165443478404b16fdba081bed6d8c3c4f812b0169595029c9d5c238795a6fa65c52bb9542501222bbc75a29600d34c
+	C = e75d8d58d112bf910e0f21bafeae8a4ff15c3a720f02ef876507eeb3c8668fb2007b2eb38898dc2e3177fd3c1da33ed3087987da426183dc6f177d8e12b2cdefb0d16949d629862da48863375536b0c355df45856cbcd84fbb3330534f4c8364c4fd05e7207ab3e8569b20b53f1d08
+	reseed counter = 2
+AdditionalInput = 91e16a242bc168495ab037b3614c397240fb2936e4db40e7658ca286f913c40a
+ReturnedBits = d3a347d51f1717da71b93adce2c27a8973851731462790084497a60b2cd376091eb909cced0eb9160c5732d3232e950e365d42bbdbb8a77c4003e33c4254de2456fe0405e47298ee8143fd0b5063e3a9daebf68dfed1b44b97faeb40f0d2dee6d556128e397a77f4fe29f7475f9ea506aafa16c28b6e8f71956b67ee8a1fdc5f0d0060f7966bd677db29118954ccefac8f7780b1d7c7507ec3df63a063d03ea94af156e7295e6cdc98da7dc391654ef5c9f0e04dc74d058117e46876d384cf77d171d4dcfd4dc8264b65fcaaa020ce0e798d4517754358e534f0f34cab6adde69bf84bed7791ca95d3079b68e47136c1a9521fdef78a677c8716d079245b582b
+** GENERATE (SECOND CALL):
+	V = 330defe98c6f2996173dfe2a72d492b469466c592b97f71800df55b9e60f98b752a1c8ee5361c372561e0c63214dede6b1ad22904a67b26388fea1de34a7ee617e97e6cbbda0232738ca9e625dae2867528dcb7b2196b2bf7f1fcb641f3990d7033d826ea38c01b891d37f0256575f
+	C = e75d8d58d112bf910e0f21bafeae8a4ff15c3a720f02ef876507eeb3c8668fb2007b2eb38898dc2e3177fd3c1da33ed3087987da426183dc6f177d8e12b2cdefb0d16949d629862da48863375536b0c355df45856cbcd84fbb3330534f4c8364c4fd05e7207ab3e8569b20b53f1d08
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 276bf285550559c4536d7233de46c90da2713faaefe8c0bd8898c39365eeee64
+Nonce = 88ab42d72ff7b0e827611bfaedd46063
+PersonalizationString = 
+** INSTANTIATE:
+	V = c8cbbfc7ce6412de1ad1bdcb9444c58aebdd22e31fd08df0f73f337aa4835782bc650beb2f1e83264c056abf872bf1d9e7115ea5557fe5c51dfd8694ccf33efcb9edca9703f0e9ae8ae869a43e32e82c575fb3607228982d5411de4e6f08c6e9e645798eaafcee0488b325797eb1fe
+	C = 953e1016ce679d503b3c0f0f85115895cb4c763a766da7a2c6264b7fe216afb586b3d84dc4d169bc25debcb7cd07f45b6a8144c8411f93f418d3cc206f5e680a6ddfa9874a71110eae68e12889b1a4df58a3e4a0d104af80f4db05e093a3931a9ab10cb0bd9764776243355f431f6f
+	reseed counter = 1
+EntropyInputReseed = 244b13e37e94c237dd61376b5090ca7c1dbc1d01396c578778d8693733a9d123
+AdditionalInputReseed = 53519a4da98012c97ad92ce8a75dc0fa0e82a4aeff11fbc680842808236cef9e
+** RESEED:
+	V = 5a1c208c4fa77a954382d50a18ced7ec16e67918da01018834cffbd7491754c8ab4c5cea5c6a2d9880851856f1b40956e3e0657c85e08d9f2cda457b6295d5e3b69cf5f8f15ce7ad1a5aba5fce0b5dd32adb0222016ea74f5fd9aae58ff8045c87eb664b7e798bb0f7c2d22b5b1e91
+	C = 1abfea16a2d0a1b422a694df4383ac19eb8a1ce2a85982c2f47b6e00c9414bde5ccd6ff94f3e285df53f503cef28ab5ddaa30a5fdb1f2d55bdf8fe5dcb2abd667f4d5a0ccb750ee9a03cfa023b662dcc0338c4c5c2666387bce3be490a8d91ab0820e4c9ae28090c3bc933e9e1bda0
+	reseed counter = 1
+AdditionalInput = e2bfa081e9e18ea08c70dc03c40b0f4830f0c2c3ca8ae4254cd08b8aa455739a
+** GENERATE (FIRST CALL):
+	V = 74dc0aa2f2781c49662969e95c528406027095fb825a844b294b69d81258a0a70819cce3aba855f675c46893e0dcb52a330be9227184eaaec039d7d8480e830b764358a789b2a06545d9b0392a44f5ee6fb22959c1644a489454368abe32f941fc5c518a2b22ea472701f68f67d4d2
+	C = 1abfea16a2d0a1b422a694df4383ac19eb8a1ce2a85982c2f47b6e00c9414bde5ccd6ff94f3e285df53f503cef28ab5ddaa30a5fdb1f2d55bdf8fe5dcb2abd667f4d5a0ccb750ee9a03cfa023b662dcc0338c4c5c2666387bce3be490a8d91ab0820e4c9ae28090c3bc933e9e1bda0
+	reseed counter = 2
+AdditionalInput = cf7c7e409d2dcac196ad7e2cd785c7dba234b8e92523caf6976eabc7d1e5d10f
+ReturnedBits = a363ea085bd09be8358ee8c3d542b6bce284ffb21106fd7d95e019d557471b8f95aeeca189b0acbf9f55c950e01c00f40c41aa7cffc3aafabd3984b63d119f7c9e8090b1070c8408d0d8cf81ee9e4f1c110c34fa5de6fc62c61938f757b470e87147840fcec434b790ea8a4d02cb4e9076f7cf493144b95b310b587537e28110fe44e5b9f52573ed1bf5154b191e866aaf30b1f5e6f1edc64f68451eab4c0dd7acb2dff57cb9557ac9a74745ec0cad6a95c45ee6629c5517168e47b5a5711254cad38e2eca842b302ae30d2918d34fff71650fe37671b13e8a009a6e5a5ab31306f003fc08f0ca7dba39ee3d5d29d2c23116684815f535464af2142acaf39db5
+** GENERATE (SECOND CALL):
+	V = 8f9bf4b99548bdfd88cffec89fd6301fedfab2de2ab4070e1dc6d7d8db99ec8564e73cdcfae67e546b03b8d0d0056122248c36b892568222a17df1d445ad42c16683ffdf14f771141ed7f68cf7f7404f69d60dace63be06f72b169892eb18c3dcb44d25fb73c3e413366b29da4d37f
+	C = 1abfea16a2d0a1b422a694df4383ac19eb8a1ce2a85982c2f47b6e00c9414bde5ccd6ff94f3e285df53f503cef28ab5ddaa30a5fdb1f2d55bdf8fe5dcb2abd667f4d5a0ccb750ee9a03cfa023b662dcc0338c4c5c2666387bce3be490a8d91ab0820e4c9ae28090c3bc933e9e1bda0
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 9133df0a676e806c04b63b57a4e660f9b92f438322b72c683836e6bfe81583c6
+Nonce = a8950245ee3dd789e02f4a78db71ddaa
+PersonalizationString = 
+** INSTANTIATE:
+	V = c42275d40587de57d2cedc346404dceb5327bb17f71f286538973c85d87703ccd99e818dafcbcf60644f1839c5e8762ce4157e982c16905e8a5bfbf29cd24d476fef8838e2e1ca1d7690e3e27a0fda6610d2286e260f3a10f4a42ec96e0fa5c5bf784d6e6809df9b5de6860c790cce
+	C = ee95724b4189e5b039ae338279ad9ec5203ff1f1cb3f6fa8c307f5a80897fc03b8b8637e3fd5d1c469501e29a84245101430d62e801f8c9912684ec1091f536043e5270ce5973ccef6b30602ded1812df607208fc26059277a062a961a5ff38b647bd0d3f4e56d5d7c546b2bf7c76a
+	reseed counter = 1
+EntropyInputReseed = 5a667f369b625f7e178d01a35bb9891f57c1a7b26c7974dfdeb6edf95e5b820f
+AdditionalInputReseed = 0ab32c9bf88f312509494a1fd9138c4efd791209e19c6d4ea5171c8e52b675af
+** RESEED:
+	V = 8c3df212fe8ee8c773788d72f23924acd51cf0f36d0d298fc854c9e8c04d5fd8c88fc59f60f0508f3832aec116752b75d352fee88f60901709495a94845917f8d1f315a94d3d18f6a9eb9f8a8b7d8a5c74e512348a22f851eb8e59d376811f868635d3e390e8fe1d3a03f6871ddd28
+	C = 0a06850bfc97114918bc53ee30c43a48faf90bfd579dfda27cce660d661c90e0dca7118eaa0767ce01cf1efdeb6539b5e0b922d012746e5526fdd1539f478a086845453bb5385fadf24c617b5b14e53ee2d6ead676b015e538352fe531b0f395077e8243e51f2775dfb4f8de97543d
+	reseed counter = 1
+AdditionalInput = 33758b477d46b91442b8e86b26684c981bd2cf2d4c3b7aa32e1e5046f172dcfc
+** GENERATE (FIRST CALL):
+	V = 9644771efb25fa108c34e16122fd5ef5d015fcf0c4ab273245232ff62669f0b9a536d72e0af7b85d3a01cdbf01da658c96c2c8b18b3a3e969e063a077d95cdc9652dceaaa09cac84db3cd2545a703925cafb1d079897a6a45be74a9106ce4337c216c0029293aee16e58700c8e8bc4
+	C = 0a06850bfc97114918bc53ee30c43a48faf90bfd579dfda27cce660d661c90e0dca7118eaa0767ce01cf1efdeb6539b5e0b922d012746e5526fdd1539f478a086845453bb5385fadf24c617b5b14e53ee2d6ead676b015e538352fe531b0f395077e8243e51f2775dfb4f8de97543d
+	reseed counter = 2
+AdditionalInput = 4631c3d05787fb8ff998d66e3719c00ea6cb2ddb81e83b1c86241386c3ba5d3d
+ReturnedBits = 071b3482a7e661039183cebd31a693a0cea480447dddde3501a931982e3f572b59ceb65bb9579d5a3fc74df0976927b22d8c71d62217d78dc5c79f2dafc8db9c65a4ab24f1f10ce8fa991ea7054ca90709a58d42547cba5007716dad596dc4ce439813be5ebfa0353328db8dcb5c9b8823107a533038f4b44236faaa4d8f4ad438fcef98bbe1209bacc2f051c514ce384ae86e7e041cabb779a98e8255e7d7da835b13e302ce832d835fc47bc5893aa48e667c0594ee4ad5414aa2301f71d0bb0f7c28cd6157872942450dfc2d59b25eb33e3cc3b9ecd18cea4f022d96eb2a85083cbd13e238b22f62b97aec4bcb18f87408a191b0425176c5840cdbd449a199
+** GENERATE (SECOND CALL):
+	V = a04afc2af7bd0b59a4f1354f53c1993ecb0f08ee1c4924d4c1f196038c86819a81dde8bcb4ff202b3bd0ecbced3fa037225c016ed6f144079167d2e5c893855172b5e6a8435614fd0fec774a77bbad1a5bc0a64a29dcc301f862434b2da22b38b6de3e0320a74a1ebc46f73b02ca9c
+	C = 0a06850bfc97114918bc53ee30c43a48faf90bfd579dfda27cce660d661c90e0dca7118eaa0767ce01cf1efdeb6539b5e0b922d012746e5526fdd1539f478a086845453bb5385fadf24c617b5b14e53ee2d6ead676b015e538352fe531b0f395077e8243e51f2775dfb4f8de97543d
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 0cd62295d435e78c7288a14d64bbb1eb440219deae1488304856cb566d3cacbb
+Nonce = 150a4cfcf033d9a5ebab5ab6da68def9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 39d33cda24734b3cb8889ce032b164e672e1abce34cc4379b405c7c4b1104528e96f09e92cf9be26c041e515eb957fa4363a1b3a7d9be8aed41c1fe79ae613016ab312b176ae1dead766147d41faef2b432135e34c0e089535bd980b62f6bc84e8ba57d8a60c755f26dfa970c55250
+	C = 82d801f42532410dd14232f069ccad7889d2849c1c5c31da8be591b07d1472588edf909876d2e48b289b8dcad7495c99f966fa85089155543944cd09c7deea0f9a244dcc36278a1879ad9f336f91b7766b099152f724459b28e2aad475f53d8e62ecc076afa273abe11415e64719fa
+	reseed counter = 1
+EntropyInputReseed = 6edc77f147a985ac6e20de1f80ee4e5bb62d2e31c2ffff092cdb231046e24f91
+AdditionalInputReseed = e95a76d6da5d41615a78caf48844e8b1873fe76752edbfe506788f355f3f85b5
+** RESEED:
+	V = 96f8f069ada6072f714dd932a217ba914686a10c41c1797f02072a1414b053dccbd3431cd2835eb2fe3d7d5d995d28f3a54f460bb02b796aedd4003ea27c731dd4ed0b70d265f0ec05114febe087e0ba2bd2d16d20de64201106fd84d10aa2bec059efb6751e650deaa77539d11157
+	C = d39d507bb143fadad8f950b87acf3abcc63743ad714c76f0421086436be2ac584f154932ae75a9d3ae012dc214411da25fe755bb714152d8e18dcc9aaa0f1ad55dbcda31fb1919cb4245ffbe4cdf3eabf5c2b7e29cbe6600ead7766cc63acab9c26dfce794e496b4d433352eab3f70
+	reseed counter = 1
+AdditionalInput = 1d70801f9f63e8247a8087c7b90cf9fb524eb45b0b641bfcb05cd8d90eefc0d6
+** GENERATE (FIRST CALL):
+	V = 6a9640e55eea020a4a4729eb1ce6f54e0cbde4b9b30df06f4417b057809300351ae88c4f80f90886ac3eab1fad9e47d7cbcafdd2a17d0c65ae8e889308c9e2bfc0d05352250a9ae42f54d6cf9ff99aad279074f0911282e80075aa4ee3057759f750567b82a5043079b4866c64618a
+	C = d39d507bb143fadad8f950b87acf3abcc63743ad714c76f0421086436be2ac584f154932ae75a9d3ae012dc214411da25fe755bb714152d8e18dcc9aaa0f1ad55dbcda31fb1919cb4245ffbe4cdf3eabf5c2b7e29cbe6600ead7766cc63acab9c26dfce794e496b4d433352eab3f70
+	reseed counter = 2
+AdditionalInput = 3679663fb40fb47f6050414b4f99bcd3dd9e6d6604d92be698a638a8bd255db3
+ReturnedBits = 1d6863bc5c5657a266d73891c243dd8a4d25d96d1c4575b86f00dd67bf67bd704fd93e8de0ababfdbb8827ef3f6a26a9ab2e6781ec1c96f1fad3687868d2cfe0747990a48941b309c80eab24b433890fd839237b652c3c8c8ff21ef3785518b80f61a78f89f5a19f87d865ecbda2a40b3e9911a2055f89fea3a298076e6cc03beea87a5b8f49c04a26c4b2b045291cad68f00b2ef2d8bf7fae317513aca21b9e666ca6c22b128295da4d0356fb61636cf4302f175370a849f17fc7c7c662dd977941596c775e5c90929c050dd2cf25f65dd44f8318a6c39a31f4796fd45d6cceb2face9782bb5f16a6f9fbacefef5709e29a2a3fccc4bcc2a030e105e57b639a
+** GENERATE (SECOND CALL):
+	V = 3e339161102dfce523407aa397b6300ad2f52867245a675f8628369aec75ac8d69fdd5822f6eb25a5a3fd8e1c1df66ca4a09b8dd13f0937c43f4cb827e299446f15780ce7e3918f0c006601237fe3831775735c369a44cfe6c5c37e9df44a67defb091c780c2714f62af92ba40a628
+	C = d39d507bb143fadad8f950b87acf3abcc63743ad714c76f0421086436be2ac584f154932ae75a9d3ae012dc214411da25fe755bb714152d8e18dcc9aaa0f1ad55dbcda31fb1919cb4245ffbe4cdf3eabf5c2b7e29cbe6600ead7766cc63acab9c26dfce794e496b4d433352eab3f70
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 6a46584bc186cdde3e7ef8b1bd600190cab1658c94b8d2fce0647dd5c84c61d8
+Nonce = 07083c6ec8acccf239ad3ed013b5df55
+PersonalizationString = 
+** INSTANTIATE:
+	V = f6978da51e1428ba6ed2680db0f1d87585977feff54a61168b3cb866c8119d8f2254a1d435a8b5a0909899e939f81a573cc87cf15d51e83206c772c3ad85255dbdb58b1ee0d6f94088e19e951b246980fb22aee34c36bbc2aad83edb3829bea1a81603bd151388fb04de0ac9e7f6d7
+	C = 57f82a3616de5880d80a9b5b44df99cedb5201f0e58d9ee40145161fecba2024375aea824cbe214064a6de4255241f2efe46bb97bee9f08d02c7eeccb06b860c7f7d516ecfc23e10b6230b5055ac4c0a4f91c37737f3e1fc58058b47573214932d26d87b8d471e74d1f2ba1006c25c
+	reseed counter = 1
+EntropyInputReseed = 5fdc5a8cb85d96127d2d14a8a5ff477eb59f37f394168ae0a1ead5ae719809f3
+AdditionalInputReseed = 2781e209019677999cf47303f0d22c645ff158fb2ea013962f3fdf3ba7a33f97
+** RESEED:
+	V = 34dde49011652a068339db474295470c87f54a3104c9dbd5aef255ec40b9e32006a43805b60f108c0b26373175463141ec43cd270b15e4ecd1627ee7792d0e2bf62732b0d84e2fd67f55375df5246f40e8018602b4b7d5417335e434d706b049703c3396c668358fe70e498935d9e4
+	C = 736578e6ba98f6639267e61a70cdfd1727cde284b1aca303c4d83eb9e16a8b8a04a5a819f8a722806eb5a396ed74ba5a3e3648ea0b9ad4a73edc41825b816648194723aa92e064fb75cb9005fef1c8ae7af2296bbd970526138dc89607854c4943f29bab973334f8c192189630f3bf
+	reseed counter = 1
+AdditionalInput = 026dc3f83c476111f0968ae199fcb257bc3ea870d84db011b42471a574769dde
+** GENERATE (FIRST CALL):
+	V = a8435d76cbfe206a15a1c161b3634423afc32cb5b6767ed973ca94a622246eaa0b49e01faeb6330c79dbdac862baec7ec97a3fe1b855ba904e51752c2b83fb78837d19a59a7ec0bf8ea18a27c8bfcc15adbc5fedd28539a8c5905bc57602b6820b34c0b0656d08a0bbda41358d84b2
+	C = 736578e6ba98f6639267e61a70cdfd1727cde284b1aca303c4d83eb9e16a8b8a04a5a819f8a722806eb5a396ed74ba5a3e3648ea0b9ad4a73edc41825b816648194723aa92e064fb75cb9005fef1c8ae7af2296bbd970526138dc89607854c4943f29bab973334f8c192189630f3bf
+	reseed counter = 2
+AdditionalInput = 845a2d7e67d18eb432ea33e5f54eb6df17cbeeeda91be8f328b52db32a27ab6e
+ReturnedBits = 9ec3211dfe074fb70dd0c50796c1202f2eb32c09e80c6d642857fdf5ed3efd212d96294ed0123dc92e63f58e3996d104c66bebc1700ee8f67bf5d714016edc955afe8af3822c8fd72354919402bbe3867f3fc2401f8722a23b4a46685e529ad732c301f77997ae9a43dafbaed1b353f892eccb96f51ced0ef1d7180530a6d8873f2e2cc3d2afd0be05ba2eb2b32507eb1ecdb82c3939da10ff102973f6ed6337cc525f1eced3e704280516ceb12dc691eeddaa6bb682ca98758fdd0c4894ea35c58ec473d772314dc9d14c8aec1df639014b8308bb03eb9d54d529bdb10fa61d8d452e3e8430253309bf26b798fb6efbaa2f2d8f565b664a1bbf90c05a6584a3
+** GENERATE (SECOND CALL):
+	V = 1ba8d65d869716cda809a77c2431413ad7910f3a682321dd38a2d360038efa340fef8839a75d558ce8917e5f502fa784801a28e3ecf104e720bbb9a945111d0133f68b4324597112e22f1a3f326b83fa7df674ae84b4e066fb1dd584d6503eeb458275f5d3d3f9b4718e35a8881c25
+	C = 736578e6ba98f6639267e61a70cdfd1727cde284b1aca303c4d83eb9e16a8b8a04a5a819f8a722806eb5a396ed74ba5a3e3648ea0b9ad4a73edc41825b816648194723aa92e064fb75cb9005fef1c8ae7af2296bbd970526138dc89607854c4943f29bab973334f8c192189630f3bf
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 17f6558422096c315c90f677e3b981d4588b274016d68bc6cf983526909b0a35
+Nonce = 6bec0e7c8236a0ba5a02aeff7d14f627
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6d8a1eccc734923112a8b3d42462a4772bbfec251284d4f867005ef91d430d2014091d06f362d3ff0942886a72c5e70b1b40ac763b18660e31c70866406b4c3790c6eaf335c641b9fa71b973a7e8bb17efb63321d2c037e7bd67c856a6c2253e860f9418155b7f84391a850e16d7b6
+	C = f6b8da56a79f97c358da172f33c8cc752ca2ea8b147d79b4758a9dbfc03e12b167fecaec6c8c82de63671a56f092d50720efb15b6f728ebeace4ebc7a533a9be3c89aeaba238138d03cfb871d24eb91c72266eac77b7a4e8d5919dd0c93bb22fbb3302144546cf9748fb574e7bb52f
+	reseed counter = 1
+EntropyInputReseed = d65dd18492d2f4084252eba533e83353952d31a9cc73a2b1095b88a3ec16e350
+AdditionalInputReseed = e7f10fef660317512f2a7076a56790a20dfaa844ace419d1475a3dec89e77e4d
+** RESEED:
+	V = a9d93b12b5334f5ab3a7981a7d1ebcf4cf7daa5395878bd87e505286514e86050b35b93bd1dcddf35c25b872b519f87ef315a00714336d718d2ed3fa6deb92a20a85c156e384a87484e5130423092ac7f5cd9334d48df2627c4e2286cce5c62c7d7d09a9231f9df1aaf3d8cac4ace8
+	C = 9016e26dc44133d40b259a48510379e22057faefaa599033ef407fbe4bfb50f5998fb021627a51cf5c315f736b6e839c687fb2124338e2bbc6aa1af2669383ca9d0cd3fe05d8188cdaf1039d24f3170df4362064eabd932fa33de638ba9bda5630026a5b7fc67a6fe11a2cb9088ce0
+	reseed counter = 1
+AdditionalInput = 199348ba17963717e0c5e7a1d299861809bacbc1229e66d0df82a40beb51ba6f
+** GENERATE (FIRST CALL):
+	V = 39f01d807974832ebecd3262ce2236d6efd5a5433fe11c0c6d90d2449d49d6faa4c5695d34572fc2b85717e620887d1c895527fb96cb2947a9ba09a463cd901f87ecab66d067eeed77bf604943873b45e179941ae534c6d249a15860179a7b20db21f4525c477d0e7b836af40ee7f1
+	C = 9016e26dc44133d40b259a48510379e22057faefaa599033ef407fbe4bfb50f5998fb021627a51cf5c315f736b6e839c687fb2124338e2bbc6aa1af2669383ca9d0cd3fe05d8188cdaf1039d24f3170df4362064eabd932fa33de638ba9bda5630026a5b7fc67a6fe11a2cb9088ce0
+	reseed counter = 2
+AdditionalInput = f2aec87130b03d7690881ef1516f3bc24da2a041e85257d076b648c29e1665ff
+ReturnedBits = a0f0cdfb26ca8c7a2a6efde17ebac6745be136e55e9641326acf0c87a4dd6596baaf580bc8b5114cce64e7ea418cdefc317ed74e3e762c32e260b8159c9d6cd2ab21ccc42d10817f523472acf13df6db9ceb490890735e90659f3fd181cd42e8ae34465cb38b8c13a2bbdca149d0eee38aa73c65e1dae727e60a0d1684cf7a06dd29c33db46a6de0f341e9c1b0768e3ea183c89db022735c5a03e2910d3f63d5c78b83a70006c0bea69076e8fd3d9576aaaad09a97ca973c94437e64ee39ae81c7a666bcfb41154b2c1864e627f041778514284bc31a04acc8a29ed1496940a6f74aa77850433462e3b61cf12041d57064bf3fe2ada1de03bb1d1d057e036789
+** GENERATE (SECOND CALL):
+	V = ca06ffee3db5b702c9f2ccab1f25b0b9102da032ea3aac405cd15202e94527f03e55197e96d18192148877598bf701637a9f95197e054dd3ef1d9b36cd18eb544caa6ada2cea7a854f248633f2f6b06a43026a31b379128b2bcdea93fc52d3bf00f13d2a1d2daf30c1a6a178d7c955
+	C = 9016e26dc44133d40b259a48510379e22057faefaa599033ef407fbe4bfb50f5998fb021627a51cf5c315f736b6e839c687fb2124338e2bbc6aa1af2669383ca9d0cd3fe05d8188cdaf1039d24f3170df4362064eabd932fa33de638ba9bda5630026a5b7fc67a6fe11a2cb9088ce0
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 0152fedbcc60606396131cfac31f5433c3f222ac60852f314c16d5fb2ccd8d37
+Nonce = 728f8db21d19ad150497456e542f81cd
+PersonalizationString = 
+** INSTANTIATE:
+	V = 49bfbaeac0972bf8ed2ff0341f9195c6414fe06bddea32d9168c4cef6ad0569a11d3b55345733a3aaa46ec972e675505e98bda65c43851242de3dc9ab8aa34a599e0e651859fc294dc5e8444573a56eba2055de7f419989d92fbc1ede07f00c69184f321701d8b91156038e38aa4a1
+	C = 4a14c91867019e9e2bf681fa5ac9300280f9204229c244a59565078073c7fb17692188c13060d7c9ecf1d29c7086f060d58120f37ddb13c9477434581b34701df1803cbe482c13c0569ccf4ba27bb2c461f5456fd526f8b567ea97e5aad58529174127f68b01b3acb8e7fe0b6480b1
+	reseed counter = 1
+EntropyInputReseed = f464adc53792f938bf77dcd5ad1988a2252725b8f5a199369edec5c148c61bef
+AdditionalInputReseed = 56e55db916f7962b265945f7f88492f105917a68c5e96f40098c5cf9d71ac692
+** RESEED:
+	V = 3509f3d1db598e13125f1123cb573458ac30966146bd754b59d53aedf9a51c0c481a1726bf74c2d7d34672bdd5613259819f5ef5a3497a87314ea0c9cea9113ad67006d58bfa3976a787e644c9cc90a87b21a313e6110a34bfe0fc3dab7243433a889866e16b4708d13bcfd469b567
+	C = 3ab6a2d467c8fb70085c651abfb5ab582405220f91d4ccbaa1de8c1e4d028e766204533e3eb6e3cc5e7709a842dfc556a1993d2f17700c116ffffa609cda3b45d7f43ca3ceaffe1edc604e3cfb26ffdabf0c09e0c4a3de8564416f65869f473a8a28f54fa7644c485ead40f2bf6a6a
+	reseed counter = 1
+AdditionalInput = e5b7e8a1dc48dbeab9bf2cc939dfe07bd6da4fdb853f6ae706c79c50978ba20f
+** GENERATE (FIRST CALL):
+	V = 6fc096a6432289831abb763e8b0cdfb0d035b870d8924205fbb3c70c46a7aa82aa1e6a64fe2ba6a431bd7c661840f90a87e1e41254872e7425f12a4964a02c571f06a4cbd3a3c0aebd6bf454c6dbfcef179f5f300fed13549720d621cf00a4aa4cf0f8636c7556a5e24c9f6f0fcc61
+	C = 3ab6a2d467c8fb70085c651abfb5ab582405220f91d4ccbaa1de8c1e4d028e766204533e3eb6e3cc5e7709a842dfc556a1993d2f17700c116ffffa609cda3b45d7f43ca3ceaffe1edc604e3cfb26ffdabf0c09e0c4a3de8564416f65869f473a8a28f54fa7644c485ead40f2bf6a6a
+	reseed counter = 2
+AdditionalInput = 30ad3575a75061e4d0ad73c2a8e62e5127321b6ae3a38a94c8659bed2cacea02
+ReturnedBits = 6dd8125e0e337c315b0cb6566562fd6d6f968fbba01ba29c419fe4a7e316662caeae9cfa010f64deed9257f38969ec45b99b837d5c4f1073b9f3353164226c874c7c7ce09c360f65515bd1389055d097c3f78eb0246a5e151879dcd596dc6795ec00a579dbb03002b53581e9a02c2c97ccbffd0654a672527903a4b6ff11f638dedeb680828279bdfa488316764f5ce47af69af36f2325cec633fb513c64bc79e4a70e22fd15c949d5cb4d9d7745e0ccef3561f26310bd4ae591d26c6aa23628e0b686fce168411dcdcc6be82618be9c8a02697de95a00b6101a936e9bb2db50c423c50b6dbdbfa64adfd5326f17d298db5f3c39548e90ceb8c5a9aac8e699ab
+** GENERATE (SECOND CALL):
+	V = aa77397aaaeb84f32317db594ac28b08f43ada806a670ec09d92532a93aa38f90c22bda33ce28a709034860e5b20c02f28eae32e5115904d61d21e24367afbf451009d118a77cd6ff248dbd4e799ad603b8175a2bcfbde646ba12dd40590712dd147d0027fecbb8024007ebd15f6ca
+	C = 3ab6a2d467c8fb70085c651abfb5ab582405220f91d4ccbaa1de8c1e4d028e766204533e3eb6e3cc5e7709a842dfc556a1993d2f17700c116ffffa609cda3b45d7f43ca3ceaffe1edc604e3cfb26ffdabf0c09e0c4a3de8564416f65869f473a8a28f54fa7644c485ead40f2bf6a6a
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = d35a92c957932b159cdf5d64aa9728f6f487a15031185a9436c9e0195c0511b8
+Nonce = 82a397da4f436fa8e084f2974477ea24
+PersonalizationString = d98e4f1d807362d54e2d17601314bc4ca0b625e7028d8bac3fd0e960507ff140
+** INSTANTIATE:
+	V = 64736a6b8e759a447edd64d1540f4e2cb0da9f238d442c954db50a8a29825a4c311b69f95edc8dc06c542bfd5af6e234fc7734f2c1dd1c2cb9a06851dfe8ace5ac41af690dec881c08b7025819d99d8adfab7cf6a24fff4bc4505ed9d4b1fd691b374a42941f4b50c534e9cd0bdaf7
+	C = 622db10447aeaa6b7c4ffab05923f49f53d2d445c8d0f5362a14d3e5fa3599112bdd03eae59e2ac70a7b641bfb33a2dec33cc873f47550f421c017ac29e828487b5f341a9212f4e999b8312cc772530a365aa21b628bfd4b092b0d9fc5171cc2ab88d96c51841e9183d694acf3d88b
+	reseed counter = 1
+EntropyInputReseed = 95bc52673918316bac4ee69869c5166743e69a6a3571ae752e02428f879aa212
+AdditionalInputReseed = 
+** RESEED:
+	V = 7e7bb80d2393e729c9db88b0ef26d39a31806b54aa2be7383d117aa2a07350eb27bd62206e25ba1ed9668448e8a247ea6cf01f03eaa1a942e914733ba93de429b79797299da86a2a8a7e20f55abe688404ccfca226f62cde0e59bc5cb191ba75fd201d1c18bc6e719feca87a6d516c
+	C = c22a011d7bab672737a23958d81a53f3071944e764e1a8d26c27cda24ef609be1ab5c67f4a08a9cc9285fc90d594f0c64bebe84e7d91d2e6a88c9062d7a74d8ce0d1435ea92ea592410245518532e2daf2516a8f2509c0d32c463761870621cd1132120083d71b5434c3bf094605da
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 40a5b92a9f3f4e51017dc209c741278d3899b03c0f0d900aa9394844ef695aa94273289fb82e63eb6bec80d9be373953c9ffc76d1a249b38feddfd83b20f8352e9763bfb9b9648935195ad8b84a1ca17e236fe2ec4adabde46e03b31bba6967084387c27d2031d297ac57154524c94
+	C = c22a011d7bab672737a23958d81a53f3071944e764e1a8d26c27cda24ef609be1ab5c67f4a08a9cc9285fc90d594f0c64bebe84e7d91d2e6a88c9062d7a74d8ce0d1435ea92ea592410245518532e2daf2516a8f2509c0d32c463761870621cd1132120083d71b5434c3bf094605da
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bb0f228463421ae057ee27579750e01e15f037c5286af4587ac4cede172411da4d557285ff2a3b77a6040754f5df18c3dc4d4d445ee0873bcdc46b364ae905b90c6ceeaba02d6d0392634c1d255784a521d6aaa4c8c63d9f401010b350e3406eb89e4dc666242b80ff07e84d95025c00964fe7ce764a9060a664bfe3ad84bce59911dc2cf3590f8862217d4b743324d33f3e7c1676684d2bdf89290229372d0fada5b8a592bbb4b406b69ed9f3a59d6c3f0121398bee43e2a4abc805865b47620eb0d963a35c2d933743c06d43edfa7bc618b5548a6e5ee23128397fce9adf1b29d2b2acccf88d76ff98112b9140bb82c49b08fcaa2c10e42b7f935429c64068
+** GENERATE (SECOND CALL):
+	V = 02cfba481aeab578391ffb629f5b7b803fb2f52373ef38dd156115e73e5f64675d28ef1f02370db7fe727d6a93cc2aec45095d38fc0903394e7fdcbc6734b6c5f8e8c2ea2580f4bf3c347121c286a0f9236add421b5a116bc0063821257a5aa747d8f01c5d9ac4cbdcf47d1e29fee6
+	C = c22a011d7bab672737a23958d81a53f3071944e764e1a8d26c27cda24ef609be1ab5c67f4a08a9cc9285fc90d594f0c64bebe84e7d91d2e6a88c9062d7a74d8ce0d1435ea92ea592410245518532e2daf2516a8f2509c0d32c463761870621cd1132120083d71b5434c3bf094605da
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 946d47881fabb3faedc6cac82092a257e29e4dfcb83e99017df6dff2e3cc4884
+Nonce = 1c8554a4ecbcfb8386bcfabcb95936c1
+PersonalizationString = 25d14a1d154cf5f2f08979f5288037b2307f8b2d6d110b89879309e0fe3f2cd5
+** INSTANTIATE:
+	V = 7c43c39f2ede4d45eab1881b7800de55d890b139bc28adb3f714a883b6abfb0831cbeb1d561d81eb1a84cab3baccd0a4c476de858718422fa6a582957d637e3560fb4058c16951004fb9322735aea9107c23926cee720993053c4f0c31862c604b7a8b3b9bf2adbe5661b826022f53
+	C = ee360fa87c9276b784201a1c256405a3d0c5584b8659f77508e18ba5ef673d1322215f245a2e4b8e61b335f146d9a68d1b73f6300a3e38cb1bfed22d70cdbf1d4d9bcaf70a3690c2927b1a86aeba1892de7cab9ea4b1322a15eea9a53e26486d289b2f813bbc8737c02d2ce1af0fde
+	reseed counter = 1
+EntropyInputReseed = 04a80547db907db87561f61af382ceab2b9f00a066c8c1e53601f4bcd3161645
+AdditionalInputReseed = 
+** RESEED:
+	V = 3d3a4fb941037cb0db0a874fae9781fbcf4e9b95249c92c7ed279a5a156a016f1d4fe053fe4083d04383668ca5ae5a3f49bf3bc682ecac0456e27e9c1082d2a4bd8686a964fa8e172f8c53b86c435c21c5881f8b1dcde2f0a2fc9ce1b72141241ac7a2c380bb7b9007bd7145f83825
+	C = 7ddfab9bea5df26f057d35a258f2f13f04fdd3a755ee158dbc6eaeb3cfdcbb0e67197f2131dd384ab0f62e510c2f68ecae8bb9855e1773fdd6bff70126763e8b2a81a758e0b60f8dca03996c72ea86e2c506d5b8ce8e8ded616131c2c603fa8523206687da0a768bc264b612306230
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bb19fb552b616f1fe087bcf2078a733ad44c6f3c7a8aa855a996490de546bc7d84695f75301dbc1af47994ddb1ddc3881cb4d11ce7aaafc4a28084394295b5900f47a553b4de93e26beaf9c194d7115441cb0218c22253dbb42ec15c3418444c74122765adbb9d14fe5b46b746d394
+	C = 7ddfab9bea5df26f057d35a258f2f13f04fdd3a755ee158dbc6eaeb3cfdcbb0e67197f2131dd384ab0f62e510c2f68ecae8bb9855e1773fdd6bff70126763e8b2a81a758e0b60f8dca03996c72ea86e2c506d5b8ce8e8ded616131c2c603fa8523206687da0a768bc264b612306230
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 95ac17e8e10ddf2f8073ca64771a825b6fdf33e6b102fb06eb2159e5d625b535458e7f0ac84520d509f4e58c55723b783fa7f7ccd77679bea824a1dbef0c368c2baceefe87c03b17f9c066d38156af6a73d15c39cd74517487e38e3b177d9a6b19c3178fc7d72d097492e8dbc2610fb32f9b3f116154fe5a5e8090012583aec3d22d7ff8fea5078ad6c08420ac1b41f18b339105863cf995fd6adaf9057c7b9e080f745b9046b68383fa01bd52b99a49f46837880a17cc07ff1d742f8af38e45c22b1cfce6c5c072fb69c562b5ebe15eea78c218e8e31d3ac598b826977fb95f537a1576c3a84a3ee0286fc458967297e6d2e6e5995748cda907be2221281b0f
+** GENERATE (SECOND CALL):
+	V = 38f9a6f115bf618ee604f294607d6479d94a42e3d078bde36604f7c1b523778beb82de9661faf465a56fc32ebe0d2d1c4632f100009ed7cf1d2b90ac761414981fcb258ebbbd209f4fa044dfbf9700470537fed60650941fb0852158afa289f8c98fa8544392759eb4721bc3d0dd7f
+	C = 7ddfab9bea5df26f057d35a258f2f13f04fdd3a755ee158dbc6eaeb3cfdcbb0e67197f2131dd384ab0f62e510c2f68ecae8bb9855e1773fdd6bff70126763e8b2a81a758e0b60f8dca03996c72ea86e2c506d5b8ce8e8ded616131c2c603fa8523206687da0a768bc264b612306230
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 623a62669c678c8d18f547b40ca437b864aa8c90e1f43ae44c8de20a12a1d3ef
+Nonce = a7accc00b74304f4c659cc8768d282d6
+PersonalizationString = 5cbc549598fc80ab040b477a9189306c7996bba26e69e190cb3881b127f1406b
+** INSTANTIATE:
+	V = 1e5ca5a2a46955468e04d7e4afcbb9f2347d60473d67ab2b4dfa94073be4371f82f2511944dc555eecf7727cb19434e8f720eaa43a50057a1b9e9d215dd36f519406bcd46ebaada3c6ec99995af2e56c801493659c82f28445ad4cfe2f9d532df45ae6ec9443ecae9faafb32a7d32b
+	C = 61c424b6766740171d20462f46b5bf48c1af7de39eff2b0d112421f918f6df6b501419175bbb3f661c77812a2d283c58c9445bff3548f0170b01b09b96b2c5260d46a14f48af1d8bd423afe088a2ceeacb3f65e901dec132a85050201e443da710c9a05198ca65baaaff54981b68cf
+	reseed counter = 1
+EntropyInputReseed = f07f5471e6826a8f4d99ed481b8b8445bc913888e47230b9334a81db231b2691
+AdditionalInputReseed = 
+** RESEED:
+	V = 3d968c854ace9410a30690079ea6e4539bf9788ad81ce9eae705c4ae4204cd2eb69779e6854e6b2424061d7f31206ba03425d33d4460b98626d71661dfc569e1b137c73e668a71e5ef4ea6bbc0a2f818c99a660064d839309a003e29436d3814b59db71c94c8ac373d0d2babdd067e
+	C = eb232cb1e95733d4ff4d68413c3542b20de595035b895108f60921a8782debbe07d08ff1f17d0eccb7a24e7777ae3c8c2d13f866d7c1a34efb82abdc71965e3a531b6e4f2e90dd6751e4d3a5671e151bacf7eab9d292f803017dd65d1de4cfff3e240ac40e3e69e6dea919c9b199c5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 28b9b9373425c7e5a253f848dadc2705a9df0d8e33a63af3dd0ee656ba32b8ecbe6809d876cb79f0dba86bf6a8cea88d3b4b0a21130317e02e173fd47190cc73fc23c113fd7d43bfcaac0994b0c6d661987d8b248756328750eab46ffe7211c61cb5f6b8e3fc84b922245f54f6153e
+	C = eb232cb1e95733d4ff4d68413c3542b20de595035b895108f60921a8782debbe07d08ff1f17d0eccb7a24e7777ae3c8c2d13f866d7c1a34efb82abdc71965e3a531b6e4f2e90dd6751e4d3a5671e151bacf7eab9d292f803017dd65d1de4cfff3e240ac40e3e69e6dea919c9b199c5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f3a5c881da2488605784155e6b4cd405ccfe5b93f61da365428e4d0ac9df9449c9c80df881dba443f1951e1661bcd917c50348d8feec7dcd39b84a2f483868b3e1d681e47f35d0b219e110e3ea3c631f9a6e465767cf54c2d0696ea7ebbbca1e4ecc2aebafacc4bc31890b6b2cb2d369cd1a0af579f637178089f94d2ee88a91b78d5d31899e107d0b9785b707413960516720aa35d7db5ed5bdc13385a70af4623d7b4c95fbda9ccbc032cb6c951db1973f12950cbae82a1bf733e86d82cbbd1b3d7faa62618beaf5fb10a1be8d4a4c12bc9efeeb1e3d9db0ca047c9e9d7eb84715b95ca1520a60bdf344a795b3233840804a4b25cc7bedd9b8ee84529affdd
+** GENERATE (SECOND CALL):
+	V = 13dce5e91d7cfbbaa1a1608a171169b7b7c4a2918f2f8bfcd31807ff3260a4aac63899ca684888bd934aba6e207ce57c05e6b7087cf85e60fee5f904d947dca19fc43841072443c50024bc35ef9f2dd6a8add9e4891c4808581591e88901dacf63df5b41cdf8c61d0188a63a089d35
+	C = eb232cb1e95733d4ff4d68413c3542b20de595035b895108f60921a8782debbe07d08ff1f17d0eccb7a24e7777ae3c8c2d13f866d7c1a34efb82abdc71965e3a531b6e4f2e90dd6751e4d3a5671e151bacf7eab9d292f803017dd65d1de4cfff3e240ac40e3e69e6dea919c9b199c5
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 08ce55a4314ae8692d0bd2a8166dcdd6e21b9462b3488aff1700566cd17abffb
+Nonce = 1011c67e3d9939a1272d44b8db9e197b
+PersonalizationString = 35c1925d340c15ab469c65830df85d92743359fb9a7c277e56dcefba8fb9ed57
+** INSTANTIATE:
+	V = 88109c4c6e2e71cdc1c0b59c3b203624379a62a0a32ed387c4301eefce474d6f5b324ed5d68e251ff05ec89effcee08ce910fa53f10668e21c1219d3773ef84681604d031f7ff9959e42e460f1279e0b473f7467e0886df67ed8a6c4598c36d2aa2e41dfa541926832616c0d80a441
+	C = bff23bb299f6c548091474c2a52f6978de97e864efedaa4c139c14f66ec3614c4c7c7a89b8976f51c4cbeae905a4326b18e9c7af5fe256c468899363941de169c010994df1529f72df806de6157b23d81d5c6c7fb61db3922f58cdb75ae23127bbc4b91caa6f0c4ad1bad0fb7aae52
+	reseed counter = 1
+EntropyInputReseed = 06a8e464c4b3a76e49db132101c75b5cc0701f2d611d9729fe7a58e2c28ccd23
+AdditionalInputReseed = 
+** RESEED:
+	V = 964e669b40c3f0a7a2f48ebcaae50d4cabef29bc843242a68e4a29c6fe5664ba183fcdd707f46dacdad07d2b7bd37124f1f5e0d7538793f6b1a528e3abc8f7a9bb8277b2b0f5672f28283b9771cc63c0a99fc443ca8ed5d196439567724488994bfaf0391b465fe7f2f0dc3b8c562c
+	C = 83e1d676479fd63dd44e32513d24360725d1c3da2edc0982d9f2a45878159eefc74b2963099e06589f72d23f33b4898adfc4b7cf9e9e2daa1ca2f42bb6fa1c278ffcde9705baef41219f55f7ed2ad6aab489cbb5d22aa5327bf5e363cff489d935999d84979131b95ddd47be4bdb4f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1a303d118863c6e57742c10de8094353d1c0ed96b30e4c29683cce1f766c03a9df8af73a119274057a434f6aaf87fb9727a27a3cff109aaa373dd5bde66a4c812580e8ae1a262a8f69ddc24ca2cd962b68e738198743eaff4dd26ffd4a0f637020a12831a550ccca205b600f6d20b8
+	C = 83e1d676479fd63dd44e32513d24360725d1c3da2edc0982d9f2a45878159eefc74b2963099e06589f72d23f33b4898adfc4b7cf9e9e2daa1ca2f42bb6fa1c278ffcde9705baef41219f55f7ed2ad6aab489cbb5d22aa5327bf5e363cff489d935999d84979131b95ddd47be4bdb4f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b728c0124b35f5d48f0d255bd6da07d550a8b7ea27e1881beafa3203d868043d2f9a380df20cd1eb2bb6aff006d0c53dfa936cf18ef5e57d3142905e9a50da2fa083afc033b7fc0b2907eda90f469b27c11d4b1622fcef9bbe5fe8dce693b4cd82ec48f37eb5d1559dafbd1546cd428f8641eac16c9af45b69215d0522dc8b39680fa8337ee95450046dbb23290121ce65b9da45449ef728598df68553a9230b0c149e384719f1573e09d9284314c0f2e935c506d8c2054986c2ef3b7923045db96ee1c4c6947fc53eefd3be3835028d42011ad34a326029696aa8eeb3feac73652a5ccc693e42fff659ed4750567b52d636a3f78d6cb0acfa1145873c514050
+** GENERATE (SECOND CALL):
+	V = 9e121387d0039d234b90f35f252d795af792b170e1ea55ac422f7277ee81a299a6d6209d1b307a5e19b621a9e33c85e4025296a258bd2e24bde3e9af35a365d146e6704cfc65227738d7e8c4d60703766967293c5385905d577566b4e0116c3d4182590c66f92a4850bc49c27def81
+	C = 83e1d676479fd63dd44e32513d24360725d1c3da2edc0982d9f2a45878159eefc74b2963099e06589f72d23f33b4898adfc4b7cf9e9e2daa1ca2f42bb6fa1c278ffcde9705baef41219f55f7ed2ad6aab489cbb5d22aa5327bf5e363cff489d935999d84979131b95ddd47be4bdb4f
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 3407e666dcb9e5a47a31606346eb8d80608c1c210c450235ccd9cb17e61b2202
+Nonce = e8e4a3d455dc30d246035f69dd474c7f
+PersonalizationString = f37a8901f4ecadd266cab8c87fab7c4d7cfad3e265959f590ab813a59df7260b
+** INSTANTIATE:
+	V = d06cbc599443b7bb239e9b0465d736df2d50d653585a8d2431fcd8d790fc8226720387890654b790fc48bc8c9ad34eadd073cfd17a9ab59ae97077a856fd62a87b351436282f7d646521da70facf6b19b0156eeca17e7ad06ba8f4497d2843522624844779896d9430cb6df16610b4
+	C = 0667396ded8be0f40e1a0b7589aa5d23c89f7cda2967e359ca9f6bc5d1fe4cd140075fa08fec0698cd5ce5e5c5d52d2e4bc6e65c46cb07e85215dfd7a5b34ab71480f92df9f7a5a80db5c9c508a9ee6efc160a3884550580ad829107610ba987db36257034672331773b3588d5f4d4
+	reseed counter = 1
+EntropyInputReseed = 433bec7a616a39f3c6057683ed4668858750dcebafb8c7495feb69895b8f5f08
+AdditionalInputReseed = 
+** RESEED:
+	V = c2f0aabb722513ea9e3a650c3ab662c76db682e9f55c0655ffd076b64af4467e106ba996723fe2d8ecefb0af986a9965deb94ad1f1ef7e27e77088874d82d33f4d2c4cf43b93336fb2661f0da7749c38ddca8ceb5f413c73f9920e7652e30c97dc29597c827cf132b921da058debad
+	C = a905b2b211229de84a15ec2ec73efe59695424922176fcc4281ee155300fce2fda5a90d3c7c4e3e4f5a99e4ae75d4972b276e3fe5337aa6505e750577b9fdfb9d2936037a193e35c65248be9dd3a073a32c69e8904db72b8d8aa5619e96742786d6d4cb4dac922203e5d84606bdcf3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6bf65d6d8347b1d2e850513b01f56120d70aa77c16d3031a27ef580b7b0414adeac63a6a3a04c6bde2994efa7fc7e2f99f91b87e7ff4d6ac59cce800fe5639cefecf133e74b534641c043908bccbf330b2cf2a526781577a3a008df4d14d36ed7064f08f3ba56db3d0e7965c2758d2
+	C = a905b2b211229de84a15ec2ec73efe59695424922176fcc4281ee155300fce2fda5a90d3c7c4e3e4f5a99e4ae75d4972b276e3fe5337aa6505e750577b9fdfb9d2936037a193e35c65248be9dd3a073a32c69e8904db72b8d8aa5619e96742786d6d4cb4dac922203e5d84606bdcf3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e39b55ed5b03f2aa4fd4781e0322c6a73691987b4ecde2e96f4aea0f8440fb3fdfe4a12a9098f81b20885fc0468eeaa8120751e7eed47d198fae3003bc87e1c85750e1827fae103327f1499815abf9ace5d04ff04f93c66429934929b840ef8666691765e5afd57da14d45d8149139d83c3b794f9a9854046b455cf45bcf7bb8dd80de49a660a7eb3e833e131c36f1b6f80c2d0a43ff92b5e68c69676c10e02d8363ca9acbe5e9e8332d1e29d154c0b750952fa535121b711ad99f002e14b25ee904ee4f6de0f438622068ad431e6edd8ca89a2ae546e69df7792d7934063310f8c9eb0ab1ecac952e70e8f0bdd6982f1ab3238bc6a2550f23b949d73d102536
+** GENERATE (SECOND CALL):
+	V = 14fc101f946a4fbb32663d69c9345f7a405ecc0e3849ffde500e3960ab13e2ddc520cb3e01c9aaa2d842ed4567252ce5cce11c5cbe811886509909eb4975f8bf8a4a961611e6ea44daf09559a8d51cbe806cedf45292c78e8dbc31f200e3051a3962558d18c8c74eb64c4c327c3e95
+	C = a905b2b211229de84a15ec2ec73efe59695424922176fcc4281ee155300fce2fda5a90d3c7c4e3e4f5a99e4ae75d4972b276e3fe5337aa6505e750577b9fdfb9d2936037a193e35c65248be9dd3a073a32c69e8904db72b8d8aa5619e96742786d6d4cb4dac922203e5d84606bdcf3
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 38ffe955b0dc3137255c6f291cb657f9c3332a7115e996c5ae9587b3b6d5338d
+Nonce = 53eb4bfa6a8fe768b1a0ec1549983827
+PersonalizationString = c1a0c8c989304396329b1adedeeeb3ab06ac2bf967e1540b186a47965f20ea97
+** INSTANTIATE:
+	V = 2f4f6a72ea0a4328e63e6b47762093fe7a7ddcc5856f765fb20422d443f03ef579077589438957b8f32504c95f3d6619087e5203261680e1b3186a61fff7aa26218c0cd35d911d75fdc6d614febebb86396f4124e3014f6fcf3ab47a65a6e3c41d52f761ad2f1c4d00ab70a8a9fbd6
+	C = 1c47ea2e658ef723462730d3715853564c734546205edbc27c507243ad16f1cfd79fefa6c1612c0aa94bc36586d68343b59d907fab0d034e3b8acdf1562457ace1a90ef7fd432128dc67c4154a9771c08caf40ead8c832e645c56071811d26ade1f14ec7f80ddeeb13cb521e770e01
+	reseed counter = 1
+EntropyInputReseed = 0f29b0241fd086a5c15194f67b0615b790258f9810164853ce7d0cf25919558d
+AdditionalInputReseed = 
+** RESEED:
+	V = 1d68e22aaa47bec3774e9c3daa7fa1c9167b9d1fc825fb6c5047a3f0bdb77a62ac6fdc0d51f064f0410bc90790ff7c4361c28ed7fff5919ed61e6e22712f3958e667adaa2bd61b624218e8d0b9c6f95fad1ab197d4881d6b011471cb859b78284a54efa241b63159400840ea9926d6
+	C = d007070f3b13a3b099a5f1af4b6cf76127e032c254b5a6ed5905a9b024a12478b9464182956d6f7488a5d370695b77187d1992a89ed73c903d34f53b4fba3fa4b280cf5db8efc4f64fb5b3a00913f42193fb6578f5db5a997d9a27bdd3a30c563ae6cdbdf6e07f152d89218d9576da
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ed6fe939e55b627410f48decf5ec992a3e5bcfe21cdba259a94d4da0e2589edb65b61d8fe75dd464c9b19c77fa5af3bf2673575bb235310f73ca72fa05ed7360488ada2226e1b8ddb30a317d9247570fc302728ca863f818b0fbbd1cb68fc5454e7c523c1be7efd669c476adab564c
+	C = d007070f3b13a3b099a5f1af4b6cf76127e032c254b5a6ed5905a9b024a12478b9464182956d6f7488a5d370695b77187d1992a89ed73c903d34f53b4fba3fa4b280cf5db8efc4f64fb5b3a00913f42193fb6578f5db5a997d9a27bdd3a30c563ae6cdbdf6e07f152d89218d9576da
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 71eb038c1b4356f5a7259dc5de232b527d4db8ab8e6690086957e77c600a8090cd8e78f51411890ca9ce189fc7b7ce1e506d8fb33b9e36a0b12258f99d471a0acb3b1af193d9393f78b70549f9c1c56add3f103db3e29c52ad7dc73c9eb0ea37540417e026ef2ea9d98bde002aa5e4b59ffc9093deed93f8ef27003dfa0c17d7e1dcff16d365927565da9b283df6132b54487a78adf5ae703e68360810dfc3be0233ee795a843d325745c352e9a12ce84439d73157fb0ddf3d266c222a08d3a13ce5a71f6820d475ea1d828827ced118865dc08b1e44234194fa048420168f8aef50d9f86644abc63835c8d78f57054cf48bec601d82bc47a8a765f38b6ad731
+** GENERATE (SECOND CALL):
+	V = bd76f049206f0624aa9a7f9c4159908b663c02a4719149470252f75106f9c3541efc5f127ccb43d952576fe863b66b8fa616b4901ff5469daf4a0fb3ed61d5281111279b7308562302907db5acc31ddc89074431a670503af8efd681f4c27ee8dbeb79bb93ae630a2bbf3b8214e07c
+	C = d007070f3b13a3b099a5f1af4b6cf76127e032c254b5a6ed5905a9b024a12478b9464182956d6f7488a5d370695b77187d1992a89ed73c903d34f53b4fba3fa4b280cf5db8efc4f64fb5b3a00913f42193fb6578f5db5a997d9a27bdd3a30c563ae6cdbdf6e07f152d89218d9576da
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 45e924d73fe2bc8391f8cc7b5297027a4c2d3fae76fe387437b84d83501a6460
+Nonce = a658b87198685e2749782b2b17f0d03b
+PersonalizationString = 46cff5218cdfdb3f889b885a1170987fcc9a6f035e95ce23f9e67d57c3a5ca2c
+** INSTANTIATE:
+	V = 68cca7c9eec24b6ad8c7dbd14b944e3caf0d842c74be017daa80cafb029fc260b5cd66c74ea9784d219de14f59c30379d10a4feca7cd8a4c2837ae5ef412b94b90baa9c242d8cd3b219887c94deb9264930910587429dc116d98b03acea89a0fca10084b04df4f69d19b9c7634f9dd
+	C = 27a02a9c3fcb92d427ad4660e1812c5cfc0773a7304cb834d214abfc281ecd4c7353d5cd8ef3f88f09619b1320f3d0c480a95ded4f1c142d21aeb35acc382f173da617ef5665d46e12db01e0aef31e8a831d466708d47f432992df8e014438fcc3cde8d1d971cdad7a0b8bd380b8b3
+	reseed counter = 1
+EntropyInputReseed = 4a68662ee0bfd76291741e0da51ecd3b5e7709f2c09f47548667c50342f69a92
+AdditionalInputReseed = 
+** RESEED:
+	V = c7424593424c0d559b799d353300060fb1653e5831e6ae0b61f4365be32297a7dfd6ad7117a9ad25315ebb26e773bb5404c3c1d80ccdcec8a83148521413a8132c46785418754fd640261f90d5e5f40d43c713ff79f7442b867724364ef7e660506b3f7e82a6fbeb224ba9b8af90fa
+	C = 768b094eb5fe9e379106ee5fe7ebfa821132c98fdc003e916a7fa2d9a18f34ea9ed48d4ad40bfab7daf534ce724ff6d405985953128e67ee4285ecbe4e1d043c1befb2d4e3cccbc42b882f8ad5beb556b1cf9edd1e2e29e5797691420c45f3b4134021e12b2b7e65456befe109f697
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3dcd4ee1f84aab8d2c808b951aec0091c29807e80de6ec9ccc73d93584b1cc927eab3abbebb5a7dd0c53eff559c3b2ca0b6d2d5a415b836dfd57dde2906529209764fbc0dd111fb40dd00ceb823d701a428f7fc0b85f028da94108c5eccc4c9c7c9af043322cbe01d9fe5fb0ee1970
+	C = 768b094eb5fe9e379106ee5fe7ebfa821132c98fdc003e916a7fa2d9a18f34ea9ed48d4ad40bfab7daf534ce724ff6d405985953128e67ee4285ecbe4e1d043c1befb2d4e3cccbc42b882f8ad5beb556b1cf9edd1e2e29e5797691420c45f3b4134021e12b2b7e65456befe109f697
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a69afe9d05004c3f4dfd99a58e7ccccf45c7998f8ce3c3b69a6ef3058cebc27fe698e6df53b582cdf168e5844a76d05845d305c7755194df580d771b4b977761ec338fa311f0e0e645da965ee90ceab2f677bb029e04ae05fe8645d8a9eb77436e58ad4f1589fadfbc4ca38f4f1bff60bedc9749b8a45ae86e18cf109134484d0699d7a86f378d5724d5c202337ac46a3c14479e9d0e43c28770aa636918f0796c9ff28e32669dac7d2f09a0a254b010c7c985a6310180ea4f202e2e933e163fe8850850c0172a8446303b5762ef3da12de23f547701082bf26a0a09a048c2b50680d4b4229422fa65815cd42f8c2793046633ca3226f23c0bfdb6265333bc4f
+** GENERATE (SECOND CALL):
+	V = b4585830ae4949c4bd8779f502d7fb13d3cad177e9e72b2e36f37c0f2641017d1d7fc806bfc1a294e74924c3cc13aa34e07de9e5140322e7db48bbc9075afc09c0fad9f88de9066205f8e500d82ceaaeea4573e2dd631df3df442321555f86a477125e11a829663ed0523001caab02
+	C = 768b094eb5fe9e379106ee5fe7ebfa821132c98fdc003e916a7fa2d9a18f34ea9ed48d4ad40bfab7daf534ce724ff6d405985953128e67ee4285ecbe4e1d043c1befb2d4e3cccbc42b882f8ad5beb556b1cf9edd1e2e29e5797691420c45f3b4134021e12b2b7e65456befe109f697
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 3f58de03b2dc7a27081bf2fa23f33d15b21083511edf5177e1cecd9a0e4ee56e
+Nonce = 2e1d214b8b5cfa98344f5e2363de3050
+PersonalizationString = 7356a58e1f70a1e62d8e6d35c81f80ec92edfd5c83efda0d188d7a48e982a1ad
+** INSTANTIATE:
+	V = b797836bb8863700e3c391ab6617085da6ecb25e75d4e75db348782dee525343d3fef42c13f935fe492e3ff0ee7922e3d5f0c50a570f1688c7efbf0e8beba898691dfd2f37f186077affaa82dab60742e727de8ca0879b99f3aee2fe9b82d90a6b4676ef75a06a4042512a6b09bcfa
+	C = 206735c40fb7a7e41361b8f247e8666592fb266c704288cb320db5c657be53a208555639169fbeaadec329e017b0e1e9bbc7b17ec407f27d27492441ae0b51342b87a9ff077f6ecc0d8645567381397105e0940b2b49a8a4e7f5cc34bacb0bbf50439cd106936aba462eed948aa896
+	reseed counter = 1
+EntropyInputReseed = 148f6417b2ec7efbc3198d0c045d72aed49ac88e9941ed4f2cd7bfbe0567b064
+AdditionalInputReseed = 
+** RESEED:
+	V = 5aba2c5128355217566d920c5eb9a4b33477891d958d8d359e73fe25d17c9b96057b9531d21bad24c8dacaa8c2140549f6ea5e970c990b62bcd7513ef7b9940703ed9e2e7b8f2c4862be9d8a5f9c99f0368ef2022bda9104c526fded16b678983f40d0d4db002f0c9c0758059615b4
+	C = 69b0885b314c223c3f033820ffc27788c7a18487a90949c8cbc41c0f431b4f6a2df25f3600cea7f8a2d9d0b2fd8af2355a0910d0a7c3d1ec587a22756f53d07dfc22aaa4e923d2131200109d3feeaadc9fa62787aed6ba3ef1c4f0660462a235913cebab7095b4900402b56a1a9478
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c46ab4ac598174539570ca2d5e7c1c3bfc190da53e96d6fe6a381a351497eb00336df467d2ea551d6bb49b5bbf9ef82e0b7711b593a4a9c038e69d96cfca2523cf26d990007119e20fee5925248f4cd1612d205c1e39cc09a43f8042982d064a3ad279a04d3b5db0fa53d51b229bff
+	C = 69b0885b314c223c3f033820ffc27788c7a18487a90949c8cbc41c0f431b4f6a2df25f3600cea7f8a2d9d0b2fd8af2355a0910d0a7c3d1ec587a22756f53d07dfc22aaa4e923d2131200109d3feeaadc9fa62787aed6ba3ef1c4f0660462a235913cebab7095b4900402b56a1a9478
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ca227e4671960be6cc5812e86d0eaabbe4c2e99440f561a334da0257e94c08154c54531496e1a563446a388547565ff8f8c50a763dbd9d7711f59e5a4d3cb7fa7151de0aa61415dfce3f55cdd9a41fc13cb77cf06aeaedc1868356af7172993e2d03edae87e913483d5b80f5ac918a77203a0c58e9d5b791b2ccf39dd5f0d0ab04a580cf0ef057af937e8244cc7389a854948c012cb5626445293d7f45ade0df925d717fe64927436530383cf1353c0c2c5a5c57a3f8a36ac9ddf47b2a1c9d848656144cfc083bdf47d49cc0cbd1aa1af3b0a8f108391dea4b6be2eb5969f72aca605234ae912addb1d9cc0ea8cfd2a25824cce551ed5018404f61ceb1977a28
+** GENERATE (SECOND CALL):
+	V = 2e1b3d078acd968fd474024e5e3e93c4c3ba922ce7a020c735fc364457b33a6a6160539dd3b8fd160e8e6c0ebd29eacb9f2832a3506c338c94b715a8c68ef3df7698e6b97889ea3734ee74f42482f69797d792024cd8ed76005ad6e629b25cd076a672b76f9267285ae7924c05bee0
+	C = 69b0885b314c223c3f033820ffc27788c7a18487a90949c8cbc41c0f431b4f6a2df25f3600cea7f8a2d9d0b2fd8af2355a0910d0a7c3d1ec587a22756f53d07dfc22aaa4e923d2131200109d3feeaadc9fa62787aed6ba3ef1c4f0660462a235913cebab7095b4900402b56a1a9478
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 8a41b87b91eb5fd6f1fc287f497700326788040e89e78f4566a095ec398c450b
+Nonce = fd975059af8b7d9b834899362243ad6f
+PersonalizationString = 0f6337aaeffa6b97060b2c1d55dd650853c8b7ff22bcd04b9d26a9a49b15bed5
+** INSTANTIATE:
+	V = daaa45a8c4446cc0245531918618907d988b8f485314f78bd96973122556a6aa45fe1f207d5d07835e370f2c27e49893f79897d63a8cb913407a2b17b4a969448ce445c950f0ea0f38b5ee4f7976d8d8c34f72109fad21f11e9e8e8c9461110facfed2f778568bb32a230b172deb59
+	C = 679850328a83454fa643ab2c6e0a5640a3f3bcd9f1c031aeebdf6b9cd01a8a54faa81e72fe4fb859edb9e5c87ad2ce1e866da2614801e68c830edb96551ef003d0f68f7f05a8a813c28362dcab83fa124906e94662137f390f318921a60353102069b1d2bc1cd268b284b5cd774485
+	reseed counter = 1
+EntropyInputReseed = d4624cd83490ef7299f2851e970b5d4392420052d5a0188631e1d91080729bf9
+AdditionalInputReseed = 
+** RESEED:
+	V = a45ecde8ca416d429daeb4b68b9299f8b2956ee6d405a3a4c04da3667d9c719bc0c1cf8d635ac6e88cec6075c6d5f88dc733c7d905f17f285047abaf0f09179ffeb67501991de693e5959186bb054410d7577162078967dc45acf985b5974721be78d471e176e034f4f4e502ff40d2
+	C = 59d98802b0763044fb725488672dfff03fbfdde2441effeebdfdd1f367a710707097a3eddbc4e0e54fe534d7933066f489282a52219a9971625518488852a6398a3d3de6f42edaf5ea5ee3c2ec4413fbec4c43c58f72adb940645176e910d29cfc696fd550e37c801f91be05782048
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fe3855eb7ab79d879921093ef2c099e8f2554cc91824a3937e4b7559e543820c3159737b3f1fa7cddcd1954d5a065fbdd84c4bca2bcca41c743de7b34a400f6e1b492d45bf1671691cd4f8bacd8c079803a3794b9d05109d7162183eabe9b7beca6387fcf8507e6e41e9181fdd5cd4
+	C = 59d98802b0763044fb725488672dfff03fbfdde2441effeebdfdd1f367a710707097a3eddbc4e0e54fe534d7933066f489282a52219a9971625518488852a6398a3d3de6f42edaf5ea5ee3c2ec4413fbec4c43c58f72adb940645176e910d29cfc696fd550e37c801f91be05782048
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 78912cca929228aeb14aaafa223480653c97a65d90f730c9a330d3d57cf6acbc029c7d584a5bd16a269fd900a370e54eea696996e05c6157f224127ccf0e721768e9782bbf38bba6c1f4b6fd9eeb8231fc71a06649f564c498e65df942e80ab408f6a2bd11e1f02532984ac965db1a37c2d2fae85a243810eb5c795cd66765c34c2fbb2cb0e396179891164b0d50ff3f382ff36211e45693b6918795da2caa8c1f1ca98446c58a74a7c9903a6763f06e8ba91da251b16fff8ad793dddcfd90dda4217f546eb4ec2ec27ca321faf78d740b3fdce8593cf0492b90e115153b27737159448e43cee29f055bde94d0528cd5f0a54fd8f43db1db92bb58aeb840b31d
+** GENERATE (SECOND CALL):
+	V = 5811ddee2b2dcdcc94935dc759ee99d932152aab5c43a3823c49474d4cea927ca1f117691ae488b32cb6ca24ed36c75c03ef4246525e9552c70410f368693a72d307c3ca1fe2c6d45f3a3e4786ea8781cad5071e207995ce14cd67e92565ba6192ced60991951b169425f36e68c466
+	C = 59d98802b0763044fb725488672dfff03fbfdde2441effeebdfdd1f367a710707097a3eddbc4e0e54fe534d7933066f489282a52219a9971625518488852a6398a3d3de6f42edaf5ea5ee3c2ec4413fbec4c43c58f72adb940645176e910d29cfc696fd550e37c801f91be05782048
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 63b4507164427908200349b5bea929cc27f0885af8910abb5bfbb639f01879f4
+Nonce = a2b060a8f1eb046015bcdf41de26eadd
+PersonalizationString = ff2538d8b2eaefe11daed282bcb902ec17e427761f52876e0f710c16a66fac46
+** INSTANTIATE:
+	V = f45a46446cce61b687c45629f799325d9936a3ba96544d99d5222c0976a6f156a1e59446455a778af5543725dd1b82477e2ea439a698214aa2a7d5c6803c2aa68bc21bb99972379a666cf5d5d4116117ab1fcf6c2ef72a4aa8041c5b4becce0ecbbec14d6d52be942d5f42cbb5b236
+	C = c927b3f68ab4d37c14a434152de34d27466f670e21fd140e0724d5db5efe47db33b789f35ff001921520318b71348a74b153d92e518336881c5e98c629065182ca490a8568dbc10f83b854f47d0c898c094ce4ebd7c1429bc07a854173ea4aa48e29a90b3da8a133a9368a0bf9c6c3
+	reseed counter = 1
+EntropyInputReseed = 95dfc171ae19f98eaf3042867ec0e693afaa647899b50172cbda1bb06f50d9eb
+AdditionalInputReseed = 
+** RESEED:
+	V = 458017c7f51a5ca756341867d3e8a38bea826114e1f96ac31f60f668fe7bc25368cfc1f0b916ca81b2e61404c13254e4e8e6e234bb424293c9fe1e59363df4c6056b06b38e7cb2a740dded3b077c4dd3a256fe0a05f4890a0432aeabd54d074b17219d2242db1888a948fe565b629e
+	C = 884814b1ac55b3e3f5511eb07dfb8674515988bd095d903a63f28fcf444ce2ee4f5fe4c27c7d49bdae821c7cf2dca84f6522060c16383f76cf4966b24f24bd7f4df85daf97ae6c81661b7cb3d781957463e99c1414eba9357ea840d0dbfc87fd8b134d9aabe8cccc1de6c51f695844
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cdc82c79a170108b4b85371851e42a003bdbe9d1eb56fafd8353863842c8a541b82fa6b33594143f61683081b40efd6e12e1fe4a5341ded6a251e1534b19336c99425b99bfb465ab5c2c4f94ffb3a280ee775612d5ca7995326c9706f2fe5f0d4956d4539c3624bcc139f1098e7203
+	C = 884814b1ac55b3e3f5511eb07dfb8674515988bd095d903a63f28fcf444ce2ee4f5fe4c27c7d49bdae821c7cf2dca84f6522060c16383f76cf4966b24f24bd7f4df85daf97ae6c81661b7cb3d781957463e99c1414eba9357ea840d0dbfc87fd8b134d9aabe8cccc1de6c51f695844
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7d67cce088f9b12f1739dcf6df39b7235f007c7f4c3fc1f871e9e4abd44efaf9aca6f92a00bcdf5b0497aadf076edfdea2ec35120edad81637357c6b35f82650731f435337e990704db2c1f2a0f705a9707d04b6f50881601cdaca650f146df9dac9ce974cb2f94c91f1fba16ac36ceb61dfc1cf4a7a81cf79a2c8a81b5fe8b6a2a24127db8ac4a4ba34db5bbcc0c8ac6f753e9090c3cc625f88a6c969c5bb86e23dc359146d0490e8d55160fc291bc04b1aa7f4c51dd1b6d843dedcfd66c3167330c9633eee926e1c38092f3e87629527ba3ebdee5910933ff0b5c27f6e23625d1ea1ba38017d402a3437a1e0409f1498419697edbd26c22354f53c997b5142
+** GENERATE (SECOND CALL):
+	V = 5610412b4dc5c46f40d655c8cfdfb0748d35728ef4b48b37e746160787158830078f8b75b2115dfd0fea4cfea6eba617672374998d63764201ea8deb18847364113b88b92f5efd5a3453ac98fc82678f5fbac8f90d71fdbab8649e7d340464344883012d17a961a1c70fc6c8dce3ba
+	C = 884814b1ac55b3e3f5511eb07dfb8674515988bd095d903a63f28fcf444ce2ee4f5fe4c27c7d49bdae821c7cf2dca84f6522060c16383f76cf4966b24f24bd7f4df85daf97ae6c81661b7cb3d781957463e99c1414eba9357ea840d0dbfc87fd8b134d9aabe8cccc1de6c51f695844
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 50f6c8c043f46beb5d1fb612a73227a4767c4b73ee7f3321a60f96ff2f4b3fe7
+Nonce = 185eb38be58768e3d2830abc1f86e688
+PersonalizationString = 9a97d6830a3a37a97a13e41125e1959adabb8138b03c64fcd7269d3efe79e04d
+** INSTANTIATE:
+	V = 4763de8dd82c24d25017f6fed2d990e00b33533fdbfc59ac709368ee263b282c4e5d1de92b99bbbf78befcc8d0f7a4c6224cb6fee89ac6357e2fbdf7a74561ab321f6c3bab34b59cf20f6b3208b0c8c8137e9e71177299196f404154eb7fcf8fe7564c1b90eb34b4031f8e49692980
+	C = 133340cd99ee6c283d330db8b584fe5ba48d2247218fe2d4432f8765d85c0aa8b3dd324b6bfeefc775c51e834f66bcc274e6bb71fbec9fa1a0934f97ae1674aa2fd9b75f1752d8e7a1c88091f0fa5b2b34d422d14bb227341c28c6c70815daaee0bbb999970aeba30a2f03c44233ec
+	reseed counter = 1
+EntropyInputReseed = 567e184ed3cfed2f22c6b2e8f04f6e44fc5168627269284a4d4ea0ae81674098
+AdditionalInputReseed = 
+** RESEED:
+	V = 05d18d9116823438ca1d9c48f7c4e822d72ffa7e5230a2bc64c359f4a9babaab3e60055633b15e463e6bb8ace7af06f9372743d52b38e1595c05c39ea8e446fd39188a0fe89d89a667960748a60a3b35718dd258203fc80361930e63290345d7d7c7dc4908bfa7a098337cb1a30205
+	C = d96c8ee8af457f0056c7b1759879a5331f6974d86978fd5cbc723a1ae6196e1de7f5f741013ccd9ab6b17b7bb3f83361b6788829ca7115173cc6f0f2e0a1b2c324a0d0b6bd3005f0ad21108abf796a4e583f329986f65224fa0a5968a36b77570c3223e911f6306ba2945347b1f721
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = df3e1c79c5c7b33920e54dbe903e8d55f6996f56bba9a0192135940f8fd428c92655fc9734ee2be0f51d34289ba73acbcc7b13c25e509bed0d90d9c7a98e9eff74ace28b9d7cab435508968275c195eb5456b58cb73bde252feedee474cab21e16e4d867e7f9ad0aaecc998398a7d4
+	C = d96c8ee8af457f0056c7b1759879a5331f6974d86978fd5cbc723a1ae6196e1de7f5f741013ccd9ab6b17b7bb3f83361b6788829ca7115173cc6f0f2e0a1b2c324a0d0b6bd3005f0ad21108abf796a4e583f329986f65224fa0a5968a36b77570c3223e911f6306ba2945347b1f721
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 099f98641d077938b0fc380f4053aec7f4170f8331b27eac2d0b38bbaf9749ca8a22cf76feb8f5e87e134836fcc5e8f916063f652334dc6d9307f0be08a3bb7768f092dccb8a721998f8544d16a436b470c5849267ed90fefc11d2534715c51e71acbedfb0f534f7b8a90e255f090e6768dd14c09e3c6ce4eb13ff45493807b9a3a855348143a60ba63c5b2fe99968fa666e39e4013a4af251bef9a4b80950839d372d1831fd3245968c78f74d02902a191ab05e328d9f93f95b7de7b4f42d651992267eb1ce0da73ce416b8bf636ef5681cda090b832472489368b6bbb55d9e292c397910b964e4c6fc44d9b43d31843d3a1276793287e45b5fc6d38fd29b54
+** GENERATE (SECOND CALL):
+	V = b8aaab62750d323977acff3428b832891602e42f25229d75dda7ce2a75ed96e70e4bf3d8362af97babceafa44f9f6ef00800872af498a6426e8d4300f8689c53246b83e35e41dbb5b15dbae1e13542a5524e83bf315381e81397646f002f32410cd128300df6329d03706363be1175
+	C = d96c8ee8af457f0056c7b1759879a5331f6974d86978fd5cbc723a1ae6196e1de7f5f741013ccd9ab6b17b7bb3f83361b6788829ca7115173cc6f0f2e0a1b2c324a0d0b6bd3005f0ad21108abf796a4e583f329986f65224fa0a5968a36b77570c3223e911f6306ba2945347b1f721
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = be9258e373126d68b0a9f3d90c5ead7a81f811227101add9130eeab4efcab40b
+Nonce = 282204eaee6b7ec530176287315f91ba
+PersonalizationString = 49d6e0e551aef0e9a46d9da24e0b5b4f4d2831750d7e4504201a977af601d5d4
+** INSTANTIATE:
+	V = 6af4566525e00259ba21faaed680205140226de7ab374e8f6e525e62e9b3504f458ade2288cddd3cb4f8009ec69e3ac357e210485879c635fbd3c5e1fcc986a6cf2c4af723c8e344898c94435a8fb9182bbcde8cd7b40f78b7911dd076269de6b2d3297336296ab65cccb023c81f1c
+	C = c9d5a2ea70f17da834071715fd943e1ecbaa2d41d5fd59ecaf5d8d47a59965fc0e103dab9f54f405934921e871e64d6d2c9b3627f779a80a60eabbfd9b32207ce3a6db4e0b95b76d9e9e4270d916c57caf999b51fbeaa8a389ac4c4b7e981f7eab975b7f98b7b8615e87072a8e045a
+	reseed counter = 1
+EntropyInputReseed = dafb0782e9b22a3f508ff28d9d57af716447c680bb3171caa76b8a649743b4a8
+AdditionalInputReseed = 
+** RESEED:
+	V = 6417e17b7bcb76ee70ab515f29c846ff5268442d5c1e35421d5992bde3004bb0f61c2aa17ecb87953b62e323a4cc130b1d286511d7a441c2ab2214e3e9df292941cd830a42e1ca92afb847538d6ea28d23be3882de21acf072fc86095f5c9276dec9fa9a866c1ce3178911055eb49a
+	C = bf6fcc61387716b6bbea90cb94eb5ea6df868fa0ba2a123fbd38962f3c4f5177ce7d634b2b390862c30bf50e824336a8cab8ccba443d806990c8a0fdc089cb3ec58fed9dfecfb0a4ca1c03e6a2b5fb25e5c9450306748eddb954ffe9855d720dc580bc1285f5797e5b67b5a8160751
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2387addcb4428da52c95e22abeb3a5a631eed3ce16484781da9228ed1f4f9d28c4998decaa048ff7fe6ed832270f4a981c2b90b1c63b8aa2aac9e2bce436455dba12519d52a62a907226c4f7ed8b1ec5c35506f039b0030782d301c1885114c863afb785e651c1e94f9bc8deb60ade
+	C = bf6fcc61387716b6bbea90cb94eb5ea6df868fa0ba2a123fbd38962f3c4f5177ce7d634b2b390862c30bf50e824336a8cab8ccba443d806990c8a0fdc089cb3ec58fed9dfecfb0a4ca1c03e6a2b5fb25e5c9450306748eddb954ffe9855d720dc580bc1285f5797e5b67b5a8160751
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = aad569803946fd12f786bb910238400ab5a0d278f26c9fa2d2bb8c5cf912e990b5bdfc920bf76b87084691908a3eb99da9f41b538dc59a94d65bddbdf1d86ad25b0f560119644d43d2a3497d076789caa81459dfe2f38c4b8795702eabf85a61bedbbdcba46e718e503720acb78319b5d218cee42578ca627c2fd20046a40bb0b7c96e1ffd673d6c3bbe92446d1bc25c450e0592a44c37832ab59a085294aa23ea500d1170e03ef2ce04e916b0f3f08bff3151114341c6a4564a41ba144fdd61251f59b416348c824036757c3bcb2785fdeb0731a581dcc7629754ead205e54c261e555b2cd74d869755072b81aec5adbf11629640fe9a10bc6d51235f2297f2
+** GENERATE (SECOND CALL):
+	V = e2f77a3decb9a45be88072f6539f044d1175636ed07259c197cabf1c5b9eeea09316f137d53d985ac17acd40a952817b58a4d2046c6941d5353d34b6c64c2858c88d2e2ad1dda49e36ead1e086a67ab3391fb9b05ff6b448ad37912c0302edd5eb0921e14f6e3c10490374f2e9f6f9
+	C = bf6fcc61387716b6bbea90cb94eb5ea6df868fa0ba2a123fbd38962f3c4f5177ce7d634b2b390862c30bf50e824336a8cab8ccba443d806990c8a0fdc089cb3ec58fed9dfecfb0a4ca1c03e6a2b5fb25e5c9450306748eddb954ffe9855d720dc580bc1285f5797e5b67b5a8160751
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = f94e2555ab870be715361edc1bbf283ddcb439aaa761d303022256f24a5cebe2
+Nonce = e644ee0e049a08b4aa98383ac1f39a67
+PersonalizationString = 01d1e3c6e0e1445c2514ffa383ed78321206efc6fb8737bec14dafc9f9eb23d2
+** INSTANTIATE:
+	V = 8eacbffa90960987083c2237a6c025c750816580424251fe4e723193972b0258a7ceb52a3f36f19b2ca2f714bfb4ad9e66ff70d8e5df8cfa68d80982f250da4a132f4201786bcc04d1c593319b2841074d408a9655a6612c64cf1e6ef8292d04bdeee9d2a4d7ff68dfffa5dcb796e5
+	C = baca951c3d496085e4d3426f4c084a6ed4f55620ed0bf0e9d4cbf7f88a2d158a5b4b7135a3be26cb2ec3b04e5a7c8cd9c4737f16ad184c2db18ee4b0f0fdbdfc8f18c6442adf1016a3716a2c9b44181479a17793dbca124388653c7689b9e9b910d63b8d53dae250f832c6f4c64a3b
+	reseed counter = 1
+EntropyInputReseed = aaf5768cf73e330f516b4f870f2128651b5b4ab28f90b47a735afcdc42a51ab4
+AdditionalInputReseed = 
+** RESEED:
+	V = 25489ad3209ead48bc97ae7935fd5b48cbea3b16f38aa1b179c8e9e2d6e172b9162a6595bcbe11827ed7cbbe3292631a01e2be8ccc0361aff8911d10562939d93a36faf83bcc982c3c195e1e42efa6fa4b9f8d10ccdd5192374921513f2fa952f7cbc69db278d28a72ff5724cbf470
+	C = b3066789c049633bf6f870b96bdb0c1b896d1701b17af27db780bfbe19f1bdef5063af25f92225bd9ff9f0c34eaa1a12c0522ede80d6e86f19d7faf504c5ddbc62b21a0cf530da9490bbb83ab4c50c1fd825d047b586bc79ac8a43a9c77e6d542dd749ab96d61462ef91478bbff8c6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d84f025ce0e81084b3901f32a1d8676455575218a505942f3149a9a0f0d330a8668e14bbb5e037401ed1bc81813c7dd86bb22ebbdd80222a923a2081ffe0620b3f30656aedaaefe389d5711f7572945649d5ef40eaf8d0014a6b1ab82492419007fef8317fccf25bcad5b36bf921c9
+	C = b3066789c049633bf6f870b96bdb0c1b896d1701b17af27db780bfbe19f1bdef5063af25f92225bd9ff9f0c34eaa1a12c0522ede80d6e86f19d7faf504c5ddbc62b21a0cf530da9490bbb83ab4c50c1fd825d047b586bc79ac8a43a9c77e6d542dd749ab96d61462ef91478bbff8c6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f4e0145971e9a71e6e88d36f6a792d1cb6b798ecc74ad3452bfa61d6bb931a6578222313a8730d5dd013a53dfd5a1d1967cd6b8d0a5cf5a90d1e2ca86718a56951b73d37513be1811318cfe36d7e951504e4890642bb2edd3fc9c6e73031cc5489fc3c314fdb27bb6f70f58162bb80b8ede284b75580bd4d53f68d67bf927c5b34f63a172b22af6998927a3f0d633ab8191594948e57149e890a27c48dcc5f8f72423ef2937c155079e7c7304be8fe977e79581d6ebbbac1fd5cc1c9f3d1430174d9c5d9c8a61efd999667d764db0390212062d5109b511de999f0ea0b673bcb9eb8e25c6320153a5df5d4bbc93dbafe68d12d953f680551914279769cef9aec
+** GENERATE (SECOND CALL):
+	V = 8b5569e6a13173c0aa888fec0db3737fdec4691a568086ace8ca695f0ac4ee97b6f1c3e1af025cfdbecbad44cfe698b73e202a6f6867620cd1c85e9c6db8c2580d63307ba041f38e09530c59ae3760f49b68afa989b7133ef5623483d65caae733bd1a61a3a07cac37d846f57da23a
+	C = b3066789c049633bf6f870b96bdb0c1b896d1701b17af27db780bfbe19f1bdef5063af25f92225bd9ff9f0c34eaa1a12c0522ede80d6e86f19d7faf504c5ddbc62b21a0cf530da9490bbb83ab4c50c1fd825d047b586bc79ac8a43a9c77e6d542dd749ab96d61462ef91478bbff8c6
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 39503f57760438e7ccd25721083e2123e52488b7e26db722a521bf902a92816a
+Nonce = 40945c080bf62629d111c1d968815032
+PersonalizationString = d514d168cbdb9e9261f6c451f4a1e354153c00093177998a2c649e787ff47ba8
+** INSTANTIATE:
+	V = 6d2b4110d8b6143204c2978121a86bb013007960f484f6fc076e0ce94b237162a543bf4151bfca9ba2799ebbb619228d88a93dfa1a0ab827c565d5c2b6b48dd9ddba39f7350e50f7ca1b5031d9f28b3df735fe666929bf73a9ebd192af2aaa9357e7894adcfa74e9d4569820256b8c
+	C = ab2f8f455de2566031c28d90ae3ca456fbaec7880348aba32481dc56e1c7b97354ef52c761d90d936991b877b2237a1fdd1c1f57e700e2997e09ea24b77fda5ce75811b5a831ed2551e2ae7ec397228b6564b34f91e5df8a883cb3f019b350de8ced8ac27952a46ea537b63b8cec6f
+	reseed counter = 1
+EntropyInputReseed = c5aeaa8aa2dd28b58e9da88dd2b59165b105dc01f03c6a45f745f7fd542bbe59
+AdditionalInputReseed = 
+** RESEED:
+	V = 5b75c40475847c880003a970785fafdf5f063956020e1539b9788ecc2c314493caeb3f422ce1d96316b4f8c825f2cf9164df17251d6f7218cbe75bd0cab8ade483ebc976958e158e1183c7c10ab3863d206bfd8c3051fcf50c3f64356d4ef19b801cd34797547fe295704036de9a83
+	C = e0b686917b76e151f82dd30fbce337d4ae5d5de2f899efe467a3384ae9188976be066f042178d8e22e480c7cc7e4e89707630bcb182305d4c16aa65158c9d850b223ceb2347f346664a649004cfd5e5fc3f2c8f66c5726c26784fbdbabe9b6d475889e927c0c61e5821e0193e53c06
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3c2c4a95f0fb5dd9f8317c803542e7b40d639738faa8051e211bc7171549ce0a88f1ae464e5ab24544fd0544edd7b82bbd811be17aef4ec8c8805ccf1e14bcefe2eb2bd0ab9b7dd3a068ba7fe2d96a80b1c91c0b1e4f52c37ce3992f447e847437a3b0ee10d31be79d9b386dc08b96
+	C = e0b686917b76e151f82dd30fbce337d4ae5d5de2f899efe467a3384ae9188976be066f042178d8e22e480c7cc7e4e89707630bcb182305d4c16aa65158c9d850b223ceb2347f346664a649004cfd5e5fc3f2c8f66c5726c26784fbdbabe9b6d475889e927c0c61e5821e0193e53c06
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 37db4d9498c9c3b4b22da7bf71fb33fc3eef21d140c196c3fc32671005d3ff53fff22d5985e0d40784a459a189d4bf7815bb1eb60e6a1d64049013492a16a3aa0738dad282b4a4b74ff99d5e4fe397a1a78b978e62b3504c4621de1c4aab05b109cecaad54202b511f0ef00b2ac5011c87b1bc61366044714d47ae72a34890dabdb89ce8a8fe3b849d98f517cc693fa25a40a169c20faa6908d286a7cd61376663d485165d7782de36fc04dedf64f113081a888091165142658c7ff405305f7b7e24885c47130d2c958d0a9ee7af1a4e4f1e90f56793e753756b7e7a03574f60b1e37dd92db2907d08227333979a6986fe5fbd9f22703c4a59d7e0c83e44cd53
+** GENERATE (SECOND CALL):
+	V = 1ce2d1276c723f2bf05f4f8ff2261f88bbc0f51bf341f50288beff61fe62578146f81d4a6fd38b27734511c1b5bca163c7f936668e158eeaceb14e52ad2b62d6afb5ae2f34fb03618989fc2547a9730e60505e84a256c4898671e019f85e1ac3daf8dd5f34aece76afe5c437cbc062
+	C = e0b686917b76e151f82dd30fbce337d4ae5d5de2f899efe467a3384ae9188976be066f042178d8e22e480c7cc7e4e89707630bcb182305d4c16aa65158c9d850b223ceb2347f346664a649004cfd5e5fc3f2c8f66c5726c26784fbdbabe9b6d475889e927c0c61e5821e0193e53c06
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3b915501e56a00a53c47b2b7de16a71df69b42781e58586011f552d477432624
+Nonce = 0883667b098dff05c6da0b11171de0b5
+PersonalizationString = 9b55175326677bbfda8ee98988ae2776accc8a65547fbfe5b0cc6d6ee46b1a02
+** INSTANTIATE:
+	V = c11a4a2139e649845f1ceae188b73630bd5eed6027bb282ed56c53f74bcc6d6a9c441215c0febbf2a32c6450b7a7e512d8296967230e42849d9b18a89cb97ee51e2dff92a90e20562d61986f06724688a15ea166abe04318a4508db59aa4ffdaefe4a181428d1aa310f513baf04027
+	C = a18cee014ab1442d03e69a0d3fba61efba5f700a6b9e5c07c6eda5b56ea2ca8d6c0bff7c034c2dd3ed84f59f5c7f3c03d590faf27019caf7e4337f5b2b41e2033f995a60be4d302db3985cb05ebc50291834507badfd5edc3acb7c87bca99646c87fd2d8f4bf56814d4a05686dbf44
+	reseed counter = 1
+EntropyInputReseed = fa8675a5b5c64cc395fcee8d692d9b9675ab37f9a5830c340a7571f5f2cdb0da
+AdditionalInputReseed = 
+** RESEED:
+	V = 2753ffa720b0371945b3664cd10c29de8165cecabff6d93970dcd9747bc2c9c51283983155fc10f64243c42799abc08b920cf1e286749b6baa95376ac8aa64d6a9472e3b44541d90495d3d5697210753c6e3bc24b50b328b13f10b8db4997161d17ac82079bad78d964f1f74867d68
+	C = b34011e9a5d0225bd8a1e5d7cfadbeb757913b782962793cc9b5e0325d4c8e2751f348c2b1d8cdd388762a089cd3aae11717cdb842b9710991779edc28e7bac89b94073163993d63a02d7ca92aa62bc54314a24ff018ed7418cea4761b32c278d42f9b9627304886d783ebe3cbcd78
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = da941190c68059751e554c24a0b9e895d8f70a42e95952763a92b9a6d90f57ec6476e0f407d4dec9cab9ee30367f6c44c113d55ea9cba91e3635637de5e10cd4d8e865def7d23151c5a4f7af54c606d32fa758d0b7f0182b47f634b8eb005db8ca55a46a613eac9d49994238914de1
+	C = b34011e9a5d0225bd8a1e5d7cfadbeb757913b782962793cc9b5e0325d4c8e2751f348c2b1d8cdd388762a089cd3aae11717cdb842b9710991779edc28e7bac89b94073163993d63a02d7ca92aa62bc54314a24ff018ed7418cea4761b32c278d42f9b9627304886d783ebe3cbcd78
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 107926b005ab5205c04e1f9370e095c8fdc5c7ef550810ed7ad9b0663483ce3d93987f72fbd7eebf64848d064a14a0602956d40574bda19dd94438c268dc497fc2ee99cb226f6b3a17f7a425c4fe7beef212b3f69727a2259d7fab2e203490a39e94076f48b773f24d31abf1666fc5525067a74f2577af3742f1ec37a432859216737f7d30b069b32b17f62fce93956384e6d1cfdce0c258a6414dc77f944bc2fb96d92437ff5dd5d5cc97598a99bb02c3a23830a704d700a67ab0bdcd5fb07637cc58538fa91191128ca97832fcabb74b7d5b87f27a08eb35b612e37e93dd12ba35d5d4d37ebf6b6026d65c9f0af9bc91f495d22b4a7e4c125de7979e8bcc25
+** GENERATE (SECOND CALL):
+	V = 8dd4237a6c507bd0f6f731fc7067a74d308845bb12bbcbb3044899d9365be613b66a29b6b9adac9d53301838d35317f1a9a6eb0d79df8b65dfae26d9ce80e13173a1e017fae7983a319b0ada1071f389a36bbf794459316f45509017f13f11a129d99a666d34807a1ed4d57a610fb3
+	C = b34011e9a5d0225bd8a1e5d7cfadbeb757913b782962793cc9b5e0325d4c8e2751f348c2b1d8cdd388762a089cd3aae11717cdb842b9710991779edc28e7bac89b94073163993d63a02d7ca92aa62bc54314a24ff018ed7418cea4761b32c278d42f9b9627304886d783ebe3cbcd78
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = a86f848f2a5da28b0a68737a2f9fc7a5f9092a13b4236feb913ce2240b28a429
+Nonce = 2cc7750a39cafd1e12605238a73f7d6a
+PersonalizationString = 289186885a709ce92912776b9bf7ed4d3f5e144a59c03cde4c59e62cb50dab41
+** INSTANTIATE:
+	V = 61964468801502c0771e5c35ab9e9d7574fcbe19ea8d956fafc8223533846ef9df9ff2a0ce43f662da02e29a27f3ae6038d190a38bec46d4d24f22467154a1eb9d035b6a0620e1c1d9699c1f86c5b9221ec6ca798c64573329154e53e66dfb62e42c75fa87132470ba6e928f2a1e6f
+	C = 43a77e98c1f93e26626fc4c03da98f71688f650f710f14b477e9c10452e121fc6d510456014a5acb4546ee268b635e7bb089d6e720ace76a1d7866ae39e8694dbb5d12bc5e4695282d0c79b4145a5421cb9dedd5773412ea2e25676479ac0644f21882eba273f8db614abc9d05b881
+	reseed counter = 1
+EntropyInputReseed = aba3acfbbad9f8ff43926ec6e3c247ad16ef94cd7e555849cf9cd2bca47f83c6
+AdditionalInputReseed = 2a68a542a457b3c016d5997bb264c23257d969a9bb188188e28f3410bdab32e4
+** RESEED:
+	V = 7e82ab616a3ffcb42d84e96b5dd710716be6d4f2eba614d40f0f032518e4df5ae896c4b3201d7207b148199c3fa15f8444fb1d76baee3cdee1288104e831a2b8014d769d840c4ac683c6eed4758dd36eb57581e1200ea2d17ad2c70a36a7722904e145ec51fdc262098b55c04a2de8
+	C = f643a989a1df0565b3125b4000202eaf231ce3efb6616382784d375f385da02212a17915a5802f2dac8f1a09f0d44bc5703731281feb2603d6ef4e768c08164a8f486cfd1dd3ad35a66dc396b7d834ce1eff546d0142376106643e9dce433e5f7bf0c06f1198e0cb1011f756465750
+	reseed counter = 1
+AdditionalInput = 86ee2416ceb20f832075984f285a76d9119eeaea37197f0930c69f498ace6e2c
+** GENERATE (FIRST CALL):
+	V = 74c654eb0c1f0219e09744ab5df73f208f03b8e2a2077856875c3a8451427f7cfb383dc8c59da1355dd733a63075abae2cb6980225062489413f3d475e87d53b826a81c64a01c9581bd5b7d26d4b963fd94f3e9c5b3856d925286cd8b91657f545f9fbe0dffba8ffd8683ce4e546ee
+	C = f643a989a1df0565b3125b4000202eaf231ce3efb6616382784d375f385da02212a17915a5802f2dac8f1a09f0d44bc5703731281feb2603d6ef4e768c08164a8f486cfd1dd3ad35a66dc396b7d834ce1eff546d0142376106643e9dce433e5f7bf0c06f1198e0cb1011f756465750
+	reseed counter = 2
+AdditionalInput = 92189db700cd712bb997d67e2975754b8dc4a59651c34fb0c9438d0305cafd41
+ReturnedBits = 8cdbb0790234fcef29c80dbfd3cb31a677f912efb31bda7c6b202413f2baf39d751594d96b0e12b88469615a21ad23a8c0be5e40c64f1279b1ffe75d0a70f172f7742baf1965b039c95a67387ac9b02754d4c41d98b3b8d9fb2514c26c4970e358fe11b53c91fcba513139206bfd53d2aa8ad555c8a365355ed22c6944b7687ac78cdeb25d2e4b553b3a59272943ca46d69fcf3a60568b05499b16f95c9824539e66caab991c54f99a0f08c71b9d3a6bea6d646e81fbd121f6b272d4f2766748ac97990741816a1bc60cdd0c797d6c0df8b02e8e84fa031be14c1f86e8be14eeea09d3ac3c9b6c626f7b57ebccc8f3bb197b6512a8e58c8ef20b4a13a928934c
+** GENERATE (SECOND CALL):
+	V = 6b09fe74adfe077f93a99feb5e176dcfb2209cd25868dbd8ffa971e389a01f9f0dd9b6de6b1dd0630a664db02149f88509c5f9dbc94af372765623a40fbf7c9852b5fd7e521efd6f42adb7eb6722660d3e5efb52c9be2af5112e25e8429fb0aba3e900ec67166047478f3bcf43eea5
+	C = f643a989a1df0565b3125b4000202eaf231ce3efb6616382784d375f385da02212a17915a5802f2dac8f1a09f0d44bc5703731281feb2603d6ef4e768c08164a8f486cfd1dd3ad35a66dc396b7d834ce1eff546d0142376106643e9dce433e5f7bf0c06f1198e0cb1011f756465750
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 23eb204c804606b3adf47e4a3400ad8b3ab79b5cb9b30fab5c9418fc76febcd7
+Nonce = f0f839ad4e69cb31e70df3d68b7b2ff1
+PersonalizationString = 86644db937d9cebc3e9f2b4e1d8ce1772cd23e606dad4f5b4c61f106dd23f6c7
+** INSTANTIATE:
+	V = e6fe310d0b8c6a5102648454386af752de5a9cb8cfb4ab879b707dd72e6ff950f33c453f2330d413f7a46f03343d80ee93095b467815d56957423249b888d14242a81c14245533feb8152e7b4582cb6fd8f73999af67f9feb0509fa046e234bcbcecd01471c7e622a44f953caf684c
+	C = 755c7d7a39ef15707920e4057b886d50c1eca37a0b6274c99a744c6c8bcbdd65390c9a4f2ecf8b4bdcbcfb3339009364af19d5e879ef14bad04263faf7c18e53bef477c7407cdb68eb84bfc2d19064322b13e49d1cf26e37d7395e53fe9e54292a454b44468c951f9f5dc50ab06e65
+	reseed counter = 1
+EntropyInputReseed = b18b2f81ebf5f2171b5c2b09725d32f1f1eca376179e24ed99a3b517504a393f
+AdditionalInputReseed = 4029cad350b4879b9b9514429040b42aa3f5c085210202d5f2eef74d58bf37b3
+** RESEED:
+	V = e16531c646a5cc2654acdd4c91575810aa13f712976371c88eb75f7eaca238f1c11ab19cc254dc81cb3c8a1496d38fff0c8783caa2602674a612f9ca9904a9a8fceafc43b600797a58e5aab1115b82c0fae8e5af37c12576966930c1e66485fbc23c47e98a5524aeaeb620515cce54
+	C = d04af5113aee7477ab72bcae11c23b13671f8f85b345783695b2e0a83bb67e2c80ebc0a27b9ff2617fb8a381d2bed40d91bacd3e3429e2ac7612da14e3c0b81b9280cb3143c46ae8b0226cf7511797318939b905379362d0032471e322a1381878b5f3c6fea2a84cd5477575a87102
+	reseed counter = 1
+AdditionalInput = 27329a916efe52c2aa3a9a2b58c18223638a700c386ecf8dba6577cdf6db7159
+** GENERATE (FIRST CALL):
+	V = b1b026d78194409e001f99faa3199324113386984aa8e9ff246a4026e858b71e4206723f3df4cee34af52d96699264346692eef478c1349cfc22121b5bfbbc7fa993025e867bfa4c6e3a851b81868940ca7212bf322790441026ed041d8255179254f6c731d0877428dcf6e5be0d8d
+	C = d04af5113aee7477ab72bcae11c23b13671f8f85b345783695b2e0a83bb67e2c80ebc0a27b9ff2617fb8a381d2bed40d91bacd3e3429e2ac7612da14e3c0b81b9280cb3143c46ae8b0226cf7511797318939b905379362d0032471e322a1381878b5f3c6fea2a84cd5477575a87102
+	reseed counter = 2
+AdditionalInput = f337283f299cf3023a262fa118c9d14fb9cc98e56e7d1a2153d2f103d2bec761
+ReturnedBits = c9b16a02ac460626d2127dbcd1c3608b03f13290e33379ea75bfadd161dc180afc0616328aaf805e3209c307e443e897401ef0b63995b779b5450385a8d989e9a535713366b372a69b7d322aca7b9b0c95f686636b4198f60ad846559227cad2059acb626240e8370eec108ea5c82851b733b060c56bb2c437e73612a1f35f84cda5ae96f6edc9f8f794c6a40142dcd8d58f36cacd95084b837d23bef2f079870a3bcd74aebf58a20ae738e6252d47c5f7f4816e4d85d6ea356c17c56f7bac5001ac0da335d4af5c5bd50ce66625616fa8525f2c582c0f2d7cf735a47b7614d9facad97704db2519a146faf5498c98c9dad4dbe2c1b4ea3d94a38d6124e4930a
+** GENERATE (SECOND CALL):
+	V = 81fb1be8bc82b515ab9256a8b4dbce377853161dfdee6235ba1d20cf240f354ac2f232e1b994c144caadd1183c513916d555611346e8d05f41cc9626f0cf1f613e3d565f9c11073ae0d69832ea874164d791122e63c7029cc96a555ba62358cd9304c262bdf139cad66efe46fbe907
+	C = d04af5113aee7477ab72bcae11c23b13671f8f85b345783695b2e0a83bb67e2c80ebc0a27b9ff2617fb8a381d2bed40d91bacd3e3429e2ac7612da14e3c0b81b9280cb3143c46ae8b0226cf7511797318939b905379362d0032471e322a1381878b5f3c6fea2a84cd5477575a87102
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 21752c7dc32b37267638fda100a819010a44e61e6d73191c8d7ac02ddce48926
+Nonce = ef4a97508f31e388292e2f72424b2933
+PersonalizationString = e247b8de0bf626c92f515940422e7e7c29dc2f0c1cda0d0d1030cf562926ee38
+** INSTANTIATE:
+	V = 19f8e50ffebe0001b385c3f93f07f047f99e5a25130d802df731b98e0c95d942d8e5e76b029720619465b9c9092fee3b92b4df2e1bf65735833a74de64596deb79399b26f54043cbb2ae10d0129d879ee697e90352890d5a28b4b5ea8455f15d45f9e062633af3a534e7d388ac120c
+	C = 81e7f2b02f563e8fe0ed4ab63aaabf523ed8bbc1a06bfe63fc9756c4a573895fb8e3c368dee100fcb2ee57b5af5811fc9dd6d60c21dcff5015cf9a5d413599ba201ea03000d6ab33ea7e9105b1494f5d5c720f387c2da5c5867c57ace28965080313fe052047e396f5ee423a2fc88a
+	reseed counter = 1
+EntropyInputReseed = 7e37e3d183019f368260a05cd866c59e23b8349f90d3bf7d82f8aefc5e83e796
+AdditionalInputReseed = 33a8853ce8211fd2995863a64c5906706060f0430c2ae6e22dca565e1e41d2d9
+** RESEED:
+	V = 77bd5b7371f9a6ac786c9874cc44969a6a567277f199bfd5211967c518bc7ad37bf005101025cb11e826d93997cbeca42b575b9aab422cbc0b02e25604b972ff27036b737156f2215f84ed9ef794a0db7ab60e11065016deb2d5f9ac77670a0d517c59d47ef0cba36d2927c68aa366
+	C = d575189b3cc99021871c6b0a820acad9300c98b8ff124533b33362fd2703a8c21ec30e02e251dfa3d1e31143938469fe2cb8b21fb5b5a0dc8a7195d0cc3a52a06513d40475ce4d25d6d53d19023d09e3e79b59bab4ff13f994ccfd270c7c6130cef7ba726ccb6b58efd5cb579c4d48
+	reseed counter = 1
+AdditionalInput = 046e7dac2d14615c113162e4ebb271c7ecadc5b05e9a2c201a75dd7e23256dd9
+** GENERATE (FIRST CALL):
+	V = 4d32740eaec336cdff89037f4e4f61739a630b30f0ac0508d44ccac23fc023959ab31312f277aab5ba09ea7d2b505868075bcbff33b91f3d7f1eaadcbf1300cb84df783a87a5dd142609999064d1a40ec7303df96eec9f8b69f648f6b14c52f4b38f125d4b72d581d8b8943a34f8a7
+	C = d575189b3cc99021871c6b0a820acad9300c98b8ff124533b33362fd2703a8c21ec30e02e251dfa3d1e31143938469fe2cb8b21fb5b5a0dc8a7195d0cc3a52a06513d40475ce4d25d6d53d19023d09e3e79b59bab4ff13f994ccfd270c7c6130cef7ba726ccb6b58efd5cb579c4d48
+	reseed counter = 2
+AdditionalInput = 39a92e4fe789331dc7e5b1bc1c3bda068a20980a184f45472600d2cf0c2b0a7f
+ReturnedBits = f97fead8329f754ad45f7adae6f840e54bb352173dfff172fbb6467e3ca84eab22f265f9d8c4ba0b841c3337cbd6a2059c1e565fa3f1396f2e3e83a10e1d3001eb45bd389ffa70d207644feeac1a964185601e7c28cf623a390fa9695e10a88a9d6c1eb508a1710661b02ed0cb069a5194322cf41575b21ef6d6dc7a769fc76847802ac41e872bfa18c0512a8d22e3539132fc1b87d3238485dd2c5e0605a7c0f25cb106a37a86b35376983aaf46d84c7dacbdbadf14e54704aa2310001a0dbd37fb8481f1c4ecde625c43aa5fdff3fe78c80de01baf3b2701fa897c410ac989b3b7287c658ef4915a53b55519248d7b110639c2df61ce77fd751ba9ba378899
+** GENERATE (SECOND CALL):
+	V = 22a78ca9eb8cc6ef86a56e89d05a2c4cca6fa3e9efbe4a3c87802dbf66c3cc57b9762115d4c98a598becfbc0bed4c305b05703f0f24954f2391ff0f44b2138a97adbc978653b7a7cd927960bbe1e4c6a1c706c1462a05451ed11617cc8ab3517a09a1c4457fd283ea52e76573c7f03
+	C = d575189b3cc99021871c6b0a820acad9300c98b8ff124533b33362fd2703a8c21ec30e02e251dfa3d1e31143938469fe2cb8b21fb5b5a0dc8a7195d0cc3a52a06513d40475ce4d25d6d53d19023d09e3e79b59bab4ff13f994ccfd270c7c6130cef7ba726ccb6b58efd5cb579c4d48
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = c3b5e4d0d1c6d2ed6557d9b5b3528a2cdb2b0b06607c8f17474b77225fdcbd51
+Nonce = 91d60a0b51515f51e74dbdfb2b4b2b2a
+PersonalizationString = 96c848b5296b099fef027ac126f7cd0f9ee054669684d3029f9554f5789b55a1
+** INSTANTIATE:
+	V = 54f4c73657c6118fadfb4fe755a439ccaf4bee5d6fc3ad8bec8225983a712946a62125cf1abb5fbca052e430cd8e160bacd587ed1d32a924334c78e4a3e097641daf8a59fe72641067793bef4f17fee9b165d2d63b3a863ed95c2098febb097e802ebf87c5a66fc551c67932e61b75
+	C = 12259102f63c11986a7ca6125ce868bdfd9c18a804fc47f3cdbb13eab91fd8f0c745161091082f0e193dd60788ec8efcaec480e6e702203ddcd74d16a266e11dee8c87279f738f6c767e0ccec85fe548306bddd693d6081f16f76587e1c740427899e520b7e9b34afb7b7e00cd6c8a
+	reseed counter = 1
+EntropyInputReseed = a55c9194a69819d27bf47074110c1305476e79581115994ffb3eb8c3a60b5a5b
+AdditionalInputReseed = 4a340dc5ca90ba1c402350bc8dfce6fbc16483e0cbdfda989560d1d1bbc70986
+** RESEED:
+	V = 9be0af0b5de54be21b0fc9b3bb67d6b251a6ed0b00a2cee96d8dd0e90b339bb3b6a93e90e5f726afea54d7d962c8a79e02d0cce1de0facbd90b8e29988c81df95cfe9b0daa7a87a0d4628f1286ac9c8c5337f06b7cb034fa1e5f80b4f0281baaf28a7fce105d7a57c71e31bdf91623
+	C = a7ca2070675fe099ef922c8173fbe8c1a1c4404194690ecad7e24f8a0a3bd273b09a73173fe2a775fb70a58c56e6cf78cf7320758178d41e13647a896be803c6cfb6cf6cda89ead6fe784a04a4d8e3b5b32911d45bd21a23a80475c79a681afbf768e8a8e66e6494ffeb5618fd6cdc
+	reseed counter = 1
+AdditionalInput = 8abd9323cf0ab16a779c6c0e566c4a0a0ff60b7d45868635ba8bbdb5c6877764
+** GENERATE (FIRST CALL):
+	V = 43aacf7bc5452c7c0aa1f6352f63bf73f36b2d4c950bddb445702073156f6e276743b1a825d9ce25e5c57d65b9af785339df2983892a4a067af0935ad419ef8a3153cab13e7de20e71c865c0ef9557c95517332e150835c74d7b31aeefbe5e738de5590d2fe71eb8a7a90158f61ac7
+	C = a7ca2070675fe099ef922c8173fbe8c1a1c4404194690ecad7e24f8a0a3bd273b09a73173fe2a775fb70a58c56e6cf78cf7320758178d41e13647a896be803c6cfb6cf6cda89ead6fe784a04a4d8e3b5b32911d45bd21a23a80475c79a681afbf768e8a8e66e6494ffeb5618fd6cdc
+	reseed counter = 2
+AdditionalInput = 278e4991417c74e9b577d4436350614c50340d60f0ff68f05c291a7840c22609
+ReturnedBits = 177a9a461fb841db2aa698b1bbbd1f0e044411cde8687fc4a28ffcb3d82f1ce7a30f23c892a57c60b00e194f4c9b312b0af2fbdc45a0741858e777a6eb67f8c2e49f80a7ed6f9d04264fb17f057224feb97ef37472e4f22d49c08c3256d1d6e8209d3f762101f3911a0628cb91456d1660f350adeed9a91c7aa3a3f8ca4d87962fc77132a3607ba11ed52acbb99bd24bcf04fe2be4df3976d97251c37fa27eff5448a5adfd8ea2c35d5acb4efa24cf735574aa7d6e70fb93bf69099dd7773d56df2b1ba95f5671201c2332c7fedb7fc0e935edd0d4dc3e615d0667193c287df7e6f2abeab5463161faa051bea1fbe170bcef179179dd1cb856f5aaf407a1b588
+** GENERATE (SECOND CALL):
+	V = eb74efec2ca50d15fa3422b6a35fa835952f6d8e2974ec7f1d526ffd1fab409b17de24bf65bc759be13622f2109648633ffa0a881aa5f8132ad090f397708a3461cd0126a83384bfb4d1a699968c5ffbfff4358685a7e1a994630c14a9fe1c2c2a7ee8e64abf55f7bf71a55a715787
+	C = a7ca2070675fe099ef922c8173fbe8c1a1c4404194690ecad7e24f8a0a3bd273b09a73173fe2a775fb70a58c56e6cf78cf7320758178d41e13647a896be803c6cfb6cf6cda89ead6fe784a04a4d8e3b5b32911d45bd21a23a80475c79a681afbf768e8a8e66e6494ffeb5618fd6cdc
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 396e5d566eb0795445e577664159f0a1884e0fc74ccf695be885e3e71c154bca
+Nonce = 64ab056bad609bab6e18886912cc6e6c
+PersonalizationString = 239624e9284496a6efd5e3866a7c375a59f52319160219358a6dc4c995dfa83b
+** INSTANTIATE:
+	V = 5b907c0f235ba304b4e1791ddb55dc4f82837c6e4144dd36b6fe1396173eef1f563e0f838030df0fd7aee8c8a5c08b795fbb952dfad9a2252990337ad417aeb2c4013466a451deafc0eb7796ac731a98b33a206ecaa913d00c7a027b8367ede955a2b503cc5a7138b9114c16b41787
+	C = f1f486b8ccaef85c0acee8280d332557a2655bbc869cace6e330374ec97e0bb3f6e4634eee979fab3616e62237e2cebdecf44a3ecc306e5693f3f1799335f595a605062ef8ceb014b3431084992b996ff2c522f7e63a54d269117b21ba1417524685481dcdc7b696f072445328c4a3
+	reseed counter = 1
+EntropyInputReseed = deea680fd13ce87624b09429b8c7cc5a5be903fd0c5586e812bc067cb14ad428
+AdditionalInputReseed = 42719f8adbf1daa5b82daa5954763b790a690fef236f369806714982cd4e6a64
+** RESEED:
+	V = 598e9fb677809fb88afac126625f56fffbc4b71227facc7c3a6dd68875d129dfb466dc0a666be35be06a4584aa0d1e65ae9ed568209539a6bba50a0b98e1305890cbb68eef5c0c5d826107afd7c6b6f2647e517ccf341d8d3d8e8c239493ffda9349fbad214dfe02fc053529437dc7
+	C = f7c3fc7104d9a6d1465c88e8cf05faf585255c745e510f4d0d94cc89da552da58118a3f5d23b972f55c1ef64ee47159dae0e4a1f149a44cf492cc8bb3c124bf02bc050909c2e5d225010d9311eb4bdf9bbce9e35b78af3232d7ccb7fcb791ea3692d54acac8f847fae8ddb6e50da1b
+	reseed counter = 1
+AdditionalInput = fbfc21c589420e3f4c3409a7407c8117a413a8a3354659bfe4c382db4fdc2092
+** GENERATE (FIRST CALL):
+	V = 51529c277c5a4689d1574a0f316551f580ea1386864bdbc94802a31250265785357f800038a77a8b362c34e9985434a68e156a182803bbd5e485c69f4abfd9517875d2c97a0fffc4428da8f6d1be0943a32ed4af48ac6eae4c59bccfed760a3b1f14283463728ffcc86d1b6db7ba01
+	C = f7c3fc7104d9a6d1465c88e8cf05faf585255c745e510f4d0d94cc89da552da58118a3f5d23b972f55c1ef64ee47159dae0e4a1f149a44cf492cc8bb3c124bf02bc050909c2e5d225010d9311eb4bdf9bbce9e35b78af3232d7ccb7fcb791ea3692d54acac8f847fae8ddb6e50da1b
+	reseed counter = 2
+AdditionalInput = 14ea9a9ce264306fb7da581d140e7c37e28fdefe82de58c06d3540578e56a4d6
+ReturnedBits = b4de93472486b47f9f817e9b29dcbbdfd3e39133625f158067d5d06f9ef47127652c4d2a22e4329cab3d1e7102a0704dcc027a70978789ed562dd7180ed321f12d9ca0584b9b1c9e0c426160ded7c0dd13cdf6cc4e7628492c7d7658595afe7412ddcea2fd688e9418aa7ce15840b64742089fe93de7483c1f6a8d2609638dedf7d443f20c06a0334a6a8e5ae8848fd128ff3f1cfdf9d8a14e3fa9b1c5682c4312e308aa02cc17ace7c0d9a623b68449cf58789db36bf469643e867d95bd5a3da04039e1a1f3e46703358a843a0dd16d9313855f39ff0e5b41bd04d3d40359bc2dfa1919a29bc4c27c9e3b24709b460fbf39abd3ad3ff3d9f6d2e0abf693deeb
+** GENERATE (SECOND CALL):
+	V = 491698988133ed5b17b3d2f8006b4ceb060f6ffae49ceb1655976f9c2a7b852ab69823f60ae311ba8bee244e869b4bdff5383f339dd46260e24bb7aad42f3f19c86ca4956d1795204ef8ebbe2be89c5b0c84337ff58548afda0fda5e3a63e26cf124a2d16f702e205b2449a29fe345
+	C = f7c3fc7104d9a6d1465c88e8cf05faf585255c745e510f4d0d94cc89da552da58118a3f5d23b972f55c1ef64ee47159dae0e4a1f149a44cf492cc8bb3c124bf02bc050909c2e5d225010d9311eb4bdf9bbce9e35b78af3232d7ccb7fcb791ea3692d54acac8f847fae8ddb6e50da1b
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = a1620db9edbc1415527e13e96e93cd4643f8ad52c73ea875c3dfccd3f55f8779
+Nonce = c4e4408b6ea4aa187631253bab1f27b1
+PersonalizationString = 73695897d8c7bce3fd51331dbe676f5232ff4e5407809ab9ed675c18643f45a2
+** INSTANTIATE:
+	V = d24daca4ace3ffef34427b0a22313cfc45aa5bd31343190a411505742405d87ddd964cdeea16ce5caff39dab442d62a4c67afce9d2884a181ac5fbef3a98553ca2ee021f10744a96a4d5a8983d7fe8b0e6bb0e05424d63d4131e59493d09fe0cb87e4ef2bc029ace2e6ea0a03fa91d
+	C = 88bc5b1d9e365164a7e33e54f511b8bfac3fc3cf3058d7a6068b4ae705007a9de2a2cc351c54a74665894787080f02894973b95999b354003ba1e8ae257f9e79662b602fdce8be3d66dddd9f0ade7004e39378f721cc0cd36e614e569550525149282064d9ff672681da7e7f6ffbfb
+	reseed counter = 1
+EntropyInputReseed = 6dcf5f4120e88a61af24ad520f63dcfb90966c663a3404b750e17c69626afa49
+AdditionalInputReseed = 083a9ced313ed6e2c25f7a6d0013544a4174026b6f3d7f723c2da3d2a95e2be1
+** RESEED:
+	V = 3f7619616b4ec78cd75a905d2733ea134e696a3e8146bc1942d438aed9a46644954f1226580a7316adcac381087ff08d6ca94fd8e1df7a69df7028cace61242195f8e0b56340c6832a1976f5182772da89bfe4ea5bff947568f6348271344678c20e44f1e3ef07d5b2b8374b8312de
+	C = 198aea5dcd95bb17a47a7ed5bc5d4715ddff8380a79ddd92e28ffbd3f87a67f491108c7b1d13edacf3a39aeba468669670426f60a4d49ab8161a12e12153e224ed56ce680f9899b76ec6c9682513b0f70e975458579276b560d7e02cb3559e879911b3da84b08dfe01c973e60ee9a4
+	reseed counter = 1
+AdditionalInput = 9ec4df36060e1e471da6f716b3811e065d507cd0b5e647eb5b58a5a09226b571
+** GENERATE (FIRST CALL):
+	V = 590103bf38e482a47bd50f32e39131292c68edbf28e499ac25643482d21ece39265f9ea1751e60c3a16e5e6cace8589e8583f1b145543d7cf6f8d357061e31a16cf13d4fd71f8ddf592e682ab8f7a8998fd18b33431c80004d64dda92de45981f8b6f1129337d1383928f54e8e35e1
+	C = 198aea5dcd95bb17a47a7ed5bc5d4715ddff8380a79ddd92e28ffbd3f87a67f491108c7b1d13edacf3a39aeba468669670426f60a4d49ab8161a12e12153e224ed56ce680f9899b76ec6c9682513b0f70e975458579276b560d7e02cb3559e879911b3da84b08dfe01c973e60ee9a4
+	reseed counter = 2
+AdditionalInput = 6712aa9e76841eef4eb9c4d46cab29f5b58f56aeaa00aa2aa13ff23280503236
+ReturnedBits = cca94b9c5ffd584880cfc848a1dae3c09785157be4fb49821ab3bc494e7efe5a534160c0b3d703d0d8e497cf6bbc6d0283e1c8965ce524b6921f94327a5e305a34f8d32d7830526f8f70c90d263138d6fea614d45e2a5cc886058c342bb830f69a1993dbc06abb32a84a8f74cc0b79f4d6a162cafbb2d96a82dd411df7258444f3540531eafbb58c5c9e2e0b19c89a2e4ab26c4e15401460c39ff573cfc9b40bddeb7e43399029c53dce7ad657e3230975cee307cbe478d100e827b441e33dc1f4c7ee6b51dc710bd7a78c8c7ce82bd4b1d1c72ed4433dc7716e8487fcd3580ffcec2c4ccb91cb57ff2d3a666bd5687c3269933db0cc741ce7670e56daa54421
+** GENERATE (SECOND CALL):
+	V = 728bee1d067a3dbc204f8e089fee783f0a68713fd082773f07f43056ca99362db7702b1c92324e709511f9585150c0b88269e85112c2eea2b20ee9d01541480214921ceeada832aa573f02f3296419eb463d0231af25bc8f84f2ea19a14f486efc640261bcf5ab8c33eeee63154a34
+	C = 198aea5dcd95bb17a47a7ed5bc5d4715ddff8380a79ddd92e28ffbd3f87a67f491108c7b1d13edacf3a39aeba468669670426f60a4d49ab8161a12e12153e224ed56ce680f9899b76ec6c9682513b0f70e975458579276b560d7e02cb3559e879911b3da84b08dfe01c973e60ee9a4
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 7053cd408288a1b0425fdae1471e4b0741ed5de9795beb80c26bffdcd1b100bc
+Nonce = 96f998acca08a8da8027de25a68edae6
+PersonalizationString = ec127f372b18d4a1de61c898fbc7a94f3952bd30c930e6291014b262d4f6de70
+** INSTANTIATE:
+	V = 672d346eaaaf38c1a3dfd5f34a664d6041223fdc2e0790ba9ea2e54d668969e1ba1c82b142d95d6738d10b1c957ae1a5a7250906a6d7dd46fb9c7fa08688e54f57202f06ccdd9d1097adc7c9b98e9d199d2fc2844b72d3bbd68e5aa4e843eb06a20b4cfa591a64924af8e4bfb42753
+	C = 78a4bc99e89ec5f5440a920afc8131b8e68dba0f137d18d2347ea445435d17ef25b6fc9246d7ea7ac10942a3358212fc833123379c4e97aaa3c701fce07b6c00a1d1e8ddeab35469111f75f5780f42cec818892c4cc603d69cbfcc9d3f2dd74e0d9d783fd20ecd09f8beddc290b800
+	reseed counter = 1
+EntropyInputReseed = a6c544eab719ae7629526b49c6961e4ad0b628db8faef59f5aeb9f55c0cb7298
+AdditionalInputReseed = 0790adc5c261a902b924253fc2b8c3d2f04f61bfe24fbd17da384162fadea6da
+** RESEED:
+	V = c953b780bf2207a9b9859b839632c040e615813241e3be6c4ed9f1ee48ef8a09ce57e252c9f000a78898ed8baf9580dd1ccdb505041d604968cc70e75a03f595fe2ed9b1beda3b61d4ee7fd5b403e480959deb06e1c76936b5ab1e28fe8ca6b4192531f5b2789b81360c1341727a15
+	C = 39e17c8d589b6fa641a9d374e49ec1147e749e316e058d41954479d35e09c9993ac81366d5535ec1ad5f85bd7b0029848bbbb332c7e7b8b966047a866c10462bbc9d8f8d43992cfd8e5e60349347f8223380ffe772874866c960b99c124d723d0aa74ae5f6732e7b36398b8b8a3a7b
+	reseed counter = 1
+AdditionalInput = d9b0eb22a6b64d784210781d872b2453b0e1d463c8081330e04df3ce2687ae23
+** GENERATE (FIRST CALL):
+	V = 0335340e17bd774ffb2f6ef87ad18155648a1f63afe94bade41e6bc1a6f953a3091ff5b99f435f6935f873492a95ab4d65e87ac97b1d90c4890596585f55f2c6f08450c5b653bb07fec1e0a0088330eb1f566d1565ae8a08b10cccf7d3c3ed09a2b6c212c99ed662b66e095e19a27c
+	C = 39e17c8d589b6fa641a9d374e49ec1147e749e316e058d41954479d35e09c9993ac81366d5535ec1ad5f85bd7b0029848bbbb332c7e7b8b966047a866c10462bbc9d8f8d43992cfd8e5e60349347f8223380ffe772874866c960b99c124d723d0aa74ae5f6732e7b36398b8b8a3a7b
+	reseed counter = 2
+AdditionalInput = a80b3f3f74f3e7014134bb52d34ff24e2a434efe34f138b7279bac99e68d54cf
+ReturnedBits = 00385e6f9496c3dc36a2b6369cc01b6c21fb54cbfe1387a209766c40c55bc7774a6c6e5ea2d3edb5b72b91114451484d9db007751c8c3ba16c76a8a8dd9d0988723cee9633abcd0ce4063ffdc8cde3c8e7eaf9d19ca6a3837c9ed3aa4869667fb4e03e99a5bf5011eca581f4185679994fa9e2ea40840fb64cc344296cdb5bdd81bc771ac58181920b7997945b79c4740b704ec9ab4752887d819ab74fb20d68a00eae1fa9a1919faae6cf33c9409aaba291cf9748487895f4222b7abf13fe785b5b9d4cf25dcf9ebc0132e4b5387fcd7b4f66f0fcefc21dcc3bc7dbfcc8d7717812c25f27bccc942b937db3e52fb986887a6e5a4b8d73638f123ec0acfed534
+** GENERATE (SECOND CALL):
+	V = 3d16b09b7058e6f63cd9426d5f704269e2febd951deed8ef7962e59505031d3c43e809207496be2ae357f906a595d6312ee918dd371cbe6dd97c9cff63978ae547397f1ec1621522081d505946809b8a5740fbcdaae18b8a0040dff9e7af8950887d0eeb1e9e2e69351a057f3fb4b8
+	C = 39e17c8d589b6fa641a9d374e49ec1147e749e316e058d41954479d35e09c9993ac81366d5535ec1ad5f85bd7b0029848bbbb332c7e7b8b966047a866c10462bbc9d8f8d43992cfd8e5e60349347f8223380ffe772874866c960b99c124d723d0aa74ae5f6732e7b36398b8b8a3a7b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 96448c5be576b0c05d9dcc7a4847278650199191aebaa361594afe00a5025ba3
+Nonce = aa6c52efff5adad96bafd145f510d5bb
+PersonalizationString = ae3ac39960c7504b5a492e88c381a6f949faa3db0e76679ad1b9438ab43ffc42
+** INSTANTIATE:
+	V = 507ae94bde8a88fe0c80fecee55aa957166a7cd2c8e2d21cc8037e3e2825de3ed34880ed56f0e374d38309bf43d81b697c0ed28424af445af9401cae8e4013df347f9f254a93461a4bb2cef3d10d24f18c679d641ab411a03930905b5b86107800687fc380dfff1ab55e693a48860b
+	C = c6326745de4ef318f406e1efa7449b69c798b03585c31542d312eef97536cd725608bfbdaed8a0719f5ccb91a717e3be0560ed25424a8b63287adab23d98b3099bdea831f12f485880345bcbd823d0ae30574cd2eb0ebe2a4c58a148a463913d26953324839d24e31a4c20b7fe1875
+	reseed counter = 1
+EntropyInputReseed = 75ae541bb6fea486b687700e20fe2caaf79c2e91306721cade424dfa44536f13
+AdditionalInputReseed = 1e3a659f0252ab74076db19ff5bb537c701c9da3b08d82f182945bcb71c9506c
+** RESEED:
+	V = a9dc31068bdd8603021b129be9dcc13f16e0c3090d2b9d318ec5f805ddccdb04446c6f8409d10f20ff7954540411435071501b6fa28d87d8e77e181582f5ca51d87a1d06aa57e34fb3eadc48fd827320b984024ff8d1aef901505a9b831a48ada89177141410e94a6091739c7f77a7
+	C = 27fb879c91e5413c83014103aa2c28236b3f3fe0bffe3f0828bba811bb40afc030f61baafe59b84d727be7a4b66ff79e97677c046b27b51a2466ba85c780d5cab97dfb843b90bdf20325e43a8b5e5bafe9aa4263dfca695518e121c4bef987f7c15dd9b510b3a6a4dcbd9918556244
+	reseed counter = 1
+AdditionalInput = 439e8f3703f281a5d4493e0286257bb6fe8c674bf07e431a72b5c3610f170e08
+** GENERATE (FIRST CALL):
+	V = d1d7b8a31dc2c73f851c539f9408e962822002e9cd29dc39b781a017990d8ac475628b2f082ac76e71f53bf8ba813c253016bd81ad7cd1ff6feac53b5fa7ff5e57ebaa55d211fbaf0f350840e958da1b1f582929036a8a1e6ac460654c339cee008c27212f6ae19a8abfaa33cdb30c
+	C = 27fb879c91e5413c83014103aa2c28236b3f3fe0bffe3f0828bba811bb40afc030f61baafe59b84d727be7a4b66ff79e97677c046b27b51a2466ba85c780d5cab97dfb843b90bdf20325e43a8b5e5bafe9aa4263dfca695518e121c4bef987f7c15dd9b510b3a6a4dcbd9918556244
+	reseed counter = 2
+AdditionalInput = b0458fc43db375b247fb529c71f6ef3090b59b4059036ff0eced36c391b2fab1
+ReturnedBits = 302ecc70f2dba161993fb9650b938aacf60876ef09b025ef8893d656e0708aef7352ff3b6c166d313935fb29cf130fe4784ba29673d32e53e8df64c05fb17405a30ba17632b37c0eff1af77b2cc095bf977177d8b9d51656093b1b5612f33737b25bc53a9ce5d60a1710d562f255f68f8b3cca5b71f3106861ccece926cdba0897f3c599536bde6b8c921a38760c40f8246673de621201295d4d153b652efde6de3566f63c1ce71b2fdbe0b39b94074dcec716d99867fdc350b51acc39907e21d30d892dd25ed6a2ba032ff1ba0fd554419ffea680bdd88844aae9b42e9ef7908ab2a5ddf783b3d83472b4cf4dd30e9bd49710676363be36b0ffb969ff8d848c
+** GENERATE (SECOND CALL):
+	V = f9d3403fafa8087c081d94a33e351185ed5f42ca8d281b41e03d4829544e3a84a658a6da06847fbbe471239d70f13442626b50dde5ec33984f4b54bd769cb77fe4bd6c0231fcf4a2e0e8925f8484c7a6467883c2b1e6e22dec6ed32be8804306d7d67d8f060b3b644a12b581b46abf
+	C = 27fb879c91e5413c83014103aa2c28236b3f3fe0bffe3f0828bba811bb40afc030f61baafe59b84d727be7a4b66ff79e97677c046b27b51a2466ba85c780d5cab97dfb843b90bdf20325e43a8b5e5bafe9aa4263dfca695518e121c4bef987f7c15dd9b510b3a6a4dcbd9918556244
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 73d7933ed39d7ec0a504d79ccb218a55df470717d0f989b3015675ff49abd3ce
+Nonce = ca922bb78c637956193505d5102349dc
+PersonalizationString = d5927bb206696414fe51610d48d6bcf5cb06336363d8bc95fd3ee751eb8d4e21
+** INSTANTIATE:
+	V = 348c7b5b772562b3cbfa806481976f57eac725673cabcb0feb89b89f9382956e420173e5b9857d3029b91a72deda512b6105da3cd0c28f638720bfaaa31a2faba3ba4c47e0f0ab165ff696b2cad230fb19d72090a0640a5fc1063a3d7859b74fec300e2fb6281a258e5beaa8f36cd0
+	C = 1be660fc031875401d9810a76c1ef6dbaccc7096609544fe8ea9ddc0abb467487e1b24560e572dfb73059ed50e4122b1924aa40055d7875809d792318bbf84306cdf1e45cb1c317c01de560487804d9b7c93d7ab4c9eacc70bdccd77f1827b709a90b7dbff3a61f8b586bf7beb87de
+	reseed counter = 1
+EntropyInputReseed = 39a72ce2640b341956abfd9e32a23b82b830ea23ccaf51fe99a62680780dbb43
+AdditionalInputReseed = ec114d7805edb548ae961ac83af23691a9df44a1b5324bbcf34fca490a2eea85
+** RESEED:
+	V = 6e0fbd28df6eaf5664ffe8475a6471a2dff77c6c893bbf489fc6e3ec158ba3355a0fd5787b936c016751b796d541172c07a180ab9a2e5506483182d7f29ba012f1e1968f9924818e6d2aa2c5e5f834bafea7084e858cd7382643a92258d3bed503e2c124ebcdf834479b785b962e2a
+	C = 2b41cc1eb4c98cec92a2faaa7bc1e7b5f0ec0825279ebc091cf51868f79cfb7e8569df938914d502b9cc971ff471f320ffa4f912e93a61623eba0af8e01be943262fe8e96088ed0103e860641ae2c8722993fdae4727677faf4649ef78e1a28c32395ad1ba35fa25dc2902edcd26bd
+	reseed counter = 1
+AdditionalInput = 827887563a299c393363d1722b48792b0375f4c1136dc128e616fa94a6eaf882
+** GENERATE (FIRST CALL):
+	V = 9951894794383c42f7a2e2f1d6265958d0e38491b0da7b51bcbbfc550d289eb3df79b50c04a84104211e4eb6c9b30b3c9de0133f6170738f4019ee851b3cef165477ad1d9de3e8b9072abbb02f51a9c72d3fa06582dd4a1022ef46dc99dee334a1f89c7f7b4ae30b49875da83c83ce
+	C = 2b41cc1eb4c98cec92a2faaa7bc1e7b5f0ec0825279ebc091cf51868f79cfb7e8569df938914d502b9cc971ff471f320ffa4f912e93a61623eba0af8e01be943262fe8e96088ed0103e860641ae2c8722993fdae4727677faf4649ef78e1a28c32395ad1ba35fa25dc2902edcd26bd
+	reseed counter = 2
+AdditionalInput = 3fca0bf3d7d50a453411e11f330c2ef301069d9a9a23d3689c0b7db1f0981831
+ReturnedBits = 97e00fd3dfe9faef2741849e604888b3f08cea5e383055e4b694f5907efbc72f5eafe88be91fec11493e2bc359f17ecb44962efc14d4e6f1bd2c7d7d9c7dbdb93deabdb475b94b66b61ff71d5f237e5eba1ad880287c845435d4d66300505bf6f14fa038fab820428649e2d96767b227079ab00439d887ce6a58d19749ca853ff1281264958ec4360ca77a120c118a22ea83542c6d4edfbe9a8c70c911d198e5b99dd895a056f80160d64227761ed45dfd39651639534d4e6d21d4d2e36cc95a0b9bc293d62e6d1cc5a55198fd4df1188db0a7454af9c16becfbe48f0f361c59d400ab81b5353ed2eeb00e02e220b3cedb49e402ddc6a12be95d644d37e16ea1
+** GENERATE (SECOND CALL):
+	V = c49355664901c92f8a45dd9c51e8410ec1cf8cb6d879375ad9b114be04c59a3264e3949f8dbd1606daeae5d6be24ff282572b39001e2aa5f6048390c3d0b37ece08ecd610eb4e3d296728776346b9bee2ffa22b4d12b029541462563292bf69a0a07f14b54043ff2daa007e9fbdff3
+	C = 2b41cc1eb4c98cec92a2faaa7bc1e7b5f0ec0825279ebc091cf51868f79cfb7e8569df938914d502b9cc971ff471f320ffa4f912e93a61623eba0af8e01be943262fe8e96088ed0103e860641ae2c8722993fdae4727677faf4649ef78e1a28c32395ad1ba35fa25dc2902edcd26bd
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 449a1b5d5ed5393686abc28c5a8ac9ad68cd0b67fc0d3b801b6fc4198996f889
+Nonce = 54b0d5917b1619c0ed62127018704a04
+PersonalizationString = cfce635c855dd93d50d7d954fe3c59beaf0ab3cc0d083ea5865e0b8327148cb1
+** INSTANTIATE:
+	V = 301698701b2bf668f8c43f3c9aa225ce4821f3d1f69f9e8e337ebaf1f9e842c16f4f439b50bc0de57a06a84bf318b9baf65a6d97424840be6ab3f98fe85e7b705327947dc3c84c765fe447f27a929eb494695431e8c34736953724cfb5100db82a26d62351c0465c27f904428c7a8c
+	C = 25096873884a5394df8bec3b7041799e3617dd91cd734f29321c0408982bba89bd1bb3ec4f1a885fbdaec6994ec54ae46869baeb3de52950c029410bfc2ce0afabf4663f8872bef22f334c3179d37d24817e8c2f8bfe4695c5b379dfdd3239152c413302a33a452ebe9b2ef13d0a43
+	reseed counter = 1
+EntropyInputReseed = c55987676491d127b3c95c570bd97eded35a128ff3bbc6823122e0d9469b22c2
+AdditionalInputReseed = 0e19985fabc3b3617da26f2e84cd0e7efafabd2fa377ebfb939f733ec3b47045
+** RESEED:
+	V = 2e980c444426e3e47c2a296063b503f5584db0431c38752bdfb596572ed91200bfac4ead7bc84eca9c9ac0bd255c291c9c1f8f6a6bb9a891d79e0adbb07793f0168a24346c92d8f43037bf873fce50c9f4825873c7292646f6105ccc84e9e6a38f3c7cea5d15e68d1c73cb63afb7b7
+	C = cadce75a41e4c791db7b90b5ccaf3eafe77298d19019c5662733e9695d5503d13e45f6c3dc62584eec05ea5fdfe97a1ee0253871df07044cc1a452ec01cef2c24e763923422967d7f3aef7e284152f8daf4da1e7b3dfa297fa1b9f445dadf1c1f97aac01d3abf18d45983ecc5fcbec
+	reseed counter = 1
+AdditionalInput = 7d1b508e1d51c384c0ad19821e86be9dee1f338375356355b9814b1bd99dbf21
+** GENERATE (FIRST CALL):
+	V = f974f39e860bab7657a5ba16306442a53fc04914ac523a9206e97fc08c2e15d1fdf24571582aa71988a0ab1d0545a4a98dcde89e6b3ed2cfaf142f7ee094c4f8529c4960dc8a2c3d32bdc22c214fe23dc3019a1091563ea6adc542d8aed3ea57c9bec74045dd38529bd75e23f604c1
+	C = cadce75a41e4c791db7b90b5ccaf3eafe77298d19019c5662733e9695d5503d13e45f6c3dc62584eec05ea5fdfe97a1ee0253871df07044cc1a452ec01cef2c24e763923422967d7f3aef7e284152f8daf4da1e7b3dfa297fa1b9f445dadf1c1f97aac01d3abf18d45983ecc5fcbec
+	reseed counter = 2
+AdditionalInput = 6dba825a91db5e24437a92d85c692bcff7d8d5dee2a2ceb6fe82d80c6e0288e5
+ReturnedBits = e7d2809c4591d13e67906d5bf58d05e7e96744cc21f7c4b9cd7f36b7159e739abdda510378d82383c61a61af107fc92a17bdec5a197c926ca0b32d93ee5939f343afeb4f6efc51148f070b4ca6fa9a3421e27ba0916c008492e88b52016173c6565137c4cb72d300726bba93823ed7c991a8a67aabea4014fbd576a7d4fcd946dca9431626d89da5ddd8c490259a8944c48e0d55b53f3f7a8acba8a91a86aaa137dc7b00b8d3a44a99de0db3e4e6d6d35ef933c468b6b53fa2e92d45a71af9f4b85077a8fdc78dc046ca3192de7054f475b804ebc420381131abe308c394969bb59191975bd32e15302089e99a4a9f6e359ebb25c3e0487c1d7c9bee468aebf8
+** GENERATE (SECOND CALL):
+	V = c451daf8c7f0730833214acbfd1381552732e1e63c6bfff82e1d6929e98319a33c383c35348cff6874a6957ce52f1fca19513e1e97891a810ca9846b240c7415b890be38ac89a93c61bf1d182a86ed44cca0f5ee0a6d239b997f43b104b7140acbf6ffe1d3c670781c105f5e945051
+	C = cadce75a41e4c791db7b90b5ccaf3eafe77298d19019c5662733e9695d5503d13e45f6c3dc62584eec05ea5fdfe97a1ee0253871df07044cc1a452ec01cef2c24e763923422967d7f3aef7e284152f8daf4da1e7b3dfa297fa1b9f445dadf1c1f97aac01d3abf18d45983ecc5fcbec
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3c834da8b99e228ef0a8f2dcb7d0dec6b0103ee2da5e25136ea792c3f7048a61
+Nonce = 5d5d724e0fa0e5c7b3fe6ccc0c9048e6
+PersonalizationString = 17be89635e58522d8caa3c7b7340d26a70fb2b6e798f73a58c529ba5e92d969c
+** INSTANTIATE:
+	V = 94a88868eac260a5cb5244e81d7657ffa533e09296cc0ed6e5ff955db54d6fb7d404b784f487016beb4b633b7748a389f30363127a8d5bd4cff3d26a3baaee62c1b9c032115ef14362786971ba4e8a644f9ad9cf00f9ad1ad71545d6bc38fc44fdd7aec61f054a74c21ddeaf552865
+	C = 68c5e9d9c50de56cf57198c523ccbae8cea6018fb5453a7320f60d4c70814ea66cb7a4dfbf3be0c33cb2b46183b9d0b9d148ec08a97875f1a5b6ba9079550365a53b8155c6d7289db96ca95280db4d17eb36d523b2e83baa1740142e06c49984c79a1cc796e34f9cf01d43563b10c3
+	reseed counter = 1
+EntropyInputReseed = fefe87bbe72a13bacdf0aab0f7a99ec269791a0bfc6f3844f807dc64d8e736c3
+AdditionalInputReseed = 0df852f6232ceda51a8f2751900d9f170c00140d494ac13ccbae46e20be839df
+** RESEED:
+	V = 5d048b75e988e8ce69bc53fdfe63fd7044b424ca9ac465a016f5b61db6ad52f3e1db9292f951d8c75d4b88d93cd9cfb3c8bdb374e683682c71315fcf3083a3cfb296940f7dd4097b6ba264789961f834e602f1742e2d5d739f49d7d767cbfe2cbcdc1a71c87bde454f08cb8a2cee23
+	C = 244142eba99391c543ecf9f8ee71251048440fef844b6224bc18f36f9d58215a456ad3006f40ae099acbd6f5691690aa25c02893102b2b1c7b697069796bdda45fe13bd97ace8eff27d6caccea642cd1c24e177587db7a6c8a365d27d27112036815d5c793702680b028ca78696753
+	reseed counter = 1
+AdditionalInput = 39f35a23ff6ba451436c662b436fc56959c53d1f1f2b374a99771585187342d0
+** GENERATE (FIRST CALL):
+	V = 8145ce61931c7a93ada94df6ecd522808cf834ba1f0fc7c4d30ea98d5405744e27466593689286d0f8175fcea5f061a40355967775463cf8fd33162d8f3ba479a7d5cbd6d6dbd4e97fc9009077006577670c53726bd23d206e4ce4685b2943b4750806147bb2767734412d7f5010e3
+	C = 244142eba99391c543ecf9f8ee71251048440fef844b6224bc18f36f9d58215a456ad3006f40ae099acbd6f5691690aa25c02893102b2b1c7b697069796bdda45fe13bd97ace8eff27d6caccea642cd1c24e177587db7a6c8a365d27d27112036815d5c793702680b028ca78696753
+	reseed counter = 2
+AdditionalInput = b69ca7ec3357e9c24a37069ef73cc3b506f493fd445accb99f24fad351df6c16
+ReturnedBits = 5280e65d86c72957c51c63cdeef87fe9163ac05c93dccf279ff9bc47bf4d8dba90395bd5a4fe3828746b6f7de947c43b4c34bb1bf06912d417d0fbf547110fc3a7f51a9a30c4d0792c5f34fe686079126c792d844d09b8ed80476443797d4e21a69e3b0fb761e0c8460190745c42e204c27a2d8e6fb8fbb8d1cca56eed366e5c7f1a2f3795d30b6d47a1bfc7b2c9b851993272f8e91daa40ca5dbea3c1ab272b33a91ebd6e36bcd3ffd7e296e342cc04ac50f5f6d36796891f229e3c222ebd0896f37b99c4049621fcbd47462d122d2dc0a774dff94b40ad2bab06059705667080f34a52d4d54c432a1d1ce3351cb0d44805c45b926759f760db84e3ff764445
+** GENERATE (SECOND CALL):
+	V = a587114d3cb00c58f19647efdb464790d53c44a9a35b29e98f279cfcf15d95a86cb13893d7d334da92e336c40f06f36a6640adfea2b23dcbf5557de620d115151509b4ee571de510cb0dbb6adb0ae30b9f27b4026a88cf21f00d867d13a07250b9d097f3986736d686b6c5ecf918f7
+	C = 244142eba99391c543ecf9f8ee71251048440fef844b6224bc18f36f9d58215a456ad3006f40ae099acbd6f5691690aa25c02893102b2b1c7b697069796bdda45fe13bd97ace8eff27d6caccea642cd1c24e177587db7a6c8a365d27d27112036815d5c793702680b028ca78696753
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = c5464da02b08a9c40e6a84c1825548e8bf355cf16d2fcdcf355b7878c9bfbf16
+Nonce = 8d8eb753e5e17a17668aaf4780c4e589
+PersonalizationString = b879545349ec0a68d86db0e7d774c2106aa58e41080f46ca47743bf8bf8beca8
+** INSTANTIATE:
+	V = 3154a041558086d52aa2190f2a87496b8840b3d7d770ad3e0a9a2165f4f743627faea463a0d3089d9f54ee8eae6eb48057acd79feedb7fce20d6e7d474bb6eca5a24e83bf86b061f032db999a231c77f271a001bca24d2eb3096dc8fbaecc63142fcb3984eb3e18121fc990994eacd
+	C = ee7c6ebe826073f4e9a1b5e3706061e67c7f4dfc0cd2151cfe0110b7f5b62b7f3b0f264dc4ab924a2a06d950a72169cb05d00e560d68654f11c85ed16e137a53cc00e942b8971be10368b4f38347d4baafc219fab273122cf34dbf6c720ff814ef666de02942a40b67327a532011e6
+	reseed counter = 1
+EntropyInputReseed = 2552ae9d71221bcd51b85ac97460c0c323832237bf1d8459df4dfaa3cbc008c6
+AdditionalInputReseed = 18cdffd079956a24a0c2bdf3eeaf6bb76aad09ff56510b374eb40a9f0dfb9749
+** RESEED:
+	V = 2bcc1bb6494451b2abf229c4edd981a5f4436449d78c1df683a8552e3d21bc34b5d6797fd4cada134693138fb7c961074e0b1ee58cdf0802addca6b2767d09dfe48048b56920f5fcf9b5166d2c063cd9d56592c37cb201ca5b9ac07b5086a725cc19ec039f20052bc593e87622d337
+	C = da780381aa7944972c99746a1903dcd13f3786f259055ee8ff54b6b392e43917b5ab03091518f37f7640ca51debf0c357a449469b25a7ca5b90dcf91a9d4caee92cd0b539a8f3d9eee6faf77a6caeebe7e5f07ec37bdcb8a1c5208e9db0b5e06dff38d7563caf380f49a550b912b29
+	reseed counter = 1
+AdditionalInput = 79a2a2d9e73bca96f05f984507c6739a47cf2aeb61e4e22a52ccdd5b6a92bade
+** GENERATE (FIRST CALL):
+	V = 06441f37f3bd9649d88b9e2f06dd5e77337aeb3c30917cdf82fd0be1d005f54c6b817c88e9e3cd92bcd3dde196886df3776ba759efd499bbc468d3b20083aad47834e7085edd26c730950b9c310f1c60fc20a58fbb6bbffea30c35cebed6dbb64df8a47f072c3254fa608f1ef2e78b
+	C = da780381aa7944972c99746a1903dcd13f3786f259055ee8ff54b6b392e43917b5ab03091518f37f7640ca51debf0c357a449469b25a7ca5b90dcf91a9d4caee92cd0b539a8f3d9eee6faf77a6caeebe7e5f07ec37bdcb8a1c5208e9db0b5e06dff38d7563caf380f49a550b912b29
+	reseed counter = 2
+AdditionalInput = 3c96f2542ff37484a7131db931cda56bc9152b9a9537b6d3e7fc1a22f3b8db0a
+ReturnedBits = 04c2af11f4b5681db56bb4ac8da8fa1a903fd5668592241ab915c07bd34747e2a67d2f6b24d81b7c68f46e2fc773334a25bd31f36e0dc362714695c3fc22385c3a6199160f66b421073b0c2f09f1fd313c5e8952384fb88118e5531b4d83ecdb659b088fe63af490d9b4593f163f642e4eb956c7c2cdfadc04c42e13dd4ee81bb49c98d7b939d354e96946548b54b0f3c6eb3b610e471ab864c7ce257ca1fd64f4642bb9c971205f03676add086fc042be64c250f656466a163796dace672581d9671e83b4ca20e57cb5fa9f48c44e8ce416959f1b929c26702d4a4463e8f71985cc339a71c191a262fc8240033e6978925b6d10245fa5cb028b0b9f89082044
+** GENERATE (SECOND CALL):
+	V = e0bc22b99e36dae1052512991fe13b4872b2722e8996dbc88251c29562ea2e64212c7f91fefcc1123314a83375477b9b32b89349bedb36eb489fb3853e094c49a70c25e49411883bed0fc697b1a30ad0c5b0fb161622115b3cd867614368ad3dc810c749f8dc129bf5d6e8a9e70dc5
+	C = da780381aa7944972c99746a1903dcd13f3786f259055ee8ff54b6b392e43917b5ab03091518f37f7640ca51debf0c357a449469b25a7ca5b90dcf91a9d4caee92cd0b539a8f3d9eee6faf77a6caeebe7e5f07ec37bdcb8a1c5208e9db0b5e06dff38d7563caf380f49a550b912b29
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = a15098fe07743b2e071918220c0ab0228adfbee7a282e07c5022024b36cbb0e1
+Nonce = d5597573d28d21787436d4b316d02875
+PersonalizationString = 22d5319dd2cd689e75873062c4d1b993d1eed325ad2d53b46f437ed4de468d48
+** INSTANTIATE:
+	V = d4edabd917df5d15abdd7125655074be08025978bb5d03892e2f1098308e36dcebf52a5534d92f2f40b6fdef74d5fa5edd5218bde4aa80f1ce55a7572351080bdb3a9bde4918b4df47ff58f55032a3aa789b4b1abc2e2385b349b39b7379fde8a242375d526d2ed242dbc218c0d25d
+	C = 116ae8c3c6e58d832e7fbfce451669e38d45c602d6626560abf97030bc46de50ce9d73ef21d92bf214d3aaca4354db3e32b28bbe7c6ffe51f30bac1afc91b0f7e59c9734d5a277093ac8d919556dc6bc31fb17532d2947a4132abc9a227b16af6fff3a9e6e6b0fac17f41ee16743cb
+	reseed counter = 1
+EntropyInputReseed = df2ee577d86dc12f8ad40ce346e70169e657766ae2d64bf83a0172415774148c
+AdditionalInputReseed = c28c391c2e92f46eeb33cffa537e295f6ec492e32b25000086d38c05fb530af3
+** RESEED:
+	V = 1d8652263d8ea665e6d02fe7931b18154c869c5f3d09bdc44ce32d84e5213efd7d4e1873448e5b6a8b27cdba0b9accff38df70999ba3638953b2c61a8cacb35f1c0bd9cc65c62214ed56e44a8e08d66e726d1583a1e825ba7a09291b1d7e0b689c5eac984d7a395dc061464e027300
+	C = a69437ff9a863a643228b99bf3faa8aaea42d21c990e1b8cf095b63f4e5b65846fecf94ca20a5cc9ef52d3d0c36999914f4194d15a177cafa753c5ecc036c36c4b89c6b93675b711c1118e98b1f91a8bc208f0a5367767e231ed3608333e2dd29f463c4fc213535e0c1f2bd420d692
+	reseed counter = 1
+AdditionalInput = 3fd1e0aaccac114d434182b06c9c4b363013c81252d40a8f704692b13251b0ad
+** GENERATE (FIRST CALL):
+	V = c41a8a25d814e0ca18f8e9838715c0c036c96e7bd617d9513d78e3c4337ca481ed3b11bfe698b8347a7aa18acf04675e47e16047a6367b5e4ca66db8b9fc9751fb0bf7db2c6413d49c856476e498f57cd68a28f1438284e314b33141c47f0d9cb6d8f8f7a8e88a126b5d70beeb10f3
+	C = a69437ff9a863a643228b99bf3faa8aaea42d21c990e1b8cf095b63f4e5b65846fecf94ca20a5cc9ef52d3d0c36999914f4194d15a177cafa753c5ecc036c36c4b89c6b93675b711c1118e98b1f91a8bc208f0a5367767e231ed3608333e2dd29f463c4fc213535e0c1f2bd420d692
+	reseed counter = 2
+AdditionalInput = 75d15ca64d3a0cbc8ca74c9232245fc1bb4f5293b63b031407106bf9f401f118
+ReturnedBits = 41e479203179d23a759611040fc32f4e429ac3061b375ef769a5a3ae46e8352d96fb473dcf37345ef34d55b9fd994dd053abfa7c42939fb81f1713f62bf764fd1177601eef5421a8e62c8b8ebf73f1c6854eaef4ce4efe67b464e977f9e495f8cccd2e85666683852e9b0ccec993054abbe7df9d4097681294f79aaf27ad99d51c6bc9bcf720cf4cf4d95ad0ce6541d186a311077447916e273b2bc055f7dbb58de86c50cb889dc3c32fdc8697e801b6c9acfbe7dc654d397039cce538266442f8eafc82dea14a660e478a040ebee425000994d5193a7531428f76ae1d114dd7fd6445ff246f4ac5c6263c231db241a14b420ec2897859fee2958ccef7a601a0
+** GENERATE (SECOND CALL):
+	V = 6aaec225729b1b2e4b21a31f7b10696b210c40986f25f4de2e0e9a0381d80a065d280b0c88a314fe69cd755b926e012b1cba90222096c10b23e5b3c8f7b1a37bd566100410443e22769c0a52db3adb79b8af1acc836dd8938bf10648313465bf8e36cf22ef10298eb316897f2aa004
+	C = a69437ff9a863a643228b99bf3faa8aaea42d21c990e1b8cf095b63f4e5b65846fecf94ca20a5cc9ef52d3d0c36999914f4194d15a177cafa753c5ecc036c36c4b89c6b93675b711c1118e98b1f91a8bc208f0a5367767e231ed3608333e2dd29f463c4fc213535e0c1f2bd420d692
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 70ae9d4023e35b193f7aad62cd97d3df136f6b0d82b15970d31495b32174152a
+Nonce = 951e4e9b333964f845156b938254f6cd
+PersonalizationString = f6d7bcc9e070be960014646e86af22909d2e3d9cf5c5a9659fc8239179f43b21
+** INSTANTIATE:
+	V = 13b3f536e298b2ee0942222fcbffbaf05583276ebd3c55157f3be2bac69dd81318498708e00f1ae020319f956013220094a1337659f39bbf6426c37b5cb11c8733da36929e279de09a42a753b0df84fbfc85ab519de2c694b60f179685f3952548d65f19d83bea9fea131165b975bd
+	C = c63878576ec5ff7959004a843f8a774784a55ff5b7e2f912604e52c442856262a7704b998b98566a6156a7e9c3822c925e2dbc7f2e9e256dfe8bbb745ddb701f1bac4546b5d815641ec6e1f2a3943870c06dddc76fa58d2f3eab1e38fb519154140b4fd5c6a6752ad2694ababf38b3
+	reseed counter = 1
+EntropyInputReseed = 9acca68f28c0a28302253636a0840189e12215809931f48178711f698c758c0d
+AdditionalInputReseed = e0910808c5251065186b2266fc329f20c4d4726032235bc1766c3182c57724a3
+** RESEED:
+	V = b7c86804bb0173f838c9f75ae10ee490d897984954c80e1571c738511ce4c167e95df1b960c2a44acaccae6866252312081932e661f6b5595b5de8c087abbe613280ef731cb8d9f130b5b49fa7e1248ecf74501416100fb9577650ba704979b81512d237438b8a52f6d66c8118fa76
+	C = a475e0389dbd77363a00938ad5ab0090578d3b8984931205b44927712a2dfccbae332cf4a413204f45a8706c89c0adb698c25ef6980ad71e13fc9042527b4e408f471224f48b53caa2d8a689488df34365787a19bc716c961e3e9875fb2d6c191e8a537622ce1c96e2f93a75a0c053
+	reseed counter = 1
+AdditionalInput = 7b666420b73a6d23c29aaae8753ebedc3c18f2cfde9871510632f38077c4602a
+** GENERATE (FIRST CALL):
+	V = 5c3e483d58beeb2e72ca8ae5b6b9e5213024d3d2d95b201b26105fc24712be3397911eae04d5c49a10751ed4efe5d1efed3aa1cd28332a5be1d9680494f19f0cb505fde8b87f9cc0a5c58fc15efe2c6f6f3a3b96ec071d76394ba2e91c1e0880e37c9400c3f02750397286152ddda4
+	C = a475e0389dbd77363a00938ad5ab0090578d3b8984931205b44927712a2dfccbae332cf4a413204f45a8706c89c0adb698c25ef6980ad71e13fc9042527b4e408f471224f48b53caa2d8a689488df34365787a19bc716c961e3e9875fb2d6c191e8a537622ce1c96e2f93a75a0c053
+	reseed counter = 2
+AdditionalInput = c6eb8fd2b3671ed603381983ae5e77612c20e223f6659bd60820af8f561e7290
+ReturnedBits = bbf783da821b78afea3fa6f4401e0277dc0f67f61f4f26302cfbada11f313e7ff80d9d0693a39388fdcb4b1e3ebee437e733d82b72d394cf3c927e7e69b866a805a3b3cfb6119731b2546051eb5fe1cac21f4ae925d0999d597a191e43b90f7c640f21f1e0c718271874dc3cc0acb1dfa623e13e76e9d0f194ace63669de5af1c66a4ec01bcb8a98be7c47cca36cc355e617a37ccc41a142d22a59a358e3d930f08a60ae4613f6ae5be560ddf819f4df322d2aa818bd0a7faf127404b625d7cd75e7f6f3507654c136d46db0f0ef7a593a15fc2384814eadf55bd402be2c9e04123958e304107638bd929aabc1ce5272477ae316431e67a4abd8a53545710a78
+** GENERATE (SECOND CALL):
+	V = 00b42875f67c6264accb1e708c64e5b187b20f5c5dee3220da5987337140baff45c44ba2a8e8e4e9561d8f4179a67fd62a584b8e69212bd325f0b88b852f2680df49beed0e54c6f282231ff306c6759b2ab0ebb86d078a18af508ef2e5d0820acdced6fbb08418f113fc5c60f221e9
+	C = a475e0389dbd77363a00938ad5ab0090578d3b8984931205b44927712a2dfccbae332cf4a413204f45a8706c89c0adb698c25ef6980ad71e13fc9042527b4e408f471224f48b53caa2d8a689488df34365787a19bc716c961e3e9875fb2d6c191e8a537622ce1c96e2f93a75a0c053
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 2623a267c3f802ecba12689f98de987eca93f1fac8e2e1d4d97b8e495ab888a0
+Nonce = 678eef61e1342ac5ec47c7d77d7fcd4c
+PersonalizationString = f77b8f9ef68b059eae57abcb323f490e5a7f80d6bb8b1e523ddc3fbef0051a65
+** INSTANTIATE:
+	V = 0c9af3107229a30bbced96c0e53805b16d7148e3cc60d6175742fbed3cc9ad4057baeab984b4a8573f038da361f7d88d3207d1135d2da2b1f69d02ccf9957a9db428a05991f11bdddd923efd33bda2b64ae6bb886f55963702be9645780cf5e470cc353526529d0319f625ce954bee
+	C = a9f9d5687b1bb60d07e05c7bd58adb6ae7bc78d1910a338adbd1f0636ed8b6e60961d2314b548872ccc5f5b89dafbaffdefc7f98a4ea15997e56f57dd3e51ba79defa6fc27df31a0b29beadbdb8b77b529ab64861ee1008ba3911e844345acd61c1746153d4d0da07234bcbd3319ca
+	reseed counter = 1
+EntropyInputReseed = b47d1c0e4a8bb7d249f6b60d597a8e17209cb5ca6c136905f9535e4f88c04506
+AdditionalInputReseed = 7624c54438e423a872ec5540082dd59de9858984c715a5db88f475208af17437
+** RESEED:
+	V = 2110e9c7ab0872582dc8d27c59fd0eb7cb26b6d7f8444b07f5efedf2a56659196cc05b3480a8bd570c3ee769310cc0d9f66ffa47dce600ffd5bbc997e879c1efa0564ee2517b42f0050a798ac4f8609c2e2542962f1d3a84ab47e59c1753649191d3a23b461f4216f888383630a2a4
+	C = 3905396311a41dcb40b79792b096da29d6854b12af7ee78eca2d27c7ff5da06e58426c7acbd4db6b6ad6ad29fad639b98d9a4090659d65ee8a80f8b664e4fd00541c2444020b146db529b49d592d9536b1eda08ec1a39362f8fa868e88860f2281903e1b4d373a2707a68bdff28f29
+	reseed counter = 1
+AdditionalInput = 42850b1f045a645a650d6393579c9b0c92d54ec23ccb5ea5330bcea6ddb81da8
+** GENERATE (FIRST CALL):
+	V = 5a16232abcac90236e806a0f0a93e8e1a1ac01eaa7c33296c01d15baa4c3f987c502c7af4c7d98c2771594932be2fb890f48889bad2847df70e8192e39ff5f45fc50e1f1fd3c81eb7fcaa224f0dfcb91c5f654300f30f667d8e55e4461e518352c2643b29b3194eab8553465cc5b47
+	C = 3905396311a41dcb40b79792b096da29d6854b12af7ee78eca2d27c7ff5da06e58426c7acbd4db6b6ad6ad29fad639b98d9a4090659d65ee8a80f8b664e4fd00541c2444020b146db529b49d592d9536b1eda08ec1a39362f8fa868e88860f2281903e1b4d373a2707a68bdff28f29
+	reseed counter = 2
+AdditionalInput = c28ef68b1e0111db027dfedd782f8fce882189370aa8a55de4a7e2048a07923b
+ReturnedBits = c9426c662a292dd02aece39ca6bf9ebf4400dd5c7994062aa6e7cf855bc19ff9e14f461414d19102ea2e7fb9ca43700de248a367ff10f0a1605d41ddb89c8927a64c4ad4c113efae99d72975f6c1a1d3311b4f0d6dac05aa5a78de52a293f3448c7a2032f31e2450b7eade4bbf4e44597abcfbdc596f4a83e9c580211f62d76f9b856f207a48b4a63a07b866ed4482a362e276ae06abaea2406089c5422dc7089f70219c71b7dfb9b847d9554190f12b9659cd25ea1379496d1650084c145e7155ac8da23015f51a90050ae4b8e285c54cfaf32fb91539434f434dbc18a20ac11866de7f0e8708de6fd5f00a18a22cdcb0286ecf49a21f7cbff1065d4a5e925b
+** GENERATE (SECOND CALL):
+	V = 931b5c8dce50adeeaf3801a1bb2ac30b78314cfd57421a258a4a3d82a42199f61d45342a1852742de1ec41bd26b9366b5b66249a5d746403d88d49b4b0293650082a6650b060573d4c5342bd5561c2580dd6da2734d7e9d33f4a0aa0296e32bb056699600f33f357bdaf8df9ebdd51
+	C = 3905396311a41dcb40b79792b096da29d6854b12af7ee78eca2d27c7ff5da06e58426c7acbd4db6b6ad6ad29fad639b98d9a4090659d65ee8a80f8b664e4fd00541c2444020b146db529b49d592d9536b1eda08ec1a39362f8fa868e88860f2281903e1b4d373a2707a68bdff28f29
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 2519241f1936bf801768d78ce24121aaafea760374f2274a5f0dee259c8456ac
+Nonce = 95197f7a254639ded795a598edc29c45
+PersonalizationString = 
+** INSTANTIATE:
+	V = 42d77b1da3db495e1d7c675b1a6fe5903febc11d48b3b36ac1559139d815d607e30b5be93f86c581f811160cbf2950a0a404a2c79cdacf812a1a9eed6f12ac8c351dcf9ba275b9b820953d9eed93bc59686fd3558756b50a4618ec37b20a0d146d1fc108a476963aae887ec6ac8700
+	C = a95818581f1710a48d682653b35bc35e08005bdcd1e332419dd7240880c4a5c381ba2e06b7629cc504d55f22b5d35c556d9498232915748cd724db5c1043d0a7f13d1c4159fc326c0ec1dbde547c8f88b9dc6f18272a90309e792404945deac590e0d420df5bdec350bacb36120a56
+	reseed counter = 1
+EntropyInputReseed = d83a938ee228887fd93e80a0c4778d98895dbafe90fcfbd0f38b3b09508b7ba6
+AdditionalInputReseed = 
+** RESEED:
+	V = e33f2c7c55902b85854fda6ddc7d95acb8ed49d50973a132f9ef8b2cf07a58ed5374413889b5cdcb3cdaf60ed52496a9795222c11c0fd9ce0b4174c19243e63c5559c18d638dd5dce9edca5ceec3ac6bdf5510a26a14208ff84d18bfa7c4ff66333da65f455a9cb5d19488d1d70a07
+	C = 115f5947c9ab6b39291efa39e464e7b5686b4f34a25171483be7ba68328decd1a5df451519d6374fb8a65011d64bb0b3d8839ab0ad7594caf752ddd125f68160dbe0bffc2571723588100b9fe8e52db9feff427ebed2dbd90755edf448f990bd40be6d769e34c59cec4f9e0a1fab1f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f49e85c41f3b96beae6ed4a7c0e27d6221589909abc5127b35d74595230845bef953864da38c051af5814620ab7047bb9a94448c6f9bec93ef7c1bee822b172572e18ce5bb0da3f642384a6eb4006fd76237c71bfeb57f02ce1077d9d01224a7aa657238b547bc161a84ed7ab04043
+	C = 115f5947c9ab6b39291efa39e464e7b5686b4f34a25171483be7ba68328decd1a5df451519d6374fb8a65011d64bb0b3d8839ab0ad7594caf752ddd125f68160dbe0bffc2571723588100b9fe8e52db9feff427ebed2dbd90755edf448f990bd40be6d769e34c59cec4f9e0a1fab1f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 55fc2749b8fc921bd60e3d9bc878f3f3c6ed87b36ac7d82ba3a04ca2ec68d43d19a3538b376279e7fcc421de0fa152b1270ec539ae248dbd08223aba1e7a2eada1dd942ae8827c39b2cead65a1d6da0a450118fcaff270a592580732a3cf59f2a7bb1fe4117dfc96ec75785e14fdfef3ede18e6813e1a575a257b5b309f3f7412b58d787a189caae2a96db8075e07849b9fa1e9d86f26ea53fbd622add4743d7892f31cc97d5f2fbb11b3b022fd505baba2b3892a3018c195fc20d7cb579ac3bb44a6c42c3e01526ae4eba9bdd3251d6f3a978dd080f50e24deb37ffc59192bd183e2499c490639c1f5ebf672535a27474e0094402dab75c91b3643adc1310fb
+** GENERATE (SECOND CALL):
+	V = 05fddf0be8e701f7d78dcee1a547651789c3e83e4e1683c371befffd559632909f32cb62bd623c6aae27963281bbf8daebc3ab37fd77bff596f990683a5a2fcaf8ea003053c3c43f7788eaeaf91b88a45a00f0c9595a2575054cbaafdbf3c13f529a20de369950346c338a253d19c2
+	C = 115f5947c9ab6b39291efa39e464e7b5686b4f34a25171483be7ba68328decd1a5df451519d6374fb8a65011d64bb0b3d8839ab0ad7594caf752ddd125f68160dbe0bffc2571723588100b9fe8e52db9feff427ebed2dbd90755edf448f990bd40be6d769e34c59cec4f9e0a1fab1f
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 573a46993331d5c4d899e7d9ed885712422d891872518f7c931bdfba00bc0545
+Nonce = 891665eac242758e641dde147c3bc37f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 33282cc7146bc628d8049e970791326687f1094d1cfb3c595ec05c437e42323761e9076ed1f60389babb23d6f477f561fb9b86fb02b483cf14f269cf31e26f553d77ed79bba9c54aada2037cde4d0de857fa9f330b900ffd45f5c5b46131a976b0e938d72a634304158c0b5fa000f4
+	C = d61f6d8ce780185b98e335c28d27dd14f33f62289f867e603a658a8886548cd3efdc72f9f73d2291f2ce571515278ec33dbe711652b3da07603e58d79eac582f446e7a497255fb5ca36002def0cf7f7203e2f2dee38c836ec27e7245199a59af8caac3c30ed179b673c6697962fda3
+	reseed counter = 1
+EntropyInputReseed = c3ac3f767288139f90d0810b07d90d0b186dc5a432a35a89331e9e4ee8b2552a
+AdditionalInputReseed = 
+** RESEED:
+	V = be13a4fad05198c756ec6db553a97fe88e42046b6312ad3eda9e61d459c2522f8d27f58e0785275993b5f9ca41232b1a8e4d7a59cf2d098f76047907ed4f829a376bd702d36dfb883fe4c76d7da17e89ba99d73f63973986f08a1832e7d2c4300500055786f6c58060c301dd548235
+	C = ac2d2ba927ba4e38e7b04ea23988f718b9cbcaaa87c7e650ebb813c7ee36ee0fe79707aeef2211fc2c2c9a178144449783e8f145128b8fa9ee91ec77610495efc049626c84ad7653c2c3f8ae56f60a0a679536151b4d5b342698e52c6cdaef64cf7fa7ee42d7240f81ed22159fc5b0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6a40d0a3f80be7003e9cbc578d327701480dcf15eada938fc656759c47f9403f74befd3cf6a73955bfe293e1c2676fcfc5bec2a3b62785ea587297378ebb5b70fe6cef669a6f5a4212658c1896b087a4a419214b124693e771e16786f7aef0c2cba66a0ce2ee558e05759338bd0a6b
+	C = ac2d2ba927ba4e38e7b04ea23988f718b9cbcaaa87c7e650ebb813c7ee36ee0fe79707aeef2211fc2c2c9a178144449783e8f145128b8fa9ee91ec77610495efc049626c84ad7653c2c3f8ae56f60a0a679536151b4d5b342698e52c6cdaef64cf7fa7ee42d7240f81ed22159fc5b0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7556cdcde6060b683452103c08f91522d904a3cca42a9a3f5971fb8b7c6fc504d39f4eca690d11fe4a1c2182266e69323381f9b25f4258cae6ab29195a61a30e2d5c3a1e22baf04d4c8f943ff74205cea7485cc285b0ff9450be7e125d18b026e044ade3e68c00426e45925faac62880dffb40b55a6521ec33ff081950b500bcb32d052c4e960a74e43049e9c6d4a60f5650120dfc952697e07a26688f72d737c507e6eb49bebccbf975997df606ce027d1a746f8bbba25cf550f0c862f2eb09a306be95fffe061cb7498fadd24149719123a44872565033b8d4ec06136b35e7145a6fb94101cfcb73574b3ac0530f3a250c2e53a3b25c23ae44837d034e1483
+** GENERATE (SECOND CALL):
+	V = 166dfc4d1fc63539264d0af9c6bb6e1a01d999c072a279e0b20e896436302e4f5c5604ebe5c94b51ec0f2df943abb541af10aa3664a13cdec5c4386a81bb92fee41845d03154c0fce48a1e5bb96f434667cb54627cd42aea167465fccd3af2b104c2a3d547bb69f6235810df0204ff
+	C = ac2d2ba927ba4e38e7b04ea23988f718b9cbcaaa87c7e650ebb813c7ee36ee0fe79707aeef2211fc2c2c9a178144449783e8f145128b8fa9ee91ec77610495efc049626c84ad7653c2c3f8ae56f60a0a679536151b4d5b342698e52c6cdaef64cf7fa7ee42d7240f81ed22159fc5b0
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = cc44bf5aa5806e19b97129543be48d42a42498050c9d781070b4302c91fc0d54
+Nonce = 7c08897aed3537e8964fcafd8c9ec6a4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0051811e52756175d8df426748d7a0778f71fde621f8810ca7afa06724a092131d736c62a6860d0397756cc400fa7f4ee32c9f81dd04d7b25c2148bef9abe80f625720f5fcbc4c31d8c9c84359a2f49d7f6cc407238cb3bb5e316ab0053d37a9746649f59cba796d3e7b20affb9901
+	C = 30c31b41506df934e4087dbd417d300d7dd3e3127bfac061fec8c10e1a19ac8bb802811e26a12613d545562f8fefb7285fe19b5f9ffa6cf986e215a0b0a9bba74565402aca12ef3f6eb95f618d6f0c911f4d135347c49df12c0c66ccbbcdb6fcb6698e0aac97c3ad2306b02607b16d
+	reseed counter = 1
+EntropyInputReseed = f681ff0ba894ce8000ca8c17509396024a75a49c4aed5c70b8f71b5dbe4936ab
+AdditionalInputReseed = 
+** RESEED:
+	V = dfe33e9baf7ec8cb18b2234aef2b9d1b0ba494c794c4f6eed95cba9522890ec8cb02fe876de499eb65f2a0547211cab7b127f29f717ff69d009cd5fe0d7adf079c63a8f10dfdbace353ed6af485e1d02d6bec0ca324dad4306e7125131c6d591ee2682d3bb4358762bb1b8b1df281a
+	C = 9469875e1e959ddb34bc3d760fe2a1d7a670c923ce0261e1dd873fa1e19f6dbcc8875a958e078b06d29f5bdcd2482369a6eb4279927b4c1d194a63d77ee9ce476fdeb5f63c3c9ef2824169f2cfb6704b3bf783c62df5572f960c70e50bde6fbab5b911c4101ba63a912a8fd622e247
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 744cc5f9ce1466a64d6e60c0ff0e3ef2b2155deb62c758d0b6e3fa3704287c85938a591cfbec24f23891fc314459eec8d114b49c03fdf0212f3e3b4b46e89a6a0ebacacb2286b7c00d37330f60a1b3b0fa90a763a42e28e1ddbec8b8d471eea54278fcced3d178ff82f1fdb96b423d
+	C = 9469875e1e959ddb34bc3d760fe2a1d7a670c923ce0261e1dd873fa1e19f6dbcc8875a958e078b06d29f5bdcd2482369a6eb4279927b4c1d194a63d77ee9ce476fdeb5f63c3c9ef2824169f2cfb6704b3bf783c62df5572f960c70e50bde6fbab5b911c4101ba63a912a8fd622e247
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f700b3bb5aa6662b3e6c25d58c900ad5d9709affb68579c1853959340c147f23d795fca4b1af2e528d858a8f63521e699c6c516edd291648e6c96eab4aaf9552d2137ac3baa3ec6f1e9a259a07091f20cd0bfba01fb5a63c83ab34252930f7dd12da52c03fe456f0a9372312565cd292b04fb9591d6637b32f8fe08326c44f00181d0e5f69aaea87772b17c611f102e8dce0817796245a69e57916c3fdea3ae4a81ac4f32d6861a1ca4b8971049131f99e374ae180df3405d576c743a1ccccaf10d030c966ea4aa6511c79ede376d0368b2f702f428cf7f3f64f9a5c22a198bbb276100c6e5df87d99bcb5f72c55d6e8372da8151834f07175f8a163879adb2b
+** GENERATE (SECOND CALL):
+	V = 08b64d57ecaa0481822a9e370ef0e0ca5886270f30c9bab2946b39d8e5c7ea425c11b3b289f3aff90b31580e16a2128dcd8698ea03a0c7aac12bfc655190c73586671405e85bb27c2866f7d37a5faaddbf409cdb9b6dd7cd9344b13a14613954639f4253d1e233d977dcb316f16cba
+	C = 9469875e1e959ddb34bc3d760fe2a1d7a670c923ce0261e1dd873fa1e19f6dbcc8875a958e078b06d29f5bdcd2482369a6eb4279927b4c1d194a63d77ee9ce476fdeb5f63c3c9ef2824169f2cfb6704b3bf783c62df5572f960c70e50bde6fbab5b911c4101ba63a912a8fd622e247
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 95ff08b2bcdcf42e235f3d6d3e708a1d6ab2c771ac125ae4e427c0f374927d4e
+Nonce = a59c1b00ccda0640dc8b8eaef8d6bfa5
+PersonalizationString = 
+** INSTANTIATE:
+	V = c5624fde84b074eeb3f1682f51cd1d01c9409dd7b1b5444c52c2f3385c0f4c4357f67b856d0fff9669cd89b4b0173670a54f9282c1c841db1611de27823b435b47483ea15736cbb623ce82ef7440eeb67195f97d52446e07b8b92b10b81a5cf7c8da4f53c620d85bdc6426688f3661
+	C = a4a70008d0d6e0e389364237c38e83234d714321601f59f0ea3d742bb6ba1def9fbe65315dfe58f0794081372425f80f9c5b5ae6c606c7cc5b20b532ea44e74bc69c197541256431a48b9d6fe81af88eba9841696f69a3f79d3348f4bf1d951e888661a7ae2751485bb455670fcd7f
+	reseed counter = 1
+EntropyInputReseed = a0696d9bc616eb507087306f5ffd2ee49f33ee0c26e926350bcbd4d760420abb
+AdditionalInputReseed = 
+** RESEED:
+	V = 4800e68970bb8fad6e45ef69d2e3b066e14055318b8bcfc912029c31fd566398bad5684ab77c99dded09abd31660e591107a622d1dd4d9abbcfe285ac5446926b0908a1d732964bc377e6565c594f986ed6a915ca144c6bb40f5099547304198542a9896359539c56c8b3a7d3841e7
+	C = 6ee0e544058cd70214928b6b3aa48954761b4b810f83934bc110725d9726212b043e390c106756818c892232f84157ae2a06204bc16baabd393008a5f31fc2b5971b08711d0b922d98aa9e409dbf94c9dd1f408c6d05ad5e46dbc694b61b13369cd61a3dbe2868e2f588d2fba7b8f3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b6e1cbcd764866af82d87ad50d8839bb575ba0b29b0f6314d3130e8f947c84c3bf13a156c7e3f05f7992ce060ea23e3c98dd50f2002d888d3785fffbe9839c725961448b4d745cd30de2a13f18a80c8a7efcccc8545f6c69670c9eb483afd788cc0b30740be0ac60fc2edfb1951996
+	C = 6ee0e544058cd70214928b6b3aa48954761b4b810f83934bc110725d9726212b043e390c106756818c892232f84157ae2a06204bc16baabd393008a5f31fc2b5971b08711d0b922d98aa9e409dbf94c9dd1f408c6d05ad5e46dbc694b61b13369cd61a3dbe2868e2f588d2fba7b8f3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d972f4dc2ada13ea2ccd543174e7181f781f4b9ba4054d7decddbfb5e16cd3b5a69cacb3a2ef7f90cd014ce8079cfb6f0d5b47e7b718ed8957db64fbdf77d7a3fd3be00e7c81eb8d442992a46c22d0892bf2a4b3b76b75dc9caa2562c2851077e6ba23528455f94d9c3b6068642414ee11340757c52865088108a4acfaa7c1ebdc75ede19f4431a0cbeb607adeb3b6e4bd5a65dd83ed38def6362734d1239e9248cd0c0652ce887e1106beee776b3fa9cd11de5131b64a4cd55110b1cdd9b53b5c4256cceac80374c8e1b12cfb781fb0da914104dbf928f3f298e33a39f2329732fb970b4027a250af829f3b4ce6377bbed690e9ec6ecf78c8d1a56985ece711
+** GENERATE (SECOND CALL):
+	V = 25c2b1117bd53db1976b0640482cc30fcd76ec33aa92f660942380ed2ba2a5eec351da62d84b46e1061bf03906e3965f30b9e48c20fd70c5facb84d10248e686bd451463bc5c9fe8f0b8c5257291e9f97c16e861ea75ed0f45221bed8b590dcbd2acb29adbb347ba5317aeadd4ae17
+	C = 6ee0e544058cd70214928b6b3aa48954761b4b810f83934bc110725d9726212b043e390c106756818c892232f84157ae2a06204bc16baabd393008a5f31fc2b5971b08711d0b922d98aa9e409dbf94c9dd1f408c6d05ad5e46dbc694b61b13369cd61a3dbe2868e2f588d2fba7b8f3
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = fd99514d0e29c8b66f60598fe26307799c98f0f017cc7231f30278d463c20ac5
+Nonce = 1caabfe73440d673af2509eda989b184
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1ed21b6c70823e16f32a5156513a632a1cdde1cd9f57680e1130fc441a2ce601953ac4286226a1999d9f27395f4639633f80fc567d672aea813f9b3a290e7754e9058fd8a741ba6e4cdfb5df481393b2ec0c19c3ff04ffef64081c29cf9a816940597cb1f3308110b737b72090c6b7
+	C = f4a78e64a6aedce8dec66fa5cfa06a285a18aa438e7008c86c8fdb658e41619b431596c1304bfa2e446540590026397e06b7594e8970a78c98ef124441697b7267197ecb837ed09de12c1e61a68bc3e84c24a3d091dd2a3714fe41ac1c16389012d5c2ea67c878bf3ab69cc503683c
+	reseed counter = 1
+EntropyInputReseed = 3de1922690e93e6626c86fb47e7a4e0f80d716d8a34fee989e3de8f5ad0f61c5
+AdditionalInputReseed = 
+** RESEED:
+	V = 4c6859188b240e0dda33ba6311111d89add40f15109c72d38a940f2aad0997c4e5dc1907a8c18c51734a9ceb346060790f790873f219abb3271b2882d02fef942fe701368be4deda8a2ed9f06810b4c9d72937e911464a17c8cf4ac2de05b21c9af69d79608269434313904725c901
+	C = 01aebba21db1f1d6c2952e32e2c88dd39a550bdaa3a5e64c3da463d985881acc78335866345dc817669006515931c317f8c2becdd31c986e10a3f372b2e387543ff4f21e8b2fe68f5ddb6ba542cf5ac1ded019b72acdbf7c74720e03eed22a40693b4d434276c5a1f7fc9383bc31d9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4e1714baa8d5ffe49cc8e895f3d9ab5d48291aefb442591fc83873043291b2915e0f716ddd1f5468d9daa33c8d9223fcba53cb47e254796560fc3b74819c53e0f518352f639bdfbfb1194f07c95d68c914453730539e7468fbd9d6d691516854a5dd299a295d6e9553e9584820108d
+	C = 01aebba21db1f1d6c2952e32e2c88dd39a550bdaa3a5e64c3da463d985881acc78335866345dc817669006515931c317f8c2becdd31c986e10a3f372b2e387543ff4f21e8b2fe68f5ddb6ba542cf5ac1ded019b72acdbf7c74720e03eed22a40693b4d434276c5a1f7fc9383bc31d9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 03dc3421302f438eb1e7fcec671cc0ba28fb06dbd2ed204019a7053b2e1a6f78b98df267a969b5175ecd81993188a87dcd87a1511597a85852a6fa36cafe7326a4007f3bc9941af99480692d4a62e8c0e3c7f42516af9ba19c8bf504609a27e8eddaf022a4f7d2105616c34e06d690bc9d0289024fa7fdb7084c69bdd7ea0f64ea7182cee2ebf2272adcab304b0ec9d827f89a76982bf00e33645187de55900e6a8b9153d382669e581c83ed514a345ad58fd8908bd64cfb6ef2bde90ebc81953ac03604771a908dd2116ca3e0480322d3d1bc02df2cd0595c81f15e888d1494e31e07b2a5ed2cebe3dd90f3144e4290f182c78962395d34e01db3a5dfc916d1
+** GENERATE (SECOND CALL):
+	V = 4fc5d05cc687f1bb5f5e16c8d6a23930e27e26ca57e83f6c05dcd6ddb819cd5dd642c9d4117d1c80406aa98de6c3e7d438fc67225ad8f823fc8dd8ca255af7693bc542ed11ad58ab386e172989143023e0982832fbc736d8d7f82cc03d8c48cfeea55ab98bc905f3b18290788b1905
+	C = 01aebba21db1f1d6c2952e32e2c88dd39a550bdaa3a5e64c3da463d985881acc78335866345dc817669006515931c317f8c2becdd31c986e10a3f372b2e387543ff4f21e8b2fe68f5ddb6ba542cf5ac1ded019b72acdbf7c74720e03eed22a40693b4d434276c5a1f7fc9383bc31d9
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 9e44fd24e7e42b3827eb3ff48c28c2052ff73d6f85117a46ff9cf72f1b33839b
+Nonce = a4670150baf26c8110a9536ade1e125a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 32ef7a3a2bf3693ca43596b9511fd74c5e0dd865c2e5340c32a7d6f98dd9de0e9292678960b063c5ed27f9048fac57bd32ac76edc36a8322a6dab545d8185cb97f60cee9d7b9403862a93d9feb50f5143f47b35e3bd29767c8cfb6c2682f17c0b3de384a594e2d8687df6033d0dc71
+	C = 833b09715fdfbf8709785225c0202c1c6cc722a122403d840b7e2f37bb2774663b1d12af76485003927fbcaced8a32f502b64bbf336a8a39def6cecc8e8258220c8ddf3719bf80aa29072aaaf70e1a0560023d5ff539d1fbcef8a20e1402ea35973aaad33faba4ca9437265b44f80a
+	reseed counter = 1
+EntropyInputReseed = 508a8e56c4a1ca0a41223d7594b7d9720685638869df4811ff99a0ae22dc4ce5
+AdditionalInputReseed = 
+** RESEED:
+	V = 81f790829131c504db30bc6be0db31a10596433dbb7d534028fcfc0d213032028897c7346013f4941d44185ed775b1e6832d93914f65b9674995e195335e5ab0069010e6199ca31b821b61b54466dd6a100c9737670df46116edb842e3440ddb2b819de642af7ada289d61c150ece2
+	C = 362474a3d557414332ec50941b92a065e740380d612e6be8b8f2c3131b93e9ff4d518d890011889cc0bdd11dbc9e111ca9c0178a87a88797fb2eeb0c9977cef85d4348485f3e98de0f64621526324706145c15f5897c058d6d883c95a9129cad1dd0392272284903acff4f7002a08f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b81c0526668906480e1d0cfffc6dd206ecd67b4b1cabbf28e1efbf203cc41c01d5e954bd60257d30de01e97c9413c358c4c2fa72e948df85a3098f2685ab7e5f047079bc6f3c887c506d69b4cb5bbe6a1816bc68c7c73969afd0240fab14f7f2a3daad52722363ea798ac384067952
+	C = 362474a3d557414332ec50941b92a065e740380d612e6be8b8f2c3131b93e9ff4d518d890011889cc0bdd11dbc9e111ca9c0178a87a88797fb2eeb0c9977cef85d4348485f3e98de0f64621526324706145c15f5897c058d6d883c95a9129cad1dd0392272284903acff4f7002a08f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4fdbe1c93a68c8eaef00324610e3d919d81d390746627a52a84f5d8b9de8bfd5563145160158a6f5bd22830584d88da36127f2f7e00ac89c8dbe548633f5d6b49f287d0684feb5528a48beba5a5a70dc8cfb28f285e580bbeac0248c602a5f8f7cfbdf5b44302472d420d99ca01f55b8b114a65ed980d24f90ba00ab01d59c9e844b9d02f56481ab53847a71e1c66bff7a195321a7bf57a2581126c400f6a424550c424fd2d3e133ec09262992bc09449606036467cca2a51315f79b5a4f3547a681be388b31b21d27100f525106a9c0199dd5c538cebf6ab26b0a9720314bbba7c04a7b4403ef61c4dc6fcac134004e6facdfe933a74a63a2adfb05734a871b
+** GENERATE (SECOND CALL):
+	V = ee4079ca3be0478b41095d941800726cd416b3587dda2b119ae2823358580601233ae246603705cd9ebfba9a50b1d4e250d45dd3a81495626881c810726106d13b35543e468ed03fa785a49d211d3765fca10d240f0c7355d7aa83b6d67a5c34bd735e44e0f3d8c79242f7acbdb6a1
+	C = 362474a3d557414332ec50941b92a065e740380d612e6be8b8f2c3131b93e9ff4d518d890011889cc0bdd11dbc9e111ca9c0178a87a88797fb2eeb0c9977cef85d4348485f3e98de0f64621526324706145c15f5897c058d6d883c95a9129cad1dd0392272284903acff4f7002a08f
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 24d5f398b39e55494433b83d8d3dc00f2f3416dbb4f3e0dd2376dd1b16328676
+Nonce = 5bca3eeadedf8563d8620e61a7c7b0d0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 717e5a4c98ab0f3291386a54908e927a73873b711ccb43228d463600978ef6e8f49097acdcd010ddd0275f4813a64940eaab8070bb66658a5fcfde343ad4555f2f6416afda47c73d8a4c19d424d40b589ff917ee9c765fc4c63dfaef05c0dd053e452c4c9d5af6b9be955cca82d180
+	C = 1404e3e3c58dafd110a37f1af212f1c316ebf64780f17033448a72b3b276df3115d7a6111ccf94a78444a8826256ddfe72de5965c00aaca5e2641404b61e0f3830c223f3b3b436c92dd7844c789b8fcc5fa9219f09ba94dcdca9c94657cba62e8719e8dda94d29bce1565558e83957
+	reseed counter = 1
+EntropyInputReseed = ed36c59e31b921a0b3cd0c2c2250ed104b30ee40d8b703fc13dfc7abc1b9c261
+AdditionalInputReseed = 
+** RESEED:
+	V = 0a5f88897cffca57f975bcaf4367db73c8488501770311fa459d6c7d5d0689b2bace65cc8759bd8977bbab50762a93cfb061f5ea8d200a8125fd814d5868f4577f1f564c9def4e404f82dfe2757ec3826d7f96ffeb3e609bbe4020f6569129531e61609de0436c85bbd93dab0a726f
+	C = a8f24acfeb58829f5825f79f15f97a7da5a4645bc9ad25fd95389330db0c549c9f64d4d0305527703c7c7ff055583d88f5ddf5038b3c11f27dfe9db98a6675b6a44900747184ca246969399ee49149005b780cbdbfe4f7bb9958b6633ae1e914651a3bab9e32fa58522f6fb881662c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b351d35968584cf7519bb44e596155f16dece95d40b037f7dad5ffae3812de4f5a333a9cb7aee4f9b4382b40cb82d181630b23937edf7e01b8fd987a8691ba47fc6f02353f57557d17d847f43c9331e0b46dbe8bc94bf5517d0f1eb9a5e7e52dc2911dc1a40ad07c37da95d9af5f85
+	C = a8f24acfeb58829f5825f79f15f97a7da5a4645bc9ad25fd95389330db0c549c9f64d4d0305527703c7c7ff055583d88f5ddf5038b3c11f27dfe9db98a6675b6a44900747184ca246969399ee49149005b780cbdbfe4f7bb9958b6633ae1e914651a3bab9e32fa58522f6fb881662c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = dd03b7b6836818c603668f1967f2ef012e277cbe76f9690ae54326cebc2a1e2fe6b7e57ae4cf93e8229d311fe66f8b467cfd9615c8cd2bc799a8be942822f44f4f6d0e6ab16218c7562e0072f7bcf28effca89ee29de618c5c60fbc20c817d394ddc03672e7dd43294372c2e84295436c051c297d2c6719ec7b40806963db2d7d550888c8a6baf7147b65b4b85416e587bbd072d7ff6010ecbbe13857e3edec85314f4ba4f7e0626339be42b1f26bce34a987ca81027664a3cfcea4291f110c0177fa10a4e318f31cf0caf0efeaed9845f9c28c88b9061f55369a579a9cd004769dc6846cd375dc8b83f7117297fb654f9de22c6b1607988fe926ae522e1871e
+** GENERATE (SECOND CALL):
+	V = 5c441e2953b0cf96a9c1abed6f5ad06f13914db90a5d5df5700e92df131f32ebf9980f6ce8040c69f0b4ab3120db0fc6f3dc84e5a4b440d74246de6d6f3fdb718149692a59687a7bda61dcd604798c7cecc1f11770d30634e43a2223a739ac047354a437c0d0494b42e758787d251b
+	C = a8f24acfeb58829f5825f79f15f97a7da5a4645bc9ad25fd95389330db0c549c9f64d4d0305527703c7c7ff055583d88f5ddf5038b3c11f27dfe9db98a6675b6a44900747184ca246969399ee49149005b780cbdbfe4f7bb9958b6633ae1e914651a3bab9e32fa58522f6fb881662c
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = e79c4f1058cbc8749734ae9b433ef9dcc9030292a7c1b1d33df265ea9c421aeb
+Nonce = 3c25c16ae96406f4cb4da908030f2cd8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2784eed70e82d6383afdbed36d6e0caf73e7ac0b335b0b72cd2478158f0c75d76488e5fd7af1d3973a970797f29569ac55ee2675c70fc3e697545f6869d502516b859b46e9f06df2657871ac4de939b0fe081d5638268a928fc60b8bad0220c0b44faf47f40424a60356936558c8ee
+	C = c69e1fe5c4c2a2798ff9e4720d181cbfe3db99620c30f6a7465a604b31ffcd49672e33dc23676b7638735d7072c8f2c37ba147121f093181fe838c79d0337387de8108af3d34a99abde4b3a0e871c279074d4639781a63f6596b4b2ee0bf48463c77e65b18af6891c8b18e60a0b3e6
+	reseed counter = 1
+EntropyInputReseed = f070fcc47f494e247cbf50de216febbd7f2bb4df49ba20be6188352875007f97
+AdditionalInputReseed = 
+** RESEED:
+	V = d41488c160ca418fe37f643f750c946fa5c7dd21ed79114399b4a620ba5ea12e3190e54babdcf41df8f9c5aca914c044bb0fc0a6ba1c1289ee00ea6afdc6aeb3cb4df6d50f70ce200ec38ad19725486d633f44e69fd960dee70d5aa36517747f95dfbc7043d56ae1fd174bd084adb0
+	C = b1bbc236819f57d1b386755fcd5246d72a995b0f173b1e95ab9b6087717bb17c2b5201b54ede6cb26c05954841fbaf93dae3aa4eca9feee488fa0daa89f44c5e986aeb834a74b6d0ebf15caa48b8d3c7a5359a47d298a9fdfd2e67ad29763a0c128a94fa2137885e52e0f69b2d547d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 85d04af7e26999619705d99f425edb46d061383104b42fd9455006a82bda52aa5ce2e700fabb60d064ff5af4eb107054103e149f07329595bfcd9565d13fda5be488b0e74c2ccbcfed13b8fc79841867119a21ea88f2ad1e58fe78399d8099e10386e40be00eef3b2210fcdd80f75f
+	C = b1bbc236819f57d1b386755fcd5246d72a995b0f173b1e95ab9b6087717bb17c2b5201b54ede6cb26c05954841fbaf93dae3aa4eca9feee488fa0daa89f44c5e986aeb834a74b6d0ebf15caa48b8d3c7a5359a47d298a9fdfd2e67ad29763a0c128a94fa2137885e52e0f69b2d547d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8195a0f6eadb8f853dfa10cd3739a33bb319e10da6a5fe51d4b3561e0e82b297ffadf9f603cdaa3af521823accc513682c07a25583869bcf79687834e103885c9c3d4dd59153b6ee9d6dfd46bb9ea558aac90907e5ef72e4f3bff222087aa53cf491b436672f569f8e742bcf23d06eda1a15a83bf5bc3b039ff9d49e2b6a330ff47e9e99dd6d272810443b01cb5b7400ae12a35288b6df857f7475f8c382094651cb8f92f2b56149747b6ad2e3bfad45dcc5141b25d00413b4e2a2eb27bde245f8651d597c862126852dbebd5344ab44ad6300e5d7bba78e7cb6a9d50184fede6631f3a1f4936b25a07135137c1b5d3486a4786b3510f1c140d82bc503a1cc69
+** GENERATE (SECOND CALL):
+	V = 378c0d2e6408f1334a8c4eff0fb1221dfafa93401bef4e6ef0eb672f9d5604268834e8b64999cd82d104f03d2d0c20022432b9f0bea1aa2e9630875d3dce2596e421535147989e7c8872df4caef64f7e0982431301c3ec10634c88f1aa3d575794cf9f726e5ed4fa22d4ecc3cc3393
+	C = b1bbc236819f57d1b386755fcd5246d72a995b0f173b1e95ab9b6087717bb17c2b5201b54ede6cb26c05954841fbaf93dae3aa4eca9feee488fa0daa89f44c5e986aeb834a74b6d0ebf15caa48b8d3c7a5359a47d298a9fdfd2e67ad29763a0c128a94fa2137885e52e0f69b2d547d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = f5c0107946da1cd32222a14c3c48b934b0abf27b0aa7af72f52abc9aee6840ad
+Nonce = 340158e3ed4cc4b04de079959812831a
+PersonalizationString = 
+** INSTANTIATE:
+	V = c67210560d3c1e12a0e50632142873896ec45ce3ebfb667e23db5c19e1a0e4ddff2c00a34d7a30707e8d2455169d9fac689d661dba25c60a59b71f28e3cb14a0901228044d67000f09b08cb7fe2d03cbda7b4b46ca7c644a7ebd964e63e4cc95ed9e1b63ea580fb865c3cf3ac63613
+	C = a941d0592a85c64ee25dd895a40341438a3e6a373743dd439467456382f6297a2d52e29ab19c254a25accb8656b8211b85a48dbd5d04525366175f558a3cf37639ba0cafce518c588ee60d88f3bc630b62406d4db38512ea657cabd5a87eb509aeddae631127adf3cee1f996656ebd
+	reseed counter = 1
+EntropyInputReseed = c75b58f91a47636cc393cba6b6dec3b938bda296c35624a1af2681781b69d03b
+AdditionalInputReseed = 
+** RESEED:
+	V = 65031aa16a7a039bb00219fe3d70bba00f0e5d7f16abd7ce2a1f61b108f15419654bd7c66d985a4bfcc650d43643b423019e1268d4e8dd714950cb2264607a5c608e2981f230ee8758f17b4cd40afbb5aec97e20c59808dc054172235c6da5a7ad6394420954a393aecbc5b26569e8
+	C = 7a32ae24c1dcdad8f726fe0a8c0a523129c01bcb73448841a31efd9628071e2af4eb79345832894af352be9bdbc1a5f4661dab0947be1ad111bee7dad0722db319c2fbf01dec2c30d6da4fad58491a5e469172413e6216bacfca7bf1af99c0f98ee227a0ef359e8e277bebebfa72d8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = df35c8c62c56de74a7291808c97b0dd138ce794a89f0600fcd3e5f4730f872445a3750fac5cae396f0190f7012055aa38acd7d3c3134d9c298a45480c2c8fbe4cbe5de351946abafde4793f2f38d70d514db57eb51a8d8647570d664a99473ffe5a17e3bc2f26bda158babf2ed7093
+	C = 7a32ae24c1dcdad8f726fe0a8c0a523129c01bcb73448841a31efd9628071e2af4eb79345832894af352be9bdbc1a5f4661dab0947be1ad111bee7dad0722db319c2fbf01dec2c30d6da4fad58491a5e469172413e6216bacfca7bf1af99c0f98ee227a0ef359e8e277bebebfa72d8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cb3765bfb8ed0882cbea7756773bd376fd17b1bd819df48ba2deb0be8b2f53d384f13cc50d841661a72cf9edf4bb26f595e2bc9ca42dedae8110b3f65fdb494f8f06dc35e9d87dbb7ed1ce3d50c59fa4e7be8fa4732c9dbb6bc25754e845d1a6098dfaffd6c92ff62f994ceb743a38c15f5ecf7548f907278271f5b4d4eeb04a959d54b28d8fc21f2f57c01c9ebc512df47fd7e0ae764d756bee5ab15274a5bc4aa84c35faf046c5cfa2b842eed839d97eebca9e4149a1165afe867d1124fc941a4503095f9926918e6102361faf15923ea350c5632984652e198fb754bf0a7140fe9bde0bcfb594c6ce510799ba62d62b14de733da1bba2c22b6b37e75a9ef2
+** GENERATE (SECOND CALL):
+	V = 596876eaee33b94d9e50161355856002628e9515fd34e851705d5cdd58ff906f4f22ca2f1dfd6ce1e36bce0bedc70156df4d5f0ef61b35ed88fc90691b7ccba46302a065d157394ef8f56617c9674ed2dc8fbbda0391104397eb366337d7269e1e358e0a380691e3e32250d4f87442
+	C = 7a32ae24c1dcdad8f726fe0a8c0a523129c01bcb73448841a31efd9628071e2af4eb79345832894af352be9bdbc1a5f4661dab0947be1ad111bee7dad0722db319c2fbf01dec2c30d6da4fad58491a5e469172413e6216bacfca7bf1af99c0f98ee227a0ef359e8e277bebebfa72d8
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = fea401ca14f8d0bfcb7c57551b748a9347e62340267ed6fc0955ae5fa054ee0b
+Nonce = c3e0debf7ee875ba26af1b8b0bfce58e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2c7b607bb263b9782edc5732ca8614ace7b84cd6e2bd85eba1f6b277d7ac05ea4f00e0384fa06939d959c86ab28b76fbaa0935541510769f594ea5ee6abd6b694d4b368f5f4cad1d97403368c1c9f4bf6444cda0d1d73f82f1902da8e91e439dd4950bec0691efb31c4dfe394306a8
+	C = 7ed528c5f2e3d99c8f293b8d939ae358b8f28a4f92860426d9d3f0e558a8fefce1c10df262296a47c5dd388b36b7746756bb4f1a59e2bd78e51825e9b7b7fce5e382d3bfa06dce29fcd0622497c95dd22d829e6bc853f1e91e2827147b29b55d4abb1d3ae24e85f911c9314bf1f01a
+	reseed counter = 1
+EntropyInputReseed = beb63c936967d083d40c508d5ec7011ddd778e7fb1bc7bf7a8aed92556f8a94f
+AdditionalInputReseed = 
+** RESEED:
+	V = 4686b4123eaff7ccebaa6064d121e953d2bfbefcac44ea14eaa7297f4edb67b4de14540311885cab3d4f33608d6b60dc0f7c49e68334394618cd38c2dcdc4e95e2a9e1fe6b3a247dbc00fb8b9239540c1bf75c87f7172def314df5d2c3e37ea3dd5307b53ea8ad676f386887f333ea
+	C = cd99e194158a4f2d8c6c0a08b1300153544ea56563270a0408cb226067be5e5dd4f822dcdcd00f2c91b6ef99059dd7a4dc50c48db144f84e8864cc175aaefc97f01cdf2e3455290deef9bc96f66b58741848d823d0895a2039e16e7c530036f9156eb0d9bde6712ab22ca52e942e77
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 142095a6543a46fa78166a6d8251eaa7270e64620f6bf418f3724bdfb699c612b30c76dfee586bd7cf0622f9930938ecf3f7b5fed8c01d3bf6eba6c34be854919f4e463adebb8e24d344134cb89322735e40f8b6e2eae56c4766487edc9f0390bccfb611324d19d145f62473024dd7
+	C = cd99e194158a4f2d8c6c0a08b1300153544ea56563270a0408cb226067be5e5dd4f822dcdcd00f2c91b6ef99059dd7a4dc50c48db144f84e8864cc175aaefc97f01cdf2e3455290deef9bc96f66b58741848d823d0895a2039e16e7c530036f9156eb0d9bde6712ab22ca52e942e77
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 40c0b6052846642bb170e025414032ff3e5f5c134297033af239e5229b53d8869f709bc1515a47d57c9789783ef6d23bc4ecbac7520cfeb84f7b770cad869babeb68ebc31276197ddf405d7e9f97b0c7a6d76096347db0ee3e6fd1eb96678a3df1b28d421e13891bef0b3d8c56fe027aebc7966124bcbdeb6605ac12d882578d6cf8d83f40f76ebfef5f2b55d33f8488ebe76da9738937afb6d1139b347792edd96731c82ca7878cb8e02b19f9b81c15c3c20870cf3874fe8e49ef2a62a1f974c9d9dcb198d3c57440742c9ce2d3713305bc5e61161a208cac18ee53af28f4807af0ce705a7b27c7623c9fae695b813febfddf20005d9b204d12fb5ecdc485e3
+** GENERATE (SECOND CALL):
+	V = e1ba773a69c49628048274763381ebfa7b5d09c77292fe1cfc3d6e401e582470880499bccb287b0460bd129298a710e63ac7c427549263f8d0d745f798958973d18ef081f67fff5014b9c721839dd83113ca37c5c6db06cfd008602ca83f92f1c35a6bfdc1f8d9909a8c0a382ee29b
+	C = cd99e194158a4f2d8c6c0a08b1300153544ea56563270a0408cb226067be5e5dd4f822dcdcd00f2c91b6ef99059dd7a4dc50c48db144f84e8864cc175aaefc97f01cdf2e3455290deef9bc96f66b58741848d823d0895a2039e16e7c530036f9156eb0d9bde6712ab22ca52e942e77
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = a6a795b575654571853ed858ef8f8b250fe7a6b62cba5eeccd3a26f9ed89c2a5
+Nonce = 0b2b965d6641f57216c331485a21ed7c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2b4bc8eaad2a733c4a62556d8a7555411c263ef36893afe07604801e1f181e4aa19d24f43e8ee9c4079c37891cae720b6209a0dfb2b2bf98406d21996c7e9945eed6182057c67baa779ba8bdfa05e7d1f20e9ec5a08a7e86d2b0dc050adfae4d8a2d5d8ef5479da35c08250d97041d
+	C = dcda49efcd3957ce88eeadf3209f314a9585c609395565f52256837835d9c6f1ea17c4ea4c5c517773a0a31b99bc73039af98f21cdbc3b2579898fca7517d20687726bb9bafb5bed028210067db2cdd998687a1010ca42aaf6d1ed38bea7a26fb2008d5b7b016c3a3c25393d406337
+	reseed counter = 1
+EntropyInputReseed = daf3a59d697dae18c0f450501bd99605039bcb17711fe980f39363ca3e8c6807
+AdditionalInputReseed = 
+** RESEED:
+	V = 6e83537f9f3fffe559e10167a990c548bef46346489383bfb4a90e9c58a20d9150bb909447501efc0a54ac1d3e99692cab04981d388842a8343ae720e808bf71c2d9bb488f0c0cb5b324d266e2cc08f7ab40c4d30756f9e700a528dc580a4dca6e6a9f7eadf6e0c7a86093995c5f50
+	C = ef2708518e73fb954a71ad3ad5555231d82290fc68cda352a7420df7c4d5ceef576ad51b930d0bbe6c2ad9e979a213eb959a2e833f69a54ae6018dc75514d0e7ee222b3a1e019e60e75dbd78f5b9ae57b8cb95cecd0188fb80f236cba1cf7c93d5a3a0031d9d2f0f46e605ecda616e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5daa5bd12db3fb7aa452aea27ee6177a9716f442b16127125beb1c941d77dc80a82665afda5d2aba767f8606b83b7db7beda2274376e72b46efb95a8d8f8cf25c4b3d844c9d93ee10dd0b1a72e2d58da86622d96bcad8bfe4c2a9850929e58fc33f1f947533f1e5352ac8d99db21c5
+	C = ef2708518e73fb954a71ad3ad5555231d82290fc68cda352a7420df7c4d5ceef576ad51b930d0bbe6c2ad9e979a213eb959a2e833f69a54ae6018dc75514d0e7ee222b3a1e019e60e75dbd78f5b9ae57b8cb95cecd0188fb80f236cba1cf7c93d5a3a0031d9d2f0f46e605ecda616e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8b6531af0640382b8b84f069a60f8958c938700749871ec11625b370c9a4138aaacf16f8c76b2872e4d3bacf2332113b00a74cd328fd78950239298adff3af1762145bcc4b2aa7b255539094c478934b088605cb25cb63e22bb4368624e46b4ff63599ac94989ce5a646b3e4a48039bb0bef88414b86b5407a85a7ab3528e50eaa89848e8d1722cf298665f42041a798be428c9378f31336b0e2f1f3ca8129b7e786cc1aa835ed74a8cbbfd6d244145f789fef39cbff8b70741008616d9c1dace9128ddbaf04274e3bdb49d36977d9cc30fbcddbfaad8315302d1b099207fe8d6198664bab24e10ee6da68a5dcf94d117a1da86dafa0059f4bd901efd4409b01
+** GENERATE (SECOND CALL):
+	V = 4cd16422bc27f70feec45bdd543b69ac6f39853f1a2eca65032d2a8be24dab6fff913acb6d6a3678e2aa5ff031dd91c26002791824be8c38f3d47524a4c0b693a9c8e232e2b9dea28253db1f265fdf98b1d39103c28832f65f221b90e9cbe778c716a385c37472f68142eacc5a249b
+	C = ef2708518e73fb954a71ad3ad5555231d82290fc68cda352a7420df7c4d5ceef576ad51b930d0bbe6c2ad9e979a213eb959a2e833f69a54ae6018dc75514d0e7ee222b3a1e019e60e75dbd78f5b9ae57b8cb95cecd0188fb80f236cba1cf7c93d5a3a0031d9d2f0f46e605ecda616e
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = d7a3a0a2909d015b1a2e99d4a6806f8c91f2903e14c1515ca5cafc4d71cc42b5
+Nonce = 8ec85da24d6e236bcd741d6379a3dbf6
+PersonalizationString = 
+** INSTANTIATE:
+	V = bafe98aaeabe6ffa7fe0eb669bd08de73e95643edce33ac14f64c342dd50e4d2e6b1d019dc42e0314f832889fc52fc99b9c13ea4b74d2cc216a14b9ca8173281199628bbdd5b021224ebe031e08f308009530c5aec367883e03a94792e8c090415fddffcc029344901a69e336de57d
+	C = d3474077d2b38d2d52a1cb91aa422becb1553f01d7d70a463e6ce3b48aa9a4543393214afe4f3b66417c58af0fcc84edaa74ff4b0d15b9c01204f47e3d546aa12c350034366193e6f9c050529f9e940c53c0588fadcccb28368ed66063764b69a1d9aa249a217c551de7a98459c18f
+	reseed counter = 1
+EntropyInputReseed = 25b095fdc34392d29d9739158507f35e7f544570def1bf7c1170966156cfb0f8
+AdditionalInputReseed = 
+** RESEED:
+	V = 2ebc4b63d05b4bc3998e192f042f45ab936bcbcb29aa384e8d3a18cd54d27bb173544192b6e30656cf68177b08312cc918725ad35b19e9dd70cac89ae9ede409e84859b4075c02ac02919d06829c71ed5d93bb66dff9c6f393d0a4984c4667f13977cc03396ada0c83aa88b197df51
+	C = 4808d907381bd9d043fdf618c0bb4cfab343d33fe222a59303d96cc9271982cfb015ca71e26f915e4255ab72618f30b4d46a22990550d0fd8329ca93852b3f886eb4148f41cf6ba08ee7f0d5cf3e21dfa8687bcd040e33b80b0d102ecb856966b940f65cfcb4c432712806676a7482
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 76c5246b08772593dd8c0f47c4ea92a646af9f0b0bccdde1911385967bebfe81236a0c04995297b511bdc2ed69c05e3f3003486c02bc6e4a88fcebe92e973fc3fc046848c6cac824cd8aa51953d87acc4d19716d3e6102a01d87bb826cd480e7237d67a56e17897b40b0c3dd014699
+	C = 4808d907381bd9d043fdf618c0bb4cfab343d33fe222a59303d96cc9271982cfb015ca71e26f915e4255ab72618f30b4d46a22990550d0fd8329ca93852b3f886eb4148f41cf6ba08ee7f0d5cf3e21dfa8687bcd040e33b80b0d102ecb856966b940f65cfcb4c432712806676a7482
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 77481090f55dd65d46cd20a933f07b06c61e6c8419bcaa825e1b47ff6ffcdf1c5d320a333600edd567794462c98c7ce89bd584a10d0a9d523cf8b850efe263877fcd3eadaa45e6924e7e78292233274387fa675d9f5aba14ed9cf7aedbe60a66f4cdda180cae7d1b3a492b7e46243c3dc8b9c7bebd7fd6876febaa66cac9311f390317c24f125ec300fe28f000b59f89e767b670f13c4de068923bc73276b000bf62607be9dd8ab2beca1aeaf91359b4b9fa484847494ccb0e47913afe681eaf48ea28641001f49048fc254103aae5e643ad940e3d4cd5ae3af7aaf9b9b6c8ba8651a148bc0a0c705230e02a71f2a4c839ba9e49d79c2b1174d3d166c3f2cbd2
+** GENERATE (SECOND CALL):
+	V = becdfd724092ff64218a056085a5dfa0f9f3724aedef837494ecf25fa3058150d37fd6767bc2291354136e5fcb4f8fddb86ab81e01d28be36c3ddac4158288aaf9869055d28303fbbf8592c209e874c0e4179b9330917fa2ab6e0aa84b08be0cde5367275bc343331fb021b4358432
+	C = 4808d907381bd9d043fdf618c0bb4cfab343d33fe222a59303d96cc9271982cfb015ca71e26f915e4255ab72618f30b4d46a22990550d0fd8329ca93852b3f886eb4148f41cf6ba08ee7f0d5cf3e21dfa8687bcd040e33b80b0d102ecb856966b940f65cfcb4c432712806676a7482
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 4f08809489b2bd1f07547ec350e83447491d788c6007c7edc2cd4c64a7134dc4
+Nonce = c85f4de70bec19486d463de79a501233
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3c30e3c6a9a24d239ae30daf459c51e7ce300faa8d84e1a985d18083054b678bf7058b5ac4e92dc6d8f5243d2ba66fb4aeef398d81c9242dc38e0e15c4a8bcaa69745177166f0058871461afd9cbfe224e44b8830134f181e6591491aa2a65a0146bea4a960d33206ec3e801a597c7
+	C = 9401be768f2b128f12f53ffe0a3861aa78e19053b1392d859f77cbfdd65bd49e845593acc1ac222eb70310a55d9d01a5a73557ea31dc66c5ceca7a5f4acb1f6be3f65eb88929a4bb7de49df74ddc8102287745dc0529bc71e3e4564ce822a70f5449f77b868025696265e949a5eaf5
+	reseed counter = 1
+EntropyInputReseed = 32caa7347f7dce491895445721269f2bc57faf64defcdb71eda96c8a96d98925
+AdditionalInputReseed = 
+** RESEED:
+	V = c09c158be092bfbab88b3d1b0c82a657f24d4ea4556751cbdde4ee6de21aea187bda30b8f92c1665d0fb05a71aa57ba5b2840423100952738c60c968a82c67cdd5f2fe11ac3a7cea21b9868230f5b12c97b5d459fb5aa2f0978d2a5b837a0abdb9b2301c589372402ac7fc90569aa4
+	C = e0ea1d42ef03e0cef68740f4e2af960f052eeb58b341651be38fd13bd4fbbfdeb2a24a561d04638f147890858dad959039da75dfc3c7ba16b9b97f97c8194c0af5e5ad41b84b8c85b870de7d448ec9043930306ba418340c20415c99d11f37280b6734a4c64b620ab65ae1d6c4f84c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a18632cecf96a089af127e0fef323c66f77c39fd08a8b6e7c174bfa9b716a9f72e7c7b0f163079f4e573962ca85311ee9027ece48194d6fe47e9f625aac54ab5d7c1ac0546d0b78a021b95f1a8e87a2e6783bc5f11c7d7cb5368a3473a9035f80e02e4b6571c2e49753176f6a6d4ef
+	C = e0ea1d42ef03e0cef68740f4e2af960f052eeb58b341651be38fd13bd4fbbfdeb2a24a561d04638f147890858dad959039da75dfc3c7ba16b9b97f97c8194c0af5e5ad41b84b8c85b870de7d448ec9043930306ba418340c20415c99d11f37280b6734a4c64b620ab65ae1d6c4f84c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 642e4e40aa2e494e28a9aa794007703a381a0ecf961133d519a51d306efed03c4c441fb1bd339787faaa798e3cbc0ca8e81006a923eb8453c339caece24d35ecad46f49788ef960d4f8db6592be31f06123e2655cbb751b19cfcd12fcc03d1fddce53b6dcef8cfb676831a9d8945d4e4d5b21697ee140847d4530ea6d4bd3fa61e8b3f6c5af07cfbd35231146e62e0f0fdbe2e5b32222c7ba488722dd1424361f7e13407b397a35b0c551800b5c15b311a14024a8e1351e1ebf5a5ec8f8907fbeb501ec5bfac31c2595df7e64626fafe93f007558ea245ac64f9d02b034385a726f14ba641c0b076904b784b8410a94d5e2fce62678389f8d5ab12aee78d38c5
+** GENERATE (SECOND CALL):
+	V = 82705011be9a8158a599bf04d1e1d275fcab2555bbea1c03a50490e58c1269d5e11ec5653334dd83f9ec26b23600a7f277dfcd099e1df6a9eb97a4a9d08f62091d2042cab0cf1943488fe26b7eea1b492a1eef6bc05ea252852b59b1903447391436664a26601ebe1556b98410fa32
+	C = e0ea1d42ef03e0cef68740f4e2af960f052eeb58b341651be38fd13bd4fbbfdeb2a24a561d04638f147890858dad959039da75dfc3c7ba16b9b97f97c8194c0af5e5ad41b84b8c85b870de7d448ec9043930306ba418340c20415c99d11f37280b6734a4c64b620ab65ae1d6c4f84c
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 7b259b5188233e839a439253b4c425f67bfc54112b49c824cd4c8c71a1bf3a23
+Nonce = 4d60f38934108631a370032e9b294fb0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0fc1b7f0b57624e61920cececad529718b0768074fa551a0002c198778f8f00780902208c40643342f778ff0a7fc0872d7895fa60cf3ec813777b962d6f3c2c39f97385fb57df1da578945dafbcc99409e2e67edc73a71dfa1af11ab8de95aa92eae350aacfdd51c0fe91731c4b429
+	C = b950238ae7e72f4a437c80652e1c79083c727141238e76827f00a8627abf7a303394a69b061a4e53eacf8c5ef74973792ce50f91dea188dcde60b3089e0920603ce5fd6402ac6cf63dd85a0e13b0eb774779de5e1cda972133ed5aab1c1061440a99acf46a6fbdf4568b4e08794a0a
+	reseed counter = 1
+EntropyInputReseed = 2f6db8958971d55995756147826d03b067fd6d32890b392fee53d3fcfe15e98a
+AdditionalInputReseed = 
+** RESEED:
+	V = 22c3b2e86e4de9dee55c625cc42701292a6ebd0456772c13f3cfaef7710edecf9407f6ea2fc79805edd24b6fafe440d30feecd0c43e8d2122b40064de2ff499774a0353c66b7c8bda961b994ec9cc38937afb44bac75890b68b7af15ce850dd0511836730bdcf64775aaeadce6d89b
+	C = 0cff82f4f9c210580b7f82712234a3bbeb2a0ba810fda08e8d1abd627d2495eec31bf03bea8f56dff431393e4d5d7cfb863d1ae5062dcda6ea48198b37e0235f4acd6b83124030ee3d356deaf7fee0b299305c162523ee20a63c21c01e173cd0a46f034df35997158fa9734dcf6224
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2fc335dd680ffa36f0dbe4cde65ba4e51598c8ac6774cca280ea6c59ee3374be5723e7261a56eee5e20384adfd41bdeec018915fa95ef32e5364922c6800f059c3798d73c7f3ed7f344a1c710afa15a6eba0ba00a4a161c284f30bb7152149c2a6d7bc7d8c68a11859dbb09d9afa1f
+	C = 0cff82f4f9c210580b7f82712234a3bbeb2a0ba810fda08e8d1abd627d2495eec31bf03bea8f56dff431393e4d5d7cfb863d1ae5062dcda6ea48198b37e0235f4acd6b83124030ee3d356deaf7fee0b299305c162523ee20a63c21c01e173cd0a46f034df35997158fa9734dcf6224
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 91021ca5eb7c985613048f3a10b2802cae86548a2e21bcbcc2904a1a92c548629870576e88be5c6e0e3b344a5feee0ddb8ece3b9fdcdb1b2f1378eadf7fdaf8fe1532a4eafddfba9f6b23d8da370d22dad8ea3ec07026cd3967a38758729d1d7c7c2e4e939a3fe58820bfdc774a837c7d5293a3b1ff7b2ff801ee799d8e4f47b2e2b44753197732ae44d35ed20ec09053b420b0c36e402ae5c14dbfeeccbe851912ab53a34858a0eb09ae5a3fe30a2edfa1481ce27ac601445d9f837174534282028ed55938b8041d1fcf47bb68e4ffcc78073b20cf32d60107daa63557e787d8f714bf50bde3fc435af2261a41d447aa7a91657d693fde5b1ea05f18ed78cb9
+** GENERATE (SECOND CALL):
+	V = 3cc2b8d261d20a8efc5b673f089048a100c2d45478726d310e0529bc6b580aad1a3fd76204e645c5d634bdec4a9f3ba77e76a44304f2175e105c40b8b23d8e72fdb69566dc73aa153c87a05be107c5df78f9c6ca91b73ff1c5beedfbd59e1cdb7086b066d2aedf21df4164c92da826
+	C = 0cff82f4f9c210580b7f82712234a3bbeb2a0ba810fda08e8d1abd627d2495eec31bf03bea8f56dff431393e4d5d7cfb863d1ae5062dcda6ea48198b37e0235f4acd6b83124030ee3d356deaf7fee0b299305c162523ee20a63c21c01e173cd0a46f034df35997158fa9734dcf6224
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = fb166642df51525253e85be1708b8191d5664e4cf02e6d3b659e106ae7639590
+Nonce = 386c872274e13c8a539a7c649602e2d9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 06b8819130192b8dd29589ee86bc5498e54054c35d43ceeadc95775e5e63a45e4f0b1287af9b0cea4d09e100ee6c62ec008bb08d7dd6aff64b23c8dde81e55f30381c3c061ce7b98395459a6ae734fc5c68725a296667f670405e9f0eb6aab1c16f36e96ade464a648bcf5d28a203b
+	C = eb3e6e4afba950ebe33b537fc8d5ee423f2fea4830f07048d45f02d704b754fdffc34be2feae5ef62b281a0c3ca95ee3338a4f04138db34a96c34daa985598999eba3fe5939148b4a1297505917c8d0a9361cd77da9f0e9695b5769747e533f18e70694226e0077a11c0e3fa525ec3
+	reseed counter = 1
+EntropyInputReseed = 6be3ba39cf8c8fff904bc1ca5be10736b3e549a57b5b9c97db911d398d51b5f0
+AdditionalInputReseed = 
+** RESEED:
+	V = e2af18c44d31e55b9adb0fdb651686b0dc291dfde268cc98b74cb94e027724b83fad3bab48d9ce8436c80a4b9ef0ba6374052b8cf77cc50f82fc43657664e47d54ce03c16850206290f5d70d6efeffa879c29dacf4fbeb76c1c567eaa960acf6ac159be78d36fddf9926dc155c6485
+	C = 72ced4510738fec0bd4d8a03b5604e0045f8b42dc4a1d066d37c12c5c2f808ad52b155596b138dd33fb97805fd3e245b63d5578611b11f370740d2970b419c73e025447e5db654cd05d6e3f6d5d9756ec3ec68111ca499e0dda973fb4cfdcf7f781ce31ec78f9f2fed5cfcca0c9e60
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 557ded15546ae41c582899df1a76d4b12221d22ba70a9cff8ac8cc13c56f2d65925e9104b3ed5c57768182519c2edf242f1987e829dc251a59eb1de9dfd66940aaa18d57ced2553f898e95a71553a9098dc70a981125dab29127e2309e5a35deb57b683c414ecc9853792a2fab8a7c
+	C = 72ced4510738fec0bd4d8a03b5604e0045f8b42dc4a1d066d37c12c5c2f808ad52b155596b138dd33fb97805fd3e245b63d5578611b11f370740d2970b419c73e025447e5db654cd05d6e3f6d5d9756ec3ec68111ca499e0dda973fb4cfdcf7f781ce31ec78f9f2fed5cfcca0c9e60
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 727c8529531b7cfca4f12dd811d96db928174de263781ab0dfa69a5f3bd8fd51ce1d1f3c0923fad893b07ab6c39d960ca11e8eb57aacb4f90975c1259f5e2daff2f38bd23c3383557b7cd1e7faf9950cf4420d078d0599c6d045ff2f381f6c01266348494c08f12a1bfc3b36e1fe8318646dcaf4116466fc36a6236a4d7d865b2dce885e25ae05b458a3bad69d9ea12cad43f0e13fcbdb1f8cc85ad943cd3f9c33595add02777c0196a26698454c78a6ea1a619c8bf8909e425a75495d1257df0954f1bc6c22d6fbc5bd72fbff3889ace83a77b1960f6e163394593f981f1aecc89f83c221ee53a5541358689661f84492210b88556a30b7c51c68dafa38b0fb
+** GENERATE (SECOND CALL):
+	V = c84cc1665ba3e2dd157623e2cfd722b1681a86596bac6d665e44ded988673612e50fe65e1f00ea2ab63afa57996d03b7e8e7516841f6488dda51007baaaac897919b413a0d07bf6765f378bd87d6c90e8c986d63d593c78ad6ecbf79f1ce8bc16ba2297770345f77886013f884bae3
+	C = 72ced4510738fec0bd4d8a03b5604e0045f8b42dc4a1d066d37c12c5c2f808ad52b155596b138dd33fb97805fd3e245b63d5578611b11f370740d2970b419c73e025447e5db654cd05d6e3f6d5d9756ec3ec68111ca499e0dda973fb4cfdcf7f781ce31ec78f9f2fed5cfcca0c9e60
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 8a0c9e55900b51d4ff443cba402de46fd673eb74171ce4b50f5660b6da679584
+Nonce = 490e999862e742709ba3642d78dfba64
+PersonalizationString = 
+** INSTANTIATE:
+	V = f6b196e673988151473227e40ca6393b6d01b9ffa136b77f28a9993476ad4328ba9ce6f6b0e854a9f1a65179a7fefa2faee8e2b0738991091ec0f50ec7261e85b16a9254837431d41a798cdafa65d0a6c85ee777ee07eeabf454f892622cc2faac989ab7ee0833be9eb1f3948e50b8
+	C = 0de7e80260347006581a91c8f4cae0a8f904cb69245eb4be800ce450742c743f48b59ae75a70c15eb9ac09578818d5ffe313387ecc07066e9f5b9bd7b3ee21d154452798aaa7e39da5e35b4d76d78a0cfce888b169f57bec33944144121081e69e699189d077a5c5f793bea712edf5
+	reseed counter = 1
+EntropyInputReseed = 81612721ff46e55fd5504aca6a48398e123a5983bfd7282c5971880683eac443
+AdditionalInputReseed = c76cf10595ad4d1d95194ce5894118b62cc17900385624aa42e5514fd913654f
+** RESEED:
+	V = dfbfbd69a694dfb7754ebd614746a150f5b1ab19cf78260c1cdd3f8a7dd94d3aedcbb7f55c75921b6a92324c76b22054bdbb08390903327076d261ed05f34bf5024291b4c85337279dbc05422eed7858ee57be7299f934219feb5996c58a30a84869650c4c153ed9f5fc71e3cb9769
+	C = 350aaa4b394c006a595fd91f25487565d715a350fa47a4ca73f63c5c358f10706963887d47a5f6cd122d66f369590e198fb174d21ef3e4f80d4232f841af5446d04401b9c6a9a9f1147c6dbea2759f267b7e0e49a42143a52f1c17a4514cb185503f7fd04f6a25e5eef7ebc5dd20d4
+	reseed counter = 1
+AdditionalInput = 41666d83474e31d45fcbc7f28ae765ed4facdbabe1566febc689cb4cae333721
+** GENERATE (FIRST CALL):
+	V = 14ca67b4dfe0e021ceae96806c8f16b6ccc74e6ac9bfcad690d37be6b3685dab572f4072a41b88e87cbf993fe00b2f7e6209cca41edc6f7b5f2ddb492f92f1391de8106b71b13a9ef2757d5e23d4477a69dffe6f10a6127ee226863c22842c951caf3724e1a5bc6b149cf93d37c783
+	C = 350aaa4b394c006a595fd91f25487565d715a350fa47a4ca73f63c5c358f10706963887d47a5f6cd122d66f369590e198fb174d21ef3e4f80d4232f841af5446d04401b9c6a9a9f1147c6dbea2759f267b7e0e49a42143a52f1c17a4514cb185503f7fd04f6a25e5eef7ebc5dd20d4
+	reseed counter = 2
+AdditionalInput = 6788ff5a93234df5d0856c063ce8d041aa2db67cb98579c66c0b66ccb075e306
+ReturnedBits = 6c6fe076b861fb004bad06965aea3f9e72017ba8a8149fbfea486ec3c8744f99e30f9d8a6d2cc3d36c25c2d95aacb16c6bce083c0f7f48937c3317fc5ee559e3380da19e8dc1cfb4abb7a563b7608dfa237046920cecc505b0ada621189d04afe8239723ddd3fbbef5ad5a596e9b1094365d01361e79066502fd962351da9f43c0bdb44f8ef86d7850df801fa3ac55b358504deb6e789e7697b755fc3844058604a57404dece4d06e76f4936feab7e333261228f75aed5119bad392e645737728b152a7dbf871e3fcd184ae905591676f5de565ae8198d32a959e81e8e567932979bc34aed8c4bf200b0c21f222867310c3752fa70b2545307f00f2d231924c7
+** GENERATE (SECOND CALL):
+	V = 49d51200192ce08c280e6f9f91d78c1ca3dcf1bbc4076fa104c9b842e8f76e1bc092c8efebc17fb58eed003349643e1d878f82b2d31369d1a8821b1cfe93e36c83eb4282b89326bf3a6126e6944237d4e8f9909e7e9d9ae7c1a291056bdbc46a91952095e4d2b45fd2035aa3b722fc
+	C = 350aaa4b394c006a595fd91f25487565d715a350fa47a4ca73f63c5c358f10706963887d47a5f6cd122d66f369590e198fb174d21ef3e4f80d4232f841af5446d04401b9c6a9a9f1147c6dbea2759f267b7e0e49a42143a52f1c17a4514cb185503f7fd04f6a25e5eef7ebc5dd20d4
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 1d0b34cba884d618c531907dd482743de1a736b4bbc5e961c8c5c5a11977e3d1
+Nonce = 17aaa50875636bf80f97b5121bfaf5f5
+PersonalizationString = 
+** INSTANTIATE:
+	V = f85933ce95c897ab8d2b0345f6795714977f5862febf37202df12ccaa23ba75c3eab5fe5f2b72455fb00f65aa93ea6024247eb4482c6156a525312a78ff50287a47a05352dacac14ba26e5fe5c2c2763e19ed03ef819d5c017de06c45b434bb19b96ff6965f221503f423ebe60430f
+	C = ba010d17f0d0f1bf8ac017d0d31eeaf7ffeb2fbe449349b0d2b9cf475547a595ff6df38be609459d896e440fd6c98fc413da5d7adc45f3606263224b405ed95c33d3e04ba1e6dd6fd2ebe60d72d600c43362929169c0a43f5dcedb1a1fb4553f5fadf48ca60d4d3fc9126a88d4e22e
+	reseed counter = 1
+EntropyInputReseed = 7fb727b7e83486d4ce73bfdef54798cdc5f5b5be46841e60e766b34593ed4b69
+AdditionalInputReseed = 11edb2a0df066c1dd9b299ea3411fb875f1a25f44f53f3f40e83fb1f2d445ada
+** RESEED:
+	V = c4e3e9cb99ce0fcd0ecc726427672590dbbb57a40a7df5cc6e80b450775868b807cad77b81982bcde589c502a0412da029e87600d025fdd722fe5ab1a60536da11e5cc6cd877d3a178d6805455bba1e2d614b88b8194fe3ab60be3e0f5f25f4ee77534eaf43817a3a5bca05e825f44
+	C = aaa4936cae5a2fea19f08a7b36c0703e0396c7085cedfbfa9269b5050d94cb6339f5ad54b6db013fd8ff69a2e7f9681a1d8152759796cf8fff26ae6580043b2b50a98cb132581078e25ed85251b38d43dc912b416f1500bce18aa04b66ea6a12f1e4bcbdcbc1e61fa128af71c42370
+	reseed counter = 1
+AdditionalInput = f190ac36bf9e04946c91dc1041e5eb6726392aad6751094224d6c783bba8d3a2
+** GENERATE (FIRST CALL):
+	V = 6f887d3848283fb728bcfcdf5e2795cedf521eac676bf1c700ea695584ed341b41c084d038732d0dbe892ea5883a975e0f0921dbc37fffbdd300282e7953bc68cb762d5e4aa61a9cc1bc75e8c41343529ac9732a355a740977f810b226de3591d1cc20b4e7db4b26b31ea800568d25
+	C = aaa4936cae5a2fea19f08a7b36c0703e0396c7085cedfbfa9269b5050d94cb6339f5ad54b6db013fd8ff69a2e7f9681a1d8152759796cf8fff26ae6580043b2b50a98cb132581078e25ed85251b38d43dc912b416f1500bce18aa04b66ea6a12f1e4bcbdcbc1e61fa128af71c42370
+	reseed counter = 2
+AdditionalInput = a0529e1e34ffe280a8e638483ee1ba5bc5d8f65c0efb31fabb7cb5f98294560d
+ReturnedBits = db197c24c4cec0d437929d5ada31a82d0605dde38a3237703790c46982796e8a1f2624cd9d55f6b93200c098e202854a98fb785b2204bfd90a3871d5f7d36c8a151b4d9a4299c830bc27a58dd196f9057b713dad28d0cdeac7368e52258845b211d6c3ff3a89fdd760d625f54729e8774432dcaf240b0dd9c74940bbd0ebe26dca0a8d33f9fd608f90233b256c87645e916719843047ba55c0f842b55141b280f46400d16284367f24d2ff281bcd16d7e70181b6a96c7d809d943252688470a82ba0408ea22fbcd3228cc8ecf8309cee1f04e96763579aeb232ce828864eab281659417f8fbe1cf2a8224516d064bbf87b29a2559defc4f37f06fba25b1222a2
+** GENERATE (SECOND CALL):
+	V = 1a2d10a4f6826fa142ad875a94e8060ce2e8e5b4c459edc193541e5a9281ff7e7bb63224ef4e2e4d9788984870340097265c8b50d77094b9b52dd092bf980013a933d75a8507a1425b4532ea6d19d2ee183341785d505dc68ec716f98a69514c531ff5e21dbffe960874a7b2d1422d
+	C = aaa4936cae5a2fea19f08a7b36c0703e0396c7085cedfbfa9269b5050d94cb6339f5ad54b6db013fd8ff69a2e7f9681a1d8152759796cf8fff26ae6580043b2b50a98cb132581078e25ed85251b38d43dc912b416f1500bce18aa04b66ea6a12f1e4bcbdcbc1e61fa128af71c42370
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = d2571e656dbf4c3f45ddb965744498545287f9dd20f6d68c3eb2e378550147cf
+Nonce = dbd5f0de6357ec1233ff0dec4981efa9
+PersonalizationString = 
+** INSTANTIATE:
+	V = f119b1f9296b0003ccc9877c930ba1ee1144f6f7af42add041063ee9f8d15271cc265b755117f2fd8d1d7ee229fc33926be734af6a68fd071ad18466b4effd6a618e4425f67e50f089b2d88a14ec1da9155746c1438ecdc458e17e222240593a5db7879357f53e34686a2a6961709d
+	C = 1743692b001d8efb63f47f3e88bf2c49a7f25ad45705869790eeac8c6c49cafbd483da2c6bc8bfc3a9da65c6ace92566624cadce0b8104f30996b5001169af5ce2e989b59a971dfaf28e5aee8875b17239d3dcbe47503258a8d366e8645a23427585dfd41f439fb4340b88ae63e211
+	reseed counter = 1
+EntropyInputReseed = ff3c39a9a4f2b38e4099f7bfa9f1897d0c3cea2283e5a600c4347fe725a95294
+AdditionalInputReseed = 511b5f805fddd0cca3437c89cba5a0860563afb0f29a0e22d150d56c3279cba5
+** RESEED:
+	V = 9f8c8bc0c997e97c38318ae55cfc8f54240b23c715adf653fe649fac5d2e397f40df3507ac792bf239cc9a3f4e05bb343a52e4c68e3ba1d75956e640926995896efb2c912cd87adcd8e07cb1cea5914b159ad913899a01ac477f49ca8248ac5b6d9679c40a75989fc6b2bfd64144d5
+	C = 224eb6e63f0bd8fe9500bbb9a653b545838481758d6b87bfa4437a623a652a1063daa56cb620200c1f3396335331c9703809f336ca6349590a4d8ace4e6797c20ad38f9a9646b59da4bd16a5d87d2c3c0836dc7a200f295dd3d549ea3d4f5cbf5c745301f9e984c3563c3ede63f4c2
+	reseed counter = 1
+AdditionalInput = ea5e2856c439c8451e72e6895fe23d411a2983d79e5b32184611de06e36a0938
+** GENERATE (FIRST CALL):
+	V = c1db42a708a3c27acd32469f03504499a78fa53ca3197e13a2a81a0e9793638fa4b9da7462994bfe59003072a1378517f7a2727cbd24dd74bfeebf9a6e2e8e7e2b1b707b8300364f197c6abaf7184c636e89296599ba3d9494a8bb9b064b3ad911afa82d9b133bdca0acf3e691d4f7
+	C = 224eb6e63f0bd8fe9500bbb9a653b545838481758d6b87bfa4437a623a652a1063daa56cb620200c1f3396335331c9703809f336ca6349590a4d8ace4e6797c20ad38f9a9646b59da4bd16a5d87d2c3c0836dc7a200f295dd3d549ea3d4f5cbf5c745301f9e984c3563c3ede63f4c2
+	reseed counter = 2
+AdditionalInput = 24efa364a6411c33a70d746168f2799346596eb26e4bdcaa420112ec40f9c651
+ReturnedBits = 17c3de6aa824fc19c9cbafd3158d546cf71c2168c1ca73573a2d10fd40df5a8109db82b40215f104d6da59c5f4bcb0f61ac7dd9b23b0a2b928d70b0deb98790b1407849f844b0de7fc1c821b8f724d584984ab69d0ce115e6bb3308ce713d733530c207423d0b10c23768380ed01925cc7fce8f10819cf67008ed0fa7465dffedd645e1bd83db454c6a45ba807e748f32ea6e9b01df34867af79b8440d6549a4b1a9dd280b2a21dce71d86ab8e2fcc84e339c00fad6e16c43d23a60962ba31c6200af40ed6d6f834f9bdc844139aa1bfb1c680791ab0d2a029c2cd8a73a873c685dab2abfd1e9a2c2cb9189ee68980858c1bfa8f711bcc8c5d46803b109c070e
+** GENERATE (SECOND CALL):
+	V = e429f98d47af9b7962330258a9a3f9df2b1426b2308505d346eb9470d1f88da008947fe118b96c0a7833c6a5f4694ef8e5213a11979f7aae500828e70961452d8bd9b6e633852446cd7fa4933209471e8e616fa066ca86f7802a9677df68a64398aaa83f55e135e00a309a6fd28028
+	C = 224eb6e63f0bd8fe9500bbb9a653b545838481758d6b87bfa4437a623a652a1063daa56cb620200c1f3396335331c9703809f336ca6349590a4d8ace4e6797c20ad38f9a9646b59da4bd16a5d87d2c3c0836dc7a200f295dd3d549ea3d4f5cbf5c745301f9e984c3563c3ede63f4c2
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = dc877a8d6bcfec3a4d6e5ae03b9c65ce5401e19967726b060cde7877c9218416
+Nonce = 4f01a27c467faa6b1f5cb6951d915249
+PersonalizationString = 
+** INSTANTIATE:
+	V = 38c5a9c272f064b662d3fb9f5869270b26dceab563b51f8e99cd4dbbd6e9825cde984c263163bc28824e3adab26369b9f45966bfe9e6f317aa6b9185502ddb153c5f1e7163837e40de7c6233464d75f63c6602a8e0705d6401d39b05e5c5f8047dacee06be132d253d2cff7d81e046
+	C = 41de82642257595c2473a197dda18526a3a47acfe9bbaa96821111b6c429dbb996e15d53e60c9c9bdb5629d4c82d2382f4dbea47de0cc1cb32fecb922c3648486868173555adcbb40200682c3331c3fb9bfdd12f08de0ba8b2681a6beb76cb0043f96255f617be646926719dc6505c
+	reseed counter = 1
+EntropyInputReseed = 4f77eed50c1a21ed2cd10372a2e2c4509c8dea51153ceb055266b8a0ed794db4
+AdditionalInputReseed = a9588a7b17fa4ab5bc3eddbd473460743784275cb898b5bbb833ec32af2d2901
+** RESEED:
+	V = af695826d2b113d24ce55242258323ceca66ccad20996a0fd66f9bcf07ad6b5a22fce4a9414dd0b602c117055adb7c046870f8b92520cb348df9cd2945f67a91815663ab61db23f4bd428af8c0f782e81eca3b5007ef1f222bfddac07268d9b78a9252c8c5b0395e0717a7b6bcaf67
+	C = 49afa00be523a4737c23bc7e499309c7deacf4f789a323274407da41df27b3a4ce852d6aec176711bcbdcff7a66db039e29c3154944d6c62d90b6ac736030ad556e918471d694dda3f31ea8e6db702b66885ebd5712bc8ad1da707b91f933fae8b34dc612bba7fbcc63b67632b728b
+	reseed counter = 1
+AdditionalInput = 38b05b7f8fed393b82b01d64fb99ddb11e25e583620a925a315ba30db12a46a6
+** GENERATE (FIRST CALL):
+	V = f918f832b7d4b845c9090ec06f162d96a913c1a4aa3c8d371a777610e6d51efef18212142d6537c7bf7ee6fd01492d4b771322b5c5f20a9bea2b0fb16cd560e9639a0068618d693d0946018a4e88b1eb47fd3811f7bb5e930003260d41a41a55c09449b66bd03fe88bb1d06d3ff426
+	C = 49afa00be523a4737c23bc7e499309c7deacf4f789a323274407da41df27b3a4ce852d6aec176711bcbdcff7a66db039e29c3154944d6c62d90b6ac736030ad556e918471d694dda3f31ea8e6db702b66885ebd5712bc8ad1da707b91f933fae8b34dc612bba7fbcc63b67632b728b
+	reseed counter = 2
+AdditionalInput = dbd6149a503e92b8b3659d7014bb53373b170cd1176c12d5a052d2b701cee567
+ReturnedBits = d889ba0085b2e6cbb06067153eb94f77be1a479bbcdbeda1abf31ddf40e28861726db7d82d6b093450d6a80120ca7a4c53e8535c64f6de551dcbefe537a3d06fe3b52c1ae4f865bf8784b598a2515b3349fc2f592327ee8356a93cf373b5a6f912f6de503835f2b66f0666ef2b1029cc3b295a405110d9630803a02d2e53f160ff5898ebe024aabb73ce8aa2eef542228ae4e508da99693bb49d4717b05f5434a29301bef8e96468688be7cc603ffb45a24a03f2562edf24382acdddb6a699a76854cd77c2e45980a443901a2acb09c960dc5a75b99f785f6a55394c41c1a8707d38326cf056e806d32cb00c8acfec13c79311745b8cd6bda82fe494a8e648f8
+** GENERATE (SECOND CALL):
+	V = 42c8983e9cf85cb9452ccb3eb8a9375e87c0b69c33dfb05e5e7f5052c5fcd2a3c0073f7f197c9ed97c3cb6f4a7b6de872cc584cfebd51501a0f8e3d4b636cd75b4d62159f3d8f8e1f7b5012c098fe7f21e067193b769e5da1a683bf7cc0477c6a2996ee414777665e75efa25e3259a
+	C = 49afa00be523a4737c23bc7e499309c7deacf4f789a323274407da41df27b3a4ce852d6aec176711bcbdcff7a66db039e29c3154944d6c62d90b6ac736030ad556e918471d694dda3f31ea8e6db702b66885ebd5712bc8ad1da707b91f933fae8b34dc612bba7fbcc63b67632b728b
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 2437d39f7c3539daa6b309ac1777aef196b205de599400b60d10e40a369f0168
+Nonce = 8401fd164f6d070993058b539fe20075
+PersonalizationString = 
+** INSTANTIATE:
+	V = d99db4d0f2dbaf7460f383abfe78ebbf586ee7ada3d37c9d1cd865859079b0a4fefcafbc51a9c6da138f225f9371c9e7c9d0864727510c1acbae2775909bf45426fe7dc365c3bda4b6465d7bf18ab4b1ba0fbf8fff603a8a45fc874c734aa7e310995cf5b1aaa439dc60fcab2eb54e
+	C = 66eb9c1fcbf2bbad1a36e083906eae5d0c26a6dc3f8695404bd7a5e6d72b21081001bddd80291606d444af5a34c840253fd1df78aa3129ae3c976205a1c51ba048c1dbca6e29532b3215ecd111d678f3071e0df5ebcc827b17119bb63a44588038f7f2953c7faf681e925e5dd330f6
+	reseed counter = 1
+EntropyInputReseed = 7488c2942262a90c1c6958a44b58c0649ecc43a8e1dc6e9248fee74c9ef891ae
+AdditionalInputReseed = 7255f728bfde86e03eb8155a9604037a7e17ae7dd64447f60fa823f429d6638f
+** RESEED:
+	V = 024b195e2550cd9192c68a1f312f43b9453209f713fcb41264290766c67f0e30f74c77355c25c00276dbb4adbbb09c73903e3d1860c5f014cc98aec49abded176922dfbeb588a3c297e238391e4cf4aa91eaa7086cada3738708e2f65fe5659f3b872f599db945a5b1edee9f57d01f
+	C = b4d0828176b15412b9429e980a2ce6bb5bdb883a9dad66aa786832a763fb65e3b0150b72d1f83d59caeb978b5d19a3dc2b952a5bb411cc447c4f25c0b147c3d6615f09138f8f6d8ff986c27d667f22f608f4ff15312f47e1c11cbd637856fa21136354d58f168ec4ab68fd9e59511e
+	reseed counter = 1
+AdditionalInput = 8fad4d9742a21a00311c804b9aebb3a0ae49953ee96d7d622f04f18a2404e51f
+** GENERATE (FIRST CALL):
+	V = b71b9bdf9c0221a44c0928b73b5c2a74a10d9231b1aa1abcdc913a0e2a7a7414a76182a82e1dfd5c41c74c3918ca41453cf4e0aa5476044ce85566faf437201dd8f37d22057bd3f65134ef6f513d9c3c3804e821df9759242208fb2c15404d102ca7106bdf7d05b1d94ac36a31a271
+	C = b4d0828176b15412b9429e980a2ce6bb5bdb883a9dad66aa786832a763fb65e3b0150b72d1f83d59caeb978b5d19a3dc2b952a5bb411cc447c4f25c0b147c3d6615f09138f8f6d8ff986c27d667f22f608f4ff15312f47e1c11cbd637856fa21136354d58f168ec4ab68fd9e59511e
+	reseed counter = 2
+AdditionalInput = c4e26b863518b556885024b91eb0a171fc7d008b0d6adfbb4974ab407635a289
+ReturnedBits = f3bc1951e950512d819386114c718921d7e26893baaa6477fcd101cadd3a6cf5a2e0e126df0db7eda99ae61a93449c8b16ddcd417a41e17fab7cea0a821aad27140dc85c7b4f27e54195a23a38dccbe937546bbc41f39e4562cea4ad8b6bbb6a2c9fcd845cb3b64b79a88106ba871dfd8885f204368d27c04d6a31be5ed18250dceaca4004d5121e46bffde4e78495d3e6363a9cc5be4eacd779e811bbc6d4a72809c3ade298220de296501834bde28fa004ca7460b6a8c398616cf4a95295de2ce877c69b70f2067920786c5727a7f89380d5601f65dd9be137911545f56e78915d2c763be8e621ed02bc619b64f9da9a59c964c8ad66c64b167374ee614e6a
+** GENERATE (SECOND CALL):
+	V = 6bec1e6112b375b7054bc74f4589112ffce91a6c4f57816754f96cb58e75d9f857768e1b00163ab60cb2e3c475e3e6a98214f969fafe429133079e583feb90ce4fdef268a860a7cc608c6c397aab150e3573973e86a08098a9ba7e8582b8477c62a24733434c8b88f2edaff3a4fdbc
+	C = b4d0828176b15412b9429e980a2ce6bb5bdb883a9dad66aa786832a763fb65e3b0150b72d1f83d59caeb978b5d19a3dc2b952a5bb411cc447c4f25c0b147c3d6615f09138f8f6d8ff986c27d667f22f608f4ff15312f47e1c11cbd637856fa21136354d58f168ec4ab68fd9e59511e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 7e42555bda17e98dfe1eeabc4930b76872f128931dec0c6caa8c691afdd0cb52
+Nonce = 8bfa47daa1b09b3a2bd53ffccfaebba1
+PersonalizationString = 
+** INSTANTIATE:
+	V = ab73c95e45be2df72b56accc6f633b610fa7a90b4b97af2a0317577dfccde660ef3e7bdb2ce7125d8f456c469a0e163d9bc890d09048c50b57dbf5280cfa6cfca24d0fdd50948ac623dec820f2a210d16cb286a04f67552167d321b18bb5d384c0648658f2f31d1d14678e74e4d221
+	C = 6a6fce1a0511a58ae189279592f0aab742afbfa9b0b01dcce58bcc2389e843a1f7e91167e165b07aaa2d8571dc097abe057d0a393250f79cfbdbee3b2dfc9c32c7f84936aca636e483efacf4e19db821cb95ad55b1468692303687e3b5f95ef66a2a4836eefca2944af7d12c6a0e10
+	reseed counter = 1
+EntropyInputReseed = 03b8f20a7fcccaa90e899265957058ca10c70f3883d15f24da334c45e5b3c132
+AdditionalInputReseed = 308ed519a2b4ff1e8b1a3d4be72715ade7814474b08537f30dc46a327d6d8575
+** RESEED:
+	V = 66d89a5b1eb10589ee4bea8f502f0ef677ff0ad98393698f04cc7ae641315fe03417d9555c16dbeec2313063848571ea3989db6d3edbbc3cb4d394babcd681b6131644f135ec0542c9059b1fc14253393889e9811512901b767bcb2e949adc4c1e83d9985ccfeb3cb3c22d3fca6d84
+	C = a7cddb4a390313c403160bcac4819136a636509f0ace98018c636258487ff74c6d36675224f11967b2644a97fafd07e090c69b57adedbd770f27ed09d302cd6836a1341beb8ba303044aa1bc006757ed753106cd3515420f31d4cbebddccea0aa8c918af59c87558f25038e2d1a7bd
+	reseed counter = 1
+AdditionalInput = a22c075c8b50598d9fba9ac079953271125da5e32bdf03eb58b835acc0e0f7e6
+** GENERATE (FIRST CALL):
+	V = 0ea675a557b4194df161f65a14b0a02d1e355b788e620190912fdd3e89b1572ca14e40a78107f55674957afb7f827b23bf81cfdd8a68bb1e15c3bdb2f747a4bbbbd5fe255e0f0a6272da6ff2c7539973b49d8b9c97307c5ace8fd0b96ef3990468cfa1d6c5fcd8dd3d334fbd7883ec
+	C = a7cddb4a390313c403160bcac4819136a636509f0ace98018c636258487ff74c6d36675224f11967b2644a97fafd07e090c69b57adedbd770f27ed09d302cd6836a1341beb8ba303044aa1bc006757ed753106cd3515420f31d4cbebddccea0aa8c918af59c87558f25038e2d1a7bd
+	reseed counter = 2
+AdditionalInput = 17e25e3192711ff0b1f1683249aa5d20415bd65181f230b91ca87bc5fb4d10cd
+ReturnedBits = c8c190dd7d72932a150d8b4ac5e394afd2a77c299e72fa5cc8a6cbd7c16dfd50ddafe8110b6743323765e83dac5ccc755039c14c9c104ffd70a541ac44a2df61c0f047c848e4a913846a95245a5b186ab7dde2595f7c3060538b970cac197980bf164fb283d85edaa4d9ffc0efe5aacbae5aae27185c571f9bab76427279b8147f46c36f5ac943ee2c9f0bef6964bc7a6bba56fb4672b13c1c647d85db705b9064e6ddba480b68b6cf6a24bccbf449cb830bf17b888a8eeb126eb20b3bbc58f6651c23b199857c8eb9199f74652067ed5959b8e82f21cffb1b23c00b81a95cbc20667ecf7d567ba478754e343d08117d43ba4677a9a8c87019ae9501fb78ebe8
+** GENERATE (SECOND CALL):
+	V = b67450ef90b72d11f4780224d9323163c46bac17993099921d933f96d2314e790e84a7f9a5f90ebe26f9c5937a7f846ab1132f5d0b2723c7dbf75ccd01dee89d5b494edac4522d53c53e822a702e66a60f1ae9b33175ef1f0fa0133c7edb87c0f288e60367f8d722af22a94b2d8fdb
+	C = a7cddb4a390313c403160bcac4819136a636509f0ace98018c636258487ff74c6d36675224f11967b2644a97fafd07e090c69b57adedbd770f27ed09d302cd6836a1341beb8ba303044aa1bc006757ed753106cd3515420f31d4cbebddccea0aa8c918af59c87558f25038e2d1a7bd
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = e6879f8350a48f3e604144160b088d3a47478de068ccbb3ee5d007452cb465d2
+Nonce = 97ef50c6c0b4337485a7febc905eaa4a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 28cfb0d462a231677bf43ba4ed8bbc31d828193ee2d4d0d95aed256467e259c11b245f72b646ee6989bb7803019944aae88098eefc6c94f67868b702a1e40e9c425b095b18472bae9d15b211330cd3f25979dfe14eed0f9f849a31c6d970c59ae94a5a26d690126e4a4d907a5a68a3
+	C = ebcabb88cc263fa4bc9c2a7938b243969c4c31bb70329a60c03331ba6d8b0608bc41ac93570a7a2e373f027fcd1591d04f90f1f3cfb0df0468f002bebdb56021a1b2de6fb28ac5643f5f1d3f34278bf1c0e43e79fcab4ce5a8c64318ed998586ae8be865f400e09a4bdb7be9c06efd
+	reseed counter = 1
+EntropyInputReseed = ab053572556cf35cd2d20efacfd365017a7bd927a636956cd52d05128a43db9f
+AdditionalInputReseed = a086363c52c6a69f633ef11a73842c8e47cc5948ab0a6373d41f5dc8ba6025f5
+** RESEED:
+	V = 1950b385dcb880629ce3f68e973a455caa9b217d1e9fc4add1a3575c83785ef6e0e1ca8ececd7eb763861bb6a6ab09fa7fbc99d0baa058569c20943041b43803e8a277f7d3e1a5fdeb8109cb9bca9d7bd8593c97e12c180e52f6c8a6b2f01d86ea141a19c62499d492481ebedb9919
+	C = 48b39bbad790b909848415b53fb093688ea0fe3dfb2513a41b49d9854479852e863b9698149ff2e3290501512ae40b492f03ffbd879c260c98da497ff093eda8c80fab555f0e055d5d2be951b8255ceb254ae45099dd64aa96ed2f01f7c2ad0424077f52a50ae0dd7de700adf02a55
+	reseed counter = 1
+AdditionalInput = ac7d3781827d0219c0e0252d4af6749eeb057400bd0c1e72581589ec3bdce5cd
+** GENERATE (FIRST CALL):
+	V = 62044f40b449396c21680c43d6ead8c5393c1fbb19c4d851eced30e1c7f1e425671d6126e36d719a8c8b1d07d18f164c34ae0bdec921125967cc872f9d3ea58d825150e5fa63ea97f0f90090fd31c30e200880dd7367b494ec2eef296bcd0691028a2b61676f51c77e74994fa5f087
+	C = 48b39bbad790b909848415b53fb093688ea0fe3dfb2513a41b49d9854479852e863b9698149ff2e3290501512ae40b492f03ffbd879c260c98da497ff093eda8c80fab555f0e055d5d2be951b8255ceb254ae45099dd64aa96ed2f01f7c2ad0424077f52a50ae0dd7de700adf02a55
+	reseed counter = 2
+AdditionalInput = 04c9169d8c7efc88ee097c537a72541393b19cef0d503fd4ca0e272921ab53db
+ReturnedBits = 81ca9262b96157a22d98303fc0565d70c670586e98ec9471426fbe3a164513e509a0c0ebf2e809f180eff298632c27aaab20c1c6f1abb846f701403e28c51f80e9b680202610dfc4044b9ca964d68f4ce5b73bf4728b388ed3bbdeee32cf6eb037e3f38950620c7b1a3530f6d420440c4a09fa972a069143f28c5a0adbb11d740f728fce24a4295157eba91b4ca4be90c9185026827db27a268f4a8040b6e5a83e82e7a5e9b9ba4b1fbe7fdfe877bae93b39d1bfa4c971aa1a4c16b8b98911476d3b2b76d4edf3770498b67fffe9b68eb4a0e3f643e16c06cc61cc777ea930ae35b18223f224a4862a11d511fa5ad7117d063b117205857023a8a9e6b6448a18
+** GENERATE (SECOND CALL):
+	V = aab7eafb8bd9f275a5ec21f9169b6c2dc7dd1df914e9ebf608370a670c6b6953ed58f7bef80d647db5901e58fc73233bf58e92cbb566323425e533b69d62d610fcbffabf1697bf14c7a5d65993f5cec999812e1d278ea7b9e9db0b6250ba7f0b12e00d9fbb872abeb344ee6c99164c
+	C = 48b39bbad790b909848415b53fb093688ea0fe3dfb2513a41b49d9854479852e863b9698149ff2e3290501512ae40b492f03ffbd879c260c98da497ff093eda8c80fab555f0e055d5d2be951b8255ceb254ae45099dd64aa96ed2f01f7c2ad0424077f52a50ae0dd7de700adf02a55
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 7cfd0edb3c97abec4f24938d66e03b5f408b8ca7ddc522b7c1ca7c85c2080fbb
+Nonce = 046f62f1fe66588c73f4d5e3da5123a9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 612d50090b88f4bdf54d2dacdb938de0b356c794350f614d11612d6168cc619ef66a5fd01f3f26e53dbcd00fefacbfe6b63b14085ea259b097f27a8b54e39ee276db2e2036e7d6cd60b8121a7d38273d1e13b0847d9e4104428f5b55eda003527ac486503fde8fb2f86bffb3cccf18
+	C = c522072092eb539ceaadcdc4b2a52fc43f44badb1a48922a8cbbf3b44064dc58a5153e3f91f0f7f5c38df604e55c206a8100fc43eca1a65456484a62306b816cfd5d6ba220454670c339dd7644818b85887aa0e02b4f63e94a31d0c2efc19dfbd6fe49465530a2424d82a15a43d42e
+	reseed counter = 1
+EntropyInputReseed = 40caa6c0214b1790f737ffc5d475162e6e68885876dcf3bd4c83aae32080ef4d
+AdditionalInputReseed = a300ddf9a2b6601d1ac74a51c6f48598747e4181d20bb67c1ff10b3fc8bb46e7
+** RESEED:
+	V = 195d3f9472ab368e2ca4883dcad77edf49f5b50020ed4a81346be6389d4cf0f3f9a5c0c0a885958e86dc0bb2b1f71a1118f2879047a405b96d81460ebeedf433eca2f3f2c96c895776b528211ea3b721fb839dae9a1fdbf9c80785ef7063bac1f3ce5bd0e2cfe53c3c289a6b367ef4
+	C = f7688e0991b32a52dcfdffe2b7b6416766e44efdfabc5d9d057361e9bd1dac5e91625548193ff9ec6ba1d6c316f9f48d9a47c1d273ed36413a1e534fb4530440c6a09f73322e35243124a96c436e2cac64fb6f74a8d089e8890f006ee118acc2f85534634122fb645f4f152fcf8a63
+	reseed counter = 1
+AdditionalInput = 2ba6d180e144be3056dbfa75007859082adaae23b4c742bbae0cdf1a2049ad85
+** GENERATE (FIRST CALL):
+	V = 10c5cd9e045e60e109a28820828dc046b0da03fe1ba9a81e39df48225a6a9d528b081608c1c58f7af27de275c8f1103f3a3176b3311686a3a2f2de27c5af4010a263aade3f167c714f448fa09b571e05ca2ee0aa75a80c8e69ede2751ef3d79d19ffdb9c1d99d5f06d7020a15118f6
+	C = f7688e0991b32a52dcfdffe2b7b6416766e44efdfabc5d9d057361e9bd1dac5e91625548193ff9ec6ba1d6c316f9f48d9a47c1d273ed36413a1e534fb4530440c6a09f73322e35243124a96c436e2cac64fb6f74a8d089e8890f006ee118acc2f85534634122fb645f4f152fcf8a63
+	reseed counter = 2
+AdditionalInput = ca05d7b63ab3968f7a2c53ffb365287f22349efaf81ce932de9c593f1131cd65
+ReturnedBits = eefddfde6f8da38b419f45a17e28bcc022ddf5b85c09b53bb3d274a71236aa7136bc59c45c8041377774bb7b89e7c8567d8016c73120dd4dbe85cf419b2765a839cfa00471713d5e51e2407b2212c51e434effdc642a8984589a57226c7d04651a323b3c43cc0b6ad66d3656977994e25b1b19848054e99aad34e2f980e1e2aea75fa10292f9094d11b12a797b9015b5876d1636e633092aa4b3736d18dea2d35c7ab27a83c4a16da66f1e76fd5c75f0db51e3a40f33c09097f4207eaeaef86d72aee68b77b3dbbbfc888eb6d175fcceb8ee61c6ee19aa0a27db1aa514d5d86569011910734e93cee5ea7c4e82d19e466a90f3b14fd8fc4391f1a7b83a3cc8ea
+** GENERATE (SECOND CALL):
+	V = 082e5ba796118b33e6a088033a4401ae17be52fc166605bb3f52aa0c178849b11c6a6b50db0589675e1fb938dfeb056f65f1a457979dfb33526625b6cf641d5b86a866b18de16eeb6766072bae5bfb9c8c1e42f800eba19d6b5abb913dbbd2978b8c2bcf1e8b79b4528421f4f2ce60
+	C = f7688e0991b32a52dcfdffe2b7b6416766e44efdfabc5d9d057361e9bd1dac5e91625548193ff9ec6ba1d6c316f9f48d9a47c1d273ed36413a1e534fb4530440c6a09f73322e35243124a96c436e2cac64fb6f74a8d089e8890f006ee118acc2f85534634122fb645f4f152fcf8a63
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = c8cca9605a144471f1d5fbeb563b6104dea3b03a0b52e3087790e86c2e9636da
+Nonce = ebca7d5e5638d69474691aba72692103
+PersonalizationString = 
+** INSTANTIATE:
+	V = 250f3d0dc7395f19e06d6a8d2b8631aff9ebd93bb896468a284a5ea8130d1fed13fe6d0c36cbc3bdf8dfe8e3bb7f31f4b8d59b44283cdfeb8e491c298f2a24c6cb210db97e5500a5abd861a3ad79f7690d9c1310aa31a28f55b316c679c8cf7969fae9f97a6d57b74cbd6463aeebb7
+	C = 5c8e8dd96ffb5b8660c48e8216ce66fd66ab20acca5ef3dac1dad31328239a9d74ab509797bd7cb8d933de8e36e6ba2c6da9b7396ed2a7d9677de727e117e6c883daca10d4e308ce41cba76f6545406565c6e0a4773d361ad61350b3964893a5d8fa9abdbd94d0932b3ca6793cb089
+	reseed counter = 1
+EntropyInputReseed = 2effc3035a8b6d2c5a37cdec7247ae1eceb87809fa3450428b260ff1a32aec28
+AdditionalInputReseed = b7f2ce337572c252989b2f5523085d326d1fbc069970bd81f3b353555ac633ce
+** RESEED:
+	V = dea6dc2fcb7d1a2d15b4759db8c92919a8ab59439c3b0fdc6b2d1f41f42e9ca705222702a2019f8f9f01163048407bf36b0a15b0c33f2cba80abb9d251423dfdeee959cb86c6415cfa373cf66bce3770ac39bf3caa270f0f7e13bf7d4cacc1b648eb22c82f707e427e1481d8afbe32
+	C = ca03eb0cb49636f0d5fa396cb336ab2f9d2713d0fcd385858c775971b81ac8089ccc9c38b36b14d016482f71e0e507fe2ac16b7edb8f336749b1e915151adb7cbba4ec957f49a57c0f808610b04e4ee6a8571115e74f21187e37d9596e22177ec89141c3dbbfc4424aad776d4eb3c2
+	reseed counter = 1
+AdditionalInput = 601fa6b58ba950d48e15923f909ca0dc987ca891cf6cadbd9422eb1d7cea4c77
+** GENERATE (FIRST CALL):
+	V = a8aac73c8013511debaeaf0a6bffd44945d26d14990e9561f7a478b3ac4964afa1eec33b556cb45fb54945a229258574c486bb9ea81b51fec92b10100a54ded9b8b0f35bfc335f3c490573b50e1fa2c162727f7739333af714d8bc54cf6b8d3e915dc4a409fc4a0014e878dc2859b8
+	C = ca03eb0cb49636f0d5fa396cb336ab2f9d2713d0fcd385858c775971b81ac8089ccc9c38b36b14d016482f71e0e507fe2ac16b7edb8f336749b1e915151adb7cbba4ec957f49a57c0f808610b04e4ee6a8571115e74f21187e37d9596e22177ec89141c3dbbfc4424aad776d4eb3c2
+	reseed counter = 2
+AdditionalInput = f9483419077a5f638452aa71c852f0846257f6e727b9f249abeea02d36b7e595
+ReturnedBits = 92bf73e31932771cfc1a6ea6e8f03dc3377a73825c2cd254c0c719830c7075718e0ed13af7458576cec54af2e5314ca80b227028ef4a6414a8563c895dc6643dfb34b9b947c5616c7bd410a8430f5d759d78ca3ed77c08ca70f99009d85022303bf319bc1284ac2ec81dce4e47bb663cfbdd3fee180de2818fd5f37567639e714764a921edb74dab2da5a8e7d591a262ee6d0f4a8ffcc525273d1795f7196000e55ff167cedb5e6f7ed0f5aa1e9ad257b6360836f0f26546c12c632e3299864f620e1eb3eca124e2d7206907da2a86108cc11f68bd0798183cf00ff7c916b73f53c3fd25c08ffe325dc16d2aae8a9335767871b61f512e70455f612082301c28
+** GENERATE (SECOND CALL):
+	V = 72aeb24934a9880ec1a8e8771f367f78e2f980e595e21ae7841bd22564642cb83ebb5f7408d7c92fcb9175140a0a8e482646b062c9c213ca1aedc67b3f3c18ebb7e6763cb1ceea31eaf98d77422852eb3188401ba1523275761ad364f767431b2ea78a8b6c36b80bea3d1a6abbfead
+	C = ca03eb0cb49636f0d5fa396cb336ab2f9d2713d0fcd385858c775971b81ac8089ccc9c38b36b14d016482f71e0e507fe2ac16b7edb8f336749b1e915151adb7cbba4ec957f49a57c0f808610b04e4ee6a8571115e74f21187e37d9596e22177ec89141c3dbbfc4424aad776d4eb3c2
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 5953a45e46e50119103d4265fc6987681c459d9b6cc8e142a479e05efce522cc
+Nonce = e815d564daf2f339b9a673c1eeb9574e
+PersonalizationString = 
+** INSTANTIATE:
+	V = ab87c9b9fd8c81c002a97845cddff0181bac48523ef36df447bac78f1c1eca65755ec096a63a0fdb19bd6844e9d4141c8221c3726345360e2e24ea82133ebd5ab6834c43c1920d6d1b32763cfe24a6e9a66863bb1a503ec2726888557d91634fcd39f7535d43d3a14c347136bfc81b
+	C = 49d7adf386bcb9107b8a1eda8b4f4326a57130b13255aa242a2917971abf5ba5e79daba57ab41b3103456b8a02d49818b000488ad9213bbc03187ced1d8274fb308b8c5c5fdb61e4aee5003821c33ac3dfefa6ed390d26d6b58b6edf12001eec3d74630456e98a9846f4118a9bbcd3
+	reseed counter = 1
+EntropyInputReseed = 9ad6cc399903b9f401870f48414fd80e5f35a41ec9bfda2f23f6d79516dfcd72
+AdditionalInputReseed = 6e57cef4ab030de60e63747adf907eb3d37f7ac20ebca816e6bcc3e20df424fb
+** RESEED:
+	V = fdbf4113699d5bd6d0dec40fb07620aaa247a06378c075e1c3ee5c9485f6521e7c00c5bc0a8a0f10a68318db7045750220dd79f8ac0bcf6e8493da72371931c590677ab9217adca1576200a33867e5e818f345907e82ecd91a742b3b08c91d3dc8699fd372409cc70d20bf5c9b54fd
+	C = 378f4e8a1b89c1bd39d148a7a02e27fe8a346e4707f64c192cfa9a46512d5cdbfdc7d3e127144630b87e5e2510f96ccb4b73bb95c458ad5eca0dd7f1e6927d50224187a8080d8399db4d4ceb3ff9eb4a385f88cf1bb9873dd65d0bcae48c34c02cafe36afbf13cea5705c24e89831e
+	reseed counter = 1
+AdditionalInput = 5b133956e428c92a62d83e1c204d6f84188464fbf30f7ac10c0f58319fd210b1
+** GENERATE (FIRST CALL):
+	V = 354e8f9d85271d940ab00cb750a448a92c7c0eaa80b6c1faf0e8f6dad723aefa79c8999d319e55415f017700813ee26a0ab19cc4221759f3ed9d6ca0afdd0e15c7ce66f9eedf7308d48020354e51487ad62292d7c6c93f73f34944694d1e47f67f3a93bb060725c98a5351791bdd0e
+	C = 378f4e8a1b89c1bd39d148a7a02e27fe8a346e4707f64c192cfa9a46512d5cdbfdc7d3e127144630b87e5e2510f96ccb4b73bb95c458ad5eca0dd7f1e6927d50224187a8080d8399db4d4ceb3ff9eb4a385f88cf1bb9873dd65d0bcae48c34c02cafe36afbf13cea5705c24e89831e
+	reseed counter = 2
+AdditionalInput = d6a963a113868474a988c391e9dc9f39192b96e09c8ad6f5b8860d08c9b56476
+ReturnedBits = cae0086f2d1485f5626510a351f9b00508232e4436b5d6b83f4711908148fdaaf79f8fbc59ed302b94b589cdb6acec4d8729272723b97808990ceed3edef33acc0900927bb287b832bbb167bd54622612537e87360cd57e7ffab16bd040f584f4576d3cfce938a09c18f623fa2f1c2dbd7cedcec4df6a527f24eb81e7ac8f6ad2e63d73c12f79804e604ca9d3a705b8978b464eb28e50f6cb144e2cdb9238f0f789418df1bbabd4d74795001fa3f2429e40016190a883b660259f694a069069ecf548750fbe0528d64ce79d33228021d768da4178eab994f3d8eb555f38337c6b5bac1faffcd029a72c215f48ae009a79647bbd07a3911581450ebf7c1c607b1
+** GENERATE (SECOND CALL):
+	V = 6cddde27a0b0df514481555ef0d270a7b6b07cf188ad0e141de3912128510bd677906d7e58b29b72177fd52592385053ffe6c97936519b5607a6e72998f3045734a15fbae45c4689aa5a4fbacdade3ec5e196916e5d8f910a2ef47f321347899b94154932ee9b79aa7af79d491d322
+	C = 378f4e8a1b89c1bd39d148a7a02e27fe8a346e4707f64c192cfa9a46512d5cdbfdc7d3e127144630b87e5e2510f96ccb4b73bb95c458ad5eca0dd7f1e6927d50224187a8080d8399db4d4ceb3ff9eb4a385f88cf1bb9873dd65d0bcae48c34c02cafe36afbf13cea5705c24e89831e
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = a404c778eae15a5505af2770ff78653daa22dfa62421e6cd2c2d116bfd3276a1
+Nonce = 1c310e8cec4d77d046bcecce4fb4356a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f1e58e502879464576da8936ad25dfa84d8eb5e4be2848127003e9b7b0d5e339aac9488f2b4b0ebf7b91fd7834525078a331fcc6afc0a987dfc6506b9d130187c10d510c2ff604066c92cdf83d3bc0a636b419161d9e4be9c01240d41d700b6aba42b918a30e86b906ea43438e8cf
+	C = c4dbed34f690d675564859f771cbda17786d74e9807bedae95a62a371d3664de5693f26691642d21d903b69e05e6aae384ec7757403dd4cb3cd43a9df270a4062830e207c7604940d23d017e734b5e3fbc7bd98ff6a3b3c80a9a5e09814b2b73c9b4a7ee0d71270650493bef5f4918
+	reseed counter = 1
+EntropyInputReseed = d676f56e7e4d0962078a13e5ee84be0e4d962f36dc5276e602214074e4acef7d
+AdditionalInputReseed = 95a08b37cedaa661b76ff212c4bb67148195e280cb196368a6f0aca223506201
+** RESEED:
+	V = 5420e9b27160ff0a199a90040f068670f034cd6b98f2880e74ebd35c4dbda081a4d7da8ad3da8380492318296182abe271c6d30f9b69b3d4a3fe738b3f19408bcfec7f95d148ba093116a011d63e7873ffde76ed85010fdb9c0c73ebedf2f6ccfc3e767ef602fb0f04d819b72ab7cb
+	C = 0d112a9ab1e6aff48db631949cf09fa8f52c7dcfbcb5a20c63dbdc2016b2948b2158176ad7179c32411b0fb53772407881fcfec05733e368823c91321f7e1d30eda125c0ffc330dd0c7f81f869ae049fd525c0edccf9acf78071147e02e2efc0e99d91a20569abfd316e6b5802da5f
+	reseed counter = 1
+AdditionalInput = 2518c16172681df5834bfee95ebb0415a867944176b5036e3e5af7cf0297953e
+** GENERATE (FIRST CALL):
+	V = 6132144d2347aefea750c198abf72619e5614b3b55a82a1ad8c7af7c6470350cc62ff1f5aaf21fb28a3e27de98f4ed20b1f82c41d36bdf15aea312ecaf7d740b29afd8e92bb7c50031aa0b99163b00c86fd40522c1ddd674a8f7ee5fa5166c38c89ad1dd329643f60c68e8d35fff3f
+	C = 0d112a9ab1e6aff48db631949cf09fa8f52c7dcfbcb5a20c63dbdc2016b2948b2158176ad7179c32411b0fb53772407881fcfec05733e368823c91321f7e1d30eda125c0ffc330dd0c7f81f869ae049fd525c0edccf9acf78071147e02e2efc0e99d91a20569abfd316e6b5802da5f
+	reseed counter = 2
+AdditionalInput = 10ec30f351c84048af33602bdda379914ecab9fce47fda2f4feade6268a3e6c0
+ReturnedBits = e3edd8832172dae2b0488e4e08d5a50bce872fa200b23a8a4fff9b9f0547f3138e877374d40922e0affe5d9cce91ae384dc41bef304d5140389a9ec8c026244f5c728ee0d2a6eb9ec3dadc462cc36f0653821bbfe9e70b40c85e8f3729a7f56ddbdc9432fbff5faf76d1df5afa689beba9c1698d79a4186897734a4aea871086a59d1ce5bed4123f8a021701f233b63eba2d854cf117069387e336d0d55161ff5e5ba8e867f182a22a1987ddd43a8172e33c40625beddac70af4c960cd1062e2fcc5b4cc30b7a56e3683d6e7164c54eb33c3c379ac2f5a9098fc655da9e6b7854aacf699dab69712040ccb090ee50759b1476ea887334fbad9df27881ccdac07
+** GENERATE (SECOND CALL):
+	V = 6e433ee7d52e5ef33506f32d48e7c5c2da8dc90b125dcc273ca38b9c7b22c997e78809608209bbe4cb593793d0672ef83406d16217e2fa1b420419c482a6f051f93ee70591591c4abe73d45515f4f045c002ebc235c84f51d670b9ec7585ab7243bb1f13d49263bfe3b9ed6c741dd6
+	C = 0d112a9ab1e6aff48db631949cf09fa8f52c7dcfbcb5a20c63dbdc2016b2948b2158176ad7179c32411b0fb53772407881fcfec05733e368823c91321f7e1d30eda125c0ffc330dd0c7f81f869ae049fd525c0edccf9acf78071147e02e2efc0e99d91a20569abfd316e6b5802da5f
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 70d05953dce8f81deea9ab6db57f7c15befc3bd79d31ff0c445aad2ce98e77d5
+Nonce = e922681a407ffff800a03183e21733c2
+PersonalizationString = 
+** INSTANTIATE:
+	V = e19375c8bc58703a5f12d46e86567f7cea9df341b3404d2785c805de27b377087ced16979ff7735377f2e72b6b8dd4b3e231c2d9e77adb4dbc528e184eefac2c575c9e57c86a997b27f2dc3081ca7145d47c3803b85e88c586290a1fd55b8b1b926e10c9bdd8425587f9dde70dfa6f
+	C = 44c261a74a88097cca55e8d686c3a440de2507b73d46f15504e9865481b900101afa5b62a9e4b932c13c49a42a865857056cd29d78e323be97f74b7e87d81d39b677326877de1d49920240cd071e6d276d32be994855fb6ac88592d05cdcae472b37d5a7f29eecb42472070346dafe
+	reseed counter = 1
+EntropyInputReseed = 3278078df8a589b2bb92b13e9a219196628cab4839e650c07a059bc6205d696a
+AdditionalInputReseed = 9385a89ac77cceb4a7e221fdc0bbb6c16a1d3276a08341e7352d8ec0454a07e2
+** RESEED:
+	V = 464ca637c01cdd670ed7ab0c7cef49138fcd742ba7b1c8379bbae68de1ba268933ad7608bb1350b2bde6882d7023c08af358efc2fdbe68186efd6362e4ccead073d57cf462178dd2b8b7a1843de7ef0937388e6b9b7070dbacded816a10778710d7f70b3592e4d8d55063ad02956a2
+	C = 137d4bee87b6b904829a9fcff6259983d5f29bc1686887bfdee2af2db0bbabd1d94107e53c9aefb65cfa0e7931595b30dc870ff6480f9bde39b1ec92a8e388b90931c52b8fbac316cc88c209a16b034fbc8d37007c9032a1b99993521421855b271f22e3baf5db76b9c89d4391d1cc
+	reseed counter = 1
+AdditionalInput = 92994a5375ccf13704064b05a2ae3fd295e1feea9b7cc58324be07a82e8e5f83
+** GENERATE (FIRST CALL):
+	V = 59c9f22647d3966b91724adc7314e29765c00fed101a4ff77a9d95bb9275d25b0cee7dedf7ae40691ae096a6a17d1cb2e015239110ff499004b2dc503318892b42858f002ea1462d2a8d5b54d9e879a9b8b690571bffd0a3242f891473a8851beeae8315b85254ccb6ca3fe9afab3b
+	C = 137d4bee87b6b904829a9fcff6259983d5f29bc1686887bfdee2af2db0bbabd1d94107e53c9aefb65cfa0e7931595b30dc870ff6480f9bde39b1ec92a8e388b90931c52b8fbac316cc88c209a16b034fbc8d37007c9032a1b99993521421855b271f22e3baf5db76b9c89d4391d1cc
+	reseed counter = 2
+AdditionalInput = 6a77f585ef58cbe4e313e80819387bed26a125ab38769ba2f405deada99cee9e
+ReturnedBits = 435a09fc736bf694bd0f872bd9bf107c974308ac5ee9b3072f154e63c3204be78f577287ce4f32499a26773b9fe8cc9297e653b4408c5fe7aa50e546bbf73e2f073723cfb738e81558c04f7c938033c53ef7a3b19dad975c110922f4ad7da634649f6f0bd81ab05e8dda7d1fb12a40e9d314bed8f5d775d42cb320c97d61cea45bca0624a1fecff6f8d88b8a32cea6b88770069053f30e21c1487d3d072cdb8bb9d1b14c9b81c22b4e8fb4f6b1228f2fd36c11012e74824fb08aa2cb28e9f4529b20440f8b6a0f1b42c86c24da9b81d2e3a38a0d0496e1b2cadccc6121d6b9eeb8a08f2f118aceecf57ad5aa787ae64c47eeafd6b707f834c575efb0c96349c8
+** GENERATE (SECOND CALL):
+	V = 6d473e14cf8a4f70140ceaac693a7c1b3bb2abae7882d7b7598044e943317e2ce62f85d33449301f77daa51fd2d67815dbebee2faf4e8a1153090277126b5ec63877d936143a37ae38b7b3d41fcb111694e19cac9139153df804f822b5e980ec68e032ac694a46de328d09e4a334f2
+	C = 137d4bee87b6b904829a9fcff6259983d5f29bc1686887bfdee2af2db0bbabd1d94107e53c9aefb65cfa0e7931595b30dc870ff6480f9bde39b1ec92a8e388b90931c52b8fbac316cc88c209a16b034fbc8d37007c9032a1b99993521421855b271f22e3baf5db76b9c89d4391d1cc
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = cee549d0232d61fdd77912ab01e2e2dabe0a3e79af017843ffc3102b17d43449
+Nonce = f19fb4c7c5dfd8e1f52620ff6320186b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 814b049a8f6a85afcc988ab87b1d9a31f4b5451e22559b7afee0580d9b90f9018be575f3cf0ca4746982f3187dda2868886a24c3c89fd471c74795fed37b811c3ff2e6c834618ab89ac3d06e7276671bf2a47b3645d65abb864f3f82485660364b50b9fa0a414be55f5c4aac709de5
+	C = 995054b63e3fc047ab464628b0177e0b69fbdf1a21e48697b9c8826dc1874c74ba5e213293a869085f18b7c8a6f350a69bd26f326677c2455e58435aba6a31b4e6a784dce5f807d4b1084680c0ccc453dc7f4c5fd179ea0d433d738072bab6e3b277eb4f047efbe2fa5f0b4a177653
+	reseed counter = 1
+EntropyInputReseed = cfdc2d67fe32d6eaa7f6f1328b7e3e020d2128df8493cd7e0bdb18c6db593905
+AdditionalInputReseed = b1f20036488d3fdf8a11cfcd619d8ec667cf4ecfefff4ffc0d6f4856bb1612ea
+** RESEED:
+	V = 32f3dfdde568d28a1812b50ae932425209ac24a2a50b4ad8d3ac5dcade1513c583ef323ff81cd24133e302b04e61d2df6693441c3b1ccaaed1510799c2471c22db2667bcebae70a3f6fc1ea7c985e54b4e628ae825e847f206d1198ff0f1c1ffd44f6e64ee6068d8b0c3a8f0c3b172
+	C = 2fe0914361d4f0208deeb273ee21665b4e2c848e3c06ed15bced285ba2fbef9a3d30cd7f6f9016c924e4db0c3b96b0a42bdd5b6a5de5554ad2a0f9f617d8ebd21c6d889b52e1077fe169ae0b428b7b3126f4c6a4e7f903cc0b03f3c05ababfc7e6c6ffdfefa4e1880773d6cba8d640
+	reseed counter = 1
+AdditionalInput = e44413ca8c5a7f24f633e180b29ed8d12971d43cc2148781a583891bd705a95a
+** GENERATE (FIRST CALL):
+	V = 62d47121473dc2aaa601677ed753a8ad57d8a930e11237ee909986268111035fc11fffbf67ace90a58c7ddbc89f8849bb15723de566724eb014a807992a4f91655945155563cf16ec96a9a87625e08f79e62356f391fab615dc9efc9facd84099c1a06817760b99ea4741e100e91d1
+	C = 2fe0914361d4f0208deeb273ee21665b4e2c848e3c06ed15bced285ba2fbef9a3d30cd7f6f9016c924e4db0c3b96b0a42bdd5b6a5de5554ad2a0f9f617d8ebd21c6d889b52e1077fe169ae0b428b7b3126f4c6a4e7f903cc0b03f3c05ababfc7e6c6ffdfefa4e1880773d6cba8d640
+	reseed counter = 2
+AdditionalInput = 5a5b4997109aa10fe2ba3baef3076ad730d4a6e5f52a3696f671ae460896ed45
+ReturnedBits = 751abcc05bba6a1f9496081e9e67f7d3b2e4b985dedc4f1ee49d6d4943caa0051794af3016ff5ee0d51e3b50f0096d3acf0b2dce84f87a08821c8c09f82ec57c044d6ba0dd7474969c4e4d6e89d6d53dbb2824f1afc0bf3fa84110a805e92447f86bbbd2dd748550bd147dc14487b4b36c769f2d52d03e1028254ca10854db02fc0afe199b2e5aae19e6fdee31276d8dc0a06aa0344c7f8f1d26453673adc1c4bcedd8e9e7833150656499a613bfc08f1c670866c3b136770a8e72800297012e2a9ad9cf8ae6b97014430c8e757fd4d2583372bf9bfa93ccc2345b52f58a54448f21fde535fa098cd09543337b518db2635116cc1acc51aec38d0a7090345631
+** GENERATE (SECOND CALL):
+	V = 92b50264a912b2cb33f019f2c5750f08a6052dbf1d1925044d86ae82240cf2f9fe50cd3ed73cffd37dacb8c8c58f36191a21417c80428528bcf04b5e7a46916959ed65464d452945abc4b61bd3e3c7a68db882dbf6481ca55a04ed43e817c9b4c4bf12c88330dcd091ab72f09215b3
+	C = 2fe0914361d4f0208deeb273ee21665b4e2c848e3c06ed15bced285ba2fbef9a3d30cd7f6f9016c924e4db0c3b96b0a42bdd5b6a5de5554ad2a0f9f617d8ebd21c6d889b52e1077fe169ae0b428b7b3126f4c6a4e7f903cc0b03f3c05ababfc7e6c6ffdfefa4e1880773d6cba8d640
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = dcd0f3dd952ca9688f9b2f4b298220f3c22cc0596303ff41dec219e732c869ff
+Nonce = 9c548ec0fd9fcd83ff1dc306f46330c2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4cc06eae3d35b7ac631d85491df6bd775cb97a27a5b3dfbda3b3ce01e34724da2984d9d32d52693cda69dc47ff64083407a0b0cb1b86614a4ee47dea7b4e6f7aca0daf7e19cba1d2c4b1dbf298265b483fef33ee091ddd1bff18c346ba0be3a982837659255c696457db47c8008574
+	C = dfada8157bcf4d66795aa6826a8ac6a77c266b2bdedc7a721da7a4a06b42e83170773ebc4f80613e48065a41ebc49e77e4e09ff6351bfa3bdccf6c4c5a231d29073a4a94116c395b5e1e61aa6faeac466910bc36835a14c7069c46d57a715677143cf4814319e8eb18443cec0fb028
+	reseed counter = 1
+EntropyInputReseed = 15d37cda1f24e910a3321cf5d4109538d4464bc60778d2ce93e4d925ad495e72
+AdditionalInputReseed = 2b0a5d34bf92c50c2d4c25f86e697465a7e5a1bc9f6d79eb058d7fba6cbe4ef2
+** RESEED:
+	V = 038d9aeb4ca8f35cda2afe269dd8e6b0d1264896fe51d2e2b02666406bb2ea5c9a0dec5d39465fffee8bd34ba3e788c5172372f8f2d67db5c6b6b606ee6dffdfcb9a533c777b92111036994f128d268d51ca530e332904bf75d09b366f83343b44ffdb4cf6e23cf18f323db199f8db
+	C = 3b5424d5345b38c8b7355b4e8c494cac80c1b425042c3063780b8ab73f3cbfc88b51d920bf53ad44f15b50b9017b740890f91d8f10d79760ac1aa4500e166a68c7b648e427fd1810d517943aba4525cded700a19bee7163848c15506ad18ea7e8822a4d1e7ea412b7765c0b0e850db
+	reseed counter = 1
+AdditionalInput = c86a4cab153daba68b02977f2a2af8df5d007edf6a5c57fa2edf77325e8a97ac
+** GENERATE (FIRST CALL):
+	V = 3ee1bfc081042c25916059752a22335d51e7fcbc027e03462831f0f7aaefaa25255fc57df89a0d44dfe72404a562fe8047dba49929999f2a35b3659f4f1739a5a66a09b20f2a00958d154f6bd0f965dd24141eaad40ebd98255d0b991daeadf74e9c6d70ca962b92d82e4b58fbe330
+	C = 3b5424d5345b38c8b7355b4e8c494cac80c1b425042c3063780b8ab73f3cbfc88b51d920bf53ad44f15b50b9017b740890f91d8f10d79760ac1aa4500e166a68c7b648e427fd1810d517943aba4525cded700a19bee7163848c15506ad18ea7e8822a4d1e7ea412b7765c0b0e850db
+	reseed counter = 2
+AdditionalInput = 1ef8d92d6febac02ba702d0c93724cab16a986bdc016cabab5cca4960750f59d
+ReturnedBits = 41aaed73a7631c312e339ce068cc19dffc09a331bd1cbeae518e7977010f362f8310d0f837413cc432313c244bac06e618cb27e21332b7fa7dddd4bf23231d6c04370009bfeaa5ab47538b113734257d31f7b9cd785cd0fc53e68d2491dee56299b641f1d9420aa66897494b15cef831424a748baf89ff51f93eae25d53f6b34e7496585e97a9e8b01c58f8b8caa779277323e5c42bdb491593e664ac4698bcf62ef6c7a91d3375b72706cd67049b42882d06172193a04f2e52cda06fbc4c7a25872bfdfd0d95a22d94d20b0191e0cdfb43e3f5df1be488cfefa0a0c098c8bfb1d854c133617bc79367817913be16da2d44e6973a5b1f9f0d03c53e2c3ede5d9
+** GENERATE (SECOND CALL):
+	V = 7a35e495b55f64ee4895b4c3b66b8009d2a9b0e106aa33a9a03d7baeea2c69edb0b19e9eb7edba89d14274bda6de7398c087fcb5fa455bfa0299d183d2d600772b071f03042e797f28fb1c3d870b8547f1c6993a03418bbd4faf32213542f7381f6a7545734cb4379a743e39cd2037
+	C = 3b5424d5345b38c8b7355b4e8c494cac80c1b425042c3063780b8ab73f3cbfc88b51d920bf53ad44f15b50b9017b740890f91d8f10d79760ac1aa4500e166a68c7b648e427fd1810d517943aba4525cded700a19bee7163848c15506ad18ea7e8822a4d1e7ea412b7765c0b0e850db
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = e342ccc1a8652b617f28be79119bdea5eb8f7d6da8fc8407c76a71b83306eff2
+Nonce = 46c12b22dd4c0696b46e5bd057e99e35
+PersonalizationString = 
+** INSTANTIATE:
+	V = a10a6bb908733f14f3cc9bac2a980d47442eb683af44aa96d87dca26ee990c137efc3112b9e56c9d1012ca3d5591ac42bc5e339f4099c45ec45994b2c4a1fc3d4987611df20131a0dd238c0d27bede855ac06739ae0283a73d0e5d9da8e9996cb69f5eff7df04037d27b57140d3022
+	C = 71621c1ba216f366ec6454f4320f3676c28a9ea5c0b6c997766b29464318156d4212a30a76e266b64bddbe3cb60349c4d7e7b231c8de3e8d6974867f6b14d9ee4d571c72a5c7027b106b0a19c4c641d4ba02aceae9185aa4c4214a8d3c28845ed3e802a9d9c9fdff5ed2f8f073b071
+	reseed counter = 1
+EntropyInputReseed = 39e481828f3196d48185bee8fb5617939b5bfd0e63c34fdff06fd56108b05021
+AdditionalInputReseed = 3dd6e20bf2c45ba2f33c14db928e2dd6eeffb7ade543cb4e7e0ccfdff6b2e86e
+** RESEED:
+	V = 79ccfa797c4fd330a9da4722351762e9dda56b5dc03e171e2218d18a1116aab57dd1617f5dd8030d8bc7fdd5cabaa544e6a861e934675b841832af5d0bb7b668d6774c3f7156c4e1f95bfdcd277a93f3d5954fc76f9aafd1bcaadebdc0578258ceb94e0e8b1ab5ff31cdb47f7384b8
+	C = d0f8e3a5313b9cf1b4d4e1e44091759267d0146cb7a73c5daca7fec28d0f72ce563f670edef3580425ea4b383e45d68dea4232782f8ad495837b71c9b9c8b17ff9d19d092d1d2d2d5b90f4bb42c2e44b912d18fadbe6e6fef8ccb5bfc649f48583d1a5d584d4b68a1dda95a903a432
+	reseed counter = 1
+AdditionalInput = e12f4cff164a721c752a52e36f008b82b74c253c99d4be366bbfa9112b8ceda4
+** GENERATE (FIRST CALL):
+	V = 4ac5de1ead8b70225eaf290675a8d87c45757fca77e5537bcec0d04c9e261d83d410c88e3ccb5b11b1b2490e09007ccc68a08a8d1cf9fdc3f378bcd8bf92e4c3885fc862d34cc4809a03b81a12441f8d5ad99e1123c508590ae0ad5c1fc16d69b6d3d6ab8eb2f84f9c13ff0385b556
+	C = d0f8e3a5313b9cf1b4d4e1e44091759267d0146cb7a73c5daca7fec28d0f72ce563f670edef3580425ea4b383e45d68dea4232782f8ad495837b71c9b9c8b17ff9d19d092d1d2d2d5b90f4bb42c2e44b912d18fadbe6e6fef8ccb5bfc649f48583d1a5d584d4b68a1dda95a903a432
+	reseed counter = 2
+AdditionalInput = c6ef50c58f08b93a768a5a29e1787aa3227c0bddf400e3ad02ed3270ffea7d4d
+ReturnedBits = 7781cc73939c8c3ffd9936c584acc8b60246ce4eac9e6c616ccd464ef708abddff8b89e084468043211a19ec155a1f3ae8ed99c7b0e8cdc00890367d6374e4cdbfdb29484dfc765bf592c9d4c768145c4ab9be43b24580c06a0b90bdc6fe4786ede47d2ab1bcfac35c4f4b2bd0ea9a1f1094935cba4ebfea76cbb19100b74597ca702280717dedf2b75c9e762a2379472c87b824c948ca2d35a2a62c0458bc2f02cefae53e6c751da68be486bf7843aca22d9bea771d215914a283e36abea0964227425967481bc560d230d5f9b287bbfed89f203b15e25503b933d7576ce271131075b0643f0433e5d769ef57cd46b02ba4796362820424858a829e656b0c92
+** GENERATE (SECOND CALL):
+	V = 1bbec1c3dec70d1413840aeab63a4e0ead4594372f8c8fd97b68cf0f2b3590522a502f9d1bbeb315d79c94464746552b69122e4403962b41d49637e48c9b751a7913101a81b8e5beb23b1188a5819902fb742cb828338d2014d4609fe377658adbd4883c43366a41b96a5d6077dce5
+	C = d0f8e3a5313b9cf1b4d4e1e44091759267d0146cb7a73c5daca7fec28d0f72ce563f670edef3580425ea4b383e45d68dea4232782f8ad495837b71c9b9c8b17ff9d19d092d1d2d2d5b90f4bb42c2e44b912d18fadbe6e6fef8ccb5bfc649f48583d1a5d584d4b68a1dda95a903a432
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 12c22031d03a850f7696c927d4dc8dad4c3dd717e60ee5681b05db6426a0e167
+Nonce = cd32e3eb3f8334d9698dec627b2eaabe
+PersonalizationString = 756363f68178dac09a5c8d64effbab23873a3bc2dfbac39b6d47ebf929ad9854
+** INSTANTIATE:
+	V = 295e0b18921d33aa64e3deec80044b41ac4e499004c77b7d1ac021dd1c4e2e6a852d6ad6276ce2a9015fa31e22349676143da202b77cc00826ea17ec67c0db1275a2d07c0eae8a87dfbe0fd5347a2b38364029f4388e6e32e853adec3ae479c40775f7ab17080990572bac29477a31
+	C = 247096111ba90f4f5611e26584a9f183c960dae85c571aa5aefc13e3dd04968c53a3d0b9dd699aa6f8330c5da4447e305ff8a3dc21bef02707c064a8ebf4a7340cab1133355897d1eac20ff7b8107fce28f8ef64bf6b390d589dec19e74765037344887239f30f4b2b04c811e60069
+	reseed counter = 1
+EntropyInputReseed = 17ed31bda64b08ece50edf5b91f6a0862e5690181734a0134e05e366640b7e85
+AdditionalInputReseed = 
+** RESEED:
+	V = baa7aebc24313282490e40d8903d2b4c23f30afc598d367fa8b570c3f9a792399cebff96b3f458d3a8d2d8b9b140db40d98dcf5a448eceb76d2519d2bfd5ef0d1c805f50bcdedb38248d2ed7cd66ab07f97e13d1d26910b85f7eec8f1b26dc1f3a230291a73225e3f2cfb7f4de7624
+	C = d296d0957e8606b5e27b74ac729808604c48350352534c3d8b1ac0551c9efc808b557d8f5c7a1b627b8685b587a5121e73d5be1378e8ea035fab8aab962af86dc41fda588dccdefcfaaa78de18fc7a5063af35fdb24ef604da153e64878aaaf6379a95e76357e6d5fdd47e073a0ffe
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8d3e7f51a2b739382b89b58502d533ac703b3fffabe082bd33d0311916468eba28417d26106e743624595e6f38e5ed9aac0e71aab938cef1402943a44738ddf57b90742141da088a32225c2496824f7bca1df83baa8d04fc7ea763552227edecd94c713d64926b137b1ca201212f2b
+	C = d296d0957e8606b5e27b74ac729808604c48350352534c3d8b1ac0551c9efc808b557d8f5c7a1b627b8685b587a5121e73d5be1378e8ea035fab8aab962af86dc41fda588dccdefcfaaa78de18fc7a5063af35fdb24ef604da153e64878aaaf6379a95e76357e6d5fdd47e073a0ffe
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bc5d8d11be22679e33f40374175716e67c8b5fe6819ac53a9b208dc058170431ffc29ebd1a8151caa3e9156d4c7e89e39c124f7194095102e869310674471a7f1dad4e58f4786e96b7aa1ad7a5115923ba01d4e7a60a8f11ee9c47266c0f1ae434168b7b1fb61ec0fc292c6c2d3a8778dc7b881642fb8a3e9fa5ff3720f700ff89001d21e97c61c246dd4f87bd8a64fbcb92014d52f6e64183bdca84ec25ed3524b9abc86df2bc4dff2b76299855de61b7da7edec027893ab4edd0d6ea6348e7610e6d940af4225463886859ea4f5c53fea2c398ac2fe74a9b318b115dd46bbec6884f077835aa95150ef0b3ed34d6d5b144ff1c1e2388483d9b5fca8a2c5bf3
+** GENERATE (SECOND CALL):
+	V = 5fd54fe7213d3fee0e052a31756d3c0cbc837502fe33cefabeeaf16e32e58b3ab396fab56ce88f989fdfe424c08b00b6466e50c66f3fa1366f7ea20d6d4becf16777ff54d6eac0cb8b86b02f2b885cc780750a8cef525f0fe1258df1b4c2534529e68be93ebb30b1614db79780d99e
+	C = d296d0957e8606b5e27b74ac729808604c48350352534c3d8b1ac0551c9efc808b557d8f5c7a1b627b8685b587a5121e73d5be1378e8ea035fab8aab962af86dc41fda588dccdefcfaaa78de18fc7a5063af35fdb24ef604da153e64878aaaf6379a95e76357e6d5fdd47e073a0ffe
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = a521cb5f91c89908e1b2d1bb9c43e0a36dc7bb6b274ed304a4d87b29841f97aa
+Nonce = 70fbb10f0719866fae61f23d1777c3e6
+PersonalizationString = 63761bb75783c01135e1467c3ca0de679a20073a0513e71786c554dc093a4a9a
+** INSTANTIATE:
+	V = 32e777f9ce225de56a0824f5005919469fbe0305e160d366ccf1c59ae05884d906cfccf030ab57d641f4b4cc8c181bf6bc54decad74166226091d4664dcae8f6c0d8fa8749dc7e5b0ebd050bb89d0adc258aff99a217a65715c96a2b740232ad6a41fb5464fc5fa4cd7e7291692555
+	C = f68e94f77d8091f96f6c9a887107e7619bcf799e975577b1bfafdd872230a8d76f14df965759ff70082512fd0d2d79907f0bed225ec81e81d86b9922dbc6deba7b7d38b44dfb873cdbc1eb547c93e4c32c9d849504530166da6f921743de537c48719697534282080eac5e3a5d7624
+	reseed counter = 1
+EntropyInputReseed = f274655d81b86128a4986471f217133cd8a7d23de6f276f301326899f1e2768a
+AdditionalInputReseed = 
+** RESEED:
+	V = 3978d0e1fc8f73a40e86a2ff6e6bc9c2f3a25cea56c402bd51fef9fd8f3aea60df69371dc3413740d6d8b3924cde56abe3cd8811938323ba6111317b136909d4c90779a204e8f613e05ccfe027c11305133be503e427f11f78556a0e033a9c7560def60d436cec532d91eccd425e43
+	C = 0b36e0026c08549c89bbd621646cb3f35531802d378dc3755e68d94c769b1048ad1fd8459fcd9ad28fbfe20571d4b7a4b26d862578a30678d5ec52115a32f9e222bd309dcc848bc42fddedd9424d9617808353351a6c2742e1d0f21aea74d16c665b38176169330601d5c63b64d83c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 44afb0e46897c84098427920d2d87db648d3dd178e51c632b067d34a05d5faa98c890f63630ed21366989597beb30e5c959abce2c824adb3a609fcfd143d908a95d3a55ca8f7c5e41aacb0544d54eeb6971fbb889a0b69f51dd088b9f72a8f5fdec0e0db3deb99f95753fc1f71f1e6
+	C = 0b36e0026c08549c89bbd621646cb3f35531802d378dc3755e68d94c769b1048ad1fd8459fcd9ad28fbfe20571d4b7a4b26d862578a30678d5ec52115a32f9e222bd309dcc848bc42fddedd9424d9617808353351a6c2742e1d0f21aea74d16c665b38176169330601d5c63b64d83c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b7103a13b41f36294323b0650e7fc77b68fa36d92ef5789a9efbb69b52f5e8d71a62c5f6dce7c4afc25c33ae6fa1376472f2fd4ae169cb5b4a9064e8686a96a395979ac8b61b826d38a0f214924fd38669958fffbafbff121877ec7c404ab365f0bb3a79b79a7aa5e8cefe6c73df16457b6d5ec06c30016697478454d4103780ad8850764a52f7670c325dcd160bd95e73b6b5b0f0033a54996de79d0a17e6b61a2a4a852c88b65b0c278c7e9aa4d3ddd3ae25e94515f7220b68ff7841a397e6495ba9ccc1fe94894ea9773c18ae0c22d4bfc947e3c2f3d7a75931ee75332666065b0a175495db838b397c8981e251dd0bcbd961eadc2e1f163b10669e66a027
+** GENERATE (SECOND CALL):
+	V = 4fe690e6d4a01cdd21fe4f42374531a99e055d44c5df89a80ed0ac967c710af239a8e7a902dc6ce5f658779d3087c6bb5edbcf41a0fba3e5f9d4fd95293e86b3829e4bf4911fc9d0febc16cdd75814e0d876f38937b58b264c5e1eb6224d329ecc082d4a95358613c42ef2eac35241
+	C = 0b36e0026c08549c89bbd621646cb3f35531802d378dc3755e68d94c769b1048ad1fd8459fcd9ad28fbfe20571d4b7a4b26d862578a30678d5ec52115a32f9e222bd309dcc848bc42fddedd9424d9617808353351a6c2742e1d0f21aea74d16c665b38176169330601d5c63b64d83c
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = dad6155b155ae5a8e9b5ba985d9883c24efbc7b0b90cbcf831d58ac5eba6c41a
+Nonce = 31f0cd81da9ec64eef75fdcb6d5943cf
+PersonalizationString = c90242d4b03a8bb5d7624dd8bab3bbfc28860d68cd33a38ab7afdd616289a6aa
+** INSTANTIATE:
+	V = 3559a1bb5f78921df6db59aa477b60938005f20f562a3c0f09fade65e899fbbecf511c23e23f3b84b784fafe6e0eba163c2df07500fc46bb912315ad19fc3639fefe79a6cd66358ca075eb465ab9245b45ce0782327dcf72afc837594abca5e9d641cb914631dd70b2b05c414ce527
+	C = bc249a79eeafc44b0433b2dc1ec1bf9b9ddef987fffc6d2e860cc9cca6e9940542ed58af5d8a709d8f03da3957da67d7e599b1983580c9ae84965061477290acbb306463ed750520c1be5d8fb59ba079d16bd2783a67bfb2b88abfb5d8e9e1216f34728e00326a2e09ef5f07780184
+	reseed counter = 1
+EntropyInputReseed = 2d4d48c4cf14595cc5d00384a8133565a48ac0895fd9fcb1652fe5e165d4e394
+AdditionalInputReseed = 
+** RESEED:
+	V = 36abc1584f9135aa2fc848a7c354b94c9d65c15e59777425f3f6e37e11eabc53f8f39153cb29285926cf481c2c8193edf444ab9cc6af9737df577c9ea367f2b7a603492d30c5a8c2f7891adcee3e401258b9ac4eebb44a079f53fd423e4541570bdb9a436409c27aa2a54fd6dd0906
+	C = d51a27b010f7e882a37bf422173d269410be4eb69af8f7ffe27200df1d77e96ca1b33cd93f8d5d38e2048c654106616c9088af0f38093a3dde8089a942abf311906d99a1cd09807a417cf888e8fd0f7fd270302b9616cd976b10154d7a02da54b51eca1524e3b01609000ec138e313
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0bc5e90860891e2cd3443cc9da91dfe0ae241014f4706c25d668e45d2f62a5c09aa6ce2d0ab6859208d3d4816d87f5fb3244c71d8a1cc3bebc34b9f1003469decc6eb3d7ee9719fcbea507026ee83f60eac45dd90b29664e7ab7f64a9da8e1d9ddb5dba0d1fc88721c1c8f6d260498
+	C = d51a27b010f7e882a37bf422173d269410be4eb69af8f7ffe27200df1d77e96ca1b33cd93f8d5d38e2048c654106616c9088af0f38093a3dde8089a942abf311906d99a1cd09807a417cf888e8fd0f7fd270302b9616cd976b10154d7a02da54b51eca1524e3b01609000ec138e313
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5ce033555b34155070611e6c451725e844352765f0a8f096a37ca3e97422f6f5dbd04dca00f16e4337af2c290a678027fc780948bd7961e0cbcb2bca679f38feb09dc44ddea2c96e3f9b8bae398db11a7d5a094cdec0cff1314e08a6b1942294d0ae1060cd9ff027aa9f371435ea1f4e58fcdd44b204eaaee0052cb905533d3b3b308bab0ad75e14e19fc9970845aea0a256d0ba23092262be7b006d19c3fd8e61ac2f2a5ae8226bce937f2393a53bb4b1b2d1b248202c5311b43fdebf4a1b351c90756f1b125a927422338fce50d7a6e2f18602425374a5661caf7ea3976f2dda758ec7aef4a85648a71bef2f9039600cec5a47e543128b890441c3213b80e0
+** GENERATE (SECOND CALL):
+	V = e0e010b8718106af76c030ebf1cf0674bee25ecb8f696425b8dae53c4cda8f2d3c5a0b064a43e2caead860e6ae8e57ed0be13198f152816b1223520c8b333992d590f6ce39b5ff220a4584b71fb875e91c6a15d4e339358460013ce12273e1a7e1d089015224923db9f184460aec96
+	C = d51a27b010f7e882a37bf422173d269410be4eb69af8f7ffe27200df1d77e96ca1b33cd93f8d5d38e2048c654106616c9088af0f38093a3dde8089a942abf311906d99a1cd09807a417cf888e8fd0f7fd270302b9616cd976b10154d7a02da54b51eca1524e3b01609000ec138e313
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = f89ae0bc93ea6db864be52127ed7768e9a8e804714699ece3d13cd4670e1dfb2
+Nonce = 37ad998afb41a0b0e9c98cd4193ffd1d
+PersonalizationString = 52115a38065de57d34870c12f02f4a2e8906c8b0e0c366ef294c766fb1cb0035
+** INSTANTIATE:
+	V = 12ad1a23063428ae8b8dce32969a048aca3d791dd217ed9d98c9a2d6acd0832f9bda4c0a2fc6bb29e4833bd6c94475c89958e1f225f5fff6b8e4e4ebfb65edcd437c944104f35013ae7473c55a3d3b43d839da171da741d9c4b7c9b3f5724f8ace01fc26ac386882e6182c82329601
+	C = d241b9a0ce71a896efcd4fb254b0fa453e93aa84ce0c0662f87c56fc3c504cc4d3bda863abb48a4da250fbf48a169d619326149c32035457d3996fb6ba5671843de827d74be0d1bf0c26a3793c5415a0dd964c4aad9657d4d5a19625030fd73538b420631a876c7732fbca285951e4
+	reseed counter = 1
+EntropyInputReseed = b67f044f3e238152f9ee5f5c8832af7307d6b061d8de29ae1cfa28a6afe43951
+AdditionalInputReseed = 
+** RESEED:
+	V = 06f1aa3c9ab3abf708eedf52dcc7f9423c9bfca311af1ffd09cf589b4de670d64d9b70c3d8ef33002b5c2431a6f8f5de210b1f2bebf19e89e88d177dc197f12f5f8f521baecad6c4e9fef22da3469431f8e2f16978fe03b235d7526dd9e05ba79cf72d1428e2a7f3761ce0453d2426
+	C = b778d5bb8de3287f79e47660ef677511e1ba4b90a9316563c59dae33645ec59cd63b9f2cf01d67b88623e755484f0516e502f504eb1b411954e668beb892dba95ff079412fe8dece3a96d5619ebb8e8247173f535344a5bb5603cd991e6cb0b0dd6f01dbf3018f981da8104e3a05fd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = be6a7ff82896d47682d355b3cc2f6e541e564833bae08560cf6d06ceb245367323d70ff0c90c9ab8b1800b86ef47fbb79cca6b98662f036a8cbdb31bf647cea187ef6e6a15f4c114d0b67e537f37eb8a6fa99300aaed4cdd56da0c2ebfe718ce776251bdb9f72cb3004f9d05b0f252
+	C = b778d5bb8de3287f79e47660ef677511e1ba4b90a9316563c59dae33645ec59cd63b9f2cf01d67b88623e755484f0516e502f504eb1b411954e668beb892dba95ff079412fe8dece3a96d5619ebb8e8247173f535344a5bb5603cd991e6cb0b0dd6f01dbf3018f981da8104e3a05fd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2df5be56e78df5fad447f5bc0e9f02cf2ed705f8ab145abdce24253e9dec98e6a8cee77d59f9699ca85890a91de221e962df85d2cbddef958c485abc2b5a44af49ad0772b0f2183a56d94d6f17720624a4fe553c7d8d410e902c9a9bb42bcd9ec0c10198131a21ea92ac4a7f53a5c15a2b348e9c80a817731244a6b0909461629b3f243257fc15a827e357f6a48e1f5ac0ed525df830e896c492e605b9ee5fd49f39b2a4219214b8b93ce7b2fb6bbe2832d6ab22df90d6d33e6cf51bac751e199d27abc76ca34aa1758e04784a9a7be356c464c155d5c54ebd3296396231ad3f81f8db026dadf7f40b2ddccef6756d0cce061abbb76d6bed900cb965e2f28b64
+** GENERATE (SECOND CALL):
+	V = 75e355b3b679fcf5fcb7cc14bb96e366001093c46411eac4950ab50216a3fc0ffa12af1db92a027137a3f2dc379701c9b963d6c88c2b5b9ece23d446f4f2aba475c625b232700a37fb018b30b9862e4387fdd2430198f8e9c2d1c339e2929ae93f6cefb5c776e2e008a53fcf956e71
+	C = b778d5bb8de3287f79e47660ef677511e1ba4b90a9316563c59dae33645ec59cd63b9f2cf01d67b88623e755484f0516e502f504eb1b411954e668beb892dba95ff079412fe8dece3a96d5619ebb8e8247173f535344a5bb5603cd991e6cb0b0dd6f01dbf3018f981da8104e3a05fd
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = b030a50026b0118c419edd4380d3ddf0d80bc446134adccbb1534558ec32501e
+Nonce = 937247304ef13ab4fba9844d7f9bd276
+PersonalizationString = 372aaeae281a11f691832058ee884bff1e3e79b3ef218045a2f5d02c6fa8a8c6
+** INSTANTIATE:
+	V = 7931e94b0f4d9debd2ce6b04470ce03abeee8458069fd43a043955041a83fa90f8eabf2f7d1f8e1663a7cf63ba8463ae4844b4c39873effbd311adee7eb49cf3e93503d8c1d0da7b93c7e3d49df92d694307cd2a0e5780b6b50ed20956ff3e24070cdf195f421d618619a7adf297f1
+	C = b457237470b2c53f6e32e4729228a54a62ac8caa6e765b4059f9d44d1f8ea1f25835a7b0dc1e475db16a475d07e767c94b456b987331547e09c8aea531188c1a07783ee8c64be1288fec7e258ed1ecc6a0b970afdabdfabaa5a1e0379112b958d0750cc1925a02b93fe99c5d0e14db
+	reseed counter = 1
+EntropyInputReseed = 49c7d993a6cb9032fef9904f8b614598c58db81e1a2bfa48e49826e9f6b5e042
+AdditionalInputReseed = 
+** RESEED:
+	V = 78d8d4b0dd669215045f39ded55f8c508088c12c1788533cc21e5aaf5276b5d702dee58f1e3485669051c4c48c9941f91c351e0e58a547f1640fdf495589cc1fe554ea7cd01cf11652d0b61cb76f2b58e3625b9c0e05a6cb9c6b3594fe39467faa5fe6644160af53636291ad0f3c46
+	C = d6be6444cbf60e40b117cf4717ffdff46ba4189bd626e14d0fab969fab9b6a9e3c6f04f37ddbbd5f9950f94d94f016e8cbe9f9d2e554f26ae54d53ba740484735c88068c9703104b497fe6842d7229af98e3eed6d7ae9a2674a8f2278e648c8dab1fb583bd11338186f52ed4155d0b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4f9738f5a95ca055b5770925ed5f6c44ec2cd9c7edaf3489d1c9f14efe1220753f4dea829c1042c629a2be12218959b293f682df944247d05060307886f6931ea4065df58da73497749228a10405d643a25b2b9f8048897371b1dc8c41783594bdbeb91a308496d8b905f0af142664
+	C = d6be6444cbf60e40b117cf4717ffdff46ba4189bd626e14d0fab969fab9b6a9e3c6f04f37ddbbd5f9950f94d94f016e8cbe9f9d2e554f26ae54d53ba740484735c88068c9703104b497fe6842d7229af98e3eed6d7ae9a2674a8f2278e648c8dab1fb583bd11338186f52ed4155d0b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1154bb54f38c53b73224c3e50ab22b2865503fad39f0479b04c297ddf205bd151c6e36d85ed5323ef11dc4a32f01d733e09338979b5463298448ceb369226f9706e27ec0ed17838a7addf86b160e75b46cb94938863784d4a7509476eaaa287902d5cbb9b389bbbafb5b53245c78315cbb98884e932adebb574f47fdba72cb6f47390db4498b7a1b994fb9d74070c11c06f95ffd501499295ea625241d262acbaafb1da5346122448e5a6e5aa322bdc8c55184f8111f6c87b30d8acc52efcffb48f7bce3df92c2ea51d139c35545a86d8e5077772c96c167d0f2cb1ec1d5c7a1a9a45237e9caf8fc067ad45313c5d3e7174375a7a27ebb42cf1b14ee26cb2109
+** GENERATE (SECOND CALL):
+	V = 26559d3a7552ae96668ed86d055f4c3957d0f263c3d615d6e17587eea9ad8b137bbcef7619ec0025c2f3b75fb67971577125ff95b4e634ddb5596f5e317d835d5d8a691da29d627b3f2e312dd8f6464aa7f4d566618e151f814c1944734b0743f24f2936670ce8feb627e32b6a0aba
+	C = d6be6444cbf60e40b117cf4717ffdff46ba4189bd626e14d0fab969fab9b6a9e3c6f04f37ddbbd5f9950f94d94f016e8cbe9f9d2e554f26ae54d53ba740484735c88068c9703104b497fe6842d7229af98e3eed6d7ae9a2674a8f2278e648c8dab1fb583bd11338186f52ed4155d0b
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 5a7775051b440d9ec535574f830564ee279dd73d2e74502a0d6132c09dbb26e4
+Nonce = a30d2bf2a369c45f044744c0e1c05213
+PersonalizationString = 184cc86dc549bbad740a608f99dd59a0850539cfff0a8de83bd1a29600d41321
+** INSTANTIATE:
+	V = 60809b3569fd8ce1ca63641c746c8fea183d893c94863474c7cfb8a3b64f83a460c41341d0f17ab90fc374db8620e40ac549cbb4a8fc880c4ba25816d9a704a1cb2669703336c15205951dbdeed845acc3ec4a5970642d874867e5893f02478c292170efc5f223cc53f6e7393684db
+	C = 80635b5c067207e475dd01004d45bc318cb26cd57899c8bef04ae272a8193e3fccb91c6e6be7431fb3b289a9d81ed128df4dce4eb5dcc84775f44014ea542cf3434d80f8a61691d66a3b068e1dbe17cea77a91fbf6221e6f47de27d79068d45053b4a5487ca5d21fdb16aef6305032
+	reseed counter = 1
+EntropyInputReseed = 331e4d09536ad86afe84b0a0834b549d2b3f0b26d6b498c07e399174b7f4cfd0
+AdditionalInputReseed = 
+** RESEED:
+	V = aa4636ae714080b33292923e502b670f43acb15285e198d83d126782098a3cb51af3aca5fec8d7163c06fc437f6b18ebab26eeef93afd9976e08f0a1fdb65bc2b5d9a807c97a5fe397312baa7e52bbfd7c0aa06c58d1425c6a4518c74c6107a1465a30984aff548eb8e0573ea352dc
+	C = b329a1197275731a6f941dd9287b109b1debf128f634247a5ced41055f25114ff8171e150844bbe807c0c33bc34471a488b2f90f04656e52ef44b75eba648696f3ae14d7d34b39cf9fb0e402e3f9a42e7f64a825489ef65aa68a761fe3865d145ecca69b2deca44e783142978893e8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5d6fd7c7e3b5f3cda226b01778a677aa6198a27b7c15bd5299ffa88768af4e05130acabb070d92fe43c7bf7f42af8a94a5d7c2bc430eea7d2678a387cd0559e013584c9b00b4d1b69ca13d92ebf39d1ecab0fc4ebbe8fcab4ae4bd666c31ddc6a3266d7ebc43b3b37972c3674a05ee
+	C = b329a1197275731a6f941dd9287b109b1debf128f634247a5ced41055f25114ff8171e150844bbe807c0c33bc34471a488b2f90f04656e52ef44b75eba648696f3ae14d7d34b39cf9fb0e402e3f9a42e7f64a825489ef65aa68a761fe3865d145ecca69b2deca44e783142978893e8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 618e62c489bafadc6e60b76795702d4ea77537de67e6ae460f02a710e6bd2e0273acabcf35b8cfa04e9e00b0edd59156129a823a7fe1511b9c66e6b4d07f62230e07abe28adb637b9df0b7789a2d33dbcce01a1b6f4c4bc455d499a0f3a171f62f6691f062c21389aff04448c4bf012c2b1bf57c788e641e853da94324b7fc4a19eca858b6ad4aeb0a71d4c71c3d7092084ec663531b588f6e259f7cfe151485f789a63f33f9b922810878c4d5d8897bfd29447b8a91c5f9586b22bb41a769902a5f3aba27dc25dc1d3a5b1bd9c34b1f95efe79fc4ef368f90eab30437311a3a99ea66a451cb67bdcaaaa1ff3f36f207164a96a0f91605c609215e830e0c7c43
+** GENERATE (SECOND CALL):
+	V = 109978e1562b66e811bacdf0a12188457f8493a47249e1ccf6ece98cc7d45f550b21e8d00f524ee64b8882bb05f3fc93d413054bed2b7c89c713d952646df6c356b45a8c3331a55f2c9b1a3519438f332fd723979988dd4411da64eccea443e157d3406a874d93a71f43b3e10081bb
+	C = b329a1197275731a6f941dd9287b109b1debf128f634247a5ced41055f25114ff8171e150844bbe807c0c33bc34471a488b2f90f04656e52ef44b75eba648696f3ae14d7d34b39cf9fb0e402e3f9a42e7f64a825489ef65aa68a761fe3865d145ecca69b2deca44e783142978893e8
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = e3ef9f669ed46eadc2dfd391e58e2175b676c90f6c00f5fa8e9a1865413dcf70
+Nonce = 15cc925e9127b1e88d9881a8c38e0e9d
+PersonalizationString = 83facf0fbedb21a097dbca43c3752962086ef0270e0d5c55151bfbc6ad5bcfae
+** INSTANTIATE:
+	V = 855349bf305f3ddacb72968eb03f8ea27668f1b1f95f8e39f69b4d7fc694bd59295e690eacda28c7fef6a6c10d2cb16bfb22e6d39d42e68639dc02810e9e8d172b26cf77944bdbffde7778685ef71c54c9df84738f80d6d215434056d2b34ce1bcc491dc26852884f475abf658f992
+	C = 2ad09bcbc36ba9e8d374536f47e25f4e87324e9771ff06244411496fc0c6d8bb64d0407ab558b3986c44c655c55105e1d03f338e6a4bc0ae2dc7b98c2e61ca570e86d1d210062ec7a70f04627aa8ff2fe7787cabaa4b6b46ab4561a33fe9c0bc4f52ad6d9557038656a985393b9e50
+	reseed counter = 1
+EntropyInputReseed = fc8e745b8a0521c182b48ac84322ccc801e34707240be6ddf060264725e9e5c2
+AdditionalInputReseed = 
+** RESEED:
+	V = c4d5fc055d34e79cc65583221de6a8214a421605b8ca2327ae063781a8c35786ae8cfbd60499283bd406c3695946e35949a85c1b30bf4e14e9bb69213a74a35b89c222ebcc5975074470097ad000eefa30e4194d0eecb4a28f90da185a7ec869f94b47caea4009bb3ab48b014bdfe5
+	C = 939d1a5334ae4adcd2d8604a7820d03fa3142e7a800dde32d19a63dd77673af07d8248d3603440d0eb43f7694014dc630221d2cdc6fcb929151a819c6c88b408afab14d1b7a3c2f60faead9c6eff1600d7937a5f8eb56ca3ab6a3757a6f04b822ecd831efea3e3d01fe23e9c935d5c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5873165891e33279992de36c96077860ed56448038d8015a7fa09b5f202a92772c0f44a964cd690cbf4abad2995bc02706818e4858558954804acc61aebef6eb7d534f2e5a29230a9cefcb75fb07e67bb63bb59ed4651de96b7aa3ef0fed572053eb91031ed5095bbc4bd6a1959538
+	C = 939d1a5334ae4adcd2d8604a7820d03fa3142e7a800dde32d19a63dd77673af07d8248d3603440d0eb43f7694014dc630221d2cdc6fcb929151a819c6c88b408afab14d1b7a3c2f60faead9c6eff1600d7937a5f8eb56ca3ab6a3757a6f04b822ecd831efea3e3d01fe23e9c935d5c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 98e3cbf5548309f1c8b617de98bf4c314b01cdde3a269ecd5f9b582165d184869e500fd080ba8501830e31b8632c4517a8937192440fb259bd0cdabc33743d401732031df36d564bd0d75d0cc582e31739ced7cab8746350f2c1087c61329b4a18c3651a538a9196bb0b90c6ae3728e67d824a4e8dc56014d4c19142258a194d9fd87c5ee50520cb6338cd188274b65e18d2a77687672d33483f50e9a543d3696836a056335ad9961a7dc91aa0e07fe76c71d754d6b6d815cc009e616d4bed2b2be5b9b008b97ecc8cf4d85f20200ab63bf32fb2116db579a2c0718990d0f270fba6870ea1d705c05875cd3a4c1458392070b3ff2d2c71254720b48548d2d03a
+** GENERATE (SECOND CALL):
+	V = ec1030abc6917d566c0643b70e2848a0906a72fab8e5df8d513aff3c9791cd67a9918d7cc501a9ddaa8eb23bd9709cc384ef84fd04bf91e94c2b543a84c2c3ff20b8ef166bf3999f9e6783323a57e6b93ec74a5ed0b2299462ad0aee0f71d5b4e941505e5844f17814236b0a040ed4
+	C = 939d1a5334ae4adcd2d8604a7820d03fa3142e7a800dde32d19a63dd77673af07d8248d3603440d0eb43f7694014dc630221d2cdc6fcb929151a819c6c88b408afab14d1b7a3c2f60faead9c6eff1600d7937a5f8eb56ca3ab6a3757a6f04b822ecd831efea3e3d01fe23e9c935d5c
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 78c972df6a57a8c226fdb71fb305ac30597c539875cf38995884891c3a2a89e5
+Nonce = 176ee854514568da95422dc8a89ce9c7
+PersonalizationString = 63aa05187ef936709afe882d98f30fee4842274277375888e3a5f3ec0e97544b
+** INSTANTIATE:
+	V = 8f200d99d31f870fa6bf1a9ae06e7a9f0c8e0b515be15b7675365f0a1065d7221c8523ead587c46ab61d82e9890b56634a07de7a8e9c9ffbca117d551be32697eb14e68cb4fe3be8a11f0238a10c9e4964a6358a087c7eb9e0166da3f7aae80ba5e79c2de74ad873d74ff81abdf9d2
+	C = 39c9584c58ec4de70c8f140a9ca038c2d051a345ddf1765b41c4f21a17eba6273855864fe005ff0f82883354f92829a917f0433915766361451b8d834d31c235807b43f70aec4f7526a2168120d9cf413f440e8f2599be65fc61825faa88c7435b7de1a2db92e720d7bd0bb3462c0f
+	reseed counter = 1
+EntropyInputReseed = 7e1c670157994a077ea091f7086cb29ede91b46abba728b6e2c1e0d02cac5cfd
+AdditionalInputReseed = 
+** RESEED:
+	V = c7aa7c87a80c582ec941bd78467df3df3f362c4cf940f81714e60eb69100c074b18343ca1f1ef07ea73454190420a543577fb3c3e2865d9d00dc6e04a58c7186f3ccd8ab419fe7a01d041a70ed7164556de3060ae53fee2c11a450b98b892c2786090ba62ba891675ac045739d1547
+	C = 70cfd7e97cdb7b368d3d5bc4f1c75e3b51e43bc45f7160dd5925f14733468d34af54b3bef90daa8a07be37d21e1984cf531f8322f59fa9a829006b0163c9bcc856a781de2ace8b5d8b6b3749ee42b6866f6bc965c324e1ef53320713310553106800250e7c85cc70b5ee6a75558711
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 387a547124e7d365567f193d3845521a911a681158b258f46e0bfffdc4474da960d7f789182c9b08aef28beb223a2a73dd20b7e54886ee16bdd1de564ae3c9a2ca9b7f2e5dacdc6539d1192cb97ab47dfa36270c4f07aac65348a98c87689e589f3e20701f5ab62f087d20bbeb4042
+	C = 70cfd7e97cdb7b368d3d5bc4f1c75e3b51e43bc45f7160dd5925f14733468d34af54b3bef90daa8a07be37d21e1984cf531f8322f59fa9a829006b0163c9bcc856a781de2ace8b5d8b6b3749ee42b6866f6bc965c324e1ef53320713310553106800250e7c85cc70b5ee6a75558711
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f3c8ec17d780024fdf3505804871b137d95ae3155b4bb867b787cffbdaec57272af1382eaf8b602b5eab3ec0d850ed5dde799371d578d93a657cc4357d494e2a8871cca96adb0f5dc72894187d9c0ae9766ddea13536408e29c14da25373b59f943e6641dae5978cce18a5f5c84ae43a235bc569556a9312b665d6b4dd81ff1dcb890aa312a9572be34b8ce88293af199c461f7ccdd6afa6ad0bb31a2c69666cc3d45dbf86c9d66900e2a220a17c7032db5f5f9313e35e9636c14c7f6af016f29baadcf6b24772b1d9fc7be73bf7ff3546fb0d3064d88317947d30058785a583e2a8ca9c840f439ecf9d93c82f60eee04d6573eb6abeb8927e452821c6c537d1
+** GENERATE (SECOND CALL):
+	V = a94a2c5aa1c34e9be3bc75022a0cb055e2fea3d5b823b9d1c731f144f78ddade102cab48113a4592b6b0c3bd4053b040e992deea005a8dfcccc50e62c388c6c9bac504b770928cd21b42f07fa4170d6333afa87d822c602062ac437e63c11f5573775313db8d650338affc46a24a19
+	C = 70cfd7e97cdb7b368d3d5bc4f1c75e3b51e43bc45f7160dd5925f14733468d34af54b3bef90daa8a07be37d21e1984cf531f8322f59fa9a829006b0163c9bcc856a781de2ace8b5d8b6b3749ee42b6866f6bc965c324e1ef53320713310553106800250e7c85cc70b5ee6a75558711
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 93ce3de3e0dc853e8ea3e2d6c2576229f9dbf2a278e547f9e06eede3866bd892
+Nonce = bcaa0a57177407978a446cdeade3e815
+PersonalizationString = b4962ff5227018f4c48b91f9d5f88ccf68bcd596944b309fec776fca64708cf3
+** INSTANTIATE:
+	V = d20cb44d051d0002f1e2b5bff4582491f96d45910cf2a24c8c367ea42ccbfe29255e770042f9cc15309a2046c40aa36cf7cc9acb6da6c4a005cff33a494d2faba525a2f302ff437d378a13b37f15fda9b39fec63945dbc4e188a1f5a54304187e69c0d77b8284d4409322e94dcdbbe
+	C = 8cb61ebcd40e65d87c20543e5dcba84ae9b17335addd653d7d2c76916724a9b7d6c97f3b99d0bebb9a42e293d48a33634ed984d4b2694e8603795d1a08b7e218d2b6e6f0c313681d4e49fbca4a9de7564de9ae5cea50ceacd9eb81c485765f0aab6e559bc6df0b378fcce5ad771e40
+	reseed counter = 1
+EntropyInputReseed = f0e5299e62b217cb65d760a18b2600e90c7e676ed3df459e0664fbd677c568b0
+AdditionalInputReseed = 
+** RESEED:
+	V = 060bae1e8734de1f52fd59e902a25c92aa3e93a594ec716f0bd2f27817eebc2ca1777b096dd6ef76a05b76b62ad74077af7d4ae0550abd8a1ff857717173e4f3a5057eb464235c286eb114f475646a5c651be37959a931330af738c8a4c2857f754905e800c8de926d616981a50dd6
+	C = 4312f904a62fe595eda825ec57bc9bf6d3dddd19d023bd2337184995e68f03c5a065406f446dc0b3018b3ba2c6033c9314cb89a2117d08a9fde500f601776ebe8cc0a33320c214495cc117a37c82a1e0b7e17ff70364971180bba0a2f385da4aa0e9f86b3ef424da61a616c55426eb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 491ea7232d64c3b540a57fd55a5ef8897e1c70bf65102e9242eb3c0dfe7dbff241dcbb78b244b029a1e6b258f0da7dd6f877b7525b334d72ba06a86671eb96459df65d0e6bf8189e8f33f3dc2a5cb34c0a86b0edc68c746c9008c11700cdb017799641afbbcc5c91814e4a6ff2a8eb
+	C = 4312f904a62fe595eda825ec57bc9bf6d3dddd19d023bd2337184995e68f03c5a065406f446dc0b3018b3ba2c6033c9314cb89a2117d08a9fde500f601776ebe8cc0a33320c214495cc117a37c82a1e0b7e17ff70364971180bba0a2f385da4aa0e9f86b3ef424da61a616c55426eb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b68dba6303cbabb9773e499093323f8c1dac2a669415d472c18b85c4a800128bfa5d30c890a3d78ef0cc1b90d01a177808525c3d1489f0bace0275c65d9a2b4adc30060ed3f6627222bbb95b1d1d5e26f3981511af874d1ca797912558c1fe25a2556ffddf4f779da9d28a471200996c7e062d87291ece039eab37b744bfa7220b38352c57f43a1625dc9bc2405b9cf36b36d95ecda9138871013590702bab9230e4e53d5d71312bc65c5ddde632b582a5aa34363c799aed8a5b74843c661adc77b42c26290c7158233175be4a4b4bd414e1965c027c363dfe87b547887e8bd7c3cbdc08e039808c62bddccfb26d36e042d997857395ad2f350490f59d4b56b0
+** GENERATE (SECOND CALL):
+	V = 8c31a027d394a94b2e4da5c1b21b948051fa4dd93533ebb57a0385a3e50cc3b7e241fbe7f6b270dca371edfbb6ddbab563d1b884f711f75c9c54da7c5126f11650cd830b28bbd2ee27e2ce305fcc82474b023bb7513be67e66e100d5ffe77b6ec49874c4f49c45e572f2c8fa16c882
+	C = 4312f904a62fe595eda825ec57bc9bf6d3dddd19d023bd2337184995e68f03c5a065406f446dc0b3018b3ba2c6033c9314cb89a2117d08a9fde500f601776ebe8cc0a33320c214495cc117a37c82a1e0b7e17ff70364971180bba0a2f385da4aa0e9f86b3ef424da61a616c55426eb
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = b75982ed790447a297bab82d1e579049a671a8b01bed7f01f7fa2470069751cc
+Nonce = 68daa92af87c871269d48f4b558e4c18
+PersonalizationString = ec11cc872d7b6ce95b096816e4e0d50db1cf8d5b3df9568ca31ac5cedcdb7d5a
+** INSTANTIATE:
+	V = 37e3d3e4f314a8c1f5ae50a9aa093d76f39e600e6154b5c48d7bd95767b90279af9d9401a03313636e579b14ca54bcca41d594cceee3f7da5f102decfc382f4a6f59d777ef0a448a6212deaf7a82a18fd37c61ca48d7dffca01cdec14cd3c3167814c99b297730f94324f504abc011
+	C = 4bf35bc50bff641ab281282c54e56b02e8530fe3c9246d4a18de225bfcf2e6a62cfec2ba5d6d94a05f28764ec336da09f909169c102fed4811dd8657dbc66857e390684521cb7a3ef2442760c878fac5d57dd212280e76874ae00a1ce0e02de26f6f32db4d6f247e81055f89050ceb
+	reseed counter = 1
+EntropyInputReseed = ffa9affa41f3c7ec36ec530a392c4170cf23b9845a04a1fae18ff86d44515462
+AdditionalInputReseed = 
+** RESEED:
+	V = f15cdb21252673739e28b9e911f6b4ffd6fccc3f4c2b4b81863904198c18d733c2e74e1ef26ba0a8e612e73e7338c838ed3844db2baa7da56a35fac533f399a3144002c6ad82f43802c835090267d79a45911ae236185564937114068e19799b635f34ad6c3290815e525bcd9770a8
+	C = 2b881535342d6ba4e298fed0b2816eb32ede771955f6a01b0ac22d9876741187aa8301f34c0518c1c74032380737b72a9de4cc4bd9dc5928f426596c8adef61b7ed16c1393577ee6fbfd07e751d623de9af0d46bede3f3fec46c48d9ac72a91dfa5418ab1dea83e5590a27807515a6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1ce4f0565953df1880c1b8b9c47823b305db4358a221eb9c90fb31b2028ce8bb6d6a50123e70b96aad5319767a70801b7c1cde11e3ec44283d0f3223478f3587771d7c09f723c29d73a0dcee40b932518a07dec6dabaa31ed0ab3e480c5785338867c271be5b965b97793a6cb30257
+	C = 2b881535342d6ba4e298fed0b2816eb32ede771955f6a01b0ac22d9876741187aa8301f34c0518c1c74032380737b72a9de4cc4bd9dc5928f426596c8adef61b7ed16c1393577ee6fbfd07e751d623de9af0d46bede3f3fec46c48d9ac72a91dfa5418ab1dea83e5590a27807515a6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 99161f1dd7afcc9285af35128e9dbfa60e1ccf46416ab7bec59f40ee6de65ffce79b2d426138cad6b24e0940b0fc85d507a2cbd403177eb356238dbfd20a078b3b987a343a0653d7c1cd8c675596647aaa4797d4c6747d4d945d30e04984132ded477f1e4b66461d4617c8eec57458ebbe7d0ed3340a744f766ef19b3690d0d622f381efe099f987dff68fe8647624746e8e6f02dc36fc492eb86e29f8914ebe923e4444d171fccab0f35c1105c3b6a696c354b650af8638c0e0182eec00b5a271fd8020503b73013df23e59e0f7f4a989c17a62abeff0d28d7c4425349992a76368de4ebf2d4c9d476923a28694755cf9ac8b65b6ba922a33b3115529f7795d
+** GENERATE (SECOND CALL):
+	V = 486d058b8d814abd635ab78a76f9926634b9ba71f8188bb79bbd5f4a7900fa4317ed52058a75d22c74934bae81a8375fd853d3d35b1ee0479d684b98fc03e5454b2f72eb2664b951a61a99226b45f6e74efa281eeaa451fdaca3b3594d9366bd0c1fafd6a01af36a2fab99432d71c9
+	C = 2b881535342d6ba4e298fed0b2816eb32ede771955f6a01b0ac22d9876741187aa8301f34c0518c1c74032380737b72a9de4cc4bd9dc5928f426596c8adef61b7ed16c1393577ee6fbfd07e751d623de9af0d46bede3f3fec46c48d9ac72a91dfa5418ab1dea83e5590a27807515a6
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 7b552ef6693837cc86b4ace87172fac9e5b3e42100384e4476e8c9648e85aff5
+Nonce = c13ba80536317b45f402eca083b67813
+PersonalizationString = 2b02ebcd2d4ecf80e5efc4b3662c88bc981330e5cd4ec2930d0542f73d772a01
+** INSTANTIATE:
+	V = 79c6a712a4cefa29e5ea4d8fb23ef3f31d7333fa9d0552ad91ac0c6011de80a7700856a4bff5d8dde05d8f1ac29d809583a47440ef064c1f244cd1c470a3788388279e35d6114de8689ce30fe38ddae75b898c8cfc81443de8965aa33ebecd17d1fb26d5cb4d13b1eca0967cdd5f83
+	C = 318d75dc781f526a31766a20824fdd8202b03f64e61897ac28473492b05a7f7e2be043d852dc75728be4f3a7813c828e697ae1922e65e8294e0732908a0ecb0d0f48be53055c6ace8f0c16e697af93e615bd24bdefbb1d33d95342f071af8395fde4e72fc34fd5810f275cd8daf16d
+	reseed counter = 1
+EntropyInputReseed = 30fe542b2483079740b19bf5be8ae80bc9e13d253c9e5bb41f60a97310cbff73
+AdditionalInputReseed = 
+** RESEED:
+	V = 462e400ce531bba1a6a1c1ceeafb3c27c1f790a48227afe922e33be8e418693543ed48aca0bffdc84d51e8e70ef76a45882ac78e34e30f5e44671293123581a86999e50341c87530755a3f92b08af3ad42377285f19bd178b1c91bf5320307cc48a4edf8cc873e2b8d13ddf6e8a124
+	C = a1abced848a3e69219f5a421bc8188ce1086a62e454cad1fa2a349840ff0a22e712735506c50101920a8bbfbda34001bcb8a05e18e1cbd6e7fc5853a09bac25c140a35ae7e495fa33517bd7c5e8a6a6e637d4430dfcefb296272cc3907def142424f807e891464830c05addd39232c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e7da0ee52dd5a233c09765f0a77cc4f5d27e36d2c7745d08c586856cf4090b63b5147dfd0d100de16dfaa4e2e92b6b0520d70d3eb9625db6cfc984d971b5a1452dda102affc9b83e990523aa6a690e2fbb3210afc867a57755be0110534c47d58636b010cafea7d0d64af0596cb967
+	C = a1abced848a3e69219f5a421bc8188ce1086a62e454cad1fa2a349840ff0a22e712735506c50101920a8bbfbda34001bcb8a05e18e1cbd6e7fc5853a09bac25c140a35ae7e495fa33517bd7c5e8a6a6e637d4430dfcefb296272cc3907def142424f807e891464830c05addd39232c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = dc706f353e9bfa2b81fed3f0ce74e22e73abb87281c4b636776b0a62332ea87e08b1aaa2e99ed6cf8cd6965ad7bb9a076a464c8121b0339e6bfb83aae5e6dd0f6f02a23a26bb196101c153a2df58324a1d711254b78c78fd613521ad19c68e5571488d88e20a63716a8f004bf4f4014656cfb6fe56d3b9faf57db4102fb6aab7247748d369d3cf5f766b02dd06dd49f6557efad3fc2d77a847ef13a637f3d27ae469b84c72932dbe33165e4488518d1b8ff4f8dc7e01cc31a0c67d466002bc4723482cdc3f869f9a15e44272f2b237495363941b7c301cc8a0a131c5460ba2cbadbeb587ef18671bf17f2825bc6a2899f4e7903b9d79788e6c70bf289b0c22fb
+** GENERATE (SECOND CALL):
+	V = 8985ddbd767988c5da8d0a1263fe4dc3e304dd010cc10a286829cef103f9ad92263bb34d79601dfa8ea360dec35f6c10711990ad69fae60244c4e7c2d6c3da5364c335bc2a178cc1d6de1017877632f2a0b271c0f19d55feff2163fd42405ea7242bd2c95e39e9eedeb4680d7b6380
+	C = a1abced848a3e69219f5a421bc8188ce1086a62e454cad1fa2a349840ff0a22e712735506c50101920a8bbfbda34001bcb8a05e18e1cbd6e7fc5853a09bac25c140a35ae7e495fa33517bd7c5e8a6a6e637d4430dfcefb296272cc3907def142424f807e891464830c05addd39232c
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 63579af3c9ae882837f1960e39449350488d7b4ade68d1e6760f7c020234c595
+Nonce = 9a6a0aa23cad3ef207b5615782720713
+PersonalizationString = e225c701cb6aebfd6d9050ad6d0c3ab3ef47269d1f63971271b7305f55e2c6a5
+** INSTANTIATE:
+	V = e8a52f3f3c12be4c4e13f868b6fd94ddb5d205f77692e5b27e82f0d5b8d5aedeec41581901bf37cacec7f48efac0dab9748d3d07cb95dae6dfe17318029a1ab6cebb11513bcbc29e00ac101595e12541e63c6a947a94cb34ae8cd10eb7df305e96b7c50c527c78f382009761444573
+	C = 468dc541bdc562519b66280ef9ff6ae60a3a0c99118d149fb39aadd2132689142aaace90da4299c1b3ec8a93d690da32a63d9c0c49120e6159ec3f6ce0ca6db9f12adb82576c150e7fc080e5201877753e46caf1ba8f0e346c25851ecb7befc2d34cef0e18f1815f4add5a3139841e
+	reseed counter = 1
+EntropyInputReseed = 35be4df589aa0b4d889d0276ffee4e792e61e8cd6fdff4c63d7ada30a2ea640b
+AdditionalInputReseed = 
+** RESEED:
+	V = 69fb940198d8cbe68c7ba72122e4dc5770fc53d228d6a4c904c1c63cc7edcbab5f5d9d9c8601a17716fa85463984c0b6d89ad43629f701651fb01828d8f6bc1db0b7b01dc9d725733f9744046af32d37672142edabcf0a25c78507d885794964361539eef55d470820aaa7d57e0366
+	C = b27a2311d934311c065833d738d9361cbfeb383005335fe218f8092f624f654c3192959e01b7876dd6e6acd3e656f476df512c43e82f6446b2dea08c11bbfbee1743b39f418c1e1832af85ce17578036cba64e2b4f47180a4192b35acd60fb5b947495c4e687f2a08465fcde38d15a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1c75b713720cfd0292d3daf85bbe127430e78c022e0a04ab1db9cf6c2a3d30f790f0333a87b928e4ede1321a1fdbb5d72aab64a897230daba57033a394c7ef9a5e421db15db91e6ee8dff4e6f5fe496831b7ab2af18947be913e2b10d149b90873356a7910c6742c3238cb22e5556b
+	C = b27a2311d934311c065833d738d9361cbfeb383005335fe218f8092f624f654c3192959e01b7876dd6e6acd3e656f476df512c43e82f6446b2dea08c11bbfbee1743b39f418c1e1832af85ce17578036cba64e2b4f47180a4192b35acd60fb5b947495c4e687f2a08465fcde38d15a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 958b59d3d4a0af6d896991c79ce24c794b3417fea81cd87bafc127c2464ceae1a69d3658c1c3cf497f5f7c2576caecfadbebfa6e30e25b33c7055a6771f03219e85d1af88ab94d6e59ae835f281cd848cb4a8054023b9f895baf93ac6c1bc6c97ac2e32ce79f6fa96d795ebd6f7319e15257207348e6e3aa34ff0f96d1d1cf70a57c43759160adc787b685c41c739f8f298f1129f2a45cb441f633d1ff1b74d36806f56bbb942f33851ae4ca82110207f222fadf697612306c533c802f52f9fb9de04e273497fe881c9fefbd595c59c544a2d9b62a54932f2c277cb7e07178f9601e445ec6de392c5990801e0f3edb26c8f7a1deac165c809f779339751f67ec
+** GENERATE (SECOND CALL):
+	V = ceefda254b412e1e992c0ecf94974890f0d2c432333d648d36b1d89b8c8c9643c282c8d88970b052c4c7deee0632aa5d79b7d8d9432005f8ddaa40194c4e61cb21071b629e93232f56b550436b44e8fa41b3444d9c10c8a7302fd07edf3be291b45c265f4dbcfb826b7db7d4091e39
+	C = b27a2311d934311c065833d738d9361cbfeb383005335fe218f8092f624f654c3192959e01b7876dd6e6acd3e656f476df512c43e82f6446b2dea08c11bbfbee1743b39f418c1e1832af85ce17578036cba64e2b4f47180a4192b35acd60fb5b947495c4e687f2a08465fcde38d15a
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 83da36f1f9d70ff8a9e0fff614e5c85aa4acc8041b2f29e79d5e3df1e2820074
+Nonce = eab80247a9016fbb18fef0918f34fda3
+PersonalizationString = a0e04025945130540fbf86e88b34eb9565987325f01b88e6c213846f1647f185
+** INSTANTIATE:
+	V = 1ce7009aaee4e2288987623207d3de447d079701d18e6d90384c774424927f87dee6d2d88618dbaa01e9d64effecfe3135b3405102a832c60ae5d4692560035e44878372eab456dd6e0ecad73202cfa095a8158c482785824a82a55a0f00796658cf53b0be99fd6c84065c56fbc19e
+	C = 07fc2906c0529c098309dd09f197506c728da891b525ac08cedb1592c397bac43164e0991a60c2709b1775f6052a69a3dcb713c29925ff21a060c468689a4de42aa4d188a3cd89d46a2647a6dc5e818138a609a5c6a120e642a30709750bec19b0854d2c68f0eed6b78428a0e84ecf
+	reseed counter = 1
+EntropyInputReseed = 6d297e34ab2590cfe03b0fecc1a921541c159b4c8423df4699e8ddb1dd1575ac
+AdditionalInputReseed = 
+** RESEED:
+	V = ee32d42c12e0f1f59762e74e5ce5980cb9777ffb01967f3b07bcd498a6a8c4f2bbfd6eb1e70107fdc787fe6dbd292afc9dbdfcd316219521651e8a64430efaf00b4ac773406df56cc7018702c6be003693464937aa19e3496f0585458f53bbe6343a0aefa32ec9bf516c93cc7ceb29
+	C = 3a17c5f9b611dbdf297d6bff0f748c23b1672e9a45e81a530071307a7163e4241b17f80a03c816473b6b136b1f552d43f2a1aef531e3ab41f36269902412a59953b08beaed3272e099c6ef48d51b5e0dc1115e4e18b5ef1a15e4dda7db264545977c614c6a89380b7f0513cad716c7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 284a9a25c8f2cdd4c0e0534d6c5a24306adeae95477e998e082e0513180ca916d71566bbeac91e4502f311d8dc7e5875cd004445f7338d286dbeb2f2d83f1c10538d2e5942db2e7ad2382a11e9afd3a0df95ebc57c8e9b3614f3a0496e4198971e9250da65eeb96722ed5f2812cbf2
+	C = 3a17c5f9b611dbdf297d6bff0f748c23b1672e9a45e81a530071307a7163e4241b17f80a03c816473b6b136b1f552d43f2a1aef531e3ab41f36269902412a59953b08beaed3272e099c6ef48d51b5e0dc1115e4e18b5ef1a15e4dda7db264545977c614c6a89380b7f0513cad716c7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 00aea5b924c99170f1b053b670d5ed2fee55b8cae317fa3bef1d5dbcb8081560704e63259950f3db5b9b4922e3887878889b7232758e6136b581fed7c068490ed7098f6cfb19109d4c3b949f7123f45e52b9a6f3321e3db040ef96652d2749463af1e6958b4f0487a7dc60b8a9d0e10c368d8e80b843917415de3f0235da1d352072843d774dc71cfb1d2e5d972a52a2ece7903151cfacaaeea8ca9c1f1c5aad240c8281cdc8d33668f9b03ee38b2429c9fc661b83769347bf617b72b76d40269d4f94eaa00da6f3473c56e9fcc0f4af852039aaed5cd4c317a99921b7028cb09bc496b92084e026df02ade8aa57a44deb22e179cd3e91ca57b31e763fb36dd3
+** GENERATE (SECOND CALL):
+	V = 6262601f7f04a9b3ea5dbf4c7bceb0541c45dd2f8d66b3e1089f358d89708d3af22d5ec5ee91348c3e5e2543fbd3860a41264bf1d87cf523c862e82282187b38f11a194915ca2982d1016cce3883f0e18db4caad7581465598c63e045d6895bffba256f144e38ac6904fb2c1732a5a
+	C = 3a17c5f9b611dbdf297d6bff0f748c23b1672e9a45e81a530071307a7163e4241b17f80a03c816473b6b136b1f552d43f2a1aef531e3ab41f36269902412a59953b08beaed3272e099c6ef48d51b5e0dc1115e4e18b5ef1a15e4dda7db264545977c614c6a89380b7f0513cad716c7
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 3802dbd36565952e32f807e72ddcd16823f0d8cbc7e344871968fbdf7251041a
+Nonce = 729198bad4a78541ced199acbd0070cc
+PersonalizationString = d56d9aa9bc1d5ab27bb7a450f8ed104f47bc7961416eb84afe77f036346a6ce2
+** INSTANTIATE:
+	V = 36c996a07680b941b454bfeffafe73487b0e4993e836ea5e20c84dd7aeeb21b4bc2b8c7f49a226333cdc46c1fbe02325ecc87c2e73176c44814bd28418b498f7716e30299ad97a769208e86c9827b52dbea5cb2765c801ee34118c3847bc994e77b8a2b2dffca805b03f17c8116d73
+	C = 1e3fe1ec0f9e417edbf2d33cdf119abaa4ad89b57552b7b0a6a0762ba1f77b767e9ad4fc2f7e3820886143cb07cd44cc02aa2c68b0ac1125b3f3ec6c3b8dbea489afc5ba21635704a52ba3d18e4be1e859a09a231f9c2f6aa7271fd6455a55f3651b646b25b5dafb6424edbb9e56be
+	reseed counter = 1
+EntropyInputReseed = bd79f436b4c1d00f45b11ee9c0ac98044baa8f178b15de34cfc06941adbd7d9a
+AdditionalInputReseed = 
+** RESEED:
+	V = 4dbf6ccb1c3b6b0415fc5ee04b1607a61c73e7b92f05d114e3adfb45608ada7fb9fb742b2da9061791baa3b895a4ca489ea5f4b30c9676cd6e5965fe5e83a24f6db25808eb64c130f758f5a6e584065fe4ceb61cfb5083e6a32c8c09ced7a588c277b720e11913679edbcf9b6bc78c
+	C = aa6cabf07f0469ece3835977edc18f890a0ee766bd9f27a80a5e85a60e267672bbd6e310f3ab87afc6e57a4b675ef090f92a607590d45b3d8a2384b3d6daacaedeff33ddfa5167bc963349a5b80a6223874bf1ef0e6fe5459b5accfe257814cf8c41b5ce7948562bd785c595cb7da7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f82c18bb9b3fd4f0f97fb85838d7972f2682cf1feca4f8bcee0c80eb6eb150f275d2573c21548dc758a01e03fd03bb51ddb98274d6b92dc9ce04387359ba02f0967aa03cc9c0647f40d4533d373a229b1c1ddf4779472976434680d28f887f5d6e12ff9d09ff3d0bf84c7b0fae7ff8
+	C = aa6cabf07f0469ece3835977edc18f890a0ee766bd9f27a80a5e85a60e267672bbd6e310f3ab87afc6e57a4b675ef090f92a607590d45b3d8a2384b3d6daacaedeff33ddfa5167bc963349a5b80a6223874bf1ef0e6fe5459b5accfe257814cf8c41b5ce7948562bd785c595cb7da7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 591853dd1d59046183ebcfad5208bf020f7463b06a57932b429c724fd71d8324e5f446ddbefbbec33cccea1d57e6319309582cfd8969a8c1dc1c677b3186bb2ac5b2360cd3d512de3a7108ec0113b24201463bb5360933a1ac4935de9c8935ae245ba5e2cbc77566bea51783bd7fd553e66480e28977a76a5edcacb89b0a50659cd6977a251f89f9a02ed2df4b7df80e7711372714e7feaada6394976b58d8a00188034ba85314faae1df8c9bb361ae03d8e1e62cbba19eaca4e121a8c316d154f2f8a19eb6c8a3c7a84d574a39afb6a7d680ac8adfff2f6c65c0c72ebc25325739df1bf8ce4206086fd7871f39f7af16b33c97d605fbedb7dfa7fc1851045e0
+** GENERATE (SECOND CALL):
+	V = a298c4ac1a443edddd0311d0269926b83091b686aa442064f86b06917cd7c76531a93a4d150015771f85984f6462ac90a7443aae938af44b14b5263d161e030f41e4630c9e5324c13633a8a938f7ca68298ec6083242f019a78ea4b6ca773021e14f79bd0bd7d43824a391d3283eec
+	C = aa6cabf07f0469ece3835977edc18f890a0ee766bd9f27a80a5e85a60e267672bbd6e310f3ab87afc6e57a4b675ef090f92a607590d45b3d8a2384b3d6daacaedeff33ddfa5167bc963349a5b80a6223874bf1ef0e6fe5459b5accfe257814cf8c41b5ce7948562bd785c595cb7da7
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7dbee2037b56fa5628633915c9667f2db0ee587656bd43e87b1a8c9d29492b70
+Nonce = 9720d7c43db649f998210a8e2818a5f3
+PersonalizationString = a3eb4fabcef43cee0b6df871ef2a7dcce385492300e503d38a800bf423347bc0
+** INSTANTIATE:
+	V = efc4c6672174b5caa74df03d91db46db3ef88690584dd405c8182a06551a1568bd930c4e9dbb42d2101bcdc87c996c084df18e92d4212a92380b98bf98c7bb70a026ae98d1a8da557268f1c436f4a421c8d2a5218f27ab8eed476beac8877303205e4e8be3da1faae88a89effcb0f0
+	C = 730c5487a75ffeeaa0de5d5392010cb1303b474832f262cd5b425d4d21a63659bd870a05d6c218eac873cc6e9b26e4253978021b7082b11f86b3d8b6fd3a3c740afe8a66cbd991997d96c14ab8b5578856212dd47f5e8df0b8e0f58ba878d50c00f50abfadf0b7a5c3857bb6d68834
+	reseed counter = 1
+EntropyInputReseed = 562bc5aca3fba2f4337cc45d4c402ddf3a9c81659f848b74f9e4ed018b13d2ec
+AdditionalInputReseed = 
+** RESEED:
+	V = 6a231754533fc69558b5916a29b472a28954f21ffe3796bb22e329fc27ff622ad921db5c3227f7c2dadf14691b1fffb6794137153ce9570de6b0e6ca397e4f2f169e2df53fb77a8718ca2ae64fdf973d9a181964692ceb3d8bbb7279e3a05232d990c5d30354f2ec5e5a277607ec99
+	C = f109a611dc66308a762aa33668bec7f31c04e2c57e3884d4785a301ad815d87cc6a6b4f476230abf3c16d91da95f168123b213bcf035b68e804049261f648aa66498b1a83acbda9d3c9ab32211326608650957bd71fa88032904fc2bab71d326bf2365e3bd1e4f7f8813bea156fe2d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5b2cbd662fa5f71fcee034a092733a95a559d4e57c701b8f9b3d5a1700153aa79fc89050a84b028216f5ed86c47f171b9e4c8054a012f1b3374b3405f41a58abd5626ce00e9b30d622fc9dae758b6045426cdbd5bbf645bb9b7cd2f29b3f3de949f8267b835f8a43c9e4eb9d541eab
+	C = f109a611dc66308a762aa33668bec7f31c04e2c57e3884d4785a301ad815d87cc6a6b4f476230abf3c16d91da95f168123b213bcf035b68e804049261f648aa66498b1a83acbda9d3c9ab32211326608650957bd71fa88032904fc2bab71d326bf2365e3bd1e4f7f8813bea156fe2d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = da4c79ba4e383185a814b6ff22d4442f9e896093a2700d095af5a35efe5203fdfb8cfbc14f2551cff49adc6b003149a6d92d19612b7256e52cdcf84e3578689d6e4af6843ca48cac7724e5c4e33bda9d41c7f260dc7d185872f49384e11cfb1c9f3ecf4f49c24dccf996703d5618f08819d7627278355c61a826f00e2e072381cb920f7c8af0b26e07fe147e5acf3550761f056df6ce66b10d234eb41f62a5c0919e405db7105c5470980f0370288948bb5f8198c8cb4ad32e389b55dc9400e946ce02ba92170e8600dc3e2ab77e102a05dfe1fa31ddd132c1299b65507870b7b624b14d0f9d01d36bcbefcb5745b9bc766d8333603060914b1c47188147c0bd
+** GENERATE (SECOND CALL):
+	V = 4c3663780c0c27aa450ad7d6fb320288c15eb7aafaa8a06413978a31d82b1324666f45451e6e0d41530cc6a46dde2e46457422e1d7b86dab85b542c71237e23d2ad5e41384c8972adad14264b6521d67fdd65c046aa2c33581a39ac74f5502bfd48c17e22a258ed4f65c3c73fc4c0e
+	C = f109a611dc66308a762aa33668bec7f31c04e2c57e3884d4785a301ad815d87cc6a6b4f476230abf3c16d91da95f168123b213bcf035b68e804049261f648aa66498b1a83acbda9d3c9ab32211326608650957bd71fa88032904fc2bab71d326bf2365e3bd1e4f7f8813bea156fe2d
+	reseed counter = 3
+
+[SHA-512]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 2048]
+
+COUNT = 0
+EntropyInput = 554e8ffdc49ad8f99ae5d5f81af5dafb7f7553d7cb568ea73cc082dd807625c0
+Nonce = f08978de2dc2cdd9c0fd3d84d98b8e8e
+PersonalizationString = 3e527ab5812b0c0e982a95789398d9ebf1b9ebd61d0205ed42212d24b837f841
+** INSTANTIATE:
+	V = c952f4c86bb7bb299fbbe291a919e5375931ab9d02344f17bf8701c3892f245bff00fb5889e171a8fa1e11b62d91b95554973f3df7cc2b233f67b09017b0ecb5d63e543e2b880a967c0a8ea25469e3b239b891b22ae7a36db113374d599e3fb7537734f9e62b287ed42686dc39ec12
+	C = 561094dd3cf0580a5e304ed9ce0a8cf9b25bee6d903fd67e1f83e54613d1fb1f8897c700209b23709219d2f8ec19c7d7d3451c4fc2ff966c74b6678274a4a19f9f8c2f43598acc75550426c88e40f9062c11e43ff7009c70e5b1c5100559809f8f15dfe9bb7b96b513797577b96838
+	reseed counter = 1
+EntropyInputReseed = 78073e86794b109588f422f9bd047ec0ceabd6786bdfe289b316439c322db259
+AdditionalInputReseed = f26bb1ef30ca8f97c019d079e5c65eaed1a39a52af12e828de0370799a70118b
+** RESEED:
+	V = f196a210a74b78383b54d80ae8d9adc01b4e7940633f5e2759983849f81030b8363df554a35ec45c9acd2641f5d5b046965b2397c88ded1f1a82fde4e23052fe57f7a48aa69cf1cc3c1ac11975ffa96e3aad0d69d965a29785ddc809f8cca27ee7f4263493258d06d2bf71b80bcd07
+	C = 8abd4ff438d00fb486728b2d2fb7e7119709c379d45b0f942ba7f30879b4846a8da0dce770e566d2c1e0a9c28ccd969ab18adbaec554e477d8bbd74e045503d13860d59301dd20bb532c31c1bf8d9e1629d7523a92a9b12e1648d981326bbb8529e8900bf0c7b106a5144eabae79d0
+	reseed counter = 1
+AdditionalInput = b09db5a845ec797a4b607ee4d558567035209bd8e5016c78ff1f6b93bf7c34ca
+** GENERATE (FIRST CALL):
+	V = 7c53f204e01b87ecc1c76338189194d1b2583cba379a6dbb85402b5271c4b522c3ded23c14442b2f5cadd00482a347dcc3308f02733fec55a22e6fbe1fa38e49dbcf37ad25545b9967d362295629b57da512334fcf0b5f871d08888888d5a390ba9b94fbf6f782b7549d6438e82d96
+	C = 8abd4ff438d00fb486728b2d2fb7e7119709c379d45b0f942ba7f30879b4846a8da0dce770e566d2c1e0a9c28ccd969ab18adbaec554e477d8bbd74e045503d13860d59301dd20bb532c31c1bf8d9e1629d7523a92a9b12e1648d981326bbb8529e8900bf0c7b106a5144eabae79d0
+	reseed counter = 2
+AdditionalInput = 45922fb35ad06a845fc9ca164a42bb5984b43857a9162348f02f51612435b862
+ReturnedBits = 1f20839e22553b1e6cd4f63a47c399540f69a3bb3747a02a12acc70085c5ccf47b125a4aeaed2fe531510dc18e5029e2a6cb8f34bada8b47323381f12df68b738cff15c88e8c3148fac3c49f528123c22a83bdf144ef15499344836b375dbbff72d2869662f84d123b16cbaca100121f94a8d5ae9a9edac8d76d5933fd55c9cc5bad3973b5138b96dfdbf59081df686a307242f274ae7f1f7ffe8b3d493898347c63466eaffacb060608e6c8353c68b8cc9d5cdfdbc0414448e611d478508191ed1d75f3bd79ff1e37afc65d49d65cac5bcbd6913751fa9870fc32b3f286e4ed74f25d8b6c4db8ded84ad65ed66daeb11ba2945254ad3c3d25bd12463ca0459d
+** GENERATE (SECOND CALL):
+	V = 071141f918eb97a14839ee6548497be3496200340bf57d4fb0e81e5aeb79398d517faf23852992021e8e79c70f70e068ceedd4504c9c27276eb904f08b12bf883a7b11a8b357c7abc5097f15f1b502dc914c76d3b809bcc452f3ade9f137e834364a3420cd0914e2f3f35e967cdd44
+	C = 8abd4ff438d00fb486728b2d2fb7e7119709c379d45b0f942ba7f30879b4846a8da0dce770e566d2c1e0a9c28ccd969ab18adbaec554e477d8bbd74e045503d13860d59301dd20bb532c31c1bf8d9e1629d7523a92a9b12e1648d981326bbb8529e8900bf0c7b106a5144eabae79d0
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 0c9fcd06213cb2f63cdf79764b4674fcdf68b0ffaec7218aa2af4e4cb9e66078
+Nonce = 431c4d659396addcc16d179f7f57244d
+PersonalizationString = 7e54bd87d20a95d7c40c3b1b321526d20667a4acc1aafb5591682cb5c9cd6605
+** INSTANTIATE:
+	V = b4b66b7dd1f0eea5562d78429989a0d2d113d42000a9ec7d21c1194aa6597c42d1c4e38f0467da7b3cfef57e57b4747379a2143a3129cc39b72ed4a2c0f6aa2bc84f5104e85a69f9a2c92983176b68897dc4cc155badd783b8777262769621c0398031adcb5acb1e3febc52125745a
+	C = 0350eb11d4029ede9999265959a8d3965c4e5fe8d38d9ed4532948b0188e18f2dc4b0f835fd3565b622b50e98fabe11abac031d5ba757917a01fdd4188dce250cba536f8e89be72b1b05c8188e1da2f78f27e13d49fead7bf46605fda06a7fbd3c684eb59efa3be80e23b9877a8eaf
+	reseed counter = 1
+EntropyInputReseed = 75b84954df3010162c068c12eb6c1d03645cad105cc31769b25ac17cb8335b45
+AdditionalInputReseed = d5749e56fb5ff3f82c732b7a83e0de06850bf05750c855604a414f86b1681403
+** RESEED:
+	V = 89694717c540a8ef2a7c55b69d3edba9d7e9d1a488b029cc8f3f9abc397143b0644643dfd7aa9f92c6c6b996c9e54e4b2585b2f5d55ee689b7877b89b38a66b43767bd2bc5cdccbb7577c2d591df26ec230feec584f20b3e850cdc1556a54ef208adebf41f51e26a313779755f2be4
+	C = bf767f496357500f9fd0cde3fa48be66a528498b7cb2dcfc498fd17556966cf02abd665a8538d2548c61464574a362bb9cde3e679b545719c9e8ae34c168037b56f116b941bf6d3775c542d883c46320763de9e29f35cd98613dd4ab867ff30007b258f8d6a150f1a4a16e087e50b7
+	reseed counter = 1
+AdditionalInput = 9a83bb06df4d5389f53f24fff7cd0ccf4fbe46798ece82a8c46b5f8e58326223
+** GENERATE (FIRST CALL):
+	V = 48dfc6612897f8feca4d239a97879a107d121b30056306c8d8cf6c319007b0a08f03aa3a5ce371e75327ffdc3e88b161d45da35785125966e5cbcafe009c87c4a74b97058679e6b402b319d791590a3a7dbe6cbe04c81afca0d3d458b219c1f6927ec9b2dacc6d8b2a4a7a2c90248a
+	C = bf767f496357500f9fd0cde3fa48be66a528498b7cb2dcfc498fd17556966cf02abd665a8538d2548c61464574a362bb9cde3e679b545719c9e8ae34c168037b56f116b941bf6d3775c542d883c46320763de9e29f35cd98613dd4ab867ff30007b258f8d6a150f1a4a16e087e50b7
+	reseed counter = 2
+AdditionalInput = 4813c4951099dd7fd4773c9b8aa41c3db0939250ba2398ef4b1bd253c161dac6
+ReturnedBits = e17e4beed1654fb2fcc8e8d7c6727dd2e31573c023c8555d2bd828d831e4c98742518766431f2ca473ed4e5012c4500e4cdd1473a2fbb3070c66974d89de351c93e7e68f203d84e673460f7cf43b6c02237c796c86d948809c34cba123e7f78a2e4b9d39a5861a7358285a1d8d4abd42d5492bdf531de74a5f74097fdc297d589c4bc52f3b8fbf56ca480a74aeffdd12e4f6ab83264f528a19bb9132a442ec4f3c76ed9f03aa5e53794cd006d21a429db1a7ecf75bd403701ef2472648ac35eed05840948c11d0eb77395aa3d5d0d3c368e175aac044ead8dd133ff97d211434a58743a40a967700cccab1dac439e06637056eacf2e6c6c54f79d3e56a3d363f
+** GENERATE (SECOND CALL):
+	V = 085645aa8bef490e6a1df17e91d05877223a64bb8215e3c5225f3da6e69e1d90b9c11094e21c443bdf894621b32c146c26efb28bd31f3c515dc2388ec39e0d25fb0f89c3e9a64b0ec4c61155aa0b1bbdc6e5362c4cbee2cd41c5249031f21f66c1be72e374b0936d9d02ee604f1852
+	C = bf767f496357500f9fd0cde3fa48be66a528498b7cb2dcfc498fd17556966cf02abd665a8538d2548c61464574a362bb9cde3e679b545719c9e8ae34c168037b56f116b941bf6d3775c542d883c46320763de9e29f35cd98613dd4ab867ff30007b258f8d6a150f1a4a16e087e50b7
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = bae483c94f3e4521753589b4f2b72e2c8274f4e4c2359ea5e9de56cd584ce4cd
+Nonce = f5f106d412095ca4d380f4b655217f2d
+PersonalizationString = 2693dde6633377c9e399f332dc50bfee6b6287d0c58b452cade3ac1711b3b5da
+** INSTANTIATE:
+	V = 9f0fceaea6e3b49d382f5971c4a19ee74562564bb85a284af08d309390f7bf9ffa638e776421b2ff08937d4fbf7c75f687dbb626fc9a138fb7558ac9407973c2ca5a58da365585b90edcb497925f62f24c5d798834cd68411f0444c12e17b3eded53c53cc0865d7422bffcf4e257da
+	C = 6bc85220b4011da289caff297424c5a6e1f8537809e73c519919ed45b9a0ba184a2f89ac487846f2454fdf5544e4d4020e0eb9dd5d2b749c53b2130464e4da3869ff2251a6be0192cd7298cd31271bd24ebb2bda22436395fd62569b04fc4b08d09a2fe23bba494aea1ff832d66e14
+	reseed counter = 1
+EntropyInputReseed = 65bcbd036f7c5354e8b8fbc5a72c135243ab53d0fc2cb1a58b3e02f33a38d44a
+AdditionalInputReseed = a261c178acdfc5d56ea941eae290fa949ae48813994c694a18fa76380a77e8cd
+** RESEED:
+	V = 7544eff7708a66052a455800a4aebeb65be59dcd493ad376cd4b464eaddb20e0f3c28e2c267c3ed61db8f3573212d4ec882bafa68b763cc93641393599f2302712876dba3bd1f117315e003eb465b77a4a57b772c78bfbf18b5b2aa4a8102e6ad0f6fed809324b2feb062e95e56507
+	C = 190eecd6d14b3a9397274194232784afd438bd5719ba8e030ab3a599707b899b6df35f031479ea6306e5c294171fd5200a82d65f95e6b3698164b6b2c512616c09a344fc92ea206087617db84970f38ec21158da309a6330fa9139a3a59d2be412cf4ca13db84d72ef07aec5b075b4
+	reseed counter = 1
+AdditionalInput = 3c12f018cf22d5c553f1c8d6f73b01498377098808d76bb007936f077af7a5c2
+** GENERATE (FIRST CALL):
+	V = 8e53dcce41d5a098c16c9994c7d64366301e5b2462f56179d7feebe81e56aa7c61b5ed2f3af62939249eb5eb4932abd4e980b2f32b057354ae15c6f928abcb19797536f4f55e32c3251eaf92796392826c9926d482d94ccd5678faf20f72ea715f48acd41c0170772566ef3d2a89f3
+	C = 190eecd6d14b3a9397274194232784afd438bd5719ba8e030ab3a599707b899b6df35f031479ea6306e5c294171fd5200a82d65f95e6b3698164b6b2c512616c09a344fc92ea206087617db84970f38ec21158da309a6330fa9139a3a59d2be412cf4ca13db84d72ef07aec5b075b4
+	reseed counter = 2
+AdditionalInput = 9a3b7c836457342be51592001a5362d25fbede69b8688901ae6a1c3ee84d5393
+ReturnedBits = 137ee45eaa4f3a175174becbb42de66a800e13d589024ba806e7e94d0a34c893c66b838993f0e9c854b819949a1be843e9570e3db8bc1b734770370433f92062b2e1597a2a61dfbdf78373478a24b951157bbddaacb319b0ed59de6c599c9f076ba0008cadc5be2ba19c8c36ac98cb26428b19be20ed37f22d11d9b54ec24b4fdd61f9e9c0e91b9394320279cd879a4546370be64e196a1029c203782b1295a44904deb05930664cf2ae9e315050ef0c0227a33b8578944be29fd8690d3f86be90aecb856644a867ec86236485f54fea6046b43b1bb0a1725d3af74908c1ba43c15408e20a6eed33eff25f5d4dedd738930d5741e25bc24f4a12eedae4395fdc
+** GENERATE (SECOND CALL):
+	V = a762c9a51320db2c5893db28eafdc8160457187b7cafef7ce2b291818ed23417cfa94c324f70139c2b84787f6052824a71fc9ffe22570918dae39274e45295a1051ffbedc36cee322d829a92f4309845bf329f783d6b40cd9b186b15e3e20369461ed7b35f714590d664288cfda5b7
+	C = 190eecd6d14b3a9397274194232784afd438bd5719ba8e030ab3a599707b899b6df35f031479ea6306e5c294171fd5200a82d65f95e6b3698164b6b2c512616c09a344fc92ea206087617db84970f38ec21158da309a6330fa9139a3a59d2be412cf4ca13db84d72ef07aec5b075b4
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = fad292c99862db90f7983cae018e49ac08980072c868cea53236a853cbd019de
+Nonce = 1452db14eb178c39f4dc7dd605824f95
+PersonalizationString = 3e210bde62413d4882b8e419f859ecb7d3eef1959266380f560ad90a0f6de0ed
+** INSTANTIATE:
+	V = 36aa202104abe8ac64480fb66afaf9bb1e67258b6d0fbbf3e77b186404a499d06a1782b712297b35313c41dab7a8421c140628a19ff880dab5b57ba889beca6e07392a35b8b9efb66d06099d9b77f98a2af5d51fea42b342dfb9db014f9de22a3d005c6d061ddcc9172cb5aea050c8
+	C = 0262e12c27485f43e128a313b8ca408b7cdef2bf51729a556fe0d44f8ef31745e46081dee77da82608674e8b0e169ed33e75b4cb0c089848ad04bda222794890c33e894b40b5646ece65c5d7450a237bb8d59fd1544bf4fb5825057159de189fd60e01afce4de9918bbe0d5491c38c
+	reseed counter = 1
+EntropyInputReseed = 8cf5e1b46dae220150893e83c176e1aeb0415d5599ee82b7395d74f5be697bd2
+AdditionalInputReseed = 976ecac5caa93a4277b545001b57351f2e5c4fc6fddf79677ef603f7aa6771b9
+** RESEED:
+	V = 1c6442a5b6da8ba108fa0272795bdabc96ab0cbf300216ed88f857e84a5966112ecb504cc7d21051e84dfce4fe09444b8b9770688c3bef12f7ae82465b56c675b9eb0c31b0650e11d6629efa34a4bba029dc774acb6dc62cc2f124bb2eef51283aff0ccf9ec3eb1e681e55086daef1
+	C = 9aa194007c04c132fce4af3f1497a222cdb0710e849a11eca536391aca41d151aca878bf44080a22bd84f0df27878cdf215ad9b93cd7f119925aa7f16345558d8afcff92a446c8e9f55f206fe6b9173ff1fdf09f48b3568f3fbb5fa6e328081fd12e434ed9b28af215a450bcd49fa4
+	reseed counter = 1
+AdditionalInput = b5cd65a636179be28e0ef16a456de0c0135a938f294b418747c13defa9d963ad
+** GENERATE (FIRST CALL):
+	V = b705d6a632df4cd405deb1b18df37cdf645b7dcdb49c28da2e2e9103149b3762db73c90c0bda1a74a5d2edc42590d29253c5a08de8a74bb2305d9841f78196733f0dc807e34c1d64b6d2ba0783e4c85958f6282f5b1c7140a202ddb5c013232d855107f3c489944b13b16d7cc7db07
+	C = 9aa194007c04c132fce4af3f1497a222cdb0710e849a11eca536391aca41d151aca878bf44080a22bd84f0df27878cdf215ad9b93cd7f119925aa7f16345558d8afcff92a446c8e9f55f206fe6b9173ff1fdf09f48b3568f3fbb5fa6e328081fd12e434ed9b28af215a450bcd49fa4
+	reseed counter = 2
+AdditionalInput = 74410718bd2ada2f124d68c14cd071fab761bdcd605c3a4a4822d66271b7e30c
+ReturnedBits = 6b8ae32ece00ab02756bfec0b67bf9f147f0b9d2ec856a912bc00238e092ede0872f11ef74cc7a82a5c5298ea497e6cec2507a95f6a649ac26b4e762dc228a6d11df175d37f6edaebe3c69a68c0a196222a2612f9b4ed986645e19220b6c89ca9c9c9fb0ddc621e269749fee8cb05c8b55cba6ec8d542d10c26d886afae0b5363e3bafd4ec16aa94edc994c7aa49ee6be1e7bb9a448d67ce5345aa4b751e040a003eaa4df612412aad63f86c87804afd4582d498bfd586a5063ba4c6fe536b35deafd0ffd07662ddf2ffc2ca679be2580d0fa66eb00237a3dfe25afaa6a74c0d187c59e354e031e9cf9edd7a5605ad1aeb5e0c8db4c23ce6075f3be481546dc5
+** GENERATE (SECOND CALL):
+	V = 51a76aa6aee40e0702c360f0a28b1f02320beedc39363ac6d364ca1ddedd08b4881c41cb4fe224976357dea34d1860771eb3b5f47cda9006f5c21890759f771c7c9199551ba91bbb6be5b85a1662128383ac30d9c7b6b0064de2671cc5deb81e762d9ca652b59185d04b03e9d93dd1
+	C = 9aa194007c04c132fce4af3f1497a222cdb0710e849a11eca536391aca41d151aca878bf44080a22bd84f0df27878cdf215ad9b93cd7f119925aa7f16345558d8afcff92a446c8e9f55f206fe6b9173ff1fdf09f48b3568f3fbb5fa6e328081fd12e434ed9b28af215a450bcd49fa4
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 209512d2442a50441dbb3bad16b277c13e091da123027f49ce20fd55a3bf993a
+Nonce = 5eb5021f952b564d131b100a026f3046
+PersonalizationString = f15d24390c8e98c2d5eaa08bd0a51579d3458721db5925d3412509eddc67099f
+** INSTANTIATE:
+	V = d3936ca967d90d344f51ab1b6eaf89e19531bb65a76481810b937d9107d072ce7a2b3e441870346e0604fadf50fa9b48b0edf4d2410b1daa2379f7ba6ac93a311adeba1b4a3983ef94ec7bbc6374624df7749ac89be965598671cd0cec4d56ee0d4272a9d655fe0d288dddf9c51f30
+	C = eadbb3231f0cd4783b18e80d55f16c6a8451e0866867b5971d55f1d8ff2369bc4107a1f64a96533352b26da0f01e68dc8f7423a26b36850aaa40f64870d70b42cdbcfa9b2556c2ca89d9abbdeabd618ca7307cb47da5a79dc8e901aab13cc817d5771309cc5328e90d36fb3f54ba31
+	reseed counter = 1
+EntropyInputReseed = d7641b8e147b1d617518e3d66bf9388f76f2318b01695ab695663e3d946ab142
+AdditionalInputReseed = 28c801b4e36ee32e694a9a61729dff1ececc953399f3ce19131ac0a3fcd91d89
+** RESEED:
+	V = 78a31e001902696eb4d4f5ebdab08f8ecf1bd7c69711eb68ff797d660f3e738d6012c1ab9c20f5795236d66604dd2299cad6b0d5b88454251af83481c462a656d593497f3ecba15916701ecd147834587d938894e3d2d35aae97a9c6e32b2cbbb8f11efbaf7de9a860b57490305848
+	C = aca77fee9bdfb0f13222aa51cb57bff76357278de4ad0bd989b576fa7ebf1c8eac7c2987b8496df4969b8bd02edfca0e29c31c655946928f946e65e29e93572027dc1ece8f411378e727d957381c0518d92bfccdab0da906cee8a1681cd65d6895352ccbd29ab625ed7fbf161cf245
+	reseed counter = 1
+AdditionalInput = 3cd659ed45cc8bb099f30b0f65aa6c2c972f755292921ef5b1fd5d99e38e723f
+** GENERATE (FIRST CALL):
+	V = 254a9deeb4e21a5fe6f7a03da6084f863272ff547bbef742892ef4608dfd901c0c8eeb33546a636de8d2623633bced9b2a1b8f3a85d0280d82e4e6fe01f95695ba7ae4dba7372aa5ceec8cd11fd7d166a02691b8d2b3526edee666abbe561b02ccd46b64b0702d955a4a560bf7b95d
+	C = aca77fee9bdfb0f13222aa51cb57bff76357278de4ad0bd989b576fa7ebf1c8eac7c2987b8496df4969b8bd02edfca0e29c31c655946928f946e65e29e93572027dc1ece8f411378e727d957381c0518d92bfccdab0da906cee8a1681cd65d6895352ccbd29ab625ed7fbf161cf245
+	reseed counter = 2
+AdditionalInput = e101cd1d5550e355b9bbd3b8dbb83b49b5d5c257be120cffdd27c9de3c0c2359
+ReturnedBits = 02f417de4a968e668195ad1bbd647955e26be3fdba1b9a182e0f9c9e14b08f58b7b756afb5f0190ec3573f0376f51696b1b6a808842c187eb2a3c2ab6149088da1ac314c8d51651ad748b1a5296554a42355d14d61eda5ac70a648cbce45c918fcab9e053dcf60d1c3a75e824c8971141d393049eb19deb4b44ec953a0d275d9bd1424b66f1587b00f60b87e346277fa784579bfd0aa72bb18b259d275f1622caaa85e780ab77557852e332126a8c3c4e0ce335a7e76a56001e3990b53dd78b0233ddedf3313bd1d6e873c280f39c1157c24cca47ddade1dc824048561bfd96d6c9d2dffa927bcb1a0395b6f808c251ed9b0598b39d3e778e13baaf756a5d498
+** GENERATE (SECOND CALL):
+	V = d1f21ddd50c1cb51191a4a8f71600f7d95ca26e2606c031c12e46b5b0cbcacaab90b14bb0cb3d1627f6dee06629cb874ed8fec334562329f7be793a0377c2047cc81ef47c1ba5f5fcdf63cd8105fdc8eff1f02d79a0ea721a37acc077e16e2150864b7597f0b44f1798b904cd68e41
+	C = aca77fee9bdfb0f13222aa51cb57bff76357278de4ad0bd989b576fa7ebf1c8eac7c2987b8496df4969b8bd02edfca0e29c31c655946928f946e65e29e93572027dc1ece8f411378e727d957381c0518d92bfccdab0da906cee8a1681cd65d6895352ccbd29ab625ed7fbf161cf245
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = cc202fce16e538b58b085ca132e6ba98bd3f5b27542d2823050a6959101ffb4d
+Nonce = 9a9a105ea3d97c49162e6ebc379de5a0
+PersonalizationString = d15e5b2c5a760ecda00108812e9bee55c1beb347cda3b0c2d21b93f426ef2c18
+** INSTANTIATE:
+	V = 700ac4af95f2150a56ce52f74518184053a2508709569622f8af1312e6d4d5988a531f2c48469b06436550d461add9d44c0fd7a9579199a9040de963cccb325522bd2034dfc88f11b7f9e8f75e3b173396f34d496f13f4682d22c8bf8b65d80a8cceda13a5f0efc98ef5c7372ba24e
+	C = 41a7f3dffae661d2f58f7b71fd106d0e091bc03f0ba55cac6e9b6ca2915965bfaca2a24ea66d2938c2f1f8b99e6ab6bb3768bc407f49acb1d625eed7865b8ab21bb1b360433f815d1d50dbf3bc5d99f301a11b108314e67ac0c87be2fba00f7bd9320114bd87442355b4907adad532
+	reseed counter = 1
+EntropyInputReseed = 973e3529ed9a8879fcb3f99c1272ec77524918a7788814b0cf3bc31a9ac37a47
+AdditionalInputReseed = 224e915525a3c3141ad86012a7e54bfa9202bf1d55f3602879c3504648c46114
+** RESEED:
+	V = 367a9997827d27976cc870d414aa5694f032211b6559ca9c2b334b84759897a22d0197640f339a587ff5fb2cc7296b47c7a807fb367769ab8d89973df0c0e1bd193dd9c4c9940ba9b257028718798acdf5afb69c33542490076f566d494011772ed8aef1893cc805d874d911415ab2
+	C = 82c6d4d31e2649b500df006f1077fdfdbea68d7bad8432a130dc3869a0e7ff37d10a4ca8c40d0a3d3d15fa495740daa6544fc9da54b218d5dde4a915258b9b5b9b5929706dec351fc947be87adb44f9f7a6a11b69bf03dba7051c683c8f063f2ca98e6c1d27ec7b1cb437daca91ded
+	reseed counter = 1
+AdditionalInput = 9fd4b64450c9028210aa3ef9782d170d4eaeebfa91fc79c0f123144e3c5076ae
+** GENERATE (FIRST CALL):
+	V = b9416e6aa0a3714c6da7714325225492aed8ae9712ddfd3d5c0f83ee168096d9fe0be40cd340a495bd0bf5761e6a472bbdc8300459a51ea45c458acc22e091aef9dbcd97113805825b6e841420cab65db7dd7480efb5dca62295c0957d92b2ce0275a4009a3b6cca7606896a546ac7
+	C = 82c6d4d31e2649b500df006f1077fdfdbea68d7bad8432a130dc3869a0e7ff37d10a4ca8c40d0a3d3d15fa495740daa6544fc9da54b218d5dde4a915258b9b5b9b5929706dec351fc947be87adb44f9f7a6a11b69bf03dba7051c683c8f063f2ca98e6c1d27ec7b1cb437daca91ded
+	reseed counter = 2
+AdditionalInput = a63b2a7accb6bc2c370e96ce303ec369884714620773d7848d8911fd74afc257
+ReturnedBits = 6f497b2f95d7f3d6dc33d957bfb8d3537b1cfad43a3ce8d16e1d42c844f1050d627e10bbb00fb8cc932670b5fcef154badd977ca5b626bd80ef232d175d693a97da75372a361d80ecabc570219bf2b09d94ca9767ca714b7c3887aac185376ae45c81322106b3e0603749349431361d41264c38df19cef49e7be3f56d0212cbdb096908af5bf0a131a14255fa1b2eeb5d576e31d2b04c4bb229b918ec47753f0999bb6f5510db4b54c408df4e985fca2dc79190d7baec002bd2587866db91f12f95678705db9a087dac5a4591aa401da6810dfa45a0e9a41e6fb8d0438845ad6ab2f63ff95d16b899121972d2d17f0e15065499b615c5324cf18560760312e2a
+** GENERATE (SECOND CALL):
+	V = 3c08433dbec9bb016e8671b2359a52906d7f3c12c0622fde8cebbc57b7689611cf1630b5974daed2fa21efbf75ab222517f8f9a5b4b62050561899ec91fd570c924f952f6c2441665d4f3fe152feadb7e0f4e3a044ab68300a66bb3caacc2d570e029bf4816909998013b1e737570d
+	C = 82c6d4d31e2649b500df006f1077fdfdbea68d7bad8432a130dc3869a0e7ff37d10a4ca8c40d0a3d3d15fa495740daa6544fc9da54b218d5dde4a915258b9b5b9b5929706dec351fc947be87adb44f9f7a6a11b69bf03dba7051c683c8f063f2ca98e6c1d27ec7b1cb437daca91ded
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = f668cde883e5984295aaf8851e5d1de5a0fb7adcccc5d0cc54f06b8347208353
+Nonce = 55a1248975035b872da59149a5b3fbdb
+PersonalizationString = 60e2a5b3f54818897b83a1801892cc7256234181942a4cdc9ae65d0dc4a84593
+** INSTANTIATE:
+	V = cc861c0cee4073018fa1ec92a132b6b0a5524f4779db6537ca94d3c85e9ac0c93244cfb12236cb005a2d367c3af0816fe5d5a03ce4f0e30c1d90cd58f6f0970abe001dda6ca5e043916c329349baff8cd22c369aaba49a76af403f87414d4b46ea18a99d7cbaede6c3b5f346e87ab3
+	C = 9b0420ec4491fd38cfdd417457eea65e5f10a80a0c95b4497042e30ee82c2ee57b3c846389a93c5459af942f88926df9f0a74f265752a91123aa7a5f3166805ded4b28e2b0bcb927f25f87952f7317cf03ca2ce983ba98b5bf2076c331a492778dd56b6e5df30af5a05fdde4360d31
+	reseed counter = 1
+EntropyInputReseed = 47df458dac649f65227870d5897927f2d0953422202f9c1233ef1c1b2af6ee08
+AdditionalInputReseed = 68a5aadf78a142cf2629c97fb13a38c9c88490c9885ad6cef224ad33319647fc
+** RESEED:
+	V = 0db52e8730c9986bf292f7f6a7132e5064416e0419c9bda75e5c67c1ae138fa9c946b0acb57f149ed2e2b1e91e27203f259869a6bdd51875b223b248f794b600638f13ca7e6b8c1a6c81cbf18e740f7aa06b1b3b094573e418a237b77fb2adf4129a193f41132e60a46109b6e423ba
+	C = ebd2f995b0d5402dd318f7bae25a47b3b7f2234a83d9357fce8f99c0e7863e3e71c21b7739eb1795bc57943379bdf234ef79724f32d67b811677976528405fe3d6af638727602aed71ef963d9eda5163828af88117fd6e25d78daf5d023931710ff4185e208e9b6a51c218e7b34870
+	reseed counter = 1
+AdditionalInput = be5f433b166eb8796bb43c259cbc6304e1d557d24c3cf3b587a523dc51d7764e
+** GENERATE (FIRST CALL):
+	V = f988281ce19ed899c5abefb1896d76041c33914e9da2f3272cec01829599cde83b08cc23ef6a2c348f3a461c97e51372bde72e6511aeb5ab22df62a2213d14667ff32d73ab27b5c59d0c0d51c0e48fb8bc14c8cbb0306225673226f172cd4dcc33b854ffe32e1c551976de36852b56
+	C = ebd2f995b0d5402dd318f7bae25a47b3b7f2234a83d9357fce8f99c0e7863e3e71c21b7739eb1795bc57943379bdf234ef79724f32d67b811677976528405fe3d6af638727602aed71ef963d9eda5163828af88117fd6e25d78daf5d023931710ff4185e208e9b6a51c218e7b34870
+	reseed counter = 2
+AdditionalInput = 57c27115b62e9936c78056b6255d32979ebaa74a8a94c92e73ad26b287285621
+ReturnedBits = a295d586c7f3365172b54618cdcf475b6be376b7ac9f965aeee06dfb35913eb36dbacb1878896b7e345e7d5142977ae80ec6147e9d59c57160ab7f0139e25384a9e242724d2f4b6b7d339e6940aea684af2e425823b20c016719cbf36eff9160b9a5d63bab1d691eaf20ffe2d706c9433e2e52f4f3bbfae39d3e6891b2c1609dc45f6ae7b844e15b6bf77e223c4c1568cc0523066f12257c2a676390ea50c6e7697c9515278f560844827fdd13443cd558c7a4d248b12cbdf8539cee1c7b3d0980919c09ad54f149a4f7cea33f4e0b2e217f525e9f58149068dcde5e70923c57525406aafd54dfc18271ffbe5050508406dedbc968b3b1a0c2541ca78228ed17
+** GENERATE (SECOND CALL):
+	V = e55b21b2927418c798c4e76c6bc7bdb7d425b499217c28a6fb7b9b437d200c26accae79b295543ca4b91da5011a30604cf0620d9c8cbc06262120c283e2319c96101ebbe9b112befdae039038dac657191f90fd05cd7f7c0e3fa30bd65b8de4f2d746337950c0bacaf545434d41cbc
+	C = ebd2f995b0d5402dd318f7bae25a47b3b7f2234a83d9357fce8f99c0e7863e3e71c21b7739eb1795bc57943379bdf234ef79724f32d67b811677976528405fe3d6af638727602aed71ef963d9eda5163828af88117fd6e25d78daf5d023931710ff4185e208e9b6a51c218e7b34870
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 3b9c147d0795519add7cd1f0df5bf8871d49479b006b915f3655073e4f0fab91
+Nonce = 974caaf8bf17b2d826d05e6a92f38e1f
+PersonalizationString = 3c2bfd43d57afa44774d2caf8c6048ff0f1551f7169e7b6a66d27e1832c1da74
+** INSTANTIATE:
+	V = 5b12cca328e374825c8829b9538481f4816d4defa7c18bc7a994251f25ce4f6079906486fcaa18641b1d6d97dae0097259ef80438b7f0181910229422e9cf9d1a7013d70ef9847aa5a6c9dd0972fa81bbc50a4a01487dcd6402e79f83a135d2aa02108af5a5f8b199b252f24c9270d
+	C = f650c38c5b565fba28aab6098af262e58970cec5b4fc5fb3d27dea3a80f6d05ad62403daf8c786bc7806212fb7f55c55cc404a6485feaf7ba7429a40fb080d4ac4582b3574c2887790d5c79abdeb0fb3bb69c6e39bc53fe364e2edc2384d11fef3891e2ac1c63e870030d817536008
+	reseed counter = 1
+EntropyInputReseed = 61b81087338403d5a97a93b0838836a231fce4d5557cb31d3990ad1eb9bd0f0f
+AdditionalInputReseed = 2954ee82a3a8586d71d016836983eae80ae3885520ca430de4053b324c364fbf
+** RESEED:
+	V = fbdfe74ec2b9e1535f18745cfdddcf7fdd815f49b98923176e713fe973e93fb761e77284287f5b4519c30c6925037b6717110f2cdafe223e69f55e7a4cd13c9eba0095ec779e4479fb48ae7034e22c3731df00e2c57dd4189178358c9cc9beaded6e45ff807c14e966114176431387
+	C = 3cce0b3025178c5829917de5648f2ebd05237c9007bc69523328276e97f01a8868598c738db70e79a37e2aeb5a5479af72abea15fd7ef619e6825e499cc2fd96ade20ed5236f1a957f71bd2d7bcfdec29d9dccc52d84825ae8b5dab8ccef00acd60872319723be6ee62f4e26189a41
+	reseed counter = 1
+AdditionalInput = b0e9dec1796c3bc3d0d41165f532931e14af8930520d584195c7080bfcd0e7f5
+** GENERATE (FIRST CALL):
+	V = 38adf27ee7d16dab88a9f242626cfe3ce2a4dbd9c1458c69a19967580bd95a3fca40fef7b63669bebd4137547f57f5d70540b42e36f27c20ec1d432f0ec7cca609d7779c2e4664410fc5e7830258fe92b0987b107825273462ff388803e9e49658998626f79ca6653343c924df7cce
+	C = 3cce0b3025178c5829917de5648f2ebd05237c9007bc69523328276e97f01a8868598c738db70e79a37e2aeb5a5479af72abea15fd7ef619e6825e499cc2fd96ade20ed5236f1a957f71bd2d7bcfdec29d9dccc52d84825ae8b5dab8ccef00acd60872319723be6ee62f4e26189a41
+	reseed counter = 2
+AdditionalInput = d96608d581fb6098db8d58c335fe58caab2fc3d9ee011ab99d565334768bd4fb
+ReturnedBits = e0461a26245b672483590ddd099da51b3048028c43938ec0fff0e176f4fd3cf76b11a6899d766acd8535d23b2f7c167a5a894fcf6bed637d64ce1b102c3a60d2a2b3540c5a01b62e2fa3c224bc77ddacd36a00aed71a6d4fa8889b9718f5acc1431640f9a77d283ed10ef3f2e1f335e32f04e9901aac83a448f20af09c0092deafbbbe9746163f3b914ea63c65f5f3c2ed5f7f953b53e87cfa22b65ffced19c880a0222fe60ffb5b0c4234391325f6ff7a0c00e46ee20e9717bb6225d265522b95a1107f2181bb8d4811601c3b73758789c2ed349628dec2360f62073cf0e1b3b9992148a1854cb9de8a2a9afa7d9b6c2255b4cea89d4b58a8b708ccbbcd6a03
+** GENERATE (SECOND CALL):
+	V = 757bfdaf0ce8fa03b23b7027c6fc2cf9e7c85869c901f5bbd4c18ec6a3c974c8329a8b6b43ed783860bf623fd9ac712bdb6d1b796d0b9bba03f7173c7a3044a6937582a6710362ca79a0e3baa367f7fb02466a7cf8ebf229530c5475cf11bbdbc68a458f8b695def5d3a0abb358110
+	C = 3cce0b3025178c5829917de5648f2ebd05237c9007bc69523328276e97f01a8868598c738db70e79a37e2aeb5a5479af72abea15fd7ef619e6825e499cc2fd96ade20ed5236f1a957f71bd2d7bcfdec29d9dccc52d84825ae8b5dab8ccef00acd60872319723be6ee62f4e26189a41
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = ba97378d99300208202fdbcbf76fa7193d4eaa50493bbb10f40b4f9cebe1e4a8
+Nonce = 1c352e8e9583432417097310471ffbc3
+PersonalizationString = 61487e71547fe8b04669e1f82b83f7e7ff28bb32f912e2a82f4001cfdae23005
+** INSTANTIATE:
+	V = f6501d89939d044b978911d1d24733e267bf378b6c1c56308c9c45c64c2c89dbfa068cb95cdf356207b7f665396fcbbf3f49ebb2abb9c950350f41bbac6730066565f401d6665f120993eef737f9c184d9d4156eed17dba087f62939ea9789931ff947ddeacd5efccd1176162b1f6f
+	C = 7a400079b74a7664ec4c2b541af9fb58b5e47ff1b7bd55cd7a37bc51047d81213c65e89d901f9bce6395917c55956206b57447cff51a9adc32e3a9db4c874d64a47c6bd0fe51fb3d126a1b4469d7a9d84cecf9d3c766e08a3d926b1a68b93c76796d1e5f5fb47cb8064b4209e07935
+	reseed counter = 1
+EntropyInputReseed = 9b0ca1a60e96169481e2d51024d8c4592647081a73cb3e553f1675f07122c5ff
+AdditionalInputReseed = cee76d85c0b767b2a286deb93b1ece29d021fb06b9d21269a7deea5f031613a0
+** RESEED:
+	V = 5c36e958622843b562bb1eb3ad5eb7305d02ad34c9846a2d7ab34b197ff6ab670000ad3c23395048546a31ca5bca103a60ec7ca4d5f40a0fe3c5f176c60a554a7e741f9e3e452d88b7daf824287c5aec714237e43259e1eceb979369a7adf7285c405b8f74b979f9ac3bc0fa79776d
+	C = e2fa50042d72d2f46774e8aa5273800bb7f082f518f8b1a709be4828d665d78f164723e2ab87b3d251014813aafb146ab85afd2229db674fad47f2190df3379a4ff5c6c8f5735aca4e0ac22e00330f3ad572d0961775db9aa98b46c983447255b281d9452f092387b30198f9c179c0
+	reseed counter = 1
+AdditionalInput = 076cf7c64dbfa07e9fd4f18aa192183e9ea59a9d67c2f5e7bec5d241bd67fbb0
+** GENERATE (FIRST CALL):
+	V = 3f31395c8f9b16a9ca30075dffd2373c14f33029e27d1bd484719342565c82f61647d11ecec1041aa56b79de06c5255b80ea3b4a848e06400ab028118829f02a98702c95d42b6d0b51c55ac1af1ccd76a97fce766b8336c22d4f7c7bcaead44de3b8f826423d24dc807ff28e5f58b0
+	C = e2fa50042d72d2f46774e8aa5273800bb7f082f518f8b1a709be4828d665d78f164723e2ab87b3d251014813aafb146ab85afd2229db674fad47f2190df3379a4ff5c6c8f5735aca4e0ac22e00330f3ad572d0961775db9aa98b46c983447255b281d9452f092387b30198f9c179c0
+	reseed counter = 2
+AdditionalInput = a9942e98202f7138ab9ad863c874a909c788001f581d0f490e5dcfdefc933385
+ReturnedBits = dc9bc3dc354c322ae8a41bae0617f1353740961646dc7a97734f7e3f29a79b445a7db2be0c37ea66487b9f757b810cf64878db58172274a39cc8354c32da10c71d687570c5872042b99ccd75d5832901de56740ffa5ceb0ae8883f523ee7e6e3df30e440e4a0542315810e8cba750aec302579820de8fb56056bad441d1871744291925cd3a058455109dab2778f0e57cf90d72b73bfcf4355c704b8d9228b1c6d24e0459e69a43af165f2c88e3f14d53c31dac5480f79b887dba392ff25f27f1a87bc4016865565ca107522997be9edf241a4c9a4402963f1e3b0b4a27ab4a3ee31e46d11a91385a67cd675f5a91c0674577bf228be2ea19d2c4dc9bbceb85b
+** GENERATE (SECOND CALL):
+	V = 222b8960bd0de99e31a4f0085245b747cce3b31efb75cd7b8e2fdb6b2cc25a852c8ef5017a48b7ecf66cc1f1b1c03ac0ff4f89326867bf9cb090d132e7df7ae25d13b20f6962d67aaa62f597c53a1018427a470775a0ea87d40f03d50d3021c4f11737c59d61d963a0b51719dc54b7
+	C = e2fa50042d72d2f46774e8aa5273800bb7f082f518f8b1a709be4828d665d78f164723e2ab87b3d251014813aafb146ab85afd2229db674fad47f2190df3379a4ff5c6c8f5735aca4e0ac22e00330f3ad572d0961775db9aa98b46c983447255b281d9452f092387b30198f9c179c0
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = f7b60651d42f71dac4e6a2c7af28e2a5456d2a838bea0a75ba8f41c29b300871
+Nonce = 9cfa2c9f6b88b1739da5af96e3aaffeb
+PersonalizationString = 6628f280b046f478f248855e588267ad18454d7828f27f523ef5340483c07a28
+** INSTANTIATE:
+	V = e5d0ef51065fd7236974465d9f125701a569a0b18bdfb5db0ab4ef7693ed69b57cf0294dc321229ba81154dd28854c6a0fc53fa544c10607814c3cbd032e3b989adfad2868cfafa17c7076974b8b86ca0c0fe1a1409e27fc91732287ca16bab2009fe64fac9cacb2ca2337f6a460af
+	C = 5de18f12438d7f110d582d61441ca6b9afad365daffe9db8b0884bf0b82b77d8e8e684aa7b3282dfbc954074060f82fcbd160b59fca5b0deea188ddf8cc4842feb7199150b5ec675a481a93256e39dc2039ea5ff29cb07ff30b7439078251427907ebfbca2b86d3c1ae37b9177c485
+	reseed counter = 1
+EntropyInputReseed = ec43df6057d281386da6e23acaa8a5fedb3342d15b6bf0dd7c84849097a6e9ce
+AdditionalInputReseed = e5a0588ef4e11499a91922d61924cc2621fa7e4dbe20c8f137e0648445ec79bc
+** RESEED:
+	V = 97d96feb3f2808cb2bf6b565f602d11bd46fea0e2760ce3fa8088e6ce852b86d954ea3b86f2f2061826139e28c6c4ea39af45446314b645caf271b43d25e16c0933e9441b22c1dc00a280cb772107d249fdbe0aaa68b31bdefdbb698d5030315ecddcf3bbaf4d2c72bfeeb94719596
+	C = 618ac707e5142dbfc0444b73dcbcb3c2308232e27eac4627136db1db9d7e2b8be50a35a20d0bc4c349b3f16f72e7d581db5beb6de008403c8d86680d1c5dc3737b79fd9bfdebbe3398e096f8bafb6c769070695133df480357413eee0ca1f66530211d0cafd57d72959cab46623d3c
+	reseed counter = 1
+AdditionalInput = 53d4621d55a2a2269ada8b3789f03710bbeb9ee3d16c801051cc814c5957295b
+** GENERATE (FIRST CALL):
+	V = f96436f3243c368aec3b00d9d2bf84de04f21cf0a60d1466bb76404885d0e3f97a58d95a7c3ae524cc152b51ff5425ca7505e420c4a300f81edea1f72a94f69d79bd81558905e5bee0b9b1391d9e91a2a59725d6861ba605b4cca02326af13fc917c66bbac08713b3d0cc1ecef42ad
+	C = 618ac707e5142dbfc0444b73dcbcb3c2308232e27eac4627136db1db9d7e2b8be50a35a20d0bc4c349b3f16f72e7d581db5beb6de008403c8d86680d1c5dc3737b79fd9bfdebbe3398e096f8bafb6c769070695133df480357413eee0ca1f66530211d0cafd57d72959cab46623d3c
+	reseed counter = 2
+AdditionalInput = be96a7dbf9f9b36309b46a7f4b160d6c3135d21c2caf0401aa4d0b6ac77a1b2e
+ReturnedBits = 65dd80ea5c8b4791241ddfb0b1aa32e48bb66e9d0992a6e2bf81fdca94646b978ae8a111f70a5dbb780923a835ad351185fef0708d3482139c8d3e2c85da69ce0d5a3ea457f18eb907d90161b4992a70c324eacf47c72a16fe6ed7153b8c740c037f003103cc46f9bb3eba04e625c4805e16fe88a1f97577478d4c48eaaa37e7bccfb3c51cf43f158ea93ddc5fed49eac0c8c1caa829c3f386c2203c9f4cdc577bb0acfb94aaefdf9fe816c74dc83f8eb3daf75fd77f8396d84ec2c734633a19634dba4425212edb2edb518bcf91fa39d5f668565f4ef8b8ece9dc6c732f5870990f4cc7e181490029c8ea8927631be521158d4a926dfe9aa78a1473c1b59b86
+** GENERATE (SECOND CALL):
+	V = 5aeefdfb0950644aac7f4c4daf7c38a035744fd324b95a8dcee3f224234f0f855f630efc8946a9e815c91cc1723bfc5fdbdebe4dbb36e2c89b315a0884f7a15c7c3d4fed9b24ba592e8d56ea356b9238551041f1544d1dab3d5a62ad6b2499c490c9c38937b5c57161d5645a3e9853
+	C = 618ac707e5142dbfc0444b73dcbcb3c2308232e27eac4627136db1db9d7e2b8be50a35a20d0bc4c349b3f16f72e7d581db5beb6de008403c8d86680d1c5dc3737b79fd9bfdebbe3398e096f8bafb6c769070695133df480357413eee0ca1f66530211d0cafd57d72959cab46623d3c
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b15a940b8005075c98d2be2a504f10731a4d88442150225c4ab5957d2f67baa7
+Nonce = 26ee6bd76b263c7a3782c3bad56cf30f
+PersonalizationString = f0764c484f3cb8400b9e9d0957f15ea101fa73c84a11bc4d3204166f7c9d7121
+** INSTANTIATE:
+	V = 6c0a518e6337bfd9c8fbe65ae2416d5709deb276d3339043174410578b616f58eeb0d6eaf77abdc0ea5e6b38793169814b411215b09158f0d78af1467a37168424782dac5d1b186233ac82a5c986c15c149bdb7cb916e2000d61dae3b48f561806031a1df95cd27cc969f025404e63
+	C = 2a49d32981a2ee080b4350fc4078c9ab121fe4a5c3d0260968bac9436f6b4fb22c6da667fe7a10f7dc85976398c6ebadf701bdeea80f381139077570aa18618ebeacdb6aff03ce1bcaf1e4fc98f59262fe25f0fa3b26133aae06ba01238d7882aab887483d80a2d63f4a890995b463
+	reseed counter = 1
+EntropyInputReseed = 659e3a5bc3ecdb42926c1be020a110f01a095781501a5df7b537827e87deaf22
+AdditionalInputReseed = 8a480e1ccb3d954008766fd549592ebe07220fb311f40f3ea147a2cba96471e4
+** RESEED:
+	V = 7e7086f1773acb706422743e04fbd406d2c4cdf0436cfc32c286f24078e482264e8c4041955eaafc06d6f9fc50986f0d19ccd9068995f492f8ee7311fe7474ac41879364c410cea2a104c1999ce207ae276b0807268d98b1b1bb7574b05e2111747e752e5f64086698e3a32f946da0
+	C = bc880414d9b96b2ace9eb95af2adc630b95784354e865165ad3c2c10e5cde27caa8186088e3a904dd0418ec96550ed57cd6104715c798d5a9e35cb1c4bb5af62a8815b5aee34d316e60159a5337ab4ae4c006c88407fff7310dd5a543c494a1bb63bc625b52b9ff48d5d3399e25b25
+	reseed counter = 1
+AdditionalInput = ad07c7f6a55637086d0f4fbf03c85138d45d1b07c7333c23b84cde4879197867
+** GENERATE (FIRST CALL):
+	V = 3af88b0650f4369b32c12d98f7a99a378c1c522591f34d986fc31e515eb264a2f90dc64a23993b49d71888c5b5e95d89764fe82e721d15147a488c82b2648331eee8f8d34d207623a7502fc6004575447974ac629dbeb842e426f9e1b91ee5a2202bed7c7362c765a462640e42f0f0
+	C = bc880414d9b96b2ace9eb95af2adc630b95784354e865165ad3c2c10e5cde27caa8186088e3a904dd0418ec96550ed57cd6104715c798d5a9e35cb1c4bb5af62a8815b5aee34d316e60159a5337ab4ae4c006c88407fff7310dd5a543c494a1bb63bc625b52b9ff48d5d3399e25b25
+	reseed counter = 2
+AdditionalInput = d454d503019ad4a5f8d99b77d331b9f9206b837a101bf1f3cd52ebb9b49ea77d
+ReturnedBits = 34e35dbf751aed03175a122596222ea390a63678b036e7aea1bf92101907f12101e8e77e18aa953feb61390641b894b5d9db1e53d72cb77e175ef5a3a922a3cc4ba815b27fd9e27123cfd258279d67281ac6e1cfc22a8e2e3d9ceab7036482c23fee4ed0839609d228b84cea6c8e95c6f806b2dea2d3a5c76ab447daafa668025c61093da525950241e08363861a049ba2ebdddccbd52ad8f743fd9900d8d2a64d8c90041e795b7b46630f6eb69ed081a7a65bb43e286e680797e5a611da2d0e75f5bf0999c9dcd915336183885e501a0301e34b7a13ad924a75f56d103303c7e6d982271fd30a6d49ea4a30585648a5f09ec790ec5070af585d56d0c0d1c956
+** GENERATE (SECOND CALL):
+	V = f7808f1b2aada1c6015fe6f3ea5760684573d65ae0799efe1cff4a624480471fa38f4c52b1d3cb97a75a178f1b3a4bec9ab009400d9b98d21b28247fe87e3b66a9867bd96bae58f0614cc962b37ae0b1261b5f714c15020b27cc90f5965d527d0e0ebd7bb4ff0adf3194644d0e31de
+	C = bc880414d9b96b2ace9eb95af2adc630b95784354e865165ad3c2c10e5cde27caa8186088e3a904dd0418ec96550ed57cd6104715c798d5a9e35cb1c4bb5af62a8815b5aee34d316e60159a5337ab4ae4c006c88407fff7310dd5a543c494a1bb63bc625b52b9ff48d5d3399e25b25
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = d6993401ec44ba675783ef67522e782cb33f9d2980f1f8b5794dba094d4895a4
+Nonce = e3395eee7122bf03b3a1fedac097eb41
+PersonalizationString = e3098148f33646d7572861f3e4586d64f5d5b2df2970b305a904cac2d13cf28a
+** INSTANTIATE:
+	V = 63fc5833e95cfbb10bf113bfd2693612e664083bbbf40174c0fece28d00962a6b4b446abbde66dfa5e5be460505f86223a73196d3932b258944957c8af98896727a2ea0fe67ee1db73491b0d55e982b88a06a49589ba1fa9656a3f9b00a703799ba1e4bc07490c8451e8118d6baea1
+	C = 06915c420f50b18116d473061a6a7569ffa9d08346ea4d40882fe77487a47431f7c1d38ff677fd45b3de42eb738891cd1a9b3bb07aa513bfaca4e1d2723369dd739d9a324f43d50bb7daf41a17c86dc86dfdfe6c9152e22bd0337cbb9c444f9ec4ec0db0ed1432032efe475e0a5153
+	reseed counter = 1
+EntropyInputReseed = 9982212ad8b00aaffa23091208108dd30a5a6539f676f227db1f68e8f0baaada
+AdditionalInputReseed = 9166628d9a932c8bb7d8720d2125c07cbe13bb557e36a7c6cc18cfc27ac1582a
+** RESEED:
+	V = 8f0103125c740424fefa0ff13fa8069efae1d053fc85aafb87350e77c310e5c08a4c81edb712bfdbbdf540ad0640c87a68d1ff7a4ce08c211759d33de97115960175128870b82984650b1a83a45ad189dc98675e88b439fd10a55196d7336470752bd8722d5c16ccb94e4f409a6a26
+	C = dbc80f61b1cddacc1820cfe05e747e4b97f7fc474e27d2d03bb51c12c6681499dc9a7d83b37e5b1b76dcc646a199b34f6bb5b188046a170fbaec831bc0c40f2372651a8554e6fa068daf21305670ce7689d90a2f86ab6ea7a326cd921945de79dc6c97704bde68a42974cda803d72e
+	reseed counter = 1
+AdditionalInput = 66a3a483ca4ac7e03c70ee75fa404ddb9bf043bf6de8a246111399c52d3996b0
+** GENERATE (FIRST CALL):
+	V = 6ac912740e41def1171adfd19e1c84ea92d9cc9b4aad7dcbc2ea2a8a8978fa5a66e6ff716a911af734d206f3a7da7d3668260e11427c7b33aa86e003b5e7b817c1c47c1f9e63f2e6097b56f3d7e40b37c6993a7c5c35e5cce4be4b3dcdba12f2beb677377d24853ed8fe6703795114
+	C = dbc80f61b1cddacc1820cfe05e747e4b97f7fc474e27d2d03bb51c12c6681499dc9a7d83b37e5b1b76dcc646a199b34f6bb5b188046a170fbaec831bc0c40f2372651a8554e6fa068daf21305670ce7689d90a2f86ab6ea7a326cd921945de79dc6c97704bde68a42974cda803d72e
+	reseed counter = 2
+AdditionalInput = a29fb458c0465d2971b59f4bda0a81c02a96d58d64948282e6f29119253d7f36
+ReturnedBits = 30ef7ae97c99a893149bdd341b412ebef24f65df227a3e1a9d0e04f7d31e77115cda07522375113a686f1bf1832d42e2c3f0ae53b93350f6d08621896995085233e02d5dacec966c193544072a792a4256257280e42eeb844152972cc68ed4f016a0a75db18ca31ebd674768cac79423b079d61a0b6aa950d42186add02ef0d28b5c09524360bda274af0f4a6ed9ba465f46494894c5b7b02f974ae50b9702834398299aeac3fc26118a9ba8a6d4b19f778259a366eb262d8f93a3d25454621e2f21071c107592dc35345df2b9ff0f2356693db626670f401ad18786f9daa9a2a7d426566b3822c67ac3131b349ffb2a6dadd7110ac32516248ecfee167183e7
+** GENERATE (SECOND CALL):
+	V = 469121d5c00fb9bd2f3bafb1fc9103362ad1c8e298d5509bfe9f469d4fe10ef443817cf51e0f7612abaecd3a497432149d9c958bddebd610f57865b752bcfcbd5dc346d78a6adf36a4d775a575a8ffc4bfa738f4bcfcb70ab9755676c097aaa36ed9a26ff87629297817e1a902de73
+	C = dbc80f61b1cddacc1820cfe05e747e4b97f7fc474e27d2d03bb51c12c6681499dc9a7d83b37e5b1b76dcc646a199b34f6bb5b188046a170fbaec831bc0c40f2372651a8554e6fa068daf21305670ce7689d90a2f86ab6ea7a326cd921945de79dc6c97704bde68a42974cda803d72e
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = f0d5b6eb43fef7131894cc9e7ca8c9122140da4723ab16444d4abc5184655e07
+Nonce = 16df8b4ae54188812b8f93eee07e1d32
+PersonalizationString = ff9d0568208d1eec79b43bc00a6bdd5c0cc86f3d43c53d64a9caa6e619092ef9
+** INSTANTIATE:
+	V = d6e48b0b6461e2e39c21d08f447d85a50d1b17c9fb9dd1bc326ff6bed14721d75c9e882b4eb301940c26cb651cbd49bd150cb8f86ca1415b990764180d91f58357c78edd927f992cdfb3fcdb87c25ea8168fc1b09149cd7ccc6221febfa2b42f8a147387971d95ed5877adccab9ada
+	C = 731773cf0d8b884bb562a6a49571ce78cb4368b88c0d9488260d50e2f452ba60adb5a53ea0efe94b1a7dcc7f155a703e014582cde88bb2d59810e3691e26231b553ba0259b0cde5a4f60ec2da433f6f417cd092f01b036d7949b76af2585329199c69f4470feef284c510bcf30bb95
+	reseed counter = 1
+EntropyInputReseed = a0be1ea46e520c2cc175da7c8f24d2edd665acccf3937a18a421a9c270fac8db
+AdditionalInputReseed = 8cdd3888d8fe646e758e0a43d47a3acce4b48cac4deb5f4ca224181de3daa6bb
+** RESEED:
+	V = 764ba46c3351e8657694396f8fa48c6595ffb4d63a1146b395237deec09cdb3baab0609458257b11e8bc10deb482425b94a8190ecc7e9e5b5a2bf86d00f7a7a9ee7aeb51909298476b446705c765fdc1e5326686755bb157a1a15523ac4cb667d24422baab6bf2baf872db0f710233
+	C = 8e4b83ad0013923044d2d5e1d71c0c09240015658d5dd1e496e568ad0fca1172ba5dd677fd98908f30707d2062eee7788274ea3d0e360d3dd917ba3e64bc5a9efdf802bc22c8667cfbe1fdbf53e81aeeff61ed8b828ab554ea188ba624b5ec2251718e111cc16c6b77ecf18cc1d524
+	reseed counter = 1
+AdditionalInput = 25c8d649e6c9dd52dd264a58c7ee1cbe5160e1518ee288880fcc0ccd4ab2dad5
+** GENERATE (FIRST CALL):
+	V = 0497281933657a95bb670f5166c0986eb9ffca3bc76f18982c08e69bd066ecae650e370c55be0ba1192c8dff17712b2541e6f3a48d2b3d6aec0ade2673f8e14041ffd0bfb4e427255d1496bb655a27fd3f401712740f2f5109b68b7148fb222685748a5f39e2cfdd980c356aadec6d
+	C = 8e4b83ad0013923044d2d5e1d71c0c09240015658d5dd1e496e568ad0fca1172ba5dd677fd98908f30707d2062eee7788274ea3d0e360d3dd917ba3e64bc5a9efdf802bc22c8667cfbe1fdbf53e81aeeff61ed8b828ab554ea188ba624b5ec2251718e111cc16c6b77ecf18cc1d524
+	reseed counter = 2
+AdditionalInput = 53828a4c568b3fd70f01a0e49a76d4f4c9b2710c3cda18d5cace8aa22fa99f2b
+ReturnedBits = 78230fff1eb5c5c62cbd5ff9d373ce57b377c0dd2d3ca4ea83ed21dfad1cdf51b5c6fadc83f66a2f38a6ebb5ca829f57a5e5f95aef8c765c76d457cf44a648391beab3bff9305ba85b75f39e2e6f26eb52c53c5c2785102a1e759f2e296b0c29ce4eedcda63cfa84f83323e2ba31af00d1b356dd15458d8da2a97cd2b696da5d008b1431bf9df99c81982403e077da35fc586b842584533ae99587f88046a5cea344f49783c80b75f316bebc584411018126e6040bee0800212638a8a7031085795fc9fb3c286909df9955775a89ee9e24399919b8c5e633754c2041cc346b7d78dca3d61ec74efe1ab3e8db37fefb704e3ec0ad8358b2a6001cfb98946dff8f
+** GENERATE (SECOND CALL):
+	V = 92e2abc633790cc60039e5333ddca477ddffdfa154ccea7cc2ee4f48e030fe211f6c0d8453569c30499d0b1f7a6013f6ede077ed106a636b5e914079a3fbf5172058bc4b968204ab301fdbcc6c4ae23a093656082d0de0f6900e29aeae82f746791d7f2b4c3208835dcb1e79135b83
+	C = 8e4b83ad0013923044d2d5e1d71c0c09240015658d5dd1e496e568ad0fca1172ba5dd677fd98908f30707d2062eee7788274ea3d0e360d3dd917ba3e64bc5a9efdf802bc22c8667cfbe1fdbf53e81aeeff61ed8b828ab554ea188ba624b5ec2251718e111cc16c6b77ecf18cc1d524
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 5a71f4701cd5e9f79e4b1f3a7e45d9721dfd2ca5a72ddc10518eb8e51c8e17cc
+Nonce = 940fc3d13281eeec1e69413ecb15a34c
+PersonalizationString = 71b7422b938e4460ebf7378eeaa59f70569a8ce7a9e9f4a8cf355fdbe637c59a
+** INSTANTIATE:
+	V = c30490f938c39a5d902f919c596f29059b14cfe070b88dbc7a4f637a50e6ebbdc4dfe55d82cb6a4688270d2c16180e29760bf5c595bc604f68a585032cfdf56361fad43254e6fc8edf9653367c552ff47da83b53a4901c0c49d16210d0e94679fe3b51b4e4da63949e388a208f3e82
+	C = 492c1492c1f456acd30c6259fc03a88a8ac518e4d0db6e4cbd1a66c84bc058560293f686ca0807cf40ec92c7837c123c955f32f5f320acf25072be0d27cf142ff8a35383d008910eebe28ed20ae251e4b3b965fdafce4b25b62d1484d25a58b481ab84ebb16b93883aaf6173e70feb
+	reseed counter = 1
+EntropyInputReseed = 55ba8d09ef4f06cc5ea3f24a379e1df78cc4353c532370339f1af13f6b955942
+AdditionalInputReseed = b76734100d5fd13979c83900fa16fa7b201abff087a071ad2e40e842520c2f3e
+** RESEED:
+	V = e915ec94366da46a0ce41d6639dffccff52e74d6eaab34e175175853f01843e4f952f83719d512fefbcb8b074d0257895165df2272856d2cc5d83cc1fd24fd1a475143a5582668422335fbf77efcd7e151d528e443f354ddb44083062cbd97e722947ab1b3d6a02dd079e25d547889
+	C = 64567205ffe71f1fbecc253355f619989bea144bf61561bfaa813832c961db3fd0d1b7056e7717bffae8ded66ec47bfe3e0de8ef6cd2f22d9dd1d6a8af58938aa351871d59aeeffb0baf85037923e2a9991d5e4ed31b9d88e391e022c7abb5eaa099d5fb98ace9624c219910c937eb
+	reseed counter = 1
+AdditionalInput = 4dcfac6238b1c2a38a404213ab1dd554d3593dc740b2a02a267496381091748b
+** GENERATE (FIRST CALL):
+	V = 4d6c5e9a3654c389cbb042998fd6166891188922e0c096a11f989086b97a1f24ca24af3c884c2abef6b469ddbbc6d4786b6ef61b1a9bebfc3c678de486d30995bc216866d78dce7c026b73c90e7dd3cf251c22003b0d78f0f1b7d75965cb914745ac05a79a5a5d2e798bf700f99f5e
+	C = 64567205ffe71f1fbecc253355f619989bea144bf61561bfaa813832c961db3fd0d1b7056e7717bffae8ded66ec47bfe3e0de8ef6cd2f22d9dd1d6a8af58938aa351871d59aeeffb0baf85037923e2a9991d5e4ed31b9d88e391e022c7abb5eaa099d5fb98ace9624c219910c937eb
+	reseed counter = 2
+AdditionalInput = beb17eccdd995123cc7a562b68b964ad2f6b2c1b5e9ce1582032bf2ff5388281
+ReturnedBits = 43a384421dc7e14bebfeb9daf71543b15c356a9a4f08a08166e93f433c067c765a54d4e1c7086bf66f5a3e7ab19c3217638a03a15f1db3ee87c98012f4a260cb04ba26e0e9448e920c634eddcca86617273e68e46a511d88fcbe89df6372a9ffae5b1ee0579163538f94f330ce2eff5b8a28397018c02fe68d36de9788750faf2875c0e5a840727d45ad6b169359cda0971a511fe64820436598505192ca1aaf85958d201936f2af505286473731d89a1c664d4a528c25b334011184fba1fa6161f1cd58798134f9f3f6316db951bf6be1a11b0661eca2375009ee1f836a20f2897bbd8826649228c703d1a7660f4af2fea012c3ceba1870beea525b6e2311a5
+** GENERATE (SECOND CALL):
+	V = b1c2d0a0363be2a98a7c67cce5cc30012d029d6ed6d5f860ca19c8b982dbfa649af66641f6c3427ef19d48b42a8b516310c0f5ebab9bbb3075633d3317924960a7a3f5911caa8475b85064ac209b8d359899ef83a46cd51eb0a5ea5f1f31cf8140a28f0e9ee5c31d1c73a9cb05ead4
+	C = 64567205ffe71f1fbecc253355f619989bea144bf61561bfaa813832c961db3fd0d1b7056e7717bffae8ded66ec47bfe3e0de8ef6cd2f22d9dd1d6a8af58938aa351871d59aeeffb0baf85037923e2a9991d5e4ed31b9d88e391e022c7abb5eaa099d5fb98ace9624c219910c937eb
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 2c482cd392d9b8677ff319a7ad539cbd8a24ebdc2b8dbcebbc1d1d0d0bcb698a
+Nonce = 27cb9fffccdd7a3b2856fedd6817f1aa
+PersonalizationString = be95711754beb1b25a46d504d19bbf44232c39533233f6ea84140ca1d470fb10
+** INSTANTIATE:
+	V = 36f3e7491177c5b91ef4bd81381becc9fe82647217753bf1dfc52d3d8c563830f3a598d7e30d6dd8f63e3707b259a98db58776794d32af6a555b5772114da622f3d2a19df249fc88bf8faf6795ed72c52026fe2284d60d91694312d989f316d9c6e81bf1916a008dcf5f6be49b87e3
+	C = b4923333005ab7140ec108c120a97717472357c256088533aeed55844117da6c28d111d7051c5f6bdaeee073101510db9514bbb8b0b43623c2b37f2f1d3f20a9c92edb2e7bc1869e43c914c10c32c1bf81bdff584c9b5c4780fbbafaa0ca010afb7e8b052be838f58c043e0c2b6ad2
+	reseed counter = 1
+EntropyInputReseed = 4f39a2b6309af32a1c721bd2a31a97814807644303b1d132239364a36d266f10
+AdditionalInputReseed = 947d7b372c909eae57bae64d7a9bbf75234f5cb05c093927037f632dd8567693
+** RESEED:
+	V = e880aad57888bc81beb6e16bdce75f6dbdd0adab7eb04aeb62c4d6a4274c8eaacb9c3a8422a4df14e6570a427b013561fdd604602984efa4e3c017b7a56e1331e8cae254e469d25438709994bb8b3707a52feda86f1b0cbf3b3ca34a97357c10986d96714d2ea2660bc67130ebf8e6
+	C = eced12313f5f03ddd2dc63f0998ef7232839fed2dd04d40f43f51cb189c54aa4a0152462bb455e897fe8150f32317d6eba7484d3b20789f5d7a7709680a690a431df7de918c0a50e8f3f3f1a4ce0dffa1e74ba708569de35a0cd52ed31d2942987d8ef52ce26a8b29c0b94a65ab065
+	reseed counter = 1
+AdditionalInput = 651f03a8023434b2af28a1fad94b31910152d49a1bbceae32bccd74dde60d92f
+** GENERATE (FIRST CALL):
+	V = d56dbd06b7e7c05f9193455c76765690e60aac7e5bb51efaa6b9f355b111d94f6bb15ee6ddea3d9e663f1f51ad32b3b12f75f594e194a0ebb8c6bdb99a4288319195db4ca3e7505fa33ab45fa1178f51b966840b404efe35e0bbb387e400e8d75b4309ef6c3de28f80481e101cbf3f
+	C = eced12313f5f03ddd2dc63f0998ef7232839fed2dd04d40f43f51cb189c54aa4a0152462bb455e897fe8150f32317d6eba7484d3b20789f5d7a7709680a690a431df7de918c0a50e8f3f3f1a4ce0dffa1e74ba708569de35a0cd52ed31d2942987d8ef52ce26a8b29c0b94a65ab065
+	reseed counter = 2
+AdditionalInput = 934a97d6ee4685250ac5e51159e5bcbc48a6f92c7ce7bfd1c61d0e7b0a0e7f61
+ReturnedBits = 77ce58af822a11f1d6dfb2be246aa6549e4c089e1532aeba3e6f13d19635930f7024f94399ba6c84dfa3cd9c7806d7b769c096d33415a56be1096618d5bd80d7d649950ebcfe7418e9f233acdbb7c2ed3681f5dcd07e741eecd2a4675ac8db7becd2eb77f164cf5c7672a6e9e619254c5f231c85344c3461fadb5f191706dae9fc2cb5d61c8b36b3e1af3e82cef8e2a9ca76fafbaf4d4bf9e0f9b0cd5907d4069e0ef4e1f11a259963c9d8282f36b27b75683958a165073e692dd98208d6dc17a791fd9c3dd54554ca6b656750b77b1961c917f486ba3dcffe78de2b346cd38b4de234af1a3566ccb86b7614e99d96624ab3919523dfe9381dd57d4d00f00b6d
+** GENERATE (SECOND CALL):
+	V = c25acf37f746c43d646fa94d10054db40e44ab5138b9f309eaaf10073ad723f40bc68349992f9c27e6273460df6431a9ffd80c15ed6740d872c4646824ee9e362d7ace7cf65d37318c2d4830196278044ad98b6e0d8799a055374d711934e5bda451c0824d51f3838ff1f7990eef1a
+	C = eced12313f5f03ddd2dc63f0998ef7232839fed2dd04d40f43f51cb189c54aa4a0152462bb455e897fe8150f32317d6eba7484d3b20789f5d7a7709680a690a431df7de918c0a50e8f3f3f1a4ce0dffa1e74ba708569de35a0cd52ed31d2942987d8ef52ce26a8b29c0b94a65ab065
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 260d86f8b7ee3f7dc662217be46ad23f12b12078cd8f7135
+Nonce = c7dc27b23f994a1e88db890d
+PersonalizationString = 
+** INSTANTIATE:
+	V = a9688717f1ebda93da26335b0110f26e2c6a1e40355da58c6cc61c2bbb97ff59c98820d3c099e56e93dae477d26a97bfe62028d8859e77
+	C = ebdad5a0528b1b7145241ee204c47c813dc71d0d9ce2d2a689a3e94f7c16beeb53c64b68970958654dcdab508af6a0eda7d05032153b2b
+	reseed counter = 1
+EntropyInputReseed = fef2179e045b8d0bc299ccb96e270c01250d2bd315a7e9b8
+AdditionalInputReseed = 
+** RESEED:
+	V = 63c2618ade2493f98640ca3821c0ca6953ac83a36a45ddfb3a21671bceae7ca2f5f6ebc4df8762df5358d50595b64d1522a9d7d58b7bfa
+	C = b5c30d937ed8aadf588658b8a133653688cff935bf77a83a5b65b6e3c39dae28b7293d68063ecd201be55aa4dc2ae5a78381ce155e4462
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 19856f1e5cfd3ed8dec722f0c2f42f9fdc7c7cd929bd863595871e469b16ef860e6a42083180d10e6d929c029596d2761d8fae10059ccd
+	C = b5c30d937ed8aadf588658b8a133653688cff935bf77a83a5b65b6e3c39dae28b7293d68063ecd201be55aa4dc2ae5a78381ce155e4462
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = eba8851530bbb11b07aba83898e2d9bce4f94080f2547b088f609582b0ad8274e9e59cddc24fe5709d7b4eb83fc66df0f55e10647350807d708a105e9d0a54cd16771dfe2e6915a818a8fcbd0cf0119f869e343810cb1a0ecd83f70de10243d34fcae5f0d8bf568bdd5d1392a82b52ab
+** GENERATE (SECOND CALL):
+	V = cf487cb1dbd5e9b8374d7ba9642794d6654c760ee9352e6ff0ecd564708a3b056eae63d432fbd6adfe0bb69c11cf168f3a5233dfeb1061
+	C = b5c30d937ed8aadf588658b8a133653688cff935bf77a83a5b65b6e3c39dae28b7293d68063ecd201be55aa4dc2ae5a78381ce155e4462
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = b3f6af4fa2560f54e46dfcdf4bfa3276047a6c6fcdb680fd
+Nonce = 9f01d50c604b43c8fc1c8c47
+PersonalizationString = 
+** INSTANTIATE:
+	V = 57e2a8c4289e52d7f6228cb10c02f02ff93ad8ffd2923e920630c0a164aa7e2f30e7e62b7634257fec7cfd0592a04494ab74a99fc44bb2
+	C = 7e96acd082a953a60e1b380b2220f8d5cfaeb18943664b4ba16a54f939245b9af4b706df25ed37b2f6203a6556bc55576566470a74376b
+	reseed counter = 1
+EntropyInputReseed = dc82b6024cde6616b1834f60c0dc7de7d24a19206f718a52
+AdditionalInputReseed = 
+** RESEED:
+	V = d5bafcf6eec69432ee88d69e24545d14320b381a0373548be50f084aed1320f07234fd1efa4c3b9100f6adb2de112ab0b78954e8325995
+	C = 1c5e8b9822c1356f51b6946fa8e7c28afcf5ca859508429fceb6d6f0ff6fec859cc45e36f5cc966d7f5104266a2620f3321be7e4bc6483
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f219888f1187c9a2403f6b0dcd3c1f9f2f01029f987b972bb3c5dfc2832d9a658ed4673492cbad3289b8632776a7fa1b3f0adb016c4ca2
+	C = 1c5e8b9822c1356f51b6946fa8e7c28afcf5ca859508429fceb6d6f0ff6fec859cc45e36f5cc966d7f5104266a2620f3321be7e4bc6483
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d97d85f3b35ac3deb6b988a9a0500b813e9667f8e8b985d3745327f50dcbe6a8123ac41c8815fcc71273a7d3a2328abb0b2c94120257eaeadafdbdefc6d69ddba21d903cdd16f260d37163cea9f250e400a3ce17dde6e71dc6a64fcae60fe568600240885b925cd0ad1dd2a1206af12d
+** GENERATE (SECOND CALL):
+	V = 0e7814273448ff1191f5ff7d7623e22a2bf6cd252d83d9cb827cb7909e0bd115900e8bcd71d26bbc40ab6ceb64b76cd6210897837801e7
+	C = 1c5e8b9822c1356f51b6946fa8e7c28afcf5ca859508429fceb6d6f0ff6fec859cc45e36f5cc966d7f5104266a2620f3321be7e4bc6483
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 97b40741c9b32da61852c558e1ceb8a3aa603f3b2f996063
+Nonce = 36254e2be63275ff194672f4
+PersonalizationString = 
+** INSTANTIATE:
+	V = b37d31493bbddebff6c6e3cdc16a7e5e3e155e74e472ab658ee801669ff3b3fc595efbf5270be671b02e03211d5619cdd9c10d6d9e7550
+	C = 3714b94dd28c7366bfb479788f8edb68daa088021740cb2926b536ca60276a7602a3ff11d7f18b42c8a6b7638766e1558fc8babfce0868
+	reseed counter = 1
+EntropyInputReseed = 66b8dc297de67009e750696a50986606270dff524a030a26
+AdditionalInputReseed = 
+** RESEED:
+	V = 117d6884d2536333cc033239a027c19ceb9153af28cc619ce2ec36815bc34dbebf664b955d0ef8a1212bde2daf33b75774f9480d73628c
+	C = 099e316e8e954a32a3ab7dc3803834d417209b747024e3c15e9790d42ff639acd109ac9be421f276b4bfa530bbd74a44bfa52d3c495d5a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1b1b99f360e8ad666faeaffd205ff67102b1ef2398f1455e4183c7b1fa101cf92daff0a0d728a82cd1b8ba4aad15a4475c5274d03916e6
+	C = 099e316e8e954a32a3ab7dc3803834d417209b747024e3c15e9790d42ff639acd109ac9be421f276b4bfa530bbd74a44bfa52d3c495d5a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e6f533714c266857ac525e2463374c75664c7ea85027e1c3c09a6fadd9e1458f3bc07eb243ba49704ce062f54d3daf520cbcfac18eae07eaced0884e44d2e60ccc295b1692536a76f4c95d45ea44c5fed8dfd8dd2262e3a3561d5df34597b472a13d961128b7d06dca702f359e1fdd59
+** GENERATE (SECOND CALL):
+	V = 24b9cb61ef7df799135a2dc0a0982b4519d28a980916291fa01b58b27a843dc35b082cd69c7132cb3bbb817dc28cfaf76c483b8522f03b
+	C = 099e316e8e954a32a3ab7dc3803834d417209b747024e3c15e9790d42ff639acd109ac9be421f276b4bfa530bbd74a44bfa52d3c495d5a
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = f1df3394202ab67fe37676df884f8e2a20c5002fd132afad
+Nonce = 56ff2368eeba58d3cae98451
+PersonalizationString = 
+** INSTANTIATE:
+	V = ad85580ca465219afdb5a1472dd300636b23f41f21b62f5f0e1f184dd85512bfa12e4de6ce6ad18696e14ac49acd4f869441f5a0197fc4
+	C = 21262cf796d562f2d0399b1fb07c4cf130777bb8fc3aa5dd8d0328a595dcfd3f61188b5d07a8fc5c92ac4b5d7ebc6234eb2901f298443b
+	reseed counter = 1
+EntropyInputReseed = cadfc9c6e0644993a0a98fbfedcbf899c49d0a95a327d959
+AdditionalInputReseed = 
+** RESEED:
+	V = f4027ef800dc80eb6e9c166e81a1a1f78db1fd84772f41370c5b5133f5392be6dac72d99207b6231fc89916702e7cad7230ab980bf384d
+	C = 9c72913db19fe87d97cfcbbc9b6dcfc14047d3be548001aaa6cd17cabc72eadaee2a64ace0a26baf42f6d6a6ce2c74142d0c1239951ce1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 90751035b27c6969066be22b1d0f71b8cdf9d142cbaf42e1b3286917bc97fe77241f5ebc00665b949693f11dfdada1923b9bacbdce1931
+	C = 9c72913db19fe87d97cfcbbc9b6dcfc14047d3be548001aaa6cd17cabc72eadaee2a64ace0a26baf42f6d6a6ce2c74142d0c1239951ce1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1d315bfb00c9ac1cab6daa84773de2d340e02399aebda22328c1bef122610b7620c4adc5acb5513d3ec11714e70fda8fdf94b53c3dac6452f61d7f64773e99b9118c6dfaa173343bbafb13aaa66ee788af71631e9dc3d94e69d4a775203a4b95df73193f36d46aaa5f65b46f5f25f5c9
+** GENERATE (SECOND CALL):
+	V = 2ce7a173641c51e69e3bade7b87d417a0e41a501202f448c59f580f57d79b9ecfa536de21c17073254dba0c03b267447bd39432f5072c0
+	C = 9c72913db19fe87d97cfcbbc9b6dcfc14047d3be548001aaa6cd17cabc72eadaee2a64ace0a26baf42f6d6a6ce2c74142d0c1239951ce1
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 06301f14293e1724b7acaa465e19011a5ef78e74249cacc3
+Nonce = 87ca9d1d60482e107fa35289
+PersonalizationString = 
+** INSTANTIATE:
+	V = 483ed19fc70480b4221c611a762d8187057e49da0e0eadd21c0bc5d5d3b131833c982db653b6d4c932cd98bed716ef8b6dc384bb519c46
+	C = a9fb58a9fb65e60fe3722dab7f005b41160115ed937df718ae051bbed0eb52708520c85b7ff07cb7a6b260dd6d8859729493511dcc12e2
+	reseed counter = 1
+EntropyInputReseed = 126659528692d6a14e2608ef9fd018163144e85056f1c769
+AdditionalInputReseed = 
+** RESEED:
+	V = 964ef8cc4180ac216297ecfd28cb40a7ff92cc3cfb791fa8b381166093f46005f968d9281955eadea05553d63102c41cfeea0802b33d48
+	C = 57956c03d79dc86be6c99802376d7e4a8f9502c7c4606d5c08f5a40ad765e086bf0278261b976d1bf2a07a7e9307695e6149890e6c1065
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ede464d0191e748d496184ff6038bef28f27cf04bfd98d04bc76bb49dc6070ccfc7105ac01659049a3dec5543686358adab92cd88b3a25
+	C = 57956c03d79dc86be6c99802376d7e4a8f9502c7c4606d5c08f5a40ad765e086bf0278261b976d1bf2a07a7e9307695e6149890e6c1065
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d49b7925e68380b4a2a9c095779eff01c5831e4f61569d77c16c1d0dd8eec288300c75ae37acd297b2b4cfb5a30077cfd8a99b8d838f18e5d5945285a1a8a394eb8183bee1c83908515cd35cbf92092a29f2197b75110922b89a87f5e0943dddb7182f865e2fc2d6938e6fd009b95899
+** GENERATE (SECOND CALL):
+	V = 4579d0d3f0bc3cf9302b1d0197a63d3d1ebcd1cc8439fa60c56c5ff45169eb8d96a266ec58a8c946f6493aa3fce0a908da0d26544ce61f
+	C = 57956c03d79dc86be6c99802376d7e4a8f9502c7c4606d5c08f5a40ad765e086bf0278261b976d1bf2a07a7e9307695e6149890e6c1065
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = d72de2fb6840bc8a5bfd546d22d1d54ee72d8ff87ccbdfab
+Nonce = d53f5b44a00a24b39565733e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5f377d0fb6f40f3bbea9b622eb3b3c9c6d0296ddbdce1bec426e916ec3850ac669c94146525416a57ee0b7d3b0f849787a2ad906285318
+	C = 709f769305901c710a28e037a451ab588051a5f12c2cb06374286fd756487d402e063a710fc65830d354e6353be428761ebc8ebecb4b5e
+	reseed counter = 1
+EntropyInputReseed = 977db97f0bfaf00530e3eaceaec0d0c4e8271f296cff40c1
+AdditionalInputReseed = 
+** RESEED:
+	V = a605e42207326032ea0ea3eb4f93ce6a98603789fb33ec8bda1b369be4a2639ba15c61d5c236aec874443875d04e0bf16ed7fa5b69aa7e
+	C = 99007e74165fdac75e981fca545628b1f78bb0fd67d38b60171a9e4af14ef7c383d7be06b7413cd7bbc3d1dcd6b4f05d8fdb61d3fa2a67
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3f0662961d923afa48a6c3b5a3e9f71c8febe887630777ebf135d5c8cacb3a92eb55f4703d5f33984f22ba61c2471ed92b131ca9776ff5
+	C = 99007e74165fdac75e981fca545628b1f78bb0fd67d38b60171a9e4af14ef7c383d7be06b7413cd7bbc3d1dcd6b4f05d8fdb61d3fa2a67
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 20dec880063cafcff6ca985fa1d4a780bbaa56fd92b283950eee094da9680bada6089fd32481d7fd98b96d31230ed86bd6d70e47562f6be438997475789b9570284bc8fd2227ef71a3b19e8053cb9f597fb115642808c95ae25a9e757c461a4005eaccff042a2f0402d9e4b43a404e06
+** GENERATE (SECOND CALL):
+	V = d806e10a33f215c1a73ee37ff8401fce87779984cadb034c085074abd6998b09cf190288e6d5367c27a13e38ce0119fa705be83811b84e
+	C = 99007e74165fdac75e981fca545628b1f78bb0fd67d38b60171a9e4af14ef7c383d7be06b7413cd7bbc3d1dcd6b4f05d8fdb61d3fa2a67
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 245a7070aae3ea6218a6de5cf7a55a3b3732df389da61ed8
+Nonce = b333d2820e77f6b6eac05c05
+PersonalizationString = 
+** INSTANTIATE:
+	V = 091dc4fcc23ac5404e037a4b408b1b57826f22432ec2836bfb9a9aca78d923409c73249927119986b88c0debe8fb8c226db4b090502fce
+	C = 2f99fb0edb69abdd140f4a0ff90a55b7126212b2efb467c97378917f2ddf4765bdbd7e3688de1cbfe299c19461a464a446ec20ea764997
+	reseed counter = 1
+EntropyInputReseed = 02bcf63f96bde3128ca400f9b0ca7ab710f931f597e20fa5
+AdditionalInputReseed = 
+** RESEED:
+	V = ca77d22f4edbf71dd42918cc1bbf5ae1ec9c285f21a48573a1719cba4b8fe7d4ea19878fb3bc7163d5dd7b295c16e19660204cf8b8eedc
+	C = db61c465dd6ecbe1707b82db4056719c05d203c323ca8aefb10e3a94317ba2fd86578492c071cc69770ad991196ddd63b869f087f01cc2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a5d996952c4ac2ff44a49ba75c15cc7df26e2c22456f1063527fd79fa06986e01a0772442b635ff2b6745e64fc05f5dc61c7be52f2e60e
+	C = db61c465dd6ecbe1707b82db4056719c05d203c323ca8aefb10e3a94317ba2fd86578492c071cc69770ad991196ddd63b869f087f01cc2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0fcc18bb1d43adfa6142a35911bd332d651940a265ab68d5c4154143358465da44d821d6c1c73a6197c8ca1dd80369acc6d53b45e5747aaa79bdeb21faad1b945245b7bbb9fa750e847a5135bb129e39fd7cd95edcaa1310d89cf8160f472dd3a87c706b5342a27f8ff0faac6d041f1c
+** GENERATE (SECOND CALL):
+	V = 813b5afb09b98ee0b5201e829c6c3e19f8402fe569399b53038e12f5e9d7a55d398a5fd678c284e79d692d01777f2c68e0b2bab494424c
+	C = db61c465dd6ecbe1707b82db4056719c05d203c323ca8aefb10e3a94317ba2fd86578492c071cc69770ad991196ddd63b869f087f01cc2
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = d12dc5d5df2ce6a3aae3cc2e3a7032a20f8fdf0a3ccdedd0
+Nonce = bd37f6b5370037f1c24cc881
+PersonalizationString = 
+** INSTANTIATE:
+	V = e0ed5871d9232cd288e1f85f4e4f99bbfec1e8f4273be1a15736da3f1982a87979427804da386d0ab0638e0f5a5e1cbdc26fb266fcb87a
+	C = 6d305c39ebe5b850dd4f5f3f8e8d1556a5514669dc074f3b47424b0e956354c3a1b0885733be3168dbe3198cbcd363c1809de8775c56d4
+	reseed counter = 1
+EntropyInputReseed = 5ee1a765b59a89cb92057a25f1c961bba92a787d49c39700
+AdditionalInputReseed = 
+** RESEED:
+	V = 2444d0b706e139f93f6739323a790baef55b512d8c9c53e96b2791b4a85f8ca66d5f8d475e02c008ad20c45b06485656e9864002ab6612
+	C = ca9c7669ee0e9af276c4a491f7e2604db71fe714b5e778204f0026c98dda2780a888d1c1b67228e2b54f1f54f6e0c48ff18d6f0a56965d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = eee14720f4efd4ebb62bddc4325b6bfcac7b38424283cc09ba27b945c02fc4ce779e35331ceadbd74b4d34e6904ccf5eb1f8e645c1cd5b
+	C = ca9c7669ee0e9af276c4a491f7e2604db71fe714b5e778204f0026c98dda2780a888d1c1b67228e2b54f1f54f6e0c48ff18d6f0a56965d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8220827ad52f9a8b64de24aaf08c2ca25393a8fde1480dd04c79810f026defeff84eb92daf405241a9559010b1910f4c4d52333a046b935f1e24ce045028bd2882700b9453cd3b8c65ccfd4b83a994de2c0f67136e753bd9d7f0c911cc6687873d42e5f4e8c18a82049fa8e1b0e7edf1
+** GENERATE (SECOND CALL):
+	V = b97dbd8ae2fe6fde2cf082562a3dcc4a639b1f56f86b442a0927e0d2aa53470fd07857f1a58f9404f704ca459d4a3e5f620bd2815d9c74
+	C = ca9c7669ee0e9af276c4a491f7e2604db71fe714b5e778204f0026c98dda2780a888d1c1b67228e2b54f1f54f6e0c48ff18d6f0a56965d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = ce55f83dae31a463776c991786295308a09f5d3bd7e48401
+Nonce = 5a4051f94a007f63fcf7f81d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4418a7d6a658a8ed18ea2a11a574cdc9ee08215646e6482ebc0dff376e6e2a69ce00bb10aa8e50f0497db9f6a729f60f5f6fe2be14991e
+	C = 8f871372548168bfdcb503929d3bdb5d63c4078ad0a3acd4061b4f210bfe16b945d9ba06943842d8c958e470c3a2a575922acef7e58a6b
+	reseed counter = 1
+EntropyInputReseed = 9d176d3368521f675fa8872da695a4c3500f5dc5d2476ab0
+AdditionalInputReseed = 
+** RESEED:
+	V = 4e8f44fb3598a7a6066a9fb26a7f936ca54b72dea7bd333a689879dfeeae19ac9a5434cf994e3dd392910667c54d264928da882a3242ce
+	C = e10d3deea0d8da82218901b3654c61becc0c218ed3f028165ebc639444361481c36128afc6005e206df2dc5137332d1d6fb4c82e119117
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2f9c82e9d671822827f3a165cfcbf52b7157946d7bad5b50c754de4e772b1ace7c2c2453b14ce4188141b84e7c0a1892ce6a79c10b4c04
+	C = e10d3deea0d8da82218901b3654c61becc0c218ed3f028165ebc639444361481c36128afc6005e206df2dc5137332d1d6fb4c82e119117
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 586883544dab78fd5d4f5c42f92bbbb7bcec21e4f6f561248fe3a984b594637f799ee337b21375ad764d3ff2fefaaff6dd8f545f8e998bfee5f5146311a398f9d52c993c9f76d63d7dd397fee0f3cdb2b92c3a7fee18fd47e37bfbb095f9cdc0b10ee143e7beadd13cdfa64954c5a7b3
+** GENERATE (SECOND CALL):
+	V = 10a9c0d8774a5caa497ca319351856ea3d63b5fc4f9d8367261142c530cc6bce88f84db2de280eb86398d7d99c3376083e1146d1221e6f
+	C = e10d3deea0d8da82218901b3654c61becc0c218ed3f028165ebc639444361481c36128afc6005e206df2dc5137332d1d6fb4c82e119117
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = fb2f10748d5c8533a5e4973786466e50f8aa9c5ff391be6f
+Nonce = 96c9f4c90047edbae19eaa31
+PersonalizationString = 
+** INSTANTIATE:
+	V = 94bcc8e441ca8c4263c0dab797d04c40da824e4286657312e57524cba915f619a748b4678b69391de4feb94756ec2ebc650d604b37554b
+	C = 66232ede7e3b7ba212aa9cfd2a3d19fb4b0d6bec99b43b3ae3ee722b7985846ae1d108133bd12399229d82dddcefce93f517862be1b750
+	reseed counter = 1
+EntropyInputReseed = ea8aa3541cad8d6d83f529220e094a01ae4338af632f011d
+AdditionalInputReseed = 
+** RESEED:
+	V = c2d0de6383c1be97be55433bbbcff905d7cc0caae5b9d2c1bcc3ae842daf09f7a8782df7c5866df7a58e90a80459386d2fe9de9b58d70e
+	C = ee4b393b4f72604bdb51e4c72349fb1fe6dea91d7b1283b1f9f3cf286c66d2f629234de9d2c1811e8b829e77f5941fd67ad15f5f6dee3b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b11c179ed3341ee399a72802df19f425beaab5c860cc5673b6b77dd67029829269809d8fdcdc70c20a0e321cfabe1e65765ae10264eb64
+	C = ee4b393b4f72604bdb51e4c72349fb1fe6dea91d7b1283b1f9f3cf286c66d2f629234de9d2c1811e8b829e77f5941fd67ad15f5f6dee3b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1a5163ee055a87fa25adfb0b2aa85d5dd2ae8702fbe05c5447f9a9bd92c649d6444674d8c88ec9a85e33e0e296bc45a64c43c7f610f82c90bce2d13a3d8635e59f0b5fbf2e249e69ff22546241aa7d71cae5c01ee26223020ae88af9b8118ebb7614406b25c5194fa188a82e2ac54a20
+** GENERATE (SECOND CALL):
+	V = 9f6750da22a67f2f74f90cca0263ef45a5895ee5dbdeda25b0ab4d3bf3a2a84c1bcef5bc49a1cf7b06699529060e2b4a42eb65cd37e6c1
+	C = ee4b393b4f72604bdb51e4c72349fb1fe6dea91d7b1283b1f9f3cf286c66d2f629234de9d2c1811e8b829e77f5941fd67ad15f5f6dee3b
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 310141c3c35faaa706adea3091a10d7553e1c0a931e3465d
+Nonce = de0104cd4f2c9ddf4dbd8121
+PersonalizationString = 
+** INSTANTIATE:
+	V = 156b25ed4960e70cd5730bf0d30fb814b4e6a9237de347a2de262fb31dfe706fa583a488b02dafa44c1a7a5f41e401ff6cd7f8ca8131bc
+	C = d4df047d641b069ffdc308c4f334af0b4a074b12c537cdc7cd2f7429b19d0d47ad5b9080ef4d358a3bbbdc2f47a593eabcc62f0dc2bfc9
+	reseed counter = 1
+EntropyInputReseed = 1a46bc6ef022e24e6de7e705cf7fa37dd5a00615d543e083
+AdditionalInputReseed = 
+** RESEED:
+	V = 62983f9d77fc93defc602005b350000db965ea3c3c2571368aedb2f3ae94862a3d244676953a11fe890e09f5ab8fee8e1e6c23e61b634e
+	C = 0833752e61a4e8674e03c9e81e6cfe27ecf4bc2de2bac5b526606b72059fc161a4ea7e71fa7edf7133dd076bbafdb050ff1fc631fb2216
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6acbb4cbd9a17c464a63e9edd1bcfe35a65aa66a1ee036ebb14e1e6b17813607a78f052774d4b0e4b67817172b994a75a5c54d517b35b2
+	C = 0833752e61a4e8674e03c9e81e6cfe27ecf4bc2de2bac5b526606b72059fc161a4ea7e71fa7edf7133dd076bbafdb050ff1fc631fb2216
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3542c5a6bfab47b826c3f30b3563aef746d4e4fc58d4e4f13e3eb1db59dae1e3c6c1f877e5a1ba7e01cf8efa82df173dda74e6d0e0a571b6ac2b09bc646557eb3947c592fd46484df4bb6dae97ec6a109814f36e9492b4abf764fce534f99b4faaed0b4db11aea12a668d055100504fb
+** GENERATE (SECOND CALL):
+	V = 72ff29fa3b4664ad9867b3d5f029fc5d934f6298019afca0d7ae8a8f71d6745bc2c603ba49595f6f59432876e3d1c545916a4b609ad7b0
+	C = 0833752e61a4e8674e03c9e81e6cfe27ecf4bc2de2bac5b526606b72059fc161a4ea7e71fa7edf7133dd076bbafdb050ff1fc631fb2216
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 4fcafb00bcd3d00951e7b22659beee436900f224c4b58016
+Nonce = 31eb04342260a7a5c157103a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0697dab0829c8f763d97c2ade93af9c28773edf5ecd5b992357484dde0935f973132634cd4b02776e1aec568cffcf732d70d246b13527e
+	C = 5525a0aaab5b224e68ae0f46a5d454e54311a2e89475a2c342fe26d6e5cc110c41a7fd9470ee9da879c2f33604c5c138722f1013328416
+	reseed counter = 1
+EntropyInputReseed = e747638b74b7e2418e0078c3130077729607c65406b3858a
+AdditionalInputReseed = 
+** RESEED:
+	V = 8c709297fbd524b1701a1639d345032162d116b98d65136f3ca6e341cb351c6b6b654f92488bd487caafe717c685af29dd993ac4737b66
+	C = 106c00a7d54219e09cfa11eae67ea2493a46d362c59349f41db615986e4bb25e1dbeeb5d1cb04dd51d2275b24286bb367234f8041a8897
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9cdc933fd1173e920d142824b9c3a56a9d17ea1c52f85d635a5cf98ce0649cc11b4545c7007af7df0d8a9e64ce70fce2d056fba4745bf8
+	C = 106c00a7d54219e09cfa11eae67ea2493a46d362c59349f41db615986e4bb25e1dbeeb5d1cb04dd51d2275b24286bb367234f8041a8897
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0e8a6e2f1c8f553dd8a7d0e841415840c70df90cdbed063df0a1dc68311ecf1513a34b8a778591ab58388f382c97fe82e37156241ad2d592a44178d2fe95566141a00eb3f681268b6f35a4fb74a6c399b2bcfd0663243de955a7ee3dc0faf7ab4debe90e0230c4eb160ea1560e4a3b94
+** GENERATE (SECOND CALL):
+	V = ad4893e7a6595872aa0e3a0fa04247b3d75ebd7f188ba757781310245ad8531faed686219cccdf4195ac343be00853ad1bb403c2be0ec3
+	C = 106c00a7d54219e09cfa11eae67ea2493a46d362c59349f41db615986e4bb25e1dbeeb5d1cb04dd51d2275b24286bb367234f8041a8897
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = b8865e9e77ce1c2782bbdea529693665427cdc3df90d4a74
+Nonce = 4c324f02e39d00ab05bfe626
+PersonalizationString = 
+** INSTANTIATE:
+	V = 89073fce0b685eb956527406df6b49e9f8cd9eeda3acfed208ebe807e614c6ac934afff0e430e3ae9fd634dc72a59d7058ed5a3ab97108
+	C = d09124d54a6edead07fd453d9743e513a0a638c4b714122439832c7da50366a7f16a112a51237cd5ff82b0113e21a5f272f17d8807f5c3
+	reseed counter = 1
+EntropyInputReseed = 6c9d34501993e8914b547adca292e09f15042a716a649242
+AdditionalInputReseed = 
+** RESEED:
+	V = 7b7fcb9a704fdf1c2224c95a44d8523eaf8cda8f74dd38273dfa4b58c3b56bafb61bcc9fb865553d9ac7c2157e663d9f183d13c1bb3cc4
+	C = e295500b5a9890ff41d2606b0f9227e717a71086307c637119e66ae2a6bc865b7a455fbab7a532799cca52b0da9a6d480d0895f199df46
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5e151ba5cae8701b63f729c5546a7a25c733eb15a5599b9857e0b73b0389d8cae06302c8c71e0d60c8ccd47a160190602d5ff8cb4877f4
+	C = e295500b5a9890ff41d2606b0f9227e717a71086307c637119e66ae2a6bc865b7a455fbab7a532799cca52b0da9a6d480d0895f199df46
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5673ec1f690d9080a216ab063c73696f7404a1e354049eb1987df9d85b39ae2c9f84d241d3c3add85496c7c186cf5f16959e593f43c40da18a14de096e5fd37baf609c1be1b525fbe8364b2053bc4e75db52470115637dd22892479492ccc4420ea3452c760e9847c7eaab11e7bc539f
+** GENERATE (SECOND CALL):
+	V = 40aa6bb12581011aa5c98a3063fca20cdedafb9bd5d5ff0971c72257ba1517ecb9739b143c24be3fadc819e026455736834cb14c3e7482
+	C = e295500b5a9890ff41d2606b0f9227e717a71086307c637119e66ae2a6bc865b7a455fbab7a532799cca52b0da9a6d480d0895f199df46
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 23c8444d95fe346ca12be34f440280070d47883ab6406cd5
+Nonce = 38b303f0f939c9ff4e98defe
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5b9243e3d5dfded862efd1299272bf22ed63371585ea6d19ffc75f8ac599ed72c85cfa51074228b6290e4cd2bf4b20bad69112f6accbe8
+	C = 1b12af9f283a10c1a1e62649d115b477e3886f8057ab33e1a277287c33216b87445f6ae77402bcef76b9b1e2621230e74850c3ba281848
+	reseed counter = 1
+EntropyInputReseed = 0e74c74a56237176fe84aef5f05a5be6f7474bdac6d49f97
+AdditionalInputReseed = 
+** RESEED:
+	V = 710171bcb667d0cfaa4d7ade93e248e3ae78eb2c4d76e201b7dd9470c3afd05e5a8c763786f49c33505f21633475396fef9b5eb5c69b74
+	C = 0b3773d90cc4178e94db38c36780ef72810a674851b2879b83808e83ee8b27214a15dcecf3bb72f66957b102f2a1144404e406b226ba71
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7c38e595c32be85e3f28b3a1fb6338562f8352749f29699d3b5e235d66e256022210ddc2992aa25594ebaf0c087eeacfd9cf528086588f
+	C = 0b3773d90cc4178e94db38c36780ef72810a674851b2879b83808e83ee8b27214a15dcecf3bb72f66957b102f2a1144404e406b226ba71
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 80404b790ef337c274ef914d95952b5d7536e4079ebda64952a034abad9dc01e9358ead4fb5319f5393d30b82c2eeb7ed02906b57f4f82bdf7d6f6a3b973681f00c42b2e5832bffbdf5a57829aabc399c627a823d5fc2dd282d8a1485629509c13a88fc29a97022b7935a80725c3440b
+** GENERATE (SECOND CALL):
+	V = 8770596ecfefffecd403ec6562e427c8b08db9bcf0dbf138bedeb21c656d452aa3385e3498d1886c0a557b41636bcc8bb809f5f473c849
+	C = 0b3773d90cc4178e94db38c36780ef72810a674851b2879b83808e83ee8b27214a15dcecf3bb72f66957b102f2a1144404e406b226ba71
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 4b0d4b4ea1c100937b9ce9cebffb9c18c45ac1a69ede4d28
+Nonce = 122adfa9f63141d87c75f310
+PersonalizationString = 
+** INSTANTIATE:
+	V = ceb9c6a66a7b759fab30499684bfbf9134a7dc76e7549bccd9399622d23599d8a8be5f0b3c1133fdfd493d2547d8a5f10d72d16c85b3db
+	C = ca83aa6ed811c74a030d648ecca5a23487d4db3a7074d27bb127f8aaebb5b00b5a55a931920d59c91822b00714a3231d8c20f2f7b4044b
+	reseed counter = 1
+EntropyInputReseed = a2d3e1403c01d81100d3d580ae67807c9a71efe7a31ecd3d
+AdditionalInputReseed = 
+** RESEED:
+	V = 8ea3c29133772d083141e39fb4464b8371a02cbf995fc56890c8e264560137baf5f8b2886d5d9f94e26b5d616f4da2ece1f9a22b498ca7
+	C = d2acafeafc0ea6231d00c24278969ba615bc6d874b830a29c911dc97b0e996fac1c29f7fdb7f1c3de6d31722f074e171bfca90370a770b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6150727c2f85d32b4e42a5e22cdce729875c9a46e4e2cf9259dabf9ad812bb514b8440ca2a6b0cf221fd5136435745adc31502c41f35d5
+	C = d2acafeafc0ea6231d00c24278969ba615bc6d874b830a29c911dc97b0e996fac1c29f7fdb7f1c3de6d31722f074e171bfca90370a770b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ed855d5fcfb9befdcd771eaf0a570c37aa43585480bcd6a1af9e97e4fc57a869fca71e929c98866a1c397ec0839bbb94d12d604d2235b568663b436c4b5e244f160dd7f854aa55528186976f558143bc24507d1d58c3319264ef05b1d12950b71f11a7c931dc9e2cabeaf134b26dc290
+** GENERATE (SECOND CALL):
+	V = 33fd22672b94794e6b436824a57382cf9d1907ce3065d9bc22ec9c7f067260f9a47210af9cf36b1672b6d176c4e9a2477321510e83b05f
+	C = d2acafeafc0ea6231d00c24278969ba615bc6d874b830a29c911dc97b0e996fac1c29f7fdb7f1c3de6d31722f074e171bfca90370a770b
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = aafd15ebcc9e8f166f6fc0a3383f2f8bf251ea961c3118b9
+Nonce = d91d6963b545f1bc96411d03
+PersonalizationString = 
+** INSTANTIATE:
+	V = 09342fba9d4a81ea111003bb11acb5b4b82373820439c3e3db3d1372882029a7882b33d0f6cd23acee92406b1c8136ac6f86702001f6b0
+	C = b88b1a8a5a17f4f34902a1050d60d5ce277f718c7a628e73cd27784b57c889aaf33f8c19f87f4978a4f2d7778f3ac469113464a73e9729
+	reseed counter = 1
+EntropyInputReseed = 51b48d4f8128270db78a2c89559b20e4aed78378a6b7aaa9
+AdditionalInputReseed = eb8539d5990129baa80d38591fd2051a7177b4bdb40aeddf
+** RESEED:
+	V = a224f72eb83f91d39de302a408ef3325fdb36ed624cdb0bcf5fdadad1e66a6ed423184f3f5991dfc14205231a8f32889f1e43775819c8d
+	C = f5bb94bed7be76489232d71fa14e5a1a4b9fbd2673bd05864aaf9fcf84edec1de8f3135cf45eb15aef9ccf731b2cc4f46f35be9a62f983
+	reseed counter = 1
+AdditionalInput = 4790e6708b44c18cab523aa7c0180a250a3a6197e194890b
+** GENERATE (FIRST CALL):
+	V = 97e08bed8ffe081c3015d9c3aa3d8d4049532bfc988ab64340ad4edcf02bb112c480cd7a9417be242c05267735ba2aca646e7111aa37a4
+	C = f5bb94bed7be76489232d71fa14e5a1a4b9fbd2673bd05864aaf9fcf84edec1de8f3135cf45eb15aef9ccf731b2cc4f46f35be9a62f983
+	reseed counter = 2
+AdditionalInput = 653ff208221b287ee3b7d9ef43ccbc4697ef2cf472ecdde6
+ReturnedBits = 3bf977fdd710bf9624386cf5dc5c3374f2f0e89098f6b7be3a95b1c74523b8456e8f00bfccbf92036007f288ea2b54322c69b092bcc43296b81ed61b5f785c40b94a019bfd6a8514b782e23d9bf153987a7ecb68f6f64af60f1bddcfb57c759da57801c6ef5656bebdcfbcb5615d762e
+** GENERATE (SECOND CALL):
+	V = 8d9c20ac67bc7e64c248b0e34b8be75a94f2e9230c47bbc98b5cf046835878e5dee1e0b6a6c865a4721d5d1b8ae91a7b9b47c6d7a0cf78
+	C = f5bb94bed7be76489232d71fa14e5a1a4b9fbd2673bd05864aaf9fcf84edec1de8f3135cf45eb15aef9ccf731b2cc4f46f35be9a62f983
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 5f2fb6838fed121ff938c8bcaa088c4a09b1226ed4911c09
+Nonce = ab73cbc9b192e63f00dc7e30
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4da358c044abb0bd1c53095ef3aed9f89c80ea74f382b8751c57e8035786aeac98e4d828b302e5dace6ea13e708bda3a0cf6b119a0bba8
+	C = 5ebc2232ea7b37f0052ac5433947cf4b32869afabe5e8d5db43198b07dc26158e49cf0a3bf7986eed5b43c5ff1a8e3c578b54bc68fb42e
+	reseed counter = 1
+EntropyInputReseed = 2a337695e7256648f25b2cb7c1019c8f4506fc6d2f76fdae
+AdditionalInputReseed = 7a011ed55d61b9cdb542a879a178aea7f22960a7689007fe
+** RESEED:
+	V = 046c80e4b529a1b0e14c98164b403a9e3569e58f9d2100ac1d4414f7ef466f74f3983f011d9a18befe08bea856071f29c8bcd9a321fb6e
+	C = 67c6d126611facbf581203718ba76168cc43ac90b4c52572495657594af1da1c82d8fdacd54bfce19177e84c53c9d42937b3fa81eed678
+	reseed counter = 1
+AdditionalInput = 735779b8ba8f8872ad0a9bb31f975de2a49902615cd95914
+** GENERATE (FIRST CALL):
+	V = 6c33520b16494e70395e9b87d6e79c0701ad922051e6261e669a6d500f032eb4993cdbb3bfae5e5874eb6ed1c2824bd92e6c97d67ba00e
+	C = 67c6d126611facbf581203718ba76168cc43ac90b4c52572495657594af1da1c82d8fdacd54bfce19177e84c53c9d42937b3fa81eed678
+	reseed counter = 2
+AdditionalInput = 129e406a45765eab1a91e902162d6aad2fcea15071df3942
+ReturnedBits = f3162b96264f53b4781ebad35eb94e97be464d07cec465cf436019cd12f69c0a21367788154463cf8cb7c131f47737a0a62665a5e8410a0c9af91395320ce9c2ba11e77098027e469fa3e9c4af5edcc3be909ab31c1a4c1a6a5baa5d5f9b2ba2c52cae5560734e0449616022dfc2aac6
+** GENERATE (SECOND CALL):
+	V = d3fa23317768fb2f91709ef9628efd6fcdf13eb106ab4b90aff0c5b739e783e6ce2f24e857acad5367212722f54d37260d2665daca85de
+	C = 67c6d126611facbf581203718ba76168cc43ac90b4c52572495657594af1da1c82d8fdacd54bfce19177e84c53c9d42937b3fa81eed678
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = ce905d2bca6b7ced2ba52b23c1d351d0f54d4ee28873928b
+Nonce = f52b849e7ecc7ffa1a3e436c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8b24a54652f96738e94b1f2567ba1ccce7dc3d0ec25ae5d9150bb8059d429d83b1cdcbab64114fa744e30ad4969b18b4940c7f9002db62
+	C = 6f50a313112ccd2a891acbcc8768db59d18b2950f384709904b4318eb525c80094726a45904b362cf2aed6d00fc6612a004633eb2ebc36
+	reseed counter = 1
+EntropyInputReseed = d802f22d4fd439533f39335aa7427d3fd04c434bafc18042
+AdditionalInputReseed = 66676f381056b51a79254db590c2684e51f4e64df565d84b
+** RESEED:
+	V = 8b90f5009ef479b2b9f68b701b4494652858ccf7cc234ae5c27b886dd6dc5eb562fe198379c786a18640255eb46b435440ddfb2652e845
+	C = 66a39edffd7543d2459a294316974381b1c8a09449a6a91eff781736a2d7a31e0748308bbe01f518f5a56f5286696ca58f9189c4795446
+	reseed counter = 1
+AdditionalInput = d505fa87f7aa533b96dd1951ab96a33039f91005a0ed4d6e
+** GENERATE (FIRST CALL):
+	V = f23493e09c69bd84ff90b4b331dbd7e6da216d8c15c9f404c1f3a0314d3b05f2d3dcee135294bf3d1a3ef6262daad3b61a0827a3d7ae76
+	C = 66a39edffd7543d2459a294316974381b1c8a09449a6a91eff781736a2d7a31e0748308bbe01f518f5a56f5286696ca58f9189c4795446
+	reseed counter = 2
+AdditionalInput = c89ac0bde33b6b738b398048db0d465c58a157e7a51a2ab0
+ReturnedBits = a20a4dda15eef777295108ed561d82bd3778c0ed5960e3972a23bc0bba96ee0deb21af76ea87e8b5e913d423917d716b5f7d996052338ea1f64eff31ee4bb022728f2f2aeb37d527d926fa99f8ed07be582535b445795dd19addf336dcbf6f5d8de9d7518051dd6a70dbbac3c6f85dd5
+** GENERATE (SECOND CALL):
+	V = 58d832c099df0157452addf648731b688bea0e205f709d23c16bb81eaa1e498cf4bb8f71d8988e123a0944c6361fa074f6e6bf93b59790
+	C = 66a39edffd7543d2459a294316974381b1c8a09449a6a91eff781736a2d7a31e0748308bbe01f518f5a56f5286696ca58f9189c4795446
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 98d6b89ccd5244ac9e766cdf62ed018624b76629dcdd7794
+Nonce = 2fbc567aa417fbb1cdd26535
+PersonalizationString = 
+** INSTANTIATE:
+	V = 97a6327afd6916ba2fef192aefc1f5233f11966c17815449ac06c4091e9e49032749a859c51a939cbdfde3db48173b0c0280c578dc978b
+	C = 31f07cefd436d6ed72b74c2db2092bf0198cceba4bbac73bdeea856821c98ff5f44289a038a6a07f2629b807c080e27b95743d404c0b78
+	reseed counter = 1
+EntropyInputReseed = e1c598de6cec57dbed8195c366828389f1296900a02ace46
+AdditionalInputReseed = 41aa79197d5a882d3c49cd3d302b39e68aee35d8ead7de4a
+** RESEED:
+	V = bcf325e945b79d9bd15a67f678ba8d6d93eb7fd36fabc931945872e8aabca86d7932d73ff358f7f81515bdcfe68ffbc1f15d2dd0415cd3
+	C = 44b81e595964ccd692f886dc04720497363b773ba70fd97a7c6f6bdb17d39ee6d1af7887b86241b54d3bb0965ca87f91142bd44fe2aa7d
+	reseed counter = 1
+AdditionalInput = 39809e9b2d6b6c26f127edafceaebb72884cb29dfca52163
+** GENERATE (FIRST CALL):
+	V = 01ab44429f1c6a726452eed27d2c9204ca26f70f16bba2ac10c7df79c423ca0f32c88d965bdb58cf8e506c7ce300b79e486dd7d1275969
+	C = 44b81e595964ccd692f886dc04720497363b773ba70fd97a7c6f6bdb17d39ee6d1af7887b86241b54d3bb0965ca87f91142bd44fe2aa7d
+	reseed counter = 2
+AdditionalInput = e3c81fc45569c9a5d5913fb1beb9f4663475b2a4af596ac3
+ReturnedBits = 26ca3a639295bdff8c5cd4aad8ab5d57a0dc13a01a1dffc734667e94315d06063a9b97442eaaa47cb00a68b7e69cb1d37a1b53d25659b4701213cecdd78326b4e0cec4557e6b20a43f7482e990106d04b1225ebccd0181d86c1b58e6f9677e2d5260706410bd1bbaab77fa9b12671418
+** GENERATE (SECOND CALL):
+	V = 4663629bf8813748f74b75ae819e969c00626e4abdcb7c268d374c4a4e5ca2d8803652334bf219aa3d8bb74340fc6bd8bde2c66436b225
+	C = 44b81e595964ccd692f886dc04720497363b773ba70fd97a7c6f6bdb17d39ee6d1af7887b86241b54d3bb0965ca87f91142bd44fe2aa7d
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ef6fa238aa4220ab6d0ed23852d268f0b919381b00ec737c
+Nonce = f6eb7584b5aedd1fe198137c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5696703ad3d871382cee6c835652204c94fa9bc3894b419119da60384246640822d8632b8b9976dee2a9d6af21a36b4ae019b55ee582df
+	C = 89cb411254dd5463fdccea714bbfd6725b3a042f50e89dcaa9413ab989c950dfe1a48f5570792494e88c13b65dcbcd29eb4fa31746f226
+	reseed counter = 1
+EntropyInputReseed = c894218a1395c7f8dba849937d7e588ca265984373c69aee
+AdditionalInputReseed = 08d8ff4ad58d7a3841df0485f0e634839be4df971e43718f
+** RESEED:
+	V = cafc5e4cf84af61d4eb58f45293aecacf0473e40096e3aaa077f5f4de73d5a5d242214bf06fee38c8ddf78e216e1fc6e491e303de03ffb
+	C = 7ca39a1710db254f7a4be99c858a62448d522f191da422f2996fa3a6e27b76e0f434a880a8ee07e58ba245f824a9b73c956d9cd1c4b28e
+	reseed counter = 1
+AdditionalInput = 567e39490ef396b60016cb696ec1c4a8817e845abd2dc594
+** GENERATE (FIRST CALL):
+	V = 479ff86409261b6cc90178e1aec54ef17d996d5927125d9ca0ef03551a517957d14f9e071154d83fdfe1ea7c4cf9907c77a48af82fb128
+	C = 7ca39a1710db254f7a4be99c858a62448d522f191da422f2996fa3a6e27b76e0f434a880a8ee07e58ba245f824a9b73c956d9cd1c4b28e
+	reseed counter = 2
+AdditionalInput = 7ef00c091f15ea34a22e0b0c82b0d7b25a3dd7f4e1f53bf5
+ReturnedBits = 47dc5b0bdf633310a6f770335add1d1aa2dd645cf3db665daf147869b4a50333a013055aaf918f89c302bb8e02c397f97cff729780492301459f4800c63c99a416dba4e7fffb349e24ae99d37f6b4588de9d87c802eb16d0f9b7718b37507b8aa7d4c8173eb516956f6a3e6f128715d4
+** GENERATE (SECOND CALL):
+	V = c443927b1a0140bc434d627e344fb1360aeb9c7244b6808f3a5ea81a789d98cd60270b2ce424dc934086eb65b59c3d94e3eb1dba11edc1
+	C = 7ca39a1710db254f7a4be99c858a62448d522f191da422f2996fa3a6e27b76e0f434a880a8ee07e58ba245f824a9b73c956d9cd1c4b28e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 57778d8706dbf6247edaa6ad5fcb6488d579b7393cd2ba30
+Nonce = 86da16e3ed0faa7562cb7b4a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7977e1d1b5705f371493842575ceaeb847959a64fe3b6e49e9a3ed9013b493de16c032a946e231965aadf6f30c8e4fb8b6a9fdc0b3182c
+	C = 75e48e5f91861a80c3effe9144345e9abf220e5d3134c8a9d5b4258f573b500e67da5d17049c607defb700954ef06c12b4c8641a044491
+	reseed counter = 1
+EntropyInputReseed = 89116cf64ac8af1a7378a53f3aa4be6115d77603051466d2
+AdditionalInputReseed = f2389ae8745afba8b79db93800d654ee22aae2b41ef705fd
+** RESEED:
+	V = 8cac39304018e6d05e7202a1c06b7234271edb23c7eb1dc02ebfefe282598a871e54924abd8eb5571dccdb954ea921765c02c2162d0a07
+	C = be1e999425f64ff74d3983b7fdee45b3a678972a94db8d8b9d9badb5e28c2dc8a1a867e4eda49f817edfbf3e4f164c68320df5563e14ae
+	reseed counter = 1
+AdditionalInput = 1170cea2213014db8dce370fc58384e98bab5983096fe17d
+** GENERATE (FIRST CALL):
+	V = 4acad2c4660f36c7abab8659be59b7e7cd97724e5cc6ab4bcc5b9da03a7e13e9c7b251a7606008e2866df71acc756b10d6de8f8defebdd
+	C = be1e999425f64ff74d3983b7fdee45b3a678972a94db8d8b9d9badb5e28c2dc8a1a867e4eda49f817edfbf3e4f164c68320df5563e14ae
+	reseed counter = 2
+AdditionalInput = e83ad4fb888d106d41936b87e851da1917350e7b08329b41
+ReturnedBits = 914b1c1b9eccc48393d10378f715ca355d68a2e66734d1d0dcdfaf5594fcf79672e4612a3f2ef34d78ccc3899c8d6a341f7d4a82f166a17b93d457542b12e60ca983f27b6ea290a0d63a3f6ff7035d90a2c3cb92fb3229fd7296501e7914c7b8ed0f2fd5e514c94ba5f78da40db00800
+** GENERATE (SECOND CALL):
+	V = 08e96c588c0586bef8e50a11bc47fd9b74100978f1a238d769f74bf41243be55354ecddcebb6a61ca3b84b1d21ea42d97fcb1f772e7532
+	C = be1e999425f64ff74d3983b7fdee45b3a678972a94db8d8b9d9badb5e28c2dc8a1a867e4eda49f817edfbf3e4f164c68320df5563e14ae
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = fa9299b00dc5383a12b860686dc584f625c401f2f86c5126
+Nonce = f02a7359711321a489614af7
+PersonalizationString = 
+** INSTANTIATE:
+	V = ee5853d9acb38ed9b0cd165d4bfc3c5fd00636727e8eb891e989393dd01638bcdd9146bcc56aca305dbfe089c0f126fceabb1062618299
+	C = e57f0c119d907976e05626020c15eebf09a3f01883e2a6b7000756e630158ac69d4dc998c7604f156454d5515ca9dfbfc2110abf41cdd6
+	reseed counter = 1
+EntropyInputReseed = 1bced3f0c546cfe2317bedd814651770a464f44123a093c7
+AdditionalInputReseed = 7d6cbd47d4e35f1f3df74e5a14fa4a8f124ec2fffabea2a9
+** RESEED:
+	V = ec42fe754bbecaf98fee8ad4b0f9149c032ae101e2cc62b1878c60f601f15737182661847a0db4b8fea99d155152cf641b5e2e20f29696
+	C = 3460d10f72f0b3911f4c6f17a0659405746749c5751f818e32a79cd543651d9fb7ab2391310026b7b4dccd4f2905aa7cf2c50dedccd0dd
+	reseed counter = 1
+AdditionalInput = 42eb1c045d0cd4793f848ba5656f2c7eeb40521a750a578c
+** GENERATE (FIRST CALL):
+	V = 20a3cf84beaf7e8aaf3af9ec515ea8a177922ac757ebe43fba33feecc3e900a2dfc1a64b76d497d186cc61df3755f5ee45007d10fb7716
+	C = 3460d10f72f0b3911f4c6f17a0659405746749c5751f818e32a79cd543651d9fb7ab2391310026b7b4dccd4f2905aa7cf2c50dedccd0dd
+	reseed counter = 2
+AdditionalInput = ee02060c4351460154074ee2a5b3319e0d9f4b65e931f1df
+ReturnedBits = f626c62ff767fac54f691926f89e9f0a91f875a1b23af743fa91006f2d1fa7fa3ff21bb568e83548cbde8460cf3d490e43cc159c9a1ba1a8ff1535fcade9017dc1c467fd30b5898e015daf4f676b23938e9e3e3bda9a6596676302cdb9a589408dbf075cea7626dd888bab32b70cd06e
+** GENERATE (SECOND CALL):
+	V = 5504a09431a0321bce876903f1c43ca6ebf9748ccd0b65cdecdb9cef6b9ce7b3d2221c15f5674b7d33769a6ff3a0ddce1e4ad6e3ffb999
+	C = 3460d10f72f0b3911f4c6f17a0659405746749c5751f818e32a79cd543651d9fb7ab2391310026b7b4dccd4f2905aa7cf2c50dedccd0dd
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 70b467c9eda81a9a3476e69dd9b341ac9c2ce8a00ee0d496
+Nonce = 4df0a4773acea5762264113c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6979b7e8c14d1fbdd90e4e4c3013a179ea3e51e2fcbd36fc711d4e7c32d1f8888a02c1a54451463721ff43f30a652a65a75c9e640d452a
+	C = 9b87c74537549990bedddb943d1875053940674c5dd365039025a07b5b3a1f0c1e66093fc98feec9e9470dc72ce3fdda49202cc3e58bc6
+	reseed counter = 1
+EntropyInputReseed = a1a7a4af68ed91eca34118928bb63ea8b30fba6cd524bd45
+AdditionalInputReseed = 57bc1c3f07d724a3aeb4b3cb78bc361df23ce8e5b31d10a7
+** RESEED:
+	V = 8b1e38f8002cce272aadf68a756f3f0b03d55a7a8cda38d66dfb7f1a8a34fffcbfcba0e24199668b8e5fdb2586b2b631d91ea6c6ccbb24
+	C = 2b13a667e1a443b90ea4392e0b3597cf6a440ca107a4e0e1a6a37815c686970690640cf75a88e4e710758eb8d52e4b4bb07e18877abd39
+	reseed counter = 1
+AdditionalInput = 67ea718fae8685ab54206bbdf7e39d38a539275073a62c0a
+** GENERATE (FIRST CALL):
+	V = b631df5fe1d111e039522fb880a4d6da6e19671b947f19b8149ef8b9fd20c8a0d9867f15eda1e8a15e7bef75d75a29c984aead5fddd727
+	C = 2b13a667e1a443b90ea4392e0b3597cf6a440ca107a4e0e1a6a37815c686970690640cf75a88e4e710758eb8d52e4b4bb07e18877abd39
+	reseed counter = 2
+AdditionalInput = e8d2d8b97f429b4f76bf91d16b157d3bdc71fecd6d73d0b8
+ReturnedBits = a6b9e0c6aec59c7fd53aec5bb3d9730acd189d26baf6436c3186f623206e99b739bcde9147541b653635ecc82cd951ba341b1a258d6c0c6f680cebc645ef6c140abbe4ea052c799400b55813e5baabf3b3bf7483e6b9045dbe9259d8161764e909c4d66f3b876eccc31e278462cacbd6
+** GENERATE (SECOND CALL):
+	V = e14585c7c375559947f668e68bda6ea9d85d73bc9c23fa99bb42726e496a3eb32c32942b56e609493f5f0c8be087599321ee7d0799f4a6
+	C = 2b13a667e1a443b90ea4392e0b3597cf6a440ca107a4e0e1a6a37815c686970690640cf75a88e4e710758eb8d52e4b4bb07e18877abd39
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 9d88418d3d17faad8b12815c512d5fa4f0dbc0545c8b88b0
+Nonce = e849b768266c24d74f527fe3
+PersonalizationString = 
+** INSTANTIATE:
+	V = ce8350d37575928d9b8045edc8f8371ba32e96656bc642cefb0bbe1457e9b3bf5444ea20a4bb6f00c9280b95d555ba050f4e4256e59f47
+	C = d6c36ea61795e53e49db1d418ddaaccd10b2c6f913057dac2cbae9e4003fc8631aca1db4ccd95e9bbc6961fb3b935e2b6572558f31339b
+	reseed counter = 1
+EntropyInputReseed = 68b7db03a26a704f2d1e838bd0300452de5dc9cc6f9fbba9
+AdditionalInputReseed = 4640cd7e27ce29680f3664361a4b2db1112687a686b25ad2
+** RESEED:
+	V = a8c52ca23e914c896968d504f6c028c5e16955b60de623b61286f123beb23d13101aa62e828183314676b15cb9058ecf683d9874ad9989
+	C = 6d0d8e9b8a2c6913f350d49f0d9361f536edef7561899bdcdfb7008d075d2b7b9c7ceaca3bd040c1d9d59df51fe96139474bccc07ddd91
+	reseed counter = 1
+AdditionalInput = d10ace012a794fa8711548ea3d6e4e7919a4dc0199cdfd90
+** GENERATE (FIRST CALL):
+	V = 15d2bb3dc8bdb59d5cb9a9a404538abb1857452b6f6fbf92f23df33757ccfb7ecf44d488ccd6b44fe4525d17742004c10b0e1cd9e74125
+	C = 6d0d8e9b8a2c6913f350d49f0d9361f536edef7561899bdcdfb7008d075d2b7b9c7ceaca3bd040c1d9d59df51fe96139474bccc07ddd91
+	reseed counter = 2
+AdditionalInput = 60b5d266f84a8db1e2b4c534c5744a811923093e17588527
+ReturnedBits = 82136348db26c1815dde2f0d8b1cca0a2167133faa7580ca251f7325d706bfe0878f9e7ee57c259f39e18a1bd6f53cfd6d070ee2fbeb5b67b46899769ba56d8171db52abd9713cf455aa82318e12b9264b22768b57d07bb6a6b7bf29cb41b7b64102504e9b36b6d09278ec3905ec1606
+** GENERATE (SECOND CALL):
+	V = 82e049d952ea1eb1500a7e4311e6ecb04f4534a0d0f95b6fd1f4f45683f8956aa355c338a83f21add054c70c52870303d6d96108599798
+	C = 6d0d8e9b8a2c6913f350d49f0d9361f536edef7561899bdcdfb7008d075d2b7b9c7ceaca3bd040c1d9d59df51fe96139474bccc07ddd91
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 85a430ad2fd37884e52ed8a1d097e37f9bccadece47ca353
+Nonce = 53f17a149e14c6bf126f8f7f
+PersonalizationString = 
+** INSTANTIATE:
+	V = f92345367a691ad74563d79275ada75ac1f2b1c473daaa63a878834432eba98c0f123d6304529981569eeb55de329aebd20a3a15aa8447
+	C = 8444b234f9c9494d4f58142ddd1e9026a20ef574738ebca6f823799c5b934755b1ff755b583117c08aa3132c059f0f0b877391f0b96304
+	reseed counter = 1
+EntropyInputReseed = 0d761a17e98d1ccec3f0ab3241b9d75adb9b612b56be4242
+AdditionalInputReseed = 73dfd15dbf24d81d58588a932af8dc25bc49d340702376be
+** RESEED:
+	V = ac5d25cc41a4f565b6812403e2a110367a1a1028ee3a654148a8e241900f397a948f5ab55a48704d5d38bf7f2b6097e81768bba8ae9244
+	C = deac0782dd2a99ef4e706b3c6e4255fd11961c9d9f08e1296990b805f84afd1ca7c54a680513c3e3087c13207e37e6a6f2f5d57b3902a4
+	reseed counter = 1
+AdditionalInput = f26ec11ff9cc7dd0385f83f51d55c23ee7cfdc8bbe6182ec
+** GENERATE (FIRST CALL):
+	V = 8b092d4f1ecf8f5504f18f4050e366338bb02cc68d43466ab2399aae7e8f5977a7c62488bfc0d7a02093bd8a0ac3c5b1521e1c1b092c3c
+	C = deac0782dd2a99ef4e706b3c6e4255fd11961c9d9f08e1296990b805f84afd1ca7c54a680513c3e3087c13207e37e6a6f2f5d57b3902a4
+	reseed counter = 2
+AdditionalInput = 1c2357b72c058718715cea8b06155750ae5191a32247d48c
+ReturnedBits = 08c1be569a3b619ca57e7d1d0ec3769a3d423a156edede855bdba38b5a0b53c7f91bca0125ae0b4ac2d01614d9523491a762729d9f575b222d0fe683d895f40a3a74d8ff6ef42102e06374a838af0f2d15c86bead54faebd7882698d2b2f4df665f8154a591c003fa869f25a4a7e8591
+** GENERATE (SECOND CALL):
+	V = 69b534d1fbfa29445361fa7cbf25bc309d4649642c4c27941bca538e9721ac779c7fb666fc75f487bc1c4a0efb8d0986900461ea080612
+	C = deac0782dd2a99ef4e706b3c6e4255fd11961c9d9f08e1296990b805f84afd1ca7c54a680513c3e3087c13207e37e6a6f2f5d57b3902a4
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = effd176fba3d9e1c275579b07ba130cde571d0c6676318d8
+Nonce = 506d2b8004a79db1c7850fe9
+PersonalizationString = 
+** INSTANTIATE:
+	V = c4022ef3125b89e232b6fb02a2a9f85065819a1e388d7491ded357ba1ef5bd6c33c9e5ca10d5f83386dc776725ca244473e3063beb8e3d
+	C = 0c70608ae6ce3040f0f41c04c87f753f2924c35f272e82df314032c958cff2c37177cfdc657ec56481da98c5ae2ebe663f2a8d2125be22
+	reseed counter = 1
+EntropyInputReseed = 1b310870da923bfddc2481af1aeda060faff5316aa7ee64e
+AdditionalInputReseed = 23a0cac5de2f94a57273bba87d87490250fe18fafc728918
+** RESEED:
+	V = d7a83077b310500f956612d9a8caa7fe7e8f2caaab89be8a0c5f490f258ee4a465afcba2930fc369ce9e2b39be6adddb33984f33638269
+	C = 08ffabaeba330fb936eab7a6779d1cd7ca365145a13b62a68a952040618ee2bafeaca8aababecfd9c13f149fdf1c2562a6b1d01653ad63
+	reseed counter = 1
+AdditionalInput = fdafbcb85469bf7cb5fd581bc6885900837f2545dabd1941
+** GENERATE (FIRST CALL):
+	V = e0a7dc266d435fc8cc50ca802067c4d648c57df04cc5213096f46ab31f543b3385cb125d3c1ebeaf4344c8da47a8efc5fb52a2fffbce8d
+	C = 08ffabaeba330fb936eab7a6779d1cd7ca365145a13b62a68a952040618ee2bafeaca8aababecfd9c13f149fdf1c2562a6b1d01653ad63
+	reseed counter = 2
+AdditionalInput = 341b60d8368300d8b2c81f84d3fd07d3c6937d7443fab12a
+ReturnedBits = dcd07c0abcba7482a64c83eaddd12403d93d59c611eaf41cc311915dd2923c0bae9a0e66be7db2ff264690e77960d9eb37a0473446c97c078c33822202d34929293344757f2c87e74eb38e4d97c72effa36ec172a422cb2aa221bcaaca93e682ae4cdead8bf57b80f4371176934f5632
+** GENERATE (SECOND CALL):
+	V = e9a787d527766f82033b82269804e1ae12fbcf35ee0083d721898b35c63cbf6d82e3651043c6e083760f12f6b4b3f7dd668bb7c2368ee7
+	C = 08ffabaeba330fb936eab7a6779d1cd7ca365145a13b62a68a952040618ee2bafeaca8aababecfd9c13f149fdf1c2562a6b1d01653ad63
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 8d4e4414c721d7458be0c56adacc1d1fae36b83fe2956436
+Nonce = d10546cc598b6993afe6632d
+PersonalizationString = 
+** INSTANTIATE:
+	V = d5bde880c24aa567e2348b480c5dbe045a1c106c66a4ba09ccdb38e52a94cf9e66ac8799050ecbe1abd41ddffa5d1500d8923595fd9000
+	C = 5776c6db0d99faa65f80aee472f6ac0f9b1ff98983d7630141cad0936cb87aeb4f0a64e319ab45bf9fd147b1d0fd0cbd270bb3da20cadc
+	reseed counter = 1
+EntropyInputReseed = 3c4f869b50b972fc991263e72040a79ba4947d1d11fabc3c
+AdditionalInputReseed = 70c2394138f59ba60247b717d4b4732deddba2617c01e876
+** RESEED:
+	V = 50dfc6bf7bd6fa7ee2d13193db37af2c85b51a7643b31c8465e7da38da2b1661f608966952c99cc7eae52d324527be4014de97a860ed8a
+	C = a6f7d7b0ac5956ff3561c6ec23b181d2a2841e646877a1f12c8a043d56e2e15ff1ad59bafb372af3ca52dd5af67baa9236547e2f5df8ee
+	reseed counter = 1
+AdditionalInput = 0a1900ccdb35871ee7e6db0ac3e95df2bbabdc39ca0d9042
+** GENERATE (FIRST CALL):
+	V = f7d79e702830517e1832f87ffee930ff283938daac2abe759271df685080ee759d42b040b4d6ab867389d5ba72ebfe5b3f4db3c67c34b3
+	C = a6f7d7b0ac5956ff3561c6ec23b181d2a2841e646877a1f12c8a043d56e2e15ff1ad59bafb372af3ca52dd5af67baa9236547e2f5df8ee
+	reseed counter = 2
+AdditionalInput = 97ace36cd3aab76c497b5730b2e8af14d30bc6c2686d6da0
+ReturnedBits = 9113b573250b64c0a33c851483ff9cb11ca0c6f59bea79c32774629a7b3c72cd7752468fa98b168ddbd8b458562d17de79690539edfd20c91befa8136d6efb88698e5a17933400f636bde5c041e4b4f955b05479f57573ab986fb7a9d67a973d48ad191258ad9fae563d69cd225f37e3
+** GENERATE (SECOND CALL):
+	V = 9ecf7620d489a87d4d94bf6c229ab2d1cabd573f14a26066befbe43b6550a0dcac239a07109a467cb61cc62c2716d7cf375f497f1ce0b8
+	C = a6f7d7b0ac5956ff3561c6ec23b181d2a2841e646877a1f12c8a043d56e2e15ff1ad59bafb372af3ca52dd5af67baa9236547e2f5df8ee
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 7ff5f6e0383539e23150335f876ce2c285ee1046e9f085bd
+Nonce = 6b4e62f5b15ae3223c3b73b8
+PersonalizationString = 
+** INSTANTIATE:
+	V = ce9326597cd2c907da358294371712277e7045038210294b6ab96b3fec708f25c48681e22f321bf1dae366ec9f156fadc8845e7c7c8208
+	C = e9ffd260f5690c34729f0d46d963fe378545566bcd222cb9061cb634db3db91760f47115bb9449b8f9b00999770dd5fd55a855a21d5622
+	reseed counter = 1
+EntropyInputReseed = 71a7bde9c0de7944c0e38460c7004819385b24e88fb2a384
+AdditionalInputReseed = d190b9b14be08a77f05ab71e3f27bcfca3129b09dcaff8d5
+** RESEED:
+	V = dfc118478613577a7b4953f9af6e7fac00c09b044696789c97bafe09b099b6e5a4b40bcb606fcc017e41f344a76cc2c85f1ee4eb5ee4fe
+	C = 8d78586b85a40d81fe54c18f87cbf81815ef76fb2caca9aa50a22e6bed9685631c88d3d9e3554a08960c771fad361e13bd457e4d2bcbbf
+	reseed counter = 1
+AdditionalInput = 7892ccb258e758b2d67448166b8f543219f63ae7d51c05eb
+** GENERATE (FIRST CALL):
+	V = 6d3970b30bb764fc799e1589373a77c416b011ff73432246e85d2ce871d1a5bfe4852190d22b397f7ab4a8277da7db5dda103efd7e7cbc
+	C = 8d78586b85a40d81fe54c18f87cbf81815ef76fb2caca9aa50a22e6bed9685631c88d3d9e3554a08960c771fad361e13bd457e4d2bcbbf
+	reseed counter = 2
+AdditionalInput = ae60ca011bab549b1c349a8449ac87db4d9d0c9a0ebf52ab
+ReturnedBits = 6a97ba88bf73e415e2bbd07d541ee6aa7d5f5a87b96bf55850b19a7422a9676c6d7809c1d3807aa43babb47c468f1b8efe3d6360b6fc1b1dc28f71cb66c90fc9fa8e6f5843dd0918801e71a5fc8a0bede29ea8f977a2c3de41316ab4f96269372b314900d354a137873bde40d8a5f8e1
+** GENERATE (SECOND CALL):
+	V = fab1c91e915b727e77f2d718bf066fdc2c9f88fa9fefcbf138ff5c5f86a464dab53351b1cc5ae3798e002c6c15836da33fdbbeb076119b
+	C = 8d78586b85a40d81fe54c18f87cbf81815ef76fb2caca9aa50a22e6bed9685631c88d3d9e3554a08960c771fad361e13bd457e4d2bcbbf
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 57ac65efd64b57b2b9e9e48acbf9a77f008811244cc1bcc3
+Nonce = ac13d6534631a03506e0ff47
+PersonalizationString = 
+** INSTANTIATE:
+	V = a45e391fac34e8069b76c8143898587dbe60b729f00493c9204696c655d17828d35769d3f1718b5e0951859cd957d4aba89538fb0448d8
+	C = 95e9c84bf0dc1623f8fb0a0c495554300d94b929356abfbd8be15b4069f48a3aa96b313e77e50876245a749c6a6e709218c82288d34820
+	reseed counter = 1
+EntropyInputReseed = 7c844d5954d4eca49215d58b5db571b32171099c3aff4725
+AdditionalInputReseed = ac94b68edc51edd55276dc4a79ceb0439ac26aef824b1c3d
+** RESEED:
+	V = 6e5cc381e8de52d640f9eb70478875e093d7f5eb4cd3425df5cd35dd40f53a355fcca7d33c04ec3c2161b5636d668ddc7e2bbede63543e
+	C = 24fed836b14a91d8baacdd6db3b71fc7cc35076a4b6ffc87ed54fa6e63b81405f608610ceb66658942181aeeb65539f7420cb2a60a4bc3
+	reseed counter = 1
+AdditionalInput = 76cacadca6d7402546413f923ebbf9b533ad4df9f0bdaa09
+** GENERATE (FIRST CALL):
+	V = 935b9bb89a28e4aefba6c8ddfb3f95a8600cfd5598433ee5e32231b6db798a2f3c203936af47e68b0cc3991d7ab97a5809d8c64e78a101
+	C = 24fed836b14a91d8baacdd6db3b71fc7cc35076a4b6ffc87ed54fa6e63b81405f608610ceb66658942181aeeb65539f7420cb2a60a4bc3
+	reseed counter = 2
+AdditionalInput = 0d0bdfda9c7162ff5f3cd9bb2e30a5464a2a978c13126ccf
+ReturnedBits = de12e11e042aa4aa3e2f4c2559e2d084887267ab260cfe6f482d73ce59499006ed1846a459528cc6981bc0ca963d0c7c70970842175096e94d509c1dde65475df1b147409d27fdeebff03a5dfc40b1044e837388c4c7266a93bfa792089d731d41592acfd995fe152fe9b93a23007158
+** GENERATE (SECOND CALL):
+	V = b85a73ef4b737687b653a64baef6b5702c4204bfe3b33b6dd0772da1cc939daa5f473ff3c2067d3cd65f776f046698b0d5d9178df131c7
+	C = 24fed836b14a91d8baacdd6db3b71fc7cc35076a4b6ffc87ed54fa6e63b81405f608610ceb66658942181aeeb65539f7420cb2a60a4bc3
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 6bc57a30e3111ced90156998d6b9ecae90567318c509a734
+Nonce = f55a13e019976eb01d886cc8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7b0725bc2c451588fe3947e9125e9670f6c6afb2ea8988fa38c9dada55b55ecc84c8a748d5686a75b780cf6459ff29ea8d9512e0ce10c0
+	C = 09e841b70870feb40aa13de85cfc58d9c0478f4a8747d018380ccd93287a819d2a7538672346acabf4164ff992dddc0bfff46ddada5bca
+	reseed counter = 1
+EntropyInputReseed = 3426a9046f4e288ea649974b0ce5766fed59e16e2a55567c
+AdditionalInputReseed = 19e6ec90e11c450e33b89ddc84247743f3d4feed2514f0e8
+** RESEED:
+	V = 30f06c233e76682594bfb9900cbf2fb8f9ce273ac7fe0dfdb0eaeee4d15c3f6515fce74de15f509e10774bfe0e5c0ed98b663ad72d3fe2
+	C = 6e380667172756a96770ea8a48d4a595ff328f59acc2c706020d061dc187e9960fc6dd1c80f1818ea8a68622cf3ba759c0ed1bbd6e4b5f
+	reseed counter = 1
+AdditionalInput = 8267f1ae6ecbbab8666daf4ac254a1b3d78c0642c69f2f41
+** GENERATE (FIRST CALL):
+	V = 9f28728a559dbecefc30a41a5593d54ef900b69474c0d503b2f7f676f139dfa439c7eeef466f9ec21b5d116fd9335490f94af5f7f1a9ba
+	C = 6e380667172756a96770ea8a48d4a595ff328f59acc2c706020d061dc187e9960fc6dd1c80f1818ea8a68622cf3ba759c0ed1bbd6e4b5f
+	reseed counter = 2
+AdditionalInput = 289cec3ed5686690ee2f978798388d134211cae8b995404e
+ReturnedBits = ab3996fbdaf88f8a868cbb31c2abeff0234d7de6672c208a0ac7546bd50b2924002d8c300b9b0b0364308c60208191e306fa68b78d2feedad9cf4a61e5b3f4c90524f38cc091b11284de7fe2f1f209a01db82e66f169764b359f46428986303d04f3fdac650b3d3bb2931c281c4073ad
+** GENERATE (SECOND CALL):
+	V = 0d6078f16cc5157863a18ea49e687ae4f83345ee21839c09b504fda972812c33ce216feeaf01cbe3accadcf5e85dd9c3de66992ac69e07
+	C = 6e380667172756a96770ea8a48d4a595ff328f59acc2c706020d061dc187e9960fc6dd1c80f1818ea8a68622cf3ba759c0ed1bbd6e4b5f
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d91a90376780f37d2d6d77afb72a569f1a754f4062079d63
+Nonce = d97e7f4aab4d0cfe416f1741
+PersonalizationString = 0dc3f7b7a4a4287546b5c6b75f28dc54356eba97977553f4
+** INSTANTIATE:
+	V = 1dd87c59adafbfbc40dede0cabd6b642c43e60dc04cc08a180df1cc8700d4193d73bcc73c9f9716d014a9621fe4a20bada2f602e07bbc4
+	C = 896594b107246c7e58a7cc967097bf214611afb85623e93cc4f4e70d0600d4f3deb202ffccbf5e24286d5d7fd622d1d3411d1444804226
+	reseed counter = 1
+EntropyInputReseed = 1dc951da88089f02be08c40d4a22e8f2cadd0b372d74095c
+AdditionalInputReseed = 
+** RESEED:
+	V = f3c9a327cda37e05276a4d7eb36db576392ccbb934f7780c11e191d1b330fe56b7fee7665a58629b6b71e163de2eb6297bca7d476eac01
+	C = b9973b6f6b4264b4c351a578b12f23c0f7afc3d3a6a865f2f36fbf0483a874d5ba88da2f5d734d961923352e62806cf6ef748e95daed83
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ad60de9738e5e2b9eabbf2f7649cd93730dc8f8cdb9fddff055151d4dbe968f5956f49d10443718c739d1a8abc2c9ed41d4c081438e6db
+	C = b9973b6f6b4264b4c351a578b12f23c0f7afc3d3a6a865f2f36fbf0483a874d5ba88da2f5d734d961923352e62806cf6ef748e95daed83
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b596ba8ff6e6012319fe322ffb7700cfc33a368682f53ba6df5e835e9e52fbeadc3043d70d540f5324e030d07c9b930b6b6bdbb198e04ca0ff3a3b167016c78b612b4e0c94fdb87abf52033e6153c1331f5fb52f04f7051e7df091fcacfa85f5fae555401207c1a5d64d504562db63a1
+** GENERATE (SECOND CALL):
+	V = 66f81a06a428476eae0d987015cbfcf8288c5360824843f1f8c111c6de693fb56f3360760c914035d310dbbae0f2f0b3292960368ff9a3
+	C = b9973b6f6b4264b4c351a578b12f23c0f7afc3d3a6a865f2f36fbf0483a874d5ba88da2f5d734d961923352e62806cf6ef748e95daed83
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = f8aa1dd61e3893ee4c8e9519f39486cde1ce14f6770f3601
+Nonce = 9b538dd1551aa1884ed7658f
+PersonalizationString = 30c0500b7a779b5bf7e94b306857bd151a956a1de09d0631
+** INSTANTIATE:
+	V = 0efa80b972ab87118929c2ed74a9ef295827684024fd693f4b6ece1d6e1f86eab439a1da92bfda8c8b0f666378fb27a2d26c965abd6fc5
+	C = c744d9aac53f48c1e52cfa6f2b17f0c34a68767151d0cd3c589c13b3342562371b77afd2a6e0c67376e6c625e9f0176ceac9adf2209027
+	reseed counter = 1
+EntropyInputReseed = 5e575514f00ad3ffa1d7ad7070d68d3811a1bc999542e4d6
+AdditionalInputReseed = 
+** RESEED:
+	V = 10be1bb128951cf35aa1aa53c2f8fa7ea9b786cbe6bcf2dd74b459bc8f410e686b9b87be0b4da254d8968503ae1ca47651f24f3247d23f
+	C = abe945aea083082c9bbf7cb7115ddaf4ba4b1c39676464227bf359b6becc6aabfd8dad2095f9428155e82a902e0007718f5abd8dadbc47
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bca7615fc918251ff661270ad456d5736402a3054e2156fff0a7b43d483a58b2d7c8f4aa62f0eca048e0cd5c342dcfdd4bb0d26ff1533d
+	C = abe945aea083082c9bbf7cb7115ddaf4ba4b1c39676464227bf359b6becc6aabfd8dad2095f9428155e82a902e0007718f5abd8dadbc47
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8bdc79ed30b65fcf6ee9672b57a7cb9c6ec701b8b875bf8228297989a39adfc86340d4470accabcbde90fcce9a80a6bf4918997ec2805e960822b44aa1d89719d0a545d9447057d59784a61a4c1a6ca9bf940c5c82e9aa8ca9c4b9fec81f2e33039d6bd7719fc39832d565ef06e1f7b7
+** GENERATE (SECOND CALL):
+	V = 6890a70e699b2d4c9220a3c1e5b4b0681e4dbf3eb585bb226c9b0ea0e0801cfdd4667dc0507b4dd58c0f1b83c65df5389415367777ab7a
+	C = abe945aea083082c9bbf7cb7115ddaf4ba4b1c39676464227bf359b6becc6aabfd8dad2095f9428155e82a902e0007718f5abd8dadbc47
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = f1ab044f02683bc272687d3be80c8680c7a135d09b23e4d4
+Nonce = f33671d7ad9613b0d5f8edc1
+PersonalizationString = 34a492e66faa93a5c260078a501a1025e4467774c6a8b412
+** INSTANTIATE:
+	V = db19e62d742bfc3083d140acb94522f89a67b1d2c92e34e4b0be25bf7c7453d23deab451d7e87b0efe4d0979ef25e3696fb079fdb0c10f
+	C = 6f0e3421fc6158225c355aaeb3639eed6a22d1899e34353db7a5d8bcaa438cf33b7169b4a9a8f2dfa8a403c445af92b937ab7044b872f9
+	reseed counter = 1
+EntropyInputReseed = 24bfe175dea97d869fb0f710afa3d59326e171f3800eb9a6
+AdditionalInputReseed = 
+** RESEED:
+	V = a940af9fe9489e0c6e5ce11284f0de6df4f1ddd5260b052aad77194e65bde3e465549b0d08e62e29c5f165760c84e9d0645fd4616b88aa
+	C = 3d403332a5295ed51dd937703657c2c661c441240ab6d70e9bd4806badea1a21b9ec59df46125e42bde9305e193ef232e9abd2f088f5bc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e680e2d28e71fce18c361882bb48a13456b61ef930c1dc39494b9a816ec6e8ac08b3f419181a18768322894ddc30a2fada607b88c6bfc5
+	C = 3d403332a5295ed51dd937703657c2c661c441240ab6d70e9bd4806badea1a21b9ec59df46125e42bde9305e193ef232e9abd2f088f5bc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 60c6eb80f8c4c1951bf50283289264a1bfb99b90517e03cf5ea9f6d3ae1b8e8d7ccd651b9edda76717287230dda0509dec09400f18ef9c82592ab2297541ca1b7b67672f58ca1095070d08be67cdcca1690d50e7098baf8a74e5febe5352ff8f75c0b27757b90830429b7e6cd15b3438
+** GENERATE (SECOND CALL):
+	V = 23c11605339b5bb6aa0f4ff2f1a063fab87a601d3b78b347e5201bc648ba96ed4c71dec7777fe33802c10cc726984e67951439af4c617b
+	C = 3d403332a5295ed51dd937703657c2c661c441240ab6d70e9bd4806badea1a21b9ec59df46125e42bde9305e193ef232e9abd2f088f5bc
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = a6fc1c6b1d1fa25036852df44835832212a433ec0b36db73
+Nonce = 5d715846aebc84b94e1610ed
+PersonalizationString = 96e2a7dd8fe39f08b0ea564b90ed49d06ca51d9b34b9eaaa
+** INSTANTIATE:
+	V = 37e012b99d2f29f039fb3dec3b152e877626b35ade0b4b7be83709706164fdb541687f631cf6116f2f280cf6a87aeba38f2a083395e33c
+	C = 2e13818bbcc864f406622259cff7d9f0c08caf6ea1bf686ff83eb87396816560d02295dfec9eabebe1e9ea490f50824b8b0b6988ab556d
+	reseed counter = 1
+EntropyInputReseed = a8f2fb8f4280f6d53b6cefbee6b965aff3bc576ac81cccea
+AdditionalInputReseed = 
+** RESEED:
+	V = bf0d40581cfe8811fdae8eb026acd1099181c8e900a1de7153b476beacc1da1ab56248fd31b871d110d6e6201c5e93aedf3202b98363f4
+	C = ab925c3da7e840758a31c39dc064fa9d0e470686522860e9e65b359651df5a548180062dd74a9bec677513b276acca47af0c5b2344d1c9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6a9f9c95c4e6c88787e0524de711cba69fc8cf6f52ca3f5b3a0fac57a19d05287b55a6b343be5f342aabdd351fec456e6897b9b6add1b2
+	C = ab925c3da7e840758a31c39dc064fa9d0e470686522860e9e65b359651df5a548180062dd74a9bec677513b276acca47af0c5b2344d1c9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0e4c32fce423523c4e9ed745b6b7e4d768fe92366f733d2e09ae33430a6433ae238c798a1a1fb738d4e1ba614c028be64d24d67b9cf885f25e34a0975cb849e6c137fd3ca8050511307dfbbc1b7a7d806e2d4f2a418b375f5935b28adb6f7afea8dfd6e8cd7d5447114bca56bd76d536
+** GENERATE (SECOND CALL):
+	V = 1631f8d36ccf08fd121215eba776c643ae0fd5f5a4f2a045206ae2bab982f586b8a5922c4e729f47aba096a695112e66358f2898f7b357
+	C = ab925c3da7e840758a31c39dc064fa9d0e470686522860e9e65b359651df5a548180062dd74a9bec677513b276acca47af0c5b2344d1c9
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = e4f9fcb486bdebf2423ca2a6454e5353d8aad540d8f3200a
+Nonce = 38a76e69d8107a0577baace5
+PersonalizationString = 4dc84f1c92aa130545f896499534f0b5d73b3aa0b4093cef
+** INSTANTIATE:
+	V = 0d3395ec7347302f64dcbb8411f23a5d02bade5f821c3e14e4c74b5a2afe0f9732889efc617745d4dcfaed38c555d820858d3111d6296b
+	C = df8e97e75e795903cc3f3bc8a8cf643ba98ebfb15811614b4c57de2621e2957e65e743499591db004ac1ea9186e0baf84942cc6071d405
+	reseed counter = 1
+EntropyInputReseed = b28118bcac8deaf4408fa9d084a6c0d46b07d5d6059a137d
+AdditionalInputReseed = 
+** RESEED:
+	V = 3b786ed13909fec268f08a8f28d6d0638569f5d37445d2121c8c3ddc02fab21198ccec1e0b0cd649d6dffa51ba7a4d0b5077de22884830
+	C = 0d956f31ad5e8c32d9c87490a1861fce99868c69770e28e185c1bcc7ac5b164238899a5248bcdb3f949c6d73b37fbe620bbc45fe76affd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 490dde02e6688af542b8ff1fca5cf0321ef0823ceb53faf3a24dfb1cc5b69db9086aa218d862ab42e3589fd928d07b881fde71d1b0dece
+	C = 0d956f31ad5e8c32d9c87490a1861fce99868c69770e28e185c1bcc7ac5b164238899a5248bcdb3f949c6d73b37fbe620bbc45fe76affd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 199d829a04a2b1f59195f43fc71e67e3512001e576ace2d3c326a3eafd813097d2ed9b71f7e59d483fd7d433c23bc10cfb49c592c786a333570171bf9b30efa6bb47bf26baffb988419e561e918aa172504b5c5e498bafce77702030d5a5b2d2d5e94af93a2d004fab501565eee3ec54
+** GENERATE (SECOND CALL):
+	V = 56a34d3493c717281c8173b06be31000b8770ea6626223d5280fb8406b05c43df0c7b6b9ee4e3a3051fd73859a69111880ff4793696923
+	C = 0d956f31ad5e8c32d9c87490a1861fce99868c69770e28e185c1bcc7ac5b164238899a5248bcdb3f949c6d73b37fbe620bbc45fe76affd
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 3c77efc9366336e64159a19330f15a1a12d7b9a1d432810c
+Nonce = fd7ff576a1565de03c9dbb2e
+PersonalizationString = 69a521cc6d6d70ef60a025389f360d8ee7ed9fe295c0c655
+** INSTANTIATE:
+	V = 703eb428d75aea433b1a29b60aa03d868b53a524378975bf2af9d863f0f7f7cb52e6087cae08dd0a5b395d48282d5a2e67dd727f121527
+	C = 259790ad081b00e11a91cc42fca5cade8dd6b7bfac708f55d046c644d916cad7ad5250300580508007b83a011758cb02c3bd7d802d9ba1
+	reseed counter = 1
+EntropyInputReseed = a52f7795665eed76d31474d39e35700bf9d1398f96a131fb
+AdditionalInputReseed = 
+** RESEED:
+	V = 46a1bac303f2ce43ce12041ac09b283ab436efc4d552aa6f1b5a8773c032ce9b05411089bbf111fcdce89b4ce8cd0207990593f79d8900
+	C = b3512b15aff96d9a59e64c0e26015a2d7d5a4ba798d68db8042630c10203b68550c142952969789e0d95d6a75e03f7450cdbeff06e631e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f9f2e5d8b3ec3bde27f85028e69c826831913b6c6e2938271f80b91f8a60a6693ae12f123dab83f9b7101eefab21081bb19c9901e26ef8
+	C = b3512b15aff96d9a59e64c0e26015a2d7d5a4ba798d68db8042630c10203b68550c142952969789e0d95d6a75e03f7450cdbeff06e631e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a8f90dd6a08ff2b9e4e01ca7af6e52fd52183a2d95bf4679121eee66a2be8d42e644866f698a039297c707e37813076e253ab7299adb7b2f6de4a8a2211db99546837630a1029254eef757f00e981f5dedcb0f47e723b445d3ed1c18257529106114a60831662916921afcf8b024027d
+** GENERATE (SECOND CALL):
+	V = ad4410ee63e5a97881de9c370c9ddc95aeeb871406ffc5df23a6ea3888909b4d06e0b1b756c7592fbea28d8ad604b476da5797e82fd371
+	C = b3512b15aff96d9a59e64c0e26015a2d7d5a4ba798d68db8042630c10203b68550c142952969789e0d95d6a75e03f7450cdbeff06e631e
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 70bf635a30dee0a7920ba22cbea51e6c27510e75a19439cb
+Nonce = fbd6f5b79572df6da4432656
+PersonalizationString = e45a08551de4df3a9edd922ed14f15bdf84a89e285e2ceb1
+** INSTANTIATE:
+	V = 46c4c9f5db029c2b0347fc2c190913ba395d03a6a1b0a24fc3e6be75399e38e1e6767a28883580b17fbc7cdff21f66f69ca8412e0e6cca
+	C = 87e421e9f6155ab4516def681b762f8c446f8126ebdc3c9ed81349599e4ab30c1301435c0a517e300aab6301dec2fb0761c667f83417c0
+	reseed counter = 1
+EntropyInputReseed = c0e6b0ca6b9273ecd12d320c393a92ca159062ff29374b72
+AdditionalInputReseed = 
+** RESEED:
+	V = 86078acf8823cb1efc21cd0291a1ca69d7753ba24e4a33ef827323aa00df5ce36245242694fe71c09a23b67fb55eafe78b23533832fcb0
+	C = 4aa1248d3e0fcc59667fd6a50ed39b69ee9c8f7b815c84299bcb43dab6d6008c98235ca5d4a251c6e7b8297f68557d98a03f88d1516b11
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d0a8af5cc633977862a1a3a7a07565d3c611cb1dcfa6b8191e3e680336b0075ae81ff92b370b18f8ec2d7de39004bc3bec74ce26e26624
+	C = 4aa1248d3e0fcc59667fd6a50ed39b69ee9c8f7b815c84299bcb43dab6d6008c98235ca5d4a251c6e7b8297f68557d98a03f88d1516b11
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4198f16229a06d4d8d8ce4a16aaf6c0d566d2ab785d85fee3a3e7bd080db45ba0c832d59fcfc8f0a24b51d70daaa3d8247a8295d7c3dcb9df59b64ded2940ae634e8a13e0895fdaabb320266b70c42a9720ee1e08ecb911f6816e09bb350e1bd427d73bb56e2da6247f6fd16a5ebee6c
+** GENERATE (SECOND CALL):
+	V = 1b49d3ea044363d1c9217a4caf49013db4ae5a9951033c42ba09ac4c0ddaf4216ed607f64b6be3ed76e8bcd36ac00ce8e1951a47714501
+	C = 4aa1248d3e0fcc59667fd6a50ed39b69ee9c8f7b815c84299bcb43dab6d6008c98235ca5d4a251c6e7b8297f68557d98a03f88d1516b11
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 67a47b11ec380a3914b0ba05611fffec9063ccca639d4dea
+Nonce = 04231a04d8e45e7e6d6efeed
+PersonalizationString = aa80da2bfd91204f750864b3e0fead8c307332aabc7b3f11
+** INSTANTIATE:
+	V = 39f61c9b613c296bd5f6a8e8467f60907a03748c68e003220a40575e59132ba91eb3c8bf009ebfd6ec8ece78df18fdbdd1a7c3ec978447
+	C = 841cd1c013aebcf08ad470dc8768cd75f892ddd1970e5f0b62194ec0d859c67423097bc9ba4ad2d50c8769e3ca64fee18b3768a4112b1f
+	reseed counter = 1
+EntropyInputReseed = 4c6a2f75ac68046daad8c09d664ad9ceed11cc50127516b1
+AdditionalInputReseed = 
+** RESEED:
+	V = 0e3a6e83a30a02a550aea8f2f2f49e28f483df1b1e883caec29c00a34e345214f911ae392d540a272eed68dc1ea255eb940d860509ee92
+	C = 35b3984e70b54c9644b1fcbc33fa30936cd91855eb4d81e594577f60f39c91dd6aafb0ab98f2580dc7b0757f31a3de7f4eab690568f7ed
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 43ee06d213bf4f3b9560a5af26eecebc615cf77109d5be9456f38016cff7efb550dd4f53d079ba1268ff7ee48b88e34c3bd207fdb5e3c8
+	C = 35b3984e70b54c9644b1fcbc33fa30936cd91855eb4d81e594577f60f39c91dd6aafb0ab98f2580dc7b0757f31a3de7f4eab690568f7ed
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a695d30435482cd2357140d81309288b66b9894697886786e5ac4be0b1c9bff5b21c07cf1b64a36cba4cf632df3cb15a41b8a2011d0a144254ee5f1733bb2338a8b7cfd60cdb6879c77566064ec24c91f3d175f3a8b29b9f01f09ac422dc33f0aeeed50add32cb0bf95d88429e6e814e
+** GENERATE (SECOND CALL):
+	V = 79a19f2084749bd1da12a26b5ae8ff4fce360fc6f5234079eb4b006628d5dd28be159823c843099442e9cd107f761ac1514002439de098
+	C = 35b3984e70b54c9644b1fcbc33fa30936cd91855eb4d81e594577f60f39c91dd6aafb0ab98f2580dc7b0757f31a3de7f4eab690568f7ed
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = dcb1138dd105ec427dd3894bc517313a2733b6d9f08519ba
+Nonce = 755ab3ee1db71301a8410b4f
+PersonalizationString = 4f429c706bf8a87ceafe3e989d435408259298ceacc16e97
+** INSTANTIATE:
+	V = 99fe90af80d8abc823144ca7de54ca1d281c8d69aa7cd0af0b374928f0b250e24715b60a092b2609631839ddb20461923c6bdd10fc2a6a
+	C = 33b55e9109da77bf5f837f8a2b5912895d7c7684099e56ac45bef070f8fe20d8c93a60e8db76df788da8be93fb79cfedd1811dac617c39
+	reseed counter = 1
+EntropyInputReseed = cb9e14f97881a274895d4fc7a59c3e433d46cde3d38432f7
+AdditionalInputReseed = 
+** RESEED:
+	V = 6af99046caa5299da292e6dfed47fadbcf4df04ff45e96aceb567010b42435cf103e95c807504e644296cc2a4956189bd415a5bb5e4442
+	C = 58d5d5731d10f4795807442b13a4f4a41705188c2fb62419989296c778c856d8fd13eb7fe9ad32ab74a1c7eab98cdb96e5c427d77dcc3e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c3cf65b9e7b61e16fa9a2b0b00ecef7fe65308dc2414bac683e90702a4ea09c623fd1c1acf7c7da299be09c9978d3239ff3e898ce36ac0
+	C = 58d5d5731d10f4795807442b13a4f4a41705188c2fb62419989296c778c856d8fd13eb7fe9ad32ab74a1c7eab98cdb96e5c427d77dcc3e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6078830c7aa176c1c6e84802a39c414fcd80adf1e2478bdb64897dce10649c34ce354bfef921da12e5f48a940a71acf9b7d6cf831277aa3c30b22e654064df8baa8af2fd350ab0ecc58d160b5cb92d946870ecc28cd57f725c1fd4abc23fd148183f36790b1be978bf13170a898c0b5a
+** GENERATE (SECOND CALL):
+	V = 1ca53b2d04c7129052a16f361491e423fd58216853cadee01c7b9ebcaea2bd8e62a1d7f5df5ac31141fce03282f9ffe5d198c2ce4f8dde
+	C = 58d5d5731d10f4795807442b13a4f4a41705188c2fb62419989296c778c856d8fd13eb7fe9ad32ab74a1c7eab98cdb96e5c427d77dcc3e
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = fb1550ba3d1bd3104849775fe271856b1fd8221b1e6a86b9
+Nonce = 4ba9c64c5c985f283a9c4e61
+PersonalizationString = 8dcf24d08dd243d5173ab34b1e1cd82fe02c6f11e4fb34a4
+** INSTANTIATE:
+	V = 90dedf700631d78063a153225ebc4ff95d438c5cb7bd4d6ccdb6e6539038ee14cb62bdf6c7e77493f154b67af0046b7acba0cf17848c43
+	C = 1361e65081f9dbf43e5f92cac99b46880287b9a1932380feb674d3e32d6bbfbcfb28dd45e2aad6f414290ddf3b36ad5261c483b68ffd95
+	reseed counter = 1
+EntropyInputReseed = f27a12d5f5d18b2889bc982e70b24e30c33d3c821c8bab83
+AdditionalInputReseed = 
+** RESEED:
+	V = 4ed019df3ea75dc78d452e88ef0e8e53dff692c10cea6e0f3f67154f20f92af0fd058d06184382d01d5dd4d0766d497153cc3b7156c88e
+	C = 6f9319556dbba224f4b0c0a067a7527a1833ed90248ab0bb4ee31cdb4244a94e538f98c7fd72b22b53e1fcc4b65c8aee6bd7fd723a65d4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = be633334ac62ffec81f5ef2956b5e0cdf82a805131751eca8e4a3245d4b05a4533fc34e1218de7cd6e7d7630c4d9c4d02bed15ff21656c
+	C = 6f9319556dbba224f4b0c0a067a7527a1833ed90248ab0bb4ee31cdb4244a94e538f98c7fd72b22b53e1fcc4b65c8aee6bd7fd723a65d4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7aee4e3cc5c7cc706055d87b9481c37abe3004eb13f7567e69d3400091e26566a26ad0bf7a71b0427ca97ca197ea26eafc883ebc7e87915d0252b474b07cba5b1962a939d98bfd742ed8d3873cc32fd68de82d224bbaafc36314028b331d9593484ccc53d7b26c2c36d120bef40450b1
+** GENERATE (SECOND CALL):
+	V = 2df64c8a1a1ea21176a6afc9be5d3348105e6de155ffcf85dd2d4f22b9415d55ba102d321078f06f4ac49e32f499a23e33eab4d9ef946e
+	C = 6f9319556dbba224f4b0c0a067a7527a1833ed90248ab0bb4ee31cdb4244a94e538f98c7fd72b22b53e1fcc4b65c8aee6bd7fd723a65d4
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 94773b7812af907f59f406567e3374fef667692a06a13c35
+Nonce = 7d52148313bd6552b763a010
+PersonalizationString = d52d506d24d72fa4a1b9741ec8a43132c948af064afe2789
+** INSTANTIATE:
+	V = efa4ca43fc91209e4cb35d6cf112d4e0c5fe392c7b0e3613bd35cf720952be01461ddac438b58702654b6b5a1207f526aad2d9fc1b2d77
+	C = f1d9bef8669899a4a07274394a4f729fed72820f4c23ff34d0f233572ae10f089ec059e254c323c45f1849b46a811f67cc5097947de5bd
+	reseed counter = 1
+EntropyInputReseed = 4b5a0f91282e0a031edbb56cb9521dec8fac84ca42af15c4
+AdditionalInputReseed = 
+** RESEED:
+	V = 2136040292d955e63217bbac33e64dadef839cfc81dd4cfacf09e4782d37258c3ed0d6dc202c0a0f89c0743e2fd2ed2b1c20ee18510f1a
+	C = 5fcb02b10c792ddd81839774b2bff75aba78a9f640b7e125dd1f00855de2dc01bb43b0a407e1c38485ac37b532bbcb5e72e63c3a23849a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 810106b39f5283c3b39b5320e6a64508a9fc46f2c2952e20ac28e55346911f6f92c1cdf2f9dbb85fdd4b7fbd2c42fd984a2102616cf060
+	C = 5fcb02b10c792ddd81839774b2bff75aba78a9f640b7e125dd1f00855de2dc01bb43b0a407e1c38485ac37b532bbcb5e72e63c3a23849a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4a22d5817eb531c92e99245bcea04b4e09e763b0ad74025ec0951e146c7f6132a676a081b67cad77e667ecf4b0f0b0aee82ca044aa30a53825c22a804e09d9ee744bf9c133f253fdd226d47e38f0deaa00e786e972cfb3fe43371ec8c76ee89c5917b7197756bb88ee582f9661d4c53b
+** GENERATE (SECOND CALL):
+	V = e0cc0964abcbb1a1351eea9599663c636474f0e9034d0f468947e660bbbd0f5ce54a246785f1700388b3603e768e1fa02026d69bf09875
+	C = 5fcb02b10c792ddd81839774b2bff75aba78a9f640b7e125dd1f00855de2dc01bb43b0a407e1c38485ac37b532bbcb5e72e63c3a23849a
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 5a6de71a6b06ce6fd5e835bbc53369117456e262df9179b1
+Nonce = 27c762aed7a2cd500e6e0e9f
+PersonalizationString = 1b5ad0a986d2c420651791db67e7bf10577d26bf8ed123be
+** INSTANTIATE:
+	V = e4ed73789e70ce3efd060563c75eabe988af30791ca3a7fe232ec9e88154765d75c7bde657941308809dce70c2e85078edb3928dfe9887
+	C = 766ed5b82bf5e166ef22c4e0079cc22e48e1277525c9f3e303de853a3a16fbe4e7b5d666c35f559a5eb43fe80b83e5fd1afc9515cba729
+	reseed counter = 1
+EntropyInputReseed = 2da586a79a96497df9464158590b30e48b63dfc58d1bcee8
+AdditionalInputReseed = 
+** RESEED:
+	V = 9abead35ee3758b4a0a2c56e11a88b1453d714299f27a7640473998ce7234844566dc16d08fcb98057dccc175f48442a8be6f60c0c3118
+	C = 8698c4fa4bb2505cf106c002df326aed45007c55d308d29037023f4f3810d2b41a6f8e1575e3cbc5664ec94f29f457d76050a9b9a0e9e6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2157723039e9a91191a98570f0daf60198d7907f723079f43b75d9cb203b56dad210f65414403c45a71c8a65de333f31d9f74125187b1e
+	C = 8698c4fa4bb2505cf106c002df326aed45007c55d308d29037023f4f3810d2b41a6f8e1575e3cbc5664ec94f29f457d76050a9b9a0e9e6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0d9c0f4c94320dd6af02cd9a944209a21e6e6732f3bcb9f90b5583539d357c2bf92565a7c96cde5a91c04cbbac195c6ade403732e30a4251b6efff1e88af8fd9c628984a82a0926dde3b1c3a9646f26f77be3be27b3c3e57d5172ccac418eff30cb5f73e7b138fe08aa8af627a76ffbc
+** GENERATE (SECOND CALL):
+	V = a7f0372a859bf96e82b04573d00d60eeddd80cd545394c84727819925a8f5b6ced8845e425b07fadfb23c7a2b18e58c2a68ca5b0f36216
+	C = 8698c4fa4bb2505cf106c002df326aed45007c55d308d29037023f4f3810d2b41a6f8e1575e3cbc5664ec94f29f457d76050a9b9a0e9e6
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = fd9a49f3e86f0d6ef0ad30b2e9a2c12a6bb1748b32966f29
+Nonce = 60e6d09b9a970d3d8257f095
+PersonalizationString = 7c8c614411f183e805727d86a3451a1c03ad690ce6fe6cca
+** INSTANTIATE:
+	V = 63597af8673e35d6f8e2fd61ccce794f984381fe507058273fe61680709734305ab0434bfcb429e37771811156a389cc83dc4b4b19c787
+	C = d03b84047ee6791e1efd89b3ffbf6f0eaf5b4368394655983c120610e810e66904c7d50227f01452c852e15c16c3f70497e72f28aa7925
+	reseed counter = 1
+EntropyInputReseed = 852ae97714c3102dd77d961c99e6ddc76c7f2b92770ac3b0
+AdditionalInputReseed = 
+** RESEED:
+	V = a2297542f3dcb3f17e1cb1b13dfa0aed109096a34d73a4d1193b863bca45a9b6d54c73612bcd0937715b8cad6aebb5f709400d9da17a6b
+	C = 1213b5c9b95697710d2da7567f9843f0a17aa8c332d45e7351727dbdffcc98829106ac11f401f313ff8433d5d3289e0ccaa15a58f16336
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b43d2b0cad334b628b4a5907bd924eddb20b3f66804803446aae04f8d81c3ad472cf7d5057a9672b6868279e86b28be4e2ae6137e5f564
+	C = 1213b5c9b95697710d2da7567f9843f0a17aa8c332d45e7351727dbdffcc98829106ac11f401f313ff8433d5d3289e0ccaa15a58f16336
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = af94022304bdf8d8129c72b5f64a7e9df07d71cf58610cbe2b0ab0b926629c1d2c9a5bce85d7018e85e441d669934b531264fe757939bfa7364439d567dbe5557d9c736c75b9fa798193f0b12d941b4c2e08870df2da80f6625718d129f219bf49b7e9535f0e605250f5c7cc8d31a190
+** GENERATE (SECOND CALL):
+	V = c650e0d66689e2d39878005e3d2a92ce5385e829b31c61b7bc208338bbb4ee7126c518ad12025dcbaf28ccba7d4bba966b7d1ae1bfed44
+	C = 1213b5c9b95697710d2da7567f9843f0a17aa8c332d45e7351727dbdffcc98829106ac11f401f313ff8433d5d3289e0ccaa15a58f16336
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = f095966dc8e8da6659dbc84217735eafb2133d74f5bbcc4e
+Nonce = 02631592daa0d1f1fb4b4a6c
+PersonalizationString = c7e3f29d3dc35822cd6f4b045fe29f61d49f7f981a0c2475
+** INSTANTIATE:
+	V = 06befd447d55f41c49fbb2cc356e8a3b82e3a60504307d4fc44ec21668470d2f6343e8a579c6814af7a0d87a49e3b5a29dba2a0444edc0
+	C = 9d92f955a9f4ee8dedcd167652990356505649878d4a479386460edf91915c9e04d99cbc5287ceee9d13158fd2f40e12681d8d2b747771
+	reseed counter = 1
+EntropyInputReseed = 5ab8efff2022b84883533384e6318fe8ad1066649f9695df
+AdditionalInputReseed = 
+** RESEED:
+	V = f321bdf00de5e1595709bc296c9c5ac0e85be3345a9a27b0f3f8e303982afa6caf24f253216c2fcf84fc2eda95c77ea282b221077edd34
+	C = 22fbf5c631408dd3673ed2e09df43c1530925dfd75b5b9bbbbee0f3ea51ce0c3d3a3b51b7892091f23f1d090e85f463c387fcf023a00d1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 161db3b63f266f2cbe488f0a0a9096d618ee4131d04fe16cafe6f252866ccc9d73672990d57a49045a2e0222fb2eee063a201a6863ba76
+	C = 22fbf5c631408dd3673ed2e09df43c1530925dfd75b5b9bbbbee0f3ea51ce0c3d3a3b51b7892091f23f1d090e85f463c387fcf023a00d1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ec4b922105cc5473f3b249eba0972ecdef3cb3c6cc69390e3cf58aa048818cb8954ad4e3470d6a1f018541c8e7efcb687fa77f35072fb13ffbfc8b5155e908169a5ac29941a0942eb78c3a6cb6ddbaa5c5942f0fbf67d6c539df253b7ec7c3829439ea0b5f1803fff311c2289ecb8048
+** GENERATE (SECOND CALL):
+	V = 3919a97c7066fd00258761eaa884d2eb49809f2f46059b286bd5028d83c7222d6dc6f0ffe32803e37c0a63662eb1899845344bdae87bb8
+	C = 22fbf5c631408dd3673ed2e09df43c1530925dfd75b5b9bbbbee0f3ea51ce0c3d3a3b51b7892091f23f1d090e85f463c387fcf023a00d1
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = de63c885839c5bbb0b524c2b57dcadd24cb0f370f680805e
+Nonce = 70052de8b4b5904c06b623c5
+PersonalizationString = 65cfd784054972f685850452a04dfa73930bfa1d08526aac
+** INSTANTIATE:
+	V = 061dbd64e1fc696784ae0089320d0a4439dd8d7257c541cbf383ea3c34381af97da7c96e4be6e818667bae883552ccbd61fdfc825d7851
+	C = cf16e0bcdcf9dcdb3c952d39569e842f7b4b0bcfb605eaaf59242ee847d9de1140b3b857d26946bc77d40dce3e222fb31434bb16a69474
+	reseed counter = 1
+EntropyInputReseed = 677462a1a7dfb8106b8e23ad5c9f6b052dc1817c337082bd
+AdditionalInputReseed = 
+** RESEED:
+	V = 9be05a90cb9a7c0ab90ede05aee476ba36c9cecc011aabaa5a9f578a541b17ddd451b596b9bfc51845c0765424bd8db5c1b9d873d68c88
+	C = b4590255e2fe213c5845601c9da135939e759df0a3c37cb5e24aa69214bb7d42acd151207bcc76e3627d6e0e294b79ef4e011622f47013
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 50395ce6ae989d4711543e224c85ac4dd53f6cbca4de28603ce9febb537e4c02b8ba4a6c8a89d3699ee47710a492fa0e619a5f109464b3
+	C = b4590255e2fe213c5845601c9da135939e759df0a3c37cb5e24aa69214bb7d42acd151207bcc76e3627d6e0e294b79ef4e011622f47013
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d4411df7e901c66a1b667cea66d2e21ad8bab76fbe189469e03b16a4b2346aed640278fc346097b6d494e74713edfd3fc75b9a89b51a05e0a295b05202c66ca95f7627f2dd3e7b70b3eb1fa1e007b443b47d5aaa3b6a3eecbaded109c9a5ce3e9534ad0f7e8eaf808280e1d31b82fe2c
+** GENERATE (SECOND CALL):
+	V = 04925f3c9196be8369999e3eea26e1e173b50aad48a1a5161f34a5dafbeb365254043599d99712b79b5e6531ad82815ace74c62cebc4ae
+	C = b4590255e2fe213c5845601c9da135939e759df0a3c37cb5e24aa69214bb7d42acd151207bcc76e3627d6e0e294b79ef4e011622f47013
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 4a94d8aa827ba2b0f354e5d20977a488b76201311b789e6d
+Nonce = 6ad176d4a3d713fe4d1a269a
+PersonalizationString = c3619cdff70457dcff4a08e498003bfb7050afe77a7ca841
+** INSTANTIATE:
+	V = d19debccaa4659666a981c7aa2b2d9c936045b0f403c46c81277eb39d73c562d1d56ce1297a1fffa425fa5342b1863b6b0e1de6e05f153
+	C = e8e8880f2a13dcba302d01b9ae3b3cf18662437bc74cb78894800de387296764cabfa56c2ec8d196fafb3f26726a90ae6469ff1bc1ce75
+	reseed counter = 1
+EntropyInputReseed = e16e6ce422207a2b8c98fd4137f5f35d5127cb6d0eeb72ef
+AdditionalInputReseed = 738594682f2475217220c64804f231a323e1321cd657739a
+** RESEED:
+	V = 08927d4c72374bd1b3a041f944ee9fe14c86d69eb754a5bd0d6e739dc1699942d73858d58ab86c3be056bb15b811de6efe066b8fdbf571
+	C = 930d7422e521c9d86dda3f03030f6bad77c2ce590ab131e7f4ddfb7a3372edec99d1b85099f6570c74ecc99aa2748d7d545d5b6cf0629e
+	reseed counter = 1
+AdditionalInput = 7ea2ea8fd7cc306275189d55e78ba809e5f28d58cc5db8fa
+** GENERATE (FIRST CALL):
+	V = 9b9ff16f575915aa217a80fc47fe0b8ec449a4f7c205d7a5024c701fe5d68e7d64cfe6e38d9ed6ec52d925358e4fec54ad9a970b391392
+	C = 930d7422e521c9d86dda3f03030f6bad77c2ce590ab131e7f4ddfb7a3372edec99d1b85099f6570c74ecc99aa2748d7d545d5b6cf0629e
+	reseed counter = 2
+AdditionalInput = 6df7388057a8388f18bff94b5f9c6545e275996a600d8e15
+ReturnedBits = 945c36e2e285da9dcf6ae59db153fc39eda3c5c5a035d68b7565981eb2b6dcbfbd1333a607159fc55cfeeed516e8956303473e07d3ae0c9754d82d4d6833e570ed5e9c548ac8038534bd8cecaa3def4ae86bccccf10fc2b3bf666e8b108cbeb237da2d299aed55d9790329f78a70d296
+** GENERATE (SECOND CALL):
+	V = 2ead65923c7adf828f54bfff4b0d773c3c0c7350ccb7098cf72a6d4c7442ce3a27011ef50dc19c2cad2edb4d5ecf37809c9754a060ccf6
+	C = 930d7422e521c9d86dda3f03030f6bad77c2ce590ab131e7f4ddfb7a3372edec99d1b85099f6570c74ecc99aa2748d7d545d5b6cf0629e
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 0904c6d8d491d0426a6537f40ff80e49d9ca411ef35e64a8
+Nonce = ef8c77a9d1da78d31c444b88
+PersonalizationString = 5d117127e78c8fbe5e317b55cee5e16969135ee3e58412b6
+** INSTANTIATE:
+	V = 31ecae3cbcc530545dfeaec56fcdcc5dd3f6b495e748a574fed27b40640e2bb4cfc67cbb1753b592bd166146592aa6bb5e86dd09858883
+	C = 48e5a069be0fecc9a54def1b2dec55362a39eb3a634cceed35f62bd6748cfd5e64d58e93954323e6a7c4c7d2843bbed1acfd049819cb98
+	reseed counter = 1
+EntropyInputReseed = 609580bfa4092d9dd964137fb67ccb7ec9601a1bc1c872df
+AdditionalInputReseed = f6c4ecfe957aa029f38ba791e8852aedcc21e4983ad02b44
+** RESEED:
+	V = 752772b7dec7f65fc3c3328e99f143589ea80deac841407d23939d38033763ad0d1951c9e8dc793cebf0178cbb9233480fc920768dbba6
+	C = 0778898d8dacdf988aeb8488170ab9be6a891be4f8948ee1699c9f5f6e73b8ffbf579374d17f8873d35265496fce5f6b42e90d3d4d1ade
+	reseed counter = 1
+AdditionalInput = ec5538f6ec3646cbd1accef230076f38eaf644759aad95b3
+** GENERATE (FIRST CALL):
+	V = 7c9ffc456c74d5f84eaeb716b0fbfd17093129cfc0d5cf5e8d303e554c626a7d64710d4a6d1332e064e663170c758f66b05cf57f68d205
+	C = 0778898d8dacdf988aeb8488170ab9be6a891be4f8948ee1699c9f5f6e73b8ffbf579374d17f8873d35265496fce5f6b42e90d3d4d1ade
+	reseed counter = 2
+AdditionalInput = f5969fba084bc9fa097e7412da650e53eb59dcafd8667848
+ReturnedBits = 61a00ede66e9da95e96a9a60cba9f9873171264254a3d58df716ae32063947964d7f64bced5bf847a3cd570407e7baad960b796d9b656a04ae554ece7a0b02d6857b7690494c20d4c00711ab55c0032f246c608ee1ee094ae4658bf0a0374cd3bc2ccc9f36fa7ae8deee6e2f2794a896
+** GENERATE (SECOND CALL):
+	V = 841885d2fa21b590d99a3b9ec806b6d573ba45b4b96a5e3ff6ccddc593fd4c3c53a8f8054aa2274bb50644900d0ca46e0e222a5f8a445f
+	C = 0778898d8dacdf988aeb8488170ab9be6a891be4f8948ee1699c9f5f6e73b8ffbf579374d17f8873d35265496fce5f6b42e90d3d4d1ade
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = c51d286d03135f706324a2cbdc70b25854d725dc7c65deb6
+Nonce = 7d24acefbc5a4c3db2ae0cad
+PersonalizationString = 1e34506e9252d830d89ea0eba084bf5648c675fb69a10efa
+** INSTANTIATE:
+	V = 0ff097f36c99f9b6c4bc827d1aae5c60dcaffe3ce50808a3a11ec4faed71dc12d23575b61ab9c2afac8218cb25f72756daf9717d4eccf7
+	C = 520a5ba92ff5a7b1d285a5bf4cdebb3533d82f34c1f78e03f478568f7d50cc28c9f3bac3de99df3d1eb73f03b1c2fa58dd36524cbb34d5
+	reseed counter = 1
+EntropyInputReseed = 93a70f60e1a3d2375d0a72863267eaca289a70db4f1ef4a5
+AdditionalInputReseed = e9cfb12e74fe501493179e95f4dfc9ca17a2ce8cad768c8e
+** RESEED:
+	V = e750ae66260dc02e978e5d517fd00c62a4b61ee22a06eb6d316825cc0b86224b759e4b351147f5abed211f795923ad2d45bff68b60e3cc
+	C = a074f1002db305948f97ef8a1a27c5160e60cab71b66c54f4b7a139f51c8a88a7eeab9fd9bdcb6c554ed516bc5c560e6e7aaa61ed76cc9
+	reseed counter = 1
+AdditionalInput = cd66144970ecea4a4b69313ccc8715723b004386f83bda1e
+** GENERATE (FIRST CALL):
+	V = 87c59f6653c0c5c327264cdb99f7d178b316e999456db0bc7ce23a2d4ac94b5eb831fe182c912ff41ccbb9a4582d856147f2eb920882bd
+	C = a074f1002db305948f97ef8a1a27c5160e60cab71b66c54f4b7a139f51c8a88a7eeab9fd9bdcb6c554ed516bc5c560e6e7aaa61ed76cc9
+	reseed counter = 2
+AdditionalInput = af2b9da08cfb8eaeb987476d1bb3d41437c18b6b3fcac9fd
+ReturnedBits = 09af8875689ca70066fb3470ee9ed2ff4a1fde43af58f36351862dbc746d794d57e17b137d366be5fffa8a6dd480fdf719734dec65e8f934e5980a20ef749464afd73611bf7e6a326937328ead582529cbbe581d4a08d2eeaa9c84fa68a54bc523c45e5556681594f18ffa87663fa310
+** GENERATE (SECOND CALL):
+	V = 283a90668173cb57b6be3c65b41f968ec177b45060d4760bc85c4e8010dcefa3854c8f70658c95a55a34907cdf3ab95b357712daf661e1
+	C = a074f1002db305948f97ef8a1a27c5160e60cab71b66c54f4b7a139f51c8a88a7eeab9fd9bdcb6c554ed516bc5c560e6e7aaa61ed76cc9
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 6ad916e2a4217e5a6a44a6270e6ec25d6f374d68cde746ae
+Nonce = 878150109f5ff956e7311bd8
+PersonalizationString = cc13fadb0a14b4f6d5cf1ff30f1797c27d032b370a28a5af
+** INSTANTIATE:
+	V = af91aafffb8d6ae323d1d10e9453ec7e74acaff378b808079aee6188ca61c6fdbfbb5c26031342d8830ad4f023b50dae6599e0dd098432
+	C = 4f216dd44246b1c91b48192f27e487755d5d8a3cf7e6555469f4768745450566e00a52d3df43a325032ffc854ae30e5016a4a5812afd3b
+	reseed counter = 1
+EntropyInputReseed = e973b680ccfb51ce8cf5b94e9b03baded565b268d182949f
+AdditionalInputReseed = f1b35d904cad45fbdc122e665ebda2807290e364f0f1c6f6
+** RESEED:
+	V = 72d511371ec41ff93e3d4fa2f4c82fad2ca624e13434229c12b9a2de3dc25a722dfa963d4d9153db0f13d84644be57e518ab5fa808b21d
+	C = c96f67a403545c088049d4e1aa6e24993d84c00b03609e5b80b8f6b35fbd000b4a816a76ec5e0e49b966e7a69e084b3ba4608f87d67a52
+	reseed counter = 1
+AdditionalInput = e6b3d6a196de2e407f4fec0f74e3661816691ff3d66e80a5
+** GENERATE (FIRST CALL):
+	V = 3c4478db22187c01be8724849f3654466a2ae4ec3794c0f793729a1b7659080cef827f01dba04aa4868e980a8e99c59337f344375971dc
+	C = c96f67a403545c088049d4e1aa6e24993d84c00b03609e5b80b8f6b35fbd000b4a816a76ec5e0e49b966e7a69e084b3ba4608f87d67a52
+	reseed counter = 2
+AdditionalInput = ad62c59562b4c086683467fa5c0474cbbb073e5263eb3bdc
+ReturnedBits = c9f2c33ad578966e0e9adccd50fce4529aed241688a86c43db69f064f5b114fd6c08476af6c6ee8fce67200da5f469290dca87c7eac3aee6f04b108c5d5e8d41d6c0e123915f1d962a148fc33378c1999d18590840f246e004d24399eb3270cc063e3a52040630f1a598e871d5bba8d5
+** GENERATE (SECOND CALL):
+	V = 05b3e07f256cd80a3ed0f96649a478dfa7afa4f73af55f53142b9239356902f3bae971b674f0d844ad826f798b1970147b1874dfc5dc00
+	C = c96f67a403545c088049d4e1aa6e24993d84c00b03609e5b80b8f6b35fbd000b4a816a76ec5e0e49b966e7a69e084b3ba4608f87d67a52
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 88593266dce222bbd4f655f8fe0aec1e5f6650f8bc4deb38
+Nonce = 356dece5f0482b4c803ddca9
+PersonalizationString = 82f6cba24f023966984e6ce106cc34841b7c30c72e3c1947
+** INSTANTIATE:
+	V = 4af135fe2a7f7a347e27e959cdcf569d0bf99f1eec7784e7bb60bed46557387134ce78ca90f159b623f9e7660182045be93a0409f9ebbd
+	C = 5d1a524ed2c7a4f36871fd34cb8cac208f44fbed27204b668c6a69ef6f91632d38ce76e6f8696c33bbb50964e72de85a9d5f9e92fa7949
+	reseed counter = 1
+EntropyInputReseed = a10d03cdd37d8e685840e00e76dc21817371f51ab55070c1
+AdditionalInputReseed = ab51b90cb1d780d6e63436e4a3bbc297297046ba0e9ded9f
+** RESEED:
+	V = eedfd6669b1b4899a7d7089b0bfed4a54fba44eacecf883d0d975f4e9b2f9bf986badec3455f2dff9bc47723b7e8f61f23957c555aaa6f
+	C = ffdbf81f56e730fc3bfcb4758f0be38e87131d7b5e2279e15ce9db07076af4eb85da6ff5880afd2c4a631b08f944f17c30d87c3d16256d
+	reseed counter = 1
+AdditionalInput = e16bcb6a719ff2a564d56b7d3548ae8e2cb668db6d6e3605
+** GENERATE (FIRST CALL):
+	V = eebbce85f2027995e3d3bd109b0ab833d6cd62662cf2021e6a813c11929717d49a4d5dbecd9fd530dcebdf593e280452f169378efa9320
+	C = ffdbf81f56e730fc3bfcb4758f0be38e87131d7b5e2279e15ce9db07076af4eb85da6ff5880afd2c4a631b08f944f17c30d87c3d16256d
+	reseed counter = 2
+AdditionalInput = 9c23a3c496fde05b51cbca630455b0cb1b1e056908a38184
+ReturnedBits = cf4fdbc791228ddde7c72179da8719c06e6a9d10ab17df33eac483d04050afd8b17b6fe72a66d9847822a3d57516fb62f4c008096612141ce33d977bee4f52c2498fe9a05270fd84e9137f10b2e0c5573825ee9c8e5ab5379b73856d863990e40709871cc979524ca2bde97a2b43d80d
+** GENERATE (SECOND CALL):
+	V = ee97c6a548e9aa921fd071862a169bc25de07fe18b147bffc76b182cdc8c28390c61e64881051c43b2663bea57edc4581af75810f0e4d5
+	C = ffdbf81f56e730fc3bfcb4758f0be38e87131d7b5e2279e15ce9db07076af4eb85da6ff5880afd2c4a631b08f944f17c30d87c3d16256d
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = b0ff6e0251724c632d62787d81ff4e9467a58b5a291b0196
+Nonce = a89b311f9e12cc5e61c79c9c
+PersonalizationString = 8e3edc84fb01cb503959111e65aab552016f0817284c6153
+** INSTANTIATE:
+	V = 3126c1f846715acfbe03b95f2c10ff78401a1ba27263267f91384f9575fafc6e5a1b16f1a669a53dedb50e5116a476350702b45bb7a688
+	C = 6cd0e569abaf142f5ffc1bee2c725584f1dc7d1eda2a1b706809873b356430bd42d9d579062347b4c73e36345d12fce57ada3c63e6237f
+	reseed counter = 1
+EntropyInputReseed = 5383c3afe96ff7117612c0251b9793f61510ae77c192d068
+AdditionalInputReseed = cfbbf18cd67a8ef4d156a354f3a1e60a44beae3774747939
+** RESEED:
+	V = 755568a71ae3168f442569f7880f31672458c078cfb3dbf38fdd2d12357eec5cba831b5233afeae076ecbd8bb09ce9bc827401c2eb6203
+	C = 65ec3c6d430bdb4fb7f68b5ccf25c1aaef1681a5f2b8540b5d942662b36d7c1d350bcad759bf374d2b5dea3f87e11f2b8ca8e7770398ac
+	reseed counter = 1
+AdditionalInput = 399d3f1d8441fc2c3cbefea2055704dd26bf909299d877f6
+** GENERATE (FIRST CALL):
+	V = db41a5145deef1defc1bf5545734f312136f421ec26c2ffeed71543a6c772605de91b26d93123e0a6489960d54c3cc9c770bc8f506b0ba
+	C = 65ec3c6d430bdb4fb7f68b5ccf25c1aaef1681a5f2b8540b5d942662b36d7c1d350bcad759bf374d2b5dea3f87e11f2b8ca8e7770398ac
+	reseed counter = 2
+AdditionalInput = 9063eabbfc43fe3744dc2711c48754dc06d7a606e30bea5b
+ReturnedBits = c311e8625a3bb77824dc2fbc7ac1f19d50c008d1c353d1a0f133c64feddd985b85e1865456bc003041810da31101c3220b32dd5966e2f53f9a91c1d18d9ab83dcf89537d286c129986e26248bd50af0931e54933ed563d4b7e594d9407c89f51f0c9933575a99c671737ff682a53bbdc
+** GENERATE (SECOND CALL):
+	V = 412de181a0facd2eb41280b1265ab4bd0285c3c4b524840a4b057bba79849fc888fe53ea2fb33921abbd4a6f82a7406dba1f5580c53d88
+	C = 65ec3c6d430bdb4fb7f68b5ccf25c1aaef1681a5f2b8540b5d942662b36d7c1d350bcad759bf374d2b5dea3f87e11f2b8ca8e7770398ac
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 77c7ba088c60166e73c92de357fab5b78a148aab203b2d46
+Nonce = a3d9253512dbaf7a73dd1432
+PersonalizationString = 70112571d94db2391beb16e592bca565994c245e931efd00
+** INSTANTIATE:
+	V = 91a913025f22b13e12ab27fbd6d5afee32d13e84bc2acff07b1ff5b929feee59277a21fa2432b6083c4f061b69b2c38c2daf565a953f2b
+	C = 441d962d3d60564c1e55083e10d4aad3daf9a1c0c9b80fdb5fd601a48a10d070d1ebb36a745c400a9038728703f239929861ffe1e380a7
+	reseed counter = 1
+EntropyInputReseed = 4f815fcadf6875f569f8297570943df2b9fa8ce1b4c58c60
+AdditionalInputReseed = 5bf9a9dd478706949f85c3441c6e562bee5c3e75d5a95cbe
+** RESEED:
+	V = 660c6c81443693d3012cacfeb7188a74c4440d9d8fdb40c8821731812b67b8ea9ab1185bb83bf4b723c50806594106db2bdac1596862c4
+	C = 3c3b07a509be2dabdbcd6fb1aa7558593b47ec05de976ab2d6d5b143b99324bf033554578b8724edac0584df096019df5606d794e29d78
+	reseed counter = 1
+AdditionalInput = 7a4901d05dafb4fe492fe6411bbc1c29aedeb39da911a112
+** GENERATE (FIRST CALL):
+	V = a24774264df4c17edcfa1cb0618de2cdff8bf9a36e72ab7b58ece42c65e33e67b455491666284c52f43215a5970d2d18ca0f79b1ccb7b3
+	C = 3c3b07a509be2dabdbcd6fb1aa7558593b47ec05de976ab2d6d5b143b99324bf033554578b8724edac0584df096019df5606d794e29d78
+	reseed counter = 2
+AdditionalInput = 911275a0dd6ba306b19ec3bad4b1715db698e15dddb867c5
+ReturnedBits = ad4081f67d2d92b15429e3618ec615767e964d14f00089a133e4fffc7e8386aec7cc2658f0bfd9afe496005997210f1bd24566aa5a064ef43b7366d377332b6b2e953584ad675ef48cedeaf83a11dbc767c2846ab936eb61ba291b1618b7c120587a5c6a9d460405581fad3992394ff2
+** GENERATE (SECOND CALL):
+	V = de827bcb57b2ef2ab8c78c620c033b273ad3e5a94d0a162e2fc2961e213aeeb2b0197b4319d455c4da69dae69935ab062a02edb02b64bc
+	C = 3c3b07a509be2dabdbcd6fb1aa7558593b47ec05de976ab2d6d5b143b99324bf033554578b8724edac0584df096019df5606d794e29d78
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 349c92aeec0a35080c792425bb93ba845a7bbed30bee7bc4
+Nonce = adbe966b9a6305a97d3aab24
+PersonalizationString = 2face675e88bf00354d80ad86d6aa8e636cbdcb5dfa87b05
+** INSTANTIATE:
+	V = 62f10f2953aa71fcf16bb15e620408fb782475b76c995913871f560744c73356656768f5f4e7d064c6a8f895c44046d2a1b297ac125204
+	C = 6375c60a0234c9be123b00a90b3972e77045c1037e7db4e501278545d062ad5e82ca942907ce1313a58d708a05cc1a17455302054cc920
+	reseed counter = 1
+EntropyInputReseed = dbdc97dbd13e7c1b0de6fb44aa1e1f5aa8b5dcceb5f18e27
+AdditionalInputReseed = 3087f6b4b9d6331b2e3df9b41f56882c15e27eea016891ea
+** RESEED:
+	V = 70f493709af7bf9b66b91c70a9f13038e2bc8d288931d3ce40dbf493cac367d1c2c68d03b03a625276ca48eca5f2572254813d406e8387
+	C = 6e1f2e522f6cd6b330bc3b4f998ec5c4cfe606b941fb06c063fccfc69e0a9e864849caf16afb58c9496578e5a0f059f36a4c8a90eca07a
+	reseed counter = 1
+AdditionalInput = 24c6489eed7f1c0cd2d4712bdc5cffaf5b7a04133bd9f98f
+** GENERATE (FIRST CALL):
+	V = df13c1c2ca64964e977557c0437ff5fdb2a293e1cb2cda8ea4d8c4b57e0259b2ce866b83e2fe6a4e6187d1e48ecb6e6c8ad9108424db6a
+	C = 6e1f2e522f6cd6b330bc3b4f998ec5c4cfe606b941fb06c063fccfc69e0a9e864849caf16afb58c9496578e5a0f059f36a4c8a90eca07a
+	reseed counter = 2
+AdditionalInput = dab73c99329aebd6e29bf1e28eba3a3877cd83bbaf0d6bec
+ReturnedBits = 903d8e811e278a88a6fb34c731adf394d3e0c6f815bc574d2ab24b869cce3288ea3788ef625f9ed954c954809e64faf6aef0dce6761742cf7232bae18b812c394f31171d217f1dcfa1e2da63111f326d307e46f745774b91fbef1637dea80d876fcdb46ac413181028fb8cacc2222531
+** GENERATE (SECOND CALL):
+	V = 4d32f014f9d16d01c831930fdd0ebbc282889a9b0d27e14f08d5954460c0ae34b6b42e45bca9f56c7773f9db046be287eaf39711218563
+	C = 6e1f2e522f6cd6b330bc3b4f998ec5c4cfe606b941fb06c063fccfc69e0a9e864849caf16afb58c9496578e5a0f059f36a4c8a90eca07a
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 44636fac8e351ccae387d7bdf949b168d0bd518874aa8f6f
+Nonce = 61a6b35479503ad5a0181875
+PersonalizationString = 51e4f46e312d4e68d09aeb35cad6cda216a5f8747197db23
+** INSTANTIATE:
+	V = 5a1be7ba4648742e24cda5c65511da5cb0a8ee48e694d0471f23166494ca5dd19ede4ced4178a5ef9f787c1125a2ee5fe925a92514c0ff
+	C = f3fd7e03c909aab868531c9b22783b2616bebca486ccee6ddd4b13da0a6145acf9cfef2dc0d55be2a4413a48e2a03cc20fe92f763ddad5
+	reseed counter = 1
+EntropyInputReseed = 8538e05849482ba371afebad9b4270c8f5a726c36a28a8f6
+AdditionalInputReseed = 384d6d0a24b28d33b8a597bc440ca75c6fe24866a7e6f03a
+** RESEED:
+	V = b03d9f021460a9d2c1d21760cb0b7e308510f48008116dfb8769d3fb52ff611630e2f3912265f465699d39ac2d45f998c176e7f9e22174
+	C = 2da22e3d2b21fa1177f3176bdf417d1146654399ae17678c931d53ea4cd59395b1d7f639f94ddd7cbb087f8ef39efe5ca6260da6f2b745
+	reseed counter = 1
+AdditionalInput = 5412bb19a80f2f528f4675aa0b00124464efd7d1abc22b73
+** GENERATE (FIRST CALL):
+	V = dddfcd3f3f82a3e439c52eccaa4cfb41cb763819b628d5881a8728c67702a6c449da440d18ea31fafce8a75fce3099b4a1681a969373cb
+	C = 2da22e3d2b21fa1177f3176bdf417d1146654399ae17678c931d53ea4cd59395b1d7f639f94ddd7cbb087f8ef39efe5ca6260da6f2b745
+	reseed counter = 2
+AdditionalInput = d04f1645121583e6f9a1b1e0a8cc6af24451e970d476fd1b
+ReturnedBits = b4a27a0e6e4537deec4421305de9f133a4dc53e81dae545c0c67a82dc416eae1652f21f2dc56fd89198ab25827a0bff0571429ca44ffc07073fac68a178f1b8f306be547e187900be50883866e906de8095629c68280ab9b3fbbb98de53c3175730a68afe582adb41472d3456914f73f
+** GENERATE (SECOND CALL):
+	V = 0b81fb7c6aa49df5b1b84638898e785311db7bb364403d14ada47d8d547691ea1e738f70f3204278d72e61f765d5b9578c34a7a3339ff3
+	C = 2da22e3d2b21fa1177f3176bdf417d1146654399ae17678c931d53ea4cd59395b1d7f639f94ddd7cbb087f8ef39efe5ca6260da6f2b745
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 81151f9776d8582bf8c3aa34e1f4c457b837ff8abc3e053e
+Nonce = e255f55b6fb4ad10720de03e
+PersonalizationString = 4dd30a4ce06bab02d8ae6f260720694a79bc93325d66db92
+** INSTANTIATE:
+	V = 62342c62ae4795e6c0fcfa25d08cd173d7a3fc2dd31a6485119ccfff68ef3c60715df046cce6dba2a4af66b02261e8e1796249bc158b1f
+	C = 3b72656e9212f554569dd40f31c321cc1ab68d51f819bb5e1f7a5aca7f1adc070053244c33f11bc16cba00d5153f50aa90d7386f05e2b4
+	reseed counter = 1
+EntropyInputReseed = 183acb35005373c812305694f3ed7ca46ab3f97e49753f2b
+AdditionalInputReseed = 6d7d8e4988432fa687cd5f9a9232a23a14f80b1b1738f9e1
+** RESEED:
+	V = ec29a3d8d7d7ddfa713547550e51cc000734acd1bec68e826e973e54b9af16ba1929368bb0551df819b373ef1e0f360b2d36c8d70a85e3
+	C = 06b1d27523ba254b0e0fece5f7c1d28b7f39a0c66bb949d24da3dcfd930b7d7efd918401bee5f679d2949a7ceb707a7f2b5977d46f5ab7
+	reseed counter = 1
+AdditionalInput = 789be40a3156463dbe74b5b87f44ce199a9d31111a9d97e2
+** GENERATE (FIRST CALL):
+	V = f2db764dfb9203457f45343b06139e8b866e4d982a7fd854bc3b1c49201b6bd946a2009ebcaa893ffdc3cee066531694ac11528c5efd85
+	C = 06b1d27523ba254b0e0fece5f7c1d28b7f39a0c66bb949d24da3dcfd930b7d7efd918401bee5f679d2949a7ceb707a7f2b5977d46f5ab7
+	reseed counter = 2
+AdditionalInput = 4dd1497a743e56236efbe8d956e1d18d8eef98e8d4ebb5fe
+ReturnedBits = 4a322a23e19356d7c7dcdb95d472cd4da76927f6ac015227146b9372d23f8256195a32080a353fd1b087f9d55bef68123b687d7102ac6eac55cf1036a9c4249a97dcc7c9249c03b63e94f7d7d91236bd672a752cf5d0643d2f4e42f46bcab3b5aaaef139ed2d87c00592606a3a082d2c
+** GENERATE (SECOND CALL):
+	V = f98d48c31f4c28908d552120fdd5711705a7ee5e9639222709defa6483600916413a9c121825a234c2a19e182a722674a050b55cba7799
+	C = 06b1d27523ba254b0e0fece5f7c1d28b7f39a0c66bb949d24da3dcfd930b7d7efd918401bee5f679d2949a7ceb707a7f2b5977d46f5ab7
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 0d533e5718a9bc593ce5d7b5e851d71b720124e73907920d
+Nonce = a5967d8198138cbd700917c0
+PersonalizationString = ca2f83f4e417c33eb5578245d0da4eed213fac6b614b9d06
+** INSTANTIATE:
+	V = 2c55e903bef41d2bca60133cae5e1cfc42908287c43733e791d2776df5bbfcdbea42e89e2a141ad373a2bc40fc476514b7d7152870f9b0
+	C = 78562c72b6f3c7c0e59f19cec6c44dab5e1e2cac76d600a9393f496b6bb255b58005860bfdc0c58a447410e62339146fae78baf14403d5
+	reseed counter = 1
+EntropyInputReseed = cf6fd97e4251960a1642d991115e3de192e4e16e13462592
+AdditionalInputReseed = 1c49fe7e4313af0999b5e6ada620593ced8b15f5567c7357
+** RESEED:
+	V = 49633b1e5c8d3e96f899144de960e48d9102eb8e98150464102b4be5809ac1ffb4475e1ffaad17c849095fcf901bc1e6f7f47c7374857e
+	C = 939df3ec1ce00dd4ae1d31a550d05bf07390394d2b4d9dbc793c0d75a6dd8a5cdcae0119ef5b656ea9f8ba5c49d6c211105d18701319d1
+	reseed counter = 1
+AdditionalInput = b0d89536aff7910d13dce592accf218352060780caf0224c
+** GENERATE (FIRST CALL):
+	V = dd012f0a796d4c6ba6b645f33a31407e049324dbc362a220896759e2f2265ebeaebbd2607e7ebc6bd5a2667c45693ffbb87ccb8dcfad7d
+	C = 939df3ec1ce00dd4ae1d31a550d05bf07390394d2b4d9dbc793c0d75a6dd8a5cdcae0119ef5b656ea9f8ba5c49d6c211105d18701319d1
+	reseed counter = 2
+AdditionalInput = d84d45220cda4584d575ade1e91a0f81776c864ac923b007
+ReturnedBits = 46dd266518c1f1ea06cce8dbe5d4f8343cccdff87563fb5c33f8698fb23450e44ece62db618d5daa49058ce8fa9c0192490e40a9a2cc592d81bfb4dc811460394288d2472aefdc239ccc4a77b0aab43eab248677992db7b95d2e9697db1bcb31237fbf147c1ce572ee5cd383c27fdbc1
+** GENERATE (SECOND CALL):
+	V = 709f22f6964d5a4054d377988b019c6e78235e28eeb03fdd02a368511c0e79efbcc2232a7941a06677b85844f107b39f0229aa80c47d5b
+	C = 939df3ec1ce00dd4ae1d31a550d05bf07390394d2b4d9dbc793c0d75a6dd8a5cdcae0119ef5b656ea9f8ba5c49d6c211105d18701319d1
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 6999da9cf94c0e873ef8e7a5fd69807f10d7019882103454
+Nonce = 98a217b025f9c0f5cd8028ef
+PersonalizationString = a9f5b47ea02819be41a5a64c3ce24f0168803b2e5b921891
+** INSTANTIATE:
+	V = 5f84536139632b2593945c69517f6e9e9dfbba9c1a8c3299dd1b97248438dd36cc2968670f54f7d691a6554c84843f867f8b2d661cf928
+	C = c0841111d6e840fb551e1e6ce6d71666e4a8c1738f0d3c19c7a8659dea38c2f19b4ba1556f70ad6748d6950a57fed53c5341cb61fb9a8b
+	reseed counter = 1
+EntropyInputReseed = 8a5d97d71aa824d6954aeeb86ca59d7dbf8ef392686a0cb4
+AdditionalInputReseed = b032ebd5f664add9e8ffb40003a2567ac7452e84f07df811
+** RESEED:
+	V = 59519ce04ddd1460c5aeab3b8e7c379fe01081d2f6f486a484e917268da2be8c356d720396170f4b0533b39420f011d65b73397fe218a4
+	C = 76b7618ed9219fd40b0b5c2d2146f7e026267da3bcdd895eed314fd70451670253b69502f2a5fc0d3c1c117847e687384faf380401370d
+	reseed counter = 1
+AdditionalInput = 167f00d534023e8165e5284a2c32f49c0dda217db664a43b
+** GENERATE (FIRST CALL):
+	V = d008fe6f26feb434d0ba0768afc32f800636ff76b3d21003721a6835630cad3eea7f0dc3f97f7c8bc0fb6b77454e0087dc956e38b05bd4
+	C = 76b7618ed9219fd40b0b5c2d2146f7e026267da3bcdd895eed314fd70451670253b69502f2a5fc0d3c1c117847e687384faf380401370d
+	reseed counter = 2
+AdditionalInput = 3cb837b13a48dba786934eebc9eba39ffe50b56cd1ba52ed
+ReturnedBits = 5b3d10ad6bdab91dbd9e5242bc1a93aae13eac6e3d46566e4624855899e1ebceedebffd7d5769ddb193f8cc34d54c391851f0ad8d8ea937303485559793b10b3fea1c82418e4dfe898164f2f68880e8b06a91daa85f51028032125ce44ab0132cb42d9dd44aad73a75d3facf9a63c43e
+** GENERATE (SECOND CALL):
+	V = 46c05ffe00205408dbc56395d10a27602c5d7d1a70af99625f4bb8c75ce86e2c4cc6dfa0c7fa9e1156c61887bf58323ff3cad544ffbbe1
+	C = 76b7618ed9219fd40b0b5c2d2146f7e026267da3bcdd895eed314fd70451670253b69502f2a5fc0d3c1c117847e687384faf380401370d
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 22794fffbf6897d2c6948475b679063f904f8f35d89a25cb
+Nonce = 12eb1b0874c9841383638135
+PersonalizationString = b9e1911f45806b4f84ad6d103851c80c288f7e1e8af3db84
+** INSTANTIATE:
+	V = 75902be66a2aaabd7ce9bc737d5acbd266a7c84915bbfdd30eac0b7f5ea505917de991e5d423b540f5be719ef79eef02fc3e7ca0df8632
+	C = 87892fb79e1272936a253674b98c8d6147a383ca9c3cba24b51a379a01d07d83f0bd69cd9d1c14fec28ed62b1aab77d411225f93d9e69c
+	reseed counter = 1
+EntropyInputReseed = 49412f51a1f47b19ff2eaa0dd68eadfa4b7a75617a0556ae
+AdditionalInputReseed = 3697a2b90bd289b33d9f2ad92b8414d8cb14887c8f5322d3
+** RESEED:
+	V = 67c5b6e655d83598042b9eb758b7c49459e96fe2bebfc0e642c950d7cf63dbd9daf34fbdbd3e9d8cae45609e4534aa62680c4e2ccddf95
+	C = adab3a2a9518f0a6ca08fdc61abcf82679ed57693472ca68d9529982f4039ad4cdca8fef1fd01cbadcf681a074a63839cff4986e3644a0
+	reseed counter = 1
+AdditionalInput = 0f6e6a04fc967e29df56a8438479a8753f586c38589e1299
+** GENERATE (FIRST CALL):
+	V = 1570f110eaf1263ece349c7d7374bcbad3d6c74bf3328b4f1c1bebd84f4b1d66680d0fe8e2f5f9d65d1d1d4dc1e3a82dc7b37471db01e4
+	C = adab3a2a9518f0a6ca08fdc61abcf82679ed57693472ca68d9529982f4039ad4cdca8fef1fd01cbadcf681a074a63839cff4986e3644a0
+	reseed counter = 2
+AdditionalInput = 19982e62a8660bb62e1fabba151201f1709b0a6470ee229e
+ReturnedBits = d78eefd63edbbf1d7dbce75df512b582398add5f310f689d68bc518412990f1d4afb16f0283ace28475c17035e919ade97711fa50569ec1036fd56585518fc5e7bcd5b4b8c54f8a08b6dcd7632ae5649c4af2e778be00a65ee228b1ff907821f323937d8561ffb611d293574740e5560
+** GENERATE (SECOND CALL):
+	V = c31c2b3b800a16e5983d9a438e31b4e14dc41eb527a555b7f56e86ad9b2d753b44c921b06788681855ff78ff4a428884d9fb5fd0aca16c
+	C = adab3a2a9518f0a6ca08fdc61abcf82679ed57693472ca68d9529982f4039ad4cdca8fef1fd01cbadcf681a074a63839cff4986e3644a0
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = f446bcaf0675a55d51a8dfcb97d8e3abf715a598fd6a04f2
+Nonce = 312c8b098a9c081fac608a26
+PersonalizationString = 056e8f1855d8d95b44f35eb3d5dcc02ad56041f75b54cbab
+** INSTANTIATE:
+	V = 1696e5fcc816ea98362d93f73a66862d60b5a569e59931e807471d30380228d91df17ad067b7785876c324099d1012b55e0648b5e5b76a
+	C = 6e9c58dbb1f330ced3df1d48aa923e2a7b0bd1226c205351d495b0751218967f888353a5dfc39bf2e56d67f774771cf615cf966e1d7cf3
+	reseed counter = 1
+EntropyInputReseed = 666cab89088406c31cde3dbe14a70288ecb980c45df593b6
+AdditionalInputReseed = 6ea5f565f1d0a3e9244eb3808a41d9d2d522a70317ae0516
+** RESEED:
+	V = d178763f662f81375e0b037a32b439fe9ab8c7300e6015cc865409c8961daa2ea0880c34609bcba1e68d3f393ef19919fcc3549ace2ef0
+	C = b0a9a21df0604f9cc339137baf19e71841c1ef5e143702c140798881cf1a0b54413fc989c7d13c3739e87cc5abef3056e7e900d3b9eb2e
+	reseed counter = 1
+AdditionalInput = b2113fbf73ce982bc3959d4d1d4c9fb3c53d3987e5465c11
+** GENERATE (FIRST CALL):
+	V = 8222185d568fd0d4214416f5e1ce2116dc7ab68e2297188dc6cd925d975d92e7665a48bf85ac7c0d40e2e5e360118898e65de3dcccd6ee
+	C = b0a9a21df0604f9cc339137baf19e71841c1ef5e143702c140798881cf1a0b54413fc989c7d13c3739e87cc5abef3056e7e900d3b9eb2e
+	reseed counter = 2
+AdditionalInput = 3c021c0b2672710bb0fa075bbd4737cc134c9428319a5b9c
+ReturnedBits = 0e535776543bd623debd2cd1d0684a5c133123844cb6cd9af49229a81a8ca92a7b7560f6d54b0aa963a5b0f5fbb4e24dc9ba714b24071de62f9d952766e040cefcf025db781ad57b53921c9fc3e5ec2da6988dc4b6cab7a2f27e8611661ba73c32f61a1f46ec77a7b76515de234edb25
+** GENERATE (SECOND CALL):
+	V = 32cbba7b46f02070e47d2a7190e8082f1e3ca5ec36ce1b4f07471bc2d6993a0177b9f0d17367c5b8a6253d07271cd088c6ea0ad27ab9f0
+	C = b0a9a21df0604f9cc339137baf19e71841c1ef5e143702c140798881cf1a0b54413fc989c7d13c3739e87cc5abef3056e7e900d3b9eb2e
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 2b70ff655eb2e4541a5ecab13d25551ce658a6d753d13a72
+Nonce = 461b829287f7b065ba3dc0c9
+PersonalizationString = 1e17a7283a82ab408e27dae228c025ac8daf4c3c781be3b8
+** INSTANTIATE:
+	V = 99a12ea8512f379409d1a0b127d537f2301ae9a0d2d0f15f78574bf1ff1b11ec54f7d42315a56fcadaf1df60dac3313ad401c66fcd37bc
+	C = 6f3a7c85efd9ac10deb3c236e7ccf2ee22a4f624e1a0b7846d37522205ba168916aebf9df728a36b2e90adc507347912ff3e8a38666ee5
+	reseed counter = 1
+EntropyInputReseed = 173df680fd61fff7fccacb8b538ff40b252616290cec6e78
+AdditionalInputReseed = c68715e5b2517c324cbeee93837f3633a490cf787ae2e4ea
+** RESEED:
+	V = d46b4b588542730b1077f0b80ab2acf13ead379961fe35da1b5d346eb080258e9d79b220c40f390c97c9913842b9991f1718d4e4d3db61
+	C = 6887352b195fbfd8d40ae887753668fe07ad7a4fa2126a69df51bf49f9f3fa6385c978269e347bfb8dbbfebd609adc21ac37030e22190f
+	reseed counter = 1
+AdditionalInput = a3de9279e1abd88447b1703e913f760f8484900aed46a041
+** GENERATE (FIRST CALL):
+	V = 3cf280839ea232e3e482d93f7fe915ef465ab1e90410a043faaef4ae40eeaf2359f5957463ad7decd96f9b282c6bae701164e7d85247da
+	C = 6887352b195fbfd8d40ae887753668fe07ad7a4fa2126a69df51bf49f9f3fa6385c978269e347bfb8dbbfebd609adc21ac37030e22190f
+	reseed counter = 2
+AdditionalInput = fccfe51e0ca21c2a3e70028c32f1bfaaefca22ca842705c1
+ReturnedBits = b237a08a113ae7341752f2bdea1cbcd40afafc995f7d8f7e8a25c48e41276b21200b640f16284374effee04330b04ee5d7501d3772e056be5a7069f7437fcbb4f4530373b57ed05041b4a354e809b5b6b32a52acaf61d445c716072b3dc9336e969e43cb55a92cdb62f17968b5a8cf89
+** GENERATE (SECOND CALL):
+	V = a579b5aeb801f2bcb88dc1c6f51f7eed4e082c38a6230aadda00b4235a59aae24b4bfff37b8a6975e037753fe37f1411aa2cb3e215aa7d
+	C = 6887352b195fbfd8d40ae887753668fe07ad7a4fa2126a69df51bf49f9f3fa6385c978269e347bfb8dbbfebd609adc21ac37030e22190f
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 6efb27c62118d9a61aa2cf1aef979ac16ad6c42e39b3aac5
+Nonce = 6525d6ff5811103afccc6146
+PersonalizationString = 
+** INSTANTIATE:
+	V = df3e8090f5fc3c38b575187120160614f0875f61040b14249b152146d1c26f6f475c58dad24ebb068c4dec79bde618a9f0cf991eeb7443
+	C = 54d8048bec457d68f6d69f78f9bf36b388e5641ea60b0051e44d3a79d184ee2095cd6eae6fd43330289a8313027f08a844135a7fbb5b33
+	reseed counter = 1
+EntropyInputReseed = 42b59e2a29eb6ab1b417d10e3cc19fb371962a77ac76463c
+AdditionalInputReseed = 
+** RESEED:
+	V = 63a2ab702681c2afc4dc7af7d6a2dbc44892dca3c2a69c90c4599c8b6b9e71b8d14b75c310114a5070ca690f7d4bb80d1dca3878e82613
+	C = 310d774975b02d6ddc3324b66e719df13977e9ef5d4ab78eabfadf17eb0a34cedb6e0edc015a1439c62159b917d65cf7050586c147a0e8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 94b022b99c31f01da10f9fae451479b5820ac6931ff1541f70547c06693e34cd9074458516e4d67a0753470080ee2f9ae1b95044b80308
+	C = 310d774975b02d6ddc3324b66e719df13977e9ef5d4ab78eabfadf17eb0a34cedb6e0edc015a1439c62159b917d65cf7050586c147a0e8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5138c6d2c4bf42e525dcceded889e81868ba6139b0fd506bfa5a6f7f9ab659e15a02e3fffe4950616348e1a78ac432c963ff183a93c32b02e69fc689721a3ef6a53cdb4f9a8553a2051050c5b1fcbe57b5ceb4db14e551686727d4cabfcff137cc7706f635b07333600a422956355364
+** GENERATE (SECOND CALL):
+	V = c5bd9a0311e21d8b7d42c464b38617a6bb82b0827d3c0bae1c4f5b6d35afacb0e18e0858e063da6a4b955f8822215468ef2b173462edea
+	C = 310d774975b02d6ddc3324b66e719df13977e9ef5d4ab78eabfadf17eb0a34cedb6e0edc015a1439c62159b917d65cf7050586c147a0e8
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = d36d1c952214dd0a00d8c6eab6c95a0cb682a56e05d7be08
+Nonce = 2c07f72c63a66c73e9a2a493
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6ac4d42b27e06ccde1258d69486959f438a4569dbf48b0d98a4060116c120e37aa843008e9b315a06e469a869860d9c8be152b0be99384
+	C = 5ed2b9c2dd5c1f1716d2eb04e0b825e0c375834734623847465aae630065f3310ea538efaaa8805963d93aabccdfd6991ca190676bb482
+	reseed counter = 1
+EntropyInputReseed = 7ca6a0f3fda2ffdfcc60a9b95fbb6ee62c336a6ff6c3fc54
+AdditionalInputReseed = 
+** RESEED:
+	V = 372a1c2f1ad2ff7a580c2d9457d7587f4509b2fb4c865eecd46594a25960faf46cedfec11198a0b81298f9bcd620aa98effbbc03d73d3c
+	C = b767fed4624601960a6c729385edeb82fad65a3628ad58604db5c475821a6c02b146530b1e8bd0081127ef530fef6de9015b377d125f9f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ee921b037d1901106278a027ddc544023fe00d317533b74d221b5a0e9d05e61ca4ecd1fe834e4f32c1c80f716157649b7034c97b81671d
+	C = b767fed4624601960a6c729385edeb82fad65a3628ad58604db5c475821a6c02b146530b1e8bd0081127ef530fef6de9015b377d125f9f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 453a7d216a9fca889714161f20efb90f54d377b5abbbc89f0d01d2657449c0f604eec9268916a7bd9c48b626254047a8918991410e86cd62c03a14ca3bc0a2e34b01b2e5cf7ea99e30507ac8997014ab58847661223edeada46ecb2b05bc68320aed32589a38f02e4cdf49371e46f00a
+** GENERATE (SECOND CALL):
+	V = a5fa19d7df5f02a66ce512bb63b32f853ab667679de10fad6fd11ecc4f6ed9e054d052f069e0ba8ddf9125e90e07dad3cea088a66249d4
+	C = b767fed4624601960a6c729385edeb82fad65a3628ad58604db5c475821a6c02b146530b1e8bd0081127ef530fef6de9015b377d125f9f
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = e63bb317e7272bcf0d7f9aeca4230284b59fcc891e442f44
+Nonce = 40363d3fbb8380c40404c78c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6788d96931fce5fd4b42e050fa6164fd36a20642c035744ca7cb23eb068b4a362618b00e3e9faed31fc9b6ae0b6e6905ce2cd06265707a
+	C = cbb2fd00e74725b9467e8915883a871a3a87ad07bcea1e3c2dfafeec8465c813f3a71be2c15a5fb59d86c2cfa44d2c4a69e72bdaf22801
+	reseed counter = 1
+EntropyInputReseed = 6a15a725c8f674724b6a4a867c6199523875d68e3cc699c7
+AdditionalInputReseed = 
+** RESEED:
+	V = ad7dd91be02c87a1f526516d1b9dfafb863889c686192f1a08dc8f388e2f025e826d4627d48535ff4c6d3a5adde7bf8bfa5964da85f0b8
+	C = b1e7f1f1c0f90c50e7ec342b1143aca4029903c9568da3d87e7da4f1f8324a54f83063e755343a9f1d7adee563c4b092b4115b825b1fb4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5f65cb0da12593f2dd1285982ce1a79f88d18d8fdca6d2f2875a3430ea0d10c325824b5d04466acd87a472ceed7d0b709295c179b561ac
+	C = b1e7f1f1c0f90c50e7ec342b1143aca4029903c9568da3d87e7da4f1f8324a54f83063e755343a9f1d7adee563c4b092b4115b825b1fb4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5f582e144d8c2dbee03aed3991cbfb4ffd7fd925edadfe6b1045420b8f2d488f67bd1f42e7fa39a41ce48b9ada9c9270bf22af16b290583bc9587ee3019b7eefba5dfb6233727c13e7761e3702c87e5d77963fe548cd56253f43014c9b1054569e2817e571e104a03d0269df7948c511
+** GENERATE (SECOND CALL):
+	V = 114dbcff621ea043c4feb9c33e2554438b6a9159333476cb05d7d9875586ea29f225f84596321f316503687b2c932bffadd9ec2e610d1b
+	C = b1e7f1f1c0f90c50e7ec342b1143aca4029903c9568da3d87e7da4f1f8324a54f83063e755343a9f1d7adee563c4b092b4115b825b1fb4
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 7c601acbd92f71154baaf55d6809294ffc43c08c9b6a380e
+Nonce = 7d77218c4ace95b1f8478495
+PersonalizationString = 
+** INSTANTIATE:
+	V = e4e006e5b513b215249aa32c769ff63688932de8516742570b41e1c4d21766a9d098c53cf28cd17062d481a15f1f7e84b97e4ac011dd60
+	C = 1682529b5c93f710a8a31f28526c407245f110b7425819e3a192aac75a3282d7896b09025d292001773493d35805768c4ba3f9bf91fea3
+	reseed counter = 1
+EntropyInputReseed = 4b0c4ab2f3164b817dba4d6046684346a50fd5a67507804c
+AdditionalInputReseed = 
+** RESEED:
+	V = 9112f0e533733fb3203ca9ee4603987d0a0d40923b28a9621c6c1c170b6db318ef369a75596c8f297524ccc37bdfc8fe7ff211bbca8042
+	C = 6f468074bd651e3adf5ca61c72ff3e93928974c1e6d7d41db4c9769fb094fbe72aaee1bcaabdd178d0495764498243d70f783290e55dbb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 00597159f0d85dedff99500ab902d7109c96b55422007d7fd13593aa15a59149a760f37e510aeb3eda6daa7e182b836abdde5ecd6e5e51
+	C = 6f468074bd651e3adf5ca61c72ff3e93928974c1e6d7d41db4c9769fb094fbe72aaee1bcaabdd178d0495764498243d70f783290e55dbb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7bb7bd1f304488b31254951af497b285b455a772c60223586905c735c2759886cd8d4eaf3828c741574cc8e9b544cb12c17f407b2a97a86b59145dedb75ff28758c9886c38f45d2d48b25353cebc14ea1b5c42ebe12b41a2a6c34aaf3c83c14876bbbf3a07cdea5c51f05c691134b7a7
+** GENERATE (SECOND CALL):
+	V = 6f9ff1ceae3d7c28def5f6272c0215a42f202a1608d8519d85ff0a8a0b7612d7de96cd6dd78c63395844732eee61b9d71bf0bc594b6a29
+	C = 6f468074bd651e3adf5ca61c72ff3e93928974c1e6d7d41db4c9769fb094fbe72aaee1bcaabdd178d0495764498243d70f783290e55dbb
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 9954c5b61383c22eb87f3a7a353a64ede1bd548a3cac52a5
+Nonce = f59bf452ff844439228ce70f
+PersonalizationString = 
+** INSTANTIATE:
+	V = f890a396449b5887b1a99468fd641455116beab87fc2c4adbaee3564204e0ad00e51627a1cb6dd523e569d1858bcedc1b32e21b15a7544
+	C = 2887f2723f554f6454b6429b78cfbdc5a5f63c3c52ec2f40e6c621b09dbd7e8618ddf75f242f52e88af674f0836d26760ef8b891cc92ac
+	reseed counter = 1
+EntropyInputReseed = 116fc108fbb24fbbfa855f89f32054a309abdb0f05c5ec05
+AdditionalInputReseed = 
+** RESEED:
+	V = 65ffbd7b6dfef2fc5f71fdda7685f5caef83d20968a3eb33365322cd02b5ffca3735c080b0a8fb14a7e4264655c4bb89d93327133947fb
+	C = d3b21f7fe2482da8365145fd8fa953335fb0494f73f463867e5d552db5da5fd1101624a718b8a92ebdbc4982b4fb0cb86b843d2919c3ac
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 39b1dcfb504720a495c343d8062f48fe4f341b58dc984eb9b4b078bd6e1dfc489a12d9244f80f523431a23141da3886c8a0b8b6ce66540
+	C = d3b21f7fe2482da8365145fd8fa953335fb0494f73f463867e5d552db5da5fd1101624a718b8a92ebdbc4982b4fb0cb86b843d2919c3ac
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 86ace04243d3b77ef2c3241a173abba9ae89506b5cf4a9e1f3c8490e2b45f7775b9662609468de52640d72736716baf0590fba238804db78efeaa54fa748fd17a4fa1516a37f8ba1abcc6cd88d9688da17b47fbaf60730e3083175a0f3d6592a2549ff09b5d35f0f5e8b31eb2f8153ce
+** GENERATE (SECOND CALL):
+	V = 0d63fc7b328f4e4ccc1489d595d89c31aee464a8508cb240330dced03728393c472503eccfe2f618110561f16f5f2293ced9e34fa5db06
+	C = d3b21f7fe2482da8365145fd8fa953335fb0494f73f463867e5d552db5da5fd1101624a718b8a92ebdbc4982b4fb0cb86b843d2919c3ac
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 6639df873edbdd346b6de75eb5c14b5ab6d4c4eef257a204
+Nonce = 0a2ca06a348027396f43b82b
+PersonalizationString = 
+** INSTANTIATE:
+	V = d74f583bda8ff0024229a5698ff6416abb250cdc06cb8b1076afc033277387cbafc51457efbc2a76389ce561a32290ce654010fd33a4aa
+	C = 4eb530492aa545bb0c7d87912b5d920dc86c1e0fe991c8fa39e7dc78d0ba8713c041e5923831c8815dbc255cd881c94e2d5e899b8b5b49
+	reseed counter = 1
+EntropyInputReseed = 42641cf8009bb2bca94034c98b4cbfc07e061f9fed774f06
+AdditionalInputReseed = 
+** RESEED:
+	V = 19e6fc863eb1ad5556b33f9230b3b88bd2b89915c1eb9d23af6d5c0647cf96a52ae0f54d6cf390bb6f767d0071e3d89e87d40b3e726772
+	C = 903d9b6573818399a02e6d8d40d79c79283614ea956b6c8882fa16cf71ac69566df81b3cad11dab33168c58b92974a4c6ba433cc8932f9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = aa2497ebb23330eef6e1ad1f718b5504faeeae00575709ac326773aa0ffe87aaf8186b2b61eb086da06b6060036c6dedae527a6f76a6a9
+	C = 903d9b6573818399a02e6d8d40d79c79283614ea956b6c8882fa16cf71ac69566df81b3cad11dab33168c58b92974a4c6ba433cc8932f9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8760bdc7e23978e93b349c190f7bb674319e5fde7c41202f90caa02812b5616c4d996eb248e49dd75560bfe15b506a34172e47867cf1d15d0ea43c091d8d424c219b761e4c951c935960405a8311ed4101d00a1c0a8d786139363b7679cbb8fc7d3796ddb1e27934867063f6a6386def
+** GENERATE (SECOND CALL):
+	V = 3a62335125b4b48897101aacb262f17e2324c2eaecc27634b5618b4739624e6de56297df446fef6a9d44590274e21230509aa48db0d597
+	C = 903d9b6573818399a02e6d8d40d79c79283614ea956b6c8882fa16cf71ac69566df81b3cad11dab33168c58b92974a4c6ba433cc8932f9
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 4990bf54d8996a8e4ddd0455d102fc5862a2ad5b5b857909
+Nonce = b4fd0edd2a0a4ddb7d979aeb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 72d576b0757766d02d579d6a194185a0adfd73794b192aa9568bd31e6d4f220bfdb89e3572947a6dd496268471d7c892145939c2729a1e
+	C = d2c0f6c38f5a98077cc6c5d5d4f499772cfab6c9ee72d328ade7e056675b8b53b9614cbfecf9367f823ec7ab8022d03a4bbf829dfbb0f0
+	reseed counter = 1
+EntropyInputReseed = 97121e5730810f626ac129462d16853944107508cc460034
+AdditionalInputReseed = 
+** RESEED:
+	V = 556a7af5d85f7cfa840a4e3abee79f26e7de134273f82800fdc053a4610de6df4d4982e909da33659963eab3ac0777d24ece2da308b0a2
+	C = e2fc6329d1e1f61e133085e19505a3ca0a536237f787eb20fa813555e062e166869161c4634b21b9c91e1c88e6832dc2116a81027f1a47
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3866de1faa417318973ad41c53ed42f0f231757a6b801321f841894aa1cee8cdfc1170e60212733d1629d5d2cd19cd8c42933093ee2929
+	C = e2fc6329d1e1f61e133085e19505a3ca0a536237f787eb20fa813555e062e166869161c4634b21b9c91e1c88e6832dc2116a81027f1a47
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 135387fab2f30b0574ce1ca6e1be143a0faa1896fe72f957791c676f5c7e50d92cbdaa67ae26c63e918e99fbdfd1d1435cfee5fd361be3d3179f928dcd4bccc12a1f80be9ef7ee1a366bde19034185d967e6de7d898af8f5125ecb71e2a40d698baeea73f6f0c271f91addac9cacfb4d
+** GENERATE (SECOND CALL):
+	V = 1b6341497c236936aa6b59fde8f2e6bafc84d7b26307fe42f2c2bedefc0fb2f6129ff2fd277048af6120feed69c762f448884c6d2eeac0
+	C = e2fc6329d1e1f61e133085e19505a3ca0a536237f787eb20fa813555e062e166869161c4634b21b9c91e1c88e6832dc2116a81027f1a47
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = d08df45082cb8ada43854a029406b252f9f16f1f7be20399
+Nonce = a4c05b7b558b0b1ae576a3b9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9c745cc5e375a88cddd29d6ac4f6579236fe39e04c6c8cf32c49cd96ba22e9c6b868da05c7280df6c97524d8b1eea6f1da658477bc2a4d
+	C = 6e922c618fc45b9fa07571fcc55de7b4d1fa23ac0f770cbec4f058a9871319a17d00d6cfb319a02167281dac0a15f9031d570cd035e288
+	reseed counter = 1
+EntropyInputReseed = 499e23a843038a96f7452f5d05a20c438305da94e498c974
+AdditionalInputReseed = 
+** RESEED:
+	V = c230696cced4ece482060ddf621eb4d30cd41eb3a75ee2532406b746b6322d59498e607d95ea3db66207979a0c68c54a5be8b5b1c74df5
+	C = f430b13bdd89a45ec303923a9466ea09b5d51f8b04e322b920bff17b748975fc228ae34915d3eb52e6ab8ea17caf9ba797f7e1049a0ec2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b6611aa8ac5e91434509a019f6859edcc2a93e3eac42050c44c6a90e0fbb3107e3b4ee8486c191753f64b2709f837b8c305b87d821535e
+	C = f430b13bdd89a45ec303923a9466ea09b5d51f8b04e322b920bff17b748975fc228ae34915d3eb52e6ab8ea17caf9ba797f7e1049a0ec2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0214ad1232aab6e61dc4e9ff5c0b51480fac7d3ede95f24dc223fcd435b8ab73a2610dbf5acbcecfabae04d6bb28fff96cfd8e44e76594d2a82ba9a2a5fbca086d162e43808ee5839467c20b3b05916beb1c9115717c88b78897833dc8e9a949a0251a0c12041756169a772d887b89b3
+** GENERATE (SECOND CALL):
+	V = aa91cbe489e835a2080d32548aec88e6787e5dc9b12527c565869af7658f84f775c3615f930f768d36d891becc49236fca73186ba77554
+	C = f430b13bdd89a45ec303923a9466ea09b5d51f8b04e322b920bff17b748975fc228ae34915d3eb52e6ab8ea17caf9ba797f7e1049a0ec2
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = e86c1d83d1626a103ae06baa6130d06e677de3260b0eb555
+Nonce = 10a3d3a6df8aae3ec1daacaf
+PersonalizationString = 
+** INSTANTIATE:
+	V = 644ab36eedadc3428cd7c8eb92c98021d5965e1e58eff8adc31ff18fe0f2b579753823e190b70adccc500f1bd32e0f5f14dce8dca036b4
+	C = 991e62c8925d83b3d029874ec64822dbaf4532645eac06efaf0f1d38ac6c5f962450f42d41c1083fd4f52ebd8c9f8195c7c5ef47e60d73
+	reseed counter = 1
+EntropyInputReseed = a1049715dd2d42e2136046b8e4986269d084a72582bb0330
+AdditionalInputReseed = 
+** RESEED:
+	V = 9c0171afd1ff5ad3dc6a6242531f03ecaac9612a5f30fe04efa06195cf48a6710dbd25e8e56020a303b14fbdd2f3060d39123001c3e662
+	C = 83a2d11fc2be61c09beb0fdcba053a8754509bd7a59fa41cc94cc21cbc46aa52ce3236a298b1dd25f64f39a23e41fec1afbd4bac27a3af
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1fa442cf94bdbc947855721f0d243e73ff19fd0204d0a221b8ed2495fa0a5ddab898b9a2adbb646c7f6288b146652804f73d6e7eb3456b
+	C = 83a2d11fc2be61c09beb0fdcba053a8754509bd7a59fa41cc94cc21cbc46aa52ce3236a298b1dd25f64f39a23e41fec1afbd4bac27a3af
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1341548082638f86fddb340fa240085c64a5a24a557b44021d60e1e1c3e15f56f7b67f90f90c72a1c629354ca4afb638a190dfe824f0e860f265f91fb48db4faed19ed095a903c3ee63cbb8e909f610ebcf74e66201b90ab46ab1c4ef72dcaa53e5d33b6830653ccec0ccf3af70af5be
+** GENERATE (SECOND CALL):
+	V = a34713ef577c1e55144081fbc72978fb536a98d9aa70463e8239e707e993b5e9b6e24030199e26732528e1947cd625ebcb9275e6fe44d2
+	C = 83a2d11fc2be61c09beb0fdcba053a8754509bd7a59fa41cc94cc21cbc46aa52ce3236a298b1dd25f64f39a23e41fec1afbd4bac27a3af
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = f811b91c22869d3dbf6e7c58e41a3e5800b43013bd42611e
+Nonce = c0866954f6976c302f8d08a7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3d9a32d859dc74ac88da73e276a609e61ac06ca07d6487b2d2e4258fed9e7663f755c55799a1e3d558ab297939a6b34dc82779feb6ccb5
+	C = 1183bf4844861fb9c24f4052af1adbfdaa6e36b04f2daa5baf0eb0a909b3d7cbb05e813f32abd0670beecb86e136acfc5a44767f63d73b
+	reseed counter = 1
+EntropyInputReseed = 9a66ede6604657799ed89c24a486df17aa97bb9e5601ba9b
+AdditionalInputReseed = 
+** RESEED:
+	V = f05f02cb343f53f00935dbfe1e52b0429848b664628454cf745d3390ed5939df19637454c10938a429cfbe21a67b0a08fa01ad601ff4db
+	C = 32c0c16471f058b5c2d435c1cf3bd6319f8b93c8860c601530ef46959c8812b7812eaae7f9792282a67e5a8dc62e1e3d5ce3b96c3c050a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 231fc42fa62faca5cc0a11bfed8e867437d44a2ce890b4e4a54c7b1eaacac6c6cc6fa5699bfa2b534c905ecf358017c9e9dfb446f2a548
+	C = 32c0c16471f058b5c2d435c1cf3bd6319f8b93c8860c601530ef46959c8812b7812eaae7f9792282a67e5a8dc62e1e3d5ce3b96c3c050a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bfa403cf2c268144dc964c77ee3babc20fa5e37b0151bf757628478bda985379e3079fb6f6cca654ef83b83831553d21644118b0b8a269b999b342e41ffba7c3659134b954f776b7dcbe1317fa37e0ea39ac50e4a9ee101b02547861dc86e39161b6cd1245109bda0696cdba083dcc4f
+** GENERATE (SECOND CALL):
+	V = 55e085941820055b8ede4781bcca5ca5d75fddf56e9d14f9d63bc27c3cfb6f353c421bed10fddea6693095139cdf33109786efc307a3e9
+	C = 32c0c16471f058b5c2d435c1cf3bd6319f8b93c8860c601530ef46959c8812b7812eaae7f9792282a67e5a8dc62e1e3d5ce3b96c3c050a
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b259c3f8cb09993680c2b9e187075dce07012daeb9e70f0f
+Nonce = bd59bf46777713a43e5dffbb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 16b90e1a79cfbdcef9f2cf0ecc046c537c5dcec3bc542e8b566ab76d14b7a443294f29c3e00b7ee9074eda07e2ff023698bd03576dd22c
+	C = ab6315ccf2c1e4e410ece1206a7b6530044edadd6eba753f068d647e786130cc25fd7243618194a244fcdb060688d972af13cacaba9fba
+	reseed counter = 1
+EntropyInputReseed = 6ccc876c3ad54d813657c5a402ddfab07599e42da3f19ed8
+AdditionalInputReseed = 
+** RESEED:
+	V = 35d54e650cda000a48a2e8e854711586f0174cce9c7f7d87ebf6236f4a080fce3f2a1af29466d209184d6f93605e925fd386f059dca2e7
+	C = 0d917d595b1dc6d0f9e21f4b13a4ab6886aefb84aa563e2dd6df457fce9b2520547877324d54b7eba3f8ac609442f4929a999cc4e91dc1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4366cbbe67f7c6db428508336815c0ef76c6485346d5bbb5c2d569cd31dc168f71fa349189ce54ad8f343b126e7c380a58a85839855e37
+	C = 0d917d595b1dc6d0f9e21f4b13a4ab6886aefb84aa563e2dd6df457fce9b2520547877324d54b7eba3f8ac609442f4929a999cc4e91dc1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 82dc2b590fb3c4c1c6840ed25300e6a7c7a73e056dbeffba1ac3de9376ece6b09714f16ae80463f8bfbc8655968cafedac219e47857daee084a0529e9c2aaa3a1730dd560ecb4e0098ba85bbbb3d89778fb952a5ef4c095b87945fe6340bddc8418ee0c591237e41d050ec2e4ddeda64
+** GENERATE (SECOND CALL):
+	V = 50f84917c3158dac3c67277e7bba6c57fd7543d7f12bf9e399b4afb15d0f0ffea77913bb2e8c4926de3c858294e1ecb65835649ec07ae2
+	C = 0d917d595b1dc6d0f9e21f4b13a4ab6886aefb84aa563e2dd6df457fce9b2520547877324d54b7eba3f8ac609442f4929a999cc4e91dc1
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 77337e880b950916299d2c6094a29c49e72607ec3e341f70
+Nonce = 906d79c408e13a5f9f64c11a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 50c25cc20fb4de4e149b5237a8fd7973c42c460707471ec6ae288dba819f41bc71de37fe589c0317619dd28a694f3fa2e4f20f10d48625
+	C = 6d02f58e2182b48957ef9ebb7d5082c41a128295df1b2ff87501f9b65cb6a08d0b4cb735ff4bf4b1f4239836266a215ebbc49d216390c3
+	reseed counter = 1
+EntropyInputReseed = fe2d22a464569a3b91fba6ed429d923e8c2055b26ac74724
+AdditionalInputReseed = 
+** RESEED:
+	V = c3ab6932f96d4797ded48008ee7878d1786a4ba7f7918767605822f879fe23387f779e63fdc00313c44dc8cac1488a26a69034f35a53a0
+	C = c8470e8c02d55c03303d54f552fe8bcd862ceb9986259e1adbfed72e2efcec621ad154a668c6b0dbcbf5927f4d364920aa7e837149eea4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8bf277befc42a39b0f11d4fe4177049efe9737417db725823c56faf6c82b6bc4f81b63e5780dd52f7a5050b8a027fed8d41df64503f97b
+	C = c8470e8c02d55c03303d54f552fe8bcd862ceb9986259e1adbfed72e2efcec621ad154a668c6b0dbcbf5927f4d364920aa7e837149eea4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0b5cf8df4e8affe9167f250c67f3b52d636425e8a027a7ba28e14ac7cc7018387f06d4d0776e580224695c93805abaeda39495b93dae142571e33e72cb8a264ad407fcbfeb49a252a5445d8cc68f67d2a3338ba93e9d86054f9ec22e6e9a6991e7b09083ed4e1c0549d9d592b0c41a51
+** GENERATE (SECOND CALL):
+	V = 5439864aff17ff9e3f4f29f39475906c84c422db03dcc39d1855d2744463d5eee4dc0bb58b4626227d02efadcf9307acbf6397dd057675
+	C = c8470e8c02d55c03303d54f552fe8bcd862ceb9986259e1adbfed72e2efcec621ad154a668c6b0dbcbf5927f4d364920aa7e837149eea4
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 0b4942d229a406cb476f7b4432b700159c3a036fed819a9d
+Nonce = 4eabf5b41349ded88f23a038
+PersonalizationString = 
+** INSTANTIATE:
+	V = 258841b0faca949af475d8ca90f2ea12656810e59fb3a104e7131834045b0512e1bcdb640e60f40953b1bf5c876f0f59d890749e7391e3
+	C = 10558378675459a87bf86a2f411b4aac4b489067869f50804e6ef10fb95fd9ea58254139ad2161bba1cd39847c8e31ca8f2187907be761
+	reseed counter = 1
+EntropyInputReseed = 433dee7418a46acb851d69b63bbe4fdebd4ad59f80369d35
+AdditionalInputReseed = 
+** RESEED:
+	V = a427be570794c930fbccef38f2c5bc095b291473240a198368d0790d9f5f8d3b18a28b9557a81916be3d2da0e04b98cb07b6a7c10983d0
+	C = 7e7f348dd91133a01f529d83e295ec7a32485f19c9fdd1d5589a7b109d378754afc7f6726dd67c45920c4ae1abf381ccde28337f32680f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 22a6f2e4e0a5fcd11b1f8cbcd55ba8838d71738cee07eb58c16af42ebf02b2dca80f1088c05278bcb5977c9fbbe4ee71f24478eec6158d
+	C = 7e7f348dd91133a01f529d83e295ec7a32485f19c9fdd1d5589a7b109d378754afc7f6726dd67c45920c4ae1abf381ccde28337f32680f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6a379db3dc670e8f80a142c72803274e0e72e3966752185dccc0ef6994ba07a0e97239690685148c35706148b271ebebca736d778d2a6cfce61f0e426a3df3fefd29cdb3a76f531aca6ab0d05e7797456ca2e5bd34f8320ec72ae233db42fdacdd5b7c1e411bf17c4f385563827fc54f
+** GENERATE (SECOND CALL):
+	V = a1262772b9b730713a722a40b7f194fdbfb9d2a6b805bd2e1a056f8c98d23643290d6ec2c576992118027966485aba2e3725f7903b422e
+	C = 7e7f348dd91133a01f529d83e295ec7a32485f19c9fdd1d5589a7b109d378754afc7f6726dd67c45920c4ae1abf381ccde28337f32680f
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 00c41c5e773c296ddcda6e09e8d5b030c4f5d41f0484a75b
+Nonce = 667a4e33097cf12e788d19a4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 090b72725c027d7b5a582312c4860c9fd15963a1a3808363b430dad698284d7a82044b3816a91c5738e41f02706e83afa35fba0bf8a3e5
+	C = 91fbe495c4e9fe742af9958af02f68e4a13f5e179f4a1354d970dd9e8bd5ef23090afec7079650346b8a5e59cdecd93aa37558395bb966
+	reseed counter = 1
+EntropyInputReseed = 57842a42d50110cf29006f662d1b5908defcedf87f323228
+AdditionalInputReseed = 
+** RESEED:
+	V = 52c25af8e8c4a654e52b7ee0179577c8272e566660ba1ee50947a4869de062b194c2caf5d9cc0785504d3468fc422164e2b5df3ef869b3
+	C = 3ea97eefd3bfcbbe92b3351d4887bcb90bdb0f2ffacb226b8a1cb4c2e2bfb049f57d4f94c9b9415b709a81107ad2319c7fbf139f7d7ffd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 916bd9e8bc84721377deb3fd601d3481330965965b85415093645949a8d9ba5a0b2d909187f276d0bb0123ecfb50277a165293059c7944
+	C = 3ea97eefd3bfcbbe92b3351d4887bcb90bdb0f2ffacb226b8a1cb4c2e2bfb049f57d4f94c9b9415b709a81107ad2319c7fbf139f7d7ffd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c1044f99fcabcc664c363ab56445859bc1cba0b06e5c2fc4d51c6f5ceb72a48a60826fefb6c6f6c18bec703670d2345bde9615452ff3031922ff2681084f769b33105810cf727b31046665f3d81e2465742968e85b376f49227b4b4e28a9b3617ef4214900ec38097195111564080d23
+** GENERATE (SECOND CALL):
+	V = d01558d890443dd20a91e91aa8a4f13a3ee474c6565063bc1d810e8c4a6d2acf53ba34ec732f93a650a014d8347c310fdd2386bec544aa
+	C = 3ea97eefd3bfcbbe92b3351d4887bcb90bdb0f2ffacb226b8a1cb4c2e2bfb049f57d4f94c9b9415b709a81107ad2319c7fbf139f7d7ffd
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7b8b312828db717eec2252c565a27b42a6ca6f27a7ff72ac
+Nonce = 990f1633f80800f40bb93e58
+PersonalizationString = 
+** INSTANTIATE:
+	V = 20fa7b6446a2477d7d96d0b5409e8fc77edf8929d3ec7fc32f46a631703b013f3f7e7ea85ad4ec9c51209c92bf0d2479ef635b47420144
+	C = c76ca4b3333d2bff5d65609a1d3fce2f6fa8f70b700f38a1139fd648c94a2c170fe9c75a229f97d1d053234bc85666700f71713da92303
+	reseed counter = 1
+EntropyInputReseed = 6c6e07608daf9476312e5e71eda322c2799b337788fa5dba
+AdditionalInputReseed = 
+** RESEED:
+	V = 3a438287896fdfb201758d1bb9244a607f19819c39963585ce700841afded56224ed6d47b278ff84fca62f1d18080d17f0abf95162348e
+	C = 679a2acd5e39739b27efdab6d1a4db23f5d4e36fd3f3934328db4a4b17fc85523122a4d5d949898f27884e678fa0ae5cf268052ac5be21
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a1ddad54e7a9534d296567d28ac9258474ee650c0d89c8c8f74b5321e14a38c48232165edd42b63c8406dce357606ac099e8a977538c67
+	C = 679a2acd5e39739b27efdab6d1a4db23f5d4e36fd3f3934328db4a4b17fc85523122a4d5d949898f27884e678fa0ae5cf268052ac5be21
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c3e0db0c8c232f148f2720f39cdd3c1661150a4799d1288a0898f558714e86dd663aec880b4059c61ca3012d2b9ea6b2aa28edf48473a5ff8ae2740d25c922af3ddf4ab9c1d5a484e9bf4ef4590d7b87ef08d5683e973974e6111afa1e713f0f0a95e4e9eb16765a27681e874d5aa504
+** GENERATE (SECOND CALL):
+	V = 0977d82245e2c6e8515542895c6e00a86ac3487be17d5c0c20269de98d1d362c4d86a22b9607fb141c5349e91019595bf570f3c2205805
+	C = 679a2acd5e39739b27efdab6d1a4db23f5d4e36fd3f3934328db4a4b17fc85523122a4d5d949898f27884e678fa0ae5cf268052ac5be21
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 238559325f393e8309c0083a5a68c395a2944af88abfe788
+Nonce = d9b3a68b5e56dd6202b241c8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 450b0675ca45555ba1fcbcb2b63c085afc11a9a3216cf3fa5f74558f1349772d7531faedccfd4ae37f121731e3a6f42374a89e91270b36
+	C = e8571f67021510fae5a2041381f669e693aead390579818445ee1321a8a55de1b3aebb71277d38e3b5774c77aba608cf15e30a43e0234b
+	reseed counter = 1
+EntropyInputReseed = de7f19b6aadee249fd592d07e0f07c6c31eeef5030375991
+AdditionalInputReseed = 1fe991d409e87914807dc399cdf744abe38015f5aa1af442
+** RESEED:
+	V = d17d43ccc3cc763dd9bfb40fb84754f7b01954401b3f20f312dae9c5b6d32e57277a49869e25658032dd77d8c24795403b86674234dcd6
+	C = 16393b1da29f01d40146da5177fe0646cc7610d4d8dd74e2737aa039b502c080f856b72414d6fe46bebdf5dcbf724f750e57eeb9b50653
+	reseed counter = 1
+AdditionalInput = 628a78950c36ad58e9c5195a116a9845bfe10df14d3fd260
+** GENERATE (FIRST CALL):
+	V = e7b67eea666b7811db068e6130455b3e7c8f6514f41c95d586558a8fc483a813ff41f9a268fa2ca0fc4887d4016bbb7479e9a72b84b439
+	C = 16393b1da29f01d40146da5177fe0646cc7610d4d8dd74e2737aa039b502c080f856b72414d6fe46bebdf5dcbf724f750e57eeb9b50653
+	reseed counter = 2
+AdditionalInput = bddf48e5fe5e64f304addf93a1fba2117344654d8501bb4f
+ReturnedBits = db86c8344f7b2ef65a5667f8e2f6d136eff0a21f22f240ee5c33a26ec1d62bda3e7a21f7c19a3bd18ea7dcc21d25b9b3ffc51a63e920fdd9520fb564473f2fc6b301af4fabaea913984912bc05816129f47932c90abea85670735fe602eda24feed0af51fc4fd93248c2e32d836c41c5
+** GENERATE (SECOND CALL):
+	V = fdefba08090a79e5dc4d68b2a8436185490575e9ccfa0ab7f9d02c2d90b382ebd9bad46f00384ae84e776fba93e24efb5aeaaa6b0b8b2f
+	C = 16393b1da29f01d40146da5177fe0646cc7610d4d8dd74e2737aa039b502c080f856b72414d6fe46bebdf5dcbf724f750e57eeb9b50653
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = da777f06a3c2da6b763786cf2fd83f6e708197680f4d86c0
+Nonce = 5f8913509584d3c662f46115
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8792a7debfcdaae2c3e58fbc62fdc70b275703bd4ff7248b6cc1ddf458d1bd970cad3350c11d71154d0bba52e8002082529fecd1c65f15
+	C = cda275f37c593454ae52bb9a66a41938769d0342b10c0668c50685f5703ac94c679eadbbf1f5a1a72a684790f32591c2b35272c23a2814
+	reseed counter = 1
+EntropyInputReseed = 13afaf26308b5fa76b76e3a0f4e9fa10659abcbb9c610d1d
+AdditionalInputReseed = c6790f20e47812db27ac978154a29bbce18c3cfa3bbe59e4
+** RESEED:
+	V = d07e57cf35fbecf1e8f57e2aad89696de27dc345d2d575d7eb2f9c75a1e8703bab66def6d40f980dc258d856bb3708669f15c2fe639a83
+	C = 3683d89dcec6dd9aa61189924d0268ab7229b9638adfade02ff5b49bf82a98400d565e03489adf5b6ee3d1237f39243029676f8af66543
+	reseed counter = 1
+AdditionalInput = 80f58dfe818efd5d0023a1379c9e9754528109a452f7c730
+** GENERATE (FIRST CALL):
+	V = 0702306d04c2ca8c8f0707bcfa8bd21954a77ca95db523b81b25527526441fe2a5174df769ee5ebe038824661b859e50803bda3119c512
+	C = 3683d89dcec6dd9aa61189924d0268ab7229b9638adfade02ff5b49bf82a98400d565e03489adf5b6ee3d1237f39243029676f8af66543
+	reseed counter = 2
+AdditionalInput = 102817d5613a7c7568ba8c37fd10a009d3a0bccb73faddef
+ReturnedBits = 4781b241db29c34cfcb1d8faad51d9f0f6cff4e7cf9be10609805e3cca059d70e05abe028466324837bc41c6c47b3ecad46d39479bbda8781804d33cc634093f343e523fbdad75fe960ca5eced2f1cda0bbe984dc008b84f178e21b0a0f88c223e9c4b288373b89271d02cdd77694b65
+** GENERATE (SECOND CALL):
+	V = 3d86090ad389a8273518914f478e3ac4c6d1360ce894d1984b1b0769c60b5b9b198e0a41a5e81c8d2951afdbdcebbbb63da7759e71edf6
+	C = 3683d89dcec6dd9aa61189924d0268ab7229b9638adfade02ff5b49bf82a98400d565e03489adf5b6ee3d1237f39243029676f8af66543
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = b7464cf28a7c98665184b98b55a42f551ca128b6c6bfaf3b
+Nonce = 0c752e89573a5f4011886312
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6dae92cbf7a41e994bf9506fb70bf52a6b4d917cb6d34fda03a39bb89e9fd41354de9176260da03363e8e314b9b35c653ade6eff59cf22
+	C = ed497359e2a5a496313f4936db9936047fe3e2950755c28f48f12d409e9fc37afd01b087ae2613785c210e71da8f0fa4d581bc25d1df19
+	reseed counter = 1
+EntropyInputReseed = 5fece24a5ca17790dd13bc2ce29e5f3d110711c5348a6b7b
+AdditionalInputReseed = ae1a01e146f59f846cf212d643805878deecb89169429508
+** RESEED:
+	V = 1f6978b51f1107875c44d8ed4d826c7e649050fa078e1caf0af4813e6c5c7b752d4afb0935bf8b065e60f8685d1fba30119e7ecc56f417
+	C = 8fdf9ec4dcef9730bd1674ca91d8ed437dc4c868fe8be44ce14f8f1b30ca9470cc1e4d8cf1ac1dc1495c29e7b36457adf9e7f2f8738f4c
+	reseed counter = 1
+AdditionalInput = aedbb54a97641716cb0b3373f9ecff1fa4269dc73de30847
+** GENERATE (FIRST CALL):
+	V = af491779fc009eb8195b4db7df5b59c1e2551963061a00fbec4410cc85454ab8a8e83c0a3e54245b74f650f4aa13a4051f2ae459912a88
+	C = 8fdf9ec4dcef9730bd1674ca91d8ed437dc4c868fe8be44ce14f8f1b30ca9470cc1e4d8cf1ac1dc1495c29e7b36457adf9e7f2f8738f4c
+	reseed counter = 2
+AdditionalInput = 5ad35a1087682c80b31993ff8a4e035b29412bb5ce331a4e
+ReturnedBits = 497d5e5c4054844d89357d86db3172849cff88cecd97e8b92dfac0545faa34883c9681f12a68aff0d5841731ba615a1dd316bb3c304c975ab23996a93a8c092adf4f43fb69da8a81dc44179e73680df089f650026f2a86de9aff7dd284e341281cf9c6adf39df9a3a964107585550d45
+** GENERATE (SECOND CALL):
+	V = 3f28b63ed8f035e8d671c282713447056019e1cc04a5e548cd93a1267da84d3529e8326daf20a0b6c4b8619751e38d393f8b6bc293a713
+	C = 8fdf9ec4dcef9730bd1674ca91d8ed437dc4c868fe8be44ce14f8f1b30ca9470cc1e4d8cf1ac1dc1495c29e7b36457adf9e7f2f8738f4c
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 853fe514dcf00746c8e3eb161598077ca2e4c22dbba76e44
+Nonce = 83362be057190dabf0c3f536
+PersonalizationString = 
+** INSTANTIATE:
+	V = dd6a1573cf25d16dd0fe1c2e3eabd745aec27df901267618b255d6ea53fdcccde5a1b6068b6389c1b2e86308d2827f8424e4e7bba30589
+	C = 0a72fd10bdb19f1344aa73313af877406dbf1f54570f4c8b979a04da899de9f44ba4bc71bb86177835da8ab2f62d06620b81e5eb2b9adc
+	reseed counter = 1
+EntropyInputReseed = 79e805b808caed536d7e1ade22d1f95fa611a1f82ae54236
+AdditionalInputReseed = b9930701e00f62b5217621cb038039ef5969f05692a03f8a
+** RESEED:
+	V = 7a98946fc37d88aad496c4005534a74ef690e7bdd086f58f3a549d48e8a6c471c25be593c267f9b8d3f63b34944dc9deb5939e38908d04
+	C = d353ba49added86c5584ccd254a4c861222aede6aa12e2b15bdcc7da1422853534f6afc3331887a253d09ec7d4d03042783c4e1281105c
+	reseed counter = 1
+AdditionalInput = 4e235d1cee79b92868298b2558b44638fe6f05782d265cd6
+** GENERATE (FIRST CALL):
+	V = 4dec4eb9715c61172a1b90d2a9d96fb018bbd5a47a99d84096316616e0bc8aea0058f5088d77820dcd117223f0b01b149cc51e72e80061
+	C = d353ba49added86c5584ccd254a4c861222aede6aa12e2b15bdcc7da1422853534f6afc3331887a253d09ec7d4d03042783c4e1281105c
+	reseed counter = 2
+AdditionalInput = 9da9b3546017fbfec6e0288d993ac48cef219e27606caff6
+ReturnedBits = 14fbe7e4249380cb315397227782a1f775e7e58e8f563293af89aeff9fdeec9a5a04cbb93105837b02ea1c11df8ae627b833a71cbf8a880decd9414b526e60ede099b465c158fe7daf736d37cc05cefcd12be858a996fd277c4b5af49c44e48253e3e1df61a62159945f1ed64c4a3cd1
+** GENERATE (SECOND CALL):
+	V = 214009031f3b39837fa05da4fe7e38113ae6c38b24acbaf1f20e2f343343ee7b24198e0c29a1beb84e3bb961202fa69473652b606fcf50
+	C = d353ba49added86c5584ccd254a4c861222aede6aa12e2b15bdcc7da1422853534f6afc3331887a253d09ec7d4d03042783c4e1281105c
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 33094b2d1ab430ddc45c8ab03e84dea990b5bc8dfe16d9e3
+Nonce = 26475023c7ee76c3a4f07d81
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0eeb32339941c63df1d8fd2d797310769114b9b2b0a01a8209cb11a6b0d2324306e690b75b35c087ad6681caf073a412edf62f45cb6a06
+	C = e00ba50467f2a909f763bcdcba358575e6dbf6768969ee4ed556af0abe1ba54b69a8e0c9d0b002629bd2335813dccfffc46465fb6517a0
+	reseed counter = 1
+EntropyInputReseed = 898befaffcfae3ab8e8fad6f95b4b4b59f1e4a34a377bd48
+AdditionalInputReseed = adcb2188d5eceabe4a5dd6583caffe00ff22524ad01b4a7d
+** RESEED:
+	V = 4629c66e88b7dc0d2ce75f238b2c42a837ad12f08d43fa796de94472576f0f53c041ca26fb503be00254ab5e35b11aeadf7b9c39778e32
+	C = 35f830ae899064ebbce7a7fb073149fe6fe981fea0711b7f777714f31b9d048b44a96decc9c8ca76ece862df0a9e16edef8be0321c11d7
+	reseed counter = 1
+AdditionalInput = bddae49c52ada0e462a48ce24b7a96e17f6f75006e470e3c
+** GENERATE (FIRST CALL):
+	V = 7c21f71d124840f8e9cf071e925d8ca6a79694ef2db515f8e5605a753191cc897481376cb2a47d1beb06c9b3ac6843391c25ecf507a150
+	C = 35f830ae899064ebbce7a7fb073149fe6fe981fea0711b7f777714f31b9d048b44a96decc9c8ca76ece862df0a9e16edef8be0321c11d7
+	reseed counter = 2
+AdditionalInput = 1a5df68a9bd047e82ffbef8c1a00b6d77dfc3ed93051c3e9
+ReturnedBits = ba13f1e9a92666004f1b6747cf6ca93ffac82e8b6be14e981014bd39bafe96ef4f02ef98d2fc9ce5147fe5d625a8c78028c4da00130f434ca654ba204029b4af0b5022d2089911f3de7bcc8f45acbc5c8cbab46bce221daa4cd605f7c097b6b5dc4c87f94703b6f6d12ecb8a9d4aa6ee
+** GENERATE (SECOND CALL):
+	V = b21a27cb9bd8a5e4a6b6af19998ed6a5178016edce2631785cd7700cdbe5c03abd66fbd591d17d4b21ebf79e56ab765fdfa9c27e2a2366
+	C = 35f830ae899064ebbce7a7fb073149fe6fe981fea0711b7f777714f31b9d048b44a96decc9c8ca76ece862df0a9e16edef8be0321c11d7
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = c85667b0890e1fe2ccdeafc24b192433e7447debe7a59bc2
+Nonce = e5583f79702477773936db4c
+PersonalizationString = 
+** INSTANTIATE:
+	V = c490b984363f58a99dffc7e56f7ccf9b2826171d8dd61eaa1864daaaac763d731f3fc2aaa55f79aae63bdb1aba3e07f1e0257a11ee7dad
+	C = 3f13e8178eb596530d6b87b6fd25ca2acc40fb3429865b5c4e7af2ec1a5ff718241d502e262dfbe4d76ab7eef1bad7b3951813577a66fa
+	reseed counter = 1
+EntropyInputReseed = a7c7b61eca320ff64104ceef27d93fa8f5eb0dc8c4c6e811
+AdditionalInputReseed = 2396a52896c9f2fe12a859b4b69cb452fdd35f1b800cccdb
+** RESEED:
+	V = b2f717c3ee1bc42b9446918f5c168d60d012a0614cf6b094842b40df926bc0594a6e0c361c6a97f2c916dafb9943ead57b457a3550121e
+	C = f2e9c850c21c91d5418a683a813e99b8f4c83277939c825129719d504482036fe61913586fa8eb06c61a9646da570e221c5ee679d47f6b
+	reseed counter = 1
+AdditionalInput = a9b9b85994f7840432c855bdde248169c0231a0f18a6505d
+** GENERATE (FIRST CALL):
+	V = a5e0e014b0385600d5d0f9c9dd552719c4dad2d8e09332e5ad9cdfb788c2ad31cf3bcfd02f62e95a999980503b786d194dc4fc98e98d85
+	C = f2e9c850c21c91d5418a683a813e99b8f4c83277939c825129719d504482036fe61913586fa8eb06c61a9646da570e221c5ee679d47f6b
+	reseed counter = 2
+AdditionalInput = 9f0dbf06148694a8d1d6e53cf1cb78b27bde9ca7caf709f8
+ReturnedBits = ed10d96a23caa1d74ea218feb7a6b9386d3ee17c65283eaa4ed40721b9ee75fe13bcdea03cb954abdba5a6b7c3254b436c693ec096611c01dca93d13a1de65b989c2c436b08a1e2f7cbd1f9784b7922a0e078bb3ab41fa79e92d7f1f3c4417fad350af39992885ed7a7d0e2f531f4163
+** GENERATE (SECOND CALL):
+	V = 98caa8657254e7d6175b62045e93c0d2b9a30550742fb536d70e7e624653b916709ca1281097901df1b98e0fd7653bfc06d09199746a50
+	C = f2e9c850c21c91d5418a683a813e99b8f4c83277939c825129719d504482036fe61913586fa8eb06c61a9646da570e221c5ee679d47f6b
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 41c1cfca005ac0fe9e0319db4e08c143b9b48de19c447986
+Nonce = f726a7d8719f0da81607a060
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3c97abdb4d85603aecdf9675fa2b5214b04ccce1f32ce07737b00e8ad4c79d5935abe03a4f7d233116758c40824b0f780e6398be854069
+	C = 6311954109a2ea99fba15d0eec3eda2f683c2950a20d50cd434e9361fff05f07f81c3ef6745d9c96dc509e46835053b074bb8306990873
+	reseed counter = 1
+EntropyInputReseed = 4b01ebea0a17819dfec20e187c81409b38094fabd2d0ada3
+AdditionalInputReseed = 654098a948f8981094541463aa6d6ccd82f7cde31e38a49d
+** RESEED:
+	V = 13befca78a8e67dec232d86ba5f12d044ba106df09eccfa0dceefc222f796c1dde208d31aab3bd82e3ce2e4c38d13b45cdf506ab38ccbb
+	C = 492d303f5e699c4da9ed337972784214ae59cc57fc0a77aaa527e38570c93a1b7e97ec8ef5d0db6058ddcbd7ec3e67e0cf52c60d7358f8
+	reseed counter = 1
+AdditionalInput = 085de17e7b99c0496114f4f8c292b4e7cd88d24af30e61e2
+** GENERATE (FIRST CALL):
+	V = 5cec2ce6e8f8042c6c200be518696f18f9fad33705f7474b8216e0831f2f9fa362e2c440fa75746d888e5271d863db004dff9e1668cd36
+	C = 492d303f5e699c4da9ed337972784214ae59cc57fc0a77aaa527e38570c93a1b7e97ec8ef5d0db6058ddcbd7ec3e67e0cf52c60d7358f8
+	reseed counter = 2
+AdditionalInput = 9af273008ab0a3d4c3dd9baf66dd467646493e4e320cee21
+ReturnedBits = 42eba0cdbed7f50647c5cec0d2055f850263a8074eaad3823f20dc6eca78c166e24ddc7436850cffb7a25f2feef5d68233dd38e6205ba037d491e7129734017c2fcd468f38b3ab095d94e05adbec0f3a9cf4aea2f11071d2e5a277ad4a518c0965de872d37721dbb82291fd12f870dde
+** GENERATE (SECOND CALL):
+	V = a6195d264761a07a160d3f5e8ae1b12da8549f8f0201bef6273ec4f4e8612b542b797b016c8b8dfedeed84ee919a4710fdbb3963a2ee3f
+	C = 492d303f5e699c4da9ed337972784214ae59cc57fc0a77aaa527e38570c93a1b7e97ec8ef5d0db6058ddcbd7ec3e67e0cf52c60d7358f8
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 9bd0dab28b44f2875daea49803dbcc87b4be5538371d4d2c
+Nonce = 97d874c0658981c3d6ddf780
+PersonalizationString = 
+** INSTANTIATE:
+	V = 578e0814b43197cd89ef546d10165005a566f43afc676fbf7010912fc574fe65704f6d7aacef4e71541662ed0fa894234b6408cd5e76d3
+	C = c124cd1f05d7ddd027c123bb36cbfd3e54f35c8b2123ca7a51ee88e1c9332804a30c54dc6e179939999757c0d25eebd428e86a56790ebe
+	reseed counter = 1
+EntropyInputReseed = a227f895d2a9900cd9b9ff3902cbbfa9c08830e07e074f16
+AdditionalInputReseed = a76e6657aa786c81665fa6e70d5a7457624ccf9952157537
+** RESEED:
+	V = 38cd882920d8ae80c5ff12dd6850d892bbe7a4d9a5c9378932be2d4d7204eef3f8c6e62f6835cf350b5a65077f3c4c59722a845ef7477f
+	C = b59d76ff81747d94cde46d5f52504a2c1fad20ee138b7a08138d56cbad9a1724196e97f772615aec20bf742d395e610fbf4d8c972c11f3
+	reseed counter = 1
+AdditionalInput = 8893baab46686e00a52a147b87f7d86b26e8dcda35e1bdbf
+** GENERATE (FIRST CALL):
+	V = ee6aff28a24d2c1593e3803cbaa122bedb94c5c7b954b191464b84d648e3acf302ae13826a48cb1b3c5ff0bf7cc6ffeac883065505b415
+	C = b59d76ff81747d94cde46d5f52504a2c1fad20ee138b7a08138d56cbad9a1724196e97f772615aec20bf742d395e610fbf4d8c972c11f3
+	reseed counter = 2
+AdditionalInput = 45f530d4bd1a02cab76aa3c617cee5efd3149bcc944f6c51
+ReturnedBits = 35db1d31e81a0c8e3a45f5574c978b9d82446f577ce59b31c3b9e1ab27f818f3e8bdf0e1f227c7d7a34f4d9765615047ca884873c78bbed98b9254f79a9695930502236e23fb058ac6bf2aa5f1e5309bb495293eb29099be45ced3e458b4bc267475b7305b3ee63d7017b8b43cd9934f
+** GENERATE (SECOND CALL):
+	V = a408762823c1a9aa61c7ed9c0cf16ceafb41e6b5cce02b9959d8dc7b0d3de0d6c4d217c06032a1431f6569e221332440977644f3f71961
+	C = b59d76ff81747d94cde46d5f52504a2c1fad20ee138b7a08138d56cbad9a1724196e97f772615aec20bf742d395e610fbf4d8c972c11f3
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = c046cc98075c1ef4c99eb99dfd7166f021caf31fb625a078
+Nonce = 61df9e071cf2d2b22e8bab25
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9c8c3e5fcdee286e6dc2c95ffb30bdccb73387e379879c2121a0d12d92d72212852c73762e783d34fccba03c94182d5a0fe9dfc32bd572
+	C = b6e1e91c910884aded294d683117fa5324a4fbe78f9618cb82422ae69002e0800af5129333b5614de9fbc7a4f358b88378476d0f8083a7
+	reseed counter = 1
+EntropyInputReseed = 21b43d5a5ed6e7fec4ea5c3a7f5c0d1ea623bb324c5de921
+AdditionalInputReseed = 57b31bee0723a5a0e4bd65f26437b0519d268140a134daf4
+** RESEED:
+	V = c40c2b8f504268984f40e9fc834699b993c23df7676036a5ac1d7abd49f05806ab7690c2ee7748a708c615024060038bbd380307d38ff9
+	C = f200c5435d11791635511c32c1136f596d78ae7d6699583f8fce543b89afe542ceecaf8edec9cdac36af05ead286457c211a7b1e7edecb
+	reseed counter = 1
+AdditionalInput = ad402e86c29a1fffe755db6756ec2a533d981fe566fe4d6d
+** GENERATE (FIRST CALL):
+	V = b60cf0d2ad53e1ae8492062f445a0913013aec74cdf98ee53bebcfaddf02090936f33d3bcfa5bff7b8322a2168b8396f93b654e6d0daa8
+	C = f200c5435d11791635511c32c1136f596d78ae7d6699583f8fce543b89afe542ceecaf8edec9cdac36af05ead286457c211a7b1e7edecb
+	reseed counter = 2
+AdditionalInput = ee35a835a50d6988f731839da7dd81f0d46ea4e078bbecd4
+ReturnedBits = fd68efc2b87453b5fe6b1668570365958d9ccfa1e1d3ed4e2b680b7c6257a83f76334850f688505ba898e5623318e966008e77f6f759e39143894197fb7077167f01d2d2399c36543eb45e6354517b449c658adf472c3de5a0ba0e5df45942337c6b273e2c4a478a0a6be3c4d4970716
+** GENERATE (SECOND CALL):
+	V = a80db6160a655ac4b9e32262056d786c6eb39af23492e724cbba2559ab57b6e0b2f73c99d5a37991839fa6e4209e886d4ed7c1946060af
+	C = f200c5435d11791635511c32c1136f596d78ae7d6699583f8fce543b89afe542ceecaf8edec9cdac36af05ead286457c211a7b1e7edecb
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 159586d878c7ab5a07bb3c17870d8cced1e659b3908e2ffd
+Nonce = c1ce5836959327c155f2deb1
+PersonalizationString = 
+** INSTANTIATE:
+	V = bca2e0bffe3de2a62465c00cf049ebe3efaaf09efaa65d5ef6dc6fe747697bd76a49b6ff2f053dc3712fa42f4a3f2e7504bb4c7baf92fa
+	C = 5f8593bfcbfee845defd148619d80eeb3a4334a2c1d050ea79435251f1ab00b4997a852c4c3f5df8efce60589a231fccd882c54c514d9a
+	reseed counter = 1
+EntropyInputReseed = 69f03eae9aef56129ca974aae537bec346f9803356b7ce7f
+AdditionalInputReseed = b3b42efa5ef6618f1c3309a9c125a739f70a652343c9b16e
+** RESEED:
+	V = c2b673e2414d888622cac9230b385d01f93a3bb22f06023e00e6d6717f82cf04f8d1f06f87c3be5150a9807a2165e0fc0fa8591cc8679d
+	C = dc4f3741267a1c347f7c6e9f61016baebb0597f27b4eaf7091c3073ed5422aef9ef34892c07ee0ed791d302c76ebbd337f21b84e1d51b2
+	reseed counter = 1
+AdditionalInput = 66503d0b01382eb3664b4d296472b2d1d977c8febdd69411
+** GENERATE (FIRST CALL):
+	V = 9f05ab2367c7a4baa24737c26c39c8b0b43fd3a4aa54b1ae92a9dea63f8ec8462d9f068ed6850aecb48deb1aea05c8d9dbd86d9289ab4f
+	C = dc4f3741267a1c347f7c6e9f61016baebb0597f27b4eaf7091c3073ed5422aef9ef34892c07ee0ed791d302c76ebbd337f21b84e1d51b2
+	reseed counter = 2
+AdditionalInput = 5c8945dc8694050db6480eb8db682f8cec35a1a377471d2e
+ReturnedBits = 2d415a5bb202da620f9f487c8380807e1af027f253ff775ba87c0693ee172fe28928962b8945b6104b949fc4023cb807f90b44e83359cf42421dff45845448dab8d35bb477ed7c919eceddf00524f7d5a5bd98d9c83c37f345f7c56c8dad4374cbfea95affab94a417b06e01ee566a0c
+** GENERATE (SECOND CALL):
+	V = 7b54e2648e41c0ef21c3a661cd3b345f6f456b9725a3611f246ce6c5357790990396860f73363efbcede776ab0bebc7c1bf5d07024c159
+	C = dc4f3741267a1c347f7c6e9f61016baebb0597f27b4eaf7091c3073ed5422aef9ef34892c07ee0ed791d302c76ebbd337f21b84e1d51b2
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 1292af200e9a59479f7e2489b886741c4dc27708402bb30c
+Nonce = a7976873bfa145b1d5f2d0bd
+PersonalizationString = 
+** INSTANTIATE:
+	V = d173d6b9a5223d387ef723a3acfb770124ab553d23f699128b5efeddacfd869dbef332999fb96ca72ab1cb6bd3a4cbc4065bf49b81ecfa
+	C = 31c449c8b7af461f317dbf90618c788824b1a59fd67c798298e256305494c485cb0299a360272e9d62429fbe3833a7daa24a246c980475
+	reseed counter = 1
+EntropyInputReseed = b037f9890797ea6624cbf53cddfa7651e092914b978de871
+AdditionalInputReseed = 33d7347c0881e383a09446f3e3472aa89dfe85586b3e04d3
+** RESEED:
+	V = 1ad992724a6d2e9940f1763c6c75679a841b527337485c199ec973d5fce07c599cf02d343259055c5a4e6b081c29cc20c10327cbd058a6
+	C = 37c3e402751ce781d305070fb7c79f8ac385a0676e1b6ebbe922e9713503a21d448e7fef5b04cd51aac765925fa52ec2bb7f7ae8c44f1c
+	reseed counter = 1
+AdditionalInput = ac89e28d81c2c67e240b4f65cde536d2758a4b62fe6f94ab
+** GENERATE (FIRST CALL):
+	V = 529d7674bf8a161b13f67d4c243d072547a0f2daa563cad587ec5e69ecef8bbda1bf4630a4c28ab8ba596aa61f415038fea7c2c7302686
+	C = 37c3e402751ce781d305070fb7c79f8ac385a0676e1b6ebbe922e9713503a21d448e7fef5b04cd51aac765925fa52ec2bb7f7ae8c44f1c
+	reseed counter = 2
+AdditionalInput = 6c2301c38ee2fe6c405c7f80ffbfc7253b4d0c2792d63272
+ReturnedBits = aeb28621e3878f3e84be41c5ff570a8c754dac9606a794ec26c685efff8bd615953c20bfbf4e361b7df76b7bbdee0056c21cf8309f0374eeba27286df9706beaf2b2c3baafd1245794a12eb5184dcb90d562c6fde250a70c738d9602b3bf514b9f9942fc60fcf96dcc9f0d9f1bc27151
+** GENERATE (SECOND CALL):
+	V = 8a615a7734a6fd9ce6fb845bdc04a6b00b269342137f3991710f48b52c07266746bfc9e0f36393cd61adb1ed4954c60f1092f79f3021b4
+	C = 37c3e402751ce781d305070fb7c79f8ac385a0676e1b6ebbe922e9713503a21d448e7fef5b04cd51aac765925fa52ec2bb7f7ae8c44f1c
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 9e7e2731157a21eaf007b05f9f9244a77aa8840d54d2a31d
+Nonce = b9ea31daac9f1e4d058ddc9d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 705f27c63010813e8684d660122015542765bca2aaf562b15da1734a025c0965df12b7069279969842817651d6c654d5f3fe21aba62a76
+	C = 0eb8cab98618ed119a0def4c028c6e8c03a3e66455a0d3e1c4428b66512b5a6841b28480c2225721d34e63a8502ba8eb88a7b498540a34
+	reseed counter = 1
+EntropyInputReseed = 7294dba58485373091e20ad7b3c7cfe949a67f2578178fb3
+AdditionalInputReseed = 07b98989f1a419629cb46d2c973edb7d808a26fe2802c320
+** RESEED:
+	V = e1a512e0f5b961810123c6e64e673cceb135b613340fdb32cb46db7e957e02a9e4258c27ea4b95a96b9d7335011efe56ad4978b5c264cb
+	C = 21f6d9f30007078fc00c5ee9d82d4493cb99eb85b88173ad0f6da7c36ed897c382b7464d70e95ddbe7b4733533d3006547b513d0eabbcb
+	reseed counter = 1
+AdditionalInput = 9c34bda90f30c0c2aed5dde0777f7bb7fd48a38e9c929340
+** GENERATE (FIRST CALL):
+	V = 039becd3f5c06910c13025d0269481627ccfa198ec914edfdab48446c20c235fae5d089d28d0587e9f8ed71954e0b7a3e13e3911327993
+	C = 21f6d9f30007078fc00c5ee9d82d4493cb99eb85b88173ad0f6da7c36ed897c382b7464d70e95ddbe7b4733533d3006547b513d0eabbcb
+	reseed counter = 2
+AdditionalInput = dba99b479ea832be597c65e343689ef9393a169358f2b69d
+ReturnedBits = fdf3a4047b5e912173e6454b409d5afdb5b161bcc1734337d157ab57f41c6453b55204a4a6adc286f1af9d37dc2b48b4a56148acfb0220c3762f20efbd3f7fd94c2ea9cb45c6e54d62128387f5e22d9f4b003b7ed9609336f44905ae93b4921464735b12c06016dd4824ffda85beb176
+** GENERATE (SECOND CALL):
+	V = 2592c6c6f5c770a0813c84b9fec1c5f648698d1ea512c28cea222cfb09ba61c25a08991e83800e3132ee0f2203706ebae56ed23ed721c0
+	C = 21f6d9f30007078fc00c5ee9d82d4493cb99eb85b88173ad0f6da7c36ed897c382b7464d70e95ddbe7b4733533d3006547b513d0eabbcb
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 2fa98eef080dba6ebb35d47d9d070621e7acfd5bbe60dbc8
+Nonce = 7b3d2824695b055ff38de526
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1ff990fd163d01ea7b5e42ab21482c56d2611d3aef307468036cf5d40e69beb043c9865f5c059e49d021cc1ddfe771fffac4277e3db17f
+	C = 15ed38019bd639f44ee50b863022e6063e98055cff064cfca2294c96a5871c1c3ccbcd9c1fd5274d9d1adfcf173f77e410fdc34b9bfbcf
+	reseed counter = 1
+EntropyInputReseed = 9d348392dd40455a3764b6bda37d57a3fd180e384eb6f1c0
+AdditionalInputReseed = 45c6806894978dc6a78a42ef3b8c0550b1b6f3c138494a33
+** RESEED:
+	V = 6001bdc2b48c81dc88765675a6db8aa2a10b55b1a42d07f403b001ec9594b8571e05c0cd572149030e2a7f926eefed46546318d52a3487
+	C = 75931efae80bb257629db1df1742d9672f9545b3a812085fbfb39fccdd91bc4b36601282463c917455abc80fee3d5a2c2f9c9c4977f4cb
+	reseed counter = 1
+AdditionalInput = 91445b48323db9379feaba05a167ef19e61c34831161a905
+** GENERATE (FIRST CALL):
+	V = d594dcbd9c983433eb140854be1e6409d0a09b654c3f1053c363a34525f8830e0db3b8bc661fb9bfaee62f584756e7557f533ea140c261
+	C = 75931efae80bb257629db1df1742d9672f9545b3a812085fbfb39fccdd91bc4b36601282463c917455abc80fee3d5a2c2f9c9c4977f4cb
+	reseed counter = 2
+AdditionalInput = 9b698e4dad1350ad794aaaf170e1cd20aabf9dbe40d40bc8
+ReturnedBits = 53727c0d49580df8bdd71250797350b8d424fa0dda419e3a18266816d61fb5c824e9f8c0be1e7689a98d309a228b4a424eced3fb8fe310464e38062c01d9d27a2900ebb61d11e20c1e0d1e216a7f4a1b4e6b0af3ec0e59076042048039022779646a4f841c4d8c4b4a2d55f2a731f14c
+** GENERATE (SECOND CALL):
+	V = 4b27fbb884a3e68b4db1ba33d5613d710035e118f45118b3831743718448c396a6fdc3d1dcd93d952cc31032c888ec1c48fbb6d648df7e
+	C = 75931efae80bb257629db1df1742d9672f9545b3a812085fbfb39fccdd91bc4b36601282463c917455abc80fee3d5a2c2f9c9c4977f4cb
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = d94b6d02fdae375a79e1ee3489b933b83546fe6430af481c
+Nonce = e57274d19a4ed47961106906
+PersonalizationString = 
+** INSTANTIATE:
+	V = c78557524e88418898418cc348cc9727939aa6de7e435ad04c58649b87fab5044f079792ad0de89c565cf2104373086ae60a9348e9c4fd
+	C = 89aac6a4c786a5417ec8bdc5d44bf0a717bb416bfad0af0e5192b492aa8509f0727972eadfb8213540a45b56ceeef9ae8dd6ca8252a41c
+	reseed counter = 1
+EntropyInputReseed = 0527ae54360af63dd76b0114724181b8393867456c72b86a
+AdditionalInputReseed = b3d88a66a40d60a62706a16e829adb0ccd6930ae0c2d3992
+** RESEED:
+	V = 5c858eb38f75b2212fb17255eb8facd59ec4c2aa5f3ae01ccc5aafef28c7cb32eeaaa624387f72d5697aa417eb95948d3dcc1b82936944
+	C = 8245ef213e444ef4937fbfd684e0da8624c090b0767b19770cb4202f5ad514bdd65373e6cc094c3d539fbf156332493f6a078a67918c8d
+	reseed counter = 1
+AdditionalInput = b789c64191cb190e11d95d72623e048a2375e6bf9bee900f
+** GENERATE (FIRST CALL):
+	V = decb7dd4cdba0115c331322c7070875bc385535ad5b5f993d90ed082b3021ce3371a36c9debcc4c8478f031b7c750ccdf14e6d2c7118a8
+	C = 8245ef213e444ef4937fbfd684e0da8624c090b0767b19770cb4202f5ad514bdd65373e6cc094c3d539fbf156332493f6a078a67918c8d
+	reseed counter = 2
+AdditionalInput = 88ae5458dbc5f6123a2bcecece2008ab14d49013590229e7
+ReturnedBits = 2cc1189295f6556a2470d3044e896b319d2bd37b8088fdf6e23659cdcfb3a2a9412e1ef4aefe4a55bfb33792bc7edd078630b3e3890a5f499a6550e028203564df30a650864a94fab305388dc2d90aeecd85c14483b9cb2c797638183209be73067c8f348580b215ad97b1f5ec2ba239
+** GENERATE (SECOND CALL):
+	V = 61116cf60bfe500a56b0f202f55161e1e845e40b4c31130ae5c2f1fe7596f4e016fb81583d4dbaca2716250c273f56ef7788603cd0ba20
+	C = 8245ef213e444ef4937fbfd684e0da8624c090b0767b19770cb4202f5ad514bdd65373e6cc094c3d539fbf156332493f6a078a67918c8d
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 21d586598068c5f622eb3c8e15be8975f2ef39450ce90e38
+Nonce = 3853a8d032fba12dd32b6fe6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 056c556b7b2cd98021c4140e4f95f04cdd235eb78d475f665053e0de903d09cfcffa36fce99a947b45bb4a789c2e534af1851af926c23d
+	C = cb81a6563ae8d24d164b2b42c309054d6b75bdba402c00ce2bc752f027ffd775e64da582a560b8bfc65501f9d8f25aaae0eb18a8261099
+	reseed counter = 1
+EntropyInputReseed = f31b13ac9002a71e2d62b1c0ded7a60fe82bd752a449e71e
+AdditionalInputReseed = 43d005320af0b83eb9a0e73952508828d2a65f910de063c1
+** RESEED:
+	V = 118dfcb983581fc21a236a314a3d369d3c8b71db4f2ddde04b18d40c683146aefd6fb33020c7fa85d88c1c206c9b7d3c79acdfe069e277
+	C = 83074e10350cc7a124de3fca91d7d6195a632163b3dc722fdabb87d06fad4efdd030f58bc394b1b445cdd9f97325de47e641bfddaaec6f
+	reseed counter = 1
+AdditionalInput = f6c4ee7af22bdcd4bedeb6e510f97615a0409ade94e1d585
+** GENERATE (FIRST CALL):
+	V = 94954ac9b864e7633f01a9fbdc150cb696ee933f030a501025d45c36f602a8692e92fd5aefa5ccd35ba73a4d4e0671995a23529bfce0f1
+	C = 83074e10350cc7a124de3fca91d7d6195a632163b3dc722fdabb87d06fad4efdd030f58bc394b1b445cdd9f97325de47e641bfddaaec6f
+	reseed counter = 2
+AdditionalInput = 734dd60c81e1d7e0b4540251b7b1c1a8a5d4dc5e2119e594
+ReturnedBits = c8ef5772a86b25df7a2f997c984a33fbac6a6c680f773aa8c874117fbf8c93d86cb8e069afaf1e51ee23982f8b5053de55622242012ab28bd9d433ce860a440bcf30f901ae5cf4f10464a1c41c0e2416bc576391fc8e78c167d357eae2ddbedd02a21c7dfbb2cbdc9344c692e8a77361
+** GENERATE (SECOND CALL):
+	V = 179c98d9ed71af0463dfe9c66dece2cff151b4a2b6e6c240008fe54848780492caa2264fd043328c66346da7c4804fb4be41eab7df41a0
+	C = 83074e10350cc7a124de3fca91d7d6195a632163b3dc722fdabb87d06fad4efdd030f58bc394b1b445cdd9f97325de47e641bfddaaec6f
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = f8bab047d56d90c2e5689c1afe4cacff3df96da82e5c2ca2
+Nonce = 5ba75f11be974cf303cd6543
+PersonalizationString = 7a65830a6bdccfcdfc6227317e73b2172f7e13968a78fee9
+** INSTANTIATE:
+	V = 020b7e1d87c99674821f8cede253c52d13638d879462eeb2f28b0d306e2c439e057f398dea337b0657d2cbacd9f2f0699b35e0b9cce37a
+	C = 065602826625dc6b4aa112c84e0a3b502f26697515faaa22e3a4ee489290a6b3a7aaa6e1f5fcd6fb72eb4456b0e58b77a1dd550e5c99d9
+	reseed counter = 1
+EntropyInputReseed = 24a5da2ee26fd8adba2cbf482b42376061f62204f218c0dc
+AdditionalInputReseed = 
+** RESEED:
+	V = b074aa38f5ecd9806c43d94b7898bdd1c7d81edd8ba0bd51a283638151eb32453fbf86998c2b9f61c9a8ee524cd27ecc637b26fe833346
+	C = 551e07cb5579ff3990fbb65fefb4a882392ea36bb5459082faf8f925651dba3986ca2698dea54916d35c886fea65356c942d3f1c28ce0a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0592b2044b66d8b9fd3f8fab684d66540106c24940e64dd49d7c5d1593d1126680f0e88ce3b7f7b299bbc35d98dd375e7977ef77322fe6
+	C = 551e07cb5579ff3990fbb65fefb4a882392ea36bb5459082faf8f925651dba3986ca2698dea54916d35c886fea65356c942d3f1c28ce0a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0ae1fff30b266773abb05d0fccd57b0701210cd27748100f56053e5d9f61f13deedd88d4ad91642539165b79ea925fc6dcb0ff86215b32dca51d9e9d112b6f8edacac0fafed61a4e3bd8e5343c917ddf56049c774a19569bcfce8ecf3cf94073d3bbc0ab081de47973eb95b0b21bb571
+** GENERATE (SECOND CALL):
+	V = 5ab0b9cfa0e0d7f38e3b460b58020ed63a3565b4f62bde57987556db19f060ebcca70456728e741b52f874763d56021e317e999779757f
+	C = 551e07cb5579ff3990fbb65fefb4a882392ea36bb5459082faf8f925651dba3986ca2698dea54916d35c886fea65356c942d3f1c28ce0a
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 81ec52b70e6b26fddb9d7b547ac236940676ed1bf9ff2041
+Nonce = d0467e6386d520dc43d908bd
+PersonalizationString = 8cc4663035ec9f798566fea93a07d8e8d268cbe93ffe8d78
+** INSTANTIATE:
+	V = 00273895f6d49e227b90d27486234caa17a032d595845ff49642615e1f8cdd64253ea04626bf6c467924cea0524a67c7deb992f84c2a68
+	C = 3c7a661aef951efef81e1fc0a4c98fdb72a1755b724766f8f2d11242b06e09ddeddae17203aa2f88765091844744edce0d924cbf744366
+	reseed counter = 1
+EntropyInputReseed = a8a2b0b3abaa6f939d6c7b050543d40fa5e89290bf147d4b
+AdditionalInputReseed = 
+** RESEED:
+	V = f984800dba794dcd430334ac72138a1c700540abc7b6fd793022f0840ef1e811e104e6a6d023012aaad6c3038f236d32069afc01e4fb63
+	C = 14d9c47e89df055be6b54cce7dbc78ad90e8fa98ee61acf247cf5647ce555c62864e4df86979948d66c4e85855d1e6e6298b09b976167b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0e5e448c4458532929b8817aefd002ca00ee3b44b618aa6b77f247966cd362ac3c26c4adcbfdd493eb5ba3237049ed9b5de1bd2e61feb8
+	C = 14d9c47e89df055be6b54cce7dbc78ad90e8fa98ee61acf247cf5647ce555c62864e4df86979948d66c4e85855d1e6e6298b09b976167b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7611d29dc0a75604050ea9be0b700a9296da31c214255e904f057a84efb429854fcd950ffaf4411971594a579e99b17389b31d816192fbe86c811d9d62c3e0d3eb9bde9568365c436deedcd904c7d07a8b8164ae781b0146d1f16861fffb11522e4d194a510a18be3431b48678144ee3
+** GENERATE (SECOND CALL):
+	V = 2338090ace375885106dce496d8c7b7791d735dda47a575dbfc19e1b2c65c9105f4356a9adc4e9ff16f6f1e593b316ba936c503e1c0802
+	C = 14d9c47e89df055be6b54cce7dbc78ad90e8fa98ee61acf247cf5647ce555c62864e4df86979948d66c4e85855d1e6e6298b09b976167b
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 879d0c04004b16f3c73046058a8eb51e78dbc5f25b6c7d18
+Nonce = b15d146246299c0661b93cb9
+PersonalizationString = d34370eb1eaad2c32bb474587ff526dcba21ad86d3e5b1da
+** INSTANTIATE:
+	V = 175811edf07f6ebe19339dbf8f387718b3e35fc7fab84ce6afb8887e0ffe6889934347c8475cd1c5e2fffd478f505bdedbc20cd085fdc6
+	C = bb6e7e9df2414a7cc7820e333477342d8657d9e04087a01d713509fc7070dd19e71804b2370394876783a98fcc097e1e63f3bbc4e68084
+	reseed counter = 1
+EntropyInputReseed = 62d82b7a289e3d632b67c4d9f02221bfd026cb4d57ddf622
+AdditionalInputReseed = 
+** RESEED:
+	V = ad2a40f49fb4a70bb7eb3f6d55987891025e724245e5448e13aa17e3de365a26b3987303f991c8e8266839a86f5e38126ff28c19f1cb8b
+	C = 43b265ccb3747ee0fa9bb533735051b40cd52bb8d7feeaa4ed838ea1829b78d3550a91da7ad370139455b54963dbc1734d78e109e5d7de
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f0dca6c1532925ecb286f4a0c8e8ca450f339dfb1de42f33012da6ae7098305913cfa04c6397db8bdff38a69cb1d065f5cde593b222277
+	C = 43b265ccb3747ee0fa9bb533735051b40cd52bb8d7feeaa4ed838ea1829b78d3550a91da7ad370139455b54963dbc1734d78e109e5d7de
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6d99e6ffc1259532e95735dca594e15e2798a0142fa7b3f4e1440bb3f5b5749d9424b2e47873d31db1cd42b7205dea3b97fe97f7305fda73d801e2c6ca9efc4957c9cbdf3a6575f979f8e2dfe5d3335ba24a8ea8864e2d5f001c7bdfdd39a297d71d7e895d7d0ad28f6c758577f5a1f4
+** GENERATE (SECOND CALL):
+	V = 348f0c8e069da4cdad22a9d43c391bf91c08c9b3f5e319d7eeb136421f122229bc1edf4f4aac3977d33cfc25c5c8fabb37e882a17d6b09
+	C = 43b265ccb3747ee0fa9bb533735051b40cd52bb8d7feeaa4ed838ea1829b78d3550a91da7ad370139455b54963dbc1734d78e109e5d7de
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 4746e6460f2628cd32e999336183475ad0a66e19d4eca3cf
+Nonce = 295946fd41b42a770d7b9c69
+PersonalizationString = 7d1a3e8095d6688ac7fbeab2d60371de0c486a53f48de78c
+** INSTANTIATE:
+	V = 6af529224926a49984c4c0fc9bb64723d8f05a74bfe60a663ee96a63783f938a140b0758324561511969572e29d48a2167cda415c7346e
+	C = 5b1b33ab794bc5c1083b1788136de87f1ae36aa3a97b566fd1face1085f9059ee328ffbf9d712178ce621886c29cac3544279c7ffbdd7d
+	reseed counter = 1
+EntropyInputReseed = f8720a18b163ffd21b135762fa9b2041c0baeeb4d7a89451
+AdditionalInputReseed = 
+** RESEED:
+	V = dc69c112be40175d1860c9502c6862fec6168ee4ee28269f33d6dda4c582642805a24579b3e465c3bf8ffeb6b085ef9b143a246b6a3029
+	C = 7a1cf09d6e72cd0534a675f0836edb1da8c59514bba570c7e0060177aace81a645a0c2f016bac11deda31167f80f49ffb590b98ecdfa59
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5686b1b02cb2e4624d073f40afd73e1c6edc23f9a9cd976713dcdf7c30b9dbe5461d5b3d77cd8c7248baab78969b5bb2a480e45df595d4
+	C = 7a1cf09d6e72cd0534a675f0836edb1da8c59514bba570c7e0060177aace81a645a0c2f016bac11deda31167f80f49ffb590b98ecdfa59
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0e8659f07e9d52d63d854c216c864fec244191e0bd1f7f5419c01e16caaf2e5b83fe0ab030881f5ef3539bdf81356ea21378ab3c29e6e4024f7489fb01409456dff49da2dd526a607435fd1763bd231c2a18da0a8efa8ea5320e4a3e0d84f4442e739c3dd0af40a73114a2d9c885b994
+** GENERATE (SECOND CALL):
+	V = d0a3a24d9b25b16781adb5313346193a17a1b90e6573082ef3e2e1557961c5afd695b0c6ab8612491196a031e9f067e620b394c83fc9fa
+	C = 7a1cf09d6e72cd0534a675f0836edb1da8c59514bba570c7e0060177aace81a645a0c2f016bac11deda31167f80f49ffb590b98ecdfa59
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = d14c1f7ab022176fa296424b57c85f5c864576e06681278b
+Nonce = 9ca28a07d12942f6afa1acc1
+PersonalizationString = 185c96e8576e5e274c9d6c99b14014577223382c1fafb905
+** INSTANTIATE:
+	V = 8a0daace36f5dea1efb0842fbcf909ac780cf7c0f988e2c0f825d34931c4031eb415b43a0f2660a837e887ca5ac97cdc0bc92fcaa7c9c0
+	C = 10e15377625624b5f933e9c122784182e64b55f275ab9d9a40ae582bfd026e26c112cb0998c7b201aeda9085be4fbe078022ad40f6b7a2
+	reseed counter = 1
+EntropyInputReseed = 978a02cdb7bac8425395447802f1096d0703a463f78a22c8
+AdditionalInputReseed = 
+** RESEED:
+	V = c3c7d0ca00059cc6bf55af8dd1136a7259f949ce64e1fb9a7fbad84a1a374df9f8925eaf9b68b4066e7f6e8382297c8581f0c3ca17d45d
+	C = 3a0fca613d5ddeb80f35b6443f70e30b0933bc6f1c827a619ef740fc055d8b3fe73cfa71f7f2ef5a5342d92889a145bc0d11cd0d577a09
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fdd79b2b3d637b7ece8b65d210844d7d632d063d816475fc1eb2198d39000a7751518daffb221a0b39395d589973a4b38f0b78900de314
+	C = 3a0fca613d5ddeb80f35b6443f70e30b0933bc6f1c827a619ef740fc055d8b3fe73cfa71f7f2ef5a5342d92889a145bc0d11cd0d577a09
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 12632f93362c7aab0be84969b9869f2935651ca0f3fe593c60a805504e84af1f7b4483148ce2d1261c547829d73a2c5d43cb194e285eb53bda7bb08da8204b8d37c361ecbbbb41812ccb4f0d3c86a26563c5017117ce65f34ddda6e0cc272c6411d707699a5310b005bc6813d4f8ce44
+** GENERATE (SECOND CALL):
+	V = 37e7658c7ac15a36ddc11c164ff530886c60c2ac9de6f05dbda95adc2fc8648f7a1348fb5ae1d13587d935731db812ec058de58f0c7d50
+	C = 3a0fca613d5ddeb80f35b6443f70e30b0933bc6f1c827a619ef740fc055d8b3fe73cfa71f7f2ef5a5342d92889a145bc0d11cd0d577a09
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 32b2a810869e9a8ae4d2a4dbc4d3e524fc9d13c4fda3ccf3
+Nonce = d8afa296c73dfa7f832ade1a
+PersonalizationString = 58e1b1b2cb421e83ec6003f915b42b1e2b97f05f588e3047
+** INSTANTIATE:
+	V = 8d0b5ce2a652597c38233a6678a248dac38f73b6a126ecceae5a8ba3ef0b859fad8023e25fab82ff376b1e193545d6cb7036b1508f19ea
+	C = 71da2abc0e26267812bad0d6ed1856668fbfa1350295ef190852720fb0009e340d4a10285fc69331d31c65ebb9f1d52e6065df3e88cac9
+	reseed counter = 1
+EntropyInputReseed = 72965171e91cc8d2800e9f53c9d65d6a00e238c374862a12
+AdditionalInputReseed = 
+** RESEED:
+	V = cbf7f433abc096daae4236364e74f550495a1c3fdbc1e9f1a2a39752a0a40e5ff7e7ece390266a04b7f1d5422e0367fb6de8f11a65d12a
+	C = 0015e45d4c16a791215dc4f62ca61bbeb0723a1460140e07734e365bee1f59b96546a68975ce2e91c4d00efc8ab79cf78870bbb35d17c0
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cc0dd890f7d73e6bcf9ffb2c7b1b110ef9cc56543bd5f7f915f1cea578406d319b8dc77135457c82d84ae6be8e96be37e039b677329b34
+	C = 0015e45d4c16a791215dc4f62ca61bbeb0723a1460140e07734e365bee1f59b96546a68975ce2e91c4d00efc8ab79cf78870bbb35d17c0
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0cba00c7fc76a9d328ea7e65063410dbf123804984b188dc989295787953b2246db76a0add79d7a2f2e4bbb2036363ff97016e67af6a4a21634545515ebfc43446230af57e6427f088c076abd2690172cdf95069a770fd2a1de98ac693007f2d7856c2b74b31e2d4e470b8802f07bde1
+** GENERATE (SECOND CALL):
+	V = cc23bcee43ede5fcf0fdc022a7c12ccdaa3e90689bea0600894005b1a6b790494f69f85f094c7651cf8ead34d14e5e2c22902fe0b72ddf
+	C = 0015e45d4c16a791215dc4f62ca61bbeb0723a1460140e07734e365bee1f59b96546a68975ce2e91c4d00efc8ab79cf78870bbb35d17c0
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 3d80f1bd8021f078c59d51821705406d7a60ddafb8c276b1
+Nonce = 0586e0c1ed940694872f8901
+PersonalizationString = 418458ada82078e3e1dadde4e9653155ba02f41e8f4a75a9
+** INSTANTIATE:
+	V = fb70b9bfd2ea83241c3039ec35321735c35792adce3b85f2a1cb83435190e19a2dfa7f216c86615a3498c6647ab5b007f9889173ea8c81
+	C = a46a407e4b68677a435c31dfc92c97e2bd624faef5167b0ec9f2e0beae8a0dc9e3498cd44da933e7121929cd9a345f36222e488fef13ec
+	reseed counter = 1
+EntropyInputReseed = 3df0aee4a729e590d255b337871c352655a3c5e4bf8b1f6e
+AdditionalInputReseed = 
+** RESEED:
+	V = 8a2bff5ed77f28bb78991c3e006152635e762dbcf1c9019ba11036d4a9f7a0e3887dbb2c6e6afc708fb6c16c1979bb369eceddba38718e
+	C = 6e632f5675057de7058c1c2f443958b077832761dfbf07af28831bcc99a2747185d6f7a5f637fcfa5fc2e733d80e726ca5cd74b84177be
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f88f2eb54c84a6a27e25386d449aab13d5f9551ed188094ac9935374a09b8ce817f63f0fc80d84572a43ccec41114129e443f05c6b9255
+	C = 6e632f5675057de7058c1c2f443958b077832761dfbf07af28831bcc99a2747185d6f7a5f637fcfa5fc2e733d80e726ca5cd74b84177be
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a99c6b7565d496da4b8b0637e2e07b06d807841374fbb5aedec943bd2ab54b3268bb7ff598cf6f52a2a6c2133562c77e276caa1f3ffd4af3c7689c8fc0dd2152a814e166f644099bc9d959d97af39e6a97fe18d29dab97fd2d803d5b1d6fa5c4c2ec996ff908abda32d445195223a80b
+** GENERATE (SECOND CALL):
+	V = 66f25e0bc18a248983b1549c88d403c44d7c7c80b14710f9f2166fdcb630e103ea9fe3de98358cded442f0f722dcd598f363cc77f0abf9
+	C = 6e632f5675057de7058c1c2f443958b077832761dfbf07af28831bcc99a2747185d6f7a5f637fcfa5fc2e733d80e726ca5cd74b84177be
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 87baaa77ece3c57815c35bad1628fa7e4bda2ec1ea4e6da9
+Nonce = 40bf3a15636d5a0b61fe0df8
+PersonalizationString = a6fb8cf2fd46f3f0e4dbe467f8aed45ea710a3a53aca6422
+** INSTANTIATE:
+	V = a4e20215f04344d9c038ca1eff839d4f02e047990c56d5ad321814163c1926f2024bff7f758761034908ac0db5934ccbf075b6bf531035
+	C = cbbe90306f58fecee63f3b67d1eed21184506e88648c3af235fffbb2b9e611e6d6e430cd0832cb28b8ae7ff643f1aaa9877dd9d0adf093
+	reseed counter = 1
+EntropyInputReseed = d13727a2be37f3be6b67d683a6ffe6b39a6f8d845d71d554
+AdditionalInputReseed = 
+** RESEED:
+	V = 1bf33d3da6151b81864996563852d1e9198d9fd6122e0e68ec0cd40aa27d1760860f8e966f38989cbb1299930f80d1c285505f382db0a8
+	C = f753e9d100bf98569675ffc20764a51f1832b510a1b6b422af9839996646007f3e5287dec82325c286dfca35cfe91894551a69c50df2ff
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1347270ea6d4b3d81cbf96183fb7770831c054e6b3e4c28b9ba50e87d7dba5a5b9a8274b9ba992ed8d33e6834c538d0c5de23aff95558d
+	C = f753e9d100bf98569675ffc20764a51f1832b510a1b6b422af9839996646007f3e5287dec82325c286dfca35cfe91894551a69c50df2ff
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9aeb7600ab5b4c267d822e41e196d8ac4c8353e0687480ca2015535cad65a4df50482d44393ef1f3000eafdd5a86fe8eb9b8fb7aef79a6f62e49f64f68c8afbe458d848b5129e2608fb9d672524ce6301b9867dd9a86fd8d0220a722f9be0a6bce54dee26832ee05db0fadba6a5e2940
+** GENERATE (SECOND CALL):
+	V = 0a9b10dfa7944c2eb33595da471c1c2749f309f7559b76ae4b3d48e3bbc795e061f9668b690010cf5596e51fb38f677caac151d9edcdd0
+	C = f753e9d100bf98569675ffc20764a51f1832b510a1b6b422af9839996646007f3e5287dec82325c286dfca35cfe91894551a69c50df2ff
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 9e24642273e694ec9d32aff0e721293754f043419b983608
+Nonce = 74a141c02154d8302ee4e895
+PersonalizationString = 059ec9e70112cff772117b7e9043fab082056fdba95dd73f
+** INSTANTIATE:
+	V = 57f676933371ce45229c5c47d42b78eff7e682cdca01af6f25f77e7737895d8e1985cd288593ab38a736fb0edbf0cd608e80857b491635
+	C = 3c2855f857e937c8f035641ce548a0bcc294ec7a02e965b85470915c5438347d80e8b1521a270894a1de704963577957fd735f9c901d3e
+	reseed counter = 1
+EntropyInputReseed = 45b652418248da268cc4aeb0316ca838987d715965fc9b84
+AdditionalInputReseed = 
+** RESEED:
+	V = 3860575e9c58a0084a1ff400b0026cc5c1d0cd46c524aa71d34f90dc075a313fd31431a8964ea141920110bb1ae079c7fa146408f16523
+	C = bae2b44ba90a968446ad5ba0b4e84eaa9a79e125e0fef926d7bbb982d32bcdbfac74ad1340d7a9b73aadd9a378f6f5fb5d240f309264eb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f3430baa4563368c90cd4fa164eabb705c4aae6ca623a398ab0b4b0f368e2031fbffd4ba935494c0fa6dd7101007253cdbd9c5cef76cd5
+	C = bae2b44ba90a968446ad5ba0b4e84eaa9a79e125e0fef926d7bbb982d32bcdbfac74ad1340d7a9b73aadd9a378f6f5fb5d240f309264eb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ed69d41092183ace1a2cf2c3552cddd16270fd88bd42592a41bca491a9d5658c99f973962922c085a2b0a6acd2a9895395b2521f5ff44f557abbc2eadc17eb5144d2c27d8b6cf3f8ff49c025da302ef928c1163a03798984470ea33e5360cf5d390739722a7d22e51d3f5f325e595446
+** GENERATE (SECOND CALL):
+	V = ae25bff5ee6dcd10d77aab4219d30a1af6c48f9287229cbf82c704b5e221d017a28c83a6d6e35a5d4f81d376f97acfd02a53c93e43571c
+	C = bae2b44ba90a968446ad5ba0b4e84eaa9a79e125e0fef926d7bbb982d32bcdbfac74ad1340d7a9b73aadd9a378f6f5fb5d240f309264eb
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 6f82006dbe521404ebfb84da53683c2d702075d8b8ccdc92
+Nonce = d2601aa8a30791771aa81f28
+PersonalizationString = b2dd949021e2e6408fcfba47134e5dfcf133312e04d2f607
+** INSTANTIATE:
+	V = a6dbfc63ba7364a1b247ebb51907efbf19e0a8c23f7c61e2d37356739abe19e335971d45a0ca944482a50db12f26557d2e1aea71207087
+	C = dd85f2c5eb5c98c2a21a42f57db21e751bc24c40002e2146256fe499bcce57ba3ae3b379d4b389e706fcb6b29569d69c959755bcbf1eec
+	reseed counter = 1
+EntropyInputReseed = 505f99b0e1433d0c457ebe8f7d0f625c27715f91d97f62e0
+AdditionalInputReseed = 
+** RESEED:
+	V = 29481d8e2dc99284a3e9336090938f80dae495fd85901590e7a84a12ce4d02c063a3880232fd3d413a7beabd80f5234cc9c6f9057cf384
+	C = 5cc08c989e1420f3c47c64bede0cb728d87d423b626769fdecc8ca61b4fbcf033660fe5f434131aa6808a5bfd4533096f3f95511301545
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8608aa26cbddb3786865981f6ea046a9b361d838e7f77f8ed4711510dcf7209046c99e009e20a224d6bfe8519ad14c25f4d58ccd471246
+	C = 5cc08c989e1420f3c47c64bede0cb728d87d423b626769fdecc8ca61b4fbcf033660fe5f434131aa6808a5bfd4533096f3f95511301545
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6c3209f8ab15f76bb21f51bf5c369f789ef9ad1791c4db2598c303e248ee5ec95fdefcba356058bc952086699720560d6324bd203f21b03fa46954caa9b5a6ee2ae68dc59638912b5f5cf5d6462723e30f60593355c2b706e21ad6d8fa1a0c686f5436a0afdf0dbcba2d13d1625c41bb
+** GENERATE (SECOND CALL):
+	V = e2c936bf69f1d46c2ce1fcde4cacfdd28bdf1a744a5ee98cc139e01bc2cdc34cf0ddbc097c2f0b5b52c070ce4e44d1a7bbe91bc03b17cb
+	C = 5cc08c989e1420f3c47c64bede0cb728d87d423b626769fdecc8ca61b4fbcf033660fe5f434131aa6808a5bfd4533096f3f95511301545
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 45338e5a51846e3d51820623beda888b7ac20e95018fdca3
+Nonce = 67f1f1b17081b549f4f95b32
+PersonalizationString = b545be4d08f761790ad401edcc0633c5a8c4d8d6e8191647
+** INSTANTIATE:
+	V = e7c3b40ac85fa97c33f90a0f09095086c747ce50374ae2237be8e8b7104f0a8a06556528588d637138aefa07df9b28dd60f9b22780f1ab
+	C = 91cc7e1476026a5c39134bdec6053f6dc875d01410fc5a3dc1e78b23f94a7eee52b8854870b963a3b9a3184e82f1b1fdceb84fb16efee4
+	reseed counter = 1
+EntropyInputReseed = 5d7f03169a274acb55507c6b63f3145cd41216dd2a13755d
+AdditionalInputReseed = 
+** RESEED:
+	V = 09ee3a3507befb0119ef77f743061d2591157aa0a1ee233601af9a4cdf18d5126ea272130059afedcf523932409cc2ca061449669c3e78
+	C = 2bbd1abcd54facfe059d1014858e2dda03f8eed2c93c4c5ef6d5b6a3299722e609a0e8f5f92696e628f0e24db467177223b46bbc4d9f8a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 35ab54f1dd0ea7ff1f8c880bc8944aff950e69736b2a6f94f88551974ddada44a9130716efe59e2ea55328083d0ae51a00b31799b620d2
+	C = 2bbd1abcd54facfe059d1014858e2dda03f8eed2c93c4c5ef6d5b6a3299722e609a0e8f5f92696e628f0e24db467177223b46bbc4d9f8a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 48a8a83d82ebb2325e921156449fe728286d8c3ca7e4aa564b4bbe70d5db7c6ec4e0e59bd2f2cd25580b6597faa44c29a9dd2a1001b3b019ad15040b3dbb33d453e0d9fbc627bc1df39c1cbf92275ac18091840d7fcd71ce60ed6940d126860e9de27d2edb4c981c012ab5a1bb9daea4
+** GENERATE (SECOND CALL):
+	V = 61686faeb25e54fd252998204e2278d9990758463466bbf3ef5b09242934e49b7e867d9745ea36e67101a6808f6b9dd93f4c9d2df4ca37
+	C = 2bbd1abcd54facfe059d1014858e2dda03f8eed2c93c4c5ef6d5b6a3299722e609a0e8f5f92696e628f0e24db467177223b46bbc4d9f8a
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 545060fbeff3415fc5d6c16e9dbf9575e87c2e660bccec90
+Nonce = aaf8f30892481b3206456dfb
+PersonalizationString = 19e81e70a2bcb4393205de2dae53cb0b58f0777faac8715b
+** INSTANTIATE:
+	V = 6a191de53e2df1b5ab4669517d6ef95b13b95ab463e9c338a85175a97d17da707c94fc278819a8e801795ebc9a3b6d3f845c680dc7ca03
+	C = 2ad448f1f68f2ee4d50d805d3849f56ae4efe983e5d1b6011992a8ee6d09c44f3d1bbb560c6ab832f11b0493cbfeedf8ea97bf46b8345c
+	reseed counter = 1
+EntropyInputReseed = 6ef635809b360b97e7c8421fd0ff474da554c701c8d09c75
+AdditionalInputReseed = 
+** RESEED:
+	V = edc533f54c70fade8807c4aef014f043d7634feb5906eef20bfb4fd85f13163d01b685161b38cb4f88469ed70df9d74b5daf79f2157986
+	C = 153f1f8f05382441767cfdbd52ee171fc5fa6bc800bf434c01d407d00e870e0c0e1bc08fc2bc08cb124356f760e00f0482ecb65c4d8872
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0304538451a91f1ffe84c26c430307639d5dbbb359c6323e0dcf58727fb902a8f9bc45e3004ec30de256f490b041a5bca22180b9f1f399
+	C = 153f1f8f05382441767cfdbd52ee171fc5fa6bc800bf434c01d407d00e870e0c0e1bc08fc2bc08cb124356f760e00f0482ecb65c4d8872
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e025787afbeed564238ab0085c925bf5c62b51c39a6f493cd1cce715265b55591f11debf267a515b492a98a6fde2329ce9d48d1ed72f51fa6375002bc97fed32af0bce61a47915cc22ddcad5a9667dfe2eb8ad076916c8ecc1190ee3997cd80c699d7066a100d61648979841ca21e5f5
+** GENERATE (SECOND CALL):
+	V = 1843731356e143617501c02995f11e836358277b5a85758a0fa360792984141849222c23c0d676a6a791084c6b7b6463f1fca2e985fd82
+	C = 153f1f8f05382441767cfdbd52ee171fc5fa6bc800bf434c01d407d00e870e0c0e1bc08fc2bc08cb124356f760e00f0482ecb65c4d8872
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 6f1a3286e6b0923adc80ffbe23f302371a00a299b0e1ad55
+Nonce = 1292767ee542151e1464fce9
+PersonalizationString = 0164fa52d58c1ca178fc0822a1891613fa70c6fdd9998846
+** INSTANTIATE:
+	V = f8c121382326581854f39083ba719934e58117ba78012dfe39d32bb4412a86a93749b60cddc65101ab8b0859755c1a7ca96aef6d091298
+	C = c0e7a85038d6acb7cc812ff170b66d8b66ee3b074dd9565991a31ff505c0aa6aa5907087e0c16509cb4b4fd8c3596ea6ee965b99433de7
+	reseed counter = 1
+EntropyInputReseed = 8680c7d22fd600a5cf98314f39437911ddc294abbc75f20f
+AdditionalInputReseed = 
+** RESEED:
+	V = a1f56114ba99c5d6005aa586ded7252c1b2339d68d9522d7f22677dc5e06c639c8cf73d681dce59ce08d215a873baf6ee45a27a2aa0393
+	C = bc6eb7229ab8aa60656b078f2b55890162dee64e059125997c1a25e8cb21e5a8c6170e919cc189178412ebcb535d5680e62e399a077893
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5e6418375552703665c5ad160a2cae2d7e022024932648716e409e3b1eb636d5ba6c4a57f9ff9858fab2d55a98e1377a40f38fc459e489
+	C = bc6eb7229ab8aa60656b078f2b55890162dee64e059125997c1a25e8cb21e5a8c6170e919cc189178412ebcb535d5680e62e399a077893
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 589e96fae3b1ba66ae37c9f9dba1aae5b0f4f70356c92992f8d6221220ca993545e5b95468313ece422f51d94562e7ac21f34acf9b9e1cd93fc21152f7fe85b0fa425cdede4bcb9ece690cbf9e5b0879a50a93d6f78c0e5573998aedb9d63571a70d8f5a13c2f81a91cc366c7a3bbdf5
+** GENERATE (SECOND CALL):
+	V = 1ad2cf59f00b1a96cb30b4a53582372ee0e1067298b76e0aea5ac4d28996ffc6496a42b021145aeb904d0dcfdcacd985e2b3d7ba5afc1c
+	C = bc6eb7229ab8aa60656b078f2b55890162dee64e059125997c1a25e8cb21e5a8c6170e919cc189178412ebcb535d5680e62e399a077893
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = de41ba08b654b0c618ea840180812518be2f7f5b4d6ddb06
+Nonce = 63b2b7435ab41c1f3df23979
+PersonalizationString = 9add706045904d1700bd38334d69277dbdf585aed777850b
+** INSTANTIATE:
+	V = b607455b03b6300e290b9000f144d9b269f015598c60077645958446f90462869a797a12669b52d68177bc5c23761e59d48126276caf67
+	C = 67cc348c6fa922da8a90fe303db8b67aa3fa02deba91ab864cee6afa34312e9ac2eeafd9a148d9f952180a7eac5c1132798ec2e0fbd21a
+	reseed counter = 1
+EntropyInputReseed = c4204ea4cd4fe390847d67de17ecf3da8781570985f2f047
+AdditionalInputReseed = 
+** RESEED:
+	V = be21401e17df9ca012c5ef22602f48849a71917d9f52ae022339db42e0aee67cfe7e074ab64293efc7c7eca22e70de2475ec2ff48ed3c8
+	C = 3150aa18045089d3d394bf293b9504c5c13d3510a6a96e6804b4c3dc4b582139c30ab1febe23d89d39430ffc4baf1c10c00350571e20fc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ef71ea361c302673e65aae4b9bc44d4a5baec68e45fc1c6a27ee9f9391b2ba15463b5abecc29c17c471cbf572a078399015dbb36626371
+	C = 3150aa18045089d3d394bf293b9504c5c13d3510a6a96e6804b4c3dc4b582139c30ab1febe23d89d39430ffc4baf1c10c00350571e20fc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6518fafe0a120ea291e96caa14af9c8693b54e09e411316a2feb8762119eec497dbc84f68e5c1c387968072b9530fd14597667be785cf575bba3d6e78e79866862b68a1919963b003705f1074c0f4659afa85100c4855c9e638b980f49fad0a4f96bc8f082baf7e2c62a0bb66f811049
+** GENERATE (SECOND CALL):
+	V = 20c2944e2080b047b9ef6d74d75952101cebfb9eeca58ad22ca363aaf02f6d50047e033e2392c9457bf98902616c696d3ab7a2d6b06586
+	C = 3150aa18045089d3d394bf293b9504c5c13d3510a6a96e6804b4c3dc4b582139c30ab1febe23d89d39430ffc4baf1c10c00350571e20fc
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = aee74531c9334c70495ce1019249c43858a65e55e4c44bc2
+Nonce = 319f880ecb327f7f101f44f4
+PersonalizationString = a4707743355569cc1dd6dde18ce7b647821d61166caf8b53
+** INSTANTIATE:
+	V = dcb7d99368244417ce61facb8d1c80a2760f1d86a05110dfc72f25484bdee37f17725171778a9b1bbca4fdd44c540cb25bc924deb3f853
+	C = 2df67f0ea40243f1c825fa8be26fe9258b53ff2e7fc0753ce5a9ff2100377b161052507ffd6db6486607632d5414fed6d80ccbb10256de
+	reseed counter = 1
+EntropyInputReseed = bef3ce1783f967118b558ef05f5b39beafaaaeeb6fbde4a1
+AdditionalInputReseed = 
+** RESEED:
+	V = b4c79b8c79206869ae724769ad4b77b71e06df9a78e1c91a55fdbf374b3f05cb74d7602e1e0b0a209ee0b09e55c75310d5b995b74bd41e
+	C = 18f2ce30c5825142ecfcd4f961c288d641e48c9d3fb8c34d7440ea76f7f918372a4a02abc9b6695d31cb7ccb2542b0eacbada23289ac56
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cdba69bd3ea2b9ac9b6f1c630f0e008d5feb6c37b89a8c67ca3ea9e19e21921b15fec3c3774bea386647234481c425e288db0493402d8a
+	C = 18f2ce30c5825142ecfcd4f961c288d641e48c9d3fb8c34d7440ea76f7f918372a4a02abc9b6695d31cb7ccb2542b0eacbada23289ac56
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6bbe667c88e28e94390b1c615814e74184e8c74b4ffd3b008bfa37a3c768a4f4d460a5f34e38d52ef63c4291c25eaa428546e7ad11769240c45e3b4eab278a01aef2a3928f68ed15cb673d17003563ce64ae527cdab4257fdebba1c46b52f9a4306b5ead1632ed391e8068342d46a6c8
+** GENERATE (SECOND CALL):
+	V = e6ad37ee04250aef886bf15c70d08963a1cff8d4f8534fb53e7f94c5f066469b32baa25184441646da869654bd8a1cc1e9f2636b2f02dc
+	C = 18f2ce30c5825142ecfcd4f961c288d641e48c9d3fb8c34d7440ea76f7f918372a4a02abc9b6695d31cb7ccb2542b0eacbada23289ac56
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 4617be4a300ca35d10224b4b9259ad83c271d7768dac8154
+Nonce = cfa4d649c4e2709ede1d271a
+PersonalizationString = 7163efc8ca9e10febd6bfa4b1131794b9ebe1053fb90d26a
+** INSTANTIATE:
+	V = 60d6d0b3ef5dcd6ac5d0a9847fac43417cd137bfc996bf2c6ce0a9e8bd07006bac64b360e3146efb6abce1585dc5109394018502c646de
+	C = f4b31e996851c4dfef3843bc4c8f68baf7a91abd432e79ca92da7f93dcfd799d26b8884fc0e818cd62240cc1f9f7dc30eb8763d00ead9f
+	reseed counter = 1
+EntropyInputReseed = ecd1c895e1f341d26555aacaed1cfa1ff71e64ab2522de76
+AdditionalInputReseed = c4d2a86b21236af447bfbaa4682873892002a9fdb38b15c5
+** RESEED:
+	V = dc9db84a6714b65451001383e8de3589a5c5d80b1d6115387b4feb2a20b117ae8ce1ee7f90fecbeec08d3de4ec8b5cff5079d8e1491809
+	C = c7f56999ba58f401affc3fa3d6891e1cf7fb2cf62ef0c50b95ade92799340a817c0c2f24c11c13bb08ed8e51a87a79e78325ede712f4ab
+	reseed counter = 1
+AdditionalInput = e6c23d90aed598a76a2b2bf3acb16715d16be6d52eed2e6e
+** GENERATE (FIRST CALL):
+	V = a49321e4216daa5600fc5327bf6753a69dc105014c51da4410fdd581ae0e49de1995587fda642f372939eebccb86d44712efb732ba016d
+	C = c7f56999ba58f401affc3fa3d6891e1cf7fb2cf62ef0c50b95ade92799340a817c0c2f24c11c13bb08ed8e51a87a79e78325ede712f4ab
+	reseed counter = 2
+AdditionalInput = 3296c6bb24ce10d08b27a5b19b30a0fd52cedfccdfd78b29
+ReturnedBits = 1c85b0b26bffa602ecf5223ae61e866e286804a3bcc71109849acb7d02d88656acd4c0303327b9a72d1411098463c4a6c34b1a4092441cbe925dcfc70f50ebd3a3053ae36bd68bc62c266d901f18bf1c93548024ac3deb0c0dc570fd7d5aee5d8f7a43e9f1f4ac4a4dd88f2498a8c1f6
+** GENERATE (SECOND CALL):
+	V = 6c888b7ddbc69e57b0f892cb95f071c395bc31f77b429f4fa6abbfd72f02ecaff56c380248c22178b3e61c786eafd8b419699fbd4d1728
+	C = c7f56999ba58f401affc3fa3d6891e1cf7fb2cf62ef0c50b95ade92799340a817c0c2f24c11c13bb08ed8e51a87a79e78325ede712f4ab
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 59a8aef3932b1ac491e8542dadbaf3d724b2c62a3ca22e68
+Nonce = 96a9954dd3894a69808701e0
+PersonalizationString = 961940615dbe3f6351edd3e1fedd02cb430f57b69f21cbf6
+** INSTANTIATE:
+	V = 0fa64856de5e17ed3212bbec711b326ce2d6bf29781374466fc541ce8d8ff5be01637201bc38a42b961578a70291ede20cf8ee274cf930
+	C = 4b73cb05a7b05c50a79166d2a21bb87f9efc24c27a30649bd694531cfbd4a7d0a9e7b1de727cd10289855865409742c4587260fc010835
+	reseed counter = 1
+EntropyInputReseed = 160ad901de5623d35fd7d279b62dc53837ef7927386a4969
+AdditionalInputReseed = 99e82b0211e3a10980ff5db8482a8ba847e7c5b8ace6e852
+** RESEED:
+	V = 6ef0c9308ee2b35a7f7f73442b67ed120c3afc6c5c4aa4866373d28eb438bcb73afb5607a9785e41065a7ec1d23a9b706e10b16b3582cf
+	C = ab7ae34b020d6336340d469bbd31b7b10ebd1addfcac7a5407b997c9622d2dd21ed4e1d423d742e8461bcbdd4edc5bfa8857aa33b573f2
+	reseed counter = 1
+AdditionalInput = b74309816a9215b76defdacd79a7b49030a0c80c407ea1b1
+** GENERATE (FIRST CALL):
+	V = 1a6bac7b90f01690b38cb9dfe899a4c31af8174a58f71eda6b2d6afaa138fca70d831e58a93c28b2274af9b3521132a4f77c5c975f8888
+	C = ab7ae34b020d6336340d469bbd31b7b10ebd1addfcac7a5407b997c9622d2dd21ed4e1d423d742e8461bcbdd4edc5bfa8857aa33b573f2
+	reseed counter = 2
+AdditionalInput = b76c786e9dd6378401ad7f94880b5a604d149fc0f0fef2b2
+ReturnedBits = 64b54cff7161b04fb79631dd7e2aa9c9a03f63d8ee003c38d3aed6c264b79b431e6f568a21ef2c8e47e22bacb3a9391e9c161b89503dc25c51fd55e3c0e32076b50172d5d851318a42111fb5d846aca592cf3a2e9cc29aec2f19ea0e90d0aac8f130aa332689c435a64673c64c012a35
+** GENERATE (SECOND CALL):
+	V = c5e68fc692fd79c6e79a007ba5cb5c7429b5322855a3992e72e7033d7a68c9d9a75007994cbc41c41f2a0f13a8cebcb5d19313e8da7caa
+	C = ab7ae34b020d6336340d469bbd31b7b10ebd1addfcac7a5407b997c9622d2dd21ed4e1d423d742e8461bcbdd4edc5bfa8857aa33b573f2
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 25f5d0cf5a689e597234dd50f12e655a8e6d39a16ad1bb55
+Nonce = ed923f7c90725b56862addf9
+PersonalizationString = 558be30ab907a1d0c995f82d39f96a8f22f471f717accfab
+** INSTANTIATE:
+	V = b58e16bcac27fc48627c899870cafa7db93277bf9ca0f622f676284505fe5c2b0efae44059ccbcaf731f887bb949fbbac0351be32a7f91
+	C = 82c34615d64bd77defefa8042ed27ca3354487d3180d067ae7852ef928c5b406f25e1238254091957c35efecaf39fa3ffe1d1e7d9ba847
+	reseed counter = 1
+EntropyInputReseed = 31795b133aa7c391ae6f09873d900f8f454ba3c9dcfc62e8
+AdditionalInputReseed = ab37b54a0cfc94ef20719ef9d2ce78c5660e7d2b9ad91a60
+** RESEED:
+	V = 6c3e2206f13b8490fb0b46abe609a02d8ff845a33b9eb4e68ade7de959e2b6dab9572e432e01c99cef2eb7a2f1d0dfa774e336d55caa25
+	C = 03dfb3b480acd384150b778b81c34ea600d7594511c1dfa5212acb5eb16efd251c77ba449c8a52d0baee99f0c03df731e57b1ab9c90f89
+	reseed counter = 1
+AdditionalInput = 2fa921cd9645f6a67540203424fe0f43c14f16a78a4c8e96
+** GENERATE (FIRST CALL):
+	V = 701dd5bb71e858151016be3767cceed390cf9ee84d60948bac094a7224729788681fedf5337da66c619f580007115d7fb096709034e4d5
+	C = 03dfb3b480acd384150b778b81c34ea600d7594511c1dfa5212acb5eb16efd251c77ba449c8a52d0baee99f0c03df731e57b1ab9c90f89
+	reseed counter = 2
+AdditionalInput = 719b92949e9c99e726c152e4ae2a5bbfe35e7ea308fc26b9
+ReturnedBits = 6a8d802229ccfc18a635725172b3fb79f54673ccd5787ba245468d841c1b8e3d9598cfdfcd2b3934d93aac7ae9ca326821db5d2a7ae3bbd17433cc4741094f977fb08d26b6deda10064977cc5c1f87f17bc82ac47387c2abf33eac743b53ac7f5c2ac0beec634d328f27ee9005d18936
+** GENERATE (SECOND CALL):
+	V = 73fd896ff2952b99252235c2e9903d7991a6f82d5f227430cd341744816bae043ea8a3b9a29f9b34f673093e57e0b4e055111d73977997
+	C = 03dfb3b480acd384150b778b81c34ea600d7594511c1dfa5212acb5eb16efd251c77ba449c8a52d0baee99f0c03df731e57b1ab9c90f89
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = d6803c591e756aa371fd58342021592b2727442d3f47e9d2
+Nonce = f9c207bf88e548bdf0f0be38
+PersonalizationString = c5e5d55a6e3f0f63013ba908777a134e30b5693d785c364f
+** INSTANTIATE:
+	V = dd537973ca176f49f504ef65e7a9705e80dc1ac2067d4e9095b38fc448d4e4efad52129d623e9a5906fe36878e355cd2091d6822b33dce
+	C = 8db60ecf8ab41e8bce64e6b169df11f9fd5c8f28f289da0369a6f7eed0bbc41ed5c8cd5e4ad8c82fff26c357dbda5705e23afddd60412e
+	reseed counter = 1
+EntropyInputReseed = 4367756100a29fda1ff383242bff371d50cbba0b9eac2dc0
+AdditionalInputReseed = 36dfc1704eafbcfffa31405b20a0bce6cb45c4b1d9b8b61e
+** RESEED:
+	V = 3360752f95526e74d20805e0d16a58646629e0e5cd556a4382f69e1767c8a7fb5781b85076ee40c3ad0df34e1337821b6eae7214281e17
+	C = 6161b72f95efd73b6beda78e817477ca5464aba1e28caec0c8d336670e3e439c5c9f33717051b4b39fbbdd9c1aa692523ca00230a75724
+	reseed counter = 1
+AdditionalInput = b1bf3f8577e7d9ed05e4f6292d987e46843a8350d4202593
+** GENERATE (FIRST CALL):
+	V = 94c22c5f2b4245b03df5ad6f52ded02eba8e8c87afe219044bc9d5b6cbced99a8da701b4584626bc49a80151e85b1daab74bd7735a72a7
+	C = 6161b72f95efd73b6beda78e817477ca5464aba1e28caec0c8d336670e3e439c5c9f33717051b4b39fbbdd9c1aa692523ca00230a75724
+	reseed counter = 2
+AdditionalInput = 36d7d9d2d19ec8c94957f8a6fc814119629d49631330421d
+ReturnedBits = eab708f4ce0cc0ed824db20733a6b9f33f3eca2abfe774c958c1b6d5a2c383e48032324d2f2a7224c4e484ba62e7a7ebb3a158906bf43a3df748212347d120c0852264743ec90106553545ba339a78506c59f3abf041184061199dbdcb2f559cf2dbbab03c8a660ae668b0f865a654d7
+** GENERATE (SECOND CALL):
+	V = f623e38ec1321ceba9e354fdd45347f90ef33829926ec7c5149d0d03b7055abeb8c85a505f599451b9742b506afa6b5525bb67aadaa1ac
+	C = 6161b72f95efd73b6beda78e817477ca5464aba1e28caec0c8d336670e3e439c5c9f33717051b4b39fbbdd9c1aa692523ca00230a75724
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = adbb274b3e4114151ef855beb0302b21cdff76fc426a1a51
+Nonce = fc4d9540f91ef6db5fdc19f9
+PersonalizationString = cd046ca2381fe42685258eb5c972897e8f0e2f268f13c5c5
+** INSTANTIATE:
+	V = 45c5fdc565d1d342a7497ede5ad4184c28b15bd1c436503b0701554d1943515d757776b10da143b5633c448d94ed9dc0ce2e7f6145fde5
+	C = 8a4c2985765e456da78b42de148be8417a72d64d5301639a241648ffbcb2bd4928e080d5bdddbde718ddf69908f79b1f16886800f711bb
+	reseed counter = 1
+EntropyInputReseed = ae7775c8dc6444d03ebaf3960ec35b862961a7a16358bb4d
+AdditionalInputReseed = 945f0d05a6408a5375b5934a06361876c972bdc38767ad40
+** RESEED:
+	V = be1ffabbd5ebe9a014f4586cae7fa1eaf75fe483bca17f97cb0f391d649cb1cca1b3c1f9189fd33408c230b99054d79a91424acf2d3fd7
+	C = e3a677e905e355a7cc521ff4fad1e2f767f3188855bbf3ac22bea030440db68e91280b2587255c36f4a98f42f9f8c70b75761c70eb3525
+	reseed counter = 1
+AdditionalInput = 800163f7f697e5c9f97a14dbf31e72ea88796bbed8d741a4
+** GENERATE (FIRST CALL):
+	V = a1c672a4dbcf3f47e1467861a95184e25f52fd0c125d7343edcdda101f3a132943e397c0379776e3dbe22d2d1ef9f2defdeeb6252623e0
+	C = e3a677e905e355a7cc521ff4fad1e2f767f3188855bbf3ac22bea030440db68e91280b2587255c36f4a98f42f9f8c70b75761c70eb3525
+	reseed counter = 2
+AdditionalInput = df3f3f6c69aa40d5c9d2f3ba4e6899f62c20b71677610ca9
+ReturnedBits = e96ec8c929fffd55f57abc4661a6b29cbc242679b72b4ab9976c5be9b82426a22cbfa70061866bc3678fbe07c576007ae08f95fa77a37b3923b76ffd52a2844b8a6ad6182601c8e6a449f0e7fc1fcb69bd09bd47981852ea2906754d41754b82a3afce212a730069fcbdd28a46b70aac
+** GENERATE (SECOND CALL):
+	V = 856cea8de1b294efad989856a42367d9c7461594681966f0108c7a93f69e5fb6ce3a8b743dca7ae08928d4e480e4e194e7cdc2694d8819
+	C = e3a677e905e355a7cc521ff4fad1e2f767f3188855bbf3ac22bea030440db68e91280b2587255c36f4a98f42f9f8c70b75761c70eb3525
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 722a7a3f82dcb209e07e67e7455dce1b8d98b34c66faa763
+Nonce = 425988aa7979bfdbfba4d980
+PersonalizationString = ec1252ffb3ef0d998694a420c1f6176bfe6787e6468baa57
+** INSTANTIATE:
+	V = 4e0555c99daa60b14f4ed75b68456f9835718d50212563422c5650a1296253f99c4c55ed0e1d133e104eec5b087ca5dcc25d669a7d9eca
+	C = dcfda006360fbf317533275d4fd3dbd2e995042abd5fd56bd7be294208e598d913ea9ebc24ca460e63cf545799e369d2989c3369ae02e4
+	reseed counter = 1
+EntropyInputReseed = 340488817cd6d934ea51960241a5fdd22257c55473ba9275
+AdditionalInputReseed = 4da25e56ef5f1d8125522dc36749a5f9eb4799282439d13e
+** RESEED:
+	V = f080f35ceb518f9ecac90a2340c2362910d7a4cbc1671fd0a0c5c1dbeb259b9c9092355c19114e54c7c8bb53e66f4e9722ad86ad6efa0d
+	C = 48fd8fc855c4be15189ed06dc2e8f5f65bebf4311eb6bf0d951d1aa095a1d2043002fd8c2d65150263aecdfe88ed71e3ccfcb1ddf8dc23
+	reseed counter = 1
+AdditionalInput = 7d02b1ebca5e6abfd15b367a543367839394c4a9e5d0a413
+** GENERATE (FIRST CALL):
+	V = 397e832541164db3e367da9103ab2c1f6cc398fce01ddede35e2dd6311d02b9a2107e36a3d0ef0c4a40d4d8abebf49c675dacbe4101da8
+	C = 48fd8fc855c4be15189ed06dc2e8f5f65bebf4311eb6bf0d951d1aa095a1d2043002fd8c2d65150263aecdfe88ed71e3ccfcb1ddf8dc23
+	reseed counter = 2
+AdditionalInput = d37180a4f8f28b0866c5a9a48e647f537cd045c664d7562e
+ReturnedBits = bc3990c0db906bfbc3d5cba975c48b916d720c214b5582cefd9903419f82051567d79111692fe5843697b3fceb80a6e941ae7cb2147eff124143beb693e2aa1973c68f1bb52817bc9ea35743be1d1a5641fece4cbd3f48fc65d06762f96e9fe3aca50a2444d47865262b6df2980c532a
+** GENERATE (SECOND CALL):
+	V = 827c12ed96db0bc8fc06aafec6942215c8af8d2dfed49debcafff8bbad7672663cf9010d828b8b3647459c802039361a7781a282cfdf07
+	C = 48fd8fc855c4be15189ed06dc2e8f5f65bebf4311eb6bf0d951d1aa095a1d2043002fd8c2d65150263aecdfe88ed71e3ccfcb1ddf8dc23
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 50363290b4e9c69dfd766af67b55757d7c61379fd7930119
+Nonce = 8b9234fe29739bbd8c2742c4
+PersonalizationString = b1e024b1e430d217d05be5f89225ea49f83b0aeaebebc98b
+** INSTANTIATE:
+	V = 740d8ef7961fff684306e6915f8213c1943dd2bb55657ffef7d05c984f0c1e8b39afaaafd1bca8db240d71a750a164f631d352366f4234
+	C = a9694b05910d3121fa1f4db5e0172bd503ca1151d2cfa5840a26a3297c390d527459dcc81c64c43700f81252479556e5340ab01f43f3b4
+	reseed counter = 1
+EntropyInputReseed = 5175ad24caaeb3a44f110c9ccdfb6e452a54a3636de60259
+AdditionalInputReseed = c81416f4500f322192619e478985e72a01aa8162a669d21e
+** RESEED:
+	V = 3b53361e2bedbaa8b4c4eafd27ee262a93f4b9ebf65da865499a663d42b3c791774a6419c19eeaa0a63809636999fa2fddbe012ef84d9a
+	C = 5b998e3495798985e127444b4a22573765054e9c62b7f9e240618dfb5c4640709c3b9f39a76ff160f96d43e0406dcae964b16f8e56ccb8
+	reseed counter = 1
+AdditionalInput = 4c9d3d96daededd453748476411757e37f7120861e4b6559
+** GENERATE (FIRST CALL):
+	V = 96ecc452c167442e95ec2f4872107d61f8fa08885915a24789fbf55a8eaceb2b6cacb4c5376c274755dc01a984e1454a6247a5d0c91c3b
+	C = 5b998e3495798985e127444b4a22573765054e9c62b7f9e240618dfb5c4640709c3b9f39a76ff160f96d43e0406dcae964b16f8e56ccb8
+	reseed counter = 2
+AdditionalInput = f331de9c8ae671acfbc55c84625ba384a3d1382698353aaf
+ReturnedBits = e67b1dee73db5779357da0f94184c77694d5342128a686c17bb0b1ac953c234c808055060d532ea3680b8cc9f6e9de19e7b7e305ff511aad6095d24695b0c0584bcff945796bbdd774088e2455a96a525d301321cbf5398cebaa853172f4e9232eae46b560a546a899b2ca26840384ed
+** GENERATE (SECOND CALL):
+	V = f286528756e0cdb477137393bc32d4995dff5724bbcd9c29ca5d84259efc2ca8b245c735fc96b602b585bdb9eb1a7622cad7deff34aab4
+	C = 5b998e3495798985e127444b4a22573765054e9c62b7f9e240618dfb5c4640709c3b9f39a76ff160f96d43e0406dcae964b16f8e56ccb8
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = ebc330565af8b37be487313d90385d4cb1eef4ea099f0ece
+Nonce = 66ccd0bc522cb4d5c2ea0403
+PersonalizationString = 6d375d50b630ed2d967d43a0e0fd9f1ff1cb14a96f45c028
+** INSTANTIATE:
+	V = a9a7d02ce8434094297366c43d438e9eb4f0429a8c7e9835b40ace083ce4dd58d998a86024fec54344d4258f1fd7f2bbd9dc08a2384833
+	C = 7aaefdc6e715b19be3b738019f492f0d2fd82d100466a2697f51fa94331ca4e60390188b26565b26715205a19224aec571b9ce0deef60e
+	reseed counter = 1
+EntropyInputReseed = 17eae9ae482eccee3a7816f0839e56eb709d25b5fce4d5a0
+AdditionalInputReseed = 06ff033e96511e0a8d12dd6fd1ac34da162328274e1dec16
+** RESEED:
+	V = 699da525e04cc9356ae68441d3b72dcf07310918b9b1a0d23ce3f4086562ad8b135cbf1d1bb84d9044103311eef795a19cc5df020adb9c
+	C = 65ca8e12454b0349b14a369814df47e797fa3a723b3ec66f8da4ce81a57d82c8b153d42a7d65c1afa8c121d459eeebc3800a384c3b26ab
+	reseed counter = 1
+AdditionalInput = 4c0424662ca10950f191a539dbeb804c91c6e919e52cb6b3
+** GENERATE (FIRST CALL):
+	V = cf6833382597cc7f1c30bad9e89675b69f2b438af4f06741ca88c35def6a3e04595eb575346aa0358d198bd7e352cf47d6488b47a858f4
+	C = 65ca8e12454b0349b14a369814df47e797fa3a723b3ec66f8da4ce81a57d82c8b153d42a7d65c1afa8c121d459eeebc3800a384c3b26ab
+	reseed counter = 2
+AdditionalInput = 1fc2eedee9fb3669a89461b73134629640e95e52407c9b1e
+ReturnedBits = 656f6b390bca030b029c9989965d0ccd2dcf7fdee0c3cd52e78c20b7806c71ad935e5d8e8206a230d9b2260b637a37911056c3d6ad75761186931e45577ff6aa29f35e41964a7376e7d0abe5737508782e254e0accbbd1c207e9076437a9217066bcc41025e8bcfaff04ee061d613b19
+** GENERATE (SECOND CALL):
+	V = 3532c14a6ae2cfc8cd7af171fd75bd9e37257dfd302f2db1582d939632cec18f6e88c275be9fabbc5855b4d52dbb346dba2ebdbf7fc176
+	C = 65ca8e12454b0349b14a369814df47e797fa3a723b3ec66f8da4ce81a57d82c8b153d42a7d65c1afa8c121d459eeebc3800a384c3b26ab
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = df9c4ce0b551d4cbfb5d54de4f872c8d2ecfb5ca9fdfb6d1
+Nonce = 604e29e3b0b27cfb019f9e83
+PersonalizationString = b0425421c612e95faab5b009eb85cfb666db526d5d62eee9
+** INSTANTIATE:
+	V = 2c11a35653540df0ee2db4ce6803fef75b0e5a0e7c5f9bfd518e4bd9ba2797bf62010fabc7a34ba64473f6d7599686e3c721e0e1ca10a2
+	C = 5d5fb7f83424a54ea962a264ecc3dee125a92ea0a7dccbb1e9812e1ea6e50d301c106afc4b8f184387d992401464bf288624c330ed3b8f
+	reseed counter = 1
+EntropyInputReseed = 9f46b356b3dff8cfda4457a1093adaead07e0baf0bf16a50
+AdditionalInputReseed = a14866a7672796fb73b9a99ca44ffaee4374e7d82ed68768
+** RESEED:
+	V = d579c86079f722cd1f1b30b508b36ceece5d48aa3d19d6897886d21118889b871cacd79a98c41af29ba6dd7f20af2c36204adec6ff8ad7
+	C = 596ef75719f8e663466b24756f35c37b00e5b42a1d7be94c327b8fd451877f983ea41b3a12917dcd34e4bd99d216086dd158e0df7da4b7
+	reseed counter = 1
+AdditionalInput = 64a7249204bdfcadf36be265c122bc80efdf31ef70cd5e70
+** GENERATE (FIRST CALL):
+	V = 2ee8bfb793f009306586552a77e93069cf42fcd45a95bfd5ab026370033a0c9cbafe55b78d0128d4111985d3fda5b25985a140567f66b2
+	C = 596ef75719f8e663466b24756f35c37b00e5b42a1d7be94c327b8fd451877f983ea41b3a12917dcd34e4bd99d216086dd158e0df7da4b7
+	reseed counter = 2
+AdditionalInput = 61e8e958d9f4a0b8765bb1f9a57ecdd423f21e456f033e1a
+ReturnedBits = 0ffe60e0a1388fc69a7342c165f9ac0b78677270ae752629958a1e44d10cd03bed623e2a787be02abb0c3530738a7fb43de537340acfd9b1f3c06296e8acde8a0136d16246da03f62c3ce8f44704d86f54b50694d7248cde7d4743699f9625d689dd39e228af6269bbabe0e6fa32a20d
+** GENERATE (SECOND CALL):
+	V = 8857b70eade8ef93abf1799fe71ef3e4d028b0fe7811a921dd7df388cbdb804c388ede271a6eaf4c180c8f6973d9a8a87872f2820e227d
+	C = 596ef75719f8e663466b24756f35c37b00e5b42a1d7be94c327b8fd451877f983ea41b3a12917dcd34e4bd99d216086dd158e0df7da4b7
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = e97cdc3911015f6ba49c02fa251c1dfc7439949a81455ba1
+Nonce = ec76d6252b3ae7b6ca0ee7e9
+PersonalizationString = 68edeccbce19a4f0c786e76315b20e277376129b954cf39f
+** INSTANTIATE:
+	V = 8e986196869ff54a8a80bd9d6ad7886ae0bd2326cab76becf10c6e897b1bf438c73f148bbcd879bd42a90d73bf4cda86a860a4870141f0
+	C = 96e141bd373dcd6d97a32db135bcbebeb0ebedc0b57470ff1e588744651f7f83a0d978180bd659d8835e26e9df7a1bd2ebb19b239546d2
+	reseed counter = 1
+EntropyInputReseed = bc38e84da955be0efc583b81453eb5fe1a4673bc7d5fa046
+AdditionalInputReseed = bb70d8d370ffb47c2ec9c9b823dd1832d027a46d975042d0
+** RESEED:
+	V = 1fc4c97a5b9f66b0802114b0e8e37aac53c5981882d31bbe3b9bb7ee9bccfacc1031364992804ac57e386da99f89be6f66241839a99d8c
+	C = 306d9fe016f0bfd31baaf42843efa2d9e4a9af253e98cd4a7139ab36606b93b8ef8c04f8699766aee0c28d8f882b10868afe41560f53a4
+	reseed counter = 1
+AdditionalInput = 02b9b11076da195df7ef3be3b5c1fc406faab96cada458f3
+** GENERATE (FIRST CALL):
+	V = 5032695a729026839bcc08d92cd31d86386f473dc16be908acd5647c1a229547255f62e0385b307a53e60d6fea0ae27eabbc00d3cc174b
+	C = 306d9fe016f0bfd31baaf42843efa2d9e4a9af253e98cd4a7139ab36606b93b8ef8c04f8699766aee0c28d8f882b10868afe41560f53a4
+	reseed counter = 2
+AdditionalInput = 453f58d228c526ba46b1620b2d584b8a91174300040f3912
+ReturnedBits = 07f97c3ecc3889894805ec531a6e218ff02ef3417711d3fdd591a8ea836ce75b24d87f87dda3506da2831d27e7d49aab88092d72df12197153c78fdbd9b82b9e99a9186630921b241edd333206815cb068bfca91162020bad55d7abef4c481d77b0ba4498d4ac9c60b3d1122e8df5609
+** GENERATE (SECOND CALL):
+	V = 80a0093a8980e656b776fd0170c2c0601d18f6630004b6531e0f109f5deafad1e83526096ce962633c9bc873c8f3b009ae6784c0d0806c
+	C = 306d9fe016f0bfd31baaf42843efa2d9e4a9af253e98cd4a7139ab36606b93b8ef8c04f8699766aee0c28d8f882b10868afe41560f53a4
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 554b4d1c9d8b37ec0e985794ad677a3885971bc51339642e
+Nonce = d024520a2ea80649888e0235
+PersonalizationString = 57811afc75655418fe6b41bec5ce0ac6b85a4709427b462a
+** INSTANTIATE:
+	V = 7d1ee46d3897457f5b0d44c3fa4d22114e5d6e3ff80788865046535a226216e70a6d3a9e33be641a335a56d03235ffd813d9ed9b06797d
+	C = 045a485d30105952c0219764ce8f2d53db2ec11d849447803486cc845e6c0509e53a84e76f473fe3bb474d1f49b76a93b819d8d806030a
+	reseed counter = 1
+EntropyInputReseed = cd831f875df850eae085be04dd62120d92dfd4bbe8480278
+AdditionalInputReseed = 30759411e3a78498dac81fda2d229b5c94a1b968fa7030c5
+** RESEED:
+	V = 0eb5367974f33d8dbf8f52e35977ae6658c8b69c569297381b19945edc9edac146109cc90db4a23792c1a746429dea44ec56265c8572d0
+	C = 0037fea47b12ea3bb0949d4dd35edf9094fd018a046097edbb7a80f18852cbe57c4296dd12d939997c7f8abbce6e88f9fef1570b246603
+	reseed counter = 1
+AdditionalInput = a79430618415596286495b11010cbc4bea9bddbcefc0a098
+** GENERATE (FIRST CALL):
+	V = 0eed351df00627c97023f0312cd68df6edc5b8265af32f25d694162fa67cec1ab4431aeaf2f5a0451b262c677605c1ec3d192c5e4ee893
+	C = 0037fea47b12ea3bb0949d4dd35edf9094fd018a046097edbb7a80f18852cbe57c4296dd12d939997c7f8abbce6e88f9fef1570b246603
+	reseed counter = 2
+AdditionalInput = 5bc9cc19b1302ae01a5d94134d41d88d8645f1e8646acdb2
+ReturnedBits = 2e8047f3c2a3d419d5ff4b83eb4168176daeadc48087acb821921cffcb03ffafe74137b912910f3eed6826867dc36ac67451dd1676a65cd9903184743485141f56503893543e5d3269b9bf5fff67004bd81d6592e5a6736994544b79e643afb8b193ea461ab9a87a5bc8f7087d8a265f
+** GENERATE (SECOND CALL):
+	V = 0f2533c26b19120520b88d7f00356d8782c2b9b05f53c713920e9819e7a4d9faea251870ba9a6195fe72b9f49ddb77e72e932aa1aef598
+	C = 0037fea47b12ea3bb0949d4dd35edf9094fd018a046097edbb7a80f18852cbe57c4296dd12d939997c7f8abbce6e88f9fef1570b246603
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 34c8953e7ad014c75ea3265f520ca193b30e6eee4bdf3ae0
+Nonce = af1084ffac14685dfaccf0ef
+PersonalizationString = fbb56eae2e6bc87208f6805bd148b63d2b03452c5cdddf45
+** INSTANTIATE:
+	V = ae3abdf0bb2a695eb4f9fb9cefa16f03c490061869d560ba3ca2b2a8cbb9f6069570deb7cf13358f1a581ed6e646d6a11ba38fc98b4f26
+	C = 97257afdca918b0e366d6b520f4d98a316f83ec7ee2aabd1ae777d4d30e84d8ab4509a1f05f771563869a3b88ced9002dd816550099549
+	reseed counter = 1
+EntropyInputReseed = 7603b97540351b97c1607abff96d18a77a1d8cf3611f10b3
+AdditionalInputReseed = d4e8102516d0d4b6bdbfde91b0198c1910f25e0a5a9a87e3
+** RESEED:
+	V = aa291780a473b01a84ccbbeee8d880fc8f85096ae2a335f57b64a596afd5ad026d1b0add6ac7bee5287e920047903b700c780593cf6360
+	C = 4c29df5b70ef30b8480a40385d80c42f99d458821453282be390ba66bd34ada8458a43bdcd6ed8d717ece436b6d2afb71f7acb740093c4
+	reseed counter = 1
+AdditionalInput = 32c22b5193641b5d2574459d152d8fe92d9066add84ee18c
+** GENERATE (FIRST CALL):
+	V = f652f6dc1562e0d2ccd6fc274659452c295961ecf6f65e215ef560cc94f9ba39a64a9ad69e57f9e6cd5a1d2c7b08d3f5dfc7b869b7c8ea
+	C = 4c29df5b70ef30b8480a40385d80c42f99d458821453282be390ba66bd34ada8458a43bdcd6ed8d717ece436b6d2afb71f7acb740093c4
+	reseed counter = 2
+AdditionalInput = be25fae715bf9709562d6770de1d1ce29eb4caed184c12fe
+ReturnedBits = 0c2b0bd9a58cb7db93e887dda8c0cd8fd5b49ad3103049b38a15cbfb321c2b4bc100777549938dbadfbc1dad21c760e67f256c76f8ba5cb0af5ae7626bcd272786908bc89271c822a67e2abb8a691a0adf7143f9efadb1ae4212152349c34a73652f889d0fda77869c1af0dc85c2cdb3
+** GENERATE (SECOND CALL):
+	V = 427cd6378652118b14e13c5fa3da095bc32dba6f0b49864d42861be5e440a4c1327ef486fe23cb0554845067f2f438f61dbc381b4d8520
+	C = 4c29df5b70ef30b8480a40385d80c42f99d458821453282be390ba66bd34ada8458a43bdcd6ed8d717ece436b6d2afb71f7acb740093c4
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 7cec973b9302ec919e1df8127229d2b7c2f39280c2e4e309
+Nonce = 3764c7ae6ac644ef015c3afd
+PersonalizationString = 98f9d53ad8eed4c12a0db269ff02322f18bdc14310942d3d
+** INSTANTIATE:
+	V = cedce5cef01d6742cb3948e8b4f673bb64f01d260cd3fa50450042bb0e1802beac2ffdf9ef71771ebcdeeb9a489b77c0d27e3cdc13b456
+	C = 7a21b52dc03301c68aa1fb8beea23160e4700e5458ac663c329864e999b3ffbdb0889717644f0edc6f7817e692d7afc552ca0d75416782
+	reseed counter = 1
+EntropyInputReseed = 7338c051de6764df8595ee9656c870be0e79617692a3aaa3
+AdditionalInputReseed = 29592fed8f40f5ae073172308c50ea5795b5bca8a64f1916
+** RESEED:
+	V = 6ff92e35b8f2aa1b6337575efb659f4bd30e10d20e7d27bc493c3a634fa7cd3590aae6e0102a07ac12f91ab5a615c01411dc294ae42f07
+	C = 4b619eaf8d9581b77a1b1c4c7096b30390de5dfb4028ca5fc57761b0d06cadd69dd441c442561729e80c243349aed881b4c502c8ee28c6
+	reseed counter = 1
+AdditionalInput = 2b19ca40c58974f2224dfc6074889f29d21689a50c899ecb
+** GENERATE (FIRST CALL):
+	V = bb5acce546882bd2dd5273ab6bfc524f63ec6ecd4ea5f21c0eb39c7ab9edf8851a173be252345d28e6cc3b8eb0d98407f664d5a850f8da
+	C = 4b619eaf8d9581b77a1b1c4c7096b30390de5dfb4028ca5fc57761b0d06cadd69dd441c442561729e80c243349aed881b4c502c8ee28c6
+	reseed counter = 2
+AdditionalInput = 02e91b8813ef852dae28d9f9e9caca430ea8d223029b6ece
+ReturnedBits = a80ec61199e5cd1e096ae74ffab5c68cc4dff21b0d3e93ed2cf5b7b0573a2b320135aa3056906062e9c211d0af6858b594f9e6f45b515dee2e6d5237ff0973f5bc61dc1296e23acc68f8308a9cc7deecfd820d984e89a3c5ba354247375c6ac6145c890ae27aa0732abaa0665b1567fd
+** GENERATE (SECOND CALL):
+	V = 06bc6b94d41dad8a576d8ff7dc930552f4caccc88ecebc7bd42affca10b053f7dc931ecccb92a89a4767757dc25cafed8704196487a420
+	C = 4b619eaf8d9581b77a1b1c4c7096b30390de5dfb4028ca5fc57761b0d06cadd69dd441c442561729e80c243349aed881b4c502c8ee28c6
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = e463ce95fce1f164738158457e2a76f80ac8d2a6149594d0
+Nonce = 679175b6abd03ebf008eb87e
+PersonalizationString = 7fa21773b0c842748085e7d0494278de315a489d4190cb36
+** INSTANTIATE:
+	V = 601bedf9288e47ef8fc823a581fe488a0a0a8aed6da34c5fcc8c8634bfd6a4d59d31a00e01f5897d5cdcb5089070a9845c11d23d9983d6
+	C = 7ca5e37b4e5123c55253daf38c6659edf8c570db7ecedb7960f424cf05050d03fb3380f55a3ee6e2cbbdd6047f71e91fae21a7b2b4de71
+	reseed counter = 1
+EntropyInputReseed = aeed449a9dce56201795b3f0e9db6ff2d95c1ccacb56369b
+AdditionalInputReseed = 0fa1ba8284e2d58a5702d3927762aecdf7dbf5f25a4c4f23
+** RESEED:
+	V = b4a29b09fe11dc2edcd5cbc094c2d6328626e4cb6c4fd19e70fedffa381d13fa7bd41bdab84c1f33b1177d31e9a94b22a2642835f96e1c
+	C = 791ef4d483f6e1cad924c1063fee9d2453562cf5c0a4d1fe1359e133634f17a248c83dcd8099139e6cdb46edd703cdcf6b59afa2c8fb98
+	reseed counter = 1
+AdditionalInput = 912c23b384a1816550aff6eae59e0b897fa084f9b7fed7af
+** GENERATE (FIRST CALL):
+	V = 2dc18fde8208bdf9b5fa8cc6d4b17356d97d11c12cf4a39c8458c2011e2546af7a6102f55fe73f52a2d5fd82b3158bbafced890b1733a2
+	C = 791ef4d483f6e1cad924c1063fee9d2453562cf5c0a4d1fe1359e133634f17a248c83dcd8099139e6cdb46edd703cdcf6b59afa2c8fb98
+	reseed counter = 2
+AdditionalInput = 275c24f679753107a4bef15bc9278f6813c0ec1c49d91759
+ReturnedBits = a9c06dba6f80be04144032f92ef9294897c2951b395db8d64b62f71e13b22471c59fc3c3d496a5feca30d87d16e4d2feaa797b436444319e990128fd50cd6f7821c90db101afd877fbf061cee2ac46d7de6b1547ffba010be9345200af2d7e5076253274d417fc6e3ae018ab52e871de
+** GENERATE (SECOND CALL):
+	V = a6e084b305ff9fc48f1f4dcd14a0107b2cd33eb6ed99759a97b2a400d060c7e8890a05ffaad53c0e7c126afdcfa0e86f97054b71f76aa7
+	C = 791ef4d483f6e1cad924c1063fee9d2453562cf5c0a4d1fe1359e133634f17a248c83dcd8099139e6cdb46edd703cdcf6b59afa2c8fb98
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 1552d8ea865e6a061487558eadbef3de8e86b86e4a3e7f1b
+Nonce = fd1b06c1ee732ef8aee69ee4
+PersonalizationString = 5db001536f3841b37643657536e9ee30a339e322505c902e
+** INSTANTIATE:
+	V = bb48506111030a36a3edbe7f9637b7c9ac88915815e3fae83b3e69da2981bc6576e9b171dc7c2f1283adcc4a3352496c2175cbe2b26dfe
+	C = 2b8de17824c821d34da88e486e73374b299d8c625dbb77d7ddce3de6ab4f33cbcb95419a8009370ff375b56a72aad8931ce1190022f0b5
+	reseed counter = 1
+EntropyInputReseed = a488d0207e57b4e816a931b6651ce0359c46d6b25a7a3fc5
+AdditionalInputReseed = 2e6035f3136561f9d132a9296cc521fd36ee7c4bd7986e22
+** RESEED:
+	V = 1dbdf141a9b3929a73c7b9db40c021ecb0866f7b26c836bad8c4671f805a2feacdf7ac60bf2d3adc1f385c9e72612985908a287371acd4
+	C = dcc5805f9652f7342fa4ba400352ffaad6aa2ac623aa521842333b655f88458566528e01e3cf410057d4b8af81f12aefd71064db6eeb79
+	reseed counter = 1
+AdditionalInput = 1d68feccf638852d884e503d35094a6c803c2b1c22cfe1e0
+** GENERATE (FIRST CALL):
+	V = fa8371a1400689cea36c741b4413219787309a414a7288d31af7a33451758d8e0d926801eea796f4ef924c583d5a8b33be394587e2bbee
+	C = dcc5805f9652f7342fa4ba400352ffaad6aa2ac623aa521842333b655f88458566528e01e3cf410057d4b8af81f12aefd71064db6eeb79
+	reseed counter = 2
+AdditionalInput = 9bac00c0729c3fd8b4662db75154a8d2722ad02aff2d769a
+ReturnedBits = 1afc4b6bc25998615b522c910626dc3fd8cd63f7eff280a3861863aa30809e60ceab8e5c3a97d0fcd581164f187e4a4110bf56d3db3fe780e1f30eb9502b4ffeb46a57efd47c9f3e043b3c1a9693ff059ca89b8f43665b69ddcb151152933723954218391b6fb59b52eb99cdeb01d482
+** GENERATE (SECOND CALL):
+	V = d748f200d6598102d3112e5b476621425ddac5076e1cdaeb5d2adfd4ec28fad64633dbec61cdbfc8182f85f3a1d4de36ed982fdee5ea8e
+	C = dcc5805f9652f7342fa4ba400352ffaad6aa2ac623aa521842333b655f88458566528e01e3cf410057d4b8af81f12aefd71064db6eeb79
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = ba72b04282dbaf8662ff8412c7e0364df6251626f0dd5926
+Nonce = 367d5990c43cf924f4cb360d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 28abf83597b157cc2d47d2f0d1551edc57a8b0da75b309144657efd08d4d74e4a817d9e7eecac354b6c1982e0a25b27f010f7315edc253
+	C = 9fa37de2098a9a8ecc76201c4ab46312989ae6fb6478f05cab71d4e64be9034dda9915e263a647863518d0670bf4d098eef5ed6724fd01
+	reseed counter = 1
+EntropyInputReseed = c05604dd53e8bfc465491f3941ee86a49ac06c7085aa26c0
+AdditionalInputReseed = 
+** RESEED:
+	V = 7b1551b4a6445b0927da7ee1f2531027c462ca1bd79cdac9a7034ca2c21d84449cdda81d8fc044eea9af900a315a9cbc0020a5bd6ab479
+	C = ea4f880fc4ce490ef2e2266186b8f1e029332b9e414a2d3b3a18f1bf482947fbd1b03f9b84f55b1aaa5e7ffd663d34db536e5d0d8b8bf6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6564d9c46b12a4181abca543790c0207ed95f5ba18e70804e11c3ea221f21b326084e27707c82010bf30a4101217da8004292b978c5afe
+	C = ea4f880fc4ce490ef2e2266186b8f1e029332b9e414a2d3b3a18f1bf482947fbd1b03f9b84f55b1aaa5e7ffd663d34db536e5d0d8b8bf6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2f1a7c01e05d3c99d595a01f233226ac1e76a6d5c63aac84edab2c336eea5cd47d7fc1e4f31d56bf50b64786e6a696744db1700b7345ffbe34576c1bf2d511074ae1c8eee2d3e05df23b6442c26499415154bd746767c66df92e9b754abba7f1cb5e3ac6e54d62899f0bc781b881ee4d
+** GENERATE (SECOND CALL):
+	V = 4fb461d42fe0ed270d9ecba4ffc4f3e816c921585a3135401b35314bc98467956d743d5eeedc7ec0e7c70949fbd74880cb4ae958e560f0
+	C = ea4f880fc4ce490ef2e2266186b8f1e029332b9e414a2d3b3a18f1bf482947fbd1b03f9b84f55b1aaa5e7ffd663d34db536e5d0d8b8bf6
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c3633a786b02bfda873e560c478859b669f30fa12a0d9d2a
+Nonce = 17f762d7c159ee2ae3edb39a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1e83acb8f81ecd49743b3fc998b65e88b7516b7773d6715e6f7b4e6031cc0eaa6d651a9d8559ee3a820b4cbbbeb1517c9a2055d363f4c4
+	C = 9b4103eab5a6deaf77ed661363e4f2b083898f7337efa14e132bfafe7e3a150e86527764d121ecf5583207c5b067925eff92105ee06720
+	reseed counter = 1
+EntropyInputReseed = ea87d45071948d8ce89e77640fbfa496a53bf683cab12809
+AdditionalInputReseed = 
+** RESEED:
+	V = 0c13de48d8bc9cf96c7bd8c106b0652b8b985299e63e69ba4c03234e42fd581d9eb607bb2d71bcea390ea98c3e013f48e9d700c12754bc
+	C = ebd8394f6cb05a0b3999cfd485b5e9ad3915384d99709fef72dc473e9d540b00cd338b507f2c6043444f797377d1e01200e0c89bd104c7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f7ec1798456cf704a615a8958c664ed8c4ad8ae77faf09a9bedf6ab52f2a01cb3c0268f62916d43d5c0e29d82a5fa419867dd79bf835c3
+	C = ebd8394f6cb05a0b3999cfd485b5e9ad3915384d99709fef72dc473e9d540b00cd338b507f2c6043444f797377d1e01200e0c89bd104c7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4e3cb41e691e7430d56596763fdd648e3856a0c757484a867fc381bd970daf2b3417009f8f4ed8a9b1ab669462b0cd5ce306f8ed8c0607643adb7c3da16db74f332dc7ab730d19c1697de2323ebf53d28fa3534a304f1be4094759fafdddbb12d2c80c432dee824c9fcaad5bde558468
+** GENERATE (SECOND CALL):
+	V = e3c450e7b21d510fdfaf786a121c3885fdc2c335191fa99931bbb29f5ea1c4e7ddffab6c6c77df302449ea9614ce8dd7491653b78bfc01
+	C = ebd8394f6cb05a0b3999cfd485b5e9ad3915384d99709fef72dc473e9d540b00cd338b507f2c6043444f797377d1e01200e0c89bd104c7
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 80b71274f13358e02aa61a479429619481d4f4268225bf3e
+Nonce = 070df33ffc4426d1640aeb50
+PersonalizationString = 
+** INSTANTIATE:
+	V = 15f7aafc906d8cd5dfc42a2707545848d16e95c456b012a6dc5a830d086e7755a513e93294d2620bcad7bf825cfa45587626647951d48d
+	C = 3f43316f1d9b4a0469bcb2d8706fe8e7fcd9392c5c9678174f9647fe4732238bfaeb36227ab0f84fe982f62b129438b98204022fa422cd
+	reseed counter = 1
+EntropyInputReseed = 7773a74e5ae2840ea532a91a50867b0ea61a678fc788207b
+AdditionalInputReseed = 
+** RESEED:
+	V = 3a49b1331d50a9ea48b8380f0e179575e3cf6d86eafaa9c1f736aab92322e838a998df1798b097122641b10b9c0f4abecdf8b74daa51c4
+	C = 6f8dd818caf0c249e4945ee71deee8da20e58509f6ad22c35de01bf99631ce4eb05f3ac08ea4613c2acaeefc97581aa6a00604d9df7d91
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a9d7894be8416c342d4c96f62c067e5004b4f290e1a7cc855516c7a4c0bae87f8098ae931d42216e5941d4127b99e2aaa3ac586d02fb7c
+	C = 6f8dd818caf0c249e4945ee71deee8da20e58509f6ad22c35de01bf99631ce4eb05f3ac08ea4613c2acaeefc97581aa6a00604d9df7d91
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c8c6059bf98021e9f300f16a8d94a538f5c4c89e90e480fa5666d94be4e245a393d4b0b415f854cae00bd2bfeb5c5c8118fd4cb5c4ca6ab0791beed93856a56d820142eaa9d09878dddd3362ddd04822a9ebedeef0da1de5b2718e43f59edd54eece02468e3d6f07e4186eb5af3cc90d
+** GENERATE (SECOND CALL):
+	V = 19656164b3322e7e11e0f5dd49f5672a259a779ad854ef48b2f6e3ea51186a43ed9279b1b6351946ea3d5b809530e994adc68e8138ea6f
+	C = 6f8dd818caf0c249e4945ee71deee8da20e58509f6ad22c35de01bf99631ce4eb05f3ac08ea4613c2acaeefc97581aa6a00604d9df7d91
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = e16fada4f72d3724a8bb7c578f217e7325b19905b4481d95
+Nonce = 428c57cc7023f743763961f6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0d5a597fdcec334fe6182ded5c1d698d1cca62761bf82c7dec71354d1409522abed21d1b7cac63d5165713bbd2bc82933483c474744e76
+	C = 06160f868508be121a35af926bafb92c9a4a59bdc5f47350eaa87cbd07671725e9a76fca666add678546e134160df0525f046dd576e12d
+	reseed counter = 1
+EntropyInputReseed = d930a93572c6a73ff8c801ca328ed221b68d2df6169db0bb
+AdditionalInputReseed = 
+** RESEED:
+	V = 1d10dc9127af9f52b123869ebf7e4df114a48c0a1575a4e62e6e76fce90724f0dc0ae5a82de22e1ebeaac7480af6baf63f05fa7cb266fe
+	C = 5f7b2efc62b10aa463dd9f602385c92dab8050767e51648bc5276c089678c6a53306fda65b579f72fe820630e8fe548d45b0ad0db872a5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7c8c0b8d8a60a9f7150125fee304171ec024dc8093c70971f395e3973bb8c6f542df577ad5c1cd80c08315acd348582b2261ebb50fd8e4
+	C = 5f7b2efc62b10aa463dd9f602385c92dab8050767e51648bc5276c089678c6a53306fda65b579f72fe820630e8fe548d45b0ad0db872a5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8cd9e192240224f231e8d0ff629182a4e70944337a88d5889b37fe8a5f7c2d76a6b9cec03aa214e40679f5f1bb5532021770268e5736762ebce7f27e0a30ad653b036af5805210d5fff5dd4a0ef14581d0c53d2bdc804e71c025276d83c27ee9ea0ed5436b571381268ead6f810b89fe
+** GENERATE (SECOND CALL):
+	V = dc073a89ed11b49b78dec55f0689e04c6ba52cf712186dfdb8bd500156a94b8ee61c5db855d8a16164cb8c5726ca94a5fbb08efa3f1aec
+	C = 5f7b2efc62b10aa463dd9f602385c92dab8050767e51648bc5276c089678c6a53306fda65b579f72fe820630e8fe548d45b0ad0db872a5
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = bcc8ea92cce73293d575a8093ccc4cb1dcd9e9faa69d9c23
+Nonce = 13b09ce7b0fc20773f297fb2
+PersonalizationString = 
+** INSTANTIATE:
+	V = e9a9db91551bd80150da23d5184f796249cf61e9f52e75c9093cde3e61e53e9aa66d06e5f1a0ef5c63fad7592673be19a4c8754f955d9f
+	C = 70412fb4ae85a76aab7fec0a3a4c28df1ca1f9fa0afc5c3239cc9f6953714608c02ebc8326932d21835f32249eef119b6ad9fb260794ed
+	reseed counter = 1
+EntropyInputReseed = eaef1c3ba7f66e9692bb3067645cbccb7dd3ae61243e1a2a
+AdditionalInputReseed = 
+** RESEED:
+	V = bb19e3c7ea2de16ce20d4a9348545e29623373051601d27164698914c155655e149cd36df658882023490d71eaa202f06a7ffe82578878
+	C = 3b7598f117dc30b7601a128944a25347675835726357897f3d7aae83bc0279d1247b0e71b019970321e7512c7af5f351010357aebed9d3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f68f7cb9020a122442275d1c8cf6b170c98ba87779595bf0a1e4386457521f977c8d686da4ae712b917ee398ad5acfb81875d8c8694fc2
+	C = 3b7598f117dc30b7601a128944a25347675835726357897f3d7aae83bc0279d1247b0e71b019970321e7512c7af5f351010357aebed9d3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5a0ec2f0be4629d99ace8d2d0dc351e56e93fea26b8aa86cbb4c3d0b184f070fb5f1f9bf032dac383a54670813b904a5f1059b85e94c0c7f333ae80c70e4ce3d4d52cb33dab3b44973a3467edaca3bd2938be6ce1ee0311ed57b861e3b8a55441c6ef97c79a776f79aed3a5f239c1daa
+** GENERATE (SECOND CALL):
+	V = 320515aa19e642dba2416fa5d19904b830e3dde9dcb0e56fdf5ee7e462dc0fb10a30dbed0466dfec8f989230a568da24dbf2c528deeacd
+	C = 3b7598f117dc30b7601a128944a25347675835726357897f3d7aae83bc0279d1247b0e71b019970321e7512c7af5f351010357aebed9d3
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 80782410e2d920c83f0f27f7f83c4a1e312e6f1e9333d89c
+Nonce = 8574ea5e1a76bc63097ee1ba
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3814e54e52ae6628432bee95434e2e068109add5da88c3a9fbbbe5dbbaf63980a4e57847d15f38dd4bfb9ca2dc5a50fe41f9e52b3ae6f4
+	C = ed0adb6dd2f0ad63bc244ca34951e32cb642e6d84cee5d9b6855fe31bed4b100e56ab527c3e18b5dd48be2ab3b823602c5b8a577b8365a
+	reseed counter = 1
+EntropyInputReseed = 1a9d250db8e8aae70389e5a073430c6a4592cefff77c4337
+AdditionalInputReseed = 
+** RESEED:
+	V = b0339e2200421753bbc197d3efcdb1ad1a3590f2f5d3f6ac3c728d7c02ecdcc216cf6117175340027d8b6e7a38f6e4e1241ea5cbe75414
+	C = 40ea115231247a8aefbbd8cad5328131d665a3e0fd4f7ab5b825049a35e81f27d5f403bf4429d960cef779cdaec174b69b7a9073e69f73
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f11daf74316691deab7d709ec50032def09b34d3f3237161f49792a4a3e82aa00a083de5093f1416c48a8cf44844975bbbab1fa4638bd0
+	C = 40ea115231247a8aefbbd8cad5328131d665a3e0fd4f7ab5b825049a35e81f27d5f403bf4429d960cef779cdaec174b69b7a9073e69f73
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8aa5fe3ffd2968164a0ca70ffe6a4cf2bb3cb6e13ab9714671273bc4933b40a65e8b79b7425c69468d51dd89e87c9cbc8e0b4c5c0f55a21a1967f2142b972658373115ef85d1c3027e296abe06a851edd3156bb9efc16bf18acbd59b1dce8511114dd9b9bf647209cadec0e340d484e7
+** GENERATE (SECOND CALL):
+	V = 3207c0c6628b0c699b3949699a32b410c700d8b4f072ec17acbc97ef7d5d7f7b67703e42d71413f15d6de1d9a70e0743a0851a593c52ed
+	C = 40ea115231247a8aefbbd8cad5328131d665a3e0fd4f7ab5b825049a35e81f27d5f403bf4429d960cef779cdaec174b69b7a9073e69f73
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 2dbd24e0f743600bc12ecd68023bcfaf32fcf77f5503c0cd
+Nonce = 1c2f2761301aba1b24d0be0b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 66e3009f47d0196c08132e63c785f61b0a30443a0539dd6c64d06b3026c546393f43177cb8f099114dd97cb0bf6497e3a0a621c24f9208
+	C = d972e2d7ec0313649bcfc7ff73a55f3a13aab75857c099182d901d29fa8488fe885d6d70914578984ff3b4a1979f7fe4d698911fb79eeb
+	reseed counter = 1
+EntropyInputReseed = 7fe383209cd14fe65f4801e8abb6a2f351bfebbb9693e257
+AdditionalInputReseed = 
+** RESEED:
+	V = 5ba27b0d2d6011c984a9c85ce5fd4a5b4856ba3fc64c04a7b776e7ba926c0b217cc985bb66bb7d2f998c8e2bcbd088e8aefa8eb73b6305
+	C = 666dc300a1700306c73075300e24652b0c947f25a442393fd308c76bd063cf5ce49e694443afe62165e7bba2a5eca2c29b4ec892bc5d64
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c2103e0dced014d04bda3d8cf421af8654eb39656a8e3de78a7fafde4c22eaefbb0b8343ebe1c567c11d62cf6de89b07cd1576d391f7f9
+	C = 666dc300a1700306c73075300e24652b0c947f25a442393fd308c76bd063cf5ce49e694443afe62165e7bba2a5eca2c29b4ec892bc5d64
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 745508dc00e94eb432d233038872d5e0556081e899707d6f18a3b90cc8309d6ae92ec5d4a6aa43470455831b43923e8451acfbadff0dbaa1df1c6fe4123b24bcc02bf8491d1d6844baa3c8bcee33e878dc5464459b41876efa3426ec9542b22eca0d9e1767d6f1f539e9895e5144764f
+** GENERATE (SECOND CALL):
+	V = 287e010e704017d7130ab2bd024614b1617fb88b0ed077275d88777195cc50b5410d2e07ad0c5f5f2d717e605ac7cd3d3fe055465c340d
+	C = 666dc300a1700306c73075300e24652b0c947f25a442393fd308c76bd063cf5ce49e694443afe62165e7bba2a5eca2c29b4ec892bc5d64
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = de08723b2ddbc617a68b0fd915d4c5223773909b6a39955c
+Nonce = dff80ef4d5560e8a09a40105
+PersonalizationString = 
+** INSTANTIATE:
+	V = e9d255c830264e394670b8ed130fad00a645f5823d0903866b8ef644549636de87cf72c57f97255b795ab092c19ac9b1a4c7b0def75ae4
+	C = 8d762511ff2a53b97280a8166bf3e901ef1f7054218d8370845a7dc8c8fa2ecf2b294f2443d19eaed28f2ae4082d7ba2e921c3a8d9aff0
+	reseed counter = 1
+EntropyInputReseed = 6ca0d21597fd3eb003b5caf14ed90378b1f6a1b688c01a66
+AdditionalInputReseed = 
+** RESEED:
+	V = 9ac3fe4abeacf3272c85d73325a24f5b0ba59667724306b953a1723e8267aa76abf3772ee21fc5f39ea3a279098319cf35b7c948c2f391
+	C = 42785a7bdf1b102ed37d73ca8ea1183938cb50ff2426dbc0f0c8bc94d3f4f78e8a8b9570b27001808b58c960d1346fe98cbf750bdcda58
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dd3c58c69dc8035600034afdb44367944470e7669669e27a446a2f46f001da8ea07107b7a7a87f3d1692cf731aa1d66b84734c1d0fd9a3
+	C = 42785a7bdf1b102ed37d73ca8ea1183938cb50ff2426dbc0f0c8bc94d3f4f78e8a8b9570b27001808b58c960d1346fe98cbf750bdcda58
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8ef722855c8225fe154498b95de2cedcd501a383676c4666e973e291db626f8e1c8493e1f39fa92de202e1e595b525a21ae02261a0d8c01501c43399730325489805e5e425b22317facef64ad8e25b17a07b0b342f3514aae5d31b3303d30bb578ea32e2e9413e5d7b9cbd83eb9d73f4
+** GENERATE (SECOND CALL):
+	V = 1fb4b3427ce31384d380bec842e47fcd7d3c3865ba90be3b3532ec91cfc0b0dedb018eccfc15cde0f0b05a3c5caf66e09cae2624716fa4
+	C = 42785a7bdf1b102ed37d73ca8ea1183938cb50ff2426dbc0f0c8bc94d3f4f78e8a8b9570b27001808b58c960d1346fe98cbf750bdcda58
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 6ed5548b0db20b2292bea014138de122de03e4d3a37f28d8
+Nonce = 993772c1de5f77be87721c0a
+PersonalizationString = 
+** INSTANTIATE:
+	V = ad39099bd2dbc59b81c0d20ccf812c0e6f68b85f45564d3a89eb51c1cedfdf6d062911246059d7979c53e4065c710c4b5488b6c5e1636d
+	C = a4ac7f4664ad5c1e42380a8d879770ec501d9c25af748c48473f91037e0218a1f5ed7e90a7d66949178422af0d112a8d20082dea3814c1
+	reseed counter = 1
+EntropyInputReseed = b0a27942ddb2179919cdedb8382d39a37ed9e7016f7d8008
+AdditionalInputReseed = 
+** RESEED:
+	V = b95e83f3231fc8b3ef79a2f6f7c3d17a90a139d9a7143da43cb3c7d09e8fc889328efa642f01bde72fa7cfcef14a04cff386b9223b82cb
+	C = 712b5afd5d69e99e24e5cacc477290cca96ed34e517a8b9df5bbdfaaa92a508df3f61b681508dfc60d52963888827ac9f67937562a015a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2a89def08089b252145f6dc33f3662473a100d27f88ec942326fa7f71c80d795deb63a8b9e364397f4162437978248c9647241326a1a43
+	C = 712b5afd5d69e99e24e5cacc477290cca96ed34e517a8b9df5bbdfaaa92a508df3f61b681508dfc60d52963888827ac9f67937562a015a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 76c8a9198c6dec7c2b993cbee8707955752a2f763e4b9d5c539595d75d4b9a037b7c9abf9ebc1b73147912f8dafc6d4387d92d7d1a4082a66aef9ed6d391c7ab6c82775403f45064f6ea7016779f809b5ea7da8b7491b22fc76a32d7b9c76e6639263ec4ff1539cc265c43f835a7bfad
+** GENERATE (SECOND CALL):
+	V = 9bb539edddf39bf03945388f86a8f313e37ee0764a0954e0282b87bf054d0c83513184a58006c008adbd85ee491b20cf4a01277e000331
+	C = 712b5afd5d69e99e24e5cacc477290cca96ed34e517a8b9df5bbdfaaa92a508df3f61b681508dfc60d52963888827ac9f67937562a015a
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 604ce45f0accf6ced2d1c19e399cbcce9ee2be0d6ee5a888
+Nonce = 2aa6b1ac9680bf8f6a53e6e5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4555d461f03e74a27496504ea60e4fa35fba9520234fd239ba5ec7d666939135b8fe2760d76abdff38dbfe9e9c7b2df3b80c10bffb3178
+	C = b8375271176dd67d8250cf028fcba32df22016d5915193e8f5bbc7e58a1f0953d588eba0e57ed0abd763111ac7bb0407d464fdafd4995c
+	reseed counter = 1
+EntropyInputReseed = 70cdd41e2c03b6850ded28813359a8525d9cb2065796dd1c
+AdditionalInputReseed = 
+** RESEED:
+	V = e58a8df446b16a79adff65fed434c57e47ea3c3a1bab0cf5ceb5b4965beda3b95728b374e4ba3ea4b7bdf398e37ec443b32444c126fcc5
+	C = 00f22d047774e1aeb0a913f6b381eedceb97c63b70e9bd55b5f5c566d51321689fcf8773bc5368dd9baac10639ce128cc7b44cc6ab57b7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e67cbaf8be264c285ea879f587b6b45b338202758c94ca4b84ab7a99973d87b7dc45a0feba41fbf485117dd674be148c92be8605e0f3c6
+	C = 00f22d047774e1aeb0a913f6b381eedceb97c63b70e9bd55b5f5c566d51321689fcf8773bc5368dd9baac10639ce128cc7b44cc6ab57b7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d978bdb3438e3326ae6aebc4830dfbd82d523a6944845fb30012eefe0ca13f76249d491b4958cf76e5c3306d8c1be4dc443dc4e1f98c73fe763eb4caaf4b22d2dd77120635876ed62fda9b83d3392287bc4ced6c1e78b176707856b4621bc2a6a5246d359b1099892199f86a458adaad
+** GENERATE (SECOND CALL):
+	V = e76ee7fd359b2dd70f518dec3b38a3381f19c8b0fd7e87a13aa140a88f8e3b6769305a1ca5077407825a51094a74dc950b8c8848f1c8ce
+	C = 00f22d047774e1aeb0a913f6b381eedceb97c63b70e9bd55b5f5c566d51321689fcf8773bc5368dd9baac10639ce128cc7b44cc6ab57b7
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 2dcf2472cab46d6221f1360ffbe992fdb2733df827633b9a
+Nonce = f1cccec329488e1b431a758b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 16da255051fbd0eb24c840a0498985de892f5e1b761ceb5db402e936c42701bc0a85c096e9bc400e2fc711dc63abaaa1aac534d915daa9
+	C = 85ed59be2abc896f5445c99d74df00f235c7b965d55701b6f6b7784a03d1b153f9f52dbee95a76fe22708872b670adab27dea28322f0a8
+	reseed counter = 1
+EntropyInputReseed = ef90998b29518f18165efa8636d491ec28b805d431fbeba4
+AdditionalInputReseed = 
+** RESEED:
+	V = 9f507a947d968dcfec764aa93b7a55e8a4fb7a56199ffbe6deadff5259189ccebd71f3b601a920427c57a45dad01b5b037fbd99607ed7f
+	C = 54d5f71b27999ca7409a7d9ea87f3f2ade7e1f9ce7ca6367eb9da37231f4d730cec298de3899b36267178feb1fd232a3d6090f1a3619a4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f42671afa5302a772d10c847e3f99513837999f3016a5f4eca4ba324c2163a2b6ae1f038331a2acffe82b4754876b4cea8a4515f6c4581
+	C = 54d5f71b27999ca7409a7d9ea87f3f2ade7e1f9ce7ca6367eb9da37231f4d730cec298de3899b36267178feb1fd232a3d6090f1a3619a4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5d73610846d80361ad3b63b4993e48153a1cf01f56336fb84e241711ac785c740d8712a53d7d3a367be082d1c608458e70b1332a0125c53f614c376064b9af6ea095204efc8468cbc80532d4e5bcdd47c6f78af19273dc3d9ae41d8cc3b60e54febb9c7dae0e31c398a32c625d59d038
+** GENERATE (SECOND CALL):
+	V = 48fc68caccc9c71e6dab45e68c78d43e61f7b98fe934c2b6b5e946b66a28007b85f2049310af044a6dc7c1ccffd39774d6d2971188129f
+	C = 54d5f71b27999ca7409a7d9ea87f3f2ade7e1f9ce7ca6367eb9da37231f4d730cec298de3899b36267178feb1fd232a3d6090f1a3619a4
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 991375cdc347b3f70fc7e565dc2af364a05bf057df587bb1
+Nonce = b5eb29307af71a7b6b17cec9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2620f2ceebff865d99525fa2a2dccdf51dc70f74d49f623cfdc0c189aa299f474a762a2701bafdcd8e9364ee8fed8bc1d9b8233e1a6c75
+	C = 41125b2764a2d6fc82dab668b493ea5ebadcf323025ce2fb75b689737cef74ed83a825f0b8c50c56b855dd48519b42f7ffe1a22e633167
+	reseed counter = 1
+EntropyInputReseed = f290b547b5fc76282524854b843dbcbc28837b8f4f82be21
+AdditionalInputReseed = 
+** RESEED:
+	V = 10b9dc1bc70f226dfbc8a548242ba660d36d3a13e4c9b8c83214cb0c414fa113ecd9d59f5d7cd838f1b12d2369e8a5690dfa9fb9f5f9c2
+	C = f0441b048f7a32c8691cd3f0b4aca2dee2d08d2eb9c9186301352e71af8f3dfbe269aaaaccf53f20d7eb9941579b1e23fc8c4514fb83af
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 00fdf7205689553664e57938d8d8493fb63dc7429e92d12b3349fa2201a883e9350e3870d8ae8ea70d1bd36d7aa1c299b910a257d7393a
+	C = f0441b048f7a32c8691cd3f0b4aca2dee2d08d2eb9c9186301352e71af8f3dfbe269aaaaccf53f20d7eb9941579b1e23fc8c4514fb83af
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 60c2c6e1a5a92859d4f392265bfc53f7718e7927bfc409867a88552f2ff7f3862d626454b7cd5718c6fa3406cfcdb282d8f3a8589b49714dbc8900438387d27d9a532001f44a80b670599353a5ce98daea7f195c0b9c66fcc3127dfd73095fc8c5a874eae8008e029a2ace1c2a4fb007
+** GENERATE (SECOND CALL):
+	V = f1421224e60387fece024d298d84ec1e990e5471585be98e347f29329be342799f5782f15dd16a1e15a7118f7d2e680ee466bb415cc6d7
+	C = f0441b048f7a32c8691cd3f0b4aca2dee2d08d2eb9c9186301352e71af8f3dfbe269aaaaccf53f20d7eb9941579b1e23fc8c4514fb83af
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 99eb577261e1fe73c85c6c4ab9549f3421f0b4f3755aaf8c
+Nonce = 7f03c5716d9b148149b265a8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 66677272fb1c4210f9b824ba90b0fc35b1ce74b2d3fde2ed1e94c5fc576f688b3cac5a74b0983c29c2c31f5c09cc9a6097c92dc929611e
+	C = d717c1ddd6a01699f944d0a39a3532ebd26db5dbdcdb9f528e4c25180d0886e476918ade9382164facafeb5720758143a9137fbc9a4b7e
+	reseed counter = 1
+EntropyInputReseed = f28c8b6ee75aea69fb50ea608247bfe988e161b9b1261bef
+AdditionalInputReseed = 
+** RESEED:
+	V = e0de7242a70d9449e405796d6abd08276562ac7be4f8d097a10da018f8d4af644b5aeebfb4b35684ad5a7fae06f01d2448ed627e6f9aef
+	C = f9efba01bd97e269304fbd84a9ad830fe79b8d0824cecca156657de89f73bd796502901bf32cdbe3bc63ca509acfab6c3f6c9ae3b82396
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dace2c4464a576b3145536f2146a8b374cfe398409c79d38f7731e410488ea37a87d54bbb81fe50047938288547ba39e553f381b4eed0f
+	C = f9efba01bd97e269304fbd84a9ad830fe79b8d0824cecca156657de89f73bd796502901bf32cdbe3bc63ca509acfab6c3f6c9ae3b82396
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5f530e615804f8a3d63d0173e26f5d5102ddbe2c3227bedfbd48d23d9dd95438925c8e1eaaa4219cd00b84bd8c424e9215c3bcdc1b03c087ca9d1662719759702abbd53ea235eb34ae0a5dab35cfee23aa83b1c507dcd24b3ef520b3919990235da7a8b4a7f3790ff47831644c3d2f53
+** GENERATE (SECOND CALL):
+	V = d4bde646223d591c44a4f476be180e473499c68c2e9669da4dd89cb3e89e81621c1e89f137815209ffc4a850e063cc2751515ec19f4e5e
+	C = f9efba01bd97e269304fbd84a9ad830fe79b8d0824cecca156657de89f73bd796502901bf32cdbe3bc63ca509acfab6c3f6c9ae3b82396
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 9b5c575e06e4e1e5faccf76598cf2c0257cd45631238bd5a
+Nonce = 7919ff2cf5270c09b8ad3957
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7effb22a9423c87350ef1e58e7beb5dee4d263313d6d5a1bb5d4f0702c8ed48693f2d6685d6f4aef1eb8430c3b922ba44c1cefed80bcd2
+	C = c042e1b2f3d4b4fc06c045ca95a8f9bb540e13665d4f78d7c93d56b1183d9186a97a150f299528293b8bf790690945de3131eca488c0b2
+	reseed counter = 1
+EntropyInputReseed = 3f2231dacab4e7167dd748c365b2388481f1fcc22828f546
+AdditionalInputReseed = 
+** RESEED:
+	V = 64aef5133d45104749afe88ee147200c3906d14996fa00af3be008cf9d67a2cde7d9de15dd3943df2f570393fd9c0087304e02cbc33de0
+	C = 76b353ea6661b259c8e8e3b628da10464ddf0fa0720fe3a1b84985d20231204c155079b5495fec6e027e5e594a1ef2be50594b259bf895
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = db6248fda3a6c2a11298cc450a21305286e5e0ea0909e450f4298ed5caa6dd833f6cbc8d5f7098cc1f5be2a76cb503720c82e45c4efa03
+	C = 76b353ea6661b259c8e8e3b628da10464ddf0fa0720fe3a1b84985d20231204c155079b5495fec6e027e5e594a1ef2be50594b259bf895
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 41acb548b7f3dafc97310b37ddc13238fe82646c7d25ef8079c50ab5b8fd671a13079fab984d34dab31b6faa6d80f257b440783ca42bc8c6d0a7e971eac90af2c5d307d6d60a142f61508795d03614bffabb4450ab6aebc9b5f0c8a461c185e701208a111f7b70286b630d79df09007c
+** GENERATE (SECOND CALL):
+	V = 52159ce80a0874fadb81affb32fb4098d4c4f08a7b19c7f2ac73150cb2e0df29307dad4a3faaac4581397a152218c61e4bd2db6d99be05
+	C = 76b353ea6661b259c8e8e3b628da10464ddf0fa0720fe3a1b84985d20231204c155079b5495fec6e027e5e594a1ef2be50594b259bf895
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = ab57fd009184afe0c40499bf459b33e2721e7fd577ae9e33
+Nonce = 19aaaf960f132233f2c90f34
+PersonalizationString = 
+** INSTANTIATE:
+	V = 104fae2bd837e0e1894a669b8a6f1180aab8f90a6dc2be99d797ca204f3238cea8f340af8d98e659d9c74ea7120d582653bbeb2363f362
+	C = b61098d71803b6a24cea03c5bbd4132e26b2e38a956cd35c5c372db8c5f69f708cbed8d9fbca8eba23bacc183c44c2f4ed7d6bc2597aee
+	reseed counter = 1
+EntropyInputReseed = da3095cc25d10936959e73be621821de6eb36bb527af0c40
+AdditionalInputReseed = 
+** RESEED:
+	V = 9ac8b1e817b1c1603737f74165f7aff40627bc470716d6aeab93131b9167489df65e473fc767eca49e062f7795b0fad88ded6110ecc20c
+	C = e2fbb3d851aa905e6b592cb12bb7c12e4ff51d87634079b6deffe76ad735b1d909a7c98d755189e7e47c1b3ca60a2d38aca1ddb1d0d730
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7dc465c0695c51bea29123f291af7122561cd9ce6a5750658a92fab78302cb09afbf422130ae891c86873fd52bc2ac608c897b1e57e14b
+	C = e2fbb3d851aa905e6b592cb12bb7c12e4ff51d87634079b6deffe76ad735b1d909a7c98d755189e7e47c1b3ca60a2d38aca1ddb1d0d730
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1ee0f4b24f8baa5ddea66a65886ee212b3ef61399916fd15857c7fb506c777b05d14a7b272d3f5ef50ffd6f4638372821774005c8d3221e0d256a148ee0d23a705e1cc26fb6b9db4e236483de9d771120925dbc64f657f2df097cca104f6b90969f92803c74d8f64e11ddd44ce6169ec
+** GENERATE (SECOND CALL):
+	V = 60c01998bb06e21d0dea50a3bd673250a611f755cd97ca1c6992e2cc676d6c7fe832d02eab83492fc5c92240d30056a38e4fb2e4e7d5c4
+	C = e2fbb3d851aa905e6b592cb12bb7c12e4ff51d87634079b6deffe76ad735b1d909a7c98d755189e7e47c1b3ca60a2d38aca1ddb1d0d730
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = fad885e0c66f621a763d4a9a3778c83c8eef30a25fe88d29
+Nonce = c248b79c91671f135c1878df
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0252af4e289437ca1ab89202b3446dcb25fa4cea466ae8df0e18b026ba0368e27cd470aba84e9dc2b03a9247316c0cb68047c060e535e7
+	C = 22b6814bb0c2bb257fca988b19d8acbfe9e875c38b1d3c050d0706274e152a07ced37fd775540dae0199bdef4a3dfe85b86b505126bdcf
+	reseed counter = 1
+EntropyInputReseed = 57b2e90496108966ec69abdaad0fada4179fbfa6657956b5
+AdditionalInputReseed = 229cfa582c7d51d617a49de12088169e3099c260ffd2247b
+** RESEED:
+	V = 17521ac2ad09701142211277ddcb607d41c67c5160f47a88b6c7e0a4cae1605f0c7629ba16aeeedb4358f8435fc2f69d83f8b3a52d74e1
+	C = cac8af0b44f444103c6287facdc49f2cdd0a173acf8a46c4c78233713fc700e04590180670bcd1356a7b8ad1f2b16e9fa682d016b78467
+	reseed counter = 1
+AdditionalInput = 7c18d74d17a0883135a0e9e5f7efa3603b7beb766746279f
+** GENERATE (FIRST CALL):
+	V = e21ac9cdf1fdb4217e839a72ab8fffaa1ed0938c307ec14d7e4a14f11b328e25b915cc2b55fe90931796bf772fb3435478d2e77adbfbd9
+	C = cac8af0b44f444103c6287facdc49f2cdd0a173acf8a46c4c78233713fc700e04590180670bcd1356a7b8ad1f2b16e9fa682d016b78467
+	reseed counter = 2
+AdditionalInput = b48049b80fae84f378ff4a67489ab6cd26a2a429e9015114
+ReturnedBits = b68c2dc5dfb779ded8e2acfc0074eb1e92a54acf075d26558bde1c78564cdaed6578860274c705b81ba3e625f47d3027a2b47a07c87b04d5ed43d67295ed07b0b072ea354bca18a83b6e54fd5f06d91a1427fa3610268abf291fc7930ebb852c0272bb08c4f01bc2ae71e02ac9f28627
+** GENERATE (SECOND CALL):
+	V = ace378d936f1f831bae6226d79549ed6fbdaaac70009081245cc491a01e939e1b88601f8ee6ff44436f0d25606b5c2069143e2e9e4f887
+	C = cac8af0b44f444103c6287facdc49f2cdd0a173acf8a46c4c78233713fc700e04590180670bcd1356a7b8ad1f2b16e9fa682d016b78467
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = ee1f193658f4936cdbea25d5e1b86af0d56157dcfaffc3fa
+Nonce = 26c9e026f06b2015052ca4ad
+PersonalizationString = 
+** INSTANTIATE:
+	V = c1993ae1081033ed6a35f19535dd5243e79f4900d35dedc88910fbad276f86bce062fb4ec32bccf9495a23aa0c34958e6db9229754a66a
+	C = 8f46969ba632a68d3361315867cd6bc1f962c59fdbdfd8e10ab54aef0c28e89a98b017d53b7777899a3380ba5829550becd38d7195cd7a
+	reseed counter = 1
+EntropyInputReseed = 2825412d47b72d610105863ecbca10cdbb520029ca2e9ab8
+AdditionalInputReseed = d601eebdf6453686a73b893cf4b362dad3edf3c3db13fdde
+** RESEED:
+	V = 75906c64dd9692d880a7cb3c3c10f5f11aac9c1bd7eb13db49bd3e478a6959509477b1f88d45ba834f462c40dd8266111b6c6e65079f10
+	C = 803ddafaf5d34eb3c1b72d9d2b621ec3c43c04dcc45f44908504a5e44daf881c5b8ff8f9cfe63eb7eaf31875c11717c7751f4a03807a4c
+	reseed counter = 1
+AdditionalInput = cf499e18faf1d9be3572af7c2035de65d84cc0871a0b7805
+** GENERATE (FIRST CALL):
+	V = f5ce475fd369e18c425ef8d9677314b4dee8a0f89c4a586bcec1e4a47b9acb79f7c681acf49c3143814e7b6776cf9a06b5759bf16b3834
+	C = 803ddafaf5d34eb3c1b72d9d2b621ec3c43c04dcc45f44908504a5e44daf881c5b8ff8f9cfe63eb7eaf31875c11717c7751f4a03807a4c
+	reseed counter = 2
+AdditionalInput = 7febd5d2b19746caec3dc3b8a0241e5f2f8df3d1bc1fdd54
+ReturnedBits = 4e1b3174f74c0e0d24698db6b492f0012facc508c1dea70a565937bd28b915d5254b9802e0b32c7bb128871d9bb8d8ac6aeb79fc87ae6e01c26d7a506ab8c15e16017d8effd792e945b759a59f7d21272f66753c4d530353122458faf8ebc75634fd3986bf1bfa93d2e447ac941ac9f9
+** GENERATE (SECOND CALL):
+	V = 760c225ac93d30400416267692d53378a324a5d560a99cfc53c68b9ad77c2cc6e792a88e0ec69d78011a11ed9a5f4a0232bef1496bfae6
+	C = 803ddafaf5d34eb3c1b72d9d2b621ec3c43c04dcc45f44908504a5e44daf881c5b8ff8f9cfe63eb7eaf31875c11717c7751f4a03807a4c
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = f81f01a6b310a04be907bcb7c729ed0352e16d515159c7d4
+Nonce = 99adbd4a5f2d801c2364cd89
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3b0756670b264124e1db9316f90efc9ca4284327ad7b096e27d073e4fafca0e73794e2523aefedacbf3a38ac3363434f1571f9b1097338
+	C = 14ed6f5f08d7d63bd54a34e8963cb34f3b108778d724dd84f2453b658a5290d70e117c368bf3916682296e6a762a42b6c85c855967682a
+	reseed counter = 1
+EntropyInputReseed = a95e16abce8479eee9ba139525ceea38e98a8c302c81583a
+AdditionalInputReseed = af710041dcc8ab84b3e7cac33b70a5533b49254f2a20ccc6
+** RESEED:
+	V = 278b02f9c84b8b1a00a462950f0f59b52e633221d9376b5e56b62caa44324e5bf84b62b7e1dfe65138351e0502764698c1ff062f5a88bd
+	C = 567bc21fbab51c66b6f65efaaae23cab821d355ede9a0f3a0cc58645da9f62647cab7971d05c8e1fe310525f6aabef2108ff8972493344
+	reseed counter = 1
+AdditionalInput = c06c08a34da60cfe7e20f9df5e94633e2829a1b7afd852f6
+** GENERATE (FIRST CALL):
+	V = 7e06c5198300a780b79ac18fb9f19660b0806780b7d17a98637bb36a7b20bfc464c53115b23111aa41d3f86313d4a8fd313bede81f674f
+	C = 567bc21fbab51c66b6f65efaaae23cab821d355ede9a0f3a0cc58645da9f62647cab7971d05c8e1fe310525f6aabef2108ff8972493344
+	reseed counter = 2
+AdditionalInput = 1e9d5f01f12827d39a48eb718519164c140008113a658bb3
+ReturnedBits = 1629bbe34969f2b958d78268c42f42f63355c67456fd6cb1112ada7266071e3c7384c17b4caa5ac1f966c688979c7e259bfcea17dbade6b7c50306cb345b5a9d6ec71acd7c1ca119699793a86b3dbf7593f6c250cc8eae8fb2876356777e07bbf34156d9ebba9c5c6d0bcc51f5137303
+** GENERATE (SECOND CALL):
+	V = d48287393db5c3e76e91208a64d3d30c329d9cdf966b89d270413a9294a0badf15be9ab3b075d50d5312ab8aa51c0ac536c2ca1d009b56
+	C = 567bc21fbab51c66b6f65efaaae23cab821d355ede9a0f3a0cc58645da9f62647cab7971d05c8e1fe310525f6aabef2108ff8972493344
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 2d398cd152b7c385e8f0769a87ad5880f7720cab755dc667
+Nonce = 8f5146a889c2c060132dfda4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5d9ce3ec176220cb674ae4d0c47a4a170c730a4f04b7b738813e741f6dad7362c6d6f54be66efaba136f1512a487702087326f9d0114ac
+	C = 47e241524bfcf1a5dfdfc29a5a9fedd7699c5dfff05c3c14c05a215bbca8a1853a3de5f06fc5f1a6a49342f635c8050a7c5045fc901197
+	reseed counter = 1
+EntropyInputReseed = 84bc35a525555ab09a901031fd84f3f2f8f3420d92d53940
+AdditionalInputReseed = 2d59b6998affb88a93c93f048218a852cbab079f852a6aeb
+** RESEED:
+	V = 66045a945b6711f972518a046970b0864e19791d5242ee4bd6999569ef4980a177c1448358a200e6a630f870188f8d48415df73e878d9f
+	C = 5047a708f3935596475ffe18ba8d0a5323f4660a8bd5f2acf0fef9772a5f50195f2515d84d25d4bea19a0a85e981ee08a211733754af94
+	reseed counter = 1
+AdditionalInput = 37232c1d45eed8d5b27fd5473208cf4424412101699fd38a
+** GENERATE (FIRST CALL):
+	V = b64c019d4efa678fb9b1881d23fdbad9720ddf27de18e0f8c7988fe81ee6825e14a6a39d07a74375cea7c3296a211e45062dafdf69c1a2
+	C = 5047a708f3935596475ffe18ba8d0a5323f4660a8bd5f2acf0fef9772a5f50195f2515d84d25d4bea19a0a85e981ee08a211733754af94
+	reseed counter = 2
+AdditionalInput = 6196d3c7a51e0dda906ff747bf2c6367f4465f10715675e5
+ReturnedBits = 0caf21bdd05fe496998df6109be62e554d157263500e6c0c49dff9bf9e8c2b525f290729821b692c8f9160975ec4d4f8d18a1f40cdd30a07ca9bf0d8ecd7c1558e56386ba9b227b897fb8a06041766015ac06030628eab87bdc5a71bf0dc4a53e2a130fcf94c79afd84c3e98237d5f1b
+** GENERATE (SECOND CALL):
+	V = 0693a8a6428dbd2601118635de8ac52c9602453269eed3a5b8978a8e871b043d367568e92b346c601ef2b80b33b3ca612bd145b2e4942c
+	C = 5047a708f3935596475ffe18ba8d0a5323f4660a8bd5f2acf0fef9772a5f50195f2515d84d25d4bea19a0a85e981ee08a211733754af94
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = fa357799ca4ed55d2412daa0f14f7a9e2bd60d1f805a682e
+Nonce = 0c58b4466a2384430aa74321
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2c2ad385305bfc201d5ed56c986dd504fd5ade156380ac51f1a7210411300c51890f2b152de711cbf799cac26968aee7659fa461032d7d
+	C = e6c49d97270f6e73b85937d962be31326e1786a63c90ff52cbe218253230b2e66a2646bd27947fccd7d1a848ffc4ae89d4c549b049a247
+	reseed counter = 1
+EntropyInputReseed = 3eb9cd4e401140c8cbfd52114df58a2e78c2cf1f6b47887f
+AdditionalInputReseed = d219a507e837dcf508dcaa5b1a503a8b3d223eb10c0451fb
+** RESEED:
+	V = 9d7183f235bd7d053d9fa84b5996be7045b928e7044dbfeeb9e13ef00c4653c7e29dfee38b763e35513ac97f7204f4b5b56355f66194bd
+	C = 475e94ab24cd6fcd2fca5cdf7cdbb703e9843fb0404adc457f2d3bd6a268a8e52edc8a428a152e417472b05977fff0f0356b39a1270378
+	reseed counter = 1
+AdditionalInput = 95dcb201728f246b8e78c053ad4a69528b64e6ba0b1d4222
+** GENERATE (FIRST CALL):
+	V = e4d0189d5a8aecd26d6a052ad67275742f3d689744989c34390e7bb2f761566b39b63dd5126f5d80044b6d8f1e400ae42ae1219b8d093f
+	C = 475e94ab24cd6fcd2fca5cdf7cdbb703e9843fb0404adc457f2d3bd6a268a8e52edc8a428a152e417472b05977fff0f0356b39a1270378
+	reseed counter = 2
+AdditionalInput = 0aa51af6f1c60ef2f33434eb534bd68c138fdbfa720f1824
+ReturnedBits = 82f574511ea2355129fd126d12a720514bc5aed5292db98c40795b49935bdee13fd96bb7b4172001003e5c09a2136ad8d3082b67e4459b0f01bfc36b73432f7eaf1d0e8a8152e8e9cae96f9ab62305c0f06edb3b9433c4408021b89369659a069964017b6a5e49350140b752044c8713
+** GENERATE (SECOND CALL):
+	V = 2c2ead487f585c9f9d34620a534e2c7818c1a84784e37879b83bb840fad2ac89d47b0e3ef690ed322b7ae2eae97d399921775a31847b51
+	C = 475e94ab24cd6fcd2fca5cdf7cdbb703e9843fb0404adc457f2d3bd6a268a8e52edc8a428a152e417472b05977fff0f0356b39a1270378
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 4e6fd7779481dc86c422ad063d0a36b145379f1126ad3f6b
+Nonce = d78e8aacaef06929eb593502
+PersonalizationString = 
+** INSTANTIATE:
+	V = d43208fbddc99b96d7e63ace0aea7d184ad45eee290ae595917e01f84f4eb3c17797082f9e995e7ec195ee0e13e377ff933363b5bd229b
+	C = e455b19724cf8a93158d210383a1d4a135789317ce687eeee09c2d4036d823ef3665addabde8605a876ca347a5f39c8c98d075f0419387
+	reseed counter = 1
+EntropyInputReseed = 999f28eb331bbabb55ee3536c427a20e4e9547ae252b734d
+AdditionalInputReseed = e5fdfcc35195ee3c93ea9d612e9b1e8c95a1aaa75768fc52
+** RESEED:
+	V = 168c2e7a21561e879cd81579258ad283fcb3d414e2b8db98ec9b5c21d00b918749a83d40aade2c3ac99679fd576d9aaf07445123f4ecdc
+	C = 7bc53d2bc9bae90af264a5e00f79383ea30ce63a1c4bdb8270042323ea14859366857db0b9b139717f0711fe6bb1f7782c8e2e3636ade1
+	reseed counter = 1
+AdditionalInput = 9977817ffd579a2e57866f8f6fbea16bb9eb302043aef068
+** GENERATE (FIRST CALL):
+	V = 92516ba5eb1107928f3cbb5935040ac29fc0ba4eff04b71b5c9f8023a9e7bacd53d001f2acfcdde7272f76120052034796c85020f2bad5
+	C = 7bc53d2bc9bae90af264a5e00f79383ea30ce63a1c4bdb8270042323ea14859366857db0b9b139717f0711fe6bb1f7782c8e2e3636ade1
+	reseed counter = 2
+AdditionalInput = bba1b99e675677cc5913e0a62bca9dc3e66fe7223e4180cb
+ReturnedBits = 2d0abe7707bbedd2dc7c524019cba6602b243582e20ad9080d0f9d620706218d197066b29211d44f4de2be1c41faef07129fd3da5dc76a5cb73dc9e8a6708841e53b4f6f8776f516372838c645e3bbcf348d02da9231dc1ec23b577b97cc554487dfc5c88a6dfc70a354caeff839d00e
+** GENERATE (SECOND CALL):
+	V = 0e16a8d1b4cbf09d81a16139447d430142cda0891b50929dcca3a3ea22d5993e959cab7fef76e34c32388efaecc0d831dcb3c9930fa8df
+	C = 7bc53d2bc9bae90af264a5e00f79383ea30ce63a1c4bdb8270042323ea14859366857db0b9b139717f0711fe6bb1f7782c8e2e3636ade1
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = cdff418708481e6e7db777fa3e7b54df9aaf448274d68b83
+Nonce = 37998974f087a4b5a428817c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1568e61e27934457372789ffba4f3dc6bef846cac2add7369da1a616312505fc180bc64e6da3eecc73123db0ca2f840ec5c27ab19a6291
+	C = b5ae31feea58c5aea9429dfa60c739656b1275ed2e1b1bdc978d87cb6dbc965540aa4ed383cc2b9c312c448b59ee8e8a337555bf33e5bf
+	reseed counter = 1
+EntropyInputReseed = f9bf7d7234003c5a6bd9498f44218577f97eefa6e91d3875
+AdditionalInputReseed = 097ef5cc39fb2181fc0475e944107fe5833fe837420b72c0
+** RESEED:
+	V = 4efc7719ea01350dc7130d6689821df03159534c16b19047be009844c3fad2f6bcee10ebe66a92547935da218c530d39052c806d52cc71
+	C = 5e5eca3993e772b2c826ec4be2b947128a0405d47fb53af63f9ac98d3a143cd983926d95ecb4ad94c0c1dae9c57acb7371428f60d9603a
+	reseed counter = 1
+AdditionalInput = 42168291b8fff8079c6932c05850362fcf1b51927ac50187
+** GENERATE (FIRST CALL):
+	V = ad5b41537de8a7c08f39f9b26c3b6502bb5d59209666cb3dfd9b6289ae708fd71c5e317cd3e03cc897443d98d928de5af87ef05e54918e
+	C = 5e5eca3993e772b2c826ec4be2b947128a0405d47fb53af63f9ac98d3a143cd983926d95ecb4ad94c0c1dae9c57acb7371428f60d9603a
+	reseed counter = 2
+AdditionalInput = 0674d377da9cc7841ab6a71a7308f3ed69fd0c0d88f28543
+ReturnedBits = 4157f879655620781f70efccc79a85ebee020ce025543f0093f6402b1280a17485c1a59329fe3fab386b5a0a6b510288e7305a389faba325946fd0e6c027efd1c36ae2d472ffa6a5e25700def11d7abb9f5a1c99f0e5d1a9e36802e869ae4adc110ad766d75badfdef864abcfe483b7e
+** GENERATE (SECOND CALL):
+	V = 0bba0b8d11d01a735760e5fe4ef4ac1545615ef5161c06343d362d4e1d349d9523ae9345b6ca5bddd9d514094d4c1d1bc6858749016201
+	C = 5e5eca3993e772b2c826ec4be2b947128a0405d47fb53af63f9ac98d3a143cd983926d95ecb4ad94c0c1dae9c57acb7371428f60d9603a
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = d5c355b1ddd270663b57c395ec5f43d9ec9d60fc20b6d4b5
+Nonce = 5aa0b69448b37bb99650fc7e
+PersonalizationString = 
+** INSTANTIATE:
+	V = c8c80e3aeb3f4f99d88ae7498eea95a19ff1fc40e1c0b54c3b0ae32af8b530617347f2d4d8f379b2b158d76eeaa1057dac2a1174755096
+	C = cd216a723ff049bfe62d13c3d8ddc7f32781fdc90e1c1832df537af6117aba6757299fa0860474801f30215b58d26f306e0083ca7d8256
+	reseed counter = 1
+EntropyInputReseed = c467c5a754d165038b8b68ef2503d044d7952d02f79a58ae
+AdditionalInputReseed = 4f47678ceeb13a7522f16aaa6c977506ce4b2fdce81b6cd8
+** RESEED:
+	V = db32e765f43d8f6275584b8198b9cd278fbf5bc2e5d4a5c24b0606c5f533d1c13d6738af5725a77958bd8b9b121767f3a3e8ed3a26b5f2
+	C = 9fb2b25aff03fb3754d5747fcb5b743d0171a0b6144888834626b35fcdd008fe1b0e2f0e12e03f979a98353cf2c82e8d29a80f803fb25c
+	reseed counter = 1
+AdditionalInput = 1c9a76aa52ba22d1626ce66fba84d3c65998ef731ae756f8
+** GENERATE (FIRST CALL):
+	V = 7ae599c0f3418a99ca2dc001641541649130fc78fa1d2e45912cbb17f139bd672032b2b348b38fe9b9893a22ecbe793b7dd5905ef430bc
+	C = 9fb2b25aff03fb3754d5747fcb5b743d0171a0b6144888834626b35fcdd008fe1b0e2f0e12e03f979a98353cf2c82e8d29a80f803fb25c
+	reseed counter = 2
+AdditionalInput = 5ed3052c68e1e42a71b93810e5ac98c6a6896089481b5ca8
+ReturnedBits = a10c32dbff74e47359a8f0a45b6691939375dc06cd6485d2cd2feea6237cbf58641709c99d0a26b8e241ca23c4cf994965f58d06f8ef6a9698f4ca1dc06b4cd1f9b2a2bb1564331e8c8dc2d1dea4c7daa3fd79854ccf5298ff571aa6eb84e0e8df2e88753dbdf5717f8ee94f27381a08
+** GENERATE (SECOND CALL):
+	V = 1a984c1bf24585d11f0334812f70b5a192a29d2f0e65b6c8d7536f960b1625bf50d3a7e307d17b2c42edd3343b56b3a010602f8a30afdb
+	C = 9fb2b25aff03fb3754d5747fcb5b743d0171a0b6144888834626b35fcdd008fe1b0e2f0e12e03f979a98353cf2c82e8d29a80f803fb25c
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 9b540e2bb8170d11ff757a0c214ed1667190309e0b470784
+Nonce = c0a83779c18cece4c60be6f2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0abb86197dc59dff82e8d3c697ac8941ff3f6670fddceb6e873b6a9adadef98ea07bc7d7ba9f2dc4ad3ed7d9a36109ce8e5a69d4ec6b9e
+	C = 55845a4785b1b7c8432d98eeaf18797bed977d2a6b50a8796edcf9047c0805aeded39f3e49d232b43b95d63e0592a07ebc1c2712bb6227
+	reseed counter = 1
+EntropyInputReseed = 0dd0413095a249476b620d64dd564946406b5006a48a90e5
+AdditionalInputReseed = 41b8e2721dc38e983214bd328181edd66ae9c6a488b154f1
+** RESEED:
+	V = 2bb7e8da97f5b9cb6b76609c7483c71229115acf01e1082867ffffc74db58a22bbe241d110c432ee39793987ea205b5b533f1d793f9203
+	C = a0c00a7c528a5f1125dd1fd6a56fb93752fd60e5ddbbf2c9f743267800cc50dbb404b3687f06342fb46352d9cbae5ff1291c361c4cea1b
+	reseed counter = 1
+AdditionalInput = 4dcb7d297754e72f1f12624c662fe4a319d0d6ba78d32231
+** GENERATE (FIRST CALL):
+	V = cc77f356ea8018dc9153807319f380497c0ebbb4df9cfaf25f43281c1172055f51126c366f319cf05fa1aee00702f653665087c7c3a031
+	C = a0c00a7c528a5f1125dd1fd6a56fb93752fd60e5ddbbf2c9f743267800cc50dbb404b3687f06342fb46352d9cbae5ff1291c361c4cea1b
+	reseed counter = 2
+AdditionalInput = 7b73a49cd0bae1840cb0a6b993685ba5cdf19fd75426c0c3
+ReturnedBits = 20b96bd80abe66419937b258d8c2cb883baba4eb27d3b97aa4468fa1a417d663ce8c7185cf93cf58e844a19920a1284e5057f29900334a769cd0daa35712ca1b0bce2c750a7289ff7f6fdef4486808042010051f01ecbe386ca6477105375eb8540eb9223a4af8abd5760043ccf6a50b
+** GENERATE (SECOND CALL):
+	V = 6d37fdd33d0a77edb730a049bf633980cf0c1c9abd58edbc56864fd6fd2304b7c27fa78c74be7e7101beb50133e33a8d23a05afe0bed58
+	C = a0c00a7c528a5f1125dd1fd6a56fb93752fd60e5ddbbf2c9f743267800cc50dbb404b3687f06342fb46352d9cbae5ff1291c361c4cea1b
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 27ef4f5ff27cce8ea758ef986e9598fed7d8662b6295ea69
+Nonce = ef3aa0daf6d482018510c20f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 628942a50a88460d9b328cfb32ba603057929aa1613ebd533b3c99eaca18b111630e8cbdc2cebe71301ecb04574f1aad35555f2db1e32b
+	C = 52837eb540034e080d87cdfb3be58b52e6e5ff73453517c9de498886c6f97c82c230759feb3dd75ab1322d7a458db3188c7f8d08f763a0
+	reseed counter = 1
+EntropyInputReseed = 0d336b2fe6412718e2c19dfaecfefe3fd12e0d2860e4bb73
+AdditionalInputReseed = fe82632966f2b41322595647597498aead9b9304f0da25ce
+** RESEED:
+	V = f380b5cb32178cb5fcc18c9e8e448042882cf7051d174cfb10d928a0ecbda510f811f596a513ce4a0eaf733e01d9e7198076164cfcdf1b
+	C = 9b4ec011783aacaba2cafd334666c8fc7eac999281dbb4403b7d7650a0166735adbcc3f2e1f5e8d438244b175926ad2429a7b24b1b5c3d
+	reseed counter = 1
+AdditionalInput = 433fb7b3ccc486eab6f8d5fad08ef540091b1ed6f2e767d2
+** GENERATE (FIRST CALL):
+	V = 8ecf75dcaa5239619f8c89d1d4ab493f06d990979ef3013b4c569fd519705a0f436846c835efe032baa74cecf563d65861c7bfd938185b
+	C = 9b4ec011783aacaba2cafd334666c8fc7eac999281dbb4403b7d7650a0166735adbcc3f2e1f5e8d438244b175926ad2429a7b24b1b5c3d
+	reseed counter = 2
+AdditionalInput = 5e2b37cd8f3aa40bae0b289902ea11ac4c633b759feb350d
+ReturnedBits = d9bd14d709ab5aee138733d799275842620aeeff2cbc53f728e1e25a4f188c884d580b59b361aef507b2aef867198daf8b67d7547e18547735fc8201cdff048296d4019a1ddaa18e7ef68557d75ca3e073513415795b894fd11345eca93c812e3971bc96386b391450d12577ddba70a1
+** GENERATE (SECOND CALL):
+	V = 2a1e35ee228ce60d425787051b12123b85862a2a20ceb57b87d416a5ded359df9e80f88f6dcdd0ed074a7ff36729c739362ddfef1e5c85
+	C = 9b4ec011783aacaba2cafd334666c8fc7eac999281dbb4403b7d7650a0166735adbcc3f2e1f5e8d438244b175926ad2429a7b24b1b5c3d
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 76e6a7fda1e20f4c86a66ba8e31bfc16c615f1356eca15f2
+Nonce = 341913c9a1b01e86bfa9a833
+PersonalizationString = 
+** INSTANTIATE:
+	V = b81d1abd76290f1ff56c62705d1f4c7aef4dc1b29fae72372a3178cb23e1a536058a87df24413a55d149a2ec0ffefc526ff734bffeb23e
+	C = 2956f42f03a89f3f349c3bff08373a9f9a4af5d54a715b6c70573f3f6a980a1b5f00cc6fbfb58e5e527996fd255ced5e261786663ce005
+	reseed counter = 1
+EntropyInputReseed = be086ce74c37ae6ecb255b2b3971e1b756b78d7fabcf6ec3
+AdditionalInputReseed = 89ba420d853d343fbecc9c53a5196645f3003f81dee4727f
+** RESEED:
+	V = 2adaffb13be252708c8cacb48b04475a9cc84ae1f200fa9b005a388421667abde348e7850a018c9b2bb781dd88de23070630e81bd3262f
+	C = da0914f6dc7907e227b55497ee060892335ea42ce182d5623c78160db222594d4fc23f9dd325391466bc967872c59e0d1d4c613041212d
+	reseed counter = 1
+AdditionalInput = 60f43d61783fec1aca7fac3a1f5b985f339d3f449df26053
+** GENERATE (FIRST CALL):
+	V = 04e414a8185b5a52b442014c790a4fecd026ef0ed383cffd3cd250112ed61839f5f6a3a9c1a22e43312ad201b4c890877f94039524229e
+	C = da0914f6dc7907e227b55497ee060892335ea42ce182d5623c78160db222594d4fc23f9dd325391466bc967872c59e0d1d4c613041212d
+	reseed counter = 2
+AdditionalInput = 25b901cd8957a7a63f626b1292e6b98bfcfdef27ee77adbc
+ReturnedBits = 975da45545647181d428c5371b8226a688d0c65e01feb84aa53f3ec51411817ec9ad1596a809f765f1ba2af910cb34958c499b87d1a44c726d8c3ffc1d08475a12c0b59472fadfa0f1090a6018fcac6f481f37c057e4a465ca36b3a2c6af0229dc093048b5ff09f9bc04ada420b56365
+** GENERATE (SECOND CALL):
+	V = deed299ef4d46234dbf755e46710587f0385933bb506a55f794a66965f8f44ec1a208325cf9c7402319804443c6c87e61b8e2fb5308cee
+	C = da0914f6dc7907e227b55497ee060892335ea42ce182d5623c78160db222594d4fc23f9dd325391466bc967872c59e0d1d4c613041212d
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = fb4548f4ed94e39bf55919597c37fd5ba1386e100132802c
+Nonce = 182044d8488ef08ee1163d3a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6028c81d6f305f7c8466de17971b0eef0e83fa07a860d103389ac2bce8fc9a807cea8f580c5314cd5ed43c43387cfd451cc49203989c57
+	C = 038f3631bfbe7bc1a5a4137a94f8cefadd1edd3ac91fdca9e02fa3659bd9473bc1279c66189950abd406b8fbb61658ebd5fc7dfc365639
+	reseed counter = 1
+EntropyInputReseed = 8a71182cdb68d9356384139350d2c980bf5d2fd64f0e1770
+AdditionalInputReseed = 807c444bbfbaca243aa982ce9fea2ef49f7f2383c138a762
+** RESEED:
+	V = 158840747ba9c01517da65a07e27b4ed83b14455d68848f57cd3f6d3d2008f6328f7bcf73f7d3fa76422e31fedd24d4fbefcf5d376283a
+	C = 04f089ec394861e3d84add45c577a84e735204b08a2475ef40476ae02ec8280b1588f18b29dcdb91ee43ae3cdb3b92c40a896ce65e5701
+	reseed counter = 1
+AdditionalInput = 8d46af199b2b3463e13b07cfcff08352afc90556a950f164
+** GENERATE (FIRST CALL):
+	V = 1a78ca60b4f221f8f02542e6439f5d3bf703490660acbee4bd1b62d804c1fa09c51d526c7ec306a8feb152b2e1324f3965ba00404cb1fa
+	C = 04f089ec394861e3d84add45c577a84e735204b08a2475ef40476ae02ec8280b1588f18b29dcdb91ee43ae3cdb3b92c40a896ce65e5701
+	reseed counter = 2
+AdditionalInput = e9a3ebc4dd711cf218bbeb7705405e8efd4f65b895d8594b
+ReturnedBits = f28f9a31511fa144284a5cae255da7f2eba1a2343784cdb4c11c7812cfd9798b790f479c8ff9c06acd458f2edb411000a556979171c23918232bf482c5a2d9fb2d3faf1f7c6af4a3654da207d9391752f2975daa22d85e82de7766d4a5074208de12282cc0e38550accbf4279f7efb4f
+** GENERATE (SECOND CALL):
+	V = 1f69544cee3a83dcc870202c0917058a6a554db6ead134d3fd62ceabb56c5ff1901c25fcb9446f36fd5ce13645d6eed0310c8639ed9ab2
+	C = 04f089ec394861e3d84add45c577a84e735204b08a2475ef40476ae02ec8280b1588f18b29dcdb91ee43ae3cdb3b92c40a896ce65e5701
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 6af9ad11eef708d3e3332b66d0e02d4c049225050415701f
+Nonce = 27d0268faffdce20ff328f56
+PersonalizationString = 
+** INSTANTIATE:
+	V = 689f6e6780df136c8fb8a63e575387ffdf057266d5175f80b4ce5c2d074ec733fb9ce9f4bbbceda936f66549d8c3e53172350a11a36ed8
+	C = c0a602c0def981e2cc2c93140deed7f0651739a3c5d5120bd43d0a739d0fda56fb556feb5aa3d83adfc4cd73c46fea98918bfcba25b65d
+	reseed counter = 1
+EntropyInputReseed = 70e2e6e007a4a3b0164fb849f8687843d6ee90fe93cc49f3
+AdditionalInputReseed = 8974269fb2a42869a7a4abc91e5c1c534e8cffe7781aab6f
+** RESEED:
+	V = 437923f7a2a2ae391605c8d9c0e79f61317567236609c4c12c09545a3691a7ff875e05660c32018f92a1e92ec1cb26b643f374a0257af2
+	C = a71875f762e5bce3390facb36d343f4b29323ab69a9e9c3cc1e7ab5021e39e1ff1aaae7d40ee477f87bd2e6c62934daeba1346fc7f6a44
+	reseed counter = 1
+AdditionalInput = f3e67593eb2bf8fe069829849df15609b6413c6ec8530880
+** GENERATE (FIRST CALL):
+	V = ea9199ef05886b1c4f15758d2e1bdeac5aa7a1da00a860fdedf100a98c48fa413bd976b888541c146254aba610393e4de77be80c01677f
+	C = a71875f762e5bce3390facb36d343f4b29323ab69a9e9c3cc1e7ab5021e39e1ff1aaae7d40ee477f87bd2e6c62934daeba1346fc7f6a44
+	reseed counter = 2
+AdditionalInput = 3ceb7d46137ae3021ac72874a7ae622495dee46cb15b59b7
+ReturnedBits = 6bbb178f56bed67a776596cb2c988de8facced72b4a34e11aed0897e018ad94d543146585c47fe7b43a2c94a8e5388514b35a4530439f1943d4c0fd7f55a3bf13ea16080cd73bc05fb22aae74f5796d9d6b83c805960372aef38be1b6de44032abf3bd23481e834830a6de1d4c0d1572
+** GENERATE (SECOND CALL):
+	V = 91aa0fe6686e27ff882522409b501df783d9dc909b46fd3aafd8ad0f0aa12f052653c53aa6594d0d678a060d9393edf5009f07f46aff96
+	C = a71875f762e5bce3390facb36d343f4b29323ab69a9e9c3cc1e7ab5021e39e1ff1aaae7d40ee477f87bd2e6c62934daeba1346fc7f6a44
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 1b526509d5341f07451783330867655dfda7829405fca78c
+Nonce = 3c5e0d93abecb924b1235dbc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2d68766386bd929a37d45e73543d54c0ca10bf8af668c0122b40f692e5c805376fc03d530402d587c9609355c296ad5c5523e7a1bf2699
+	C = 9d7fe04152cca9296dbdc52e9b2455782d421b6311bbf9bfbd12a15f1b034dff692e841694b6bef3937d2404294c9990e002986a9890ea
+	reseed counter = 1
+EntropyInputReseed = 0a665697372c4bc0f06dd56cb04c9e14350cf2eca9006c13
+AdditionalInputReseed = fdf180b8386572f5440ee2f3059ba7aa4985c67103ee6b15
+** RESEED:
+	V = 3328b1d3dfdb199257b7b412f8bb5ad80e514dc753f2f1f8000bd50ba54e9a0bf18ee0bb40ce31930faa4cce593eb9047e027c65da7ac8
+	C = 6441e24263c2805264232baf859d24811f2c1ab71a30f67dc41ec29af8e8e5ecf9dd0146d24d31b6337e7e3fc2403f2356a5445a64f8f6
+	reseed counter = 1
+AdditionalInput = ef871a19bf9ab29ab895501182045a8e5e899875111e4571
+** GENERATE (FIRST CALL):
+	V = 976a9416439d99e4bbdadfc27e587f592d7d687e6e23e875c42a98d85a1070a07a6e18ef55e50eab35b5dba03008db3a08e7abcaabf664
+	C = 6441e24263c2805264232baf859d24811f2c1ab71a30f67dc41ec29af8e8e5ecf9dd0146d24d31b6337e7e3fc2403f2356a5445a64f8f6
+	reseed counter = 2
+AdditionalInput = 77ee24d58e0c0e1ee52cd29f8c2bb4d7566f1f39020f7250
+ReturnedBits = e0fae40aec21aec73f81040dc73d3e5304b3d809823a1bdb07c697dcdb37611c053abd057d13a3b6a5a4280bddb4970bfea7d26d628a08b97c970df9d8e3c938f2ededd02e25d934dea4ebd7a49aae5942d32b3935d142f4b593efdfc251c6136bc0927e80e1e246ad4081528ec39b0c
+** GENERATE (SECOND CALL):
+	V = fbac7658a7601a371ffe0b7203f5a3da4ca983358854def388495c9d587539e4dc0a15ed7247934c975e772b2c4e87b4584f8d4a297df2
+	C = 6441e24263c2805264232baf859d24811f2c1ab71a30f67dc41ec29af8e8e5ecf9dd0146d24d31b6337e7e3fc2403f2356a5445a64f8f6
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 6c6f5adfc58a5575bedbdac04dd76a47002f7b2847e537c4
+Nonce = 633c991ed42e24d4cb1a93c1
+PersonalizationString = 
+** INSTANTIATE:
+	V = a69eec131f34bc1517121e53f82f3465f604b0f529cd0df66a0a343ac869f325354971eac8d6822910f002adbc031eb3c8d6f8eeec798d
+	C = 47bc58a7f8ad04d79a61b403aa296c26504599c0db5023a53067d78ce4ab284bd787ee439e68818dfbe3b4a9c9927a82782a7d3ca591d3
+	reseed counter = 1
+EntropyInputReseed = 92fc2275d7f9f171f99042ccda9634d3480869ab4d0922ae
+AdditionalInputReseed = 99b50d9e2fb9d17d7e17b53b0ac513eb05423351091a1e97
+** RESEED:
+	V = 746214d8c6a4bc4c0bbf9091ab49e565866d00c9f3fff5131d8888ddcdae04bb0f6077907af84fc3b218839897a0f712774ce9cc8c4ca2
+	C = d12778f12fc4c363a9f84a8c6da78ce8167d34a970f97c40b4dc57bc4fc83760d8fb1d933da4539ae220b37344921cbf92fe7700130f4d
+	reseed counter = 1
+AdditionalInput = f5b9acca5c22015948457287ed15aaf5f04cba4f6a6e2a0e
+** GENERATE (FIRST CALL):
+	V = 45898dc9f6697fafb5b7db1e18f1724d9cea357364f97153d264e1f2cb2bcc79b9dfdf35016e6c7d9812482f07e30ed3ce729b5f8b67a1
+	C = d12778f12fc4c363a9f84a8c6da78ce8167d34a970f97c40b4dc57bc4fc83760d8fb1d933da4539ae220b37344921cbf92fe7700130f4d
+	reseed counter = 2
+AdditionalInput = 56329f12213226d58bace8dbad203535198cc471ae628e16
+ReturnedBits = dcba95cba6d779d8fee09bdb785db00464910d2097225fbfa4060ce67ad30598d1e60d9063da02422b68cb7ea2102803ecb0f35439d4a1d60e67f4fd5750ee460a5de89a4b9d07aad72b3eb91c14cef2fa041406af954fe0d1ae8448bdf31ac45072435f8f0d2b40f7e3922e28ac536f
+** GENERATE (SECOND CALL):
+	V = 16b106bb262e43135fb025aa8698ff35b3676a1cd5f2ed9487413aa58cb9b775d19a8400190da284c3829909341a154c20b0750ba07cec
+	C = d12778f12fc4c363a9f84a8c6da78ce8167d34a970f97c40b4dc57bc4fc83760d8fb1d933da4539ae220b37344921cbf92fe7700130f4d
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = a68826e92785ddd32d798d0754caba6e4b42e5015c41e2d2
+Nonce = f080bcfa86a6344e24fefc88
+PersonalizationString = 074942d3d467bf101e019e6414e787b8a3b1d866c2e8d3f0
+** INSTANTIATE:
+	V = 4d4a5952be7790ea62e83ca4ff5e771e50c5e6aae4c4502169c4dc7cb5c2fee41338b3e9c9319bada471873b5582c05cd8b80c550c0a1b
+	C = 25d7b4a2a2451e8b87423fda15dbf52b8774268b41a3e43bceb7b5b7b4b95c90c39cd6461e7c0e5bb7954a503d6968274ee56285d73fbb
+	reseed counter = 1
+EntropyInputReseed = 27239674c9465bec820e2ab648ec3e9908d36fc1a7248415
+AdditionalInputReseed = 
+** RESEED:
+	V = d3aa781efcd825f2981da5694bd72671a9c33d6f996c1cdb64ad1fb10c417366a0de56dfe2396629f9d7b6e83a9634f13eb95bb3f6b07e
+	C = b810b3d2037bdf316576f00ddc8abb5814c15547c307a23dd88231958268960307228b8f290e28c69696c78c7bfa7ce73325c4ae275bdf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8bbb2bf100540523fd9495772861e1c9be8492b75c73bf193d2f51a27c25bf9732b0ef2e968f9695d89834709fc3d22a95cbb5562f133b
+	C = b810b3d2037bdf316576f00ddc8abb5814c15547c307a23dd88231958268960307228b8f290e28c69696c78c7bfa7ce73325c4ae275bdf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e9aff0ebc74672529d8ca4b05455e3ccfa6971319b74bf46d84c6da46b9b9076f92e31f426a62d9b3b165abbb4b23da032050c180230f22ab17ed7dd3512103351ba65ed915233b0c801c671b9f2212376f4e6be7396e50bd21f3218e3484f1c3cc87a9f3f308d15152c3d6a4555f495
+** GENERATE (SECOND CALL):
+	V = 43cbdfc303cfe455630b858504ec9d21d345e7ff1f7b615715b183e63ee7a16c4e7e0c2017b33dc70b0187d3b08230a7d47b930a1b0de6
+	C = b810b3d2037bdf316576f00ddc8abb5814c15547c307a23dd88231958268960307228b8f290e28c69696c78c7bfa7ce73325c4ae275bdf
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = db5c03dd4ced2b82fde32c1e48cfa1b666acd1a468dcdf9d
+Nonce = 6f7e66607a6daefda5873528
+PersonalizationString = c947e8a6e8f8b10da3d22b040c2cf1f1f8f807e58be8554c
+** INSTANTIATE:
+	V = 8ebef5e02776e7a66efb116aa08a9a8429b1bab0d739bbfe2e585b52c18a253b393f37532d0a16c8b429bc3fb3133282f0ebad5d3c8c90
+	C = 6d4d97ec484295d3923c2f6761799f205f1739a8dccc87bb53209bd930a79ee1f0d3c2de11d2d59895a5a4832bf9e40227d0a1171aef0d
+	reseed counter = 1
+EntropyInputReseed = 4e9d25ff217921b421870e1dd2651cbdad8374d7d9ea9409
+AdditionalInputReseed = 
+** RESEED:
+	V = f9668401932358e007c2c89e59b7b63195e7c13d5da686e5ab8b49cefb760b230fb68defb5b39bbf04b9ae769902ac380f0dc7defd1f7e
+	C = 5abcaa77dcde9021b0dc7e660a996ae47767347625aeff17d98b3f4d9f9e7c209c7e8dd02af7f8cf3cbcc017a46f0caef3b700717b7f5d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 54232e797001e901b89f4704645121160d4ef5b3835585fd8516893264609d15db39abde19f584d03493583f1ed03f70eab5b4422c51a6
+	C = 5abcaa77dcde9021b0dc7e660a996ae47767347625aeff17d98b3f4d9f9e7c209c7e8dd02af7f8cf3cbcc017a46f0caef3b700717b7f5d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a69bb5c0ffdf96102cd6b9f77b4a2fb458636829737acf5bd2d40c0fc8ed7294c270b66dba2d3d69aba24b96ba895683c4024c4ceea0744972489a2bf8a29312d608f518da423251a0b06ac9fe971736e17aaf8adb343c09899391c5881c1987a664ce744295a320b5893fbface0d800
+** GENERATE (SECOND CALL):
+	V = aedfd8f14ce07923697bc56a6eea8bfa84b62a29a90485155ea1c97170bf0aecd2a2f7a86c45e58f6a5aea5c62e2ede137bc1b07e291b2
+	C = 5abcaa77dcde9021b0dc7e660a996ae47767347625aeff17d98b3f4d9f9e7c209c7e8dd02af7f8cf3cbcc017a46f0caef3b700717b7f5d
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = dbfea4a7c0493df420f5a941fe399922cac53746e0b4a640
+Nonce = 9552a3500d7f832712bb9ed2
+PersonalizationString = e0e36cac176c70ce6a37dde598559ab67f484041e9dedf96
+** INSTANTIATE:
+	V = 2d7b28897eddac7c15e969f17612170f71ea5932d8c15bb7ecfb55a9e4eebc3e85f485676559dee4366ed1ad0d17b129ab27bd890e0b00
+	C = 327f5771ebf3805e4c3444cb29ed3099479fba8f5fcb6918141427c813834d00994e258985354c5eafede807d16dd0f258baae4bfd5792
+	reseed counter = 1
+EntropyInputReseed = 20f7c981d9e84d552bed9c4f51f0774fb0812abaa1df531f
+AdditionalInputReseed = 
+** RESEED:
+	V = 7b254f319a490cdbfdcede018fce398f66892de4441a3542abc00c6e6ef8fde5279085fb2e6a672f68092185506e118ecedc6b2b4a4c94
+	C = 439c179cddb0b55ab61e876b6edb2dbd6a742033c4294351c4f956c49c8a5ffd12ea59ad0221f3a0051182fbcd0674e35d2993e0209507
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bec166ce77f9c236b3ed656cfea9674cd0fd4e180843789470b963fb2ff3a21e62983e3ef794997ee48839ca3e2736f089db8e9f4d7017
+	C = 439c179cddb0b55ab61e876b6edb2dbd6a742033c4294351c4f956c49c8a5ffd12ea59ad0221f3a0051182fbcd0674e35d2993e0209507
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d46f2927a2485ab2c0a8ee4e76601e1bc22248d7cfe7a1bafa96438af5dcc60ef83ea32638d363008cbe8efe93b8aea8d53b0f666b7327f3f832e8015e5d43a33a8ba581e023144cd51ed312fb8adb328f6adbe9d98b96373042337f1e896f674c835368858911a2a29424dada920f33
+** GENERATE (SECOND CALL):
+	V = 025d7e6b55aa77916a0becd86d84950a3b716e4bcc6cbbe635b2bb41d14d37bf51116899ede507602ed4b5ade0d54443eaa3b36aa9d8f0
+	C = 439c179cddb0b55ab61e876b6edb2dbd6a742033c4294351c4f956c49c8a5ffd12ea59ad0221f3a0051182fbcd0674e35d2993e0209507
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 3b526f764dc20e019d7ec2e8cd160ee8457d8e66f84a9583
+Nonce = 38029d853715e48e2afa9752
+PersonalizationString = 0965827ae07e1ad20e1df8db787784e08c56efd901636e8c
+** INSTANTIATE:
+	V = 4ad893ec7c0fe7f10d73dc87d3d0cc01f2baa3da9ae2c73bc14c60bd6ea7c1874e1ac1191812d2af2292f1fed7e8b1226a993a7c857947
+	C = 5dce3c6b5014f0da3cb7922c93c02d1194674c927db714ea88413fead8e31aff08a7682a8f82cee39c3102c1e3498452164b9cb643cf7f
+	reseed counter = 1
+EntropyInputReseed = 06c5fb4da1dd2b49c1d6e0c4842bec85bbf3b2ea442f4567
+AdditionalInputReseed = 
+** RESEED:
+	V = c03a87f5ae6a54e584ba99e7e78a09f9e48f56a445ceb3e8918e84141c7dd9621b6bd809eb65e293250622ca1da818bddbfab2d1958441
+	C = 3d05de43b25cfcde0d95d0a62478fd2ed4f1ab4d79fe3dd2385ce984c8b2a25f7d45b137c3f9fdf0ea18464dd4d1a4631047febb028796
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fd40663960c751c392506a8e0c030728b98101f1bfccf1bac9eb6e579d16be4eb2e19a0f37404d8f88153267b7c6640a88532f5e8883b9
+	C = 3d05de43b25cfcde0d95d0a62478fd2ed4f1ab4d79fe3dd2385ce984c8b2a25f7d45b137c3f9fdf0ea18464dd4d1a4631047febb028796
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ce060d8697ee33a21f4ed516771353ef65276f13d28beedac506012b16a726dc3c9da84d756444141f1618843999287e7750e28b5811eeeec386b6d110e2491a396e60375e7b44d938700c3837bb1c376ccabd6b12ec18c165f1f377028c629b5f475b48930a7a810afb82d3b536c2e0
+** GENERATE (SECOND CALL):
+	V = 3a46447d13244ea19fe63b34307c04578e72ad3f39cb2f8d024858cdb0a8642f021cac3cc0d68d00b98fe299dc20b62632a1afe23160df
+	C = 3d05de43b25cfcde0d95d0a62478fd2ed4f1ab4d79fe3dd2385ce984c8b2a25f7d45b137c3f9fdf0ea18464dd4d1a4631047febb028796
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 24044c7ba5835f374ef9ea049d7455191f69534f964ccddb
+Nonce = 90991c56ae5c9f4064f3a416
+PersonalizationString = f580bcc7782d0d1ca63a6aa47bf79e0a226086766d548fdd
+** INSTANTIATE:
+	V = 9841f96d84ed481f1d5310443ad8d7693331f8f886d3a9699bdc55153b8e60cc87f23c6dfe585347f60556243b9d3c8bc5b833351f4aa8
+	C = 1f19ff3d37abeda6dcbbea9f43c7cadc0044590a5cc14ee8c8319bbf4b37234378579f4267947879aa3cdb5343c024cc5c4cbdea7e1a3b
+	reseed counter = 1
+EntropyInputReseed = caf5ec39227dbcb246d71faa6dc41b1947a971baa3d39f02
+AdditionalInputReseed = 
+** RESEED:
+	V = 18f659a8587cb044fa2aa3d6d562c8879133a67f104472c6ff18f07915c779a513ba4321369f97da002e6fdbc810e00f23db652936de70
+	C = 12b6a02ba31674a65aea22c7a0fa841427aafdbb36fb454f218c02733797f63309d0b0cee9e9362c224527881c331013649c472858586c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2bacf9d3fb9324eb5514c69e765d4c9bb8dea43a473fb81620a4f33b21d8923e956185d5cc6ae4efadd011b64ef13c9e50cb232a4a02b1
+	C = 12b6a02ba31674a65aea22c7a0fa841427aafdbb36fb454f218c02733797f63309d0b0cee9e9362c224527881c331013649c472858586c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 577144ee8d49afc152c0d8a1b8d4f25978a103a9fe2dd16be0d8bfbb9cb184255ca793f2659cffa9fa7e71bfd48be23c524e6aa11048ad7742e256db6f4b9177ab3f1bdfb48d8ea0d54b41e44cc3277df31acdeba6b78f8542d0a2d441961ff8d62278dbe39a1f0f84a6debdbc42f940
+** GENERATE (SECOND CALL):
+	V = 3e6399ff9ea99991affee9661757d0afe089a1f57e3afd654230f643474de7bb0ba010da734fce6772c5e159e8ca6d5fe4346d8a0f9854
+	C = 12b6a02ba31674a65aea22c7a0fa841427aafdbb36fb454f218c02733797f63309d0b0cee9e9362c224527881c331013649c472858586c
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 38869cfda6a46e0f71343fb446101c923ba249775e89d7e7
+Nonce = 882f53c81946eee98c52fd2f
+PersonalizationString = 2d277e827be1b1b86d813202a25490caaff1dada2cbc63ca
+** INSTANTIATE:
+	V = a41a619b0c4fa1bd25a468890242711925d32fab232278d2c4fbe003b0a683503d1c9bbf03839abca1b58a95ca2cdb1ea022d9021b1bad
+	C = 4ccd8a4091e29a033c2cc00e3dd9f0927bcec15445a43fa131169374ff085d221f266097004a07ee3bc84d5afa7ec23f3d94f65b13a502
+	reseed counter = 1
+EntropyInputReseed = 6fb8de60036d992e1e77020817a3181204be02a9e8576c66
+AdditionalInputReseed = 
+** RESEED:
+	V = 1ef02683fcf378615f2a7ce9d23c7d2859c9d0dddad51640d5dbc13cf3ff6d0aaa87e75bb4b7f9e29448380b6649b0de84fc6284bd3849
+	C = c469ee6066ec340e4761511ccbec1dda2ca728544f890399c216498258f8036fc987a33b609bac99957380270d446e53a93025311899cd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e35a14e463dfac6fa68bce069e289b028670f9322a5e19da97f20ae5388ab800d4f1cc2223b59f3e416d5739ed2d47c03144a1b5b18ae8
+	C = c469ee6066ec340e4761511ccbec1dda2ca728544f890399c216498258f8036fc987a33b609bac99957380270d446e53a93025311899cd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d08e20fd84f67c56fc6498e12b02a60c9277359717a567b1a560816b5ddcf746af8fe93a915d2ffebdbdd9c6bb2483a0cdeec933efce8be083c0643da906af4112677e9e2a77e63b8f053cdfa1e12b138735feba5280e1898b648a00556e8245d719289a55a71058a726871ff43f2fbf
+** GENERATE (SECOND CALL):
+	V = a7c40344cacbe07deded1f236a14b8dcb318218679e71d745a08551ac6104dd1693240b11f2173ce987bd121b9dce2c170de975de3cf16
+	C = c469ee6066ec340e4761511ccbec1dda2ca728544f890399c216498258f8036fc987a33b609bac99957380270d446e53a93025311899cd
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = cfac02ddd38df18bfee40ef6d2bc0c247f335fbdb22f1602
+Nonce = 414e706e3e0220df4870b284
+PersonalizationString = 8b8ea02681e6f5027602f86795b20eb7701983e7384ac2cc
+** INSTANTIATE:
+	V = 281fc6738ce76893ff003195d843e1327efebc8bb431bf3c125c55cc3612c344a54e799fbbd686a1143f5261ef9adaa51e871b6c411c7d
+	C = 486d9b08c96a200888d03261f7e051aea2c4f60e2e9d6de52b0c98f7ab094a7b65088eef7589adbfe4037f08ed7af3849b5283a7f08230
+	reseed counter = 1
+EntropyInputReseed = 9bba186d25218b971f9a5906f0192e467adb536538d0e2fc
+AdditionalInputReseed = 
+** RESEED:
+	V = e246d1fbdfb0e6b676e66762cfa6c6e1783df310e84e85333731d6bdc15ba469cd4f3e5f7dbb88bfd5857a4f393968a4950d54abafe6e9
+	C = 3879e63c066221f6ea7476a217d053d14d8da13bee3d15a22918509ae04efe0d5dc672883764cb5f9ffa4245ff8333f36eb5b49c28bbd5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1ac0b837e61308ad615ade04e7771ab2c5cb944cd68b9ad5604a27768260c9bf5f5e4dd89a54946f1409fac7c01455f13b3182519ca942
+	C = 3879e63c066221f6ea7476a217d053d14d8da13bee3d15a22918509ae04efe0d5dc672883764cb5f9ffa4245ff8333f36eb5b49c28bbd5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a7f99ebeb29331ee7c99063ced89865cc5c397d6b5d15934332119c5f94855dbc991a4e7c1057a707e5c38d539c02c526195bed77e192c6ef3960ab1c44d5d446886de77c9454fe9e2e2c87330c8abe03f439b1b4302318fc3e087620d114781756ce5cdd448cfe1f05c808405fae49e
+** GENERATE (SECOND CALL):
+	V = 533a9e73ec752aa44bcf54a6ff476e8413593588c4c8b077896278e8db7fe148aee682fb79d29daadbfdf234656903d51072a59524ddc7
+	C = 3879e63c066221f6ea7476a217d053d14d8da13bee3d15a22918509ae04efe0d5dc672883764cb5f9ffa4245ff8333f36eb5b49c28bbd5
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 2740fc385f6ad6b7e9fde78d2ab58c28685d0f178d8dbdf8
+Nonce = 229380b08601b6ffbe7a9ad0
+PersonalizationString = 950f585babcf18337160cad32dcebb560133bd8fcf6877e9
+** INSTANTIATE:
+	V = 6b3598f27b36c1dbd4471fbb34b406515e434a6c937e83b7167d27e1a8d00bbdb0c6cfbe6efb4a8a03bda58a3ccd7c64e71ef44be7dfd4
+	C = 2d804dca8f16cc20812f0a4898d89bb928275b0eaa781dd41ae837e5026fce5b3249d5b9402fa1b2b23412f01e92dcd061e77682f087a9
+	reseed counter = 1
+EntropyInputReseed = e75d77b57fdea756176cea0dc51473852b32cf7ed55d7147
+AdditionalInputReseed = 
+** RESEED:
+	V = 66a2983acaaa912fb2083812853f3a36fc8d9edd1baedeea37c9520ba31359713d83562bb53e68d1924b45992b67a4d8f3ce8281367052
+	C = bb7471e6735bb20eadda203708ecc6e75caa244aa5d033fbb23aab375f7265131e0ba03b27bfb3ca5d28019685eff077b173b834188cc9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 22170a213e06433e5fe258498e2c011e5937c327c17f12e5ea03fda5fd84c88114d8dd769c6bd4ef752b979473f993ef106b2adb991158
+	C = bb7471e6735bb20eadda203708ecc6e75caa244aa5d033fbb23aab375f7265131e0ba03b27bfb3ca5d28019685eff077b173b834188cc9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 72d2d08c809a8b80662d00a521fcda26654444477769a5aa1d8b67fabb32d3b6e1753290c1a819534c86b1d6bb00a8cd42c94b072339d16c3d30e22852a023f43e52fb720ca50cc0f762d77702a5eaee8154ad077acf166b599bff1ce0c6f5203a166864a07a4a656499a8cbcd91a562
+** GENERATE (SECOND CALL):
+	V = dd8b7c07b161f54d0dbc78809718c805b5e1e772674f46e19c3ea959ba8a71b6f254710c4ac946b7d0ea1bf79e9644e5ba5e5592131eed
+	C = bb7471e6735bb20eadda203708ecc6e75caa244aa5d033fbb23aab375f7265131e0ba03b27bfb3ca5d28019685eff077b173b834188cc9
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 4341e55a792af8a1998493bce8eeed38d5d890b7a74e9121
+Nonce = d4573ff309827af810c92c2f
+PersonalizationString = 13ca74bf166ef3065315d950ff8f42ba71ff806d86ec6d19
+** INSTANTIATE:
+	V = 9fd0c2aabec320245590109eb99d7d5b0617a54baaebce5ee81643075d4c9fde3d320e97f48d946585044c96b0f1dd7471b33819603e85
+	C = 0ee59a1d016f94259ca9d543cef4b60bed2fc2a169284017d3e08be857a9b5dbea7425bd284992c0a386a1c74baba6c8c71e0cbe40b8a1
+	reseed counter = 1
+EntropyInputReseed = 1c5c4f65148d2809257775ba9573ae6f8762867ca7cf394a
+AdditionalInputReseed = 
+** RESEED:
+	V = 4a52bffbb170d4f7b1545adc456e895da411825d0a8c4ef0a628e085a93b7b2c5b39d4c4ed5d64b06a46c89664d54cc29fa31ce38d69a7
+	C = 358cb72f18fdb7dc8eddd16c62015498c21f780f26dbd1a4eebffc39c7b2515cd90b0890df6db7081c5d3c5fb8eab0d90fa0ac1784559f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7fdf772aca6e8cd440322c48a76fddf66630fa6c3168209594e8dd9a3801fd3e0a18f9540faa6ff7bc169a558b8ee3f27efec9dbf361f3
+	C = 358cb72f18fdb7dc8eddd16c62015498c21f780f26dbd1a4eebffc39c7b2515cd90b0890df6db7081c5d3c5fb8eab0d90fa0ac1784559f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ae40d28587e163b7d2decd55f1c95deba5525002b6127fdc6c830c1c28847c874f7b31c1f003ab5e46d2f2ae9bb67b9ba8db3f00eb66d8dd1e3285f9d17896ff623ff7817e32ca623a69096eccde559cff972998058eff40560322c490dbffc2ccfd50bd96a1ae7f77d17144a9999c53
+** GENERATE (SECOND CALL):
+	V = b56c2e59e36c44b0cf0ffdb50971328f2850727b5843f23a83a8daa6b1af7bedd31d21c0e5cff72ee9ccf44f1786164c075f584d42a8d3
+	C = 358cb72f18fdb7dc8eddd16c62015498c21f780f26dbd1a4eebffc39c7b2515cd90b0890df6db7081c5d3c5fb8eab0d90fa0ac1784559f
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 45a5546d5a7174035ded640dce12c3e4f8b4b5512ddec81a
+Nonce = 92f96fbeb2084b1ae9e68be3
+PersonalizationString = 13f13c6189f2e34a8fc0ca6b6316df5b59fd58458e9f49af
+** INSTANTIATE:
+	V = a9e853cc7f23257627ff9eb4aad126402da4fe67eca2c87b050c4e48989386bf460ef48ecbff89c57f3094b5c8ce4bf23f27bdeb6b8d4d
+	C = 5ae97292c2023716e87a0d32c9f9e0f0b5e1af2555cc54690ad0aae73abe01b34601e582cacdbf231e93dbddff70e3416d293c6c784512
+	reseed counter = 1
+EntropyInputReseed = cd3cc4f0e13f6597f9dbed179f37673fd0a8109067b537e3
+AdditionalInputReseed = 
+** RESEED:
+	V = 06731519233c0253c536bcb29dfae88badfbe1788871f5a39e20e6a8d2fc9b138b903de4b641d63e8124c73510be33c7ea16a20b732b2d
+	C = 008772295ab1a495426ac776c569309394a8a20e136eacd142b1f1fceed07d623723df53b8e8eca1230a66ceec0b071c35ae4d434ffd4e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 06fa87427deda6e907a184296364191f42a483869be0a274e0d2d98c6b897c49d04680060a77da37d1cf3372ee9ada768e458828888f30
+	C = 008772295ab1a495426ac776c569309394a8a20e136eacd142b1f1fceed07d623723df53b8e8eca1230a66ceec0b071c35ae4d434ffd4e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 637649077521409a729548e13b5a05532dc6b3dc60fbd21abbf40142ec55b0d73735d07c5e8eb85aca5da2a13870d2de819390654a8098a1a708e2f7af5600a0cde1388624e14fa231df02e5f79bfc1911059a7b9bdb159ee3c82eeba9cfee36b798d635645e5c020307187596adfa1f
+** GENERATE (SECOND CALL):
+	V = 0781f96bd89f4b7e4a0c4ba028cd49b2d74d2594af4f4f462384cc344bd86d078ae5348a40f1ea771cff4fa1915ebc0125654a4774eff5
+	C = 008772295ab1a495426ac776c569309394a8a20e136eacd142b1f1fceed07d623723df53b8e8eca1230a66ceec0b071c35ae4d434ffd4e
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b7e588b991c5d10acf44c197b8fce7a469af0b4e12a429fc
+Nonce = 250575641f3c36413d390cbc
+PersonalizationString = 4df8d96882cea89875398df569ca665e3bbd88a6b8a9df63
+** INSTANTIATE:
+	V = ea8651547fc2fce0007f13dd3d78a070c10c39070562a27912e8715c1ce4a7316164a0063a45e41e734a3ac489c67bf1acd3e6132d1f0f
+	C = 14e78f69c96edc431c91b5a3b127d4e412cba458958740585cf7ba26c72865d9aad95f5ef1106165b0889bfb41ae3384f1fd3705600ccf
+	reseed counter = 1
+EntropyInputReseed = 59a99bf479e6e5de588f4acc8e4359ec09529cc01d228e58
+AdditionalInputReseed = 
+** RESEED:
+	V = 58c08c8c9ca119f634987661fdda1f20ea3de1fb051ffba5315719b9c332d2b0f42075e29a0cff9a7928be7a9e4fcf8dcccb39b9ae0ca9
+	C = 8d1a76095e4447904b1cbe8cb4bba7c7cf3d7bf9857f598182f04f9f77e3d69241442a393a3ef575914af3cbf2f99b346ce5ec52389ee6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e5db0295fae561867fb534eeb295c6e8b97b5df48a9f5526b44769d9b09cff3f31c6d3a7e52732f425c9f9faa3233e8991835bb95b8481
+	C = 8d1a76095e4447904b1cbe8cb4bba7c7cf3d7bf9857f598182f04f9f77e3d69241442a393a3ef575914af3cbf2f99b346ce5ec52389ee6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 32285fa5bc2c55b68a74045c6d3c0fc4c89bdae02f2149f6f2184fc7d6e07a7a3a0a08691ff45d3f70f318c6d35432df1ca3f481ef37c3de2e49d16596dd71e58a9866ab63c9c8363bf3e30ed7c5b4f0a1f6f4ab646dc0b69c48b8edb429ef49168d3298711677ac0532133f6760d728
+** GENERATE (SECOND CALL):
+	V = 72f5789f5929a916cad1f37b67516eb088b8d9ee101eaea83737ba05d72bbf669d3d741d827a26d1b289638cca6df4c1df322a8cb29904
+	C = 8d1a76095e4447904b1cbe8cb4bba7c7cf3d7bf9857f598182f04f9f77e3d69241442a393a3ef575914af3cbf2f99b346ce5ec52389ee6
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 54357d75e1257b10f0461bd7679498afa51ba705d2d39f3d
+Nonce = 9c0cc6c7fd9b94b6d53efa8f
+PersonalizationString = 37d410b899bec27a5edc00a258c4950a342df1674df52a46
+** INSTANTIATE:
+	V = 5787c463037dc8a7dd0f39db5c0e3cdb48fc475dc7559f1973b01b5197c622aa5c251660ddd38f61e674167d63f5b1097900ebb22d61ae
+	C = f037cc56c849aad7fd9d71185009db60e6d330b16ab16af0fd210dcb0fb119024f87db7485f079453a619792c39279308f40d497212b61
+	reseed counter = 1
+EntropyInputReseed = 6b54367d9557ba0480582f4736c50131ba08b9c56e3ddcc2
+AdditionalInputReseed = 
+** RESEED:
+	V = b324a9fa65afbc4a6210647b1bfbc9a6627902e787010b3ef4240cb0e27046fb3803bcbeecbe5bdad098d7e2b758a59009e17f79d48b22
+	C = 738b9e019e2444fdc23b4011d8a845220da6fcf7fe81cb0503dc66706a97fd9878bc6987dff8f9de75f6b38df4b320829bc132963d0b71
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 26b047fc03d40148244ba48cf4a40ec8701fffdf8582d643f8007359945ffff71fa74d3ad0cf44764a43a64ff9dab3cd4da367bacd0bac
+	C = 738b9e019e2444fdc23b4011d8a845220da6fcf7fe81cb0503dc66706a97fd9878bc6987dff8f9de75f6b38df4b320829bc132963d0b71
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1f1c25bfa1ec8671f31d41aea02a745b15a05625dd099348403f4555afad88c465d6699bb2d1f3958a2077c0ea75aadbe61048abada4721c39794ba62e00097540086876bea543ea685739f1eb266f7540ae1e6843b22f6603ce6455ce3855c3b2f1433d806f9d7bc0217c27e37e421e
+** GENERATE (SECOND CALL):
+	V = 9a3be5fda1f84645e686e49ecd4c53ea7dc6fcd78404a148fbdcda41a31f9e6e525a1b6000dea00d974e0b43f079ca4b063d03600c8978
+	C = 738b9e019e2444fdc23b4011d8a845220da6fcf7fe81cb0503dc66706a97fd9878bc6987dff8f9de75f6b38df4b320829bc132963d0b71
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 2f815527eb6b79a93b4849dd69a66837216f4bf04d499844
+Nonce = d4f1cfd9f28b67b7abd31094
+PersonalizationString = 705881415b3b21a0ac5cb6d021f4b6e95a36e74f379c4074
+** INSTANTIATE:
+	V = fb23bffd42cd37382d05bd1cebb01254ab38a7dd19c965075402742a005b2f87ac707db6d3ef49d0e41a15ca6bef2604fcdc850f3209a2
+	C = 8400dbded97520e11fa10c651b58b9e0a71e6db4f7b304f7101571d2db2f701b902bed9429b477094110f401c5eb941439419f04956b1f
+	reseed counter = 1
+EntropyInputReseed = 5e0492ce449cfa61e5f5bb77e26e8eefd025d444429c4900
+AdditionalInputReseed = 
+** RESEED:
+	V = a1c39ba08eaa79218f411feeb5d53e9d99788e3dd9638aa81e244d2ec55aad6ff201014f8516b666c4cb941c900fa94f6dd633b5f880bb
+	C = 48c2dd4e5d7200100b19a163d1cf1d7e605a5dad2d3a1c9954c656f2cb7d3040d16fff93f84ebc7868ec9c02a44f4fefb35de9e775f4e5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ea8678eeec1c79319a5ac15287a45c1bf9d2ebeb069da74172eaa4e45b23ef4322a2edd4d1a8aae3ce98a131adc1a35ed70bb19f4ffa8d
+	C = 48c2dd4e5d7200100b19a163d1cf1d7e605a5dad2d3a1c9954c656f2cb7d3040d16fff93f84ebc7868ec9c02a44f4fefb35de9e775f4e5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3c11ca0aad23c5163fd169f09ac9d64eb16afd615a8c0f32e82b198665574c521599612d35f7bc968c99ad6ba2b00e95d4d008b872b483f7647be81940d583a6c2bee184a08bbdb8f5ae17a79afc873c5024491a1a205840c9140930a56588a19730fe220e638e9ec075fbc390f61dd5
+** GENERATE (SECOND CALL):
+	V = 3349563d498e7941a57462b65973799a5a2d499833d7c3dac7b0fc381f4cfdcf6a3dcdaee2103f7b04bfcdeeb67d6ab2964666382cb7f7
+	C = 48c2dd4e5d7200100b19a163d1cf1d7e605a5dad2d3a1c9954c656f2cb7d3040d16fff93f84ebc7868ec9c02a44f4fefb35de9e775f4e5
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = c8469b8546417eb464c0c13f00bbcad97785bb1d22ec99ff
+Nonce = 3da65a2bb742c45afdde0f36
+PersonalizationString = 97ea01253d9463c62c08678a0486d54fae42ceb91fba7aa8
+** INSTANTIATE:
+	V = 3821c4e308d5e7eea1b167e2cd9641defc873a75f42c37a74782042f2433d7f958e4485331fc0fd1a5d4d24c83eed502a13054be34e3eb
+	C = bc0f7bd06666b05317a7e528e5b54d29fb6d6fb01713a6a08db344cb7af228da0996cd2999313f7d67fca14cff3cf5f74cf3b23caf54c4
+	reseed counter = 1
+EntropyInputReseed = f5cc52e3e2d174d5b4af680875016649e690271892a091e8
+AdditionalInputReseed = 
+** RESEED:
+	V = 9e1d8ddeefbf3d50142c31659a9f9a49c52ff4aef68055e6b9bf48ebf982a678798e3d5ba4b83ec54bb746c089cadbe3a3f23a2cc97d7a
+	C = a222a672978ed2d132bc25ddddca9e7a1bf1acec6b8df50bbbd73c2e66770997d4b9e530a3ddb4b4f932ab58d37414f5728e33e88bc142
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 40403451874e102146e85743786a38c3e121a19b620e4af27596854016475640cb8604e51f8befdc642696057144066ddf44955e581715
+	C = a222a672978ed2d132bc25ddddca9e7a1bf1acec6b8df50bbbd73c2e66770997d4b9e530a3ddb4b4f932ab58d37414f5728e33e88bc142
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e41e98fb0d1a0dec201742157ae5a8f9882d0152713e721e0c9135bcb67a90e5908d5dca0f1297d819b0cf45530e5a743c11d21b48a50b0699059e3db3687480fce39a367245e1bb0ed5082f3627b173383367df33fec0b6785106c5236f2d0be52017945eb7f34979c4d37f12217f41
+** GENERATE (SECOND CALL):
+	V = e262dac41edce2f279a47d215634d73dfd134e87cd9c3ffe316dc1c15df96baac982f96931e18c26d90958d01b0c91a28a6574c30c5c3a
+	C = a222a672978ed2d132bc25ddddca9e7a1bf1acec6b8df50bbbd73c2e66770997d4b9e530a3ddb4b4f932ab58d37414f5728e33e88bc142
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = d6ebc843255614872843fd03b1412b655a8714ec861522f1
+Nonce = c51afd218800d916b784e407
+PersonalizationString = a302b992e2d633292eedc5ccace3728dfaaf92513b27cd6b
+** INSTANTIATE:
+	V = 2ba6fb22b60c9d293e50f81d07e4247885e3ac6ade90bd4d4672dbb633f3e77cf4bc36371acbf39f94a50977f76f072a546e35af3a4186
+	C = 1b09ac3436b6c3aef4b8bb090d4614164981c719c5ae2d1ec8609a6c768ef676fae510770281e411001b91958424d3ac5b73ad347e37a6
+	reseed counter = 1
+EntropyInputReseed = d743ddadce4e500ee40349b9071cffc5a236116abb85adf0
+AdditionalInputReseed = 
+** RESEED:
+	V = 4c8b659cf4f2abca1fdc247a5d7d81128b37050695e24d92fdc56c1a0ed39d735fab1124dfaf4f1c97f9ff63d5907ae6f912631f2a2fe8
+	C = 08eb99e182fa109f064780e4091b6077b1cbd28b45864175ab15ceceeaabc5411c3e6ddddb39da85a1d2730bf7eaa8aa09f4b1756e875d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5576ff7e77ecbc692623a55e6698e18a3d02d791db688f08a8db3b9c8e8caf1ac9334fea1514369d978d34418a4926b41af3159c280331
+	C = 08eb99e182fa109f064780e4091b6077b1cbd28b45864175ab15ceceeaabc5411c3e6ddddb39da85a1d2730bf7eaa8aa09f4b1756e875d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 50187775c5a9133f6540d314f4cc84da928b5fcbc37413e11fa28a0c0ec9ea57de3881335c5b94e051a8d6b29a9bc2668b6b11907632a802e761492a68b4f11c32df82cbcdd46a6539caf9248bf85a99c76b1d0d6051f22ee9fb638b4e7eab7e789d75eaf85c8028601dff65c1803dfb
+** GENERATE (SECOND CALL):
+	V = 5e62995ffae6cd082c6b26426fb44201eeceaa1d20eed07e53f10adcbef2b0bd6dec0909aab6637752c339ad9e7a050fd7e127420c89e2
+	C = 08eb99e182fa109f064780e4091b6077b1cbd28b45864175ab15ceceeaabc5411c3e6ddddb39da85a1d2730bf7eaa8aa09f4b1756e875d
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = d9d333943717fe6456bb862e6abb2da873d956bbd251e6f0
+Nonce = 8e337d3f1e8a7952ceec9cf7
+PersonalizationString = 0bb2f3c6f64b282d216b6d8a99297f6179af2ad8c8bfdb67
+** INSTANTIATE:
+	V = d9e03946248c511f6dcde9eee2b1ea31036ef6db7793c8bd02824ed5f2f2c90f6c6eaeefca3539536e1b20e99e353083b7a40682afb5f6
+	C = e13ae40b51ac2cfd9ff2120fc2caac66884723cbc2eb0b12dd85b6dddc5c3e4897601d9b536a8bee9b817aa8572be2ce08ed1ced8800ac
+	reseed counter = 1
+EntropyInputReseed = bd9a821ee73219153679944a6b110716f87f5a64090fce1e
+AdditionalInputReseed = 7e2dff2759e9a020e95188fcdeda0b7f24cb789d39a7e447
+** RESEED:
+	V = fd73b439e98eeaacc6709e2d05c38c542ec7856f54aa1859804321c708b91d63e0b24f59368668ecb5eacfd9e8e5dd5bf56851eb2d64d1
+	C = 0b334dbf62dacc480bdd716dd005ca72dd91040f5fca0e974a048e0b8d0f4bbbf35b61e4b8cd31f89d576b40ddac352cbcca6ec5aa38df
+	reseed counter = 1
+AdditionalInput = f84aa3e6e46ca8aa7ac473a73e339691ef058da942b1c128
+** GENERATE (FIRST CALL):
+	V = 08a701f94c69b6f4d24e0f9ad5c956c70c58897eb47426f0ca47b13ff1fc9fd852426966ffc308a21b8c8ec098768eb2440827489c17c2
+	C = 0b334dbf62dacc480bdd716dd005ca72dd91040f5fca0e974a048e0b8d0f4bbbf35b61e4b8cd31f89d576b40ddac352cbcca6ec5aa38df
+	reseed counter = 2
+AdditionalInput = 3a94eace36c567f86401b8df0e76db8bde693742d1f699a8
+ReturnedBits = abdcce745ff6636fc9dadad32cdf004e1d72f298421709eac295780b98bf4bc7658c56e0865a1840a02eca53145aca320164346a64aba2afde7c86e86a28149ac0a8da114af9a342c4a26dfacd63bb0f3414260f6287db9eb8da3d7edb82791feda5cba7503665c955a62ebe21b26fe5
+** GENERATE (SECOND CALL):
+	V = 13da4fb8af44833cde2b8108a5cf2139e9e98d8e143e3588144c4023851296f3f067a85ed9068f9937fd7598fda7e929a27f8ad96735cf
+	C = 0b334dbf62dacc480bdd716dd005ca72dd91040f5fca0e974a048e0b8d0f4bbbf35b61e4b8cd31f89d576b40ddac352cbcca6ec5aa38df
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = fb75418a0d60f7893421994882e11cb41dc66be51ae2cd5c
+Nonce = 5e48c27e85c75e2de544d0f4
+PersonalizationString = f7973a5dee9c92bd8f0be30208919a27c3990ea3264b17f9
+** INSTANTIATE:
+	V = 3221b50b80915f1ff14e30539287f2218b84b8d61adc4a15d69971a0f11f8e7de0a7da8a77a58100c6ee80f6c1c83fa7d1c89db1e00f92
+	C = 62b015af130719a748149de5989cdbca6855238f15e8b73ecfad6e20f7cf831277ac5fbaed9e0a30a67b165e451beb9d2dba5cb99b4cab
+	reseed counter = 1
+EntropyInputReseed = baacc8acfe9e05bea0cae875089ef9990c3d69678e9a48df
+AdditionalInputReseed = bceb919c51f16a95c335bcbeb4ac1c911d29151906c41dd4
+** RESEED:
+	V = f8908f1f04d43609ca298d9ab8a2901c7fa5206e0ac2d8d41e98badae33d164230a912cc6acc3a18f81c9fd8137638d6ce633755d1fcb7
+	C = f58806fc509890a7402acfd698c036be49636192da74f3dbd185892c5c357bdff4bba3121fbe63367d2e2138ec13bb8ba07baee94c102b
+	reseed counter = 1
+AdditionalInput = b6428a345fe7b7feacad3c93f277799b1d42b16856eb7130
+** GENERATE (FIRST CALL):
+	V = ee18961b556cc6b10a545d715162c6dac9088200e537ccaff01e4501f5713c84b82f4403aefddcef3d4a83ba511cf11f9bbe319cbc40cf
+	C = f58806fc509890a7402acfd698c036be49636192da74f3dbd185892c5c357bdff4bba3121fbe63367d2e2138ec13bb8ba07baee94c102b
+	reseed counter = 2
+AdditionalInput = b022eec8737b3128b5964ab109605748ddd9e1a29db37b23
+ReturnedBits = c5a9eec1a948ba7d02a1d8ac2d193e8762acfeab0cb963eb5e3539cf2f5750c469cbb9a295e54799ff4dec0af7faa8cd69b039e55d5538ad7da41d30328de0dafb5f939143babdf0457907afba35b0445519d126ab835e4eac40ae832eaa54267f9dd99d8680ab0c339c99f849f2fe25
+** GENERATE (SECOND CALL):
+	V = e3a09d17a60557584a7f2d47ea22fd99126be393bfacc08bc1a3ce8c535881f2c446843b911320a95df3462dd4bdbadf0ee63b3e6594ce
+	C = f58806fc509890a7402acfd698c036be49636192da74f3dbd185892c5c357bdff4bba3121fbe63367d2e2138ec13bb8ba07baee94c102b
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 0679aee2c7f181c9f772b9c021494097409303a3ee942a5c
+Nonce = 974960fb8d4e541a17314de5
+PersonalizationString = 339bb5b49ce83512dbe1169cdc59e0491942879f75855d66
+** INSTANTIATE:
+	V = a40598f7b65934f5d60b4a09eab8b8e2607a86a9e542fdce5dd2e04a0f25a851f27dbbda0c83dd040daf8bd294ea14396338952e7eabb6
+	C = ab0ac3e980bbdb5d5c7c6995dc372587fc4bbe4f40329ac561a208f50b2c14af078d486d1481567316a5d145f6dea8bf102703cd6c66a9
+	reseed counter = 1
+EntropyInputReseed = e40bbc8b4fff94792575e90086adae6569188854a5595178
+AdditionalInputReseed = 5afad9418ae3af35c35ad159a4325329e92b061d7f0efa5e
+** RESEED:
+	V = 82e09520a0606d0283fd632434143eaaa89c7a11f649425f9069ffa231eecfdc4601812c4381f6a5c61f240bed27cc0ad798af0eaf98ea
+	C = ec691f47b956a5e047dd8cb7262e836fec18f92c98d51fc32cc1a70926b66db54e1a9dd890c20369c0e8ffdfc32a3a68b71988b1e246db
+	reseed counter = 1
+AdditionalInput = abf70c5da2e0431fa5945f6bfb31b62ed272a087288fde1a
+** GENERATE (FIRST CALL):
+	V = 6f49b46859b712e2cbdaefdb5a42c21a94b5733e8f1e6222bd2ba759734253306ba72ffe111338871ae4e70be1a7a466079f7efd690fc0
+	C = ec691f47b956a5e047dd8cb7262e836fec18f92c98d51fc32cc1a70926b66db54e1a9dd890c20369c0e8ffdfc32a3a68b71988b1e246db
+	reseed counter = 2
+AdditionalInput = 9c7b4c1bdfa1324c2c7458b8375ed26a398a965da2a58cbe
+ReturnedBits = 7dc96efac17cad090342090104f14f27dcfc5799f734c25b14e35ead5342272604b246c32c2d1ab837866ad89c845ff4ebd91b303806c0fcf96d0ecf7798f0300f09e320f0658bf5653e1160d71efc8724038e7afdc0d1879973d54a3f5bb5ed946f69af17071bfdd3cc5bf5722d6ec6
+** GENERATE (SECOND CALL):
+	V = 5bb2d3b0130db8c313b87c928071458a80ce6c6b27f381e5e9ed4fe80146f957a958d7be425e36da1871e18e75286ec5e9d3876957bed7
+	C = ec691f47b956a5e047dd8cb7262e836fec18f92c98d51fc32cc1a70926b66db54e1a9dd890c20369c0e8ffdfc32a3a68b71988b1e246db
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 2f1f60fc8d137afca7759a44a386385cc76710d8eba3b94f
+Nonce = e7ec00f81b21d08f2f47da63
+PersonalizationString = 5167e0bb29302e7fe9bccff887a9a7ea93e3728c23a1bc0e
+** INSTANTIATE:
+	V = f61d6653bdaecac7c645c8f1dd60532890dd997b37de87072d727436775adbab3bd5d483edf6ac533df82ec156c9038f30dd9b635931cb
+	C = dc0bf44f3a91dd776812d9075c9bbb10c4ab183107957eacd4f24ccab01b4c9200d070fe098f33f25d07cf2ad8977246f5e21f868958e6
+	reseed counter = 1
+EntropyInputReseed = 58e3ed01ad599e7a9146dd55941ce8283806779dd342134b
+AdditionalInputReseed = ad0e83e7b4e06122584051d196f99fefa95f7aa6f541bcb6
+** RESEED:
+	V = cc0b5277eab1d17696e88cb93cda3000184924cc2cd317e661654b6d583c03121ce105972081ac88862f8a94cf6de1d6e71d0669e717ae
+	C = d850260e7ca5b9eb9d48410c07d23ca66ea3cceda497aa39f84ff94b4352d53685cd021d8c1d00c5bf6e6a0a0c10d433411f5db3754b0b
+	reseed counter = 1
+AdditionalInput = a37b6ea146e33fda07741db8fb2f29c62280bb4c82dd4090
+** GENERATE (FIRST CALL):
+	V = a45b788667578b623430cdc544ac6ca686ecf1b9d16ac22059b544ed06e2e19b042eb434561e29507dcf7a7fcbcefbc0deee2861544479
+	C = d850260e7ca5b9eb9d48410c07d23ca66ea3cceda497aa39f84ff94b4352d53685cd021d8c1d00c5bf6e6a0a0c10d433411f5db3754b0b
+	reseed counter = 2
+AdditionalInput = e01256ad8e7153c354c00d536de9d36640a06b6be8e2f1d7
+ReturnedBits = 49b68499d221a052167649038f61b4ecce9d1cbb246dfee84c4d1b20a8ddcf4c8a9c3178cb17cfe43a1cefbebd79b7498fc242d59515fc0c50c08385f0a4efb570c47066965a0aa5552bce576a1ba009fffdff762676c7ee457d8fcaec5f46894b040367411b235ca38167fdf6cc0a03
+** GENERATE (SECOND CALL):
+	V = 7cab9e94e3fd454dd1790ed14c7ea94cf590bea776026c5a52053e4c9be2e6a90967758d61329886a8dde3a61e0e752f5456ccd1cb2df6
+	C = d850260e7ca5b9eb9d48410c07d23ca66ea3cceda497aa39f84ff94b4352d53685cd021d8c1d00c5bf6e6a0a0c10d433411f5db3754b0b
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = d860b38e61dbc4c9c035aa8abbb77e064f20610984f5a14c
+Nonce = 4e4fc976768111fb65308596
+PersonalizationString = 6945439f28d1cf904e0974375aa435832edd590b003ba70f
+** INSTANTIATE:
+	V = 8e636d95ca6344219fd599a66f152878663443cd4d879bfc604a1ed475751bd602c83a4b75788f38523fbe5c95653cac56359f53c8ba58
+	C = c1c1d7e3786e2fc3e3a77395527bc68980110f24ca3c9ec5356f4d17f12cfe7e27319ef9ce02f042581df44329008fd3fa90900c615219
+	reseed counter = 1
+EntropyInputReseed = 1e771a807de6eca469f69960f8fdfc8c37e0dfffd72d2d43
+AdditionalInputReseed = 22fdcd5daef6c86f5b1744c46bce561fbf57ddd5b117d02f
+** RESEED:
+	V = baca7ba8dc9d292dde8414384fbcda5a5af0a08999445dd9d82cae5b3acc2eecb5c44088e41eaa444425ff53dbd1b271d196e6ad80b8ce
+	C = 77b84b73bc346afc8fe578aa8a367196d93340a81f61f5d5169816915666f36d9043dbf44f934be3641e4cbf7c0081af337cb793e425dc
+	reseed counter = 1
+AdditionalInput = f6e344c827dd08b2a2d9400d6180ccefaead2c52010d0114
+** GENERATE (FIRST CALL):
+	V = 3282c71c98d1942a6e698ce2d9f34bf13423e131b8a653aeeec4c68b65b865b524b641afbf7d81d1e757c0d2492f26a7de2ad01c0ae398
+	C = 77b84b73bc346afc8fe578aa8a367196d93340a81f61f5d5169816915666f36d9043dbf44f934be3641e4cbf7c0081af337cb793e425dc
+	reseed counter = 2
+AdditionalInput = 9073f7113a46e6909b16a33574566f1c0ec2674d8a75e0b7
+ReturnedBits = 67259053f22c2d6649bb0366581489dd02eca1151e65ed6f7509aadb4c0e5c9faf019db798cbf963b4bd53bb87508e82d1257f9f569c9b12b01ade95ff9dab8c5b1bbb5932ae740ffd43027bed87ac8041655319c7fd1e3b3ba9549c49b59dc1a72137312ff3efd642d8535cf289dc0f
+** GENERATE (SECOND CALL):
+	V = aa3b12905505ff26fe4f058d6429bd880d5721d9d8084984055cdda85598411d7eacdef4aa4d507cc8caa22546abe18051883983c601bd
+	C = 77b84b73bc346afc8fe578aa8a367196d93340a81f61f5d5169816915666f36d9043dbf44f934be3641e4cbf7c0081af337cb793e425dc
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = d45d0383207d782feb219616a98c9e45255d378107ef837a
+Nonce = fe696a927be58c5f91f45c24
+PersonalizationString = b91068d9ac144f309a445f18ed40b082ab745fc3445c7421
+** INSTANTIATE:
+	V = b7f3180564d4412f0c5e8cdf08b14b9bd6468b34c4958747d6f89e8a4595be1a084d3b811af5769f1fe8ab04db4207797a41427ce79404
+	C = feff57b990344a02d12ef8dc2326f58022497a0bbe8ecc026880f52449ce1ca2c5bd0cf6236d99624dd858f7c8574f5f63fccbd88c7a8b
+	reseed counter = 1
+EntropyInputReseed = 4a62006aeb9723886f80e054eacc8a62fb6439f0189cebb9
+AdditionalInputReseed = 2cc53c602465ed4af0f5a48badb9dc44f403c2a109655fce
+** RESEED:
+	V = 7416d5c3a979b092214a01bd3112ef72fa9d6c5eb5255a577b1de398e5e5245f3132e6f8ca20d5d58cf7adde6c388b661f09643646e6d2
+	C = 1957e972d9904da283087199d70ed407da247de68eb5baec6d6fb2a298688dc5e242f7b998a77755deecf965d856fa83e5612b16317b65
+	reseed counter = 1
+AdditionalInput = 8bdc87f6b2f96d73cdaa3013fb3d8c5514ed4d6e1b53635a
+** GENERATE (FIRST CALL):
+	V = 8d6ebf368309fe34a45273570821c37ad4c1ea4543db1543e88d9782bbe040caa442cc34e2c5a1a8ee7fa6a1b067ffc7ba0f082076790b
+	C = 1957e972d9904da283087199d70ed407da247de68eb5baec6d6fb2a298688dc5e242f7b998a77755deecf965d856fa83e5612b16317b65
+	reseed counter = 2
+AdditionalInput = 9c5d4c19675757b934c859d4235d3dfbaea14f18eecb06f9
+ReturnedBits = d36c3fb8cfd2152ab9e6e41c6c778a8bc174639bcda8376c43b51b2a2e539e006de7e39f109ac875e478871a9e5b5fbcc366e0f00f3813b82c35c7c9652e97c3eefa1efe5b7bd85c65f5622d8ca91f50ec6a760467fd2a3fec39f1ee0804e4f900e0bc8e4090128763c67af0978a7ab1
+** GENERATE (SECOND CALL):
+	V = a6c6a8a95c9a4bd7275ae4f0df309782aee6682bd290d03055fd4ab6bd216fa0d2023a4bf44bfa4a4e70dd9d5d9c757b70636d79a381cd
+	C = 1957e972d9904da283087199d70ed407da247de68eb5baec6d6fb2a298688dc5e242f7b998a77755deecf965d856fa83e5612b16317b65
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 5d8b4c555ff8c530e6e0f9ea2001f4ccd7f7116f0df693f3
+Nonce = 6fdb3d4833f07d1858adec74
+PersonalizationString = 46b38381ff4807b270cfa59d9fd02f84bcc795c8b3aec77f
+** INSTANTIATE:
+	V = 14365cace0ef3edd4d9964a9c3ab6f5ec3253b40cdb9c437242d495978531fdc23812396c3edcb8f5a0c3505c13fc7725b2bc0f90f5bdd
+	C = 2dd6d805c1b85779007c737f223b29f8cb75a1acea9dc740ffdd1f406772ca5d26a8bc872d9623b8be7698aa104f986bc0db2dbe631591
+	reseed counter = 1
+EntropyInputReseed = 02a1a27b8ad744169cde58735b56b30dbfbb722ad67cfcee
+AdditionalInputReseed = ef735a28c55a5dbcf8fb4dd673dd39da0a87d58ac40a78d9
+** RESEED:
+	V = 37f4cc24775b299f182a97daa2a84aef91eed006292c6f4f5e638fb3ff5404cf2ce79fcbb129e9737c4ecbcd0a6a346204bdab5f28f720
+	C = 89d871e8efae911b1d0af6c9bb75d1d8449318d341fc563e9dcdae746d4494c8fd3f357e6ae6fb09eff3550281372649271a4f94a82285
+	reseed counter = 1
+AdditionalInput = 3dfd5b9ddf0c4e71f4bf05e5659178f57d3625536397cda0
+** GENERATE (FIRST CALL):
+	V = c1cd3e0d6709baba35358ea45e1e1cc7d681e8d96b28c58dfc313ebb1925eae6176fe6a6a2da97e4bcfe12a4bb91e327837fdda9a19d7a
+	C = 89d871e8efae911b1d0af6c9bb75d1d8449318d341fc563e9dcdae746d4494c8fd3f357e6ae6fb09eff3550281372649271a4f94a82285
+	reseed counter = 2
+AdditionalInput = 2da74060a74f64b2c5866d525ebf93c42b07335a3b7b31d7
+ReturnedBits = 5ef8a1ed44e845291240101dbde2448d1c1270876be105551dec2d602684a425dd38ae9d1136b188f1a5786d344b2f24f4b7f5f1961c585c1e2d266b29416d988754e68dab230ccca223113430fd12d8714ef75bcd793180adac7b7b706f1aa2756dde6463fb13d8648b99d548a33b93
+** GENERATE (SECOND CALL):
+	V = 4ba5aff656b84bd55240856e1993eea01b1501acad251bcc99feee63dc2fb5912691f5a15e02d9fc6bd107a538b5475b9b4d152947d6c2
+	C = 89d871e8efae911b1d0af6c9bb75d1d8449318d341fc563e9dcdae746d4494c8fd3f357e6ae6fb09eff3550281372649271a4f94a82285
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 82083d92c8a87e869a1a7e0b17a55316f464239e6033d998
+Nonce = 443b3d6d57a336b549ed88f9
+PersonalizationString = 3f9cca85521a420d316456fc38b5dfa6007aab31043d0e35
+** INSTANTIATE:
+	V = e8e723d241978266d789a234f61b5c62d2ab5330411002a27328113cd1f3bfa61981ea2d55307fa017e3dafe7e0c54bd0257dff36ad871
+	C = d251952f1084a25f0c97f4853cc0f717de128b28604df4749ae61cd1c117c7768abfac27f18c49af40cc6c81dc39fd016717718798ab67
+	reseed counter = 1
+EntropyInputReseed = e32643d866c537a1135d12536db73fc80af2be295d611ef5
+AdditionalInputReseed = 921acf0a5fa7e85e545ffccb026dc0f762a17ffb3fb6a977
+** RESEED:
+	V = 9eeadf3e6353e5a1f5d63d678617e4b5fd91878b9d9c7b8982d8edd421a37ef2d563f02e9240ffd8c9620f555e37652b9ec73dcc157b71
+	C = 4cac6174877d95789422e3a01c401aa9988c0fd30abdb6799cc6b3d64db0293397c5ae9c6a9f8dd97955be611dd738fa8e3cfc8a8216c8
+	reseed counter = 1
+AdditionalInput = 9fe643a37d9028273b75bc2aa780e3dd4c8f6a0e9dfecd8f
+** GENERATE (FIRST CALL):
+	V = eb9740b2ead17b1a89f92107a257ff5f961d975ea85a32031f9fa265eb5d3482445f88ae7c503d56f7c02331031bb923d3f25faf8e0f85
+	C = 4cac6174877d95789422e3a01c401aa9988c0fd30abdb6799cc6b3d64db0293397c5ae9c6a9f8dd97955be611dd738fa8e3cfc8a8216c8
+	reseed counter = 2
+AdditionalInput = 2fe01a28d13f16bcac19cce4e4703b04639c7f6a6f0ffb3a
+ReturnedBits = 7e1cf6cc16252f3133a9fd7295d555100be5bc378a666978ba992bf4f8ccae7e89f2c7fbc13ffab4cdada0b46d367313a52d11dfbe23872b4804ea551c69743ccce27e3113aaf9dda6b99046edb697b3dcc3a733bf92754aae8fa76099e82eb472d0f5ac86f3dded71025ead6fff0c0e
+** GENERATE (SECOND CALL):
+	V = 3843a227724f10931e1c04a7be981a092ea9a731b317e87cbc6656a4610a77b1415e45d527a0598be1863dbf7d2cff621d28e67f375743
+	C = 4cac6174877d95789422e3a01c401aa9988c0fd30abdb6799cc6b3d64db0293397c5ae9c6a9f8dd97955be611dd738fa8e3cfc8a8216c8
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 45426fe3c9f747115c21b8d317e52d3bf3096e07ab60c35c
+Nonce = efb888aed4ce283cf0a92d51
+PersonalizationString = 63a9710a01baca0217b5d926b03061432dbcc8c7c9f77e00
+** INSTANTIATE:
+	V = ee2b8d9a3a937999f7d440f6312b5ecd571333c34d3caa31e41b85965ee97d916a4d345472fdd25d966c0ae3f76905e3477d24370b331c
+	C = 2c443b6e33a26892e3c9ec9386243aca448edf46b6913f7594beacc9556cf2156ca35ce76f775452529205fc28498004d1a661e8fedb37
+	reseed counter = 1
+EntropyInputReseed = 3239d03846e6d0cb575bccbf5a564fae07a8eaa855e056c9
+AdditionalInputReseed = 261d7136a18629d1f63579bb5ceee6406d39f6113bc591bc
+** RESEED:
+	V = 85f4ac232c2b3b378a34e38d0d66d30149b9fc1d40de4c33c0bea59fb831eb4e920369bbc220f2bd4b206c4f99c12344edfb5c64eada25
+	C = fd970e40200084440071408860d29843a415f8083490c33abdf0a4add7359aaa2f7847e75dccb6d438e93d44d26a89356ff173d53b423e
+	reseed counter = 1
+AdditionalInput = 18b4efa7dd48c063a17db55b6ec160c9d5224910dd6d3883
+** GENERATE (FIRST CALL):
+	V = 838bba634c2bbf7b8aa624156e396b44edcff425756f0f6e7eaf4af852d0485657bc1c2ff2a52fc3889c9790e468fedfa467e738f3c79a
+	C = fd970e40200084440071408860d29843a415f8083490c33abdf0a4add7359aaa2f7847e75dccb6d438e93d44d26a89356ff173d53b423e
+	reseed counter = 2
+AdditionalInput = b1dfc2c97c44c6a6ec344c8f3487f5b8e4eb75d135618b69
+ReturnedBits = 7afddaa4edc02c95a60225676baae8d226ef0651cbd26e60eb2cf943948ee7faf7181c1e07e83a48e98918e9c323e4c0d3c4097699257ead7e64d26e0232f0282b5cc67b92b935ea1d5b40df9837c633590c45290cefdcf2b4df1d3af3cc94a7d8b15396070d78332acc5b3e037278d2
+** GENERATE (SECOND CALL):
+	V = 8122c8a36c2c43bf8b17649dcf0c038891e5ec2da9ffd2a93c9ff0ec062071d071ce11682a14dc75ed1802603d7be37e2c0bdbebab2c6b
+	C = fd970e40200084440071408860d29843a415f8083490c33abdf0a4add7359aaa2f7847e75dccb6d438e93d44d26a89356ff173d53b423e
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 0fea4d8541c23a5174ad95620d91c87527669419593978f0
+Nonce = bc9e389501478d0357ed1f63
+PersonalizationString = 4f3f7ab05039f1e6b827ffc94f3ee2650846257a1719a03c
+** INSTANTIATE:
+	V = 2e372ee8741c99c736a110ec45bc32572d561ce4ec5858b21ec12fd9153a56af419a4469b67029323cb279945552b7fffcd173b87b7341
+	C = 656d144f4255dff081d137a72cfb3423886578de629d6904b7a909456ec908895dbd27d10e7d125de7ef27cbdd8d64148fa7825e2bb246
+	reseed counter = 1
+EntropyInputReseed = a722627ad70407350263fbd5352c43fbd85797dda7d3e30a
+AdditionalInputReseed = b9f8593db79b55cad5032b2e61599341cfdc15e6dde39efa
+** RESEED:
+	V = 138a69faa5320e0dab24c13e9628836f282aee8afa23fc52f89bcf855ee45dbd224c83e1af07975faa048fde7d3fb1b753fc9d44590558
+	C = d0e7313705bf9fffbde06b375c6e6f9ae71bce0e73d819d2ba11d04c9833a8f77df3914fd8388ed867816d9395d4db7240fad55818c2ae
+	reseed counter = 1
+AdditionalInput = bda8d2e8cccbabc1021f827129664d6350bba4d46f8e7fd5
+** GENERATE (FIRST CALL):
+	V = e4719b31aaf1ae0d69052c75f296f30a0f46bc996dfc1625b2ada157dfb339212260e8f766266aa7ad325c1fe3210c55e56085f958081a
+	C = d0e7313705bf9fffbde06b375c6e6f9ae71bce0e73d819d2ba11d04c9833a8f77df3914fd8388ed867816d9395d4db7240fad55818c2ae
+	reseed counter = 2
+AdditionalInput = 6a3b96e68955a33fd9ccae55f9e0f6910c4c22ab01d13674
+ReturnedBits = 912c7eabf104b0aee7cdbf9fa350355bf10d5f64a14f5678f07f563bf47d7fda4fe57a34964351dd42ad31d5a12c7c71135c600004766b5ea4d92756fe5d15b1e67e9ee49790043040f8dc61fc8d6b6e2d5f5b6e36c6c07011fbadf6c136d1a840bf012514f44a2ad4fac606e2fdd439
+** GENERATE (SECOND CALL):
+	V = b558cc68b0b14e0d26e597ad4f0562a4f6628aa7e1d42ff86cbf72534c6b4a108e2ca64c7e85d12a194bf7dba1127a40b761adce47854f
+	C = d0e7313705bf9fffbde06b375c6e6f9ae71bce0e73d819d2ba11d04c9833a8f77df3914fd8388ed867816d9395d4db7240fad55818c2ae
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 878c4af663e4400f5b29627d3191116e422af33b22af6f14
+Nonce = 9c6752c982e3953fd9dfaa35
+PersonalizationString = fe8dbe050c8865c29ac92845f6f28ddb77c6e40c336d8e6c
+** INSTANTIATE:
+	V = 8c79cb623a7136fe08fde23690d7be29a0194c5973763b040885da0cc7f08d93e23e4a3a2a7ad0aa42c454187a3f9d399915fdcc1f9464
+	C = 2dcab6904da529af94dec8a8c72bbf1b67a6953a3c1a71716b59b39cf3c72f5d8a71e4fad3beffeef8dee51e02f3b1163d81d0627403ac
+	reseed counter = 1
+EntropyInputReseed = 9f3ec933ecf6dc6f57959619531c2119ef0f776b1bc565e4
+AdditionalInputReseed = 1efc05522b91e6f28b35384143c3fb730954d645acd8e156
+** RESEED:
+	V = 1cb37e8b5d6254e8b945a778e05a9016a2211da70a7621707ce6373eeb77acb2a0d3b735b47a81e138d70fb96ff4e06c705b2750d2c4a5
+	C = 9b9433613b85a85e6731f50b11b54f9caf40381c0dcd6adaaf9999f34c2a92f2821f8dc3f360c0bb3151b6cf5ce0b4fde8dcc04fd8583b
+	reseed counter = 1
+AdditionalInput = 93502a9fa86d8eae25d6843e04fe8c82a0382fc2ac0cf8c7
+** GENERATE (FIRST CALL):
+	V = b847b1ec98e7fd4720779c83f20fdfb3516155c318438c4b2c7fd28fc7fd7b740d328a015ae07cfccb355b3acf378037edea97c63f96dc
+	C = 9b9433613b85a85e6731f50b11b54f9caf40381c0dcd6adaaf9999f34c2a92f2821f8dc3f360c0bb3151b6cf5ce0b4fde8dcc04fd8583b
+	reseed counter = 2
+AdditionalInput = f9aacc8237b260a126f95b3c0b8ca62f0ae4d71f74521a56
+ReturnedBits = 85866f935318ef1573036656f62294453225868925c75c247548877cc38e9f6a1b4e66da422f4fdde3e158b08e8197b52594c89dcdebab79f27395cf0d942225546fd3fb96db50b03ae6c4bb1886f6f759b54f8af663357f17a63e524dcc2887609124c70a7a44b74893c9b06c8a4e34
+** GENERATE (SECOND CALL):
+	V = 53dbe54dd46da5a587a9918f03c52f5000a18ddf2610f725dc196cfb638d5dd23aacfb04f33b3bd42f8b2d34a367027deafbbb7ed1f3fc
+	C = 9b9433613b85a85e6731f50b11b54f9caf40381c0dcd6adaaf9999f34c2a92f2821f8dc3f360c0bb3151b6cf5ce0b4fde8dcc04fd8583b
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 7da2fc0977fd43ff9eb0321d25a03e4cfdfc80d48fa14773
+Nonce = 18ccb30b5ea5edca2870075d
+PersonalizationString = 7937f081519f39eba8766d16c5339b7cbb45c6273dfbdd76
+** INSTANTIATE:
+	V = d5183bbb8ada93e9b08776e67b372526f0ca8af086a66e6713fdd0bcf1c7931c645369eb3992bef0f5fa123ce4187348f02c38f5d2391b
+	C = 811c4e20d06d084dfc48f8218d3743402811e1ba1eb77abe244f12d58b5b3c8fd9c98a08950a1d6ac7bf30a66095299dc9c609176fa4ec
+	reseed counter = 1
+EntropyInputReseed = 285063f821d95db851eb84d5a3d24de811543d9646263cf1
+AdditionalInputReseed = c9239379b7dff6c1df78009b0ac30e80f4e10b5eb330b1f5
+** RESEED:
+	V = 3d6c6bcf06ce073be8d1744e3b2c55b8f980e6c305bbc3838b3dc0d4ee597bf464e999a131115601cdddea67c7f471a8c2d5ab5b42f165
+	C = 54d8859d70bb61152ba04800a2aed16e6ff9b914e89b17401c352b3822bc2609f434f7dc74fa864c7b490abb23304b0bb7977e8c5624d7
+	reseed counter = 1
+AdditionalInput = db17d0c7f202857eca471584b5a57542abd1aebaf8b6b9f2
+** GENERATE (FIRST CALL):
+	V = 9244f16c778968511471bc4edddb2727697a9fd7ee56dac3a772ed00393bbe5d80a3cd235601e989c1627e100cddb8aeea4aa4635ea110
+	C = 54d8859d70bb61152ba04800a2aed16e6ff9b914e89b17401c352b3822bc2609f434f7dc74fa864c7b490abb23304b0bb7977e8c5624d7
+	reseed counter = 2
+AdditionalInput = a900149d9d5236906479ebd89a72c0b878db02550242f3b8
+ReturnedBits = 008a1f7143afe17713df02654a36b284a9828cb0eb207af47079c399840efb5c74dc903b0f2e1fbcb0ea93ff290327c60715567f9bae7d67429ca6cc67216c1fb7a0ca5818980827fc20bb1c4b666fc82a9c09b8f09c2a6140f28f5ba36b7bea6d9bcda20b6a359a29c16ecbc5c36d0c
+** GENERATE (SECOND CALL):
+	V = e71d7709e844c9664012044f8089f895d97458ecd6f1f203c3a8188d5d49ee4adc4c4b8a9dbf4a9e361f3ee279e348356c8064abb02f98
+	C = 54d8859d70bb61152ba04800a2aed16e6ff9b914e89b17401c352b3822bc2609f434f7dc74fa864c7b490abb23304b0bb7977e8c5624d7
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 9ecd1f90d4d5aea4182a75fff938d8a8cb86484f2c878d26
+Nonce = 471480fb59da6ea72ac4b603
+PersonalizationString = ce45e03b16a00072714200cca6efa748fca19c25c3b374a3
+** INSTANTIATE:
+	V = 27f9dcbe9a5a3a3dc8cd5d13364ce4f500c07d801d1a16895605822e11f10ec81cfadbdc8f3c42905fa3ec693d18e7e5dcff62200fd4c4
+	C = 9bf39ee0b99af1983d733bf64d2263bc2ac10eaf0c8dc6300479bbc71eedaaa4a02f21ce4e7b32a78cef0d9ac614894fd99e60787f0683
+	reseed counter = 1
+EntropyInputReseed = 0f86a95e24ddd59c1615e9584c845d13f94f86b429c452e8
+AdditionalInputReseed = 5dd9f4315df76923a3ff7bdac6eb0c1f6d927dbae2284a6e
+** RESEED:
+	V = 65b23a01b942b05b21e2fb92be5887c19b13fa583fc7640c12d5e7af83494ff2314644137bd27ea12e78ad7e0a77a572af0169d336c7f6
+	C = ea2efde2f83d1f06d67adbd6cc32c9a9fc90b77384a0f30e17ddf1609e8435fb88ced7a0540b845618abd0b0dc4171c91d15e8d6339246
+	reseed counter = 1
+AdditionalInput = 1e5ac5f0d10b829f5add21649a75a04fef80068cad75d83c
+** GENERATE (FIRST CALL):
+	V = 4fe137e4b17fcf61f85dd7698a8b516b97a4b1cbc468571a2ab3dacdae9fead8852139a0b44f2d727a4153eeb6c08a2b679d79de065998
+	C = ea2efde2f83d1f06d67adbd6cc32c9a9fc90b77384a0f30e17ddf1609e8435fb88ced7a0540b845618abd0b0dc4171c91d15e8d6339246
+	reseed counter = 2
+AdditionalInput = d741a3ef6707c93bb8d65575cf60a313e3c7494fd126b995
+ReturnedBits = 6490662dc4779167d70108b458ad96ef8ec4f677215ee5349c90d3560c843dbce947a9004d45066af72066b211be874a28ad01edab4d8c7e807821dca3f9234da621fdfd7c8a180478b36b3fbd011589a116a3cc9fb8c53a13e3a4de3e19f5aa6c5e0180b099a0db7efe5659462f51e6
+** GENERATE (SECOND CALL):
+	V = 3a1035c7a9bcee68ced8b34056be1b159435693f49094a284291ccdaf32f28eb00349a206212c4219c4801014c26d20af05c6391dbf6b4
+	C = ea2efde2f83d1f06d67adbd6cc32c9a9fc90b77384a0f30e17ddf1609e8435fb88ced7a0540b845618abd0b0dc4171c91d15e8d6339246
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = bd6943ba78fcc032c7a9e7016fc498ed379f670686a60a1a
+Nonce = 84062f178c87df67f56cbc0c
+PersonalizationString = 548a3b8fb0f8e76f2edddbcf95e9b7b3aa7e9720279ec4e2
+** INSTANTIATE:
+	V = e38a579d11232baeb9471dbec35b8b2b7ab320b7255b3cc5d967b67e1d88cd6aefd49a76a66b054c9e80fb6cedaf68954b19400fa30dd2
+	C = 376dfc94dfb8e08f3b767122254cefabefa48a6aabe6b705115c4c108a90fedbb09fa77d121c46128dc5200a9690cadca9c0c11429b5e5
+	reseed counter = 1
+EntropyInputReseed = d3c48858521f837cd6a157bda0a4e59aa4d4034cfb63ab4b
+AdditionalInputReseed = 3ab57b7c62d5472d745088e4da0439002788ba29ae2c891c
+** RESEED:
+	V = a9207b4f6911283b2642de1e0d44684bae2fa441b19dd0f20137f1cf64351cc9139f81af8b37863d00b4984c232bc9a0c7b6f6e05cf3e5
+	C = ef56782e6a65c7c01cb49e52baaeebd077fcf309fc0f1b41313514ed213d5f0b3e92012ba6523049daaf2c0d56db17724bf201c105efe2
+	reseed counter = 1
+AdditionalInput = 4e200e05b336e2d9dd72be2e41529ce92c1ee54d5e04190f
+** GENERATE (FIRST CALL):
+	V = 9876f37dd376effb42f77c70c7f3541c262c974badacec33326d076edfd32b5b9e8550f043f0f2eb144e334d9f20906410ea3409d663be
+	C = ef56782e6a65c7c01cb49e52baaeebd077fcf309fc0f1b41313514ed213d5f0b3e92012ba6523049daaf2c0d56db17724bf201c105efe2
+	reseed counter = 2
+AdditionalInput = 8452979fb7f2e3ebc1f8fadc1a55c980422e7bb2db7b24ea
+ReturnedBits = 3ecd062157a85a061e276a82df4aab55b5e37360d87484d6c276284d5de4c6a1d7e1676272110c8331882163d3f4feb6b4babcb85b4fe780ac0c52937997ab439f46f3d942750fa081c2d7fdc4a518b219218890318f14336045994ee8b4379b2aa0543624ca45f265a13990db7c4f4c
+** GENERATE (SECOND CALL):
+	V = 87cd6bac3ddcb7bb5fac1ac382a23fec9e298a55a9bc077463a21d3bceff8c63478355ac62d8f549069360fc2b218f856100cc6dc23b00
+	C = ef56782e6a65c7c01cb49e52baaeebd077fcf309fc0f1b41313514ed213d5f0b3e92012ba6523049daaf2c0d56db17724bf201c105efe2
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 31fe2e570cb3b5367fe15263a11ba4a600cb04b476bc2633
+Nonce = 314cb5324246325ad47d2335
+PersonalizationString = ea6b64a87a5ce9473c189d2284d325a1a414d5d769bbaad0
+** INSTANTIATE:
+	V = 02294378f03880918a1ef5ecfce633524fb9127b03138449aedf4a1975d2defb528fa40e4f5d1304128fe9839a1048e484195ef307f32c
+	C = 05713bdb180315597d7a89a4e88316a4b151f8e18274ba47381c1258a379c73e2a25d8ff317b1005c79fe92ea150de0a36120119ccb133
+	reseed counter = 1
+EntropyInputReseed = a3f6bd21dbdd31cc195f58856f51ad3ec3549916d098a53e
+AdditionalInputReseed = ee1cf9b456a6d32292c1c085b01bd9cd5b2a7f2badccfa4c
+** RESEED:
+	V = ff74b5eed4b4df9527485fab72bd4c27e29f406277275c24030f2bd2345e80b3932a994a9b9bada18d0449c911845a3f63329062f15a59
+	C = 54894b6efa07eb709dccd288313b18be5f879e498025d1f34e8fe2b8530877177a46e75707d19e6a50e836ab88668aac8a1d9feac5bbbe
+	reseed counter = 1
+AdditionalInput = ae9e04fdc01dc3d0d1e2ca2164e4fd31f298b3d37566cbe7
+** GENERATE (FIRST CALL):
+	V = 53fe015dcebccb05c5153233a3f864e64226deabf74d2e17519f0ef43af952d96525021383afcd00a6819927a1ef32737b5a0c930d0463
+	C = 54894b6efa07eb709dccd288313b18be5f879e498025d1f34e8fe2b8530877177a46e75707d19e6a50e836ab88668aac8a1d9feac5bbbe
+	reseed counter = 2
+AdditionalInput = 350292c86c266d0cb5fbd155fbdc36e5f5f41c98a60a296b
+ReturnedBits = c3ef9cd90afd3fc84397886267c1759820817a298556cae2d5af2533c2448440bde8fa76990ce57dc3d28a902e34f124d09c3a1e152ab6c369da511de9d2b820fe6788dc6c0a4eb8915ae91a99797d7709c53faa7d647a386f7660a9299e30de2f67270f299ca66c3f273e871145955b
+** GENERATE (SECOND CALL):
+	V = a8874cccc8c4b67662e204bbd5337da4a1ae7cf57773000aa02ef2b0f3ea9df67cad30005388922752791d5a5d32e71acf4d7cb44a0898
+	C = 54894b6efa07eb709dccd288313b18be5f879e498025d1f34e8fe2b8530877177a46e75707d19e6a50e836ab88668aac8a1d9feac5bbbe
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = b87082bb20ade9aa1963003004668af6eedd13954069ca8f
+Nonce = 5a0165f192a8e58d1feca1bb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2f33ae1763c3520dd87be09ee68979448689e11e13fdf1f445b3a30c2a321ecec68bc89e215e0ab4d92f12b8f94aeae4a546c780265487
+	C = e36889ba3539d636bcede43dc13709e35c3e3c064d992fafcaba6dd571cc5b13e221d3f48818e16d9e26fa5d9bfaae629ac4f7faf69bf3
+	reseed counter = 1
+EntropyInputReseed = eef774ac48fe034cfbb2c02a464ffaa22f85da6f7829c32a
+AdditionalInputReseed = 
+** RESEED:
+	V = 106e79f1ca50e20cdb6e02a75672d88c9e8fed1d5f4118d6429dffa293130511632edc16ba7dba20198ff7f373f3bc582adf31ae1fed8e
+	C = 60fe28dd35fe929cfa16bd2a723cf331e670662f97fa2234ff6916c1cc10e9f57987bd192530565802b7c8fa10aeeaf0f9b6623efa21df
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 716ca2cf004f74a9d584bfd1c8afcbbe8500534cf73b3b0b42071757aa33f5f958c36337927fa9f8cb4ff3382839b1561aa4f8e497cf51
+	C = 60fe28dd35fe929cfa16bd2a723cf331e670662f97fa2234ff6916c1cc10e9f57987bd192530565802b7c8fa10aeeaf0f9b6623efa21df
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5cc221a934259d5f4d792d7c07a9e55f192d5de139ae9d2117d01e8bd1b9993eb5a8cac21c28e283b855bf3fd285267a2dfba694dbb384a8cd5da9d9472eaee3082bfff471629e19d68c3afa4c9fde3c354c2eef3bb7bfc69b589a17912ee9856115f353361bd67496813f14420dbbe0
+** GENERATE (SECOND CALL):
+	V = d26acbac364e0746cf9b7cfc3aecbef06b70b97c8f355d4041702e3dca740b1b4dbc462543ca047807dd0bd64a9ddf707b235b1534a519
+	C = 60fe28dd35fe929cfa16bd2a723cf331e670662f97fa2234ff6916c1cc10e9f57987bd192530565802b7c8fa10aeeaf0f9b6623efa21df
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 0b292159831e5792d5707e32cb37f3ab0f959217efe2b522
+Nonce = 18e1451ffb0882d2776efb3d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 45c7a0791b2240b9c6d12651a6f290849cde5dc6257b1debf91921caa91d3b31389032d9aef1b82cb2e7701a084d5c5e2475f99d08d61d
+	C = 9bf987e4ff08a3b505a228f3be5157648b5ed80a8165df48e71db410f5bcefd0873c5baeaa9d4167647a36b5965fdd72e2ee8133de8635
+	reseed counter = 1
+EntropyInputReseed = 955e1f9b48e5de5c2401f8c7cbe4a8eac2a231a3831d2152
+AdditionalInputReseed = 
+** RESEED:
+	V = 60d0c94b2c01da430889a350c0959f8370f287efe5b16548ec8b9f80d8eeb96ab79a6d03733540cd11c5a554b157bce0c5799ea2e7f8cb
+	C = 0bc8c7f77763e5ae9e2f2add37dbbcc33e64b7bcee11ac2fe042ca475f397d9fd61944e7079b84af00a623e3e69b8f92a9509fdffa1621
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6c999142a365bff1a6b8ce2df8715c46af573facd3c31178ccce6a727c2965709572cfa8f2d40a59a66998607fa9e1c0e20e59c9d9fc59
+	C = 0bc8c7f77763e5ae9e2f2add37dbbcc33e64b7bcee11ac2fe042ca475f397d9fd61944e7079b84af00a623e3e69b8f92a9509fdffa1621
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc7fca440d90087a277223485311684e0388f2db1bc34d462dfe206777124d16480a637b1e5def1e172b94c20357bd9e69427c66b75d316483846b51fa800d19556efe16c67e0c6332a30a0ddacbd0c97c378d6a4a06856ddd2094387c0ef6f57528d5dc14ac5dabea7c363e111488ce
+** GENERATE (SECOND CALL):
+	V = 7862593a1ac9a5a044e7f90b304d1909edbbf769c1d4bda8ad1135a896ace83af541d9d65f2c584a618b4ef77d2acf9a979bd83b85c18b
+	C = 0bc8c7f77763e5ae9e2f2add37dbbcc33e64b7bcee11ac2fe042ca475f397d9fd61944e7079b84af00a623e3e69b8f92a9509fdffa1621
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = d8a7e1ca90a715cdfcf510293a7878da48f92c9fd4177144
+Nonce = c584df8be52dac27bd911e0c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1b8bcb035efc3a8f52492423370cd3f38fdb82b26fc92360011d72a3e2b8f7772e7bbeb5c5753717aae1395e8c348fdf0a2c9b895d46c1
+	C = e548168dea3b60c07ba556f2514b85d8010e8fe131b8359eb61d5615f7bb8d27fb5adecb77e83f3fed767d9e35643f3ed96a8680d189c1
+	reseed counter = 1
+EntropyInputReseed = 7af2d889dc46e25d73da30b45a776b7d308b56fe04e31a04
+AdditionalInputReseed = 
+** RESEED:
+	V = 8edf563c13d912579da088a3274dd7c4939f244d63d9566959ed0ac76c6745c621cff7d9db21309d52e326f70862d94b6e272acaad00f8
+	C = 74e38543ec6d2738530abd28dbc272bffe28258aaaaf1753f2b6b3c702a776f968e68acddf9c35b2551544a2f3306e54128a7914722e2e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 03c2db800046398ff0ab45cc03104a8491c749d80e886dbd4ca3bf0e318cd2f2b5dcfee05e65f65e5309697c82d3c27c6448fb8fbfeaa8
+	C = 74e38543ec6d2738530abd28dbc272bffe28258aaaaf1753f2b6b3c702a776f968e68acddf9c35b2551544a2f3306e54128a7914722e2e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 17ac85151bac67468b93a976e68caaf2942518099660e040d1f0fd34fb6e6237fff91dddbb5e241b4eace1ecc5c78aeff457fb3382612de0002e685a6e674adb847c1ede2b3da7f2e4fd4417cacedef80aa6c02f3fe856204dcd8872133d2d61eb0f2ed281f031f3fe02d175b4ddd9d9
+** GENERATE (SECOND CALL):
+	V = 78a660c3ecb360c843b602f4ded2bd448fef6f62b93785113f5a7388d7b663ee67c1b4a0d935e68cd4c36dba2a324c3021bb3437aad9da
+	C = 74e38543ec6d2738530abd28dbc272bffe28258aaaaf1753f2b6b3c702a776f968e68acddf9c35b2551544a2f3306e54128a7914722e2e
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = a541bbaef9bf212140841204a1edeb60a295da94f1e79ee6
+Nonce = 8affef2e80a6c644b03a65d9
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9e2c93b0ddcab31ed4cbabaea852b42e9ad954d5c49f304baba766823eedb2b655e4a0cdcd59f28dc2a3dd1128782a88a5448ceed42eba
+	C = 8338d0b58c8575d2d70d37e9574d4f6fe2a1d753e2b05cd1a02e6200e06d8cffd5d10929b2eca0acfe26bb0b34ab60c4fe794a85da696d
+	reseed counter = 1
+EntropyInputReseed = f40448408656e9a1813019f9c34778464dac77f566cc85f6
+AdditionalInputReseed = 
+** RESEED:
+	V = 25bd2aafeb5872b14ae6606e90e90e45e9f74a91f473aed8692ab80fa769dbbc2de6eac26e9e19efc039b9533f8621572e6e337f5f5ad3
+	C = 3324d67a6017525221417dfb8fa5ffde721c5544096b644e81f36670b2c11f1b0ae4a06f7fbec57f6ea64ef367f59ead4b877135f4e2e2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 58e2012a4b6fc5036c27de6a208f0e245c139fd5fddf1326eb1e1ed21b1fc73987664facef847f616504eb978d75deca05ded85b84897a
+	C = 3324d67a6017525221417dfb8fa5ffde721c5544096b644e81f36670b2c11f1b0ae4a06f7fbec57f6ea64ef367f59ead4b877135f4e2e2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9d76de1148d5565a8ce4d88c69aecb9b7ec01b1ee0173551fc89f452468e4300739799a2c5297b6c165a4ad6e3249a00cbd09fb347f01258f3cf1a87694ed4cdec41dfb21486fb89f5e59dc87e88683c14503b66b04d1a4b94886943b1fdf898e6e6e23aabb96ea1b4b9d8687845d02c
+** GENERATE (SECOND CALL):
+	V = 8c06d7a4ab8717558d695c65b0350e02ce2ff51a074a77756d118603be93c8617032da9ff6e1dc6aa88c3d9e178b073020ba0a82496c1b
+	C = 3324d67a6017525221417dfb8fa5ffde721c5544096b644e81f36670b2c11f1b0ae4a06f7fbec57f6ea64ef367f59ead4b877135f4e2e2
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 8c74be22f9744aa85f1c4dfdd800f4fc739fb217970c2304
+Nonce = 129952478b991763bb7d499c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0c8b9b9d439e055d48b53ed6c0ba5ed7fb193fdcbec7a355c1590cb314baac0c150fdc2d0736546b6f4001cd7bcb3747e9d93dbef08bf6
+	C = 678bbfc08fee55c7e34831a964420b5a13d348ca094edcb4e5858b9b75dec31fc5f0e2087641061a3812c54142bc154f0abe4c9a7fd347
+	reseed counter = 1
+EntropyInputReseed = eec28a03379a8e5d27b2e802602cef82dd04d4100a4c53c9
+AdditionalInputReseed = 
+** RESEED:
+	V = 9b13d89ddd55e07309d7dbd1e8cbe32525e30db806e529cd64579e4cbe573a5f972ef58decc017d2110942035053fa39ffcbbbf1049183
+	C = a76977d0af8e6bd49157d9b40fa100ddfb3d3db3839f937906b389a7cef8fb44c5e95ae7bb60f4634a828a1c464fae011f34553833488e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 427d506e8ce44c479b2fb585f86ce40321204b6b8a84bd466b0b288fd1cbf3e935744b4ed788e24ece2e4f6b2f7db9f7752820ce4bb05b
+	C = a76977d0af8e6bd49157d9b40fa100ddfb3d3db3839f937906b389a7cef8fb44c5e95ae7bb60f4634a828a1c464fae011f34553833488e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 918bcfa1a74cac31019b365f42b02e3ff221f3d9c9042e9779c6211bc24d746a54c746feed1b8c09dd2853ba52689799bd5f9ff38b7764c6049ec7cd5fb9083868e33a9b3bf47e3ae412aa8f95b29ea5190db4d4583aada7ccbefcca03befaf1efff4b5cb71a2c5abeefd42e12e3b390
+** GENERATE (SECOND CALL):
+	V = e9e6c83f3c72b81c2c878f3a080de4e11c5d891f0e2450bf71beb2666213f4e21632b45de56548adc113f38c5e7f073eb3825f66a01296
+	C = a76977d0af8e6bd49157d9b40fa100ddfb3d3db3839f937906b389a7cef8fb44c5e95ae7bb60f4634a828a1c464fae011f34553833488e
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = cbfac657865b9f488cc5ce87824f2d4fe0fe6512483e6b7e
+Nonce = b03c27ba96d08d92455b1fa3
+PersonalizationString = 
+** INSTANTIATE:
+	V = 431f74641536e7371578cb22a49299729461363ec4e6d7b8e7990b3cfe0bf257e568e70444fcd339a01c04bcf6b6700e7dc68d7410b4ee
+	C = 90ec4503786042ead8c4197fb03f3481b59c28f4997ded9d1e36b99e6d5326acfc401af4fb0d5df271e9e6ad913b908c0f2846d41a9854
+	reseed counter = 1
+EntropyInputReseed = f1182c118e12a35a38aef6b4f7cce3b13d92cdf2cedb31e3
+AdditionalInputReseed = 
+** RESEED:
+	V = 000ae7788fd0741c1c51a1ee7343244bcfc09556352c1a9ed730394d1ead052d01908440de51a88ab28f963468d41590456a0cdb11d479
+	C = a84256a9a2e900a08a7a3f5c26799cf4b36f073aa6a7096b56190d14e004a542526500841b61c6509a9907f6ee1fd4ed134de27cda32eb
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a84d3e2232b974bca6cbe14a99bcc140832f9c90dbd3240a2d4946670fe007ab20665a59217c6d37b77f96df3d9cf5350b5cd2c84de235
+	C = a84256a9a2e900a08a7a3f5c26799cf4b36f073aa6a7096b56190d14e004a542526500841b61c6509a9907f6ee1fd4ed134de27cda32eb
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6bd43a18c177f51a28438c13080f4a850b5bf3176b1991eb0a9d29f62b58a0fd78a415d8850b92d30e4e0a61728c7d159047ec08aacab5dbf501054afb14cf403acf8c2ee3e2e488c74f64bb5a6dda21f8e74871401f22b08a2b771344c77d89691c870731bf4c0e887578ef02aec82f
+** GENERATE (SECOND CALL):
+	V = 508f94cbd5a2755d314620a6c0365e35369ea3cb827a2d758362544b3c8256b6f0c4b9fe3e743627f171ff69d12c3c9979842b4c92b702
+	C = a84256a9a2e900a08a7a3f5c26799cf4b36f073aa6a7096b56190d14e004a542526500841b61c6509a9907f6ee1fd4ed134de27cda32eb
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 07908172b571d330c8ec9518ee249d398434a087776a7fa1
+Nonce = 6a3ebb9be8d70c0ccec3d3e6
+PersonalizationString = 
+** INSTANTIATE:
+	V = e06d0c738cc837ba8d52a187fce8929cc7be133643c14a0ba5190b70732f7966a8105153d2a558523daa8374f1f45077b57986866ec8cb
+	C = f81849fb1870c3508f9aace324212c041f82f721e85ae8413cbbbfa9472b19f83dbb3e1021dc7c5c518cec09fd2fb425efaea72427610d
+	reseed counter = 1
+EntropyInputReseed = 3f4c470e9bb706c760d5d40c02256623207fd4c89546da6a
+AdditionalInputReseed = 
+** RESEED:
+	V = df77071f0689566414becf6f1a3c43083816ec0b87bc8c3b3d5ebebc1f214cf1bbf1f33b5a58158f376be6903ac6b4d8813038b4e73f24
+	C = 8a22fd6304090ef4ce43d191d30ac9db2d8606b7ab1b5addfc46a454ebeacfcf94f13a4ac2b9fc6b6491f3aa49a1cd958b31cdb603915d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 699a04820a926558e302a100ed470ce3659cf2c332d7e71939a563f01d9dd29c2dfe5ebea40198c4bffa40411916e2cb276adc81a8ffe9
+	C = 8a22fd6304090ef4ce43d191d30ac9db2d8606b7ab1b5addfc46a454ebeacfcf94f13a4ac2b9fc6b6491f3aa49a1cd958b31cdb603915d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 89defe8a13e12422182a2e482981515c3914e6c204db068edf9b352eb509594f558234f89e43692c85e007be7e7e779b646b06890f7e64d619281544a13aedb8e7e1500d6efc43e965deb3ebd1fbfb9e970a8905a2702be0a1d31422533292b6a0b75b5bb8f9ddd3a155db9413430ebe
+** GENERATE (SECOND CALL):
+	V = f3bd01e50e9b744db1467292c051d6be9322f97addf341f735ec0849123ae4ebbaab866095e87e8e3caa0800c050985d707fb4ba7f0bf8
+	C = 8a22fd6304090ef4ce43d191d30ac9db2d8606b7ab1b5addfc46a454ebeacfcf94f13a4ac2b9fc6b6491f3aa49a1cd958b31cdb603915d
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 238fe08af957faa7a5d4d0b550f1a2399189621fa12f6155
+Nonce = 201c8191cdfbb92bf5c6e0aa
+PersonalizationString = 
+** INSTANTIATE:
+	V = 83daa247d8d523aaceac447c7744d5f13f277bb80d51f8a931fdbabb4fd15a7afd88b5e57c43ce33cb8abce59fd3cf7d204e191599ba0b
+	C = 1f79be36ed549aa92207ecc1413416f48c376602859c1421ef7b90dc15b6d34379b0d08f2f7777e0d7000909d47e025bc56413fad3186e
+	reseed counter = 1
+EntropyInputReseed = 2520f7da15dac6276213717939892a63ff199340a77d5809
+AdditionalInputReseed = 
+** RESEED:
+	V = cdec5d6e9e368bec1dfb1b3997c85a3cdf0893b8d0901b0f1323dafd24a2703435817e2bd65c696815f7f934e8872babf59f54aa74996a
+	C = ae65802bbecf704a5e5f341ac881ecaaa0e973b8d79ceb46465ec71ec63eb689554ab845d1feb5697362af5575a5cc91d2160679840185
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7c51dd9a5d05fc367c5a4f54604a46e77ff20771a82d06555982a2e98c46978c8b57521401c0779ae4eb192e0d448ee78edda9ec0d55fc
+	C = ae65802bbecf704a5e5f341ac881ecaaa0e973b8d79ceb46465ec71ec63eb689554ab845d1feb5697362af5575a5cc91d2160679840185
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b44d850f1ddc7719a680748354b9d62fddd203b9ff1a403c018e8d50ec561849ea7f4a2788e6c957f70fcc69ff070dd2a9a87194994e5e16ea728ca5bc656eb74a952a4b55ce89a2a761c6baa03384c3d84d87be11ec5b0c7c53272272b73e84d1efe1b3c57a168c8ed8417348f080a1
+** GENERATE (SECOND CALL):
+	V = 2ab75dc61bd56c80dab9836f28cc339220db7b2a7fc9f19b9fe16ad901135e33beda9b0cf50fd118efe53d880430fe9c5b1649b57b5595
+	C = ae65802bbecf704a5e5f341ac881ecaaa0e973b8d79ceb46465ec71ec63eb689554ab845d1feb5697362af5575a5cc91d2160679840185
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = d3ef130e63830ca3532a2ff1cd24f479f7dadddfa47a9ed2
+Nonce = 74cdc95d610ac76707c48a90
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9dfb3d1b8942bb2bce04ddeb0077bee8365d1053ec40e9ad4a9ce35209ae3b4872acd5f0340c4e495db06e772b6103da4f644660bafb25
+	C = baca7c3519f9f7dfb654350ad6ddd1df05e22f2e8fa5b82bdb2c00492616d0adc4a0872581a1df23cb3a11fd2655b792d7e4bf8b1367f9
+	reseed counter = 1
+EntropyInputReseed = 204a23355e3292b4c9aa9c7b8b51a82a0d74c580e531c22c
+AdditionalInputReseed = 
+** RESEED:
+	V = bb372501b387a05961f570923fa9632cd0313198e641eaee198bfcaffb47e3eb0adcd61c6817d26938116b0b6d82cb70c4ef4157eaab76
+	C = ae4b5b2ebec41649d10b70b5a3a124d7059b7b9a3ebe32cdbb812f535f5025c852f24efcb34bbd379beb5d3b6a45ba074ccb9471ea15c4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 69828030724bb6a33300e147e34a8803d5ccad3325001dbbd50d2c49f4a4e7dd584156de7e1d0cdbae522726d2d5b07752e2b5df6c446c
+	C = ae4b5b2ebec41649d10b70b5a3a124d7059b7b9a3ebe32cdbb812f535f5025c852f24efcb34bbd379beb5d3b6a45ba074ccb9471ea15c4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = db859b39308c9ae2c3bcbe76847ffb94c7499fc31d3992bbe827aec5cfae1e2be53c16c35e5e88966528f1598e719b3dd2ec19154504a163fd31024b826f6a1f20532cf1428e560226767d818e6a88961e698db53c95933d4bc008ac29eecc49d8fdb62dbb11771ac8be16ca7bdd6fe1
+** GENERATE (SECOND CALL):
+	V = 17cddb5f310fcced040c51fd86ebacdadb6828cd63be5089908e5c397997bc5da2ae9e0df3b0de399c74eda9d5b7632f84b76a60070f12
+	C = ae4b5b2ebec41649d10b70b5a3a124d7059b7b9a3ebe32cdbb812f535f5025c852f24efcb34bbd379beb5d3b6a45ba074ccb9471ea15c4
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 03969d029d0146a888a0e1ce7933fb54d7e6abb4ee1f9bd5
+Nonce = 8da0ffbc3e9cf6a208356b02
+PersonalizationString = 
+** INSTANTIATE:
+	V = a84515841dff75b08afd2246c465be94ddd06ba8a9113c18c58c7cddcdcfc7684e35591fc700ea172964808bde0a4f7b46002dad4ccff4
+	C = a3f9059c6a8e78d735098e57e0dc5424390b2bbff2e731ba54ae1d8e0ec76b791447fe3648801469706183a0c1a7024600d91ae443613f
+	reseed counter = 1
+EntropyInputReseed = 7d7e8f0e1b6a2052e749f5b5636a9442b4dd6846429c6d29
+AdditionalInputReseed = 
+** RESEED:
+	V = a101e4a85198d1c6395e7255ae837d95ff5535caf99d98a74835f140c6ca4349180affcb8902068b5d89c5584743ab85471de0c159004d
+	C = 324c4c4067f986611a7328fb4f5e40d49d9e412596df01b35c46fa522cfe11ce75629d4e6ec6cb5a43c5d9543ddc447c4f49254372d144
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d34e30e8b992582753d19b50fde1be6a9cf376f0907c9a5aa47ceba5b9297e90d80c0bd38bbebfcaa2ba5ad44f893325d9eb2ad6cc334c
+	C = 324c4c4067f986611a7328fb4f5e40d49d9e412596df01b35c46fa522cfe11ce75629d4e6ec6cb5a43c5d9543ddc447c4f49254372d144
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f7fb77bd89de819dbf4dc3fb3a2357afb5b36749bc660ddd16e8d6e036ba1a8fbb2b85a97e1ac25abb2e11db25603cee1fc5d62887498545936941aa5fe33c3a24841dbad4ec7e8b50a8d6242e0667ca683b438333077576a8d2ff17e8a7aa7234b20157540c8adec5cad30b0b25568d
+** GENERATE (SECOND CALL):
+	V = 059a7d29218bde886e44c44c4d3fff3f3a91b816275b9c0e00c3e6e51e552331a1000f722eaf15142882ce09c242f8bbaba56e943e1e4f
+	C = 324c4c4067f986611a7328fb4f5e40d49d9e412596df01b35c46fa522cfe11ce75629d4e6ec6cb5a43c5d9543ddc447c4f49254372d144
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = fafbbf3fe2e5ac54b7e7dba0950268259591edb6dbbcdf59
+Nonce = 739f54433c33a1875410bd0f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 214d7ca74abaf6b7193e0a6eb4b80e1bdf0aedd748f1fed21f1b6c097288a86f52d50ef7913f42fb206e944728ec4755e1a8c2760bacf5
+	C = df358710e0e985790f5e497055631f8db1379c5273bb9213be12ec1617523612d2b16da66806b1b5ccefb84d431740e7cbcc3d5cfc6857
+	reseed counter = 1
+EntropyInputReseed = 82bc3cdc45e11ac82156690096d9ae6666108ef65601124f
+AdditionalInputReseed = 
+** RESEED:
+	V = 7897c2e03842c2d917ad54430d9cbef64fffe441b6ed91b014e4a9145e973ba1cd302f79bf3f2661981330884ff8d4a7c0ad9ab74b9a2a
+	C = b3119e605f63364d0421feb686470435f2f0f2fcd9808ec143f8c971902711df897fd2bacf178efebde5d6ad7333fb4fdce04cc4378dcd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2ba9614097a5f9261bcf52f993e3c32c42f0d73e906e207158dd7303b78eabf145a574d0cb16c5cf3a72f0847383a5199acdbe88756826
+	C = b3119e605f63364d0421feb686470435f2f0f2fcd9808ec143f8c971902711df897fd2bacf178efebde5d6ad7333fb4fdce04cc4378dcd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2e112a36c8f46954ec450088312a8f5de0be2a8ebeab0074d8dc83e203e3c8925a393730a7b2f5816a44d6d6a43d9948d9f5217602a7fe79ea135f06c579a5d6379a11f0babcd1dcceb58737d18189a79ea85a1d72b96fa05d9a1b9a5f7b6a63546865a4ed34c8702aa5762740717864
+** GENERATE (SECOND CALL):
+	V = debaffa0f7092f731ff151b01a2ac76235e1ca3b69eeaf329cd63d62fa4cd803edff07311a4d87f92f0a8c37458ab4cf9121b9950cc0a0
+	C = b3119e605f63364d0421feb686470435f2f0f2fcd9808ec143f8c971902711df897fd2bacf178efebde5d6ad7333fb4fdce04cc4378dcd
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 976da7b1f26c42815ec7c8ca8e1b1af34bc7e4c79441a020
+Nonce = a001314874d5245509729adc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6c940b4ce62d717ac8daca236e90824d37b168e556bb9087860b58caa756c5adefa3433fffc951c4f83b72a415d5c04ac03f84597518fc
+	C = 7023ca8090c6ccad637d2d3e7dae98daaa27a9f8eecd415f795e677927e5de4ce042533fe383d737aba54c2bfb14627a250556ead45856
+	reseed counter = 1
+EntropyInputReseed = f72a0abd140d53af0730efe9441638519310e6eef7db3042
+AdditionalInputReseed = 
+** RESEED:
+	V = 4344d7d8261b24a8e4c6ea3ba4ccfb3c480598adcf8c8dfde5c91e592961bf7b6511efca9eb91bf92be5bbb03fcc2188b93c5cdf75569a
+	C = 3082534880fa092f9369f40acdfe50e12844d98f5659077f66a6549ce65c32842eb9abfa3ebcbac3638a4ff80b3d26d634c5ac3a359506
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 73c72b20a7152dd87830de4672cb4c1d704a723d25e5957d4c6f7395e9a710b2c3d65b98af31e59b2e69a5d94d43e329e286a81223508e
+	C = 3082534880fa092f9369f40acdfe50e12844d98f5659077f66a6549ce65c32842eb9abfa3ebcbac3638a4ff80b3d26d634c5ac3a359506
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = be9526bf8a2399b84ae61494b8842c45ac71894dee71ad09360e55460e1d432493624e75632dc678380177d80283aa1e159a45015c1e867f32e22e3b49edb6b0ec23603d021fc3e7335fd4fcf4c5442be7cf4fe63147dc550f1c7f4e45649c3777dedbca3f3f0e83fe95b294c37797b3
+** GENERATE (SECOND CALL):
+	V = a4497e69280f37080b9ad25140c99cfe988f4bcc7c3e9cfcb315c9305f511dbbacf09ca7c3c8d27a274a923ef68d26b81206533f06987e
+	C = 3082534880fa092f9369f40acdfe50e12844d98f5659077f66a6549ce65c32842eb9abfa3ebcbac3638a4ff80b3d26d634c5ac3a359506
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = dbc38eb839cefba868318dcbaf2970378a994f6748da4257
+Nonce = a840e839a48c6d821392168f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6a9c8d5006f0e2481a57ffd13b49ede4e67d6daea88740bbd3d7a204af2a555f1fc9671f14ea442e02c6fa18b7d4865ec86f782e21c5e5
+	C = 8c0c743d7f979fb2e252641310197601ba4ba7ab5e429af61e2e25068e9f3c35f1ffcaf99a82837733d34b8648c2b56f0d42475d4e5453
+	reseed counter = 1
+EntropyInputReseed = 1578bfd94ad010e4ef57934e1ebbaf241e03c6fd0d3b1712
+AdditionalInputReseed = 
+** RESEED:
+	V = 94748515991c26d08a0a218b38424f3e911959eba153a418014ec334daeb797f00e4564426d5cbccfc6da4f10de1b4ee39349d75f20543
+	C = b973a4d713d117ada73c94ff18f9330d0284194a1a2c9a38b7def0a682842e5852ae61779d4158633283bc38ffa227ec43eb29f77a571e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4de829ecaced3e7e3146b68a513b824b939d7335bb803e50b92db3eeb06488f8a9c130197d794b252fb35d3456239901c54d81209eb623
+	C = b973a4d713d117ada73c94ff18f9330d0284194a1a2c9a38b7def0a682842e5852ae61779d4158633283bc38ffa227ec43eb29f77a571e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4b8bdc9f96bf9653157446c844518b0887c59921bbf803d7077850ef752f36e1ba85b6da0f5172fb31003db5bee3f0935dc6e6d5a640a639b94eb6f74c84c194d56807a0ada7f18368bfd0c9d7a9333146b832276cbb489560be6a07ef9796d1700c3e86918fa23b3e7a5c0437f7caf3
+** GENERATE (SECOND CALL):
+	V = 075bcec3c0be562bd8834b896a34b55896218c7fd5acd889710ca4a60183f53ea73e9aa1024c30dcf39da6d1e4e81884851d585b9c9f36
+	C = b973a4d713d117ada73c94ff18f9330d0284194a1a2c9a38b7def0a682842e5852ae61779d4158633283bc38ffa227ec43eb29f77a571e
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 02c12deef00281efcf7ced56651b86701a345234a0725023
+Nonce = d8affde155725f493621bd51
+PersonalizationString = 
+** INSTANTIATE:
+	V = 106bfd9f898afcf278cc4dec1e36b5b3e85d47f813174740402c8c48916de071c73b0e445d3dc4dc7d9daa3ee2c9bc36e2ccd995ec22c1
+	C = 84b6142da51ea3cec2db34477f01f1bfc247b0be2abbbcc71420348c9dd4cb6a6da8afeda7767eae807465ec61125dae6f2e35bbbe8d14
+	reseed counter = 1
+EntropyInputReseed = 1751fb9451551e155279465234e07614eeee45c2beaf9ca2
+AdditionalInputReseed = 
+** RESEED:
+	V = 8e64b9969e337bbb6654ccf12301431b3f025a629549b5a6d95bbb1e3ef094bafb541458c342398225103dbfbf491f6bddf939f9bfd4df
+	C = e05ba55f028ecc74f3503959839df05439531f5ed00d5331b48bfc8af2c7448e21133a6e40aca59b112018f978f7fbd4912f3e8b756030
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6ec05ef5a0c2483059a5064aa69f336f785579c1655708d88de7b840d8f46d49050021f8027afa781c9e31b9827e31febd279b342c08e6
+	C = e05ba55f028ecc74f3503959839df05439531f5ed00d5331b48bfc8af2c7448e21133a6e40aca59b112018f978f7fbd4912f3e8b756030
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 686a9e39098a7e530cbb3f6a51be75c8240264ab0bc7abb72ea8cd807e487fc39703ef6bd77d005b0481cdfac3cd0a852068116b632dec22427501356c643e0048ab7c0122b6d6221d95ff4bf6578a4e0666d295cbe33351a2b237eaf4761e7918ed4538056b6d58400be56799c3445b
+** GENERATE (SECOND CALL):
+	V = 4f1c0454a35114a54cf53fa42a3d23c3b1a8992035645c0a4273b576a46ca16c77686b72b9cc16ee6297c736332d290dec61e551b344c8
+	C = e05ba55f028ecc74f3503959839df05439531f5ed00d5331b48bfc8af2c7448e21133a6e40aca59b112018f978f7fbd4912f3e8b756030
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 83b38ddf03d7e2f7eb6bdaeda857682d15329213014fca77
+Nonce = 49b3291d93607d5d995eb572
+PersonalizationString = 
+** INSTANTIATE:
+	V = 12a4ed595f907cf7949c00de0674bc00465e01cb400d7b3b70d891e437d5a54d2f4e88d230a587019a9091240613a160150f520d13ee00
+	C = 44e9bd7e371283e8a77675d3d485105fd9b9473341e3cce13c0612ad8e5282940cb2a9750862af1470211ba78dd2f8025c268cf69d61dd
+	reseed counter = 1
+EntropyInputReseed = 6b1a31e6c709a782f3bac467f16b55756eef36f09c8905bc
+AdditionalInputReseed = 
+** RESEED:
+	V = 2dfb6975ae5009d0e714c0c54605d64a7405f200dc0872c70c8c6d4c4c98910899f410d58e8e1b8fbf33771ff4b0d694b2a93f44fa9a4d
+	C = 38daa1443a29940cbc3818136d99ce80c99bab9955f80bdcf39d0add4ad944e5a8276bad480ad2615714ec0e32743f32fe8e1e73160659
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 66d60ab9e8799ddda34cd8d8b39fa4cb3da19d9a32007ea4002978a0c1fbf1450a49797f9d4d0c9ec158a06b1c9ad68268cf11c7c526e8
+	C = 38daa1443a29940cbc3818136d99ce80c99bab9955f80bdcf39d0add4ad944e5a8276bad480ad2615714ec0e32743f32fe8e1e73160659
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ebae58a12ee1723c51d0c850c1ad177f4583c1584203cce91afcb63d6ca2f9d95b933fad574df0fe5bd255724718481b3565001e7ebf3f752f72e4a0cfcdae35cb4a7d0b3e82213ff74c160c56a539970165441f4f47151cc608297715384ebb9f7ed1ba0b2fe7bf60e2be3de761b433
+** GENERATE (SECOND CALL):
+	V = 9fb0abfe22a331ea5f84f0ec2139734c073d493387f88a80f3c683bfa33fe01a5430d77e435d4be1c3ba112eaaa6572a63e9324d54aa47
+	C = 38daa1443a29940cbc3818136d99ce80c99bab9955f80bdcf39d0add4ad944e5a8276bad480ad2615714ec0e32743f32fe8e1e73160659
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = eb9a891426241d5a86c7dcf932b6557c7f86144d8cf2ba4f
+Nonce = 14d156e3053f949c1fdcc5ea
+PersonalizationString = 
+** INSTANTIATE:
+	V = a88a9b0af1bf13bfef0b25ab86906dc4fdc2f76280b7624acbc740238ac30e40e41e04ffe28eb15ffa1909304c223e155cd85a8b38ebf4
+	C = 25f4941d63a928326a7707311eeec3f06a5ba7e1253bb82f85971d04b8ef0157d2ab83443e4a00ba6c9972a22fb35ec6fbf7378504e8a5
+	reseed counter = 1
+EntropyInputReseed = 6714875cdcd975788e520f7d5c081b91d3d5561aca0e982b
+AdditionalInputReseed = 5abb328f83310452c3e7d0d90af1af5513ba397a6f2f8933
+** RESEED:
+	V = 72f84fcec8e62d0c4e3414ae2c686524d6f48f1e33522c0ccf4d3de66b315c36193b664b06f6a25fa001dbe93bcfde7e2e0b6aa831f291
+	C = fe753ddf67126ece5179bcdc1acec3a3ca8833e03729e5a499ce372b2676e51631647df154c2de3e650e5854afb2fb7cefa20dc6e3e420
+	reseed counter = 1
+AdditionalInput = 22294ad638b7c35c5effdea670b3ff8ac304eab7f5a92f49
+** GENERATE (FIRST CALL):
+	V = 716d8dae2ff89bda9fadd18a473728c8a17cc2fe6a7c11b1691b75f4adc5d22f4ce1f60d5829006ba0b1fa2c5a32f74dd60963b66b3f2c
+	C = fe753ddf67126ece5179bcdc1acec3a3ca8833e03729e5a499ce372b2676e51631647df154c2de3e650e5854afb2fb7cefa20dc6e3e420
+	reseed counter = 2
+AdditionalInput = 53602ff330e2fcced5b42d7adf1c241667d10ab7035db569
+ReturnedBits = fe6b5a3b09f3ffd043d9c961d7c905e942add00c6f22a51278e9cefd9eb5ea5979869a5a877782c8dd7a3325c8afc20bd524f39d6e90684cf0e0d99bdcaf09fc2de83d867786aafea90d61b6497494b208b5a7ba3e4377f7453333cc03f6941595b68f51b8f6170762a86777d06eae95
+** GENERATE (SECOND CALL):
+	V = 6fe2cb8d970b0aa8f1278e666205ec6c6c04f6dea1a5f75602e9ae1421e3186a5403ef7bd838ed169ede0e40c089434a930e0fcd5b1559
+	C = fe753ddf67126ece5179bcdc1acec3a3ca8833e03729e5a499ce372b2676e51631647df154c2de3e650e5854afb2fb7cefa20dc6e3e420
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 5571ed42a924fa07272a3fc0dd8b6089b5f7ec7139e536d3
+Nonce = f5523d4d01d80ef30e2851e4
+PersonalizationString = 
+** INSTANTIATE:
+	V = 328ae75752718f0f83531be1e3cda84784f302bf2b77248f034c90ffe45805f413f64f73baf77997b71b6181f9677fc4818c9032ce2ee7
+	C = a058fb48a2cefa213f5a5c0f8f1c6a77086c753a571e12e02b0dd3c179ce75199c8084167fd29a0e97c80696ec0d17d85f22e5f3a72cde
+	reseed counter = 1
+EntropyInputReseed = 0b11afa6e1355c62bad0341ee10eebf89305e9dbe9bd6939
+AdditionalInputReseed = 73439bbb08d80b16ebf3473c2485e6211b2d3068fee54786
+** RESEED:
+	V = fed4bcb3493cbf14e25255ffead453763ee8a3539c92abb41e072a7a268a258e15d56fff3c5eab28d428bf88b05065ed350c201f805e43
+	C = 0b35ac869a7f698a4ecd754f93ab2daf7d886d5cdd1307706593a25e7995b4f24616b6e03fc1606ebeff7aeacc4011df4f550e8c738f59
+	reseed counter = 1
+AdditionalInput = 431bc835c430fb2cafe29b03a20c9bc6f101ce64e5397d3e
+** GENERATE (FIRST CALL):
+	V = 0a0a6939e3bc289f311fcb4f7e7f8125bc7110b079a5b324839acde43f0e925adb867d22ae59538fd8d0bf9e29da753cd2dcd1433e2b26
+	C = 0b35ac869a7f698a4ecd754f93ab2daf7d886d5cdd1307706593a25e7995b4f24616b6e03fc1606ebeff7aeacc4011df4f550e8c738f59
+	reseed counter = 2
+AdditionalInput = 8fdad9f89e02cb453206ddad4eb005bc011b6ee714277b69
+ReturnedBits = 292cab6f6dba00c433eeec1a06381da6feaa10c83384255b3e65599221da1d797210a0d6a3cea1870586b4bae7b29dbb57b575d666c1ec2eb42bfccc10300d189a9139c0f2151f1561a092e87bc4e98fc0d2acbc16513e3d90cf733f24291e1a53f77906aa62299ab7c9e5560f646ec5
+** GENERATE (SECOND CALL):
+	V = 154015c07e3b92297fed409f122aaed539f97e0d56b8ba94e92e708ab47ae85f4e200ecd7583ce4c1e63cea50a39eab5804a22381ea9d7
+	C = 0b35ac869a7f698a4ecd754f93ab2daf7d886d5cdd1307706593a25e7995b4f24616b6e03fc1606ebeff7aeacc4011df4f550e8c738f59
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 1028facfe895046cc77b00cabf2ffa9c3fe24131db5449f3
+Nonce = 9b3e6d8576a19126bb3fba0c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 26d31867f71a9b08898b1bfb2d4f1448f4f63ee8e4122ac0c562bd82c29fed34d4af2670462ef14c9dd9ccf8d9ce6605600af3685fbf4b
+	C = 35757257a2eb7af49378cbc6a9008dfa9e3715078871bed076c651272bc438228557d66573e36b158ff3dfe708302ed1572ab82b8b9f7d
+	reseed counter = 1
+EntropyInputReseed = 7dc0e1df93575813387fda56257fd5f47b51f2b37292aa5e
+AdditionalInputReseed = f2150102d8b47a97a4e9af8b4bf5d38e957c3159a07e051e
+** RESEED:
+	V = 43cba2c4ea8e38140c82410db2faeff29795480c7278d10181d266db1beb59edde394a44740ba9d0aa537ac00b8681136f7b446abcf564
+	C = 5698ed13b8dad0a299977b509a123a8ffab753f5cdacf8d306d8c912e00b80ddb3171ae9f997fff6c63e45fe3d7509d5051475aa8a03fd
+	reseed counter = 1
+AdditionalInput = a2ee04b4fe1be931ef82f07070788b82f9afebdff65d66bd
+** GENERATE (FIRST CALL):
+	V = 9a648fd8a36908b6a619bc5e4d0d2a82924c9c024025c9d488ab31308ae7f63e00dbc10f4c348312ba5ddc02d78f25b87028b54c18ae61
+	C = 5698ed13b8dad0a299977b509a123a8ffab753f5cdacf8d306d8c912e00b80ddb3171ae9f997fff6c63e45fe3d7509d5051475aa8a03fd
+	reseed counter = 2
+AdditionalInput = 9ff5cbb00d307869d959f7ac74bbfe82439953dd15a23527
+ReturnedBits = c568dd589a58de8b080cc5f8245cad2fcadca76a5ff286b679172700e77f74a0f260b17ade2cbd79b1212ea2a7f2c8a67e188db3823be23df6798a561eb3c8164cf139f02eca7c94f127cad26a930378ac67b82595b53885e96bd1d6e3badfda8af88cef2c6195461e15b7c6b9f8abdd
+** GENERATE (SECOND CALL):
+	V = f0fd7cec5c43d9593fb137aee71f65128d03eff80dd2c2a78f83fb18129cc046b9867cba6b5bb9cb0d3114cc506a4d9e254143a559bde8
+	C = 5698ed13b8dad0a299977b509a123a8ffab753f5cdacf8d306d8c912e00b80ddb3171ae9f997fff6c63e45fe3d7509d5051475aa8a03fd
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 0a1f6f29e0e0fe9541298cd934ac9eeee125e143be49a587
+Nonce = d790a6b0dbbf2e6d2e62ef6f
+PersonalizationString = 
+** INSTANTIATE:
+	V = ef24f562defdb0a36a35402249e5342bffe4082c3f707d757e014b2517b98b7381ebc238093d28511bff5495b84a89b8f3e03d2c62d14d
+	C = 7198de33a340ede3ab503dd7fd4f67631eb4c6005a4c1440377aafc54d9cf115105c29559da0cbf8bf844a23f3cf066bc384ccd5140768
+	reseed counter = 1
+EntropyInputReseed = bf4e18bdacd72b70bce81fef9b02e5e9fc5948e593c8c450
+AdditionalInputReseed = 2d4a12c1a36015082b4ab3c72687ba4f3534ceb610ad5ef6
+** RESEED:
+	V = e989bf5892dfc31d395a9b1a15f35ad5ad234c1e90ac421c24705df9fa2ee219f0252a0639ea6c866978e93d2df932f375423bf76cfe25
+	C = 22d0ca1014acb79169b7525e62626373cc22651732f24e5fd62ef4adda4c703a88774f535d2f314e49d83e003a917118459d816871c141
+	reseed counter = 1
+AdditionalInput = ddb9d93a8d28234992cf18b701b14992d9e82fb234378d96
+** GENERATE (FIRST CALL):
+	V = 0c5a8968a78c7aaea311ed787855be497945b135c39e907bfa9f5362b84cc9a458c61fceba64ae5937e1d1086fed6705782fc9138c62a5
+	C = 22d0ca1014acb79169b7525e62626373cc22651732f24e5fd62ef4adda4c703a88774f535d2f314e49d83e003a917118459d816871c141
+	reseed counter = 2
+AdditionalInput = e752666b8a4a7519aefddb895755217c06735b167949c2e0
+ReturnedBits = 3f863ec90782bfeb1fcab93618af3c3be4892cfe9bc8b4bb9ff8474ef4ae7a213229797dc440c0b6562d095fb5550b7095adc4673630dcb50421fa9635eb6ba06c845c3ce5753b343a6aaef5dbcc73a3b823a9c864a13beb431ea2e3c71445a978a4fed6fb7768f891c79c02d72185cc
+** GENERATE (SECOND CALL):
+	V = 2f2b5378bc3932400cc93fd6dab821bd4568164cf690dedbd0ce48da3d912aa6b7f6edfd311e763a7b5d32ef80c689654e89244a63fa60
+	C = 22d0ca1014acb79169b7525e62626373cc22651732f24e5fd62ef4adda4c703a88774f535d2f314e49d83e003a917118459d816871c141
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 80996e0ef7ad95c46a107872b8ec1145baf5a03a9a66d952
+Nonce = c60ecf948d5684e0f425d4f2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5ecc510255e3816604d6e2e803b59068ac12b26c840e60b397e975fc91b20aab673f023d7099029676db8c943879f9e784d8d35925ba5f
+	C = c4027e5e2d19b18b0f25c85815f33d5ab27a4ff81a57fd028fc65be4692acee887b89f10fc8233de83e738a1165a3ba14482e346b27ffa
+	reseed counter = 1
+EntropyInputReseed = e23fe488d61129a53137f3b23c0dcfd9ef02830439e0616f
+AdditionalInputReseed = b98f927515769b21bc16b3892bc7131c14e75550e7a5a3da
+** RESEED:
+	V = 6ab10a5a31a1dd5e093f26b7b03bea99b4710f98caca1c6e32a4f01461fe26445bbb8c3763ac1fd9ef2f54af376661ee754080e73c6070
+	C = 1d830f1f1837de70ea99cd69dd93ed21496d6c26d296c25f523163df1f8b4065c18081978aa9a8253171daf1adfc2e4a0c223dd03803c5
+	reseed counter = 1
+AdditionalInput = 5b508a1d42231088fee137415beea39b4126d3859f175abc
+** GENERATE (FIRST CALL):
+	V = 8834197949d9bbcef3d8f4218dcfd7bafdde7bbf9d60decd84d654c0a90ec6573042b822c85eaf1bf2400f000401fca96fee2ec3dbd3cf
+	C = 1d830f1f1837de70ea99cd69dd93ed21496d6c26d296c25f523163df1f8b4065c18081978aa9a8253171daf1adfc2e4a0c223dd03803c5
+	reseed counter = 2
+AdditionalInput = ece79b1c7c5b7c6e9a25fcf9a000595b57674667bfb3b204
+ReturnedBits = e5467d9306763f439571ed32f970191adc17a531ffc7c6604382f7cdd0c63ae9a3d0c9f129e53f683377f0f52deb717ec1bc8897ca22f2e63a192bdeebb7d912cd2a5f67c632fde75884df0c1144589f5dce0ecc77393233c517c405b4263beaf577b71aa1c497e84988fbf36dc4e3ba
+** GENERATE (SECOND CALL):
+	V = a5b7289862119a3fde72c18b6b63c4dc474be7e66ff7a12cd707b9756c8f0c9fe3244d4f129b6932c372f1b3b3f553581ad7903744124a
+	C = 1d830f1f1837de70ea99cd69dd93ed21496d6c26d296c25f523163df1f8b4065c18081978aa9a8253171daf1adfc2e4a0c223dd03803c5
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 10d018dbc1094c9af6f9ee864bca900db0202fd7a76188a6
+Nonce = e1f8c5229da819edded6d5d7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3da6b783c009b175f1ff72138a2d08ba45d24ced4a0975c4d5af5b132959a0b05c427862ad66ac0f7d7dd578104f85b10354421208dcf0
+	C = cf29b115d0065a4377ed933c6dc892bd9222a595b8e76b44fdf7818b5bb444697118abd619b23dde11515c0e3c44d1eb678957ab771322
+	reseed counter = 1
+EntropyInputReseed = 66fe0a09afedce07ca560abeaafcf472c60c2af6d5e147dd
+AdditionalInputReseed = ee7ea52eb6bd33a6086b2533209157b614605b58122772d6
+** RESEED:
+	V = 4022c6ef7d28da399eb9eca8cf447c51fc79cf6696dd2a2622ea7d05da71eea505f4135cdcf47108c87cb73b61e4bb85f0e82db0f0d39e
+	C = b9b79a487db6df3f435de05ea17f23e47b8ac8aedb2b804afb938df0f07c620fe106e4c51e6bf067f451328c7863519dd5a80bffa8d56c
+	reseed counter = 1
+AdditionalInput = f200d99885e92e85e93fb0f6ef369374dd109f9c92e61a05
+** GENERATE (FIRST CALL):
+	V = f9da6137fadfb978e217cd0770c3a036780498157208aa711e7e0c1383872ee230109658b77013e661232abab766fdbfb584054e9b7459
+	C = b9b79a487db6df3f435de05ea17f23e47b8ac8aedb2b804afb938df0f07c620fe106e4c51e6bf067f451328c7863519dd5a80bffa8d56c
+	reseed counter = 2
+AdditionalInput = 2ceba42d44b77e0db6325ee7168e3b6b45babe8827d50631
+ReturnedBits = 1829e5f46f108bbbd7350c0a93c6035d9d86032d76e32d2e56ba7868e332cd537be9c0de33043f6625c24aa070611c74bb0be325e1ff566978cfda89f5a5857fa40b96cc46888e5694301852505162f781da09740c08b8d5d50a01597ff8b6737b067a2d269a1a2b0efa1e3ca4c05a67
+** GENERATE (SECOND CALL):
+	V = b391fb80789698b82575ad661242c41af38f60c44d342abc1a119b1410a18298e5b29088210b59a80d8b473db3468a7194c5d6caddac6a
+	C = b9b79a487db6df3f435de05ea17f23e47b8ac8aedb2b804afb938df0f07c620fe106e4c51e6bf067f451328c7863519dd5a80bffa8d56c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 155cdeacbe0218f4d6b82371ccb20a0cfd6d49557bb1937c
+Nonce = 691d8402b16e9b12ddbb5634
+PersonalizationString = 
+** INSTANTIATE:
+	V = 49c9ff76e1785cc77298b0b890056c55cd65caa14594c70ec8ef0c1f1bd618a259b1db4ddb828eae0b4b8ae8a627860cd0af20ee0229f1
+	C = 1e585c0433c493ef200d5cd64881130b43373def7be2208e2f5815695154dffbdfc94ad1f181320e759cf35db0529600850f3576ee2bec
+	reseed counter = 1
+EntropyInputReseed = 2f71df597dffd043d2793cab07ef877c4587b9cff0173692
+AdditionalInputReseed = ee9a936cc67c162ad7ed2f781a7d9c7ef6d7c63ab163d567
+** RESEED:
+	V = a6dcfa0c6ea4602a4c15972f7293934e3057f46fcccf2737849da3a55d4ae82d64bea76d1d94f1deab0977ad6de95ba16617ab0091711f
+	C = f04916059f5e82041d89abd2ee6815d1de9710b595f29dd2d0d5538fa2229924d8027fadb87f7ac3495157552a9d6b3ad71b28c06cf4a6
+	reseed counter = 1
+AdditionalInput = 2cdce7b7c943d40f9cb27e76c2a9e3e68cb73818f29b6889
+** GENERATE (FIRST CALL):
+	V = 972610120e02e22e699f430260fba9200eef052562c1c50a5572f851dcb6c7f1aad694200df9c2a2ad1c5032fd08752b873232312e3a54
+	C = f04916059f5e82041d89abd2ee6815d1de9710b595f29dd2d0d5538fa2229924d8027fadb87f7ac3495157552a9d6b3ad71b28c06cf4a6
+	reseed counter = 2
+AdditionalInput = 359151559d8e1315017aa72c0eb4e528ecab9fc40e34ce31
+ReturnedBits = ede50c9b420077ac604051f21fc63282bee64de5263da16f048df98121f822dc4079765c317d9a45b465aae42fd7c23bcac0990049eda4f5afee0385a3f78acb96ca74133689ac9f949d05199815f497dc0bef6f3eadd24ca572bcbe7d08db9655e41ab5cd963f419b590e741f63048d
+** GENERATE (SECOND CALL):
+	V = 876f2617ad6164328728eed54f63bef1ed8615daf8b462dd26484c35fa5ee3ab924be524f4445259f2387aa35125dcc197523846773e62
+	C = f04916059f5e82041d89abd2ee6815d1de9710b595f29dd2d0d5538fa2229924d8027fadb87f7ac3495157552a9d6b3ad71b28c06cf4a6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 89bb4d3a7973f495e25424c92c7753a6fdd6502be1e77dfe
+Nonce = b24bd9775c47f2a045876758
+PersonalizationString = 
+** INSTANTIATE:
+	V = 03ec11e33ec3d41d2e889b70afdd922aac362aa0cc84701723de44b256d9c528c85665dd530732ea7d3c2508abbeddd2f51755349622e0
+	C = 9a5e530ba58811d9a1fccf4c468cd6bd77c42e6f8de0d323b90ff6dc923b04491c7af1780909e8cbc79360af9e9446c75a3aad4178861e
+	reseed counter = 1
+EntropyInputReseed = e9ff5df08707a764b4da25d52d42550171f4d5bf9e0a02b0
+AdditionalInputReseed = dded519547bce80f963e4281e0dedcfc20591eed1946be89
+** RESEED:
+	V = a8b99acfa8c5e05d9a9ed0758ecd5864b5ba33f0a077e2008e4385d8b2992060aad60ad056dc2bd5544cae8dd865b0a8687f44598ff51e
+	C = 24d3c4f54bb6cc5dd73ff59cc20e74920e71a03410c416a81a607c871ea1512f54adb195acf07ec7d7a9c6dd5ff54438ad6bb4e6e704be
+	reseed counter = 1
+AdditionalInput = 5d8e9ed604bca5dbdee89de54144eb49157b5ee2a3a46ef9
+** GENERATE (FIRST CALL):
+	V = cd8d5fc4f47cacbb71dec61250dbccf6c42bd424b13bf8a8a8a4035d0e900ec360a51e9fcceecbdcab63a9475685425146770ae14c7e08
+	C = 24d3c4f54bb6cc5dd73ff59cc20e74920e71a03410c416a81a607c871ea1512f54adb195acf07ec7d7a9c6dd5ff54438ad6bb4e6e704be
+	reseed counter = 2
+AdditionalInput = 259de34687678969795fb7f20fd448c828ad50177adc3355
+ReturnedBits = 023710c89bfa5fb70d6372fe7ddfb3d50c9199773ac1f7a2faeac134c5b6d22b3d86201820c910f5c1947ebc4388ba3b7c560bf599b193a90be13a7bbc7a302fea6e6dba516b7fe7512eee1bc246340882a3b26f3333d2b8a0a7437007f4aee4791f863b4a9f66caf0065001a1e39a03
+** GENERATE (SECOND CALL):
+	V = f26124ba40337919491ebbaf12ea4188d29d7458c2000f50c304813a9103e8fa0cb3dab56130f572b36dfdd309438c324a20d783be4861
+	C = 24d3c4f54bb6cc5dd73ff59cc20e74920e71a03410c416a81a607c871ea1512f54adb195acf07ec7d7a9c6dd5ff54438ad6bb4e6e704be
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 90693701e20d455a7079ef8fd33a7c7b6edea174d737c1bc
+Nonce = 96aec4e48381a9f943dec370
+PersonalizationString = 
+** INSTANTIATE:
+	V = b83c0bfb09ca739739ed78821c7686ffa93893905f4e5f240c884ed402f48e90191002b3d82cc499c3f2d0fe2fe8ded23af5d9693e5a5c
+	C = fc0865f9dc15e554c255bb4f5f6cd18180667cc0a21e9f17e4399df69bbfcd8a1262ad0f87968cc229ca1b2552693792a2a33f75bccaf4
+	reseed counter = 1
+EntropyInputReseed = dbb754bdc170002fcceef9cce1506b7946e6f6d45287b8c3
+AdditionalInputReseed = 797ee86e68966e5d72878171a81fc67d4a778831f9dbbb4c
+** RESEED:
+	V = 32e090a9c79e03eb123be90f3021982456e0e1af71233a959979930ab6d63376116bc36d57490de06b2ff6fda20741c4cb4a1fb1210db0
+	C = 2079b62ca4a9396395b27b496fd7bb6bea04662f15423393a55a872fc14d6e3b41dd324986289e21297ac4524c20a1ab9ffc6a8d4c5b0a
+	reseed counter = 1
+AdditionalInput = 4a56fc282ba5f239b23c942e46b577f0659c0e77cfa763ce
+** GENERATE (FIRST CALL):
+	V = 535a46d66c473d4ea7ee64589ff9539040e547de86656e293ed41b88993b396c9e5e2093ea22b4c6d4f5b492dc962f4eb691073f2f8562
+	C = 2079b62ca4a9396395b27b496fd7bb6bea04662f15423393a55a872fc14d6e3b41dd324986289e21297ac4524c20a1ab9ffc6a8d4c5b0a
+	reseed counter = 2
+AdditionalInput = f4b9234778ff47fbc28b47266dc0392d5637eb4cdad2a116
+ReturnedBits = e33b556f97d8a87b6f00eafea411ca8335469659e97e22a5438c5aa33e8194dc407fa59b04f02d6b156470b5e7fa5ddd39d1d3d4e80824031420f0816de0d46c9d707b9f3e25ce917a4bb051782872134de9c4b7e866706b7c1a36aa2315b4dcbb7f6fd0bebe0ca4d71cff8219449083
+** GENERATE (SECOND CALL):
+	V = 73d3fd0310f076b23da0dfa20fd10efc2ae9ae0d9ba7a1bce42ea415802fadb8c3abfd90c09e699b92db589ce06bcd288136d85ec86ccd
+	C = 2079b62ca4a9396395b27b496fd7bb6bea04662f15423393a55a872fc14d6e3b41dd324986289e21297ac4524c20a1ab9ffc6a8d4c5b0a
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 465e86f76d7568e2d4b9d4b716554c67b26df868be7e9f95
+Nonce = 2f79d508c430986b01b1a08f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 99f2ba13928d21821d467ef5ffa812832ae82df5c496474a96eb406faa8e670f6cb1adda42176b28dbdf0e4b2a0444d6c7fb58c5c6d50d
+	C = 810fb8845b9d8119d1d7bd6dc0668997fe2f504431c0a6d78fd5afd533268bd1f21222d28bf43fa493c90999d9e769eda9f388bc375f5b
+	reseed counter = 1
+EntropyInputReseed = 662bb0d8f1040fdde39ff7cdf817da9658425c2b1920f556
+AdditionalInputReseed = 1f13aa4d219b6a767e7ed0242e66368221203ed20bcee6e1
+** RESEED:
+	V = d9a9ab6c1a4656a9ba5b802d91553e4c0318807673c195611b068a72946a8c9ba07883a14802e11e1a138888946597a6c5e6d6758364a6
+	C = edabe4765c06d1dda4b5342d498a911b3d34717e3fdc95599f1729a801135fdf1e6f293c8f087d7eb0d54285d8c29bbc0b6a135c42936f
+	reseed counter = 1
+AdditionalInput = cfa8cbed9487c1ae8b813a8e8c99086773bac8704dc77b71
+** GENERATE (FIRST CALL):
+	V = c7558fe2764d28875f10b45adadfcf67404cf1f4b39e2ababa1db4ed8ba76988e6720d580dbf5c8674d3c206e3e6e8552de8dcfa80c85f
+	C = edabe4765c06d1dda4b5342d498a911b3d34717e3fdc95599f1729a801135fdf1e6f293c8f087d7eb0d54285d8c29bbc0b6a135c42936f
+	reseed counter = 2
+AdditionalInput = e18c9cb0d87006af1453e0baeb22e37210cb9743a209b326
+ReturnedBits = 0b44c3feca5f48d515a43bf2d05dce8e155ed5b99c082744e7c529c98d09991f07200bec149affe6c989cc38f268abbf4722bb3a41b25bc4aa1be8afbac4dda3d9696ddfcc539a03d1042002743722efcc07a7899922da61cc621ae91940c49b58bf436ffb7ebcd92d0d681ea10aa41b
+** GENERATE (SECOND CALL):
+	V = b5017458d253fa6503c5e888246a60827d816372f37ac0145934e00c05d1f573a6c827613592abf8e44f77afb25c759640f7f87ccf8e79
+	C = edabe4765c06d1dda4b5342d498a911b3d34717e3fdc95599f1729a801135fdf1e6f293c8f087d7eb0d54285d8c29bbc0b6a135c42936f
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 246dcaf0c46e05f7578c14cf46882412887399e6002e83ec
+Nonce = e73577d09cbb867b68b2de90
+PersonalizationString = 
+** INSTANTIATE:
+	V = ae68774a3c268f83e3ddd229727a949689cc9bfa5b130db297631ae19570281627d97f7e7d956e9b4e783213b593500be1084efbfd7335
+	C = 9cfcd26abdb7effec1bc4eb52cd6425abf946784942238968848f398903ae8d5d91d5eb1131e3e23926d98374ee6a919a642cf53474527
+	reseed counter = 1
+EntropyInputReseed = 8b2001872e9b14e2d1c2f8cbcbe106365d719e575b8fa6ff
+AdditionalInputReseed = 0659e58e7a62fbddb5cfeddd2d11071c4845b73c110426dc
+** RESEED:
+	V = b990d5a3ae99c6b3566e8175db0263fd859f1d6875a3d231ca9410e36d4bdccbf99211a64c007ba5ca78ac2dca89a06c815123837c56b0
+	C = bfd58fa8f8a90d68597e86a19d286c002f648bf1947ca1d6f600e7a595f0b07b8f35f86bd57c27415cda1bf1eb32b1e3b6849b7aa1b5d5
+	reseed counter = 1
+AdditionalInput = b64b1053681055055c6b01055d4290b105c9d368cb546eb0
+** GENERATE (FIRST CALL):
+	V = 7966654ca742d41bafed0817782acffdb503a95a0a207408c094f9cf7b88de1475d152ecbd03c22d09932196741bf50383b54b0374b604
+	C = bfd58fa8f8a90d68597e86a19d286c002f648bf1947ca1d6f600e7a595f0b07b8f35f86bd57c27415cda1bf1eb32b1e3b6849b7aa1b5d5
+	reseed counter = 2
+AdditionalInput = cb18271a562d3ff7c26182cbe3d7a2440fcd0db58e4514e8
+ReturnedBits = 0ab1c7cada2c8c3bc335843000084d3b24a6eb4cc5dfa930f25b89e163e9c68fab1c0f0e78d235e940174bc0bda3362f5d55fd1709f19928602cf3fcc1eeb8485200aebd0a91ebb889d78fc94fd1bca4bec405f8e226a05517f83e7023774faaf8057c216a8f37c7a4bf91faa1478cf4
+** GENERATE (SECOND CALL):
+	V = 393bf4f59febe184096b8eb915533bfde468354b9e9d15dfb695e1f34256e411b1cf6bb6dc92d1ead09e2f22d9b8e720da6e1f8b6b5060
+	C = bfd58fa8f8a90d68597e86a19d286c002f648bf1947ca1d6f600e7a595f0b07b8f35f86bd57c27415cda1bf1eb32b1e3b6849b7aa1b5d5
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 553d744c4329a04c6e1f8833d1074146cfcb212cc08fb1ef
+Nonce = e8f5c5514039ba4d25cda95d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8ff735a6eff963612da500ad5bca3fa1b1cd16824f282035470be81c9a9bc81bd37a1dbc7e7643dbffb3f9e032b35adf72ccec7052d06b
+	C = 554fc6ac182dbdb7d00e123809da532eaf13a53be2b35ac72278ae741e47054c59c2ceeaca404e9c9b49e59c7d641447817f8504293ebf
+	reseed counter = 1
+EntropyInputReseed = 36bec82b2944bce668441802015e1fe14a2bf91356cac52e
+AdditionalInputReseed = b5eb000f1dfab7d002d31b4638ee86e1fe0c5c8d96e16473
+** RESEED:
+	V = 61808f7098789ae854f82f93f14b790a04b1e22e6ebf7b9797745629b627708ae95361eeff1da10f32f1d98042d3f1bf084dd4b7c8f7e7
+	C = 6d8647dea69a54f7ba97c9282dfeb1915fba5fa68e0f04292c1c3a9ab580e1072cec3ae7c36c5a6c9e813cf38bc2d90e558715377647f4
+	reseed counter = 1
+AdditionalInput = 1ad6ffcdbe5b496c1dfc93c931427ce20c47615c243c0252
+** GENERATE (FIRST CALL):
+	V = cf06d74f3f12efe00f8ff8bc1f4a2a9b646c41d4fcce7fc0c390913499a84e11b1f5fcb86770976030674b4e55f8598af9fdbf5364f9cf
+	C = 6d8647dea69a54f7ba97c9282dfeb1915fba5fa68e0f04292c1c3a9ab580e1072cec3ae7c36c5a6c9e813cf38bc2d90e558715377647f4
+	reseed counter = 2
+AdditionalInput = 65946a1a8d37ee67e14522d866e511948a44cced77ed934e
+ReturnedBits = c1ca38b337f14aaceec18a7bbf21daf3efb4242b57b6ea6dd16f995c22a3a831b57d438968b1de612fcd1aabb90cfa26345068d90a186d5b6083d8771ff0e199daf715f409159a5794f2c1e6a05ee9c31b24491e60c21457759599cac4e56feebf40cb090fa9f4ccd59260256a492c1f
+** GENERATE (SECOND CALL):
+	V = 3c8d1f2de5ad44d7ca27c1e44d48dc2cc426a17b8add83e9efaccd3c1899ba731f62113b605a16c42e824bd7dea25040bc903b1e36d98c
+	C = 6d8647dea69a54f7ba97c9282dfeb1915fba5fa68e0f04292c1c3a9ab580e1072cec3ae7c36c5a6c9e813cf38bc2d90e558715377647f4
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 897efb68080f2ce465ae08e19f4b3947d761b8b77a5a291f
+Nonce = 8c7d40e98310a16f394dbdf2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8334b2df69813df679200b6e0254361e783ada7348e2d1bb71be924df7761f882c084a38ab874bb571716c4df7dd7e7a2a794205cd0d7b
+	C = 22155095b6ee063e9c277332af126983a39e53c5997ec3d8ff909243e5fd09d752abe096ed23db06714d87c8cf5b1f7664c1c2c8871353
+	reseed counter = 1
+EntropyInputReseed = 66fc2876f8c3558ec8b98d266f272f5440d2866222d1a6ed
+AdditionalInputReseed = 277597e6a468d0422dfb712cf7d0d8b095b033a62130d41c
+** RESEED:
+	V = ced12ca5ac69e0e0dec00ab0fdafde21c1d6294e83fa1223c7c04906a95d2ce434a799208373d09937a7a53578bd5062ad3f5dec45b94c
+	C = c40b04b8c1ee1831bd7780e7965e1f0294842406e72d9510f5dab7766fb6a467ab8821cf1f1ed986fa1d5e867b32899c7f068d59cacba1
+	reseed counter = 1
+AdditionalInput = 0fd0d3454288c3b520b932cbd692595c29c119a9d1895375
+** GENERATE (FIRST CALL):
+	V = 92dc315e6e57f9129c378b98940dfd24565a4d556b27a734bd9b01dd3e08f67ef8a1e9d7a0cebb0e523b1acd2701125d4573d49e558aab
+	C = c40b04b8c1ee1831bd7780e7965e1f0294842406e72d9510f5dab7766fb6a467ab8821cf1f1ed986fa1d5e867b32899c7f068d59cacba1
+	reseed counter = 2
+AdditionalInput = c5427b9eba81b269e4507a9918b66d1bf9f4108447c49a5f
+ReturnedBits = 6fc92c5790ecd366131ddf27a152a33371061da6c8e430fa17d94b9a332d69df8369aca30a4f98306c86baae69629bbc2e48ac2a69b91f1114be08ade586a6e60052eb751a405862de5c6435b4717f69dbdea37638c07524923ddcaf42d1968e8ecb5cb50523469b7635d0b98f6ef3f8
+** GENERATE (SECOND CALL):
+	V = 56e736173046114459af0c802a6c1c26eade715c52553c45b375b9671514f39931a2e2b6594cc232006f65b688059326cb32efebf4fa17
+	C = c40b04b8c1ee1831bd7780e7965e1f0294842406e72d9510f5dab7766fb6a467ab8821cf1f1ed986fa1d5e867b32899c7f068d59cacba1
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = c9f2e09ee494acf8d426c5abc979b1ae01827270ebb76ecb
+Nonce = fd264f5a699b9631e513416c
+PersonalizationString = 
+** INSTANTIATE:
+	V = b688f72eb4ab86a55bc396ef6d087b4946d374a3c1f86b6811d06581540f5501eb81901eaba364489a21a264a8c781384421795fe7590c
+	C = 3daaa2c1dc89ff02dbb8f2e81b900c1738e9a691dbc71beb10051a2100bedd969ca9463aec535f01343a6dde2e0fe0c1eeea83f44b1dc3
+	reseed counter = 1
+EntropyInputReseed = 3ec7d820cc91178a4720df599fc5c14c85d2bb156c5fae1d
+AdditionalInputReseed = 47674f6508e5e66ada6ab404e77476d026e2b4948a7b4076
+** RESEED:
+	V = 8ceec93674942cf15ff40df693842090ba2449e6e6b993973c94defea7851c78da13d991f2a7f588a6a0424ee8f5e9c4153cb3dd929a65
+	C = 401ae2680d831ac06cbd1f3970605acb8368436fc062f0659a726970567375d49486d1d5f4c90a87ea7804b0e7fff1ad21f1f109d079ff
+	reseed counter = 1
+AdditionalInput = 351899c573c494f97f060abdabb840f7afce818b2461dc12
+** GENERATE (FIRST CALL):
+	V = cd09ab9e821747b1ccb12d3003e47b5c3d8c8d56a71c83fcd7074978f1bd24bc1a8f427f45ae583e44de42249f5d8ffe116c0610db84db
+	C = 401ae2680d831ac06cbd1f3970605acb8368436fc062f0659a726970567375d49486d1d5f4c90a87ea7804b0e7fff1ad21f1f109d079ff
+	reseed counter = 2
+AdditionalInput = aa8c50cb41b3fd625367e6c31b91e422ce56e87ee8b51b2d
+ReturnedBits = cbcd9b83504d459d28536f630cdc8c13de029539d372868df48e8999e28b4e3d918f4d2073d40414b577c7517dc05d519e39837531afe8b509bcc7ea05af8cd95b6bec4a86e74ede455045f196708aa3a0ca885838d14587ab3a53a759f6d584a3b1cc77bc75c6b308d8d739475ccedc
+** GENERATE (SECOND CALL):
+	V = 0d248e068f9a6272396e4c697444d627c0f4d0c6677f74627179b37dda246839851e84962eb8f95ad0200e6f958fd6b1c41b2ca308182e
+	C = 401ae2680d831ac06cbd1f3970605acb8368436fc062f0659a726970567375d49486d1d5f4c90a87ea7804b0e7fff1ad21f1f109d079ff
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = d86598676e66b75d0058fbf6ca79d68b1446532beae7df8b
+Nonce = b0c2dc48c592738255b24869
+PersonalizationString = 
+** INSTANTIATE:
+	V = 08aef7c8ff43e0cb13e90797b45e13f8e24392f0e0ec43c6497a0618be9504f51303655df3b4daadc02326888dcd3649ac2c35815174cd
+	C = 335dfe2c6e93b963cd3ea4240cd61e58127c7762211aaa3558974d567ae1461b165db53a98f527c41d4d5223107cb57c67477a15383f95
+	reseed counter = 1
+EntropyInputReseed = ec63fed0de3f9b9319797f9748fe987294032f90d55cc513
+AdditionalInputReseed = 7853c789f2eb81eff58940a6ad3d0d05c146a85453dd2cc4
+** RESEED:
+	V = 463842228743b913c124bf1b08cde2d511a414dc484db82f7859afc436981da09eb8ed040aa177e7f0f9289585ebde92080cb0cf1132e9
+	C = 67ed2a61db6cdd21481beaff85efb2b2d04401e1c0905e81740755b3f71ff67284c4ec3dc2934c4727113c79a14ccd9343bd8583a2dfc4
+	reseed counter = 1
+AdditionalInput = cca77ca08f756dfa91d7b0d83b2d1155031a58dec52c7a7c
+** GENERATE (FIRST CALL):
+	V = ae256c8462b096350940aa1a8ebd9587e1e816be08de16b0ec6106da998d17faa1bfd200d32c7875893980bc815bf759aad07f951de60c
+	C = 67ed2a61db6cdd21481beaff85efb2b2d04401e1c0905e81740755b3f71ff67284c4ec3dc2934c4727113c79a14ccd9343bd8583a2dfc4
+	reseed counter = 2
+AdditionalInput = 32b130f5b098746b05e65f4f93dcf518ffb044f3d56ee091
+ReturnedBits = 9a9ad7e3fbb2a12051e06f9373543a2259ca55ac75c37830f4277eb157b203ed8f7874bfdc0916a0b55aa3e4cd37db521c8e7fadcb105612bc62ecddf3dbaac21685cb31cdd2b72395769c668660a7d72e603e6e436dccfaaa2fbacd89466131baf29a45d86e2730c1185c9f1dc9464a
+** GENERATE (SECOND CALL):
+	V = 161296e63e1d7356515c951a14ad483ab22c189fc96e753260685dd5220640466eefe1f84e790afbd4d707aeb592606f602d06d4947b7f
+	C = 67ed2a61db6cdd21481beaff85efb2b2d04401e1c0905e81740755b3f71ff67284c4ec3dc2934c4727113c79a14ccd9343bd8583a2dfc4
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 9a343285be5e248a07342395636b84cfebc8aa15ef4400b9
+Nonce = 7e367fc9954622581bf0d616
+PersonalizationString = 1f079d03cc6ef78d80d76093385be4a03635d4dd5a9642b5
+** INSTANTIATE:
+	V = b46cac7834e56aa53c73e48be9be2537c9cf92ec05cb2db7744f135574254acfd2f6fb4fb4bfaf88255fe45aaa43d129487257727f9e02
+	C = 8feed7cb57c52413af8852e8d8f62ba5e2451dadb183cbd34404115d6a51092f63b17f4f44bdd34f79f341acb969fd8330ae5a1b5b61f0
+	reseed counter = 1
+EntropyInputReseed = 73b459167dc63b9794f7bd4becde4e8bc6d85ee5c32721fc
+AdditionalInputReseed = 
+** RESEED:
+	V = 7e55823e0502ca6fb89e7c475af7118f802551e040b5299c25a901fe5f973d5f2969199bff7fe8e7908b7ccf1f7a04c1ed93e29f771203
+	C = 25c4b541a1a9bff1dcce54846f002e4d41994698c4f9ec0bdbd3f60ce3440a654fe1039b7b5a4264e0f68533ec1237f6597edba7dd9920
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a41a377fa6ac8a61956cd0cbc9f73fdcc1be987905af15a8017cf8f9ef41c498fbac360c60b18ecbbeb31095a0d45e85c88379f1a7c456
+	C = 25c4b541a1a9bff1dcce54846f002e4d41994698c4f9ec0bdbd3f60ce3440a654fe1039b7b5a4264e0f68533ec1237f6597edba7dd9920
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 22218fed5dda0ed24241791d46d795d28de0b326f540e511def83019ce215ddf651bb9a475a34da5ea8de8658f0927dfbe1c12d6d76afa80c4b3579c1ac7c0879058447a8d5d413b79af7ece8622c7193364e66a0c4a4460f63b5c4df16847043e90f0feab732553ebddddbe40b3ccd4
+** GENERATE (SECOND CALL):
+	V = c9deecc148564a53723b255038f76e2a0357df11caa901b3dd50ef59cc718aec2defc353b7c768dd420a87f6d614a67bdf1be919e32b1a
+	C = 25c4b541a1a9bff1dcce54846f002e4d41994698c4f9ec0bdbd3f60ce3440a654fe1039b7b5a4264e0f68533ec1237f6597edba7dd9920
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 0020657cea8f3a15fc370a06edd994c43ca3fdcaa81de7d8
+Nonce = 780fbf7deb157c468beab213
+PersonalizationString = 7902c5ccc94ead533c973e232803a0d1c2f2c4d6e52b0da2
+** INSTANTIATE:
+	V = 64b9fa88822d9c0fb70a610353fdb323b8abfa468424a1c7b03ab6e53e77b39dab6cccc6e29049e8a9c5f9dc944a83d6c5b367fa7da63e
+	C = 5979da73d3b2f0c874cec4394e3b54811cbf4fe71e1564b33ffce721f7ca317ab7ccd7b6d558288d1154e751ba72d9b61d0a0daf35f56d
+	reseed counter = 1
+EntropyInputReseed = 74855868baa03c1b0ebc3fed8f1dd6405ab93e3781370de9
+AdditionalInputReseed = 
+** RESEED:
+	V = 0128f96cc883be66f7cf59fa6ec280cd3c246dbe6b4c7142316669d19d61ed95489f548e9e225abb9332ff393807c9602dd18a41624ec2
+	C = 2fa02af8b347d7acc69a681eeae83bbeffd0461df55a66048d9ee91bd3261435feacc1140bdc8208ff2bcf532fcf4e5099e1c5893d1508
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 30c924657bcb9613be69c21959aabc8c3bf4b3dc60a6d746bf055335e681c08208590ec2f82d5361d1b47010669ec3893e5c128e22a8fa
+	C = 2fa02af8b347d7acc69a681eeae83bbeffd0461df55a66048d9ee91bd3261435feacc1140bdc8208ff2bcf532fcf4e5099e1c5893d1508
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 10c66f8d64b13e71ccfc72855688e467e046eea11e9686bbea0e84b69885ff45acffb0941d097ddee466fafee98c214da885c3e472abdefd6cede9395c53445831836adaa224a893e86afbcf8f2bdbf138d5a53e90e0bf3934d9b0798d2f53aea67051d971c198155ed9486c75d9e6b7
+** GENERATE (SECOND CALL):
+	V = 60694f5e2f136dc085042a384492f84b3bc4f9fa56013d4b4ca43c55703f7457d1258cdaf5de4d100efe79c29f5ff24033e3e19d2af0ae
+	C = 2fa02af8b347d7acc69a681eeae83bbeffd0461df55a66048d9ee91bd3261435feacc1140bdc8208ff2bcf532fcf4e5099e1c5893d1508
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = c58e2867f5932493b5ddcc8a986ce6775cd42aad678af932
+Nonce = 063ff398a15e8a1438acdfca
+PersonalizationString = 08aafa8cbf0b4aa982e14da67f4c0f45d67c9777ba46bae3
+** INSTANTIATE:
+	V = a3b8b8e6ab0ada9df0313da0f434d5c7ae0833f22055eeb4f4c28dc7802ee0d113b0ac932833b34792151be6724cc89bfd313fa76fe679
+	C = 97990654c067332626d937dfa3fda0f3a5ca274c57f970fede7943f52c38e7651a533676e24ec3ce5a0e0361009210d2e154fa4554760f
+	reseed counter = 1
+EntropyInputReseed = 15300486a484a206d9a5e7e3af096b738280e627c521a876
+AdditionalInputReseed = 
+** RESEED:
+	V = f374af5ed3edb2c264551508f2c530d0686defd95ca76ec90453396247cd2e57b72c33646d6e67e52cab9322dee8641d1a5a3af73ffb61
+	C = beb8053ac0cb50461b1d99fee57ef5580234197497e7d919a93c8c94f2f192f716e089eb757a23bfa7105074815beb4752b257fe7769b7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b22cb49994b903087f72af07d84426286aa2094df48f47e2ad8fc64695b504ccd4558b29e082003f9e93ae7582e42ae83c0c7cba3de4d1
+	C = beb8053ac0cb50461b1d99fee57ef5580234197497e7d919a93c8c94f2f192f716e089eb757a23bfa7105074815beb4752b257fe7769b7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 789a868c2fe4e9f900a3d7e6066c54cff138c039161ebcfb1a8db33c60927aa31522759ca1a986744efe2bed05dffc06fd1a666b9cd1b53b5f97f02e2f5a6d294c79a68fb846ab3fc991c1c28d3841186308a7d423c9319feadc0b8d9168978fc6b60e26221248677ab5a7edb90073a1
+** GENERATE (SECOND CALL):
+	V = 70e4b9d45584534e9a904906bdc31b806cd622c28c7720fc56cc539910fd8569ffb989fa42443445943b4813a3879891b53a885253c433
+	C = beb8053ac0cb50461b1d99fee57ef5580234197497e7d919a93c8c94f2f192f716e089eb757a23bfa7105074815beb4752b257fe7769b7
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 05224b0075a49e5a4c0e1f262d53d1fc3e4f6d0f764823f8
+Nonce = 5d8156701e97b9ff6358a762
+PersonalizationString = 1d1b5e09cb438652212d7dd89075b55a3f8cc7fc36e2ad68
+** INSTANTIATE:
+	V = 33f94dd153f976c8cde3a346e27d6a7578625820a0425c19b40eb1049658fd40ab3a150817132bc73a1c097420618492655785ffdade81
+	C = 67451f9005ca4f8b98928aa852a737f03015caee9fa3bf7aa782a1b48face8cfbc7058e44af1bc0341c2df177af8413b564c7caeb9ec81
+	reseed counter = 1
+EntropyInputReseed = dca4f30651b71ff44100a5a4bf52c7c174066eb667780928
+AdditionalInputReseed = 
+** RESEED:
+	V = a8ca2da0c7b4c6051cb308ecc1c12e4f95b853889ec5c037e2ef74bf96763baac2011dd8dce67f17c514d67d503aee07b3572af35473a8
+	C = cd30f04163d107e2403690b27d5b0f75fa6f5697e1cc0ca32c50223df4e984a1099d9a5fa3062d814bda2955865eee1fab18543326d3c5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 75fb1de22b85cde75ce9999f3f1c3dc59027aa208091ccdb0f3f9776bdd359557cacb6c9475838291fa351941e651030726a80e058788d
+	C = cd30f04163d107e2403690b27d5b0f75fa6f5697e1cc0ca32c50223df4e984a1099d9a5fa3062d814bda2955865eee1fab18543326d3c5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 660f3393264e8fef7c8deb7ff9d8a3f2dc474ea79689baebd4dd8eaf50623dbcc6897c40c9e98d184002587b4ef4532dc1f7bb02a74d4a5e76c393617f1a7b8ff60e9749be2228c88befd14784258302d4011d36609e2c169efb3cd67e104a2855d8bb4d41af69df516288fd5e525676
+** GENERATE (SECOND CALL):
+	V = 432c0e238f56d5c99d202a51bc774d3b8a9700b8625dd97e3b8fba98f0eb03a75367e956d02dd15eb332374eb9678c993de76b166ad05a
+	C = cd30f04163d107e2403690b27d5b0f75fa6f5697e1cc0ca32c50223df4e984a1099d9a5fa3062d814bda2955865eee1fab18543326d3c5
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = a05748a02a42186cd8ba00340d4147bbd2d6a10ae03202f3
+Nonce = b6b601b532d93ca89c0ab062
+PersonalizationString = 59a25b2b8d0b0f0a57df614e588daa5d06ae7d78199b0cdc
+** INSTANTIATE:
+	V = d184ed3b47022f8f9efccfb10cca881deeca29c6698d42d80b014542ff21e4aba4e6e949beb717323ce98caa2bb4245a1f463e94781aef
+	C = 216fb53d915f92ae591a4435f2033a40a501fbab3d18280dd65c966fe5b8bed03bd3119533a19a83021b520ff34781d04336dc4c350a3d
+	reseed counter = 1
+EntropyInputReseed = 2a1da97272b7213d44e436e799a09797b199627e1c23427a
+AdditionalInputReseed = 
+** RESEED:
+	V = 6e2e0db4307496a8e66f03664b0a09337031e53f8a497cfcd8085c2a03e4f8853c12944c4d11f09e119567399f4140624b79969e1041d3
+	C = f7dc70368777cfe2b45b61508f304d3663f93607550fb76ebeed7d0bb3256afc423f9299092a4681388c21a072bd932d152d857ec9337d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 660a7deab7ec668b9aca64b6da3a5669d42b1b46df59346b96f5d9fe80f37b8819bf10ab57fc585a6200b57887d5688cee55665daa00ce
+	C = f7dc70368777cfe2b45b61508f304d3663f93607550fb76ebeed7d0bb3256afc423f9299092a4681388c21a072bd932d152d857ec9337d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a6733ea39471122c6b7055930ef808462c671b75c2ae4aedf60842d06eeaeb9ccae30904406662e0aad0c3c64eb2a5dcc832147faeb649bfd7aa9fada1eea720a67576adce7c30ee4937c95260bcbbd93138b37bb7cfc1df151d9c6421d7ea908ce75f06bfb8d52b2a52f2bb7a323cf5
+** GENERATE (SECOND CALL):
+	V = 5de6ee213f64366e4f25c607696aa3a03824514e3468ebda55e3578d053b333cc616dabee298e802927eac7a690a6cabd71c25df8de27e
+	C = f7dc70368777cfe2b45b61508f304d3663f93607550fb76ebeed7d0bb3256afc423f9299092a4681388c21a072bd932d152d857ec9337d
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = b56645bbf976da3e20b212bc3a8ab7ae6ae307b7a5d21897
+Nonce = b82fa35d93d1990b446de8cd
+PersonalizationString = a64819086a878194570a4d99c10ad63f03ba80075e2bcbc1
+** INSTANTIATE:
+	V = 5b455ae019632b76614c14db9ffcfe28393de068ee504c3af5a6df18dff8f7460300cd09e6940aa093176af7430711af03b74aea1e5d90
+	C = 0a6b7760adb5c4a8d23c08f20a014b927179d5f5b64edfe21efcf1a9ad03b90942b989bc1c1752bb1975b0fc93c45a605a549cafb08db0
+	reseed counter = 1
+EntropyInputReseed = 2a4ff36a22b347573edbcbbf3789347c8eefb96a6e359efc
+AdditionalInputReseed = 
+** RESEED:
+	V = 2c68b0d189e7a5733f15bcc3e628452beabd292ea303110f01285b7d4c54ab03697ed0e9f31a158ad37f09cc8215fda3edbf34a88105d0
+	C = 1010ee8ed006d90f4159d8fa96ef4ee7f1083d4d5407ced859a753e2a9e45773edad7881dc13b484460df82cfed4f89714be4c42cc6f41
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3c799f6059ee7e82806f95be7d179413dbc5667bf70adfe75acfaf7f345574ae335b7d537241f9a35d42da472c8ccb946f5ac7734e5b70
+	C = 1010ee8ed006d90f4159d8fa96ef4ee7f1083d4d5407ced859a753e2a9e45773edad7881dc13b484460df82cfed4f89714be4c42cc6f41
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2515b11ac80783a76d09c9c17248d159f4ce79d6eeb20f6929d85f0c4e9adad157a8970cb224538f22d04ade508a64a28b0d34686171adf3a8dbe6d23e6d484f8299e90d9f97bf905efad537d52f90c40dc83220f89c781ec5c7bfd1641d9d37badf56104073f91621cc331fccf30b12
+** GENERATE (SECOND CALL):
+	V = 4c8a8def29f55791c1c96eb91406e2fbcccda3c94b12aebfb477045b597d7be24340d6e18bfb20e267c7ce700b30d77869371cbdb65a0b
+	C = 1010ee8ed006d90f4159d8fa96ef4ee7f1083d4d5407ced859a753e2a9e45773edad7881dc13b484460df82cfed4f89714be4c42cc6f41
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 7fdbd8b6c2f84824f891080df8a870bcf120b6e0d25fe0e3
+Nonce = 7b158a65abaf0a2fc9853485
+PersonalizationString = 475d43b509340aaf00709a154ee39c265d46b45c95c60401
+** INSTANTIATE:
+	V = 2b172c85a652b9c3a482372389b347caded9d0d1b16410849cadfb541476cabcb94eaeaf75b99f606cb7b18ad6f66b8965b6aa8875627b
+	C = 6cecca1b0142a62ee056e9025d5999f11f3df81cdc180118d1728d2b0a42ad0dfb677807dbd1fcbcd8a8039cb4edb33a6ab506dc9d5a67
+	reseed counter = 1
+EntropyInputReseed = 009782c2f729e86a945ad3e6f922be416c9bed0f5de17583
+AdditionalInputReseed = 
+** RESEED:
+	V = 4b710c24413983885813db8f91692f58085d1ea3566931ce29ec002d9c79bacd9c392bfabc71ae216afa5bb97fa12425e6520422a69c19
+	C = ce27951c2029ab4c22a47b31f13277432a97f41786e353f7ca15a1320fd4dabc4c0434c9155267d9b9ef6d5bf317c0d80b6307afa06c75
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1998a14061632ed47ab856c1829ba69b32f512badd4c85c5f401a170a10bb3efcab290c59e8c6fd6549012ac6d37e321c6cf62b9e364a4
+	C = ce27951c2029ab4c22a47b31f13277432a97f41786e353f7ca15a1320fd4dabc4c0434c9155267d9b9ef6d5bf317c0d80b6307afa06c75
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d8730a2140d65653982b042af3b27b8265fc72aaa90df8550de72645bffbe24266ec550f9c97fa5be93493ad7b0f2c760b34b1f81db22d89d711c8e319193e45b725ce76e6aa93a6ccc044ce3031fb6ae29f587119502a6327e9dad15923c4c213464c2cdd1c670c021640e361e8fcf6
+** GENERATE (SECOND CALL):
+	V = e7c0365c818cda209d5cd1f373ce1dde5d8d06d2642fd9bdbe1742affb0b397c9a669d1482cb618b64c50baaed0e30ff2817df2d723533
+	C = ce27951c2029ab4c22a47b31f13277432a97f41786e353f7ca15a1320fd4dabc4c0434c9155267d9b9ef6d5bf317c0d80b6307afa06c75
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 7c286fd3a98b53b0a14246547063e49110c831e34edad581
+Nonce = d96f6148d8ad43bddb17a96d
+PersonalizationString = 4547b7fbeacc896cba5a577a9bef55423c15f29f94c33a35
+** INSTANTIATE:
+	V = d9ea5288e132cfebd9413e7c2eaa78f8bb96ceb4d3d53c4ff02789d020b9b3aa4495cbf95f8ea175af6777617ea1e794d1b028ebd9fbea
+	C = cfc29caf96670e390a380c27588f6b246fa98d0ae0b58589483caf7e85da9aba7644959ac13245966199663430e2bd147d3c4dc7dcafca
+	reseed counter = 1
+EntropyInputReseed = 810598fcaf7b5b3bc093ffe02844b945ac48c1e17cf439ab
+AdditionalInputReseed = 
+** RESEED:
+	V = d031cf5a28179f0526ac939ba514606ef2c8cda4642f7c73bcbfd0665665b108c940a5099e994fde0a7657f7a38ea81bd09ed541c400f1
+	C = dd1b9fde473776dae0bbf06334ed65d1a124ed86ea7f18adeef2db62dca2218397b6a17e8d72b6eb2c6b27ae5cd47f97107b33d8765f2d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ad4d6f386f4f15e0076883feda01c64093edbb2b4eae9521abb2ac792dacd591dac84158e419118158a68c89e4e24b27ef65705bdc56af
+	C = dd1b9fde473776dae0bbf06334ed65d1a124ed86ea7f18adeef2db62dca2218397b6a17e8d72b6eb2c6b27ae5cd47f97107b33d8765f2d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = de13b9ebdef9717e4fa8b3d7fe09f25f8cc8369500f3f6ddf772886a841802953ad8cb71c2e90583c07ef3006dbf00c62b61648865dcfea70b931a0f5097e35a3c7639d826a5d426485496e20831fac4622844968161bdde8256c77ee8b175d243b24b853cf8cc9b6da59c9732970f7c
+** GENERATE (SECOND CALL):
+	V = 8a690f16b6868cbae82474620eef2c123512a8b2392dadcf9aa58874cfe092435124957ec23da44fd280ffd787ad98024d950bd94d89a8
+	C = dd1b9fde473776dae0bbf06334ed65d1a124ed86ea7f18adeef2db62dca2218397b6a17e8d72b6eb2c6b27ae5cd47f97107b33d8765f2d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = a44bb10e0455c5cddef4ff7b4dfe1e945ec395f1fc47a93f
+Nonce = 0fd9989e6557d59c4e88ba31
+PersonalizationString = a7f334e751aa6cdfdbc983556b236fa57be411d2c15f9fbf
+** INSTANTIATE:
+	V = c1582b862801f008bc987e86eaa6e0dfe001ae98957279b87a3c333385fd0312e57a42fe500b374c57be11762c300753e282f4edbf3838
+	C = 73247a2539b805f6db69147172f4266c9b2c5f55131470ed94aaae169d442d74087292efec7d29e76b00fcec23879e752d5f646f7af5c5
+	reseed counter = 1
+EntropyInputReseed = 10014b90867146a1b4634f5421981b2cc6f8caac5fff8c1e
+AdditionalInputReseed = 
+** RESEED:
+	V = f2c7cbd0d53571f223cc720d6f9bc1c8163bb2a0fb995037db82579fcfd11919f7de57af7cf074c9930ed1b9e29feab2927561f3aa70e8
+	C = 310d068361d05a1a8cd589e8f1e5ddffddb85fabb7ac511f258c437eda442605abf009077dcb2b5564ea405b168f3b250d2cf915451ab3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 23d4d2543705cc0cb0a1fbf661819fc7f3f4124cb345a157010e9c10c75310f5a80be0db57cb8b08f3f2943397fe651b399a4111e4b729
+	C = 310d068361d05a1a8cd589e8f1e5ddffddb85fabb7ac511f258c437eda442605abf009077dcb2b5564ea405b168f3b250d2cf915451ab3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ef0e7ebfd41bac0760a808e7b64cff734fb4385f713b5f62cca129494c251609edc7d83ca3343ea297c677d86d248fb4e572a1bfbacfe6e346724a782287920545e12780868619023a4fd43f22cfa45d072bc261009b48a9df0b2e1a38dc4ad83f686df120ea0f4c411e5c569d59e7a5
+** GENERATE (SECOND CALL):
+	V = 54e1d8d798d626273d7785df53677dc7d1ac71f86af1f276269adfdbc419a0e2d7b6934255e4eb085a6ec8358a88b0f8ffcbb08136cd41
+	C = 310d068361d05a1a8cd589e8f1e5ddffddb85fabb7ac511f258c437eda442605abf009077dcb2b5564ea405b168f3b250d2cf915451ab3
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 84113c30ae7c2dcaccc0fe1df9ae23fc29bf34d1923e3db3
+Nonce = 2c857fca5f83e7e4806e4c7e
+PersonalizationString = 6470b744dbf7ca4def84039e779302a18f75df4cd01b25c4
+** INSTANTIATE:
+	V = 4895f429b5a243c18347a312dca6157c9b7502699073718fa0346ffdccea2c3bf41d22e4d8c2577545740f3dbb129db1ea917c47fc79e3
+	C = 167d3716d8de027ea39fd933615d3b3817110c1223972333966ebf3ca1783a5e6d109a29a29fed3c173db5481709e3e1c1b44c5b528855
+	reseed counter = 1
+EntropyInputReseed = 7bba9cc9bd5c5c107642a8adbae61f0c74910a970df776b7
+AdditionalInputReseed = 
+** RESEED:
+	V = 7b7d4efc9a5fcf2e4455e75f3aa9f37d8b6380c7b6e50c7ab726decf6d11548401f2442fe18316532773d132a661fc0b39283ef0cd4e2f
+	C = 57722016d168bc1c8e32400e40f8f6ab5c522b20bff18d2b05b2590aad8e109630c171624ba1215e0d0f040195c3edad47409fe1b063fe
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d2ef6f136bc88b4ad288276d7ba2ea28e7b5abe876d699a5bcd93818265f0a83503c04bf5835775416de63fb65d9d887b8b9aa90ce6944
+	C = 57722016d168bc1c8e32400e40f8f6ab5c522b20bff18d2b05b2590aad8e109630c171624ba1215e0d0f040195c3edad47409fe1b063fe
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bc868eac6d2608bb445d01f6af1c4089ca216bbad2ff111d4a56c4a9954e1e8b9cf76352fd88a40f0333d2cf8266b2ab037c82f9a7ca2319b919955e15753ba49c6dd19fc4693207d1d87d6c4074498b7be10acf0c7fac9b0099a268c4aeabcc504c8c5d75d9163f1e29ec5662c39936
+** GENERATE (SECOND CALL):
+	V = 2a618f2a3d31476760ba677bbc9be0d44407d70936c826d0c28b916cb0a0707331066dc6c0880fef42bcc8c188f809f8361d40ddf36fe3
+	C = 57722016d168bc1c8e32400e40f8f6ab5c522b20bff18d2b05b2590aad8e109630c171624ba1215e0d0f040195c3edad47409fe1b063fe
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = c18af724c195d19ecde415923ec543e2d3f71891497f351f
+Nonce = 50a53e94befb9e3db6573131
+PersonalizationString = 1939af899c62189632511bd0ba90e53b427c4ce327974552
+** INSTANTIATE:
+	V = 17e0adab58d2675a163f138919ce0d062e47527b4db5475b731d5ea0e423a4bc89cd1c9715dc304a855c15b1741d7fbb200deab87d8cd8
+	C = 9259c061d7b9ea8a43780bb038e6eab7a0e0044a739822a1f0f93254b74ce040dd59212b752b36a7b2139a17e54da1026ec64e8908b8ba
+	reseed counter = 1
+EntropyInputReseed = 673314f6d484605c65d1b0753307605929dde71392e324b7
+AdditionalInputReseed = 
+** RESEED:
+	V = 0cbe4e6b487b12cae73e618e753f50df61a0089e2e4f8b041ff5f0d8675011ef60f06bd40869cbaab744f37baf7fdeac051a021d414064
+	C = d818d83084d58b9fd9f736c7e2950db9ca8c75c4b8721f82bfc68a92aaaf45093239aa74a02667cabc878bac06444cd203b4535671813c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e4d7269bcd509e6ac135985657d45e992c2c7e62e6c1aa86dfbc7b913fd147f933391f511ef5d61072399c79d6ee17cedd6bf594e3e15e
+	C = d818d83084d58b9fd9f736c7e2950db9ca8c75c4b8721f82bfc68a92aaaf45093239aa74a02667cabc878bac06444cd203b4535671813c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3d877b3405aa1a747b5be92de62f4e217a77ed4686ff3c8b0a77abd28cc776c3ed2747d8b3be88c8080cabbc731e47e85956dc6db5ab0cb2d2c593bc6e0ec852d9373323538162e06b450db3cbdf6f77e682a68bc2569b834ad136b4cdeebad59fdd3c9421410e810e129a8654764613
+** GENERATE (SECOND CALL):
+	V = bceffecc52262a0a9b2ccf1e3a696c52f6b8f4279f33ca099f8306c6aa730c0e62994156c55fd516fc1b4288529ac23faa2a544f74371e
+	C = d818d83084d58b9fd9f736c7e2950db9ca8c75c4b8721f82bfc68a92aaaf45093239aa74a02667cabc878bac06444cd203b4535671813c
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 6b7bb877c3ef50ba1628288b0038edfbb043714d0ae06f1e
+Nonce = ea0f034cb8304230fc37ca8a
+PersonalizationString = b943666492b6e426e06c3fa7e9a2fbb5ed950ec80be2a4b9
+** INSTANTIATE:
+	V = ebd4f0ee94fe8eb6ddc7ecb5867fab852722b2d70413173c536e8d2a636c0c3b8787eb2d1f6cd1b2925fe3edb92b7c12dfce6aca723bdd
+	C = 3004163982b86dc0bd8f203d4bd74acb1cb24194c437a66333f3d7a509b28fdee881083e2c9c24ba716df222d11a5936cf1e3fc039b980
+	reseed counter = 1
+EntropyInputReseed = 7d993cf6c2417daa3ebcc887e3eb13ab64aeffd2480fa55d
+AdditionalInputReseed = 
+** RESEED:
+	V = 0d1622f8ea2b9f3194a00dec7fe87962f0481e1840c640afc8707a834a54dbf4a9b91caabdd799f4e911ccd2a174238d5b0c561e1928d5
+	C = 155215683543e60ce913a18772d5cd9058d3a13fec161dae71522ec38f9251f0cc62f1727b5acb47f37dc070f2044e6d815f0565fb180e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 226838611f6f853e7db3af73f2be46f3491bbf582cdc5e5e39c2aa1def3cda1011e2ab7252182e035e4830796127c691b2cd0a3b9adcb8
+	C = 155215683543e60ce913a18772d5cd9058d3a13fec161dae71522ec38f9251f0cc62f1727b5acb47f37dc070f2044e6d815f0565fb180e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 715ba17993dfe472325aa9e902e93637aa72e8db4e96cad8143a7a97a7e66e1721e69453399c2528e98800782a34738a7bd9dece452af7634c9f502e2392dc50b9c70270f51c3273650a21394ff262ec72ab19621f1a573fe60fb1fe852d2cc0c34ef73b2cbcd9f16b53a61ecf78496d
+** GENERATE (SECOND CALL):
+	V = 37ba4dc954b36b4b66c750fb65941483a1ef609818f27c0cab14d9cd559978b1185c7532d04ab9ba92c1274894b79210735bf6c7a50221
+	C = 155215683543e60ce913a18772d5cd9058d3a13fec161dae71522ec38f9251f0cc62f1727b5acb47f37dc070f2044e6d815f0565fb180e
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 70b39c77245b0da3005badf0dd6d59a4f86e6faca253ab97
+Nonce = 9ff849d524bb9156ce79f950
+PersonalizationString = f352b715805f8949596184dbe6b18f33a88eaca256752c91
+** INSTANTIATE:
+	V = b360877f4ae7e57fec36729716f0bdb582b7d7828d3f6cfa690c5bea7028da5343fc5ce7bed92257c7362761df0247a9fbc627bb501ff3
+	C = d09c9532743546011b6d65dbaf52e3f996b9d994cf8fb46451f56a35212caf4a75c69c6a46dded5cc4c69dfbdf78b2c20954b13141a0d1
+	reseed counter = 1
+EntropyInputReseed = 09e806ade68d2a30de12685431497de36e4921dc710e0c48
+AdditionalInputReseed = 
+** RESEED:
+	V = 3c609af7e88f844da617f1e4bea0fe50361283237b5dc6335fc4541632109d876df283eb0461ff1d85ef33dda4754948fe6c80ada37687
+	C = d6b9cc177669cadc122116cda137cd40ca142643cdc6910c9f5894a9f7a3616d6d3b953070ba737895d12cb96d4d02be5a024a9f439916
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 131a670f5ef94f29b83908b25fd8cb910026a9674924573fff1ce91ae3d551b279a358f3ace5ff7e011206eab68593270ddef02691b74f
+	C = d6b9cc177669cadc122116cda137cd40ca142643cdc6910c9f5894a9f7a3616d6d3b953070ba737895d12cb96d4d02be5a024a9f439916
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d6d13ce8b116faf00f64d7b07e8e5f64e38bd647c6eb8dd070da150a034ca64a3f63477e1a6f5d6d6da11a05b29ebef667d8cfe6a6f7944b7327ac1278d4c930678b5ef0d4b75be904240403a58ae5797490068daf0c399d96ae280bc31b21e33429ad847be7a5c500985300116bc611
+** GENERATE (SECOND CALL):
+	V = e9d43326d5631a05ca5a1f80011098d1ca3acfab16eae84c9e757e13ad42fe9905fbbbb1a91f30ca0831cf13437675432e6c54397105cc
+	C = d6b9cc177669cadc122116cda137cd40ca142643cdc6910c9f5894a9f7a3616d6d3b953070ba737895d12cb96d4d02be5a024a9f439916
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 2df3b80213db6525e2b74d6279fd9e9e518370b697c213cb
+Nonce = d65540e532affb1fa8219d4a
+PersonalizationString = 3b1d7c80c907ca4b1bd469b31a01f4e98429597c20ce3435
+** INSTANTIATE:
+	V = 00a91e47746258f9148d2193d302dc04b0782d74da222190e5d8b35c67d96eda733937d3a1e84c04379b5815031e2c445358dd7fb3d31f
+	C = efb8422c9fddbbf6338e9644e6a68601d8a12564e12530d2474ccd0ecb66f841a9120566925dd6abca0b432f977ddaf3472e70f0922451
+	reseed counter = 1
+EntropyInputReseed = 83c903ad3be2a3edeb571bc1c7f40d9f711b52365003fdf1
+AdditionalInputReseed = 
+** RESEED:
+	V = e426a531cdd0e8fdc3988ffe9958a772c992cdbc358e0f00c1d0e0e693451ff803df5dcba110f12006161cda9c8815b94f1c22d2471b4c
+	C = 07d82c3f7bc0530b8b76ec0a659cbbdad8322b2b7ed19e76960bff756a74fa1b35590b1aa0aa704e4cc64b9586c02bb4950c7a569f06b7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ebfed17149913c094f0f7c08fef5634da1c4f8e7b45fad7757dce0bdbc18271e7f44b12c27b8156c12bd4f2a33def1a62f287737ff674d
+	C = 07d82c3f7bc0530b8b76ec0a659cbbdad8322b2b7ed19e76960bff756a74fa1b35590b1aa0aa704e4cc64b9586c02bb4950c7a569f06b7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5fa28a593cad68459ca1f628a37097d088928a980fd01cc4e404247c8ae157d2448f91133d08fdd5234b77e5b7bb9e4773714187132723de0bff816701c9aaba9a43b824a096deade1f9de007f71a5fa8cc4d75f1804b485bdded3afaaa3045245d0ddabf8130981061d6cebb4149a0f
+** GENERATE (SECOND CALL):
+	V = f3d6fdb0c5518f14da86681364921f2879f7241333314bedede8e06aaa3cabe550761f5942f293463ad7a36dd239a97465262a3c834910
+	C = 07d82c3f7bc0530b8b76ec0a659cbbdad8322b2b7ed19e76960bff756a74fa1b35590b1aa0aa704e4cc64b9586c02bb4950c7a569f06b7
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 48526befe3ceaaad80ef9b32508dd22ed3ad69be23a989a7
+Nonce = 2ff8b83c299bd69fde890a75
+PersonalizationString = b6fde7130a3089c09dfd21f48a981d5077ed48822bb1ef81
+** INSTANTIATE:
+	V = 35830f44af9b8023814cb0095538f2fe60dd743f3d6b90f3d2d828e2a7716c1f4575a57e1871f31797f6defc3d58c5766a1c923448dd00
+	C = 7e42703c6181b06973f4ed8f1ed4d15927e779365abba56db43843acd738c25ec070afac3fb407429e64ea3eb0e47dec5c5fc6080c5aa9
+	reseed counter = 1
+EntropyInputReseed = b2a7412047190e416333347b77babb0fdfb9abbb92932113
+AdditionalInputReseed = 
+** RESEED:
+	V = ac9046e708f00e0f6a2f5bd022bc5d9a55b545072e00c9a9945235c31475d16ecac04c667c07c841b1dbfbaff9abee9abdf810bd2b1189
+	C = b6df3e5469dd18831c62a2d6fbf33d79a166a07e51d04c385ee4b86c114a23faf2f580bb4705f03c307bc4adbf614cfcecb1b39b470f14
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 636f853b72cd26928691fea71eaf9b13f71be5857fd115e1f336eef53781198b1184296a4e77f347f047076360091f369c77ebb0a664cb
+	C = b6df3e5469dd18831c62a2d6fbf33d79a166a07e51d04c385ee4b86c114a23faf2f580bb4705f03c307bc4adbf614cfcecb1b39b470f14
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 74dd08172f3e99b59c4f54fc7a531646e72f13daa25547d4efce1ae97270cf5538fefa2ae2620a554a0b605f9ba2c2acf3a8531a91cf73a53b333c8226967fddfb956f9a43a6cc9ef31e8c9bc57f3c89b82fe5f922096def7fb7c42ea7985442ac61c14e0504f53d357568a64e9ef385
+** GENERATE (SECOND CALL):
+	V = 1a4ec38fdcaa3f15a2f4a17e1aa2d88d98828603d1a1621a521ba81364e891f08d3087600ce34129c9c265254af46f9d14d45449748f61
+	C = b6df3e5469dd18831c62a2d6fbf33d79a166a07e51d04c385ee4b86c114a23faf2f580bb4705f03c307bc4adbf614cfcecb1b39b470f14
+	reseed counter = 3
+
+[SHA-512/224]
+[PredictionResistance = False]
+[EntropyInputLen = 192]
+[NonceLen = 96]
+[PersonalizationStringLen = 192]
+[AdditionalInputLen = 192]
+[ReturnedBitsLen = 896]
+
+COUNT = 0
+EntropyInput = 6e42e3d19c0521a079f0a432852e418ecab88645a74c8d30
+Nonce = ac32ed505751b0b25afd6780
+PersonalizationString = 62d28a14d266c887375466ee5e9fe40eca3bad0c68405f58
+** INSTANTIATE:
+	V = 97c32070c8c9ee671654f048b84ed338ee841ea57e2176c9a8a3ae21cddbc716bbbefc6e429583ae2766ae875f5158be09e33578cf05c9
+	C = c1ee36f436ab0d4b862300cea6daee69dfcd992f72ad82d249257343974502a79c50cd1127645b7096974a9fc3d87d7cc7d8f40352a3bf
+	reseed counter = 1
+EntropyInputReseed = 6725b17d61db79908948db4369623ff2040e59c2ee2eec83
+AdditionalInputReseed = 02e5d9af19bd1aea54d09a379c83ab6dc7a9236222701359
+** RESEED:
+	V = 52b1c8de43584aad4d204553a066f98c9123126c208a608c7e2892588400d388d77e77a8b8c7e73d565412c2c2bd11c4ea4ce6a2e9ebc2
+	C = 19f0b418a296f1b88edbc6a939e93fca5762da6472de38f0216ee2d7a42ef54d01b3443e787057f2d6900e539d212a96dcf4df6f2e296b
+	reseed counter = 1
+AdditionalInput = 9f618bac413f620cf177f617e51bf0f77f845a3e265b987d
+** GENERATE (FIRST CALL):
+	V = 6ca27cf6e5ef3c65dbfc0bfcda503956e885ecd09368997c9f9775cfa9cfa8cd4a05c65f7df9a1251a00b6e2c9ca17e1fb92d014a80395
+	C = 19f0b418a296f1b88edbc6a939e93fca5762da6472de38f0216ee2d7a42ef54d01b3443e787057f2d6900e539d212a96dcf4df6f2e296b
+	reseed counter = 2
+AdditionalInput = d65f6032405a812ccc81f422fb12efa0b07bd4f6a0c43955
+ReturnedBits = 73e7efcc8d61db8c764dfac4c83e54664c029350ebf653178ee05926f340f22b7569f02d1437dd371fe28d4c8e6f72487b157e5519f6b38a188a9cf92a1c8d4b5c5d5ee137daf6de203bd488e433803091a338f01574748cd6c624ca1c82d36d1ff71142cec9421eb114238f6c12b765
+** GENERATE (SECOND CALL):
+	V = 8693310f88862e1e6ad7d2a6143979213fe8c7350646d26cc1065a371b833b8d462d0de24d0ed6416810da91789247bfc6b985bc55b9fb
+	C = 19f0b418a296f1b88edbc6a939e93fca5762da6472de38f0216ee2d7a42ef54d01b3443e787057f2d6900e539d212a96dcf4df6f2e296b
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 518e8f4f41a3264258081b7e5bab19277fac1f0df2d81c17
+Nonce = c8d896eb764569fce258f05c
+PersonalizationString = 5708b7a10bc0b22b32cfe89961091ffc0f26d3e3377355a7
+** INSTANTIATE:
+	V = c3a4b96c3d3eff9577a5263b18c51ccff5fd67d077e55274dc0dbe37280081e110d23301394bcc19e75b2e0496e97ec1384690115b0068
+	C = a3c7164c5cef49acf2b58918926504281f06b1776a855c29f9db843539d2e00bad72ebfbfe51a844eec7f482eec201828d0d9d8f481f25
+	reseed counter = 1
+EntropyInputReseed = 3b657e73af4fbcd5c9878ab908f0a24bf355d3eb1c3f7092
+AdditionalInputReseed = 3452392f23050f2cfc2984c5d3bbd38f0c8ffa870e67219e
+** RESEED:
+	V = 859462e1bb8610748411ecf20867f92706bb393b9b8b11a3fe6e4b8c16198089244436ed9e506d8abb8d38f731d4722a37aff490be3f32
+	C = 87125373d87652919d38bc86a023c64d846975b5001975ad01e51c4f27a3ee6630801449eac67d09e840bdd517dafc3d9f38b9b084f8f9
+	reseed counter = 1
+AdditionalInput = ed710e5e2bc9b9030acef3a54a4c41fd0c6b98a1f85d940e
+** GENERATE (FIRST CALL):
+	V = 0ca6b65593fc6306214aa978a88bbf748b24aef09ba48751005368a2d15bbc688e5447e0856d0d45477713313b4adeabfdf90643bcdcb3
+	C = 87125373d87652919d38bc86a023c64d846975b5001975ad01e51c4f27a3ee6630801449eac67d09e840bdd517dafc3d9f38b9b084f8f9
+	reseed counter = 2
+AdditionalInput = 4de0ad2a6aab12e5d912f07858f8d656c9d187e45ea9a2e7
+ReturnedBits = 60fb3668316309b885aa27ed4da49cac1b3d0564557a6dde1dda878f3c85a101f26d94c2b73d344635f6319807c669c2b6e119f2da4f0955e34eb6d5587bb6fc695df5beaec3804f90208f34c25424e946f9c7431f11c55763a9e79461a2dcf89bbc32ea36bc59f7ba2017c967ffdebf
+** GENERATE (SECOND CALL):
+	V = 93b909c96c72b597be8365ff48af85c20f8e24a59bbdfcfe0238855448a23c576b9d1758104aeb225b15182b57bb833cbdaa6ed0b895a7
+	C = 87125373d87652919d38bc86a023c64d846975b5001975ad01e51c4f27a3ee6630801449eac67d09e840bdd517dafc3d9f38b9b084f8f9
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = a3f32e615ff86bed6f6d4de4c9eb47481314cc21fc86a343
+Nonce = 94a05be40b07a355bbeb3ea3
+PersonalizationString = 412c995345154e80803fd9d191e578a284245c6b4d2227a9
+** INSTANTIATE:
+	V = 346abd1dc5f76dea1fab9cdceaa3ac8a5e559447793cced3b90e5d50b12546e1f43456a5a6ef955d2b4e4f298cb46277a03530de8e49d8
+	C = bae2400c108389dc6b144f944b419524b4ea1615127caeba1806526715125ef0de259f500d22a155e1c466bef9e1927977a1b03cd47a88
+	reseed counter = 1
+EntropyInputReseed = 043dc317266cbfa7b2023780f58b64acaed838bb69bcfc4c
+AdditionalInputReseed = 0f28063b9db829619fef2fed2805c4ce96f2d68471bc659c
+** RESEED:
+	V = cbca455f93d7007721111f84efcd71f3d14880ad5f8a24112f280277b8af0ca9fe6d598d94c543f8aacf79fc32cb1ed135decaedeb0b43
+	C = 527879cf86d6bdb4e722af63a16ecda33c55f856db0940c515ca2e7d0e89173dec6d6d863818f81e299b2c81b457b816fbbad62349d8aa
+	reseed counter = 1
+AdditionalInput = 733b106da6e7aca102a5521fba45788afae41040424262f5
+** GENERATE (FIRST CALL):
+	V = 1e42bf2f1aadbe2c0833cee8913c3f970d9e79043a9364d644f2320a5407e64e151970fcd4319090180e72f2fd972875d02b690a23da98
+	C = 527879cf86d6bdb4e722af63a16ecda33c55f856db0940c515ca2e7d0e89173dec6d6d863818f81e299b2c81b457b816fbbad62349d8aa
+	reseed counter = 2
+AdditionalInput = cd92894bc5f8e6d87729b7890267e4527dc4d725780f41a2
+ReturnedBits = 461c06e5f04688cb2c82f7626343166a3caee3aa5903c08fdb10bc93f2770928f2a55bcbd6cf198b38e21851ddd639740a6dba90e8763ac830452a7213bf2002d28036b59880bfaaafaef16ab26aaced7a51a01ff84482751d0378dd6477f2ccebbb54019a24f60f3aff3028438a7873
+** GENERATE (SECOND CALL):
+	V = 70bb38fea1847be0ef567e4c32ab0d3a49f4715b159ca59b5abc61ab112f32e3268229d67a5ea1e9c1956b776780a0cd669ee1e5cff1a0
+	C = 527879cf86d6bdb4e722af63a16ecda33c55f856db0940c515ca2e7d0e89173dec6d6d863818f81e299b2c81b457b816fbbad62349d8aa
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 9e526ca4bc0e0a0f42b027b34c386d80233a6e28c53b9079
+Nonce = 6a2aea87bb351aa65cda363b
+PersonalizationString = 0d3bb3638d8da12fd9de7d23e3214b29d918504438615901
+** INSTANTIATE:
+	V = cb49fafebcd70c54bcd558a4ac594d4c56d70e3d525dfbf868b65fc395d49d3166a13995ccd6619a6d72cc7c3fa665c87c05081a86051a
+	C = b1d0655f91508d7052e42c85874845608c4c5423e5f698313233b93b634681d40366e16c85796b795cc65b90547feefbd2f0f6d13eaf00
+	reseed counter = 1
+EntropyInputReseed = 9302135dc7de9bf5b3f98e98f8003853198d62b1597c2c00
+AdditionalInputReseed = bb5863bbc155aa084e8d00fdf779e38353ca6756765ea246
+** RESEED:
+	V = 7140b045414efbe96845cc1cfbba0248c3748a59e1211a1ceded8a9e5fc446c9b3da10f016ff6a460d4a4f8130f959dde633c0841ba081
+	C = 860aef7dee95f3c2c8fd5eac2cc8873ec229685f55cc8ab4d3545b909101e0c6b64911a57929bdfe79ebb44fc97e034d398006898ef85b
+	reseed counter = 1
+AdditionalInput = 9b0a93bc4a75f161e5b0207f66405be6cb7bbec2bdcb77a4
+** GENERATE (FIRST CALL):
+	V = f74b9fc32fe4efac31432ac928828987859df2b936eda4d1c141e7079b6ca19225e588c5e71c96c4c034c5e4d031371e25238311c095de
+	C = 860aef7dee95f3c2c8fd5eac2cc8873ec229685f55cc8ab4d3545b909101e0c6b64911a57929bdfe79ebb44fc97e034d398006898ef85b
+	reseed counter = 2
+AdditionalInput = e1c5381be169161ac2675209b9811f41ae28dd7ebd77df82
+ReturnedBits = 384573d0fbde5d5babfb0e2a27bf760fa5aac7ca401ef43207a88d210e65543a93a1565451948d9226c58f7e3b61c194b193c440321a0d7f282923242ca8f1aec3e02b86e3f618d91af7376377c094d62fd5a23a9541a77560d4edfe4f60e245988dea0f79f5297e4676977fab142ebf
+** GENERATE (SECOND CALL):
+	V = 7d568f411e7ae36efa408975554b10c647c75b188cba2f8694964414d4a7bbabc40d8a461f703a5ea70b42f5af4c991557ee917207cd7e
+	C = 860aef7dee95f3c2c8fd5eac2cc8873ec229685f55cc8ab4d3545b909101e0c6b64911a57929bdfe79ebb44fc97e034d398006898ef85b
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = fcf7fdda4f1ee2acf2d849a6eeaaae7a2cf56581ae43fd47
+Nonce = 3e7e753379e4a522205b5768
+PersonalizationString = f6554031382d7da6f02651b5d81d0eed01396fed1290c1d4
+** INSTANTIATE:
+	V = 0db18d7e6319131ae6acbf70ca043670e6da4e25e43556ba0a90c6d74468e624ff1f5467cea81b5ebd432463d45b2ebec447b38e75dfad
+	C = 9785c5e133b2441b556264ebb3eac4f0c70c916033f7faa57b404b43152cadc0f33f62b431aa9bd9f1bf8bd6a78811944f3555378b8f2c
+	reseed counter = 1
+EntropyInputReseed = fa8377df3cab75d6f17afc43068cc770f322d70f4457029f
+AdditionalInputReseed = 1de7771014355f0e4155c874f40d72cfc4e7e78142e42d44
+** RESEED:
+	V = edf1f1e88dd4ae27931f2d4e4897403854e6e19117208c05e2b56fe79c0a3d2061f732aeafc1d8a3cd2c21ce2ad17151454bda9e1c12eb
+	C = 5a8e7558bb95c840a06c6c47d992a79bfb6ccfc42da8b59ffe3b4af5450d2100c168ab9d9e65fe642d6a3bba948a43a1cc3b674f1e51b6
+	reseed counter = 1
+AdditionalInput = 1a22a454fbacbf6b9eeae2250e64fce58704bdd9f65a366e
+** GENERATE (FIRST CALL):
+	V = 48806741496a7668338b99962229e7d45053b15544c941a5e0f0bbc808c9881c0fbf7f99929afc841787b82b6eead2231ce41e22dc364a
+	C = 5a8e7558bb95c840a06c6c47d992a79bfb6ccfc42da8b59ffe3b4af5450d2100c168ab9d9e65fe642d6a3bba948a43a1cc3b674f1e51b6
+	reseed counter = 2
+AdditionalInput = 857d30940a9a242b936c0dc0b2656b2c5dd2572812f5a1a5
+ReturnedBits = 9b5d1b98416fe52d1a6680ec9c7ba279c5295ebc4a73be92448d449ab7253c97d9846e558ab7b8fd3565019dd72fd1cb90e72e68516513203f454f20dc5f38b7e3ee6c810188d414466f7db5652f381eb6070dcf3aec099a0ba2f18a62ce9b7314368bd8c7e56a19032b1af75e98de54
+** GENERATE (SECOND CALL):
+	V = a30edc9a05003ea8d3f805ddfbbc8f704bc081197271f745df2c0831827d2175f4831818c6520e526c00a39fabc7f41b106ee9b838503c
+	C = 5a8e7558bb95c840a06c6c47d992a79bfb6ccfc42da8b59ffe3b4af5450d2100c168ab9d9e65fe642d6a3bba948a43a1cc3b674f1e51b6
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 24bbc99ed64e385ccb84ef04ce6a21adad55fc1f30f5dcf6
+Nonce = b6852a94d5f97af8ba988696
+PersonalizationString = e7e47fe1526ad0367ab4238f9e1bb8e3552fd8568f85d383
+** INSTANTIATE:
+	V = 51f95bc08e4f8088695e5fdc4cd790f176dc58c3c9f80d75e62b566d78a77c43b871ba2d5847e5a5968fca9bd3ca5fa724a47bcbe5dde2
+	C = dd78def9058cc67095f8314f46566bdef3873e439b67d1385d85bd1d4464f71fcd735e055c2fb50627696994194ac4c9a5c84ba4383592
+	reseed counter = 1
+EntropyInputReseed = 59ab4bc3fbf8ea0787f537102490f3a7b6bacc4312207d39
+AdditionalInputReseed = 2e31a1c020676213380402272359b261db226df3d4b7edeb
+** RESEED:
+	V = 6cf216e5e016ba127df14946e7e8c0311517db032e915a18bba3978dd42c0788267521cbb51657b26fa7e6dd6f0f0790b8ab7e6aa2213f
+	C = f612eb5b6b9df9c9e2fc7ca7c239b8b53e5994652dc07d276903c277b6595037a9aa05f9b2e032338c11aafa871d1e98d15cb958238a3d
+	reseed counter = 1
+AdditionalInput = 6968021729def430d1aba33dd3ffba23295fc076582b15dd
+** GENERATE (FIRST CALL):
+	V = 630502414bb4b3dc60edc5eeaa2278e653716f685c51d74024a75af597588295ac70802e9aa941ed97376a360ac90f1d149f3931cac241
+	C = f612eb5b6b9df9c9e2fc7ca7c239b8b53e5994652dc07d276903c277b6595037a9aa05f9b2e032338c11aafa871d1e98d15cb958238a3d
+	reseed counter = 2
+AdditionalInput = dd830cd724f37f2e79bbbc2afba136140c6cc93ae807207c
+ReturnedBits = a7ca0fde7961b7d472cec6759e182d0e1f1e3d6593be4b70d8043ff62d07ef3b2f66c9eaf15ce08629468a6b7fc8ea6e89b750abf3ee46dc3206fb35ec630102b78257e2c36495c189769d47ee195e73ff010d31ff018ed34bf868f0e57614b6e882d017477108ad669bb5f198d90977
+** GENERATE (SECOND CALL):
+	V = 5917ed9cb752ada643ea42966c5c319b91cb03cd8a1254678dab1e6f30640c9534272a309da4edb3c936bd81b827c49c70cd2723b5a72a
+	C = f612eb5b6b9df9c9e2fc7ca7c239b8b53e5994652dc07d276903c277b6595037a9aa05f9b2e032338c11aafa871d1e98d15cb958238a3d
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 7665e81681c3b88af4b2b9fb5deb5bbde6200c605e3f84bf
+Nonce = d07da1b39a10dc236ab1fec3
+PersonalizationString = 8d5997f382d59fc926173c30b9faff081fbe27a106545295
+** INSTANTIATE:
+	V = 3d6f28f7d88aca6e6cc9245990e90927bf155858c9f258a84f8cd8441e027fff24d50635241c6bb5420eb255bd10f481659fac52657e2e
+	C = 018ef1b9012dfd5c551f7cead9f66d2b27cc5c76b7a39af3c0f515f983924fe75ce55116a7b43d8690115da0a6f3cdbe5629d538bae543
+	reseed counter = 1
+EntropyInputReseed = 1bf81e5d37cb2919d4120f597efb8efe925206b7cc7c7580
+AdditionalInputReseed = d0c84c33176c9d58bda4baa9e4879839cba3b2541fbef595
+** RESEED:
+	V = e2669a90ef583595433c557472d0ceb97d4dceb0c2c3a1011626b5ca2cce773b754271c41035c416a7478ba31186f2fa69d7e41d8bdc73
+	C = 890eb028f14c7eb71c3b13b87424249c1cdf789a5ac4ac980bd598e63abc5e4db824caaf9daf173e243d74fe49f12762b95854dc5784ee
+	reseed counter = 1
+AdditionalInput = ec81d12ca2b13baab30ee79b15097d9be2696dad96374b29
+** GENERATE (FIRST CALL):
+	V = 6b754ab9e0a4b44c5f77692ce6f4f3559a2d474b1d884d9921fc4fe746924dfe1b3f5ac83662748191aac208779dff19336e2414d64d9b
+	C = 890eb028f14c7eb71c3b13b87424249c1cdf789a5ac4ac980bd598e63abc5e4db824caaf9daf173e243d74fe49f12762b95854dc5784ee
+	reseed counter = 2
+AdditionalInput = 7832a39fa8a0f375694255d3755aa5e76835bff2236ceb3e
+ReturnedBits = 07861cb3216ab8fad021a0a894ee39cab7ca3004f85422930a53cc37e2c043881915f45f3714008d7da871b04cdefdc9c351e6d9750689ce4333369e99cefb4d399fd731219a319acb4f4b67c9db73ef974e429ae3cb013fae4e48c2396c14a45f151f36ecdddb1f0b0e136cdf3b26a9
+** GENERATE (SECOND CALL):
+	V = f483fae2d1f133037bb27ce55b1917f1b70cbfe5784cfa312dd1e99e3ab08bceac50a6beee7672c6cea9b3e5d9c105d0c0158e7987bc6e
+	C = 890eb028f14c7eb71c3b13b87424249c1cdf789a5ac4ac980bd598e63abc5e4db824caaf9daf173e243d74fe49f12762b95854dc5784ee
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = ad56ce13874b738b970a01a0f02453c302a76674e6651347
+Nonce = 1d17075300ddd1c406c6a8d0
+PersonalizationString = 35167dff556f02e12fa71a3e27268391ff653bd2d0bea772
+** INSTANTIATE:
+	V = baff0d4d1eba4c68db0dae9ddc47ecfd5d7da7483b6fa8a97acda6dd4abfd71379ccb01e6932ae3e672bf9901b4aecd557bd3527a2a0dd
+	C = 13e561f94287e02c7c8c5bcde55bfa16e2f5d16d623bd5180e4b206367c088027fb67852522ae6d004edeaaa1f698b7c19c889c84db4b4
+	reseed counter = 1
+EntropyInputReseed = 8cad31d45513a017f50a3fe0b6d9f899499025b396fe7d45
+AdditionalInputReseed = 2f05c322bd13a463264499c2a0aed737be3e33e7f85276f2
+** RESEED:
+	V = 4e9aae98639a92a4e920ec4b6f3b83f62e36548c33dcf5d769517ea2ee01f482efafd09b7d3aa765c1eb4ea0d8b3cf9de36a82c2c837c4
+	C = 97f5318f862372265abcbe6db005399550d96201347243e161123882679e9e09dfa4da17f0536eab4680feb54a3ab6f9453bbdf658e475
+	reseed counter = 1
+AdditionalInput = c87636844d243faf6324df31b89aea05704626c335689efc
+** GENERATE (FIRST CALL):
+	V = e68fe027e9be04cb43ddaab91f40bd8b7f0fb68d684f39b8ca63b8501ecbd6e5d667cfb0054ac391929e431421e34286593ac1ae4a468d
+	C = 97f5318f862372265abcbe6db005399550d96201347243e161123882679e9e09dfa4da17f0536eab4680feb54a3ab6f9453bbdf658e475
+	reseed counter = 2
+AdditionalInput = 416cbd2b175ee03e63e2077f29e7e29ff8346566d5d9bf4c
+ReturnedBits = 1d698e572f09dc9aed5eb8748f0b735c8d66e2146324547fb0252bb5dadbf8944d4de32f9f3f08198df3636dd0f092110af687ed36ce1ac506586df053d8fd3e7c58dd8db6074ffec4002e80260116ae46616ce3efc1fe49046ee3e77c399e52cc8bdf73bf904a84f2a5b16682095e49
+** GENERATE (SECOND CALL):
+	V = 7e8511b76fe176f19e9a6926cf45f720cfe9188e9cc17d9a2b75f10634700801506e4f813454f9f2aa145716a1ac843aaf79901562f427
+	C = 97f5318f862372265abcbe6db005399550d96201347243e161123882679e9e09dfa4da17f0536eab4680feb54a3ab6f9453bbdf658e475
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 79be524b0328ab43ef8f2239907fc0dee3fe3e5fccdd0270
+Nonce = e1152c7e6d0b9c3540a89f63
+PersonalizationString = 376136e81f8038c6f029e757c4a8c9c975610859ba023e0c
+** INSTANTIATE:
+	V = cf7f9e5e57f8a83c4152b07aa8d8da6a9961d30540d8cf451b1389aa49cc3a2fbdcb398658f07d8ffe8c22f61be97b977be40b67aa89d0
+	C = 700e67466ab5494fa2bcce9545826848dfd30cb9687bae5fc626ee24e46cd8f74221dee5912ba9ddbd5a0da7423d33d5241f6419653eda
+	reseed counter = 1
+EntropyInputReseed = d807115286192359e9df8cb9e7daeb149ad10a2a5330bf97
+AdditionalInputReseed = 0969eb37d39ee68a81491a133688db440168baf55e5c0c98
+** RESEED:
+	V = 521e2d230b7dbe84a1a0831f362a637eca6875ad4f60be1ff5b3c38f8251cd47f465207dcffd840a9e95c63161191d52f380818de0df59
+	C = ef770f6335ef07fa0c81d7c74727d6cf8b6dc97c9f5691dd3153236fa47c7392250a726057781bf995d432274324d665cf540a1b420e81
+	reseed counter = 1
+AdditionalInput = 32822ad85e56a5ea9aee92d0e6a6f4af516d93eeb89e6421
+** GENERATE (FIRST CALL):
+	V = 41953c86416cc67eae225ae67d523a4e55d63f29eeb74ffd2706e808522b2ee440f48a8f61f133e1e955dd55043daf6d32b4b33cfc1ca9
+	C = ef770f6335ef07fa0c81d7c74727d6cf8b6dc97c9f5691dd3153236fa47c7392250a726057781bf995d432274324d665cf540a1b420e81
+	reseed counter = 2
+AdditionalInput = b95d9f3c74f1d366c91f5fd18afd56a5ab7f2084c775ccf8
+ReturnedBits = f4d16c2a2c9b6f2c6f9335935c6aab6bee8585e2c521e4a8211cc997221039ae7604883b0c1525e7a9822ac8fe0befc23d29187e6355bd204a74f8c9f1fadf2c4e5928b82f99d010a52b7c81cf28195a3fc9cdd224666048285342f357738d1b4c0f3f62e67271d28c431057919a4ee9
+** GENERATE (SECOND CALL):
+	V = 310c4be9775bce78baa432adc47a111de14408a68e0de1da585a0c9bf9dc730ee5029932aa9b6555bb165b6ab561d1cfd8806d7efc5874
+	C = ef770f6335ef07fa0c81d7c74727d6cf8b6dc97c9f5691dd3153236fa47c7392250a726057781bf995d432274324d665cf540a1b420e81
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 79a7d7c087e3ca306d7d03d8794a4b4d92fe937c410a094c
+Nonce = 1f2a6877d1a602b79dcfeed7
+PersonalizationString = e342a6495978482dcc8d3cfe2eaecdc50d41b377c30cb868
+** INSTANTIATE:
+	V = 040e09943b404878563c15b415d6662c4e2f75af49a56ef8c45b805bc1605faa35dc7decc18b035f26c57a232bd1e8a3b6934190e7e59a
+	C = 9a83d3dd9cb52917650ad832bae3d627adaffe9ca4274fa925331ab302d5a94794bb5c001fbc5b57023c4f6735046f4e16eacf71f49e44
+	reseed counter = 1
+EntropyInputReseed = f574cad7c3a3acce32b6e94143a3419aa7cbfa7be5bfc363
+AdditionalInputReseed = 50166f17b79fe48cc5be4864024760ed8b8b2eb78c5f3334
+** RESEED:
+	V = 6beee24960ce518d9f0e1fd1f7d2dbc15ecb0378444bbcee42011e7aeb43d90dd76c50d0e192918ef2ac5e9eb173077070ad04edb2eecc
+	C = 7ff74d52a57813b3d9fdb6102c1df07a5e7ce3049f47cbc347f892c65cb8c5f1130eb78b9ddd2ed2861732d17af355bfde449e331d5fd4
+	reseed counter = 1
+AdditionalInput = 6964419fad4dc4084ad74dd9a44f1e714a19b817be10c888
+** GENERATE (FIRST CALL):
+	V = ebe62f9c06466541790bd5e223f0cc3bbd47e67ce39388b189f9b237ee03b447fceb5986ce246dd36098779c019d9b3b20d83a5b366ad4
+	C = 7ff74d52a57813b3d9fdb6102c1df07a5e7ce3049f47cbc347f892c65cb8c5f1130eb78b9ddd2ed2861732d17af355bfde449e331d5fd4
+	reseed counter = 2
+AdditionalInput = f50a3709540a9092e0ffdba76ae4bed12f3da01a440a059e
+ReturnedBits = 4a97844ae600417033a37b90421dd0a556b2e1fd145714cd9d7e35442cc5bb7c0aaabdfbefeaa4267392ff89299edd0a689276a664292aa7ec1c505db34c6dfc7918bfc956219f9af21b6409b208e1c80b4b4a85800bbd7ebb7c484d27943f6171a796cd44eff6bc57ce684e6858dfab
+** GENERATE (SECOND CALL):
+	V = 6bdd7ceeabbe78f553098bf2500ebcb61bc4c98182db5474d1f2461a7eea73cecbb87d307746d25fd8d21278b43a0c7f2bfa89c2044879
+	C = 7ff74d52a57813b3d9fdb6102c1df07a5e7ce3049f47cbc347f892c65cb8c5f1130eb78b9ddd2ed2861732d17af355bfde449e331d5fd4
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3548e7917355dac079702269d8fe13fdc0828a68cd7f254d
+Nonce = 609027f0500df47c73f8994a
+PersonalizationString = 1c79d5c06a2aa3a35c21d168b9628d58640ea20877d6d5ec
+** INSTANTIATE:
+	V = 8ab204ed48efc217f7e7d845fb8b28e1f0dfca31f29d62cb6c645f8e660dfbe1fa9881aabc2e4570bb417d34ff883ecd8be82565ec5421
+	C = 8f44e838d237508d398bd9fd22dbda75c8cd3c311c6566b5e79d20fe885566acb7eedeb90701f49eff086ad1e175d2029f80fea4ead97b
+	reseed counter = 1
+EntropyInputReseed = 29b0a7a769a37535a2e22326b0c689cf79611e420def8f3d
+AdditionalInputReseed = ff7429b698967e4cb6730eeb3ad7eac6865a6601ccd5f7d2
+** RESEED:
+	V = 3e229a2de97cd795cd85586853959153f40eb078dc541a5818524b1a6d9729f81960ea217f783c17edb2d605902bd0106d2bc2c1286e23
+	C = dc4153b0a224e521b76aef65e03874ed8dc2aee9481f542d67be30a48a4af8dcf4b8097a0029ad48a4dc735c23c3a2ca7de221e30dcbb6
+	reseed counter = 1
+AdditionalInput = a700136eb099e333becd2891ab9815c39219d906adeaedfc
+** GENERATE (FIRST CALL):
+	V = 1a63edde8ba1bcb784f047ce33ce064181d15f6224736e8580107cde134f757677019932fff2b5447e5743a9f7a9f91eff8cdb086010d4
+	C = dc4153b0a224e521b76aef65e03874ed8dc2aee9481f542d67be30a48a4af8dcf4b8097a0029ad48a4dc735c23c3a2ca7de221e30dcbb6
+	reseed counter = 2
+AdditionalInput = b182d34caa6797ac47601206e920edd3f9759473fbf8b156
+ReturnedBits = 7b88452ba483f6b305418de790f8858d3898639da7935db2f3ae352b62cbd50a26213b2556788b9305a919c2d370ae46aa8054999527d1b8765a4aa086462a310de1ce5a0ef6ff005843b665577c1e45f83066e3bfd02e7d03694b90950e35a3cf759aeb8a353326bd19a489b5b8cffa
+** GENERATE (SECOND CALL):
+	V = f6a5418f2dc6a1d93c5b373414067b2f0f940e4b6c92c2b2e7ceae9c0eeca7a10ed47004fcfe13aee4e0ccc9a8f6339fdd7c6b7a3a528e
+	C = dc4153b0a224e521b76aef65e03874ed8dc2aee9481f542d67be30a48a4af8dcf4b8097a0029ad48a4dc735c23c3a2ca7de221e30dcbb6
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 77710bfb135dfe29f471771d57e8e70e4637ce70b9e2bf47
+Nonce = 56069a6f32699fd029189003
+PersonalizationString = bb286ff69391c645ff8f02a4771ae5efd4df693d8e9fd334
+** INSTANTIATE:
+	V = 7d3faf9df2ac7c928fe99b3f9f98f814e0af629a2c728f74815cc8416a90f4a76a8c4a2467b65dbda513ee069d681c22c893c2eebc6518
+	C = 14c56290b49362f62b499f017e61c7d1ec7b28d83a947a2be1ab5eae6efbef216feca9ac3d2258706cdff58f065380646cdf2e69c286c5
+	reseed counter = 1
+EntropyInputReseed = 7ede65400e62e452db9a6ca39ec13cc5a223de50fc1fb5c3
+AdditionalInputReseed = 7029bcf0d9572bef1a29bc77f15f82e6dccf639b0517232a
+** RESEED:
+	V = 9a71af8ab3c72d7c9a3b1ba1a873cd93e1fe06b1caf2510b44f978a9fe5f34f4fdcfc783f861b194a95dc0ce1429e27e3a691c4b2dd052
+	C = 128a8194f9971d9b21172df00479f7e27ddac6fb4303c229e89ce052d914233a5665a1a43b5add9ba7b05e4d5ca02037b2e22ce3f1af4e
+	reseed counter = 1
+AdditionalInput = 1245da17aa76b793088f050aacff153f7f848e71d84b3d22
+** GENERATE (FIRST CALL):
+	V = acfc311fad5e4b17bb524991acedc5765fd8cdad0df613352d965927cc4fc9c1a6c997e9b2b495689689ac9b31b935f4471a39639d48ed
+	C = 128a8194f9971d9b21172df00479f7e27ddac6fb4303c229e89ce052d914233a5665a1a43b5add9ba7b05e4d5ca02037b2e22ce3f1af4e
+	reseed counter = 2
+AdditionalInput = 41c3c19acadd4ca660793ccbda3215fc32b0beee5d17aad9
+ReturnedBits = b07bf3e24101ee6c9dfe8ebb8868484e28732ea505f03702851d5e9ea04141a98713f1de1e4489c00e5773ca2c51c640b1fe227274db722279cf9e93d97274daf75b7de7515b83371282cfcdf2f2ff826d638824b1f905160327f17668cdd039f8bd7b4143a069c6eb195a6522ed8ba2
+** GENERATE (SECOND CALL):
+	V = bf86b2b4a6f568b2dc697781b167bd58ddb394a850f9d55f16333b0b26dc0de33ef4766f59b5796c7699f0553235e5808232c8f565c2c7
+	C = 128a8194f9971d9b21172df00479f7e27ddac6fb4303c229e89ce052d914233a5665a1a43b5add9ba7b05e4d5ca02037b2e22ce3f1af4e
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 39ecb4e8c62d3b32fa9f4e03983a6eaf3170c5179a856d86
+Nonce = d6b1274262f2ba9726d1246b
+PersonalizationString = 8f220686c4864616cfc335e10e3bfa46a5f4de9bffb4b4ca
+** INSTANTIATE:
+	V = bab77155d72ac63cb97e37b894bcddf3509d36548e7f94438135887c791df869fa8bdf8387ff85e2ad6d4beca017b76731dc8e54fddff7
+	C = 6277637ac80b59e2d08fa732e16af4cc5d94d05195daeb1d9b6b6fb5b42a17f80a4ae04b785e5ab4f4c66bb274e936a0b6386392925eb5
+	reseed counter = 1
+EntropyInputReseed = b0b27ae6979cb11e92fc8b85cc628118ce034ab8f9058c67
+AdditionalInputReseed = 78a532099948c7834807da2d1ceb62bb3e2185eb45db9036
+** RESEED:
+	V = 73b447346ba49e7a350b5a82aad643b1ce73d51ea3ac6eabdf16c9e6e2bc250b466d8480496410746cbc56aafead6fbb9b70f45336ce2a
+	C = 50339776a37ee1bac6f04e8dbbc94aaf933025a3cd7c994a0d3bc11b5bbfac6bdc4ed3b5c8ffca08b009896b0870ae443b729347c8e5e1
+	reseed counter = 1
+AdditionalInput = 63787b77f5abcae651021b74b6fac64951b4c9f94b29f8b2
+** GENERATE (FIRST CALL):
+	V = c3e7deab0f238034fbfba910669f8e6161a3fac2712907f5ec528c69fe8535287bd1daa183e92484207d29ca00247722a84c48b0ba62cb
+	C = 50339776a37ee1bac6f04e8dbbc94aaf933025a3cd7c994a0d3bc11b5bbfac6bdc4ed3b5c8ffca08b009896b0870ae443b729347c8e5e1
+	reseed counter = 2
+AdditionalInput = 8a53104115156178d48602e3d8a50b2222e38c29c3c8cb76
+ReturnedBits = ba2507a6e51f0e8ddf0acde14c9f39672b63708e5ed70b512f9b922c93d5385ab0b3efdda1ef5bfc73edc716c1d69ab0c262ddf98313511cbc2e16dd840485b97f61453d12f22298fca55b0db26a0194331724261d761c8faa07d5429c58b6411dc650048c62f3fff09dff87a563493d
+** GENERATE (SECOND CALL):
+	V = 141b7621b2a261efc2ebf79e2268d910f4d420663ea5a13ff98e4dd934fe937f99fa67cca1b55f4ea30fceaee85dc09bf65535c4bfb293
+	C = 50339776a37ee1bac6f04e8dbbc94aaf933025a3cd7c994a0d3bc11b5bbfac6bdc4ed3b5c8ffca08b009896b0870ae443b729347c8e5e1
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 9d260005673708ec1cfd09dbc9565ba26afd82dafc6d21b6
+Nonce = 9e7a897130f375ace18c7237
+PersonalizationString = 0161bc5d9d8f2f2442a6993905584ef4c4cb64a5c2688b5f
+** INSTANTIATE:
+	V = df0159a98df978206a754d055dd6eb63e6d955667ed1205485d0367543eff2dc6568afdf4e604ef94257c4f34c0b2539f237b8c0e85038
+	C = 55b7515679463fb51678116152134c579162580916e47edb1a9d5f98f50a765aceb4b02c7f323feb1510d96d910e1e463d3cc895d3f542
+	reseed counter = 1
+EntropyInputReseed = 697b24aed1cc0b80c7a184e58b6f5e43037ba3c1a565daec
+AdditionalInputReseed = 45af4e1a67c875ab7cfb45f2b0b0753157e5e83554193749
+** RESEED:
+	V = 1179c0180c448fd998df3cbec593bd64673b7620075d08833aabca55b862e64cc925c4256b92ab006ec314625df9c3a25644e66a62005c
+	C = d4d778a49995871211d000e6268230bf748bc332ea19242acef0f72e6b898a0fef025265c346c3d8278ea4d63079777ebb6b163635cc98
+	reseed counter = 1
+AdditionalInput = 8a93cc3b2d9092b94333135df0b6dc8da4c72c349c2c58fb
+** GENERATE (FIRST CALL):
+	V = e65138bca5da16ebaaaf3da4ec15ee23dbc73952f1762cae099cc1919ee79296dd7a582aaa793ec07f9d0e13740cc3e093194805bf111f
+	C = d4d778a49995871211d000e6268230bf748bc332ea19242acef0f72e6b898a0fef025265c346c3d8278ea4d63079777ebb6b163635cc98
+	reseed counter = 2
+AdditionalInput = cdb4b1b224dd48c2eded73551ed4955d9ce4edb4ff7c118b
+ReturnedBits = ed6d911c60f0db25fa187308f10a24016806cd0d7c5c4864c34160b78ce4baa7fb814766e5769c26b619f16481b2e9b2384fa6059fa63c2ef6b6983357af123cc87dc37420f824250c57fcd29290140e588e29cfc54abdd699b4a5c3360705a064f7e7bafe88c74e64cb91b4f16148b7
+** GENERATE (SECOND CALL):
+	V = bb28b1613f6f9dfdbc7f3e8b12981ee35052fc85db8f50d8d88dba6263c969c20e4643e1faf7a6a535b3823420cc498eef48c6020f398f
+	C = d4d778a49995871211d000e6268230bf748bc332ea19242acef0f72e6b898a0fef025265c346c3d8278ea4d63079777ebb6b163635cc98
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 195ec9d40c8027860bb3253b1fbcef75ee27c42473b46917
+Nonce = 1b48d29fb81f80b11fcfa5ab
+PersonalizationString = 83211f13d40ebd2d3e2363b52186477ef8ee3a7d859b2e1f
+** INSTANTIATE:
+	V = 0ebe38d326987149d66912e2b83af5a359c53fe45acb47c4223b32653a30e4fe4056516ef477d9fa23c1c997d60d7c6c9a4ecc4e758c1b
+	C = 76b50b2588a0127dd438854f69b24fd156aef1cf4d499043f0809fc17f76ba9622bd004ee0303451a1f1705d1188e5cc69a9ba7497edc3
+	reseed counter = 1
+EntropyInputReseed = 1d99fffc5ca6496c96783590632a7e4705b876ea8f50dde2
+AdditionalInputReseed = 5224a4b038ed60a5ed152ea243ac71d4056f6939559150e5
+** RESEED:
+	V = a2583ed6361daceb0b0b7013c238b7e6227c2f1d64562fa6aa1618a811de466d2c6096fbd9f3952e90005dbe72fb595f23436fe54997ff
+	C = 2a65edd9d38a4f98cc58d9fa561a97017a3c502e2a2c1fc11bc7a623a7761e4bd5e627b67fa74240c31e31e9421326665ab93b935329eb
+	reseed counter = 1
+AdditionalInput = 8e79ccd8692835c5bbd07f10803670f9602f1594cfbdc4a2
+** GENERATE (FIRST CALL):
+	V = ccbe2cb009a7fc83d7644a0e18534ee79cb87f4b8e824f67c5ddc00e44220f2a1adb1f6ac5292dff6f157aabdf992dd3f93e1cfe833ee4
+	C = 2a65edd9d38a4f98cc58d9fa561a97017a3c502e2a2c1fc11bc7a623a7761e4bd5e627b67fa74240c31e31e9421326665ab93b935329eb
+	reseed counter = 2
+AdditionalInput = 24d28afd672c518e76a556e665442c8e27f17f1ae7c03a46
+ReturnedBits = f9efd5a56af1beb66bcc002fffc1ffa8bd7c3de520dd6ebcad3c2928b8f74d2678171faf505c4d9ddb6e1603471abbf9c3937f48621f4042402a3fca4ee9e93118af3dc87678e2328d163a8b28127f3b2d1de60814689cd1be4c754443615246bd046d256de7f6dc5381442cebf847f1
+** GENERATE (SECOND CALL):
+	V = f7241a89dd324c1ca3bd24086e6de5e916f4cf79b8ae6f28e1a5673d503b182706e68a6366e9b135600214c76be3147e21b36fc090b3b6
+	C = 2a65edd9d38a4f98cc58d9fa561a97017a3c502e2a2c1fc11bc7a623a7761e4bd5e627b67fa74240c31e31e9421326665ab93b935329eb
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 561990b88f065730e52950dfed63ff91cc30b25f334fc962da383b429e238a38
+Nonce = b7c000251473e03ea2dc1fe8bfc0f75d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7a0d61493d496dbe6ca2afba097569e98f9b5f0709db256af466e3efeaa19dcd87fdc9c6421a1c58716d6401ed23df16760bafd615ae01
+	C = 00c607fd84054c141a2ef12336a0f11a9f7d8e87e111be295cee0a48df136d2ea5cf4ba0b82c694cc2f7d4ed8d0ace53a9c0cfa1b6010f
+	reseed counter = 1
+EntropyInputReseed = 294cc1e6cec4eaf93e55dff324975f018f4d47308083c001e6298b5ea269e8c9
+AdditionalInputReseed = 
+** RESEED:
+	V = 40766215d31957e7397279593f7cf6a12dd1c8ecf16990da173670cfe9dd54a22d9d493c1d6e85e98f54e58754217807204c5458ca3110
+	C = 2d32047cc8dd082796e1951387695c6c49fb551fafa3120b6a806db05d460d6d13ac0024fd62337ec94b1ad87be9a7d738ebdfffff578b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6da866929bf6600ed0540e6cc6e6530d77cd1e0ca10ca3255206b75398fab3cb8cef5e6eb048859f22509972a8acf91a74661c40db5cfd
+	C = 2d32047cc8dd082796e1951387695c6c49fb551fafa3120b6a806db05d460d6d13ac0024fd62337ec94b1ad87be9a7d738ebdfffff578b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fa422720ebc7ba86836c376c2485bc19302febb339e2688eb1f95efc6f8db3d2d72c4e6827b750c8ee6d73b28304d6103fbf85edd16a78840536311a4feb6b5377443013f465f17f664ad4d099279135ea10d0f21e42ee57254ced1e95231d67e19fb00d8631975b8367c4a9247ef59e81f996b35782b206b6e9f61d9aa8a02b
+** GENERATE (SECOND CALL):
+	V = 9ada6b0f64d368366735a3804e4faf79c1c8732c50afb54c7154ffdf27b67eed5a053e929158798aaf1f20d2557990f47cec6e79d03e68
+	C = 2d32047cc8dd082796e1951387695c6c49fb551fafa3120b6a806db05d460d6d13ac0024fd62337ec94b1ad87be9a7d738ebdfffff578b
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 56575a31ea7e9a3d078c1c3804c4750c6d3bf3608fde8d44b515f1952628e49e
+Nonce = 04fa00ef160d91bfabb792ca6638cf89
+PersonalizationString = 
+** INSTANTIATE:
+	V = 505040720b192da1ba4a8e6d6df6ec7d44ac241bd3f35c68aa1c55bb4e20fed38bc79e3ff0b3a1394913305fd27cc027b570cc16937c13
+	C = 1cb54140c0dad2863a93905cd1e34993f900a38f4229e90dca1810b413f78c327cfa8a08835731eedc73a62620c7dc70a4e4847907460a
+	reseed counter = 1
+EntropyInputReseed = e28b9a0fe0d6cf1ae579bc7d406a4e05536ec11ca97cc35bc576b4024c6885c5
+AdditionalInputReseed = 
+** RESEED:
+	V = b369d14658a8ee422df93b85e37d0f5c89eafd3768f38c881bbb6134bb9f1f2716ee4a6aa5dfaa6da7f38be21e73ac7a0aec9b3cc7c869
+	C = ee5618433c136283fc14c7ea4848d3555a23f235ecd4680a6f93ce23ec25fe4d0cdf2810f30edade7db60cfe00e78e40ad063ce0e5ee3f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a1bfe98994bc50c62a0e03702bc5e2b1e40eef6d55c7f547886b658716b6188814822234592204290aa742093de342f84683eea92959f9
+	C = ee5618433c136283fc14c7ea4848d3555a23f235ecd4680a6f93ce23ec25fe4d0cdf2810f30edade7db60cfe00e78e40ad063ce0e5ee3f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 16d35ca0c89813d190913b2f7bef50a300974d3e9a08a80ef81982aa4d7a482a212436f43784bf5d77b2052a9bd066bc67841a414982394f199f0d2b9e77e41d95f4bb779fd31075bae23598354a4b6cd841dca78ac2caed895dae6e82a27f0b5fccbb32f997fcecf983d0eb2bbf96bd439686de0987912a81acf13bb7139807
+** GENERATE (SECOND CALL):
+	V = 901601ccd0cfb34a2622cb5a740eb6073e32e1a3429c5dc03b4babf425637ff24dfd4a26062ad71726e6a84dcfffc6b967ba742b4372bb
+	C = ee5618433c136283fc14c7ea4848d3555a23f235ecd4680a6f93ce23ec25fe4d0cdf2810f30edade7db60cfe00e78e40ad063ce0e5ee3f
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = b0b3bfd1162c4fd09b5cb1535a076743348d59714bf28e00440f075453a977d1
+Nonce = a87bf5a3f701a2abe809376b4069c562
+PersonalizationString = 
+** INSTANTIATE:
+	V = b6270a758a3e352e63ea072c86e86ea92ed0bbf5361537fc02b91dbaa2941980cc78761b73c0a6e920859844da8d3dfe93876cef5c29af
+	C = 23064ede36145d5594d37d3bf9f14b86d22e4a5391161d71a8e1d9b8cd1f02021b6d1c0e48029ed01566bc804c8b0db75ff7fea95c4666
+	reseed counter = 1
+EntropyInputReseed = ab102a81c6575fa3e0f5b3c2e4308a89deba50f272299260152721c3cc4397b6
+AdditionalInputReseed = 
+** RESEED:
+	V = e3502c0d4a10b09b1261bde08b4b9465ed4b7abb275f676594b324fccd658c6e0d12b5f0ec252c8877b88f75cb43383a1e763244ddd4bd
+	C = e9ff14655c4507200ffa05c56c0aa6ad323ede8844578b8a54745fe3e96ca07b9c46e6ed226be37d0cb3365bc8317b51aefad68b434c10
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cd4f4072a655b7bb225bc3a5f7563b131f8a59436bb6f3a53d88f7e26ed109a1ec1ab247c3e08367ff63f39d69f2d1950898c67fc6429b
+	C = e9ff14655c4507200ffa05c56c0aa6ad323ede8844578b8a54745fe3e96ca07b9c46e6ed226be37d0cb3365bc8317b51aefad68b434c10
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2ee98c89652818e3b2139e7e3bdde1da5b8bea94fd6e11a2af880d8190243f40b8aaf0aa5958dd77fe5ac821400671c49bd4d488e3e021b09dad1c5fc520059abd38df2ce6d8ab8135ce24696b5e02845a7ecb6e7ed90c53e4c70edfc754a743030cc6ee6c26a87c56a4acaca097d91a3d44ff15e438bdccb93159cb918b77bd
+** GENERATE (SECOND CALL):
+	V = b74e54d8029abedb3255c96b6360e1c051c937cbb00e7f6097d725f565cabdbd0350c00cc1b89e94aa06f103b116f5488584d11505a0b9
+	C = e9ff14655c4507200ffa05c56c0aa6ad323ede8844578b8a54745fe3e96ca07b9c46e6ed226be37d0cb3365bc8317b51aefad68b434c10
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 7166efe1f1503bc9ccc9a28d76d690ceb889cff7a0a9596baeabb72b607a5a36
+Nonce = 2aafc1495ecff5c0d2f51ff7ee97fb34
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6b728016f2f9679fa29227b74788d953009c830cf8243a9c83917f0ac673c1ab3f9cf1a39fdb4e21166858783b3dd278cb2e918c57df6a
+	C = 79c22cdee2947a9923347db18778bb680ca8f3a4e8f351919a52d5c48666d0afb7527f66ab7c42d37c964440763a99affd42ec05477fe2
+	reseed counter = 1
+EntropyInputReseed = 9306652837f51f5317b94a25a7cc2f7635996e44d84bd5a7da75ea717123bf08
+AdditionalInputReseed = 
+** RESEED:
+	V = 69d10b103d0885a519ca17b2b43341f73395339fb81bd883b9f34b4319de8489926095c638df16b0e3d1058b0b9362811ce4490cd7888c
+	C = cd9bb035ea1f8909550e1a24e335cdadeffa869fd027ab25ad238dbb9ac36b12a5b90f55a344555bdb9d94c080577a803c00426301d1bf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 376cbb4627280eae6ed831d797690fa5238fba3f88438483396180b6be6fc8afe7e5d842144d2ed1db1efd0953b6c683d9fdf1758988ff
+	C = cd9bb035ea1f8909550e1a24e335cdadeffa869fd027ab25ad238dbb9ac36b12a5b90f55a344555bdb9d94c080577a803c00426301d1bf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 393fe27cead6a25f24974c51ca12f45cc4a22159179ad340b5093199b981f2b788487960d9605211ec979d51d6649bf2c8d4880ea19683de24c6ba685d74081e58e40884f8150a5d2772be3204c677d5ce251465bb4153621af351251d33aeb2b904a300ae322169da57ec73a9fc7e60db646e583f1d41f1f2920f6dca5870c3
+** GENERATE (SECOND CALL):
+	V = 05086b7c114797b7c3e64bfc7a9edd53138a40df586b30465928d0e43f8373bc2eac8ae6693044c76a89eb195b5dc3e95b5ca530b6417b
+	C = cd9bb035ea1f8909550e1a24e335cdadeffa869fd027ab25ad238dbb9ac36b12a5b90f55a344555bdb9d94c080577a803c00426301d1bf
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 828995071f29c65f68c4406afdc2490417a124ac5048232e878ccbc92f9a2929
+Nonce = fc42e40284a90eb50353fd74ca1d73eb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3129a65a746b055e9712bfb9829c4f318ae4d7a11021b0214977058c6444908c53a45e3981666246e6e273113e05722b341875a0f3ead7
+	C = dfd16fbc2048aab5eb35bbdf07ba9ccfdb4f6c72455014c60f9327d40ca0b890d9a21f9e34f1cfad7a413325aac79131e5d0205f28e213
+	reseed counter = 1
+EntropyInputReseed = 9f2d795b7aabf34b05f822b1b026dd6cb6443eac99afc76ec447f3e4d7e61449
+AdditionalInputReseed = 
+** RESEED:
+	V = 8e8042aa09c0bc0c1d2dd6947956bb8e3b40e4e7c0a495055020b1192874407604d925afe881e81f0b67e7790295aa28c16bb0cdc0aa07
+	C = 90aebdf4cdca07f0d9dbdee101aa4e3515c4be8ecda26ae2027ee01713d144cd3adfd7681a571f3a7aa52855baaed0f35d90ab3ed015f2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1f2f009ed78ac3fcf709b5757b0109c35105a3768e4700118b881194af5a9f7f85f0a748b7f4a94d657c504cabd794f40ac449835762dc
+	C = 90aebdf4cdca07f0d9dbdee101aa4e3515c4be8ecda26ae2027ee01713d144cd3adfd7681a571f3a7aa52855baaed0f35d90ab3ed015f2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d7709a70c4081f7ad34e3d5b5eea17f4abfe7fb9941f6cb4bc330f9a9056cbdfd57dec01f310acdbc454a5221f77eb59c3fa103c304aaa0c01e55539e763d800eda6bd5b1ed0b057a4be235b083a1f3832506336820542ebbfa6bd4998801fe8bf3c6378373cf7f8c5d5b35d15b41647d870aa4d75d88bfae309ffa9d64db442
+** GENERATE (SECOND CALL):
+	V = afddbe93a554cbedd0e594567cab57f866ca62055be96b52152f9c7ff58e02675a475bb0890007140db4e95a1b122460bb006ebd1cc0af
+	C = 90aebdf4cdca07f0d9dbdee101aa4e3515c4be8ecda26ae2027ee01713d144cd3adfd7681a571f3a7aa52855baaed0f35d90ab3ed015f2
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 0a4ff37179ac0850feccd07b235599b35274b2c0e8173956ef524923be41a31f
+Nonce = debefda38587c15b8cb79b970a9bb1b1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2896e5d6fbc3c3136bae848e112fcb5fe4e56adc286b3702484b8462c32df99b84c7d86e4d5f5a8f41edcab56cb0908f42970c28896507
+	C = 9c1d6437df55a88fd360a9bbae3a733d1c37e8052274c57810e799e1c768d7a311067f54963583c11b51e48c9601ae37958023639d80a0
+	reseed counter = 1
+EntropyInputReseed = b1ea0046dc9dc332ea7a76c5ba48cb15d267c9c52552c0ed69ccc756a004736a
+AdditionalInputReseed = 
+** RESEED:
+	V = aaadba82dd24a5cc5b8c65a9aab180faff0a7fbfd8787bb1b59913de62a8e907dd5afa022424c6bedf82913d10796a2d79a7e4b8e248e9
+	C = fcd250b0b0640be7e9623a82065ff0b3c7d96dded4457c334959af1a7419fed31833ff5cde8a0b2c0c4d4f0f71ee662ab8cc28c2a2ad30
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a7800b338d88b1b444eea02bb11171aec6e3ed9eacbdf8bf33098ecc94c073ab07dfc069f5c9a7033b0ca31d83a71a91aa237b30ead03e
+	C = fcd250b0b0640be7e9623a82065ff0b3c7d96dded4457c334959af1a7419fed31833ff5cde8a0b2c0c4d4f0f71ee662ab8cc28c2a2ad30
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5e06e5e232d53566ea35145a44ae426295f3ba1995669ba00e337ef0e3cd8d4ae6cf919299e293e34d19c01eb46cb1b8f7f11522687c9db5ba4fb103fafae86d357e57b77262626ce17d56fd909522e605a999e2e48a6ae687c367363f22f5a23c814fb41c86e2d4f91e77899de6ebca387a82a7e8e1148eebe6a1f4e6966f8a
+** GENERATE (SECOND CALL):
+	V = a4525be43decbd9c2e50daadb77162628ebd5b7d81037518dd194ef1b9465dbbe7e5b3881443b4b1219ed2fe59b521fb6b2f0e7cb2fc49
+	C = fcd250b0b0640be7e9623a82065ff0b3c7d96dded4457c334959af1a7419fed31833ff5cde8a0b2c0c4d4f0f71ee662ab8cc28c2a2ad30
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 8dd97496f25999ae1e7b74e0a4d79bcfdc2404518a1796c82e42c028d3aea154
+Nonce = 9c68bd602298ba109a27f29c2b1d8cae
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5bd80097b5596931980ca9921c85d96fb20b376a77cc81322dbc025d490c9dc76bc8cae0bdc599fd636b2d8c94084a400078812bb5d365
+	C = fb5cbc5dfb26ddf3b0d6b837986a124c12b195bc011168b834f437b07e881790b03e386172484bc7bd9029bc96f92332637ed61a125e0a
+	reseed counter = 1
+EntropyInputReseed = a039cb96a2a0bb1a6858f366641e9afec8b248ee2355c4bf7ee227695b1a911f
+AdditionalInputReseed = 
+** RESEED:
+	V = ca7432842318562364d5b9937e766a04359be2f6efd4c0656b29f0553960bb0ed13e07553ac898d091aff84cc4bdd67e0ba5870e3ada7c
+	C = fbaa37e1f1bd2ed5207b3a47ec88b0fb80a925b5e0188c36751e30be0d6d62a8fa2630f0a9860a8df3dd102dd611be8e9f7b049fb1b72b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c61e6a6614d584f88550f3db6aff1affb64508accfed4d22289a6b1c48d90c38a3d1073c86ea5166a187487408ca1f966ad8c6c5246b20
+	C = fbaa37e1f1bd2ed5207b3a47ec88b0fb80a925b5e0188c36751e30be0d6d62a8fa2630f0a9860a8df3dd102dd611be8e9f7b049fb1b72b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6dae18185ee2d53038c36fc5d629e6ab2c8b1dceb957fed33f6dcb8a410b16d97f899ee9a38e96b286f2ae05ea6aeca20c48e683642a339248c2a603179adb9a47e1da759f62eb66570a2a39ae2ec1497318a771a813f7c246d21178dfbc7b5ce0d1dc4fdee34ee5aa3d5968892f23f7b020d4024a678bf860e7bf22bb941920
+** GENERATE (SECOND CALL):
+	V = c1c8a2480692b3cda5cc2e235787cbfb36ee2e62b005d9aeddb942ff1bf8bae38511d5a5c50c0b96730eca803c7192687e9505a04730a2
+	C = fbaa37e1f1bd2ed5207b3a47ec88b0fb80a925b5e0188c36751e30be0d6d62a8fa2630f0a9860a8df3dd102dd611be8e9f7b049fb1b72b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 3a91c006102640bff0784d38d7d0f4f6ad640a23b9b163f1540a25569b812347
+Nonce = 4a9c2b771708fc04ff65d4130029ee7f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2b52336cb1d83f495424fc09657a716a452c5ef05c8de34137c85bbf19d797721ac3fb702db394f0a7d6640cbb0a2b336b043dce75bf4a
+	C = 3f6ca3d29c86068bd099fa27e0278ed714e88bdc01c20661f6f807e3d16a73ec3ef8a2f348d08f821b5fa801ad77cdce141f924347b7c6
+	reseed counter = 1
+EntropyInputReseed = 56246dbf6d03ba82d7f139f72a970b19a789219314b77fa07882a806a3be0446
+AdditionalInputReseed = 
+** RESEED:
+	V = 1bf0b3ca6524fcc19418286ff317bcba5af3d651d02e6fcbf14746ba2a5193126c9c1b91a9bd9a9f6ff0df2d5a834bee36824339c5dbe7
+	C = fd39205b2c71710bce804e6dddd7597348e1703cea1ef131c44c32ab0dcbaae1e28f4e6684158b428a372b2a149117954bb349e2d0b68c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1929d42591966dcd629876ddd0ef162da3d5468eba4d614628efb12ec2058c5980d75c101c86d8788b5dd0a2de5baadda05271c0b341e0
+	C = fd39205b2c71710bce804e6dddd7597348e1703cea1ef131c44c32ab0dcbaae1e28f4e6684158b428a372b2a149117954bb349e2d0b68c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = dc71055060ae2b6b21bba77cd598a689308c1e16713ba377d7793815880c77fcdf471316cb6d0b289d4c0725937878e83530259af8a1781e8856315df586f51d0f6d6c4081612ddc6c304a5c72932f9e799633daddc383497f1014d44ecde26a9a107119f63d5fac53e1e2e94035db282b2be8e7cb3cef59efdfa99d383d62a0
+** GENERATE (SECOND CALL):
+	V = 1662f480be07ded93118c54baec66fa0ecb6b6cba46c52e681ddc2a93748bf043c153aba2d3bcb73669a5cdd806e35f546b3d5ebab238f
+	C = fd39205b2c71710bce804e6dddd7597348e1703cea1ef131c44c32ab0dcbaae1e28f4e6684158b428a372b2a149117954bb349e2d0b68c
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1cdd354402c4d3d6ab1687ad764120de2e1327ac83a251de78f472f38b4e2976
+Nonce = 8d4994e8897e337ad1b08fff7535b31b
+PersonalizationString = 
+** INSTANTIATE:
+	V = b8ad7e7db1d03b7b069f44e42b9774e32e4dd81b5d094a67b1f6f8c04044d58db7e97824ca160f73895ae9d3a09f1895bf52a336e4e912
+	C = e6d0f826ea739f08ff02748c32282d13c383ceee25b7656aa247c5af35df456d736fd4c1f90ed77ad1095897a881c66b5ddc9e1e1ec169
+	reseed counter = 1
+EntropyInputReseed = 6789818b9650625eeb0016deaa9a80d3a121186f1661714ffe73f79c8d41711c
+AdditionalInputReseed = 
+** RESEED:
+	V = fc14fdd75b936364b153fa7ac0f1644a38edfa5a8c57d5feafd9be589d0707623a9cf076b481a25e7133780019c6ec197ba986c5ef3354
+	C = 5b05cf57b5b78e325565553b6fe4a1162e9fe6409f5b3f17fcae07aeca8477eba537d1a6ae1f46f99eb329e955fc0a06d8b744fe576280
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 571acd2f114af19706b94fb630d60560678de09b2bb315e4e15ee99e688e840177991a43b8590354bde9536f23fa9061bec0f9e962325f
+	C = 5b05cf57b5b78e325565553b6fe4a1162e9fe6409f5b3f17fcae07aeca8477eba537d1a6ae1f46f99eb329e955fc0a06d8b744fe576280
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b85b21fa539c2d16a86b72a0f85144c4a15175f4ab136f91858f6a2c9757110a42abfbe93255a3c507fe3d317ad7b9a4de80eb8e87c210bb316e75dba1bd5b390d9b98a666f732fa0213ee772b8dd958456815dd8b433b3909d518bb5929c89d3195347129c8c1d912c6bf5dcc0c3514b0155a52a7fc61dfa8d6c2d49d18c503
+** GENERATE (SECOND CALL):
+	V = b2209c86c7027fc95c1ea4f1a0baa676962dc6dbcb0e55da20f923c9794615b8dc5bcd34cb4514802863fa19842d8f82e735a886cbdc41
+	C = 5b05cf57b5b78e325565553b6fe4a1162e9fe6409f5b3f17fcae07aeca8477eba537d1a6ae1f46f99eb329e955fc0a06d8b744fe576280
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = a2bca08478e429266d13acda8d722f64375f445451f8582f8e9354bf16408b9c
+Nonce = 35f2be50018186f1dcf7a102cce3415c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1f36679fe6b1b7a61784a01fba3ab84a3e934d2d669ec839f5a39d85d5ba665612415102929ae4ae770171aceff9453b7816afbe7a3e07
+	C = 0efd71a00882e40768e7b76c96f316e589ec7446979c9c475842ffba985ae1d75c225bd8487a2d5c38df14169ba63c52d3a773cfcc5612
+	reseed counter = 1
+EntropyInputReseed = c747747305fd69bbe69599cee283dc7f762e22898f3e6e9113c2f3d43b2706b6
+AdditionalInputReseed = 
+** RESEED:
+	V = df2f09139393de42f9a6e6ce2cbfead0922149f68307d5c9bf1bcf42b144887dfc498995ce4c1c3bfb2bf631c9be2109958c1f4a40af06
+	C = 3f910be70819efb084e55d2244f5a9c67ce5fa5e58053cbb9898b86ecf4b9eb26ef54034c5d66da3f46c30a2072ede071891b370d34ccc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1ec014fa9badcdf37e8c43f071b594970f074454db0d132e4b07d66e0e7f563a034e6e2ecdae3cb4dcad35907f161b2421f1182c58cedd
+	C = 3f910be70819efb084e55d2244f5a9c67ce5fa5e58053cbb9898b86ecf4b9eb26ef54034c5d66da3f46c30a2072ede071891b370d34ccc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4fe67de4629cb541c99744c7cf366c85e45eb0e1a5f28f9ed8a4f3adae2aba265892e375f38828216018cad4affbe40ac590bc2ab16b537e907743efc80f5da6893add2d5e4596a7b69e9ace79c4edcbdaefd95c16d8d67dba157d59f12356d52af5a0d4b56f8e521339654b63f2383a6b38ea96a0f761f7856627c6cd97cc40
+** GENERATE (SECOND CALL):
+	V = 5e5120e1a3c7bda40371a112b6ab3e5d8bed3eb3331250a316cb5afe8808c83377be0fae05c26916bb593b595dc7e8dcf68a705ceb02d0
+	C = 3f910be70819efb084e55d2244f5a9c67ce5fa5e58053cbb9898b86ecf4b9eb26ef54034c5d66da3f46c30a2072ede071891b370d34ccc
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 0c64bac50416301cb1ccafd98e0fccbddee4628e6f1866e76f26125ba6fef354
+Nonce = 2ff1e39ff881ef747728cae9542fa262
+PersonalizationString = 
+** INSTANTIATE:
+	V = 882dafefa5987448d472735745adf2fbbe5cf183f4a0aac73eecdaa1d00d7f73828bf48a2d1253546f2bb8cf20d476a6e22cf5fef57a37
+	C = 79deefeec1789995190c44da97ddf8c5543fc3aa83eed2f48e14c7bed9faed916e030f661569b125292cc4b4adcd784aedabea9e894046
+	reseed counter = 1
+EntropyInputReseed = 363d02e334f145c0802acefb015845a16aee3a246989381fbe4bc6723f2ca837
+AdditionalInputReseed = 
+** RESEED:
+	V = 76af58ca50e760b8527af9e043c430d3fe35ee6a9f7a3cfa2da3639937f4574d78794f1f8a9dbc5550874a4f561d78b7f5ef7a8953450b
+	C = a671869aee9630a409e3dd4d42d74a5c524f45e025e90e93e8a9f584452ba56a8dfb8906b3bb47b270e67c5e4ed696697264367935c9c5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1d20df653f7d915c5c5ed72d869b7b305085344ac5634bf8483dcb907d010f2efe9fcfcbe97b8e51f951a8b926f5fd44d3dc636858b081
+	C = a671869aee9630a409e3dd4d42d74a5c524f45e025e90e93e8a9f584452ba56a8dfb8906b3bb47b270e67c5e4ed696697264367935c9c5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 84b5a5e327017a275b871e671a172725fd7d9ab0f42d59cec93563f1bf84563e5638bc36ed3cf0e54e8f5b63dcb9fe03076fc2d081e57883f38150d287fbe3c75814ff755f0abaac4bb5c5f3ea4191c6f4cab72749e37dd9c0ba99b282d965df494ac0f7be6a8fd5670a9101e443c024c61c035c470f67670c729d23f28442d6
+** GENERATE (SECOND CALL):
+	V = c39266002e13c2006642b47ac972c58ca2d47a2aeb4c5b69986d06c10a135e665521dd95578edb309b1c4bb091a152c09574330d3f4e0c
+	C = a671869aee9630a409e3dd4d42d74a5c524f45e025e90e93e8a9f584452ba56a8dfb8906b3bb47b270e67c5e4ed696697264367935c9c5
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = f9f5eca9658f81dbbb2874524ee6b91c0013c6badfdf5341c78544e89acc7db1
+Nonce = aeef9144e46cedffb3927e029362b39a
+PersonalizationString = 
+** INSTANTIATE:
+	V = b793bef4fa122e02d401fd1f88ce411060222c56e8c152ac227d0eac1af35a7a5779150326143a87f17071ccad86226d9e49d24e2cee93
+	C = 016f0b821e8879d96c7f44be4ee9ad2bb8af239649151d8362934eaf5332958d348b795572e98f1db5f90987ab82ef82b399389f164125
+	reseed counter = 1
+EntropyInputReseed = 7b01ba5a2293569839d32f3a6e28390beea8e6695c873279464419a6a1fc01b7
+AdditionalInputReseed = 
+** RESEED:
+	V = f36edce070834659b40ff5626b8760483dd64bbcaa243a1e7fdc1cda409c710940fb3d24fc8355c034d42ca9cf24a580b2a616848431ba
+	C = cdc2391c304f0b17fd249700f13a652b0677821d90f5d408371640241847e9ba06901e7e6baaedc069caf794d87eb46d6a40263992c7e9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c13115fca0d25171b1348c635cc1c573444dcdda3b1a0ec2baee77a3cb812f9ba297e9230426f05b2689f38ceadf955eb9d7dd7d348911
+	C = cdc2391c304f0b17fd249700f13a652b0677821d90f5d408371640241847e9ba06901e7e6baaedc069caf794d87eb46d6a40263992c7e9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5851f3285d61ea9d9e4ef9596e0b1a641fae062fc23f0080e6d58197662ca65ccc37021c6e54e57785173ff240e940ea07b0f816a19be028230c86dccd5c9c545fb3e5b3e0276ce2623cfe03b92b76fe53495b50af5b17dc1f9e7a5211c0e63bce746125c9f18e78dfa1f7f821fdb94b4136191fce7b31b1ad813534ec3c580f
+** GENERATE (SECOND CALL):
+	V = 8ef34f18d1215c89ae5923644dfc2a9e4ac54ff7cc0fe33a041ea94406e544965ee9533f4cbc95a4febe34e39ae6af1644c80554e94470
+	C = cdc2391c304f0b17fd249700f13a652b0677821d90f5d408371640241847e9ba06901e7e6baaedc069caf794d87eb46d6a40263992c7e9
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = ec509fc2e2ae64468d7676b84237df81e73552928751c529f0c813248d191b7a
+Nonce = 476c92b012420aa93e57d7021d72553c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 86ab8954fb2b96e7a6fb3c4bf7a061da0e9a3df45471bcc676e73ce298a2b144ef87e5acb95e44b3935d90a1e84d6b6772f492a368ca5d
+	C = ae8ab0c6844ab411e2fd696d978b14f8878f6bd044c314c5d04a9a9d02587b49d0c228af7401c9a1f893243092d8945c0e89f0b1476142
+	reseed counter = 1
+EntropyInputReseed = 0bb699e84e141f0cc1ebea75aa70fa01e5c144785ef2cf2ad5ce348ad6fe0d0a
+AdditionalInputReseed = 
+** RESEED:
+	V = fb29eae8dba8e2d276aec6a1f4eff89b1e4b3f7e737eeb5b2e9e56b5ab5292a1d458af8129a6f55ade48303ce0ef8c435c2f1ec7a2bd82
+	C = 180dc0860f662e84ec844e03292c7009c80b64843231773eefaee69ec73792b715250fa4452180431ec1245ed6ff7ce6b76f9c049640f3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1337ab6eeb0f1157633314a51e1c68a4e656a402a5b062b388e6166c4c4b7a2d1c754b3f8ae41c243900237f33071d76ab9c86f3eaac91
+	C = 180dc0860f662e84ec844e03292c7009c80b64843231773eefaee69ec73792b715250fa4452180431ec1245ed6ff7ce6b76f9c049640f3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5fbe6554e6b59bc022ce869e09ea6534dd1b5f88f379f2895fba82800e7ec63c7ecc9f19b667af359982cc5fc683d7be7b7a724e1c4d42e9847d8e228a2062afd91cff99ff39ad5298306d41a1d10f87e84785dfb5efbb4020281f229ad5790b97f3d8f58074e7f3feb7a8a305f97310439bde4ccc478214c11688253d5033c9
+** GENERATE (SECOND CALL):
+	V = 2b456bf4fa753fdc4fb762a84748d8aeae620886d7e1da0324b41002b3812839022e7d0e152922f29105d98de24959c6d83dbb6a782876
+	C = 180dc0860f662e84ec844e03292c7009c80b64843231773eefaee69ec73792b715250fa4452180431ec1245ed6ff7ce6b76f9c049640f3
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 6863b79692e71cf79c4dc9990335db39b9402ca505e4127ebe62c2f12c718c14
+Nonce = e12e75a2fcf555b618ae8b589dc5e4b4
+PersonalizationString = 
+** INSTANTIATE:
+	V = ea0ed7d6fc5b8dfa5d5a19962460bc1a42ce72576240384dcf891fe8f001fecad57d2223f29d0ad0fb9a3dfba6325bf421b7c6c7ae26d2
+	C = d84e1dfa56b1edacb36f54c6db4add134d36f88fbecffb690a0057aec6e1f5e817e638edeeb714448e52bc8f29a5fba5ad7e9426aaa0b2
+	reseed counter = 1
+EntropyInputReseed = 83e01e2a868c87bc238624b03f05862f5df4c3c3db25af60e6eae3f6b07b19f9
+AdditionalInputReseed = 
+** RESEED:
+	V = 1ae7f0f64291a0c5cdb9ca252e650b86e4881c9bb957fa20a64baeec15ec3f5700211a942e795b3a3039fa0f0d04166e72a5370dee71c9
+	C = ae1e95e1e2961e36eac0397770e7227ecaf0e786c0a00863cc3d541968d46ed85c512b79721c114feefefcbb16cca0986c678ff8728f37
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c90686d82527befcb87a039c9f4c2e05af79042279f8036cd50a9e2bd952c016fcdcb8a0e0dc949b535716ec92ebe325e70ef0a46fcb67
+	C = ae1e95e1e2961e36eac0397770e7227ecaf0e786c0a00863cc3d541968d46ed85c512b79721c114feefefcbb16cca0986c678ff8728f37
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6518539f59fd3c0ef60a11b2cb265a7f3df16a746b34c4811f363a1c1c1f006f835c43884179ba9d1e36ea93bc45ec1368fa3a9d2ec85db66aec5740b8d79cb8b028336b59386282cf818e7aaecaecfedd46fcc30dc1147e7f09e026b780b8a1210d0d59260ce2dd3c2c29e17fc9212af1a4ea497eb4172306fd71d0c54fd2e7
+** GENERATE (SECOND CALL):
+	V = 77251cba07bddd33a33a3d14103350847a69eba93a980bf91456a16ff445e92ced600165235e4d73ac86ced04c78010d021390bbb9c083
+	C = ae1e95e1e2961e36eac0397770e7227ecaf0e786c0a00863cc3d541968d46ed85c512b79721c114feefefcbb16cca0986c678ff8728f37
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 3bb727d0e6ef1e2db61581ef75bc101b3ba854aaefdf2f9ac39526668ec9474d
+Nonce = ab89cf7e251158bd4a597cf47bee4530
+PersonalizationString = 
+** INSTANTIATE:
+	V = c6459b22d750ca161c52df91b917fd8e71240c0884616465b9d6a6879489909b2dcebff91599fea694aef121b67d23703b5a25558da669
+	C = 08acf75a5ca532922f3eafa1769959a344c428b6a6081421ab303cbea871590459d6d2e57daba4904ff9d188309f118134e60908cba4ce
+	reseed counter = 1
+EntropyInputReseed = 7cc4090115cf78fafacb4405f727a98e2e840bde6a4f8cd08cb038d22cf229f1
+AdditionalInputReseed = 
+** RESEED:
+	V = 743232e612ba7af433b1ba553cfa22b7ede650c16bd2f8cfb94feaf05507e0fbd3f9971d5a04cefe0c78050583ec10967e4098718b9dcb
+	C = 9364ebcfab3bd4d30990176374a479bca0fbb11bf4f5b8f0a112c8ffb0204b3f62ce2bcd95970b7947aad7cd62ff68d1410628932ce365
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 07971eb5bdf64fc73d41d1b8b19e9c748ee201dd60c8b1fb34157bb2a5b32fda6fa56eea9a877de0eddfe2a128d661cd72c79625c4a9b0
+	C = 9364ebcfab3bd4d30990176374a479bca0fbb11bf4f5b8f0a112c8ffb0204b3f62ce2bcd95970b7947aad7cd62ff68d1410628932ce365
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 774e2ea99dccda60ab2fe72d756459c613480a09ea9de0cd592266aafc70f90fddf477fa7c2b91b689682694fc6910d23487cf3bb53e046a71ecd6ffdce24f8efe3641401c975a21bef892eec5c967f6bed27a2dac8e9d03b223e0008583f0e8b9df2018311b09c640bbf9887f842590803ba203b58e494cda7c60beb6c6ae02
+** GENERATE (SECOND CALL):
+	V = 9afc0a856932249a46d1e91c264316312fddb2f955be6b28986250e0a8db77caca224d70c24c21b5de5ed1d348711128190113e359a78b
+	C = 9364ebcfab3bd4d30990176374a479bca0fbb11bf4f5b8f0a112c8ffb0204b3f62ce2bcd95970b7947aad7cd62ff68d1410628932ce365
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 64af5c3eb7222d00484dd3203c09bdd4345120dd2d68c5ed1f073fdc45f35320
+Nonce = b337103a5a3eb8e4ac9460fbc44dc5b8
+PersonalizationString = 
+** INSTANTIATE:
+	V = b737e5c2fdfd723cef9f65b828aa19b0b7ce02dd3f5a823e91860fbbf1d8d9309331f86b58f5128f8e3aafb42db3f91218a93b6eb5f1fb
+	C = 10ef83856ddff9aeab33f22bbcf4770505776f64c4229176f40f5383b0880cf689a159081be6d1cd41f32e6df02993a1a382c6ae3eb976
+	reseed counter = 1
+EntropyInputReseed = 41b0f0f24d914f2b0688bd1edc7928efad8d9d663e95028a6cd859457e057822
+AdditionalInputReseed = 61982caa36be9694b3c05fa18df3b859f2130bf775e023be4dc9698fcb27ecbe
+** RESEED:
+	V = e54738dcaada67bee4f1874c933bcd7f1671f0ec7c40be1e841b60ede43092d3914455fb739bcb1043adf051d7631e0ac55ad69d8ccad4
+	C = f48b3208c34c1b3beaa3ba03acb095c2cc4a618cddfa488a3b414206c37c8d86a992425dd5f052b2a15f7c7a889a87b4f732c050bbd6ae
+	reseed counter = 1
+AdditionalInput = bc696bbefdcc8bb62488418695908b60da8918e9bc6db9e0a8fb90481341ba67
+** GENERATE (FIRST CALL):
+	V = d9d26ae56e2682facf9541503fec6341e2bc52795a3b077b35dc00e9846f6ddd341257152ba4db5606dac8ca1fe50903b206f91e684799
+	C = f48b3208c34c1b3beaa3ba03acb095c2cc4a618cddfa488a3b414206c37c8d86a992425dd5f052b2a15f7c7a889a87b4f732c050bbd6ae
+	reseed counter = 2
+AdditionalInput = 023955f0f82f071012034b86a122c12d7774b8318e01de6f5f27a25346738969
+ReturnedBits = 2a69fe7fcc6e2fd7d63f272de821d2ff81b04a1907c07597e4e130ac9e05f4be621140c5a1f2f9c3d1ea992a1d54f466033ecb786538d3722807f11ecd158b9f54c8daef9c0f60f306144309025330be8b4edbff5e5cf0ec7b3cbb5e1cfd6d726ab4fbc6a596ea91aef91e55f9345e9dc0e72843299dcf861c3e857bf29eed3f
+** GENERATE (SECOND CALL):
+	V = ce5d9cee31729e36ba38fb53ec9cf904af06b406383550e676d7ce9bc8b0ad0d0f5ca2cf3426f54fa8f03e93ed3892b8c252075a2e0b36
+	C = f48b3208c34c1b3beaa3ba03acb095c2cc4a618cddfa488a3b414206c37c8d86a992425dd5f052b2a15f7c7a889a87b4f732c050bbd6ae
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 60dff05d77e9418be59839b3084bad17fb6a15db5a23faf4d32161766dd53a37
+Nonce = 65f8f89a010cdb784efb91de88f8d9c0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 18a5f7f218d53f132b7a44a294d7b17b30b590df6caef706a752575a5c081bd8362017db7717bf8c9e229ff39b8fdf6c83299e6308f7fc
+	C = aea6299b9ffdd7e1f82770facbbad438961981633f6f51b66980aee43a40c2b5e09709dabc744adaee19b89021ddb74a57da964d462cfe
+	reseed counter = 1
+EntropyInputReseed = cc94c0c1c04b7a7c81e39e7c118001e281b61945908345fbf94c9962bee121c7
+AdditionalInputReseed = 609f67b86c5f8d267c084dd482e0cb2ef3c02554983bba677a5c0ce3bc889877
+** RESEED:
+	V = f631c74a496c4fc6160959bc8f9b267b1133d2059e3cd7b3ff33dbb2c51960c7cfbc2093d47da4a4efd1ee0b1d2de449e7061a2516f72f
+	C = 31e7e43727ae55e24f7fc65bd6bb0a53e8fb7c4e2e2ec76b2826a7a7d2792563034a923ee8a3fa1dd776909d54a3c1d9b66f1925720a74
+	reseed counter = 1
+AdditionalInput = 9eab7d6c57928676928e70172c41887f5ab170260a024883898127d6db3cb91f
+** GENERATE (FIRST CALL):
+	V = 2819ab81711aa5a865892018665630cefa2f4e53cc6b9f6e946991bd7ffd89ff45b692802e0848ee705201a5879d323622c5fde8b10ab2
+	C = 31e7e43727ae55e24f7fc65bd6bb0a53e8fb7c4e2e2ec76b2826a7a7d2792563034a923ee8a3fa1dd776909d54a3c1d9b66f1925720a74
+	reseed counter = 2
+AdditionalInput = a1918aa64d985b59f62d6520a51b553395da6d8036edfd58927a0e73e89b82da
+ReturnedBits = adc36223c60053343f8bc226fdcb6507d1a058410800dbfcd0b20bc7212d4c01507472ff92fbc1faa7465992d9d208ff5c3e512ab790873423f47779d061f7a9b21c3771a7d86d7e79387c8a4e10188fe8bf64cb55cf7943edf22f3012f64f88dd06c2e50b6e6ab8cdb1bc2cce9ebed97327ad9729d09ed147b0501ba81a3930
+** GENERATE (SECOND CALL):
+	V = 5a018fb898c8fb8ab508e6743d113b22e32acaa1fa9a67513442528c03874e7d92cdfc501d6ddec8a1cff2d07c7a748298a3b43dc20d1d
+	C = 31e7e43727ae55e24f7fc65bd6bb0a53e8fb7c4e2e2ec76b2826a7a7d2792563034a923ee8a3fa1dd776909d54a3c1d9b66f1925720a74
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 9e538a66bb1e1cab88bdc5a5cb2d6bf72fd0571f4c7f104ecbf6e1c2b4ac43e0
+Nonce = c5624ec3c5b2c1287620f35cfc75a448
+PersonalizationString = 
+** INSTANTIATE:
+	V = edad126537a515651aa42ca150e79cb32ddf61f491e8893387c6ab5da4d1f690018765154832b19750f16e9ec175402af9cc6cecf93e08
+	C = a8981d3fc1bfd85ea6834feda94d8e1d3886f36d84b5387b7841814ec488c305a96a5372cbc171f066aeb08a96142e71d632bfb5660f75
+	reseed counter = 1
+EntropyInputReseed = 377692c2b986b12b092690fe5d6d886430b4b32621ded6fe4fe85a917cd51b09
+AdditionalInputReseed = 79a1bf12ed855724eb61b011f2bfb346cfeccfc1226d7ad0498a181dcdcdf33f
+** RESEED:
+	V = e245fbe00ab53f9021e17353562ce2087e09e291d5735031247c10e7b9ae873b210d159fbb76527a70bd8352252c544344f33913cac10a
+	C = afb5a863738a7386cb6ddee4e9975c4d3ab705477f7e6e76a82922ce6b6c6aebf147d34e67fabd40e055517efbaa7155ddc556c45be01d
+	reseed counter = 1
+AdditionalInput = e3a4e8f8db698c703307c671c17f4287eb9ccdb376fc0a2d0882eeb0e8916825
+** GENERATE (FIRST CALL):
+	V = 91fba4437e3fb316ed4f52383fc43e55b8c0e7d954f1bff44f1abe512d18d7b72e97d325ca677360b5645ab3f0b73b9a6674552c336e6d
+	C = afb5a863738a7386cb6ddee4e9975c4d3ab705477f7e6e76a82922ce6b6c6aebf147d34e67fabd40e055517efbaa7155ddc556c45be01d
+	reseed counter = 2
+AdditionalInput = 1a8c420abbc2e2b84f99602f7e96951f0f0f4a56d33f628f9e9dbf4d0ea73206
+ReturnedBits = 1e32da5ee66876a94c6a7e1d895967b6da8bfc0839883891a6400e46847eed407773af29276a47f387346b140ac84e77570376f782dfdeb6458fa875480ce9405160486c400a32c03bd93291d6b2e171e03445f380b01ed006477b792e1a6369cfc3ea1e5aa3b619badae18e2fc76921d86cbbdabb610be03abdcac0421614fd
+** GENERATE (SECOND CALL):
+	V = 41b14ca6f1ca269db8bd311d295b9aa2f377ed20d4702f6ede02b1d7e76babd82df891e5116e3d37348db3e9812f00c285c3a4ffb039b7
+	C = afb5a863738a7386cb6ddee4e9975c4d3ab705477f7e6e76a82922ce6b6c6aebf147d34e67fabd40e055517efbaa7155ddc556c45be01d
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 037fecc968de34bcb369e9ec6cd58d0e1111d14e69dff6509c6ab74716e9a026
+Nonce = 76eb9573a01848038e7132931c3c88ef
+PersonalizationString = 
+** INSTANTIATE:
+	V = d6ed414315763447a446cb12df0ed2689adcb4ecac41b9b8f16f49ba2526fe0746851c26a8d577ac190bc9f7daecff46ec368a16161164
+	C = 95fc74860bc35e2a3e2e74751e2d69050597255261b5e76f064abcee9ed5965a276ddfd91368f772805f510a6e3df3542ef2a695fef892
+	reseed counter = 1
+EntropyInputReseed = 792941a0ccd46b63a03e0f5d0bcfc3637c352770480d1b9bcdf7f29e879ffb6f
+AdditionalInputReseed = bfa3efbbe27640e4945c3bf274b3a6426c5591eeec708a509e1c47af4b71d0f9
+** RESEED:
+	V = 7d6aed789600847975a8e1eb0c7e0ea1c2fb01797be97ba579b6016710d665bc31221917720a0726aaeeb38224841b81f217490ee8a2e9
+	C = 982b60743cc8d1b11c6d61fa6e37515d2faa48258105b7abc0d49c1e80cb9c522e416e784823d3eda0971257c403b811787acc76443812
+	reseed counter = 1
+AdditionalInput = 184fa46017ee0b759dd76462c304ba3451d29f9625627703e25b3c0a9110ded5
+** GENERATE (FIRST CALL):
+	V = 15964decd2c9562a921643e57ab55ffef2a5499efcef349255e8617545feef2164e221996b3d45693ecb3376eddd0d5026be4c43f9c656
+	C = 982b60743cc8d1b11c6d61fa6e37515d2faa48258105b7abc0d49c1e80cb9c522e416e784823d3eda0971257c403b811787acc76443812
+	reseed counter = 2
+AdditionalInput = f5b7d8ee5fbe3787ae0380f153da4e239ee6296febda15d9bf596199eb1df202
+ReturnedBits = 2385a2e96e7984221997b396f52d9230a3cdd09a642225976766c669eb4a5348c5bc29e2365ee2d9c1e9ef339a7ac288da20ec026d74604361bbe250f18e5c5f0193e604e8a2e349ca8766380d423c403ef41162e469eb42b75b0e43e9e5965e3d3473dcb86f02a494bfc34061ad6e282a44ac71b23e95de976d436f4c956dac
+** GENERATE (SECOND CALL):
+	V = adc1ae610f9227dbae83a5dfe8ecb15c224f91c47df4eda38348ed699e751ee3983b838331f0faa61185ccb6b2ea523887288eb93795a9
+	C = 982b60743cc8d1b11c6d61fa6e37515d2faa48258105b7abc0d49c1e80cb9c522e416e784823d3eda0971257c403b811787acc76443812
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 9a073f4d56d07370650f1fb8ac472decab88cb3f27d728e76fbefd9f29bfce2a
+Nonce = 975b59cc9723b25b856c1f9c79e76ca2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 52b66cc6e4e770adde0fe26b1f7ff3e61f4cdf1c9e3488c28417d615c3c3deca71c1fe9ba879219e787a4e8d252d7e5778622ae999e922
+	C = 509cce57eed3a93a900612589ff8e8d16a27e708c2e29ed553d165c9f7cf56a494aa454149cc2820b18cc008dd9e19f90edf4bf6188e95
+	reseed counter = 1
+EntropyInputReseed = 46e5a9ddcfa9b4c1b61531786bd99b44c19b770ca9f28316089f33d6afdb13b0
+AdditionalInputReseed = ae01a36eddfa7832c532c04c0a7da692db6d5fb75d841b09626747cef22a8821
+** RESEED:
+	V = 20591a3bf5a776338d2299731c88f01fa49424b01f0b5edd9b90b00d9316d10e248a194d818433c9f0c9ba6f7d58a43ecc1541faf7a411
+	C = 88b1cb34da6862d4bcf91b49f1996431f4800443296fd0b8b652228ba5f85200df587ee13c5265e17a1c85c7f05c04f1c17e42b1a16ada
+	reseed counter = 1
+AdditionalInput = 5bc8ff53ffdd3f427ef43d4d5e7d272c2a58501a794e48fa567070978342a50d
+** GENERATE (FIRST CALL):
+	V = a90ae570d00fd9084a1bb4bd0e225451991428f3487b303f564796c5417b97c70b6e7c44bf6b367cea0b07ec5127d558b93927fd6b3207
+	C = 88b1cb34da6862d4bcf91b49f1996431f4800443296fd0b8b652228ba5f85200df587ee13c5265e17a1c85c7f05c04f1c17e42b1a16ada
+	reseed counter = 2
+AdditionalInput = 7cb55af2f3d03029caefa36fb6b1e5bc04a69a595a31a3c78ecf8debf8f87e98
+ReturnedBits = eadf1d0d50617aaf0ffb31497890f36540993d50999027b2754b73ebcf137476a3b51ef68437d647d6df658d9dc3cea1dad7c7c6863a7db6890ebe5688d2633d39147f6d8cc316b85695b9ae766d4b3a27dcadd443073b816363b6350d2fff3894a4df4e92519d3ed33fa34f123fcc4bc3eb3598029dd7f718a1505a128c8b21
+** GENERATE (SECOND CALL):
+	V = 31bcb0a5aa783bdd0714d006ffbbb8838d942d3671eb02e15f976b592bb3401577d74c3000314f350ff966238e582a3646517582cee72a
+	C = 88b1cb34da6862d4bcf91b49f1996431f4800443296fd0b8b652228ba5f85200df587ee13c5265e17a1c85c7f05c04f1c17e42b1a16ada
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 5d097201960905a6fcac5833eed29feba2aae5bb99869bf154ba97c8a107e5e6
+Nonce = bb34831d92c32a7cee9369bb593bcd94
+PersonalizationString = 
+** INSTANTIATE:
+	V = 755a061a957bdc45cea84c0bfc3078741ec76f16665bb37199cf84aa6f2cbf99c092beed0831b34a3ba0927548b5d56a3136f589fcfe40
+	C = 8a46e228f3e96564d43311ca3b9b4c1697ca0e9925d9ebf46c70bfda289528bf02091becd2de8712ef773cba7728e4c6f66fdb7dcb05c3
+	reseed counter = 1
+EntropyInputReseed = ed7975b097f14a1bff59b8390c01a7f814c754b7fa2bdb4e80ed1e59fc2cc49a
+AdditionalInputReseed = bdc86d7ac2429517989c1efecb1a42bc500e052834b6dbf239b530bdf52164ea
+** RESEED:
+	V = 707158724d87a06a584e5da214036d809ec6dd141083aab2715db1427f4b052add13a681763370b5ebcb1cd70138553fa6071d50041dbc
+	C = 70732ec1713fd23fd6f22a9d98c9663175ce4ddbdaf6a6b899f1d1cb09390c63deea0d8218d822117164099d97d6fe135beae809da1578
+	reseed counter = 1
+AdditionalInput = bf18d9e54432c28ff7f140f550ae8e7ab8cc8a9b17be0f4374eb5722bd30070b
+** GENERATE (FIRST CALL):
+	V = e0e48733bec772aa2f40883facccd3b214952aefeb7a526aecf82086da9ce79300affa872138cd64c178f6bb36f23dc8a55e9367eec840
+	C = 70732ec1713fd23fd6f22a9d98c9663175ce4ddbdaf6a6b899f1d1cb09390c63deea0d8218d822117164099d97d6fe135beae809da1578
+	reseed counter = 2
+AdditionalInput = f3311fda92a73422d6e22a352e0bf9e00831ddcf51ad46cbf028b3a772c66fb3
+ReturnedBits = 05bc5757cfe935bfc5624c1050651e9c8245d286e086ae3020819f2a8b047fa1c74f85b505f61f7797bcb15828b62aa28d0f61005f31c0120aa11d469c204a92e73071dda27052032631b3dd27d5bd27f72b052c5019809963254bc3477853f8f4b6304c7e71107e99f779d37ebc504e1770674ac5b7ae322e2b8efe67cc3519
+** GENERATE (SECOND CALL):
+	V = 5157b5f5300744ea0632b2dd459639e38a6378cbc670fa18ab2bb3d1baf10af1c81d06aa16c7d979c87d0a4b9e61a141aac5c04be2ee46
+	C = 70732ec1713fd23fd6f22a9d98c9663175ce4ddbdaf6a6b899f1d1cb09390c63deea0d8218d822117164099d97d6fe135beae809da1578
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = f16b63c57fe53a9ebd36773c1ffd828022dacb47fe66d63dd00ba8045aab0c5e
+Nonce = d96c33950d8f1926f207b76a20207f58
+PersonalizationString = 
+** INSTANTIATE:
+	V = 452bb3f955e1396a7e9fe876df0891f61379f4da2282e7ebe6d384c3704bdb908a76fe66985304f756f06ce191f49efd670406431c4dd0
+	C = df508d216f9074a71f0f124f8d0a7e13832e7eadbf994f9caf9ac27f6321648dc447daac399aaf8403decb71f00440edd07feacf2e5575
+	reseed counter = 1
+EntropyInputReseed = 4e163f88f780e7878f1993c84bdb1fea323d0a7abcd6b484a1e1f87f43450f52
+AdditionalInputReseed = 6fc7d2c881b59d73d8547fc9e2e7113e77c05c76c77bf4aa694b8073d233bcca
+** RESEED:
+	V = e993b957c656661be8306172a0eb1dbb0e129855a43ad7012b1f336ce436d984eccdea65d56957946931000d8f0b5ca8cc32aa5ab14ff7
+	C = c8744b4248bf0544edfe3db9a69d10a037d93bc89459816d95ebd43996e8f45250951be13804afa27d12ca706f47a03609721a9672ba6b
+	reseed counter = 1
+AdditionalInput = 84a7ece7eac72aec6372517e57a9238d3f91af923378adfd970e1c787eb1590a
+** GENERATE (FIRST CALL):
+	V = b208049a0f156b60d62e9f2c47882e5b45ebd41e38945a0ddc4031091c163944e82896e466b03c2f2fe42802313c49d2eb3ecd428b5ef1
+	C = c8744b4248bf0544edfe3db9a69d10a037d93bc89459816d95ebd43996e8f45250951be13804afa27d12ca706f47a03609721a9672ba6b
+	reseed counter = 2
+AdditionalInput = fb0e59f4a9020a7fd11a3bcffa12891b3bb16443d9f45dac59f5895553dd6ffe
+ReturnedBits = 63369d9d1dc2b6fa1fb79ca080241333556be87a680fd0514c5290cc37091d1451877f54a700e1b79a34266e53f0e1e19cd39690c4a3347143c8658d4376306c7922f14760e411d9ba70672916ee9d6f9658486809f3a22176c43777df60cc608d6f8f7d9411aa2b883e1d40ca84c37de5991eadc4b43cdbf045389227104765
+** GENERATE (SECOND CALL):
+	V = 7a7c4fdc57d470a5c42cdce5ee253efb7dc50fe6cceddcff1880378d9f8ea2b305057ad40b2c57f94135b789d2912f0777826873048a71
+	C = c8744b4248bf0544edfe3db9a69d10a037d93bc89459816d95ebd43996e8f45250951be13804afa27d12ca706f47a03609721a9672ba6b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 3031927fd8fc528db90977bffe5aca14267c9b380240f96648546572dba8f3e2
+Nonce = 95589a02d1aa8eb37cc4e195419a2611
+PersonalizationString = 
+** INSTANTIATE:
+	V = 794f892bf86a44d2926c05c900fff766f589dd171271a902317ba63a59c02ed519d879af7ee3dc7ca31244e5d1ec49395137a38549cbc3
+	C = 81f5cb206861957f93bfeaffd1f6a7456aba035622818d820f1f3987de2ddad482b681e63bed6a4d599fb8c74cdefc604a4492b8ba65fd
+	reseed counter = 1
+EntropyInputReseed = a0a3f56b4637ade1ae53e8c36901029fef17021e6d9e53a8d31119c57bb77ebf
+AdditionalInputReseed = 35ca0e1d3701c99a7cdb4f547032df29e8325e37c9832862be2ead3193ee7a1d
+** RESEED:
+	V = 792eae90e1d68acb10427709c43fa939cb32ce58034aec8ba8a642d55f5309ef35d70b3ad3830bfa939b990ae08776d3b8b8eadf8bf3e4
+	C = e8933addd40d0c474ebe3199ccd7942586b121d1a376f7ec0264c3ee72758e58aeec478998b9c0bc10afbb0d75f4c92b1f321aba539ec3
+	reseed counter = 1
+AdditionalInput = 659cdc03e6650cae64924efec0916f9daeeedf93c4c007382242b9c02b1c4882
+** GENERATE (FIRST CALL):
+	V = 61c1e96eb5e397125f00a8a391173d5f51e3f029a6c1e5b85ab84b567f737e920a5e015937da4245827b37d2041af309607700b78fe233
+	C = e8933addd40d0c474ebe3199ccd7942586b121d1a376f7ec0264c3ee72758e58aeec478998b9c0bc10afbb0d75f4c92b1f321aba539ec3
+	reseed counter = 2
+AdditionalInput = 185dae5021545b706b608b7e3f22187a187a315360b0a370241785f534b4ecfb
+ReturnedBits = df85b9f90f7109748ee4b48c99650af4ae6066ca6d66d7e5357abaed71204b61b847b93776a1739342a032d64076bcaa857334979c9413ca6f6bf589b8706928cf28aa1c887b7c7732574adb70b32e207b5bf8c6336dd99ac9ad3487180c4d29eea4e4525d2a3f316192c735f80e77c009642ff654538c3b5f33cc5e00b99201
+** GENERATE (SECOND CALL):
+	V = 4a55244c89f0a359adbeda3d5deed184d89511fb4a38deade4510faabd02779b09a39a6210bfac44028f7fd25a3f4073e8939c02b99b69
+	C = e8933addd40d0c474ebe3199ccd7942586b121d1a376f7ec0264c3ee72758e58aeec478998b9c0bc10afbb0d75f4c92b1f321aba539ec3
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 17f6549d617d845534130dad26dab37858d09ecf1e82204328fcd389904b574e
+Nonce = e33a3bf8e024c1ecc88b9bf187c55933
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2d578b96aa2735388672cd10f42bca1f81812238b4bf71bf41acea42785dc00beee4bc51a33ab491876ab4e7ebf4cfaab56f218beafa79
+	C = 4f5b1873cdbf6e97c8603a78269f2ffda4eaa5f21d9eb110189013255316763342b3217b2dd175a172f82a56d40133b7d40dc7a56788ba
+	reseed counter = 1
+EntropyInputReseed = 498039b69262153df4a5330339a72e81af1c4c915e80cd3eba058ea7f3a8163d
+AdditionalInputReseed = e185a776b9246ecb9b172af270b85b78ad9f2f46d1e2b16fa9e28488f258c2e2
+** RESEED:
+	V = 41e990b608bea8a580d7dc42038bad664649036af7767a8d97fe2100c32efd5ddbfbed127c3edb9184d95b8805488a70e46e232bb92a9d
+	C = 04160c3193b64206948c07113af7ac8e2cd696719e65774c8dd349dcf0b4cf29d1000b9b8a9236ae15f4f8191ff6d2c6ab7269bf84388c
+	reseed counter = 1
+AdditionalInput = 1d46c4d8b58212262e2f5f9cb8ff65d822414ef6d2c1cff27eea8f6c9cac0285
+** GENERATE (FIRST CALL):
+	V = 45ff9ce79c74eaac1563e3533e8359f4731f99dc95dbf37fa519d08cddfcfb1fcc459a5a9c0d01426efde0d070fee352a214b2d8365fa3
+	C = 04160c3193b64206948c07113af7ac8e2cd696719e65774c8dd349dcf0b4cf29d1000b9b8a9236ae15f4f8191ff6d2c6ab7269bf84388c
+	reseed counter = 2
+AdditionalInput = 34162d27213a35d96526158d8bb8e48de9833ceed4feb8771cb476a418d8305d
+ReturnedBits = 7d1a13f0f8a36ddc73689978a84f6321a27d0d34594a6c4da3676ad9097f73eddf137af847ab38ee569a86a56477e82c7759b8fc6e697f8b8ab271719acc625bb603dc2bf9e37c5b00282551fdc14e9dc9edcff137e469d2867f9436ffdfa1b14ee34651d54664d0d43947277eebb51fc14af223ecda2259bf949b5bf1db40e7
+** GENERATE (SECOND CALL):
+	V = 4a15a919302b2cb2a9efea64797b06829ff6304e34416b4b03528466d5578e904c5bab3db7f8ec45f5c0c49c06a275545534c71b33430a
+	C = 04160c3193b64206948c07113af7ac8e2cd696719e65774c8dd349dcf0b4cf29d1000b9b8a9236ae15f4f8191ff6d2c6ab7269bf84388c
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 0d546b4b3cac4047e6215e1ef672b85db12ed87abfb3680bf886be37d9b98ccb
+Nonce = 747b638625c13500965f02835fc9c654
+PersonalizationString = 
+** INSTANTIATE:
+	V = 72b581cf4e11a0d208e8690cf941a74cc7cac195cf03b7f290dc55b957d975f295d107873ccc603c92be12c3609676d15f198e3dd7f379
+	C = 3fe5f9f1121c34dc8a70ec5bfa89699c405fe5c570126666eb66976fb00e1fa3f543e26d9162d97124fa8de5bced88105ef6c1f73d54fe
+	reseed counter = 1
+EntropyInputReseed = 6e6f8cd62aa98df3a43e137544aa80a8201dcd607e3f37608b578d713a1d3744
+AdditionalInputReseed = 6e17b33a316fa6ff538253f4a83db9534cdc861f8cbf156ee0c5b02b6f54e37f
+** RESEED:
+	V = 0e2811a00b2fc9aacbddbd74536bf8f928c7d1c4542cb7e5eaca41e34130ea49563be2c57945c7d7a4e5fdc0b19d5088ee63f81e33a752
+	C = 1c8f8c6219936ca61c22f6353a84174784a66d47dfc93088454763d27bd821d641e0bbac3e94de42b775977c7ce95312efc6ed94e32cdf
+	reseed counter = 1
+AdditionalInput = 333e1fa3f0d92839d238f66e9f5f790ade07220df3bf3232af910b9d135f9e54
+** GENERATE (FIRST CALL):
+	V = 2ab79e0224c33650e800b3a98df01040ad6e3f0c33f5e96e6daab05545cbbbee70e49eeab0afb7169b8255537864951f4dc197963ee697
+	C = 1c8f8c6219936ca61c22f6353a84174784a66d47dfc93088454763d27bd821d641e0bbac3e94de42b775977c7ce95312efc6ed94e32cdf
+	reseed counter = 2
+AdditionalInput = 6f6936a44fae182ab3a58908974c648b4ccc5f0d31c77b715aa04caa1cf4dd92
+ReturnedBits = 01242c8100d1fd0fdc4c3e21a5fd882428e657ae562b309638c5b622225820a14e92876b4b0afa033f932967ec0867cd7fc556d4d1f821d24ab5acceeb190654aac1e306f3621a0890f21f9ae141b659b7c118cb020b24a408e7096b2909b484d865cdd8c9667dd821d0d552d647a429fa67890baedeff5007414fbabceae37d
+** GENERATE (SECOND CALL):
+	V = 47472a643e56a2f70423a9dec87427883214ac5413bf1ab80747bf77c4167cfead666479665b8b0088b69989b7995c604390c5ab7835dc
+	C = 1c8f8c6219936ca61c22f6353a84174784a66d47dfc93088454763d27bd821d641e0bbac3e94de42b775977c7ce95312efc6ed94e32cdf
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3df63aaff558195ad9617a958ba516138f9900a19c224902a9edbbf3095765ea
+Nonce = d2ae16da36e9248db5381dc1b16a02e6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1b7c2089cd1ac9f93a124432d26f67f4f19588b85b222a84c6c38042c32279906973c11707bf69999292f3010a7b8e4ad2135da8e73fb5
+	C = e115c02191759e03688e3be28d8a9eea429da27778df05d5ac18d663582681550b947213ff9732dc6dbb2e3376381a5f959b2632325c15
+	reseed counter = 1
+EntropyInputReseed = d9572dacc37e18986ee9e7a33c5d1f54ce92b83667ff0e178c9a15f12cc40033
+AdditionalInputReseed = 940c892fafa11779671152a64c499340a6019cb8343d8633e8b5827128a992e3
+** RESEED:
+	V = 3d783d3c9c15c61a1acb5093700b1aa180f7269e8e90880385958a9dd32e0c2fc8b3ddec38aca41f22b9adc8b347d3a3d972b87fde6bae
+	C = 145e1722d0f1c96efa8cc2b307bc7873c35d4627427653ee493cbb406788328dfbeff87191ccf11615bd013a9f5a877d76b0db1e67d314
+	reseed counter = 1
+AdditionalInput = 4f59529c1300f2617a659d2755f6757dee1ce0ea1cbddb9f4a01fb04bfcece8a
+** GENERATE (FIRST CALL):
+	V = 51d6545f6d078f891558134677c7931544546cc5d106dcc9dcad39cc502ef89df68d23e752a8e6c061703078ccccbba917131a1d5cb7fb
+	C = 145e1722d0f1c96efa8cc2b307bc7873c35d4627427653ee493cbb406788328dfbeff87191ccf11615bd013a9f5a877d76b0db1e67d314
+	reseed counter = 2
+AdditionalInput = cedcd256765dea40d7d2cf7646fcfc9654b36f98a7b520cda5dcccb2126c8c3b
+ReturnedBits = cd1ff6e75794b1b49f014d5682a379f61f78db5b393331deb1502179a8b5e08916669789073717a768fcd5b85fa141d9216d759a6e0946fc8900d6da1f579c2d1857491e620292173ef9886c2326529ad85b5161d31106a257bc7d56f07bea30010b5a0d523395e89a54e3cb35ec2d466700cc3425b3130fc194d6077af6d962
+** GENERATE (SECOND CALL):
+	V = 66346b823df958f80fe4d5f97f840b8907b1b2ed137d31c24b78a1a3ca4e093193e636705b95776d38bc289d991f2f935d2098b20ee46c
+	C = 145e1722d0f1c96efa8cc2b307bc7873c35d4627427653ee493cbb406788328dfbeff87191ccf11615bd013a9f5a877d76b0db1e67d314
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 5860fa8e80ff5e80f67e1f8e468683d24a9bfeb3a4e1d6092b1d84f49c72e476
+Nonce = 93f1364edb87c165e43579691b5bc164
+PersonalizationString = 
+** INSTANTIATE:
+	V = fe371ff3df1f72e6f01769dc866d46bc258bffb5f6a2c6151b95186b492415554c58477addf0eca67c5d531b367e62697df958b4439244
+	C = 3b45b03c25b3a4c3f0cfb21cdae07343e33e03230df1830c1ebef39433d26dd77fc8783e327ce763dcac1ef2cfd360547a372ab3410615
+	reseed counter = 1
+EntropyInputReseed = 8d1c7c6e7f1bceb5a8e6c47668931d4cc1ba84412b18974f71ed2575e3f746f9
+AdditionalInputReseed = f8545aa9c091e28ec3f7e2788d4b235b505c41d105523b181482ee8dfb26de6d
+** RESEED:
+	V = a4bb2396650395e36d880e77767d70e1afd54f2a6677d218cf3ac99bdf9a6ba0794d81a5e1b054af2e54b8f32b8d5098f0ea0d89b957b6
+	C = 276a26677001db0cc446cfe734bb3a0634e37d950b9b17ad0fed20d868da5f520bc672e20d00a145f19735b27d14025b96fb33b82a332f
+	reseed counter = 1
+AdditionalInput = 2e58139f339e1924bd7874832e6028813f92f9e827c307f490ab343c0f179e80
+** GENERATE (FIRST CALL):
+	V = cc2549fdd50570f031cede5eab38aae7e4b8ccbf7212ea90a55be450bdb2579d6573caeea15f03e3a8aaa7e847338a69bae86fb3d89531
+	C = 276a26677001db0cc446cfe734bb3a0634e37d950b9b17ad0fed20d868da5f520bc672e20d00a145f19735b27d14025b96fb33b82a332f
+	reseed counter = 2
+AdditionalInput = f24fdba1f96318f0adb6db6a75f6579612fb37b558d062ffc67cc6b8a34a0d74
+ReturnedBits = b6e77fdf3dfc9af768148a52dc04f9cc309b3a97b6763a534cae19c04e2db2fc9b88b58c728b85ca77e64da8015c5999f95bfc92cbdb40e82128462f737751560023aa4725e93229e2e2e596a8ef36a23640d83a87c154f53b17f0ec02c4286d078360dbff26ef387995c511cbfdc6274d5f36e97e6c996ca0fc3e9d2fb04df7
+** GENERATE (SECOND CALL):
+	V = f38f706545074bfcf615ae45dff3e4ee199c4a547dae037dbc74eeb9192711cb57762ff460da160fe2add21c8acc80ee71375f6e313817
+	C = 276a26677001db0cc446cfe734bb3a0634e37d950b9b17ad0fed20d868da5f520bc672e20d00a145f19735b27d14025b96fb33b82a332f
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 84435f1379e8137575140ee5d144ba6fbcdfb77e877e55fc9374d96c7e1fbb0d
+Nonce = 3fd559aae9eeee800cc729b2fc917303
+PersonalizationString = 
+** INSTANTIATE:
+	V = c1e63e1b1a2e6f46f1be0c343b5941487cf06f05e83aacac108c64b2a834520154f33d3ed376091b3ddc8e54c70b9d914b1b20274899e1
+	C = 0a52afb55a4d833df83dc1ce536d6cd1e655c9d113c01c6b01299ce017d82cbe42b19189890ad734085b785d265e54095f74b48a93f61e
+	reseed counter = 1
+EntropyInputReseed = 0a7154dedf5572a22c62c8028e51d3f96140b72285ffe1c31cde20706a1a2a1a
+AdditionalInputReseed = cc34e7f9a1d272ac608289f080fc683d71a3619e8d0d8449d2c2854ca6d3b419
+** RESEED:
+	V = be3059fb0ab573d7518b8b56cb290be92cfdb5e8537d20acb8bdb6dc67865db5e400126a9687f9f7d766307c1f988ec59a53ded954b23e
+	C = b0d63b4f1ce79da1c19649ebe00641b5e4284ea8486a54ca535196ef3e00eb500266b5a027840aa8ec3e2ce62a53a173436435ffa965c9
+	reseed counter = 1
+AdditionalInput = 72c9493d3695ecc93f8d049e7bca178dfa7950ff5db43db178a3aec39af2eeba
+** GENERATE (FIRST CALL):
+	V = 6f06954a279d11791321d542ab2f4d9f112604909be776ce2cb10c312ff90b97e4011cde04bf0915e74ae4d751ddb88c6b5023e2bd4617
+	C = b0d63b4f1ce79da1c19649ebe00641b5e4284ea8486a54ca535196ef3e00eb500266b5a027840aa8ec3e2ce62a53a173436435ffa965c9
+	reseed counter = 2
+AdditionalInput = c259e1fae1963a22744ac11594503d3dcebc792a5809c64d0ec40c4ccc0efa62
+ReturnedBits = 2574442ce82cec1fee9656c967ef53a8902feea6f5c9bed4c401f02be1c36d955a3d7410fd5d56a60af4bfcf063e36257a0ae68fc7dc55233c9e484a1c175363d3b541024a4744f0ac0269574dca8e65ff01d0a25f94a17c1d1a86ce0ea2f36cfdf564c388d5a4916782623526f3324d1558167aca837927fd49a05b1f3bb233
+** GENERATE (SECOND CALL):
+	V = 1fdcd0994484af1ad4b81f2e8b358f54f54e5338e451cd21bb27b6eb24df8653cf1cbe8aab9d1874e6be3aeed0943866c96712f3f202b6
+	C = b0d63b4f1ce79da1c19649ebe00641b5e4284ea8486a54ca535196ef3e00eb500266b5a027840aa8ec3e2ce62a53a173436435ffa965c9
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = b4f17f60358e09f1cbc1b481d16a91b17ebb1eb4a4833ae07bd16a72bab4a23c
+Nonce = 1ace4429d4421da16afb7c3caae3a2bd
+PersonalizationString = 
+** INSTANTIATE:
+	V = f6458a05fc75d21de22ceef38cdc4e9ac31b629f40c80d60a2fb0331c751dab99d38e1c2d625968b0004565b255de281a4c5ca9338fec3
+	C = cc5031a89a4b7fa469dbde85e12bddf0c305ecc1a9f4ea49663dd2b2a04a8f22f60f669ca091e6bb5142bd74fdcde5645f4664e4d05022
+	reseed counter = 1
+EntropyInputReseed = ae6e6421e90a710905c686dfbf3abaab077702e511a3bfe9f11d183933c31c59
+AdditionalInputReseed = 8dfd6a12c50cc9732b860c4105729ca7e17d81c69c8b81f1a0c729eb5924ef96
+** RESEED:
+	V = 218345d965fd4306a3253d88e15dd167218776399b1ba391463b868d15765413ebb010b33ae726b86569c3ec940d014f91ea590eb3b7df
+	C = 5bcd4e111bda6bb74628d5c6a8b143e476a5b9bb66d1f6924ec6e53991e99d1949ecf91c077e0e79a8f96053fab6fb7e337d82685ac6c2
+	reseed counter = 1
+AdditionalInput = 26d1aea563b369271eced9ac07abe309ac474e7fa976a4240d6a3503f941c86e
+** GENERATE (FIRST CALL):
+	V = 7d5093ea81d7aebde94e134f8a0f154b982d2ff501ed9b0d3b22c88f35010cc862493844d37048fe54aa443599a4dee5538f3f8ba811d3
+	C = 5bcd4e111bda6bb74628d5c6a8b143e476a5b9bb66d1f6924ec6e53991e99d1949ecf91c077e0e79a8f96053fab6fb7e337d82685ac6c2
+	reseed counter = 2
+AdditionalInput = 4af99b0916bb8c149b33dc667b77ee8879d28844f38593c78666887eed4cc535
+ReturnedBits = 9c688cf305358c4bf9e8ac67365cc00340ce9e32d6fefe4d800f336fe6f8fc48fbfcd18c1518a90dbf00d65c8d2d245a2afaba2d68e62d7a470391ca377fa72f08fa8e0f2126926db96f2fc8cd882aea84862ced6d5d81c382604de73b9a847bddb701f61cc3fbd41499f1e95bd4c46de1235e4210f1c8ccb15a4e7bf5e75979
+** GENERATE (SECOND CALL):
+	V = d91de1fb9db21a752f76e91632c059300ed2e9b068bf92bc979d034a14f59689894ba4c005592d0a0df7fda3971cdeefd5c84b62346464
+	C = 5bcd4e111bda6bb74628d5c6a8b143e476a5b9bb66d1f6924ec6e53991e99d1949ecf91c077e0e79a8f96053fab6fb7e337d82685ac6c2
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7fd9e2c09d4e728b255e7728d2c36df4deb61bc4dc73c563604c8b6f96912de7
+Nonce = c2eabfcb887e0f37dba0f4138f7d6ca8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 869be62834bf7c547c2cdc23eadedebee945a18cb7948de44f4e32a4f688e43a2f6f22f04d91f290871a19a3c9f1e68612f6b13fbb40a8
+	C = 933530d12f910ce1b3feacb9a96fcf70a4c740b9226cfb726ace5c8fe71e770e1aaa4ce02b5891c4b0c20c0a53557f80c262f1b909f113
+	reseed counter = 1
+EntropyInputReseed = e63ed682f3c1c2f4851f489c0913b850a58895798207a5676ccad9d36485e669
+AdditionalInputReseed = ba85dcaf7d9fa072788904eeb437981f4e17db6e26a31e5d6a880295e538aa66
+** RESEED:
+	V = bc0729f14dcb17a8dc16bc6ff2ffd3b6b91c2af1ddd968ab6458afc53b90b5a6a0fa41bada1f8d817dea1bd740fc1e104077ec01eb67c4
+	C = d3eac92410e84dc72242e04e91f93335b2c5bc4321807c9a70697e46b536c677a485d68ad3d6638f373edd97b694834de13bafeb8c8b31
+	reseed counter = 1
+AdditionalInput = e896677e4d8a18bf9e08dc6f1815c3becbf62ae8dd8e3add1a222f2a67faeca9
+** GENERATE (FIRST CALL):
+	V = 8ff1f3155eb3656ffe599cbe84f906ec6be1e734ff59e6b55831a1c6ab6b6c353987ccb8475a10a989320b239fc214bd30944c46f1be62
+	C = d3eac92410e84dc72242e04e91f93335b2c5bc4321807c9a70697e46b536c677a485d68ad3d6638f373edd97b694834de13bafeb8c8b31
+	reseed counter = 2
+AdditionalInput = f276580020c7a55fb4faf24e1b93e380e4a8b36fa43c6679ad3a9c3db40fe263
+ReturnedBits = 0a50c77e30366b62a911f3ce10049465b86f5c71d3cdda3d364473893f1526d9b892311a76a767a27a7a15befe940eb2b0d18592387af34f348fa2e7c1251e4724d624fb1f15477969ab224ab177eee1d19ccfb0cf59dce1cdc418053fb9923bf0c9519fd39f50f90c29393e807bd3b20c53a428efa34b069d90c9bd2d475acc
+** GENERATE (SECOND CALL):
+	V = 63dcbc396f9bb337209c7d0d16f23a221ea7a37820da6377ad38a6717dc83eb7ef3973592aaf9e7972f158c8bad00f82a616f1be456c84
+	C = d3eac92410e84dc72242e04e91f93335b2c5bc4321807c9a70697e46b536c677a485d68ad3d6638f373edd97b694834de13bafeb8c8b31
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = d1beda2c6f2b0b141b6da6038bd24dc8958c1e2cf8970c830f1c82f4a875c18a
+Nonce = bb0992088555710adb90efd674b5cfce
+PersonalizationString = 121b30fd8abb4765ded97217b3045aee1a74f942e65b855f21b616dbebe33537
+** INSTANTIATE:
+	V = 7bf4fe7c6e5eff46d2a9e4d441a85025d4d5403c9646cadd43a3244e048dfe5fa13020b8a2455aeb0724f9ec2bc4b8f67b8e9fbc9621dc
+	C = 7cc1f26e1eace5b3063521a12666f696a84b6b23b508f685e0a6d00650344150c6b671bc06a24a954314185443db1cd92f5fe86032ef0f
+	reseed counter = 1
+EntropyInputReseed = 73f1161619054e9ad10c37e15c86fba2a9070b96ebcb502fe7079c91e8859d93
+AdditionalInputReseed = 
+** RESEED:
+	V = 75000cf3012c61dcfd79c6aae6ff49595d74c7f252a59bd218373244db2d5f827ac390c27bcf30cdf9a7d4ed0ae09d8653c7a197705d31
+	C = e937427674a09bc918433af74b5905b6eac7783314d956a4d10c0320e86302aecc2fca2904e6a7ebb26337d56a64c6f85573f09b34c290
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5e374f6975ccfda615bd01a232584f10483c4025677ef2c28ee5fb2b10705c7e8cd970e26f0ec0e039e2ded2b008938edfee0ee81fe2e0
+	C = e937427674a09bc918433af74b5905b6eac7783314d956a4d10c0320e86302aecc2fca2904e6a7ebb26337d56a64c6f85573f09b34c290
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cb4953120c747d981c8b6b6f12f9b376c1390ceec72466db289aa1aaee67a425382dabcbdfe2067c2aabd89abb4a16f40b3cce3194624edc6aa4b8d296056819045807864f565fafc12041f62996c4f47214d7c47f6439d3c98fbbe0ed27278d78c50334b28388461021c6a0f7ef6857c862dc70416005ea938c2eda363ab319
+** GENERATE (SECOND CALL):
+	V = 476e91dfea6d996f2e003c997db154c73303b8587c584a3f926bb678f47ef7a54adcbf41fba527ac623cfe3ee6bd6296d68011f0cbb1b4
+	C = e937427674a09bc918433af74b5905b6eac7783314d956a4d10c0320e86302aecc2fca2904e6a7ebb26337d56a64c6f85573f09b34c290
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 2f6c7788a66d1198a48fafa5afdc654de3774966c3e4ae2e3a09b994a1a1b66e
+Nonce = 98d4066fa776c4dcf7a9ff9432fa6460
+PersonalizationString = 94ea29fd6732deef51f8731e1bc6afb71dda0c87c3a09705e4b0d1e34c4b4305
+** INSTANTIATE:
+	V = 47364f9c602b3e2c728486dc9d906e36e5022309d1690449fab53e2cef1e95e7256f58e9b0de21cb9136d591fe470e01ee824dcd7eb798
+	C = 304905d1749b474bb41850283553ff716477b3aa17910921d895add0dab48e5fd2931c9e982d86ccaf7e0b2adfa6e902b2e560fb063737
+	reseed counter = 1
+EntropyInputReseed = 540b745cb6340c316cd4f5b552bfd2d5401613c9c2b5092545bc75415465c282
+AdditionalInputReseed = 
+** RESEED:
+	V = 3f21fa98f380218b82f757ef49f222893786656b283182011632cc26763f4e99c77a5b5176e04956b2c5e8e89a0b6072b5226beaf362a8
+	C = c298ecbef25a71508a65c77a60514c893fca10569a59c583e194491468e4e7d799b8e988868e603eaba5a56f422c4291c0ca05e29f0a70
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 01bae757e5da92dc0d5d1f69aa436f12775075c1c28b481e99d2782f1372b6ded3a1a01b83ebe1e41a88e924f5badf9cc1f31219d56d88
+	C = c298ecbef25a71508a65c77a60514c893fca10569a59c583e194491468e4e7d799b8e988868e603eaba5a56f422c4291c0ca05e29f0a70
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4e64b602b76f191e847b1820a7290e6dbeeda10a7db8ae42e6e4552db6e745cd58d66f2a3b3c1d135dfd97e0308496332bd7ed7cfaca925e9b4c3c9a15049aed2eca6d4d55567abf449fade7ad35c4b620e7d5bc272e4ce37f42c7be78cfd5b0eecc8e18426c211b96f28d199393499e0639e3bc8e88ee2b5b19d0d27024fb11
+** GENERATE (SECOND CALL):
+	V = c453d416d835042c97c2e6e40a94bb9bb71a86185ce50e9f3ff78d996557125527c3679a66a53dcaa57c8065426929314aa15475a44477
+	C = c298ecbef25a71508a65c77a60514c893fca10569a59c583e194491468e4e7d799b8e988868e603eaba5a56f422c4291c0ca05e29f0a70
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = e3505cef4b3a2c0c3a0e9739b7787fd6041f8b633fbff10addbcfc7e8e1661f2
+Nonce = e6765bebf2805d677406b623cc580276
+PersonalizationString = a75c184177ca690ac8bc7fe5c3219a8bc5a2935a6111dfe4f9847ce30857904f
+** INSTANTIATE:
+	V = a15ad0c772b84875c587b4197e98c09a044faea9b294b72e3061a50b8a90a50bb07ba57676d8c6d7993079e063844acf4c11074a9c99fa
+	C = 43145a4be7479ca08903644fe1f6812984632e5e363f9de917185bce23cc6cde8f1f6f9ce99b71dd1432d9218a39d2b53b89c0bd2ec184
+	reseed counter = 1
+EntropyInputReseed = 5f706cf340db410ed3eed6e460e20e501ee4dcb8670f7c1478ca92b717d35af3
+AdditionalInputReseed = 
+** RESEED:
+	V = a646ae5eb0dfc3d84817dcab84ccb98690c61fe0648e394b6323d11089876ed9f5106b375a82e1e6270e5ca0ba7e826bf2a7d616a6c561
+	C = f6f5af887b1355b6b3722ec48a2b23826389af70a300fcbfac47544b8e0c6758aaaeb561f67234afa99890cbeda570eef1f4481ac08084
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9d3c5de72bf3198efb8a0b700ef7dd08f44fcf51078f369171932eb51f7dfb4cbd079affd2e42c67a9ed5514cd6b9de38bd8939dc24392
+	C = f6f5af887b1355b6b3722ec48a2b23826389af70a300fcbfac47544b8e0c6758aaaeb561f67234afa99890cbeda570eef1f4481ac08084
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e7c9847448d54d9d1cbc369d48391f2ffc518228e6df3236c37a86cf889ca903b25be7c009f1443cf5857c74a2a134ac321b9af7fdbc089bb3c2933b24a3cf3b465902d7e5a338f5cac8149c12bf85b08f221c8d32b7f0b18634e39a37aba8f8a102a8974fdd51adfb225f7e1764eb46eb13ba97c9c7353f550168570cd9c5e4
+** GENERATE (SECOND CALL):
+	V = 94320d6fa7066f45aefc3a349923008b57d97ec1aa9033edd270d29e3a6bd5ad3d3c53148e4063b5195b946f95c833f216f2f4904b688d
+	C = f6f5af887b1355b6b3722ec48a2b23826389af70a300fcbfac47544b8e0c6758aaaeb561f67234afa99890cbeda570eef1f4481ac08084
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = bd2569afad5f050c39854aeef9e833ae617bfddb604c0a554ba6fc5741794400
+Nonce = 40d0c1dc62100fade5f0c56b40de0cd0
+PersonalizationString = 2d79cd678ffd92e9ca8df78abc01cf5c8ab5eabe715ab30d5da52943775ff83b
+** INSTANTIATE:
+	V = 87ab18a4d9a1c4d8e51c6d47e956ea99181fa30b5630ed5ee5de0c7c1583660c0a4b820a8aba75d1110b6718c59a3995b04a8a3c7425f2
+	C = 0404f054a561a7627d2b04d328918a15eb9df02bb6f168ec9ea1af75fd01c9fe6e657014e1e73535671ea307d49962eb51ec7d94534eed
+	reseed counter = 1
+EntropyInputReseed = 5dd846fd8f80799cb522236997a998385026c888db9e70ca042794e784ce2f00
+AdditionalInputReseed = 
+** RESEED:
+	V = 14ebb34901acec467bced80f2160445da6d0f5da5d831018d6fe88c11f94f0b9c6ddaef21cd6cc59e4b7da4da901d9abbffbb779fef05d
+	C = bd8427517650e1c0af7f54225c7d784fde20723cc03e6c10edb7029f39f81c41deba705636aab4e3b4e76eae336bd5936e7549fb0d3f67
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d26fda9a77fdce072b4e2c317dddbcad84f168171dc17d061aac17ec0dfc84c1990f544c27f2112e91335ef79491e515b6356bf1652b9f
+	C = bd8427517650e1c0af7f54225c7d784fde20723cc03e6c10edb7029f39f81c41deba705636aab4e3b4e76eae336bd5936e7549fb0d3f67
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b4aae1ab9968d860829b8532a4ae5345cb88edb45ac9861b51e87145e477a8bf4f6a35c959ca8be6083688bfbe99efd57b5c01b32906f553f877cd6bc3b3aaf83409279db80aca602e0b9cbbe6408c18b154b1f1bef46e50bbda937970449af35ecf6de49f0ae54da1a7455db8fe0975d84075aef1463e8566c326d103d96576
+** GENERATE (SECOND CALL):
+	V = 8ff401ebee4eafc7dacd8053da5b34fd6311da53ddffe94d6a66791c5fac332be42a33021593caa645b1b5ca334c45d678d72d053c6e24
+	C = bd8427517650e1c0af7f54225c7d784fde20723cc03e6c10edb7029f39f81c41deba705636aab4e3b4e76eae336bd5936e7549fb0d3f67
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 5b065e50b53bdca13151f6aededce5f73aec14d40d7da5735266c281e5d6996c
+Nonce = 07dec5f241c919bf008e00c1cf110c2d
+PersonalizationString = 0d10d10cb808f09f115de01c35fa006506b0f3ffa0d836bc75f7aba3e56d536d
+** INSTANTIATE:
+	V = 4a2bfa3ae3592ddc6f2ed2e4dc5a44af718460fa7917c4271f8fde594ce4682bcbd61335a82c4eaaa4d69e0d71ee53298af598745bc851
+	C = 45bd088bb4689eaa78d9cbd99a44c48cca6fa83b33a4f7f4bae436c6334aefb90f5b11f7e9cdfc06aff27d81ebeaa1ccdf6e44b7b3c1da
+	reseed counter = 1
+EntropyInputReseed = dda8ff092849fba0df2948fc8e6c590df1ec851223b0b07c2572da8cd261f5cc
+AdditionalInputReseed = 
+** RESEED:
+	V = 2ba9181aa2e5993d8d64ab2c668e451e185a49855fa78562627c7552cc773f52e09d7dd8541519b06f8a331236bb8870e265bf84ad7331
+	C = 9e8fa6343251efcd96b6da8962702474b18110ee4e75516af33a4e375e10019b2eea2f1bad512a2eb6ddab8c536d278d8d31dac425fd39
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ca38be4ed537890b241b85b5c8fe6992c9db5a73ae1cd7817029d7c6fa4f48a6ca06bf2dec099b007311415db0ec3e78758afae28e919c
+	C = 9e8fa6343251efcd96b6da8962702474b18110ee4e75516af33a4e375e10019b2eea2f1bad512a2eb6ddab8c536d278d8d31dac425fd39
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2dfb382fe54af46e7429a2d55c8127c65c238cc242d9279fb329aa39d9007f947e2c21f901b8abecc7811bf7493284712cfa46cf8666989309153306860319731391bb1fbeb0c7a063dd0ba5f69559f5999c03bfe1cbccd7bc4a74d95428096ea528cc5288d8022f6b50d133fd9efb154c92b653c997aba727b028192e95755d
+** GENERATE (SECOND CALL):
+	V = 68c86483078978d8bad2603f2b6e8e077b5c6b61fc9229e7fe28a5ad93e594b37f1811a3dc4e88ade3a7dbe19d36e014a2232e01f55bc8
+	C = 9e8fa6343251efcd96b6da8962702474b18110ee4e75516af33a4e375e10019b2eea2f1bad512a2eb6ddab8c536d278d8d31dac425fd39
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 6d825b6c05f1a72d8fa84b9396791e0c9869f8e7f0e7ac1ffbc79aecb62aab58
+Nonce = d6de5bd1574dd34833fe6fa0443e9085
+PersonalizationString = 4938233e9485f0097dd7a77cf102e9df4b00a4164a6f8f9137ae26f7a08d497e
+** INSTANTIATE:
+	V = a682f2486734538575f1871b644f3f737edd2d9bf188f26d987564f5ac621df666f5ac4746005fc993b29dddc4291187a00723d1363a52
+	C = b1995b96acadb666c82f1a0014834d84a190040cd77e986a0bbd9d11e46c4e11cfe083636348f8f46463f79da785229dd0ea0922fa7507
+	reseed counter = 1
+EntropyInputReseed = e61193cbe5d63da701a67a37f4cf16027d0e8a597ef2b5fffdb7db5ac15eaa1b
+AdditionalInputReseed = 
+** RESEED:
+	V = 4726511e13b6c24197029dccec13b9be7e38a7d417933c3b0362f0556da8fcb640ccdf7c615633d39d49a6b6d9d9ee76a303226152956a
+	C = 59ca49929a1931b017d2d663b15c6e40a77b36985557b1f51a078d00682eba69d849c17a0bc793552635aa3609650f3a15ad790e80c8a6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a0f09ab0adcff3f1aed574309d7027ff25b3de6c6ceaeede8e1a9be0b7acedbf0d216e2f3f7a1ebc5b8c152aca8ead3e39ece6fa776d85
+	C = 59ca49929a1931b017d2d663b15c6e40a77b36985557b1f51a078d00682eba69d849c17a0bc793552635aa3609650f3a15ad790e80c8a6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1904ddfd74099d996e72e80b90c70a23212059fb4d7ec6ea4498f8c8f7d5525ecbb6daadf177bece3b8b6569b4f1467a43b5fbc4961aa67575270ace0682a9a3cb819b76aae2f52b052af45de2eb21eba1371aa5de464c3b8fb2b12469017039b83ca54cf3d31a847f98e26729292d6d08c4c1d270d5dc5b302fa811b42e7998
+** GENERATE (SECOND CALL):
+	V = fabae44347e925a1c6a84a944ecc963fcd2f1504c242a18809c0a4418feaa143077d9faf1e0fbdff18dee1c13a55be18cd837c5a913c67
+	C = 59ca49929a1931b017d2d663b15c6e40a77b36985557b1f51a078d00682eba69d849c17a0bc793552635aa3609650f3a15ad790e80c8a6
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 50fab608960d112db7f5ed4bc8a9d900c62e5889ce7881b5184370f3a40cd6e9
+Nonce = 22a3cede0bb8de213a2cab93b3bfe0bf
+PersonalizationString = 381a2531fd3b38209c3fc0545c044a7a983a49c88a3e2a81ebf25f19bd45cbd4
+** INSTANTIATE:
+	V = 08d9b5cfcb91f0eb7f57c74c0df734382fe128ee5b71df4a53bc271512756789e492a4a439fe25fc48c77746d15c2563f9235c71f12013
+	C = 809d50e8d9db872adbf5f763dea22e18b1984a11d27102fcdc5fd9e431dea4358757a58c1bbc6940db0020583ea08f86885da6a4e0c70e
+	reseed counter = 1
+EntropyInputReseed = a05d715b87d8fdf3df753e1d8d4f951994768416d81b47caca6a823f97741e64
+AdditionalInputReseed = 
+** RESEED:
+	V = ba9fe5957be2ce8779259d91e7925f15d60e56bfcd516a4acdb4abe86845d37b1a2fb23633a3aa8e9dda137bebc5f06f243e5f8c5dbcca
+	C = f155d69de817245055ce5724d51975c038bc733643f3714ea060811088f3426335a40b2f01a12d2684567fa287b6110b3f87c82ba4a93d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = abf5bc3363f9f2d7cef3f4b6bcabd4d60ecac9f61144dc6de9a8ce82c1f369894e75f7bdac9c826a34dae376418c6150ce788c3aa4093a
+	C = f155d69de817245055ce5724d51975c038bc733643f3714ea060811088f3426335a40b2f01a12d2684567fa287b6110b3f87c82ba4a93d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 73b265dc7be63003ac4c3448bfd084e10c50dd4bff1393c7a518a507001130cca861ffb09e9fc620987e642154f6402cced33b98588be98461527ab3e211a889e89da18072cb747098147895e611d2fe40966be95b1e08a352669b92920b07ae692f9ab21e2c509acac5534474d151bb0a04c1dd5d195835529d9055c51ddfee
+** GENERATE (SECOND CALL):
+	V = 9d4b92d14c11172824c24bdb91c54a9647873d2c55384e46686719f21d7243c0f3089309aae67787c6d3ed6cfe349ee82155929dc5bff7
+	C = f155d69de817245055ce5724d51975c038bc733643f3714ea060811088f3426335a40b2f01a12d2684567fa287b6110b3f87c82ba4a93d
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = e2a6393c4e65f41b2eb558407eb349facf6b3845c4dd13165baf610dc116caf8
+Nonce = 40a2c18d8e0d9b68060d24f7fa31decb
+PersonalizationString = abd18f4b7e0101aac292a113ba6ecbadfc8750cbede424b18133907b44adff03
+** INSTANTIATE:
+	V = 2e8f636980f1da1f21083fe84a03b4940d93cb89d5d49bf0be56241631e82e3a99641559f231653a5a7c7b31a98c60c67b8ee6d0309675
+	C = 3485f30d67a944f6049ccaab4c331d19ac938011cb862523794102ab58d87a12203de84feb3fbe23411eaf7f15be23809df125acd53a52
+	reseed counter = 1
+EntropyInputReseed = 78ad92d1382d2334083f54867b23e249c6251929fe43919147c1ec9d36db80a5
+AdditionalInputReseed = 
+** RESEED:
+	V = 851220cf25555b577b9e623fb14bcc2bcd6d526227c73beb724af315bcbfa6108f28054867e1fb54563ee7662b648408fb04622ffccf60
+	C = 4c86567fd6d6de431acbdbae780ac7387d44756b23129bc6518ba7cb51948458fc06b684552cc56d361078833e632023dbc46ab9f9a16d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d198774efc2c399a966a3dee295693644ab1c7cd4ad9d8113a3f8a78f376474aa2cf50be262f5e4708acfe700885537ad5dfc8702d9340
+	C = 4c86567fd6d6de431acbdbae780ac7387d44756b23129bc6518ba7cb51948458fc06b684552cc56d361078833e632023dbc46ab9f9a16d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = da2cdb7decda7cbf4b50aa519672a91dd87c0b78028d5a92ad25c9404e9301a39be501dcbc08804d7beea91074b25e74683e91a9e3ff3378bef6c0c26404a05f1862e5419ef5d8a950e9e23c0b9165b140d047b5234e8113f54e85a9590e910498d39b9522b2b764a3bfb9f2137c736e622fbc9ea1403b398b9d7adf4b440eee
+** GENERATE (SECOND CALL):
+	V = 1e1ecdced30317ddb136199ca1615a9cc7f63d386dec742a76db3472c7d76ac338db5b722bfaea1186146c51afa8af0afd0bfb37cf6526
+	C = 4c86567fd6d6de431acbdbae780ac7387d44756b23129bc6518ba7cb51948458fc06b684552cc56d361078833e632023dbc46ab9f9a16d
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 27933a4d95b6433f2ec81fc3e8039eebd8f8b6bf1394c85e1bd5cd936b805885
+Nonce = f8598e6f65e2d67d8316d56b60b0d82b
+PersonalizationString = a42605ac9d169a56b22fcab3c815092e9cf7ce682130b52726f80abb428ac042
+** INSTANTIATE:
+	V = cc8c43e9ccc2dea43de0c40ff3befdea4d6111eb8ec5ec864557b2a5b776c420eda5b3221491452e68a275f0690cc168ba0f1ca724a874
+	C = e538bbdeb9fbec42bf75ae252e414c794db05e388167e6268c226a19ec098428f004a7b07a856e2a57631e414a6bdb6c096c9b3dc2d7fa
+	reseed counter = 1
+EntropyInputReseed = d432dd535facd82fb88b3968131f1e4ea3f7b21996652198f59dfd1db16df515
+AdditionalInputReseed = 
+** RESEED:
+	V = f0ce117d8842d39ccc9259f55c222cf9787ee94b8f4090321115a47f5d2384bd4d839fefccaede808c1a9beb916cb434e728084e057f5f
+	C = 08711a3d92e622086dba1597dd61931cddeadcd94e1ff467fff40f6d733b5255650973a83b8e09c978f1f29cfd4b90ce46023fc16d9aa9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f93f2bbb1b28f5a53a4c6f8d3983c0165669c624dd6084dec82f46ecd6fbbeefc0a07a8f2a0c81146be9d18f872410ee6edc00e2f05108
+	C = 08711a3d92e622086dba1597dd61931cddeadcd94e1ff467fff40f6d733b5255650973a83b8e09c978f1f29cfd4b90ce46023fc16d9aa9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 597a458e86fe6de7e6ac8df1006b498e4e62115e862680b10394d94e1603d8961e14060bcf96d7bde84292829c0c038901c3e89461c38b93cc6c510857027e58f5e54f3af06d8daf528a28c9dd30ffe9ab16fe5bd6a97c02acf34f5b3142fddf53d82b9eb0b80910861bafc1a0f3b6f1f2fb51283dfad8e0e7d63dac2c1615f8
+** GENERATE (SECOND CALL):
+	V = 01b045f8ae0f17ada806852516e553333454a2fe2b8079c1ae0acf4b8efc3b83953e7546093c876086de892c3d6896348d139a50b4a1d8
+	C = 08711a3d92e622086dba1597dd61931cddeadcd94e1ff467fff40f6d733b5255650973a83b8e09c978f1f29cfd4b90ce46023fc16d9aa9
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = d6f8fe011a2e080b216d4b7357aca6f3822a58706a8517c7cec521bfb0227a1a
+Nonce = 41adf41dcb754a65aa9e2154b5c825f1
+PersonalizationString = 838829b7a3f5c6fa833eafbb60741519206d5d34d85fe0a5915ac99e12dc6609
+** INSTANTIATE:
+	V = 0da960e049d6ca3c43ec8e899ee8e63f27711f814d3322c550e690444505810269a27eb0bf52fd82810a1faecacc2ac6e7fc830da937b5
+	C = 3ada0b19181ed79e9c013f11162a699c24c6c8e89f4122105f5d5b0991e7e2662a9a00bd3d462f23271edf95c4ee88767d1e4b23a8dcbd
+	reseed counter = 1
+EntropyInputReseed = 73edd052b39cd2ac74d7c17ddb0136e354809f8048a0535e0b4a5ebad64d8ce8
+AdditionalInputReseed = 
+** RESEED:
+	V = b3178b260e1dc7b1758a2eba642b0ca66ee67f88025d925ac8ace9757502b825f42b01cee84dfcf6a49b91a76e650222beb9e6fa85d3b8
+	C = d8763001e6331b63ac4db4630f83559b46f91cd116521a1594a1c9a88bb691a3a5e462bae8f88837fdead7abc010b0892ace3e24fb27bc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8b8dbb27f450e31521d7e31d73ae6241b5df9c5918afad60f1f508dac533379478af2bda9a95cce298070a716c5d3de61c0831df1efcd9
+	C = d8763001e6331b63ac4db4630f83559b46f91cd116521a1594a1c9a88bb691a3a5e462bae8f88837fdead7abc010b0892ace3e24fb27bc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 89c683035b7c0c5af68c1446bc4083a7cc51da09f4a1e9c66d96e839841b259c02ac6c960c12bb6242f4ba03383bc4860ca18dc912b97119aef23cbb1cba16829b7d9dcf8ce741258ceff269e8fea7e9ff07337e7a623bc6c26242c78abf41e6a89879956c6915bb1f85ed9efa366e3599d3e8607a4164a2c61452f74406ea7a
+** GENERATE (SECOND CALL):
+	V = 6403eb29da83fe78ce2597808331b7dcfcd8b92a2f01c851d8ea47dc73c65da1df5e0745fb5b3003d87b70a174c569614d6331eab8c32c
+	C = d8763001e6331b63ac4db4630f83559b46f91cd116521a1594a1c9a88bb691a3a5e462bae8f88837fdead7abc010b0892ace3e24fb27bc
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = c45ae6d7806786dda15e300f26c91b5eb109601e6118cac56e347df9708e1652
+Nonce = 85ff3557a92db12ef005b93866ff5f41
+PersonalizationString = 43ab6ea902920a965b15ea7b19bfe6b2ec7b6761754c8fa88b7460a556cecc64
+** INSTANTIATE:
+	V = 895b00786483b6c205a3b3f768d5f9a033217a9231323b4e1ae80eb1477ce486912d5b5871cfd1e4f5152009246049c9a7ca371f066f79
+	C = f87c3aedcdcfc8dac0d6927ff3b29b2b634fe3cf3fa5769253cc94857614ef031ddaaea3c7431212c4a017f6367b0995dde2957b37176c
+	reseed counter = 1
+EntropyInputReseed = c2c49f57b7b1efca89a1e030dbc359b8acbc0bf88ab5733ffc3591d15207d205
+AdditionalInputReseed = 
+** RESEED:
+	V = e499b5e4ee05c05de5d1d20841ef0d574f2437d750b3d8aa3f2245887104f92de7a04ceb6aeb8afbf22436ff63e53f6d9bb9f6dd0613a3
+	C = a28d22b269fb8247709bbb01298f25128b12d102d60e44560b0230835e565e7161dd56bdad5b1b18a31138a1b7781a332bc084ec6ef4b8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8726d897580142a5566d8d096b7e3269da3708da26c21dcb0548334e6625b8a534f3cfc4f357d4ee63b908d43aafb2914e611dc05448ce
+	C = a28d22b269fb8247709bbb01298f25128b12d102d60e44560b0230835e565e7161dd56bdad5b1b18a31138a1b7781a332bc084ec6ef4b8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 790a8f6a3a816169b2c63062dc8f4ea6b5dc1112337a8365ca2573bb9d52903f9ef635496bfa1753d02764bb7fb3ded597d0076bcc17471e0069c18ee2d0df63d12568d0ded10f5fdd42cf4b18aca9ecbd07e3ac80188e7bc5b22ca0a4ff805b2d269ddebf3d514b0aa08581291bde6bbad0483f804bca7de03bb8b16e1500f8
+** GENERATE (SECOND CALL):
+	V = 29b3fb49c1fcc4ecc709480a950d577c6549d9dcfcd062488859e2517fa25f3dc3245223b116464ae9b17391c3089444920f5c9e0fd2a6
+	C = a28d22b269fb8247709bbb01298f25128b12d102d60e44560b0230835e565e7161dd56bdad5b1b18a31138a1b7781a332bc084ec6ef4b8
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = d297fa452e5659f39e000b45778007248b1d2b81c78f0626061a914527d418e2
+Nonce = 720ed1f7f7f4fce2e19313ec5e5178b4
+PersonalizationString = 53f20c26e83bcf014ed2e452d69a63b47f04ad0724ef1b5ba3083e279e64000e
+** INSTANTIATE:
+	V = 1d09676937c65d6c3858226dc6f6956957a98d3156e081096b4c4ef30460f0cb0d04d1fdec538f62ccc99a0d76d4fb12dd3629dd3089d9
+	C = 7acca109c2ae539a6d1d1744ea1154019620c7371ff9bd8876af4966ec46b53f734bb07bde5a35714e485f25eba4906a5be235de9ccb26
+	reseed counter = 1
+EntropyInputReseed = 84eeb5769bb93f6b4f472b46771a464c957c2ccd6f07dcbee31f09edf11d3fb4
+AdditionalInputReseed = 
+** RESEED:
+	V = b45fb68a72a217b23245da0a18d4048a63c208e677e5d01e70a57cd12b034a9ae21ff21755e6e4c229dd82b438e9fabf1485ca1db547dc
+	C = c6ab874b0d83f808cf2dbcd3123f527b03a15b6c8387420ccc5b6a7a2ae1c83c17b77aefcfe90743dafdf3040ee06df942fdb80ec1243b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7b0b3dd580260fbb017396dd2b13570567636452fb6d125c0572f528d17fa74c8b51dc2b7825003ca5635c3794a26dc7d4d64eb028ddc6
+	C = c6ab874b0d83f808cf2dbcd3123f527b03a15b6c8387420ccc5b6a7a2ae1c83c17b77aefcfe90743dafdf3040ee06df942fdb80ec1243b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 32dc229728e6b1ea8b4357d88a087e59454fa60d8e3843369ecd306fe89517738ae6bea1094b62bb04a99d838d96d024ac7b75ad83d018260147964c60ce9b7dccf78dcaa4e3c03fc084052906908b9846233aae7623997a92685bb389ff14bd4b8ebc765d170be87d2faae89530a903ec838d678d22451c185ebcaaee460e31
+** GENERATE (SECOND CALL):
+	V = 41b6c5208daa07c3d0a153b03d52a9806b04bfbf7ef454c555419f0c70b2f7dd3f65ebf3417f2269213e2f2d58d85619686a6a3751eadd
+	C = c6ab874b0d83f808cf2dbcd3123f527b03a15b6c8387420ccc5b6a7a2ae1c83c17b77aefcfe90743dafdf3040ee06df942fdb80ec1243b
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = de01f45b2dd8df80fd5c0c57e1eff623213170199912772fdd731c33709475d3
+Nonce = 6d18ec744a1943fec980ac5938c67794
+PersonalizationString = 586605bc3abffa25b3960b259b1c8e19c931b5eee1ee48f48ccfd053424002c9
+** INSTANTIATE:
+	V = d69659b371dc28e0c9ace98dc1b7a7b8d85e4361753b826f2d4a35ccf74102e491cdb213c6108e1a342512175f6943b836c12627ab5a88
+	C = 1e6653b3bd938dbe0712992cf06cfdb1c0b38d67a514c335b0af0d2bae10e2e810b0f864ae8741d9c94d0da7f4db2ef4a362111934480f
+	reseed counter = 1
+EntropyInputReseed = 24c51ce6f1b1fc8beaea4b02647a48205fe80785f1469e16149bbb748f458b95
+AdditionalInputReseed = 
+** RESEED:
+	V = 5a44b54a404b6e5830a727df2d51d3d140a839d64c78d3a276ba9826e30aed0ea33e5ed6b1d0abbfc84d70d4439fb0f51a7ec22fa34d91
+	C = 48eddabca074913d01504897fc5d99b1e166905789ff38e8aed3e1292c0398b8dc4c51ab0c014a61d58e3a0aabbc37d17ed97d030c1273
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a3329006e0bfff9531f7707729af6d83220eca2dd6780cf7975607b78978e16a43dd71f3e2c9c1ea550ac9ecf3035a3cdf49b6b4afa36c
+	C = 48eddabca074913d01504897fc5d99b1e166905789ff38e8aed3e1292c0398b8dc4c51ab0c014a61d58e3a0aabbc37d17ed97d030c1273
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8262205906e1aa1c6a93a64876517ab771f6727dda55f120c48aee6a77a5a7b73477edfa7f9551155f7c2b36661f2f44fbcd8ff6f3955c2f6e3940f761e59767fe63f93fc3c58c0da7973e4bac1dd6038c1819c66c95468ab7c438ffdce360df45c5dd2554754ff7d5e5d83cfe904ae791e85786074514a969e538ade0721567
+** GENERATE (SECOND CALL):
+	V = ec206ac3813490d23347b90f260d073503755a8560774682a07eed6920575dc300d55f795de8084808ac2afebbca6c703b8ffa31ad4540
+	C = 48eddabca074913d01504897fc5d99b1e166905789ff38e8aed3e1292c0398b8dc4c51ab0c014a61d58e3a0aabbc37d17ed97d030c1273
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 4c76639e708982cc7e59f836722b4c0f602ddeeaf49ad98fc9a8b72195c6ff34
+Nonce = 162e69a25c4f7818a562ccde5a74c3e6
+PersonalizationString = 7be278014fc689afdc1fa75abb794703ec4fc19b0f0b266adb870b41d3966efb
+** INSTANTIATE:
+	V = a4d7f01d3b8944389a03323986facbd0635ef19e018c3ad6618a0ff157c9539b2565d5fe4c8b71a8c7bc9deb68478be748a29f9517b673
+	C = a08eeabe0853a84254cf614858a4251523142d2dd2375b011e29c65bd8d1122604a1fd1f6ea2f3b088aaa26e4c6e5d81457b03352dd513
+	reseed counter = 1
+EntropyInputReseed = d5c328e466830c87212f656d90a2f037a1c54a922b216bf422714fec37779a02
+AdditionalInputReseed = 
+** RESEED:
+	V = 32a9201cfb6ffc125086effe104f22f66e275ac99792f5247d4dec32b8da33976c0c8c88259d0621af1495a6780beb3b0e990cd6fa1919
+	C = 4c197fdcb51405d68e2e133591c209ddfcc5505304c630eb25b56d9572289375c78bc97a8f058a09c6d4d3ebd0d6e0a6fa4e815fb5d39b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7ec29ff9b08401e8deb50333a2112cd46aecab1c9c5926d2ff1ea204a66fc44e35d346e496c62e1b82b18225f28be14cd526d231178fcb
+	C = 4c197fdcb51405d68e2e133591c209ddfcc5505304c630eb25b56d9572289375c78bc97a8f058a09c6d4d3ebd0d6e0a6fa4e815fb5d39b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e18cab0e9a533e9ac50df426173fe02cbd1e22e88fb96ed4f3e25af67c3535f0b4866fbfb371b7856a28c2eb611ef8bee99d001542e73cdbe01af29d8488336a69ed81d38e14b50f88bb6fffc19bc21beee0e4e1550c70264e4e9954cf7f09da663205c03e3ea4411b1ad84653edf3866c3ff6462aeb506b3a17d38b7c7b98db
+** GENERATE (SECOND CALL):
+	V = cadc1fd6659807bf6ce3166933d336b267b1fb6fa11f58969212e1915cea0cd442cc4b10dfd94e86db13058b8b3c70c940d186ed024fc5
+	C = 4c197fdcb51405d68e2e133591c209ddfcc5505304c630eb25b56d9572289375c78bc97a8f058a09c6d4d3ebd0d6e0a6fa4e815fb5d39b
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 1f2d244d29cd6fb53cabb5e4d931c70ae2aa43ff46e6d43bbf325279b4266fe7
+Nonce = f6db19aa792560b2e180c0ff9776a69b
+PersonalizationString = b77ac6d22c2c6be63633c0ef05d583cb732be155ea0f72d02bec7e8b3ba51731
+** INSTANTIATE:
+	V = d55f2cf312c4415507e506408bf571a68773819d8208cdffb83bd2918fbdc761e7118ff5ec940986d6396048fa31ca042cf277d404c3df
+	C = 8e4bef7a321e67f6b63235ff214fe3c5229f466e4ff4526a950013a3eb877453a832b45f12f8dd357a24ce4c474b46ad80526141087051
+	reseed counter = 1
+EntropyInputReseed = 78d9e4b62aa6a004b36ef4fe974cafec66076a2c6d85d95af124d2e336ac52ec
+AdditionalInputReseed = 
+** RESEED:
+	V = 1e81dcf719733ceba646785bb57feb7933a28d305e9bd2e04b861691c76f67d691fbe3fb9e06450d2257ba45a5ca9785ae0d03c565dd13
+	C = 964756e24372a49a8a88981d50287c67eaf3ba1fdcfcdb78fd7e17b413d795750fbf91ca024a6a41e89b450ea0fa04318657a82ef71d6d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b4c933d95ce5e18630cf107905a867e11e9647503b98aed91b6fbe0edc9e998caaf59cc6cf3c14a4a5a9aeaeadeda8f37f631aa7db97bb
+	C = 964756e24372a49a8a88981d50287c67eaf3ba1fdcfcdb78fd7e17b413d795750fbf91ca024a6a41e89b450ea0fa04318657a82ef71d6d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 80be00a12bbbc6f683d632640c03dea75184fbb764e61a06eb4f56cb13021fc2107dfb9e0bff0fb89ed0038118d75c122ceb31a32be3f359020b1fe651bed7c81f96a39e399ae26c3fe09136c3261b045e987d14867d624a173b466d831c492e58a0d0ba90b1aa874b7dec73959c1936d6af5cebb9568e99bb9fb2fe882b4af2
+** GENERATE (SECOND CALL):
+	V = 4b108abba0588620bb57a89655d0e449098a017018958affe790c993dff62bf4f0a24cd55fe1e08d8df9b9290aaf36180c8e438b96b83c
+	C = 964756e24372a49a8a88981d50287c67eaf3ba1fdcfcdb78fd7e17b413d795750fbf91ca024a6a41e89b450ea0fa04318657a82ef71d6d
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 6990734750a4e9b5c59374ea4f2ff4695817ffc94d166ce780206caf9f8032ce
+Nonce = 9167fb62fb5bf1b1c32392adeb3117cd
+PersonalizationString = 1f7e7245fea86f9abb1999f6638a2e5a4bd1121f52960db80dcef970b6696f1c
+** INSTANTIATE:
+	V = 3ce6a42feedb9e9b84c56b969d13b152e66f96dd058a8c1d4ad6382ac6a64e76b5d3d053d6463da34076336a5282e48540b774fc762520
+	C = 075c25caf0d55c4ade8b0df8525766054b503e1739c259b2712278264e35a7ee7a9f3f2ace260db0d816a5e2a77ddbd0c980bbf3ee9580
+	reseed counter = 1
+EntropyInputReseed = 85727d6e385d55878dc10b84d38937db6a7530cea27530d6e3f41c30e60defd9
+AdditionalInputReseed = 34471bfc6854d46d5da8d624680f2d9e7ea7a2e7e47652245b1a3569066d5e41
+** RESEED:
+	V = 4ab93e22a5ff97dd8714fd7cba27adeac441fc6134125ce2dad763b8f83be88d503b9024ad5e908cd27fafb45990fd4fe2438507d2a211
+	C = c3a6aecf2cf4a69d9f2885b8ae5f4adef527c15d92fda553f15133f9ba3dec347ef072a1ba03134b4a9f3b4fae313460800e64dc595eb8
+	reseed counter = 1
+AdditionalInput = 2a02ffe392da0577f3a10eb5a86be2ea8a7e1cc2ee69be0570beba7ce672bc9b
+** GENERATE (FIRST CALL):
+	V = 0e5fecf1d2f43e7b263d83356886f8c9b969bdbec71002f8abefb8740c5ffb2d4309f52ae9ec0c4aa29e2d500cfc4b515c3d519c29321d
+	C = c3a6aecf2cf4a69d9f2885b8ae5f4adef527c15d92fda553f15133f9ba3dec347ef072a1ba03134b4a9f3b4fae313460800e64dc595eb8
+	reseed counter = 2
+AdditionalInput = 79b451e4e97b14610ff6a8a80ebc9fe05b0fcc847f327416b8f5dfcebdaff3f9
+ReturnedBits = 08a1a80fa014eeede9f74af9232c65e32605ab2bdcb5402386b04abd6b839fdf78d5c86b970f99c3e48bb83a9dcb60f108910c3026efea635e3b5cb1513ffc3e6d7601b0e4f9c7a1a2d8bc7b287aaf9cb441fdf5d57a8fc9c37a61be19a20632078ab2ae36bfc243934feef7e3d670bbc7df3d4f08458be0102f648ae23c8ce4
+** GENERATE (SECOND CALL):
+	V = d2069bc0ffe8e518c56608ee16e643a8ae917f1c5a0da892f90cb8cdd0714c39e188b86ecd673ed9245c267cf8d25585fa1356ef4fde42
+	C = c3a6aecf2cf4a69d9f2885b8ae5f4adef527c15d92fda553f15133f9ba3dec347ef072a1ba03134b4a9f3b4fae313460800e64dc595eb8
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 5175849ff1a3e214c26254c011b0c72d30c4b8322396f891c1745bd018a596c3
+Nonce = 272d990d8447cf9b57a302fab8f1d25a
+PersonalizationString = 875fd556e46e9ac8a2274bd4e3a3a73e8d818cc55c0865445dd1ea5e00fe0e92
+** INSTANTIATE:
+	V = 9d05e972bdec1a0f75b323a4b98d104c1a11e084a296f2e64a6a43f80fd2875f07ef3dfd1a03fdd77dc93ba23482f20733b125514eb9c9
+	C = f734af9477cabe4b94695d1b06a8569997ee67e6bde528c33cc4326335f38989f2d4c9eafd27ca0bf2c97f362fc91fa0a5932a084b64dd
+	reseed counter = 1
+EntropyInputReseed = b0d3b3718d7c521e48a1c4468712cff657697c9e0f013c762561a338fcab5d93
+AdditionalInputReseed = f3cd1d650f2fc203cf60e8911f12c5572ae80d6b695265a7ae604cf0da9c1ec1
+** RESEED:
+	V = 1c514c4e811bce236282e85e664cf7a3b66a63ed853bd067ad6ee2c04b7ffe32e8ce237bab283463198ba3a288fa574e3b7d9278b2c9bf
+	C = 3ea80b215c6158b5f28aa5df19e29b0172ea52eb9c4a0553c8445a9fa1eeb910c54068846ae5f61da4755aa2d558a2d3aadbf0373f214e
+	reseed counter = 1
+AdditionalInput = da0fbfd8d002b5769dec4b8fe5980a10fc6a8b6e5b85f191e14f5836351e4d18
+** GENERATE (FIRST CALL):
+	V = 5af9576fdd7d26d9550d8e3d802f92a52954b6d92185d71bb8467c39b1ca17eedca0c91bef31a505acb25ea788bb2a760148b7e1c78786
+	C = 3ea80b215c6158b5f28aa5df19e29b0172ea52eb9c4a0553c8445a9fa1eeb910c54068846ae5f61da4755aa2d558a2d3aadbf0373f214e
+	reseed counter = 2
+AdditionalInput = 384c29a9faf4302d808efb3bc081b2216ac98bc36b75d949707c9a4e87c254f4
+ReturnedBits = 7ae718f0765c97b597b05b44ffe5ae491620821ef95677b09caf20d62e9fa96557af49483dd0b8ef879ac39cba108d4dd0e676075def58a3451797e7365d87bcaa059353d9355071ab625acf872f2658390250e42019a2f01a70f226c0325b3d74170ed178859e27edd9452eeabbc48d76ddb516519dfe1480d877d971f2232f
+** GENERATE (SECOND CALL):
+	V = 99a1629139de7f8f4798341c9a122da69c3f09c4bdcfdd8e97028c945558272a33b8fa0af3870f5fa91f0d914ed766b1cca9665bb898d9
+	C = 3ea80b215c6158b5f28aa5df19e29b0172ea52eb9c4a0553c8445a9fa1eeb910c54068846ae5f61da4755aa2d558a2d3aadbf0373f214e
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 41fa07443a25ad20bb685e85cc56731da9570f1c74b5080518a03a2ee54d81c7
+Nonce = 7b27def4e68d8fa8b79d364f47f44675
+PersonalizationString = 3704b8f74aac12ceff56a2b82b6b9efa3442551c71defcc7a859e4b55bd2433a
+** INSTANTIATE:
+	V = e65ed7b0e489768fffe38a22e3680916c452e2835ff3cd506750cb282eca4e64e56f7249f03236c823d20c71a47545d3af57328618d8f4
+	C = dbd0f4df7376ea54ec1304a0c698b650d8a7f65dc627233a2e26a67e8b6057f796c61e0e926763a73da4dc5cdf46fabd2970abf303d861
+	reseed counter = 1
+EntropyInputReseed = e7b9ca3e969b19e190d1ad954d026c686cab97b4dbc21e3632dabf53f8262051
+AdditionalInputReseed = 3ff0994ad653e1019c1ad5e95cbd81a060bf3863e8bd1178609f9973a2325d37
+** RESEED:
+	V = 08a72b2e88633c3d9964483269d9d0ab3cdae4a1b74eb16760a5535f3bbdb5f172d53924def5928e7bfeabc5938295a3650b054f028398
+	C = 1ccc73b0caaffd282dfda939e1d231f7cc6bb411317437c361346df9c401ded92840894c8b259fe0a77af318d082ad8701710e84a88909
+	reseed counter = 1
+AdditionalInput = aca60296ef555cdcdfcc7139ab92f505f30fa181a1f8931a37d2c29cf2c549f7
+** GENERATE (FIRST CALL):
+	V = 25739edf53133965c761f16c4bac02a3094698b2e8c2ea1e4b73f690d789898fe0b779aacfea1ad9fc284e3ae9fef64edbfad954219516
+	C = 1ccc73b0caaffd282dfda939e1d231f7cc6bb411317437c361346df9c401ded92840894c8b259fe0a77af318d082ad8701710e84a88909
+	reseed counter = 2
+AdditionalInput = fea6a89023827c18de12afa2e92dd56e93e281cceae89310d8f20ca09240d385
+ReturnedBits = 458cb686f73772505872d68ef9ca019804256677de02cefccddeb8be4cbb866b828a7f2c0eff717ff5e534892f5f0994c2642be1efd2121f8e1a31c311ed595a1e7604b4e0549d546e4c6ca69d2b7150eeab8a34b94b9dfd7b69621755acb0d3b8eb55f482ca53db6866e4c49c2f4a2f801f72c97ee775acf7c77c7d4c443f6d
+** GENERATE (SECOND CALL):
+	V = 424012901dc3368df55f9aa62d7e349ad5b24cc41a3722e8b75741bbdaf4ab6b30cd6bd7108e216000f316fb0488fba765fb0d891d8d7a
+	C = 1ccc73b0caaffd282dfda939e1d231f7cc6bb411317437c361346df9c401ded92840894c8b259fe0a77af318d082ad8701710e84a88909
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = ea4dc7dc2bb8710c5a159cd315b8e02b841ed0d877ef53701c6141f2db80c865
+Nonce = 849013a9f7563ce4d2b71df7a86458d4
+PersonalizationString = a9bf108c3d22bca5c548f22b0f81937068142a5546c7bba811e1ae1e98e455aa
+** INSTANTIATE:
+	V = 3f81001ab99fe075152039fb487b51204178c9fa5518a57cce51ebc53af8639b7891df99b2f7e4018031df5a9bdd4a3a692ae32beabfc2
+	C = d356d1449e8ee9dfad4deb14e0744c5748e4e446eb6c0086cf68ed6fa7822823de5f2b15555726eb57af9382a527bf19fae83ce36e70f2
+	reseed counter = 1
+EntropyInputReseed = 962ab681315c225c119f58fccaa0d26ad929712902bbf4273617dbcb4e451689
+AdditionalInputReseed = 8d6b4695344e29ec97ebc85e6288187794d422a47bc9bf3e522d73198bcd8b05
+** RESEED:
+	V = e3a3bc3ade52df8a006e31972d042fbf295e3410acd1867db3c7365b77e83265da5c3025fc5c30856862a7d5df489833af5329dc261556
+	C = 4501978cb6e54fce7677cb04a28caae622e4d3985a54ecf10f5eaa1851ea1af718be1c48be89be4be635e93608dcd089399690788560d3
+	reseed counter = 1
+AdditionalInput = 46d28298fc6aa313b0070c9e4e8bd55cb528c2adde7649cdf623841ec6b07449
+** GENERATE (FIRST CALL):
+	V = 28a553c795382f5876e5fc9bcf90daa54c4307a90726753a6a55125e89a75946fd1bc2228fa6fca83867d07a761436916ef43a09d96fa5
+	C = 4501978cb6e54fce7677cb04a28caae622e4d3985a54ecf10f5eaa1851ea1af718be1c48be89be4be635e93608dcd089399690788560d3
+	reseed counter = 2
+AdditionalInput = 3522ff6c3b02d6909b9cc342096e94e12f83a7d305c6a7affca1938be0831217
+ReturnedBits = c2a6f115934e4c6161523640773cdb17743629e7c2a328f91f8038abccb7d26001408008cfee9b1f8c2ce4970b6937a4fec7439369c90930df80e1713ae666827c1acaad0de4aa67c944419d20c8b26b1919b7b1a9fd960b8fc31d2f02d9a91b73d01c75202c88e54f9349c22b7c7f6a56d9dd70b1148ce0192f30068b1b5539
+** GENERATE (SECOND CALL):
+	V = 6da6eb544c1d7f26ed5dc7a0721d858b6f27db41617b63002bb4b53a3f8eddb4afb6bc739dfc21adc88e20916b0d75c5f949f2acf4283e
+	C = 4501978cb6e54fce7677cb04a28caae622e4d3985a54ecf10f5eaa1851ea1af718be1c48be89be4be635e93608dcd089399690788560d3
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 7cbe691b40c09ac0d4e9656eb8dda705ea798bd126c914a6da5988fcf1f4888c
+Nonce = 65f07d2ca8cb42296075b09070d2de20
+PersonalizationString = 68aa6607b69c682da5e6ec8eaf0b34a7d7674dff5241bd23a01443224e1980eb
+** INSTANTIATE:
+	V = 03af041c5efb6c2fd4eff18bcae51036ab32a2d3f6b708f3aeb84d14dfd765ff62b5958e8846161f5bbfcfdfb8c7141f4824fad491b817
+	C = 6d25063a4222e7f192d3800e3b8ad8fb1d20af2d15da62de21e89113a0bda6b9a97982cc0a37994dedb1b292f1aed9401f7e6e1003c1be
+	reseed counter = 1
+EntropyInputReseed = e0ca4f5071e78120a578391c8372e4d47a96d0f53098ad89ada98e908a7044c4
+AdditionalInputReseed = 1a8e06247c8e5b34bac5efc875d88bc1ec261355d87a8dfc66f78ad5f0bdf36f
+** RESEED:
+	V = fa5aeaad99a50c6ca8cca647f9e9b8b2f9c28ac387ea2ed011896d1dead25e92307802744824adb41bf9c5deed1c09c27d7b8c0ec1776b
+	C = ba56e55bb91b9878b2cdb03d8b50cc609720855f110888d4c6925923417997d167bef2cda622d8c1e4702ca4aa5012e82ab21d91dc3b51
+	reseed counter = 1
+AdditionalInput = 4bd78f0830d04cf369d3068f520ab109f212e0869381bf100bbeb3c795f3a3e9
+** GENERATE (FIRST CALL):
+	V = b4b1d00952c0a4e55b9a5685853a851390e3102298f2b904d489feeae16e59a9faa6b351e4338e5977b3b019a5b3a4d8e2409905cd5a80
+	C = ba56e55bb91b9878b2cdb03d8b50cc609720855f110888d4c6925923417997d167bef2cda622d8c1e4702ca4aa5012e82ab21d91dc3b51
+	reseed counter = 2
+AdditionalInput = 182cb2b90230b36a6ff49e8d01825cd11bdf533ceacfdf90a4570628a5d13133
+ReturnedBits = 07a72c27c416628e28a5dc34046e8d8a5d979bfd1e8e46a443cb5e9465e74151b60b905194ac34df0548e214e02adbc4eb113a4110084c97bc6f28c401b3918bc012b3921c69facc5597af1c24725b7cd266367fe0f9430996e784b61cb656849b6181616863448ee9401c60aa520a841b0858974eba7095f9883e99111c7b04
+** GENERATE (SECOND CALL):
+	V = 6f08b5650bdc3d5e0e6806c3108b517428039581a9fb43066f5d4f892b18ed0314c2404d6d4e56f92d4aa45f1e8509fb7f2970132a926a
+	C = ba56e55bb91b9878b2cdb03d8b50cc609720855f110888d4c6925923417997d167bef2cda622d8c1e4702ca4aa5012e82ab21d91dc3b51
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = f7d4f3d64494caf72850bb57d421e36bf290176babdb4582ba003807f1c827c9
+Nonce = ea0103719ad6ef7da692cdbac1e1c247
+PersonalizationString = 7a5ed50ff21914936697415a02471b272ba1b0989df7c2a9d2b22333ed1296c4
+** INSTANTIATE:
+	V = d8bdd33597169b8cfdf828074d8fa3c4041040292422abc55ef36fd44295f9fae6f114a3f1ab6dd384f74a02aabf8cd58d3b19f7499561
+	C = 73cdcc2f7d0df778954b601b148abaec6f438fe888b896709601ab53a576f790d74b9533b7877b57f794405feb96279bf38425de2d6134
+	reseed counter = 1
+EntropyInputReseed = 9f8123bda186305be88cd92743bf0d5daa16778146029846c52fb0d1c53425f4
+AdditionalInputReseed = 6ee5477eb509e66f86044888dcc4cf6e46ffbeabf673f52e1dca43e54f7cfa01
+** RESEED:
+	V = a3807ad46c8a9a9bb19b7e52dd26ed90e22abdcbafca92c9f1aa72dd8f63b61258e709eab73780eb31835bbebd39baed7be66aa615975a
+	C = 11ac365dafc7dd884a007abd82a5bd76dc00b4fb618a0f40128c7ef6261f0d87b1fab3de1a29396d9e6ca2a068e097319663423004d64c
+	reseed counter = 1
+AdditionalInput = 7d47fa0cd1efe85b1e780d78f4e46e0449f360bf8cd4c92e3d5065926331bfc4
+** GENERATE (FIRST CALL):
+	V = b52cb1321c527823fb9bf9105fccab07be2b72c71154a2e79b41a9b6cbae6193d54e5c39f2842998b656121d1c0f19aca5d511b559626b
+	C = 11ac365dafc7dd884a007abd82a5bd76dc00b4fb618a0f40128c7ef6261f0d87b1fab3de1a29396d9e6ca2a068e097319663423004d64c
+	reseed counter = 2
+AdditionalInput = 8269b3e4aa0f88c4b2d11db86a16138317f5082caee100badf0be13dc5b65c1a
+ReturnedBits = a38784fa14f505d888c6c2159c728d105c0cec32739c043ba04b8dc21e0c06e2b15c54217cf3326c668687ec17e13cc7219e24eb19bc60cbc334a4b5ee149846d33f602c8560538d718879f83b4a72ead6591553a5fccda6bd5b1fcdc248022b508b057d2976664a70b5ea5ad8b2e61ba737dd60a492713cd629e63ff0f0b70e
+** GENERATE (SECOND CALL):
+	V = c6d8e78fcc1a55ac459c73cde272687e9a2c27c272deb38950c4f831229a63f278c004e2f61524f4bd74f2db41be95fe7e99bc0bcd14a2
+	C = 11ac365dafc7dd884a007abd82a5bd76dc00b4fb618a0f40128c7ef6261f0d87b1fab3de1a29396d9e6ca2a068e097319663423004d64c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 8468d148b0db195113adffb7b119d8b0e91a03b29bad6b3401b8326e9dc2154a
+Nonce = 11f38ad6bbb5bf8599f561d823ebcd41
+PersonalizationString = aa900748dac7a660d249c2d132bb03fe6ab52e581d6a953b29909d258a305afe
+** INSTANTIATE:
+	V = 92512f1119e59c8c8c9ad9329c92c4d02b6c8047e626d9958c001e062e826261731830b19c7f2c8c0790566a6001fc8e62e36ce0935add
+	C = d0ebda8461e706ef5b6004d658407696234aa80474747b5f05a00923d1bbb1c9335c3e6cc6fde73a8b32934f0dfd939bc6866ff28b3dd4
+	reseed counter = 1
+EntropyInputReseed = 8097887849ac53713e2af2733b7d35153134b8f42ac3ba39af06c4d270f0a7dc
+AdditionalInputReseed = 2da8e5b4eedca1190283dd31d8113f255fd0551699d95ed24c0230cefd458307
+** RESEED:
+	V = 075728e3e889cfbd5d313a83a9e45d1bd4b8523053e64b0aaceabf1899f636679beb361218cf4c657714fad5965b2f2f7ce09b81e882e1
+	C = 53013711b18e7c1ff24437659cffb9f99b3dc59976a582b959b25ea35eb185aef86e6baf187cc3cdc6c991b2daa15b1f421ca8ae9f8ac0
+	reseed counter = 1
+AdditionalInput = 4423133c011719246d138545444ddfac09f96832449f2525d003cf468c7a267c
+** GENERATE (FIRST CALL):
+	V = 5a585ff59a184bdd4f7571e946e417156ff617c9ca8bcf4c956cbf98dc5995fd9092ddee4c36881419f095abfb2da2a3b0b8d5b6b6164c
+	C = 53013711b18e7c1ff24437659cffb9f99b3dc59976a582b959b25ea35eb185aef86e6baf187cc3cdc6c991b2daa15b1f421ca8ae9f8ac0
+	reseed counter = 2
+AdditionalInput = d7e30913de892acf4f56e1280b71bf9013cb1fb761d43d891fb81d659530221d
+ReturnedBits = 5e533fdf45f7e4dc9b6af088f0619b8034b75ea25baba3cd42529535d4bb3753762b7a7b91d353ca9d339b3b5a8e3cade90ab360ce4f9e0b6f982bdba3308ef7f8ff74d936ac980f7ed24b767aedcb7df37e2fa5aa973a11ce483c0e6c05b8482aecfffb2df5fda686b82c9ea07b520bdf0d3efbce7ffb86818d773803386aec
+** GENERATE (SECOND CALL):
+	V = ad5997074ba6c7fd41b9a94ee3e3d10f0b33dd634131536b689b29d622ead580e38643d8b32aa0d7482be05b997d820d9e24c799f54ae4
+	C = 53013711b18e7c1ff24437659cffb9f99b3dc59976a582b959b25ea35eb185aef86e6baf187cc3cdc6c991b2daa15b1f421ca8ae9f8ac0
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = be0b982448d333fea2e94e41de700666a4a74eaf65a0e6401c541c61d530df73
+Nonce = db2bacf0b219b90f5790350599a7305e
+PersonalizationString = d049d8cae0c92ba1ed32505323c944b5875968cf3bbf4cc0094963e25a82dcf4
+** INSTANTIATE:
+	V = ade9f8caa0ef8c257c106d7d6e57b5354e8f99917136acf1dcde6dfcbb53e917cc1fab06d90e56c7f97a6663c639a40f32fa10e9d7ba66
+	C = 403099400990cc5e2af6f3898d8f267a04ef01d3d247d5eab76a4b9d749ee66f3d850281be141575c6d62d42a4661745c62f498b3099d9
+	reseed counter = 1
+EntropyInputReseed = dd9628832c0282dc3280386a8f89ca5ba48edb2a2a35a952ecd476e322ad962a
+AdditionalInputReseed = f03133cb78b284d5151721f241d70ab2d3264124cd130221b6c9d28b243d594c
+** RESEED:
+	V = 7199de7b8cf574da761de9ed85932a3a076405198de682cf3b18df60c67ccf1532dd1325d4d9d568c2baa76eece59aa9be071d7c889fd4
+	C = 7b41df6db55c0806fb94505aea3c3d2402c4fb4da3352aae5e442b16626a8c9305246fa221ec608a2b7d8e18c06054bc91d4eef2652824
+	reseed counter = 1
+AdditionalInput = b7b3f9dab15c8930eba3d8d9e08cde90a80c4eefc3816092aabb36a8d62d3fe6
+** GENERATE (FIRST CALL):
+	V = ecdbbde942517ce171b23a486fcf675e0a290067311bae3271327140e53d64713a3c8a598636d90d7006b457fad16ec1f0c355262017cd
+	C = 7b41df6db55c0806fb94505aea3c3d2402c4fb4da3352aae5e442b16626a8c9305246fa221ec608a2b7d8e18c06054bc91d4eef2652824
+	reseed counter = 2
+AdditionalInput = af0b63f411af3f97db3302156117d736b1b9c2d8be193532e368214afd2e1f74
+ReturnedBits = 7d70273063c51489aae2235349a0dc81299e460d5ecdcb7b00b596a5e423757b6cbf4b2ab18efc14bbb6f54c5da4ac7effabdac6dbc3adbf3074dac35d2a3086708dd2a8dba3dd71de97d008ffff00d5a5c3c52f60907a9a488b72158dc66422cec5e6e4ba2544c9d696729bb042bc44df0a00187761c4aa76ec8896a423f5ad
+** GENERATE (SECOND CALL):
+	V = 681d9d56f7ad84e86d468aa35a0ba4820cedfbb4d450d9fd70125a5003fa1bcc105a1fcd9faedf367f335bbd4e1f84e5e3bd4fe313c7f8
+	C = 7b41df6db55c0806fb94505aea3c3d2402c4fb4da3352aae5e442b16626a8c9305246fa221ec608a2b7d8e18c06054bc91d4eef2652824
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 93a9fd5da0d076d1f4cc45dafa133561964cc964ab24b30bb8f7f192bbbfa754
+Nonce = e6eb35f58adc1e138551152876d278af
+PersonalizationString = 10567b6b63a6f3a9c1ec2c39fa0041e7b0283d3c2debb2889fb15e371e904981
+** INSTANTIATE:
+	V = 8992f86fd93969139f7b3e75819c66343d4b130fc940ac84a53c94b261c65c6df6590743489e209a667949a6a56963e1de5114a451f28e
+	C = 07be1dd3c07a8d9c9c61b3e64752b3a70bf158dcd42acc99256e7340655cd337016c90762d209ac523f1d3e2aaeeb146a726ab4efc67d5
+	reseed counter = 1
+EntropyInputReseed = 9845b682ab843107dbfe3fb600af166c30e6803c600f8b35ea342a0a628a021f
+AdditionalInputReseed = 81a84f906079cea5b532db29d0ce7e282d81fbaa8175591b706d917526a4cf38
+** RESEED:
+	V = 37ac0face40989f72cee0d0080dedb26953183560acf8deaed4b4d38b299e95cca77af9c07080ca9447dacf592a2a8cb41c76d2318b739
+	C = 6bed27b22bef516906dd8a34b9c1bc827f938ff9244ef900b468c71f606edc7f7440b5c4cbb4c3cf3cf3b1d1fb329ddeda3c3c8605abf1
+	reseed counter = 1
+AdditionalInput = 9d32cab75ced653db5d56d902d353020e05e8cd8fdd819892be220d873514faf
+** GENERATE (FIRST CALL):
+	V = a399375f0ff8db6033cb97353aa097a914c5134f2f1e8819bbf801df4e939e679f27ce439cc8ff9c35a55299d9c309d33faddab94354f5
+	C = 6bed27b22bef516906dd8a34b9c1bc827f938ff9244ef900b468c71f606edc7f7440b5c4cbb4c3cf3cf3b1d1fb329ddeda3c3c8605abf1
+	reseed counter = 2
+AdditionalInput = 66ad568f713f4bfaa312801eb5450420b8e8b8c9050ff1b7743cb3da98173887
+ReturnedBits = 78846481aaec97587a87b121fb35f8ca8a6f539fbbd9da00103d3024257cafe28ebe37105d8d8382467e7b3653b86bdcdcaa7ed3a9ac018ec63aad57f4ea1997d1203bd3895a135af8f6a38ebd6e0e366ec1075c05cbc93289633125be314969e9facc1687502e238168b6e90b2cf96f2ecc1562316bf7c3501bff9e8d785e33
+** GENERATE (SECOND CALL):
+	V = 0f865f113be82cc93aa92169f462542b9458a348536d81dd67278b94d4ebeb9d71f4558cc58a95ad1b4eeade1c76215f2885492ec78818
+	C = 6bed27b22bef516906dd8a34b9c1bc827f938ff9244ef900b468c71f606edc7f7440b5c4cbb4c3cf3cf3b1d1fb329ddeda3c3c8605abf1
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = d1b191bb689770945030a354b2b34d10b1efd017751ed0e536492c36a1922fba
+Nonce = 312bd4e68027a51d35e1880172d4545e
+PersonalizationString = 84425f04f3390d31ce4343ad6457919f0e26858f85711d85937c619fc64a0222
+** INSTANTIATE:
+	V = cff4ceb468bb489484f7c03ae5a68ece15b1563694c68a403e5d8af51a50d44051dd45b9c1a05b4b4cebc01ee367fc38b8920bc0df8587
+	C = ac633c8fdc27e04b13ae6c0c754a15b6f6f98e43737a1db7014a7534cb9eb2ba5687f0e2226a0b115f2085b445d6dc0be0676d9a21fbab
+	reseed counter = 1
+EntropyInputReseed = 6fcbc901b5eb8e5ca64ad7dfdbe2f89b67d527788ddea88757db4c17e20e6d97
+AdditionalInputReseed = ac9cbe5a1a22ea085ca7dc272ba7281c78e1e69f7a50f77735e7161b0db913a6
+** RESEED:
+	V = 33e0bd70fa1b04b350c53d284ab920a86af295fa5cbedaafa547b90504191e6186ec489451dd8291421420cd0e5531069684901867d8a2
+	C = a3b029689871796ac79b2c1c3626925c3682654d8b2249ef83fa254f55ce3713f19b07210fdb04d95c9a2f849aae69683140085accf747
+	reseed counter = 1
+AdditionalInput = 36678c4c6d9604d39db459754cc0c30cf6bbd8efa24ef5903d06cfc24aaf9984
+** GENERATE (FIRST CALL):
+	V = d790e6d9928c7e1e1860694480dfb304a174fb47e7e125ee230ab2224c3ad779d905ee5be16334f7f7ef4920a6a7a3bf7b43797fd0d07b
+	C = a3b029689871796ac79b2c1c3626925c3682654d8b2249ef83fa254f55ce3713f19b07210fdb04d95c9a2f849aae69683140085accf747
+	reseed counter = 2
+AdditionalInput = 71acd0dbdfb8f115715b863f3e6d567c738c0a58f0361cf8bea5aadf6f0de9a4
+ReturnedBits = 45d6f916c4f37bc3dde943c3cd4429b2a5222277738e95144cf76769fd80b806d2271086a114fcdf1a557fc7ca9e8b50e7dc96ab3f079aff0c558c630b54d05716540279c4b081fdf94e0cc2a36a995151b1a596de185d61373dc4ac1412e3bc737ed7f473fb9b43fc429467ddd97f389824342b25c764e58db51572d930656b
+** GENERATE (SECOND CALL):
+	V = 7b4110422afdf788dffb9560b7064560d7f76095730370043e1beb16ef4bc050ead3d47cca067f8214ab3643891a48dbf7a468ccd8d537
+	C = a3b029689871796ac79b2c1c3626925c3682654d8b2249ef83fa254f55ce3713f19b07210fdb04d95c9a2f849aae69683140085accf747
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 59a6ee705dc019268fe9f237732586c9e09408c671805e48c9724232f3689967
+Nonce = 003216a766aea6371d151625f42c924e
+PersonalizationString = 9f848e10f31ef7790c107a35eeb4d2e7872a7c0a7a6577942153a06a5009b1a3
+** INSTANTIATE:
+	V = a9e818d64c7240d6e104d353d686c7407524191dc7c81657860320c1ab56f93deedfcd026df85aef1d8a434ac18a4d702e8c5daec8499a
+	C = 359526a2946c3d007eac5957570405656a629beb14323fe9e51dd4e52a93f1f8cbf0453257750dee546ee28e5ba37f877f7d2d9c0ddfe5
+	reseed counter = 1
+EntropyInputReseed = 75b12bbae7481235d3fb6d49c234b389a56474d071bf3235523c7650ceea9363
+AdditionalInputReseed = 65a4d97780d7842263324da4ae2f1764fbe0bd320122d8bae409879da6f41877
+** RESEED:
+	V = 11fb9e2fba3418541dbba7d8368575255aaed18db6c06694ed2ff14aac3c0bdce64c57d7ebbbf66593e2793479597fa50e8e591b9f2ade
+	C = 092419131bfca7d7ad7a886ce3483773d759a7cb4df9f86dca220f6274cd716fa2ce2c2171d428f687a508a50cb3189da524a3785acb36
+	reseed counter = 1
+AdditionalInput = cc3b5d8db2ff3cea3c9d886f375b39cee2ec8d6b76f14f63d2f99710045478e4
+** GENERATE (FIRST CALL):
+	V = 1b1fb742d630c02bcb36304519cdac993208795904ba5f68724107e70683f3d524720d929eb85bb4c0945249f9ad58e280881460b87d3c
+	C = 092419131bfca7d7ad7a886ce3483773d759a7cb4df9f86dca220f6274cd716fa2ce2c2171d428f687a508a50cb3189da524a3785acb36
+	reseed counter = 2
+AdditionalInput = fa3abbad036334faa5554cf59236dc25686962daddbde91ad790e6ae660e4526
+ReturnedBits = a110d5c14345dd1e4cc5a2d0be4ec126faea09578ab9dc257732c0645f42278fd99cad25c6909c0e78a548ed41eb18250887df508c8ac1fee8959dd525b7e5f461b65bc5294e89f428d1bd7d2034a2ac4eac435796f2b1dfcb3271b6df2edac7ec69cf156aa1df91a861c43ab713a3adf1f9fad883d200611ac3590e80f6e902
+** GENERATE (SECOND CALL):
+	V = 2443d055f22d680378b0b8b1fd15e40d0962212452b45956aa9e1aea851d1d7009c91ab6abf0a2d0b00cba500fbdfa56014380bcd088bc
+	C = 092419131bfca7d7ad7a886ce3483773d759a7cb4df9f86dca220f6274cd716fa2ce2c2171d428f687a508a50cb3189da524a3785acb36
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = ee1421f302ff4864f32fd7abe39ff200ec66214137f7881154c461ec504c1c4c
+Nonce = fbad3ec66d0310268d8e20cac3bf27a6
+PersonalizationString = ed834befd05a5d647675ea5a01bf57689b150945e68d27c4b2a6d3ce18ad1028
+** INSTANTIATE:
+	V = f56fe10c817a71a03b4c6c3e63ee299723d24f50506e22575e49c5599d1c081bf07f11b928c6d54a32b468a36b025b20b68cbe560565b5
+	C = 25f83480bf0df1135ffb0989ec8ecc2dc26953f6355b4119e0f75075f87e60418247a0059ed5004ef45dcd0158bde786554dfb2825df14
+	reseed counter = 1
+EntropyInputReseed = 37eb246842cb3044ab8fb422938fb4c21e80f50be19f1236782c53a0e7de814d
+AdditionalInputReseed = bd9e6e85fd97cc39f9ea67f1f175d2dfcce6d7aba208784d64c52b6cb2e5c6cf
+** RESEED:
+	V = f4c3f6f0dd38ce5ff28e126ebd896cc082841433cb80a046a5fa4530e65829fe04b024c4263661b3dba43b1a2daac9b7eae34246863094
+	C = e07a6c6b832cc487c7a4ff40531ab4f6d5a5f32b1a6ef22db294719d8a7bc215b1c6f0400a764d5c54229c45d05766116754fba193d8cc
+	reseed counter = 1
+AdditionalInput = ddeeeb2b0c660c52f9416819a8113fcc8dee7a86343de3e6191abd123aa5ba36
+** GENERATE (FIRST CALL):
+	V = d53e635c606592e7ba3311af10a421b7582a075ee5ef930b76e17050d8de80463d8aec3bb324c1327c138ff8d69895809ba23a36f20db8
+	C = e07a6c6b832cc487c7a4ff40531ab4f6d5a5f32b1a6ef22db294719d8a7bc215b1c6f0400a764d5c54229c45d05766116754fba193d8cc
+	reseed counter = 2
+AdditionalInput = ce1a2880b0aafd50ee5c6a3e5f92d315e9fc731e32d1b9e31a111d0e97b98463
+ReturnedBits = 449dbc4a162d15bf5d50aff660c6adb9a79002a059cfcbd5febfa5a616ad9d0347d6df750ce46e640b4ecdc77ebf722f6e80e9652c12b51b92cad994fe53d0700dc43b635b7c3db734f003df3d6d2b17dab7ce2f96d232f7f4b2d678a8449c9ee593a9d4a73dbd7da1fb73f149a5618477d9a4cde2ed538a307ae217cd8b8d2a
+** GENERATE (SECOND CALL):
+	V = b5b8cfc7e392576f81d810ef63bed6ae2dcffa8a005e861745c94574ed9545964cc5ea04ccc8b53a316cadad0bd3217ed9433a7b0ce63e
+	C = e07a6c6b832cc487c7a4ff40531ab4f6d5a5f32b1a6ef22db294719d8a7bc215b1c6f0400a764d5c54229c45d05766116754fba193d8cc
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 63cb86d4a92e1883ec0df5316cb294f576304585c425f9b22107552c85ec2546
+Nonce = 66ec3d1ff1c3ca7c90f2a2a384fd87de
+PersonalizationString = 358d6de973ccaebd660048a945d014aa73ce5c262c685f9bbb86484bc2fbb10e
+** INSTANTIATE:
+	V = edc2e50587f26b8b21b05bffc1ca3af2d418fec49b669f8935283a6d4817cc0293ee4e98ed1d695a7bd01a65766d6732a716838010e90b
+	C = cb9f8b6cc2951a9d903dd5ab2e671dd5fa695426bd1917be7684ca55f77419f2fd888f6517f877682701d0b16a53cd86efde603a2078c6
+	reseed counter = 1
+EntropyInputReseed = 28b9eb1921c8aa6355270d531dafdf380be0b81cae8253d7232eec88c754cdee
+AdditionalInputReseed = 74b2dd8bb951a4036e2fbfc124166a0626ae3e97991a0a7bffc7ccde2cce4133
+** RESEED:
+	V = cf00d23d97db81abcf5c8d9390f265b30acae9cb6950b2200e2287274bb16c58629cc310cf56cd0219e0a24669b9565f8e21caa9854a0e
+	C = a869cb68b425ae86269de0bd1a7dd35b1eaea67b7bf1d80662596e418e8d8525f1f8f21b2ea0a3f6350774b70bcf5b523f653d2f08b53d
+	reseed counter = 1
+AdditionalInput = 18075ae3648feacaa873a22efe1b3a2890144c950c6a01ed8a065ef972d6953b
+** GENERATE (FIRST CALL):
+	V = 776a9da64c013031f5fa6e50ab70390e29799046e5428b03e11b9f2527932908442c7e02590feb048998b0035702b83f41855415876b45
+	C = a869cb68b425ae86269de0bd1a7dd35b1eaea67b7bf1d80662596e418e8d8525f1f8f21b2ea0a3f6350774b70bcf5b523f653d2f08b53d
+	reseed counter = 2
+AdditionalInput = bab9a65c861c24aad23cf23ef1c598dacb1e65a3210fa83405d299e5a051a0f1
+ReturnedBits = ff791f2ced869c1b6683fdaf518219bb8e9dcaa0f563f713db41626015ac6e072309675ce674d9038323c7c868fef3e76fb807c640c019cbdd6b9a69c03d8c5982361d9d64bb741c20348da150d542a6641e7065475ec8f225c34277b1d61ee828d486c1a02bf64d7b822c4849492fdc46c7dc092d978a055033853d3188232e
+** GENERATE (SECOND CALL):
+	V = 1fd4690f0026deb81c984f0dc5ee0c69482836c2613463917936e80307ad0f804a1b076e888c6a1c044d75a3cd823453006a893f2db9b9
+	C = a869cb68b425ae86269de0bd1a7dd35b1eaea67b7bf1d80662596e418e8d8525f1f8f21b2ea0a3f6350774b70bcf5b523f653d2f08b53d
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 39267160b1234b196114a54bdb3d4d11974b76645f93afff05a0322a33051243
+Nonce = 637a21f1b84c2f7da89a05816f82bd1d
+PersonalizationString = 781f6e98f8fc73ade6af7cdbb22744ff44b23b871d4d5fb9b05bd8340f749353
+** INSTANTIATE:
+	V = 22206e2a4be2990fdc9764383c962b83750b73e40360b0886b23e1e771fd75242ee0d04c03eb16a93ce62f3fdc8dc1609310a65816996c
+	C = 6227ad0d1ef5365860b1443a03df7210578222fcf9af213c763cbdb0bfbd9217802d2c7fd46cfb4164d0a753929537ed739996baaa23b2
+	reseed counter = 1
+EntropyInputReseed = 95314dc12a4a8ac5048a4ee67e867d3f8808d8d076021b22be9aa4bbedbbfdf4
+AdditionalInputReseed = 167b54ef0949b12ce3351ad29400f39d85e2d7b102f3f6283549d279980a26f3
+** RESEED:
+	V = 40d32a72fb2cba6753ada20cce43a7ac61678aeb1036f918fdb94d67bb4654c4a42648460186f3cd6dea9b18a85c67be3ab211b1368f08
+	C = 5f78ae7c7fbeca6d6b09b75ea9fad960ca4c4590fbcf212449c908d8e87e393012ec8707cd7370e10cb7fdf1875eda419328afd50bc897
+	reseed counter = 1
+AdditionalInput = 19e4e806b3c6f9fadfc7ccfafd0bdd9e18b1a18aa7fe6ec3a9c5e925ce03e9f9
+** GENERATE (FIRST CALL):
+	V = a04bd8ef7aeb84d4beb7596b783e810d2bb3d07c0c061b44a9aa2b783020029166ea5c790d219afc3f5ae7569aaa37561e403c35ce9b0f
+	C = 5f78ae7c7fbeca6d6b09b75ea9fad960ca4c4590fbcf212449c908d8e87e393012ec8707cd7370e10cb7fdf1875eda419328afd50bc897
+	reseed counter = 2
+AdditionalInput = 016929cd3d969238f52332cd1f0ce2facd9134211ea961890c14185040424513
+ReturnedBits = 2ce4123a103c0c36633e3249dc645727f731a71a51f612e6199d28fbc041554041ed3f13cfc0dfaf31ca68b2ad581bcd5d9731b5f1a0a7f60d38ad9eb983db2bed30d3b7b620acfbcc05cdc46a81acabd806e1493337f2906efb2e9288245e07a47dbcf583884f6dfd74f0b85aa839f36f6f88386348659c19c00e7b3f5e8667
+** GENERATE (SECOND CALL):
+	V = ffc4876bfaaa4f4229c110ca22395a6df600160d07d53d9fddc2cc70b37799d37a0dd0225a47058143e8a0d5069af2dc5e17e8f7b89fe4
+	C = 5f78ae7c7fbeca6d6b09b75ea9fad960ca4c4590fbcf212449c908d8e87e393012ec8707cd7370e10cb7fdf1875eda419328afd50bc897
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7a6b45cd1c542f62feb119a58a1dc329623beec892e431758101e4ca8f1a8ae6
+Nonce = ada3c14f954c94e3a78f6d42beeb7456
+PersonalizationString = d3cc4d3a5302babf92ba842939d7280a46c490ad1ac791daa531bcd967351c75
+** INSTANTIATE:
+	V = 4a43fa509616ca512215df44a69422668d6a36f0deb8971eda336b8091e59cd39d98ab833dcd370b1fa018b686456de5e460a73bb90baa
+	C = 0f71f2d42f9fb632b00c3dab18af11a8c26a7add126d9656c2f7c1537f976e3e66aa686ce6097a64e98b8dcf9136094b78df76828edf80
+	reseed counter = 1
+EntropyInputReseed = 3226d0053f39f452da63dbbc32f73a4544102495dcdbc1982b423d441b8f197f
+AdditionalInputReseed = 9d4c6eab761287c733e5372cf68e7a04c19263d2ac56f75c8f3b914b83b9c153
+** RESEED:
+	V = 045723615d1b957e9ac265d8fe89dbf4491c6860aa510441fcaf6de0eeb547251d9349fe6a80eafd51a34a546284eb27ea6083dc7dab79
+	C = 293bdf820dc675abfe00468b23c52488d4a4b80e5959d6db5c750bdc5b2429b98ae002bf695e6827f549de7c3327f3dbf1e3eb5c88b3c3
+	reseed counter = 1
+AdditionalInput = 9542f4efd56cc5ff4d422a16bac3ea7e2f2c6afd85b6e6cdd9128e8e7d9585f6
+** GENERATE (FIRST CALL):
+	V = 2d9302e36ae20b2a98c2ac64224f007d1dc1206f03aadb593a81373d5efc18ce64c330ae9ed40fb17b4d63103e3cd3e17761a9f6e58784
+	C = 293bdf820dc675abfe00468b23c52488d4a4b80e5959d6db5c750bdc5b2429b98ae002bf695e6827f549de7c3327f3dbf1e3eb5c88b3c3
+	reseed counter = 2
+AdditionalInput = ba4ea3dcd8975d227fd653743be5021bf3c4d0dc3063ba95f59fc3133576fd59
+ReturnedBits = 472081c3e98500c6349c2a0b51e45219e0c12608b9042b7e6b8ee59fcadcea764ea4d7b555d273ce4d9a28891ba54b9ddd9229e9a65a3e3f2ee9fa6bf6df98a119f37f8e7d725743d17c2c53bb0654f6df53d6fa522e5186b5e5c7844c37765434ef0f1d54be41eb8615a27d33c4acf14ac600cda72ab5ef0587426858152602
+** GENERATE (SECOND CALL):
+	V = 56cee26578a880d696c2f2ef46142505f265d87d5d04b304a03501fd50b529790b69e71a326a7c805c94ab23902d5403628f9a69a7c83e
+	C = 293bdf820dc675abfe00468b23c52488d4a4b80e5959d6db5c750bdc5b2429b98ae002bf695e6827f549de7c3327f3dbf1e3eb5c88b3c3
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 5661047dd2e053a91269696aed79ca80109d3ae95d61aac21137cdf0213a26b5
+Nonce = c658197c390382e084e00d2b0a7f5778
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0933211d4d4f658cf66b7517b0e3fd204ec2d6042f3a55b6beefabec341128e158ac88afc34022aea44f10af8ca2c23c2248ed5ee766ba
+	C = 0c900e2718e12179a3e0262e797f8a215f335901d68275890268a90de84dac652b4be0bffec7df42f3db72d8574742e7c061d962348d10
+	reseed counter = 1
+EntropyInputReseed = 5b965293e66cca9b7aaab22c906d4d1121c6589c30f41d768085daba5cb2d968
+AdditionalInputReseed = 
+** RESEED:
+	V = fb204b2a0da60e7bfd492e4b45d9abf7dfe8ad8cbe4f660d5239a0d52b7e1613a2e907e42c6a81504c76ffc24da1956cd9f99c444aa7df
+	C = a7d9cb66cb6dd75be5e6ee19d76f246511b3cf9ef8b491e9c6269377eda59f22b4a4628dba3c203f88816bb0cee390237abd12b0d58473
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a2fa1690d913e5d7e3301c651d48d05cf19c7d2bb703f7fa98f89190ba72a4f9025652e7c3f5ba5598fd07e766638c85e30be9d81aaf09
+	C = a7d9cb66cb6dd75be5e6ee19d76f246511b3cf9ef8b491e9c6269377eda59f22b4a4628dba3c203f88816bb0cee390237abd12b0d58473
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 47b061f52438858f28b562df9e64bb59fac776ff3271b110c3e52907b1b75f30460575b5d568b723f591a67e975074207f19423489bcc88a2943c588b40ef789d9b66c355aa1aa821723faf02e1e92dff82c4209eba2c80af454f2ee409e79d7afff6f1e60d2f592d4c5f6e4656a7dfd667b66887da227d8bc51f970b3963e28
+** GENERATE (SECOND CALL):
+	V = 4ad3e1f7a481bd33c9170a7ef4b7f4c203504ccaafb88a6889c397df1e1c6132f2d482c61ebe1f71233076cb48b243f60609a36c72ae9e
+	C = a7d9cb66cb6dd75be5e6ee19d76f246511b3cf9ef8b491e9c6269377eda59f22b4a4628dba3c203f88816bb0cee390237abd12b0d58473
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = d5890253700672f813b957b0e60a6be64718deecff06013d454ffa777afeda5e
+Nonce = e738bde2aede7250c19ee41b89343c7a
+PersonalizationString = 
+** INSTANTIATE:
+	V = dc03c2b3d32eeade8991a459ee7ca42737b608f06e2044335f02b17ab0fdc43277a7862f9cfc3258aacc79be8cb32f2360ff807d7f9749
+	C = 4c9481d92347c8f867be9b5e738dfebd56fda6155b0747ab9266c7a8c250abdf9449387617edf3e84f740adc4ce080d6a787784508c83a
+	reseed counter = 1
+EntropyInputReseed = f1d569a373968274654e2221f52f94f1c89d87eabe2349dc5653c38a0141463e
+AdditionalInputReseed = 
+** RESEED:
+	V = 43459224ea55e781f528ca8884acf05787aa1b826fd2567a5a05b34ad926f24c3fed7a55b7f75423c9788b5746f48574467ee997d63899
+	C = 1d450e78dc3882ba52625925b93c3bdb31d4a7108e2416089f4e3796031838f289cbf8bdfa84a7525b06e29beae112a02e431f3e9c70ab
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 608aa09dc68e6a3c478b23ae3de92c32b97ec292fdf66d3475a34bf199fe22677c65b079e6f28249322a9bfe17b4eced20417c0edeb040
+	C = 1d450e78dc3882ba52625925b93c3bdb31d4a7108e2416089f4e3796031838f289cbf8bdfa84a7525b06e29beae112a02e431f3e9c70ab
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0706b207a4d595f53fb3bf31898044781ae7193414f3f8f82a7017443b732f988d9f24f3629e1d317b484e32df7383443a4039c15ed5c2970f5e016700451c73fab346185ee35c4d3ccb043c29fb860d60dee3fe42e6afbe87763c0c9dfa202e63a805360f1798e6907c5dd42839dafe9c7d7fe492a797dbb3826ba0568bbddf
+** GENERATE (SECOND CALL):
+	V = 7dcfaf16a2c6ecf699ed7cd3f725680deb5369a38c1a84039b584ba1b207818ef50aa79113ae02c983c6e75ee0e77a8bfe117502bde4db
+	C = 1d450e78dc3882ba52625925b93c3bdb31d4a7108e2416089f4e3796031838f289cbf8bdfa84a7525b06e29beae112a02e431f3e9c70ab
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = b108844081cb0ea7112e27213bbb3e451c394022da96eaffbbfeea618960a031
+Nonce = f5d7738a1e7e78516152fd5d8c85fc3c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8816553d4a973920257655f04b805895ddb6ec0e14c319ce7012c2e6c2f5dae7af76f665277c64c417debd0482e11668060e4e9ed9bc7c
+	C = d96c5821020aeaf7a3c6e80e12b4729a0323edb0c8da9513cf23b483a2864100be1a186f98da57cc22ca7a4fc681e03e46be0de7aebdb4
+	reseed counter = 1
+EntropyInputReseed = 20b5548529184b052b4e6280a30c7033d83aba50ce6f2524db9b7967ad049e18
+AdditionalInputReseed = 
+** RESEED:
+	V = 2e94427fdda7d6d9b1151189c0343361feb3bfd63864eb6389b6b84c55197758174fc42501ddeee2fe94cbdf7caa14de5b056098915de8
+	C = 1497687fe45f442ec9bb927c68383e3c1bbf2a22d0ae0c3ee4e03a248cad2e22b3fdba7e4c9598c86cf608746e7a263892f23ccaf00409
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 432baaffc2071b087ad0a406286c719e1a72e9f90912f84236cdc34f832e080a423904dc55bfe5f25c9ca708d016c58eaa6e79e80152f0
+	C = 1497687fe45f442ec9bb927c68383e3c1bbf2a22d0ae0c3ee4e03a248cad2e22b3fdba7e4c9598c86cf608746e7a263892f23ccaf00409
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 71050587cb15f4110aa361e11b1b5e622c2a486c06f8f65f35eefdedf24fbde327d97cf40970b554fd80e0bce2f3cc5edd4f39f3612c08b7c4bb17226345e9e783c44818158ad0c477649cd79707cdab9f7b072a1d0e60d21bf03d2cdaae798bb26c040c39fbf48ec8ee71a5b35f20ff42030c637ec153e423cab7130446a0a4
+** GENERATE (SECOND CALL):
+	V = 57c3137fa6665f37448c368290a4afda3632141bd9c104a0a113f1eec71b6b9ced4ecc87e220637e8a285ae38cc4379c111bfffdb27ce5
+	C = 1497687fe45f442ec9bb927c68383e3c1bbf2a22d0ae0c3ee4e03a248cad2e22b3fdba7e4c9598c86cf608746e7a263892f23ccaf00409
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = f1063885947ed782c356af861cd1477611eb664fb1dc9bd8078e8f6dc6acea42
+Nonce = 407762b1baedb468aee4d88a4af92c01
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8ea88424b702aa8f571ee6ddf90434638b976fa244d163dac748632de3e9201760106f9cac05e6b95a73a63851193fffb888fedabcd3a1
+	C = 82a85c62f69f094aa6ff8f96c61e8f02b870d2702826fbbb76412c66184d0a03f546015f0de7ccbd165c5dfada4c4a977193b6d2684f12
+	reseed counter = 1
+EntropyInputReseed = cf9bba9bc6f324daaf625f26a5cb7df8e8e49afd0f1046b4ecd427bd6f6e5bb7
+AdditionalInputReseed = 
+** RESEED:
+	V = 97eb785f544e26f90bf9706ce4dec9423ab6d2ae039e328d2d713398a8545e5762ba25c8751a16e8f0def272e86494b40311bcecdc052a
+	C = 6641dd38c28f367bb143e3069edb1964b8507dafe9ec0fd1670a45b073494e66c5435aa4a4963e3651d2bb70a294a5547cb83a95e2117b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fe2d559816dd5d74bd3d537383b9e2a6f307505ded8a431a80e6858a9efcc2dca43fc0efff1bfcbda50d9fa048c6b19558377137229858
+	C = 6641dd38c28f367bb143e3069edb1964b8507dafe9ec0fd1670a45b073494e66c5435aa4a4963e3651d2bb70a294a5547cb83a95e2117b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 167d4a54583bba77225d5ce88ad81fec343e706a399617c5bf1390653ec81f983574caa1d988b8349f480fbb2a59b00cfe36d96eae166e6df621d931884fc3810bf9181e607d8b5a5a40d8f6eaab37c13990d625ed920127682a0a442ca4477b2864302714b0a79ecba6282e7acae065217ecc5a687c38bca7713dc59c026de8
+** GENERATE (SECOND CALL):
+	V = 646f32d0d96c93f06e81367a2294fc0bab57ce0dd776539ff6ae5631a20e0c1a329daa2ed583505761e5a7be4d8f7cd79bf7e26844aa11
+	C = 6641dd38c28f367bb143e3069edb1964b8507dafe9ec0fd1670a45b073494e66c5435aa4a4963e3651d2bb70a294a5547cb83a95e2117b
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 0f471f44e9d3e1a19ed30c2710aee3fc78838363e7078b1d1f5d0ab293dbb618
+Nonce = 8d51fb96f02c3ca81580cc847f985cfa
+PersonalizationString = 
+** INSTANTIATE:
+	V = d4be4e2f8f62f49e02f359c0f48c7d6044a942d8e5a66eb3fa543a5e02d44ec316d213089cba101e95b5dfbd620d87a2d12c7f56cb4e6f
+	C = 19b40bb87cb74581c020d49216599a7e50e03ae5e15eae25d81b49291e4e7cb6b626411a9472bedf4011fbe98ade3d2856ca702a5f3371
+	reseed counter = 1
+EntropyInputReseed = 709093ca2a3f483a1e016ba70aa34b4d1d35ab9ff4cb92e6fb39be89c4a7ea87
+AdditionalInputReseed = 
+** RESEED:
+	V = f21ba3c13e480c75fa6b9f87e6e8d4e9552b9bf75bc3aca45769672ee44321084f2630666b93edb6deec10b818def189394c37f4035727
+	C = ae17f8234a5e2e743bca26230bf65e5caf89a0c778431da3eaa3a58adfd89438f4cfa27bab3e8ecd4064ad52545e8e2b0a27a3aa5a03d8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a0339be488a63aea3635c5aaf2df334604b53cbed406cb2457eea18b9d1dbbd79522feaabe03ac93beae7dbd725f6aa23e66739f9a939d
+	C = ae17f8234a5e2e743bca26230bf65e5caf89a0c778431da3eaa3a58adfd89438f4cfa27bab3e8ecd4064ad52545e8e2b0a27a3aa5a03d8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f4345ef177a516e4ddfc35cbe9becd67187846490fa8372f9bf372fdbf0404abb105186921bacc77108474876c998ee20167b20cb69cb04bfba5056f91b569606829345b3471f827aefd72a3601402c304b26f9d8489d85e065c538d5e400f569091fe5abdbb133fd23be3111e58413437b4d01ea9cc7a76f514927e814e3582
+** GENERATE (SECOND CALL):
+	V = 4e4b9407d304695e71ffebcdfed591a2b43edd864c49e9271c703b31f70cedcfb91c567423b90a7b6e424ca514f905ca8958595bb9bcaf
+	C = ae17f8234a5e2e743bca26230bf65e5caf89a0c778431da3eaa3a58adfd89438f4cfa27bab3e8ecd4064ad52545e8e2b0a27a3aa5a03d8
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 5338e30176fae9a418377b607e836ec56c61bca1ae81b26c80aa62381573e787
+Nonce = cff6adf530d9e62cafbca67066fb1dff
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9cb91ce30878fddafba85d4629996760ee4b91a19ec194fb80a238a0a0666b85b639a55e58b8dd3a4c5ac7f23cc82f7a9664e036c4e54b
+	C = c25d8809e793633014ec414fabc695c2a83b71cd7f433aa03d28be496edc69793c28fac17395fd474809b07ef5a6c0f5aa19fedaf67235
+	reseed counter = 1
+EntropyInputReseed = c9e4116e4bd5940e657ab11c86ae25bc249df8f2a23e0b6239a8b8ec2e739cac
+AdditionalInputReseed = 
+** RESEED:
+	V = 02425ce98476f9243ec04f2e1890fa49085b2c0c73f666c69107ceb349d16cf57037f2114864f38ef56f5488f2798ebc4a7f82cf3c5d07
+	C = 69b1c26715cb187fa0c8b52f105be12776321271d8ec896c382f776beede624fa69bf5b44b573c46f1066a3d24bf20f2eb2b722f11bbf5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6bf41f509a4211a3df89045d28ecdb707e8d3e7e4ce2f0826bd30b59f7ae424b68b393be6b686505aa7559e17a33f7b0c0f621bfae7bc3
+	C = 69b1c26715cb187fa0c8b52f105be12776321271d8ec896c382f776beede624fa69bf5b44b573c46f1066a3d24bf20f2eb2b722f11bbf5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ed7fd7d39604fb1b78db0549cd99821738fdf45c973087088b12c585aaefb7bc5b9ad2446c36b867bad63513bb33d03d3ec78de7060e4d8cb99881e88e4bf470e1fd1f526af4e8761d9e014ada47378d4d1ee5809e6f84e3fdd409217d85334787163cb2b10199e869e112e9437913d5f752b53ffce57f29ca6eb982242a8a57
+** GENERATE (SECOND CALL):
+	V = d5a5e1b7b00d2a238051b98c3948bc97f4bf50f025cf7abee78adc8a5603822a6efdb35773b3997b8bfcb50a6ce5b458dc69a72284c00b
+	C = 69b1c26715cb187fa0c8b52f105be12776321271d8ec896c382f776beede624fa69bf5b44b573c46f1066a3d24bf20f2eb2b722f11bbf5
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 0ed9cc3a2fe2c5962224c904400b24cb528a34f129b78ff1005e93bb28a230ea
+Nonce = c9d5f38e2fd8e73f4ff26e4d6695a139
+PersonalizationString = 
+** INSTANTIATE:
+	V = 85829d1e51a9283def0413a9c91eb9e5231054ae9f00e153ec999c15205044b527c362146e544c39f358f83a1925d3d252cb78260d0f88
+	C = 3ad106a08e3ff557d6228cea85eeda27388b0c144f772e613e3c13d1b2835a0684bed0a7112388e3439640ac7cba3685c88009dd3f051f
+	reseed counter = 1
+EntropyInputReseed = eeabc2a8005a58c264e32e945cd6a8e0ff08a9287c5172121e6a525dac730237
+AdditionalInputReseed = 
+** RESEED:
+	V = 8f127cb30ec87c925f0eead7d375c3b23835e9894cbfd44f8d3d3da07a396fd04951b513ca730795fe94271fe26598c7d4ad5dafe02f52
+	C = 680f9be15c080c07ea4aecdf56eabd6413afe925141b5fa7843db3a22586c4a5258fbb2398e28d134831fdf29e1d8152b6ccd1dc17de95
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f72218946ad0889a4959d7b72a6081164be5d2ae60db34a4f364c79aa3e37b027305bc3a9bb0f30367d0115268875771370508c68c24f5
+	C = 680f9be15c080c07ea4aecdf56eabd6413afe925141b5fa7843db3a22586c4a5258fbb2398e28d134831fdf29e1d8152b6ccd1dc17de95
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2a505176f6bb0f79d945a9b14504fe991af7c1ed5dda06beae9a11dac932f178ff5354b921a3db4d5a48bac7f2d58e7f0fc964d41d6b8384bb31ca557a9fd1829e6439f462e5da13c1db7aa6a93684a6aefb35f57649499f2ebaede9caee47769da4fc259396f6f62bda0dd5fefe3461d731a73a737e04c31d87c779fbe4411a
+** GENERATE (SECOND CALL):
+	V = 5f31b475c6d894a233a4c496814b3e7a5f95bbd374f6952f47075b251d1580dfc9765dfd991ac68730841214ade9372c6ed3c4e7cb61f0
+	C = 680f9be15c080c07ea4aecdf56eabd6413afe925141b5fa7843db3a22586c4a5258fbb2398e28d134831fdf29e1d8152b6ccd1dc17de95
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = ed806dbde9a29a5016c9c8181b9b21ffa0d0fc848f26b73f1f7e2d1992beded9
+Nonce = 93267fae77342255573548fbe18e1e06
+PersonalizationString = 
+** INSTANTIATE:
+	V = 282896b832af64475c6ddb8a60084442c36d7a44a9314974f13a904271e5b738323d0d3ed04f568d9387d98184d465ec0d3900c7cd95d6
+	C = 70fe036524328d02f3512d2109ae88880d50778e87aa4b5b0b41e63637336bdbbdc90ea5ad30e21cc9244d351360888eb2e3720d2b0f24
+	reseed counter = 1
+EntropyInputReseed = 7c0fc90bbbc041b80e0bdaf42a87e3a683de3a6e0d494f04f30971c49be20dbc
+AdditionalInputReseed = 
+** RESEED:
+	V = c44782ed4706b3322b28fbcfc843a387b2a22dab784cea6fd3cafe047c971e418c8972f8db63db07fdb7475b79f702d3e7e510e70e1e54
+	C = 8c0558aae7de0760043da62cd246d11a9c3a261025cda417029aa036b61ebc516387b1c94566d8316603b619175ce1c2313b2afe1eccdf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 504cdb982ee4ba922f66a1fc9a8a74a24edc53bb9e1a8e9e13dbe416a308f25e8171eeb628141a3bc3b50642ac36e16a67f7cdeae97df7
+	C = 8c0558aae7de0760043da62cd246d11a9c3a261025cda417029aa036b61ebc516387b1c94566d8316603b619175ce1c2313b2afe1eccdf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = da7517c1d8dc6f6e92420dc10c3106d06d9fd8506e161866230b9a6a1981e150d84544e425509c4f69815a5d516d148a24bbec1137264c3ca655f83b179f44a346ebe5515a47bde3b0df21be83801a839de191b9a83343be5a08e4e9412d821fc81cea3475dfc8fc3ce0d7fc989e05de42d4e034c6d83c713bd5b504dcf4f8ed
+** GENERATE (SECOND CALL):
+	V = dc52344316c2c1f233a448296cd145bceb1679cbc3e832d0721d9c2b3d8d26226f1d8d2965dc22bb0f76af545e32bd66b3c2f6f66d9184
+	C = 8c0558aae7de0760043da62cd246d11a9c3a261025cda417029aa036b61ebc516387b1c94566d8316603b619175ce1c2313b2afe1eccdf
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = ff0a0ed640a93263446fc5f6dfa94a48e64292130ffc1ea882cfc158a1e3738c
+Nonce = 8f6305e13711a9c3574dcb346c4f0f62
+PersonalizationString = 
+** INSTANTIATE:
+	V = ad9e42ffecdc3854130b21089c85c584c82803970c63bd893a6b19fe7c59a60ace0eedb2ebd6129f7869f20827e5f152d9e017da8a8913
+	C = f466e10c69bde8d386870b363f230bbe1ac0947f6f3e702bcb3b923000a325a2f78ea12402f07ddfaa9d78100bffdccf62a39f6a49f3dc
+	reseed counter = 1
+EntropyInputReseed = b192aa9a37d01754ec5bd43e216e0bf9c5f8039d50fdd5b76beccf827ff1704a
+AdditionalInputReseed = 
+** RESEED:
+	V = 00acd00b43676c8bca0c1b756c0186562bf3319384cb362959516960279e4dbb89bfa24d86f2cd3cb337f814c7c3ce45eb79300fc227d0
+	C = 26c008e96b3d3079a66b1e2de45bc1fb7b08a1beed0c182d4716168a5628e3636a1ba3364e114898e36115f9a41cb413efebcefd0ccf90
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 276cd8f4aea49d05707739a3505d4851a6fbd35271d74eab7fa7f2fb555fd47240473a8861f91084dfc83f6c2148a9ebed289f4f847657
+	C = 26c008e96b3d3079a66b1e2de45bc1fb7b08a1beed0c182d4716168a5628e3636a1ba3364e114898e36115f9a41cb413efebcefd0ccf90
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 98ccf649cc8b1ccb38109e641a09ed0e049698da47ae5af638bb7e1954f1026db88cd6621d555c0d872831d87017ab033534327f5228192ea9cece87153cb5d5e13f91cce05bb934a8b0e39bce54e4d7faaae07dca8df15e6504f1fc724745fe15f417d377d734deaec32fe2d41045e13de72d16b59641e893188832077d225e
+** GENERATE (SECOND CALL):
+	V = 4e2ce1de19e1cd7f16e257d134b90a4d220475115ee366fbb13971cf3678ca0c808fdb6d63c6d8b17870fb3f24a5b76c89461ce57f02b9
+	C = 26c008e96b3d3079a66b1e2de45bc1fb7b08a1beed0c182d4716168a5628e3636a1ba3364e114898e36115f9a41cb413efebcefd0ccf90
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 424fb353dcb299a8de6d2b56271b69441a847b923dad190cc9cad7a13cdbf540
+Nonce = 39a6cd61f7b816ca914ae090194a1935
+PersonalizationString = 
+** INSTANTIATE:
+	V = e0094efb1566737e331991804ca07dd6a9e0786e8c2e4b362497a91ba2defb9522be20d2f4d1706a16982842ad4275cc1465cffb9e02ad
+	C = 6a77093445425f7bf8d271f9d1d47a41dc901d3f2f057bf940db4e1445a0fdf3897e9eaa443ba9b2700be29fdd4cf66b24f3beb304cf40
+	reseed counter = 1
+EntropyInputReseed = 19b65e76f9751bfcd76a04a5acfe14702b2c3e7afbc92fb559edf9aa8b953a39
+AdditionalInputReseed = 
+** RESEED:
+	V = 1fb2023bdf0b3326507465e80fd72985b5963bd11c04d506e461c89903cd2426624f4bb4ab1b7c84ce8be341621382d7f5a3e97a555824
+	C = 58439cf816da12a3da073894ac1efa087da63ad50f9a13dfa0b5785965d22d123e68ef51bf0170637d335118d1bf773ce51bd5dce1e34d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 77f59f33f5e545ca2a7b9e7cbbf6238e333c76a62b9ee9bd688b7be1b7d8862447e616774e076ead314438caf23930bcc96fb1ee6b0c7b
+	C = 58439cf816da12a3da073894ac1efa087da63ad50f9a13dfa0b5785965d22d123e68ef51bf0170637d335118d1bf773ce51bd5dce1e34d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2c9d10a06519721386d720ff3e51a5d6d2d23f98ada910dd9e085af6bbc7d262cabae77514fe9bb026dc8f1a9b252cec8dcb4bfb1b54c06523a441932ea1823c44c758a6c9f88656cd42fbcd3076c006f1acbf6722fef767ccef8dbb5abcf8e758fa189b616d9ee6130b84bba2ecd1d26f8408736f1cd71d92333681e064b5a6
+** GENERATE (SECOND CALL):
+	V = d0393c2c0cbf586e0482d71168151d96b0e2b17b3b38fe4452345fd9e626d23fda8f90420e048b82cff4b263aa659503dbe1b38805a846
+	C = 58439cf816da12a3da073894ac1efa087da63ad50f9a13dfa0b5785965d22d123e68ef51bf0170637d335118d1bf773ce51bd5dce1e34d
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b32f28fef09893230ae7024714e010efc880ac923d05f4d62ed973635efc10ec
+Nonce = 1967a747e4ec1d5829292abf68561c29
+PersonalizationString = 
+** INSTANTIATE:
+	V = e2df2b59d24b43255cddb987a557c2e5fc0f66525f7e08019174a5ac23b662bce8777492ccde39ccfb1f155ceeb061bf65ae44263e9ad8
+	C = 27cbde50df298dec2655bd340385217000179276b13ab7ba29770532114d9f527a12a482b74bb39e108abb88933c05ef3cc9120624ef4b
+	reseed counter = 1
+EntropyInputReseed = 3f52dc2b3d4ea95b7fc02cca5cab3c2cbe14f28fb274b415ba353c43a0bfa3e3
+AdditionalInputReseed = 
+** RESEED:
+	V = a6acebd72f8a8f2e2daa5117519c5086bb7f10a82d31f9f5c26b5809a7255d937f626755fc322b35298266b3c7d566d794769df2b48e60
+	C = 4159b6160b3d6b713be697fc653b05d143b2769b36bf0ef0eedcdcc70de798808563130a047bf5e5d6b43c216caf1f37b6cecee9efc101
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e806a1ed3ac7fa9f6990e913b6d75657ff31874363f109183bd8d63fbf47a851700b8c2081954b37655034ffa76699b8868a3cad81c7f6
+	C = 4159b6160b3d6b713be697fc653b05d143b2769b36bf0ef0eedcdcc70de798808563130a047bf5e5d6b43c216caf1f37b6cecee9efc101
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = e30653617d01a6726aec9d5fe50e807dd3745e885c0aeff13a07196fff0584e590751bc0059a9242b2b31641a515e240909df8bfbd43e66a5463baf095ce151e62b7c494c21b61f6a275a5f52d32395e00b47db6448f7627e7df9542b5b0a6414f2650102b14f0f96565e73a563e8719e2b322b28b2f3d836f4129e5cffc0144
+** GENERATE (SECOND CALL):
+	V = 2960580346056610a57781101c125c2942e3fdde9ab0183a7c5cbdb02133f2edcddb09860604101e99cf069850911fb7a1e91e0d3bee06
+	C = 4159b6160b3d6b713be697fc653b05d143b2769b36bf0ef0eedcdcc70de798808563130a047bf5e5d6b43c216caf1f37b6cecee9efc101
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 32c11a5cc81f8e15a3efe94f7cf498b338dac28c49d03f287d84d5388bba2e9e
+Nonce = 70d75cc1c53b57fd757f484de917769c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 056e8bf05b5cff0c2cb6f65cdf913b7b9868f6d74e28733884a953f05761465267709a0fafecd5e8ee4456104c34e399b954daad381b45
+	C = 4cb3239ad6b716f79090af773b1e6d310c0e5bdff8338416d2644cd9dade1d4fbeb26778aea1232d326af7efd35a7b040c1acc69d3a3de
+	reseed counter = 1
+EntropyInputReseed = 98ff17b375f8cae80e8614afe81e96e0bf24bd161a5226dc700375d6c4972782
+AdditionalInputReseed = 
+** RESEED:
+	V = 5e84c796cf7248dbe9489aa41d51cfb5761c27e9f12ada6167c50eab7a836e7676d433af03e3de4c958058032f381523d16efa48e5c16e
+	C = 4f880b596669bd1d9abccdf91e4825ff2ac4d885d12f1ecdf316d39a50603ac9ab7c85b14666249bc3c19be516bae3edb61103e9cb9e66
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ae0cd2f035dc05f98405689d3b99f5b4a0e1006fc259fa2d1328d25c9d9113a3c277fe94e445c01a7ea87330416f2225f8eeb1bbd28c60
+	C = 4f880b596669bd1d9abccdf91e4825ff2ac4d885d12f1ecdf316d39a50603ac9ab7c85b14666249bc3c19be516bae3edb61103e9cb9e66
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4884c573dd45d6046202ccade93f92438bbd6237066dbe124a80d0eab6d3768ce2e4890650f6b16978eba3d69350ec9d4d23360d5776086ebf2136215f7df18476b2acc27988a01da4bb3ef6eda67c40f33d95850c167a73f4c968c7adea24fcb9c37226a8a79fb648edb433af4f9b7667fcd4ba4959a46bd8cbc49837b10dbb
+** GENERATE (SECOND CALL):
+	V = fd94de499c45c3171ec2369659e21bb3cba5d8f5938919693bc0b2413487e4dfb9844f214f0305e1a4c52f2e0102e59025b12276a57329
+	C = 4f880b596669bd1d9abccdf91e4825ff2ac4d885d12f1ecdf316d39a50603ac9ab7c85b14666249bc3c19be516bae3edb61103e9cb9e66
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 563efb029a7eb80db9e0eb56cd8f9f08375be04697f99bdd4132db4663bd38c7
+Nonce = dc073529a2172891533effd7225b2914
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9088bb60fa0f095603aa59f32b5a234ccf4797484368f0e0b89fdfefd68cc17329f7c897275e5586bacadd2111ea73313900bd4148b41c
+	C = 03c3935ea905667447d2b9fccc60dca7736131210407d238716479b520996a83ad55d5d6e67b957eacc1ffc6fb6b4ffae28e97fef39e93
+	reseed counter = 1
+EntropyInputReseed = 1ade27b1dbc69e7457f863be5ca1e7ad84907f21a235d8df9d901a0aebdf6c6f
+AdditionalInputReseed = 
+** RESEED:
+	V = 20404c0c864008488acb8b2857d38b9275ff0b1ff4755584a4ef96cf24a1da8537ff2a2b5fcb45f6887287401b9ce50e8ddf7a3c58df57
+	C = d88e893745d7e7b6358cfabeac33847961e34347702d55c1bc42b76bcbaaf7fe556bb6d07dd15905cb49d4343c79c1c3fcf252757fda8a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f8ced543cc17effec05885e70407100bd7e24e6764a2aba120e6682e424c5659ae8b2c1b41c3f4887fd316adcc8da42f6599bf855748be
+	C = d88e893745d7e7b6358cfabeac33847961e34347702d55c1bc42b76bcbaaf7fe556bb6d07dd15905cb49d4343c79c1c3fcf252757fda8a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4c8bfb95a75837b4eabc8914435c6ca9a12985116d8e75d1465afa72b49121e4134104211e00ea4a255f28ef0b3ca6d3071d39d370a70c0ac4d28cfcb5cd2e6fb523949b02355b7e55dc83822396bf7751838942ec23fb017fce87da43f6a3056ddd24a985dde9956d6e5b03e82f2448e6c5a739e270d7789f4189680a93cf6f
+** GENERATE (SECOND CALL):
+	V = d15d5e7b11efd7b4f5e580a5b03a948539c591aed4d001e1ab04a69673c92560bd0609860afa9e53ee313a466885b2443b50c4ab7accaf
+	C = d88e893745d7e7b6358cfabeac33847961e34347702d55c1bc42b76bcbaaf7fe556bb6d07dd15905cb49d4343c79c1c3fcf252757fda8a
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 67b8b11e7448e83e74751718a1ba0ae39196e42e50610a12e82e32000fc3e3c7
+Nonce = 07fd7526ad35051012ed733f0bbdfffc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 75b430533e1b073c9effc803b7d12bc701d08505646b14a950ac22ca48e5ef5a862c2f989f1fb3d1d3a3f6bce168d09f5f710ad59d89c7
+	C = 7dfdd4b95a0c1bcf7cf8ea685fd033b7dd747e271691f3ba42df517764dc5ffe17c13e4d84de20b02ca30fadb383af34a95b49b9f523bd
+	reseed counter = 1
+EntropyInputReseed = a6c2993496d792f2c7107a2799caaa1ba43a15810088b1d896bab248387f0814
+AdditionalInputReseed = 
+** RESEED:
+	V = f2df64b8a4459baf4730c20ace832e8e662ab55a348b2fabb501d63e31b71812b686528d0617d1e7214147e1a9f13eb530db54eae0af4f
+	C = e38a9cdb0a872dd6c58d8ed73a6f45e8abd0b282ddfd31cca2cef4d8283bd9dfc89fd306ba355764522a0a39be2c758a030d406b2ecc33
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d66a0193aeccc9860cbe50e208f2747711fb67dd12886192bcc2481875899a7e55de4234614df3ec3910eeaa0a6d3d1fea954630e70305
+	C = e38a9cdb0a872dd6c58d8ed73a6f45e8abd0b282ddfd31cca2cef4d8283bd9dfc89fd306ba355764522a0a39be2c758a030d406b2ecc33
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c58db2f786d69fd30322b7deb74365f19043500c4aa795d66799eb3986cf5d9df2b4b3f79f3d374883a93a1f2f39660793aa5970c7a9d8c45a8a40b7dadbb78afe540bc15c17d83fe6a89d344381e1335ab5d7effab93f08da060f68ffd5113511a856c703b95d9c5f90cf838b12fd0979b4be0362dbf05fc4a26aaa3e8a974c
+** GENERATE (SECOND CALL):
+	V = b9f49e6eb953f75cd24bdfb94361ba5fbdcc1a5ff085944d7b0996aa86a2e6ddc7e486fd913bcbfde80c693f6de474fa9940fbe7f2b547
+	C = e38a9cdb0a872dd6c58d8ed73a6f45e8abd0b282ddfd31cca2cef4d8283bd9dfc89fd306ba355764522a0a39be2c758a030d406b2ecc33
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = e4addf4141e0ceca2db1ec27663d8f77a66ba2d9c84fa9bdfe839f55c48bc822
+Nonce = f4a62497fd0abc14b60097797ec90280
+PersonalizationString = 
+** INSTANTIATE:
+	V = 275d882790bacca8c731ddd72a93590e950a020dcd161390a0dd4aed0c4b73901bc9ba6382e95ac246cc378a209c8833dbfc4a9daa95b5
+	C = 6c563414217bb5b10370d756bc2bf1c3c3f51c7be518189472e8303b9aa5b66ebbfdee9f3636c43803165ae6c14613f8de1805b7a994bd
+	reseed counter = 1
+EntropyInputReseed = d363386c86a52bdb14a438110d56f524123db43137c048c2e2c7afe38232aae7
+AdditionalInputReseed = 
+** RESEED:
+	V = 808b9371c30b8b7b695c1052e7c7082c8d98df9be71e58e3202d726364c4ed9ee5dae418b8df1b923fdd1d068156dd4cf687b18911ead9
+	C = 1c7ff128c432f7a46cf441e42d3be5c623db909cf64f79c0d14b7da70c3d166695b2c2d28f4deac9fbc784184a47d3fac92358d8a97f48
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9d0b849a873e831fd65052371502edf2b1747038dd6dd374eaf75e35bdd707e541a786cbc0c8aa8158f43e1cb53c38db2653987cd7d5c5
+	C = 1c7ff128c432f7a46cf441e42d3be5c623db909cf64f79c0d14b7da70c3d166695b2c2d28f4deac9fbc784184a47d3fac92358d8a97f48
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5bcd6df7fc2037c47fcd4d5a21949f406b7e0966ae85de0ca1f95a2bc9fca4da9f6cf58b6689860ba0622266ce18a21f4dd8b91a0f4fbef51978d2e1b3986213e5fdd71f8b2d3cd43512c8510378342ceb98805c0e5a33d840c73d18e7cd33b8f1af8bb73dcd4a5acb7f855c03984461a507fb7babaf21de1fb4b7bbe248b82d
+** GENERATE (SECOND CALL):
+	V = b98b75c34b717ac44344941b423ed3b8d55000d5d3bd4df55c0b6e240db429d49a26f1f81913c0d946485d1b1d720a257f2486479ba8c4
+	C = 1c7ff128c432f7a46cf441e42d3be5c623db909cf64f79c0d14b7da70c3d166695b2c2d28f4deac9fbc784184a47d3fac92358d8a97f48
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 94450b61ca24d8f4d0a63097f76738be171405715c73ca48b61a8be5599fdd2c
+Nonce = a4109a4a88f8d52cc382a839cb303123
+PersonalizationString = 
+** INSTANTIATE:
+	V = b0e2c5f5897d2e1350677eb0042743e6860f7683039deb35eaada314be24047648cf3af397414fd061973b1a46b297cd73a78e41860f32
+	C = db6d525d12aa6ee814296ae099d1e49efcdaa7e06f4059c01bcc5aafbffd59e6a6c56fbb08602dfb7bb64fbdb4efc81f62f4b00834ba26
+	reseed counter = 1
+EntropyInputReseed = b3b9cc78295a99c34e9e6e2387ab159ba74efdf47e713e9dccffe12444fa3e3b
+AdditionalInputReseed = 49202706f38088327f6331526ac6fa9ec933d6097c4ba1f3adc154e73d296cbf
+** RESEED:
+	V = 986f065ac0c6933912822b3d25a36c4b8aeae459df6f8f06b9022ea04d308d69ff2c7c5c4fce44dce83aafa150f7bfc8ef8f07b068062b
+	C = 8d20e1dcf5dcaaebde951ab081be1f0f1ccc8dd4b800e22b116e34bbeb3f8c55787157690584c4fc9811bcccc41c6d649a882072b5a0ef
+	reseed counter = 1
+AdditionalInput = 980f3f13304900ad37ca3cf95e549563e408950a8304539c4bc8c56a84c7b009
+** GENERATE (FIRST CALL):
+	V = 258fe837b6a33e24f11745eda7618b5aa7b7722e977071bb924f7f3a5f943659bad4a32cde3a4eeca343f54959c72512b3875377a9cc49
+	C = 8d20e1dcf5dcaaebde951ab081be1f0f1ccc8dd4b800e22b116e34bbeb3f8c55787157690584c4fc9811bcccc41c6d649a882072b5a0ef
+	reseed counter = 2
+AdditionalInput = c8ff9fbc5212b4eaece03f1114c1ecfe47da36013043f14ca164214e17f9e1ce
+ReturnedBits = 3e05d7a574f94b86a50d006d63c51d64f59704a9b833615bd0d99034019cf03b3c9206fc1a592fde416ac782f60a10f1c98117a882801eb8e6c737e1f5ae816b76620ddc68043c5924321ac96be218b78c29c44e78042300d14250b7c688b444789f2dac1e3312bf7e6909b7ae439039770f645f3e5b360a350b8f1ca1a254b8
+** GENERATE (SECOND CALL):
+	V = b2b0ca14ac7fe910cfac609e291faa69c48400034f7154e4a168e380953ee512c86625480b126eaffd9bd42b82874ae006d7433b44215f
+	C = 8d20e1dcf5dcaaebde951ab081be1f0f1ccc8dd4b800e22b116e34bbeb3f8c55787157690584c4fc9811bcccc41c6d649a882072b5a0ef
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 4e19b98a077bd3593cd51c42eca0d30e2a4785de0976e827bbae71913691f1bc
+Nonce = 88859719799402a7ab4d74d60806d382
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7fb3a5d2b7e3e8bc711156902818338eadf19015d3ad0ab1431e70b67271d18f1b62457cbcad61812dad572557b1a4ea6b8d151e4c7f5e
+	C = 0ddfc3936effcdfd82441672e1ef017f7f161dbff118af8a7d10fd450d3b6e01123a6d825c23d81d5514287807fcb86be0faded34050c3
+	reseed counter = 1
+EntropyInputReseed = 73175f1cd3b7322be01b8cf3caad706e9f8da787d26e0ce8bea9ce6c23ad2d38
+AdditionalInputReseed = 6ab4b41b485a6fa481c2e22aed3cbe46559d7f18551cc6ce7a776b4525cc0269
+** RESEED:
+	V = e0f33147abe4550a61fe82e9bdae1ab405688771d3126c00c69292b388d35dfde7320909c87dc93ab611c1775672c77028404b79b86f92
+	C = 5c987a759191dbd3199040f55a3a3e406e862a93cf25c64be7bf240f14f1e51ad0c7092ee7cebfee2ab7b86f6a5fb2cbf16d78d83ecfc9
+	reseed counter = 1
+AdditionalInput = 36b364bacf04addc4792b6edc248b9b62da5daea639bae150a40451e9d3fb618
+** GENERATE (FIRST CALL):
+	V = 3d8babbd3d7630dd7b8ec3df17e858f473eeb205a23832f4a691521e65fc8f8a9f9ea347c513e6253ce929c3febf7a2ad824836c989bed
+	C = 5c987a759191dbd3199040f55a3a3e406e862a93cf25c64be7bf240f14f1e51ad0c7092ee7cebfee2ab7b86f6a5fb2cbf16d78d83ecfc9
+	reseed counter = 2
+AdditionalInput = e1afbe32e651a76cd0e145f42e6c9749a49c9439df90379d555a29059ffe9f4c
+ReturnedBits = 046b0ae7ac703c274e590f2282261fbdeb176d2cf86bdc0a1c6075682087b18b931433ed2fdb710cc5f54fd226e8dc7bca7ce14e40fbddb8fae4ddbb0dc1199973ab638dfcb1e1280334a03f586c80c2f2d9a0022014957012bd34e647eec2693430268407fbe3bcdf9f8f2d3a433a99b7aa1b22fe0d47b6d6aa3f6fa5e4003e
+** GENERATE (SECOND CALL):
+	V = 9a242632cf080cb0951f04d472229734e274dc99715dfa3c766b09a05f3845709a8a05fab2485c7e8cddd83eae7cce8a86674e04370b17
+	C = 5c987a759191dbd3199040f55a3a3e406e862a93cf25c64be7bf240f14f1e51ad0c7092ee7cebfee2ab7b86f6a5fb2cbf16d78d83ecfc9
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 03a1f70ecb64aa0768ffeb2d0743113045f3d7e5e377796b9ae8b826024ff4d7
+Nonce = 8755070bd7bcfef9e1a7a3e1067ad3dc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7d3dc8e44c7a13818905efb113f2b0d267146bad96f5fae332087500f6b0fa54c74280e7d92c8306cd3520e44a70747e6a8ec0797c2111
+	C = 27db4fa1dce49eb3bd520868061c649cc1f055f7ffff55cf56abd78c597f030b87336a6f0e29f0357a306d59a1167d27068a6be67cef13
+	reseed counter = 1
+EntropyInputReseed = 70266b7938fbef75e77fbc95915f14480f60b1b75b50a3f2a38d17daffd14ee0
+AdditionalInputReseed = afcc3687cf456129f13207fd031d5248f4b70c36adbbba96047ae960fdb67843
+** RESEED:
+	V = 6d111e46ba51aba45eb05e1a6741bb195e16919f00004e1c00763268ef46e43d71fe06d90d3d3f1277a14d78ab4be6e6b9a245dba36357
+	C = 0edc81f16cf6920db05f177139f5d644e91856d8a7ceefba1626e06bf6f41361b13f2bb8573c085c96257be894746c0d26428da13c4fc7
+	reseed counter = 1
+AdditionalInput = f155e92a5dc7a9e2d9f4611f150952b6aff89f662ab8c62e5ff20008e5c56fb4
+** GENERATE (FIRST CALL):
+	V = 7beda03827483db20f0f758ba137915e472ee877a7cf3fb77fc416b0b06f237f022de8809148eb79bcd2c780e09210e3a637f8420cb21a
+	C = 0edc81f16cf6920db05f177139f5d644e91856d8a7ceefba1626e06bf6f41361b13f2bb8573c085c96257be894746c0d26428da13c4fc7
+	reseed counter = 2
+AdditionalInput = 7f287d793471ad08a9b2798eb8d00af794c4737ca683a1d1ad51b94785677755
+ReturnedBits = 5dd58db1b8bce05c8297694f0e771ce79d76774ec480369cbd6381bdc7f66946aa6c5870a0029c4ac78638b2610fa63700fc1faa2103af7a2fb9a87d94201ffa791cf983c1375efc2e6e7d6565ac423a0e89526efd4fe0df1ff94ca3978e46459b9e90f85737b002f3d3b4d9bb1dec26efca44fd55c484889ac6a55362d489ab
+** GENERATE (SECOND CALL):
+	V = 8aca2229943ecfbfbf6e8cfcdb2d67a330473f504f9e30b4a18250590304cceaa1cf365c743a2c4523fda5022ed4e2ef101adfa39297e9
+	C = 0edc81f16cf6920db05f177139f5d644e91856d8a7ceefba1626e06bf6f41361b13f2bb8573c085c96257be894746c0d26428da13c4fc7
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 586ada42d6ce87bed4e3909f920177a27cf22c5a5def98b65f63560bdfc11d18
+Nonce = 447d4cc5ed6f686e4ec60757ccb0cdae
+PersonalizationString = 
+** INSTANTIATE:
+	V = dc869d4ca25ebeda4137ac964812693f78bcc62feb06ffa52eb63582609cc92fd7fc31522f9845880a71514169c248a2a2999029caf4ff
+	C = 29fff52b290c7cf4045ad0598391a66d790daf2eafe1833280a58c401b444679ca9b7e3407a70ade75299e17f7bade38ebe72f2b4589ca
+	reseed counter = 1
+EntropyInputReseed = c0d5bcc408f37002914e7b5efb1d2177c90f1150a34df5a57c43a948de86766d
+AdditionalInputReseed = faf6309f2b6935c364dc6db5c880a5e7bd931f9e4fbc0bb83b7be9240c9f9ec7
+** RESEED:
+	V = d58231809f37934ea634a168ca17026095b46e9308ec2fd3bbef9addd2d12952184af7272fbc75ebc6069ae5664c268ce152b75075a785
+	C = 1d4fa12fa6df73f60addfe01d846554a5a1b565c29fdf87484a306ac199373b32bf713d8739440e5d0e99475cd4d8e25a0ff0af2535184
+	reseed counter = 1
+AdditionalInput = ab2cf5f613513946668ad75eb928ed80ad1d9ddb80f33ab1a71e8ea0d6290984
+** GENERATE (FIRST CALL):
+	V = f2d1d2b046170744b1129f6aa25d57aaefcfc4ef32ea294f151c11376ebd84a179282203f340f62d0bc1ad97af628bcd4e2edf828ba355
+	C = 1d4fa12fa6df73f60addfe01d846554a5a1b565c29fdf87484a306ac199373b32bf713d8739440e5d0e99475cd4d8e25a0ff0af2535184
+	reseed counter = 2
+AdditionalInput = 329f6a1444c8ad0756e32d5d99628622d5513beaf1247a4d7bbf693de2e22396
+ReturnedBits = db9ffb84239cba529d6f043fa256dfde2f80cfb30f74238ed740178a77f71e0d1c05ef70fda03e4a4a8000e1fb2b46be45b6d279e3dadda3236ef36a480245e6b6c5e8fe92b54667aa0e19e0c122e20689d41d2b0218e176d55fc8eb921691c6b8328136b6dc360f1d495a217769a87fa4d182d87ac6e58791087c603f2973d3
+** GENERATE (SECOND CALL):
+	V = 102173dfecf67b3abbf09d6c7aa3acf549eb1b4b5ce823282e19b8e1f8f0dee42e8685c978aae6d2152911257aa0a168789903eb9b41df
+	C = 1d4fa12fa6df73f60addfe01d846554a5a1b565c29fdf87484a306ac199373b32bf713d8739440e5d0e99475cd4d8e25a0ff0af2535184
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = c1dc28e3e035abaae6c633dca5e7fd2ba1f3f15db5d40bc39dd45218ddff851f
+Nonce = 1cebd4e3354e886a523e2a84b23389df
+PersonalizationString = 
+** INSTANTIATE:
+	V = 902ba1e78bf199caffdda92e65398b5d8cc52db0fe152397544cd42f98788ca51390384a47b8f7a09ca215ed127bc0481b79cd245c3b48
+	C = a079c704a0ef6d4cb0d855b9354496534c9bf7732d881c807cccab842786a34d6de88fbc194c6acf829b05515f392630b47df6ce9422ea
+	reseed counter = 1
+EntropyInputReseed = 6bf203bbafb8ae6cde82ed77bf2613f9a52483ce2a8ddc26b7c2b96886d54c2e
+AdditionalInputReseed = 85631356a695deb16852fe71b6d752cb7bb7873cde59fc67962060737b1490c1
+** RESEED:
+	V = f01017cc0a48822987dda3044c67b9f8332d65939caa0eaac096b9dfc13bea7065adbfc57aeb20ea2e910a1519af8bce1ad2c5659f2426
+	C = 6fe7dd4a38a637fa7680148b4d5602d7550f9433a359c4c6a8de5543ade0fbc595af7858dada67ed2597bb010b1eda200dd436a9bb9b82
+	reseed counter = 1
+AdditionalInput = 1b7474e9c607e3f281cf7fc239ec6ca0d88e672d5d35c951060aea1cc1d579d1
+** GENERATE (FIRST CALL):
+	V = 5ff7f51642eeba23fe5db78f99bdbccf883cf9c74003d4dcd685684281b742246f156451c76498b24494b2f6a384760b8a301d8081b033
+	C = 6fe7dd4a38a637fa7680148b4d5602d7550f9433a359c4c6a8de5543ade0fbc595af7858dada67ed2597bb010b1eda200dd436a9bb9b82
+	reseed counter = 2
+AdditionalInput = 8a67be8a3fe2675ab8bfa530d8b8af6dd5f4c202fc242e140f954202e16f4379
+ReturnedBits = 9e53f08a518358aaf833805bd5cc5f1dcc251380172c75f04a03d69d5e58b1572a3e507223e645c414a5b33719dd695f6926d586387998fd5ae2edf6d4edb9daeadb7478d79354e9120cef2bf709a8771e33e5f89fe749b7f6a22419dbfb3f5c5b0ffbcdf6951149cb08c73fe7773c354a7bd4844f069cde6eac3526172e1189
+** GENERATE (SECOND CALL):
+	V = cfdfd2607b94f21e74ddcc1ae713bfa6dd4c8dfae35d9af9ac12e9681f813b93c6b282a1aa9d8036a4bed3e41332d4378eef6fb7c1496c
+	C = 6fe7dd4a38a637fa7680148b4d5602d7550f9433a359c4c6a8de5543ade0fbc595af7858dada67ed2597bb010b1eda200dd436a9bb9b82
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = f0172bd7e0a48df01c352d0c8cc26bbaa67bd32cd37223b1d0119876ae141538
+Nonce = b9f8180103cfb6d7352204d35d94a096
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4760bdfa77389aaf22d9b489215043dae132ba8cfd36ee0e1b15b098b985326731591da4e4c35067ebc3fa55c5057293c144efac2ac900
+	C = 673ebcd60e9d3179ce35671610a59a14ff7dbe190c6005e133ff8e254b1f989525132ec2a8b76e6ec76f5ab3191789940a1c2ad55fdcd7
+	reseed counter = 1
+EntropyInputReseed = c0e8784d96a0b1a8b32afd376ac4546c6a6120c32384e25dc41d203314905622
+AdditionalInputReseed = f9292a9e6ce580a559034fb19ad17f116b81bdb1dead2fe1b06a85a53baada9a
+** RESEED:
+	V = cd3da76f869f52f4c4a65d38d8146766284d5a9110ebbd1e11f06215506b61ada65d57a552c925de3a54fc9fdc05d9ec63597697608523
+	C = dbfb4d2178e14fd459df66bc04b682cf19ccdaecbd030a41e478c0e2bf8f6cd25d95acb5f223459ccca5b4322102cc63943a1a1ba67d89
+	reseed counter = 1
+AdditionalInput = 8f1b18ae1147a5be5c275ad9ab47340632cf7db0c99a34949a13ca2909ea18c5
+** GENERATE (FIRST CALL):
+	V = a938f490ff80a2c91e85c3f4dccaea35421a357dcdeec86a70a392e00ef27895154f392cad5b35a1cfd76fe259f60d00ff7f44c1de7461
+	C = dbfb4d2178e14fd459df66bc04b682cf19ccdaecbd030a41e478c0e2bf8f6cd25d95acb5f223459ccca5b4322102cc63943a1a1ba67d89
+	reseed counter = 2
+AdditionalInput = 8f3c2a106c0f22c3f726698e837afb4e06d3ca631d4cc714600f76dc404ed10c
+ReturnedBits = 28dbeea1b0cc04681e3f9932e31f4a247f5293c9dfe6ffaa2d0d1c1edb2c724dd6d31b3aedbf57430abd1632e9a3ab1aec3c0d159adf5267b7a33438d38725f1febc38bd104c0ed1f15f657fed167452b2a7e20ffd75ea913cbc34410f45d27d130e1ff2b83aa800c11a9379a52b1ead74aab1df1e89bf4a85d446aa989787a5
+** GENERATE (SECOND CALL):
+	V = 853441b27861f29d78652ab0e1816d045be7106a8af1d38c92015a308c7e8e04dd5dac5cc9c176ef26c8be33993aff5d97a37243afb92a
+	C = dbfb4d2178e14fd459df66bc04b682cf19ccdaecbd030a41e478c0e2bf8f6cd25d95acb5f223459ccca5b4322102cc63943a1a1ba67d89
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 1f11e8c4e20eb5d0c5ef94faef02e9a41c58972e1448c94b8733e177ac9efc7b
+Nonce = 28849cc0387edfe6df8a6f06b252be29
+PersonalizationString = 
+** INSTANTIATE:
+	V = db3391990a0a8ad2d2e3b722e10bd29cf9d359403c35dcb0835a9fe706b52d160197d10e79dae7f399828f76b44df5b45336b394502ec8
+	C = 5d7a53cf3b1121f85f951d49e11340f1af93eedc4619614a1f21ff23bc20c25d7ae925804b30a708dcee389023dc1ddf5a37e8f856f581
+	reseed counter = 1
+EntropyInputReseed = c882f6fc84bd5da55d0766eb62e9c8f2d96e6bf77446e2212c11395eb64f7e7b
+AdditionalInputReseed = d1ec6a80616479316596b64b037b4f3695cac535dcf507299db482f96030a0db
+** RESEED:
+	V = fdff2f7ab58f52870947ea99540f3feb54d8b58e02479e4549145c20a6f3651dffb2af267b6edeb4d303046afd55f7474d1b0bd5e49039
+	C = d80c3dd5d248bade32b2436350bf0660c3d72cec0c69d6959fafdee59b71bda136aaaebc1fb88a46a79b72ca17be706656606b72e395b0
+	reseed counter = 1
+AdditionalInput = 0db1e66549ba325f02bafd460c2750de4a8a7b3710582a4b9fe2764ff9081129
+** GENERATE (FIRST CALL):
+	V = d60b6d5087d80d653bfa2dfca4ce464c18afe27a0eb1758af3ecacaffd8e5284acc7815997f3672a1b33dc06694be0434ffc78ee5f5334
+	C = d80c3dd5d248bade32b2436350bf0660c3d72cec0c69d6959fafdee59b71bda136aaaebc1fb88a46a79b72ca17be706656606b72e395b0
+	reseed counter = 2
+AdditionalInput = 9a827def44e983606f5f397b734909fb7940ce16535d667aa21b6cd3600707e3
+ReturnedBits = a408f3c78a34f7af3044f66d3fcd57e1375a52a280d9221b27d35a136943323a7647a5df2ed8ed32efaf2b5cd87ae915a82cea21c4558b0a4fd5124e0628e659e7daf3aa5c04ec2d73ea635e984f9dce6826d3b2e53ede2ba0655353fb1cd06df72d5c11fa792a748180150f457b6017b3fd5ca1d7923ea57333ea02f8903ea4
+** GENERATE (SECOND CALL):
+	V = ae17ab265a20c8436eac715ff58d4cacdc870f661b1b4cce6326fb95837013376bff513b0ca4eca5dd3b317e446f830d43ccf9fe58c671
+	C = d80c3dd5d248bade32b2436350bf0660c3d72cec0c69d6959fafdee59b71bda136aaaebc1fb88a46a79b72ca17be706656606b72e395b0
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = e544e6521bb0f86593f62903fb41a3842e2111ae98b7b17d889bcc549981a8ce
+Nonce = cdf599bb5f14c0742843f74d5b3960c0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6c26506de74ba90925cd8223e59b878b6868c8479c1d5439be0e6a0cc0cd3beb4f2d4d41d6fd6c0f5ec7846248a869e8dbcec1ad359e15
+	C = 7134fd0237cce82e25158488a051a024414e58f05b6de028d76ed0a1d38910f08876b594ef603d68708acef79f0d65cbce41b11c364522
+	reseed counter = 1
+EntropyInputReseed = 4e5c6b57d2a931c35cec58f347faa96115dee6d6b25e1eff59ba5f7450a89715
+AdditionalInputReseed = cb9e5d244a1c2d719df75a38ca012d9740c902c16f26f4a2eb3d81e88529b15a
+** RESEED:
+	V = 59b024fa579913538e18a180e8229b1f510d356f8b65a782ceddd360a1dbf38d92cb7f6a835b3f2316c1f2a34b01706041a9e7ee0d0543
+	C = ddb86ad37a76dad84714ead52698882c74de11cbb59abac605df715ceed633ba233c70b9ea25b8290ae8358cc57b96b4c5b950be37bb0a
+	reseed counter = 1
+AdditionalInput = 6c1d66cf72c9a4b6cce62e0a5d238ace945bc20a5210aedcdb13768e17e3d13d
+** GENERATE (FIRST CALL):
+	V = 37688fcdd20fee2bd52d8c560ebb234bc5eb473b410062ccdfd6024a0beeed20c0038afa9d32b0e4bb061dae155a9181064d748942570d
+	C = ddb86ad37a76dad84714ead52698882c74de11cbb59abac605df715ceed633ba233c70b9ea25b8290ae8358cc57b96b4c5b950be37bb0a
+	reseed counter = 2
+AdditionalInput = 1fb00679086596ce174a046a609f03f7156dbdc48cd6dceac4cd65bfa856dc6c
+ReturnedBits = dd9ecde9034653b3fb3b318e6ded01d9a543eba622eb46f7e1f29121720e2cdb6d7f4f462adfe1b0c39153db5150f09aa7fc18c686cae9aae4d49bf7bc024a6489f8032c38de422f116c16aa56b15fd80f97830c8fe682b7aaa7cf9eb58dd3c045eeda325f336df5a2ce70a662b994bcc64b4cce86eab0215b70d77a107e6637
+** GENERATE (SECOND CALL):
+	V = 1520faa14c86c9041c42772b3553ab783ac95906f69b1e019529798e3861ae1121c988892af1a0bc2301f12a2813c44fdc0cd6625198a4
+	C = ddb86ad37a76dad84714ead52698882c74de11cbb59abac605df715ceed633ba233c70b9ea25b8290ae8358cc57b96b4c5b950be37bb0a
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 97a9e6c63cb205bcd67ed5d3282aa35ddfea480369e822c544723dc0e1f9c9cd
+Nonce = 296ecbd6f94e27f028583b0dfd2f83f0
+PersonalizationString = 
+** INSTANTIATE:
+	V = 9814e2b876b26b5cf42a360ac665ed0475b4099ec3b11d4f0e762ee441e1291d5843d84a24aa2062e0b7649acb14f8479e1901fbd90952
+	C = 1c5102de73ef887f2e3517cb76e11381775188329943cf9395593f59ab1d65116259bdf4bc272e802941febc59a4df7a6b90b14aedd7ef
+	reseed counter = 1
+EntropyInputReseed = 94b7b27da9ea0adc34a4f158f1dd5e15eed56dce5408f02ae86c275ebebd041e
+AdditionalInputReseed = 6246a9f14810cf2fe102ff7e9d6c6a9d5da188e3e02b09588e2d701f2eabeb5c
+** RESEED:
+	V = 8f192d0cf7e68467ecd3e8fa05c80f354ee6898df9e988fb9c99a39bac6a0043c0762142d05e225cab885168c91a5632cc58815a92f575
+	C = 61a344344f085e1ab5adf465059691e4fd4a1d1641cf0b1ebb60f11f064c1114f65f31f76bb4994ce628b4d954aef68df616bd1aec675a
+	reseed counter = 1
+AdditionalInput = 4611b1aeb3a082b439a88ec5542d7b248edbb663e90915ad0249c7a5e6821cd8
+** GENERATE (FIRST CALL):
+	V = f0bc714146eee282a281dd5f0b5ea11a4c30a6a43bb89553cbce1315c3646ea322c64d17eff988f9655c9013d907e2130e9784d032faee
+	C = 61a344344f085e1ab5adf465059691e4fd4a1d1641cf0b1ebb60f11f064c1114f65f31f76bb4994ce628b4d954aef68df616bd1aec675a
+	reseed counter = 2
+AdditionalInput = 1474a36c6be63d774bb64741b0306d68545cba9231574747409df1d12b9c129e
+ReturnedBits = 42cbb599ed3cafd28a99e8c4dc76661d6b15370f7760938112b0d70d6c2af3ede37ddc27cb557cc608d0155aec44265a239a6ed0d691003d332bf7b2006796b0104518acbdb4b4d181be27fa132eae329225f283f1b9f7f4ad6c3811d5720f5fd65753fcf908ccab261804e0eaa6b3d230c19a15a8cb93069a7d8b9b41e12b2a
+** GENERATE (SECOND CALL):
+	V = 525fb57595f7409d582fd1c410f532ff497ac3ba7d87a0a5408e77c8c211bcecd3caaf9759f1d192370eaacb16aeec4f00a0afa0d8d8bc
+	C = 61a344344f085e1ab5adf465059691e4fd4a1d1641cf0b1ebb60f11f064c1114f65f31f76bb4994ce628b4d954aef68df616bd1aec675a
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 3f8e6bc9cef58ea39776baceae8b732a102d25cdd5122aebcade2b315a5cb4ba
+Nonce = cd37c2f2d31ede70ede22d193fa4b3ca
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1c7cbe656b1d3e7b505d48bbafffa8d9aed0c3c3478b639a5b8593baa1a258a36cf57ab4dfcb0f073c4ed690d9d05046329134670b552f
+	C = e9f465df038bc5d135be2ae0ff30b1e5d1d447a4e0dd8fd138375ba5a609ee0f4f63785455f0f60a04a27b4c5c15e281da1505a5fbaa7d
+	reseed counter = 1
+EntropyInputReseed = 5367f267bb12aa5ec24726a7c00c06b605ccd8b08bc92b16d1b7580ddaae9f8c
+AdditionalInputReseed = 4b6453678e7503eeeb0378daf5031c2a7778674c8f3750616080e2f1afac93ae
+** RESEED:
+	V = 5070b4c887e4411eb029e19e5f1eac5bb7b5131acddedcd0a4c1b3966c131adfad7d3db424a8db912c81cbf6872cad5643797f55042943
+	C = 8805f79556df5358b06cbc30c622daf0ed9d91c92a3aac075d57d5086cb956df4b0f103a14189ac909269ce4fd2ed47b802372a46ad307
+	reseed counter = 1
+AdditionalInput = a84ed49fc9be9761123704aa6f8eba44f4e8eac68f783e8b9766b22891621673
+** GENERATE (FIRST CALL):
+	V = d876ac5ddec3947760969dcf2541874ca552a4e3f8198a3fad9681caea7460dd8d24d3736a92e8d0be75543753b9298bbaaf54e78d4fc4
+	C = 8805f79556df5358b06cbc30c622daf0ed9d91c92a3aac075d57d5086cb956df4b0f103a14189ac909269ce4fd2ed47b802372a46ad307
+	reseed counter = 2
+AdditionalInput = 70e01b607eeb6dcc56a5ae9d04e526463614a8925d6209d864c47b9eda57e553
+ReturnedBits = 7d22552a12bfe973f5eb65a30db49ebb251677b154a5e7d3f7f266b72864befa06bb3c6c2095047277a0766be3d0fadf7e2fd2de0f67b5c0b75caddec9ddef8ee114d21f61fb938e3810f2bd67c4e723f8d5bb83a15facfa8730dca10398c4c66bc97756aa93ac033f3ad89cccca99cb0dc52eb9c598c981869703f7a3886355
+** GENERATE (SECOND CALL):
+	V = 607ca3f335a2e7d0110359ffeb64623d92f036ad2254374a67ec467a0dc8ae5b939cb6e55fb986b82249f1fcdf7a9af7f77d266cec99e0
+	C = 8805f79556df5358b06cbc30c622daf0ed9d91c92a3aac075d57d5086cb956df4b0f103a14189ac909269ce4fd2ed47b802372a46ad307
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = b91745853274ca7bee05738b3c60376059d2bb29988b08722754d0e560faa71e
+Nonce = 36e8860f34acaafc687eb5ddf748c816
+PersonalizationString = 
+** INSTANTIATE:
+	V = 81c8391316b25f6b416d4c88e09122757ba930ab8dd8ca5118db33bb4f3117268a8acfecb5bce32e5ab0cbedb2df9219006a3465c2af6c
+	C = 980a382ba2a30c2d4f7ca8346c1398839881734992e7a2e7de62b92d3b0811a7f39efebe1bb69be154ec77e536c40923eaa51d2ada8ae8
+	reseed counter = 1
+EntropyInputReseed = ef1d845caff8de8b780b2c1cc0494ec7bdd05c50251f9b3bdc9616dd7293bab9
+AdditionalInputReseed = 024f155d33d09a20daff75d48d452f90acf22b1eb520591418174526bb0123ce
+** RESEED:
+	V = 174d52511bc80374250663b01b2e53e4a999bbcfb46d8ea516d09f78ef9cc9679aeba9933ede0267578750b1466d4803746f7676f90fc2
+	C = ab6107566464b436f6d7bfaea196563a228ed0d1977ba2adfe76752e358007971e4aba954d440633ae9efa229b7355a328e8dc9f1692e4
+	reseed counter = 1
+AdditionalInput = d3dbd11aa479723647c97fa6c9ac528cddd70673eb657f8cd98f30f35d7510a2
+** GENERATE (FIRST CALL):
+	V = c2ae59a7802cb7ab1bde235ebcc4aa1ecc288ca14be93288cddd137abb433e7f6bc188e60cf2e8fac72f12e434e0db8d5e4ff4a870aa5d
+	C = ab6107566464b436f6d7bfaea196563a228ed0d1977ba2adfe76752e358007971e4aba954d440633ae9efa229b7355a328e8dc9f1692e4
+	reseed counter = 2
+AdditionalInput = 7fcb6ab463ff45c9e3bdbce4d508d409be8ad9b3fbf1f7beaabead68ecedf824
+ReturnedBits = 92cb0383c1fd11062bb35970c613ae07f05d7748bb69ff73f79195e7896bcf99fb06974f1cd037ea1cfa9e88b7f2f8c07dafa7ee65b0d950766539edbc9bf7122199ec652f049f3d95a8d7f8e516e54bd9edb913c5271e002e51c3464744439215c8787cb6290794fa9374afe70603647542da9a2a3434a460759a056f0e3b6f
+** GENERATE (SECOND CALL):
+	V = 6e0f60fde4916be212b5e30d5e5b0058eeb75d72e364d5fcd95fa17984063e9ebc8c3d63ababca81e4deb6ce1319380bbde5305f533da1
+	C = ab6107566464b436f6d7bfaea196563a228ed0d1977ba2adfe76752e358007971e4aba954d440633ae9efa229b7355a328e8dc9f1692e4
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = aa8d8905ae9aec899560766bb852136ab7645529f2d88e2a4189b93e194cf6c9
+Nonce = c6ac78ae7620c56f8f8fd03b59c1f265
+PersonalizationString = 
+** INSTANTIATE:
+	V = 086ddbcf36e1aad463fcccc321e21ab41bb6cd700130c879fe26af1eb46be1f3bb0a53c94618ec16baf004b56fadbaa413c343b8420eff
+	C = ee92aacae3837447aba753fedb5fb0d9fb8e3249ba49b2b22b39026342ba6d65a21f66ab6319997d87a780e492d25791c6500123d79033
+	reseed counter = 1
+EntropyInputReseed = ed729bbe79e33a899a07bb8781e76c30e1ea06b3035776e8c0f1051f62bb2150
+AdditionalInputReseed = d1bceb0015d99a43623ef2990c30c84456de18fcde9fd9b5435dd3d8e4f33622
+** RESEED:
+	V = 98cad5899fd7a3fd7e1e6e4b707ca0d871dfe4ce3e9749bcf6cbb1ccae3ec564f4cfdc288c012316f07ad5c0cde8e615bb100607ea140f
+	C = f088678aa649b5f2580a8d4218061c0307a94167fd2564b6312dd4698e5298b48b1c25c5a0038d5be79d330bf9976c1fc21459fe778294
+	reseed counter = 1
+AdditionalInput = faa7d4de53547ac73249fb2ecb76500749a62aa7d4e968d64aa2daefba0caa0a
+** GENERATE (FIRST CALL):
+	V = 89533d14462159efd628fb8d8882bcdb798926363bbcaf6fdb88506f3b26100db6874398a90974d4e7ba35f129e3b50f67ca554199268d
+	C = f088678aa649b5f2580a8d4218061c0307a94167fd2564b6312dd4698e5298b48b1c25c5a0038d5be79d330bf9976c1fc21459fe778294
+	reseed counter = 2
+AdditionalInput = aadd2dda23b0e3e4f22af95652b74291ee21d845916b26e76bac7308fe7891c4
+ReturnedBits = c6929e2775218f55b669ea8039c70bd1509be3f03fa43609540d3d8fcc0755c3900c0111fac88990de069685f79744f19ad4de3eeb09f1e6c58ed616ea1b874ef5974cc64262af8451201c80a038ef4a4a155fd25b2a493f87bd75dc5cbdeee10e48823030a7f1577ac05a586b5227e01f062a2c1d075f3c28a59d7f5d69c102
+** GENERATE (SECOND CALL):
+	V = 79dba49eec6b0fe22e3388cfa088d8de8132679e38e215875c23f29ebb00b9dba6cd86399ce04d9549589d7d914a815727c51978c7a042
+	C = f088678aa649b5f2580a8d4218061c0307a94167fd2564b6312dd4698e5298b48b1c25c5a0038d5be79d330bf9976c1fc21459fe778294
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 171f9d32f44a5cc82992f1addc428ca6cd32327f8e0f53725bfa08cc6d275558
+Nonce = 6145a8d7ec54491711ea56d856157f3d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 44bfa715aecfa3554697433c7a443e20988282bf7d75d44e6d057a3bc2820c90834a417b500317c2d6cc96fc2652f7434cafbd623963d5
+	C = f6e597c6bad64e530d7934ee212074a51c1722c91405b6a1bf9895b056e76dc126fb014909450ea0504c9658f08d001db3988735aa75d9
+	reseed counter = 1
+EntropyInputReseed = 29d94deee6479e54492861c263081d08df92bb249f5fedbcb78be00baeae2e45
+AdditionalInputReseed = 2af19c59e0c230c8612aa66def07632dac1a9a3631d03bfa1e0d8bfd99e2f658
+** RESEED:
+	V = 57ccfac12e6d4460020e43f291063ba15c105803465e7486b67a59989f32bd2da9f049a65a14e623ddc7c637f679e0754a61fa6d066641
+	C = da1acf7014f778b4909dd925c814fcd1c0d600c359c746a65cecbf38b2cd5c9587861c431116443a90f18d7bdd7a99fca65e5e401a9467
+	reseed counter = 1
+AdditionalInput = ada2a035faad9677d8ce3791cb30cc058e5443217a6d44e9db2bf8248b6f4e4c
+** GENERATE (FIRST CALL):
+	V = 31e7ca314364bd1492ac1d18591b38731ce658c6a025bc309f781ed00ea0ea10351ac0f70355690300a749822c2b38ea78ff31567d5de5
+	C = da1acf7014f778b4909dd925c814fcd1c0d600c359c746a65cecbf38b2cd5c9587861c431116443a90f18d7bdd7a99fca65e5e401a9467
+	reseed counter = 2
+AdditionalInput = ff69251fab740c51656f17060f10b93fea10217dd84658d2a46efd2f1b93b30b
+ReturnedBits = 658dfe962f1b62ca83b4046bd27caae9d7ce40d940512ba593dbe3d67fd5b2532568ccb37eb82d5bed0b5feabb87fd6199df37a153b4964e508eb7601c7d4114ebb24fc647d7b288356fc22ea85722bf6dd41c9b53904f48f4842aeae3b0adc326701217401ca8dc15c36b4e3f754f1bbfa9edc13fbc2da69f433111ec9b224a
+** GENERATE (SECOND CALL):
+	V = 0c0299a1585c35c92349f63e21303544ddbc5989f9ed03dff660a8555ea757a95fbe69890d697e4904b09e305ea37b7615581f95701aa1
+	C = da1acf7014f778b4909dd925c814fcd1c0d600c359c746a65cecbf38b2cd5c9587861c431116443a90f18d7bdd7a99fca65e5e401a9467
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = b1843352182ccdd5068e1c30e698ac2692e6a058aaf1aca37bf29f51299a03ed
+Nonce = a736ac9788517b2f02b72a8f19129082
+PersonalizationString = 
+** INSTANTIATE:
+	V = 5249db0891b14744bc03230b3f39165dbc7fde792140c7abe88802f1db5325d372b4a70707e989d21a58c8795bec3f429a344a88c80004
+	C = 9c94e3cebc766893632fb832e2648c08b0d75377509d9d378c68942f08c80956f8d2cc5340ea3655c154caf15b03cbbc740deea5e779a6
+	reseed counter = 1
+EntropyInputReseed = 530ec9ca7569223914689214f9ecb28f11e86845ef8c24bc1da1b2f3680ef5d6
+AdditionalInputReseed = 8cabe31c6d12ffcd06b736475ae8019a1703d77b7a476444b402fbb4dd0b5646
+** RESEED:
+	V = b1442eded481dde2ef43ba75a2bc9d84f514801df0b60d291d6e49cd9e5187e019180c93f8f334187fb1d0d828f9aaff9d88fb6e6d2ec6
+	C = bc745f3ca61e6029c2f5954e3765f02bf98af1dc64756ac68942657b449df568be325ee811a173d78c5097abe04820b641f4ee0398f748
+	reseed counter = 1
+AdditionalInput = c8beaa58639f0b33b8b7b114ace91102eaf8b74576dcb87cd4453845dc3358b5
+** GENERATE (FIRST CALL):
+	V = 6db88e1b7aa03e0cb2394fc3da228db0ee9f71fa552b78aeea025f4a4df7b1615bb9ec8e5cb25361228272cfcc0f238c827c4812d74acf
+	C = bc745f3ca61e6029c2f5954e3765f02bf98af1dc64756ac68942657b449df568be325ee811a173d78c5097abe04820b641f4ee0398f748
+	reseed counter = 2
+AdditionalInput = 2db344fac93809cc98705720343837cada631d3dabde7e60443f566d8ccf07d0
+ReturnedBits = 025007cf5e5cd56de6f21b7df36b1819b7b8efdb4be69394624ef6fff6a90b737b7d1da7f86761249390397977dd0c142b130261ed6496d8e1a2ec626fdcb23b68cabcad24822c535c3242c413d1af83fe3a209a68ff7dfdbc04eab90ac8bb54af24e7ade03793aa8879b534f6ed0380c23d58d2c24cffb55a64798b070175bf
+** GENERATE (SECOND CALL):
+	V = 2a2ced5820be9e36752ee51211887ddce82a63d6b9a0e479b6d2fd978ea0db96b95994609a075249c4ac528a51ebfecf84d6acc1528a41
+	C = bc745f3ca61e6029c2f5954e3765f02bf98af1dc64756ac68942657b449df568be325ee811a173d78c5097abe04820b641f4ee0398f748
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 9d918de3530936dfc2e148e85cc92906eb6659484a2b6cd26d08293704aa7196
+Nonce = a26045960037e0436a666ed75a64fd18
+PersonalizationString = 
+** INSTANTIATE:
+	V = 58aeb68a8a3a248eca594841e2032fc4231fbdc4df997391e6460da590c6c2048a9cf0e02ea85899bcc53a64bf10f5e838cdd564a0edd7
+	C = b5c5ff3d39e7a8dec156a21fba6a607119a86777ce0894c4fc8e4552db1fded8c7c1469c398c8b2e6f74b0d2e1c1e8dd86ab87a35dc68a
+	reseed counter = 1
+EntropyInputReseed = 3df1449bb4fb73fb1c80715db48d0e421560e7467a348c4442737cca96c43837
+AdditionalInputReseed = 77ba6172706c6c5ef6726e2516ab98d66d963b4ca043f858b67977f24734176b
+** RESEED:
+	V = 0cef28ce14c576a31f0940257b46fc3240767b46b7398bcb9d0aa8fa1d6da5edbbc81171f54628395e8b490b1e99d1ab11b6ccba4f415d
+	C = 7cd3ffd6c7942f2cb6596a93555e5f7ef6de087f6d043df3b4675570b4e6e7f79fff7547a127cbcbbe68e6c08dd56824b2257d1954e076
+	reseed counter = 1
+AdditionalInput = 5ae32e80fc909238acc6d74b99966f38c3ca948de56de842b9cf68e0dfe82d97
+** GENERATE (FIRST CALL):
+	V = 89c328a4dc59a5cfd562aab8d0a55bb1375483c6243dcacfca0d68d92c95fedf80f9db2dd9c11b8a058db91beba4ec417cb87aa72f3c14
+	C = 7cd3ffd6c7942f2cb6596a93555e5f7ef6de087f6d043df3b4675570b4e6e7f79fff7547a127cbcbbe68e6c08dd56824b2257d1954e076
+	reseed counter = 2
+AdditionalInput = ff951304734609938e04b075b5d2b77605340e94f7ca182217b4441ddd6a083e
+ReturnedBits = 2194aad121a3ff443e58bef142f10536fd0042064051082b83239acef54e07ecbef89bbf014e80d025c3403e60d46e6148d92b2384b4c9004a2162821c150e0c005fe1f865a49869ecb3f68c6bf7f257d7c9dc152b2d6d0e8d0f56a2c396dce2a7d222cec149d0090483106491fe4dd9121a516d7c049a7129cebe156f0d880b
+** GENERATE (SECOND CALL):
+	V = 0697287ba3edd4fc8bbc154c2603bb302e328c4591420a155121ecd094c09c6a6288ce4eb71fcb0cc2c2e8ca6937b87889c821f7229374
+	C = 7cd3ffd6c7942f2cb6596a93555e5f7ef6de087f6d043df3b4675570b4e6e7f79fff7547a127cbcbbe68e6c08dd56824b2257d1954e076
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 235f349d7ba798e2ee590820660b858a71bd9c14443b95abf42a777b49353013
+Nonce = 00f8c934e3b52266af11554dfa880536
+PersonalizationString = 0cdb83a2da79774daa4d3f76e9045579ac65b424d89778e4a5512683276fabca
+** INSTANTIATE:
+	V = 46a667f3a0f0b0b7243982f864b0ed0161d8ffc3fec1f7f97d8bbd09564f97113100ddf0262b3f76b74b93c5cb85d2932ec4a286ee44b5
+	C = 351ff7f783a94e5805d0a4473bd114a5b5cb7738888b72ae78856609c3cd41755e5d5c8094a2444985f6fb3811cc3e996a12c5ca4a0bfe
+	reseed counter = 1
+EntropyInputReseed = 5a3918027f129629f42ad49fe7ba3763ed24265e8b4511eb2d709a10aa711da7
+AdditionalInputReseed = 
+** RESEED:
+	V = 3ef7a1ddef201c8614d2ec3e54c54891c3e5b19792d304abf40998dcbc7d059ce0daae91403b4d9843ad27be5e6a4d24bef29410e2986f
+	C = 0aceec0281a760a32fca03cfb124745908af0495682262f5cd978090b35c804ccd572171c735632912728b39bf9e6746eba3f7c944544d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 49c68de070c77d29449cf00e05e9bceacc94b62cfaf5688770c45c6f14f15b3b0c3c038bc192c13ddffb3c65555e71a0c9db4a0784aaa1
+	C = 0aceec0281a760a32fca03cfb124745908af0495682262f5cd978090b35c804ccd572171c735632912728b39bf9e6746eba3f7c944544d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6167f042fdc288f9ff23702fc4b9be2c9f997718775e02d954efd2dd24467f172701d47ca35b50951384df509085e76ac33f158fb1da0cdd916e7f92905631f1fab0e9441e4424ae498ef72cfba7855c8033fbddb8428d20e99d6bf6fc71d4990d3d8da855782c5d13c28daceb29175fbfd0c1d923f6b4d1fbea12d9a9f4901f
+** GENERATE (SECOND CALL):
+	V = 549579e2f26eddcc7466f3ddb70e3143d543bac26317cb8f1dafb1d23db8a4bdb73cb6a1cf246f0e36537a98c8e4f753ddfa292a770d0a
+	C = 0aceec0281a760a32fca03cfb124745908af0495682262f5cd978090b35c804ccd572171c735632912728b39bf9e6746eba3f7c944544d
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = d8ac43f5123d2d3981f8b6b823f197dc3020555b4f48439a1bb963a571345244
+Nonce = 979f83705db88bda087a9c9493a1b27f
+PersonalizationString = 075db0176b9408824cce3acdcdb1c65a4377945f5abefa1d698e0dd0e99ea25a
+** INSTANTIATE:
+	V = a61d0ab724e8eb333e26f7b6fb861f505b38031323033b62711c3ec8e622ffac2befa5701bd1775a44f60c3c399880340f20561a950a14
+	C = 4d0eb2a52a3184c45c0a08e60941217bd65093ab366ece1ea382eb079156d4f8f45093c328c8a50fe32a276ee611ed01bf3164c28d2c44
+	reseed counter = 1
+EntropyInputReseed = 3e7b78a7cd848199ea128d782992c54b9810bb243c92d23c5adbc00398108c62
+AdditionalInputReseed = 
+** RESEED:
+	V = b6a7233fedb92a1dd96c363b9aff9cc1023d73136bf9cd31821af48e96d89fd8436d64d871df40bbdfe7d497b2df0663377e1c9984d328
+	C = c17a9c2b4c35a8fd51e93744a6b0c40ea1c59a6b1076751254f9d96c135c3010fa1628d0190fcfd9036a150d0b3743cd173b864ea98ad1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7821bf6b39eed31b2b556d8041b060cfa4030d7e7c70427f3cff94300dfdc2dfa4412091fba2200791e91abce9b14ab468381180607641
+	C = c17a9c2b4c35a8fd51e93744a6b0c40ea1c59a6b1076751254f9d96c135c3010fa1628d0190fcfd9036a150d0b3743cd173b864ea98ad1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5005a71a686614ab011007a93afd1cc3188d2a0e9a005a353cdd21356effc792d5d5d95f6431241e75936993b7fdd873f31e90695681e929d7d5a97b500d64679738f65d4da0d0eaee86cbe286740fae671301d9cdd5795e0ff709c4da46fec7511a9ea67022dc2156db32b0e2681c44b191f227bce3a0c568892b53d02952c5
+** GENERATE (SECOND CALL):
+	V = 399c5b9686247c187d3ea4c4e86124de45c8a7e98ce6b819d744eff87ce94c002de9ca3c9e267c46ce2015f0b8337d3e44852c486be59a
+	C = c17a9c2b4c35a8fd51e93744a6b0c40ea1c59a6b1076751254f9d96c135c3010fa1628d0190fcfd9036a150d0b3743cd173b864ea98ad1
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 2998dc4136c9b6f1042feea93b86779637647eaeb66c575dbc1a893a12f31a34
+Nonce = ca9c8b7140fa53baceaa8d1d6ca899f3
+PersonalizationString = 04de8648a582d4c980d3ede3352b66d291fb84e6e7d690192555057bf771375b
+** INSTANTIATE:
+	V = 963de4cee13904421db9be82455b9ba7a1efd5b0d3e5f5191bbfb13b5e871dc9372833142d124c9e56c95f398888c4f30f8baff7f9a224
+	C = b70443450a684c449d3ecdec7676710a9a0f1066c7f6c084137a4c5a8265c226962e1b2bbfc79375c9233385a695fe46414a58e5654e2b
+	reseed counter = 1
+EntropyInputReseed = d9912dff1c342998395c8388884bf0cdc9f27f06855fe55d35ced3d2e6d684ca
+AdditionalInputReseed = 
+** RESEED:
+	V = ffc6f827b948372dd4881dd1643986117fc44fed66b01b5d6895cc583a2c8b4da513ffbcece8f9f5b27ace3eb734c3fa281144789b6098
+	C = a60d8a1611ccdcc54c3d20c05559c2ed4606f81b44a53db536608e1c1cc71ebc576738e11e38b7a9a1e8f07419c7fbd5d44917c1fae45e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a5d4823dcb1513f320c53e91b99348fec5cb4808ab555961db3b5f49a36ecd7bef569e4f01d0f0ba56b9bdf06032b5edb79e974b9a0aca
+	C = a60d8a1611ccdcc54c3d20c05559c2ed4606f81b44a53db536608e1c1cc71ebc576738e11e38b7a9a1e8f07419c7fbd5d44917c1fae45e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 8c34d465fb130d4a7dc7bd4db928328b37667860dafbb0cb712462a6fb42f7b2d47a1f6fd0f9946653d150eb4d1e098e4eb2871c8b6116794873c126f5659588bfcdf8873779401446d80b1fd820c714ee9d4f853bb63a5f41dc151ac421a57d6e100618cbbbdd04a89992634194817a00c3c0ea244bfda2b3a87978448b9cfe
+** GENERATE (SECOND CALL):
+	V = 4be20c53dce1f0b86d025f520eed0bec0bd24023effa978f057df763fd13e4d12d44c20f3faf6f57391317c557ad6dbb32ae852d732515
+	C = a60d8a1611ccdcc54c3d20c05559c2ed4606f81b44a53db536608e1c1cc71ebc576738e11e38b7a9a1e8f07419c7fbd5d44917c1fae45e
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 1641e3fd901c5da915214c51e4bb85828b65e0a10c2d5c6b5ad5c618f87acdf2
+Nonce = 9ccbf89695673ac2da43624a7e88a4a7
+PersonalizationString = 2b17b60b0280642fdd773a99dad3b786e763f64958c6142260f70b2e3b7994d5
+** INSTANTIATE:
+	V = 719a48173f89836b44623c4811d927d3a981168f76a3f2c952bf79bf23755fa0b9ef5f3a5541c65ce414ef8719e8393055b4a4fb4b67c1
+	C = a07eb04bb45db954346005e6c966038d2c05daa743d9236a1b3d5338f16c50aa8752fbc8c681e47ea1a8fb0ba1120aabb5ffcd66f05a83
+	reseed counter = 1
+EntropyInputReseed = 9593b59e31ee77f787b0da7ffb48612dfa3006811740c139be7e82f1414d5241
+AdditionalInputReseed = 
+** RESEED:
+	V = 0710cf503ed7219aae59a3a32efbc44281ca7e7d1d91d55e705ab882eeaef8244b10cff30906b2f36b92621ee0c0661a6695bf704fa5ee
+	C = 0d1155ae5ed6addc279230cd39ba052855cd355fd59a3c9c9176e5bdd46b6348e697fafe329b3e2c83f490dd29cf99a9f177f0c1e367e6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 142224fe9dadcf76d5ebd47068b5c96ad797b3dcf32c120f58d3cd76c85b8c6409a5979e0550f0d72e20bd35ecb64dc0d7596229fce967
+	C = 0d1155ae5ed6addc279230cd39ba052855cd355fd59a3c9c9176e5bdd46b6348e697fafe329b3e2c83f490dd29cf99a9f177f0c1e367e6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 832b9524e1eea8341c4cb95fecd268a758a89d1fdd4921d892a2b3511bdac8a1399ab181c0a7b2c6d17ba00d6ef526f45eb11d5d3b7f4ff308f4a9273c30993f3fff8e4fc5bccc6ff569843280941061d38ca65980ae2313fb945c0f23d74e2858d984fb8cc8c335c3e294d9c2e98a8967aab616a773f3466535a2853ef4afe7
+** GENERATE (SECOND CALL):
+	V = 21337aacfc847d52fd7e053da26fce932d64e93cc8c64f08e0c18fc44e24c8c8f293dfb4a46d5b754d9e91ed39a755802631ab522ae7e1
+	C = 0d1155ae5ed6addc279230cd39ba052855cd355fd59a3c9c9176e5bdd46b6348e697fafe329b3e2c83f490dd29cf99a9f177f0c1e367e6
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = ae3552e0a8fd07fcd89086abbb92295fc922b7f36467c086ce3ae490c54ab3a4
+Nonce = d75ac30f239db2f0319df6c7ade7c4f2
+PersonalizationString = ab0c66e445d080d94138cd32e78467a85197d84f0914b36368d5f57a9e2ed88e
+** INSTANTIATE:
+	V = 35c45a46b91d3e44d15de3be83768d097b1413284c9bd404a9e4a14e89ccff4a2ae5dd473bd9e89525b721758758c7cfe34dfcb72c2650
+	C = 8d98d2c67040e8b7e144bdf7da7319e6db0fd988914fd3c4c2cf134fda67bd4016d4bba25a5b212f239f80ae53a46b297da3aaec68d30d
+	reseed counter = 1
+EntropyInputReseed = abb013ab7e8a27efec6588bcb714cd4da8e765542cb0add650062a0f46c3daae
+AdditionalInputReseed = 
+** RESEED:
+	V = 2072f26294cb4aebb4461725cfa652c8ef6f94fa94b3903f9d2d515e66f273a44aee40c7541b38d5e90edff51cc8c900d17bfaabee83ab
+	C = 56a138e891442c202e4ef41e854b3b9cca8033171b5787c26e44554f459c5a0718fabe9c2d3125c19722818540404e58d2fd4f49bd682b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 77142b4b260f770be2950b4454f18e65b9efc811b00b18d53bfec2362c991ee6e137136792135d91efb94e598cf187823159866c15e374
+	C = 56a138e891442c202e4ef41e854b3b9cca8033171b5787c26e44554f459c5a0718fabe9c2d3125c19722818540404e58d2fd4f49bd682b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2be58b327bd7b1a25752fbabb33e78144a966c60baafe4e29b492c1c673454f8ab3d58cb049003a2ce25952823e151caa49ecccafa8a26591e6bcf0858e1517a5d95b8f21aa73aff96d5d0bbdee855477009f0a918f5aca72651f000eb3fea2e4fcce0380b9148454463fdba0312c9f559aa27e90a75c62946126716758a080c
+** GENERATE (SECOND CALL):
+	V = cdb56433b753a32c10e3ff62da3cca02846ffb28cb62a127de97e51eb15fedb694441c73d8923af8370a678d7da7fc4e7c425e082e65c5
+	C = 56a138e891442c202e4ef41e854b3b9cca8033171b5787c26e44554f459c5a0718fabe9c2d3125c19722818540404e58d2fd4f49bd682b
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 43108503f4326b07c72ff7cb4d8ecac8e03e28060689760771b0a803e66d9520
+Nonce = bffe6671c68b5a9d3328cc0467040ca4
+PersonalizationString = 072e86a99cf8a84e68d6acfbeedbf222d7b8111a5ba16471f33d54ea4386c3dc
+** INSTANTIATE:
+	V = bd46498e0349bac18973291431c30b7c573e1f17587806215447d4a01ef9ae8a33b4fafc40c67a31a7d572d3770c6c4271ba815d1f36e0
+	C = cb59d74bffa6f65cc0daa3bc3a84b7456d41e780abec03e581f34359f0f4fc48a1e0d22c8027d6185bd5889371567869dce3168578b25c
+	reseed counter = 1
+EntropyInputReseed = bbc82efa21dfc6f0577ce06aa20313078212fa6e7d65b25f7779722f16734d27
+AdditionalInputReseed = 
+** RESEED:
+	V = c2ef398990f01dfe9d26de6c0ff3520d0c1a572d728ee4b2547b1af94138bc22ab381313c46dad754880ee4867def34f573cd6c061a2ed
+	C = a4b1005805fb9a500c21c8fe95a46ca8b1ab92f16e325a8bb3390c4c73401b62511b357c63ee5c7b5c0454989d87df62030547aeea0ab6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 67a039e196ebb84ea948a76aa597beb5bdc5ea1ee0c13fde78659f42b8e192333c17d1748d132c5b1fefb7e03746b81915c301bb0b589b
+	C = a4b1005805fb9a500c21c8fe95a46ca8b1ab92f16e325a8bb3390c4c73401b62511b357c63ee5c7b5c0454989d87df62030547aeea0ab6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b884849ccae8c40898ca31979c14b5488a4ba2855e26d81626c4704859f8b4ee0722489119c8abd2d7f75bf88db74221b754d3ac6d18edd108e0627d8bdfd0e83c54c174c4df28d0b0fd82bac66b127ebe3724de74c70ba1813faee3610266fe69cb9d4c29920a55d19cc9d6b60f2120b97ff47d84f090ec56cd1f189ebde3c7
+** GENERATE (SECOND CALL):
+	V = 0c513a399ce7529eb56a70693b3c2b5e6f717d104ef39aeac3f761369d1f7c2fa170b87db4fa60ee44159fdc25141c50e02a8ffcffdf50
+	C = a4b1005805fb9a500c21c8fe95a46ca8b1ab92f16e325a8bb3390c4c73401b62511b357c63ee5c7b5c0454989d87df62030547aeea0ab6
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 65f84a74fb3b242013c3ba505882095acc2ab3e8f7fd5822e24668adef87075b
+Nonce = c1b3949610c0f83785de7cc53c6ae552
+PersonalizationString = 03efd8de317c8e5087567e3f52117f0c31f49c4d88d6aa67624a28a8ba7c33f9
+** INSTANTIATE:
+	V = d42f5821c8085c5a12c82c970390446e4b418531de678a59f462ea1f5531406ebcbee5e2afd3505c011a5680086f0b48b9dc393ad85e87
+	C = fb901c98e148f6c380037ddad1d610255cb42e678e17042848abd276f7722eb4eb38c08a63bd3ac345b2e82089d5380b60d1e928e48b8e
+	reseed counter = 1
+EntropyInputReseed = 569c911fcb31e722b60866fb5a5e7311ea0afc4d2b246c34558e8e6c42dff154
+AdditionalInputReseed = 
+** RESEED:
+	V = 6cf1a1be0b3ca91aa084cba88bf63c46917117aa9ea602af2c41e7c55e9d4abf7463819a768dc0cf9de254edb2aaf2ff87b3540404b02c
+	C = eb4ca9a7519c6e39233ba60ea32a49d57201af094dccd124408294ac69249548382eb7e3b5eeea728a5712a1510b210a13b0f2757dfcb6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 583e4b655cd91753c3c071b72f20861c0372c6b3ec72d4875a9031954ebddcb95750f9b1adedcadbe8dd36983cfc15b8b84f7dcde62f67
+	C = eb4ca9a7519c6e39233ba60ea32a49d57201af094dccd124408294ac69249548382eb7e3b5eeea728a5712a1510b210a13b0f2757dfcb6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 087cce258bebf999a65feda5a3cc67af9b6370cdf17ac9bbc622a840f2983811e534788d0487f5765a2d04cfa74d70efae81b1afb46bc388e8ab7de1881072e82a71c0e46e0990fe1d9f32eb7ee94ce9075105ae228625682970659b10f38231bbb43d06f739e8e72ab1cc54c2e4c3cccc973932493812a65ec777974ec4a26c
+** GENERATE (SECOND CALL):
+	V = 438af50cae75858ce6fc17c5d24acff1757475bd3a3fa692812c9b07c0b0bc47b9bede98e509d73cac17a0853ba97475019b87c82fbd47
+	C = eb4ca9a7519c6e39233ba60ea32a49d57201af094dccd124408294ac69249548382eb7e3b5eeea728a5712a1510b210a13b0f2757dfcb6
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = d15352d0ba48860ebb160f11b76a195e1b73233bd1baff1ab90692cc53ffab5e
+Nonce = 26672535defdd049e38e4bb4d5d1a3d1
+PersonalizationString = 37c2bc099ba9278b80f55587701ac84502965075de57c9b0ca1611f9da606734
+** INSTANTIATE:
+	V = eedc199182be663c46ea091ece6c2aaaf2df0483a8fd7df63bc7cff15924b773cea754aa5ad6d77781b07c09daa9ada08325ebd288a422
+	C = 890330bd7c0efb3025179fee7d2344a1f6ad57b185203490eab8718563ae44afba9bc5e5939fec280af6083d6eea326fb0fdb4205737d6
+	reseed counter = 1
+EntropyInputReseed = 3dbd380ad972ad323120baeb55715b10f9d8e1efb1468ca0ff39aaedc1d8c0cc
+AdditionalInputReseed = 
+** RESEED:
+	V = ade00869de6f4ed9398c30ed2d21f17ea6dac4773a84d0948a6a72ca982f2b55d906c840d1043369017ca86df914c71c4005b56a7047e9
+	C = c4b871098beb7676705233bb2e0440f0e9c048a5c9bb85541dbeec0cbfa0420a4ac5184c6c153e369c4c0e2d102412cfb3ac38d7095af3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 729879736a5ac54fa9de64a85b26326f909b0d1d044056ad96cfcce40ca17f778a8dba5960973a3b74efc2eaaa77180f11e49774137692
+	C = c4b871098beb7676705233bb2e0440f0e9c048a5c9bb85541dbeec0cbfa0420a4ac5184c6c153e369c4c0e2d102412cfb3ac38d7095af3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9d0b49d64334c990952f0907fc4ffd61082b89e06f4c24252339bcc47233971e7a2aa49194af18a989031b5bc87ec89ebea27b24ac600dd60ee5cc37ff0ef1bd8d32b0c27d78081664850104cc5df8624617a943b5350c7d99cce674113d9954ffa05b6312f6775bd9db27e4ccf0b20e4bd113ea77b54c1c6f240ab21d03cb0a
+** GENERATE (SECOND CALL):
+	V = 3750ea7cf6463bc61a309863892a73607a5b55c2cdfbdc6bc451960a1e320b10d818f00c7395762ba48f38f06c6a3ff961fe10cbbc9123
+	C = c4b871098beb7676705233bb2e0440f0e9c048a5c9bb85541dbeec0cbfa0420a4ac5184c6c153e369c4c0e2d102412cfb3ac38d7095af3
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 646166b9463a1b36381ddda57576b6db8ea9db4f2692562b99a8dbf3535f5f12
+Nonce = 62a64f28943a5b200b93be1f46923cca
+PersonalizationString = b5f64f4a6d63a4f59b1934b717c2485982f7a1c429af6f474f8179a2f37789db
+** INSTANTIATE:
+	V = 6345e81e251616a7ef057b74af1f96866f763188dabdf5f640f49a1545b380831eb06334f0c49d9ba620c2ad89519f1a6522f7dfd1d7c4
+	C = 3878cc43276700fb24466e25acd6c4988879e0da175d100cc5f574c9690cce33d79d75a405949a6c12cf1c89eee4a24b7150337196e93b
+	reseed counter = 1
+EntropyInputReseed = edeb6f747546c9a390adc6d7ab795ba7409d83b5a0fc39ca130b068c457bdebc
+AdditionalInputReseed = 
+** RESEED:
+	V = 52a17352362e6a63b9149aec4ec105e50b0e9a1f7a6e7a8e979a5bd8610eb2f78d50b2bbe16c26c5ba3abd258408e1b31f24af2e7569d3
+	C = 4393d557ba01c41e2b9bc43b56b287adcd4ca8820e9258d3455851bd4ef64cd6477da0d44156b144bb2d5db3712df226d7c2f8751cc6e8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 963548a9f0302e81e4b05f27a5738d92d85b42a18900d3ee8c58f704a9abb3b1b17f4c1fc7097f3b2e495438a30220e11eb57e7f34579a
+	C = 4393d557ba01c41e2b9bc43b56b287adcd4ca8820e9258d3455851bd4ef64cd6477da0d44156b144bb2d5db3712df226d7c2f8751cc6e8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7e49aa688a2b8386540dc03e5f094c552430e0397f3662e8f7fa450395cb391e5a76d00255fa0c4ec99b2f7bfd9428a68950dfb9fc4e22a5972b0edbaabc1bed54645b95480314d65dafa3793eb692fcd412cf5b3363c63178db6f53d45091b24e6426ba551660278354b674d00a061cfae0e7f4e304e0a8ce97d347ac134ad0
+** GENERATE (SECOND CALL):
+	V = d9c91e01aa31f2a0104c2362fc261540a5a7eb2397932d39271171358f8db3242ee453786fc37604e963c436fac55d81fa95aaca8261ce
+	C = 4393d557ba01c41e2b9bc43b56b287adcd4ca8820e9258d3455851bd4ef64cd6477da0d44156b144bb2d5db3712df226d7c2f8751cc6e8
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = dbb67a65a60809fb3db077ac4424ab83dc9998db4a49de5ade94327c931379e7
+Nonce = beafc76ffa265e0e56f7a7bcc9e8e213
+PersonalizationString = 62eba2c67d3f8183c783abfb91f862674a2ecc5b1220d140edfc65ccce4afbfd
+** INSTANTIATE:
+	V = 1307fd88c8bd7ddd4d4699eb3ffae54aa4955862cf71438c76be98ce459f2a8c605465acc0a3d0b4ebcc2b77a21ac6c7cae964aa36b25a
+	C = 5e79a2c970c2c9d45b302eeb5bc001b8379339874b09d104ab606b231a0a82efebe71df1908707278358dd05f0198bf19dc47d88756230
+	reseed counter = 1
+EntropyInputReseed = 7d8a4f831abb82fed746b375087b0a94ff210e8f9a5686280c9146415eaf3b7e
+AdditionalInputReseed = 
+** RESEED:
+	V = f99e49c593100a69b846f426b884805c1ebe3fda0679378961b6d7fd12c700017da4b10ed86ba47df1f265824f19d023c28d54cb7ef57c
+	C = 0aa7545a4c1dda9be441a879f1b5f99c4869747953aae5e3de8ce19d37b017d9b60b7ee9033f00d5f96cd16c1b7b772d061125a22c0aa3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 04459e1fdf2de5059c889ca0aa3a79f86727b4535a241de71ac8fa6364f3be341e7a3c9ec76a8d7227c5e81ba6607691ae882945169220
+	C = 0aa7545a4c1dda9be441a879f1b5f99c4869747953aae5e3de8ce19d37b017d9b60b7ee9033f00d5f96cd16c1b7b772d061125a22c0aa3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 39e6eb5999fecb56694feb507f4c51cf96e0619b320314fe44b236bd1d66083a1751dca09aa60f9ba45cf1143f068c7b61ffaef455820e7f980e09507fd63cf0aca28cc5d6e7a96394c7110a0973c0b4364dc64a872d6365ba0545f854c83c014ce84e86d9b9508090f3ea519b9253ec2afc8e9fc3e28120fa658ee139d9c79d
+** GENERATE (SECOND CALL):
+	V = 0eecf27a2b4bbfa180ca451a9bf07394af9128ccadcf03ea192e751018978e93c801f57f38d661477949e8a3e42f1f16caa90c9282acef
+	C = 0aa7545a4c1dda9be441a879f1b5f99c4869747953aae5e3de8ce19d37b017d9b60b7ee9033f00d5f96cd16c1b7b772d061125a22c0aa3
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 3f78ce0552bd65bf20b6279aa8c75fecbe894e5b55d1f60b1b3d19210bef8fd4
+Nonce = db2079fc9af91f4c7a4f3b58f0e77d2e
+PersonalizationString = ba4ae607af0b8546e6036e3edeb26a220c65e677a469ecd3e2d6ca57b9520fae
+** INSTANTIATE:
+	V = c841d8953ae41b6bfb5541291271ac3b45f7930c5eb65d45b91aa5873d92668eb85a049aea84961e295a25e7484d90c79e45988dfb5ced
+	C = 10609380ed516ddb9f066d5353d033bb5151e53df43e48054313c466c94c7f69c029e1277511212f01c366d8c2419469b8d2daca31e8ef
+	reseed counter = 1
+EntropyInputReseed = a8ceac04932448d756d3eb3ee7afacf62df2ad2c5b8cda4985ed48e02a4c34ef
+AdditionalInputReseed = 
+** RESEED:
+	V = b4f34ae6ff0a4373543fdbc00801406717fa73c73f9196728cc4947553f378160877f168e2797488e123b82f562ec9caf70c6a62a92a87
+	C = ba10b19d3ecc9773c9950fa7e49d0caf1a5b0a9485fbd763e9dfdd7055137ed67663641fe4c442b2563f4cff62390a9dc5412bbb1f8371
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6f03fc843dd6dae71dd4eb67ec9e4d1632557e5bc58d6dee29306808550999242d7c25379a64ebbe85f12ca42e80b05ad51f206bbdf67d
+	C = ba10b19d3ecc9773c9950fa7e49d0caf1a5b0a9485fbd763e9dfdd7055137ed67663641fe4c442b2563f4cff62390a9dc5412bbb1f8371
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6d472824f4bf4f3f821b6468671e83478b3a9f8eacb9c797d0ce5306c5509ff6b504b9c8e58e1055a67e0558e97371ed1addb04274298f7be91f7e9f416800f4ed280eeeb8b33d794d80c8dcc2034613f64cb652e368d5fad8b7bce438e7fa91d07eaa2f0dbf1967c878fc28c2782aee0cd5b6a4941f06ea6c7aa6c5dce70b96
+** GENERATE (SECOND CALL):
+	V = 2914ae217ca3725ae769fb0fd13b59c54cb088f04b894589aa4ef7cd08dae3cfefba6c963472be8940fef651b2b824a072aa67d89d0d03
+	C = ba10b19d3ecc9773c9950fa7e49d0caf1a5b0a9485fbd763e9dfdd7055137ed67663641fe4c442b2563f4cff62390a9dc5412bbb1f8371
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 2d8c209b15f1b6c009785fcebd396135f69b416a66292815ad250d06df3687c1
+Nonce = 6f56d361478d54fe8f2621e99e806a94
+PersonalizationString = 8d822e5d814031e3d41425b15691a272167d1edca3efcfc4b2e56394a172beb6
+** INSTANTIATE:
+	V = b0a777c7465362014271275b1fed3423e90e85c2b448adb99f16dd180a78af34b4f91a6f12330469fd7a833c89ea94e1cacbe73556306c
+	C = c3fcf55e63f298ac87f29f84ccbbbb0547cf84bda15b1a7737ab343cbc68caa967807a4769b5801658d2aff297a0fe214e9397324c661a
+	reseed counter = 1
+EntropyInputReseed = 13eb16a203d7a69b28f8accc40bacab38368694d0366672703e7f219f6b314a0
+AdditionalInputReseed = 
+** RESEED:
+	V = 1ea7bb27654b65c030449fb092b9b311d81ea5fbb34bee06f115a466f9dc6f41157f4e07a8a8fa4e8e5a0187b3e330658d1fb414b61f42
+	C = 2ccb6449bcf91fd1c883ef12ee56b6e1442ed4ac49763fb1ad25d17a208a02c28254c53297a8f5fea5996bb00b74f9ce6039c7219af5a1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4b731f7122448591f8c88ec3811069f31c4d7aa7fcc22dee2e3a4d3167d85ae2fdea581bb29d68d3880ab9bce163febef347dee6e7bc32
+	C = 2ccb6449bcf91fd1c883ef12ee56b6e1442ed4ac49763fb1ad25d17a208a02c28254c53297a8f5fea5996bb00b74f9ce6039c7219af5a1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0ea48915496eab416f6420344436abc9ec563735911ec438ea94347e8cfd8c618420a8e631da1be630554e6f2b24da4c7fd22d68a3bf6358b895698ee7e320a81ec9a6f684c7071a2f0e8c268b6a91d148593e5c847a5f92dbfe32e1cfa4f0c689dacf3ba1caacf4f1836954c835d5add7dc56a75f63a8185ab5a156b4f9c97e
+** GENERATE (SECOND CALL):
+	V = 783e83badf3da563c14c7dd66f6720d4607c4f5446386defb10d48cd8f203d20a505af43fec2ffaaaaa0d43c360fa6fa8b98c27d08ef78
+	C = 2ccb6449bcf91fd1c883ef12ee56b6e1442ed4ac49763fb1ad25d17a208a02c28254c53297a8f5fea5996bb00b74f9ce6039c7219af5a1
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = a08d760e3ae1f3e648ebc82e5793ed507bdf291ffb3ba9de7916bf37aefdbc14
+Nonce = 102a305bb49c1e045b0028257b4a6eba
+PersonalizationString = 821e85fe3efd9aeb4040cae09dbe7b3baa6fd4189b9601ecedc5457453658980
+** INSTANTIATE:
+	V = e629efebc005cea78db4a6b6e1cccdc7f8052a26a77b8ca2f321fd8b8b503fbf9db6bc7043b48b9b71bc2cee383ca35f288c9c31ac7bfd
+	C = 1c7f4b819546bd1017fd3f0e8f98187ef56ccbb3b59ea9125735b514f61271f127a7ef3cc96d7cf12d9b248408325b0e5ba4e73ed740ac
+	reseed counter = 1
+EntropyInputReseed = 7538cf5c8e2728cdb4ccb88852298dddd9e9b39b7e12d7f8e2c3201ab54e4b99
+AdditionalInputReseed = 
+** RESEED:
+	V = ac1c5dc85f6dbe016e138583823431bb5491c697277517f96d283d7f344c4b0e650a3b2e2d8e5b3d2f492b327a128f231b91fa3df1eae2
+	C = c23375a1378eab25fef17d2d6de16d5e254f9f682214fa1c48a83eae221c15f7e38331ebe306a0a23d2e919b5fcf866457c2ceedabf000
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6e4fd36996fc69276d0502b0f0159f1979e165ff498a12f0ebe227ce28490d81b0c8f2b724247c80af30f613d5cf9fc0399e048f3591c4
+	C = c23375a1378eab25fef17d2d6de16d5e254f9f682214fa1c48a83eae221c15f7e38331ebe306a0a23d2e919b5fcf866457c2ceedabf000
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 77dc50cc3bc28bddce3a2a5995d32323a71ca65a66450d5f5f22f02289a1ed9b9018c009cdd4fe9b98a0eef6d702670e6c113389f180b23dfc96a891c16facf3b2c7f6d8a5ab4c74d67024b8aba7d4bb913249e94b0e60c5127bbdd307fa28d362d6330c7838e50c29cbf93b10afddd389d8090b0b9a1a8eff30e5b0d0c99236
+** GENERATE (SECOND CALL):
+	V = 3083490ace8b144d6bf67fde5df70c779f3105676b9f0e04b8d3ae24a21816d643f556890639375b2265a862b801a838d3cb0aaa6e9c35
+	C = c23375a1378eab25fef17d2d6de16d5e254f9f682214fa1c48a83eae221c15f7e38331ebe306a0a23d2e919b5fcf866457c2ceedabf000
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = f11c97d0d343b928180a32d61f852c08d6ee44710e771750803b83dee22a2a0e
+Nonce = 2f7e26af2ed056e5c8b507a32204e662
+PersonalizationString = 8a60002a9b21bcb2e544206bdea00692def5b47062510f10b56e5a972cce18db
+** INSTANTIATE:
+	V = 5b49fc5fb84b59f7d4493aa2ce66c9cb71fea774531395904527e2a5d73abd848212ffe9f6e053b43a6cae4002cf0acf2e6ff03bdb4797
+	C = c3984151681e99120f6fb340a9780af110b1aed354d8a5e015f78473e4b3cb5802f4262b9ce981d465e77e586f040e530d6f5f982fdf50
+	reseed counter = 1
+EntropyInputReseed = cdca33cf750fc134ae4a4b6d2e45bbcac7a4e66380c02954645fc8fca6a85b4b
+AdditionalInputReseed = 
+** RESEED:
+	V = 9dd41794db2ecdc974e3234f1e2e8eb7f462d8f075be4bc4ea0b753b0573b8584fed75cbcc47359c9e9cb992d12c9fd465d29ccfada4c1
+	C = e630da4c11d8c61698d93b5f75934b77fb5b763d17b444c455d704cd1555908555f12586dd6a618dc5056cbf5ea13de1ff9edf700a9a50
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 8404f1e0ed0793e00dbc5eae93c1da2fefbe4f2d8d7290986feaee0626823f65cd78422b242107e4db7b92e6b8dcdf3cad069dcff72aec
+	C = e630da4c11d8c61698d93b5f75934b77fb5b763d17b444c455d704cd1555908555f12586dd6a618dc5056cbf5ea13de1ff9edf700a9a50
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 85bc17acb984ed2f47d424e07a9251d519cf5c58fce0671df3a3e160c58b0b9dadf30d581097cea51a46c56494627d9fbf97dac5a38e5f5e7a794be4756e014619cae0ffd95db0acc13293a46bc5b8194b88d8734fbea9fc3f1dac4d714cdfcbe8c28bf6361f832fa594e7752853bd718d0135ae0a79ef55410f90909e67d04d
+** GENERATE (SECOND CALL):
+	V = 6a35cc2cfee059f6a6959a0e095525a7eb19c56aa526d5ffbc0bbf29fb2e5a615bf326958932dcbcdfd0e1a3827a918564866f4958236f
+	C = e630da4c11d8c61698d93b5f75934b77fb5b763d17b444c455d704cd1555908555f12586dd6a618dc5056cbf5ea13de1ff9edf700a9a50
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 355be61c368eeb9fa3f761826ce1ca932cab4128b999491162e8aeb47d7379ae
+Nonce = f5c08a86b15bc9f5f9d5792f51ed69ae
+PersonalizationString = ac3515544638a3fbbf5e4a534df581fa57a85a3be680f7e1197993e018c7f6cb
+** INSTANTIATE:
+	V = 1bfae7d77177a2d17729aef687c7648fe08a6ee806f2f0ba6fbdca8dba6b6eca0486ecbbc11e53207b8767eb505a83481df677a30b54d1
+	C = 5f183915a1d3412b2a09e0dcb9c2a6c0c09e0f2f9aca511e44366a6c9cd603b6c896a998ab4f9a6571ee447d85f180e941840947cc095a
+	reseed counter = 1
+EntropyInputReseed = c791826ac17d695c46038a1fa4c3370d645efa8f70e84076783b53b5d2266e9a
+AdditionalInputReseed = 
+** RESEED:
+	V = 123589cfd029d50beb698cb2f5b0b199786673cb07a35155d0c0042973be607cd38eab31d06e5a9839abc34a3d345ec8bb030e88df211e
+	C = 2f1f2e3a0a5aca0f08f42c510fb8872766b5b62af46d800ba1dbae7ae73139bfa3b08e669569b73cff96c33ebb906075de21b2d70d7677
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4154b809da849f1af45db904056938c0df1c29f5fc10d1add3f7515a26a226f06e22a904977db30732468bcc88887517aba88e92cde99a
+	C = 2f1f2e3a0a5aca0f08f42c510fb8872766b5b62af46d800ba1dbae7ae73139bfa3b08e669569b73cff96c33ebb906075de21b2d70d7677
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 04bafe6b991a93fc2560642c8c424a535d88b79a75410a0422c0f78ebb1b5e4a2e5dcda8494c2d13933f3d5c1130bb8fabe8cc5bda45e877d15618173afb79cd6b5e7dc2c65ad53eb0098942ac866721eb86c6b049fdbd22bef22a42f7c8b398a88e3cfc8eb498b5ab197762b46721e20fd781aefe4e395e701b2e2b80fde359
+** GENERATE (SECOND CALL):
+	V = 7073e643e4df6929fd51e5551521bfe845d1e020f07e529fb7970ddc758b3c094015e703588929b78a4a3bc2041603bcaf0a22ad438cb2
+	C = 2f1f2e3a0a5aca0f08f42c510fb8872766b5b62af46d800ba1dbae7ae73139bfa3b08e669569b73cff96c33ebb906075de21b2d70d7677
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = ec3eed72d3e5b6920bd678b579bc9e4275646cfc205bec25ed406b321345f205
+Nonce = 73c83711e56fdbe024e2dd66e10c240a
+PersonalizationString = e76d33d663ead0f2ebb39735590cf1783bd0152f7379a432f8de9cd4e77f59de
+** INSTANTIATE:
+	V = 4dd9995ce341e04b8fc38b4f6d28b1cc6cf893e2ec2be77f774858290e147a060128f075dfd80e258b8bde6fad163fb3b0a0553779790e
+	C = 3690626ee7a73f4e6b59e49a8c3761f0de3dbf208a0c073c662f68995ae70f253245af8233d49decd9138e3a3a8b20739ba4a4066e5155
+	reseed counter = 1
+EntropyInputReseed = dfd785c503e1b54e9befbfebc107f13c9ed408d5dae13adfdcb87fe8c5404437
+AdditionalInputReseed = 80c8b783ded40f4e6d0fd28bedd1272700513213f27cff80a3c3399c38b6887a
+** RESEED:
+	V = f53d73fd650eb898c86b79448b51a2c2e2fc3ba34e2809d07d1630f9650026c63df0dbbacaeac03d92e85d68d9ae40ec3681227f3783b1
+	C = fefbf9921411a6195e4c3bcb16eba9cb562d75fbc6111fa4030e254e3e23aac2feb13fe704dc31e551a2a86a9d7a5ae580cb9f717a0f41
+	reseed counter = 1
+AdditionalInput = 51264a43cf673e634fbe0ba5ef2e92510a6f72341c64204fbca9fb1d814f1bb5
+** GENERATE (FIRST CALL):
+	V = f4396d8f79205eb226b7b50fa23d4c8e3929b19f14392a519f7e7d7b76947168fb9b1b40730cb0077e403ff445826ee02c38dd94047ae1
+	C = fefbf9921411a6195e4c3bcb16eba9cb562d75fbc6111fa4030e254e3e23aac2feb13fe704dc31e551a2a86a9d7a5ae580cb9f717a0f41
+	reseed counter = 2
+AdditionalInput = ed5fe0f2d9b39f677adc45e2df2fb8ed7ef0908c1587a6e358ed20be9b5653a1
+ReturnedBits = 4c2cc343798bce0e9aa0bd0480e302b204f631cc312884cc0323f13499f3e91109a576918bdc6baef708de98369961f06c007f3ee1beffaf80a9a757462189e12cee45d2c9a1bf5437d8313dedce437fdf5151e1ab89d570b39cb259f0b1a55777fcef9fc7d5113bd9aadfb8c1c61d1f3d6c6b9173447a3dd1c5ebf62f6a8e68
+** GENERATE (SECOND CALL):
+	V = f33567218d3204cb8503f0dab928f6598f57279ada4a4ae10195e1e19dc29b4e243f365636d7dcf19a005b4cc1077b1e6b6855a5eab598
+	C = fefbf9921411a6195e4c3bcb16eba9cb562d75fbc6111fa4030e254e3e23aac2feb13fe704dc31e551a2a86a9d7a5ae580cb9f717a0f41
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = b0aec44ad54afe87f2d815b603a13627e571045ab69d9c39973395bced1ca770
+Nonce = 30075c874fae44e3e293056a8727d920
+PersonalizationString = dcffea5ab0e0da14cfa5bc5c7e2fac23fd726a20ff8ec90962662ea52840fcc6
+** INSTANTIATE:
+	V = 42fc58853ecaae3ca2f2e7bb56a01b5b781df4c32d03a85fc7db7a23606736bdaac882bbba5c4c3522e3114eb4ef21c51b0f2f18dab945
+	C = ae8e92cceb51c872980d1bd4cfe2f993ff6e8421968fe7654528574405091d6dd1f1d2588800b4145016896ee57dcbd6ea197ac06fe5d2
+	reseed counter = 1
+EntropyInputReseed = f958f779f51a1515d47a6b3479c8cea18f6dff93812b18f0fe4c612d2c9b2ddf
+AdditionalInputReseed = 2282fb1753111e118fe5711ed4a34fb12a07dc53294ea94f34c6250a04a979d0
+** RESEED:
+	V = 21e82c82b0f6cf44f2c68e709ba4a7a7626065eaa957343efe63ec4f472af6a03440a9f14e28468949b5929d47c575b9851ef1263bd470
+	C = 0edd12eab26e3e44b09eb6ccf377a61337250970cee6e6ad179618156face27f4009b3fafeaca75b607e1190fa34089362124a50100c90
+	reseed counter = 1
+AdditionalInput = 24a3d6526a02a7627dbdb34304183267ddaf1b9aa6adfed9eb6a7f1e6b938409
+** GENERATE (FIRST CALL):
+	V = 30c53f6d63650d89a365453d8f1c4dba99856f5b783e1c3fb320df83872d1759bca287eb6c84754a3960bca423d06cff2abd1a7efe33f1
+	C = 0edd12eab26e3e44b09eb6ccf377a61337250970cee6e6ad179618156face27f4009b3fafeaca75b607e1190fa34089362124a50100c90
+	reseed counter = 2
+AdditionalInput = bd87c052d1f3c7c9472c2142f0055deb857d29932cfe9c6c6adf154b1733d601
+ReturnedBits = c7a6e47a9799c7793481a9127accd459db7516b15cd25fb750f3f0c187d8d4b5cfd658969414ca99cb0206758a7d862c36d2b4d063abc1680ef922df8b9a5a83df5131ca248fc275ef6841b481568c24ea06d94f75b418ff6fd95fe0edb4dc38df670655e0ca557b294dcd0d798ab21850d8572669b29f86d980e23dcdcf135c
+** GENERATE (SECOND CALL):
+	V = 3fa2525815d34bce5403fc0a8293f3cdd0aa78cc472504806ddf21c1202156d9af0c7201997b21b9500e19f90b38f284c9297628f8506a
+	C = 0edd12eab26e3e44b09eb6ccf377a61337250970cee6e6ad179618156face27f4009b3fafeaca75b607e1190fa34089362124a50100c90
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 60053fbc255e3f77bf1be4ad7ae6c9d0b918a3bb29ce9d33379be68c4b31bf0c
+Nonce = 480ff14bc93065ed18792ccbbc747860
+PersonalizationString = a4f0886f99bc38038982a18fd2c96ed1f5b3a518ffbaeafd7a5cfee61107df7b
+** INSTANTIATE:
+	V = 5fb35c3140ce8dc5c63bf73bafa5a57ff2b99bdb2dfeaa1ecd82edc7a6bbef15280444cf6de55e9856be9db5e8807f2d130a5f83599574
+	C = 6c5bd6557acc7d0f1c5aefbb6f443b587ed0169902abfe245aaf60c4f5873b208893ef9177ae93729681a08aaf0e3143e396184d8d7c13
+	reseed counter = 1
+EntropyInputReseed = de4178679e9302fb0df92ed6b1d23db39a5273e108dc0bd32118f930bb885abe
+AdditionalInputReseed = c3fb187ced356499c754d0e9a9c6b144d1415836a7ebc025d61c035750ebe39e
+** RESEED:
+	V = 7774519a16d82fa87a5223a8463406e6cf7b3eeaf70324c6194ca079fe6b1e113efb7b0c212da871ef2bb94f6461f7ab2805a6980bb4a3
+	C = 2ea26d20a71cedc18a201d52fe5c820a7df18aa423d5d2df77760ee99645553abf2e6ce32101bba747cc729298157bf2262798c32a79bd
+	reseed counter = 1
+AdditionalInput = a8df923338d2b7e9b878885cc6645f8c3eba7424ee09c265e256d60ad522e84f
+** GENERATE (FIRST CALL):
+	V = a616bebabdf51d6a047240fb449088f14d6cc98f1ad8f86bd5cafab7092d8359405e1bd70adf94b1a244769802851a9aaf260248992a96
+	C = 2ea26d20a71cedc18a201d52fe5c820a7df18aa423d5d2df77760ee99645553abf2e6ce32101bba747cc729298157bf2262798c32a79bd
+	reseed counter = 2
+AdditionalInput = cee25530faa1fcfb19bde20aad356a63362c03b5e8b2c37cc7151ef8af0aecb4
+ReturnedBits = f711be31c9ba7ca68a3169b2e19f175ab656cd7ed78787d8e0c71dcbbd37b7930acdbd62688fb6319654b204024e649d52d8868889d403c80d49831229894219ba71101a5a1b61d57990d82e9af04e8669810525211b3dc8250189348d9572439d9f1196a22ee0fb4a2647fb81b2e7b03eb109c6833bc4e2d5550d4160666fa0
+** GENERATE (SECOND CALL):
+	V = d4b92bdb65120b2b8e925e4e42ed0afbcb5e54333eaecc2cb4807a75ffb87f59230ae988174c0fdd40052207cf6c9a170e11dbb4eaa1d1
+	C = 2ea26d20a71cedc18a201d52fe5c820a7df18aa423d5d2df77760ee99645553abf2e6ce32101bba747cc729298157bf2262798c32a79bd
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 65636a9df861843ba0fc09f5ab08a5a9423fcfe74759c9c507478ba4ca3a8051
+Nonce = a3a1c4603cde543b872762765a35f1b6
+PersonalizationString = 7c0a229a563f3f5b3b6c52f1e3beadd331a05551a5b8311a10b4b7d18c31f296
+** INSTANTIATE:
+	V = 18294350d4c10b627f2cd02f2a690296562573207e2e4a91a3d4d53752030bb3a52e91a40116db9d4ef12fc9bf7c4486650bd89f21b062
+	C = d2456790c2c2cd10bc5fe4d1a117cd7634243b71b5387ba7ecb202ee0b17de6cd1b28a9fc33195a587a3acb8600d4861673dde71a8c008
+	reseed counter = 1
+EntropyInputReseed = 5be4cb9315e334b62810d14e54ae5a776a4b81307640810cb66ff02a1ef2f857
+AdditionalInputReseed = 0d1f481bd7f110561212a9bc4229d5a9384f27c49c7b91c32a3d00dae70b37df
+** RESEED:
+	V = c50a8b780e4b2d4447aba9ee18d2182f8b4401b1196cea5ad8e1dfaa8ad3f4e47fe68f17f9caeead1989f901136a676c6ed7aed2646815
+	C = 84b9ccf2bfc3156a373aedf6ccae0159469b5cd445d68024ee7fc1a74a4e4be8e534157ba1792d1f556d198e25f05743de9fbecce5be89
+	reseed counter = 1
+AdditionalInput = c96ae6e9defb84937b3283878a92a8d7637b2697231fb687d1af61909237f4e0
+** GENERATE (FIRST CALL):
+	V = 49c4586ace0e42ae7ee697e4e5801988d1df5e855f436b84315d92416c5f5071f6f65d09af639a7880cc36e9f2c569f7b82d4919c8354e
+	C = 84b9ccf2bfc3156a373aedf6ccae0159469b5cd445d68024ee7fc1a74a4e4be8e534157ba1792d1f556d198e25f05743de9fbecce5be89
+	reseed counter = 2
+AdditionalInput = 5409f4a26b5f079cb431e530559b89813c9552af64b932518f88b5082c994d26
+ReturnedBits = d680f20ab27e09e07acd5a65b4c0fe6210e1823305e6ceda61d81a5b232fa7290358656fe2f45f8f3483ecd75b96399db015b67798126cec7edc2b059e9eb1bf49f0a8a1d8dc9b7a74137895eb321d107404d08ee4d4d5fec8feb9d31a17e27f353a5e6bd15a61bfaa64ab2ea3d3151975646eb34083ad8ea6975f80e6cda63e
+** GENERATE (SECOND CALL):
+	V = ce7e255d8dd15818b62185dbb22e1ae2187abb59a519ec8ca9e88063d41588076d1fe603e23513c4f3b33ea62eae3784488b2e547f952d
+	C = 84b9ccf2bfc3156a373aedf6ccae0159469b5cd445d68024ee7fc1a74a4e4be8e534157ba1792d1f556d198e25f05743de9fbecce5be89
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = c46d2328980976e7e88ed26b9356b7ad920659b8dde0ae5629d232bba18a685b
+Nonce = f3d2c152b4084dc9e27847cc29f80e67
+PersonalizationString = 36d7d577f457375a4c6f28e11568c23529b6da98519d41c0765e58c87e89c966
+** INSTANTIATE:
+	V = f025da502a67a444e13875c9dccb1ba7f7e029653feeee26ad45990d032b0733bee55ef566ddc6bf846eb6291ec8390aa084ffb5d3ac9f
+	C = 36fb7d91f2f78ca9aaeef74a6433e1cb5e155ec837d75db693e87a1c8069f1f061f68dffa881aac048638da3eaaf0d404ab4f826f890e6
+	reseed counter = 1
+EntropyInputReseed = a95564ccaed436a4d268b0e13d56295dd9eaa99b26a2e2f87b434e3f5ead4aec
+AdditionalInputReseed = 1126a4fd29374f3acc72cbd11580f5ea29fac78baeff4b61c69fc79a753233bb
+** RESEED:
+	V = 7578aaca434d20f906097dca6216615d116a18deaff3f7ca7f5faab1e8df46c8ca46086393cd717e02aa7cc10424ef83bd7522440abf3c
+	C = 285845d3dd180930a15c106d2fcf1abe5e2b508c4b943dd91f3795dc115e6f0878db049be4ea99ad4462f99c55ea2043b4fa7ecd33f79c
+	reseed counter = 1
+AdditionalInput = 15d539e43398f79114ffbd3bef65e410bb6f8bfb0bcd5c1cdd185ac472fdc15c
+** GENERATE (FIRST CALL):
+	V = 9dd0f09e20652a29a7658e3791e57c1b6f95696afb88369caba5fa1fb9ff3c36662df32d31525a38503ecacd428980b5787ca098bd59d0
+	C = 285845d3dd180930a15c106d2fcf1abe5e2b508c4b943dd91f3795dc115e6f0878db049be4ea99ad4462f99c55ea2043b4fa7ecd33f79c
+	reseed counter = 2
+AdditionalInput = 1545428de9393a222712f4ecc58f44741fa0c35e7ea2ed9522f9bb51f1153a3e
+ReturnedBits = 0c664dc6a293a89df0f53b39a7a10bfab425b79f37ceea25e8d1ef05932f585863ee555149f6627e2cecc0101e65d34f9be256e84a1c7dafdb7635636330f6d7d208303cbc8e726dbb94522187cacf63a5e458ea041ae63358cc634610bcc6667328f23003863c2439b14d96b28e91e797b3081a752acccef5e93c6093b8d606
+** GENERATE (SECOND CALL):
+	V = c6293671fd7d335a48c19ea4c1b496d9cdc0b9f7471c75f953d28b276db00590d60514ea7b4305d5536d5a1ea9ddd5d92a5befeead0a32
+	C = 285845d3dd180930a15c106d2fcf1abe5e2b508c4b943dd91f3795dc115e6f0878db049be4ea99ad4462f99c55ea2043b4fa7ecd33f79c
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = c7dcfad33626ce1efb224fbf7511d7921bebeea85c6c3213e02f812a623c4645
+Nonce = e9122a8ed342b4e23651556f43a22e1b
+PersonalizationString = 244fb79e02ad0c4934891eb6da4334ece3053594b3bbe0c6a5522d3ca949f8d7
+** INSTANTIATE:
+	V = 587ff56ce7a94dde5897dd24e385c1ce31a681ac670ba327684132baa5fec31bc544beb22b8474c29c6cc2b54f47c0ce707aec433963be
+	C = 94d6790c864046436599f6e609009dadd07f74e9765d465147d1dbfba35fd6507518374a1d438afacacbd14ff6f124c552874f3a29da81
+	reseed counter = 1
+EntropyInputReseed = 512c4b07e9f479f1a8d2e0193561fc9e3bd9691d4040c1a6074d55805df131a2
+AdditionalInputReseed = 91155e07ae25d19361dcc0b40d2ba1e761999d4e0d735caf3a35c3c7dbdf07bf
+** RESEED:
+	V = 4576ba43bd9263a8b0e93e175fd6a87da04fbf0c366cdf931cf715fc6484af6926ae3db2c4f0e6bb7c0377e7a92530bb6f979002f2d861
+	C = 4f70d95738a5e0bb26db3e1bafb1598afe9d4580763722f56c092de7913fb5dcc6ba0e2d384218db434cb38f0ec52c323111391d5de969
+	reseed counter = 1
+AdditionalInput = dead2113243348cdf9f9e43e80c39bf07a329551cc153482aef40b018fb3bebb
+** GENERATE (FIRST CALL):
+	V = 94e7939af6384463d7c47c330f8802089eed048caca402f48bc3be1a0b334993a5ee88e215ff916ab0b8a5d686f6f0b99c4568e5bb2725
+	C = 4f70d95738a5e0bb26db3e1bafb1598afe9d4580763722f56c092de7913fb5dcc6ba0e2d384218db434cb38f0ec52c323111391d5de969
+	reseed counter = 2
+AdditionalInput = 4aef240553e62b7c3296d37fbc3161b5b76757e503289b01930452325b085f3d
+ReturnedBits = 50c032cd007ac64ef06a1a8f40071d8be976abc49214fcaa756cac9ecad2cbb5d7d208d106d2f8d66231f94560f9a8f1ab85b6480602a3dbe5cde391051574b094d44b4c76f751e345b0039f1d630192e86b18826593dc52dd97b182a38cf469f57a262a48da17357593425a08dad3551cf70da818bcd3b37bf11e287d2f4910
+** GENERATE (SECOND CALL):
+	V = e4586cf22ede251efe9fba4ebf395b939d8a4a0d22db265bd8ff4b518ae08ed294f03b273211166ebfd8509e499a20767a9f7d3d84274b
+	C = 4f70d95738a5e0bb26db3e1bafb1598afe9d4580763722f56c092de7913fb5dcc6ba0e2d384218db434cb38f0ec52c323111391d5de969
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 7c93de4cf817629edbb86d814c3cf286ff303f99dc8d03d95b3a10bb645eb9cf
+Nonce = 4df23a93003d76405a8f87a4b47eaf66
+PersonalizationString = ec10f42ad7097f47c8b1f762b941cd0a0c7d42373a59b955e0c92a050215fe77
+** INSTANTIATE:
+	V = ff7f8051c97987550b0e5de7998fa8ff42fd5c1be907527fb483aca65fe3c464033b519d9c14a714803316517c30f5e4f8c01d7a285056
+	C = 8ee7586cd9dbe57df41c14567fdce923b6eb7872bcca118dceef5c3da5dea11be45c8d680c208e38b443cb5f41508090ee2c1dff11844a
+	reseed counter = 1
+EntropyInputReseed = ff5e2fd1b8b3f5d89a6c280f8966b613d59580f625c139cb888920a43887d732
+AdditionalInputReseed = fa0e5bc0c19a9aaf26a80be42a549d145e1ce257576e5cee648bdf83544751a6
+** RESEED:
+	V = 18e0b6c740ebe83a9e1c29bda90d5847a1744e0b879756b43c63dd668769f4bfcda22abe1309f8edd0772115c6716606b7f6a00e406098
+	C = 73e9e61e7a8202e8b62dd4d85959dc4cc7ea584f59cb4f326236309d90d73daff775e471da8b90757c18d6c1388b1064764dc13c298acb
+	reseed counter = 1
+AdditionalInput = 3fd473305fc70cbf558deb5437c660e51170fd59151dcdc90270a59abe12daa1
+** GENERATE (FIRST CALL):
+	V = 8cca9ce5bb6deb235449fe9602673494695ea65ae162a6d82deb829d423878b29b8c83bfda0bebf3b1cebd08cbde7e0637025209a165d4
+	C = 73e9e61e7a8202e8b62dd4d85959dc4cc7ea584f59cb4f326236309d90d73daff775e471da8b90757c18d6c1388b1064764dc13c298acb
+	reseed counter = 2
+AdditionalInput = ec12e966173fcc117e1c0fc0720ea69a5fb1d3a3d7e1e6fae0e9c864a715a205
+ReturnedBits = 811fc49340eac737349eebedf057882d1f5577a5838a6238a4dc0545a81fc324ae6f31f92be1ce5fa6e7b73a2d9f32955807eeb7227e48e8f491ce5cf6897e50b2518b8fa04671bddd207655d850c9b8d715a2a6fbc7ecbb6056beb3d562a4308e4c3677bf66686774712f125ff19f9816cb52adf3970d10dffe1da88676cadd
+** GENERATE (SECOND CALL):
+	V = 00b4830435efee0c0a77d36e5bc110e13148feaa3b2df78297ab57fad772963bf1eb963bd7596f5e3066a498bd7bc9d1e9d0ea85edf165
+	C = 73e9e61e7a8202e8b62dd4d85959dc4cc7ea584f59cb4f326236309d90d73daff775e471da8b90757c18d6c1388b1064764dc13c298acb
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 90a9f2d931e484d47fb02fa7c0373ab91a5a1743acf015afe36c1cd7b7026fea
+Nonce = dcb1c7edbce714757d64ef8832bc65e5
+PersonalizationString = d85793da4bb56badd892c5958603174062f84df5682b6f135c06a95e73747898
+** INSTANTIATE:
+	V = 6b827a5342b7c6fb978bb3ce6e0f8a555febb024edf0484592d347edfa949bb63a378468546f41d1153f0b00044139af8fd25ab3f14ed5
+	C = 25085ac669d363375000884dd97a4f5eb627ece9be92c46f0b7c298b95ec7e5651d3dea110034b92b25a36984ee4066d6c89d36b75a809
+	reseed counter = 1
+EntropyInputReseed = 6eb93be84285c57afae8eaca82c02ec9658fa01a9fb4dc48ed78e36a125bb688
+AdditionalInputReseed = e5a7fa7f1b57a1b45c26556a88e2ce959267c1f6122e36ae5f405ad2cbe502a7
+** RESEED:
+	V = bbbf9f1902f0f11814a35874288fc269bdf6ecf61e938ced3dea4335f204d305b3a4758182a2d52b6e58b6273d5155faa131cfbc30ac85
+	C = 56d6307689860fe899f63888066e458a0817c8cdcf60c289c944a2bb49fa6d1a510ec8eaab79deb6553529cbf1eed1dc71c4e30fe2d77e
+	reseed counter = 1
+AdditionalInput = 48808171c69ca6f8eb972083ae9db80cfffb0605a20998ee3f870502780ecbc2
+** GENERATE (FIRST CALL):
+	V = 1295cf8f8c770100ae9990fc2efe07f3c60eb5c3edf4508942b9e78df0d054c4306257b728c278199d713243471b0e9e33cc9916da188e
+	C = 56d6307689860fe899f63888066e458a0817c8cdcf60c289c944a2bb49fa6d1a510ec8eaab79deb6553529cbf1eed1dc71c4e30fe2d77e
+	reseed counter = 2
+AdditionalInput = 5d46e7331e3adc6430064d433d894753f7af81be464685ec61e1789a6f209ace
+ReturnedBits = 207bbf81e91589c19b2dc1588d3d5aeabe1a5c4f4a28fb9416390aeaaf9507262d0b164571df67b6bf0121b365c0e26fac8608dd3cef97388033d9aeb6062edfce6f05ac3f3b0bd533371541b243ffa8e06e8554a6172fec4323475dc143f4811714a985197fe33050927178e35c549811618217ab7bb177e7d787a282db253b
+** GENERATE (SECOND CALL):
+	V = 696c000615fd10e9488fc984356c4d7dce267e91bd551430f724366e67ff839b93fcc2482ca0670d41b2a68df41b284bdfae7a229f8cea
+	C = 56d6307689860fe899f63888066e458a0817c8cdcf60c289c944a2bb49fa6d1a510ec8eaab79deb6553529cbf1eed1dc71c4e30fe2d77e
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 17f263b82faaee3bdcd3dbcb2612cd5022238abf6a98e56d44f9d2758c8e46df
+Nonce = de85546ed98ddb9fc867cb8433f702d0
+PersonalizationString = cf322af5d40d415a0fc80074fd09addbb6eb2cca186bb9619463d91a028f2d97
+** INSTANTIATE:
+	V = 6c857073d793203ceb00b9c8ae47f0160e890cfac8b6c2f597f297536a8694556c10db57e933ebfd993409607b259c714201b030cb0b9b
+	C = 6e96e89c1649a12163419b095e5e157fad9e83e422790fc32469f2991ce336bac75c8c76d38cd240a65b8b801638cdc67f47614573cc43
+	reseed counter = 1
+EntropyInputReseed = 37af5610d361fbb88980e4bcb164601b1e45396cf85530d60bc20757d6207f4e
+AdditionalInputReseed = d5fe9efabdbde7e2cd44dcfa54e75fc2055a04f25adec371e648e55c37b5598a
+** RESEED:
+	V = a4a37be179b32a82a6857fab67ba4f59da57844304189c32527bec33db794f2c80092998d7a6eacb1195c5f554202f16eb4f58a89b67da
+	C = 0b9fabad0e7f2148ebb0139d6ed6e5dccd217d7a537ed16ca7eaab5ae0db6c0da079aa6d573ca5807ffeb3c734c366ebad5a0df82fd13e
+	reseed counter = 1
+AdditionalInput = 71433d5db501ae0bf7741107158e359ccabea7cc73b9b93241509c09d667c406
+** GENERATE (FIRST CALL):
+	V = b043278e88324bcb92359348d6913536a77901bd57976e4635a725b99b697f9453ac373736e940edcd91cfe1d6c179c952d6cede4c5240
+	C = 0b9fabad0e7f2148ebb0139d6ed6e5dccd217d7a537ed16ca7eaab5ae0db6c0da079aa6d573ca5807ffeb3c734c366ebad5a0df82fd13e
+	reseed counter = 2
+AdditionalInput = c48398b1a0199aa768011280a401004ec2c4ed4694f196dde26ab71ff304135d
+ReturnedBits = 572d719a01ea7d259e5604f36b8c398ba3396b5c9746617a5c8e33e2d81796fd892d4b7c8672023c958f045a3bd8f131c462845c404f7dbdda05c6383e084f8a08a4719f947ce2516b376502a3743025f3ee97a8211d1469660155043d3de71a3c036530d20882702623cf6901600685e790abb8eac3691a637e04b0e8c8cfb7
+** GENERATE (SECOND CALL):
+	V = bbe2d33b96b16d147de5a6e645681b13749a7f37ab164141f4ab0bf6ab132a51e89a8fc5ab1c271ca24c6884870b08dd34a9d05dbbdd59
+	C = 0b9fabad0e7f2148ebb0139d6ed6e5dccd217d7a537ed16ca7eaab5ae0db6c0da079aa6d573ca5807ffeb3c734c366ebad5a0df82fd13e
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 871e2951629768e56f9a56be504b3e4380158fce7c8c8b66fd07389e844bbe34
+Nonce = bc61b8ab7bfb8f94e3fb5edf47c667d6
+PersonalizationString = 8cfaf4b1a43e6e562c7d7359a45baf7ba75133b5ed3a7b277e0352eb0db4fb3e
+** INSTANTIATE:
+	V = 62706c8c6df79c10dc547e54b2a6d94a0e617ebde6897340eff581bd8c5f8438c364e1ee016fb311a573a9c19e06a831f550ad619dcc5f
+	C = 59e08277c73255e741d3276b2e5cc82c0822b8b29b06e69a6f677d925446582f0164f9eddfd743ccf79d6c6b7e7d8935769e7a34351a68
+	reseed counter = 1
+EntropyInputReseed = de946c2c71494e6cab384df5817fb35fb1b7817cd22f801143c503dd79ea5a0e
+AdditionalInputReseed = c64695b2fbd7e4635e9d842354d6d94da05c135621893b0f3f2c5371ce47e35e
+** RESEED:
+	V = 32e1a4ccf370de933cf7cc52149fc51c4a6dfe012da1147130cfc396c391e9658861ad73672decbdd2039d0fbd39ce9e2e34898fe84525
+	C = 59af3a7984fdf0688370e7858c174525f56fd813ab794e26fe205d7dfd4f9cbdd6053091dc6ed91ee9a19c9ac0d92cb8ff17a8188bc2af
+	reseed counter = 1
+AdditionalInput = 595e7a21fc98b205e2785256542b292385e505e784ec93da802432f9da85b1fa
+** GENERATE (FIRST CALL):
+	V = 8c90df46786ecefbc068b3d7a0b70a423fddd614d91a63949f70c6124d690514cd3421cef050952b247ca622e109a2e6dfd96390d30fc0
+	C = 59af3a7984fdf0688370e7858c174525f56fd813ab794e26fe205d7dfd4f9cbdd6053091dc6ed91ee9a19c9ac0d92cb8ff17a8188bc2af
+	reseed counter = 2
+AdditionalInput = d34fdc4140655148743530995a763f84c30dbc5cd72f1b76866598da7e985678
+ReturnedBits = fbe346d3597eea3d865ad0dcabe1a1a9c5462287ee5d661c726ae0236037d3ca4f46815de4a4759dc55c6e4922740d639f9dc1075b3fcabc390e2c2dcd2fffd5f919a2f6e6e4c3e93c03bc218970eeed8aa95407c3329105a6fe292bf53cc055000079ea8ce502a172f8a3208ca44797077ec640120f6c848d7ff5fb9f8000e5
+** GENERATE (SECOND CALL):
+	V = e64019bffd6cbf6443d99b5d2cce4f68354dae288493b274de0c2749fdfea0f2c003b7a729fb6b7a4a8b7e8a00de45fb97475a73d9aada
+	C = 59af3a7984fdf0688370e7858c174525f56fd813ab794e26fe205d7dfd4f9cbdd6053091dc6ed91ee9a19c9ac0d92cb8ff17a8188bc2af
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 369e482d23903d18cf4d8f8172de4164d10fc73c2e3234bc2961b1663d705883
+Nonce = e75b8c992520c2aad607c66106c5ccfb
+PersonalizationString = cd084840bfe7759af8a6ad8ccf00a2f19eb783a7d69ca776344bd8871da04f84
+** INSTANTIATE:
+	V = cdb981404ffbdb868e1bd042eaeef21a1c937d25f42b779e920252b9ebc22633cc4dff36720667fef353ce3aa7b6a9dc18fa7c78437289
+	C = 6e5eb73beb6a024c46f517c811d10f3644671c1368b069bc3a764d05e2db27e2158ff3aa1d3cbde8eabc4f0f5f4727288ae89e78b410c4
+	reseed counter = 1
+EntropyInputReseed = 8d495eccd46a698b0d04ea49c3eeacb102f10d9aae40d6cadf84aba63673d68f
+AdditionalInputReseed = 37276f93b489663187f63307b46f9857a845287eb75c5eca5d55d711cd7b39b3
+** RESEED:
+	V = a31de203f57a7d02f0b733d62cecfa28590e9a133da74316e8e2b0be830a44db086b065bc33c080607e99a22c0a8a87742884a9ee172b9
+	C = ebca741011a233bb91357467159d8bd35efb3d4870395e7f0c490558778ba49ab31d2330dc407bf2d9c7f1e15e942644f39e4103ae1978
+	reseed counter = 1
+AdditionalInput = a24e1118aa234c9fb965ae53c8a3153d27a43860db62fc451d8e8b68504b4664
+** GENERATE (FIRST CALL):
+	V = 8ee85614071cb0be81eca83d428a85fbb809d75bade0a35815ae4f9264156f93102bae52426d928031d3a5af8447aeff601840cf11e0ac
+	C = ebca741011a233bb91357467159d8bd35efb3d4870395e7f0c490558778ba49ab31d2330dc407bf2d9c7f1e15e942644f39e4103ae1978
+	reseed counter = 2
+AdditionalInput = d9b24cf35ded780c6693230aec604513970a1b0aaa232abf0c78ba89c0e2b961
+ReturnedBits = f9d814a241ed40176872a0a240dd5996dab5131c9f9b3d44299067a4469d5a1eab060735f4378781194b06794d06e0e6529a9c90f6dedfc802306c2afa8f91c381627897d305ff4c43c841d5256395cc5158a2b34b1c94d1279362317513025273bdc5c073cc52ff036eee4089799440f45c77ad8b230938e996840efea33429
+** GENERATE (SECOND CALL):
+	V = 7ab2ca2418bee47a13221ca4582811cf170514a41e1a0222577e4314f1231be7c770ff900099bfb3867e2e160907f07675b55fa3055110
+	C = ebca741011a233bb91357467159d8bd35efb3d4870395e7f0c490558778ba49ab31d2330dc407bf2d9c7f1e15e942644f39e4103ae1978
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 6ff03b317e5a3a6e958758d8cbc5cc3bf7a49fa8956f2159abf8a71f4302f3f8
+Nonce = 0203b0d4301a2d2e223d2b23b253c80d
+PersonalizationString = 3da0f2a3e99e83b37d79881355a369eed200d66f8efa5144fffd8729c0857a6a
+** INSTANTIATE:
+	V = 51b698be905c16abeb6d5569acd82777bffe8c5e9cd3416bb83f21b0b388d871d3edb7ee34f8a7728b7cac75f90d580276871b022c0b31
+	C = 1cbd255259bdbdf57641d22b04e24905f5854dd82587263d2b9e5c83b9380a7f4ea46ebd844df0ea48ccb679832de4bedc72133087f0b7
+	reseed counter = 1
+EntropyInputReseed = 5aeded77ca0916329bcab3ea5e82c1cb6c0a3a76198ce638d029d8485593cd73
+AdditionalInputReseed = 4d3274cfb861a660345758ed18460ec7cfa371054a36ba0133b3aecabaa84e44
+** RESEED:
+	V = 8ea2a87cead9bd9eeab05338f909a53fa6711d6017511b9d52235dd6594c07294c933b7157d966c32ad62441d87d6964c5019c6809597c
+	C = 16b50005f1454df72d06f783949e178c22eab918490e241da2f80a8406a005bb0aa54de3ad17451d7a6a450e733bd0d8e1bcf3dfb7ef58
+	reseed counter = 1
+AdditionalInput = d25f4ace07c4b272d80db27333dc4642409463cc93b879b93939f7a419065a08
+** GENERATE (FIRST CALL):
+	V = a557a882dc1f0b9617b74abc8da7bccbc95bd678605f40a309ad3e810333b5a6d1f328e74220edadeb357306818a93c218120617a72415
+	C = 16b50005f1454df72d06f783949e178c22eab918490e241da2f80a8406a005bb0aa54de3ad17451d7a6a450e733bd0d8e1bcf3dfb7ef58
+	reseed counter = 2
+AdditionalInput = bddd03d8634ef86daff6be6db8578c957c241ca94dd4cf95d4a503667608960f
+ReturnedBits = 40781405049fb8eeb5e8b145f8650942c03d24c5c4630bea12bc4331aea6ca327bfe7d98df8b31fc506076bf787cae66d9609f088d3bd76c8657fbccf92701cec4dbae29517ff2f71abe31853adaeec693e048d6d3ab37bc299d8e00ea2e98726e178ed77756b6ecf1500e6add5c0f239a39a9b57182e97b156eada784a8724b
+** GENERATE (SECOND CALL):
+	V = bc0ca888cd64598d44be42402245d457ec468f90a96d65dcd50c302706a455440abaa10a0e95510f6c3b4037f3a82e5321c1cd04585466
+	C = 16b50005f1454df72d06f783949e178c22eab918490e241da2f80a8406a005bb0aa54de3ad17451d7a6a450e733bd0d8e1bcf3dfb7ef58
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 2caffe34d18b475d525585c2472ac3e8b90b37f9be191cf575871fea5c55a633
+Nonce = f43928c0df5496c8fca8b5d20870bca3
+PersonalizationString = a55efd76b16f9cb0274d400517f5bb2452aafe261dad5dbabdca29f52df66efc
+** INSTANTIATE:
+	V = 6a2bd8ef09d52f2880ad7c654f4e7c288c4e352237321f471282260985820fc23b32e3b837783ec19de6c7ed6a0968ca995f4dcec6eba6
+	C = 6246b2348a8a815e89eb21caa98f128038bdb771f8e4cadb3f0fa469f73ac31f170596ffbbbd4f287a20b21b07e333899522c3f56d837a
+	reseed counter = 1
+EntropyInputReseed = f5d06f245b38aced81486777a1e21a3506473ede266e2ac9158a67d83ebc05a1
+AdditionalInputReseed = 4213f864b8f6b862435aeb3e33f553884990788f17f162a68187266253cf9137
+** RESEED:
+	V = 165ede8f18f99bf41e5869dad72a8a51a5ffde647b39df1897029c99e46416da93ba3d38b79e43b3729d60fc558f97de544f58f896a37e
+	C = 5e24a97ee41bc62de1958034ed7d879dfd97ace4a64b5b93bf9b02f50ce615aed9de90d4d537c2f29507c66c3051f16afa9938c1535500
+	reseed counter = 1
+AdditionalInput = b851aaa00c35ab43e8f3c67021a8c4f4b9effd84dabdbabfaf2d3246e4a79d40
+** GENERATE (FIRST CALL):
+	V = 7483880dfd156221ffedea0fc4a811efa3978b4921853b5fbc38419622b38667f11924a15d8b5319480807512ae6df5613059a2943b55b
+	C = 5e24a97ee41bc62de1958034ed7d879dfd97ace4a64b5b93bf9b02f50ce615aed9de90d4d537c2f29507c66c3051f16afa9938c1535500
+	reseed counter = 2
+AdditionalInput = 6e5fec69597a87ee8a3d9d3e479f5b08baa4ed6accaa93e8074efbcda9b54279
+ReturnedBits = 89670c3a559c2ce032d3aefd953fd8a43e51fb06c095760215806f571355de161e13b3a135435fde4ef1ea7be68112e591edd7f2deed6ef40ce6bec3b9a64607bbc2daec42d4a6fc6fc8bd88ee5844596d69243e4162bd925eb1b08fb0f94dd23fd4d4b36cde3c7df065c3a372eb8f1b7122ae27eb5cc7dc5a54d179f01d08bc
+** GENERATE (SECOND CALL):
+	V = d2a8318ce131284fe1836a44b225998da12f382dc7d098e6f9de9232ac0acaa34a547eaf592666399827551101f1e2108cf4cd82777943
+	C = 5e24a97ee41bc62de1958034ed7d879dfd97ace4a64b5b93bf9b02f50ce615aed9de90d4d537c2f29507c66c3051f16afa9938c1535500
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 6802fc80622359a3cf86f2beaecf8c582f34885209777c09608c13902a7dd482
+Nonce = a319ab196300ea796cc532d763200554
+PersonalizationString = dc3c845bc66cd5113d5a6ed28d5b7b9aa638c30dd485c896bd5e4667cb966207
+** INSTANTIATE:
+	V = a97589962c57291af0b351da887a1c87d64eecc66ec71a4841090c6c6720eaaa53c94750afaac31d020e4be3bc7ad73b3a1988e8626c98
+	C = b5cf64e386e44b856061651b5376ecbedd1c5dea0a9abcd6576a062d4faf27d378958cdf76526b9f0599f068d629d687b5c1dc09506e9a
+	reseed counter = 1
+EntropyInputReseed = 46ce8f1d76650dfda9204c17413f5cfa096c70b12077eae36a87c0ffc3c76eb4
+AdditionalInputReseed = 11fe7cb2ed7ed88bef40ea6488a792465677c2261db4b63bb4dabcc78fb5ca86
+** RESEED:
+	V = 4aac0e89b5f92df2a1a7d524ca9e0f9ef997e3336e37a24b477bc893d722aaa340729699ab5fec9e254f1d0249e63a5af6c896f3af6d98
+	C = 99c3d6b100e03a0bf76c8f8e4c2fb77b0ea8e6d4b2188ec3f01c0df2b88bc06c55f285d44f3b75d65578a7559c11f6057a6a02a5184046
+	reseed counter = 1
+AdditionalInput = 32d05e8661f57ba74e7d9fd9f4e9fdf71abe1f074a136ca2db4ae4cd1380ae28
+** GENERATE (FIRST CALL):
+	V = e46fe53ab6d967fe991464b316cdc71a0840ca08205031d8ec0dfb46fbbbd6d230527b572025e52838f096c4f8f47458183e601a4baa3c
+	C = 99c3d6b100e03a0bf76c8f8e4c2fb77b0ea8e6d4b2188ec3f01c0df2b88bc06c55f285d44f3b75d65578a7559c11f6057a6a02a5184046
+	reseed counter = 2
+AdditionalInput = a9804da0b5f1b8bc490576b55a4878d29ee340828dae75eec2be15aa93bf4be0
+ReturnedBits = ba029e3f307bd49aa8d337e7e4381aba4d39d9cae9303e2ee160ef60bee6da9f990cf02cca99e5ea0f27b8066ba82f2d6f4e3c7f88e43562ca0f810fadcbb059ba63c0bccaf2d6cc5784627d05a29bc06c3a7baa0cb3f4184f599c7733666e24369b5571f5e9acf10a33514c47ca85cbc6a58bc6fcf1e2c28be73dbde9168c6e
+** GENERATE (SECOND CALL):
+	V = 7e33bbebb7b9a20a9080f44162fd7e9516e9b0dcd268c1a04a229fd2326b5e07a74e230c7f20c937c503861351e430e1e7f51ae671c71d
+	C = 99c3d6b100e03a0bf76c8f8e4c2fb77b0ea8e6d4b2188ec3f01c0df2b88bc06c55f285d44f3b75d65578a7559c11f6057a6a02a5184046
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = be81a04b75f3235ae432ef1d63a0ac78759c6193653f4419e254ad4f41a0952b
+Nonce = 9ec5d0841c9f157b8db7244dc61ad513
+PersonalizationString = 7d799eb6b40be63ba506d6f5aa705d4853096af2f810170a2756f2ba20af63b6
+** INSTANTIATE:
+	V = a7f8b17e1a4e292b8c243f8b716f54f61686b38635cf6de052b880aeb3f3262e95424539b250baf73bc0bb7916e82fad4a261078640a8a
+	C = c1bd1559657d51098a0773c7eb4c2fe3d5e1835ebf3447fd9b7a2be5054bc0e0e8645f88de2877c711c5692abc0337d83b2071ce567c2d
+	reseed counter = 1
+EntropyInputReseed = 241d02cb64229cb1b336ef1f5ce4113f32c88a6e555aa39e543ef66f5b22f3d1
+AdditionalInputReseed = 8c203ad8dbd2e94f86c82eb0224fe9e8a7a7203a7c6eecae71fe9633b94fd12f
+** RESEED:
+	V = 5831c2332f7269dee6e2040dcaacacfc94be729b069ec933972cd8b93adf03811821c28f3b50c11c133ed3b0048793366eeacc8e97c09d
+	C = 8a806e9b7bc821cdbfdf09556a33498d28d03726c4e91298b8c675402e60dd5a7634bc665682c4cfcf4baccab70d30751c9ca2c224ab61
+	reseed counter = 1
+AdditionalInput = 1d47c207405a6fb497d951a30748830edb4e754c7f2529a474a8f4f45e8fa1b9
+** GENERATE (FIRST CALL):
+	V = e2b230ceab3a8baca6c10d6334dff689bd8ea9c1cb87dc8b55255f6c3408a9479f38586a45c24a5456d694500d5c01f84b6d6ac0cb3acc
+	C = 8a806e9b7bc821cdbfdf09556a33498d28d03726c4e91298b8c675402e60dd5a7634bc665682c4cfcf4baccab70d30751c9ca2c224ab61
+	reseed counter = 2
+AdditionalInput = 75abb409a8e2ef4e19a0eb526127c591dfd52edd6c8d0c729c102ba1a268d987
+ReturnedBits = 273ba25b0f69e5ea31e011dcc2f2dceb34c8bd32541323a3aaf23510d21d6738ae865584e63a896aa3fa3c6915196f91ff2ad1cc2a7b1659ad04440fa712caa73c41bc47f052a564f0d2150a4cb49a1d15fb9dbf41d0883b2e04471664bc21b9c13d43389f5a7897e185613ca97dbc948be87c74cff94c600700b0bb7687ca7c
+** GENERATE (SECOND CALL):
+	V = 6d329f6a2702ad7a66a016b89f134016e65ee0e89070f03c51b88c42915356aefd4931f223a23238b2a04ee1a462c68c9cfa4ab1cfc668
+	C = 8a806e9b7bc821cdbfdf09556a33498d28d03726c4e91298b8c675402e60dd5a7634bc665682c4cfcf4baccab70d30751c9ca2c224ab61
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = e5701a7b27835afddbd2c40dacc0b669d706c56f7608a5076a4bd22cc6cb4fe9
+Nonce = 61b8c01b48b54b137ecfad3050ba5bed
+PersonalizationString = 
+** INSTANTIATE:
+	V = 791a7b49ff9fe9a5f9625790c0eea9f4d2f5676f32f5f1653a979faae979878cb1831fb8714acb08d5efaf3059f09e5f63958f6c22779b
+	C = 3df3ad2a7eb62ddc74309772f90cd58425be44f4148005d46decbe95ff07b984048d7ef5780deaaa3fbbd7a65c09454e168d88cfaacbcc
+	reseed counter = 1
+EntropyInputReseed = e601c5d38bfe28e45e930261e723665fe751a98dc7571e6b3dfe4bf36561517a
+AdditionalInputReseed = 
+** RESEED:
+	V = 81f568cf8c9145af3985594bd01846fffcfcf543653a810d7578731593613d0e1fcfc14e11597b5a7577a7d35b5ccf38ec6377fdee183d
+	C = 65c83968b4cdc978226d3d81a6746cba0bb4ebc55ab42fd56d0294479efdb76a088cab3776285391680813f7da8d5a3804957d72e0fb1d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e7bda238415f0f275bf296cd768cb3ba08b1e108bfeeb0f51272289ad2508fa0dabf89e7c032cc10917d6b7d40321ac6897fa675202c4c
+	C = 65c83968b4cdc978226d3d81a6746cba0bb4ebc55ab42fd56d0294479efdb76a088cab3776285391680813f7da8d5a3804957d72e0fb1d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = c553311f244dba892c30975e26dac49f6fcce8c32a4815417754da9c0c18fe8cb35af8cf09af1b9bee530fdc0761d8d3fe96abd8ccfdc3e3c9149e56de6731596b4dea85e4d0f53a57f38370cfd42b175698125718838289e71bde792b343b5c74ff13fb6665302131b8773e37cdd34824ff59d3e15184c41057e7fd78534f28
+** GENERATE (SECOND CALL):
+	V = 4d85dba0f62cd89f7e5fd44f1d0120741466ccce1aa2e0f1ff202ef6902401c3a14f22764fc9bb6dcea2ed764b3cc401462362443fabfa
+	C = 65c83968b4cdc978226d3d81a6746cba0bb4ebc55ab42fd56d0294479efdb76a088cab3776285391680813f7da8d5a3804957d72e0fb1d
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = ae57968b688866d61eba36d8d2cb19f5d0689874b4e25d610f7092872bf622ed
+Nonce = cbb2aeb88e920400870768f949889bf5
+PersonalizationString = 
+** INSTANTIATE:
+	V = 84b6e1c4cffb17d696896a70f027162cf63b53faecc08738aa2baacdeb6bb35e4a4f2ac3e8b1bead8a663270b8e488a3c0b1cd9c3fdde5
+	C = 88ae9fb30b64e4d2e7f43b4fbed6954db12a896f293bbb836e3d2313dbd576f81b28b87acdcc0ccbed70ec8a57951c239380530ecf743e
+	reseed counter = 1
+EntropyInputReseed = 053b484add88b1bd696419c4d249b30cf107c995e5d60bacf75b611105fee5bc
+AdditionalInputReseed = 
+** RESEED:
+	V = 1a16bcafff532387b1bfb1a928b2f9dace450e73f6e4eac9465f75c9723298d08e40e799d42406f0986aaf298832f26e3f03414200ed48
+	C = c1925724d601b3ed2c73a34e1229402898532c0e058271b6c6fad1c664ca81bb0e6a221c3bef4e7e9a3843cc0dc8f0ff3a98f7374b168c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dba913d4d554d774de3354f73adc3a0366983a81fc675d279ab58cfaf8b14b23a845734c88a38e1e2e002e1e6b77d408d1ce3d78578e24
+	C = c1925724d601b3ed2c73a34e1229402898532c0e058271b6c6fad1c664ca81bb0e6a221c3bef4e7e9a3843cc0dc8f0ff3a98f7374b168c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f15273147f975378e932c8e2f6018f4a7c6df5acced2bd21859bc90e1fe78f986ce6a107d9b1c9a55aee357125c1ef76facda02544c826dae74451ac01516b5f68da13a167aee8c3bd508100efc44536cd243ca226b9d87ee1e32b11dcf1b152f399f42cfca5607ecc4f8a37bb7bb9de0e782d52fef464e18dc2eb9a20e758ab
+** GENERATE (SECOND CALL):
+	V = 9d3b6af9ab568b620aa6f8454d057a2bfeeb669001e9cf8847cceba4a40270469bb8b8dff0caa803541a24d152c5902ce283e07f430c7f
+	C = c1925724d601b3ed2c73a34e1229402898532c0e058271b6c6fad1c664ca81bb0e6a221c3bef4e7e9a3843cc0dc8f0ff3a98f7374b168c
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 07e272b97a3827efa6ab255d2bc6bab81e43087c32aa879b5ac0bb935d1f72b2
+Nonce = 9035f9407a30d75adaafc4c1b1f53227
+PersonalizationString = 
+** INSTANTIATE:
+	V = c0ed691470cab56e82c1eeb0130f7c8e0bef5c58f480e7d31951502ac05c9c88aebb4d76935d9dfc034b649d0dba1826fc87426309a82a
+	C = 1c58b00730bbdbcb5a6ec4fcbc0443116c4f093cec954da5ad6f47dab919d0dfe38bfbac28c801d9a3ea65b1d7fddd90e5d5645d466c4d
+	reseed counter = 1
+EntropyInputReseed = d9d33d1cf4444640e18ac43f92b0930d85346656ea2b72162d1191d7ed828e22
+AdditionalInputReseed = 
+** RESEED:
+	V = de1f6dce9e873b766002b2263ac00e1c7f7e61bd0a90909a1b5aa145ec5c57bc287353bbe8317c7c7b1fd12d4504857f516d6bb0077b2f
+	C = 83adb010843d492fba3672dbbc214972b783afb39ac8bcac699419568710d74574207dc2e439bea7870c54714299cc3d6a6fe1eca9cd46
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 61cd1ddf22c484a61a392501f6e1578f37021170a5594dc0910cd763a2ba2ef7f8b3ecc1a03882ef8bac864a4e393f1fe086234f525cd3
+	C = 83adb010843d492fba3672dbbc214972b783afb39ac8bcac699419568710d74574207dc2e439bea7870c54714299cc3d6a6fe1eca9cd46
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = acc3d0f866908ef9d7014a68809e0d04eb9babc041a134ba15515afc31c340327e37243b8b48fa46dda2f41fff8ad9ee81240796a3ba8bdd436028e527cc22c7a90c1e39b0aa106c18b635ec61cf6793bdf56f8aaaf568bfacd518d56a2cde83302edc18cdb2c5a2f66588943423535411742be7d5198a642e92097879dcf31d
+** GENERATE (SECOND CALL):
+	V = e57acdefa701cdd5d46f97ddb302a101ee85c12440220b159e1ec9c3ddf2f8127858b1dc5838fccdac9b7ab65897274ca925815910fab8
+	C = 83adb010843d492fba3672dbbc214972b783afb39ac8bcac699419568710d74574207dc2e439bea7870c54714299cc3d6a6fe1eca9cd46
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 6c99ebeff732b7756170989f0b15f50253be22f3ff97ae6efd37e8ab18b304de
+Nonce = 77811f15b928b2274e9065438959dc13
+PersonalizationString = 
+** INSTANTIATE:
+	V = eb1335baf0de00bd817b27bf2b0ce4bfe3d1a0142be1fab4668f9786018f67b5f5854553ceeb75d113c559930de4189aa68892346c3276
+	C = 6a67dd3c3e8204b4ee1edcb6d3ca126a5e36befe4875eb6b6b0296df13e68185155d8544d3811153645b270474359804add3faf8a03551
+	reseed counter = 1
+EntropyInputReseed = c2566497cc7aab074d112fc9d6aca390828575f14be160ad0c9e0b15619c5fb2
+AdditionalInputReseed = 
+** RESEED:
+	V = ac3ad4c23f76f1de5857796c069372edba26583cc7641d5f5aa243a4023dfaf52f549e3ea069e170d2c59b9dcb6718f6170c286f179a3f
+	C = 0aaf948a42c31aec9e56acec61182061f24710dd10897b74d5e7267bb483e9f6c0b8fff71d8a0da69948933c92d1ad1d1a3a3cf6e08ce5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = b6ea694c823a0ccaf6ae265867ab934fac6d6919d7ed990795274b8b3170824f351d58fd41687e3ccb2ce0ec4d398f7939397da2015cb2
+	C = 0aaf948a42c31aec9e56acec61182061f24710dd10897b74d5e7267bb483e9f6c0b8fff71d8a0da69948933c92d1ad1d1a3a3cf6e08ce5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fc5358d55c043aef9f3192a58813c6038a60219c99bb4d0ae979b5e68b1ca5e57402348c3c430785aa960f38c9461aa760f0c762fd45cf974c63bb3be2dfbbca68bb89bbd9e7062179b586f7aeb51aaa0c004385259c2724a928863e1daba844e78d11f0f428069a85d71023c0dfdc933fa711be38df65a6f292630c41f46e48
+** GENERATE (SECOND CALL):
+	V = c199fdd6c4fd27b79504d344c8c3b3b19eb479f6e87714e6aa2b7637e6d0021aed4986f9d95093fb83c59ec95ea3f64e0d1c65c696767c
+	C = 0aaf948a42c31aec9e56acec61182061f24710dd10897b74d5e7267bb483e9f6c0b8fff71d8a0da69948933c92d1ad1d1a3a3cf6e08ce5
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 2dcc761a40727c66e60a22190973c4a591ce0b7e1aeb3c394b6666aba600c195
+Nonce = 8a78188be701a7a77000046a5bea425b
+PersonalizationString = 
+** INSTANTIATE:
+	V = 05b15a54d9b7c6518641d7c516ab412a9d21bc6b8951b7dee54f856931eb057828f5ad2695a91df5e385ead15a2a4eb9d7c8aa66cb9e44
+	C = 2ca2c223079c08c1649115197c6c3b61d5da6ff11611ba77095182d1714053dfb528f41a7856094b6e458418eb3130a8e1b3a850565e84
+	reseed counter = 1
+EntropyInputReseed = 5fae1d6cb1ae904f3af5999d5c1d219dd6d91e39d385ea542dc45d0602fab80c
+AdditionalInputReseed = 
+** RESEED:
+	V = 425fd876f34de5a244903d73a720f36fe5a93c23c6709c762543aac3f316a9dc020dd46c1a1d0946efc5386be57c9c74cd2f627fa997c5
+	C = 9f64aed4ed9cf966d4403c46b9632e165d7c3236be5592bbfa103da90fc74b8f97caacdbd1efdde444ad9eba02bbf588805393c0a00d39
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e1c4874be0eadf0918d079ba6084218643256e5a84c62fe92a539230dbbcde2cd48b8c923ca2d3c8c7592347ab1e25eeab0fdf4b092221
+	C = 9f64aed4ed9cf966d4403c46b9632e165d7c3236be5592bbfa103da90fc74b8f97caacdbd1efdde444ad9eba02bbf588805393c0a00d39
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = aff005ad3948f360601f824bcb3c56602c583c74280886ac8533497c4c5941924c206aef0d2c9a9618d4b1c5466d17eb8aa52ac7fed713cc0c81484f6eced984ac861c24d632ed412e266daa5072e30725415064b78458286f5ac062cfc04f80aa7614141273635724d455ac683a6a7bdadf6b5831711ad8aca8ec759f454de2
+** GENERATE (SECOND CALL):
+	V = 81293620ce87d86fed10b60119e74f9ca0a1a091431bc36303988d7ecaf05559f1cf90c00a074397dd886bb5040239fc1d0baeb69ac492
+	C = 9f64aed4ed9cf966d4403c46b9632e165d7c3236be5592bbfa103da90fc74b8f97caacdbd1efdde444ad9eba02bbf588805393c0a00d39
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 51963f0ad434671a83057a0624ccf1d3452af2ed95da2e3f30d4b0425e5cc004
+Nonce = 8af9464470cf49cf9cc206e9de52567d
+PersonalizationString = 
+** INSTANTIATE:
+	V = ded59ee015d1cce20e86903d098a26cdbbc6b0f5c184a0b878eaf479c7b1f4a659a3509c3dc9c27daab677b5909ce8d352f8841fa7bc0c
+	C = 96243403957bb8ac9f2a3c49d08de2d56bd449d999f4023b359bee8723d9bafd2d613d90792d627341d80c53f3551fb6aa98c29a529191
+	reseed counter = 1
+EntropyInputReseed = 852c8958fb77819e5f27b5902dd3a70baf8abfb65a7b2de123e29079a3b7c1d0
+AdditionalInputReseed = 
+** RESEED:
+	V = 445784639497cca378f29524a9e02d87c7a0da05ba3e5d7e344446b9310a6ff22531067742b79699059524d147953806f7abb73f5ff3b8
+	C = b75c46d15d5dbff00d6a19ddff26185c62c001f35d991edc9a4b62f02ee04738138d5c6d04a75afdbf7c1de7ebb173e5ae09a6a70057a1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fbb3cb34f1f58c93865caf02a90645e42a60dbf917d77ce1e1a1e264df524663c00fe6dea344654afea06246fb5ec7b6f2ad43075d1283
+	C = b75c46d15d5dbff00d6a19ddff26185c62c001f35d991edc9a4b62f02ee04738138d5c6d04a75afdbf7c1de7ebb173e5ae09a6a70057a1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 125db63b92d8745b668cc1c1baaf02d589ead0892e07553c9911ba0d5978490523bc29547bb597b9cb9fdb45551eb4a0cf94d03607d431f342aa9c51bb4b144304e0bb439dcdaaa6146e4b5a4e5e4db3d8f4408a63ecb7a78190f46de6a5021f30779fdbfc1b6fb30d09facb44f816525cb4cd0ae52f1c34331f9a7d8fb39c1e
+** GENERATE (SECOND CALL):
+	V = b31012064f534c8393c6c8e0a82c5e408d20ddec75709bf2c27505c00e1698455e7e4835ef96a9cd74766c3ab228adadb07176e7aac23a
+	C = b75c46d15d5dbff00d6a19ddff26185c62c001f35d991edc9a4b62f02ee04738138d5c6d04a75afdbf7c1de7ebb173e5ae09a6a70057a1
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d8a6ccfe26a34a23c429eb071325c3c7ce61d98e394bbad48430b579d36fdc1e
+Nonce = 42966a2aeb8036bbd17adf1023dd0452
+PersonalizationString = 
+** INSTANTIATE:
+	V = ae559d237c4b29738292ca112506b60c0458a6c5568d9d29d73363fec957ecc2bf02984411546a2d4a3148207fe2c5c48b47958e877820
+	C = 38a0265b0ce6fc1426e576431c19adca3d842cf6812e00c76068521201db11a24c430cd6488295a2dd8e60d2e052dcc6e0d503d54967f1
+	reseed counter = 1
+EntropyInputReseed = 4fb96f592abe27e6ad3429caf5bd63532995b0b6568e713440f611a1e0636230
+AdditionalInputReseed = 
+** RESEED:
+	V = e89ef4d10d0ddbf5003b976e861b3d7eb283b35a79668e0088934425d64c000cf3ed9748463ad0db4f1ce389ebe43a3bb620200ac4d9e7
+	C = c2d426d89fe0414cf1b0c19c2061124a966c3f2b59ecc9f0aec93fb45b5b0f0b776b54bbf5643a0372cb285be2b581f93513fbcf36cc43
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ab731ba9acee1d41f1ec590aa67c4fc948eff285d353583a11cd6bab9d82061626755b7ca8f6f911b78072a07cfe077b79e24c787c403d
+	C = c2d426d89fe0414cf1b0c19c2061124a966c3f2b59ecc9f0aec93fb45b5b0f0b776b54bbf5643a0372cb285be2b581f93513fbcf36cc43
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6a65c6c23e1d27ef9900d4e901af70292c1ea7e2d9e0215c01318f8ee3af542e2fc14773e6e80167cfe0e27a73572740683e0a9d724691ce64ec595dfa205b888f4bc77ed0cedb2519cd915360b91f38b1b07189054422a25ab38117267ef6a63cfb6f5c11f068721e1e715f2cc6f18371beef8963fc3df40936df70584ff5e3
+** GENERATE (SECOND CALL):
+	V = 6e4742824cce5e8ee39d1aa6c6dd6213df5c31b12d4022fd18800dae2862c151a0db671cac70982949cbb2eab1ba2ab6344da9f656298f
+	C = c2d426d89fe0414cf1b0c19c2061124a966c3f2b59ecc9f0aec93fb45b5b0f0b776b54bbf5643a0372cb285be2b581f93513fbcf36cc43
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = f861825d554217c7316f9bd4d5230907504ac5fae35e6f36dc05bcaaa2785580
+Nonce = aa0cd27ba96417a2b3f13a4d6036a97e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 344eda6bd8f2fe63c85536b4cd578b5ee0e9954a290c3ec7458ae9fe555ecab6b7128fe2fd2df0c860a26ee13dcf5a6fa439cd40504dad
+	C = dda3d58730e52375186212b840dcc3cec752b926afba7ec41f95b162877ac2876226246aea4d7a7464efe8fc5c8919c1bce6cca69b3bcb
+	reseed counter = 1
+EntropyInputReseed = 9ac2065743e447b3c5c7dd34533174394a1ea98f60a41e027d2975b9be27d485
+AdditionalInputReseed = 
+** RESEED:
+	V = 1a0c3970cd41d6f48452fb3f70530c5b90970c0e059ea438ae7cb0c5ab6cee9029d1b479ab11c3f2a29dd77b8b42043620597046792a6f
+	C = 0cd495c7ad0cf76fbb8a5abe6a66df8aac9e932fa7adbe5d20ff7faa20c9c5cdb075f4b29860718037c7f6b6680b7734643b0fabed9bd9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 26e0cf387a4ece643fdd55fddab9ebe63d359f3dad4c62df088e19246a9e81dce829f99fe138cc2ae0a0b3801657003b3350e9cc1504ed
+	C = 0cd495c7ad0cf76fbb8a5abe6a66df8aac9e932fa7adbe5d20ff7faa20c9c5cdb075f4b29860718037c7f6b6680b7734643b0fabed9bd9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3bfdce23fa2fc655471347efd94eeadc3ab386970353c75866b2d4b500c9d862f0b6078e75558fed46a8a77a61c5c1611c4212f700faed05dda39c35259fbe82455f3cca08e92ea20d1403eeca6da8101a478826c9d0ab6f6c30feb58a468a9c16ee965efc37f44b950b132168a2034825bdb123c6eb603443b842114c5db0f1
+** GENERATE (SECOND CALL):
+	V = 33b56500275bc5d3fb67b0bc4520cb70e9d4326d54fa2201c59b5b9a0e76ad2b05d82e845aee52c4531245732df5c0261dc14d24fc114e
+	C = 0cd495c7ad0cf76fbb8a5abe6a66df8aac9e932fa7adbe5d20ff7faa20c9c5cdb075f4b29860718037c7f6b6680b7734643b0fabed9bd9
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = c82c9468d5499633a1cf77d45df8ced069f43fa8f87c2008a3233e78d9c37fe0
+Nonce = c47c555c154decd24c0350905176c492
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1b4522f865f5333f732c90062d9920ad2514b398492c191fec47a56dd8be58204cf68f69bd2e8cf287c5d1269f89e918617e7b8a6991ae
+	C = 97576576c9968c89b10527901c43e46ce07cb658bb026194baa5c52d46956b7bbb1fd510474ca43d1d92ceec6d4073bd3e6a0f292d4b8b
+	reseed counter = 1
+EntropyInputReseed = d580d8c3a3ca72fe538093103e9f5dd4dd0032b86e2df71777a74ab3a7104cb5
+AdditionalInputReseed = 
+** RESEED:
+	V = 2509061ed59715e7a6798aced0441d34f8de3d4c079f61a6b6bc2397bd0ce5c4a79adb168cb9abd412259a860e9eee60d70bcdb3ad4d97
+	C = ab0881718228a934d44eb43a411cb97d5025962f270333211c2a3f1508e227f9b93be1c1208a5c0f71c593f121fde7639095ce8498763b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d011879057bfbf1c7ac83f091160d6b24903d37b2ea29573327772e8630219e0933ebff1096974570996c52f69d4cb6e0c1b20ae8b2e2b
+	C = ab0881718228a934d44eb43a411cb97d5025962f270333211c2a3f1508e227f9b93be1c1208a5c0f71c593f121fde7639095ce8498763b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b2aa5e232ab245caf14a60822706ca8bd8e5e181c11ddd16a18fb0159c309577c859a4ad59715783341cdce9315a6aeae3b4f12c3112f4763ab487ff86b8e3fea8f9b4136a29e4c83d3430264e8ee3e646d3eb620c67daab6a74173b5ce86080bfcecae65d11efed10c68d8f2f4dc845b75e9328756db14b197414ac4eb27b77
+** GENERATE (SECOND CALL):
+	V = 7b1a0901d9e868514f16f343527d902f992969aa55a5c90e6d0ba9e58a3ae5522622ac752a24c9afd9d5295348ba77102c04ee6ba319b7
+	C = ab0881718228a934d44eb43a411cb97d5025962f270333211c2a3f1508e227f9b93be1c1208a5c0f71c593f121fde7639095ce8498763b
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = c2ab76dae1e66b2672d567af47aae64ea5c016de1a4b473fd5b57e9595cabd87
+Nonce = d8dace830915340c26b54f08f252abe4
+PersonalizationString = 
+** INSTANTIATE:
+	V = a6ecbdd5709feb728fb9d5bcc63ec5733b67847f09ac1ab6446ea45401ab4ec27aa8dd790bf6acd73e7dd07d31dc7f2b9f9f2109d7f1f0
+	C = 0c44f3ad7e6a9458257436b3ef6f48ba8951f8d29d06829c6663e0b7f70336e952723396635169a4e8cd63cb300a6fb6275f96806c4e86
+	reseed counter = 1
+EntropyInputReseed = bfe623703aa294d199dce8858bb1b0dd5329e17410b5745770c9d900ccfa405d
+AdditionalInputReseed = 
+** RESEED:
+	V = 9bf8345c8d0262c75f3939c3423ed0e0688b66b6b28cf6a2e8821f82205ab3c2eb67b544a782112e22c1d130be3893461e34f6a9d501fb
+	C = 6df0f4e76a1a0963feae717867147f5f8271f865aa239596f7f341c6aa3845d5b302abf4d2d7c50e6b44156e789bc7dfc1a88c2204f035
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 09e92943f71c6c2b5de7ab3ba953503feafd5f1c5cb08c7117e6274c8cf51b29fc9bd62e0fd680fac7456b22ed65e513bcc9bd41b83c16
+	C = 6df0f4e76a1a0963feae717867147f5f8271f865aa239596f7f341c6aa3845d5b302abf4d2d7c50e6b44156e789bc7dfc1a88c2204f035
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f0993a1aa58bd057d61ac6fef7dbfa65839e16d8f5c738f1c73b7ede5a535db7eb1fdd6378ecabba18493261c6e67294182633fab3b33f16fcde34d05e8f9413df8dba5bde84cb54ccf5d40e34d9a9baa644dbf284c5e50e23a9fc4d55012239b21aa568b48d7a929a3332fc41cd39a116c8898fd243fbdeebea6a75f1e7975d
+** GENERATE (SECOND CALL):
+	V = 77da1e2b6136758f5c961cb41067cf9f6d6f578206d422096e05602adca702bc63b5cbd035d9cba9347e81012a55a029c3b598e960d047
+	C = 6df0f4e76a1a0963feae717867147f5f8271f865aa239596f7f341c6aa3845d5b302abf4d2d7c50e6b44156e789bc7dfc1a88c2204f035
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 1857b509195c9d17d036fd58ae52f31a733a9287f1d120336b49f96286ed18aa
+Nonce = ccf3b16552600604c5dcafe32262ddd7
+PersonalizationString = 
+** INSTANTIATE:
+	V = db9000dbb99de7d496509472a1b0ac04cd93c429075a3ed0e72e16f697185c8e080995933f2462bd8cd328c287bcd5cb3ab7f517831656
+	C = b1924c9b97ab5dc9173e44094f7eb1c66a95ef45e044995b5799acfd0bea8f8e6ba1f1e11d8d5141bcdb9bc6e2ba9f8e73e1425f8e859a
+	reseed counter = 1
+EntropyInputReseed = 2a7cba05522a4aed466d8d8df29921ad6ca0fd123abcd4c2aefac2427f5138d3
+AdditionalInputReseed = 
+** RESEED:
+	V = 40efc657748bc16225f44d67a3b65165845257f3539dcef7b66d45cf16d4cd0f554a6c69251ef94fdb8752e7bc7215080489bc6a6cd982
+	C = ba7882f0cd0f4f43380e75a3fc23731ecf8be3c52caf54422dc5d64a7add4b1d5f2f1a012c73670b0c5476d5686e16620e0bd6dfb8283b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = fb684948419b10a55e02c30b9fd9c48453de3bb8804d238886db820b1ed62a51f78593e2642918a56e3920b974cef483e5724a51b0bf39
+	C = ba7882f0cd0f4f43380e75a3fc23731ecf8be3c52caf54422dc5d64a7add4b1d5f2f1a012c73670b0c5476d5686e16620e0bd6dfb8283b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 04d562d7e51346c1a97c99413249e863380a714bf4127577ab64ed0f4c2ae956ee8d0c952dc57d3408eb8017712193a2ed123157827a18795c61d89097a9c65c543a57cc19992a3bf99a76e0523e5146fc73e651eaa0172a25e111b46d053acdf66268eebf533364d3c34e0243cc07af9fbf42fbaa6d440b4caa3a14ecd77068
+** GENERATE (SECOND CALL):
+	V = b5e0cc390eaa5fe8961138af9bfd37a3236a1f7dacfc785c919b71bacd27648ae851e8a4c2352488a69aec4cc6835c07720acedfa1c1f3
+	C = ba7882f0cd0f4f43380e75a3fc23731ecf8be3c52caf54422dc5d64a7add4b1d5f2f1a012c73670b0c5476d5686e16620e0bd6dfb8283b
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 80ff659c41bba24d949a3188e64aaaebaeed48472e6ddf448bf47646243c77f4
+Nonce = 6c26e5f583fe4de005b708fd2efd0ce7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7501409bc37380ba8284b21a084628f8578ef7fe1b42962301a7e760d780713c4eacb71634e83c67ae5d5e847c354829aba8731a55cf75
+	C = b099877e8f6d59bd69a5404df67a5043993eab9e8f277e905f5f771ede7167f899d117f1104c7e821020f7d159adff70429f5ea1f81bd3
+	reseed counter = 1
+EntropyInputReseed = 8624e708708552a7ae40ba77cf014001021422c0ca1b76b9e938a1801182dc9b
+AdditionalInputReseed = 
+** RESEED:
+	V = c13eb5764777d8f41ee1ab80e50d83558694032de038e20d7ced3ffd73f9c199d818d09dce609ebbc0e62d883921a2884e491c438f40fe
+	C = 55f8c3f2fd483de50f3e80bfcdd1b255f07dcefe07daca6c7f90b8fe56d46ab5b07df53e09c5986b07f891e6063a6c0d29b52641621945
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1737796944c016d92e202c40b2df35ab7711d22be813acaf6725627bca1bb5ebf0c1f2b0b411049d7448dacc3fd534d83582600cde36e9
+	C = 55f8c3f2fd483de50f3e80bfcdd1b255f07dcefe07daca6c7f90b8fe56d46ab5b07df53e09c5986b07f891e6063a6c0d29b52641621945
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bb598bb7b5defacda8e746cc3a0a20b17408ef34deca100465a595c2b48f05c2d9ef18759fcc9f9ae9fe5eea9e4f4fe4e0c7910a41ee244831bdf0cc3af038c2cd59bd9c2e73251d1a0596e4265f01b2caa3f5f34be5b2b97e76039d88df34d6f4bcb682a51e4916b0bd2e54cee1c6793cace49567555370395813471a7a549f
+** GENERATE (SECOND CALL):
+	V = 6d303d5c420854be3d5ead0080b0e801678fa129efee776b3767e5ab1c31dbb8aa05cff5036f2d321eb60a20802dcb337ea9ee114d927c
+	C = 55f8c3f2fd483de50f3e80bfcdd1b255f07dcefe07daca6c7f90b8fe56d46ab5b07df53e09c5986b07f891e6063a6c0d29b52641621945
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 4a86d4bf4804eeb1479b1b3ba7492d23560255d2e7eef27b0d9e73a911bddde2
+Nonce = ac67981042286ed3832ec304bae1912a
+PersonalizationString = 
+** INSTANTIATE:
+	V = 57c939a1139f8b82617e71ea04d76204a48e1020b54949276bccf4bc1f2c425d3ea11621ed7b15b464170e4f4fa1908831e08e8ebe0be6
+	C = 32914d0a2e4eedbf522f2434d7b6f4565264d1446809bcb47a3f29515b63a890f311ec004a0a1a4d3d6750f4436461ab0a758d57adc512
+	reseed counter = 1
+EntropyInputReseed = 9016df4b3ce764d001ce5dfd4aa0523619d0f03e3a9ac1ec028600fd5eea5960
+AdditionalInputReseed = 
+** RESEED:
+	V = a48c46648ae617357cdc861654294997f2355f57e3bcb4a7f08e5fbd08929793f9e54c9026a36ed74470a026e53312960cd8abcc160863
+	C = 1aa81b9f3f2ac2113bf30232a3c767734e49335a66f21170dae1cc88e9e4d484b9dfc013e967da0478700009fdeb2edc582974922697dd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = bf346203ca10d946b8cf8848f7f0b10b407e92b24aaec6c3669c05da8e0c315db20ef76a44b7ba897ce2002c263bfa7067f7db03c3262a
+	C = 1aa81b9f3f2ac2113bf30232a3c767734e49335a66f21170dae1cc88e9e4d484b9dfc013e967da0478700009fdeb2edc582974922697dd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6bd1308e623ce1163153e833296b89016272b2c9dc59f5ed21670d0ba78e03c80cbb5b24f1ace88053b9c62e15196d30f21990c69eadfda13a7645d3b1510ba67c55cf56fa9686055817cb2f87b61741bd82eace80e033e8152c2bc04c62f311f9ce7046c6d410abc448bca13dfbb7b89d900cf6ffd5c454be8667845fb349b6
+** GENERATE (SECOND CALL):
+	V = d9dc7da3093b9b57f4c28a7b9bb8187e8ec7c60cb1a0d916dc07e54ba6bca4396f31836b05f1330e309a315aba8ef5a2c573410b5a7a01
+	C = 1aa81b9f3f2ac2113bf30232a3c767734e49335a66f21170dae1cc88e9e4d484b9dfc013e967da0478700009fdeb2edc582974922697dd
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 895226215f6d276564914b6772ec2664e69af692a7fb936c9c436688edbc62cb
+Nonce = a9572553b6ae846c3f11446333b9bcb3
+PersonalizationString = 
+** INSTANTIATE:
+	V = ec06910a5803724b7a367371988937a2a07f42fbe5d4ad9d8bfd12729dc5b7c0d58e05f1dfcd4997e57f59c2e3df6030d9bbccd9e80a60
+	C = 3bcedd0f77abf9735acf8c851fd77bd9dddd3e59f1ee7540d7e3abed565519ffc8f09c6be3fb5e2cc8aa9711baf77280f4be734ef7c8f3
+	reseed counter = 1
+EntropyInputReseed = 9bb8ef32f07c50c777be034f97f76b4ff43f20a95c21a22daf46aa1832c23bfd
+AdditionalInputReseed = 
+** RESEED:
+	V = c43b83963dfe44cba5727e0b90546a59e4f5bd030c13c2d191e93a18f8870253397d5582cb7ba935699ce1396ee4d64d5cfe5f731d949d
+	C = 1c1c04baf2ddec3147915b338f8b9e616cbc5d4ead9e661ca314a957b98c6d26c3fe3ac0af04b6755d673f14a2eadb206121d4ae9dde3b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e057885130dc30fced03d93f1fe008bb51b21a51b9b229d2e2d428bfe34397aacbc5bb68ddbb609baf230cee7e1efb3d350743467bf94f
+	C = 1c1c04baf2ddec3147915b338f8b9e616cbc5d4ead9e661ca314a957b98c6d26c3fe3ac0af04b6755d673f14a2eadb206121d4ae9dde3b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 936d0951f038f4d53fcb49aad0986e3ff208a035096653dd6f87d1d1d121fb57204b950e645caef58fdb6d96ba736d3f3a40789f6435d49e3173aa8a9ba66bd177c33b280ac77b2ef499f138109bdfeca97680d4256e526fb2487a5dc28c2834c3decd7b7c10e5bb59a7e6eee0b2cc2775a8e91af5513b52db755cc7eddb33f0
+** GENERATE (SECOND CALL):
+	V = fc738d0c23ba1d2e34953472af6ba71cbe6e77a06750909270c35685a5153cfb3034c85be2f3518999e5ad2fc996a923f2a0de18c27073
+	C = 1c1c04baf2ddec3147915b338f8b9e616cbc5d4ead9e661ca314a957b98c6d26c3fe3ac0af04b6755d673f14a2eadb206121d4ae9dde3b
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 62841da5a07dee3586ce0226c8b459e23ad4d7d3d7a0da93247344e74e237a79
+Nonce = 25cd414fe4484589fe3df8cdfc24259e
+PersonalizationString = 
+** INSTANTIATE:
+	V = 8a80bb236b03b6ede9f0315e5cc7cdc3927ff532ed65c5959a1ccc858f662572a722683a6d71060a2dacff52b2b46b72e7879b542a3728
+	C = 7798ffafb300b5d649083257d0cf9d1ec419e2f35472757948dfa1873a9326cb5c6e04bc4aa50d830ca33a6b99f623a1a09f44e0ea2075
+	reseed counter = 1
+EntropyInputReseed = e95a49a1df44253238865442cd27ca845d880339faafcfbf09c5bae7fba5d799
+AdditionalInputReseed = 
+** RESEED:
+	V = f6624ace16e4835ff02a307da17a27bbd224a4da63463a2c5828c7e66ca1077535d571770170882e226fd3a109e517501e6d6b750fd368
+	C = e455b98b011007aca6198acefbb796dc72072f38d03a1ffea3c396f5c5c068cdabcafed33d796ad4dc6364ede35ab49ea207cbb5cd7a39
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = dab8045917f48b0c9643bb4c9d31be98442bd41333805a40747ba7ab34a9b4265a7dd0902cdcfcbedb465a44c28583781e000cf7d114a5
+	C = e455b98b011007aca6198acefbb796dc72072f38d03a1ffea3c396f5c5c068cdabcafed33d796ad4dc6364ede35ab49ea207cbb5cd7a39
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 86e91fdc329ee8fe0719c46752e25d37c3d6da4d3683851f48591a38589e647ebd49fe085ab398fc6f16c82155065a807253517fe77ef75cb87967754f6ebd9c126f349af535d298554006231196d4200d3e1ca34ca13e9b65745942e376bb0fe5462e0f08729575a95a41f61dcf12ce164fec57695896dac585e62c348a29fb
+** GENERATE (SECOND CALL):
+	V = bf0dbde4190492b93c5d461b98e95574b633034c03ba7a869701b48c3a0e7153cc87107da3d3e3ea53dd9560db77b0cfeecbc6d982e935
+	C = e455b98b011007aca6198acefbb796dc72072f38d03a1ffea3c396f5c5c068cdabcafed33d796ad4dc6364ede35ab49ea207cbb5cd7a39
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = c6459fc24d16efd98ea1576184f6ceb8fde99607439e6be01cf1dfeba7736d28
+Nonce = 59b8f385c48859f4cbbca3451478950f
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2121de4ecab926bf8ddd103e34f25a93fd1e7f19fcf225a0511ab8e7002fb20ee855903a3677e66767e8c98aada2a541d4e3f1fa869880
+	C = 95a5649a9985be5f900807f6dce4ae4de36e4d4351d3724d1b044c7a3b4a652ac2736b31117f70d4b46668887b832e21eb34292188f64e
+	reseed counter = 1
+EntropyInputReseed = 555b190ba0640288ae5d68e2bfd96901155a9f06c030aa7c018356619b79e29f
+AdditionalInputReseed = 93038592b990da2e5582027597cba54dfc3b4023a5ff92412a6f73da8e403a88
+** RESEED:
+	V = aa09fbe2734746b974e029e9667fe8fd1cec19c34d071f3272cdf9e740558c05e0b5545ba4024388b5990856e84e890fa7e04da532c138
+	C = 23becc62c0f126b03202d96167797174d48a261acee8410b79d1535d8aa05e1d052ca9c68293dff5cf6e1d4d940d555d8049e026cb895a
+	reseed counter = 1
+AdditionalInput = cdf79d3444b9d1e98fd60bbc7447b64583a43e36dfbc9a5c8ef0278a631e601e
+** GENERATE (FIRST CALL):
+	V = cdc8c84534386d69a6e3034acdf95a71f1763fde1bef607f4088e078156ad821a2ad6625a7cd90106b1773985fceff6dc0b580e0773fc1
+	C = 23becc62c0f126b03202d96167797174d48a261acee8410b79d1535d8aa05e1d052ca9c68293dff5cf6e1d4d940d555d8049e026cb895a
+	reseed counter = 2
+AdditionalInput = 3a596bc7bf1b155506eeb8c69d6150548a193074043eea984c06d2c98d25ce2a
+ReturnedBits = c8d8e125665a4595b2eb534228916f3c1f01b1761d1aaa7cf32fa5a3a0a5c44091d0164a53165267544e87222d61acc7bb26ea5f29c3d0a0dd4658b846bc5affb985a3bc4ae295258324ab2ae0fd64dc2c00698dfc27a33a02726b6a3ce6d1b388e8e379d7fbf6db1caa8f4081333efdb21c2d0def4d93f1b135345ace9c098e
+** GENERATE (SECOND CALL):
+	V = f18794a7f5299419d8e5dcac3572cbe6c60065f8ead7a2894737dabf132fa7dceb8e717c2a1de47ba085745a81f97783aed4a505ae74fa
+	C = 23becc62c0f126b03202d96167797174d48a261acee8410b79d1535d8aa05e1d052ca9c68293dff5cf6e1d4d940d555d8049e026cb895a
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = d2173c09eb854a133e89dd81678c68cc85dd2003b99ea77c4fa77f2d9be3e899
+Nonce = 1f176078a2ce0942a9f31227135c2028
+PersonalizationString = 
+** INSTANTIATE:
+	V = 181ca5ecd3a31bca0bda2ec98ae13e86adb25f024132d7c5541344d0e12824bdc011a37f98436006ef238a2a73f962a9fa15ad4bacf59d
+	C = af338ba433583b91a49b727243c77bcd9786aff1f5d64bad5236e973d3b2afd0dd23412e68f8485d310eb1a7b404fcea5ad769acbfb1b3
+	reseed counter = 1
+EntropyInputReseed = 2593228c39c25ff12c9508f815293e4f789982904e5562554cf46bd6f50d12f2
+AdditionalInputReseed = e37268b35cc3b9e7a5c880206e3b4f29aa88ad97f1d73f6d25d723b2e1dd699f
+** RESEED:
+	V = 31ce043ac3262c8321a62125c4ba0c2f592e85b0f7890c41d6138ba060de25e1602abe0a791a8cc4fce0222d4053979768afa6194c22aa
+	C = 7e3af46d6c798dde13c71ea1c22db89dc383141f080a03365310db1fa4ccb999fcfe353e40894d38fa4fb2f79085bf57a196a7b5cc959a
+	reseed counter = 1
+AdditionalInput = eb56828207b8168b0a81287dd3a2920e24f3b8117f93569a9cd9a4a56c6707c8
+** GENERATE (FIRST CALL):
+	V = b008f8a82f9fba61356d3fc786e7c4cd1cb199cfff930fb94921aadca5be706a64cd77a67612e699f9744e1caa7c6436f8285ef2c4ccb6
+	C = 7e3af46d6c798dde13c71ea1c22db89dc383141f080a03365310db1fa4ccb999fcfe353e40894d38fa4fb2f79085bf57a196a7b5cc959a
+	reseed counter = 2
+AdditionalInput = 39787e29f5f784aa3ddb61907f40dcc3b950014001e7a82aee83474884449f7a
+ReturnedBits = 5ad84381e8aae0c0d2dbc22b6d64d7bd4c562e11c32ce039a38748977d16bbb7a42dc8953a9595657092bc00b13b9460271e87955c94acadce868561e63384052a109b20ff427290df3e4eca90eb6d156845367af0a5cfdbe9b789d8d303bd8812514c52a6020942a934719900cee3a025dcd762761b352b43b55b3deaa9c3fb
+** GENERATE (SECOND CALL):
+	V = 2e43ed159c19483f49345e6949157d6ae034adef079d13eaec213c67e6cda7e3a0eef1a642746fb9cb536d75a43e86c882604526855187
+	C = 7e3af46d6c798dde13c71ea1c22db89dc383141f080a03365310db1fa4ccb999fcfe353e40894d38fa4fb2f79085bf57a196a7b5cc959a
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 3ce860b2f263f5a3af097d593b20c8b9cff355222f61c3ca2d061f4758a152ed
+Nonce = 4c6962ad0cde672679f1173cb7d44fd2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 1d75b85361a308d06a12331a5f86ed81db48b061954d4bdc0b62ac2ad3509f31ab41847675aa28e9383e0392985e77e548b5ef085e6a4b
+	C = ee7956daa6731385bcff9efc7b019096790bce4d9d373afb74c86f5ebc3aa8112daed042d13732e8e2d825e9ec3d7f3687ad230918cd3c
+	reseed counter = 1
+EntropyInputReseed = a24e7709d56eeec0f170d3e592f48fb597a90223cee1363d32d11dda1f9fbaca
+AdditionalInputReseed = 103e9e06c95a3d9e91d4a526042b46505fef7337a690d7183651018f952721d9
+** RESEED:
+	V = 57b741a877af13c76b9e1733fdcebc06f7b051e5f4de639861009fab542e8c42e2bdc718449477ca1195053d3453720f17553fd3da909c
+	C = 4056245d6939cc10da4150b90eba544eb9a9e1d95050e8985e0cd0f187d366abd1df3507968761ceaeab6b7d4383a42dcbc792c8880b59
+	reseed counter = 1
+AdditionalInput = 123fd5cf3a6e2112f63468a1879be42d27ea961669c8116f7b1c9a4decadc42b
+** GENERATE (FIRST CALL):
+	V = 980d6605e0e8dfd845df67ed0c891055b15a33bf452f4cd395082c43fa95f83434af902c426d32ae59b2e9265dc395d6bfa83164347309
+	C = 4056245d6939cc10da4150b90eba544eb9a9e1d95050e8985e0cd0f187d366abd1df3507968761ceaeab6b7d4383a42dcbc792c8880b59
+	reseed counter = 2
+AdditionalInput = 35ee851801ffe045ee4c82e1301b5b605847dadb486ada41fd10a14c3d44045d
+ReturnedBits = 01120bf339fd23c7a57416de328fecee0c6361fb662542991c29553a0d1343f868138d49e53d4af69bdf193b89e47aa7ac0f2f78c8220bc959df79199d2b7c2d9de2c3b9c777b274e109df147cc4355ef5e4091f278010e489ecc37e244d5a977f6bc24d06da5ef4b8a99a2db18f10e6f644c38a17a2314870e4c7a7a5c9dd64
+** GENERATE (SECOND CALL):
+	V = d8638a634a22abe92020b8a61b4364a46b0415989580363d2b07b690545b7cc07f7ad921082ed70c1f13e4bfc2918f33aad27ef909b3a4
+	C = 4056245d6939cc10da4150b90eba544eb9a9e1d95050e8985e0cd0f187d366abd1df3507968761ceaeab6b7d4383a42dcbc792c8880b59
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = bcfdf9e3fb3dd96b72f754d1534dd90ce58f0ad9dc523d7b48ab8309108ffc68
+Nonce = f17887289f63c865cb1aaf7aecbde562
+PersonalizationString = 
+** INSTANTIATE:
+	V = ac86e2fb65a7fbba767ce974fcb143e935a831309c982b75b929629c4140cada5b59454551da8a86086b456112f07a48f23021cf27f9cc
+	C = 89d3d15dd0ba6a2f3ab50acd57c20a61b468a2e991cb37a1564b6ef6c938133797fa6a42cfe9c911b546bc97328493580a8bc35a740aaa
+	reseed counter = 1
+EntropyInputReseed = 0257a1ccf267e1e59bc6230433eac9ec1694f17fe7ca238f15bc1d67168bc352
+AdditionalInputReseed = f01dba143bd6ba1e4102d01f10cddf868e99e4370247ace6f84e723f7cbade2b
+** RESEED:
+	V = 29f042999d293cf834bcfc1de2fce2f1bbdda308f4115e5ccb839c4dcd6bc324a5ec23a84c2210334c375307dd65ba71fc598197460c0f
+	C = ab1b7f71d7e1cd23919b3522a9912679730921c8f6834520d0cdc2d1b00777500db4db54e851b194879f5cfe8360b7e51fc5c326dd67b6
+	reseed counter = 1
+AdditionalInput = dfe5632760b5ecdbfc05b55df014f808ae690aa2bdff172e5effd79cf429aa15
+** GENERATE (FIRST CALL):
+	V = d50bc20b750b0a1bc65831408c8e096b2ee6c4d1ea94a4e94e2a256550dd20d832ad8b5cf3481954a88f0065a3869c5d99fdd2b650c412
+	C = ab1b7f71d7e1cd23919b3522a9912679730921c8f6834520d0cdc2d1b00777500db4db54e851b194879f5cfe8360b7e51fc5c326dd67b6
+	reseed counter = 2
+AdditionalInput = 0fcda4029ad1f9b16bc3f0386c6ef897f446b5a4c5604ae5c50b38b4f2d77e82
+ReturnedBits = d855ee23bc14483f4c2b5ef44ac3a3510fe6fdabe721e5dd143fe6c20362ceb72008aa5c2979f5c2915640108acea7e0dcf0f68f5ca85830cd7e42085b3b3e994109c094beaf7798c4e68b01dc23d1c3e60fd6ee5c243545d6cfc98712edc4a0d188458095646fc126c7dec1a5888dc107ff4de9ee1afd2d5db04796d3ab4178
+** GENERATE (SECOND CALL):
+	V = 8027417d4cecd73f57f36663361f2fe4a1efe69ae117eb49fd3044f74a57f899a72cee29b7ab6c6f4f138bdda2ccda09eccffe25e92bed
+	C = ab1b7f71d7e1cd23919b3522a9912679730921c8f6834520d0cdc2d1b00777500db4db54e851b194879f5cfe8360b7e51fc5c326dd67b6
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 31cbe4035a5d5162eecd529b074e34a8b22277790734fe2ee68c2f71c96c5d27
+Nonce = d5bc85ca6f4e60eda148cb6d1185c492
+PersonalizationString = 
+** INSTANTIATE:
+	V = 43826f1dfdc873def06788338a98b0332dfcd2f125077c74df061899c7ff94d24d17a3924575bf7b0309c130063e5e87fd6d3605a224c8
+	C = cfcb02053ab054a8a97adf3b264dd9559a30b1b31ec6d58a7287bf32199de79fa522714b9b0f3013a4e21d1d16c9fde5344a63a55c058b
+	reseed counter = 1
+EntropyInputReseed = 6a80886c428484d51616a95205bb4efc9478fdb3782781461dae4999b35d012e
+AdditionalInputReseed = e525d6cb638c62d07a8bc984ab10f224a340e0b9f6fe60219a920dd55b2634b6
+** RESEED:
+	V = 5af6ac8e2eb524465efc23795d9f8b57e10220b1a19d8825865e3d9e23823f5a4cd364b6913f22ced6faafa6aefe49d22bb04e80f79b88
+	C = 7c97ff66ece83ddc0004ff5fd447809efcfc6316742e03df78ab203abe220883188ecfd7c80e0c8d242d09cb411cf6ebef4a50678a5545
+	reseed counter = 1
+AdditionalInput = 05240978d5d7e812e0f626b6e45e469cb1eb0a3e8410ce38004e2dfa74a368cf
+** GENERATE (FIRST CALL):
+	V = d78eabf51b9d62225f0122d931e70bf6ddfe83c815cb8d5e95c68ba82c735597ea474cefbee8dbb22cbbf3af4b6b557da591e10ea7ff0f
+	C = 7c97ff66ece83ddc0004ff5fd447809efcfc6316742e03df78ab203abe220883188ecfd7c80e0c8d242d09cb411cf6ebef4a50678a5545
+	reseed counter = 2
+AdditionalInput = bd8ccf4665d16dd9db5ffd1f740007aeabdbee09fedd16561afb7b8e3ce5e318
+ReturnedBits = 991120b7e87b711b0299e6c23c76910f3c57227db8337f445a650d697bcef9aeac8937148cc67b9b48797ff26dd19ebbba3bccc8e06760e54ae887263f67ab502d7abf3db52cf3808091493b5a7786ad2332fccbd1dd6ff321a68a11594ad85289accb95b77d6ef2cf294d291395f77bec6d1d600592bd2750d7c0dc1eb56db3
+** GENERATE (SECOND CALL):
+	V = 5426ab5c08859ffe5f062239062e8c95dafae6de89f992385b0ef620cff1d72e1519477913f6d257026b5283346e55150ec9533d9e9415
+	C = 7c97ff66ece83ddc0004ff5fd447809efcfc6316742e03df78ab203abe220883188ecfd7c80e0c8d242d09cb411cf6ebef4a50678a5545
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 01380a06d4e6b9204780f2e3e2fc1ab8ce98de026be812093fcbb887078da6cb
+Nonce = 2478d63e27769fabb9738d971295a872
+PersonalizationString = 
+** INSTANTIATE:
+	V = e8d7ea4ccadffbbbfe9c786f9262a99691ba07269eb1e3f426c77247ef263334851e8aaa9b9d18ead1119a8a00678d32422d2bd74c9280
+	C = 1d73b5df0a77be6ea029c495adf1d45926a47dbe096955854e6d5468e754222f3431c37157b1da67dc1ee1e3690c823365231dcb6dfbed
+	reseed counter = 1
+EntropyInputReseed = 658bc7b3b4c4b8ed801e60084070844a5aa9aedf8a5bf5ae9323669a989e8bfc
+AdditionalInputReseed = 537d50ded11a08b9b307cc92a8d5f5ea5016802e9bcad955d163d2141c6e37b0
+** RESEED:
+	V = 8d2dcf0ec228b786fc4f5da05155a55cddff59377947233c6a103264e73ebbe0777a400aa98c961b4cc3291f51f2bd0c8201d79e7e4a73
+	C = 97a1d16268bbfdd26e4551903193d344618bf7b9970b176da2f7f065d1d0e1ee5a5824f04de29df216a734e8e8491d03b5eb6ffbd1b7f5
+	reseed counter = 1
+AdditionalInput = df2b057b19a9e3239d86bb120de2a0315fb3a939441cf3bf31b8c1ff9108ab12
+** GENERATE (FIRST CALL):
+	V = 24cfa0712ae4b5596a94af3082e978a13f8b50f110523bcd886e2c9ef5358e6374729e870465728215fd0fd14d8b33fbf3ee70fa0446ab
+	C = 97a1d16268bbfdd26e4551903193d344618bf7b9970b176da2f7f065d1d0e1ee5a5824f04de29df216a734e8e8491d03b5eb6ffbd1b7f5
+	reseed counter = 2
+AdditionalInput = ea7af84983224c69b23429f762393dca9daf24f2f64ede5fa9e382049520a734
+ReturnedBits = 26604f664c716ab90da0c79487fea6ca115b6b3b73d5f7a93eb0fb82b5573b008777de9a53c7c3ed49014b64fd30d491346da8fbbc78d604093b6aa816aab748618e17017c95ad2d1e1b87e6da2db2d225a9f7e7a9ca9f3955e82591c08953817ef80e559880b0a6e02baec2d557759fbf0ee3d06d3f03c02e2aaf86b764c363
+** GENERATE (SECOND CALL):
+	V = bc7171d393a0b32bd8da00c0b47d4be5a11748aaa75d53965e09deaa5c63dcaf20fd4824fa95d470f3bf0a4c99ce47de66cfc4e942a925
+	C = 97a1d16268bbfdd26e4551903193d344618bf7b9970b176da2f7f065d1d0e1ee5a5824f04de29df216a734e8e8491d03b5eb6ffbd1b7f5
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = de045f9ec302685a69bbd044142f2fccf85e394a1f3e7630a96f9490c6b44806
+Nonce = 209cdcf3829425a2797e2aea9cbc1767
+PersonalizationString = 
+** INSTANTIATE:
+	V = 90a072a7c15cb3fd6c45215489f44dc758b0df19ab1ece8028a9614b1df143c674e976db38b81594116a5b8978fc85229571e4c8c38e44
+	C = a79add7f8a93057960d68139e4e8e4a508687f7af5d11ef37768ec69b82f81dc0bb172ea586eedbba46e85cbc43cdeb023338b62b39372
+	reseed counter = 1
+EntropyInputReseed = ad9676020bd17670d483b3fca80f8b822f10adf2670fd382bd316dfaa6e233df
+AdditionalInputReseed = f592b78e992c0b8d3859b64fca9759faedb54f1dd773df303efefacf32c1e60e
+** RESEED:
+	V = 4615ba2cddc3b3fd40c233ce1d889b1e45cd3d468aba5860db58c14f557abee2af1e206eff9498e79ddda83b8fe7a35ceca8663b2c0f35
+	C = 738e9ac673b1f7ae1cffb7aa1f7c0921aa7df917c566c3ddb952978c91d4ed8f487f1ccaa5c3495358e8bf678b35e9b7a9ee1632995e58
+	reseed counter = 1
+AdditionalInput = a18f3415cb73269abd47873bbb1013ae06adcec23149d3f51bef64b93fa36d76
+** GENERATE (FIRST CALL):
+	V = b9a454f35175abab5dc1eb783d04a43ff04b365e50211d33e79f6b12085bed718a5b2568830affb938c041bc94f7018b63669e8a14c074
+	C = 738e9ac673b1f7ae1cffb7aa1f7c0921aa7df917c566c3ddb952978c91d4ed8f487f1ccaa5c3495358e8bf678b35e9b7a9ee1632995e58
+	reseed counter = 2
+AdditionalInput = 59d6cdb465b33050f9a4993d1f03b3a063f28da64f0eb9d779c3f4a6dd4d10c5
+ReturnedBits = da1c652e69afabe0245244a71682eaed5e34ac72eb3241c182aaa443141e453d396ac5009b56dc75bb01874dd8eef864d7638d01a55d12bfca276c1e2b7125b411fde8722cb4098ee639a1c8cb5f6f160e710b777781396982cbc80d74dee74f7a395097a6882bf60343f99de4d20ff8f30fa1832643ca74f7002a57be77ce57
+** GENERATE (SECOND CALL):
+	V = 2d32efb9c527a3597ac1a3225c80ad619ac92f761587e13ae4287192147991e54d248557ebd2af6ced6882a6da47cb6df4c93049ea709d
+	C = 738e9ac673b1f7ae1cffb7aa1f7c0921aa7df917c566c3ddb952978c91d4ed8f487f1ccaa5c3495358e8bf678b35e9b7a9ee1632995e58
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 2fe25cd9b9a4e558ecd860df4636db6f5a9619cacc4012dd0f82e3a1ebe59bf3
+Nonce = 96cb549e231ff8e40fdbdf26fc814826
+PersonalizationString = 
+** INSTANTIATE:
+	V = 3fb01c59141baa584fd1a1a6c0920abb32a99247364dbd07561ad2f0cdc9da3a6180c6d02ac18ec7bc4e8ae5535f7926813c139a7e777b
+	C = be663027fadf483608d56bf1d248e8ec6f13e5400d2dcdc3fdb63a30003b3ab494a0ec2b93ea9a78e5ae9e98cf2a501aff2565ebac0b9e
+	reseed counter = 1
+EntropyInputReseed = 3cc4a2a6224b91f1c5f55978b98e70fe260e1d29d4aec227497f12584a55d733
+AdditionalInputReseed = 10e7b6158b558492143fc9989baa8f0a78438c257570888b6fd9256469a84c6e
+** RESEED:
+	V = 745f02570f006ce57bd1c17bc789319aeacd9beb65ae08d15215912ac544f9fce9665e2ef0cae8e6f86f51029f34097f04dc184b708e98
+	C = cefb2aaf4acfa19311faaff12b0121288ad6fac2390fb089b080f761b82ea46eee796890365de0da05bf42020baf361d860e445a8bb3ff
+	reseed counter = 1
+AdditionalInput = b8485695f4271f75573438069c76f492118cb879a93dbb3ca3f600a94eca5e7c
+** GENERATE (FIRST CALL):
+	V = 435a2d0659d00e788dcc716cf28a52c375a496ad9ebdbb2818b8cc6ee45a177d3fad091c62f2f24bc88ee1760401877427cd0fab87c147
+	C = cefb2aaf4acfa19311faaff12b0121288ad6fac2390fb089b080f761b82ea46eee796890365de0da05bf42020baf361d860e445a8bb3ff
+	reseed counter = 2
+AdditionalInput = 791bd7ce4c079fdbafe283f8b0953e42e6e78a61f11a1870cb8f2b7e1926569d
+ReturnedBits = bf5387a560cc18098bfb7550410389167b73191f2a9f8cf7e74517f5364a053af807fb693f9fe7bcc3638b2aeb75df2b2456bdf2a9d93ea64cd38c1d8fd11c6f769dce41f4451ccb4ae11e5eebf34dc44ff860ad65aeeb3083d11a70aa4de3add3531fb4283fe6ca8aaa99540440956c15dbcbfd21ee7ed48a4e7644a1781052
+** GENERATE (SECOND CALL):
+	V = 125557b5a49fb00b9fc7215e1d8b73ec007b916fd7cd6ced3fffe49f5da2480c1bbb91f418b9cc1d91b3f8e72043343335ab41aedfb77e
+	C = cefb2aaf4acfa19311faaff12b0121288ad6fac2390fb089b080f761b82ea46eee796890365de0da05bf42020baf361d860e445a8bb3ff
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 6e5cd43a7b6da4b5843ad6ae639a220d49ea3ac5acf686017420d695aa3b1cea
+Nonce = 81c76941e1014bc7d083e8c957005f5f
+PersonalizationString = 
+** INSTANTIATE:
+	V = ccb584ce8bc6d23fe25af159c2d61512974205c042c21b20f37788651f7de5b6633fc92836bb6345592ea3f41ba8d5063c96422a62f31f
+	C = ac4cf88178a911ae4608a8b0bd9b17665252163df3af0848a3c10e1917d4c626bf24829fe57ed1a41252d4cbc857b358ab6ddf5411ed8c
+	reseed counter = 1
+EntropyInputReseed = c41e40bc4b38ef522fc4c8246718abedb720acfbfb6b0a714097c6d4995f2556
+AdditionalInputReseed = 20f310c8330d6dfa40569dc2eae38d2960776a94a4f83351df11d5e18fe7bf8f
+** RESEED:
+	V = 35c8b618cb16c6e399a8d31ebde7dd0578127470b5c5b34963c96838b414215ed98b868500b338aa9773432e21fbd805ec514dfdb35084
+	C = ba6c01f1dee1d2587e9edcbb27e269044a612628a8ea229694851353d7a1fc2b307d5c5153b51372c3e9d01770b9d9e406d24fd133e9cc
+	reseed counter = 1
+AdditionalInput = 0e18e0a12638ef9d939dc37d352f0d97e3c6880aba367cb9421ede15ef257b6b
+** GENERATE (FIRST CALL):
+	V = f034b80aa9f8993c1847afd9e5ca4609c2739a995eafd6ad176d7223619d83aaa47e42495ac7fdde489813f76e7e3f36fec864c5afda4d
+	C = ba6c01f1dee1d2587e9edcbb27e269044a612628a8ea229694851353d7a1fc2b307d5c5153b51372c3e9d01770b9d9e406d24fd133e9cc
+	reseed counter = 2
+AdditionalInput = 2a9f0a1d263e7ac1fcda048c3192f1f7bde55c7ca0cb646884f5a71a9815c325
+ReturnedBits = 9d01efca07bc85fa837d18b926196abab358a4ae6a601165bef19d465fbc6322dae0766c930ebf35f438079de283f325d5242a90d6cc587ff6185f43bb035260b4680ecd861cdb9a1014c49d6742b47129e91b7b53349b6e9bfc31a34d8193b00a9402641d5d14aff1548c1a8f4ea89076450ff547e75d4ba2c2b4b33783add5
+** GENERATE (SECOND CALL):
+	V = aaa0b9fc88da6b9496e68c950dacaf0e0cd4c0c20799fa8eadf37482d4c7642cc9a7000cd38a0d8979d29f868bc936408d8f04de7e4138
+	C = ba6c01f1dee1d2587e9edcbb27e269044a612628a8ea229694851353d7a1fc2b307d5c5153b51372c3e9d01770b9d9e406d24fd133e9cc
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 51c5f7e4b6bdce7c34b98d0b68de8d1ef8063d7a5240880bd9cf8c37a22ba55d
+Nonce = 35da4528f042387e6f61d4b98be5f4b1
+PersonalizationString = 
+** INSTANTIATE:
+	V = aec236ad4c667c9168f5bafd5dc0f53092c788093314fa97cbc25b528038322a47300eba8a3c94ec63c268d4099efe0de2f0a2c55d0086
+	C = 60dc204390b779e95c8e7d07b01ce17c7d06c1cc47a268ff1a16d8d455175b6be984c7aa061694bbb9f3c76029b4911cf33de7e2711368
+	reseed counter = 1
+EntropyInputReseed = 1c717013d06aa17c2d6a6c46c45d969c8ada1b206a31220ffe47ecdc1bdcb115
+AdditionalInputReseed = 9ab7930a1b0c7ddd3899e7dd5a32755582617619e87704349da1f9d9694d13f6
+** RESEED:
+	V = 4bd8e4b33d3df6c2ce826de11761c476bd62040a6e1601807dda6c77d0e5808559f3368d8f3dc1238ca50b7d2dcab1ed4e82c83b9b77c5
+	C = 290a4e446662cec8bb9f4b80dfcdfc8c9b9f97352f9653dba81f4a7f454c162d9bedf3befcce355a4ce9a1cafacc33a2c6b5c2b593779e
+	reseed counter = 1
+AdditionalInput = bfaab1f4664f781c027bb56d0279de1c371441b5266f1676ad3a4102847af13b
+** GENERATE (FIRST CALL):
+	V = 74e332f7a3a0c58b8a21b961f72fc10359019b3f9dac564408af45cf53419add2bb21ed50b4967a013e46bec3aff80e85712754e65da4f
+	C = 290a4e446662cec8bb9f4b80dfcdfc8c9b9f97352f9653dba81f4a7f454c162d9bedf3befcce355a4ce9a1cafacc33a2c6b5c2b593779e
+	reseed counter = 2
+AdditionalInput = 2ddb00a1a10303a4874bf775d3bae7fcd4891bf422a4714555364db99be91df7
+ReturnedBits = 4c1c145123ef0cf2506119bf4225d27ca46eac126041146475d89cbdcf7196d3ef02057844e3df29ba6d6a0b97fe8c6372bf434b9b26e25d44870c84765a4d10138bb6000ff169fe49fa3c7b35f7d01bf9bbe90cc1ba2e1db42c9181202c6cb5f53573972badfc002254e4f6313ffb47a1933022620c1039a29bde67536047b2
+** GENERATE (SECOND CALL):
+	V = 9ded813c0a03945445c104e2d6fdbd8ff4a13274cd42ab585e70b86544a51de48a3772fc7f2811f589281be7ea69ae84ed1d8bac4e4cae
+	C = 290a4e446662cec8bb9f4b80dfcdfc8c9b9f97352f9653dba81f4a7f454c162d9bedf3befcce355a4ce9a1cafacc33a2c6b5c2b593779e
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 8abb492e8bdfcb7ba83b54f3c09f7ba72b8eae9c673879d92775ba8b44ec8845
+Nonce = f0d87e1b58978c0b1e8c906ace08c75e
+PersonalizationString = 
+** INSTANTIATE:
+	V = f5503a5c5e13eacebf20061525309612136580b4049c44db0684c169ad4016049af2a273dec3c21979d4114472c6468435601891031c77
+	C = d2b133ccef4360f61a967e0b7de69ce0674354ea0d69b3ac473f228cdf17287b7ff25b18e19175048d4913cfdf8af6b8e73a142e82266d
+	reseed counter = 1
+EntropyInputReseed = 68c42ff47bb9cda08ee18e6c56bf4cf9425427fd02dfd7456bd6991c61d1cf4e
+AdditionalInputReseed = 93c3a1c58f3830779e723fdc62e6080b9015ac9ad9b68a302b67c8c7d18a3c98
+** RESEED:
+	V = dbf0e48512e1c1474ac9489c6f1ce95689926fe8a97d6568900b317dce7b542307ab308fd02d130a75dc62a24ceca45248b6397f8247bc
+	C = 0ac834381c86bcd79f5ee046452dd1bae20057d675c5f2ac7206a53668cd333850bfaa4658190af5074231b470b2ac73192bfe084eecae
+	reseed counter = 1
+AdditionalInput = 46f585f7585d1ddd16468fcb3e7da1730b29cdcfd52c384296fd6e5f73acc136
+** GENERATE (FIRST CALL):
+	V = e6b918bd2f687e1eea2828e2b44abb116b92c7bf1f435885279d011612376a6eaa17d0cfc5b9750f315cc0086a88e5980420bb0bc416af
+	C = 0ac834381c86bcd79f5ee046452dd1bae20057d675c5f2ac7206a53668cd333850bfaa4658190af5074231b470b2ac73192bfe084eecae
+	reseed counter = 2
+AdditionalInput = ca7ebe30b97625890b90e46688a4f1dcf73ff1229813f44fceba83766eb9e4b3
+ReturnedBits = 04e664f4fb24bd86bf0f23b62b7feaaf38e4f8b69e5e5dc84f6697cc774f162888fbeb31f570ca371417a139d6c0e2b85e5e1c1229b3e9dabf1880c59f09fa093313220d3e42e14edc898ea5098836a817ec36c3337ded4b921efcdf31dad02efebf67628656f38fd233b196861f02e1f68dbc059f38665507d9ffe94f9289e1
+** GENERATE (SECOND CALL):
+	V = f1814cf54bef3af689870928f9788ccc4d931f9595094c1ce9dfdc853c2ca094b35840529784288b701e830cfa650d77713d7c9534d08d
+	C = 0ac834381c86bcd79f5ee046452dd1bae20057d675c5f2ac7206a53668cd333850bfaa4658190af5074231b470b2ac73192bfe084eecae
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 086d91cb27bfa15f19f116a361f5d83ac7f43388416e1a39a6a185b2b44ba05e
+Nonce = 620250b21970267967625ab5bd6cc6b7
+PersonalizationString = 
+** INSTANTIATE:
+	V = 7bf0f9fe3e12f56a9f3e62bf723239f666aee9eb2f8ffb731cd7fa59813281ca1156ba12ef1e907530608054e46241cb347ddcb7949bed
+	C = e8c5ed0fbecf1328c700aa34b43f7574632c2ca58a86e3a911a0c030b6e7389eee1f672f34bb084eb2420c0131974d0cf8a8f3233948bc
+	reseed counter = 1
+EntropyInputReseed = db89e435b7045e1e783f2ac139c1c09aa900c5a1cc9403ba960bab8845109ae0
+AdditionalInputReseed = 36ff00966df30bc6268f9bb442074e172e7f8884a6d325f12b38ed4814baff7d
+** RESEED:
+	V = dd15e6422d17dd51e1207430075de2357bef23ba97331e41219f47378a51b2173d40f6c56fafa4c29327f898c8f6583177e6d9ae3ac725
+	C = ae1eaad6751ec5000b2aa21f993b2efb3596071333360a61c892be5bacd797ed5821ec1209eb32be014c686d41807bec19669bf52136bf
+	reseed counter = 1
+AdditionalInput = 59b90de7a0a66fe37d19493442dbd9b4cbc08d3bc16c152e688bcb76d14415dd
+** GENERATE (FIRST CALL):
+	V = 8b349118a236a251ec4b164fa0991130b1852acdca692a085624c8e00264cac45c178af41fde6e97ecac56374b1c8c4adf661f1aa35ea4
+	C = ae1eaad6751ec5000b2aa21f993b2efb3596071333360a61c892be5bacd797ed5821ec1209eb32be014c686d41807bec19669bf52136bf
+	reseed counter = 2
+AdditionalInput = 276918fd0662f3b7b8c389e5e807fe087d89484caa9ae36f72a625f8ec36b965
+ReturnedBits = 42a82cc0fd84f0f62e011b46d01e63d963db55e1ea644ba8078b97d12b0c732cfc77f97cc98e689dfdea4cbe4501df5e150c674e18067168ea1f8acc3e6fd4c65254a6136d0f44b0e4f26bf13a923c7668bf72f0efd58f09191ab6db611b26fc25108e19956c81a2acca3342bb3e51bba2977f746f29a3dcfe5a42816a67aef4
+** GENERATE (SECOND CALL):
+	V = 39533bef17556751f775b86f39d4402be71b31e0fd9f3544d668a8f3f8e45a64fde040c7d52affb91672644b1df2b17929891424d46cb8
+	C = ae1eaad6751ec5000b2aa21f993b2efb3596071333360a61c892be5bacd797ed5821ec1209eb32be014c686d41807bec19669bf52136bf
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e760d8db7bbc295c110b44fc20e1fa8c1b8249c2ac6ba0ef8d6f267e7d29edc7
+Nonce = 85d5ce77c26c78fb3c723924766b5624
+PersonalizationString = 
+** INSTANTIATE:
+	V = 99e2550289d78df9b701e2ffebe542d9c6c171ddbacc6b0be9f3a858e9e0265c3b2d884307e9ef731fdd074688000ddbd24f3ffdbb21d7
+	C = ccac62b7a061c07cb12030f39ecc2dc9ae6635ee22b3eded67ecc6cc2ead616136622a39cee02745e6a2a833867656450aa696a03568cd
+	reseed counter = 1
+EntropyInputReseed = e2ee85112f2eec91568627795354c735c76d2b2811797705ad0757a41f357c30
+AdditionalInputReseed = 78f4fb0641638260af2984a4266bdd8c1e6633873e5542b0373d5af8c274e007
+** RESEED:
+	V = 61d1f26a892cf529fc19b90c2c26614e46345f36a858bb506ef98331d1890214b2875ef308658bda1866f192497b2383f1908e3bc1a1bb
+	C = 189b0af6dc8eedf96b83629bb650bafdac908daaaecaa0471c08cee6c8a7710bce13e52e1a3c17d6c3dd1092b7c83a3971f68457e790b7
+	reseed counter = 1
+AdditionalInput = f34ec4cac5b7aab2067a4101b94a3bd2f911d6fdde660a91e00f1a122119a912
+** GENERATE (FIRST CALL):
+	V = 7a6cfd6165bbe323679d1ba7e2771c4bf2c4ece157235c3ac9fa7a0610590253afb93d14099c66d8762ff740755c3db5ef35d831409e3d
+	C = 189b0af6dc8eedf96b83629bb650bafdac908daaaecaa0471c08cee6c8a7710bce13e52e1a3c17d6c3dd1092b7c83a3971f68457e790b7
+	reseed counter = 2
+AdditionalInput = dd6aa5996ca270ca6f326258333aaf9eb1eac1d93bb0752062b2abfd1281109e
+ReturnedBits = e6dd0f5504974cd26f30a470ad8ab985e2175e16aff43bb88937dc52c2258aed6706b17e7599d152b0b29a5cddac8ee60c052017789d65d797d87a3d7496504d840954bb5adfb55317140821507e7648c8baa7ff0b56ebc89ba6d602e07505b0b2d84070a2a0291388bcc8ef112a2bd3fb62849e9b9cd78651dfaf1bb46b0978
+** GENERATE (SECOND CALL):
+	V = 93080858424ad11cd3207e4398c7d7499f557a8c05edfd97e456c565ce9d341642edb108f6865f1a69f516e500c501d4dbfd48b294acac
+	C = 189b0af6dc8eedf96b83629bb650bafdac908daaaecaa0471c08cee6c8a7710bce13e52e1a3c17d6c3dd1092b7c83a3971f68457e790b7
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 821a0b06a6276bd2f30f2c2bf4c1f6a5d890ad15bed9532e7e4eb16caf75395a
+Nonce = b1e0a10ef01853213185529e66d356a8
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4b32ca307a734494edce4b98bdd7ed9043c7f72eabacb843eb258214b2603697d50f4024202dbc3591b8c707c6f28a9430a32e2c156e5c
+	C = 02929d4c9de3a8c2b710d05f0589acfdeca9ceae606086e12e7d94a08f37fdcc80e881186014f0c6bd9feb589895c57c1f9c4e5ee15824
+	reseed counter = 1
+EntropyInputReseed = 0d9142bf9931b2648f73164261ca35dc76c357e74ea192c7c7dfc1f40cfaa459
+AdditionalInputReseed = 10aff5a45d9782fcf72ac06a54784062e0b9c9bf152e1df62d2d379ab3aa7bd0
+** RESEED:
+	V = 08c5a89e3bfdf00d2f4e8a3488d77af5fd04fc801e3dbb246f5638a69f2d7705ed9c1e2e9ec35f9aae645143130d4dbc92f900c2adb866
+	C = a744a2202590887c351e719f478300ba027fab6f8923edc612e34033ccbdab630d48b72f64089cce42a916d7e80922a31814dba1cfb220
+	reseed counter = 1
+AdditionalInput = 7299f152f8bf9da8c2adb5e0a52d0bfd9e23f462aee1e2ac83f43cc051b6b34c
+** GENERATE (FIRST CALL):
+	V = b00a4abe618e7889646cfbd3d05a7bafff84a7efa761a9dfdcb89a3d892527f5a4511ef361472bbfc4595df1208aea7773538d549a0854
+	C = a744a2202590887c351e719f478300ba027fab6f8923edc612e34033ccbdab630d48b72f64089cce42a916d7e80922a31814dba1cfb220
+	reseed counter = 2
+AdditionalInput = 1662a5d55d065b90b28920370ca49ce4b05bb83648596f062357462e85f8405e
+ReturnedBits = 9dfae8b06118af28bbf322ff756781b78ea2f76899bd35272fe7c121f7c079bbedc970e388fbc7e66c4927b0c15967ba92cc9dfaadd0d8413665b3a58b0d739d5173fefdff08c13198c94eb9de0ce56e9c4f4a6544b48d189c4863e179f55f34bcf2bf19641c5788cae8b9ce2b5ee35683c88fdb1106440f49696aeeef785004
+** GENERATE (SECOND CALL):
+	V = 574eecde871f0105998b6d7317dd7c6a0204535f308598ca030d9f1f78bf0435faefe743f841ba2364609030d4363399a2e323c8f4c1e7
+	C = a744a2202590887c351e719f478300ba027fab6f8923edc612e34033ccbdab630d48b72f64089cce42a916d7e80922a31814dba1cfb220
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7337406ce4eec1558eadc3ef4c7b4660548f7cbc090c108c50bbd38bc2e97a42
+Nonce = f28b2a6e2aedb2eb379d7a96e7fa60ed
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6e0e967e399bfe831f71a211dbf694e6e0be7b71b4b4b2926392e1c012a8fc2d9ccc50b62accdf82f5e6b1e1cc6c837b9169558a38030a
+	C = c72ed0ec3c41ebb0e6031ec7f109f95bb2cb9ace4487bf79a456b260480abaa58652db9f84fff311cb2b9b0525e20a56ccd3640c52096d
+	reseed counter = 1
+EntropyInputReseed = cc152703d86f756bceba560d2d838c81dce9cc65ba4784eecfb2e29bc33610d5
+AdditionalInputReseed = 4ef77988cf1f8d76011cc0d6a4aa2d0bceddc40724a33db3f79509911ac8ee67
+** RESEED:
+	V = edcf34eaa38d2a2d09d95fa048919cfe5c67b3047dfeea81bed7bff93164c00f19768e007a39b0f128106401b092dbe79bcfad30f4e0b0
+	C = cb02cfa0dd1534ebc8d583879c0027dcc6b8ec2902b3ba25a41bd0c53da10ca3a24d97ab0c98e053d978a81feb9d544ddaeed0b7793eae
+	reseed counter = 1
+AdditionalInput = 0bbbdb5aa6c597ab9180d833a4ecec0b022c1def899a9e4b4034e5757b9a6d2d
+** GENERATE (FIRST CALL):
+	V = b8d2048b80a25f18d2aee327e491c4db23209f2d80b2a5eeffeacd4201fddfaf709851af366ee3f05bb7e4c861c99b88d2d38a38f789b8
+	C = cb02cfa0dd1534ebc8d583879c0027dcc6b8ec2902b3ba25a41bd0c53da10ca3a24d97ab0c98e053d978a81feb9d544ddaeed0b7793eae
+	reseed counter = 2
+AdditionalInput = ea89752756e74844ea372d3e6f729ef6865527b2979e44ffbe1a7975667b12d3
+ReturnedBits = 61d4a6ad51bc7f4dbf52e6d9b52f2335a6e542a814e49723d3a365116bed38f39a9636f0f16bd4554fd1a202dfdef71a40c51b1e8f93f76cc4622c4336465493a8c8fe5f7f152c9901e65ad83c5857166180b72c31671beac8f45793c57c763718cefb036db2832760f8a6d961b9c9b04e0fe43178e4919d4a5a24dc44a1bee6
+** GENERATE (SECOND CALL):
+	V = 83d4d42c5db794049b8466af8091ecb7e9d98b56836661418413d3db7e2af49d6720ed86fbb0f5d3d361e0585a5cfa74467983131408fe
+	C = cb02cfa0dd1534ebc8d583879c0027dcc6b8ec2902b3ba25a41bd0c53da10ca3a24d97ab0c98e053d978a81feb9d544ddaeed0b7793eae
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = bcba2cbc1c9791fc89f0ab2dec2b11a5b7e9bd87cdd88e305ec70c0196f10c0c
+Nonce = 0511c10d243ad7e4d5246d3a757910a9
+PersonalizationString = c1f18c48a62bea81b6e261aa7514e9127714d3904bc9a64b8153290e428a1b77
+** INSTANTIATE:
+	V = 5beb664baa7e239d2eb973e926a08fae91c21e424d0e82b15cb3613c49ff4e1f734d8be2e610fbf4138e29d08d3a80ca4c2b23f59f140f
+	C = 93030eb526950b876f238cc8b36849bbd7b6f45b1be261f9da6b29aab5ea82fc5a9467cfee63cfcd985c3daf8fecb16558dc611ade38c1
+	reseed counter = 1
+EntropyInputReseed = 50793585a0f3bb37d15723b0cc18d8680c8624ae38309625719fc919503d90c1
+AdditionalInputReseed = 
+** RESEED:
+	V = 3b9fcfe126e2140570d5dfbb505be0c062f4af5af2e14d4a07f4222b78ff95f5582d4fadc2ca093e1ac608af53a5b1b6851310c02d0ce4
+	C = c596069f1c7e3d4792b7ca823ce16ced51986a51770e0c1e866bfab763e93553e6d3285adda78f0a898100bb91f095e69bda8e5711d7b3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 0135d6804360514d038daa3d8d3d4dadb48d19ac69ef5a06cb133e777d4c9f500b60d56ffc0b4233c1d155abdf080d05cc173f291bc277
+	C = c596069f1c7e3d4792b7ca823ce16ced51986a51770e0c1e866bfab763e93553e6d3285adda78f0a898100bb91f095e69bda8e5711d7b3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fce8160695400a4552448232bec1f45a3a8982d919d4de6c7431c46aac02e15ca9ba3cd7a2c0dfd9f73e27f7b6608cb87b186092d772569ea406e3a9562b3af58c9cd3fe7616df45fb2fa5060da0b883fc26dff6fc76896226b1bf9c7f784947754e3652bebe97fc2455fc36b3b694cfb9f37ee51790eb5e4ed3d5ff155393a7
+** GENERATE (SECOND CALL):
+	V = c6cbdd1f5fde8e94964574bfca1eba9b062583fde0fd66ee6833a64d98c5128360dfbab268324afeb7bd5ea392491193cef74fbb428ec3
+	C = c596069f1c7e3d4792b7ca823ce16ced51986a51770e0c1e866bfab763e93553e6d3285adda78f0a898100bb91f095e69bda8e5711d7b3
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 8d485c24b057911796c04d8ad40b7dd6756cf35c3ba6d79926891d9424ce8fa0
+Nonce = 344b6f28f5e83af65b2a3eabd1c5aaa9
+PersonalizationString = 269cda11bc81fe85d230d64c801eda09aa3051d6d712b6736ad4d651566090e6
+** INSTANTIATE:
+	V = d1e03b18bcc5c88e3f6df83efbc0937e35a287c93d04da3f7b9fd6d2252c9c2a5b12bdcb39ee74771a4e4c011c8ad9e3c63c0445ced68f
+	C = b4e3e17cef44fff36e6d8c177372d4ced747a36d504bfc475185127a256441e8ffa09998b274fa5fc554c67598e4dda8253b7818377ef3
+	reseed counter = 1
+EntropyInputReseed = 2456f3b2df53d70eb83ffe6e45c91233b28aff6665aee28fd665c3aa5519be3a
+AdditionalInputReseed = 
+** RESEED:
+	V = e10cacf11dee72bebdcefe205f0dd82179b3afb1cfcb97770e95f447dac91cc72a4aa30de1b6e20bf70d1ddff374e4a166d9bbc038d0da
+	C = 526c69ea80686bf18ff4b7f350f64ce3cd38a672020fc66957106ab411c857c4bacd1e2bed9e127090135d17ddd9529a43528c5e63bff8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 337916db9e56deb04dc3b613b004250546ec5623d1db5e4e1369353a7070d3c6ccf9c983eacee3013aead1c6115c6f7f0d4e69f95a91a6
+	C = 526c69ea80686bf18ff4b7f350f64ce3cd38a672020fc66957106ab411c857c4bacd1e2bed9e127090135d17ddd9529a43528c5e63bff8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 6cc3a35cd2d63e87488ab3c7aa02d16a04d672593c10a61c9760fcee4ce6f370b813c26be8b83234720493582a92b816ff445effb7448de768572836fa941e0fee5bfc4bae9726ac2c3d3b0b9796d7c706121c91e699f6b7746b88983772418bb496961aef29d168c707d779ca92168dd4922b3a1e20c273aac912ce8ce5e0ad
+** GENERATE (SECOND CALL):
+	V = 85e580c61ebf4aa1ddb86e0700fa71e91424fc95d3eb25b34c1b2b5185219d7f4a07131d969687be6de25a0d35830bb7510322b597e9f3
+	C = 526c69ea80686bf18ff4b7f350f64ce3cd38a672020fc66957106ab411c857c4bacd1e2bed9e127090135d17ddd9529a43528c5e63bff8
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = c6c41771817b5986da758c738a62466472a7e9cc72d2fed9c8dfe58f797b7fa5
+Nonce = 5b9dd666cbaf593d16c500adb1e8a077
+PersonalizationString = 5270e554dd0eb0f87800a2e90f840a46e973c8288fa97f9d7a6eaeaf253e493e
+** INSTANTIATE:
+	V = 706895215034ce06bd8e4b5e94d9ed2567d0d6e1436c8e93605bb928a187db94024b48b5ba062a906ead37c28981a233d2507075d2f74f
+	C = 764a468705be30a783a271fa4dde933c9cd0526c81155ffe27b4926de4a7430565b0b815b5df956d4bf12f1bfce87ecdcc4a4a15830e04
+	reseed counter = 1
+EntropyInputReseed = 822ba8d6c330c246c488e274659bb4ca533cc18656b9d7869f900778000c64e7
+AdditionalInputReseed = 
+** RESEED:
+	V = 0a56ddf1e601e585fcb02d24ca790b9a3ad45ff620f759ef64357c703067fe88bfb61a2395264076ba087d6eeda4afd53cfc4e101bc92f
+	C = bef125a7292be97fac4920335ec19ee1d567ea7f7d07775def84a487a3b4ce19566ae54e4057e9842e59f787994698e9b4ef860ce4fbe9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c94803990f2dcf05a8f94d58293aaa7c103c4a759dfed1c468260a45a5162134b12dfad92365407d5340c652fbc5b99c20a55fb0de34db
+	C = bef125a7292be97fac4920335ec19ee1d567ea7f7d07775def84a487a3b4ce19566ae54e4057e9842e59f787994698e9b4ef860ce4fbe9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4cf7391eaafcecef489d1cde06881b74469ff04b9b9acd20544c859d79aa04ceffd0174f7faee644dc801a4420f9d02543c0f589b048997c8d610081e31b5d1e5f1e39ba6fd515312b7ce2f006791d79e7dc02d2f39d77f276399fd7097848fb1438c2fffcf7a686221bc127df2e1cb83d37067dc329b980299d5e706b21ddb5
+** GENERATE (SECOND CALL):
+	V = 883929403859b88555426d8b87fc495de5a434f51b06492f105f1ee62ee1887049d54a0bc98cefb6a6fc2b23abf1d194f4f0b1c38cd77d
+	C = bef125a7292be97fac4920335ec19ee1d567ea7f7d07775def84a487a3b4ce19566ae54e4057e9842e59f787994698e9b4ef860ce4fbe9
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = df164f8827dbfaba39edea6a902828ab8f0dbf7d5da7002febdbfea84a9d6b62
+Nonce = 817d7b06bb08109e51ccf8fd00259809
+PersonalizationString = 1c7575a3bc41b1d08e88dc27185114094989ca4dc4bbee073a0157ff5dee0cb2
+** INSTANTIATE:
+	V = 5a6713ad4842ad07053d2f7e20f0a76406a693349fd065714f152f0e603c2f9b0e006badf4e2ee19721317b9d214b0508aa9ba9d0af257
+	C = 560560a470b91d4001ddc186f49fece6b943b57ec6120435bca642948d272668e4449ccd496b2a87882b1380184468ee1bdc10b27d79fb
+	reseed counter = 1
+EntropyInputReseed = 98f5d9d49c30cea2879ab1a6ddfc139ddd506416171b4603d8fbe52e933cef3f
+AdditionalInputReseed = 
+** RESEED:
+	V = 82bb74ccd3d7fbbe24bea7e2658a1ef0e8c24d42fac5a64473d50463f71d6c09a5e2a377411b4125a3e0a9bd11d7816fff7d772164fc2e
+	C = a94e211e7a0dae446840a9742acaa57f711fa6e336fa2a8d4eb9bb10eb475f639f57411404e842d349c3b3cc9b19b510fd8c1bfb1f1cc1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2c0995eb4de5aa028cff51569054c47059e1f42631bfd0f9b71412caac8cb3085c204b24ec103a9ce86e5f75354508e3e73a89ea7dfbd0
+	C = a94e211e7a0dae446840a9742acaa57f711fa6e336fa2a8d4eb9bb10eb475f639f57411404e842d349c3b3cc9b19b510fd8c1bfb1f1cc1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0ea237947223711f5afc5aaaa44b88c5ef1e86a7221936dbe3a358efb0888ed79392989698022cea9e8af69bc59e11291261f7739b8216ca949207e5deee6bc85b4a967a0ae858d20f9ad6d4c5d18bef3bea6bd94aef25c5c38bae9cc498eb44c6dfab61c6260df1b1e398257ae71495450753be05b15b5a4922922934685460
+** GENERATE (SECOND CALL):
+	V = d557b709c7f35846f53ffacabb1f69efcb019b0968b9fbe17fc82461352c38e9bb6bbf4247033eeb19022a5b8a8532f9b10f7cc2ccbe9f
+	C = a94e211e7a0dae446840a9742acaa57f711fa6e336fa2a8d4eb9bb10eb475f639f57411404e842d349c3b3cc9b19b510fd8c1bfb1f1cc1
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 3eb600d5090c5e9cb9d1aefaaac71164b3822e056ded343fa7e0f15cf5fb7c44
+Nonce = 9e9769f81fabd6cc68d015f25fb46e16
+PersonalizationString = 91b24a5ab0186f530db5285bed7fee1574f80346d25de312e612addfe08b3794
+** INSTANTIATE:
+	V = e289cfbab2f02ed4b86ffaae2ac9bc2fb2f54474b273f1092d8d3d5f41cade031e252d3cbed5a7832324d6ee0c24adac0a9d204a94db47
+	C = 7d6c6f761955708fb51d5ee0718ef677a304fe93d8b3193c82bd266b855d0665102e187e43a2df19b813cb37052ddb95e57048fa80fe83
+	reseed counter = 1
+EntropyInputReseed = 84c4466523ba6553205658ae9b8ba56e09aa3370009f548792341491f27340bd
+AdditionalInputReseed = 
+** RESEED:
+	V = 0559eb00b8e5672fb5df02daff58b8decd3c095b8c12baa0896f9a84eee7e6dc3d2116ad50deb4fe340fc6c8ecfd33eedc1c75316f7984
+	C = d8abf9973009a51e425cf2bb3eb90d98f7b27aa0e1aa14b67205b6d55a8f0d53d7fdb54827cdc07d97cf6c3b0163595e8aadcf404efcd2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = de05e497e8ef0c4df83bf5963e11c677c4ee83fc6dbcd0564aae3c01db20377abff18de7fc180cfeed8925ea43a120ad87b95f340c2b97
+	C = d8abf9973009a51e425cf2bb3eb90d98f7b27aa0e1aa14b67205b6d55a8f0d53d7fdb54827cdc07d97cf6c3b0163595e8aadcf404efcd2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 394f75635c7f1de32d2304a08e282c1d0e7292ad4a9955a69f0e3b60a363a9e84d39bb5ace2718b7fd10b3c8e7b500be8c6356f7e74c141c54b2628ea338dcb3da8213ca02fb19aa0594ec008a4f5af4e3bec15d2c00d7f49a1c81f7a4041213ce5d41fec11f56580f0e305f6edd2154804e0440e77a5010f7eb78304760d5fe
+** GENERATE (SECOND CALL):
+	V = b6b1de2f18f8b16c3a98e8517ccad410bca0fe9d4f66e5b5cf31888ac6d73466437053feb408a6f7369c2338a1966878882dc7d1b7d101
+	C = d8abf9973009a51e425cf2bb3eb90d98f7b27aa0e1aa14b67205b6d55a8f0d53d7fdb54827cdc07d97cf6c3b0163595e8aadcf404efcd2
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 3772974147cd3e3b00d39b1cf88a2672ab8127a5dca5580b38b94dbfae668d98
+Nonce = a7de66248f502ecf5a08769b2b46f8cd
+PersonalizationString = 9be274631fb55b81d3810cf0d2dffd4ae7f9dacbaadc0342f7e7c5472b5fd9cf
+** INSTANTIATE:
+	V = 6e544c8042addf9784ac88a8a187620f31d03c036921d94a215ae47869b2a3046ea4cd57a983ae2941fa75eeae4bedc272644670f29f2a
+	C = 3c97eb9ca0f015e3bfbac45bc0d23226dc2992ac85b987c7b40f5f60ed368bf61e8a0abec61385f16add90ea2c96d4659112c29d907bef
+	reseed counter = 1
+EntropyInputReseed = 30640862670f368d8bd86fbe59553e4619d0c4bbc4b34de8eeaf8cf952fe200d
+AdditionalInputReseed = 
+** RESEED:
+	V = e2a76cbdd848224b3b127ef38e9a1da9c85485be7b29d914dd35903e0e1d6f2d4f7309387965d5c6d2c6bb455b4149b83e48058a5ca110
+	C = f01a005a354fdc135c6386c4a277f63107c15f2c1dd050aae24bf1a1a482f648047589cc6abc4e73c5176a796aacd145004250676bf7f1
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d2c16d180d97fe5e977605b8311213dad015e4ea98fa29cfb38250260ba953a10d72a2a92df43b03bd06305b4e03e0d7d3e2bdb85804cc
+	C = f01a005a354fdc135c6386c4a277f63107c15f2c1dd050aae24bf1a1a482f648047589cc6abc4e73c5176a796aacd145004250676bf7f1
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = faff9fac229a9d5a8f8ec6c4a71385b73d14adda41cc5da2043afba5652e7bb974b22b73caac181580dae23c47f1c069001e4b81aad01c5c88d21b62480a1ff594041291c0c1ed6a8d67dc42818598de5447acc13284a5088e408d09b3bc8efc1f03a3047b4717f635dc698e1b78c5a1e2a60e80443174064d811c808521c213
+** GENERATE (SECOND CALL):
+	V = c2db6d7242e7da71f3d98c7cd38a0a0bd7d74416b6ca7b76a265bab966599b107ffbb1f5349dc41a0b84ba72ff17ce0ac4f3afda00ef93
+	C = f01a005a354fdc135c6386c4a277f63107c15f2c1dd050aae24bf1a1a482f648047589cc6abc4e73c5176a796aacd145004250676bf7f1
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = c8c12e08b3c7a4d81b6cf7a6fdb3acd9ffbe7766a8b52c657f74ca0323f36e70
+Nonce = 29ea62742851205f1eaaeee678f64b8c
+PersonalizationString = c6828c5888a769cf88d7d37863f81d726c52aafee9ab0243ddfee2e0ab69041b
+** INSTANTIATE:
+	V = 420a5a7b1d56dcaea237e53c1f7e0bf354a2b9771cacd9f18cb4416f10f2af03b49f0e9ee6b0cdc1eb82d4d7b8830646229731ceaccffd
+	C = f5543db1b165f31c2d073bcea0b2defe3b3c2993b0c3fe4b9641e27dc57415d2c73632bf4437179df41e8df82d62a80ea6e86a1b7859f7
+	reseed counter = 1
+EntropyInputReseed = 03445cac9e1a944ca07f091d58ff155e939f668c2312a06879077f7d1d21a249
+AdditionalInputReseed = 
+** RESEED:
+	V = 45bf398d20bb5997edc6ae023485c1602b8c20457c0d4a5f8834ce3ad01fd94473324df0f82775f4c442277546f22cc6849ce86a67c3ed
+	C = fb3369d5397050597bfa7a610f44608d95056bd2207a9fd879bf78173f6680c6c0f1e694d2f1142ffe9384cf30da2c0e8c9b61b00d565b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 40f2a3625a2ba9f169c1286343ca21edc0918c179c87eb10b274bb8ae4ed4eb2cd29cff195bc22f0952efa33065859a08804d2ae43c5a1
+	C = fb3369d5397050597bfa7a610f44608d95056bd2207a9fd879bf78173f6680c6c0f1e694d2f1142ffe9384cf30da2c0e8c9b61b00d565b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ddb9986a50b6c1fa4ca8b03ba89c588a6a97b2a293c1b99866a5a52d5c22ce00fb84a0eb7466607336910778c9579b41f30773ae50a93ce6a6e15f0afa42f9c485fe4dc792abf9829c498508b5df058739873b7ccc4e8a4056e4820b1b772f0ace057fb49763d5cecce49f608373b1f2355254bad081a7abd7aeac0f4364cc8d
+** GENERATE (SECOND CALL):
+	V = 3c260d37939bfa4ae5bba2c4530e827b5596f7e9bd028bdf71e65571a693665479ddd9e001c0f1e24fee1a2dc14902e6ce5e0514590f44
+	C = fb3369d5397050597bfa7a610f44608d95056bd2207a9fd879bf78173f6680c6c0f1e694d2f1142ffe9384cf30da2c0e8c9b61b00d565b
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = ee170b8bf9cf900a8dc0586ffead46fba7ed6f7b9ca219fd2cf38e80ef1086af
+Nonce = d51dd7df7e16526d9a58d21f7384a7bc
+PersonalizationString = 049719203c8691ffd613c96f3040f134a4086c54fb6f1d3befead91017fa6edd
+** INSTANTIATE:
+	V = 8fb8abccefd53ed79a2d3c2b72c985a0fa2cac3f947c9502ae23ee33ca981fc4c5e99b2f5180d81de3daf0efb3ad1399a7feae35db5c71
+	C = 9be5393f991bbf0a7acc6ea72a63398d80ddfe5490e6bd89035d4952bdb062908dbcfeb473cc27be1e9d797340c89dabaa357a977ccea7
+	reseed counter = 1
+EntropyInputReseed = a9e9b6bcbb06805e9ab1128c91c6cb86e78c88e5afa4ad7de9da3c89d1910b81
+AdditionalInputReseed = 
+** RESEED:
+	V = 279faaa18ed24c0b21985f1c59fce0fc4c947bb8c7d91015239121259ef81b1775f08ac113ebdb90113b6ff2ebf30d31bc90e831f92dc7
+	C = bbd6ebcb11f1b89d75290e7ee4fa2ed4d2b47d0b7d370f97ef2d4290ccec3a6a8109e93e596735fa299e179c044a84652994e89906d05a
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e376966ca0c404a896c16d9b3ef70fd11f48f8c445101fc2dcc2cc176eb4736474b74dee74e1e567754dc41cfc0495e8e050966be2a7ec
+	C = bbd6ebcb11f1b89d75290e7ee4fa2ed4d2b47d0b7d370f97ef2d4290ccec3a6a8109e93e596735fa299e179c044a84652994e89906d05a
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7023cb8cc3ff87b8505e88f174830722d9cf44835d26140d810c6afb27e546e4be5f6a75fef5e57d71286522ebccccaab8c56e6e07deceec4369091447ac6a681048f0a313fdd216d02323ea972b9d9f104b995b2442bb8ff42c518bd83b60df95edfb959f3133117a51da58c0a314329e7bd2485cb4646018174dbef126a657
+** GENERATE (SECOND CALL):
+	V = 9f4d8237b2b5bd460bea7c1a23f13ea5f1fd75cfc247301da8e6373c41e748e65e5e19e2a0fbfc40dca385b681e42c3f3ec314386deaa3
+	C = bbd6ebcb11f1b89d75290e7ee4fa2ed4d2b47d0b7d370f97ef2d4290ccec3a6a8109e93e596735fa299e179c044a84652994e89906d05a
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 5ef165d75a9560218b7922535b61f601c0f729a91f02e236cc2fe4a8890d4891
+Nonce = 07f0da8237e4ed2773bd2d9cddf06203
+PersonalizationString = 3c85c73fcdd1a5276a6070b1bbd5c77cc34569ce716abb69dae39457bb83d771
+** INSTANTIATE:
+	V = e91b92c553a10aab0367be06bbd81373a5f3c8dc8086de66b74eb44a6416aac76e2cddb5996d442fd7486c45d2c33c2138ef0c25cf887f
+	C = e9973ab370144fb9c3a656532376c0d74a43601952685b9e32a4ea1bdec096dff27e6ce9452cd072861e9a83f789297c16a44491587f95
+	reseed counter = 1
+EntropyInputReseed = d77e2434059b791d7b6fe36ef5e361714ca7e29be1537158564baa244768ea90
+AdditionalInputReseed = 
+** RESEED:
+	V = 9eef0c6ca7c04a082395b495f9879802ff2d7c01503405a43fbe6a135c6b80c67cb271a8c745f09fee1a077c121bb842a2ec282a88e136
+	C = e29a7ee69dd1711b75cdfb993354c945c94f1c9d01b8c9d304c686b1beb5b1d22fd5edab453b6a585461adaeafdd966fb50dcc2de9a8f4
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 81898b534591bb239963b02f2cdc6148c87c989e51ecd01ee30e83690ff167c642acde7e2be086b76bb526a33ff41c8443eb24d24ee4ab
+	C = e29a7ee69dd1711b75cdfb993354c945c94f1c9d01b8c9d304c686b1beb5b1d22fd5edab453b6a585461adaeafdd966fb50dcc2de9a8f4
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5341e01be7de7f2e80333b192c493511471c2c509e69bb8d3ab9c62e815c73893846e3efa297aa8d195398610ae7e9ac2ebb25a4dd8bb3cb0d6a847615b6f856cf3184325694bfdb17a65f48a4b91a6954c82156256a77a1701394fef38a84c265e643f74e5c810ee35cd0a95f08815ef5533e250012d60a4561323316ef05fe
+** GENERATE (SECOND CALL):
+	V = 64240a39e3632c3f0f31abc860312a8e91cbb53b53a59a3bce767b20f56524454e05d8adc26e97e72e1d4b8b9be114f9ffa803081aea97
+	C = e29a7ee69dd1711b75cdfb993354c945c94f1c9d01b8c9d304c686b1beb5b1d22fd5edab453b6a585461adaeafdd966fb50dcc2de9a8f4
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = c99a28dfb7caf801d76353d38f2fc3eb705e36e24c2af9e49dc28cf06cb1f768
+Nonce = c5281cd8dd979470e7812f271cc7a8a5
+PersonalizationString = 977d3620db131bdb42aaa0427e564406fbababc6fd39b4b67d80ea73d601c71c
+** INSTANTIATE:
+	V = 91c5550969a0a0ce4435bb26cc7e4a1364a553c607fb85a0288af44ada708da995ac36ad51a197a9cb451685c797f174216b9a624b1f86
+	C = a399be5aaf604fdf86986c7f356a77a764280f39e4cd555274b93f5d9c4f38c7e4038b8f17264d67943402832851729c6a1562b26f8ec2
+	reseed counter = 1
+EntropyInputReseed = 6f2430e12def384a0d3dfa2038d3f078954a355ac13510d27fe9c96e05087bd8
+AdditionalInputReseed = 
+** RESEED:
+	V = 70cfc95ec8c6d8dc09030c57752a57a2083763b7dac2294b62a5d050c2c9f180cc8ebe77492177eddf259a0f51422455bb76f3eb3feb93
+	C = 73cf3d0a6a90dc25cb646196f24f6bb835a038c900f87bc2e4043b77eeeb2398b7e69d6a90fe3a8521112800a926138187a8d2e6a00bc7
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e49f06693357b501d4676dee6779c35a3dd79c80dbbaa559f941621270ea873c5e80cd2ec7021a37f5a332d54fe12d43f48b643d881d40
+	C = 73cf3d0a6a90dc25cb646196f24f6bb835a038c900f87bc2e4043b77eeeb2398b7e69d6a90fe3a8521112800a926138187a8d2e6a00bc7
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = bef87a5784120dee0a650b8ada95f6ad2d39ba6526e4657789f4d50585770825e2949a5899dd2af996620d87214b26f7b1c9f6e08b2d3554b8c763b1f24bebd8739eb72db21e4d3075f239b60164e3fa51808178af384da374571a705e162ff29627cc93abe8e2df92155f7ca7a493d6f9f271afa39e6b2a6292d75ccd395972
+** GENERATE (SECOND CALL):
+	V = 586e43739de891279fcbcf8559c92f127377d549dcb321fcb506611e6c0fd79afe873cdfaf13eaba46ff3b7ba9e70dcddb51a7d466ca1c
+	C = 73cf3d0a6a90dc25cb646196f24f6bb835a038c900f87bc2e4043b77eeeb2398b7e69d6a90fe3a8521112800a926138187a8d2e6a00bc7
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 9f356b5d23dcf7c2c334ab0ec2c98b444b801f4ec033d7448b703d88347f5f57
+Nonce = 0a757acbf989cdf0ccdda4db88d6f20d
+PersonalizationString = 4dcac228a6acb4a3233ed46c3a4d3cb544fbdc187f0a56b144a9e058ca20e42b
+** INSTANTIATE:
+	V = c4515df7fa11b93b2fd1b9f79527debb7bc0c95fcf74350c1f83f384c9e1380aaedfa1fe326bc4cc7c90900873b44d74f961f6e3a09df5
+	C = a8e17e3cc4a519ffcc69c9123849bf4bfcbec235299f95f650b03b6c9712460024ed5c4707f5f992e65da7af47376974f1a91358de5d58
+	reseed counter = 1
+EntropyInputReseed = e782988929133e80977e9aab62625c14cc047a3588bf191456883985ef536680
+AdditionalInputReseed = 
+** RESEED:
+	V = b0a6e178b34c0757b7146759d09327b13a6fc55266de98581ca9c5d1e837597432a9983a8188eec997c7d9e0efed410743471a40611ec1
+	C = 1511db16395a74ee42b644606fa77b213d91eebb3553c12e24020e83c7a43c832869d262bd5c9a8bfeb398ec5097562642c41d6cee652f
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = c5b8bc8eeca67c45f9caabba403aa2d27801b40d9c325a2ec3411dd7bc4e6082158eadd1c2a4c4dda56969aa9a9c6232b48e494cebb736
+	C = 1511db16395a74ee42b644606fa77b213d91eebb3553c12e24020e83c7a43c832869d262bd5c9a8bfeb398ec5097562642c41d6cee652f
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4509ab3a80b1190971e2ccd5f23fcbf0f0cc12e6b5ba3b3c96dd649c98fe031e7cd330226aaf12c24fe23d9cfa5fa18fe1dd6d019542adbf17247b58d4f653da1c2370fcf63478b1aed78d3e486c1b877c8115a0c12fa1af5d8155ed90fddafe2db121ce697b869a567045e00b439359615ee909a9286e711950d62b66ed0421
+** GENERATE (SECOND CALL):
+	V = daca97a52600f1343c80f01aafe21df3b593a2c8d1861bf8c06ee5129aef6cf65f5d26b30d74648cc57a557925f687357221dd307ce7f1
+	C = 1511db16395a74ee42b644606fa77b213d91eebb3553c12e24020e83c7a43c832869d262bd5c9a8bfeb398ec5097562642c41d6cee652f
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = a6885ae6116997f0486c12f911b467b3a41b07fca9ceee9ea3bcc95397fdc98b
+Nonce = fa6f84dd2c46714639d3e9e3c9e27b03
+PersonalizationString = 185095c9192699777aec9a35fb822fc9ed77b7c1fc46490731ba857ced589aec
+** INSTANTIATE:
+	V = ffcd892bc5c30208f670e2e86a3c1216f4832e4d48b5e3b10f817b897660918459a363521a34b56c40f5fc32f0396bba0dd9b51c4c2bdb
+	C = b20bfc89556200cc0363e9af96bcf17fb73c898541dc936c456a1d33d63062b30c1f255e01ccc22fbb74e710fc752f20999f1466c3bd66
+	reseed counter = 1
+EntropyInputReseed = a6c9b8fa3a6ad4784f68541779b9b8f4838a2bc9e48adecce4c53217e9b49821
+AdditionalInputReseed = 
+** RESEED:
+	V = a284714263bfa58745f94106c9e3d0ad335a9b1c3aa0512f5ff1e2affa26ef8fd447b0dda8c8a7b0c277a7c4b7e6a11cbb5e22f04671b4
+	C = 00c340db72de3f8ffd52fb29690d2823685bb07780923cc1466e14f09d43a53a2ed51bd9dcdc88cda1a1a0991ddacd0fb86859d6a654e3
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a347b21dd69de517434c3c3032f0f8d09bb64b93bb328e00f4f259b85e91fbf59f87662ab40da217ac2c26165d026da3495aa43cc08681
+	C = 00c340db72de3f8ffd52fb29690d2823685bb07780923cc1466e14f09d43a53a2ed51bd9dcdc88cda1a1a0991ddacd0fb86859d6a654e3
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a893f83897c001291e28c18c9c5ec588fad08842aa6c22db5863ba80bbeb923f79b7bef80cb0144c0da02fb6d372a2fa13c9ecf00d4415e5a734ee65eca5446c21cc8982dd75429abbcde6faec27d4e3a77b0f621f30ac92d06fd1b7b22d2bf8a8750051b3863187357067e6cbe3c599b50b0ed7a2da50ae6427a2f147315864
+** GENERATE (SECOND CALL):
+	V = a40af2f9497c24a7409f37599bfe20f40411fc0b3bc4cb46e1103c18cf8485506cb5bc845a0dca7da90ba6915e02d36459d04c2738af9f
+	C = 00c340db72de3f8ffd52fb29690d2823685bb07780923cc1466e14f09d43a53a2ed51bd9dcdc88cda1a1a0991ddacd0fb86859d6a654e3
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = b2e60639a237f6e6468cee8b64a420f230a870540cbb2e0e8e415ce0d0bed2ea
+Nonce = bb25b808a5f94bc52ba593a256b8a6c8
+PersonalizationString = af61a7d32f27d9867ee92a4bd29457131f965e05bc1463a1d40844b3542987f7
+** INSTANTIATE:
+	V = 5f918e0fda911f110be5a45f8c7c8da419566b7524c5fffee970fd597ccc70b295ed9aa67a7e8ee07172775de2df5e3464fb2f612f2fe5
+	C = fc8659e45185f814b71ae8d8e0dcd470e129f2fee7821b28fef4e4c2bb667c41a5e6b77bf549f7481e92e5e5bedd6153cda07639755b88
+	reseed counter = 1
+EntropyInputReseed = 9085bae1fec7309ef65442196a4cd3eec3b62f7eddbabdb5c08911b09e1f047b
+AdditionalInputReseed = 
+** RESEED:
+	V = ef125458da8cb953242fe3c4b7ab00d99a8568d4123e967833e6fd83e60d2245b4db502ac0520306e64d7e602b546bbf706f3b1b892fbf
+	C = 6691d2e107bff1034e345ec9307b4574a6c12171081bbcfea6d62695bdf1778e0582dbbcfde8520a4457a26722d16097e3a4caac8630cf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 55a42739e24caa567264428de826464e41468a451a5a53b65cc6661fe520c99f9cb6ebf8aebcf7ec667b5d5391dd603faf12aad060985a
+	C = 6691d2e107bff1034e345ec9307b4574a6c12171081bbcfea6d62695bdf1778e0582dbbcfde8520a4457a26722d16097e3a4caac8630cf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = b3c74b8e3061a2b25887ea68b28b23c10e477246bec3a45bf4a4f1cd362ca9a8c1da7dbfd40828738e40ac0bd35692a036220e2854b03e04057c2bbed32231f7584a8f1444aedda7093cd3ea3be855e9bc2cf7a2396e3cc2e2b154a188b4dde8e337ac9b79ef1d1471f1546d74251f3842a016023abf9279404f9f899571db9d
+** GENERATE (SECOND CALL):
+	V = bc35fa1aea0c9b59c098a15718a18bc2e807abb62276119a31889104b25139d7fd9acef57918b5f511060102a77c7c559e5afe9c330a73
+	C = 6691d2e107bff1034e345ec9307b4574a6c12171081bbcfea6d62695bdf1778e0582dbbcfde8520a4457a26722d16097e3a4caac8630cf
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 1db46589b42243db6fe8ffef22b02d043b7a04dc379eff96636f5e86fe5a042c
+Nonce = d162aa3b89574eacbda93f92cda6ea5b
+PersonalizationString = 9636fd261e2ee6f7ffccd3bb614f835231a48a60234fe456140fa08afe2f593c
+** INSTANTIATE:
+	V = eefb593dc69c27218339905a9172f328d19a87048006e247064b583df8b803b2c8b8d70e93600fcc3cb9583292b367fdd95641f075d9e5
+	C = 40485a72011ec9010cb1a742ebecf811f6930290c3ee31638569426a6a37cb12231e6476db38b8895e9c43656803e9ec0cb7166bd9df45
+	reseed counter = 1
+EntropyInputReseed = 7c9c24789afc96ab44621fb37f4fed523f40614966554a27c9cbbc61a9e517fd
+AdditionalInputReseed = 
+** RESEED:
+	V = fff2439e58332ea32596aafaa819c946cfbc16c40cd47b40def0e474864b897d55a1632e1a0cdf4883bfbdc93874b1893f7b5cab6b0d24
+	C = 52b23ea81fd2d4aa5fae70007693c504785ae6aa7a8a1875442304e92ad30dbd65f23f998b8ad1935606592b01054855d98cd8f6953658
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 52a482467806034d85451afb1ead8e4b4816fd6e875e93f353c3a4ea2ca84e3f0f8992e2625cc84e4db358da40d10626c9715168d23ee3
+	C = 52b23ea81fd2d4aa5fae70007693c504785ae6aa7a8a1875442304e92ad30dbd65f23f998b8ad1935606592b01054855d98cd8f6953658
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d312c8f275bcf4637478b030413daa7a62c26253bc523de1a55bb031e15dd4ab94bc2a86fd77a2cc9028a44340d735b26e6b61883c5b3484e381bd2de4403c4aeffe43584e6f829e43a821d93f26da3680676912cf64f827b6ea05b19c9c05275cebc73989b412fadf23c8c551240d35f32ca031101e69e89d607a87935b7d07
+** GENERATE (SECOND CALL):
+	V = a556c0ee97d8d7f7e4f38afb9541534fc071e41901e8ac9989962b7c6bd428fe85c74a23c8fd351e4d9ffa5af7b7cf722fd73b1e350ace
+	C = 52b23ea81fd2d4aa5fae70007693c504785ae6aa7a8a1875442304e92ad30dbd65f23f998b8ad1935606592b01054855d98cd8f6953658
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 7b9e7545d3eb5c28fbf9e4ceae860bf77cb349ebc8aa7b55286284d34eafffe1
+Nonce = 6407fbef5b119107a72f8c68dd3d83dc
+PersonalizationString = 78fbbe340d3f64262a3da5cfe9fb4d4c78bd5d526233ed17cc00b690a3ea01dd
+** INSTANTIATE:
+	V = c614c37895f9bfd97a2961d56f514db56137179af7ef07a2eb097b1eded511fca3873da2a4a34dbe9b36fe045e84c41fa5c783010a7f4f
+	C = 3d4329c802cb0eb8f2041e19adc1512c80a26acd48552f0b26ce2ca640baf76ada7f656716c67334b7159d66d08dbb80c372076259a0f7
+	reseed counter = 1
+EntropyInputReseed = 80d6249c047f9039553d1e476b406a93199a65a7e1a8208f85592582d0f7fbe3
+AdditionalInputReseed = 
+** RESEED:
+	V = d68e5950412a49c655ccb8975baae0630067bc55747721508822711e33477010901f9c0adb3781cba15a038c3fb806e5ea49b3bbf4b353
+	C = 5ad876afbff58e444b791343bd927779c06d6ccd7624eb3c73bbf1356710f661f74ab927a407a94b7212c515ce5fc67ccf8c672696bf0c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 3166d000011fd80aa145cbdb193d57dcc0d52922ea9c0d0e3228cf03a9cdb15372b78e49ec18617fc8899aa7389bb1b60a234aadedd7da
+	C = 5ad876afbff58e444b791343bd927779c06d6ccd7624eb3c73bbf1356710f661f74ab927a407a94b7212c515ce5fc67ccf8c672696bf0c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = de398481d3df49d329d54eebe4ceb47965ae75a72d6f1603da4696268efc78349907cc63fa387f2d566d0fd0a941eb04787881b73d19524fc6471c6d66ee763e89ffa7150b09fe324cf4b7739e9ed185c9e2c81a6cefb394016493ee9ba28ddb4732cb470eef916278039b6b2bb1b317805842b89c1309c7f90960945e4d4772
+** GENERATE (SECOND CALL):
+	V = 8c3f46afc115664eecbedf1ed6cfcf56814295f060c0f92cabf546bda63594755bb32eb0e5dbb82ecda65a73ce8d6d3121617eca67a759
+	C = 5ad876afbff58e444b791343bd927779c06d6ccd7624eb3c73bbf1356710f661f74ab927a407a94b7212c515ce5fc67ccf8c672696bf0c
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 29286254b5dbecfc64744c6a97486ecffe887b644994550df4f89b6c3e268f93
+Nonce = 252d57865aa145d14ec0a1527831100c
+PersonalizationString = 5c92073f4d6de35c40dc771769e56a0029cc3ef2cbbeae5519044321697062e1
+** INSTANTIATE:
+	V = 475ff2ece681c8cec8e9802a86db5c9ace0b7793cc73c0d9c5fffc01d1b39a89e8ca37661f6659b39b54b4290a722d21704cfc7df51221
+	C = 319d80fb3f64ba38dd03acae75762e49dce61d905c268bd23cab07a9fb750969f128bbf0f775398e04c1ea682ee868ee3885a0774bff77
+	reseed counter = 1
+EntropyInputReseed = 7ff1f24b8c99c380eeb95ea98ab886cff22b8cf3808a9df36f428a020db9cf71
+AdditionalInputReseed = 2a79a7d6c8f6ac9c729c92b2aef4a890daf3bc3bca0f225fe314c215a4ee46f0
+** RESEED:
+	V = 34cdbab5605cb0655202af291ba1464fd08b9055acf17d86b6d7d68ac4d408f1d3d235f4f721e0276d7bd52d8e9ca22ebbb4a2b321bb44
+	C = 908eda1b719a05c541449b3cce79d12f81817b76eee99538a4d59e77d58b37c964128faee562cc416231a85c0758f411de18459f0c00db
+	reseed counter = 1
+AdditionalInput = 25b46bb4e5854dc4883173466f70d7697c6662220959b4ba17ed590562a6c78a
+** GENERATE (FIRST CALL):
+	V = c55c94d0d1f6b62a93474a65ea1b177f520d0bcc9bdb1403b3cd8e1abf0368bb6d6368e4d1f1cbebe9d5aca0c2f967649955d4a1eddfbf
+	C = 908eda1b719a05c541449b3cce79d12f81817b76eee99538a4d59e77d58b37c964128faee562cc416231a85c0758f411de18459f0c00db
+	reseed counter = 2
+AdditionalInput = f6d7ce0cddfc3bee16acf0f1d7bf0662efc10126f6a51dff8aa0a1d7b39449bb
+ReturnedBits = a4f62dfc15bf4decb2e0a83fbb06c2188fc83a64b9d6cb555d160ddba3a9ae9ee1bb63530c9dae6a880a27efce0c201a8d1ebecc80f393361128e89434847b1f45a8e2fd180e6d768fce8b193e62e7960b447b1e523cac6e1e48de6d4cc1e8a462b35965efcd8b382d0a8832b6b7f07839049a666a6f75d71ba563250ef1ddc5
+** GENERATE (SECOND CALL):
+	V = 55eb6eec4390bbefd48be5a2b894e8aed38e87438ac4aa7cec3c7fe37bb0a68687692aa7a4748a7878355011a1e7db52c04d34e6a5b684
+	C = 908eda1b719a05c541449b3cce79d12f81817b76eee99538a4d59e77d58b37c964128faee562cc416231a85c0758f411de18459f0c00db
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 31b481407fc52afc0c890a77b0895ad214a456e859b2c4379a5065a328d17528
+Nonce = b22dfc3ae053e47915f3c5f588f5a5d2
+PersonalizationString = 07eb0650b5ef5fefb8cbb00bd22e2b52572331e5a04b11d763dddbb8ef752b4b
+** INSTANTIATE:
+	V = 3bf96c53e8ee4a6c45424db6dbc13e1bd3c7f77aa4aace7b720250162db6a30f2763c49f893c1a37516fee39eb2f567e2f869e030a5b87
+	C = 70451a16d0cb43d9ae481260b8b7df2914fc39f1b689ba0b7d0b7ccdbe1fdaa5b2f938e7efdb625b1a34611552eb4f5a5ec87c6e930909
+	reseed counter = 1
+EntropyInputReseed = 66721dc25f73f70c51645a0bd0fbd5561f6d0e6b9a1c69464aa3d41fe39ffe5e
+AdditionalInputReseed = 0a4073b239855a94bc6bafb698b24eafacd8a54480e8c54dced7332c7783b7ed
+** RESEED:
+	V = eda3643954532cdd0c99ec88620ba872987845fbd8a9ea0090ca2b7e29b2329b81f4ec84adcf8a6d950b8261b373ea00411f501206e005
+	C = ae310a0fca847f9f64c0e6829487463cf6f8dc9d85b51b5d58075bedf0bd564b9993a7669ba4f7389c7aaf17992d6ea6a7d63542875c20
+	reseed counter = 1
+AdditionalInput = a30cd2a57417b2826d790e3da69a1c80f42cffb825f07c7c6cbe9dae35f560a6
+** GENERATE (FIRST CALL):
+	V = 9bd46e491ed7ac7c715ad30af692eeaf8f7122995e5f05b873707f415079ca9a64db942429222463c00e1d699db09f1e52ca78e7d2df16
+	C = ae310a0fca847f9f64c0e6829487463cf6f8dc9d85b51b5d58075bedf0bd564b9993a7669ba4f7389c7aaf17992d6ea6a7d63542875c20
+	reseed counter = 2
+AdditionalInput = e30cc33498e9be01e77a1f36454c09023bffa9f3d4425978410c60f9a981ac66
+ReturnedBits = 02edcf7bd1e61e9fa04f1433282674700ad3d4694ccb86b30584737bbe3cec5b6b90072c54b54ffe7c5475b98d9a592d4effcd0ce827f162dfdcaac167800b0c05ba8a2881fb8feb35b198b3f4f15f85839165477a40af324d8df207ff17e2040080c491c2cd4f2522baa08b9c02a3ba9a98d6d4a4b37c4d55689d795551662d
+** GENERATE (SECOND CALL):
+	V = 4a057858e95c2c1bd61bb98d8b1a34ec8669ff36e414223c238005e6f3719501c7f8a443248c1ca0058ffb8d6cabeb4de22e7c05183699
+	C = ae310a0fca847f9f64c0e6829487463cf6f8dc9d85b51b5d58075bedf0bd564b9993a7669ba4f7389c7aaf17992d6ea6a7d63542875c20
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 766cec7f6a59d987e3d8015bb5e68a0731f50772284abf92ae0751addafbf0b6
+Nonce = c664c1939418b5d6a9e85ed1acbada76
+PersonalizationString = f6376d81c6fd1aed4f119e78fd7ac85b8b3e8de92f2f722ab3b8d836b0e747ac
+** INSTANTIATE:
+	V = b68072b50e40639b6edb8ee2f2ccecd87971a2848842c6c9702e13d5cb0df96d2b1bb50c7195fd840cd5ad04ce8987d063533fc6c0f9e2
+	C = 35945eba752ab51757427dceebd43a5dc48758881dd38ba23f7a97c0c15d461e0319cd98b82682e8ece275d2827f42170ccb02bc584606
+	reseed counter = 1
+EntropyInputReseed = 0be7c8154df9440e97c65a2e588855b4531a073045c5014bf9984f15352f182d
+AdditionalInputReseed = b5df070bd4f7934c74d705c657eecc52cc21a57776a7ad4ff9478438e87db140
+** RESEED:
+	V = 19676c53f6b42eebc3b953bfcccaca5a636730326ab20f67093913d859ef883d7d1a695f3422c3b30a7d881e4e3c8c4ad63eadb2c2f4bb
+	C = a13aa4a569bf82a093c49da44c0476bc75f83d9cbcc0a4664dcf4e7ceff6131e12b4e50e4ceef6b093d103c124f296cad6cd40d584503d
+	reseed counter = 1
+AdditionalInput = 59f17ac9dcb7072542e149f8b68dfe5c22898c4d3877756ee88d8efefdf875b4
+** GENERATE (FIRST CALL):
+	V = baa210f96073b18c577df16418cf4116d95f6dcf2772b50b8e63ce0e9b650aab8eb83f94802db292b9fd3b4d36d35e598c1c83a59eb07c
+	C = a13aa4a569bf82a093c49da44c0476bc75f83d9cbcc0a4664dcf4e7ceff6131e12b4e50e4ceef6b093d103c124f296cad6cd40d584503d
+	reseed counter = 2
+AdditionalInput = b2503740f6ac6d0ee80e4e1817a2706f46615218a1a36350012f92c8559580aa
+ReturnedBits = e429406438a1a2a69d8593c40866ace2c78d69aa34ff6e67935bb77390625f207f7f4a52c882b0ffe3361574107002c6064ac806402135d1035c99f98618e074a28a0c302fde9b834c64d646fc06a64f1bb67f95fb09a9b83be3fc0e1296298b452f0b5f25a4927c54f6eff96aff3d804eb35f43e5798b5f71dc1c2d3f135aee
+** GENERATE (SECOND CALL):
+	V = 5bdcb59eca33342ceb428f0864d3b7d34f57ab6be4335b2d3a73ae73ac5b32d5e3036160a48d10647007ea8a3972631abea699f4ed42a1
+	C = a13aa4a569bf82a093c49da44c0476bc75f83d9cbcc0a4664dcf4e7ceff6131e12b4e50e4ceef6b093d103c124f296cad6cd40d584503d
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = fe15da4e042c27386e080f9bf17c89041a667262679107feb63fe1620a566fe0
+Nonce = 5d6ae4338524f53159a9673fa1fd57fc
+PersonalizationString = 08fdf1c42e1cd062ebf35c8aab0bcff86f3a66480fcca14f9e26e1d5ca3478fb
+** INSTANTIATE:
+	V = 6f68eb4d99e889c0a39088b33de3523a2c2ded3b984e06a3b646c622f999553d9b9b0762a8f41ad32c6b791f2fdeee0f3dacde66508c93
+	C = 31500ad6b75b9b2a00d94dfd5fb15bbd262cba8589670c97693fc6054da141cf3354d43b2b5a3a9884c1d6be0a2520efabfd66ef33d1d0
+	reseed counter = 1
+EntropyInputReseed = 71b22c246ad371259c307562bfe4a9f0b760d0f6aeb4a1d646c38a8918508162
+AdditionalInputReseed = ca04e9ff15385f0532804c2dfdffa2e209d42ac09d181b480a8b8e597a4a8ed8
+** RESEED:
+	V = c30f0a867658b661ed879235ac6f6bdc2a27bfcb0fa27d66c3ba0f403c22f047f3deb91cccd6311a672927f36a8b8601f38fedd94fa1fa
+	C = fbe755f7cfa9da3c001fd6944fe4ae5e9a1939589937e396427d9dbee32f4109c3a065e74360bf6cc336135c6a01334eec16683e472703
+	reseed counter = 1
+AdditionalInput = 2576e9b49bd406a07e15054a8f93eefa186b59564745b0a2ecf7ea91dbb2e850
+** GENERATE (FIRST CALL):
+	V = bef6607e4602909deda768c9fc541a3ac440f923a8da62375f54cbe835e921ff867ad2f79f16065b43cc506671b29014d343ecadca32eb
+	C = fbe755f7cfa9da3c001fd6944fe4ae5e9a1939589937e396427d9dbee32f4109c3a065e74360bf6cc336135c6a01334eec16683e472703
+	reseed counter = 2
+AdditionalInput = fade8e20781fb07ff9336f745ba9613df8a8315b5da1f3025c2df8a2b8a4e671
+ReturnedBits = 3ab79350f55140a43800d1789d1b9dee9d82ed27dcbbe23ca005abc94812383486f659d6c1f684897e4f8ba9495e265e9ef92f0848dfe392422bc2a30a7f6b184111ca101b7788050be96c7b39538412ec841330d4a90864e6c1a06aee2f3e9afa016e1e644361b5f158490f6db3cacd9029caa598efc49dd6425d6004fa3454
+** GENERATE (SECOND CALL):
+	V = baddb67615ac6ad9edc73f5e4c38c8995e5a327c421246e6d42f742a69265d17b8e79c512204512cccabf81cdff35ca424dbd16c620669
+	C = fbe755f7cfa9da3c001fd6944fe4ae5e9a1939589937e396427d9dbee32f4109c3a065e74360bf6cc336135c6a01334eec16683e472703
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 1763fa8e6a1138dd225a28809878fd453178cb43fd209c3f57ec4075410213d0
+Nonce = 0fd39ed27b13bb7839c734bdc5007c2e
+PersonalizationString = 6af53639c6e91e534dea38b20b602e44c473dc2b7ac14116f3710d0dd8710862
+** INSTANTIATE:
+	V = 1252c2e09c2d0cbafcff25d3aa66b32c2fc094634666d685b124ad9bc846ef361a3240bdf9b5cc6461685d124a0c90b4c446685733c588
+	C = 031cf437ac466c064cba4473e5551403af1cd19b4b3148113f85100131ac8d3396c36ae1418f716556d89fd14c973f13e9851ff7f19160
+	reseed counter = 1
+EntropyInputReseed = 4ae3f6b0b8a1c62d061239b00e11840c28bb676c1bd3b54c3bd001dd1a620137
+AdditionalInputReseed = 15be9a4c7fcaba1983ec9017cb51533ca650a1769ef46390e94d355fe1923094
+** RESEED:
+	V = 920d8be320d3859e28ac7f09c0ef7fca609264c94fb582d28b4d4bf05bee33410f2ba1cf6e9ff1972710b3007d255ba65a67953046083d
+	C = 2175ab3a7791dd985fbf6ecbceccc51b75daeea09ddb002f3eb0a374d709a0a6bfe559bf8a5a70bef6a866a82d917eacf096d70798a328
+	reseed counter = 1
+AdditionalInput = 1d05b6f8a634b958754bf644106b2b509615f958992cf5adb2956851238a84c7
+** GENERATE (FIRST CALL):
+	V = b383371d98656336886bedd58fbc44e5d66d5369ed9083ba94de9eed791a9d1286173ed2beba0dc8d23ff5df432f4c0d2d3b65558ce771
+	C = 2175ab3a7791dd985fbf6ecbceccc51b75daeea09ddb002f3eb0a374d709a0a6bfe559bf8a5a70bef6a866a82d917eacf096d70798a328
+	reseed counter = 2
+AdditionalInput = b45590876ad7a1cfe241b8091e8b1d3f421be69be3ece5896d340ecc2632a10c
+ReturnedBits = 042f4070afd8e14c96b768d2b31427174ab2dcdfcf272f03984ffbbe734d3058dbe5875db0d8a17620c6695dfe1ba30a96b4a61e4b4e7114d776dce1ab306332990a3d35b9fa58f5ad41b0319953291c6f3143e8a45c733b50cf4f022d956f2ffe036b78327793b79a707828364d88ee67b359542c8131946bffa2da0c5ba180
+** GENERATE (SECOND CALL):
+	V = d4f8e2580ff740cee82b5ca15e890a014c48420a8b6b854aa48399476b17ee7053c288b3d2e6f2ac7b071fdd9a3051a92e33d96c55ade9
+	C = 2175ab3a7791dd985fbf6ecbceccc51b75daeea09ddb002f3eb0a374d709a0a6bfe559bf8a5a70bef6a866a82d917eacf096d70798a328
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = a0d1355624bb8a7cdc20ec542c007240ccf9dfb567596bc5b17a28f6b605a4f3
+Nonce = d830f0011588887f9f5f09361102824b
+PersonalizationString = 81c4bfc93f4cbbb64ea8491c85500fa33ef14a818fcae4fdc092a00b370a1e27
+** INSTANTIATE:
+	V = fc62fae45e8bbe4f40838c953671f097256eb9407b72e51fca478a9332878e586c5da6d979bf4e391dd11a9c2057e0fed23b20f7c1fb95
+	C = 646c94ace011769b3ccad5c5e6c263f5d4131d602e27236c9038005c790b391ab7cfb1516fdf445571046218073961ecea3fb21e61df42
+	reseed counter = 1
+EntropyInputReseed = 79daeb15ff47fab92a6efdb1e63645141f795924d511c268b2b03a4070399365
+AdditionalInputReseed = 2e40d5bd44f89da04afba8765979b5aa3087fd2faa3906249cae6d5a822dab73
+** RESEED:
+	V = 88b07dcb8c09674673d249b6ab6cffa460913052b03eea3fe4422a74a1492198b5517b6a714fb3d13e4eb6c8a671aaa2716540b7b23408
+	C = 064d1de2ea9d8fb887358afeb2cd617ea7b772665d74db48465c435b3588d1aeb6cb3b298003f663b9e26d7355bc1ecdcc4cd3b873e864
+	reseed counter = 1
+AdditionalInput = b096a7705b262fffef73a94de5bade670f56099b7f5ec9f333ebee84da7a3af8
+** GENERATE (FIRST CALL):
+	V = 8efd9bae76a6f6fefb07d4b55e3a61230848a2b90db3c631e0c8c00e2cf8acdb3647ba56ba18ab3648cfee6b8a398036fda9cd35bb033d
+	C = 064d1de2ea9d8fb887358afeb2cd617ea7b772665d74db48465c435b3588d1aeb6cb3b298003f663b9e26d7355bc1ecdcc4cd3b873e864
+	reseed counter = 2
+AdditionalInput = 2b5a70169d642029eabcf1d06de0a39ceb9a41ac0f087cff54bdf5143242dbed
+ReturnedBits = e81024db1651d31d4048dc6d8bea785aef2c47aae75582488b8d681e77796eb64a3d3f0c5d876fff19b12a2f2939f49fbb0a6e709d86ebe69443c0071ba75c8c3587f2960bb2daeb78e04fe3424daeaf0c7ae3a272e4c8ae314b5588682d6b3b852c4bfa5ebeb169ef5c89bf1a935fbdd83b4bf8275df4674de54143a091d842
+** GENERATE (SECOND CALL):
+	V = 954ab991614486b7823d5fb41107c2a1b000151f6b28a23c27fa9cc8a247e5c7936d063605ef3941a16e3e2adcc006ece321a57fc13e1f
+	C = 064d1de2ea9d8fb887358afeb2cd617ea7b772665d74db48465c435b3588d1aeb6cb3b298003f663b9e26d7355bc1ecdcc4cd3b873e864
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 2504b161cd34ce441baa453fc3a2c05ee5817ac737665a5e5a297207cd4cf206
+Nonce = 43fbe12ab48c9e81c712513eeb672b63
+PersonalizationString = 4c16ecb056c492b89e8b79e5b88c7cd1238fc7d7fd65e999b37ee2d4c615ebb7
+** INSTANTIATE:
+	V = 4e7926268a0952d0a3b08cc37234520d2d949cfb10d54fce99cd90f25864ac4070e7d0b47ed8631b0ab2787d3727e7a02194390953e7cb
+	C = 58dd43c5b737d655b2eb28e69f7c108f8118a736dce2dcb97153346dfd3728c32221c90b9b3aac377a5e90dd121e13b5c6d6fe0175e19a
+	reseed counter = 1
+EntropyInputReseed = 25e54726a2d91245669ba73af2c12cbb13eb234626ad6c8dd00ebb53bb55dcc6
+AdditionalInputReseed = 539ee1e8da706f978247cd055e6a95c25199844c2b484c940ace39938cd285ad
+** RESEED:
+	V = 9f115086101eeba32d1429bfcdb7101a68bfd7b832bb027761a811ab699714aa464412b1a18f15663df3e48e5cdcc4f0972a676332fa4f
+	C = d636e0ebd06483ea50108f52faf20776b7e1c13580389f8939bea5a4eaa14469bd5f4fafc312157bdd9d7b285614bcd5f593c039028d11
+	reseed counter = 1
+AdditionalInput = 7fe2ea090f3dd6fa1ae2a55a202918c420130694e5e603f685f382fe862f9b8a
+** GENERATE (FIRST CALL):
+	V = 75483171e0836f8d7d24b912c8a9179120a198edb2f3a3af10cc9a205cb25f6685493121ed8c82425ba3da5e9dea63eaef6fc27662fcd9
+	C = d636e0ebd06483ea50108f52faf20776b7e1c13580389f8939bea5a4eaa14469bd5f4fafc312157bdd9d7b285614bcd5f593c039028d11
+	reseed counter = 2
+AdditionalInput = 1a07e403b01b72f029deabeef248e090b58f417e97111246db13727565f6167b
+ReturnedBits = c2e01d180bd3b53c0032f543e89ca6a6ee834de2974cf72079a7280b27e7976c5e4e3836bb5115152ca381330c24f46da637cd9f22ef895a5d11bf928e0734e38cb5530a2e916af4019d462a49fd3bd07a2312b95c30ad8cea1d4f8db8f230e984172266412fe5d9d268734611841064d928d23dfb8ef1335f502d0d7dde9e8a
+** GENERATE (SECOND CALL):
+	V = 4b7f125db0e7f377cd354865c39b1f07d8835a23332c43f44a68de9a2b93b2037e1f0dd01eec21407fd0c302dd8d21b2c693734c74824a
+	C = d636e0ebd06483ea50108f52faf20776b7e1c13580389f8939bea5a4eaa14469bd5f4fafc312157bdd9d7b285614bcd5f593c039028d11
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 8d2e8b33b20b9543459c5b1d4c1e156deda303f7ecad27ae14c7221b25ab6633
+Nonce = 21a991ef68e3f8d9dea0515fb20101b3
+PersonalizationString = 965d830cb8de3b3cb1f401c135e936f5bb79c6e411d552736cef1142bf45115b
+** INSTANTIATE:
+	V = 1d8a3344c94eb5288395bc02a6e56cac8c7c1dd9638305af58104271beab44ec5414092b9632cdcca0f0100b01183901c7d0e3a690b252
+	C = 1a101033fe95df5fc43e9c13a6daeef2d87e609d389ac15aae1a8eaeee4537588f30a0bb343d4eea5ba0efb1ff03b117b9cce3a87c9322
+	reseed counter = 1
+EntropyInputReseed = 1e8d7e47c22bd0a18c431e221543ce040f1210a292d639991c943b03743f9a64
+AdditionalInputReseed = ac433644e838f834fba80c54233057017d3af265ab18d0ffce885839097bdbcd
+** RESEED:
+	V = e941e5c38b192ee43f01ccdd34a0f25365854dd5e2bb105b9502c363ac0276e10a4a81096d8acef11e8cbad859ed3253f2d429f5c4ed9c
+	C = fc5725ddf254e5990519e78664347abd3c055f28396f48c53adb79e092096b82dd735292f3b934b40695edaca7aa66a5cce33f93528139
+	reseed counter = 1
+AdditionalInput = 0fac6bab66dfd3e17577aa5e5343f6d175c76152413d04dbf31782cc06e4f4b3
+** GENERATE (FIRST CALL):
+	V = e5990ba17d6e147d441bb46398d56d10a18aacfe1c2a59f43dc91424bd66daf33391f7930d0b32661788f3a1bc8ec604a5ea5ef995455b
+	C = fc5725ddf254e5990519e78664347abd3c055f28396f48c53adb79e092096b82dd735292f3b934b40695edaca7aa66a5cce33f93528139
+	reseed counter = 2
+AdditionalInput = 3869f098577d261e54ba8ba49abd8ec720502d8ddc441d723e09eb81a4f4b37c
+ReturnedBits = 18981e56a0507305b13e7a768f6ae6835a0cc8afcdce313dadbb432e55c58dadfb6bffe5b590d1ecd0da4049fffd4e3b552c994b03c51ef0d4d5fd9a763308702ecfe45b253613ca3cbfeb8b658d320f09c502190d1ab2bebb4bd9a24ba3aaddc5d1264a52976c1866e2ac83ea46b7e02c1b72e44e2e2f72e7ee38adac986a69
+** GENERATE (SECOND CALL):
+	V = e1f0317f6fc2fa1649359be9fd09e7cddd900c265599a4204a22c51d597077c74b7aeb8506bbe40301cb4dc2cea3fce1be223195533763
+	C = fc5725ddf254e5990519e78664347abd3c055f28396f48c53adb79e092096b82dd735292f3b934b40695edaca7aa66a5cce33f93528139
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 1d1865fbe30604316a5ecf9df040423440b7156410d3c532fe80a552422c7894
+Nonce = e9f978612779caade2975e37bd1e2ed5
+PersonalizationString = 46e6c89da4e6d874135b7c13702bfe7273a7a33e527f53cfd1c2555d420baa51
+** INSTANTIATE:
+	V = 0cb613c80d6d51d4453b9bc621f49d7fbb1eee8ade0f8777119e7a1183aab046eadd4d9fabe1e4222e3cb405a28ba870800714cd71a23e
+	C = 07a923191375d116e390c5f0ea70e00511be125ce13af2974089dc1d6d25aa919991842fe766a42b413258a14b82add83a0053a1f5a30a
+	reseed counter = 1
+EntropyInputReseed = 5ee0a130b668d3530ddfda1fa3783c73d0538be77c366c9a85fad1b820f401b9
+AdditionalInputReseed = f84db1c6c34861d1aa5d3a423137d6421cac3f606f3ef7289a7a8c7b56c20b2f
+** RESEED:
+	V = 80e9136e3bc8448ee51353fce5bd7732f0932fefa0c5175a4eb07baee8bc6f8df758be1f6f551c5d237882675398db13987986c13b3b8a
+	C = d0b45cd233c78ad8ba200cd1b44b089d80e1ed4480b5862440705071358ee8e49934fd4b0d940f1ef5c657289d56bec2f5d444d82fc912
+	reseed counter = 1
+AdditionalInput = b6dd72a82955bbc12e5bd986652b4848397bf01847b52aa06fb91ed746ebdf0a
+** GENERATE (FIRST CALL):
+	V = 519d70406f8fcf679f3360ce9a087fd071751d34217a9e5b1af9c5759245ed6a70f7fce995b7f74178b46d4d1e95b3bebffa0d060c1635
+	C = d0b45cd233c78ad8ba200cd1b44b089d80e1ed4480b5862440705071358ee8e49934fd4b0d940f1ef5c657289d56bec2f5d444d82fc912
+	reseed counter = 2
+AdditionalInput = 69310a389cca4db2fb0e15e1bcc29c625ea8a0bac7adf804c2939130b952181f
+ReturnedBits = dcceb2940660fdd89962d726b883bd868cb585917cee36557748c6caa8532ae0359d4a5078cf82776816ad133036a3f76a9b67f3e520da8a89fd4d7652982e89eccf976621cded491f4ecc4ea47d5685f8fc51f19d65eb08b6997282ba3511ef7aaa965410f78252b721b9fe2d2f2b5ac969b50bbdc6e6f65ee9fda10601d915
+** GENERATE (SECOND CALL):
+	V = 2251cd12a3575a4059536da04e53886df2570a78a23025a4c58d2ca158cbd66a57bf7d0b0fbbe9b1254c213ec8cfb167c1fca7d9c8a8be
+	C = d0b45cd233c78ad8ba200cd1b44b089d80e1ed4480b5862440705071358ee8e49934fd4b0d940f1ef5c657289d56bec2f5d444d82fc912
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 7e83f8984adeaa78a76b834babc4eb1bf31a011b60868c5719f15667cf3f256b
+Nonce = 62a1adbb4ba48e2ec87630485d764dee
+PersonalizationString = 57126e9c2e682d1faff74fb2d9e71fd2383bcdd8bc1e660ff5e9a82887a2ea66
+** INSTANTIATE:
+	V = 0c218805bdea200a75e37e6202e589f1cb23588e5656733a56e642521548d3b6a7ed1355854e5225175e538dbe21b2e5afab234cd8f825
+	C = ff7a67deb6e435fe05f8159ee8417e34599c08199e6c30a4c81ff5015058d1cf01f46dfc6d97de79a8fb484ea12f519acc570252d03f54
+	reseed counter = 1
+EntropyInputReseed = 5d4313eacfc767612e0c3d7535e664fa349f29d95b0eff0103129638cd7d80de
+AdditionalInputReseed = 6fa503ba8c0d4093eb9495ab085e6c7688b3882fd85f4deb57a3f172a5e7a9a3
+** RESEED:
+	V = a5890fd6b4f5179161b803a962eb563594b6575c081d9096545cdaac38f3a379f3e3d52228f637b6e29ea01945bf936fc05673365ddce3
+	C = 6954ced3fc41232023b05c83534d92bd01f9997464b9b6977780b5f872c8c45b594cbbaaf61accc552070582f756886044b20eb31a6b2f
+	reseed counter = 1
+AdditionalInput = ea887d8db2159c947aff3a0efe2a5a9ce29d163268568cfea7340b9d3a500883
+** GENERATE (FIRST CALL):
+	V = 0edddeaab1363ab18568602cb638e8f296aff0d06cd74852ea615c5242efdc4bf20279bd50e1716481779710b9f4d31a23cb5b79bdbff5
+	C = 6954ced3fc41232023b05c83534d92bd01f9997464b9b6977780b5f872c8c45b594cbbaaf61accc552070582f756886044b20eb31a6b2f
+	reseed counter = 2
+AdditionalInput = f45bf3f928e8d09a7972fa037145f394e8d0bee542a6678322a9eba765da47c5
+ReturnedBits = f4ed77f1b7fef3e448ae9844a8163eef1ce98de3174e9250f58fb9b2c903bb0be27cd11f3a24e36fa3db11d00022b392045aa6391fd9607d71069a006eefded096072f551ad2186b02e5a743e628697729066475e1c86f9fda78ce739328eeabbf36a281b9df8597e784f2294757f234822411c8378bc3aada15fbd0d3313450
+** GENERATE (SECOND CALL):
+	V = 7832ad7ead775dd1a918bcb009867baf98a98a44d190ff5f44e90503e728ce2336735326d0c55aa99100d46759b865e40fda6bba5b47c2
+	C = 6954ced3fc41232023b05c83534d92bd01f9997464b9b6977780b5f872c8c45b594cbbaaf61accc552070582f756886044b20eb31a6b2f
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 87e8b894f8be64ae6383f1053316c3afbd5730bc52de611631c2fa9e6a94a239
+Nonce = 885066488558432529f1c30abae409e9
+PersonalizationString = e876df9191d29fe86656a91be0c8c5c9c78ac0c405990549770abdaf1ac51f2d
+** INSTANTIATE:
+	V = 82747c93d548cd4f2e45a8890dcaf84465df45d9b64b30cc6d118bf2643aae8aebdd2b7d8fc9f910038ba9137c85035a2f65aa8d7283fb
+	C = 31b7d932e1626534cd8b4974de532828d38afacdb6cfc2f853fae674e785b196060d429467f365da12db8d3a6ba848064d7418e0aeb3ae
+	reseed counter = 1
+EntropyInputReseed = 2c2317a39b1027743e42e9492f260914f84b200fe7690ca49e1e2c6ce8ee7538
+AdditionalInputReseed = 4a5c2f1a7a83c875c50ecc2b26d99ed9afc0d58648abf16b23f0cb0619fc85f3
+** RESEED:
+	V = 64a03723aa47643b51a4eb26008cb0f7d25690f231f4ea57e9cdd99a1dafc8a57a7ea238b2f8f7698d08cc655c45cb2cad0c2102a52c2c
+	C = 552a345c82446487d775ab76a8413029b6a0d1b0d6f810f4e14b9d2574fd61fef45e8c78eeac1257f5f3035a42a47124cf7e092ace906b
+	reseed counter = 1
+AdditionalInput = d8efcd6eef2f3ac4cb22c607c83791e458ed546f7b31ce894684937f12a8491c
+** GENERATE (FIRST CALL):
+	V = b9ca6b802c8bc8c3291a969ca8cde12188f762a308ecfc19e37b0b8c66f014e44699a463a6574ad2c44b552bbe418f6bf85ed6f8d566f0
+	C = 552a345c82446487d775ab76a8413029b6a0d1b0d6f810f4e14b9d2574fd61fef45e8c78eeac1257f5f3035a42a47124cf7e092ace906b
+	reseed counter = 2
+AdditionalInput = 17c8182a8c07de48125231356373a5d8117d8b5aa95ec20875b6944c426ab8b8
+ReturnedBits = dbe2d3117a793a4c6351731971aa7667f4e60893b31002bedcb3323efa996e643d6e1c378f0b0c52a94bf680093cbb447ace465c0a4de7db19a63e62968cf59749365099fc250bccca07ebc46082a3f67671ce1ed4ae1f58d47bedf1499f3b112ccd5163fb6df1ff31be184c4183ba27165c804c791669959e606b354f3ba18d
+** GENERATE (SECOND CALL):
+	V = 0ef49fdcaed02d4b00904213510f114b3f983453dfe50e19733f740ec903b4dbb2ee20347569ec8561bcb851586e0d275a62d93d7a5f73
+	C = 552a345c82446487d775ab76a8413029b6a0d1b0d6f810f4e14b9d2574fd61fef45e8c78eeac1257f5f3035a42a47124cf7e092ace906b
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 990420cddf1f4c60852c5916585f182e0b354e62793dc250c5aa31eaaa1ee2a3
+Nonce = c0645b6d9fe7138dc1ab4059823c09e1
+PersonalizationString = 3352e7cd119a83c4956fd1baee20596ddf564777227828505dbb32680a66ae74
+** INSTANTIATE:
+	V = 53c6d6a7a9d1c8e5c7439d47006c3d8b495990b4ba07b38f2bfbc302d9beba9af147e9255729eca598e69abb6b9db5570105d9664a2064
+	C = 13aebed71153a8f4f5cf1015f3eb8f68bcb51fa59456cbc91e548d96e152ed0b5b454b54ea006a2627e4c9597e334c4b4052e3f5b92c56
+	reseed counter = 1
+EntropyInputReseed = bb4939c39e768d2c0decc1e785bf00047749caa81178a3157226b57d5beef566
+AdditionalInputReseed = 81fcf7e97db7008b5fa63447677a46fa8424ed5a5c67d0c0f59e4767aee638a6
+** RESEED:
+	V = e7eab97eac7e646d12a4ff6adc51624e456ed66e57c23bf5fcbf8680c36858600cdde64b49c12a8c5635372e84b9e5fdfa53c71ddf5bdd
+	C = c2b5ecba650dd142f84da1a74ba3f890603f3ff257090067ca2deea8e5067d24312eb08d7aec55f5757b4947af15153505e5cf0c6f52e5
+	reseed counter = 1
+AdditionalInput = 34eb5adfe128144d1944f9ae194d1dee4c1b00cc93ddac2a1a52fe7e95333291
+** GENERATE (FIRST CALL):
+	V = aaa0a639118c35b00af2a11227f55adea5ae1660aecb3d0c3a906e6b4a56bfa0dcdcba2ae85d5d501533ae0ce262f6f996b5aad9c33342
+	C = c2b5ecba650dd142f84da1a74ba3f890603f3ff257090067ca2deea8e5067d24312eb08d7aec55f5757b4947af15153505e5cf0c6f52e5
+	reseed counter = 2
+AdditionalInput = 9ed8ff9f5b4aaf6e602a8716739fe300ade5bd06f4cddd22ff6d3bfa62e36119
+ReturnedBits = 0f7f06abe944dbd464672236c5b074660e8fc7a020bb3ae11ef8e389ede8d6cdd7e4e49c4eb3d3ab47b1b244fd4b6959bace0a4bd14aa616579dec233ac28e5d3e6eb34870460ae1e397003ddbeff2b5fd49b4afc4b26eb196a98b1433a130c961ffd343acea143886d68f33dd95a8f5134e7517bf3a980685feff930763885d
+** GENERATE (SECOND CALL):
+	V = 6d5692f3769a06f3034042b97399536f05ed565305d43e77f1b23bc85e9dd15980de889e40eda00e46531e9481b570211b0fafae061556
+	C = c2b5ecba650dd142f84da1a74ba3f890603f3ff257090067ca2deea8e5067d24312eb08d7aec55f5757b4947af15153505e5cf0c6f52e5
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = fbdb06cf8fe3e15e6e192855dd5fbf2731cf563c40f6926c102fcaef9f6b730d
+Nonce = 8b17c9fbd7e39669127ad0a7d84b73cf
+PersonalizationString = 43eaeab92aa01dfae5c76522534949cf6a29468eb6dff390a45f53d6ba816b6b
+** INSTANTIATE:
+	V = 874fddb2cd73218c9ee3de6ce12ff329c599f1d0b4412690d4fe6f7a29f91193400d1105e832652d54860e13db303652a4aba7a02bbfa6
+	C = c0fc2d91d1bc1af745e47d3d9207e66be5ccef9f15165fbbdd9472b8cb49235ee1acc007c4113d3b67570dbbad757473020a998f5d03fd
+	reseed counter = 1
+EntropyInputReseed = 55a07443262f8163f70c89702e0617c89f80ccc3d7a38aa03f08e7acca57808a
+AdditionalInputReseed = f3aa910e17d7dcb0ffd8aa123853efda339042cbc6b289e48f77bb8bfb2e2bf8
+** RESEED:
+	V = ae6f98a1371518c7ae6826ae5de5fb5cf148a1286967906bd964a3daa93376cfb996d59222720abdefd783af98327207594e7438066d83
+	C = 17a7cad5eb988864538caacfd114392b7c0110bd7bc12843af58a1bc59395882f52d455610fc85bea9e1df4e3f05c009a797c966d22e7f
+	reseed counter = 1
+AdditionalInput = f72da3cd3da628edfc43b667030ac0a9ff94db1426febb808fbc70835f0a7bf6
+** GENERATE (FIRST CALL):
+	V = c617637722ada12c01f4d17e2efa34886d49b1e5e528ba2fa1f93c28ac8c3b6a192e7dfc5245e795997bd1c509c279ee89ba9a31b6f965
+	C = 17a7cad5eb988864538caacfd114392b7c0110bd7bc12843af58a1bc59395882f52d455610fc85bea9e1df4e3f05c009a797c966d22e7f
+	reseed counter = 2
+AdditionalInput = 8c6872a2c66389940f731ddfee36c557b9e5608833f9e1f04f25c265e20d33ca
+ReturnedBits = e4087a4079c46efa2ee08177d008345d35778474dc5926bd1bd67a61ca4da9b49713890c8795487dd72c7d8fc6b2f527edbf220dfee6b7d750822aea3b26626aaee5a337456c5aa297cbb6ebbe8cdc11f21f6b825e03b9e87fcd5b6bdd0ef301595ec7fbc2548b93ccdafa85abe37a46e438c0ee4cadb512f57171b0a8be75a8
+** GENERATE (SECOND CALL):
+	V = ddbf2e4d0e46299055817c4e000e6db3e94ac2a360e9e314d85c1b0771d01b89d1ce5b38f0aa9a77fb71dfc5f6180515687a79ada383da
+	C = 17a7cad5eb988864538caacfd114392b7c0110bd7bc12843af58a1bc59395882f52d455610fc85bea9e1df4e3f05c009a797c966d22e7f
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = ebae68d91247a176e0c4e31320bb2168494f5249752973b83bd1a6eee17d0815
+Nonce = ba0726ab5f8c7aaf631c37f3e081a0c9
+PersonalizationString = c4e2b376d1550dcd36e818cc48364aad5cdfa2dca87b1218025338ce8f6ab2e3
+** INSTANTIATE:
+	V = 89065bb30049d95879f09088cd610fa1785698854c5c56ee3812ba54a32e9613354b25393e724f85bcd0ffc8f69f2a45d11f1af40aeb0f
+	C = 79c9701404d69987fe092841dae90cfe7f979071de08772d71b14c8f89fbcfc9e0fb6d0c8c678aaaad0a8ba43161e135506bc1ba77ddb1
+	reseed counter = 1
+EntropyInputReseed = 03ea8b9babc1bf0fe7c90813bbd9c572eeb8187aa589307deac0a14f7f32a290
+AdditionalInputReseed = 0588b3e2667556b486deda175ec58910776e299635139e1c0b021373374edca3
+** RESEED:
+	V = bd9007bbf47ac643948ddd2b0a4d1cf80c8d5613c4d9e15f553a39f1334763ec96663c30769aae15a9fd3a5fef74e7955864404e786c08
+	C = 0ad9a089dedc832a06b272a0a861fd199da31128b20411bd2d0e574a10312af0dab6574e1c6593c9cfec4bd76fa55076fe294a57289a8a
+	reseed counter = 1
+AdditionalInput = e5aed9d8bb4b58cfbf237eef00caf550585ad906c40a10971a25351a92331fe3
+** GENERATE (FIRST CALL):
+	V = c869a845d357496d9b404fcbb2af1a11aa30673c76ddf4d6857e13ff6fff666fffc466a0847bdccb85c29b5f3f1ab9ae0383d9548b0775
+	C = 0ad9a089dedc832a06b272a0a861fd199da31128b20411bd2d0e574a10312af0dab6574e1c6593c9cfec4bd76fa55076fe294a57289a8a
+	reseed counter = 2
+AdditionalInput = 57c614ced1415f3d16c060b004c8041c9fb26d5ed245576d43c676029ed6491b
+ReturnedBits = d65043c24e894cf33609c9604521fac06806b4657d7d3b4ad59fff70a488f41013c1cf836c4ea5d3b6066089a7b0881d56fe9fcc670ae9136e1494efb0085b96861f9590b62488d47220969cb6305d9b102b4c4607a8a5c4fee6ebd68d09de87667a2a8c0a3dd56ba680d8ddd3801a2eb9a2ad1c7d67efabf0b3ce44c21b0ce2
+** GENERATE (SECOND CALL):
+	V = d34348cfb233cc97a1f2c26c5b11172b47d3786528e207817db3ef11a11264a622cf6c645230c5ec5029397878991babb290a8f4ebe6bb
+	C = 0ad9a089dedc832a06b272a0a861fd199da31128b20411bd2d0e574a10312af0dab6574e1c6593c9cfec4bd76fa55076fe294a57289a8a
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 1a987a88e2c490be07b12473790230ab05066c9614401acb7903c3523b57dbfa
+Nonce = 44b47f7cd3cf53f1981289311a3cd417
+PersonalizationString = e1348663a0f754f283641ab95c218017616b9da189a30ddcf13c937baf662a41
+** INSTANTIATE:
+	V = 6b6261cdc7b5a93a23edfcafbeecf22acf9d15bd25c1d96e5d055fa1c534edba8d1ff8ab8c471c970ea5bf5bee4c33fb94e7f6aa38d937
+	C = fe420057bac1a5c9414d1a02e4c3f2ffe5461a571a43021f5c9396138426f7fc31a422e65d665706872b44457e94441808fe381ddab4f3
+	reseed counter = 1
+EntropyInputReseed = aabd29e89ff981f5ab1acc7e1707c96eaf930a4d301fbe84dc300bf937a6eec1
+AdditionalInputReseed = 2ae8ba955e499186c1fcf9f9d557a7f9d963b2f9fa91421397e65c4bbf1efb9b
+** RESEED:
+	V = 7ce8aeef5f36ebf51ef39664e7cf26fd37301273853ada37b45c845d1c01ed14c3b59b8a339588df1f71c2dfd35c34de1ce3174abd5148
+	C = 8fecf24d27f03f2e1937f38001c55d2178e02ad0940d6b44233965dc19c64713c2c4e78467552b5d1bfbf0a53832a6bc862a9138b5f481
+	reseed counter = 1
+AdditionalInput = 092b418c28e34e5d2f9a9c0ab4d6dd55c0c31c68c14b487592c448571f899811
+** GENERATE (FIRST CALL):
+	V = 0cd5a13c87272b23382b89e4e994841eb0103d44194845ee9e0df1eb178af2b31455147a1bb58faffb47634233297726fdb8835c7626e0
+	C = 8fecf24d27f03f2e1937f38001c55d2178e02ad0940d6b44233965dc19c64713c2c4e78467552b5d1bfbf0a53832a6bc862a9138b5f481
+	reseed counter = 2
+AdditionalInput = 8ec2a4e7e257f1fda5d597f3c61438b4fb2abae915ba022186491893b3b53987
+ReturnedBits = 5bdcdff81211ef87618f8aa3d25764f8b80d4a76bdfd3192fc0daea3a0c085650f337f27d6f60459449f82262b163790c8a08f350aad4b8ceb37ca5ea2dfeecd14a7cc128979421456d5e75c6717e7e5ebd2383c3ab26f29606bea67c66efe17e4b365051f204bdaa6c22891a27c6474a8b9dee3061b5844a9a3cd2af887fdf2
+** GENERATE (SECOND CALL):
+	V = 9cc29389af176a5151637d64eb59e14028f06814ad55b1a9b0d8a1e78335cf2258bd0cffa5c9fa7ae4dbbd28f4279308e2a504dca365dc
+	C = 8fecf24d27f03f2e1937f38001c55d2178e02ad0940d6b44233965dc19c64713c2c4e78467552b5d1bfbf0a53832a6bc862a9138b5f481
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 8431d61506397e80ef35e229755c853afca9ee0a70f43f48a70bbba193719a71
+Nonce = f84eddf483f6972bf7b3305ce063bef5
+PersonalizationString = 
+** INSTANTIATE:
+	V = a2eda89057ecf470b12148281bb3413cd44e37f7e158d9fe83ef0532180550b15f301b57deaf2b145cdc94eda1f39d741422f811941b00
+	C = 3d0540a99d72547c54508f86ff5ad675786d9ce31dc0fd12b7c7c487d1d9709f1926bf828ca05a52e717fc8d529bf2448b7fcd279e81c0
+	reseed counter = 1
+EntropyInputReseed = 39e8615359d8a653bee4d969e01f4d71b6e9808097871659493e7a7f59fcc439
+AdditionalInputReseed = 
+** RESEED:
+	V = c51e61ad8145fd95f228013e6d5389df6039398062498e31887fac93d85ec3f8a51a4405fcdbaa96652452173f815b0dae31b9d63f101e
+	C = 105ebb7e65b8b0d10767e9551758ada851d30f65017e4e4092822495e8ea48c0fb2e7f4fc47874367ad3f06f4a29080b48559536fd429e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d57d1d2be6feae66f98fea9384ac3787b20c48e563c7dd10a414285eed24f150d7eeb81b131f8fc164359152b09b4570d4fe07d901f828
+	C = 105ebb7e65b8b0d10767e9551758ada851d30f65017e4e4092822495e8ea48c0fb2e7f4fc47874367ad3f06f4a29080b48559536fd429e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ee532248399f165bd429f3e4b0d93cc29ec6b1b268ab0f55eea07e8352650fc6c02fa9094d9ff4bad76f0ee04e31e3938094d0b46b1392167a458dbb3552fbb8fb4355d1d556158d73d89e745d6711ecd28afab21e15541a9399581c96236e53b828e2ac633faebd35856bdac8de491686ba63514f336d44c59bd69c118911ec
+** GENERATE (SECOND CALL):
+	V = e5dbd8aa4cb75f3800f7d3e89c04e53003df584a65462c38e9ab4d2a51b29480a4d333568262fed175078f758278f6bb636f7b06d9ea88
+	C = 105ebb7e65b8b0d10767e9551758ada851d30f65017e4e4092822495e8ea48c0fb2e7f4fc47874367ad3f06f4a29080b48559536fd429e
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 866a3a712e3e98adbdb4bb597cfa462d3bb7e282fb2c9e147286bfb4b3a21912
+Nonce = ec1e3bce9e9345dc8106e5bcd6a36a6d
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0dc9f08b60960b32cac4f8d79842aedf416af4a158abc786a7c26c2a21bc9e3ab2b59741cec6d3449c890c3b83e14dd8809b6050d571a4
+	C = 3e00743d9fb739baf0eb0cf532ce1da583bfb67b5b4d7d237cbc9e151804d42f5afd454925e04e9db60d016395f235256df8a8421ffb1c
+	reseed counter = 1
+EntropyInputReseed = c13be4d68e674937fe58ad5dbb106756a87767176cd565434fd73a8ea5cf5597
+AdditionalInputReseed = 
+** RESEED:
+	V = ba489f4ddd3d1f574e3d48bb54849e22c42ddbdca5d4d755105bf6737cf826bfff35bf7572e8970694c4263772c32ce61c2f13fe7a9338
+	C = 70c54c61cba4b1a8d3068025e3983ef641ba3a9e3fd8dca045acf91ba642a47e42460c413956e817413a169ceadb312e4fe7b40952b864
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 2b0debafa8e1d1002143c8e1381cdd1905e8167ae5adb41bc940598125962b6e158c30db5f8c028fcde5d238a53841185b31ad19b690bf
+	C = 70c54c61cba4b1a8d3068025e3983ef641ba3a9e3fd8dca045acf91ba642a47e42460c413956e817413a169ceadb312e4fe7b40952b864
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = fc766d1446bc2a834031e45ac689e4f8f66ce3a688f56b06c87dad6f6b471917e2887cc3e1946a2254e940023bfc02419cccd813e12c8c5756c67a84c47b0ac64e806889e32ab8597901fc36c8cb8a5d515e9ae85c50ea939e1a7d1a5895e71f6e92bbc88fc47a340b85097d25a5d4973b7714d17f07c77d1686af0d8886ce31
+** GENERATE (SECOND CALL):
+	V = 9bd33811748682a8f44a49071bb51c0f47a2511925869125e0f050783757528610ef82311a3291e1ec4dd37774c60707d8d19581aaf8b1
+	C = 70c54c61cba4b1a8d3068025e3983ef641ba3a9e3fd8dca045acf91ba642a47e42460c413956e817413a169ceadb312e4fe7b40952b864
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 822b84b701bb87d90697c3c952ddf465f1fee6bb91bceee20b1e1be8260f0b4a
+Nonce = 537312da52387e8e8f87a0b50b4a2a54
+PersonalizationString = 
+** INSTANTIATE:
+	V = e48e529693e1dd928057503c3ef549b044e2d81156203ef170aadba0610dbdf3fe0ab4b41ae389b6906165fbec2ae4db3ffbfe68e6f893
+	C = 89c0ef6865cc587a7db4ef56597986a65b9c19e56b2f9e4ca4fd6483dce408e85384a0622eb6a6bfa068ae6eaa1df809cb2002e063b1dd
+	reseed counter = 1
+EntropyInputReseed = e2eb4a5d2daf8de70acb0b075494e0fd3278c9602b45db94c062e4b8f8666e9b
+AdditionalInputReseed = 
+** RESEED:
+	V = e0e69df863ba3b9ec57f0d7dd2d6b26c8e3a832563443cf0ccbc90b7a33ab120376664e0aafd3a5d0b561ca6bd51555066d9a4c924f9b4
+	C = 754fb80708eda16402700251facd870aaf500a8e7d79aa10b3d990dd0f9b7c572de17175a89acc7e38cfa6a2e355cb18a33ad62f91279d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 563655ff6ca7dd02c7ef0fcfcda439773d8a8db3e0bde73defdf14919008df74e6ed0e25a738fac55343d285fc4ec5d4a01304ada22a61
+	C = 754fb80708eda16402700251facd870aaf500a8e7d79aa10b3d990dd0f9b7c572de17175a89acc7e38cfa6a2e355cb18a33ad62f91279d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 57bfaafaeb6fe3730551160e49d17ca7c2163e5db6161a3ce8c7ba0613f210069b82fdfe0f3787083822d0cfd22405cca7bcb0958351935895b0bc17eb2a99e2362a973010b3f7a69b0aecfbfcafa6d8a7e89bfafa4774e2f7b49bc776ac976dad43b9541dd5d3be6bede6abde326e21da7f48a8d43ddcb8b8c81b9d3e9a8fcc
+** GENERATE (SECOND CALL):
+	V = cb860e0675957e66ca5f1221c871c081ecda98425e37920e1c7e43baad3846f30f99cd1da127d81eb2c6f3f1120df65f3282c0f890a6da
+	C = 754fb80708eda16402700251facd870aaf500a8e7d79aa10b3d990dd0f9b7c572de17175a89acc7e38cfa6a2e355cb18a33ad62f91279d
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 10978df0be846987409b7e567ac685cde4ec84b28cbf1f4baa183eb47ea9ef09
+Nonce = 5f46249f4ff2d9dbc8cf98c12dce2dac
+PersonalizationString = 
+** INSTANTIATE:
+	V = 2372a11bb0781262ee6e3a390f0551433dd8eddbbbad5fd5789bd8f88dab907e375f1e0e8262e71aa493c167b13539cdd9d0efd1be213b
+	C = 010d004849ffc3b1966e3fc10b6a40644dcce920604ebe184c83e7038ca9011948be4d9d9a31f780f9bac55f0ba9a349ca716038ac9edf
+	reseed counter = 1
+EntropyInputReseed = 0be8dc5142eda9832cfa4edddc782b732ef1ab578dc0cfa50654320d6b4e6fad
+AdditionalInputReseed = 
+** RESEED:
+	V = f6cba8ca502850857689fdd912f255f7856663b161c58df5428b7873dc41ed84334e09023e765dadb57cb67ba90ae6d6f2fc74b452b0e8
+	C = f1548b9a3ba8d8fc067dfe1f374a152db97ffcb1130f5097442fb5c55ba2aecbbbbe5089fd752ec30e1b96dbd0431bfa9bcf41df9067cd
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = e82034648bd129817d07fbf84a3c6b253ee6606274d4def333e9e958dc028170a7e2c62bfc0503b82aae4c91068672718f5e8132e38664
+	C = f1548b9a3ba8d8fc067dfe1f374a152db97ffcb1130f5097442fb5c55ba2aecbbbbe5089fd752ec30e1b96dbd0431bfa9bcf41df9067cd
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 650df01dd3c977a065ac54cc9fe6bb588cebe60e2a83f03e9818d175947270d2aa0999aa6e5fedee5ee3a4ab7c62a19e95babb3596bf567dd7be9cd6b73377831b09d1533efec4890ce955bcdff5a1af813101b1ec3e3f3666efe7c587a2d69118a6cac0f8b55e9e96ee528895a6a5ef02a2f5a2df7fcbf118eaeeeed370a64d
+** GENERATE (SECOND CALL):
+	V = d974bffec77a027d8385fa1781868052f8665d1387e42fdba5bf0dc4b087c8bd9b7a217d32b758e5f8becb16aa7ea1bba5053f9e4ea27a
+	C = f1548b9a3ba8d8fc067dfe1f374a152db97ffcb1130f5097442fb5c55ba2aecbbbbe5089fd752ec30e1b96dbd0431bfa9bcf41df9067cd
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 3e0771195e8cdea0207d296354c6dd09f73569b31649b58e64b11917dcc3bc2e
+Nonce = 8baa3addd1c9b2d5fa6fd93473d119e7
+PersonalizationString = 
+** INSTANTIATE:
+	V = cd7735a6433253eae46eb1d2b4b1aa22354b5f2fee623adc8c432a3f3e39b35e35f3771e2e378e5901246a82b009010d256f62a9426366
+	C = 31610a154012b01ba1cb6c73aa3113302f1e7bf205ce61a2e4b2484dc62a82beb4f07d91c53bfaa01fe4ccaafa8b6afc0e901418fbda49
+	reseed counter = 1
+EntropyInputReseed = 507ebc83973c4ee594849698f53a719f8e27c6438c91b6ff3228358b83bbe981
+AdditionalInputReseed = 
+** RESEED:
+	V = cf8544534ece6d88d932d3c197d95c2ab4152a6096a9593c842833bca410ff31f3d25b525cfc074d983547b0e143c95bf6b5cc6a172f0d
+	C = 8380ace34f3bde4ffd52125deb80bf2f9b7fd6507b10f520c639be52ec15111dda32253054b2af5dc829fa44fb12c2c9843cf6289d7dbe
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 5305f1369e0a4bd8d684e61f835a1b5a4f9500b111ba4f4143e77bfe7e8690dc381fe0b7b9864105e9ea7a0db534a0dee6226d29691836
+	C = 8380ace34f3bde4ffd52125deb80bf2f9b7fd6507b10f520c639be52ec15111dda32253054b2af5dc829fa44fb12c2c9843cf6289d7dbe
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = d637787ae5e1ccb2b1ae8875c0aca9ef1f4984c4aad6437e51844ae86635dd05520b1abe5f17bb64e90d9852dfbe383b32f34810d23e6c5e891f9ff1be4d730b765e9f94d52fbcbc9745f5ee3fd9bdebbee1dc8c70efd903a1718069323b93ff4a86e8db6ec2e2f6e735c3fea3e75771a244f1f57c1528e0fc60fb8d9bbda9ae
+** GENERATE (SECOND CALL):
+	V = d6869e19ed462a28d3d6f87d6edada89eb14d7018ccb44c02e8035d454268c99a16ea7a69c2a830bcf101f65033ac2848440fd78712479
+	C = 8380ace34f3bde4ffd52125deb80bf2f9b7fd6507b10f520c639be52ec15111dda32253054b2af5dc829fa44fb12c2c9843cf6289d7dbe
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 940463932905fa8a8be58d2898a613dc303baf0e76a61fef11d9fcb2af6c2bad
+Nonce = 58f6f3ef216a208310249c721006a443
+PersonalizationString = 
+** INSTANTIATE:
+	V = 42ff177fbea1f9ccd63d740d148e08dd2009eee7c0baa8b1cde59046b64fb24059afe3fcc8b2e022cc0d9cf6e0749bff7315c88f4dfb7c
+	C = bb9949ac46a79bf53c128d25e72159475be8f1651837b4078917c4ff2ca833aed01acc98b6286d76ef6cdf76acda03930091832db2da0d
+	reseed counter = 1
+EntropyInputReseed = d7c186253abfaa995d72ef3c9a2ea70954e2dde001e7d060dcc64f5a997e81bf
+AdditionalInputReseed = 
+** RESEED:
+	V = 9c4d2a432a26924c3d9c0a60765caae12b0e2519cbe6c728888983ffbe817127ee9b51d264adc1ba481560c0c79ea6d7df4638800da257
+	C = bc80e414e3fbc28255f28e13142f5b79d55b9afbbeb645f56d0ab654c9ac3b5c5aa001192aa12486b0744db1c031177a6a75c5dbec89ce
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 58ce0e580e2254ce938e98738a8c065b0069c0158a9d0d6e78407c899683f19dde4cbc9e8368f8ca173564da80fafc6d7b8ebc3eb08f12
+	C = bc80e414e3fbc28255f28e13142f5b79d55b9afbbeb645f56d0ab654c9ac3b5c5aa001192aa12486b0744db1c031177a6a75c5dbec89ce
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 5431ed8874efdd44a4cdc3263449e186ef35aee56b57f5c0f590589e8f0117cbc4d73564ab7ada08528798d191e47333d6a186384d3a518447f86b50401786c680d43812230254cc16c441eb72b15200efa45f463549cb5e15adc2441a035de16fb81c12d1924e7d280f62fb1fe0f3866ca5cb6c569e006c39a17bddf013849e
+** GENERATE (SECOND CALL):
+	V = 154ef26cf21e1750e98126869ebb61d4d5c55b11495353a414767b511a848f652b588ba8f645620c7a77e8a64593b9328150a87b3737b2
+	C = bc80e414e3fbc28255f28e13142f5b79d55b9afbbeb645f56d0ab654c9ac3b5c5aa001192aa12486b0744db1c031177a6a75c5dbec89ce
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = d032a9414c85d6c5c6493f1b402eabfe4c9b3fb12d2143f27dbfbd10f5647c48
+Nonce = a29b1be8e0d887b4412c404b694a3b2f
+PersonalizationString = 
+** INSTANTIATE:
+	V = e9aa77fdcdef90018ff4882337aa793eb31064d8b0e1ceaf91f5ee2eceb24c9b84d770ff329bba7ff4644e6d5884a81bc803e4cebd4387
+	C = 794b36a0fcb6d1b9547ff869c25ad3c4927daeb7991ced50ec6a21f0b5a3b222b09e171605ae25bdcfdebe6a0eda150c659e601a150cae
+	reseed counter = 1
+EntropyInputReseed = c3280188e211f945bd124f1577e29317d0d4f1f6f90c4065d15976194dfa2407
+AdditionalInputReseed = 
+** RESEED:
+	V = 631bb28a6406523d7688d926d7e045fb39a496420c68f1d91b3465f3483a322a9cdb44d2630201a6cfa3f37152bd769cb409db342b6453
+	C = e4164c4fa109498a5692ae615d6fb0c5981af3fb1f22776e15cf8717985a0146274ede556a6b5ef85600005b0ac360becfd2658a351743
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4731feda050f9bc7cd1b8788354ff6c0d1bf8a3d2b8b69e50edd6f74b61eec6e40b9071a28686e6fb1dd086bd6a9a713d7f3c071009d8b
+	C = e4164c4fa109498a5692ae615d6fb0c5981af3fb1f22776e15cf8717985a0146274ede556a6b5ef85600005b0ac360becfd2658a351743
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 0b24cd5291cc94e00148fb6617fe2203afe49e3b6b4997842022cc2113a391f282eda00aabd6414eb162c06d15909522da8c5245f53d23e15d1e29d7c07afabc6e1dcacd14e4ed8e7a3e73aae66612ed63352bee779d43bd137855136abb53d2f8ccf0a8b1d17d52171501fcdfb5a125d02408817d1d03e7dc5c979968646ef6
+** GENERATE (SECOND CALL):
+	V = 2b484b29a618e55223ae35e992bfa78669da7e384aade23688c9d2ff1afc3aeff25381348394a2e2dd31da10413ec64d9b26674e5c8a81
+	C = e4164c4fa109498a5692ae615d6fb0c5981af3fb1f22776e15cf8717985a0146274ede556a6b5ef85600005b0ac360becfd2658a351743
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 1505f115d9e6ad625aab241bfead47928366827a045f98f82b1544bfe7b36228
+Nonce = a374caff7882fae81dd5a27a7a9d6139
+PersonalizationString = 
+** INSTANTIATE:
+	V = ca70c6d6910044ed5ae96a76161a11487046982693fdcbf691f679f6fb56dcf028729996ed9863d0b295d83fd933e1505208dfac73c911
+	C = 7c2a5ae0680abf5e2f8bcf7bb0bb1be8aa4a68d1c10a44f0131a34324e5eb9c142f81a293d30988b3bfbb9831247bfb78a6c7cb9d7019e
+	reseed counter = 1
+EntropyInputReseed = 4612abbe1f52ae0c08d839d5f11fad3533170fd793e513fe77d72d715496a8a7
+AdditionalInputReseed = 
+** RESEED:
+	V = 5ebe3bad3d5c77966f146692a53bbe8c4de3423c1e1c996848710dda0361cf13a8ba2cb059785f063ede429430e6b3a192643f555e4170
+	C = a55d885f1957a4daa37cf62a185c6dd47faa2327dea4a1f4425555a6450589f2d33d132af45631cd5c75e24655593b409e1fbe385be19c
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 041bc40c56b41c7112915cbcbd982c60cd8d6563fcc13c2c705cdedd1063da0b3c5b0c7edfc746c0d8a524b292e7a8daf5f9c702586c81
+	C = a55d885f1957a4daa37cf62a185c6dd47faa2327dea4a1f4425555a6450589f2d33d132af45631cd5c75e24655593b409e1fbe385be19c
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 9edd8d1d30d7a91f7bf96083bf31ee5cd25c52e1f6910d462bafa5a3e4023c09258d2abae2833b0bed88ffce076577cc5ac8b5193c669fb03141dc4cdf4d861a53545e656540880c9f4a60f43de6b8c148ef5be349fd3b9ac2985b11a53625a004cf8486d9fa1552ece2941798e76f51349ecdc87649dcd823f5e42517daa5d2
+** GENERATE (SECOND CALL):
+	V = a9794c6b700bc14bb60e52e6d5f49a354d37888bdb65ded47d8862878588f08f545303526f03ab879d7c8a6627fe0fa37d1ce07b4aa11c
+	C = a55d885f1957a4daa37cf62a185c6dd47faa2327dea4a1f4425555a6450589f2d33d132af45631cd5c75e24655593b409e1fbe385be19c
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = ef7385f43deb3adcfce926a175f408844a582de4642cecc82e783a25d0490853
+Nonce = 839b47fb7536297c9e2cddede828d816
+PersonalizationString = 
+** INSTANTIATE:
+	V = d57ce7d5792f6fc86b9dc78966aaec57c00202256493194577aad6e394b4e788ad52ba26def449e222edbc4d5dd2cb1dc1ac0613d2e2c3
+	C = 783a8f0d43d100e85eb8b0b55bf015e2c1341e61c01655afe64f0012748b5d13ef24e6f0fac654e8ad103878a2cf044cebcc4f2c6154b3
+	reseed counter = 1
+EntropyInputReseed = 485641f95e2ca1b577d313435c703c1a7cb3b4bb79a917360929e3d2060aa066
+AdditionalInputReseed = 
+** RESEED:
+	V = dc4e6c5ad0220fd0ba045835f1e03600e756c2c12a047c7a0b3c6e08917816b1d3d0dcd7373f5e1dbac3de2a43533d6d5761d4ca1d09c2
+	C = c922de1362e434f26fa53d30fc4e5dc2cdcbe33b80314be3543e6ff45d23128081ed86f54fdd070a40bce52e706620773c16847063fb2e
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a5714a6e330644c329a99566ee2e93c3b522a5fcaa35c94844f1197db67b1d62cdac9bac3053dc6ef61443f1d432815cc12a09ad2c057a
+	C = c922de1362e434f26fa53d30fc4e5dc2cdcbe33b80314be3543e6ff45d23128081ed86f54fdd070a40bce52e706620773c16847063fb2e
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7b66505145409d865b86eba61c238ccb01d9a24438c3a291723066bf19a8bf1e102f2eddc758616738797c6348c784b28989782f144aa43eb7e72dc83210efbe26cb09946e493b6574001fde6f9f09d427420511b3cc021addd3f6c3bb741b4dec13592414a5e1bd911fa1ae3b3fdf2e704dd69406325e61fe37bcee2e5d86e5
+** GENERATE (SECOND CALL):
+	V = 6e94288195ea79b5994ed297ea7cf18682ee89382a67154f5a8bbe3cdc03e5b73598d104fee4dc4fb5a821799847e87330c143eafab7d9
+	C = c922de1362e434f26fa53d30fc4e5dc2cdcbe33b80314be3543e6ff45d23128081ed86f54fdd070a40bce52e706620773c16847063fb2e
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 60bd6a8b6c0a2de61f24dd06e18fd14006609ea4b3f82c94e00a7a356d65cdf8
+Nonce = 0454f25a34b7ac46a9f684248efe99cc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 862ddc8969c894cc4bb057b8415fbf56bfae471df6a26a23a40a4249ed32bfe8693c2c6c43065b18684589a757e3781fc5d3cf7420e9ba
+	C = 93485f0c1a2bd668f16eec02d3e7d8d6f7797a781947031916ce96a5c150157cad6371854a17ac17bad9b98297fb92539d5bb991ad7ca5
+	reseed counter = 1
+EntropyInputReseed = d10fe87566eae778b3614820a7713a06d702fcb9d412760e98deae73e7a8d846
+AdditionalInputReseed = 
+** RESEED:
+	V = 92fe30bed2443b8527c67332327568ebb2cb50d5cc1b811063aedc9f3d2f918080fc7c7eb42d8e23da47457cb58d3edc25cf464c4c3f05
+	C = e4291ad0713d5dc60581ee50375f13c113a6f1fe3b600b62b2021502244893e8adc38586b29e86203d56fd8dca03a4731c6b8719f1ec89
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 77274b8f4381994b2d48618269d47cacc67242d4077b8c783ee9701a1062431a653ce8190d53db5c695b89eb16c889669568b7d9be3f28
+	C = e4291ad0713d5dc60581ee50375f13c113a6f1fe3b600b62b2021502244893e8adc38586b29e86203d56fd8dca03a4731c6b8719f1ec89
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3bfd612a8b92605e83f6328545060c98672910f85543ec18eaa302eb4df3a8c8bb86a3ed4266eef62d0d9b484b17a77b83d07d086042fe511add4163883f859729127bd38e5b5e6658ded9cf8af7c6d0b144dc7938e8aaa7306a4e99a5e83091ac43007b8584244d96a9296f3e7c3c777fa130196dbfb283663feaa565f03841
+** GENERATE (SECOND CALL):
+	V = 5b50665fb4bef71132ca4fd2a133906dda1934d242db98ba20a1508f23c99eed5223dcf1ccc7e40532ac5e378a5189f3e7dbedfd2c4b65
+	C = e4291ad0713d5dc60581ee50375f13c113a6f1fe3b600b62b2021502244893e8adc38586b29e86203d56fd8dca03a4731c6b8719f1ec89
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 818b066c4d78ce4f2417209b3e7b5bb48eb25a2ac56c41245ea7f8cd027a752c
+Nonce = 33ea5b625fba106c2786aaafce1ce015
+PersonalizationString = 
+** INSTANTIATE:
+	V = 351e39d620f2ce3d3b0f872ae06c6c527834bc2dcc773e8a976aa93e4c2ae168bc4e2af442c477adad6065ca451938ec24ad1155b235c9
+	C = 939d5defb50f106be55a12f1dd041de0e6ef10b451de2eac7e8fc3652e18878a6fde5bbcabb592156b1f8ce29c834b382f5539e9f49d77
+	reseed counter = 1
+EntropyInputReseed = b38780ae620997b8a686f782e02585ca9babcd84c852a39f1a37a449aa3ca437
+AdditionalInputReseed = 
+** RESEED:
+	V = 57a3ed2bcdb75953b136032314c3237f04002d8ff47e538b80a4b377df831532acb5125f3809d962071f4baa66be417552b87aa80f2f3e
+	C = bc71e51aa1ca6b2138025355baacfca52db577910736cfc4291d3d0f6e9ad541d5d2072edd691c065625515bb639eab996ae4b88836648
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 1415d2466f81c474e9385678cf70202431b5a520fbb5239eecbc47bf15d45519cb85ab478a71b08724e5f4900fe1e78ba0ec83428f4d92
+	C = bc71e51aa1ca6b2138025355baacfca52db577910736cfc4291d3d0f6e9ad541d5d2072edd691c065625515bb639eab996ae4b88836648
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 42462aff5d6fcac225a736f7df0caade7574a5cd83ed7aa4839c8c7bd46b5174e0fb2f884d4ccdf30c64c5bfb7d8a0d08536d7e61ad46f920f1176f0ba54bec36cf67963d8785d54d3f8c69d072270a61b59db9071d24621c967860009eea3220b6b82a86e1f764c21f232aaa70af1c162a8fc5882a748564aed2f45ae996e07
+** GENERATE (SECOND CALL):
+	V = d087b761114c2f96213aa9ce8a1d1cc95f6b1cb202ebf460fdfae64cf2d74fda49480daa419668a57d2e50677bc75ed7efc454ff35c66d
+	C = bc71e51aa1ca6b2138025355baacfca52db577910736cfc4291d3d0f6e9ad541d5d2072edd691c065625515bb639eab996ae4b88836648
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 1a7027c35f66181650b942c5385287c63e3861439d3b7886564ba18f4cba278c
+Nonce = 3f31f7a44d71c46f444fc06476e241d0
+PersonalizationString = 
+** INSTANTIATE:
+	V = e1c5c038d5706aab163028c7dc9df61477ed58b6cd897643164957d5017905666048098bf869fb48fd160e1b6ab3e1bd373ab2bb8593a0
+	C = 4f622eae2bace4ef3da9353ac97674cc4560e115acdf0cabed88d9de1d16a784ba5c2ba8ad8991c7306117f18de8d33901db980d22d147
+	reseed counter = 1
+EntropyInputReseed = d08f7e7bfe973b3f703d96a26e643282dd6a5b3496219033bda3a2e98731939a
+AdditionalInputReseed = 
+** RESEED:
+	V = 0042116cc7be8dfcf46e94d057d467f5e8709bf367608eaba3d8ce6f259c52568961210e51ab4502998d406f0f2122330377d2da3634b5
+	C = d52b88daca33fabfbb9b0bca4a84d40667c80dfdfb82d7a29bdc7f74c093bd6d7e9e0cabd4795e3dd62798ed2e4e291c0a6934d29b334d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = d56d9a4791f288bcb009a09aa2593bfc5038a9f162e3670bda33cbbc83ec7ac09c6b61658d7ab5ec557092ace95039e8ca60b6d4e0d5d8
+	C = d52b88daca33fabfbb9b0bca4a84d40667c80dfdfb82d7a29bdc7f74c093bd6d7e9e0cabd4795e3dd62798ed2e4e291c0a6934d29b334d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 814ac73c93c2abbb4e0786192a0b8ee37f5aeea75f9753e5a0c559d6e13b9bde00d2db9334844638c67c7fe48451f67888b979409bbc5281ab98604ea6ace8b72fc17e3d6dcdff0b0c4391ddb051031a604b027fa9c7956afe9040ed7d6ba18e032a91d2d0044b5f584b7ddabffa661c36c0c2fa6f05059e02ff5ad73ee5b0e2
+** GENERATE (SECOND CALL):
+	V = aa9923225c26837c6ba4ac64ecde1002b800b7ef5e663f324b017c2dc808b3da49e204e134928ede3b530178b1f04fbf9dafff670f28e8
+	C = d52b88daca33fabfbb9b0bca4a84d40667c80dfdfb82d7a29bdc7f74c093bd6d7e9e0cabd4795e3dd62798ed2e4e291c0a6934d29b334d
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 47ea48f882117548af1f836cd2defc0a15fd4071fd95d04207159901fa9e4e0f
+Nonce = 24f93f2bfd670a680fa5c95f3378a5b6
+PersonalizationString = 
+** INSTANTIATE:
+	V = 86c5dab59efabdb06560713390331f9fb1888c9768b96471f52b9e64fdb8bc2d5f37ae81c8c5a3e4159cc7c85383b0c09b880b7cc197e8
+	C = 8c9ebc8fe7364a26f59ab0471c36a5b13d8afe0a00177ba5fc4f374e8b9ce12f4dc29672736c0a1d0bb55699322bd25203ee48ca21dd3a
+	reseed counter = 1
+EntropyInputReseed = 70dfb527604396fb42204d6273464870b797a9105361a4661977edd000e6c9a4
+AdditionalInputReseed = 
+** RESEED:
+	V = 89d329eb2b86325a213bce6cec684584e4f7826dba360ff81aefbf918267aa65dd92df290ce7d7fd0032c3fa9ba50bd4e7f34a710e9d8f
+	C = 6ba0a4700afe1462825473ffab8e80e3355a8d97680d0d234999db64488916a6db6d8f6f5830c995f8fea93e9a33762cc1850b1ad95c9b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = f573ce5b368446bca390426c97f6c6681a52100522431da6523b81cc09debacab533063688332ad198dda76a2435b23a28e0fb67732327
+	C = 6ba0a4700afe1462825473ffab8e80e3355a8d97680d0d234999db64488916a6db6d8f6f5830c995f8fea93e9a33762cc1850b1ad95c9b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 15f57eab409b6e3cf85590671dd33813d3e44f5dafc225889ce19c8209350e64ece6217ace826196e7fb890e30927ae4798d6906192f98404a916479d689df8301bd85ee5889fe84b7637afc49514ffac4777fd827f8650dcbf4b90619e929ee29b7aded59816fc2ddbff4f767bb580aedaf0f1444a692b1158964b84fd1f659
+** GENERATE (SECOND CALL):
+	V = 611472cb41825b1f25e4b66c4385474b4fac9d9c8a502acb0b9209f994997aa6489696e0bef606c1821b3767e6f9f6241aa7cf7c09455c
+	C = 6ba0a4700afe1462825473ffab8e80e3355a8d97680d0d234999db64488916a6db6d8f6f5830c995f8fea93e9a33762cc1850b1ad95c9b
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 2795a728fa5d1ab52321efa6b8e07f0a5406bd3379d5b47b2881d05a47b1dc84
+Nonce = 9424605793983327e8e98420b859a7e0
+PersonalizationString = 
+** INSTANTIATE:
+	V = c99ab60ce0fb03a9eb0365cc9785b23247fb8545ee0416c7400c5831ee3eb2de05f6aa7f4d0e4db824ebe5fbf84dc2c3c7ce2719dacb50
+	C = 924ca89ec6da8eb947c9ea48b26c93b8b24222b91c050581e85f2644e62d2dac64fa86ec68d9aaeb8fe2c15b6f1345c4b5103525681c64
+	reseed counter = 1
+EntropyInputReseed = 4df5356180423bd174192e59c0472b8dcdc29a1e02bff621eef8907f7e4e246b
+AdditionalInputReseed = 
+** RESEED:
+	V = 33a175934160a9745575a1d72cf5a9eb8b6daf0855cb83bf1c4bcefd34b93789379e3f04e6410dda5389e1f436c87421aa23afbd043377
+	C = 758525c07545c00f30728576e02574e87048e4a15a505cdaf092434aa7aa73925e8e6df2cd21d100cc7ee80e1ee49ba0d4a3bf91b178bc
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = a9269b53b6a6698385e8274e0d1b1ed3fbb693a9b01be0dec87a00dca89f439be1839ba47885393dc42eba677d4f9c6e330909deddf46a
+	C = 758525c07545c00f30728576e02574e87048e4a15a505cdaf092434aa7aa73925e8e6df2cd21d100cc7ee80e1ee49ba0d4a3bf91b178bc
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 4884e5429d76361c12ac1db26dc6e4ce8a2751c38b17686863e7920eca739519825544b6936db3c05d11f31c151632ef176d50407bcc2ba8393b62721d82af6bb1b53d8f1609d5ce89d827a51f9fdc9e1884a5fc4cc84dad51deb56edb98241b42f45048da77d3db8c1b93453cfc6b9ce46dedf12c3ca97d6163c9634d94a919
+** GENERATE (SECOND CALL):
+	V = 1eabc1142bec2992b65aacc4ed4093bc6bff784b0a6c3e3e2ace1b5791e33b3b156e09bd642e9f599304b1e111ed7c0db691ac6f59253f
+	C = 758525c07545c00f30728576e02574e87048e4a15a505cdaf092434aa7aa73925e8e6df2cd21d100cc7ee80e1ee49ba0d4a3bf91b178bc
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = cb391e64b5ef694c5fc9e8d225aa825a07b327ce286391184650f7e925829bf6
+Nonce = 853640e7f7188a5cd2448cba272fcdfb
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6280ceb326a11f2cd18fd18bdf976898fede543e4b2707a13c7ea309ec96736e231441b16509965da3a44fb671e19cdc8a89d131d8db29
+	C = a7ea41c6dc0651fb536d8622e9c87147df2d37107d9f3c7726dd22180afabbbea59724ca0a4318bf8046feaa30f6a5a180ca2f039c1477
+	reseed counter = 1
+EntropyInputReseed = 71ddc8aad75e2c0192cddb92376129c2cb9b8b736715c2ffceaf19880616a088
+AdditionalInputReseed = 
+** RESEED:
+	V = d349f843904c91997cf971bb05f9c66f60a476df97b4d2127d3633138fe7818ad3545f2bf7df8fe2e3994d6582eecc1da58c89693d0a14
+	C = 52023a446e6f2716b821c9523b9d472860b62cbb336f9bcf59a2b9095885a0e2398920982b3b5f1489823a7746d812cfd01b820547d4a5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 254c3287febbb8b0351b3b0d41970d97c15aa39acb246eb4a61ec5988d2736f5819182ca265f800c2f7523e196c9e269beb28f5ba5ef4c
+	C = 52023a446e6f2716b821c9523b9d472860b62cbb336f9bcf59a2b9095885a0e2398920982b3b5f1489823a7746d812cfd01b820547d4a5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 875c36c142b6f20d3141a867a78559422a413e4aa5098bf9de63b465a63a5a4147c781eea933297ebccebbbec9e2b73925283087be9567191f5c53cd344b9e652ec792ca4179dd8b39c5b3f2796769c3fcbd66d0b8ea3e8055c40fe330da9e95c3a547b64c1231b3bb95de54ba682f662db91e3d3170fcbce3dc6f2eb9dcdd22
+** GENERATE (SECOND CALL):
+	V = 774e6ccc6d2adfc6ed3d045f7d3454c02210d055fe940aa78dbe6846eece9652b26f202b0c607d5dc486a918c6130e7911dbca2506c6f2
+	C = 52023a446e6f2716b821c9523b9d472860b62cbb336f9bcf59a2b9095885a0e2398920982b3b5f1489823a7746d812cfd01b820547d4a5
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 0]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 39c18e4471905c2141b79e0b5fe5a3026ae7bb7123d890603b43a41475176a29
+Nonce = be5d18725e17e9728a08068cc96bfef9
+PersonalizationString = 
+** INSTANTIATE:
+	V = e708dec91e06ef05e8cc904777c385b1ed94e5ea575bfc674aa3de3a736ee5df9e264688061e678f6a0aabcdcba98823bbffffc6d8634e
+	C = 4ed310fd1cf008b881bae6d06c303f76faddd59b84ecde6ea0956e0fad7367a5dc3d14d1f5dc225c7e3467cb9f01ecb327cf467e2f4c97
+	reseed counter = 1
+EntropyInputReseed = 54feb3b45798cb785238eceb750b3c6f5dcb8bdadf5fcaba7d8e8778a3a6d4a5
+AdditionalInputReseed = f0b773f3e8da00498b3f167f6cbe39b71995e8798f9f9c3798933c854fd570c4
+** RESEED:
+	V = c305a5c6a41ca8ffc7a831d40a8ffa613197c2a5ed12eb022467b1177b92287e2bc2c53df4ecbb6ac2b41e0f2f7655607c5c260ebbc5ed
+	C = 0ece288be0e3bd484ccf053edaf37b02b94fedf6d7423331bb81ebf8569276867ae07612e3177aa5a0c24fd603049659b7a246dd164177
+	reseed counter = 1
+AdditionalInput = 22850fc613ae480c1aa646c292992714bf23f014384e61aeed84b8fdb1b53496
+** GENERATE (FIRST CALL):
+	V = d1d3ce528500664814773712e5837563eae7b09cc4551febf7ac22244d095557c5c8ca1d44c9a729860ee8a9bcba1c724fad7990a45c22
+	C = 0ece288be0e3bd484ccf053edaf37b02b94fedf6d7423331bb81ebf8569276867ae07612e3177aa5a0c24fd603049659b7a246dd164177
+	reseed counter = 2
+AdditionalInput = d75c1bd9f7d8b87c7c00b323c7cd585cee6744ec17ed7b0007648573cae90402
+ReturnedBits = 5c194d800030333535369413f0ef17f7ee62a6809ef474e4817962a18a53d4335fea4796af552577bdc0e9de2b30ded67e87964a3da1a650185bb5bab8d83c53774f9df92aa7991fbe67e08223a90b5d75259ef883c1044193345a3ceedb5e4842758625b270eedce4ac55f1ca17f751eaef00f7a35a7c0fa879f64f8b0f9543
+** GENERATE (SECOND CALL):
+	V = e0a1f6de65e4239061463c51c076f066a4379e939b9754a4b76b986b83fb59fd5e65d10fd401ccdd614f7175572d1f1e6b539b8a5b1bf5
+	C = 0ece288be0e3bd484ccf053edaf37b02b94fedf6d7423331bb81ebf8569276867ae07612e3177aa5a0c24fd603049659b7a246dd164177
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c61fbbdb9ff5457fdc8318a43b1a6920e58967d004cab9c66d0150ee43c38a5c
+Nonce = 756dcdb77b91852759c4848772c086ca
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4b1c56c72bb8c5cd0c8ff2a567bfbfd172f446f36598b93f0946e33c42f5bfd1a61f1ef1d135d90e6ea369f79a0a8cb59c600326730596
+	C = b1fe9654fde1b0d241346741a14f5f2d1f88830dc3ced624df08b822a44437f89d8f19189cea71f72f0598e2c066de727155744e0ad97d
+	reseed counter = 1
+EntropyInputReseed = ed5e67f3fb78ccbde6b127e0c244e687c6c4a3b8107dfc4b943dd09231e9723f
+AdditionalInputReseed = 7a01dc09c0109e65fb73c655952432a5480a3797a3e7485f433618cfed3fa834
+** RESEED:
+	V = 52f48c472d4abec40303aa7e4d79450f73a1360f862caff78a7c920c8b4261e6fdf6d43e876d105b04db47164bf40fab9502cf3f4c9879
+	C = f4491eec7f27aaa55af3e2fdc32c2ea756c83acdd7ca630d2309a1b24fdb31989516e9c96b7c0a2065ee1674427dc765de75ab9ac4ae5b
+	reseed counter = 1
+AdditionalInput = d1d3ac7a2f1b818a98ba7fc7b5ed32b302ace92e2b11105ee6674cab5d2a5d6a
+** GENERATE (FIRST CALL):
+	V = 473dab33ac7269695df78d7c10a573b6ca6970dd5df71405992dea9cee0c3adb1fbafe55044a7f01346844202d1c4005ba84c1f44326f2
+	C = f4491eec7f27aaa55af3e2fdc32c2ea756c83acdd7ca630d2309a1b24fdb31989516e9c96b7c0a2065ee1674427dc765de75ab9ac4ae5b
+	reseed counter = 2
+AdditionalInput = 261a87e7434df9efd173a12b3b0e3d3756fdf0f3707498b8ff925de3a2286fcb
+ReturnedBits = 1e28ed6af58f00feb6d4bac56489faeafb6bdfc54f38b3ea09bdf4cbe49aca9f59362df16944ac245d5405af2775620b38f456da1d246ffcd371c717cd2ad1a81c6490d20bf2e50465cc0d293692375f93f40c12d678306ecbf127769e0f771d93e4ead3dddf3da43a7a136703680ca3c42c53512dbc63f68b7179cc632d987d
+** GENERATE (SECOND CALL):
+	V = 3b86ca202b9a140eb8eb7079d3d1a25e2131abab35c1785b0499975217bf0d78be192ee9aeb93125ca683edfa28a607f79202c31e110b5
+	C = f4491eec7f27aaa55af3e2fdc32c2ea756c83acdd7ca630d2309a1b24fdb31989516e9c96b7c0a2065ee1674427dc765de75ab9ac4ae5b
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 26a0e233e82b652a8b1bc7d7022fc8cd2a68e448cb229d736a205a686c702050
+Nonce = 6e672ada2a7d91f32b6782665ac4fe05
+PersonalizationString = 
+** INSTANTIATE:
+	V = 30079b254a301aa5d2dd2bbb2654e23ccdfcc5a31e09cffb940e6f23b33524cd7ddc2cf8f55c32a6f2710f18e84d3ec1bfe8b0fda629f2
+	C = 2d1602fe48ecc42178d20880f457fd26f0589d3bd9539c44e2ac4e5a00bc7c25a6ed00b677f45e0044b4b99ee4c467e26b84ee0d649506
+	reseed counter = 1
+EntropyInputReseed = e10b08da08bfaa79862556e43d5044e335ff06432cfaba132c244068b0584902
+AdditionalInputReseed = fdceea92c18b2615c93835fbb6601cd33711faf6141592008fc3c47a4a15470f
+** RESEED:
+	V = ef51be33c9160edc485fdba199cbad5bce015bc18e28fb934e8ecf089c85866e0e93ccb5e6a8887d0024ea93dfbcf3547e6006bf735097
+	C = 3f0f4f645d52be79ad38aa5b7ec21c065069a9cbfbebab2ea2fb506ab8c618e0acc4f3651f0a8c43d1c5ab32170903ac01c402fbb22e52
+	reseed counter = 1
+AdditionalInput = ab1b981a6381f8a800cde41e65bc5a8708d78a3473134ca16c93e723d8c13096
+** GENERATE (FIRST CALL):
+	V = 2e610d982668cd55f59885fd188dc9621e6b058d8a14a761d61518ddcc9e57253d271af226cfa663735fccd21fe28a0aeb2eb4f8824d49
+	C = 3f0f4f645d52be79ad38aa5b7ec21c065069a9cbfbebab2ea2fb506ab8c618e0acc4f3651f0a8c43d1c5ab32170903ac01c402fbb22e52
+	reseed counter = 2
+AdditionalInput = 69982960fa6f299a3cece71017c0bf9e9ac2de1609e4044da25eab6f3d346b45
+ReturnedBits = 9f0dfeebd0226f1651570fce4b6c398da61660a7bd6fbca587aebd876ce393eb92c5948808081a386e02af7a2a390347b7edcced072dd261dd18fe180a0e0c1dc3af56193c3c0c3b222bbe6cbf5c582429c0a9fa4ecd3f2f76c205818bab205d8a2a06d49824853d8a7b65c42586df6783aefde96c6b8d336abd7cbeb97eda1e
+** GENERATE (SECOND CALL):
+	V = 6d705cfc83bb8bcfa2d13058974fe5686ed4af59860053426397cbefe456aa64d52e11a8f90858c906f0643473cddccdd91b05d71c03d3
+	C = 3f0f4f645d52be79ad38aa5b7ec21c065069a9cbfbebab2ea2fb506ab8c618e0acc4f3651f0a8c43d1c5ab32170903ac01c402fbb22e52
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 78d887bf3e73e00310f0b0b59e70ad8c05164a1ec7ca3bed53a9af11d56ca7be
+Nonce = b30e2aaa9fac5c1fd38be61497211ab1
+PersonalizationString = 
+** INSTANTIATE:
+	V = 17116eac6fc42e02a5b95c97570c1dbb6160157af96a3e69071a3dd6364a02fcab325f6e3bb058c9fbd3d91621d9be9c7e46f5d8748e1b
+	C = 58a1d8959023cc63830a1622af14c9a475b38116045c91eace3bcd066a06703e6a52a3b700d523fc5d05fa420636fd8efa4bea0a4114a3
+	reseed counter = 1
+EntropyInputReseed = 81f7e689028c9d45b2c8b671a6098f5347e04b44bfd68689f9129566445b322a
+AdditionalInputReseed = 40b061d63d1d93d317e3ad81a7c57849fb4f306b79cc78d027fc8f3d6e2edec3
+** RESEED:
+	V = 213d8b5f55c853c6f0d76b1bab279f5e80c2854e7aa0d931f0f25e742e15ba327b8217537f52e434e4f5f973ac35d5c73e0fdf001896ce
+	C = 5434e93af6e1dfa4efcf70b888aa124636c65824087ff322b4da9642dbee8851f9e59ab834f8e6168853022ac68b9ca1b869c5aedfea80
+	reseed counter = 1
+AdditionalInput = 0af607b892e83b3f342cb6bbaaf52c5341875eb0d8cbd45b55c2de959248a111
+** GENERATE (FIRST CALL):
+	V = 7572749a4caa336be0a6dbd433d1b1a4b788dd728320cc909d7470f22ec80fc1d8511fcd4c1d95f7a9a66bd3b21052c7d9dfc5e41b3852
+	C = 5434e93af6e1dfa4efcf70b888aa124636c65824087ff322b4da9642dbee8851f9e59ab834f8e6168853022ac68b9ca1b869c5aedfea80
+	reseed counter = 2
+AdditionalInput = 499f904b8dde43100106a5c838868abf7b7219bfeb843c4ebcf7b8549a86a7c0
+ReturnedBits = 97e0ac7ebfc82df49ea8b9d1a936ca66e1fb54ffa747f641bdf50d22b5dab6367c12e0245b73b911e951357c50fde0eaf32224981379149e454ac74582dec3adbd796081ed61191eb4e5e37c003682e83ca4043833d2ac8a77ba0af129e747ba5f2809dfbd1998a6525cd43ce8f730f9e63541c08f1401bbe076879f0e979884
+** GENERATE (SECOND CALL):
+	V = c9a75dd5438c1310d0764c8cbc7bc3eaee4f35968ba0c0c4d439943ecd26f76fad81486804dd253c2014212918c1aa919caf7b7cb1ca29
+	C = 5434e93af6e1dfa4efcf70b888aa124636c65824087ff322b4da9642dbee8851f9e59ab834f8e6168853022ac68b9ca1b869c5aedfea80
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 817aadcb5cc04f69ca219cc57ceae78f070c1613413f5ce7ed086ab9635d8b85
+Nonce = adf1136f1da10acae16150f25a68b690
+PersonalizationString = 
+** INSTANTIATE:
+	V = 599ffc5663fbb50f64abb2132cba10bbccc3ce5758ef6dd78b30e694501c4cd2ae17990bb70c33694cff9ebd00dbc538575df6a8a78d18
+	C = 0a7e23e9570ddff1e918b10b955da8283aa506b8819b877425dc31c73db54f713cbfd09db2cbb3d6d751a63596d0fda4e4931fd7fba26d
+	reseed counter = 1
+EntropyInputReseed = 22f6b1363ea98f2e87985d685dc696258e87d820b54029238f8bb463cbdf5a31
+AdditionalInputReseed = 50e48b335a149bf35cff6451082dc6af870eb9aa56d7c5dad7f58483ed384d79
+** RESEED:
+	V = 0078d4d08824048ab2f930069c2ce53eb4dd81f4ed8e4505936c4cce7c82edcdf5a17f2e40b24e849fa4783edb8681bb1a8ef350294cc7
+	C = 5bcc59b90fe14792a950de0d7bf269356c130e23fb053cf69fc0ba12f7a36ac981e2e2e532d8a6e3fa653eab3049b12a759bdca56997e5
+	reseed counter = 1
+AdditionalInput = f1c5a47564e90c16d04391d5001763352fb9f1688184eeb77bf60d582797de99
+** GENERATE (FIRST CALL):
+	V = 5c452e8998054c1d5c4a0e14181f4e7420f09018e893832a4314d2d62e775ad166b442334de8d1b306b66f202db073c2cb01dd0645bcaf
+	C = 5bcc59b90fe14792a950de0d7bf269356c130e23fb053cf69fc0ba12f7a36ac981e2e2e532d8a6e3fa653eab3049b12a759bdca56997e5
+	reseed counter = 2
+AdditionalInput = 5aa0886f486d2b56844d7992155311dd317ab4cbfcf161819b94b7b6854fc457
+ReturnedBits = 664a8f0aff57684efb85570667e206c72e4d9b004d6616524de5630489fc757ac36d94f9b9e4ab376cb5d70fe51acd7545e3f23852cb545fd0485b34b1d5236f393017555d32120f3e1753fb44afae47b94de7be4fee0a31526f0ca2ca80c272dafba701b90e38a33e1b9d4744745f67f1a5c41791198aa63bb2f5a3c4a50224
+** GENERATE (SECOND CALL):
+	V = b8118842a7e693b0059aec219411b7a98d039e3ce398c13a87c8de563585d7b6896f96d24d3c1e1b8df7f683f2b51170c691e8b6fa77db
+	C = 5bcc59b90fe14792a950de0d7bf269356c130e23fb053cf69fc0ba12f7a36ac981e2e2e532d8a6e3fa653eab3049b12a759bdca56997e5
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = e1432538d0bdc43ea82345d046ae2b073ef2deab0fa65d4a65cff5a3996881f7
+Nonce = c39424489f1f27e1d92e694613d031dd
+PersonalizationString = 
+** INSTANTIATE:
+	V = 63e232b7c76e95e881081a80dfb9e2afad25020699d9d0548a3c12f6b42f9afb1b1a95c5fc30b82278b31398f7d6017980b0aed27828c3
+	C = 78e258d56a1ef1c91a0fa57161b08548c8ab4d451f01365418da918a45b1befaa180a987dcf4450cd70ce2319eac1ded7ddf0bd2daa7be
+	reseed counter = 1
+EntropyInputReseed = e16a4ea77936eb7a55a17eeadef810e123b79cf60658ddab3da86585063f2116
+AdditionalInputReseed = 6c5c504cdb679e45605f5a491596b00b2f1010b1c6ec4e17c845cdc660274b68
+** RESEED:
+	V = 9b19829d5175188654597896ad977b3965a1f7b61e7c93bec4b8927ed0595d22943309fbf52a1d51bb3bfcfaf0085e475f5ea3cf854f53
+	C = 890f6ebae722a8b0553131bf8200b5be4e774c15afdd43df1b883aee3656d3133f564c68a2645120f2b2ed42b6e42aa864621e7eacfb2c
+	reseed counter = 1
+AdditionalInput = ea49ea7d63d1dd4ca882c3f0051489df1ce3e204d95a8320625791df9accdea8
+** GENERATE (FIRST CALL):
+	V = 2428f1583897c136a98aaa562f9830f7b41943cbce59d8b80bdef49c87b39870969097b2283e9c4a1dc8ad2372ac7dcbb3ac5c27f7c67f
+	C = 890f6ebae722a8b0553131bf8200b5be4e774c15afdd43df1b883aee3656d3133f564c68a2645120f2b2ed42b6e42aa864621e7eacfb2c
+	reseed counter = 2
+AdditionalInput = d04218ea53b21da97dc63d37194400c0e2cdcef2b427a303a8b8dbfc6e54efb5
+ReturnedBits = 58679378fd3a839e3ff758a2104811211b5a6f63e998eb5326e3871870c5cc09a649a46e03030a8104fa52aaa1cc0d00ed81e6e83b4a9bf6c531879be728a6f4fd5ff683710047f2db42c7498fdb1de73674b79264ecc17d1e8656953802a49d548c7fe850f53fa743ef8fefd32dee3f6816d38648ab6cb7aca8c83f8c3925bb
+** GENERATE (SECOND CALL):
+	V = ad3860131fba69e6febbdc15b198e6b602908fe17e371d9a65eda1fe790013fdef50a9a617937abebb5080b2c168e8607849f37fcb55f8
+	C = 890f6ebae722a8b0553131bf8200b5be4e774c15afdd43df1b883aee3656d3133f564c68a2645120f2b2ed42b6e42aa864621e7eacfb2c
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 1487d793e56dc3867d3f33c9204a8d057bfd228208215eb0f161e11792102794
+Nonce = d5e871ca318a6cda1e4aaa0d697d79df
+PersonalizationString = 
+** INSTANTIATE:
+	V = 84e2b0da5062e2b5a1f1f02bf5da6182b423155a1686e6142311941b69631ef6b6c80c670c810334a7cc6de2e2fc604aee8428ac85d8fd
+	C = c83ebd400af617010333cc9cf5242e11370776c04d62eb79af23c390bebfcb39e8246d1b25b023d5e33c03561d8aecf04a4bf309e91364
+	reseed counter = 1
+EntropyInputReseed = 76f885f6c18187a06b75e52a6a1a438d1ee3fdf3440e2aa9d3dd34ab46f44b9d
+AdditionalInputReseed = 643d12c8cd8fc6cd718d91a77670db6f90af7b7a4e5b05d1803660833aed5678
+** RESEED:
+	V = 0330c868a96da6f87788627e836f77ae10458eb97f2bf47a06f0ca0c55f5601bd361f6ad3739809141600495a58e4cd2209a7d9e550db5
+	C = d426a24e858e380ad5445d95424a1bb032bdab43bd5580460344899216654999eab94a27de05f2e5e466554770b2c74d8f4d944176ab2a
+	reseed counter = 1
+AdditionalInput = 4df6c1e02de6cd38d108eb61818cc46a5e3e31195f3ae62cb15bae1e442164d7
+** GENERATE (FIRST CALL):
+	V = d7576ab72efbdf034cccc013c5b9935e430339fd3c8176a28b81f5ffb74113f1ffa4afc25c43a4b97a823a837ab8b2b96fcec29d3b7655
+	C = d426a24e858e380ad5445d95424a1bb032bdab43bd5580460344899216654999eab94a27de05f2e5e466554770b2c74d8f4d944176ab2a
+	reseed counter = 2
+AdditionalInput = 347d96accd3a0017f575470a480dd3768b32685e92980740fa6598bfa33fed76
+ReturnedBits = b5c50f0d9bc591d1df754192f6333d13bae2ac7405c3ef659f6271863ce16089315574dcf7aceabb40dc02f898a9296075745c6bd266bf39721ff834e97d64b9ac4988667b677b1e5fc87a2abad191f7269c1884912722d7c00e6d589603fe9764bf43fcd69a87f639b5d779e9b26f4e15f30292cf42d85f89db57dc91c8b9e7
+** GENERATE (SECOND CALL):
+	V = ab7e0d05b48a170e22111da90803af0e75c0e540f9d6f784b7a78ec494b068c09f3cfaddc42df9e07c72f409b03832bcecf817985f08bc
+	C = d426a24e858e380ad5445d95424a1bb032bdab43bd5580460344899216654999eab94a27de05f2e5e466554770b2c74d8f4d944176ab2a
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 40366f06f40d0ed1a25ec7c671586cdb094b3c48998a3621d54906421dd6397d
+Nonce = c843b6a39d1d6c79ebb0a924554a4409
+PersonalizationString = 
+** INSTANTIATE:
+	V = e5f62642da2c736004b07cfd23aa06e6c0441ba6aa78cc76deb474fbcbcd3945922a56cbfeaa39c0d4ba44a7d76a608091057fafea11d2
+	C = 527b32796359cef0a6a2ed23e165db53dc4bb7b89649185424fa9739ff0e64235cf34f34c4b2c118223ca0bd1527def47eaf43ed8a963d
+	reseed counter = 1
+EntropyInputReseed = ff78a5696f56d126012a152c8327f3e4b2c2ca5f05a9e26e326d145c53130f65
+AdditionalInputReseed = ddb1cd17ed8fdeefafa2a2170b894f0dee024402b6fa7d1156503a3166a3238b
+** RESEED:
+	V = 38e6fe04b9395f50f11d6d88500adf4b6146c4b1857aa2f9fa7e3f5de92e6d661cd6b9fc916e3e8cfae84571ef54e271a30bcd382b8f8e
+	C = c5333e55103972fb609003fe1f161aa92bd41a39658bc86408e4f7a1c6ae1bc0c1532202ee79f8bfa913488baceda2b01594067ab5d3ef
+	reseed counter = 1
+AdditionalInput = 96dd841a1f1a5f75bb0e1dcd6b462dd4021f2476547a7fee54842c77913d2349
+** GENERATE (FIRST CALL):
+	V = fe1a3c59c972d24c51ad71866f20f9f48d1adeeaeb066bb6c524c6aaf7364e0a5e88d65842f32f24ca116c00e12f570f053f0d4fc3176f
+	C = c5333e55103972fb609003fe1f161aa92bd41a39658bc86408e4f7a1c6ae1bc0c1532202ee79f8bfa913488baceda2b01594067ab5d3ef
+	reseed counter = 2
+AdditionalInput = 43f267ffe203227d50d258f7c66a3133c522e3a76e0d2510062f26f05d757e62
+ReturnedBits = 3fc93a1d874f87f7c5ade39f41a0db2da17e4388f43da41bace8fe5656e3053653224ac137e030ffd271d7d8270039e4cff733ce3d6edc01b329d240c72928500a2ba96fb899d5f5473021248e903d9b9bf1ae5ea4df091cccf02b735eb1ba6bee80deb879386966e9905ed3895daf41905ad52430d069fb791410a302c14bf5
+** GENERATE (SECOND CALL):
+	V = c34d7aaed9ac4547b23d75848e37149db8eef9245092351430536537b630ae1328d87223db4f539b29b7392d0766b17dac0d824274c2a5
+	C = c5333e55103972fb609003fe1f161aa92bd41a39658bc86408e4f7a1c6ae1bc0c1532202ee79f8bfa913488baceda2b01594067ab5d3ef
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 7c95533ba72a6cb2c07319060f447bf149e6fdc6da76cfb472eb54724b021f1b
+Nonce = cab140848787266a25c9ca47227d5f4c
+PersonalizationString = 
+** INSTANTIATE:
+	V = 4cd7c72e9e735a374b3ebf3caaf36ef1e8b8847e3a37b74fc41f06bcb925f5263f5493023c967de9efaa574e82b3c879c1ba6e2adb1581
+	C = 023242c45c61c1b2900168fe3e439c96ede48a01e71d8be1b8cc20014685948bc13fd8f74e85da5a53e7567841b71943915d5b5072a977
+	reseed counter = 1
+EntropyInputReseed = c0c5ca59a1a97b3c39632bf91d23ed8237978b306ed0b2b5680c954489e622e5
+AdditionalInputReseed = abd2ee5dd73713488c2e35896213faa4615c412dc3be79e4532bd2732d73c6d7
+** RESEED:
+	V = c882a3b51c624149e46353837528ee4fc5fd2be1014054af7c4c0d7af03418a28477aee2aedf03dbb46fb0794b9c4446292d1b0f5efe1c
+	C = f15652a4197b725900d4e85cb3a71436b305917bcb01b919f06cef7f3e378c8532acf84947a8c2e1f322957636fc79449fd09b5b42d6c0
+	reseed counter = 1
+AdditionalInput = 9675e94cda0710cda4d395337f8fa5e340d3f35c826fde187302ce518b31b1a4
+** GENERATE (FIRST CALL):
+	V = b9d8f65935ddb3a2e5383be028d002867902bd5ccc420ea040d23afa90d6c0fa1b3ea468cf4c867df9142d4fb4c77708c540a5072af277
+	C = f15652a4197b725900d4e85cb3a71436b305917bcb01b919f06cef7f3e378c8532acf84947a8c2e1f322957636fc79449fd09b5b42d6c0
+	reseed counter = 2
+AdditionalInput = 2b79becaf40b9f5a1d6a4e1153f837c2da3b5c16c0470c1c0fd71fbb6a75caad
+ReturnedBits = 17c0b863ea766e7da05606128617a75356ad76c77b939e021a2cd62ded01725bbd97da64749e0fd1b82112d30022dcc00c08941874e83e44c6854a9d3a188144ee91c8afe72acc35d7136e45f563fc57be606e071a9f25f8f4cfd2ca3ad0858ea70aa5cc62c395e8e58f4883f04e5cb1b72914f9c69b9abf7cea02b58b153ad3
+** GENERATE (SECOND CALL):
+	V = ab2f48fd4f5925fbe60d243cdc7716bd2c084ed89743c8f89fd1e0d0f0c059d8e3cef251eb6458405f1abc3be2f9b31f289ed0c0dc9fda
+	C = f15652a4197b725900d4e85cb3a71436b305917bcb01b919f06cef7f3e378c8532acf84947a8c2e1f322957636fc79449fd09b5b42d6c0
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = a2a45c6c2dc5cf02ec2025cc554d1a0f53d09b5af0655173269c8fd4c78df823
+Nonce = 711c71cbec8fd52fd2fd62fa85967663
+PersonalizationString = 
+** INSTANTIATE:
+	V = 926f0aebb8267316205111beb5e4e2a31d3795c97c4c567974f8e4ecccc4d529c72649c05e2b3b7cc115958bc31581ccf1cb1d359e6408
+	C = 972a0aa3b93c08d11b43752bed2247e42a9c5be721edf3e895cc546160607a47d7ca51acfbb9f32e5516601db723e169ab5913798a1f4f
+	reseed counter = 1
+EntropyInputReseed = 1378333a5e89e2ea1caa47a9e954fb19cdc7aa883884691dd29a4fa630feabee
+AdditionalInputReseed = fbfe40e62f9863ee7b5310a0dc8b5b7dde2f1812b5edb5ae6429b482c2ecc79b
+** RESEED:
+	V = 1a5c74e9f15c9d3915d5106455942ea9f3d14c36ceae657716684fcdd71668da7548dc27e1ec0eee45a080d67d6c18e3020ec120614a01
+	C = 923fed4e93c9f4888ad6fd8ffc5260f9598f8c37b8a98e49a09dfb08c0e37dec885409973a4a095b32fa7e56899c6ffbbf17c2d8dba0a2
+	reseed counter = 1
+AdditionalInput = 93271af872d04b680d5e3dd58f96cb63c7dfd09c12f6886729ccfb7769b63e46
+** GENERATE (FIRST CALL):
+	V = ac9c6238852691c1a0ac0df451e68fa34d60d86e8757f5a05f64a1448a3f4548a60010a6a8a31d2724406b293c8760e15ae173c7936f30
+	C = 923fed4e93c9f4888ad6fd8ffc5260f9598f8c37b8a98e49a09dfb08c0e37dec885409973a4a095b32fa7e56899c6ffbbf17c2d8dba0a2
+	reseed counter = 2
+AdditionalInput = 1dd8d97dac13761a9aad9afd5f6c1040ac270a006d8a236398e752f3e5358ca9
+ReturnedBits = c260a8d21815cbaae5d80089097c7cc048183bce547b22e3e8a71e19e0199a5d1512a4531d2f19b7ed68b02896704dfb3b8a5b588deb4182c5e57cc0a1b94fcaa1cd53f56b5dd2473136fac6395925d1f79d0d514ec039228238c7be9bbefcd2e69ec6abe09015d240bb09fe3a10fdd413a5c5ac9dd5c0f1054fe00892c28855
+** GENERATE (SECOND CALL):
+	V = 3edc4f8718f0864a2b830b844e38f09ca6f064a6400184d412ce8b17370c9eb1a8d98ae23515254518551022d4029ab7333c8e13cfbc64
+	C = 923fed4e93c9f4888ad6fd8ffc5260f9598f8c37b8a98e49a09dfb08c0e37dec885409973a4a095b32fa7e56899c6ffbbf17c2d8dba0a2
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 94335cd1fc76b0d42518f6d110a008666743f2ab25c94c6a4a81d00fb499672e
+Nonce = 8ecc9cc471cea7e5371950c7fbaf0967
+PersonalizationString = 
+** INSTANTIATE:
+	V = fda0e351238e4d5484e0cd3591ff25abc880d3098fa8733fff41c0ef704b8405b7cdf3fe0bf13e631216ce4273937cd428d59d6a2d732f
+	C = c469e82c320a5b3006925ea4bb4f82b5ce894c8b85e5ebacef9ae3aeddda65961d37e3091b4cf41862a1fb8a1ea68dcc3afb0c45a8bf82
+	reseed counter = 1
+EntropyInputReseed = 2ece128928e401d68e2f5e70d8ba9b6071a2dd9b4c4791cb32c8c9f829c11eaf
+AdditionalInputReseed = 2da9dd0eca2b5837795c2a3a380dc73c5eb7bb6d1cae50e20bfebcfee8aaa8d0
+** RESEED:
+	V = a31de87fd2823adf4b84b810505d1b969730820450af128310f1511a0a5789755eb4a8300ea7205e06bc30dbea5f49e4937b7430fbc223
+	C = be13a4ab4dd8df2a8639e25711cb99f4bb1302a6cd62e5b2aa3801fcac58427e9647925bc74e8c08e299fb5b3467a86faa050a646532b0
+	reseed counter = 1
+AdditionalInput = b3dde869016fe7f3648b3ad9240bf386c8bc6b4755cf205885c198884a7aab73
+** GENERATE (FIRST CALL):
+	V = 61318d2b205b1a09d1be9a676228b58b524384ab1e11f8dc83a71e0a25c746d6728d462fd2165b9ef6349cc41711ee751f4c16fd4ad4e6
+	C = be13a4ab4dd8df2a8639e25711cb99f4bb1302a6cd62e5b2aa3801fcac58427e9647925bc74e8c08e299fb5b3467a86faa050a646532b0
+	reseed counter = 2
+AdditionalInput = d45b298c45f9f6d01083fea6766e0d40e33630a2f6fb7bda6c81bac4291abf93
+ReturnedBits = b112892a3943ec96ac8ea4d9ca10bde37c8d2c93d5b7e61ceae108e8b62d15143d698321714af5d1a31787e4bf64378dabf69c7f77616ae704e30fe4262d0fb13e96c405175f13c74031c6bdf9f629c075813da4cbf33b2a82368e37a68f2f66f550a7ae3e30c9261fcf40da8defec3f5b27daea31214416ae8f2648c04c9f74
+** GENERATE (SECOND CALL):
+	V = 1f4531d66e33f93457f87cbe73f44f800d568751eb74df3bf0ac63ec095c6358c8697ec8c47204cb48193a3053d0d152afcf422afd6555
+	C = be13a4ab4dd8df2a8639e25711cb99f4bb1302a6cd62e5b2aa3801fcac58427e9647925bc74e8c08e299fb5b3467a86faa050a646532b0
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 49cfca43ce2d1a2658ee33295061e06ba54b0af99615dcd01acee047a84415e0
+Nonce = 716633bd99f2fcbdb69e15d0f8fa83de
+PersonalizationString = 
+** INSTANTIATE:
+	V = 76df7e9c3b6d2b4718c0ca972540ab20f1e570a784e549adaada75ec8c204dd1a6809b53225f21260a235acad023f2d0ad4d72bca0da00
+	C = dbcdac9c31071829d392faeb9aba052cec2155dc113b4cc7624e08dd0623cc29b45ab28c01eb9fa3da02dc41c25f00db07f9b483e63e0c
+	reseed counter = 1
+EntropyInputReseed = 3314e32a22dff3b39a087051e01fece69629aae36d7a78648b33747b446c72be
+AdditionalInputReseed = 2651e8b3cfa53e684e08dcd4ac095423d9d58aaf99df0cdae66104f923d97e8a
+** RESEED:
+	V = 9671f867991f622834b1a48836596a996ee416cd0eae6915af62e4127a0b4cb83d84d0d6bc75406cc028d2cd19f9ab7ba36399bf246dee
+	C = b357188b915da6e9ca22817580bb30e7b0750e48776d9015089b80ff24d8387534b61bade22fa707320042b9eb826b10ba43d9447f2de5
+	reseed counter = 1
+AdditionalInput = df93ddfd30ea7f0f7efd12cf46dbd69cfbf6d487ee7a6a178c29294428697c8c
+** GENERATE (FIRST CALL):
+	V = 49c910f32a7d0911fed425fdb7149b811f592515861bf96937427bdbb40756d4fe906534e777a5a522474cb96f9f93e410ae5cb54a61aa
+	C = b357188b915da6e9ca22817580bb30e7b0750e48776d9015089b80ff24d8387534b61bade22fa707320042b9eb826b10ba43d9447f2de5
+	reseed counter = 2
+AdditionalInput = 578321607ee9d8e8ba0c1009fd0bcc34bb9651ba8f4bf978070463dbf36b0ca1
+ReturnedBits = 671fc9585a22addb52c6c19300f48210029c9f4a75afc9cbe9d3c9c5b8342e0dfed5089ca158269521b173709cab51de0e1113c063d217096a7906daad6604ae5b3de8612f79b9eee8cec4771052fbfdd0e799a3aa0ba25ff68a03f51d1fbc3277451b71913b51e04def500f709ba8f3eab2055ce51ac752ce73745c690ebc71
+** GENERATE (SECOND CALL):
+	V = fd20297ebbdaaffbc8f6a77337cfcc68cfce335dfd898a8e4dc022b32d325924eea579162edf900c1f7a066ee0448407a23e0548c1239f
+	C = b357188b915da6e9ca22817580bb30e7b0750e48776d9015089b80ff24d8387534b61bade22fa707320042b9eb826b10ba43d9447f2de5
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = e22404ea13f8b54c52b4c017b727dab7ddd0da3b30298f9034a4529d02c2758f
+Nonce = 98e4b090533af4fcceb53f76007673e2
+PersonalizationString = 
+** INSTANTIATE:
+	V = 6c1c8084f96d9677ebe3652cb0218b312225a4e45059396d793b9f9e4189cc5f5120c59bdd470534201e895166eb30da9d9d05ea127b6a
+	C = 8bec95b45ed373455deaab8ac828854354081e1406be7aa118fd0087b91137854400a50394211f19955d2f04b727b84a3e10479847914a
+	reseed counter = 1
+EntropyInputReseed = 7423beb12f1bbad32b109d354e4234d24beee40668b1d9129aff0c5ddfaa8cb5
+AdditionalInputReseed = 12290535f046a8e85731408518d8e6c07bba128622c754d2270f1b8efcb912ac
+** RESEED:
+	V = f851eb24d390e5d339d7ec6b1fd5a01058df11d24517a7abf6db2272af1e0b900e772f67141b16200ccf0928c5680033d9091b682cdb76
+	C = adbae83204a49e2fece9d5266ad58c71dcd98fd551984a4bd1d80ec64adf94c4a1151ba58c3fd8c083780cb0ef480a1348efeac9921f79
+	reseed counter = 1
+AdditionalInput = 3b6fe285197b493bf97a3a08534eb88fc5e86d569003bdc1a84abaf44ecbba52
+** GENERATE (FIRST CALL):
+	V = a60cd356d835840326c1c1918aab2c8235b8a1a796aff3cde312c5e562d03d1d62f79dc5980c08e2fed2957bd068d54c057cc7f898b871
+	C = adbae83204a49e2fece9d5266ad58c71dcd98fd551984a4bd1d80ec64adf94c4a1151ba58c3fd8c083780cb0ef480a1348efeac9921f79
+	reseed counter = 2
+AdditionalInput = 060bb157194d5d8ea2eb561e9fd34a42b1d6ad8ac98d310b1f16be011332757b
+ReturnedBits = 89ca4e473d4f52628b3ea144e47cec863e87dbd97eae61f76ffdd4315f0fe81e828e9ea49fae82f6ff122a160834edbf7355576887cdb1e9069f62e72268fe1ecc915c3701e9976bc1b6557f9d3ab40e0e35e1cf98d6db572c7d38659ddf367a3089e0a0d4d5252ba4b03ff559b608bc91c86651148d57390689eda1d312e449
+** GENERATE (SECOND CALL):
+	V = 53c7bb88dcda223313ab96b7f580b8f41292317ce8483f4e0bcfa504b87b299c9f58d5736132084dba988e3e657419b82f4469b27f1c09
+	C = adbae83204a49e2fece9d5266ad58c71dcd98fd551984a4bd1d80ec64adf94c4a1151ba58c3fd8c083780cb0ef480a1348efeac9921f79
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = dbdfad30f70774e58df06098828cbee5fdf676e0ff67acbef7b9e539d50ec6be
+Nonce = 0dbe1ac3bf600e33ff4173ae5af3a19f
+PersonalizationString = 
+** INSTANTIATE:
+	V = d4f2ff724ebcf519d91863ad3b37c8f92eb7e86171fce5faeaf69b7f4ef10848cfeef1e310ae89c54d3dc8069011f7228a86b52c5a13e8
+	C = aa492f010dc0ed72f2eb73ec95318d798b34d770803566edb59813e498f776e6ea014f299cbccb03a34f6ce1cf142fe25831456945f754
+	reseed counter = 1
+EntropyInputReseed = dafd010c52578eed93b777c007fcd9b6c63939bae457576a34989e072a00ea88
+AdditionalInputReseed = 6f192039abee3fe77955d31a4e0c2d82b718a1ca5608bd2d822b0a5bdaed8fd3
+** RESEED:
+	V = 0c64c8f2363843c8ff4bf8260edad5d9bac653251e33d24f8578b9a07f6b8d17eea3f255148e24164be9828d47ac47fc0d0a0b7432a1fd
+	C = 6e3ec4e2c84dcd086b2ff49bd9156e36c1ea57ce3cd6f669029221e33d7db65c73575895c049feac4aeb25ccf1b863fe8537544696b2fa
+	reseed counter = 1
+AdditionalInput = ef8e36079918a8d503122fcb7e722b76f69ae05102fe60b9a4f43520f03f3091
+** GENERATE (FIRST CALL):
+	V = 7aa38dd4fe8610d16a7becc1e7f044107cb0aaf35b0ac9a1b9eaf045eb7f50d9860aead385bde32c71349a71584863c93d61f33123d23c
+	C = 6e3ec4e2c84dcd086b2ff49bd9156e36c1ea57ce3cd6f669029221e33d7db65c73575895c049feac4aeb25ccf1b863fe8537544696b2fa
+	reseed counter = 2
+AdditionalInput = a6fa780b883b49adc28ef85622f0415ecbfb2deb0c8f4d356eded9d5044af28f
+ReturnedBits = eebaf267cac6d17b7da157c07b9b227b9468b07958ce640010ed287731d63cec1c209ceb560ef50302d0cccfbdc38372e21e62c9b7778d4fc1b9f102cb8a84f1ce0d56a0a8fceb9828670cdec900d2feb253696c1db83b78af37d300539bd6bde6fbd7f4b002718fd169fd960b03db8748d1e6c7c7f497aea48dbe38e488f59d
+** GENERATE (SECOND CALL):
+	V = e8e252b7c6d3ddd9d5abe15dc105b2473e9b02c197e1c102414c0e1e3b84b01fd8043c0ad6b706d13db508461e3807510e7e1f3780eb87
+	C = 6e3ec4e2c84dcd086b2ff49bd9156e36c1ea57ce3cd6f669029221e33d7db65c73575895c049feac4aeb25ccf1b863fe8537544696b2fa
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = c604361c40df73b500f2d78566c0f25de3a92508cb7e690c0e6982a7730d96cb
+Nonce = a9798f0e17277fe24512bbf64c4a8acc
+PersonalizationString = 
+** INSTANTIATE:
+	V = 0f6df989624d15f0451b1d73568bb4ae8a00606e8a3e693475006160e17278d211259173defeefa21aa0c0f62f2e6a6d7f2d3bb7e472d5
+	C = 1ffcf66ee9a61e4d4b04b620611a919db4cfd885a3a23f2c024550b28dcbfff1605005385ff06a1fd663822bc18e4a1be2fd4154949e50
+	reseed counter = 1
+EntropyInputReseed = c4a8c2310a0c28ca8ae126b1b8196f846da1b83d98494a2b3218111f8640b4de
+AdditionalInputReseed = 91bd389904cf3fc2529e92e1da74f7ef4d366a8a4de13d61a10163a6433d0070
+** RESEED:
+	V = 7174c08cd804959e4f7bf96c145757714ff1dbdb7fc00bd089a1e2c19ffb86c59242300327d4642a682793278c9e06503e8cdef6e4f27c
+	C = bdb416301cc9e1d801152fba2f0ded6f7dd0f8c4e291037facb1eccd3eb7c0e4586d5c2a68c62b15fceb8a563ee891b9f5cf1829c8c319
+	reseed counter = 1
+AdditionalInput = e477f4a8da464251a84d4027f67e9845bc3a9168571efc399811d9ef588b0acf
+** GENERATE (FIRST CALL):
+	V = 2f28d6bcf4ce777650912926436544e0cdc2d4a062511053473b1ebc5d97308337df2b9b097828fe1bccea81d405e32fad5cb2e79e2cbb
+	C = bdb416301cc9e1d801152fba2f0ded6f7dd0f8c4e291037facb1eccd3eb7c0e4586d5c2a68c62b15fceb8a563ee891b9f5cf1829c8c319
+	reseed counter = 2
+AdditionalInput = 5b273c52c337cfa17b5a4f24fbbf2210d7b9d2cc11d1f22fdd3ef789d0d7d7ad
+ReturnedBits = 7175c03bb75a1a2669886dcce083ae15e52bcef053f8ef03c7b988e460c6899d4dd6afc4c23ba7fd012d602625cfd648c909045e1780e4861022e91f0f839a4671100b0854b1da64b45b29b753aa0a4161562b6b1677b6e7d89f0d45756347daddde7c71c05b94d20793ae46ae1d8b5b062dbb3dfa0eee84686cf2faf82f3764
+** GENERATE (SECOND CALL):
+	V = ecdceced1198594e51a658e0727332504b93cd6544e214a140abd0b0aeeeb80c52701325ab32aa76f4523781fd668ca579e4eb0d3aa249
+	C = bdb416301cc9e1d801152fba2f0ded6f7dd0f8c4e291037facb1eccd3eb7c0e4586d5c2a68c62b15fceb8a563ee891b9f5cf1829c8c319
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 0]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 278996dbb037a275971698054e7de85eb44b06e7a608aa7d9646e8a0b1f3ea1d
+Nonce = 393bb47171896e6b3ade83e3486d8cc6
+PersonalizationString = 9de1512030eb0dbd1b933d600edef66564677820175d10155551111ddfcd6b16
+** INSTANTIATE:
+	V = ac8ce668aa9748fe13f8f059d73762ed035ac69498d4cd65e84007362a5fe9b20229d75ca5392c2604b4e1aad2e7168e6c207cfefd4e36
+	C = 18c7144af698bbc69c3a19369b57d34c111aed4583f9ee281c1fb0f087db554e8daee0ccd0c96f5af84b342ab553e0a6d442119b9821c1
+	reseed counter = 1
+EntropyInputReseed = a3be69a635073f21fc4dc191084229774afc6131d208160faefe4f7205b0f510
+AdditionalInputReseed = 
+** RESEED:
+	V = 7142bc2fe0184807895d8c98698f9fe79dc8814342d2dc3388ad6191260ba3cb447be7ef4822869b642a5e45fc69e9d1dbe9e1dd2f801d
+	C = d44bf1ecf91596b7afa6a90059f3a30c4efa10e1ddbaa0d8fbee32722af2804e7826cce5f9f5296c9fe3572eeee853c5cd1b388ccc993d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 458eae1cd92ddebf39043598c38342f3ecc29225208d7dcabf81985dc8311ec60e6892988cfedcb09c484f66980f0bd00808b1bc52e0fc
+	C = d44bf1ecf91596b7afa6a90059f3a30c4efa10e1ddbaa0d8fbee32722af2804e7826cce5f9f5296c9fe3572eeee853c5cd1b388ccc993d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = ddbdd96e206ab66cfc72e95f1d9551a549d01042f327573ea362e60684d10f07bd81342c9e0535391d16f61f9bae076714798fc26fff729e334212554a186d46ac4907e9720c23e9e7da96ce830d189421ac79e457203cdf208c058e1aa2980ed3f5c826a6c093b7af36252d17cf6de8a9bc1b05389b90d4749272b547190bd3
+** GENERATE (SECOND CALL):
+	V = 19daa009d2437576e8aade991d76e6003bbca306fe481f9828542ce4e968c0445437efaeffe75dedbf1240d434d14344c7a4e385481aca
+	C = d44bf1ecf91596b7afa6a90059f3a30c4efa10e1ddbaa0d8fbee32722af2804e7826cce5f9f5296c9fe3572eeee853c5cd1b388ccc993d
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = 3cf9890dd9eaa9012acb5ff2d65603e33c1bf64bc66edab6059ee198dc9d9d14
+Nonce = 1606491231df54f4f855ccae7857ba61
+PersonalizationString = 338e3608dc403205cb5547563b794eeca9af0cab129e3d4fa44089d135bcb653
+** INSTANTIATE:
+	V = 2a24cdca0555b110a678206b8290cd7910f74cda00043113b065498fcff540ebf630a460e8d9b5970305816c3a2d559977d668e467298b
+	C = 9c6185236de9ff88587f279603608e1f453637a79bc4efe5f6869f46d7b2d27d34a4e85fcd0d5e3408619b495251659b8b567f514b51b7
+	reseed counter = 1
+EntropyInputReseed = b9de51f9d39d11d4eef221a6f406df37f6d83f74b5b061723601b4706f9c1be7
+AdditionalInputReseed = 
+** RESEED:
+	V = 685db5f3d447bcda20a07c6c2f34d1696a347f97e678155bfa9bd3130e73751c32911af07024f6eea2851863e2b66cb35ce1ef7aa0555a
+	C = 651d63a4be150d937caffdc8ce658678d822537c3a903aa2db5e5b7193cd62881ed024708442b80fb64c6e35b391781ed87b8c76b729f5
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cd7b1998925cca6d9d507a34fd9a57e24256d314210850b795c29e6a95f338df2f336b6fa7ebf50b25a62ddec34c3c646e6fce815ff2d5
+	C = 651d63a4be150d937caffdc8ce658678d822537c3a903aa2db5e5b7193cd62881ed024708442b80fb64c6e35b391781ed87b8c76b729f5
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 406adb505387bed7c59c16df80ceca9869f4e7584d3813eecf9177fffa36d356917f6397acdc697ebe6b8a56e8a5f064ce647ee36926ce5cf33da8be966d051a428bd96b39892bbffdc341927996a4c2018b227188c86755259af2469fbb19e20cad5185fa40f6c4558b84f333279b81186209193fd66b3147f5dc925365b8ec
+** GENERATE (SECOND CALL):
+	V = 32987d3d5071d8011a0077fdcbffde5b1a7926905b988b5e4dabc438e0432e28c34f46d65f5b928652bbfaa825b70e821b78751a0eb2f5
+	C = 651d63a4be150d937caffdc8ce658678d822537c3a903aa2db5e5b7193cd62881ed024708442b80fb64c6e35b391781ed87b8c76b729f5
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = eafa9548440c0785ae3b939bc5cb3e3c17062e499add57da97ccc16d39cd22a0
+Nonce = 62e7b24bd0ff845c59bbb4c6c5fb1363
+PersonalizationString = e7d083b972459270bdc9b3303e87ff80cdceb6faa284dd53aa3ba44b60805707
+** INSTANTIATE:
+	V = c3a9a4cfea5fc4cdafd92318356ebb00dd86eee8fb1ee551885087a31f78a4d0972ac22555eb29aa1e6be2228382713856497639581cf6
+	C = ae36074870a6f35bd36c83ed4f99b52af0361fe1979a057bcc5a6ff89d735004039613fb0ef33a9746a46adde51bfc182a2b56202351e9
+	reseed counter = 1
+EntropyInputReseed = 3f386c5e53d99e78c519c2f8ddb2add43d71a4060f13ab29cb27350672d8a7de
+AdditionalInputReseed = 
+** RESEED:
+	V = 1830cecc560aa94f0747302b56fafd635173e393e0e4a4085aca19c94622baf9d8b864a653902a4369e5d131cde98001c88f2722ba83f2
+	C = 5249f98d78cec65f66fd7723571a99be430af7620b02986286f1564af8c1891ed8405d0250f3dd1c52e2587ab6076ba97e8e99a6c4f316
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 6a7ac859ced96fae6e44a74eae159721947edaf5ebe73d2aeda205636986cd575ff5af67c2d1c07aa18faad4e4a9529f6a4766a097c75f
+	C = 5249f98d78cec65f66fd7723571a99be430af7620b02986286f1564af8c1891ed8405d0250f3dd1c52e2587ab6076ba97e8e99a6c4f316
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = efa3b13abd300fd5be3c27d4e38078fef163a4dcf650a60f25227304a5fa57049143df874ee55a5d5049a75a176739c3adce128c83d217c264eb9bac95b8ffe210d7b67830448bef8a471b11372d8b52d21190afc7c924e73debac48ed8bbae58c76cbe98d3ed221e8906b41089cd0a7e3b0c029401d24568aef7413d6dc889c
+** GENERATE (SECOND CALL):
+	V = bcc4c1e747a8360dd5421e72053030dfd789d257f6e9d64c56c7edd7b8eec9489a6ecc4c9023afbc2981615322eb15ea09e3b87b6c975a
+	C = 5249f98d78cec65f66fd7723571a99be430af7620b02986286f1564af8c1891ed8405d0250f3dd1c52e2587ab6076ba97e8e99a6c4f316
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = 970f192838af08b37bed93144af2149146a4cf6cb18051f9e62c82294f88b40c
+Nonce = b4477a47379e9e4cbfafa54aa4f0c15e
+PersonalizationString = c9ae9ec24dd6f28380aec8afec784f22058a8323256abbbf625978949f485fc8
+** INSTANTIATE:
+	V = 9633554c8d573bb7e7332f0c27a38598007747ce51c9cdaa5c6b4a8b27c5eafe5ed968e656fb1abc10e7d3752712e825e959b6d2c700ec
+	C = 1439ff2f95adfca284a2859919f8386f1ca9348b83259737cb098981dc2cfc21d16a240dafa0414f21f3e8f512b8b5cba5447bf0958d66
+	reseed counter = 1
+EntropyInputReseed = aa72b2569b39bb44ac61e3bbffb5639afddadff29a4881b3867b2157bafb512d
+AdditionalInputReseed = 
+** RESEED:
+	V = 9515f2ce823ce7e08895e4caeab149473e839039b9ac3558f651df3cadae678ec878af4ac5c7b8941e7f578074e1ba96f61049b31f66a3
+	C = 17c3d02d05b7f1ab11eaf6c594054bbf33ba239641ea5d16407306f488d8b05c1c87d47ab7b59fc069aa1bd6e7f3cc92660d4e85785dc2
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = acd9c2fb87f4d98b9a80db907eb69506723db3cffb96934a713de4a15d85e7dd522c2b26ee38c3a3ca8e8fece629f8e58a025058f65d4b
+	C = 17c3d02d05b7f1ab11eaf6c594054bbf33ba239641ea5d16407306f488d8b05c1c87d47ab7b59fc069aa1bd6e7f3cc92660d4e85785dc2
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 709cf6335eb02287a94f69e59bf54a6ade807b638c6e7a984928c6c87028c541230d94683d22c016c2d11599dfd5f51ac7396edbefd51b2fa1cfa1231f7d836f0041094e86aa85baff7774821569ea234fa454dd80a536c8b3ddfc0373401dae417180836931408a7ebdf63f985bf4dd6e9306706d17f273b898ac8b4ec5443e
+** GENERATE (SECOND CALL):
+	V = c49d93288daccb36ac6bd25612bbe0c5a5f7d7663d80f09694ccd3bf4d9348bc8434d4f20b2750178b650469f1617126a998d45fe68f8c
+	C = 17c3d02d05b7f1ab11eaf6c594054bbf33ba239641ea5d16407306f488d8b05c1c87d47ab7b59fc069aa1bd6e7f3cc92660d4e85785dc2
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = db5c8c35f1a51ebb258cf3c2094d67e68f9cbb1e78cac8d6e18096cccdb6f029
+Nonce = 10418fbacad1658bfc3b47ac647ef296
+PersonalizationString = 5343b9c77328da7188b89fcd42d0189bc0839418b9a552a5549b2c0aa8d0ab5c
+** INSTANTIATE:
+	V = 80b46c3d0ff4ce3f7437567c412be59af78a8fbd0213982f42ea6e8f586de4224a877e0f4c9e0419d8edb3632e3bd8c4cef88ce6a70601
+	C = 082ef47d8014f9f3569b143eea52fa439516318b7d2055417161d6a5628fa6dc80700a344e2dc471384ac572a50a9e974180cb5e681b51
+	reseed counter = 1
+EntropyInputReseed = 7328ac1baee6106e858909b579e77139d595f4e0eba3736b53c5d1ef91c9e201
+AdditionalInputReseed = 
+** RESEED:
+	V = d7049afc4ef0933ad691779760eeb1153f968903caad4ac59910256c97dd7cce98dd8778d4eb12fbec6191046d87d02f26960a9ac1483c
+	C = 6f4c5e9036bf8fe221823271248a6cf6c4642b26c5edd6f5e0ca70ebb23d6bca6f534dcc73818ea725fe2a8bc79c55c2387508735d314d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4650f98c85b0231cf813aa0885791e0c03fab42a909b225fb3dda7181d622304b019bb9942c6e86592233a29af415035c9c0a9972abbd3
+	C = 6f4c5e9036bf8fe221823271248a6cf6c4642b26c5edd6f5e0ca70ebb23d6bca6f534dcc73818ea725fe2a8bc79c55c2387508735d314d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 55c90c50fbfe6843d89c77e06e9bc1f4733e5b775d4f9360d7fadb0a5daef32adbb4749669ca5b0a7558d35a4ff2969487832583099be3ed898f6b95a44a34d45c624dcc0197ceb59c71231ab7516df819c9c241461fbb27401f54f288326bf1eb5cac89c3e6c8167c64ecea382b4c756f35709274e628a6eb5fa5149a653ca8
+** GENERATE (SECOND CALL):
+	V = b59d581cbc6fb2ff1995dc79aa038b02c85edf515688fa22dd54de24d526c9b106d7773c2e9144de6cb184aed567777b378f57d7e3dae6
+	C = 6f4c5e9036bf8fe221823271248a6cf6c4642b26c5edd6f5e0ca70ebb23d6bca6f534dcc73818ea725fe2a8bc79c55c2387508735d314d
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = e32040d1d3ceed0d21dba6e6c5b46f9f9ef7f80a9abae7644c9dcc069e698462
+Nonce = db1de042dd469240b742b55bf34a61eb
+PersonalizationString = 235e3fb0b26797ead72e116d82ff3734bb1a02b6be5c2a109f63291c141d678e
+** INSTANTIATE:
+	V = 5d05c48b5742e77152bd9a10e4183884c27e20464427d7d669692ac6cdd8330e6c2fb13283f0e6da2334500b20fa12721d680cfa41cb92
+	C = e386b6f7ff27eb7dee1fdfff6ab1c71453367379fb734c3a5497f5d53ed37d7045c6f9bb448eb2b95c17ff7d7fd8c2197747f0379073fe
+	reseed counter = 1
+EntropyInputReseed = c3c2c044ce90759ae5787ee3037e9f2925dc8041aec240679ea54fbed2711732
+AdditionalInputReseed = 
+** RESEED:
+	V = f346ac8acbf84b8e94981dbc4735f998820f8d7df6cb0a1e4212a9dca0f313be63c9e7d32b69be89e5e24b580aca9472cc91daee50e615
+	C = d823a9ba8c28f994eb277d1bb23cf225c476dba2e0bfc6ec81eba61720509fd0912d29fc4f2f1f9e6fcd0f9c8be280d9981b01debafcba
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = cb6a5645582145237fbf9ad7f972ebbe46866920d78ad1d07ece71d093c17918028ffc53a4e75dd20046f53aaa3a15d44135116824293a
+	C = d823a9ba8c28f994eb277d1bb23cf225c476dba2e0bfc6ec81eba61720509fd0912d29fc4f2f1f9e6fcd0f9c8be280d9981b01debafcba
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = a97a0d5e2289de5e6ca419bbbeb35aff62a14c579516ac6148a046bd891dac4734c79c4539233517b5914e4a9ee2a3d51700e7486aca79418fa325928bed7afcadd601bd799cc982440a6884cd5cf527a4efc0f4d475794a1a3289209e0d14bc5301f00a251132121f42e23d2498e181f947a97fb617ffff45b984a09526aef9
+** GENERATE (SECOND CALL):
+	V = a38dffffe44a3eb86ae717f3abafdde40afd44c3b84a99a9549bbf52fffc4ae208d4a51ad78b38bd4f738ba44294c652bd0ad2c193ec0d
+	C = d823a9ba8c28f994eb277d1bb23cf225c476dba2e0bfc6ec81eba61720509fd0912d29fc4f2f1f9e6fcd0f9c8be280d9981b01debafcba
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = 5ae9f2c90e39cedc578f18acb14394db49cb80a1317f5ab567a4c8b63a9e6550
+Nonce = 39de769c5f4b894c686db2a2a3b97ad4
+PersonalizationString = 23c2d91bc109dae6f88ade1b37a399409bfe3abb27f09fb025fe18f485bf4b22
+** INSTANTIATE:
+	V = f88d4b54a4063d6e5479665b3e5017cd3c52f12dcdce3007c6bb17330798604284ef4139fc98d2e72ad0f48150de3dd81c2bb2a414337b
+	C = 5071bd2d74205edf80e70700dff35999e61a74ec3382b4da5e6ed3f532deceae81bca86e30daca8f69ce85173c7e30da3b5ae442ca9e69
+	reseed counter = 1
+EntropyInputReseed = f333c012f5f7012927693d93d6b3d2a978f20beb7a6fe9097c98f65cf506cd07
+AdditionalInputReseed = 
+** RESEED:
+	V = e2b0c9d1a5544ded1740ca3a5f82ee7b175d24125fd05852406980f445b70f3089b68c6c802f37fd56c8ed02c0b073bab0abc75d592899
+	C = 2533d78044f7f81332455263069ba6b64fc3cc7a408cd612566a4d3a9298501edf13a942b2d9c9931a5fadb48c08656aedda783c89cf66
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 07e4a151ea4c460049861c9d661e95316720f08ca05d2f5caa1fa630139f92a3deacd4b3970473b1d3e2d46750bfc5c6c430d1e07f398d
+	C = 2533d78044f7f81332455263069ba6b64fc3cc7a408cd612566a4d3a9298501edf13a942b2d9c9931a5fadb48c08656aedda783c89cf66
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = cc5ee87e9874271158c684386745f459cef08c66a348a5ff218d7be578bb3daccadbaaffd7e3078084d918fe60bbf2ff6f7849209b40a83da4d9b0e20055db2e7e068256d43e6e9513af874a244baef7a8b09a47be0632a0386d8d18ff4de5c72a9d0b6cc7d3a7c8dd382ddf82ea50f21b2cf438acacf8c8f1cd6f945fcfc12d
+** GENERATE (SECOND CALL):
+	V = 2d1878d22f443e137bcb6f006cba3be7b6e4bd06e0ea0589a0616a71fb4f0ee424db871c6d24ea02f379088f32c230ad34972a9fa8718a
+	C = 2533d78044f7f81332455263069ba6b64fc3cc7a408cd612566a4d3a9298501edf13a942b2d9c9931a5fadb48c08656aedda783c89cf66
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = 90ee010553829e81ea71c62ac412b60703458ede8aacab15e648dafa892365c4
+Nonce = 21ebe01086e154f90b8ce4be93638f3f
+PersonalizationString = ed0abc312898b7f93fbecf2dd3182876057898355e446f9adb3ca79cc2194737
+** INSTANTIATE:
+	V = d75235236ca2cfdce0ed85c5e66dfefdcce7720cb7f27db6a07bfe21e64f12059d50132d08f5c8dfe432112796d17318be3aff06cdadf2
+	C = 53a0b914451fcff8b22695acd754887c4f03fca58fcfc439fc9edbc1a069f94d090ba30aa07c139ebefe58c1fb6d146282d3c72d3eec0e
+	reseed counter = 1
+EntropyInputReseed = 32a75ccb9d7a7f6c88b42858311100a4f221fdd9f5ec4558b9d0b04ea5416f97
+AdditionalInputReseed = 
+** RESEED:
+	V = 47b1aa85cad726c93636dd639c9ff82e6801ad1cc1f8332b2f5b304d522cda604431d6ad6fe86ff6a47a3829e84c4299a5dd01ac001d7b
+	C = 3caccdd1f8a4f24cca9c016482b330fce1438db51b111ac340a291c2f2f705a4b209d1d6ade175210eeee088566ec3c93d630353156ddf
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 845e7857c37c191600d2dec81f53292b49453ad1dd094df36ca48ebc334a19a3fe32cdc0bca34ebf3c497ceb8dd805a0443c80ed798664
+	C = 3caccdd1f8a4f24cca9c016482b330fce1438db51b111ac340a291c2f2f705a4b209d1d6ade175210eeee088566ec3c93d630353156ddf
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 1c75a2ca380ff16f5451bd66bdeff1e4d039b5d84f5aceffc6743eea079ddfa501afc131cb816823f57c6128462fa7d5da02fb2afe1e1b316e4b608e332fb3d32fb1c1bf52dd41cea2727f5fbf5bb554f468789305291a1c40b90693bed092a30ffafa222ddb9ceb4a12234be56e73fa677b483a8a74d837797f170d58e0d216
+** GENERATE (SECOND CALL):
+	V = c10b4629bc210b62cb6ee02ca2065a282a88c886f81a691232b725eb4bc69839b3e36b2d8fc72be3863de04fc2ee76cf8a7ab1573f376e
+	C = 3caccdd1f8a4f24cca9c016482b330fce1438db51b111ac340a291c2f2f705a4b209d1d6ade175210eeee088566ec3c93d630353156ddf
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 5becb2000835817520c2c4edb04b65f94158e5c57696006418fdd389cb7d16ba
+Nonce = 34a0bff67e1ba8b4e094b6929215fc7d
+PersonalizationString = 77f0602fd969bfa3b11c491f3807a8db031fcdd36562b15bddc8d149b5b783ed
+** INSTANTIATE:
+	V = 0a7e0d7146a2f373962ddc6064480581754f5a06e6b40d15be871d25abe96fab908d6e6be2473e1ce9bbe26ba914ba9441f06d0323457b
+	C = 37c82f91ef129e8993c7e9c5cf6839866779043d4c33821966f26499a0d88051ce16100a0e3a5814f43304489f426bdef8d11560da30a3
+	reseed counter = 1
+EntropyInputReseed = 9e48469e184947288143aa5a5d125446c5f2634fca489b369952ec58f8ddb181
+AdditionalInputReseed = 
+** RESEED:
+	V = 2614ce90a8eec958344ccec2a7e16863fe2bd3232c9fcab287bd8d9cda3af308bf90e84812eba2165bea76aa63c466d4443066c4b61ca4
+	C = 24de556700a67d5a5a5d3b19224828ce4802c00dd470a17cd5dac186ac8da53795ae8a9470d36c4d33a034444f513a980f277901bb6359
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 4af323f7a99546b28eaa09dbca299132462e933101106d29e55462dddb35f1b86e3f70a587f26bf3b6188e7533a50bfb79781c84ef718a
+	C = 24de556700a67d5a5a5d3b19224828ce4802c00dd470a17cd5dac186ac8da53795ae8a9470d36c4d33a034444f513a980f277901bb6359
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 2d47788e75f5323d276ceef04285d14ddd1b2b8fa93ba36c0c75ebc133f24499d32684d8b95ff1e91b2527bc4149df188caa133d1d598a888c53fd6e4942a9bf7d0735a924c2ddbd02536b96aa68e699d82709ec2317e68149616a834adcd40f83dc353fde30a58733519e66539014b70fce662dc0cbea54480fd3054a9641aa
+** GENERATE (SECOND CALL):
+	V = 6fd1795eaa3bc40ce90744f4ec71ba008e31533ed5810ec4e7165af7ca86c9ff9ff7d1e6091493f8031144ddcf20e6443c334de1795de8
+	C = 24de556700a67d5a5a5d3b19224828ce4802c00dd470a17cd5dac186ac8da53795ae8a9470d36c4d33a034444f513a980f277901bb6359
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 524b93986270ed76ea32a889488019031ff5621a0bc31eb5c39f2bb822f97b64
+Nonce = e49c508b8a63909ccd45ac12bfd05d70
+PersonalizationString = c992da7cdd4feb6b8b90590b28cf3998879c2677b03ec36083baf66808e72ca2
+** INSTANTIATE:
+	V = 140cb42d720b8a04d9579c92d70cdd970c6c8a41254efe3158c0247589bcd83f5c6b92b3727534a15331b151a79a9b3a72b163f28b9684
+	C = 86737ca0953c488b8ce5730cc973e96339cdeb41fa4a8d6c6d6ddfd7aeac296916df0db4010ee933f22b349adaf534f08f781535d6d55e
+	reseed counter = 1
+EntropyInputReseed = ef517ea595b58a86f450fd337b5db814026d14a6c99e6bd946c8bc9d9369650b
+AdditionalInputReseed = 
+** RESEED:
+	V = c75eded3658120b2eda0b548932bddd56847126c1ec50797cab8b6c9ebd7afb990eaf07a89df1ad714b28450057ced0a647aba4d7aa753
+	C = 02b62f471d5c9548022085cdf47b160474edd994d5b307cb86023f50c36b1217c7f8946628214ecbb7fab48095282655be69ec851ba05b
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ca150e1a82ddb5faefc13b1687a6f3d9dd34ec00f4780fd2892e154578f352f602de95ed974da21315d3559beb3e71b0d0f349311eb0e0
+	C = 02b62f471d5c9548022085cdf47b160474edd994d5b307cb86023f50c36b1217c7f8946628214ecbb7fab48095282655be69ec851ba05b
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 3abbcb5de10fd9b7468f37ce59b46955477ee0af263c38d0cecb5c5de541ef94b8bdfc935c121a2e51562ae88ff65ef2084a51c1b237da3f0b10db908ef4a278e288378a18ddb7432b9ec8de684b8381757e3d97f2fdf3874718067e7f7d0885e80a28af75568d3a007efcd972b2616e4f8c5664cbf5a4b388da4a3b538ccf85
+** GENERATE (SECOND CALL):
+	V = cccb3d61a03a4b42f1e1c0e47c2209de5222c595ca2b17ff0966e65a053099d5a8ad35b92d7dd033884c62ff5b9876f4f535fc2d757edd
+	C = 02b62f471d5c9548022085cdf47b160474edd994d5b307cb86023f50c36b1217c7f8946628214ecbb7fab48095282655be69ec851ba05b
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = 0189d5d3d0137bf3f03f4f162b6dc488c6182c396d926fba3248a4c376438403
+Nonce = 3f733070b647bb218d0c9ad20001b8f2
+PersonalizationString = 925a4bf63558dbc46301f5012d4c9c152c2bcaa547e9d055747a66009238e2e5
+** INSTANTIATE:
+	V = bfcc1cf0fae1c2ddb29de98270eb9726394a2b1a0aab6feb73fec78ac7c9741c8700548f16f22e7e0ee438302b2f31bd876ddd033c7d7f
+	C = 74b4b817b55665701d7e3b9fde88841d7a184f63fa49ab68f6fe5b39993d7f364f44d6df87b4657da746c4af5bd292ac8f0f619f32223f
+	reseed counter = 1
+EntropyInputReseed = 54e42fc749068b558d5ea0f25ac104d1a85f8ba82da688ebc60924f749a4ba36
+AdditionalInputReseed = 
+** RESEED:
+	V = 129802fd21212864cc235a07ce6ff3a649f9d4d94fea6bea498e046a1ca1bd315bdc614557b4a686ca13205b2fc0df5551813e5b32c12a
+	C = dbc707eb6a5b29f20599eeb0122f0555b8de2e8b7567188126dc9b3492ebe279aedafe4dedad576830024c74f88e72f4f24b01755c44b6
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ee5f0ae88b7c5256d1bd48b7e09ef8fc02d80364c55184c3d01d6efc24123c9e5734296e134ad6fc0adee44e9150fe70838a54df1a7700
+	C = dbc707eb6a5b29f20599eeb0122f0555b8de2e8b7567188126dc9b3492ebe279aedafe4dedad576830024c74f88e72f4f24b01755c44b6
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 7d1223c4eff6e6f9cc7782b4cc71bb22dccca0a0ba5548ada4a9bf35f9b2f91125651152b825c5bb88078c39d777a69c382aafb035306b8a1f4c2447b871448e46e60faf71826e1c6205eef9e563a57cec8e5b0f485c72ba328d15c3907ee4144c248f2b3217dd62b31973be65c8871c35d84e9801b172e3de255fc96b4d013f
+** GENERATE (SECOND CALL):
+	V = ca2612d3f5d77c48d7573767f2cdfe51bbb631f03ab89dedd13cb8a0338de156ccf3c93c8c0cc356c3ff572382e27cf80f3d79e547dee5
+	C = dbc707eb6a5b29f20599eeb0122f0555b8de2e8b7567188126dc9b3492ebe279aedafe4dedad576830024c74f88e72f4f24b01755c44b6
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 76ec61e312d61f39d7485824af93d2c4f0db9302eca03f45336d97f5cc93afeb
+Nonce = b224540bda117cd6b1fe4d452f089178
+PersonalizationString = 8f85076e7975b51d2961846b376330fdfe2c43f30d015747cf9e890972344e7b
+** INSTANTIATE:
+	V = 38a272ab982de75836f7463c4c901a577656988182dc79c468a9e9c48ac4edc865cc6aecdbc71388ae1e34bbfcac2259828a027a504656
+	C = 821a58845e96c971e5d2dc8654fb627cf48586407b1c17a6b073b7da7679629e7206f8d4fdc65dbcb43a5e6a58d27ee06ba48d333ddd5e
+	reseed counter = 1
+EntropyInputReseed = d047356ac397afcfab37b7cb70decc10e6d7f36c9651755db80f061918ad2128
+AdditionalInputReseed = 
+** RESEED:
+	V = 9fa76b0fdf3a28ff51e0fd40d608d09771247e1e6642d13af5abc782c4b0b08586e00c40f92fcde388f9b95e9a777838b1a6e14492e87a
+	C = 643fa46f4a9eea687a81d4f7545e8ccf88f1f71a3c9bd20dc09fa1c7bca616eb0287f93aa6cd1d87f9d8ef673b1f708ca206a0d4684af8
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 03e70f7f29d91367cc62d2382a675d66fa167538a2dea43af634809feee6804b0e2daf75689c9ca0ca928c13b50dd5b26f7dd7eff8d260
+	C = 643fa46f4a9eea687a81d4f7545e8ccf88f1f71a3c9bd20dc09fa1c7bca616eb0287f93aa6cd1d87f9d8ef673b1f708ca206a0d4684af8
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 18b2f8ed6dd6bfa1e6c82e6538899d000516ce71e5695fce18019dc8da4ef36ef3f2eca1eaaef8c459cbb95e487847994636564410d179fe63129d920b09cfae8a0e33c91831e16813c6c106a253f5adf15f8210409800d1b1c8d6c9d4c92621c9af90bebfa34e40dd27f95cf284ded7c6d3bcbca7228dcb10530ec3f1e086a8
+** GENERATE (SECOND CALL):
+	V = 6826b3ee7477fdd046e4a72f7ec5ea3683086c52df7a766ba159346cd5dd8510d578aa02979a3ea3698cef67cb24705c3606dddd47af35
+	C = 643fa46f4a9eea687a81d4f7545e8ccf88f1f71a3c9bd20dc09fa1c7bca616eb0287f93aa6cd1d87f9d8ef673b1f708ca206a0d4684af8
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 5328e4373cf87d07454348f0b3dea49f50e3c774abcf5f5fdfcd255431794300
+Nonce = 760b360508f4e356e089ca22cc86bd78
+PersonalizationString = ba26cef77e762bc34cb01197a819d43b4d1d5fa6f67c6c9c39f052cc90ff00d8
+** INSTANTIATE:
+	V = 5932a0361abf18ed2e4d5ee67fab490ffeac4cf5b24cabf541586bc842749edb1ce79ad42a3b9d9599246840744b5613ecfb1a3987e423
+	C = 32df256f0624abbb7ebb693d46c037cdfd2364703bd44154a01ebe1d48fba8952d8f7adcfc7beaf566722e6ef4a78fe67bc386965f1615
+	reseed counter = 1
+EntropyInputReseed = f408edebb6d965ff477fe3023fc58611814a48a76c3cbc8fd60e007ef3aa74ee
+AdditionalInputReseed = 
+** RESEED:
+	V = 98947e86537e61d6ec9ee3920685f4ce3cc62c62362fb7c5f9f1da2ddbb8227912949259ddaf790e84fadb9e5bae51b3e1e1e15c3a219f
+	C = 129a1f9ddd5ebb5f4e5ab13b05c37db885f915815444bcc80c348d4cda38a8cd64bc83d428270726dc3467c8ac987e5f4ef5d8ad1dec49
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = ab2e9e2430dd1d363af994cd0c497286c2bf41e38a747587fd41495ed5f545652b7524121036086b36c1db8c52008cbec3df4653df1845
+	C = 129a1f9ddd5ebb5f4e5ab13b05c37db885f915815444bcc80c348d4cda38a8cd64bc83d428270726dc3467c8ac987e5f4ef5d8ad1dec49
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = f9dfe7ef8115e322f081b3e5d2824cd07f951a8e3094e115c36faec2611026e719ea50899c9fefefc19b607c4610326f49801d6038fa0fbf3968ecd05291e96cfb3e0bee30e3992f4a4ca4ab442e131ca1ed63822ca93c66f264b96fffb27007f03ac00a422c7f8dabb8c15061f7b519c39282b5e7240fd27c17921cd958eeb4
+** GENERATE (SECOND CALL):
+	V = bdc8bdc20e3bd89589544608120cf03f48b85764deb93324517aae212c05e817c4d4f8c8b35ed4f25f51da79f00729ae97b1c28579885e
+	C = 129a1f9ddd5ebb5f4e5ab13b05c37db885f915815444bcc80c348d4cda38a8cd64bc83d428270726dc3467c8ac987e5f4ef5d8ad1dec49
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = 68e99ea4077b1d44e9a87e5d3559e3a8ca831e8177f1a80e0ab775c5a37b3f54
+Nonce = cac3a47f2e6733225896aca30bd03863
+PersonalizationString = 6bae4878fa3628795aede9d57b6d08529da08772f50dd148f52fea773143b97f
+** INSTANTIATE:
+	V = 507beb6d71e0f25a6818e761d43d54b827c68eb70f34cc78c05d8086ba524e6d87151ba67d76b535d111b0418128d9abb806bc3a1a14ae
+	C = b4d3a54e3bb14c6439e8686f6e3b11996992a45fa1ca13baa87d694c352f5dd9061fb87e6b115e8d07f46dd85d54e16c568e68a107b96e
+	reseed counter = 1
+EntropyInputReseed = 722a71a59487103ae3c0c1212f7cd3bb6eaad90d75aa24f43d18850d4478584e
+AdditionalInputReseed = 
+** RESEED:
+	V = 8e526c4c41793919af7c00cad4575b4ae1ee0da3a90d2fdb248d824414f687f6ee2401bcd92aa1e96d7f3b13b3b8aa8b58cf958e5c7856
+	C = ef17aab61bd07cf9097528dcc2ee9dfbbb7c99237ed71fbecade40eb69d869ea1a7370aa8c796eb5856b1d6ae908096f70893d90d73ca9
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 7d6a17025d49b612b8f129a79745f9469d6aa6c727e4502dbe7c9c2aaaf6d102946f3cc4a9e98922375fdf08f317bbc74e54eb4d380b35
+	C = ef17aab61bd07cf9097528dcc2ee9dfbbb7c99237ed71fbecade40eb69d869ea1a7370aa8c796eb5856b1d6ae908096f70893d90d73ca9
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = 594dfa973b7323f3f2ec08dcaaf1e4503d7e30eb2c64a2eee11a9adefd0e2a9b4c3e24b51af23ebf3e057f1546edaafcf3ad899a0cf7736f7165c33d4a241c0e46d6938d3d14bc384099cfd4f3a5e65e9ff246ca15ac587d2e2e82e02d1a7e0cb6c8b42b2f0ac94ab170fe32b6c8c33157da73349c4e091c976cf9ebcc97980e
+** GENERATE (SECOND CALL):
+	V = 6c81c1b8791a330bc26652845a34974258e73feaa6bb70b55b5c2f32aacb2d3ae687c596b1e078e44d160017ff5f31363d0b468d7c4efd
+	C = ef17aab61bd07cf9097528dcc2ee9dfbbb7c99237ed71fbecade40eb69d869ea1a7370aa8c796eb5856b1d6ae908096f70893d90d73ca9
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 91159b129f0d12460e7435165cf9cd35828d88fe5bb5a30198f1fa1f59158e98
+Nonce = 65048e5bdbfd1e37e59e810459ace34c
+PersonalizationString = 0aad93d9610421151c9bad2721b105e005cf2c26a75f4145de763863a7387db9
+** INSTANTIATE:
+	V = ad46f0f8c447d0ae79b362faf96086a6e14c362c7a1164ed49a60e7997899802531bc3414933c17ed7a259510ff4bb8aa01e685c55a960
+	C = 6c206e2279fa23c5f127c1417a7b1aa89b34d3a48ba486a964fa9ad28a288d2edab6c34f91ad33d06927a9b4041702a41791a855afc40f
+	reseed counter = 1
+EntropyInputReseed = aec01af48fe09bc6d646af49b1999567e3537af08853bb250be9ec413a2259c8
+AdditionalInputReseed = 
+** RESEED:
+	V = fcc94150b344a909515f3fc11301b0b853febe048227efdd16f2b5a93747eca8794a4c83bb24f8ae453975026f1b21e48ed32d0ec33d2d
+	C = 9e70676295ece827ab28703d3d1267baf7ab5aac8b381b03087b7b1e43ed1a32204fe5cd2a4127a402d4ef1034f6ae611d7bd321a09d9d
+	reseed counter = 1
+AdditionalInput = 
+** GENERATE (FIRST CALL):
+	V = 9b39a8b349319130fc87affe501418734baa18b10d600b96a3cb73f2d3d3b1a11f539ed03d979a9ca952dfc30f29a215f8821b411acd95
+	C = 9e70676295ece827ab28703d3d1267baf7ab5aac8b381b03087b7b1e43ed1a32204fe5cd2a4127a402d4ef1034f6ae611d7bd321a09d9d
+	reseed counter = 2
+AdditionalInput = 
+ReturnedBits = afc10652630d2e29e34dfa6e99ee96d3ed88912b820dd71551bcc7ab99254087ef973b63782e8931ce25cc7d294b9ef08bb7a00245d97f8884456d65a2438005d61e9fa4de1199d9e701f7d379ebd02655bd1fa1ef2c74162e7454534fff46860bf61540c8a7c2c579c39aeb1544a027eac4f7771f68e4e7f2d859eff66d505e
+** GENERATE (SECOND CALL):
+	V = 39aa1015df1e7958a7b0203b8d26802e4355735d9898278e246fe10edd8216fed2be85663a5001d6b552fa47f5a42cf12bf3782db87870
+	C = 9e70676295ece827ab28703d3d1267baf7ab5aac8b381b03087b7b1e43ed1a32204fe5cd2a4127a402d4ef1034f6ae611d7bd321a09d9d
+	reseed counter = 3
+
+[SHA-512/256]
+[PredictionResistance = False]
+[EntropyInputLen = 256]
+[NonceLen = 128]
+[PersonalizationStringLen = 256]
+[AdditionalInputLen = 256]
+[ReturnedBitsLen = 1024]
+
+COUNT = 0
+EntropyInput = 46ca177944263f486a99756fff510eaff6a2e7e1328e6f880ae254b332505495
+Nonce = 85d52505eba6c3e68dbfe02fd572d70f
+PersonalizationString = b7ee353d3958e3e5606ecc0eb882c624eba8390fa17b7612d634131b5d3d0c91
+** INSTANTIATE:
+	V = 2124486c5ee63796731d61a151d4eb55365b2cb10f2880b9f15537bffa396a069c0fe189bceac5e42ff3c9825524a5524a0c335b8abc27
+	C = 42f3bc3df55fb2a2d97ce5fb6f275452b0192b61ed5f42d6b8eb5cfd40484b933e0d11d68c53e41bb32916c376e5edaac34ff232a78eea
+	reseed counter = 1
+EntropyInputReseed = f7f447fdda2794d01aa72839cd58be2e44df932e577a11bb61421ad55e9cdce8
+AdditionalInputReseed = 2af675a85cf6d8f2e637c2cc4f05ba7b7a12f1981f13e294983e23015d97f03f
+** RESEED:
+	V = d4813fee69c7b755e7b2b46e20a85082319322e004ca78b5223537306733eeaa8800bc33aaa10e0dd471a58b7183ed0bb536eaefe6433e
+	C = 91f031b10e5e52c1cfb2184dd2ed3cec584060ea319678eadcd6cee89f71216657a0fac5744986bfdb2d050b8031c2472b204c11a577a5
+	reseed counter = 1
+AdditionalInput = 75951248cfe53e98da1870ab6f3210c94ace3a8abc432676283c4710f54d1c67
+** GENERATE (FIRST CALL):
+	V = 6671719f78260a17b764ccbbf3958d6e89d383ca3660f26f10e195a2f9c5aaa550e36799ca1a8b9f7a5adad79afc76bd98c0fd36918cda
+	C = 91f031b10e5e52c1cfb2184dd2ed3cec584060ea319678eadcd6cee89f71216657a0fac5744986bfdb2d050b8031c2472b204c11a577a5
+	reseed counter = 2
+AdditionalInput = 567337c9184d4341265e522b50b0afa9efaf5cd9d9dbef30c998e0b5dddbcad4
+ReturnedBits = b7f5614844965092aecb481fe6550c6aaa8c54c87a7492946756aaafcf1b567aba2a1b801adf7f62804a77d32c1278f365568b6f45cf70d22875a898a311f14d8a95c6ed7d3f23fbb6bcf5dd9863079895cb15a29bd908142586ed5b98254986dff772fcc208b69b84710f5f1de2e9d704ed4d6fa6fe96937c9cb3fd19ee9a61
+** GENERATE (SECOND CALL):
+	V = f861a35086845cd98716e509c682ca5ae213e4b467f76cd903bf5ea6dac970c9bfa21f4812d3315c8e0779348553c00e225a756d8054d1
+	C = 91f031b10e5e52c1cfb2184dd2ed3cec584060ea319678eadcd6cee89f71216657a0fac5744986bfdb2d050b8031c2472b204c11a577a5
+	reseed counter = 3
+
+COUNT = 1
+EntropyInput = c416a96faa2b48844401c3d159dbb416ee0b6c30cfd16ea508a6fbf79aa3ed1e
+Nonce = 2c67731aab41b578024f4a31c718a6df
+PersonalizationString = 7bd6b83fbf4ef9e8d9d65d6ca0da01d3f3fe97b349d9ca30d52abf2a5d7a1a57
+** INSTANTIATE:
+	V = 98e8392dc10d1678efb83080868074aee536ccff1022bd4b6efdb7b8f6e4a84da6b85df711d740605378e748e068a7541bcaf40706fe50
+	C = 9abbd67f7977dec86ffd3d56764c615d6f3c71fa86540c361ca608019cb570469a5cd1abbab80a9dae5cf549c90e66e0912ef6b0bc846e
+	reseed counter = 1
+EntropyInputReseed = fb31b00317f9a9a36d8a5b4aad97d22fec69dde88cd6cc71b06f0168603cbb5e
+AdditionalInputReseed = 415251a97ca5dac0c28aff80ec45216ebabc735bfcbfffa6dadaff4acc9d43a0
+** RESEED:
+	V = 5e8a070cf4bb55dd358e8666d2127c0f57b2813e2c02f41e5abfb296ec7835742700eb4f2865062309054111940cce057eeb53fca12358
+	C = d3e7abc20b10355f9f6856ef1f5a461cdeaa1ad18d7673c4ee66e26b1eee45d00c0c19c9f946966bc80939467349c8c8da9308866554cb
+	reseed counter = 1
+AdditionalInput = 444f99f4c1bd9305da4e92097e90abb59723c22fb264272a1caa2b093402a597
+** GENERATE (FIRST CALL):
+	V = 3271b2ceffcb8b3cd4f6dd55f16cc22c365c9c0fb979694a94cc235daf6b0b289d16aea36fadeeb61a9555c00d107bcb9ee53817899ed4
+	C = d3e7abc20b10355f9f6856ef1f5a461cdeaa1ad18d7673c4ee66e26b1eee45d00c0c19c9f946966bc80939467349c8c8da9308866554cb
+	reseed counter = 2
+AdditionalInput = 084d9cceaa8c6ecd509979023b8bbda0feecb37dc7c0c798439072ed0c238713
+ReturnedBits = e62d27b5479bcad5b6e502424fe7e94f696528356de8be6a9e2a223d5ef48afa999c824675d29dcfa1cbd4312aa2d5f9035d89d91641cff1eb5d5f4aa09cafce9b3ebcf51c6a768435c27b1e666435c5e9c9d971ed574b14ed7ec3dc4fdc4205dd6cba84e381c8819acef98ff47e1198cc3f66b99d19910fefafa34819d8763c
+** GENERATE (SECOND CALL):
+	V = 06595e910adbc09c745f344510c708491506b6e146efde9be65141fef15c04716b2e8f7678c5ff2710fb052f837544a13fd8de25f2799c
+	C = d3e7abc20b10355f9f6856ef1f5a461cdeaa1ad18d7673c4ee66e26b1eee45d00c0c19c9f946966bc80939467349c8c8da9308866554cb
+	reseed counter = 3
+
+COUNT = 2
+EntropyInput = 40a4482d87b47c291a36827ae572c1aadafd323319b3f46b9a8d2e03959ad602
+Nonce = 45a526431e42de94d3cb4e325d3eb953
+PersonalizationString = 21e11c5a4c3fce3b499ee439678a8fd19c84c33e9a6f06f79b6aacbccc9d87a9
+** INSTANTIATE:
+	V = ffa276ce0a3ca75b0aa2ec0906e6f72737221c6e6704aebaf97d67b2793e44a82b1d0ecd9e3101e1323f7457711a3627e9e59a607f9e1c
+	C = ae81fbbb4f2a90443fc50e6178b32a70168248c0dc2ae2bc6da13ed8716873d47824a5228f138cb53ac68eadfd70e59fd4f9dc08054558
+	reseed counter = 1
+EntropyInputReseed = fa2571ab6b6868cc9ef38f443ea04877e7ac66d9df9d6883a657cce904c53dba
+AdditionalInputReseed = 29da3c00155b1d97b551de9fa6e33673be8103ef974cd7de3dcd3410c443ed92
+** RESEED:
+	V = 5688d140f5209e5237e23e9a339b6f08af598b61ee841a8f5ff48023bf26b6e7622b9cdb4b12c2c181085468e33870ff8d7d2f9bc9e33d
+	C = 368e1b22fe080e1cb5c70702a2f1f3386148a55b041bb25259b948b72715ab122b005ed322d02375161b6bce7ac595efa35c5becbfdba7
+	reseed counter = 1
+AdditionalInput = c2f7b7f20b6e7577382ace705286ca6e739b4ff3cc395bb76476f013f74fcf1e
+** GENERATE (FIRST CALL):
+	V = 8d16ec63f328ac6eeda9459cd68d624110a230bcf29fce73d9d3a223e4e2ff68c53e9a604d1658d4ffd1776acbf30fdbd253d889776c9a
+	C = 368e1b22fe080e1cb5c70702a2f1f3386148a55b041bb25259b948b72715ab122b005ed322d02375161b6bce7ac595efa35c5becbfdba7
+	reseed counter = 2
+AdditionalInput = c6ef4b5485a7d579b06737733365ec70fd3b03ffd4b46546f42850f77b452788
+ReturnedBits = a22d41cc403edfa43050720d9c76cb88777726cc22821376a512a33857f5fc3913c147c1f3f273b6957c2d7d340b78f8bf8600cf745e61687aa080752f7433e70c34355490980d8c508d5fc687c45569ccaa7aa70f4d18ecfaacaac2986c8537b6c6d0d2dca0cff9cf019c71f9aa6127ab8875d9315906f6d51a694860cc7817
+** GENERATE (SECOND CALL):
+	V = c3a50786f130ba8ba3704c9f797f557971ead617f6bb819f914ae06da2a22650e2d4465c377a9dbd2c056de3ee2cefae51160df8b65a0d
+	C = 368e1b22fe080e1cb5c70702a2f1f3386148a55b041bb25259b948b72715ab122b005ed322d02375161b6bce7ac595efa35c5becbfdba7
+	reseed counter = 3
+
+COUNT = 3
+EntropyInput = a4b1054ca2f6f13989aec66cc041bb9ecfcf53b0500ab5c7389fc8c8ea01a9c6
+Nonce = ceccc989f2831a94ef824a0c52fd8659
+PersonalizationString = e14711b413c2b8f6fb98516c2a3cf5e53aef84e4d5a07766d463f69d550ba3bb
+** INSTANTIATE:
+	V = 37a04f86abda1e07c16ee23e3331972eb26a891a865bcc0d70371d930eaa73b59e0afeb146c3564b68eccad77d5d0e8b1c504488fb16e1
+	C = 8bf9957d2a6cd807e7c36f95adee9196fa580df076e3a29dd7eea8b1fdd01069a65e4c84456480303f6e32664f5e4d949bc1d6df6a6f0c
+	reseed counter = 1
+EntropyInputReseed = 479e2f870bd9614efd9bfc66d9588fc12c734884e5d426718f56c23b3498bc7b
+AdditionalInputReseed = 9dea3d1c0b24025036acf4e0e7056b0d0a9ece4fb928b8a6161593ee1fa358e1
+** RESEED:
+	V = ea8a7f269064e0186c28806ac813144e032fb0dc0854d5c1e78e25f40e275a6422260c9c4e3b7fbff068e98a82f80a30341aea2e207fa8
+	C = 2ac227a9f4f95a46f2ec9b06b73131bff93e5843116b2705ad5a3201674fb559ad1973b9349f8be3ce00151b6497a6d2e6d68f3986fdf9
+	reseed counter = 1
+AdditionalInput = e48f7879f6d9c6c807471d768fb14f2eaad4a6309a0cb81c9b250478bce54bfc
+** GENERATE (FIRST CALL):
+	V = 154ca6d0855e3a5f5f151b717f44460dfc6e091f19bffd5fbcf9b8d6c4c1f602d7207deb3e679c87d5ca36aa8eab11b2555232ef3f2998
+	C = 2ac227a9f4f95a46f2ec9b06b73131bff93e5843116b2705ad5a3201674fb559ad1973b9349f8be3ce00151b6497a6d2e6d68f3986fdf9
+	reseed counter = 2
+AdditionalInput = ab544116ddb1d90f47359b03f393a04e9b6a030194bf0551cc8031a3dae175a1
+ReturnedBits = 341965371d94892471d5e7e352d6fdcddb2d16ce5c853fa04c8479837d600801bee51e15ca53499597913437309eaacbe6bf44cb42b90fd2d1dadb2572d7934a296d6c47767da4a56726cd68cfff2aff9ecacc4358981045fe5cb158b02dae4e017c3cd4cdbcded7b4e6c8d8273112e899acde822f171d1b17a17247b9c71d1f
+** GENERATE (SECOND CALL):
+	V = 400ece7a7a5794a65201b678367577cdf5ac61622b2b24fa336d7020a3a91c167fcb30c09b2fe3a6f5ae795451b8f651cb49939a6a45f7
+	C = 2ac227a9f4f95a46f2ec9b06b73131bff93e5843116b2705ad5a3201674fb559ad1973b9349f8be3ce00151b6497a6d2e6d68f3986fdf9
+	reseed counter = 3
+
+COUNT = 4
+EntropyInput = 53158db6deaf023ffc23e3247aebcb4c8fbd0c80fc674590c396a65e767c61fe
+Nonce = 70cb90bcf5423a981f348b4678042beb
+PersonalizationString = d8d9c44ed254502325f3b685e7e8908f7ac4e92bb872cb2a3ec26ed9b35e22b9
+** INSTANTIATE:
+	V = b8a86de0bf8052b5cb5a03b4f0c89eb8e701d03e96d733494633adc933a141ecf07f86de041d9ecf650d4d6502183e876f4c901deb6d06
+	C = 5418a1d15565b2062f111673fc759511eb6ab1bb5b602aa63336e4263119daf0395e6e5c4f368732deb974d30f3041d4d546473c905203
+	reseed counter = 1
+EntropyInputReseed = 7f31b403ea3446099a8feac19eebc789f32a71a7596f03b9929967284be33588
+AdditionalInputReseed = ece04b1232ba623e0e990fb9d9a6e4967b6ef3e8994d2bd8c35358b118b194bc
+** RESEED:
+	V = a8cf5de074e7f8a742eac788f03e810199ededd7650a90d8b0067bdf4d04f00b085f0dfb174d340579d76fef269836c710515b14b47669
+	C = 7f89f27bb23c55bac96f4bf682be12f325e6e0527ddbcfe67dda4e3b89db67bef04e457692bb5fa06ff13462a106399151b4bfa8661138
+	reseed counter = 1
+AdditionalInput = cc0d5b04faa966785ece0da3dd9008cbe875dd7f7887a4eda50d8708d9147a52
+** GENERATE (FIRST CALL):
+	V = 2859505c27244e620c5a137f72fc93f4bfd4ce29e2e6618003449a1dfc64a4046b753c5610e000477fa245919050a238ca3308f3344caf
+	C = 7f89f27bb23c55bac96f4bf682be12f325e6e0527ddbcfe67dda4e3b89db67bef04e457692bb5fa06ff13462a106399151b4bfa8661138
+	reseed counter = 2
+AdditionalInput = ed99231f13abd1344c902b7ba4669398a2684c3527b849e76d2216693ef6ef76
+ReturnedBits = d72d1f368ee46dc46c8d717c19b4cc5e66528ce6bd9c144ca326f6ecaabbfbcc2a18d41b787ac3f3a81be8bb9e849c4c291b7a2bb873b624fca521b38ee91f7966ffc5dacf570d5d36a0ad12c0701223d1a22cd67491e187a1f93c1d9af38f6b76107700455c85315ae7cdb9d3b72c5fae7b279772e272b283118b54ce2d093f
+** GENERATE (SECOND CALL):
+	V = a7e342d7d960a41cd5c95f75f5baa6e7e5bbae7c60c2324db8b5fee6be16418fe0f76a9682f0f5acfc699d7e52f1d7e6115aebf8f3056c
+	C = 7f89f27bb23c55bac96f4bf682be12f325e6e0527ddbcfe67dda4e3b89db67bef04e457692bb5fa06ff13462a106399151b4bfa8661138
+	reseed counter = 3
+
+COUNT = 5
+EntropyInput = 1a5e4307b432eb4f41cea44417495a88f3caaf996506d4d1516bb135b210628a
+Nonce = f9d7cf8c1ae7531eb1a27b57fda590af
+PersonalizationString = b8dc667c8f6c9960439ac9244154fa84d221e1d98a02975d04a4d3c9870bef63
+** INSTANTIATE:
+	V = 31615339acb7be93ed55fec55ec218e243787cc7957600aa6fe1f573362e015170d808756807c7580abf3d51d78638e23f68fd717eb123
+	C = f8bc658c30b9b662788360381f2d6c7de24d9f5e450175b4e9cbef813e5193bcd2d54782ab60b11317892d16deac723b808db9235adf1c
+	reseed counter = 1
+EntropyInputReseed = 02410741de20bff31fa249f29a3e64dae237dace062b7e1f2e09725fbf03880f
+AdditionalInputReseed = 15bef494a8730753512a1e615b79b8324c19f1a441c1cd1a1e7b0cedd450fd9b
+** RESEED:
+	V = 8c10abc5f6218cbb1a95e51a20522c5e288977f0faf16038b7f165927231a4b071d7744b3bf3a8592059265c4648c92dbe5fce17fe7ab9
+	C = 8e5a1e6192c964c7763fa02fb0185d7a0fb1e5660bcc97d17677e535affc0713dd7d5433c1602d5fead156727ac7dd04b49dad93bf24d8
+	reseed counter = 1
+AdditionalInput = 6fb0116e73c648c0478ba3773bba84ec4132cd92e4417b65a82ffb6682c94246
+** GENERATE (FIRST CALL):
+	V = 1a6aca2788eaf18290d58549d06a89d8383b5d5706bdf96ae8b6f79cbb38a57931db58e42b13003c01d383fdbd6bcf0820b71b49803dba
+	C = 8e5a1e6192c964c7763fa02fb0185d7a0fb1e5660bcc97d17677e535affc0713dd7d5433c1602d5fead156727ac7dd04b49dad93bf24d8
+	reseed counter = 2
+AdditionalInput = ede86e7671b4401cdaeec77aa66b35cc704a1234240c2fae5b5b1d4963b0aa4e
+ReturnedBits = 940d9c6a27efe35e5fa91c3da900118c1fc1496f5e65005c4bc1ce20b0adb8e6e0f40330b9226f0346923b2fb41049d9e0b4622d9ceac7c2b0b07c94a1252d15be28c5b693577d97be3d168624d837f54685a7f99b816e71ecc13cc269c424e845f0b5a9c03ac3dc768595780781d0d05ac491d215e683abd01e28dc25192a5c
+** GENERATE (SECOND CALL):
+	V = a8c4e8891bb4564a071525798082e75247ed42bd128a91a100095c4d3d6b31b73c2272eba96feddb4159edc608b167afdcc06c59ae6970
+	C = 8e5a1e6192c964c7763fa02fb0185d7a0fb1e5660bcc97d17677e535affc0713dd7d5433c1602d5fead156727ac7dd04b49dad93bf24d8
+	reseed counter = 3
+
+COUNT = 6
+EntropyInput = b15f4a942cd934fd29781070648d86b6a0196ec0d983b8537c93473dd1806b26
+Nonce = ef384d6b94d85eaeeca8ea2891090a86
+PersonalizationString = a731ff7a73b24cfea6e3c66676a890f017e8283ad5298a46ca1e2d00ea349819
+** INSTANTIATE:
+	V = e63be5690271369db7bf81a07866253a99d4322477d5e8cfb8a5f18209cb384fd0cfba4f46e15955f9a0f6fe6e5dc681318e72a4a61bac
+	C = 319a772d5bda810fbd0b383f4050c17c8b3f86c895ffc2dc0059bd6f61f9a78b6c76b4d4cdd355b6a7e421e3ea0b51d1a05329ea7dc66a
+	reseed counter = 1
+EntropyInputReseed = 93a23969d473d6643f36afb20fe2ad0f6bc93a9741f656cb1cd64bf35a06a685
+AdditionalInputReseed = 503c6c0b42d41361b34f0594f832d4b75a9d1312b26232c43e49385193c00a1c
+** RESEED:
+	V = 392257751e2db5ad8bc59796fb8694a90c238a5b22fedd97d9641259c4933dfc1841dc4686ed362e66288e4550b7d1e92071f886755b43
+	C = ce31476684d90863e0cb31d1e1260e6a6e3a6fa3d4ad62f4ae74846393e5dbab1dcf1a0702c89dea16f9a03c5c54248115a4a7102e3563
+	reseed counter = 1
+AdditionalInput = 1ac649746d07cad3a743f7822fb3dc9a5885f99ba371cdaa980ac43745b1917a
+** GENERATE (FIRST CALL):
+	V = 07539edba306be116c90c968dcaca3137a5df9fef7ac4151b60ab8965e99d513d422fb09d374f9127323cbcdef6279df731844848de625
+	C = ce31476684d90863e0cb31d1e1260e6a6e3a6fa3d4ad62f4ae74846393e5dbab1dcf1a0702c89dea16f9a03c5c54248115a4a7102e3563
+	reseed counter = 2
+AdditionalInput = 0425ab53b1e8afcc103e2782118c7db97d2eb24b4ac80f83c43e03d764d8ed0d
+ReturnedBits = c4cd14aa2271adf405a38318882f1440291132cfe9e36a1da5fcc07300572711241771bf4d095930f55c18751d473e516d729f567a9198490b37d928b31acf3c10c8b3f7c23218a03dc76b59c10357cec99c4b7f09793e2c71962da7d3d9f6981d9915060ceed7a2f1e1e2772ef95bc2f12e1ae1218d53efeb253167c39b14f4
+** GENERATE (SECOND CALL):
+	V = d584e64227dfc6754d5bfb3abdd2b17de89869a2cc59a497d7276013794dd94dbe7df3845c859d2d9409596dfb1b3a5d038858e3312bdf
+	C = ce31476684d90863e0cb31d1e1260e6a6e3a6fa3d4ad62f4ae74846393e5dbab1dcf1a0702c89dea16f9a03c5c54248115a4a7102e3563
+	reseed counter = 3
+
+COUNT = 7
+EntropyInput = c6c5713655132dbe09dd8a5b3f570b1ddb03c09da083d9ffed23d419935c70e6
+Nonce = 88b8a3a0cf74a27dd9d5ecbc4b762bc3
+PersonalizationString = 2692b006478572eb1e329c035677c2b8ea7b59e9d35414ecd3acdac61f5d2248
+** INSTANTIATE:
+	V = 3bfcbdb3c3adb6a7431b7f112678eb3bc01efa344bda9dacebc3538bc58ed44d4cc9a59efd4967726462c04b261a937e6002950945bf50
+	C = b4a27e716f9fb55dea6cb449c4b4ad461b34a9f7623e2badd498e97db33c1f82e702071964411ef6c8b27186397bf3b5da859b4bc948b0
+	reseed counter = 1
+EntropyInputReseed = 4ae3ba1548a192290453b89cb76c49b30ae37b0014d365f064f5470d9f5b259a
+AdditionalInputReseed = e2c66aa33aed7d848b864e749668053953b730653ebe08a5df87200e7799b6cc
+** RESEED:
+	V = ee9040142e0b121cadba5bed9b0a5869a42564bf4bdd2272e1f445df7c0db722909e4108078597fe9d9be791624623871971805a3c1f40
+	C = f952ac06cdce6664ab888459f16f9d3358ef49896159d33e5598ef64c4978bde78cd48e0908cc516d0a3344b46215f9016d5ebbd659073
+	reseed counter = 1
+AdditionalInput = 892d36fad080d1e7c15d1d4a35d74bb4d79ccc9ad75fd459c0800325fbd19ca2
+** GENERATE (FIRST CALL):
+	V = e7e2ec1afbd978815942e0478c79f59cfd14ae48ad36f7368af6e0fbd4a2f197d4b09cff9f450b1f2ea7ee181aa3dde153bb4414d3804d
+	C = f952ac06cdce6664ab888459f16f9d3358ef49896159d33e5598ef64c4978bde78cd48e0908cc516d0a3344b46215f9016d5ebbd659073
+	reseed counter = 2
+AdditionalInput = b1982ce364fded9d9a947595888b8a2c42ab330834328f75fdcb4ae9bdb12c3f
+ReturnedBits = 3de39ae38d34127a412a2042811b2a36d230bbb5c6b03821cc87eb950e0b9f31b9aa6c5dfa7a9df6e3bf788378f6fd50dd29056fa5d9a660d72c95e2cbb7ddb61b3c479c915c467bd11c3fb7cf94039871c98caaf258c47a2f37db191b5b23ec60eba50ee0be55f0f69893478fe6ceb0be885d34814c7d7c6d851975a7168c95
+** GENERATE (SECOND CALL):
+	V = e1359821c9a7dee604cb64a17de992d05603f7d20e90cbe1f14f57ac0add8be25aa86a426e5b67735cb008128b2c26dc900f7d50478309
+	C = f952ac06cdce6664ab888459f16f9d3358ef49896159d33e5598ef64c4978bde78cd48e0908cc516d0a3344b46215f9016d5ebbd659073
+	reseed counter = 3
+
+COUNT = 8
+EntropyInput = 960df46bb61039766fec7d4b784cff590be1667a01b859f60af8a0ae6d43f999
+Nonce = 8137a1ae9a0c8ca53e69cd8038165800
+PersonalizationString = 08b9a97c42d8a1ac756d98e198154b6eedbd3cfb2dd14eb7e9c8f75a25f1e1e7
+** INSTANTIATE:
+	V = cfc1383cecef715d19ee6adfd1817e73af06d68697ab62685baa8febffa7dfe5c0df265c6e97c02ce2959a3ffa968abfc076b77fd5ac98
+	C = 4516ca9ad9a606101f711dd5400242ac182434155813014c5690076c337a925146b4477dec83579dd1aa9cdddcace71f6a222df03499a7
+	reseed counter = 1
+EntropyInputReseed = 4d76b9cca458ffd515082fabb6927ebb9ae391116abc2ee912e77bdb94364256
+AdditionalInputReseed = 53a5923455f00ed5a9123df9d9d3b110265afaef234b5ba833ca3e69f9920ef7
+** RESEED:
+	V = 63159514dffe29c28a552b79c333303005d3a65381f6a3407ee8fdf1315f11e59cfff2a35e869ca4c61e28a25c0623e5cc817cc5088df8
+	C = 1cba30e7645b0a5f4288138ec573c0fb57e6eb350ae46451757b640ae33efbbe6d7f057ed8664c480a8053f43c2f5686268be8ddefbfd1
+	reseed counter = 1
+AdditionalInput = 721d089947e4c859c238392f96778c7af37da210b28fb0ed986cdfc393aba22e
+** GENERATE (FIRST CALL):
+	V = 7fcfc5fc44593421ccdd3f0888a6f12b5dba91888cdb091fe15b8b4a57b2ebd6d36b3b58d5267b8c24aa17536ab9eabc03fab47111a384
+	C = 1cba30e7645b0a5f4288138ec573c0fb57e6eb350ae46451757b640ae33efbbe6d7f057ed8664c480a8053f43c2f5686268be8ddefbfd1
+	reseed counter = 2
+AdditionalInput = 2840e99aa3fa7aa5ea6d656be369084f614397eedcf8468d78e9f8766fa15ad3
+ReturnedBits = fc323e530a95ba6578f250fb0614b373789cc555c86983f4858f4de1dd2f975ed2f95fdf8c4f8795aafd18acb85ae44fad09320e55deef74a94d55b00f4099ce9592f50f5943188604b6923fa3809e6a0cf7f9ac36c879d467e4aba13ded84175eb991313c8a9d7b718c9026aad81f34826c7ee38d6bcbe1617ae6b064bc311c
+** GENERATE (SECOND CALL):
+	V = 9c89f6e3a8b43e810f6552974e1ab226b5a17cbd97bf6ebd1c1b5f9c4e25df3787d6de6efe02117fe48b75a74b8c36eac4840309c89b22
+	C = 1cba30e7645b0a5f4288138ec573c0fb57e6eb350ae46451757b640ae33efbbe6d7f057ed8664c480a8053f43c2f5686268be8ddefbfd1
+	reseed counter = 3
+
+COUNT = 9
+EntropyInput = 47841a194b24550d9616d0f315522162d2ed73f018771bcb684e75b86146ef6f
+Nonce = 2b24eec8bef61a64dfb0dc7be6f168e7
+PersonalizationString = 2ebb99e2f1ce722366b3a2007b043cc936dcb06278393ab7c6eef733e47d7069
+** INSTANTIATE:
+	V = ed3021caa0c6fa053e90aeffb30491cb73c70dd282acdb3e81920405e0bb056206d910de445bf01c2a95f5bf872ab6bcf9d57938cafa42
+	C = ac22d79043ba00413cc6d109aeac05a37eca530e86f2c8289cd3c7e9e0574ad02d582854151923ab969000426b138e2e20eb8fd6b5a87d
+	reseed counter = 1
+EntropyInputReseed = b5e5491b292389094261cf5bf2421541f509b1c0f69b3d2cfe21aa53d6b1aa8e
+AdditionalInputReseed = 2251df4ae5f1fda53db7e9e871162cbba34263d5d6a1e57d036508157b7f4596
+** RESEED:
+	V = e5d43ed811bb9462e42f2e2c09608ce09e7e31a7d9a00c1f849d4cde58460dd3fb085930a161b7932a294633d3939b764db2c2694d87e9
+	C = eeaec45f00faf57f4169349e3e1a16f84f175e245f8bd458e60ddcca199071e60c642d4a56d44503435fdb9d8486cc62392153e385b6f5
+	reseed counter = 1
+AdditionalInput = 044dc81263ec7d116488eb60d4a0139cd6fe8c1ed2baf1077861a4592457bec1
+** GENERATE (FIRST CALL):
+	V = d483033712b689e2259862ca477aa3d8ed958fcc392be1433885bf9111c828fba1fda0204248ee80fc06323e9f17d93e5e46e26f83cb10
+	C = eeaec45f00faf57f4169349e3e1a16f84f175e245f8bd458e60ddcca199071e60c642d4a56d44503435fdb9d8486cc62392153e385b6f5
+	reseed counter = 2
+AdditionalInput = 102b945020ed5e7fc5616490e924535316ea72d4f079edf2b009dc2021f25711
+ReturnedBits = 97e8d4369b6b6e0c28010417cb4f63cfd7bc2617207fcbe6071e9b548f27421897767a328f8c6ab451d413603756e5627ea4b65b16825416d780cf89f598d6d61ca9c44024cc6100b7fd20f13ed765ab616da7671deb2eed3a8a329ebf33cba520d39dfa866d208be151b1bcb4dd6f61ff804a4684eef23cbbf8755056bc6404
+** GENERATE (SECOND CALL):
+	V = c331c79613b17f61670197688594bad13cacedf098b7b72554e2d00a65e27fc8452dbe2bd96b247b110f55939f6090d318848ab5a48919
+	C = eeaec45f00faf57f4169349e3e1a16f84f175e245f8bd458e60ddcca199071e60c642d4a56d44503435fdb9d8486cc62392153e385b6f5
+	reseed counter = 3
+
+COUNT = 10
+EntropyInput = f26c94e16825e3d191a54c9e41b309864d3a5f6e5d465fe800656db4559fe492
+Nonce = d87f7aeea20d2973f29bfb0e7c6268a4
+PersonalizationString = e93b19349cec91cc80125788ee9b4358d3b4b914ed87d64bf27f492195e8dc75
+** INSTANTIATE:
+	V = bc8ca9423cb6e1d6f980cf103893dceb9982fdbe6c00faf734aba744329f9b334dbcd72b51d162f27f0b93a6a234cbcc5af035c2b01e3d
+	C = a271d024504889bd67f5eade68705d5158c5d8e75b4094b65890492072a23734f659feeb72eb0a18df52f2fe819604bea13f7a994bac98
+	reseed counter = 1
+EntropyInputReseed = 2e8e61afe366d09cd707f3f48da8d0a0c51eb70157b3da268baa3d586612bdf8
+AdditionalInputReseed = b96ee0b7dbc7601833833799dc928bb8299827ca06c83cd0f4d78e248916a88a
+** RESEED:
+	V = 51a45aced9cebfaa03a97ee7e8f7cee40c99f091e4933812d79504cdb8f8aa998a56c855d09c3d092c1e0b834ab1e7e4d1813fc2f36b64
+	C = 4023382e7f6d64f1da897cabbcce1778aa973753b6f44d06a89a704417497e08feb3d374f016385796455c6e0cfc3c0926a3b81d0fe4a5
+	reseed counter = 1
+AdditionalInput = ba4cff264f7a4035e8aa3b5e3ab272fc7d2b3a10138ad4cd8f6eb101d758ab87
+** GENERATE (FIRST CALL):
+	V = 91c792fd593c249bde32fb93a5c5e65cb73127e59b87858fe7434f2c082ca28d6286c63a528b4ecab5ab80603bcd75bf78d5d0a5bf79d2
+	C = 4023382e7f6d64f1da897cabbcce1778aa973753b6f44d06a89a704417497e08feb3d374f016385796455c6e0cfc3c0926a3b81d0fe4a5
+	reseed counter = 2
+AdditionalInput = 47fd86eb4dc873f3641276e8a7a2a0ba411530eba416146ceee6588ef1d2b583
+ReturnedBits = d64a77e7e21e082bd8d64c077dc739abc9b00eaf1c6c517b59d395aa24952c1cd5f5de13d2efed5a14aeef0cdfa6d6fae083ee34f5a52ba2c824f41416d669efa080b678b9f1cbf447aafc475d43c7747318f1e7558a59e2662afb1b4a386c94ebc76c207c67812c98ed2df69b9ea6f20c3df9c98a6b7134e883068bb665e20c
+** GENERATE (SECOND CALL):
+	V = d1eacb2bd8a9898db8bc783f6293fdd561c85f39527bd3e789538fb3a08dda3fafeaff30226cbe3b2111a37659a18018857a47e25a6925
+	C = 4023382e7f6d64f1da897cabbcce1778aa973753b6f44d06a89a704417497e08feb3d374f016385796455c6e0cfc3c0926a3b81d0fe4a5
+	reseed counter = 3
+
+COUNT = 11
+EntropyInput = 84a30453a236de73856f5e40652d1f7aa5409615fea1c6728d0da43475e5f3b3
+Nonce = 4eea0a251ab6664e5a348e4108208921
+PersonalizationString = 0f360997ed574e028c6b4b3b400d8cf2d64841bc397854f35c03875f6658119a
+** INSTANTIATE:
+	V = ab56ffdc7c13c3c3ad57df614cab4dd2727a6f13525be52edd96c6f36985cdbaef2d267fabecfd4b6ec0ae679acfbb83faffc20ea48527
+	C = b72c8b18b41cb3f7d1974a9b4a9486a54d8dc06bd9db90a486743ec709ed386c4365437b03699f57d96b6a9c097ef1ef5bcfdb76ff1fe0
+	reseed counter = 1
+EntropyInputReseed = afc107528990fbd80cf33fab0a58a02b754325bffa41e1aa24b061a674ac8f03
+AdditionalInputReseed = 6eb322a810d32e2c014703921d93d72969a55e88cdd71bdc0be8277812d93b6d
+** RESEED:
+	V = 90fc91978c5dc908521bbd37d796c95eb7352caf4033f45279a76482a81996b268310eff7cc97da15580d9e3c0a6cf2e02593161553673
+	C = d969f02fdc08c7949a8c159e45764689640d131b85b325ac8e4ddb818dc7eeafdd83585063d8f45939ff9fc519cbf72fea662908989669
+	reseed counter = 1
+AdditionalInput = b98f5457fb0d96bb98c9b1d75a2333b4e2842da6cb776dd9e69b69266714f701
+** GENERATE (FIRST CALL):
+	V = 6a6681c76866909ceca7d2d61d0d0fe81b423fcac5e71ae55c4da981b63536f7c91f9d8db9011fffb6b96707b712964faa1c7ed4eb0082
+	C = d969f02fdc08c7949a8c159e45764689640d131b85b325ac8e4ddb818dc7eeafdd83585063d8f45939ff9fc519cbf72fea662908989669
+	reseed counter = 2
+AdditionalInput = dc92707a506b3b54f82a5dca99f878f1e6b1273ed74834930cd5906ddf51aef6
+ReturnedBits = 14db52153bcfdd5b67945d9200b553c5cf601012bb563ec040e73ff503e551a77ca985c5b601071876b7d95739d1f1d95d02a4905bbc1cbdfa0e16acfbd61e442b99710eebc137e312188a4770f08202b7c583446aa367993245f1658986f04e8d451c0efbfda7563a00f4bab9f31f7bd46c591e7ca4fb19968a4c8f02ab4bd4
+** GENERATE (SECOND CALL):
+	V = 43d071f7446f58318733e874628356717f4f52e64b9a418141b0da40e2e686f20c97d32c012b3aa6e1166ddacc24ef4ec9b3b1d09c512e
+	C = d969f02fdc08c7949a8c159e45764689640d131b85b325ac8e4ddb818dc7eeafdd83585063d8f45939ff9fc519cbf72fea662908989669
+	reseed counter = 3
+
+COUNT = 12
+EntropyInput = 1a708367b6f7efe69ed8bd3b716db7ed843a1bc7f89582e5373ebbe2a3e49ad2
+Nonce = bdec21c5e289812e8a25014607fe1d64
+PersonalizationString = 64875ae0951dd1643b74ac2d6787d7a81e0fdf2d6c7fce7b9eba31a933ecf86c
+** INSTANTIATE:
+	V = 0505327c7a519c1955cb3ffd359e6f2da6afa7e439db565a5edd3a91d230d86eac58250c4897562f89dcea9d400d8e6f6314383e07f1dd
+	C = 398f170d496e1c9fd4d1ed17d63d147ed4f284cee97ecce7db1f4c797f658afa6228814a79cbc5ec5322af216d404a3ce2db682b84543b
+	reseed counter = 1
+EntropyInputReseed = 9df17efd3e591cee31122a8710768b28524c6cde5ee7e5982a614c667f694170
+AdditionalInputReseed = 8f7eba26bee6e82eec4f883e5f91e34c6aada32aae67e3b2f4e7a13a69f73a54
+** RESEED:
+	V = 4c29a4bd2da92852b4e2f88cae921450630b0acb664409d54e19f09d34f3dab31b1379d6f6a478cdc75b791b3e533b1de0193cde26509d
+	C = 4d3393dafb06cb815a28030e1f95dfb08bdf15a1586750d0d0ede021cebcfcc5b300ec2eb3aeb3ff8bdf2e558a70155e0c71c7efd1262d
+	reseed counter = 1
+AdditionalInput = b315b4af0cc349d77f1073af5809739a207f421da857cd3c2fb28e19674134b7
+** GENERATE (FIRST CALL):
+	V = 995d389828aff3d40f0afb9ace27f400eeea206cbeab5c8167b098e99284c7d053678d9425183b837b7bdca12fe15727d8cd32f9c72782
+	C = 4d3393dafb06cb815a28030e1f95dfb08bdf15a1586750d0d0ede021cebcfcc5b300ec2eb3aeb3ff8bdf2e558a70155e0c71c7efd1262d
+	reseed counter = 2
+AdditionalInput = 1db94e361cbb5e3bee77e0065d15dd7a02a54db5d59741720b15137c09e09def
+ReturnedBits = 2aaea0e46cf63504b5419e1b27641c3781e3b2abbd59a1258536934b6bf2fe971a772b6b54e53f9cf061dfffedfb080fbabe6304266cc029ba5b737aec9657fa97da4eaa3e58ca55e30626ad8f5e441c62cfb56fb679ad28f69a26805ed55dc2a7ac5de898c09fdfb77a84642e42bf0be7e1141ed0c8d8f6050f2d45a63659d6
+** GENERATE (SECOND CALL):
+	V = e690cc7323b6bf556932fea8edbdd3b17ac9360e1712af23308bbbae6fd48e0816aeaeb6d79ceb77e0006a26142d2c1ace55f2ed55a487
+	C = 4d3393dafb06cb815a28030e1f95dfb08bdf15a1586750d0d0ede021cebcfcc5b300ec2eb3aeb3ff8bdf2e558a70155e0c71c7efd1262d
+	reseed counter = 3
+
+COUNT = 13
+EntropyInput = de129a837b2271b3c7ebb08a0bb7ea884371784673e93cb26660633a2ca1e386
+Nonce = 3acbaca42e3ed33f3018db73785598d7
+PersonalizationString = 943259c6032aba5c0ec5305eb47c1ee60a74c3390773aadc244011e84426c17c
+** INSTANTIATE:
+	V = 7423395a789c9ea3f5f4683891de07b4c617da5541707e4fc5815a403972a500c37717a08cd145ecbd463a032af39af7e02fc5721ca244
+	C = 76d510bb835eab3061d9004e18e011d2eb8aec61715b8317bb1dcef9bca1b97b08a91347ba7b133e3340fdd39d7a058f7eafc8090059d5
+	reseed counter = 1
+EntropyInputReseed = a4cda73690ce008b641af1a96a0bde2e383953b04911b77fb24e717f80e50709
+AdditionalInputReseed = 8fdcc0b92a3c6c4ef78737db2a3e7679df86ba509007874316b3843745507b44
+** RESEED:
+	V = ac6d988d629dc8cb2f90dd517b382b62f1779c4a445bd31c08e0b240743d444f36f071c032500a61eee8fb4a52ad3f9be97dd5978f1399
+	C = f7f7c1a72733cd0ebde33473e8f00736e71d3dfb2a59193c9b5b2b60d4fc6d0b299d5577f46bf9501d60469d99b09799dab5438de461ef
+	reseed counter = 1
+AdditionalInput = 5b02cd3c2a17c1b3ab7d2d3bf1f350a861fc63675dcc8e22ccefce74f9710b56
+** GENERATE (FIRST CALL):
+	V = a4655a3489d195d9ed7411c564283299d894da456eb4ecf3832fead3fa6848419b8ab6a1c14881dc3e634460fc18ec94833f1c938cb453
+	C = f7f7c1a72733cd0ebde33473e8f00736e71d3dfb2a59193c9b5b2b60d4fc6d0b299d5577f46bf9501d60469d99b09799dab5438de461ef
+	reseed counter = 2
+AdditionalInput = 11686997e883804cb8d9eecfba76538c3f1048136bd87ec5e39b882e95bd901f
+ReturnedBits = 54c0749459510e16329d89ec4efccf7d8682e65ef46dbb45e3565f486cf95ebd40e987d543b45082ef2d7a948de673cb0b7459d1eb853eb599394755bf7b59f93d119b4c07e9a5811756a5a9911fb3842fb6163ace41b59dc37242eb8994303a8288b103b8cd499f649aca6fe5287a8d89056b57f72dcbbd4751062f5ea94200
+** GENERATE (SECOND CALL):
+	V = 9c5d1bdbb10562e8ab5746394d1839d0bfb21840990e0732b4c3451c85116f15d8c4fd73ce75343679fb82a818e7208b38b13e775ada2c
+	C = f7f7c1a72733cd0ebde33473e8f00736e71d3dfb2a59193c9b5b2b60d4fc6d0b299d5577f46bf9501d60469d99b09799dab5438de461ef
+	reseed counter = 3
+
+COUNT = 14
+EntropyInput = 5c1582c13134bd984ba6c27d32bdf3fa1847c6f9c37f9a5cb315cabac9c8f2a6
+Nonce = 5e3ebae1c1b11507e0ce8ce680657518
+PersonalizationString = 261f0fa2fc41d20363b0975c58bd79548c133a66e8edd7c440b7f69d37b03232
+** INSTANTIATE:
+	V = 9282564a632c3e1ef5c89a1744b9abe22dc7f547e6d1d58e72f1f23d6f7d22c76015590cf731a96bdf2795880b16a891890a3f101df21f
+	C = dbd5a4e3079b8d6fb86632b354054d2de04f7ec613b114abb69ceb4b432cd4950829641503d76bb3ef3960be04b4cf5c279423aac0421d
+	reseed counter = 1
+EntropyInputReseed = da390dbb1977a89830cfd02827ecf249af17baf6812961f71579b0bb0779537c
+AdditionalInputReseed = f3e9210b235796858e8188202c66e7e015c6976d4f6872b0c56b80f34b1ec44a
+** RESEED:
+	V = 906b6ed723278af0cc1476abe88a18354e28bc9acc177e8e576dc502641226d81f8aee93e6eed26086fb116da102833ae5a12646379eb8
+	C = 2360ee9bbc475544bd05c33f610351b01d0bba23c521c4399d31391ca5923a860bff142a43a209ffb296754bc2da60c25a28fc3b8ea6e7
+	reseed counter = 1
+AdditionalInput = 9ab299963bc96b27d5e806f105b930f49d4a270ec9b98d13ff438ea9c58f5b3d
+** GENERATE (FIRST CALL):
+	V = b3cc5d72df6ee035891a39eb498d69e56b3476be913943a470186ec95407d84d67c77322168b3d9913ea82658f013dd5fdd1d184abde09
+	C = 2360ee9bbc475544bd05c33f610351b01d0bba23c521c4399d31391ca5923a860bff142a43a209ffb296754bc2da60c25a28fc3b8ea6e7
+	reseed counter = 2
+AdditionalInput = 9e08aeccedd8ae05eafbbfafd8790a3e3981d85c743f5e6da18ac4f041b9e627
+ReturnedBits = 518ca27afab1b58ffa9e9d04dd7bb7bfc4119a299e08727d8cf8999dc440040f6214246c56befb2fbbc4784c96799459cfac77883a7b1fb27bb8d9c909c7e62f011cbb5c5332d780fcc500593c2a7067411f246772d822b4d6dac393c6b4820bcb6cdc2659be5434cffbd535d5130575707b94358d15b088bc4637a83a97f78f
+** GENERATE (SECOND CALL):
+	V = d72d4c0e9bb6357a461ffd2aaa90bb95884030e2565b09ac2845d0089caa54690b0a3fca26a8bd0ce224044d76d3f0233156afd27d645e
+	C = 2360ee9bbc475544bd05c33f610351b01d0bba23c521c4399d31391ca5923a860bff142a43a209ffb296754bc2da60c25a28fc3b8ea6e7
+	reseed counter = 3
diff --git a/nss/gtests/freebl_gtest/mpi_unittest.cc b/nss/gtests/freebl_gtest/mpi_unittest.cc
new file mode 100644
index 0000000..d465d5c
--- /dev/null
+++ b/nss/gtests/freebl_gtest/mpi_unittest.cc
@@ -0,0 +1,120 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "secdert.h"
+#include "secitem.h"
+#include "secport.h"
+
+#include "gtest/gtest.h"
+
+#include <stdint.h>
+#include <string.h>
+#include <string>
+
+#ifdef __MACH__
+#include <mach/clock.h>
+#include <mach/mach.h>
+#endif
+
+#include "mpi.h"
+namespace nss_test {
+
+void gettime(struct timespec *tp) {
+#ifdef __MACH__
+  clock_serv_t cclock;
+  mach_timespec_t mts;
+
+  host_get_clock_service(mach_host_self(), SYSTEM_CLOCK, &cclock);
+  clock_get_time(cclock, &mts);
+  mach_port_deallocate(mach_task_self(), cclock);
+
+  tp->tv_sec = mts.tv_sec;
+  tp->tv_nsec = mts.tv_nsec;
+#else
+  clock_gettime(CLOCK_MONOTONIC, tp);
+#endif
+}
+
+class MPITest : public ::testing::Test {
+ protected:
+  void TestCmp(const std::string a_string, const std::string b_string,
+               int result) {
+    mp_int a, b, c;
+    MP_DIGITS(&a) = 0;
+    MP_DIGITS(&b) = 0;
+    MP_DIGITS(&c) = 0;
+    ASSERT_EQ(MP_OKAY, mp_init(&a));
+    ASSERT_EQ(MP_OKAY, mp_init(&b));
+
+    mp_read_radix(&a, a_string.c_str(), 16);
+    mp_read_radix(&b, b_string.c_str(), 16);
+    EXPECT_EQ(result, mp_cmp(&a, &b));
+  }
+};
+
+TEST_F(MPITest, MpiCmp01Test) { TestCmp("0", "1", -1); }
+TEST_F(MPITest, MpiCmp10Test) { TestCmp("1", "0", 1); }
+TEST_F(MPITest, MpiCmp00Test) { TestCmp("0", "0", 0); }
+TEST_F(MPITest, MpiCmp11Test) { TestCmp("1", "1", 0); }
+
+TEST_F(MPITest, MpiCmpConstTest) {
+  mp_int a, b, c;
+  MP_DIGITS(&a) = 0;
+  MP_DIGITS(&b) = 0;
+  MP_DIGITS(&c) = 0;
+  ASSERT_EQ(MP_OKAY, mp_init(&a));
+  ASSERT_EQ(MP_OKAY, mp_init(&b));
+  ASSERT_EQ(MP_OKAY, mp_init(&c));
+
+  mp_read_radix(
+      &a,
+      const_cast<char *>(
+          "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"),
+      16);
+  mp_read_radix(
+      &b,
+      const_cast<char *>(
+          "FF0FFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"),
+      16);
+  mp_read_radix(
+      &c,
+      const_cast<char *>(
+          "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632550"),
+      16);
+
+#ifdef CT_VERIF
+  mp_taint(&b);
+  mp_taint(&c);
+#endif
+
+  uint32_t runs = 5000000;
+  uint32_t time_b = 0, time_c = 0;
+  for (uint32_t i = 0; i < runs; ++i) {
+    struct timespec start, end;
+    gettime(&start);
+    int r = mp_cmp(&a, &b);
+    gettime(&end);
+    unsigned long long used = end.tv_sec * 1000000000L + end.tv_nsec;
+    used -= static_cast<unsigned long long>(start.tv_sec * 1000000000L +
+                                            start.tv_nsec);
+    time_b += used;
+    ASSERT_EQ(1, r);
+  }
+  printf("time b: %u\n", time_b / runs);
+
+  for (uint32_t i = 0; i < runs; ++i) {
+    struct timespec start, end;
+    gettime(&start);
+    int r = mp_cmp(&a, &c);
+    gettime(&end);
+    unsigned long long used = end.tv_sec * 1000000000L + end.tv_nsec;
+    used -= static_cast<unsigned long long>(start.tv_sec * 1000000000L +
+                                            start.tv_nsec);
+    time_c += used;
+    ASSERT_EQ(1, r);
+  }
+  printf("time c: %u\n", time_c / runs);
+}
+
+}  // nss_test
diff --git a/nss/gtests/freebl_gtest/prng_kat_unittest.cc b/nss/gtests/freebl_gtest/prng_kat_unittest.cc
new file mode 100644
index 0000000..6e3c932
--- /dev/null
+++ b/nss/gtests/freebl_gtest/prng_kat_unittest.cc
@@ -0,0 +1,195 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "nspr.h"
+#include "nss.h"
+#include "ssl.h"
+
+#include <cstdlib>
+#include <fstream>
+#include <string>
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+#include "blapi.h"
+
+namespace nss_test {
+
+typedef struct PRNGTestValuesStr {
+  std::vector<uint8_t> entropy;
+  std::vector<uint8_t> nonce;
+  std::vector<uint8_t> personal;
+  std::vector<uint8_t> expected_result;
+  std::vector<uint8_t> additional_entropy;
+  std::vector<uint8_t> additional_input_reseed;
+  std::vector<std::vector<uint8_t>> additional_input;
+} PRNGTestValues;
+
+std::vector<PRNGTestValues> test_vector;
+
+bool contains(std::string& s, const char* to_find) {
+  return s.find(to_find) != std::string::npos;
+}
+
+std::string trim(std::string str) {
+  std::string whitespace = " \t";
+  const auto strBegin = str.find_first_not_of(whitespace);
+  if (strBegin == std::string::npos) {
+    return "";
+  }
+  const auto strEnd = str.find_last_not_of(whitespace);
+  const auto strRange = strEnd - strBegin + 1;
+  return str.substr(strBegin, strRange);
+}
+
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+  std::vector<uint8_t> bytes;
+  for (size_t i = 0; i < s.length() - 1; i += 2) {
+    bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
+  }
+  return bytes;
+}
+
+std::vector<uint8_t> read_option_s(std::string& s) {
+  size_t start = s.find("=") + 1;
+  assert(start > 0);
+  return hex_string_to_bytes(trim(s.substr(start, s.find("]", start))));
+}
+
+void print_bytes(std::vector<uint8_t> bytes, std::string name) {
+  std::cout << name << ": ";
+  for (auto b : bytes) {
+    std::cout << std::setfill('0') << std::setw(2) << std::hex
+              << static_cast<int>(b);
+  }
+  std::cout << std::endl;
+}
+
+static void ReadFile(const std::string file_name) {
+  std::ifstream infile(file_name);
+  std::string line;
+
+  // Variables holding the input for each test.
+  bool valid_option = false;
+
+  // Read the file.
+  std::streampos pos;
+  while (std::getline(infile, line)) {
+    // We only implement SHA256. Skip all other tests.
+    if (contains(line, "[SHA-")) {
+      valid_option = contains(line, "[SHA-256]");
+    }
+    if (!valid_option) {
+      continue;
+    }
+
+    // We ignore the options and infer them from the test case.
+
+    PRNGTestValues test;
+    if (line.find("COUNT =")) {
+      continue;
+    }
+
+    // Read test input.
+    do {
+      pos = infile.tellg();
+      std::getline(infile, line);
+      if (contains(line, "EntropyInput ")) {
+        test.entropy = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "Nonce")) {
+        test.nonce = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "PersonalizationString")) {
+        test.personal = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "AdditionalInput ")) {
+        test.additional_input.push_back(read_option_s(line));
+        continue;
+      }
+      if (contains(line, "EntropyInputReseed")) {
+        test.additional_entropy = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "AdditionalInputReseed")) {
+        test.additional_input_reseed = read_option_s(line);
+        continue;
+      }
+      if (contains(line, "ReturnedBits")) {
+        test.expected_result = read_option_s(line);
+        continue;
+      }
+    } while (!infile.eof() && line.find("COUNT =") && line.find("["));
+
+    // Save test case.
+    test_vector.push_back(test);
+    test = {};
+    infile.seekg(pos);
+  }
+}
+
+class PRNGTest : public ::testing::TestWithParam<PRNGTestValues> {
+ protected:
+  void RunTest(PRNGTestValues test) {
+    ASSERT_EQ(2U, test.additional_input.size());
+    SECStatus rv = PRNGTEST_Instantiate_Kat(
+        test.entropy.data(), test.entropy.size(), test.nonce.data(),
+        test.nonce.size(), test.personal.data(), test.personal.size());
+    ASSERT_EQ(SECSuccess, rv);
+    rv = PRNGTEST_Reseed(test.additional_entropy.data(),
+                         test.additional_entropy.size(),
+                         test.additional_input_reseed.data(),
+                         test.additional_input_reseed.size());
+    ASSERT_EQ(SECSuccess, rv);
+
+    // Generate bytes.
+    uint8_t bytes[128];
+    PRNGTEST_Generate(bytes, 128, test.additional_input[0].data(),
+                      test.additional_input[0].size());
+    PRNGTEST_Generate(bytes, 128, test.additional_input[1].data(),
+                      test.additional_input[1].size());
+    std::vector<uint8_t> result(bytes, bytes + 128);
+    if (result != test.expected_result) {
+      print_bytes(result, "result  ");
+      print_bytes(test.expected_result, "expected");
+    }
+    ASSERT_EQ(test.expected_result, result);
+    rv = PRNGTEST_Uninstantiate();
+    ASSERT_EQ(SECSuccess, rv);
+  }
+};
+
+TEST_P(PRNGTest, HashDRBG) { RunTest(GetParam()); }
+
+INSTANTIATE_TEST_CASE_P(NISTTestVector, PRNGTest,
+                        ::testing::ValuesIn(test_vector));
+
+}  // nss_test
+
+int main(int argc, char** argv) {
+  if (argc < 2) {
+    std::cout << "usage: prng_gtest <.rsp file>" << std::endl;
+    return 1;
+  }
+
+  nss_test::ReadFile(argv[1]);
+  assert(!nss_test::test_vector.empty());
+
+  ::testing::InitGoogleTest(&argc, argv);
+
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return 1;
+  }
+  int rv = RUN_ALL_TESTS();
+
+  if (NSS_Shutdown() != SECSuccess) {
+    return 1;
+  }
+
+  return rv;
+}
diff --git a/nss/gtests/google_test/Makefile b/nss/gtests/google_test/Makefile
new file mode 100644
index 0000000..21fef55
--- /dev/null
+++ b/nss/gtests/google_test/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/gtests/google_test/google_test.gyp b/nss/gtests/google_test/google_test.gyp
new file mode 100644
index 0000000..b3a11b7
--- /dev/null
+++ b/nss/gtests/google_test/google_test.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'gtest',
+      'type': 'static_library',
+      'sources': [
+        'gtest/src/gtest-all.cc'
+      ],
+    },
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      'gtest'
+    ],
+  },
+  'variables': {
+    'module': 'gtest'
+  }
+}
diff --git a/nss/gtests/google_test/gtest/CHANGES b/nss/gtests/google_test/gtest/CHANGES
new file mode 100644
index 0000000..0552132
--- /dev/null
+++ b/nss/gtests/google_test/gtest/CHANGES
@@ -0,0 +1,157 @@
+Changes for 1.7.0:
+
+* New feature: death tests are supported on OpenBSD and in iOS
+  simulator now.
+* New feature: Google Test now implements a protocol to allow
+  a test runner to detect that a test program has exited
+  prematurely and report it as a failure (before it would be
+  falsely reported as a success if the exit code is 0).
+* New feature: Test::RecordProperty() can now be used outside of the
+  lifespan of a test method, in which case it will be attributed to
+  the current test case or the test program in the XML report.
+* New feature (potentially breaking): --gtest_list_tests now prints
+  the type parameters and value parameters for each test.
+* Improvement: char pointers and char arrays are now escaped properly
+  in failure messages.
+* Improvement: failure summary in XML reports now includes file and
+  line information.
+* Improvement: the <testsuites> XML element now has a timestamp attribute.
+* Improvement: When --gtest_filter is specified, XML report now doesn't
+  contain information about tests that are filtered out.
+* Fixed the bug where long --gtest_filter flag values are truncated in
+  death tests.
+* Potentially breaking change: RUN_ALL_TESTS() is now implemented as a
+  function instead of a macro in order to work better with Clang.
+* Compatibility fixes with C++ 11 and various platforms.
+* Bug/warning fixes.
+
+Changes for 1.6.0:
+
+* New feature: ADD_FAILURE_AT() for reporting a test failure at the
+  given source location -- useful for writing testing utilities.
+* New feature: the universal value printer is moved from Google Mock
+  to Google Test.
+* New feature: type parameters and value parameters are reported in
+  the XML report now.
+* A gtest_disable_pthreads CMake option.
+* Colored output works in GNU Screen sessions now.
+* Parameters of value-parameterized tests are now printed in the
+  textual output.
+* Failures from ad hoc test assertions run before RUN_ALL_TESTS() are
+  now correctly reported.
+* Arguments of ASSERT_XY and EXPECT_XY no longer need to support << to
+  ostream.
+* More complete handling of exceptions.
+* GTEST_ASSERT_XY can be used instead of ASSERT_XY in case the latter
+  name is already used by another library.
+* --gtest_catch_exceptions is now true by default, allowing a test
+  program to continue after an exception is thrown.
+* Value-parameterized test fixtures can now derive from Test and
+  WithParamInterface<T> separately, easing conversion of legacy tests.
+* Death test messages are clearly marked to make them more
+  distinguishable from other messages.
+* Compatibility fixes for Android, Google Native Client, MinGW, HP UX,
+  PowerPC, Lucid autotools, libCStd, Sun C++, Borland C++ Builder (Code Gear),
+  IBM XL C++ (Visual Age C++), and C++0x.
+* Bug fixes and implementation clean-ups.
+* Potentially incompatible changes: disables the harmful 'make install'
+  command in autotools.
+
+Changes for 1.5.0:
+
+ * New feature: assertions can be safely called in multiple threads
+   where the pthreads library is available.
+ * New feature: predicates used inside EXPECT_TRUE() and friends
+   can now generate custom failure messages.
+ * New feature: Google Test can now be compiled as a DLL.
+ * New feature: fused source files are included.
+ * New feature: prints help when encountering unrecognized Google Test flags.
+ * Experimental feature: CMake build script (requires CMake 2.6.4+).
+ * Experimental feature: the Pump script for meta programming.
+ * double values streamed to an assertion are printed with enough precision
+   to differentiate any two different values.
+ * Google Test now works on Solaris and AIX.
+ * Build and test script improvements.
+ * Bug fixes and implementation clean-ups.
+
+ Potentially breaking changes:
+
+ * Stopped supporting VC++ 7.1 with exceptions disabled.
+ * Dropped support for 'make install'.
+
+Changes for 1.4.0:
+
+ * New feature: the event listener API
+ * New feature: test shuffling
+ * New feature: the XML report format is closer to junitreport and can
+   be parsed by Hudson now.
+ * New feature: when a test runs under Visual Studio, its failures are
+   integrated in the IDE.
+ * New feature: /MD(d) versions of VC++ projects.
+ * New feature: elapsed time for the tests is printed by default.
+ * New feature: comes with a TR1 tuple implementation such that Boost
+   is no longer needed for Combine().
+ * New feature: EXPECT_DEATH_IF_SUPPORTED macro and friends.
+ * New feature: the Xcode project can now produce static gtest
+   libraries in addition to a framework.
+ * Compatibility fixes for Solaris, Cygwin, minGW, Windows Mobile,
+   Symbian, gcc, and C++Builder.
+ * Bug fixes and implementation clean-ups.
+
+Changes for 1.3.0:
+
+ * New feature: death tests on Windows, Cygwin, and Mac.
+ * New feature: ability to use Google Test assertions in other testing
+   frameworks.
+ * New feature: ability to run disabled test via
+   --gtest_also_run_disabled_tests.
+ * New feature: the --help flag for printing the usage.
+ * New feature: access to Google Test flag values in user code.
+ * New feature: a script that packs Google Test into one .h and one
+   .cc file for easy deployment.
+ * New feature: support for distributing test functions to multiple
+   machines (requires support from the test runner).
+ * Bug fixes and implementation clean-ups.
+
+Changes for 1.2.1:
+
+ * Compatibility fixes for Linux IA-64 and IBM z/OS.
+ * Added support for using Boost and other TR1 implementations.
+ * Changes to the build scripts to support upcoming release of Google C++
+   Mocking Framework.
+ * Added Makefile to the distribution package.
+ * Improved build instructions in README.
+
+Changes for 1.2.0:
+
+ * New feature: value-parameterized tests.
+ * New feature: the ASSERT/EXPECT_(NON)FATAL_FAILURE(_ON_ALL_THREADS)
+   macros.
+ * Changed the XML report format to match JUnit/Ant's.
+ * Added tests to the Xcode project.
+ * Added scons/SConscript for building with SCons.
+ * Added src/gtest-all.cc for building Google Test from a single file.
+ * Fixed compatibility with Solaris and z/OS.
+ * Enabled running Python tests on systems with python 2.3 installed,
+   e.g. Mac OS X 10.4.
+ * Bug fixes.
+
+Changes for 1.1.0:
+
+ * New feature: type-parameterized tests.
+ * New feature: exception assertions.
+ * New feature: printing elapsed time of tests.
+ * Improved the robustness of death tests.
+ * Added an Xcode project and samples.
+ * Adjusted the output format on Windows to be understandable by Visual Studio.
+ * Minor bug fixes.
+
+Changes for 1.0.1:
+
+ * Added project files for Visual Studio 7.1.
+ * Fixed issues with compiling on Mac OS X.
+ * Fixed issues with compiling on Cygwin.
+
+Changes for 1.0.0:
+
+ * Initial Open Source release of Google Test
diff --git a/nss/gtests/google_test/gtest/CMakeLists.txt b/nss/gtests/google_test/gtest/CMakeLists.txt
new file mode 100644
index 0000000..bd78cfe
--- /dev/null
+++ b/nss/gtests/google_test/gtest/CMakeLists.txt
@@ -0,0 +1,260 @@
+########################################################################
+# CMake build script for Google Test.
+#
+# To run the tests for Google Test itself on Linux, use 'make test' or
+# ctest.  You can select which tests to run using 'ctest -R regex'.
+# For more options, run 'ctest --help'.
+
+# BUILD_SHARED_LIBS is a standard CMake variable, but we declare it here to
+# make it prominent in the GUI.
+option(BUILD_SHARED_LIBS "Build shared libraries (DLLs)." OFF)
+
+# When other libraries are using a shared version of runtime libraries,
+# Google Test also has to use one.
+option(
+  gtest_force_shared_crt
+  "Use shared (DLL) run-time lib even when Google Test is built as static lib."
+  OFF)
+
+option(gtest_build_tests "Build all of gtest's own tests." OFF)
+
+option(gtest_build_samples "Build gtest's sample programs." OFF)
+
+option(gtest_disable_pthreads "Disable uses of pthreads in gtest." OFF)
+
+# Defines pre_project_set_up_hermetic_build() and set_up_hermetic_build().
+include(cmake/hermetic_build.cmake OPTIONAL)
+
+if (COMMAND pre_project_set_up_hermetic_build)
+  pre_project_set_up_hermetic_build()
+endif()
+
+########################################################################
+#
+# Project-wide settings
+
+# Name of the project.
+#
+# CMake files in this project can refer to the root source directory
+# as ${gtest_SOURCE_DIR} and to the root binary directory as
+# ${gtest_BINARY_DIR}.
+# Language "C" is required for find_package(Threads).
+project(gtest CXX C)
+cmake_minimum_required(VERSION 2.6.2)
+
+if (COMMAND set_up_hermetic_build)
+  set_up_hermetic_build()
+endif()
+
+# Define helper functions and macros used by Google Test.
+include(cmake/internal_utils.cmake)
+
+config_compiler_and_linker()  # Defined in internal_utils.cmake.
+
+# Where Google Test's .h files can be found.
+include_directories(
+  ${gtest_SOURCE_DIR}/include
+  ${gtest_SOURCE_DIR})
+
+# Where Google Test's libraries can be found.
+link_directories(${gtest_BINARY_DIR}/src)
+
+# Summary of tuple support for Microsoft Visual Studio:
+# Compiler    version(MS)  version(cmake)  Support
+# ----------  -----------  --------------  -----------------------------
+# <= VS 2010  <= 10        <= 1600         Use Google Tests's own tuple.
+# VS 2012     11           1700            std::tr1::tuple + _VARIADIC_MAX=10
+# VS 2013     12           1800            std::tr1::tuple
+if (MSVC AND MSVC_VERSION EQUAL 1700)
+  add_definitions(/D _VARIADIC_MAX=10)
+endif()
+
+########################################################################
+#
+# Defines the gtest & gtest_main libraries.  User tests should link
+# with one of them.
+
+# Google Test libraries.  We build them using more strict warnings than what
+# are used for other targets, to ensure that gtest can be compiled by a user
+# aggressive about warnings.
+cxx_library(gtest "${cxx_strict}" src/gtest-all.cc)
+cxx_library(gtest_main "${cxx_strict}" src/gtest_main.cc)
+target_link_libraries(gtest_main gtest)
+
+########################################################################
+#
+# Samples on how to link user tests with gtest or gtest_main.
+#
+# They are not built by default.  To build them, set the
+# gtest_build_samples option to ON.  You can do it by running ccmake
+# or specifying the -Dgtest_build_samples=ON flag when running cmake.
+
+if (gtest_build_samples)
+  cxx_executable(sample1_unittest samples gtest_main samples/sample1.cc)
+  cxx_executable(sample2_unittest samples gtest_main samples/sample2.cc)
+  cxx_executable(sample3_unittest samples gtest_main)
+  cxx_executable(sample4_unittest samples gtest_main samples/sample4.cc)
+  cxx_executable(sample5_unittest samples gtest_main samples/sample1.cc)
+  cxx_executable(sample6_unittest samples gtest_main)
+  cxx_executable(sample7_unittest samples gtest_main)
+  cxx_executable(sample8_unittest samples gtest_main)
+  cxx_executable(sample9_unittest samples gtest)
+  cxx_executable(sample10_unittest samples gtest)
+endif()
+
+########################################################################
+#
+# Google Test's own tests.
+#
+# You can skip this section if you aren't interested in testing
+# Google Test itself.
+#
+# The tests are not built by default.  To build them, set the
+# gtest_build_tests option to ON.  You can do it by running ccmake
+# or specifying the -Dgtest_build_tests=ON flag when running cmake.
+
+if (gtest_build_tests)
+  # This must be set in the root directory for the tests to be run by
+  # 'make test' or ctest.
+  enable_testing()
+
+  ############################################################
+  # C++ tests built with standard compiler flags.
+
+  cxx_test(gtest-death-test_test gtest_main)
+  cxx_test(gtest_environment_test gtest)
+  cxx_test(gtest-filepath_test gtest_main)
+  cxx_test(gtest-linked_ptr_test gtest_main)
+  cxx_test(gtest-listener_test gtest_main)
+  cxx_test(gtest_main_unittest gtest_main)
+  cxx_test(gtest-message_test gtest_main)
+  cxx_test(gtest_no_test_unittest gtest)
+  cxx_test(gtest-options_test gtest_main)
+  cxx_test(gtest-param-test_test gtest
+    test/gtest-param-test2_test.cc)
+  cxx_test(gtest-port_test gtest_main)
+  cxx_test(gtest_pred_impl_unittest gtest_main)
+  cxx_test(gtest_premature_exit_test gtest
+    test/gtest_premature_exit_test.cc)
+  cxx_test(gtest-printers_test gtest_main)
+  cxx_test(gtest_prod_test gtest_main
+    test/production.cc)
+  cxx_test(gtest_repeat_test gtest)
+  cxx_test(gtest_sole_header_test gtest_main)
+  cxx_test(gtest_stress_test gtest)
+  cxx_test(gtest-test-part_test gtest_main)
+  cxx_test(gtest_throw_on_failure_ex_test gtest)
+  cxx_test(gtest-typed-test_test gtest_main
+    test/gtest-typed-test2_test.cc)
+  cxx_test(gtest_unittest gtest_main)
+  cxx_test(gtest-unittest-api_test gtest)
+
+  ############################################################
+  # C++ tests built with non-standard compiler flags.
+
+  # MSVC 7.1 does not support STL with exceptions disabled.
+  if (NOT MSVC OR MSVC_VERSION GREATER 1310)
+    cxx_library(gtest_no_exception "${cxx_no_exception}"
+      src/gtest-all.cc)
+    cxx_library(gtest_main_no_exception "${cxx_no_exception}"
+      src/gtest-all.cc src/gtest_main.cc)
+  endif()
+  cxx_library(gtest_main_no_rtti "${cxx_no_rtti}"
+    src/gtest-all.cc src/gtest_main.cc)
+
+  cxx_test_with_flags(gtest-death-test_ex_nocatch_test
+    "${cxx_exception} -DGTEST_ENABLE_CATCH_EXCEPTIONS_=0"
+    gtest test/gtest-death-test_ex_test.cc)
+  cxx_test_with_flags(gtest-death-test_ex_catch_test
+    "${cxx_exception} -DGTEST_ENABLE_CATCH_EXCEPTIONS_=1"
+    gtest test/gtest-death-test_ex_test.cc)
+
+  cxx_test_with_flags(gtest_no_rtti_unittest "${cxx_no_rtti}"
+    gtest_main_no_rtti test/gtest_unittest.cc)
+
+  cxx_shared_library(gtest_dll "${cxx_default}"
+    src/gtest-all.cc src/gtest_main.cc)
+
+  cxx_executable_with_flags(gtest_dll_test_ "${cxx_default}"
+    gtest_dll test/gtest_all_test.cc)
+  set_target_properties(gtest_dll_test_
+                        PROPERTIES
+                        COMPILE_DEFINITIONS "GTEST_LINKED_AS_SHARED_LIBRARY=1")
+
+  if (NOT MSVC OR MSVC_VERSION LESS 1600)  # 1600 is Visual Studio 2010.
+    # Visual Studio 2010, 2012, and 2013 define symbols in std::tr1 that
+    # conflict with our own definitions. Therefore using our own tuple does not
+    # work on those compilers.
+    cxx_library(gtest_main_use_own_tuple "${cxx_use_own_tuple}"
+      src/gtest-all.cc src/gtest_main.cc)
+
+    cxx_test_with_flags(gtest-tuple_test "${cxx_use_own_tuple}"
+      gtest_main_use_own_tuple test/gtest-tuple_test.cc)
+
+    cxx_test_with_flags(gtest_use_own_tuple_test "${cxx_use_own_tuple}"
+      gtest_main_use_own_tuple
+      test/gtest-param-test_test.cc test/gtest-param-test2_test.cc)
+  endif()
+
+  ############################################################
+  # Python tests.
+
+  cxx_executable(gtest_break_on_failure_unittest_ test gtest)
+  py_test(gtest_break_on_failure_unittest)
+
+  # Visual Studio .NET 2003 does not support STL with exceptions disabled.
+  if (NOT MSVC OR MSVC_VERSION GREATER 1310)  # 1310 is Visual Studio .NET 2003
+    cxx_executable_with_flags(
+      gtest_catch_exceptions_no_ex_test_
+      "${cxx_no_exception}"
+      gtest_main_no_exception
+      test/gtest_catch_exceptions_test_.cc)
+  endif()
+
+  cxx_executable_with_flags(
+    gtest_catch_exceptions_ex_test_
+    "${cxx_exception}"
+    gtest_main
+    test/gtest_catch_exceptions_test_.cc)
+  py_test(gtest_catch_exceptions_test)
+
+  cxx_executable(gtest_color_test_ test gtest)
+  py_test(gtest_color_test)
+
+  cxx_executable(gtest_env_var_test_ test gtest)
+  py_test(gtest_env_var_test)
+
+  cxx_executable(gtest_filter_unittest_ test gtest)
+  py_test(gtest_filter_unittest)
+
+  cxx_executable(gtest_help_test_ test gtest_main)
+  py_test(gtest_help_test)
+
+  cxx_executable(gtest_list_tests_unittest_ test gtest)
+  py_test(gtest_list_tests_unittest)
+
+  cxx_executable(gtest_output_test_ test gtest)
+  py_test(gtest_output_test)
+
+  cxx_executable(gtest_shuffle_test_ test gtest)
+  py_test(gtest_shuffle_test)
+
+  # MSVC 7.1 does not support STL with exceptions disabled.
+  if (NOT MSVC OR MSVC_VERSION GREATER 1310)
+    cxx_executable(gtest_throw_on_failure_test_ test gtest_no_exception)
+    set_target_properties(gtest_throw_on_failure_test_
+      PROPERTIES
+      COMPILE_FLAGS "${cxx_no_exception}")
+    py_test(gtest_throw_on_failure_test)
+  endif()
+
+  cxx_executable(gtest_uninitialized_test_ test gtest)
+  py_test(gtest_uninitialized_test)
+
+  cxx_executable(gtest_xml_outfile1_test_ test gtest_main)
+  cxx_executable(gtest_xml_outfile2_test_ test gtest_main)
+  py_test(gtest_xml_outfiles_test)
+
+  cxx_executable(gtest_xml_output_unittest_ test gtest)
+  py_test(gtest_xml_output_unittest)
+endif()
diff --git a/nss/gtests/google_test/gtest/CONTRIBUTORS b/nss/gtests/google_test/gtest/CONTRIBUTORS
new file mode 100644
index 0000000..feae2fc
--- /dev/null
+++ b/nss/gtests/google_test/gtest/CONTRIBUTORS
@@ -0,0 +1,37 @@
+# This file contains a list of people who've made non-trivial
+# contribution to the Google C++ Testing Framework project.  People
+# who commit code to the project are encouraged to add their names
+# here.  Please keep the list sorted by first names.
+
+Ajay Joshi <jaj@google.com>
+Balázs Dán <balazs.dan@gmail.com>
+Bharat Mediratta <bharat@menalto.com>
+Chandler Carruth <chandlerc@google.com>
+Chris Prince <cprince@google.com>
+Chris Taylor <taylorc@google.com>
+Dan Egnor <egnor@google.com>
+Eric Roman <eroman@chromium.org>
+Hady Zalek <hady.zalek@gmail.com>
+Jeffrey Yasskin <jyasskin@google.com>
+Jói Sigurðsson <joi@google.com>
+Keir Mierle <mierle@gmail.com>
+Keith Ray <keith.ray@gmail.com>
+Kenton Varda <kenton@google.com>
+Manuel Klimek <klimek@google.com>
+Markus Heule <markus.heule@gmail.com>
+Mika Raento <mikie@iki.fi>
+Miklós Fazekas <mfazekas@szemafor.com>
+Pasi Valminen <pasi.valminen@gmail.com>
+Patrick Hanna <phanna@google.com>
+Patrick Riley <pfr@google.com>
+Peter Kaminski <piotrk@google.com>
+Preston Jackson <preston.a.jackson@gmail.com>
+Rainer Klaffenboeck <rainer.klaffenboeck@dynatrace.com>
+Russ Cox <rsc@google.com>
+Russ Rufer <russ@pentad.com>
+Sean Mcafee <eefacm@gmail.com>
+Sigurður �sgeirsson <siggi@google.com>
+Tracy Bialik <tracy@pentad.com>
+Vadim Berman <vadimb@google.com>
+Vlad Losev <vladl@google.com>
+Zhanyong Wan <wan@google.com>
diff --git a/nss/gtests/google_test/gtest/LICENSE b/nss/gtests/google_test/gtest/LICENSE
new file mode 100644
index 0000000..1941a11
--- /dev/null
+++ b/nss/gtests/google_test/gtest/LICENSE
@@ -0,0 +1,28 @@
+Copyright 2008, Google Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+    * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/nss/gtests/google_test/gtest/Makefile.am b/nss/gtests/google_test/gtest/Makefile.am
new file mode 100644
index 0000000..9c96b42
--- /dev/null
+++ b/nss/gtests/google_test/gtest/Makefile.am
@@ -0,0 +1,306 @@
+# Automake file
+
+ACLOCAL_AMFLAGS = -I m4
+
+# Nonstandard package files for distribution
+EXTRA_DIST = \
+  CHANGES \
+  CONTRIBUTORS \
+  LICENSE \
+  include/gtest/gtest-param-test.h.pump \
+  include/gtest/internal/gtest-param-util-generated.h.pump \
+  include/gtest/internal/gtest-tuple.h.pump \
+  include/gtest/internal/gtest-type-util.h.pump \
+  make/Makefile \
+  scripts/fuse_gtest_files.py \
+  scripts/gen_gtest_pred_impl.py \
+  scripts/pump.py \
+  scripts/test/Makefile
+
+# gtest source files that we don't compile directly.  They are
+# #included by gtest-all.cc.
+GTEST_SRC = \
+  src/gtest-death-test.cc \
+  src/gtest-filepath.cc \
+  src/gtest-internal-inl.h \
+  src/gtest-port.cc \
+  src/gtest-printers.cc \
+  src/gtest-test-part.cc \
+  src/gtest-typed-test.cc \
+  src/gtest.cc
+
+EXTRA_DIST += $(GTEST_SRC)
+
+# Sample files that we don't compile.
+EXTRA_DIST += \
+  samples/prime_tables.h \
+  samples/sample2_unittest.cc \
+  samples/sample3_unittest.cc \
+  samples/sample4_unittest.cc \
+  samples/sample5_unittest.cc \
+  samples/sample6_unittest.cc \
+  samples/sample7_unittest.cc \
+  samples/sample8_unittest.cc \
+  samples/sample9_unittest.cc
+
+# C++ test files that we don't compile directly.
+EXTRA_DIST += \
+  test/gtest-death-test_ex_test.cc \
+  test/gtest-death-test_test.cc \
+  test/gtest-filepath_test.cc \
+  test/gtest-linked_ptr_test.cc \
+  test/gtest-listener_test.cc \
+  test/gtest-message_test.cc \
+  test/gtest-options_test.cc \
+  test/gtest-param-test2_test.cc \
+  test/gtest-param-test2_test.cc \
+  test/gtest-param-test_test.cc \
+  test/gtest-param-test_test.cc \
+  test/gtest-param-test_test.h \
+  test/gtest-port_test.cc \
+  test/gtest_premature_exit_test.cc \
+  test/gtest-printers_test.cc \
+  test/gtest-test-part_test.cc \
+  test/gtest-tuple_test.cc \
+  test/gtest-typed-test2_test.cc \
+  test/gtest-typed-test_test.cc \
+  test/gtest-typed-test_test.h \
+  test/gtest-unittest-api_test.cc \
+  test/gtest_break_on_failure_unittest_.cc \
+  test/gtest_catch_exceptions_test_.cc \
+  test/gtest_color_test_.cc \
+  test/gtest_env_var_test_.cc \
+  test/gtest_environment_test.cc \
+  test/gtest_filter_unittest_.cc \
+  test/gtest_help_test_.cc \
+  test/gtest_list_tests_unittest_.cc \
+  test/gtest_main_unittest.cc \
+  test/gtest_no_test_unittest.cc \
+  test/gtest_output_test_.cc \
+  test/gtest_pred_impl_unittest.cc \
+  test/gtest_prod_test.cc \
+  test/gtest_repeat_test.cc \
+  test/gtest_shuffle_test_.cc \
+  test/gtest_sole_header_test.cc \
+  test/gtest_stress_test.cc \
+  test/gtest_throw_on_failure_ex_test.cc \
+  test/gtest_throw_on_failure_test_.cc \
+  test/gtest_uninitialized_test_.cc \
+  test/gtest_unittest.cc \
+  test/gtest_unittest.cc \
+  test/gtest_xml_outfile1_test_.cc \
+  test/gtest_xml_outfile2_test_.cc \
+  test/gtest_xml_output_unittest_.cc \
+  test/production.cc \
+  test/production.h
+
+# Python tests that we don't run.
+EXTRA_DIST += \
+  test/gtest_break_on_failure_unittest.py \
+  test/gtest_catch_exceptions_test.py \
+  test/gtest_color_test.py \
+  test/gtest_env_var_test.py \
+  test/gtest_filter_unittest.py \
+  test/gtest_help_test.py \
+  test/gtest_list_tests_unittest.py \
+  test/gtest_output_test.py \
+  test/gtest_output_test_golden_lin.txt \
+  test/gtest_shuffle_test.py \
+  test/gtest_test_utils.py \
+  test/gtest_throw_on_failure_test.py \
+  test/gtest_uninitialized_test.py \
+  test/gtest_xml_outfiles_test.py \
+  test/gtest_xml_output_unittest.py \
+  test/gtest_xml_test_utils.py
+
+# CMake script
+EXTRA_DIST += \
+  CMakeLists.txt \
+  cmake/internal_utils.cmake
+
+# MSVC project files
+EXTRA_DIST += \
+  msvc/gtest-md.sln \
+  msvc/gtest-md.vcproj \
+  msvc/gtest.sln \
+  msvc/gtest.vcproj \
+  msvc/gtest_main-md.vcproj \
+  msvc/gtest_main.vcproj \
+  msvc/gtest_prod_test-md.vcproj \
+  msvc/gtest_prod_test.vcproj \
+  msvc/gtest_unittest-md.vcproj \
+  msvc/gtest_unittest.vcproj
+
+# xcode project files
+EXTRA_DIST += \
+  xcode/Config/DebugProject.xcconfig \
+  xcode/Config/FrameworkTarget.xcconfig \
+  xcode/Config/General.xcconfig \
+  xcode/Config/ReleaseProject.xcconfig \
+  xcode/Config/StaticLibraryTarget.xcconfig \
+  xcode/Config/TestTarget.xcconfig \
+  xcode/Resources/Info.plist \
+  xcode/Scripts/runtests.sh \
+  xcode/Scripts/versiongenerate.py \
+  xcode/gtest.xcodeproj/project.pbxproj
+
+# xcode sample files
+EXTRA_DIST += \
+  xcode/Samples/FrameworkSample/Info.plist \
+  xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj \
+  xcode/Samples/FrameworkSample/runtests.sh \
+  xcode/Samples/FrameworkSample/widget.cc \
+  xcode/Samples/FrameworkSample/widget.h \
+  xcode/Samples/FrameworkSample/widget_test.cc
+
+# C++Builder project files
+EXTRA_DIST += \
+  codegear/gtest.cbproj \
+  codegear/gtest.groupproj \
+  codegear/gtest_all.cc \
+  codegear/gtest_link.cc \
+  codegear/gtest_main.cbproj \
+  codegear/gtest_unittest.cbproj
+
+# Distribute and install M4 macro
+m4datadir = $(datadir)/aclocal
+m4data_DATA = m4/gtest.m4
+EXTRA_DIST += $(m4data_DATA)
+
+# We define the global AM_CPPFLAGS as everything we compile includes from these
+# directories.
+AM_CPPFLAGS = -I$(srcdir) -I$(srcdir)/include
+
+# Modifies compiler and linker flags for pthreads compatibility.
+if HAVE_PTHREADS
+  AM_CXXFLAGS = @PTHREAD_CFLAGS@ -DGTEST_HAS_PTHREAD=1
+  AM_LIBS = @PTHREAD_LIBS@
+else
+  AM_CXXFLAGS = -DGTEST_HAS_PTHREAD=0
+endif
+
+# Build rules for libraries.
+lib_LTLIBRARIES = lib/libgtest.la lib/libgtest_main.la
+
+lib_libgtest_la_SOURCES = src/gtest-all.cc
+
+pkginclude_HEADERS = \
+  include/gtest/gtest-death-test.h \
+  include/gtest/gtest-message.h \
+  include/gtest/gtest-param-test.h \
+  include/gtest/gtest-printers.h \
+  include/gtest/gtest-spi.h \
+  include/gtest/gtest-test-part.h \
+  include/gtest/gtest-typed-test.h \
+  include/gtest/gtest.h \
+  include/gtest/gtest_pred_impl.h \
+  include/gtest/gtest_prod.h
+
+pkginclude_internaldir = $(pkgincludedir)/internal
+pkginclude_internal_HEADERS = \
+  include/gtest/internal/gtest-death-test-internal.h \
+  include/gtest/internal/gtest-filepath.h \
+  include/gtest/internal/gtest-internal.h \
+  include/gtest/internal/gtest-linked_ptr.h \
+  include/gtest/internal/gtest-param-util-generated.h \
+  include/gtest/internal/gtest-param-util.h \
+  include/gtest/internal/gtest-port.h \
+  include/gtest/internal/gtest-string.h \
+  include/gtest/internal/gtest-tuple.h \
+  include/gtest/internal/gtest-type-util.h
+
+lib_libgtest_main_la_SOURCES = src/gtest_main.cc
+lib_libgtest_main_la_LIBADD = lib/libgtest.la
+
+# Bulid rules for samples and tests. Automake's naming for some of
+# these variables isn't terribly obvious, so this is a brief
+# reference:
+#
+# TESTS -- Programs run automatically by "make check"
+# check_PROGRAMS -- Programs built by "make check" but not necessarily run
+
+noinst_LTLIBRARIES = samples/libsamples.la
+
+samples_libsamples_la_SOURCES = \
+  samples/sample1.cc \
+  samples/sample1.h \
+  samples/sample2.cc \
+  samples/sample2.h \
+  samples/sample3-inl.h \
+  samples/sample4.cc \
+  samples/sample4.h
+
+TESTS=
+TESTS_ENVIRONMENT = GTEST_SOURCE_DIR="$(srcdir)/test" \
+                    GTEST_BUILD_DIR="$(top_builddir)/test"
+check_PROGRAMS=
+
+# A simple sample on using gtest.
+TESTS += samples/sample1_unittest
+check_PROGRAMS += samples/sample1_unittest
+samples_sample1_unittest_SOURCES = samples/sample1_unittest.cc
+samples_sample1_unittest_LDADD = lib/libgtest_main.la \
+                                 lib/libgtest.la \
+                                 samples/libsamples.la
+
+# Another sample.  It also verifies that libgtest works.
+TESTS += samples/sample10_unittest
+check_PROGRAMS += samples/sample10_unittest
+samples_sample10_unittest_SOURCES = samples/sample10_unittest.cc
+samples_sample10_unittest_LDADD = lib/libgtest.la
+
+# This tests most constructs of gtest and verifies that libgtest_main
+# and libgtest work.
+TESTS += test/gtest_all_test
+check_PROGRAMS += test/gtest_all_test
+test_gtest_all_test_SOURCES = test/gtest_all_test.cc
+test_gtest_all_test_LDADD = lib/libgtest_main.la \
+                            lib/libgtest.la
+
+# Tests that fused gtest files compile and work.
+FUSED_GTEST_SRC = \
+  fused-src/gtest/gtest-all.cc \
+  fused-src/gtest/gtest.h \
+  fused-src/gtest/gtest_main.cc
+
+if HAVE_PYTHON
+TESTS += test/fused_gtest_test
+check_PROGRAMS += test/fused_gtest_test
+test_fused_gtest_test_SOURCES = $(FUSED_GTEST_SRC) \
+                                samples/sample1.cc samples/sample1_unittest.cc
+test_fused_gtest_test_CPPFLAGS = -I"$(srcdir)/fused-src"
+
+# Build rules for putting fused Google Test files into the distribution
+# package. The user can also create those files by manually running
+# scripts/fuse_gtest_files.py.
+$(test_fused_gtest_test_SOURCES): fused-gtest
+
+fused-gtest: $(pkginclude_HEADERS) $(pkginclude_internal_HEADERS) \
+             $(GTEST_SRC) src/gtest-all.cc src/gtest_main.cc \
+             scripts/fuse_gtest_files.py
+	mkdir -p "$(srcdir)/fused-src"
+	chmod -R u+w "$(srcdir)/fused-src"
+	rm -f "$(srcdir)/fused-src/gtest/gtest-all.cc"
+	rm -f "$(srcdir)/fused-src/gtest/gtest.h"
+	"$(srcdir)/scripts/fuse_gtest_files.py" "$(srcdir)/fused-src"
+	cp -f "$(srcdir)/src/gtest_main.cc" "$(srcdir)/fused-src/gtest/"
+
+maintainer-clean-local:
+	rm -rf "$(srcdir)/fused-src"
+endif
+
+# Death tests may produce core dumps in the build directory. In case
+# this happens, clean them to keep distcleancheck happy.
+CLEANFILES = core
+
+# Disables 'make install' as installing a compiled version of Google
+# Test can lead to undefined behavior due to violation of the
+# One-Definition Rule.
+
+install-exec-local:
+	echo "'make install' is dangerous and not supported. Instead, see README for how to integrate Google Test into your build system."
+	false
+
+install-data-local:
+	echo "'make install' is dangerous and not supported. Instead, see README for how to integrate Google Test into your build system."
+	false
diff --git a/nss/gtests/google_test/gtest/README b/nss/gtests/google_test/gtest/README
new file mode 100644
index 0000000..404bf3b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/README
@@ -0,0 +1,435 @@
+Google C++ Testing Framework
+============================
+
+http://code.google.com/p/googletest/
+
+Overview
+--------
+
+Google's framework for writing C++ tests on a variety of platforms
+(Linux, Mac OS X, Windows, Windows CE, Symbian, etc).  Based on the
+xUnit architecture.  Supports automatic test discovery, a rich set of
+assertions, user-defined assertions, death tests, fatal and non-fatal
+failures, various options for running the tests, and XML test report
+generation.
+
+Please see the project page above for more information as well as the
+mailing list for questions, discussions, and development.  There is
+also an IRC channel on OFTC (irc.oftc.net) #gtest available.  Please
+join us!
+
+Requirements for End Users
+--------------------------
+
+Google Test is designed to have fairly minimal requirements to build
+and use with your projects, but there are some.  Currently, we support
+Linux, Windows, Mac OS X, and Cygwin.  We will also make our best
+effort to support other platforms (e.g. Solaris, AIX, and z/OS).
+However, since core members of the Google Test project have no access
+to these platforms, Google Test may have outstanding issues there.  If
+you notice any problems on your platform, please notify
+googletestframework@googlegroups.com.  Patches for fixing them are
+even more welcome!
+
+### Linux Requirements ###
+
+These are the base requirements to build and use Google Test from a source
+package (as described below):
+  * GNU-compatible Make or gmake
+  * POSIX-standard shell
+  * POSIX(-2) Regular Expressions (regex.h)
+  * A C++98-standard-compliant compiler
+
+### Windows Requirements ###
+
+  * Microsoft Visual C++ 7.1 or newer
+
+### Cygwin Requirements ###
+
+  * Cygwin 1.5.25-14 or newer
+
+### Mac OS X Requirements ###
+
+  * Mac OS X 10.4 Tiger or newer
+  * Developer Tools Installed
+
+Also, you'll need CMake 2.6.4 or higher if you want to build the
+samples using the provided CMake script, regardless of the platform.
+
+Requirements for Contributors
+-----------------------------
+
+We welcome patches.  If you plan to contribute a patch, you need to
+build Google Test and its own tests from an SVN checkout (described
+below), which has further requirements:
+
+  * Python version 2.3 or newer (for running some of the tests and
+    re-generating certain source files from templates)
+  * CMake 2.6.4 or newer
+
+Getting the Source
+------------------
+
+There are two primary ways of getting Google Test's source code: you
+can download a stable source release in your preferred archive format,
+or directly check out the source from our Subversion (SVN) repository.
+The SVN checkout requires a few extra steps and some extra software
+packages on your system, but lets you track the latest development and
+make patches much more easily, so we highly encourage it.
+
+### Source Package ###
+
+Google Test is released in versioned source packages which can be
+downloaded from the download page [1].  Several different archive
+formats are provided, but the only difference is the tools used to
+manipulate them, and the size of the resulting file.  Download
+whichever you are most comfortable with.
+
+  [1] http://code.google.com/p/googletest/downloads/list
+
+Once the package is downloaded, expand it using whichever tools you
+prefer for that type.  This will result in a new directory with the
+name "gtest-X.Y.Z" which contains all of the source code.  Here are
+some examples on Linux:
+
+  tar -xvzf gtest-X.Y.Z.tar.gz
+  tar -xvjf gtest-X.Y.Z.tar.bz2
+  unzip gtest-X.Y.Z.zip
+
+### SVN Checkout ###
+
+To check out the main branch (also known as the "trunk") of Google
+Test, run the following Subversion command:
+
+  svn checkout http://googletest.googlecode.com/svn/trunk/ gtest-svn
+
+Setting up the Build
+--------------------
+
+To build Google Test and your tests that use it, you need to tell your
+build system where to find its headers and source files.  The exact
+way to do it depends on which build system you use, and is usually
+straightforward.
+
+### Generic Build Instructions ###
+
+Suppose you put Google Test in directory ${GTEST_DIR}.  To build it,
+create a library build target (or a project as called by Visual Studio
+and Xcode) to compile
+
+  ${GTEST_DIR}/src/gtest-all.cc
+
+with ${GTEST_DIR}/include in the system header search path and ${GTEST_DIR}
+in the normal header search path.  Assuming a Linux-like system and gcc,
+something like the following will do:
+
+  g++ -isystem ${GTEST_DIR}/include -I${GTEST_DIR} \
+      -pthread -c ${GTEST_DIR}/src/gtest-all.cc
+  ar -rv libgtest.a gtest-all.o
+
+(We need -pthread as Google Test uses threads.)
+
+Next, you should compile your test source file with
+${GTEST_DIR}/include in the system header search path, and link it
+with gtest and any other necessary libraries:
+
+  g++ -isystem ${GTEST_DIR}/include -pthread path/to/your_test.cc libgtest.a \
+      -o your_test
+
+As an example, the make/ directory contains a Makefile that you can
+use to build Google Test on systems where GNU make is available
+(e.g. Linux, Mac OS X, and Cygwin).  It doesn't try to build Google
+Test's own tests.  Instead, it just builds the Google Test library and
+a sample test.  You can use it as a starting point for your own build
+script.
+
+If the default settings are correct for your environment, the
+following commands should succeed:
+
+  cd ${GTEST_DIR}/make
+  make
+  ./sample1_unittest
+
+If you see errors, try to tweak the contents of make/Makefile to make
+them go away.  There are instructions in make/Makefile on how to do
+it.
+
+### Using CMake ###
+
+Google Test comes with a CMake build script (CMakeLists.txt) that can
+be used on a wide range of platforms ("C" stands for cross-platform.).
+If you don't have CMake installed already, you can download it for
+free from http://www.cmake.org/.
+
+CMake works by generating native makefiles or build projects that can
+be used in the compiler environment of your choice.  The typical
+workflow starts with:
+
+  mkdir mybuild       # Create a directory to hold the build output.
+  cd mybuild
+  cmake ${GTEST_DIR}  # Generate native build scripts.
+
+If you want to build Google Test's samples, you should replace the
+last command with
+
+  cmake -Dgtest_build_samples=ON ${GTEST_DIR}
+
+If you are on a *nix system, you should now see a Makefile in the
+current directory.  Just type 'make' to build gtest.
+
+If you use Windows and have Visual Studio installed, a gtest.sln file
+and several .vcproj files will be created.  You can then build them
+using Visual Studio.
+
+On Mac OS X with Xcode installed, a .xcodeproj file will be generated.
+
+### Legacy Build Scripts ###
+
+Before settling on CMake, we have been providing hand-maintained build
+projects/scripts for Visual Studio, Xcode, and Autotools.  While we
+continue to provide them for convenience, they are not actively
+maintained any more.  We highly recommend that you follow the
+instructions in the previous two sections to integrate Google Test
+with your existing build system.
+
+If you still need to use the legacy build scripts, here's how:
+
+The msvc\ folder contains two solutions with Visual C++ projects.
+Open the gtest.sln or gtest-md.sln file using Visual Studio, and you
+are ready to build Google Test the same way you build any Visual
+Studio project.  Files that have names ending with -md use DLL
+versions of Microsoft runtime libraries (the /MD or the /MDd compiler
+option).  Files without that suffix use static versions of the runtime
+libraries (the /MT or the /MTd option).  Please note that one must use
+the same option to compile both gtest and the test code.  If you use
+Visual Studio 2005 or above, we recommend the -md version as /MD is
+the default for new projects in these versions of Visual Studio.
+
+On Mac OS X, open the gtest.xcodeproj in the xcode/ folder using
+Xcode.  Build the "gtest" target.  The universal binary framework will
+end up in your selected build directory (selected in the Xcode
+"Preferences..." -> "Building" pane and defaults to xcode/build).
+Alternatively, at the command line, enter:
+
+  xcodebuild
+
+This will build the "Release" configuration of gtest.framework in your
+default build location.  See the "xcodebuild" man page for more
+information about building different configurations and building in
+different locations.
+
+If you wish to use the Google Test Xcode project with Xcode 4.x and
+above, you need to either:
+ * update the SDK configuration options in xcode/Config/General.xconfig.
+   Comment options SDKROOT, MACOS_DEPLOYMENT_TARGET, and GCC_VERSION. If
+   you choose this route you lose the ability to target earlier versions
+   of MacOS X.
+ * Install an SDK for an earlier version. This doesn't appear to be
+   supported by Apple, but has been reported to work
+   (http://stackoverflow.com/questions/5378518).
+
+Tweaking Google Test
+--------------------
+
+Google Test can be used in diverse environments.  The default
+configuration may not work (or may not work well) out of the box in
+some environments.  However, you can easily tweak Google Test by
+defining control macros on the compiler command line.  Generally,
+these macros are named like GTEST_XYZ and you define them to either 1
+or 0 to enable or disable a certain feature.
+
+We list the most frequently used macros below.  For a complete list,
+see file include/gtest/internal/gtest-port.h.
+
+### Choosing a TR1 Tuple Library ###
+
+Some Google Test features require the C++ Technical Report 1 (TR1)
+tuple library, which is not yet available with all compilers.  The
+good news is that Google Test implements a subset of TR1 tuple that's
+enough for its own need, and will automatically use this when the
+compiler doesn't provide TR1 tuple.
+
+Usually you don't need to care about which tuple library Google Test
+uses.  However, if your project already uses TR1 tuple, you need to
+tell Google Test to use the same TR1 tuple library the rest of your
+project uses, or the two tuple implementations will clash.  To do
+that, add
+
+  -DGTEST_USE_OWN_TR1_TUPLE=0
+
+to the compiler flags while compiling Google Test and your tests.  If
+you want to force Google Test to use its own tuple library, just add
+
+  -DGTEST_USE_OWN_TR1_TUPLE=1
+
+to the compiler flags instead.
+
+If you don't want Google Test to use tuple at all, add
+
+  -DGTEST_HAS_TR1_TUPLE=0
+
+and all features using tuple will be disabled.
+
+### Multi-threaded Tests ###
+
+Google Test is thread-safe where the pthread library is available.
+After #include "gtest/gtest.h", you can check the GTEST_IS_THREADSAFE
+macro to see whether this is the case (yes if the macro is #defined to
+1, no if it's undefined.).
+
+If Google Test doesn't correctly detect whether pthread is available
+in your environment, you can force it with
+
+  -DGTEST_HAS_PTHREAD=1
+
+or
+
+  -DGTEST_HAS_PTHREAD=0
+
+When Google Test uses pthread, you may need to add flags to your
+compiler and/or linker to select the pthread library, or you'll get
+link errors.  If you use the CMake script or the deprecated Autotools
+script, this is taken care of for you.  If you use your own build
+script, you'll need to read your compiler and linker's manual to
+figure out what flags to add.
+
+### As a Shared Library (DLL) ###
+
+Google Test is compact, so most users can build and link it as a
+static library for the simplicity.  You can choose to use Google Test
+as a shared library (known as a DLL on Windows) if you prefer.
+
+To compile *gtest* as a shared library, add
+
+  -DGTEST_CREATE_SHARED_LIBRARY=1
+
+to the compiler flags.  You'll also need to tell the linker to produce
+a shared library instead - consult your linker's manual for how to do
+it.
+
+To compile your *tests* that use the gtest shared library, add
+
+  -DGTEST_LINKED_AS_SHARED_LIBRARY=1
+
+to the compiler flags.
+
+Note: while the above steps aren't technically necessary today when
+using some compilers (e.g. GCC), they may become necessary in the
+future, if we decide to improve the speed of loading the library (see
+http://gcc.gnu.org/wiki/Visibility for details).  Therefore you are
+recommended to always add the above flags when using Google Test as a
+shared library.  Otherwise a future release of Google Test may break
+your build script.
+
+### Avoiding Macro Name Clashes ###
+
+In C++, macros don't obey namespaces.  Therefore two libraries that
+both define a macro of the same name will clash if you #include both
+definitions.  In case a Google Test macro clashes with another
+library, you can force Google Test to rename its macro to avoid the
+conflict.
+
+Specifically, if both Google Test and some other code define macro
+FOO, you can add
+
+  -DGTEST_DONT_DEFINE_FOO=1
+
+to the compiler flags to tell Google Test to change the macro's name
+from FOO to GTEST_FOO.  Currently FOO can be FAIL, SUCCEED, or TEST.
+For example, with -DGTEST_DONT_DEFINE_TEST=1, you'll need to write
+
+  GTEST_TEST(SomeTest, DoesThis) { ... }
+
+instead of
+
+  TEST(SomeTest, DoesThis) { ... }
+
+in order to define a test.
+
+Upgrating from an Earlier Version
+---------------------------------
+
+We strive to keep Google Test releases backward compatible.
+Sometimes, though, we have to make some breaking changes for the
+users' long-term benefits.  This section describes what you'll need to
+do if you are upgrading from an earlier version of Google Test.
+
+### Upgrading from 1.3.0 or Earlier ###
+
+You may need to explicitly enable or disable Google Test's own TR1
+tuple library.  See the instructions in section "Choosing a TR1 Tuple
+Library".
+
+### Upgrading from 1.4.0 or Earlier ###
+
+The Autotools build script (configure + make) is no longer officially
+supportted.  You are encouraged to migrate to your own build system or
+use CMake.  If you still need to use Autotools, you can find
+instructions in the README file from Google Test 1.4.0.
+
+On platforms where the pthread library is available, Google Test uses
+it in order to be thread-safe.  See the "Multi-threaded Tests" section
+for what this means to your build script.
+
+If you use Microsoft Visual C++ 7.1 with exceptions disabled, Google
+Test will no longer compile.  This should affect very few people, as a
+large portion of STL (including <string>) doesn't compile in this mode
+anyway.  We decided to stop supporting it in order to greatly simplify
+Google Test's implementation.
+
+Developing Google Test
+----------------------
+
+This section discusses how to make your own changes to Google Test.
+
+### Testing Google Test Itself ###
+
+To make sure your changes work as intended and don't break existing
+functionality, you'll want to compile and run Google Test's own tests.
+For that you can use CMake:
+
+  mkdir mybuild
+  cd mybuild
+  cmake -Dgtest_build_tests=ON ${GTEST_DIR}
+
+Make sure you have Python installed, as some of Google Test's tests
+are written in Python.  If the cmake command complains about not being
+able to find Python ("Could NOT find PythonInterp (missing:
+PYTHON_EXECUTABLE)"), try telling it explicitly where your Python
+executable can be found:
+
+  cmake -DPYTHON_EXECUTABLE=path/to/python -Dgtest_build_tests=ON ${GTEST_DIR}
+
+Next, you can build Google Test and all of its own tests.  On *nix,
+this is usually done by 'make'.  To run the tests, do
+
+  make test
+
+All tests should pass.
+
+### Regenerating Source Files ###
+
+Some of Google Test's source files are generated from templates (not
+in the C++ sense) using a script.  A template file is named FOO.pump,
+where FOO is the name of the file it will generate.  For example, the
+file include/gtest/internal/gtest-type-util.h.pump is used to generate
+gtest-type-util.h in the same directory.
+
+Normally you don't need to worry about regenerating the source files,
+unless you need to modify them.  In that case, you should modify the
+corresponding .pump files instead and run the pump.py Python script to
+regenerate them.  You can find pump.py in the scripts/ directory.
+Read the Pump manual [2] for how to use it.
+
+  [2] http://code.google.com/p/googletest/wiki/PumpManual
+
+### Contributing a Patch ###
+
+We welcome patches.  Please read the Google Test developer's guide [3]
+for how you can contribute.  In particular, make sure you have signed
+the Contributor License Agreement, or we won't be able to accept the
+patch.
+
+  [3] http://code.google.com/p/googletest/wiki/GoogleTestDevGuide
+
+Happy testing!
diff --git a/nss/gtests/google_test/gtest/build-aux/.keep b/nss/gtests/google_test/gtest/build-aux/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/nss/gtests/google_test/gtest/cmake/internal_utils.cmake b/nss/gtests/google_test/gtest/cmake/internal_utils.cmake
new file mode 100644
index 0000000..93e6dbb
--- /dev/null
+++ b/nss/gtests/google_test/gtest/cmake/internal_utils.cmake
@@ -0,0 +1,242 @@
+# Defines functions and macros useful for building Google Test and
+# Google Mock.
+#
+# Note:
+#
+# - This file will be run twice when building Google Mock (once via
+#   Google Test's CMakeLists.txt, and once via Google Mock's).
+#   Therefore it shouldn't have any side effects other than defining
+#   the functions and macros.
+#
+# - The functions/macros defined in this file may depend on Google
+#   Test and Google Mock's option() definitions, and thus must be
+#   called *after* the options have been defined.
+
+# Tweaks CMake's default compiler/linker settings to suit Google Test's needs.
+#
+# This must be a macro(), as inside a function string() can only
+# update variables in the function scope.
+macro(fix_default_compiler_settings_)
+  if (MSVC)
+    # For MSVC, CMake sets certain flags to defaults we want to override.
+    # This replacement code is taken from sample in the CMake Wiki at
+    # http://www.cmake.org/Wiki/CMake_FAQ#Dynamic_Replace.
+    foreach (flag_var
+             CMAKE_CXX_FLAGS CMAKE_CXX_FLAGS_DEBUG CMAKE_CXX_FLAGS_RELEASE
+             CMAKE_CXX_FLAGS_MINSIZEREL CMAKE_CXX_FLAGS_RELWITHDEBINFO)
+      if (NOT BUILD_SHARED_LIBS AND NOT gtest_force_shared_crt)
+        # When Google Test is built as a shared library, it should also use
+        # shared runtime libraries.  Otherwise, it may end up with multiple
+        # copies of runtime library data in different modules, resulting in
+        # hard-to-find crashes. When it is built as a static library, it is
+        # preferable to use CRT as static libraries, as we don't have to rely
+        # on CRT DLLs being available. CMake always defaults to using shared
+        # CRT libraries, so we override that default here.
+        string(REPLACE "/MD" "-MT" ${flag_var} "${${flag_var}}")
+      endif()
+
+      # We prefer more strict warning checking for building Google Test.
+      # Replaces /W3 with /W4 in defaults.
+      string(REPLACE "/W3" "/W4" ${flag_var} "${${flag_var}}")
+    endforeach()
+  endif()
+endmacro()
+
+# Defines the compiler/linker flags used to build Google Test and
+# Google Mock.  You can tweak these definitions to suit your need.  A
+# variable's value is empty before it's explicitly assigned to.
+macro(config_compiler_and_linker)
+  if (NOT gtest_disable_pthreads)
+    # Defines CMAKE_USE_PTHREADS_INIT and CMAKE_THREAD_LIBS_INIT.
+    find_package(Threads)
+  endif()
+
+  fix_default_compiler_settings_()
+  if (MSVC)
+    # Newlines inside flags variables break CMake's NMake generator.
+    # TODO(vladl@google.com): Add -RTCs and -RTCu to debug builds.
+    set(cxx_base_flags "-GS -W4 -WX -wd4251 -wd4275 -nologo -J -Zi")
+    if (MSVC_VERSION LESS 1400)  # 1400 is Visual Studio 2005
+      # Suppress spurious warnings MSVC 7.1 sometimes issues.
+      # Forcing value to bool.
+      set(cxx_base_flags "${cxx_base_flags} -wd4800")
+      # Copy constructor and assignment operator could not be generated.
+      set(cxx_base_flags "${cxx_base_flags} -wd4511 -wd4512")
+      # Compatibility warnings not applicable to Google Test.
+      # Resolved overload was found by argument-dependent lookup.
+      set(cxx_base_flags "${cxx_base_flags} -wd4675")
+    endif()
+    if (MSVC_VERSION LESS 1500)  # 1500 is Visual Studio 2008
+      # Conditional expression is constant.
+      # When compiling with /W4, we get several instances of C4127
+      # (Conditional expression is constant). In our code, we disable that
+      # warning on a case-by-case basis. However, on Visual Studio 2005,
+      # the warning fires on std::list. Therefore on that compiler and earlier,
+      # we disable the warning project-wide.
+      set(cxx_base_flags "${cxx_base_flags} -wd4127")
+    endif()
+    if (NOT (MSVC_VERSION LESS 1700))  # 1700 is Visual Studio 2012.
+      # Suppress "unreachable code" warning on VS 2012 and later.
+      # http://stackoverflow.com/questions/3232669 explains the issue.
+      set(cxx_base_flags "${cxx_base_flags} -wd4702")
+    endif()
+
+    set(cxx_base_flags "${cxx_base_flags} -D_UNICODE -DUNICODE -DWIN32 -D_WIN32")
+    set(cxx_base_flags "${cxx_base_flags} -DSTRICT -DWIN32_LEAN_AND_MEAN")
+    set(cxx_exception_flags "-EHsc -D_HAS_EXCEPTIONS=1")
+    set(cxx_no_exception_flags "-D_HAS_EXCEPTIONS=0")
+    set(cxx_no_rtti_flags "-GR-")
+  elseif (CMAKE_COMPILER_IS_GNUCXX)
+    set(cxx_base_flags "-Wall -Wshadow")
+    set(cxx_exception_flags "-fexceptions")
+    set(cxx_no_exception_flags "-fno-exceptions")
+    # Until version 4.3.2, GCC doesn't define a macro to indicate
+    # whether RTTI is enabled.  Therefore we define GTEST_HAS_RTTI
+    # explicitly.
+    set(cxx_no_rtti_flags "-fno-rtti -DGTEST_HAS_RTTI=0")
+    set(cxx_strict_flags
+      "-Wextra -Wno-unused-parameter -Wno-missing-field-initializers")
+  elseif (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro")
+    set(cxx_exception_flags "-features=except")
+    # Sun Pro doesn't provide macros to indicate whether exceptions and
+    # RTTI are enabled, so we define GTEST_HAS_* explicitly.
+    set(cxx_no_exception_flags "-features=no%except -DGTEST_HAS_EXCEPTIONS=0")
+    set(cxx_no_rtti_flags "-features=no%rtti -DGTEST_HAS_RTTI=0")
+  elseif (CMAKE_CXX_COMPILER_ID STREQUAL "VisualAge" OR
+      CMAKE_CXX_COMPILER_ID STREQUAL "XL")
+    # CMake 2.8 changes Visual Age's compiler ID to "XL".
+    set(cxx_exception_flags "-qeh")
+    set(cxx_no_exception_flags "-qnoeh")
+    # Until version 9.0, Visual Age doesn't define a macro to indicate
+    # whether RTTI is enabled.  Therefore we define GTEST_HAS_RTTI
+    # explicitly.
+    set(cxx_no_rtti_flags "-qnortti -DGTEST_HAS_RTTI=0")
+  elseif (CMAKE_CXX_COMPILER_ID STREQUAL "HP")
+    set(cxx_base_flags "-AA -mt")
+    set(cxx_exception_flags "-DGTEST_HAS_EXCEPTIONS=1")
+    set(cxx_no_exception_flags "+noeh -DGTEST_HAS_EXCEPTIONS=0")
+    # RTTI can not be disabled in HP aCC compiler.
+    set(cxx_no_rtti_flags "")
+  endif()
+
+  if (CMAKE_USE_PTHREADS_INIT)  # The pthreads library is available and allowed.
+    set(cxx_base_flags "${cxx_base_flags} -DGTEST_HAS_PTHREAD=1")
+  else()
+    set(cxx_base_flags "${cxx_base_flags} -DGTEST_HAS_PTHREAD=0")
+  endif()
+
+  # For building gtest's own tests and samples.
+  set(cxx_exception "${CMAKE_CXX_FLAGS} ${cxx_base_flags} ${cxx_exception_flags}")
+  set(cxx_no_exception
+    "${CMAKE_CXX_FLAGS} ${cxx_base_flags} ${cxx_no_exception_flags}")
+  set(cxx_default "${cxx_exception}")
+  set(cxx_no_rtti "${cxx_default} ${cxx_no_rtti_flags}")
+  set(cxx_use_own_tuple "${cxx_default} -DGTEST_USE_OWN_TR1_TUPLE=1")
+
+  # For building the gtest libraries.
+  set(cxx_strict "${cxx_default} ${cxx_strict_flags}")
+endmacro()
+
+# Defines the gtest & gtest_main libraries.  User tests should link
+# with one of them.
+function(cxx_library_with_type name type cxx_flags)
+  # type can be either STATIC or SHARED to denote a static or shared library.
+  # ARGN refers to additional arguments after 'cxx_flags'.
+  add_library(${name} ${type} ${ARGN})
+  set_target_properties(${name}
+    PROPERTIES
+    COMPILE_FLAGS "${cxx_flags}")
+  if (BUILD_SHARED_LIBS OR type STREQUAL "SHARED")
+    set_target_properties(${name}
+      PROPERTIES
+      COMPILE_DEFINITIONS "GTEST_CREATE_SHARED_LIBRARY=1")
+  endif()
+  if (CMAKE_USE_PTHREADS_INIT)
+    target_link_libraries(${name} ${CMAKE_THREAD_LIBS_INIT})
+  endif()
+endfunction()
+
+########################################################################
+#
+# Helper functions for creating build targets.
+
+function(cxx_shared_library name cxx_flags)
+  cxx_library_with_type(${name} SHARED "${cxx_flags}" ${ARGN})
+endfunction()
+
+function(cxx_library name cxx_flags)
+  cxx_library_with_type(${name} "" "${cxx_flags}" ${ARGN})
+endfunction()
+
+# cxx_executable_with_flags(name cxx_flags libs srcs...)
+#
+# creates a named C++ executable that depends on the given libraries and
+# is built from the given source files with the given compiler flags.
+function(cxx_executable_with_flags name cxx_flags libs)
+  add_executable(${name} ${ARGN})
+  if (cxx_flags)
+    set_target_properties(${name}
+      PROPERTIES
+      COMPILE_FLAGS "${cxx_flags}")
+  endif()
+  if (BUILD_SHARED_LIBS)
+    set_target_properties(${name}
+      PROPERTIES
+      COMPILE_DEFINITIONS "GTEST_LINKED_AS_SHARED_LIBRARY=1")
+  endif()
+  # To support mixing linking in static and dynamic libraries, link each
+  # library in with an extra call to target_link_libraries.
+  foreach (lib "${libs}")
+    target_link_libraries(${name} ${lib})
+  endforeach()
+endfunction()
+
+# cxx_executable(name dir lib srcs...)
+#
+# creates a named target that depends on the given libs and is built
+# from the given source files.  dir/name.cc is implicitly included in
+# the source file list.
+function(cxx_executable name dir libs)
+  cxx_executable_with_flags(
+    ${name} "${cxx_default}" "${libs}" "${dir}/${name}.cc" ${ARGN})
+endfunction()
+
+# Sets PYTHONINTERP_FOUND and PYTHON_EXECUTABLE.
+find_package(PythonInterp)
+
+# cxx_test_with_flags(name cxx_flags libs srcs...)
+#
+# creates a named C++ test that depends on the given libs and is built
+# from the given source files with the given compiler flags.
+function(cxx_test_with_flags name cxx_flags libs)
+  cxx_executable_with_flags(${name} "${cxx_flags}" "${libs}" ${ARGN})
+  add_test(${name} ${name})
+endfunction()
+
+# cxx_test(name libs srcs...)
+#
+# creates a named test target that depends on the given libs and is
+# built from the given source files.  Unlike cxx_test_with_flags,
+# test/name.cc is already implicitly included in the source file list.
+function(cxx_test name libs)
+  cxx_test_with_flags("${name}" "${cxx_default}" "${libs}"
+    "test/${name}.cc" ${ARGN})
+endfunction()
+
+# py_test(name)
+#
+# creates a Python test with the given name whose main module is in
+# test/name.py.  It does nothing if Python is not installed.
+function(py_test name)
+  # We are not supporting Python tests on Linux yet as they consider
+  # all Linux environments to be google3 and try to use google3 features.
+  if (PYTHONINTERP_FOUND)
+    # ${CMAKE_BINARY_DIR} is known at configuration time, so we can
+    # directly bind it from cmake. ${CTEST_CONFIGURATION_TYPE} is known
+    # only at ctest runtime (by calling ctest -c <Configuration>), so
+    # we have to escape $ to delay variable substitution here.
+    add_test(${name}
+      ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/test/${name}.py
+          --build_dir=${CMAKE_CURRENT_BINARY_DIR}/\${CTEST_CONFIGURATION_TYPE})
+  endif()
+endfunction()
diff --git a/nss/gtests/google_test/gtest/codegear/gtest.cbproj b/nss/gtests/google_test/gtest/codegear/gtest.cbproj
new file mode 100644
index 0000000..95c3054
--- /dev/null
+++ b/nss/gtests/google_test/gtest/codegear/gtest.cbproj
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{bca37a72-5b07-46cf-b44e-89f8e06451a2}</ProjectGuid>
+    <Config Condition="'$(Config)'==''">Release</Config>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Base' or '$(Base)'!=''">
+    <Base>true</Base>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Debug' or '$(Cfg_1)'!=''">
+    <Base>true</Base>
+    <Cfg_1>true</Cfg_1>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Release' or '$(Cfg_2)'!=''">
+    <Base>true</Base>
+    <Cfg_2>true</Cfg_2>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Base)'!=''">
+    <BCC_OptimizeForSpeed>true</BCC_OptimizeForSpeed>
+    <OutputExt>lib</OutputExt>
+    <DCC_CBuilderOutput>JPHNE</DCC_CBuilderOutput>
+    <Defines>NO_STRICT</Defines>
+    <DynamicRTL>true</DynamicRTL>
+    <UsePackages>true</UsePackages>
+    <ProjectType>CppStaticLibrary</ProjectType>
+    <BCC_CPPCompileAlways>true</BCC_CPPCompileAlways>
+    <PackageImports>rtl.bpi;vcl.bpi;bcbie.bpi;vclx.bpi;vclactnband.bpi;xmlrtl.bpi;bcbsmp.bpi;dbrtl.bpi;vcldb.bpi;bdertl.bpi;vcldbx.bpi;dsnap.bpi;dsnapcon.bpi;vclib.bpi;ibxpress.bpi;adortl.bpi;dbxcds.bpi;dbexpress.bpi;DbxCommonDriver.bpi;websnap.bpi;vclie.bpi;webdsnap.bpi;inet.bpi;inetdbbde.bpi;inetdbxpress.bpi;soaprtl.bpi;Rave75VCL.bpi;teeUI.bpi;tee.bpi;teedb.bpi;IndyCore.bpi;IndySystem.bpi;IndyProtocols.bpi;IntrawebDB_90_100.bpi;Intraweb_90_100.bpi;dclZipForged11.bpi;vclZipForged11.bpi;GR32_BDS2006.bpi;GR32_DSGN_BDS2006.bpi;Jcl.bpi;JclVcl.bpi;JvCoreD11R.bpi;JvSystemD11R.bpi;JvStdCtrlsD11R.bpi;JvAppFrmD11R.bpi;JvBandsD11R.bpi;JvDBD11R.bpi;JvDlgsD11R.bpi;JvBDED11R.bpi;JvCmpD11R.bpi;JvCryptD11R.bpi;JvCtrlsD11R.bpi;JvCustomD11R.bpi;JvDockingD11R.bpi;JvDotNetCtrlsD11R.bpi;JvEDID11R.bpi;JvGlobusD11R.bpi;JvHMID11R.bpi;JvInterpreterD11R.bpi;JvJansD11R.bpi;JvManagedThreadsD11R.bpi;JvMMD11R.bpi;JvNetD11R.bpi;JvPageCompsD11R.bpi;JvPluginD11R.bpi;JvPrintPreviewD11R.bpi;JvRuntimeDesignD11R.bpi;JvTimeFrameworkD11R.bpi;JvValidatorsD11R.bpi;JvWizardD11R.bpi;JvXPCtrlsD11R.bpi;VclSmp.bpi;CExceptionExpert11.bpi</PackageImports>
+    <BCC_wpar>false</BCC_wpar>
+    <IncludePath>$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</IncludePath>
+    <AllPackageLibs>rtl.lib;vcl.lib</AllPackageLibs>
+    <TLIB_PageSize>32</TLIB_PageSize>
+    <ILINK_LibraryPath>$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</ILINK_LibraryPath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_1)'!=''">
+    <BCC_OptimizeForSpeed>false</BCC_OptimizeForSpeed>
+    <DCC_Optimize>false</DCC_Optimize>
+    <DCC_DebugInfoInExe>true</DCC_DebugInfoInExe>
+    <Defines>_DEBUG;$(Defines)</Defines>
+    <ILINK_FullDebugInfo>true</ILINK_FullDebugInfo>
+    <BCC_InlineFunctionExpansion>false</BCC_InlineFunctionExpansion>
+    <ILINK_DisableIncrementalLinking>true</ILINK_DisableIncrementalLinking>
+    <BCC_UseRegisterVariables>None</BCC_UseRegisterVariables>
+    <DCC_Define>DEBUG</DCC_Define>
+    <BCC_DebugLineNumbers>true</BCC_DebugLineNumbers>
+    <IntermediateOutputDir>Debug</IntermediateOutputDir>
+    <TASM_DisplaySourceLines>true</TASM_DisplaySourceLines>
+    <BCC_StackFrames>true</BCC_StackFrames>
+    <BCC_DisableOptimizations>true</BCC_DisableOptimizations>
+    <ILINK_LibraryPath>$(BDS)\lib\debug;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>Full</TASM_Debugging>
+    <BCC_SourceDebuggingOn>true</BCC_SourceDebuggingOn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_2)'!=''">
+    <Defines>NDEBUG;$(Defines)</Defines>
+    <IntermediateOutputDir>Release</IntermediateOutputDir>
+    <ILINK_LibraryPath>$(BDS)\lib\release;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>None</TASM_Debugging>
+  </PropertyGroup>
+  <ProjectExtensions>
+    <Borland.Personality>CPlusPlusBuilder.Personality</Borland.Personality>
+    <Borland.ProjectType>CppStaticLibrary</Borland.ProjectType>
+    <BorlandProject>
+<BorlandProject><CPlusPlusBuilder.Personality><VersionInfo><VersionInfo Name="IncludeVerInfo">False</VersionInfo><VersionInfo Name="AutoIncBuild">False</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">0</VersionInfo><VersionInfo Name="Build">0</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1033</VersionInfo><VersionInfo Name="CodePage">1252</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName"></VersionInfoKeys><VersionInfoKeys Name="FileDescription"></VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Debugging><Debugging Name="DebugSourceDirs"></Debugging></Debugging><Parameters><Parameters Name="RunParams"></Parameters><Parameters Name="Launcher"></Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="DebugCWD"></Parameters><Parameters Name="HostApplication"></Parameters><Parameters Name="RemoteHost"></Parameters><Parameters Name="RemotePath"></Parameters><Parameters Name="RemoteParams"></Parameters><Parameters Name="RemoteLauncher"></Parameters><Parameters Name="UseRemoteLauncher">False</Parameters><Parameters Name="RemoteCWD"></Parameters><Parameters Name="RemoteDebug">False</Parameters><Parameters Name="Debug Symbols Search Path"></Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><Excluded_Packages>
+      
+      
+      <Excluded_Packages Name="$(BDS)\bin\bcboffice2k100.bpl">CodeGear C++Builder Office 2000 Servers Package</Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcbofficexp100.bpl">CodeGear C++Builder Office XP Servers Package</Excluded_Packages>
+    </Excluded_Packages><Linker><Linker Name="LibPrefix"></Linker><Linker Name="LibSuffix"></Linker><Linker Name="LibVersion"></Linker></Linker><ProjectProperties><ProjectProperties Name="AutoShowDeps">False</ProjectProperties><ProjectProperties Name="ManagePaths">True</ProjectProperties><ProjectProperties Name="VerifyPackages">True</ProjectProperties></ProjectProperties><HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Count">3</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item0">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item1">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item2">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\src;..\include</HistoryLists_hlIncludePath></HistoryLists_hlIncludePath><HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Count">1</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item0">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</HistoryLists_hlILINK_LibraryPath></HistoryLists_hlILINK_LibraryPath><HistoryLists_hlDefines><HistoryLists_hlDefines Name="Count">1</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item0">NO_STRICT</HistoryLists_hlDefines></HistoryLists_hlDefines><HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Count">1</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item0">32</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item1">16</HistoryLists_hlTLIB_PageSize></HistoryLists_hlTLIB_PageSize></CPlusPlusBuilder.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Import Project="$(MSBuildBinPath)\Borland.Cpp.Targets" />
+  <ItemGroup>
+    <None Include="..\include\gtest\gtest-death-test.h">
+      <BuildOrder>3</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-message.h">
+      <BuildOrder>4</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-param-test.h">
+      <BuildOrder>5</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-spi.h">
+      <BuildOrder>6</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-test-part.h">
+      <BuildOrder>7</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest-typed-test.h">
+      <BuildOrder>8</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest.h">
+      <BuildOrder>0</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest_pred_impl.h">
+      <BuildOrder>1</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\gtest_prod.h">
+      <BuildOrder>2</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-death-test-internal.h">
+      <BuildOrder>9</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-filepath.h">
+      <BuildOrder>10</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-internal.h">
+      <BuildOrder>11</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-linked_ptr.h">
+      <BuildOrder>12</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-param-util-generated.h">
+      <BuildOrder>14</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-param-util.h">
+      <BuildOrder>13</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-port.h">
+      <BuildOrder>15</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-string.h">
+      <BuildOrder>16</BuildOrder>
+    </None>
+    <None Include="..\include\gtest\internal\gtest-type-util.h">
+      <BuildOrder>17</BuildOrder>
+    </None>
+    <CppCompile Include="gtest_all.cc">
+      <BuildOrder>18</BuildOrder>
+    </CppCompile>
+    <BuildConfiguration Include="Debug">
+      <Key>Cfg_1</Key>
+    </BuildConfiguration>
+    <BuildConfiguration Include="Release">
+      <Key>Cfg_2</Key>
+    </BuildConfiguration>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/nss/gtests/google_test/gtest/codegear/gtest.groupproj b/nss/gtests/google_test/gtest/codegear/gtest.groupproj
new file mode 100644
index 0000000..faf31ca
--- /dev/null
+++ b/nss/gtests/google_test/gtest/codegear/gtest.groupproj
@@ -0,0 +1,54 @@
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{c1d923e0-6cba-4332-9b6f-3420acbf5091}</ProjectGuid>
+  </PropertyGroup>
+  <ItemGroup />
+  <ItemGroup>
+    <Projects Include="gtest.cbproj" />
+    <Projects Include="gtest_main.cbproj" />
+    <Projects Include="gtest_unittest.cbproj" />
+  </ItemGroup>
+  <ProjectExtensions>
+    <Borland.Personality>Default.Personality</Borland.Personality>
+    <Borland.ProjectType />
+    <BorlandProject>
+<BorlandProject xmlns=""><Default.Personality></Default.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Target Name="gtest">
+    <MSBuild Projects="gtest.cbproj" Targets="" />
+  </Target>
+  <Target Name="gtest:Clean">
+    <MSBuild Projects="gtest.cbproj" Targets="Clean" />
+  </Target>
+  <Target Name="gtest:Make">
+    <MSBuild Projects="gtest.cbproj" Targets="Make" />
+  </Target>
+  <Target Name="gtest_main">
+    <MSBuild Projects="gtest_main.cbproj" Targets="" />
+  </Target>
+  <Target Name="gtest_main:Clean">
+    <MSBuild Projects="gtest_main.cbproj" Targets="Clean" />
+  </Target>
+  <Target Name="gtest_main:Make">
+    <MSBuild Projects="gtest_main.cbproj" Targets="Make" />
+  </Target>
+  <Target Name="gtest_unittest">
+    <MSBuild Projects="gtest_unittest.cbproj" Targets="" />
+  </Target>
+  <Target Name="gtest_unittest:Clean">
+    <MSBuild Projects="gtest_unittest.cbproj" Targets="Clean" />
+  </Target>
+  <Target Name="gtest_unittest:Make">
+    <MSBuild Projects="gtest_unittest.cbproj" Targets="Make" />
+  </Target>
+  <Target Name="Build">
+    <CallTarget Targets="gtest;gtest_main;gtest_unittest" />
+  </Target>
+  <Target Name="Clean">
+    <CallTarget Targets="gtest:Clean;gtest_main:Clean;gtest_unittest:Clean" />
+  </Target>
+  <Target Name="Make">
+    <CallTarget Targets="gtest:Make;gtest_main:Make;gtest_unittest:Make" />
+  </Target>
+  <Import Condition="Exists('$(MSBuildBinPath)\Borland.Group.Targets')" Project="$(MSBuildBinPath)\Borland.Group.Targets" />
+</Project>
\ No newline at end of file
diff --git a/nss/gtests/google_test/gtest/codegear/gtest_all.cc b/nss/gtests/google_test/gtest/codegear/gtest_all.cc
new file mode 100644
index 0000000..121b2d8
--- /dev/null
+++ b/nss/gtests/google_test/gtest/codegear/gtest_all.cc
@@ -0,0 +1,38 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Josh Kelley (joshkel@gmail.com)
+//
+// Google C++ Testing Framework (Google Test)
+//
+// C++Builder's IDE cannot build a static library from files with hyphens
+// in their name.  See http://qc.codegear.com/wc/qcmain.aspx?d=70977 .
+// This file serves as a workaround.
+
+#include "src/gtest-all.cc"
diff --git a/nss/gtests/google_test/gtest/codegear/gtest_link.cc b/nss/gtests/google_test/gtest/codegear/gtest_link.cc
new file mode 100644
index 0000000..918eccd
--- /dev/null
+++ b/nss/gtests/google_test/gtest/codegear/gtest_link.cc
@@ -0,0 +1,40 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: Josh Kelley (joshkel@gmail.com)
+//
+// Google C++ Testing Framework (Google Test)
+//
+// Links gtest.lib and gtest_main.lib into the current project in C++Builder.
+// This means that these libraries can't be renamed, but it's the only way to
+// ensure that Debug versus Release test builds are linked against the
+// appropriate Debug or Release build of the libraries.
+
+#pragma link "gtest.lib"
+#pragma link "gtest_main.lib"
diff --git a/nss/gtests/google_test/gtest/codegear/gtest_main.cbproj b/nss/gtests/google_test/gtest/codegear/gtest_main.cbproj
new file mode 100644
index 0000000..d76ce13
--- /dev/null
+++ b/nss/gtests/google_test/gtest/codegear/gtest_main.cbproj
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{bca37a72-5b07-46cf-b44e-89f8e06451a2}</ProjectGuid>
+    <Config Condition="'$(Config)'==''">Release</Config>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Base' or '$(Base)'!=''">
+    <Base>true</Base>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Debug' or '$(Cfg_1)'!=''">
+    <Base>true</Base>
+    <Cfg_1>true</Cfg_1>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Release' or '$(Cfg_2)'!=''">
+    <Base>true</Base>
+    <Cfg_2>true</Cfg_2>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Base)'!=''">
+    <BCC_OptimizeForSpeed>true</BCC_OptimizeForSpeed>
+    <OutputExt>lib</OutputExt>
+    <DCC_CBuilderOutput>JPHNE</DCC_CBuilderOutput>
+    <Defines>NO_STRICT</Defines>
+    <DynamicRTL>true</DynamicRTL>
+    <UsePackages>true</UsePackages>
+    <ProjectType>CppStaticLibrary</ProjectType>
+    <BCC_CPPCompileAlways>true</BCC_CPPCompileAlways>
+    <PackageImports>rtl.bpi;vcl.bpi;bcbie.bpi;vclx.bpi;vclactnband.bpi;xmlrtl.bpi;bcbsmp.bpi;dbrtl.bpi;vcldb.bpi;bdertl.bpi;vcldbx.bpi;dsnap.bpi;dsnapcon.bpi;vclib.bpi;ibxpress.bpi;adortl.bpi;dbxcds.bpi;dbexpress.bpi;DbxCommonDriver.bpi;websnap.bpi;vclie.bpi;webdsnap.bpi;inet.bpi;inetdbbde.bpi;inetdbxpress.bpi;soaprtl.bpi;Rave75VCL.bpi;teeUI.bpi;tee.bpi;teedb.bpi;IndyCore.bpi;IndySystem.bpi;IndyProtocols.bpi;IntrawebDB_90_100.bpi;Intraweb_90_100.bpi;dclZipForged11.bpi;vclZipForged11.bpi;GR32_BDS2006.bpi;GR32_DSGN_BDS2006.bpi;Jcl.bpi;JclVcl.bpi;JvCoreD11R.bpi;JvSystemD11R.bpi;JvStdCtrlsD11R.bpi;JvAppFrmD11R.bpi;JvBandsD11R.bpi;JvDBD11R.bpi;JvDlgsD11R.bpi;JvBDED11R.bpi;JvCmpD11R.bpi;JvCryptD11R.bpi;JvCtrlsD11R.bpi;JvCustomD11R.bpi;JvDockingD11R.bpi;JvDotNetCtrlsD11R.bpi;JvEDID11R.bpi;JvGlobusD11R.bpi;JvHMID11R.bpi;JvInterpreterD11R.bpi;JvJansD11R.bpi;JvManagedThreadsD11R.bpi;JvMMD11R.bpi;JvNetD11R.bpi;JvPageCompsD11R.bpi;JvPluginD11R.bpi;JvPrintPreviewD11R.bpi;JvRuntimeDesignD11R.bpi;JvTimeFrameworkD11R.bpi;JvValidatorsD11R.bpi;JvWizardD11R.bpi;JvXPCtrlsD11R.bpi;VclSmp.bpi;CExceptionExpert11.bpi</PackageImports>
+    <BCC_wpar>false</BCC_wpar>
+    <IncludePath>$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</IncludePath>
+    <AllPackageLibs>rtl.lib;vcl.lib</AllPackageLibs>
+    <TLIB_PageSize>32</TLIB_PageSize>
+    <ILINK_LibraryPath>$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</ILINK_LibraryPath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_1)'!=''">
+    <BCC_OptimizeForSpeed>false</BCC_OptimizeForSpeed>
+    <DCC_Optimize>false</DCC_Optimize>
+    <DCC_DebugInfoInExe>true</DCC_DebugInfoInExe>
+    <Defines>_DEBUG;$(Defines)</Defines>
+    <ILINK_FullDebugInfo>true</ILINK_FullDebugInfo>
+    <BCC_InlineFunctionExpansion>false</BCC_InlineFunctionExpansion>
+    <ILINK_DisableIncrementalLinking>true</ILINK_DisableIncrementalLinking>
+    <BCC_UseRegisterVariables>None</BCC_UseRegisterVariables>
+    <DCC_Define>DEBUG</DCC_Define>
+    <BCC_DebugLineNumbers>true</BCC_DebugLineNumbers>
+    <IntermediateOutputDir>Debug</IntermediateOutputDir>
+    <TASM_DisplaySourceLines>true</TASM_DisplaySourceLines>
+    <BCC_StackFrames>true</BCC_StackFrames>
+    <BCC_DisableOptimizations>true</BCC_DisableOptimizations>
+    <ILINK_LibraryPath>$(BDS)\lib\debug;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>Full</TASM_Debugging>
+    <BCC_SourceDebuggingOn>true</BCC_SourceDebuggingOn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_2)'!=''">
+    <Defines>NDEBUG;$(Defines)</Defines>
+    <IntermediateOutputDir>Release</IntermediateOutputDir>
+    <ILINK_LibraryPath>$(BDS)\lib\release;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>None</TASM_Debugging>
+  </PropertyGroup>
+  <ProjectExtensions>
+    <Borland.Personality>CPlusPlusBuilder.Personality</Borland.Personality>
+    <Borland.ProjectType>CppStaticLibrary</Borland.ProjectType>
+    <BorlandProject>
+<BorlandProject><CPlusPlusBuilder.Personality><VersionInfo><VersionInfo Name="IncludeVerInfo">False</VersionInfo><VersionInfo Name="AutoIncBuild">False</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">0</VersionInfo><VersionInfo Name="Build">0</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1033</VersionInfo><VersionInfo Name="CodePage">1252</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName"></VersionInfoKeys><VersionInfoKeys Name="FileDescription"></VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Debugging><Debugging Name="DebugSourceDirs"></Debugging></Debugging><Parameters><Parameters Name="RunParams"></Parameters><Parameters Name="Launcher"></Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="DebugCWD"></Parameters><Parameters Name="HostApplication"></Parameters><Parameters Name="RemoteHost"></Parameters><Parameters Name="RemotePath"></Parameters><Parameters Name="RemoteParams"></Parameters><Parameters Name="RemoteLauncher"></Parameters><Parameters Name="UseRemoteLauncher">False</Parameters><Parameters Name="RemoteCWD"></Parameters><Parameters Name="RemoteDebug">False</Parameters><Parameters Name="Debug Symbols Search Path"></Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcboffice2k100.bpl">CodeGear C++Builder Office 2000 Servers Package</Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcbofficexp100.bpl">CodeGear C++Builder Office XP Servers Package</Excluded_Packages>
+    </Excluded_Packages><Linker><Linker Name="LibPrefix"></Linker><Linker Name="LibSuffix"></Linker><Linker Name="LibVersion"></Linker></Linker><ProjectProperties><ProjectProperties Name="AutoShowDeps">False</ProjectProperties><ProjectProperties Name="ManagePaths">True</ProjectProperties><ProjectProperties Name="VerifyPackages">True</ProjectProperties></ProjectProperties><HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Count">3</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item0">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item1">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\include;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item2">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\src;..\src;..\include</HistoryLists_hlIncludePath></HistoryLists_hlIncludePath><HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Count">1</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item0">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk</HistoryLists_hlILINK_LibraryPath></HistoryLists_hlILINK_LibraryPath><HistoryLists_hlDefines><HistoryLists_hlDefines Name="Count">1</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item0">NO_STRICT</HistoryLists_hlDefines></HistoryLists_hlDefines><HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Count">1</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item0">32</HistoryLists_hlTLIB_PageSize><HistoryLists_hlTLIB_PageSize Name="Item1">16</HistoryLists_hlTLIB_PageSize></HistoryLists_hlTLIB_PageSize></CPlusPlusBuilder.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Import Project="$(MSBuildBinPath)\Borland.Cpp.Targets" />
+  <ItemGroup>
+    <CppCompile Include="..\src\gtest_main.cc">
+      <BuildOrder>0</BuildOrder>
+    </CppCompile>
+    <BuildConfiguration Include="Debug">
+      <Key>Cfg_1</Key>
+    </BuildConfiguration>
+    <BuildConfiguration Include="Release">
+      <Key>Cfg_2</Key>
+    </BuildConfiguration>
+  </ItemGroup>
+</Project>
diff --git a/nss/gtests/google_test/gtest/codegear/gtest_unittest.cbproj b/nss/gtests/google_test/gtest/codegear/gtest_unittest.cbproj
new file mode 100644
index 0000000..dc5db8e
--- /dev/null
+++ b/nss/gtests/google_test/gtest/codegear/gtest_unittest.cbproj
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <ProjectGuid>{eea63393-5ac5-4b9c-8909-d75fef2daa41}</ProjectGuid>
+    <Config Condition="'$(Config)'==''">Release</Config>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Base' or '$(Base)'!=''">
+    <Base>true</Base>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Debug' or '$(Cfg_1)'!=''">
+    <Base>true</Base>
+    <Cfg_1>true</Cfg_1>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Config)'=='Release' or '$(Cfg_2)'!=''">
+    <Base>true</Base>
+    <Cfg_2>true</Cfg_2>
+    <CfgParent>Base</CfgParent>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Base)'!=''">
+    <OutputExt>exe</OutputExt>
+    <BCC_OptimizeForSpeed>true</BCC_OptimizeForSpeed>
+    <Defines>NO_STRICT</Defines>
+    <DCC_CBuilderOutput>JPHNE</DCC_CBuilderOutput>
+    <DynamicRTL>true</DynamicRTL>
+    <ILINK_ObjectSearchPath>..\test</ILINK_ObjectSearchPath>
+    <UsePackages>true</UsePackages>
+    <ProjectType>CppConsoleApplication</ProjectType>
+    <NoVCL>true</NoVCL>
+    <BCC_CPPCompileAlways>true</BCC_CPPCompileAlways>
+    <PackageImports>rtl.bpi;vcl.bpi;bcbie.bpi;vclx.bpi;vclactnband.bpi;xmlrtl.bpi;bcbsmp.bpi;dbrtl.bpi;vcldb.bpi;bdertl.bpi;vcldbx.bpi;dsnap.bpi;dsnapcon.bpi;vclib.bpi;ibxpress.bpi;adortl.bpi;dbxcds.bpi;dbexpress.bpi;DbxCommonDriver.bpi;websnap.bpi;vclie.bpi;webdsnap.bpi;inet.bpi;inetdbbde.bpi;inetdbxpress.bpi;soaprtl.bpi;Rave75VCL.bpi;teeUI.bpi;tee.bpi;teedb.bpi;IndyCore.bpi;IndySystem.bpi;IndyProtocols.bpi;IntrawebDB_90_100.bpi;Intraweb_90_100.bpi;Jcl.bpi;JclVcl.bpi;JvCoreD11R.bpi;JvSystemD11R.bpi;JvStdCtrlsD11R.bpi;JvAppFrmD11R.bpi;JvBandsD11R.bpi;JvDBD11R.bpi;JvDlgsD11R.bpi;JvBDED11R.bpi;JvCmpD11R.bpi;JvCryptD11R.bpi;JvCtrlsD11R.bpi;JvCustomD11R.bpi;JvDockingD11R.bpi;JvDotNetCtrlsD11R.bpi;JvEDID11R.bpi;JvGlobusD11R.bpi;JvHMID11R.bpi;JvInterpreterD11R.bpi;JvJansD11R.bpi;JvManagedThreadsD11R.bpi;JvMMD11R.bpi;JvNetD11R.bpi;JvPageCompsD11R.bpi;JvPluginD11R.bpi;JvPrintPreviewD11R.bpi;JvRuntimeDesignD11R.bpi;JvTimeFrameworkD11R.bpi;JvValidatorsD11R.bpi;JvWizardD11R.bpi;JvXPCtrlsD11R.bpi;VclSmp.bpi</PackageImports>
+    <BCC_wpar>false</BCC_wpar>
+    <IncludePath>$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include;..\test;..</IncludePath>
+    <ILINK_LibraryPath>$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;..\test</ILINK_LibraryPath>
+    <Multithreaded>true</Multithreaded>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_1)'!=''">
+    <BCC_OptimizeForSpeed>false</BCC_OptimizeForSpeed>
+    <DCC_Optimize>false</DCC_Optimize>
+    <DCC_DebugInfoInExe>true</DCC_DebugInfoInExe>
+    <Defines>_DEBUG;$(Defines)</Defines>
+    <ILINK_FullDebugInfo>true</ILINK_FullDebugInfo>
+    <BCC_InlineFunctionExpansion>false</BCC_InlineFunctionExpansion>
+    <ILINK_DisableIncrementalLinking>true</ILINK_DisableIncrementalLinking>
+    <BCC_UseRegisterVariables>None</BCC_UseRegisterVariables>
+    <DCC_Define>DEBUG</DCC_Define>
+    <BCC_DebugLineNumbers>true</BCC_DebugLineNumbers>
+    <IntermediateOutputDir>Debug</IntermediateOutputDir>
+    <TASM_DisplaySourceLines>true</TASM_DisplaySourceLines>
+    <BCC_StackFrames>true</BCC_StackFrames>
+    <BCC_DisableOptimizations>true</BCC_DisableOptimizations>
+    <ILINK_LibraryPath>$(BDS)\lib\debug;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>Full</TASM_Debugging>
+    <BCC_SourceDebuggingOn>true</BCC_SourceDebuggingOn>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Cfg_2)'!=''">
+    <Defines>NDEBUG;$(Defines)</Defines>
+    <IntermediateOutputDir>Release</IntermediateOutputDir>
+    <ILINK_LibraryPath>$(BDS)\lib\release;$(ILINK_LibraryPath)</ILINK_LibraryPath>
+    <TASM_Debugging>None</TASM_Debugging>
+  </PropertyGroup>
+  <ProjectExtensions>
+    <Borland.Personality>CPlusPlusBuilder.Personality</Borland.Personality>
+    <Borland.ProjectType>CppConsoleApplication</Borland.ProjectType>
+    <BorlandProject>
+<BorlandProject><CPlusPlusBuilder.Personality><VersionInfo><VersionInfo Name="IncludeVerInfo">False</VersionInfo><VersionInfo Name="AutoIncBuild">False</VersionInfo><VersionInfo Name="MajorVer">1</VersionInfo><VersionInfo Name="MinorVer">0</VersionInfo><VersionInfo Name="Release">0</VersionInfo><VersionInfo Name="Build">0</VersionInfo><VersionInfo Name="Debug">False</VersionInfo><VersionInfo Name="PreRelease">False</VersionInfo><VersionInfo Name="Special">False</VersionInfo><VersionInfo Name="Private">False</VersionInfo><VersionInfo Name="DLL">False</VersionInfo><VersionInfo Name="Locale">1033</VersionInfo><VersionInfo Name="CodePage">1252</VersionInfo></VersionInfo><VersionInfoKeys><VersionInfoKeys Name="CompanyName"></VersionInfoKeys><VersionInfoKeys Name="FileDescription"></VersionInfoKeys><VersionInfoKeys Name="FileVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="InternalName"></VersionInfoKeys><VersionInfoKeys Name="LegalCopyright"></VersionInfoKeys><VersionInfoKeys Name="LegalTrademarks"></VersionInfoKeys><VersionInfoKeys Name="OriginalFilename"></VersionInfoKeys><VersionInfoKeys Name="ProductName"></VersionInfoKeys><VersionInfoKeys Name="ProductVersion">1.0.0.0</VersionInfoKeys><VersionInfoKeys Name="Comments"></VersionInfoKeys></VersionInfoKeys><Debugging><Debugging Name="DebugSourceDirs"></Debugging></Debugging><Parameters><Parameters Name="RunParams"></Parameters><Parameters Name="Launcher"></Parameters><Parameters Name="UseLauncher">False</Parameters><Parameters Name="DebugCWD"></Parameters><Parameters Name="HostApplication"></Parameters><Parameters Name="RemoteHost"></Parameters><Parameters Name="RemotePath"></Parameters><Parameters Name="RemoteParams"></Parameters><Parameters Name="RemoteLauncher"></Parameters><Parameters Name="UseRemoteLauncher">False</Parameters><Parameters Name="RemoteCWD"></Parameters><Parameters Name="RemoteDebug">False</Parameters><Parameters Name="Debug Symbols Search Path"></Parameters><Parameters Name="LoadAllSymbols">True</Parameters><Parameters Name="LoadUnspecifiedSymbols">False</Parameters></Parameters><Excluded_Packages>
+      
+      
+      <Excluded_Packages Name="$(BDS)\bin\bcboffice2k100.bpl">CodeGear C++Builder Office 2000 Servers Package</Excluded_Packages>
+      <Excluded_Packages Name="$(BDS)\bin\bcbofficexp100.bpl">CodeGear C++Builder Office XP Servers Package</Excluded_Packages>
+    </Excluded_Packages><Linker><Linker Name="LibPrefix"></Linker><Linker Name="LibSuffix"></Linker><Linker Name="LibVersion"></Linker></Linker><ProjectProperties><ProjectProperties Name="AutoShowDeps">False</ProjectProperties><ProjectProperties Name="ManagePaths">True</ProjectProperties><ProjectProperties Name="VerifyPackages">True</ProjectProperties></ProjectProperties><HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Count">3</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item0">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include;..\test;..</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item1">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include;..\test</HistoryLists_hlIncludePath><HistoryLists_hlIncludePath Name="Item2">$(BDS)\include;$(BDS)\include\dinkumware;$(BDS)\include\vcl;..\include</HistoryLists_hlIncludePath></HistoryLists_hlIncludePath><HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Count">1</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item0">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;..\test</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item1">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;..\test</HistoryLists_hlILINK_LibraryPath><HistoryLists_hlILINK_LibraryPath Name="Item2">$(BDS)\lib;$(BDS)\lib\obj;$(BDS)\lib\psdk;$(OUTPUTDIR);..\test</HistoryLists_hlILINK_LibraryPath></HistoryLists_hlILINK_LibraryPath><HistoryLists_hlDefines><HistoryLists_hlDefines Name="Count">2</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item0">NO_STRICT</HistoryLists_hlDefines><HistoryLists_hlDefines Name="Item1">STRICT</HistoryLists_hlDefines></HistoryLists_hlDefines></CPlusPlusBuilder.Personality></BorlandProject></BorlandProject>
+  </ProjectExtensions>
+  <Import Project="$(MSBuildBinPath)\Borland.Cpp.Targets" />
+  <ItemGroup>
+    <CppCompile Include="..\test\gtest_unittest.cc">
+      <BuildOrder>0</BuildOrder>
+    </CppCompile>
+    <CppCompile Include="gtest_link.cc">
+      <BuildOrder>1</BuildOrder>
+    </CppCompile>
+    <BuildConfiguration Include="Debug">
+      <Key>Cfg_1</Key>
+    </BuildConfiguration>
+    <BuildConfiguration Include="Release">
+      <Key>Cfg_2</Key>
+    </BuildConfiguration>
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/nss/gtests/google_test/gtest/configure.ac b/nss/gtests/google_test/gtest/configure.ac
new file mode 100644
index 0000000..cc592e1
--- /dev/null
+++ b/nss/gtests/google_test/gtest/configure.ac
@@ -0,0 +1,68 @@
+m4_include(m4/acx_pthread.m4)
+
+# At this point, the Xcode project assumes the version string will be three
+# integers separated by periods and surrounded by square brackets (e.g.
+# "[1.0.1]"). It also asumes that there won't be any closing parenthesis
+# between "AC_INIT(" and the closing ")" including comments and strings.
+AC_INIT([Google C++ Testing Framework],
+        [1.7.0],
+        [googletestframework@googlegroups.com],
+        [gtest])
+
+# Provide various options to initialize the Autoconf and configure processes.
+AC_PREREQ([2.59])
+AC_CONFIG_SRCDIR([./LICENSE])
+AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_HEADERS([build-aux/config.h])
+AC_CONFIG_FILES([Makefile])
+AC_CONFIG_FILES([scripts/gtest-config], [chmod +x scripts/gtest-config])
+
+# Initialize Automake with various options. We require at least v1.9, prevent
+# pedantic complaints about package files, and enable various distribution
+# targets.
+AM_INIT_AUTOMAKE([1.9 dist-bzip2 dist-zip foreign subdir-objects])
+
+# Check for programs used in building Google Test.
+AC_PROG_CC
+AC_PROG_CXX
+AC_LANG([C++])
+AC_PROG_LIBTOOL
+
+# TODO(chandlerc@google.com): Currently we aren't running the Python tests
+# against the interpreter detected by AM_PATH_PYTHON, and so we condition
+# HAVE_PYTHON by requiring "python" to be in the PATH, and that interpreter's
+# version to be >= 2.3. This will allow the scripts to use a "/usr/bin/env"
+# hashbang.
+PYTHON=  # We *do not* allow the user to specify a python interpreter
+AC_PATH_PROG([PYTHON],[python],[:])
+AS_IF([test "$PYTHON" != ":"],
+      [AM_PYTHON_CHECK_VERSION([$PYTHON],[2.3],[:],[PYTHON=":"])])
+AM_CONDITIONAL([HAVE_PYTHON],[test "$PYTHON" != ":"])
+
+# Configure pthreads.
+AC_ARG_WITH([pthreads],
+            [AS_HELP_STRING([--with-pthreads],
+               [use pthreads (default is yes)])],
+            [with_pthreads=$withval],
+            [with_pthreads=check])
+
+have_pthreads=no
+AS_IF([test "x$with_pthreads" != "xno"],
+      [ACX_PTHREAD(
+        [],
+        [AS_IF([test "x$with_pthreads" != "xcheck"],
+               [AC_MSG_FAILURE(
+                 [--with-pthreads was specified, but unable to be used])])])
+       have_pthreads="$acx_pthread_ok"])
+AM_CONDITIONAL([HAVE_PTHREADS],[test "x$have_pthreads" = "xyes"])
+AC_SUBST(PTHREAD_CFLAGS)
+AC_SUBST(PTHREAD_LIBS)
+
+# TODO(chandlerc@google.com) Check for the necessary system headers.
+
+# TODO(chandlerc@google.com) Check the types, structures, and other compiler
+# and architecture characteristics.
+
+# Output the generated files. No further autoconf macros may be used.
+AC_OUTPUT
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-death-test.h b/nss/gtests/google_test/gtest/include/gtest/gtest-death-test.h
new file mode 100644
index 0000000..957a69c
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-death-test.h
@@ -0,0 +1,294 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines the public API for death tests.  It is
+// #included by gtest.h so a user doesn't need to include this
+// directly.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_DEATH_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_DEATH_TEST_H_
+
+#include "gtest/internal/gtest-death-test-internal.h"
+
+namespace testing {
+
+// This flag controls the style of death tests.  Valid values are "threadsafe",
+// meaning that the death test child process will re-execute the test binary
+// from the start, running only a single death test, or "fast",
+// meaning that the child process will execute the test logic immediately
+// after forking.
+GTEST_DECLARE_string_(death_test_style);
+
+#if GTEST_HAS_DEATH_TEST
+
+namespace internal {
+
+// Returns a Boolean value indicating whether the caller is currently
+// executing in the context of the death test child process.  Tools such as
+// Valgrind heap checkers may need this to modify their behavior in death
+// tests.  IMPORTANT: This is an internal utility.  Using it may break the
+// implementation of death tests.  User code MUST NOT use it.
+GTEST_API_ bool InDeathTestChild();
+
+}  // namespace internal
+
+// The following macros are useful for writing death tests.
+
+// Here's what happens when an ASSERT_DEATH* or EXPECT_DEATH* is
+// executed:
+//
+//   1. It generates a warning if there is more than one active
+//   thread.  This is because it's safe to fork() or clone() only
+//   when there is a single thread.
+//
+//   2. The parent process clone()s a sub-process and runs the death
+//   test in it; the sub-process exits with code 0 at the end of the
+//   death test, if it hasn't exited already.
+//
+//   3. The parent process waits for the sub-process to terminate.
+//
+//   4. The parent process checks the exit code and error message of
+//   the sub-process.
+//
+// Examples:
+//
+//   ASSERT_DEATH(server.SendMessage(56, "Hello"), "Invalid port number");
+//   for (int i = 0; i < 5; i++) {
+//     EXPECT_DEATH(server.ProcessRequest(i),
+//                  "Invalid request .* in ProcessRequest()")
+//                  << "Failed to die on request " << i;
+//   }
+//
+//   ASSERT_EXIT(server.ExitNow(), ::testing::ExitedWithCode(0), "Exiting");
+//
+//   bool KilledBySIGHUP(int exit_code) {
+//     return WIFSIGNALED(exit_code) && WTERMSIG(exit_code) == SIGHUP;
+//   }
+//
+//   ASSERT_EXIT(client.HangUpServer(), KilledBySIGHUP, "Hanging up!");
+//
+// On the regular expressions used in death tests:
+//
+//   On POSIX-compliant systems (*nix), we use the <regex.h> library,
+//   which uses the POSIX extended regex syntax.
+//
+//   On other platforms (e.g. Windows), we only support a simple regex
+//   syntax implemented as part of Google Test.  This limited
+//   implementation should be enough most of the time when writing
+//   death tests; though it lacks many features you can find in PCRE
+//   or POSIX extended regex syntax.  For example, we don't support
+//   union ("x|y"), grouping ("(xy)"), brackets ("[xy]"), and
+//   repetition count ("x{5,7}"), among others.
+//
+//   Below is the syntax that we do support.  We chose it to be a
+//   subset of both PCRE and POSIX extended regex, so it's easy to
+//   learn wherever you come from.  In the following: 'A' denotes a
+//   literal character, period (.), or a single \\ escape sequence;
+//   'x' and 'y' denote regular expressions; 'm' and 'n' are for
+//   natural numbers.
+//
+//     c     matches any literal character c
+//     \\d   matches any decimal digit
+//     \\D   matches any character that's not a decimal digit
+//     \\f   matches \f
+//     \\n   matches \n
+//     \\r   matches \r
+//     \\s   matches any ASCII whitespace, including \n
+//     \\S   matches any character that's not a whitespace
+//     \\t   matches \t
+//     \\v   matches \v
+//     \\w   matches any letter, _, or decimal digit
+//     \\W   matches any character that \\w doesn't match
+//     \\c   matches any literal character c, which must be a punctuation
+//     .     matches any single character except \n
+//     A?    matches 0 or 1 occurrences of A
+//     A*    matches 0 or many occurrences of A
+//     A+    matches 1 or many occurrences of A
+//     ^     matches the beginning of a string (not that of each line)
+//     $     matches the end of a string (not that of each line)
+//     xy    matches x followed by y
+//
+//   If you accidentally use PCRE or POSIX extended regex features
+//   not implemented by us, you will get a run-time failure.  In that
+//   case, please try to rewrite your regular expression within the
+//   above syntax.
+//
+//   This implementation is *not* meant to be as highly tuned or robust
+//   as a compiled regex library, but should perform well enough for a
+//   death test, which already incurs significant overhead by launching
+//   a child process.
+//
+// Known caveats:
+//
+//   A "threadsafe" style death test obtains the path to the test
+//   program from argv[0] and re-executes it in the sub-process.  For
+//   simplicity, the current implementation doesn't search the PATH
+//   when launching the sub-process.  This means that the user must
+//   invoke the test program via a path that contains at least one
+//   path separator (e.g. path/to/foo_test and
+//   /absolute/path/to/bar_test are fine, but foo_test is not).  This
+//   is rarely a problem as people usually don't put the test binary
+//   directory in PATH.
+//
+// TODO(wan@google.com): make thread-safe death tests search the PATH.
+
+// Asserts that a given statement causes the program to exit, with an
+// integer exit status that satisfies predicate, and emitting error output
+// that matches regex.
+# define ASSERT_EXIT(statement, predicate, regex) \
+    GTEST_DEATH_TEST_(statement, predicate, regex, GTEST_FATAL_FAILURE_)
+
+// Like ASSERT_EXIT, but continues on to successive tests in the
+// test case, if any:
+# define EXPECT_EXIT(statement, predicate, regex) \
+    GTEST_DEATH_TEST_(statement, predicate, regex, GTEST_NONFATAL_FAILURE_)
+
+// Asserts that a given statement causes the program to exit, either by
+// explicitly exiting with a nonzero exit code or being killed by a
+// signal, and emitting error output that matches regex.
+# define ASSERT_DEATH(statement, regex) \
+    ASSERT_EXIT(statement, ::testing::internal::ExitedUnsuccessfully, regex)
+
+// Like ASSERT_DEATH, but continues on to successive tests in the
+// test case, if any:
+# define EXPECT_DEATH(statement, regex) \
+    EXPECT_EXIT(statement, ::testing::internal::ExitedUnsuccessfully, regex)
+
+// Two predicate classes that can be used in {ASSERT,EXPECT}_EXIT*:
+
+// Tests that an exit code describes a normal exit with a given exit code.
+class GTEST_API_ ExitedWithCode {
+ public:
+  explicit ExitedWithCode(int exit_code);
+  bool operator()(int exit_status) const;
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ExitedWithCode& other);
+
+  const int exit_code_;
+};
+
+# if !GTEST_OS_WINDOWS
+// Tests that an exit code describes an exit due to termination by a
+// given signal.
+class GTEST_API_ KilledBySignal {
+ public:
+  explicit KilledBySignal(int signum);
+  bool operator()(int exit_status) const;
+ private:
+  const int signum_;
+};
+# endif  // !GTEST_OS_WINDOWS
+
+// EXPECT_DEBUG_DEATH asserts that the given statements die in debug mode.
+// The death testing framework causes this to have interesting semantics,
+// since the sideeffects of the call are only visible in opt mode, and not
+// in debug mode.
+//
+// In practice, this can be used to test functions that utilize the
+// LOG(DFATAL) macro using the following style:
+//
+// int DieInDebugOr12(int* sideeffect) {
+//   if (sideeffect) {
+//     *sideeffect = 12;
+//   }
+//   LOG(DFATAL) << "death";
+//   return 12;
+// }
+//
+// TEST(TestCase, TestDieOr12WorksInDgbAndOpt) {
+//   int sideeffect = 0;
+//   // Only asserts in dbg.
+//   EXPECT_DEBUG_DEATH(DieInDebugOr12(&sideeffect), "death");
+//
+// #ifdef NDEBUG
+//   // opt-mode has sideeffect visible.
+//   EXPECT_EQ(12, sideeffect);
+// #else
+//   // dbg-mode no visible sideeffect.
+//   EXPECT_EQ(0, sideeffect);
+// #endif
+// }
+//
+// This will assert that DieInDebugReturn12InOpt() crashes in debug
+// mode, usually due to a DCHECK or LOG(DFATAL), but returns the
+// appropriate fallback value (12 in this case) in opt mode. If you
+// need to test that a function has appropriate side-effects in opt
+// mode, include assertions against the side-effects.  A general
+// pattern for this is:
+//
+// EXPECT_DEBUG_DEATH({
+//   // Side-effects here will have an effect after this statement in
+//   // opt mode, but none in debug mode.
+//   EXPECT_EQ(12, DieInDebugOr12(&sideeffect));
+// }, "death");
+//
+# ifdef NDEBUG
+
+#  define EXPECT_DEBUG_DEATH(statement, regex) \
+  GTEST_EXECUTE_STATEMENT_(statement, regex)
+
+#  define ASSERT_DEBUG_DEATH(statement, regex) \
+  GTEST_EXECUTE_STATEMENT_(statement, regex)
+
+# else
+
+#  define EXPECT_DEBUG_DEATH(statement, regex) \
+  EXPECT_DEATH(statement, regex)
+
+#  define ASSERT_DEBUG_DEATH(statement, regex) \
+  ASSERT_DEATH(statement, regex)
+
+# endif  // NDEBUG for EXPECT_DEBUG_DEATH
+#endif  // GTEST_HAS_DEATH_TEST
+
+// EXPECT_DEATH_IF_SUPPORTED(statement, regex) and
+// ASSERT_DEATH_IF_SUPPORTED(statement, regex) expand to real death tests if
+// death tests are supported; otherwise they just issue a warning.  This is
+// useful when you are combining death test assertions with normal test
+// assertions in one test.
+#if GTEST_HAS_DEATH_TEST
+# define EXPECT_DEATH_IF_SUPPORTED(statement, regex) \
+    EXPECT_DEATH(statement, regex)
+# define ASSERT_DEATH_IF_SUPPORTED(statement, regex) \
+    ASSERT_DEATH(statement, regex)
+#else
+# define EXPECT_DEATH_IF_SUPPORTED(statement, regex) \
+    GTEST_UNSUPPORTED_DEATH_TEST_(statement, regex, )
+# define ASSERT_DEATH_IF_SUPPORTED(statement, regex) \
+    GTEST_UNSUPPORTED_DEATH_TEST_(statement, regex, return)
+#endif
+
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_DEATH_TEST_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-message.h b/nss/gtests/google_test/gtest/include/gtest/gtest-message.h
new file mode 100644
index 0000000..fe879bc
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-message.h
@@ -0,0 +1,250 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines the Message class.
+//
+// IMPORTANT NOTE: Due to limitation of the C++ language, we have to
+// leave some internal implementation details in this header file.
+// They are clearly marked by comments like this:
+//
+//   // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+//
+// Such code is NOT meant to be used by a user directly, and is subject
+// to CHANGE WITHOUT NOTICE.  Therefore DO NOT DEPEND ON IT in a user
+// program!
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_MESSAGE_H_
+#define GTEST_INCLUDE_GTEST_GTEST_MESSAGE_H_
+
+#include <limits>
+
+#include "gtest/internal/gtest-port.h"
+
+// Ensures that there is at least one operator<< in the global namespace.
+// See Message& operator<<(...) below for why.
+void operator<<(const testing::internal::Secret&, int);
+
+namespace testing {
+
+// The Message class works like an ostream repeater.
+//
+// Typical usage:
+//
+//   1. You stream a bunch of values to a Message object.
+//      It will remember the text in a stringstream.
+//   2. Then you stream the Message object to an ostream.
+//      This causes the text in the Message to be streamed
+//      to the ostream.
+//
+// For example;
+//
+//   testing::Message foo;
+//   foo << 1 << " != " << 2;
+//   std::cout << foo;
+//
+// will print "1 != 2".
+//
+// Message is not intended to be inherited from.  In particular, its
+// destructor is not virtual.
+//
+// Note that stringstream behaves differently in gcc and in MSVC.  You
+// can stream a NULL char pointer to it in the former, but not in the
+// latter (it causes an access violation if you do).  The Message
+// class hides this difference by treating a NULL char pointer as
+// "(null)".
+class GTEST_API_ Message {
+ private:
+  // The type of basic IO manipulators (endl, ends, and flush) for
+  // narrow streams.
+  typedef std::ostream& (*BasicNarrowIoManip)(std::ostream&);
+
+ public:
+  // Constructs an empty Message.
+  Message();
+
+  // Copy constructor.
+  Message(const Message& msg) : ss_(new ::std::stringstream) {  // NOLINT
+    *ss_ << msg.GetString();
+  }
+
+  // Constructs a Message from a C-string.
+  explicit Message(const char* str) : ss_(new ::std::stringstream) {
+    *ss_ << str;
+  }
+
+#if GTEST_OS_SYMBIAN
+  // Streams a value (either a pointer or not) to this object.
+  template <typename T>
+  inline Message& operator <<(const T& value) {
+    StreamHelper(typename internal::is_pointer<T>::type(), value);
+    return *this;
+  }
+#else
+  // Streams a non-pointer value to this object.
+  template <typename T>
+  inline Message& operator <<(const T& val) {
+    // Some libraries overload << for STL containers.  These
+    // overloads are defined in the global namespace instead of ::std.
+    //
+    // C++'s symbol lookup rule (i.e. Koenig lookup) says that these
+    // overloads are visible in either the std namespace or the global
+    // namespace, but not other namespaces, including the testing
+    // namespace which Google Test's Message class is in.
+    //
+    // To allow STL containers (and other types that has a << operator
+    // defined in the global namespace) to be used in Google Test
+    // assertions, testing::Message must access the custom << operator
+    // from the global namespace.  With this using declaration,
+    // overloads of << defined in the global namespace and those
+    // visible via Koenig lookup are both exposed in this function.
+    using ::operator <<;
+    *ss_ << val;
+    return *this;
+  }
+
+  // Streams a pointer value to this object.
+  //
+  // This function is an overload of the previous one.  When you
+  // stream a pointer to a Message, this definition will be used as it
+  // is more specialized.  (The C++ Standard, section
+  // [temp.func.order].)  If you stream a non-pointer, then the
+  // previous definition will be used.
+  //
+  // The reason for this overload is that streaming a NULL pointer to
+  // ostream is undefined behavior.  Depending on the compiler, you
+  // may get "0", "(nil)", "(null)", or an access violation.  To
+  // ensure consistent result across compilers, we always treat NULL
+  // as "(null)".
+  template <typename T>
+  inline Message& operator <<(T* const& pointer) {  // NOLINT
+    if (pointer == NULL) {
+      *ss_ << "(null)";
+    } else {
+      *ss_ << pointer;
+    }
+    return *this;
+  }
+#endif  // GTEST_OS_SYMBIAN
+
+  // Since the basic IO manipulators are overloaded for both narrow
+  // and wide streams, we have to provide this specialized definition
+  // of operator <<, even though its body is the same as the
+  // templatized version above.  Without this definition, streaming
+  // endl or other basic IO manipulators to Message will confuse the
+  // compiler.
+  Message& operator <<(BasicNarrowIoManip val) {
+    *ss_ << val;
+    return *this;
+  }
+
+  // Instead of 1/0, we want to see true/false for bool values.
+  Message& operator <<(bool b) {
+    return *this << (b ? "true" : "false");
+  }
+
+  // These two overloads allow streaming a wide C string to a Message
+  // using the UTF-8 encoding.
+  Message& operator <<(const wchar_t* wide_c_str);
+  Message& operator <<(wchar_t* wide_c_str);
+
+#if GTEST_HAS_STD_WSTRING
+  // Converts the given wide string to a narrow string using the UTF-8
+  // encoding, and streams the result to this Message object.
+  Message& operator <<(const ::std::wstring& wstr);
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+  // Converts the given wide string to a narrow string using the UTF-8
+  // encoding, and streams the result to this Message object.
+  Message& operator <<(const ::wstring& wstr);
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+  // Gets the text streamed to this object so far as an std::string.
+  // Each '\0' character in the buffer is replaced with "\\0".
+  //
+  // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+  std::string GetString() const;
+
+ private:
+
+#if GTEST_OS_SYMBIAN
+  // These are needed as the Nokia Symbian Compiler cannot decide between
+  // const T& and const T* in a function template. The Nokia compiler _can_
+  // decide between class template specializations for T and T*, so a
+  // tr1::type_traits-like is_pointer works, and we can overload on that.
+  template <typename T>
+  inline void StreamHelper(internal::true_type /*is_pointer*/, T* pointer) {
+    if (pointer == NULL) {
+      *ss_ << "(null)";
+    } else {
+      *ss_ << pointer;
+    }
+  }
+  template <typename T>
+  inline void StreamHelper(internal::false_type /*is_pointer*/,
+                           const T& value) {
+    // See the comments in Message& operator <<(const T&) above for why
+    // we need this using statement.
+    using ::operator <<;
+    *ss_ << value;
+  }
+#endif  // GTEST_OS_SYMBIAN
+
+  // We'll hold the text streamed to this object here.
+  const internal::scoped_ptr< ::std::stringstream> ss_;
+
+  // We declare (but don't implement) this to prevent the compiler
+  // from implementing the assignment operator.
+  void operator=(const Message&);
+};
+
+// Streams a Message to an ostream.
+inline std::ostream& operator <<(std::ostream& os, const Message& sb) {
+  return os << sb.GetString();
+}
+
+namespace internal {
+
+// Converts a streamable value to an std::string.  A NULL pointer is
+// converted to "(null)".  When the input value is a ::string,
+// ::std::string, ::wstring, or ::std::wstring object, each NUL
+// character in it is replaced with "\\0".
+template <typename T>
+std::string StreamableToString(const T& streamable) {
+  return (Message() << streamable).GetString();
+}
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_MESSAGE_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h b/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h
new file mode 100644
index 0000000..d6702c8
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h
@@ -0,0 +1,1421 @@
+// This file was GENERATED by command:
+//     pump.py gtest-param-test.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev)
+//
+// Macros and functions for implementing parameterized tests
+// in Google C++ Testing Framework (Google Test)
+//
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+
+
+// Value-parameterized tests allow you to test your code with different
+// parameters without writing multiple copies of the same test.
+//
+// Here is how you use value-parameterized tests:
+
+#if 0
+
+// To write value-parameterized tests, first you should define a fixture
+// class. It is usually derived from testing::TestWithParam<T> (see below for
+// another inheritance scheme that's sometimes useful in more complicated
+// class hierarchies), where the type of your parameter values.
+// TestWithParam<T> is itself derived from testing::Test. T can be any
+// copyable type. If it's a raw pointer, you are responsible for managing the
+// lifespan of the pointed values.
+
+class FooTest : public ::testing::TestWithParam<const char*> {
+  // You can implement all the usual class fixture members here.
+};
+
+// Then, use the TEST_P macro to define as many parameterized tests
+// for this fixture as you want. The _P suffix is for "parameterized"
+// or "pattern", whichever you prefer to think.
+
+TEST_P(FooTest, DoesBlah) {
+  // Inside a test, access the test parameter with the GetParam() method
+  // of the TestWithParam<T> class:
+  EXPECT_TRUE(foo.Blah(GetParam()));
+  ...
+}
+
+TEST_P(FooTest, HasBlahBlah) {
+  ...
+}
+
+// Finally, you can use INSTANTIATE_TEST_CASE_P to instantiate the test
+// case with any set of parameters you want. Google Test defines a number
+// of functions for generating test parameters. They return what we call
+// (surprise!) parameter generators. Here is a  summary of them, which
+// are all in the testing namespace:
+//
+//
+//  Range(begin, end [, step]) - Yields values {begin, begin+step,
+//                               begin+step+step, ...}. The values do not
+//                               include end. step defaults to 1.
+//  Values(v1, v2, ..., vN)    - Yields values {v1, v2, ..., vN}.
+//  ValuesIn(container)        - Yields values from a C-style array, an STL
+//  ValuesIn(begin,end)          container, or an iterator range [begin, end).
+//  Bool()                     - Yields sequence {false, true}.
+//  Combine(g1, g2, ..., gN)   - Yields all combinations (the Cartesian product
+//                               for the math savvy) of the values generated
+//                               by the N generators.
+//
+// For more details, see comments at the definitions of these functions below
+// in this file.
+//
+// The following statement will instantiate tests from the FooTest test case
+// each with parameter values "meeny", "miny", and "moe".
+
+INSTANTIATE_TEST_CASE_P(InstantiationName,
+                        FooTest,
+                        Values("meeny", "miny", "moe"));
+
+// To distinguish different instances of the pattern, (yes, you
+// can instantiate it more then once) the first argument to the
+// INSTANTIATE_TEST_CASE_P macro is a prefix that will be added to the
+// actual test case name. Remember to pick unique prefixes for different
+// instantiations. The tests from the instantiation above will have
+// these names:
+//
+//    * InstantiationName/FooTest.DoesBlah/0 for "meeny"
+//    * InstantiationName/FooTest.DoesBlah/1 for "miny"
+//    * InstantiationName/FooTest.DoesBlah/2 for "moe"
+//    * InstantiationName/FooTest.HasBlahBlah/0 for "meeny"
+//    * InstantiationName/FooTest.HasBlahBlah/1 for "miny"
+//    * InstantiationName/FooTest.HasBlahBlah/2 for "moe"
+//
+// You can use these names in --gtest_filter.
+//
+// This statement will instantiate all tests from FooTest again, each
+// with parameter values "cat" and "dog":
+
+const char* pets[] = {"cat", "dog"};
+INSTANTIATE_TEST_CASE_P(AnotherInstantiationName, FooTest, ValuesIn(pets));
+
+// The tests from the instantiation above will have these names:
+//
+//    * AnotherInstantiationName/FooTest.DoesBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.DoesBlah/1 for "dog"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/1 for "dog"
+//
+// Please note that INSTANTIATE_TEST_CASE_P will instantiate all tests
+// in the given test case, whether their definitions come before or
+// AFTER the INSTANTIATE_TEST_CASE_P statement.
+//
+// Please also note that generator expressions (including parameters to the
+// generators) are evaluated in InitGoogleTest(), after main() has started.
+// This allows the user on one hand, to adjust generator parameters in order
+// to dynamically determine a set of tests to run and on the other hand,
+// give the user a chance to inspect the generated tests with Google Test
+// reflection API before RUN_ALL_TESTS() is executed.
+//
+// You can see samples/sample7_unittest.cc and samples/sample8_unittest.cc
+// for more examples.
+//
+// In the future, we plan to publish the API for defining new parameter
+// generators. But for now this interface remains part of the internal
+// implementation and is subject to change.
+//
+//
+// A parameterized test fixture must be derived from testing::Test and from
+// testing::WithParamInterface<T>, where T is the type of the parameter
+// values. Inheriting from TestWithParam<T> satisfies that requirement because
+// TestWithParam<T> inherits from both Test and WithParamInterface. In more
+// complicated hierarchies, however, it is occasionally useful to inherit
+// separately from Test and WithParamInterface. For example:
+
+class BaseTest : public ::testing::Test {
+  // You can inherit all the usual members for a non-parameterized test
+  // fixture here.
+};
+
+class DerivedTest : public BaseTest, public ::testing::WithParamInterface<int> {
+  // The usual test fixture members go here too.
+};
+
+TEST_F(BaseTest, HasFoo) {
+  // This is an ordinary non-parameterized test.
+}
+
+TEST_P(DerivedTest, DoesBlah) {
+  // GetParam works just the same here as if you inherit from TestWithParam.
+  EXPECT_TRUE(foo.Blah(GetParam()));
+}
+
+#endif  // 0
+
+#include "gtest/internal/gtest-port.h"
+
+#if !GTEST_OS_SYMBIAN
+# include <utility>
+#endif
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-param-util-generated.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Functions producing parameter generators.
+//
+// Google Test uses these generators to produce parameters for value-
+// parameterized tests. When a parameterized test case is instantiated
+// with a particular generator, Google Test creates and runs tests
+// for each element in the sequence produced by the generator.
+//
+// In the following sample, tests from test case FooTest are instantiated
+// each three times with parameter values 3, 5, and 8:
+//
+// class FooTest : public TestWithParam<int> { ... };
+//
+// TEST_P(FooTest, TestThis) {
+// }
+// TEST_P(FooTest, TestThat) {
+// }
+// INSTANTIATE_TEST_CASE_P(TestSequence, FooTest, Values(3, 5, 8));
+//
+
+// Range() returns generators providing sequences of values in a range.
+//
+// Synopsis:
+// Range(start, end)
+//   - returns a generator producing a sequence of values {start, start+1,
+//     start+2, ..., }.
+// Range(start, end, step)
+//   - returns a generator producing a sequence of values {start, start+step,
+//     start+step+step, ..., }.
+// Notes:
+//   * The generated sequences never include end. For example, Range(1, 5)
+//     returns a generator producing a sequence {1, 2, 3, 4}. Range(1, 9, 2)
+//     returns a generator producing {1, 3, 5, 7}.
+//   * start and end must have the same type. That type may be any integral or
+//     floating-point type or a user defined type satisfying these conditions:
+//     * It must be assignable (have operator=() defined).
+//     * It must have operator+() (operator+(int-compatible type) for
+//       two-operand version).
+//     * It must have operator<() defined.
+//     Elements in the resulting sequences will also have that type.
+//   * Condition start < end must be satisfied in order for resulting sequences
+//     to contain any elements.
+//
+template <typename T, typename IncrementT>
+internal::ParamGenerator<T> Range(T start, T end, IncrementT step) {
+  return internal::ParamGenerator<T>(
+      new internal::RangeGenerator<T, IncrementT>(start, end, step));
+}
+
+template <typename T>
+internal::ParamGenerator<T> Range(T start, T end) {
+  return Range(start, end, 1);
+}
+
+// ValuesIn() function allows generation of tests with parameters coming from
+// a container.
+//
+// Synopsis:
+// ValuesIn(const T (&array)[N])
+//   - returns a generator producing sequences with elements from
+//     a C-style array.
+// ValuesIn(const Container& container)
+//   - returns a generator producing sequences with elements from
+//     an STL-style container.
+// ValuesIn(Iterator begin, Iterator end)
+//   - returns a generator producing sequences with elements from
+//     a range [begin, end) defined by a pair of STL-style iterators. These
+//     iterators can also be plain C pointers.
+//
+// Please note that ValuesIn copies the values from the containers
+// passed in and keeps them to generate tests in RUN_ALL_TESTS().
+//
+// Examples:
+//
+// This instantiates tests from test case StringTest
+// each with C-string values of "foo", "bar", and "baz":
+//
+// const char* strings[] = {"foo", "bar", "baz"};
+// INSTANTIATE_TEST_CASE_P(StringSequence, SrtingTest, ValuesIn(strings));
+//
+// This instantiates tests from test case StlStringTest
+// each with STL strings with values "a" and "b":
+//
+// ::std::vector< ::std::string> GetParameterStrings() {
+//   ::std::vector< ::std::string> v;
+//   v.push_back("a");
+//   v.push_back("b");
+//   return v;
+// }
+//
+// INSTANTIATE_TEST_CASE_P(CharSequence,
+//                         StlStringTest,
+//                         ValuesIn(GetParameterStrings()));
+//
+//
+// This will also instantiate tests from CharTest
+// each with parameter values 'a' and 'b':
+//
+// ::std::list<char> GetParameterChars() {
+//   ::std::list<char> list;
+//   list.push_back('a');
+//   list.push_back('b');
+//   return list;
+// }
+// ::std::list<char> l = GetParameterChars();
+// INSTANTIATE_TEST_CASE_P(CharSequence2,
+//                         CharTest,
+//                         ValuesIn(l.begin(), l.end()));
+//
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end) {
+  typedef typename ::testing::internal::IteratorTraits<ForwardIterator>
+      ::value_type ParamType;
+  return internal::ParamGenerator<ParamType>(
+      new internal::ValuesInIteratorRangeGenerator<ParamType>(begin, end));
+}
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]) {
+  return ValuesIn(array, array + N);
+}
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container) {
+  return ValuesIn(container.begin(), container.end());
+}
+
+// Values() allows generating tests from explicitly specified list of
+// parameters.
+//
+// Synopsis:
+// Values(T v1, T v2, ..., T vN)
+//   - returns a generator producing sequences with elements v1, v2, ..., vN.
+//
+// For example, this instantiates tests from test case BarTest each
+// with values "one", "two", and "three":
+//
+// INSTANTIATE_TEST_CASE_P(NumSequence, BarTest, Values("one", "two", "three"));
+//
+// This instantiates tests from test case BazTest each with values 1, 2, 3.5.
+// The exact type of values will depend on the type of parameter in BazTest.
+//
+// INSTANTIATE_TEST_CASE_P(FloatingNumbers, BazTest, Values(1, 2, 3.5));
+//
+// Currently, Values() supports from 1 to 50 parameters.
+//
+template <typename T1>
+internal::ValueArray1<T1> Values(T1 v1) {
+  return internal::ValueArray1<T1>(v1);
+}
+
+template <typename T1, typename T2>
+internal::ValueArray2<T1, T2> Values(T1 v1, T2 v2) {
+  return internal::ValueArray2<T1, T2>(v1, v2);
+}
+
+template <typename T1, typename T2, typename T3>
+internal::ValueArray3<T1, T2, T3> Values(T1 v1, T2 v2, T3 v3) {
+  return internal::ValueArray3<T1, T2, T3>(v1, v2, v3);
+}
+
+template <typename T1, typename T2, typename T3, typename T4>
+internal::ValueArray4<T1, T2, T3, T4> Values(T1 v1, T2 v2, T3 v3, T4 v4) {
+  return internal::ValueArray4<T1, T2, T3, T4>(v1, v2, v3, v4);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+internal::ValueArray5<T1, T2, T3, T4, T5> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5) {
+  return internal::ValueArray5<T1, T2, T3, T4, T5>(v1, v2, v3, v4, v5);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+internal::ValueArray6<T1, T2, T3, T4, T5, T6> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6) {
+  return internal::ValueArray6<T1, T2, T3, T4, T5, T6>(v1, v2, v3, v4, v5, v6);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+internal::ValueArray7<T1, T2, T3, T4, T5, T6, T7> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6, T7 v7) {
+  return internal::ValueArray7<T1, T2, T3, T4, T5, T6, T7>(v1, v2, v3, v4, v5,
+      v6, v7);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+internal::ValueArray8<T1, T2, T3, T4, T5, T6, T7, T8> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8) {
+  return internal::ValueArray8<T1, T2, T3, T4, T5, T6, T7, T8>(v1, v2, v3, v4,
+      v5, v6, v7, v8);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+internal::ValueArray9<T1, T2, T3, T4, T5, T6, T7, T8, T9> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9) {
+  return internal::ValueArray9<T1, T2, T3, T4, T5, T6, T7, T8, T9>(v1, v2, v3,
+      v4, v5, v6, v7, v8, v9);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+internal::ValueArray10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> Values(T1 v1,
+    T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10) {
+  return internal::ValueArray10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10>(v1,
+      v2, v3, v4, v5, v6, v7, v8, v9, v10);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+internal::ValueArray11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10,
+    T11> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11) {
+  return internal::ValueArray11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10,
+      T11>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+internal::ValueArray12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+    T12> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12) {
+  return internal::ValueArray12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+internal::ValueArray13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+    T13> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13) {
+  return internal::ValueArray13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+internal::ValueArray14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14) {
+  return internal::ValueArray14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13,
+      v14);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+internal::ValueArray15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+    T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15) {
+  return internal::ValueArray15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12,
+      v13, v14, v15);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+internal::ValueArray16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16) {
+  return internal::ValueArray16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11,
+      v12, v13, v14, v15, v16);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+internal::ValueArray17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17) {
+  return internal::ValueArray17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10,
+      v11, v12, v13, v14, v15, v16, v17);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+internal::ValueArray18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6,
+    T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18) {
+  return internal::ValueArray18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18>(v1, v2, v3, v4, v5, v6, v7, v8, v9,
+      v10, v11, v12, v13, v14, v15, v16, v17, v18);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+internal::ValueArray19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5,
+    T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14,
+    T15 v15, T16 v16, T17 v17, T18 v18, T19 v19) {
+  return internal::ValueArray19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19>(v1, v2, v3, v4, v5, v6, v7, v8,
+      v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+internal::ValueArray20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20) {
+  return internal::ValueArray20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20>(v1, v2, v3, v4, v5, v6, v7,
+      v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+internal::ValueArray21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21) {
+  return internal::ValueArray21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21>(v1, v2, v3, v4, v5, v6,
+      v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+internal::ValueArray22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22) {
+  return internal::ValueArray22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22>(v1, v2, v3, v4,
+      v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+internal::ValueArray23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23) {
+  return internal::ValueArray23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23>(v1, v2, v3,
+      v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+internal::ValueArray24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24) {
+  return internal::ValueArray24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24>(v1, v2,
+      v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18,
+      v19, v20, v21, v22, v23, v24);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+internal::ValueArray25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> Values(T1 v1,
+    T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11,
+    T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19,
+    T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25) {
+  return internal::ValueArray25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25>(v1,
+      v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17,
+      v18, v19, v20, v21, v22, v23, v24, v25);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+internal::ValueArray26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+    T26> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26) {
+  return internal::ValueArray26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15,
+      v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+internal::ValueArray27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+    T27> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27) {
+  return internal::ValueArray27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14,
+      v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+internal::ValueArray28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+    T28> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28) {
+  return internal::ValueArray28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13,
+      v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27,
+      v28);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+internal::ValueArray29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29) {
+  return internal::ValueArray29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12,
+      v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26,
+      v27, v28, v29);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+internal::ValueArray30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+    T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16,
+    T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24,
+    T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30) {
+  return internal::ValueArray30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11,
+      v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25,
+      v26, v27, v28, v29, v30);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+internal::ValueArray31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31) {
+  return internal::ValueArray31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10,
+      v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24,
+      v25, v26, v27, v28, v29, v30, v31);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+internal::ValueArray32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32) {
+  return internal::ValueArray32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32>(v1, v2, v3, v4, v5, v6, v7, v8, v9,
+      v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+internal::ValueArray33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6,
+    T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33) {
+  return internal::ValueArray33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33>(v1, v2, v3, v4, v5, v6, v7, v8,
+      v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32, v33);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+internal::ValueArray34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5,
+    T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14,
+    T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22,
+    T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30,
+    T31 v31, T32 v32, T33 v33, T34 v34) {
+  return internal::ValueArray34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34>(v1, v2, v3, v4, v5, v6, v7,
+      v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22,
+      v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+internal::ValueArray35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21,
+    T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29,
+    T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35) {
+  return internal::ValueArray35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35>(v1, v2, v3, v4, v5, v6,
+      v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21,
+      v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+internal::ValueArray36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21,
+    T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29,
+    T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36) {
+  return internal::ValueArray36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36>(v1, v2, v3, v4,
+      v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33,
+      v34, v35, v36);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+internal::ValueArray37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37> Values(T1 v1, T2 v2, T3 v3,
+    T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28,
+    T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36,
+    T37 v37) {
+  return internal::ValueArray37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37>(v1, v2, v3,
+      v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33,
+      v34, v35, v36, v37);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+internal::ValueArray38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28,
+    T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36,
+    T37 v37, T38 v38) {
+  return internal::ValueArray38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38>(v1, v2,
+      v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18,
+      v19, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32,
+      v33, v34, v35, v36, v37, v38);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+internal::ValueArray39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> Values(T1 v1, T2 v2,
+    T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12,
+    T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20,
+    T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28,
+    T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36,
+    T37 v37, T38 v38, T39 v39) {
+  return internal::ValueArray39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39>(v1,
+      v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17,
+      v18, v19, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31,
+      v32, v33, v34, v35, v36, v37, v38, v39);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+internal::ValueArray40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> Values(T1 v1,
+    T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11,
+    T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19,
+    T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27,
+    T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35,
+    T36 v36, T37 v37, T38 v38, T39 v39, T40 v40) {
+  return internal::ValueArray40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15,
+      v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27, v28, v29,
+      v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+internal::ValueArray41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+    T41> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41) {
+  return internal::ValueArray41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14,
+      v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27, v28,
+      v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40, v41);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+internal::ValueArray42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+    T42> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+    T42 v42) {
+  return internal::ValueArray42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13,
+      v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26, v27,
+      v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40, v41,
+      v42);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+internal::ValueArray43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+    T43> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+    T42 v42, T43 v43) {
+  return internal::ValueArray43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12,
+      v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25, v26,
+      v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39, v40,
+      v41, v42, v43);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+internal::ValueArray44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+    T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+    T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+    T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+    T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+    T42 v42, T43 v43, T44 v44) {
+  return internal::ValueArray44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11,
+      v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24, v25,
+      v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38, v39,
+      v40, v41, v42, v43, v44);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+internal::ValueArray45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+    T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16,
+    T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24,
+    T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32,
+    T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40,
+    T41 v41, T42 v42, T43 v43, T44 v44, T45 v45) {
+  return internal::ValueArray45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45>(v1, v2, v3, v4, v5, v6, v7, v8, v9, v10,
+      v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23, v24,
+      v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37, v38,
+      v39, v40, v41, v42, v43, v44, v45);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+internal::ValueArray46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39,
+    T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46) {
+  return internal::ValueArray46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46>(v1, v2, v3, v4, v5, v6, v7, v8, v9,
+      v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37,
+      v38, v39, v40, v41, v42, v43, v44, v45, v46);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+internal::ValueArray47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+    T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39,
+    T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47) {
+  return internal::ValueArray47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47>(v1, v2, v3, v4, v5, v6, v7, v8,
+      v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23,
+      v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36, v37,
+      v38, v39, v40, v41, v42, v43, v44, v45, v46, v47);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+internal::ValueArray48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6,
+    T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15,
+    T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23,
+    T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31,
+    T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39,
+    T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47,
+    T48 v48) {
+  return internal::ValueArray48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47, T48>(v1, v2, v3, v4, v5, v6, v7,
+      v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22,
+      v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35, v36,
+      v37, v38, v39, v40, v41, v42, v43, v44, v45, v46, v47, v48);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+internal::ValueArray49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48, T49> Values(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5,
+    T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13, T14 v14,
+    T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21, T22 v22,
+    T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29, T30 v30,
+    T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37, T38 v38,
+    T39 v39, T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45, T46 v46,
+    T47 v47, T48 v48, T49 v49) {
+  return internal::ValueArray49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47, T48, T49>(v1, v2, v3, v4, v5, v6,
+      v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19, v20, v21,
+      v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35,
+      v36, v37, v38, v39, v40, v41, v42, v43, v44, v45, v46, v47, v48, v49);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+internal::ValueArray50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48, T49, T50> Values(T1 v1, T2 v2, T3 v3, T4 v4,
+    T5 v5, T6 v6, T7 v7, T8 v8, T9 v9, T10 v10, T11 v11, T12 v12, T13 v13,
+    T14 v14, T15 v15, T16 v16, T17 v17, T18 v18, T19 v19, T20 v20, T21 v21,
+    T22 v22, T23 v23, T24 v24, T25 v25, T26 v26, T27 v27, T28 v28, T29 v29,
+    T30 v30, T31 v31, T32 v32, T33 v33, T34 v34, T35 v35, T36 v36, T37 v37,
+    T38 v38, T39 v39, T40 v40, T41 v41, T42 v42, T43 v43, T44 v44, T45 v45,
+    T46 v46, T47 v47, T48 v48, T49 v49, T50 v50) {
+  return internal::ValueArray50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12, T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26, T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40, T41, T42, T43, T44, T45, T46, T47, T48, T49, T50>(v1, v2, v3, v4,
+      v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15, v16, v17, v18, v19,
+      v20, v21, v22, v23, v24, v25, v26, v27, v28, v29, v30, v31, v32, v33,
+      v34, v35, v36, v37, v38, v39, v40, v41, v42, v43, v44, v45, v46, v47,
+      v48, v49, v50);
+}
+
+// Bool() allows generating tests with parameters in a set of (false, true).
+//
+// Synopsis:
+// Bool()
+//   - returns a generator producing sequences with elements {false, true}.
+//
+// It is useful when testing code that depends on Boolean flags. Combinations
+// of multiple flags can be tested when several Bool()'s are combined using
+// Combine() function.
+//
+// In the following example all tests in the test case FlagDependentTest
+// will be instantiated twice with parameters false and true.
+//
+// class FlagDependentTest : public testing::TestWithParam<bool> {
+//   virtual void SetUp() {
+//     external_flag = GetParam();
+//   }
+// }
+// INSTANTIATE_TEST_CASE_P(BoolSequence, FlagDependentTest, Bool());
+//
+inline internal::ParamGenerator<bool> Bool() {
+  return Values(false, true);
+}
+
+# if GTEST_HAS_COMBINE
+// Combine() allows the user to combine two or more sequences to produce
+// values of a Cartesian product of those sequences' elements.
+//
+// Synopsis:
+// Combine(gen1, gen2, ..., genN)
+//   - returns a generator producing sequences with elements coming from
+//     the Cartesian product of elements from the sequences generated by
+//     gen1, gen2, ..., genN. The sequence elements will have a type of
+//     tuple<T1, T2, ..., TN> where T1, T2, ..., TN are the types
+//     of elements from sequences produces by gen1, gen2, ..., genN.
+//
+// Combine can have up to 10 arguments. This number is currently limited
+// by the maximum number of elements in the tuple implementation used by Google
+// Test.
+//
+// Example:
+//
+// This will instantiate tests in test case AnimalTest each one with
+// the parameter values tuple("cat", BLACK), tuple("cat", WHITE),
+// tuple("dog", BLACK), and tuple("dog", WHITE):
+//
+// enum Color { BLACK, GRAY, WHITE };
+// class AnimalTest
+//     : public testing::TestWithParam<tuple<const char*, Color> > {...};
+//
+// TEST_P(AnimalTest, AnimalLooksNice) {...}
+//
+// INSTANTIATE_TEST_CASE_P(AnimalVariations, AnimalTest,
+//                         Combine(Values("cat", "dog"),
+//                                 Values(BLACK, WHITE)));
+//
+// This will instantiate tests in FlagDependentTest with all variations of two
+// Boolean flags:
+//
+// class FlagDependentTest
+//     : public testing::TestWithParam<tuple<bool, bool> > {
+//   virtual void SetUp() {
+//     // Assigns external_flag_1 and external_flag_2 values from the tuple.
+//     tie(external_flag_1, external_flag_2) = GetParam();
+//   }
+// };
+//
+// TEST_P(FlagDependentTest, TestFeature1) {
+//   // Test your code using external_flag_1 and external_flag_2 here.
+// }
+// INSTANTIATE_TEST_CASE_P(TwoBoolSequence, FlagDependentTest,
+//                         Combine(Bool(), Bool()));
+//
+template <typename Generator1, typename Generator2>
+internal::CartesianProductHolder2<Generator1, Generator2> Combine(
+    const Generator1& g1, const Generator2& g2) {
+  return internal::CartesianProductHolder2<Generator1, Generator2>(
+      g1, g2);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3>
+internal::CartesianProductHolder3<Generator1, Generator2, Generator3> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3) {
+  return internal::CartesianProductHolder3<Generator1, Generator2, Generator3>(
+      g1, g2, g3);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4>
+internal::CartesianProductHolder4<Generator1, Generator2, Generator3,
+    Generator4> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4) {
+  return internal::CartesianProductHolder4<Generator1, Generator2, Generator3,
+      Generator4>(
+      g1, g2, g3, g4);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5>
+internal::CartesianProductHolder5<Generator1, Generator2, Generator3,
+    Generator4, Generator5> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5) {
+  return internal::CartesianProductHolder5<Generator1, Generator2, Generator3,
+      Generator4, Generator5>(
+      g1, g2, g3, g4, g5);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6>
+internal::CartesianProductHolder6<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6) {
+  return internal::CartesianProductHolder6<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6>(
+      g1, g2, g3, g4, g5, g6);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7>
+internal::CartesianProductHolder7<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7) {
+  return internal::CartesianProductHolder7<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7>(
+      g1, g2, g3, g4, g5, g6, g7);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7, typename Generator8>
+internal::CartesianProductHolder8<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7, Generator8> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7, const Generator8& g8) {
+  return internal::CartesianProductHolder8<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7, Generator8>(
+      g1, g2, g3, g4, g5, g6, g7, g8);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7, typename Generator8, typename Generator9>
+internal::CartesianProductHolder9<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7, Generator8,
+    Generator9> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7, const Generator8& g8, const Generator9& g9) {
+  return internal::CartesianProductHolder9<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7, Generator8, Generator9>(
+      g1, g2, g3, g4, g5, g6, g7, g8, g9);
+}
+
+template <typename Generator1, typename Generator2, typename Generator3,
+    typename Generator4, typename Generator5, typename Generator6,
+    typename Generator7, typename Generator8, typename Generator9,
+    typename Generator10>
+internal::CartesianProductHolder10<Generator1, Generator2, Generator3,
+    Generator4, Generator5, Generator6, Generator7, Generator8, Generator9,
+    Generator10> Combine(
+    const Generator1& g1, const Generator2& g2, const Generator3& g3,
+        const Generator4& g4, const Generator5& g5, const Generator6& g6,
+        const Generator7& g7, const Generator8& g8, const Generator9& g9,
+        const Generator10& g10) {
+  return internal::CartesianProductHolder10<Generator1, Generator2, Generator3,
+      Generator4, Generator5, Generator6, Generator7, Generator8, Generator9,
+      Generator10>(
+      g1, g2, g3, g4, g5, g6, g7, g8, g9, g10);
+}
+# endif  // GTEST_HAS_COMBINE
+
+
+
+# define TEST_P(test_case_name, test_name) \
+  class GTEST_TEST_CLASS_NAME_(test_case_name, test_name) \
+      : public test_case_name { \
+   public: \
+    GTEST_TEST_CLASS_NAME_(test_case_name, test_name)() {} \
+    virtual void TestBody(); \
+   private: \
+    static int AddToRegistry() { \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestPattern(\
+                  #test_case_name, \
+                  #test_name, \
+                  new ::testing::internal::TestMetaFactory< \
+                      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)>()); \
+      return 0; \
+    } \
+    static int gtest_registering_dummy_; \
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(\
+        GTEST_TEST_CLASS_NAME_(test_case_name, test_name)); \
+  }; \
+  int GTEST_TEST_CLASS_NAME_(test_case_name, \
+                             test_name)::gtest_registering_dummy_ = \
+      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::AddToRegistry(); \
+  void GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::TestBody()
+
+# define INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \
+  ::testing::internal::ParamGenerator<test_case_name::ParamType> \
+      gtest_##prefix##test_case_name##_EvalGenerator_() { return generator; } \
+  int gtest_##prefix##test_case_name##_dummy_ = \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestCaseInstantiation(\
+                  #prefix, \
+                  &gtest_##prefix##test_case_name##_EvalGenerator_, \
+                  __FILE__, __LINE__)
+
+}  // namespace testing
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h.pump b/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h.pump
new file mode 100644
index 0000000..2dc9303
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-param-test.h.pump
@@ -0,0 +1,487 @@
+$$ -*- mode: c++; -*-
+$var n = 50  $$ Maximum length of Values arguments we want to support.
+$var maxtuple = 10  $$ Maximum number of Combine arguments we want to support.
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev)
+//
+// Macros and functions for implementing parameterized tests
+// in Google C++ Testing Framework (Google Test)
+//
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
+
+
+// Value-parameterized tests allow you to test your code with different
+// parameters without writing multiple copies of the same test.
+//
+// Here is how you use value-parameterized tests:
+
+#if 0
+
+// To write value-parameterized tests, first you should define a fixture
+// class. It is usually derived from testing::TestWithParam<T> (see below for
+// another inheritance scheme that's sometimes useful in more complicated
+// class hierarchies), where the type of your parameter values.
+// TestWithParam<T> is itself derived from testing::Test. T can be any
+// copyable type. If it's a raw pointer, you are responsible for managing the
+// lifespan of the pointed values.
+
+class FooTest : public ::testing::TestWithParam<const char*> {
+  // You can implement all the usual class fixture members here.
+};
+
+// Then, use the TEST_P macro to define as many parameterized tests
+// for this fixture as you want. The _P suffix is for "parameterized"
+// or "pattern", whichever you prefer to think.
+
+TEST_P(FooTest, DoesBlah) {
+  // Inside a test, access the test parameter with the GetParam() method
+  // of the TestWithParam<T> class:
+  EXPECT_TRUE(foo.Blah(GetParam()));
+  ...
+}
+
+TEST_P(FooTest, HasBlahBlah) {
+  ...
+}
+
+// Finally, you can use INSTANTIATE_TEST_CASE_P to instantiate the test
+// case with any set of parameters you want. Google Test defines a number
+// of functions for generating test parameters. They return what we call
+// (surprise!) parameter generators. Here is a  summary of them, which
+// are all in the testing namespace:
+//
+//
+//  Range(begin, end [, step]) - Yields values {begin, begin+step,
+//                               begin+step+step, ...}. The values do not
+//                               include end. step defaults to 1.
+//  Values(v1, v2, ..., vN)    - Yields values {v1, v2, ..., vN}.
+//  ValuesIn(container)        - Yields values from a C-style array, an STL
+//  ValuesIn(begin,end)          container, or an iterator range [begin, end).
+//  Bool()                     - Yields sequence {false, true}.
+//  Combine(g1, g2, ..., gN)   - Yields all combinations (the Cartesian product
+//                               for the math savvy) of the values generated
+//                               by the N generators.
+//
+// For more details, see comments at the definitions of these functions below
+// in this file.
+//
+// The following statement will instantiate tests from the FooTest test case
+// each with parameter values "meeny", "miny", and "moe".
+
+INSTANTIATE_TEST_CASE_P(InstantiationName,
+                        FooTest,
+                        Values("meeny", "miny", "moe"));
+
+// To distinguish different instances of the pattern, (yes, you
+// can instantiate it more then once) the first argument to the
+// INSTANTIATE_TEST_CASE_P macro is a prefix that will be added to the
+// actual test case name. Remember to pick unique prefixes for different
+// instantiations. The tests from the instantiation above will have
+// these names:
+//
+//    * InstantiationName/FooTest.DoesBlah/0 for "meeny"
+//    * InstantiationName/FooTest.DoesBlah/1 for "miny"
+//    * InstantiationName/FooTest.DoesBlah/2 for "moe"
+//    * InstantiationName/FooTest.HasBlahBlah/0 for "meeny"
+//    * InstantiationName/FooTest.HasBlahBlah/1 for "miny"
+//    * InstantiationName/FooTest.HasBlahBlah/2 for "moe"
+//
+// You can use these names in --gtest_filter.
+//
+// This statement will instantiate all tests from FooTest again, each
+// with parameter values "cat" and "dog":
+
+const char* pets[] = {"cat", "dog"};
+INSTANTIATE_TEST_CASE_P(AnotherInstantiationName, FooTest, ValuesIn(pets));
+
+// The tests from the instantiation above will have these names:
+//
+//    * AnotherInstantiationName/FooTest.DoesBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.DoesBlah/1 for "dog"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/0 for "cat"
+//    * AnotherInstantiationName/FooTest.HasBlahBlah/1 for "dog"
+//
+// Please note that INSTANTIATE_TEST_CASE_P will instantiate all tests
+// in the given test case, whether their definitions come before or
+// AFTER the INSTANTIATE_TEST_CASE_P statement.
+//
+// Please also note that generator expressions (including parameters to the
+// generators) are evaluated in InitGoogleTest(), after main() has started.
+// This allows the user on one hand, to adjust generator parameters in order
+// to dynamically determine a set of tests to run and on the other hand,
+// give the user a chance to inspect the generated tests with Google Test
+// reflection API before RUN_ALL_TESTS() is executed.
+//
+// You can see samples/sample7_unittest.cc and samples/sample8_unittest.cc
+// for more examples.
+//
+// In the future, we plan to publish the API for defining new parameter
+// generators. But for now this interface remains part of the internal
+// implementation and is subject to change.
+//
+//
+// A parameterized test fixture must be derived from testing::Test and from
+// testing::WithParamInterface<T>, where T is the type of the parameter
+// values. Inheriting from TestWithParam<T> satisfies that requirement because
+// TestWithParam<T> inherits from both Test and WithParamInterface. In more
+// complicated hierarchies, however, it is occasionally useful to inherit
+// separately from Test and WithParamInterface. For example:
+
+class BaseTest : public ::testing::Test {
+  // You can inherit all the usual members for a non-parameterized test
+  // fixture here.
+};
+
+class DerivedTest : public BaseTest, public ::testing::WithParamInterface<int> {
+  // The usual test fixture members go here too.
+};
+
+TEST_F(BaseTest, HasFoo) {
+  // This is an ordinary non-parameterized test.
+}
+
+TEST_P(DerivedTest, DoesBlah) {
+  // GetParam works just the same here as if you inherit from TestWithParam.
+  EXPECT_TRUE(foo.Blah(GetParam()));
+}
+
+#endif  // 0
+
+#include "gtest/internal/gtest-port.h"
+
+#if !GTEST_OS_SYMBIAN
+# include <utility>
+#endif
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-param-util-generated.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Functions producing parameter generators.
+//
+// Google Test uses these generators to produce parameters for value-
+// parameterized tests. When a parameterized test case is instantiated
+// with a particular generator, Google Test creates and runs tests
+// for each element in the sequence produced by the generator.
+//
+// In the following sample, tests from test case FooTest are instantiated
+// each three times with parameter values 3, 5, and 8:
+//
+// class FooTest : public TestWithParam<int> { ... };
+//
+// TEST_P(FooTest, TestThis) {
+// }
+// TEST_P(FooTest, TestThat) {
+// }
+// INSTANTIATE_TEST_CASE_P(TestSequence, FooTest, Values(3, 5, 8));
+//
+
+// Range() returns generators providing sequences of values in a range.
+//
+// Synopsis:
+// Range(start, end)
+//   - returns a generator producing a sequence of values {start, start+1,
+//     start+2, ..., }.
+// Range(start, end, step)
+//   - returns a generator producing a sequence of values {start, start+step,
+//     start+step+step, ..., }.
+// Notes:
+//   * The generated sequences never include end. For example, Range(1, 5)
+//     returns a generator producing a sequence {1, 2, 3, 4}. Range(1, 9, 2)
+//     returns a generator producing {1, 3, 5, 7}.
+//   * start and end must have the same type. That type may be any integral or
+//     floating-point type or a user defined type satisfying these conditions:
+//     * It must be assignable (have operator=() defined).
+//     * It must have operator+() (operator+(int-compatible type) for
+//       two-operand version).
+//     * It must have operator<() defined.
+//     Elements in the resulting sequences will also have that type.
+//   * Condition start < end must be satisfied in order for resulting sequences
+//     to contain any elements.
+//
+template <typename T, typename IncrementT>
+internal::ParamGenerator<T> Range(T start, T end, IncrementT step) {
+  return internal::ParamGenerator<T>(
+      new internal::RangeGenerator<T, IncrementT>(start, end, step));
+}
+
+template <typename T>
+internal::ParamGenerator<T> Range(T start, T end) {
+  return Range(start, end, 1);
+}
+
+// ValuesIn() function allows generation of tests with parameters coming from
+// a container.
+//
+// Synopsis:
+// ValuesIn(const T (&array)[N])
+//   - returns a generator producing sequences with elements from
+//     a C-style array.
+// ValuesIn(const Container& container)
+//   - returns a generator producing sequences with elements from
+//     an STL-style container.
+// ValuesIn(Iterator begin, Iterator end)
+//   - returns a generator producing sequences with elements from
+//     a range [begin, end) defined by a pair of STL-style iterators. These
+//     iterators can also be plain C pointers.
+//
+// Please note that ValuesIn copies the values from the containers
+// passed in and keeps them to generate tests in RUN_ALL_TESTS().
+//
+// Examples:
+//
+// This instantiates tests from test case StringTest
+// each with C-string values of "foo", "bar", and "baz":
+//
+// const char* strings[] = {"foo", "bar", "baz"};
+// INSTANTIATE_TEST_CASE_P(StringSequence, SrtingTest, ValuesIn(strings));
+//
+// This instantiates tests from test case StlStringTest
+// each with STL strings with values "a" and "b":
+//
+// ::std::vector< ::std::string> GetParameterStrings() {
+//   ::std::vector< ::std::string> v;
+//   v.push_back("a");
+//   v.push_back("b");
+//   return v;
+// }
+//
+// INSTANTIATE_TEST_CASE_P(CharSequence,
+//                         StlStringTest,
+//                         ValuesIn(GetParameterStrings()));
+//
+//
+// This will also instantiate tests from CharTest
+// each with parameter values 'a' and 'b':
+//
+// ::std::list<char> GetParameterChars() {
+//   ::std::list<char> list;
+//   list.push_back('a');
+//   list.push_back('b');
+//   return list;
+// }
+// ::std::list<char> l = GetParameterChars();
+// INSTANTIATE_TEST_CASE_P(CharSequence2,
+//                         CharTest,
+//                         ValuesIn(l.begin(), l.end()));
+//
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end) {
+  typedef typename ::testing::internal::IteratorTraits<ForwardIterator>
+      ::value_type ParamType;
+  return internal::ParamGenerator<ParamType>(
+      new internal::ValuesInIteratorRangeGenerator<ParamType>(begin, end));
+}
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]) {
+  return ValuesIn(array, array + N);
+}
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container) {
+  return ValuesIn(container.begin(), container.end());
+}
+
+// Values() allows generating tests from explicitly specified list of
+// parameters.
+//
+// Synopsis:
+// Values(T v1, T v2, ..., T vN)
+//   - returns a generator producing sequences with elements v1, v2, ..., vN.
+//
+// For example, this instantiates tests from test case BarTest each
+// with values "one", "two", and "three":
+//
+// INSTANTIATE_TEST_CASE_P(NumSequence, BarTest, Values("one", "two", "three"));
+//
+// This instantiates tests from test case BazTest each with values 1, 2, 3.5.
+// The exact type of values will depend on the type of parameter in BazTest.
+//
+// INSTANTIATE_TEST_CASE_P(FloatingNumbers, BazTest, Values(1, 2, 3.5));
+//
+// Currently, Values() supports from 1 to $n parameters.
+//
+$range i 1..n
+$for i [[
+$range j 1..i
+
+template <$for j, [[typename T$j]]>
+internal::ValueArray$i<$for j, [[T$j]]> Values($for j, [[T$j v$j]]) {
+  return internal::ValueArray$i<$for j, [[T$j]]>($for j, [[v$j]]);
+}
+
+]]
+
+// Bool() allows generating tests with parameters in a set of (false, true).
+//
+// Synopsis:
+// Bool()
+//   - returns a generator producing sequences with elements {false, true}.
+//
+// It is useful when testing code that depends on Boolean flags. Combinations
+// of multiple flags can be tested when several Bool()'s are combined using
+// Combine() function.
+//
+// In the following example all tests in the test case FlagDependentTest
+// will be instantiated twice with parameters false and true.
+//
+// class FlagDependentTest : public testing::TestWithParam<bool> {
+//   virtual void SetUp() {
+//     external_flag = GetParam();
+//   }
+// }
+// INSTANTIATE_TEST_CASE_P(BoolSequence, FlagDependentTest, Bool());
+//
+inline internal::ParamGenerator<bool> Bool() {
+  return Values(false, true);
+}
+
+# if GTEST_HAS_COMBINE
+// Combine() allows the user to combine two or more sequences to produce
+// values of a Cartesian product of those sequences' elements.
+//
+// Synopsis:
+// Combine(gen1, gen2, ..., genN)
+//   - returns a generator producing sequences with elements coming from
+//     the Cartesian product of elements from the sequences generated by
+//     gen1, gen2, ..., genN. The sequence elements will have a type of
+//     tuple<T1, T2, ..., TN> where T1, T2, ..., TN are the types
+//     of elements from sequences produces by gen1, gen2, ..., genN.
+//
+// Combine can have up to $maxtuple arguments. This number is currently limited
+// by the maximum number of elements in the tuple implementation used by Google
+// Test.
+//
+// Example:
+//
+// This will instantiate tests in test case AnimalTest each one with
+// the parameter values tuple("cat", BLACK), tuple("cat", WHITE),
+// tuple("dog", BLACK), and tuple("dog", WHITE):
+//
+// enum Color { BLACK, GRAY, WHITE };
+// class AnimalTest
+//     : public testing::TestWithParam<tuple<const char*, Color> > {...};
+//
+// TEST_P(AnimalTest, AnimalLooksNice) {...}
+//
+// INSTANTIATE_TEST_CASE_P(AnimalVariations, AnimalTest,
+//                         Combine(Values("cat", "dog"),
+//                                 Values(BLACK, WHITE)));
+//
+// This will instantiate tests in FlagDependentTest with all variations of two
+// Boolean flags:
+//
+// class FlagDependentTest
+//     : public testing::TestWithParam<tuple<bool, bool> > {
+//   virtual void SetUp() {
+//     // Assigns external_flag_1 and external_flag_2 values from the tuple.
+//     tie(external_flag_1, external_flag_2) = GetParam();
+//   }
+// };
+//
+// TEST_P(FlagDependentTest, TestFeature1) {
+//   // Test your code using external_flag_1 and external_flag_2 here.
+// }
+// INSTANTIATE_TEST_CASE_P(TwoBoolSequence, FlagDependentTest,
+//                         Combine(Bool(), Bool()));
+//
+$range i 2..maxtuple
+$for i [[
+$range j 1..i
+
+template <$for j, [[typename Generator$j]]>
+internal::CartesianProductHolder$i<$for j, [[Generator$j]]> Combine(
+    $for j, [[const Generator$j& g$j]]) {
+  return internal::CartesianProductHolder$i<$for j, [[Generator$j]]>(
+      $for j, [[g$j]]);
+}
+
+]]
+# endif  // GTEST_HAS_COMBINE
+
+
+
+# define TEST_P(test_case_name, test_name) \
+  class GTEST_TEST_CLASS_NAME_(test_case_name, test_name) \
+      : public test_case_name { \
+   public: \
+    GTEST_TEST_CLASS_NAME_(test_case_name, test_name)() {} \
+    virtual void TestBody(); \
+   private: \
+    static int AddToRegistry() { \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestPattern(\
+                  #test_case_name, \
+                  #test_name, \
+                  new ::testing::internal::TestMetaFactory< \
+                      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)>()); \
+      return 0; \
+    } \
+    static int gtest_registering_dummy_; \
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(\
+        GTEST_TEST_CLASS_NAME_(test_case_name, test_name)); \
+  }; \
+  int GTEST_TEST_CLASS_NAME_(test_case_name, \
+                             test_name)::gtest_registering_dummy_ = \
+      GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::AddToRegistry(); \
+  void GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::TestBody()
+
+# define INSTANTIATE_TEST_CASE_P(prefix, test_case_name, generator) \
+  ::testing::internal::ParamGenerator<test_case_name::ParamType> \
+      gtest_##prefix##test_case_name##_EvalGenerator_() { return generator; } \
+  int gtest_##prefix##test_case_name##_dummy_ = \
+      ::testing::UnitTest::GetInstance()->parameterized_test_registry(). \
+          GetTestCasePatternHolder<test_case_name>(\
+              #test_case_name, __FILE__, __LINE__)->AddTestCaseInstantiation(\
+                  #prefix, \
+                  &gtest_##prefix##test_case_name##_EvalGenerator_, \
+                  __FILE__, __LINE__)
+
+}  // namespace testing
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PARAM_TEST_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-printers.h b/nss/gtests/google_test/gtest/include/gtest/gtest-printers.h
new file mode 100644
index 0000000..18ee7bc
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-printers.h
@@ -0,0 +1,891 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Google Test - The Google C++ Testing Framework
+//
+// This file implements a universal value printer that can print a
+// value of any type T:
+//
+//   void ::testing::internal::UniversalPrinter<T>::Print(value, ostream_ptr);
+//
+// A user can teach this function how to print a class type T by
+// defining either operator<<() or PrintTo() in the namespace that
+// defines T.  More specifically, the FIRST defined function in the
+// following list will be used (assuming T is defined in namespace
+// foo):
+//
+//   1. foo::PrintTo(const T&, ostream*)
+//   2. operator<<(ostream&, const T&) defined in either foo or the
+//      global namespace.
+//
+// If none of the above is defined, it will print the debug string of
+// the value if it is a protocol buffer, or print the raw bytes in the
+// value otherwise.
+//
+// To aid debugging: when T is a reference type, the address of the
+// value is also printed; when T is a (const) char pointer, both the
+// pointer value and the NUL-terminated string it points to are
+// printed.
+//
+// We also provide some convenient wrappers:
+//
+//   // Prints a value to a string.  For a (const or not) char
+//   // pointer, the NUL-terminated string (but not the pointer) is
+//   // printed.
+//   std::string ::testing::PrintToString(const T& value);
+//
+//   // Prints a value tersely: for a reference type, the referenced
+//   // value (but not the address) is printed; for a (const or not) char
+//   // pointer, the NUL-terminated string (but not the pointer) is
+//   // printed.
+//   void ::testing::internal::UniversalTersePrint(const T& value, ostream*);
+//
+//   // Prints value using the type inferred by the compiler.  The difference
+//   // from UniversalTersePrint() is that this function prints both the
+//   // pointer and the NUL-terminated string for a (const or not) char pointer.
+//   void ::testing::internal::UniversalPrint(const T& value, ostream*);
+//
+//   // Prints the fields of a tuple tersely to a string vector, one
+//   // element for each field. Tuple support must be enabled in
+//   // gtest-port.h.
+//   std::vector<string> UniversalTersePrintTupleFieldsToStrings(
+//       const Tuple& value);
+//
+// Known limitation:
+//
+// The print primitives print the elements of an STL-style container
+// using the compiler-inferred type of *iter where iter is a
+// const_iterator of the container.  When const_iterator is an input
+// iterator but not a forward iterator, this inferred type may not
+// match value_type, and the print output may be incorrect.  In
+// practice, this is rarely a problem as for most containers
+// const_iterator is a forward iterator.  We'll fix this if there's an
+// actual need for it.  Note that this fix cannot rely on value_type
+// being defined as many user-defined container types don't have
+// value_type.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PRINTERS_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PRINTERS_H_
+
+#include <ostream>  // NOLINT
+#include <sstream>
+#include <string>
+#include <utility>
+#include <vector>
+#include "gtest/internal/gtest-port.h"
+#include "gtest/internal/gtest-internal.h"
+
+#if GTEST_HAS_STD_TUPLE_
+# include <tuple>
+#endif
+
+namespace testing {
+
+// Definitions in the 'internal' and 'internal2' name spaces are
+// subject to change without notice.  DO NOT USE THEM IN USER CODE!
+namespace internal2 {
+
+// Prints the given number of bytes in the given object to the given
+// ostream.
+GTEST_API_ void PrintBytesInObjectTo(const unsigned char* obj_bytes,
+                                     size_t count,
+                                     ::std::ostream* os);
+
+// For selecting which printer to use when a given type has neither <<
+// nor PrintTo().
+enum TypeKind {
+  kProtobuf,              // a protobuf type
+  kConvertibleToInteger,  // a type implicitly convertible to BiggestInt
+                          // (e.g. a named or unnamed enum type)
+  kOtherType              // anything else
+};
+
+// TypeWithoutFormatter<T, kTypeKind>::PrintValue(value, os) is called
+// by the universal printer to print a value of type T when neither
+// operator<< nor PrintTo() is defined for T, where kTypeKind is the
+// "kind" of T as defined by enum TypeKind.
+template <typename T, TypeKind kTypeKind>
+class TypeWithoutFormatter {
+ public:
+  // This default version is called when kTypeKind is kOtherType.
+  static void PrintValue(const T& value, ::std::ostream* os) {
+    PrintBytesInObjectTo(reinterpret_cast<const unsigned char*>(&value),
+                         sizeof(value), os);
+  }
+};
+
+// We print a protobuf using its ShortDebugString() when the string
+// doesn't exceed this many characters; otherwise we print it using
+// DebugString() for better readability.
+const size_t kProtobufOneLinerMaxLength = 50;
+
+template <typename T>
+class TypeWithoutFormatter<T, kProtobuf> {
+ public:
+  static void PrintValue(const T& value, ::std::ostream* os) {
+    const ::testing::internal::string short_str = value.ShortDebugString();
+    const ::testing::internal::string pretty_str =
+        short_str.length() <= kProtobufOneLinerMaxLength ?
+        short_str : ("\n" + value.DebugString());
+    *os << ("<" + pretty_str + ">");
+  }
+};
+
+template <typename T>
+class TypeWithoutFormatter<T, kConvertibleToInteger> {
+ public:
+  // Since T has no << operator or PrintTo() but can be implicitly
+  // converted to BiggestInt, we print it as a BiggestInt.
+  //
+  // Most likely T is an enum type (either named or unnamed), in which
+  // case printing it as an integer is the desired behavior.  In case
+  // T is not an enum, printing it as an integer is the best we can do
+  // given that it has no user-defined printer.
+  static void PrintValue(const T& value, ::std::ostream* os) {
+    const internal::BiggestInt kBigInt = value;
+    *os << kBigInt;
+  }
+};
+
+// Prints the given value to the given ostream.  If the value is a
+// protocol message, its debug string is printed; if it's an enum or
+// of a type implicitly convertible to BiggestInt, it's printed as an
+// integer; otherwise the bytes in the value are printed.  This is
+// what UniversalPrinter<T>::Print() does when it knows nothing about
+// type T and T has neither << operator nor PrintTo().
+//
+// A user can override this behavior for a class type Foo by defining
+// a << operator in the namespace where Foo is defined.
+//
+// We put this operator in namespace 'internal2' instead of 'internal'
+// to simplify the implementation, as much code in 'internal' needs to
+// use << in STL, which would conflict with our own << were it defined
+// in 'internal'.
+//
+// Note that this operator<< takes a generic std::basic_ostream<Char,
+// CharTraits> type instead of the more restricted std::ostream.  If
+// we define it to take an std::ostream instead, we'll get an
+// "ambiguous overloads" compiler error when trying to print a type
+// Foo that supports streaming to std::basic_ostream<Char,
+// CharTraits>, as the compiler cannot tell whether
+// operator<<(std::ostream&, const T&) or
+// operator<<(std::basic_stream<Char, CharTraits>, const Foo&) is more
+// specific.
+template <typename Char, typename CharTraits, typename T>
+::std::basic_ostream<Char, CharTraits>& operator<<(
+    ::std::basic_ostream<Char, CharTraits>& os, const T& x) {
+  TypeWithoutFormatter<T,
+      (internal::IsAProtocolMessage<T>::value ? kProtobuf :
+       internal::ImplicitlyConvertible<const T&, internal::BiggestInt>::value ?
+       kConvertibleToInteger : kOtherType)>::PrintValue(x, &os);
+  return os;
+}
+
+}  // namespace internal2
+}  // namespace testing
+
+// This namespace MUST NOT BE NESTED IN ::testing, or the name look-up
+// magic needed for implementing UniversalPrinter won't work.
+namespace testing_internal {
+
+// Used to print a value that is not an STL-style container when the
+// user doesn't define PrintTo() for it.
+template <typename T>
+void DefaultPrintNonContainerTo(const T& value, ::std::ostream* os) {
+  // With the following statement, during unqualified name lookup,
+  // testing::internal2::operator<< appears as if it was declared in
+  // the nearest enclosing namespace that contains both
+  // ::testing_internal and ::testing::internal2, i.e. the global
+  // namespace.  For more details, refer to the C++ Standard section
+  // 7.3.4-1 [namespace.udir].  This allows us to fall back onto
+  // testing::internal2::operator<< in case T doesn't come with a <<
+  // operator.
+  //
+  // We cannot write 'using ::testing::internal2::operator<<;', which
+  // gcc 3.3 fails to compile due to a compiler bug.
+  using namespace ::testing::internal2;  // NOLINT
+
+  // Assuming T is defined in namespace foo, in the next statement,
+  // the compiler will consider all of:
+  //
+  //   1. foo::operator<< (thanks to Koenig look-up),
+  //   2. ::operator<< (as the current namespace is enclosed in ::),
+  //   3. testing::internal2::operator<< (thanks to the using statement above).
+  //
+  // The operator<< whose type matches T best will be picked.
+  //
+  // We deliberately allow #2 to be a candidate, as sometimes it's
+  // impossible to define #1 (e.g. when foo is ::std, defining
+  // anything in it is undefined behavior unless you are a compiler
+  // vendor.).
+  *os << value;
+}
+
+}  // namespace testing_internal
+
+namespace testing {
+namespace internal {
+
+// UniversalPrinter<T>::Print(value, ostream_ptr) prints the given
+// value to the given ostream.  The caller must ensure that
+// 'ostream_ptr' is not NULL, or the behavior is undefined.
+//
+// We define UniversalPrinter as a class template (as opposed to a
+// function template), as we need to partially specialize it for
+// reference types, which cannot be done with function templates.
+template <typename T>
+class UniversalPrinter;
+
+template <typename T>
+void UniversalPrint(const T& value, ::std::ostream* os);
+
+// Used to print an STL-style container when the user doesn't define
+// a PrintTo() for it.
+template <typename C>
+void DefaultPrintTo(IsContainer /* dummy */,
+                    false_type /* is not a pointer */,
+                    const C& container, ::std::ostream* os) {
+  const size_t kMaxCount = 32;  // The maximum number of elements to print.
+  *os << '{';
+  size_t count = 0;
+  for (typename C::const_iterator it = container.begin();
+       it != container.end(); ++it, ++count) {
+    if (count > 0) {
+      *os << ',';
+      if (count == kMaxCount) {  // Enough has been printed.
+        *os << " ...";
+        break;
+      }
+    }
+    *os << ' ';
+    // We cannot call PrintTo(*it, os) here as PrintTo() doesn't
+    // handle *it being a native array.
+    internal::UniversalPrint(*it, os);
+  }
+
+  if (count > 0) {
+    *os << ' ';
+  }
+  *os << '}';
+}
+
+// Used to print a pointer that is neither a char pointer nor a member
+// pointer, when the user doesn't define PrintTo() for it.  (A member
+// variable pointer or member function pointer doesn't really point to
+// a location in the address space.  Their representation is
+// implementation-defined.  Therefore they will be printed as raw
+// bytes.)
+template <typename T>
+void DefaultPrintTo(IsNotContainer /* dummy */,
+                    true_type /* is a pointer */,
+                    T* p, ::std::ostream* os) {
+  if (p == NULL) {
+    *os << "NULL";
+  } else {
+    // C++ doesn't allow casting from a function pointer to any object
+    // pointer.
+    //
+    // IsTrue() silences warnings: "Condition is always true",
+    // "unreachable code".
+    if (IsTrue(ImplicitlyConvertible<T*, const void*>::value)) {
+      // T is not a function type.  We just call << to print p,
+      // relying on ADL to pick up user-defined << for their pointer
+      // types, if any.
+      *os << p;
+    } else {
+      // T is a function type, so '*os << p' doesn't do what we want
+      // (it just prints p as bool).  We want to print p as a const
+      // void*.  However, we cannot cast it to const void* directly,
+      // even using reinterpret_cast, as earlier versions of gcc
+      // (e.g. 3.4.5) cannot compile the cast when p is a function
+      // pointer.  Casting to UInt64 first solves the problem.
+      *os << reinterpret_cast<const void*>(
+          reinterpret_cast<internal::UInt64>(p));
+    }
+  }
+}
+
+// Used to print a non-container, non-pointer value when the user
+// doesn't define PrintTo() for it.
+template <typename T>
+void DefaultPrintTo(IsNotContainer /* dummy */,
+                    false_type /* is not a pointer */,
+                    const T& value, ::std::ostream* os) {
+  ::testing_internal::DefaultPrintNonContainerTo(value, os);
+}
+
+// Prints the given value using the << operator if it has one;
+// otherwise prints the bytes in it.  This is what
+// UniversalPrinter<T>::Print() does when PrintTo() is not specialized
+// or overloaded for type T.
+//
+// A user can override this behavior for a class type Foo by defining
+// an overload of PrintTo() in the namespace where Foo is defined.  We
+// give the user this option as sometimes defining a << operator for
+// Foo is not desirable (e.g. the coding style may prevent doing it,
+// or there is already a << operator but it doesn't do what the user
+// wants).
+template <typename T>
+void PrintTo(const T& value, ::std::ostream* os) {
+  // DefaultPrintTo() is overloaded.  The type of its first two
+  // arguments determine which version will be picked.  If T is an
+  // STL-style container, the version for container will be called; if
+  // T is a pointer, the pointer version will be called; otherwise the
+  // generic version will be called.
+  //
+  // Note that we check for container types here, prior to we check
+  // for protocol message types in our operator<<.  The rationale is:
+  //
+  // For protocol messages, we want to give people a chance to
+  // override Google Mock's format by defining a PrintTo() or
+  // operator<<.  For STL containers, other formats can be
+  // incompatible with Google Mock's format for the container
+  // elements; therefore we check for container types here to ensure
+  // that our format is used.
+  //
+  // The second argument of DefaultPrintTo() is needed to bypass a bug
+  // in Symbian's C++ compiler that prevents it from picking the right
+  // overload between:
+  //
+  //   PrintTo(const T& x, ...);
+  //   PrintTo(T* x, ...);
+  DefaultPrintTo(IsContainerTest<T>(0), is_pointer<T>(), value, os);
+}
+
+// The following list of PrintTo() overloads tells
+// UniversalPrinter<T>::Print() how to print standard types (built-in
+// types, strings, plain arrays, and pointers).
+
+// Overloads for various char types.
+GTEST_API_ void PrintTo(unsigned char c, ::std::ostream* os);
+GTEST_API_ void PrintTo(signed char c, ::std::ostream* os);
+inline void PrintTo(char c, ::std::ostream* os) {
+  // When printing a plain char, we always treat it as unsigned.  This
+  // way, the output won't be affected by whether the compiler thinks
+  // char is signed or not.
+  PrintTo(static_cast<unsigned char>(c), os);
+}
+
+// Overloads for other simple built-in types.
+inline void PrintTo(bool x, ::std::ostream* os) {
+  *os << (x ? "true" : "false");
+}
+
+// Overload for wchar_t type.
+// Prints a wchar_t as a symbol if it is printable or as its internal
+// code otherwise and also as its decimal code (except for L'\0').
+// The L'\0' char is printed as "L'\\0'". The decimal code is printed
+// as signed integer when wchar_t is implemented by the compiler
+// as a signed type and is printed as an unsigned integer when wchar_t
+// is implemented as an unsigned type.
+GTEST_API_ void PrintTo(wchar_t wc, ::std::ostream* os);
+
+// Overloads for C strings.
+GTEST_API_ void PrintTo(const char* s, ::std::ostream* os);
+inline void PrintTo(char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const char*>(s), os);
+}
+
+// signed/unsigned char is often used for representing binary data, so
+// we print pointers to it as void* to be safe.
+inline void PrintTo(const signed char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+inline void PrintTo(signed char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+inline void PrintTo(const unsigned char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+inline void PrintTo(unsigned char* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const void*>(s), os);
+}
+
+// MSVC can be configured to define wchar_t as a typedef of unsigned
+// short.  It defines _NATIVE_WCHAR_T_DEFINED when wchar_t is a native
+// type.  When wchar_t is a typedef, defining an overload for const
+// wchar_t* would cause unsigned short* be printed as a wide string,
+// possibly causing invalid memory accesses.
+#if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+// Overloads for wide C strings
+GTEST_API_ void PrintTo(const wchar_t* s, ::std::ostream* os);
+inline void PrintTo(wchar_t* s, ::std::ostream* os) {
+  PrintTo(ImplicitCast_<const wchar_t*>(s), os);
+}
+#endif
+
+// Overload for C arrays.  Multi-dimensional arrays are printed
+// properly.
+
+// Prints the given number of elements in an array, without printing
+// the curly braces.
+template <typename T>
+void PrintRawArrayTo(const T a[], size_t count, ::std::ostream* os) {
+  UniversalPrint(a[0], os);
+  for (size_t i = 1; i != count; i++) {
+    *os << ", ";
+    UniversalPrint(a[i], os);
+  }
+}
+
+// Overloads for ::string and ::std::string.
+#if GTEST_HAS_GLOBAL_STRING
+GTEST_API_ void PrintStringTo(const ::string&s, ::std::ostream* os);
+inline void PrintTo(const ::string& s, ::std::ostream* os) {
+  PrintStringTo(s, os);
+}
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+GTEST_API_ void PrintStringTo(const ::std::string&s, ::std::ostream* os);
+inline void PrintTo(const ::std::string& s, ::std::ostream* os) {
+  PrintStringTo(s, os);
+}
+
+// Overloads for ::wstring and ::std::wstring.
+#if GTEST_HAS_GLOBAL_WSTRING
+GTEST_API_ void PrintWideStringTo(const ::wstring&s, ::std::ostream* os);
+inline void PrintTo(const ::wstring& s, ::std::ostream* os) {
+  PrintWideStringTo(s, os);
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+#if GTEST_HAS_STD_WSTRING
+GTEST_API_ void PrintWideStringTo(const ::std::wstring&s, ::std::ostream* os);
+inline void PrintTo(const ::std::wstring& s, ::std::ostream* os) {
+  PrintWideStringTo(s, os);
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+// Helper function for printing a tuple.  T must be instantiated with
+// a tuple type.
+template <typename T>
+void PrintTupleTo(const T& t, ::std::ostream* os);
+#endif  // GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+
+#if GTEST_HAS_TR1_TUPLE
+// Overload for ::std::tr1::tuple.  Needed for printing function arguments,
+// which are packed as tuples.
+
+// Overloaded PrintTo() for tuples of various arities.  We support
+// tuples of up-to 10 fields.  The following implementation works
+// regardless of whether tr1::tuple is implemented using the
+// non-standard variadic template feature or not.
+
+inline void PrintTo(const ::std::tr1::tuple<>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1>
+void PrintTo(const ::std::tr1::tuple<T1>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2>
+void PrintTo(const ::std::tr1::tuple<T1, T2>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7, T8>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8, typename T9>
+void PrintTo(const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9>& t,
+             ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8, typename T9, typename T10>
+void PrintTo(
+    const ::std::tr1::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10>& t,
+    ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_HAS_STD_TUPLE_
+template <typename... Types>
+void PrintTo(const ::std::tuple<Types...>& t, ::std::ostream* os) {
+  PrintTupleTo(t, os);
+}
+#endif  // GTEST_HAS_STD_TUPLE_
+
+// Overload for std::pair.
+template <typename T1, typename T2>
+void PrintTo(const ::std::pair<T1, T2>& value, ::std::ostream* os) {
+  *os << '(';
+  // We cannot use UniversalPrint(value.first, os) here, as T1 may be
+  // a reference type.  The same for printing value.second.
+  UniversalPrinter<T1>::Print(value.first, os);
+  *os << ", ";
+  UniversalPrinter<T2>::Print(value.second, os);
+  *os << ')';
+}
+
+// Implements printing a non-reference type T by letting the compiler
+// pick the right overload of PrintTo() for T.
+template <typename T>
+class UniversalPrinter {
+ public:
+  // MSVC warns about adding const to a function type, so we want to
+  // disable the warning.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4180)
+
+  // Note: we deliberately don't call this PrintTo(), as that name
+  // conflicts with ::testing::internal::PrintTo in the body of the
+  // function.
+  static void Print(const T& value, ::std::ostream* os) {
+    // By default, ::testing::internal::PrintTo() is used for printing
+    // the value.
+    //
+    // Thanks to Koenig look-up, if T is a class and has its own
+    // PrintTo() function defined in its namespace, that function will
+    // be visible here.  Since it is more specific than the generic ones
+    // in ::testing::internal, it will be picked by the compiler in the
+    // following statement - exactly what we want.
+    PrintTo(value, os);
+  }
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+};
+
+// UniversalPrintArray(begin, len, os) prints an array of 'len'
+// elements, starting at address 'begin'.
+template <typename T>
+void UniversalPrintArray(const T* begin, size_t len, ::std::ostream* os) {
+  if (len == 0) {
+    *os << "{}";
+  } else {
+    *os << "{ ";
+    const size_t kThreshold = 18;
+    const size_t kChunkSize = 8;
+    // If the array has more than kThreshold elements, we'll have to
+    // omit some details by printing only the first and the last
+    // kChunkSize elements.
+    // TODO(wan@google.com): let the user control the threshold using a flag.
+    if (len <= kThreshold) {
+      PrintRawArrayTo(begin, len, os);
+    } else {
+      PrintRawArrayTo(begin, kChunkSize, os);
+      *os << ", ..., ";
+      PrintRawArrayTo(begin + len - kChunkSize, kChunkSize, os);
+    }
+    *os << " }";
+  }
+}
+// This overload prints a (const) char array compactly.
+GTEST_API_ void UniversalPrintArray(
+    const char* begin, size_t len, ::std::ostream* os);
+
+// This overload prints a (const) wchar_t array compactly.
+GTEST_API_ void UniversalPrintArray(
+    const wchar_t* begin, size_t len, ::std::ostream* os);
+
+// Implements printing an array type T[N].
+template <typename T, size_t N>
+class UniversalPrinter<T[N]> {
+ public:
+  // Prints the given array, omitting some elements when there are too
+  // many.
+  static void Print(const T (&a)[N], ::std::ostream* os) {
+    UniversalPrintArray(a, N, os);
+  }
+};
+
+// Implements printing a reference type T&.
+template <typename T>
+class UniversalPrinter<T&> {
+ public:
+  // MSVC warns about adding const to a function type, so we want to
+  // disable the warning.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4180)
+
+  static void Print(const T& value, ::std::ostream* os) {
+    // Prints the address of the value.  We use reinterpret_cast here
+    // as static_cast doesn't compile when T is a function type.
+    *os << "@" << reinterpret_cast<const void*>(&value) << " ";
+
+    // Then prints the value itself.
+    UniversalPrint(value, os);
+  }
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+};
+
+// Prints a value tersely: for a reference type, the referenced value
+// (but not the address) is printed; for a (const) char pointer, the
+// NUL-terminated string (but not the pointer) is printed.
+
+template <typename T>
+class UniversalTersePrinter {
+ public:
+  static void Print(const T& value, ::std::ostream* os) {
+    UniversalPrint(value, os);
+  }
+};
+template <typename T>
+class UniversalTersePrinter<T&> {
+ public:
+  static void Print(const T& value, ::std::ostream* os) {
+    UniversalPrint(value, os);
+  }
+};
+template <typename T, size_t N>
+class UniversalTersePrinter<T[N]> {
+ public:
+  static void Print(const T (&value)[N], ::std::ostream* os) {
+    UniversalPrinter<T[N]>::Print(value, os);
+  }
+};
+template <>
+class UniversalTersePrinter<const char*> {
+ public:
+  static void Print(const char* str, ::std::ostream* os) {
+    if (str == NULL) {
+      *os << "NULL";
+    } else {
+      UniversalPrint(string(str), os);
+    }
+  }
+};
+template <>
+class UniversalTersePrinter<char*> {
+ public:
+  static void Print(char* str, ::std::ostream* os) {
+    UniversalTersePrinter<const char*>::Print(str, os);
+  }
+};
+
+#if GTEST_HAS_STD_WSTRING
+template <>
+class UniversalTersePrinter<const wchar_t*> {
+ public:
+  static void Print(const wchar_t* str, ::std::ostream* os) {
+    if (str == NULL) {
+      *os << "NULL";
+    } else {
+      UniversalPrint(::std::wstring(str), os);
+    }
+  }
+};
+#endif
+
+template <>
+class UniversalTersePrinter<wchar_t*> {
+ public:
+  static void Print(wchar_t* str, ::std::ostream* os) {
+    UniversalTersePrinter<const wchar_t*>::Print(str, os);
+  }
+};
+
+template <typename T>
+void UniversalTersePrint(const T& value, ::std::ostream* os) {
+  UniversalTersePrinter<T>::Print(value, os);
+}
+
+// Prints a value using the type inferred by the compiler.  The
+// difference between this and UniversalTersePrint() is that for a
+// (const) char pointer, this prints both the pointer and the
+// NUL-terminated string.
+template <typename T>
+void UniversalPrint(const T& value, ::std::ostream* os) {
+  // A workarond for the bug in VC++ 7.1 that prevents us from instantiating
+  // UniversalPrinter with T directly.
+  typedef T T1;
+  UniversalPrinter<T1>::Print(value, os);
+}
+
+typedef ::std::vector<string> Strings;
+
+// TuplePolicy<TupleT> must provide:
+// - tuple_size
+//     size of tuple TupleT.
+// - get<size_t I>(const TupleT& t)
+//     static function extracting element I of tuple TupleT.
+// - tuple_element<size_t I>::type
+//     type of element I of tuple TupleT.
+template <typename TupleT>
+struct TuplePolicy;
+
+#if GTEST_HAS_TR1_TUPLE
+template <typename TupleT>
+struct TuplePolicy {
+  typedef TupleT Tuple;
+  static const size_t tuple_size = ::std::tr1::tuple_size<Tuple>::value;
+
+  template <size_t I>
+  struct tuple_element : ::std::tr1::tuple_element<I, Tuple> {};
+
+  template <size_t I>
+  static typename AddReference<
+      const typename ::std::tr1::tuple_element<I, Tuple>::type>::type get(
+      const Tuple& tuple) {
+    return ::std::tr1::get<I>(tuple);
+  }
+};
+template <typename TupleT>
+const size_t TuplePolicy<TupleT>::tuple_size;
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_HAS_STD_TUPLE_
+template <typename... Types>
+struct TuplePolicy< ::std::tuple<Types...> > {
+  typedef ::std::tuple<Types...> Tuple;
+  static const size_t tuple_size = ::std::tuple_size<Tuple>::value;
+
+  template <size_t I>
+  struct tuple_element : ::std::tuple_element<I, Tuple> {};
+
+  template <size_t I>
+  static const typename ::std::tuple_element<I, Tuple>::type& get(
+      const Tuple& tuple) {
+    return ::std::get<I>(tuple);
+  }
+};
+template <typename... Types>
+const size_t TuplePolicy< ::std::tuple<Types...> >::tuple_size;
+#endif  // GTEST_HAS_STD_TUPLE_
+
+#if GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+// This helper template allows PrintTo() for tuples and
+// UniversalTersePrintTupleFieldsToStrings() to be defined by
+// induction on the number of tuple fields.  The idea is that
+// TuplePrefixPrinter<N>::PrintPrefixTo(t, os) prints the first N
+// fields in tuple t, and can be defined in terms of
+// TuplePrefixPrinter<N - 1>.
+//
+// The inductive case.
+template <size_t N>
+struct TuplePrefixPrinter {
+  // Prints the first N fields of a tuple.
+  template <typename Tuple>
+  static void PrintPrefixTo(const Tuple& t, ::std::ostream* os) {
+    TuplePrefixPrinter<N - 1>::PrintPrefixTo(t, os);
+    GTEST_INTENTIONAL_CONST_COND_PUSH_()
+    if (N > 1) {
+    GTEST_INTENTIONAL_CONST_COND_POP_()
+      *os << ", ";
+    }
+    UniversalPrinter<
+        typename TuplePolicy<Tuple>::template tuple_element<N - 1>::type>
+        ::Print(TuplePolicy<Tuple>::template get<N - 1>(t), os);
+  }
+
+  // Tersely prints the first N fields of a tuple to a string vector,
+  // one element for each field.
+  template <typename Tuple>
+  static void TersePrintPrefixToStrings(const Tuple& t, Strings* strings) {
+    TuplePrefixPrinter<N - 1>::TersePrintPrefixToStrings(t, strings);
+    ::std::stringstream ss;
+    UniversalTersePrint(TuplePolicy<Tuple>::template get<N - 1>(t), &ss);
+    strings->push_back(ss.str());
+  }
+};
+
+// Base case.
+template <>
+struct TuplePrefixPrinter<0> {
+  template <typename Tuple>
+  static void PrintPrefixTo(const Tuple&, ::std::ostream*) {}
+
+  template <typename Tuple>
+  static void TersePrintPrefixToStrings(const Tuple&, Strings*) {}
+};
+
+// Helper function for printing a tuple.
+// Tuple must be either std::tr1::tuple or std::tuple type.
+template <typename Tuple>
+void PrintTupleTo(const Tuple& t, ::std::ostream* os) {
+  *os << "(";
+  TuplePrefixPrinter<TuplePolicy<Tuple>::tuple_size>::PrintPrefixTo(t, os);
+  *os << ")";
+}
+
+// Prints the fields of a tuple tersely to a string vector, one
+// element for each field.  See the comment before
+// UniversalTersePrint() for how we define "tersely".
+template <typename Tuple>
+Strings UniversalTersePrintTupleFieldsToStrings(const Tuple& value) {
+  Strings result;
+  TuplePrefixPrinter<TuplePolicy<Tuple>::tuple_size>::
+      TersePrintPrefixToStrings(value, &result);
+  return result;
+}
+#endif  // GTEST_HAS_TR1_TUPLE || GTEST_HAS_STD_TUPLE_
+
+}  // namespace internal
+
+template <typename T>
+::std::string PrintToString(const T& value) {
+  ::std::stringstream ss;
+  internal::UniversalTersePrinter<T>::Print(value, &ss);
+  return ss.str();
+}
+
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PRINTERS_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-spi.h b/nss/gtests/google_test/gtest/include/gtest/gtest-spi.h
new file mode 100644
index 0000000..f63fa9a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-spi.h
@@ -0,0 +1,232 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Utilities for testing Google Test itself and code that uses Google Test
+// (e.g. frameworks built on top of Google Test).
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_SPI_H_
+#define GTEST_INCLUDE_GTEST_GTEST_SPI_H_
+
+#include "gtest/gtest.h"
+
+namespace testing {
+
+// This helper class can be used to mock out Google Test failure reporting
+// so that we can test Google Test or code that builds on Google Test.
+//
+// An object of this class appends a TestPartResult object to the
+// TestPartResultArray object given in the constructor whenever a Google Test
+// failure is reported. It can either intercept only failures that are
+// generated in the same thread that created this object or it can intercept
+// all generated failures. The scope of this mock object can be controlled with
+// the second argument to the two arguments constructor.
+class GTEST_API_ ScopedFakeTestPartResultReporter
+    : public TestPartResultReporterInterface {
+ public:
+  // The two possible mocking modes of this object.
+  enum InterceptMode {
+    INTERCEPT_ONLY_CURRENT_THREAD,  // Intercepts only thread local failures.
+    INTERCEPT_ALL_THREADS           // Intercepts all failures.
+  };
+
+  // The c'tor sets this object as the test part result reporter used
+  // by Google Test.  The 'result' parameter specifies where to report the
+  // results. This reporter will only catch failures generated in the current
+  // thread. DEPRECATED
+  explicit ScopedFakeTestPartResultReporter(TestPartResultArray* result);
+
+  // Same as above, but you can choose the interception scope of this object.
+  ScopedFakeTestPartResultReporter(InterceptMode intercept_mode,
+                                   TestPartResultArray* result);
+
+  // The d'tor restores the previous test part result reporter.
+  virtual ~ScopedFakeTestPartResultReporter();
+
+  // Appends the TestPartResult object to the TestPartResultArray
+  // received in the constructor.
+  //
+  // This method is from the TestPartResultReporterInterface
+  // interface.
+  virtual void ReportTestPartResult(const TestPartResult& result);
+ private:
+  void Init();
+
+  const InterceptMode intercept_mode_;
+  TestPartResultReporterInterface* old_reporter_;
+  TestPartResultArray* const result_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ScopedFakeTestPartResultReporter);
+};
+
+namespace internal {
+
+// A helper class for implementing EXPECT_FATAL_FAILURE() and
+// EXPECT_NONFATAL_FAILURE().  Its destructor verifies that the given
+// TestPartResultArray contains exactly one failure that has the given
+// type and contains the given substring.  If that's not the case, a
+// non-fatal failure will be generated.
+class GTEST_API_ SingleFailureChecker {
+ public:
+  // The constructor remembers the arguments.
+  SingleFailureChecker(const TestPartResultArray* results,
+                       TestPartResult::Type type,
+                       const string& substr);
+  ~SingleFailureChecker();
+ private:
+  const TestPartResultArray* const results_;
+  const TestPartResult::Type type_;
+  const string substr_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(SingleFailureChecker);
+};
+
+}  // namespace internal
+
+}  // namespace testing
+
+// A set of macros for testing Google Test assertions or code that's expected
+// to generate Google Test fatal failures.  It verifies that the given
+// statement will cause exactly one fatal Google Test failure with 'substr'
+// being part of the failure message.
+//
+// There are two different versions of this macro. EXPECT_FATAL_FAILURE only
+// affects and considers failures generated in the current thread and
+// EXPECT_FATAL_FAILURE_ON_ALL_THREADS does the same but for all threads.
+//
+// The verification of the assertion is done correctly even when the statement
+// throws an exception or aborts the current function.
+//
+// Known restrictions:
+//   - 'statement' cannot reference local non-static variables or
+//     non-static members of the current object.
+//   - 'statement' cannot return a value.
+//   - You cannot stream a failure message to this macro.
+//
+// Note that even though the implementations of the following two
+// macros are much alike, we cannot refactor them to use a common
+// helper macro, due to some peculiarity in how the preprocessor
+// works.  The AcceptsMacroThatExpandsToUnprotectedComma test in
+// gtest_unittest.cc will fail to compile if we do that.
+#define EXPECT_FATAL_FAILURE(statement, substr) \
+  do { \
+    class GTestExpectFatalFailureHelper {\
+     public:\
+      static void Execute() { statement; }\
+    };\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kFatalFailure, (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter:: \
+          INTERCEPT_ONLY_CURRENT_THREAD, &gtest_failures);\
+      GTestExpectFatalFailureHelper::Execute();\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+#define EXPECT_FATAL_FAILURE_ON_ALL_THREADS(statement, substr) \
+  do { \
+    class GTestExpectFatalFailureHelper {\
+     public:\
+      static void Execute() { statement; }\
+    };\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kFatalFailure, (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter:: \
+          INTERCEPT_ALL_THREADS, &gtest_failures);\
+      GTestExpectFatalFailureHelper::Execute();\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+// A macro for testing Google Test assertions or code that's expected to
+// generate Google Test non-fatal failures.  It asserts that the given
+// statement will cause exactly one non-fatal Google Test failure with 'substr'
+// being part of the failure message.
+//
+// There are two different versions of this macro. EXPECT_NONFATAL_FAILURE only
+// affects and considers failures generated in the current thread and
+// EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS does the same but for all threads.
+//
+// 'statement' is allowed to reference local variables and members of
+// the current object.
+//
+// The verification of the assertion is done correctly even when the statement
+// throws an exception or aborts the current function.
+//
+// Known restrictions:
+//   - You cannot stream a failure message to this macro.
+//
+// Note that even though the implementations of the following two
+// macros are much alike, we cannot refactor them to use a common
+// helper macro, due to some peculiarity in how the preprocessor
+// works.  If we do that, the code won't compile when the user gives
+// EXPECT_NONFATAL_FAILURE() a statement that contains a macro that
+// expands to code containing an unprotected comma.  The
+// AcceptsMacroThatExpandsToUnprotectedComma test in gtest_unittest.cc
+// catches that.
+//
+// For the same reason, we have to write
+//   if (::testing::internal::AlwaysTrue()) { statement; }
+// instead of
+//   GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement)
+// to avoid an MSVC warning on unreachable code.
+#define EXPECT_NONFATAL_FAILURE(statement, substr) \
+  do {\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kNonFatalFailure, \
+        (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter:: \
+          INTERCEPT_ONLY_CURRENT_THREAD, &gtest_failures);\
+      if (::testing::internal::AlwaysTrue()) { statement; }\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+#define EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(statement, substr) \
+  do {\
+    ::testing::TestPartResultArray gtest_failures;\
+    ::testing::internal::SingleFailureChecker gtest_checker(\
+        &gtest_failures, ::testing::TestPartResult::kNonFatalFailure, \
+        (substr));\
+    {\
+      ::testing::ScopedFakeTestPartResultReporter gtest_reporter(\
+          ::testing::ScopedFakeTestPartResultReporter::INTERCEPT_ALL_THREADS, \
+          &gtest_failures);\
+      if (::testing::internal::AlwaysTrue()) { statement; }\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_SPI_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-test-part.h b/nss/gtests/google_test/gtest/include/gtest/gtest-test-part.h
new file mode 100644
index 0000000..77eb844
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-test-part.h
@@ -0,0 +1,179 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_TEST_PART_H_
+#define GTEST_INCLUDE_GTEST_GTEST_TEST_PART_H_
+
+#include <iosfwd>
+#include <vector>
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-string.h"
+
+namespace testing {
+
+// A copyable object representing the result of a test part (i.e. an
+// assertion or an explicit FAIL(), ADD_FAILURE(), or SUCCESS()).
+//
+// Don't inherit from TestPartResult as its destructor is not virtual.
+class GTEST_API_ TestPartResult {
+ public:
+  // The possible outcomes of a test part (i.e. an assertion or an
+  // explicit SUCCEED(), FAIL(), or ADD_FAILURE()).
+  enum Type {
+    kSuccess,          // Succeeded.
+    kNonFatalFailure,  // Failed but the test can continue.
+    kFatalFailure      // Failed and the test should be terminated.
+  };
+
+  // C'tor.  TestPartResult does NOT have a default constructor.
+  // Always use this constructor (with parameters) to create a
+  // TestPartResult object.
+  TestPartResult(Type a_type,
+                 const char* a_file_name,
+                 int a_line_number,
+                 const char* a_message)
+      : type_(a_type),
+        file_name_(a_file_name == NULL ? "" : a_file_name),
+        line_number_(a_line_number),
+        summary_(ExtractSummary(a_message)),
+        message_(a_message) {
+  }
+
+  // Gets the outcome of the test part.
+  Type type() const { return type_; }
+
+  // Gets the name of the source file where the test part took place, or
+  // NULL if it's unknown.
+  const char* file_name() const {
+    return file_name_.empty() ? NULL : file_name_.c_str();
+  }
+
+  // Gets the line in the source file where the test part took place,
+  // or -1 if it's unknown.
+  int line_number() const { return line_number_; }
+
+  // Gets the summary of the failure message.
+  const char* summary() const { return summary_.c_str(); }
+
+  // Gets the message associated with the test part.
+  const char* message() const { return message_.c_str(); }
+
+  // Returns true iff the test part passed.
+  bool passed() const { return type_ == kSuccess; }
+
+  // Returns true iff the test part failed.
+  bool failed() const { return type_ != kSuccess; }
+
+  // Returns true iff the test part non-fatally failed.
+  bool nonfatally_failed() const { return type_ == kNonFatalFailure; }
+
+  // Returns true iff the test part fatally failed.
+  bool fatally_failed() const { return type_ == kFatalFailure; }
+
+ private:
+  Type type_;
+
+  // Gets the summary of the failure message by omitting the stack
+  // trace in it.
+  static std::string ExtractSummary(const char* message);
+
+  // The name of the source file where the test part took place, or
+  // "" if the source file is unknown.
+  std::string file_name_;
+  // The line in the source file where the test part took place, or -1
+  // if the line number is unknown.
+  int line_number_;
+  std::string summary_;  // The test failure summary.
+  std::string message_;  // The test failure message.
+};
+
+// Prints a TestPartResult object.
+std::ostream& operator<<(std::ostream& os, const TestPartResult& result);
+
+// An array of TestPartResult objects.
+//
+// Don't inherit from TestPartResultArray as its destructor is not
+// virtual.
+class GTEST_API_ TestPartResultArray {
+ public:
+  TestPartResultArray() {}
+
+  // Appends the given TestPartResult to the array.
+  void Append(const TestPartResult& result);
+
+  // Returns the TestPartResult at the given index (0-based).
+  const TestPartResult& GetTestPartResult(int index) const;
+
+  // Returns the number of TestPartResult objects in the array.
+  int size() const;
+
+ private:
+  std::vector<TestPartResult> array_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestPartResultArray);
+};
+
+// This interface knows how to report a test part result.
+class TestPartResultReporterInterface {
+ public:
+  virtual ~TestPartResultReporterInterface() {}
+
+  virtual void ReportTestPartResult(const TestPartResult& result) = 0;
+};
+
+namespace internal {
+
+// This helper class is used by {ASSERT|EXPECT}_NO_FATAL_FAILURE to check if a
+// statement generates new fatal failures. To do so it registers itself as the
+// current test part result reporter. Besides checking if fatal failures were
+// reported, it only delegates the reporting to the former result reporter.
+// The original result reporter is restored in the destructor.
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+class GTEST_API_ HasNewFatalFailureHelper
+    : public TestPartResultReporterInterface {
+ public:
+  HasNewFatalFailureHelper();
+  virtual ~HasNewFatalFailureHelper();
+  virtual void ReportTestPartResult(const TestPartResult& result);
+  bool has_new_fatal_failure() const { return has_new_fatal_failure_; }
+ private:
+  bool has_new_fatal_failure_;
+  TestPartResultReporterInterface* original_reporter_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(HasNewFatalFailureHelper);
+};
+
+}  // namespace internal
+
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_TEST_PART_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest-typed-test.h b/nss/gtests/google_test/gtest/include/gtest/gtest-typed-test.h
new file mode 100644
index 0000000..fe1e83b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest-typed-test.h
@@ -0,0 +1,259 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_TYPED_TEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_TYPED_TEST_H_
+
+// This header implements typed tests and type-parameterized tests.
+
+// Typed (aka type-driven) tests repeat the same test for types in a
+// list.  You must know which types you want to test with when writing
+// typed tests. Here's how you do it:
+
+#if 0
+
+// First, define a fixture class template.  It should be parameterized
+// by a type.  Remember to derive it from testing::Test.
+template <typename T>
+class FooTest : public testing::Test {
+ public:
+  ...
+  typedef std::list<T> List;
+  static T shared_;
+  T value_;
+};
+
+// Next, associate a list of types with the test case, which will be
+// repeated for each type in the list.  The typedef is necessary for
+// the macro to parse correctly.
+typedef testing::Types<char, int, unsigned int> MyTypes;
+TYPED_TEST_CASE(FooTest, MyTypes);
+
+// If the type list contains only one type, you can write that type
+// directly without Types<...>:
+//   TYPED_TEST_CASE(FooTest, int);
+
+// Then, use TYPED_TEST() instead of TEST_F() to define as many typed
+// tests for this test case as you want.
+TYPED_TEST(FooTest, DoesBlah) {
+  // Inside a test, refer to TypeParam to get the type parameter.
+  // Since we are inside a derived class template, C++ requires use to
+  // visit the members of FooTest via 'this'.
+  TypeParam n = this->value_;
+
+  // To visit static members of the fixture, add the TestFixture::
+  // prefix.
+  n += TestFixture::shared_;
+
+  // To refer to typedefs in the fixture, add the "typename
+  // TestFixture::" prefix.
+  typename TestFixture::List values;
+  values.push_back(n);
+  ...
+}
+
+TYPED_TEST(FooTest, HasPropertyA) { ... }
+
+#endif  // 0
+
+// Type-parameterized tests are abstract test patterns parameterized
+// by a type.  Compared with typed tests, type-parameterized tests
+// allow you to define the test pattern without knowing what the type
+// parameters are.  The defined pattern can be instantiated with
+// different types any number of times, in any number of translation
+// units.
+//
+// If you are designing an interface or concept, you can define a
+// suite of type-parameterized tests to verify properties that any
+// valid implementation of the interface/concept should have.  Then,
+// each implementation can easily instantiate the test suite to verify
+// that it conforms to the requirements, without having to write
+// similar tests repeatedly.  Here's an example:
+
+#if 0
+
+// First, define a fixture class template.  It should be parameterized
+// by a type.  Remember to derive it from testing::Test.
+template <typename T>
+class FooTest : public testing::Test {
+  ...
+};
+
+// Next, declare that you will define a type-parameterized test case
+// (the _P suffix is for "parameterized" or "pattern", whichever you
+// prefer):
+TYPED_TEST_CASE_P(FooTest);
+
+// Then, use TYPED_TEST_P() to define as many type-parameterized tests
+// for this type-parameterized test case as you want.
+TYPED_TEST_P(FooTest, DoesBlah) {
+  // Inside a test, refer to TypeParam to get the type parameter.
+  TypeParam n = 0;
+  ...
+}
+
+TYPED_TEST_P(FooTest, HasPropertyA) { ... }
+
+// Now the tricky part: you need to register all test patterns before
+// you can instantiate them.  The first argument of the macro is the
+// test case name; the rest are the names of the tests in this test
+// case.
+REGISTER_TYPED_TEST_CASE_P(FooTest,
+                           DoesBlah, HasPropertyA);
+
+// Finally, you are free to instantiate the pattern with the types you
+// want.  If you put the above code in a header file, you can #include
+// it in multiple C++ source files and instantiate it multiple times.
+//
+// To distinguish different instances of the pattern, the first
+// argument to the INSTANTIATE_* macro is a prefix that will be added
+// to the actual test case name.  Remember to pick unique prefixes for
+// different instances.
+typedef testing::Types<char, int, unsigned int> MyTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(My, FooTest, MyTypes);
+
+// If the type list contains only one type, you can write that type
+// directly without Types<...>:
+//   INSTANTIATE_TYPED_TEST_CASE_P(My, FooTest, int);
+
+#endif  // 0
+
+#include "gtest/internal/gtest-port.h"
+#include "gtest/internal/gtest-type-util.h"
+
+// Implements typed tests.
+
+#if GTEST_HAS_TYPED_TEST
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Expands to the name of the typedef for the type parameters of the
+// given test case.
+# define GTEST_TYPE_PARAMS_(TestCaseName) gtest_type_params_##TestCaseName##_
+
+// The 'Types' template argument below must have spaces around it
+// since some compilers may choke on '>>' when passing a template
+// instance (e.g. Types<int>)
+# define TYPED_TEST_CASE(CaseName, Types) \
+  typedef ::testing::internal::TypeList< Types >::type \
+      GTEST_TYPE_PARAMS_(CaseName)
+
+# define TYPED_TEST(CaseName, TestName) \
+  template <typename gtest_TypeParam_> \
+  class GTEST_TEST_CLASS_NAME_(CaseName, TestName) \
+      : public CaseName<gtest_TypeParam_> { \
+   private: \
+    typedef CaseName<gtest_TypeParam_> TestFixture; \
+    typedef gtest_TypeParam_ TypeParam; \
+    virtual void TestBody(); \
+  }; \
+  bool gtest_##CaseName##_##TestName##_registered_ GTEST_ATTRIBUTE_UNUSED_ = \
+      ::testing::internal::TypeParameterizedTest< \
+          CaseName, \
+          ::testing::internal::TemplateSel< \
+              GTEST_TEST_CLASS_NAME_(CaseName, TestName)>, \
+          GTEST_TYPE_PARAMS_(CaseName)>::Register(\
+              "", #CaseName, #TestName, 0); \
+  template <typename gtest_TypeParam_> \
+  void GTEST_TEST_CLASS_NAME_(CaseName, TestName)<gtest_TypeParam_>::TestBody()
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// Implements type-parameterized tests.
+
+#if GTEST_HAS_TYPED_TEST_P
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Expands to the namespace name that the type-parameterized tests for
+// the given type-parameterized test case are defined in.  The exact
+// name of the namespace is subject to change without notice.
+# define GTEST_CASE_NAMESPACE_(TestCaseName) \
+  gtest_case_##TestCaseName##_
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Expands to the name of the variable used to remember the names of
+// the defined tests in the given test case.
+# define GTEST_TYPED_TEST_CASE_P_STATE_(TestCaseName) \
+  gtest_typed_test_case_p_state_##TestCaseName##_
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE DIRECTLY.
+//
+// Expands to the name of the variable used to remember the names of
+// the registered tests in the given test case.
+# define GTEST_REGISTERED_TEST_NAMES_(TestCaseName) \
+  gtest_registered_test_names_##TestCaseName##_
+
+// The variables defined in the type-parameterized test macros are
+// static as typically these macros are used in a .h file that can be
+// #included in multiple translation units linked together.
+# define TYPED_TEST_CASE_P(CaseName) \
+  static ::testing::internal::TypedTestCasePState \
+      GTEST_TYPED_TEST_CASE_P_STATE_(CaseName)
+
+# define TYPED_TEST_P(CaseName, TestName) \
+  namespace GTEST_CASE_NAMESPACE_(CaseName) { \
+  template <typename gtest_TypeParam_> \
+  class TestName : public CaseName<gtest_TypeParam_> { \
+   private: \
+    typedef CaseName<gtest_TypeParam_> TestFixture; \
+    typedef gtest_TypeParam_ TypeParam; \
+    virtual void TestBody(); \
+  }; \
+  static bool gtest_##TestName##_defined_ GTEST_ATTRIBUTE_UNUSED_ = \
+      GTEST_TYPED_TEST_CASE_P_STATE_(CaseName).AddTestName(\
+          __FILE__, __LINE__, #CaseName, #TestName); \
+  } \
+  template <typename gtest_TypeParam_> \
+  void GTEST_CASE_NAMESPACE_(CaseName)::TestName<gtest_TypeParam_>::TestBody()
+
+# define REGISTER_TYPED_TEST_CASE_P(CaseName, ...) \
+  namespace GTEST_CASE_NAMESPACE_(CaseName) { \
+  typedef ::testing::internal::Templates<__VA_ARGS__>::type gtest_AllTests_; \
+  } \
+  static const char* const GTEST_REGISTERED_TEST_NAMES_(CaseName) = \
+      GTEST_TYPED_TEST_CASE_P_STATE_(CaseName).VerifyRegisteredTestNames(\
+          __FILE__, __LINE__, #__VA_ARGS__)
+
+// The 'Types' template argument below must have spaces around it
+// since some compilers may choke on '>>' when passing a template
+// instance (e.g. Types<int>)
+# define INSTANTIATE_TYPED_TEST_CASE_P(Prefix, CaseName, Types) \
+  bool gtest_##Prefix##_##CaseName GTEST_ATTRIBUTE_UNUSED_ = \
+      ::testing::internal::TypeParameterizedTestCase<CaseName, \
+          GTEST_CASE_NAMESPACE_(CaseName)::gtest_AllTests_, \
+          ::testing::internal::TypeList< Types >::type>::Register(\
+              #Prefix, #CaseName, GTEST_REGISTERED_TEST_NAMES_(CaseName))
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_TYPED_TEST_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest.h b/nss/gtests/google_test/gtest/include/gtest/gtest.h
new file mode 100644
index 0000000..38ca3e9
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest.h
@@ -0,0 +1,2307 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines the public API for Google Test.  It should be
+// included by any test program that uses Google Test.
+//
+// IMPORTANT NOTE: Due to limitation of the C++ language, we have to
+// leave some internal implementation details in this header file.
+// They are clearly marked by comments like this:
+//
+//   // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+//
+// Such code is NOT meant to be used by a user directly, and is subject
+// to CHANGE WITHOUT NOTICE.  Therefore DO NOT DEPEND ON IT in a user
+// program!
+//
+// Acknowledgment: Google Test borrowed the idea of automatic test
+// registration from Barthelemy Dagenais' (barthelemy@prologique.com)
+// easyUnit framework.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_H_
+#define GTEST_INCLUDE_GTEST_GTEST_H_
+
+#include <limits>
+#include <ostream>
+#include <vector>
+
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-string.h"
+#include "gtest/gtest-death-test.h"
+#include "gtest/gtest-message.h"
+#include "gtest/gtest-param-test.h"
+#include "gtest/gtest-printers.h"
+#include "gtest/gtest_prod.h"
+#include "gtest/gtest-test-part.h"
+#include "gtest/gtest-typed-test.h"
+
+// Depending on the platform, different string classes are available.
+// On Linux, in addition to ::std::string, Google also makes use of
+// class ::string, which has the same interface as ::std::string, but
+// has a different implementation.
+//
+// You can define GTEST_HAS_GLOBAL_STRING to 1 to indicate that
+// ::string is available AND is a distinct type to ::std::string, or
+// define it to 0 to indicate otherwise.
+//
+// If ::std::string and ::string are the same class on your platform
+// due to aliasing, you should define GTEST_HAS_GLOBAL_STRING to 0.
+//
+// If you do not define GTEST_HAS_GLOBAL_STRING, it is defined
+// heuristically.
+
+namespace testing {
+
+// Declares the flags.
+
+// This flag temporary enables the disabled tests.
+GTEST_DECLARE_bool_(also_run_disabled_tests);
+
+// This flag brings the debugger on an assertion failure.
+GTEST_DECLARE_bool_(break_on_failure);
+
+// This flag controls whether Google Test catches all test-thrown exceptions
+// and logs them as failures.
+GTEST_DECLARE_bool_(catch_exceptions);
+
+// This flag enables using colors in terminal output. Available values are
+// "yes" to enable colors, "no" (disable colors), or "auto" (the default)
+// to let Google Test decide.
+GTEST_DECLARE_string_(color);
+
+// This flag sets up the filter to select by name using a glob pattern
+// the tests to run. If the filter is not given all tests are executed.
+GTEST_DECLARE_string_(filter);
+
+// This flag causes the Google Test to list tests. None of the tests listed
+// are actually run if the flag is provided.
+GTEST_DECLARE_bool_(list_tests);
+
+// This flag controls whether Google Test emits a detailed XML report to a file
+// in addition to its normal textual output.
+GTEST_DECLARE_string_(output);
+
+// This flags control whether Google Test prints the elapsed time for each
+// test.
+GTEST_DECLARE_bool_(print_time);
+
+// This flag specifies the random number seed.
+GTEST_DECLARE_int32_(random_seed);
+
+// This flag sets how many times the tests are repeated. The default value
+// is 1. If the value is -1 the tests are repeating forever.
+GTEST_DECLARE_int32_(repeat);
+
+// This flag controls whether Google Test includes Google Test internal
+// stack frames in failure stack traces.
+GTEST_DECLARE_bool_(show_internal_stack_frames);
+
+// When this flag is specified, tests' order is randomized on every iteration.
+GTEST_DECLARE_bool_(shuffle);
+
+// This flag specifies the maximum number of stack frames to be
+// printed in a failure message.
+GTEST_DECLARE_int32_(stack_trace_depth);
+
+// When this flag is specified, a failed assertion will throw an
+// exception if exceptions are enabled, or exit the program with a
+// non-zero code otherwise.
+GTEST_DECLARE_bool_(throw_on_failure);
+
+// When this flag is set with a "host:port" string, on supported
+// platforms test results are streamed to the specified port on
+// the specified host machine.
+GTEST_DECLARE_string_(stream_result_to);
+
+// The upper limit for valid stack trace depths.
+const int kMaxStackTraceDepth = 100;
+
+namespace internal {
+
+class AssertHelper;
+class DefaultGlobalTestPartResultReporter;
+class ExecDeathTest;
+class NoExecDeathTest;
+class FinalSuccessChecker;
+class GTestFlagSaver;
+class StreamingListenerTest;
+class TestResultAccessor;
+class TestEventListenersAccessor;
+class TestEventRepeater;
+class UnitTestRecordPropertyTestHelper;
+class WindowsDeathTest;
+class UnitTestImpl* GetUnitTestImpl();
+void ReportFailureInUnknownLocation(TestPartResult::Type result_type,
+                                    const std::string& message);
+
+}  // namespace internal
+
+// The friend relationship of some of these classes is cyclic.
+// If we don't forward declare them the compiler might confuse the classes
+// in friendship clauses with same named classes on the scope.
+class Test;
+class TestCase;
+class TestInfo;
+class UnitTest;
+
+// A class for indicating whether an assertion was successful.  When
+// the assertion wasn't successful, the AssertionResult object
+// remembers a non-empty message that describes how it failed.
+//
+// To create an instance of this class, use one of the factory functions
+// (AssertionSuccess() and AssertionFailure()).
+//
+// This class is useful for two purposes:
+//   1. Defining predicate functions to be used with Boolean test assertions
+//      EXPECT_TRUE/EXPECT_FALSE and their ASSERT_ counterparts
+//   2. Defining predicate-format functions to be
+//      used with predicate assertions (ASSERT_PRED_FORMAT*, etc).
+//
+// For example, if you define IsEven predicate:
+//
+//   testing::AssertionResult IsEven(int n) {
+//     if ((n % 2) == 0)
+//       return testing::AssertionSuccess();
+//     else
+//       return testing::AssertionFailure() << n << " is odd";
+//   }
+//
+// Then the failed expectation EXPECT_TRUE(IsEven(Fib(5)))
+// will print the message
+//
+//   Value of: IsEven(Fib(5))
+//     Actual: false (5 is odd)
+//   Expected: true
+//
+// instead of a more opaque
+//
+//   Value of: IsEven(Fib(5))
+//     Actual: false
+//   Expected: true
+//
+// in case IsEven is a simple Boolean predicate.
+//
+// If you expect your predicate to be reused and want to support informative
+// messages in EXPECT_FALSE and ASSERT_FALSE (negative assertions show up
+// about half as often as positive ones in our tests), supply messages for
+// both success and failure cases:
+//
+//   testing::AssertionResult IsEven(int n) {
+//     if ((n % 2) == 0)
+//       return testing::AssertionSuccess() << n << " is even";
+//     else
+//       return testing::AssertionFailure() << n << " is odd";
+//   }
+//
+// Then a statement EXPECT_FALSE(IsEven(Fib(6))) will print
+//
+//   Value of: IsEven(Fib(6))
+//     Actual: true (8 is even)
+//   Expected: false
+//
+// NB: Predicates that support negative Boolean assertions have reduced
+// performance in positive ones so be careful not to use them in tests
+// that have lots (tens of thousands) of positive Boolean assertions.
+//
+// To use this class with EXPECT_PRED_FORMAT assertions such as:
+//
+//   // Verifies that Foo() returns an even number.
+//   EXPECT_PRED_FORMAT1(IsEven, Foo());
+//
+// you need to define:
+//
+//   testing::AssertionResult IsEven(const char* expr, int n) {
+//     if ((n % 2) == 0)
+//       return testing::AssertionSuccess();
+//     else
+//       return testing::AssertionFailure()
+//         << "Expected: " << expr << " is even\n  Actual: it's " << n;
+//   }
+//
+// If Foo() returns 5, you will see the following message:
+//
+//   Expected: Foo() is even
+//     Actual: it's 5
+//
+class GTEST_API_ AssertionResult {
+ public:
+  // Copy constructor.
+  // Used in EXPECT_TRUE/FALSE(assertion_result).
+  AssertionResult(const AssertionResult& other);
+
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4800 /* forcing value to bool */)
+
+  // Used in the EXPECT_TRUE/FALSE(bool_expression).
+  //
+  // T must be contextually convertible to bool.
+  //
+  // The second parameter prevents this overload from being considered if
+  // the argument is implicitly convertible to AssertionResult. In that case
+  // we want AssertionResult's copy constructor to be used.
+  template <typename T>
+  explicit AssertionResult(
+      const T& success,
+      typename internal::EnableIf<
+          !internal::ImplicitlyConvertible<T, AssertionResult>::value>::type*
+          /*enabler*/ = NULL)
+      : success_(success) {}
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+  // Assignment operator.
+  AssertionResult& operator=(AssertionResult other) {
+    swap(other);
+    return *this;
+  }
+
+  // Returns true iff the assertion succeeded.
+  operator bool() const { return success_; }  // NOLINT
+
+  // Returns the assertion's negation. Used with EXPECT/ASSERT_FALSE.
+  AssertionResult operator!() const;
+
+  // Returns the text streamed into this AssertionResult. Test assertions
+  // use it when they fail (i.e., the predicate's outcome doesn't match the
+  // assertion's expectation). When nothing has been streamed into the
+  // object, returns an empty string.
+  const char* message() const {
+    return message_.get() != NULL ?  message_->c_str() : "";
+  }
+  // TODO(vladl@google.com): Remove this after making sure no clients use it.
+  // Deprecated; please use message() instead.
+  const char* failure_message() const { return message(); }
+
+  // Streams a custom failure message into this object.
+  template <typename T> AssertionResult& operator<<(const T& value) {
+    AppendMessage(Message() << value);
+    return *this;
+  }
+
+  // Allows streaming basic output manipulators such as endl or flush into
+  // this object.
+  AssertionResult& operator<<(
+      ::std::ostream& (*basic_manipulator)(::std::ostream& stream)) {
+    AppendMessage(Message() << basic_manipulator);
+    return *this;
+  }
+
+ private:
+  // Appends the contents of message to message_.
+  void AppendMessage(const Message& a_message) {
+    if (message_.get() == NULL)
+      message_.reset(new ::std::string);
+    message_->append(a_message.GetString().c_str());
+  }
+
+  // Swap the contents of this AssertionResult with other.
+  void swap(AssertionResult& other);
+
+  // Stores result of the assertion predicate.
+  bool success_;
+  // Stores the message describing the condition in case the expectation
+  // construct is not satisfied with the predicate's outcome.
+  // Referenced via a pointer to avoid taking too much stack frame space
+  // with test assertions.
+  internal::scoped_ptr< ::std::string> message_;
+};
+
+// Makes a successful assertion result.
+GTEST_API_ AssertionResult AssertionSuccess();
+
+// Makes a failed assertion result.
+GTEST_API_ AssertionResult AssertionFailure();
+
+// Makes a failed assertion result with the given failure message.
+// Deprecated; use AssertionFailure() << msg.
+GTEST_API_ AssertionResult AssertionFailure(const Message& msg);
+
+// The abstract class that all tests inherit from.
+//
+// In Google Test, a unit test program contains one or many TestCases, and
+// each TestCase contains one or many Tests.
+//
+// When you define a test using the TEST macro, you don't need to
+// explicitly derive from Test - the TEST macro automatically does
+// this for you.
+//
+// The only time you derive from Test is when defining a test fixture
+// to be used a TEST_F.  For example:
+//
+//   class FooTest : public testing::Test {
+//    protected:
+//     virtual void SetUp() { ... }
+//     virtual void TearDown() { ... }
+//     ...
+//   };
+//
+//   TEST_F(FooTest, Bar) { ... }
+//   TEST_F(FooTest, Baz) { ... }
+//
+// Test is not copyable.
+class GTEST_API_ Test {
+ public:
+  friend class TestInfo;
+
+  // Defines types for pointers to functions that set up and tear down
+  // a test case.
+  typedef internal::SetUpTestCaseFunc SetUpTestCaseFunc;
+  typedef internal::TearDownTestCaseFunc TearDownTestCaseFunc;
+
+  // The d'tor is virtual as we intend to inherit from Test.
+  virtual ~Test();
+
+  // Sets up the stuff shared by all tests in this test case.
+  //
+  // Google Test will call Foo::SetUpTestCase() before running the first
+  // test in test case Foo.  Hence a sub-class can define its own
+  // SetUpTestCase() method to shadow the one defined in the super
+  // class.
+  static void SetUpTestCase() {}
+
+  // Tears down the stuff shared by all tests in this test case.
+  //
+  // Google Test will call Foo::TearDownTestCase() after running the last
+  // test in test case Foo.  Hence a sub-class can define its own
+  // TearDownTestCase() method to shadow the one defined in the super
+  // class.
+  static void TearDownTestCase() {}
+
+  // Returns true iff the current test has a fatal failure.
+  static bool HasFatalFailure();
+
+  // Returns true iff the current test has a non-fatal failure.
+  static bool HasNonfatalFailure();
+
+  // Returns true iff the current test has a (either fatal or
+  // non-fatal) failure.
+  static bool HasFailure() { return HasFatalFailure() || HasNonfatalFailure(); }
+
+  // Logs a property for the current test, test case, or for the entire
+  // invocation of the test program when used outside of the context of a
+  // test case.  Only the last value for a given key is remembered.  These
+  // are public static so they can be called from utility functions that are
+  // not members of the test fixture.  Calls to RecordProperty made during
+  // lifespan of the test (from the moment its constructor starts to the
+  // moment its destructor finishes) will be output in XML as attributes of
+  // the <testcase> element.  Properties recorded from fixture's
+  // SetUpTestCase or TearDownTestCase are logged as attributes of the
+  // corresponding <testsuite> element.  Calls to RecordProperty made in the
+  // global context (before or after invocation of RUN_ALL_TESTS and from
+  // SetUp/TearDown method of Environment objects registered with Google
+  // Test) will be output as attributes of the <testsuites> element.
+  static void RecordProperty(const std::string& key, const std::string& value);
+  static void RecordProperty(const std::string& key, int value);
+
+ protected:
+  // Creates a Test object.
+  Test();
+
+  // Sets up the test fixture.
+  virtual void SetUp();
+
+  // Tears down the test fixture.
+  virtual void TearDown();
+
+ private:
+  // Returns true iff the current test has the same fixture class as
+  // the first test in the current test case.
+  static bool HasSameFixtureClass();
+
+  // Runs the test after the test fixture has been set up.
+  //
+  // A sub-class must implement this to define the test logic.
+  //
+  // DO NOT OVERRIDE THIS FUNCTION DIRECTLY IN A USER PROGRAM.
+  // Instead, use the TEST or TEST_F macro.
+  virtual void TestBody() = 0;
+
+  // Sets up, executes, and tears down the test.
+  void Run();
+
+  // Deletes self.  We deliberately pick an unusual name for this
+  // internal method to avoid clashing with names used in user TESTs.
+  void DeleteSelf_() { delete this; }
+
+  // Uses a GTestFlagSaver to save and restore all Google Test flags.
+  const internal::GTestFlagSaver* const gtest_flag_saver_;
+
+  // Often a user misspells SetUp() as Setup() and spends a long time
+  // wondering why it is never called by Google Test.  The declaration of
+  // the following method is solely for catching such an error at
+  // compile time:
+  //
+  //   - The return type is deliberately chosen to be not void, so it
+  //   will be a conflict if void Setup() is declared in the user's
+  //   test fixture.
+  //
+  //   - This method is private, so it will be another compiler error
+  //   if the method is called from the user's test fixture.
+  //
+  // DO NOT OVERRIDE THIS FUNCTION.
+  //
+  // If you see an error about overriding the following function or
+  // about it being private, you have mis-spelled SetUp() as Setup().
+  struct Setup_should_be_spelled_SetUp {};
+  virtual Setup_should_be_spelled_SetUp* Setup() { return NULL; }
+
+  // We disallow copying Tests.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Test);
+};
+
+typedef internal::TimeInMillis TimeInMillis;
+
+// A copyable object representing a user specified test property which can be
+// output as a key/value string pair.
+//
+// Don't inherit from TestProperty as its destructor is not virtual.
+class TestProperty {
+ public:
+  // C'tor.  TestProperty does NOT have a default constructor.
+  // Always use this constructor (with parameters) to create a
+  // TestProperty object.
+  TestProperty(const std::string& a_key, const std::string& a_value) :
+    key_(a_key), value_(a_value) {
+  }
+
+  // Gets the user supplied key.
+  const char* key() const {
+    return key_.c_str();
+  }
+
+  // Gets the user supplied value.
+  const char* value() const {
+    return value_.c_str();
+  }
+
+  // Sets a new value, overriding the one supplied in the constructor.
+  void SetValue(const std::string& new_value) {
+    value_ = new_value;
+  }
+
+ private:
+  // The key supplied by the user.
+  std::string key_;
+  // The value supplied by the user.
+  std::string value_;
+};
+
+// The result of a single Test.  This includes a list of
+// TestPartResults, a list of TestProperties, a count of how many
+// death tests there are in the Test, and how much time it took to run
+// the Test.
+//
+// TestResult is not copyable.
+class GTEST_API_ TestResult {
+ public:
+  // Creates an empty TestResult.
+  TestResult();
+
+  // D'tor.  Do not inherit from TestResult.
+  ~TestResult();
+
+  // Gets the number of all test parts.  This is the sum of the number
+  // of successful test parts and the number of failed test parts.
+  int total_part_count() const;
+
+  // Returns the number of the test properties.
+  int test_property_count() const;
+
+  // Returns true iff the test passed (i.e. no test part failed).
+  bool Passed() const { return !Failed(); }
+
+  // Returns true iff the test failed.
+  bool Failed() const;
+
+  // Returns true iff the test fatally failed.
+  bool HasFatalFailure() const;
+
+  // Returns true iff the test has a non-fatal failure.
+  bool HasNonfatalFailure() const;
+
+  // Returns the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const { return elapsed_time_; }
+
+  // Returns the i-th test part result among all the results. i can range
+  // from 0 to test_property_count() - 1. If i is not in that range, aborts
+  // the program.
+  const TestPartResult& GetTestPartResult(int i) const;
+
+  // Returns the i-th test property. i can range from 0 to
+  // test_property_count() - 1. If i is not in that range, aborts the
+  // program.
+  const TestProperty& GetTestProperty(int i) const;
+
+ private:
+  friend class TestInfo;
+  friend class TestCase;
+  friend class UnitTest;
+  friend class internal::DefaultGlobalTestPartResultReporter;
+  friend class internal::ExecDeathTest;
+  friend class internal::TestResultAccessor;
+  friend class internal::UnitTestImpl;
+  friend class internal::WindowsDeathTest;
+
+  // Gets the vector of TestPartResults.
+  const std::vector<TestPartResult>& test_part_results() const {
+    return test_part_results_;
+  }
+
+  // Gets the vector of TestProperties.
+  const std::vector<TestProperty>& test_properties() const {
+    return test_properties_;
+  }
+
+  // Sets the elapsed time.
+  void set_elapsed_time(TimeInMillis elapsed) { elapsed_time_ = elapsed; }
+
+  // Adds a test property to the list. The property is validated and may add
+  // a non-fatal failure if invalid (e.g., if it conflicts with reserved
+  // key names). If a property is already recorded for the same key, the
+  // value will be updated, rather than storing multiple values for the same
+  // key.  xml_element specifies the element for which the property is being
+  // recorded and is used for validation.
+  void RecordProperty(const std::string& xml_element,
+                      const TestProperty& test_property);
+
+  // Adds a failure if the key is a reserved attribute of Google Test
+  // testcase tags.  Returns true if the property is valid.
+  // TODO(russr): Validate attribute names are legal and human readable.
+  static bool ValidateTestProperty(const std::string& xml_element,
+                                   const TestProperty& test_property);
+
+  // Adds a test part result to the list.
+  void AddTestPartResult(const TestPartResult& test_part_result);
+
+  // Returns the death test count.
+  int death_test_count() const { return death_test_count_; }
+
+  // Increments the death test count, returning the new count.
+  int increment_death_test_count() { return ++death_test_count_; }
+
+  // Clears the test part results.
+  void ClearTestPartResults();
+
+  // Clears the object.
+  void Clear();
+
+  // Protects mutable state of the property vector and of owned
+  // properties, whose values may be updated.
+  internal::Mutex test_properites_mutex_;
+
+  // The vector of TestPartResults
+  std::vector<TestPartResult> test_part_results_;
+  // The vector of TestProperties
+  std::vector<TestProperty> test_properties_;
+  // Running count of death tests.
+  int death_test_count_;
+  // The elapsed time, in milliseconds.
+  TimeInMillis elapsed_time_;
+
+  // We disallow copying TestResult.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestResult);
+};  // class TestResult
+
+// A TestInfo object stores the following information about a test:
+//
+//   Test case name
+//   Test name
+//   Whether the test should be run
+//   A function pointer that creates the test object when invoked
+//   Test result
+//
+// The constructor of TestInfo registers itself with the UnitTest
+// singleton such that the RUN_ALL_TESTS() macro knows which tests to
+// run.
+class GTEST_API_ TestInfo {
+ public:
+  // Destructs a TestInfo object.  This function is not virtual, so
+  // don't inherit from TestInfo.
+  ~TestInfo();
+
+  // Returns the test case name.
+  const char* test_case_name() const { return test_case_name_.c_str(); }
+
+  // Returns the test name.
+  const char* name() const { return name_.c_str(); }
+
+  // Returns the name of the parameter type, or NULL if this is not a typed
+  // or a type-parameterized test.
+  const char* type_param() const {
+    if (type_param_.get() != NULL)
+      return type_param_->c_str();
+    return NULL;
+  }
+
+  // Returns the text representation of the value parameter, or NULL if this
+  // is not a value-parameterized test.
+  const char* value_param() const {
+    if (value_param_.get() != NULL)
+      return value_param_->c_str();
+    return NULL;
+  }
+
+  // Returns true if this test should run, that is if the test is not
+  // disabled (or it is disabled but the also_run_disabled_tests flag has
+  // been specified) and its full name matches the user-specified filter.
+  //
+  // Google Test allows the user to filter the tests by their full names.
+  // The full name of a test Bar in test case Foo is defined as
+  // "Foo.Bar".  Only the tests that match the filter will run.
+  //
+  // A filter is a colon-separated list of glob (not regex) patterns,
+  // optionally followed by a '-' and a colon-separated list of
+  // negative patterns (tests to exclude).  A test is run if it
+  // matches one of the positive patterns and does not match any of
+  // the negative patterns.
+  //
+  // For example, *A*:Foo.* is a filter that matches any string that
+  // contains the character 'A' or starts with "Foo.".
+  bool should_run() const { return should_run_; }
+
+  // Returns true iff this test will appear in the XML report.
+  bool is_reportable() const {
+    // For now, the XML report includes all tests matching the filter.
+    // In the future, we may trim tests that are excluded because of
+    // sharding.
+    return matches_filter_;
+  }
+
+  // Returns the result of the test.
+  const TestResult* result() const { return &result_; }
+
+ private:
+#if GTEST_HAS_DEATH_TEST
+  friend class internal::DefaultDeathTestFactory;
+#endif  // GTEST_HAS_DEATH_TEST
+  friend class Test;
+  friend class TestCase;
+  friend class internal::UnitTestImpl;
+  friend class internal::StreamingListenerTest;
+  friend TestInfo* internal::MakeAndRegisterTestInfo(
+      const char* test_case_name,
+      const char* name,
+      const char* type_param,
+      const char* value_param,
+      internal::TypeId fixture_class_id,
+      Test::SetUpTestCaseFunc set_up_tc,
+      Test::TearDownTestCaseFunc tear_down_tc,
+      internal::TestFactoryBase* factory);
+
+  // Constructs a TestInfo object. The newly constructed instance assumes
+  // ownership of the factory object.
+  TestInfo(const std::string& test_case_name,
+           const std::string& name,
+           const char* a_type_param,   // NULL if not a type-parameterized test
+           const char* a_value_param,  // NULL if not a value-parameterized test
+           internal::TypeId fixture_class_id,
+           internal::TestFactoryBase* factory);
+
+  // Increments the number of death tests encountered in this test so
+  // far.
+  int increment_death_test_count() {
+    return result_.increment_death_test_count();
+  }
+
+  // Creates the test object, runs it, records its result, and then
+  // deletes it.
+  void Run();
+
+  static void ClearTestResult(TestInfo* test_info) {
+    test_info->result_.Clear();
+  }
+
+  // These fields are immutable properties of the test.
+  const std::string test_case_name_;     // Test case name
+  const std::string name_;               // Test name
+  // Name of the parameter type, or NULL if this is not a typed or a
+  // type-parameterized test.
+  const internal::scoped_ptr<const ::std::string> type_param_;
+  // Text representation of the value parameter, or NULL if this is not a
+  // value-parameterized test.
+  const internal::scoped_ptr<const ::std::string> value_param_;
+  const internal::TypeId fixture_class_id_;   // ID of the test fixture class
+  bool should_run_;                 // True iff this test should run
+  bool is_disabled_;                // True iff this test is disabled
+  bool matches_filter_;             // True if this test matches the
+                                    // user-specified filter.
+  internal::TestFactoryBase* const factory_;  // The factory that creates
+                                              // the test object
+
+  // This field is mutable and needs to be reset before running the
+  // test for the second time.
+  TestResult result_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestInfo);
+};
+
+// A test case, which consists of a vector of TestInfos.
+//
+// TestCase is not copyable.
+class GTEST_API_ TestCase {
+ public:
+  // Creates a TestCase with the given name.
+  //
+  // TestCase does NOT have a default constructor.  Always use this
+  // constructor to create a TestCase object.
+  //
+  // Arguments:
+  //
+  //   name:         name of the test case
+  //   a_type_param: the name of the test's type parameter, or NULL if
+  //                 this is not a type-parameterized test.
+  //   set_up_tc:    pointer to the function that sets up the test case
+  //   tear_down_tc: pointer to the function that tears down the test case
+  TestCase(const char* name, const char* a_type_param,
+           Test::SetUpTestCaseFunc set_up_tc,
+           Test::TearDownTestCaseFunc tear_down_tc);
+
+  // Destructor of TestCase.
+  virtual ~TestCase();
+
+  // Gets the name of the TestCase.
+  const char* name() const { return name_.c_str(); }
+
+  // Returns the name of the parameter type, or NULL if this is not a
+  // type-parameterized test case.
+  const char* type_param() const {
+    if (type_param_.get() != NULL)
+      return type_param_->c_str();
+    return NULL;
+  }
+
+  // Returns true if any test in this test case should run.
+  bool should_run() const { return should_run_; }
+
+  // Gets the number of successful tests in this test case.
+  int successful_test_count() const;
+
+  // Gets the number of failed tests in this test case.
+  int failed_test_count() const;
+
+  // Gets the number of disabled tests that will be reported in the XML report.
+  int reportable_disabled_test_count() const;
+
+  // Gets the number of disabled tests in this test case.
+  int disabled_test_count() const;
+
+  // Gets the number of tests to be printed in the XML report.
+  int reportable_test_count() const;
+
+  // Get the number of tests in this test case that should run.
+  int test_to_run_count() const;
+
+  // Gets the number of all tests in this test case.
+  int total_test_count() const;
+
+  // Returns true iff the test case passed.
+  bool Passed() const { return !Failed(); }
+
+  // Returns true iff the test case failed.
+  bool Failed() const { return failed_test_count() > 0; }
+
+  // Returns the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const { return elapsed_time_; }
+
+  // Returns the i-th test among all the tests. i can range from 0 to
+  // total_test_count() - 1. If i is not in that range, returns NULL.
+  const TestInfo* GetTestInfo(int i) const;
+
+  // Returns the TestResult that holds test properties recorded during
+  // execution of SetUpTestCase and TearDownTestCase.
+  const TestResult& ad_hoc_test_result() const { return ad_hoc_test_result_; }
+
+ private:
+  friend class Test;
+  friend class internal::UnitTestImpl;
+
+  // Gets the (mutable) vector of TestInfos in this TestCase.
+  std::vector<TestInfo*>& test_info_list() { return test_info_list_; }
+
+  // Gets the (immutable) vector of TestInfos in this TestCase.
+  const std::vector<TestInfo*>& test_info_list() const {
+    return test_info_list_;
+  }
+
+  // Returns the i-th test among all the tests. i can range from 0 to
+  // total_test_count() - 1. If i is not in that range, returns NULL.
+  TestInfo* GetMutableTestInfo(int i);
+
+  // Sets the should_run member.
+  void set_should_run(bool should) { should_run_ = should; }
+
+  // Adds a TestInfo to this test case.  Will delete the TestInfo upon
+  // destruction of the TestCase object.
+  void AddTestInfo(TestInfo * test_info);
+
+  // Clears the results of all tests in this test case.
+  void ClearResult();
+
+  // Clears the results of all tests in the given test case.
+  static void ClearTestCaseResult(TestCase* test_case) {
+    test_case->ClearResult();
+  }
+
+  // Runs every test in this TestCase.
+  void Run();
+
+  // Runs SetUpTestCase() for this TestCase.  This wrapper is needed
+  // for catching exceptions thrown from SetUpTestCase().
+  void RunSetUpTestCase() { (*set_up_tc_)(); }
+
+  // Runs TearDownTestCase() for this TestCase.  This wrapper is
+  // needed for catching exceptions thrown from TearDownTestCase().
+  void RunTearDownTestCase() { (*tear_down_tc_)(); }
+
+  // Returns true iff test passed.
+  static bool TestPassed(const TestInfo* test_info) {
+    return test_info->should_run() && test_info->result()->Passed();
+  }
+
+  // Returns true iff test failed.
+  static bool TestFailed(const TestInfo* test_info) {
+    return test_info->should_run() && test_info->result()->Failed();
+  }
+
+  // Returns true iff the test is disabled and will be reported in the XML
+  // report.
+  static bool TestReportableDisabled(const TestInfo* test_info) {
+    return test_info->is_reportable() && test_info->is_disabled_;
+  }
+
+  // Returns true iff test is disabled.
+  static bool TestDisabled(const TestInfo* test_info) {
+    return test_info->is_disabled_;
+  }
+
+  // Returns true iff this test will appear in the XML report.
+  static bool TestReportable(const TestInfo* test_info) {
+    return test_info->is_reportable();
+  }
+
+  // Returns true if the given test should run.
+  static bool ShouldRunTest(const TestInfo* test_info) {
+    return test_info->should_run();
+  }
+
+  // Shuffles the tests in this test case.
+  void ShuffleTests(internal::Random* random);
+
+  // Restores the test order to before the first shuffle.
+  void UnshuffleTests();
+
+  // Name of the test case.
+  std::string name_;
+  // Name of the parameter type, or NULL if this is not a typed or a
+  // type-parameterized test.
+  const internal::scoped_ptr<const ::std::string> type_param_;
+  // The vector of TestInfos in their original order.  It owns the
+  // elements in the vector.
+  std::vector<TestInfo*> test_info_list_;
+  // Provides a level of indirection for the test list to allow easy
+  // shuffling and restoring the test order.  The i-th element in this
+  // vector is the index of the i-th test in the shuffled test list.
+  std::vector<int> test_indices_;
+  // Pointer to the function that sets up the test case.
+  Test::SetUpTestCaseFunc set_up_tc_;
+  // Pointer to the function that tears down the test case.
+  Test::TearDownTestCaseFunc tear_down_tc_;
+  // True iff any test in this test case should run.
+  bool should_run_;
+  // Elapsed time, in milliseconds.
+  TimeInMillis elapsed_time_;
+  // Holds test properties recorded during execution of SetUpTestCase and
+  // TearDownTestCase.
+  TestResult ad_hoc_test_result_;
+
+  // We disallow copying TestCases.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestCase);
+};
+
+// An Environment object is capable of setting up and tearing down an
+// environment.  You should subclass this to define your own
+// environment(s).
+//
+// An Environment object does the set-up and tear-down in virtual
+// methods SetUp() and TearDown() instead of the constructor and the
+// destructor, as:
+//
+//   1. You cannot safely throw from a destructor.  This is a problem
+//      as in some cases Google Test is used where exceptions are enabled, and
+//      we may want to implement ASSERT_* using exceptions where they are
+//      available.
+//   2. You cannot use ASSERT_* directly in a constructor or
+//      destructor.
+class Environment {
+ public:
+  // The d'tor is virtual as we need to subclass Environment.
+  virtual ~Environment() {}
+
+  // Override this to define how to set up the environment.
+  virtual void SetUp() {}
+
+  // Override this to define how to tear down the environment.
+  virtual void TearDown() {}
+ private:
+  // If you see an error about overriding the following function or
+  // about it being private, you have mis-spelled SetUp() as Setup().
+  struct Setup_should_be_spelled_SetUp {};
+  virtual Setup_should_be_spelled_SetUp* Setup() { return NULL; }
+};
+
+// The interface for tracing execution of tests. The methods are organized in
+// the order the corresponding events are fired.
+class TestEventListener {
+ public:
+  virtual ~TestEventListener() {}
+
+  // Fired before any test activity starts.
+  virtual void OnTestProgramStart(const UnitTest& unit_test) = 0;
+
+  // Fired before each iteration of tests starts.  There may be more than
+  // one iteration if GTEST_FLAG(repeat) is set. iteration is the iteration
+  // index, starting from 0.
+  virtual void OnTestIterationStart(const UnitTest& unit_test,
+                                    int iteration) = 0;
+
+  // Fired before environment set-up for each iteration of tests starts.
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& unit_test) = 0;
+
+  // Fired after environment set-up for each iteration of tests ends.
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& unit_test) = 0;
+
+  // Fired before the test case starts.
+  virtual void OnTestCaseStart(const TestCase& test_case) = 0;
+
+  // Fired before the test starts.
+  virtual void OnTestStart(const TestInfo& test_info) = 0;
+
+  // Fired after a failed assertion or a SUCCEED() invocation.
+  virtual void OnTestPartResult(const TestPartResult& test_part_result) = 0;
+
+  // Fired after the test ends.
+  virtual void OnTestEnd(const TestInfo& test_info) = 0;
+
+  // Fired after the test case ends.
+  virtual void OnTestCaseEnd(const TestCase& test_case) = 0;
+
+  // Fired before environment tear-down for each iteration of tests starts.
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& unit_test) = 0;
+
+  // Fired after environment tear-down for each iteration of tests ends.
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& unit_test) = 0;
+
+  // Fired after each iteration of tests finishes.
+  virtual void OnTestIterationEnd(const UnitTest& unit_test,
+                                  int iteration) = 0;
+
+  // Fired after all test activities have ended.
+  virtual void OnTestProgramEnd(const UnitTest& unit_test) = 0;
+};
+
+// The convenience class for users who need to override just one or two
+// methods and are not concerned that a possible change to a signature of
+// the methods they override will not be caught during the build.  For
+// comments about each method please see the definition of TestEventListener
+// above.
+class EmptyTestEventListener : public TestEventListener {
+ public:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationStart(const UnitTest& /*unit_test*/,
+                                    int /*iteration*/) {}
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestCaseStart(const TestCase& /*test_case*/) {}
+  virtual void OnTestStart(const TestInfo& /*test_info*/) {}
+  virtual void OnTestPartResult(const TestPartResult& /*test_part_result*/) {}
+  virtual void OnTestEnd(const TestInfo& /*test_info*/) {}
+  virtual void OnTestCaseEnd(const TestCase& /*test_case*/) {}
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationEnd(const UnitTest& /*unit_test*/,
+                                  int /*iteration*/) {}
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {}
+};
+
+// TestEventListeners lets users add listeners to track events in Google Test.
+class GTEST_API_ TestEventListeners {
+ public:
+  TestEventListeners();
+  ~TestEventListeners();
+
+  // Appends an event listener to the end of the list. Google Test assumes
+  // the ownership of the listener (i.e. it will delete the listener when
+  // the test program finishes).
+  void Append(TestEventListener* listener);
+
+  // Removes the given event listener from the list and returns it.  It then
+  // becomes the caller's responsibility to delete the listener. Returns
+  // NULL if the listener is not found in the list.
+  TestEventListener* Release(TestEventListener* listener);
+
+  // Returns the standard listener responsible for the default console
+  // output.  Can be removed from the listeners list to shut down default
+  // console output.  Note that removing this object from the listener list
+  // with Release transfers its ownership to the caller and makes this
+  // function return NULL the next time.
+  TestEventListener* default_result_printer() const {
+    return default_result_printer_;
+  }
+
+  // Returns the standard listener responsible for the default XML output
+  // controlled by the --gtest_output=xml flag.  Can be removed from the
+  // listeners list by users who want to shut down the default XML output
+  // controlled by this flag and substitute it with custom one.  Note that
+  // removing this object from the listener list with Release transfers its
+  // ownership to the caller and makes this function return NULL the next
+  // time.
+  TestEventListener* default_xml_generator() const {
+    return default_xml_generator_;
+  }
+
+ private:
+  friend class TestCase;
+  friend class TestInfo;
+  friend class internal::DefaultGlobalTestPartResultReporter;
+  friend class internal::NoExecDeathTest;
+  friend class internal::TestEventListenersAccessor;
+  friend class internal::UnitTestImpl;
+
+  // Returns repeater that broadcasts the TestEventListener events to all
+  // subscribers.
+  TestEventListener* repeater();
+
+  // Sets the default_result_printer attribute to the provided listener.
+  // The listener is also added to the listener list and previous
+  // default_result_printer is removed from it and deleted. The listener can
+  // also be NULL in which case it will not be added to the list. Does
+  // nothing if the previous and the current listener objects are the same.
+  void SetDefaultResultPrinter(TestEventListener* listener);
+
+  // Sets the default_xml_generator attribute to the provided listener.  The
+  // listener is also added to the listener list and previous
+  // default_xml_generator is removed from it and deleted. The listener can
+  // also be NULL in which case it will not be added to the list. Does
+  // nothing if the previous and the current listener objects are the same.
+  void SetDefaultXmlGenerator(TestEventListener* listener);
+
+  // Controls whether events will be forwarded by the repeater to the
+  // listeners in the list.
+  bool EventForwardingEnabled() const;
+  void SuppressEventForwarding();
+
+  // The actual list of listeners.
+  internal::TestEventRepeater* repeater_;
+  // Listener responsible for the standard result output.
+  TestEventListener* default_result_printer_;
+  // Listener responsible for the creation of the XML output file.
+  TestEventListener* default_xml_generator_;
+
+  // We disallow copying TestEventListeners.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestEventListeners);
+};
+
+// A UnitTest consists of a vector of TestCases.
+//
+// This is a singleton class.  The only instance of UnitTest is
+// created when UnitTest::GetInstance() is first called.  This
+// instance is never deleted.
+//
+// UnitTest is not copyable.
+//
+// This class is thread-safe as long as the methods are called
+// according to their specification.
+class GTEST_API_ UnitTest {
+ public:
+  // Gets the singleton UnitTest object.  The first time this method
+  // is called, a UnitTest object is constructed and returned.
+  // Consecutive calls will return the same object.
+  static UnitTest* GetInstance();
+
+  // Runs all tests in this UnitTest object and prints the result.
+  // Returns 0 if successful, or 1 otherwise.
+  //
+  // This method can only be called from the main thread.
+  //
+  // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+  int Run() GTEST_MUST_USE_RESULT_;
+
+  // Returns the working directory when the first TEST() or TEST_F()
+  // was executed.  The UnitTest object owns the string.
+  const char* original_working_dir() const;
+
+  // Returns the TestCase object for the test that's currently running,
+  // or NULL if no test is running.
+  const TestCase* current_test_case() const
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Returns the TestInfo object for the test that's currently running,
+  // or NULL if no test is running.
+  const TestInfo* current_test_info() const
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Returns the random seed used at the start of the current test run.
+  int random_seed() const;
+
+#if GTEST_HAS_PARAM_TEST
+  // Returns the ParameterizedTestCaseRegistry object used to keep track of
+  // value-parameterized tests and instantiate and register them.
+  //
+  // INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+  internal::ParameterizedTestCaseRegistry& parameterized_test_registry()
+      GTEST_LOCK_EXCLUDED_(mutex_);
+#endif  // GTEST_HAS_PARAM_TEST
+
+  // Gets the number of successful test cases.
+  int successful_test_case_count() const;
+
+  // Gets the number of failed test cases.
+  int failed_test_case_count() const;
+
+  // Gets the number of all test cases.
+  int total_test_case_count() const;
+
+  // Gets the number of all test cases that contain at least one test
+  // that should run.
+  int test_case_to_run_count() const;
+
+  // Gets the number of successful tests.
+  int successful_test_count() const;
+
+  // Gets the number of failed tests.
+  int failed_test_count() const;
+
+  // Gets the number of disabled tests that will be reported in the XML report.
+  int reportable_disabled_test_count() const;
+
+  // Gets the number of disabled tests.
+  int disabled_test_count() const;
+
+  // Gets the number of tests to be printed in the XML report.
+  int reportable_test_count() const;
+
+  // Gets the number of all tests.
+  int total_test_count() const;
+
+  // Gets the number of tests that should run.
+  int test_to_run_count() const;
+
+  // Gets the time of the test program start, in ms from the start of the
+  // UNIX epoch.
+  TimeInMillis start_timestamp() const;
+
+  // Gets the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const;
+
+  // Returns true iff the unit test passed (i.e. all test cases passed).
+  bool Passed() const;
+
+  // Returns true iff the unit test failed (i.e. some test case failed
+  // or something outside of all tests failed).
+  bool Failed() const;
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  const TestCase* GetTestCase(int i) const;
+
+  // Returns the TestResult containing information on test failures and
+  // properties logged outside of individual test cases.
+  const TestResult& ad_hoc_test_result() const;
+
+  // Returns the list of event listeners that can be used to track events
+  // inside Google Test.
+  TestEventListeners& listeners();
+
+ private:
+  // Registers and returns a global test environment.  When a test
+  // program is run, all global test environments will be set-up in
+  // the order they were registered.  After all tests in the program
+  // have finished, all global test environments will be torn-down in
+  // the *reverse* order they were registered.
+  //
+  // The UnitTest object takes ownership of the given environment.
+  //
+  // This method can only be called from the main thread.
+  Environment* AddEnvironment(Environment* env);
+
+  // Adds a TestPartResult to the current TestResult object.  All
+  // Google Test assertion macros (e.g. ASSERT_TRUE, EXPECT_EQ, etc)
+  // eventually call this to report their results.  The user code
+  // should use the assertion macros instead of calling this directly.
+  void AddTestPartResult(TestPartResult::Type result_type,
+                         const char* file_name,
+                         int line_number,
+                         const std::string& message,
+                         const std::string& os_stack_trace)
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Adds a TestProperty to the current TestResult object when invoked from
+  // inside a test, to current TestCase's ad_hoc_test_result_ when invoked
+  // from SetUpTestCase or TearDownTestCase, or to the global property set
+  // when invoked elsewhere.  If the result already contains a property with
+  // the same key, the value will be updated.
+  void RecordProperty(const std::string& key, const std::string& value);
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  TestCase* GetMutableTestCase(int i);
+
+  // Accessors for the implementation object.
+  internal::UnitTestImpl* impl() { return impl_; }
+  const internal::UnitTestImpl* impl() const { return impl_; }
+
+  // These classes and funcions are friends as they need to access private
+  // members of UnitTest.
+  friend class Test;
+  friend class internal::AssertHelper;
+  friend class internal::ScopedTrace;
+  friend class internal::StreamingListenerTest;
+  friend class internal::UnitTestRecordPropertyTestHelper;
+  friend Environment* AddGlobalTestEnvironment(Environment* env);
+  friend internal::UnitTestImpl* internal::GetUnitTestImpl();
+  friend void internal::ReportFailureInUnknownLocation(
+      TestPartResult::Type result_type,
+      const std::string& message);
+
+  // Creates an empty UnitTest.
+  UnitTest();
+
+  // D'tor
+  virtual ~UnitTest();
+
+  // Pushes a trace defined by SCOPED_TRACE() on to the per-thread
+  // Google Test trace stack.
+  void PushGTestTrace(const internal::TraceInfo& trace)
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Pops a trace from the per-thread Google Test trace stack.
+  void PopGTestTrace()
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // Protects mutable state in *impl_.  This is mutable as some const
+  // methods need to lock it too.
+  mutable internal::Mutex mutex_;
+
+  // Opaque implementation object.  This field is never changed once
+  // the object is constructed.  We don't mark it as const here, as
+  // doing so will cause a warning in the constructor of UnitTest.
+  // Mutable state in *impl_ is protected by mutex_.
+  internal::UnitTestImpl* impl_;
+
+  // We disallow copying UnitTest.
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(UnitTest);
+};
+
+// A convenient wrapper for adding an environment for the test
+// program.
+//
+// You should call this before RUN_ALL_TESTS() is called, probably in
+// main().  If you use gtest_main, you need to call this before main()
+// starts for it to take effect.  For example, you can define a global
+// variable like this:
+//
+//   testing::Environment* const foo_env =
+//       testing::AddGlobalTestEnvironment(new FooEnvironment);
+//
+// However, we strongly recommend you to write your own main() and
+// call AddGlobalTestEnvironment() there, as relying on initialization
+// of global variables makes the code harder to read and may cause
+// problems when you register multiple environments from different
+// translation units and the environments have dependencies among them
+// (remember that the compiler doesn't guarantee the order in which
+// global variables from different translation units are initialized).
+inline Environment* AddGlobalTestEnvironment(Environment* env) {
+  return UnitTest::GetInstance()->AddEnvironment(env);
+}
+
+// Initializes Google Test.  This must be called before calling
+// RUN_ALL_TESTS().  In particular, it parses a command line for the
+// flags that Google Test recognizes.  Whenever a Google Test flag is
+// seen, it is removed from argv, and *argc is decremented.
+//
+// No value is returned.  Instead, the Google Test flag variables are
+// updated.
+//
+// Calling the function for the second time has no user-visible effect.
+GTEST_API_ void InitGoogleTest(int* argc, char** argv);
+
+// This overloaded version can be used in Windows programs compiled in
+// UNICODE mode.
+GTEST_API_ void InitGoogleTest(int* argc, wchar_t** argv);
+
+namespace internal {
+
+// FormatForComparison<ToPrint, OtherOperand>::Format(value) formats a
+// value of type ToPrint that is an operand of a comparison assertion
+// (e.g. ASSERT_EQ).  OtherOperand is the type of the other operand in
+// the comparison, and is used to help determine the best way to
+// format the value.  In particular, when the value is a C string
+// (char pointer) and the other operand is an STL string object, we
+// want to format the C string as a string, since we know it is
+// compared by value with the string object.  If the value is a char
+// pointer but the other operand is not an STL string object, we don't
+// know whether the pointer is supposed to point to a NUL-terminated
+// string, and thus want to print it as a pointer to be safe.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+
+// The default case.
+template <typename ToPrint, typename OtherOperand>
+class FormatForComparison {
+ public:
+  static ::std::string Format(const ToPrint& value) {
+    return ::testing::PrintToString(value);
+  }
+};
+
+// Array.
+template <typename ToPrint, size_t N, typename OtherOperand>
+class FormatForComparison<ToPrint[N], OtherOperand> {
+ public:
+  static ::std::string Format(const ToPrint* value) {
+    return FormatForComparison<const ToPrint*, OtherOperand>::Format(value);
+  }
+};
+
+// By default, print C string as pointers to be safe, as we don't know
+// whether they actually point to a NUL-terminated string.
+
+#define GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(CharType)                \
+  template <typename OtherOperand>                                      \
+  class FormatForComparison<CharType*, OtherOperand> {                  \
+   public:                                                              \
+    static ::std::string Format(CharType* value) {                      \
+      return ::testing::PrintToString(static_cast<const void*>(value)); \
+    }                                                                   \
+  }
+
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(char);
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(const char);
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(wchar_t);
+GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_(const wchar_t);
+
+#undef GTEST_IMPL_FORMAT_C_STRING_AS_POINTER_
+
+// If a C string is compared with an STL string object, we know it's meant
+// to point to a NUL-terminated string, and thus can print it as a string.
+
+#define GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(CharType, OtherStringType) \
+  template <>                                                           \
+  class FormatForComparison<CharType*, OtherStringType> {               \
+   public:                                                              \
+    static ::std::string Format(CharType* value) {                      \
+      return ::testing::PrintToString(value);                           \
+    }                                                                   \
+  }
+
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(char, ::std::string);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const char, ::std::string);
+
+#if GTEST_HAS_GLOBAL_STRING
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(char, ::string);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const char, ::string);
+#endif
+
+#if GTEST_HAS_GLOBAL_WSTRING
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(wchar_t, ::wstring);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const wchar_t, ::wstring);
+#endif
+
+#if GTEST_HAS_STD_WSTRING
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(wchar_t, ::std::wstring);
+GTEST_IMPL_FORMAT_C_STRING_AS_STRING_(const wchar_t, ::std::wstring);
+#endif
+
+#undef GTEST_IMPL_FORMAT_C_STRING_AS_STRING_
+
+// Formats a comparison assertion (e.g. ASSERT_EQ, EXPECT_LT, and etc)
+// operand to be used in a failure message.  The type (but not value)
+// of the other operand may affect the format.  This allows us to
+// print a char* as a raw pointer when it is compared against another
+// char* or void*, and print it as a C string when it is compared
+// against an std::string object, for example.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+template <typename T1, typename T2>
+std::string FormatForComparisonFailureMessage(
+    const T1& value, const T2& /* other_operand */) {
+  return FormatForComparison<T1, T2>::Format(value);
+}
+
+// The helper function for {ASSERT|EXPECT}_EQ.
+template <typename T1, typename T2>
+AssertionResult CmpHelperEQ(const char* expected_expression,
+                            const char* actual_expression,
+                            const T1& expected,
+                            const T2& actual) {
+GTEST_DISABLE_MSC_WARNINGS_PUSH_(4389 /* signed/unsigned mismatch */)
+  if (expected == actual) {
+    return AssertionSuccess();
+  }
+GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   FormatForComparisonFailureMessage(expected, actual),
+                   FormatForComparisonFailureMessage(actual, expected),
+                   false);
+}
+
+// With this overloaded version, we allow anonymous enums to be used
+// in {ASSERT|EXPECT}_EQ when compiled with gcc 4, as anonymous enums
+// can be implicitly cast to BiggestInt.
+GTEST_API_ AssertionResult CmpHelperEQ(const char* expected_expression,
+                                       const char* actual_expression,
+                                       BiggestInt expected,
+                                       BiggestInt actual);
+
+// The helper class for {ASSERT|EXPECT}_EQ.  The template argument
+// lhs_is_null_literal is true iff the first argument to ASSERT_EQ()
+// is a null pointer literal.  The following default implementation is
+// for lhs_is_null_literal being false.
+template <bool lhs_is_null_literal>
+class EqHelper {
+ public:
+  // This templatized version is for the general case.
+  template <typename T1, typename T2>
+  static AssertionResult Compare(const char* expected_expression,
+                                 const char* actual_expression,
+                                 const T1& expected,
+                                 const T2& actual) {
+    return CmpHelperEQ(expected_expression, actual_expression, expected,
+                       actual);
+  }
+
+  // With this overloaded version, we allow anonymous enums to be used
+  // in {ASSERT|EXPECT}_EQ when compiled with gcc 4, as anonymous
+  // enums can be implicitly cast to BiggestInt.
+  //
+  // Even though its body looks the same as the above version, we
+  // cannot merge the two, as it will make anonymous enums unhappy.
+  static AssertionResult Compare(const char* expected_expression,
+                                 const char* actual_expression,
+                                 BiggestInt expected,
+                                 BiggestInt actual) {
+    return CmpHelperEQ(expected_expression, actual_expression, expected,
+                       actual);
+  }
+};
+
+// This specialization is used when the first argument to ASSERT_EQ()
+// is a null pointer literal, like NULL, false, or 0.
+template <>
+class EqHelper<true> {
+ public:
+  // We define two overloaded versions of Compare().  The first
+  // version will be picked when the second argument to ASSERT_EQ() is
+  // NOT a pointer, e.g. ASSERT_EQ(0, AnIntFunction()) or
+  // EXPECT_EQ(false, a_bool).
+  template <typename T1, typename T2>
+  static AssertionResult Compare(
+      const char* expected_expression,
+      const char* actual_expression,
+      const T1& expected,
+      const T2& actual,
+      // The following line prevents this overload from being considered if T2
+      // is not a pointer type.  We need this because ASSERT_EQ(NULL, my_ptr)
+      // expands to Compare("", "", NULL, my_ptr), which requires a conversion
+      // to match the Secret* in the other overload, which would otherwise make
+      // this template match better.
+      typename EnableIf<!is_pointer<T2>::value>::type* = 0) {
+    return CmpHelperEQ(expected_expression, actual_expression, expected,
+                       actual);
+  }
+
+  // This version will be picked when the second argument to ASSERT_EQ() is a
+  // pointer, e.g. ASSERT_EQ(NULL, a_pointer).
+  template <typename T>
+  static AssertionResult Compare(
+      const char* expected_expression,
+      const char* actual_expression,
+      // We used to have a second template parameter instead of Secret*.  That
+      // template parameter would deduce to 'long', making this a better match
+      // than the first overload even without the first overload's EnableIf.
+      // Unfortunately, gcc with -Wconversion-null warns when "passing NULL to
+      // non-pointer argument" (even a deduced integral argument), so the old
+      // implementation caused warnings in user code.
+      Secret* /* expected (NULL) */,
+      T* actual) {
+    // We already know that 'expected' is a null pointer.
+    return CmpHelperEQ(expected_expression, actual_expression,
+                       static_cast<T*>(NULL), actual);
+  }
+};
+
+// A macro for implementing the helper functions needed to implement
+// ASSERT_?? and EXPECT_??.  It is here just to avoid copy-and-paste
+// of similar code.
+//
+// For each templatized helper function, we also define an overloaded
+// version for BiggestInt in order to reduce code bloat and allow
+// anonymous enums to be used with {ASSERT|EXPECT}_?? when compiled
+// with gcc 4.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+#define GTEST_IMPL_CMP_HELPER_(op_name, op)\
+template <typename T1, typename T2>\
+AssertionResult CmpHelper##op_name(const char* expr1, const char* expr2, \
+                                   const T1& val1, const T2& val2) {\
+  if (val1 op val2) {\
+    return AssertionSuccess();\
+  } else {\
+    return AssertionFailure() \
+        << "Expected: (" << expr1 << ") " #op " (" << expr2\
+        << "), actual: " << FormatForComparisonFailureMessage(val1, val2)\
+        << " vs " << FormatForComparisonFailureMessage(val2, val1);\
+  }\
+}\
+GTEST_API_ AssertionResult CmpHelper##op_name(\
+    const char* expr1, const char* expr2, BiggestInt val1, BiggestInt val2)
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+
+// Implements the helper function for {ASSERT|EXPECT}_NE
+GTEST_IMPL_CMP_HELPER_(NE, !=);
+// Implements the helper function for {ASSERT|EXPECT}_LE
+GTEST_IMPL_CMP_HELPER_(LE, <=);
+// Implements the helper function for {ASSERT|EXPECT}_LT
+GTEST_IMPL_CMP_HELPER_(LT, <);
+// Implements the helper function for {ASSERT|EXPECT}_GE
+GTEST_IMPL_CMP_HELPER_(GE, >=);
+// Implements the helper function for {ASSERT|EXPECT}_GT
+GTEST_IMPL_CMP_HELPER_(GT, >);
+
+#undef GTEST_IMPL_CMP_HELPER_
+
+// The helper function for {ASSERT|EXPECT}_STREQ.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                                          const char* actual_expression,
+                                          const char* expected,
+                                          const char* actual);
+
+// The helper function for {ASSERT|EXPECT}_STRCASEEQ.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRCASEEQ(const char* expected_expression,
+                                              const char* actual_expression,
+                                              const char* expected,
+                                              const char* actual);
+
+// The helper function for {ASSERT|EXPECT}_STRNE.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                                          const char* s2_expression,
+                                          const char* s1,
+                                          const char* s2);
+
+// The helper function for {ASSERT|EXPECT}_STRCASENE.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRCASENE(const char* s1_expression,
+                                              const char* s2_expression,
+                                              const char* s1,
+                                              const char* s2);
+
+
+// Helper function for *_STREQ on wide strings.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                                          const char* actual_expression,
+                                          const wchar_t* expected,
+                                          const wchar_t* actual);
+
+// Helper function for *_STRNE on wide strings.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                                          const char* s2_expression,
+                                          const wchar_t* s1,
+                                          const wchar_t* s2);
+
+}  // namespace internal
+
+// IsSubstring() and IsNotSubstring() are intended to be used as the
+// first argument to {EXPECT,ASSERT}_PRED_FORMAT2(), not by
+// themselves.  They check whether needle is a substring of haystack
+// (NULL is considered a substring of itself only), and return an
+// appropriate error message when they fail.
+//
+// The {needle,haystack}_expr arguments are the stringified
+// expressions that generated the two real arguments.
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack);
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack);
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack);
+
+#if GTEST_HAS_STD_WSTRING
+GTEST_API_ AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack);
+GTEST_API_ AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack);
+#endif  // GTEST_HAS_STD_WSTRING
+
+namespace internal {
+
+// Helper template function for comparing floating-points.
+//
+// Template parameter:
+//
+//   RawType: the raw floating-point type (either float or double)
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+template <typename RawType>
+AssertionResult CmpHelperFloatingPointEQ(const char* expected_expression,
+                                         const char* actual_expression,
+                                         RawType expected,
+                                         RawType actual) {
+  const FloatingPoint<RawType> lhs(expected), rhs(actual);
+
+  if (lhs.AlmostEquals(rhs)) {
+    return AssertionSuccess();
+  }
+
+  ::std::stringstream expected_ss;
+  expected_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+              << expected;
+
+  ::std::stringstream actual_ss;
+  actual_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+            << actual;
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   StringStreamToString(&expected_ss),
+                   StringStreamToString(&actual_ss),
+                   false);
+}
+
+// Helper function for implementing ASSERT_NEAR.
+//
+// INTERNAL IMPLEMENTATION - DO NOT USE IN A USER PROGRAM.
+GTEST_API_ AssertionResult DoubleNearPredFormat(const char* expr1,
+                                                const char* expr2,
+                                                const char* abs_error_expr,
+                                                double val1,
+                                                double val2,
+                                                double abs_error);
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+// A class that enables one to stream messages to assertion macros
+class GTEST_API_ AssertHelper {
+ public:
+  // Constructor.
+  AssertHelper(TestPartResult::Type type,
+               const char* file,
+               int line,
+               const char* message);
+  ~AssertHelper();
+
+  // Message assignment is a semantic trick to enable assertion
+  // streaming; see the GTEST_MESSAGE_ macro below.
+  void operator=(const Message& message) const;
+
+ private:
+  // We put our data in a struct so that the size of the AssertHelper class can
+  // be as small as possible.  This is important because gcc is incapable of
+  // re-using stack space even for temporary variables, so every EXPECT_EQ
+  // reserves stack space for another AssertHelper.
+  struct AssertHelperData {
+    AssertHelperData(TestPartResult::Type t,
+                     const char* srcfile,
+                     int line_num,
+                     const char* msg)
+        : type(t), file(srcfile), line(line_num), message(msg) { }
+
+    TestPartResult::Type const type;
+    const char* const file;
+    int const line;
+    std::string const message;
+
+   private:
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(AssertHelperData);
+  };
+
+  AssertHelperData* const data_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(AssertHelper);
+};
+
+}  // namespace internal
+
+#if GTEST_HAS_PARAM_TEST
+// The pure interface class that all value-parameterized tests inherit from.
+// A value-parameterized class must inherit from both ::testing::Test and
+// ::testing::WithParamInterface. In most cases that just means inheriting
+// from ::testing::TestWithParam, but more complicated test hierarchies
+// may need to inherit from Test and WithParamInterface at different levels.
+//
+// This interface has support for accessing the test parameter value via
+// the GetParam() method.
+//
+// Use it with one of the parameter generator defining functions, like Range(),
+// Values(), ValuesIn(), Bool(), and Combine().
+//
+// class FooTest : public ::testing::TestWithParam<int> {
+//  protected:
+//   FooTest() {
+//     // Can use GetParam() here.
+//   }
+//   virtual ~FooTest() {
+//     // Can use GetParam() here.
+//   }
+//   virtual void SetUp() {
+//     // Can use GetParam() here.
+//   }
+//   virtual void TearDown {
+//     // Can use GetParam() here.
+//   }
+// };
+// TEST_P(FooTest, DoesBar) {
+//   // Can use GetParam() method here.
+//   Foo foo;
+//   ASSERT_TRUE(foo.DoesBar(GetParam()));
+// }
+// INSTANTIATE_TEST_CASE_P(OneToTenRange, FooTest, ::testing::Range(1, 10));
+
+template <typename T>
+class WithParamInterface {
+ public:
+  typedef T ParamType;
+  virtual ~WithParamInterface() {}
+
+  // The current parameter value. Is also available in the test fixture's
+  // constructor. This member function is non-static, even though it only
+  // references static data, to reduce the opportunity for incorrect uses
+  // like writing 'WithParamInterface<bool>::GetParam()' for a test that
+  // uses a fixture whose parameter type is int.
+  const ParamType& GetParam() const {
+    GTEST_CHECK_(parameter_ != NULL)
+        << "GetParam() can only be called inside a value-parameterized test "
+        << "-- did you intend to write TEST_P instead of TEST_F?";
+    return *parameter_;
+  }
+
+ private:
+  // Sets parameter value. The caller is responsible for making sure the value
+  // remains alive and unchanged throughout the current test.
+  static void SetParam(const ParamType* parameter) {
+    parameter_ = parameter;
+  }
+
+  // Static value used for accessing parameter during a test lifetime.
+  static const ParamType* parameter_;
+
+  // TestClass must be a subclass of WithParamInterface<T> and Test.
+  template <class TestClass> friend class internal::ParameterizedTestFactory;
+};
+
+template <typename T>
+const T* WithParamInterface<T>::parameter_ = NULL;
+
+// Most value-parameterized classes can ignore the existence of
+// WithParamInterface, and can just inherit from ::testing::TestWithParam.
+
+template <typename T>
+class TestWithParam : public Test, public WithParamInterface<T> {
+};
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+// Macros for indicating success/failure in test code.
+
+// ADD_FAILURE unconditionally adds a failure to the current test.
+// SUCCEED generates a success - it doesn't automatically make the
+// current test successful, as a test is only successful when it has
+// no failure.
+//
+// EXPECT_* verifies that a certain condition is satisfied.  If not,
+// it behaves like ADD_FAILURE.  In particular:
+//
+//   EXPECT_TRUE  verifies that a Boolean condition is true.
+//   EXPECT_FALSE verifies that a Boolean condition is false.
+//
+// FAIL and ASSERT_* are similar to ADD_FAILURE and EXPECT_*, except
+// that they will also abort the current function on failure.  People
+// usually want the fail-fast behavior of FAIL and ASSERT_*, but those
+// writing data-driven tests often find themselves using ADD_FAILURE
+// and EXPECT_* more.
+
+// Generates a nonfatal failure with a generic message.
+#define ADD_FAILURE() GTEST_NONFATAL_FAILURE_("Failed")
+
+// Generates a nonfatal failure at the given source file location with
+// a generic message.
+#define ADD_FAILURE_AT(file, line) \
+  GTEST_MESSAGE_AT_(file, line, "Failed", \
+                    ::testing::TestPartResult::kNonFatalFailure)
+
+// Generates a fatal failure with a generic message.
+#define GTEST_FAIL() GTEST_FATAL_FAILURE_("Failed")
+
+// Define this macro to 1 to omit the definition of FAIL(), which is a
+// generic name and clashes with some other libraries.
+#if !GTEST_DONT_DEFINE_FAIL
+# define FAIL() GTEST_FAIL()
+#endif
+
+// Generates a success with a generic message.
+#define GTEST_SUCCEED() GTEST_SUCCESS_("Succeeded")
+
+// Define this macro to 1 to omit the definition of SUCCEED(), which
+// is a generic name and clashes with some other libraries.
+#if !GTEST_DONT_DEFINE_SUCCEED
+# define SUCCEED() GTEST_SUCCEED()
+#endif
+
+// Macros for testing exceptions.
+//
+//    * {ASSERT|EXPECT}_THROW(statement, expected_exception):
+//         Tests that the statement throws the expected exception.
+//    * {ASSERT|EXPECT}_NO_THROW(statement):
+//         Tests that the statement doesn't throw any exception.
+//    * {ASSERT|EXPECT}_ANY_THROW(statement):
+//         Tests that the statement throws an exception.
+
+#define EXPECT_THROW(statement, expected_exception) \
+  GTEST_TEST_THROW_(statement, expected_exception, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_NO_THROW(statement) \
+  GTEST_TEST_NO_THROW_(statement, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_ANY_THROW(statement) \
+  GTEST_TEST_ANY_THROW_(statement, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_THROW(statement, expected_exception) \
+  GTEST_TEST_THROW_(statement, expected_exception, GTEST_FATAL_FAILURE_)
+#define ASSERT_NO_THROW(statement) \
+  GTEST_TEST_NO_THROW_(statement, GTEST_FATAL_FAILURE_)
+#define ASSERT_ANY_THROW(statement) \
+  GTEST_TEST_ANY_THROW_(statement, GTEST_FATAL_FAILURE_)
+
+// Boolean assertions. Condition can be either a Boolean expression or an
+// AssertionResult. For more information on how to use AssertionResult with
+// these macros see comments on that class.
+#define EXPECT_TRUE(condition) \
+  GTEST_TEST_BOOLEAN_(condition, #condition, false, true, \
+                      GTEST_NONFATAL_FAILURE_)
+#define EXPECT_FALSE(condition) \
+  GTEST_TEST_BOOLEAN_(!(condition), #condition, true, false, \
+                      GTEST_NONFATAL_FAILURE_)
+#define ASSERT_TRUE(condition) \
+  GTEST_TEST_BOOLEAN_(condition, #condition, false, true, \
+                      GTEST_FATAL_FAILURE_)
+#define ASSERT_FALSE(condition) \
+  GTEST_TEST_BOOLEAN_(!(condition), #condition, true, false, \
+                      GTEST_FATAL_FAILURE_)
+
+// Includes the auto-generated header that implements a family of
+// generic predicate assertion macros.
+#include "gtest/gtest_pred_impl.h"
+
+// Macros for testing equalities and inequalities.
+//
+//    * {ASSERT|EXPECT}_EQ(expected, actual): Tests that expected == actual
+//    * {ASSERT|EXPECT}_NE(v1, v2):           Tests that v1 != v2
+//    * {ASSERT|EXPECT}_LT(v1, v2):           Tests that v1 < v2
+//    * {ASSERT|EXPECT}_LE(v1, v2):           Tests that v1 <= v2
+//    * {ASSERT|EXPECT}_GT(v1, v2):           Tests that v1 > v2
+//    * {ASSERT|EXPECT}_GE(v1, v2):           Tests that v1 >= v2
+//
+// When they are not, Google Test prints both the tested expressions and
+// their actual values.  The values must be compatible built-in types,
+// or you will get a compiler error.  By "compatible" we mean that the
+// values can be compared by the respective operator.
+//
+// Note:
+//
+//   1. It is possible to make a user-defined type work with
+//   {ASSERT|EXPECT}_??(), but that requires overloading the
+//   comparison operators and is thus discouraged by the Google C++
+//   Usage Guide.  Therefore, you are advised to use the
+//   {ASSERT|EXPECT}_TRUE() macro to assert that two objects are
+//   equal.
+//
+//   2. The {ASSERT|EXPECT}_??() macros do pointer comparisons on
+//   pointers (in particular, C strings).  Therefore, if you use it
+//   with two C strings, you are testing how their locations in memory
+//   are related, not how their content is related.  To compare two C
+//   strings by content, use {ASSERT|EXPECT}_STR*().
+//
+//   3. {ASSERT|EXPECT}_EQ(expected, actual) is preferred to
+//   {ASSERT|EXPECT}_TRUE(expected == actual), as the former tells you
+//   what the actual value is when it fails, and similarly for the
+//   other comparisons.
+//
+//   4. Do not depend on the order in which {ASSERT|EXPECT}_??()
+//   evaluate their arguments, which is undefined.
+//
+//   5. These macros evaluate their arguments exactly once.
+//
+// Examples:
+//
+//   EXPECT_NE(5, Foo());
+//   EXPECT_EQ(NULL, a_pointer);
+//   ASSERT_LT(i, array_size);
+//   ASSERT_GT(records.size(), 0) << "There is no record left.";
+
+#define EXPECT_EQ(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal:: \
+                      EqHelper<GTEST_IS_NULL_LITERAL_(expected)>::Compare, \
+                      expected, actual)
+#define EXPECT_NE(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperNE, expected, actual)
+#define EXPECT_LE(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperLE, val1, val2)
+#define EXPECT_LT(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperLT, val1, val2)
+#define EXPECT_GE(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperGE, val1, val2)
+#define EXPECT_GT(val1, val2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperGT, val1, val2)
+
+#define GTEST_ASSERT_EQ(expected, actual) \
+  ASSERT_PRED_FORMAT2(::testing::internal:: \
+                      EqHelper<GTEST_IS_NULL_LITERAL_(expected)>::Compare, \
+                      expected, actual)
+#define GTEST_ASSERT_NE(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperNE, val1, val2)
+#define GTEST_ASSERT_LE(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperLE, val1, val2)
+#define GTEST_ASSERT_LT(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperLT, val1, val2)
+#define GTEST_ASSERT_GE(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperGE, val1, val2)
+#define GTEST_ASSERT_GT(val1, val2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperGT, val1, val2)
+
+// Define macro GTEST_DONT_DEFINE_ASSERT_XY to 1 to omit the definition of
+// ASSERT_XY(), which clashes with some users' own code.
+
+#if !GTEST_DONT_DEFINE_ASSERT_EQ
+# define ASSERT_EQ(val1, val2) GTEST_ASSERT_EQ(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_NE
+# define ASSERT_NE(val1, val2) GTEST_ASSERT_NE(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_LE
+# define ASSERT_LE(val1, val2) GTEST_ASSERT_LE(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_LT
+# define ASSERT_LT(val1, val2) GTEST_ASSERT_LT(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_GE
+# define ASSERT_GE(val1, val2) GTEST_ASSERT_GE(val1, val2)
+#endif
+
+#if !GTEST_DONT_DEFINE_ASSERT_GT
+# define ASSERT_GT(val1, val2) GTEST_ASSERT_GT(val1, val2)
+#endif
+
+// C-string Comparisons.  All tests treat NULL and any non-NULL string
+// as different.  Two NULLs are equal.
+//
+//    * {ASSERT|EXPECT}_STREQ(s1, s2):     Tests that s1 == s2
+//    * {ASSERT|EXPECT}_STRNE(s1, s2):     Tests that s1 != s2
+//    * {ASSERT|EXPECT}_STRCASEEQ(s1, s2): Tests that s1 == s2, ignoring case
+//    * {ASSERT|EXPECT}_STRCASENE(s1, s2): Tests that s1 != s2, ignoring case
+//
+// For wide or narrow string objects, you can use the
+// {ASSERT|EXPECT}_??() macros.
+//
+// Don't depend on the order in which the arguments are evaluated,
+// which is undefined.
+//
+// These macros evaluate their arguments exactly once.
+
+#define EXPECT_STREQ(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTREQ, expected, actual)
+#define EXPECT_STRNE(s1, s2) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTRNE, s1, s2)
+#define EXPECT_STRCASEEQ(expected, actual) \
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASEEQ, expected, actual)
+#define EXPECT_STRCASENE(s1, s2)\
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASENE, s1, s2)
+
+#define ASSERT_STREQ(expected, actual) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTREQ, expected, actual)
+#define ASSERT_STRNE(s1, s2) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTRNE, s1, s2)
+#define ASSERT_STRCASEEQ(expected, actual) \
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASEEQ, expected, actual)
+#define ASSERT_STRCASENE(s1, s2)\
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperSTRCASENE, s1, s2)
+
+// Macros for comparing floating-point numbers.
+//
+//    * {ASSERT|EXPECT}_FLOAT_EQ(expected, actual):
+//         Tests that two float values are almost equal.
+//    * {ASSERT|EXPECT}_DOUBLE_EQ(expected, actual):
+//         Tests that two double values are almost equal.
+//    * {ASSERT|EXPECT}_NEAR(v1, v2, abs_error):
+//         Tests that v1 and v2 are within the given distance to each other.
+//
+// Google Test uses ULP-based comparison to automatically pick a default
+// error bound that is appropriate for the operands.  See the
+// FloatingPoint template class in gtest-internal.h if you are
+// interested in the implementation details.
+
+#define EXPECT_FLOAT_EQ(expected, actual)\
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<float>, \
+                      expected, actual)
+
+#define EXPECT_DOUBLE_EQ(expected, actual)\
+  EXPECT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<double>, \
+                      expected, actual)
+
+#define ASSERT_FLOAT_EQ(expected, actual)\
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<float>, \
+                      expected, actual)
+
+#define ASSERT_DOUBLE_EQ(expected, actual)\
+  ASSERT_PRED_FORMAT2(::testing::internal::CmpHelperFloatingPointEQ<double>, \
+                      expected, actual)
+
+#define EXPECT_NEAR(val1, val2, abs_error)\
+  EXPECT_PRED_FORMAT3(::testing::internal::DoubleNearPredFormat, \
+                      val1, val2, abs_error)
+
+#define ASSERT_NEAR(val1, val2, abs_error)\
+  ASSERT_PRED_FORMAT3(::testing::internal::DoubleNearPredFormat, \
+                      val1, val2, abs_error)
+
+// These predicate format functions work on floating-point values, and
+// can be used in {ASSERT|EXPECT}_PRED_FORMAT2*(), e.g.
+//
+//   EXPECT_PRED_FORMAT2(testing::DoubleLE, Foo(), 5.0);
+
+// Asserts that val1 is less than, or almost equal to, val2.  Fails
+// otherwise.  In particular, it fails if either val1 or val2 is NaN.
+GTEST_API_ AssertionResult FloatLE(const char* expr1, const char* expr2,
+                                   float val1, float val2);
+GTEST_API_ AssertionResult DoubleLE(const char* expr1, const char* expr2,
+                                    double val1, double val2);
+
+
+#if GTEST_OS_WINDOWS
+
+// Macros that test for HRESULT failure and success, these are only useful
+// on Windows, and rely on Windows SDK macros and APIs to compile.
+//
+//    * {ASSERT|EXPECT}_HRESULT_{SUCCEEDED|FAILED}(expr)
+//
+// When expr unexpectedly fails or succeeds, Google Test prints the
+// expected result and the actual result with both a human-readable
+// string representation of the error, if available, as well as the
+// hex result code.
+# define EXPECT_HRESULT_SUCCEEDED(expr) \
+    EXPECT_PRED_FORMAT1(::testing::internal::IsHRESULTSuccess, (expr))
+
+# define ASSERT_HRESULT_SUCCEEDED(expr) \
+    ASSERT_PRED_FORMAT1(::testing::internal::IsHRESULTSuccess, (expr))
+
+# define EXPECT_HRESULT_FAILED(expr) \
+    EXPECT_PRED_FORMAT1(::testing::internal::IsHRESULTFailure, (expr))
+
+# define ASSERT_HRESULT_FAILED(expr) \
+    ASSERT_PRED_FORMAT1(::testing::internal::IsHRESULTFailure, (expr))
+
+#endif  // GTEST_OS_WINDOWS
+
+// Macros that execute statement and check that it doesn't generate new fatal
+// failures in the current thread.
+//
+//   * {ASSERT|EXPECT}_NO_FATAL_FAILURE(statement);
+//
+// Examples:
+//
+//   EXPECT_NO_FATAL_FAILURE(Process());
+//   ASSERT_NO_FATAL_FAILURE(Process()) << "Process() failed";
+//
+#define ASSERT_NO_FATAL_FAILURE(statement) \
+    GTEST_TEST_NO_FATAL_FAILURE_(statement, GTEST_FATAL_FAILURE_)
+#define EXPECT_NO_FATAL_FAILURE(statement) \
+    GTEST_TEST_NO_FATAL_FAILURE_(statement, GTEST_NONFATAL_FAILURE_)
+
+// Causes a trace (including the source file path, the current line
+// number, and the given message) to be included in every test failure
+// message generated by code in the current scope.  The effect is
+// undone when the control leaves the current scope.
+//
+// The message argument can be anything streamable to std::ostream.
+//
+// In the implementation, we include the current line number as part
+// of the dummy variable name, thus allowing multiple SCOPED_TRACE()s
+// to appear in the same block - as long as they are on different
+// lines.
+#define SCOPED_TRACE(message) \
+  ::testing::internal::ScopedTrace GTEST_CONCAT_TOKEN_(gtest_trace_, __LINE__)(\
+    __FILE__, __LINE__, ::testing::Message() << (message))
+
+// Compile-time assertion for type equality.
+// StaticAssertTypeEq<type1, type2>() compiles iff type1 and type2 are
+// the same type.  The value it returns is not interesting.
+//
+// Instead of making StaticAssertTypeEq a class template, we make it a
+// function template that invokes a helper class template.  This
+// prevents a user from misusing StaticAssertTypeEq<T1, T2> by
+// defining objects of that type.
+//
+// CAVEAT:
+//
+// When used inside a method of a class template,
+// StaticAssertTypeEq<T1, T2>() is effective ONLY IF the method is
+// instantiated.  For example, given:
+//
+//   template <typename T> class Foo {
+//    public:
+//     void Bar() { testing::StaticAssertTypeEq<int, T>(); }
+//   };
+//
+// the code:
+//
+//   void Test1() { Foo<bool> foo; }
+//
+// will NOT generate a compiler error, as Foo<bool>::Bar() is never
+// actually instantiated.  Instead, you need:
+//
+//   void Test2() { Foo<bool> foo; foo.Bar(); }
+//
+// to cause a compiler error.
+template <typename T1, typename T2>
+bool StaticAssertTypeEq() {
+  (void)internal::StaticAssertTypeEqHelper<T1, T2>();
+  return true;
+}
+
+// Defines a test.
+//
+// The first parameter is the name of the test case, and the second
+// parameter is the name of the test within the test case.
+//
+// The convention is to end the test case name with "Test".  For
+// example, a test case for the Foo class can be named FooTest.
+//
+// Test code should appear between braces after an invocation of
+// this macro.  Example:
+//
+//   TEST(FooTest, InitializesCorrectly) {
+//     Foo foo;
+//     EXPECT_TRUE(foo.StatusIsOK());
+//   }
+
+// Note that we call GetTestTypeId() instead of GetTypeId<
+// ::testing::Test>() here to get the type ID of testing::Test.  This
+// is to work around a suspected linker bug when using Google Test as
+// a framework on Mac OS X.  The bug causes GetTypeId<
+// ::testing::Test>() to return different values depending on whether
+// the call is from the Google Test framework itself or from user test
+// code.  GetTestTypeId() is guaranteed to always return the same
+// value, as it always calls GetTypeId<>() from the Google Test
+// framework.
+#define GTEST_TEST(test_case_name, test_name)\
+  GTEST_TEST_(test_case_name, test_name, \
+              ::testing::Test, ::testing::internal::GetTestTypeId())
+
+// Define this macro to 1 to omit the definition of TEST(), which
+// is a generic name and clashes with some other libraries.
+#if !GTEST_DONT_DEFINE_TEST
+# define TEST(test_case_name, test_name) GTEST_TEST(test_case_name, test_name)
+#endif
+
+// Defines a test that uses a test fixture.
+//
+// The first parameter is the name of the test fixture class, which
+// also doubles as the test case name.  The second parameter is the
+// name of the test within the test case.
+//
+// A test fixture class must be declared earlier.  The user should put
+// his test code between braces after using this macro.  Example:
+//
+//   class FooTest : public testing::Test {
+//    protected:
+//     virtual void SetUp() { b_.AddElement(3); }
+//
+//     Foo a_;
+//     Foo b_;
+//   };
+//
+//   TEST_F(FooTest, InitializesCorrectly) {
+//     EXPECT_TRUE(a_.StatusIsOK());
+//   }
+//
+//   TEST_F(FooTest, ReturnsElementCountCorrectly) {
+//     EXPECT_EQ(0, a_.size());
+//     EXPECT_EQ(1, b_.size());
+//   }
+
+#define TEST_F(test_fixture, test_name)\
+  GTEST_TEST_(test_fixture, test_name, test_fixture, \
+              ::testing::internal::GetTypeId<test_fixture>())
+
+}  // namespace testing
+
+// Use this function in main() to run all tests.  It returns 0 if all
+// tests are successful, or 1 otherwise.
+//
+// RUN_ALL_TESTS() should be invoked after the command line has been
+// parsed by InitGoogleTest().
+//
+// This function was formerly a macro; thus, it is in the global
+// namespace and has an all-caps name.
+int RUN_ALL_TESTS() GTEST_MUST_USE_RESULT_;
+
+inline int RUN_ALL_TESTS() {
+  return ::testing::UnitTest::GetInstance()->Run();
+}
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest_pred_impl.h b/nss/gtests/google_test/gtest/include/gtest/gtest_pred_impl.h
new file mode 100644
index 0000000..30ae712
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest_pred_impl.h
@@ -0,0 +1,358 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on 10/31/2011 by command
+// 'gen_gtest_pred_impl.py 5'.  DO NOT EDIT BY HAND!
+//
+// Implements a family of generic predicate assertion macros.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+
+// Makes sure this header is not included before gtest.h.
+#ifndef GTEST_INCLUDE_GTEST_GTEST_H_
+# error Do not include gtest_pred_impl.h directly.  Include gtest.h instead.
+#endif  // GTEST_INCLUDE_GTEST_GTEST_H_
+
+// This header implements a family of generic predicate assertion
+// macros:
+//
+//   ASSERT_PRED_FORMAT1(pred_format, v1)
+//   ASSERT_PRED_FORMAT2(pred_format, v1, v2)
+//   ...
+//
+// where pred_format is a function or functor that takes n (in the
+// case of ASSERT_PRED_FORMATn) values and their source expression
+// text, and returns a testing::AssertionResult.  See the definition
+// of ASSERT_EQ in gtest.h for an example.
+//
+// If you don't care about formatting, you can use the more
+// restrictive version:
+//
+//   ASSERT_PRED1(pred, v1)
+//   ASSERT_PRED2(pred, v1, v2)
+//   ...
+//
+// where pred is an n-ary function or functor that returns bool,
+// and the values v1, v2, ..., must support the << operator for
+// streaming to std::ostream.
+//
+// We also define the EXPECT_* variations.
+//
+// For now we only support predicates whose arity is at most 5.
+// Please email googletestframework@googlegroups.com if you need
+// support for higher arities.
+
+// GTEST_ASSERT_ is the basic statement to which all of the assertions
+// in this file reduce.  Don't use this in your code.
+
+#define GTEST_ASSERT_(expression, on_failure) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (const ::testing::AssertionResult gtest_ar = (expression)) \
+    ; \
+  else \
+    on_failure(gtest_ar.failure_message())
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED1.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1>
+AssertionResult AssertPred1Helper(const char* pred_text,
+                                  const char* e1,
+                                  Pred pred,
+                                  const T1& v1) {
+  if (pred(v1)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT1.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT1_(pred_format, v1, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, v1), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED1.  Don't use
+// this in your code.
+#define GTEST_PRED1_(pred, v1, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred1Helper(#pred, \
+                                             #v1, \
+                                             pred, \
+                                             v1), on_failure)
+
+// Unary predicate assertion macros.
+#define EXPECT_PRED_FORMAT1(pred_format, v1) \
+  GTEST_PRED_FORMAT1_(pred_format, v1, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED1(pred, v1) \
+  GTEST_PRED1_(pred, v1, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT1(pred_format, v1) \
+  GTEST_PRED_FORMAT1_(pred_format, v1, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED1(pred, v1) \
+  GTEST_PRED1_(pred, v1, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED2.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2>
+AssertionResult AssertPred2Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2) {
+  if (pred(v1, v2)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT2.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT2_(pred_format, v1, v2, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, v1, v2), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED2.  Don't use
+// this in your code.
+#define GTEST_PRED2_(pred, v1, v2, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred2Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             pred, \
+                                             v1, \
+                                             v2), on_failure)
+
+// Binary predicate assertion macros.
+#define EXPECT_PRED_FORMAT2(pred_format, v1, v2) \
+  GTEST_PRED_FORMAT2_(pred_format, v1, v2, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED2(pred, v1, v2) \
+  GTEST_PRED2_(pred, v1, v2, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT2(pred_format, v1, v2) \
+  GTEST_PRED_FORMAT2_(pred_format, v1, v2, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED2(pred, v1, v2) \
+  GTEST_PRED2_(pred, v1, v2, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED3.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2,
+          typename T3>
+AssertionResult AssertPred3Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  const char* e3,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2,
+                                  const T3& v3) {
+  if (pred(v1, v2, v3)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ", "
+                            << e3 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2
+                            << "\n" << e3 << " evaluates to " << v3;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT3.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT3_(pred_format, v1, v2, v3, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, #v3, v1, v2, v3), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED3.  Don't use
+// this in your code.
+#define GTEST_PRED3_(pred, v1, v2, v3, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred3Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             #v3, \
+                                             pred, \
+                                             v1, \
+                                             v2, \
+                                             v3), on_failure)
+
+// Ternary predicate assertion macros.
+#define EXPECT_PRED_FORMAT3(pred_format, v1, v2, v3) \
+  GTEST_PRED_FORMAT3_(pred_format, v1, v2, v3, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED3(pred, v1, v2, v3) \
+  GTEST_PRED3_(pred, v1, v2, v3, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT3(pred_format, v1, v2, v3) \
+  GTEST_PRED_FORMAT3_(pred_format, v1, v2, v3, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED3(pred, v1, v2, v3) \
+  GTEST_PRED3_(pred, v1, v2, v3, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED4.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2,
+          typename T3,
+          typename T4>
+AssertionResult AssertPred4Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  const char* e3,
+                                  const char* e4,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2,
+                                  const T3& v3,
+                                  const T4& v4) {
+  if (pred(v1, v2, v3, v4)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ", "
+                            << e3 << ", "
+                            << e4 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2
+                            << "\n" << e3 << " evaluates to " << v3
+                            << "\n" << e4 << " evaluates to " << v4;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT4.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT4_(pred_format, v1, v2, v3, v4, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, #v3, #v4, v1, v2, v3, v4), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED4.  Don't use
+// this in your code.
+#define GTEST_PRED4_(pred, v1, v2, v3, v4, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred4Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             #v3, \
+                                             #v4, \
+                                             pred, \
+                                             v1, \
+                                             v2, \
+                                             v3, \
+                                             v4), on_failure)
+
+// 4-ary predicate assertion macros.
+#define EXPECT_PRED_FORMAT4(pred_format, v1, v2, v3, v4) \
+  GTEST_PRED_FORMAT4_(pred_format, v1, v2, v3, v4, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED4(pred, v1, v2, v3, v4) \
+  GTEST_PRED4_(pred, v1, v2, v3, v4, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT4(pred_format, v1, v2, v3, v4) \
+  GTEST_PRED_FORMAT4_(pred_format, v1, v2, v3, v4, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED4(pred, v1, v2, v3, v4) \
+  GTEST_PRED4_(pred, v1, v2, v3, v4, GTEST_FATAL_FAILURE_)
+
+
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED5.  Don't use
+// this in your code.
+template <typename Pred,
+          typename T1,
+          typename T2,
+          typename T3,
+          typename T4,
+          typename T5>
+AssertionResult AssertPred5Helper(const char* pred_text,
+                                  const char* e1,
+                                  const char* e2,
+                                  const char* e3,
+                                  const char* e4,
+                                  const char* e5,
+                                  Pred pred,
+                                  const T1& v1,
+                                  const T2& v2,
+                                  const T3& v3,
+                                  const T4& v4,
+                                  const T5& v5) {
+  if (pred(v1, v2, v3, v4, v5)) return AssertionSuccess();
+
+  return AssertionFailure() << pred_text << "("
+                            << e1 << ", "
+                            << e2 << ", "
+                            << e3 << ", "
+                            << e4 << ", "
+                            << e5 << ") evaluates to false, where"
+                            << "\n" << e1 << " evaluates to " << v1
+                            << "\n" << e2 << " evaluates to " << v2
+                            << "\n" << e3 << " evaluates to " << v3
+                            << "\n" << e4 << " evaluates to " << v4
+                            << "\n" << e5 << " evaluates to " << v5;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT5.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT5_(pred_format, v1, v2, v3, v4, v5, on_failure)\
+  GTEST_ASSERT_(pred_format(#v1, #v2, #v3, #v4, #v5, v1, v2, v3, v4, v5), \
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED5.  Don't use
+// this in your code.
+#define GTEST_PRED5_(pred, v1, v2, v3, v4, v5, on_failure)\
+  GTEST_ASSERT_(::testing::AssertPred5Helper(#pred, \
+                                             #v1, \
+                                             #v2, \
+                                             #v3, \
+                                             #v4, \
+                                             #v5, \
+                                             pred, \
+                                             v1, \
+                                             v2, \
+                                             v3, \
+                                             v4, \
+                                             v5), on_failure)
+
+// 5-ary predicate assertion macros.
+#define EXPECT_PRED_FORMAT5(pred_format, v1, v2, v3, v4, v5) \
+  GTEST_PRED_FORMAT5_(pred_format, v1, v2, v3, v4, v5, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED5(pred, v1, v2, v3, v4, v5) \
+  GTEST_PRED5_(pred, v1, v2, v3, v4, v5, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT5(pred_format, v1, v2, v3, v4, v5) \
+  GTEST_PRED_FORMAT5_(pred_format, v1, v2, v3, v4, v5, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED5(pred, v1, v2, v3, v4, v5) \
+  GTEST_PRED5_(pred, v1, v2, v3, v4, v5, GTEST_FATAL_FAILURE_)
+
+
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/gtest_prod.h b/nss/gtests/google_test/gtest/include/gtest/gtest_prod.h
new file mode 100644
index 0000000..da80ddc
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/gtest_prod.h
@@ -0,0 +1,58 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Google C++ Testing Framework definitions useful in production code.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PROD_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PROD_H_
+
+// When you need to test the private or protected members of a class,
+// use the FRIEND_TEST macro to declare your tests as friends of the
+// class.  For example:
+//
+// class MyClass {
+//  private:
+//   void MyMethod();
+//   FRIEND_TEST(MyClassTest, MyMethod);
+// };
+//
+// class MyClassTest : public testing::Test {
+//   // ...
+// };
+//
+// TEST_F(MyClassTest, MyMethod) {
+//   // Can call MyClass::MyMethod() here.
+// }
+
+#define FRIEND_TEST(test_case_name, test_name)\
+friend class test_case_name##_##test_name##_Test
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PROD_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
new file mode 100644
index 0000000..2b3a78f
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-death-test-internal.h
@@ -0,0 +1,319 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan), eefacm@gmail.com (Sean Mcafee)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file defines internal utilities needed for implementing
+// death tests.  They are subject to change without notice.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_DEATH_TEST_INTERNAL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_DEATH_TEST_INTERNAL_H_
+
+#include "gtest/internal/gtest-internal.h"
+
+#include <stdio.h>
+
+namespace testing {
+namespace internal {
+
+GTEST_DECLARE_string_(internal_run_death_test);
+
+// Names of the flags (needed for parsing Google Test flags).
+const char kDeathTestStyleFlag[] = "death_test_style";
+const char kDeathTestUseFork[] = "death_test_use_fork";
+const char kInternalRunDeathTestFlag[] = "internal_run_death_test";
+
+#if GTEST_HAS_DEATH_TEST
+
+// DeathTest is a class that hides much of the complexity of the
+// GTEST_DEATH_TEST_ macro.  It is abstract; its static Create method
+// returns a concrete class that depends on the prevailing death test
+// style, as defined by the --gtest_death_test_style and/or
+// --gtest_internal_run_death_test flags.
+
+// In describing the results of death tests, these terms are used with
+// the corresponding definitions:
+//
+// exit status:  The integer exit information in the format specified
+//               by wait(2)
+// exit code:    The integer code passed to exit(3), _exit(2), or
+//               returned from main()
+class GTEST_API_ DeathTest {
+ public:
+  // Create returns false if there was an error determining the
+  // appropriate action to take for the current death test; for example,
+  // if the gtest_death_test_style flag is set to an invalid value.
+  // The LastMessage method will return a more detailed message in that
+  // case.  Otherwise, the DeathTest pointer pointed to by the "test"
+  // argument is set.  If the death test should be skipped, the pointer
+  // is set to NULL; otherwise, it is set to the address of a new concrete
+  // DeathTest object that controls the execution of the current test.
+  static bool Create(const char* statement, const RE* regex,
+                     const char* file, int line, DeathTest** test);
+  DeathTest();
+  virtual ~DeathTest() { }
+
+  // A helper class that aborts a death test when it's deleted.
+  class ReturnSentinel {
+   public:
+    explicit ReturnSentinel(DeathTest* test) : test_(test) { }
+    ~ReturnSentinel() { test_->Abort(TEST_ENCOUNTERED_RETURN_STATEMENT); }
+   private:
+    DeathTest* const test_;
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(ReturnSentinel);
+  } GTEST_ATTRIBUTE_UNUSED_;
+
+  // An enumeration of possible roles that may be taken when a death
+  // test is encountered.  EXECUTE means that the death test logic should
+  // be executed immediately.  OVERSEE means that the program should prepare
+  // the appropriate environment for a child process to execute the death
+  // test, then wait for it to complete.
+  enum TestRole { OVERSEE_TEST, EXECUTE_TEST };
+
+  // An enumeration of the three reasons that a test might be aborted.
+  enum AbortReason {
+    TEST_ENCOUNTERED_RETURN_STATEMENT,
+    TEST_THREW_EXCEPTION,
+    TEST_DID_NOT_DIE
+  };
+
+  // Assumes one of the above roles.
+  virtual TestRole AssumeRole() = 0;
+
+  // Waits for the death test to finish and returns its status.
+  virtual int Wait() = 0;
+
+  // Returns true if the death test passed; that is, the test process
+  // exited during the test, its exit status matches a user-supplied
+  // predicate, and its stderr output matches a user-supplied regular
+  // expression.
+  // The user-supplied predicate may be a macro expression rather
+  // than a function pointer or functor, or else Wait and Passed could
+  // be combined.
+  virtual bool Passed(bool exit_status_ok) = 0;
+
+  // Signals that the death test did not die as expected.
+  virtual void Abort(AbortReason reason) = 0;
+
+  // Returns a human-readable outcome message regarding the outcome of
+  // the last death test.
+  static const char* LastMessage();
+
+  static void set_last_death_test_message(const std::string& message);
+
+ private:
+  // A string containing a description of the outcome of the last death test.
+  static std::string last_death_test_message_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DeathTest);
+};
+
+// Factory interface for death tests.  May be mocked out for testing.
+class DeathTestFactory {
+ public:
+  virtual ~DeathTestFactory() { }
+  virtual bool Create(const char* statement, const RE* regex,
+                      const char* file, int line, DeathTest** test) = 0;
+};
+
+// A concrete DeathTestFactory implementation for normal use.
+class DefaultDeathTestFactory : public DeathTestFactory {
+ public:
+  virtual bool Create(const char* statement, const RE* regex,
+                      const char* file, int line, DeathTest** test);
+};
+
+// Returns true if exit_status describes a process that was terminated
+// by a signal, or exited normally with a nonzero exit code.
+GTEST_API_ bool ExitedUnsuccessfully(int exit_status);
+
+// Traps C++ exceptions escaping statement and reports them as test
+// failures. Note that trapping SEH exceptions is not implemented here.
+# if GTEST_HAS_EXCEPTIONS
+#  define GTEST_EXECUTE_DEATH_TEST_STATEMENT_(statement, death_test) \
+  try { \
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+  } catch (const ::std::exception& gtest_exception) { \
+    fprintf(\
+        stderr, \
+        "\n%s: Caught std::exception-derived exception escaping the " \
+        "death test statement. Exception message: %s\n", \
+        ::testing::internal::FormatFileLocation(__FILE__, __LINE__).c_str(), \
+        gtest_exception.what()); \
+    fflush(stderr); \
+    death_test->Abort(::testing::internal::DeathTest::TEST_THREW_EXCEPTION); \
+  } catch (...) { \
+    death_test->Abort(::testing::internal::DeathTest::TEST_THREW_EXCEPTION); \
+  }
+
+# else
+#  define GTEST_EXECUTE_DEATH_TEST_STATEMENT_(statement, death_test) \
+  GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement)
+
+# endif
+
+// This macro is for implementing ASSERT_DEATH*, EXPECT_DEATH*,
+// ASSERT_EXIT*, and EXPECT_EXIT*.
+# define GTEST_DEATH_TEST_(statement, predicate, regex, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    const ::testing::internal::RE& gtest_regex = (regex); \
+    ::testing::internal::DeathTest* gtest_dt; \
+    if (!::testing::internal::DeathTest::Create(#statement, &gtest_regex, \
+        __FILE__, __LINE__, &gtest_dt)) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_, __LINE__); \
+    } \
+    if (gtest_dt != NULL) { \
+      ::testing::internal::scoped_ptr< ::testing::internal::DeathTest> \
+          gtest_dt_ptr(gtest_dt); \
+      switch (gtest_dt->AssumeRole()) { \
+        case ::testing::internal::DeathTest::OVERSEE_TEST: \
+          if (!gtest_dt->Passed(predicate(gtest_dt->Wait()))) { \
+            goto GTEST_CONCAT_TOKEN_(gtest_label_, __LINE__); \
+          } \
+          break; \
+        case ::testing::internal::DeathTest::EXECUTE_TEST: { \
+          ::testing::internal::DeathTest::ReturnSentinel \
+              gtest_sentinel(gtest_dt); \
+          GTEST_EXECUTE_DEATH_TEST_STATEMENT_(statement, gtest_dt); \
+          gtest_dt->Abort(::testing::internal::DeathTest::TEST_DID_NOT_DIE); \
+          break; \
+        } \
+        default: \
+          break; \
+      } \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_, __LINE__): \
+      fail(::testing::internal::DeathTest::LastMessage())
+// The symbol "fail" here expands to something into which a message
+// can be streamed.
+
+// This macro is for implementing ASSERT/EXPECT_DEBUG_DEATH when compiled in
+// NDEBUG mode. In this case we need the statements to be executed, the regex is
+// ignored, and the macro must accept a streamed message even though the message
+// is never printed.
+# define GTEST_EXECUTE_STATEMENT_(statement, regex) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+     GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+  } else \
+    ::testing::Message()
+
+// A class representing the parsed contents of the
+// --gtest_internal_run_death_test flag, as it existed when
+// RUN_ALL_TESTS was called.
+class InternalRunDeathTestFlag {
+ public:
+  InternalRunDeathTestFlag(const std::string& a_file,
+                           int a_line,
+                           int an_index,
+                           int a_write_fd)
+      : file_(a_file), line_(a_line), index_(an_index),
+        write_fd_(a_write_fd) {}
+
+  ~InternalRunDeathTestFlag() {
+    if (write_fd_ >= 0)
+      posix::Close(write_fd_);
+  }
+
+  const std::string& file() const { return file_; }
+  int line() const { return line_; }
+  int index() const { return index_; }
+  int write_fd() const { return write_fd_; }
+
+ private:
+  std::string file_;
+  int line_;
+  int index_;
+  int write_fd_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(InternalRunDeathTestFlag);
+};
+
+// Returns a newly created InternalRunDeathTestFlag object with fields
+// initialized from the GTEST_FLAG(internal_run_death_test) flag if
+// the flag is specified; otherwise returns NULL.
+InternalRunDeathTestFlag* ParseInternalRunDeathTestFlag();
+
+#else  // GTEST_HAS_DEATH_TEST
+
+// This macro is used for implementing macros such as
+// EXPECT_DEATH_IF_SUPPORTED and ASSERT_DEATH_IF_SUPPORTED on systems where
+// death tests are not supported. Those macros must compile on such systems
+// iff EXPECT_DEATH and ASSERT_DEATH compile with the same parameters on
+// systems that support death tests. This allows one to write such a macro
+// on a system that does not support death tests and be sure that it will
+// compile on a death-test supporting system.
+//
+// Parameters:
+//   statement -  A statement that a macro such as EXPECT_DEATH would test
+//                for program termination. This macro has to make sure this
+//                statement is compiled but not executed, to ensure that
+//                EXPECT_DEATH_IF_SUPPORTED compiles with a certain
+//                parameter iff EXPECT_DEATH compiles with it.
+//   regex     -  A regex that a macro such as EXPECT_DEATH would use to test
+//                the output of statement.  This parameter has to be
+//                compiled but not evaluated by this macro, to ensure that
+//                this macro only accepts expressions that a macro such as
+//                EXPECT_DEATH would accept.
+//   terminator - Must be an empty statement for EXPECT_DEATH_IF_SUPPORTED
+//                and a return statement for ASSERT_DEATH_IF_SUPPORTED.
+//                This ensures that ASSERT_DEATH_IF_SUPPORTED will not
+//                compile inside functions where ASSERT_DEATH doesn't
+//                compile.
+//
+//  The branch that has an always false condition is used to ensure that
+//  statement and regex are compiled (and thus syntactically correct) but
+//  never executed. The unreachable code macro protects the terminator
+//  statement from generating an 'unreachable code' warning in case
+//  statement unconditionally returns or throws. The Message constructor at
+//  the end allows the syntax of streaming additional messages into the
+//  macro, for compilational compatibility with EXPECT_DEATH/ASSERT_DEATH.
+# define GTEST_UNSUPPORTED_DEATH_TEST_(statement, regex, terminator) \
+    GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+    if (::testing::internal::AlwaysTrue()) { \
+      GTEST_LOG_(WARNING) \
+          << "Death tests are not supported on this platform.\n" \
+          << "Statement '" #statement "' cannot be verified."; \
+    } else if (::testing::internal::AlwaysFalse()) { \
+      ::testing::internal::RE::PartialMatch(".*", (regex)); \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+      terminator; \
+    } else \
+      ::testing::Message()
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_DEATH_TEST_INTERNAL_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-filepath.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-filepath.h
new file mode 100644
index 0000000..7a13b4b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-filepath.h
@@ -0,0 +1,206 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: keith.ray@gmail.com (Keith Ray)
+//
+// Google Test filepath utilities
+//
+// This header file declares classes and functions used internally by
+// Google Test.  They are subject to change without notice.
+//
+// This file is #included in <gtest/internal/gtest-internal.h>.
+// Do not include this header file separately!
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_FILEPATH_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_FILEPATH_H_
+
+#include "gtest/internal/gtest-string.h"
+
+namespace testing {
+namespace internal {
+
+// FilePath - a class for file and directory pathname manipulation which
+// handles platform-specific conventions (like the pathname separator).
+// Used for helper functions for naming files in a directory for xml output.
+// Except for Set methods, all methods are const or static, which provides an
+// "immutable value object" -- useful for peace of mind.
+// A FilePath with a value ending in a path separator ("like/this/") represents
+// a directory, otherwise it is assumed to represent a file. In either case,
+// it may or may not represent an actual file or directory in the file system.
+// Names are NOT checked for syntax correctness -- no checking for illegal
+// characters, malformed paths, etc.
+
+class GTEST_API_ FilePath {
+ public:
+  FilePath() : pathname_("") { }
+  FilePath(const FilePath& rhs) : pathname_(rhs.pathname_) { }
+
+  explicit FilePath(const std::string& pathname) : pathname_(pathname) {
+    Normalize();
+  }
+
+  FilePath& operator=(const FilePath& rhs) {
+    Set(rhs);
+    return *this;
+  }
+
+  void Set(const FilePath& rhs) {
+    pathname_ = rhs.pathname_;
+  }
+
+  const std::string& string() const { return pathname_; }
+  const char* c_str() const { return pathname_.c_str(); }
+
+  // Returns the current working directory, or "" if unsuccessful.
+  static FilePath GetCurrentDir();
+
+  // Given directory = "dir", base_name = "test", number = 0,
+  // extension = "xml", returns "dir/test.xml". If number is greater
+  // than zero (e.g., 12), returns "dir/test_12.xml".
+  // On Windows platform, uses \ as the separator rather than /.
+  static FilePath MakeFileName(const FilePath& directory,
+                               const FilePath& base_name,
+                               int number,
+                               const char* extension);
+
+  // Given directory = "dir", relative_path = "test.xml",
+  // returns "dir/test.xml".
+  // On Windows, uses \ as the separator rather than /.
+  static FilePath ConcatPaths(const FilePath& directory,
+                              const FilePath& relative_path);
+
+  // Returns a pathname for a file that does not currently exist. The pathname
+  // will be directory/base_name.extension or
+  // directory/base_name_<number>.extension if directory/base_name.extension
+  // already exists. The number will be incremented until a pathname is found
+  // that does not already exist.
+  // Examples: 'dir/foo_test.xml' or 'dir/foo_test_1.xml'.
+  // There could be a race condition if two or more processes are calling this
+  // function at the same time -- they could both pick the same filename.
+  static FilePath GenerateUniqueFileName(const FilePath& directory,
+                                         const FilePath& base_name,
+                                         const char* extension);
+
+  // Returns true iff the path is "".
+  bool IsEmpty() const { return pathname_.empty(); }
+
+  // If input name has a trailing separator character, removes it and returns
+  // the name, otherwise return the name string unmodified.
+  // On Windows platform, uses \ as the separator, other platforms use /.
+  FilePath RemoveTrailingPathSeparator() const;
+
+  // Returns a copy of the FilePath with the directory part removed.
+  // Example: FilePath("path/to/file").RemoveDirectoryName() returns
+  // FilePath("file"). If there is no directory part ("just_a_file"), it returns
+  // the FilePath unmodified. If there is no file part ("just_a_dir/") it
+  // returns an empty FilePath ("").
+  // On Windows platform, '\' is the path separator, otherwise it is '/'.
+  FilePath RemoveDirectoryName() const;
+
+  // RemoveFileName returns the directory path with the filename removed.
+  // Example: FilePath("path/to/file").RemoveFileName() returns "path/to/".
+  // If the FilePath is "a_file" or "/a_file", RemoveFileName returns
+  // FilePath("./") or, on Windows, FilePath(".\\"). If the filepath does
+  // not have a file, like "just/a/dir/", it returns the FilePath unmodified.
+  // On Windows platform, '\' is the path separator, otherwise it is '/'.
+  FilePath RemoveFileName() const;
+
+  // Returns a copy of the FilePath with the case-insensitive extension removed.
+  // Example: FilePath("dir/file.exe").RemoveExtension("EXE") returns
+  // FilePath("dir/file"). If a case-insensitive extension is not
+  // found, returns a copy of the original FilePath.
+  FilePath RemoveExtension(const char* extension) const;
+
+  // Creates directories so that path exists. Returns true if successful or if
+  // the directories already exist; returns false if unable to create
+  // directories for any reason. Will also return false if the FilePath does
+  // not represent a directory (that is, it doesn't end with a path separator).
+  bool CreateDirectoriesRecursively() const;
+
+  // Create the directory so that path exists. Returns true if successful or
+  // if the directory already exists; returns false if unable to create the
+  // directory for any reason, including if the parent directory does not
+  // exist. Not named "CreateDirectory" because that's a macro on Windows.
+  bool CreateFolder() const;
+
+  // Returns true if FilePath describes something in the file-system,
+  // either a file, directory, or whatever, and that something exists.
+  bool FileOrDirectoryExists() const;
+
+  // Returns true if pathname describes a directory in the file-system
+  // that exists.
+  bool DirectoryExists() const;
+
+  // Returns true if FilePath ends with a path separator, which indicates that
+  // it is intended to represent a directory. Returns false otherwise.
+  // This does NOT check that a directory (or file) actually exists.
+  bool IsDirectory() const;
+
+  // Returns true if pathname describes a root directory. (Windows has one
+  // root directory per disk drive.)
+  bool IsRootDirectory() const;
+
+  // Returns true if pathname describes an absolute path.
+  bool IsAbsolutePath() const;
+
+ private:
+  // Replaces multiple consecutive separators with a single separator.
+  // For example, "bar///foo" becomes "bar/foo". Does not eliminate other
+  // redundancies that might be in a pathname involving "." or "..".
+  //
+  // A pathname with multiple consecutive separators may occur either through
+  // user error or as a result of some scripts or APIs that generate a pathname
+  // with a trailing separator. On other platforms the same API or script
+  // may NOT generate a pathname with a trailing "/". Then elsewhere that
+  // pathname may have another "/" and pathname components added to it,
+  // without checking for the separator already being there.
+  // The script language and operating system may allow paths like "foo//bar"
+  // but some of the functions in FilePath will not handle that correctly. In
+  // particular, RemoveTrailingPathSeparator() only removes one separator, and
+  // it is called in CreateDirectoriesRecursively() assuming that it will change
+  // a pathname from directory syntax (trailing separator) to filename syntax.
+  //
+  // On Windows this method also replaces the alternate path separator '/' with
+  // the primary path separator '\\', so that for example "bar\\/\\foo" becomes
+  // "bar\\foo".
+
+  void Normalize();
+
+  // Returns a pointer to the last occurence of a valid path separator in
+  // the FilePath. On Windows, for example, both '/' and '\' are valid path
+  // separators. Returns NULL if no path separator was found.
+  const char* FindLastPathSeparator() const;
+
+  std::string pathname_;
+};  // class FilePath
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_FILEPATH_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-internal.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-internal.h
new file mode 100644
index 0000000..21a0f56
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-internal.h
@@ -0,0 +1,1193 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan), eefacm@gmail.com (Sean Mcafee)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file declares functions and macros used internally by
+// Google Test.  They are subject to change without notice.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_INTERNAL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_INTERNAL_H_
+
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_OS_LINUX
+# include <stdlib.h>
+# include <sys/types.h>
+# include <sys/wait.h>
+# include <unistd.h>
+#endif  // GTEST_OS_LINUX
+
+#if GTEST_HAS_EXCEPTIONS
+# include <stdexcept>
+#endif
+
+#include <ctype.h>
+#include <float.h>
+#include <string.h>
+#include <iomanip>
+#include <limits>
+#include <set>
+#include <string>
+#include <vector>
+
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-string.h"
+#include "gtest/internal/gtest-filepath.h"
+#include "gtest/internal/gtest-type-util.h"
+
+// Due to C++ preprocessor weirdness, we need double indirection to
+// concatenate two tokens when one of them is __LINE__.  Writing
+//
+//   foo ## __LINE__
+//
+// will result in the token foo__LINE__, instead of foo followed by
+// the current line number.  For more details, see
+// http://www.parashift.com/c++-faq-lite/misc-technical-issues.html#faq-39.6
+#define GTEST_CONCAT_TOKEN_(foo, bar) GTEST_CONCAT_TOKEN_IMPL_(foo, bar)
+#define GTEST_CONCAT_TOKEN_IMPL_(foo, bar) foo ## bar
+
+class ProtocolMessage;
+namespace proto2 { class Message; }
+
+namespace testing {
+
+// Forward declarations.
+
+class AssertionResult;                 // Result of an assertion.
+class Message;                         // Represents a failure message.
+class Test;                            // Represents a test.
+class TestInfo;                        // Information about a test.
+class TestPartResult;                  // Result of a test part.
+class UnitTest;                        // A collection of test cases.
+
+template <typename T>
+::std::string PrintToString(const T& value);
+
+namespace internal {
+
+struct TraceInfo;                      // Information about a trace point.
+class ScopedTrace;                     // Implements scoped trace.
+class TestInfoImpl;                    // Opaque implementation of TestInfo
+class UnitTestImpl;                    // Opaque implementation of UnitTest
+
+// How many times InitGoogleTest() has been called.
+GTEST_API_ extern int g_init_gtest_count;
+
+// The text used in failure messages to indicate the start of the
+// stack trace.
+GTEST_API_ extern const char kStackTraceMarker[];
+
+// Two overloaded helpers for checking at compile time whether an
+// expression is a null pointer literal (i.e. NULL or any 0-valued
+// compile-time integral constant).  Their return values have
+// different sizes, so we can use sizeof() to test which version is
+// picked by the compiler.  These helpers have no implementations, as
+// we only need their signatures.
+//
+// Given IsNullLiteralHelper(x), the compiler will pick the first
+// version if x can be implicitly converted to Secret*, and pick the
+// second version otherwise.  Since Secret is a secret and incomplete
+// type, the only expression a user can write that has type Secret* is
+// a null pointer literal.  Therefore, we know that x is a null
+// pointer literal if and only if the first version is picked by the
+// compiler.
+char IsNullLiteralHelper(Secret* p);
+char (&IsNullLiteralHelper(...))[2];  // NOLINT
+
+// A compile-time bool constant that is true if and only if x is a
+// null pointer literal (i.e. NULL or any 0-valued compile-time
+// integral constant).
+#ifdef GTEST_ELLIPSIS_NEEDS_POD_
+// We lose support for NULL detection where the compiler doesn't like
+// passing non-POD classes through ellipsis (...).
+# define GTEST_IS_NULL_LITERAL_(x) false
+#else
+# define GTEST_IS_NULL_LITERAL_(x) \
+    (sizeof(::testing::internal::IsNullLiteralHelper(x)) == 1)
+#endif  // GTEST_ELLIPSIS_NEEDS_POD_
+
+// Appends the user-supplied message to the Google-Test-generated message.
+GTEST_API_ std::string AppendUserMessage(
+    const std::string& gtest_msg, const Message& user_msg);
+
+#if GTEST_HAS_EXCEPTIONS
+
+// This exception is thrown by (and only by) a failed Google Test
+// assertion when GTEST_FLAG(throw_on_failure) is true (if exceptions
+// are enabled).  We derive it from std::runtime_error, which is for
+// errors presumably detectable only at run time.  Since
+// std::runtime_error inherits from std::exception, many testing
+// frameworks know how to extract and print the message inside it.
+class GTEST_API_ GoogleTestFailureException : public ::std::runtime_error {
+ public:
+  explicit GoogleTestFailureException(const TestPartResult& failure);
+};
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// A helper class for creating scoped traces in user programs.
+class GTEST_API_ ScopedTrace {
+ public:
+  // The c'tor pushes the given source file location and message onto
+  // a trace stack maintained by Google Test.
+  ScopedTrace(const char* file, int line, const Message& message);
+
+  // The d'tor pops the info pushed by the c'tor.
+  //
+  // Note that the d'tor is not virtual in order to be efficient.
+  // Don't inherit from ScopedTrace!
+  ~ScopedTrace();
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ScopedTrace);
+} GTEST_ATTRIBUTE_UNUSED_;  // A ScopedTrace object does its job in its
+                            // c'tor and d'tor.  Therefore it doesn't
+                            // need to be used otherwise.
+
+namespace edit_distance {
+// Returns the optimal edits to go from 'left' to 'right'.
+// All edits cost the same, with replace having lower priority than
+// add/remove.
+// Simple implementation of the Wagner–Fischer algorithm.
+// See http://en.wikipedia.org/wiki/Wagner-Fischer_algorithm
+enum EditType { kMatch, kAdd, kRemove, kReplace };
+GTEST_API_ std::vector<EditType> CalculateOptimalEdits(
+    const std::vector<size_t>& left, const std::vector<size_t>& right);
+
+// Same as above, but the input is represented as strings.
+GTEST_API_ std::vector<EditType> CalculateOptimalEdits(
+    const std::vector<std::string>& left,
+    const std::vector<std::string>& right);
+
+// Create a diff of the input strings in Unified diff format.
+GTEST_API_ std::string CreateUnifiedDiff(const std::vector<std::string>& left,
+                                         const std::vector<std::string>& right,
+                                         size_t context = 2);
+
+}  // namespace edit_distance
+
+// Calculate the diff between 'left' and 'right' and return it in unified diff
+// format.
+// If not null, stores in 'total_line_count' the total number of lines found
+// in left + right.
+GTEST_API_ std::string DiffStrings(const std::string& left,
+                                   const std::string& right,
+                                   size_t* total_line_count);
+
+// Constructs and returns the message for an equality assertion
+// (e.g. ASSERT_EQ, EXPECT_STREQ, etc) failure.
+//
+// The first four parameters are the expressions used in the assertion
+// and their values, as strings.  For example, for ASSERT_EQ(foo, bar)
+// where foo is 5 and bar is 6, we have:
+//
+//   expected_expression: "foo"
+//   actual_expression:   "bar"
+//   expected_value:      "5"
+//   actual_value:        "6"
+//
+// The ignoring_case parameter is true iff the assertion is a
+// *_STRCASEEQ*.  When it's true, the string " (ignoring case)" will
+// be inserted into the message.
+GTEST_API_ AssertionResult EqFailure(const char* expected_expression,
+                                     const char* actual_expression,
+                                     const std::string& expected_value,
+                                     const std::string& actual_value,
+                                     bool ignoring_case);
+
+// Constructs a failure message for Boolean assertions such as EXPECT_TRUE.
+GTEST_API_ std::string GetBoolAssertionFailureMessage(
+    const AssertionResult& assertion_result,
+    const char* expression_text,
+    const char* actual_predicate_value,
+    const char* expected_predicate_value);
+
+// This template class represents an IEEE floating-point number
+// (either single-precision or double-precision, depending on the
+// template parameters).
+//
+// The purpose of this class is to do more sophisticated number
+// comparison.  (Due to round-off error, etc, it's very unlikely that
+// two floating-points will be equal exactly.  Hence a naive
+// comparison by the == operation often doesn't work.)
+//
+// Format of IEEE floating-point:
+//
+//   The most-significant bit being the leftmost, an IEEE
+//   floating-point looks like
+//
+//     sign_bit exponent_bits fraction_bits
+//
+//   Here, sign_bit is a single bit that designates the sign of the
+//   number.
+//
+//   For float, there are 8 exponent bits and 23 fraction bits.
+//
+//   For double, there are 11 exponent bits and 52 fraction bits.
+//
+//   More details can be found at
+//   http://en.wikipedia.org/wiki/IEEE_floating-point_standard.
+//
+// Template parameter:
+//
+//   RawType: the raw floating-point type (either float or double)
+template <typename RawType>
+class FloatingPoint {
+ public:
+  // Defines the unsigned integer type that has the same size as the
+  // floating point number.
+  typedef typename TypeWithSize<sizeof(RawType)>::UInt Bits;
+
+  // Constants.
+
+  // # of bits in a number.
+  static const size_t kBitCount = 8*sizeof(RawType);
+
+  // # of fraction bits in a number.
+  static const size_t kFractionBitCount =
+    std::numeric_limits<RawType>::digits - 1;
+
+  // # of exponent bits in a number.
+  static const size_t kExponentBitCount = kBitCount - 1 - kFractionBitCount;
+
+  // The mask for the sign bit.
+  static const Bits kSignBitMask = static_cast<Bits>(1) << (kBitCount - 1);
+
+  // The mask for the fraction bits.
+  static const Bits kFractionBitMask =
+    ~static_cast<Bits>(0) >> (kExponentBitCount + 1);
+
+  // The mask for the exponent bits.
+  static const Bits kExponentBitMask = ~(kSignBitMask | kFractionBitMask);
+
+  // How many ULP's (Units in the Last Place) we want to tolerate when
+  // comparing two numbers.  The larger the value, the more error we
+  // allow.  A 0 value means that two numbers must be exactly the same
+  // to be considered equal.
+  //
+  // The maximum error of a single floating-point operation is 0.5
+  // units in the last place.  On Intel CPU's, all floating-point
+  // calculations are done with 80-bit precision, while double has 64
+  // bits.  Therefore, 4 should be enough for ordinary use.
+  //
+  // See the following article for more details on ULP:
+  // http://randomascii.wordpress.com/2012/02/25/comparing-floating-point-numbers-2012-edition/
+  static const size_t kMaxUlps = 4;
+
+  // Constructs a FloatingPoint from a raw floating-point number.
+  //
+  // On an Intel CPU, passing a non-normalized NAN (Not a Number)
+  // around may change its bits, although the new value is guaranteed
+  // to be also a NAN.  Therefore, don't expect this constructor to
+  // preserve the bits in x when x is a NAN.
+  explicit FloatingPoint(const RawType& x) { u_.value_ = x; }
+
+  // Static methods
+
+  // Reinterprets a bit pattern as a floating-point number.
+  //
+  // This function is needed to test the AlmostEquals() method.
+  static RawType ReinterpretBits(const Bits bits) {
+    FloatingPoint fp(0);
+    fp.u_.bits_ = bits;
+    return fp.u_.value_;
+  }
+
+  // Returns the floating-point number that represent positive infinity.
+  static RawType Infinity() {
+    return ReinterpretBits(kExponentBitMask);
+  }
+
+  // Returns the maximum representable finite floating-point number.
+  static RawType Max();
+
+  // Non-static methods
+
+  // Returns the bits that represents this number.
+  const Bits &bits() const { return u_.bits_; }
+
+  // Returns the exponent bits of this number.
+  Bits exponent_bits() const { return kExponentBitMask & u_.bits_; }
+
+  // Returns the fraction bits of this number.
+  Bits fraction_bits() const { return kFractionBitMask & u_.bits_; }
+
+  // Returns the sign bit of this number.
+  Bits sign_bit() const { return kSignBitMask & u_.bits_; }
+
+  // Returns true iff this is NAN (not a number).
+  bool is_nan() const {
+    // It's a NAN if the exponent bits are all ones and the fraction
+    // bits are not entirely zeros.
+    return (exponent_bits() == kExponentBitMask) && (fraction_bits() != 0);
+  }
+
+  // Returns true iff this number is at most kMaxUlps ULP's away from
+  // rhs.  In particular, this function:
+  //
+  //   - returns false if either number is (or both are) NAN.
+  //   - treats really large numbers as almost equal to infinity.
+  //   - thinks +0.0 and -0.0 are 0 DLP's apart.
+  bool AlmostEquals(const FloatingPoint& rhs) const {
+    // The IEEE standard says that any comparison operation involving
+    // a NAN must return false.
+    if (is_nan() || rhs.is_nan()) return false;
+
+    return DistanceBetweenSignAndMagnitudeNumbers(u_.bits_, rhs.u_.bits_)
+        <= kMaxUlps;
+  }
+
+ private:
+  // The data type used to store the actual floating-point number.
+  union FloatingPointUnion {
+    RawType value_;  // The raw floating-point number.
+    Bits bits_;      // The bits that represent the number.
+  };
+
+  // Converts an integer from the sign-and-magnitude representation to
+  // the biased representation.  More precisely, let N be 2 to the
+  // power of (kBitCount - 1), an integer x is represented by the
+  // unsigned number x + N.
+  //
+  // For instance,
+  //
+  //   -N + 1 (the most negative number representable using
+  //          sign-and-magnitude) is represented by 1;
+  //   0      is represented by N; and
+  //   N - 1  (the biggest number representable using
+  //          sign-and-magnitude) is represented by 2N - 1.
+  //
+  // Read http://en.wikipedia.org/wiki/Signed_number_representations
+  // for more details on signed number representations.
+  static Bits SignAndMagnitudeToBiased(const Bits &sam) {
+    if (kSignBitMask & sam) {
+      // sam represents a negative number.
+      return ~sam + 1;
+    } else {
+      // sam represents a positive number.
+      return kSignBitMask | sam;
+    }
+  }
+
+  // Given two numbers in the sign-and-magnitude representation,
+  // returns the distance between them as an unsigned number.
+  static Bits DistanceBetweenSignAndMagnitudeNumbers(const Bits &sam1,
+                                                     const Bits &sam2) {
+    const Bits biased1 = SignAndMagnitudeToBiased(sam1);
+    const Bits biased2 = SignAndMagnitudeToBiased(sam2);
+    return (biased1 >= biased2) ? (biased1 - biased2) : (biased2 - biased1);
+  }
+
+  FloatingPointUnion u_;
+};
+
+// We cannot use std::numeric_limits<T>::max() as it clashes with the max()
+// macro defined by <windows.h>.
+template <>
+inline float FloatingPoint<float>::Max() { return FLT_MAX; }
+template <>
+inline double FloatingPoint<double>::Max() { return DBL_MAX; }
+
+// Typedefs the instances of the FloatingPoint template class that we
+// care to use.
+typedef FloatingPoint<float> Float;
+typedef FloatingPoint<double> Double;
+
+// In order to catch the mistake of putting tests that use different
+// test fixture classes in the same test case, we need to assign
+// unique IDs to fixture classes and compare them.  The TypeId type is
+// used to hold such IDs.  The user should treat TypeId as an opaque
+// type: the only operation allowed on TypeId values is to compare
+// them for equality using the == operator.
+typedef const void* TypeId;
+
+template <typename T>
+class TypeIdHelper {
+ public:
+  // dummy_ must not have a const type.  Otherwise an overly eager
+  // compiler (e.g. MSVC 7.1 & 8.0) may try to merge
+  // TypeIdHelper<T>::dummy_ for different Ts as an "optimization".
+  static bool dummy_;
+};
+
+template <typename T>
+bool TypeIdHelper<T>::dummy_ = false;
+
+// GetTypeId<T>() returns the ID of type T.  Different values will be
+// returned for different types.  Calling the function twice with the
+// same type argument is guaranteed to return the same ID.
+template <typename T>
+TypeId GetTypeId() {
+  // The compiler is required to allocate a different
+  // TypeIdHelper<T>::dummy_ variable for each T used to instantiate
+  // the template.  Therefore, the address of dummy_ is guaranteed to
+  // be unique.
+  return &(TypeIdHelper<T>::dummy_);
+}
+
+// Returns the type ID of ::testing::Test.  Always call this instead
+// of GetTypeId< ::testing::Test>() to get the type ID of
+// ::testing::Test, as the latter may give the wrong result due to a
+// suspected linker bug when compiling Google Test as a Mac OS X
+// framework.
+GTEST_API_ TypeId GetTestTypeId();
+
+// Defines the abstract factory interface that creates instances
+// of a Test object.
+class TestFactoryBase {
+ public:
+  virtual ~TestFactoryBase() {}
+
+  // Creates a test instance to run. The instance is both created and destroyed
+  // within TestInfoImpl::Run()
+  virtual Test* CreateTest() = 0;
+
+ protected:
+  TestFactoryBase() {}
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestFactoryBase);
+};
+
+// This class provides implementation of TeastFactoryBase interface.
+// It is used in TEST and TEST_F macros.
+template <class TestClass>
+class TestFactoryImpl : public TestFactoryBase {
+ public:
+  virtual Test* CreateTest() { return new TestClass; }
+};
+
+#if GTEST_OS_WINDOWS
+
+// Predicate-formatters for implementing the HRESULT checking macros
+// {ASSERT|EXPECT}_HRESULT_{SUCCEEDED|FAILED}
+// We pass a long instead of HRESULT to avoid causing an
+// include dependency for the HRESULT type.
+GTEST_API_ AssertionResult IsHRESULTSuccess(const char* expr,
+                                            long hr);  // NOLINT
+GTEST_API_ AssertionResult IsHRESULTFailure(const char* expr,
+                                            long hr);  // NOLINT
+
+#endif  // GTEST_OS_WINDOWS
+
+// Types of SetUpTestCase() and TearDownTestCase() functions.
+typedef void (*SetUpTestCaseFunc)();
+typedef void (*TearDownTestCaseFunc)();
+
+// Creates a new TestInfo object and registers it with Google Test;
+// returns the created object.
+//
+// Arguments:
+//
+//   test_case_name:   name of the test case
+//   name:             name of the test
+//   type_param        the name of the test's type parameter, or NULL if
+//                     this is not a typed or a type-parameterized test.
+//   value_param       text representation of the test's value parameter,
+//                     or NULL if this is not a type-parameterized test.
+//   fixture_class_id: ID of the test fixture class
+//   set_up_tc:        pointer to the function that sets up the test case
+//   tear_down_tc:     pointer to the function that tears down the test case
+//   factory:          pointer to the factory that creates a test object.
+//                     The newly created TestInfo instance will assume
+//                     ownership of the factory object.
+GTEST_API_ TestInfo* MakeAndRegisterTestInfo(
+    const char* test_case_name,
+    const char* name,
+    const char* type_param,
+    const char* value_param,
+    TypeId fixture_class_id,
+    SetUpTestCaseFunc set_up_tc,
+    TearDownTestCaseFunc tear_down_tc,
+    TestFactoryBase* factory);
+
+// If *pstr starts with the given prefix, modifies *pstr to be right
+// past the prefix and returns true; otherwise leaves *pstr unchanged
+// and returns false.  None of pstr, *pstr, and prefix can be NULL.
+GTEST_API_ bool SkipPrefix(const char* prefix, const char** pstr);
+
+#if GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// State of the definition of a type-parameterized test case.
+class GTEST_API_ TypedTestCasePState {
+ public:
+  TypedTestCasePState() : registered_(false) {}
+
+  // Adds the given test name to defined_test_names_ and return true
+  // if the test case hasn't been registered; otherwise aborts the
+  // program.
+  bool AddTestName(const char* file, int line, const char* case_name,
+                   const char* test_name) {
+    if (registered_) {
+      fprintf(stderr, "%s Test %s must be defined before "
+              "REGISTER_TYPED_TEST_CASE_P(%s, ...).\n",
+              FormatFileLocation(file, line).c_str(), test_name, case_name);
+      fflush(stderr);
+      posix::Abort();
+    }
+    defined_test_names_.insert(test_name);
+    return true;
+  }
+
+  // Verifies that registered_tests match the test names in
+  // defined_test_names_; returns registered_tests if successful, or
+  // aborts the program otherwise.
+  const char* VerifyRegisteredTestNames(
+      const char* file, int line, const char* registered_tests);
+
+ private:
+  bool registered_;
+  ::std::set<const char*> defined_test_names_;
+};
+
+// Skips to the first non-space char after the first comma in 'str';
+// returns NULL if no comma is found in 'str'.
+inline const char* SkipComma(const char* str) {
+  const char* comma = strchr(str, ',');
+  if (comma == NULL) {
+    return NULL;
+  }
+  while (IsSpace(*(++comma))) {}
+  return comma;
+}
+
+// Returns the prefix of 'str' before the first comma in it; returns
+// the entire string if it contains no comma.
+inline std::string GetPrefixUntilComma(const char* str) {
+  const char* comma = strchr(str, ',');
+  return comma == NULL ? str : std::string(str, comma);
+}
+
+// TypeParameterizedTest<Fixture, TestSel, Types>::Register()
+// registers a list of type-parameterized tests with Google Test.  The
+// return value is insignificant - we just need to return something
+// such that we can call this function in a namespace scope.
+//
+// Implementation note: The GTEST_TEMPLATE_ macro declares a template
+// template parameter.  It's defined in gtest-type-util.h.
+template <GTEST_TEMPLATE_ Fixture, class TestSel, typename Types>
+class TypeParameterizedTest {
+ public:
+  // 'index' is the index of the test in the type list 'Types'
+  // specified in INSTANTIATE_TYPED_TEST_CASE_P(Prefix, TestCase,
+  // Types).  Valid values for 'index' are [0, N - 1] where N is the
+  // length of Types.
+  static bool Register(const char* prefix, const char* case_name,
+                       const char* test_names, int index) {
+    typedef typename Types::Head Type;
+    typedef Fixture<Type> FixtureClass;
+    typedef typename GTEST_BIND_(TestSel, Type) TestClass;
+
+    // First, registers the first type-parameterized test in the type
+    // list.
+    MakeAndRegisterTestInfo(
+        (std::string(prefix) + (prefix[0] == '\0' ? "" : "/") + case_name + "/"
+         + StreamableToString(index)).c_str(),
+        GetPrefixUntilComma(test_names).c_str(),
+        GetTypeName<Type>().c_str(),
+        NULL,  // No value parameter.
+        GetTypeId<FixtureClass>(),
+        TestClass::SetUpTestCase,
+        TestClass::TearDownTestCase,
+        new TestFactoryImpl<TestClass>);
+
+    // Next, recurses (at compile time) with the tail of the type list.
+    return TypeParameterizedTest<Fixture, TestSel, typename Types::Tail>
+        ::Register(prefix, case_name, test_names, index + 1);
+  }
+};
+
+// The base case for the compile time recursion.
+template <GTEST_TEMPLATE_ Fixture, class TestSel>
+class TypeParameterizedTest<Fixture, TestSel, Types0> {
+ public:
+  static bool Register(const char* /*prefix*/, const char* /*case_name*/,
+                       const char* /*test_names*/, int /*index*/) {
+    return true;
+  }
+};
+
+// TypeParameterizedTestCase<Fixture, Tests, Types>::Register()
+// registers *all combinations* of 'Tests' and 'Types' with Google
+// Test.  The return value is insignificant - we just need to return
+// something such that we can call this function in a namespace scope.
+template <GTEST_TEMPLATE_ Fixture, typename Tests, typename Types>
+class TypeParameterizedTestCase {
+ public:
+  static bool Register(const char* prefix, const char* case_name,
+                       const char* test_names) {
+    typedef typename Tests::Head Head;
+
+    // First, register the first test in 'Test' for each type in 'Types'.
+    TypeParameterizedTest<Fixture, Head, Types>::Register(
+        prefix, case_name, test_names, 0);
+
+    // Next, recurses (at compile time) with the tail of the test list.
+    return TypeParameterizedTestCase<Fixture, typename Tests::Tail, Types>
+        ::Register(prefix, case_name, SkipComma(test_names));
+  }
+};
+
+// The base case for the compile time recursion.
+template <GTEST_TEMPLATE_ Fixture, typename Types>
+class TypeParameterizedTestCase<Fixture, Templates0, Types> {
+ public:
+  static bool Register(const char* /*prefix*/, const char* /*case_name*/,
+                       const char* /*test_names*/) {
+    return true;
+  }
+};
+
+#endif  // GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// Returns the current OS stack trace as an std::string.
+//
+// The maximum number of stack frames to be included is specified by
+// the gtest_stack_trace_depth flag.  The skip_count parameter
+// specifies the number of top frames to be skipped, which doesn't
+// count against the number of frames to be included.
+//
+// For example, if Foo() calls Bar(), which in turn calls
+// GetCurrentOsStackTraceExceptTop(..., 1), Foo() will be included in
+// the trace but Bar() and GetCurrentOsStackTraceExceptTop() won't.
+GTEST_API_ std::string GetCurrentOsStackTraceExceptTop(
+    UnitTest* unit_test, int skip_count);
+
+// Helpers for suppressing warnings on unreachable code or constant
+// condition.
+
+// Always returns true.
+GTEST_API_ bool AlwaysTrue();
+
+// Always returns false.
+inline bool AlwaysFalse() { return !AlwaysTrue(); }
+
+// Helper for suppressing false warning from Clang on a const char*
+// variable declared in a conditional expression always being NULL in
+// the else branch.
+struct GTEST_API_ ConstCharPtr {
+  ConstCharPtr(const char* str) : value(str) {}
+  operator bool() const { return true; }
+  const char* value;
+};
+
+// A simple Linear Congruential Generator for generating random
+// numbers with a uniform distribution.  Unlike rand() and srand(), it
+// doesn't use global state (and therefore can't interfere with user
+// code).  Unlike rand_r(), it's portable.  An LCG isn't very random,
+// but it's good enough for our purposes.
+class GTEST_API_ Random {
+ public:
+  static const UInt32 kMaxRange = 1u << 31;
+
+  explicit Random(UInt32 seed) : state_(seed) {}
+
+  void Reseed(UInt32 seed) { state_ = seed; }
+
+  // Generates a random number from [0, range).  Crashes if 'range' is
+  // 0 or greater than kMaxRange.
+  UInt32 Generate(UInt32 range);
+
+ private:
+  UInt32 state_;
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Random);
+};
+
+// Defining a variable of type CompileAssertTypesEqual<T1, T2> will cause a
+// compiler error iff T1 and T2 are different types.
+template <typename T1, typename T2>
+struct CompileAssertTypesEqual;
+
+template <typename T>
+struct CompileAssertTypesEqual<T, T> {
+};
+
+// Removes the reference from a type if it is a reference type,
+// otherwise leaves it unchanged.  This is the same as
+// tr1::remove_reference, which is not widely available yet.
+template <typename T>
+struct RemoveReference { typedef T type; };  // NOLINT
+template <typename T>
+struct RemoveReference<T&> { typedef T type; };  // NOLINT
+
+// A handy wrapper around RemoveReference that works when the argument
+// T depends on template parameters.
+#define GTEST_REMOVE_REFERENCE_(T) \
+    typename ::testing::internal::RemoveReference<T>::type
+
+// Removes const from a type if it is a const type, otherwise leaves
+// it unchanged.  This is the same as tr1::remove_const, which is not
+// widely available yet.
+template <typename T>
+struct RemoveConst { typedef T type; };  // NOLINT
+template <typename T>
+struct RemoveConst<const T> { typedef T type; };  // NOLINT
+
+// MSVC 8.0, Sun C++, and IBM XL C++ have a bug which causes the above
+// definition to fail to remove the const in 'const int[3]' and 'const
+// char[3][4]'.  The following specialization works around the bug.
+template <typename T, size_t N>
+struct RemoveConst<const T[N]> {
+  typedef typename RemoveConst<T>::type type[N];
+};
+
+#if defined(_MSC_VER) && _MSC_VER < 1400
+// This is the only specialization that allows VC++ 7.1 to remove const in
+// 'const int[3] and 'const int[3][4]'.  However, it causes trouble with GCC
+// and thus needs to be conditionally compiled.
+template <typename T, size_t N>
+struct RemoveConst<T[N]> {
+  typedef typename RemoveConst<T>::type type[N];
+};
+#endif
+
+// A handy wrapper around RemoveConst that works when the argument
+// T depends on template parameters.
+#define GTEST_REMOVE_CONST_(T) \
+    typename ::testing::internal::RemoveConst<T>::type
+
+// Turns const U&, U&, const U, and U all into U.
+#define GTEST_REMOVE_REFERENCE_AND_CONST_(T) \
+    GTEST_REMOVE_CONST_(GTEST_REMOVE_REFERENCE_(T))
+
+// Adds reference to a type if it is not a reference type,
+// otherwise leaves it unchanged.  This is the same as
+// tr1::add_reference, which is not widely available yet.
+template <typename T>
+struct AddReference { typedef T& type; };  // NOLINT
+template <typename T>
+struct AddReference<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper around AddReference that works when the argument T
+// depends on template parameters.
+#define GTEST_ADD_REFERENCE_(T) \
+    typename ::testing::internal::AddReference<T>::type
+
+// Adds a reference to const on top of T as necessary.  For example,
+// it transforms
+//
+//   char         ==> const char&
+//   const char   ==> const char&
+//   char&        ==> const char&
+//   const char&  ==> const char&
+//
+// The argument T must depend on some template parameters.
+#define GTEST_REFERENCE_TO_CONST_(T) \
+    GTEST_ADD_REFERENCE_(const GTEST_REMOVE_REFERENCE_(T))
+
+// ImplicitlyConvertible<From, To>::value is a compile-time bool
+// constant that's true iff type From can be implicitly converted to
+// type To.
+template <typename From, typename To>
+class ImplicitlyConvertible {
+ private:
+  // We need the following helper functions only for their types.
+  // They have no implementations.
+
+  // MakeFrom() is an expression whose type is From.  We cannot simply
+  // use From(), as the type From may not have a public default
+  // constructor.
+  static typename AddReference<From>::type MakeFrom();
+
+  // These two functions are overloaded.  Given an expression
+  // Helper(x), the compiler will pick the first version if x can be
+  // implicitly converted to type To; otherwise it will pick the
+  // second version.
+  //
+  // The first version returns a value of size 1, and the second
+  // version returns a value of size 2.  Therefore, by checking the
+  // size of Helper(x), which can be done at compile time, we can tell
+  // which version of Helper() is used, and hence whether x can be
+  // implicitly converted to type To.
+  static char Helper(To);
+  static char (&Helper(...))[2];  // NOLINT
+
+  // We have to put the 'public' section after the 'private' section,
+  // or MSVC refuses to compile the code.
+ public:
+#if defined(__BORLANDC__)
+  // C++Builder cannot use member overload resolution during template
+  // instantiation.  The simplest workaround is to use its C++0x type traits
+  // functions (C++Builder 2009 and above only).
+  static const bool value = __is_convertible(From, To);
+#else
+  // MSVC warns about implicitly converting from double to int for
+  // possible loss of data, so we need to temporarily disable the
+  // warning.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4244)
+  static const bool value =
+      sizeof(Helper(ImplicitlyConvertible::MakeFrom())) == 1;
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+#endif  // __BORLANDC__
+};
+template <typename From, typename To>
+const bool ImplicitlyConvertible<From, To>::value;
+
+// IsAProtocolMessage<T>::value is a compile-time bool constant that's
+// true iff T is type ProtocolMessage, proto2::Message, or a subclass
+// of those.
+template <typename T>
+struct IsAProtocolMessage
+    : public bool_constant<
+  ImplicitlyConvertible<const T*, const ::ProtocolMessage*>::value ||
+  ImplicitlyConvertible<const T*, const ::proto2::Message*>::value> {
+};
+
+// When the compiler sees expression IsContainerTest<C>(0), if C is an
+// STL-style container class, the first overload of IsContainerTest
+// will be viable (since both C::iterator* and C::const_iterator* are
+// valid types and NULL can be implicitly converted to them).  It will
+// be picked over the second overload as 'int' is a perfect match for
+// the type of argument 0.  If C::iterator or C::const_iterator is not
+// a valid type, the first overload is not viable, and the second
+// overload will be picked.  Therefore, we can determine whether C is
+// a container class by checking the type of IsContainerTest<C>(0).
+// The value of the expression is insignificant.
+//
+// Note that we look for both C::iterator and C::const_iterator.  The
+// reason is that C++ injects the name of a class as a member of the
+// class itself (e.g. you can refer to class iterator as either
+// 'iterator' or 'iterator::iterator').  If we look for C::iterator
+// only, for example, we would mistakenly think that a class named
+// iterator is an STL container.
+//
+// Also note that the simpler approach of overloading
+// IsContainerTest(typename C::const_iterator*) and
+// IsContainerTest(...) doesn't work with Visual Age C++ and Sun C++.
+typedef int IsContainer;
+template <class C>
+IsContainer IsContainerTest(int /* dummy */,
+                            typename C::iterator* /* it */ = NULL,
+                            typename C::const_iterator* /* const_it */ = NULL) {
+  return 0;
+}
+
+typedef char IsNotContainer;
+template <class C>
+IsNotContainer IsContainerTest(long /* dummy */) { return '\0'; }
+
+// EnableIf<condition>::type is void when 'Cond' is true, and
+// undefined when 'Cond' is false.  To use SFINAE to make a function
+// overload only apply when a particular expression is true, add
+// "typename EnableIf<expression>::type* = 0" as the last parameter.
+template<bool> struct EnableIf;
+template<> struct EnableIf<true> { typedef void type; };  // NOLINT
+
+// Utilities for native arrays.
+
+// ArrayEq() compares two k-dimensional native arrays using the
+// elements' operator==, where k can be any integer >= 0.  When k is
+// 0, ArrayEq() degenerates into comparing a single pair of values.
+
+template <typename T, typename U>
+bool ArrayEq(const T* lhs, size_t size, const U* rhs);
+
+// This generic version is used when k is 0.
+template <typename T, typename U>
+inline bool ArrayEq(const T& lhs, const U& rhs) { return lhs == rhs; }
+
+// This overload is used when k >= 1.
+template <typename T, typename U, size_t N>
+inline bool ArrayEq(const T(&lhs)[N], const U(&rhs)[N]) {
+  return internal::ArrayEq(lhs, N, rhs);
+}
+
+// This helper reduces code bloat.  If we instead put its logic inside
+// the previous ArrayEq() function, arrays with different sizes would
+// lead to different copies of the template code.
+template <typename T, typename U>
+bool ArrayEq(const T* lhs, size_t size, const U* rhs) {
+  for (size_t i = 0; i != size; i++) {
+    if (!internal::ArrayEq(lhs[i], rhs[i]))
+      return false;
+  }
+  return true;
+}
+
+// Finds the first element in the iterator range [begin, end) that
+// equals elem.  Element may be a native array type itself.
+template <typename Iter, typename Element>
+Iter ArrayAwareFind(Iter begin, Iter end, const Element& elem) {
+  for (Iter it = begin; it != end; ++it) {
+    if (internal::ArrayEq(*it, elem))
+      return it;
+  }
+  return end;
+}
+
+// CopyArray() copies a k-dimensional native array using the elements'
+// operator=, where k can be any integer >= 0.  When k is 0,
+// CopyArray() degenerates into copying a single value.
+
+template <typename T, typename U>
+void CopyArray(const T* from, size_t size, U* to);
+
+// This generic version is used when k is 0.
+template <typename T, typename U>
+inline void CopyArray(const T& from, U* to) { *to = from; }
+
+// This overload is used when k >= 1.
+template <typename T, typename U, size_t N>
+inline void CopyArray(const T(&from)[N], U(*to)[N]) {
+  internal::CopyArray(from, N, *to);
+}
+
+// This helper reduces code bloat.  If we instead put its logic inside
+// the previous CopyArray() function, arrays with different sizes
+// would lead to different copies of the template code.
+template <typename T, typename U>
+void CopyArray(const T* from, size_t size, U* to) {
+  for (size_t i = 0; i != size; i++) {
+    internal::CopyArray(from[i], to + i);
+  }
+}
+
+// The relation between an NativeArray object (see below) and the
+// native array it represents.
+// We use 2 different structs to allow non-copyable types to be used, as long
+// as RelationToSourceReference() is passed.
+struct RelationToSourceReference {};
+struct RelationToSourceCopy {};
+
+// Adapts a native array to a read-only STL-style container.  Instead
+// of the complete STL container concept, this adaptor only implements
+// members useful for Google Mock's container matchers.  New members
+// should be added as needed.  To simplify the implementation, we only
+// support Element being a raw type (i.e. having no top-level const or
+// reference modifier).  It's the client's responsibility to satisfy
+// this requirement.  Element can be an array type itself (hence
+// multi-dimensional arrays are supported).
+template <typename Element>
+class NativeArray {
+ public:
+  // STL-style container typedefs.
+  typedef Element value_type;
+  typedef Element* iterator;
+  typedef const Element* const_iterator;
+
+  // Constructs from a native array. References the source.
+  NativeArray(const Element* array, size_t count, RelationToSourceReference) {
+    InitRef(array, count);
+  }
+
+  // Constructs from a native array. Copies the source.
+  NativeArray(const Element* array, size_t count, RelationToSourceCopy) {
+    InitCopy(array, count);
+  }
+
+  // Copy constructor.
+  NativeArray(const NativeArray& rhs) {
+    (this->*rhs.clone_)(rhs.array_, rhs.size_);
+  }
+
+  ~NativeArray() {
+    if (clone_ != &NativeArray::InitRef)
+      delete[] array_;
+  }
+
+  // STL-style container methods.
+  size_t size() const { return size_; }
+  const_iterator begin() const { return array_; }
+  const_iterator end() const { return array_ + size_; }
+  bool operator==(const NativeArray& rhs) const {
+    return size() == rhs.size() &&
+        ArrayEq(begin(), size(), rhs.begin());
+  }
+
+ private:
+  enum {
+    kCheckTypeIsNotConstOrAReference = StaticAssertTypeEqHelper<
+        Element, GTEST_REMOVE_REFERENCE_AND_CONST_(Element)>::value,
+  };
+
+  // Initializes this object with a copy of the input.
+  void InitCopy(const Element* array, size_t a_size) {
+    Element* const copy = new Element[a_size];
+    CopyArray(array, a_size, copy);
+    array_ = copy;
+    size_ = a_size;
+    clone_ = &NativeArray::InitCopy;
+  }
+
+  // Initializes this object with a reference of the input.
+  void InitRef(const Element* array, size_t a_size) {
+    array_ = array;
+    size_ = a_size;
+    clone_ = &NativeArray::InitRef;
+  }
+
+  const Element* array_;
+  size_t size_;
+  void (NativeArray::*clone_)(const Element*, size_t);
+
+  GTEST_DISALLOW_ASSIGN_(NativeArray);
+};
+
+}  // namespace internal
+}  // namespace testing
+
+#define GTEST_MESSAGE_AT_(file, line, message, result_type) \
+  ::testing::internal::AssertHelper(result_type, file, line, message) \
+    = ::testing::Message()
+
+#define GTEST_MESSAGE_(message, result_type) \
+  GTEST_MESSAGE_AT_(__FILE__, __LINE__, message, result_type)
+
+#define GTEST_FATAL_FAILURE_(message) \
+  return GTEST_MESSAGE_(message, ::testing::TestPartResult::kFatalFailure)
+
+#define GTEST_NONFATAL_FAILURE_(message) \
+  GTEST_MESSAGE_(message, ::testing::TestPartResult::kNonFatalFailure)
+
+#define GTEST_SUCCESS_(message) \
+  GTEST_MESSAGE_(message, ::testing::TestPartResult::kSuccess)
+
+// Suppresses MSVC warnings 4072 (unreachable code) for the code following
+// statement if it returns or throws (or doesn't return or throw in some
+// situations).
+#define GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement) \
+  if (::testing::internal::AlwaysTrue()) { statement; }
+
+#define GTEST_TEST_THROW_(statement, expected_exception, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::ConstCharPtr gtest_msg = "") { \
+    bool gtest_caught_expected = false; \
+    try { \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    } \
+    catch (expected_exception const&) { \
+      gtest_caught_expected = true; \
+    } \
+    catch (...) { \
+      gtest_msg.value = \
+          "Expected: " #statement " throws an exception of type " \
+          #expected_exception ".\n  Actual: it throws a different type."; \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testthrow_, __LINE__); \
+    } \
+    if (!gtest_caught_expected) { \
+      gtest_msg.value = \
+          "Expected: " #statement " throws an exception of type " \
+          #expected_exception ".\n  Actual: it throws nothing."; \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testthrow_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testthrow_, __LINE__): \
+      fail(gtest_msg.value)
+
+#define GTEST_TEST_NO_THROW_(statement, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    try { \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    } \
+    catch (...) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testnothrow_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testnothrow_, __LINE__): \
+      fail("Expected: " #statement " doesn't throw an exception.\n" \
+           "  Actual: it throws.")
+
+#define GTEST_TEST_ANY_THROW_(statement, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    bool gtest_caught_any = false; \
+    try { \
+      GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    } \
+    catch (...) { \
+      gtest_caught_any = true; \
+    } \
+    if (!gtest_caught_any) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testanythrow_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testanythrow_, __LINE__): \
+      fail("Expected: " #statement " throws an exception.\n" \
+           "  Actual: it doesn't.")
+
+
+// Implements Boolean test assertions such as EXPECT_TRUE. expression can be
+// either a boolean expression or an AssertionResult. text is a textual
+// represenation of expression as it was passed into the EXPECT_TRUE.
+#define GTEST_TEST_BOOLEAN_(expression, text, actual, expected, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (const ::testing::AssertionResult gtest_ar_ = \
+      ::testing::AssertionResult(expression)) \
+    ; \
+  else \
+    fail(::testing::internal::GetBoolAssertionFailureMessage(\
+        gtest_ar_, text, #actual, #expected).c_str())
+
+#define GTEST_TEST_NO_FATAL_FAILURE_(statement, fail) \
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+  if (::testing::internal::AlwaysTrue()) { \
+    ::testing::internal::HasNewFatalFailureHelper gtest_fatal_failure_checker; \
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(statement); \
+    if (gtest_fatal_failure_checker.has_new_fatal_failure()) { \
+      goto GTEST_CONCAT_TOKEN_(gtest_label_testnofatal_, __LINE__); \
+    } \
+  } else \
+    GTEST_CONCAT_TOKEN_(gtest_label_testnofatal_, __LINE__): \
+      fail("Expected: " #statement " doesn't generate new fatal " \
+           "failures in the current thread.\n" \
+           "  Actual: it does.")
+
+// Expands to the name of the class that implements the given test.
+#define GTEST_TEST_CLASS_NAME_(test_case_name, test_name) \
+  test_case_name##_##test_name##_Test
+
+// Helper macro for defining tests.
+#define GTEST_TEST_(test_case_name, test_name, parent_class, parent_id)\
+class GTEST_TEST_CLASS_NAME_(test_case_name, test_name) : public parent_class {\
+ public:\
+  GTEST_TEST_CLASS_NAME_(test_case_name, test_name)() {}\
+ private:\
+  virtual void TestBody();\
+  static ::testing::TestInfo* const test_info_ GTEST_ATTRIBUTE_UNUSED_;\
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(\
+      GTEST_TEST_CLASS_NAME_(test_case_name, test_name));\
+};\
+\
+::testing::TestInfo* const GTEST_TEST_CLASS_NAME_(test_case_name, test_name)\
+  ::test_info_ =\
+    ::testing::internal::MakeAndRegisterTestInfo(\
+        #test_case_name, #test_name, NULL, NULL, \
+        (parent_id), \
+        parent_class::SetUpTestCase, \
+        parent_class::TearDownTestCase, \
+        new ::testing::internal::TestFactoryImpl<\
+            GTEST_TEST_CLASS_NAME_(test_case_name, test_name)>);\
+void GTEST_TEST_CLASS_NAME_(test_case_name, test_name)::TestBody()
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_INTERNAL_H_
+
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
new file mode 100644
index 0000000..b1362cd
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-linked_ptr.h
@@ -0,0 +1,233 @@
+// Copyright 2003 Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: Dan Egnor (egnor@google.com)
+//
+// A "smart" pointer type with reference tracking.  Every pointer to a
+// particular object is kept on a circular linked list.  When the last pointer
+// to an object is destroyed or reassigned, the object is deleted.
+//
+// Used properly, this deletes the object when the last reference goes away.
+// There are several caveats:
+// - Like all reference counting schemes, cycles lead to leaks.
+// - Each smart pointer is actually two pointers (8 bytes instead of 4).
+// - Every time a pointer is assigned, the entire list of pointers to that
+//   object is traversed.  This class is therefore NOT SUITABLE when there
+//   will often be more than two or three pointers to a particular object.
+// - References are only tracked as long as linked_ptr<> objects are copied.
+//   If a linked_ptr<> is converted to a raw pointer and back, BAD THINGS
+//   will happen (double deletion).
+//
+// A good use of this class is storing object references in STL containers.
+// You can safely put linked_ptr<> in a vector<>.
+// Other uses may not be as good.
+//
+// Note: If you use an incomplete type with linked_ptr<>, the class
+// *containing* linked_ptr<> must have a constructor and destructor (even
+// if they do nothing!).
+//
+// Bill Gibbons suggested we use something like this.
+//
+// Thread Safety:
+//   Unlike other linked_ptr implementations, in this implementation
+//   a linked_ptr object is thread-safe in the sense that:
+//     - it's safe to copy linked_ptr objects concurrently,
+//     - it's safe to copy *from* a linked_ptr and read its underlying
+//       raw pointer (e.g. via get()) concurrently, and
+//     - it's safe to write to two linked_ptrs that point to the same
+//       shared object concurrently.
+// TODO(wan@google.com): rename this to safe_linked_ptr to avoid
+// confusion with normal linked_ptr.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_LINKED_PTR_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_LINKED_PTR_H_
+
+#include <stdlib.h>
+#include <assert.h>
+
+#include "gtest/internal/gtest-port.h"
+
+namespace testing {
+namespace internal {
+
+// Protects copying of all linked_ptr objects.
+GTEST_API_ GTEST_DECLARE_STATIC_MUTEX_(g_linked_ptr_mutex);
+
+// This is used internally by all instances of linked_ptr<>.  It needs to be
+// a non-template class because different types of linked_ptr<> can refer to
+// the same object (linked_ptr<Superclass>(obj) vs linked_ptr<Subclass>(obj)).
+// So, it needs to be possible for different types of linked_ptr to participate
+// in the same circular linked list, so we need a single class type here.
+//
+// DO NOT USE THIS CLASS DIRECTLY YOURSELF.  Use linked_ptr<T>.
+class linked_ptr_internal {
+ public:
+  // Create a new circle that includes only this instance.
+  void join_new() {
+    next_ = this;
+  }
+
+  // Many linked_ptr operations may change p.link_ for some linked_ptr
+  // variable p in the same circle as this object.  Therefore we need
+  // to prevent two such operations from occurring concurrently.
+  //
+  // Note that different types of linked_ptr objects can coexist in a
+  // circle (e.g. linked_ptr<Base>, linked_ptr<Derived1>, and
+  // linked_ptr<Derived2>).  Therefore we must use a single mutex to
+  // protect all linked_ptr objects.  This can create serious
+  // contention in production code, but is acceptable in a testing
+  // framework.
+
+  // Join an existing circle.
+  void join(linked_ptr_internal const* ptr)
+      GTEST_LOCK_EXCLUDED_(g_linked_ptr_mutex) {
+    MutexLock lock(&g_linked_ptr_mutex);
+
+    linked_ptr_internal const* p = ptr;
+    while (p->next_ != ptr) p = p->next_;
+    p->next_ = this;
+    next_ = ptr;
+  }
+
+  // Leave whatever circle we're part of.  Returns true if we were the
+  // last member of the circle.  Once this is done, you can join() another.
+  bool depart()
+      GTEST_LOCK_EXCLUDED_(g_linked_ptr_mutex) {
+    MutexLock lock(&g_linked_ptr_mutex);
+
+    if (next_ == this) return true;
+    linked_ptr_internal const* p = next_;
+    while (p->next_ != this) p = p->next_;
+    p->next_ = next_;
+    return false;
+  }
+
+ private:
+  mutable linked_ptr_internal const* next_;
+};
+
+template <typename T>
+class linked_ptr {
+ public:
+  typedef T element_type;
+
+  // Take over ownership of a raw pointer.  This should happen as soon as
+  // possible after the object is created.
+  explicit linked_ptr(T* ptr = NULL) { capture(ptr); }
+  ~linked_ptr() { depart(); }
+
+  // Copy an existing linked_ptr<>, adding ourselves to the list of references.
+  template <typename U> linked_ptr(linked_ptr<U> const& ptr) { copy(&ptr); }
+  linked_ptr(linked_ptr const& ptr) {  // NOLINT
+    assert(&ptr != this);
+    copy(&ptr);
+  }
+
+  // Assignment releases the old value and acquires the new.
+  template <typename U> linked_ptr& operator=(linked_ptr<U> const& ptr) {
+    depart();
+    copy(&ptr);
+    return *this;
+  }
+
+  linked_ptr& operator=(linked_ptr const& ptr) {
+    if (&ptr != this) {
+      depart();
+      copy(&ptr);
+    }
+    return *this;
+  }
+
+  // Smart pointer members.
+  void reset(T* ptr = NULL) {
+    depart();
+    capture(ptr);
+  }
+  T* get() const { return value_; }
+  T* operator->() const { return value_; }
+  T& operator*() const { return *value_; }
+
+  bool operator==(T* p) const { return value_ == p; }
+  bool operator!=(T* p) const { return value_ != p; }
+  template <typename U>
+  bool operator==(linked_ptr<U> const& ptr) const {
+    return value_ == ptr.get();
+  }
+  template <typename U>
+  bool operator!=(linked_ptr<U> const& ptr) const {
+    return value_ != ptr.get();
+  }
+
+ private:
+  template <typename U>
+  friend class linked_ptr;
+
+  T* value_;
+  linked_ptr_internal link_;
+
+  void depart() {
+    if (link_.depart()) delete value_;
+  }
+
+  void capture(T* ptr) {
+    value_ = ptr;
+    link_.join_new();
+  }
+
+  template <typename U> void copy(linked_ptr<U> const* ptr) {
+    value_ = ptr->get();
+    if (value_)
+      link_.join(&ptr->link_);
+    else
+      link_.join_new();
+  }
+};
+
+template<typename T> inline
+bool operator==(T* ptr, const linked_ptr<T>& x) {
+  return ptr == x.get();
+}
+
+template<typename T> inline
+bool operator!=(T* ptr, const linked_ptr<T>& x) {
+  return ptr != x.get();
+}
+
+// A function to convert T* into linked_ptr<T>
+// Doing e.g. make_linked_ptr(new FooBarBaz<type>(arg)) is a shorter notation
+// for linked_ptr<FooBarBaz<type> >(new FooBarBaz<type>(arg))
+template <typename T>
+linked_ptr<T> make_linked_ptr(T* ptr) {
+  return linked_ptr<T>(ptr);
+}
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_LINKED_PTR_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
new file mode 100644
index 0000000..6dbaf4b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h
@@ -0,0 +1,5143 @@
+// This file was GENERATED by command:
+//     pump.py gtest-param-util-generated.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// Type and function utilities for implementing parameterized tests.
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently Google Test supports at most 50 arguments in Values,
+// and at most 10 arguments in Combine. Please contact
+// googletestframework@googlegroups.com if you need more.
+// Please note that the number of arguments to Combine is limited
+// by the maximum arity of the implementation of tuple which is
+// currently set at 10.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Forward declarations of ValuesIn(), which is implemented in
+// include/gtest/gtest-param-test.h.
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end);
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]);
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container);
+
+namespace internal {
+
+// Used in the Values() function to provide polymorphic capabilities.
+template <typename T1>
+class ValueArray1 {
+ public:
+  explicit ValueArray1(T1 v1) : v1_(v1) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const { return ValuesIn(&v1_, &v1_ + 1); }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray1& other);
+
+  const T1 v1_;
+};
+
+template <typename T1, typename T2>
+class ValueArray2 {
+ public:
+  ValueArray2(T1 v1, T2 v2) : v1_(v1), v2_(v2) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray2& other);
+
+  const T1 v1_;
+  const T2 v2_;
+};
+
+template <typename T1, typename T2, typename T3>
+class ValueArray3 {
+ public:
+  ValueArray3(T1 v1, T2 v2, T3 v3) : v1_(v1), v2_(v2), v3_(v3) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray3& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4>
+class ValueArray4 {
+ public:
+  ValueArray4(T1 v1, T2 v2, T3 v3, T4 v4) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray4& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+class ValueArray5 {
+ public:
+  ValueArray5(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray5& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+class ValueArray6 {
+ public:
+  ValueArray6(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray6& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+class ValueArray7 {
+ public:
+  ValueArray7(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray7& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+class ValueArray8 {
+ public:
+  ValueArray8(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7,
+      T8 v8) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray8& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+class ValueArray9 {
+ public:
+  ValueArray9(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8,
+      T9 v9) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray9& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+class ValueArray10 {
+ public:
+  ValueArray10(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray10& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+class ValueArray11 {
+ public:
+  ValueArray11(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray11& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+class ValueArray12 {
+ public:
+  ValueArray12(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray12& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+class ValueArray13 {
+ public:
+  ValueArray13(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray13& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+class ValueArray14 {
+ public:
+  ValueArray14(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray14& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+class ValueArray15 {
+ public:
+  ValueArray15(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray15& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+class ValueArray16 {
+ public:
+  ValueArray16(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray16& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+class ValueArray17 {
+ public:
+  ValueArray17(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16,
+      T17 v17) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray17& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+class ValueArray18 {
+ public:
+  ValueArray18(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray18& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+class ValueArray19 {
+ public:
+  ValueArray19(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray19& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+class ValueArray20 {
+ public:
+  ValueArray20(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray20& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+class ValueArray21 {
+ public:
+  ValueArray21(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray21& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+class ValueArray22 {
+ public:
+  ValueArray22(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray22& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+class ValueArray23 {
+ public:
+  ValueArray23(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray23& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+class ValueArray24 {
+ public:
+  ValueArray24(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray24& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+class ValueArray25 {
+ public:
+  ValueArray25(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24,
+      T25 v25) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray25& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+class ValueArray26 {
+ public:
+  ValueArray26(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray26& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+class ValueArray27 {
+ public:
+  ValueArray27(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19),
+      v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25),
+      v26_(v26), v27_(v27) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray27& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+class ValueArray28 {
+ public:
+  ValueArray28(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24),
+      v25_(v25), v26_(v26), v27_(v27), v28_(v28) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray28& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+class ValueArray29 {
+ public:
+  ValueArray29(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23),
+      v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray29& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+class ValueArray30 {
+ public:
+  ValueArray30(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray30& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+class ValueArray31 {
+ public:
+  ValueArray31(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray31& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+class ValueArray32 {
+ public:
+  ValueArray32(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27),
+      v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray32& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+class ValueArray33 {
+ public:
+  ValueArray33(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32,
+      T33 v33) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray33& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+class ValueArray34 {
+ public:
+  ValueArray34(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray34& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+class ValueArray35 {
+ public:
+  ValueArray35(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19),
+      v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25),
+      v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31),
+      v32_(v32), v33_(v33), v34_(v34), v35_(v35) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray35& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+class ValueArray36 {
+ public:
+  ValueArray36(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24),
+      v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30),
+      v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35), v36_(v36) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray36& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+class ValueArray37 {
+ public:
+  ValueArray37(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23),
+      v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29),
+      v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35),
+      v36_(v36), v37_(v37) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray37& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+class ValueArray38 {
+ public:
+  ValueArray38(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray38& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+class ValueArray39 {
+ public:
+  ValueArray39(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray39& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+class ValueArray40 {
+ public:
+  ValueArray40(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27),
+      v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33),
+      v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39),
+      v40_(v40) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray40& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+class ValueArray41 {
+ public:
+  ValueArray41(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40,
+      T41 v41) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray41& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+class ValueArray42 {
+ public:
+  ValueArray42(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41), v42_(v42) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray42& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+class ValueArray43 {
+ public:
+  ValueArray43(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6),
+      v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13),
+      v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19),
+      v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25),
+      v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31),
+      v32_(v32), v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37),
+      v38_(v38), v39_(v39), v40_(v40), v41_(v41), v42_(v42), v43_(v43) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray43& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+class ValueArray44 {
+ public:
+  ValueArray44(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5),
+      v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12),
+      v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17), v18_(v18),
+      v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23), v24_(v24),
+      v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29), v30_(v30),
+      v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35), v36_(v36),
+      v37_(v37), v38_(v38), v39_(v39), v40_(v40), v41_(v41), v42_(v42),
+      v43_(v43), v44_(v44) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray44& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+class ValueArray45 {
+ public:
+  ValueArray45(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45) : v1_(v1), v2_(v2), v3_(v3), v4_(v4),
+      v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10), v11_(v11),
+      v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16), v17_(v17),
+      v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22), v23_(v23),
+      v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28), v29_(v29),
+      v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34), v35_(v35),
+      v36_(v36), v37_(v37), v38_(v38), v39_(v39), v40_(v40), v41_(v41),
+      v42_(v42), v43_(v43), v44_(v44), v45_(v45) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray45& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+class ValueArray46 {
+ public:
+  ValueArray46(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46) : v1_(v1), v2_(v2), v3_(v3),
+      v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39), v40_(v40),
+      v41_(v41), v42_(v42), v43_(v43), v44_(v44), v45_(v45), v46_(v46) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray46& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+class ValueArray47 {
+ public:
+  ValueArray47(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47) : v1_(v1), v2_(v2),
+      v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9), v10_(v10),
+      v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15), v16_(v16),
+      v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21), v22_(v22),
+      v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27), v28_(v28),
+      v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33), v34_(v34),
+      v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39), v40_(v40),
+      v41_(v41), v42_(v42), v43_(v43), v44_(v44), v45_(v45), v46_(v46),
+      v47_(v47) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray47& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+class ValueArray48 {
+ public:
+  ValueArray48(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47, T48 v48) : v1_(v1),
+      v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7), v8_(v8), v9_(v9),
+      v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14), v15_(v15),
+      v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20), v21_(v21),
+      v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26), v27_(v27),
+      v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32), v33_(v33),
+      v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38), v39_(v39),
+      v40_(v40), v41_(v41), v42_(v42), v43_(v43), v44_(v44), v45_(v45),
+      v46_(v46), v47_(v47), v48_(v48) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_),
+        static_cast<T>(v48_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray48& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+  const T48 v48_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+class ValueArray49 {
+ public:
+  ValueArray49(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47, T48 v48,
+      T49 v49) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41), v42_(v42), v43_(v43), v44_(v44),
+      v45_(v45), v46_(v46), v47_(v47), v48_(v48), v49_(v49) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_),
+        static_cast<T>(v48_), static_cast<T>(v49_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray49& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+  const T48 v48_;
+  const T49 v49_;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+class ValueArray50 {
+ public:
+  ValueArray50(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5, T6 v6, T7 v7, T8 v8, T9 v9,
+      T10 v10, T11 v11, T12 v12, T13 v13, T14 v14, T15 v15, T16 v16, T17 v17,
+      T18 v18, T19 v19, T20 v20, T21 v21, T22 v22, T23 v23, T24 v24, T25 v25,
+      T26 v26, T27 v27, T28 v28, T29 v29, T30 v30, T31 v31, T32 v32, T33 v33,
+      T34 v34, T35 v35, T36 v36, T37 v37, T38 v38, T39 v39, T40 v40, T41 v41,
+      T42 v42, T43 v43, T44 v44, T45 v45, T46 v46, T47 v47, T48 v48, T49 v49,
+      T50 v50) : v1_(v1), v2_(v2), v3_(v3), v4_(v4), v5_(v5), v6_(v6), v7_(v7),
+      v8_(v8), v9_(v9), v10_(v10), v11_(v11), v12_(v12), v13_(v13), v14_(v14),
+      v15_(v15), v16_(v16), v17_(v17), v18_(v18), v19_(v19), v20_(v20),
+      v21_(v21), v22_(v22), v23_(v23), v24_(v24), v25_(v25), v26_(v26),
+      v27_(v27), v28_(v28), v29_(v29), v30_(v30), v31_(v31), v32_(v32),
+      v33_(v33), v34_(v34), v35_(v35), v36_(v36), v37_(v37), v38_(v38),
+      v39_(v39), v40_(v40), v41_(v41), v42_(v42), v43_(v43), v44_(v44),
+      v45_(v45), v46_(v46), v47_(v47), v48_(v48), v49_(v49), v50_(v50) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {static_cast<T>(v1_), static_cast<T>(v2_),
+        static_cast<T>(v3_), static_cast<T>(v4_), static_cast<T>(v5_),
+        static_cast<T>(v6_), static_cast<T>(v7_), static_cast<T>(v8_),
+        static_cast<T>(v9_), static_cast<T>(v10_), static_cast<T>(v11_),
+        static_cast<T>(v12_), static_cast<T>(v13_), static_cast<T>(v14_),
+        static_cast<T>(v15_), static_cast<T>(v16_), static_cast<T>(v17_),
+        static_cast<T>(v18_), static_cast<T>(v19_), static_cast<T>(v20_),
+        static_cast<T>(v21_), static_cast<T>(v22_), static_cast<T>(v23_),
+        static_cast<T>(v24_), static_cast<T>(v25_), static_cast<T>(v26_),
+        static_cast<T>(v27_), static_cast<T>(v28_), static_cast<T>(v29_),
+        static_cast<T>(v30_), static_cast<T>(v31_), static_cast<T>(v32_),
+        static_cast<T>(v33_), static_cast<T>(v34_), static_cast<T>(v35_),
+        static_cast<T>(v36_), static_cast<T>(v37_), static_cast<T>(v38_),
+        static_cast<T>(v39_), static_cast<T>(v40_), static_cast<T>(v41_),
+        static_cast<T>(v42_), static_cast<T>(v43_), static_cast<T>(v44_),
+        static_cast<T>(v45_), static_cast<T>(v46_), static_cast<T>(v47_),
+        static_cast<T>(v48_), static_cast<T>(v49_), static_cast<T>(v50_)};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray50& other);
+
+  const T1 v1_;
+  const T2 v2_;
+  const T3 v3_;
+  const T4 v4_;
+  const T5 v5_;
+  const T6 v6_;
+  const T7 v7_;
+  const T8 v8_;
+  const T9 v9_;
+  const T10 v10_;
+  const T11 v11_;
+  const T12 v12_;
+  const T13 v13_;
+  const T14 v14_;
+  const T15 v15_;
+  const T16 v16_;
+  const T17 v17_;
+  const T18 v18_;
+  const T19 v19_;
+  const T20 v20_;
+  const T21 v21_;
+  const T22 v22_;
+  const T23 v23_;
+  const T24 v24_;
+  const T25 v25_;
+  const T26 v26_;
+  const T27 v27_;
+  const T28 v28_;
+  const T29 v29_;
+  const T30 v30_;
+  const T31 v31_;
+  const T32 v32_;
+  const T33 v33_;
+  const T34 v34_;
+  const T35 v35_;
+  const T36 v36_;
+  const T37 v37_;
+  const T38 v38_;
+  const T39 v39_;
+  const T40 v40_;
+  const T41 v41_;
+  const T42 v42_;
+  const T43 v43_;
+  const T44 v44_;
+  const T45 v45_;
+  const T46 v46_;
+  const T47 v47_;
+  const T48 v48_;
+  const T49 v49_;
+  const T50 v50_;
+};
+
+# if GTEST_HAS_COMBINE
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Generates values from the Cartesian product of values produced
+// by the argument generators.
+//
+template <typename T1, typename T2>
+class CartesianProductGenerator2
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2> > {
+ public:
+  typedef ::testing::tuple<T1, T2> ParamType;
+
+  CartesianProductGenerator2(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2)
+      : g1_(g1), g2_(g2) {}
+  virtual ~CartesianProductGenerator2() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current2_;
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator2::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator2& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+};  // class CartesianProductGenerator2
+
+
+template <typename T1, typename T2, typename T3>
+class CartesianProductGenerator3
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3> ParamType;
+
+  CartesianProductGenerator3(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3)
+      : g1_(g1), g2_(g2), g3_(g3) {}
+  virtual ~CartesianProductGenerator3() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current3_;
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator3::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator3& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+};  // class CartesianProductGenerator3
+
+
+template <typename T1, typename T2, typename T3, typename T4>
+class CartesianProductGenerator4
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4> ParamType;
+
+  CartesianProductGenerator4(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4) {}
+  virtual ~CartesianProductGenerator4() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current4_;
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator4::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator4& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+};  // class CartesianProductGenerator4
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+class CartesianProductGenerator5
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5> ParamType;
+
+  CartesianProductGenerator5(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5) {}
+  virtual ~CartesianProductGenerator5() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current5_;
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator5::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator5& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+};  // class CartesianProductGenerator5
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+class CartesianProductGenerator6
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5,
+        T6> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6> ParamType;
+
+  CartesianProductGenerator6(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6) {}
+  virtual ~CartesianProductGenerator6() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current6_;
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator6::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator6& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+};  // class CartesianProductGenerator6
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+class CartesianProductGenerator7
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7> ParamType;
+
+  CartesianProductGenerator7(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7) {}
+  virtual ~CartesianProductGenerator7() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current7_;
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator7::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator7& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+};  // class CartesianProductGenerator7
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+class CartesianProductGenerator8
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7, T8> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8> ParamType;
+
+  CartesianProductGenerator8(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7,
+      const ParamGenerator<T8>& g8)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7),
+          g8_(g8) {}
+  virtual ~CartesianProductGenerator8() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin(), g8_, g8_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end(), g8_,
+        g8_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7,
+      const ParamGenerator<T8>& g8,
+      const typename ParamGenerator<T8>::iterator& current8)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7),
+          begin8_(g8.begin()), end8_(g8.end()), current8_(current8)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current8_;
+      if (current8_ == end8_) {
+        current8_ = begin8_;
+        ++current7_;
+      }
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_ &&
+          current8_ == typed_other->current8_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_),
+        begin8_(other.begin8_),
+        end8_(other.end8_),
+        current8_(other.current8_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_, *current8_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_ ||
+          current8_ == end8_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    const typename ParamGenerator<T8>::iterator begin8_;
+    const typename ParamGenerator<T8>::iterator end8_;
+    typename ParamGenerator<T8>::iterator current8_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator8::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator8& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+  const ParamGenerator<T8> g8_;
+};  // class CartesianProductGenerator8
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+class CartesianProductGenerator9
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7, T8, T9> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9> ParamType;
+
+  CartesianProductGenerator9(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7,
+      const ParamGenerator<T8>& g8, const ParamGenerator<T9>& g9)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9) {}
+  virtual ~CartesianProductGenerator9() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin(), g8_, g8_.begin(), g9_, g9_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end(), g8_,
+        g8_.end(), g9_, g9_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7,
+      const ParamGenerator<T8>& g8,
+      const typename ParamGenerator<T8>::iterator& current8,
+      const ParamGenerator<T9>& g9,
+      const typename ParamGenerator<T9>::iterator& current9)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7),
+          begin8_(g8.begin()), end8_(g8.end()), current8_(current8),
+          begin9_(g9.begin()), end9_(g9.end()), current9_(current9)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current9_;
+      if (current9_ == end9_) {
+        current9_ = begin9_;
+        ++current8_;
+      }
+      if (current8_ == end8_) {
+        current8_ = begin8_;
+        ++current7_;
+      }
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_ &&
+          current8_ == typed_other->current8_ &&
+          current9_ == typed_other->current9_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_),
+        begin8_(other.begin8_),
+        end8_(other.end8_),
+        current8_(other.current8_),
+        begin9_(other.begin9_),
+        end9_(other.end9_),
+        current9_(other.current9_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_, *current8_,
+            *current9_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_ ||
+          current8_ == end8_ ||
+          current9_ == end9_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    const typename ParamGenerator<T8>::iterator begin8_;
+    const typename ParamGenerator<T8>::iterator end8_;
+    typename ParamGenerator<T8>::iterator current8_;
+    const typename ParamGenerator<T9>::iterator begin9_;
+    const typename ParamGenerator<T9>::iterator end9_;
+    typename ParamGenerator<T9>::iterator current9_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator9::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator9& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+  const ParamGenerator<T8> g8_;
+  const ParamGenerator<T9> g9_;
+};  // class CartesianProductGenerator9
+
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+class CartesianProductGenerator10
+    : public ParamGeneratorInterface< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+        T7, T8, T9, T10> > {
+ public:
+  typedef ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> ParamType;
+
+  CartesianProductGenerator10(const ParamGenerator<T1>& g1,
+      const ParamGenerator<T2>& g2, const ParamGenerator<T3>& g3,
+      const ParamGenerator<T4>& g4, const ParamGenerator<T5>& g5,
+      const ParamGenerator<T6>& g6, const ParamGenerator<T7>& g7,
+      const ParamGenerator<T8>& g8, const ParamGenerator<T9>& g9,
+      const ParamGenerator<T10>& g10)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9), g10_(g10) {}
+  virtual ~CartesianProductGenerator10() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, g1_, g1_.begin(), g2_, g2_.begin(), g3_,
+        g3_.begin(), g4_, g4_.begin(), g5_, g5_.begin(), g6_, g6_.begin(), g7_,
+        g7_.begin(), g8_, g8_.begin(), g9_, g9_.begin(), g10_, g10_.begin());
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, g1_, g1_.end(), g2_, g2_.end(), g3_, g3_.end(),
+        g4_, g4_.end(), g5_, g5_.end(), g6_, g6_.end(), g7_, g7_.end(), g8_,
+        g8_.end(), g9_, g9_.end(), g10_, g10_.end());
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base,
+      const ParamGenerator<T1>& g1,
+      const typename ParamGenerator<T1>::iterator& current1,
+      const ParamGenerator<T2>& g2,
+      const typename ParamGenerator<T2>::iterator& current2,
+      const ParamGenerator<T3>& g3,
+      const typename ParamGenerator<T3>::iterator& current3,
+      const ParamGenerator<T4>& g4,
+      const typename ParamGenerator<T4>::iterator& current4,
+      const ParamGenerator<T5>& g5,
+      const typename ParamGenerator<T5>::iterator& current5,
+      const ParamGenerator<T6>& g6,
+      const typename ParamGenerator<T6>::iterator& current6,
+      const ParamGenerator<T7>& g7,
+      const typename ParamGenerator<T7>::iterator& current7,
+      const ParamGenerator<T8>& g8,
+      const typename ParamGenerator<T8>::iterator& current8,
+      const ParamGenerator<T9>& g9,
+      const typename ParamGenerator<T9>::iterator& current9,
+      const ParamGenerator<T10>& g10,
+      const typename ParamGenerator<T10>::iterator& current10)
+        : base_(base),
+          begin1_(g1.begin()), end1_(g1.end()), current1_(current1),
+          begin2_(g2.begin()), end2_(g2.end()), current2_(current2),
+          begin3_(g3.begin()), end3_(g3.end()), current3_(current3),
+          begin4_(g4.begin()), end4_(g4.end()), current4_(current4),
+          begin5_(g5.begin()), end5_(g5.end()), current5_(current5),
+          begin6_(g6.begin()), end6_(g6.end()), current6_(current6),
+          begin7_(g7.begin()), end7_(g7.end()), current7_(current7),
+          begin8_(g8.begin()), end8_(g8.end()), current8_(current8),
+          begin9_(g9.begin()), end9_(g9.end()), current9_(current9),
+          begin10_(g10.begin()), end10_(g10.end()), current10_(current10)    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current10_;
+      if (current10_ == end10_) {
+        current10_ = begin10_;
+        ++current9_;
+      }
+      if (current9_ == end9_) {
+        current9_ = begin9_;
+        ++current8_;
+      }
+      if (current8_ == end8_) {
+        current8_ = begin8_;
+        ++current7_;
+      }
+      if (current7_ == end7_) {
+        current7_ = begin7_;
+        ++current6_;
+      }
+      if (current6_ == end6_) {
+        current6_ = begin6_;
+        ++current5_;
+      }
+      if (current5_ == end5_) {
+        current5_ = begin5_;
+        ++current4_;
+      }
+      if (current4_ == end4_) {
+        current4_ = begin4_;
+        ++current3_;
+      }
+      if (current3_ == end3_) {
+        current3_ = begin3_;
+        ++current2_;
+      }
+      if (current2_ == end2_) {
+        current2_ = begin2_;
+        ++current1_;
+      }
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         (
+          current1_ == typed_other->current1_ &&
+          current2_ == typed_other->current2_ &&
+          current3_ == typed_other->current3_ &&
+          current4_ == typed_other->current4_ &&
+          current5_ == typed_other->current5_ &&
+          current6_ == typed_other->current6_ &&
+          current7_ == typed_other->current7_ &&
+          current8_ == typed_other->current8_ &&
+          current9_ == typed_other->current9_ &&
+          current10_ == typed_other->current10_);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_),
+        begin1_(other.begin1_),
+        end1_(other.end1_),
+        current1_(other.current1_),
+        begin2_(other.begin2_),
+        end2_(other.end2_),
+        current2_(other.current2_),
+        begin3_(other.begin3_),
+        end3_(other.end3_),
+        current3_(other.current3_),
+        begin4_(other.begin4_),
+        end4_(other.end4_),
+        current4_(other.current4_),
+        begin5_(other.begin5_),
+        end5_(other.end5_),
+        current5_(other.current5_),
+        begin6_(other.begin6_),
+        end6_(other.end6_),
+        current6_(other.current6_),
+        begin7_(other.begin7_),
+        end7_(other.end7_),
+        current7_(other.current7_),
+        begin8_(other.begin8_),
+        end8_(other.end8_),
+        current8_(other.current8_),
+        begin9_(other.begin9_),
+        end9_(other.end9_),
+        current9_(other.current9_),
+        begin10_(other.begin10_),
+        end10_(other.end10_),
+        current10_(other.current10_) {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType(*current1_, *current2_, *current3_,
+            *current4_, *current5_, *current6_, *current7_, *current8_,
+            *current9_, *current10_);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+          current1_ == end1_ ||
+          current2_ == end2_ ||
+          current3_ == end3_ ||
+          current4_ == end4_ ||
+          current5_ == end5_ ||
+          current6_ == end6_ ||
+          current7_ == end7_ ||
+          current8_ == end8_ ||
+          current9_ == end9_ ||
+          current10_ == end10_;
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+    const typename ParamGenerator<T1>::iterator begin1_;
+    const typename ParamGenerator<T1>::iterator end1_;
+    typename ParamGenerator<T1>::iterator current1_;
+    const typename ParamGenerator<T2>::iterator begin2_;
+    const typename ParamGenerator<T2>::iterator end2_;
+    typename ParamGenerator<T2>::iterator current2_;
+    const typename ParamGenerator<T3>::iterator begin3_;
+    const typename ParamGenerator<T3>::iterator end3_;
+    typename ParamGenerator<T3>::iterator current3_;
+    const typename ParamGenerator<T4>::iterator begin4_;
+    const typename ParamGenerator<T4>::iterator end4_;
+    typename ParamGenerator<T4>::iterator current4_;
+    const typename ParamGenerator<T5>::iterator begin5_;
+    const typename ParamGenerator<T5>::iterator end5_;
+    typename ParamGenerator<T5>::iterator current5_;
+    const typename ParamGenerator<T6>::iterator begin6_;
+    const typename ParamGenerator<T6>::iterator end6_;
+    typename ParamGenerator<T6>::iterator current6_;
+    const typename ParamGenerator<T7>::iterator begin7_;
+    const typename ParamGenerator<T7>::iterator end7_;
+    typename ParamGenerator<T7>::iterator current7_;
+    const typename ParamGenerator<T8>::iterator begin8_;
+    const typename ParamGenerator<T8>::iterator end8_;
+    typename ParamGenerator<T8>::iterator current8_;
+    const typename ParamGenerator<T9>::iterator begin9_;
+    const typename ParamGenerator<T9>::iterator end9_;
+    typename ParamGenerator<T9>::iterator current9_;
+    const typename ParamGenerator<T10>::iterator begin10_;
+    const typename ParamGenerator<T10>::iterator end10_;
+    typename ParamGenerator<T10>::iterator current10_;
+    ParamType current_value_;
+  };  // class CartesianProductGenerator10::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator10& other);
+
+  const ParamGenerator<T1> g1_;
+  const ParamGenerator<T2> g2_;
+  const ParamGenerator<T3> g3_;
+  const ParamGenerator<T4> g4_;
+  const ParamGenerator<T5> g5_;
+  const ParamGenerator<T6> g6_;
+  const ParamGenerator<T7> g7_;
+  const ParamGenerator<T8> g8_;
+  const ParamGenerator<T9> g9_;
+  const ParamGenerator<T10> g10_;
+};  // class CartesianProductGenerator10
+
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Helper classes providing Combine() with polymorphic features. They allow
+// casting CartesianProductGeneratorN<T> to ParamGenerator<U> if T is
+// convertible to U.
+//
+template <class Generator1, class Generator2>
+class CartesianProductHolder2 {
+ public:
+CartesianProductHolder2(const Generator1& g1, const Generator2& g2)
+      : g1_(g1), g2_(g2) {}
+  template <typename T1, typename T2>
+  operator ParamGenerator< ::testing::tuple<T1, T2> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2> >(
+        new CartesianProductGenerator2<T1, T2>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder2& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+};  // class CartesianProductHolder2
+
+template <class Generator1, class Generator2, class Generator3>
+class CartesianProductHolder3 {
+ public:
+CartesianProductHolder3(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3)
+      : g1_(g1), g2_(g2), g3_(g3) {}
+  template <typename T1, typename T2, typename T3>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3> >(
+        new CartesianProductGenerator3<T1, T2, T3>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder3& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+};  // class CartesianProductHolder3
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4>
+class CartesianProductHolder4 {
+ public:
+CartesianProductHolder4(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4) {}
+  template <typename T1, typename T2, typename T3, typename T4>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4> >(
+        new CartesianProductGenerator4<T1, T2, T3, T4>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder4& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+};  // class CartesianProductHolder4
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5>
+class CartesianProductHolder5 {
+ public:
+CartesianProductHolder5(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5> >(
+        new CartesianProductGenerator5<T1, T2, T3, T4, T5>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder5& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+};  // class CartesianProductHolder5
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6>
+class CartesianProductHolder6 {
+ public:
+CartesianProductHolder6(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6> >(
+        new CartesianProductGenerator6<T1, T2, T3, T4, T5, T6>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder6& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+};  // class CartesianProductHolder6
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7>
+class CartesianProductHolder7 {
+ public:
+CartesianProductHolder7(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6,
+      T7> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7> >(
+        new CartesianProductGenerator7<T1, T2, T3, T4, T5, T6, T7>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder7& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+};  // class CartesianProductHolder7
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7,
+    class Generator8>
+class CartesianProductHolder8 {
+ public:
+CartesianProductHolder8(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7, const Generator8& g8)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7),
+          g8_(g8) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7, typename T8>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7,
+      T8> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8> >(
+        new CartesianProductGenerator8<T1, T2, T3, T4, T5, T6, T7, T8>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_),
+        static_cast<ParamGenerator<T8> >(g8_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder8& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+  const Generator8 g8_;
+};  // class CartesianProductHolder8
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7,
+    class Generator8, class Generator9>
+class CartesianProductHolder9 {
+ public:
+CartesianProductHolder9(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7, const Generator8& g8,
+    const Generator9& g9)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7, typename T8, typename T9>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8,
+      T9> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8,
+        T9> >(
+        new CartesianProductGenerator9<T1, T2, T3, T4, T5, T6, T7, T8, T9>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_),
+        static_cast<ParamGenerator<T8> >(g8_),
+        static_cast<ParamGenerator<T9> >(g9_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder9& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+  const Generator8 g8_;
+  const Generator9 g9_;
+};  // class CartesianProductHolder9
+
+template <class Generator1, class Generator2, class Generator3,
+    class Generator4, class Generator5, class Generator6, class Generator7,
+    class Generator8, class Generator9, class Generator10>
+class CartesianProductHolder10 {
+ public:
+CartesianProductHolder10(const Generator1& g1, const Generator2& g2,
+    const Generator3& g3, const Generator4& g4, const Generator5& g5,
+    const Generator6& g6, const Generator7& g7, const Generator8& g8,
+    const Generator9& g9, const Generator10& g10)
+      : g1_(g1), g2_(g2), g3_(g3), g4_(g4), g5_(g5), g6_(g6), g7_(g7), g8_(g8),
+          g9_(g9), g10_(g10) {}
+  template <typename T1, typename T2, typename T3, typename T4, typename T5,
+      typename T6, typename T7, typename T8, typename T9, typename T10>
+  operator ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9,
+      T10> >() const {
+    return ParamGenerator< ::testing::tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9,
+        T10> >(
+        new CartesianProductGenerator10<T1, T2, T3, T4, T5, T6, T7, T8, T9,
+            T10>(
+        static_cast<ParamGenerator<T1> >(g1_),
+        static_cast<ParamGenerator<T2> >(g2_),
+        static_cast<ParamGenerator<T3> >(g3_),
+        static_cast<ParamGenerator<T4> >(g4_),
+        static_cast<ParamGenerator<T5> >(g5_),
+        static_cast<ParamGenerator<T6> >(g6_),
+        static_cast<ParamGenerator<T7> >(g7_),
+        static_cast<ParamGenerator<T8> >(g8_),
+        static_cast<ParamGenerator<T9> >(g9_),
+        static_cast<ParamGenerator<T10> >(g10_)));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder10& other);
+
+  const Generator1 g1_;
+  const Generator2 g2_;
+  const Generator3 g3_;
+  const Generator4 g4_;
+  const Generator5 g5_;
+  const Generator6 g6_;
+  const Generator7 g7_;
+  const Generator8 g8_;
+  const Generator9 g9_;
+  const Generator10 g10_;
+};  // class CartesianProductHolder10
+
+# endif  // GTEST_HAS_COMBINE
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  //  GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
new file mode 100644
index 0000000..801a2fc
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util-generated.h.pump
@@ -0,0 +1,301 @@
+$$ -*- mode: c++; -*-
+$var n = 50  $$ Maximum length of Values arguments we want to support.
+$var maxtuple = 10  $$ Maximum number of Combine arguments we want to support.
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// Type and function utilities for implementing parameterized tests.
+// This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently Google Test supports at most $n arguments in Values,
+// and at most $maxtuple arguments in Combine. Please contact
+// googletestframework@googlegroups.com if you need more.
+// Please note that the number of arguments to Combine is limited
+// by the maximum arity of the implementation of tuple which is
+// currently set at $maxtuple.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-param-util.h"
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+
+// Forward declarations of ValuesIn(), which is implemented in
+// include/gtest/gtest-param-test.h.
+template <typename ForwardIterator>
+internal::ParamGenerator<
+  typename ::testing::internal::IteratorTraits<ForwardIterator>::value_type>
+ValuesIn(ForwardIterator begin, ForwardIterator end);
+
+template <typename T, size_t N>
+internal::ParamGenerator<T> ValuesIn(const T (&array)[N]);
+
+template <class Container>
+internal::ParamGenerator<typename Container::value_type> ValuesIn(
+    const Container& container);
+
+namespace internal {
+
+// Used in the Values() function to provide polymorphic capabilities.
+template <typename T1>
+class ValueArray1 {
+ public:
+  explicit ValueArray1(T1 v1) : v1_(v1) {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const { return ValuesIn(&v1_, &v1_ + 1); }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray1& other);
+
+  const T1 v1_;
+};
+
+$range i 2..n
+$for i [[
+$range j 1..i
+
+template <$for j, [[typename T$j]]>
+class ValueArray$i {
+ public:
+  ValueArray$i($for j, [[T$j v$j]]) : $for j, [[v$(j)_(v$j)]] {}
+
+  template <typename T>
+  operator ParamGenerator<T>() const {
+    const T array[] = {$for j, [[static_cast<T>(v$(j)_)]]};
+    return ValuesIn(array);
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const ValueArray$i& other);
+
+$for j [[
+
+  const T$j v$(j)_;
+]]
+
+};
+
+]]
+
+# if GTEST_HAS_COMBINE
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Generates values from the Cartesian product of values produced
+// by the argument generators.
+//
+$range i 2..maxtuple
+$for i [[
+$range j 1..i
+$range k 2..i
+
+template <$for j, [[typename T$j]]>
+class CartesianProductGenerator$i
+    : public ParamGeneratorInterface< ::testing::tuple<$for j, [[T$j]]> > {
+ public:
+  typedef ::testing::tuple<$for j, [[T$j]]> ParamType;
+
+  CartesianProductGenerator$i($for j, [[const ParamGenerator<T$j>& g$j]])
+      : $for j, [[g$(j)_(g$j)]] {}
+  virtual ~CartesianProductGenerator$i() {}
+
+  virtual ParamIteratorInterface<ParamType>* Begin() const {
+    return new Iterator(this, $for j, [[g$(j)_, g$(j)_.begin()]]);
+  }
+  virtual ParamIteratorInterface<ParamType>* End() const {
+    return new Iterator(this, $for j, [[g$(j)_, g$(j)_.end()]]);
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<ParamType> {
+   public:
+    Iterator(const ParamGeneratorInterface<ParamType>* base, $for j, [[
+
+      const ParamGenerator<T$j>& g$j,
+      const typename ParamGenerator<T$j>::iterator& current$(j)]])
+        : base_(base),
+$for j, [[
+
+          begin$(j)_(g$j.begin()), end$(j)_(g$j.end()), current$(j)_(current$j)
+]]    {
+      ComputeCurrentValue();
+    }
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<ParamType>* BaseGenerator() const {
+      return base_;
+    }
+    // Advance should not be called on beyond-of-range iterators
+    // so no component iterators must be beyond end of range, either.
+    virtual void Advance() {
+      assert(!AtEnd());
+      ++current$(i)_;
+
+$for k [[
+      if (current$(i+2-k)_ == end$(i+2-k)_) {
+        current$(i+2-k)_ = begin$(i+2-k)_;
+        ++current$(i+2-k-1)_;
+      }
+
+]]
+      ComputeCurrentValue();
+    }
+    virtual ParamIteratorInterface<ParamType>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const ParamType* Current() const { return &current_value_; }
+    virtual bool Equals(const ParamIteratorInterface<ParamType>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const Iterator* typed_other =
+          CheckedDowncastToActualType<const Iterator>(&other);
+      // We must report iterators equal if they both point beyond their
+      // respective ranges. That can happen in a variety of fashions,
+      // so we have to consult AtEnd().
+      return (AtEnd() && typed_other->AtEnd()) ||
+         ($for j  && [[
+
+          current$(j)_ == typed_other->current$(j)_
+]]);
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : base_(other.base_), $for j, [[
+
+        begin$(j)_(other.begin$(j)_),
+        end$(j)_(other.end$(j)_),
+        current$(j)_(other.current$(j)_)
+]] {
+      ComputeCurrentValue();
+    }
+
+    void ComputeCurrentValue() {
+      if (!AtEnd())
+        current_value_ = ParamType($for j, [[*current$(j)_]]);
+    }
+    bool AtEnd() const {
+      // We must report iterator past the end of the range when either of the
+      // component iterators has reached the end of its range.
+      return
+$for j  || [[
+
+          current$(j)_ == end$(j)_
+]];
+    }
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<ParamType>* const base_;
+    // begin[i]_ and end[i]_ define the i-th range that Iterator traverses.
+    // current[i]_ is the actual traversing iterator.
+$for j [[
+
+    const typename ParamGenerator<T$j>::iterator begin$(j)_;
+    const typename ParamGenerator<T$j>::iterator end$(j)_;
+    typename ParamGenerator<T$j>::iterator current$(j)_;
+]]
+
+    ParamType current_value_;
+  };  // class CartesianProductGenerator$i::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductGenerator$i& other);
+
+
+$for j [[
+  const ParamGenerator<T$j> g$(j)_;
+
+]]
+};  // class CartesianProductGenerator$i
+
+
+]]
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Helper classes providing Combine() with polymorphic features. They allow
+// casting CartesianProductGeneratorN<T> to ParamGenerator<U> if T is
+// convertible to U.
+//
+$range i 2..maxtuple
+$for i [[
+$range j 1..i
+
+template <$for j, [[class Generator$j]]>
+class CartesianProductHolder$i {
+ public:
+CartesianProductHolder$i($for j, [[const Generator$j& g$j]])
+      : $for j, [[g$(j)_(g$j)]] {}
+  template <$for j, [[typename T$j]]>
+  operator ParamGenerator< ::testing::tuple<$for j, [[T$j]]> >() const {
+    return ParamGenerator< ::testing::tuple<$for j, [[T$j]]> >(
+        new CartesianProductGenerator$i<$for j, [[T$j]]>(
+$for j,[[
+
+        static_cast<ParamGenerator<T$j> >(g$(j)_)
+]]));
+  }
+
+ private:
+  // No implementation - assignment is unsupported.
+  void operator=(const CartesianProductHolder$i& other);
+
+
+$for j [[
+  const Generator$j g$(j)_;
+
+]]
+};  // class CartesianProductHolder$i
+
+]]
+
+# endif  // GTEST_HAS_COMBINE
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  //  GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_GENERATED_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util.h
new file mode 100644
index 0000000..d5e1028
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-param-util.h
@@ -0,0 +1,619 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// Type and function utilities for implementing parameterized tests.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_H_
+
+#include <iterator>
+#include <utility>
+#include <vector>
+
+// scripts/fuse_gtest.py depends on gtest's own header being #included
+// *unconditionally*.  Therefore these #includes cannot be moved
+// inside #if GTEST_HAS_PARAM_TEST.
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-linked_ptr.h"
+#include "gtest/internal/gtest-port.h"
+#include "gtest/gtest-printers.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+namespace testing {
+namespace internal {
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Outputs a message explaining invalid registration of different
+// fixture class for the same test case. This may happen when
+// TEST_P macro is used to define two tests with the same name
+// but in different namespaces.
+GTEST_API_ void ReportInvalidTestCaseType(const char* test_case_name,
+                                          const char* file, int line);
+
+template <typename> class ParamGeneratorInterface;
+template <typename> class ParamGenerator;
+
+// Interface for iterating over elements provided by an implementation
+// of ParamGeneratorInterface<T>.
+template <typename T>
+class ParamIteratorInterface {
+ public:
+  virtual ~ParamIteratorInterface() {}
+  // A pointer to the base generator instance.
+  // Used only for the purposes of iterator comparison
+  // to make sure that two iterators belong to the same generator.
+  virtual const ParamGeneratorInterface<T>* BaseGenerator() const = 0;
+  // Advances iterator to point to the next element
+  // provided by the generator. The caller is responsible
+  // for not calling Advance() on an iterator equal to
+  // BaseGenerator()->End().
+  virtual void Advance() = 0;
+  // Clones the iterator object. Used for implementing copy semantics
+  // of ParamIterator<T>.
+  virtual ParamIteratorInterface* Clone() const = 0;
+  // Dereferences the current iterator and provides (read-only) access
+  // to the pointed value. It is the caller's responsibility not to call
+  // Current() on an iterator equal to BaseGenerator()->End().
+  // Used for implementing ParamGenerator<T>::operator*().
+  virtual const T* Current() const = 0;
+  // Determines whether the given iterator and other point to the same
+  // element in the sequence generated by the generator.
+  // Used for implementing ParamGenerator<T>::operator==().
+  virtual bool Equals(const ParamIteratorInterface& other) const = 0;
+};
+
+// Class iterating over elements provided by an implementation of
+// ParamGeneratorInterface<T>. It wraps ParamIteratorInterface<T>
+// and implements the const forward iterator concept.
+template <typename T>
+class ParamIterator {
+ public:
+  typedef T value_type;
+  typedef const T& reference;
+  typedef ptrdiff_t difference_type;
+
+  // ParamIterator assumes ownership of the impl_ pointer.
+  ParamIterator(const ParamIterator& other) : impl_(other.impl_->Clone()) {}
+  ParamIterator& operator=(const ParamIterator& other) {
+    if (this != &other)
+      impl_.reset(other.impl_->Clone());
+    return *this;
+  }
+
+  const T& operator*() const { return *impl_->Current(); }
+  const T* operator->() const { return impl_->Current(); }
+  // Prefix version of operator++.
+  ParamIterator& operator++() {
+    impl_->Advance();
+    return *this;
+  }
+  // Postfix version of operator++.
+  ParamIterator operator++(int /*unused*/) {
+    ParamIteratorInterface<T>* clone = impl_->Clone();
+    impl_->Advance();
+    return ParamIterator(clone);
+  }
+  bool operator==(const ParamIterator& other) const {
+    return impl_.get() == other.impl_.get() || impl_->Equals(*other.impl_);
+  }
+  bool operator!=(const ParamIterator& other) const {
+    return !(*this == other);
+  }
+
+ private:
+  friend class ParamGenerator<T>;
+  explicit ParamIterator(ParamIteratorInterface<T>* impl) : impl_(impl) {}
+  scoped_ptr<ParamIteratorInterface<T> > impl_;
+};
+
+// ParamGeneratorInterface<T> is the binary interface to access generators
+// defined in other translation units.
+template <typename T>
+class ParamGeneratorInterface {
+ public:
+  typedef T ParamType;
+
+  virtual ~ParamGeneratorInterface() {}
+
+  // Generator interface definition
+  virtual ParamIteratorInterface<T>* Begin() const = 0;
+  virtual ParamIteratorInterface<T>* End() const = 0;
+};
+
+// Wraps ParamGeneratorInterface<T> and provides general generator syntax
+// compatible with the STL Container concept.
+// This class implements copy initialization semantics and the contained
+// ParamGeneratorInterface<T> instance is shared among all copies
+// of the original object. This is possible because that instance is immutable.
+template<typename T>
+class ParamGenerator {
+ public:
+  typedef ParamIterator<T> iterator;
+
+  explicit ParamGenerator(ParamGeneratorInterface<T>* impl) : impl_(impl) {}
+  ParamGenerator(const ParamGenerator& other) : impl_(other.impl_) {}
+
+  ParamGenerator& operator=(const ParamGenerator& other) {
+    impl_ = other.impl_;
+    return *this;
+  }
+
+  iterator begin() const { return iterator(impl_->Begin()); }
+  iterator end() const { return iterator(impl_->End()); }
+
+ private:
+  linked_ptr<const ParamGeneratorInterface<T> > impl_;
+};
+
+// Generates values from a range of two comparable values. Can be used to
+// generate sequences of user-defined types that implement operator+() and
+// operator<().
+// This class is used in the Range() function.
+template <typename T, typename IncrementT>
+class RangeGenerator : public ParamGeneratorInterface<T> {
+ public:
+  RangeGenerator(T begin, T end, IncrementT step)
+      : begin_(begin), end_(end),
+        step_(step), end_index_(CalculateEndIndex(begin, end, step)) {}
+  virtual ~RangeGenerator() {}
+
+  virtual ParamIteratorInterface<T>* Begin() const {
+    return new Iterator(this, begin_, 0, step_);
+  }
+  virtual ParamIteratorInterface<T>* End() const {
+    return new Iterator(this, end_, end_index_, step_);
+  }
+
+ private:
+  class Iterator : public ParamIteratorInterface<T> {
+   public:
+    Iterator(const ParamGeneratorInterface<T>* base, T value, int index,
+             IncrementT step)
+        : base_(base), value_(value), index_(index), step_(step) {}
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<T>* BaseGenerator() const {
+      return base_;
+    }
+    virtual void Advance() {
+      value_ = value_ + step_;
+      index_++;
+    }
+    virtual ParamIteratorInterface<T>* Clone() const {
+      return new Iterator(*this);
+    }
+    virtual const T* Current() const { return &value_; }
+    virtual bool Equals(const ParamIteratorInterface<T>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      const int other_index =
+          CheckedDowncastToActualType<const Iterator>(&other)->index_;
+      return index_ == other_index;
+    }
+
+   private:
+    Iterator(const Iterator& other)
+        : ParamIteratorInterface<T>(),
+          base_(other.base_), value_(other.value_), index_(other.index_),
+          step_(other.step_) {}
+
+    // No implementation - assignment is unsupported.
+    void operator=(const Iterator& other);
+
+    const ParamGeneratorInterface<T>* const base_;
+    T value_;
+    int index_;
+    const IncrementT step_;
+  };  // class RangeGenerator::Iterator
+
+  static int CalculateEndIndex(const T& begin,
+                               const T& end,
+                               const IncrementT& step) {
+    int end_index = 0;
+    for (T i = begin; i < end; i = i + step)
+      end_index++;
+    return end_index;
+  }
+
+  // No implementation - assignment is unsupported.
+  void operator=(const RangeGenerator& other);
+
+  const T begin_;
+  const T end_;
+  const IncrementT step_;
+  // The index for the end() iterator. All the elements in the generated
+  // sequence are indexed (0-based) to aid iterator comparison.
+  const int end_index_;
+};  // class RangeGenerator
+
+
+// Generates values from a pair of STL-style iterators. Used in the
+// ValuesIn() function. The elements are copied from the source range
+// since the source can be located on the stack, and the generator
+// is likely to persist beyond that stack frame.
+template <typename T>
+class ValuesInIteratorRangeGenerator : public ParamGeneratorInterface<T> {
+ public:
+  template <typename ForwardIterator>
+  ValuesInIteratorRangeGenerator(ForwardIterator begin, ForwardIterator end)
+      : container_(begin, end) {}
+  virtual ~ValuesInIteratorRangeGenerator() {}
+
+  virtual ParamIteratorInterface<T>* Begin() const {
+    return new Iterator(this, container_.begin());
+  }
+  virtual ParamIteratorInterface<T>* End() const {
+    return new Iterator(this, container_.end());
+  }
+
+ private:
+  typedef typename ::std::vector<T> ContainerType;
+
+  class Iterator : public ParamIteratorInterface<T> {
+   public:
+    Iterator(const ParamGeneratorInterface<T>* base,
+             typename ContainerType::const_iterator iterator)
+        : base_(base), iterator_(iterator) {}
+    virtual ~Iterator() {}
+
+    virtual const ParamGeneratorInterface<T>* BaseGenerator() const {
+      return base_;
+    }
+    virtual void Advance() {
+      ++iterator_;
+      value_.reset();
+    }
+    virtual ParamIteratorInterface<T>* Clone() const {
+      return new Iterator(*this);
+    }
+    // We need to use cached value referenced by iterator_ because *iterator_
+    // can return a temporary object (and of type other then T), so just
+    // having "return &*iterator_;" doesn't work.
+    // value_ is updated here and not in Advance() because Advance()
+    // can advance iterator_ beyond the end of the range, and we cannot
+    // detect that fact. The client code, on the other hand, is
+    // responsible for not calling Current() on an out-of-range iterator.
+    virtual const T* Current() const {
+      if (value_.get() == NULL)
+        value_.reset(new T(*iterator_));
+      return value_.get();
+    }
+    virtual bool Equals(const ParamIteratorInterface<T>& other) const {
+      // Having the same base generator guarantees that the other
+      // iterator is of the same type and we can downcast.
+      GTEST_CHECK_(BaseGenerator() == other.BaseGenerator())
+          << "The program attempted to compare iterators "
+          << "from different generators." << std::endl;
+      return iterator_ ==
+          CheckedDowncastToActualType<const Iterator>(&other)->iterator_;
+    }
+
+   private:
+    Iterator(const Iterator& other)
+          // The explicit constructor call suppresses a false warning
+          // emitted by gcc when supplied with the -Wextra option.
+        : ParamIteratorInterface<T>(),
+          base_(other.base_),
+          iterator_(other.iterator_) {}
+
+    const ParamGeneratorInterface<T>* const base_;
+    typename ContainerType::const_iterator iterator_;
+    // A cached value of *iterator_. We keep it here to allow access by
+    // pointer in the wrapping iterator's operator->().
+    // value_ needs to be mutable to be accessed in Current().
+    // Use of scoped_ptr helps manage cached value's lifetime,
+    // which is bound by the lifespan of the iterator itself.
+    mutable scoped_ptr<const T> value_;
+  };  // class ValuesInIteratorRangeGenerator::Iterator
+
+  // No implementation - assignment is unsupported.
+  void operator=(const ValuesInIteratorRangeGenerator& other);
+
+  const ContainerType container_;
+};  // class ValuesInIteratorRangeGenerator
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Stores a parameter value and later creates tests parameterized with that
+// value.
+template <class TestClass>
+class ParameterizedTestFactory : public TestFactoryBase {
+ public:
+  typedef typename TestClass::ParamType ParamType;
+  explicit ParameterizedTestFactory(ParamType parameter) :
+      parameter_(parameter) {}
+  virtual Test* CreateTest() {
+    TestClass::SetParam(&parameter_);
+    return new TestClass();
+  }
+
+ private:
+  const ParamType parameter_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestFactory);
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// TestMetaFactoryBase is a base class for meta-factories that create
+// test factories for passing into MakeAndRegisterTestInfo function.
+template <class ParamType>
+class TestMetaFactoryBase {
+ public:
+  virtual ~TestMetaFactoryBase() {}
+
+  virtual TestFactoryBase* CreateTestFactory(ParamType parameter) = 0;
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// TestMetaFactory creates test factories for passing into
+// MakeAndRegisterTestInfo function. Since MakeAndRegisterTestInfo receives
+// ownership of test factory pointer, same factory object cannot be passed
+// into that method twice. But ParameterizedTestCaseInfo is going to call
+// it for each Test/Parameter value combination. Thus it needs meta factory
+// creator class.
+template <class TestCase>
+class TestMetaFactory
+    : public TestMetaFactoryBase<typename TestCase::ParamType> {
+ public:
+  typedef typename TestCase::ParamType ParamType;
+
+  TestMetaFactory() {}
+
+  virtual TestFactoryBase* CreateTestFactory(ParamType parameter) {
+    return new ParameterizedTestFactory<TestCase>(parameter);
+  }
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestMetaFactory);
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// ParameterizedTestCaseInfoBase is a generic interface
+// to ParameterizedTestCaseInfo classes. ParameterizedTestCaseInfoBase
+// accumulates test information provided by TEST_P macro invocations
+// and generators provided by INSTANTIATE_TEST_CASE_P macro invocations
+// and uses that information to register all resulting test instances
+// in RegisterTests method. The ParameterizeTestCaseRegistry class holds
+// a collection of pointers to the ParameterizedTestCaseInfo objects
+// and calls RegisterTests() on each of them when asked.
+class ParameterizedTestCaseInfoBase {
+ public:
+  virtual ~ParameterizedTestCaseInfoBase() {}
+
+  // Base part of test case name for display purposes.
+  virtual const string& GetTestCaseName() const = 0;
+  // Test case id to verify identity.
+  virtual TypeId GetTestCaseTypeId() const = 0;
+  // UnitTest class invokes this method to register tests in this
+  // test case right before running them in RUN_ALL_TESTS macro.
+  // This method should not be called more then once on any single
+  // instance of a ParameterizedTestCaseInfoBase derived class.
+  virtual void RegisterTests() = 0;
+
+ protected:
+  ParameterizedTestCaseInfoBase() {}
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestCaseInfoBase);
+};
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// ParameterizedTestCaseInfo accumulates tests obtained from TEST_P
+// macro invocations for a particular test case and generators
+// obtained from INSTANTIATE_TEST_CASE_P macro invocations for that
+// test case. It registers tests with all values generated by all
+// generators when asked.
+template <class TestCase>
+class ParameterizedTestCaseInfo : public ParameterizedTestCaseInfoBase {
+ public:
+  // ParamType and GeneratorCreationFunc are private types but are required
+  // for declarations of public methods AddTestPattern() and
+  // AddTestCaseInstantiation().
+  typedef typename TestCase::ParamType ParamType;
+  // A function that returns an instance of appropriate generator type.
+  typedef ParamGenerator<ParamType>(GeneratorCreationFunc)();
+
+  explicit ParameterizedTestCaseInfo(const char* name)
+      : test_case_name_(name) {}
+
+  // Test case base name for display purposes.
+  virtual const string& GetTestCaseName() const { return test_case_name_; }
+  // Test case id to verify identity.
+  virtual TypeId GetTestCaseTypeId() const { return GetTypeId<TestCase>(); }
+  // TEST_P macro uses AddTestPattern() to record information
+  // about a single test in a LocalTestInfo structure.
+  // test_case_name is the base name of the test case (without invocation
+  // prefix). test_base_name is the name of an individual test without
+  // parameter index. For the test SequenceA/FooTest.DoBar/1 FooTest is
+  // test case base name and DoBar is test base name.
+  void AddTestPattern(const char* test_case_name,
+                      const char* test_base_name,
+                      TestMetaFactoryBase<ParamType>* meta_factory) {
+    tests_.push_back(linked_ptr<TestInfo>(new TestInfo(test_case_name,
+                                                       test_base_name,
+                                                       meta_factory)));
+  }
+  // INSTANTIATE_TEST_CASE_P macro uses AddGenerator() to record information
+  // about a generator.
+  int AddTestCaseInstantiation(const string& instantiation_name,
+                               GeneratorCreationFunc* func,
+                               const char* /* file */,
+                               int /* line */) {
+    instantiations_.push_back(::std::make_pair(instantiation_name, func));
+    return 0;  // Return value used only to run this method in namespace scope.
+  }
+  // UnitTest class invokes this method to register tests in this test case
+  // test cases right before running tests in RUN_ALL_TESTS macro.
+  // This method should not be called more then once on any single
+  // instance of a ParameterizedTestCaseInfoBase derived class.
+  // UnitTest has a guard to prevent from calling this method more then once.
+  virtual void RegisterTests() {
+    for (typename TestInfoContainer::iterator test_it = tests_.begin();
+         test_it != tests_.end(); ++test_it) {
+      linked_ptr<TestInfo> test_info = *test_it;
+      for (typename InstantiationContainer::iterator gen_it =
+               instantiations_.begin(); gen_it != instantiations_.end();
+               ++gen_it) {
+        const string& instantiation_name = gen_it->first;
+        ParamGenerator<ParamType> generator((*gen_it->second)());
+
+        string test_case_name;
+        if ( !instantiation_name.empty() )
+          test_case_name = instantiation_name + "/";
+        test_case_name += test_info->test_case_base_name;
+
+        int i = 0;
+        for (typename ParamGenerator<ParamType>::iterator param_it =
+                 generator.begin();
+             param_it != generator.end(); ++param_it, ++i) {
+          Message test_name_stream;
+          test_name_stream << test_info->test_base_name << "/" << i;
+          MakeAndRegisterTestInfo(
+              test_case_name.c_str(),
+              test_name_stream.GetString().c_str(),
+              NULL,  // No type parameter.
+              PrintToString(*param_it).c_str(),
+              GetTestCaseTypeId(),
+              TestCase::SetUpTestCase,
+              TestCase::TearDownTestCase,
+              test_info->test_meta_factory->CreateTestFactory(*param_it));
+        }  // for param_it
+      }  // for gen_it
+    }  // for test_it
+  }  // RegisterTests
+
+ private:
+  // LocalTestInfo structure keeps information about a single test registered
+  // with TEST_P macro.
+  struct TestInfo {
+    TestInfo(const char* a_test_case_base_name,
+             const char* a_test_base_name,
+             TestMetaFactoryBase<ParamType>* a_test_meta_factory) :
+        test_case_base_name(a_test_case_base_name),
+        test_base_name(a_test_base_name),
+        test_meta_factory(a_test_meta_factory) {}
+
+    const string test_case_base_name;
+    const string test_base_name;
+    const scoped_ptr<TestMetaFactoryBase<ParamType> > test_meta_factory;
+  };
+  typedef ::std::vector<linked_ptr<TestInfo> > TestInfoContainer;
+  // Keeps pairs of <Instantiation name, Sequence generator creation function>
+  // received from INSTANTIATE_TEST_CASE_P macros.
+  typedef ::std::vector<std::pair<string, GeneratorCreationFunc*> >
+      InstantiationContainer;
+
+  const string test_case_name_;
+  TestInfoContainer tests_;
+  InstantiationContainer instantiations_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestCaseInfo);
+};  // class ParameterizedTestCaseInfo
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// ParameterizedTestCaseRegistry contains a map of ParameterizedTestCaseInfoBase
+// classes accessed by test case names. TEST_P and INSTANTIATE_TEST_CASE_P
+// macros use it to locate their corresponding ParameterizedTestCaseInfo
+// descriptors.
+class ParameterizedTestCaseRegistry {
+ public:
+  ParameterizedTestCaseRegistry() {}
+  ~ParameterizedTestCaseRegistry() {
+    for (TestCaseInfoContainer::iterator it = test_case_infos_.begin();
+         it != test_case_infos_.end(); ++it) {
+      delete *it;
+    }
+  }
+
+  // Looks up or creates and returns a structure containing information about
+  // tests and instantiations of a particular test case.
+  template <class TestCase>
+  ParameterizedTestCaseInfo<TestCase>* GetTestCasePatternHolder(
+      const char* test_case_name,
+      const char* file,
+      int line) {
+    ParameterizedTestCaseInfo<TestCase>* typed_test_info = NULL;
+    for (TestCaseInfoContainer::iterator it = test_case_infos_.begin();
+         it != test_case_infos_.end(); ++it) {
+      if ((*it)->GetTestCaseName() == test_case_name) {
+        if ((*it)->GetTestCaseTypeId() != GetTypeId<TestCase>()) {
+          // Complain about incorrect usage of Google Test facilities
+          // and terminate the program since we cannot guaranty correct
+          // test case setup and tear-down in this case.
+          ReportInvalidTestCaseType(test_case_name,  file, line);
+          posix::Abort();
+        } else {
+          // At this point we are sure that the object we found is of the same
+          // type we are looking for, so we downcast it to that type
+          // without further checks.
+          typed_test_info = CheckedDowncastToActualType<
+              ParameterizedTestCaseInfo<TestCase> >(*it);
+        }
+        break;
+      }
+    }
+    if (typed_test_info == NULL) {
+      typed_test_info = new ParameterizedTestCaseInfo<TestCase>(test_case_name);
+      test_case_infos_.push_back(typed_test_info);
+    }
+    return typed_test_info;
+  }
+  void RegisterTests() {
+    for (TestCaseInfoContainer::iterator it = test_case_infos_.begin();
+         it != test_case_infos_.end(); ++it) {
+      (*it)->RegisterTests();
+    }
+  }
+
+ private:
+  typedef ::std::vector<ParameterizedTestCaseInfoBase*> TestCaseInfoContainer;
+
+  TestCaseInfoContainer test_case_infos_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ParameterizedTestCaseRegistry);
+};
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  //  GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PARAM_UTIL_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-port.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-port.h
new file mode 100644
index 0000000..f376dfa
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-port.h
@@ -0,0 +1,2432 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan)
+//
+// Low-level types and utilities for porting Google Test to various
+// platforms.  All macros ending with _ and symbols defined in an
+// internal namespace are subject to change without notice.  Code
+// outside Google Test MUST NOT USE THEM DIRECTLY.  Macros that don't
+// end with _ are part of Google Test's public API and can be used by
+// code outside Google Test.
+//
+// This file is fundamental to Google Test.  All other Google Test source
+// files are expected to #include this.  Therefore, it cannot #include
+// any other Google Test header.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PORT_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PORT_H_
+
+// Environment-describing macros
+// -----------------------------
+//
+// Google Test can be used in many different environments.  Macros in
+// this section tell Google Test what kind of environment it is being
+// used in, such that Google Test can provide environment-specific
+// features and implementations.
+//
+// Google Test tries to automatically detect the properties of its
+// environment, so users usually don't need to worry about these
+// macros.  However, the automatic detection is not perfect.
+// Sometimes it's necessary for a user to define some of the following
+// macros in the build script to override Google Test's decisions.
+//
+// If the user doesn't define a macro in the list, Google Test will
+// provide a default definition.  After this header is #included, all
+// macros in this list will be defined to either 1 or 0.
+//
+// Notes to maintainers:
+//   - Each macro here is a user-tweakable knob; do not grow the list
+//     lightly.
+//   - Use #if to key off these macros.  Don't use #ifdef or "#if
+//     defined(...)", which will not work as these macros are ALWAYS
+//     defined.
+//
+//   GTEST_HAS_CLONE          - Define it to 1/0 to indicate that clone(2)
+//                              is/isn't available.
+//   GTEST_HAS_EXCEPTIONS     - Define it to 1/0 to indicate that exceptions
+//                              are enabled.
+//   GTEST_HAS_GLOBAL_STRING  - Define it to 1/0 to indicate that ::string
+//                              is/isn't available (some systems define
+//                              ::string, which is different to std::string).
+//   GTEST_HAS_GLOBAL_WSTRING - Define it to 1/0 to indicate that ::string
+//                              is/isn't available (some systems define
+//                              ::wstring, which is different to std::wstring).
+//   GTEST_HAS_POSIX_RE       - Define it to 1/0 to indicate that POSIX regular
+//                              expressions are/aren't available.
+//   GTEST_HAS_PTHREAD        - Define it to 1/0 to indicate that <pthread.h>
+//                              is/isn't available.
+//   GTEST_HAS_RTTI           - Define it to 1/0 to indicate that RTTI is/isn't
+//                              enabled.
+//   GTEST_HAS_STD_WSTRING    - Define it to 1/0 to indicate that
+//                              std::wstring does/doesn't work (Google Test can
+//                              be used where std::wstring is unavailable).
+//   GTEST_HAS_TR1_TUPLE      - Define it to 1/0 to indicate tr1::tuple
+//                              is/isn't available.
+//   GTEST_HAS_SEH            - Define it to 1/0 to indicate whether the
+//                              compiler supports Microsoft's "Structured
+//                              Exception Handling".
+//   GTEST_HAS_STREAM_REDIRECTION
+//                            - Define it to 1/0 to indicate whether the
+//                              platform supports I/O stream redirection using
+//                              dup() and dup2().
+//   GTEST_USE_OWN_TR1_TUPLE  - Define it to 1/0 to indicate whether Google
+//                              Test's own tr1 tuple implementation should be
+//                              used.  Unused when the user sets
+//                              GTEST_HAS_TR1_TUPLE to 0.
+//   GTEST_LANG_CXX11         - Define it to 1/0 to indicate that Google Test
+//                              is building in C++11/C++98 mode.
+//   GTEST_LINKED_AS_SHARED_LIBRARY
+//                            - Define to 1 when compiling tests that use
+//                              Google Test as a shared library (known as
+//                              DLL on Windows).
+//   GTEST_CREATE_SHARED_LIBRARY
+//                            - Define to 1 when compiling Google Test itself
+//                              as a shared library.
+
+// Platform-indicating macros
+// --------------------------
+//
+// Macros indicating the platform on which Google Test is being used
+// (a macro is defined to 1 if compiled on the given platform;
+// otherwise UNDEFINED -- it's never defined to 0.).  Google Test
+// defines these macros automatically.  Code outside Google Test MUST
+// NOT define them.
+//
+//   GTEST_OS_AIX      - IBM AIX
+//   GTEST_OS_CYGWIN   - Cygwin
+//   GTEST_OS_HPUX     - HP-UX
+//   GTEST_OS_LINUX    - Linux
+//     GTEST_OS_LINUX_ANDROID - Google Android
+//   GTEST_OS_MAC      - Mac OS X
+//     GTEST_OS_IOS    - iOS
+//       GTEST_OS_IOS_SIMULATOR - iOS simulator
+//   GTEST_OS_NACL     - Google Native Client (NaCl)
+//   GTEST_OS_OPENBSD  - OpenBSD
+//   GTEST_OS_QNX      - QNX
+//   GTEST_OS_SOLARIS  - Sun Solaris
+//   GTEST_OS_SYMBIAN  - Symbian
+//   GTEST_OS_WINDOWS  - Windows (Desktop, MinGW, or Mobile)
+//     GTEST_OS_WINDOWS_DESKTOP  - Windows Desktop
+//     GTEST_OS_WINDOWS_MINGW    - MinGW
+//     GTEST_OS_WINDOWS_MOBILE   - Windows Mobile
+//     GTEST_OS_WINDOWS_PHONE    - Windows Phone
+//     GTEST_OS_WINDOWS_RT       - Windows Store App/WinRT
+//   GTEST_OS_ZOS      - z/OS
+//
+// Among the platforms, Cygwin, Linux, Max OS X, and Windows have the
+// most stable support.  Since core members of the Google Test project
+// don't have access to other platforms, support for them may be less
+// stable.  If you notice any problems on your platform, please notify
+// googletestframework@googlegroups.com (patches for fixing them are
+// even more welcome!).
+//
+// It is possible that none of the GTEST_OS_* macros are defined.
+
+// Feature-indicating macros
+// -------------------------
+//
+// Macros indicating which Google Test features are available (a macro
+// is defined to 1 if the corresponding feature is supported;
+// otherwise UNDEFINED -- it's never defined to 0.).  Google Test
+// defines these macros automatically.  Code outside Google Test MUST
+// NOT define them.
+//
+// These macros are public so that portable tests can be written.
+// Such tests typically surround code using a feature with an #if
+// which controls that code.  For example:
+//
+// #if GTEST_HAS_DEATH_TEST
+//   EXPECT_DEATH(DoSomethingDeadly());
+// #endif
+//
+//   GTEST_HAS_COMBINE      - the Combine() function (for value-parameterized
+//                            tests)
+//   GTEST_HAS_DEATH_TEST   - death tests
+//   GTEST_HAS_PARAM_TEST   - value-parameterized tests
+//   GTEST_HAS_TYPED_TEST   - typed tests
+//   GTEST_HAS_TYPED_TEST_P - type-parameterized tests
+//   GTEST_IS_THREADSAFE    - Google Test is thread-safe.
+//   GTEST_USES_POSIX_RE    - enhanced POSIX regex is used. Do not confuse with
+//                            GTEST_HAS_POSIX_RE (see above) which users can
+//                            define themselves.
+//   GTEST_USES_SIMPLE_RE   - our own simple regex is used;
+//                            the above two are mutually exclusive.
+//   GTEST_CAN_COMPARE_NULL - accepts untyped NULL in EXPECT_EQ().
+
+// Misc public macros
+// ------------------
+//
+//   GTEST_FLAG(flag_name)  - references the variable corresponding to
+//                            the given Google Test flag.
+
+// Internal utilities
+// ------------------
+//
+// The following macros and utilities are for Google Test's INTERNAL
+// use only.  Code outside Google Test MUST NOT USE THEM DIRECTLY.
+//
+// Macros for basic C++ coding:
+//   GTEST_AMBIGUOUS_ELSE_BLOCKER_ - for disabling a gcc warning.
+//   GTEST_ATTRIBUTE_UNUSED_  - declares that a class' instances or a
+//                              variable don't have to be used.
+//   GTEST_DISALLOW_ASSIGN_   - disables operator=.
+//   GTEST_DISALLOW_COPY_AND_ASSIGN_ - disables copy ctor and operator=.
+//   GTEST_MUST_USE_RESULT_   - declares that a function's result must be used.
+//   GTEST_INTENTIONAL_CONST_COND_PUSH_ - start code section where MSVC C4127 is
+//                                        suppressed (constant conditional).
+//   GTEST_INTENTIONAL_CONST_COND_POP_  - finish code section where MSVC C4127
+//                                        is suppressed.
+//
+// C++11 feature wrappers:
+//
+//   GTEST_MOVE_          - portability wrapper for std::move.
+//
+// Synchronization:
+//   Mutex, MutexLock, ThreadLocal, GetThreadCount()
+//                            - synchronization primitives.
+//
+// Template meta programming:
+//   is_pointer     - as in TR1; needed on Symbian and IBM XL C/C++ only.
+//   IteratorTraits - partial implementation of std::iterator_traits, which
+//                    is not available in libCstd when compiled with Sun C++.
+//
+// Smart pointers:
+//   scoped_ptr     - as in TR2.
+//
+// Regular expressions:
+//   RE             - a simple regular expression class using the POSIX
+//                    Extended Regular Expression syntax on UNIX-like
+//                    platforms, or a reduced regular exception syntax on
+//                    other platforms, including Windows.
+//
+// Logging:
+//   GTEST_LOG_()   - logs messages at the specified severity level.
+//   LogToStderr()  - directs all log messages to stderr.
+//   FlushInfoLog() - flushes informational log messages.
+//
+// Stdout and stderr capturing:
+//   CaptureStdout()     - starts capturing stdout.
+//   GetCapturedStdout() - stops capturing stdout and returns the captured
+//                         string.
+//   CaptureStderr()     - starts capturing stderr.
+//   GetCapturedStderr() - stops capturing stderr and returns the captured
+//                         string.
+//
+// Integer types:
+//   TypeWithSize   - maps an integer to a int type.
+//   Int32, UInt32, Int64, UInt64, TimeInMillis
+//                  - integers of known sizes.
+//   BiggestInt     - the biggest signed integer type.
+//
+// Command-line utilities:
+//   GTEST_DECLARE_*()  - declares a flag.
+//   GTEST_DEFINE_*()   - defines a flag.
+//   GetInjectableArgvs() - returns the command line as a vector of strings.
+//
+// Environment variable utilities:
+//   GetEnv()             - gets the value of an environment variable.
+//   BoolFromGTestEnv()   - parses a bool environment variable.
+//   Int32FromGTestEnv()  - parses an Int32 environment variable.
+//   StringFromGTestEnv() - parses a string environment variable.
+
+#include <ctype.h>   // for isspace, etc
+#include <stddef.h>  // for ptrdiff_t
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifndef _WIN32_WCE
+# include <sys/types.h>
+# include <sys/stat.h>
+#endif  // !_WIN32_WCE
+
+#if defined __APPLE__
+# include <AvailabilityMacros.h>
+# include <TargetConditionals.h>
+#endif
+
+#include <algorithm>  // NOLINT
+#include <iostream>  // NOLINT
+#include <sstream>  // NOLINT
+#include <string>  // NOLINT
+#include <utility>
+
+#define GTEST_DEV_EMAIL_ "googletestframework@@googlegroups.com"
+#define GTEST_FLAG_PREFIX_ "gtest_"
+#define GTEST_FLAG_PREFIX_DASH_ "gtest-"
+#define GTEST_FLAG_PREFIX_UPPER_ "GTEST_"
+#define GTEST_NAME_ "Google Test"
+#define GTEST_PROJECT_URL_ "http://code.google.com/p/googletest/"
+
+// Determines the version of gcc that is used to compile this.
+#ifdef __GNUC__
+// 40302 means version 4.3.2.
+# define GTEST_GCC_VER_ \
+    (__GNUC__*10000 + __GNUC_MINOR__*100 + __GNUC_PATCHLEVEL__)
+#endif  // __GNUC__
+
+// Determines the platform on which Google Test is compiled.
+#ifdef __CYGWIN__
+# define GTEST_OS_CYGWIN 1
+#elif defined __SYMBIAN32__
+# define GTEST_OS_SYMBIAN 1
+#elif defined _WIN32
+# define GTEST_OS_WINDOWS 1
+# ifdef _WIN32_WCE
+#  define GTEST_OS_WINDOWS_MOBILE 1
+# elif defined(__MINGW__) || defined(__MINGW32__)
+#  define GTEST_OS_WINDOWS_MINGW 1
+# elif defined(WINAPI_FAMILY)
+#  include <winapifamily.h>
+#  if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+#   define GTEST_OS_WINDOWS_DESKTOP 1
+#  elif WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_PHONE_APP)
+#   define GTEST_OS_WINDOWS_PHONE 1
+#  elif WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP)
+#   define GTEST_OS_WINDOWS_RT 1
+#  else
+    // WINAPI_FAMILY defined but no known partition matched.
+    // Default to desktop.
+#   define GTEST_OS_WINDOWS_DESKTOP 1
+#  endif
+# else
+#  define GTEST_OS_WINDOWS_DESKTOP 1
+# endif  // _WIN32_WCE
+#elif defined __APPLE__
+# define GTEST_OS_MAC 1
+# if TARGET_OS_IPHONE
+#  define GTEST_OS_IOS 1
+#  if TARGET_IPHONE_SIMULATOR
+#   define GTEST_OS_IOS_SIMULATOR 1
+#  endif
+# endif
+#elif defined __linux__
+# define GTEST_OS_LINUX 1
+# if defined __ANDROID__
+#  define GTEST_OS_LINUX_ANDROID 1
+# endif
+#elif defined __MVS__
+# define GTEST_OS_ZOS 1
+#elif defined(__sun) && defined(__SVR4)
+# define GTEST_OS_SOLARIS 1
+#elif defined(_AIX)
+# define GTEST_OS_AIX 1
+#elif defined(__hpux)
+# define GTEST_OS_HPUX 1
+#elif defined __native_client__
+# define GTEST_OS_NACL 1
+#elif defined __OpenBSD__
+# define GTEST_OS_OPENBSD 1
+#elif defined __QNX__
+# define GTEST_OS_QNX 1
+#endif  // __CYGWIN__
+
+// Macros for disabling Microsoft Visual C++ warnings.
+//
+//   GTEST_DISABLE_MSC_WARNINGS_PUSH_(4800 4385)
+//   /* code that triggers warnings C4800 and C4385 */
+//   GTEST_DISABLE_MSC_WARNINGS_POP_()
+#if _MSC_VER >= 1500
+# define GTEST_DISABLE_MSC_WARNINGS_PUSH_(warnings) \
+    __pragma(warning(push))                        \
+    __pragma(warning(disable: warnings))
+# define GTEST_DISABLE_MSC_WARNINGS_POP_()          \
+    __pragma(warning(pop))
+#else
+// Older versions of MSVC don't have __pragma.
+# define GTEST_DISABLE_MSC_WARNINGS_PUSH_(warnings)
+# define GTEST_DISABLE_MSC_WARNINGS_POP_()
+#endif
+
+#ifndef GTEST_LANG_CXX11
+// gcc and clang define __GXX_EXPERIMENTAL_CXX0X__ when
+// -std={c,gnu}++{0x,11} is passed.  The C++11 standard specifies a
+// value for __cplusplus, and recent versions of clang, gcc, and
+// probably other compilers set that too in C++11 mode.
+# if __GXX_EXPERIMENTAL_CXX0X__ || __cplusplus >= 201103L
+// Compiling in at least C++11 mode.
+#  define GTEST_LANG_CXX11 1
+# else
+#  define GTEST_LANG_CXX11 0
+# endif
+#endif
+
+// C++11 specifies that <initializer_list> provides std::initializer_list. Use
+// that if gtest is used in C++11 mode and libstdc++ isn't very old (binaries
+// targeting OS X 10.6 can build with clang but need to use gcc4.2's
+// libstdc++).
+#if GTEST_LANG_CXX11 && (!defined(__GLIBCXX__) || __GLIBCXX__ > 20110325)
+# define GTEST_HAS_STD_INITIALIZER_LIST_ 1
+#endif
+
+// C++11 specifies that <tuple> provides std::tuple.
+// Some platforms still might not have it, however.
+#if GTEST_LANG_CXX11
+# define GTEST_HAS_STD_TUPLE_ 1
+# if defined(__clang__)
+// Inspired by http://clang.llvm.org/docs/LanguageExtensions.html#__has_include
+#  if defined(__has_include) && !__has_include(<tuple>)
+#   undef GTEST_HAS_STD_TUPLE_
+#  endif
+# elif defined(_MSC_VER)
+// Inspired by boost/config/stdlib/dinkumware.hpp
+#  if defined(_CPPLIB_VER) && _CPPLIB_VER < 520
+#   undef GTEST_HAS_STD_TUPLE_
+#  endif
+# elif defined(__GLIBCXX__)
+// Inspired by boost/config/stdlib/libstdcpp3.hpp,
+// http://gcc.gnu.org/gcc-4.2/changes.html and
+// http://gcc.gnu.org/onlinedocs/libstdc++/manual/bk01pt01ch01.html#manual.intro.status.standard.200x
+#  if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 2)
+#   undef GTEST_HAS_STD_TUPLE_
+#  endif
+# endif
+#endif
+
+// Brings in definitions for functions used in the testing::internal::posix
+// namespace (read, write, close, chdir, isatty, stat). We do not currently
+// use them on Windows Mobile.
+#if GTEST_OS_WINDOWS
+# if !GTEST_OS_WINDOWS_MOBILE
+#  include <direct.h>
+#  include <io.h>
+# endif
+// In order to avoid having to include <windows.h>, use forward declaration
+// assuming CRITICAL_SECTION is a typedef of _RTL_CRITICAL_SECTION.
+// This assumption is verified by
+// WindowsTypesTest.CRITICAL_SECTIONIs_RTL_CRITICAL_SECTION.
+struct _RTL_CRITICAL_SECTION;
+#else
+// This assumes that non-Windows OSes provide unistd.h. For OSes where this
+// is not the case, we need to include headers that provide the functions
+// mentioned above.
+# include <unistd.h>
+# include <strings.h>
+#endif  // GTEST_OS_WINDOWS
+
+#if GTEST_OS_LINUX_ANDROID
+// Used to define __ANDROID_API__ matching the target NDK API level.
+#  include <android/api-level.h>  // NOLINT
+#endif
+
+// Defines this to true iff Google Test can use POSIX regular expressions.
+#ifndef GTEST_HAS_POSIX_RE
+# if GTEST_OS_LINUX_ANDROID
+// On Android, <regex.h> is only available starting with Gingerbread.
+#  define GTEST_HAS_POSIX_RE (__ANDROID_API__ >= 9)
+# else
+#  define GTEST_HAS_POSIX_RE (!GTEST_OS_WINDOWS)
+# endif
+#endif
+
+#if GTEST_HAS_POSIX_RE
+
+// On some platforms, <regex.h> needs someone to define size_t, and
+// won't compile otherwise.  We can #include it here as we already
+// included <stdlib.h>, which is guaranteed to define size_t through
+// <stddef.h>.
+# include <regex.h>  // NOLINT
+
+# define GTEST_USES_POSIX_RE 1
+
+#elif GTEST_OS_WINDOWS
+
+// <regex.h> is not available on Windows.  Use our own simple regex
+// implementation instead.
+# define GTEST_USES_SIMPLE_RE 1
+
+#else
+
+// <regex.h> may not be available on this platform.  Use our own
+// simple regex implementation instead.
+# define GTEST_USES_SIMPLE_RE 1
+
+#endif  // GTEST_HAS_POSIX_RE
+
+#ifndef GTEST_HAS_EXCEPTIONS
+// The user didn't tell us whether exceptions are enabled, so we need
+// to figure it out.
+# if defined(_MSC_VER) || defined(__BORLANDC__)
+// MSVC's and C++Builder's implementations of the STL use the _HAS_EXCEPTIONS
+// macro to enable exceptions, so we'll do the same.
+// Assumes that exceptions are enabled by default.
+#  ifndef _HAS_EXCEPTIONS
+#   define _HAS_EXCEPTIONS 1
+#  endif  // _HAS_EXCEPTIONS
+#  define GTEST_HAS_EXCEPTIONS _HAS_EXCEPTIONS
+# elif defined(__GNUC__) && __EXCEPTIONS
+// gcc defines __EXCEPTIONS to 1 iff exceptions are enabled.
+#  define GTEST_HAS_EXCEPTIONS 1
+# elif defined(__SUNPRO_CC)
+// Sun Pro CC supports exceptions.  However, there is no compile-time way of
+// detecting whether they are enabled or not.  Therefore, we assume that
+// they are enabled unless the user tells us otherwise.
+#  define GTEST_HAS_EXCEPTIONS 1
+# elif defined(__IBMCPP__) && __EXCEPTIONS
+// xlC defines __EXCEPTIONS to 1 iff exceptions are enabled.
+#  define GTEST_HAS_EXCEPTIONS 1
+# elif defined(__HP_aCC)
+// Exception handling is in effect by default in HP aCC compiler. It has to
+// be turned of by +noeh compiler option if desired.
+#  define GTEST_HAS_EXCEPTIONS 1
+# else
+// For other compilers, we assume exceptions are disabled to be
+// conservative.
+#  define GTEST_HAS_EXCEPTIONS 0
+# endif  // defined(_MSC_VER) || defined(__BORLANDC__)
+#endif  // GTEST_HAS_EXCEPTIONS
+
+#if !defined(GTEST_HAS_STD_STRING)
+// Even though we don't use this macro any longer, we keep it in case
+// some clients still depend on it.
+# define GTEST_HAS_STD_STRING 1
+#elif !GTEST_HAS_STD_STRING
+// The user told us that ::std::string isn't available.
+# error "Google Test cannot be used where ::std::string isn't available."
+#endif  // !defined(GTEST_HAS_STD_STRING)
+
+#ifndef GTEST_HAS_GLOBAL_STRING
+// The user didn't tell us whether ::string is available, so we need
+// to figure it out.
+
+# define GTEST_HAS_GLOBAL_STRING 0
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+#ifndef GTEST_HAS_STD_WSTRING
+// The user didn't tell us whether ::std::wstring is available, so we need
+// to figure it out.
+// TODO(wan@google.com): uses autoconf to detect whether ::std::wstring
+//   is available.
+
+// Cygwin 1.7 and below doesn't support ::std::wstring.
+// Solaris' libc++ doesn't support it either.  Android has
+// no support for it at least as recent as Froyo (2.2).
+# define GTEST_HAS_STD_WSTRING \
+    (!(GTEST_OS_LINUX_ANDROID || GTEST_OS_CYGWIN || GTEST_OS_SOLARIS))
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+#ifndef GTEST_HAS_GLOBAL_WSTRING
+// The user didn't tell us whether ::wstring is available, so we need
+// to figure it out.
+# define GTEST_HAS_GLOBAL_WSTRING \
+    (GTEST_HAS_STD_WSTRING && GTEST_HAS_GLOBAL_STRING)
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// Determines whether RTTI is available.
+#ifndef GTEST_HAS_RTTI
+// The user didn't tell us whether RTTI is enabled, so we need to
+// figure it out.
+
+# ifdef _MSC_VER
+
+#  ifdef _CPPRTTI  // MSVC defines this macro iff RTTI is enabled.
+#   define GTEST_HAS_RTTI 1
+#  else
+#   define GTEST_HAS_RTTI 0
+#  endif
+
+// Starting with version 4.3.2, gcc defines __GXX_RTTI iff RTTI is enabled.
+# elif defined(__GNUC__) && (GTEST_GCC_VER_ >= 40302)
+
+#  ifdef __GXX_RTTI
+// When building against STLport with the Android NDK and with
+// -frtti -fno-exceptions, the build fails at link time with undefined
+// references to __cxa_bad_typeid. Note sure if STL or toolchain bug,
+// so disable RTTI when detected.
+#   if GTEST_OS_LINUX_ANDROID && defined(_STLPORT_MAJOR) && \
+       !defined(__EXCEPTIONS)
+#    define GTEST_HAS_RTTI 0
+#   else
+#    define GTEST_HAS_RTTI 1
+#   endif  // GTEST_OS_LINUX_ANDROID && __STLPORT_MAJOR && !__EXCEPTIONS
+#  else
+#   define GTEST_HAS_RTTI 0
+#  endif  // __GXX_RTTI
+
+// Clang defines __GXX_RTTI starting with version 3.0, but its manual recommends
+// using has_feature instead. has_feature(cxx_rtti) is supported since 2.7, the
+// first version with C++ support.
+# elif defined(__clang__)
+
+#  define GTEST_HAS_RTTI __has_feature(cxx_rtti)
+
+// Starting with version 9.0 IBM Visual Age defines __RTTI_ALL__ to 1 if
+// both the typeid and dynamic_cast features are present.
+# elif defined(__IBMCPP__) && (__IBMCPP__ >= 900)
+
+#  ifdef __RTTI_ALL__
+#   define GTEST_HAS_RTTI 1
+#  else
+#   define GTEST_HAS_RTTI 0
+#  endif
+
+# else
+
+// For all other compilers, we assume RTTI is enabled.
+#  define GTEST_HAS_RTTI 1
+
+# endif  // _MSC_VER
+
+#endif  // GTEST_HAS_RTTI
+
+// It's this header's responsibility to #include <typeinfo> when RTTI
+// is enabled.
+#if GTEST_HAS_RTTI
+# include <typeinfo>
+#endif
+
+// Determines whether Google Test can use the pthreads library.
+#ifndef GTEST_HAS_PTHREAD
+// The user didn't tell us explicitly, so we assume pthreads support is
+// available on Linux and Mac.
+//
+// To disable threading support in Google Test, add -DGTEST_HAS_PTHREAD=0
+// to your compiler flags.
+# define GTEST_HAS_PTHREAD (GTEST_OS_LINUX || GTEST_OS_MAC || GTEST_OS_HPUX \
+    || GTEST_OS_QNX)
+#endif  // GTEST_HAS_PTHREAD
+
+#if GTEST_HAS_PTHREAD
+// gtest-port.h guarantees to #include <pthread.h> when GTEST_HAS_PTHREAD is
+// true.
+# include <pthread.h>  // NOLINT
+
+// For timespec and nanosleep, used below.
+# include <time.h>  // NOLINT
+#endif
+
+// Determines whether Google Test can use tr1/tuple.  You can define
+// this macro to 0 to prevent Google Test from using tuple (any
+// feature depending on tuple with be disabled in this mode).
+#ifndef GTEST_HAS_TR1_TUPLE
+# if GTEST_OS_LINUX_ANDROID && defined(_STLPORT_MAJOR)
+// STLport, provided with the Android NDK, has neither <tr1/tuple> or <tuple>.
+#  define GTEST_HAS_TR1_TUPLE 0
+# else
+// The user didn't tell us not to do it, so we assume it's OK.
+#  define GTEST_HAS_TR1_TUPLE 1
+# endif
+#endif  // GTEST_HAS_TR1_TUPLE
+
+// Determines whether Google Test's own tr1 tuple implementation
+// should be used.
+#ifndef GTEST_USE_OWN_TR1_TUPLE
+// The user didn't tell us, so we need to figure it out.
+
+// We use our own TR1 tuple if we aren't sure the user has an
+// implementation of it already.  At this time, libstdc++ 4.0.0+ and
+// MSVC 2010 are the only mainstream standard libraries that come
+// with a TR1 tuple implementation.  NVIDIA's CUDA NVCC compiler
+// pretends to be GCC by defining __GNUC__ and friends, but cannot
+// compile GCC's tuple implementation.  MSVC 2008 (9.0) provides TR1
+// tuple in a 323 MB Feature Pack download, which we cannot assume the
+// user has.  QNX's QCC compiler is a modified GCC but it doesn't
+// support TR1 tuple.  libc++ only provides std::tuple, in C++11 mode,
+// and it can be used with some compilers that define __GNUC__.
+# if (defined(__GNUC__) && !defined(__CUDACC__) && (GTEST_GCC_VER_ >= 40000) \
+      && !GTEST_OS_QNX && !defined(_LIBCPP_VERSION)) || _MSC_VER >= 1600
+#  define GTEST_ENV_HAS_TR1_TUPLE_ 1
+# endif
+
+// C++11 specifies that <tuple> provides std::tuple. Use that if gtest is used
+// in C++11 mode and libstdc++ isn't very old (binaries targeting OS X 10.6
+// can build with clang but need to use gcc4.2's libstdc++).
+# if GTEST_LANG_CXX11 && (!defined(__GLIBCXX__) || __GLIBCXX__ > 20110325)
+#  define GTEST_ENV_HAS_STD_TUPLE_ 1
+# endif
+
+# if GTEST_ENV_HAS_TR1_TUPLE_ || GTEST_ENV_HAS_STD_TUPLE_
+#  define GTEST_USE_OWN_TR1_TUPLE 0
+# else
+#  define GTEST_USE_OWN_TR1_TUPLE 1
+# endif
+
+#endif  // GTEST_USE_OWN_TR1_TUPLE
+
+// To avoid conditional compilation everywhere, we make it
+// gtest-port.h's responsibility to #include the header implementing
+// tuple.
+#if GTEST_HAS_STD_TUPLE_
+# include <tuple>  // IWYU pragma: export
+# define GTEST_TUPLE_NAMESPACE_ ::std
+#endif  // GTEST_HAS_STD_TUPLE_
+
+// We include tr1::tuple even if std::tuple is available to define printers for
+// them.
+#if GTEST_HAS_TR1_TUPLE
+# ifndef GTEST_TUPLE_NAMESPACE_
+#  define GTEST_TUPLE_NAMESPACE_ ::std::tr1
+# endif  // GTEST_TUPLE_NAMESPACE_
+
+# if GTEST_USE_OWN_TR1_TUPLE
+#  include "gtest/internal/gtest-tuple.h"  // IWYU pragma: export  // NOLINT
+# elif GTEST_ENV_HAS_STD_TUPLE_
+#  include <tuple>
+// C++11 puts its tuple into the ::std namespace rather than
+// ::std::tr1.  gtest expects tuple to live in ::std::tr1, so put it there.
+// This causes undefined behavior, but supported compilers react in
+// the way we intend.
+namespace std {
+namespace tr1 {
+using ::std::get;
+using ::std::make_tuple;
+using ::std::tuple;
+using ::std::tuple_element;
+using ::std::tuple_size;
+}
+}
+
+# elif GTEST_OS_SYMBIAN
+
+// On Symbian, BOOST_HAS_TR1_TUPLE causes Boost's TR1 tuple library to
+// use STLport's tuple implementation, which unfortunately doesn't
+// work as the copy of STLport distributed with Symbian is incomplete.
+// By making sure BOOST_HAS_TR1_TUPLE is undefined, we force Boost to
+// use its own tuple implementation.
+#  ifdef BOOST_HAS_TR1_TUPLE
+#   undef BOOST_HAS_TR1_TUPLE
+#  endif  // BOOST_HAS_TR1_TUPLE
+
+// This prevents <boost/tr1/detail/config.hpp>, which defines
+// BOOST_HAS_TR1_TUPLE, from being #included by Boost's <tuple>.
+#  define BOOST_TR1_DETAIL_CONFIG_HPP_INCLUDED
+#  include <tuple>  // IWYU pragma: export  // NOLINT
+
+# elif defined(__GNUC__) && (GTEST_GCC_VER_ >= 40000)
+// GCC 4.0+ implements tr1/tuple in the <tr1/tuple> header.  This does
+// not conform to the TR1 spec, which requires the header to be <tuple>.
+
+#  if !GTEST_HAS_RTTI && GTEST_GCC_VER_ < 40302
+// Until version 4.3.2, gcc has a bug that causes <tr1/functional>,
+// which is #included by <tr1/tuple>, to not compile when RTTI is
+// disabled.  _TR1_FUNCTIONAL is the header guard for
+// <tr1/functional>.  Hence the following #define is a hack to prevent
+// <tr1/functional> from being included.
+#   define _TR1_FUNCTIONAL 1
+#   include <tr1/tuple>
+#   undef _TR1_FUNCTIONAL  // Allows the user to #include
+                        // <tr1/functional> if he chooses to.
+#  else
+#   include <tr1/tuple>  // NOLINT
+#  endif  // !GTEST_HAS_RTTI && GTEST_GCC_VER_ < 40302
+
+# else
+// If the compiler is not GCC 4.0+, we assume the user is using a
+// spec-conforming TR1 implementation.
+#  include <tuple>  // IWYU pragma: export  // NOLINT
+# endif  // GTEST_USE_OWN_TR1_TUPLE
+
+#endif  // GTEST_HAS_TR1_TUPLE
+
+// Determines whether clone(2) is supported.
+// Usually it will only be available on Linux, excluding
+// Linux on the Itanium architecture.
+// Also see http://linux.die.net/man/2/clone.
+#ifndef GTEST_HAS_CLONE
+// The user didn't tell us, so we need to figure it out.
+
+# if GTEST_OS_LINUX && !defined(__ia64__)
+#  if GTEST_OS_LINUX_ANDROID
+// On Android, clone() is only available on ARM starting with Gingerbread.
+#    if defined(__arm__) && __ANDROID_API__ >= 9
+#     define GTEST_HAS_CLONE 1
+#    else
+#     define GTEST_HAS_CLONE 0
+#    endif
+#  else
+#   define GTEST_HAS_CLONE 1
+#  endif
+# else
+#  define GTEST_HAS_CLONE 0
+# endif  // GTEST_OS_LINUX && !defined(__ia64__)
+
+#endif  // GTEST_HAS_CLONE
+
+// Determines whether to support stream redirection. This is used to test
+// output correctness and to implement death tests.
+#ifndef GTEST_HAS_STREAM_REDIRECTION
+// By default, we assume that stream redirection is supported on all
+// platforms except known mobile ones.
+# if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_SYMBIAN || \
+    GTEST_OS_WINDOWS_PHONE || GTEST_OS_WINDOWS_RT
+#  define GTEST_HAS_STREAM_REDIRECTION 0
+# else
+#  define GTEST_HAS_STREAM_REDIRECTION 1
+# endif  // !GTEST_OS_WINDOWS_MOBILE && !GTEST_OS_SYMBIAN
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+// Determines whether to support death tests.
+// Google Test does not support death tests for VC 7.1 and earlier as
+// abort() in a VC 7.1 application compiled as GUI in debug config
+// pops up a dialog window that cannot be suppressed programmatically.
+#if (GTEST_OS_LINUX || GTEST_OS_CYGWIN || GTEST_OS_SOLARIS || \
+     (GTEST_OS_MAC && !GTEST_OS_IOS) || GTEST_OS_IOS_SIMULATOR || \
+     (GTEST_OS_WINDOWS_DESKTOP && _MSC_VER >= 1400) || \
+     GTEST_OS_WINDOWS_MINGW || GTEST_OS_AIX || GTEST_OS_HPUX || \
+     GTEST_OS_OPENBSD || GTEST_OS_QNX)
+# define GTEST_HAS_DEATH_TEST 1
+# include <vector>  // NOLINT
+#endif
+
+// We don't support MSVC 7.1 with exceptions disabled now.  Therefore
+// all the compilers we care about are adequate for supporting
+// value-parameterized tests.
+#define GTEST_HAS_PARAM_TEST 1
+
+// Determines whether to support type-driven tests.
+
+// Typed tests need <typeinfo> and variadic macros, which GCC, VC++ 8.0,
+// Sun Pro CC, IBM Visual Age, and HP aCC support.
+#if defined(__GNUC__) || (_MSC_VER >= 1400) || defined(__SUNPRO_CC) || \
+    defined(__IBMCPP__) || defined(__HP_aCC)
+# define GTEST_HAS_TYPED_TEST 1
+# define GTEST_HAS_TYPED_TEST_P 1
+#endif
+
+// Determines whether to support Combine(). This only makes sense when
+// value-parameterized tests are enabled.  The implementation doesn't
+// work on Sun Studio since it doesn't understand templated conversion
+// operators.
+#if GTEST_HAS_PARAM_TEST && GTEST_HAS_TR1_TUPLE && !defined(__SUNPRO_CC)
+# define GTEST_HAS_COMBINE 1
+#endif
+
+// Determines whether the system compiler uses UTF-16 for encoding wide strings.
+#define GTEST_WIDE_STRING_USES_UTF16_ \
+    (GTEST_OS_WINDOWS || GTEST_OS_CYGWIN || GTEST_OS_SYMBIAN || GTEST_OS_AIX)
+
+// Determines whether test results can be streamed to a socket.
+#if GTEST_OS_LINUX
+# define GTEST_CAN_STREAM_RESULTS_ 1
+#endif
+
+// Defines some utility macros.
+
+// The GNU compiler emits a warning if nested "if" statements are followed by
+// an "else" statement and braces are not used to explicitly disambiguate the
+// "else" binding.  This leads to problems with code like:
+//
+//   if (gate)
+//     ASSERT_*(condition) << "Some message";
+//
+// The "switch (0) case 0:" idiom is used to suppress this.
+#ifdef __INTEL_COMPILER
+# define GTEST_AMBIGUOUS_ELSE_BLOCKER_
+#else
+# define GTEST_AMBIGUOUS_ELSE_BLOCKER_ switch (0) case 0: default:  // NOLINT
+#endif
+
+// Use this annotation at the end of a struct/class definition to
+// prevent the compiler from optimizing away instances that are never
+// used.  This is useful when all interesting logic happens inside the
+// c'tor and / or d'tor.  Example:
+//
+//   struct Foo {
+//     Foo() { ... }
+//   } GTEST_ATTRIBUTE_UNUSED_;
+//
+// Also use it after a variable or parameter declaration to tell the
+// compiler the variable/parameter does not have to be used.
+#if defined(__GNUC__) && !defined(COMPILER_ICC)
+# define GTEST_ATTRIBUTE_UNUSED_ __attribute__ ((unused))
+#else
+# define GTEST_ATTRIBUTE_UNUSED_
+#endif
+
+// A macro to disallow operator=
+// This should be used in the private: declarations for a class.
+#define GTEST_DISALLOW_ASSIGN_(type)\
+  void operator=(type const &)
+
+// A macro to disallow copy constructor and operator=
+// This should be used in the private: declarations for a class.
+#define GTEST_DISALLOW_COPY_AND_ASSIGN_(type)\
+  type(type const &);\
+  GTEST_DISALLOW_ASSIGN_(type)
+
+// Tell the compiler to warn about unused return values for functions declared
+// with this macro.  The macro should be used on function declarations
+// following the argument list:
+//
+//   Sprocket* AllocateSprocket() GTEST_MUST_USE_RESULT_;
+#if defined(__GNUC__) && (GTEST_GCC_VER_ >= 30400) && !defined(COMPILER_ICC)
+# define GTEST_MUST_USE_RESULT_ __attribute__ ((warn_unused_result))
+#else
+# define GTEST_MUST_USE_RESULT_
+#endif  // __GNUC__ && (GTEST_GCC_VER_ >= 30400) && !COMPILER_ICC
+
+#if GTEST_LANG_CXX11
+# define GTEST_MOVE_(x) ::std::move(x)  // NOLINT
+#else
+# define GTEST_MOVE_(x) x
+#endif
+
+// MS C++ compiler emits warning when a conditional expression is compile time
+// constant. In some contexts this warning is false positive and needs to be
+// suppressed. Use the following two macros in such cases:
+//
+// GTEST_INTENTIONAL_CONST_COND_PUSH_()
+// while (true) {
+// GTEST_INTENTIONAL_CONST_COND_POP_()
+// }
+# define GTEST_INTENTIONAL_CONST_COND_PUSH_() \
+    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4127)
+# define GTEST_INTENTIONAL_CONST_COND_POP_() \
+    GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+// Determine whether the compiler supports Microsoft's Structured Exception
+// Handling.  This is supported by several Windows compilers but generally
+// does not exist on any other system.
+#ifndef GTEST_HAS_SEH
+// The user didn't tell us, so we need to figure it out.
+
+# if defined(_MSC_VER) || defined(__BORLANDC__)
+// These two compilers are known to support SEH.
+#  define GTEST_HAS_SEH 1
+# else
+// Assume no SEH.
+#  define GTEST_HAS_SEH 0
+# endif
+
+#define GTEST_IS_THREADSAFE \
+    (0 \
+     || (GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT) \
+     || GTEST_HAS_PTHREAD)
+
+#endif  // GTEST_HAS_SEH
+
+#ifdef _MSC_VER
+
+# if GTEST_LINKED_AS_SHARED_LIBRARY
+#  define GTEST_API_ __declspec(dllimport)
+# elif GTEST_CREATE_SHARED_LIBRARY
+#  define GTEST_API_ __declspec(dllexport)
+# endif
+
+#endif  // _MSC_VER
+
+#ifndef GTEST_API_
+# define GTEST_API_
+#endif
+
+#ifdef __GNUC__
+// Ask the compiler to never inline a given function.
+# define GTEST_NO_INLINE_ __attribute__((noinline))
+#else
+# define GTEST_NO_INLINE_
+#endif
+
+// _LIBCPP_VERSION is defined by the libc++ library from the LLVM project.
+#if defined(__GLIBCXX__) || defined(_LIBCPP_VERSION)
+# define GTEST_HAS_CXXABI_H_ 1
+#else
+# define GTEST_HAS_CXXABI_H_ 0
+#endif
+
+// A function level attribute to disable checking for use of uninitialized
+// memory when built with MemorySanitizer.
+#if defined(__clang__)
+# if __has_feature(memory_sanitizer)
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_ \
+       __attribute__((no_sanitize_memory))
+# else
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+# endif  // __has_feature(memory_sanitizer)
+#else
+# define GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+#endif  // __clang__
+
+// A function level attribute to disable AddressSanitizer instrumentation.
+#if defined(__clang__)
+# if __has_feature(address_sanitizer)
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_ \
+       __attribute__((no_sanitize_address))
+# else
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+# endif  // __has_feature(address_sanitizer)
+#else
+# define GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+#endif  // __clang__
+
+// A function level attribute to disable ThreadSanitizer instrumentation.
+#if defined(__clang__)
+# if __has_feature(thread_sanitizer)
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_ \
+       __attribute__((no_sanitize_thread))
+# else
+#  define GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+# endif  // __has_feature(thread_sanitizer)
+#else
+# define GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+#endif  // __clang__
+
+namespace testing {
+
+class Message;
+
+#if defined(GTEST_TUPLE_NAMESPACE_)
+// Import tuple and friends into the ::testing namespace.
+// It is part of our interface, having them in ::testing allows us to change
+// their types as needed.
+using GTEST_TUPLE_NAMESPACE_::get;
+using GTEST_TUPLE_NAMESPACE_::make_tuple;
+using GTEST_TUPLE_NAMESPACE_::tuple;
+using GTEST_TUPLE_NAMESPACE_::tuple_size;
+using GTEST_TUPLE_NAMESPACE_::tuple_element;
+#endif  // defined(GTEST_TUPLE_NAMESPACE_)
+
+namespace internal {
+
+// A secret type that Google Test users don't know about.  It has no
+// definition on purpose.  Therefore it's impossible to create a
+// Secret object, which is what we want.
+class Secret;
+
+// The GTEST_COMPILE_ASSERT_ macro can be used to verify that a compile time
+// expression is true. For example, you could use it to verify the
+// size of a static array:
+//
+//   GTEST_COMPILE_ASSERT_(GTEST_ARRAY_SIZE_(names) == NUM_NAMES,
+//                         names_incorrect_size);
+//
+// or to make sure a struct is smaller than a certain size:
+//
+//   GTEST_COMPILE_ASSERT_(sizeof(foo) < 128, foo_too_large);
+//
+// The second argument to the macro is the name of the variable. If
+// the expression is false, most compilers will issue a warning/error
+// containing the name of the variable.
+
+template <bool>
+struct CompileAssert {
+};
+
+#define GTEST_COMPILE_ASSERT_(expr, msg) \
+  typedef ::testing::internal::CompileAssert<(static_cast<bool>(expr))> \
+      msg[static_cast<bool>(expr) ? 1 : -1] GTEST_ATTRIBUTE_UNUSED_
+
+// Implementation details of GTEST_COMPILE_ASSERT_:
+//
+// - GTEST_COMPILE_ASSERT_ works by defining an array type that has -1
+//   elements (and thus is invalid) when the expression is false.
+//
+// - The simpler definition
+//
+//    #define GTEST_COMPILE_ASSERT_(expr, msg) typedef char msg[(expr) ? 1 : -1]
+//
+//   does not work, as gcc supports variable-length arrays whose sizes
+//   are determined at run-time (this is gcc's extension and not part
+//   of the C++ standard).  As a result, gcc fails to reject the
+//   following code with the simple definition:
+//
+//     int foo;
+//     GTEST_COMPILE_ASSERT_(foo, msg); // not supposed to compile as foo is
+//                                      // not a compile-time constant.
+//
+// - By using the type CompileAssert<(bool(expr))>, we ensures that
+//   expr is a compile-time constant.  (Template arguments must be
+//   determined at compile-time.)
+//
+// - The outter parentheses in CompileAssert<(bool(expr))> are necessary
+//   to work around a bug in gcc 3.4.4 and 4.0.1.  If we had written
+//
+//     CompileAssert<bool(expr)>
+//
+//   instead, these compilers will refuse to compile
+//
+//     GTEST_COMPILE_ASSERT_(5 > 0, some_message);
+//
+//   (They seem to think the ">" in "5 > 0" marks the end of the
+//   template argument list.)
+//
+// - The array size is (bool(expr) ? 1 : -1), instead of simply
+//
+//     ((expr) ? 1 : -1).
+//
+//   This is to avoid running into a bug in MS VC 7.1, which
+//   causes ((0.0) ? 1 : -1) to incorrectly evaluate to 1.
+
+// StaticAssertTypeEqHelper is used by StaticAssertTypeEq defined in gtest.h.
+//
+// This template is declared, but intentionally undefined.
+template <typename T1, typename T2>
+struct StaticAssertTypeEqHelper;
+
+template <typename T>
+struct StaticAssertTypeEqHelper<T, T> {
+  enum { value = true };
+};
+
+// Evaluates to the number of elements in 'array'.
+#define GTEST_ARRAY_SIZE_(array) (sizeof(array) / sizeof(array[0]))
+
+#if GTEST_HAS_GLOBAL_STRING
+typedef ::string string;
+#else
+typedef ::std::string string;
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+typedef ::wstring wstring;
+#elif GTEST_HAS_STD_WSTRING
+typedef ::std::wstring wstring;
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// A helper for suppressing warnings on constant condition.  It just
+// returns 'condition'.
+GTEST_API_ bool IsTrue(bool condition);
+
+// Defines scoped_ptr.
+
+// This implementation of scoped_ptr is PARTIAL - it only contains
+// enough stuff to satisfy Google Test's need.
+template <typename T>
+class scoped_ptr {
+ public:
+  typedef T element_type;
+
+  explicit scoped_ptr(T* p = NULL) : ptr_(p) {}
+  ~scoped_ptr() { reset(); }
+
+  T& operator*() const { return *ptr_; }
+  T* operator->() const { return ptr_; }
+  T* get() const { return ptr_; }
+
+  T* release() {
+    T* const ptr = ptr_;
+    ptr_ = NULL;
+    return ptr;
+  }
+
+  void reset(T* p = NULL) {
+    if (p != ptr_) {
+      if (IsTrue(sizeof(T) > 0)) {  // Makes sure T is a complete type.
+        delete ptr_;
+      }
+      ptr_ = p;
+    }
+  }
+
+  friend void swap(scoped_ptr& a, scoped_ptr& b) {
+    using std::swap;
+    swap(a.ptr_, b.ptr_);
+  }
+
+ private:
+  T* ptr_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(scoped_ptr);
+};
+
+// Defines RE.
+
+// A simple C++ wrapper for <regex.h>.  It uses the POSIX Extended
+// Regular Expression syntax.
+class GTEST_API_ RE {
+ public:
+  // A copy constructor is required by the Standard to initialize object
+  // references from r-values.
+  RE(const RE& other) { Init(other.pattern()); }
+
+  // Constructs an RE from a string.
+  RE(const ::std::string& regex) { Init(regex.c_str()); }  // NOLINT
+
+#if GTEST_HAS_GLOBAL_STRING
+
+  RE(const ::string& regex) { Init(regex.c_str()); }  // NOLINT
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+  RE(const char* regex) { Init(regex); }  // NOLINT
+  ~RE();
+
+  // Returns the string representation of the regex.
+  const char* pattern() const { return pattern_; }
+
+  // FullMatch(str, re) returns true iff regular expression re matches
+  // the entire str.
+  // PartialMatch(str, re) returns true iff regular expression re
+  // matches a substring of str (including str itself).
+  //
+  // TODO(wan@google.com): make FullMatch() and PartialMatch() work
+  // when str contains NUL characters.
+  static bool FullMatch(const ::std::string& str, const RE& re) {
+    return FullMatch(str.c_str(), re);
+  }
+  static bool PartialMatch(const ::std::string& str, const RE& re) {
+    return PartialMatch(str.c_str(), re);
+  }
+
+#if GTEST_HAS_GLOBAL_STRING
+
+  static bool FullMatch(const ::string& str, const RE& re) {
+    return FullMatch(str.c_str(), re);
+  }
+  static bool PartialMatch(const ::string& str, const RE& re) {
+    return PartialMatch(str.c_str(), re);
+  }
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+  static bool FullMatch(const char* str, const RE& re);
+  static bool PartialMatch(const char* str, const RE& re);
+
+ private:
+  void Init(const char* regex);
+
+  // We use a const char* instead of an std::string, as Google Test used to be
+  // used where std::string is not available.  TODO(wan@google.com): change to
+  // std::string.
+  const char* pattern_;
+  bool is_valid_;
+
+#if GTEST_USES_POSIX_RE
+
+  regex_t full_regex_;     // For FullMatch().
+  regex_t partial_regex_;  // For PartialMatch().
+
+#else  // GTEST_USES_SIMPLE_RE
+
+  const char* full_pattern_;  // For FullMatch();
+
+#endif
+
+  GTEST_DISALLOW_ASSIGN_(RE);
+};
+
+// Formats a source file path and a line number as they would appear
+// in an error message from the compiler used to compile this code.
+GTEST_API_ ::std::string FormatFileLocation(const char* file, int line);
+
+// Formats a file location for compiler-independent XML output.
+// Although this function is not platform dependent, we put it next to
+// FormatFileLocation in order to contrast the two functions.
+GTEST_API_ ::std::string FormatCompilerIndependentFileLocation(const char* file,
+                                                               int line);
+
+// Defines logging utilities:
+//   GTEST_LOG_(severity) - logs messages at the specified severity level. The
+//                          message itself is streamed into the macro.
+//   LogToStderr()  - directs all log messages to stderr.
+//   FlushInfoLog() - flushes informational log messages.
+
+enum GTestLogSeverity {
+  GTEST_INFO,
+  GTEST_WARNING,
+  GTEST_ERROR,
+  GTEST_FATAL
+};
+
+// Formats log entry severity, provides a stream object for streaming the
+// log message, and terminates the message with a newline when going out of
+// scope.
+class GTEST_API_ GTestLog {
+ public:
+  GTestLog(GTestLogSeverity severity, const char* file, int line);
+
+  // Flushes the buffers and, if severity is GTEST_FATAL, aborts the program.
+  ~GTestLog();
+
+  ::std::ostream& GetStream() { return ::std::cerr; }
+
+ private:
+  const GTestLogSeverity severity_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(GTestLog);
+};
+
+#define GTEST_LOG_(severity) \
+    ::testing::internal::GTestLog(::testing::internal::GTEST_##severity, \
+                                  __FILE__, __LINE__).GetStream()
+
+inline void LogToStderr() {}
+inline void FlushInfoLog() { fflush(NULL); }
+
+// INTERNAL IMPLEMENTATION - DO NOT USE.
+//
+// GTEST_CHECK_ is an all-mode assert. It aborts the program if the condition
+// is not satisfied.
+//  Synopsys:
+//    GTEST_CHECK_(boolean_condition);
+//     or
+//    GTEST_CHECK_(boolean_condition) << "Additional message";
+//
+//    This checks the condition and if the condition is not satisfied
+//    it prints message about the condition violation, including the
+//    condition itself, plus additional message streamed into it, if any,
+//    and then it aborts the program. It aborts the program irrespective of
+//    whether it is built in the debug mode or not.
+#define GTEST_CHECK_(condition) \
+    GTEST_AMBIGUOUS_ELSE_BLOCKER_ \
+    if (::testing::internal::IsTrue(condition)) \
+      ; \
+    else \
+      GTEST_LOG_(FATAL) << "Condition " #condition " failed. "
+
+// An all-mode assert to verify that the given POSIX-style function
+// call returns 0 (indicating success).  Known limitation: this
+// doesn't expand to a balanced 'if' statement, so enclose the macro
+// in {} if you need to use it as the only statement in an 'if'
+// branch.
+#define GTEST_CHECK_POSIX_SUCCESS_(posix_call) \
+  if (const int gtest_error = (posix_call)) \
+    GTEST_LOG_(FATAL) << #posix_call << "failed with error " \
+                      << gtest_error
+
+// INTERNAL IMPLEMENTATION - DO NOT USE IN USER CODE.
+//
+// Use ImplicitCast_ as a safe version of static_cast for upcasting in
+// the type hierarchy (e.g. casting a Foo* to a SuperclassOfFoo* or a
+// const Foo*).  When you use ImplicitCast_, the compiler checks that
+// the cast is safe.  Such explicit ImplicitCast_s are necessary in
+// surprisingly many situations where C++ demands an exact type match
+// instead of an argument type convertable to a target type.
+//
+// The syntax for using ImplicitCast_ is the same as for static_cast:
+//
+//   ImplicitCast_<ToType>(expr)
+//
+// ImplicitCast_ would have been part of the C++ standard library,
+// but the proposal was submitted too late.  It will probably make
+// its way into the language in the future.
+//
+// This relatively ugly name is intentional. It prevents clashes with
+// similar functions users may have (e.g., implicit_cast). The internal
+// namespace alone is not enough because the function can be found by ADL.
+template<typename To>
+inline To ImplicitCast_(To x) { return x; }
+
+// When you upcast (that is, cast a pointer from type Foo to type
+// SuperclassOfFoo), it's fine to use ImplicitCast_<>, since upcasts
+// always succeed.  When you downcast (that is, cast a pointer from
+// type Foo to type SubclassOfFoo), static_cast<> isn't safe, because
+// how do you know the pointer is really of type SubclassOfFoo?  It
+// could be a bare Foo, or of type DifferentSubclassOfFoo.  Thus,
+// when you downcast, you should use this macro.  In debug mode, we
+// use dynamic_cast<> to double-check the downcast is legal (we die
+// if it's not).  In normal mode, we do the efficient static_cast<>
+// instead.  Thus, it's important to test in debug mode to make sure
+// the cast is legal!
+//    This is the only place in the code we should use dynamic_cast<>.
+// In particular, you SHOULDN'T be using dynamic_cast<> in order to
+// do RTTI (eg code like this:
+//    if (dynamic_cast<Subclass1>(foo)) HandleASubclass1Object(foo);
+//    if (dynamic_cast<Subclass2>(foo)) HandleASubclass2Object(foo);
+// You should design the code some other way not to need this.
+//
+// This relatively ugly name is intentional. It prevents clashes with
+// similar functions users may have (e.g., down_cast). The internal
+// namespace alone is not enough because the function can be found by ADL.
+template<typename To, typename From>  // use like this: DownCast_<T*>(foo);
+inline To DownCast_(From* f) {  // so we only accept pointers
+  // Ensures that To is a sub-type of From *.  This test is here only
+  // for compile-time type checking, and has no overhead in an
+  // optimized build at run-time, as it will be optimized away
+  // completely.
+  GTEST_INTENTIONAL_CONST_COND_PUSH_()
+  if (false) {
+  GTEST_INTENTIONAL_CONST_COND_POP_()
+    const To to = NULL;
+    ::testing::internal::ImplicitCast_<From*>(to);
+  }
+
+#if GTEST_HAS_RTTI
+  // RTTI: debug mode only!
+  GTEST_CHECK_(f == NULL || dynamic_cast<To>(f) != NULL);
+#endif
+  return static_cast<To>(f);
+}
+
+// Downcasts the pointer of type Base to Derived.
+// Derived must be a subclass of Base. The parameter MUST
+// point to a class of type Derived, not any subclass of it.
+// When RTTI is available, the function performs a runtime
+// check to enforce this.
+template <class Derived, class Base>
+Derived* CheckedDowncastToActualType(Base* base) {
+#if GTEST_HAS_RTTI
+  GTEST_CHECK_(typeid(*base) == typeid(Derived));
+  return dynamic_cast<Derived*>(base);  // NOLINT
+#else
+  return static_cast<Derived*>(base);  // Poor man's downcast.
+#endif
+}
+
+#if GTEST_HAS_STREAM_REDIRECTION
+
+// Defines the stderr capturer:
+//   CaptureStdout     - starts capturing stdout.
+//   GetCapturedStdout - stops capturing stdout and returns the captured string.
+//   CaptureStderr     - starts capturing stderr.
+//   GetCapturedStderr - stops capturing stderr and returns the captured string.
+//
+GTEST_API_ void CaptureStdout();
+GTEST_API_ std::string GetCapturedStdout();
+GTEST_API_ void CaptureStderr();
+GTEST_API_ std::string GetCapturedStderr();
+
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+
+#if GTEST_HAS_DEATH_TEST
+
+const ::std::vector<testing::internal::string>& GetInjectableArgvs();
+void SetInjectableArgvs(const ::std::vector<testing::internal::string>*
+                             new_argvs);
+
+// A copy of all command line arguments.  Set by InitGoogleTest().
+extern ::std::vector<testing::internal::string> g_argvs;
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Defines synchronization primitives.
+#if GTEST_IS_THREADSAFE
+# if GTEST_HAS_PTHREAD
+// Sleeps for (roughly) n milliseconds.  This function is only for testing
+// Google Test's own constructs.  Don't use it in user tests, either
+// directly or indirectly.
+inline void SleepMilliseconds(int n) {
+  const timespec time = {
+    0,                  // 0 seconds.
+    n * 1000L * 1000L,  // And n ms.
+  };
+  nanosleep(&time, NULL);
+}
+# endif  // GTEST_HAS_PTHREAD
+
+# if 0  // OS detection
+# elif GTEST_HAS_PTHREAD
+// Allows a controller thread to pause execution of newly created
+// threads until notified.  Instances of this class must be created
+// and destroyed in the controller thread.
+//
+// This class is only for testing Google Test's own constructs. Do not
+// use it in user tests, either directly or indirectly.
+class Notification {
+ public:
+  Notification() : notified_(false) {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_init(&mutex_, NULL));
+  }
+  ~Notification() {
+    pthread_mutex_destroy(&mutex_);
+  }
+
+  // Notifies all threads created with this notification to start. Must
+  // be called from the controller thread.
+  void Notify() {
+    pthread_mutex_lock(&mutex_);
+    notified_ = true;
+    pthread_mutex_unlock(&mutex_);
+  }
+
+  // Blocks until the controller thread notifies. Must be called from a test
+  // thread.
+  void WaitForNotification() {
+    for (;;) {
+      pthread_mutex_lock(&mutex_);
+      const bool notified = notified_;
+      pthread_mutex_unlock(&mutex_);
+      if (notified)
+        break;
+      SleepMilliseconds(10);
+    }
+  }
+
+ private:
+  pthread_mutex_t mutex_;
+  bool notified_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Notification);
+};
+
+# elif GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+
+GTEST_API_ void SleepMilliseconds(int n);
+
+// Provides leak-safe Windows kernel handle ownership.
+// Used in death tests and in threading support.
+class GTEST_API_ AutoHandle {
+ public:
+  // Assume that Win32 HANDLE type is equivalent to void*. Doing so allows us to
+  // avoid including <windows.h> in this header file. Including <windows.h> is
+  // undesirable because it defines a lot of symbols and macros that tend to
+  // conflict with client code. This assumption is verified by
+  // WindowsTypesTest.HANDLEIsVoidStar.
+  typedef void* Handle;
+  AutoHandle();
+  explicit AutoHandle(Handle handle);
+
+  ~AutoHandle();
+
+  Handle Get() const;
+  void Reset();
+  void Reset(Handle handle);
+
+ private:
+  // Returns true iff the handle is a valid handle object that can be closed.
+  bool IsCloseable() const;
+
+  Handle handle_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(AutoHandle);
+};
+
+// Allows a controller thread to pause execution of newly created
+// threads until notified.  Instances of this class must be created
+// and destroyed in the controller thread.
+//
+// This class is only for testing Google Test's own constructs. Do not
+// use it in user tests, either directly or indirectly.
+class GTEST_API_ Notification {
+ public:
+  Notification();
+  void Notify();
+  void WaitForNotification();
+
+ private:
+  AutoHandle event_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Notification);
+};
+# endif  // OS detection
+
+// On MinGW, we can have both GTEST_OS_WINDOWS and GTEST_HAS_PTHREAD
+// defined, but we don't want to use MinGW's pthreads implementation, which
+// has conformance problems with some versions of the POSIX standard.
+# if GTEST_HAS_PTHREAD && !GTEST_OS_WINDOWS_MINGW
+
+// As a C-function, ThreadFuncWithCLinkage cannot be templated itself.
+// Consequently, it cannot select a correct instantiation of ThreadWithParam
+// in order to call its Run(). Introducing ThreadWithParamBase as a
+// non-templated base class for ThreadWithParam allows us to bypass this
+// problem.
+class ThreadWithParamBase {
+ public:
+  virtual ~ThreadWithParamBase() {}
+  virtual void Run() = 0;
+};
+
+// pthread_create() accepts a pointer to a function type with the C linkage.
+// According to the Standard (7.5/1), function types with different linkages
+// are different even if they are otherwise identical.  Some compilers (for
+// example, SunStudio) treat them as different types.  Since class methods
+// cannot be defined with C-linkage we need to define a free C-function to
+// pass into pthread_create().
+extern "C" inline void* ThreadFuncWithCLinkage(void* thread) {
+  static_cast<ThreadWithParamBase*>(thread)->Run();
+  return NULL;
+}
+
+// Helper class for testing Google Test's multi-threading constructs.
+// To use it, write:
+//
+//   void ThreadFunc(int param) { /* Do things with param */ }
+//   Notification thread_can_start;
+//   ...
+//   // The thread_can_start parameter is optional; you can supply NULL.
+//   ThreadWithParam<int> thread(&ThreadFunc, 5, &thread_can_start);
+//   thread_can_start.Notify();
+//
+// These classes are only for testing Google Test's own constructs. Do
+// not use them in user tests, either directly or indirectly.
+template <typename T>
+class ThreadWithParam : public ThreadWithParamBase {
+ public:
+  typedef void UserThreadFunc(T);
+
+  ThreadWithParam(UserThreadFunc* func, T param, Notification* thread_can_start)
+      : func_(func),
+        param_(param),
+        thread_can_start_(thread_can_start),
+        finished_(false) {
+    ThreadWithParamBase* const base = this;
+    // The thread can be created only after all fields except thread_
+    // have been initialized.
+    GTEST_CHECK_POSIX_SUCCESS_(
+        pthread_create(&thread_, 0, &ThreadFuncWithCLinkage, base));
+  }
+  ~ThreadWithParam() { Join(); }
+
+  void Join() {
+    if (!finished_) {
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_join(thread_, 0));
+      finished_ = true;
+    }
+  }
+
+  virtual void Run() {
+    if (thread_can_start_ != NULL)
+      thread_can_start_->WaitForNotification();
+    func_(param_);
+  }
+
+ private:
+  UserThreadFunc* const func_;  // User-supplied thread function.
+  const T param_;  // User-supplied parameter to the thread function.
+  // When non-NULL, used to block execution until the controller thread
+  // notifies.
+  Notification* const thread_can_start_;
+  bool finished_;  // true iff we know that the thread function has finished.
+  pthread_t thread_;  // The native thread object.
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadWithParam);
+};
+# endif  // GTEST_HAS_PTHREAD && !GTEST_OS_WINDOWS_MINGW
+
+# if 0  // OS detection
+# elif GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+
+// Mutex implements mutex on Windows platforms.  It is used in conjunction
+// with class MutexLock:
+//
+//   Mutex mutex;
+//   ...
+//   MutexLock lock(&mutex);  // Acquires the mutex and releases it at the
+//                            // end of the current scope.
+//
+// A static Mutex *must* be defined or declared using one of the following
+// macros:
+//   GTEST_DEFINE_STATIC_MUTEX_(g_some_mutex);
+//   GTEST_DECLARE_STATIC_MUTEX_(g_some_mutex);
+//
+// (A non-static Mutex is defined/declared in the usual way).
+class GTEST_API_ Mutex {
+ public:
+  enum MutexType { kStatic = 0, kDynamic = 1 };
+  // We rely on kStaticMutex being 0 as it is to what the linker initializes
+  // type_ in static mutexes.  critical_section_ will be initialized lazily
+  // in ThreadSafeLazyInit().
+  enum StaticConstructorSelector { kStaticMutex = 0 };
+
+  // This constructor intentionally does nothing.  It relies on type_ being
+  // statically initialized to 0 (effectively setting it to kStatic) and on
+  // ThreadSafeLazyInit() to lazily initialize the rest of the members.
+  explicit Mutex(StaticConstructorSelector /*dummy*/) {}
+
+  Mutex();
+  ~Mutex();
+
+  void Lock();
+
+  void Unlock();
+
+  // Does nothing if the current thread holds the mutex. Otherwise, crashes
+  // with high probability.
+  void AssertHeld();
+
+ private:
+  // Initializes owner_thread_id_ and critical_section_ in static mutexes.
+  void ThreadSafeLazyInit();
+
+  // Per http://blogs.msdn.com/b/oldnewthing/archive/2004/02/23/78395.aspx,
+  // we assume that 0 is an invalid value for thread IDs.
+  unsigned int owner_thread_id_;
+
+  // For static mutexes, we rely on these members being initialized to zeros
+  // by the linker.
+  MutexType type_;
+  long critical_section_init_phase_;  // NOLINT
+  _RTL_CRITICAL_SECTION* critical_section_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Mutex);
+};
+
+# define GTEST_DECLARE_STATIC_MUTEX_(mutex) \
+    extern ::testing::internal::Mutex mutex
+
+# define GTEST_DEFINE_STATIC_MUTEX_(mutex) \
+    ::testing::internal::Mutex mutex(::testing::internal::Mutex::kStaticMutex)
+
+// We cannot name this class MutexLock because the ctor declaration would
+// conflict with a macro named MutexLock, which is defined on some
+// platforms. That macro is used as a defensive measure to prevent against
+// inadvertent misuses of MutexLock like "MutexLock(&mu)" rather than
+// "MutexLock l(&mu)".  Hence the typedef trick below.
+class GTestMutexLock {
+ public:
+  explicit GTestMutexLock(Mutex* mutex)
+      : mutex_(mutex) { mutex_->Lock(); }
+
+  ~GTestMutexLock() { mutex_->Unlock(); }
+
+ private:
+  Mutex* const mutex_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(GTestMutexLock);
+};
+
+typedef GTestMutexLock MutexLock;
+
+// Base class for ValueHolder<T>.  Allows a caller to hold and delete a value
+// without knowing its type.
+class ThreadLocalValueHolderBase {
+ public:
+  virtual ~ThreadLocalValueHolderBase() {}
+};
+
+// Provides a way for a thread to send notifications to a ThreadLocal
+// regardless of its parameter type.
+class ThreadLocalBase {
+ public:
+  // Creates a new ValueHolder<T> object holding a default value passed to
+  // this ThreadLocal<T>'s constructor and returns it.  It is the caller's
+  // responsibility not to call this when the ThreadLocal<T> instance already
+  // has a value on the current thread.
+  virtual ThreadLocalValueHolderBase* NewValueForCurrentThread() const = 0;
+
+ protected:
+  ThreadLocalBase() {}
+  virtual ~ThreadLocalBase() {}
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadLocalBase);
+};
+
+// Maps a thread to a set of ThreadLocals that have values instantiated on that
+// thread and notifies them when the thread exits.  A ThreadLocal instance is
+// expected to persist until all threads it has values on have terminated.
+class GTEST_API_ ThreadLocalRegistry {
+ public:
+  // Registers thread_local_instance as having value on the current thread.
+  // Returns a value that can be used to identify the thread from other threads.
+  static ThreadLocalValueHolderBase* GetValueOnCurrentThread(
+      const ThreadLocalBase* thread_local_instance);
+
+  // Invoked when a ThreadLocal instance is destroyed.
+  static void OnThreadLocalDestroyed(
+      const ThreadLocalBase* thread_local_instance);
+};
+
+class GTEST_API_ ThreadWithParamBase {
+ public:
+  void Join();
+
+ protected:
+  class Runnable {
+   public:
+    virtual ~Runnable() {}
+    virtual void Run() = 0;
+  };
+
+  ThreadWithParamBase(Runnable *runnable, Notification* thread_can_start);
+  virtual ~ThreadWithParamBase();
+
+ private:
+  AutoHandle thread_;
+};
+
+// Helper class for testing Google Test's multi-threading constructs.
+template <typename T>
+class ThreadWithParam : public ThreadWithParamBase {
+ public:
+  typedef void UserThreadFunc(T);
+
+  ThreadWithParam(UserThreadFunc* func, T param, Notification* thread_can_start)
+      : ThreadWithParamBase(new RunnableImpl(func, param), thread_can_start) {
+  }
+  virtual ~ThreadWithParam() {}
+
+ private:
+  class RunnableImpl : public Runnable {
+   public:
+    RunnableImpl(UserThreadFunc* func, T param)
+        : func_(func),
+          param_(param) {
+    }
+    virtual ~RunnableImpl() {}
+    virtual void Run() {
+      func_(param_);
+    }
+
+   private:
+    UserThreadFunc* const func_;
+    const T param_;
+
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(RunnableImpl);
+  };
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadWithParam);
+};
+
+// Implements thread-local storage on Windows systems.
+//
+//   // Thread 1
+//   ThreadLocal<int> tl(100);  // 100 is the default value for each thread.
+//
+//   // Thread 2
+//   tl.set(150);  // Changes the value for thread 2 only.
+//   EXPECT_EQ(150, tl.get());
+//
+//   // Thread 1
+//   EXPECT_EQ(100, tl.get());  // In thread 1, tl has the original value.
+//   tl.set(200);
+//   EXPECT_EQ(200, tl.get());
+//
+// The template type argument T must have a public copy constructor.
+// In addition, the default ThreadLocal constructor requires T to have
+// a public default constructor.
+//
+// The users of a TheadLocal instance have to make sure that all but one
+// threads (including the main one) using that instance have exited before
+// destroying it. Otherwise, the per-thread objects managed for them by the
+// ThreadLocal instance are not guaranteed to be destroyed on all platforms.
+//
+// Google Test only uses global ThreadLocal objects.  That means they
+// will die after main() has returned.  Therefore, no per-thread
+// object managed by Google Test will be leaked as long as all threads
+// using Google Test have exited when main() returns.
+template <typename T>
+class ThreadLocal : public ThreadLocalBase {
+ public:
+  ThreadLocal() : default_() {}
+  explicit ThreadLocal(const T& value) : default_(value) {}
+
+  ~ThreadLocal() { ThreadLocalRegistry::OnThreadLocalDestroyed(this); }
+
+  T* pointer() { return GetOrCreateValue(); }
+  const T* pointer() const { return GetOrCreateValue(); }
+  const T& get() const { return *pointer(); }
+  void set(const T& value) { *pointer() = value; }
+
+ private:
+  // Holds a value of T.  Can be deleted via its base class without the caller
+  // knowing the type of T.
+  class ValueHolder : public ThreadLocalValueHolderBase {
+   public:
+    explicit ValueHolder(const T& value) : value_(value) {}
+
+    T* pointer() { return &value_; }
+
+   private:
+    T value_;
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(ValueHolder);
+  };
+
+
+  T* GetOrCreateValue() const {
+    return static_cast<ValueHolder*>(
+        ThreadLocalRegistry::GetValueOnCurrentThread(this))->pointer();
+  }
+
+  virtual ThreadLocalValueHolderBase* NewValueForCurrentThread() const {
+    return new ValueHolder(default_);
+  }
+
+  const T default_;  // The default value for each thread.
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadLocal);
+};
+
+# elif GTEST_HAS_PTHREAD
+
+// MutexBase and Mutex implement mutex on pthreads-based platforms.
+class MutexBase {
+ public:
+  // Acquires this mutex.
+  void Lock() {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_lock(&mutex_));
+    owner_ = pthread_self();
+    has_owner_ = true;
+  }
+
+  // Releases this mutex.
+  void Unlock() {
+    // Since the lock is being released the owner_ field should no longer be
+    // considered valid. We don't protect writing to has_owner_ here, as it's
+    // the caller's responsibility to ensure that the current thread holds the
+    // mutex when this is called.
+    has_owner_ = false;
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_unlock(&mutex_));
+  }
+
+  // Does nothing if the current thread holds the mutex. Otherwise, crashes
+  // with high probability.
+  void AssertHeld() const {
+    GTEST_CHECK_(has_owner_ && pthread_equal(owner_, pthread_self()))
+        << "The current thread is not holding the mutex @" << this;
+  }
+
+  // A static mutex may be used before main() is entered.  It may even
+  // be used before the dynamic initialization stage.  Therefore we
+  // must be able to initialize a static mutex object at link time.
+  // This means MutexBase has to be a POD and its member variables
+  // have to be public.
+ public:
+  pthread_mutex_t mutex_;  // The underlying pthread mutex.
+  // has_owner_ indicates whether the owner_ field below contains a valid thread
+  // ID and is therefore safe to inspect (e.g., to use in pthread_equal()). All
+  // accesses to the owner_ field should be protected by a check of this field.
+  // An alternative might be to memset() owner_ to all zeros, but there's no
+  // guarantee that a zero'd pthread_t is necessarily invalid or even different
+  // from pthread_self().
+  bool has_owner_;
+  pthread_t owner_;  // The thread holding the mutex.
+};
+
+// Forward-declares a static mutex.
+#  define GTEST_DECLARE_STATIC_MUTEX_(mutex) \
+     extern ::testing::internal::MutexBase mutex
+
+// Defines and statically (i.e. at link time) initializes a static mutex.
+// The initialization list here does not explicitly initialize each field,
+// instead relying on default initialization for the unspecified fields. In
+// particular, the owner_ field (a pthread_t) is not explicitly initialized.
+// This allows initialization to work whether pthread_t is a scalar or struct.
+// The flag -Wmissing-field-initializers must not be specified for this to work.
+#  define GTEST_DEFINE_STATIC_MUTEX_(mutex) \
+     ::testing::internal::MutexBase mutex = { PTHREAD_MUTEX_INITIALIZER, false }
+
+// The Mutex class can only be used for mutexes created at runtime. It
+// shares its API with MutexBase otherwise.
+class Mutex : public MutexBase {
+ public:
+  Mutex() {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_init(&mutex_, NULL));
+    has_owner_ = false;
+  }
+  ~Mutex() {
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_destroy(&mutex_));
+  }
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(Mutex);
+};
+
+// We cannot name this class MutexLock because the ctor declaration would
+// conflict with a macro named MutexLock, which is defined on some
+// platforms. That macro is used as a defensive measure to prevent against
+// inadvertent misuses of MutexLock like "MutexLock(&mu)" rather than
+// "MutexLock l(&mu)".  Hence the typedef trick below.
+class GTestMutexLock {
+ public:
+  explicit GTestMutexLock(MutexBase* mutex)
+      : mutex_(mutex) { mutex_->Lock(); }
+
+  ~GTestMutexLock() { mutex_->Unlock(); }
+
+ private:
+  MutexBase* const mutex_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(GTestMutexLock);
+};
+
+typedef GTestMutexLock MutexLock;
+
+// Helpers for ThreadLocal.
+
+// pthread_key_create() requires DeleteThreadLocalValue() to have
+// C-linkage.  Therefore it cannot be templatized to access
+// ThreadLocal<T>.  Hence the need for class
+// ThreadLocalValueHolderBase.
+class ThreadLocalValueHolderBase {
+ public:
+  virtual ~ThreadLocalValueHolderBase() {}
+};
+
+// Called by pthread to delete thread-local data stored by
+// pthread_setspecific().
+extern "C" inline void DeleteThreadLocalValue(void* value_holder) {
+  delete static_cast<ThreadLocalValueHolderBase*>(value_holder);
+}
+
+// Implements thread-local storage on pthreads-based systems.
+template <typename T>
+class ThreadLocal {
+ public:
+  ThreadLocal() : key_(CreateKey()),
+                  default_() {}
+  explicit ThreadLocal(const T& value) : key_(CreateKey()),
+                                         default_(value) {}
+
+  ~ThreadLocal() {
+    // Destroys the managed object for the current thread, if any.
+    DeleteThreadLocalValue(pthread_getspecific(key_));
+
+    // Releases resources associated with the key.  This will *not*
+    // delete managed objects for other threads.
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_key_delete(key_));
+  }
+
+  T* pointer() { return GetOrCreateValue(); }
+  const T* pointer() const { return GetOrCreateValue(); }
+  const T& get() const { return *pointer(); }
+  void set(const T& value) { *pointer() = value; }
+
+ private:
+  // Holds a value of type T.
+  class ValueHolder : public ThreadLocalValueHolderBase {
+   public:
+    explicit ValueHolder(const T& value) : value_(value) {}
+
+    T* pointer() { return &value_; }
+
+   private:
+    T value_;
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(ValueHolder);
+  };
+
+  static pthread_key_t CreateKey() {
+    pthread_key_t key;
+    // When a thread exits, DeleteThreadLocalValue() will be called on
+    // the object managed for that thread.
+    GTEST_CHECK_POSIX_SUCCESS_(
+        pthread_key_create(&key, &DeleteThreadLocalValue));
+    return key;
+  }
+
+  T* GetOrCreateValue() const {
+    ThreadLocalValueHolderBase* const holder =
+        static_cast<ThreadLocalValueHolderBase*>(pthread_getspecific(key_));
+    if (holder != NULL) {
+      return CheckedDowncastToActualType<ValueHolder>(holder)->pointer();
+    }
+
+    ValueHolder* const new_holder = new ValueHolder(default_);
+    ThreadLocalValueHolderBase* const holder_base = new_holder;
+    GTEST_CHECK_POSIX_SUCCESS_(pthread_setspecific(key_, holder_base));
+    return new_holder->pointer();
+  }
+
+  // A key pthreads uses for looking up per-thread values.
+  const pthread_key_t key_;
+  const T default_;  // The default value for each thread.
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadLocal);
+};
+
+# endif  // OS detection
+
+#else  // GTEST_IS_THREADSAFE
+
+// A dummy implementation of synchronization primitives (mutex, lock,
+// and thread-local variable).  Necessary for compiling Google Test where
+// mutex is not supported - using Google Test in multiple threads is not
+// supported on such platforms.
+
+class Mutex {
+ public:
+  Mutex() {}
+  void Lock() {}
+  void Unlock() {}
+  void AssertHeld() const {}
+};
+
+# define GTEST_DECLARE_STATIC_MUTEX_(mutex) \
+  extern ::testing::internal::Mutex mutex
+
+# define GTEST_DEFINE_STATIC_MUTEX_(mutex) ::testing::internal::Mutex mutex
+
+// We cannot name this class MutexLock because the ctor declaration would
+// conflict with a macro named MutexLock, which is defined on some
+// platforms. That macro is used as a defensive measure to prevent against
+// inadvertent misuses of MutexLock like "MutexLock(&mu)" rather than
+// "MutexLock l(&mu)".  Hence the typedef trick below.
+class GTestMutexLock {
+ public:
+  explicit GTestMutexLock(Mutex*) {}  // NOLINT
+};
+
+typedef GTestMutexLock MutexLock;
+
+template <typename T>
+class ThreadLocal {
+ public:
+  ThreadLocal() : value_() {}
+  explicit ThreadLocal(const T& value) : value_(value) {}
+  T* pointer() { return &value_; }
+  const T* pointer() const { return &value_; }
+  const T& get() const { return value_; }
+  void set(const T& value) { value_ = value; }
+ private:
+  T value_;
+};
+
+#endif  // GTEST_IS_THREADSAFE
+
+// Returns the number of threads running in the process, or 0 to indicate that
+// we cannot detect it.
+GTEST_API_ size_t GetThreadCount();
+
+// Passing non-POD classes through ellipsis (...) crashes the ARM
+// compiler and generates a warning in Sun Studio.  The Nokia Symbian
+// and the IBM XL C/C++ compiler try to instantiate a copy constructor
+// for objects passed through ellipsis (...), failing for uncopyable
+// objects.  We define this to ensure that only POD is passed through
+// ellipsis on these systems.
+#if defined(__SYMBIAN32__) || defined(__IBMCPP__) || defined(__SUNPRO_CC)
+// We lose support for NULL detection where the compiler doesn't like
+// passing non-POD classes through ellipsis (...).
+# define GTEST_ELLIPSIS_NEEDS_POD_ 1
+#else
+# define GTEST_CAN_COMPARE_NULL 1
+#endif
+
+// The Nokia Symbian and IBM XL C/C++ compilers cannot decide between
+// const T& and const T* in a function template.  These compilers
+// _can_ decide between class template specializations for T and T*,
+// so a tr1::type_traits-like is_pointer works.
+#if defined(__SYMBIAN32__) || defined(__IBMCPP__)
+# define GTEST_NEEDS_IS_POINTER_ 1
+#endif
+
+template <bool bool_value>
+struct bool_constant {
+  typedef bool_constant<bool_value> type;
+  static const bool value = bool_value;
+};
+template <bool bool_value> const bool bool_constant<bool_value>::value;
+
+typedef bool_constant<false> false_type;
+typedef bool_constant<true> true_type;
+
+template <typename T>
+struct is_pointer : public false_type {};
+
+template <typename T>
+struct is_pointer<T*> : public true_type {};
+
+template <typename Iterator>
+struct IteratorTraits {
+  typedef typename Iterator::value_type value_type;
+};
+
+template <typename T>
+struct IteratorTraits<T*> {
+  typedef T value_type;
+};
+
+template <typename T>
+struct IteratorTraits<const T*> {
+  typedef T value_type;
+};
+
+#if GTEST_OS_WINDOWS
+# define GTEST_PATH_SEP_ "\\"
+# define GTEST_HAS_ALT_PATH_SEP_ 1
+// The biggest signed integer type the compiler supports.
+typedef __int64 BiggestInt;
+#else
+# define GTEST_PATH_SEP_ "/"
+# define GTEST_HAS_ALT_PATH_SEP_ 0
+typedef long long BiggestInt;  // NOLINT
+#endif  // GTEST_OS_WINDOWS
+
+// Utilities for char.
+
+// isspace(int ch) and friends accept an unsigned char or EOF.  char
+// may be signed, depending on the compiler (or compiler flags).
+// Therefore we need to cast a char to unsigned char before calling
+// isspace(), etc.
+
+inline bool IsAlpha(char ch) {
+  return isalpha(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsAlNum(char ch) {
+  return isalnum(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsDigit(char ch) {
+  return isdigit(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsLower(char ch) {
+  return islower(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsSpace(char ch) {
+  return isspace(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsUpper(char ch) {
+  return isupper(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsXDigit(char ch) {
+  return isxdigit(static_cast<unsigned char>(ch)) != 0;
+}
+inline bool IsXDigit(wchar_t ch) {
+  const unsigned char low_byte = static_cast<unsigned char>(ch);
+  return ch == low_byte && isxdigit(low_byte) != 0;
+}
+
+inline char ToLower(char ch) {
+  return static_cast<char>(tolower(static_cast<unsigned char>(ch)));
+}
+inline char ToUpper(char ch) {
+  return static_cast<char>(toupper(static_cast<unsigned char>(ch)));
+}
+
+// The testing::internal::posix namespace holds wrappers for common
+// POSIX functions.  These wrappers hide the differences between
+// Windows/MSVC and POSIX systems.  Since some compilers define these
+// standard functions as macros, the wrapper cannot have the same name
+// as the wrapped function.
+
+namespace posix {
+
+// Functions with a different name on Windows.
+
+#if GTEST_OS_WINDOWS
+
+typedef struct _stat StatStruct;
+
+# ifdef __BORLANDC__
+inline int IsATTY(int fd) { return isatty(fd); }
+inline int StrCaseCmp(const char* s1, const char* s2) {
+  return stricmp(s1, s2);
+}
+inline char* StrDup(const char* src) { return strdup(src); }
+# else  // !__BORLANDC__
+#  if GTEST_OS_WINDOWS_MOBILE
+inline int IsATTY(int /* fd */) { return 0; }
+#  else
+inline int IsATTY(int fd) { return _isatty(fd); }
+#  endif  // GTEST_OS_WINDOWS_MOBILE
+inline int StrCaseCmp(const char* s1, const char* s2) {
+  return _stricmp(s1, s2);
+}
+inline char* StrDup(const char* src) { return _strdup(src); }
+# endif  // __BORLANDC__
+
+# if GTEST_OS_WINDOWS_MOBILE
+inline int FileNo(FILE* file) { return reinterpret_cast<int>(_fileno(file)); }
+// Stat(), RmDir(), and IsDir() are not needed on Windows CE at this
+// time and thus not defined there.
+# else
+inline int FileNo(FILE* file) { return _fileno(file); }
+inline int Stat(const char* path, StatStruct* buf) { return _stat(path, buf); }
+inline int RmDir(const char* dir) { return _rmdir(dir); }
+inline bool IsDir(const StatStruct& st) {
+  return (_S_IFDIR & st.st_mode) != 0;
+}
+# endif  // GTEST_OS_WINDOWS_MOBILE
+
+#else
+
+typedef struct stat StatStruct;
+
+inline int FileNo(FILE* file) { return fileno(file); }
+inline int IsATTY(int fd) { return isatty(fd); }
+inline int Stat(const char* path, StatStruct* buf) { return stat(path, buf); }
+inline int StrCaseCmp(const char* s1, const char* s2) {
+  return strcasecmp(s1, s2);
+}
+inline char* StrDup(const char* src) { return strdup(src); }
+inline int RmDir(const char* dir) { return rmdir(dir); }
+inline bool IsDir(const StatStruct& st) { return S_ISDIR(st.st_mode); }
+
+#endif  // GTEST_OS_WINDOWS
+
+// Functions deprecated by MSVC 8.0.
+
+GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* deprecated function */)
+
+inline const char* StrNCpy(char* dest, const char* src, size_t n) {
+  return strncpy(dest, src, n);
+}
+
+// ChDir(), FReopen(), FDOpen(), Read(), Write(), Close(), and
+// StrError() aren't needed on Windows CE at this time and thus not
+// defined there.
+
+#if !GTEST_OS_WINDOWS_MOBILE && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+inline int ChDir(const char* dir) { return chdir(dir); }
+#endif
+inline FILE* FOpen(const char* path, const char* mode) {
+  return fopen(path, mode);
+}
+#if !GTEST_OS_WINDOWS_MOBILE
+inline FILE *FReopen(const char* path, const char* mode, FILE* stream) {
+  return freopen(path, mode, stream);
+}
+inline FILE* FDOpen(int fd, const char* mode) { return fdopen(fd, mode); }
+#endif
+inline int FClose(FILE* fp) { return fclose(fp); }
+#if !GTEST_OS_WINDOWS_MOBILE
+inline int Read(int fd, void* buf, unsigned int count) {
+  return static_cast<int>(read(fd, buf, count));
+}
+inline int Write(int fd, const void* buf, unsigned int count) {
+  return static_cast<int>(write(fd, buf, count));
+}
+inline int Close(int fd) { return close(fd); }
+inline const char* StrError(int errnum) { return strerror(errnum); }
+#endif
+inline const char* GetEnv(const char* name) {
+#if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_WINDOWS_PHONE | GTEST_OS_WINDOWS_RT
+  // We are on Windows CE, which has no environment variables.
+  return NULL;
+#elif defined(__BORLANDC__) || defined(__SunOS_5_8) || defined(__SunOS_5_9)
+  // Environment variables which we programmatically clear will be set to the
+  // empty string rather than unset (NULL).  Handle that case.
+  const char* const env = getenv(name);
+  return (env != NULL && env[0] != '\0') ? env : NULL;
+#else
+  return getenv(name);
+#endif
+}
+
+GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+#if GTEST_OS_WINDOWS_MOBILE
+// Windows CE has no C library. The abort() function is used in
+// several places in Google Test. This implementation provides a reasonable
+// imitation of standard behaviour.
+void Abort();
+#else
+inline void Abort() { abort(); }
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+}  // namespace posix
+
+// MSVC "deprecates" snprintf and issues warnings wherever it is used.  In
+// order to avoid these warnings, we need to use _snprintf or _snprintf_s on
+// MSVC-based platforms.  We map the GTEST_SNPRINTF_ macro to the appropriate
+// function in order to achieve that.  We use macro definition here because
+// snprintf is a variadic function.
+#if _MSC_VER >= 1400 && !GTEST_OS_WINDOWS_MOBILE
+// MSVC 2005 and above support variadic macros.
+# define GTEST_SNPRINTF_(buffer, size, format, ...) \
+     _snprintf_s(buffer, size, size, format, __VA_ARGS__)
+#elif defined(_MSC_VER)
+// Windows CE does not define _snprintf_s and MSVC prior to 2005 doesn't
+// complain about _snprintf.
+# define GTEST_SNPRINTF_ _snprintf
+#else
+# define GTEST_SNPRINTF_ snprintf
+#endif
+
+// The maximum number a BiggestInt can represent.  This definition
+// works no matter BiggestInt is represented in one's complement or
+// two's complement.
+//
+// We cannot rely on numeric_limits in STL, as __int64 and long long
+// are not part of standard C++ and numeric_limits doesn't need to be
+// defined for them.
+const BiggestInt kMaxBiggestInt =
+    ~(static_cast<BiggestInt>(1) << (8*sizeof(BiggestInt) - 1));
+
+// This template class serves as a compile-time function from size to
+// type.  It maps a size in bytes to a primitive type with that
+// size. e.g.
+//
+//   TypeWithSize<4>::UInt
+//
+// is typedef-ed to be unsigned int (unsigned integer made up of 4
+// bytes).
+//
+// Such functionality should belong to STL, but I cannot find it
+// there.
+//
+// Google Test uses this class in the implementation of floating-point
+// comparison.
+//
+// For now it only handles UInt (unsigned int) as that's all Google Test
+// needs.  Other types can be easily added in the future if need
+// arises.
+template <size_t size>
+class TypeWithSize {
+ public:
+  // This prevents the user from using TypeWithSize<N> with incorrect
+  // values of N.
+  typedef void UInt;
+};
+
+// The specialization for size 4.
+template <>
+class TypeWithSize<4> {
+ public:
+  // unsigned int has size 4 in both gcc and MSVC.
+  //
+  // As base/basictypes.h doesn't compile on Windows, we cannot use
+  // uint32, uint64, and etc here.
+  typedef int Int;
+  typedef unsigned int UInt;
+};
+
+// The specialization for size 8.
+template <>
+class TypeWithSize<8> {
+ public:
+#if GTEST_OS_WINDOWS
+  typedef __int64 Int;
+  typedef unsigned __int64 UInt;
+#else
+  typedef long long Int;  // NOLINT
+  typedef unsigned long long UInt;  // NOLINT
+#endif  // GTEST_OS_WINDOWS
+};
+
+// Integer types of known sizes.
+typedef TypeWithSize<4>::Int Int32;
+typedef TypeWithSize<4>::UInt UInt32;
+typedef TypeWithSize<8>::Int Int64;
+typedef TypeWithSize<8>::UInt UInt64;
+typedef TypeWithSize<8>::Int TimeInMillis;  // Represents time in milliseconds.
+
+// Utilities for command line flags and environment variables.
+
+// Macro for referencing flags.
+#define GTEST_FLAG(name) FLAGS_gtest_##name
+
+// Macros for declaring flags.
+#define GTEST_DECLARE_bool_(name) GTEST_API_ extern bool GTEST_FLAG(name)
+#define GTEST_DECLARE_int32_(name) \
+    GTEST_API_ extern ::testing::internal::Int32 GTEST_FLAG(name)
+#define GTEST_DECLARE_string_(name) \
+    GTEST_API_ extern ::std::string GTEST_FLAG(name)
+
+// Macros for defining flags.
+#define GTEST_DEFINE_bool_(name, default_val, doc) \
+    GTEST_API_ bool GTEST_FLAG(name) = (default_val)
+#define GTEST_DEFINE_int32_(name, default_val, doc) \
+    GTEST_API_ ::testing::internal::Int32 GTEST_FLAG(name) = (default_val)
+#define GTEST_DEFINE_string_(name, default_val, doc) \
+    GTEST_API_ ::std::string GTEST_FLAG(name) = (default_val)
+
+// Thread annotations
+#define GTEST_EXCLUSIVE_LOCK_REQUIRED_(locks)
+#define GTEST_LOCK_EXCLUDED_(locks)
+
+// Parses 'str' for a 32-bit signed integer.  If successful, writes the result
+// to *value and returns true; otherwise leaves *value unchanged and returns
+// false.
+// TODO(chandlerc): Find a better way to refactor flag and environment parsing
+// out of both gtest-port.cc and gtest.cc to avoid exporting this utility
+// function.
+bool ParseInt32(const Message& src_text, const char* str, Int32* value);
+
+// Parses a bool/Int32/string from the environment variable
+// corresponding to the given Google Test flag.
+bool BoolFromGTestEnv(const char* flag, bool default_val);
+GTEST_API_ Int32 Int32FromGTestEnv(const char* flag, Int32 default_val);
+const char* StringFromGTestEnv(const char* flag, const char* default_val);
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_PORT_H_
+
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-string.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-string.h
new file mode 100644
index 0000000..97f1a7f
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-string.h
@@ -0,0 +1,167 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: wan@google.com (Zhanyong Wan), eefacm@gmail.com (Sean Mcafee)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file declares the String class and functions used internally by
+// Google Test.  They are subject to change without notice. They should not used
+// by code external to Google Test.
+//
+// This header file is #included by <gtest/internal/gtest-internal.h>.
+// It should not be #included by other files.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_STRING_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_STRING_H_
+
+#ifdef __BORLANDC__
+// string.h is not guaranteed to provide strcpy on C++ Builder.
+# include <mem.h>
+#endif
+
+#include <string.h>
+#include <string>
+
+#include "gtest/internal/gtest-port.h"
+
+namespace testing {
+namespace internal {
+
+// String - an abstract class holding static string utilities.
+class GTEST_API_ String {
+ public:
+  // Static utility methods
+
+  // Clones a 0-terminated C string, allocating memory using new.  The
+  // caller is responsible for deleting the return value using
+  // delete[].  Returns the cloned string, or NULL if the input is
+  // NULL.
+  //
+  // This is different from strdup() in string.h, which allocates
+  // memory using malloc().
+  static const char* CloneCString(const char* c_str);
+
+#if GTEST_OS_WINDOWS_MOBILE
+  // Windows CE does not have the 'ANSI' versions of Win32 APIs. To be
+  // able to pass strings to Win32 APIs on CE we need to convert them
+  // to 'Unicode', UTF-16.
+
+  // Creates a UTF-16 wide string from the given ANSI string, allocating
+  // memory using new. The caller is responsible for deleting the return
+  // value using delete[]. Returns the wide string, or NULL if the
+  // input is NULL.
+  //
+  // The wide string is created using the ANSI codepage (CP_ACP) to
+  // match the behaviour of the ANSI versions of Win32 calls and the
+  // C runtime.
+  static LPCWSTR AnsiToUtf16(const char* c_str);
+
+  // Creates an ANSI string from the given wide string, allocating
+  // memory using new. The caller is responsible for deleting the return
+  // value using delete[]. Returns the ANSI string, or NULL if the
+  // input is NULL.
+  //
+  // The returned string is created using the ANSI codepage (CP_ACP) to
+  // match the behaviour of the ANSI versions of Win32 calls and the
+  // C runtime.
+  static const char* Utf16ToAnsi(LPCWSTR utf16_str);
+#endif
+
+  // Compares two C strings.  Returns true iff they have the same content.
+  //
+  // Unlike strcmp(), this function can handle NULL argument(s).  A
+  // NULL C string is considered different to any non-NULL C string,
+  // including the empty string.
+  static bool CStringEquals(const char* lhs, const char* rhs);
+
+  // Converts a wide C string to a String using the UTF-8 encoding.
+  // NULL will be converted to "(null)".  If an error occurred during
+  // the conversion, "(failed to convert from wide string)" is
+  // returned.
+  static std::string ShowWideCString(const wchar_t* wide_c_str);
+
+  // Compares two wide C strings.  Returns true iff they have the same
+  // content.
+  //
+  // Unlike wcscmp(), this function can handle NULL argument(s).  A
+  // NULL C string is considered different to any non-NULL C string,
+  // including the empty string.
+  static bool WideCStringEquals(const wchar_t* lhs, const wchar_t* rhs);
+
+  // Compares two C strings, ignoring case.  Returns true iff they
+  // have the same content.
+  //
+  // Unlike strcasecmp(), this function can handle NULL argument(s).
+  // A NULL C string is considered different to any non-NULL C string,
+  // including the empty string.
+  static bool CaseInsensitiveCStringEquals(const char* lhs,
+                                           const char* rhs);
+
+  // Compares two wide C strings, ignoring case.  Returns true iff they
+  // have the same content.
+  //
+  // Unlike wcscasecmp(), this function can handle NULL argument(s).
+  // A NULL C string is considered different to any non-NULL wide C string,
+  // including the empty string.
+  // NB: The implementations on different platforms slightly differ.
+  // On windows, this method uses _wcsicmp which compares according to LC_CTYPE
+  // environment variable. On GNU platform this method uses wcscasecmp
+  // which compares according to LC_CTYPE category of the current locale.
+  // On MacOS X, it uses towlower, which also uses LC_CTYPE category of the
+  // current locale.
+  static bool CaseInsensitiveWideCStringEquals(const wchar_t* lhs,
+                                               const wchar_t* rhs);
+
+  // Returns true iff the given string ends with the given suffix, ignoring
+  // case. Any string is considered to end with an empty suffix.
+  static bool EndsWithCaseInsensitive(
+      const std::string& str, const std::string& suffix);
+
+  // Formats an int value as "%02d".
+  static std::string FormatIntWidth2(int value);  // "%02d" for width == 2
+
+  // Formats an int value as "%X".
+  static std::string FormatHexInt(int value);
+
+  // Formats a byte as "%02X".
+  static std::string FormatByte(unsigned char value);
+
+ private:
+  String();  // Not meant to be instantiated.
+};  // class String
+
+// Gets the content of the stringstream's buffer as an std::string.  Each '\0'
+// character in the buffer is replaced with "\\0".
+GTEST_API_ std::string StringStreamToString(::std::stringstream* stream);
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_STRING_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h
new file mode 100644
index 0000000..e9b4053
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h
@@ -0,0 +1,1020 @@
+// This file was GENERATED by command:
+//     pump.py gtest-tuple.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2009 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Implements a subset of TR1 tuple needed by Google Test and Google Mock.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+
+#include <utility>  // For ::std::pair.
+
+// The compiler used in Symbian has a bug that prevents us from declaring the
+// tuple template as a friend (it complains that tuple is redefined).  This
+// hack bypasses the bug by declaring the members that should otherwise be
+// private as public.
+// Sun Studio versions < 12 also have the above bug.
+#if defined(__SYMBIAN32__) || (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590)
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ public:
+#else
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ \
+    template <GTEST_10_TYPENAMES_(U)> friend class tuple; \
+   private:
+#endif
+
+// Visual Studio 2010, 2012, and 2013 define symbols in std::tr1 that conflict
+// with our own definitions. Therefore using our own tuple does not work on
+// those compilers.
+#if defined(_MSC_VER) && _MSC_VER >= 1600  /* 1600 is Visual Studio 2010 */
+# error "gtest's tuple doesn't compile on Visual Studio 2010 or later. \
+GTEST_USE_OWN_TR1_TUPLE must be set to 0 on those compilers."
+#endif
+
+// GTEST_n_TUPLE_(T) is the type of an n-tuple.
+#define GTEST_0_TUPLE_(T) tuple<>
+#define GTEST_1_TUPLE_(T) tuple<T##0, void, void, void, void, void, void, \
+    void, void, void>
+#define GTEST_2_TUPLE_(T) tuple<T##0, T##1, void, void, void, void, void, \
+    void, void, void>
+#define GTEST_3_TUPLE_(T) tuple<T##0, T##1, T##2, void, void, void, void, \
+    void, void, void>
+#define GTEST_4_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, void, void, void, \
+    void, void, void>
+#define GTEST_5_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, void, void, \
+    void, void, void>
+#define GTEST_6_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, void, \
+    void, void, void>
+#define GTEST_7_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    void, void, void>
+#define GTEST_8_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    T##7, void, void>
+#define GTEST_9_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    T##7, T##8, void>
+#define GTEST_10_TUPLE_(T) tuple<T##0, T##1, T##2, T##3, T##4, T##5, T##6, \
+    T##7, T##8, T##9>
+
+// GTEST_n_TYPENAMES_(T) declares a list of n typenames.
+#define GTEST_0_TYPENAMES_(T)
+#define GTEST_1_TYPENAMES_(T) typename T##0
+#define GTEST_2_TYPENAMES_(T) typename T##0, typename T##1
+#define GTEST_3_TYPENAMES_(T) typename T##0, typename T##1, typename T##2
+#define GTEST_4_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3
+#define GTEST_5_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4
+#define GTEST_6_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5
+#define GTEST_7_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6
+#define GTEST_8_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6, typename T##7
+#define GTEST_9_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6, \
+    typename T##7, typename T##8
+#define GTEST_10_TYPENAMES_(T) typename T##0, typename T##1, typename T##2, \
+    typename T##3, typename T##4, typename T##5, typename T##6, \
+    typename T##7, typename T##8, typename T##9
+
+// In theory, defining stuff in the ::std namespace is undefined
+// behavior.  We can do this as we are playing the role of a standard
+// library vendor.
+namespace std {
+namespace tr1 {
+
+template <typename T0 = void, typename T1 = void, typename T2 = void,
+    typename T3 = void, typename T4 = void, typename T5 = void,
+    typename T6 = void, typename T7 = void, typename T8 = void,
+    typename T9 = void>
+class tuple;
+
+// Anything in namespace gtest_internal is Google Test's INTERNAL
+// IMPLEMENTATION DETAIL and MUST NOT BE USED DIRECTLY in user code.
+namespace gtest_internal {
+
+// ByRef<T>::type is T if T is a reference; otherwise it's const T&.
+template <typename T>
+struct ByRef { typedef const T& type; };  // NOLINT
+template <typename T>
+struct ByRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for ByRef.
+#define GTEST_BY_REF_(T) typename ::std::tr1::gtest_internal::ByRef<T>::type
+
+// AddRef<T>::type is T if T is a reference; otherwise it's T&.  This
+// is the same as tr1::add_reference<T>::type.
+template <typename T>
+struct AddRef { typedef T& type; };  // NOLINT
+template <typename T>
+struct AddRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for AddRef.
+#define GTEST_ADD_REF_(T) typename ::std::tr1::gtest_internal::AddRef<T>::type
+
+// A helper for implementing get<k>().
+template <int k> class Get;
+
+// A helper for implementing tuple_element<k, T>.  kIndexValid is true
+// iff k < the number of fields in tuple type T.
+template <bool kIndexValid, int kIndex, class Tuple>
+struct TupleElement;
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 0, GTEST_10_TUPLE_(T) > {
+  typedef T0 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 1, GTEST_10_TUPLE_(T) > {
+  typedef T1 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 2, GTEST_10_TUPLE_(T) > {
+  typedef T2 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 3, GTEST_10_TUPLE_(T) > {
+  typedef T3 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 4, GTEST_10_TUPLE_(T) > {
+  typedef T4 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 5, GTEST_10_TUPLE_(T) > {
+  typedef T5 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 6, GTEST_10_TUPLE_(T) > {
+  typedef T6 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 7, GTEST_10_TUPLE_(T) > {
+  typedef T7 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 8, GTEST_10_TUPLE_(T) > {
+  typedef T8 type;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct TupleElement<true, 9, GTEST_10_TUPLE_(T) > {
+  typedef T9 type;
+};
+
+}  // namespace gtest_internal
+
+template <>
+class tuple<> {
+ public:
+  tuple() {}
+  tuple(const tuple& /* t */)  {}
+  tuple& operator=(const tuple& /* t */) { return *this; }
+};
+
+template <GTEST_1_TYPENAMES_(T)>
+class GTEST_1_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0) : f0_(f0) {}
+
+  tuple(const tuple& t) : f0_(t.f0_) {}
+
+  template <GTEST_1_TYPENAMES_(U)>
+  tuple(const GTEST_1_TUPLE_(U)& t) : f0_(t.f0_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_1_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_1_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_1_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_1_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    return *this;
+  }
+
+  T0 f0_;
+};
+
+template <GTEST_2_TYPENAMES_(T)>
+class GTEST_2_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1) : f0_(f0),
+      f1_(f1) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_) {}
+
+  template <GTEST_2_TYPENAMES_(U)>
+  tuple(const GTEST_2_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_) {}
+  template <typename U0, typename U1>
+  tuple(const ::std::pair<U0, U1>& p) : f0_(p.first), f1_(p.second) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_2_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_2_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+  template <typename U0, typename U1>
+  tuple& operator=(const ::std::pair<U0, U1>& p) {
+    f0_ = p.first;
+    f1_ = p.second;
+    return *this;
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_2_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_2_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+};
+
+template <GTEST_3_TYPENAMES_(T)>
+class GTEST_3_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2) : f0_(f0), f1_(f1), f2_(f2) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_) {}
+
+  template <GTEST_3_TYPENAMES_(U)>
+  tuple(const GTEST_3_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_3_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_3_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_3_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_3_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+};
+
+template <GTEST_4_TYPENAMES_(T)>
+class GTEST_4_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3) : f0_(f0), f1_(f1), f2_(f2),
+      f3_(f3) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_) {}
+
+  template <GTEST_4_TYPENAMES_(U)>
+  tuple(const GTEST_4_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_4_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_4_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_4_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_4_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+};
+
+template <GTEST_5_TYPENAMES_(T)>
+class GTEST_5_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3,
+      GTEST_BY_REF_(T4) f4) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_) {}
+
+  template <GTEST_5_TYPENAMES_(U)>
+  tuple(const GTEST_5_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_5_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_5_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_5_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_5_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+};
+
+template <GTEST_6_TYPENAMES_(T)>
+class GTEST_6_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4),
+      f5_(f5) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_) {}
+
+  template <GTEST_6_TYPENAMES_(U)>
+  tuple(const GTEST_6_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_6_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_6_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_6_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_6_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+};
+
+template <GTEST_7_TYPENAMES_(T)>
+class GTEST_7_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6) : f0_(f0), f1_(f1), f2_(f2),
+      f3_(f3), f4_(f4), f5_(f5), f6_(f6) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_) {}
+
+  template <GTEST_7_TYPENAMES_(U)>
+  tuple(const GTEST_7_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_7_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_7_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_7_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_7_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+};
+
+template <GTEST_8_TYPENAMES_(T)>
+class GTEST_8_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_(), f7_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6,
+      GTEST_BY_REF_(T7) f7) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4),
+      f5_(f5), f6_(f6), f7_(f7) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_) {}
+
+  template <GTEST_8_TYPENAMES_(U)>
+  tuple(const GTEST_8_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_8_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_8_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_8_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_8_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    f7_ = t.f7_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+  T7 f7_;
+};
+
+template <GTEST_9_TYPENAMES_(T)>
+class GTEST_9_TUPLE_(T) {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_(), f7_(), f8_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6, GTEST_BY_REF_(T7) f7,
+      GTEST_BY_REF_(T8) f8) : f0_(f0), f1_(f1), f2_(f2), f3_(f3), f4_(f4),
+      f5_(f5), f6_(f6), f7_(f7), f8_(f8) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_) {}
+
+  template <GTEST_9_TYPENAMES_(U)>
+  tuple(const GTEST_9_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_9_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_9_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_9_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_9_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    f7_ = t.f7_;
+    f8_ = t.f8_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+  T7 f7_;
+  T8 f8_;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+class tuple {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : f0_(), f1_(), f2_(), f3_(), f4_(), f5_(), f6_(), f7_(), f8_(),
+      f9_() {}
+
+  explicit tuple(GTEST_BY_REF_(T0) f0, GTEST_BY_REF_(T1) f1,
+      GTEST_BY_REF_(T2) f2, GTEST_BY_REF_(T3) f3, GTEST_BY_REF_(T4) f4,
+      GTEST_BY_REF_(T5) f5, GTEST_BY_REF_(T6) f6, GTEST_BY_REF_(T7) f7,
+      GTEST_BY_REF_(T8) f8, GTEST_BY_REF_(T9) f9) : f0_(f0), f1_(f1), f2_(f2),
+      f3_(f3), f4_(f4), f5_(f5), f6_(f6), f7_(f7), f8_(f8), f9_(f9) {}
+
+  tuple(const tuple& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_), f3_(t.f3_),
+      f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_), f9_(t.f9_) {}
+
+  template <GTEST_10_TYPENAMES_(U)>
+  tuple(const GTEST_10_TUPLE_(U)& t) : f0_(t.f0_), f1_(t.f1_), f2_(t.f2_),
+      f3_(t.f3_), f4_(t.f4_), f5_(t.f5_), f6_(t.f6_), f7_(t.f7_), f8_(t.f8_),
+      f9_(t.f9_) {}
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_10_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_10_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_10_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_10_TUPLE_(U)& t) {
+    f0_ = t.f0_;
+    f1_ = t.f1_;
+    f2_ = t.f2_;
+    f3_ = t.f3_;
+    f4_ = t.f4_;
+    f5_ = t.f5_;
+    f6_ = t.f6_;
+    f7_ = t.f7_;
+    f8_ = t.f8_;
+    f9_ = t.f9_;
+    return *this;
+  }
+
+  T0 f0_;
+  T1 f1_;
+  T2 f2_;
+  T3 f3_;
+  T4 f4_;
+  T5 f5_;
+  T6 f6_;
+  T7 f7_;
+  T8 f8_;
+  T9 f9_;
+};
+
+// 6.1.3.2 Tuple creation functions.
+
+// Known limitations: we don't support passing an
+// std::tr1::reference_wrapper<T> to make_tuple().  And we don't
+// implement tie().
+
+inline tuple<> make_tuple() { return tuple<>(); }
+
+template <GTEST_1_TYPENAMES_(T)>
+inline GTEST_1_TUPLE_(T) make_tuple(const T0& f0) {
+  return GTEST_1_TUPLE_(T)(f0);
+}
+
+template <GTEST_2_TYPENAMES_(T)>
+inline GTEST_2_TUPLE_(T) make_tuple(const T0& f0, const T1& f1) {
+  return GTEST_2_TUPLE_(T)(f0, f1);
+}
+
+template <GTEST_3_TYPENAMES_(T)>
+inline GTEST_3_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2) {
+  return GTEST_3_TUPLE_(T)(f0, f1, f2);
+}
+
+template <GTEST_4_TYPENAMES_(T)>
+inline GTEST_4_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3) {
+  return GTEST_4_TUPLE_(T)(f0, f1, f2, f3);
+}
+
+template <GTEST_5_TYPENAMES_(T)>
+inline GTEST_5_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4) {
+  return GTEST_5_TUPLE_(T)(f0, f1, f2, f3, f4);
+}
+
+template <GTEST_6_TYPENAMES_(T)>
+inline GTEST_6_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5) {
+  return GTEST_6_TUPLE_(T)(f0, f1, f2, f3, f4, f5);
+}
+
+template <GTEST_7_TYPENAMES_(T)>
+inline GTEST_7_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6) {
+  return GTEST_7_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6);
+}
+
+template <GTEST_8_TYPENAMES_(T)>
+inline GTEST_8_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6, const T7& f7) {
+  return GTEST_8_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6, f7);
+}
+
+template <GTEST_9_TYPENAMES_(T)>
+inline GTEST_9_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6, const T7& f7,
+    const T8& f8) {
+  return GTEST_9_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6, f7, f8);
+}
+
+template <GTEST_10_TYPENAMES_(T)>
+inline GTEST_10_TUPLE_(T) make_tuple(const T0& f0, const T1& f1, const T2& f2,
+    const T3& f3, const T4& f4, const T5& f5, const T6& f6, const T7& f7,
+    const T8& f8, const T9& f9) {
+  return GTEST_10_TUPLE_(T)(f0, f1, f2, f3, f4, f5, f6, f7, f8, f9);
+}
+
+// 6.1.3.3 Tuple helper classes.
+
+template <typename Tuple> struct tuple_size;
+
+template <GTEST_0_TYPENAMES_(T)>
+struct tuple_size<GTEST_0_TUPLE_(T) > {
+  static const int value = 0;
+};
+
+template <GTEST_1_TYPENAMES_(T)>
+struct tuple_size<GTEST_1_TUPLE_(T) > {
+  static const int value = 1;
+};
+
+template <GTEST_2_TYPENAMES_(T)>
+struct tuple_size<GTEST_2_TUPLE_(T) > {
+  static const int value = 2;
+};
+
+template <GTEST_3_TYPENAMES_(T)>
+struct tuple_size<GTEST_3_TUPLE_(T) > {
+  static const int value = 3;
+};
+
+template <GTEST_4_TYPENAMES_(T)>
+struct tuple_size<GTEST_4_TUPLE_(T) > {
+  static const int value = 4;
+};
+
+template <GTEST_5_TYPENAMES_(T)>
+struct tuple_size<GTEST_5_TUPLE_(T) > {
+  static const int value = 5;
+};
+
+template <GTEST_6_TYPENAMES_(T)>
+struct tuple_size<GTEST_6_TUPLE_(T) > {
+  static const int value = 6;
+};
+
+template <GTEST_7_TYPENAMES_(T)>
+struct tuple_size<GTEST_7_TUPLE_(T) > {
+  static const int value = 7;
+};
+
+template <GTEST_8_TYPENAMES_(T)>
+struct tuple_size<GTEST_8_TUPLE_(T) > {
+  static const int value = 8;
+};
+
+template <GTEST_9_TYPENAMES_(T)>
+struct tuple_size<GTEST_9_TUPLE_(T) > {
+  static const int value = 9;
+};
+
+template <GTEST_10_TYPENAMES_(T)>
+struct tuple_size<GTEST_10_TUPLE_(T) > {
+  static const int value = 10;
+};
+
+template <int k, class Tuple>
+struct tuple_element {
+  typedef typename gtest_internal::TupleElement<
+      k < (tuple_size<Tuple>::value), k, Tuple>::type type;
+};
+
+#define GTEST_TUPLE_ELEMENT_(k, Tuple) typename tuple_element<k, Tuple >::type
+
+// 6.1.3.4 Element access.
+
+namespace gtest_internal {
+
+template <>
+class Get<0> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(0, Tuple))
+  Field(Tuple& t) { return t.f0_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(0, Tuple))
+  ConstField(const Tuple& t) { return t.f0_; }
+};
+
+template <>
+class Get<1> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(1, Tuple))
+  Field(Tuple& t) { return t.f1_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(1, Tuple))
+  ConstField(const Tuple& t) { return t.f1_; }
+};
+
+template <>
+class Get<2> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(2, Tuple))
+  Field(Tuple& t) { return t.f2_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(2, Tuple))
+  ConstField(const Tuple& t) { return t.f2_; }
+};
+
+template <>
+class Get<3> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(3, Tuple))
+  Field(Tuple& t) { return t.f3_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(3, Tuple))
+  ConstField(const Tuple& t) { return t.f3_; }
+};
+
+template <>
+class Get<4> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(4, Tuple))
+  Field(Tuple& t) { return t.f4_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(4, Tuple))
+  ConstField(const Tuple& t) { return t.f4_; }
+};
+
+template <>
+class Get<5> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(5, Tuple))
+  Field(Tuple& t) { return t.f5_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(5, Tuple))
+  ConstField(const Tuple& t) { return t.f5_; }
+};
+
+template <>
+class Get<6> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(6, Tuple))
+  Field(Tuple& t) { return t.f6_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(6, Tuple))
+  ConstField(const Tuple& t) { return t.f6_; }
+};
+
+template <>
+class Get<7> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(7, Tuple))
+  Field(Tuple& t) { return t.f7_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(7, Tuple))
+  ConstField(const Tuple& t) { return t.f7_; }
+};
+
+template <>
+class Get<8> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(8, Tuple))
+  Field(Tuple& t) { return t.f8_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(8, Tuple))
+  ConstField(const Tuple& t) { return t.f8_; }
+};
+
+template <>
+class Get<9> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(9, Tuple))
+  Field(Tuple& t) { return t.f9_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(9, Tuple))
+  ConstField(const Tuple& t) { return t.f9_; }
+};
+
+}  // namespace gtest_internal
+
+template <int k, GTEST_10_TYPENAMES_(T)>
+GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(k, GTEST_10_TUPLE_(T)))
+get(GTEST_10_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::Field(t);
+}
+
+template <int k, GTEST_10_TYPENAMES_(T)>
+GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(k,  GTEST_10_TUPLE_(T)))
+get(const GTEST_10_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::ConstField(t);
+}
+
+// 6.1.3.5 Relational operators
+
+// We only implement == and !=, as we don't have a need for the rest yet.
+
+namespace gtest_internal {
+
+// SameSizeTuplePrefixComparator<k, k>::Eq(t1, t2) returns true if the
+// first k fields of t1 equals the first k fields of t2.
+// SameSizeTuplePrefixComparator(k1, k2) would be a compiler error if
+// k1 != k2.
+template <int kSize1, int kSize2>
+struct SameSizeTuplePrefixComparator;
+
+template <>
+struct SameSizeTuplePrefixComparator<0, 0> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& /* t1 */, const Tuple2& /* t2 */) {
+    return true;
+  }
+};
+
+template <int k>
+struct SameSizeTuplePrefixComparator<k, k> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& t1, const Tuple2& t2) {
+    return SameSizeTuplePrefixComparator<k - 1, k - 1>::Eq(t1, t2) &&
+        ::std::tr1::get<k - 1>(t1) == ::std::tr1::get<k - 1>(t2);
+  }
+};
+
+}  // namespace gtest_internal
+
+template <GTEST_10_TYPENAMES_(T), GTEST_10_TYPENAMES_(U)>
+inline bool operator==(const GTEST_10_TUPLE_(T)& t,
+                       const GTEST_10_TUPLE_(U)& u) {
+  return gtest_internal::SameSizeTuplePrefixComparator<
+      tuple_size<GTEST_10_TUPLE_(T) >::value,
+      tuple_size<GTEST_10_TUPLE_(U) >::value>::Eq(t, u);
+}
+
+template <GTEST_10_TYPENAMES_(T), GTEST_10_TYPENAMES_(U)>
+inline bool operator!=(const GTEST_10_TUPLE_(T)& t,
+                       const GTEST_10_TUPLE_(U)& u) { return !(t == u); }
+
+// 6.1.4 Pairs.
+// Unimplemented.
+
+}  // namespace tr1
+}  // namespace std
+
+#undef GTEST_0_TUPLE_
+#undef GTEST_1_TUPLE_
+#undef GTEST_2_TUPLE_
+#undef GTEST_3_TUPLE_
+#undef GTEST_4_TUPLE_
+#undef GTEST_5_TUPLE_
+#undef GTEST_6_TUPLE_
+#undef GTEST_7_TUPLE_
+#undef GTEST_8_TUPLE_
+#undef GTEST_9_TUPLE_
+#undef GTEST_10_TUPLE_
+
+#undef GTEST_0_TYPENAMES_
+#undef GTEST_1_TYPENAMES_
+#undef GTEST_2_TYPENAMES_
+#undef GTEST_3_TYPENAMES_
+#undef GTEST_4_TYPENAMES_
+#undef GTEST_5_TYPENAMES_
+#undef GTEST_6_TYPENAMES_
+#undef GTEST_7_TYPENAMES_
+#undef GTEST_8_TYPENAMES_
+#undef GTEST_9_TYPENAMES_
+#undef GTEST_10_TYPENAMES_
+
+#undef GTEST_DECLARE_TUPLE_AS_FRIEND_
+#undef GTEST_BY_REF_
+#undef GTEST_ADD_REF_
+#undef GTEST_TUPLE_ELEMENT_
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
new file mode 100644
index 0000000..429ddfe
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-tuple.h.pump
@@ -0,0 +1,347 @@
+$$ -*- mode: c++; -*-
+$var n = 10  $$ Maximum number of tuple fields we want to support.
+$$ This meta comment fixes auto-indentation in Emacs. }}
+// Copyright 2009 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Implements a subset of TR1 tuple needed by Google Test and Google Mock.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
+
+#include <utility>  // For ::std::pair.
+
+// The compiler used in Symbian has a bug that prevents us from declaring the
+// tuple template as a friend (it complains that tuple is redefined).  This
+// hack bypasses the bug by declaring the members that should otherwise be
+// private as public.
+// Sun Studio versions < 12 also have the above bug.
+#if defined(__SYMBIAN32__) || (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590)
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ public:
+#else
+# define GTEST_DECLARE_TUPLE_AS_FRIEND_ \
+    template <GTEST_$(n)_TYPENAMES_(U)> friend class tuple; \
+   private:
+#endif
+
+// Visual Studio 2010, 2012, and 2013 define symbols in std::tr1 that conflict
+// with our own definitions. Therefore using our own tuple does not work on
+// those compilers.
+#if defined(_MSC_VER) && _MSC_VER >= 1600  /* 1600 is Visual Studio 2010 */
+# error "gtest's tuple doesn't compile on Visual Studio 2010 or later. \
+GTEST_USE_OWN_TR1_TUPLE must be set to 0 on those compilers."
+#endif
+
+
+$range i 0..n-1
+$range j 0..n
+$range k 1..n
+// GTEST_n_TUPLE_(T) is the type of an n-tuple.
+#define GTEST_0_TUPLE_(T) tuple<>
+
+$for k [[
+$range m 0..k-1
+$range m2 k..n-1
+#define GTEST_$(k)_TUPLE_(T) tuple<$for m, [[T##$m]]$for m2 [[, void]]>
+
+]]
+
+// GTEST_n_TYPENAMES_(T) declares a list of n typenames.
+
+$for j [[
+$range m 0..j-1
+#define GTEST_$(j)_TYPENAMES_(T) $for m, [[typename T##$m]]
+
+
+]]
+
+// In theory, defining stuff in the ::std namespace is undefined
+// behavior.  We can do this as we are playing the role of a standard
+// library vendor.
+namespace std {
+namespace tr1 {
+
+template <$for i, [[typename T$i = void]]>
+class tuple;
+
+// Anything in namespace gtest_internal is Google Test's INTERNAL
+// IMPLEMENTATION DETAIL and MUST NOT BE USED DIRECTLY in user code.
+namespace gtest_internal {
+
+// ByRef<T>::type is T if T is a reference; otherwise it's const T&.
+template <typename T>
+struct ByRef { typedef const T& type; };  // NOLINT
+template <typename T>
+struct ByRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for ByRef.
+#define GTEST_BY_REF_(T) typename ::std::tr1::gtest_internal::ByRef<T>::type
+
+// AddRef<T>::type is T if T is a reference; otherwise it's T&.  This
+// is the same as tr1::add_reference<T>::type.
+template <typename T>
+struct AddRef { typedef T& type; };  // NOLINT
+template <typename T>
+struct AddRef<T&> { typedef T& type; };  // NOLINT
+
+// A handy wrapper for AddRef.
+#define GTEST_ADD_REF_(T) typename ::std::tr1::gtest_internal::AddRef<T>::type
+
+// A helper for implementing get<k>().
+template <int k> class Get;
+
+// A helper for implementing tuple_element<k, T>.  kIndexValid is true
+// iff k < the number of fields in tuple type T.
+template <bool kIndexValid, int kIndex, class Tuple>
+struct TupleElement;
+
+
+$for i [[
+template <GTEST_$(n)_TYPENAMES_(T)>
+struct TupleElement<true, $i, GTEST_$(n)_TUPLE_(T) > {
+  typedef T$i type;
+};
+
+
+]]
+}  // namespace gtest_internal
+
+template <>
+class tuple<> {
+ public:
+  tuple() {}
+  tuple(const tuple& /* t */)  {}
+  tuple& operator=(const tuple& /* t */) { return *this; }
+};
+
+
+$for k [[
+$range m 0..k-1
+template <GTEST_$(k)_TYPENAMES_(T)>
+class $if k < n [[GTEST_$(k)_TUPLE_(T)]] $else [[tuple]] {
+ public:
+  template <int k> friend class gtest_internal::Get;
+
+  tuple() : $for m, [[f$(m)_()]] {}
+
+  explicit tuple($for m, [[GTEST_BY_REF_(T$m) f$m]]) : [[]]
+$for m, [[f$(m)_(f$m)]] {}
+
+  tuple(const tuple& t) : $for m, [[f$(m)_(t.f$(m)_)]] {}
+
+  template <GTEST_$(k)_TYPENAMES_(U)>
+  tuple(const GTEST_$(k)_TUPLE_(U)& t) : $for m, [[f$(m)_(t.f$(m)_)]] {}
+
+$if k == 2 [[
+  template <typename U0, typename U1>
+  tuple(const ::std::pair<U0, U1>& p) : f0_(p.first), f1_(p.second) {}
+
+]]
+
+  tuple& operator=(const tuple& t) { return CopyFrom(t); }
+
+  template <GTEST_$(k)_TYPENAMES_(U)>
+  tuple& operator=(const GTEST_$(k)_TUPLE_(U)& t) {
+    return CopyFrom(t);
+  }
+
+$if k == 2 [[
+  template <typename U0, typename U1>
+  tuple& operator=(const ::std::pair<U0, U1>& p) {
+    f0_ = p.first;
+    f1_ = p.second;
+    return *this;
+  }
+
+]]
+
+  GTEST_DECLARE_TUPLE_AS_FRIEND_
+
+  template <GTEST_$(k)_TYPENAMES_(U)>
+  tuple& CopyFrom(const GTEST_$(k)_TUPLE_(U)& t) {
+
+$for m [[
+    f$(m)_ = t.f$(m)_;
+
+]]
+    return *this;
+  }
+
+
+$for m [[
+  T$m f$(m)_;
+
+]]
+};
+
+
+]]
+// 6.1.3.2 Tuple creation functions.
+
+// Known limitations: we don't support passing an
+// std::tr1::reference_wrapper<T> to make_tuple().  And we don't
+// implement tie().
+
+inline tuple<> make_tuple() { return tuple<>(); }
+
+$for k [[
+$range m 0..k-1
+
+template <GTEST_$(k)_TYPENAMES_(T)>
+inline GTEST_$(k)_TUPLE_(T) make_tuple($for m, [[const T$m& f$m]]) {
+  return GTEST_$(k)_TUPLE_(T)($for m, [[f$m]]);
+}
+
+]]
+
+// 6.1.3.3 Tuple helper classes.
+
+template <typename Tuple> struct tuple_size;
+
+
+$for j [[
+template <GTEST_$(j)_TYPENAMES_(T)>
+struct tuple_size<GTEST_$(j)_TUPLE_(T) > {
+  static const int value = $j;
+};
+
+
+]]
+template <int k, class Tuple>
+struct tuple_element {
+  typedef typename gtest_internal::TupleElement<
+      k < (tuple_size<Tuple>::value), k, Tuple>::type type;
+};
+
+#define GTEST_TUPLE_ELEMENT_(k, Tuple) typename tuple_element<k, Tuple >::type
+
+// 6.1.3.4 Element access.
+
+namespace gtest_internal {
+
+
+$for i [[
+template <>
+class Get<$i> {
+ public:
+  template <class Tuple>
+  static GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_($i, Tuple))
+  Field(Tuple& t) { return t.f$(i)_; }  // NOLINT
+
+  template <class Tuple>
+  static GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_($i, Tuple))
+  ConstField(const Tuple& t) { return t.f$(i)_; }
+};
+
+
+]]
+}  // namespace gtest_internal
+
+template <int k, GTEST_$(n)_TYPENAMES_(T)>
+GTEST_ADD_REF_(GTEST_TUPLE_ELEMENT_(k, GTEST_$(n)_TUPLE_(T)))
+get(GTEST_$(n)_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::Field(t);
+}
+
+template <int k, GTEST_$(n)_TYPENAMES_(T)>
+GTEST_BY_REF_(GTEST_TUPLE_ELEMENT_(k,  GTEST_$(n)_TUPLE_(T)))
+get(const GTEST_$(n)_TUPLE_(T)& t) {
+  return gtest_internal::Get<k>::ConstField(t);
+}
+
+// 6.1.3.5 Relational operators
+
+// We only implement == and !=, as we don't have a need for the rest yet.
+
+namespace gtest_internal {
+
+// SameSizeTuplePrefixComparator<k, k>::Eq(t1, t2) returns true if the
+// first k fields of t1 equals the first k fields of t2.
+// SameSizeTuplePrefixComparator(k1, k2) would be a compiler error if
+// k1 != k2.
+template <int kSize1, int kSize2>
+struct SameSizeTuplePrefixComparator;
+
+template <>
+struct SameSizeTuplePrefixComparator<0, 0> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& /* t1 */, const Tuple2& /* t2 */) {
+    return true;
+  }
+};
+
+template <int k>
+struct SameSizeTuplePrefixComparator<k, k> {
+  template <class Tuple1, class Tuple2>
+  static bool Eq(const Tuple1& t1, const Tuple2& t2) {
+    return SameSizeTuplePrefixComparator<k - 1, k - 1>::Eq(t1, t2) &&
+        ::std::tr1::get<k - 1>(t1) == ::std::tr1::get<k - 1>(t2);
+  }
+};
+
+}  // namespace gtest_internal
+
+template <GTEST_$(n)_TYPENAMES_(T), GTEST_$(n)_TYPENAMES_(U)>
+inline bool operator==(const GTEST_$(n)_TUPLE_(T)& t,
+                       const GTEST_$(n)_TUPLE_(U)& u) {
+  return gtest_internal::SameSizeTuplePrefixComparator<
+      tuple_size<GTEST_$(n)_TUPLE_(T) >::value,
+      tuple_size<GTEST_$(n)_TUPLE_(U) >::value>::Eq(t, u);
+}
+
+template <GTEST_$(n)_TYPENAMES_(T), GTEST_$(n)_TYPENAMES_(U)>
+inline bool operator!=(const GTEST_$(n)_TUPLE_(T)& t,
+                       const GTEST_$(n)_TUPLE_(U)& u) { return !(t == u); }
+
+// 6.1.4 Pairs.
+// Unimplemented.
+
+}  // namespace tr1
+}  // namespace std
+
+
+$for j [[
+#undef GTEST_$(j)_TUPLE_
+
+]]
+
+
+$for j [[
+#undef GTEST_$(j)_TYPENAMES_
+
+]]
+
+#undef GTEST_DECLARE_TUPLE_AS_FRIEND_
+#undef GTEST_BY_REF_
+#undef GTEST_ADD_REF_
+#undef GTEST_TUPLE_ELEMENT_
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TUPLE_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h
new file mode 100644
index 0000000..e46f7cf
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h
@@ -0,0 +1,3331 @@
+// This file was GENERATED by command:
+//     pump.py gtest-type-util.h.pump
+// DO NOT EDIT BY HAND!!!
+
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Type utilities needed for implementing typed and type-parameterized
+// tests.  This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently we support at most 50 types in a list, and at most 50
+// type-parameterized tests in one type-parameterized test case.
+// Please contact googletestframework@googlegroups.com if you need
+// more.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+
+#include "gtest/internal/gtest-port.h"
+
+// #ifdef __GNUC__ is too general here.  It is possible to use gcc without using
+// libstdc++ (which is where cxxabi.h comes from).
+# if GTEST_HAS_CXXABI_H_
+#  include <cxxabi.h>
+# elif defined(__HP_aCC)
+#  include <acxx_demangle.h>
+# endif  // GTEST_HASH_CXXABI_H_
+
+namespace testing {
+namespace internal {
+
+// GetTypeName<T>() returns a human-readable name of type T.
+// NB: This function is also used in Google Mock, so don't move it inside of
+// the typed-test-only section below.
+template <typename T>
+std::string GetTypeName() {
+# if GTEST_HAS_RTTI
+
+  const char* const name = typeid(T).name();
+#  if GTEST_HAS_CXXABI_H_ || defined(__HP_aCC)
+  int status = 0;
+  // gcc's implementation of typeid(T).name() mangles the type name,
+  // so we have to demangle it.
+#   if GTEST_HAS_CXXABI_H_
+  using abi::__cxa_demangle;
+#   endif  // GTEST_HAS_CXXABI_H_
+  char* const readable_name = __cxa_demangle(name, 0, 0, &status);
+  const std::string name_str(status == 0 ? readable_name : name);
+  free(readable_name);
+  return name_str;
+#  else
+  return name;
+#  endif  // GTEST_HAS_CXXABI_H_ || __HP_aCC
+
+# else
+
+  return "<type>";
+
+# endif  // GTEST_HAS_RTTI
+}
+
+#if GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// AssertyTypeEq<T1, T2>::type is defined iff T1 and T2 are the same
+// type.  This can be used as a compile-time assertion to ensure that
+// two types are equal.
+
+template <typename T1, typename T2>
+struct AssertTypeEq;
+
+template <typename T>
+struct AssertTypeEq<T, T> {
+  typedef bool type;
+};
+
+// A unique type used as the default value for the arguments of class
+// template Types.  This allows us to simulate variadic templates
+// (e.g. Types<int>, Type<int, double>, and etc), which C++ doesn't
+// support directly.
+struct None {};
+
+// The following family of struct and struct templates are used to
+// represent type lists.  In particular, TypesN<T1, T2, ..., TN>
+// represents a type list with N types (T1, T2, ..., and TN) in it.
+// Except for Types0, every struct in the family has two member types:
+// Head for the first type in the list, and Tail for the rest of the
+// list.
+
+// The empty type list.
+struct Types0 {};
+
+// Type lists of length 1, 2, 3, and so on.
+
+template <typename T1>
+struct Types1 {
+  typedef T1 Head;
+  typedef Types0 Tail;
+};
+template <typename T1, typename T2>
+struct Types2 {
+  typedef T1 Head;
+  typedef Types1<T2> Tail;
+};
+
+template <typename T1, typename T2, typename T3>
+struct Types3 {
+  typedef T1 Head;
+  typedef Types2<T2, T3> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4>
+struct Types4 {
+  typedef T1 Head;
+  typedef Types3<T2, T3, T4> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+struct Types5 {
+  typedef T1 Head;
+  typedef Types4<T2, T3, T4, T5> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+struct Types6 {
+  typedef T1 Head;
+  typedef Types5<T2, T3, T4, T5, T6> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+struct Types7 {
+  typedef T1 Head;
+  typedef Types6<T2, T3, T4, T5, T6, T7> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+struct Types8 {
+  typedef T1 Head;
+  typedef Types7<T2, T3, T4, T5, T6, T7, T8> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+struct Types9 {
+  typedef T1 Head;
+  typedef Types8<T2, T3, T4, T5, T6, T7, T8, T9> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+struct Types10 {
+  typedef T1 Head;
+  typedef Types9<T2, T3, T4, T5, T6, T7, T8, T9, T10> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+struct Types11 {
+  typedef T1 Head;
+  typedef Types10<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+struct Types12 {
+  typedef T1 Head;
+  typedef Types11<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+struct Types13 {
+  typedef T1 Head;
+  typedef Types12<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+struct Types14 {
+  typedef T1 Head;
+  typedef Types13<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+struct Types15 {
+  typedef T1 Head;
+  typedef Types14<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+struct Types16 {
+  typedef T1 Head;
+  typedef Types15<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+struct Types17 {
+  typedef T1 Head;
+  typedef Types16<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+struct Types18 {
+  typedef T1 Head;
+  typedef Types17<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+struct Types19 {
+  typedef T1 Head;
+  typedef Types18<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+struct Types20 {
+  typedef T1 Head;
+  typedef Types19<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+struct Types21 {
+  typedef T1 Head;
+  typedef Types20<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+struct Types22 {
+  typedef T1 Head;
+  typedef Types21<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+struct Types23 {
+  typedef T1 Head;
+  typedef Types22<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+struct Types24 {
+  typedef T1 Head;
+  typedef Types23<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+struct Types25 {
+  typedef T1 Head;
+  typedef Types24<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+struct Types26 {
+  typedef T1 Head;
+  typedef Types25<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+struct Types27 {
+  typedef T1 Head;
+  typedef Types26<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+struct Types28 {
+  typedef T1 Head;
+  typedef Types27<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+struct Types29 {
+  typedef T1 Head;
+  typedef Types28<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+struct Types30 {
+  typedef T1 Head;
+  typedef Types29<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+struct Types31 {
+  typedef T1 Head;
+  typedef Types30<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+struct Types32 {
+  typedef T1 Head;
+  typedef Types31<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+struct Types33 {
+  typedef T1 Head;
+  typedef Types32<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+struct Types34 {
+  typedef T1 Head;
+  typedef Types33<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+struct Types35 {
+  typedef T1 Head;
+  typedef Types34<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+struct Types36 {
+  typedef T1 Head;
+  typedef Types35<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+struct Types37 {
+  typedef T1 Head;
+  typedef Types36<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+struct Types38 {
+  typedef T1 Head;
+  typedef Types37<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+struct Types39 {
+  typedef T1 Head;
+  typedef Types38<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+struct Types40 {
+  typedef T1 Head;
+  typedef Types39<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+struct Types41 {
+  typedef T1 Head;
+  typedef Types40<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+struct Types42 {
+  typedef T1 Head;
+  typedef Types41<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+struct Types43 {
+  typedef T1 Head;
+  typedef Types42<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+struct Types44 {
+  typedef T1 Head;
+  typedef Types43<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+struct Types45 {
+  typedef T1 Head;
+  typedef Types44<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+struct Types46 {
+  typedef T1 Head;
+  typedef Types45<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+struct Types47 {
+  typedef T1 Head;
+  typedef Types46<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+struct Types48 {
+  typedef T1 Head;
+  typedef Types47<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47, T48> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+struct Types49 {
+  typedef T1 Head;
+  typedef Types48<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47, T48, T49> Tail;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+struct Types50 {
+  typedef T1 Head;
+  typedef Types49<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+      T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+      T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+      T44, T45, T46, T47, T48, T49, T50> Tail;
+};
+
+
+}  // namespace internal
+
+// We don't want to require the users to write TypesN<...> directly,
+// as that would require them to count the length.  Types<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Types<int>
+// will appear as Types<int, None, None, ..., None> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Types<T1, ..., TN>, and Google Test will translate
+// that to TypesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Types template.
+template <typename T1 = internal::None, typename T2 = internal::None,
+    typename T3 = internal::None, typename T4 = internal::None,
+    typename T5 = internal::None, typename T6 = internal::None,
+    typename T7 = internal::None, typename T8 = internal::None,
+    typename T9 = internal::None, typename T10 = internal::None,
+    typename T11 = internal::None, typename T12 = internal::None,
+    typename T13 = internal::None, typename T14 = internal::None,
+    typename T15 = internal::None, typename T16 = internal::None,
+    typename T17 = internal::None, typename T18 = internal::None,
+    typename T19 = internal::None, typename T20 = internal::None,
+    typename T21 = internal::None, typename T22 = internal::None,
+    typename T23 = internal::None, typename T24 = internal::None,
+    typename T25 = internal::None, typename T26 = internal::None,
+    typename T27 = internal::None, typename T28 = internal::None,
+    typename T29 = internal::None, typename T30 = internal::None,
+    typename T31 = internal::None, typename T32 = internal::None,
+    typename T33 = internal::None, typename T34 = internal::None,
+    typename T35 = internal::None, typename T36 = internal::None,
+    typename T37 = internal::None, typename T38 = internal::None,
+    typename T39 = internal::None, typename T40 = internal::None,
+    typename T41 = internal::None, typename T42 = internal::None,
+    typename T43 = internal::None, typename T44 = internal::None,
+    typename T45 = internal::None, typename T46 = internal::None,
+    typename T47 = internal::None, typename T48 = internal::None,
+    typename T49 = internal::None, typename T50 = internal::None>
+struct Types {
+  typedef internal::Types50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48, T49, T50> type;
+};
+
+template <>
+struct Types<internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types0 type;
+};
+template <typename T1>
+struct Types<T1, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types1<T1> type;
+};
+template <typename T1, typename T2>
+struct Types<T1, T2, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types2<T1, T2> type;
+};
+template <typename T1, typename T2, typename T3>
+struct Types<T1, T2, T3, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types3<T1, T2, T3> type;
+};
+template <typename T1, typename T2, typename T3, typename T4>
+struct Types<T1, T2, T3, T4, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types4<T1, T2, T3, T4> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+struct Types<T1, T2, T3, T4, T5, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types5<T1, T2, T3, T4, T5> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6>
+struct Types<T1, T2, T3, T4, T5, T6, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types6<T1, T2, T3, T4, T5, T6> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7>
+struct Types<T1, T2, T3, T4, T5, T6, T7, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types7<T1, T2, T3, T4, T5, T6, T7> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types8<T1, T2, T3, T4, T5, T6, T7, T8> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types9<T1, T2, T3, T4, T5, T6, T7, T8, T9> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11,
+      T12> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25,
+      T26> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39,
+      T40> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, internal::None,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None, internal::None> {
+  typedef internal::Types43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None, internal::None> {
+  typedef internal::Types44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    internal::None, internal::None, internal::None, internal::None,
+    internal::None> {
+  typedef internal::Types45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, internal::None, internal::None, internal::None, internal::None> {
+  typedef internal::Types46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, T47, internal::None, internal::None, internal::None> {
+  typedef internal::Types47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, T47, T48, internal::None, internal::None> {
+  typedef internal::Types48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48> type;
+};
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49>
+struct Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14, T15,
+    T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29, T30,
+    T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44, T45,
+    T46, T47, T48, T49, internal::None> {
+  typedef internal::Types49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48, T49> type;
+};
+
+namespace internal {
+
+# define GTEST_TEMPLATE_ template <typename T> class
+
+// The template "selector" struct TemplateSel<Tmpl> is used to
+// represent Tmpl, which must be a class template with one type
+// parameter, as a type.  TemplateSel<Tmpl>::Bind<T>::type is defined
+// as the type Tmpl<T>.  This allows us to actually instantiate the
+// template "selected" by TemplateSel<Tmpl>.
+//
+// This trick is necessary for simulating typedef for class templates,
+// which C++ doesn't support directly.
+template <GTEST_TEMPLATE_ Tmpl>
+struct TemplateSel {
+  template <typename T>
+  struct Bind {
+    typedef Tmpl<T> type;
+  };
+};
+
+# define GTEST_BIND_(TmplSel, T) \
+  TmplSel::template Bind<T>::type
+
+// A unique struct template used as the default value for the
+// arguments of class template Templates.  This allows us to simulate
+// variadic templates (e.g. Templates<int>, Templates<int, double>,
+// and etc), which C++ doesn't support directly.
+template <typename T>
+struct NoneT {};
+
+// The following family of struct and struct templates are used to
+// represent template lists.  In particular, TemplatesN<T1, T2, ...,
+// TN> represents a list of N templates (T1, T2, ..., and TN).  Except
+// for Templates0, every struct in the family has two member types:
+// Head for the selector of the first template in the list, and Tail
+// for the rest of the list.
+
+// The empty template list.
+struct Templates0 {};
+
+// Template lists of length 1, 2, 3, and so on.
+
+template <GTEST_TEMPLATE_ T1>
+struct Templates1 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates0 Tail;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2>
+struct Templates2 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates1<T2> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3>
+struct Templates3 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates2<T2, T3> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4>
+struct Templates4 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates3<T2, T3, T4> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5>
+struct Templates5 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates4<T2, T3, T4, T5> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6>
+struct Templates6 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates5<T2, T3, T4, T5, T6> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7>
+struct Templates7 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates6<T2, T3, T4, T5, T6, T7> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8>
+struct Templates8 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates7<T2, T3, T4, T5, T6, T7, T8> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9>
+struct Templates9 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates8<T2, T3, T4, T5, T6, T7, T8, T9> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10>
+struct Templates10 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates9<T2, T3, T4, T5, T6, T7, T8, T9, T10> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11>
+struct Templates11 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates10<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12>
+struct Templates12 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates11<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13>
+struct Templates13 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates12<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14>
+struct Templates14 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates13<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15>
+struct Templates15 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates14<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16>
+struct Templates16 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates15<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17>
+struct Templates17 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates16<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18>
+struct Templates18 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates17<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19>
+struct Templates19 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates18<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20>
+struct Templates20 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates19<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21>
+struct Templates21 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates20<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22>
+struct Templates22 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates21<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23>
+struct Templates23 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates22<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24>
+struct Templates24 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates23<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25>
+struct Templates25 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates24<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26>
+struct Templates26 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates25<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27>
+struct Templates27 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates26<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28>
+struct Templates28 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates27<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29>
+struct Templates29 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates28<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30>
+struct Templates30 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates29<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31>
+struct Templates31 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates30<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32>
+struct Templates32 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates31<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33>
+struct Templates33 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates32<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34>
+struct Templates34 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates33<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35>
+struct Templates35 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates34<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36>
+struct Templates36 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates35<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37>
+struct Templates37 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates36<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38>
+struct Templates38 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates37<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39>
+struct Templates39 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates38<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40>
+struct Templates40 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates39<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41>
+struct Templates41 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates40<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42>
+struct Templates42 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates41<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43>
+struct Templates43 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates42<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44>
+struct Templates44 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates43<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45>
+struct Templates45 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates44<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46>
+struct Templates46 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates45<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47>
+struct Templates47 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates46<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48>
+struct Templates48 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates47<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47, T48> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48,
+    GTEST_TEMPLATE_ T49>
+struct Templates49 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates48<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47, T48, T49> Tail;
+};
+
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48,
+    GTEST_TEMPLATE_ T49, GTEST_TEMPLATE_ T50>
+struct Templates50 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates49<T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+      T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+      T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42,
+      T43, T44, T45, T46, T47, T48, T49, T50> Tail;
+};
+
+
+// We don't want to require the users to write TemplatesN<...> directly,
+// as that would require them to count the length.  Templates<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Templates<list>
+// will appear as Templates<list, NoneT, NoneT, ..., NoneT> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Templates<T1, ..., TN>, and Google Test will translate
+// that to TemplatesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Templates template.
+template <GTEST_TEMPLATE_ T1 = NoneT, GTEST_TEMPLATE_ T2 = NoneT,
+    GTEST_TEMPLATE_ T3 = NoneT, GTEST_TEMPLATE_ T4 = NoneT,
+    GTEST_TEMPLATE_ T5 = NoneT, GTEST_TEMPLATE_ T6 = NoneT,
+    GTEST_TEMPLATE_ T7 = NoneT, GTEST_TEMPLATE_ T8 = NoneT,
+    GTEST_TEMPLATE_ T9 = NoneT, GTEST_TEMPLATE_ T10 = NoneT,
+    GTEST_TEMPLATE_ T11 = NoneT, GTEST_TEMPLATE_ T12 = NoneT,
+    GTEST_TEMPLATE_ T13 = NoneT, GTEST_TEMPLATE_ T14 = NoneT,
+    GTEST_TEMPLATE_ T15 = NoneT, GTEST_TEMPLATE_ T16 = NoneT,
+    GTEST_TEMPLATE_ T17 = NoneT, GTEST_TEMPLATE_ T18 = NoneT,
+    GTEST_TEMPLATE_ T19 = NoneT, GTEST_TEMPLATE_ T20 = NoneT,
+    GTEST_TEMPLATE_ T21 = NoneT, GTEST_TEMPLATE_ T22 = NoneT,
+    GTEST_TEMPLATE_ T23 = NoneT, GTEST_TEMPLATE_ T24 = NoneT,
+    GTEST_TEMPLATE_ T25 = NoneT, GTEST_TEMPLATE_ T26 = NoneT,
+    GTEST_TEMPLATE_ T27 = NoneT, GTEST_TEMPLATE_ T28 = NoneT,
+    GTEST_TEMPLATE_ T29 = NoneT, GTEST_TEMPLATE_ T30 = NoneT,
+    GTEST_TEMPLATE_ T31 = NoneT, GTEST_TEMPLATE_ T32 = NoneT,
+    GTEST_TEMPLATE_ T33 = NoneT, GTEST_TEMPLATE_ T34 = NoneT,
+    GTEST_TEMPLATE_ T35 = NoneT, GTEST_TEMPLATE_ T36 = NoneT,
+    GTEST_TEMPLATE_ T37 = NoneT, GTEST_TEMPLATE_ T38 = NoneT,
+    GTEST_TEMPLATE_ T39 = NoneT, GTEST_TEMPLATE_ T40 = NoneT,
+    GTEST_TEMPLATE_ T41 = NoneT, GTEST_TEMPLATE_ T42 = NoneT,
+    GTEST_TEMPLATE_ T43 = NoneT, GTEST_TEMPLATE_ T44 = NoneT,
+    GTEST_TEMPLATE_ T45 = NoneT, GTEST_TEMPLATE_ T46 = NoneT,
+    GTEST_TEMPLATE_ T47 = NoneT, GTEST_TEMPLATE_ T48 = NoneT,
+    GTEST_TEMPLATE_ T49 = NoneT, GTEST_TEMPLATE_ T50 = NoneT>
+struct Templates {
+  typedef Templates50<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47, T48, T49, T50> type;
+};
+
+template <>
+struct Templates<NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates0 type;
+};
+template <GTEST_TEMPLATE_ T1>
+struct Templates<T1, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates1<T1> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2>
+struct Templates<T1, T2, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates2<T1, T2> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3>
+struct Templates<T1, T2, T3, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates3<T1, T2, T3> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4>
+struct Templates<T1, T2, T3, T4, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates4<T1, T2, T3, T4> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5>
+struct Templates<T1, T2, T3, T4, T5, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates5<T1, T2, T3, T4, T5> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6>
+struct Templates<T1, T2, T3, T4, T5, T6, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates6<T1, T2, T3, T4, T5, T6> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates7<T1, T2, T3, T4, T5, T6, T7> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates8<T1, T2, T3, T4, T5, T6, T7, T8> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates9<T1, T2, T3, T4, T5, T6, T7, T8, T9> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates10<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates11<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates12<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates13<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates14<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates15<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates16<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates17<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates18<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates19<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates20<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates21<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT> {
+  typedef Templates22<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT> {
+  typedef Templates23<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT> {
+  typedef Templates24<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates25<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates26<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates27<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT> {
+  typedef Templates28<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT> {
+  typedef Templates29<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates30<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates31<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates32<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates33<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates34<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates35<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates36<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, NoneT, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates37<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, NoneT, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates38<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates39<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, NoneT, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates40<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, NoneT, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates41<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, NoneT,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates42<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates43<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    NoneT, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates44<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, NoneT, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates45<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, NoneT, NoneT, NoneT, NoneT> {
+  typedef Templates46<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, T47, NoneT, NoneT, NoneT> {
+  typedef Templates47<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, T47, T48, NoneT, NoneT> {
+  typedef Templates48<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47, T48> type;
+};
+template <GTEST_TEMPLATE_ T1, GTEST_TEMPLATE_ T2, GTEST_TEMPLATE_ T3,
+    GTEST_TEMPLATE_ T4, GTEST_TEMPLATE_ T5, GTEST_TEMPLATE_ T6,
+    GTEST_TEMPLATE_ T7, GTEST_TEMPLATE_ T8, GTEST_TEMPLATE_ T9,
+    GTEST_TEMPLATE_ T10, GTEST_TEMPLATE_ T11, GTEST_TEMPLATE_ T12,
+    GTEST_TEMPLATE_ T13, GTEST_TEMPLATE_ T14, GTEST_TEMPLATE_ T15,
+    GTEST_TEMPLATE_ T16, GTEST_TEMPLATE_ T17, GTEST_TEMPLATE_ T18,
+    GTEST_TEMPLATE_ T19, GTEST_TEMPLATE_ T20, GTEST_TEMPLATE_ T21,
+    GTEST_TEMPLATE_ T22, GTEST_TEMPLATE_ T23, GTEST_TEMPLATE_ T24,
+    GTEST_TEMPLATE_ T25, GTEST_TEMPLATE_ T26, GTEST_TEMPLATE_ T27,
+    GTEST_TEMPLATE_ T28, GTEST_TEMPLATE_ T29, GTEST_TEMPLATE_ T30,
+    GTEST_TEMPLATE_ T31, GTEST_TEMPLATE_ T32, GTEST_TEMPLATE_ T33,
+    GTEST_TEMPLATE_ T34, GTEST_TEMPLATE_ T35, GTEST_TEMPLATE_ T36,
+    GTEST_TEMPLATE_ T37, GTEST_TEMPLATE_ T38, GTEST_TEMPLATE_ T39,
+    GTEST_TEMPLATE_ T40, GTEST_TEMPLATE_ T41, GTEST_TEMPLATE_ T42,
+    GTEST_TEMPLATE_ T43, GTEST_TEMPLATE_ T44, GTEST_TEMPLATE_ T45,
+    GTEST_TEMPLATE_ T46, GTEST_TEMPLATE_ T47, GTEST_TEMPLATE_ T48,
+    GTEST_TEMPLATE_ T49>
+struct Templates<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13, T14,
+    T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28, T29,
+    T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43, T44,
+    T45, T46, T47, T48, T49, NoneT> {
+  typedef Templates49<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+      T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27,
+      T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41,
+      T42, T43, T44, T45, T46, T47, T48, T49> type;
+};
+
+// The TypeList template makes it possible to use either a single type
+// or a Types<...> list in TYPED_TEST_CASE() and
+// INSTANTIATE_TYPED_TEST_CASE_P().
+
+template <typename T>
+struct TypeList {
+  typedef Types1<T> type;
+};
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+    typename T6, typename T7, typename T8, typename T9, typename T10,
+    typename T11, typename T12, typename T13, typename T14, typename T15,
+    typename T16, typename T17, typename T18, typename T19, typename T20,
+    typename T21, typename T22, typename T23, typename T24, typename T25,
+    typename T26, typename T27, typename T28, typename T29, typename T30,
+    typename T31, typename T32, typename T33, typename T34, typename T35,
+    typename T36, typename T37, typename T38, typename T39, typename T40,
+    typename T41, typename T42, typename T43, typename T44, typename T45,
+    typename T46, typename T47, typename T48, typename T49, typename T50>
+struct TypeList<Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12, T13,
+    T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26, T27, T28,
+    T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40, T41, T42, T43,
+    T44, T45, T46, T47, T48, T49, T50> > {
+  typedef typename Types<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10, T11, T12,
+      T13, T14, T15, T16, T17, T18, T19, T20, T21, T22, T23, T24, T25, T26,
+      T27, T28, T29, T30, T31, T32, T33, T34, T35, T36, T37, T38, T39, T40,
+      T41, T42, T43, T44, T45, T46, T47, T48, T49, T50>::type type;
+};
+
+#endif  // GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
diff --git a/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
new file mode 100644
index 0000000..251fdf0
--- /dev/null
+++ b/nss/gtests/google_test/gtest/include/gtest/internal/gtest-type-util.h.pump
@@ -0,0 +1,297 @@
+$$ -*- mode: c++; -*-
+$var n = 50  $$ Maximum length of type lists we want to support.
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Type utilities needed for implementing typed and type-parameterized
+// tests.  This file is generated by a SCRIPT.  DO NOT EDIT BY HAND!
+//
+// Currently we support at most $n types in a list, and at most $n
+// type-parameterized tests in one type-parameterized test case.
+// Please contact googletestframework@googlegroups.com if you need
+// more.
+
+#ifndef GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+#define GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
+
+#include "gtest/internal/gtest-port.h"
+
+// #ifdef __GNUC__ is too general here.  It is possible to use gcc without using
+// libstdc++ (which is where cxxabi.h comes from).
+# if GTEST_HAS_CXXABI_H_
+#  include <cxxabi.h>
+# elif defined(__HP_aCC)
+#  include <acxx_demangle.h>
+# endif  // GTEST_HASH_CXXABI_H_
+
+namespace testing {
+namespace internal {
+
+// GetTypeName<T>() returns a human-readable name of type T.
+// NB: This function is also used in Google Mock, so don't move it inside of
+// the typed-test-only section below.
+template <typename T>
+std::string GetTypeName() {
+# if GTEST_HAS_RTTI
+
+  const char* const name = typeid(T).name();
+#  if GTEST_HAS_CXXABI_H_ || defined(__HP_aCC)
+  int status = 0;
+  // gcc's implementation of typeid(T).name() mangles the type name,
+  // so we have to demangle it.
+#   if GTEST_HAS_CXXABI_H_
+  using abi::__cxa_demangle;
+#   endif  // GTEST_HAS_CXXABI_H_
+  char* const readable_name = __cxa_demangle(name, 0, 0, &status);
+  const std::string name_str(status == 0 ? readable_name : name);
+  free(readable_name);
+  return name_str;
+#  else
+  return name;
+#  endif  // GTEST_HAS_CXXABI_H_ || __HP_aCC
+
+# else
+
+  return "<type>";
+
+# endif  // GTEST_HAS_RTTI
+}
+
+#if GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+// AssertyTypeEq<T1, T2>::type is defined iff T1 and T2 are the same
+// type.  This can be used as a compile-time assertion to ensure that
+// two types are equal.
+
+template <typename T1, typename T2>
+struct AssertTypeEq;
+
+template <typename T>
+struct AssertTypeEq<T, T> {
+  typedef bool type;
+};
+
+// A unique type used as the default value for the arguments of class
+// template Types.  This allows us to simulate variadic templates
+// (e.g. Types<int>, Type<int, double>, and etc), which C++ doesn't
+// support directly.
+struct None {};
+
+// The following family of struct and struct templates are used to
+// represent type lists.  In particular, TypesN<T1, T2, ..., TN>
+// represents a type list with N types (T1, T2, ..., and TN) in it.
+// Except for Types0, every struct in the family has two member types:
+// Head for the first type in the list, and Tail for the rest of the
+// list.
+
+// The empty type list.
+struct Types0 {};
+
+// Type lists of length 1, 2, 3, and so on.
+
+template <typename T1>
+struct Types1 {
+  typedef T1 Head;
+  typedef Types0 Tail;
+};
+
+$range i 2..n
+
+$for i [[
+$range j 1..i
+$range k 2..i
+template <$for j, [[typename T$j]]>
+struct Types$i {
+  typedef T1 Head;
+  typedef Types$(i-1)<$for k, [[T$k]]> Tail;
+};
+
+
+]]
+
+}  // namespace internal
+
+// We don't want to require the users to write TypesN<...> directly,
+// as that would require them to count the length.  Types<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Types<int>
+// will appear as Types<int, None, None, ..., None> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Types<T1, ..., TN>, and Google Test will translate
+// that to TypesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Types template.
+
+$range i 1..n
+template <$for i, [[typename T$i = internal::None]]>
+struct Types {
+  typedef internal::Types$n<$for i, [[T$i]]> type;
+};
+
+template <>
+struct Types<$for i, [[internal::None]]> {
+  typedef internal::Types0 type;
+};
+
+$range i 1..n-1
+$for i [[
+$range j 1..i
+$range k i+1..n
+template <$for j, [[typename T$j]]>
+struct Types<$for j, [[T$j]]$for k[[, internal::None]]> {
+  typedef internal::Types$i<$for j, [[T$j]]> type;
+};
+
+]]
+
+namespace internal {
+
+# define GTEST_TEMPLATE_ template <typename T> class
+
+// The template "selector" struct TemplateSel<Tmpl> is used to
+// represent Tmpl, which must be a class template with one type
+// parameter, as a type.  TemplateSel<Tmpl>::Bind<T>::type is defined
+// as the type Tmpl<T>.  This allows us to actually instantiate the
+// template "selected" by TemplateSel<Tmpl>.
+//
+// This trick is necessary for simulating typedef for class templates,
+// which C++ doesn't support directly.
+template <GTEST_TEMPLATE_ Tmpl>
+struct TemplateSel {
+  template <typename T>
+  struct Bind {
+    typedef Tmpl<T> type;
+  };
+};
+
+# define GTEST_BIND_(TmplSel, T) \
+  TmplSel::template Bind<T>::type
+
+// A unique struct template used as the default value for the
+// arguments of class template Templates.  This allows us to simulate
+// variadic templates (e.g. Templates<int>, Templates<int, double>,
+// and etc), which C++ doesn't support directly.
+template <typename T>
+struct NoneT {};
+
+// The following family of struct and struct templates are used to
+// represent template lists.  In particular, TemplatesN<T1, T2, ...,
+// TN> represents a list of N templates (T1, T2, ..., and TN).  Except
+// for Templates0, every struct in the family has two member types:
+// Head for the selector of the first template in the list, and Tail
+// for the rest of the list.
+
+// The empty template list.
+struct Templates0 {};
+
+// Template lists of length 1, 2, 3, and so on.
+
+template <GTEST_TEMPLATE_ T1>
+struct Templates1 {
+  typedef TemplateSel<T1> Head;
+  typedef Templates0 Tail;
+};
+
+$range i 2..n
+
+$for i [[
+$range j 1..i
+$range k 2..i
+template <$for j, [[GTEST_TEMPLATE_ T$j]]>
+struct Templates$i {
+  typedef TemplateSel<T1> Head;
+  typedef Templates$(i-1)<$for k, [[T$k]]> Tail;
+};
+
+
+]]
+
+// We don't want to require the users to write TemplatesN<...> directly,
+// as that would require them to count the length.  Templates<...> is much
+// easier to write, but generates horrible messages when there is a
+// compiler error, as gcc insists on printing out each template
+// argument, even if it has the default value (this means Templates<list>
+// will appear as Templates<list, NoneT, NoneT, ..., NoneT> in the compiler
+// errors).
+//
+// Our solution is to combine the best part of the two approaches: a
+// user would write Templates<T1, ..., TN>, and Google Test will translate
+// that to TemplatesN<T1, ..., TN> internally to make error messages
+// readable.  The translation is done by the 'type' member of the
+// Templates template.
+
+$range i 1..n
+template <$for i, [[GTEST_TEMPLATE_ T$i = NoneT]]>
+struct Templates {
+  typedef Templates$n<$for i, [[T$i]]> type;
+};
+
+template <>
+struct Templates<$for i, [[NoneT]]> {
+  typedef Templates0 type;
+};
+
+$range i 1..n-1
+$for i [[
+$range j 1..i
+$range k i+1..n
+template <$for j, [[GTEST_TEMPLATE_ T$j]]>
+struct Templates<$for j, [[T$j]]$for k[[, NoneT]]> {
+  typedef Templates$i<$for j, [[T$j]]> type;
+};
+
+]]
+
+// The TypeList template makes it possible to use either a single type
+// or a Types<...> list in TYPED_TEST_CASE() and
+// INSTANTIATE_TYPED_TEST_CASE_P().
+
+template <typename T>
+struct TypeList {
+  typedef Types1<T> type;
+};
+
+
+$range i 1..n
+template <$for i, [[typename T$i]]>
+struct TypeList<Types<$for i, [[T$i]]> > {
+  typedef typename Types<$for i, [[T$i]]>::type type;
+};
+
+#endif  // GTEST_HAS_TYPED_TEST || GTEST_HAS_TYPED_TEST_P
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_INCLUDE_GTEST_INTERNAL_GTEST_TYPE_UTIL_H_
diff --git a/nss/gtests/google_test/gtest/m4/acx_pthread.m4 b/nss/gtests/google_test/gtest/m4/acx_pthread.m4
new file mode 100644
index 0000000..2cf20de
--- /dev/null
+++ b/nss/gtests/google_test/gtest/m4/acx_pthread.m4
@@ -0,0 +1,363 @@
+# This was retrieved from
+#    http://svn.0pointer.de/viewvc/trunk/common/acx_pthread.m4?revision=1277&root=avahi
+# See also (perhaps for new versions?)
+#    http://svn.0pointer.de/viewvc/trunk/common/acx_pthread.m4?root=avahi
+#
+# We've rewritten the inconsistency check code (from avahi), to work
+# more broadly.  In particular, it no longer assumes ld accepts -zdefs.
+# This caused a restructing of the code, but the functionality has only
+# changed a little.
+
+dnl @synopsis ACX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
+dnl
+dnl @summary figure out how to build C programs using POSIX threads
+dnl
+dnl This macro figures out how to build C programs using POSIX threads.
+dnl It sets the PTHREAD_LIBS output variable to the threads library and
+dnl linker flags, and the PTHREAD_CFLAGS output variable to any special
+dnl C compiler flags that are needed. (The user can also force certain
+dnl compiler flags/libs to be tested by setting these environment
+dnl variables.)
+dnl
+dnl Also sets PTHREAD_CC to any special C compiler that is needed for
+dnl multi-threaded programs (defaults to the value of CC otherwise).
+dnl (This is necessary on AIX to use the special cc_r compiler alias.)
+dnl
+dnl NOTE: You are assumed to not only compile your program with these
+dnl flags, but also link it with them as well. e.g. you should link
+dnl with $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS
+dnl $LIBS
+dnl
+dnl If you are only building threads programs, you may wish to use
+dnl these variables in your default LIBS, CFLAGS, and CC:
+dnl
+dnl        LIBS="$PTHREAD_LIBS $LIBS"
+dnl        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+dnl        CC="$PTHREAD_CC"
+dnl
+dnl In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute
+dnl constant has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to
+dnl that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
+dnl
+dnl ACTION-IF-FOUND is a list of shell commands to run if a threads
+dnl library is found, and ACTION-IF-NOT-FOUND is a list of commands to
+dnl run it if it is not found. If ACTION-IF-FOUND is not specified, the
+dnl default action will define HAVE_PTHREAD.
+dnl
+dnl Please let the authors know if this macro fails on any platform, or
+dnl if you have any other suggestions or comments. This macro was based
+dnl on work by SGJ on autoconf scripts for FFTW (www.fftw.org) (with
+dnl help from M. Frigo), as well as ac_pthread and hb_pthread macros
+dnl posted by Alejandro Forero Cuervo to the autoconf macro repository.
+dnl We are also grateful for the helpful feedback of numerous users.
+dnl
+dnl @category InstalledPackages
+dnl @author Steven G. Johnson <stevenj@alum.mit.edu>
+dnl @version 2006-05-29
+dnl @license GPLWithACException
+dnl 
+dnl Checks for GCC shared/pthread inconsistency based on work by
+dnl Marcin Owsiany <marcin@owsiany.pl>
+
+
+AC_DEFUN([ACX_PTHREAD], [
+AC_REQUIRE([AC_CANONICAL_HOST])
+AC_LANG_SAVE
+AC_LANG_C
+acx_pthread_ok=no
+
+# We used to check for pthread.h first, but this fails if pthread.h
+# requires special compiler flags (e.g. on True64 or Sequent).
+# It gets checked for in the link test anyway.
+
+# First of all, check if the user has set any of the PTHREAD_LIBS,
+# etcetera environment variables, and if threads linking works using
+# them:
+if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
+        AC_TRY_LINK_FUNC(pthread_join, acx_pthread_ok=yes)
+        AC_MSG_RESULT($acx_pthread_ok)
+        if test x"$acx_pthread_ok" = xno; then
+                PTHREAD_LIBS=""
+                PTHREAD_CFLAGS=""
+        fi
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+fi
+
+# We must check for the threads library under a number of different
+# names; the ordering is very important because some systems
+# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
+# libraries is broken (non-POSIX).
+
+# Create a list of thread flags to try.  Items starting with a "-" are
+# C compiler flags, and other items are library names, except for "none"
+# which indicates that we try without any flags at all, and "pthread-config"
+# which is a program returning the flags for the Pth emulation library.
+
+acx_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
+
+# The ordering *is* (sometimes) important.  Some notes on the
+# individual items follow:
+
+# pthreads: AIX (must check this before -lpthread)
+# none: in case threads are in libc; should be tried before -Kthread and
+#       other compiler flags to prevent continual compiler warnings
+# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
+# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
+# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
+# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
+# -pthreads: Solaris/gcc
+# -mthreads: Mingw32/gcc, Lynx/gcc
+# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
+#      doesn't hurt to check since this sometimes defines pthreads too;
+#      also defines -D_REENTRANT)
+#      ... -mt is also the pthreads flag for HP/aCC
+# pthread: Linux, etcetera
+# --thread-safe: KAI C++
+# pthread-config: use pthread-config program (for GNU Pth library)
+
+case "${host_cpu}-${host_os}" in
+        *solaris*)
+
+        # On Solaris (at least, for some versions), libc contains stubbed
+        # (non-functional) versions of the pthreads routines, so link-based
+        # tests will erroneously succeed.  (We need to link with -pthreads/-mt/
+        # -lpthread.)  (The stubs are missing pthread_cleanup_push, or rather
+        # a function called by this macro, so we could check for that, but
+        # who knows whether they'll stub that too in a future libc.)  So,
+        # we'll just look for -pthreads and -lpthread first:
+
+        acx_pthread_flags="-pthreads pthread -mt -pthread $acx_pthread_flags"
+        ;;
+esac
+
+if test x"$acx_pthread_ok" = xno; then
+for flag in $acx_pthread_flags; do
+
+        case $flag in
+                none)
+                AC_MSG_CHECKING([whether pthreads work without any flags])
+                ;;
+
+                -*)
+                AC_MSG_CHECKING([whether pthreads work with $flag])
+                PTHREAD_CFLAGS="$flag"
+                ;;
+
+		pthread-config)
+		AC_CHECK_PROG(acx_pthread_config, pthread-config, yes, no)
+		if test x"$acx_pthread_config" = xno; then continue; fi
+		PTHREAD_CFLAGS="`pthread-config --cflags`"
+		PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
+		;;
+
+                *)
+                AC_MSG_CHECKING([for the pthreads library -l$flag])
+                PTHREAD_LIBS="-l$flag"
+                ;;
+        esac
+
+        save_LIBS="$LIBS"
+        save_CFLAGS="$CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+        # Check for various functions.  We must include pthread.h,
+        # since some functions may be macros.  (On the Sequent, we
+        # need a special flag -Kthread to make this header compile.)
+        # We check for pthread_join because it is in -lpthread on IRIX
+        # while pthread_create is in libc.  We check for pthread_attr_init
+        # due to DEC craziness with -lpthreads.  We check for
+        # pthread_cleanup_push because it is one of the few pthread
+        # functions on Solaris that doesn't have a non-functional libc stub.
+        # We try pthread_create on general principles.
+        AC_TRY_LINK([#include <pthread.h>],
+                    [pthread_t th; pthread_join(th, 0);
+                     pthread_attr_init(0); pthread_cleanup_push(0, 0);
+                     pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+                    [acx_pthread_ok=yes])
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+
+        AC_MSG_RESULT($acx_pthread_ok)
+        if test "x$acx_pthread_ok" = xyes; then
+                break;
+        fi
+
+        PTHREAD_LIBS=""
+        PTHREAD_CFLAGS=""
+done
+fi
+
+# Various other checks:
+if test "x$acx_pthread_ok" = xyes; then
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+        # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
+	AC_MSG_CHECKING([for joinable pthread attribute])
+	attr_name=unknown
+	for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
+	    AC_TRY_LINK([#include <pthread.h>], [int attr=$attr; return attr;],
+                        [attr_name=$attr; break])
+	done
+        AC_MSG_RESULT($attr_name)
+        if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
+            AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name,
+                               [Define to necessary symbol if this constant
+                                uses a non-standard name on your system.])
+        fi
+
+        AC_MSG_CHECKING([if more special flags are required for pthreads])
+        flag=no
+        case "${host_cpu}-${host_os}" in
+            *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";;
+            *solaris* | *-osf* | *-hpux*) flag="-D_REENTRANT";;
+        esac
+        AC_MSG_RESULT(${flag})
+        if test "x$flag" != xno; then
+            PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
+        fi
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+        # More AIX lossage: must compile with xlc_r or cc_r
+	if test x"$GCC" != xyes; then
+          AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC})
+        else
+          PTHREAD_CC=$CC
+	fi
+
+	# The next part tries to detect GCC inconsistency with -shared on some
+	# architectures and systems. The problem is that in certain
+	# configurations, when -shared is specified, GCC "forgets" to
+	# internally use various flags which are still necessary.
+	
+	#
+	# Prepare the flags
+	#
+	save_CFLAGS="$CFLAGS"
+	save_LIBS="$LIBS"
+	save_CC="$CC"
+	
+	# Try with the flags determined by the earlier checks.
+	#
+	# -Wl,-z,defs forces link-time symbol resolution, so that the
+	# linking checks with -shared actually have any value
+	#
+	# FIXME: -fPIC is required for -shared on many architectures,
+	# so we specify it here, but the right way would probably be to
+	# properly detect whether it is actually required.
+	CFLAGS="-shared -fPIC -Wl,-z,defs $CFLAGS $PTHREAD_CFLAGS"
+	LIBS="$PTHREAD_LIBS $LIBS"
+	CC="$PTHREAD_CC"
+	
+	# In order not to create several levels of indentation, we test
+	# the value of "$done" until we find the cure or run out of ideas.
+	done="no"
+	
+	# First, make sure the CFLAGS we added are actually accepted by our
+	# compiler.  If not (and OS X's ld, for instance, does not accept -z),
+	# then we can't do this test.
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether to check for GCC pthread/shared inconsistencies])
+	   AC_TRY_LINK(,, , [done=yes])
+	
+	   if test "x$done" = xyes ; then
+	      AC_MSG_RESULT([no])
+	   else
+	      AC_MSG_RESULT([yes])
+	   fi
+	fi
+	
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether -pthread is sufficient with -shared])
+	   AC_TRY_LINK([#include <pthread.h>],
+	      [pthread_t th; pthread_join(th, 0);
+	      pthread_attr_init(0); pthread_cleanup_push(0, 0);
+	      pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+	      [done=yes])
+	   
+	   if test "x$done" = xyes; then
+	      AC_MSG_RESULT([yes])
+	   else
+	      AC_MSG_RESULT([no])
+	   fi
+	fi
+	
+	#
+	# Linux gcc on some architectures such as mips/mipsel forgets
+	# about -lpthread
+	#
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether -lpthread fixes that])
+	   LIBS="-lpthread $PTHREAD_LIBS $save_LIBS"
+	   AC_TRY_LINK([#include <pthread.h>],
+	      [pthread_t th; pthread_join(th, 0);
+	      pthread_attr_init(0); pthread_cleanup_push(0, 0);
+	      pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+	      [done=yes])
+	
+	   if test "x$done" = xyes; then
+	      AC_MSG_RESULT([yes])
+	      PTHREAD_LIBS="-lpthread $PTHREAD_LIBS"
+	   else
+	      AC_MSG_RESULT([no])
+	   fi
+	fi
+	#
+	# FreeBSD 4.10 gcc forgets to use -lc_r instead of -lc
+	#
+	if test x"$done" = xno; then
+	   AC_MSG_CHECKING([whether -lc_r fixes that])
+	   LIBS="-lc_r $PTHREAD_LIBS $save_LIBS"
+	   AC_TRY_LINK([#include <pthread.h>],
+	       [pthread_t th; pthread_join(th, 0);
+	        pthread_attr_init(0); pthread_cleanup_push(0, 0);
+	        pthread_create(0,0,0,0); pthread_cleanup_pop(0); ],
+	       [done=yes])
+	
+	   if test "x$done" = xyes; then
+	      AC_MSG_RESULT([yes])
+	      PTHREAD_LIBS="-lc_r $PTHREAD_LIBS"
+	   else
+	      AC_MSG_RESULT([no])
+	   fi
+	fi
+	if test x"$done" = xno; then
+	   # OK, we have run out of ideas
+	   AC_MSG_WARN([Impossible to determine how to use pthreads with shared libraries])
+	
+	   # so it's not safe to assume that we may use pthreads
+	   acx_pthread_ok=no
+	fi
+	
+	CFLAGS="$save_CFLAGS"
+	LIBS="$save_LIBS"
+	CC="$save_CC"
+else
+        PTHREAD_CC="$CC"
+fi
+
+AC_SUBST(PTHREAD_LIBS)
+AC_SUBST(PTHREAD_CFLAGS)
+AC_SUBST(PTHREAD_CC)
+
+# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
+if test x"$acx_pthread_ok" = xyes; then
+        ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1])
+        :
+else
+        acx_pthread_ok=no
+        $2
+fi
+AC_LANG_RESTORE
+])dnl ACX_PTHREAD
diff --git a/nss/gtests/google_test/gtest/m4/gtest.m4 b/nss/gtests/google_test/gtest/m4/gtest.m4
new file mode 100644
index 0000000..6598ba7
--- /dev/null
+++ b/nss/gtests/google_test/gtest/m4/gtest.m4
@@ -0,0 +1,74 @@
+dnl GTEST_LIB_CHECK([minimum version [,
+dnl                  action if found [,action if not found]]])
+dnl
+dnl Check for the presence of the Google Test library, optionally at a minimum
+dnl version, and indicate a viable version with the HAVE_GTEST flag. It defines
+dnl standard variables for substitution including GTEST_CPPFLAGS,
+dnl GTEST_CXXFLAGS, GTEST_LDFLAGS, and GTEST_LIBS. It also defines
+dnl GTEST_VERSION as the version of Google Test found. Finally, it provides
+dnl optional custom action slots in the event GTEST is found or not.
+AC_DEFUN([GTEST_LIB_CHECK],
+[
+dnl Provide a flag to enable or disable Google Test usage.
+AC_ARG_ENABLE([gtest],
+  [AS_HELP_STRING([--enable-gtest],
+                  [Enable tests using the Google C++ Testing Framework.
+                  (Default is enabled.)])],
+  [],
+  [enable_gtest=])
+AC_ARG_VAR([GTEST_CONFIG],
+           [The exact path of Google Test's 'gtest-config' script.])
+AC_ARG_VAR([GTEST_CPPFLAGS],
+           [C-like preprocessor flags for Google Test.])
+AC_ARG_VAR([GTEST_CXXFLAGS],
+           [C++ compile flags for Google Test.])
+AC_ARG_VAR([GTEST_LDFLAGS],
+           [Linker path and option flags for Google Test.])
+AC_ARG_VAR([GTEST_LIBS],
+           [Library linking flags for Google Test.])
+AC_ARG_VAR([GTEST_VERSION],
+           [The version of Google Test available.])
+HAVE_GTEST="no"
+AS_IF([test "x${enable_gtest}" != "xno"],
+  [AC_MSG_CHECKING([for 'gtest-config'])
+   AS_IF([test "x${enable_gtest}" != "xyes"],
+     [AS_IF([test -x "${enable_gtest}/scripts/gtest-config"],
+        [GTEST_CONFIG="${enable_gtest}/scripts/gtest-config"],
+        [GTEST_CONFIG="${enable_gtest}/bin/gtest-config"])
+      AS_IF([test -x "${GTEST_CONFIG}"], [],
+        [AC_MSG_RESULT([no])
+         AC_MSG_ERROR([dnl
+Unable to locate either a built or installed Google Test.
+The specific location '${enable_gtest}' was provided for a built or installed
+Google Test, but no 'gtest-config' script could be found at this location.])
+         ])],
+     [AC_PATH_PROG([GTEST_CONFIG], [gtest-config])])
+   AS_IF([test -x "${GTEST_CONFIG}"],
+     [AC_MSG_RESULT([${GTEST_CONFIG}])
+      m4_ifval([$1],
+        [_gtest_min_version="--min-version=$1"
+         AC_MSG_CHECKING([for Google Test at least version >= $1])],
+        [_gtest_min_version="--min-version=0"
+         AC_MSG_CHECKING([for Google Test])])
+      AS_IF([${GTEST_CONFIG} ${_gtest_min_version}],
+        [AC_MSG_RESULT([yes])
+         HAVE_GTEST='yes'],
+        [AC_MSG_RESULT([no])])],
+     [AC_MSG_RESULT([no])])
+   AS_IF([test "x${HAVE_GTEST}" = "xyes"],
+     [GTEST_CPPFLAGS=`${GTEST_CONFIG} --cppflags`
+      GTEST_CXXFLAGS=`${GTEST_CONFIG} --cxxflags`
+      GTEST_LDFLAGS=`${GTEST_CONFIG} --ldflags`
+      GTEST_LIBS=`${GTEST_CONFIG} --libs`
+      GTEST_VERSION=`${GTEST_CONFIG} --version`
+      AC_DEFINE([HAVE_GTEST],[1],[Defined when Google Test is available.])],
+     [AS_IF([test "x${enable_gtest}" = "xyes"],
+        [AC_MSG_ERROR([dnl
+Google Test was enabled, but no viable version could be found.])
+         ])])])
+AC_SUBST([HAVE_GTEST])
+AM_CONDITIONAL([HAVE_GTEST],[test "x$HAVE_GTEST" = "xyes"])
+AS_IF([test "x$HAVE_GTEST" = "xyes"],
+  [m4_ifval([$2], [$2])],
+  [m4_ifval([$3], [$3])])
+])
diff --git a/nss/gtests/google_test/gtest/make/Makefile b/nss/gtests/google_test/gtest/make/Makefile
new file mode 100644
index 0000000..9ac7449
--- /dev/null
+++ b/nss/gtests/google_test/gtest/make/Makefile
@@ -0,0 +1,82 @@
+# A sample Makefile for building Google Test and using it in user
+# tests.  Please tweak it to suit your environment and project.  You
+# may want to move it to your project's root directory.
+#
+# SYNOPSIS:
+#
+#   make [all]  - makes everything.
+#   make TARGET - makes the given target.
+#   make clean  - removes all files generated by make.
+
+# Please tweak the following variable definitions as needed by your
+# project, except GTEST_HEADERS, which you can use in your own targets
+# but shouldn't modify.
+
+# Points to the root of Google Test, relative to where this file is.
+# Remember to tweak this if you move this file.
+GTEST_DIR = ..
+
+# Where to find user code.
+USER_DIR = ../samples
+
+# Flags passed to the preprocessor.
+# Set Google Test's header directory as a system directory, such that
+# the compiler doesn't generate warnings in Google Test headers.
+CPPFLAGS += -isystem $(GTEST_DIR)/include
+
+# Flags passed to the C++ compiler.
+CXXFLAGS += -g -Wall -Wextra -pthread
+
+# All tests produced by this Makefile.  Remember to add new tests you
+# created to the list.
+TESTS = sample1_unittest
+
+# All Google Test headers.  Usually you shouldn't change this
+# definition.
+GTEST_HEADERS = $(GTEST_DIR)/include/gtest/*.h \
+                $(GTEST_DIR)/include/gtest/internal/*.h
+
+# House-keeping build targets.
+
+all : $(TESTS)
+
+clean :
+	rm -f $(TESTS) gtest.a gtest_main.a *.o
+
+# Builds gtest.a and gtest_main.a.
+
+# Usually you shouldn't tweak such internal variables, indicated by a
+# trailing _.
+GTEST_SRCS_ = $(GTEST_DIR)/src/*.cc $(GTEST_DIR)/src/*.h $(GTEST_HEADERS)
+
+# For simplicity and to avoid depending on Google Test's
+# implementation details, the dependencies specified below are
+# conservative and not optimized.  This is fine as Google Test
+# compiles fast and for ordinary users its source rarely changes.
+gtest-all.o : $(GTEST_SRCS_)
+	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) -c \
+            $(GTEST_DIR)/src/gtest-all.cc
+
+gtest_main.o : $(GTEST_SRCS_)
+	$(CXX) $(CPPFLAGS) -I$(GTEST_DIR) $(CXXFLAGS) -c \
+            $(GTEST_DIR)/src/gtest_main.cc
+
+gtest.a : gtest-all.o
+	$(AR) $(ARFLAGS) $@ $^
+
+gtest_main.a : gtest-all.o gtest_main.o
+	$(AR) $(ARFLAGS) $@ $^
+
+# Builds a sample test.  A test should link with either gtest.a or
+# gtest_main.a, depending on whether it defines its own main()
+# function.
+
+sample1.o : $(USER_DIR)/sample1.cc $(USER_DIR)/sample1.h $(GTEST_HEADERS)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(USER_DIR)/sample1.cc
+
+sample1_unittest.o : $(USER_DIR)/sample1_unittest.cc \
+                     $(USER_DIR)/sample1.h $(GTEST_HEADERS)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(USER_DIR)/sample1_unittest.cc
+
+sample1_unittest : sample1.o sample1_unittest.o gtest_main.a
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -lpthread $^ -o $@
diff --git a/nss/gtests/google_test/gtest/msvc/gtest-md.sln b/nss/gtests/google_test/gtest/msvc/gtest-md.sln
new file mode 100644
index 0000000..f7908da
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest-md.sln
@@ -0,0 +1,45 @@
+Microsoft Visual Studio Solution File, Format Version 8.00
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest-md", "gtest-md.vcproj", "{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_main-md", "gtest_main-md.vcproj", "{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_prod_test-md", "gtest_prod_test-md.vcproj", "{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_unittest-md", "gtest_unittest-md.vcproj", "{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfiguration) = preSolution
+		Debug = Debug
+		Release = Release
+	EndGlobalSection
+	GlobalSection(ProjectConfiguration) = postSolution
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Debug.ActiveCfg = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Debug.Build.0 = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Release.ActiveCfg = Release|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}.Release.Build.0 = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Debug.ActiveCfg = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Debug.Build.0 = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Release.ActiveCfg = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862033}.Release.Build.0 = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Debug.ActiveCfg = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Debug.Build.0 = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Release.ActiveCfg = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}.Release.Build.0 = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Debug.ActiveCfg = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Debug.Build.0 = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Release.ActiveCfg = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}.Release.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+	EndGlobalSection
+	GlobalSection(ExtensibilityAddIns) = postSolution
+	EndGlobalSection
+EndGlobal
diff --git a/nss/gtests/google_test/gtest/msvc/gtest-md.vcproj b/nss/gtests/google_test/gtest/msvc/gtest-md.vcproj
new file mode 100644
index 0000000..1c35c3a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest-md.vcproj
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest-md"
+	ProjectGUID="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtestd.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtest.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest-all.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/msvc/gtest.sln b/nss/gtests/google_test/gtest/msvc/gtest.sln
new file mode 100644
index 0000000..ef4b057
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest.sln
@@ -0,0 +1,45 @@
+Microsoft Visual Studio Solution File, Format Version 8.00
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest", "gtest.vcproj", "{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_main", "gtest_main.vcproj", "{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_unittest", "gtest_unittest.vcproj", "{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gtest_prod_test", "gtest_prod_test.vcproj", "{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}"
+	ProjectSection(ProjectDependencies) = postProject
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfiguration) = preSolution
+		Debug = Debug
+		Release = Release
+	EndGlobalSection
+	GlobalSection(ProjectConfiguration) = postSolution
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Debug.ActiveCfg = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Debug.Build.0 = Debug|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Release.ActiveCfg = Release|Win32
+		{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}.Release.Build.0 = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Debug.ActiveCfg = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Debug.Build.0 = Debug|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Release.ActiveCfg = Release|Win32
+		{3AF54C8A-10BF-4332-9147-F68ED9862032}.Release.Build.0 = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Debug.ActiveCfg = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Debug.Build.0 = Debug|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Release.ActiveCfg = Release|Win32
+		{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}.Release.Build.0 = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Debug.ActiveCfg = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Debug.Build.0 = Debug|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Release.ActiveCfg = Release|Win32
+		{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}.Release.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+	EndGlobalSection
+	GlobalSection(ExtensibilityAddIns) = postSolution
+	EndGlobalSection
+EndGlobal
diff --git a/nss/gtests/google_test/gtest/msvc/gtest.vcproj b/nss/gtests/google_test/gtest/msvc/gtest.vcproj
new file mode 100644
index 0000000..a8373ce
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest.vcproj
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest"
+	ProjectGUID="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtestd.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/gtest.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest-all.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/msvc/gtest_main-md.vcproj b/nss/gtests/google_test/gtest/msvc/gtest_main-md.vcproj
new file mode 100644
index 0000000..b5379fe
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest_main-md.vcproj
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_main-md"
+	ProjectGUID="{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName)d.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName).lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE8}"
+			Name="gtest-md"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest_main.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/msvc/gtest_main.vcproj b/nss/gtests/google_test/gtest/msvc/gtest_main.vcproj
new file mode 100644
index 0000000..e8b763c
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest_main.vcproj
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_main"
+	ProjectGUID="{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_LIB"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName)d.lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="4"
+			CharacterSet="2"
+			ReferencesPath="&quot;..\include&quot;;&quot;..&quot;">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_LIB"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="0"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLibrarianTool"
+				OutputFile="$(OutDir)/$(ProjectName).lib"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{C8F6C172-56F2-4E76-B5FA-C3B423B31BE7}"
+			Name="gtest"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\src\gtest_main.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/msvc/gtest_prod_test-md.vcproj b/nss/gtests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
new file mode 100644
index 0000000..05b05d9
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest_prod_test-md.vcproj
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_prod_test-md"
+	ProjectGUID="{24848551-EF4F-47E8-9A9D-EA4D49BC3ECB}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_prod_test.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+			Name="gtest_main-md"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_prod_test.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+			<File
+				RelativePath="..\test\production.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+			<File
+				RelativePath="..\test\production.h">
+			</File>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/msvc/gtest_prod_test.vcproj b/nss/gtests/google_test/gtest/msvc/gtest_prod_test.vcproj
new file mode 100644
index 0000000..6d7a2f0
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest_prod_test.vcproj
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_prod_test"
+	ProjectGUID="{24848551-EF4F-47E8-9A9D-EA4D49BC3ECA}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_prod_test.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_prod_test.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+			Name="gtest_main"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_prod_test.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+			<File
+				RelativePath="..\test\production.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+			<File
+				RelativePath="..\test\production.h">
+			</File>
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/msvc/gtest_unittest-md.vcproj b/nss/gtests/google_test/gtest/msvc/gtest_unittest-md.vcproj
new file mode 100644
index 0000000..38a5e56
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest_unittest-md.vcproj
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_unittest-md"
+	ProjectGUID="{4D9FDFB5-986A-4139-823C-F4EE0ED481A2}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="3"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_unittest.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="2"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862033}"
+			Name="gtest_main-md"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_unittest.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						Optimization="1"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						BasicRuntimeChecks="0"
+						UsePrecompiledHeader="0"
+						DebugInformationFormat="3"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/msvc/gtest_unittest.vcproj b/nss/gtests/google_test/gtest/msvc/gtest_unittest.vcproj
new file mode 100644
index 0000000..cb1f52b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/msvc/gtest_unittest.vcproj
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+	ProjectType="Visual C++"
+	Version="7.10"
+	Name="gtest_unittest"
+	ProjectGUID="{4D9FDFB5-986A-4139-823C-F4EE0ED481A1}"
+	Keyword="Win32Proj">
+	<Platforms>
+		<Platform
+			Name="Win32"/>
+	</Platforms>
+	<Configurations>
+		<Configuration
+			Name="Debug|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				Optimization="0"
+				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
+				MinimalRebuild="TRUE"
+				BasicRuntimeChecks="3"
+				RuntimeLibrary="5"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="4"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="2"
+				GenerateDebugInformation="TRUE"
+				ProgramDatabaseFile="$(OutDir)/gtest_unittest.pdb"
+				SubSystem="1"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+		<Configuration
+			Name="Release|Win32"
+			OutputDirectory="$(SolutionName)/$(ConfigurationName)"
+			IntermediateDirectory="$(OutDir)/$(ProjectName)"
+			ConfigurationType="1"
+			CharacterSet="2">
+			<Tool
+				Name="VCCLCompilerTool"
+				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
+				RuntimeLibrary="4"
+				UsePrecompiledHeader="3"
+				WarningLevel="3"
+				Detect64BitPortabilityProblems="FALSE"
+				DebugInformationFormat="3"/>
+			<Tool
+				Name="VCCustomBuildTool"/>
+			<Tool
+				Name="VCLinkerTool"
+				OutputFile="$(OutDir)/gtest_unittest.exe"
+				LinkIncremental="1"
+				GenerateDebugInformation="TRUE"
+				SubSystem="1"
+				OptimizeReferences="2"
+				EnableCOMDATFolding="2"
+				TargetMachine="1"/>
+			<Tool
+				Name="VCMIDLTool"/>
+			<Tool
+				Name="VCPostBuildEventTool"/>
+			<Tool
+				Name="VCPreBuildEventTool"/>
+			<Tool
+				Name="VCPreLinkEventTool"/>
+			<Tool
+				Name="VCResourceCompilerTool"/>
+			<Tool
+				Name="VCWebServiceProxyGeneratorTool"/>
+			<Tool
+				Name="VCXMLDataGeneratorTool"/>
+			<Tool
+				Name="VCWebDeploymentTool"/>
+			<Tool
+				Name="VCManagedWrapperGeneratorTool"/>
+			<Tool
+				Name="VCAuxiliaryManagedWrapperGeneratorTool"/>
+		</Configuration>
+	</Configurations>
+	<References>
+		<ProjectReference
+			ReferencedProjectIdentifier="{3AF54C8A-10BF-4332-9147-F68ED9862032}"
+			Name="gtest_main"/>
+	</References>
+	<Files>
+		<Filter
+			Name="Source Files"
+			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
+			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
+			<File
+				RelativePath="..\test\gtest_unittest.cc">
+				<FileConfiguration
+					Name="Debug|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						Optimization="1"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						BasicRuntimeChecks="0"
+						UsePrecompiledHeader="0"
+						DebugInformationFormat="3"/>
+				</FileConfiguration>
+				<FileConfiguration
+					Name="Release|Win32">
+					<Tool
+						Name="VCCLCompilerTool"
+						AdditionalIncludeDirectories="&quot;..&quot;;&quot;..\include&quot;"
+						UsePrecompiledHeader="0"/>
+				</FileConfiguration>
+			</File>
+		</Filter>
+		<Filter
+			Name="Header Files"
+			Filter="h;hpp;hxx;hm;inl;inc;xsd"
+			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}">
+		</Filter>
+	</Files>
+	<Globals>
+	</Globals>
+</VisualStudioProject>
diff --git a/nss/gtests/google_test/gtest/samples/prime_tables.h b/nss/gtests/google_test/gtest/samples/prime_tables.h
new file mode 100644
index 0000000..92ce16a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/prime_tables.h
@@ -0,0 +1,123 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+// Author: vladl@google.com (Vlad Losev)
+
+// This provides interface PrimeTable that determines whether a number is a
+// prime and determines a next prime number. This interface is used
+// in Google Test samples demonstrating use of parameterized tests.
+
+#ifndef GTEST_SAMPLES_PRIME_TABLES_H_
+#define GTEST_SAMPLES_PRIME_TABLES_H_
+
+#include <algorithm>
+
+// The prime table interface.
+class PrimeTable {
+ public:
+  virtual ~PrimeTable() {}
+
+  // Returns true iff n is a prime number.
+  virtual bool IsPrime(int n) const = 0;
+
+  // Returns the smallest prime number greater than p; or returns -1
+  // if the next prime is beyond the capacity of the table.
+  virtual int GetNextPrime(int p) const = 0;
+};
+
+// Implementation #1 calculates the primes on-the-fly.
+class OnTheFlyPrimeTable : public PrimeTable {
+ public:
+  virtual bool IsPrime(int n) const {
+    if (n <= 1) return false;
+
+    for (int i = 2; i*i <= n; i++) {
+      // n is divisible by an integer other than 1 and itself.
+      if ((n % i) == 0) return false;
+    }
+
+    return true;
+  }
+
+  virtual int GetNextPrime(int p) const {
+    for (int n = p + 1; n > 0; n++) {
+      if (IsPrime(n)) return n;
+    }
+
+    return -1;
+  }
+};
+
+// Implementation #2 pre-calculates the primes and stores the result
+// in an array.
+class PreCalculatedPrimeTable : public PrimeTable {
+ public:
+  // 'max' specifies the maximum number the prime table holds.
+  explicit PreCalculatedPrimeTable(int max)
+      : is_prime_size_(max + 1), is_prime_(new bool[max + 1]) {
+    CalculatePrimesUpTo(max);
+  }
+  virtual ~PreCalculatedPrimeTable() { delete[] is_prime_; }
+
+  virtual bool IsPrime(int n) const {
+    return 0 <= n && n < is_prime_size_ && is_prime_[n];
+  }
+
+  virtual int GetNextPrime(int p) const {
+    for (int n = p + 1; n < is_prime_size_; n++) {
+      if (is_prime_[n]) return n;
+    }
+
+    return -1;
+  }
+
+ private:
+  void CalculatePrimesUpTo(int max) {
+    ::std::fill(is_prime_, is_prime_ + is_prime_size_, true);
+    is_prime_[0] = is_prime_[1] = false;
+
+    for (int i = 2; i <= max; i++) {
+      if (!is_prime_[i]) continue;
+
+      // Marks all multiples of i (except i itself) as non-prime.
+      for (int j = 2*i; j <= max; j += i) {
+        is_prime_[j] = false;
+      }
+    }
+  }
+
+  const int is_prime_size_;
+  bool* const is_prime_;
+
+  // Disables compiler warning "assignment operator could not be generated."
+  void operator=(const PreCalculatedPrimeTable& rhs);
+};
+
+#endif  // GTEST_SAMPLES_PRIME_TABLES_H_
diff --git a/nss/gtests/google_test/gtest/samples/sample1.cc b/nss/gtests/google_test/gtest/samples/sample1.cc
new file mode 100644
index 0000000..f171e26
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample1.cc
@@ -0,0 +1,68 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "sample1.h"
+
+// Returns n! (the factorial of n).  For negative n, n! is defined to be 1.
+int Factorial(int n) {
+  int result = 1;
+  for (int i = 1; i <= n; i++) {
+    result *= i;
+  }
+
+  return result;
+}
+
+// Returns true iff n is a prime number.
+bool IsPrime(int n) {
+  // Trivial case 1: small numbers
+  if (n <= 1) return false;
+
+  // Trivial case 2: even numbers
+  if (n % 2 == 0) return n == 2;
+
+  // Now, we have that n is odd and n >= 3.
+
+  // Try to divide n by every odd number i, starting from 3
+  for (int i = 3; ; i += 2) {
+    // We only have to try i up to the squre root of n
+    if (i > n/i) break;
+
+    // Now, we have i <= n/i < n.
+    // If n is divisible by i, n is not prime.
+    if (n % i == 0) return false;
+  }
+
+  // n has no integer factor in the range (1, n), and thus is prime.
+  return true;
+}
diff --git a/nss/gtests/google_test/gtest/samples/sample1.h b/nss/gtests/google_test/gtest/samples/sample1.h
new file mode 100644
index 0000000..3dfeb98
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample1.h
@@ -0,0 +1,43 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE1_H_
+#define GTEST_SAMPLES_SAMPLE1_H_
+
+// Returns n! (the factorial of n).  For negative n, n! is defined to be 1.
+int Factorial(int n);
+
+// Returns true iff n is a prime number.
+bool IsPrime(int n);
+
+#endif  // GTEST_SAMPLES_SAMPLE1_H_
diff --git a/nss/gtests/google_test/gtest/samples/sample10_unittest.cc b/nss/gtests/google_test/gtest/samples/sample10_unittest.cc
new file mode 100644
index 0000000..0051cd5
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample10_unittest.cc
@@ -0,0 +1,144 @@
+// Copyright 2009 Google Inc. All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to use Google Test listener API to implement
+// a primitive leak checker.
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "gtest/gtest.h"
+
+using ::testing::EmptyTestEventListener;
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::TestCase;
+using ::testing::TestEventListeners;
+using ::testing::TestInfo;
+using ::testing::TestPartResult;
+using ::testing::UnitTest;
+
+namespace {
+
+// We will track memory used by this class.
+class Water {
+ public:
+  // Normal Water declarations go here.
+
+  // operator new and operator delete help us control water allocation.
+  void* operator new(size_t allocation_size) {
+    allocated_++;
+    return malloc(allocation_size);
+  }
+
+  void operator delete(void* block, size_t /* allocation_size */) {
+    allocated_--;
+    free(block);
+  }
+
+  static int allocated() { return allocated_; }
+
+ private:
+  static int allocated_;
+};
+
+int Water::allocated_ = 0;
+
+// This event listener monitors how many Water objects are created and
+// destroyed by each test, and reports a failure if a test leaks some Water
+// objects. It does this by comparing the number of live Water objects at
+// the beginning of a test and at the end of a test.
+class LeakChecker : public EmptyTestEventListener {
+ private:
+  // Called before a test starts.
+  virtual void OnTestStart(const TestInfo& /* test_info */) {
+    initially_allocated_ = Water::allocated();
+  }
+
+  // Called after a test ends.
+  virtual void OnTestEnd(const TestInfo& /* test_info */) {
+    int difference = Water::allocated() - initially_allocated_;
+
+    // You can generate a failure in any event handler except
+    // OnTestPartResult. Just use an appropriate Google Test assertion to do
+    // it.
+    EXPECT_LE(difference, 0) << "Leaked " << difference << " unit(s) of Water!";
+  }
+
+  int initially_allocated_;
+};
+
+TEST(ListenersTest, DoesNotLeak) {
+  Water* water = new Water;
+  delete water;
+}
+
+// This should fail when the --check_for_leaks command line flag is
+// specified.
+TEST(ListenersTest, LeaksWater) {
+  Water* water = new Water;
+  EXPECT_TRUE(water != NULL);
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  bool check_for_leaks = false;
+  if (argc > 1 && strcmp(argv[1], "--check_for_leaks") == 0 )
+    check_for_leaks = true;
+  else
+    printf("%s\n", "Run this program with --check_for_leaks to enable "
+           "custom leak checking in the tests.");
+
+  // If we are given the --check_for_leaks command line flag, installs the
+  // leak checker.
+  if (check_for_leaks) {
+    TestEventListeners& listeners = UnitTest::GetInstance()->listeners();
+
+    // Adds the leak checker to the end of the test event listener list,
+    // after the default text output printer and the default XML report
+    // generator.
+    //
+    // The order is important - it ensures that failures generated in the
+    // leak checker's OnTestEnd() method are processed by the text and XML
+    // printers *before* their OnTestEnd() methods are called, such that
+    // they are attributed to the right test. Remember that a listener
+    // receives an OnXyzStart event *after* listeners preceding it in the
+    // list received that event, and receives an OnXyzEnd event *before*
+    // listeners preceding it.
+    //
+    // We don't need to worry about deleting the new listener later, as
+    // Google Test will do it.
+    listeners.Append(new LeakChecker);
+  }
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/samples/sample1_unittest.cc b/nss/gtests/google_test/gtest/samples/sample1_unittest.cc
new file mode 100644
index 0000000..aefc4f1
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample1_unittest.cc
@@ -0,0 +1,153 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+
+// This sample shows how to write a simple unit test for a function,
+// using Google C++ testing framework.
+//
+// Writing a unit test using Google C++ testing framework is easy as 1-2-3:
+
+
+// Step 1. Include necessary header files such that the stuff your
+// test logic needs is declared.
+//
+// Don't forget gtest.h, which declares the testing framework.
+
+#include <limits.h>
+#include "sample1.h"
+#include "gtest/gtest.h"
+
+
+// Step 2. Use the TEST macro to define your tests.
+//
+// TEST has two parameters: the test case name and the test name.
+// After using the macro, you should define your test logic between a
+// pair of braces.  You can use a bunch of macros to indicate the
+// success or failure of a test.  EXPECT_TRUE and EXPECT_EQ are
+// examples of such macros.  For a complete list, see gtest.h.
+//
+// <TechnicalDetails>
+//
+// In Google Test, tests are grouped into test cases.  This is how we
+// keep test code organized.  You should put logically related tests
+// into the same test case.
+//
+// The test case name and the test name should both be valid C++
+// identifiers.  And you should not use underscore (_) in the names.
+//
+// Google Test guarantees that each test you define is run exactly
+// once, but it makes no guarantee on the order the tests are
+// executed.  Therefore, you should write your tests in such a way
+// that their results don't depend on their order.
+//
+// </TechnicalDetails>
+
+
+// Tests Factorial().
+
+// Tests factorial of negative numbers.
+TEST(FactorialTest, Negative) {
+  // This test is named "Negative", and belongs to the "FactorialTest"
+  // test case.
+  EXPECT_EQ(1, Factorial(-5));
+  EXPECT_EQ(1, Factorial(-1));
+  EXPECT_GT(Factorial(-10), 0);
+
+  // <TechnicalDetails>
+  //
+  // EXPECT_EQ(expected, actual) is the same as
+  //
+  //   EXPECT_TRUE((expected) == (actual))
+  //
+  // except that it will print both the expected value and the actual
+  // value when the assertion fails.  This is very helpful for
+  // debugging.  Therefore in this case EXPECT_EQ is preferred.
+  //
+  // On the other hand, EXPECT_TRUE accepts any Boolean expression,
+  // and is thus more general.
+  //
+  // </TechnicalDetails>
+}
+
+// Tests factorial of 0.
+TEST(FactorialTest, Zero) {
+  EXPECT_EQ(1, Factorial(0));
+}
+
+// Tests factorial of positive numbers.
+TEST(FactorialTest, Positive) {
+  EXPECT_EQ(1, Factorial(1));
+  EXPECT_EQ(2, Factorial(2));
+  EXPECT_EQ(6, Factorial(3));
+  EXPECT_EQ(40320, Factorial(8));
+}
+
+
+// Tests IsPrime()
+
+// Tests negative input.
+TEST(IsPrimeTest, Negative) {
+  // This test belongs to the IsPrimeTest test case.
+
+  EXPECT_FALSE(IsPrime(-1));
+  EXPECT_FALSE(IsPrime(-2));
+  EXPECT_FALSE(IsPrime(INT_MIN));
+}
+
+// Tests some trivial cases.
+TEST(IsPrimeTest, Trivial) {
+  EXPECT_FALSE(IsPrime(0));
+  EXPECT_FALSE(IsPrime(1));
+  EXPECT_TRUE(IsPrime(2));
+  EXPECT_TRUE(IsPrime(3));
+}
+
+// Tests positive input.
+TEST(IsPrimeTest, Positive) {
+  EXPECT_FALSE(IsPrime(4));
+  EXPECT_TRUE(IsPrime(5));
+  EXPECT_FALSE(IsPrime(6));
+  EXPECT_TRUE(IsPrime(23));
+}
+
+// Step 3. Call RUN_ALL_TESTS() in main().
+//
+// We do this by linking in src/gtest_main.cc file, which consists of
+// a main() function which calls RUN_ALL_TESTS() for us.
+//
+// This runs all the tests you've defined, prints the result, and
+// returns 0 if successful, or 1 otherwise.
+//
+// Did you notice that we didn't register the tests?  The
+// RUN_ALL_TESTS() macro magically knows about all the tests we
+// defined.  Isn't this convenient?
diff --git a/nss/gtests/google_test/gtest/samples/sample2.cc b/nss/gtests/google_test/gtest/samples/sample2.cc
new file mode 100644
index 0000000..5f763b9
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample2.cc
@@ -0,0 +1,56 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "sample2.h"
+
+#include <string.h>
+
+// Clones a 0-terminated C string, allocating memory using new.
+const char* MyString::CloneCString(const char* a_c_string) {
+  if (a_c_string == NULL) return NULL;
+
+  const size_t len = strlen(a_c_string);
+  char* const clone = new char[ len + 1 ];
+  memcpy(clone, a_c_string, len + 1);
+
+  return clone;
+}
+
+// Sets the 0-terminated C string this MyString object
+// represents.
+void MyString::Set(const char* a_c_string) {
+  // Makes sure this works when c_string == c_string_
+  const char* const temp = MyString::CloneCString(a_c_string);
+  delete[] c_string_;
+  c_string_ = temp;
+}
diff --git a/nss/gtests/google_test/gtest/samples/sample2.h b/nss/gtests/google_test/gtest/samples/sample2.h
new file mode 100644
index 0000000..cb485c7
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample2.h
@@ -0,0 +1,85 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE2_H_
+#define GTEST_SAMPLES_SAMPLE2_H_
+
+#include <string.h>
+
+
+// A simple string class.
+class MyString {
+ private:
+  const char* c_string_;
+  const MyString& operator=(const MyString& rhs);
+
+ public:
+  // Clones a 0-terminated C string, allocating memory using new.
+  static const char* CloneCString(const char* a_c_string);
+
+  ////////////////////////////////////////////////////////////
+  //
+  // C'tors
+
+  // The default c'tor constructs a NULL string.
+  MyString() : c_string_(NULL) {}
+
+  // Constructs a MyString by cloning a 0-terminated C string.
+  explicit MyString(const char* a_c_string) : c_string_(NULL) {
+    Set(a_c_string);
+  }
+
+  // Copy c'tor
+  MyString(const MyString& string) : c_string_(NULL) {
+    Set(string.c_string_);
+  }
+
+  ////////////////////////////////////////////////////////////
+  //
+  // D'tor.  MyString is intended to be a final class, so the d'tor
+  // doesn't need to be virtual.
+  ~MyString() { delete[] c_string_; }
+
+  // Gets the 0-terminated C string this MyString object represents.
+  const char* c_string() const { return c_string_; }
+
+  size_t Length() const {
+    return c_string_ == NULL ? 0 : strlen(c_string_);
+  }
+
+  // Sets the 0-terminated C string this MyString object represents.
+  void Set(const char* c_string);
+};
+
+
+#endif  // GTEST_SAMPLES_SAMPLE2_H_
diff --git a/nss/gtests/google_test/gtest/samples/sample2_unittest.cc b/nss/gtests/google_test/gtest/samples/sample2_unittest.cc
new file mode 100644
index 0000000..4fa19b7
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample2_unittest.cc
@@ -0,0 +1,109 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+
+// This sample shows how to write a more complex unit test for a class
+// that has multiple member functions.
+//
+// Usually, it's a good idea to have one test for each method in your
+// class.  You don't have to do that exactly, but it helps to keep
+// your tests organized.  You may also throw in additional tests as
+// needed.
+
+#include "sample2.h"
+#include "gtest/gtest.h"
+
+// In this example, we test the MyString class (a simple string).
+
+// Tests the default c'tor.
+TEST(MyString, DefaultConstructor) {
+  const MyString s;
+
+  // Asserts that s.c_string() returns NULL.
+  //
+  // <TechnicalDetails>
+  //
+  // If we write NULL instead of
+  //
+  //   static_cast<const char *>(NULL)
+  //
+  // in this assertion, it will generate a warning on gcc 3.4.  The
+  // reason is that EXPECT_EQ needs to know the types of its
+  // arguments in order to print them when it fails.  Since NULL is
+  // #defined as 0, the compiler will use the formatter function for
+  // int to print it.  However, gcc thinks that NULL should be used as
+  // a pointer, not an int, and therefore complains.
+  //
+  // The root of the problem is C++'s lack of distinction between the
+  // integer number 0 and the null pointer constant.  Unfortunately,
+  // we have to live with this fact.
+  //
+  // </TechnicalDetails>
+  EXPECT_STREQ(NULL, s.c_string());
+
+  EXPECT_EQ(0u, s.Length());
+}
+
+const char kHelloString[] = "Hello, world!";
+
+// Tests the c'tor that accepts a C string.
+TEST(MyString, ConstructorFromCString) {
+  const MyString s(kHelloString);
+  EXPECT_EQ(0, strcmp(s.c_string(), kHelloString));
+  EXPECT_EQ(sizeof(kHelloString)/sizeof(kHelloString[0]) - 1,
+            s.Length());
+}
+
+// Tests the copy c'tor.
+TEST(MyString, CopyConstructor) {
+  const MyString s1(kHelloString);
+  const MyString s2 = s1;
+  EXPECT_EQ(0, strcmp(s2.c_string(), kHelloString));
+}
+
+// Tests the Set method.
+TEST(MyString, Set) {
+  MyString s;
+
+  s.Set(kHelloString);
+  EXPECT_EQ(0, strcmp(s.c_string(), kHelloString));
+
+  // Set should work when the input pointer is the same as the one
+  // already in the MyString object.
+  s.Set(s.c_string());
+  EXPECT_EQ(0, strcmp(s.c_string(), kHelloString));
+
+  // Can we set the MyString to NULL?
+  s.Set(NULL);
+  EXPECT_STREQ(NULL, s.c_string());
+}
diff --git a/nss/gtests/google_test/gtest/samples/sample3-inl.h b/nss/gtests/google_test/gtest/samples/sample3-inl.h
new file mode 100644
index 0000000..7e3084d
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample3-inl.h
@@ -0,0 +1,172 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE3_INL_H_
+#define GTEST_SAMPLES_SAMPLE3_INL_H_
+
+#include <stddef.h>
+
+
+// Queue is a simple queue implemented as a singled-linked list.
+//
+// The element type must support copy constructor.
+template <typename E>  // E is the element type
+class Queue;
+
+// QueueNode is a node in a Queue, which consists of an element of
+// type E and a pointer to the next node.
+template <typename E>  // E is the element type
+class QueueNode {
+  friend class Queue<E>;
+
+ public:
+  // Gets the element in this node.
+  const E& element() const { return element_; }
+
+  // Gets the next node in the queue.
+  QueueNode* next() { return next_; }
+  const QueueNode* next() const { return next_; }
+
+ private:
+  // Creates a node with a given element value.  The next pointer is
+  // set to NULL.
+  explicit QueueNode(const E& an_element) : element_(an_element), next_(NULL) {}
+
+  // We disable the default assignment operator and copy c'tor.
+  const QueueNode& operator = (const QueueNode&);
+  QueueNode(const QueueNode&);
+
+  E element_;
+  QueueNode* next_;
+};
+
+template <typename E>  // E is the element type.
+class Queue {
+ public:
+  // Creates an empty queue.
+  Queue() : head_(NULL), last_(NULL), size_(0) {}
+
+  // D'tor.  Clears the queue.
+  ~Queue() { Clear(); }
+
+  // Clears the queue.
+  void Clear() {
+    if (size_ > 0) {
+      // 1. Deletes every node.
+      QueueNode<E>* node = head_;
+      QueueNode<E>* next = node->next();
+      for (; ;) {
+        delete node;
+        node = next;
+        if (node == NULL) break;
+        next = node->next();
+      }
+
+      // 2. Resets the member variables.
+      head_ = last_ = NULL;
+      size_ = 0;
+    }
+  }
+
+  // Gets the number of elements.
+  size_t Size() const { return size_; }
+
+  // Gets the first element of the queue, or NULL if the queue is empty.
+  QueueNode<E>* Head() { return head_; }
+  const QueueNode<E>* Head() const { return head_; }
+
+  // Gets the last element of the queue, or NULL if the queue is empty.
+  QueueNode<E>* Last() { return last_; }
+  const QueueNode<E>* Last() const { return last_; }
+
+  // Adds an element to the end of the queue.  A copy of the element is
+  // created using the copy constructor, and then stored in the queue.
+  // Changes made to the element in the queue doesn't affect the source
+  // object, and vice versa.
+  void Enqueue(const E& element) {
+    QueueNode<E>* new_node = new QueueNode<E>(element);
+
+    if (size_ == 0) {
+      head_ = last_ = new_node;
+      size_ = 1;
+    } else {
+      last_->next_ = new_node;
+      last_ = new_node;
+      size_++;
+    }
+  }
+
+  // Removes the head of the queue and returns it.  Returns NULL if
+  // the queue is empty.
+  E* Dequeue() {
+    if (size_ == 0) {
+      return NULL;
+    }
+
+    const QueueNode<E>* const old_head = head_;
+    head_ = head_->next_;
+    size_--;
+    if (size_ == 0) {
+      last_ = NULL;
+    }
+
+    E* element = new E(old_head->element());
+    delete old_head;
+
+    return element;
+  }
+
+  // Applies a function/functor on each element of the queue, and
+  // returns the result in a new queue.  The original queue is not
+  // affected.
+  template <typename F>
+  Queue* Map(F function) const {
+    Queue* new_queue = new Queue();
+    for (const QueueNode<E>* node = head_; node != NULL; node = node->next_) {
+      new_queue->Enqueue(function(node->element()));
+    }
+
+    return new_queue;
+  }
+
+ private:
+  QueueNode<E>* head_;  // The first node of the queue.
+  QueueNode<E>* last_;  // The last node of the queue.
+  size_t size_;  // The number of elements in the queue.
+
+  // We disallow copying a queue.
+  Queue(const Queue&);
+  const Queue& operator = (const Queue&);
+};
+
+#endif  // GTEST_SAMPLES_SAMPLE3_INL_H_
diff --git a/nss/gtests/google_test/gtest/samples/sample3_unittest.cc b/nss/gtests/google_test/gtest/samples/sample3_unittest.cc
new file mode 100644
index 0000000..bf3877d
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample3_unittest.cc
@@ -0,0 +1,151 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+
+// In this example, we use a more advanced feature of Google Test called
+// test fixture.
+//
+// A test fixture is a place to hold objects and functions shared by
+// all tests in a test case.  Using a test fixture avoids duplicating
+// the test code necessary to initialize and cleanup those common
+// objects for each test.  It is also useful for defining sub-routines
+// that your tests need to invoke a lot.
+//
+// <TechnicalDetails>
+//
+// The tests share the test fixture in the sense of code sharing, not
+// data sharing.  Each test is given its own fresh copy of the
+// fixture.  You cannot expect the data modified by one test to be
+// passed on to another test, which is a bad idea.
+//
+// The reason for this design is that tests should be independent and
+// repeatable.  In particular, a test should not fail as the result of
+// another test's failure.  If one test depends on info produced by
+// another test, then the two tests should really be one big test.
+//
+// The macros for indicating the success/failure of a test
+// (EXPECT_TRUE, FAIL, etc) need to know what the current test is
+// (when Google Test prints the test result, it tells you which test
+// each failure belongs to).  Technically, these macros invoke a
+// member function of the Test class.  Therefore, you cannot use them
+// in a global function.  That's why you should put test sub-routines
+// in a test fixture.
+//
+// </TechnicalDetails>
+
+#include "sample3-inl.h"
+#include "gtest/gtest.h"
+
+// To use a test fixture, derive a class from testing::Test.
+class QueueTest : public testing::Test {
+ protected:  // You should make the members protected s.t. they can be
+             // accessed from sub-classes.
+
+  // virtual void SetUp() will be called before each test is run.  You
+  // should define it if you need to initialize the varaibles.
+  // Otherwise, this can be skipped.
+  virtual void SetUp() {
+    q1_.Enqueue(1);
+    q2_.Enqueue(2);
+    q2_.Enqueue(3);
+  }
+
+  // virtual void TearDown() will be called after each test is run.
+  // You should define it if there is cleanup work to do.  Otherwise,
+  // you don't have to provide it.
+  //
+  // virtual void TearDown() {
+  // }
+
+  // A helper function that some test uses.
+  static int Double(int n) {
+    return 2*n;
+  }
+
+  // A helper function for testing Queue::Map().
+  void MapTester(const Queue<int> * q) {
+    // Creates a new queue, where each element is twice as big as the
+    // corresponding one in q.
+    const Queue<int> * const new_q = q->Map(Double);
+
+    // Verifies that the new queue has the same size as q.
+    ASSERT_EQ(q->Size(), new_q->Size());
+
+    // Verifies the relationship between the elements of the two queues.
+    for ( const QueueNode<int> * n1 = q->Head(), * n2 = new_q->Head();
+          n1 != NULL; n1 = n1->next(), n2 = n2->next() ) {
+      EXPECT_EQ(2 * n1->element(), n2->element());
+    }
+
+    delete new_q;
+  }
+
+  // Declares the variables your tests want to use.
+  Queue<int> q0_;
+  Queue<int> q1_;
+  Queue<int> q2_;
+};
+
+// When you have a test fixture, you define a test using TEST_F
+// instead of TEST.
+
+// Tests the default c'tor.
+TEST_F(QueueTest, DefaultConstructor) {
+  // You can access data in the test fixture here.
+  EXPECT_EQ(0u, q0_.Size());
+}
+
+// Tests Dequeue().
+TEST_F(QueueTest, Dequeue) {
+  int * n = q0_.Dequeue();
+  EXPECT_TRUE(n == NULL);
+
+  n = q1_.Dequeue();
+  ASSERT_TRUE(n != NULL);
+  EXPECT_EQ(1, *n);
+  EXPECT_EQ(0u, q1_.Size());
+  delete n;
+
+  n = q2_.Dequeue();
+  ASSERT_TRUE(n != NULL);
+  EXPECT_EQ(2, *n);
+  EXPECT_EQ(1u, q2_.Size());
+  delete n;
+}
+
+// Tests the Queue::Map() function.
+TEST_F(QueueTest, Map) {
+  MapTester(&q0_);
+  MapTester(&q1_);
+  MapTester(&q2_);
+}
diff --git a/nss/gtests/google_test/gtest/samples/sample4.cc b/nss/gtests/google_test/gtest/samples/sample4.cc
new file mode 100644
index 0000000..ae44bda
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample4.cc
@@ -0,0 +1,46 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include <stdio.h>
+
+#include "sample4.h"
+
+// Returns the current counter value, and increments it.
+int Counter::Increment() {
+  return counter_++;
+}
+
+// Prints the current counter value to STDOUT.
+void Counter::Print() const {
+  printf("%d", counter_);
+}
diff --git a/nss/gtests/google_test/gtest/samples/sample4.h b/nss/gtests/google_test/gtest/samples/sample4.h
new file mode 100644
index 0000000..cd60f0d
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample4.h
@@ -0,0 +1,53 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// A sample program demonstrating using Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_SAMPLES_SAMPLE4_H_
+#define GTEST_SAMPLES_SAMPLE4_H_
+
+// A simple monotonic counter.
+class Counter {
+ private:
+  int counter_;
+
+ public:
+  // Creates a counter that starts at 0.
+  Counter() : counter_(0) {}
+
+  // Returns the current counter value, and increments it.
+  int Increment();
+
+  // Prints the current counter value to STDOUT.
+  void Print() const;
+};
+
+#endif  // GTEST_SAMPLES_SAMPLE4_H_
diff --git a/nss/gtests/google_test/gtest/samples/sample4_unittest.cc b/nss/gtests/google_test/gtest/samples/sample4_unittest.cc
new file mode 100644
index 0000000..fa5afc7
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample4_unittest.cc
@@ -0,0 +1,45 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+#include "sample4.h"
+
+// Tests the Increment() method.
+TEST(Counter, Increment) {
+  Counter c;
+
+  // EXPECT_EQ() evaluates its arguments exactly once, so they
+  // can have side effects.
+
+  EXPECT_EQ(0, c.Increment());
+  EXPECT_EQ(1, c.Increment());
+  EXPECT_EQ(2, c.Increment());
+}
diff --git a/nss/gtests/google_test/gtest/samples/sample5_unittest.cc b/nss/gtests/google_test/gtest/samples/sample5_unittest.cc
new file mode 100644
index 0000000..43d8e57
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample5_unittest.cc
@@ -0,0 +1,199 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// This sample teaches how to reuse a test fixture in multiple test
+// cases by deriving sub-fixtures from it.
+//
+// When you define a test fixture, you specify the name of the test
+// case that will use this fixture.  Therefore, a test fixture can
+// be used by only one test case.
+//
+// Sometimes, more than one test cases may want to use the same or
+// slightly different test fixtures.  For example, you may want to
+// make sure that all tests for a GUI library don't leak important
+// system resources like fonts and brushes.  In Google Test, you do
+// this by putting the shared logic in a super (as in "super class")
+// test fixture, and then have each test case use a fixture derived
+// from this super fixture.
+
+#include <limits.h>
+#include <time.h>
+#include "sample3-inl.h"
+#include "gtest/gtest.h"
+#include "sample1.h"
+
+// In this sample, we want to ensure that every test finishes within
+// ~5 seconds.  If a test takes longer to run, we consider it a
+// failure.
+//
+// We put the code for timing a test in a test fixture called
+// "QuickTest".  QuickTest is intended to be the super fixture that
+// other fixtures derive from, therefore there is no test case with
+// the name "QuickTest".  This is OK.
+//
+// Later, we will derive multiple test fixtures from QuickTest.
+class QuickTest : public testing::Test {
+ protected:
+  // Remember that SetUp() is run immediately before a test starts.
+  // This is a good place to record the start time.
+  virtual void SetUp() {
+    start_time_ = time(NULL);
+  }
+
+  // TearDown() is invoked immediately after a test finishes.  Here we
+  // check if the test was too slow.
+  virtual void TearDown() {
+    // Gets the time when the test finishes
+    const time_t end_time = time(NULL);
+
+    // Asserts that the test took no more than ~5 seconds.  Did you
+    // know that you can use assertions in SetUp() and TearDown() as
+    // well?
+    EXPECT_TRUE(end_time - start_time_ <= 5) << "The test took too long.";
+  }
+
+  // The UTC time (in seconds) when the test starts
+  time_t start_time_;
+};
+
+
+// We derive a fixture named IntegerFunctionTest from the QuickTest
+// fixture.  All tests using this fixture will be automatically
+// required to be quick.
+class IntegerFunctionTest : public QuickTest {
+  // We don't need any more logic than already in the QuickTest fixture.
+  // Therefore the body is empty.
+};
+
+
+// Now we can write tests in the IntegerFunctionTest test case.
+
+// Tests Factorial()
+TEST_F(IntegerFunctionTest, Factorial) {
+  // Tests factorial of negative numbers.
+  EXPECT_EQ(1, Factorial(-5));
+  EXPECT_EQ(1, Factorial(-1));
+  EXPECT_GT(Factorial(-10), 0);
+
+  // Tests factorial of 0.
+  EXPECT_EQ(1, Factorial(0));
+
+  // Tests factorial of positive numbers.
+  EXPECT_EQ(1, Factorial(1));
+  EXPECT_EQ(2, Factorial(2));
+  EXPECT_EQ(6, Factorial(3));
+  EXPECT_EQ(40320, Factorial(8));
+}
+
+
+// Tests IsPrime()
+TEST_F(IntegerFunctionTest, IsPrime) {
+  // Tests negative input.
+  EXPECT_FALSE(IsPrime(-1));
+  EXPECT_FALSE(IsPrime(-2));
+  EXPECT_FALSE(IsPrime(INT_MIN));
+
+  // Tests some trivial cases.
+  EXPECT_FALSE(IsPrime(0));
+  EXPECT_FALSE(IsPrime(1));
+  EXPECT_TRUE(IsPrime(2));
+  EXPECT_TRUE(IsPrime(3));
+
+  // Tests positive input.
+  EXPECT_FALSE(IsPrime(4));
+  EXPECT_TRUE(IsPrime(5));
+  EXPECT_FALSE(IsPrime(6));
+  EXPECT_TRUE(IsPrime(23));
+}
+
+
+// The next test case (named "QueueTest") also needs to be quick, so
+// we derive another fixture from QuickTest.
+//
+// The QueueTest test fixture has some logic and shared objects in
+// addition to what's in QuickTest already.  We define the additional
+// stuff inside the body of the test fixture, as usual.
+class QueueTest : public QuickTest {
+ protected:
+  virtual void SetUp() {
+    // First, we need to set up the super fixture (QuickTest).
+    QuickTest::SetUp();
+
+    // Second, some additional setup for this fixture.
+    q1_.Enqueue(1);
+    q2_.Enqueue(2);
+    q2_.Enqueue(3);
+  }
+
+  // By default, TearDown() inherits the behavior of
+  // QuickTest::TearDown().  As we have no additional cleaning work
+  // for QueueTest, we omit it here.
+  //
+  // virtual void TearDown() {
+  //   QuickTest::TearDown();
+  // }
+
+  Queue<int> q0_;
+  Queue<int> q1_;
+  Queue<int> q2_;
+};
+
+
+// Now, let's write tests using the QueueTest fixture.
+
+// Tests the default constructor.
+TEST_F(QueueTest, DefaultConstructor) {
+  EXPECT_EQ(0u, q0_.Size());
+}
+
+// Tests Dequeue().
+TEST_F(QueueTest, Dequeue) {
+  int* n = q0_.Dequeue();
+  EXPECT_TRUE(n == NULL);
+
+  n = q1_.Dequeue();
+  EXPECT_TRUE(n != NULL);
+  EXPECT_EQ(1, *n);
+  EXPECT_EQ(0u, q1_.Size());
+  delete n;
+
+  n = q2_.Dequeue();
+  EXPECT_TRUE(n != NULL);
+  EXPECT_EQ(2, *n);
+  EXPECT_EQ(1u, q2_.Size());
+  delete n;
+}
+
+// If necessary, you can derive further test fixtures from a derived
+// fixture itself.  For example, you can derive another fixture from
+// QueueTest.  Google Test imposes no limit on how deep the hierarchy
+// can be.  In practice, however, you probably don't want it to be too
+// deep as to be confusing.
diff --git a/nss/gtests/google_test/gtest/samples/sample6_unittest.cc b/nss/gtests/google_test/gtest/samples/sample6_unittest.cc
new file mode 100644
index 0000000..8f2036a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample6_unittest.cc
@@ -0,0 +1,224 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// This sample shows how to test common properties of multiple
+// implementations of the same interface (aka interface tests).
+
+// The interface and its implementations are in this header.
+#include "prime_tables.h"
+
+#include "gtest/gtest.h"
+
+// First, we define some factory functions for creating instances of
+// the implementations.  You may be able to skip this step if all your
+// implementations can be constructed the same way.
+
+template <class T>
+PrimeTable* CreatePrimeTable();
+
+template <>
+PrimeTable* CreatePrimeTable<OnTheFlyPrimeTable>() {
+  return new OnTheFlyPrimeTable;
+}
+
+template <>
+PrimeTable* CreatePrimeTable<PreCalculatedPrimeTable>() {
+  return new PreCalculatedPrimeTable(10000);
+}
+
+// Then we define a test fixture class template.
+template <class T>
+class PrimeTableTest : public testing::Test {
+ protected:
+  // The ctor calls the factory function to create a prime table
+  // implemented by T.
+  PrimeTableTest() : table_(CreatePrimeTable<T>()) {}
+
+  virtual ~PrimeTableTest() { delete table_; }
+
+  // Note that we test an implementation via the base interface
+  // instead of the actual implementation class.  This is important
+  // for keeping the tests close to the real world scenario, where the
+  // implementation is invoked via the base interface.  It avoids
+  // got-yas where the implementation class has a method that shadows
+  // a method with the same name (but slightly different argument
+  // types) in the base interface, for example.
+  PrimeTable* const table_;
+};
+
+#if GTEST_HAS_TYPED_TEST
+
+using testing::Types;
+
+// Google Test offers two ways for reusing tests for different types.
+// The first is called "typed tests".  You should use it if you
+// already know *all* the types you are gonna exercise when you write
+// the tests.
+
+// To write a typed test case, first use
+//
+//   TYPED_TEST_CASE(TestCaseName, TypeList);
+//
+// to declare it and specify the type parameters.  As with TEST_F,
+// TestCaseName must match the test fixture name.
+
+// The list of types we want to test.
+typedef Types<OnTheFlyPrimeTable, PreCalculatedPrimeTable> Implementations;
+
+TYPED_TEST_CASE(PrimeTableTest, Implementations);
+
+// Then use TYPED_TEST(TestCaseName, TestName) to define a typed test,
+// similar to TEST_F.
+TYPED_TEST(PrimeTableTest, ReturnsFalseForNonPrimes) {
+  // Inside the test body, you can refer to the type parameter by
+  // TypeParam, and refer to the fixture class by TestFixture.  We
+  // don't need them in this example.
+
+  // Since we are in the template world, C++ requires explicitly
+  // writing 'this->' when referring to members of the fixture class.
+  // This is something you have to learn to live with.
+  EXPECT_FALSE(this->table_->IsPrime(-5));
+  EXPECT_FALSE(this->table_->IsPrime(0));
+  EXPECT_FALSE(this->table_->IsPrime(1));
+  EXPECT_FALSE(this->table_->IsPrime(4));
+  EXPECT_FALSE(this->table_->IsPrime(6));
+  EXPECT_FALSE(this->table_->IsPrime(100));
+}
+
+TYPED_TEST(PrimeTableTest, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(this->table_->IsPrime(2));
+  EXPECT_TRUE(this->table_->IsPrime(3));
+  EXPECT_TRUE(this->table_->IsPrime(5));
+  EXPECT_TRUE(this->table_->IsPrime(7));
+  EXPECT_TRUE(this->table_->IsPrime(11));
+  EXPECT_TRUE(this->table_->IsPrime(131));
+}
+
+TYPED_TEST(PrimeTableTest, CanGetNextPrime) {
+  EXPECT_EQ(2, this->table_->GetNextPrime(0));
+  EXPECT_EQ(3, this->table_->GetNextPrime(2));
+  EXPECT_EQ(5, this->table_->GetNextPrime(3));
+  EXPECT_EQ(7, this->table_->GetNextPrime(5));
+  EXPECT_EQ(11, this->table_->GetNextPrime(7));
+  EXPECT_EQ(131, this->table_->GetNextPrime(128));
+}
+
+// That's it!  Google Test will repeat each TYPED_TEST for each type
+// in the type list specified in TYPED_TEST_CASE.  Sit back and be
+// happy that you don't have to define them multiple times.
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+#if GTEST_HAS_TYPED_TEST_P
+
+using testing::Types;
+
+// Sometimes, however, you don't yet know all the types that you want
+// to test when you write the tests.  For example, if you are the
+// author of an interface and expect other people to implement it, you
+// might want to write a set of tests to make sure each implementation
+// conforms to some basic requirements, but you don't know what
+// implementations will be written in the future.
+//
+// How can you write the tests without committing to the type
+// parameters?  That's what "type-parameterized tests" can do for you.
+// It is a bit more involved than typed tests, but in return you get a
+// test pattern that can be reused in many contexts, which is a big
+// win.  Here's how you do it:
+
+// First, define a test fixture class template.  Here we just reuse
+// the PrimeTableTest fixture defined earlier:
+
+template <class T>
+class PrimeTableTest2 : public PrimeTableTest<T> {
+};
+
+// Then, declare the test case.  The argument is the name of the test
+// fixture, and also the name of the test case (as usual).  The _P
+// suffix is for "parameterized" or "pattern".
+TYPED_TEST_CASE_P(PrimeTableTest2);
+
+// Next, use TYPED_TEST_P(TestCaseName, TestName) to define a test,
+// similar to what you do with TEST_F.
+TYPED_TEST_P(PrimeTableTest2, ReturnsFalseForNonPrimes) {
+  EXPECT_FALSE(this->table_->IsPrime(-5));
+  EXPECT_FALSE(this->table_->IsPrime(0));
+  EXPECT_FALSE(this->table_->IsPrime(1));
+  EXPECT_FALSE(this->table_->IsPrime(4));
+  EXPECT_FALSE(this->table_->IsPrime(6));
+  EXPECT_FALSE(this->table_->IsPrime(100));
+}
+
+TYPED_TEST_P(PrimeTableTest2, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(this->table_->IsPrime(2));
+  EXPECT_TRUE(this->table_->IsPrime(3));
+  EXPECT_TRUE(this->table_->IsPrime(5));
+  EXPECT_TRUE(this->table_->IsPrime(7));
+  EXPECT_TRUE(this->table_->IsPrime(11));
+  EXPECT_TRUE(this->table_->IsPrime(131));
+}
+
+TYPED_TEST_P(PrimeTableTest2, CanGetNextPrime) {
+  EXPECT_EQ(2, this->table_->GetNextPrime(0));
+  EXPECT_EQ(3, this->table_->GetNextPrime(2));
+  EXPECT_EQ(5, this->table_->GetNextPrime(3));
+  EXPECT_EQ(7, this->table_->GetNextPrime(5));
+  EXPECT_EQ(11, this->table_->GetNextPrime(7));
+  EXPECT_EQ(131, this->table_->GetNextPrime(128));
+}
+
+// Type-parameterized tests involve one extra step: you have to
+// enumerate the tests you defined:
+REGISTER_TYPED_TEST_CASE_P(
+    PrimeTableTest2,  // The first argument is the test case name.
+    // The rest of the arguments are the test names.
+    ReturnsFalseForNonPrimes, ReturnsTrueForPrimes, CanGetNextPrime);
+
+// At this point the test pattern is done.  However, you don't have
+// any real test yet as you haven't said which types you want to run
+// the tests with.
+
+// To turn the abstract test pattern into real tests, you instantiate
+// it with a list of types.  Usually the test pattern will be defined
+// in a .h file, and anyone can #include and instantiate it.  You can
+// even instantiate it more than once in the same program.  To tell
+// different instances apart, you give each of them a name, which will
+// become part of the test case name and can be used in test filters.
+
+// The list of types we want to test.  Note that it doesn't have to be
+// defined at the time we write the TYPED_TEST_P()s.
+typedef Types<OnTheFlyPrimeTable, PreCalculatedPrimeTable>
+    PrimeTableImplementations;
+INSTANTIATE_TYPED_TEST_CASE_P(OnTheFlyAndPreCalculated,    // Instance name
+                              PrimeTableTest2,             // Test case name
+                              PrimeTableImplementations);  // Type list
+
+#endif  // GTEST_HAS_TYPED_TEST_P
diff --git a/nss/gtests/google_test/gtest/samples/sample7_unittest.cc b/nss/gtests/google_test/gtest/samples/sample7_unittest.cc
new file mode 100644
index 0000000..1b651a2
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample7_unittest.cc
@@ -0,0 +1,130 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to test common properties of multiple
+// implementations of an interface (aka interface tests) using
+// value-parameterized tests. Each test in the test case has
+// a parameter that is an interface pointer to an implementation
+// tested.
+
+// The interface and its implementations are in this header.
+#include "prime_tables.h"
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+using ::testing::TestWithParam;
+using ::testing::Values;
+
+// As a general rule, to prevent a test from affecting the tests that come
+// after it, you should create and destroy the tested objects for each test
+// instead of reusing them.  In this sample we will define a simple factory
+// function for PrimeTable objects.  We will instantiate objects in test's
+// SetUp() method and delete them in TearDown() method.
+typedef PrimeTable* CreatePrimeTableFunc();
+
+PrimeTable* CreateOnTheFlyPrimeTable() {
+  return new OnTheFlyPrimeTable();
+}
+
+template <size_t max_precalculated>
+PrimeTable* CreatePreCalculatedPrimeTable() {
+  return new PreCalculatedPrimeTable(max_precalculated);
+}
+
+// Inside the test body, fixture constructor, SetUp(), and TearDown() you
+// can refer to the test parameter by GetParam().  In this case, the test
+// parameter is a factory function which we call in fixture's SetUp() to
+// create and store an instance of PrimeTable.
+class PrimeTableTest : public TestWithParam<CreatePrimeTableFunc*> {
+ public:
+  virtual ~PrimeTableTest() { delete table_; }
+  virtual void SetUp() { table_ = (*GetParam())(); }
+  virtual void TearDown() {
+    delete table_;
+    table_ = NULL;
+  }
+
+ protected:
+  PrimeTable* table_;
+};
+
+TEST_P(PrimeTableTest, ReturnsFalseForNonPrimes) {
+  EXPECT_FALSE(table_->IsPrime(-5));
+  EXPECT_FALSE(table_->IsPrime(0));
+  EXPECT_FALSE(table_->IsPrime(1));
+  EXPECT_FALSE(table_->IsPrime(4));
+  EXPECT_FALSE(table_->IsPrime(6));
+  EXPECT_FALSE(table_->IsPrime(100));
+}
+
+TEST_P(PrimeTableTest, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(table_->IsPrime(2));
+  EXPECT_TRUE(table_->IsPrime(3));
+  EXPECT_TRUE(table_->IsPrime(5));
+  EXPECT_TRUE(table_->IsPrime(7));
+  EXPECT_TRUE(table_->IsPrime(11));
+  EXPECT_TRUE(table_->IsPrime(131));
+}
+
+TEST_P(PrimeTableTest, CanGetNextPrime) {
+  EXPECT_EQ(2, table_->GetNextPrime(0));
+  EXPECT_EQ(3, table_->GetNextPrime(2));
+  EXPECT_EQ(5, table_->GetNextPrime(3));
+  EXPECT_EQ(7, table_->GetNextPrime(5));
+  EXPECT_EQ(11, table_->GetNextPrime(7));
+  EXPECT_EQ(131, table_->GetNextPrime(128));
+}
+
+// In order to run value-parameterized tests, you need to instantiate them,
+// or bind them to a list of values which will be used as test parameters.
+// You can instantiate them in a different translation module, or even
+// instantiate them several times.
+//
+// Here, we instantiate our tests with a list of two PrimeTable object
+// factory functions:
+INSTANTIATE_TEST_CASE_P(
+    OnTheFlyAndPreCalculated,
+    PrimeTableTest,
+    Values(&CreateOnTheFlyPrimeTable, &CreatePreCalculatedPrimeTable<1000>));
+
+#else
+
+// Google Test may not support value-parameterized tests with some
+// compilers. If we use conditional compilation to compile out all
+// code referring to the gtest_main library, MSVC linker will not link
+// that library at all and consequently complain about missing entry
+// point defined in that library (fatal error LNK1561: entry point
+// must be defined). This dummy test keeps gtest_main linked in.
+TEST(DummyTest, ValueParameterizedTestsAreNotSupportedOnThisPlatform) {}
+
+#endif  // GTEST_HAS_PARAM_TEST
diff --git a/nss/gtests/google_test/gtest/samples/sample8_unittest.cc b/nss/gtests/google_test/gtest/samples/sample8_unittest.cc
new file mode 100644
index 0000000..7274334
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample8_unittest.cc
@@ -0,0 +1,173 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to test code relying on some global flag variables.
+// Combine() helps with generating all possible combinations of such flags,
+// and each test is given one combination as a parameter.
+
+// Use class definitions to test from this header.
+#include "prime_tables.h"
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_COMBINE
+
+// Suppose we want to introduce a new, improved implementation of PrimeTable
+// which combines speed of PrecalcPrimeTable and versatility of
+// OnTheFlyPrimeTable (see prime_tables.h). Inside it instantiates both
+// PrecalcPrimeTable and OnTheFlyPrimeTable and uses the one that is more
+// appropriate under the circumstances. But in low memory conditions, it can be
+// told to instantiate without PrecalcPrimeTable instance at all and use only
+// OnTheFlyPrimeTable.
+class HybridPrimeTable : public PrimeTable {
+ public:
+  HybridPrimeTable(bool force_on_the_fly, int max_precalculated)
+      : on_the_fly_impl_(new OnTheFlyPrimeTable),
+        precalc_impl_(force_on_the_fly ? NULL :
+                          new PreCalculatedPrimeTable(max_precalculated)),
+        max_precalculated_(max_precalculated) {}
+  virtual ~HybridPrimeTable() {
+    delete on_the_fly_impl_;
+    delete precalc_impl_;
+  }
+
+  virtual bool IsPrime(int n) const {
+    if (precalc_impl_ != NULL && n < max_precalculated_)
+      return precalc_impl_->IsPrime(n);
+    else
+      return on_the_fly_impl_->IsPrime(n);
+  }
+
+  virtual int GetNextPrime(int p) const {
+    int next_prime = -1;
+    if (precalc_impl_ != NULL && p < max_precalculated_)
+      next_prime = precalc_impl_->GetNextPrime(p);
+
+    return next_prime != -1 ? next_prime : on_the_fly_impl_->GetNextPrime(p);
+  }
+
+ private:
+  OnTheFlyPrimeTable* on_the_fly_impl_;
+  PreCalculatedPrimeTable* precalc_impl_;
+  int max_precalculated_;
+};
+
+using ::testing::TestWithParam;
+using ::testing::Bool;
+using ::testing::Values;
+using ::testing::Combine;
+
+// To test all code paths for HybridPrimeTable we must test it with numbers
+// both within and outside PreCalculatedPrimeTable's capacity and also with
+// PreCalculatedPrimeTable disabled. We do this by defining fixture which will
+// accept different combinations of parameters for instantiating a
+// HybridPrimeTable instance.
+class PrimeTableTest : public TestWithParam< ::testing::tuple<bool, int> > {
+ protected:
+  virtual void SetUp() {
+    // This can be written as
+    //
+    // bool force_on_the_fly;
+    // int max_precalculated;
+    // tie(force_on_the_fly, max_precalculated) = GetParam();
+    //
+    // once the Google C++ Style Guide allows use of ::std::tr1::tie.
+    //
+    bool force_on_the_fly = ::testing::get<0>(GetParam());
+    int max_precalculated = ::testing::get<1>(GetParam());
+    table_ = new HybridPrimeTable(force_on_the_fly, max_precalculated);
+  }
+  virtual void TearDown() {
+    delete table_;
+    table_ = NULL;
+  }
+  HybridPrimeTable* table_;
+};
+
+TEST_P(PrimeTableTest, ReturnsFalseForNonPrimes) {
+  // Inside the test body, you can refer to the test parameter by GetParam().
+  // In this case, the test parameter is a PrimeTable interface pointer which
+  // we can use directly.
+  // Please note that you can also save it in the fixture's SetUp() method
+  // or constructor and use saved copy in the tests.
+
+  EXPECT_FALSE(table_->IsPrime(-5));
+  EXPECT_FALSE(table_->IsPrime(0));
+  EXPECT_FALSE(table_->IsPrime(1));
+  EXPECT_FALSE(table_->IsPrime(4));
+  EXPECT_FALSE(table_->IsPrime(6));
+  EXPECT_FALSE(table_->IsPrime(100));
+}
+
+TEST_P(PrimeTableTest, ReturnsTrueForPrimes) {
+  EXPECT_TRUE(table_->IsPrime(2));
+  EXPECT_TRUE(table_->IsPrime(3));
+  EXPECT_TRUE(table_->IsPrime(5));
+  EXPECT_TRUE(table_->IsPrime(7));
+  EXPECT_TRUE(table_->IsPrime(11));
+  EXPECT_TRUE(table_->IsPrime(131));
+}
+
+TEST_P(PrimeTableTest, CanGetNextPrime) {
+  EXPECT_EQ(2, table_->GetNextPrime(0));
+  EXPECT_EQ(3, table_->GetNextPrime(2));
+  EXPECT_EQ(5, table_->GetNextPrime(3));
+  EXPECT_EQ(7, table_->GetNextPrime(5));
+  EXPECT_EQ(11, table_->GetNextPrime(7));
+  EXPECT_EQ(131, table_->GetNextPrime(128));
+}
+
+// In order to run value-parameterized tests, you need to instantiate them,
+// or bind them to a list of values which will be used as test parameters.
+// You can instantiate them in a different translation module, or even
+// instantiate them several times.
+//
+// Here, we instantiate our tests with a list of parameters. We must combine
+// all variations of the boolean flag suppressing PrecalcPrimeTable and some
+// meaningful values for tests. We choose a small value (1), and a value that
+// will put some of the tested numbers beyond the capability of the
+// PrecalcPrimeTable instance and some inside it (10). Combine will produce all
+// possible combinations.
+INSTANTIATE_TEST_CASE_P(MeaningfulTestParameters,
+                        PrimeTableTest,
+                        Combine(Bool(), Values(1, 10)));
+
+#else
+
+// Google Test may not support Combine() with some compilers. If we
+// use conditional compilation to compile out all code referring to
+// the gtest_main library, MSVC linker will not link that library at
+// all and consequently complain about missing entry point defined in
+// that library (fatal error LNK1561: entry point must be
+// defined). This dummy test keeps gtest_main linked in.
+TEST(DummyTest, CombineIsNotSupportedOnThisPlatform) {}
+
+#endif  // GTEST_HAS_COMBINE
diff --git a/nss/gtests/google_test/gtest/samples/sample9_unittest.cc b/nss/gtests/google_test/gtest/samples/sample9_unittest.cc
new file mode 100644
index 0000000..b2e2079
--- /dev/null
+++ b/nss/gtests/google_test/gtest/samples/sample9_unittest.cc
@@ -0,0 +1,160 @@
+// Copyright 2009 Google Inc. All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+
+// This sample shows how to use Google Test listener API to implement
+// an alternative console output and how to use the UnitTest reflection API
+// to enumerate test cases and tests and to inspect their results.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+using ::testing::EmptyTestEventListener;
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::TestCase;
+using ::testing::TestEventListeners;
+using ::testing::TestInfo;
+using ::testing::TestPartResult;
+using ::testing::UnitTest;
+
+namespace {
+
+// Provides alternative output mode which produces minimal amount of
+// information about tests.
+class TersePrinter : public EmptyTestEventListener {
+ private:
+  // Called before any test activity starts.
+  virtual void OnTestProgramStart(const UnitTest& /* unit_test */) {}
+
+  // Called after all test activities have ended.
+  virtual void OnTestProgramEnd(const UnitTest& unit_test) {
+    fprintf(stdout, "TEST %s\n", unit_test.Passed() ? "PASSED" : "FAILED");
+    fflush(stdout);
+  }
+
+  // Called before a test starts.
+  virtual void OnTestStart(const TestInfo& test_info) {
+    fprintf(stdout,
+            "*** Test %s.%s starting.\n",
+            test_info.test_case_name(),
+            test_info.name());
+    fflush(stdout);
+  }
+
+  // Called after a failed assertion or a SUCCEED() invocation.
+  virtual void OnTestPartResult(const TestPartResult& test_part_result) {
+    fprintf(stdout,
+            "%s in %s:%d\n%s\n",
+            test_part_result.failed() ? "*** Failure" : "Success",
+            test_part_result.file_name(),
+            test_part_result.line_number(),
+            test_part_result.summary());
+    fflush(stdout);
+  }
+
+  // Called after a test ends.
+  virtual void OnTestEnd(const TestInfo& test_info) {
+    fprintf(stdout,
+            "*** Test %s.%s ending.\n",
+            test_info.test_case_name(),
+            test_info.name());
+    fflush(stdout);
+  }
+};  // class TersePrinter
+
+TEST(CustomOutputTest, PrintsMessage) {
+  printf("Printing something from the test body...\n");
+}
+
+TEST(CustomOutputTest, Succeeds) {
+  SUCCEED() << "SUCCEED() has been invoked from here";
+}
+
+TEST(CustomOutputTest, Fails) {
+  EXPECT_EQ(1, 2)
+      << "This test fails in order to demonstrate alternative failure messages";
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  bool terse_output = false;
+  if (argc > 1 && strcmp(argv[1], "--terse_output") == 0 )
+    terse_output = true;
+  else
+    printf("%s\n", "Run this program with --terse_output to change the way "
+           "it prints its output.");
+
+  UnitTest& unit_test = *UnitTest::GetInstance();
+
+  // If we are given the --terse_output command line flag, suppresses the
+  // standard output and attaches own result printer.
+  if (terse_output) {
+    TestEventListeners& listeners = unit_test.listeners();
+
+    // Removes the default console output listener from the list so it will
+    // not receive events from Google Test and won't print any output. Since
+    // this operation transfers ownership of the listener to the caller we
+    // have to delete it as well.
+    delete listeners.Release(listeners.default_result_printer());
+
+    // Adds the custom output listener to the list. It will now receive
+    // events from Google Test and print the alternative output. We don't
+    // have to worry about deleting it since Google Test assumes ownership
+    // over it after adding it to the list.
+    listeners.Append(new TersePrinter);
+  }
+  int ret_val = RUN_ALL_TESTS();
+
+  // This is an example of using the UnitTest reflection API to inspect test
+  // results. Here we discount failures from the tests we expected to fail.
+  int unexpectedly_failed_tests = 0;
+  for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+    const TestCase& test_case = *unit_test.GetTestCase(i);
+    for (int j = 0; j < test_case.total_test_count(); ++j) {
+      const TestInfo& test_info = *test_case.GetTestInfo(j);
+      // Counts failed tests that were not meant to fail (those without
+      // 'Fails' in the name).
+      if (test_info.result()->Failed() &&
+          strcmp(test_info.name(), "Fails") != 0) {
+        unexpectedly_failed_tests++;
+      }
+    }
+  }
+
+  // Test that were meant to fail should not affect the test program outcome.
+  if (unexpectedly_failed_tests == 0)
+    ret_val = 0;
+
+  return ret_val;
+}
diff --git a/nss/gtests/google_test/gtest/scripts/common.py b/nss/gtests/google_test/gtest/scripts/common.py
new file mode 100644
index 0000000..3c0347a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/common.py
@@ -0,0 +1,83 @@
+# Copyright 2013 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Shared utilities for writing scripts for Google Test/Mock."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+
+import os
+import re
+
+
+# Matches the line from 'svn info .' output that describes what SVN
+# path the current local directory corresponds to.  For example, in
+# a googletest SVN workspace's trunk/test directory, the output will be:
+#
+# URL: https://googletest.googlecode.com/svn/trunk/test
+_SVN_INFO_URL_RE = re.compile(r'^URL: https://(\w+)\.googlecode\.com/svn(.*)')
+
+
+def GetCommandOutput(command):
+  """Runs the shell command and returns its stdout as a list of lines."""
+
+  f = os.popen(command, 'r')
+  lines = [line.strip() for line in f.readlines()]
+  f.close()
+  return lines
+
+
+def GetSvnInfo():
+  """Returns the project name and the current SVN workspace's root path."""
+
+  for line in GetCommandOutput('svn info .'):
+    m = _SVN_INFO_URL_RE.match(line)
+    if m:
+      project = m.group(1)  # googletest or googlemock
+      rel_path = m.group(2)
+      root = os.path.realpath(rel_path.count('/') * '../')
+      return project, root
+
+  return None, None
+
+
+def GetSvnTrunk():
+  """Returns the current SVN workspace's trunk root path."""
+
+  _, root = GetSvnInfo()
+  return root + '/trunk' if root else None
+
+
+def IsInGTestSvn():
+  project, _ = GetSvnInfo()
+  return project == 'googletest'
+
+
+def IsInGMockSvn():
+  project, _ = GetSvnInfo()
+  return project == 'googlemock'
diff --git a/nss/gtests/google_test/gtest/scripts/fuse_gtest_files.py b/nss/gtests/google_test/gtest/scripts/fuse_gtest_files.py
new file mode 100755
index 0000000..57ef72f
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/fuse_gtest_files.py
@@ -0,0 +1,250 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""fuse_gtest_files.py v0.2.0
+Fuses Google Test source code into a .h file and a .cc file.
+
+SYNOPSIS
+       fuse_gtest_files.py [GTEST_ROOT_DIR] OUTPUT_DIR
+
+       Scans GTEST_ROOT_DIR for Google Test source code, and generates
+       two files: OUTPUT_DIR/gtest/gtest.h and OUTPUT_DIR/gtest/gtest-all.cc.
+       Then you can build your tests by adding OUTPUT_DIR to the include
+       search path and linking with OUTPUT_DIR/gtest/gtest-all.cc.  These
+       two files contain everything you need to use Google Test.  Hence
+       you can "install" Google Test by copying them to wherever you want.
+
+       GTEST_ROOT_DIR can be omitted and defaults to the parent
+       directory of the directory holding this script.
+
+EXAMPLES
+       ./fuse_gtest_files.py fused_gtest
+       ./fuse_gtest_files.py path/to/unpacked/gtest fused_gtest
+
+This tool is experimental.  In particular, it assumes that there is no
+conditional inclusion of Google Test headers.  Please report any
+problems to googletestframework@googlegroups.com.  You can read
+http://code.google.com/p/googletest/wiki/GoogleTestAdvancedGuide for
+more information.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sets
+import sys
+
+# We assume that this file is in the scripts/ directory in the Google
+# Test root directory.
+DEFAULT_GTEST_ROOT_DIR = os.path.join(os.path.dirname(__file__), '..')
+
+# Regex for matching '#include "gtest/..."'.
+INCLUDE_GTEST_FILE_REGEX = re.compile(r'^\s*#\s*include\s*"(gtest/.+)"')
+
+# Regex for matching '#include "src/..."'.
+INCLUDE_SRC_FILE_REGEX = re.compile(r'^\s*#\s*include\s*"(src/.+)"')
+
+# Where to find the source seed files.
+GTEST_H_SEED = 'include/gtest/gtest.h'
+GTEST_SPI_H_SEED = 'include/gtest/gtest-spi.h'
+GTEST_ALL_CC_SEED = 'src/gtest-all.cc'
+
+# Where to put the generated files.
+GTEST_H_OUTPUT = 'gtest/gtest.h'
+GTEST_ALL_CC_OUTPUT = 'gtest/gtest-all.cc'
+
+
+def VerifyFileExists(directory, relative_path):
+  """Verifies that the given file exists; aborts on failure.
+
+  relative_path is the file path relative to the given directory.
+  """
+
+  if not os.path.isfile(os.path.join(directory, relative_path)):
+    print 'ERROR: Cannot find %s in directory %s.' % (relative_path,
+                                                      directory)
+    print ('Please either specify a valid project root directory '
+           'or omit it on the command line.')
+    sys.exit(1)
+
+
+def ValidateGTestRootDir(gtest_root):
+  """Makes sure gtest_root points to a valid gtest root directory.
+
+  The function aborts the program on failure.
+  """
+
+  VerifyFileExists(gtest_root, GTEST_H_SEED)
+  VerifyFileExists(gtest_root, GTEST_ALL_CC_SEED)
+
+
+def VerifyOutputFile(output_dir, relative_path):
+  """Verifies that the given output file path is valid.
+
+  relative_path is relative to the output_dir directory.
+  """
+
+  # Makes sure the output file either doesn't exist or can be overwritten.
+  output_file = os.path.join(output_dir, relative_path)
+  if os.path.exists(output_file):
+    # TODO(wan@google.com): The following user-interaction doesn't
+    # work with automated processes.  We should provide a way for the
+    # Makefile to force overwriting the files.
+    print ('%s already exists in directory %s - overwrite it? (y/N) ' %
+           (relative_path, output_dir))
+    answer = sys.stdin.readline().strip()
+    if answer not in ['y', 'Y']:
+      print 'ABORTED.'
+      sys.exit(1)
+
+  # Makes sure the directory holding the output file exists; creates
+  # it and all its ancestors if necessary.
+  parent_directory = os.path.dirname(output_file)
+  if not os.path.isdir(parent_directory):
+    os.makedirs(parent_directory)
+
+
+def ValidateOutputDir(output_dir):
+  """Makes sure output_dir points to a valid output directory.
+
+  The function aborts the program on failure.
+  """
+
+  VerifyOutputFile(output_dir, GTEST_H_OUTPUT)
+  VerifyOutputFile(output_dir, GTEST_ALL_CC_OUTPUT)
+
+
+def FuseGTestH(gtest_root, output_dir):
+  """Scans folder gtest_root to generate gtest/gtest.h in output_dir."""
+
+  output_file = file(os.path.join(output_dir, GTEST_H_OUTPUT), 'w')
+  processed_files = sets.Set()  # Holds all gtest headers we've processed.
+
+  def ProcessFile(gtest_header_path):
+    """Processes the given gtest header file."""
+
+    # We don't process the same header twice.
+    if gtest_header_path in processed_files:
+      return
+
+    processed_files.add(gtest_header_path)
+
+    # Reads each line in the given gtest header.
+    for line in file(os.path.join(gtest_root, gtest_header_path), 'r'):
+      m = INCLUDE_GTEST_FILE_REGEX.match(line)
+      if m:
+        # It's '#include "gtest/..."' - let's process it recursively.
+        ProcessFile('include/' + m.group(1))
+      else:
+        # Otherwise we copy the line unchanged to the output file.
+        output_file.write(line)
+
+  ProcessFile(GTEST_H_SEED)
+  output_file.close()
+
+
+def FuseGTestAllCcToFile(gtest_root, output_file):
+  """Scans folder gtest_root to generate gtest/gtest-all.cc in output_file."""
+
+  processed_files = sets.Set()
+
+  def ProcessFile(gtest_source_file):
+    """Processes the given gtest source file."""
+
+    # We don't process the same #included file twice.
+    if gtest_source_file in processed_files:
+      return
+
+    processed_files.add(gtest_source_file)
+
+    # Reads each line in the given gtest source file.
+    for line in file(os.path.join(gtest_root, gtest_source_file), 'r'):
+      m = INCLUDE_GTEST_FILE_REGEX.match(line)
+      if m:
+        if 'include/' + m.group(1) == GTEST_SPI_H_SEED:
+          # It's '#include "gtest/gtest-spi.h"'.  This file is not
+          # #included by "gtest/gtest.h", so we need to process it.
+          ProcessFile(GTEST_SPI_H_SEED)
+        else:
+          # It's '#include "gtest/foo.h"' where foo is not gtest-spi.
+          # We treat it as '#include "gtest/gtest.h"', as all other
+          # gtest headers are being fused into gtest.h and cannot be
+          # #included directly.
+
+          # There is no need to #include "gtest/gtest.h" more than once.
+          if not GTEST_H_SEED in processed_files:
+            processed_files.add(GTEST_H_SEED)
+            output_file.write('#include "%s"\n' % (GTEST_H_OUTPUT,))
+      else:
+        m = INCLUDE_SRC_FILE_REGEX.match(line)
+        if m:
+          # It's '#include "src/foo"' - let's process it recursively.
+          ProcessFile(m.group(1))
+        else:
+          output_file.write(line)
+
+  ProcessFile(GTEST_ALL_CC_SEED)
+
+
+def FuseGTestAllCc(gtest_root, output_dir):
+  """Scans folder gtest_root to generate gtest/gtest-all.cc in output_dir."""
+
+  output_file = file(os.path.join(output_dir, GTEST_ALL_CC_OUTPUT), 'w')
+  FuseGTestAllCcToFile(gtest_root, output_file)
+  output_file.close()
+
+
+def FuseGTest(gtest_root, output_dir):
+  """Fuses gtest.h and gtest-all.cc."""
+
+  ValidateGTestRootDir(gtest_root)
+  ValidateOutputDir(output_dir)
+
+  FuseGTestH(gtest_root, output_dir)
+  FuseGTestAllCc(gtest_root, output_dir)
+
+
+def main():
+  argc = len(sys.argv)
+  if argc == 2:
+    # fuse_gtest_files.py OUTPUT_DIR
+    FuseGTest(DEFAULT_GTEST_ROOT_DIR, sys.argv[1])
+  elif argc == 3:
+    # fuse_gtest_files.py GTEST_ROOT_DIR OUTPUT_DIR
+    FuseGTest(sys.argv[1], sys.argv[2])
+  else:
+    print __doc__
+    sys.exit(1)
+
+
+if __name__ == '__main__':
+  main()
diff --git a/nss/gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py b/nss/gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py
new file mode 100755
index 0000000..3e7ab04
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/gen_gtest_pred_impl.py
@@ -0,0 +1,730 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""gen_gtest_pred_impl.py v0.1
+
+Generates the implementation of Google Test predicate assertions and
+accompanying tests.
+
+Usage:
+
+  gen_gtest_pred_impl.py MAX_ARITY
+
+where MAX_ARITY is a positive integer.
+
+The command generates the implementation of up-to MAX_ARITY-ary
+predicate assertions, and writes it to file gtest_pred_impl.h in the
+directory where the script is.  It also generates the accompanying
+unit test in file gtest_pred_impl_unittest.cc.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import sys
+import time
+
+# Where this script is.
+SCRIPT_DIR = os.path.dirname(sys.argv[0])
+
+# Where to store the generated header.
+HEADER = os.path.join(SCRIPT_DIR, '../include/gtest/gtest_pred_impl.h')
+
+# Where to store the generated unit test.
+UNIT_TEST = os.path.join(SCRIPT_DIR, '../test/gtest_pred_impl_unittest.cc')
+
+
+def HeaderPreamble(n):
+  """Returns the preamble for the header file.
+
+  Args:
+    n:  the maximum arity of the predicate macros to be generated.
+  """
+
+  # A map that defines the values used in the preamble template.
+  DEFS = {
+    'today' : time.strftime('%m/%d/%Y'),
+    'year' : time.strftime('%Y'),
+    'command' : '%s %s' % (os.path.basename(sys.argv[0]), n),
+    'n' : n
+    }
+
+  return (
+"""// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on %(today)s by command
+// '%(command)s'.  DO NOT EDIT BY HAND!
+//
+// Implements a family of generic predicate assertion macros.
+
+#ifndef GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+#define GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+
+// Makes sure this header is not included before gtest.h.
+#ifndef GTEST_INCLUDE_GTEST_GTEST_H_
+# error Do not include gtest_pred_impl.h directly.  Include gtest.h instead.
+#endif  // GTEST_INCLUDE_GTEST_GTEST_H_
+
+// This header implements a family of generic predicate assertion
+// macros:
+//
+//   ASSERT_PRED_FORMAT1(pred_format, v1)
+//   ASSERT_PRED_FORMAT2(pred_format, v1, v2)
+//   ...
+//
+// where pred_format is a function or functor that takes n (in the
+// case of ASSERT_PRED_FORMATn) values and their source expression
+// text, and returns a testing::AssertionResult.  See the definition
+// of ASSERT_EQ in gtest.h for an example.
+//
+// If you don't care about formatting, you can use the more
+// restrictive version:
+//
+//   ASSERT_PRED1(pred, v1)
+//   ASSERT_PRED2(pred, v1, v2)
+//   ...
+//
+// where pred is an n-ary function or functor that returns bool,
+// and the values v1, v2, ..., must support the << operator for
+// streaming to std::ostream.
+//
+// We also define the EXPECT_* variations.
+//
+// For now we only support predicates whose arity is at most %(n)s.
+// Please email googletestframework@googlegroups.com if you need
+// support for higher arities.
+
+// GTEST_ASSERT_ is the basic statement to which all of the assertions
+// in this file reduce.  Don't use this in your code.
+
+#define GTEST_ASSERT_(expression, on_failure) \\
+  GTEST_AMBIGUOUS_ELSE_BLOCKER_ \\
+  if (const ::testing::AssertionResult gtest_ar = (expression)) \\
+    ; \\
+  else \\
+    on_failure(gtest_ar.failure_message())
+""" % DEFS)
+
+
+def Arity(n):
+  """Returns the English name of the given arity."""
+
+  if n < 0:
+    return None
+  elif n <= 3:
+    return ['nullary', 'unary', 'binary', 'ternary'][n]
+  else:
+    return '%s-ary' % n
+
+
+def Title(word):
+  """Returns the given word in title case.  The difference between
+  this and string's title() method is that Title('4-ary') is '4-ary'
+  while '4-ary'.title() is '4-Ary'."""
+
+  return word[0].upper() + word[1:]
+
+
+def OneTo(n):
+  """Returns the list [1, 2, 3, ..., n]."""
+
+  return range(1, n + 1)
+
+
+def Iter(n, format, sep=''):
+  """Given a positive integer n, a format string that contains 0 or
+  more '%s' format specs, and optionally a separator string, returns
+  the join of n strings, each formatted with the format string on an
+  iterator ranged from 1 to n.
+
+  Example:
+
+  Iter(3, 'v%s', sep=', ') returns 'v1, v2, v3'.
+  """
+
+  # How many '%s' specs are in format?
+  spec_count = len(format.split('%s')) - 1
+  return sep.join([format % (spec_count * (i,)) for i in OneTo(n)])
+
+
+def ImplementationForArity(n):
+  """Returns the implementation of n-ary predicate assertions."""
+
+  # A map the defines the values used in the implementation template.
+  DEFS = {
+    'n' : str(n),
+    'vs' : Iter(n, 'v%s', sep=', '),
+    'vts' : Iter(n, '#v%s', sep=', '),
+    'arity' : Arity(n),
+    'Arity' : Title(Arity(n))
+    }
+
+  impl = """
+
+// Helper function for implementing {EXPECT|ASSERT}_PRED%(n)s.  Don't use
+// this in your code.
+template <typename Pred""" % DEFS
+
+  impl += Iter(n, """,
+          typename T%s""")
+
+  impl += """>
+AssertionResult AssertPred%(n)sHelper(const char* pred_text""" % DEFS
+
+  impl += Iter(n, """,
+                                  const char* e%s""")
+
+  impl += """,
+                                  Pred pred"""
+
+  impl += Iter(n, """,
+                                  const T%s& v%s""")
+
+  impl += """) {
+  if (pred(%(vs)s)) return AssertionSuccess();
+
+""" % DEFS
+
+  impl += '  return AssertionFailure() << pred_text << "("'
+
+  impl += Iter(n, """
+                            << e%s""", sep=' << ", "')
+
+  impl += ' << ") evaluates to false, where"'
+
+  impl += Iter(n, """
+                            << "\\n" << e%s << " evaluates to " << v%s""")
+
+  impl += """;
+}
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED_FORMAT%(n)s.
+// Don't use this in your code.
+#define GTEST_PRED_FORMAT%(n)s_(pred_format, %(vs)s, on_failure)\\
+  GTEST_ASSERT_(pred_format(%(vts)s, %(vs)s), \\
+                on_failure)
+
+// Internal macro for implementing {EXPECT|ASSERT}_PRED%(n)s.  Don't use
+// this in your code.
+#define GTEST_PRED%(n)s_(pred, %(vs)s, on_failure)\\
+  GTEST_ASSERT_(::testing::AssertPred%(n)sHelper(#pred""" % DEFS
+
+  impl += Iter(n, """, \\
+                                             #v%s""")
+
+  impl += """, \\
+                                             pred"""
+
+  impl += Iter(n, """, \\
+                                             v%s""")
+
+  impl += """), on_failure)
+
+// %(Arity)s predicate assertion macros.
+#define EXPECT_PRED_FORMAT%(n)s(pred_format, %(vs)s) \\
+  GTEST_PRED_FORMAT%(n)s_(pred_format, %(vs)s, GTEST_NONFATAL_FAILURE_)
+#define EXPECT_PRED%(n)s(pred, %(vs)s) \\
+  GTEST_PRED%(n)s_(pred, %(vs)s, GTEST_NONFATAL_FAILURE_)
+#define ASSERT_PRED_FORMAT%(n)s(pred_format, %(vs)s) \\
+  GTEST_PRED_FORMAT%(n)s_(pred_format, %(vs)s, GTEST_FATAL_FAILURE_)
+#define ASSERT_PRED%(n)s(pred, %(vs)s) \\
+  GTEST_PRED%(n)s_(pred, %(vs)s, GTEST_FATAL_FAILURE_)
+
+""" % DEFS
+
+  return impl
+
+
+def HeaderPostamble():
+  """Returns the postamble for the header file."""
+
+  return """
+
+#endif  // GTEST_INCLUDE_GTEST_GTEST_PRED_IMPL_H_
+"""
+
+
+def GenerateFile(path, content):
+  """Given a file path and a content string, overwrites it with the
+  given content."""
+
+  print 'Updating file %s . . .' % path
+
+  f = file(path, 'w+')
+  print >>f, content,
+  f.close()
+
+  print 'File %s has been updated.' % path
+
+
+def GenerateHeader(n):
+  """Given the maximum arity n, updates the header file that implements
+  the predicate assertions."""
+
+  GenerateFile(HEADER,
+               HeaderPreamble(n)
+               + ''.join([ImplementationForArity(i) for i in OneTo(n)])
+               + HeaderPostamble())
+
+
+def UnitTestPreamble():
+  """Returns the preamble for the unit test file."""
+
+  # A map that defines the values used in the preamble template.
+  DEFS = {
+    'today' : time.strftime('%m/%d/%Y'),
+    'year' : time.strftime('%Y'),
+    'command' : '%s %s' % (os.path.basename(sys.argv[0]), sys.argv[1]),
+    }
+
+  return (
+"""// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on %(today)s by command
+// '%(command)s'.  DO NOT EDIT BY HAND!
+
+// Regression test for gtest_pred_impl.h
+//
+// This file is generated by a script and quite long.  If you intend to
+// learn how Google Test works by reading its unit tests, read
+// gtest_unittest.cc instead.
+//
+// This is intended as a regression test for the Google Test predicate
+// assertions.  We compile it as part of the gtest_unittest target
+// only to keep the implementation tidy and compact, as it is quite
+// involved to set up the stage for testing Google Test using Google
+// Test itself.
+//
+// Currently, gtest_unittest takes ~11 seconds to run in the testing
+// daemon.  In the future, if it grows too large and needs much more
+// time to finish, we should consider separating this file into a
+// stand-alone regression test.
+
+#include <iostream>
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+// A user-defined data type.
+struct Bool {
+  explicit Bool(int val) : value(val != 0) {}
+
+  bool operator>(int n) const { return value > Bool(n).value; }
+
+  Bool operator+(const Bool& rhs) const { return Bool(value + rhs.value); }
+
+  bool operator==(const Bool& rhs) const { return value == rhs.value; }
+
+  bool value;
+};
+
+// Enables Bool to be used in assertions.
+std::ostream& operator<<(std::ostream& os, const Bool& x) {
+  return os << (x.value ? "true" : "false");
+}
+
+""" % DEFS)
+
+
+def TestsForArity(n):
+  """Returns the tests for n-ary predicate assertions."""
+
+  # A map that defines the values used in the template for the tests.
+  DEFS = {
+    'n' : n,
+    'es' : Iter(n, 'e%s', sep=', '),
+    'vs' : Iter(n, 'v%s', sep=', '),
+    'vts' : Iter(n, '#v%s', sep=', '),
+    'tvs' : Iter(n, 'T%s v%s', sep=', '),
+    'int_vs' : Iter(n, 'int v%s', sep=', '),
+    'Bool_vs' : Iter(n, 'Bool v%s', sep=', '),
+    'types' : Iter(n, 'typename T%s', sep=', '),
+    'v_sum' : Iter(n, 'v%s', sep=' + '),
+    'arity' : Arity(n),
+    'Arity' : Title(Arity(n)),
+    }
+
+  tests = (
+"""// Sample functions/functors for testing %(arity)s predicate assertions.
+
+// A %(arity)s predicate function.
+template <%(types)s>
+bool PredFunction%(n)s(%(tvs)s) {
+  return %(v_sum)s > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction%(n)sInt(%(int_vs)s) {
+  return %(v_sum)s > 0;
+}
+bool PredFunction%(n)sBool(%(Bool_vs)s) {
+  return %(v_sum)s > 0;
+}
+""" % DEFS)
+
+  tests += """
+// A %(arity)s predicate functor.
+struct PredFunctor%(n)s {
+  template <%(types)s>
+  bool operator()(""" % DEFS
+
+  tests += Iter(n, 'const T%s& v%s', sep=""",
+                  """)
+
+  tests += """) {
+    return %(v_sum)s > 0;
+  }
+};
+""" % DEFS
+
+  tests += """
+// A %(arity)s predicate-formatter function.
+template <%(types)s>
+testing::AssertionResult PredFormatFunction%(n)s(""" % DEFS
+
+  tests += Iter(n, 'const char* e%s', sep=""",
+                                             """)
+
+  tests += Iter(n, """,
+                                             const T%s& v%s""")
+
+  tests += """) {
+  if (PredFunction%(n)s(%(vs)s))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << """ % DEFS
+
+  tests += Iter(n, 'e%s', sep=' << " + " << ')
+
+  tests += """
+      << " is expected to be positive, but evaluates to "
+      << %(v_sum)s << ".";
+}
+""" % DEFS
+
+  tests += """
+// A %(arity)s predicate-formatter functor.
+struct PredFormatFunctor%(n)s {
+  template <%(types)s>
+  testing::AssertionResult operator()(""" % DEFS
+
+  tests += Iter(n, 'const char* e%s', sep=""",
+                                      """)
+
+  tests += Iter(n, """,
+                                      const T%s& v%s""")
+
+  tests += """) const {
+    return PredFormatFunction%(n)s(%(es)s, %(vs)s);
+  }
+};
+""" % DEFS
+
+  tests += """
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT%(n)s.
+
+class Predicate%(n)sTest : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;""" % DEFS
+
+  tests += """
+    """ + Iter(n, 'n%s_ = ') + """0;
+  }
+"""
+
+  tests += """
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once."""
+
+  tests += ''.join(["""
+    EXPECT_EQ(1, n%s_) <<
+        "The predicate assertion didn't evaluate argument %s "
+        "exactly once.";""" % (i, i + 1) for i in OneTo(n)])
+
+  tests += """
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+""" % DEFS
+
+  tests += Iter(n, """
+  static int n%s_;""")
+
+  tests += """
+};
+
+bool Predicate%(n)sTest::expected_to_finish_;
+bool Predicate%(n)sTest::finished_;
+""" % DEFS
+
+  tests += Iter(n, """int Predicate%%(n)sTest::n%s_;
+""") % DEFS
+
+  tests += """
+typedef Predicate%(n)sTest EXPECT_PRED_FORMAT%(n)sTest;
+typedef Predicate%(n)sTest ASSERT_PRED_FORMAT%(n)sTest;
+typedef Predicate%(n)sTest EXPECT_PRED%(n)sTest;
+typedef Predicate%(n)sTest ASSERT_PRED%(n)sTest;
+""" % DEFS
+
+  def GenTest(use_format, use_assert, expect_failure,
+              use_functor, use_user_type):
+    """Returns the test for a predicate assertion macro.
+
+    Args:
+      use_format:     true iff the assertion is a *_PRED_FORMAT*.
+      use_assert:     true iff the assertion is a ASSERT_*.
+      expect_failure: true iff the assertion is expected to fail.
+      use_functor:    true iff the first argument of the assertion is
+                      a functor (as opposed to a function)
+      use_user_type:  true iff the predicate functor/function takes
+                      argument(s) of a user-defined type.
+
+    Example:
+
+      GenTest(1, 0, 0, 1, 0) returns a test that tests the behavior
+      of a successful EXPECT_PRED_FORMATn() that takes a functor
+      whose arguments have built-in types."""
+
+    if use_assert:
+      assrt = 'ASSERT'  # 'assert' is reserved, so we cannot use
+                        # that identifier here.
+    else:
+      assrt = 'EXPECT'
+
+    assertion = assrt + '_PRED'
+
+    if use_format:
+      pred_format = 'PredFormat'
+      assertion += '_FORMAT'
+    else:
+      pred_format = 'Pred'
+
+    assertion += '%(n)s' % DEFS
+
+    if use_functor:
+      pred_format_type = 'functor'
+      pred_format += 'Functor%(n)s()'
+    else:
+      pred_format_type = 'function'
+      pred_format += 'Function%(n)s'
+      if not use_format:
+        if use_user_type:
+          pred_format += 'Bool'
+        else:
+          pred_format += 'Int'
+
+    test_name = pred_format_type.title()
+
+    if use_user_type:
+      arg_type = 'user-defined type (Bool)'
+      test_name += 'OnUserType'
+      if expect_failure:
+        arg = 'Bool(n%s_++)'
+      else:
+        arg = 'Bool(++n%s_)'
+    else:
+      arg_type = 'built-in type (int)'
+      test_name += 'OnBuiltInType'
+      if expect_failure:
+        arg = 'n%s_++'
+      else:
+        arg = '++n%s_'
+
+    if expect_failure:
+      successful_or_failed = 'failed'
+      expected_or_not = 'expected.'
+      test_name +=  'Failure'
+    else:
+      successful_or_failed = 'successful'
+      expected_or_not = 'UNEXPECTED!'
+      test_name +=  'Success'
+
+    # A map that defines the values used in the test template.
+    defs = DEFS.copy()
+    defs.update({
+      'assert' : assrt,
+      'assertion' : assertion,
+      'test_name' : test_name,
+      'pf_type' : pred_format_type,
+      'pf' : pred_format,
+      'arg_type' : arg_type,
+      'arg' : arg,
+      'successful' : successful_or_failed,
+      'expected' : expected_or_not,
+      })
+
+    test = """
+// Tests a %(successful)s %(assertion)s where the
+// predicate-formatter is a %(pf_type)s on a %(arg_type)s.
+TEST_F(%(assertion)sTest, %(test_name)s) {""" % defs
+
+    indent = (len(assertion) + 3)*' '
+    extra_indent = ''
+
+    if expect_failure:
+      extra_indent = '  '
+      if use_assert:
+        test += """
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT"""
+      else:
+        test += """
+  EXPECT_NONFATAL_FAILURE({  // NOLINT"""
+
+    test += '\n' + extra_indent + """  %(assertion)s(%(pf)s""" % defs
+
+    test = test % defs
+    test += Iter(n, ',\n' + indent + extra_indent + '%(arg)s' % defs)
+    test += ');\n' + extra_indent + '  finished_ = true;\n'
+
+    if expect_failure:
+      test += '  }, "");\n'
+
+    test += '}\n'
+    return test
+
+  # Generates tests for all 2**6 = 64 combinations.
+  tests += ''.join([GenTest(use_format, use_assert, expect_failure,
+                            use_functor, use_user_type)
+                    for use_format in [0, 1]
+                    for use_assert in [0, 1]
+                    for expect_failure in [0, 1]
+                    for use_functor in [0, 1]
+                    for use_user_type in [0, 1]
+                    ])
+
+  return tests
+
+
+def UnitTestPostamble():
+  """Returns the postamble for the tests."""
+
+  return ''
+
+
+def GenerateUnitTest(n):
+  """Returns the tests for up-to n-ary predicate assertions."""
+
+  GenerateFile(UNIT_TEST,
+               UnitTestPreamble()
+               + ''.join([TestsForArity(i) for i in OneTo(n)])
+               + UnitTestPostamble())
+
+
+def _Main():
+  """The entry point of the script.  Generates the header file and its
+  unit test."""
+
+  if len(sys.argv) != 2:
+    print __doc__
+    print 'Author: ' + __author__
+    sys.exit(1)
+
+  n = int(sys.argv[1])
+  GenerateHeader(n)
+  GenerateUnitTest(n)
+
+
+if __name__ == '__main__':
+  _Main()
diff --git a/nss/gtests/google_test/gtest/scripts/gtest-config.in b/nss/gtests/google_test/gtest/scripts/gtest-config.in
new file mode 100755
index 0000000..780f843
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/gtest-config.in
@@ -0,0 +1,274 @@
+#!/bin/sh
+
+# These variables are automatically filled in by the configure script.
+name="@PACKAGE_TARNAME@"
+version="@PACKAGE_VERSION@"
+
+show_usage()
+{
+  echo "Usage: gtest-config [OPTIONS...]"
+}
+
+show_help()
+{
+  show_usage
+  cat <<\EOF
+
+The `gtest-config' script provides access to the necessary compile and linking
+flags to connect with Google C++ Testing Framework, both in a build prior to
+installation, and on the system proper after installation. The installation
+overrides may be issued in combination with any other queries, but will only
+affect installation queries if called on a built but not installed gtest. The
+installation queries may not be issued with any other types of queries, and
+only one installation query may be made at a time. The version queries and
+compiler flag queries may be combined as desired but not mixed. Different
+version queries are always combined with logical "and" semantics, and only the
+last of any particular query is used while all previous ones ignored. All
+versions must be specified as a sequence of numbers separated by periods.
+Compiler flag queries output the union of the sets of flags when combined.
+
+ Examples:
+  gtest-config --min-version=1.0 || echo "Insufficient Google Test version."
+
+  g++ $(gtest-config --cppflags --cxxflags) -o foo.o -c foo.cpp
+  g++ $(gtest-config --ldflags --libs) -o foo foo.o
+
+  # When using a built but not installed Google Test:
+  g++ $(../../my_gtest_build/scripts/gtest-config ...) ...
+
+  # When using an installed Google Test, but with installation overrides:
+  export GTEST_PREFIX="/opt"
+  g++ $(gtest-config --libdir="/opt/lib64" ...) ...
+
+ Help:
+  --usage                    brief usage information
+  --help                     display this help message
+
+ Installation Overrides:
+  --prefix=<dir>             overrides the installation prefix
+  --exec-prefix=<dir>        overrides the executable installation prefix
+  --libdir=<dir>             overrides the library installation prefix
+  --includedir=<dir>         overrides the header file installation prefix
+
+ Installation Queries:
+  --prefix                   installation prefix
+  --exec-prefix              executable installation prefix
+  --libdir                   library installation directory
+  --includedir               header file installation directory
+  --version                  the version of the Google Test installation
+
+ Version Queries:
+  --min-version=VERSION      return 0 if the version is at least VERSION
+  --exact-version=VERSION    return 0 if the version is exactly VERSION
+  --max-version=VERSION      return 0 if the version is at most VERSION
+
+ Compilation Flag Queries:
+  --cppflags                 compile flags specific to the C-like preprocessors
+  --cxxflags                 compile flags appropriate for C++ programs
+  --ldflags                  linker flags
+  --libs                     libraries for linking
+
+EOF
+}
+
+# This function bounds our version with a min and a max. It uses some clever
+# POSIX-compliant variable expansion to portably do all the work in the shell
+# and avoid any dependency on a particular "sed" or "awk" implementation.
+# Notable is that it will only ever compare the first 3 components of versions.
+# Further components will be cleanly stripped off. All versions must be
+# unadorned, so "v1.0" will *not* work. The minimum version must be in $1, and
+# the max in $2. TODO(chandlerc@google.com): If this ever breaks, we should
+# investigate expanding this via autom4te from AS_VERSION_COMPARE rather than
+# continuing to maintain our own shell version.
+check_versions()
+{
+  major_version=${version%%.*}
+  minor_version="0"
+  point_version="0"
+  if test "${version#*.}" != "${version}"; then
+    minor_version=${version#*.}
+    minor_version=${minor_version%%.*}
+  fi
+  if test "${version#*.*.}" != "${version}"; then
+    point_version=${version#*.*.}
+    point_version=${point_version%%.*}
+  fi
+
+  min_version="$1"
+  min_major_version=${min_version%%.*}
+  min_minor_version="0"
+  min_point_version="0"
+  if test "${min_version#*.}" != "${min_version}"; then
+    min_minor_version=${min_version#*.}
+    min_minor_version=${min_minor_version%%.*}
+  fi
+  if test "${min_version#*.*.}" != "${min_version}"; then
+    min_point_version=${min_version#*.*.}
+    min_point_version=${min_point_version%%.*}
+  fi
+
+  max_version="$2"
+  max_major_version=${max_version%%.*}
+  max_minor_version="0"
+  max_point_version="0"
+  if test "${max_version#*.}" != "${max_version}"; then
+    max_minor_version=${max_version#*.}
+    max_minor_version=${max_minor_version%%.*}
+  fi
+  if test "${max_version#*.*.}" != "${max_version}"; then
+    max_point_version=${max_version#*.*.}
+    max_point_version=${max_point_version%%.*}
+  fi
+
+  test $(($major_version)) -lt $(($min_major_version)) && exit 1
+  if test $(($major_version)) -eq $(($min_major_version)); then
+    test $(($minor_version)) -lt $(($min_minor_version)) && exit 1
+    if test $(($minor_version)) -eq $(($min_minor_version)); then
+      test $(($point_version)) -lt $(($min_point_version)) && exit 1
+    fi
+  fi
+
+  test $(($major_version)) -gt $(($max_major_version)) && exit 1
+  if test $(($major_version)) -eq $(($max_major_version)); then
+    test $(($minor_version)) -gt $(($max_minor_version)) && exit 1
+    if test $(($minor_version)) -eq $(($max_minor_version)); then
+      test $(($point_version)) -gt $(($max_point_version)) && exit 1
+    fi
+  fi
+
+  exit 0
+}
+
+# Show the usage line when no arguments are specified.
+if test $# -eq 0; then
+  show_usage
+  exit 1
+fi
+
+while test $# -gt 0; do
+  case $1 in
+    --usage)          show_usage;         exit 0;;
+    --help)           show_help;          exit 0;;
+
+    # Installation overrides
+    --prefix=*)       GTEST_PREFIX=${1#--prefix=};;
+    --exec-prefix=*)  GTEST_EXEC_PREFIX=${1#--exec-prefix=};;
+    --libdir=*)       GTEST_LIBDIR=${1#--libdir=};;
+    --includedir=*)   GTEST_INCLUDEDIR=${1#--includedir=};;
+
+    # Installation queries
+    --prefix|--exec-prefix|--libdir|--includedir|--version)
+      if test -n "${do_query}"; then
+        show_usage
+        exit 1
+      fi
+      do_query=${1#--}
+      ;;
+
+    # Version checking
+    --min-version=*)
+      do_check_versions=yes
+      min_version=${1#--min-version=}
+      ;;
+    --max-version=*)
+      do_check_versions=yes
+      max_version=${1#--max-version=}
+      ;;
+    --exact-version=*)
+      do_check_versions=yes
+      exact_version=${1#--exact-version=}
+      ;;
+
+    # Compiler flag output
+    --cppflags)       echo_cppflags=yes;;
+    --cxxflags)       echo_cxxflags=yes;;
+    --ldflags)        echo_ldflags=yes;;
+    --libs)           echo_libs=yes;;
+
+    # Everything else is an error
+    *)                show_usage;         exit 1;;
+  esac
+  shift
+done
+
+# These have defaults filled in by the configure script but can also be
+# overridden by environment variables or command line parameters.
+prefix="${GTEST_PREFIX:-@prefix@}"
+exec_prefix="${GTEST_EXEC_PREFIX:-@exec_prefix@}"
+libdir="${GTEST_LIBDIR:-@libdir@}"
+includedir="${GTEST_INCLUDEDIR:-@includedir@}"
+
+# We try and detect if our binary is not located at its installed location. If
+# it's not, we provide variables pointing to the source and build tree rather
+# than to the install tree. This allows building against a just-built gtest
+# rather than an installed gtest.
+bindir="@bindir@"
+this_relative_bindir=`dirname $0`
+this_bindir=`cd ${this_relative_bindir}; pwd -P`
+if test "${this_bindir}" = "${this_bindir%${bindir}}"; then
+  # The path to the script doesn't end in the bindir sequence from Autoconf,
+  # assume that we are in a build tree.
+  build_dir=`dirname ${this_bindir}`
+  src_dir=`cd ${this_bindir}; cd @top_srcdir@; pwd -P`
+
+  # TODO(chandlerc@google.com): This is a dangerous dependency on libtool, we
+  # should work to remove it, and/or remove libtool altogether, replacing it
+  # with direct references to the library and a link path.
+  gtest_libs="${build_dir}/lib/libgtest.la @PTHREAD_CFLAGS@ @PTHREAD_LIBS@"
+  gtest_ldflags=""
+
+  # We provide hooks to include from either the source or build dir, where the
+  # build dir is always preferred. This will potentially allow us to write
+  # build rules for generated headers and have them automatically be preferred
+  # over provided versions.
+  gtest_cppflags="-I${build_dir}/include -I${src_dir}/include"
+  gtest_cxxflags="@PTHREAD_CFLAGS@"
+else
+  # We're using an installed gtest, although it may be staged under some
+  # prefix. Assume (as our own libraries do) that we can resolve the prefix,
+  # and are present in the dynamic link paths.
+  gtest_ldflags="-L${libdir}"
+  gtest_libs="-l${name} @PTHREAD_CFLAGS@ @PTHREAD_LIBS@"
+  gtest_cppflags="-I${includedir}"
+  gtest_cxxflags="@PTHREAD_CFLAGS@"
+fi
+
+# Do an installation query if requested.
+if test -n "$do_query"; then
+  case $do_query in
+    prefix)           echo $prefix;       exit 0;;
+    exec-prefix)      echo $exec_prefix;  exit 0;;
+    libdir)           echo $libdir;       exit 0;;
+    includedir)       echo $includedir;   exit 0;;
+    version)          echo $version;      exit 0;;
+    *)                show_usage;         exit 1;;
+  esac
+fi
+
+# Do a version check if requested.
+if test "$do_check_versions" = "yes"; then
+  # Make sure we didn't receive a bad combination of parameters.
+  test "$echo_cppflags" = "yes" && show_usage && exit 1
+  test "$echo_cxxflags" = "yes" && show_usage && exit 1
+  test "$echo_ldflags" = "yes"  && show_usage && exit 1
+  test "$echo_libs" = "yes"     && show_usage && exit 1
+
+  if test "$exact_version" != ""; then
+    check_versions $exact_version $exact_version
+    # unreachable
+  else
+    check_versions ${min_version:-0.0.0} ${max_version:-9999.9999.9999}
+    # unreachable
+  fi
+fi
+
+# Do the output in the correct order so that these can be used in-line of
+# a compiler invocation.
+output=""
+test "$echo_cppflags" = "yes" && output="$output $gtest_cppflags"
+test "$echo_cxxflags" = "yes" && output="$output $gtest_cxxflags"
+test "$echo_ldflags" = "yes"  && output="$output $gtest_ldflags"
+test "$echo_libs" = "yes"     && output="$output $gtest_libs"
+echo $output
+
+exit 0
diff --git a/nss/gtests/google_test/gtest/scripts/pump.py b/nss/gtests/google_test/gtest/scripts/pump.py
new file mode 100755
index 0000000..5efb653
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/pump.py
@@ -0,0 +1,855 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""pump v0.2.0 - Pretty Useful for Meta Programming.
+
+A tool for preprocessor meta programming.  Useful for generating
+repetitive boilerplate code.  Especially useful for writing C++
+classes, functions, macros, and templates that need to work with
+various number of arguments.
+
+USAGE:
+       pump.py SOURCE_FILE
+
+EXAMPLES:
+       pump.py foo.cc.pump
+         Converts foo.cc.pump to foo.cc.
+
+GRAMMAR:
+       CODE ::= ATOMIC_CODE*
+       ATOMIC_CODE ::= $var ID = EXPRESSION
+           | $var ID = [[ CODE ]]
+           | $range ID EXPRESSION..EXPRESSION
+           | $for ID SEPARATOR [[ CODE ]]
+           | $($)
+           | $ID
+           | $(EXPRESSION)
+           | $if EXPRESSION [[ CODE ]] ELSE_BRANCH
+           | [[ CODE ]]
+           | RAW_CODE
+       SEPARATOR ::= RAW_CODE | EMPTY
+       ELSE_BRANCH ::= $else [[ CODE ]]
+           | $elif EXPRESSION [[ CODE ]] ELSE_BRANCH
+           | EMPTY
+       EXPRESSION has Python syntax.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sys
+
+
+TOKEN_TABLE = [
+    (re.compile(r'\$var\s+'), '$var'),
+    (re.compile(r'\$elif\s+'), '$elif'),
+    (re.compile(r'\$else\s+'), '$else'),
+    (re.compile(r'\$for\s+'), '$for'),
+    (re.compile(r'\$if\s+'), '$if'),
+    (re.compile(r'\$range\s+'), '$range'),
+    (re.compile(r'\$[_A-Za-z]\w*'), '$id'),
+    (re.compile(r'\$\(\$\)'), '$($)'),
+    (re.compile(r'\$'), '$'),
+    (re.compile(r'\[\[\n?'), '[['),
+    (re.compile(r'\]\]\n?'), ']]'),
+    ]
+
+
+class Cursor:
+  """Represents a position (line and column) in a text file."""
+
+  def __init__(self, line=-1, column=-1):
+    self.line = line
+    self.column = column
+
+  def __eq__(self, rhs):
+    return self.line == rhs.line and self.column == rhs.column
+
+  def __ne__(self, rhs):
+    return not self == rhs
+
+  def __lt__(self, rhs):
+    return self.line < rhs.line or (
+        self.line == rhs.line and self.column < rhs.column)
+
+  def __le__(self, rhs):
+    return self < rhs or self == rhs
+
+  def __gt__(self, rhs):
+    return rhs < self
+
+  def __ge__(self, rhs):
+    return rhs <= self
+
+  def __str__(self):
+    if self == Eof():
+      return 'EOF'
+    else:
+      return '%s(%s)' % (self.line + 1, self.column)
+
+  def __add__(self, offset):
+    return Cursor(self.line, self.column + offset)
+
+  def __sub__(self, offset):
+    return Cursor(self.line, self.column - offset)
+
+  def Clone(self):
+    """Returns a copy of self."""
+
+    return Cursor(self.line, self.column)
+
+
+# Special cursor to indicate the end-of-file.
+def Eof():
+  """Returns the special cursor to denote the end-of-file."""
+  return Cursor(-1, -1)
+
+
+class Token:
+  """Represents a token in a Pump source file."""
+
+  def __init__(self, start=None, end=None, value=None, token_type=None):
+    if start is None:
+      self.start = Eof()
+    else:
+      self.start = start
+    if end is None:
+      self.end = Eof()
+    else:
+      self.end = end
+    self.value = value
+    self.token_type = token_type
+
+  def __str__(self):
+    return 'Token @%s: \'%s\' type=%s' % (
+        self.start, self.value, self.token_type)
+
+  def Clone(self):
+    """Returns a copy of self."""
+
+    return Token(self.start.Clone(), self.end.Clone(), self.value,
+                 self.token_type)
+
+
+def StartsWith(lines, pos, string):
+  """Returns True iff the given position in lines starts with 'string'."""
+
+  return lines[pos.line][pos.column:].startswith(string)
+
+
+def FindFirstInLine(line, token_table):
+  best_match_start = -1
+  for (regex, token_type) in token_table:
+    m = regex.search(line)
+    if m:
+      # We found regex in lines
+      if best_match_start < 0 or m.start() < best_match_start:
+        best_match_start = m.start()
+        best_match_length = m.end() - m.start()
+        best_match_token_type = token_type
+
+  if best_match_start < 0:
+    return None
+
+  return (best_match_start, best_match_length, best_match_token_type)
+
+
+def FindFirst(lines, token_table, cursor):
+  """Finds the first occurrence of any string in strings in lines."""
+
+  start = cursor.Clone()
+  cur_line_number = cursor.line
+  for line in lines[start.line:]:
+    if cur_line_number == start.line:
+      line = line[start.column:]
+    m = FindFirstInLine(line, token_table)
+    if m:
+      # We found a regex in line.
+      (start_column, length, token_type) = m
+      if cur_line_number == start.line:
+        start_column += start.column
+      found_start = Cursor(cur_line_number, start_column)
+      found_end = found_start + length
+      return MakeToken(lines, found_start, found_end, token_type)
+    cur_line_number += 1
+  # We failed to find str in lines
+  return None
+
+
+def SubString(lines, start, end):
+  """Returns a substring in lines."""
+
+  if end == Eof():
+    end = Cursor(len(lines) - 1, len(lines[-1]))
+
+  if start >= end:
+    return ''
+
+  if start.line == end.line:
+    return lines[start.line][start.column:end.column]
+
+  result_lines = ([lines[start.line][start.column:]] +
+                  lines[start.line + 1:end.line] +
+                  [lines[end.line][:end.column]])
+  return ''.join(result_lines)
+
+
+def StripMetaComments(str):
+  """Strip meta comments from each line in the given string."""
+
+  # First, completely remove lines containing nothing but a meta
+  # comment, including the trailing \n.
+  str = re.sub(r'^\s*\$\$.*\n', '', str)
+
+  # Then, remove meta comments from contentful lines.
+  return re.sub(r'\s*\$\$.*', '', str)
+
+
+def MakeToken(lines, start, end, token_type):
+  """Creates a new instance of Token."""
+
+  return Token(start, end, SubString(lines, start, end), token_type)
+
+
+def ParseToken(lines, pos, regex, token_type):
+  line = lines[pos.line][pos.column:]
+  m = regex.search(line)
+  if m and not m.start():
+    return MakeToken(lines, pos, pos + m.end(), token_type)
+  else:
+    print 'ERROR: %s expected at %s.' % (token_type, pos)
+    sys.exit(1)
+
+
+ID_REGEX = re.compile(r'[_A-Za-z]\w*')
+EQ_REGEX = re.compile(r'=')
+REST_OF_LINE_REGEX = re.compile(r'.*?(?=$|\$\$)')
+OPTIONAL_WHITE_SPACES_REGEX = re.compile(r'\s*')
+WHITE_SPACE_REGEX = re.compile(r'\s')
+DOT_DOT_REGEX = re.compile(r'\.\.')
+
+
+def Skip(lines, pos, regex):
+  line = lines[pos.line][pos.column:]
+  m = re.search(regex, line)
+  if m and not m.start():
+    return pos + m.end()
+  else:
+    return pos
+
+
+def SkipUntil(lines, pos, regex, token_type):
+  line = lines[pos.line][pos.column:]
+  m = re.search(regex, line)
+  if m:
+    return pos + m.start()
+  else:
+    print ('ERROR: %s expected on line %s after column %s.' %
+           (token_type, pos.line + 1, pos.column))
+    sys.exit(1)
+
+
+def ParseExpTokenInParens(lines, pos):
+  def ParseInParens(pos):
+    pos = Skip(lines, pos, OPTIONAL_WHITE_SPACES_REGEX)
+    pos = Skip(lines, pos, r'\(')
+    pos = Parse(pos)
+    pos = Skip(lines, pos, r'\)')
+    return pos
+
+  def Parse(pos):
+    pos = SkipUntil(lines, pos, r'\(|\)', ')')
+    if SubString(lines, pos, pos + 1) == '(':
+      pos = Parse(pos + 1)
+      pos = Skip(lines, pos, r'\)')
+      return Parse(pos)
+    else:
+      return pos
+
+  start = pos.Clone()
+  pos = ParseInParens(pos)
+  return MakeToken(lines, start, pos, 'exp')
+
+
+def RStripNewLineFromToken(token):
+  if token.value.endswith('\n'):
+    return Token(token.start, token.end, token.value[:-1], token.token_type)
+  else:
+    return token
+
+
+def TokenizeLines(lines, pos):
+  while True:
+    found = FindFirst(lines, TOKEN_TABLE, pos)
+    if not found:
+      yield MakeToken(lines, pos, Eof(), 'code')
+      return
+
+    if found.start == pos:
+      prev_token = None
+      prev_token_rstripped = None
+    else:
+      prev_token = MakeToken(lines, pos, found.start, 'code')
+      prev_token_rstripped = RStripNewLineFromToken(prev_token)
+
+    if found.token_type == '$var':
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      id_token = ParseToken(lines, found.end, ID_REGEX, 'id')
+      yield id_token
+      pos = Skip(lines, id_token.end, OPTIONAL_WHITE_SPACES_REGEX)
+
+      eq_token = ParseToken(lines, pos, EQ_REGEX, '=')
+      yield eq_token
+      pos = Skip(lines, eq_token.end, r'\s*')
+
+      if SubString(lines, pos, pos + 2) != '[[':
+        exp_token = ParseToken(lines, pos, REST_OF_LINE_REGEX, 'exp')
+        yield exp_token
+        pos = Cursor(exp_token.end.line + 1, 0)
+    elif found.token_type == '$for':
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      id_token = ParseToken(lines, found.end, ID_REGEX, 'id')
+      yield id_token
+      pos = Skip(lines, id_token.end, WHITE_SPACE_REGEX)
+    elif found.token_type == '$range':
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      id_token = ParseToken(lines, found.end, ID_REGEX, 'id')
+      yield id_token
+      pos = Skip(lines, id_token.end, OPTIONAL_WHITE_SPACES_REGEX)
+
+      dots_pos = SkipUntil(lines, pos, DOT_DOT_REGEX, '..')
+      yield MakeToken(lines, pos, dots_pos, 'exp')
+      yield MakeToken(lines, dots_pos, dots_pos + 2, '..')
+      pos = dots_pos + 2
+      new_pos = Cursor(pos.line + 1, 0)
+      yield MakeToken(lines, pos, new_pos, 'exp')
+      pos = new_pos
+    elif found.token_type == '$':
+      if prev_token:
+        yield prev_token
+      yield found
+      exp_token = ParseExpTokenInParens(lines, found.end)
+      yield exp_token
+      pos = exp_token.end
+    elif (found.token_type == ']]' or found.token_type == '$if' or
+          found.token_type == '$elif' or found.token_type == '$else'):
+      if prev_token_rstripped:
+        yield prev_token_rstripped
+      yield found
+      pos = found.end
+    else:
+      if prev_token:
+        yield prev_token
+      yield found
+      pos = found.end
+
+
+def Tokenize(s):
+  """A generator that yields the tokens in the given string."""
+  if s != '':
+    lines = s.splitlines(True)
+    for token in TokenizeLines(lines, Cursor(0, 0)):
+      yield token
+
+
+class CodeNode:
+  def __init__(self, atomic_code_list=None):
+    self.atomic_code = atomic_code_list
+
+
+class VarNode:
+  def __init__(self, identifier=None, atomic_code=None):
+    self.identifier = identifier
+    self.atomic_code = atomic_code
+
+
+class RangeNode:
+  def __init__(self, identifier=None, exp1=None, exp2=None):
+    self.identifier = identifier
+    self.exp1 = exp1
+    self.exp2 = exp2
+
+
+class ForNode:
+  def __init__(self, identifier=None, sep=None, code=None):
+    self.identifier = identifier
+    self.sep = sep
+    self.code = code
+
+
+class ElseNode:
+  def __init__(self, else_branch=None):
+    self.else_branch = else_branch
+
+
+class IfNode:
+  def __init__(self, exp=None, then_branch=None, else_branch=None):
+    self.exp = exp
+    self.then_branch = then_branch
+    self.else_branch = else_branch
+
+
+class RawCodeNode:
+  def __init__(self, token=None):
+    self.raw_code = token
+
+
+class LiteralDollarNode:
+  def __init__(self, token):
+    self.token = token
+
+
+class ExpNode:
+  def __init__(self, token, python_exp):
+    self.token = token
+    self.python_exp = python_exp
+
+
+def PopFront(a_list):
+  head = a_list[0]
+  a_list[:1] = []
+  return head
+
+
+def PushFront(a_list, elem):
+  a_list[:0] = [elem]
+
+
+def PopToken(a_list, token_type=None):
+  token = PopFront(a_list)
+  if token_type is not None and token.token_type != token_type:
+    print 'ERROR: %s expected at %s' % (token_type, token.start)
+    print 'ERROR: %s found instead' % (token,)
+    sys.exit(1)
+
+  return token
+
+
+def PeekToken(a_list):
+  if not a_list:
+    return None
+
+  return a_list[0]
+
+
+def ParseExpNode(token):
+  python_exp = re.sub(r'([_A-Za-z]\w*)', r'self.GetValue("\1")', token.value)
+  return ExpNode(token, python_exp)
+
+
+def ParseElseNode(tokens):
+  def Pop(token_type=None):
+    return PopToken(tokens, token_type)
+
+  next = PeekToken(tokens)
+  if not next:
+    return None
+  if next.token_type == '$else':
+    Pop('$else')
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return code_node
+  elif next.token_type == '$elif':
+    Pop('$elif')
+    exp = Pop('code')
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    inner_else_node = ParseElseNode(tokens)
+    return CodeNode([IfNode(ParseExpNode(exp), code_node, inner_else_node)])
+  elif not next.value.strip():
+    Pop('code')
+    return ParseElseNode(tokens)
+  else:
+    return None
+
+
+def ParseAtomicCodeNode(tokens):
+  def Pop(token_type=None):
+    return PopToken(tokens, token_type)
+
+  head = PopFront(tokens)
+  t = head.token_type
+  if t == 'code':
+    return RawCodeNode(head)
+  elif t == '$var':
+    id_token = Pop('id')
+    Pop('=')
+    next = PeekToken(tokens)
+    if next.token_type == 'exp':
+      exp_token = Pop()
+      return VarNode(id_token, ParseExpNode(exp_token))
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return VarNode(id_token, code_node)
+  elif t == '$for':
+    id_token = Pop('id')
+    next_token = PeekToken(tokens)
+    if next_token.token_type == 'code':
+      sep_token = next_token
+      Pop('code')
+    else:
+      sep_token = None
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return ForNode(id_token, sep_token, code_node)
+  elif t == '$if':
+    exp_token = Pop('code')
+    Pop('[[')
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    else_node = ParseElseNode(tokens)
+    return IfNode(ParseExpNode(exp_token), code_node, else_node)
+  elif t == '$range':
+    id_token = Pop('id')
+    exp1_token = Pop('exp')
+    Pop('..')
+    exp2_token = Pop('exp')
+    return RangeNode(id_token, ParseExpNode(exp1_token),
+                     ParseExpNode(exp2_token))
+  elif t == '$id':
+    return ParseExpNode(Token(head.start + 1, head.end, head.value[1:], 'id'))
+  elif t == '$($)':
+    return LiteralDollarNode(head)
+  elif t == '$':
+    exp_token = Pop('exp')
+    return ParseExpNode(exp_token)
+  elif t == '[[':
+    code_node = ParseCodeNode(tokens)
+    Pop(']]')
+    return code_node
+  else:
+    PushFront(tokens, head)
+    return None
+
+
+def ParseCodeNode(tokens):
+  atomic_code_list = []
+  while True:
+    if not tokens:
+      break
+    atomic_code_node = ParseAtomicCodeNode(tokens)
+    if atomic_code_node:
+      atomic_code_list.append(atomic_code_node)
+    else:
+      break
+  return CodeNode(atomic_code_list)
+
+
+def ParseToAST(pump_src_text):
+  """Convert the given Pump source text into an AST."""
+  tokens = list(Tokenize(pump_src_text))
+  code_node = ParseCodeNode(tokens)
+  return code_node
+
+
+class Env:
+  def __init__(self):
+    self.variables = []
+    self.ranges = []
+
+  def Clone(self):
+    clone = Env()
+    clone.variables = self.variables[:]
+    clone.ranges = self.ranges[:]
+    return clone
+
+  def PushVariable(self, var, value):
+    # If value looks like an int, store it as an int.
+    try:
+      int_value = int(value)
+      if ('%s' % int_value) == value:
+        value = int_value
+    except Exception:
+      pass
+    self.variables[:0] = [(var, value)]
+
+  def PopVariable(self):
+    self.variables[:1] = []
+
+  def PushRange(self, var, lower, upper):
+    self.ranges[:0] = [(var, lower, upper)]
+
+  def PopRange(self):
+    self.ranges[:1] = []
+
+  def GetValue(self, identifier):
+    for (var, value) in self.variables:
+      if identifier == var:
+        return value
+
+    print 'ERROR: meta variable %s is undefined.' % (identifier,)
+    sys.exit(1)
+
+  def EvalExp(self, exp):
+    try:
+      result = eval(exp.python_exp)
+    except Exception, e:
+      print 'ERROR: caught exception %s: %s' % (e.__class__.__name__, e)
+      print ('ERROR: failed to evaluate meta expression %s at %s' %
+             (exp.python_exp, exp.token.start))
+      sys.exit(1)
+    return result
+
+  def GetRange(self, identifier):
+    for (var, lower, upper) in self.ranges:
+      if identifier == var:
+        return (lower, upper)
+
+    print 'ERROR: range %s is undefined.' % (identifier,)
+    sys.exit(1)
+
+
+class Output:
+  def __init__(self):
+    self.string = ''
+
+  def GetLastLine(self):
+    index = self.string.rfind('\n')
+    if index < 0:
+      return ''
+
+    return self.string[index + 1:]
+
+  def Append(self, s):
+    self.string += s
+
+
+def RunAtomicCode(env, node, output):
+  if isinstance(node, VarNode):
+    identifier = node.identifier.value.strip()
+    result = Output()
+    RunAtomicCode(env.Clone(), node.atomic_code, result)
+    value = result.string
+    env.PushVariable(identifier, value)
+  elif isinstance(node, RangeNode):
+    identifier = node.identifier.value.strip()
+    lower = int(env.EvalExp(node.exp1))
+    upper = int(env.EvalExp(node.exp2))
+    env.PushRange(identifier, lower, upper)
+  elif isinstance(node, ForNode):
+    identifier = node.identifier.value.strip()
+    if node.sep is None:
+      sep = ''
+    else:
+      sep = node.sep.value
+    (lower, upper) = env.GetRange(identifier)
+    for i in range(lower, upper + 1):
+      new_env = env.Clone()
+      new_env.PushVariable(identifier, i)
+      RunCode(new_env, node.code, output)
+      if i != upper:
+        output.Append(sep)
+  elif isinstance(node, RawCodeNode):
+    output.Append(node.raw_code.value)
+  elif isinstance(node, IfNode):
+    cond = env.EvalExp(node.exp)
+    if cond:
+      RunCode(env.Clone(), node.then_branch, output)
+    elif node.else_branch is not None:
+      RunCode(env.Clone(), node.else_branch, output)
+  elif isinstance(node, ExpNode):
+    value = env.EvalExp(node)
+    output.Append('%s' % (value,))
+  elif isinstance(node, LiteralDollarNode):
+    output.Append('$')
+  elif isinstance(node, CodeNode):
+    RunCode(env.Clone(), node, output)
+  else:
+    print 'BAD'
+    print node
+    sys.exit(1)
+
+
+def RunCode(env, code_node, output):
+  for atomic_code in code_node.atomic_code:
+    RunAtomicCode(env, atomic_code, output)
+
+
+def IsSingleLineComment(cur_line):
+  return '//' in cur_line
+
+
+def IsInPreprocessorDirective(prev_lines, cur_line):
+  if cur_line.lstrip().startswith('#'):
+    return True
+  return prev_lines and prev_lines[-1].endswith('\\')
+
+
+def WrapComment(line, output):
+  loc = line.find('//')
+  before_comment = line[:loc].rstrip()
+  if before_comment == '':
+    indent = loc
+  else:
+    output.append(before_comment)
+    indent = len(before_comment) - len(before_comment.lstrip())
+  prefix = indent*' ' + '// '
+  max_len = 80 - len(prefix)
+  comment = line[loc + 2:].strip()
+  segs = [seg for seg in re.split(r'(\w+\W*)', comment) if seg != '']
+  cur_line = ''
+  for seg in segs:
+    if len((cur_line + seg).rstrip()) < max_len:
+      cur_line += seg
+    else:
+      if cur_line.strip() != '':
+        output.append(prefix + cur_line.rstrip())
+      cur_line = seg.lstrip()
+  if cur_line.strip() != '':
+    output.append(prefix + cur_line.strip())
+
+
+def WrapCode(line, line_concat, output):
+  indent = len(line) - len(line.lstrip())
+  prefix = indent*' '  # Prefix of the current line
+  max_len = 80 - indent - len(line_concat)  # Maximum length of the current line
+  new_prefix = prefix + 4*' '  # Prefix of a continuation line
+  new_max_len = max_len - 4  # Maximum length of a continuation line
+  # Prefers to wrap a line after a ',' or ';'.
+  segs = [seg for seg in re.split(r'([^,;]+[,;]?)', line.strip()) if seg != '']
+  cur_line = ''  # The current line without leading spaces.
+  for seg in segs:
+    # If the line is still too long, wrap at a space.
+    while cur_line == '' and len(seg.strip()) > max_len:
+      seg = seg.lstrip()
+      split_at = seg.rfind(' ', 0, max_len)
+      output.append(prefix + seg[:split_at].strip() + line_concat)
+      seg = seg[split_at + 1:]
+      prefix = new_prefix
+      max_len = new_max_len
+
+    if len((cur_line + seg).rstrip()) < max_len:
+      cur_line = (cur_line + seg).lstrip()
+    else:
+      output.append(prefix + cur_line.rstrip() + line_concat)
+      prefix = new_prefix
+      max_len = new_max_len
+      cur_line = seg.lstrip()
+  if cur_line.strip() != '':
+    output.append(prefix + cur_line.strip())
+
+
+def WrapPreprocessorDirective(line, output):
+  WrapCode(line, ' \\', output)
+
+
+def WrapPlainCode(line, output):
+  WrapCode(line, '', output)
+
+
+def IsMultiLineIWYUPragma(line):
+  return re.search(r'/\* IWYU pragma: ', line)
+
+
+def IsHeaderGuardIncludeOrOneLineIWYUPragma(line):
+  return (re.match(r'^#(ifndef|define|endif\s*//)\s*[\w_]+\s*$', line) or
+          re.match(r'^#include\s', line) or
+          # Don't break IWYU pragmas, either; that causes iwyu.py problems.
+          re.search(r'// IWYU pragma: ', line))
+
+
+def WrapLongLine(line, output):
+  line = line.rstrip()
+  if len(line) <= 80:
+    output.append(line)
+  elif IsSingleLineComment(line):
+    if IsHeaderGuardIncludeOrOneLineIWYUPragma(line):
+      # The style guide made an exception to allow long header guard lines,
+      # includes and IWYU pragmas.
+      output.append(line)
+    else:
+      WrapComment(line, output)
+  elif IsInPreprocessorDirective(output, line):
+    if IsHeaderGuardIncludeOrOneLineIWYUPragma(line):
+      # The style guide made an exception to allow long header guard lines,
+      # includes and IWYU pragmas.
+      output.append(line)
+    else:
+      WrapPreprocessorDirective(line, output)
+  elif IsMultiLineIWYUPragma(line):
+    output.append(line)
+  else:
+    WrapPlainCode(line, output)
+
+
+def BeautifyCode(string):
+  lines = string.splitlines()
+  output = []
+  for line in lines:
+    WrapLongLine(line, output)
+  output2 = [line.rstrip() for line in output]
+  return '\n'.join(output2) + '\n'
+
+
+def ConvertFromPumpSource(src_text):
+  """Return the text generated from the given Pump source text."""
+  ast = ParseToAST(StripMetaComments(src_text))
+  output = Output()
+  RunCode(Env(), ast, output)
+  return BeautifyCode(output.string)
+
+
+def main(argv):
+  if len(argv) == 1:
+    print __doc__
+    sys.exit(1)
+
+  file_path = argv[-1]
+  output_str = ConvertFromPumpSource(file(file_path, 'r').read())
+  if file_path.endswith('.pump'):
+    output_file_path = file_path[:-5]
+  else:
+    output_file_path = '-'
+  if output_file_path == '-':
+    print output_str,
+  else:
+    output_file = file(output_file_path, 'w')
+    output_file.write('// This file was GENERATED by command:\n')
+    output_file.write('//     %s %s\n' %
+                      (os.path.basename(__file__), os.path.basename(file_path)))
+    output_file.write('// DO NOT EDIT BY HAND!!!\n\n')
+    output_file.write(output_str)
+    output_file.close()
+
+
+if __name__ == '__main__':
+  main(sys.argv)
diff --git a/nss/gtests/google_test/gtest/scripts/release_docs.py b/nss/gtests/google_test/gtest/scripts/release_docs.py
new file mode 100755
index 0000000..1291347
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/release_docs.py
@@ -0,0 +1,158 @@
+#!/usr/bin/env python
+#
+# Copyright 2013 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Script for branching Google Test/Mock wiki pages for a new version.
+
+SYNOPSIS
+       release_docs.py NEW_RELEASE_VERSION
+
+       Google Test and Google Mock's external user documentation is in
+       interlinked wiki files.  When we release a new version of
+       Google Test or Google Mock, we need to branch the wiki files
+       such that users of a specific version of Google Test/Mock can
+       look up documenation relevant for that version.  This script
+       automates that process by:
+
+         - branching the current wiki pages (which document the
+           behavior of the SVN trunk head) to pages for the specified
+           version (e.g. branching FAQ.wiki to V2_6_FAQ.wiki when
+           NEW_RELEASE_VERSION is 2.6);
+         - updating the links in the branched files to point to the branched
+           version (e.g. a link in V2_6_FAQ.wiki that pointed to
+           Primer.wiki#Anchor will now point to V2_6_Primer.wiki#Anchor).
+
+       NOTE: NEW_RELEASE_VERSION must be a NEW version number for
+       which the wiki pages don't yet exist; otherwise you'll get SVN
+       errors like "svn: Path 'V1_7_PumpManual.wiki' is not a
+       directory" when running the script.
+
+EXAMPLE
+       $ cd PATH/TO/GTEST_SVN_WORKSPACE/trunk
+       $ scripts/release_docs.py 2.6  # create wiki pages for v2.6
+       $ svn status                   # verify the file list
+       $ svn diff                     # verify the file contents
+       $ svn commit -m "release wiki pages for v2.6"
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sys
+
+import common
+
+
+# Wiki pages that shouldn't be branched for every gtest/gmock release.
+GTEST_UNVERSIONED_WIKIS = ['DevGuide.wiki']
+GMOCK_UNVERSIONED_WIKIS = [
+    'DesignDoc.wiki',
+    'DevGuide.wiki',
+    'KnownIssues.wiki'
+    ]
+
+
+def DropWikiSuffix(wiki_filename):
+  """Removes the .wiki suffix (if any) from the given filename."""
+
+  return (wiki_filename[:-len('.wiki')] if wiki_filename.endswith('.wiki')
+          else wiki_filename)
+
+
+class WikiBrancher(object):
+  """Branches ..."""
+
+  def __init__(self, dot_version):
+    self.project, svn_root_path = common.GetSvnInfo()
+    if self.project not in ('googletest', 'googlemock'):
+      sys.exit('This script must be run in a gtest or gmock SVN workspace.')
+    self.wiki_dir = svn_root_path + '/wiki'
+    # Turn '2.6' to 'V2_6_'.
+    self.version_prefix = 'V' + dot_version.replace('.', '_') + '_'
+    self.files_to_branch = self.GetFilesToBranch()
+    page_names = [DropWikiSuffix(f) for f in self.files_to_branch]
+    # A link to Foo.wiki is in one of the following forms:
+    #   [Foo words]
+    #   [Foo#Anchor words]
+    #   [http://code.google.com/.../wiki/Foo words]
+    #   [http://code.google.com/.../wiki/Foo#Anchor words]
+    # We want to replace 'Foo' with 'V2_6_Foo' in the above cases.
+    self.search_for_re = re.compile(
+        # This regex matches either
+        #   [Foo
+        # or
+        #   /wiki/Foo
+        # followed by a space or a #, where Foo is the name of an
+        # unversioned wiki page.
+        r'(\[|/wiki/)(%s)([ #])' % '|'.join(page_names))
+    self.replace_with = r'\1%s\2\3' % (self.version_prefix,)
+
+  def GetFilesToBranch(self):
+    """Returns a list of .wiki file names that need to be branched."""
+
+    unversioned_wikis = (GTEST_UNVERSIONED_WIKIS if self.project == 'googletest'
+                         else GMOCK_UNVERSIONED_WIKIS)
+    return [f for f in os.listdir(self.wiki_dir)
+            if (f.endswith('.wiki') and
+                not re.match(r'^V\d', f) and  # Excluded versioned .wiki files.
+                f not in unversioned_wikis)]
+
+  def BranchFiles(self):
+    """Branches the .wiki files needed to be branched."""
+
+    print 'Branching %d .wiki files:' % (len(self.files_to_branch),)
+    os.chdir(self.wiki_dir)
+    for f in self.files_to_branch:
+      command = 'svn cp %s %s%s' % (f, self.version_prefix, f)
+      print command
+      os.system(command)
+
+  def UpdateLinksInBranchedFiles(self):
+
+    for f in self.files_to_branch:
+      source_file = os.path.join(self.wiki_dir, f)
+      versioned_file = os.path.join(self.wiki_dir, self.version_prefix + f)
+      print 'Updating links in %s.' % (versioned_file,)
+      text = file(source_file, 'r').read()
+      new_text = self.search_for_re.sub(self.replace_with, text)
+      file(versioned_file, 'w').write(new_text)
+
+
+def main():
+  if len(sys.argv) != 2:
+    sys.exit(__doc__)
+
+  brancher = WikiBrancher(sys.argv[1])
+  brancher.BranchFiles()
+  brancher.UpdateLinksInBranchedFiles()
+
+
+if __name__ == '__main__':
+  main()
diff --git a/nss/gtests/google_test/gtest/scripts/test/Makefile b/nss/gtests/google_test/gtest/scripts/test/Makefile
new file mode 100644
index 0000000..cdff584
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/test/Makefile
@@ -0,0 +1,59 @@
+# A Makefile for fusing Google Test and building a sample test against it.
+#
+# SYNOPSIS:
+#
+#   make [all]  - makes everything.
+#   make TARGET - makes the given target.
+#   make check  - makes everything and runs the built sample test.
+#   make clean  - removes all files generated by make.
+
+# Points to the root of fused Google Test, relative to where this file is.
+FUSED_GTEST_DIR = output
+
+# Paths to the fused gtest files.
+FUSED_GTEST_H = $(FUSED_GTEST_DIR)/gtest/gtest.h
+FUSED_GTEST_ALL_CC = $(FUSED_GTEST_DIR)/gtest/gtest-all.cc
+
+# Where to find the sample test.
+SAMPLE_DIR = ../../samples
+
+# Where to find gtest_main.cc.
+GTEST_MAIN_CC = ../../src/gtest_main.cc
+
+# Flags passed to the preprocessor.
+# We have no idea here whether pthreads is available in the system, so
+# disable its use.
+CPPFLAGS += -I$(FUSED_GTEST_DIR) -DGTEST_HAS_PTHREAD=0
+
+# Flags passed to the C++ compiler.
+CXXFLAGS += -g
+
+all : sample1_unittest
+
+check : all
+	./sample1_unittest
+
+clean :
+	rm -rf $(FUSED_GTEST_DIR) sample1_unittest *.o
+
+$(FUSED_GTEST_H) :
+	../fuse_gtest_files.py $(FUSED_GTEST_DIR)
+
+$(FUSED_GTEST_ALL_CC) :
+	../fuse_gtest_files.py $(FUSED_GTEST_DIR)
+
+gtest-all.o : $(FUSED_GTEST_H) $(FUSED_GTEST_ALL_CC)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(FUSED_GTEST_DIR)/gtest/gtest-all.cc
+
+gtest_main.o : $(FUSED_GTEST_H) $(GTEST_MAIN_CC)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(GTEST_MAIN_CC)
+
+sample1.o : $(SAMPLE_DIR)/sample1.cc $(SAMPLE_DIR)/sample1.h
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(SAMPLE_DIR)/sample1.cc
+
+sample1_unittest.o : $(SAMPLE_DIR)/sample1_unittest.cc \
+                     $(SAMPLE_DIR)/sample1.h $(FUSED_GTEST_H)
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $(SAMPLE_DIR)/sample1_unittest.cc
+
+sample1_unittest : sample1.o sample1_unittest.o gtest-all.o gtest_main.o
+	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $^ -o $@
diff --git a/nss/gtests/google_test/gtest/scripts/upload.py b/nss/gtests/google_test/gtest/scripts/upload.py
new file mode 100755
index 0000000..6e6f9a1
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/upload.py
@@ -0,0 +1,1387 @@
+#!/usr/bin/env python
+#
+# Copyright 2007 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Tool for uploading diffs from a version control system to the codereview app.
+
+Usage summary: upload.py [options] [-- diff_options]
+
+Diff options are passed to the diff command of the underlying system.
+
+Supported version control systems:
+  Git
+  Mercurial
+  Subversion
+
+It is important for Git/Mercurial users to specify a tree/node/branch to diff
+against by using the '--rev' option.
+"""
+# This code is derived from appcfg.py in the App Engine SDK (open source),
+# and from ASPN recipe #146306.
+
+import cookielib
+import getpass
+import logging
+import md5
+import mimetypes
+import optparse
+import os
+import re
+import socket
+import subprocess
+import sys
+import urllib
+import urllib2
+import urlparse
+
+try:
+  import readline
+except ImportError:
+  pass
+
+# The logging verbosity:
+#  0: Errors only.
+#  1: Status messages.
+#  2: Info logs.
+#  3: Debug logs.
+verbosity = 1
+
+# Max size of patch or base file.
+MAX_UPLOAD_SIZE = 900 * 1024
+
+
+def GetEmail(prompt):
+  """Prompts the user for their email address and returns it.
+
+  The last used email address is saved to a file and offered up as a suggestion
+  to the user. If the user presses enter without typing in anything the last
+  used email address is used. If the user enters a new address, it is saved
+  for next time we prompt.
+
+  """
+  last_email_file_name = os.path.expanduser("~/.last_codereview_email_address")
+  last_email = ""
+  if os.path.exists(last_email_file_name):
+    try:
+      last_email_file = open(last_email_file_name, "r")
+      last_email = last_email_file.readline().strip("\n")
+      last_email_file.close()
+      prompt += " [%s]" % last_email
+    except IOError, e:
+      pass
+  email = raw_input(prompt + ": ").strip()
+  if email:
+    try:
+      last_email_file = open(last_email_file_name, "w")
+      last_email_file.write(email)
+      last_email_file.close()
+    except IOError, e:
+      pass
+  else:
+    email = last_email
+  return email
+
+
+def StatusUpdate(msg):
+  """Print a status message to stdout.
+
+  If 'verbosity' is greater than 0, print the message.
+
+  Args:
+    msg: The string to print.
+  """
+  if verbosity > 0:
+    print msg
+
+
+def ErrorExit(msg):
+  """Print an error message to stderr and exit."""
+  print >>sys.stderr, msg
+  sys.exit(1)
+
+
+class ClientLoginError(urllib2.HTTPError):
+  """Raised to indicate there was an error authenticating with ClientLogin."""
+
+  def __init__(self, url, code, msg, headers, args):
+    urllib2.HTTPError.__init__(self, url, code, msg, headers, None)
+    self.args = args
+    self.reason = args["Error"]
+
+
+class AbstractRpcServer(object):
+  """Provides a common interface for a simple RPC server."""
+
+  def __init__(self, host, auth_function, host_override=None, extra_headers={},
+               save_cookies=False):
+    """Creates a new HttpRpcServer.
+
+    Args:
+      host: The host to send requests to.
+      auth_function: A function that takes no arguments and returns an
+        (email, password) tuple when called. Will be called if authentication
+        is required.
+      host_override: The host header to send to the server (defaults to host).
+      extra_headers: A dict of extra headers to append to every request.
+      save_cookies: If True, save the authentication cookies to local disk.
+        If False, use an in-memory cookiejar instead.  Subclasses must
+        implement this functionality.  Defaults to False.
+    """
+    self.host = host
+    self.host_override = host_override
+    self.auth_function = auth_function
+    self.authenticated = False
+    self.extra_headers = extra_headers
+    self.save_cookies = save_cookies
+    self.opener = self._GetOpener()
+    if self.host_override:
+      logging.info("Server: %s; Host: %s", self.host, self.host_override)
+    else:
+      logging.info("Server: %s", self.host)
+
+  def _GetOpener(self):
+    """Returns an OpenerDirector for making HTTP requests.
+
+    Returns:
+      A urllib2.OpenerDirector object.
+    """
+    raise NotImplementedError()
+
+  def _CreateRequest(self, url, data=None):
+    """Creates a new urllib request."""
+    logging.debug("Creating request for: '%s' with payload:\n%s", url, data)
+    req = urllib2.Request(url, data=data)
+    if self.host_override:
+      req.add_header("Host", self.host_override)
+    for key, value in self.extra_headers.iteritems():
+      req.add_header(key, value)
+    return req
+
+  def _GetAuthToken(self, email, password):
+    """Uses ClientLogin to authenticate the user, returning an auth token.
+
+    Args:
+      email:    The user's email address
+      password: The user's password
+
+    Raises:
+      ClientLoginError: If there was an error authenticating with ClientLogin.
+      HTTPError: If there was some other form of HTTP error.
+
+    Returns:
+      The authentication token returned by ClientLogin.
+    """
+    account_type = "GOOGLE"
+    if self.host.endswith(".google.com"):
+      # Needed for use inside Google.
+      account_type = "HOSTED"
+    req = self._CreateRequest(
+        url="https://www.google.com/accounts/ClientLogin",
+        data=urllib.urlencode({
+            "Email": email,
+            "Passwd": password,
+            "service": "ah",
+            "source": "rietveld-codereview-upload",
+            "accountType": account_type,
+        }),
+    )
+    try:
+      response = self.opener.open(req)
+      response_body = response.read()
+      response_dict = dict(x.split("=")
+                           for x in response_body.split("\n") if x)
+      return response_dict["Auth"]
+    except urllib2.HTTPError, e:
+      if e.code == 403:
+        body = e.read()
+        response_dict = dict(x.split("=", 1) for x in body.split("\n") if x)
+        raise ClientLoginError(req.get_full_url(), e.code, e.msg,
+                               e.headers, response_dict)
+      else:
+        raise
+
+  def _GetAuthCookie(self, auth_token):
+    """Fetches authentication cookies for an authentication token.
+
+    Args:
+      auth_token: The authentication token returned by ClientLogin.
+
+    Raises:
+      HTTPError: If there was an error fetching the authentication cookies.
+    """
+    # This is a dummy value to allow us to identify when we're successful.
+    continue_location = "http://localhost/"
+    args = {"continue": continue_location, "auth": auth_token}
+    req = self._CreateRequest("http://%s/_ah/login?%s" %
+                              (self.host, urllib.urlencode(args)))
+    try:
+      response = self.opener.open(req)
+    except urllib2.HTTPError, e:
+      response = e
+    if (response.code != 302 or
+        response.info()["location"] != continue_location):
+      raise urllib2.HTTPError(req.get_full_url(), response.code, response.msg,
+                              response.headers, response.fp)
+    self.authenticated = True
+
+  def _Authenticate(self):
+    """Authenticates the user.
+
+    The authentication process works as follows:
+     1) We get a username and password from the user
+     2) We use ClientLogin to obtain an AUTH token for the user
+        (see http://code.google.com/apis/accounts/AuthForInstalledApps.html).
+     3) We pass the auth token to /_ah/login on the server to obtain an
+        authentication cookie. If login was successful, it tries to redirect
+        us to the URL we provided.
+
+    If we attempt to access the upload API without first obtaining an
+    authentication cookie, it returns a 401 response and directs us to
+    authenticate ourselves with ClientLogin.
+    """
+    for i in range(3):
+      credentials = self.auth_function()
+      try:
+        auth_token = self._GetAuthToken(credentials[0], credentials[1])
+      except ClientLoginError, e:
+        if e.reason == "BadAuthentication":
+          print >>sys.stderr, "Invalid username or password."
+          continue
+        if e.reason == "CaptchaRequired":
+          print >>sys.stderr, (
+              "Please go to\n"
+              "https://www.google.com/accounts/DisplayUnlockCaptcha\n"
+              "and verify you are a human.  Then try again.")
+          break
+        if e.reason == "NotVerified":
+          print >>sys.stderr, "Account not verified."
+          break
+        if e.reason == "TermsNotAgreed":
+          print >>sys.stderr, "User has not agreed to TOS."
+          break
+        if e.reason == "AccountDeleted":
+          print >>sys.stderr, "The user account has been deleted."
+          break
+        if e.reason == "AccountDisabled":
+          print >>sys.stderr, "The user account has been disabled."
+          break
+        if e.reason == "ServiceDisabled":
+          print >>sys.stderr, ("The user's access to the service has been "
+                               "disabled.")
+          break
+        if e.reason == "ServiceUnavailable":
+          print >>sys.stderr, "The service is not available; try again later."
+          break
+        raise
+      self._GetAuthCookie(auth_token)
+      return
+
+  def Send(self, request_path, payload=None,
+           content_type="application/octet-stream",
+           timeout=None,
+           **kwargs):
+    """Sends an RPC and returns the response.
+
+    Args:
+      request_path: The path to send the request to, eg /api/appversion/create.
+      payload: The body of the request, or None to send an empty request.
+      content_type: The Content-Type header to use.
+      timeout: timeout in seconds; default None i.e. no timeout.
+        (Note: for large requests on OS X, the timeout doesn't work right.)
+      kwargs: Any keyword arguments are converted into query string parameters.
+
+    Returns:
+      The response body, as a string.
+    """
+    # TODO: Don't require authentication.  Let the server say
+    # whether it is necessary.
+    if not self.authenticated:
+      self._Authenticate()
+
+    old_timeout = socket.getdefaulttimeout()
+    socket.setdefaulttimeout(timeout)
+    try:
+      tries = 0
+      while True:
+        tries += 1
+        args = dict(kwargs)
+        url = "http://%s%s" % (self.host, request_path)
+        if args:
+          url += "?" + urllib.urlencode(args)
+        req = self._CreateRequest(url=url, data=payload)
+        req.add_header("Content-Type", content_type)
+        try:
+          f = self.opener.open(req)
+          response = f.read()
+          f.close()
+          return response
+        except urllib2.HTTPError, e:
+          if tries > 3:
+            raise
+          elif e.code == 401:
+            self._Authenticate()
+##           elif e.code >= 500 and e.code < 600:
+##             # Server Error - try again.
+##             continue
+          else:
+            raise
+    finally:
+      socket.setdefaulttimeout(old_timeout)
+
+
+class HttpRpcServer(AbstractRpcServer):
+  """Provides a simplified RPC-style interface for HTTP requests."""
+
+  def _Authenticate(self):
+    """Save the cookie jar after authentication."""
+    super(HttpRpcServer, self)._Authenticate()
+    if self.save_cookies:
+      StatusUpdate("Saving authentication cookies to %s" % self.cookie_file)
+      self.cookie_jar.save()
+
+  def _GetOpener(self):
+    """Returns an OpenerDirector that supports cookies and ignores redirects.
+
+    Returns:
+      A urllib2.OpenerDirector object.
+    """
+    opener = urllib2.OpenerDirector()
+    opener.add_handler(urllib2.ProxyHandler())
+    opener.add_handler(urllib2.UnknownHandler())
+    opener.add_handler(urllib2.HTTPHandler())
+    opener.add_handler(urllib2.HTTPDefaultErrorHandler())
+    opener.add_handler(urllib2.HTTPSHandler())
+    opener.add_handler(urllib2.HTTPErrorProcessor())
+    if self.save_cookies:
+      self.cookie_file = os.path.expanduser("~/.codereview_upload_cookies")
+      self.cookie_jar = cookielib.MozillaCookieJar(self.cookie_file)
+      if os.path.exists(self.cookie_file):
+        try:
+          self.cookie_jar.load()
+          self.authenticated = True
+          StatusUpdate("Loaded authentication cookies from %s" %
+                       self.cookie_file)
+        except (cookielib.LoadError, IOError):
+          # Failed to load cookies - just ignore them.
+          pass
+      else:
+        # Create an empty cookie file with mode 600
+        fd = os.open(self.cookie_file, os.O_CREAT, 0600)
+        os.close(fd)
+      # Always chmod the cookie file
+      os.chmod(self.cookie_file, 0600)
+    else:
+      # Don't save cookies across runs of update.py.
+      self.cookie_jar = cookielib.CookieJar()
+    opener.add_handler(urllib2.HTTPCookieProcessor(self.cookie_jar))
+    return opener
+
+
+parser = optparse.OptionParser(usage="%prog [options] [-- diff_options]")
+parser.add_option("-y", "--assume_yes", action="store_true",
+                  dest="assume_yes", default=False,
+                  help="Assume that the answer to yes/no questions is 'yes'.")
+# Logging
+group = parser.add_option_group("Logging options")
+group.add_option("-q", "--quiet", action="store_const", const=0,
+                 dest="verbose", help="Print errors only.")
+group.add_option("-v", "--verbose", action="store_const", const=2,
+                 dest="verbose", default=1,
+                 help="Print info level logs (default).")
+group.add_option("--noisy", action="store_const", const=3,
+                 dest="verbose", help="Print all logs.")
+# Review server
+group = parser.add_option_group("Review server options")
+group.add_option("-s", "--server", action="store", dest="server",
+                 default="codereview.appspot.com",
+                 metavar="SERVER",
+                 help=("The server to upload to. The format is host[:port]. "
+                       "Defaults to 'codereview.appspot.com'."))
+group.add_option("-e", "--email", action="store", dest="email",
+                 metavar="EMAIL", default=None,
+                 help="The username to use. Will prompt if omitted.")
+group.add_option("-H", "--host", action="store", dest="host",
+                 metavar="HOST", default=None,
+                 help="Overrides the Host header sent with all RPCs.")
+group.add_option("--no_cookies", action="store_false",
+                 dest="save_cookies", default=True,
+                 help="Do not save authentication cookies to local disk.")
+# Issue
+group = parser.add_option_group("Issue options")
+group.add_option("-d", "--description", action="store", dest="description",
+                 metavar="DESCRIPTION", default=None,
+                 help="Optional description when creating an issue.")
+group.add_option("-f", "--description_file", action="store",
+                 dest="description_file", metavar="DESCRIPTION_FILE",
+                 default=None,
+                 help="Optional path of a file that contains "
+                      "the description when creating an issue.")
+group.add_option("-r", "--reviewers", action="store", dest="reviewers",
+                 metavar="REVIEWERS", default=None,
+                 help="Add reviewers (comma separated email addresses).")
+group.add_option("--cc", action="store", dest="cc",
+                 metavar="CC", default=None,
+                 help="Add CC (comma separated email addresses).")
+# Upload options
+group = parser.add_option_group("Patch options")
+group.add_option("-m", "--message", action="store", dest="message",
+                 metavar="MESSAGE", default=None,
+                 help="A message to identify the patch. "
+                      "Will prompt if omitted.")
+group.add_option("-i", "--issue", type="int", action="store",
+                 metavar="ISSUE", default=None,
+                 help="Issue number to which to add. Defaults to new issue.")
+group.add_option("--download_base", action="store_true",
+                 dest="download_base", default=False,
+                 help="Base files will be downloaded by the server "
+                 "(side-by-side diffs may not work on files with CRs).")
+group.add_option("--rev", action="store", dest="revision",
+                 metavar="REV", default=None,
+                 help="Branch/tree/revision to diff against (used by DVCS).")
+group.add_option("--send_mail", action="store_true",
+                 dest="send_mail", default=False,
+                 help="Send notification email to reviewers.")
+
+
+def GetRpcServer(options):
+  """Returns an instance of an AbstractRpcServer.
+
+  Returns:
+    A new AbstractRpcServer, on which RPC calls can be made.
+  """
+
+  rpc_server_class = HttpRpcServer
+
+  def GetUserCredentials():
+    """Prompts the user for a username and password."""
+    email = options.email
+    if email is None:
+      email = GetEmail("Email (login for uploading to %s)" % options.server)
+    password = getpass.getpass("Password for %s: " % email)
+    return (email, password)
+
+  # If this is the dev_appserver, use fake authentication.
+  host = (options.host or options.server).lower()
+  if host == "localhost" or host.startswith("localhost:"):
+    email = options.email
+    if email is None:
+      email = "test@example.com"
+      logging.info("Using debug user %s.  Override with --email" % email)
+    server = rpc_server_class(
+        options.server,
+        lambda: (email, "password"),
+        host_override=options.host,
+        extra_headers={"Cookie":
+                       'dev_appserver_login="%s:False"' % email},
+        save_cookies=options.save_cookies)
+    # Don't try to talk to ClientLogin.
+    server.authenticated = True
+    return server
+
+  return rpc_server_class(options.server, GetUserCredentials,
+                          host_override=options.host,
+                          save_cookies=options.save_cookies)
+
+
+def EncodeMultipartFormData(fields, files):
+  """Encode form fields for multipart/form-data.
+
+  Args:
+    fields: A sequence of (name, value) elements for regular form fields.
+    files: A sequence of (name, filename, value) elements for data to be
+           uploaded as files.
+  Returns:
+    (content_type, body) ready for httplib.HTTP instance.
+
+  Source:
+    http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/146306
+  """
+  BOUNDARY = '-M-A-G-I-C---B-O-U-N-D-A-R-Y-'
+  CRLF = '\r\n'
+  lines = []
+  for (key, value) in fields:
+    lines.append('--' + BOUNDARY)
+    lines.append('Content-Disposition: form-data; name="%s"' % key)
+    lines.append('')
+    lines.append(value)
+  for (key, filename, value) in files:
+    lines.append('--' + BOUNDARY)
+    lines.append('Content-Disposition: form-data; name="%s"; filename="%s"' %
+             (key, filename))
+    lines.append('Content-Type: %s' % GetContentType(filename))
+    lines.append('')
+    lines.append(value)
+  lines.append('--' + BOUNDARY + '--')
+  lines.append('')
+  body = CRLF.join(lines)
+  content_type = 'multipart/form-data; boundary=%s' % BOUNDARY
+  return content_type, body
+
+
+def GetContentType(filename):
+  """Helper to guess the content-type from the filename."""
+  return mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+
+
+# Use a shell for subcommands on Windows to get a PATH search.
+use_shell = sys.platform.startswith("win")
+
+def RunShellWithReturnCode(command, print_output=False,
+                           universal_newlines=True):
+  """Executes a command and returns the output from stdout and the return code.
+
+  Args:
+    command: Command to execute.
+    print_output: If True, the output is printed to stdout.
+                  If False, both stdout and stderr are ignored.
+    universal_newlines: Use universal_newlines flag (default: True).
+
+  Returns:
+    Tuple (output, return code)
+  """
+  logging.info("Running %s", command)
+  p = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                       shell=use_shell, universal_newlines=universal_newlines)
+  if print_output:
+    output_array = []
+    while True:
+      line = p.stdout.readline()
+      if not line:
+        break
+      print line.strip("\n")
+      output_array.append(line)
+    output = "".join(output_array)
+  else:
+    output = p.stdout.read()
+  p.wait()
+  errout = p.stderr.read()
+  if print_output and errout:
+    print >>sys.stderr, errout
+  p.stdout.close()
+  p.stderr.close()
+  return output, p.returncode
+
+
+def RunShell(command, silent_ok=False, universal_newlines=True,
+             print_output=False):
+  data, retcode = RunShellWithReturnCode(command, print_output,
+                                         universal_newlines)
+  if retcode:
+    ErrorExit("Got error status from %s:\n%s" % (command, data))
+  if not silent_ok and not data:
+    ErrorExit("No output from %s" % command)
+  return data
+
+
+class VersionControlSystem(object):
+  """Abstract base class providing an interface to the VCS."""
+
+  def __init__(self, options):
+    """Constructor.
+
+    Args:
+      options: Command line options.
+    """
+    self.options = options
+
+  def GenerateDiff(self, args):
+    """Return the current diff as a string.
+
+    Args:
+      args: Extra arguments to pass to the diff command.
+    """
+    raise NotImplementedError(
+        "abstract method -- subclass %s must override" % self.__class__)
+
+  def GetUnknownFiles(self):
+    """Return a list of files unknown to the VCS."""
+    raise NotImplementedError(
+        "abstract method -- subclass %s must override" % self.__class__)
+
+  def CheckForUnknownFiles(self):
+    """Show an "are you sure?" prompt if there are unknown files."""
+    unknown_files = self.GetUnknownFiles()
+    if unknown_files:
+      print "The following files are not added to version control:"
+      for line in unknown_files:
+        print line
+      prompt = "Are you sure to continue?(y/N) "
+      answer = raw_input(prompt).strip()
+      if answer != "y":
+        ErrorExit("User aborted")
+
+  def GetBaseFile(self, filename):
+    """Get the content of the upstream version of a file.
+
+    Returns:
+      A tuple (base_content, new_content, is_binary, status)
+        base_content: The contents of the base file.
+        new_content: For text files, this is empty.  For binary files, this is
+          the contents of the new file, since the diff output won't contain
+          information to reconstruct the current file.
+        is_binary: True iff the file is binary.
+        status: The status of the file.
+    """
+
+    raise NotImplementedError(
+        "abstract method -- subclass %s must override" % self.__class__)
+
+
+  def GetBaseFiles(self, diff):
+    """Helper that calls GetBase file for each file in the patch.
+
+    Returns:
+      A dictionary that maps from filename to GetBaseFile's tuple.  Filenames
+      are retrieved based on lines that start with "Index:" or
+      "Property changes on:".
+    """
+    files = {}
+    for line in diff.splitlines(True):
+      if line.startswith('Index:') or line.startswith('Property changes on:'):
+        unused, filename = line.split(':', 1)
+        # On Windows if a file has property changes its filename uses '\'
+        # instead of '/'.
+        filename = filename.strip().replace('\\', '/')
+        files[filename] = self.GetBaseFile(filename)
+    return files
+
+
+  def UploadBaseFiles(self, issue, rpc_server, patch_list, patchset, options,
+                      files):
+    """Uploads the base files (and if necessary, the current ones as well)."""
+
+    def UploadFile(filename, file_id, content, is_binary, status, is_base):
+      """Uploads a file to the server."""
+      file_too_large = False
+      if is_base:
+        type = "base"
+      else:
+        type = "current"
+      if len(content) > MAX_UPLOAD_SIZE:
+        print ("Not uploading the %s file for %s because it's too large." %
+               (type, filename))
+        file_too_large = True
+        content = ""
+      checksum = md5.new(content).hexdigest()
+      if options.verbose > 0 and not file_too_large:
+        print "Uploading %s file for %s" % (type, filename)
+      url = "/%d/upload_content/%d/%d" % (int(issue), int(patchset), file_id)
+      form_fields = [("filename", filename),
+                     ("status", status),
+                     ("checksum", checksum),
+                     ("is_binary", str(is_binary)),
+                     ("is_current", str(not is_base)),
+                    ]
+      if file_too_large:
+        form_fields.append(("file_too_large", "1"))
+      if options.email:
+        form_fields.append(("user", options.email))
+      ctype, body = EncodeMultipartFormData(form_fields,
+                                            [("data", filename, content)])
+      response_body = rpc_server.Send(url, body,
+                                      content_type=ctype)
+      if not response_body.startswith("OK"):
+        StatusUpdate("  --> %s" % response_body)
+        sys.exit(1)
+
+    patches = dict()
+    [patches.setdefault(v, k) for k, v in patch_list]
+    for filename in patches.keys():
+      base_content, new_content, is_binary, status = files[filename]
+      file_id_str = patches.get(filename)
+      if file_id_str.find("nobase") != -1:
+        base_content = None
+        file_id_str = file_id_str[file_id_str.rfind("_") + 1:]
+      file_id = int(file_id_str)
+      if base_content != None:
+        UploadFile(filename, file_id, base_content, is_binary, status, True)
+      if new_content != None:
+        UploadFile(filename, file_id, new_content, is_binary, status, False)
+
+  def IsImage(self, filename):
+    """Returns true if the filename has an image extension."""
+    mimetype =  mimetypes.guess_type(filename)[0]
+    if not mimetype:
+      return False
+    return mimetype.startswith("image/")
+
+
+class SubversionVCS(VersionControlSystem):
+  """Implementation of the VersionControlSystem interface for Subversion."""
+
+  def __init__(self, options):
+    super(SubversionVCS, self).__init__(options)
+    if self.options.revision:
+      match = re.match(r"(\d+)(:(\d+))?", self.options.revision)
+      if not match:
+        ErrorExit("Invalid Subversion revision %s." % self.options.revision)
+      self.rev_start = match.group(1)
+      self.rev_end = match.group(3)
+    else:
+      self.rev_start = self.rev_end = None
+    # Cache output from "svn list -r REVNO dirname".
+    # Keys: dirname, Values: 2-tuple (ouput for start rev and end rev).
+    self.svnls_cache = {}
+    # SVN base URL is required to fetch files deleted in an older revision.
+    # Result is cached to not guess it over and over again in GetBaseFile().
+    required = self.options.download_base or self.options.revision is not None
+    self.svn_base = self._GuessBase(required)
+
+  def GuessBase(self, required):
+    """Wrapper for _GuessBase."""
+    return self.svn_base
+
+  def _GuessBase(self, required):
+    """Returns the SVN base URL.
+
+    Args:
+      required: If true, exits if the url can't be guessed, otherwise None is
+        returned.
+    """
+    info = RunShell(["svn", "info"])
+    for line in info.splitlines():
+      words = line.split()
+      if len(words) == 2 and words[0] == "URL:":
+        url = words[1]
+        scheme, netloc, path, params, query, fragment = urlparse.urlparse(url)
+        username, netloc = urllib.splituser(netloc)
+        if username:
+          logging.info("Removed username from base URL")
+        if netloc.endswith("svn.python.org"):
+          if netloc == "svn.python.org":
+            if path.startswith("/projects/"):
+              path = path[9:]
+          elif netloc != "pythondev@svn.python.org":
+            ErrorExit("Unrecognized Python URL: %s" % url)
+          base = "http://svn.python.org/view/*checkout*%s/" % path
+          logging.info("Guessed Python base = %s", base)
+        elif netloc.endswith("svn.collab.net"):
+          if path.startswith("/repos/"):
+            path = path[6:]
+          base = "http://svn.collab.net/viewvc/*checkout*%s/" % path
+          logging.info("Guessed CollabNet base = %s", base)
+        elif netloc.endswith(".googlecode.com"):
+          path = path + "/"
+          base = urlparse.urlunparse(("http", netloc, path, params,
+                                      query, fragment))
+          logging.info("Guessed Google Code base = %s", base)
+        else:
+          path = path + "/"
+          base = urlparse.urlunparse((scheme, netloc, path, params,
+                                      query, fragment))
+          logging.info("Guessed base = %s", base)
+        return base
+    if required:
+      ErrorExit("Can't find URL in output from svn info")
+    return None
+
+  def GenerateDiff(self, args):
+    cmd = ["svn", "diff"]
+    if self.options.revision:
+      cmd += ["-r", self.options.revision]
+    cmd.extend(args)
+    data = RunShell(cmd)
+    count = 0
+    for line in data.splitlines():
+      if line.startswith("Index:") or line.startswith("Property changes on:"):
+        count += 1
+        logging.info(line)
+    if not count:
+      ErrorExit("No valid patches found in output from svn diff")
+    return data
+
+  def _CollapseKeywords(self, content, keyword_str):
+    """Collapses SVN keywords."""
+    # svn cat translates keywords but svn diff doesn't. As a result of this
+    # behavior patching.PatchChunks() fails with a chunk mismatch error.
+    # This part was originally written by the Review Board development team
+    # who had the same problem (http://reviews.review-board.org/r/276/).
+    # Mapping of keywords to known aliases
+    svn_keywords = {
+      # Standard keywords
+      'Date':                ['Date', 'LastChangedDate'],
+      'Revision':            ['Revision', 'LastChangedRevision', 'Rev'],
+      'Author':              ['Author', 'LastChangedBy'],
+      'HeadURL':             ['HeadURL', 'URL'],
+      'Id':                  ['Id'],
+
+      # Aliases
+      'LastChangedDate':     ['LastChangedDate', 'Date'],
+      'LastChangedRevision': ['LastChangedRevision', 'Rev', 'Revision'],
+      'LastChangedBy':       ['LastChangedBy', 'Author'],
+      'URL':                 ['URL', 'HeadURL'],
+    }
+
+    def repl(m):
+       if m.group(2):
+         return "$%s::%s$" % (m.group(1), " " * len(m.group(3)))
+       return "$%s$" % m.group(1)
+    keywords = [keyword
+                for name in keyword_str.split(" ")
+                for keyword in svn_keywords.get(name, [])]
+    return re.sub(r"\$(%s):(:?)([^\$]+)\$" % '|'.join(keywords), repl, content)
+
+  def GetUnknownFiles(self):
+    status = RunShell(["svn", "status", "--ignore-externals"], silent_ok=True)
+    unknown_files = []
+    for line in status.split("\n"):
+      if line and line[0] == "?":
+        unknown_files.append(line)
+    return unknown_files
+
+  def ReadFile(self, filename):
+    """Returns the contents of a file."""
+    file = open(filename, 'rb')
+    result = ""
+    try:
+      result = file.read()
+    finally:
+      file.close()
+    return result
+
+  def GetStatus(self, filename):
+    """Returns the status of a file."""
+    if not self.options.revision:
+      status = RunShell(["svn", "status", "--ignore-externals", filename])
+      if not status:
+        ErrorExit("svn status returned no output for %s" % filename)
+      status_lines = status.splitlines()
+      # If file is in a cl, the output will begin with
+      # "\n--- Changelist 'cl_name':\n".  See
+      # http://svn.collab.net/repos/svn/trunk/notes/changelist-design.txt
+      if (len(status_lines) == 3 and
+          not status_lines[0] and
+          status_lines[1].startswith("--- Changelist")):
+        status = status_lines[2]
+      else:
+        status = status_lines[0]
+    # If we have a revision to diff against we need to run "svn list"
+    # for the old and the new revision and compare the results to get
+    # the correct status for a file.
+    else:
+      dirname, relfilename = os.path.split(filename)
+      if dirname not in self.svnls_cache:
+        cmd = ["svn", "list", "-r", self.rev_start, dirname or "."]
+        out, returncode = RunShellWithReturnCode(cmd)
+        if returncode:
+          ErrorExit("Failed to get status for %s." % filename)
+        old_files = out.splitlines()
+        args = ["svn", "list"]
+        if self.rev_end:
+          args += ["-r", self.rev_end]
+        cmd = args + [dirname or "."]
+        out, returncode = RunShellWithReturnCode(cmd)
+        if returncode:
+          ErrorExit("Failed to run command %s" % cmd)
+        self.svnls_cache[dirname] = (old_files, out.splitlines())
+      old_files, new_files = self.svnls_cache[dirname]
+      if relfilename in old_files and relfilename not in new_files:
+        status = "D   "
+      elif relfilename in old_files and relfilename in new_files:
+        status = "M   "
+      else:
+        status = "A   "
+    return status
+
+  def GetBaseFile(self, filename):
+    status = self.GetStatus(filename)
+    base_content = None
+    new_content = None
+
+    # If a file is copied its status will be "A  +", which signifies
+    # "addition-with-history".  See "svn st" for more information.  We need to
+    # upload the original file or else diff parsing will fail if the file was
+    # edited.
+    if status[0] == "A" and status[3] != "+":
+      # We'll need to upload the new content if we're adding a binary file
+      # since diff's output won't contain it.
+      mimetype = RunShell(["svn", "propget", "svn:mime-type", filename],
+                          silent_ok=True)
+      base_content = ""
+      is_binary = mimetype and not mimetype.startswith("text/")
+      if is_binary and self.IsImage(filename):
+        new_content = self.ReadFile(filename)
+    elif (status[0] in ("M", "D", "R") or
+          (status[0] == "A" and status[3] == "+") or  # Copied file.
+          (status[0] == " " and status[1] == "M")):  # Property change.
+      args = []
+      if self.options.revision:
+        url = "%s/%s@%s" % (self.svn_base, filename, self.rev_start)
+      else:
+        # Don't change filename, it's needed later.
+        url = filename
+        args += ["-r", "BASE"]
+      cmd = ["svn"] + args + ["propget", "svn:mime-type", url]
+      mimetype, returncode = RunShellWithReturnCode(cmd)
+      if returncode:
+        # File does not exist in the requested revision.
+        # Reset mimetype, it contains an error message.
+        mimetype = ""
+      get_base = False
+      is_binary = mimetype and not mimetype.startswith("text/")
+      if status[0] == " ":
+        # Empty base content just to force an upload.
+        base_content = ""
+      elif is_binary:
+        if self.IsImage(filename):
+          get_base = True
+          if status[0] == "M":
+            if not self.rev_end:
+              new_content = self.ReadFile(filename)
+            else:
+              url = "%s/%s@%s" % (self.svn_base, filename, self.rev_end)
+              new_content = RunShell(["svn", "cat", url],
+                                     universal_newlines=True, silent_ok=True)
+        else:
+          base_content = ""
+      else:
+        get_base = True
+
+      if get_base:
+        if is_binary:
+          universal_newlines = False
+        else:
+          universal_newlines = True
+        if self.rev_start:
+          # "svn cat -r REV delete_file.txt" doesn't work. cat requires
+          # the full URL with "@REV" appended instead of using "-r" option.
+          url = "%s/%s@%s" % (self.svn_base, filename, self.rev_start)
+          base_content = RunShell(["svn", "cat", url],
+                                  universal_newlines=universal_newlines,
+                                  silent_ok=True)
+        else:
+          base_content = RunShell(["svn", "cat", filename],
+                                  universal_newlines=universal_newlines,
+                                  silent_ok=True)
+        if not is_binary:
+          args = []
+          if self.rev_start:
+            url = "%s/%s@%s" % (self.svn_base, filename, self.rev_start)
+          else:
+            url = filename
+            args += ["-r", "BASE"]
+          cmd = ["svn"] + args + ["propget", "svn:keywords", url]
+          keywords, returncode = RunShellWithReturnCode(cmd)
+          if keywords and not returncode:
+            base_content = self._CollapseKeywords(base_content, keywords)
+    else:
+      StatusUpdate("svn status returned unexpected output: %s" % status)
+      sys.exit(1)
+    return base_content, new_content, is_binary, status[0:5]
+
+
+class GitVCS(VersionControlSystem):
+  """Implementation of the VersionControlSystem interface for Git."""
+
+  def __init__(self, options):
+    super(GitVCS, self).__init__(options)
+    # Map of filename -> hash of base file.
+    self.base_hashes = {}
+
+  def GenerateDiff(self, extra_args):
+    # This is more complicated than svn's GenerateDiff because we must convert
+    # the diff output to include an svn-style "Index:" line as well as record
+    # the hashes of the base files, so we can upload them along with our diff.
+    if self.options.revision:
+      extra_args = [self.options.revision] + extra_args
+    gitdiff = RunShell(["git", "diff", "--full-index"] + extra_args)
+    svndiff = []
+    filecount = 0
+    filename = None
+    for line in gitdiff.splitlines():
+      match = re.match(r"diff --git a/(.*) b/.*$", line)
+      if match:
+        filecount += 1
+        filename = match.group(1)
+        svndiff.append("Index: %s\n" % filename)
+      else:
+        # The "index" line in a git diff looks like this (long hashes elided):
+        #   index 82c0d44..b2cee3f 100755
+        # We want to save the left hash, as that identifies the base file.
+        match = re.match(r"index (\w+)\.\.", line)
+        if match:
+          self.base_hashes[filename] = match.group(1)
+      svndiff.append(line + "\n")
+    if not filecount:
+      ErrorExit("No valid patches found in output from git diff")
+    return "".join(svndiff)
+
+  def GetUnknownFiles(self):
+    status = RunShell(["git", "ls-files", "--exclude-standard", "--others"],
+                      silent_ok=True)
+    return status.splitlines()
+
+  def GetBaseFile(self, filename):
+    hash = self.base_hashes[filename]
+    base_content = None
+    new_content = None
+    is_binary = False
+    if hash == "0" * 40:  # All-zero hash indicates no base file.
+      status = "A"
+      base_content = ""
+    else:
+      status = "M"
+      base_content, returncode = RunShellWithReturnCode(["git", "show", hash])
+      if returncode:
+        ErrorExit("Got error status from 'git show %s'" % hash)
+    return (base_content, new_content, is_binary, status)
+
+
+class MercurialVCS(VersionControlSystem):
+  """Implementation of the VersionControlSystem interface for Mercurial."""
+
+  def __init__(self, options, repo_dir):
+    super(MercurialVCS, self).__init__(options)
+    # Absolute path to repository (we can be in a subdir)
+    self.repo_dir = os.path.normpath(repo_dir)
+    # Compute the subdir
+    cwd = os.path.normpath(os.getcwd())
+    assert cwd.startswith(self.repo_dir)
+    self.subdir = cwd[len(self.repo_dir):].lstrip(r"\/")
+    if self.options.revision:
+      self.base_rev = self.options.revision
+    else:
+      self.base_rev = RunShell(["hg", "parent", "-q"]).split(':')[1].strip()
+
+  def _GetRelPath(self, filename):
+    """Get relative path of a file according to the current directory,
+    given its logical path in the repo."""
+    assert filename.startswith(self.subdir), filename
+    return filename[len(self.subdir):].lstrip(r"\/")
+
+  def GenerateDiff(self, extra_args):
+    # If no file specified, restrict to the current subdir
+    extra_args = extra_args or ["."]
+    cmd = ["hg", "diff", "--git", "-r", self.base_rev] + extra_args
+    data = RunShell(cmd, silent_ok=True)
+    svndiff = []
+    filecount = 0
+    for line in data.splitlines():
+      m = re.match("diff --git a/(\S+) b/(\S+)", line)
+      if m:
+        # Modify line to make it look like as it comes from svn diff.
+        # With this modification no changes on the server side are required
+        # to make upload.py work with Mercurial repos.
+        # NOTE: for proper handling of moved/copied files, we have to use
+        # the second filename.
+        filename = m.group(2)
+        svndiff.append("Index: %s" % filename)
+        svndiff.append("=" * 67)
+        filecount += 1
+        logging.info(line)
+      else:
+        svndiff.append(line)
+    if not filecount:
+      ErrorExit("No valid patches found in output from hg diff")
+    return "\n".join(svndiff) + "\n"
+
+  def GetUnknownFiles(self):
+    """Return a list of files unknown to the VCS."""
+    args = []
+    status = RunShell(["hg", "status", "--rev", self.base_rev, "-u", "."],
+        silent_ok=True)
+    unknown_files = []
+    for line in status.splitlines():
+      st, fn = line.split(" ", 1)
+      if st == "?":
+        unknown_files.append(fn)
+    return unknown_files
+
+  def GetBaseFile(self, filename):
+    # "hg status" and "hg cat" both take a path relative to the current subdir
+    # rather than to the repo root, but "hg diff" has given us the full path
+    # to the repo root.
+    base_content = ""
+    new_content = None
+    is_binary = False
+    oldrelpath = relpath = self._GetRelPath(filename)
+    # "hg status -C" returns two lines for moved/copied files, one otherwise
+    out = RunShell(["hg", "status", "-C", "--rev", self.base_rev, relpath])
+    out = out.splitlines()
+    # HACK: strip error message about missing file/directory if it isn't in
+    # the working copy
+    if out[0].startswith('%s: ' % relpath):
+      out = out[1:]
+    if len(out) > 1:
+      # Moved/copied => considered as modified, use old filename to
+      # retrieve base contents
+      oldrelpath = out[1].strip()
+      status = "M"
+    else:
+      status, _ = out[0].split(' ', 1)
+    if status != "A":
+      base_content = RunShell(["hg", "cat", "-r", self.base_rev, oldrelpath],
+        silent_ok=True)
+      is_binary = "\0" in base_content  # Mercurial's heuristic
+    if status != "R":
+      new_content = open(relpath, "rb").read()
+      is_binary = is_binary or "\0" in new_content
+    if is_binary and base_content:
+      # Fetch again without converting newlines
+      base_content = RunShell(["hg", "cat", "-r", self.base_rev, oldrelpath],
+        silent_ok=True, universal_newlines=False)
+    if not is_binary or not self.IsImage(relpath):
+      new_content = None
+    return base_content, new_content, is_binary, status
+
+
+# NOTE: The SplitPatch function is duplicated in engine.py, keep them in sync.
+def SplitPatch(data):
+  """Splits a patch into separate pieces for each file.
+
+  Args:
+    data: A string containing the output of svn diff.
+
+  Returns:
+    A list of 2-tuple (filename, text) where text is the svn diff output
+      pertaining to filename.
+  """
+  patches = []
+  filename = None
+  diff = []
+  for line in data.splitlines(True):
+    new_filename = None
+    if line.startswith('Index:'):
+      unused, new_filename = line.split(':', 1)
+      new_filename = new_filename.strip()
+    elif line.startswith('Property changes on:'):
+      unused, temp_filename = line.split(':', 1)
+      # When a file is modified, paths use '/' between directories, however
+      # when a property is modified '\' is used on Windows.  Make them the same
+      # otherwise the file shows up twice.
+      temp_filename = temp_filename.strip().replace('\\', '/')
+      if temp_filename != filename:
+        # File has property changes but no modifications, create a new diff.
+        new_filename = temp_filename
+    if new_filename:
+      if filename and diff:
+        patches.append((filename, ''.join(diff)))
+      filename = new_filename
+      diff = [line]
+      continue
+    if diff is not None:
+      diff.append(line)
+  if filename and diff:
+    patches.append((filename, ''.join(diff)))
+  return patches
+
+
+def UploadSeparatePatches(issue, rpc_server, patchset, data, options):
+  """Uploads a separate patch for each file in the diff output.
+
+  Returns a list of [patch_key, filename] for each file.
+  """
+  patches = SplitPatch(data)
+  rv = []
+  for patch in patches:
+    if len(patch[1]) > MAX_UPLOAD_SIZE:
+      print ("Not uploading the patch for " + patch[0] +
+             " because the file is too large.")
+      continue
+    form_fields = [("filename", patch[0])]
+    if not options.download_base:
+      form_fields.append(("content_upload", "1"))
+    files = [("data", "data.diff", patch[1])]
+    ctype, body = EncodeMultipartFormData(form_fields, files)
+    url = "/%d/upload_patch/%d" % (int(issue), int(patchset))
+    print "Uploading patch for " + patch[0]
+    response_body = rpc_server.Send(url, body, content_type=ctype)
+    lines = response_body.splitlines()
+    if not lines or lines[0] != "OK":
+      StatusUpdate("  --> %s" % response_body)
+      sys.exit(1)
+    rv.append([lines[1], patch[0]])
+  return rv
+
+
+def GuessVCS(options):
+  """Helper to guess the version control system.
+
+  This examines the current directory, guesses which VersionControlSystem
+  we're using, and returns an instance of the appropriate class.  Exit with an
+  error if we can't figure it out.
+
+  Returns:
+    A VersionControlSystem instance. Exits if the VCS can't be guessed.
+  """
+  # Mercurial has a command to get the base directory of a repository
+  # Try running it, but don't die if we don't have hg installed.
+  # NOTE: we try Mercurial first as it can sit on top of an SVN working copy.
+  try:
+    out, returncode = RunShellWithReturnCode(["hg", "root"])
+    if returncode == 0:
+      return MercurialVCS(options, out.strip())
+  except OSError, (errno, message):
+    if errno != 2:  # ENOENT -- they don't have hg installed.
+      raise
+
+  # Subversion has a .svn in all working directories.
+  if os.path.isdir('.svn'):
+    logging.info("Guessed VCS = Subversion")
+    return SubversionVCS(options)
+
+  # Git has a command to test if you're in a git tree.
+  # Try running it, but don't die if we don't have git installed.
+  try:
+    out, returncode = RunShellWithReturnCode(["git", "rev-parse",
+                                              "--is-inside-work-tree"])
+    if returncode == 0:
+      return GitVCS(options)
+  except OSError, (errno, message):
+    if errno != 2:  # ENOENT -- they don't have git installed.
+      raise
+
+  ErrorExit(("Could not guess version control system. "
+             "Are you in a working copy directory?"))
+
+
+def RealMain(argv, data=None):
+  """The real main function.
+
+  Args:
+    argv: Command line arguments.
+    data: Diff contents. If None (default) the diff is generated by
+      the VersionControlSystem implementation returned by GuessVCS().
+
+  Returns:
+    A 2-tuple (issue id, patchset id).
+    The patchset id is None if the base files are not uploaded by this
+    script (applies only to SVN checkouts).
+  """
+  logging.basicConfig(format=("%(asctime).19s %(levelname)s %(filename)s:"
+                              "%(lineno)s %(message)s "))
+  os.environ['LC_ALL'] = 'C'
+  options, args = parser.parse_args(argv[1:])
+  global verbosity
+  verbosity = options.verbose
+  if verbosity >= 3:
+    logging.getLogger().setLevel(logging.DEBUG)
+  elif verbosity >= 2:
+    logging.getLogger().setLevel(logging.INFO)
+  vcs = GuessVCS(options)
+  if isinstance(vcs, SubversionVCS):
+    # base field is only allowed for Subversion.
+    # Note: Fetching base files may become deprecated in future releases.
+    base = vcs.GuessBase(options.download_base)
+  else:
+    base = None
+  if not base and options.download_base:
+    options.download_base = True
+    logging.info("Enabled upload of base file")
+  if not options.assume_yes:
+    vcs.CheckForUnknownFiles()
+  if data is None:
+    data = vcs.GenerateDiff(args)
+  files = vcs.GetBaseFiles(data)
+  if verbosity >= 1:
+    print "Upload server:", options.server, "(change with -s/--server)"
+  if options.issue:
+    prompt = "Message describing this patch set: "
+  else:
+    prompt = "New issue subject: "
+  message = options.message or raw_input(prompt).strip()
+  if not message:
+    ErrorExit("A non-empty message is required")
+  rpc_server = GetRpcServer(options)
+  form_fields = [("subject", message)]
+  if base:
+    form_fields.append(("base", base))
+  if options.issue:
+    form_fields.append(("issue", str(options.issue)))
+  if options.email:
+    form_fields.append(("user", options.email))
+  if options.reviewers:
+    for reviewer in options.reviewers.split(','):
+      if "@" in reviewer and not reviewer.split("@")[1].count(".") == 1:
+        ErrorExit("Invalid email address: %s" % reviewer)
+    form_fields.append(("reviewers", options.reviewers))
+  if options.cc:
+    for cc in options.cc.split(','):
+      if "@" in cc and not cc.split("@")[1].count(".") == 1:
+        ErrorExit("Invalid email address: %s" % cc)
+    form_fields.append(("cc", options.cc))
+  description = options.description
+  if options.description_file:
+    if options.description:
+      ErrorExit("Can't specify description and description_file")
+    file = open(options.description_file, 'r')
+    description = file.read()
+    file.close()
+  if description:
+    form_fields.append(("description", description))
+  # Send a hash of all the base file so the server can determine if a copy
+  # already exists in an earlier patchset.
+  base_hashes = ""
+  for file, info in files.iteritems():
+    if not info[0] is None:
+      checksum = md5.new(info[0]).hexdigest()
+      if base_hashes:
+        base_hashes += "|"
+      base_hashes += checksum + ":" + file
+  form_fields.append(("base_hashes", base_hashes))
+  # If we're uploading base files, don't send the email before the uploads, so
+  # that it contains the file status.
+  if options.send_mail and options.download_base:
+    form_fields.append(("send_mail", "1"))
+  if not options.download_base:
+    form_fields.append(("content_upload", "1"))
+  if len(data) > MAX_UPLOAD_SIZE:
+    print "Patch is large, so uploading file patches separately."
+    uploaded_diff_file = []
+    form_fields.append(("separate_patches", "1"))
+  else:
+    uploaded_diff_file = [("data", "data.diff", data)]
+  ctype, body = EncodeMultipartFormData(form_fields, uploaded_diff_file)
+  response_body = rpc_server.Send("/upload", body, content_type=ctype)
+  patchset = None
+  if not options.download_base or not uploaded_diff_file:
+    lines = response_body.splitlines()
+    if len(lines) >= 2:
+      msg = lines[0]
+      patchset = lines[1].strip()
+      patches = [x.split(" ", 1) for x in lines[2:]]
+    else:
+      msg = response_body
+  else:
+    msg = response_body
+  StatusUpdate(msg)
+  if not response_body.startswith("Issue created.") and \
+  not response_body.startswith("Issue updated."):
+    sys.exit(0)
+  issue = msg[msg.rfind("/")+1:]
+
+  if not uploaded_diff_file:
+    result = UploadSeparatePatches(issue, rpc_server, patchset, data, options)
+    if not options.download_base:
+      patches = result
+
+  if not options.download_base:
+    vcs.UploadBaseFiles(issue, rpc_server, patches, patchset, options, files)
+    if options.send_mail:
+      rpc_server.Send("/" + issue + "/mail", payload="")
+  return issue, patchset
+
+
+def main():
+  try:
+    RealMain(sys.argv)
+  except KeyboardInterrupt:
+    print
+    StatusUpdate("Interrupted.")
+    sys.exit(1)
+
+
+if __name__ == "__main__":
+  main()
diff --git a/nss/gtests/google_test/gtest/scripts/upload_gtest.py b/nss/gtests/google_test/gtest/scripts/upload_gtest.py
new file mode 100755
index 0000000..be19ae8
--- /dev/null
+++ b/nss/gtests/google_test/gtest/scripts/upload_gtest.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""upload_gtest.py v0.1.0 -- uploads a Google Test patch for review.
+
+This simple wrapper passes all command line flags and
+--cc=googletestframework@googlegroups.com to upload.py.
+
+USAGE: upload_gtest.py [options for upload.py]
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import sys
+
+CC_FLAG = '--cc='
+GTEST_GROUP = 'googletestframework@googlegroups.com'
+
+
+def main():
+  # Finds the path to upload.py, assuming it is in the same directory
+  # as this file.
+  my_dir = os.path.dirname(os.path.abspath(__file__))
+  upload_py_path = os.path.join(my_dir, 'upload.py')
+
+  # Adds Google Test discussion group to the cc line if it's not there
+  # already.
+  upload_py_argv = [upload_py_path]
+  found_cc_flag = False
+  for arg in sys.argv[1:]:
+    if arg.startswith(CC_FLAG):
+      found_cc_flag = True
+      cc_line = arg[len(CC_FLAG):]
+      cc_list = [addr for addr in cc_line.split(',') if addr]
+      if GTEST_GROUP not in cc_list:
+        cc_list.append(GTEST_GROUP)
+      upload_py_argv.append(CC_FLAG + ','.join(cc_list))
+    else:
+      upload_py_argv.append(arg)
+
+  if not found_cc_flag:
+    upload_py_argv.append(CC_FLAG + GTEST_GROUP)
+
+  # Invokes upload.py with the modified command line flags.
+  os.execv(upload_py_path, upload_py_argv)
+
+
+if __name__ == '__main__':
+  main()
diff --git a/nss/gtests/google_test/gtest/src/gtest-all.cc b/nss/gtests/google_test/gtest/src/gtest-all.cc
new file mode 100644
index 0000000..0a9cee5
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-all.cc
@@ -0,0 +1,48 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+// Google C++ Testing Framework (Google Test)
+//
+// Sometimes it's desirable to build Google Test by compiling a single file.
+// This file serves this purpose.
+
+// This line ensures that gtest.h can be compiled on its own, even
+// when it's fused.
+#include "gtest/gtest.h"
+
+// The following lines pull in the real gtest *.cc files.
+#include "src/gtest.cc"
+#include "src/gtest-death-test.cc"
+#include "src/gtest-filepath.cc"
+#include "src/gtest-port.cc"
+#include "src/gtest-printers.cc"
+#include "src/gtest-test-part.cc"
+#include "src/gtest-typed-test.cc"
diff --git a/nss/gtests/google_test/gtest/src/gtest-death-test.cc b/nss/gtests/google_test/gtest/src/gtest-death-test.cc
new file mode 100644
index 0000000..a0a8c7b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-death-test.cc
@@ -0,0 +1,1346 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan), vladl@google.com (Vlad Losev)
+//
+// This file implements death tests.
+
+#include "gtest/gtest-death-test.h"
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_HAS_DEATH_TEST
+
+# if GTEST_OS_MAC
+#  include <crt_externs.h>
+# endif  // GTEST_OS_MAC
+
+# include <errno.h>
+# include <fcntl.h>
+# include <limits.h>
+
+# if GTEST_OS_LINUX
+#  include <signal.h>
+# endif  // GTEST_OS_LINUX
+
+# include <stdarg.h>
+
+# if GTEST_OS_WINDOWS
+#  include <windows.h>
+# else
+#  include <sys/mman.h>
+#  include <sys/wait.h>
+# endif  // GTEST_OS_WINDOWS
+
+# if GTEST_OS_QNX
+#  include <spawn.h>
+# endif  // GTEST_OS_QNX
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-string.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick exists to
+// prevent the accidental inclusion of gtest-internal-inl.h in the
+// user's code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+
+// Constants.
+
+// The default death test style.
+static const char kDefaultDeathTestStyle[] = "fast";
+
+GTEST_DEFINE_string_(
+    death_test_style,
+    internal::StringFromGTestEnv("death_test_style", kDefaultDeathTestStyle),
+    "Indicates how to run a death test in a forked child process: "
+    "\"threadsafe\" (child process re-executes the test binary "
+    "from the beginning, running only the specific death test) or "
+    "\"fast\" (child process runs the death test immediately "
+    "after forking).");
+
+GTEST_DEFINE_bool_(
+    death_test_use_fork,
+    internal::BoolFromGTestEnv("death_test_use_fork", false),
+    "Instructs to use fork()/_exit() instead of clone() in death tests. "
+    "Ignored and always uses fork() on POSIX systems where clone() is not "
+    "implemented. Useful when running under valgrind or similar tools if "
+    "those do not support clone(). Valgrind 3.3.1 will just fail if "
+    "it sees an unsupported combination of clone() flags. "
+    "It is not recommended to use this flag w/o valgrind though it will "
+    "work in 99% of the cases. Once valgrind is fixed, this flag will "
+    "most likely be removed.");
+
+namespace internal {
+GTEST_DEFINE_string_(
+    internal_run_death_test, "",
+    "Indicates the file, line number, temporal index of "
+    "the single death test to run, and a file descriptor to "
+    "which a success code may be sent, all separated by "
+    "the '|' characters.  This flag is specified if and only if the current "
+    "process is a sub-process launched for running a thread-safe "
+    "death test.  FOR INTERNAL USE ONLY.");
+}  // namespace internal
+
+#if GTEST_HAS_DEATH_TEST
+
+namespace internal {
+
+// Valid only for fast death tests. Indicates the code is running in the
+// child process of a fast style death test.
+static bool g_in_fast_death_test_child = false;
+
+// Returns a Boolean value indicating whether the caller is currently
+// executing in the context of the death test child process.  Tools such as
+// Valgrind heap checkers may need this to modify their behavior in death
+// tests.  IMPORTANT: This is an internal utility.  Using it may break the
+// implementation of death tests.  User code MUST NOT use it.
+bool InDeathTestChild() {
+# if GTEST_OS_WINDOWS
+
+  // On Windows, death tests are thread-safe regardless of the value of the
+  // death_test_style flag.
+  return !GTEST_FLAG(internal_run_death_test).empty();
+
+# else
+
+  if (GTEST_FLAG(death_test_style) == "threadsafe")
+    return !GTEST_FLAG(internal_run_death_test).empty();
+  else
+    return g_in_fast_death_test_child;
+#endif
+}
+
+}  // namespace internal
+
+// ExitedWithCode constructor.
+ExitedWithCode::ExitedWithCode(int exit_code) : exit_code_(exit_code) {
+}
+
+// ExitedWithCode function-call operator.
+bool ExitedWithCode::operator()(int exit_status) const {
+# if GTEST_OS_WINDOWS
+
+  return exit_status == exit_code_;
+
+# else
+
+  return WIFEXITED(exit_status) && WEXITSTATUS(exit_status) == exit_code_;
+
+# endif  // GTEST_OS_WINDOWS
+}
+
+# if !GTEST_OS_WINDOWS
+// KilledBySignal constructor.
+KilledBySignal::KilledBySignal(int signum) : signum_(signum) {
+}
+
+// KilledBySignal function-call operator.
+bool KilledBySignal::operator()(int exit_status) const {
+  return WIFSIGNALED(exit_status) && WTERMSIG(exit_status) == signum_;
+}
+# endif  // !GTEST_OS_WINDOWS
+
+namespace internal {
+
+// Utilities needed for death tests.
+
+// Generates a textual description of a given exit code, in the format
+// specified by wait(2).
+static std::string ExitSummary(int exit_code) {
+  Message m;
+
+# if GTEST_OS_WINDOWS
+
+  m << "Exited with exit status " << exit_code;
+
+# else
+
+  if (WIFEXITED(exit_code)) {
+    m << "Exited with exit status " << WEXITSTATUS(exit_code);
+  } else if (WIFSIGNALED(exit_code)) {
+    m << "Terminated by signal " << WTERMSIG(exit_code);
+  }
+#  ifdef WCOREDUMP
+  if (WCOREDUMP(exit_code)) {
+    m << " (core dumped)";
+  }
+#  endif
+# endif  // GTEST_OS_WINDOWS
+
+  return m.GetString();
+}
+
+// Returns true if exit_status describes a process that was terminated
+// by a signal, or exited normally with a nonzero exit code.
+bool ExitedUnsuccessfully(int exit_status) {
+  return !ExitedWithCode(0)(exit_status);
+}
+
+# if !GTEST_OS_WINDOWS
+// Generates a textual failure message when a death test finds more than
+// one thread running, or cannot determine the number of threads, prior
+// to executing the given statement.  It is the responsibility of the
+// caller not to pass a thread_count of 1.
+static std::string DeathTestThreadWarning(size_t thread_count) {
+  Message msg;
+  msg << "Death tests use fork(), which is unsafe particularly"
+      << " in a threaded context. For this test, " << GTEST_NAME_ << " ";
+  if (thread_count == 0)
+    msg << "couldn't detect the number of threads.";
+  else
+    msg << "detected " << thread_count << " threads.";
+  return msg.GetString();
+}
+# endif  // !GTEST_OS_WINDOWS
+
+// Flag characters for reporting a death test that did not die.
+static const char kDeathTestLived = 'L';
+static const char kDeathTestReturned = 'R';
+static const char kDeathTestThrew = 'T';
+static const char kDeathTestInternalError = 'I';
+
+// An enumeration describing all of the possible ways that a death test can
+// conclude.  DIED means that the process died while executing the test
+// code; LIVED means that process lived beyond the end of the test code;
+// RETURNED means that the test statement attempted to execute a return
+// statement, which is not allowed; THREW means that the test statement
+// returned control by throwing an exception.  IN_PROGRESS means the test
+// has not yet concluded.
+// TODO(vladl@google.com): Unify names and possibly values for
+// AbortReason, DeathTestOutcome, and flag characters above.
+enum DeathTestOutcome { IN_PROGRESS, DIED, LIVED, RETURNED, THREW };
+
+// Routine for aborting the program which is safe to call from an
+// exec-style death test child process, in which case the error
+// message is propagated back to the parent process.  Otherwise, the
+// message is simply printed to stderr.  In either case, the program
+// then exits with status 1.
+void DeathTestAbort(const std::string& message) {
+  // On a POSIX system, this function may be called from a threadsafe-style
+  // death test child process, which operates on a very small stack.  Use
+  // the heap for any additional non-minuscule memory requirements.
+  const InternalRunDeathTestFlag* const flag =
+      GetUnitTestImpl()->internal_run_death_test_flag();
+  if (flag != NULL) {
+    FILE* parent = posix::FDOpen(flag->write_fd(), "w");
+    fputc(kDeathTestInternalError, parent);
+    fprintf(parent, "%s", message.c_str());
+    fflush(parent);
+    _exit(1);
+  } else {
+    fprintf(stderr, "%s", message.c_str());
+    fflush(stderr);
+    posix::Abort();
+  }
+}
+
+// A replacement for CHECK that calls DeathTestAbort if the assertion
+// fails.
+# define GTEST_DEATH_TEST_CHECK_(expression) \
+  do { \
+    if (!::testing::internal::IsTrue(expression)) { \
+      DeathTestAbort( \
+          ::std::string("CHECK failed: File ") + __FILE__ +  ", line " \
+          + ::testing::internal::StreamableToString(__LINE__) + ": " \
+          + #expression); \
+    } \
+  } while (::testing::internal::AlwaysFalse())
+
+// This macro is similar to GTEST_DEATH_TEST_CHECK_, but it is meant for
+// evaluating any system call that fulfills two conditions: it must return
+// -1 on failure, and set errno to EINTR when it is interrupted and
+// should be tried again.  The macro expands to a loop that repeatedly
+// evaluates the expression as long as it evaluates to -1 and sets
+// errno to EINTR.  If the expression evaluates to -1 but errno is
+// something other than EINTR, DeathTestAbort is called.
+# define GTEST_DEATH_TEST_CHECK_SYSCALL_(expression) \
+  do { \
+    int gtest_retval; \
+    do { \
+      gtest_retval = (expression); \
+    } while (gtest_retval == -1 && errno == EINTR); \
+    if (gtest_retval == -1) { \
+      DeathTestAbort( \
+          ::std::string("CHECK failed: File ") + __FILE__ + ", line " \
+          + ::testing::internal::StreamableToString(__LINE__) + ": " \
+          + #expression + " != -1"); \
+    } \
+  } while (::testing::internal::AlwaysFalse())
+
+// Returns the message describing the last system error in errno.
+std::string GetLastErrnoDescription() {
+    return errno == 0 ? "" : posix::StrError(errno);
+}
+
+// This is called from a death test parent process to read a failure
+// message from the death test child process and log it with the FATAL
+// severity. On Windows, the message is read from a pipe handle. On other
+// platforms, it is read from a file descriptor.
+static void FailFromInternalError(int fd) {
+  Message error;
+  char buffer[256];
+  int num_read;
+
+  do {
+    while ((num_read = posix::Read(fd, buffer, 255)) > 0) {
+      buffer[num_read] = '\0';
+      error << buffer;
+    }
+  } while (num_read == -1 && errno == EINTR);
+
+  if (num_read == 0) {
+    GTEST_LOG_(FATAL) << error.GetString();
+  } else {
+    const int last_error = errno;
+    GTEST_LOG_(FATAL) << "Error while reading death test internal: "
+                      << GetLastErrnoDescription() << " [" << last_error << "]";
+  }
+}
+
+// Death test constructor.  Increments the running death test count
+// for the current test.
+DeathTest::DeathTest() {
+  TestInfo* const info = GetUnitTestImpl()->current_test_info();
+  if (info == NULL) {
+    DeathTestAbort("Cannot run a death test outside of a TEST or "
+                   "TEST_F construct");
+  }
+}
+
+// Creates and returns a death test by dispatching to the current
+// death test factory.
+bool DeathTest::Create(const char* statement, const RE* regex,
+                       const char* file, int line, DeathTest** test) {
+  return GetUnitTestImpl()->death_test_factory()->Create(
+      statement, regex, file, line, test);
+}
+
+const char* DeathTest::LastMessage() {
+  return last_death_test_message_.c_str();
+}
+
+void DeathTest::set_last_death_test_message(const std::string& message) {
+  last_death_test_message_ = message;
+}
+
+std::string DeathTest::last_death_test_message_;
+
+// Provides cross platform implementation for some death functionality.
+class DeathTestImpl : public DeathTest {
+ protected:
+  DeathTestImpl(const char* a_statement, const RE* a_regex)
+      : statement_(a_statement),
+        regex_(a_regex),
+        spawned_(false),
+        status_(-1),
+        outcome_(IN_PROGRESS),
+        read_fd_(-1),
+        write_fd_(-1) {}
+
+  // read_fd_ is expected to be closed and cleared by a derived class.
+  ~DeathTestImpl() { GTEST_DEATH_TEST_CHECK_(read_fd_ == -1); }
+
+  void Abort(AbortReason reason);
+  virtual bool Passed(bool status_ok);
+
+  const char* statement() const { return statement_; }
+  const RE* regex() const { return regex_; }
+  bool spawned() const { return spawned_; }
+  void set_spawned(bool is_spawned) { spawned_ = is_spawned; }
+  int status() const { return status_; }
+  void set_status(int a_status) { status_ = a_status; }
+  DeathTestOutcome outcome() const { return outcome_; }
+  void set_outcome(DeathTestOutcome an_outcome) { outcome_ = an_outcome; }
+  int read_fd() const { return read_fd_; }
+  void set_read_fd(int fd) { read_fd_ = fd; }
+  int write_fd() const { return write_fd_; }
+  void set_write_fd(int fd) { write_fd_ = fd; }
+
+  // Called in the parent process only. Reads the result code of the death
+  // test child process via a pipe, interprets it to set the outcome_
+  // member, and closes read_fd_.  Outputs diagnostics and terminates in
+  // case of unexpected codes.
+  void ReadAndInterpretStatusByte();
+
+ private:
+  // The textual content of the code this object is testing.  This class
+  // doesn't own this string and should not attempt to delete it.
+  const char* const statement_;
+  // The regular expression which test output must match.  DeathTestImpl
+  // doesn't own this object and should not attempt to delete it.
+  const RE* const regex_;
+  // True if the death test child process has been successfully spawned.
+  bool spawned_;
+  // The exit status of the child process.
+  int status_;
+  // How the death test concluded.
+  DeathTestOutcome outcome_;
+  // Descriptor to the read end of the pipe to the child process.  It is
+  // always -1 in the child process.  The child keeps its write end of the
+  // pipe in write_fd_.
+  int read_fd_;
+  // Descriptor to the child's write end of the pipe to the parent process.
+  // It is always -1 in the parent process.  The parent keeps its end of the
+  // pipe in read_fd_.
+  int write_fd_;
+};
+
+// Called in the parent process only. Reads the result code of the death
+// test child process via a pipe, interprets it to set the outcome_
+// member, and closes read_fd_.  Outputs diagnostics and terminates in
+// case of unexpected codes.
+void DeathTestImpl::ReadAndInterpretStatusByte() {
+  char flag;
+  int bytes_read;
+
+  // The read() here blocks until data is available (signifying the
+  // failure of the death test) or until the pipe is closed (signifying
+  // its success), so it's okay to call this in the parent before
+  // the child process has exited.
+  do {
+    bytes_read = posix::Read(read_fd(), &flag, 1);
+  } while (bytes_read == -1 && errno == EINTR);
+
+  if (bytes_read == 0) {
+    set_outcome(DIED);
+  } else if (bytes_read == 1) {
+    switch (flag) {
+      case kDeathTestReturned:
+        set_outcome(RETURNED);
+        break;
+      case kDeathTestThrew:
+        set_outcome(THREW);
+        break;
+      case kDeathTestLived:
+        set_outcome(LIVED);
+        break;
+      case kDeathTestInternalError:
+        FailFromInternalError(read_fd());  // Does not return.
+        break;
+      default:
+        GTEST_LOG_(FATAL) << "Death test child process reported "
+                          << "unexpected status byte ("
+                          << static_cast<unsigned int>(flag) << ")";
+    }
+  } else {
+    GTEST_LOG_(FATAL) << "Read from death test child process failed: "
+                      << GetLastErrnoDescription();
+  }
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(posix::Close(read_fd()));
+  set_read_fd(-1);
+}
+
+// Signals that the death test code which should have exited, didn't.
+// Should be called only in a death test child process.
+// Writes a status byte to the child's status file descriptor, then
+// calls _exit(1).
+void DeathTestImpl::Abort(AbortReason reason) {
+  // The parent process considers the death test to be a failure if
+  // it finds any data in our pipe.  So, here we write a single flag byte
+  // to the pipe, then exit.
+  const char status_ch =
+      reason == TEST_DID_NOT_DIE ? kDeathTestLived :
+      reason == TEST_THREW_EXCEPTION ? kDeathTestThrew : kDeathTestReturned;
+
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(posix::Write(write_fd(), &status_ch, 1));
+  // We are leaking the descriptor here because on some platforms (i.e.,
+  // when built as Windows DLL), destructors of global objects will still
+  // run after calling _exit(). On such systems, write_fd_ will be
+  // indirectly closed from the destructor of UnitTestImpl, causing double
+  // close if it is also closed here. On debug configurations, double close
+  // may assert. As there are no in-process buffers to flush here, we are
+  // relying on the OS to close the descriptor after the process terminates
+  // when the destructors are not run.
+  _exit(1);  // Exits w/o any normal exit hooks (we were supposed to crash)
+}
+
+// Returns an indented copy of stderr output for a death test.
+// This makes distinguishing death test output lines from regular log lines
+// much easier.
+static ::std::string FormatDeathTestOutput(const ::std::string& output) {
+  ::std::string ret;
+  for (size_t at = 0; ; ) {
+    const size_t line_end = output.find('\n', at);
+    ret += "[  DEATH   ] ";
+    if (line_end == ::std::string::npos) {
+      ret += output.substr(at);
+      break;
+    }
+    ret += output.substr(at, line_end + 1 - at);
+    at = line_end + 1;
+  }
+  return ret;
+}
+
+// Assesses the success or failure of a death test, using both private
+// members which have previously been set, and one argument:
+//
+// Private data members:
+//   outcome:  An enumeration describing how the death test
+//             concluded: DIED, LIVED, THREW, or RETURNED.  The death test
+//             fails in the latter three cases.
+//   status:   The exit status of the child process. On *nix, it is in the
+//             in the format specified by wait(2). On Windows, this is the
+//             value supplied to the ExitProcess() API or a numeric code
+//             of the exception that terminated the program.
+//   regex:    A regular expression object to be applied to
+//             the test's captured standard error output; the death test
+//             fails if it does not match.
+//
+// Argument:
+//   status_ok: true if exit_status is acceptable in the context of
+//              this particular death test, which fails if it is false
+//
+// Returns true iff all of the above conditions are met.  Otherwise, the
+// first failing condition, in the order given above, is the one that is
+// reported. Also sets the last death test message string.
+bool DeathTestImpl::Passed(bool status_ok) {
+  if (!spawned())
+    return false;
+
+  const std::string error_message = GetCapturedStderr();
+
+  bool success = false;
+  Message buffer;
+
+  buffer << "Death test: " << statement() << "\n";
+  switch (outcome()) {
+    case LIVED:
+      buffer << "    Result: failed to die.\n"
+             << " Error msg:\n" << FormatDeathTestOutput(error_message);
+      break;
+    case THREW:
+      buffer << "    Result: threw an exception.\n"
+             << " Error msg:\n" << FormatDeathTestOutput(error_message);
+      break;
+    case RETURNED:
+      buffer << "    Result: illegal return in test statement.\n"
+             << " Error msg:\n" << FormatDeathTestOutput(error_message);
+      break;
+    case DIED:
+      if (status_ok) {
+        const bool matched = RE::PartialMatch(error_message.c_str(), *regex());
+        if (matched) {
+          success = true;
+        } else {
+          buffer << "    Result: died but not with expected error.\n"
+                 << "  Expected: " << regex()->pattern() << "\n"
+                 << "Actual msg:\n" << FormatDeathTestOutput(error_message);
+        }
+      } else {
+        buffer << "    Result: died but not with expected exit code:\n"
+               << "            " << ExitSummary(status()) << "\n"
+               << "Actual msg:\n" << FormatDeathTestOutput(error_message);
+      }
+      break;
+    case IN_PROGRESS:
+    default:
+      GTEST_LOG_(FATAL)
+          << "DeathTest::Passed somehow called before conclusion of test";
+  }
+
+  DeathTest::set_last_death_test_message(buffer.GetString());
+  return success;
+}
+
+# if GTEST_OS_WINDOWS
+// WindowsDeathTest implements death tests on Windows. Due to the
+// specifics of starting new processes on Windows, death tests there are
+// always threadsafe, and Google Test considers the
+// --gtest_death_test_style=fast setting to be equivalent to
+// --gtest_death_test_style=threadsafe there.
+//
+// A few implementation notes:  Like the Linux version, the Windows
+// implementation uses pipes for child-to-parent communication. But due to
+// the specifics of pipes on Windows, some extra steps are required:
+//
+// 1. The parent creates a communication pipe and stores handles to both
+//    ends of it.
+// 2. The parent starts the child and provides it with the information
+//    necessary to acquire the handle to the write end of the pipe.
+// 3. The child acquires the write end of the pipe and signals the parent
+//    using a Windows event.
+// 4. Now the parent can release the write end of the pipe on its side. If
+//    this is done before step 3, the object's reference count goes down to
+//    0 and it is destroyed, preventing the child from acquiring it. The
+//    parent now has to release it, or read operations on the read end of
+//    the pipe will not return when the child terminates.
+// 5. The parent reads child's output through the pipe (outcome code and
+//    any possible error messages) from the pipe, and its stderr and then
+//    determines whether to fail the test.
+//
+// Note: to distinguish Win32 API calls from the local method and function
+// calls, the former are explicitly resolved in the global namespace.
+//
+class WindowsDeathTest : public DeathTestImpl {
+ public:
+  WindowsDeathTest(const char* a_statement,
+                   const RE* a_regex,
+                   const char* file,
+                   int line)
+      : DeathTestImpl(a_statement, a_regex), file_(file), line_(line) {}
+
+  // All of these virtual functions are inherited from DeathTest.
+  virtual int Wait();
+  virtual TestRole AssumeRole();
+
+ private:
+  // The name of the file in which the death test is located.
+  const char* const file_;
+  // The line number on which the death test is located.
+  const int line_;
+  // Handle to the write end of the pipe to the child process.
+  AutoHandle write_handle_;
+  // Child process handle.
+  AutoHandle child_handle_;
+  // Event the child process uses to signal the parent that it has
+  // acquired the handle to the write end of the pipe. After seeing this
+  // event the parent can release its own handles to make sure its
+  // ReadFile() calls return when the child terminates.
+  AutoHandle event_handle_;
+};
+
+// Waits for the child in a death test to exit, returning its exit
+// status, or 0 if no child process exists.  As a side effect, sets the
+// outcome data member.
+int WindowsDeathTest::Wait() {
+  if (!spawned())
+    return 0;
+
+  // Wait until the child either signals that it has acquired the write end
+  // of the pipe or it dies.
+  const HANDLE wait_handles[2] = { child_handle_.Get(), event_handle_.Get() };
+  switch (::WaitForMultipleObjects(2,
+                                   wait_handles,
+                                   FALSE,  // Waits for any of the handles.
+                                   INFINITE)) {
+    case WAIT_OBJECT_0:
+    case WAIT_OBJECT_0 + 1:
+      break;
+    default:
+      GTEST_DEATH_TEST_CHECK_(false);  // Should not get here.
+  }
+
+  // The child has acquired the write end of the pipe or exited.
+  // We release the handle on our side and continue.
+  write_handle_.Reset();
+  event_handle_.Reset();
+
+  ReadAndInterpretStatusByte();
+
+  // Waits for the child process to exit if it haven't already. This
+  // returns immediately if the child has already exited, regardless of
+  // whether previous calls to WaitForMultipleObjects synchronized on this
+  // handle or not.
+  GTEST_DEATH_TEST_CHECK_(
+      WAIT_OBJECT_0 == ::WaitForSingleObject(child_handle_.Get(),
+                                             INFINITE));
+  DWORD status_code;
+  GTEST_DEATH_TEST_CHECK_(
+      ::GetExitCodeProcess(child_handle_.Get(), &status_code) != FALSE);
+  child_handle_.Reset();
+  set_status(static_cast<int>(status_code));
+  return status();
+}
+
+// The AssumeRole process for a Windows death test.  It creates a child
+// process with the same executable as the current process to run the
+// death test.  The child process is given the --gtest_filter and
+// --gtest_internal_run_death_test flags such that it knows to run the
+// current death test only.
+DeathTest::TestRole WindowsDeathTest::AssumeRole() {
+  const UnitTestImpl* const impl = GetUnitTestImpl();
+  const InternalRunDeathTestFlag* const flag =
+      impl->internal_run_death_test_flag();
+  const TestInfo* const info = impl->current_test_info();
+  const int death_test_index = info->result()->death_test_count();
+
+  if (flag != NULL) {
+    // ParseInternalRunDeathTestFlag() has performed all the necessary
+    // processing.
+    set_write_fd(flag->write_fd());
+    return EXECUTE_TEST;
+  }
+
+  // WindowsDeathTest uses an anonymous pipe to communicate results of
+  // a death test.
+  SECURITY_ATTRIBUTES handles_are_inheritable = {
+    sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
+  HANDLE read_handle, write_handle;
+  GTEST_DEATH_TEST_CHECK_(
+      ::CreatePipe(&read_handle, &write_handle, &handles_are_inheritable,
+                   0)  // Default buffer size.
+      != FALSE);
+  set_read_fd(::_open_osfhandle(reinterpret_cast<intptr_t>(read_handle),
+                                O_RDONLY));
+  write_handle_.Reset(write_handle);
+  event_handle_.Reset(::CreateEvent(
+      &handles_are_inheritable,
+      TRUE,    // The event will automatically reset to non-signaled state.
+      FALSE,   // The initial state is non-signalled.
+      NULL));  // The even is unnamed.
+  GTEST_DEATH_TEST_CHECK_(event_handle_.Get() != NULL);
+  const std::string filter_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kFilterFlag + "=" +
+      info->test_case_name() + "." + info->name();
+  const std::string internal_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kInternalRunDeathTestFlag +
+      "=" + file_ + "|" + StreamableToString(line_) + "|" +
+      StreamableToString(death_test_index) + "|" +
+      StreamableToString(static_cast<unsigned int>(::GetCurrentProcessId())) +
+      // size_t has the same width as pointers on both 32-bit and 64-bit
+      // Windows platforms.
+      // See http://msdn.microsoft.com/en-us/library/tcxf1dw6.aspx.
+      "|" + StreamableToString(reinterpret_cast<size_t>(write_handle)) +
+      "|" + StreamableToString(reinterpret_cast<size_t>(event_handle_.Get()));
+
+  char executable_path[_MAX_PATH + 1];  // NOLINT
+  GTEST_DEATH_TEST_CHECK_(
+      _MAX_PATH + 1 != ::GetModuleFileNameA(NULL,
+                                            executable_path,
+                                            _MAX_PATH));
+
+  std::string command_line =
+      std::string(::GetCommandLineA()) + " " + filter_flag + " \"" +
+      internal_flag + "\"";
+
+  DeathTest::set_last_death_test_message("");
+
+  CaptureStderr();
+  // Flush the log buffers since the log streams are shared with the child.
+  FlushInfoLog();
+
+  // The child process will share the standard handles with the parent.
+  STARTUPINFOA startup_info;
+  memset(&startup_info, 0, sizeof(STARTUPINFO));
+  startup_info.dwFlags = STARTF_USESTDHANDLES;
+  startup_info.hStdInput = ::GetStdHandle(STD_INPUT_HANDLE);
+  startup_info.hStdOutput = ::GetStdHandle(STD_OUTPUT_HANDLE);
+  startup_info.hStdError = ::GetStdHandle(STD_ERROR_HANDLE);
+
+  PROCESS_INFORMATION process_info;
+  GTEST_DEATH_TEST_CHECK_(::CreateProcessA(
+      executable_path,
+      const_cast<char*>(command_line.c_str()),
+      NULL,   // Retuned process handle is not inheritable.
+      NULL,   // Retuned thread handle is not inheritable.
+      TRUE,   // Child inherits all inheritable handles (for write_handle_).
+      0x0,    // Default creation flags.
+      NULL,   // Inherit the parent's environment.
+      UnitTest::GetInstance()->original_working_dir(),
+      &startup_info,
+      &process_info) != FALSE);
+  child_handle_.Reset(process_info.hProcess);
+  ::CloseHandle(process_info.hThread);
+  set_spawned(true);
+  return OVERSEE_TEST;
+}
+# else  // We are not on Windows.
+
+// ForkingDeathTest provides implementations for most of the abstract
+// methods of the DeathTest interface.  Only the AssumeRole method is
+// left undefined.
+class ForkingDeathTest : public DeathTestImpl {
+ public:
+  ForkingDeathTest(const char* statement, const RE* regex);
+
+  // All of these virtual functions are inherited from DeathTest.
+  virtual int Wait();
+
+ protected:
+  void set_child_pid(pid_t child_pid) { child_pid_ = child_pid; }
+
+ private:
+  // PID of child process during death test; 0 in the child process itself.
+  pid_t child_pid_;
+};
+
+// Constructs a ForkingDeathTest.
+ForkingDeathTest::ForkingDeathTest(const char* a_statement, const RE* a_regex)
+    : DeathTestImpl(a_statement, a_regex),
+      child_pid_(-1) {}
+
+// Waits for the child in a death test to exit, returning its exit
+// status, or 0 if no child process exists.  As a side effect, sets the
+// outcome data member.
+int ForkingDeathTest::Wait() {
+  if (!spawned())
+    return 0;
+
+  ReadAndInterpretStatusByte();
+
+  int status_value;
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(waitpid(child_pid_, &status_value, 0));
+  set_status(status_value);
+  return status_value;
+}
+
+// A concrete death test class that forks, then immediately runs the test
+// in the child process.
+class NoExecDeathTest : public ForkingDeathTest {
+ public:
+  NoExecDeathTest(const char* a_statement, const RE* a_regex) :
+      ForkingDeathTest(a_statement, a_regex) { }
+  virtual TestRole AssumeRole();
+};
+
+// The AssumeRole process for a fork-and-run death test.  It implements a
+// straightforward fork, with a simple pipe to transmit the status byte.
+DeathTest::TestRole NoExecDeathTest::AssumeRole() {
+  const size_t thread_count = GetThreadCount();
+  if (thread_count != 1) {
+    GTEST_LOG_(WARNING) << DeathTestThreadWarning(thread_count);
+  }
+
+  int pipe_fd[2];
+  GTEST_DEATH_TEST_CHECK_(pipe(pipe_fd) != -1);
+
+  DeathTest::set_last_death_test_message("");
+  CaptureStderr();
+  // When we fork the process below, the log file buffers are copied, but the
+  // file descriptors are shared.  We flush all log files here so that closing
+  // the file descriptors in the child process doesn't throw off the
+  // synchronization between descriptors and buffers in the parent process.
+  // This is as close to the fork as possible to avoid a race condition in case
+  // there are multiple threads running before the death test, and another
+  // thread writes to the log file.
+  FlushInfoLog();
+
+  const pid_t child_pid = fork();
+  GTEST_DEATH_TEST_CHECK_(child_pid != -1);
+  set_child_pid(child_pid);
+  if (child_pid == 0) {
+    GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[0]));
+    set_write_fd(pipe_fd[1]);
+    // Redirects all logging to stderr in the child process to prevent
+    // concurrent writes to the log files.  We capture stderr in the parent
+    // process and append the child process' output to a log.
+    LogToStderr();
+    // Event forwarding to the listeners of event listener API mush be shut
+    // down in death test subprocesses.
+    GetUnitTestImpl()->listeners()->SuppressEventForwarding();
+    g_in_fast_death_test_child = true;
+    return EXECUTE_TEST;
+  } else {
+    GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[1]));
+    set_read_fd(pipe_fd[0]);
+    set_spawned(true);
+    return OVERSEE_TEST;
+  }
+}
+
+// A concrete death test class that forks and re-executes the main
+// program from the beginning, with command-line flags set that cause
+// only this specific death test to be run.
+class ExecDeathTest : public ForkingDeathTest {
+ public:
+  ExecDeathTest(const char* a_statement, const RE* a_regex,
+                const char* file, int line) :
+      ForkingDeathTest(a_statement, a_regex), file_(file), line_(line) { }
+  virtual TestRole AssumeRole();
+ private:
+  static ::std::vector<testing::internal::string>
+  GetArgvsForDeathTestChildProcess() {
+    ::std::vector<testing::internal::string> args = GetInjectableArgvs();
+    return args;
+  }
+  // The name of the file in which the death test is located.
+  const char* const file_;
+  // The line number on which the death test is located.
+  const int line_;
+};
+
+// Utility class for accumulating command-line arguments.
+class Arguments {
+ public:
+  Arguments() {
+    args_.push_back(NULL);
+  }
+
+  ~Arguments() {
+    for (std::vector<char*>::iterator i = args_.begin(); i != args_.end();
+         ++i) {
+      free(*i);
+    }
+  }
+  void AddArgument(const char* argument) {
+    args_.insert(args_.end() - 1, posix::StrDup(argument));
+  }
+
+  template <typename Str>
+  void AddArguments(const ::std::vector<Str>& arguments) {
+    for (typename ::std::vector<Str>::const_iterator i = arguments.begin();
+         i != arguments.end();
+         ++i) {
+      args_.insert(args_.end() - 1, posix::StrDup(i->c_str()));
+    }
+  }
+  char* const* Argv() {
+    return &args_[0];
+  }
+
+ private:
+  std::vector<char*> args_;
+};
+
+// A struct that encompasses the arguments to the child process of a
+// threadsafe-style death test process.
+struct ExecDeathTestArgs {
+  char* const* argv;  // Command-line arguments for the child's call to exec
+  int close_fd;       // File descriptor to close; the read end of a pipe
+};
+
+#  if GTEST_OS_MAC
+inline char** GetEnviron() {
+  // When Google Test is built as a framework on MacOS X, the environ variable
+  // is unavailable. Apple's documentation (man environ) recommends using
+  // _NSGetEnviron() instead.
+  return *_NSGetEnviron();
+}
+#  else
+// Some POSIX platforms expect you to declare environ. extern "C" makes
+// it reside in the global namespace.
+extern "C" char** environ;
+inline char** GetEnviron() { return environ; }
+#  endif  // GTEST_OS_MAC
+
+#  if !GTEST_OS_QNX
+// The main function for a threadsafe-style death test child process.
+// This function is called in a clone()-ed process and thus must avoid
+// any potentially unsafe operations like malloc or libc functions.
+static int ExecDeathTestChildMain(void* child_arg) {
+  ExecDeathTestArgs* const args = static_cast<ExecDeathTestArgs*>(child_arg);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(close(args->close_fd));
+
+  // We need to execute the test program in the same environment where
+  // it was originally invoked.  Therefore we change to the original
+  // working directory first.
+  const char* const original_dir =
+      UnitTest::GetInstance()->original_working_dir();
+  // We can safely call chdir() as it's a direct system call.
+  if (chdir(original_dir) != 0) {
+    DeathTestAbort(std::string("chdir(\"") + original_dir + "\") failed: " +
+                   GetLastErrnoDescription());
+    return EXIT_FAILURE;
+  }
+
+  // We can safely call execve() as it's a direct system call.  We
+  // cannot use execvp() as it's a libc function and thus potentially
+  // unsafe.  Since execve() doesn't search the PATH, the user must
+  // invoke the test program via a valid path that contains at least
+  // one path separator.
+  execve(args->argv[0], args->argv, GetEnviron());
+  DeathTestAbort(std::string("execve(") + args->argv[0] + ", ...) in " +
+                 original_dir + " failed: " +
+                 GetLastErrnoDescription());
+  return EXIT_FAILURE;
+}
+#  endif  // !GTEST_OS_QNX
+
+// Two utility routines that together determine the direction the stack
+// grows.
+// This could be accomplished more elegantly by a single recursive
+// function, but we want to guard against the unlikely possibility of
+// a smart compiler optimizing the recursion away.
+//
+// GTEST_NO_INLINE_ is required to prevent GCC 4.6 from inlining
+// StackLowerThanAddress into StackGrowsDown, which then doesn't give
+// correct answer.
+void StackLowerThanAddress(const void* ptr, bool* result) GTEST_NO_INLINE_;
+void StackLowerThanAddress(const void* ptr, bool* result) {
+  int dummy;
+  *result = (&dummy < ptr);
+}
+
+// Make sure AddressSanitizer does not tamper with the stack here.
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+bool StackGrowsDown() {
+  int dummy;
+  bool result;
+  StackLowerThanAddress(&dummy, &result);
+  return result;
+}
+
+// Spawns a child process with the same executable as the current process in
+// a thread-safe manner and instructs it to run the death test.  The
+// implementation uses fork(2) + exec.  On systems where clone(2) is
+// available, it is used instead, being slightly more thread-safe.  On QNX,
+// fork supports only single-threaded environments, so this function uses
+// spawn(2) there instead.  The function dies with an error message if
+// anything goes wrong.
+static pid_t ExecDeathTestSpawnChild(char* const* argv, int close_fd) {
+  ExecDeathTestArgs args = { argv, close_fd };
+  pid_t child_pid = -1;
+
+#  if GTEST_OS_QNX
+  // Obtains the current directory and sets it to be closed in the child
+  // process.
+  const int cwd_fd = open(".", O_RDONLY);
+  GTEST_DEATH_TEST_CHECK_(cwd_fd != -1);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(fcntl(cwd_fd, F_SETFD, FD_CLOEXEC));
+  // We need to execute the test program in the same environment where
+  // it was originally invoked.  Therefore we change to the original
+  // working directory first.
+  const char* const original_dir =
+      UnitTest::GetInstance()->original_working_dir();
+  // We can safely call chdir() as it's a direct system call.
+  if (chdir(original_dir) != 0) {
+    DeathTestAbort(std::string("chdir(\"") + original_dir + "\") failed: " +
+                   GetLastErrnoDescription());
+    return EXIT_FAILURE;
+  }
+
+  int fd_flags;
+  // Set close_fd to be closed after spawn.
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(fd_flags = fcntl(close_fd, F_GETFD));
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(fcntl(close_fd, F_SETFD,
+                                        fd_flags | FD_CLOEXEC));
+  struct inheritance inherit = {0};
+  // spawn is a system call.
+  child_pid = spawn(args.argv[0], 0, NULL, &inherit, args.argv, GetEnviron());
+  // Restores the current working directory.
+  GTEST_DEATH_TEST_CHECK_(fchdir(cwd_fd) != -1);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(close(cwd_fd));
+
+#  else   // GTEST_OS_QNX
+#   if GTEST_OS_LINUX
+  // When a SIGPROF signal is received while fork() or clone() are executing,
+  // the process may hang. To avoid this, we ignore SIGPROF here and re-enable
+  // it after the call to fork()/clone() is complete.
+  struct sigaction saved_sigprof_action;
+  struct sigaction ignore_sigprof_action;
+  memset(&ignore_sigprof_action, 0, sizeof(ignore_sigprof_action));
+  sigemptyset(&ignore_sigprof_action.sa_mask);
+  ignore_sigprof_action.sa_handler = SIG_IGN;
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(sigaction(
+      SIGPROF, &ignore_sigprof_action, &saved_sigprof_action));
+#   endif  // GTEST_OS_LINUX
+
+#   if GTEST_HAS_CLONE
+  const bool use_fork = GTEST_FLAG(death_test_use_fork);
+
+  if (!use_fork) {
+    static const bool stack_grows_down = StackGrowsDown();
+    const size_t stack_size = getpagesize();
+    // MMAP_ANONYMOUS is not defined on Mac, so we use MAP_ANON instead.
+    void* const stack = mmap(NULL, stack_size, PROT_READ | PROT_WRITE,
+                             MAP_ANON | MAP_PRIVATE, -1, 0);
+    GTEST_DEATH_TEST_CHECK_(stack != MAP_FAILED);
+
+    // Maximum stack alignment in bytes:  For a downward-growing stack, this
+    // amount is subtracted from size of the stack space to get an address
+    // that is within the stack space and is aligned on all systems we care
+    // about.  As far as I know there is no ABI with stack alignment greater
+    // than 64.  We assume stack and stack_size already have alignment of
+    // kMaxStackAlignment.
+    const size_t kMaxStackAlignment = 64;
+    void* const stack_top =
+        static_cast<char*>(stack) +
+            (stack_grows_down ? stack_size - kMaxStackAlignment : 0);
+    GTEST_DEATH_TEST_CHECK_(stack_size > kMaxStackAlignment &&
+        reinterpret_cast<intptr_t>(stack_top) % kMaxStackAlignment == 0);
+
+    child_pid = clone(&ExecDeathTestChildMain, stack_top, SIGCHLD, &args);
+
+    GTEST_DEATH_TEST_CHECK_(munmap(stack, stack_size) != -1);
+  }
+#   else
+  const bool use_fork = true;
+#   endif  // GTEST_HAS_CLONE
+
+  if (use_fork && (child_pid = fork()) == 0) {
+      ExecDeathTestChildMain(&args);
+      _exit(0);
+  }
+#  endif  // GTEST_OS_QNX
+#  if GTEST_OS_LINUX
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(
+      sigaction(SIGPROF, &saved_sigprof_action, NULL));
+#  endif  // GTEST_OS_LINUX
+
+  GTEST_DEATH_TEST_CHECK_(child_pid != -1);
+  return child_pid;
+}
+
+// The AssumeRole process for a fork-and-exec death test.  It re-executes the
+// main program from the beginning, setting the --gtest_filter
+// and --gtest_internal_run_death_test flags to cause only the current
+// death test to be re-run.
+DeathTest::TestRole ExecDeathTest::AssumeRole() {
+  const UnitTestImpl* const impl = GetUnitTestImpl();
+  const InternalRunDeathTestFlag* const flag =
+      impl->internal_run_death_test_flag();
+  const TestInfo* const info = impl->current_test_info();
+  const int death_test_index = info->result()->death_test_count();
+
+  if (flag != NULL) {
+    set_write_fd(flag->write_fd());
+    return EXECUTE_TEST;
+  }
+
+  int pipe_fd[2];
+  GTEST_DEATH_TEST_CHECK_(pipe(pipe_fd) != -1);
+  // Clear the close-on-exec flag on the write end of the pipe, lest
+  // it be closed when the child process does an exec:
+  GTEST_DEATH_TEST_CHECK_(fcntl(pipe_fd[1], F_SETFD, 0) != -1);
+
+  const std::string filter_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kFilterFlag + "="
+      + info->test_case_name() + "." + info->name();
+  const std::string internal_flag =
+      std::string("--") + GTEST_FLAG_PREFIX_ + kInternalRunDeathTestFlag + "="
+      + file_ + "|" + StreamableToString(line_) + "|"
+      + StreamableToString(death_test_index) + "|"
+      + StreamableToString(pipe_fd[1]);
+  Arguments args;
+  args.AddArguments(GetArgvsForDeathTestChildProcess());
+  args.AddArgument(filter_flag.c_str());
+  args.AddArgument(internal_flag.c_str());
+
+  DeathTest::set_last_death_test_message("");
+
+  CaptureStderr();
+  // See the comment in NoExecDeathTest::AssumeRole for why the next line
+  // is necessary.
+  FlushInfoLog();
+
+  const pid_t child_pid = ExecDeathTestSpawnChild(args.Argv(), pipe_fd[0]);
+  GTEST_DEATH_TEST_CHECK_SYSCALL_(close(pipe_fd[1]));
+  set_child_pid(child_pid);
+  set_read_fd(pipe_fd[0]);
+  set_spawned(true);
+  return OVERSEE_TEST;
+}
+
+# endif  // !GTEST_OS_WINDOWS
+
+// Creates a concrete DeathTest-derived class that depends on the
+// --gtest_death_test_style flag, and sets the pointer pointed to
+// by the "test" argument to its address.  If the test should be
+// skipped, sets that pointer to NULL.  Returns true, unless the
+// flag is set to an invalid value.
+bool DefaultDeathTestFactory::Create(const char* statement, const RE* regex,
+                                     const char* file, int line,
+                                     DeathTest** test) {
+  UnitTestImpl* const impl = GetUnitTestImpl();
+  const InternalRunDeathTestFlag* const flag =
+      impl->internal_run_death_test_flag();
+  const int death_test_index = impl->current_test_info()
+      ->increment_death_test_count();
+
+  if (flag != NULL) {
+    if (death_test_index > flag->index()) {
+      DeathTest::set_last_death_test_message(
+          "Death test count (" + StreamableToString(death_test_index)
+          + ") somehow exceeded expected maximum ("
+          + StreamableToString(flag->index()) + ")");
+      return false;
+    }
+
+    if (!(flag->file() == file && flag->line() == line &&
+          flag->index() == death_test_index)) {
+      *test = NULL;
+      return true;
+    }
+  }
+
+# if GTEST_OS_WINDOWS
+
+  if (GTEST_FLAG(death_test_style) == "threadsafe" ||
+      GTEST_FLAG(death_test_style) == "fast") {
+    *test = new WindowsDeathTest(statement, regex, file, line);
+  }
+
+# else
+
+  if (GTEST_FLAG(death_test_style) == "threadsafe") {
+    *test = new ExecDeathTest(statement, regex, file, line);
+  } else if (GTEST_FLAG(death_test_style) == "fast") {
+    *test = new NoExecDeathTest(statement, regex);
+  }
+
+# endif  // GTEST_OS_WINDOWS
+
+  else {  // NOLINT - this is more readable than unbalanced brackets inside #if.
+    DeathTest::set_last_death_test_message(
+        "Unknown death test style \"" + GTEST_FLAG(death_test_style)
+        + "\" encountered");
+    return false;
+  }
+
+  return true;
+}
+
+// Splits a given string on a given delimiter, populating a given
+// vector with the fields.  GTEST_HAS_DEATH_TEST implies that we have
+// ::std::string, so we can use it here.
+static void SplitString(const ::std::string& str, char delimiter,
+                        ::std::vector< ::std::string>* dest) {
+  ::std::vector< ::std::string> parsed;
+  ::std::string::size_type pos = 0;
+  while (::testing::internal::AlwaysTrue()) {
+    const ::std::string::size_type colon = str.find(delimiter, pos);
+    if (colon == ::std::string::npos) {
+      parsed.push_back(str.substr(pos));
+      break;
+    } else {
+      parsed.push_back(str.substr(pos, colon - pos));
+      pos = colon + 1;
+    }
+  }
+  dest->swap(parsed);
+}
+
+# if GTEST_OS_WINDOWS
+// Recreates the pipe and event handles from the provided parameters,
+// signals the event, and returns a file descriptor wrapped around the pipe
+// handle. This function is called in the child process only.
+int GetStatusFileDescriptor(unsigned int parent_process_id,
+                            size_t write_handle_as_size_t,
+                            size_t event_handle_as_size_t) {
+  AutoHandle parent_process_handle(::OpenProcess(PROCESS_DUP_HANDLE,
+                                                   FALSE,  // Non-inheritable.
+                                                   parent_process_id));
+  if (parent_process_handle.Get() == INVALID_HANDLE_VALUE) {
+    DeathTestAbort("Unable to open parent process " +
+                   StreamableToString(parent_process_id));
+  }
+
+  // TODO(vladl@google.com): Replace the following check with a
+  // compile-time assertion when available.
+  GTEST_CHECK_(sizeof(HANDLE) <= sizeof(size_t));
+
+  const HANDLE write_handle =
+      reinterpret_cast<HANDLE>(write_handle_as_size_t);
+  HANDLE dup_write_handle;
+
+  // The newly initialized handle is accessible only in in the parent
+  // process. To obtain one accessible within the child, we need to use
+  // DuplicateHandle.
+  if (!::DuplicateHandle(parent_process_handle.Get(), write_handle,
+                         ::GetCurrentProcess(), &dup_write_handle,
+                         0x0,    // Requested privileges ignored since
+                                 // DUPLICATE_SAME_ACCESS is used.
+                         FALSE,  // Request non-inheritable handler.
+                         DUPLICATE_SAME_ACCESS)) {
+    DeathTestAbort("Unable to duplicate the pipe handle " +
+                   StreamableToString(write_handle_as_size_t) +
+                   " from the parent process " +
+                   StreamableToString(parent_process_id));
+  }
+
+  const HANDLE event_handle = reinterpret_cast<HANDLE>(event_handle_as_size_t);
+  HANDLE dup_event_handle;
+
+  if (!::DuplicateHandle(parent_process_handle.Get(), event_handle,
+                         ::GetCurrentProcess(), &dup_event_handle,
+                         0x0,
+                         FALSE,
+                         DUPLICATE_SAME_ACCESS)) {
+    DeathTestAbort("Unable to duplicate the event handle " +
+                   StreamableToString(event_handle_as_size_t) +
+                   " from the parent process " +
+                   StreamableToString(parent_process_id));
+  }
+
+  const int write_fd =
+      ::_open_osfhandle(reinterpret_cast<intptr_t>(dup_write_handle), O_APPEND);
+  if (write_fd == -1) {
+    DeathTestAbort("Unable to convert pipe handle " +
+                   StreamableToString(write_handle_as_size_t) +
+                   " to a file descriptor");
+  }
+
+  // Signals the parent that the write end of the pipe has been acquired
+  // so the parent can release its own write end.
+  ::SetEvent(dup_event_handle);
+
+  return write_fd;
+}
+# endif  // GTEST_OS_WINDOWS
+
+// Returns a newly created InternalRunDeathTestFlag object with fields
+// initialized from the GTEST_FLAG(internal_run_death_test) flag if
+// the flag is specified; otherwise returns NULL.
+InternalRunDeathTestFlag* ParseInternalRunDeathTestFlag() {
+  if (GTEST_FLAG(internal_run_death_test) == "") return NULL;
+
+  // GTEST_HAS_DEATH_TEST implies that we have ::std::string, so we
+  // can use it here.
+  int line = -1;
+  int index = -1;
+  ::std::vector< ::std::string> fields;
+  SplitString(GTEST_FLAG(internal_run_death_test).c_str(), '|', &fields);
+  int write_fd = -1;
+
+# if GTEST_OS_WINDOWS
+
+  unsigned int parent_process_id = 0;
+  size_t write_handle_as_size_t = 0;
+  size_t event_handle_as_size_t = 0;
+
+  if (fields.size() != 6
+      || !ParseNaturalNumber(fields[1], &line)
+      || !ParseNaturalNumber(fields[2], &index)
+      || !ParseNaturalNumber(fields[3], &parent_process_id)
+      || !ParseNaturalNumber(fields[4], &write_handle_as_size_t)
+      || !ParseNaturalNumber(fields[5], &event_handle_as_size_t)) {
+    DeathTestAbort("Bad --gtest_internal_run_death_test flag: " +
+                   GTEST_FLAG(internal_run_death_test));
+  }
+  write_fd = GetStatusFileDescriptor(parent_process_id,
+                                     write_handle_as_size_t,
+                                     event_handle_as_size_t);
+# else
+
+  if (fields.size() != 4
+      || !ParseNaturalNumber(fields[1], &line)
+      || !ParseNaturalNumber(fields[2], &index)
+      || !ParseNaturalNumber(fields[3], &write_fd)) {
+    DeathTestAbort("Bad --gtest_internal_run_death_test flag: "
+        + GTEST_FLAG(internal_run_death_test));
+  }
+
+# endif  // GTEST_OS_WINDOWS
+
+  return new InternalRunDeathTestFlag(fields[0], line, index, write_fd);
+}
+
+}  // namespace internal
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/src/gtest-filepath.cc b/nss/gtests/google_test/gtest/src/gtest-filepath.cc
new file mode 100644
index 0000000..0292dc1
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-filepath.cc
@@ -0,0 +1,387 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: keith.ray@gmail.com (Keith Ray)
+
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-filepath.h"
+#include "gtest/internal/gtest-port.h"
+
+#include <stdlib.h>
+
+#if GTEST_OS_WINDOWS_MOBILE
+# include <windows.h>
+#elif GTEST_OS_WINDOWS
+# include <direct.h>
+# include <io.h>
+#elif GTEST_OS_SYMBIAN
+// Symbian OpenC has PATH_MAX in sys/syslimits.h
+# include <sys/syslimits.h>
+#else
+# include <limits.h>
+# include <climits>  // Some Linux distributions define PATH_MAX here.
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+#if GTEST_OS_WINDOWS
+# define GTEST_PATH_MAX_ _MAX_PATH
+#elif defined(PATH_MAX)
+# define GTEST_PATH_MAX_ PATH_MAX
+#elif defined(_XOPEN_PATH_MAX)
+# define GTEST_PATH_MAX_ _XOPEN_PATH_MAX
+#else
+# define GTEST_PATH_MAX_ _POSIX_PATH_MAX
+#endif  // GTEST_OS_WINDOWS
+
+#include "gtest/internal/gtest-string.h"
+
+namespace testing {
+namespace internal {
+
+#if GTEST_OS_WINDOWS
+// On Windows, '\\' is the standard path separator, but many tools and the
+// Windows API also accept '/' as an alternate path separator. Unless otherwise
+// noted, a file path can contain either kind of path separators, or a mixture
+// of them.
+const char kPathSeparator = '\\';
+const char kAlternatePathSeparator = '/';
+const char kAlternatePathSeparatorString[] = "/";
+# if GTEST_OS_WINDOWS_MOBILE
+// Windows CE doesn't have a current directory. You should not use
+// the current directory in tests on Windows CE, but this at least
+// provides a reasonable fallback.
+const char kCurrentDirectoryString[] = "\\";
+// Windows CE doesn't define INVALID_FILE_ATTRIBUTES
+const DWORD kInvalidFileAttributes = 0xffffffff;
+# else
+const char kCurrentDirectoryString[] = ".\\";
+# endif  // GTEST_OS_WINDOWS_MOBILE
+#else
+const char kPathSeparator = '/';
+const char kCurrentDirectoryString[] = "./";
+#endif  // GTEST_OS_WINDOWS
+
+// Returns whether the given character is a valid path separator.
+static bool IsPathSeparator(char c) {
+#if GTEST_HAS_ALT_PATH_SEP_
+  return (c == kPathSeparator) || (c == kAlternatePathSeparator);
+#else
+  return c == kPathSeparator;
+#endif
+}
+
+// Returns the current working directory, or "" if unsuccessful.
+FilePath FilePath::GetCurrentDir() {
+#if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_WINDOWS_PHONE || GTEST_OS_WINDOWS_RT
+  // Windows CE doesn't have a current directory, so we just return
+  // something reasonable.
+  return FilePath(kCurrentDirectoryString);
+#elif GTEST_OS_WINDOWS
+  char cwd[GTEST_PATH_MAX_ + 1] = { '\0' };
+  return FilePath(_getcwd(cwd, sizeof(cwd)) == NULL ? "" : cwd);
+#else
+  char cwd[GTEST_PATH_MAX_ + 1] = { '\0' };
+  char* result = getcwd(cwd, sizeof(cwd));
+# if GTEST_OS_NACL
+  // getcwd will likely fail in NaCl due to the sandbox, so return something
+  // reasonable. The user may have provided a shim implementation for getcwd,
+  // however, so fallback only when failure is detected.
+  return FilePath(result == NULL ? kCurrentDirectoryString : cwd);
+# endif  // GTEST_OS_NACL
+  return FilePath(result == NULL ? "" : cwd);
+#endif  // GTEST_OS_WINDOWS_MOBILE
+}
+
+// Returns a copy of the FilePath with the case-insensitive extension removed.
+// Example: FilePath("dir/file.exe").RemoveExtension("EXE") returns
+// FilePath("dir/file"). If a case-insensitive extension is not
+// found, returns a copy of the original FilePath.
+FilePath FilePath::RemoveExtension(const char* extension) const {
+  const std::string dot_extension = std::string(".") + extension;
+  if (String::EndsWithCaseInsensitive(pathname_, dot_extension)) {
+    return FilePath(pathname_.substr(
+        0, pathname_.length() - dot_extension.length()));
+  }
+  return *this;
+}
+
+// Returns a pointer to the last occurence of a valid path separator in
+// the FilePath. On Windows, for example, both '/' and '\' are valid path
+// separators. Returns NULL if no path separator was found.
+const char* FilePath::FindLastPathSeparator() const {
+  const char* const last_sep = strrchr(c_str(), kPathSeparator);
+#if GTEST_HAS_ALT_PATH_SEP_
+  const char* const last_alt_sep = strrchr(c_str(), kAlternatePathSeparator);
+  // Comparing two pointers of which only one is NULL is undefined.
+  if (last_alt_sep != NULL &&
+      (last_sep == NULL || last_alt_sep > last_sep)) {
+    return last_alt_sep;
+  }
+#endif
+  return last_sep;
+}
+
+// Returns a copy of the FilePath with the directory part removed.
+// Example: FilePath("path/to/file").RemoveDirectoryName() returns
+// FilePath("file"). If there is no directory part ("just_a_file"), it returns
+// the FilePath unmodified. If there is no file part ("just_a_dir/") it
+// returns an empty FilePath ("").
+// On Windows platform, '\' is the path separator, otherwise it is '/'.
+FilePath FilePath::RemoveDirectoryName() const {
+  const char* const last_sep = FindLastPathSeparator();
+  return last_sep ? FilePath(last_sep + 1) : *this;
+}
+
+// RemoveFileName returns the directory path with the filename removed.
+// Example: FilePath("path/to/file").RemoveFileName() returns "path/to/".
+// If the FilePath is "a_file" or "/a_file", RemoveFileName returns
+// FilePath("./") or, on Windows, FilePath(".\\"). If the filepath does
+// not have a file, like "just/a/dir/", it returns the FilePath unmodified.
+// On Windows platform, '\' is the path separator, otherwise it is '/'.
+FilePath FilePath::RemoveFileName() const {
+  const char* const last_sep = FindLastPathSeparator();
+  std::string dir;
+  if (last_sep) {
+    dir = std::string(c_str(), last_sep + 1 - c_str());
+  } else {
+    dir = kCurrentDirectoryString;
+  }
+  return FilePath(dir);
+}
+
+// Helper functions for naming files in a directory for xml output.
+
+// Given directory = "dir", base_name = "test", number = 0,
+// extension = "xml", returns "dir/test.xml". If number is greater
+// than zero (e.g., 12), returns "dir/test_12.xml".
+// On Windows platform, uses \ as the separator rather than /.
+FilePath FilePath::MakeFileName(const FilePath& directory,
+                                const FilePath& base_name,
+                                int number,
+                                const char* extension) {
+  std::string file;
+  if (number == 0) {
+    file = base_name.string() + "." + extension;
+  } else {
+    file = base_name.string() + "_" + StreamableToString(number)
+        + "." + extension;
+  }
+  return ConcatPaths(directory, FilePath(file));
+}
+
+// Given directory = "dir", relative_path = "test.xml", returns "dir/test.xml".
+// On Windows, uses \ as the separator rather than /.
+FilePath FilePath::ConcatPaths(const FilePath& directory,
+                               const FilePath& relative_path) {
+  if (directory.IsEmpty())
+    return relative_path;
+  const FilePath dir(directory.RemoveTrailingPathSeparator());
+  return FilePath(dir.string() + kPathSeparator + relative_path.string());
+}
+
+// Returns true if pathname describes something findable in the file-system,
+// either a file, directory, or whatever.
+bool FilePath::FileOrDirectoryExists() const {
+#if GTEST_OS_WINDOWS_MOBILE
+  LPCWSTR unicode = String::AnsiToUtf16(pathname_.c_str());
+  const DWORD attributes = GetFileAttributes(unicode);
+  delete [] unicode;
+  return attributes != kInvalidFileAttributes;
+#else
+  posix::StatStruct file_stat;
+  return posix::Stat(pathname_.c_str(), &file_stat) == 0;
+#endif  // GTEST_OS_WINDOWS_MOBILE
+}
+
+// Returns true if pathname describes a directory in the file-system
+// that exists.
+bool FilePath::DirectoryExists() const {
+  bool result = false;
+#if GTEST_OS_WINDOWS
+  // Don't strip off trailing separator if path is a root directory on
+  // Windows (like "C:\\").
+  const FilePath& path(IsRootDirectory() ? *this :
+                                           RemoveTrailingPathSeparator());
+#else
+  const FilePath& path(*this);
+#endif
+
+#if GTEST_OS_WINDOWS_MOBILE
+  LPCWSTR unicode = String::AnsiToUtf16(path.c_str());
+  const DWORD attributes = GetFileAttributes(unicode);
+  delete [] unicode;
+  if ((attributes != kInvalidFileAttributes) &&
+      (attributes & FILE_ATTRIBUTE_DIRECTORY)) {
+    result = true;
+  }
+#else
+  posix::StatStruct file_stat;
+  result = posix::Stat(path.c_str(), &file_stat) == 0 &&
+      posix::IsDir(file_stat);
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+  return result;
+}
+
+// Returns true if pathname describes a root directory. (Windows has one
+// root directory per disk drive.)
+bool FilePath::IsRootDirectory() const {
+#if GTEST_OS_WINDOWS
+  // TODO(wan@google.com): on Windows a network share like
+  // \\server\share can be a root directory, although it cannot be the
+  // current directory.  Handle this properly.
+  return pathname_.length() == 3 && IsAbsolutePath();
+#else
+  return pathname_.length() == 1 && IsPathSeparator(pathname_.c_str()[0]);
+#endif
+}
+
+// Returns true if pathname describes an absolute path.
+bool FilePath::IsAbsolutePath() const {
+  const char* const name = pathname_.c_str();
+#if GTEST_OS_WINDOWS
+  return pathname_.length() >= 3 &&
+     ((name[0] >= 'a' && name[0] <= 'z') ||
+      (name[0] >= 'A' && name[0] <= 'Z')) &&
+     name[1] == ':' &&
+     IsPathSeparator(name[2]);
+#else
+  return IsPathSeparator(name[0]);
+#endif
+}
+
+// Returns a pathname for a file that does not currently exist. The pathname
+// will be directory/base_name.extension or
+// directory/base_name_<number>.extension if directory/base_name.extension
+// already exists. The number will be incremented until a pathname is found
+// that does not already exist.
+// Examples: 'dir/foo_test.xml' or 'dir/foo_test_1.xml'.
+// There could be a race condition if two or more processes are calling this
+// function at the same time -- they could both pick the same filename.
+FilePath FilePath::GenerateUniqueFileName(const FilePath& directory,
+                                          const FilePath& base_name,
+                                          const char* extension) {
+  FilePath full_pathname;
+  int number = 0;
+  do {
+    full_pathname.Set(MakeFileName(directory, base_name, number++, extension));
+  } while (full_pathname.FileOrDirectoryExists());
+  return full_pathname;
+}
+
+// Returns true if FilePath ends with a path separator, which indicates that
+// it is intended to represent a directory. Returns false otherwise.
+// This does NOT check that a directory (or file) actually exists.
+bool FilePath::IsDirectory() const {
+  return !pathname_.empty() &&
+         IsPathSeparator(pathname_.c_str()[pathname_.length() - 1]);
+}
+
+// Create directories so that path exists. Returns true if successful or if
+// the directories already exist; returns false if unable to create directories
+// for any reason.
+bool FilePath::CreateDirectoriesRecursively() const {
+  if (!this->IsDirectory()) {
+    return false;
+  }
+
+  if (pathname_.length() == 0 || this->DirectoryExists()) {
+    return true;
+  }
+
+  const FilePath parent(this->RemoveTrailingPathSeparator().RemoveFileName());
+  return parent.CreateDirectoriesRecursively() && this->CreateFolder();
+}
+
+// Create the directory so that path exists. Returns true if successful or
+// if the directory already exists; returns false if unable to create the
+// directory for any reason, including if the parent directory does not
+// exist. Not named "CreateDirectory" because that's a macro on Windows.
+bool FilePath::CreateFolder() const {
+#if GTEST_OS_WINDOWS_MOBILE
+  FilePath removed_sep(this->RemoveTrailingPathSeparator());
+  LPCWSTR unicode = String::AnsiToUtf16(removed_sep.c_str());
+  int result = CreateDirectory(unicode, NULL) ? 0 : -1;
+  delete [] unicode;
+#elif GTEST_OS_WINDOWS
+  int result = _mkdir(pathname_.c_str());
+#else
+  int result = mkdir(pathname_.c_str(), 0777);
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+  if (result == -1) {
+    return this->DirectoryExists();  // An error is OK if the directory exists.
+  }
+  return true;  // No error.
+}
+
+// If input name has a trailing separator character, remove it and return the
+// name, otherwise return the name string unmodified.
+// On Windows platform, uses \ as the separator, other platforms use /.
+FilePath FilePath::RemoveTrailingPathSeparator() const {
+  return IsDirectory()
+      ? FilePath(pathname_.substr(0, pathname_.length() - 1))
+      : *this;
+}
+
+// Removes any redundant separators that might be in the pathname.
+// For example, "bar///foo" becomes "bar/foo". Does not eliminate other
+// redundancies that might be in a pathname involving "." or "..".
+// TODO(wan@google.com): handle Windows network shares (e.g. \\server\share).
+void FilePath::Normalize() {
+  if (pathname_.c_str() == NULL) {
+    pathname_ = "";
+    return;
+  }
+  const char* src = pathname_.c_str();
+  char* const dest = new char[pathname_.length() + 1];
+  char* dest_ptr = dest;
+  memset(dest_ptr, 0, pathname_.length() + 1);
+
+  while (*src != '\0') {
+    *dest_ptr = *src;
+    if (!IsPathSeparator(*src)) {
+      src++;
+    } else {
+#if GTEST_HAS_ALT_PATH_SEP_
+      if (*dest_ptr == kAlternatePathSeparator) {
+        *dest_ptr = kPathSeparator;
+      }
+#endif
+      while (IsPathSeparator(*src))
+        src++;
+    }
+    dest_ptr++;
+  }
+  *dest_ptr = '\0';
+  pathname_ = dest;
+  delete[] dest;
+}
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/src/gtest-internal-inl.h b/nss/gtests/google_test/gtest/src/gtest-internal-inl.h
new file mode 100644
index 0000000..0ac7a10
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-internal-inl.h
@@ -0,0 +1,1192 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Utility functions and classes used by the Google C++ testing framework.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// This file contains purely Google Test's internal implementation.  Please
+// DO NOT #INCLUDE IT IN A USER PROGRAM.
+
+#ifndef GTEST_SRC_GTEST_INTERNAL_INL_H_
+#define GTEST_SRC_GTEST_INTERNAL_INL_H_
+
+// GTEST_IMPLEMENTATION_ is defined to 1 iff the current translation unit is
+// part of Google Test's implementation; otherwise it's undefined.
+#if !GTEST_IMPLEMENTATION_
+// If this file is included from the user's code, just say no.
+# error "gtest-internal-inl.h is part of Google Test's internal implementation."
+# error "It must not be included except by Google Test itself."
+#endif  // GTEST_IMPLEMENTATION_
+
+#ifndef _WIN32_WCE
+# include <errno.h>
+#endif  // !_WIN32_WCE
+#include <stddef.h>
+#include <stdlib.h>  // For strtoll/_strtoul64/malloc/free.
+#include <string.h>  // For memmove.
+
+#include <algorithm>
+#include <string>
+#include <vector>
+
+#include "gtest/internal/gtest-port.h"
+
+#if GTEST_CAN_STREAM_RESULTS_
+# include <arpa/inet.h>  // NOLINT
+# include <netdb.h>  // NOLINT
+#endif
+
+#if GTEST_OS_WINDOWS
+# include <windows.h>  // NOLINT
+#endif  // GTEST_OS_WINDOWS
+
+#include "gtest/gtest.h"  // NOLINT
+#include "gtest/gtest-spi.h"
+
+namespace testing {
+
+// Declares the flags.
+//
+// We don't want the users to modify this flag in the code, but want
+// Google Test's own unit tests to be able to access it. Therefore we
+// declare it here as opposed to in gtest.h.
+GTEST_DECLARE_bool_(death_test_use_fork);
+
+namespace internal {
+
+// The value of GetTestTypeId() as seen from within the Google Test
+// library.  This is solely for testing GetTestTypeId().
+GTEST_API_ extern const TypeId kTestTypeIdInGoogleTest;
+
+// Names of the flags (needed for parsing Google Test flags).
+const char kAlsoRunDisabledTestsFlag[] = "also_run_disabled_tests";
+const char kBreakOnFailureFlag[] = "break_on_failure";
+const char kCatchExceptionsFlag[] = "catch_exceptions";
+const char kColorFlag[] = "color";
+const char kFilterFlag[] = "filter";
+const char kListTestsFlag[] = "list_tests";
+const char kOutputFlag[] = "output";
+const char kPrintTimeFlag[] = "print_time";
+const char kRandomSeedFlag[] = "random_seed";
+const char kRepeatFlag[] = "repeat";
+const char kShuffleFlag[] = "shuffle";
+const char kStackTraceDepthFlag[] = "stack_trace_depth";
+const char kStreamResultToFlag[] = "stream_result_to";
+const char kThrowOnFailureFlag[] = "throw_on_failure";
+
+// A valid random seed must be in [1, kMaxRandomSeed].
+const int kMaxRandomSeed = 99999;
+
+// g_help_flag is true iff the --help flag or an equivalent form is
+// specified on the command line.
+GTEST_API_ extern bool g_help_flag;
+
+// Returns the current time in milliseconds.
+GTEST_API_ TimeInMillis GetTimeInMillis();
+
+// Returns true iff Google Test should use colors in the output.
+GTEST_API_ bool ShouldUseColor(bool stdout_is_tty);
+
+// Formats the given time in milliseconds as seconds.
+GTEST_API_ std::string FormatTimeInMillisAsSeconds(TimeInMillis ms);
+
+// Converts the given time in milliseconds to a date string in the ISO 8601
+// format, without the timezone information.  N.B.: due to the use the
+// non-reentrant localtime() function, this function is not thread safe.  Do
+// not use it in any code that can be called from multiple threads.
+GTEST_API_ std::string FormatEpochTimeInMillisAsIso8601(TimeInMillis ms);
+
+// Parses a string for an Int32 flag, in the form of "--flag=value".
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+GTEST_API_ bool ParseInt32Flag(
+    const char* str, const char* flag, Int32* value);
+
+// Returns a random seed in range [1, kMaxRandomSeed] based on the
+// given --gtest_random_seed flag value.
+inline int GetRandomSeedFromFlag(Int32 random_seed_flag) {
+  const unsigned int raw_seed = (random_seed_flag == 0) ?
+      static_cast<unsigned int>(GetTimeInMillis()) :
+      static_cast<unsigned int>(random_seed_flag);
+
+  // Normalizes the actual seed to range [1, kMaxRandomSeed] such that
+  // it's easy to type.
+  const int normalized_seed =
+      static_cast<int>((raw_seed - 1U) %
+                       static_cast<unsigned int>(kMaxRandomSeed)) + 1;
+  return normalized_seed;
+}
+
+// Returns the first valid random seed after 'seed'.  The behavior is
+// undefined if 'seed' is invalid.  The seed after kMaxRandomSeed is
+// considered to be 1.
+inline int GetNextRandomSeed(int seed) {
+  GTEST_CHECK_(1 <= seed && seed <= kMaxRandomSeed)
+      << "Invalid random seed " << seed << " - must be in [1, "
+      << kMaxRandomSeed << "].";
+  const int next_seed = seed + 1;
+  return (next_seed > kMaxRandomSeed) ? 1 : next_seed;
+}
+
+// This class saves the values of all Google Test flags in its c'tor, and
+// restores them in its d'tor.
+class GTestFlagSaver {
+ public:
+  // The c'tor.
+  GTestFlagSaver() {
+    also_run_disabled_tests_ = GTEST_FLAG(also_run_disabled_tests);
+    break_on_failure_ = GTEST_FLAG(break_on_failure);
+    catch_exceptions_ = GTEST_FLAG(catch_exceptions);
+    color_ = GTEST_FLAG(color);
+    death_test_style_ = GTEST_FLAG(death_test_style);
+    death_test_use_fork_ = GTEST_FLAG(death_test_use_fork);
+    filter_ = GTEST_FLAG(filter);
+    internal_run_death_test_ = GTEST_FLAG(internal_run_death_test);
+    list_tests_ = GTEST_FLAG(list_tests);
+    output_ = GTEST_FLAG(output);
+    print_time_ = GTEST_FLAG(print_time);
+    random_seed_ = GTEST_FLAG(random_seed);
+    repeat_ = GTEST_FLAG(repeat);
+    shuffle_ = GTEST_FLAG(shuffle);
+    stack_trace_depth_ = GTEST_FLAG(stack_trace_depth);
+    stream_result_to_ = GTEST_FLAG(stream_result_to);
+    throw_on_failure_ = GTEST_FLAG(throw_on_failure);
+  }
+
+  // The d'tor is not virtual.  DO NOT INHERIT FROM THIS CLASS.
+  ~GTestFlagSaver() {
+    GTEST_FLAG(also_run_disabled_tests) = also_run_disabled_tests_;
+    GTEST_FLAG(break_on_failure) = break_on_failure_;
+    GTEST_FLAG(catch_exceptions) = catch_exceptions_;
+    GTEST_FLAG(color) = color_;
+    GTEST_FLAG(death_test_style) = death_test_style_;
+    GTEST_FLAG(death_test_use_fork) = death_test_use_fork_;
+    GTEST_FLAG(filter) = filter_;
+    GTEST_FLAG(internal_run_death_test) = internal_run_death_test_;
+    GTEST_FLAG(list_tests) = list_tests_;
+    GTEST_FLAG(output) = output_;
+    GTEST_FLAG(print_time) = print_time_;
+    GTEST_FLAG(random_seed) = random_seed_;
+    GTEST_FLAG(repeat) = repeat_;
+    GTEST_FLAG(shuffle) = shuffle_;
+    GTEST_FLAG(stack_trace_depth) = stack_trace_depth_;
+    GTEST_FLAG(stream_result_to) = stream_result_to_;
+    GTEST_FLAG(throw_on_failure) = throw_on_failure_;
+  }
+
+ private:
+  // Fields for saving the original values of flags.
+  bool also_run_disabled_tests_;
+  bool break_on_failure_;
+  bool catch_exceptions_;
+  std::string color_;
+  std::string death_test_style_;
+  bool death_test_use_fork_;
+  std::string filter_;
+  std::string internal_run_death_test_;
+  bool list_tests_;
+  std::string output_;
+  bool print_time_;
+  internal::Int32 random_seed_;
+  internal::Int32 repeat_;
+  bool shuffle_;
+  internal::Int32 stack_trace_depth_;
+  std::string stream_result_to_;
+  bool throw_on_failure_;
+} GTEST_ATTRIBUTE_UNUSED_;
+
+// Converts a Unicode code point to a narrow string in UTF-8 encoding.
+// code_point parameter is of type UInt32 because wchar_t may not be
+// wide enough to contain a code point.
+// If the code_point is not a valid Unicode code point
+// (i.e. outside of Unicode range U+0 to U+10FFFF) it will be converted
+// to "(Invalid Unicode 0xXXXXXXXX)".
+GTEST_API_ std::string CodePointToUtf8(UInt32 code_point);
+
+// Converts a wide string to a narrow string in UTF-8 encoding.
+// The wide string is assumed to have the following encoding:
+//   UTF-16 if sizeof(wchar_t) == 2 (on Windows, Cygwin, Symbian OS)
+//   UTF-32 if sizeof(wchar_t) == 4 (on Linux)
+// Parameter str points to a null-terminated wide string.
+// Parameter num_chars may additionally limit the number
+// of wchar_t characters processed. -1 is used when the entire string
+// should be processed.
+// If the string contains code points that are not valid Unicode code points
+// (i.e. outside of Unicode range U+0 to U+10FFFF) they will be output
+// as '(Invalid Unicode 0xXXXXXXXX)'. If the string is in UTF16 encoding
+// and contains invalid UTF-16 surrogate pairs, values in those pairs
+// will be encoded as individual Unicode characters from Basic Normal Plane.
+GTEST_API_ std::string WideStringToUtf8(const wchar_t* str, int num_chars);
+
+// Reads the GTEST_SHARD_STATUS_FILE environment variable, and creates the file
+// if the variable is present. If a file already exists at this location, this
+// function will write over it. If the variable is present, but the file cannot
+// be created, prints an error and exits.
+void WriteToShardStatusFileIfNeeded();
+
+// Checks whether sharding is enabled by examining the relevant
+// environment variable values. If the variables are present,
+// but inconsistent (e.g., shard_index >= total_shards), prints
+// an error and exits. If in_subprocess_for_death_test, sharding is
+// disabled because it must only be applied to the original test
+// process. Otherwise, we could filter out death tests we intended to execute.
+GTEST_API_ bool ShouldShard(const char* total_shards_str,
+                            const char* shard_index_str,
+                            bool in_subprocess_for_death_test);
+
+// Parses the environment variable var as an Int32. If it is unset,
+// returns default_val. If it is not an Int32, prints an error and
+// and aborts.
+GTEST_API_ Int32 Int32FromEnvOrDie(const char* env_var, Int32 default_val);
+
+// Given the total number of shards, the shard index, and the test id,
+// returns true iff the test should be run on this shard. The test id is
+// some arbitrary but unique non-negative integer assigned to each test
+// method. Assumes that 0 <= shard_index < total_shards.
+GTEST_API_ bool ShouldRunTestOnShard(
+    int total_shards, int shard_index, int test_id);
+
+// STL container utilities.
+
+// Returns the number of elements in the given container that satisfy
+// the given predicate.
+template <class Container, typename Predicate>
+inline int CountIf(const Container& c, Predicate predicate) {
+  // Implemented as an explicit loop since std::count_if() in libCstd on
+  // Solaris has a non-standard signature.
+  int count = 0;
+  for (typename Container::const_iterator it = c.begin(); it != c.end(); ++it) {
+    if (predicate(*it))
+      ++count;
+  }
+  return count;
+}
+
+// Applies a function/functor to each element in the container.
+template <class Container, typename Functor>
+void ForEach(const Container& c, Functor functor) {
+  std::for_each(c.begin(), c.end(), functor);
+}
+
+// Returns the i-th element of the vector, or default_value if i is not
+// in range [0, v.size()).
+template <typename E>
+inline E GetElementOr(const std::vector<E>& v, int i, E default_value) {
+  return (i < 0 || i >= static_cast<int>(v.size())) ? default_value : v[i];
+}
+
+// Performs an in-place shuffle of a range of the vector's elements.
+// 'begin' and 'end' are element indices as an STL-style range;
+// i.e. [begin, end) are shuffled, where 'end' == size() means to
+// shuffle to the end of the vector.
+template <typename E>
+void ShuffleRange(internal::Random* random, int begin, int end,
+                  std::vector<E>* v) {
+  const int size = static_cast<int>(v->size());
+  GTEST_CHECK_(0 <= begin && begin <= size)
+      << "Invalid shuffle range start " << begin << ": must be in range [0, "
+      << size << "].";
+  GTEST_CHECK_(begin <= end && end <= size)
+      << "Invalid shuffle range finish " << end << ": must be in range ["
+      << begin << ", " << size << "].";
+
+  // Fisher-Yates shuffle, from
+  // http://en.wikipedia.org/wiki/Fisher-Yates_shuffle
+  for (int range_width = end - begin; range_width >= 2; range_width--) {
+    const int last_in_range = begin + range_width - 1;
+    const int selected = begin + random->Generate(range_width);
+    std::swap((*v)[selected], (*v)[last_in_range]);
+  }
+}
+
+// Performs an in-place shuffle of the vector's elements.
+template <typename E>
+inline void Shuffle(internal::Random* random, std::vector<E>* v) {
+  ShuffleRange(random, 0, static_cast<int>(v->size()), v);
+}
+
+// A function for deleting an object.  Handy for being used as a
+// functor.
+template <typename T>
+static void Delete(T* x) {
+  delete x;
+}
+
+// A predicate that checks the key of a TestProperty against a known key.
+//
+// TestPropertyKeyIs is copyable.
+class TestPropertyKeyIs {
+ public:
+  // Constructor.
+  //
+  // TestPropertyKeyIs has NO default constructor.
+  explicit TestPropertyKeyIs(const std::string& key) : key_(key) {}
+
+  // Returns true iff the test name of test property matches on key_.
+  bool operator()(const TestProperty& test_property) const {
+    return test_property.key() == key_;
+  }
+
+ private:
+  std::string key_;
+};
+
+// Class UnitTestOptions.
+//
+// This class contains functions for processing options the user
+// specifies when running the tests.  It has only static members.
+//
+// In most cases, the user can specify an option using either an
+// environment variable or a command line flag.  E.g. you can set the
+// test filter using either GTEST_FILTER or --gtest_filter.  If both
+// the variable and the flag are present, the latter overrides the
+// former.
+class GTEST_API_ UnitTestOptions {
+ public:
+  // Functions for processing the gtest_output flag.
+
+  // Returns the output format, or "" for normal printed output.
+  static std::string GetOutputFormat();
+
+  // Returns the absolute path of the requested output file, or the
+  // default (test_detail.xml in the original working directory) if
+  // none was explicitly specified.
+  static std::string GetAbsolutePathToOutputFile();
+
+  // Functions for processing the gtest_filter flag.
+
+  // Returns true iff the wildcard pattern matches the string.  The
+  // first ':' or '\0' character in pattern marks the end of it.
+  //
+  // This recursive algorithm isn't very efficient, but is clear and
+  // works well enough for matching test names, which are short.
+  static bool PatternMatchesString(const char *pattern, const char *str);
+
+  // Returns true iff the user-specified filter matches the test case
+  // name and the test name.
+  static bool FilterMatchesTest(const std::string &test_case_name,
+                                const std::string &test_name);
+
+#if GTEST_OS_WINDOWS
+  // Function for supporting the gtest_catch_exception flag.
+
+  // Returns EXCEPTION_EXECUTE_HANDLER if Google Test should handle the
+  // given SEH exception, or EXCEPTION_CONTINUE_SEARCH otherwise.
+  // This function is useful as an __except condition.
+  static int GTestShouldProcessSEH(DWORD exception_code);
+#endif  // GTEST_OS_WINDOWS
+
+  // Returns true if "name" matches the ':' separated list of glob-style
+  // filters in "filter".
+  static bool MatchesFilter(const std::string& name, const char* filter);
+};
+
+// Returns the current application's name, removing directory path if that
+// is present.  Used by UnitTestOptions::GetOutputFile.
+GTEST_API_ FilePath GetCurrentExecutableName();
+
+// The role interface for getting the OS stack trace as a string.
+class OsStackTraceGetterInterface {
+ public:
+  OsStackTraceGetterInterface() {}
+  virtual ~OsStackTraceGetterInterface() {}
+
+  // Returns the current OS stack trace as an std::string.  Parameters:
+  //
+  //   max_depth  - the maximum number of stack frames to be included
+  //                in the trace.
+  //   skip_count - the number of top frames to be skipped; doesn't count
+  //                against max_depth.
+  virtual string CurrentStackTrace(int max_depth, int skip_count) = 0;
+
+  // UponLeavingGTest() should be called immediately before Google Test calls
+  // user code. It saves some information about the current stack that
+  // CurrentStackTrace() will use to find and hide Google Test stack frames.
+  virtual void UponLeavingGTest() = 0;
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(OsStackTraceGetterInterface);
+};
+
+// A working implementation of the OsStackTraceGetterInterface interface.
+class OsStackTraceGetter : public OsStackTraceGetterInterface {
+ public:
+  OsStackTraceGetter() : caller_frame_(NULL) {}
+
+  virtual string CurrentStackTrace(int max_depth, int skip_count)
+      GTEST_LOCK_EXCLUDED_(mutex_);
+
+  virtual void UponLeavingGTest() GTEST_LOCK_EXCLUDED_(mutex_);
+
+  // This string is inserted in place of stack frames that are part of
+  // Google Test's implementation.
+  static const char* const kElidedFramesMarker;
+
+ private:
+  Mutex mutex_;  // protects all internal state
+
+  // We save the stack frame below the frame that calls user code.
+  // We do this because the address of the frame immediately below
+  // the user code changes between the call to UponLeavingGTest()
+  // and any calls to CurrentStackTrace() from within the user code.
+  void* caller_frame_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(OsStackTraceGetter);
+};
+
+// Information about a Google Test trace point.
+struct TraceInfo {
+  const char* file;
+  int line;
+  std::string message;
+};
+
+// This is the default global test part result reporter used in UnitTestImpl.
+// This class should only be used by UnitTestImpl.
+class DefaultGlobalTestPartResultReporter
+  : public TestPartResultReporterInterface {
+ public:
+  explicit DefaultGlobalTestPartResultReporter(UnitTestImpl* unit_test);
+  // Implements the TestPartResultReporterInterface. Reports the test part
+  // result in the current test.
+  virtual void ReportTestPartResult(const TestPartResult& result);
+
+ private:
+  UnitTestImpl* const unit_test_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DefaultGlobalTestPartResultReporter);
+};
+
+// This is the default per thread test part result reporter used in
+// UnitTestImpl. This class should only be used by UnitTestImpl.
+class DefaultPerThreadTestPartResultReporter
+    : public TestPartResultReporterInterface {
+ public:
+  explicit DefaultPerThreadTestPartResultReporter(UnitTestImpl* unit_test);
+  // Implements the TestPartResultReporterInterface. The implementation just
+  // delegates to the current global test part result reporter of *unit_test_.
+  virtual void ReportTestPartResult(const TestPartResult& result);
+
+ private:
+  UnitTestImpl* const unit_test_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DefaultPerThreadTestPartResultReporter);
+};
+
+// The private implementation of the UnitTest class.  We don't protect
+// the methods under a mutex, as this class is not accessible by a
+// user and the UnitTest class that delegates work to this class does
+// proper locking.
+class GTEST_API_ UnitTestImpl {
+ public:
+  explicit UnitTestImpl(UnitTest* parent);
+  virtual ~UnitTestImpl();
+
+  // There are two different ways to register your own TestPartResultReporter.
+  // You can register your own repoter to listen either only for test results
+  // from the current thread or for results from all threads.
+  // By default, each per-thread test result repoter just passes a new
+  // TestPartResult to the global test result reporter, which registers the
+  // test part result for the currently running test.
+
+  // Returns the global test part result reporter.
+  TestPartResultReporterInterface* GetGlobalTestPartResultReporter();
+
+  // Sets the global test part result reporter.
+  void SetGlobalTestPartResultReporter(
+      TestPartResultReporterInterface* reporter);
+
+  // Returns the test part result reporter for the current thread.
+  TestPartResultReporterInterface* GetTestPartResultReporterForCurrentThread();
+
+  // Sets the test part result reporter for the current thread.
+  void SetTestPartResultReporterForCurrentThread(
+      TestPartResultReporterInterface* reporter);
+
+  // Gets the number of successful test cases.
+  int successful_test_case_count() const;
+
+  // Gets the number of failed test cases.
+  int failed_test_case_count() const;
+
+  // Gets the number of all test cases.
+  int total_test_case_count() const;
+
+  // Gets the number of all test cases that contain at least one test
+  // that should run.
+  int test_case_to_run_count() const;
+
+  // Gets the number of successful tests.
+  int successful_test_count() const;
+
+  // Gets the number of failed tests.
+  int failed_test_count() const;
+
+  // Gets the number of disabled tests that will be reported in the XML report.
+  int reportable_disabled_test_count() const;
+
+  // Gets the number of disabled tests.
+  int disabled_test_count() const;
+
+  // Gets the number of tests to be printed in the XML report.
+  int reportable_test_count() const;
+
+  // Gets the number of all tests.
+  int total_test_count() const;
+
+  // Gets the number of tests that should run.
+  int test_to_run_count() const;
+
+  // Gets the time of the test program start, in ms from the start of the
+  // UNIX epoch.
+  TimeInMillis start_timestamp() const { return start_timestamp_; }
+
+  // Gets the elapsed time, in milliseconds.
+  TimeInMillis elapsed_time() const { return elapsed_time_; }
+
+  // Returns true iff the unit test passed (i.e. all test cases passed).
+  bool Passed() const { return !Failed(); }
+
+  // Returns true iff the unit test failed (i.e. some test case failed
+  // or something outside of all tests failed).
+  bool Failed() const {
+    return failed_test_case_count() > 0 || ad_hoc_test_result()->Failed();
+  }
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  const TestCase* GetTestCase(int i) const {
+    const int index = GetElementOr(test_case_indices_, i, -1);
+    return index < 0 ? NULL : test_cases_[i];
+  }
+
+  // Gets the i-th test case among all the test cases. i can range from 0 to
+  // total_test_case_count() - 1. If i is not in that range, returns NULL.
+  TestCase* GetMutableTestCase(int i) {
+    const int index = GetElementOr(test_case_indices_, i, -1);
+    return index < 0 ? NULL : test_cases_[index];
+  }
+
+  // Provides access to the event listener list.
+  TestEventListeners* listeners() { return &listeners_; }
+
+  // Returns the TestResult for the test that's currently running, or
+  // the TestResult for the ad hoc test if no test is running.
+  TestResult* current_test_result();
+
+  // Returns the TestResult for the ad hoc test.
+  const TestResult* ad_hoc_test_result() const { return &ad_hoc_test_result_; }
+
+  // Sets the OS stack trace getter.
+  //
+  // Does nothing if the input and the current OS stack trace getter
+  // are the same; otherwise, deletes the old getter and makes the
+  // input the current getter.
+  void set_os_stack_trace_getter(OsStackTraceGetterInterface* getter);
+
+  // Returns the current OS stack trace getter if it is not NULL;
+  // otherwise, creates an OsStackTraceGetter, makes it the current
+  // getter, and returns it.
+  OsStackTraceGetterInterface* os_stack_trace_getter();
+
+  // Returns the current OS stack trace as an std::string.
+  //
+  // The maximum number of stack frames to be included is specified by
+  // the gtest_stack_trace_depth flag.  The skip_count parameter
+  // specifies the number of top frames to be skipped, which doesn't
+  // count against the number of frames to be included.
+  //
+  // For example, if Foo() calls Bar(), which in turn calls
+  // CurrentOsStackTraceExceptTop(1), Foo() will be included in the
+  // trace but Bar() and CurrentOsStackTraceExceptTop() won't.
+  std::string CurrentOsStackTraceExceptTop(int skip_count) GTEST_NO_INLINE_;
+
+  // Finds and returns a TestCase with the given name.  If one doesn't
+  // exist, creates one and returns it.
+  //
+  // Arguments:
+  //
+  //   test_case_name: name of the test case
+  //   type_param:     the name of the test's type parameter, or NULL if
+  //                   this is not a typed or a type-parameterized test.
+  //   set_up_tc:      pointer to the function that sets up the test case
+  //   tear_down_tc:   pointer to the function that tears down the test case
+  TestCase* GetTestCase(const char* test_case_name,
+                        const char* type_param,
+                        Test::SetUpTestCaseFunc set_up_tc,
+                        Test::TearDownTestCaseFunc tear_down_tc);
+
+  // Adds a TestInfo to the unit test.
+  //
+  // Arguments:
+  //
+  //   set_up_tc:    pointer to the function that sets up the test case
+  //   tear_down_tc: pointer to the function that tears down the test case
+  //   test_info:    the TestInfo object
+  void AddTestInfo(Test::SetUpTestCaseFunc set_up_tc,
+                   Test::TearDownTestCaseFunc tear_down_tc,
+                   TestInfo* test_info) {
+    // In order to support thread-safe death tests, we need to
+    // remember the original working directory when the test program
+    // was first invoked.  We cannot do this in RUN_ALL_TESTS(), as
+    // the user may have changed the current directory before calling
+    // RUN_ALL_TESTS().  Therefore we capture the current directory in
+    // AddTestInfo(), which is called to register a TEST or TEST_F
+    // before main() is reached.
+    if (original_working_dir_.IsEmpty()) {
+      original_working_dir_.Set(FilePath::GetCurrentDir());
+      GTEST_CHECK_(!original_working_dir_.IsEmpty())
+          << "Failed to get the current working directory.";
+    }
+
+    GetTestCase(test_info->test_case_name(),
+                test_info->type_param(),
+                set_up_tc,
+                tear_down_tc)->AddTestInfo(test_info);
+  }
+
+#if GTEST_HAS_PARAM_TEST
+  // Returns ParameterizedTestCaseRegistry object used to keep track of
+  // value-parameterized tests and instantiate and register them.
+  internal::ParameterizedTestCaseRegistry& parameterized_test_registry() {
+    return parameterized_test_registry_;
+  }
+#endif  // GTEST_HAS_PARAM_TEST
+
+  // Sets the TestCase object for the test that's currently running.
+  void set_current_test_case(TestCase* a_current_test_case) {
+    current_test_case_ = a_current_test_case;
+  }
+
+  // Sets the TestInfo object for the test that's currently running.  If
+  // current_test_info is NULL, the assertion results will be stored in
+  // ad_hoc_test_result_.
+  void set_current_test_info(TestInfo* a_current_test_info) {
+    current_test_info_ = a_current_test_info;
+  }
+
+  // Registers all parameterized tests defined using TEST_P and
+  // INSTANTIATE_TEST_CASE_P, creating regular tests for each test/parameter
+  // combination. This method can be called more then once; it has guards
+  // protecting from registering the tests more then once.  If
+  // value-parameterized tests are disabled, RegisterParameterizedTests is
+  // present but does nothing.
+  void RegisterParameterizedTests();
+
+  // Runs all tests in this UnitTest object, prints the result, and
+  // returns true if all tests are successful.  If any exception is
+  // thrown during a test, this test is considered to be failed, but
+  // the rest of the tests will still be run.
+  bool RunAllTests();
+
+  // Clears the results of all tests, except the ad hoc tests.
+  void ClearNonAdHocTestResult() {
+    ForEach(test_cases_, TestCase::ClearTestCaseResult);
+  }
+
+  // Clears the results of ad-hoc test assertions.
+  void ClearAdHocTestResult() {
+    ad_hoc_test_result_.Clear();
+  }
+
+  // Adds a TestProperty to the current TestResult object when invoked in a
+  // context of a test or a test case, or to the global property set. If the
+  // result already contains a property with the same key, the value will be
+  // updated.
+  void RecordProperty(const TestProperty& test_property);
+
+  enum ReactionToSharding {
+    HONOR_SHARDING_PROTOCOL,
+    IGNORE_SHARDING_PROTOCOL
+  };
+
+  // Matches the full name of each test against the user-specified
+  // filter to decide whether the test should run, then records the
+  // result in each TestCase and TestInfo object.
+  // If shard_tests == HONOR_SHARDING_PROTOCOL, further filters tests
+  // based on sharding variables in the environment.
+  // Returns the number of tests that should run.
+  int FilterTests(ReactionToSharding shard_tests);
+
+  // Prints the names of the tests matching the user-specified filter flag.
+  void ListTestsMatchingFilter();
+
+  const TestCase* current_test_case() const { return current_test_case_; }
+  TestInfo* current_test_info() { return current_test_info_; }
+  const TestInfo* current_test_info() const { return current_test_info_; }
+
+  // Returns the vector of environments that need to be set-up/torn-down
+  // before/after the tests are run.
+  std::vector<Environment*>& environments() { return environments_; }
+
+  // Getters for the per-thread Google Test trace stack.
+  std::vector<TraceInfo>& gtest_trace_stack() {
+    return *(gtest_trace_stack_.pointer());
+  }
+  const std::vector<TraceInfo>& gtest_trace_stack() const {
+    return gtest_trace_stack_.get();
+  }
+
+#if GTEST_HAS_DEATH_TEST
+  void InitDeathTestSubprocessControlInfo() {
+    internal_run_death_test_flag_.reset(ParseInternalRunDeathTestFlag());
+  }
+  // Returns a pointer to the parsed --gtest_internal_run_death_test
+  // flag, or NULL if that flag was not specified.
+  // This information is useful only in a death test child process.
+  // Must not be called before a call to InitGoogleTest.
+  const InternalRunDeathTestFlag* internal_run_death_test_flag() const {
+    return internal_run_death_test_flag_.get();
+  }
+
+  // Returns a pointer to the current death test factory.
+  internal::DeathTestFactory* death_test_factory() {
+    return death_test_factory_.get();
+  }
+
+  void SuppressTestEventsIfInSubprocess();
+
+  friend class ReplaceDeathTestFactory;
+#endif  // GTEST_HAS_DEATH_TEST
+
+  // Initializes the event listener performing XML output as specified by
+  // UnitTestOptions. Must not be called before InitGoogleTest.
+  void ConfigureXmlOutput();
+
+#if GTEST_CAN_STREAM_RESULTS_
+  // Initializes the event listener for streaming test results to a socket.
+  // Must not be called before InitGoogleTest.
+  void ConfigureStreamingOutput();
+#endif
+
+  // Performs initialization dependent upon flag values obtained in
+  // ParseGoogleTestFlagsOnly.  Is called from InitGoogleTest after the call to
+  // ParseGoogleTestFlagsOnly.  In case a user neglects to call InitGoogleTest
+  // this function is also called from RunAllTests.  Since this function can be
+  // called more than once, it has to be idempotent.
+  void PostFlagParsingInit();
+
+  // Gets the random seed used at the start of the current test iteration.
+  int random_seed() const { return random_seed_; }
+
+  // Gets the random number generator.
+  internal::Random* random() { return &random_; }
+
+  // Shuffles all test cases, and the tests within each test case,
+  // making sure that death tests are still run first.
+  void ShuffleTests();
+
+  // Restores the test cases and tests to their order before the first shuffle.
+  void UnshuffleTests();
+
+  // Returns the value of GTEST_FLAG(catch_exceptions) at the moment
+  // UnitTest::Run() starts.
+  bool catch_exceptions() const { return catch_exceptions_; }
+
+ private:
+  friend class ::testing::UnitTest;
+
+  // Used by UnitTest::Run() to capture the state of
+  // GTEST_FLAG(catch_exceptions) at the moment it starts.
+  void set_catch_exceptions(bool value) { catch_exceptions_ = value; }
+
+  // The UnitTest object that owns this implementation object.
+  UnitTest* const parent_;
+
+  // The working directory when the first TEST() or TEST_F() was
+  // executed.
+  internal::FilePath original_working_dir_;
+
+  // The default test part result reporters.
+  DefaultGlobalTestPartResultReporter default_global_test_part_result_reporter_;
+  DefaultPerThreadTestPartResultReporter
+      default_per_thread_test_part_result_reporter_;
+
+  // Points to (but doesn't own) the global test part result reporter.
+  TestPartResultReporterInterface* global_test_part_result_repoter_;
+
+  // Protects read and write access to global_test_part_result_reporter_.
+  internal::Mutex global_test_part_result_reporter_mutex_;
+
+  // Points to (but doesn't own) the per-thread test part result reporter.
+  internal::ThreadLocal<TestPartResultReporterInterface*>
+      per_thread_test_part_result_reporter_;
+
+  // The vector of environments that need to be set-up/torn-down
+  // before/after the tests are run.
+  std::vector<Environment*> environments_;
+
+  // The vector of TestCases in their original order.  It owns the
+  // elements in the vector.
+  std::vector<TestCase*> test_cases_;
+
+  // Provides a level of indirection for the test case list to allow
+  // easy shuffling and restoring the test case order.  The i-th
+  // element of this vector is the index of the i-th test case in the
+  // shuffled order.
+  std::vector<int> test_case_indices_;
+
+#if GTEST_HAS_PARAM_TEST
+  // ParameterizedTestRegistry object used to register value-parameterized
+  // tests.
+  internal::ParameterizedTestCaseRegistry parameterized_test_registry_;
+
+  // Indicates whether RegisterParameterizedTests() has been called already.
+  bool parameterized_tests_registered_;
+#endif  // GTEST_HAS_PARAM_TEST
+
+  // Index of the last death test case registered.  Initially -1.
+  int last_death_test_case_;
+
+  // This points to the TestCase for the currently running test.  It
+  // changes as Google Test goes through one test case after another.
+  // When no test is running, this is set to NULL and Google Test
+  // stores assertion results in ad_hoc_test_result_.  Initially NULL.
+  TestCase* current_test_case_;
+
+  // This points to the TestInfo for the currently running test.  It
+  // changes as Google Test goes through one test after another.  When
+  // no test is running, this is set to NULL and Google Test stores
+  // assertion results in ad_hoc_test_result_.  Initially NULL.
+  TestInfo* current_test_info_;
+
+  // Normally, a user only writes assertions inside a TEST or TEST_F,
+  // or inside a function called by a TEST or TEST_F.  Since Google
+  // Test keeps track of which test is current running, it can
+  // associate such an assertion with the test it belongs to.
+  //
+  // If an assertion is encountered when no TEST or TEST_F is running,
+  // Google Test attributes the assertion result to an imaginary "ad hoc"
+  // test, and records the result in ad_hoc_test_result_.
+  TestResult ad_hoc_test_result_;
+
+  // The list of event listeners that can be used to track events inside
+  // Google Test.
+  TestEventListeners listeners_;
+
+  // The OS stack trace getter.  Will be deleted when the UnitTest
+  // object is destructed.  By default, an OsStackTraceGetter is used,
+  // but the user can set this field to use a custom getter if that is
+  // desired.
+  OsStackTraceGetterInterface* os_stack_trace_getter_;
+
+  // True iff PostFlagParsingInit() has been called.
+  bool post_flag_parse_init_performed_;
+
+  // The random number seed used at the beginning of the test run.
+  int random_seed_;
+
+  // Our random number generator.
+  internal::Random random_;
+
+  // The time of the test program start, in ms from the start of the
+  // UNIX epoch.
+  TimeInMillis start_timestamp_;
+
+  // How long the test took to run, in milliseconds.
+  TimeInMillis elapsed_time_;
+
+#if GTEST_HAS_DEATH_TEST
+  // The decomposed components of the gtest_internal_run_death_test flag,
+  // parsed when RUN_ALL_TESTS is called.
+  internal::scoped_ptr<InternalRunDeathTestFlag> internal_run_death_test_flag_;
+  internal::scoped_ptr<internal::DeathTestFactory> death_test_factory_;
+#endif  // GTEST_HAS_DEATH_TEST
+
+  // A per-thread stack of traces created by the SCOPED_TRACE() macro.
+  internal::ThreadLocal<std::vector<TraceInfo> > gtest_trace_stack_;
+
+  // The value of GTEST_FLAG(catch_exceptions) at the moment RunAllTests()
+  // starts.
+  bool catch_exceptions_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(UnitTestImpl);
+};  // class UnitTestImpl
+
+// Convenience function for accessing the global UnitTest
+// implementation object.
+inline UnitTestImpl* GetUnitTestImpl() {
+  return UnitTest::GetInstance()->impl();
+}
+
+#if GTEST_USES_SIMPLE_RE
+
+// Internal helper functions for implementing the simple regular
+// expression matcher.
+GTEST_API_ bool IsInSet(char ch, const char* str);
+GTEST_API_ bool IsAsciiDigit(char ch);
+GTEST_API_ bool IsAsciiPunct(char ch);
+GTEST_API_ bool IsRepeat(char ch);
+GTEST_API_ bool IsAsciiWhiteSpace(char ch);
+GTEST_API_ bool IsAsciiWordChar(char ch);
+GTEST_API_ bool IsValidEscape(char ch);
+GTEST_API_ bool AtomMatchesChar(bool escaped, char pattern, char ch);
+GTEST_API_ bool ValidateRegex(const char* regex);
+GTEST_API_ bool MatchRegexAtHead(const char* regex, const char* str);
+GTEST_API_ bool MatchRepetitionAndRegexAtHead(
+    bool escaped, char ch, char repeat, const char* regex, const char* str);
+GTEST_API_ bool MatchRegexAnywhere(const char* regex, const char* str);
+
+#endif  // GTEST_USES_SIMPLE_RE
+
+// Parses the command line for Google Test flags, without initializing
+// other parts of Google Test.
+GTEST_API_ void ParseGoogleTestFlagsOnly(int* argc, char** argv);
+GTEST_API_ void ParseGoogleTestFlagsOnly(int* argc, wchar_t** argv);
+
+#if GTEST_HAS_DEATH_TEST
+
+// Returns the message describing the last system error, regardless of the
+// platform.
+GTEST_API_ std::string GetLastErrnoDescription();
+
+// Attempts to parse a string into a positive integer pointed to by the
+// number parameter.  Returns true if that is possible.
+// GTEST_HAS_DEATH_TEST implies that we have ::std::string, so we can use
+// it here.
+template <typename Integer>
+bool ParseNaturalNumber(const ::std::string& str, Integer* number) {
+  // Fail fast if the given string does not begin with a digit;
+  // this bypasses strtoXXX's "optional leading whitespace and plus
+  // or minus sign" semantics, which are undesirable here.
+  if (str.empty() || !IsDigit(str[0])) {
+    return false;
+  }
+  errno = 0;
+
+  char* end;
+  // BiggestConvertible is the largest integer type that system-provided
+  // string-to-number conversion routines can return.
+
+# if GTEST_OS_WINDOWS && !defined(__GNUC__)
+
+  // MSVC and C++ Builder define __int64 instead of the standard long long.
+  typedef unsigned __int64 BiggestConvertible;
+  const BiggestConvertible parsed = _strtoui64(str.c_str(), &end, 10);
+
+# else
+
+  typedef unsigned long long BiggestConvertible;  // NOLINT
+  const BiggestConvertible parsed = strtoull(str.c_str(), &end, 10);
+
+# endif  // GTEST_OS_WINDOWS && !defined(__GNUC__)
+
+  const bool parse_success = *end == '\0' && errno == 0;
+
+  // TODO(vladl@google.com): Convert this to compile time assertion when it is
+  // available.
+  GTEST_CHECK_(sizeof(Integer) <= sizeof(parsed));
+
+  const Integer result = static_cast<Integer>(parsed);
+  if (parse_success && static_cast<BiggestConvertible>(result) == parsed) {
+    *number = result;
+    return true;
+  }
+  return false;
+}
+#endif  // GTEST_HAS_DEATH_TEST
+
+// TestResult contains some private methods that should be hidden from
+// Google Test user but are required for testing. This class allow our tests
+// to access them.
+//
+// This class is supplied only for the purpose of testing Google Test's own
+// constructs. Do not use it in user tests, either directly or indirectly.
+class TestResultAccessor {
+ public:
+  static void RecordProperty(TestResult* test_result,
+                             const std::string& xml_element,
+                             const TestProperty& property) {
+    test_result->RecordProperty(xml_element, property);
+  }
+
+  static void ClearTestPartResults(TestResult* test_result) {
+    test_result->ClearTestPartResults();
+  }
+
+  static const std::vector<testing::TestPartResult>& test_part_results(
+      const TestResult& test_result) {
+    return test_result.test_part_results();
+  }
+};
+
+#if GTEST_CAN_STREAM_RESULTS_
+
+// Streams test results to the given port on the given host machine.
+class StreamingListener : public EmptyTestEventListener {
+ public:
+  // Abstract base class for writing strings to a socket.
+  class AbstractSocketWriter {
+   public:
+    virtual ~AbstractSocketWriter() {}
+
+    // Sends a string to the socket.
+    virtual void Send(const string& message) = 0;
+
+    // Closes the socket.
+    virtual void CloseConnection() {}
+
+    // Sends a string and a newline to the socket.
+    void SendLn(const string& message) {
+      Send(message + "\n");
+    }
+  };
+
+  // Concrete class for actually writing strings to a socket.
+  class SocketWriter : public AbstractSocketWriter {
+   public:
+    SocketWriter(const string& host, const string& port)
+        : sockfd_(-1), host_name_(host), port_num_(port) {
+      MakeConnection();
+    }
+
+    virtual ~SocketWriter() {
+      if (sockfd_ != -1)
+        CloseConnection();
+    }
+
+    // Sends a string to the socket.
+    virtual void Send(const string& message) {
+      GTEST_CHECK_(sockfd_ != -1)
+          << "Send() can be called only when there is a connection.";
+
+      const int len = static_cast<int>(message.length());
+      if (write(sockfd_, message.c_str(), len) != len) {
+        GTEST_LOG_(WARNING)
+            << "stream_result_to: failed to stream to "
+            << host_name_ << ":" << port_num_;
+      }
+    }
+
+   private:
+    // Creates a client socket and connects to the server.
+    void MakeConnection();
+
+    // Closes the socket.
+    void CloseConnection() {
+      GTEST_CHECK_(sockfd_ != -1)
+          << "CloseConnection() can be called only when there is a connection.";
+
+      close(sockfd_);
+      sockfd_ = -1;
+    }
+
+    int sockfd_;  // socket file descriptor
+    const string host_name_;
+    const string port_num_;
+
+    GTEST_DISALLOW_COPY_AND_ASSIGN_(SocketWriter);
+  };  // class SocketWriter
+
+  // Escapes '=', '&', '%', and '\n' characters in str as "%xx".
+  static string UrlEncode(const char* str);
+
+  StreamingListener(const string& host, const string& port)
+      : socket_writer_(new SocketWriter(host, port)) { Start(); }
+
+  explicit StreamingListener(AbstractSocketWriter* socket_writer)
+      : socket_writer_(socket_writer) { Start(); }
+
+  void OnTestProgramStart(const UnitTest& /* unit_test */) {
+    SendLn("event=TestProgramStart");
+  }
+
+  void OnTestProgramEnd(const UnitTest& unit_test) {
+    // Note that Google Test current only report elapsed time for each
+    // test iteration, not for the entire test program.
+    SendLn("event=TestProgramEnd&passed=" + FormatBool(unit_test.Passed()));
+
+    // Notify the streaming server to stop.
+    socket_writer_->CloseConnection();
+  }
+
+  void OnTestIterationStart(const UnitTest& /* unit_test */, int iteration) {
+    SendLn("event=TestIterationStart&iteration=" +
+           StreamableToString(iteration));
+  }
+
+  void OnTestIterationEnd(const UnitTest& unit_test, int /* iteration */) {
+    SendLn("event=TestIterationEnd&passed=" +
+           FormatBool(unit_test.Passed()) + "&elapsed_time=" +
+           StreamableToString(unit_test.elapsed_time()) + "ms");
+  }
+
+  void OnTestCaseStart(const TestCase& test_case) {
+    SendLn(std::string("event=TestCaseStart&name=") + test_case.name());
+  }
+
+  void OnTestCaseEnd(const TestCase& test_case) {
+    SendLn("event=TestCaseEnd&passed=" + FormatBool(test_case.Passed())
+           + "&elapsed_time=" + StreamableToString(test_case.elapsed_time())
+           + "ms");
+  }
+
+  void OnTestStart(const TestInfo& test_info) {
+    SendLn(std::string("event=TestStart&name=") + test_info.name());
+  }
+
+  void OnTestEnd(const TestInfo& test_info) {
+    SendLn("event=TestEnd&passed=" +
+           FormatBool((test_info.result())->Passed()) +
+           "&elapsed_time=" +
+           StreamableToString((test_info.result())->elapsed_time()) + "ms");
+  }
+
+  void OnTestPartResult(const TestPartResult& test_part_result) {
+    const char* file_name = test_part_result.file_name();
+    if (file_name == NULL)
+      file_name = "";
+    SendLn("event=TestPartResult&file=" + UrlEncode(file_name) +
+           "&line=" + StreamableToString(test_part_result.line_number()) +
+           "&message=" + UrlEncode(test_part_result.message()));
+  }
+
+ private:
+  // Sends the given message and a newline to the socket.
+  void SendLn(const string& message) { socket_writer_->SendLn(message); }
+
+  // Called at the start of streaming to notify the receiver what
+  // protocol we are using.
+  void Start() { SendLn("gtest_streaming_protocol_version=1.0"); }
+
+  string FormatBool(bool value) { return value ? "1" : "0"; }
+
+  const scoped_ptr<AbstractSocketWriter> socket_writer_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(StreamingListener);
+};  // class StreamingListener
+
+#endif  // GTEST_CAN_STREAM_RESULTS_
+
+}  // namespace internal
+}  // namespace testing
+
+#endif  // GTEST_SRC_GTEST_INTERNAL_INL_H_
diff --git a/nss/gtests/google_test/gtest/src/gtest-port.cc b/nss/gtests/google_test/gtest/src/gtest-port.cc
new file mode 100644
index 0000000..b032745
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-port.cc
@@ -0,0 +1,1184 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/internal/gtest-port.h"
+
+#include <limits.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#if GTEST_OS_WINDOWS
+# include <windows.h>
+# include <io.h>
+# include <sys/stat.h>
+# include <map>  // Used in ThreadLocal.
+#else
+# include <unistd.h>
+#endif  // GTEST_OS_WINDOWS
+
+#if GTEST_OS_MAC
+# include <mach/mach_init.h>
+# include <mach/task.h>
+# include <mach/vm_map.h>
+#endif  // GTEST_OS_MAC
+
+#if GTEST_OS_QNX
+# include <devctl.h>
+# include <fcntl.h>
+# include <sys/procfs.h>
+#endif  // GTEST_OS_QNX
+
+#include "gtest/gtest-spi.h"
+#include "gtest/gtest-message.h"
+#include "gtest/internal/gtest-internal.h"
+#include "gtest/internal/gtest-string.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick exists to
+// prevent the accidental inclusion of gtest-internal-inl.h in the
+// user's code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+namespace internal {
+
+#if defined(_MSC_VER) || defined(__BORLANDC__)
+// MSVC and C++Builder do not provide a definition of STDERR_FILENO.
+const int kStdOutFileno = 1;
+const int kStdErrFileno = 2;
+#else
+const int kStdOutFileno = STDOUT_FILENO;
+const int kStdErrFileno = STDERR_FILENO;
+#endif  // _MSC_VER
+
+#if GTEST_OS_MAC
+
+// Returns the number of threads running in the process, or 0 to indicate that
+// we cannot detect it.
+size_t GetThreadCount() {
+  const task_t task = mach_task_self();
+  mach_msg_type_number_t thread_count;
+  thread_act_array_t thread_list;
+  const kern_return_t status = task_threads(task, &thread_list, &thread_count);
+  if (status == KERN_SUCCESS) {
+    // task_threads allocates resources in thread_list and we need to free them
+    // to avoid leaks.
+    vm_deallocate(task,
+                  reinterpret_cast<vm_address_t>(thread_list),
+                  sizeof(thread_t) * thread_count);
+    return static_cast<size_t>(thread_count);
+  } else {
+    return 0;
+  }
+}
+
+#elif GTEST_OS_QNX
+
+// Returns the number of threads running in the process, or 0 to indicate that
+// we cannot detect it.
+size_t GetThreadCount() {
+  const int fd = open("/proc/self/as", O_RDONLY);
+  if (fd < 0) {
+    return 0;
+  }
+  procfs_info process_info;
+  const int status =
+      devctl(fd, DCMD_PROC_INFO, &process_info, sizeof(process_info), NULL);
+  close(fd);
+  if (status == EOK) {
+    return static_cast<size_t>(process_info.num_threads);
+  } else {
+    return 0;
+  }
+}
+
+#else
+
+size_t GetThreadCount() {
+  // There's no portable way to detect the number of threads, so we just
+  // return 0 to indicate that we cannot detect it.
+  return 0;
+}
+
+#endif  // GTEST_OS_MAC
+
+#if GTEST_IS_THREADSAFE && GTEST_OS_WINDOWS
+
+void SleepMilliseconds(int n) {
+  ::Sleep(n);
+}
+
+AutoHandle::AutoHandle()
+    : handle_(INVALID_HANDLE_VALUE) {}
+
+AutoHandle::AutoHandle(Handle handle)
+    : handle_(handle) {}
+
+AutoHandle::~AutoHandle() {
+  Reset();
+}
+
+AutoHandle::Handle AutoHandle::Get() const {
+  return handle_;
+}
+
+void AutoHandle::Reset() {
+  Reset(INVALID_HANDLE_VALUE);
+}
+
+void AutoHandle::Reset(HANDLE handle) {
+  // Resetting with the same handle we already own is invalid.
+  if (handle_ != handle) {
+    if (IsCloseable()) {
+      ::CloseHandle(handle_);
+    }
+    handle_ = handle;
+  } else {
+    GTEST_CHECK_(!IsCloseable())
+        << "Resetting a valid handle to itself is likely a programmer error "
+            "and thus not allowed.";
+  }
+}
+
+bool AutoHandle::IsCloseable() const {
+  // Different Windows APIs may use either of these values to represent an
+  // invalid handle.
+  return handle_ != NULL && handle_ != INVALID_HANDLE_VALUE;
+}
+
+Notification::Notification()
+    : event_(::CreateEvent(NULL,   // Default security attributes.
+                           TRUE,   // Do not reset automatically.
+                           FALSE,  // Initially unset.
+                           NULL)) {  // Anonymous event.
+  GTEST_CHECK_(event_.Get() != NULL);
+}
+
+void Notification::Notify() {
+  GTEST_CHECK_(::SetEvent(event_.Get()) != FALSE);
+}
+
+void Notification::WaitForNotification() {
+  GTEST_CHECK_(
+      ::WaitForSingleObject(event_.Get(), INFINITE) == WAIT_OBJECT_0);
+}
+
+Mutex::Mutex()
+    : type_(kDynamic),
+      owner_thread_id_(0),
+      critical_section_init_phase_(0),
+      critical_section_(new CRITICAL_SECTION) {
+  ::InitializeCriticalSection(critical_section_);
+}
+
+Mutex::~Mutex() {
+  // Static mutexes are leaked intentionally. It is not thread-safe to try
+  // to clean them up.
+  // TODO(yukawa): Switch to Slim Reader/Writer (SRW) Locks, which requires
+  // nothing to clean it up but is available only on Vista and later.
+  // http://msdn.microsoft.com/en-us/library/windows/desktop/aa904937.aspx
+  if (type_ == kDynamic) {
+    ::DeleteCriticalSection(critical_section_);
+    delete critical_section_;
+    critical_section_ = NULL;
+  }
+}
+
+void Mutex::Lock() {
+  ThreadSafeLazyInit();
+  ::EnterCriticalSection(critical_section_);
+  owner_thread_id_ = ::GetCurrentThreadId();
+}
+
+void Mutex::Unlock() {
+  ThreadSafeLazyInit();
+  // We don't protect writing to owner_thread_id_ here, as it's the
+  // caller's responsibility to ensure that the current thread holds the
+  // mutex when this is called.
+  owner_thread_id_ = 0;
+  ::LeaveCriticalSection(critical_section_);
+}
+
+// Does nothing if the current thread holds the mutex. Otherwise, crashes
+// with high probability.
+void Mutex::AssertHeld() {
+  ThreadSafeLazyInit();
+  GTEST_CHECK_(owner_thread_id_ == ::GetCurrentThreadId())
+      << "The current thread is not holding the mutex @" << this;
+}
+
+// Initializes owner_thread_id_ and critical_section_ in static mutexes.
+void Mutex::ThreadSafeLazyInit() {
+  // Dynamic mutexes are initialized in the constructor.
+  if (type_ == kStatic) {
+    switch (
+        ::InterlockedCompareExchange(&critical_section_init_phase_, 1L, 0L)) {
+      case 0:
+        // If critical_section_init_phase_ was 0 before the exchange, we
+        // are the first to test it and need to perform the initialization.
+        owner_thread_id_ = 0;
+        critical_section_ = new CRITICAL_SECTION;
+        ::InitializeCriticalSection(critical_section_);
+        // Updates the critical_section_init_phase_ to 2 to signal
+        // initialization complete.
+        GTEST_CHECK_(::InterlockedCompareExchange(
+                          &critical_section_init_phase_, 2L, 1L) ==
+                      1L);
+        break;
+      case 1:
+        // Somebody else is already initializing the mutex; spin until they
+        // are done.
+        while (::InterlockedCompareExchange(&critical_section_init_phase_,
+                                            2L,
+                                            2L) != 2L) {
+          // Possibly yields the rest of the thread's time slice to other
+          // threads.
+          ::Sleep(0);
+        }
+        break;
+
+      case 2:
+        break;  // The mutex is already initialized and ready for use.
+
+      default:
+        GTEST_CHECK_(false)
+            << "Unexpected value of critical_section_init_phase_ "
+            << "while initializing a static mutex.";
+    }
+  }
+}
+
+namespace {
+
+class ThreadWithParamSupport : public ThreadWithParamBase {
+ public:
+  static HANDLE CreateThread(Runnable* runnable,
+                             Notification* thread_can_start) {
+    ThreadMainParam* param = new ThreadMainParam(runnable, thread_can_start);
+    DWORD thread_id;
+    // TODO(yukawa): Consider to use _beginthreadex instead.
+    HANDLE thread_handle = ::CreateThread(
+        NULL,    // Default security.
+        0,       // Default stack size.
+        &ThreadWithParamSupport::ThreadMain,
+        param,   // Parameter to ThreadMainStatic
+        0x0,     // Default creation flags.
+        &thread_id);  // Need a valid pointer for the call to work under Win98.
+    GTEST_CHECK_(thread_handle != NULL) << "CreateThread failed with error "
+                                        << ::GetLastError() << ".";
+    if (thread_handle == NULL) {
+      delete param;
+    }
+    return thread_handle;
+  }
+
+ private:
+  struct ThreadMainParam {
+    ThreadMainParam(Runnable* runnable, Notification* thread_can_start)
+        : runnable_(runnable),
+          thread_can_start_(thread_can_start) {
+    }
+    scoped_ptr<Runnable> runnable_;
+    // Does not own.
+    Notification* thread_can_start_;
+  };
+
+  static DWORD WINAPI ThreadMain(void* ptr) {
+    // Transfers ownership.
+    scoped_ptr<ThreadMainParam> param(static_cast<ThreadMainParam*>(ptr));
+    if (param->thread_can_start_ != NULL)
+      param->thread_can_start_->WaitForNotification();
+    param->runnable_->Run();
+    return 0;
+  }
+
+  // Prohibit instantiation.
+  ThreadWithParamSupport();
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ThreadWithParamSupport);
+};
+
+}  // namespace
+
+ThreadWithParamBase::ThreadWithParamBase(Runnable *runnable,
+                                         Notification* thread_can_start)
+      : thread_(ThreadWithParamSupport::CreateThread(runnable,
+                                                     thread_can_start)) {
+}
+
+ThreadWithParamBase::~ThreadWithParamBase() {
+  Join();
+}
+
+void ThreadWithParamBase::Join() {
+  GTEST_CHECK_(::WaitForSingleObject(thread_.Get(), INFINITE) == WAIT_OBJECT_0)
+      << "Failed to join the thread with error " << ::GetLastError() << ".";
+}
+
+// Maps a thread to a set of ThreadIdToThreadLocals that have values
+// instantiated on that thread and notifies them when the thread exits.  A
+// ThreadLocal instance is expected to persist until all threads it has
+// values on have terminated.
+class ThreadLocalRegistryImpl {
+ public:
+  // Registers thread_local_instance as having value on the current thread.
+  // Returns a value that can be used to identify the thread from other threads.
+  static ThreadLocalValueHolderBase* GetValueOnCurrentThread(
+      const ThreadLocalBase* thread_local_instance) {
+    DWORD current_thread = ::GetCurrentThreadId();
+    MutexLock lock(&mutex_);
+    ThreadIdToThreadLocals* const thread_to_thread_locals =
+        GetThreadLocalsMapLocked();
+    ThreadIdToThreadLocals::iterator thread_local_pos =
+        thread_to_thread_locals->find(current_thread);
+    if (thread_local_pos == thread_to_thread_locals->end()) {
+      thread_local_pos = thread_to_thread_locals->insert(
+          std::make_pair(current_thread, ThreadLocalValues())).first;
+      StartWatcherThreadFor(current_thread);
+    }
+    ThreadLocalValues& thread_local_values = thread_local_pos->second;
+    ThreadLocalValues::iterator value_pos =
+        thread_local_values.find(thread_local_instance);
+    if (value_pos == thread_local_values.end()) {
+      value_pos =
+          thread_local_values
+              .insert(std::make_pair(
+                  thread_local_instance,
+                  linked_ptr<ThreadLocalValueHolderBase>(
+                      thread_local_instance->NewValueForCurrentThread())))
+              .first;
+    }
+    return value_pos->second.get();
+  }
+
+  static void OnThreadLocalDestroyed(
+      const ThreadLocalBase* thread_local_instance) {
+    std::vector<linked_ptr<ThreadLocalValueHolderBase> > value_holders;
+    // Clean up the ThreadLocalValues data structure while holding the lock, but
+    // defer the destruction of the ThreadLocalValueHolderBases.
+    {
+      MutexLock lock(&mutex_);
+      ThreadIdToThreadLocals* const thread_to_thread_locals =
+          GetThreadLocalsMapLocked();
+      for (ThreadIdToThreadLocals::iterator it =
+          thread_to_thread_locals->begin();
+          it != thread_to_thread_locals->end();
+          ++it) {
+        ThreadLocalValues& thread_local_values = it->second;
+        ThreadLocalValues::iterator value_pos =
+            thread_local_values.find(thread_local_instance);
+        if (value_pos != thread_local_values.end()) {
+          value_holders.push_back(value_pos->second);
+          thread_local_values.erase(value_pos);
+          // This 'if' can only be successful at most once, so theoretically we
+          // could break out of the loop here, but we don't bother doing so.
+        }
+      }
+    }
+    // Outside the lock, let the destructor for 'value_holders' deallocate the
+    // ThreadLocalValueHolderBases.
+  }
+
+  static void OnThreadExit(DWORD thread_id) {
+    GTEST_CHECK_(thread_id != 0) << ::GetLastError();
+    std::vector<linked_ptr<ThreadLocalValueHolderBase> > value_holders;
+    // Clean up the ThreadIdToThreadLocals data structure while holding the
+    // lock, but defer the destruction of the ThreadLocalValueHolderBases.
+    {
+      MutexLock lock(&mutex_);
+      ThreadIdToThreadLocals* const thread_to_thread_locals =
+          GetThreadLocalsMapLocked();
+      ThreadIdToThreadLocals::iterator thread_local_pos =
+          thread_to_thread_locals->find(thread_id);
+      if (thread_local_pos != thread_to_thread_locals->end()) {
+        ThreadLocalValues& thread_local_values = thread_local_pos->second;
+        for (ThreadLocalValues::iterator value_pos =
+            thread_local_values.begin();
+            value_pos != thread_local_values.end();
+            ++value_pos) {
+          value_holders.push_back(value_pos->second);
+        }
+        thread_to_thread_locals->erase(thread_local_pos);
+      }
+    }
+    // Outside the lock, let the destructor for 'value_holders' deallocate the
+    // ThreadLocalValueHolderBases.
+  }
+
+ private:
+  // In a particular thread, maps a ThreadLocal object to its value.
+  typedef std::map<const ThreadLocalBase*,
+                   linked_ptr<ThreadLocalValueHolderBase> > ThreadLocalValues;
+  // Stores all ThreadIdToThreadLocals having values in a thread, indexed by
+  // thread's ID.
+  typedef std::map<DWORD, ThreadLocalValues> ThreadIdToThreadLocals;
+
+  // Holds the thread id and thread handle that we pass from
+  // StartWatcherThreadFor to WatcherThreadFunc.
+  typedef std::pair<DWORD, HANDLE> ThreadIdAndHandle;
+
+  static void StartWatcherThreadFor(DWORD thread_id) {
+    // The returned handle will be kept in thread_map and closed by
+    // watcher_thread in WatcherThreadFunc.
+    HANDLE thread = ::OpenThread(SYNCHRONIZE | THREAD_QUERY_INFORMATION,
+                                 FALSE,
+                                 thread_id);
+    GTEST_CHECK_(thread != NULL);
+    // We need to to pass a valid thread ID pointer into CreateThread for it
+    // to work correctly under Win98.
+    DWORD watcher_thread_id;
+    HANDLE watcher_thread = ::CreateThread(
+        NULL,   // Default security.
+        0,      // Default stack size
+        &ThreadLocalRegistryImpl::WatcherThreadFunc,
+        reinterpret_cast<LPVOID>(new ThreadIdAndHandle(thread_id, thread)),
+        CREATE_SUSPENDED,
+        &watcher_thread_id);
+    GTEST_CHECK_(watcher_thread != NULL);
+    // Give the watcher thread the same priority as ours to avoid being
+    // blocked by it.
+    ::SetThreadPriority(watcher_thread,
+                        ::GetThreadPriority(::GetCurrentThread()));
+    ::ResumeThread(watcher_thread);
+    ::CloseHandle(watcher_thread);
+  }
+
+  // Monitors exit from a given thread and notifies those
+  // ThreadIdToThreadLocals about thread termination.
+  static DWORD WINAPI WatcherThreadFunc(LPVOID param) {
+    const ThreadIdAndHandle* tah =
+        reinterpret_cast<const ThreadIdAndHandle*>(param);
+    GTEST_CHECK_(
+        ::WaitForSingleObject(tah->second, INFINITE) == WAIT_OBJECT_0);
+    OnThreadExit(tah->first);
+    ::CloseHandle(tah->second);
+    delete tah;
+    return 0;
+  }
+
+  // Returns map of thread local instances.
+  static ThreadIdToThreadLocals* GetThreadLocalsMapLocked() {
+    mutex_.AssertHeld();
+    static ThreadIdToThreadLocals* map = new ThreadIdToThreadLocals;
+    return map;
+  }
+
+  // Protects access to GetThreadLocalsMapLocked() and its return value.
+  static Mutex mutex_;
+  // Protects access to GetThreadMapLocked() and its return value.
+  static Mutex thread_map_mutex_;
+};
+
+Mutex ThreadLocalRegistryImpl::mutex_(Mutex::kStaticMutex);
+Mutex ThreadLocalRegistryImpl::thread_map_mutex_(Mutex::kStaticMutex);
+
+ThreadLocalValueHolderBase* ThreadLocalRegistry::GetValueOnCurrentThread(
+      const ThreadLocalBase* thread_local_instance) {
+  return ThreadLocalRegistryImpl::GetValueOnCurrentThread(
+      thread_local_instance);
+}
+
+void ThreadLocalRegistry::OnThreadLocalDestroyed(
+      const ThreadLocalBase* thread_local_instance) {
+  ThreadLocalRegistryImpl::OnThreadLocalDestroyed(thread_local_instance);
+}
+
+#endif  // GTEST_IS_THREADSAFE && GTEST_OS_WINDOWS
+
+#if GTEST_USES_POSIX_RE
+
+// Implements RE.  Currently only needed for death tests.
+
+RE::~RE() {
+  if (is_valid_) {
+    // regfree'ing an invalid regex might crash because the content
+    // of the regex is undefined. Since the regex's are essentially
+    // the same, one cannot be valid (or invalid) without the other
+    // being so too.
+    regfree(&partial_regex_);
+    regfree(&full_regex_);
+  }
+  free(const_cast<char*>(pattern_));
+}
+
+// Returns true iff regular expression re matches the entire str.
+bool RE::FullMatch(const char* str, const RE& re) {
+  if (!re.is_valid_) return false;
+
+  regmatch_t match;
+  return regexec(&re.full_regex_, str, 1, &match, 0) == 0;
+}
+
+// Returns true iff regular expression re matches a substring of str
+// (including str itself).
+bool RE::PartialMatch(const char* str, const RE& re) {
+  if (!re.is_valid_) return false;
+
+  regmatch_t match;
+  return regexec(&re.partial_regex_, str, 1, &match, 0) == 0;
+}
+
+// Initializes an RE from its string representation.
+void RE::Init(const char* regex) {
+  pattern_ = posix::StrDup(regex);
+
+  // Reserves enough bytes to hold the regular expression used for a
+  // full match.
+  const size_t full_regex_len = strlen(regex) + 10;
+  char* const full_pattern = new char[full_regex_len];
+
+  snprintf(full_pattern, full_regex_len, "^(%s)$", regex);
+  is_valid_ = regcomp(&full_regex_, full_pattern, REG_EXTENDED) == 0;
+  // We want to call regcomp(&partial_regex_, ...) even if the
+  // previous expression returns false.  Otherwise partial_regex_ may
+  // not be properly initialized can may cause trouble when it's
+  // freed.
+  //
+  // Some implementation of POSIX regex (e.g. on at least some
+  // versions of Cygwin) doesn't accept the empty string as a valid
+  // regex.  We change it to an equivalent form "()" to be safe.
+  if (is_valid_) {
+    const char* const partial_regex = (*regex == '\0') ? "()" : regex;
+    is_valid_ = regcomp(&partial_regex_, partial_regex, REG_EXTENDED) == 0;
+  }
+  EXPECT_TRUE(is_valid_)
+      << "Regular expression \"" << regex
+      << "\" is not a valid POSIX Extended regular expression.";
+
+  delete[] full_pattern;
+}
+
+#elif GTEST_USES_SIMPLE_RE
+
+// Returns true iff ch appears anywhere in str (excluding the
+// terminating '\0' character).
+bool IsInSet(char ch, const char* str) {
+  return ch != '\0' && strchr(str, ch) != NULL;
+}
+
+// Returns true iff ch belongs to the given classification.  Unlike
+// similar functions in <ctype.h>, these aren't affected by the
+// current locale.
+bool IsAsciiDigit(char ch) { return '0' <= ch && ch <= '9'; }
+bool IsAsciiPunct(char ch) {
+  return IsInSet(ch, "^-!\"#$%&'()*+,./:;<=>?@[\\]_`{|}~");
+}
+bool IsRepeat(char ch) { return IsInSet(ch, "?*+"); }
+bool IsAsciiWhiteSpace(char ch) { return IsInSet(ch, " \f\n\r\t\v"); }
+bool IsAsciiWordChar(char ch) {
+  return ('a' <= ch && ch <= 'z') || ('A' <= ch && ch <= 'Z') ||
+      ('0' <= ch && ch <= '9') || ch == '_';
+}
+
+// Returns true iff "\\c" is a supported escape sequence.
+bool IsValidEscape(char c) {
+  return (IsAsciiPunct(c) || IsInSet(c, "dDfnrsStvwW"));
+}
+
+// Returns true iff the given atom (specified by escaped and pattern)
+// matches ch.  The result is undefined if the atom is invalid.
+bool AtomMatchesChar(bool escaped, char pattern_char, char ch) {
+  if (escaped) {  // "\\p" where p is pattern_char.
+    switch (pattern_char) {
+      case 'd': return IsAsciiDigit(ch);
+      case 'D': return !IsAsciiDigit(ch);
+      case 'f': return ch == '\f';
+      case 'n': return ch == '\n';
+      case 'r': return ch == '\r';
+      case 's': return IsAsciiWhiteSpace(ch);
+      case 'S': return !IsAsciiWhiteSpace(ch);
+      case 't': return ch == '\t';
+      case 'v': return ch == '\v';
+      case 'w': return IsAsciiWordChar(ch);
+      case 'W': return !IsAsciiWordChar(ch);
+    }
+    return IsAsciiPunct(pattern_char) && pattern_char == ch;
+  }
+
+  return (pattern_char == '.' && ch != '\n') || pattern_char == ch;
+}
+
+// Helper function used by ValidateRegex() to format error messages.
+std::string FormatRegexSyntaxError(const char* regex, int index) {
+  return (Message() << "Syntax error at index " << index
+          << " in simple regular expression \"" << regex << "\": ").GetString();
+}
+
+// Generates non-fatal failures and returns false if regex is invalid;
+// otherwise returns true.
+bool ValidateRegex(const char* regex) {
+  if (regex == NULL) {
+    // TODO(wan@google.com): fix the source file location in the
+    // assertion failures to match where the regex is used in user
+    // code.
+    ADD_FAILURE() << "NULL is not a valid simple regular expression.";
+    return false;
+  }
+
+  bool is_valid = true;
+
+  // True iff ?, *, or + can follow the previous atom.
+  bool prev_repeatable = false;
+  for (int i = 0; regex[i]; i++) {
+    if (regex[i] == '\\') {  // An escape sequence
+      i++;
+      if (regex[i] == '\0') {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i - 1)
+                      << "'\\' cannot appear at the end.";
+        return false;
+      }
+
+      if (!IsValidEscape(regex[i])) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i - 1)
+                      << "invalid escape sequence \"\\" << regex[i] << "\".";
+        is_valid = false;
+      }
+      prev_repeatable = true;
+    } else {  // Not an escape sequence.
+      const char ch = regex[i];
+
+      if (ch == '^' && i > 0) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'^' can only appear at the beginning.";
+        is_valid = false;
+      } else if (ch == '$' && regex[i + 1] != '\0') {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'$' can only appear at the end.";
+        is_valid = false;
+      } else if (IsInSet(ch, "()[]{}|")) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'" << ch << "' is unsupported.";
+        is_valid = false;
+      } else if (IsRepeat(ch) && !prev_repeatable) {
+        ADD_FAILURE() << FormatRegexSyntaxError(regex, i)
+                      << "'" << ch << "' can only follow a repeatable token.";
+        is_valid = false;
+      }
+
+      prev_repeatable = !IsInSet(ch, "^$?*+");
+    }
+  }
+
+  return is_valid;
+}
+
+// Matches a repeated regex atom followed by a valid simple regular
+// expression.  The regex atom is defined as c if escaped is false,
+// or \c otherwise.  repeat is the repetition meta character (?, *,
+// or +).  The behavior is undefined if str contains too many
+// characters to be indexable by size_t, in which case the test will
+// probably time out anyway.  We are fine with this limitation as
+// std::string has it too.
+bool MatchRepetitionAndRegexAtHead(
+    bool escaped, char c, char repeat, const char* regex,
+    const char* str) {
+  const size_t min_count = (repeat == '+') ? 1 : 0;
+  const size_t max_count = (repeat == '?') ? 1 :
+      static_cast<size_t>(-1) - 1;
+  // We cannot call numeric_limits::max() as it conflicts with the
+  // max() macro on Windows.
+
+  for (size_t i = 0; i <= max_count; ++i) {
+    // We know that the atom matches each of the first i characters in str.
+    if (i >= min_count && MatchRegexAtHead(regex, str + i)) {
+      // We have enough matches at the head, and the tail matches too.
+      // Since we only care about *whether* the pattern matches str
+      // (as opposed to *how* it matches), there is no need to find a
+      // greedy match.
+      return true;
+    }
+    if (str[i] == '\0' || !AtomMatchesChar(escaped, c, str[i]))
+      return false;
+  }
+  return false;
+}
+
+// Returns true iff regex matches a prefix of str.  regex must be a
+// valid simple regular expression and not start with "^", or the
+// result is undefined.
+bool MatchRegexAtHead(const char* regex, const char* str) {
+  if (*regex == '\0')  // An empty regex matches a prefix of anything.
+    return true;
+
+  // "$" only matches the end of a string.  Note that regex being
+  // valid guarantees that there's nothing after "$" in it.
+  if (*regex == '$')
+    return *str == '\0';
+
+  // Is the first thing in regex an escape sequence?
+  const bool escaped = *regex == '\\';
+  if (escaped)
+    ++regex;
+  if (IsRepeat(regex[1])) {
+    // MatchRepetitionAndRegexAtHead() calls MatchRegexAtHead(), so
+    // here's an indirect recursion.  It terminates as the regex gets
+    // shorter in each recursion.
+    return MatchRepetitionAndRegexAtHead(
+        escaped, regex[0], regex[1], regex + 2, str);
+  } else {
+    // regex isn't empty, isn't "$", and doesn't start with a
+    // repetition.  We match the first atom of regex with the first
+    // character of str and recurse.
+    return (*str != '\0') && AtomMatchesChar(escaped, *regex, *str) &&
+        MatchRegexAtHead(regex + 1, str + 1);
+  }
+}
+
+// Returns true iff regex matches any substring of str.  regex must be
+// a valid simple regular expression, or the result is undefined.
+//
+// The algorithm is recursive, but the recursion depth doesn't exceed
+// the regex length, so we won't need to worry about running out of
+// stack space normally.  In rare cases the time complexity can be
+// exponential with respect to the regex length + the string length,
+// but usually it's must faster (often close to linear).
+bool MatchRegexAnywhere(const char* regex, const char* str) {
+  if (regex == NULL || str == NULL)
+    return false;
+
+  if (*regex == '^')
+    return MatchRegexAtHead(regex + 1, str);
+
+  // A successful match can be anywhere in str.
+  do {
+    if (MatchRegexAtHead(regex, str))
+      return true;
+  } while (*str++ != '\0');
+  return false;
+}
+
+// Implements the RE class.
+
+RE::~RE() {
+  free(const_cast<char*>(pattern_));
+  free(const_cast<char*>(full_pattern_));
+}
+
+// Returns true iff regular expression re matches the entire str.
+bool RE::FullMatch(const char* str, const RE& re) {
+  return re.is_valid_ && MatchRegexAnywhere(re.full_pattern_, str);
+}
+
+// Returns true iff regular expression re matches a substring of str
+// (including str itself).
+bool RE::PartialMatch(const char* str, const RE& re) {
+  return re.is_valid_ && MatchRegexAnywhere(re.pattern_, str);
+}
+
+// Initializes an RE from its string representation.
+void RE::Init(const char* regex) {
+  pattern_ = full_pattern_ = NULL;
+  if (regex != NULL) {
+    pattern_ = posix::StrDup(regex);
+  }
+
+  is_valid_ = ValidateRegex(regex);
+  if (!is_valid_) {
+    // No need to calculate the full pattern when the regex is invalid.
+    return;
+  }
+
+  const size_t len = strlen(regex);
+  // Reserves enough bytes to hold the regular expression used for a
+  // full match: we need space to prepend a '^', append a '$', and
+  // terminate the string with '\0'.
+  char* buffer = static_cast<char*>(malloc(len + 3));
+  full_pattern_ = buffer;
+
+  if (*regex != '^')
+    *buffer++ = '^';  // Makes sure full_pattern_ starts with '^'.
+
+  // We don't use snprintf or strncpy, as they trigger a warning when
+  // compiled with VC++ 8.0.
+  memcpy(buffer, regex, len);
+  buffer += len;
+
+  if (len == 0 || regex[len - 1] != '$')
+    *buffer++ = '$';  // Makes sure full_pattern_ ends with '$'.
+
+  *buffer = '\0';
+}
+
+#endif  // GTEST_USES_POSIX_RE
+
+const char kUnknownFile[] = "unknown file";
+
+// Formats a source file path and a line number as they would appear
+// in an error message from the compiler used to compile this code.
+GTEST_API_ ::std::string FormatFileLocation(const char* file, int line) {
+  const std::string file_name(file == NULL ? kUnknownFile : file);
+
+  if (line < 0) {
+    return file_name + ":";
+  }
+#ifdef _MSC_VER
+  return file_name + "(" + StreamableToString(line) + "):";
+#else
+  return file_name + ":" + StreamableToString(line) + ":";
+#endif  // _MSC_VER
+}
+
+// Formats a file location for compiler-independent XML output.
+// Although this function is not platform dependent, we put it next to
+// FormatFileLocation in order to contrast the two functions.
+// Note that FormatCompilerIndependentFileLocation() does NOT append colon
+// to the file location it produces, unlike FormatFileLocation().
+GTEST_API_ ::std::string FormatCompilerIndependentFileLocation(
+    const char* file, int line) {
+  const std::string file_name(file == NULL ? kUnknownFile : file);
+
+  if (line < 0)
+    return file_name;
+  else
+    return file_name + ":" + StreamableToString(line);
+}
+
+
+GTestLog::GTestLog(GTestLogSeverity severity, const char* file, int line)
+    : severity_(severity) {
+  const char* const marker =
+      severity == GTEST_INFO ?    "[  INFO ]" :
+      severity == GTEST_WARNING ? "[WARNING]" :
+      severity == GTEST_ERROR ?   "[ ERROR ]" : "[ FATAL ]";
+  GetStream() << ::std::endl << marker << " "
+              << FormatFileLocation(file, line).c_str() << ": ";
+}
+
+// Flushes the buffers and, if severity is GTEST_FATAL, aborts the program.
+GTestLog::~GTestLog() {
+  GetStream() << ::std::endl;
+  if (severity_ == GTEST_FATAL) {
+    fflush(stderr);
+    posix::Abort();
+  }
+}
+// Disable Microsoft deprecation warnings for POSIX functions called from
+// this class (creat, dup, dup2, and close)
+GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996)
+
+#if GTEST_HAS_STREAM_REDIRECTION
+
+// Object that captures an output stream (stdout/stderr).
+class CapturedStream {
+ public:
+  // The ctor redirects the stream to a temporary file.
+  explicit CapturedStream(int fd) : fd_(fd), uncaptured_fd_(dup(fd)) {
+# if GTEST_OS_WINDOWS
+    char temp_dir_path[MAX_PATH + 1] = { '\0' };  // NOLINT
+    char temp_file_path[MAX_PATH + 1] = { '\0' };  // NOLINT
+
+    ::GetTempPathA(sizeof(temp_dir_path), temp_dir_path);
+    const UINT success = ::GetTempFileNameA(temp_dir_path,
+                                            "gtest_redir",
+                                            0,  // Generate unique file name.
+                                            temp_file_path);
+    GTEST_CHECK_(success != 0)
+        << "Unable to create a temporary file in " << temp_dir_path;
+    const int captured_fd = creat(temp_file_path, _S_IREAD | _S_IWRITE);
+    GTEST_CHECK_(captured_fd != -1) << "Unable to open temporary file "
+                                    << temp_file_path;
+    filename_ = temp_file_path;
+# else
+    // There's no guarantee that a test has write access to the current
+    // directory, so we create the temporary file in the /tmp directory
+    // instead. We use /tmp on most systems, and /sdcard on Android.
+    // That's because Android doesn't have /tmp.
+#  if GTEST_OS_LINUX_ANDROID
+    // Note: Android applications are expected to call the framework's
+    // Context.getExternalStorageDirectory() method through JNI to get
+    // the location of the world-writable SD Card directory. However,
+    // this requires a Context handle, which cannot be retrieved
+    // globally from native code. Doing so also precludes running the
+    // code as part of a regular standalone executable, which doesn't
+    // run in a Dalvik process (e.g. when running it through 'adb shell').
+    //
+    // The location /sdcard is directly accessible from native code
+    // and is the only location (unofficially) supported by the Android
+    // team. It's generally a symlink to the real SD Card mount point
+    // which can be /mnt/sdcard, /mnt/sdcard0, /system/media/sdcard, or
+    // other OEM-customized locations. Never rely on these, and always
+    // use /sdcard.
+    char name_template[] = "/sdcard/gtest_captured_stream.XXXXXX";
+#  else
+    char name_template[] = "/tmp/captured_stream.XXXXXX";
+#  endif  // GTEST_OS_LINUX_ANDROID
+    const int captured_fd = mkstemp(name_template);
+    filename_ = name_template;
+# endif  // GTEST_OS_WINDOWS
+    fflush(NULL);
+    dup2(captured_fd, fd_);
+    close(captured_fd);
+  }
+
+  ~CapturedStream() {
+    remove(filename_.c_str());
+  }
+
+  std::string GetCapturedString() {
+    if (uncaptured_fd_ != -1) {
+      // Restores the original stream.
+      fflush(NULL);
+      dup2(uncaptured_fd_, fd_);
+      close(uncaptured_fd_);
+      uncaptured_fd_ = -1;
+    }
+
+    FILE* const file = posix::FOpen(filename_.c_str(), "r");
+    const std::string content = ReadEntireFile(file);
+    posix::FClose(file);
+    return content;
+  }
+
+ private:
+  // Reads the entire content of a file as an std::string.
+  static std::string ReadEntireFile(FILE* file);
+
+  // Returns the size (in bytes) of a file.
+  static size_t GetFileSize(FILE* file);
+
+  const int fd_;  // A stream to capture.
+  int uncaptured_fd_;
+  // Name of the temporary file holding the stderr output.
+  ::std::string filename_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(CapturedStream);
+};
+
+// Returns the size (in bytes) of a file.
+size_t CapturedStream::GetFileSize(FILE* file) {
+  fseek(file, 0, SEEK_END);
+  return static_cast<size_t>(ftell(file));
+}
+
+// Reads the entire content of a file as a string.
+std::string CapturedStream::ReadEntireFile(FILE* file) {
+  const size_t file_size = GetFileSize(file);
+  char* const buffer = new char[file_size];
+
+  size_t bytes_last_read = 0;  // # of bytes read in the last fread()
+  size_t bytes_read = 0;       // # of bytes read so far
+
+  fseek(file, 0, SEEK_SET);
+
+  // Keeps reading the file until we cannot read further or the
+  // pre-determined file size is reached.
+  do {
+    bytes_last_read = fread(buffer+bytes_read, 1, file_size-bytes_read, file);
+    bytes_read += bytes_last_read;
+  } while (bytes_last_read > 0 && bytes_read < file_size);
+
+  const std::string content(buffer, bytes_read);
+  delete[] buffer;
+
+  return content;
+}
+
+GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+static CapturedStream* g_captured_stderr = NULL;
+static CapturedStream* g_captured_stdout = NULL;
+
+// Starts capturing an output stream (stdout/stderr).
+void CaptureStream(int fd, const char* stream_name, CapturedStream** stream) {
+  if (*stream != NULL) {
+    GTEST_LOG_(FATAL) << "Only one " << stream_name
+                      << " capturer can exist at a time.";
+  }
+  *stream = new CapturedStream(fd);
+}
+
+// Stops capturing the output stream and returns the captured string.
+std::string GetCapturedStream(CapturedStream** captured_stream) {
+  const std::string content = (*captured_stream)->GetCapturedString();
+
+  delete *captured_stream;
+  *captured_stream = NULL;
+
+  return content;
+}
+
+// Starts capturing stdout.
+void CaptureStdout() {
+  CaptureStream(kStdOutFileno, "stdout", &g_captured_stdout);
+}
+
+// Starts capturing stderr.
+void CaptureStderr() {
+  CaptureStream(kStdErrFileno, "stderr", &g_captured_stderr);
+}
+
+// Stops capturing stdout and returns the captured string.
+std::string GetCapturedStdout() {
+  return GetCapturedStream(&g_captured_stdout);
+}
+
+// Stops capturing stderr and returns the captured string.
+std::string GetCapturedStderr() {
+  return GetCapturedStream(&g_captured_stderr);
+}
+
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+#if GTEST_HAS_DEATH_TEST
+
+// A copy of all command line arguments.  Set by InitGoogleTest().
+::std::vector<testing::internal::string> g_argvs;
+
+static const ::std::vector<testing::internal::string>* g_injected_test_argvs =
+                                        NULL;  // Owned.
+
+void SetInjectableArgvs(const ::std::vector<testing::internal::string>* argvs) {
+  if (g_injected_test_argvs != argvs)
+    delete g_injected_test_argvs;
+  g_injected_test_argvs = argvs;
+}
+
+const ::std::vector<testing::internal::string>& GetInjectableArgvs() {
+  if (g_injected_test_argvs != NULL) {
+    return *g_injected_test_argvs;
+  }
+  return g_argvs;
+}
+#endif  // GTEST_HAS_DEATH_TEST
+
+#if GTEST_OS_WINDOWS_MOBILE
+namespace posix {
+void Abort() {
+  DebugBreak();
+  TerminateProcess(GetCurrentProcess(), 1);
+}
+}  // namespace posix
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+// Returns the name of the environment variable corresponding to the
+// given flag.  For example, FlagToEnvVar("foo") will return
+// "GTEST_FOO" in the open-source version.
+static std::string FlagToEnvVar(const char* flag) {
+  const std::string full_flag =
+      (Message() << GTEST_FLAG_PREFIX_ << flag).GetString();
+
+  Message env_var;
+  for (size_t i = 0; i != full_flag.length(); i++) {
+    env_var << ToUpper(full_flag.c_str()[i]);
+  }
+
+  return env_var.GetString();
+}
+
+// Parses 'str' for a 32-bit signed integer.  If successful, writes
+// the result to *value and returns true; otherwise leaves *value
+// unchanged and returns false.
+bool ParseInt32(const Message& src_text, const char* str, Int32* value) {
+  // Parses the environment variable as a decimal integer.
+  char* end = NULL;
+  const long long_value = strtol(str, &end, 10);  // NOLINT
+
+  // Has strtol() consumed all characters in the string?
+  if (*end != '\0') {
+    // No - an invalid character was encountered.
+    Message msg;
+    msg << "WARNING: " << src_text
+        << " is expected to be a 32-bit integer, but actually"
+        << " has value \"" << str << "\".\n";
+    printf("%s", msg.GetString().c_str());
+    fflush(stdout);
+    return false;
+  }
+
+  // Is the parsed value in the range of an Int32?
+  const Int32 result = static_cast<Int32>(long_value);
+  if (long_value == LONG_MAX || long_value == LONG_MIN ||
+      // The parsed value overflows as a long.  (strtol() returns
+      // LONG_MAX or LONG_MIN when the input overflows.)
+      result != long_value
+      // The parsed value overflows as an Int32.
+      ) {
+    Message msg;
+    msg << "WARNING: " << src_text
+        << " is expected to be a 32-bit integer, but actually"
+        << " has value " << str << ", which overflows.\n";
+    printf("%s", msg.GetString().c_str());
+    fflush(stdout);
+    return false;
+  }
+
+  *value = result;
+  return true;
+}
+
+// Reads and returns the Boolean environment variable corresponding to
+// the given flag; if it's not set, returns default_value.
+//
+// The value is considered true iff it's not "0".
+bool BoolFromGTestEnv(const char* flag, bool default_value) {
+  const std::string env_var = FlagToEnvVar(flag);
+  const char* const string_value = posix::GetEnv(env_var.c_str());
+  return string_value == NULL ?
+      default_value : strcmp(string_value, "0") != 0;
+}
+
+// Reads and returns a 32-bit integer stored in the environment
+// variable corresponding to the given flag; if it isn't set or
+// doesn't represent a valid 32-bit integer, returns default_value.
+Int32 Int32FromGTestEnv(const char* flag, Int32 default_value) {
+  const std::string env_var = FlagToEnvVar(flag);
+  const char* const string_value = posix::GetEnv(env_var.c_str());
+  if (string_value == NULL) {
+    // The environment variable is not set.
+    return default_value;
+  }
+
+  Int32 result = default_value;
+  if (!ParseInt32(Message() << "Environment variable " << env_var,
+                  string_value, &result)) {
+    printf("The default value %s is used.\n",
+           (Message() << default_value).GetString().c_str());
+    fflush(stdout);
+    return default_value;
+  }
+
+  return result;
+}
+
+// Reads and returns the string environment variable corresponding to
+// the given flag; if it's not set, returns default_value.
+const char* StringFromGTestEnv(const char* flag, const char* default_value) {
+  const std::string env_var = FlagToEnvVar(flag);
+  const char* const value = posix::GetEnv(env_var.c_str());
+  return value == NULL ? default_value : value;
+}
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/src/gtest-printers.cc b/nss/gtests/google_test/gtest/src/gtest-printers.cc
new file mode 100644
index 0000000..a2df412
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-printers.cc
@@ -0,0 +1,373 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Google Test - The Google C++ Testing Framework
+//
+// This file implements a universal value printer that can print a
+// value of any type T:
+//
+//   void ::testing::internal::UniversalPrinter<T>::Print(value, ostream_ptr);
+//
+// It uses the << operator when possible, and prints the bytes in the
+// object otherwise.  A user can override its behavior for a class
+// type Foo by defining either operator<<(::std::ostream&, const Foo&)
+// or void PrintTo(const Foo&, ::std::ostream*) in the namespace that
+// defines Foo.
+
+#include "gtest/gtest-printers.h"
+#include <ctype.h>
+#include <stdio.h>
+#include <cwchar>
+#include <ostream>  // NOLINT
+#include <string>
+#include "gtest/internal/gtest-port.h"
+
+namespace testing {
+
+namespace {
+
+using ::std::ostream;
+
+// Prints a segment of bytes in the given object.
+GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+void PrintByteSegmentInObjectTo(const unsigned char* obj_bytes, size_t start,
+                                size_t count, ostream* os) {
+  char text[5] = "";
+  for (size_t i = 0; i != count; i++) {
+    const size_t j = start + i;
+    if (i != 0) {
+      // Organizes the bytes into groups of 2 for easy parsing by
+      // human.
+      if ((j % 2) == 0)
+        *os << ' ';
+      else
+        *os << '-';
+    }
+    GTEST_SNPRINTF_(text, sizeof(text), "%02X", obj_bytes[j]);
+    *os << text;
+  }
+}
+
+// Prints the bytes in the given value to the given ostream.
+void PrintBytesInObjectToImpl(const unsigned char* obj_bytes, size_t count,
+                              ostream* os) {
+  // Tells the user how big the object is.
+  *os << count << "-byte object <";
+
+  const size_t kThreshold = 132;
+  const size_t kChunkSize = 64;
+  // If the object size is bigger than kThreshold, we'll have to omit
+  // some details by printing only the first and the last kChunkSize
+  // bytes.
+  // TODO(wan): let the user control the threshold using a flag.
+  if (count < kThreshold) {
+    PrintByteSegmentInObjectTo(obj_bytes, 0, count, os);
+  } else {
+    PrintByteSegmentInObjectTo(obj_bytes, 0, kChunkSize, os);
+    *os << " ... ";
+    // Rounds up to 2-byte boundary.
+    const size_t resume_pos = (count - kChunkSize + 1)/2*2;
+    PrintByteSegmentInObjectTo(obj_bytes, resume_pos, count - resume_pos, os);
+  }
+  *os << ">";
+}
+
+}  // namespace
+
+namespace internal2 {
+
+// Delegates to PrintBytesInObjectToImpl() to print the bytes in the
+// given object.  The delegation simplifies the implementation, which
+// uses the << operator and thus is easier done outside of the
+// ::testing::internal namespace, which contains a << operator that
+// sometimes conflicts with the one in STL.
+void PrintBytesInObjectTo(const unsigned char* obj_bytes, size_t count,
+                          ostream* os) {
+  PrintBytesInObjectToImpl(obj_bytes, count, os);
+}
+
+}  // namespace internal2
+
+namespace internal {
+
+// Depending on the value of a char (or wchar_t), we print it in one
+// of three formats:
+//   - as is if it's a printable ASCII (e.g. 'a', '2', ' '),
+//   - as a hexidecimal escape sequence (e.g. '\x7F'), or
+//   - as a special escape sequence (e.g. '\r', '\n').
+enum CharFormat {
+  kAsIs,
+  kHexEscape,
+  kSpecialEscape
+};
+
+// Returns true if c is a printable ASCII character.  We test the
+// value of c directly instead of calling isprint(), which is buggy on
+// Windows Mobile.
+inline bool IsPrintableAscii(wchar_t c) {
+  return 0x20 <= c && c <= 0x7E;
+}
+
+// Prints a wide or narrow char c as a character literal without the
+// quotes, escaping it when necessary; returns how c was formatted.
+// The template argument UnsignedChar is the unsigned version of Char,
+// which is the type of c.
+template <typename UnsignedChar, typename Char>
+static CharFormat PrintAsCharLiteralTo(Char c, ostream* os) {
+  switch (static_cast<wchar_t>(c)) {
+    case L'\0':
+      *os << "\\0";
+      break;
+    case L'\'':
+      *os << "\\'";
+      break;
+    case L'\\':
+      *os << "\\\\";
+      break;
+    case L'\a':
+      *os << "\\a";
+      break;
+    case L'\b':
+      *os << "\\b";
+      break;
+    case L'\f':
+      *os << "\\f";
+      break;
+    case L'\n':
+      *os << "\\n";
+      break;
+    case L'\r':
+      *os << "\\r";
+      break;
+    case L'\t':
+      *os << "\\t";
+      break;
+    case L'\v':
+      *os << "\\v";
+      break;
+    default:
+      if (IsPrintableAscii(c)) {
+        *os << static_cast<char>(c);
+        return kAsIs;
+      } else {
+        *os << "\\x" + String::FormatHexInt(static_cast<UnsignedChar>(c));
+        return kHexEscape;
+      }
+  }
+  return kSpecialEscape;
+}
+
+// Prints a wchar_t c as if it's part of a string literal, escaping it when
+// necessary; returns how c was formatted.
+static CharFormat PrintAsStringLiteralTo(wchar_t c, ostream* os) {
+  switch (c) {
+    case L'\'':
+      *os << "'";
+      return kAsIs;
+    case L'"':
+      *os << "\\\"";
+      return kSpecialEscape;
+    default:
+      return PrintAsCharLiteralTo<wchar_t>(c, os);
+  }
+}
+
+// Prints a char c as if it's part of a string literal, escaping it when
+// necessary; returns how c was formatted.
+static CharFormat PrintAsStringLiteralTo(char c, ostream* os) {
+  return PrintAsStringLiteralTo(
+      static_cast<wchar_t>(static_cast<unsigned char>(c)), os);
+}
+
+// Prints a wide or narrow character c and its code.  '\0' is printed
+// as "'\\0'", other unprintable characters are also properly escaped
+// using the standard C++ escape sequence.  The template argument
+// UnsignedChar is the unsigned version of Char, which is the type of c.
+template <typename UnsignedChar, typename Char>
+void PrintCharAndCodeTo(Char c, ostream* os) {
+  // First, print c as a literal in the most readable form we can find.
+  *os << ((sizeof(c) > 1) ? "L'" : "'");
+  const CharFormat format = PrintAsCharLiteralTo<UnsignedChar>(c, os);
+  *os << "'";
+
+  // To aid user debugging, we also print c's code in decimal, unless
+  // it's 0 (in which case c was printed as '\\0', making the code
+  // obvious).
+  if (c == 0)
+    return;
+  *os << " (" << static_cast<int>(c);
+
+  // For more convenience, we print c's code again in hexidecimal,
+  // unless c was already printed in the form '\x##' or the code is in
+  // [1, 9].
+  if (format == kHexEscape || (1 <= c && c <= 9)) {
+    // Do nothing.
+  } else {
+    *os << ", 0x" << String::FormatHexInt(static_cast<UnsignedChar>(c));
+  }
+  *os << ")";
+}
+
+void PrintTo(unsigned char c, ::std::ostream* os) {
+  PrintCharAndCodeTo<unsigned char>(c, os);
+}
+void PrintTo(signed char c, ::std::ostream* os) {
+  PrintCharAndCodeTo<unsigned char>(c, os);
+}
+
+// Prints a wchar_t as a symbol if it is printable or as its internal
+// code otherwise and also as its code.  L'\0' is printed as "L'\\0'".
+void PrintTo(wchar_t wc, ostream* os) {
+  PrintCharAndCodeTo<wchar_t>(wc, os);
+}
+
+// Prints the given array of characters to the ostream.  CharType must be either
+// char or wchar_t.
+// The array starts at begin, the length is len, it may include '\0' characters
+// and may not be NUL-terminated.
+template <typename CharType>
+GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+static void PrintCharsAsStringTo(
+    const CharType* begin, size_t len, ostream* os) {
+  const char* const kQuoteBegin = sizeof(CharType) == 1 ? "\"" : "L\"";
+  *os << kQuoteBegin;
+  bool is_previous_hex = false;
+  for (size_t index = 0; index < len; ++index) {
+    const CharType cur = begin[index];
+    if (is_previous_hex && IsXDigit(cur)) {
+      // Previous character is of '\x..' form and this character can be
+      // interpreted as another hexadecimal digit in its number. Break string to
+      // disambiguate.
+      *os << "\" " << kQuoteBegin;
+    }
+    is_previous_hex = PrintAsStringLiteralTo(cur, os) == kHexEscape;
+  }
+  *os << "\"";
+}
+
+// Prints a (const) char/wchar_t array of 'len' elements, starting at address
+// 'begin'.  CharType must be either char or wchar_t.
+template <typename CharType>
+GTEST_ATTRIBUTE_NO_SANITIZE_MEMORY_
+GTEST_ATTRIBUTE_NO_SANITIZE_ADDRESS_
+GTEST_ATTRIBUTE_NO_SANITIZE_THREAD_
+static void UniversalPrintCharArray(
+    const CharType* begin, size_t len, ostream* os) {
+  // The code
+  //   const char kFoo[] = "foo";
+  // generates an array of 4, not 3, elements, with the last one being '\0'.
+  //
+  // Therefore when printing a char array, we don't print the last element if
+  // it's '\0', such that the output matches the string literal as it's
+  // written in the source code.
+  if (len > 0 && begin[len - 1] == '\0') {
+    PrintCharsAsStringTo(begin, len - 1, os);
+    return;
+  }
+
+  // If, however, the last element in the array is not '\0', e.g.
+  //    const char kFoo[] = { 'f', 'o', 'o' };
+  // we must print the entire array.  We also print a message to indicate
+  // that the array is not NUL-terminated.
+  PrintCharsAsStringTo(begin, len, os);
+  *os << " (no terminating NUL)";
+}
+
+// Prints a (const) char array of 'len' elements, starting at address 'begin'.
+void UniversalPrintArray(const char* begin, size_t len, ostream* os) {
+  UniversalPrintCharArray(begin, len, os);
+}
+
+// Prints a (const) wchar_t array of 'len' elements, starting at address
+// 'begin'.
+void UniversalPrintArray(const wchar_t* begin, size_t len, ostream* os) {
+  UniversalPrintCharArray(begin, len, os);
+}
+
+// Prints the given C string to the ostream.
+void PrintTo(const char* s, ostream* os) {
+  if (s == NULL) {
+    *os << "NULL";
+  } else {
+    *os << ImplicitCast_<const void*>(s) << " pointing to ";
+    PrintCharsAsStringTo(s, strlen(s), os);
+  }
+}
+
+// MSVC compiler can be configured to define whar_t as a typedef
+// of unsigned short. Defining an overload for const wchar_t* in that case
+// would cause pointers to unsigned shorts be printed as wide strings,
+// possibly accessing more memory than intended and causing invalid
+// memory accesses. MSVC defines _NATIVE_WCHAR_T_DEFINED symbol when
+// wchar_t is implemented as a native type.
+#if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+// Prints the given wide C string to the ostream.
+void PrintTo(const wchar_t* s, ostream* os) {
+  if (s == NULL) {
+    *os << "NULL";
+  } else {
+    *os << ImplicitCast_<const void*>(s) << " pointing to ";
+    PrintCharsAsStringTo(s, std::wcslen(s), os);
+  }
+}
+#endif  // wchar_t is native
+
+// Prints a ::string object.
+#if GTEST_HAS_GLOBAL_STRING
+void PrintStringTo(const ::string& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+void PrintStringTo(const ::std::string& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+
+// Prints a ::wstring object.
+#if GTEST_HAS_GLOBAL_WSTRING
+void PrintWideStringTo(const ::wstring& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+#if GTEST_HAS_STD_WSTRING
+void PrintWideStringTo(const ::std::wstring& s, ostream* os) {
+  PrintCharsAsStringTo(s.data(), s.size(), os);
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+}  // namespace internal
+
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/src/gtest-test-part.cc b/nss/gtests/google_test/gtest/src/gtest-test-part.cc
new file mode 100644
index 0000000..fb0e354
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-test-part.cc
@@ -0,0 +1,110 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+// The Google C++ Testing Framework (Google Test)
+
+#include "gtest/gtest-test-part.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick exists to
+// prevent the accidental inclusion of gtest-internal-inl.h in the
+// user's code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+
+using internal::GetUnitTestImpl;
+
+// Gets the summary of the failure message by omitting the stack trace
+// in it.
+std::string TestPartResult::ExtractSummary(const char* message) {
+  const char* const stack_trace = strstr(message, internal::kStackTraceMarker);
+  return stack_trace == NULL ? message :
+      std::string(message, stack_trace);
+}
+
+// Prints a TestPartResult object.
+std::ostream& operator<<(std::ostream& os, const TestPartResult& result) {
+  return os
+      << result.file_name() << ":" << result.line_number() << ": "
+      << (result.type() == TestPartResult::kSuccess ? "Success" :
+          result.type() == TestPartResult::kFatalFailure ? "Fatal failure" :
+          "Non-fatal failure") << ":\n"
+      << result.message() << std::endl;
+}
+
+// Appends a TestPartResult to the array.
+void TestPartResultArray::Append(const TestPartResult& result) {
+  array_.push_back(result);
+}
+
+// Returns the TestPartResult at the given index (0-based).
+const TestPartResult& TestPartResultArray::GetTestPartResult(int index) const {
+  if (index < 0 || index >= size()) {
+    printf("\nInvalid index (%d) into TestPartResultArray.\n", index);
+    internal::posix::Abort();
+  }
+
+  return array_[index];
+}
+
+// Returns the number of TestPartResult objects in the array.
+int TestPartResultArray::size() const {
+  return static_cast<int>(array_.size());
+}
+
+namespace internal {
+
+HasNewFatalFailureHelper::HasNewFatalFailureHelper()
+    : has_new_fatal_failure_(false),
+      original_reporter_(GetUnitTestImpl()->
+                         GetTestPartResultReporterForCurrentThread()) {
+  GetUnitTestImpl()->SetTestPartResultReporterForCurrentThread(this);
+}
+
+HasNewFatalFailureHelper::~HasNewFatalFailureHelper() {
+  GetUnitTestImpl()->SetTestPartResultReporterForCurrentThread(
+      original_reporter_);
+}
+
+void HasNewFatalFailureHelper::ReportTestPartResult(
+    const TestPartResult& result) {
+  if (result.fatally_failed())
+    has_new_fatal_failure_ = true;
+  original_reporter_->ReportTestPartResult(result);
+}
+
+}  // namespace internal
+
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/src/gtest-typed-test.cc b/nss/gtests/google_test/gtest/src/gtest-typed-test.cc
new file mode 100644
index 0000000..f0079f4
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest-typed-test.cc
@@ -0,0 +1,110 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest-typed-test.h"
+#include "gtest/gtest.h"
+
+namespace testing {
+namespace internal {
+
+#if GTEST_HAS_TYPED_TEST_P
+
+// Skips to the first non-space char in str. Returns an empty string if str
+// contains only whitespace characters.
+static const char* SkipSpaces(const char* str) {
+  while (IsSpace(*str))
+    str++;
+  return str;
+}
+
+// Verifies that registered_tests match the test names in
+// defined_test_names_; returns registered_tests if successful, or
+// aborts the program otherwise.
+const char* TypedTestCasePState::VerifyRegisteredTestNames(
+    const char* file, int line, const char* registered_tests) {
+  typedef ::std::set<const char*>::const_iterator DefinedTestIter;
+  registered_ = true;
+
+  // Skip initial whitespace in registered_tests since some
+  // preprocessors prefix stringizied literals with whitespace.
+  registered_tests = SkipSpaces(registered_tests);
+
+  Message errors;
+  ::std::set<std::string> tests;
+  for (const char* names = registered_tests; names != NULL;
+       names = SkipComma(names)) {
+    const std::string name = GetPrefixUntilComma(names);
+    if (tests.count(name) != 0) {
+      errors << "Test " << name << " is listed more than once.\n";
+      continue;
+    }
+
+    bool found = false;
+    for (DefinedTestIter it = defined_test_names_.begin();
+         it != defined_test_names_.end();
+         ++it) {
+      if (name == *it) {
+        found = true;
+        break;
+      }
+    }
+
+    if (found) {
+      tests.insert(name);
+    } else {
+      errors << "No test named " << name
+             << " can be found in this test case.\n";
+    }
+  }
+
+  for (DefinedTestIter it = defined_test_names_.begin();
+       it != defined_test_names_.end();
+       ++it) {
+    if (tests.count(*it) == 0) {
+      errors << "You forgot to list test " << *it << ".\n";
+    }
+  }
+
+  const std::string& errors_str = errors.GetString();
+  if (errors_str != "") {
+    fprintf(stderr, "%s %s", FormatFileLocation(file, line).c_str(),
+            errors_str.c_str());
+    fflush(stderr);
+    posix::Abort();
+  }
+
+  return registered_tests;
+}
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/src/gtest.cc b/nss/gtests/google_test/gtest/src/gtest.cc
new file mode 100644
index 0000000..e4f3df3
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest.cc
@@ -0,0 +1,5291 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// The Google C++ Testing Framework (Google Test)
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+#include <ctype.h>
+#include <math.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <wchar.h>
+#include <wctype.h>
+
+#include <algorithm>
+#include <iomanip>
+#include <limits>
+#include <list>
+#include <map>
+#include <ostream>  // NOLINT
+#include <sstream>
+#include <vector>
+
+#if GTEST_OS_LINUX
+
+// TODO(kenton@google.com): Use autoconf to detect availability of
+// gettimeofday().
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+
+# include <fcntl.h>  // NOLINT
+# include <limits.h>  // NOLINT
+# include <sched.h>  // NOLINT
+// Declares vsnprintf().  This header is not available on Windows.
+# include <strings.h>  // NOLINT
+# include <sys/mman.h>  // NOLINT
+# include <sys/time.h>  // NOLINT
+# include <unistd.h>  // NOLINT
+# include <string>
+
+#elif GTEST_OS_SYMBIAN
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+# include <sys/time.h>  // NOLINT
+
+#elif GTEST_OS_ZOS
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+# include <sys/time.h>  // NOLINT
+
+// On z/OS we additionally need strings.h for strcasecmp.
+# include <strings.h>  // NOLINT
+
+#elif GTEST_OS_WINDOWS_MOBILE  // We are on Windows CE.
+
+# include <windows.h>  // NOLINT
+# undef min
+
+#elif GTEST_OS_WINDOWS  // We are on Windows proper.
+
+# include <io.h>  // NOLINT
+# include <sys/timeb.h>  // NOLINT
+# include <sys/types.h>  // NOLINT
+# include <sys/stat.h>  // NOLINT
+
+# if GTEST_OS_WINDOWS_MINGW
+// MinGW has gettimeofday() but not _ftime64().
+// TODO(kenton@google.com): Use autoconf to detect availability of
+//   gettimeofday().
+// TODO(kenton@google.com): There are other ways to get the time on
+//   Windows, like GetTickCount() or GetSystemTimeAsFileTime().  MinGW
+//   supports these.  consider using them instead.
+#  define GTEST_HAS_GETTIMEOFDAY_ 1
+#  include <sys/time.h>  // NOLINT
+# endif  // GTEST_OS_WINDOWS_MINGW
+
+// cpplint thinks that the header is already included, so we want to
+// silence it.
+# include <windows.h>  // NOLINT
+# undef min
+
+#else
+
+// Assume other platforms have gettimeofday().
+// TODO(kenton@google.com): Use autoconf to detect availability of
+//   gettimeofday().
+# define GTEST_HAS_GETTIMEOFDAY_ 1
+
+// cpplint thinks that the header is already included, so we want to
+// silence it.
+# include <sys/time.h>  // NOLINT
+# include <unistd.h>  // NOLINT
+
+#endif  // GTEST_OS_LINUX
+
+#if GTEST_HAS_EXCEPTIONS
+# include <stdexcept>
+#endif
+
+#if GTEST_CAN_STREAM_RESULTS_
+# include <arpa/inet.h>  // NOLINT
+# include <netdb.h>  // NOLINT
+#endif
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#if GTEST_OS_WINDOWS
+# define vsnprintf _vsnprintf
+#endif  // GTEST_OS_WINDOWS
+
+namespace testing {
+
+using internal::CountIf;
+using internal::ForEach;
+using internal::GetElementOr;
+using internal::Shuffle;
+
+// Constants.
+
+// A test whose test case name or test name matches this filter is
+// disabled and not run.
+static const char kDisableTestFilter[] = "DISABLED_*:*/DISABLED_*";
+
+// A test case whose name matches this filter is considered a death
+// test case and will be run before test cases whose name doesn't
+// match this filter.
+static const char kDeathTestCaseFilter[] = "*DeathTest:*DeathTest/*";
+
+// A test filter that matches everything.
+static const char kUniversalFilter[] = "*";
+
+// The default output file for XML output.
+static const char kDefaultOutputFile[] = "test_detail.xml";
+
+// The environment variable name for the test shard index.
+static const char kTestShardIndex[] = "GTEST_SHARD_INDEX";
+// The environment variable name for the total number of test shards.
+static const char kTestTotalShards[] = "GTEST_TOTAL_SHARDS";
+// The environment variable name for the test shard status file.
+static const char kTestShardStatusFile[] = "GTEST_SHARD_STATUS_FILE";
+
+namespace internal {
+
+// The text used in failure messages to indicate the start of the
+// stack trace.
+const char kStackTraceMarker[] = "\nStack trace:\n";
+
+// g_help_flag is true iff the --help flag or an equivalent form is
+// specified on the command line.
+bool g_help_flag = false;
+
+}  // namespace internal
+
+static const char* GetDefaultFilter() {
+  return kUniversalFilter;
+}
+
+GTEST_DEFINE_bool_(
+    also_run_disabled_tests,
+    internal::BoolFromGTestEnv("also_run_disabled_tests", false),
+    "Run disabled tests too, in addition to the tests normally being run.");
+
+GTEST_DEFINE_bool_(
+    break_on_failure,
+    internal::BoolFromGTestEnv("break_on_failure", false),
+    "True iff a failed assertion should be a debugger break-point.");
+
+GTEST_DEFINE_bool_(
+    catch_exceptions,
+    internal::BoolFromGTestEnv("catch_exceptions", true),
+    "True iff " GTEST_NAME_
+    " should catch exceptions and treat them as test failures.");
+
+GTEST_DEFINE_string_(
+    color,
+    internal::StringFromGTestEnv("color", "auto"),
+    "Whether to use colors in the output.  Valid values: yes, no, "
+    "and auto.  'auto' means to use colors if the output is "
+    "being sent to a terminal and the TERM environment variable "
+    "is set to a terminal type that supports colors.");
+
+GTEST_DEFINE_string_(
+    filter,
+    internal::StringFromGTestEnv("filter", GetDefaultFilter()),
+    "A colon-separated list of glob (not regex) patterns "
+    "for filtering the tests to run, optionally followed by a "
+    "'-' and a : separated list of negative patterns (tests to "
+    "exclude).  A test is run if it matches one of the positive "
+    "patterns and does not match any of the negative patterns.");
+
+GTEST_DEFINE_bool_(list_tests, false,
+                   "List all tests without running them.");
+
+GTEST_DEFINE_string_(
+    output,
+    internal::StringFromGTestEnv("output", ""),
+    "A format (currently must be \"xml\"), optionally followed "
+    "by a colon and an output file name or directory. A directory "
+    "is indicated by a trailing pathname separator. "
+    "Examples: \"xml:filename.xml\", \"xml::directoryname/\". "
+    "If a directory is specified, output files will be created "
+    "within that directory, with file-names based on the test "
+    "executable's name and, if necessary, made unique by adding "
+    "digits.");
+
+GTEST_DEFINE_bool_(
+    print_time,
+    internal::BoolFromGTestEnv("print_time", true),
+    "True iff " GTEST_NAME_
+    " should display elapsed time in text output.");
+
+GTEST_DEFINE_int32_(
+    random_seed,
+    internal::Int32FromGTestEnv("random_seed", 0),
+    "Random number seed to use when shuffling test orders.  Must be in range "
+    "[1, 99999], or 0 to use a seed based on the current time.");
+
+GTEST_DEFINE_int32_(
+    repeat,
+    internal::Int32FromGTestEnv("repeat", 1),
+    "How many times to repeat each test.  Specify a negative number "
+    "for repeating forever.  Useful for shaking out flaky tests.");
+
+GTEST_DEFINE_bool_(
+    show_internal_stack_frames, false,
+    "True iff " GTEST_NAME_ " should include internal stack frames when "
+    "printing test failure stack traces.");
+
+GTEST_DEFINE_bool_(
+    shuffle,
+    internal::BoolFromGTestEnv("shuffle", false),
+    "True iff " GTEST_NAME_
+    " should randomize tests' order on every run.");
+
+GTEST_DEFINE_int32_(
+    stack_trace_depth,
+    internal::Int32FromGTestEnv("stack_trace_depth", kMaxStackTraceDepth),
+    "The maximum number of stack frames to print when an "
+    "assertion fails.  The valid range is 0 through 100, inclusive.");
+
+GTEST_DEFINE_string_(
+    stream_result_to,
+    internal::StringFromGTestEnv("stream_result_to", ""),
+    "This flag specifies the host name and the port number on which to stream "
+    "test results. Example: \"localhost:555\". The flag is effective only on "
+    "Linux.");
+
+GTEST_DEFINE_bool_(
+    throw_on_failure,
+    internal::BoolFromGTestEnv("throw_on_failure", false),
+    "When this flag is specified, a failed assertion will throw an exception "
+    "if exceptions are enabled or exit the program with a non-zero code "
+    "otherwise.");
+
+namespace internal {
+
+// Generates a random number from [0, range), using a Linear
+// Congruential Generator (LCG).  Crashes if 'range' is 0 or greater
+// than kMaxRange.
+UInt32 Random::Generate(UInt32 range) {
+  // These constants are the same as are used in glibc's rand(3).
+  state_ = (1103515245U*state_ + 12345U) % kMaxRange;
+
+  GTEST_CHECK_(range > 0)
+      << "Cannot generate a number in the range [0, 0).";
+  GTEST_CHECK_(range <= kMaxRange)
+      << "Generation of a number in [0, " << range << ") was requested, "
+      << "but this can only generate numbers in [0, " << kMaxRange << ").";
+
+  // Converting via modulus introduces a bit of downward bias, but
+  // it's simple, and a linear congruential generator isn't too good
+  // to begin with.
+  return state_ % range;
+}
+
+// GTestIsInitialized() returns true iff the user has initialized
+// Google Test.  Useful for catching the user mistake of not initializing
+// Google Test before calling RUN_ALL_TESTS().
+//
+// A user must call testing::InitGoogleTest() to initialize Google
+// Test.  g_init_gtest_count is set to the number of times
+// InitGoogleTest() has been called.  We don't protect this variable
+// under a mutex as it is only accessed in the main thread.
+GTEST_API_ int g_init_gtest_count = 0;
+static bool GTestIsInitialized() { return g_init_gtest_count != 0; }
+
+// Iterates over a vector of TestCases, keeping a running sum of the
+// results of calling a given int-returning method on each.
+// Returns the sum.
+static int SumOverTestCaseList(const std::vector<TestCase*>& case_list,
+                               int (TestCase::*method)() const) {
+  int sum = 0;
+  for (size_t i = 0; i < case_list.size(); i++) {
+    sum += (case_list[i]->*method)();
+  }
+  return sum;
+}
+
+// Returns true iff the test case passed.
+static bool TestCasePassed(const TestCase* test_case) {
+  return test_case->should_run() && test_case->Passed();
+}
+
+// Returns true iff the test case failed.
+static bool TestCaseFailed(const TestCase* test_case) {
+  return test_case->should_run() && test_case->Failed();
+}
+
+// Returns true iff test_case contains at least one test that should
+// run.
+static bool ShouldRunTestCase(const TestCase* test_case) {
+  return test_case->should_run();
+}
+
+// AssertHelper constructor.
+AssertHelper::AssertHelper(TestPartResult::Type type,
+                           const char* file,
+                           int line,
+                           const char* message)
+    : data_(new AssertHelperData(type, file, line, message)) {
+}
+
+AssertHelper::~AssertHelper() {
+  delete data_;
+}
+
+// Message assignment, for assertion streaming support.
+void AssertHelper::operator=(const Message& message) const {
+  UnitTest::GetInstance()->
+    AddTestPartResult(data_->type, data_->file, data_->line,
+                      AppendUserMessage(data_->message, message),
+                      UnitTest::GetInstance()->impl()
+                      ->CurrentOsStackTraceExceptTop(1)
+                      // Skips the stack frame for this function itself.
+                      );  // NOLINT
+}
+
+// Mutex for linked pointers.
+GTEST_API_ GTEST_DEFINE_STATIC_MUTEX_(g_linked_ptr_mutex);
+
+// Application pathname gotten in InitGoogleTest.
+std::string g_executable_path;
+
+// Returns the current application's name, removing directory path if that
+// is present.
+FilePath GetCurrentExecutableName() {
+  FilePath result;
+
+#if GTEST_OS_WINDOWS
+  result.Set(FilePath(g_executable_path).RemoveExtension("exe"));
+#else
+  result.Set(FilePath(g_executable_path));
+#endif  // GTEST_OS_WINDOWS
+
+  return result.RemoveDirectoryName();
+}
+
+// Functions for processing the gtest_output flag.
+
+// Returns the output format, or "" for normal printed output.
+std::string UnitTestOptions::GetOutputFormat() {
+  const char* const gtest_output_flag = GTEST_FLAG(output).c_str();
+  if (gtest_output_flag == NULL) return std::string("");
+
+  const char* const colon = strchr(gtest_output_flag, ':');
+  return (colon == NULL) ?
+      std::string(gtest_output_flag) :
+      std::string(gtest_output_flag, colon - gtest_output_flag);
+}
+
+// Returns the name of the requested output file, or the default if none
+// was explicitly specified.
+std::string UnitTestOptions::GetAbsolutePathToOutputFile() {
+  const char* const gtest_output_flag = GTEST_FLAG(output).c_str();
+  if (gtest_output_flag == NULL)
+    return "";
+
+  const char* const colon = strchr(gtest_output_flag, ':');
+  if (colon == NULL)
+    return internal::FilePath::ConcatPaths(
+        internal::FilePath(
+            UnitTest::GetInstance()->original_working_dir()),
+        internal::FilePath(kDefaultOutputFile)).string();
+
+  internal::FilePath output_name(colon + 1);
+  if (!output_name.IsAbsolutePath())
+    // TODO(wan@google.com): on Windows \some\path is not an absolute
+    // path (as its meaning depends on the current drive), yet the
+    // following logic for turning it into an absolute path is wrong.
+    // Fix it.
+    output_name = internal::FilePath::ConcatPaths(
+        internal::FilePath(UnitTest::GetInstance()->original_working_dir()),
+        internal::FilePath(colon + 1));
+
+  if (!output_name.IsDirectory())
+    return output_name.string();
+
+  internal::FilePath result(internal::FilePath::GenerateUniqueFileName(
+      output_name, internal::GetCurrentExecutableName(),
+      GetOutputFormat().c_str()));
+  return result.string();
+}
+
+// Returns true iff the wildcard pattern matches the string.  The
+// first ':' or '\0' character in pattern marks the end of it.
+//
+// This recursive algorithm isn't very efficient, but is clear and
+// works well enough for matching test names, which are short.
+bool UnitTestOptions::PatternMatchesString(const char *pattern,
+                                           const char *str) {
+  switch (*pattern) {
+    case '\0':
+    case ':':  // Either ':' or '\0' marks the end of the pattern.
+      return *str == '\0';
+    case '?':  // Matches any single character.
+      return *str != '\0' && PatternMatchesString(pattern + 1, str + 1);
+    case '*':  // Matches any string (possibly empty) of characters.
+      return (*str != '\0' && PatternMatchesString(pattern, str + 1)) ||
+          PatternMatchesString(pattern + 1, str);
+    default:  // Non-special character.  Matches itself.
+      return *pattern == *str &&
+          PatternMatchesString(pattern + 1, str + 1);
+  }
+}
+
+bool UnitTestOptions::MatchesFilter(
+    const std::string& name, const char* filter) {
+  const char *cur_pattern = filter;
+  for (;;) {
+    if (PatternMatchesString(cur_pattern, name.c_str())) {
+      return true;
+    }
+
+    // Finds the next pattern in the filter.
+    cur_pattern = strchr(cur_pattern, ':');
+
+    // Returns if no more pattern can be found.
+    if (cur_pattern == NULL) {
+      return false;
+    }
+
+    // Skips the pattern separater (the ':' character).
+    cur_pattern++;
+  }
+}
+
+// Returns true iff the user-specified filter matches the test case
+// name and the test name.
+bool UnitTestOptions::FilterMatchesTest(const std::string &test_case_name,
+                                        const std::string &test_name) {
+  const std::string& full_name = test_case_name + "." + test_name.c_str();
+
+  // Split --gtest_filter at '-', if there is one, to separate into
+  // positive filter and negative filter portions
+  const char* const p = GTEST_FLAG(filter).c_str();
+  const char* const dash = strchr(p, '-');
+  std::string positive;
+  std::string negative;
+  if (dash == NULL) {
+    positive = GTEST_FLAG(filter).c_str();  // Whole string is a positive filter
+    negative = "";
+  } else {
+    positive = std::string(p, dash);   // Everything up to the dash
+    negative = std::string(dash + 1);  // Everything after the dash
+    if (positive.empty()) {
+      // Treat '-test1' as the same as '*-test1'
+      positive = kUniversalFilter;
+    }
+  }
+
+  // A filter is a colon-separated list of patterns.  It matches a
+  // test if any pattern in it matches the test.
+  return (MatchesFilter(full_name, positive.c_str()) &&
+          !MatchesFilter(full_name, negative.c_str()));
+}
+
+#if GTEST_HAS_SEH
+// Returns EXCEPTION_EXECUTE_HANDLER if Google Test should handle the
+// given SEH exception, or EXCEPTION_CONTINUE_SEARCH otherwise.
+// This function is useful as an __except condition.
+int UnitTestOptions::GTestShouldProcessSEH(DWORD exception_code) {
+  // Google Test should handle a SEH exception if:
+  //   1. the user wants it to, AND
+  //   2. this is not a breakpoint exception, AND
+  //   3. this is not a C++ exception (VC++ implements them via SEH,
+  //      apparently).
+  //
+  // SEH exception code for C++ exceptions.
+  // (see http://support.microsoft.com/kb/185294 for more information).
+  const DWORD kCxxExceptionCode = 0xe06d7363;
+
+  bool should_handle = true;
+
+  if (!GTEST_FLAG(catch_exceptions))
+    should_handle = false;
+  else if (exception_code == EXCEPTION_BREAKPOINT)
+    should_handle = false;
+  else if (exception_code == kCxxExceptionCode)
+    should_handle = false;
+
+  return should_handle ? EXCEPTION_EXECUTE_HANDLER : EXCEPTION_CONTINUE_SEARCH;
+}
+#endif  // GTEST_HAS_SEH
+
+}  // namespace internal
+
+// The c'tor sets this object as the test part result reporter used by
+// Google Test.  The 'result' parameter specifies where to report the
+// results. Intercepts only failures from the current thread.
+ScopedFakeTestPartResultReporter::ScopedFakeTestPartResultReporter(
+    TestPartResultArray* result)
+    : intercept_mode_(INTERCEPT_ONLY_CURRENT_THREAD),
+      result_(result) {
+  Init();
+}
+
+// The c'tor sets this object as the test part result reporter used by
+// Google Test.  The 'result' parameter specifies where to report the
+// results.
+ScopedFakeTestPartResultReporter::ScopedFakeTestPartResultReporter(
+    InterceptMode intercept_mode, TestPartResultArray* result)
+    : intercept_mode_(intercept_mode),
+      result_(result) {
+  Init();
+}
+
+void ScopedFakeTestPartResultReporter::Init() {
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  if (intercept_mode_ == INTERCEPT_ALL_THREADS) {
+    old_reporter_ = impl->GetGlobalTestPartResultReporter();
+    impl->SetGlobalTestPartResultReporter(this);
+  } else {
+    old_reporter_ = impl->GetTestPartResultReporterForCurrentThread();
+    impl->SetTestPartResultReporterForCurrentThread(this);
+  }
+}
+
+// The d'tor restores the test part result reporter used by Google Test
+// before.
+ScopedFakeTestPartResultReporter::~ScopedFakeTestPartResultReporter() {
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  if (intercept_mode_ == INTERCEPT_ALL_THREADS) {
+    impl->SetGlobalTestPartResultReporter(old_reporter_);
+  } else {
+    impl->SetTestPartResultReporterForCurrentThread(old_reporter_);
+  }
+}
+
+// Increments the test part result count and remembers the result.
+// This method is from the TestPartResultReporterInterface interface.
+void ScopedFakeTestPartResultReporter::ReportTestPartResult(
+    const TestPartResult& result) {
+  result_->Append(result);
+}
+
+namespace internal {
+
+// Returns the type ID of ::testing::Test.  We should always call this
+// instead of GetTypeId< ::testing::Test>() to get the type ID of
+// testing::Test.  This is to work around a suspected linker bug when
+// using Google Test as a framework on Mac OS X.  The bug causes
+// GetTypeId< ::testing::Test>() to return different values depending
+// on whether the call is from the Google Test framework itself or
+// from user test code.  GetTestTypeId() is guaranteed to always
+// return the same value, as it always calls GetTypeId<>() from the
+// gtest.cc, which is within the Google Test framework.
+TypeId GetTestTypeId() {
+  return GetTypeId<Test>();
+}
+
+// The value of GetTestTypeId() as seen from within the Google Test
+// library.  This is solely for testing GetTestTypeId().
+extern const TypeId kTestTypeIdInGoogleTest = GetTestTypeId();
+
+// This predicate-formatter checks that 'results' contains a test part
+// failure of the given type and that the failure message contains the
+// given substring.
+AssertionResult HasOneFailure(const char* /* results_expr */,
+                              const char* /* type_expr */,
+                              const char* /* substr_expr */,
+                              const TestPartResultArray& results,
+                              TestPartResult::Type type,
+                              const string& substr) {
+  const std::string expected(type == TestPartResult::kFatalFailure ?
+                        "1 fatal failure" :
+                        "1 non-fatal failure");
+  Message msg;
+  if (results.size() != 1) {
+    msg << "Expected: " << expected << "\n"
+        << "  Actual: " << results.size() << " failures";
+    for (int i = 0; i < results.size(); i++) {
+      msg << "\n" << results.GetTestPartResult(i);
+    }
+    return AssertionFailure() << msg;
+  }
+
+  const TestPartResult& r = results.GetTestPartResult(0);
+  if (r.type() != type) {
+    return AssertionFailure() << "Expected: " << expected << "\n"
+                              << "  Actual:\n"
+                              << r;
+  }
+
+  if (strstr(r.message(), substr.c_str()) == NULL) {
+    return AssertionFailure() << "Expected: " << expected << " containing \""
+                              << substr << "\"\n"
+                              << "  Actual:\n"
+                              << r;
+  }
+
+  return AssertionSuccess();
+}
+
+// The constructor of SingleFailureChecker remembers where to look up
+// test part results, what type of failure we expect, and what
+// substring the failure message should contain.
+SingleFailureChecker:: SingleFailureChecker(
+    const TestPartResultArray* results,
+    TestPartResult::Type type,
+    const string& substr)
+    : results_(results),
+      type_(type),
+      substr_(substr) {}
+
+// The destructor of SingleFailureChecker verifies that the given
+// TestPartResultArray contains exactly one failure that has the given
+// type and contains the given substring.  If that's not the case, a
+// non-fatal failure will be generated.
+SingleFailureChecker::~SingleFailureChecker() {
+  EXPECT_PRED_FORMAT3(HasOneFailure, *results_, type_, substr_);
+}
+
+DefaultGlobalTestPartResultReporter::DefaultGlobalTestPartResultReporter(
+    UnitTestImpl* unit_test) : unit_test_(unit_test) {}
+
+void DefaultGlobalTestPartResultReporter::ReportTestPartResult(
+    const TestPartResult& result) {
+  unit_test_->current_test_result()->AddTestPartResult(result);
+  unit_test_->listeners()->repeater()->OnTestPartResult(result);
+}
+
+DefaultPerThreadTestPartResultReporter::DefaultPerThreadTestPartResultReporter(
+    UnitTestImpl* unit_test) : unit_test_(unit_test) {}
+
+void DefaultPerThreadTestPartResultReporter::ReportTestPartResult(
+    const TestPartResult& result) {
+  unit_test_->GetGlobalTestPartResultReporter()->ReportTestPartResult(result);
+}
+
+// Returns the global test part result reporter.
+TestPartResultReporterInterface*
+UnitTestImpl::GetGlobalTestPartResultReporter() {
+  internal::MutexLock lock(&global_test_part_result_reporter_mutex_);
+  return global_test_part_result_repoter_;
+}
+
+// Sets the global test part result reporter.
+void UnitTestImpl::SetGlobalTestPartResultReporter(
+    TestPartResultReporterInterface* reporter) {
+  internal::MutexLock lock(&global_test_part_result_reporter_mutex_);
+  global_test_part_result_repoter_ = reporter;
+}
+
+// Returns the test part result reporter for the current thread.
+TestPartResultReporterInterface*
+UnitTestImpl::GetTestPartResultReporterForCurrentThread() {
+  return per_thread_test_part_result_reporter_.get();
+}
+
+// Sets the test part result reporter for the current thread.
+void UnitTestImpl::SetTestPartResultReporterForCurrentThread(
+    TestPartResultReporterInterface* reporter) {
+  per_thread_test_part_result_reporter_.set(reporter);
+}
+
+// Gets the number of successful test cases.
+int UnitTestImpl::successful_test_case_count() const {
+  return CountIf(test_cases_, TestCasePassed);
+}
+
+// Gets the number of failed test cases.
+int UnitTestImpl::failed_test_case_count() const {
+  return CountIf(test_cases_, TestCaseFailed);
+}
+
+// Gets the number of all test cases.
+int UnitTestImpl::total_test_case_count() const {
+  return static_cast<int>(test_cases_.size());
+}
+
+// Gets the number of all test cases that contain at least one test
+// that should run.
+int UnitTestImpl::test_case_to_run_count() const {
+  return CountIf(test_cases_, ShouldRunTestCase);
+}
+
+// Gets the number of successful tests.
+int UnitTestImpl::successful_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::successful_test_count);
+}
+
+// Gets the number of failed tests.
+int UnitTestImpl::failed_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::failed_test_count);
+}
+
+// Gets the number of disabled tests that will be reported in the XML report.
+int UnitTestImpl::reportable_disabled_test_count() const {
+  return SumOverTestCaseList(test_cases_,
+                             &TestCase::reportable_disabled_test_count);
+}
+
+// Gets the number of disabled tests.
+int UnitTestImpl::disabled_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::disabled_test_count);
+}
+
+// Gets the number of tests to be printed in the XML report.
+int UnitTestImpl::reportable_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::reportable_test_count);
+}
+
+// Gets the number of all tests.
+int UnitTestImpl::total_test_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::total_test_count);
+}
+
+// Gets the number of tests that should run.
+int UnitTestImpl::test_to_run_count() const {
+  return SumOverTestCaseList(test_cases_, &TestCase::test_to_run_count);
+}
+
+// Returns the current OS stack trace as an std::string.
+//
+// The maximum number of stack frames to be included is specified by
+// the gtest_stack_trace_depth flag.  The skip_count parameter
+// specifies the number of top frames to be skipped, which doesn't
+// count against the number of frames to be included.
+//
+// For example, if Foo() calls Bar(), which in turn calls
+// CurrentOsStackTraceExceptTop(1), Foo() will be included in the
+// trace but Bar() and CurrentOsStackTraceExceptTop() won't.
+std::string UnitTestImpl::CurrentOsStackTraceExceptTop(int skip_count) {
+  (void)skip_count;
+  return "";
+}
+
+// Returns the current time in milliseconds.
+TimeInMillis GetTimeInMillis() {
+#if GTEST_OS_WINDOWS_MOBILE || defined(__BORLANDC__)
+  // Difference between 1970-01-01 and 1601-01-01 in milliseconds.
+  // http://analogous.blogspot.com/2005/04/epoch.html
+  const TimeInMillis kJavaEpochToWinFileTimeDelta =
+    static_cast<TimeInMillis>(116444736UL) * 100000UL;
+  const DWORD kTenthMicrosInMilliSecond = 10000;
+
+  SYSTEMTIME now_systime;
+  FILETIME now_filetime;
+  ULARGE_INTEGER now_int64;
+  // TODO(kenton@google.com): Shouldn't this just use
+  //   GetSystemTimeAsFileTime()?
+  GetSystemTime(&now_systime);
+  if (SystemTimeToFileTime(&now_systime, &now_filetime)) {
+    now_int64.LowPart = now_filetime.dwLowDateTime;
+    now_int64.HighPart = now_filetime.dwHighDateTime;
+    now_int64.QuadPart = (now_int64.QuadPart / kTenthMicrosInMilliSecond) -
+      kJavaEpochToWinFileTimeDelta;
+    return now_int64.QuadPart;
+  }
+  return 0;
+#elif GTEST_OS_WINDOWS && !GTEST_HAS_GETTIMEOFDAY_
+  __timeb64 now;
+
+  // MSVC 8 deprecates _ftime64(), so we want to suppress warning 4996
+  // (deprecated function) there.
+  // TODO(kenton@google.com): Use GetTickCount()?  Or use
+  //   SystemTimeToFileTime()
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996)
+  _ftime64(&now);
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+  return static_cast<TimeInMillis>(now.time) * 1000 + now.millitm;
+#elif GTEST_HAS_GETTIMEOFDAY_
+  struct timeval now;
+  gettimeofday(&now, NULL);
+  return static_cast<TimeInMillis>(now.tv_sec) * 1000 + now.tv_usec / 1000;
+#else
+# error "Don't know how to get the current time on your system."
+#endif
+}
+
+// Utilities
+
+// class String.
+
+#if GTEST_OS_WINDOWS_MOBILE
+// Creates a UTF-16 wide string from the given ANSI string, allocating
+// memory using new. The caller is responsible for deleting the return
+// value using delete[]. Returns the wide string, or NULL if the
+// input is NULL.
+LPCWSTR String::AnsiToUtf16(const char* ansi) {
+  if (!ansi) return NULL;
+  const int length = strlen(ansi);
+  const int unicode_length =
+      MultiByteToWideChar(CP_ACP, 0, ansi, length,
+                          NULL, 0);
+  WCHAR* unicode = new WCHAR[unicode_length + 1];
+  MultiByteToWideChar(CP_ACP, 0, ansi, length,
+                      unicode, unicode_length);
+  unicode[unicode_length] = 0;
+  return unicode;
+}
+
+// Creates an ANSI string from the given wide string, allocating
+// memory using new. The caller is responsible for deleting the return
+// value using delete[]. Returns the ANSI string, or NULL if the
+// input is NULL.
+const char* String::Utf16ToAnsi(LPCWSTR utf16_str)  {
+  if (!utf16_str) return NULL;
+  const int ansi_length =
+      WideCharToMultiByte(CP_ACP, 0, utf16_str, -1,
+                          NULL, 0, NULL, NULL);
+  char* ansi = new char[ansi_length + 1];
+  WideCharToMultiByte(CP_ACP, 0, utf16_str, -1,
+                      ansi, ansi_length, NULL, NULL);
+  ansi[ansi_length] = 0;
+  return ansi;
+}
+
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+// Compares two C strings.  Returns true iff they have the same content.
+//
+// Unlike strcmp(), this function can handle NULL argument(s).  A NULL
+// C string is considered different to any non-NULL C string,
+// including the empty string.
+bool String::CStringEquals(const char * lhs, const char * rhs) {
+  if ( lhs == NULL ) return rhs == NULL;
+
+  if ( rhs == NULL ) return false;
+
+  return strcmp(lhs, rhs) == 0;
+}
+
+#if GTEST_HAS_STD_WSTRING || GTEST_HAS_GLOBAL_WSTRING
+
+// Converts an array of wide chars to a narrow string using the UTF-8
+// encoding, and streams the result to the given Message object.
+static void StreamWideCharsToMessage(const wchar_t* wstr, size_t length,
+                                     Message* msg) {
+  for (size_t i = 0; i != length; ) {  // NOLINT
+    if (wstr[i] != L'\0') {
+      *msg << WideStringToUtf8(wstr + i, static_cast<int>(length - i));
+      while (i != length && wstr[i] != L'\0')
+        i++;
+    } else {
+      *msg << '\0';
+      i++;
+    }
+  }
+}
+
+#endif  // GTEST_HAS_STD_WSTRING || GTEST_HAS_GLOBAL_WSTRING
+
+}  // namespace internal
+
+// Constructs an empty Message.
+// We allocate the stringstream separately because otherwise each use of
+// ASSERT/EXPECT in a procedure adds over 200 bytes to the procedure's
+// stack frame leading to huge stack frames in some cases; gcc does not reuse
+// the stack space.
+Message::Message() : ss_(new ::std::stringstream) {
+  // By default, we want there to be enough precision when printing
+  // a double to a Message.
+  *ss_ << std::setprecision(std::numeric_limits<double>::digits10 + 2);
+}
+
+// These two overloads allow streaming a wide C string to a Message
+// using the UTF-8 encoding.
+Message& Message::operator <<(const wchar_t* wide_c_str) {
+  return *this << internal::String::ShowWideCString(wide_c_str);
+}
+Message& Message::operator <<(wchar_t* wide_c_str) {
+  return *this << internal::String::ShowWideCString(wide_c_str);
+}
+
+#if GTEST_HAS_STD_WSTRING
+// Converts the given wide string to a narrow string using the UTF-8
+// encoding, and streams the result to this Message object.
+Message& Message::operator <<(const ::std::wstring& wstr) {
+  internal::StreamWideCharsToMessage(wstr.c_str(), wstr.length(), this);
+  return *this;
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// Converts the given wide string to a narrow string using the UTF-8
+// encoding, and streams the result to this Message object.
+Message& Message::operator <<(const ::wstring& wstr) {
+  internal::StreamWideCharsToMessage(wstr.c_str(), wstr.length(), this);
+  return *this;
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// Gets the text streamed to this object so far as an std::string.
+// Each '\0' character in the buffer is replaced with "\\0".
+std::string Message::GetString() const {
+  return internal::StringStreamToString(ss_.get());
+}
+
+// AssertionResult constructors.
+// Used in EXPECT_TRUE/FALSE(assertion_result).
+AssertionResult::AssertionResult(const AssertionResult& other)
+    : success_(other.success_),
+      message_(other.message_.get() != NULL ?
+               new ::std::string(*other.message_) :
+               static_cast< ::std::string*>(NULL)) {
+}
+
+// Swaps two AssertionResults.
+void AssertionResult::swap(AssertionResult& other) {
+  using std::swap;
+  swap(success_, other.success_);
+  swap(message_, other.message_);
+}
+
+// Returns the assertion's negation. Used with EXPECT/ASSERT_FALSE.
+AssertionResult AssertionResult::operator!() const {
+  AssertionResult negation(!success_);
+  if (message_.get() != NULL)
+    negation << *message_;
+  return negation;
+}
+
+// Makes a successful assertion result.
+AssertionResult AssertionSuccess() {
+  return AssertionResult(true);
+}
+
+// Makes a failed assertion result.
+AssertionResult AssertionFailure() {
+  return AssertionResult(false);
+}
+
+// Makes a failed assertion result with the given failure message.
+// Deprecated; use AssertionFailure() << message.
+AssertionResult AssertionFailure(const Message& message) {
+  return AssertionFailure() << message;
+}
+
+namespace internal {
+
+namespace edit_distance {
+std::vector<EditType> CalculateOptimalEdits(const std::vector<size_t>& left,
+                                            const std::vector<size_t>& right) {
+  std::vector<std::vector<double> > costs(
+      left.size() + 1, std::vector<double>(right.size() + 1));
+  std::vector<std::vector<EditType> > best_move(
+      left.size() + 1, std::vector<EditType>(right.size() + 1));
+
+  // Populate for empty right.
+  for (size_t l_i = 0; l_i < costs.size(); ++l_i) {
+    costs[l_i][0] = static_cast<double>(l_i);
+    best_move[l_i][0] = kRemove;
+  }
+  // Populate for empty left.
+  for (size_t r_i = 1; r_i < costs[0].size(); ++r_i) {
+    costs[0][r_i] = static_cast<double>(r_i);
+    best_move[0][r_i] = kAdd;
+  }
+
+  for (size_t l_i = 0; l_i < left.size(); ++l_i) {
+    for (size_t r_i = 0; r_i < right.size(); ++r_i) {
+      if (left[l_i] == right[r_i]) {
+        // Found a match. Consume it.
+        costs[l_i + 1][r_i + 1] = costs[l_i][r_i];
+        best_move[l_i + 1][r_i + 1] = kMatch;
+        continue;
+      }
+
+      const double add = costs[l_i + 1][r_i];
+      const double remove = costs[l_i][r_i + 1];
+      const double replace = costs[l_i][r_i];
+      if (add < remove && add < replace) {
+        costs[l_i + 1][r_i + 1] = add + 1;
+        best_move[l_i + 1][r_i + 1] = kAdd;
+      } else if (remove < add && remove < replace) {
+        costs[l_i + 1][r_i + 1] = remove + 1;
+        best_move[l_i + 1][r_i + 1] = kRemove;
+      } else {
+        // We make replace a little more expensive than add/remove to lower
+        // their priority.
+        costs[l_i + 1][r_i + 1] = replace + 1.00001;
+        best_move[l_i + 1][r_i + 1] = kReplace;
+      }
+    }
+  }
+
+  // Reconstruct the best path. We do it in reverse order.
+  std::vector<EditType> best_path;
+  for (size_t l_i = left.size(), r_i = right.size(); l_i > 0 || r_i > 0;) {
+    EditType move = best_move[l_i][r_i];
+    best_path.push_back(move);
+    l_i -= move != kAdd;
+    r_i -= move != kRemove;
+  }
+  std::reverse(best_path.begin(), best_path.end());
+  return best_path;
+}
+
+namespace {
+
+// Helper class to convert string into ids with deduplication.
+class InternalStrings {
+ public:
+  size_t GetId(const std::string& str) {
+    IdMap::iterator it = ids_.find(str);
+    if (it != ids_.end()) return it->second;
+    size_t id = ids_.size();
+    return ids_[str] = id;
+  }
+
+ private:
+  typedef std::map<std::string, size_t> IdMap;
+  IdMap ids_;
+};
+
+}  // namespace
+
+std::vector<EditType> CalculateOptimalEdits(
+    const std::vector<std::string>& left,
+    const std::vector<std::string>& right) {
+  std::vector<size_t> left_ids, right_ids;
+  {
+    InternalStrings intern_table;
+    for (size_t i = 0; i < left.size(); ++i) {
+      left_ids.push_back(intern_table.GetId(left[i]));
+    }
+    for (size_t i = 0; i < right.size(); ++i) {
+      right_ids.push_back(intern_table.GetId(right[i]));
+    }
+  }
+  return CalculateOptimalEdits(left_ids, right_ids);
+}
+
+namespace {
+
+// Helper class that holds the state for one hunk and prints it out to the
+// stream.
+// It reorders adds/removes when possible to group all removes before all
+// adds. It also adds the hunk header before printint into the stream.
+class Hunk {
+ public:
+  Hunk(size_t left_start, size_t right_start)
+      : left_start_(left_start),
+        right_start_(right_start),
+        adds_(),
+        removes_(),
+        common_() {}
+
+  void PushLine(char edit, const char* line) {
+    switch (edit) {
+      case ' ':
+        ++common_;
+        FlushEdits();
+        hunk_.push_back(std::make_pair(' ', line));
+        break;
+      case '-':
+        ++removes_;
+        hunk_removes_.push_back(std::make_pair('-', line));
+        break;
+      case '+':
+        ++adds_;
+        hunk_adds_.push_back(std::make_pair('+', line));
+        break;
+    }
+  }
+
+  void PrintTo(std::ostream* os) {
+    PrintHeader(os);
+    FlushEdits();
+    for (std::list<std::pair<char, const char*> >::const_iterator it =
+             hunk_.begin();
+         it != hunk_.end(); ++it) {
+      *os << it->first << it->second << "\n";
+    }
+  }
+
+  bool has_edits() const { return adds_ || removes_; }
+
+ private:
+  void FlushEdits() {
+    hunk_.splice(hunk_.end(), hunk_removes_);
+    hunk_.splice(hunk_.end(), hunk_adds_);
+  }
+
+  // Print a unified diff header for one hunk.
+  // The format is
+  //   "@@ -<left_start>,<left_length> +<right_start>,<right_length> @@"
+  // where the left/right parts are ommitted if unnecessary.
+  void PrintHeader(std::ostream* ss) const {
+    *ss << "@@ ";
+    if (removes_) {
+      *ss << "-" << left_start_ << "," << (removes_ + common_);
+    }
+    if (removes_ && adds_) {
+      *ss << " ";
+    }
+    if (adds_) {
+      *ss << "+" << right_start_ << "," << (adds_ + common_);
+    }
+    *ss << " @@\n";
+  }
+
+  size_t left_start_, right_start_;
+  size_t adds_, removes_, common_;
+  std::list<std::pair<char, const char*> > hunk_, hunk_adds_, hunk_removes_;
+};
+
+}  // namespace
+
+// Create a list of diff hunks in Unified diff format.
+// Each hunk has a header generated by PrintHeader above plus a body with
+// lines prefixed with ' ' for no change, '-' for deletion and '+' for
+// addition.
+// 'context' represents the desired unchanged prefix/suffix around the diff.
+// If two hunks are close enough that their contexts overlap, then they are
+// joined into one hunk.
+std::string CreateUnifiedDiff(const std::vector<std::string>& left,
+                              const std::vector<std::string>& right,
+                              size_t context) {
+  const std::vector<EditType> edits = CalculateOptimalEdits(left, right);
+
+  size_t l_i = 0, r_i = 0, edit_i = 0;
+  std::stringstream ss;
+  while (edit_i < edits.size()) {
+    // Find first edit.
+    while (edit_i < edits.size() && edits[edit_i] == kMatch) {
+      ++l_i;
+      ++r_i;
+      ++edit_i;
+    }
+
+    // Find the first line to include in the hunk.
+    const size_t prefix_context = std::min(l_i, context);
+    Hunk hunk(l_i - prefix_context + 1, r_i - prefix_context + 1);
+    for (size_t i = prefix_context; i > 0; --i) {
+      hunk.PushLine(' ', left[l_i - i].c_str());
+    }
+
+    // Iterate the edits until we found enough suffix for the hunk or the input
+    // is over.
+    size_t n_suffix = 0;
+    for (; edit_i < edits.size(); ++edit_i) {
+      if (n_suffix >= context) {
+        // Continue only if the next hunk is very close.
+        std::vector<EditType>::const_iterator it = edits.begin() + edit_i;
+        while (it != edits.end() && *it == kMatch) ++it;
+        if (it == edits.end() || (it - edits.begin()) - edit_i >= context) {
+          // There is no next edit or it is too far away.
+          break;
+        }
+      }
+
+      EditType edit = edits[edit_i];
+      // Reset count when a non match is found.
+      n_suffix = edit == kMatch ? n_suffix + 1 : 0;
+
+      if (edit == kMatch || edit == kRemove || edit == kReplace) {
+        hunk.PushLine(edit == kMatch ? ' ' : '-', left[l_i].c_str());
+      }
+      if (edit == kAdd || edit == kReplace) {
+        hunk.PushLine('+', right[r_i].c_str());
+      }
+
+      // Advance indices, depending on edit type.
+      l_i += edit != kAdd;
+      r_i += edit != kRemove;
+    }
+
+    if (!hunk.has_edits()) {
+      // We are done. We don't want this hunk.
+      break;
+    }
+
+    hunk.PrintTo(&ss);
+  }
+  return ss.str();
+}
+
+}  // namespace edit_distance
+
+namespace {
+
+// The string representation of the values received in EqFailure() are already
+// escaped. Split them on escaped '\n' boundaries. Leave all other escaped
+// characters the same.
+std::vector<std::string> SplitEscapedString(const std::string& str) {
+  std::vector<std::string> lines;
+  size_t start = 0, end = str.size();
+  if (end > 2 && str[0] == '"' && str[end - 1] == '"') {
+    ++start;
+    --end;
+  }
+  bool escaped = false;
+  for (size_t i = start; i + 1 < end; ++i) {
+    if (escaped) {
+      escaped = false;
+      if (str[i] == 'n') {
+        lines.push_back(str.substr(start, i - start - 1));
+        start = i + 1;
+      }
+    } else {
+      escaped = str[i] == '\\';
+    }
+  }
+  lines.push_back(str.substr(start, end - start));
+  return lines;
+}
+
+}  // namespace
+
+// Constructs and returns the message for an equality assertion
+// (e.g. ASSERT_EQ, EXPECT_STREQ, etc) failure.
+//
+// The first four parameters are the expressions used in the assertion
+// and their values, as strings.  For example, for ASSERT_EQ(foo, bar)
+// where foo is 5 and bar is 6, we have:
+//
+//   expected_expression: "foo"
+//   actual_expression:   "bar"
+//   expected_value:      "5"
+//   actual_value:        "6"
+//
+// The ignoring_case parameter is true iff the assertion is a
+// *_STRCASEEQ*.  When it's true, the string " (ignoring case)" will
+// be inserted into the message.
+AssertionResult EqFailure(const char* expected_expression,
+                          const char* actual_expression,
+                          const std::string& expected_value,
+                          const std::string& actual_value,
+                          bool ignoring_case) {
+  Message msg;
+  msg << "Value of: " << actual_expression;
+  if (actual_value != actual_expression) {
+    msg << "\n  Actual: " << actual_value;
+  }
+
+  msg << "\nExpected: " << expected_expression;
+  if (ignoring_case) {
+    msg << " (ignoring case)";
+  }
+  if (expected_value != expected_expression) {
+    msg << "\nWhich is: " << expected_value;
+  }
+
+  if (!expected_value.empty() && !actual_value.empty()) {
+    const std::vector<std::string> expected_lines =
+        SplitEscapedString(expected_value);
+    const std::vector<std::string> actual_lines =
+        SplitEscapedString(actual_value);
+    if (expected_lines.size() > 1 || actual_lines.size() > 1) {
+      msg << "\nWith diff:\n"
+          << edit_distance::CreateUnifiedDiff(expected_lines, actual_lines);
+    }
+  }
+
+  return AssertionFailure() << msg;
+}
+
+// Constructs a failure message for Boolean assertions such as EXPECT_TRUE.
+std::string GetBoolAssertionFailureMessage(
+    const AssertionResult& assertion_result,
+    const char* expression_text,
+    const char* actual_predicate_value,
+    const char* expected_predicate_value) {
+  const char* actual_message = assertion_result.message();
+  Message msg;
+  msg << "Value of: " << expression_text
+      << "\n  Actual: " << actual_predicate_value;
+  if (actual_message[0] != '\0')
+    msg << " (" << actual_message << ")";
+  msg << "\nExpected: " << expected_predicate_value;
+  return msg.GetString();
+}
+
+// Helper function for implementing ASSERT_NEAR.
+AssertionResult DoubleNearPredFormat(const char* expr1,
+                                     const char* expr2,
+                                     const char* abs_error_expr,
+                                     double val1,
+                                     double val2,
+                                     double abs_error) {
+  const double diff = fabs(val1 - val2);
+  if (diff <= abs_error) return AssertionSuccess();
+
+  // TODO(wan): do not print the value of an expression if it's
+  // already a literal.
+  return AssertionFailure()
+      << "The difference between " << expr1 << " and " << expr2
+      << " is " << diff << ", which exceeds " << abs_error_expr << ", where\n"
+      << expr1 << " evaluates to " << val1 << ",\n"
+      << expr2 << " evaluates to " << val2 << ", and\n"
+      << abs_error_expr << " evaluates to " << abs_error << ".";
+}
+
+
+// Helper template for implementing FloatLE() and DoubleLE().
+template <typename RawType>
+AssertionResult FloatingPointLE(const char* expr1,
+                                const char* expr2,
+                                RawType val1,
+                                RawType val2) {
+  // Returns success if val1 is less than val2,
+  if (val1 < val2) {
+    return AssertionSuccess();
+  }
+
+  // or if val1 is almost equal to val2.
+  const FloatingPoint<RawType> lhs(val1), rhs(val2);
+  if (lhs.AlmostEquals(rhs)) {
+    return AssertionSuccess();
+  }
+
+  // Note that the above two checks will both fail if either val1 or
+  // val2 is NaN, as the IEEE floating-point standard requires that
+  // any predicate involving a NaN must return false.
+
+  ::std::stringstream val1_ss;
+  val1_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+          << val1;
+
+  ::std::stringstream val2_ss;
+  val2_ss << std::setprecision(std::numeric_limits<RawType>::digits10 + 2)
+          << val2;
+
+  return AssertionFailure()
+      << "Expected: (" << expr1 << ") <= (" << expr2 << ")\n"
+      << "  Actual: " << StringStreamToString(&val1_ss) << " vs "
+      << StringStreamToString(&val2_ss);
+}
+
+}  // namespace internal
+
+// Asserts that val1 is less than, or almost equal to, val2.  Fails
+// otherwise.  In particular, it fails if either val1 or val2 is NaN.
+AssertionResult FloatLE(const char* expr1, const char* expr2,
+                        float val1, float val2) {
+  return internal::FloatingPointLE<float>(expr1, expr2, val1, val2);
+}
+
+// Asserts that val1 is less than, or almost equal to, val2.  Fails
+// otherwise.  In particular, it fails if either val1 or val2 is NaN.
+AssertionResult DoubleLE(const char* expr1, const char* expr2,
+                         double val1, double val2) {
+  return internal::FloatingPointLE<double>(expr1, expr2, val1, val2);
+}
+
+namespace internal {
+
+// The helper function for {ASSERT|EXPECT}_EQ with int or enum
+// arguments.
+AssertionResult CmpHelperEQ(const char* expected_expression,
+                            const char* actual_expression,
+                            BiggestInt expected,
+                            BiggestInt actual) {
+  if (expected == actual) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   FormatForComparisonFailureMessage(expected, actual),
+                   FormatForComparisonFailureMessage(actual, expected),
+                   false);
+}
+
+// A macro for implementing the helper functions needed to implement
+// ASSERT_?? and EXPECT_?? with integer or enum arguments.  It is here
+// just to avoid copy-and-paste of similar code.
+#define GTEST_IMPL_CMP_HELPER_(op_name, op)\
+AssertionResult CmpHelper##op_name(const char* expr1, const char* expr2, \
+                                   BiggestInt val1, BiggestInt val2) {\
+  if (val1 op val2) {\
+    return AssertionSuccess();\
+  } else {\
+    return AssertionFailure() \
+        << "Expected: (" << expr1 << ") " #op " (" << expr2\
+        << "), actual: " << FormatForComparisonFailureMessage(val1, val2)\
+        << " vs " << FormatForComparisonFailureMessage(val2, val1);\
+  }\
+}
+
+// Implements the helper function for {ASSERT|EXPECT}_NE with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(NE, !=)
+// Implements the helper function for {ASSERT|EXPECT}_LE with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(LE, <=)
+// Implements the helper function for {ASSERT|EXPECT}_LT with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(LT, < )
+// Implements the helper function for {ASSERT|EXPECT}_GE with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(GE, >=)
+// Implements the helper function for {ASSERT|EXPECT}_GT with int or
+// enum arguments.
+GTEST_IMPL_CMP_HELPER_(GT, > )
+
+#undef GTEST_IMPL_CMP_HELPER_
+
+// The helper function for {ASSERT|EXPECT}_STREQ.
+AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                               const char* actual_expression,
+                               const char* expected,
+                               const char* actual) {
+  if (String::CStringEquals(expected, actual)) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   PrintToString(expected),
+                   PrintToString(actual),
+                   false);
+}
+
+// The helper function for {ASSERT|EXPECT}_STRCASEEQ.
+AssertionResult CmpHelperSTRCASEEQ(const char* expected_expression,
+                                   const char* actual_expression,
+                                   const char* expected,
+                                   const char* actual) {
+  if (String::CaseInsensitiveCStringEquals(expected, actual)) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   PrintToString(expected),
+                   PrintToString(actual),
+                   true);
+}
+
+// The helper function for {ASSERT|EXPECT}_STRNE.
+AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                               const char* s2_expression,
+                               const char* s1,
+                               const char* s2) {
+  if (!String::CStringEquals(s1, s2)) {
+    return AssertionSuccess();
+  } else {
+    return AssertionFailure() << "Expected: (" << s1_expression << ") != ("
+                              << s2_expression << "), actual: \""
+                              << s1 << "\" vs \"" << s2 << "\"";
+  }
+}
+
+// The helper function for {ASSERT|EXPECT}_STRCASENE.
+AssertionResult CmpHelperSTRCASENE(const char* s1_expression,
+                                   const char* s2_expression,
+                                   const char* s1,
+                                   const char* s2) {
+  if (!String::CaseInsensitiveCStringEquals(s1, s2)) {
+    return AssertionSuccess();
+  } else {
+    return AssertionFailure()
+        << "Expected: (" << s1_expression << ") != ("
+        << s2_expression << ") (ignoring case), actual: \""
+        << s1 << "\" vs \"" << s2 << "\"";
+  }
+}
+
+}  // namespace internal
+
+namespace {
+
+// Helper functions for implementing IsSubString() and IsNotSubstring().
+
+// This group of overloaded functions return true iff needle is a
+// substring of haystack.  NULL is considered a substring of itself
+// only.
+
+bool IsSubstringPred(const char* needle, const char* haystack) {
+  if (needle == NULL || haystack == NULL)
+    return needle == haystack;
+
+  return strstr(haystack, needle) != NULL;
+}
+
+bool IsSubstringPred(const wchar_t* needle, const wchar_t* haystack) {
+  if (needle == NULL || haystack == NULL)
+    return needle == haystack;
+
+  return wcsstr(haystack, needle) != NULL;
+}
+
+// StringType here can be either ::std::string or ::std::wstring.
+template <typename StringType>
+bool IsSubstringPred(const StringType& needle,
+                     const StringType& haystack) {
+  return haystack.find(needle) != StringType::npos;
+}
+
+// This function implements either IsSubstring() or IsNotSubstring(),
+// depending on the value of the expected_to_be_substring parameter.
+// StringType here can be const char*, const wchar_t*, ::std::string,
+// or ::std::wstring.
+template <typename StringType>
+AssertionResult IsSubstringImpl(
+    bool expected_to_be_substring,
+    const char* needle_expr, const char* haystack_expr,
+    const StringType& needle, const StringType& haystack) {
+  if (IsSubstringPred(needle, haystack) == expected_to_be_substring)
+    return AssertionSuccess();
+
+  const bool is_wide_string = sizeof(needle[0]) > 1;
+  const char* const begin_string_quote = is_wide_string ? "L\"" : "\"";
+  return AssertionFailure()
+      << "Value of: " << needle_expr << "\n"
+      << "  Actual: " << begin_string_quote << needle << "\"\n"
+      << "Expected: " << (expected_to_be_substring ? "" : "not ")
+      << "a substring of " << haystack_expr << "\n"
+      << "Which is: " << begin_string_quote << haystack << "\"";
+}
+
+}  // namespace
+
+// IsSubstring() and IsNotSubstring() check whether needle is a
+// substring of haystack (NULL is considered a substring of itself
+// only), and return an appropriate error message when they fail.
+
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const char* needle, const char* haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const wchar_t* needle, const wchar_t* haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::string& needle, const ::std::string& haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+
+#if GTEST_HAS_STD_WSTRING
+AssertionResult IsSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack) {
+  return IsSubstringImpl(true, needle_expr, haystack_expr, needle, haystack);
+}
+
+AssertionResult IsNotSubstring(
+    const char* needle_expr, const char* haystack_expr,
+    const ::std::wstring& needle, const ::std::wstring& haystack) {
+  return IsSubstringImpl(false, needle_expr, haystack_expr, needle, haystack);
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+namespace internal {
+
+#if GTEST_OS_WINDOWS
+
+namespace {
+
+// Helper function for IsHRESULT{SuccessFailure} predicates
+AssertionResult HRESULTFailureHelper(const char* expr,
+                                     const char* expected,
+                                     long hr) {  // NOLINT
+# if GTEST_OS_WINDOWS_MOBILE
+
+  // Windows CE doesn't support FormatMessage.
+  const char error_text[] = "";
+
+# else
+
+  // Looks up the human-readable system message for the HRESULT code
+  // and since we're not passing any params to FormatMessage, we don't
+  // want inserts expanded.
+  const DWORD kFlags = FORMAT_MESSAGE_FROM_SYSTEM |
+                       FORMAT_MESSAGE_IGNORE_INSERTS;
+  const DWORD kBufSize = 4096;
+  // Gets the system's human readable message string for this HRESULT.
+  char error_text[kBufSize] = { '\0' };
+  DWORD message_length = ::FormatMessageA(kFlags,
+                                          0,  // no source, we're asking system
+                                          hr,  // the error
+                                          0,  // no line width restrictions
+                                          error_text,  // output buffer
+                                          kBufSize,  // buf size
+                                          NULL);  // no arguments for inserts
+  // Trims tailing white space (FormatMessage leaves a trailing CR-LF)
+  for (; message_length && IsSpace(error_text[message_length - 1]);
+          --message_length) {
+    error_text[message_length - 1] = '\0';
+  }
+
+# endif  // GTEST_OS_WINDOWS_MOBILE
+
+  const std::string error_hex("0x" + String::FormatHexInt(hr));
+  return ::testing::AssertionFailure()
+      << "Expected: " << expr << " " << expected << ".\n"
+      << "  Actual: " << error_hex << " " << error_text << "\n";
+}
+
+}  // namespace
+
+AssertionResult IsHRESULTSuccess(const char* expr, long hr) {  // NOLINT
+  if (SUCCEEDED(hr)) {
+    return AssertionSuccess();
+  }
+  return HRESULTFailureHelper(expr, "succeeds", hr);
+}
+
+AssertionResult IsHRESULTFailure(const char* expr, long hr) {  // NOLINT
+  if (FAILED(hr)) {
+    return AssertionSuccess();
+  }
+  return HRESULTFailureHelper(expr, "fails", hr);
+}
+
+#endif  // GTEST_OS_WINDOWS
+
+// Utility functions for encoding Unicode text (wide strings) in
+// UTF-8.
+
+// A Unicode code-point can have upto 21 bits, and is encoded in UTF-8
+// like this:
+//
+// Code-point length   Encoding
+//   0 -  7 bits       0xxxxxxx
+//   8 - 11 bits       110xxxxx 10xxxxxx
+//  12 - 16 bits       1110xxxx 10xxxxxx 10xxxxxx
+//  17 - 21 bits       11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+
+// The maximum code-point a one-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint1 = (static_cast<UInt32>(1) <<  7) - 1;
+
+// The maximum code-point a two-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint2 = (static_cast<UInt32>(1) << (5 + 6)) - 1;
+
+// The maximum code-point a three-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint3 = (static_cast<UInt32>(1) << (4 + 2*6)) - 1;
+
+// The maximum code-point a four-byte UTF-8 sequence can represent.
+const UInt32 kMaxCodePoint4 = (static_cast<UInt32>(1) << (3 + 3*6)) - 1;
+
+// Chops off the n lowest bits from a bit pattern.  Returns the n
+// lowest bits.  As a side effect, the original bit pattern will be
+// shifted to the right by n bits.
+inline UInt32 ChopLowBits(UInt32* bits, int n) {
+  const UInt32 low_bits = *bits & ((static_cast<UInt32>(1) << n) - 1);
+  *bits >>= n;
+  return low_bits;
+}
+
+// Converts a Unicode code point to a narrow string in UTF-8 encoding.
+// code_point parameter is of type UInt32 because wchar_t may not be
+// wide enough to contain a code point.
+// If the code_point is not a valid Unicode code point
+// (i.e. outside of Unicode range U+0 to U+10FFFF) it will be converted
+// to "(Invalid Unicode 0xXXXXXXXX)".
+std::string CodePointToUtf8(UInt32 code_point) {
+  if (code_point > kMaxCodePoint4) {
+    return "(Invalid Unicode 0x" + String::FormatHexInt(code_point) + ")";
+  }
+
+  char str[5];  // Big enough for the largest valid code point.
+  if (code_point <= kMaxCodePoint1) {
+    str[1] = '\0';
+    str[0] = static_cast<char>(code_point);                          // 0xxxxxxx
+  } else if (code_point <= kMaxCodePoint2) {
+    str[2] = '\0';
+    str[1] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[0] = static_cast<char>(0xC0 | code_point);                   // 110xxxxx
+  } else if (code_point <= kMaxCodePoint3) {
+    str[3] = '\0';
+    str[2] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[1] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[0] = static_cast<char>(0xE0 | code_point);                   // 1110xxxx
+  } else {  // code_point <= kMaxCodePoint4
+    str[4] = '\0';
+    str[3] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[2] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[1] = static_cast<char>(0x80 | ChopLowBits(&code_point, 6));  // 10xxxxxx
+    str[0] = static_cast<char>(0xF0 | code_point);                   // 11110xxx
+  }
+  return str;
+}
+
+// The following two functions only make sense if the the system
+// uses UTF-16 for wide string encoding. All supported systems
+// with 16 bit wchar_t (Windows, Cygwin, Symbian OS) do use UTF-16.
+
+// Determines if the arguments constitute UTF-16 surrogate pair
+// and thus should be combined into a single Unicode code point
+// using CreateCodePointFromUtf16SurrogatePair.
+inline bool IsUtf16SurrogatePair(wchar_t first, wchar_t second) {
+  return sizeof(wchar_t) == 2 &&
+      (first & 0xFC00) == 0xD800 && (second & 0xFC00) == 0xDC00;
+}
+
+// Creates a Unicode code point from UTF16 surrogate pair.
+inline UInt32 CreateCodePointFromUtf16SurrogatePair(wchar_t first,
+                                                    wchar_t second) {
+  const UInt32 mask = (1 << 10) - 1;
+  return (sizeof(wchar_t) == 2) ?
+      (((first & mask) << 10) | (second & mask)) + 0x10000 :
+      // This function should not be called when the condition is
+      // false, but we provide a sensible default in case it is.
+      static_cast<UInt32>(first);
+}
+
+// Converts a wide string to a narrow string in UTF-8 encoding.
+// The wide string is assumed to have the following encoding:
+//   UTF-16 if sizeof(wchar_t) == 2 (on Windows, Cygwin, Symbian OS)
+//   UTF-32 if sizeof(wchar_t) == 4 (on Linux)
+// Parameter str points to a null-terminated wide string.
+// Parameter num_chars may additionally limit the number
+// of wchar_t characters processed. -1 is used when the entire string
+// should be processed.
+// If the string contains code points that are not valid Unicode code points
+// (i.e. outside of Unicode range U+0 to U+10FFFF) they will be output
+// as '(Invalid Unicode 0xXXXXXXXX)'. If the string is in UTF16 encoding
+// and contains invalid UTF-16 surrogate pairs, values in those pairs
+// will be encoded as individual Unicode characters from Basic Normal Plane.
+std::string WideStringToUtf8(const wchar_t* str, int num_chars) {
+  if (num_chars == -1)
+    num_chars = static_cast<int>(wcslen(str));
+
+  ::std::stringstream stream;
+  for (int i = 0; i < num_chars; ++i) {
+    UInt32 unicode_code_point;
+
+    if (str[i] == L'\0') {
+      break;
+    } else if (i + 1 < num_chars && IsUtf16SurrogatePair(str[i], str[i + 1])) {
+      unicode_code_point = CreateCodePointFromUtf16SurrogatePair(str[i],
+                                                                 str[i + 1]);
+      i++;
+    } else {
+      unicode_code_point = static_cast<UInt32>(str[i]);
+    }
+
+    stream << CodePointToUtf8(unicode_code_point);
+  }
+  return StringStreamToString(&stream);
+}
+
+// Converts a wide C string to an std::string using the UTF-8 encoding.
+// NULL will be converted to "(null)".
+std::string String::ShowWideCString(const wchar_t * wide_c_str) {
+  if (wide_c_str == NULL)  return "(null)";
+
+  return internal::WideStringToUtf8(wide_c_str, -1);
+}
+
+// Compares two wide C strings.  Returns true iff they have the same
+// content.
+//
+// Unlike wcscmp(), this function can handle NULL argument(s).  A NULL
+// C string is considered different to any non-NULL C string,
+// including the empty string.
+bool String::WideCStringEquals(const wchar_t * lhs, const wchar_t * rhs) {
+  if (lhs == NULL) return rhs == NULL;
+
+  if (rhs == NULL) return false;
+
+  return wcscmp(lhs, rhs) == 0;
+}
+
+// Helper function for *_STREQ on wide strings.
+AssertionResult CmpHelperSTREQ(const char* expected_expression,
+                               const char* actual_expression,
+                               const wchar_t* expected,
+                               const wchar_t* actual) {
+  if (String::WideCStringEquals(expected, actual)) {
+    return AssertionSuccess();
+  }
+
+  return EqFailure(expected_expression,
+                   actual_expression,
+                   PrintToString(expected),
+                   PrintToString(actual),
+                   false);
+}
+
+// Helper function for *_STRNE on wide strings.
+AssertionResult CmpHelperSTRNE(const char* s1_expression,
+                               const char* s2_expression,
+                               const wchar_t* s1,
+                               const wchar_t* s2) {
+  if (!String::WideCStringEquals(s1, s2)) {
+    return AssertionSuccess();
+  }
+
+  return AssertionFailure() << "Expected: (" << s1_expression << ") != ("
+                            << s2_expression << "), actual: "
+                            << PrintToString(s1)
+                            << " vs " << PrintToString(s2);
+}
+
+// Compares two C strings, ignoring case.  Returns true iff they have
+// the same content.
+//
+// Unlike strcasecmp(), this function can handle NULL argument(s).  A
+// NULL C string is considered different to any non-NULL C string,
+// including the empty string.
+bool String::CaseInsensitiveCStringEquals(const char * lhs, const char * rhs) {
+  if (lhs == NULL)
+    return rhs == NULL;
+  if (rhs == NULL)
+    return false;
+  return posix::StrCaseCmp(lhs, rhs) == 0;
+}
+
+  // Compares two wide C strings, ignoring case.  Returns true iff they
+  // have the same content.
+  //
+  // Unlike wcscasecmp(), this function can handle NULL argument(s).
+  // A NULL C string is considered different to any non-NULL wide C string,
+  // including the empty string.
+  // NB: The implementations on different platforms slightly differ.
+  // On windows, this method uses _wcsicmp which compares according to LC_CTYPE
+  // environment variable. On GNU platform this method uses wcscasecmp
+  // which compares according to LC_CTYPE category of the current locale.
+  // On MacOS X, it uses towlower, which also uses LC_CTYPE category of the
+  // current locale.
+bool String::CaseInsensitiveWideCStringEquals(const wchar_t* lhs,
+                                              const wchar_t* rhs) {
+  if (lhs == NULL) return rhs == NULL;
+
+  if (rhs == NULL) return false;
+
+#if GTEST_OS_WINDOWS
+  return _wcsicmp(lhs, rhs) == 0;
+#elif GTEST_OS_LINUX && !GTEST_OS_LINUX_ANDROID
+  return wcscasecmp(lhs, rhs) == 0;
+#else
+  // Android, Mac OS X and Cygwin don't define wcscasecmp.
+  // Other unknown OSes may not define it either.
+  wint_t left, right;
+  do {
+    left = towlower(*lhs++);
+    right = towlower(*rhs++);
+  } while (left && left == right);
+  return left == right;
+#endif  // OS selector
+}
+
+// Returns true iff str ends with the given suffix, ignoring case.
+// Any string is considered to end with an empty suffix.
+bool String::EndsWithCaseInsensitive(
+    const std::string& str, const std::string& suffix) {
+  const size_t str_len = str.length();
+  const size_t suffix_len = suffix.length();
+  return (str_len >= suffix_len) &&
+         CaseInsensitiveCStringEquals(str.c_str() + str_len - suffix_len,
+                                      suffix.c_str());
+}
+
+// Formats an int value as "%02d".
+std::string String::FormatIntWidth2(int value) {
+  std::stringstream ss;
+  ss << std::setfill('0') << std::setw(2) << value;
+  return ss.str();
+}
+
+// Formats an int value as "%X".
+std::string String::FormatHexInt(int value) {
+  std::stringstream ss;
+  ss << std::hex << std::uppercase << value;
+  return ss.str();
+}
+
+// Formats a byte as "%02X".
+std::string String::FormatByte(unsigned char value) {
+  std::stringstream ss;
+  ss << std::setfill('0') << std::setw(2) << std::hex << std::uppercase
+     << static_cast<unsigned int>(value);
+  return ss.str();
+}
+
+// Converts the buffer in a stringstream to an std::string, converting NUL
+// bytes to "\\0" along the way.
+std::string StringStreamToString(::std::stringstream* ss) {
+  const ::std::string& str = ss->str();
+  const char* const start = str.c_str();
+  const char* const end = start + str.length();
+
+  std::string result;
+  result.reserve(2 * (end - start));
+  for (const char* ch = start; ch != end; ++ch) {
+    if (*ch == '\0') {
+      result += "\\0";  // Replaces NUL with "\\0";
+    } else {
+      result += *ch;
+    }
+  }
+
+  return result;
+}
+
+// Appends the user-supplied message to the Google-Test-generated message.
+std::string AppendUserMessage(const std::string& gtest_msg,
+                              const Message& user_msg) {
+  // Appends the user message if it's non-empty.
+  const std::string user_msg_string = user_msg.GetString();
+  if (user_msg_string.empty()) {
+    return gtest_msg;
+  }
+
+  return gtest_msg + "\n" + user_msg_string;
+}
+
+}  // namespace internal
+
+// class TestResult
+
+// Creates an empty TestResult.
+TestResult::TestResult()
+    : death_test_count_(0),
+      elapsed_time_(0) {
+}
+
+// D'tor.
+TestResult::~TestResult() {
+}
+
+// Returns the i-th test part result among all the results. i can
+// range from 0 to total_part_count() - 1. If i is not in that range,
+// aborts the program.
+const TestPartResult& TestResult::GetTestPartResult(int i) const {
+  if (i < 0 || i >= total_part_count())
+    internal::posix::Abort();
+  return test_part_results_.at(i);
+}
+
+// Returns the i-th test property. i can range from 0 to
+// test_property_count() - 1. If i is not in that range, aborts the
+// program.
+const TestProperty& TestResult::GetTestProperty(int i) const {
+  if (i < 0 || i >= test_property_count())
+    internal::posix::Abort();
+  return test_properties_.at(i);
+}
+
+// Clears the test part results.
+void TestResult::ClearTestPartResults() {
+  test_part_results_.clear();
+}
+
+// Adds a test part result to the list.
+void TestResult::AddTestPartResult(const TestPartResult& test_part_result) {
+  test_part_results_.push_back(test_part_result);
+}
+
+// Adds a test property to the list. If a property with the same key as the
+// supplied property is already represented, the value of this test_property
+// replaces the old value for that key.
+void TestResult::RecordProperty(const std::string& xml_element,
+                                const TestProperty& test_property) {
+  if (!ValidateTestProperty(xml_element, test_property)) {
+    return;
+  }
+  internal::MutexLock lock(&test_properites_mutex_);
+  const std::vector<TestProperty>::iterator property_with_matching_key =
+      std::find_if(test_properties_.begin(), test_properties_.end(),
+                   internal::TestPropertyKeyIs(test_property.key()));
+  if (property_with_matching_key == test_properties_.end()) {
+    test_properties_.push_back(test_property);
+    return;
+  }
+  property_with_matching_key->SetValue(test_property.value());
+}
+
+// The list of reserved attributes used in the <testsuites> element of XML
+// output.
+static const char* const kReservedTestSuitesAttributes[] = {
+  "disabled",
+  "errors",
+  "failures",
+  "name",
+  "random_seed",
+  "tests",
+  "time",
+  "timestamp"
+};
+
+// The list of reserved attributes used in the <testsuite> element of XML
+// output.
+static const char* const kReservedTestSuiteAttributes[] = {
+  "disabled",
+  "errors",
+  "failures",
+  "name",
+  "tests",
+  "time"
+};
+
+// The list of reserved attributes used in the <testcase> element of XML output.
+static const char* const kReservedTestCaseAttributes[] = {
+  "classname",
+  "name",
+  "status",
+  "time",
+  "type_param",
+  "value_param"
+};
+
+template <int kSize>
+std::vector<std::string> ArrayAsVector(const char* const (&array)[kSize]) {
+  return std::vector<std::string>(array, array + kSize);
+}
+
+static std::vector<std::string> GetReservedAttributesForElement(
+    const std::string& xml_element) {
+  if (xml_element == "testsuites") {
+    return ArrayAsVector(kReservedTestSuitesAttributes);
+  } else if (xml_element == "testsuite") {
+    return ArrayAsVector(kReservedTestSuiteAttributes);
+  } else if (xml_element == "testcase") {
+    return ArrayAsVector(kReservedTestCaseAttributes);
+  } else {
+    GTEST_CHECK_(false) << "Unrecognized xml_element provided: " << xml_element;
+  }
+  // This code is unreachable but some compilers may not realizes that.
+  return std::vector<std::string>();
+}
+
+static std::string FormatWordList(const std::vector<std::string>& words) {
+  Message word_list;
+  for (size_t i = 0; i < words.size(); ++i) {
+    if (i > 0 && words.size() > 2) {
+      word_list << ", ";
+    }
+    if (i == words.size() - 1) {
+      word_list << "and ";
+    }
+    word_list << "'" << words[i] << "'";
+  }
+  return word_list.GetString();
+}
+
+bool ValidateTestPropertyName(const std::string& property_name,
+                              const std::vector<std::string>& reserved_names) {
+  if (std::find(reserved_names.begin(), reserved_names.end(), property_name) !=
+          reserved_names.end()) {
+    ADD_FAILURE() << "Reserved key used in RecordProperty(): " << property_name
+                  << " (" << FormatWordList(reserved_names)
+                  << " are reserved by " << GTEST_NAME_ << ")";
+    return false;
+  }
+  return true;
+}
+
+// Adds a failure if the key is a reserved attribute of the element named
+// xml_element.  Returns true if the property is valid.
+bool TestResult::ValidateTestProperty(const std::string& xml_element,
+                                      const TestProperty& test_property) {
+  return ValidateTestPropertyName(test_property.key(),
+                                  GetReservedAttributesForElement(xml_element));
+}
+
+// Clears the object.
+void TestResult::Clear() {
+  test_part_results_.clear();
+  test_properties_.clear();
+  death_test_count_ = 0;
+  elapsed_time_ = 0;
+}
+
+// Returns true iff the test failed.
+bool TestResult::Failed() const {
+  for (int i = 0; i < total_part_count(); ++i) {
+    if (GetTestPartResult(i).failed())
+      return true;
+  }
+  return false;
+}
+
+// Returns true iff the test part fatally failed.
+static bool TestPartFatallyFailed(const TestPartResult& result) {
+  return result.fatally_failed();
+}
+
+// Returns true iff the test fatally failed.
+bool TestResult::HasFatalFailure() const {
+  return CountIf(test_part_results_, TestPartFatallyFailed) > 0;
+}
+
+// Returns true iff the test part non-fatally failed.
+static bool TestPartNonfatallyFailed(const TestPartResult& result) {
+  return result.nonfatally_failed();
+}
+
+// Returns true iff the test has a non-fatal failure.
+bool TestResult::HasNonfatalFailure() const {
+  return CountIf(test_part_results_, TestPartNonfatallyFailed) > 0;
+}
+
+// Gets the number of all test parts.  This is the sum of the number
+// of successful test parts and the number of failed test parts.
+int TestResult::total_part_count() const {
+  return static_cast<int>(test_part_results_.size());
+}
+
+// Returns the number of the test properties.
+int TestResult::test_property_count() const {
+  return static_cast<int>(test_properties_.size());
+}
+
+// class Test
+
+// Creates a Test object.
+
+// The c'tor saves the values of all Google Test flags.
+Test::Test()
+    : gtest_flag_saver_(new internal::GTestFlagSaver) {
+}
+
+// The d'tor restores the values of all Google Test flags.
+Test::~Test() {
+  delete gtest_flag_saver_;
+}
+
+// Sets up the test fixture.
+//
+// A sub-class may override this.
+void Test::SetUp() {
+}
+
+// Tears down the test fixture.
+//
+// A sub-class may override this.
+void Test::TearDown() {
+}
+
+// Allows user supplied key value pairs to be recorded for later output.
+void Test::RecordProperty(const std::string& key, const std::string& value) {
+  UnitTest::GetInstance()->RecordProperty(key, value);
+}
+
+// Allows user supplied key value pairs to be recorded for later output.
+void Test::RecordProperty(const std::string& key, int value) {
+  Message value_message;
+  value_message << value;
+  RecordProperty(key, value_message.GetString().c_str());
+}
+
+namespace internal {
+
+void ReportFailureInUnknownLocation(TestPartResult::Type result_type,
+                                    const std::string& message) {
+  // This function is a friend of UnitTest and as such has access to
+  // AddTestPartResult.
+  UnitTest::GetInstance()->AddTestPartResult(
+      result_type,
+      NULL,  // No info about the source file where the exception occurred.
+      -1,    // We have no info on which line caused the exception.
+      message,
+      "");   // No stack trace, either.
+}
+
+}  // namespace internal
+
+// Google Test requires all tests in the same test case to use the same test
+// fixture class.  This function checks if the current test has the
+// same fixture class as the first test in the current test case.  If
+// yes, it returns true; otherwise it generates a Google Test failure and
+// returns false.
+bool Test::HasSameFixtureClass() {
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  const TestCase* const test_case = impl->current_test_case();
+
+  // Info about the first test in the current test case.
+  const TestInfo* const first_test_info = test_case->test_info_list()[0];
+  const internal::TypeId first_fixture_id = first_test_info->fixture_class_id_;
+  const char* const first_test_name = first_test_info->name();
+
+  // Info about the current test.
+  const TestInfo* const this_test_info = impl->current_test_info();
+  const internal::TypeId this_fixture_id = this_test_info->fixture_class_id_;
+  const char* const this_test_name = this_test_info->name();
+
+  if (this_fixture_id != first_fixture_id) {
+    // Is the first test defined using TEST?
+    const bool first_is_TEST = first_fixture_id == internal::GetTestTypeId();
+    // Is this test defined using TEST?
+    const bool this_is_TEST = this_fixture_id == internal::GetTestTypeId();
+
+    if (first_is_TEST || this_is_TEST) {
+      // Both TEST and TEST_F appear in same test case, which is incorrect.
+      // Tell the user how to fix this.
+
+      // Gets the name of the TEST and the name of the TEST_F.  Note
+      // that first_is_TEST and this_is_TEST cannot both be true, as
+      // the fixture IDs are different for the two tests.
+      const char* const TEST_name =
+          first_is_TEST ? first_test_name : this_test_name;
+      const char* const TEST_F_name =
+          first_is_TEST ? this_test_name : first_test_name;
+
+      ADD_FAILURE()
+          << "All tests in the same test case must use the same test fixture\n"
+          << "class, so mixing TEST_F and TEST in the same test case is\n"
+          << "illegal.  In test case " << this_test_info->test_case_name()
+          << ",\n"
+          << "test " << TEST_F_name << " is defined using TEST_F but\n"
+          << "test " << TEST_name << " is defined using TEST.  You probably\n"
+          << "want to change the TEST to TEST_F or move it to another test\n"
+          << "case.";
+    } else {
+      // Two fixture classes with the same name appear in two different
+      // namespaces, which is not allowed. Tell the user how to fix this.
+      ADD_FAILURE()
+          << "All tests in the same test case must use the same test fixture\n"
+          << "class.  However, in test case "
+          << this_test_info->test_case_name() << ",\n"
+          << "you defined test " << first_test_name
+          << " and test " << this_test_name << "\n"
+          << "using two different test fixture classes.  This can happen if\n"
+          << "the two classes are from different namespaces or translation\n"
+          << "units and have the same name.  You should probably rename one\n"
+          << "of the classes to put the tests into different test cases.";
+    }
+    return false;
+  }
+
+  return true;
+}
+
+#if GTEST_HAS_SEH
+
+// Adds an "exception thrown" fatal failure to the current test.  This
+// function returns its result via an output parameter pointer because VC++
+// prohibits creation of objects with destructors on stack in functions
+// using __try (see error C2712).
+static std::string* FormatSehExceptionMessage(DWORD exception_code,
+                                              const char* location) {
+  Message message;
+  message << "SEH exception with code 0x" << std::setbase(16) <<
+    exception_code << std::setbase(10) << " thrown in " << location << ".";
+
+  return new std::string(message.GetString());
+}
+
+#endif  // GTEST_HAS_SEH
+
+namespace internal {
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Adds an "exception thrown" fatal failure to the current test.
+static std::string FormatCxxExceptionMessage(const char* description,
+                                             const char* location) {
+  Message message;
+  if (description != NULL) {
+    message << "C++ exception with description \"" << description << "\"";
+  } else {
+    message << "Unknown C++ exception";
+  }
+  message << " thrown in " << location << ".";
+
+  return message.GetString();
+}
+
+static std::string PrintTestPartResultToString(
+    const TestPartResult& test_part_result);
+
+GoogleTestFailureException::GoogleTestFailureException(
+    const TestPartResult& failure)
+    : ::std::runtime_error(PrintTestPartResultToString(failure).c_str()) {}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// We put these helper functions in the internal namespace as IBM's xlC
+// compiler rejects the code if they were declared static.
+
+// Runs the given method and handles SEH exceptions it throws, when
+// SEH is supported; returns the 0-value for type Result in case of an
+// SEH exception.  (Microsoft compilers cannot handle SEH and C++
+// exceptions in the same function.  Therefore, we provide a separate
+// wrapper function for handling SEH exceptions.)
+template <class T, typename Result>
+Result HandleSehExceptionsInMethodIfSupported(
+    T* object, Result (T::*method)(), const char* location) {
+#if GTEST_HAS_SEH
+  __try {
+    return (object->*method)();
+  } __except (internal::UnitTestOptions::GTestShouldProcessSEH(  // NOLINT
+      GetExceptionCode())) {
+    // We create the exception message on the heap because VC++ prohibits
+    // creation of objects with destructors on stack in functions using __try
+    // (see error C2712).
+    std::string* exception_message = FormatSehExceptionMessage(
+        GetExceptionCode(), location);
+    internal::ReportFailureInUnknownLocation(TestPartResult::kFatalFailure,
+                                             *exception_message);
+    delete exception_message;
+    return static_cast<Result>(0);
+  }
+#else
+  (void)location;
+  return (object->*method)();
+#endif  // GTEST_HAS_SEH
+}
+
+// Runs the given method and catches and reports C++ and/or SEH-style
+// exceptions, if they are supported; returns the 0-value for type
+// Result in case of an SEH exception.
+template <class T, typename Result>
+Result HandleExceptionsInMethodIfSupported(
+    T* object, Result (T::*method)(), const char* location) {
+  // NOTE: The user code can affect the way in which Google Test handles
+  // exceptions by setting GTEST_FLAG(catch_exceptions), but only before
+  // RUN_ALL_TESTS() starts. It is technically possible to check the flag
+  // after the exception is caught and either report or re-throw the
+  // exception based on the flag's value:
+  //
+  // try {
+  //   // Perform the test method.
+  // } catch (...) {
+  //   if (GTEST_FLAG(catch_exceptions))
+  //     // Report the exception as failure.
+  //   else
+  //     throw;  // Re-throws the original exception.
+  // }
+  //
+  // However, the purpose of this flag is to allow the program to drop into
+  // the debugger when the exception is thrown. On most platforms, once the
+  // control enters the catch block, the exception origin information is
+  // lost and the debugger will stop the program at the point of the
+  // re-throw in this function -- instead of at the point of the original
+  // throw statement in the code under test.  For this reason, we perform
+  // the check early, sacrificing the ability to affect Google Test's
+  // exception handling in the method where the exception is thrown.
+  if (internal::GetUnitTestImpl()->catch_exceptions()) {
+#if GTEST_HAS_EXCEPTIONS
+    try {
+      return HandleSehExceptionsInMethodIfSupported(object, method, location);
+    } catch (const internal::GoogleTestFailureException&) {  // NOLINT
+      // This exception type can only be thrown by a failed Google
+      // Test assertion with the intention of letting another testing
+      // framework catch it.  Therefore we just re-throw it.
+      throw;
+    } catch (const std::exception& e) {  // NOLINT
+      internal::ReportFailureInUnknownLocation(
+          TestPartResult::kFatalFailure,
+          FormatCxxExceptionMessage(e.what(), location));
+    } catch (...) {  // NOLINT
+      internal::ReportFailureInUnknownLocation(
+          TestPartResult::kFatalFailure,
+          FormatCxxExceptionMessage(NULL, location));
+    }
+    return static_cast<Result>(0);
+#else
+    return HandleSehExceptionsInMethodIfSupported(object, method, location);
+#endif  // GTEST_HAS_EXCEPTIONS
+  } else {
+    return (object->*method)();
+  }
+}
+
+}  // namespace internal
+
+// Runs the test and updates the test result.
+void Test::Run() {
+  if (!HasSameFixtureClass()) return;
+
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(this, &Test::SetUp, "SetUp()");
+  // We will run the test only if SetUp() was successful.
+  if (!HasFatalFailure()) {
+    impl->os_stack_trace_getter()->UponLeavingGTest();
+    internal::HandleExceptionsInMethodIfSupported(
+        this, &Test::TestBody, "the test body");
+  }
+
+  // However, we want to clean up as much as possible.  Hence we will
+  // always call TearDown(), even if SetUp() or the test body has
+  // failed.
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      this, &Test::TearDown, "TearDown()");
+}
+
+// Returns true iff the current test has a fatal failure.
+bool Test::HasFatalFailure() {
+  return internal::GetUnitTestImpl()->current_test_result()->HasFatalFailure();
+}
+
+// Returns true iff the current test has a non-fatal failure.
+bool Test::HasNonfatalFailure() {
+  return internal::GetUnitTestImpl()->current_test_result()->
+      HasNonfatalFailure();
+}
+
+// class TestInfo
+
+// Constructs a TestInfo object. It assumes ownership of the test factory
+// object.
+TestInfo::TestInfo(const std::string& a_test_case_name,
+                   const std::string& a_name,
+                   const char* a_type_param,
+                   const char* a_value_param,
+                   internal::TypeId fixture_class_id,
+                   internal::TestFactoryBase* factory)
+    : test_case_name_(a_test_case_name),
+      name_(a_name),
+      type_param_(a_type_param ? new std::string(a_type_param) : NULL),
+      value_param_(a_value_param ? new std::string(a_value_param) : NULL),
+      fixture_class_id_(fixture_class_id),
+      should_run_(false),
+      is_disabled_(false),
+      matches_filter_(false),
+      factory_(factory),
+      result_() {}
+
+// Destructs a TestInfo object.
+TestInfo::~TestInfo() { delete factory_; }
+
+namespace internal {
+
+// Creates a new TestInfo object and registers it with Google Test;
+// returns the created object.
+//
+// Arguments:
+//
+//   test_case_name:   name of the test case
+//   name:             name of the test
+//   type_param:       the name of the test's type parameter, or NULL if
+//                     this is not a typed or a type-parameterized test.
+//   value_param:      text representation of the test's value parameter,
+//                     or NULL if this is not a value-parameterized test.
+//   fixture_class_id: ID of the test fixture class
+//   set_up_tc:        pointer to the function that sets up the test case
+//   tear_down_tc:     pointer to the function that tears down the test case
+//   factory:          pointer to the factory that creates a test object.
+//                     The newly created TestInfo instance will assume
+//                     ownership of the factory object.
+TestInfo* MakeAndRegisterTestInfo(
+    const char* test_case_name,
+    const char* name,
+    const char* type_param,
+    const char* value_param,
+    TypeId fixture_class_id,
+    SetUpTestCaseFunc set_up_tc,
+    TearDownTestCaseFunc tear_down_tc,
+    TestFactoryBase* factory) {
+  TestInfo* const test_info =
+      new TestInfo(test_case_name, name, type_param, value_param,
+                   fixture_class_id, factory);
+  GetUnitTestImpl()->AddTestInfo(set_up_tc, tear_down_tc, test_info);
+  return test_info;
+}
+
+#if GTEST_HAS_PARAM_TEST
+void ReportInvalidTestCaseType(const char* test_case_name,
+                               const char* file, int line) {
+  Message errors;
+  errors
+      << "Attempted redefinition of test case " << test_case_name << ".\n"
+      << "All tests in the same test case must use the same test fixture\n"
+      << "class.  However, in test case " << test_case_name << ", you tried\n"
+      << "to define a test using a fixture class different from the one\n"
+      << "used earlier. This can happen if the two fixture classes are\n"
+      << "from different namespaces and have the same name. You should\n"
+      << "probably rename one of the classes to put the tests into different\n"
+      << "test cases.";
+
+  fprintf(stderr, "%s %s", FormatFileLocation(file, line).c_str(),
+          errors.GetString().c_str());
+}
+#endif  // GTEST_HAS_PARAM_TEST
+
+}  // namespace internal
+
+namespace {
+
+// A predicate that checks the test name of a TestInfo against a known
+// value.
+//
+// This is used for implementation of the TestCase class only.  We put
+// it in the anonymous namespace to prevent polluting the outer
+// namespace.
+//
+// TestNameIs is copyable.
+class TestNameIs {
+ public:
+  // Constructor.
+  //
+  // TestNameIs has NO default constructor.
+  explicit TestNameIs(const char* name)
+      : name_(name) {}
+
+  // Returns true iff the test name of test_info matches name_.
+  bool operator()(const TestInfo * test_info) const {
+    return test_info && test_info->name() == name_;
+  }
+
+ private:
+  std::string name_;
+};
+
+}  // namespace
+
+namespace internal {
+
+// This method expands all parameterized tests registered with macros TEST_P
+// and INSTANTIATE_TEST_CASE_P into regular tests and registers those.
+// This will be done just once during the program runtime.
+void UnitTestImpl::RegisterParameterizedTests() {
+#if GTEST_HAS_PARAM_TEST
+  if (!parameterized_tests_registered_) {
+    parameterized_test_registry_.RegisterTests();
+    parameterized_tests_registered_ = true;
+  }
+#endif
+}
+
+}  // namespace internal
+
+// Creates the test object, runs it, records its result, and then
+// deletes it.
+void TestInfo::Run() {
+  if (!should_run_) return;
+
+  // Tells UnitTest where to store test result.
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  impl->set_current_test_info(this);
+
+  TestEventListener* repeater = UnitTest::GetInstance()->listeners().repeater();
+
+  // Notifies the unit test event listeners that a test is about to start.
+  repeater->OnTestStart(*this);
+
+  const TimeInMillis start = internal::GetTimeInMillis();
+
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+
+  // Creates the test object.
+  Test* const test = internal::HandleExceptionsInMethodIfSupported(
+      factory_, &internal::TestFactoryBase::CreateTest,
+      "the test fixture's constructor");
+
+  // Runs the test only if the test object was created and its
+  // constructor didn't generate a fatal failure.
+  if ((test != NULL) && !Test::HasFatalFailure()) {
+    // This doesn't throw as all user code that can throw are wrapped into
+    // exception handling code.
+    test->Run();
+  }
+
+  // Deletes the test object.
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      test, &Test::DeleteSelf_, "the test fixture's destructor");
+
+  result_.set_elapsed_time(internal::GetTimeInMillis() - start);
+
+  // Notifies the unit test event listener that a test has just finished.
+  repeater->OnTestEnd(*this);
+
+  // Tells UnitTest to stop associating assertion results to this
+  // test.
+  impl->set_current_test_info(NULL);
+}
+
+// class TestCase
+
+// Gets the number of successful tests in this test case.
+int TestCase::successful_test_count() const {
+  return CountIf(test_info_list_, TestPassed);
+}
+
+// Gets the number of failed tests in this test case.
+int TestCase::failed_test_count() const {
+  return CountIf(test_info_list_, TestFailed);
+}
+
+// Gets the number of disabled tests that will be reported in the XML report.
+int TestCase::reportable_disabled_test_count() const {
+  return CountIf(test_info_list_, TestReportableDisabled);
+}
+
+// Gets the number of disabled tests in this test case.
+int TestCase::disabled_test_count() const {
+  return CountIf(test_info_list_, TestDisabled);
+}
+
+// Gets the number of tests to be printed in the XML report.
+int TestCase::reportable_test_count() const {
+  return CountIf(test_info_list_, TestReportable);
+}
+
+// Get the number of tests in this test case that should run.
+int TestCase::test_to_run_count() const {
+  return CountIf(test_info_list_, ShouldRunTest);
+}
+
+// Gets the number of all tests.
+int TestCase::total_test_count() const {
+  return static_cast<int>(test_info_list_.size());
+}
+
+// Creates a TestCase with the given name.
+//
+// Arguments:
+//
+//   name:         name of the test case
+//   a_type_param: the name of the test case's type parameter, or NULL if
+//                 this is not a typed or a type-parameterized test case.
+//   set_up_tc:    pointer to the function that sets up the test case
+//   tear_down_tc: pointer to the function that tears down the test case
+TestCase::TestCase(const char* a_name, const char* a_type_param,
+                   Test::SetUpTestCaseFunc set_up_tc,
+                   Test::TearDownTestCaseFunc tear_down_tc)
+    : name_(a_name),
+      type_param_(a_type_param ? new std::string(a_type_param) : NULL),
+      set_up_tc_(set_up_tc),
+      tear_down_tc_(tear_down_tc),
+      should_run_(false),
+      elapsed_time_(0) {
+}
+
+// Destructor of TestCase.
+TestCase::~TestCase() {
+  // Deletes every Test in the collection.
+  ForEach(test_info_list_, internal::Delete<TestInfo>);
+}
+
+// Returns the i-th test among all the tests. i can range from 0 to
+// total_test_count() - 1. If i is not in that range, returns NULL.
+const TestInfo* TestCase::GetTestInfo(int i) const {
+  const int index = GetElementOr(test_indices_, i, -1);
+  return index < 0 ? NULL : test_info_list_[index];
+}
+
+// Returns the i-th test among all the tests. i can range from 0 to
+// total_test_count() - 1. If i is not in that range, returns NULL.
+TestInfo* TestCase::GetMutableTestInfo(int i) {
+  const int index = GetElementOr(test_indices_, i, -1);
+  return index < 0 ? NULL : test_info_list_[index];
+}
+
+// Adds a test to this test case.  Will delete the test upon
+// destruction of the TestCase object.
+void TestCase::AddTestInfo(TestInfo * test_info) {
+  test_info_list_.push_back(test_info);
+  test_indices_.push_back(static_cast<int>(test_indices_.size()));
+}
+
+// Runs every test in this TestCase.
+void TestCase::Run() {
+  if (!should_run_) return;
+
+  internal::UnitTestImpl* const impl = internal::GetUnitTestImpl();
+  impl->set_current_test_case(this);
+
+  TestEventListener* repeater = UnitTest::GetInstance()->listeners().repeater();
+
+  repeater->OnTestCaseStart(*this);
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      this, &TestCase::RunSetUpTestCase, "SetUpTestCase()");
+
+  const internal::TimeInMillis start = internal::GetTimeInMillis();
+  for (int i = 0; i < total_test_count(); i++) {
+    GetMutableTestInfo(i)->Run();
+  }
+  elapsed_time_ = internal::GetTimeInMillis() - start;
+
+  impl->os_stack_trace_getter()->UponLeavingGTest();
+  internal::HandleExceptionsInMethodIfSupported(
+      this, &TestCase::RunTearDownTestCase, "TearDownTestCase()");
+
+  repeater->OnTestCaseEnd(*this);
+  impl->set_current_test_case(NULL);
+}
+
+// Clears the results of all tests in this test case.
+void TestCase::ClearResult() {
+  ad_hoc_test_result_.Clear();
+  ForEach(test_info_list_, TestInfo::ClearTestResult);
+}
+
+// Shuffles the tests in this test case.
+void TestCase::ShuffleTests(internal::Random* random) {
+  Shuffle(random, &test_indices_);
+}
+
+// Restores the test order to before the first shuffle.
+void TestCase::UnshuffleTests() {
+  for (size_t i = 0; i < test_indices_.size(); i++) {
+    test_indices_[i] = static_cast<int>(i);
+  }
+}
+
+// Formats a countable noun.  Depending on its quantity, either the
+// singular form or the plural form is used. e.g.
+//
+// FormatCountableNoun(1, "formula", "formuli") returns "1 formula".
+// FormatCountableNoun(5, "book", "books") returns "5 books".
+static std::string FormatCountableNoun(int count,
+                                       const char * singular_form,
+                                       const char * plural_form) {
+  return internal::StreamableToString(count) + " " +
+      (count == 1 ? singular_form : plural_form);
+}
+
+// Formats the count of tests.
+static std::string FormatTestCount(int test_count) {
+  return FormatCountableNoun(test_count, "test", "tests");
+}
+
+// Formats the count of test cases.
+static std::string FormatTestCaseCount(int test_case_count) {
+  return FormatCountableNoun(test_case_count, "test case", "test cases");
+}
+
+// Converts a TestPartResult::Type enum to human-friendly string
+// representation.  Both kNonFatalFailure and kFatalFailure are translated
+// to "Failure", as the user usually doesn't care about the difference
+// between the two when viewing the test result.
+static const char * TestPartResultTypeToString(TestPartResult::Type type) {
+  switch (type) {
+    case TestPartResult::kSuccess:
+      return "Success";
+
+    case TestPartResult::kNonFatalFailure:
+    case TestPartResult::kFatalFailure:
+#ifdef _MSC_VER
+      return "error: ";
+#else
+      return "Failure\n";
+#endif
+    default:
+      return "Unknown result type";
+  }
+}
+
+namespace internal {
+
+// Prints a TestPartResult to an std::string.
+static std::string PrintTestPartResultToString(
+    const TestPartResult& test_part_result) {
+  return (Message()
+          << internal::FormatFileLocation(test_part_result.file_name(),
+                                          test_part_result.line_number())
+          << " " << TestPartResultTypeToString(test_part_result.type())
+          << test_part_result.message()).GetString();
+}
+
+// Prints a TestPartResult.
+static void PrintTestPartResult(const TestPartResult& test_part_result) {
+  const std::string& result =
+      PrintTestPartResultToString(test_part_result);
+  printf("%s\n", result.c_str());
+  fflush(stdout);
+  // If the test program runs in Visual Studio or a debugger, the
+  // following statements add the test part result message to the Output
+  // window such that the user can double-click on it to jump to the
+  // corresponding source code location; otherwise they do nothing.
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE
+  // We don't call OutputDebugString*() on Windows Mobile, as printing
+  // to stdout is done by OutputDebugString() there already - we don't
+  // want the same message printed twice.
+  ::OutputDebugStringA(result.c_str());
+  ::OutputDebugStringA("\n");
+#endif
+}
+
+// class PrettyUnitTestResultPrinter
+
+enum GTestColor {
+  COLOR_DEFAULT,
+  COLOR_RED,
+  COLOR_GREEN,
+  COLOR_YELLOW
+};
+
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE && \
+    !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+
+// Returns the character attribute for the given color.
+WORD GetColorAttribute(GTestColor color) {
+  switch (color) {
+    case COLOR_RED:    return FOREGROUND_RED;
+    case COLOR_GREEN:  return FOREGROUND_GREEN;
+    case COLOR_YELLOW: return FOREGROUND_RED | FOREGROUND_GREEN;
+    default:           return 0;
+  }
+}
+
+#else
+
+// Returns the ANSI color code for the given color.  COLOR_DEFAULT is
+// an invalid input.
+const char* GetAnsiColorCode(GTestColor color) {
+  switch (color) {
+    case COLOR_RED:     return "1";
+    case COLOR_GREEN:   return "2";
+    case COLOR_YELLOW:  return "3";
+    default:            return NULL;
+  };
+}
+
+#endif  // GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE
+
+// Returns true iff Google Test should use colors in the output.
+bool ShouldUseColor(bool stdout_is_tty) {
+  const char* const gtest_color = GTEST_FLAG(color).c_str();
+
+  if (String::CaseInsensitiveCStringEquals(gtest_color, "auto")) {
+#if GTEST_OS_WINDOWS
+    // On Windows the TERM variable is usually not set, but the
+    // console there does support colors.
+    return stdout_is_tty;
+#else
+    // On non-Windows platforms, we rely on the TERM variable.
+    const char* const term = posix::GetEnv("TERM");
+    const bool term_supports_color =
+        String::CStringEquals(term, "xterm") ||
+        String::CStringEquals(term, "xterm-color") ||
+        String::CStringEquals(term, "xterm-256color") ||
+        String::CStringEquals(term, "screen") ||
+        String::CStringEquals(term, "screen-256color") ||
+        String::CStringEquals(term, "linux") ||
+        String::CStringEquals(term, "cygwin");
+    return stdout_is_tty && term_supports_color;
+#endif  // GTEST_OS_WINDOWS
+  }
+
+  return String::CaseInsensitiveCStringEquals(gtest_color, "yes") ||
+      String::CaseInsensitiveCStringEquals(gtest_color, "true") ||
+      String::CaseInsensitiveCStringEquals(gtest_color, "t") ||
+      String::CStringEquals(gtest_color, "1");
+  // We take "yes", "true", "t", and "1" as meaning "yes".  If the
+  // value is neither one of these nor "auto", we treat it as "no" to
+  // be conservative.
+}
+
+// Helpers for printing colored strings to stdout. Note that on Windows, we
+// cannot simply emit special characters and have the terminal change colors.
+// This routine must actually emit the characters rather than return a string
+// that would be colored when printed, as can be done on Linux.
+void ColoredPrintf(GTestColor color, const char* fmt, ...) {
+  va_list args;
+  va_start(args, fmt);
+
+#if GTEST_OS_WINDOWS_MOBILE || GTEST_OS_SYMBIAN || GTEST_OS_ZOS || \
+    GTEST_OS_IOS || GTEST_OS_WINDOWS_PHONE || GTEST_OS_WINDOWS_RT
+  const bool use_color = false;
+#else
+  static const bool in_color_mode =
+      ShouldUseColor(posix::IsATTY(posix::FileNo(stdout)) != 0);
+  const bool use_color = in_color_mode && (color != COLOR_DEFAULT);
+#endif  // GTEST_OS_WINDOWS_MOBILE || GTEST_OS_SYMBIAN || GTEST_OS_ZOS
+  // The '!= 0' comparison is necessary to satisfy MSVC 7.1.
+
+  if (!use_color) {
+    vprintf(fmt, args);
+    va_end(args);
+    return;
+  }
+
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE && \
+    !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+  const HANDLE stdout_handle = GetStdHandle(STD_OUTPUT_HANDLE);
+
+  // Gets the current text color.
+  CONSOLE_SCREEN_BUFFER_INFO buffer_info;
+  GetConsoleScreenBufferInfo(stdout_handle, &buffer_info);
+  const WORD old_color_attrs = buffer_info.wAttributes;
+
+  // We need to flush the stream buffers into the console before each
+  // SetConsoleTextAttribute call lest it affect the text that is already
+  // printed but has not yet reached the console.
+  fflush(stdout);
+  SetConsoleTextAttribute(stdout_handle,
+                          GetColorAttribute(color) | FOREGROUND_INTENSITY);
+  vprintf(fmt, args);
+
+  fflush(stdout);
+  // Restores the text color.
+  SetConsoleTextAttribute(stdout_handle, old_color_attrs);
+#else
+  printf("\033[0;3%sm", GetAnsiColorCode(color));
+  vprintf(fmt, args);
+  printf("\033[m");  // Resets the terminal to default.
+#endif  // GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_MOBILE
+  va_end(args);
+}
+
+// Text printed in Google Test's text output and --gunit_list_tests
+// output to label the type parameter and value parameter for a test.
+static const char kTypeParamLabel[] = "TypeParam";
+static const char kValueParamLabel[] = "GetParam()";
+
+void PrintFullTestCommentIfPresent(const TestInfo& test_info) {
+  const char* const type_param = test_info.type_param();
+  const char* const value_param = test_info.value_param();
+
+  if (type_param != NULL || value_param != NULL) {
+    printf(", where ");
+    if (type_param != NULL) {
+      printf("%s = %s", kTypeParamLabel, type_param);
+      if (value_param != NULL)
+        printf(" and ");
+    }
+    if (value_param != NULL) {
+      printf("%s = %s", kValueParamLabel, value_param);
+    }
+  }
+}
+
+// This class implements the TestEventListener interface.
+//
+// Class PrettyUnitTestResultPrinter is copyable.
+class PrettyUnitTestResultPrinter : public TestEventListener {
+ public:
+  PrettyUnitTestResultPrinter() {}
+  static void PrintTestName(const char * test_case, const char * test) {
+    printf("%s.%s", test_case, test);
+  }
+
+  // The following methods override what's in the TestEventListener class.
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationStart(const UnitTest& unit_test, int iteration);
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestCaseStart(const TestCase& test_case);
+  virtual void OnTestStart(const TestInfo& test_info);
+  virtual void OnTestPartResult(const TestPartResult& result);
+  virtual void OnTestEnd(const TestInfo& test_info);
+  virtual void OnTestCaseEnd(const TestCase& test_case);
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& /*unit_test*/) {}
+  virtual void OnTestIterationEnd(const UnitTest& unit_test, int iteration);
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {}
+
+ private:
+  static void PrintFailedTests(const UnitTest& unit_test);
+};
+
+  // Fired before each iteration of tests starts.
+void PrettyUnitTestResultPrinter::OnTestIterationStart(
+    const UnitTest& unit_test, int iteration) {
+  if (GTEST_FLAG(repeat) != 1)
+    printf("\nRepeating all tests (iteration %d) . . .\n\n", iteration + 1);
+
+  const char* const filter = GTEST_FLAG(filter).c_str();
+
+  // Prints the filter if it's not *.  This reminds the user that some
+  // tests may be skipped.
+  if (!String::CStringEquals(filter, kUniversalFilter)) {
+    ColoredPrintf(COLOR_YELLOW,
+                  "Note: %s filter = %s\n", GTEST_NAME_, filter);
+  }
+
+  if (internal::ShouldShard(kTestTotalShards, kTestShardIndex, false)) {
+    const Int32 shard_index = Int32FromEnvOrDie(kTestShardIndex, -1);
+    ColoredPrintf(COLOR_YELLOW,
+                  "Note: This is test shard %d of %s.\n",
+                  static_cast<int>(shard_index) + 1,
+                  internal::posix::GetEnv(kTestTotalShards));
+  }
+
+  if (GTEST_FLAG(shuffle)) {
+    ColoredPrintf(COLOR_YELLOW,
+                  "Note: Randomizing tests' orders with a seed of %d .\n",
+                  unit_test.random_seed());
+  }
+
+  ColoredPrintf(COLOR_GREEN,  "[==========] ");
+  printf("Running %s from %s.\n",
+         FormatTestCount(unit_test.test_to_run_count()).c_str(),
+         FormatTestCaseCount(unit_test.test_case_to_run_count()).c_str());
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnEnvironmentsSetUpStart(
+    const UnitTest& /*unit_test*/) {
+  ColoredPrintf(COLOR_GREEN,  "[----------] ");
+  printf("Global test environment set-up.\n");
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestCaseStart(const TestCase& test_case) {
+  const std::string counts =
+      FormatCountableNoun(test_case.test_to_run_count(), "test", "tests");
+  ColoredPrintf(COLOR_GREEN, "[----------] ");
+  printf("%s from %s", counts.c_str(), test_case.name());
+  if (test_case.type_param() == NULL) {
+    printf("\n");
+  } else {
+    printf(", where %s = %s\n", kTypeParamLabel, test_case.type_param());
+  }
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestStart(const TestInfo& test_info) {
+  ColoredPrintf(COLOR_GREEN,  "[ RUN      ] ");
+  PrintTestName(test_info.test_case_name(), test_info.name());
+  printf("\n");
+  fflush(stdout);
+}
+
+// Called after an assertion failure.
+void PrettyUnitTestResultPrinter::OnTestPartResult(
+    const TestPartResult& result) {
+  // If the test part succeeded, we don't need to do anything.
+  if (result.type() == TestPartResult::kSuccess)
+    return;
+
+  // Print failure message from the assertion (e.g. expected this and got that).
+  PrintTestPartResult(result);
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestEnd(const TestInfo& test_info) {
+  if (test_info.result()->Passed()) {
+    ColoredPrintf(COLOR_GREEN, "[       OK ] ");
+  } else {
+    ColoredPrintf(COLOR_RED, "[  FAILED  ] ");
+  }
+  PrintTestName(test_info.test_case_name(), test_info.name());
+  if (test_info.result()->Failed())
+    PrintFullTestCommentIfPresent(test_info);
+
+  if (GTEST_FLAG(print_time)) {
+    printf(" (%s ms)\n", internal::StreamableToString(
+           test_info.result()->elapsed_time()).c_str());
+  } else {
+    printf("\n");
+  }
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnTestCaseEnd(const TestCase& test_case) {
+  if (!GTEST_FLAG(print_time)) return;
+
+  const std::string counts =
+      FormatCountableNoun(test_case.test_to_run_count(), "test", "tests");
+  ColoredPrintf(COLOR_GREEN, "[----------] ");
+  printf("%s from %s (%s ms total)\n\n",
+         counts.c_str(), test_case.name(),
+         internal::StreamableToString(test_case.elapsed_time()).c_str());
+  fflush(stdout);
+}
+
+void PrettyUnitTestResultPrinter::OnEnvironmentsTearDownStart(
+    const UnitTest& /*unit_test*/) {
+  ColoredPrintf(COLOR_GREEN,  "[----------] ");
+  printf("Global test environment tear-down\n");
+  fflush(stdout);
+}
+
+// Internal helper for printing the list of failed tests.
+void PrettyUnitTestResultPrinter::PrintFailedTests(const UnitTest& unit_test) {
+  const int failed_test_count = unit_test.failed_test_count();
+  if (failed_test_count == 0) {
+    return;
+  }
+
+  for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+    const TestCase& test_case = *unit_test.GetTestCase(i);
+    if (!test_case.should_run() || (test_case.failed_test_count() == 0)) {
+      continue;
+    }
+    for (int j = 0; j < test_case.total_test_count(); ++j) {
+      const TestInfo& test_info = *test_case.GetTestInfo(j);
+      if (!test_info.should_run() || test_info.result()->Passed()) {
+        continue;
+      }
+      ColoredPrintf(COLOR_RED, "[  FAILED  ] ");
+      printf("%s.%s", test_case.name(), test_info.name());
+      PrintFullTestCommentIfPresent(test_info);
+      printf("\n");
+    }
+  }
+}
+
+void PrettyUnitTestResultPrinter::OnTestIterationEnd(const UnitTest& unit_test,
+                                                     int /*iteration*/) {
+  ColoredPrintf(COLOR_GREEN,  "[==========] ");
+  printf("%s from %s ran.",
+         FormatTestCount(unit_test.test_to_run_count()).c_str(),
+         FormatTestCaseCount(unit_test.test_case_to_run_count()).c_str());
+  if (GTEST_FLAG(print_time)) {
+    printf(" (%s ms total)",
+           internal::StreamableToString(unit_test.elapsed_time()).c_str());
+  }
+  printf("\n");
+  ColoredPrintf(COLOR_GREEN,  "[  PASSED  ] ");
+  printf("%s.\n", FormatTestCount(unit_test.successful_test_count()).c_str());
+
+  int num_failures = unit_test.failed_test_count();
+  if (!unit_test.Passed()) {
+    const int failed_test_count = unit_test.failed_test_count();
+    ColoredPrintf(COLOR_RED,  "[  FAILED  ] ");
+    printf("%s, listed below:\n", FormatTestCount(failed_test_count).c_str());
+    PrintFailedTests(unit_test);
+    printf("\n%2d FAILED %s\n", num_failures,
+                        num_failures == 1 ? "TEST" : "TESTS");
+  }
+
+  int num_disabled = unit_test.reportable_disabled_test_count();
+  if (num_disabled && !GTEST_FLAG(also_run_disabled_tests)) {
+    if (!num_failures) {
+      printf("\n");  // Add a spacer if no FAILURE banner is displayed.
+    }
+    ColoredPrintf(COLOR_YELLOW,
+                  "  YOU HAVE %d DISABLED %s\n\n",
+                  num_disabled,
+                  num_disabled == 1 ? "TEST" : "TESTS");
+  }
+  // Ensure that Google Test output is printed before, e.g., heapchecker output.
+  fflush(stdout);
+}
+
+// End PrettyUnitTestResultPrinter
+
+// class TestEventRepeater
+//
+// This class forwards events to other event listeners.
+class TestEventRepeater : public TestEventListener {
+ public:
+  TestEventRepeater() : forwarding_enabled_(true) {}
+  virtual ~TestEventRepeater();
+  void Append(TestEventListener *listener);
+  TestEventListener* Release(TestEventListener* listener);
+
+  // Controls whether events will be forwarded to listeners_. Set to false
+  // in death test child processes.
+  bool forwarding_enabled() const { return forwarding_enabled_; }
+  void set_forwarding_enabled(bool enable) { forwarding_enabled_ = enable; }
+
+  virtual void OnTestProgramStart(const UnitTest& unit_test);
+  virtual void OnTestIterationStart(const UnitTest& unit_test, int iteration);
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& unit_test);
+  virtual void OnTestCaseStart(const TestCase& test_case);
+  virtual void OnTestStart(const TestInfo& test_info);
+  virtual void OnTestPartResult(const TestPartResult& result);
+  virtual void OnTestEnd(const TestInfo& test_info);
+  virtual void OnTestCaseEnd(const TestCase& test_case);
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& unit_test);
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& unit_test);
+  virtual void OnTestIterationEnd(const UnitTest& unit_test, int iteration);
+  virtual void OnTestProgramEnd(const UnitTest& unit_test);
+
+ private:
+  // Controls whether events will be forwarded to listeners_. Set to false
+  // in death test child processes.
+  bool forwarding_enabled_;
+  // The list of listeners that receive events.
+  std::vector<TestEventListener*> listeners_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestEventRepeater);
+};
+
+TestEventRepeater::~TestEventRepeater() {
+  ForEach(listeners_, Delete<TestEventListener>);
+}
+
+void TestEventRepeater::Append(TestEventListener *listener) {
+  listeners_.push_back(listener);
+}
+
+// TODO(vladl@google.com): Factor the search functionality into Vector::Find.
+TestEventListener* TestEventRepeater::Release(TestEventListener *listener) {
+  for (size_t i = 0; i < listeners_.size(); ++i) {
+    if (listeners_[i] == listener) {
+      listeners_.erase(listeners_.begin() + i);
+      return listener;
+    }
+  }
+
+  return NULL;
+}
+
+// Since most methods are very similar, use macros to reduce boilerplate.
+// This defines a member that forwards the call to all listeners.
+#define GTEST_REPEATER_METHOD_(Name, Type) \
+void TestEventRepeater::Name(const Type& parameter) { \
+  if (forwarding_enabled_) { \
+    for (size_t i = 0; i < listeners_.size(); i++) { \
+      listeners_[i]->Name(parameter); \
+    } \
+  } \
+}
+// This defines a member that forwards the call to all listeners in reverse
+// order.
+#define GTEST_REVERSE_REPEATER_METHOD_(Name, Type) \
+void TestEventRepeater::Name(const Type& parameter) { \
+  if (forwarding_enabled_) { \
+    for (int i = static_cast<int>(listeners_.size()) - 1; i >= 0; i--) { \
+      listeners_[i]->Name(parameter); \
+    } \
+  } \
+}
+
+GTEST_REPEATER_METHOD_(OnTestProgramStart, UnitTest)
+GTEST_REPEATER_METHOD_(OnEnvironmentsSetUpStart, UnitTest)
+GTEST_REPEATER_METHOD_(OnTestCaseStart, TestCase)
+GTEST_REPEATER_METHOD_(OnTestStart, TestInfo)
+GTEST_REPEATER_METHOD_(OnTestPartResult, TestPartResult)
+GTEST_REPEATER_METHOD_(OnEnvironmentsTearDownStart, UnitTest)
+GTEST_REVERSE_REPEATER_METHOD_(OnEnvironmentsSetUpEnd, UnitTest)
+GTEST_REVERSE_REPEATER_METHOD_(OnEnvironmentsTearDownEnd, UnitTest)
+GTEST_REVERSE_REPEATER_METHOD_(OnTestEnd, TestInfo)
+GTEST_REVERSE_REPEATER_METHOD_(OnTestCaseEnd, TestCase)
+GTEST_REVERSE_REPEATER_METHOD_(OnTestProgramEnd, UnitTest)
+
+#undef GTEST_REPEATER_METHOD_
+#undef GTEST_REVERSE_REPEATER_METHOD_
+
+void TestEventRepeater::OnTestIterationStart(const UnitTest& unit_test,
+                                             int iteration) {
+  if (forwarding_enabled_) {
+    for (size_t i = 0; i < listeners_.size(); i++) {
+      listeners_[i]->OnTestIterationStart(unit_test, iteration);
+    }
+  }
+}
+
+void TestEventRepeater::OnTestIterationEnd(const UnitTest& unit_test,
+                                           int iteration) {
+  if (forwarding_enabled_) {
+    for (int i = static_cast<int>(listeners_.size()) - 1; i >= 0; i--) {
+      listeners_[i]->OnTestIterationEnd(unit_test, iteration);
+    }
+  }
+}
+
+// End TestEventRepeater
+
+// This class generates an XML output file.
+class XmlUnitTestResultPrinter : public EmptyTestEventListener {
+ public:
+  explicit XmlUnitTestResultPrinter(const char* output_file);
+
+  virtual void OnTestIterationEnd(const UnitTest& unit_test, int iteration);
+
+ private:
+  // Is c a whitespace character that is normalized to a space character
+  // when it appears in an XML attribute value?
+  static bool IsNormalizableWhitespace(char c) {
+    return c == 0x9 || c == 0xA || c == 0xD;
+  }
+
+  // May c appear in a well-formed XML document?
+  static bool IsValidXmlCharacter(char c) {
+    return IsNormalizableWhitespace(c) || c >= 0x20;
+  }
+
+  // Returns an XML-escaped copy of the input string str.  If
+  // is_attribute is true, the text is meant to appear as an attribute
+  // value, and normalizable whitespace is preserved by replacing it
+  // with character references.
+  static std::string EscapeXml(const std::string& str, bool is_attribute);
+
+  // Returns the given string with all characters invalid in XML removed.
+  static std::string RemoveInvalidXmlCharacters(const std::string& str);
+
+  // Convenience wrapper around EscapeXml when str is an attribute value.
+  static std::string EscapeXmlAttribute(const std::string& str) {
+    return EscapeXml(str, true);
+  }
+
+  // Convenience wrapper around EscapeXml when str is not an attribute value.
+  static std::string EscapeXmlText(const char* str) {
+    return EscapeXml(str, false);
+  }
+
+  // Verifies that the given attribute belongs to the given element and
+  // streams the attribute as XML.
+  static void OutputXmlAttribute(std::ostream* stream,
+                                 const std::string& element_name,
+                                 const std::string& name,
+                                 const std::string& value);
+
+  // Streams an XML CDATA section, escaping invalid CDATA sequences as needed.
+  static void OutputXmlCDataSection(::std::ostream* stream, const char* data);
+
+  // Streams an XML representation of a TestInfo object.
+  static void OutputXmlTestInfo(::std::ostream* stream,
+                                const char* test_case_name,
+                                const TestInfo& test_info);
+
+  // Prints an XML representation of a TestCase object
+  static void PrintXmlTestCase(::std::ostream* stream,
+                               const TestCase& test_case);
+
+  // Prints an XML summary of unit_test to output stream out.
+  static void PrintXmlUnitTest(::std::ostream* stream,
+                               const UnitTest& unit_test);
+
+  // Produces a string representing the test properties in a result as space
+  // delimited XML attributes based on the property key="value" pairs.
+  // When the std::string is not empty, it includes a space at the beginning,
+  // to delimit this attribute from prior attributes.
+  static std::string TestPropertiesAsXmlAttributes(const TestResult& result);
+
+  // The output file.
+  const std::string output_file_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(XmlUnitTestResultPrinter);
+};
+
+// Creates a new XmlUnitTestResultPrinter.
+XmlUnitTestResultPrinter::XmlUnitTestResultPrinter(const char* output_file)
+    : output_file_(output_file) {
+  if (output_file_.c_str() == NULL || output_file_.empty()) {
+    fprintf(stderr, "XML output file may not be null\n");
+    fflush(stderr);
+    exit(EXIT_FAILURE);
+  }
+}
+
+// Called after the unit test ends.
+void XmlUnitTestResultPrinter::OnTestIterationEnd(const UnitTest& unit_test,
+                                                  int /*iteration*/) {
+  FILE* xmlout = NULL;
+  FilePath output_file(output_file_);
+  FilePath output_dir(output_file.RemoveFileName());
+
+  if (output_dir.CreateDirectoriesRecursively()) {
+    xmlout = posix::FOpen(output_file_.c_str(), "w");
+  }
+  if (xmlout == NULL) {
+    // TODO(wan): report the reason of the failure.
+    //
+    // We don't do it for now as:
+    //
+    //   1. There is no urgent need for it.
+    //   2. It's a bit involved to make the errno variable thread-safe on
+    //      all three operating systems (Linux, Windows, and Mac OS).
+    //   3. To interpret the meaning of errno in a thread-safe way,
+    //      we need the strerror_r() function, which is not available on
+    //      Windows.
+    fprintf(stderr,
+            "Unable to open file \"%s\"\n",
+            output_file_.c_str());
+    fflush(stderr);
+    exit(EXIT_FAILURE);
+  }
+  std::stringstream stream;
+  PrintXmlUnitTest(&stream, unit_test);
+  fprintf(xmlout, "%s", StringStreamToString(&stream).c_str());
+  fclose(xmlout);
+}
+
+// Returns an XML-escaped copy of the input string str.  If is_attribute
+// is true, the text is meant to appear as an attribute value, and
+// normalizable whitespace is preserved by replacing it with character
+// references.
+//
+// Invalid XML characters in str, if any, are stripped from the output.
+// It is expected that most, if not all, of the text processed by this
+// module will consist of ordinary English text.
+// If this module is ever modified to produce version 1.1 XML output,
+// most invalid characters can be retained using character references.
+// TODO(wan): It might be nice to have a minimally invasive, human-readable
+// escaping scheme for invalid characters, rather than dropping them.
+std::string XmlUnitTestResultPrinter::EscapeXml(
+    const std::string& str, bool is_attribute) {
+  Message m;
+
+  for (size_t i = 0; i < str.size(); ++i) {
+    const char ch = str[i];
+    switch (ch) {
+      case '<':
+        m << "&lt;";
+        break;
+      case '>':
+        m << "&gt;";
+        break;
+      case '&':
+        m << "&amp;";
+        break;
+      case '\'':
+        if (is_attribute)
+          m << "&apos;";
+        else
+          m << '\'';
+        break;
+      case '"':
+        if (is_attribute)
+          m << "&quot;";
+        else
+          m << '"';
+        break;
+      default:
+        if (IsValidXmlCharacter(ch)) {
+          if (is_attribute && IsNormalizableWhitespace(ch))
+            m << "&#x" << String::FormatByte(static_cast<unsigned char>(ch))
+              << ";";
+          else
+            m << ch;
+        }
+        break;
+    }
+  }
+
+  return m.GetString();
+}
+
+// Returns the given string with all characters invalid in XML removed.
+// Currently invalid characters are dropped from the string. An
+// alternative is to replace them with certain characters such as . or ?.
+std::string XmlUnitTestResultPrinter::RemoveInvalidXmlCharacters(
+    const std::string& str) {
+  std::string output;
+  output.reserve(str.size());
+  for (std::string::const_iterator it = str.begin(); it != str.end(); ++it)
+    if (IsValidXmlCharacter(*it))
+      output.push_back(*it);
+
+  return output;
+}
+
+// The following routines generate an XML representation of a UnitTest
+// object.
+//
+// This is how Google Test concepts map to the DTD:
+//
+// <testsuites name="AllTests">        <-- corresponds to a UnitTest object
+//   <testsuite name="testcase-name">  <-- corresponds to a TestCase object
+//     <testcase name="test-name">     <-- corresponds to a TestInfo object
+//       <failure message="...">...</failure>
+//       <failure message="...">...</failure>
+//       <failure message="...">...</failure>
+//                                     <-- individual assertion failures
+//     </testcase>
+//   </testsuite>
+// </testsuites>
+
+// Formats the given time in milliseconds as seconds.
+std::string FormatTimeInMillisAsSeconds(TimeInMillis ms) {
+  ::std::stringstream ss;
+  ss << ms/1000.0;
+  return ss.str();
+}
+
+// Converts the given epoch time in milliseconds to a date string in the ISO
+// 8601 format, without the timezone information.
+std::string FormatEpochTimeInMillisAsIso8601(TimeInMillis ms) {
+  time_t seconds = static_cast<time_t>(ms / 1000);
+  struct tm time_struct;
+#ifdef _MSC_VER
+  if (localtime_s(&time_struct, &seconds) != 0)
+    return "";  // Invalid ms value
+#else
+  if (localtime_r(&seconds, &time_struct) == NULL)
+    return "";  // Invalid ms value
+#endif
+
+  // YYYY-MM-DDThh:mm:ss
+  return StreamableToString(time_struct.tm_year + 1900) + "-" +
+      String::FormatIntWidth2(time_struct.tm_mon + 1) + "-" +
+      String::FormatIntWidth2(time_struct.tm_mday) + "T" +
+      String::FormatIntWidth2(time_struct.tm_hour) + ":" +
+      String::FormatIntWidth2(time_struct.tm_min) + ":" +
+      String::FormatIntWidth2(time_struct.tm_sec);
+}
+
+// Streams an XML CDATA section, escaping invalid CDATA sequences as needed.
+void XmlUnitTestResultPrinter::OutputXmlCDataSection(::std::ostream* stream,
+                                                     const char* data) {
+  const char* segment = data;
+  *stream << "<![CDATA[";
+  for (;;) {
+    const char* const next_segment = strstr(segment, "]]>");
+    if (next_segment != NULL) {
+      stream->write(
+          segment, static_cast<std::streamsize>(next_segment - segment));
+      *stream << "]]>]]&gt;<![CDATA[";
+      segment = next_segment + strlen("]]>");
+    } else {
+      *stream << segment;
+      break;
+    }
+  }
+  *stream << "]]>";
+}
+
+void XmlUnitTestResultPrinter::OutputXmlAttribute(
+    std::ostream* stream,
+    const std::string& element_name,
+    const std::string& name,
+    const std::string& value) {
+  const std::vector<std::string>& allowed_names =
+      GetReservedAttributesForElement(element_name);
+
+  GTEST_CHECK_(std::find(allowed_names.begin(), allowed_names.end(), name) !=
+                   allowed_names.end())
+      << "Attribute " << name << " is not allowed for element <" << element_name
+      << ">.";
+
+  *stream << " " << name << "=\"" << EscapeXmlAttribute(value) << "\"";
+}
+
+// Prints an XML representation of a TestInfo object.
+// TODO(wan): There is also value in printing properties with the plain printer.
+void XmlUnitTestResultPrinter::OutputXmlTestInfo(::std::ostream* stream,
+                                                 const char* test_case_name,
+                                                 const TestInfo& test_info) {
+  const TestResult& result = *test_info.result();
+  const std::string kTestcase = "testcase";
+
+  *stream << "    <testcase";
+  OutputXmlAttribute(stream, kTestcase, "name", test_info.name());
+
+  if (test_info.value_param() != NULL) {
+    OutputXmlAttribute(stream, kTestcase, "value_param",
+                       test_info.value_param());
+  }
+  if (test_info.type_param() != NULL) {
+    OutputXmlAttribute(stream, kTestcase, "type_param", test_info.type_param());
+  }
+
+  OutputXmlAttribute(stream, kTestcase, "status",
+                     test_info.should_run() ? "run" : "notrun");
+  OutputXmlAttribute(stream, kTestcase, "time",
+                     FormatTimeInMillisAsSeconds(result.elapsed_time()));
+  OutputXmlAttribute(stream, kTestcase, "classname", test_case_name);
+  *stream << TestPropertiesAsXmlAttributes(result);
+
+  int failures = 0;
+  for (int i = 0; i < result.total_part_count(); ++i) {
+    const TestPartResult& part = result.GetTestPartResult(i);
+    if (part.failed()) {
+      if (++failures == 1) {
+        *stream << ">\n";
+      }
+      const string location = internal::FormatCompilerIndependentFileLocation(
+          part.file_name(), part.line_number());
+      const string summary = location + "\n" + part.summary();
+      *stream << "      <failure message=\""
+              << EscapeXmlAttribute(summary.c_str())
+              << "\" type=\"\">";
+      const string detail = location + "\n" + part.message();
+      OutputXmlCDataSection(stream, RemoveInvalidXmlCharacters(detail).c_str());
+      *stream << "</failure>\n";
+    }
+  }
+
+  if (failures == 0)
+    *stream << " />\n";
+  else
+    *stream << "    </testcase>\n";
+}
+
+// Prints an XML representation of a TestCase object
+void XmlUnitTestResultPrinter::PrintXmlTestCase(std::ostream* stream,
+                                                const TestCase& test_case) {
+  const std::string kTestsuite = "testsuite";
+  *stream << "  <" << kTestsuite;
+  OutputXmlAttribute(stream, kTestsuite, "name", test_case.name());
+  OutputXmlAttribute(stream, kTestsuite, "tests",
+                     StreamableToString(test_case.reportable_test_count()));
+  OutputXmlAttribute(stream, kTestsuite, "failures",
+                     StreamableToString(test_case.failed_test_count()));
+  OutputXmlAttribute(
+      stream, kTestsuite, "disabled",
+      StreamableToString(test_case.reportable_disabled_test_count()));
+  OutputXmlAttribute(stream, kTestsuite, "errors", "0");
+  OutputXmlAttribute(stream, kTestsuite, "time",
+                     FormatTimeInMillisAsSeconds(test_case.elapsed_time()));
+  *stream << TestPropertiesAsXmlAttributes(test_case.ad_hoc_test_result())
+          << ">\n";
+
+  for (int i = 0; i < test_case.total_test_count(); ++i) {
+    if (test_case.GetTestInfo(i)->is_reportable())
+      OutputXmlTestInfo(stream, test_case.name(), *test_case.GetTestInfo(i));
+  }
+  *stream << "  </" << kTestsuite << ">\n";
+}
+
+// Prints an XML summary of unit_test to output stream out.
+void XmlUnitTestResultPrinter::PrintXmlUnitTest(std::ostream* stream,
+                                                const UnitTest& unit_test) {
+  const std::string kTestsuites = "testsuites";
+
+  *stream << "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
+  *stream << "<" << kTestsuites;
+
+  OutputXmlAttribute(stream, kTestsuites, "tests",
+                     StreamableToString(unit_test.reportable_test_count()));
+  OutputXmlAttribute(stream, kTestsuites, "failures",
+                     StreamableToString(unit_test.failed_test_count()));
+  OutputXmlAttribute(
+      stream, kTestsuites, "disabled",
+      StreamableToString(unit_test.reportable_disabled_test_count()));
+  OutputXmlAttribute(stream, kTestsuites, "errors", "0");
+  OutputXmlAttribute(
+      stream, kTestsuites, "timestamp",
+      FormatEpochTimeInMillisAsIso8601(unit_test.start_timestamp()));
+  OutputXmlAttribute(stream, kTestsuites, "time",
+                     FormatTimeInMillisAsSeconds(unit_test.elapsed_time()));
+
+  if (GTEST_FLAG(shuffle)) {
+    OutputXmlAttribute(stream, kTestsuites, "random_seed",
+                       StreamableToString(unit_test.random_seed()));
+  }
+
+  *stream << TestPropertiesAsXmlAttributes(unit_test.ad_hoc_test_result());
+
+  OutputXmlAttribute(stream, kTestsuites, "name", "AllTests");
+  *stream << ">\n";
+
+  for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+    if (unit_test.GetTestCase(i)->reportable_test_count() > 0)
+      PrintXmlTestCase(stream, *unit_test.GetTestCase(i));
+  }
+  *stream << "</" << kTestsuites << ">\n";
+}
+
+// Produces a string representing the test properties in a result as space
+// delimited XML attributes based on the property key="value" pairs.
+std::string XmlUnitTestResultPrinter::TestPropertiesAsXmlAttributes(
+    const TestResult& result) {
+  Message attributes;
+  for (int i = 0; i < result.test_property_count(); ++i) {
+    const TestProperty& property = result.GetTestProperty(i);
+    attributes << " " << property.key() << "="
+        << "\"" << EscapeXmlAttribute(property.value()) << "\"";
+  }
+  return attributes.GetString();
+}
+
+// End XmlUnitTestResultPrinter
+
+#if GTEST_CAN_STREAM_RESULTS_
+
+// Checks if str contains '=', '&', '%' or '\n' characters. If yes,
+// replaces them by "%xx" where xx is their hexadecimal value. For
+// example, replaces "=" with "%3D".  This algorithm is O(strlen(str))
+// in both time and space -- important as the input str may contain an
+// arbitrarily long test failure message and stack trace.
+string StreamingListener::UrlEncode(const char* str) {
+  string result;
+  result.reserve(strlen(str) + 1);
+  for (char ch = *str; ch != '\0'; ch = *++str) {
+    switch (ch) {
+      case '%':
+      case '=':
+      case '&':
+      case '\n':
+        result.append("%" + String::FormatByte(static_cast<unsigned char>(ch)));
+        break;
+      default:
+        result.push_back(ch);
+        break;
+    }
+  }
+  return result;
+}
+
+void StreamingListener::SocketWriter::MakeConnection() {
+  GTEST_CHECK_(sockfd_ == -1)
+      << "MakeConnection() can't be called when there is already a connection.";
+
+  addrinfo hints;
+  memset(&hints, 0, sizeof(hints));
+  hints.ai_family = AF_UNSPEC;    // To allow both IPv4 and IPv6 addresses.
+  hints.ai_socktype = SOCK_STREAM;
+  addrinfo* servinfo = NULL;
+
+  // Use the getaddrinfo() to get a linked list of IP addresses for
+  // the given host name.
+  const int error_num = getaddrinfo(
+      host_name_.c_str(), port_num_.c_str(), &hints, &servinfo);
+  if (error_num != 0) {
+    GTEST_LOG_(WARNING) << "stream_result_to: getaddrinfo() failed: "
+                        << gai_strerror(error_num);
+  }
+
+  // Loop through all the results and connect to the first we can.
+  for (addrinfo* cur_addr = servinfo; sockfd_ == -1 && cur_addr != NULL;
+       cur_addr = cur_addr->ai_next) {
+    sockfd_ = socket(
+        cur_addr->ai_family, cur_addr->ai_socktype, cur_addr->ai_protocol);
+    if (sockfd_ != -1) {
+      // Connect the client socket to the server socket.
+      if (connect(sockfd_, cur_addr->ai_addr, cur_addr->ai_addrlen) == -1) {
+        close(sockfd_);
+        sockfd_ = -1;
+      }
+    }
+  }
+
+  freeaddrinfo(servinfo);  // all done with this structure
+
+  if (sockfd_ == -1) {
+    GTEST_LOG_(WARNING) << "stream_result_to: failed to connect to "
+                        << host_name_ << ":" << port_num_;
+  }
+}
+
+// End of class Streaming Listener
+#endif  // GTEST_CAN_STREAM_RESULTS__
+
+// Class ScopedTrace
+
+// Pushes the given source file location and message onto a per-thread
+// trace stack maintained by Google Test.
+ScopedTrace::ScopedTrace(const char* file, int line, const Message& message)
+    GTEST_LOCK_EXCLUDED_(&UnitTest::mutex_) {
+  TraceInfo trace;
+  trace.file = file;
+  trace.line = line;
+  trace.message = message.GetString();
+
+  UnitTest::GetInstance()->PushGTestTrace(trace);
+}
+
+// Pops the info pushed by the c'tor.
+ScopedTrace::~ScopedTrace()
+    GTEST_LOCK_EXCLUDED_(&UnitTest::mutex_) {
+  UnitTest::GetInstance()->PopGTestTrace();
+}
+
+
+// class OsStackTraceGetter
+
+// Returns the current OS stack trace as an std::string.  Parameters:
+//
+//   max_depth  - the maximum number of stack frames to be included
+//                in the trace.
+//   skip_count - the number of top frames to be skipped; doesn't count
+//                against max_depth.
+//
+string OsStackTraceGetter::CurrentStackTrace(int /* max_depth */,
+                                             int /* skip_count */)
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  return "";
+}
+
+void OsStackTraceGetter::UponLeavingGTest()
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+}
+
+const char* const
+OsStackTraceGetter::kElidedFramesMarker =
+    "... " GTEST_NAME_ " internal frames ...";
+
+// A helper class that creates the premature-exit file in its
+// constructor and deletes the file in its destructor.
+class ScopedPrematureExitFile {
+ public:
+  explicit ScopedPrematureExitFile(const char* premature_exit_filepath)
+      : premature_exit_filepath_(premature_exit_filepath) {
+    // If a path to the premature-exit file is specified...
+    if (premature_exit_filepath != NULL && *premature_exit_filepath != '\0') {
+      // create the file with a single "0" character in it.  I/O
+      // errors are ignored as there's nothing better we can do and we
+      // don't want to fail the test because of this.
+      FILE* pfile = posix::FOpen(premature_exit_filepath, "w");
+      fwrite("0", 1, 1, pfile);
+      fclose(pfile);
+    }
+  }
+
+  ~ScopedPrematureExitFile() {
+    if (premature_exit_filepath_ != NULL && *premature_exit_filepath_ != '\0') {
+      remove(premature_exit_filepath_);
+    }
+  }
+
+ private:
+  const char* const premature_exit_filepath_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(ScopedPrematureExitFile);
+};
+
+}  // namespace internal
+
+// class TestEventListeners
+
+TestEventListeners::TestEventListeners()
+    : repeater_(new internal::TestEventRepeater()),
+      default_result_printer_(NULL),
+      default_xml_generator_(NULL) {
+}
+
+TestEventListeners::~TestEventListeners() { delete repeater_; }
+
+// Returns the standard listener responsible for the default console
+// output.  Can be removed from the listeners list to shut down default
+// console output.  Note that removing this object from the listener list
+// with Release transfers its ownership to the user.
+void TestEventListeners::Append(TestEventListener* listener) {
+  repeater_->Append(listener);
+}
+
+// Removes the given event listener from the list and returns it.  It then
+// becomes the caller's responsibility to delete the listener. Returns
+// NULL if the listener is not found in the list.
+TestEventListener* TestEventListeners::Release(TestEventListener* listener) {
+  if (listener == default_result_printer_)
+    default_result_printer_ = NULL;
+  else if (listener == default_xml_generator_)
+    default_xml_generator_ = NULL;
+  return repeater_->Release(listener);
+}
+
+// Returns repeater that broadcasts the TestEventListener events to all
+// subscribers.
+TestEventListener* TestEventListeners::repeater() { return repeater_; }
+
+// Sets the default_result_printer attribute to the provided listener.
+// The listener is also added to the listener list and previous
+// default_result_printer is removed from it and deleted. The listener can
+// also be NULL in which case it will not be added to the list. Does
+// nothing if the previous and the current listener objects are the same.
+void TestEventListeners::SetDefaultResultPrinter(TestEventListener* listener) {
+  if (default_result_printer_ != listener) {
+    // It is an error to pass this method a listener that is already in the
+    // list.
+    delete Release(default_result_printer_);
+    default_result_printer_ = listener;
+    if (listener != NULL)
+      Append(listener);
+  }
+}
+
+// Sets the default_xml_generator attribute to the provided listener.  The
+// listener is also added to the listener list and previous
+// default_xml_generator is removed from it and deleted. The listener can
+// also be NULL in which case it will not be added to the list. Does
+// nothing if the previous and the current listener objects are the same.
+void TestEventListeners::SetDefaultXmlGenerator(TestEventListener* listener) {
+  if (default_xml_generator_ != listener) {
+    // It is an error to pass this method a listener that is already in the
+    // list.
+    delete Release(default_xml_generator_);
+    default_xml_generator_ = listener;
+    if (listener != NULL)
+      Append(listener);
+  }
+}
+
+// Controls whether events will be forwarded by the repeater to the
+// listeners in the list.
+bool TestEventListeners::EventForwardingEnabled() const {
+  return repeater_->forwarding_enabled();
+}
+
+void TestEventListeners::SuppressEventForwarding() {
+  repeater_->set_forwarding_enabled(false);
+}
+
+// class UnitTest
+
+// Gets the singleton UnitTest object.  The first time this method is
+// called, a UnitTest object is constructed and returned.  Consecutive
+// calls will return the same object.
+//
+// We don't protect this under mutex_ as a user is not supposed to
+// call this before main() starts, from which point on the return
+// value will never change.
+UnitTest* UnitTest::GetInstance() {
+  // When compiled with MSVC 7.1 in optimized mode, destroying the
+  // UnitTest object upon exiting the program messes up the exit code,
+  // causing successful tests to appear failed.  We have to use a
+  // different implementation in this case to bypass the compiler bug.
+  // This implementation makes the compiler happy, at the cost of
+  // leaking the UnitTest object.
+
+  // CodeGear C++Builder insists on a public destructor for the
+  // default implementation.  Use this implementation to keep good OO
+  // design with private destructor.
+
+#if (_MSC_VER == 1310 && !defined(_DEBUG)) || defined(__BORLANDC__)
+  static UnitTest* const instance = new UnitTest;
+  return instance;
+#else
+  static UnitTest instance;
+  return &instance;
+#endif  // (_MSC_VER == 1310 && !defined(_DEBUG)) || defined(__BORLANDC__)
+}
+
+// Gets the number of successful test cases.
+int UnitTest::successful_test_case_count() const {
+  return impl()->successful_test_case_count();
+}
+
+// Gets the number of failed test cases.
+int UnitTest::failed_test_case_count() const {
+  return impl()->failed_test_case_count();
+}
+
+// Gets the number of all test cases.
+int UnitTest::total_test_case_count() const {
+  return impl()->total_test_case_count();
+}
+
+// Gets the number of all test cases that contain at least one test
+// that should run.
+int UnitTest::test_case_to_run_count() const {
+  return impl()->test_case_to_run_count();
+}
+
+// Gets the number of successful tests.
+int UnitTest::successful_test_count() const {
+  return impl()->successful_test_count();
+}
+
+// Gets the number of failed tests.
+int UnitTest::failed_test_count() const { return impl()->failed_test_count(); }
+
+// Gets the number of disabled tests that will be reported in the XML report.
+int UnitTest::reportable_disabled_test_count() const {
+  return impl()->reportable_disabled_test_count();
+}
+
+// Gets the number of disabled tests.
+int UnitTest::disabled_test_count() const {
+  return impl()->disabled_test_count();
+}
+
+// Gets the number of tests to be printed in the XML report.
+int UnitTest::reportable_test_count() const {
+  return impl()->reportable_test_count();
+}
+
+// Gets the number of all tests.
+int UnitTest::total_test_count() const { return impl()->total_test_count(); }
+
+// Gets the number of tests that should run.
+int UnitTest::test_to_run_count() const { return impl()->test_to_run_count(); }
+
+// Gets the time of the test program start, in ms from the start of the
+// UNIX epoch.
+internal::TimeInMillis UnitTest::start_timestamp() const {
+    return impl()->start_timestamp();
+}
+
+// Gets the elapsed time, in milliseconds.
+internal::TimeInMillis UnitTest::elapsed_time() const {
+  return impl()->elapsed_time();
+}
+
+// Returns true iff the unit test passed (i.e. all test cases passed).
+bool UnitTest::Passed() const { return impl()->Passed(); }
+
+// Returns true iff the unit test failed (i.e. some test case failed
+// or something outside of all tests failed).
+bool UnitTest::Failed() const { return impl()->Failed(); }
+
+// Gets the i-th test case among all the test cases. i can range from 0 to
+// total_test_case_count() - 1. If i is not in that range, returns NULL.
+const TestCase* UnitTest::GetTestCase(int i) const {
+  return impl()->GetTestCase(i);
+}
+
+// Returns the TestResult containing information on test failures and
+// properties logged outside of individual test cases.
+const TestResult& UnitTest::ad_hoc_test_result() const {
+  return *impl()->ad_hoc_test_result();
+}
+
+// Gets the i-th test case among all the test cases. i can range from 0 to
+// total_test_case_count() - 1. If i is not in that range, returns NULL.
+TestCase* UnitTest::GetMutableTestCase(int i) {
+  return impl()->GetMutableTestCase(i);
+}
+
+// Returns the list of event listeners that can be used to track events
+// inside Google Test.
+TestEventListeners& UnitTest::listeners() {
+  return *impl()->listeners();
+}
+
+// Registers and returns a global test environment.  When a test
+// program is run, all global test environments will be set-up in the
+// order they were registered.  After all tests in the program have
+// finished, all global test environments will be torn-down in the
+// *reverse* order they were registered.
+//
+// The UnitTest object takes ownership of the given environment.
+//
+// We don't protect this under mutex_, as we only support calling it
+// from the main thread.
+Environment* UnitTest::AddEnvironment(Environment* env) {
+  if (env == NULL) {
+    return NULL;
+  }
+
+  impl_->environments().push_back(env);
+  return env;
+}
+
+// Adds a TestPartResult to the current TestResult object.  All Google Test
+// assertion macros (e.g. ASSERT_TRUE, EXPECT_EQ, etc) eventually call
+// this to report their results.  The user code should use the
+// assertion macros instead of calling this directly.
+void UnitTest::AddTestPartResult(
+    TestPartResult::Type result_type,
+    const char* file_name,
+    int line_number,
+    const std::string& message,
+    const std::string& os_stack_trace) GTEST_LOCK_EXCLUDED_(mutex_) {
+  Message msg;
+  msg << message;
+
+  internal::MutexLock lock(&mutex_);
+  if (impl_->gtest_trace_stack().size() > 0) {
+    msg << "\n" << GTEST_NAME_ << " trace:";
+
+    for (int i = static_cast<int>(impl_->gtest_trace_stack().size());
+         i > 0; --i) {
+      const internal::TraceInfo& trace = impl_->gtest_trace_stack()[i - 1];
+      msg << "\n" << internal::FormatFileLocation(trace.file, trace.line)
+          << " " << trace.message;
+    }
+  }
+
+  if (os_stack_trace.c_str() != NULL && !os_stack_trace.empty()) {
+    msg << internal::kStackTraceMarker << os_stack_trace;
+  }
+
+  const TestPartResult result =
+    TestPartResult(result_type, file_name, line_number,
+                   msg.GetString().c_str());
+  impl_->GetTestPartResultReporterForCurrentThread()->
+      ReportTestPartResult(result);
+
+  if (result_type != TestPartResult::kSuccess) {
+    // gtest_break_on_failure takes precedence over
+    // gtest_throw_on_failure.  This allows a user to set the latter
+    // in the code (perhaps in order to use Google Test assertions
+    // with another testing framework) and specify the former on the
+    // command line for debugging.
+    if (GTEST_FLAG(break_on_failure)) {
+#if GTEST_OS_WINDOWS && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+      // Using DebugBreak on Windows allows gtest to still break into a debugger
+      // when a failure happens and both the --gtest_break_on_failure and
+      // the --gtest_catch_exceptions flags are specified.
+      DebugBreak();
+#else
+      // Dereference NULL through a volatile pointer to prevent the compiler
+      // from removing. We use this rather than abort() or __builtin_trap() for
+      // portability: Symbian doesn't implement abort() well, and some debuggers
+      // don't correctly trap abort().
+      *static_cast<volatile int*>(NULL) = 1;
+#endif  // GTEST_OS_WINDOWS
+    } else if (GTEST_FLAG(throw_on_failure)) {
+#if GTEST_HAS_EXCEPTIONS
+      throw internal::GoogleTestFailureException(result);
+#else
+      // We cannot call abort() as it generates a pop-up in debug mode
+      // that cannot be suppressed in VC 7.1 or below.
+      exit(1);
+#endif
+    }
+  }
+}
+
+// Adds a TestProperty to the current TestResult object when invoked from
+// inside a test, to current TestCase's ad_hoc_test_result_ when invoked
+// from SetUpTestCase or TearDownTestCase, or to the global property set
+// when invoked elsewhere.  If the result already contains a property with
+// the same key, the value will be updated.
+void UnitTest::RecordProperty(const std::string& key,
+                              const std::string& value) {
+  impl_->RecordProperty(TestProperty(key, value));
+}
+
+// Runs all tests in this UnitTest object and prints the result.
+// Returns 0 if successful, or 1 otherwise.
+//
+// We don't protect this under mutex_, as we only support calling it
+// from the main thread.
+int UnitTest::Run() {
+  const bool in_death_test_child_process =
+      internal::GTEST_FLAG(internal_run_death_test).length() > 0;
+
+  // Google Test implements this protocol for catching that a test
+  // program exits before returning control to Google Test:
+  //
+  //   1. Upon start, Google Test creates a file whose absolute path
+  //      is specified by the environment variable
+  //      TEST_PREMATURE_EXIT_FILE.
+  //   2. When Google Test has finished its work, it deletes the file.
+  //
+  // This allows a test runner to set TEST_PREMATURE_EXIT_FILE before
+  // running a Google-Test-based test program and check the existence
+  // of the file at the end of the test execution to see if it has
+  // exited prematurely.
+
+  // If we are in the child process of a death test, don't
+  // create/delete the premature exit file, as doing so is unnecessary
+  // and will confuse the parent process.  Otherwise, create/delete
+  // the file upon entering/leaving this function.  If the program
+  // somehow exits before this function has a chance to return, the
+  // premature-exit file will be left undeleted, causing a test runner
+  // that understands the premature-exit-file protocol to report the
+  // test as having failed.
+  const internal::ScopedPrematureExitFile premature_exit_file(
+      in_death_test_child_process ?
+      NULL : internal::posix::GetEnv("TEST_PREMATURE_EXIT_FILE"));
+
+  // Captures the value of GTEST_FLAG(catch_exceptions).  This value will be
+  // used for the duration of the program.
+  impl()->set_catch_exceptions(GTEST_FLAG(catch_exceptions));
+
+#if GTEST_HAS_SEH
+  // Either the user wants Google Test to catch exceptions thrown by the
+  // tests or this is executing in the context of death test child
+  // process. In either case the user does not want to see pop-up dialogs
+  // about crashes - they are expected.
+  if (impl()->catch_exceptions() || in_death_test_child_process) {
+# if !GTEST_OS_WINDOWS_MOBILE && !GTEST_OS_WINDOWS_PHONE && !GTEST_OS_WINDOWS_RT
+    // SetErrorMode doesn't exist on CE.
+    SetErrorMode(SEM_FAILCRITICALERRORS | SEM_NOALIGNMENTFAULTEXCEPT |
+                 SEM_NOGPFAULTERRORBOX | SEM_NOOPENFILEERRORBOX);
+# endif  // !GTEST_OS_WINDOWS_MOBILE
+
+# if (defined(_MSC_VER) || GTEST_OS_WINDOWS_MINGW) && !GTEST_OS_WINDOWS_MOBILE
+    // Death test children can be terminated with _abort().  On Windows,
+    // _abort() can show a dialog with a warning message.  This forces the
+    // abort message to go to stderr instead.
+    _set_error_mode(_OUT_TO_STDERR);
+# endif
+
+# if _MSC_VER >= 1400 && !GTEST_OS_WINDOWS_MOBILE
+    // In the debug version, Visual Studio pops up a separate dialog
+    // offering a choice to debug the aborted program. We need to suppress
+    // this dialog or it will pop up for every EXPECT/ASSERT_DEATH statement
+    // executed. Google Test will notify the user of any unexpected
+    // failure via stderr.
+    //
+    // VC++ doesn't define _set_abort_behavior() prior to the version 8.0.
+    // Users of prior VC versions shall suffer the agony and pain of
+    // clicking through the countless debug dialogs.
+    // TODO(vladl@google.com): find a way to suppress the abort dialog() in the
+    // debug mode when compiled with VC 7.1 or lower.
+    if (!GTEST_FLAG(break_on_failure))
+      _set_abort_behavior(
+          0x0,                                    // Clear the following flags:
+          _WRITE_ABORT_MSG | _CALL_REPORTFAULT);  // pop-up window, core dump.
+# endif
+  }
+#endif  // GTEST_HAS_SEH
+
+  return internal::HandleExceptionsInMethodIfSupported(
+      impl(),
+      &internal::UnitTestImpl::RunAllTests,
+      "auxiliary test code (environments or event listeners)") ? 0 : 1;
+}
+
+// Returns the working directory when the first TEST() or TEST_F() was
+// executed.
+const char* UnitTest::original_working_dir() const {
+  return impl_->original_working_dir_.c_str();
+}
+
+// Returns the TestCase object for the test that's currently running,
+// or NULL if no test is running.
+const TestCase* UnitTest::current_test_case() const
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  return impl_->current_test_case();
+}
+
+// Returns the TestInfo object for the test that's currently running,
+// or NULL if no test is running.
+const TestInfo* UnitTest::current_test_info() const
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  return impl_->current_test_info();
+}
+
+// Returns the random seed used at the start of the current test run.
+int UnitTest::random_seed() const { return impl_->random_seed(); }
+
+#if GTEST_HAS_PARAM_TEST
+// Returns ParameterizedTestCaseRegistry object used to keep track of
+// value-parameterized tests and instantiate and register them.
+internal::ParameterizedTestCaseRegistry&
+    UnitTest::parameterized_test_registry()
+        GTEST_LOCK_EXCLUDED_(mutex_) {
+  return impl_->parameterized_test_registry();
+}
+#endif  // GTEST_HAS_PARAM_TEST
+
+// Creates an empty UnitTest.
+UnitTest::UnitTest() {
+  impl_ = new internal::UnitTestImpl(this);
+}
+
+// Destructor of UnitTest.
+UnitTest::~UnitTest() {
+  delete impl_;
+}
+
+// Pushes a trace defined by SCOPED_TRACE() on to the per-thread
+// Google Test trace stack.
+void UnitTest::PushGTestTrace(const internal::TraceInfo& trace)
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  impl_->gtest_trace_stack().push_back(trace);
+}
+
+// Pops a trace from the per-thread Google Test trace stack.
+void UnitTest::PopGTestTrace()
+    GTEST_LOCK_EXCLUDED_(mutex_) {
+  internal::MutexLock lock(&mutex_);
+  impl_->gtest_trace_stack().pop_back();
+}
+
+namespace internal {
+
+UnitTestImpl::UnitTestImpl(UnitTest* parent)
+    : parent_(parent),
+      GTEST_DISABLE_MSC_WARNINGS_PUSH_(4355 /* using this in initializer */)
+      default_global_test_part_result_reporter_(this),
+      default_per_thread_test_part_result_reporter_(this),
+      GTEST_DISABLE_MSC_WARNINGS_POP_()
+      global_test_part_result_repoter_(
+          &default_global_test_part_result_reporter_),
+      per_thread_test_part_result_reporter_(
+          &default_per_thread_test_part_result_reporter_),
+#if GTEST_HAS_PARAM_TEST
+      parameterized_test_registry_(),
+      parameterized_tests_registered_(false),
+#endif  // GTEST_HAS_PARAM_TEST
+      last_death_test_case_(-1),
+      current_test_case_(NULL),
+      current_test_info_(NULL),
+      ad_hoc_test_result_(),
+      os_stack_trace_getter_(NULL),
+      post_flag_parse_init_performed_(false),
+      random_seed_(0),  // Will be overridden by the flag before first use.
+      random_(0),  // Will be reseeded before first use.
+      start_timestamp_(0),
+      elapsed_time_(0),
+#if GTEST_HAS_DEATH_TEST
+      death_test_factory_(new DefaultDeathTestFactory),
+#endif
+      // Will be overridden by the flag before first use.
+      catch_exceptions_(false) {
+  listeners()->SetDefaultResultPrinter(new PrettyUnitTestResultPrinter);
+}
+
+UnitTestImpl::~UnitTestImpl() {
+  // Deletes every TestCase.
+  ForEach(test_cases_, internal::Delete<TestCase>);
+
+  // Deletes every Environment.
+  ForEach(environments_, internal::Delete<Environment>);
+
+  delete os_stack_trace_getter_;
+}
+
+// Adds a TestProperty to the current TestResult object when invoked in a
+// context of a test, to current test case's ad_hoc_test_result when invoke
+// from SetUpTestCase/TearDownTestCase, or to the global property set
+// otherwise.  If the result already contains a property with the same key,
+// the value will be updated.
+void UnitTestImpl::RecordProperty(const TestProperty& test_property) {
+  std::string xml_element;
+  TestResult* test_result;  // TestResult appropriate for property recording.
+
+  if (current_test_info_ != NULL) {
+    xml_element = "testcase";
+    test_result = &(current_test_info_->result_);
+  } else if (current_test_case_ != NULL) {
+    xml_element = "testsuite";
+    test_result = &(current_test_case_->ad_hoc_test_result_);
+  } else {
+    xml_element = "testsuites";
+    test_result = &ad_hoc_test_result_;
+  }
+  test_result->RecordProperty(xml_element, test_property);
+}
+
+#if GTEST_HAS_DEATH_TEST
+// Disables event forwarding if the control is currently in a death test
+// subprocess. Must not be called before InitGoogleTest.
+void UnitTestImpl::SuppressTestEventsIfInSubprocess() {
+  if (internal_run_death_test_flag_.get() != NULL)
+    listeners()->SuppressEventForwarding();
+}
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Initializes event listeners performing XML output as specified by
+// UnitTestOptions. Must not be called before InitGoogleTest.
+void UnitTestImpl::ConfigureXmlOutput() {
+  const std::string& output_format = UnitTestOptions::GetOutputFormat();
+  if (output_format == "xml") {
+    listeners()->SetDefaultXmlGenerator(new XmlUnitTestResultPrinter(
+        UnitTestOptions::GetAbsolutePathToOutputFile().c_str()));
+  } else if (output_format != "") {
+    printf("WARNING: unrecognized output format \"%s\" ignored.\n",
+           output_format.c_str());
+    fflush(stdout);
+  }
+}
+
+#if GTEST_CAN_STREAM_RESULTS_
+// Initializes event listeners for streaming test results in string form.
+// Must not be called before InitGoogleTest.
+void UnitTestImpl::ConfigureStreamingOutput() {
+  const std::string& target = GTEST_FLAG(stream_result_to);
+  if (!target.empty()) {
+    const size_t pos = target.find(':');
+    if (pos != std::string::npos) {
+      listeners()->Append(new StreamingListener(target.substr(0, pos),
+                                                target.substr(pos+1)));
+    } else {
+      printf("WARNING: unrecognized streaming target \"%s\" ignored.\n",
+             target.c_str());
+      fflush(stdout);
+    }
+  }
+}
+#endif  // GTEST_CAN_STREAM_RESULTS_
+
+// Performs initialization dependent upon flag values obtained in
+// ParseGoogleTestFlagsOnly.  Is called from InitGoogleTest after the call to
+// ParseGoogleTestFlagsOnly.  In case a user neglects to call InitGoogleTest
+// this function is also called from RunAllTests.  Since this function can be
+// called more than once, it has to be idempotent.
+void UnitTestImpl::PostFlagParsingInit() {
+  // Ensures that this function does not execute more than once.
+  if (!post_flag_parse_init_performed_) {
+    post_flag_parse_init_performed_ = true;
+
+#if GTEST_HAS_DEATH_TEST
+    InitDeathTestSubprocessControlInfo();
+    SuppressTestEventsIfInSubprocess();
+#endif  // GTEST_HAS_DEATH_TEST
+
+    // Registers parameterized tests. This makes parameterized tests
+    // available to the UnitTest reflection API without running
+    // RUN_ALL_TESTS.
+    RegisterParameterizedTests();
+
+    // Configures listeners for XML output. This makes it possible for users
+    // to shut down the default XML output before invoking RUN_ALL_TESTS.
+    ConfigureXmlOutput();
+
+#if GTEST_CAN_STREAM_RESULTS_
+    // Configures listeners for streaming test results to the specified server.
+    ConfigureStreamingOutput();
+#endif  // GTEST_CAN_STREAM_RESULTS_
+  }
+}
+
+// A predicate that checks the name of a TestCase against a known
+// value.
+//
+// This is used for implementation of the UnitTest class only.  We put
+// it in the anonymous namespace to prevent polluting the outer
+// namespace.
+//
+// TestCaseNameIs is copyable.
+class TestCaseNameIs {
+ public:
+  // Constructor.
+  explicit TestCaseNameIs(const std::string& name)
+      : name_(name) {}
+
+  // Returns true iff the name of test_case matches name_.
+  bool operator()(const TestCase* test_case) const {
+    return test_case != NULL && strcmp(test_case->name(), name_.c_str()) == 0;
+  }
+
+ private:
+  std::string name_;
+};
+
+// Finds and returns a TestCase with the given name.  If one doesn't
+// exist, creates one and returns it.  It's the CALLER'S
+// RESPONSIBILITY to ensure that this function is only called WHEN THE
+// TESTS ARE NOT SHUFFLED.
+//
+// Arguments:
+//
+//   test_case_name: name of the test case
+//   type_param:     the name of the test case's type parameter, or NULL if
+//                   this is not a typed or a type-parameterized test case.
+//   set_up_tc:      pointer to the function that sets up the test case
+//   tear_down_tc:   pointer to the function that tears down the test case
+TestCase* UnitTestImpl::GetTestCase(const char* test_case_name,
+                                    const char* type_param,
+                                    Test::SetUpTestCaseFunc set_up_tc,
+                                    Test::TearDownTestCaseFunc tear_down_tc) {
+  // Can we find a TestCase with the given name?
+  const std::vector<TestCase*>::const_iterator test_case =
+      std::find_if(test_cases_.begin(), test_cases_.end(),
+                   TestCaseNameIs(test_case_name));
+
+  if (test_case != test_cases_.end())
+    return *test_case;
+
+  // No.  Let's create one.
+  TestCase* const new_test_case =
+      new TestCase(test_case_name, type_param, set_up_tc, tear_down_tc);
+
+  // Is this a death test case?
+  if (internal::UnitTestOptions::MatchesFilter(test_case_name,
+                                               kDeathTestCaseFilter)) {
+    // Yes.  Inserts the test case after the last death test case
+    // defined so far.  This only works when the test cases haven't
+    // been shuffled.  Otherwise we may end up running a death test
+    // after a non-death test.
+    ++last_death_test_case_;
+    test_cases_.insert(test_cases_.begin() + last_death_test_case_,
+                       new_test_case);
+  } else {
+    // No.  Appends to the end of the list.
+    test_cases_.push_back(new_test_case);
+  }
+
+  test_case_indices_.push_back(static_cast<int>(test_case_indices_.size()));
+  return new_test_case;
+}
+
+// Helpers for setting up / tearing down the given environment.  They
+// are for use in the ForEach() function.
+static void SetUpEnvironment(Environment* env) { env->SetUp(); }
+static void TearDownEnvironment(Environment* env) { env->TearDown(); }
+
+// Runs all tests in this UnitTest object, prints the result, and
+// returns true if all tests are successful.  If any exception is
+// thrown during a test, the test is considered to be failed, but the
+// rest of the tests will still be run.
+//
+// When parameterized tests are enabled, it expands and registers
+// parameterized tests first in RegisterParameterizedTests().
+// All other functions called from RunAllTests() may safely assume that
+// parameterized tests are ready to be counted and run.
+bool UnitTestImpl::RunAllTests() {
+  // Makes sure InitGoogleTest() was called.
+  if (!GTestIsInitialized()) {
+    printf("%s",
+           "\nThis test program did NOT call ::testing::InitGoogleTest "
+           "before calling RUN_ALL_TESTS().  Please fix it.\n");
+    return false;
+  }
+
+  // Do not run any test if the --help flag was specified.
+  if (g_help_flag)
+    return true;
+
+  // Repeats the call to the post-flag parsing initialization in case the
+  // user didn't call InitGoogleTest.
+  PostFlagParsingInit();
+
+  // Even if sharding is not on, test runners may want to use the
+  // GTEST_SHARD_STATUS_FILE to query whether the test supports the sharding
+  // protocol.
+  internal::WriteToShardStatusFileIfNeeded();
+
+  // True iff we are in a subprocess for running a thread-safe-style
+  // death test.
+  bool in_subprocess_for_death_test = false;
+
+#if GTEST_HAS_DEATH_TEST
+  in_subprocess_for_death_test = (internal_run_death_test_flag_.get() != NULL);
+#endif  // GTEST_HAS_DEATH_TEST
+
+  const bool should_shard = ShouldShard(kTestTotalShards, kTestShardIndex,
+                                        in_subprocess_for_death_test);
+
+  // Compares the full test names with the filter to decide which
+  // tests to run.
+  const bool has_tests_to_run = FilterTests(should_shard
+                                              ? HONOR_SHARDING_PROTOCOL
+                                              : IGNORE_SHARDING_PROTOCOL) > 0;
+
+  // Lists the tests and exits if the --gtest_list_tests flag was specified.
+  if (GTEST_FLAG(list_tests)) {
+    // This must be called *after* FilterTests() has been called.
+    ListTestsMatchingFilter();
+    return true;
+  }
+
+  random_seed_ = GTEST_FLAG(shuffle) ?
+      GetRandomSeedFromFlag(GTEST_FLAG(random_seed)) : 0;
+
+  // True iff at least one test has failed.
+  bool failed = false;
+
+  TestEventListener* repeater = listeners()->repeater();
+
+  start_timestamp_ = GetTimeInMillis();
+  repeater->OnTestProgramStart(*parent_);
+
+  // How many times to repeat the tests?  We don't want to repeat them
+  // when we are inside the subprocess of a death test.
+  const int repeat = in_subprocess_for_death_test ? 1 : GTEST_FLAG(repeat);
+  // Repeats forever if the repeat count is negative.
+  const bool forever = repeat < 0;
+  for (int i = 0; forever || i != repeat; i++) {
+    // We want to preserve failures generated by ad-hoc test
+    // assertions executed before RUN_ALL_TESTS().
+    ClearNonAdHocTestResult();
+
+    const TimeInMillis start = GetTimeInMillis();
+
+    // Shuffles test cases and tests if requested.
+    if (has_tests_to_run && GTEST_FLAG(shuffle)) {
+      random()->Reseed(random_seed_);
+      // This should be done before calling OnTestIterationStart(),
+      // such that a test event listener can see the actual test order
+      // in the event.
+      ShuffleTests();
+    }
+
+    // Tells the unit test event listeners that the tests are about to start.
+    repeater->OnTestIterationStart(*parent_, i);
+
+    // Runs each test case if there is at least one test to run.
+    if (has_tests_to_run) {
+      // Sets up all environments beforehand.
+      repeater->OnEnvironmentsSetUpStart(*parent_);
+      ForEach(environments_, SetUpEnvironment);
+      repeater->OnEnvironmentsSetUpEnd(*parent_);
+
+      // Runs the tests only if there was no fatal failure during global
+      // set-up.
+      if (!Test::HasFatalFailure()) {
+        for (int test_index = 0; test_index < total_test_case_count();
+             test_index++) {
+          GetMutableTestCase(test_index)->Run();
+        }
+      }
+
+      // Tears down all environments in reverse order afterwards.
+      repeater->OnEnvironmentsTearDownStart(*parent_);
+      std::for_each(environments_.rbegin(), environments_.rend(),
+                    TearDownEnvironment);
+      repeater->OnEnvironmentsTearDownEnd(*parent_);
+    }
+
+    elapsed_time_ = GetTimeInMillis() - start;
+
+    // Tells the unit test event listener that the tests have just finished.
+    repeater->OnTestIterationEnd(*parent_, i);
+
+    // Gets the result and clears it.
+    if (!Passed()) {
+      failed = true;
+    }
+
+    // Restores the original test order after the iteration.  This
+    // allows the user to quickly repro a failure that happens in the
+    // N-th iteration without repeating the first (N - 1) iterations.
+    // This is not enclosed in "if (GTEST_FLAG(shuffle)) { ... }", in
+    // case the user somehow changes the value of the flag somewhere
+    // (it's always safe to unshuffle the tests).
+    UnshuffleTests();
+
+    if (GTEST_FLAG(shuffle)) {
+      // Picks a new random seed for each iteration.
+      random_seed_ = GetNextRandomSeed(random_seed_);
+    }
+  }
+
+  repeater->OnTestProgramEnd(*parent_);
+
+  return !failed;
+}
+
+// Reads the GTEST_SHARD_STATUS_FILE environment variable, and creates the file
+// if the variable is present. If a file already exists at this location, this
+// function will write over it. If the variable is present, but the file cannot
+// be created, prints an error and exits.
+void WriteToShardStatusFileIfNeeded() {
+  const char* const test_shard_file = posix::GetEnv(kTestShardStatusFile);
+  if (test_shard_file != NULL) {
+    FILE* const file = posix::FOpen(test_shard_file, "w");
+    if (file == NULL) {
+      ColoredPrintf(COLOR_RED,
+                    "Could not write to the test shard status file \"%s\" "
+                    "specified by the %s environment variable.\n",
+                    test_shard_file, kTestShardStatusFile);
+      fflush(stdout);
+      exit(EXIT_FAILURE);
+    }
+    fclose(file);
+  }
+}
+
+// Checks whether sharding is enabled by examining the relevant
+// environment variable values. If the variables are present,
+// but inconsistent (i.e., shard_index >= total_shards), prints
+// an error and exits. If in_subprocess_for_death_test, sharding is
+// disabled because it must only be applied to the original test
+// process. Otherwise, we could filter out death tests we intended to execute.
+bool ShouldShard(const char* total_shards_env,
+                 const char* shard_index_env,
+                 bool in_subprocess_for_death_test) {
+  if (in_subprocess_for_death_test) {
+    return false;
+  }
+
+  const Int32 total_shards = Int32FromEnvOrDie(total_shards_env, -1);
+  const Int32 shard_index = Int32FromEnvOrDie(shard_index_env, -1);
+
+  if (total_shards == -1 && shard_index == -1) {
+    return false;
+  } else if (total_shards == -1 && shard_index != -1) {
+    const Message msg = Message()
+      << "Invalid environment variables: you have "
+      << kTestShardIndex << " = " << shard_index
+      << ", but have left " << kTestTotalShards << " unset.\n";
+    ColoredPrintf(COLOR_RED, msg.GetString().c_str());
+    fflush(stdout);
+    exit(EXIT_FAILURE);
+  } else if (total_shards != -1 && shard_index == -1) {
+    const Message msg = Message()
+      << "Invalid environment variables: you have "
+      << kTestTotalShards << " = " << total_shards
+      << ", but have left " << kTestShardIndex << " unset.\n";
+    ColoredPrintf(COLOR_RED, msg.GetString().c_str());
+    fflush(stdout);
+    exit(EXIT_FAILURE);
+  } else if (shard_index < 0 || shard_index >= total_shards) {
+    const Message msg = Message()
+      << "Invalid environment variables: we require 0 <= "
+      << kTestShardIndex << " < " << kTestTotalShards
+      << ", but you have " << kTestShardIndex << "=" << shard_index
+      << ", " << kTestTotalShards << "=" << total_shards << ".\n";
+    ColoredPrintf(COLOR_RED, msg.GetString().c_str());
+    fflush(stdout);
+    exit(EXIT_FAILURE);
+  }
+
+  return total_shards > 1;
+}
+
+// Parses the environment variable var as an Int32. If it is unset,
+// returns default_val. If it is not an Int32, prints an error
+// and aborts.
+Int32 Int32FromEnvOrDie(const char* var, Int32 default_val) {
+  const char* str_val = posix::GetEnv(var);
+  if (str_val == NULL) {
+    return default_val;
+  }
+
+  Int32 result;
+  if (!ParseInt32(Message() << "The value of environment variable " << var,
+                  str_val, &result)) {
+    exit(EXIT_FAILURE);
+  }
+  return result;
+}
+
+// Given the total number of shards, the shard index, and the test id,
+// returns true iff the test should be run on this shard. The test id is
+// some arbitrary but unique non-negative integer assigned to each test
+// method. Assumes that 0 <= shard_index < total_shards.
+bool ShouldRunTestOnShard(int total_shards, int shard_index, int test_id) {
+  return (test_id % total_shards) == shard_index;
+}
+
+// Compares the name of each test with the user-specified filter to
+// decide whether the test should be run, then records the result in
+// each TestCase and TestInfo object.
+// If shard_tests == true, further filters tests based on sharding
+// variables in the environment - see
+// http://code.google.com/p/googletest/wiki/GoogleTestAdvancedGuide.
+// Returns the number of tests that should run.
+int UnitTestImpl::FilterTests(ReactionToSharding shard_tests) {
+  const Int32 total_shards = shard_tests == HONOR_SHARDING_PROTOCOL ?
+      Int32FromEnvOrDie(kTestTotalShards, -1) : -1;
+  const Int32 shard_index = shard_tests == HONOR_SHARDING_PROTOCOL ?
+      Int32FromEnvOrDie(kTestShardIndex, -1) : -1;
+
+  // num_runnable_tests are the number of tests that will
+  // run across all shards (i.e., match filter and are not disabled).
+  // num_selected_tests are the number of tests to be run on
+  // this shard.
+  int num_runnable_tests = 0;
+  int num_selected_tests = 0;
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    TestCase* const test_case = test_cases_[i];
+    const std::string &test_case_name = test_case->name();
+    test_case->set_should_run(false);
+
+    for (size_t j = 0; j < test_case->test_info_list().size(); j++) {
+      TestInfo* const test_info = test_case->test_info_list()[j];
+      const std::string test_name(test_info->name());
+      // A test is disabled if test case name or test name matches
+      // kDisableTestFilter.
+      const bool is_disabled =
+          internal::UnitTestOptions::MatchesFilter(test_case_name,
+                                                   kDisableTestFilter) ||
+          internal::UnitTestOptions::MatchesFilter(test_name,
+                                                   kDisableTestFilter);
+      test_info->is_disabled_ = is_disabled;
+
+      const bool matches_filter =
+          internal::UnitTestOptions::FilterMatchesTest(test_case_name,
+                                                       test_name);
+      test_info->matches_filter_ = matches_filter;
+
+      const bool is_runnable =
+          (GTEST_FLAG(also_run_disabled_tests) || !is_disabled) &&
+          matches_filter;
+
+      const bool is_selected = is_runnable &&
+          (shard_tests == IGNORE_SHARDING_PROTOCOL ||
+           ShouldRunTestOnShard(total_shards, shard_index,
+                                num_runnable_tests));
+
+      num_runnable_tests += is_runnable;
+      num_selected_tests += is_selected;
+
+      test_info->should_run_ = is_selected;
+      test_case->set_should_run(test_case->should_run() || is_selected);
+    }
+  }
+  return num_selected_tests;
+}
+
+// Prints the given C-string on a single line by replacing all '\n'
+// characters with string "\\n".  If the output takes more than
+// max_length characters, only prints the first max_length characters
+// and "...".
+static void PrintOnOneLine(const char* str, int max_length) {
+  if (str != NULL) {
+    for (int i = 0; *str != '\0'; ++str) {
+      if (i >= max_length) {
+        printf("...");
+        break;
+      }
+      if (*str == '\n') {
+        printf("\\n");
+        i += 2;
+      } else {
+        printf("%c", *str);
+        ++i;
+      }
+    }
+  }
+}
+
+// Prints the names of the tests matching the user-specified filter flag.
+void UnitTestImpl::ListTestsMatchingFilter() {
+  // Print at most this many characters for each type/value parameter.
+  const int kMaxParamLength = 250;
+
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    const TestCase* const test_case = test_cases_[i];
+    bool printed_test_case_name = false;
+
+    for (size_t j = 0; j < test_case->test_info_list().size(); j++) {
+      const TestInfo* const test_info =
+          test_case->test_info_list()[j];
+      if (test_info->matches_filter_) {
+        if (!printed_test_case_name) {
+          printed_test_case_name = true;
+          printf("%s.", test_case->name());
+          if (test_case->type_param() != NULL) {
+            printf("  # %s = ", kTypeParamLabel);
+            // We print the type parameter on a single line to make
+            // the output easy to parse by a program.
+            PrintOnOneLine(test_case->type_param(), kMaxParamLength);
+          }
+          printf("\n");
+        }
+        printf("  %s", test_info->name());
+        if (test_info->value_param() != NULL) {
+          printf("  # %s = ", kValueParamLabel);
+          // We print the value parameter on a single line to make the
+          // output easy to parse by a program.
+          PrintOnOneLine(test_info->value_param(), kMaxParamLength);
+        }
+        printf("\n");
+      }
+    }
+  }
+  fflush(stdout);
+}
+
+// Sets the OS stack trace getter.
+//
+// Does nothing if the input and the current OS stack trace getter are
+// the same; otherwise, deletes the old getter and makes the input the
+// current getter.
+void UnitTestImpl::set_os_stack_trace_getter(
+    OsStackTraceGetterInterface* getter) {
+  if (os_stack_trace_getter_ != getter) {
+    delete os_stack_trace_getter_;
+    os_stack_trace_getter_ = getter;
+  }
+}
+
+// Returns the current OS stack trace getter if it is not NULL;
+// otherwise, creates an OsStackTraceGetter, makes it the current
+// getter, and returns it.
+OsStackTraceGetterInterface* UnitTestImpl::os_stack_trace_getter() {
+  if (os_stack_trace_getter_ == NULL) {
+    os_stack_trace_getter_ = new OsStackTraceGetter;
+  }
+
+  return os_stack_trace_getter_;
+}
+
+// Returns the TestResult for the test that's currently running, or
+// the TestResult for the ad hoc test if no test is running.
+TestResult* UnitTestImpl::current_test_result() {
+  return current_test_info_ ?
+      &(current_test_info_->result_) : &ad_hoc_test_result_;
+}
+
+// Shuffles all test cases, and the tests within each test case,
+// making sure that death tests are still run first.
+void UnitTestImpl::ShuffleTests() {
+  // Shuffles the death test cases.
+  ShuffleRange(random(), 0, last_death_test_case_ + 1, &test_case_indices_);
+
+  // Shuffles the non-death test cases.
+  ShuffleRange(random(), last_death_test_case_ + 1,
+               static_cast<int>(test_cases_.size()), &test_case_indices_);
+
+  // Shuffles the tests inside each test case.
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    test_cases_[i]->ShuffleTests(random());
+  }
+}
+
+// Restores the test cases and tests to their order before the first shuffle.
+void UnitTestImpl::UnshuffleTests() {
+  for (size_t i = 0; i < test_cases_.size(); i++) {
+    // Unshuffles the tests in each test case.
+    test_cases_[i]->UnshuffleTests();
+    // Resets the index of each test case.
+    test_case_indices_[i] = static_cast<int>(i);
+  }
+}
+
+// Returns the current OS stack trace as an std::string.
+//
+// The maximum number of stack frames to be included is specified by
+// the gtest_stack_trace_depth flag.  The skip_count parameter
+// specifies the number of top frames to be skipped, which doesn't
+// count against the number of frames to be included.
+//
+// For example, if Foo() calls Bar(), which in turn calls
+// GetCurrentOsStackTraceExceptTop(..., 1), Foo() will be included in
+// the trace but Bar() and GetCurrentOsStackTraceExceptTop() won't.
+std::string GetCurrentOsStackTraceExceptTop(UnitTest* /*unit_test*/,
+                                            int skip_count) {
+  // We pass skip_count + 1 to skip this wrapper function in addition
+  // to what the user really wants to skip.
+  return GetUnitTestImpl()->CurrentOsStackTraceExceptTop(skip_count + 1);
+}
+
+// Used by the GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_ macro to
+// suppress unreachable code warnings.
+namespace {
+class ClassUniqueToAlwaysTrue {};
+}
+
+bool IsTrue(bool condition) { return condition; }
+
+bool AlwaysTrue() {
+#if GTEST_HAS_EXCEPTIONS
+  // This condition is always false so AlwaysTrue() never actually throws,
+  // but it makes the compiler think that it may throw.
+  if (IsTrue(false))
+    throw ClassUniqueToAlwaysTrue();
+#endif  // GTEST_HAS_EXCEPTIONS
+  return true;
+}
+
+// If *pstr starts with the given prefix, modifies *pstr to be right
+// past the prefix and returns true; otherwise leaves *pstr unchanged
+// and returns false.  None of pstr, *pstr, and prefix can be NULL.
+bool SkipPrefix(const char* prefix, const char** pstr) {
+  const size_t prefix_len = strlen(prefix);
+  if (strncmp(*pstr, prefix, prefix_len) == 0) {
+    *pstr += prefix_len;
+    return true;
+  }
+  return false;
+}
+
+// Parses a string as a command line flag.  The string should have
+// the format "--flag=value".  When def_optional is true, the "=value"
+// part can be omitted.
+//
+// Returns the value of the flag, or NULL if the parsing failed.
+const char* ParseFlagValue(const char* str,
+                           const char* flag,
+                           bool def_optional) {
+  // str and flag must not be NULL.
+  if (str == NULL || flag == NULL) return NULL;
+
+  // The flag must start with "--" followed by GTEST_FLAG_PREFIX_.
+  const std::string flag_str = std::string("--") + GTEST_FLAG_PREFIX_ + flag;
+  const size_t flag_len = flag_str.length();
+  if (strncmp(str, flag_str.c_str(), flag_len) != 0) return NULL;
+
+  // Skips the flag name.
+  const char* flag_end = str + flag_len;
+
+  // When def_optional is true, it's OK to not have a "=value" part.
+  if (def_optional && (flag_end[0] == '\0')) {
+    return flag_end;
+  }
+
+  // If def_optional is true and there are more characters after the
+  // flag name, or if def_optional is false, there must be a '=' after
+  // the flag name.
+  if (flag_end[0] != '=') return NULL;
+
+  // Returns the string after "=".
+  return flag_end + 1;
+}
+
+// Parses a string for a bool flag, in the form of either
+// "--flag=value" or "--flag".
+//
+// In the former case, the value is taken as true as long as it does
+// not start with '0', 'f', or 'F'.
+//
+// In the latter case, the value is taken as true.
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+bool ParseBoolFlag(const char* str, const char* flag, bool* value) {
+  // Gets the value of the flag as a string.
+  const char* const value_str = ParseFlagValue(str, flag, true);
+
+  // Aborts if the parsing failed.
+  if (value_str == NULL) return false;
+
+  // Converts the string value to a bool.
+  *value = !(*value_str == '0' || *value_str == 'f' || *value_str == 'F');
+  return true;
+}
+
+// Parses a string for an Int32 flag, in the form of
+// "--flag=value".
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+bool ParseInt32Flag(const char* str, const char* flag, Int32* value) {
+  // Gets the value of the flag as a string.
+  const char* const value_str = ParseFlagValue(str, flag, false);
+
+  // Aborts if the parsing failed.
+  if (value_str == NULL) return false;
+
+  // Sets *value to the value of the flag.
+  return ParseInt32(Message() << "The value of flag --" << flag,
+                    value_str, value);
+}
+
+// Parses a string for a string flag, in the form of
+// "--flag=value".
+//
+// On success, stores the value of the flag in *value, and returns
+// true.  On failure, returns false without changing *value.
+bool ParseStringFlag(const char* str, const char* flag, std::string* value) {
+  // Gets the value of the flag as a string.
+  const char* const value_str = ParseFlagValue(str, flag, false);
+
+  // Aborts if the parsing failed.
+  if (value_str == NULL) return false;
+
+  // Sets *value to the value of the flag.
+  *value = value_str;
+  return true;
+}
+
+// Determines whether a string has a prefix that Google Test uses for its
+// flags, i.e., starts with GTEST_FLAG_PREFIX_ or GTEST_FLAG_PREFIX_DASH_.
+// If Google Test detects that a command line flag has its prefix but is not
+// recognized, it will print its help message. Flags starting with
+// GTEST_INTERNAL_PREFIX_ followed by "internal_" are considered Google Test
+// internal flags and do not trigger the help message.
+static bool HasGoogleTestFlagPrefix(const char* str) {
+  return (SkipPrefix("--", &str) ||
+          SkipPrefix("-", &str) ||
+          SkipPrefix("/", &str)) &&
+         !SkipPrefix(GTEST_FLAG_PREFIX_ "internal_", &str) &&
+         (SkipPrefix(GTEST_FLAG_PREFIX_, &str) ||
+          SkipPrefix(GTEST_FLAG_PREFIX_DASH_, &str));
+}
+
+// Prints a string containing code-encoded text.  The following escape
+// sequences can be used in the string to control the text color:
+//
+//   @@    prints a single '@' character.
+//   @R    changes the color to red.
+//   @G    changes the color to green.
+//   @Y    changes the color to yellow.
+//   @D    changes to the default terminal text color.
+//
+// TODO(wan@google.com): Write tests for this once we add stdout
+// capturing to Google Test.
+static void PrintColorEncoded(const char* str) {
+  GTestColor color = COLOR_DEFAULT;  // The current color.
+
+  // Conceptually, we split the string into segments divided by escape
+  // sequences.  Then we print one segment at a time.  At the end of
+  // each iteration, the str pointer advances to the beginning of the
+  // next segment.
+  for (;;) {
+    const char* p = strchr(str, '@');
+    if (p == NULL) {
+      ColoredPrintf(color, "%s", str);
+      return;
+    }
+
+    ColoredPrintf(color, "%s", std::string(str, p).c_str());
+
+    const char ch = p[1];
+    str = p + 2;
+    if (ch == '@') {
+      ColoredPrintf(color, "@");
+    } else if (ch == 'D') {
+      color = COLOR_DEFAULT;
+    } else if (ch == 'R') {
+      color = COLOR_RED;
+    } else if (ch == 'G') {
+      color = COLOR_GREEN;
+    } else if (ch == 'Y') {
+      color = COLOR_YELLOW;
+    } else {
+      --str;
+    }
+  }
+}
+
+static const char kColorEncodedHelpMessage[] =
+"This program contains tests written using " GTEST_NAME_ ". You can use the\n"
+"following command line flags to control its behavior:\n"
+"\n"
+"Test Selection:\n"
+"  @G--" GTEST_FLAG_PREFIX_ "list_tests@D\n"
+"      List the names of all tests instead of running them. The name of\n"
+"      TEST(Foo, Bar) is \"Foo.Bar\".\n"
+"  @G--" GTEST_FLAG_PREFIX_ "filter=@YPOSTIVE_PATTERNS"
+    "[@G-@YNEGATIVE_PATTERNS]@D\n"
+"      Run only the tests whose name matches one of the positive patterns but\n"
+"      none of the negative patterns. '?' matches any single character; '*'\n"
+"      matches any substring; ':' separates two patterns.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "also_run_disabled_tests@D\n"
+"      Run all disabled tests too.\n"
+"\n"
+"Test Execution:\n"
+"  @G--" GTEST_FLAG_PREFIX_ "repeat=@Y[COUNT]@D\n"
+"      Run the tests repeatedly; use a negative count to repeat forever.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "shuffle@D\n"
+"      Randomize tests' orders on every iteration.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "random_seed=@Y[NUMBER]@D\n"
+"      Random number seed to use for shuffling test orders (between 1 and\n"
+"      99999, or 0 to use a seed based on the current time).\n"
+"\n"
+"Test Output:\n"
+"  @G--" GTEST_FLAG_PREFIX_ "color=@Y(@Gyes@Y|@Gno@Y|@Gauto@Y)@D\n"
+"      Enable/disable colored output. The default is @Gauto@D.\n"
+"  -@G-" GTEST_FLAG_PREFIX_ "print_time=0@D\n"
+"      Don't print the elapsed time of each test.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "output=xml@Y[@G:@YDIRECTORY_PATH@G"
+    GTEST_PATH_SEP_ "@Y|@G:@YFILE_PATH]@D\n"
+"      Generate an XML report in the given directory or with the given file\n"
+"      name. @YFILE_PATH@D defaults to @Gtest_details.xml@D.\n"
+#if GTEST_CAN_STREAM_RESULTS_
+"  @G--" GTEST_FLAG_PREFIX_ "stream_result_to=@YHOST@G:@YPORT@D\n"
+"      Stream test results to the given server.\n"
+#endif  // GTEST_CAN_STREAM_RESULTS_
+"\n"
+"Assertion Behavior:\n"
+#if GTEST_HAS_DEATH_TEST && !GTEST_OS_WINDOWS
+"  @G--" GTEST_FLAG_PREFIX_ "death_test_style=@Y(@Gfast@Y|@Gthreadsafe@Y)@D\n"
+"      Set the default death test style.\n"
+#endif  // GTEST_HAS_DEATH_TEST && !GTEST_OS_WINDOWS
+"  @G--" GTEST_FLAG_PREFIX_ "break_on_failure@D\n"
+"      Turn assertion failures into debugger break-points.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "throw_on_failure@D\n"
+"      Turn assertion failures into C++ exceptions.\n"
+"  @G--" GTEST_FLAG_PREFIX_ "catch_exceptions=0@D\n"
+"      Do not report exceptions as test failures. Instead, allow them\n"
+"      to crash the program or throw a pop-up (on Windows).\n"
+"\n"
+"Except for @G--" GTEST_FLAG_PREFIX_ "list_tests@D, you can alternatively set "
+    "the corresponding\n"
+"environment variable of a flag (all letters in upper-case). For example, to\n"
+"disable colored text output, you can either specify @G--" GTEST_FLAG_PREFIX_
+    "color=no@D or set\n"
+"the @G" GTEST_FLAG_PREFIX_UPPER_ "COLOR@D environment variable to @Gno@D.\n"
+"\n"
+"For more information, please read the " GTEST_NAME_ " documentation at\n"
+"@G" GTEST_PROJECT_URL_ "@D. If you find a bug in " GTEST_NAME_ "\n"
+"(not one in your own code or tests), please report it to\n"
+"@G<" GTEST_DEV_EMAIL_ ">@D.\n";
+
+// Parses the command line for Google Test flags, without initializing
+// other parts of Google Test.  The type parameter CharType can be
+// instantiated to either char or wchar_t.
+template <typename CharType>
+void ParseGoogleTestFlagsOnlyImpl(int* argc, CharType** argv) {
+  for (int i = 1; i < *argc; i++) {
+    const std::string arg_string = StreamableToString(argv[i]);
+    const char* const arg = arg_string.c_str();
+
+    using internal::ParseBoolFlag;
+    using internal::ParseInt32Flag;
+    using internal::ParseStringFlag;
+
+    // Do we see a Google Test flag?
+    if (ParseBoolFlag(arg, kAlsoRunDisabledTestsFlag,
+                      &GTEST_FLAG(also_run_disabled_tests)) ||
+        ParseBoolFlag(arg, kBreakOnFailureFlag,
+                      &GTEST_FLAG(break_on_failure)) ||
+        ParseBoolFlag(arg, kCatchExceptionsFlag,
+                      &GTEST_FLAG(catch_exceptions)) ||
+        ParseStringFlag(arg, kColorFlag, &GTEST_FLAG(color)) ||
+        ParseStringFlag(arg, kDeathTestStyleFlag,
+                        &GTEST_FLAG(death_test_style)) ||
+        ParseBoolFlag(arg, kDeathTestUseFork,
+                      &GTEST_FLAG(death_test_use_fork)) ||
+        ParseStringFlag(arg, kFilterFlag, &GTEST_FLAG(filter)) ||
+        ParseStringFlag(arg, kInternalRunDeathTestFlag,
+                        &GTEST_FLAG(internal_run_death_test)) ||
+        ParseBoolFlag(arg, kListTestsFlag, &GTEST_FLAG(list_tests)) ||
+        ParseStringFlag(arg, kOutputFlag, &GTEST_FLAG(output)) ||
+        ParseBoolFlag(arg, kPrintTimeFlag, &GTEST_FLAG(print_time)) ||
+        ParseInt32Flag(arg, kRandomSeedFlag, &GTEST_FLAG(random_seed)) ||
+        ParseInt32Flag(arg, kRepeatFlag, &GTEST_FLAG(repeat)) ||
+        ParseBoolFlag(arg, kShuffleFlag, &GTEST_FLAG(shuffle)) ||
+        ParseInt32Flag(arg, kStackTraceDepthFlag,
+                       &GTEST_FLAG(stack_trace_depth)) ||
+        ParseStringFlag(arg, kStreamResultToFlag,
+                        &GTEST_FLAG(stream_result_to)) ||
+        ParseBoolFlag(arg, kThrowOnFailureFlag,
+                      &GTEST_FLAG(throw_on_failure))
+        ) {
+      // Yes.  Shift the remainder of the argv list left by one.  Note
+      // that argv has (*argc + 1) elements, the last one always being
+      // NULL.  The following loop moves the trailing NULL element as
+      // well.
+      for (int j = i; j != *argc; j++) {
+        argv[j] = argv[j + 1];
+      }
+
+      // Decrements the argument count.
+      (*argc)--;
+
+      // We also need to decrement the iterator as we just removed
+      // an element.
+      i--;
+    } else if (arg_string == "--help" || arg_string == "-h" ||
+               arg_string == "-?" || arg_string == "/?" ||
+               HasGoogleTestFlagPrefix(arg)) {
+      // Both help flag and unrecognized Google Test flags (excluding
+      // internal ones) trigger help display.
+      g_help_flag = true;
+    }
+  }
+
+  if (g_help_flag) {
+    // We print the help here instead of in RUN_ALL_TESTS(), as the
+    // latter may not be called at all if the user is using Google
+    // Test with another testing framework.
+    PrintColorEncoded(kColorEncodedHelpMessage);
+  }
+}
+
+// Parses the command line for Google Test flags, without initializing
+// other parts of Google Test.
+void ParseGoogleTestFlagsOnly(int* argc, char** argv) {
+  ParseGoogleTestFlagsOnlyImpl(argc, argv);
+}
+void ParseGoogleTestFlagsOnly(int* argc, wchar_t** argv) {
+  ParseGoogleTestFlagsOnlyImpl(argc, argv);
+}
+
+// The internal implementation of InitGoogleTest().
+//
+// The type parameter CharType can be instantiated to either char or
+// wchar_t.
+template <typename CharType>
+void InitGoogleTestImpl(int* argc, CharType** argv) {
+  g_init_gtest_count++;
+
+  // We don't want to run the initialization code twice.
+  if (g_init_gtest_count != 1) return;
+
+  if (*argc <= 0) return;
+
+  internal::g_executable_path = internal::StreamableToString(argv[0]);
+
+#if GTEST_HAS_DEATH_TEST
+
+  g_argvs.clear();
+  for (int i = 0; i != *argc; i++) {
+    g_argvs.push_back(StreamableToString(argv[i]));
+  }
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+  ParseGoogleTestFlagsOnly(argc, argv);
+  GetUnitTestImpl()->PostFlagParsingInit();
+}
+
+}  // namespace internal
+
+// Initializes Google Test.  This must be called before calling
+// RUN_ALL_TESTS().  In particular, it parses a command line for the
+// flags that Google Test recognizes.  Whenever a Google Test flag is
+// seen, it is removed from argv, and *argc is decremented.
+//
+// No value is returned.  Instead, the Google Test flag variables are
+// updated.
+//
+// Calling the function for the second time has no user-visible effect.
+void InitGoogleTest(int* argc, char** argv) {
+  internal::InitGoogleTestImpl(argc, argv);
+}
+
+// This overloaded version can be used in Windows programs compiled in
+// UNICODE mode.
+void InitGoogleTest(int* argc, wchar_t** argv) {
+  internal::InitGoogleTestImpl(argc, argv);
+}
+
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/src/gtest_main.cc b/nss/gtests/google_test/gtest/src/gtest_main.cc
new file mode 100644
index 0000000..f302822
--- /dev/null
+++ b/nss/gtests/google_test/gtest/src/gtest_main.cc
@@ -0,0 +1,38 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+GTEST_API_ int main(int argc, char **argv) {
+  printf("Running main() from gtest_main.cc\n");
+  testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest-death-test_ex_test.cc b/nss/gtests/google_test/gtest/test/gtest-death-test_ex_test.cc
new file mode 100644
index 0000000..b50a13d
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-death-test_ex_test.cc
@@ -0,0 +1,93 @@
+// Copyright 2010, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests that verify interaction of exceptions and death tests.
+
+#include "gtest/gtest-death-test.h"
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_DEATH_TEST
+
+# if GTEST_HAS_SEH
+#  include <windows.h>          // For RaiseException().
+# endif
+
+# include "gtest/gtest-spi.h"
+
+# if GTEST_HAS_EXCEPTIONS
+
+#  include <exception>  // For std::exception.
+
+// Tests that death tests report thrown exceptions as failures and that the
+// exceptions do not escape death test macros.
+TEST(CxxExceptionDeathTest, ExceptionIsFailure) {
+  try {
+    EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(throw 1, ""), "threw an exception");
+  } catch (...) {  // NOLINT
+    FAIL() << "An exception escaped a death test macro invocation "
+           << "with catch_exceptions "
+           << (testing::GTEST_FLAG(catch_exceptions) ? "enabled" : "disabled");
+  }
+}
+
+class TestException : public std::exception {
+ public:
+  virtual const char* what() const throw() { return "exceptional message"; }
+};
+
+TEST(CxxExceptionDeathTest, PrintsMessageForStdExceptions) {
+  // Verifies that the exception message is quoted in the failure text.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(throw TestException(), ""),
+                          "exceptional message");
+  // Verifies that the location is mentioned in the failure text.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(throw TestException(), ""),
+                          "gtest-death-test_ex_test.cc");
+}
+# endif  // GTEST_HAS_EXCEPTIONS
+
+# if GTEST_HAS_SEH
+// Tests that enabling interception of SEH exceptions with the
+// catch_exceptions flag does not interfere with SEH exceptions being
+// treated as death by death tests.
+TEST(SehExceptionDeasTest, CatchExceptionsDoesNotInterfere) {
+  EXPECT_DEATH(RaiseException(42, 0x0, 0, NULL), "")
+      << "with catch_exceptions "
+      << (testing::GTEST_FLAG(catch_exceptions) ? "enabled" : "disabled");
+}
+# endif
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+  testing::GTEST_FLAG(catch_exceptions) = GTEST_ENABLE_CATCH_EXCEPTIONS_ != 0;
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest-death-test_test.cc b/nss/gtests/google_test/gtest/test/gtest-death-test_test.cc
new file mode 100644
index 0000000..b25bc22
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-death-test_test.cc
@@ -0,0 +1,1423 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for death tests.
+
+#include "gtest/gtest-death-test.h"
+#include "gtest/gtest.h"
+#include "gtest/internal/gtest-filepath.h"
+
+using testing::internal::AlwaysFalse;
+using testing::internal::AlwaysTrue;
+
+#if GTEST_HAS_DEATH_TEST
+
+# if GTEST_OS_WINDOWS
+#  include <direct.h>          // For chdir().
+# else
+#  include <unistd.h>
+#  include <sys/wait.h>        // For waitpid.
+# endif  // GTEST_OS_WINDOWS
+
+# include <limits.h>
+# include <signal.h>
+# include <stdio.h>
+
+# if GTEST_OS_LINUX
+#  include <sys/time.h>
+# endif  // GTEST_OS_LINUX
+
+# include "gtest/gtest-spi.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+# define GTEST_IMPLEMENTATION_ 1
+# include "src/gtest-internal-inl.h"
+# undef GTEST_IMPLEMENTATION_
+
+namespace posix = ::testing::internal::posix;
+
+using testing::Message;
+using testing::internal::DeathTest;
+using testing::internal::DeathTestFactory;
+using testing::internal::FilePath;
+using testing::internal::GetLastErrnoDescription;
+using testing::internal::GetUnitTestImpl;
+using testing::internal::InDeathTestChild;
+using testing::internal::ParseNaturalNumber;
+
+namespace testing {
+namespace internal {
+
+// A helper class whose objects replace the death test factory for a
+// single UnitTest object during their lifetimes.
+class ReplaceDeathTestFactory {
+ public:
+  explicit ReplaceDeathTestFactory(DeathTestFactory* new_factory)
+      : unit_test_impl_(GetUnitTestImpl()) {
+    old_factory_ = unit_test_impl_->death_test_factory_.release();
+    unit_test_impl_->death_test_factory_.reset(new_factory);
+  }
+
+  ~ReplaceDeathTestFactory() {
+    unit_test_impl_->death_test_factory_.release();
+    unit_test_impl_->death_test_factory_.reset(old_factory_);
+  }
+ private:
+  // Prevents copying ReplaceDeathTestFactory objects.
+  ReplaceDeathTestFactory(const ReplaceDeathTestFactory&);
+  void operator=(const ReplaceDeathTestFactory&);
+
+  UnitTestImpl* unit_test_impl_;
+  DeathTestFactory* old_factory_;
+};
+
+}  // namespace internal
+}  // namespace testing
+
+void DieWithMessage(const ::std::string& message) {
+  fprintf(stderr, "%s", message.c_str());
+  fflush(stderr);  // Make sure the text is printed before the process exits.
+
+  // We call _exit() instead of exit(), as the former is a direct
+  // system call and thus safer in the presence of threads.  exit()
+  // will invoke user-defined exit-hooks, which may do dangerous
+  // things that conflict with death tests.
+  //
+  // Some compilers can recognize that _exit() never returns and issue the
+  // 'unreachable code' warning for code following this function, unless
+  // fooled by a fake condition.
+  if (AlwaysTrue())
+    _exit(1);
+}
+
+void DieInside(const ::std::string& function) {
+  DieWithMessage("death inside " + function + "().");
+}
+
+// Tests that death tests work.
+
+class TestForDeathTest : public testing::Test {
+ protected:
+  TestForDeathTest() : original_dir_(FilePath::GetCurrentDir()) {}
+
+  virtual ~TestForDeathTest() {
+    posix::ChDir(original_dir_.c_str());
+  }
+
+  // A static member function that's expected to die.
+  static void StaticMemberFunction() { DieInside("StaticMemberFunction"); }
+
+  // A method of the test fixture that may die.
+  void MemberFunction() {
+    if (should_die_)
+      DieInside("MemberFunction");
+  }
+
+  // True iff MemberFunction() should die.
+  bool should_die_;
+  const FilePath original_dir_;
+};
+
+// A class with a member function that may die.
+class MayDie {
+ public:
+  explicit MayDie(bool should_die) : should_die_(should_die) {}
+
+  // A member function that may die.
+  void MemberFunction() const {
+    if (should_die_)
+      DieInside("MayDie::MemberFunction");
+  }
+
+ private:
+  // True iff MemberFunction() should die.
+  bool should_die_;
+};
+
+// A global function that's expected to die.
+void GlobalFunction() { DieInside("GlobalFunction"); }
+
+// A non-void function that's expected to die.
+int NonVoidFunction() {
+  DieInside("NonVoidFunction");
+  return 1;
+}
+
+// A unary function that may die.
+void DieIf(bool should_die) {
+  if (should_die)
+    DieInside("DieIf");
+}
+
+// A binary function that may die.
+bool DieIfLessThan(int x, int y) {
+  if (x < y) {
+    DieInside("DieIfLessThan");
+  }
+  return true;
+}
+
+// Tests that ASSERT_DEATH can be used outside a TEST, TEST_F, or test fixture.
+void DeathTestSubroutine() {
+  EXPECT_DEATH(GlobalFunction(), "death.*GlobalFunction");
+  ASSERT_DEATH(GlobalFunction(), "death.*GlobalFunction");
+}
+
+// Death in dbg, not opt.
+int DieInDebugElse12(int* sideeffect) {
+  if (sideeffect) *sideeffect = 12;
+
+# ifndef NDEBUG
+
+  DieInside("DieInDebugElse12");
+
+# endif  // NDEBUG
+
+  return 12;
+}
+
+# if GTEST_OS_WINDOWS
+
+// Tests the ExitedWithCode predicate.
+TEST(ExitStatusPredicateTest, ExitedWithCode) {
+  // On Windows, the process's exit code is the same as its exit status,
+  // so the predicate just compares the its input with its parameter.
+  EXPECT_TRUE(testing::ExitedWithCode(0)(0));
+  EXPECT_TRUE(testing::ExitedWithCode(1)(1));
+  EXPECT_TRUE(testing::ExitedWithCode(42)(42));
+  EXPECT_FALSE(testing::ExitedWithCode(0)(1));
+  EXPECT_FALSE(testing::ExitedWithCode(1)(0));
+}
+
+# else
+
+// Returns the exit status of a process that calls _exit(2) with a
+// given exit code.  This is a helper function for the
+// ExitStatusPredicateTest test suite.
+static int NormalExitStatus(int exit_code) {
+  pid_t child_pid = fork();
+  if (child_pid == 0) {
+    _exit(exit_code);
+  }
+  int status;
+  waitpid(child_pid, &status, 0);
+  return status;
+}
+
+// Returns the exit status of a process that raises a given signal.
+// If the signal does not cause the process to die, then it returns
+// instead the exit status of a process that exits normally with exit
+// code 1.  This is a helper function for the ExitStatusPredicateTest
+// test suite.
+static int KilledExitStatus(int signum) {
+  pid_t child_pid = fork();
+  if (child_pid == 0) {
+    raise(signum);
+    _exit(1);
+  }
+  int status;
+  waitpid(child_pid, &status, 0);
+  return status;
+}
+
+// Tests the ExitedWithCode predicate.
+TEST(ExitStatusPredicateTest, ExitedWithCode) {
+  const int status0  = NormalExitStatus(0);
+  const int status1  = NormalExitStatus(1);
+  const int status42 = NormalExitStatus(42);
+  const testing::ExitedWithCode pred0(0);
+  const testing::ExitedWithCode pred1(1);
+  const testing::ExitedWithCode pred42(42);
+  EXPECT_PRED1(pred0,  status0);
+  EXPECT_PRED1(pred1,  status1);
+  EXPECT_PRED1(pred42, status42);
+  EXPECT_FALSE(pred0(status1));
+  EXPECT_FALSE(pred42(status0));
+  EXPECT_FALSE(pred1(status42));
+}
+
+// Tests the KilledBySignal predicate.
+TEST(ExitStatusPredicateTest, KilledBySignal) {
+  const int status_segv = KilledExitStatus(SIGSEGV);
+  const int status_kill = KilledExitStatus(SIGKILL);
+  const testing::KilledBySignal pred_segv(SIGSEGV);
+  const testing::KilledBySignal pred_kill(SIGKILL);
+  EXPECT_PRED1(pred_segv, status_segv);
+  EXPECT_PRED1(pred_kill, status_kill);
+  EXPECT_FALSE(pred_segv(status_kill));
+  EXPECT_FALSE(pred_kill(status_segv));
+}
+
+# endif  // GTEST_OS_WINDOWS
+
+// Tests that the death test macros expand to code which may or may not
+// be followed by operator<<, and that in either case the complete text
+// comprises only a single C++ statement.
+TEST_F(TestForDeathTest, SingleStatement) {
+  if (AlwaysFalse())
+    // This would fail if executed; this is a compilation test only
+    ASSERT_DEATH(return, "");
+
+  if (AlwaysTrue())
+    EXPECT_DEATH(_exit(1), "");
+  else
+    // This empty "else" branch is meant to ensure that EXPECT_DEATH
+    // doesn't expand into an "if" statement without an "else"
+    ;
+
+  if (AlwaysFalse())
+    ASSERT_DEATH(return, "") << "did not die";
+
+  if (AlwaysFalse())
+    ;
+  else
+    EXPECT_DEATH(_exit(1), "") << 1 << 2 << 3;
+}
+
+void DieWithEmbeddedNul() {
+  fprintf(stderr, "Hello%cmy null world.\n", '\0');
+  fflush(stderr);
+  _exit(1);
+}
+
+# if GTEST_USES_PCRE
+// Tests that EXPECT_DEATH and ASSERT_DEATH work when the error
+// message has a NUL character in it.
+TEST_F(TestForDeathTest, EmbeddedNulInMessage) {
+  // TODO(wan@google.com): <regex.h> doesn't support matching strings
+  // with embedded NUL characters - find a way to workaround it.
+  EXPECT_DEATH(DieWithEmbeddedNul(), "my null world");
+  ASSERT_DEATH(DieWithEmbeddedNul(), "my null world");
+}
+# endif  // GTEST_USES_PCRE
+
+// Tests that death test macros expand to code which interacts well with switch
+// statements.
+TEST_F(TestForDeathTest, SwitchStatement) {
+  // Microsoft compiler usually complains about switch statements without
+  // case labels. We suppress that warning for this test.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4065)
+
+  switch (0)
+    default:
+      ASSERT_DEATH(_exit(1), "") << "exit in default switch handler";
+
+  switch (0)
+    case 0:
+      EXPECT_DEATH(_exit(1), "") << "exit in switch case";
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+}
+
+// Tests that a static member function can be used in a "fast" style
+// death test.
+TEST_F(TestForDeathTest, StaticMemberFunctionFastStyle) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  ASSERT_DEATH(StaticMemberFunction(), "death.*StaticMember");
+}
+
+// Tests that a method of the test fixture can be used in a "fast"
+// style death test.
+TEST_F(TestForDeathTest, MemberFunctionFastStyle) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  should_die_ = true;
+  EXPECT_DEATH(MemberFunction(), "inside.*MemberFunction");
+}
+
+void ChangeToRootDir() { posix::ChDir(GTEST_PATH_SEP_); }
+
+// Tests that death tests work even if the current directory has been
+// changed.
+TEST_F(TestForDeathTest, FastDeathTestInChangedDir) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+
+  ChangeToRootDir();
+  EXPECT_EXIT(_exit(1), testing::ExitedWithCode(1), "");
+
+  ChangeToRootDir();
+  ASSERT_DEATH(_exit(1), "");
+}
+
+# if GTEST_OS_LINUX
+void SigprofAction(int, siginfo_t*, void*) { /* no op */ }
+
+// Sets SIGPROF action and ITIMER_PROF timer (interval: 1ms).
+void SetSigprofActionAndTimer() {
+  struct itimerval timer;
+  timer.it_interval.tv_sec = 0;
+  timer.it_interval.tv_usec = 1;
+  timer.it_value = timer.it_interval;
+  ASSERT_EQ(0, setitimer(ITIMER_PROF, &timer, NULL));
+  struct sigaction signal_action;
+  memset(&signal_action, 0, sizeof(signal_action));
+  sigemptyset(&signal_action.sa_mask);
+  signal_action.sa_sigaction = SigprofAction;
+  signal_action.sa_flags = SA_RESTART | SA_SIGINFO;
+  ASSERT_EQ(0, sigaction(SIGPROF, &signal_action, NULL));
+}
+
+// Disables ITIMER_PROF timer and ignores SIGPROF signal.
+void DisableSigprofActionAndTimer(struct sigaction* old_signal_action) {
+  struct itimerval timer;
+  timer.it_interval.tv_sec = 0;
+  timer.it_interval.tv_usec = 0;
+  timer.it_value = timer.it_interval;
+  ASSERT_EQ(0, setitimer(ITIMER_PROF, &timer, NULL));
+  struct sigaction signal_action;
+  memset(&signal_action, 0, sizeof(signal_action));
+  sigemptyset(&signal_action.sa_mask);
+  signal_action.sa_handler = SIG_IGN;
+  ASSERT_EQ(0, sigaction(SIGPROF, &signal_action, old_signal_action));
+}
+
+// Tests that death tests work when SIGPROF handler and timer are set.
+TEST_F(TestForDeathTest, FastSigprofActionSet) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  SetSigprofActionAndTimer();
+  EXPECT_DEATH(_exit(1), "");
+  struct sigaction old_signal_action;
+  DisableSigprofActionAndTimer(&old_signal_action);
+  EXPECT_TRUE(old_signal_action.sa_sigaction == SigprofAction);
+}
+
+TEST_F(TestForDeathTest, ThreadSafeSigprofActionSet) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  SetSigprofActionAndTimer();
+  EXPECT_DEATH(_exit(1), "");
+  struct sigaction old_signal_action;
+  DisableSigprofActionAndTimer(&old_signal_action);
+  EXPECT_TRUE(old_signal_action.sa_sigaction == SigprofAction);
+}
+# endif  // GTEST_OS_LINUX
+
+// Repeats a representative sample of death tests in the "threadsafe" style:
+
+TEST_F(TestForDeathTest, StaticMemberFunctionThreadsafeStyle) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  ASSERT_DEATH(StaticMemberFunction(), "death.*StaticMember");
+}
+
+TEST_F(TestForDeathTest, MemberFunctionThreadsafeStyle) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  should_die_ = true;
+  EXPECT_DEATH(MemberFunction(), "inside.*MemberFunction");
+}
+
+TEST_F(TestForDeathTest, ThreadsafeDeathTestInLoop) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+
+  for (int i = 0; i < 3; ++i)
+    EXPECT_EXIT(_exit(i), testing::ExitedWithCode(i), "") << ": i = " << i;
+}
+
+TEST_F(TestForDeathTest, ThreadsafeDeathTestInChangedDir) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+
+  ChangeToRootDir();
+  EXPECT_EXIT(_exit(1), testing::ExitedWithCode(1), "");
+
+  ChangeToRootDir();
+  ASSERT_DEATH(_exit(1), "");
+}
+
+TEST_F(TestForDeathTest, MixedStyles) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  EXPECT_DEATH(_exit(1), "");
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_DEATH(_exit(1), "");
+}
+
+# if GTEST_HAS_CLONE && GTEST_HAS_PTHREAD
+
+namespace {
+
+bool pthread_flag;
+
+void SetPthreadFlag() {
+  pthread_flag = true;
+}
+
+}  // namespace
+
+TEST_F(TestForDeathTest, DoesNotExecuteAtforkHooks) {
+  if (!testing::GTEST_FLAG(death_test_use_fork)) {
+    testing::GTEST_FLAG(death_test_style) = "threadsafe";
+    pthread_flag = false;
+    ASSERT_EQ(0, pthread_atfork(&SetPthreadFlag, NULL, NULL));
+    ASSERT_DEATH(_exit(1), "");
+    ASSERT_FALSE(pthread_flag);
+  }
+}
+
+# endif  // GTEST_HAS_CLONE && GTEST_HAS_PTHREAD
+
+// Tests that a method of another class can be used in a death test.
+TEST_F(TestForDeathTest, MethodOfAnotherClass) {
+  const MayDie x(true);
+  ASSERT_DEATH(x.MemberFunction(), "MayDie\\:\\:MemberFunction");
+}
+
+// Tests that a global function can be used in a death test.
+TEST_F(TestForDeathTest, GlobalFunction) {
+  EXPECT_DEATH(GlobalFunction(), "GlobalFunction");
+}
+
+// Tests that any value convertible to an RE works as a second
+// argument to EXPECT_DEATH.
+TEST_F(TestForDeathTest, AcceptsAnythingConvertibleToRE) {
+  static const char regex_c_str[] = "GlobalFunction";
+  EXPECT_DEATH(GlobalFunction(), regex_c_str);
+
+  const testing::internal::RE regex(regex_c_str);
+  EXPECT_DEATH(GlobalFunction(), regex);
+
+# if GTEST_HAS_GLOBAL_STRING
+
+  const string regex_str(regex_c_str);
+  EXPECT_DEATH(GlobalFunction(), regex_str);
+
+# endif  // GTEST_HAS_GLOBAL_STRING
+
+  const ::std::string regex_std_str(regex_c_str);
+  EXPECT_DEATH(GlobalFunction(), regex_std_str);
+}
+
+// Tests that a non-void function can be used in a death test.
+TEST_F(TestForDeathTest, NonVoidFunction) {
+  ASSERT_DEATH(NonVoidFunction(), "NonVoidFunction");
+}
+
+// Tests that functions that take parameter(s) can be used in a death test.
+TEST_F(TestForDeathTest, FunctionWithParameter) {
+  EXPECT_DEATH(DieIf(true), "DieIf\\(\\)");
+  EXPECT_DEATH(DieIfLessThan(2, 3), "DieIfLessThan");
+}
+
+// Tests that ASSERT_DEATH can be used outside a TEST, TEST_F, or test fixture.
+TEST_F(TestForDeathTest, OutsideFixture) {
+  DeathTestSubroutine();
+}
+
+// Tests that death tests can be done inside a loop.
+TEST_F(TestForDeathTest, InsideLoop) {
+  for (int i = 0; i < 5; i++) {
+    EXPECT_DEATH(DieIfLessThan(-1, i), "DieIfLessThan") << "where i == " << i;
+  }
+}
+
+// Tests that a compound statement can be used in a death test.
+TEST_F(TestForDeathTest, CompoundStatement) {
+  EXPECT_DEATH({  // NOLINT
+    const int x = 2;
+    const int y = x + 1;
+    DieIfLessThan(x, y);
+  },
+  "DieIfLessThan");
+}
+
+// Tests that code that doesn't die causes a death test to fail.
+TEST_F(TestForDeathTest, DoesNotDie) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(DieIf(false), "DieIf"),
+                          "failed to die");
+}
+
+// Tests that a death test fails when the error message isn't expected.
+TEST_F(TestForDeathTest, ErrorMessageMismatch) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_DEATH(DieIf(true), "DieIfLessThan") << "End of death test message.";
+  }, "died but not with expected error");
+}
+
+// On exit, *aborted will be true iff the EXPECT_DEATH() statement
+// aborted the function.
+void ExpectDeathTestHelper(bool* aborted) {
+  *aborted = true;
+  EXPECT_DEATH(DieIf(false), "DieIf");  // This assertion should fail.
+  *aborted = false;
+}
+
+// Tests that EXPECT_DEATH doesn't abort the test on failure.
+TEST_F(TestForDeathTest, EXPECT_DEATH) {
+  bool aborted = true;
+  EXPECT_NONFATAL_FAILURE(ExpectDeathTestHelper(&aborted),
+                          "failed to die");
+  EXPECT_FALSE(aborted);
+}
+
+// Tests that ASSERT_DEATH does abort the test on failure.
+TEST_F(TestForDeathTest, ASSERT_DEATH) {
+  static bool aborted;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    aborted = true;
+    ASSERT_DEATH(DieIf(false), "DieIf");  // This assertion should fail.
+    aborted = false;
+  }, "failed to die");
+  EXPECT_TRUE(aborted);
+}
+
+// Tests that EXPECT_DEATH evaluates the arguments exactly once.
+TEST_F(TestForDeathTest, SingleEvaluation) {
+  int x = 3;
+  EXPECT_DEATH(DieIf((++x) == 4), "DieIf");
+
+  const char* regex = "DieIf";
+  const char* regex_save = regex;
+  EXPECT_DEATH(DieIfLessThan(3, 4), regex++);
+  EXPECT_EQ(regex_save + 1, regex);
+}
+
+// Tests that run-away death tests are reported as failures.
+TEST_F(TestForDeathTest, RunawayIsFailure) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH(static_cast<void>(0), "Foo"),
+                          "failed to die.");
+}
+
+// Tests that death tests report executing 'return' in the statement as
+// failure.
+TEST_F(TestForDeathTest, ReturnIsFailure) {
+  EXPECT_FATAL_FAILURE(ASSERT_DEATH(return, "Bar"),
+                       "illegal return in test statement.");
+}
+
+// Tests that EXPECT_DEBUG_DEATH works as expected, that is, you can stream a
+// message to it, and in debug mode it:
+// 1. Asserts on death.
+// 2. Has no side effect.
+//
+// And in opt mode, it:
+// 1.  Has side effects but does not assert.
+TEST_F(TestForDeathTest, TestExpectDebugDeath) {
+  int sideeffect = 0;
+
+  EXPECT_DEBUG_DEATH(DieInDebugElse12(&sideeffect), "death.*DieInDebugElse12")
+      << "Must accept a streamed message";
+
+# ifdef NDEBUG
+
+  // Checks that the assignment occurs in opt mode (sideeffect).
+  EXPECT_EQ(12, sideeffect);
+
+# else
+
+  // Checks that the assignment does not occur in dbg mode (no sideeffect).
+  EXPECT_EQ(0, sideeffect);
+
+# endif
+}
+
+// Tests that ASSERT_DEBUG_DEATH works as expected, that is, you can stream a
+// message to it, and in debug mode it:
+// 1. Asserts on death.
+// 2. Has no side effect.
+//
+// And in opt mode, it:
+// 1.  Has side effects but does not assert.
+TEST_F(TestForDeathTest, TestAssertDebugDeath) {
+  int sideeffect = 0;
+
+  ASSERT_DEBUG_DEATH(DieInDebugElse12(&sideeffect), "death.*DieInDebugElse12")
+      << "Must accept a streamed message";
+
+# ifdef NDEBUG
+
+  // Checks that the assignment occurs in opt mode (sideeffect).
+  EXPECT_EQ(12, sideeffect);
+
+# else
+
+  // Checks that the assignment does not occur in dbg mode (no sideeffect).
+  EXPECT_EQ(0, sideeffect);
+
+# endif
+}
+
+# ifndef NDEBUG
+
+void ExpectDebugDeathHelper(bool* aborted) {
+  *aborted = true;
+  EXPECT_DEBUG_DEATH(return, "") << "This is expected to fail.";
+  *aborted = false;
+}
+
+#  if GTEST_OS_WINDOWS
+TEST(PopUpDeathTest, DoesNotShowPopUpOnAbort) {
+  printf("This test should be considered failing if it shows "
+         "any pop-up dialogs.\n");
+  fflush(stdout);
+
+  EXPECT_DEATH({
+    testing::GTEST_FLAG(catch_exceptions) = false;
+    abort();
+  }, "");
+}
+#  endif  // GTEST_OS_WINDOWS
+
+// Tests that EXPECT_DEBUG_DEATH in debug mode does not abort
+// the function.
+TEST_F(TestForDeathTest, ExpectDebugDeathDoesNotAbort) {
+  bool aborted = true;
+  EXPECT_NONFATAL_FAILURE(ExpectDebugDeathHelper(&aborted), "");
+  EXPECT_FALSE(aborted);
+}
+
+void AssertDebugDeathHelper(bool* aborted) {
+  *aborted = true;
+  GTEST_LOG_(INFO) << "Before ASSERT_DEBUG_DEATH";
+  ASSERT_DEBUG_DEATH(GTEST_LOG_(INFO) << "In ASSERT_DEBUG_DEATH"; return, "")
+      << "This is expected to fail.";
+  GTEST_LOG_(INFO) << "After ASSERT_DEBUG_DEATH";
+  *aborted = false;
+}
+
+// Tests that ASSERT_DEBUG_DEATH in debug mode aborts the function on
+// failure.
+TEST_F(TestForDeathTest, AssertDebugDeathAborts) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts2) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts3) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts4) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts5) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts6) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts7) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts8) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts9) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+TEST_F(TestForDeathTest, AssertDebugDeathAborts10) {
+  static bool aborted;
+  aborted = false;
+  EXPECT_FATAL_FAILURE(AssertDebugDeathHelper(&aborted), "");
+  EXPECT_TRUE(aborted);
+}
+
+# endif  // _NDEBUG
+
+// Tests the *_EXIT family of macros, using a variety of predicates.
+static void TestExitMacros() {
+  EXPECT_EXIT(_exit(1),  testing::ExitedWithCode(1),  "");
+  ASSERT_EXIT(_exit(42), testing::ExitedWithCode(42), "");
+
+# if GTEST_OS_WINDOWS
+
+  // Of all signals effects on the process exit code, only those of SIGABRT
+  // are documented on Windows.
+  // See http://msdn.microsoft.com/en-us/library/dwwzkt4c(VS.71).aspx.
+  EXPECT_EXIT(raise(SIGABRT), testing::ExitedWithCode(3), "") << "b_ar";
+
+# else
+
+  EXPECT_EXIT(raise(SIGKILL), testing::KilledBySignal(SIGKILL), "") << "foo";
+  ASSERT_EXIT(raise(SIGUSR2), testing::KilledBySignal(SIGUSR2), "") << "bar";
+
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EXIT(_exit(0), testing::KilledBySignal(SIGSEGV), "")
+      << "This failure is expected, too.";
+  }, "This failure is expected, too.");
+
+# endif  // GTEST_OS_WINDOWS
+
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_EXIT(raise(SIGSEGV), testing::ExitedWithCode(0), "")
+      << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+TEST_F(TestForDeathTest, ExitMacros) {
+  TestExitMacros();
+}
+
+TEST_F(TestForDeathTest, ExitMacrosUsingFork) {
+  testing::GTEST_FLAG(death_test_use_fork) = true;
+  TestExitMacros();
+}
+
+TEST_F(TestForDeathTest, InvalidStyle) {
+  testing::GTEST_FLAG(death_test_style) = "rococo";
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_DEATH(_exit(0), "") << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+TEST_F(TestForDeathTest, DeathTestFailedOutput) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_DEATH(DieWithMessage("death\n"),
+                   "expected message"),
+      "Actual msg:\n"
+      "[  DEATH   ] death\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestUnexpectedReturnOutput) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_DEATH({
+          fprintf(stderr, "returning\n");
+          fflush(stderr);
+          return;
+        }, ""),
+      "    Result: illegal return in test statement.\n"
+      " Error msg:\n"
+      "[  DEATH   ] returning\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestBadExitCodeOutput) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_EXIT(DieWithMessage("exiting with rc 1\n"),
+                  testing::ExitedWithCode(3),
+                  "expected message"),
+      "    Result: died but not with expected exit code:\n"
+      "            Exited with exit status 1\n"
+      "Actual msg:\n"
+      "[  DEATH   ] exiting with rc 1\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestMultiLineMatchFail) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_DEATH(DieWithMessage("line 1\nline 2\nline 3\n"),
+                   "line 1\nxyz\nline 3\n"),
+      "Actual msg:\n"
+      "[  DEATH   ] line 1\n"
+      "[  DEATH   ] line 2\n"
+      "[  DEATH   ] line 3\n");
+}
+
+TEST_F(TestForDeathTest, DeathTestMultiLineMatchPass) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_DEATH(DieWithMessage("line 1\nline 2\nline 3\n"),
+               "line 1\nline 2\nline 3\n");
+}
+
+// A DeathTestFactory that returns MockDeathTests.
+class MockDeathTestFactory : public DeathTestFactory {
+ public:
+  MockDeathTestFactory();
+  virtual bool Create(const char* statement,
+                      const ::testing::internal::RE* regex,
+                      const char* file, int line, DeathTest** test);
+
+  // Sets the parameters for subsequent calls to Create.
+  void SetParameters(bool create, DeathTest::TestRole role,
+                     int status, bool passed);
+
+  // Accessors.
+  int AssumeRoleCalls() const { return assume_role_calls_; }
+  int WaitCalls() const { return wait_calls_; }
+  int PassedCalls() const { return passed_args_.size(); }
+  bool PassedArgument(int n) const { return passed_args_[n]; }
+  int AbortCalls() const { return abort_args_.size(); }
+  DeathTest::AbortReason AbortArgument(int n) const {
+    return abort_args_[n];
+  }
+  bool TestDeleted() const { return test_deleted_; }
+
+ private:
+  friend class MockDeathTest;
+  // If true, Create will return a MockDeathTest; otherwise it returns
+  // NULL.
+  bool create_;
+  // The value a MockDeathTest will return from its AssumeRole method.
+  DeathTest::TestRole role_;
+  // The value a MockDeathTest will return from its Wait method.
+  int status_;
+  // The value a MockDeathTest will return from its Passed method.
+  bool passed_;
+
+  // Number of times AssumeRole was called.
+  int assume_role_calls_;
+  // Number of times Wait was called.
+  int wait_calls_;
+  // The arguments to the calls to Passed since the last call to
+  // SetParameters.
+  std::vector<bool> passed_args_;
+  // The arguments to the calls to Abort since the last call to
+  // SetParameters.
+  std::vector<DeathTest::AbortReason> abort_args_;
+  // True if the last MockDeathTest returned by Create has been
+  // deleted.
+  bool test_deleted_;
+};
+
+
+// A DeathTest implementation useful in testing.  It returns values set
+// at its creation from its various inherited DeathTest methods, and
+// reports calls to those methods to its parent MockDeathTestFactory
+// object.
+class MockDeathTest : public DeathTest {
+ public:
+  MockDeathTest(MockDeathTestFactory *parent,
+                TestRole role, int status, bool passed) :
+      parent_(parent), role_(role), status_(status), passed_(passed) {
+  }
+  virtual ~MockDeathTest() {
+    parent_->test_deleted_ = true;
+  }
+  virtual TestRole AssumeRole() {
+    ++parent_->assume_role_calls_;
+    return role_;
+  }
+  virtual int Wait() {
+    ++parent_->wait_calls_;
+    return status_;
+  }
+  virtual bool Passed(bool exit_status_ok) {
+    parent_->passed_args_.push_back(exit_status_ok);
+    return passed_;
+  }
+  virtual void Abort(AbortReason reason) {
+    parent_->abort_args_.push_back(reason);
+  }
+
+ private:
+  MockDeathTestFactory* const parent_;
+  const TestRole role_;
+  const int status_;
+  const bool passed_;
+};
+
+
+// MockDeathTestFactory constructor.
+MockDeathTestFactory::MockDeathTestFactory()
+    : create_(true),
+      role_(DeathTest::OVERSEE_TEST),
+      status_(0),
+      passed_(true),
+      assume_role_calls_(0),
+      wait_calls_(0),
+      passed_args_(),
+      abort_args_() {
+}
+
+
+// Sets the parameters for subsequent calls to Create.
+void MockDeathTestFactory::SetParameters(bool create,
+                                         DeathTest::TestRole role,
+                                         int status, bool passed) {
+  create_ = create;
+  role_ = role;
+  status_ = status;
+  passed_ = passed;
+
+  assume_role_calls_ = 0;
+  wait_calls_ = 0;
+  passed_args_.clear();
+  abort_args_.clear();
+}
+
+
+// Sets test to NULL (if create_ is false) or to the address of a new
+// MockDeathTest object with parameters taken from the last call
+// to SetParameters (if create_ is true).  Always returns true.
+bool MockDeathTestFactory::Create(const char* /*statement*/,
+                                  const ::testing::internal::RE* /*regex*/,
+                                  const char* /*file*/,
+                                  int /*line*/,
+                                  DeathTest** test) {
+  test_deleted_ = false;
+  if (create_) {
+    *test = new MockDeathTest(this, role_, status_, passed_);
+  } else {
+    *test = NULL;
+  }
+  return true;
+}
+
+// A test fixture for testing the logic of the GTEST_DEATH_TEST_ macro.
+// It installs a MockDeathTestFactory that is used for the duration
+// of the test case.
+class MacroLogicDeathTest : public testing::Test {
+ protected:
+  static testing::internal::ReplaceDeathTestFactory* replacer_;
+  static MockDeathTestFactory* factory_;
+
+  static void SetUpTestCase() {
+    factory_ = new MockDeathTestFactory;
+    replacer_ = new testing::internal::ReplaceDeathTestFactory(factory_);
+  }
+
+  static void TearDownTestCase() {
+    delete replacer_;
+    replacer_ = NULL;
+    delete factory_;
+    factory_ = NULL;
+  }
+
+  // Runs a death test that breaks the rules by returning.  Such a death
+  // test cannot be run directly from a test routine that uses a
+  // MockDeathTest, or the remainder of the routine will not be executed.
+  static void RunReturningDeathTest(bool* flag) {
+    ASSERT_DEATH({  // NOLINT
+      *flag = true;
+      return;
+    }, "");
+  }
+};
+
+testing::internal::ReplaceDeathTestFactory* MacroLogicDeathTest::replacer_
+    = NULL;
+MockDeathTestFactory* MacroLogicDeathTest::factory_ = NULL;
+
+
+// Test that nothing happens when the factory doesn't return a DeathTest:
+TEST_F(MacroLogicDeathTest, NothingHappens) {
+  bool flag = false;
+  factory_->SetParameters(false, DeathTest::OVERSEE_TEST, 0, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_FALSE(flag);
+  EXPECT_EQ(0, factory_->AssumeRoleCalls());
+  EXPECT_EQ(0, factory_->WaitCalls());
+  EXPECT_EQ(0, factory_->PassedCalls());
+  EXPECT_EQ(0, factory_->AbortCalls());
+  EXPECT_FALSE(factory_->TestDeleted());
+}
+
+// Test that the parent process doesn't run the death test code,
+// and that the Passed method returns false when the (simulated)
+// child process exits with status 0:
+TEST_F(MacroLogicDeathTest, ChildExitsSuccessfully) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::OVERSEE_TEST, 0, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_FALSE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(1, factory_->WaitCalls());
+  ASSERT_EQ(1, factory_->PassedCalls());
+  EXPECT_FALSE(factory_->PassedArgument(0));
+  EXPECT_EQ(0, factory_->AbortCalls());
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that the Passed method was given the argument "true" when
+// the (simulated) child process exits with status 1:
+TEST_F(MacroLogicDeathTest, ChildExitsUnsuccessfully) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::OVERSEE_TEST, 1, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_FALSE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(1, factory_->WaitCalls());
+  ASSERT_EQ(1, factory_->PassedCalls());
+  EXPECT_TRUE(factory_->PassedArgument(0));
+  EXPECT_EQ(0, factory_->AbortCalls());
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that the (simulated) child process executes the death test
+// code, and is aborted with the correct AbortReason if it
+// executes a return statement.
+TEST_F(MacroLogicDeathTest, ChildPerformsReturn) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::EXECUTE_TEST, 0, true);
+  RunReturningDeathTest(&flag);
+  EXPECT_TRUE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(0, factory_->WaitCalls());
+  EXPECT_EQ(0, factory_->PassedCalls());
+  EXPECT_EQ(1, factory_->AbortCalls());
+  EXPECT_EQ(DeathTest::TEST_ENCOUNTERED_RETURN_STATEMENT,
+            factory_->AbortArgument(0));
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that the (simulated) child process is aborted with the
+// correct AbortReason if it does not die.
+TEST_F(MacroLogicDeathTest, ChildDoesNotDie) {
+  bool flag = false;
+  factory_->SetParameters(true, DeathTest::EXECUTE_TEST, 0, true);
+  EXPECT_DEATH(flag = true, "");
+  EXPECT_TRUE(flag);
+  EXPECT_EQ(1, factory_->AssumeRoleCalls());
+  EXPECT_EQ(0, factory_->WaitCalls());
+  EXPECT_EQ(0, factory_->PassedCalls());
+  // This time there are two calls to Abort: one since the test didn't
+  // die, and another from the ReturnSentinel when it's destroyed.  The
+  // sentinel normally isn't destroyed if a test doesn't die, since
+  // _exit(2) is called in that case by ForkingDeathTest, but not by
+  // our MockDeathTest.
+  ASSERT_EQ(2, factory_->AbortCalls());
+  EXPECT_EQ(DeathTest::TEST_DID_NOT_DIE,
+            factory_->AbortArgument(0));
+  EXPECT_EQ(DeathTest::TEST_ENCOUNTERED_RETURN_STATEMENT,
+            factory_->AbortArgument(1));
+  EXPECT_TRUE(factory_->TestDeleted());
+}
+
+// Tests that a successful death test does not register a successful
+// test part.
+TEST(SuccessRegistrationDeathTest, NoSuccessPart) {
+  EXPECT_DEATH(_exit(1), "");
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+TEST(StreamingAssertionsDeathTest, DeathTest) {
+  EXPECT_DEATH(_exit(1), "") << "unexpected failure";
+  ASSERT_DEATH(_exit(1), "") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_DEATH(_exit(0), "") << "expected failure";
+  }, "expected failure");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_DEATH(_exit(0), "") << "expected failure";
+  }, "expected failure");
+}
+
+// Tests that GetLastErrnoDescription returns an empty string when the
+// last error is 0 and non-empty string when it is non-zero.
+TEST(GetLastErrnoDescription, GetLastErrnoDescriptionWorks) {
+  errno = ENOENT;
+  EXPECT_STRNE("", GetLastErrnoDescription().c_str());
+  errno = 0;
+  EXPECT_STREQ("", GetLastErrnoDescription().c_str());
+}
+
+# if GTEST_OS_WINDOWS
+TEST(AutoHandleTest, AutoHandleWorks) {
+  HANDLE handle = ::CreateEvent(NULL, FALSE, FALSE, NULL);
+  ASSERT_NE(INVALID_HANDLE_VALUE, handle);
+
+  // Tests that the AutoHandle is correctly initialized with a handle.
+  testing::internal::AutoHandle auto_handle(handle);
+  EXPECT_EQ(handle, auto_handle.Get());
+
+  // Tests that Reset assigns INVALID_HANDLE_VALUE.
+  // Note that this cannot verify whether the original handle is closed.
+  auto_handle.Reset();
+  EXPECT_EQ(INVALID_HANDLE_VALUE, auto_handle.Get());
+
+  // Tests that Reset assigns the new handle.
+  // Note that this cannot verify whether the original handle is closed.
+  handle = ::CreateEvent(NULL, FALSE, FALSE, NULL);
+  ASSERT_NE(INVALID_HANDLE_VALUE, handle);
+  auto_handle.Reset(handle);
+  EXPECT_EQ(handle, auto_handle.Get());
+
+  // Tests that AutoHandle contains INVALID_HANDLE_VALUE by default.
+  testing::internal::AutoHandle auto_handle2;
+  EXPECT_EQ(INVALID_HANDLE_VALUE, auto_handle2.Get());
+}
+# endif  // GTEST_OS_WINDOWS
+
+# if GTEST_OS_WINDOWS
+typedef unsigned __int64 BiggestParsable;
+typedef signed __int64 BiggestSignedParsable;
+# else
+typedef unsigned long long BiggestParsable;
+typedef signed long long BiggestSignedParsable;
+# endif  // GTEST_OS_WINDOWS
+
+// We cannot use std::numeric_limits<T>::max() as it clashes with the
+// max() macro defined by <windows.h>.
+const BiggestParsable kBiggestParsableMax = ULLONG_MAX;
+const BiggestSignedParsable kBiggestSignedParsableMax = LLONG_MAX;
+
+TEST(ParseNaturalNumberTest, RejectsInvalidFormat) {
+  BiggestParsable result = 0;
+
+  // Rejects non-numbers.
+  EXPECT_FALSE(ParseNaturalNumber("non-number string", &result));
+
+  // Rejects numbers with whitespace prefix.
+  EXPECT_FALSE(ParseNaturalNumber(" 123", &result));
+
+  // Rejects negative numbers.
+  EXPECT_FALSE(ParseNaturalNumber("-123", &result));
+
+  // Rejects numbers starting with a plus sign.
+  EXPECT_FALSE(ParseNaturalNumber("+123", &result));
+  errno = 0;
+}
+
+TEST(ParseNaturalNumberTest, RejectsOverflownNumbers) {
+  BiggestParsable result = 0;
+
+  EXPECT_FALSE(ParseNaturalNumber("99999999999999999999999", &result));
+
+  signed char char_result = 0;
+  EXPECT_FALSE(ParseNaturalNumber("200", &char_result));
+  errno = 0;
+}
+
+TEST(ParseNaturalNumberTest, AcceptsValidNumbers) {
+  BiggestParsable result = 0;
+
+  result = 0;
+  ASSERT_TRUE(ParseNaturalNumber("123", &result));
+  EXPECT_EQ(123U, result);
+
+  // Check 0 as an edge case.
+  result = 1;
+  ASSERT_TRUE(ParseNaturalNumber("0", &result));
+  EXPECT_EQ(0U, result);
+
+  result = 1;
+  ASSERT_TRUE(ParseNaturalNumber("00000", &result));
+  EXPECT_EQ(0U, result);
+}
+
+TEST(ParseNaturalNumberTest, AcceptsTypeLimits) {
+  Message msg;
+  msg << kBiggestParsableMax;
+
+  BiggestParsable result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg.GetString(), &result));
+  EXPECT_EQ(kBiggestParsableMax, result);
+
+  Message msg2;
+  msg2 << kBiggestSignedParsableMax;
+
+  BiggestSignedParsable signed_result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg2.GetString(), &signed_result));
+  EXPECT_EQ(kBiggestSignedParsableMax, signed_result);
+
+  Message msg3;
+  msg3 << INT_MAX;
+
+  int int_result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg3.GetString(), &int_result));
+  EXPECT_EQ(INT_MAX, int_result);
+
+  Message msg4;
+  msg4 << UINT_MAX;
+
+  unsigned int uint_result = 0;
+  EXPECT_TRUE(ParseNaturalNumber(msg4.GetString(), &uint_result));
+  EXPECT_EQ(UINT_MAX, uint_result);
+}
+
+TEST(ParseNaturalNumberTest, WorksForShorterIntegers) {
+  short short_result = 0;
+  ASSERT_TRUE(ParseNaturalNumber("123", &short_result));
+  EXPECT_EQ(123, short_result);
+
+  signed char char_result = 0;
+  ASSERT_TRUE(ParseNaturalNumber("123", &char_result));
+  EXPECT_EQ(123, char_result);
+}
+
+# if GTEST_OS_WINDOWS
+TEST(EnvironmentTest, HandleFitsIntoSizeT) {
+  // TODO(vladl@google.com): Remove this test after this condition is verified
+  // in a static assertion in gtest-death-test.cc in the function
+  // GetStatusFileDescriptor.
+  ASSERT_TRUE(sizeof(HANDLE) <= sizeof(size_t));
+}
+# endif  // GTEST_OS_WINDOWS
+
+// Tests that EXPECT_DEATH_IF_SUPPORTED/ASSERT_DEATH_IF_SUPPORTED trigger
+// failures when death tests are available on the system.
+TEST(ConditionalDeathMacrosDeathTest, ExpectsDeathWhenDeathTestsAvailable) {
+  EXPECT_DEATH_IF_SUPPORTED(DieInside("CondDeathTestExpectMacro"),
+                            "death inside CondDeathTestExpectMacro");
+  ASSERT_DEATH_IF_SUPPORTED(DieInside("CondDeathTestAssertMacro"),
+                            "death inside CondDeathTestAssertMacro");
+
+  // Empty statement will not crash, which must trigger a failure.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DEATH_IF_SUPPORTED(;, ""), "");
+  EXPECT_FATAL_FAILURE(ASSERT_DEATH_IF_SUPPORTED(;, ""), "");
+}
+
+TEST(InDeathTestChildDeathTest, ReportsDeathTestCorrectlyInFastStyle) {
+  testing::GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_FALSE(InDeathTestChild());
+  EXPECT_DEATH({
+    fprintf(stderr, InDeathTestChild() ? "Inside" : "Outside");
+    fflush(stderr);
+    _exit(1);
+  }, "Inside");
+}
+
+TEST(InDeathTestChildDeathTest, ReportsDeathTestCorrectlyInThreadSafeStyle) {
+  testing::GTEST_FLAG(death_test_style) = "threadsafe";
+  EXPECT_FALSE(InDeathTestChild());
+  EXPECT_DEATH({
+    fprintf(stderr, InDeathTestChild() ? "Inside" : "Outside");
+    fflush(stderr);
+    _exit(1);
+  }, "Inside");
+}
+
+#else  // !GTEST_HAS_DEATH_TEST follows
+
+using testing::internal::CaptureStderr;
+using testing::internal::GetCapturedStderr;
+
+// Tests that EXPECT_DEATH_IF_SUPPORTED/ASSERT_DEATH_IF_SUPPORTED are still
+// defined but do not trigger failures when death tests are not available on
+// the system.
+TEST(ConditionalDeathMacrosTest, WarnsWhenDeathTestsNotAvailable) {
+  // Empty statement will not crash, but that should not trigger a failure
+  // when death tests are not supported.
+  CaptureStderr();
+  EXPECT_DEATH_IF_SUPPORTED(;, "");
+  std::string output = GetCapturedStderr();
+  ASSERT_TRUE(NULL != strstr(output.c_str(),
+                             "Death tests are not supported on this platform"));
+  ASSERT_TRUE(NULL != strstr(output.c_str(), ";"));
+
+  // The streamed message should not be printed as there is no test failure.
+  CaptureStderr();
+  EXPECT_DEATH_IF_SUPPORTED(;, "") << "streamed message";
+  output = GetCapturedStderr();
+  ASSERT_TRUE(NULL == strstr(output.c_str(), "streamed message"));
+
+  CaptureStderr();
+  ASSERT_DEATH_IF_SUPPORTED(;, "");  // NOLINT
+  output = GetCapturedStderr();
+  ASSERT_TRUE(NULL != strstr(output.c_str(),
+                             "Death tests are not supported on this platform"));
+  ASSERT_TRUE(NULL != strstr(output.c_str(), ";"));
+
+  CaptureStderr();
+  ASSERT_DEATH_IF_SUPPORTED(;, "") << "streamed message";  // NOLINT
+  output = GetCapturedStderr();
+  ASSERT_TRUE(NULL == strstr(output.c_str(), "streamed message"));
+}
+
+void FuncWithAssert(int* n) {
+  ASSERT_DEATH_IF_SUPPORTED(return;, "");
+  (*n)++;
+}
+
+// Tests that ASSERT_DEATH_IF_SUPPORTED does not return from the current
+// function (as ASSERT_DEATH does) if death tests are not supported.
+TEST(ConditionalDeathMacrosTest, AssertDeatDoesNotReturnhIfUnsupported) {
+  int n = 0;
+  FuncWithAssert(&n);
+  EXPECT_EQ(1, n);
+}
+
+#endif  // !GTEST_HAS_DEATH_TEST
+
+// Tests that the death test macros expand to code which may or may not
+// be followed by operator<<, and that in either case the complete text
+// comprises only a single C++ statement.
+//
+// The syntax should work whether death tests are available or not.
+TEST(ConditionalDeathMacrosSyntaxDeathTest, SingleStatement) {
+  if (AlwaysFalse())
+    // This would fail if executed; this is a compilation test only
+    ASSERT_DEATH_IF_SUPPORTED(return, "");
+
+  if (AlwaysTrue())
+    EXPECT_DEATH_IF_SUPPORTED(_exit(1), "");
+  else
+    // This empty "else" branch is meant to ensure that EXPECT_DEATH
+    // doesn't expand into an "if" statement without an "else"
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ASSERT_DEATH_IF_SUPPORTED(return, "") << "did not die";
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    EXPECT_DEATH_IF_SUPPORTED(_exit(1), "") << 1 << 2 << 3;
+}
+
+// Tests that conditional death test macros expand to code which interacts
+// well with switch statements.
+TEST(ConditionalDeathMacrosSyntaxDeathTest, SwitchStatement) {
+  // Microsoft compiler usually complains about switch statements without
+  // case labels. We suppress that warning for this test.
+  GTEST_DISABLE_MSC_WARNINGS_PUSH_(4065)
+
+  switch (0)
+    default:
+      ASSERT_DEATH_IF_SUPPORTED(_exit(1), "")
+          << "exit in default switch handler";
+
+  switch (0)
+    case 0:
+      EXPECT_DEATH_IF_SUPPORTED(_exit(1), "") << "exit in switch case";
+
+  GTEST_DISABLE_MSC_WARNINGS_POP_()
+}
+
+// Tests that a test case whose name ends with "DeathTest" works fine
+// on Windows.
+TEST(NotADeathTest, Test) {
+  SUCCEED();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest-filepath_test.cc b/nss/gtests/google_test/gtest/test/gtest-filepath_test.cc
new file mode 100644
index 0000000..ae9f55a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-filepath_test.cc
@@ -0,0 +1,680 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: keith.ray@gmail.com (Keith Ray)
+//
+// Google Test filepath utilities
+//
+// This file tests classes and functions used internally by
+// Google Test.  They are subject to change without notice.
+//
+// This file is #included from gtest_unittest.cc, to avoid changing
+// build or make-files for some existing Google Test clients. Do not
+// #include this file anywhere else!
+
+#include "gtest/internal/gtest-filepath.h"
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#if GTEST_OS_WINDOWS_MOBILE
+# include <windows.h>  // NOLINT
+#elif GTEST_OS_WINDOWS
+# include <direct.h>  // NOLINT
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+namespace testing {
+namespace internal {
+namespace {
+
+#if GTEST_OS_WINDOWS_MOBILE
+// TODO(wan@google.com): Move these to the POSIX adapter section in
+// gtest-port.h.
+
+// Windows CE doesn't have the remove C function.
+int remove(const char* path) {
+  LPCWSTR wpath = String::AnsiToUtf16(path);
+  int ret = DeleteFile(wpath) ? 0 : -1;
+  delete [] wpath;
+  return ret;
+}
+// Windows CE doesn't have the _rmdir C function.
+int _rmdir(const char* path) {
+  FilePath filepath(path);
+  LPCWSTR wpath = String::AnsiToUtf16(
+      filepath.RemoveTrailingPathSeparator().c_str());
+  int ret = RemoveDirectory(wpath) ? 0 : -1;
+  delete [] wpath;
+  return ret;
+}
+
+#else
+
+TEST(GetCurrentDirTest, ReturnsCurrentDir) {
+  const FilePath original_dir = FilePath::GetCurrentDir();
+  EXPECT_FALSE(original_dir.IsEmpty());
+
+  posix::ChDir(GTEST_PATH_SEP_);
+  const FilePath cwd = FilePath::GetCurrentDir();
+  posix::ChDir(original_dir.c_str());
+
+# if GTEST_OS_WINDOWS
+
+  // Skips the ":".
+  const char* const cwd_without_drive = strchr(cwd.c_str(), ':');
+  ASSERT_TRUE(cwd_without_drive != NULL);
+  EXPECT_STREQ(GTEST_PATH_SEP_, cwd_without_drive + 1);
+
+# else
+
+  EXPECT_EQ(GTEST_PATH_SEP_, cwd.string());
+
+# endif
+}
+
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+TEST(IsEmptyTest, ReturnsTrueForEmptyPath) {
+  EXPECT_TRUE(FilePath("").IsEmpty());
+}
+
+TEST(IsEmptyTest, ReturnsFalseForNonEmptyPath) {
+  EXPECT_FALSE(FilePath("a").IsEmpty());
+  EXPECT_FALSE(FilePath(".").IsEmpty());
+  EXPECT_FALSE(FilePath("a/b").IsEmpty());
+  EXPECT_FALSE(FilePath("a\\b\\").IsEmpty());
+}
+
+// RemoveDirectoryName "" -> ""
+TEST(RemoveDirectoryNameTest, WhenEmptyName) {
+  EXPECT_EQ("", FilePath("").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "afile" -> "afile"
+TEST(RemoveDirectoryNameTest, ButNoDirectory) {
+  EXPECT_EQ("afile",
+      FilePath("afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "/afile" -> "afile"
+TEST(RemoveDirectoryNameTest, RootFileShouldGiveFileName) {
+  EXPECT_EQ("afile",
+      FilePath(GTEST_PATH_SEP_ "afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "adir/" -> ""
+TEST(RemoveDirectoryNameTest, WhereThereIsNoFileName) {
+  EXPECT_EQ("",
+      FilePath("adir" GTEST_PATH_SEP_).RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "adir/afile" -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldGiveFileName) {
+  EXPECT_EQ("afile",
+      FilePath("adir" GTEST_PATH_SEP_ "afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName "adir/subdir/afile" -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldAlsoGiveFileName) {
+  EXPECT_EQ("afile",
+      FilePath("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_ "afile")
+      .RemoveDirectoryName().string());
+}
+
+#if GTEST_HAS_ALT_PATH_SEP_
+
+// Tests that RemoveDirectoryName() works with the alternate separator
+// on Windows.
+
+// RemoveDirectoryName("/afile") -> "afile"
+TEST(RemoveDirectoryNameTest, RootFileShouldGiveFileNameForAlternateSeparator) {
+  EXPECT_EQ("afile", FilePath("/afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName("adir/") -> ""
+TEST(RemoveDirectoryNameTest, WhereThereIsNoFileNameForAlternateSeparator) {
+  EXPECT_EQ("", FilePath("adir/").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName("adir/afile") -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldGiveFileNameForAlternateSeparator) {
+  EXPECT_EQ("afile", FilePath("adir/afile").RemoveDirectoryName().string());
+}
+
+// RemoveDirectoryName("adir/subdir/afile") -> "afile"
+TEST(RemoveDirectoryNameTest, ShouldAlsoGiveFileNameForAlternateSeparator) {
+  EXPECT_EQ("afile",
+            FilePath("adir/subdir/afile").RemoveDirectoryName().string());
+}
+
+#endif
+
+// RemoveFileName "" -> "./"
+TEST(RemoveFileNameTest, EmptyName) {
+#if GTEST_OS_WINDOWS_MOBILE
+  // On Windows CE, we use the root as the current directory.
+  EXPECT_EQ(GTEST_PATH_SEP_, FilePath("").RemoveFileName().string());
+#else
+  EXPECT_EQ("." GTEST_PATH_SEP_, FilePath("").RemoveFileName().string());
+#endif
+}
+
+// RemoveFileName "adir/" -> "adir/"
+TEST(RemoveFileNameTest, ButNoFile) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+      FilePath("adir" GTEST_PATH_SEP_).RemoveFileName().string());
+}
+
+// RemoveFileName "adir/afile" -> "adir/"
+TEST(RemoveFileNameTest, GivesDirName) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+            FilePath("adir" GTEST_PATH_SEP_ "afile").RemoveFileName().string());
+}
+
+// RemoveFileName "adir/subdir/afile" -> "adir/subdir/"
+TEST(RemoveFileNameTest, GivesDirAndSubDirName) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_,
+      FilePath("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_ "afile")
+      .RemoveFileName().string());
+}
+
+// RemoveFileName "/afile" -> "/"
+TEST(RemoveFileNameTest, GivesRootDir) {
+  EXPECT_EQ(GTEST_PATH_SEP_,
+      FilePath(GTEST_PATH_SEP_ "afile").RemoveFileName().string());
+}
+
+#if GTEST_HAS_ALT_PATH_SEP_
+
+// Tests that RemoveFileName() works with the alternate separator on
+// Windows.
+
+// RemoveFileName("adir/") -> "adir/"
+TEST(RemoveFileNameTest, ButNoFileForAlternateSeparator) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+            FilePath("adir/").RemoveFileName().string());
+}
+
+// RemoveFileName("adir/afile") -> "adir/"
+TEST(RemoveFileNameTest, GivesDirNameForAlternateSeparator) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_,
+            FilePath("adir/afile").RemoveFileName().string());
+}
+
+// RemoveFileName("adir/subdir/afile") -> "adir/subdir/"
+TEST(RemoveFileNameTest, GivesDirAndSubDirNameForAlternateSeparator) {
+  EXPECT_EQ("adir" GTEST_PATH_SEP_ "subdir" GTEST_PATH_SEP_,
+            FilePath("adir/subdir/afile").RemoveFileName().string());
+}
+
+// RemoveFileName("/afile") -> "\"
+TEST(RemoveFileNameTest, GivesRootDirForAlternateSeparator) {
+  EXPECT_EQ(GTEST_PATH_SEP_, FilePath("/afile").RemoveFileName().string());
+}
+
+#endif
+
+TEST(MakeFileNameTest, GenerateWhenNumberIsZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo"), FilePath("bar"),
+      0, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateFileNameNumberGtZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo"), FilePath("bar"),
+      12, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar_12.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateFileNameWithSlashNumberIsZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo" GTEST_PATH_SEP_),
+      FilePath("bar"), 0, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateFileNameWithSlashNumberGtZero) {
+  FilePath actual = FilePath::MakeFileName(FilePath("foo" GTEST_PATH_SEP_),
+      FilePath("bar"), 12, "xml");
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar_12.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateWhenNumberIsZeroAndDirIsEmpty) {
+  FilePath actual = FilePath::MakeFileName(FilePath(""), FilePath("bar"),
+      0, "xml");
+  EXPECT_EQ("bar.xml", actual.string());
+}
+
+TEST(MakeFileNameTest, GenerateWhenNumberIsNotZeroAndDirIsEmpty) {
+  FilePath actual = FilePath::MakeFileName(FilePath(""), FilePath("bar"),
+      14, "xml");
+  EXPECT_EQ("bar_14.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, WorksWhenDirDoesNotEndWithPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo"),
+                                          FilePath("bar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, WorksWhenPath1EndsWithPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo" GTEST_PATH_SEP_),
+                                          FilePath("bar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, Path1BeingEmpty) {
+  FilePath actual = FilePath::ConcatPaths(FilePath(""),
+                                          FilePath("bar.xml"));
+  EXPECT_EQ("bar.xml", actual.string());
+}
+
+TEST(ConcatPathsTest, Path2BeingEmpty) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo"), FilePath(""));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_, actual.string());
+}
+
+TEST(ConcatPathsTest, BothPathBeingEmpty) {
+  FilePath actual = FilePath::ConcatPaths(FilePath(""),
+                                          FilePath(""));
+  EXPECT_EQ("", actual.string());
+}
+
+TEST(ConcatPathsTest, Path1ContainsPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo" GTEST_PATH_SEP_ "bar"),
+                                          FilePath("foobar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_ "foobar.xml",
+            actual.string());
+}
+
+TEST(ConcatPathsTest, Path2ContainsPathSep) {
+  FilePath actual = FilePath::ConcatPaths(
+      FilePath("foo" GTEST_PATH_SEP_),
+      FilePath("bar" GTEST_PATH_SEP_ "bar.xml"));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_ "bar.xml",
+            actual.string());
+}
+
+TEST(ConcatPathsTest, Path2EndsWithPathSep) {
+  FilePath actual = FilePath::ConcatPaths(FilePath("foo"),
+                                          FilePath("bar" GTEST_PATH_SEP_));
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_, actual.string());
+}
+
+// RemoveTrailingPathSeparator "" -> ""
+TEST(RemoveTrailingPathSeparatorTest, EmptyString) {
+  EXPECT_EQ("", FilePath("").RemoveTrailingPathSeparator().string());
+}
+
+// RemoveTrailingPathSeparator "foo" -> "foo"
+TEST(RemoveTrailingPathSeparatorTest, FileNoSlashString) {
+  EXPECT_EQ("foo", FilePath("foo").RemoveTrailingPathSeparator().string());
+}
+
+// RemoveTrailingPathSeparator "foo/" -> "foo"
+TEST(RemoveTrailingPathSeparatorTest, ShouldRemoveTrailingSeparator) {
+  EXPECT_EQ("foo",
+      FilePath("foo" GTEST_PATH_SEP_).RemoveTrailingPathSeparator().string());
+#if GTEST_HAS_ALT_PATH_SEP_
+  EXPECT_EQ("foo", FilePath("foo/").RemoveTrailingPathSeparator().string());
+#endif
+}
+
+// RemoveTrailingPathSeparator "foo/bar/" -> "foo/bar/"
+TEST(RemoveTrailingPathSeparatorTest, ShouldRemoveLastSeparator) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ "bar" GTEST_PATH_SEP_)
+                .RemoveTrailingPathSeparator().string());
+}
+
+// RemoveTrailingPathSeparator "foo/bar" -> "foo/bar"
+TEST(RemoveTrailingPathSeparatorTest, ShouldReturnUnmodified) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ "bar")
+                .RemoveTrailingPathSeparator().string());
+}
+
+TEST(DirectoryTest, RootDirectoryExists) {
+#if GTEST_OS_WINDOWS  // We are on Windows.
+  char current_drive[_MAX_PATH];  // NOLINT
+  current_drive[0] = static_cast<char>(_getdrive() + 'A' - 1);
+  current_drive[1] = ':';
+  current_drive[2] = '\\';
+  current_drive[3] = '\0';
+  EXPECT_TRUE(FilePath(current_drive).DirectoryExists());
+#else
+  EXPECT_TRUE(FilePath("/").DirectoryExists());
+#endif  // GTEST_OS_WINDOWS
+}
+
+#if GTEST_OS_WINDOWS
+TEST(DirectoryTest, RootOfWrongDriveDoesNotExists) {
+  const int saved_drive_ = _getdrive();
+  // Find a drive that doesn't exist. Start with 'Z' to avoid common ones.
+  for (char drive = 'Z'; drive >= 'A'; drive--)
+    if (_chdrive(drive - 'A' + 1) == -1) {
+      char non_drive[_MAX_PATH];  // NOLINT
+      non_drive[0] = drive;
+      non_drive[1] = ':';
+      non_drive[2] = '\\';
+      non_drive[3] = '\0';
+      EXPECT_FALSE(FilePath(non_drive).DirectoryExists());
+      break;
+    }
+  _chdrive(saved_drive_);
+}
+#endif  // GTEST_OS_WINDOWS
+
+#if !GTEST_OS_WINDOWS_MOBILE
+// Windows CE _does_ consider an empty directory to exist.
+TEST(DirectoryTest, EmptyPathDirectoryDoesNotExist) {
+  EXPECT_FALSE(FilePath("").DirectoryExists());
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+TEST(DirectoryTest, CurrentDirectoryExists) {
+#if GTEST_OS_WINDOWS  // We are on Windows.
+# ifndef _WIN32_CE  // Windows CE doesn't have a current directory.
+
+  EXPECT_TRUE(FilePath(".").DirectoryExists());
+  EXPECT_TRUE(FilePath(".\\").DirectoryExists());
+
+# endif  // _WIN32_CE
+#else
+  EXPECT_TRUE(FilePath(".").DirectoryExists());
+  EXPECT_TRUE(FilePath("./").DirectoryExists());
+#endif  // GTEST_OS_WINDOWS
+}
+
+// "foo/bar" == foo//bar" == "foo///bar"
+TEST(NormalizeTest, MultipleConsecutiveSepaparatorsInMidstring) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_ "bar",
+            FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_
+                     GTEST_PATH_SEP_ "bar").string());
+}
+
+// "/bar" == //bar" == "///bar"
+TEST(NormalizeTest, MultipleConsecutiveSepaparatorsAtStringStart) {
+  EXPECT_EQ(GTEST_PATH_SEP_ "bar",
+    FilePath(GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ(GTEST_PATH_SEP_ "bar",
+    FilePath(GTEST_PATH_SEP_ GTEST_PATH_SEP_ "bar").string());
+  EXPECT_EQ(GTEST_PATH_SEP_ "bar",
+    FilePath(GTEST_PATH_SEP_ GTEST_PATH_SEP_ GTEST_PATH_SEP_ "bar").string());
+}
+
+// "foo/" == foo//" == "foo///"
+TEST(NormalizeTest, MultipleConsecutiveSepaparatorsAtStringEnd) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+    FilePath("foo" GTEST_PATH_SEP_).string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+    FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_).string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+    FilePath("foo" GTEST_PATH_SEP_ GTEST_PATH_SEP_ GTEST_PATH_SEP_).string());
+}
+
+#if GTEST_HAS_ALT_PATH_SEP_
+
+// Tests that separators at the end of the string are normalized
+// regardless of their combination (e.g. "foo\" =="foo/\" ==
+// "foo\\/").
+TEST(NormalizeTest, MixAlternateSeparatorAtStringEnd) {
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+            FilePath("foo/").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+            FilePath("foo" GTEST_PATH_SEP_ "/").string());
+  EXPECT_EQ("foo" GTEST_PATH_SEP_,
+            FilePath("foo//" GTEST_PATH_SEP_).string());
+}
+
+#endif
+
+TEST(AssignmentOperatorTest, DefaultAssignedToNonDefault) {
+  FilePath default_path;
+  FilePath non_default_path("path");
+  non_default_path = default_path;
+  EXPECT_EQ("", non_default_path.string());
+  EXPECT_EQ("", default_path.string());  // RHS var is unchanged.
+}
+
+TEST(AssignmentOperatorTest, NonDefaultAssignedToDefault) {
+  FilePath non_default_path("path");
+  FilePath default_path;
+  default_path = non_default_path;
+  EXPECT_EQ("path", default_path.string());
+  EXPECT_EQ("path", non_default_path.string());  // RHS var is unchanged.
+}
+
+TEST(AssignmentOperatorTest, ConstAssignedToNonConst) {
+  const FilePath const_default_path("const_path");
+  FilePath non_default_path("path");
+  non_default_path = const_default_path;
+  EXPECT_EQ("const_path", non_default_path.string());
+}
+
+class DirectoryCreationTest : public Test {
+ protected:
+  virtual void SetUp() {
+    testdata_path_.Set(FilePath(
+        TempDir() + GetCurrentExecutableName().string() +
+        "_directory_creation" GTEST_PATH_SEP_ "test" GTEST_PATH_SEP_));
+    testdata_file_.Set(testdata_path_.RemoveTrailingPathSeparator());
+
+    unique_file0_.Set(FilePath::MakeFileName(testdata_path_, FilePath("unique"),
+        0, "txt"));
+    unique_file1_.Set(FilePath::MakeFileName(testdata_path_, FilePath("unique"),
+        1, "txt"));
+
+    remove(testdata_file_.c_str());
+    remove(unique_file0_.c_str());
+    remove(unique_file1_.c_str());
+    posix::RmDir(testdata_path_.c_str());
+  }
+
+  virtual void TearDown() {
+    remove(testdata_file_.c_str());
+    remove(unique_file0_.c_str());
+    remove(unique_file1_.c_str());
+    posix::RmDir(testdata_path_.c_str());
+  }
+
+  std::string TempDir() const {
+#if GTEST_OS_WINDOWS_MOBILE
+    return "\\temp\\";
+#elif GTEST_OS_WINDOWS
+    const char* temp_dir = posix::GetEnv("TEMP");
+    if (temp_dir == NULL || temp_dir[0] == '\0')
+      return "\\temp\\";
+    else if (temp_dir[strlen(temp_dir) - 1] == '\\')
+      return temp_dir;
+    else
+      return std::string(temp_dir) + "\\";
+#elif GTEST_OS_LINUX_ANDROID
+    return "/sdcard/";
+#else
+    return "/tmp/";
+#endif  // GTEST_OS_WINDOWS_MOBILE
+  }
+
+  void CreateTextFile(const char* filename) {
+    FILE* f = posix::FOpen(filename, "w");
+    fprintf(f, "text\n");
+    fclose(f);
+  }
+
+  // Strings representing a directory and a file, with identical paths
+  // except for the trailing separator character that distinquishes
+  // a directory named 'test' from a file named 'test'. Example names:
+  FilePath testdata_path_;  // "/tmp/directory_creation/test/"
+  FilePath testdata_file_;  // "/tmp/directory_creation/test"
+  FilePath unique_file0_;  // "/tmp/directory_creation/test/unique.txt"
+  FilePath unique_file1_;  // "/tmp/directory_creation/test/unique_1.txt"
+};
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesRecursively) {
+  EXPECT_FALSE(testdata_path_.DirectoryExists()) << testdata_path_.string();
+  EXPECT_TRUE(testdata_path_.CreateDirectoriesRecursively());
+  EXPECT_TRUE(testdata_path_.DirectoryExists());
+}
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesForAlreadyExistingPath) {
+  EXPECT_FALSE(testdata_path_.DirectoryExists()) << testdata_path_.string();
+  EXPECT_TRUE(testdata_path_.CreateDirectoriesRecursively());
+  // Call 'create' again... should still succeed.
+  EXPECT_TRUE(testdata_path_.CreateDirectoriesRecursively());
+}
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesAndUniqueFilename) {
+  FilePath file_path(FilePath::GenerateUniqueFileName(testdata_path_,
+      FilePath("unique"), "txt"));
+  EXPECT_EQ(unique_file0_.string(), file_path.string());
+  EXPECT_FALSE(file_path.FileOrDirectoryExists());  // file not there
+
+  testdata_path_.CreateDirectoriesRecursively();
+  EXPECT_FALSE(file_path.FileOrDirectoryExists());  // file still not there
+  CreateTextFile(file_path.c_str());
+  EXPECT_TRUE(file_path.FileOrDirectoryExists());
+
+  FilePath file_path2(FilePath::GenerateUniqueFileName(testdata_path_,
+      FilePath("unique"), "txt"));
+  EXPECT_EQ(unique_file1_.string(), file_path2.string());
+  EXPECT_FALSE(file_path2.FileOrDirectoryExists());  // file not there
+  CreateTextFile(file_path2.c_str());
+  EXPECT_TRUE(file_path2.FileOrDirectoryExists());
+}
+
+TEST_F(DirectoryCreationTest, CreateDirectoriesFail) {
+  // force a failure by putting a file where we will try to create a directory.
+  CreateTextFile(testdata_file_.c_str());
+  EXPECT_TRUE(testdata_file_.FileOrDirectoryExists());
+  EXPECT_FALSE(testdata_file_.DirectoryExists());
+  EXPECT_FALSE(testdata_file_.CreateDirectoriesRecursively());
+}
+
+TEST(NoDirectoryCreationTest, CreateNoDirectoriesForDefaultXmlFile) {
+  const FilePath test_detail_xml("test_detail.xml");
+  EXPECT_FALSE(test_detail_xml.CreateDirectoriesRecursively());
+}
+
+TEST(FilePathTest, DefaultConstructor) {
+  FilePath fp;
+  EXPECT_EQ("", fp.string());
+}
+
+TEST(FilePathTest, CharAndCopyConstructors) {
+  const FilePath fp("spicy");
+  EXPECT_EQ("spicy", fp.string());
+
+  const FilePath fp_copy(fp);
+  EXPECT_EQ("spicy", fp_copy.string());
+}
+
+TEST(FilePathTest, StringConstructor) {
+  const FilePath fp(std::string("cider"));
+  EXPECT_EQ("cider", fp.string());
+}
+
+TEST(FilePathTest, Set) {
+  const FilePath apple("apple");
+  FilePath mac("mac");
+  mac.Set(apple);  // Implement Set() since overloading operator= is forbidden.
+  EXPECT_EQ("apple", mac.string());
+  EXPECT_EQ("apple", apple.string());
+}
+
+TEST(FilePathTest, ToString) {
+  const FilePath file("drink");
+  EXPECT_EQ("drink", file.string());
+}
+
+TEST(FilePathTest, RemoveExtension) {
+  EXPECT_EQ("app", FilePath("app.cc").RemoveExtension("cc").string());
+  EXPECT_EQ("app", FilePath("app.exe").RemoveExtension("exe").string());
+  EXPECT_EQ("APP", FilePath("APP.EXE").RemoveExtension("exe").string());
+}
+
+TEST(FilePathTest, RemoveExtensionWhenThereIsNoExtension) {
+  EXPECT_EQ("app", FilePath("app").RemoveExtension("exe").string());
+}
+
+TEST(FilePathTest, IsDirectory) {
+  EXPECT_FALSE(FilePath("cola").IsDirectory());
+  EXPECT_TRUE(FilePath("koala" GTEST_PATH_SEP_).IsDirectory());
+#if GTEST_HAS_ALT_PATH_SEP_
+  EXPECT_TRUE(FilePath("koala/").IsDirectory());
+#endif
+}
+
+TEST(FilePathTest, IsAbsolutePath) {
+  EXPECT_FALSE(FilePath("is" GTEST_PATH_SEP_ "relative").IsAbsolutePath());
+  EXPECT_FALSE(FilePath("").IsAbsolutePath());
+#if GTEST_OS_WINDOWS
+  EXPECT_TRUE(FilePath("c:\\" GTEST_PATH_SEP_ "is_not"
+                       GTEST_PATH_SEP_ "relative").IsAbsolutePath());
+  EXPECT_FALSE(FilePath("c:foo" GTEST_PATH_SEP_ "bar").IsAbsolutePath());
+  EXPECT_TRUE(FilePath("c:/" GTEST_PATH_SEP_ "is_not"
+                       GTEST_PATH_SEP_ "relative").IsAbsolutePath());
+#else
+  EXPECT_TRUE(FilePath(GTEST_PATH_SEP_ "is_not" GTEST_PATH_SEP_ "relative")
+              .IsAbsolutePath());
+#endif  // GTEST_OS_WINDOWS
+}
+
+TEST(FilePathTest, IsRootDirectory) {
+#if GTEST_OS_WINDOWS
+  EXPECT_TRUE(FilePath("a:\\").IsRootDirectory());
+  EXPECT_TRUE(FilePath("Z:/").IsRootDirectory());
+  EXPECT_TRUE(FilePath("e://").IsRootDirectory());
+  EXPECT_FALSE(FilePath("").IsRootDirectory());
+  EXPECT_FALSE(FilePath("b:").IsRootDirectory());
+  EXPECT_FALSE(FilePath("b:a").IsRootDirectory());
+  EXPECT_FALSE(FilePath("8:/").IsRootDirectory());
+  EXPECT_FALSE(FilePath("c|/").IsRootDirectory());
+#else
+  EXPECT_TRUE(FilePath("/").IsRootDirectory());
+  EXPECT_TRUE(FilePath("//").IsRootDirectory());
+  EXPECT_FALSE(FilePath("").IsRootDirectory());
+  EXPECT_FALSE(FilePath("\\").IsRootDirectory());
+  EXPECT_FALSE(FilePath("/x").IsRootDirectory());
+#endif
+}
+
+}  // namespace
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/test/gtest-linked_ptr_test.cc b/nss/gtests/google_test/gtest/test/gtest-linked_ptr_test.cc
new file mode 100644
index 0000000..6fcf512
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-linked_ptr_test.cc
@@ -0,0 +1,154 @@
+// Copyright 2003, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: Dan Egnor (egnor@google.com)
+// Ported to Windows: Vadim Berman (vadimb@google.com)
+
+#include "gtest/internal/gtest-linked_ptr.h"
+
+#include <stdlib.h>
+#include "gtest/gtest.h"
+
+namespace {
+
+using testing::Message;
+using testing::internal::linked_ptr;
+
+int num;
+Message* history = NULL;
+
+// Class which tracks allocation/deallocation
+class A {
+ public:
+  A(): mynum(num++) { *history << "A" << mynum << " ctor\n"; }
+  virtual ~A() { *history << "A" << mynum << " dtor\n"; }
+  virtual void Use() { *history << "A" << mynum << " use\n"; }
+ protected:
+  int mynum;
+};
+
+// Subclass
+class B : public A {
+ public:
+  B() { *history << "B" << mynum << " ctor\n"; }
+  ~B() { *history << "B" << mynum << " dtor\n"; }
+  virtual void Use() { *history << "B" << mynum << " use\n"; }
+};
+
+class LinkedPtrTest : public testing::Test {
+ public:
+  LinkedPtrTest() {
+    num = 0;
+    history = new Message;
+  }
+
+  virtual ~LinkedPtrTest() {
+    delete history;
+    history = NULL;
+  }
+};
+
+TEST_F(LinkedPtrTest, GeneralTest) {
+  {
+    linked_ptr<A> a0, a1, a2;
+    // Use explicit function call notation here to suppress self-assign warning.
+    a0.operator=(a0);
+    a1 = a2;
+    ASSERT_EQ(a0.get(), static_cast<A*>(NULL));
+    ASSERT_EQ(a1.get(), static_cast<A*>(NULL));
+    ASSERT_EQ(a2.get(), static_cast<A*>(NULL));
+    ASSERT_TRUE(a0 == NULL);
+    ASSERT_TRUE(a1 == NULL);
+    ASSERT_TRUE(a2 == NULL);
+
+    {
+      linked_ptr<A> a3(new A);
+      a0 = a3;
+      ASSERT_TRUE(a0 == a3);
+      ASSERT_TRUE(a0 != NULL);
+      ASSERT_TRUE(a0.get() == a3);
+      ASSERT_TRUE(a0 == a3.get());
+      linked_ptr<A> a4(a0);
+      a1 = a4;
+      linked_ptr<A> a5(new A);
+      ASSERT_TRUE(a5.get() != a3);
+      ASSERT_TRUE(a5 != a3.get());
+      a2 = a5;
+      linked_ptr<B> b0(new B);
+      linked_ptr<A> a6(b0);
+      ASSERT_TRUE(b0 == a6);
+      ASSERT_TRUE(a6 == b0);
+      ASSERT_TRUE(b0 != NULL);
+      a5 = b0;
+      a5 = b0;
+      a3->Use();
+      a4->Use();
+      a5->Use();
+      a6->Use();
+      b0->Use();
+      (*b0).Use();
+      b0.get()->Use();
+    }
+
+    a0->Use();
+    a1->Use();
+    a2->Use();
+
+    a1 = a2;
+    a2.reset(new A);
+    a0.reset();
+
+    linked_ptr<A> a7;
+  }
+
+  ASSERT_STREQ(
+    "A0 ctor\n"
+    "A1 ctor\n"
+    "A2 ctor\n"
+    "B2 ctor\n"
+    "A0 use\n"
+    "A0 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 use\n"
+    "B2 dtor\n"
+    "A2 dtor\n"
+    "A0 use\n"
+    "A0 use\n"
+    "A1 use\n"
+    "A3 ctor\n"
+    "A0 dtor\n"
+    "A3 dtor\n"
+    "A1 dtor\n",
+    history->GetString().c_str());
+}
+
+}  // Unnamed namespace
diff --git a/nss/gtests/google_test/gtest/test/gtest-listener_test.cc b/nss/gtests/google_test/gtest/test/gtest-listener_test.cc
new file mode 100644
index 0000000..99662cf
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-listener_test.cc
@@ -0,0 +1,310 @@
+// Copyright 2009 Google Inc. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This file verifies Google Test event listeners receive events at the
+// right times.
+
+#include "gtest/gtest.h"
+#include <vector>
+
+using ::testing::AddGlobalTestEnvironment;
+using ::testing::Environment;
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::TestCase;
+using ::testing::TestEventListener;
+using ::testing::TestInfo;
+using ::testing::TestPartResult;
+using ::testing::UnitTest;
+
+// Used by tests to register their events.
+std::vector<std::string>* g_events = NULL;
+
+namespace testing {
+namespace internal {
+
+class EventRecordingListener : public TestEventListener {
+ public:
+  explicit EventRecordingListener(const char* name) : name_(name) {}
+
+ protected:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnTestProgramStart"));
+  }
+
+  virtual void OnTestIterationStart(const UnitTest& /*unit_test*/,
+                                    int iteration) {
+    Message message;
+    message << GetFullMethodName("OnTestIterationStart")
+            << "(" << iteration << ")";
+    g_events->push_back(message.GetString());
+  }
+
+  virtual void OnEnvironmentsSetUpStart(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsSetUpStart"));
+  }
+
+  virtual void OnEnvironmentsSetUpEnd(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsSetUpEnd"));
+  }
+
+  virtual void OnTestCaseStart(const TestCase& /*test_case*/) {
+    g_events->push_back(GetFullMethodName("OnTestCaseStart"));
+  }
+
+  virtual void OnTestStart(const TestInfo& /*test_info*/) {
+    g_events->push_back(GetFullMethodName("OnTestStart"));
+  }
+
+  virtual void OnTestPartResult(const TestPartResult& /*test_part_result*/) {
+    g_events->push_back(GetFullMethodName("OnTestPartResult"));
+  }
+
+  virtual void OnTestEnd(const TestInfo& /*test_info*/) {
+    g_events->push_back(GetFullMethodName("OnTestEnd"));
+  }
+
+  virtual void OnTestCaseEnd(const TestCase& /*test_case*/) {
+    g_events->push_back(GetFullMethodName("OnTestCaseEnd"));
+  }
+
+  virtual void OnEnvironmentsTearDownStart(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsTearDownStart"));
+  }
+
+  virtual void OnEnvironmentsTearDownEnd(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnEnvironmentsTearDownEnd"));
+  }
+
+  virtual void OnTestIterationEnd(const UnitTest& /*unit_test*/,
+                                  int iteration) {
+    Message message;
+    message << GetFullMethodName("OnTestIterationEnd")
+            << "("  << iteration << ")";
+    g_events->push_back(message.GetString());
+  }
+
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {
+    g_events->push_back(GetFullMethodName("OnTestProgramEnd"));
+  }
+
+ private:
+  std::string GetFullMethodName(const char* name) {
+    return name_ + "." + name;
+  }
+
+  std::string name_;
+};
+
+class EnvironmentInvocationCatcher : public Environment {
+ protected:
+  virtual void SetUp() {
+    g_events->push_back("Environment::SetUp");
+  }
+
+  virtual void TearDown() {
+    g_events->push_back("Environment::TearDown");
+  }
+};
+
+class ListenerTest : public Test {
+ protected:
+  static void SetUpTestCase() {
+    g_events->push_back("ListenerTest::SetUpTestCase");
+  }
+
+  static void TearDownTestCase() {
+    g_events->push_back("ListenerTest::TearDownTestCase");
+  }
+
+  virtual void SetUp() {
+    g_events->push_back("ListenerTest::SetUp");
+  }
+
+  virtual void TearDown() {
+    g_events->push_back("ListenerTest::TearDown");
+  }
+};
+
+TEST_F(ListenerTest, DoesFoo) {
+  // Test execution order within a test case is not guaranteed so we are not
+  // recording the test name.
+  g_events->push_back("ListenerTest::* Test Body");
+  SUCCEED();  // Triggers OnTestPartResult.
+}
+
+TEST_F(ListenerTest, DoesBar) {
+  g_events->push_back("ListenerTest::* Test Body");
+  SUCCEED();  // Triggers OnTestPartResult.
+}
+
+}  // namespace internal
+
+}  // namespace testing
+
+using ::testing::internal::EnvironmentInvocationCatcher;
+using ::testing::internal::EventRecordingListener;
+
+void VerifyResults(const std::vector<std::string>& data,
+                   const char* const* expected_data,
+                   int expected_data_size) {
+  const int actual_size = data.size();
+  // If the following assertion fails, a new entry will be appended to
+  // data.  Hence we save data.size() first.
+  EXPECT_EQ(expected_data_size, actual_size);
+
+  // Compares the common prefix.
+  const int shorter_size = expected_data_size <= actual_size ?
+      expected_data_size : actual_size;
+  int i = 0;
+  for (; i < shorter_size; ++i) {
+    ASSERT_STREQ(expected_data[i], data[i].c_str())
+        << "at position " << i;
+  }
+
+  // Prints extra elements in the actual data.
+  for (; i < actual_size; ++i) {
+    printf("  Actual event #%d: %s\n", i, data[i].c_str());
+  }
+}
+
+int main(int argc, char **argv) {
+  std::vector<std::string> events;
+  g_events = &events;
+  InitGoogleTest(&argc, argv);
+
+  UnitTest::GetInstance()->listeners().Append(
+      new EventRecordingListener("1st"));
+  UnitTest::GetInstance()->listeners().Append(
+      new EventRecordingListener("2nd"));
+
+  AddGlobalTestEnvironment(new EnvironmentInvocationCatcher);
+
+  GTEST_CHECK_(events.size() == 0)
+      << "AddGlobalTestEnvironment should not generate any events itself.";
+
+  ::testing::GTEST_FLAG(repeat) = 2;
+  int ret_val = RUN_ALL_TESTS();
+
+  const char* const expected_events[] = {
+    "1st.OnTestProgramStart",
+    "2nd.OnTestProgramStart",
+    "1st.OnTestIterationStart(0)",
+    "2nd.OnTestIterationStart(0)",
+    "1st.OnEnvironmentsSetUpStart",
+    "2nd.OnEnvironmentsSetUpStart",
+    "Environment::SetUp",
+    "2nd.OnEnvironmentsSetUpEnd",
+    "1st.OnEnvironmentsSetUpEnd",
+    "1st.OnTestCaseStart",
+    "2nd.OnTestCaseStart",
+    "ListenerTest::SetUpTestCase",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "ListenerTest::TearDownTestCase",
+    "2nd.OnTestCaseEnd",
+    "1st.OnTestCaseEnd",
+    "1st.OnEnvironmentsTearDownStart",
+    "2nd.OnEnvironmentsTearDownStart",
+    "Environment::TearDown",
+    "2nd.OnEnvironmentsTearDownEnd",
+    "1st.OnEnvironmentsTearDownEnd",
+    "2nd.OnTestIterationEnd(0)",
+    "1st.OnTestIterationEnd(0)",
+    "1st.OnTestIterationStart(1)",
+    "2nd.OnTestIterationStart(1)",
+    "1st.OnEnvironmentsSetUpStart",
+    "2nd.OnEnvironmentsSetUpStart",
+    "Environment::SetUp",
+    "2nd.OnEnvironmentsSetUpEnd",
+    "1st.OnEnvironmentsSetUpEnd",
+    "1st.OnTestCaseStart",
+    "2nd.OnTestCaseStart",
+    "ListenerTest::SetUpTestCase",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "1st.OnTestStart",
+    "2nd.OnTestStart",
+    "ListenerTest::SetUp",
+    "ListenerTest::* Test Body",
+    "1st.OnTestPartResult",
+    "2nd.OnTestPartResult",
+    "ListenerTest::TearDown",
+    "2nd.OnTestEnd",
+    "1st.OnTestEnd",
+    "ListenerTest::TearDownTestCase",
+    "2nd.OnTestCaseEnd",
+    "1st.OnTestCaseEnd",
+    "1st.OnEnvironmentsTearDownStart",
+    "2nd.OnEnvironmentsTearDownStart",
+    "Environment::TearDown",
+    "2nd.OnEnvironmentsTearDownEnd",
+    "1st.OnEnvironmentsTearDownEnd",
+    "2nd.OnTestIterationEnd(1)",
+    "1st.OnTestIterationEnd(1)",
+    "2nd.OnTestProgramEnd",
+    "1st.OnTestProgramEnd"
+  };
+  VerifyResults(events,
+                expected_events,
+                sizeof(expected_events)/sizeof(expected_events[0]));
+
+  // We need to check manually for ad hoc test failures that happen after
+  // RUN_ALL_TESTS finishes.
+  if (UnitTest::GetInstance()->Failed())
+    ret_val = 1;
+
+  return ret_val;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest-message_test.cc b/nss/gtests/google_test/gtest/test/gtest-message_test.cc
new file mode 100644
index 0000000..175238e
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-message_test.cc
@@ -0,0 +1,159 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for the Message class.
+
+#include "gtest/gtest-message.h"
+
+#include "gtest/gtest.h"
+
+namespace {
+
+using ::testing::Message;
+
+// Tests the testing::Message class
+
+// Tests the default constructor.
+TEST(MessageTest, DefaultConstructor) {
+  const Message msg;
+  EXPECT_EQ("", msg.GetString());
+}
+
+// Tests the copy constructor.
+TEST(MessageTest, CopyConstructor) {
+  const Message msg1("Hello");
+  const Message msg2(msg1);
+  EXPECT_EQ("Hello", msg2.GetString());
+}
+
+// Tests constructing a Message from a C-string.
+TEST(MessageTest, ConstructsFromCString) {
+  Message msg("Hello");
+  EXPECT_EQ("Hello", msg.GetString());
+}
+
+// Tests streaming a float.
+TEST(MessageTest, StreamsFloat) {
+  const std::string s = (Message() << 1.23456F << " " << 2.34567F).GetString();
+  // Both numbers should be printed with enough precision.
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "1.234560", s.c_str());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, " 2.345669", s.c_str());
+}
+
+// Tests streaming a double.
+TEST(MessageTest, StreamsDouble) {
+  const std::string s = (Message() << 1260570880.4555497 << " "
+                                  << 1260572265.1954534).GetString();
+  // Both numbers should be printed with enough precision.
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "1260570880.45", s.c_str());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, " 1260572265.19", s.c_str());
+}
+
+// Tests streaming a non-char pointer.
+TEST(MessageTest, StreamsPointer) {
+  int n = 0;
+  int* p = &n;
+  EXPECT_NE("(null)", (Message() << p).GetString());
+}
+
+// Tests streaming a NULL non-char pointer.
+TEST(MessageTest, StreamsNullPointer) {
+  int* p = NULL;
+  EXPECT_EQ("(null)", (Message() << p).GetString());
+}
+
+// Tests streaming a C string.
+TEST(MessageTest, StreamsCString) {
+  EXPECT_EQ("Foo", (Message() << "Foo").GetString());
+}
+
+// Tests streaming a NULL C string.
+TEST(MessageTest, StreamsNullCString) {
+  char* p = NULL;
+  EXPECT_EQ("(null)", (Message() << p).GetString());
+}
+
+// Tests streaming std::string.
+TEST(MessageTest, StreamsString) {
+  const ::std::string str("Hello");
+  EXPECT_EQ("Hello", (Message() << str).GetString());
+}
+
+// Tests that we can output strings containing embedded NULs.
+TEST(MessageTest, StreamsStringWithEmbeddedNUL) {
+  const char char_array_with_nul[] =
+      "Here's a NUL\0 and some more string";
+  const ::std::string string_with_nul(char_array_with_nul,
+                                      sizeof(char_array_with_nul) - 1);
+  EXPECT_EQ("Here's a NUL\\0 and some more string",
+            (Message() << string_with_nul).GetString());
+}
+
+// Tests streaming a NUL char.
+TEST(MessageTest, StreamsNULChar) {
+  EXPECT_EQ("\\0", (Message() << '\0').GetString());
+}
+
+// Tests streaming int.
+TEST(MessageTest, StreamsInt) {
+  EXPECT_EQ("123", (Message() << 123).GetString());
+}
+
+// Tests that basic IO manipulators (endl, ends, and flush) can be
+// streamed to Message.
+TEST(MessageTest, StreamsBasicIoManip) {
+  EXPECT_EQ("Line 1.\nA NUL char \\0 in line 2.",
+               (Message() << "Line 1." << std::endl
+                         << "A NUL char " << std::ends << std::flush
+                         << " in line 2.").GetString());
+}
+
+// Tests Message::GetString()
+TEST(MessageTest, GetString) {
+  Message msg;
+  msg << 1 << " lamb";
+  EXPECT_EQ("1 lamb", msg.GetString());
+}
+
+// Tests streaming a Message object to an ostream.
+TEST(MessageTest, StreamsToOStream) {
+  Message msg("Hello");
+  ::std::stringstream ss;
+  ss << msg;
+  EXPECT_EQ("Hello", testing::internal::StringStreamToString(&ss));
+}
+
+// Tests that a Message object doesn't take up too much stack space.
+TEST(MessageTest, DoesNotTakeUpMuchStackSpace) {
+  EXPECT_LE(sizeof(Message), 16U);
+}
+
+}  // namespace
diff --git a/nss/gtests/google_test/gtest/test/gtest-options_test.cc b/nss/gtests/google_test/gtest/test/gtest-options_test.cc
new file mode 100644
index 0000000..5586dc3
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-options_test.cc
@@ -0,0 +1,215 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: keith.ray@gmail.com (Keith Ray)
+//
+// Google Test UnitTestOptions tests
+//
+// This file tests classes and functions used internally by
+// Google Test.  They are subject to change without notice.
+//
+// This file is #included from gtest.cc, to avoid changing build or
+// make-files on Windows and other platforms. Do not #include this file
+// anywhere else!
+
+#include "gtest/gtest.h"
+
+#if GTEST_OS_WINDOWS_MOBILE
+# include <windows.h>
+#elif GTEST_OS_WINDOWS
+# include <direct.h>
+#endif  // GTEST_OS_WINDOWS_MOBILE
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+namespace internal {
+namespace {
+
+// Turns the given relative path into an absolute path.
+FilePath GetAbsolutePathOf(const FilePath& relative_path) {
+  return FilePath::ConcatPaths(FilePath::GetCurrentDir(), relative_path);
+}
+
+// Testing UnitTestOptions::GetOutputFormat/GetOutputFile.
+
+TEST(XmlOutputTest, GetOutputFormatDefault) {
+  GTEST_FLAG(output) = "";
+  EXPECT_STREQ("", UnitTestOptions::GetOutputFormat().c_str());
+}
+
+TEST(XmlOutputTest, GetOutputFormat) {
+  GTEST_FLAG(output) = "xml:filename";
+  EXPECT_STREQ("xml", UnitTestOptions::GetOutputFormat().c_str());
+}
+
+TEST(XmlOutputTest, GetOutputFileDefault) {
+  GTEST_FLAG(output) = "";
+  EXPECT_EQ(GetAbsolutePathOf(FilePath("test_detail.xml")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST(XmlOutputTest, GetOutputFileSingleFile) {
+  GTEST_FLAG(output) = "xml:filename.abc";
+  EXPECT_EQ(GetAbsolutePathOf(FilePath("filename.abc")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST(XmlOutputTest, GetOutputFileFromDirectoryPath) {
+  GTEST_FLAG(output) = "xml:path" GTEST_PATH_SEP_;
+  const std::string expected_output_file =
+      GetAbsolutePathOf(
+          FilePath(std::string("path") + GTEST_PATH_SEP_ +
+                   GetCurrentExecutableName().string() + ".xml")).string();
+  const std::string& output_file =
+      UnitTestOptions::GetAbsolutePathToOutputFile();
+#if GTEST_OS_WINDOWS
+  EXPECT_STRCASEEQ(expected_output_file.c_str(), output_file.c_str());
+#else
+  EXPECT_EQ(expected_output_file, output_file.c_str());
+#endif
+}
+
+TEST(OutputFileHelpersTest, GetCurrentExecutableName) {
+  const std::string exe_str = GetCurrentExecutableName().string();
+#if GTEST_OS_WINDOWS
+  const bool success =
+      _strcmpi("gtest-options_test", exe_str.c_str()) == 0 ||
+      _strcmpi("gtest-options-ex_test", exe_str.c_str()) == 0 ||
+      _strcmpi("gtest_all_test", exe_str.c_str()) == 0 ||
+      _strcmpi("gtest_dll_test", exe_str.c_str()) == 0;
+#else
+  // TODO(wan@google.com): remove the hard-coded "lt-" prefix when
+  //   Chandler Carruth's libtool replacement is ready.
+  const bool success =
+      exe_str == "gtest-options_test" ||
+      exe_str == "gtest_all_test" ||
+      exe_str == "lt-gtest_all_test" ||
+      exe_str == "gtest_dll_test";
+#endif  // GTEST_OS_WINDOWS
+  if (!success)
+    FAIL() << "GetCurrentExecutableName() returns " << exe_str;
+}
+
+class XmlOutputChangeDirTest : public Test {
+ protected:
+  virtual void SetUp() {
+    original_working_dir_ = FilePath::GetCurrentDir();
+    posix::ChDir("..");
+    // This will make the test fail if run from the root directory.
+    EXPECT_NE(original_working_dir_.string(),
+              FilePath::GetCurrentDir().string());
+  }
+
+  virtual void TearDown() {
+    posix::ChDir(original_working_dir_.string().c_str());
+  }
+
+  FilePath original_working_dir_;
+};
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithDefault) {
+  GTEST_FLAG(output) = "";
+  EXPECT_EQ(FilePath::ConcatPaths(original_working_dir_,
+                                  FilePath("test_detail.xml")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithDefaultXML) {
+  GTEST_FLAG(output) = "xml";
+  EXPECT_EQ(FilePath::ConcatPaths(original_working_dir_,
+                                  FilePath("test_detail.xml")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithRelativeFile) {
+  GTEST_FLAG(output) = "xml:filename.abc";
+  EXPECT_EQ(FilePath::ConcatPaths(original_working_dir_,
+                                  FilePath("filename.abc")).string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithRelativePath) {
+  GTEST_FLAG(output) = "xml:path" GTEST_PATH_SEP_;
+  const std::string expected_output_file =
+      FilePath::ConcatPaths(
+          original_working_dir_,
+          FilePath(std::string("path") + GTEST_PATH_SEP_ +
+                   GetCurrentExecutableName().string() + ".xml")).string();
+  const std::string& output_file =
+      UnitTestOptions::GetAbsolutePathToOutputFile();
+#if GTEST_OS_WINDOWS
+  EXPECT_STRCASEEQ(expected_output_file.c_str(), output_file.c_str());
+#else
+  EXPECT_EQ(expected_output_file, output_file.c_str());
+#endif
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithAbsoluteFile) {
+#if GTEST_OS_WINDOWS
+  GTEST_FLAG(output) = "xml:c:\\tmp\\filename.abc";
+  EXPECT_EQ(FilePath("c:\\tmp\\filename.abc").string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+#else
+  GTEST_FLAG(output) ="xml:/tmp/filename.abc";
+  EXPECT_EQ(FilePath("/tmp/filename.abc").string(),
+            UnitTestOptions::GetAbsolutePathToOutputFile());
+#endif
+}
+
+TEST_F(XmlOutputChangeDirTest, PreserveOriginalWorkingDirWithAbsolutePath) {
+#if GTEST_OS_WINDOWS
+  const std::string path = "c:\\tmp\\";
+#else
+  const std::string path = "/tmp/";
+#endif
+
+  GTEST_FLAG(output) = "xml:" + path;
+  const std::string expected_output_file =
+      path + GetCurrentExecutableName().string() + ".xml";
+  const std::string& output_file =
+      UnitTestOptions::GetAbsolutePathToOutputFile();
+
+#if GTEST_OS_WINDOWS
+  EXPECT_STRCASEEQ(expected_output_file.c_str(), output_file.c_str());
+#else
+  EXPECT_EQ(expected_output_file, output_file.c_str());
+#endif
+}
+
+}  // namespace
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/test/gtest-param-test2_test.cc b/nss/gtests/google_test/gtest/test/gtest-param-test2_test.cc
new file mode 100644
index 0000000..4a782fe
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-param-test2_test.cc
@@ -0,0 +1,65 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests for Google Test itself.  This verifies that the basic constructs of
+// Google Test work.
+
+#include "gtest/gtest.h"
+
+#include "test/gtest-param-test_test.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+using ::testing::Values;
+using ::testing::internal::ParamGenerator;
+
+// Tests that generators defined in a different translation unit
+// are functional. The test using extern_gen is defined
+// in gtest-param-test_test.cc.
+ParamGenerator<int> extern_gen = Values(33);
+
+// Tests that a parameterized test case can be defined in one translation unit
+// and instantiated in another. The test is defined in gtest-param-test_test.cc
+// and ExternalInstantiationTest fixture class is defined in
+// gtest-param-test_test.h.
+INSTANTIATE_TEST_CASE_P(MultiplesOf33,
+                        ExternalInstantiationTest,
+                        Values(33, 66));
+
+// Tests that a parameterized test case can be instantiated
+// in multiple translation units. Another instantiation is defined
+// in gtest-param-test_test.cc and InstantiationInMultipleTranslaionUnitsTest
+// fixture is defined in gtest-param-test_test.h
+INSTANTIATE_TEST_CASE_P(Sequence2,
+                        InstantiationInMultipleTranslaionUnitsTest,
+                        Values(42*3, 42*4, 42*5));
+
+#endif  // GTEST_HAS_PARAM_TEST
diff --git a/nss/gtests/google_test/gtest/test/gtest-param-test_test.cc b/nss/gtests/google_test/gtest/test/gtest-param-test_test.cc
new file mode 100644
index 0000000..cc1dc65
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-param-test_test.cc
@@ -0,0 +1,904 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests for Google Test itself. This file verifies that the parameter
+// generators objects produce correct parameter sequences and that
+// Google Test runtime instantiates correct tests from those sequences.
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+# include <algorithm>
+# include <iostream>
+# include <list>
+# include <sstream>
+# include <string>
+# include <vector>
+
+// To include gtest-internal-inl.h.
+# define GTEST_IMPLEMENTATION_ 1
+# include "src/gtest-internal-inl.h"  // for UnitTestOptions
+# undef GTEST_IMPLEMENTATION_
+
+# include "test/gtest-param-test_test.h"
+
+using ::std::vector;
+using ::std::sort;
+
+using ::testing::AddGlobalTestEnvironment;
+using ::testing::Bool;
+using ::testing::Message;
+using ::testing::Range;
+using ::testing::TestWithParam;
+using ::testing::Values;
+using ::testing::ValuesIn;
+
+# if GTEST_HAS_COMBINE
+using ::testing::Combine;
+using ::testing::get;
+using ::testing::make_tuple;
+using ::testing::tuple;
+# endif  // GTEST_HAS_COMBINE
+
+using ::testing::internal::ParamGenerator;
+using ::testing::internal::UnitTestOptions;
+
+// Prints a value to a string.
+//
+// TODO(wan@google.com): remove PrintValue() when we move matchers and
+// EXPECT_THAT() from Google Mock to Google Test.  At that time, we
+// can write EXPECT_THAT(x, Eq(y)) to compare two tuples x and y, as
+// EXPECT_THAT() and the matchers know how to print tuples.
+template <typename T>
+::std::string PrintValue(const T& value) {
+  ::std::stringstream stream;
+  stream << value;
+  return stream.str();
+}
+
+# if GTEST_HAS_COMBINE
+
+// These overloads allow printing tuples in our tests.  We cannot
+// define an operator<< for tuples, as that definition needs to be in
+// the std namespace in order to be picked up by Google Test via
+// Argument-Dependent Lookup, yet defining anything in the std
+// namespace in non-STL code is undefined behavior.
+
+template <typename T1, typename T2>
+::std::string PrintValue(const tuple<T1, T2>& value) {
+  ::std::stringstream stream;
+  stream << "(" << get<0>(value) << ", " << get<1>(value) << ")";
+  return stream.str();
+}
+
+template <typename T1, typename T2, typename T3>
+::std::string PrintValue(const tuple<T1, T2, T3>& value) {
+  ::std::stringstream stream;
+  stream << "(" << get<0>(value) << ", " << get<1>(value)
+         << ", "<< get<2>(value) << ")";
+  return stream.str();
+}
+
+template <typename T1, typename T2, typename T3, typename T4, typename T5,
+          typename T6, typename T7, typename T8, typename T9, typename T10>
+::std::string PrintValue(
+    const tuple<T1, T2, T3, T4, T5, T6, T7, T8, T9, T10>& value) {
+  ::std::stringstream stream;
+  stream << "(" << get<0>(value) << ", " << get<1>(value)
+         << ", "<< get<2>(value) << ", " << get<3>(value)
+         << ", "<< get<4>(value) << ", " << get<5>(value)
+         << ", "<< get<6>(value) << ", " << get<7>(value)
+         << ", "<< get<8>(value) << ", " << get<9>(value) << ")";
+  return stream.str();
+}
+
+# endif  // GTEST_HAS_COMBINE
+
+// Verifies that a sequence generated by the generator and accessed
+// via the iterator object matches the expected one using Google Test
+// assertions.
+template <typename T, size_t N>
+void VerifyGenerator(const ParamGenerator<T>& generator,
+                     const T (&expected_values)[N]) {
+  typename ParamGenerator<T>::iterator it = generator.begin();
+  for (size_t i = 0; i < N; ++i) {
+    ASSERT_FALSE(it == generator.end())
+        << "At element " << i << " when accessing via an iterator "
+        << "created with the copy constructor.\n";
+    // We cannot use EXPECT_EQ() here as the values may be tuples,
+    // which don't support <<.
+    EXPECT_TRUE(expected_values[i] == *it)
+        << "where i is " << i
+        << ", expected_values[i] is " << PrintValue(expected_values[i])
+        << ", *it is " << PrintValue(*it)
+        << ", and 'it' is an iterator created with the copy constructor.\n";
+    it++;
+  }
+  EXPECT_TRUE(it == generator.end())
+        << "At the presumed end of sequence when accessing via an iterator "
+        << "created with the copy constructor.\n";
+
+  // Test the iterator assignment. The following lines verify that
+  // the sequence accessed via an iterator initialized via the
+  // assignment operator (as opposed to a copy constructor) matches
+  // just the same.
+  it = generator.begin();
+  for (size_t i = 0; i < N; ++i) {
+    ASSERT_FALSE(it == generator.end())
+        << "At element " << i << " when accessing via an iterator "
+        << "created with the assignment operator.\n";
+    EXPECT_TRUE(expected_values[i] == *it)
+        << "where i is " << i
+        << ", expected_values[i] is " << PrintValue(expected_values[i])
+        << ", *it is " << PrintValue(*it)
+        << ", and 'it' is an iterator created with the copy constructor.\n";
+    it++;
+  }
+  EXPECT_TRUE(it == generator.end())
+        << "At the presumed end of sequence when accessing via an iterator "
+        << "created with the assignment operator.\n";
+}
+
+template <typename T>
+void VerifyGeneratorIsEmpty(const ParamGenerator<T>& generator) {
+  typename ParamGenerator<T>::iterator it = generator.begin();
+  EXPECT_TRUE(it == generator.end());
+
+  it = generator.begin();
+  EXPECT_TRUE(it == generator.end());
+}
+
+// Generator tests. They test that each of the provided generator functions
+// generates an expected sequence of values. The general test pattern
+// instantiates a generator using one of the generator functions,
+// checks the sequence produced by the generator using its iterator API,
+// and then resets the iterator back to the beginning of the sequence
+// and checks the sequence again.
+
+// Tests that iterators produced by generator functions conform to the
+// ForwardIterator concept.
+TEST(IteratorTest, ParamIteratorConformsToForwardIteratorConcept) {
+  const ParamGenerator<int> gen = Range(0, 10);
+  ParamGenerator<int>::iterator it = gen.begin();
+
+  // Verifies that iterator initialization works as expected.
+  ParamGenerator<int>::iterator it2 = it;
+  EXPECT_TRUE(*it == *it2) << "Initialized iterators must point to the "
+                           << "element same as its source points to";
+
+  // Verifies that iterator assignment works as expected.
+  it++;
+  EXPECT_FALSE(*it == *it2);
+  it2 = it;
+  EXPECT_TRUE(*it == *it2) << "Assigned iterators must point to the "
+                           << "element same as its source points to";
+
+  // Verifies that prefix operator++() returns *this.
+  EXPECT_EQ(&it, &(++it)) << "Result of the prefix operator++ must be "
+                          << "refer to the original object";
+
+  // Verifies that the result of the postfix operator++ points to the value
+  // pointed to by the original iterator.
+  int original_value = *it;  // Have to compute it outside of macro call to be
+                             // unaffected by the parameter evaluation order.
+  EXPECT_EQ(original_value, *(it++));
+
+  // Verifies that prefix and postfix operator++() advance an iterator
+  // all the same.
+  it2 = it;
+  it++;
+  ++it2;
+  EXPECT_TRUE(*it == *it2);
+}
+
+// Tests that Range() generates the expected sequence.
+TEST(RangeTest, IntRangeWithDefaultStep) {
+  const ParamGenerator<int> gen = Range(0, 3);
+  const int expected_values[] = {0, 1, 2};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that Range() generates the single element sequence
+// as expected when provided with range limits that are equal.
+TEST(RangeTest, IntRangeSingleValue) {
+  const ParamGenerator<int> gen = Range(0, 1);
+  const int expected_values[] = {0};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that Range() with generates empty sequence when
+// supplied with an empty range.
+TEST(RangeTest, IntRangeEmpty) {
+  const ParamGenerator<int> gen = Range(0, 0);
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Tests that Range() with custom step (greater then one) generates
+// the expected sequence.
+TEST(RangeTest, IntRangeWithCustomStep) {
+  const ParamGenerator<int> gen = Range(0, 9, 3);
+  const int expected_values[] = {0, 3, 6};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Range() with custom step (greater then one) generates
+// the expected sequence when the last element does not fall on the
+// upper range limit. Sequences generated by Range() must not have
+// elements beyond the range limits.
+TEST(RangeTest, IntRangeWithCustomStepOverUpperBound) {
+  const ParamGenerator<int> gen = Range(0, 4, 3);
+  const int expected_values[] = {0, 3};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Verifies that Range works with user-defined types that define
+// copy constructor, operator=(), operator+(), and operator<().
+class DogAdder {
+ public:
+  explicit DogAdder(const char* a_value) : value_(a_value) {}
+  DogAdder(const DogAdder& other) : value_(other.value_.c_str()) {}
+
+  DogAdder operator=(const DogAdder& other) {
+    if (this != &other)
+      value_ = other.value_;
+    return *this;
+  }
+  DogAdder operator+(const DogAdder& other) const {
+    Message msg;
+    msg << value_.c_str() << other.value_.c_str();
+    return DogAdder(msg.GetString().c_str());
+  }
+  bool operator<(const DogAdder& other) const {
+    return value_ < other.value_;
+  }
+  const std::string& value() const { return value_; }
+
+ private:
+  std::string value_;
+};
+
+TEST(RangeTest, WorksWithACustomType) {
+  const ParamGenerator<DogAdder> gen =
+      Range(DogAdder("cat"), DogAdder("catdogdog"), DogAdder("dog"));
+  ParamGenerator<DogAdder>::iterator it = gen.begin();
+
+  ASSERT_FALSE(it == gen.end());
+  EXPECT_STREQ("cat", it->value().c_str());
+
+  ASSERT_FALSE(++it == gen.end());
+  EXPECT_STREQ("catdog", it->value().c_str());
+
+  EXPECT_TRUE(++it == gen.end());
+}
+
+class IntWrapper {
+ public:
+  explicit IntWrapper(int a_value) : value_(a_value) {}
+  IntWrapper(const IntWrapper& other) : value_(other.value_) {}
+
+  IntWrapper operator=(const IntWrapper& other) {
+    value_ = other.value_;
+    return *this;
+  }
+  // operator+() adds a different type.
+  IntWrapper operator+(int other) const { return IntWrapper(value_ + other); }
+  bool operator<(const IntWrapper& other) const {
+    return value_ < other.value_;
+  }
+  int value() const { return value_; }
+
+ private:
+  int value_;
+};
+
+TEST(RangeTest, WorksWithACustomTypeWithDifferentIncrementType) {
+  const ParamGenerator<IntWrapper> gen = Range(IntWrapper(0), IntWrapper(2));
+  ParamGenerator<IntWrapper>::iterator it = gen.begin();
+
+  ASSERT_FALSE(it == gen.end());
+  EXPECT_EQ(0, it->value());
+
+  ASSERT_FALSE(++it == gen.end());
+  EXPECT_EQ(1, it->value());
+
+  EXPECT_TRUE(++it == gen.end());
+}
+
+// Tests that ValuesIn() with an array parameter generates
+// the expected sequence.
+TEST(ValuesInTest, ValuesInArray) {
+  int array[] = {3, 5, 8};
+  const ParamGenerator<int> gen = ValuesIn(array);
+  VerifyGenerator(gen, array);
+}
+
+// Tests that ValuesIn() with a const array parameter generates
+// the expected sequence.
+TEST(ValuesInTest, ValuesInConstArray) {
+  const int array[] = {3, 5, 8};
+  const ParamGenerator<int> gen = ValuesIn(array);
+  VerifyGenerator(gen, array);
+}
+
+// Edge case. Tests that ValuesIn() with an array parameter containing a
+// single element generates the single element sequence.
+TEST(ValuesInTest, ValuesInSingleElementArray) {
+  int array[] = {42};
+  const ParamGenerator<int> gen = ValuesIn(array);
+  VerifyGenerator(gen, array);
+}
+
+// Tests that ValuesIn() generates the expected sequence for an STL
+// container (vector).
+TEST(ValuesInTest, ValuesInVector) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  values.push_back(3);
+  values.push_back(5);
+  values.push_back(8);
+  const ParamGenerator<int> gen = ValuesIn(values);
+
+  const int expected_values[] = {3, 5, 8};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that ValuesIn() generates the expected sequence.
+TEST(ValuesInTest, ValuesInIteratorRange) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  values.push_back(3);
+  values.push_back(5);
+  values.push_back(8);
+  const ParamGenerator<int> gen = ValuesIn(values.begin(), values.end());
+
+  const int expected_values[] = {3, 5, 8};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that ValuesIn() provided with an iterator range specifying a
+// single value generates a single-element sequence.
+TEST(ValuesInTest, ValuesInSingleElementIteratorRange) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  values.push_back(42);
+  const ParamGenerator<int> gen = ValuesIn(values.begin(), values.end());
+
+  const int expected_values[] = {42};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case. Tests that ValuesIn() provided with an empty iterator range
+// generates an empty sequence.
+TEST(ValuesInTest, ValuesInEmptyIteratorRange) {
+  typedef ::std::vector<int> ContainerType;
+  ContainerType values;
+  const ParamGenerator<int> gen = ValuesIn(values.begin(), values.end());
+
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Tests that the Values() generates the expected sequence.
+TEST(ValuesTest, ValuesWorks) {
+  const ParamGenerator<int> gen = Values(3, 5, 8);
+
+  const int expected_values[] = {3, 5, 8};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Values() generates the expected sequences from elements of
+// different types convertible to ParamGenerator's parameter type.
+TEST(ValuesTest, ValuesWorksForValuesOfCompatibleTypes) {
+  const ParamGenerator<double> gen = Values(3, 5.0f, 8.0);
+
+  const double expected_values[] = {3.0, 5.0, 8.0};
+  VerifyGenerator(gen, expected_values);
+}
+
+TEST(ValuesTest, ValuesWorksForMaxLengthList) {
+  const ParamGenerator<int> gen = Values(
+      10, 20, 30, 40, 50, 60, 70, 80, 90, 100,
+      110, 120, 130, 140, 150, 160, 170, 180, 190, 200,
+      210, 220, 230, 240, 250, 260, 270, 280, 290, 300,
+      310, 320, 330, 340, 350, 360, 370, 380, 390, 400,
+      410, 420, 430, 440, 450, 460, 470, 480, 490, 500);
+
+  const int expected_values[] = {
+      10, 20, 30, 40, 50, 60, 70, 80, 90, 100,
+      110, 120, 130, 140, 150, 160, 170, 180, 190, 200,
+      210, 220, 230, 240, 250, 260, 270, 280, 290, 300,
+      310, 320, 330, 340, 350, 360, 370, 380, 390, 400,
+      410, 420, 430, 440, 450, 460, 470, 480, 490, 500};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Edge case test. Tests that single-parameter Values() generates the sequence
+// with the single value.
+TEST(ValuesTest, ValuesWithSingleParameter) {
+  const ParamGenerator<int> gen = Values(42);
+
+  const int expected_values[] = {42};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Bool() generates sequence (false, true).
+TEST(BoolTest, BoolWorks) {
+  const ParamGenerator<bool> gen = Bool();
+
+  const bool expected_values[] = {false, true};
+  VerifyGenerator(gen, expected_values);
+}
+
+# if GTEST_HAS_COMBINE
+
+// Tests that Combine() with two parameters generates the expected sequence.
+TEST(CombineTest, CombineWithTwoParameters) {
+  const char* foo = "foo";
+  const char* bar = "bar";
+  const ParamGenerator<tuple<const char*, int> > gen =
+      Combine(Values(foo, bar), Values(3, 4));
+
+  tuple<const char*, int> expected_values[] = {
+    make_tuple(foo, 3), make_tuple(foo, 4),
+    make_tuple(bar, 3), make_tuple(bar, 4)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that Combine() with three parameters generates the expected sequence.
+TEST(CombineTest, CombineWithThreeParameters) {
+  const ParamGenerator<tuple<int, int, int> > gen = Combine(Values(0, 1),
+                                                            Values(3, 4),
+                                                            Values(5, 6));
+  tuple<int, int, int> expected_values[] = {
+    make_tuple(0, 3, 5), make_tuple(0, 3, 6),
+    make_tuple(0, 4, 5), make_tuple(0, 4, 6),
+    make_tuple(1, 3, 5), make_tuple(1, 3, 6),
+    make_tuple(1, 4, 5), make_tuple(1, 4, 6)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that the Combine() with the first parameter generating a single value
+// sequence generates a sequence with the number of elements equal to the
+// number of elements in the sequence generated by the second parameter.
+TEST(CombineTest, CombineWithFirstParameterSingleValue) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Values(42),
+                                                       Values(0, 1));
+
+  tuple<int, int> expected_values[] = {make_tuple(42, 0), make_tuple(42, 1)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that the Combine() with the second parameter generating a single value
+// sequence generates a sequence with the number of elements equal to the
+// number of elements in the sequence generated by the first parameter.
+TEST(CombineTest, CombineWithSecondParameterSingleValue) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Values(0, 1),
+                                                       Values(42));
+
+  tuple<int, int> expected_values[] = {make_tuple(0, 42), make_tuple(1, 42)};
+  VerifyGenerator(gen, expected_values);
+}
+
+// Tests that when the first parameter produces an empty sequence,
+// Combine() produces an empty sequence, too.
+TEST(CombineTest, CombineWithFirstParameterEmptyRange) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Range(0, 0),
+                                                       Values(0, 1));
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Tests that when the second parameter produces an empty sequence,
+// Combine() produces an empty sequence, too.
+TEST(CombineTest, CombineWithSecondParameterEmptyRange) {
+  const ParamGenerator<tuple<int, int> > gen = Combine(Values(0, 1),
+                                                       Range(1, 1));
+  VerifyGeneratorIsEmpty(gen);
+}
+
+// Edge case. Tests that combine works with the maximum number
+// of parameters supported by Google Test (currently 10).
+TEST(CombineTest, CombineWithMaxNumberOfParameters) {
+  const char* foo = "foo";
+  const char* bar = "bar";
+  const ParamGenerator<tuple<const char*, int, int, int, int, int, int, int,
+                             int, int> > gen = Combine(Values(foo, bar),
+                                                       Values(1), Values(2),
+                                                       Values(3), Values(4),
+                                                       Values(5), Values(6),
+                                                       Values(7), Values(8),
+                                                       Values(9));
+
+  tuple<const char*, int, int, int, int, int, int, int, int, int>
+      expected_values[] = {make_tuple(foo, 1, 2, 3, 4, 5, 6, 7, 8, 9),
+                           make_tuple(bar, 1, 2, 3, 4, 5, 6, 7, 8, 9)};
+  VerifyGenerator(gen, expected_values);
+}
+
+# endif  // GTEST_HAS_COMBINE
+
+// Tests that an generator produces correct sequence after being
+// assigned from another generator.
+TEST(ParamGeneratorTest, AssignmentWorks) {
+  ParamGenerator<int> gen = Values(1, 2);
+  const ParamGenerator<int> gen2 = Values(3, 4);
+  gen = gen2;
+
+  const int expected_values[] = {3, 4};
+  VerifyGenerator(gen, expected_values);
+}
+
+// This test verifies that the tests are expanded and run as specified:
+// one test per element from the sequence produced by the generator
+// specified in INSTANTIATE_TEST_CASE_P. It also verifies that the test's
+// fixture constructor, SetUp(), and TearDown() have run and have been
+// supplied with the correct parameters.
+
+// The use of environment object allows detection of the case where no test
+// case functionality is run at all. In this case TestCaseTearDown will not
+// be able to detect missing tests, naturally.
+template <int kExpectedCalls>
+class TestGenerationEnvironment : public ::testing::Environment {
+ public:
+  static TestGenerationEnvironment* Instance() {
+    static TestGenerationEnvironment* instance = new TestGenerationEnvironment;
+    return instance;
+  }
+
+  void FixtureConstructorExecuted() { fixture_constructor_count_++; }
+  void SetUpExecuted() { set_up_count_++; }
+  void TearDownExecuted() { tear_down_count_++; }
+  void TestBodyExecuted() { test_body_count_++; }
+
+  virtual void TearDown() {
+    // If all MultipleTestGenerationTest tests have been de-selected
+    // by the filter flag, the following checks make no sense.
+    bool perform_check = false;
+
+    for (int i = 0; i < kExpectedCalls; ++i) {
+      Message msg;
+      msg << "TestsExpandedAndRun/" << i;
+      if (UnitTestOptions::FilterMatchesTest(
+             "TestExpansionModule/MultipleTestGenerationTest",
+              msg.GetString().c_str())) {
+        perform_check = true;
+      }
+    }
+    if (perform_check) {
+      EXPECT_EQ(kExpectedCalls, fixture_constructor_count_)
+          << "Fixture constructor of ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+      EXPECT_EQ(kExpectedCalls, set_up_count_)
+          << "Fixture SetUp method of ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+      EXPECT_EQ(kExpectedCalls, tear_down_count_)
+          << "Fixture TearDown method of ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+      EXPECT_EQ(kExpectedCalls, test_body_count_)
+          << "Test in ParamTestGenerationTest test case "
+          << "has not been run as expected.";
+    }
+  }
+
+ private:
+  TestGenerationEnvironment() : fixture_constructor_count_(0), set_up_count_(0),
+                                tear_down_count_(0), test_body_count_(0) {}
+
+  int fixture_constructor_count_;
+  int set_up_count_;
+  int tear_down_count_;
+  int test_body_count_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestGenerationEnvironment);
+};
+
+const int test_generation_params[] = {36, 42, 72};
+
+class TestGenerationTest : public TestWithParam<int> {
+ public:
+  enum {
+    PARAMETER_COUNT =
+        sizeof(test_generation_params)/sizeof(test_generation_params[0])
+  };
+
+  typedef TestGenerationEnvironment<PARAMETER_COUNT> Environment;
+
+  TestGenerationTest() {
+    Environment::Instance()->FixtureConstructorExecuted();
+    current_parameter_ = GetParam();
+  }
+  virtual void SetUp() {
+    Environment::Instance()->SetUpExecuted();
+    EXPECT_EQ(current_parameter_, GetParam());
+  }
+  virtual void TearDown() {
+    Environment::Instance()->TearDownExecuted();
+    EXPECT_EQ(current_parameter_, GetParam());
+  }
+
+  static void SetUpTestCase() {
+    bool all_tests_in_test_case_selected = true;
+
+    for (int i = 0; i < PARAMETER_COUNT; ++i) {
+      Message test_name;
+      test_name << "TestsExpandedAndRun/" << i;
+      if ( !UnitTestOptions::FilterMatchesTest(
+                "TestExpansionModule/MultipleTestGenerationTest",
+                test_name.GetString())) {
+        all_tests_in_test_case_selected = false;
+      }
+    }
+    EXPECT_TRUE(all_tests_in_test_case_selected)
+        << "When running the TestGenerationTest test case all of its tests\n"
+        << "must be selected by the filter flag for the test case to pass.\n"
+        << "If not all of them are enabled, we can't reliably conclude\n"
+        << "that the correct number of tests have been generated.";
+
+    collected_parameters_.clear();
+  }
+
+  static void TearDownTestCase() {
+    vector<int> expected_values(test_generation_params,
+                                test_generation_params + PARAMETER_COUNT);
+    // Test execution order is not guaranteed by Google Test,
+    // so the order of values in collected_parameters_ can be
+    // different and we have to sort to compare.
+    sort(expected_values.begin(), expected_values.end());
+    sort(collected_parameters_.begin(), collected_parameters_.end());
+
+    EXPECT_TRUE(collected_parameters_ == expected_values);
+  }
+
+ protected:
+  int current_parameter_;
+  static vector<int> collected_parameters_;
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(TestGenerationTest);
+};
+vector<int> TestGenerationTest::collected_parameters_;
+
+TEST_P(TestGenerationTest, TestsExpandedAndRun) {
+  Environment::Instance()->TestBodyExecuted();
+  EXPECT_EQ(current_parameter_, GetParam());
+  collected_parameters_.push_back(GetParam());
+}
+INSTANTIATE_TEST_CASE_P(TestExpansionModule, TestGenerationTest,
+                        ValuesIn(test_generation_params));
+
+// This test verifies that the element sequence (third parameter of
+// INSTANTIATE_TEST_CASE_P) is evaluated in InitGoogleTest() and neither at
+// the call site of INSTANTIATE_TEST_CASE_P nor in RUN_ALL_TESTS().  For
+// that, we declare param_value_ to be a static member of
+// GeneratorEvaluationTest and initialize it to 0.  We set it to 1 in
+// main(), just before invocation of InitGoogleTest().  After calling
+// InitGoogleTest(), we set the value to 2.  If the sequence is evaluated
+// before or after InitGoogleTest, INSTANTIATE_TEST_CASE_P will create a
+// test with parameter other than 1, and the test body will fail the
+// assertion.
+class GeneratorEvaluationTest : public TestWithParam<int> {
+ public:
+  static int param_value() { return param_value_; }
+  static void set_param_value(int param_value) { param_value_ = param_value; }
+
+ private:
+  static int param_value_;
+};
+int GeneratorEvaluationTest::param_value_ = 0;
+
+TEST_P(GeneratorEvaluationTest, GeneratorsEvaluatedInMain) {
+  EXPECT_EQ(1, GetParam());
+}
+INSTANTIATE_TEST_CASE_P(GenEvalModule,
+                        GeneratorEvaluationTest,
+                        Values(GeneratorEvaluationTest::param_value()));
+
+// Tests that generators defined in a different translation unit are
+// functional. Generator extern_gen is defined in gtest-param-test_test2.cc.
+extern ParamGenerator<int> extern_gen;
+class ExternalGeneratorTest : public TestWithParam<int> {};
+TEST_P(ExternalGeneratorTest, ExternalGenerator) {
+  // Sequence produced by extern_gen contains only a single value
+  // which we verify here.
+  EXPECT_EQ(GetParam(), 33);
+}
+INSTANTIATE_TEST_CASE_P(ExternalGeneratorModule,
+                        ExternalGeneratorTest,
+                        extern_gen);
+
+// Tests that a parameterized test case can be defined in one translation
+// unit and instantiated in another. This test will be instantiated in
+// gtest-param-test_test2.cc. ExternalInstantiationTest fixture class is
+// defined in gtest-param-test_test.h.
+TEST_P(ExternalInstantiationTest, IsMultipleOf33) {
+  EXPECT_EQ(0, GetParam() % 33);
+}
+
+// Tests that a parameterized test case can be instantiated with multiple
+// generators.
+class MultipleInstantiationTest : public TestWithParam<int> {};
+TEST_P(MultipleInstantiationTest, AllowsMultipleInstances) {
+}
+INSTANTIATE_TEST_CASE_P(Sequence1, MultipleInstantiationTest, Values(1, 2));
+INSTANTIATE_TEST_CASE_P(Sequence2, MultipleInstantiationTest, Range(3, 5));
+
+// Tests that a parameterized test case can be instantiated
+// in multiple translation units. This test will be instantiated
+// here and in gtest-param-test_test2.cc.
+// InstantiationInMultipleTranslationUnitsTest fixture class
+// is defined in gtest-param-test_test.h.
+TEST_P(InstantiationInMultipleTranslaionUnitsTest, IsMultipleOf42) {
+  EXPECT_EQ(0, GetParam() % 42);
+}
+INSTANTIATE_TEST_CASE_P(Sequence1,
+                        InstantiationInMultipleTranslaionUnitsTest,
+                        Values(42, 42*2));
+
+// Tests that each iteration of parameterized test runs in a separate test
+// object.
+class SeparateInstanceTest : public TestWithParam<int> {
+ public:
+  SeparateInstanceTest() : count_(0) {}
+
+  static void TearDownTestCase() {
+    EXPECT_GE(global_count_, 2)
+        << "If some (but not all) SeparateInstanceTest tests have been "
+        << "filtered out this test will fail. Make sure that all "
+        << "GeneratorEvaluationTest are selected or de-selected together "
+        << "by the test filter.";
+  }
+
+ protected:
+  int count_;
+  static int global_count_;
+};
+int SeparateInstanceTest::global_count_ = 0;
+
+TEST_P(SeparateInstanceTest, TestsRunInSeparateInstances) {
+  EXPECT_EQ(0, count_++);
+  global_count_++;
+}
+INSTANTIATE_TEST_CASE_P(FourElemSequence, SeparateInstanceTest, Range(1, 4));
+
+// Tests that all instantiations of a test have named appropriately. Test
+// defined with TEST_P(TestCaseName, TestName) and instantiated with
+// INSTANTIATE_TEST_CASE_P(SequenceName, TestCaseName, generator) must be named
+// SequenceName/TestCaseName.TestName/i, where i is the 0-based index of the
+// sequence element used to instantiate the test.
+class NamingTest : public TestWithParam<int> {};
+
+TEST_P(NamingTest, TestsReportCorrectNamesAndParameters) {
+  const ::testing::TestInfo* const test_info =
+     ::testing::UnitTest::GetInstance()->current_test_info();
+
+  EXPECT_STREQ("ZeroToFiveSequence/NamingTest", test_info->test_case_name());
+
+  Message index_stream;
+  index_stream << "TestsReportCorrectNamesAndParameters/" << GetParam();
+  EXPECT_STREQ(index_stream.GetString().c_str(), test_info->name());
+
+  EXPECT_EQ(::testing::PrintToString(GetParam()), test_info->value_param());
+}
+
+INSTANTIATE_TEST_CASE_P(ZeroToFiveSequence, NamingTest, Range(0, 5));
+
+// Class that cannot be streamed into an ostream.  It needs to be copyable
+// (and, in case of MSVC, also assignable) in order to be a test parameter
+// type.  Its default copy constructor and assignment operator do exactly
+// what we need.
+class Unstreamable {
+ public:
+  explicit Unstreamable(int value) : value_(value) {}
+
+ private:
+  int value_;
+};
+
+class CommentTest : public TestWithParam<Unstreamable> {};
+
+TEST_P(CommentTest, TestsCorrectlyReportUnstreamableParams) {
+  const ::testing::TestInfo* const test_info =
+     ::testing::UnitTest::GetInstance()->current_test_info();
+
+  EXPECT_EQ(::testing::PrintToString(GetParam()), test_info->value_param());
+}
+
+INSTANTIATE_TEST_CASE_P(InstantiationWithComments,
+                        CommentTest,
+                        Values(Unstreamable(1)));
+
+// Verify that we can create a hierarchy of test fixtures, where the base
+// class fixture is not parameterized and the derived class is. In this case
+// ParameterizedDerivedTest inherits from NonParameterizedBaseTest.  We
+// perform simple tests on both.
+class NonParameterizedBaseTest : public ::testing::Test {
+ public:
+  NonParameterizedBaseTest() : n_(17) { }
+ protected:
+  int n_;
+};
+
+class ParameterizedDerivedTest : public NonParameterizedBaseTest,
+                                 public ::testing::WithParamInterface<int> {
+ protected:
+  ParameterizedDerivedTest() : count_(0) { }
+  int count_;
+  static int global_count_;
+};
+
+int ParameterizedDerivedTest::global_count_ = 0;
+
+TEST_F(NonParameterizedBaseTest, FixtureIsInitialized) {
+  EXPECT_EQ(17, n_);
+}
+
+TEST_P(ParameterizedDerivedTest, SeesSequence) {
+  EXPECT_EQ(17, n_);
+  EXPECT_EQ(0, count_++);
+  EXPECT_EQ(GetParam(), global_count_++);
+}
+
+class ParameterizedDeathTest : public ::testing::TestWithParam<int> { };
+
+TEST_F(ParameterizedDeathTest, GetParamDiesFromTestF) {
+  EXPECT_DEATH_IF_SUPPORTED(GetParam(),
+                            ".* value-parameterized test .*");
+}
+
+INSTANTIATE_TEST_CASE_P(RangeZeroToFive, ParameterizedDerivedTest, Range(0, 5));
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+TEST(CompileTest, CombineIsDefinedOnlyWhenGtestHasParamTestIsDefined) {
+#if GTEST_HAS_COMBINE && !GTEST_HAS_PARAM_TEST
+  FAIL() << "GTEST_HAS_COMBINE is defined while GTEST_HAS_PARAM_TEST is not\n"
+#endif
+}
+
+int main(int argc, char **argv) {
+#if GTEST_HAS_PARAM_TEST
+  // Used in TestGenerationTest test case.
+  AddGlobalTestEnvironment(TestGenerationTest::Environment::Instance());
+  // Used in GeneratorEvaluationTest test case. Tests that the updated value
+  // will be picked up for instantiating tests in GeneratorEvaluationTest.
+  GeneratorEvaluationTest::set_param_value(1);
+#endif  // GTEST_HAS_PARAM_TEST
+
+  ::testing::InitGoogleTest(&argc, argv);
+
+#if GTEST_HAS_PARAM_TEST
+  // Used in GeneratorEvaluationTest test case. Tests that value updated
+  // here will NOT be used for instantiating tests in
+  // GeneratorEvaluationTest.
+  GeneratorEvaluationTest::set_param_value(2);
+#endif  // GTEST_HAS_PARAM_TEST
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest-param-test_test.h b/nss/gtests/google_test/gtest/test/gtest-param-test_test.h
new file mode 100644
index 0000000..26ea122
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-param-test_test.h
@@ -0,0 +1,57 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This header file provides classes and functions used internally
+// for testing Google Test itself.
+
+#ifndef GTEST_TEST_GTEST_PARAM_TEST_TEST_H_
+#define GTEST_TEST_GTEST_PARAM_TEST_TEST_H_
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_PARAM_TEST
+
+// Test fixture for testing definition and instantiation of a test
+// in separate translation units.
+class ExternalInstantiationTest : public ::testing::TestWithParam<int> {
+};
+
+// Test fixture for testing instantiation of a test in multiple
+// translation units.
+class InstantiationInMultipleTranslaionUnitsTest
+    : public ::testing::TestWithParam<int> {
+};
+
+#endif  // GTEST_HAS_PARAM_TEST
+
+#endif  // GTEST_TEST_GTEST_PARAM_TEST_TEST_H_
diff --git a/nss/gtests/google_test/gtest/test/gtest-port_test.cc b/nss/gtests/google_test/gtest/test/gtest-port_test.cc
new file mode 100644
index 0000000..370c952
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-port_test.cc
@@ -0,0 +1,1323 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Authors: vladl@google.com (Vlad Losev), wan@google.com (Zhanyong Wan)
+//
+// This file tests the internal cross-platform support utilities.
+
+#include "gtest/internal/gtest-port.h"
+
+#include <stdio.h>
+
+#if GTEST_OS_MAC
+# include <time.h>
+#endif  // GTEST_OS_MAC
+
+#include <list>
+#include <utility>  // For std::pair and std::make_pair.
+#include <vector>
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+using std::make_pair;
+using std::pair;
+
+namespace testing {
+namespace internal {
+
+TEST(IsXDigitTest, WorksForNarrowAscii) {
+  EXPECT_TRUE(IsXDigit('0'));
+  EXPECT_TRUE(IsXDigit('9'));
+  EXPECT_TRUE(IsXDigit('A'));
+  EXPECT_TRUE(IsXDigit('F'));
+  EXPECT_TRUE(IsXDigit('a'));
+  EXPECT_TRUE(IsXDigit('f'));
+
+  EXPECT_FALSE(IsXDigit('-'));
+  EXPECT_FALSE(IsXDigit('g'));
+  EXPECT_FALSE(IsXDigit('G'));
+}
+
+TEST(IsXDigitTest, ReturnsFalseForNarrowNonAscii) {
+  EXPECT_FALSE(IsXDigit(static_cast<char>(0x80)));
+  EXPECT_FALSE(IsXDigit(static_cast<char>('0' | 0x80)));
+}
+
+TEST(IsXDigitTest, WorksForWideAscii) {
+  EXPECT_TRUE(IsXDigit(L'0'));
+  EXPECT_TRUE(IsXDigit(L'9'));
+  EXPECT_TRUE(IsXDigit(L'A'));
+  EXPECT_TRUE(IsXDigit(L'F'));
+  EXPECT_TRUE(IsXDigit(L'a'));
+  EXPECT_TRUE(IsXDigit(L'f'));
+
+  EXPECT_FALSE(IsXDigit(L'-'));
+  EXPECT_FALSE(IsXDigit(L'g'));
+  EXPECT_FALSE(IsXDigit(L'G'));
+}
+
+TEST(IsXDigitTest, ReturnsFalseForWideNonAscii) {
+  EXPECT_FALSE(IsXDigit(static_cast<wchar_t>(0x80)));
+  EXPECT_FALSE(IsXDigit(static_cast<wchar_t>(L'0' | 0x80)));
+  EXPECT_FALSE(IsXDigit(static_cast<wchar_t>(L'0' | 0x100)));
+}
+
+class Base {
+ public:
+  // Copy constructor and assignment operator do exactly what we need, so we
+  // use them.
+  Base() : member_(0) {}
+  explicit Base(int n) : member_(n) {}
+  virtual ~Base() {}
+  int member() { return member_; }
+
+ private:
+  int member_;
+};
+
+class Derived : public Base {
+ public:
+  explicit Derived(int n) : Base(n) {}
+};
+
+TEST(ImplicitCastTest, ConvertsPointers) {
+  Derived derived(0);
+  EXPECT_TRUE(&derived == ::testing::internal::ImplicitCast_<Base*>(&derived));
+}
+
+TEST(ImplicitCastTest, CanUseInheritance) {
+  Derived derived(1);
+  Base base = ::testing::internal::ImplicitCast_<Base>(derived);
+  EXPECT_EQ(derived.member(), base.member());
+}
+
+class Castable {
+ public:
+  explicit Castable(bool* converted) : converted_(converted) {}
+  operator Base() {
+    *converted_ = true;
+    return Base();
+  }
+
+ private:
+  bool* converted_;
+};
+
+TEST(ImplicitCastTest, CanUseNonConstCastOperator) {
+  bool converted = false;
+  Castable castable(&converted);
+  Base base = ::testing::internal::ImplicitCast_<Base>(castable);
+  EXPECT_TRUE(converted);
+}
+
+class ConstCastable {
+ public:
+  explicit ConstCastable(bool* converted) : converted_(converted) {}
+  operator Base() const {
+    *converted_ = true;
+    return Base();
+  }
+
+ private:
+  bool* converted_;
+};
+
+TEST(ImplicitCastTest, CanUseConstCastOperatorOnConstValues) {
+  bool converted = false;
+  const ConstCastable const_castable(&converted);
+  Base base = ::testing::internal::ImplicitCast_<Base>(const_castable);
+  EXPECT_TRUE(converted);
+}
+
+class ConstAndNonConstCastable {
+ public:
+  ConstAndNonConstCastable(bool* converted, bool* const_converted)
+      : converted_(converted), const_converted_(const_converted) {}
+  operator Base() {
+    *converted_ = true;
+    return Base();
+  }
+  operator Base() const {
+    *const_converted_ = true;
+    return Base();
+  }
+
+ private:
+  bool* converted_;
+  bool* const_converted_;
+};
+
+TEST(ImplicitCastTest, CanSelectBetweenConstAndNonConstCasrAppropriately) {
+  bool converted = false;
+  bool const_converted = false;
+  ConstAndNonConstCastable castable(&converted, &const_converted);
+  Base base = ::testing::internal::ImplicitCast_<Base>(castable);
+  EXPECT_TRUE(converted);
+  EXPECT_FALSE(const_converted);
+
+  converted = false;
+  const_converted = false;
+  const ConstAndNonConstCastable const_castable(&converted, &const_converted);
+  base = ::testing::internal::ImplicitCast_<Base>(const_castable);
+  EXPECT_FALSE(converted);
+  EXPECT_TRUE(const_converted);
+}
+
+class To {
+ public:
+  To(bool* converted) { *converted = true; }  // NOLINT
+};
+
+TEST(ImplicitCastTest, CanUseImplicitConstructor) {
+  bool converted = false;
+  To to = ::testing::internal::ImplicitCast_<To>(&converted);
+  (void)to;
+  EXPECT_TRUE(converted);
+}
+
+TEST(IteratorTraitsTest, WorksForSTLContainerIterators) {
+  StaticAssertTypeEq<int,
+      IteratorTraits< ::std::vector<int>::const_iterator>::value_type>();
+  StaticAssertTypeEq<bool,
+      IteratorTraits< ::std::list<bool>::iterator>::value_type>();
+}
+
+TEST(IteratorTraitsTest, WorksForPointerToNonConst) {
+  StaticAssertTypeEq<char, IteratorTraits<char*>::value_type>();
+  StaticAssertTypeEq<const void*, IteratorTraits<const void**>::value_type>();
+}
+
+TEST(IteratorTraitsTest, WorksForPointerToConst) {
+  StaticAssertTypeEq<char, IteratorTraits<const char*>::value_type>();
+  StaticAssertTypeEq<const void*,
+      IteratorTraits<const void* const*>::value_type>();
+}
+
+// Tests that the element_type typedef is available in scoped_ptr and refers
+// to the parameter type.
+TEST(ScopedPtrTest, DefinesElementType) {
+  StaticAssertTypeEq<int, ::testing::internal::scoped_ptr<int>::element_type>();
+}
+
+// TODO(vladl@google.com): Implement THE REST of scoped_ptr tests.
+
+TEST(GtestCheckSyntaxTest, BehavesLikeASingleStatement) {
+  if (AlwaysFalse())
+    GTEST_CHECK_(false) << "This should never be executed; "
+                           "It's a compilation test only.";
+
+  if (AlwaysTrue())
+    GTEST_CHECK_(true);
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    GTEST_CHECK_(true) << "";
+}
+
+TEST(GtestCheckSyntaxTest, WorksWithSwitch) {
+  switch (0) {
+    case 1:
+      break;
+    default:
+      GTEST_CHECK_(true);
+  }
+
+  switch (0)
+    case 0:
+      GTEST_CHECK_(true) << "Check failed in switch case";
+}
+
+// Verifies behavior of FormatFileLocation.
+TEST(FormatFileLocationTest, FormatsFileLocation) {
+  EXPECT_PRED_FORMAT2(IsSubstring, "foo.cc", FormatFileLocation("foo.cc", 42));
+  EXPECT_PRED_FORMAT2(IsSubstring, "42", FormatFileLocation("foo.cc", 42));
+}
+
+TEST(FormatFileLocationTest, FormatsUnknownFile) {
+  EXPECT_PRED_FORMAT2(
+      IsSubstring, "unknown file", FormatFileLocation(NULL, 42));
+  EXPECT_PRED_FORMAT2(IsSubstring, "42", FormatFileLocation(NULL, 42));
+}
+
+TEST(FormatFileLocationTest, FormatsUknownLine) {
+  EXPECT_EQ("foo.cc:", FormatFileLocation("foo.cc", -1));
+}
+
+TEST(FormatFileLocationTest, FormatsUknownFileAndLine) {
+  EXPECT_EQ("unknown file:", FormatFileLocation(NULL, -1));
+}
+
+// Verifies behavior of FormatCompilerIndependentFileLocation.
+TEST(FormatCompilerIndependentFileLocationTest, FormatsFileLocation) {
+  EXPECT_EQ("foo.cc:42", FormatCompilerIndependentFileLocation("foo.cc", 42));
+}
+
+TEST(FormatCompilerIndependentFileLocationTest, FormatsUknownFile) {
+  EXPECT_EQ("unknown file:42",
+            FormatCompilerIndependentFileLocation(NULL, 42));
+}
+
+TEST(FormatCompilerIndependentFileLocationTest, FormatsUknownLine) {
+  EXPECT_EQ("foo.cc", FormatCompilerIndependentFileLocation("foo.cc", -1));
+}
+
+TEST(FormatCompilerIndependentFileLocationTest, FormatsUknownFileAndLine) {
+  EXPECT_EQ("unknown file", FormatCompilerIndependentFileLocation(NULL, -1));
+}
+
+#if GTEST_OS_MAC || GTEST_OS_QNX
+void* ThreadFunc(void* data) {
+  pthread_mutex_t* mutex = static_cast<pthread_mutex_t*>(data);
+  pthread_mutex_lock(mutex);
+  pthread_mutex_unlock(mutex);
+  return NULL;
+}
+
+TEST(GetThreadCountTest, ReturnsCorrectValue) {
+  EXPECT_EQ(1U, GetThreadCount());
+  pthread_mutex_t mutex;
+  pthread_attr_t  attr;
+  pthread_t       thread_id;
+
+  // TODO(vladl@google.com): turn mutex into internal::Mutex for automatic
+  // destruction.
+  pthread_mutex_init(&mutex, NULL);
+  pthread_mutex_lock(&mutex);
+  ASSERT_EQ(0, pthread_attr_init(&attr));
+  ASSERT_EQ(0, pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE));
+
+  const int status = pthread_create(&thread_id, &attr, &ThreadFunc, &mutex);
+  ASSERT_EQ(0, pthread_attr_destroy(&attr));
+  ASSERT_EQ(0, status);
+  EXPECT_EQ(2U, GetThreadCount());
+  pthread_mutex_unlock(&mutex);
+
+  void* dummy;
+  ASSERT_EQ(0, pthread_join(thread_id, &dummy));
+
+# if GTEST_OS_MAC
+
+  // MacOS X may not immediately report the updated thread count after
+  // joining a thread, causing flakiness in this test. To counter that, we
+  // wait for up to .5 seconds for the OS to report the correct value.
+  for (int i = 0; i < 5; ++i) {
+    if (GetThreadCount() == 1)
+      break;
+
+    SleepMilliseconds(100);
+  }
+
+# endif  // GTEST_OS_MAC
+
+  EXPECT_EQ(1U, GetThreadCount());
+  pthread_mutex_destroy(&mutex);
+}
+#else
+TEST(GetThreadCountTest, ReturnsZeroWhenUnableToCountThreads) {
+  EXPECT_EQ(0U, GetThreadCount());
+}
+#endif  // GTEST_OS_MAC || GTEST_OS_QNX
+
+TEST(GtestCheckDeathTest, DiesWithCorrectOutputOnFailure) {
+  const bool a_false_condition = false;
+  const char regex[] =
+#ifdef _MSC_VER
+     "gtest-port_test\\.cc\\(\\d+\\):"
+#elif GTEST_USES_POSIX_RE
+     "gtest-port_test\\.cc:[0-9]+"
+#else
+     "gtest-port_test\\.cc:\\d+"
+#endif  // _MSC_VER
+     ".*a_false_condition.*Extra info.*";
+
+  EXPECT_DEATH_IF_SUPPORTED(GTEST_CHECK_(a_false_condition) << "Extra info",
+                            regex);
+}
+
+#if GTEST_HAS_DEATH_TEST
+
+TEST(GtestCheckDeathTest, LivesSilentlyOnSuccess) {
+  EXPECT_EXIT({
+      GTEST_CHECK_(true) << "Extra info";
+      ::std::cerr << "Success\n";
+      exit(0); },
+      ::testing::ExitedWithCode(0), "Success");
+}
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Verifies that Google Test choose regular expression engine appropriate to
+// the platform. The test will produce compiler errors in case of failure.
+// For simplicity, we only cover the most important platforms here.
+TEST(RegexEngineSelectionTest, SelectsCorrectRegexEngine) {
+#if GTEST_HAS_POSIX_RE
+
+  EXPECT_TRUE(GTEST_USES_POSIX_RE);
+
+#else
+
+  EXPECT_TRUE(GTEST_USES_SIMPLE_RE);
+
+#endif
+}
+
+#if GTEST_USES_POSIX_RE
+
+# if GTEST_HAS_TYPED_TEST
+
+template <typename Str>
+class RETest : public ::testing::Test {};
+
+// Defines StringTypes as the list of all string types that class RE
+// supports.
+typedef testing::Types<
+    ::std::string,
+#  if GTEST_HAS_GLOBAL_STRING
+    ::string,
+#  endif  // GTEST_HAS_GLOBAL_STRING
+    const char*> StringTypes;
+
+TYPED_TEST_CASE(RETest, StringTypes);
+
+// Tests RE's implicit constructors.
+TYPED_TEST(RETest, ImplicitConstructorWorks) {
+  const RE empty(TypeParam(""));
+  EXPECT_STREQ("", empty.pattern());
+
+  const RE simple(TypeParam("hello"));
+  EXPECT_STREQ("hello", simple.pattern());
+
+  const RE normal(TypeParam(".*(\\w+)"));
+  EXPECT_STREQ(".*(\\w+)", normal.pattern());
+}
+
+// Tests that RE's constructors reject invalid regular expressions.
+TYPED_TEST(RETest, RejectsInvalidRegex) {
+  EXPECT_NONFATAL_FAILURE({
+    const RE invalid(TypeParam("?"));
+  }, "\"?\" is not a valid POSIX Extended regular expression.");
+}
+
+// Tests RE::FullMatch().
+TYPED_TEST(RETest, FullMatchWorks) {
+  const RE empty(TypeParam(""));
+  EXPECT_TRUE(RE::FullMatch(TypeParam(""), empty));
+  EXPECT_FALSE(RE::FullMatch(TypeParam("a"), empty));
+
+  const RE re(TypeParam("a.*z"));
+  EXPECT_TRUE(RE::FullMatch(TypeParam("az"), re));
+  EXPECT_TRUE(RE::FullMatch(TypeParam("axyz"), re));
+  EXPECT_FALSE(RE::FullMatch(TypeParam("baz"), re));
+  EXPECT_FALSE(RE::FullMatch(TypeParam("azy"), re));
+}
+
+// Tests RE::PartialMatch().
+TYPED_TEST(RETest, PartialMatchWorks) {
+  const RE empty(TypeParam(""));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam(""), empty));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("a"), empty));
+
+  const RE re(TypeParam("a.*z"));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("az"), re));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("axyz"), re));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("baz"), re));
+  EXPECT_TRUE(RE::PartialMatch(TypeParam("azy"), re));
+  EXPECT_FALSE(RE::PartialMatch(TypeParam("zza"), re));
+}
+
+# endif  // GTEST_HAS_TYPED_TEST
+
+#elif GTEST_USES_SIMPLE_RE
+
+TEST(IsInSetTest, NulCharIsNotInAnySet) {
+  EXPECT_FALSE(IsInSet('\0', ""));
+  EXPECT_FALSE(IsInSet('\0', "\0"));
+  EXPECT_FALSE(IsInSet('\0', "a"));
+}
+
+TEST(IsInSetTest, WorksForNonNulChars) {
+  EXPECT_FALSE(IsInSet('a', "Ab"));
+  EXPECT_FALSE(IsInSet('c', ""));
+
+  EXPECT_TRUE(IsInSet('b', "bcd"));
+  EXPECT_TRUE(IsInSet('b', "ab"));
+}
+
+TEST(IsAsciiDigitTest, IsFalseForNonDigit) {
+  EXPECT_FALSE(IsAsciiDigit('\0'));
+  EXPECT_FALSE(IsAsciiDigit(' '));
+  EXPECT_FALSE(IsAsciiDigit('+'));
+  EXPECT_FALSE(IsAsciiDigit('-'));
+  EXPECT_FALSE(IsAsciiDigit('.'));
+  EXPECT_FALSE(IsAsciiDigit('a'));
+}
+
+TEST(IsAsciiDigitTest, IsTrueForDigit) {
+  EXPECT_TRUE(IsAsciiDigit('0'));
+  EXPECT_TRUE(IsAsciiDigit('1'));
+  EXPECT_TRUE(IsAsciiDigit('5'));
+  EXPECT_TRUE(IsAsciiDigit('9'));
+}
+
+TEST(IsAsciiPunctTest, IsFalseForNonPunct) {
+  EXPECT_FALSE(IsAsciiPunct('\0'));
+  EXPECT_FALSE(IsAsciiPunct(' '));
+  EXPECT_FALSE(IsAsciiPunct('\n'));
+  EXPECT_FALSE(IsAsciiPunct('a'));
+  EXPECT_FALSE(IsAsciiPunct('0'));
+}
+
+TEST(IsAsciiPunctTest, IsTrueForPunct) {
+  for (const char* p = "^-!\"#$%&'()*+,./:;<=>?@[\\]_`{|}~"; *p; p++) {
+    EXPECT_PRED1(IsAsciiPunct, *p);
+  }
+}
+
+TEST(IsRepeatTest, IsFalseForNonRepeatChar) {
+  EXPECT_FALSE(IsRepeat('\0'));
+  EXPECT_FALSE(IsRepeat(' '));
+  EXPECT_FALSE(IsRepeat('a'));
+  EXPECT_FALSE(IsRepeat('1'));
+  EXPECT_FALSE(IsRepeat('-'));
+}
+
+TEST(IsRepeatTest, IsTrueForRepeatChar) {
+  EXPECT_TRUE(IsRepeat('?'));
+  EXPECT_TRUE(IsRepeat('*'));
+  EXPECT_TRUE(IsRepeat('+'));
+}
+
+TEST(IsAsciiWhiteSpaceTest, IsFalseForNonWhiteSpace) {
+  EXPECT_FALSE(IsAsciiWhiteSpace('\0'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('a'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('1'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('+'));
+  EXPECT_FALSE(IsAsciiWhiteSpace('_'));
+}
+
+TEST(IsAsciiWhiteSpaceTest, IsTrueForWhiteSpace) {
+  EXPECT_TRUE(IsAsciiWhiteSpace(' '));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\n'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\r'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\t'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\v'));
+  EXPECT_TRUE(IsAsciiWhiteSpace('\f'));
+}
+
+TEST(IsAsciiWordCharTest, IsFalseForNonWordChar) {
+  EXPECT_FALSE(IsAsciiWordChar('\0'));
+  EXPECT_FALSE(IsAsciiWordChar('+'));
+  EXPECT_FALSE(IsAsciiWordChar('.'));
+  EXPECT_FALSE(IsAsciiWordChar(' '));
+  EXPECT_FALSE(IsAsciiWordChar('\n'));
+}
+
+TEST(IsAsciiWordCharTest, IsTrueForLetter) {
+  EXPECT_TRUE(IsAsciiWordChar('a'));
+  EXPECT_TRUE(IsAsciiWordChar('b'));
+  EXPECT_TRUE(IsAsciiWordChar('A'));
+  EXPECT_TRUE(IsAsciiWordChar('Z'));
+}
+
+TEST(IsAsciiWordCharTest, IsTrueForDigit) {
+  EXPECT_TRUE(IsAsciiWordChar('0'));
+  EXPECT_TRUE(IsAsciiWordChar('1'));
+  EXPECT_TRUE(IsAsciiWordChar('7'));
+  EXPECT_TRUE(IsAsciiWordChar('9'));
+}
+
+TEST(IsAsciiWordCharTest, IsTrueForUnderscore) {
+  EXPECT_TRUE(IsAsciiWordChar('_'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForNonPrintable) {
+  EXPECT_FALSE(IsValidEscape('\0'));
+  EXPECT_FALSE(IsValidEscape('\007'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForDigit) {
+  EXPECT_FALSE(IsValidEscape('0'));
+  EXPECT_FALSE(IsValidEscape('9'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForWhiteSpace) {
+  EXPECT_FALSE(IsValidEscape(' '));
+  EXPECT_FALSE(IsValidEscape('\n'));
+}
+
+TEST(IsValidEscapeTest, IsFalseForSomeLetter) {
+  EXPECT_FALSE(IsValidEscape('a'));
+  EXPECT_FALSE(IsValidEscape('Z'));
+}
+
+TEST(IsValidEscapeTest, IsTrueForPunct) {
+  EXPECT_TRUE(IsValidEscape('.'));
+  EXPECT_TRUE(IsValidEscape('-'));
+  EXPECT_TRUE(IsValidEscape('^'));
+  EXPECT_TRUE(IsValidEscape('$'));
+  EXPECT_TRUE(IsValidEscape('('));
+  EXPECT_TRUE(IsValidEscape(']'));
+  EXPECT_TRUE(IsValidEscape('{'));
+  EXPECT_TRUE(IsValidEscape('|'));
+}
+
+TEST(IsValidEscapeTest, IsTrueForSomeLetter) {
+  EXPECT_TRUE(IsValidEscape('d'));
+  EXPECT_TRUE(IsValidEscape('D'));
+  EXPECT_TRUE(IsValidEscape('s'));
+  EXPECT_TRUE(IsValidEscape('S'));
+  EXPECT_TRUE(IsValidEscape('w'));
+  EXPECT_TRUE(IsValidEscape('W'));
+}
+
+TEST(AtomMatchesCharTest, EscapedPunct) {
+  EXPECT_FALSE(AtomMatchesChar(true, '\\', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, '\\', ' '));
+  EXPECT_FALSE(AtomMatchesChar(true, '_', '.'));
+  EXPECT_FALSE(AtomMatchesChar(true, '.', 'a'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, '\\', '\\'));
+  EXPECT_TRUE(AtomMatchesChar(true, '_', '_'));
+  EXPECT_TRUE(AtomMatchesChar(true, '+', '+'));
+  EXPECT_TRUE(AtomMatchesChar(true, '.', '.'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_d) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'd', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'd', 'a'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'd', '.'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'd', '0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'd', '9'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_D) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'D', '0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'D', '9'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'D', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'D', 'a'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'D', '-'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_s) {
+  EXPECT_FALSE(AtomMatchesChar(true, 's', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 's', 'a'));
+  EXPECT_FALSE(AtomMatchesChar(true, 's', '.'));
+  EXPECT_FALSE(AtomMatchesChar(true, 's', '9'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 's', ' '));
+  EXPECT_TRUE(AtomMatchesChar(true, 's', '\n'));
+  EXPECT_TRUE(AtomMatchesChar(true, 's', '\t'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_S) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'S', ' '));
+  EXPECT_FALSE(AtomMatchesChar(true, 'S', '\r'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'S', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'S', 'a'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'S', '9'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_w) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', '+'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', ' '));
+  EXPECT_FALSE(AtomMatchesChar(true, 'w', '\n'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', '0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', 'b'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', 'C'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'w', '_'));
+}
+
+TEST(AtomMatchesCharTest, Escaped_W) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', 'A'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', 'b'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', '9'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'W', '_'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'W', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'W', '*'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'W', '\n'));
+}
+
+TEST(AtomMatchesCharTest, EscapedWhiteSpace) {
+  EXPECT_FALSE(AtomMatchesChar(true, 'f', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'f', '\n'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'n', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'n', '\r'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'r', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'r', 'a'));
+  EXPECT_FALSE(AtomMatchesChar(true, 't', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 't', 't'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'v', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(true, 'v', '\f'));
+
+  EXPECT_TRUE(AtomMatchesChar(true, 'f', '\f'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'n', '\n'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'r', '\r'));
+  EXPECT_TRUE(AtomMatchesChar(true, 't', '\t'));
+  EXPECT_TRUE(AtomMatchesChar(true, 'v', '\v'));
+}
+
+TEST(AtomMatchesCharTest, UnescapedDot) {
+  EXPECT_FALSE(AtomMatchesChar(false, '.', '\n'));
+
+  EXPECT_TRUE(AtomMatchesChar(false, '.', '\0'));
+  EXPECT_TRUE(AtomMatchesChar(false, '.', '.'));
+  EXPECT_TRUE(AtomMatchesChar(false, '.', 'a'));
+  EXPECT_TRUE(AtomMatchesChar(false, '.', ' '));
+}
+
+TEST(AtomMatchesCharTest, UnescapedChar) {
+  EXPECT_FALSE(AtomMatchesChar(false, 'a', '\0'));
+  EXPECT_FALSE(AtomMatchesChar(false, 'a', 'b'));
+  EXPECT_FALSE(AtomMatchesChar(false, '$', 'a'));
+
+  EXPECT_TRUE(AtomMatchesChar(false, '$', '$'));
+  EXPECT_TRUE(AtomMatchesChar(false, '5', '5'));
+  EXPECT_TRUE(AtomMatchesChar(false, 'Z', 'Z'));
+}
+
+TEST(ValidateRegexTest, GeneratesFailureAndReturnsFalseForInvalid) {
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex(NULL)),
+                          "NULL is not a valid simple regular expression");
+  EXPECT_NONFATAL_FAILURE(
+      ASSERT_FALSE(ValidateRegex("a\\")),
+      "Syntax error at index 1 in simple regular expression \"a\\\": ");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("a\\")),
+                          "'\\' cannot appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("\\n\\")),
+                          "'\\' cannot appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("\\s\\hb")),
+                          "invalid escape sequence \"\\h\"");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("^^")),
+                          "'^' can only appear at the beginning");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex(".*^b")),
+                          "'^' can only appear at the beginning");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("$$")),
+                          "'$' can only appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("^$a")),
+                          "'$' can only appear at the end");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("a(b")),
+                          "'(' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("ab)")),
+                          "')' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("[ab")),
+                          "'[' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("a{2")),
+                          "'{' is unsupported");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("?")),
+                          "'?' can only follow a repeatable token");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("^*")),
+                          "'*' can only follow a repeatable token");
+  EXPECT_NONFATAL_FAILURE(ASSERT_FALSE(ValidateRegex("5*+")),
+                          "'+' can only follow a repeatable token");
+}
+
+TEST(ValidateRegexTest, ReturnsTrueForValid) {
+  EXPECT_TRUE(ValidateRegex(""));
+  EXPECT_TRUE(ValidateRegex("a"));
+  EXPECT_TRUE(ValidateRegex(".*"));
+  EXPECT_TRUE(ValidateRegex("^a_+"));
+  EXPECT_TRUE(ValidateRegex("^a\\t\\&?"));
+  EXPECT_TRUE(ValidateRegex("09*$"));
+  EXPECT_TRUE(ValidateRegex("^Z$"));
+  EXPECT_TRUE(ValidateRegex("a\\^Z\\$\\(\\)\\|\\[\\]\\{\\}"));
+}
+
+TEST(MatchRepetitionAndRegexAtHeadTest, WorksForZeroOrOne) {
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "a", "ba"));
+  // Repeating more than once.
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "b", "aab"));
+
+  // Repeating zero times.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "b", "ba"));
+  // Repeating once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, 'a', '?', "b", "ab"));
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '#', '?', ".", "##"));
+}
+
+TEST(MatchRepetitionAndRegexAtHeadTest, WorksForZeroOrMany) {
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, '.', '*', "a$", "baab"));
+
+  // Repeating zero times.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '.', '*', "b", "bc"));
+  // Repeating once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '.', '*', "b", "abc"));
+  // Repeating more than once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(true, 'w', '*', "-", "ab_1-g"));
+}
+
+TEST(MatchRepetitionAndRegexAtHeadTest, WorksForOneOrMany) {
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, '.', '+', "a$", "baab"));
+  // Repeating zero times.
+  EXPECT_FALSE(MatchRepetitionAndRegexAtHead(false, '.', '+', "b", "bc"));
+
+  // Repeating once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(false, '.', '+', "b", "abc"));
+  // Repeating more than once.
+  EXPECT_TRUE(MatchRepetitionAndRegexAtHead(true, 'w', '+', "-", "ab_1-g"));
+}
+
+TEST(MatchRegexAtHeadTest, ReturnsTrueForEmptyRegex) {
+  EXPECT_TRUE(MatchRegexAtHead("", ""));
+  EXPECT_TRUE(MatchRegexAtHead("", "ab"));
+}
+
+TEST(MatchRegexAtHeadTest, WorksWhenDollarIsInRegex) {
+  EXPECT_FALSE(MatchRegexAtHead("$", "a"));
+
+  EXPECT_TRUE(MatchRegexAtHead("$", ""));
+  EXPECT_TRUE(MatchRegexAtHead("a$", "a"));
+}
+
+TEST(MatchRegexAtHeadTest, WorksWhenRegexStartsWithEscapeSequence) {
+  EXPECT_FALSE(MatchRegexAtHead("\\w", "+"));
+  EXPECT_FALSE(MatchRegexAtHead("\\W", "ab"));
+
+  EXPECT_TRUE(MatchRegexAtHead("\\sa", "\nab"));
+  EXPECT_TRUE(MatchRegexAtHead("\\d", "1a"));
+}
+
+TEST(MatchRegexAtHeadTest, WorksWhenRegexStartsWithRepetition) {
+  EXPECT_FALSE(MatchRegexAtHead(".+a", "abc"));
+  EXPECT_FALSE(MatchRegexAtHead("a?b", "aab"));
+
+  EXPECT_TRUE(MatchRegexAtHead(".*a", "bc12-ab"));
+  EXPECT_TRUE(MatchRegexAtHead("a?b", "b"));
+  EXPECT_TRUE(MatchRegexAtHead("a?b", "ab"));
+}
+
+TEST(MatchRegexAtHeadTest,
+     WorksWhenRegexStartsWithRepetionOfEscapeSequence) {
+  EXPECT_FALSE(MatchRegexAtHead("\\.+a", "abc"));
+  EXPECT_FALSE(MatchRegexAtHead("\\s?b", "  b"));
+
+  EXPECT_TRUE(MatchRegexAtHead("\\(*a", "((((ab"));
+  EXPECT_TRUE(MatchRegexAtHead("\\^?b", "^b"));
+  EXPECT_TRUE(MatchRegexAtHead("\\\\?b", "b"));
+  EXPECT_TRUE(MatchRegexAtHead("\\\\?b", "\\b"));
+}
+
+TEST(MatchRegexAtHeadTest, MatchesSequentially) {
+  EXPECT_FALSE(MatchRegexAtHead("ab.*c", "acabc"));
+
+  EXPECT_TRUE(MatchRegexAtHead("ab.*c", "ab-fsc"));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsFalseWhenStringIsNull) {
+  EXPECT_FALSE(MatchRegexAnywhere("", NULL));
+}
+
+TEST(MatchRegexAnywhereTest, WorksWhenRegexStartsWithCaret) {
+  EXPECT_FALSE(MatchRegexAnywhere("^a", "ba"));
+  EXPECT_FALSE(MatchRegexAnywhere("^$", "a"));
+
+  EXPECT_TRUE(MatchRegexAnywhere("^a", "ab"));
+  EXPECT_TRUE(MatchRegexAnywhere("^", "ab"));
+  EXPECT_TRUE(MatchRegexAnywhere("^$", ""));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsFalseWhenNoMatch) {
+  EXPECT_FALSE(MatchRegexAnywhere("a", "bcde123"));
+  EXPECT_FALSE(MatchRegexAnywhere("a.+a", "--aa88888888"));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsTrueWhenMatchingPrefix) {
+  EXPECT_TRUE(MatchRegexAnywhere("\\w+", "ab1_ - 5"));
+  EXPECT_TRUE(MatchRegexAnywhere(".*=", "="));
+  EXPECT_TRUE(MatchRegexAnywhere("x.*ab?.*bc", "xaaabc"));
+}
+
+TEST(MatchRegexAnywhereTest, ReturnsTrueWhenMatchingNonPrefix) {
+  EXPECT_TRUE(MatchRegexAnywhere("\\w+", "$$$ ab1_ - 5"));
+  EXPECT_TRUE(MatchRegexAnywhere("\\.+=", "=  ...="));
+}
+
+// Tests RE's implicit constructors.
+TEST(RETest, ImplicitConstructorWorks) {
+  const RE empty("");
+  EXPECT_STREQ("", empty.pattern());
+
+  const RE simple("hello");
+  EXPECT_STREQ("hello", simple.pattern());
+}
+
+// Tests that RE's constructors reject invalid regular expressions.
+TEST(RETest, RejectsInvalidRegex) {
+  EXPECT_NONFATAL_FAILURE({
+    const RE normal(NULL);
+  }, "NULL is not a valid simple regular expression");
+
+  EXPECT_NONFATAL_FAILURE({
+    const RE normal(".*(\\w+");
+  }, "'(' is unsupported");
+
+  EXPECT_NONFATAL_FAILURE({
+    const RE invalid("^?");
+  }, "'?' can only follow a repeatable token");
+}
+
+// Tests RE::FullMatch().
+TEST(RETest, FullMatchWorks) {
+  const RE empty("");
+  EXPECT_TRUE(RE::FullMatch("", empty));
+  EXPECT_FALSE(RE::FullMatch("a", empty));
+
+  const RE re1("a");
+  EXPECT_TRUE(RE::FullMatch("a", re1));
+
+  const RE re("a.*z");
+  EXPECT_TRUE(RE::FullMatch("az", re));
+  EXPECT_TRUE(RE::FullMatch("axyz", re));
+  EXPECT_FALSE(RE::FullMatch("baz", re));
+  EXPECT_FALSE(RE::FullMatch("azy", re));
+}
+
+// Tests RE::PartialMatch().
+TEST(RETest, PartialMatchWorks) {
+  const RE empty("");
+  EXPECT_TRUE(RE::PartialMatch("", empty));
+  EXPECT_TRUE(RE::PartialMatch("a", empty));
+
+  const RE re("a.*z");
+  EXPECT_TRUE(RE::PartialMatch("az", re));
+  EXPECT_TRUE(RE::PartialMatch("axyz", re));
+  EXPECT_TRUE(RE::PartialMatch("baz", re));
+  EXPECT_TRUE(RE::PartialMatch("azy", re));
+  EXPECT_FALSE(RE::PartialMatch("zza", re));
+}
+
+#endif  // GTEST_USES_POSIX_RE
+
+#if !GTEST_OS_WINDOWS_MOBILE
+
+TEST(CaptureTest, CapturesStdout) {
+  CaptureStdout();
+  fprintf(stdout, "abc");
+  EXPECT_STREQ("abc", GetCapturedStdout().c_str());
+
+  CaptureStdout();
+  fprintf(stdout, "def%cghi", '\0');
+  EXPECT_EQ(::std::string("def\0ghi", 7), ::std::string(GetCapturedStdout()));
+}
+
+TEST(CaptureTest, CapturesStderr) {
+  CaptureStderr();
+  fprintf(stderr, "jkl");
+  EXPECT_STREQ("jkl", GetCapturedStderr().c_str());
+
+  CaptureStderr();
+  fprintf(stderr, "jkl%cmno", '\0');
+  EXPECT_EQ(::std::string("jkl\0mno", 7), ::std::string(GetCapturedStderr()));
+}
+
+// Tests that stdout and stderr capture don't interfere with each other.
+TEST(CaptureTest, CapturesStdoutAndStderr) {
+  CaptureStdout();
+  CaptureStderr();
+  fprintf(stdout, "pqr");
+  fprintf(stderr, "stu");
+  EXPECT_STREQ("pqr", GetCapturedStdout().c_str());
+  EXPECT_STREQ("stu", GetCapturedStderr().c_str());
+}
+
+TEST(CaptureDeathTest, CannotReenterStdoutCapture) {
+  CaptureStdout();
+  EXPECT_DEATH_IF_SUPPORTED(CaptureStdout(),
+                            "Only one stdout capturer can exist at a time");
+  GetCapturedStdout();
+
+  // We cannot test stderr capturing using death tests as they use it
+  // themselves.
+}
+
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+TEST(ThreadLocalTest, DefaultConstructorInitializesToDefaultValues) {
+  ThreadLocal<int> t1;
+  EXPECT_EQ(0, t1.get());
+
+  ThreadLocal<void*> t2;
+  EXPECT_TRUE(t2.get() == NULL);
+}
+
+TEST(ThreadLocalTest, SingleParamConstructorInitializesToParam) {
+  ThreadLocal<int> t1(123);
+  EXPECT_EQ(123, t1.get());
+
+  int i = 0;
+  ThreadLocal<int*> t2(&i);
+  EXPECT_EQ(&i, t2.get());
+}
+
+class NoDefaultContructor {
+ public:
+  explicit NoDefaultContructor(const char*) {}
+  NoDefaultContructor(const NoDefaultContructor&) {}
+};
+
+TEST(ThreadLocalTest, ValueDefaultContructorIsNotRequiredForParamVersion) {
+  ThreadLocal<NoDefaultContructor> bar(NoDefaultContructor("foo"));
+  bar.pointer();
+}
+
+TEST(ThreadLocalTest, GetAndPointerReturnSameValue) {
+  ThreadLocal<std::string> thread_local_string;
+
+  EXPECT_EQ(thread_local_string.pointer(), &(thread_local_string.get()));
+
+  // Verifies the condition still holds after calling set.
+  thread_local_string.set("foo");
+  EXPECT_EQ(thread_local_string.pointer(), &(thread_local_string.get()));
+}
+
+TEST(ThreadLocalTest, PointerAndConstPointerReturnSameValue) {
+  ThreadLocal<std::string> thread_local_string;
+  const ThreadLocal<std::string>& const_thread_local_string =
+      thread_local_string;
+
+  EXPECT_EQ(thread_local_string.pointer(), const_thread_local_string.pointer());
+
+  thread_local_string.set("foo");
+  EXPECT_EQ(thread_local_string.pointer(), const_thread_local_string.pointer());
+}
+
+#if GTEST_IS_THREADSAFE
+
+void AddTwo(int* param) { *param += 2; }
+
+TEST(ThreadWithParamTest, ConstructorExecutesThreadFunc) {
+  int i = 40;
+  ThreadWithParam<int*> thread(&AddTwo, &i, NULL);
+  thread.Join();
+  EXPECT_EQ(42, i);
+}
+
+TEST(MutexDeathTest, AssertHeldShouldAssertWhenNotLocked) {
+  // AssertHeld() is flaky only in the presence of multiple threads accessing
+  // the lock. In this case, the test is robust.
+  EXPECT_DEATH_IF_SUPPORTED({
+    Mutex m;
+    { MutexLock lock(&m); }
+    m.AssertHeld();
+  },
+  "thread .*hold");
+}
+
+TEST(MutexTest, AssertHeldShouldNotAssertWhenLocked) {
+  Mutex m;
+  MutexLock lock(&m);
+  m.AssertHeld();
+}
+
+class AtomicCounterWithMutex {
+ public:
+  explicit AtomicCounterWithMutex(Mutex* mutex) :
+    value_(0), mutex_(mutex), random_(42) {}
+
+  void Increment() {
+    MutexLock lock(mutex_);
+    int temp = value_;
+    {
+      // We need to put up a memory barrier to prevent reads and writes to
+      // value_ rearranged with the call to SleepMilliseconds when observed
+      // from other threads.
+#if GTEST_HAS_PTHREAD
+      // On POSIX, locking a mutex puts up a memory barrier.  We cannot use
+      // Mutex and MutexLock here or rely on their memory barrier
+      // functionality as we are testing them here.
+      pthread_mutex_t memory_barrier_mutex;
+      GTEST_CHECK_POSIX_SUCCESS_(
+          pthread_mutex_init(&memory_barrier_mutex, NULL));
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_lock(&memory_barrier_mutex));
+
+      SleepMilliseconds(random_.Generate(30));
+
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_unlock(&memory_barrier_mutex));
+      GTEST_CHECK_POSIX_SUCCESS_(pthread_mutex_destroy(&memory_barrier_mutex));
+#elif GTEST_OS_WINDOWS
+      // On Windows, performing an interlocked access puts up a memory barrier.
+      volatile LONG dummy = 0;
+      ::InterlockedIncrement(&dummy);
+      SleepMilliseconds(random_.Generate(30));
+      ::InterlockedIncrement(&dummy);
+#else
+# error "Memory barrier not implemented on this platform."
+#endif  // GTEST_HAS_PTHREAD
+    }
+    value_ = temp + 1;
+  }
+  int value() const { return value_; }
+
+ private:
+  volatile int value_;
+  Mutex* const mutex_;  // Protects value_.
+  Random       random_;
+};
+
+void CountingThreadFunc(pair<AtomicCounterWithMutex*, int> param) {
+  for (int i = 0; i < param.second; ++i)
+      param.first->Increment();
+}
+
+// Tests that the mutex only lets one thread at a time to lock it.
+TEST(MutexTest, OnlyOneThreadCanLockAtATime) {
+  Mutex mutex;
+  AtomicCounterWithMutex locked_counter(&mutex);
+
+  typedef ThreadWithParam<pair<AtomicCounterWithMutex*, int> > ThreadType;
+  const int kCycleCount = 20;
+  const int kThreadCount = 7;
+  scoped_ptr<ThreadType> counting_threads[kThreadCount];
+  Notification threads_can_start;
+  // Creates and runs kThreadCount threads that increment locked_counter
+  // kCycleCount times each.
+  for (int i = 0; i < kThreadCount; ++i) {
+    counting_threads[i].reset(new ThreadType(&CountingThreadFunc,
+                                             make_pair(&locked_counter,
+                                                       kCycleCount),
+                                             &threads_can_start));
+  }
+  threads_can_start.Notify();
+  for (int i = 0; i < kThreadCount; ++i)
+    counting_threads[i]->Join();
+
+  // If the mutex lets more than one thread to increment the counter at a
+  // time, they are likely to encounter a race condition and have some
+  // increments overwritten, resulting in the lower then expected counter
+  // value.
+  EXPECT_EQ(kCycleCount * kThreadCount, locked_counter.value());
+}
+
+template <typename T>
+void RunFromThread(void (func)(T), T param) {
+  ThreadWithParam<T> thread(func, param, NULL);
+  thread.Join();
+}
+
+void RetrieveThreadLocalValue(
+    pair<ThreadLocal<std::string>*, std::string*> param) {
+  *param.second = param.first->get();
+}
+
+TEST(ThreadLocalTest, ParameterizedConstructorSetsDefault) {
+  ThreadLocal<std::string> thread_local_string("foo");
+  EXPECT_STREQ("foo", thread_local_string.get().c_str());
+
+  thread_local_string.set("bar");
+  EXPECT_STREQ("bar", thread_local_string.get().c_str());
+
+  std::string result;
+  RunFromThread(&RetrieveThreadLocalValue,
+                make_pair(&thread_local_string, &result));
+  EXPECT_STREQ("foo", result.c_str());
+}
+
+// Keeps track of whether of destructors being called on instances of
+// DestructorTracker.  On Windows, waits for the destructor call reports.
+class DestructorCall {
+ public:
+  DestructorCall() {
+    invoked_ = false;
+#if GTEST_OS_WINDOWS
+    wait_event_.Reset(::CreateEvent(NULL, TRUE, FALSE, NULL));
+    GTEST_CHECK_(wait_event_.Get() != NULL);
+#endif
+  }
+
+  bool CheckDestroyed() const {
+#if GTEST_OS_WINDOWS
+    if (::WaitForSingleObject(wait_event_.Get(), 1000) != WAIT_OBJECT_0)
+      return false;
+#endif
+    return invoked_;
+  }
+
+  void ReportDestroyed() {
+    invoked_ = true;
+#if GTEST_OS_WINDOWS
+    ::SetEvent(wait_event_.Get());
+#endif
+  }
+
+  static std::vector<DestructorCall*>& List() { return *list_; }
+
+  static void ResetList() {
+    for (size_t i = 0; i < list_->size(); ++i) {
+      delete list_->at(i);
+    }
+    list_->clear();
+  }
+
+ private:
+  bool invoked_;
+#if GTEST_OS_WINDOWS
+  AutoHandle wait_event_;
+#endif
+  static std::vector<DestructorCall*>* const list_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(DestructorCall);
+};
+
+std::vector<DestructorCall*>* const DestructorCall::list_ =
+    new std::vector<DestructorCall*>;
+
+// DestructorTracker keeps track of whether its instances have been
+// destroyed.
+class DestructorTracker {
+ public:
+  DestructorTracker() : index_(GetNewIndex()) {}
+  DestructorTracker(const DestructorTracker& /* rhs */)
+      : index_(GetNewIndex()) {}
+  ~DestructorTracker() {
+    // We never access DestructorCall::List() concurrently, so we don't need
+    // to protect this acccess with a mutex.
+    DestructorCall::List()[index_]->ReportDestroyed();
+  }
+
+ private:
+  static int GetNewIndex() {
+    DestructorCall::List().push_back(new DestructorCall);
+    return DestructorCall::List().size() - 1;
+  }
+  const int index_;
+
+  GTEST_DISALLOW_ASSIGN_(DestructorTracker);
+};
+
+typedef ThreadLocal<DestructorTracker>* ThreadParam;
+
+void CallThreadLocalGet(ThreadParam thread_local_param) {
+  thread_local_param->get();
+}
+
+// Tests that when a ThreadLocal object dies in a thread, it destroys
+// the managed object for that thread.
+TEST(ThreadLocalTest, DestroysManagedObjectForOwnThreadWhenDying) {
+  DestructorCall::ResetList();
+
+  {
+    // The next line default constructs a DestructorTracker object as
+    // the default value of objects managed by thread_local_tracker.
+    ThreadLocal<DestructorTracker> thread_local_tracker;
+    ASSERT_EQ(1U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+
+    // This creates another DestructorTracker object for the main thread.
+    thread_local_tracker.get();
+    ASSERT_EQ(2U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+    ASSERT_FALSE(DestructorCall::List()[1]->CheckDestroyed());
+  }
+
+  // Now thread_local_tracker has died.  It should have destroyed both the
+  // default value shared by all threads and the value for the main
+  // thread.
+  ASSERT_EQ(2U, DestructorCall::List().size());
+  EXPECT_TRUE(DestructorCall::List()[0]->CheckDestroyed());
+  EXPECT_TRUE(DestructorCall::List()[1]->CheckDestroyed());
+
+  DestructorCall::ResetList();
+}
+
+// Tests that when a thread exits, the thread-local object for that
+// thread is destroyed.
+TEST(ThreadLocalTest, DestroysManagedObjectAtThreadExit) {
+  DestructorCall::ResetList();
+
+  {
+    // The next line default constructs a DestructorTracker object as
+    // the default value of objects managed by thread_local_tracker.
+    ThreadLocal<DestructorTracker> thread_local_tracker;
+    ASSERT_EQ(1U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+
+    // This creates another DestructorTracker object in the new thread.
+    ThreadWithParam<ThreadParam> thread(
+        &CallThreadLocalGet, &thread_local_tracker, NULL);
+    thread.Join();
+
+    // The thread has exited, and we should have another DestroyedTracker
+    // instance created for it. But it may not have been destroyed yet.
+    // The instance for the main thread should still persist.
+    ASSERT_EQ(2U, DestructorCall::List().size());
+    ASSERT_FALSE(DestructorCall::List()[0]->CheckDestroyed());
+  }
+
+  // The thread has exited and thread_local_tracker has died.  The default
+  // value should have been destroyed too.
+  ASSERT_EQ(2U, DestructorCall::List().size());
+  EXPECT_TRUE(DestructorCall::List()[0]->CheckDestroyed());
+  EXPECT_TRUE(DestructorCall::List()[1]->CheckDestroyed());
+
+  DestructorCall::ResetList();
+}
+
+TEST(ThreadLocalTest, ThreadLocalMutationsAffectOnlyCurrentThread) {
+  ThreadLocal<std::string> thread_local_string;
+  thread_local_string.set("Foo");
+  EXPECT_STREQ("Foo", thread_local_string.get().c_str());
+
+  std::string result;
+  RunFromThread(&RetrieveThreadLocalValue,
+                make_pair(&thread_local_string, &result));
+  EXPECT_TRUE(result.empty());
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+#if GTEST_OS_WINDOWS
+TEST(WindowsTypesTest, HANDLEIsVoidStar) {
+  StaticAssertTypeEq<HANDLE, void*>();
+}
+
+TEST(WindowsTypesTest, CRITICAL_SECTIONIs_RTL_CRITICAL_SECTION) {
+  StaticAssertTypeEq<CRITICAL_SECTION, _RTL_CRITICAL_SECTION>();
+}
+#endif  // GTEST_OS_WINDOWS
+
+}  // namespace internal
+}  // namespace testing
diff --git a/nss/gtests/google_test/gtest/test/gtest-printers_test.cc b/nss/gtests/google_test/gtest/test/gtest-printers_test.cc
new file mode 100644
index 0000000..7b07fd1
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-printers_test.cc
@@ -0,0 +1,1651 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Google Test - The Google C++ Testing Framework
+//
+// This file tests the universal value printer.
+
+#include "gtest/gtest-printers.h"
+
+#include <ctype.h>
+#include <limits.h>
+#include <string.h>
+#include <algorithm>
+#include <deque>
+#include <list>
+#include <map>
+#include <set>
+#include <sstream>
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "gtest/gtest.h"
+
+// hash_map and hash_set are available under Visual C++.
+#if _MSC_VER
+# define GTEST_HAS_HASH_MAP_ 1  // Indicates that hash_map is available.
+# include <hash_map>            // NOLINT
+# define GTEST_HAS_HASH_SET_ 1  // Indicates that hash_set is available.
+# include <hash_set>            // NOLINT
+#endif  // GTEST_OS_WINDOWS
+
+// Some user-defined types for testing the universal value printer.
+
+// An anonymous enum type.
+enum AnonymousEnum {
+  kAE1 = -1,
+  kAE2 = 1
+};
+
+// An enum without a user-defined printer.
+enum EnumWithoutPrinter {
+  kEWP1 = -2,
+  kEWP2 = 42
+};
+
+// An enum with a << operator.
+enum EnumWithStreaming {
+  kEWS1 = 10
+};
+
+std::ostream& operator<<(std::ostream& os, EnumWithStreaming e) {
+  return os << (e == kEWS1 ? "kEWS1" : "invalid");
+}
+
+// An enum with a PrintTo() function.
+enum EnumWithPrintTo {
+  kEWPT1 = 1
+};
+
+void PrintTo(EnumWithPrintTo e, std::ostream* os) {
+  *os << (e == kEWPT1 ? "kEWPT1" : "invalid");
+}
+
+// A class implicitly convertible to BiggestInt.
+class BiggestIntConvertible {
+ public:
+  operator ::testing::internal::BiggestInt() const { return 42; }
+};
+
+// A user-defined unprintable class template in the global namespace.
+template <typename T>
+class UnprintableTemplateInGlobal {
+ public:
+  UnprintableTemplateInGlobal() : value_() {}
+ private:
+  T value_;
+};
+
+// A user-defined streamable type in the global namespace.
+class StreamableInGlobal {
+ public:
+  virtual ~StreamableInGlobal() {}
+};
+
+inline void operator<<(::std::ostream& os, const StreamableInGlobal& /* x */) {
+  os << "StreamableInGlobal";
+}
+
+void operator<<(::std::ostream& os, const StreamableInGlobal* /* x */) {
+  os << "StreamableInGlobal*";
+}
+
+namespace foo {
+
+// A user-defined unprintable type in a user namespace.
+class UnprintableInFoo {
+ public:
+  UnprintableInFoo() : z_(0) { memcpy(xy_, "\xEF\x12\x0\x0\x34\xAB\x0\x0", 8); }
+  double z() const { return z_; }
+ private:
+  char xy_[8];
+  double z_;
+};
+
+// A user-defined printable type in a user-chosen namespace.
+struct PrintableViaPrintTo {
+  PrintableViaPrintTo() : value() {}
+  int value;
+};
+
+void PrintTo(const PrintableViaPrintTo& x, ::std::ostream* os) {
+  *os << "PrintableViaPrintTo: " << x.value;
+}
+
+// A type with a user-defined << for printing its pointer.
+struct PointerPrintable {
+};
+
+::std::ostream& operator<<(::std::ostream& os,
+                           const PointerPrintable* /* x */) {
+  return os << "PointerPrintable*";
+}
+
+// A user-defined printable class template in a user-chosen namespace.
+template <typename T>
+class PrintableViaPrintToTemplate {
+ public:
+  explicit PrintableViaPrintToTemplate(const T& a_value) : value_(a_value) {}
+
+  const T& value() const { return value_; }
+ private:
+  T value_;
+};
+
+template <typename T>
+void PrintTo(const PrintableViaPrintToTemplate<T>& x, ::std::ostream* os) {
+  *os << "PrintableViaPrintToTemplate: " << x.value();
+}
+
+// A user-defined streamable class template in a user namespace.
+template <typename T>
+class StreamableTemplateInFoo {
+ public:
+  StreamableTemplateInFoo() : value_() {}
+
+  const T& value() const { return value_; }
+ private:
+  T value_;
+};
+
+template <typename T>
+inline ::std::ostream& operator<<(::std::ostream& os,
+                                  const StreamableTemplateInFoo<T>& x) {
+  return os << "StreamableTemplateInFoo: " << x.value();
+}
+
+}  // namespace foo
+
+namespace testing {
+namespace gtest_printers_test {
+
+using ::std::deque;
+using ::std::list;
+using ::std::make_pair;
+using ::std::map;
+using ::std::multimap;
+using ::std::multiset;
+using ::std::pair;
+using ::std::set;
+using ::std::vector;
+using ::testing::PrintToString;
+using ::testing::internal::FormatForComparisonFailureMessage;
+using ::testing::internal::ImplicitCast_;
+using ::testing::internal::NativeArray;
+using ::testing::internal::RE;
+using ::testing::internal::RelationToSourceReference;
+using ::testing::internal::Strings;
+using ::testing::internal::UniversalPrint;
+using ::testing::internal::UniversalPrinter;
+using ::testing::internal::UniversalTersePrint;
+using ::testing::internal::UniversalTersePrintTupleFieldsToStrings;
+using ::testing::internal::string;
+
+// The hash_* classes are not part of the C++ standard.  STLport
+// defines them in namespace std.  MSVC defines them in ::stdext.  GCC
+// defines them in ::.
+#ifdef _STLP_HASH_MAP  // We got <hash_map> from STLport.
+using ::std::hash_map;
+using ::std::hash_set;
+using ::std::hash_multimap;
+using ::std::hash_multiset;
+#elif _MSC_VER
+using ::stdext::hash_map;
+using ::stdext::hash_set;
+using ::stdext::hash_multimap;
+using ::stdext::hash_multiset;
+#endif
+
+// Prints a value to a string using the universal value printer.  This
+// is a helper for testing UniversalPrinter<T>::Print() for various types.
+template <typename T>
+string Print(const T& value) {
+  ::std::stringstream ss;
+  UniversalPrinter<T>::Print(value, &ss);
+  return ss.str();
+}
+
+// Prints a value passed by reference to a string, using the universal
+// value printer.  This is a helper for testing
+// UniversalPrinter<T&>::Print() for various types.
+template <typename T>
+string PrintByRef(const T& value) {
+  ::std::stringstream ss;
+  UniversalPrinter<T&>::Print(value, &ss);
+  return ss.str();
+}
+
+// Tests printing various enum types.
+
+TEST(PrintEnumTest, AnonymousEnum) {
+  EXPECT_EQ("-1", Print(kAE1));
+  EXPECT_EQ("1", Print(kAE2));
+}
+
+TEST(PrintEnumTest, EnumWithoutPrinter) {
+  EXPECT_EQ("-2", Print(kEWP1));
+  EXPECT_EQ("42", Print(kEWP2));
+}
+
+TEST(PrintEnumTest, EnumWithStreaming) {
+  EXPECT_EQ("kEWS1", Print(kEWS1));
+  EXPECT_EQ("invalid", Print(static_cast<EnumWithStreaming>(0)));
+}
+
+TEST(PrintEnumTest, EnumWithPrintTo) {
+  EXPECT_EQ("kEWPT1", Print(kEWPT1));
+  EXPECT_EQ("invalid", Print(static_cast<EnumWithPrintTo>(0)));
+}
+
+// Tests printing a class implicitly convertible to BiggestInt.
+
+TEST(PrintClassTest, BiggestIntConvertible) {
+  EXPECT_EQ("42", Print(BiggestIntConvertible()));
+}
+
+// Tests printing various char types.
+
+// char.
+TEST(PrintCharTest, PlainChar) {
+  EXPECT_EQ("'\\0'", Print('\0'));
+  EXPECT_EQ("'\\'' (39, 0x27)", Print('\''));
+  EXPECT_EQ("'\"' (34, 0x22)", Print('"'));
+  EXPECT_EQ("'?' (63, 0x3F)", Print('?'));
+  EXPECT_EQ("'\\\\' (92, 0x5C)", Print('\\'));
+  EXPECT_EQ("'\\a' (7)", Print('\a'));
+  EXPECT_EQ("'\\b' (8)", Print('\b'));
+  EXPECT_EQ("'\\f' (12, 0xC)", Print('\f'));
+  EXPECT_EQ("'\\n' (10, 0xA)", Print('\n'));
+  EXPECT_EQ("'\\r' (13, 0xD)", Print('\r'));
+  EXPECT_EQ("'\\t' (9)", Print('\t'));
+  EXPECT_EQ("'\\v' (11, 0xB)", Print('\v'));
+  EXPECT_EQ("'\\x7F' (127)", Print('\x7F'));
+  EXPECT_EQ("'\\xFF' (255)", Print('\xFF'));
+  EXPECT_EQ("' ' (32, 0x20)", Print(' '));
+  EXPECT_EQ("'a' (97, 0x61)", Print('a'));
+}
+
+// signed char.
+TEST(PrintCharTest, SignedChar) {
+  EXPECT_EQ("'\\0'", Print(static_cast<signed char>('\0')));
+  EXPECT_EQ("'\\xCE' (-50)",
+            Print(static_cast<signed char>(-50)));
+}
+
+// unsigned char.
+TEST(PrintCharTest, UnsignedChar) {
+  EXPECT_EQ("'\\0'", Print(static_cast<unsigned char>('\0')));
+  EXPECT_EQ("'b' (98, 0x62)",
+            Print(static_cast<unsigned char>('b')));
+}
+
+// Tests printing other simple, built-in types.
+
+// bool.
+TEST(PrintBuiltInTypeTest, Bool) {
+  EXPECT_EQ("false", Print(false));
+  EXPECT_EQ("true", Print(true));
+}
+
+// wchar_t.
+TEST(PrintBuiltInTypeTest, Wchar_t) {
+  EXPECT_EQ("L'\\0'", Print(L'\0'));
+  EXPECT_EQ("L'\\'' (39, 0x27)", Print(L'\''));
+  EXPECT_EQ("L'\"' (34, 0x22)", Print(L'"'));
+  EXPECT_EQ("L'?' (63, 0x3F)", Print(L'?'));
+  EXPECT_EQ("L'\\\\' (92, 0x5C)", Print(L'\\'));
+  EXPECT_EQ("L'\\a' (7)", Print(L'\a'));
+  EXPECT_EQ("L'\\b' (8)", Print(L'\b'));
+  EXPECT_EQ("L'\\f' (12, 0xC)", Print(L'\f'));
+  EXPECT_EQ("L'\\n' (10, 0xA)", Print(L'\n'));
+  EXPECT_EQ("L'\\r' (13, 0xD)", Print(L'\r'));
+  EXPECT_EQ("L'\\t' (9)", Print(L'\t'));
+  EXPECT_EQ("L'\\v' (11, 0xB)", Print(L'\v'));
+  EXPECT_EQ("L'\\x7F' (127)", Print(L'\x7F'));
+  EXPECT_EQ("L'\\xFF' (255)", Print(L'\xFF'));
+  EXPECT_EQ("L' ' (32, 0x20)", Print(L' '));
+  EXPECT_EQ("L'a' (97, 0x61)", Print(L'a'));
+  EXPECT_EQ("L'\\x576' (1398)", Print(static_cast<wchar_t>(0x576)));
+  EXPECT_EQ("L'\\xC74D' (51021)", Print(static_cast<wchar_t>(0xC74D)));
+}
+
+// Test that Int64 provides more storage than wchar_t.
+TEST(PrintTypeSizeTest, Wchar_t) {
+  EXPECT_LT(sizeof(wchar_t), sizeof(testing::internal::Int64));
+}
+
+// Various integer types.
+TEST(PrintBuiltInTypeTest, Integer) {
+  EXPECT_EQ("'\\xFF' (255)", Print(static_cast<unsigned char>(255)));  // uint8
+  EXPECT_EQ("'\\x80' (-128)", Print(static_cast<signed char>(-128)));  // int8
+  EXPECT_EQ("65535", Print(USHRT_MAX));  // uint16
+  EXPECT_EQ("-32768", Print(SHRT_MIN));  // int16
+  EXPECT_EQ("4294967295", Print(UINT_MAX));  // uint32
+  EXPECT_EQ("-2147483648", Print(INT_MIN));  // int32
+  EXPECT_EQ("18446744073709551615",
+            Print(static_cast<testing::internal::UInt64>(-1)));  // uint64
+  EXPECT_EQ("-9223372036854775808",
+            Print(static_cast<testing::internal::Int64>(1) << 63));  // int64
+}
+
+// Size types.
+TEST(PrintBuiltInTypeTest, Size_t) {
+  EXPECT_EQ("1", Print(sizeof('a')));  // size_t.
+#if !GTEST_OS_WINDOWS
+  // Windows has no ssize_t type.
+  EXPECT_EQ("-2", Print(static_cast<ssize_t>(-2)));  // ssize_t.
+#endif  // !GTEST_OS_WINDOWS
+}
+
+// Floating-points.
+TEST(PrintBuiltInTypeTest, FloatingPoints) {
+  EXPECT_EQ("1.5", Print(1.5f));   // float
+  EXPECT_EQ("-2.5", Print(-2.5));  // double
+}
+
+// Since ::std::stringstream::operator<<(const void *) formats the pointer
+// output differently with different compilers, we have to create the expected
+// output first and use it as our expectation.
+static string PrintPointer(const void *p) {
+  ::std::stringstream expected_result_stream;
+  expected_result_stream << p;
+  return expected_result_stream.str();
+}
+
+// Tests printing C strings.
+
+// const char*.
+TEST(PrintCStringTest, Const) {
+  const char* p = "World";
+  EXPECT_EQ(PrintPointer(p) + " pointing to \"World\"", Print(p));
+}
+
+// char*.
+TEST(PrintCStringTest, NonConst) {
+  char p[] = "Hi";
+  EXPECT_EQ(PrintPointer(p) + " pointing to \"Hi\"",
+            Print(static_cast<char*>(p)));
+}
+
+// NULL C string.
+TEST(PrintCStringTest, Null) {
+  const char* p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests that C strings are escaped properly.
+TEST(PrintCStringTest, EscapesProperly) {
+  const char* p = "'\"?\\\a\b\f\n\r\t\v\x7F\xFF a";
+  EXPECT_EQ(PrintPointer(p) + " pointing to \"'\\\"?\\\\\\a\\b\\f"
+            "\\n\\r\\t\\v\\x7F\\xFF a\"",
+            Print(p));
+}
+
+// MSVC compiler can be configured to define whar_t as a typedef
+// of unsigned short. Defining an overload for const wchar_t* in that case
+// would cause pointers to unsigned shorts be printed as wide strings,
+// possibly accessing more memory than intended and causing invalid
+// memory accesses. MSVC defines _NATIVE_WCHAR_T_DEFINED symbol when
+// wchar_t is implemented as a native type.
+#if !defined(_MSC_VER) || defined(_NATIVE_WCHAR_T_DEFINED)
+
+// const wchar_t*.
+TEST(PrintWideCStringTest, Const) {
+  const wchar_t* p = L"World";
+  EXPECT_EQ(PrintPointer(p) + " pointing to L\"World\"", Print(p));
+}
+
+// wchar_t*.
+TEST(PrintWideCStringTest, NonConst) {
+  wchar_t p[] = L"Hi";
+  EXPECT_EQ(PrintPointer(p) + " pointing to L\"Hi\"",
+            Print(static_cast<wchar_t*>(p)));
+}
+
+// NULL wide C string.
+TEST(PrintWideCStringTest, Null) {
+  const wchar_t* p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests that wide C strings are escaped properly.
+TEST(PrintWideCStringTest, EscapesProperly) {
+  const wchar_t s[] = {'\'', '"', '?', '\\', '\a', '\b', '\f', '\n', '\r',
+                       '\t', '\v', 0xD3, 0x576, 0x8D3, 0xC74D, ' ', 'a', '\0'};
+  EXPECT_EQ(PrintPointer(s) + " pointing to L\"'\\\"?\\\\\\a\\b\\f"
+            "\\n\\r\\t\\v\\xD3\\x576\\x8D3\\xC74D a\"",
+            Print(static_cast<const wchar_t*>(s)));
+}
+#endif  // native wchar_t
+
+// Tests printing pointers to other char types.
+
+// signed char*.
+TEST(PrintCharPointerTest, SignedChar) {
+  signed char* p = reinterpret_cast<signed char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// const signed char*.
+TEST(PrintCharPointerTest, ConstSignedChar) {
+  signed char* p = reinterpret_cast<signed char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// unsigned char*.
+TEST(PrintCharPointerTest, UnsignedChar) {
+  unsigned char* p = reinterpret_cast<unsigned char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// const unsigned char*.
+TEST(PrintCharPointerTest, ConstUnsignedChar) {
+  const unsigned char* p = reinterpret_cast<const unsigned char*>(0x1234);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests printing pointers to simple, built-in types.
+
+// bool*.
+TEST(PrintPointerToBuiltInTypeTest, Bool) {
+  bool* p = reinterpret_cast<bool*>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// void*.
+TEST(PrintPointerToBuiltInTypeTest, Void) {
+  void* p = reinterpret_cast<void*>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// const void*.
+TEST(PrintPointerToBuiltInTypeTest, ConstVoid) {
+  const void* p = reinterpret_cast<const void*>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests printing pointers to pointers.
+TEST(PrintPointerToPointerTest, IntPointerPointer) {
+  int** p = reinterpret_cast<int**>(0xABCD);
+  EXPECT_EQ(PrintPointer(p), Print(p));
+  p = NULL;
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// Tests printing (non-member) function pointers.
+
+void MyFunction(int /* n */) {}
+
+TEST(PrintPointerTest, NonMemberFunctionPointer) {
+  // We cannot directly cast &MyFunction to const void* because the
+  // standard disallows casting between pointers to functions and
+  // pointers to objects, and some compilers (e.g. GCC 3.4) enforce
+  // this limitation.
+  EXPECT_EQ(
+      PrintPointer(reinterpret_cast<const void*>(
+          reinterpret_cast<internal::BiggestInt>(&MyFunction))),
+      Print(&MyFunction));
+  int (*p)(bool) = NULL;  // NOLINT
+  EXPECT_EQ("NULL", Print(p));
+}
+
+// An assertion predicate determining whether a one string is a prefix for
+// another.
+template <typename StringType>
+AssertionResult HasPrefix(const StringType& str, const StringType& prefix) {
+  if (str.find(prefix, 0) == 0)
+    return AssertionSuccess();
+
+  const bool is_wide_string = sizeof(prefix[0]) > 1;
+  const char* const begin_string_quote = is_wide_string ? "L\"" : "\"";
+  return AssertionFailure()
+      << begin_string_quote << prefix << "\" is not a prefix of "
+      << begin_string_quote << str << "\"\n";
+}
+
+// Tests printing member variable pointers.  Although they are called
+// pointers, they don't point to a location in the address space.
+// Their representation is implementation-defined.  Thus they will be
+// printed as raw bytes.
+
+struct Foo {
+ public:
+  virtual ~Foo() {}
+  int MyMethod(char x) { return x + 1; }
+  virtual char MyVirtualMethod(int /* n */) { return 'a'; }
+
+  int value;
+};
+
+TEST(PrintPointerTest, MemberVariablePointer) {
+  EXPECT_TRUE(HasPrefix(Print(&Foo::value),
+                        Print(sizeof(&Foo::value)) + "-byte object "));
+  int (Foo::*p) = NULL;  // NOLINT
+  EXPECT_TRUE(HasPrefix(Print(p),
+                        Print(sizeof(p)) + "-byte object "));
+}
+
+// Tests printing member function pointers.  Although they are called
+// pointers, they don't point to a location in the address space.
+// Their representation is implementation-defined.  Thus they will be
+// printed as raw bytes.
+TEST(PrintPointerTest, MemberFunctionPointer) {
+  EXPECT_TRUE(HasPrefix(Print(&Foo::MyMethod),
+                        Print(sizeof(&Foo::MyMethod)) + "-byte object "));
+  EXPECT_TRUE(
+      HasPrefix(Print(&Foo::MyVirtualMethod),
+                Print(sizeof((&Foo::MyVirtualMethod))) + "-byte object "));
+  int (Foo::*p)(char) = NULL;  // NOLINT
+  EXPECT_TRUE(HasPrefix(Print(p),
+                        Print(sizeof(p)) + "-byte object "));
+}
+
+// Tests printing C arrays.
+
+// The difference between this and Print() is that it ensures that the
+// argument is a reference to an array.
+template <typename T, size_t N>
+string PrintArrayHelper(T (&a)[N]) {
+  return Print(a);
+}
+
+// One-dimensional array.
+TEST(PrintArrayTest, OneDimensionalArray) {
+  int a[5] = { 1, 2, 3, 4, 5 };
+  EXPECT_EQ("{ 1, 2, 3, 4, 5 }", PrintArrayHelper(a));
+}
+
+// Two-dimensional array.
+TEST(PrintArrayTest, TwoDimensionalArray) {
+  int a[2][5] = {
+    { 1, 2, 3, 4, 5 },
+    { 6, 7, 8, 9, 0 }
+  };
+  EXPECT_EQ("{ { 1, 2, 3, 4, 5 }, { 6, 7, 8, 9, 0 } }", PrintArrayHelper(a));
+}
+
+// Array of const elements.
+TEST(PrintArrayTest, ConstArray) {
+  const bool a[1] = { false };
+  EXPECT_EQ("{ false }", PrintArrayHelper(a));
+}
+
+// char array without terminating NUL.
+TEST(PrintArrayTest, CharArrayWithNoTerminatingNul) {
+  // Array a contains '\0' in the middle and doesn't end with '\0'.
+  char a[] = { 'H', '\0', 'i' };
+  EXPECT_EQ("\"H\\0i\" (no terminating NUL)", PrintArrayHelper(a));
+}
+
+// const char array with terminating NUL.
+TEST(PrintArrayTest, ConstCharArrayWithTerminatingNul) {
+  const char a[] = "\0Hi";
+  EXPECT_EQ("\"\\0Hi\"", PrintArrayHelper(a));
+}
+
+// const wchar_t array without terminating NUL.
+TEST(PrintArrayTest, WCharArrayWithNoTerminatingNul) {
+  // Array a contains '\0' in the middle and doesn't end with '\0'.
+  const wchar_t a[] = { L'H', L'\0', L'i' };
+  EXPECT_EQ("L\"H\\0i\" (no terminating NUL)", PrintArrayHelper(a));
+}
+
+// wchar_t array with terminating NUL.
+TEST(PrintArrayTest, WConstCharArrayWithTerminatingNul) {
+  const wchar_t a[] = L"\0Hi";
+  EXPECT_EQ("L\"\\0Hi\"", PrintArrayHelper(a));
+}
+
+// Array of objects.
+TEST(PrintArrayTest, ObjectArray) {
+  string a[3] = { "Hi", "Hello", "Ni hao" };
+  EXPECT_EQ("{ \"Hi\", \"Hello\", \"Ni hao\" }", PrintArrayHelper(a));
+}
+
+// Array with many elements.
+TEST(PrintArrayTest, BigArray) {
+  int a[100] = { 1, 2, 3 };
+  EXPECT_EQ("{ 1, 2, 3, 0, 0, 0, 0, 0, ..., 0, 0, 0, 0, 0, 0, 0, 0 }",
+            PrintArrayHelper(a));
+}
+
+// Tests printing ::string and ::std::string.
+
+#if GTEST_HAS_GLOBAL_STRING
+// ::string.
+TEST(PrintStringTest, StringInGlobalNamespace) {
+  const char s[] = "'\"?\\\a\b\f\n\0\r\t\v\x7F\xFF a";
+  const ::string str(s, sizeof(s));
+  EXPECT_EQ("\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v\\x7F\\xFF a\\0\"",
+            Print(str));
+}
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+// ::std::string.
+TEST(PrintStringTest, StringInStdNamespace) {
+  const char s[] = "'\"?\\\a\b\f\n\0\r\t\v\x7F\xFF a";
+  const ::std::string str(s, sizeof(s));
+  EXPECT_EQ("\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v\\x7F\\xFF a\\0\"",
+            Print(str));
+}
+
+TEST(PrintStringTest, StringAmbiguousHex) {
+  // "\x6BANANA" is ambiguous, it can be interpreted as starting with either of:
+  // '\x6', '\x6B', or '\x6BA'.
+
+  // a hex escaping sequence following by a decimal digit
+  EXPECT_EQ("\"0\\x12\" \"3\"", Print(::std::string("0\x12" "3")));
+  // a hex escaping sequence following by a hex digit (lower-case)
+  EXPECT_EQ("\"mm\\x6\" \"bananas\"", Print(::std::string("mm\x6" "bananas")));
+  // a hex escaping sequence following by a hex digit (upper-case)
+  EXPECT_EQ("\"NOM\\x6\" \"BANANA\"", Print(::std::string("NOM\x6" "BANANA")));
+  // a hex escaping sequence following by a non-xdigit
+  EXPECT_EQ("\"!\\x5-!\"", Print(::std::string("!\x5-!")));
+}
+
+// Tests printing ::wstring and ::std::wstring.
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// ::wstring.
+TEST(PrintWideStringTest, StringInGlobalNamespace) {
+  const wchar_t s[] = L"'\"?\\\a\b\f\n\0\r\t\v\xD3\x576\x8D3\xC74D a";
+  const ::wstring str(s, sizeof(s)/sizeof(wchar_t));
+  EXPECT_EQ("L\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v"
+            "\\xD3\\x576\\x8D3\\xC74D a\\0\"",
+            Print(str));
+}
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+#if GTEST_HAS_STD_WSTRING
+// ::std::wstring.
+TEST(PrintWideStringTest, StringInStdNamespace) {
+  const wchar_t s[] = L"'\"?\\\a\b\f\n\0\r\t\v\xD3\x576\x8D3\xC74D a";
+  const ::std::wstring str(s, sizeof(s)/sizeof(wchar_t));
+  EXPECT_EQ("L\"'\\\"?\\\\\\a\\b\\f\\n\\0\\r\\t\\v"
+            "\\xD3\\x576\\x8D3\\xC74D a\\0\"",
+            Print(str));
+}
+
+TEST(PrintWideStringTest, StringAmbiguousHex) {
+  // same for wide strings.
+  EXPECT_EQ("L\"0\\x12\" L\"3\"", Print(::std::wstring(L"0\x12" L"3")));
+  EXPECT_EQ("L\"mm\\x6\" L\"bananas\"",
+            Print(::std::wstring(L"mm\x6" L"bananas")));
+  EXPECT_EQ("L\"NOM\\x6\" L\"BANANA\"",
+            Print(::std::wstring(L"NOM\x6" L"BANANA")));
+  EXPECT_EQ("L\"!\\x5-!\"", Print(::std::wstring(L"!\x5-!")));
+}
+#endif  // GTEST_HAS_STD_WSTRING
+
+// Tests printing types that support generic streaming (i.e. streaming
+// to std::basic_ostream<Char, CharTraits> for any valid Char and
+// CharTraits types).
+
+// Tests printing a non-template type that supports generic streaming.
+
+class AllowsGenericStreaming {};
+
+template <typename Char, typename CharTraits>
+std::basic_ostream<Char, CharTraits>& operator<<(
+    std::basic_ostream<Char, CharTraits>& os,
+    const AllowsGenericStreaming& /* a */) {
+  return os << "AllowsGenericStreaming";
+}
+
+TEST(PrintTypeWithGenericStreamingTest, NonTemplateType) {
+  AllowsGenericStreaming a;
+  EXPECT_EQ("AllowsGenericStreaming", Print(a));
+}
+
+// Tests printing a template type that supports generic streaming.
+
+template <typename T>
+class AllowsGenericStreamingTemplate {};
+
+template <typename Char, typename CharTraits, typename T>
+std::basic_ostream<Char, CharTraits>& operator<<(
+    std::basic_ostream<Char, CharTraits>& os,
+    const AllowsGenericStreamingTemplate<T>& /* a */) {
+  return os << "AllowsGenericStreamingTemplate";
+}
+
+TEST(PrintTypeWithGenericStreamingTest, TemplateType) {
+  AllowsGenericStreamingTemplate<int> a;
+  EXPECT_EQ("AllowsGenericStreamingTemplate", Print(a));
+}
+
+// Tests printing a type that supports generic streaming and can be
+// implicitly converted to another printable type.
+
+template <typename T>
+class AllowsGenericStreamingAndImplicitConversionTemplate {
+ public:
+  operator bool() const { return false; }
+};
+
+template <typename Char, typename CharTraits, typename T>
+std::basic_ostream<Char, CharTraits>& operator<<(
+    std::basic_ostream<Char, CharTraits>& os,
+    const AllowsGenericStreamingAndImplicitConversionTemplate<T>& /* a */) {
+  return os << "AllowsGenericStreamingAndImplicitConversionTemplate";
+}
+
+TEST(PrintTypeWithGenericStreamingTest, TypeImplicitlyConvertible) {
+  AllowsGenericStreamingAndImplicitConversionTemplate<int> a;
+  EXPECT_EQ("AllowsGenericStreamingAndImplicitConversionTemplate", Print(a));
+}
+
+#if GTEST_HAS_STRING_PIECE_
+
+// Tests printing StringPiece.
+
+TEST(PrintStringPieceTest, SimpleStringPiece) {
+  const StringPiece sp = "Hello";
+  EXPECT_EQ("\"Hello\"", Print(sp));
+}
+
+TEST(PrintStringPieceTest, UnprintableCharacters) {
+  const char str[] = "NUL (\0) and \r\t";
+  const StringPiece sp(str, sizeof(str) - 1);
+  EXPECT_EQ("\"NUL (\\0) and \\r\\t\"", Print(sp));
+}
+
+#endif  // GTEST_HAS_STRING_PIECE_
+
+// Tests printing STL containers.
+
+TEST(PrintStlContainerTest, EmptyDeque) {
+  deque<char> empty;
+  EXPECT_EQ("{}", Print(empty));
+}
+
+TEST(PrintStlContainerTest, NonEmptyDeque) {
+  deque<int> non_empty;
+  non_empty.push_back(1);
+  non_empty.push_back(3);
+  EXPECT_EQ("{ 1, 3 }", Print(non_empty));
+}
+
+#if GTEST_HAS_HASH_MAP_
+
+TEST(PrintStlContainerTest, OneElementHashMap) {
+  hash_map<int, char> map1;
+  map1[1] = 'a';
+  EXPECT_EQ("{ (1, 'a' (97, 0x61)) }", Print(map1));
+}
+
+TEST(PrintStlContainerTest, HashMultiMap) {
+  hash_multimap<int, bool> map1;
+  map1.insert(make_pair(5, true));
+  map1.insert(make_pair(5, false));
+
+  // Elements of hash_multimap can be printed in any order.
+  const string result = Print(map1);
+  EXPECT_TRUE(result == "{ (5, true), (5, false) }" ||
+              result == "{ (5, false), (5, true) }")
+                  << " where Print(map1) returns \"" << result << "\".";
+}
+
+#endif  // GTEST_HAS_HASH_MAP_
+
+#if GTEST_HAS_HASH_SET_
+
+TEST(PrintStlContainerTest, HashSet) {
+  hash_set<string> set1;
+  set1.insert("hello");
+  EXPECT_EQ("{ \"hello\" }", Print(set1));
+}
+
+TEST(PrintStlContainerTest, HashMultiSet) {
+  const int kSize = 5;
+  int a[kSize] = { 1, 1, 2, 5, 1 };
+  hash_multiset<int> set1(a, a + kSize);
+
+  // Elements of hash_multiset can be printed in any order.
+  const string result = Print(set1);
+  const string expected_pattern = "{ d, d, d, d, d }";  // d means a digit.
+
+  // Verifies the result matches the expected pattern; also extracts
+  // the numbers in the result.
+  ASSERT_EQ(expected_pattern.length(), result.length());
+  std::vector<int> numbers;
+  for (size_t i = 0; i != result.length(); i++) {
+    if (expected_pattern[i] == 'd') {
+      ASSERT_NE(isdigit(static_cast<unsigned char>(result[i])), 0);
+      numbers.push_back(result[i] - '0');
+    } else {
+      EXPECT_EQ(expected_pattern[i], result[i]) << " where result is "
+                                                << result;
+    }
+  }
+
+  // Makes sure the result contains the right numbers.
+  std::sort(numbers.begin(), numbers.end());
+  std::sort(a, a + kSize);
+  EXPECT_TRUE(std::equal(a, a + kSize, numbers.begin()));
+}
+
+#endif  // GTEST_HAS_HASH_SET_
+
+TEST(PrintStlContainerTest, List) {
+  const string a[] = {
+    "hello",
+    "world"
+  };
+  const list<string> strings(a, a + 2);
+  EXPECT_EQ("{ \"hello\", \"world\" }", Print(strings));
+}
+
+TEST(PrintStlContainerTest, Map) {
+  map<int, bool> map1;
+  map1[1] = true;
+  map1[5] = false;
+  map1[3] = true;
+  EXPECT_EQ("{ (1, true), (3, true), (5, false) }", Print(map1));
+}
+
+TEST(PrintStlContainerTest, MultiMap) {
+  multimap<bool, int> map1;
+  // The make_pair template function would deduce the type as
+  // pair<bool, int> here, and since the key part in a multimap has to
+  // be constant, without a templated ctor in the pair class (as in
+  // libCstd on Solaris), make_pair call would fail to compile as no
+  // implicit conversion is found.  Thus explicit typename is used
+  // here instead.
+  map1.insert(pair<const bool, int>(true, 0));
+  map1.insert(pair<const bool, int>(true, 1));
+  map1.insert(pair<const bool, int>(false, 2));
+  EXPECT_EQ("{ (false, 2), (true, 0), (true, 1) }", Print(map1));
+}
+
+TEST(PrintStlContainerTest, Set) {
+  const unsigned int a[] = { 3, 0, 5 };
+  set<unsigned int> set1(a, a + 3);
+  EXPECT_EQ("{ 0, 3, 5 }", Print(set1));
+}
+
+TEST(PrintStlContainerTest, MultiSet) {
+  const int a[] = { 1, 1, 2, 5, 1 };
+  multiset<int> set1(a, a + 5);
+  EXPECT_EQ("{ 1, 1, 1, 2, 5 }", Print(set1));
+}
+
+TEST(PrintStlContainerTest, Pair) {
+  pair<const bool, int> p(true, 5);
+  EXPECT_EQ("(true, 5)", Print(p));
+}
+
+TEST(PrintStlContainerTest, Vector) {
+  vector<int> v;
+  v.push_back(1);
+  v.push_back(2);
+  EXPECT_EQ("{ 1, 2 }", Print(v));
+}
+
+TEST(PrintStlContainerTest, LongSequence) {
+  const int a[100] = { 1, 2, 3 };
+  const vector<int> v(a, a + 100);
+  EXPECT_EQ("{ 1, 2, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, "
+            "0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, ... }", Print(v));
+}
+
+TEST(PrintStlContainerTest, NestedContainer) {
+  const int a1[] = { 1, 2 };
+  const int a2[] = { 3, 4, 5 };
+  const list<int> l1(a1, a1 + 2);
+  const list<int> l2(a2, a2 + 3);
+
+  vector<list<int> > v;
+  v.push_back(l1);
+  v.push_back(l2);
+  EXPECT_EQ("{ { 1, 2 }, { 3, 4, 5 } }", Print(v));
+}
+
+TEST(PrintStlContainerTest, OneDimensionalNativeArray) {
+  const int a[3] = { 1, 2, 3 };
+  NativeArray<int> b(a, 3, RelationToSourceReference());
+  EXPECT_EQ("{ 1, 2, 3 }", Print(b));
+}
+
+TEST(PrintStlContainerTest, TwoDimensionalNativeArray) {
+  const int a[2][3] = { { 1, 2, 3 }, { 4, 5, 6 } };
+  NativeArray<int[3]> b(a, 2, RelationToSourceReference());
+  EXPECT_EQ("{ { 1, 2, 3 }, { 4, 5, 6 } }", Print(b));
+}
+
+// Tests that a class named iterator isn't treated as a container.
+
+struct iterator {
+  char x;
+};
+
+TEST(PrintStlContainerTest, Iterator) {
+  iterator it = {};
+  EXPECT_EQ("1-byte object <00>", Print(it));
+}
+
+// Tests that a class named const_iterator isn't treated as a container.
+
+struct const_iterator {
+  char x;
+};
+
+TEST(PrintStlContainerTest, ConstIterator) {
+  const_iterator it = {};
+  EXPECT_EQ("1-byte object <00>", Print(it));
+}
+
+#if GTEST_HAS_TR1_TUPLE
+// Tests printing ::std::tr1::tuples.
+
+// Tuples of various arities.
+TEST(PrintTr1TupleTest, VariousSizes) {
+  ::std::tr1::tuple<> t0;
+  EXPECT_EQ("()", Print(t0));
+
+  ::std::tr1::tuple<int> t1(5);
+  EXPECT_EQ("(5)", Print(t1));
+
+  ::std::tr1::tuple<char, bool> t2('a', true);
+  EXPECT_EQ("('a' (97, 0x61), true)", Print(t2));
+
+  ::std::tr1::tuple<bool, int, int> t3(false, 2, 3);
+  EXPECT_EQ("(false, 2, 3)", Print(t3));
+
+  ::std::tr1::tuple<bool, int, int, int> t4(false, 2, 3, 4);
+  EXPECT_EQ("(false, 2, 3, 4)", Print(t4));
+
+  ::std::tr1::tuple<bool, int, int, int, bool> t5(false, 2, 3, 4, true);
+  EXPECT_EQ("(false, 2, 3, 4, true)", Print(t5));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int> t6(false, 2, 3, 4, true, 6);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6)", Print(t6));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int, int> t7(
+      false, 2, 3, 4, true, 6, 7);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7)", Print(t7));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int, int, bool> t8(
+      false, 2, 3, 4, true, 6, 7, true);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true)", Print(t8));
+
+  ::std::tr1::tuple<bool, int, int, int, bool, int, int, bool, int> t9(
+      false, 2, 3, 4, true, 6, 7, true, 9);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true, 9)", Print(t9));
+
+  const char* const str = "8";
+  // VC++ 2010's implementation of tuple of C++0x is deficient, requiring
+  // an explicit type cast of NULL to be used.
+  ::std::tr1::tuple<bool, char, short, testing::internal::Int32,  // NOLINT
+      testing::internal::Int64, float, double, const char*, void*, string>
+      t10(false, 'a', 3, 4, 5, 1.5F, -2.5, str,
+          ImplicitCast_<void*>(NULL), "10");
+  EXPECT_EQ("(false, 'a' (97, 0x61), 3, 4, 5, 1.5, -2.5, " + PrintPointer(str) +
+            " pointing to \"8\", NULL, \"10\")",
+            Print(t10));
+}
+
+// Nested tuples.
+TEST(PrintTr1TupleTest, NestedTuple) {
+  ::std::tr1::tuple< ::std::tr1::tuple<int, bool>, char> nested(
+      ::std::tr1::make_tuple(5, true), 'a');
+  EXPECT_EQ("((5, true), 'a' (97, 0x61))", Print(nested));
+}
+
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_LANG_CXX11
+// Tests printing ::std::tuples.
+
+// Tuples of various arities.
+TEST(PrintStdTupleTest, VariousSizes) {
+  ::std::tuple<> t0;
+  EXPECT_EQ("()", Print(t0));
+
+  ::std::tuple<int> t1(5);
+  EXPECT_EQ("(5)", Print(t1));
+
+  ::std::tuple<char, bool> t2('a', true);
+  EXPECT_EQ("('a' (97, 0x61), true)", Print(t2));
+
+  ::std::tuple<bool, int, int> t3(false, 2, 3);
+  EXPECT_EQ("(false, 2, 3)", Print(t3));
+
+  ::std::tuple<bool, int, int, int> t4(false, 2, 3, 4);
+  EXPECT_EQ("(false, 2, 3, 4)", Print(t4));
+
+  ::std::tuple<bool, int, int, int, bool> t5(false, 2, 3, 4, true);
+  EXPECT_EQ("(false, 2, 3, 4, true)", Print(t5));
+
+  ::std::tuple<bool, int, int, int, bool, int> t6(false, 2, 3, 4, true, 6);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6)", Print(t6));
+
+  ::std::tuple<bool, int, int, int, bool, int, int> t7(
+      false, 2, 3, 4, true, 6, 7);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7)", Print(t7));
+
+  ::std::tuple<bool, int, int, int, bool, int, int, bool> t8(
+      false, 2, 3, 4, true, 6, 7, true);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true)", Print(t8));
+
+  ::std::tuple<bool, int, int, int, bool, int, int, bool, int> t9(
+      false, 2, 3, 4, true, 6, 7, true, 9);
+  EXPECT_EQ("(false, 2, 3, 4, true, 6, 7, true, 9)", Print(t9));
+
+  const char* const str = "8";
+  // VC++ 2010's implementation of tuple of C++0x is deficient, requiring
+  // an explicit type cast of NULL to be used.
+  ::std::tuple<bool, char, short, testing::internal::Int32,  // NOLINT
+      testing::internal::Int64, float, double, const char*, void*, string>
+      t10(false, 'a', 3, 4, 5, 1.5F, -2.5, str,
+          ImplicitCast_<void*>(NULL), "10");
+  EXPECT_EQ("(false, 'a' (97, 0x61), 3, 4, 5, 1.5, -2.5, " + PrintPointer(str) +
+            " pointing to \"8\", NULL, \"10\")",
+            Print(t10));
+}
+
+// Nested tuples.
+TEST(PrintStdTupleTest, NestedTuple) {
+  ::std::tuple< ::std::tuple<int, bool>, char> nested(
+      ::std::make_tuple(5, true), 'a');
+  EXPECT_EQ("((5, true), 'a' (97, 0x61))", Print(nested));
+}
+
+#endif  // GTEST_LANG_CXX11
+
+// Tests printing user-defined unprintable types.
+
+// Unprintable types in the global namespace.
+TEST(PrintUnprintableTypeTest, InGlobalNamespace) {
+  EXPECT_EQ("1-byte object <00>",
+            Print(UnprintableTemplateInGlobal<char>()));
+}
+
+// Unprintable types in a user namespace.
+TEST(PrintUnprintableTypeTest, InUserNamespace) {
+  EXPECT_EQ("16-byte object <EF-12 00-00 34-AB 00-00 00-00 00-00 00-00 00-00>",
+            Print(::foo::UnprintableInFoo()));
+}
+
+// Unprintable types are that too big to be printed completely.
+
+struct Big {
+  Big() { memset(array, 0, sizeof(array)); }
+  char array[257];
+};
+
+TEST(PrintUnpritableTypeTest, BigObject) {
+  EXPECT_EQ("257-byte object <00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 ... 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 "
+            "00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00>",
+            Print(Big()));
+}
+
+// Tests printing user-defined streamable types.
+
+// Streamable types in the global namespace.
+TEST(PrintStreamableTypeTest, InGlobalNamespace) {
+  StreamableInGlobal x;
+  EXPECT_EQ("StreamableInGlobal", Print(x));
+  EXPECT_EQ("StreamableInGlobal*", Print(&x));
+}
+
+// Printable template types in a user namespace.
+TEST(PrintStreamableTypeTest, TemplateTypeInUserNamespace) {
+  EXPECT_EQ("StreamableTemplateInFoo: 0",
+            Print(::foo::StreamableTemplateInFoo<int>()));
+}
+
+// Tests printing user-defined types that have a PrintTo() function.
+TEST(PrintPrintableTypeTest, InUserNamespace) {
+  EXPECT_EQ("PrintableViaPrintTo: 0",
+            Print(::foo::PrintableViaPrintTo()));
+}
+
+// Tests printing a pointer to a user-defined type that has a <<
+// operator for its pointer.
+TEST(PrintPrintableTypeTest, PointerInUserNamespace) {
+  ::foo::PointerPrintable x;
+  EXPECT_EQ("PointerPrintable*", Print(&x));
+}
+
+// Tests printing user-defined class template that have a PrintTo() function.
+TEST(PrintPrintableTypeTest, TemplateInUserNamespace) {
+  EXPECT_EQ("PrintableViaPrintToTemplate: 5",
+            Print(::foo::PrintableViaPrintToTemplate<int>(5)));
+}
+
+#if GTEST_HAS_PROTOBUF_
+
+// Tests printing a short proto2 message.
+TEST(PrintProto2MessageTest, PrintsShortDebugStringWhenItIsShort) {
+  testing::internal::FooMessage msg;
+  msg.set_int_field(2);
+  msg.set_string_field("hello");
+  EXPECT_PRED2(RE::FullMatch, Print(msg),
+               "<int_field:\\s*2\\s+string_field:\\s*\"hello\">");
+}
+
+// Tests printing a long proto2 message.
+TEST(PrintProto2MessageTest, PrintsDebugStringWhenItIsLong) {
+  testing::internal::FooMessage msg;
+  msg.set_int_field(2);
+  msg.set_string_field("hello");
+  msg.add_names("peter");
+  msg.add_names("paul");
+  msg.add_names("mary");
+  EXPECT_PRED2(RE::FullMatch, Print(msg),
+               "<\n"
+               "int_field:\\s*2\n"
+               "string_field:\\s*\"hello\"\n"
+               "names:\\s*\"peter\"\n"
+               "names:\\s*\"paul\"\n"
+               "names:\\s*\"mary\"\n"
+               ">");
+}
+
+#endif  // GTEST_HAS_PROTOBUF_
+
+// Tests that the universal printer prints both the address and the
+// value of a reference.
+TEST(PrintReferenceTest, PrintsAddressAndValue) {
+  int n = 5;
+  EXPECT_EQ("@" + PrintPointer(&n) + " 5", PrintByRef(n));
+
+  int a[2][3] = {
+    { 0, 1, 2 },
+    { 3, 4, 5 }
+  };
+  EXPECT_EQ("@" + PrintPointer(a) + " { { 0, 1, 2 }, { 3, 4, 5 } }",
+            PrintByRef(a));
+
+  const ::foo::UnprintableInFoo x;
+  EXPECT_EQ("@" + PrintPointer(&x) + " 16-byte object "
+            "<EF-12 00-00 34-AB 00-00 00-00 00-00 00-00 00-00>",
+            PrintByRef(x));
+}
+
+// Tests that the universal printer prints a function pointer passed by
+// reference.
+TEST(PrintReferenceTest, HandlesFunctionPointer) {
+  void (*fp)(int n) = &MyFunction;
+  const string fp_pointer_string =
+      PrintPointer(reinterpret_cast<const void*>(&fp));
+  // We cannot directly cast &MyFunction to const void* because the
+  // standard disallows casting between pointers to functions and
+  // pointers to objects, and some compilers (e.g. GCC 3.4) enforce
+  // this limitation.
+  const string fp_string = PrintPointer(reinterpret_cast<const void*>(
+      reinterpret_cast<internal::BiggestInt>(fp)));
+  EXPECT_EQ("@" + fp_pointer_string + " " + fp_string,
+            PrintByRef(fp));
+}
+
+// Tests that the universal printer prints a member function pointer
+// passed by reference.
+TEST(PrintReferenceTest, HandlesMemberFunctionPointer) {
+  int (Foo::*p)(char ch) = &Foo::MyMethod;
+  EXPECT_TRUE(HasPrefix(
+      PrintByRef(p),
+      "@" + PrintPointer(reinterpret_cast<const void*>(&p)) + " " +
+          Print(sizeof(p)) + "-byte object "));
+
+  char (Foo::*p2)(int n) = &Foo::MyVirtualMethod;
+  EXPECT_TRUE(HasPrefix(
+      PrintByRef(p2),
+      "@" + PrintPointer(reinterpret_cast<const void*>(&p2)) + " " +
+          Print(sizeof(p2)) + "-byte object "));
+}
+
+// Tests that the universal printer prints a member variable pointer
+// passed by reference.
+TEST(PrintReferenceTest, HandlesMemberVariablePointer) {
+  int (Foo::*p) = &Foo::value;  // NOLINT
+  EXPECT_TRUE(HasPrefix(
+      PrintByRef(p),
+      "@" + PrintPointer(&p) + " " + Print(sizeof(p)) + "-byte object "));
+}
+
+// Tests that FormatForComparisonFailureMessage(), which is used to print
+// an operand in a comparison assertion (e.g. ASSERT_EQ) when the assertion
+// fails, formats the operand in the desired way.
+
+// scalar
+TEST(FormatForComparisonFailureMessageTest, WorksForScalar) {
+  EXPECT_STREQ("123",
+               FormatForComparisonFailureMessage(123, 124).c_str());
+}
+
+// non-char pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForNonCharPointer) {
+  int n = 0;
+  EXPECT_EQ(PrintPointer(&n),
+            FormatForComparisonFailureMessage(&n, &n).c_str());
+}
+
+// non-char array
+TEST(FormatForComparisonFailureMessageTest, FormatsNonCharArrayAsPointer) {
+  // In expression 'array == x', 'array' is compared by pointer.
+  // Therefore we want to print an array operand as a pointer.
+  int n[] = { 1, 2, 3 };
+  EXPECT_EQ(PrintPointer(n),
+            FormatForComparisonFailureMessage(n, n).c_str());
+}
+
+// Tests formatting a char pointer when it's compared with another pointer.
+// In this case we want to print it as a raw pointer, as the comparision is by
+// pointer.
+
+// char pointer vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForCharPointerVsPointer) {
+  // In expression 'p == x', where 'p' and 'x' are (const or not) char
+  // pointers, the operands are compared by pointer.  Therefore we
+  // want to print 'p' as a pointer instead of a C string (we don't
+  // even know if it's supposed to point to a valid C string).
+
+  // const char*
+  const char* s = "hello";
+  EXPECT_EQ(PrintPointer(s),
+            FormatForComparisonFailureMessage(s, s).c_str());
+
+  // char*
+  char ch = 'a';
+  EXPECT_EQ(PrintPointer(&ch),
+            FormatForComparisonFailureMessage(&ch, &ch).c_str());
+}
+
+// wchar_t pointer vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharPointerVsPointer) {
+  // In expression 'p == x', where 'p' and 'x' are (const or not) char
+  // pointers, the operands are compared by pointer.  Therefore we
+  // want to print 'p' as a pointer instead of a wide C string (we don't
+  // even know if it's supposed to point to a valid wide C string).
+
+  // const wchar_t*
+  const wchar_t* s = L"hello";
+  EXPECT_EQ(PrintPointer(s),
+            FormatForComparisonFailureMessage(s, s).c_str());
+
+  // wchar_t*
+  wchar_t ch = L'a';
+  EXPECT_EQ(PrintPointer(&ch),
+            FormatForComparisonFailureMessage(&ch, &ch).c_str());
+}
+
+// Tests formatting a char pointer when it's compared to a string object.
+// In this case we want to print the char pointer as a C string.
+
+#if GTEST_HAS_GLOBAL_STRING
+// char pointer vs ::string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharPointerVsString) {
+  const char* s = "hello \"world";
+  EXPECT_STREQ("\"hello \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::string()).c_str());
+
+  // char*
+  char str[] = "hi\1";
+  char* p = str;
+  EXPECT_STREQ("\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::string()).c_str());
+}
+#endif
+
+// char pointer vs std::string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharPointerVsStdString) {
+  const char* s = "hello \"world";
+  EXPECT_STREQ("\"hello \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::std::string()).c_str());
+
+  // char*
+  char str[] = "hi\1";
+  char* p = str;
+  EXPECT_STREQ("\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::std::string()).c_str());
+}
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// wchar_t pointer vs ::wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharPointerVsWString) {
+  const wchar_t* s = L"hi \"world";
+  EXPECT_STREQ("L\"hi \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::wstring()).c_str());
+
+  // wchar_t*
+  wchar_t str[] = L"hi\1";
+  wchar_t* p = str;
+  EXPECT_STREQ("L\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::wstring()).c_str());
+}
+#endif
+
+#if GTEST_HAS_STD_WSTRING
+// wchar_t pointer vs std::wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharPointerVsStdWString) {
+  const wchar_t* s = L"hi \"world";
+  EXPECT_STREQ("L\"hi \\\"world\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(s, ::std::wstring()).c_str());
+
+  // wchar_t*
+  wchar_t str[] = L"hi\1";
+  wchar_t* p = str;
+  EXPECT_STREQ("L\"hi\\x1\"",  // The string content should be escaped.
+               FormatForComparisonFailureMessage(p, ::std::wstring()).c_str());
+}
+#endif
+
+// Tests formatting a char array when it's compared with a pointer or array.
+// In this case we want to print the array as a row pointer, as the comparison
+// is by pointer.
+
+// char array vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsPointer) {
+  char str[] = "hi \"world\"";
+  char* p = NULL;
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, p).c_str());
+}
+
+// char array vs char array
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsCharArray) {
+  const char str[] = "hi \"world\"";
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, str).c_str());
+}
+
+// wchar_t array vs pointer
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsPointer) {
+  wchar_t str[] = L"hi \"world\"";
+  wchar_t* p = NULL;
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, p).c_str());
+}
+
+// wchar_t array vs wchar_t array
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsWCharArray) {
+  const wchar_t str[] = L"hi \"world\"";
+  EXPECT_EQ(PrintPointer(str),
+            FormatForComparisonFailureMessage(str, str).c_str());
+}
+
+// Tests formatting a char array when it's compared with a string object.
+// In this case we want to print the array as a C string.
+
+#if GTEST_HAS_GLOBAL_STRING
+// char array vs string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsString) {
+  const char str[] = "hi \"w\0rld\"";
+  EXPECT_STREQ("\"hi \\\"w\"",  // The content should be escaped.
+                                // Embedded NUL terminates the string.
+               FormatForComparisonFailureMessage(str, ::string()).c_str());
+}
+#endif
+
+// char array vs std::string
+TEST(FormatForComparisonFailureMessageTest, WorksForCharArrayVsStdString) {
+  const char str[] = "hi \"world\"";
+  EXPECT_STREQ("\"hi \\\"world\\\"\"",  // The content should be escaped.
+               FormatForComparisonFailureMessage(str, ::std::string()).c_str());
+}
+
+#if GTEST_HAS_GLOBAL_WSTRING
+// wchar_t array vs wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsWString) {
+  const wchar_t str[] = L"hi \"world\"";
+  EXPECT_STREQ("L\"hi \\\"world\\\"\"",  // The content should be escaped.
+               FormatForComparisonFailureMessage(str, ::wstring()).c_str());
+}
+#endif
+
+#if GTEST_HAS_STD_WSTRING
+// wchar_t array vs std::wstring
+TEST(FormatForComparisonFailureMessageTest, WorksForWCharArrayVsStdWString) {
+  const wchar_t str[] = L"hi \"w\0rld\"";
+  EXPECT_STREQ(
+      "L\"hi \\\"w\"",  // The content should be escaped.
+                        // Embedded NUL terminates the string.
+      FormatForComparisonFailureMessage(str, ::std::wstring()).c_str());
+}
+#endif
+
+// Useful for testing PrintToString().  We cannot use EXPECT_EQ()
+// there as its implementation uses PrintToString().  The caller must
+// ensure that 'value' has no side effect.
+#define EXPECT_PRINT_TO_STRING_(value, expected_string)         \
+  EXPECT_TRUE(PrintToString(value) == (expected_string))        \
+      << " where " #value " prints as " << (PrintToString(value))
+
+TEST(PrintToStringTest, WorksForScalar) {
+  EXPECT_PRINT_TO_STRING_(123, "123");
+}
+
+TEST(PrintToStringTest, WorksForPointerToConstChar) {
+  const char* p = "hello";
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\"");
+}
+
+TEST(PrintToStringTest, WorksForPointerToNonConstChar) {
+  char s[] = "hello";
+  char* p = s;
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\"");
+}
+
+TEST(PrintToStringTest, EscapesForPointerToConstChar) {
+  const char* p = "hello\n";
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\\n\"");
+}
+
+TEST(PrintToStringTest, EscapesForPointerToNonConstChar) {
+  char s[] = "hello\1";
+  char* p = s;
+  EXPECT_PRINT_TO_STRING_(p, "\"hello\\x1\"");
+}
+
+TEST(PrintToStringTest, WorksForArray) {
+  int n[3] = { 1, 2, 3 };
+  EXPECT_PRINT_TO_STRING_(n, "{ 1, 2, 3 }");
+}
+
+TEST(PrintToStringTest, WorksForCharArray) {
+  char s[] = "hello";
+  EXPECT_PRINT_TO_STRING_(s, "\"hello\"");
+}
+
+TEST(PrintToStringTest, WorksForCharArrayWithEmbeddedNul) {
+  const char str_with_nul[] = "hello\0 world";
+  EXPECT_PRINT_TO_STRING_(str_with_nul, "\"hello\\0 world\"");
+
+  char mutable_str_with_nul[] = "hello\0 world";
+  EXPECT_PRINT_TO_STRING_(mutable_str_with_nul, "\"hello\\0 world\"");
+}
+
+#undef EXPECT_PRINT_TO_STRING_
+
+TEST(UniversalTersePrintTest, WorksForNonReference) {
+  ::std::stringstream ss;
+  UniversalTersePrint(123, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalTersePrintTest, WorksForReference) {
+  const int& n = 123;
+  ::std::stringstream ss;
+  UniversalTersePrint(n, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalTersePrintTest, WorksForCString) {
+  const char* s1 = "abc";
+  ::std::stringstream ss1;
+  UniversalTersePrint(s1, &ss1);
+  EXPECT_EQ("\"abc\"", ss1.str());
+
+  char* s2 = const_cast<char*>(s1);
+  ::std::stringstream ss2;
+  UniversalTersePrint(s2, &ss2);
+  EXPECT_EQ("\"abc\"", ss2.str());
+
+  const char* s3 = NULL;
+  ::std::stringstream ss3;
+  UniversalTersePrint(s3, &ss3);
+  EXPECT_EQ("NULL", ss3.str());
+}
+
+TEST(UniversalPrintTest, WorksForNonReference) {
+  ::std::stringstream ss;
+  UniversalPrint(123, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalPrintTest, WorksForReference) {
+  const int& n = 123;
+  ::std::stringstream ss;
+  UniversalPrint(n, &ss);
+  EXPECT_EQ("123", ss.str());
+}
+
+TEST(UniversalPrintTest, WorksForCString) {
+  const char* s1 = "abc";
+  ::std::stringstream ss1;
+  UniversalPrint(s1, &ss1);
+  EXPECT_EQ(PrintPointer(s1) + " pointing to \"abc\"", string(ss1.str()));
+
+  char* s2 = const_cast<char*>(s1);
+  ::std::stringstream ss2;
+  UniversalPrint(s2, &ss2);
+  EXPECT_EQ(PrintPointer(s2) + " pointing to \"abc\"", string(ss2.str()));
+
+  const char* s3 = NULL;
+  ::std::stringstream ss3;
+  UniversalPrint(s3, &ss3);
+  EXPECT_EQ("NULL", ss3.str());
+}
+
+TEST(UniversalPrintTest, WorksForCharArray) {
+  const char str[] = "\"Line\0 1\"\nLine 2";
+  ::std::stringstream ss1;
+  UniversalPrint(str, &ss1);
+  EXPECT_EQ("\"\\\"Line\\0 1\\\"\\nLine 2\"", ss1.str());
+
+  const char mutable_str[] = "\"Line\0 1\"\nLine 2";
+  ::std::stringstream ss2;
+  UniversalPrint(mutable_str, &ss2);
+  EXPECT_EQ("\"\\\"Line\\0 1\\\"\\nLine 2\"", ss2.str());
+}
+
+#if GTEST_HAS_TR1_TUPLE
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsEmptyTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::make_tuple());
+  EXPECT_EQ(0u, result.size());
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsOneTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::make_tuple(1));
+  ASSERT_EQ(1u, result.size());
+  EXPECT_EQ("1", result[0]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsTwoTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::make_tuple(1, 'a'));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("'a' (97, 0x61)", result[1]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithTr1, PrintsTersely) {
+  const int n = 1;
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tr1::tuple<const int&, const char*>(n, "a"));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("\"a\"", result[1]);
+}
+
+#endif  // GTEST_HAS_TR1_TUPLE
+
+#if GTEST_HAS_STD_TUPLE_
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsEmptyTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(::std::make_tuple());
+  EXPECT_EQ(0u, result.size());
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsOneTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::make_tuple(1));
+  ASSERT_EQ(1u, result.size());
+  EXPECT_EQ("1", result[0]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsTwoTuple) {
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::make_tuple(1, 'a'));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("'a' (97, 0x61)", result[1]);
+}
+
+TEST(UniversalTersePrintTupleFieldsToStringsTestWithStd, PrintsTersely) {
+  const int n = 1;
+  Strings result = UniversalTersePrintTupleFieldsToStrings(
+      ::std::tuple<const int&, const char*>(n, "a"));
+  ASSERT_EQ(2u, result.size());
+  EXPECT_EQ("1", result[0]);
+  EXPECT_EQ("\"a\"", result[1]);
+}
+
+#endif  // GTEST_HAS_STD_TUPLE_
+
+}  // namespace gtest_printers_test
+}  // namespace testing
+
diff --git a/nss/gtests/google_test/gtest/test/gtest-test-part_test.cc b/nss/gtests/google_test/gtest/test/gtest-test-part_test.cc
new file mode 100644
index 0000000..ca8ba93
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-test-part_test.cc
@@ -0,0 +1,208 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+
+#include "gtest/gtest-test-part.h"
+
+#include "gtest/gtest.h"
+
+using testing::Message;
+using testing::Test;
+using testing::TestPartResult;
+using testing::TestPartResultArray;
+
+namespace {
+
+// Tests the TestPartResult class.
+
+// The test fixture for testing TestPartResult.
+class TestPartResultTest : public Test {
+ protected:
+  TestPartResultTest()
+      : r1_(TestPartResult::kSuccess, "foo/bar.cc", 10, "Success!"),
+        r2_(TestPartResult::kNonFatalFailure, "foo/bar.cc", -1, "Failure!"),
+        r3_(TestPartResult::kFatalFailure, NULL, -1, "Failure!") {}
+
+  TestPartResult r1_, r2_, r3_;
+};
+
+
+TEST_F(TestPartResultTest, ConstructorWorks) {
+  Message message;
+  message << "something is terribly wrong";
+  message << static_cast<const char*>(testing::internal::kStackTraceMarker);
+  message << "some unimportant stack trace";
+
+  const TestPartResult result(TestPartResult::kNonFatalFailure,
+                              "some_file.cc",
+                              42,
+                              message.GetString().c_str());
+
+  EXPECT_EQ(TestPartResult::kNonFatalFailure, result.type());
+  EXPECT_STREQ("some_file.cc", result.file_name());
+  EXPECT_EQ(42, result.line_number());
+  EXPECT_STREQ(message.GetString().c_str(), result.message());
+  EXPECT_STREQ("something is terribly wrong", result.summary());
+}
+
+TEST_F(TestPartResultTest, ResultAccessorsWork) {
+  const TestPartResult success(TestPartResult::kSuccess,
+                               "file.cc",
+                               42,
+                               "message");
+  EXPECT_TRUE(success.passed());
+  EXPECT_FALSE(success.failed());
+  EXPECT_FALSE(success.nonfatally_failed());
+  EXPECT_FALSE(success.fatally_failed());
+
+  const TestPartResult nonfatal_failure(TestPartResult::kNonFatalFailure,
+                                        "file.cc",
+                                        42,
+                                        "message");
+  EXPECT_FALSE(nonfatal_failure.passed());
+  EXPECT_TRUE(nonfatal_failure.failed());
+  EXPECT_TRUE(nonfatal_failure.nonfatally_failed());
+  EXPECT_FALSE(nonfatal_failure.fatally_failed());
+
+  const TestPartResult fatal_failure(TestPartResult::kFatalFailure,
+                                     "file.cc",
+                                     42,
+                                     "message");
+  EXPECT_FALSE(fatal_failure.passed());
+  EXPECT_TRUE(fatal_failure.failed());
+  EXPECT_FALSE(fatal_failure.nonfatally_failed());
+  EXPECT_TRUE(fatal_failure.fatally_failed());
+}
+
+// Tests TestPartResult::type().
+TEST_F(TestPartResultTest, type) {
+  EXPECT_EQ(TestPartResult::kSuccess, r1_.type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure, r2_.type());
+  EXPECT_EQ(TestPartResult::kFatalFailure, r3_.type());
+}
+
+// Tests TestPartResult::file_name().
+TEST_F(TestPartResultTest, file_name) {
+  EXPECT_STREQ("foo/bar.cc", r1_.file_name());
+  EXPECT_STREQ(NULL, r3_.file_name());
+}
+
+// Tests TestPartResult::line_number().
+TEST_F(TestPartResultTest, line_number) {
+  EXPECT_EQ(10, r1_.line_number());
+  EXPECT_EQ(-1, r2_.line_number());
+}
+
+// Tests TestPartResult::message().
+TEST_F(TestPartResultTest, message) {
+  EXPECT_STREQ("Success!", r1_.message());
+}
+
+// Tests TestPartResult::passed().
+TEST_F(TestPartResultTest, Passed) {
+  EXPECT_TRUE(r1_.passed());
+  EXPECT_FALSE(r2_.passed());
+  EXPECT_FALSE(r3_.passed());
+}
+
+// Tests TestPartResult::failed().
+TEST_F(TestPartResultTest, Failed) {
+  EXPECT_FALSE(r1_.failed());
+  EXPECT_TRUE(r2_.failed());
+  EXPECT_TRUE(r3_.failed());
+}
+
+// Tests TestPartResult::fatally_failed().
+TEST_F(TestPartResultTest, FatallyFailed) {
+  EXPECT_FALSE(r1_.fatally_failed());
+  EXPECT_FALSE(r2_.fatally_failed());
+  EXPECT_TRUE(r3_.fatally_failed());
+}
+
+// Tests TestPartResult::nonfatally_failed().
+TEST_F(TestPartResultTest, NonfatallyFailed) {
+  EXPECT_FALSE(r1_.nonfatally_failed());
+  EXPECT_TRUE(r2_.nonfatally_failed());
+  EXPECT_FALSE(r3_.nonfatally_failed());
+}
+
+// Tests the TestPartResultArray class.
+
+class TestPartResultArrayTest : public Test {
+ protected:
+  TestPartResultArrayTest()
+      : r1_(TestPartResult::kNonFatalFailure, "foo/bar.cc", -1, "Failure 1"),
+        r2_(TestPartResult::kFatalFailure, "foo/bar.cc", -1, "Failure 2") {}
+
+  const TestPartResult r1_, r2_;
+};
+
+// Tests that TestPartResultArray initially has size 0.
+TEST_F(TestPartResultArrayTest, InitialSizeIsZero) {
+  TestPartResultArray results;
+  EXPECT_EQ(0, results.size());
+}
+
+// Tests that TestPartResultArray contains the given TestPartResult
+// after one Append() operation.
+TEST_F(TestPartResultArrayTest, ContainsGivenResultAfterAppend) {
+  TestPartResultArray results;
+  results.Append(r1_);
+  EXPECT_EQ(1, results.size());
+  EXPECT_STREQ("Failure 1", results.GetTestPartResult(0).message());
+}
+
+// Tests that TestPartResultArray contains the given TestPartResults
+// after two Append() operations.
+TEST_F(TestPartResultArrayTest, ContainsGivenResultsAfterTwoAppends) {
+  TestPartResultArray results;
+  results.Append(r1_);
+  results.Append(r2_);
+  EXPECT_EQ(2, results.size());
+  EXPECT_STREQ("Failure 1", results.GetTestPartResult(0).message());
+  EXPECT_STREQ("Failure 2", results.GetTestPartResult(1).message());
+}
+
+typedef TestPartResultArrayTest TestPartResultArrayDeathTest;
+
+// Tests that the program dies when GetTestPartResult() is called with
+// an invalid index.
+TEST_F(TestPartResultArrayDeathTest, DiesWhenIndexIsOutOfBound) {
+  TestPartResultArray results;
+  results.Append(r1_);
+
+  EXPECT_DEATH_IF_SUPPORTED(results.GetTestPartResult(-1), "");
+  EXPECT_DEATH_IF_SUPPORTED(results.GetTestPartResult(1), "");
+}
+
+// TODO(mheule@google.com): Add a test for the class HasNewFatalFailureHelper.
+
+}  // namespace
diff --git a/nss/gtests/google_test/gtest/test/gtest-tuple_test.cc b/nss/gtests/google_test/gtest/test/gtest-tuple_test.cc
new file mode 100644
index 0000000..bfaa3e0
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-tuple_test.cc
@@ -0,0 +1,320 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/internal/gtest-tuple.h"
+#include <utility>
+#include "gtest/gtest.h"
+
+namespace {
+
+using ::std::tr1::get;
+using ::std::tr1::make_tuple;
+using ::std::tr1::tuple;
+using ::std::tr1::tuple_element;
+using ::std::tr1::tuple_size;
+using ::testing::StaticAssertTypeEq;
+
+// Tests that tuple_element<K, tuple<T0, T1, ..., TN> >::type returns TK.
+TEST(tuple_element_Test, ReturnsElementType) {
+  StaticAssertTypeEq<int, tuple_element<0, tuple<int, char> >::type>();
+  StaticAssertTypeEq<int&, tuple_element<1, tuple<double, int&> >::type>();
+  StaticAssertTypeEq<bool, tuple_element<2, tuple<double, int, bool> >::type>();
+}
+
+// Tests that tuple_size<T>::value gives the number of fields in tuple
+// type T.
+TEST(tuple_size_Test, ReturnsNumberOfFields) {
+  EXPECT_EQ(0, +tuple_size<tuple<> >::value);
+  EXPECT_EQ(1, +tuple_size<tuple<void*> >::value);
+  EXPECT_EQ(1, +tuple_size<tuple<char> >::value);
+  EXPECT_EQ(1, +(tuple_size<tuple<tuple<int, double> > >::value));
+  EXPECT_EQ(2, +(tuple_size<tuple<int&, const char> >::value));
+  EXPECT_EQ(3, +(tuple_size<tuple<char*, void, const bool&> >::value));
+}
+
+// Tests comparing a tuple with itself.
+TEST(ComparisonTest, ComparesWithSelf) {
+  const tuple<int, char, bool> a(5, 'a', false);
+
+  EXPECT_TRUE(a == a);
+  EXPECT_FALSE(a != a);
+}
+
+// Tests comparing two tuples with the same value.
+TEST(ComparisonTest, ComparesEqualTuples) {
+  const tuple<int, bool> a(5, true), b(5, true);
+
+  EXPECT_TRUE(a == b);
+  EXPECT_FALSE(a != b);
+}
+
+// Tests comparing two different tuples that have no reference fields.
+TEST(ComparisonTest, ComparesUnequalTuplesWithoutReferenceFields) {
+  typedef tuple<const int, char> FooTuple;
+
+  const FooTuple a(0, 'x');
+  const FooTuple b(1, 'a');
+
+  EXPECT_TRUE(a != b);
+  EXPECT_FALSE(a == b);
+
+  const FooTuple c(1, 'b');
+
+  EXPECT_TRUE(b != c);
+  EXPECT_FALSE(b == c);
+}
+
+// Tests comparing two different tuples that have reference fields.
+TEST(ComparisonTest, ComparesUnequalTuplesWithReferenceFields) {
+  typedef tuple<int&, const char&> FooTuple;
+
+  int i = 5;
+  const char ch = 'a';
+  const FooTuple a(i, ch);
+
+  int j = 6;
+  const FooTuple b(j, ch);
+
+  EXPECT_TRUE(a != b);
+  EXPECT_FALSE(a == b);
+
+  j = 5;
+  const char ch2 = 'b';
+  const FooTuple c(j, ch2);
+
+  EXPECT_TRUE(b != c);
+  EXPECT_FALSE(b == c);
+}
+
+// Tests that a tuple field with a reference type is an alias of the
+// variable it's supposed to reference.
+TEST(ReferenceFieldTest, IsAliasOfReferencedVariable) {
+  int n = 0;
+  tuple<bool, int&> t(true, n);
+
+  n = 1;
+  EXPECT_EQ(n, get<1>(t))
+      << "Changing a underlying variable should update the reference field.";
+
+  // Makes sure that the implementation doesn't do anything funny with
+  // the & operator for the return type of get<>().
+  EXPECT_EQ(&n, &(get<1>(t)))
+      << "The address of a reference field should equal the address of "
+      << "the underlying variable.";
+
+  get<1>(t) = 2;
+  EXPECT_EQ(2, n)
+      << "Changing a reference field should update the underlying variable.";
+}
+
+// Tests that tuple's default constructor default initializes each field.
+// This test needs to compile without generating warnings.
+TEST(TupleConstructorTest, DefaultConstructorDefaultInitializesEachField) {
+  // The TR1 report requires that tuple's default constructor default
+  // initializes each field, even if it's a primitive type.  If the
+  // implementation forgets to do this, this test will catch it by
+  // generating warnings about using uninitialized variables (assuming
+  // a decent compiler).
+
+  tuple<> empty;
+
+  tuple<int> a1, b1;
+  b1 = a1;
+  EXPECT_EQ(0, get<0>(b1));
+
+  tuple<int, double> a2, b2;
+  b2 = a2;
+  EXPECT_EQ(0, get<0>(b2));
+  EXPECT_EQ(0.0, get<1>(b2));
+
+  tuple<double, char, bool*> a3, b3;
+  b3 = a3;
+  EXPECT_EQ(0.0, get<0>(b3));
+  EXPECT_EQ('\0', get<1>(b3));
+  EXPECT_TRUE(get<2>(b3) == NULL);
+
+  tuple<int, int, int, int, int, int, int, int, int, int> a10, b10;
+  b10 = a10;
+  EXPECT_EQ(0, get<0>(b10));
+  EXPECT_EQ(0, get<1>(b10));
+  EXPECT_EQ(0, get<2>(b10));
+  EXPECT_EQ(0, get<3>(b10));
+  EXPECT_EQ(0, get<4>(b10));
+  EXPECT_EQ(0, get<5>(b10));
+  EXPECT_EQ(0, get<6>(b10));
+  EXPECT_EQ(0, get<7>(b10));
+  EXPECT_EQ(0, get<8>(b10));
+  EXPECT_EQ(0, get<9>(b10));
+}
+
+// Tests constructing a tuple from its fields.
+TEST(TupleConstructorTest, ConstructsFromFields) {
+  int n = 1;
+  // Reference field.
+  tuple<int&> a(n);
+  EXPECT_EQ(&n, &(get<0>(a)));
+
+  // Non-reference fields.
+  tuple<int, char> b(5, 'a');
+  EXPECT_EQ(5, get<0>(b));
+  EXPECT_EQ('a', get<1>(b));
+
+  // Const reference field.
+  const int m = 2;
+  tuple<bool, const int&> c(true, m);
+  EXPECT_TRUE(get<0>(c));
+  EXPECT_EQ(&m, &(get<1>(c)));
+}
+
+// Tests tuple's copy constructor.
+TEST(TupleConstructorTest, CopyConstructor) {
+  tuple<double, bool> a(0.0, true);
+  tuple<double, bool> b(a);
+
+  EXPECT_DOUBLE_EQ(0.0, get<0>(b));
+  EXPECT_TRUE(get<1>(b));
+}
+
+// Tests constructing a tuple from another tuple that has a compatible
+// but different type.
+TEST(TupleConstructorTest, ConstructsFromDifferentTupleType) {
+  tuple<int, int, char> a(0, 1, 'a');
+  tuple<double, long, int> b(a);
+
+  EXPECT_DOUBLE_EQ(0.0, get<0>(b));
+  EXPECT_EQ(1, get<1>(b));
+  EXPECT_EQ('a', get<2>(b));
+}
+
+// Tests constructing a 2-tuple from an std::pair.
+TEST(TupleConstructorTest, ConstructsFromPair) {
+  ::std::pair<int, char> a(1, 'a');
+  tuple<int, char> b(a);
+  tuple<int, const char&> c(a);
+}
+
+// Tests assigning a tuple to another tuple with the same type.
+TEST(TupleAssignmentTest, AssignsToSameTupleType) {
+  const tuple<int, long> a(5, 7L);
+  tuple<int, long> b;
+  b = a;
+  EXPECT_EQ(5, get<0>(b));
+  EXPECT_EQ(7L, get<1>(b));
+}
+
+// Tests assigning a tuple to another tuple with a different but
+// compatible type.
+TEST(TupleAssignmentTest, AssignsToDifferentTupleType) {
+  const tuple<int, long, bool> a(1, 7L, true);
+  tuple<long, int, bool> b;
+  b = a;
+  EXPECT_EQ(1L, get<0>(b));
+  EXPECT_EQ(7, get<1>(b));
+  EXPECT_TRUE(get<2>(b));
+}
+
+// Tests assigning an std::pair to a 2-tuple.
+TEST(TupleAssignmentTest, AssignsFromPair) {
+  const ::std::pair<int, bool> a(5, true);
+  tuple<int, bool> b;
+  b = a;
+  EXPECT_EQ(5, get<0>(b));
+  EXPECT_TRUE(get<1>(b));
+
+  tuple<long, bool> c;
+  c = a;
+  EXPECT_EQ(5L, get<0>(c));
+  EXPECT_TRUE(get<1>(c));
+}
+
+// A fixture for testing big tuples.
+class BigTupleTest : public testing::Test {
+ protected:
+  typedef tuple<int, int, int, int, int, int, int, int, int, int> BigTuple;
+
+  BigTupleTest() :
+      a_(1, 0, 0, 0, 0, 0, 0, 0, 0, 2),
+      b_(1, 0, 0, 0, 0, 0, 0, 0, 0, 3) {}
+
+  BigTuple a_, b_;
+};
+
+// Tests constructing big tuples.
+TEST_F(BigTupleTest, Construction) {
+  BigTuple a;
+  BigTuple b(b_);
+}
+
+// Tests that get<N>(t) returns the N-th (0-based) field of tuple t.
+TEST_F(BigTupleTest, get) {
+  EXPECT_EQ(1, get<0>(a_));
+  EXPECT_EQ(2, get<9>(a_));
+
+  // Tests that get() works on a const tuple too.
+  const BigTuple a(a_);
+  EXPECT_EQ(1, get<0>(a));
+  EXPECT_EQ(2, get<9>(a));
+}
+
+// Tests comparing big tuples.
+TEST_F(BigTupleTest, Comparisons) {
+  EXPECT_TRUE(a_ == a_);
+  EXPECT_FALSE(a_ != a_);
+
+  EXPECT_TRUE(a_ != b_);
+  EXPECT_FALSE(a_ == b_);
+}
+
+TEST(MakeTupleTest, WorksForScalarTypes) {
+  tuple<bool, int> a;
+  a = make_tuple(true, 5);
+  EXPECT_TRUE(get<0>(a));
+  EXPECT_EQ(5, get<1>(a));
+
+  tuple<char, int, long> b;
+  b = make_tuple('a', 'b', 5);
+  EXPECT_EQ('a', get<0>(b));
+  EXPECT_EQ('b', get<1>(b));
+  EXPECT_EQ(5, get<2>(b));
+}
+
+TEST(MakeTupleTest, WorksForPointers) {
+  int a[] = { 1, 2, 3, 4 };
+  const char* const str = "hi";
+  int* const p = a;
+
+  tuple<const char*, int*> t;
+  t = make_tuple(str, p);
+  EXPECT_EQ(str, get<0>(t));
+  EXPECT_EQ(p, get<1>(t));
+}
+
+}  // namespace
diff --git a/nss/gtests/google_test/gtest/test/gtest-typed-test2_test.cc b/nss/gtests/google_test/gtest/test/gtest-typed-test2_test.cc
new file mode 100644
index 0000000..c284700
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-typed-test2_test.cc
@@ -0,0 +1,45 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include <vector>
+
+#include "test/gtest-typed-test_test.h"
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_TYPED_TEST_P
+
+// Tests that the same type-parameterized test case can be
+// instantiated in different translation units linked together.
+// (ContainerTest is also instantiated in gtest-typed-test_test.cc.)
+INSTANTIATE_TYPED_TEST_CASE_P(Vector, ContainerTest,
+                              testing::Types<std::vector<int> >);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
diff --git a/nss/gtests/google_test/gtest/test/gtest-typed-test_test.cc b/nss/gtests/google_test/gtest/test/gtest-typed-test_test.cc
new file mode 100644
index 0000000..c3e66c2
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-typed-test_test.cc
@@ -0,0 +1,361 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "test/gtest-typed-test_test.h"
+
+#include <set>
+#include <vector>
+
+#include "gtest/gtest.h"
+
+using testing::Test;
+
+// Used for testing that SetUpTestCase()/TearDownTestCase(), fixture
+// ctor/dtor, and SetUp()/TearDown() work correctly in typed tests and
+// type-parameterized test.
+template <typename T>
+class CommonTest : public Test {
+  // For some technical reason, SetUpTestCase() and TearDownTestCase()
+  // must be public.
+ public:
+  static void SetUpTestCase() {
+    shared_ = new T(5);
+  }
+
+  static void TearDownTestCase() {
+    delete shared_;
+    shared_ = NULL;
+  }
+
+  // This 'protected:' is optional.  There's no harm in making all
+  // members of this fixture class template public.
+ protected:
+  // We used to use std::list here, but switched to std::vector since
+  // MSVC's <list> doesn't compile cleanly with /W4.
+  typedef std::vector<T> Vector;
+  typedef std::set<int> IntSet;
+
+  CommonTest() : value_(1) {}
+
+  virtual ~CommonTest() { EXPECT_EQ(3, value_); }
+
+  virtual void SetUp() {
+    EXPECT_EQ(1, value_);
+    value_++;
+  }
+
+  virtual void TearDown() {
+    EXPECT_EQ(2, value_);
+    value_++;
+  }
+
+  T value_;
+  static T* shared_;
+};
+
+template <typename T>
+T* CommonTest<T>::shared_ = NULL;
+
+// This #ifdef block tests typed tests.
+#if GTEST_HAS_TYPED_TEST
+
+using testing::Types;
+
+// Tests that SetUpTestCase()/TearDownTestCase(), fixture ctor/dtor,
+// and SetUp()/TearDown() work correctly in typed tests
+
+typedef Types<char, int> TwoTypes;
+TYPED_TEST_CASE(CommonTest, TwoTypes);
+
+TYPED_TEST(CommonTest, ValuesAreCorrect) {
+  // Static members of the fixture class template can be visited via
+  // the TestFixture:: prefix.
+  EXPECT_EQ(5, *TestFixture::shared_);
+
+  // Typedefs in the fixture class template can be visited via the
+  // "typename TestFixture::" prefix.
+  typename TestFixture::Vector empty;
+  EXPECT_EQ(0U, empty.size());
+
+  typename TestFixture::IntSet empty2;
+  EXPECT_EQ(0U, empty2.size());
+
+  // Non-static members of the fixture class must be visited via
+  // 'this', as required by C++ for class templates.
+  EXPECT_EQ(2, this->value_);
+}
+
+// The second test makes sure shared_ is not deleted after the first
+// test.
+TYPED_TEST(CommonTest, ValuesAreStillCorrect) {
+  // Static members of the fixture class template can also be visited
+  // via 'this'.
+  ASSERT_TRUE(this->shared_ != NULL);
+  EXPECT_EQ(5, *this->shared_);
+
+  // TypeParam can be used to refer to the type parameter.
+  EXPECT_EQ(static_cast<TypeParam>(2), this->value_);
+}
+
+// Tests that multiple TYPED_TEST_CASE's can be defined in the same
+// translation unit.
+
+template <typename T>
+class TypedTest1 : public Test {
+};
+
+// Verifies that the second argument of TYPED_TEST_CASE can be a
+// single type.
+TYPED_TEST_CASE(TypedTest1, int);
+TYPED_TEST(TypedTest1, A) {}
+
+template <typename T>
+class TypedTest2 : public Test {
+};
+
+// Verifies that the second argument of TYPED_TEST_CASE can be a
+// Types<...> type list.
+TYPED_TEST_CASE(TypedTest2, Types<int>);
+
+// This also verifies that tests from different typed test cases can
+// share the same name.
+TYPED_TEST(TypedTest2, A) {}
+
+// Tests that a typed test case can be defined in a namespace.
+
+namespace library1 {
+
+template <typename T>
+class NumericTest : public Test {
+};
+
+typedef Types<int, long> NumericTypes;
+TYPED_TEST_CASE(NumericTest, NumericTypes);
+
+TYPED_TEST(NumericTest, DefaultIsZero) {
+  EXPECT_EQ(0, TypeParam());
+}
+
+}  // namespace library1
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// This #ifdef block tests type-parameterized tests.
+#if GTEST_HAS_TYPED_TEST_P
+
+using testing::Types;
+using testing::internal::TypedTestCasePState;
+
+// Tests TypedTestCasePState.
+
+class TypedTestCasePStateTest : public Test {
+ protected:
+  virtual void SetUp() {
+    state_.AddTestName("foo.cc", 0, "FooTest", "A");
+    state_.AddTestName("foo.cc", 0, "FooTest", "B");
+    state_.AddTestName("foo.cc", 0, "FooTest", "C");
+  }
+
+  TypedTestCasePState state_;
+};
+
+TEST_F(TypedTestCasePStateTest, SucceedsForMatchingList) {
+  const char* tests = "A, B, C";
+  EXPECT_EQ(tests,
+            state_.VerifyRegisteredTestNames("foo.cc", 1, tests));
+}
+
+// Makes sure that the order of the tests and spaces around the names
+// don't matter.
+TEST_F(TypedTestCasePStateTest, IgnoresOrderAndSpaces) {
+  const char* tests = "A,C,   B";
+  EXPECT_EQ(tests,
+            state_.VerifyRegisteredTestNames("foo.cc", 1, tests));
+}
+
+typedef TypedTestCasePStateTest TypedTestCasePStateDeathTest;
+
+TEST_F(TypedTestCasePStateDeathTest, DetectsDuplicates) {
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.VerifyRegisteredTestNames("foo.cc", 1, "A, B, A, C"),
+      "foo\\.cc.1.?: Test A is listed more than once\\.");
+}
+
+TEST_F(TypedTestCasePStateDeathTest, DetectsExtraTest) {
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.VerifyRegisteredTestNames("foo.cc", 1, "A, B, C, D"),
+      "foo\\.cc.1.?: No test named D can be found in this test case\\.");
+}
+
+TEST_F(TypedTestCasePStateDeathTest, DetectsMissedTest) {
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.VerifyRegisteredTestNames("foo.cc", 1, "A, C"),
+      "foo\\.cc.1.?: You forgot to list test B\\.");
+}
+
+// Tests that defining a test for a parameterized test case generates
+// a run-time error if the test case has been registered.
+TEST_F(TypedTestCasePStateDeathTest, DetectsTestAfterRegistration) {
+  state_.VerifyRegisteredTestNames("foo.cc", 1, "A, B, C");
+  EXPECT_DEATH_IF_SUPPORTED(
+      state_.AddTestName("foo.cc", 2, "FooTest", "D"),
+      "foo\\.cc.2.?: Test D must be defined before REGISTER_TYPED_TEST_CASE_P"
+      "\\(FooTest, \\.\\.\\.\\)\\.");
+}
+
+// Tests that SetUpTestCase()/TearDownTestCase(), fixture ctor/dtor,
+// and SetUp()/TearDown() work correctly in type-parameterized tests.
+
+template <typename T>
+class DerivedTest : public CommonTest<T> {
+};
+
+TYPED_TEST_CASE_P(DerivedTest);
+
+TYPED_TEST_P(DerivedTest, ValuesAreCorrect) {
+  // Static members of the fixture class template can be visited via
+  // the TestFixture:: prefix.
+  EXPECT_EQ(5, *TestFixture::shared_);
+
+  // Non-static members of the fixture class must be visited via
+  // 'this', as required by C++ for class templates.
+  EXPECT_EQ(2, this->value_);
+}
+
+// The second test makes sure shared_ is not deleted after the first
+// test.
+TYPED_TEST_P(DerivedTest, ValuesAreStillCorrect) {
+  // Static members of the fixture class template can also be visited
+  // via 'this'.
+  ASSERT_TRUE(this->shared_ != NULL);
+  EXPECT_EQ(5, *this->shared_);
+  EXPECT_EQ(2, this->value_);
+}
+
+REGISTER_TYPED_TEST_CASE_P(DerivedTest,
+                           ValuesAreCorrect, ValuesAreStillCorrect);
+
+typedef Types<short, long> MyTwoTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(My, DerivedTest, MyTwoTypes);
+
+// Tests that multiple TYPED_TEST_CASE_P's can be defined in the same
+// translation unit.
+
+template <typename T>
+class TypedTestP1 : public Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP1);
+
+// For testing that the code between TYPED_TEST_CASE_P() and
+// TYPED_TEST_P() is not enclosed in a namespace.
+typedef int IntAfterTypedTestCaseP;
+
+TYPED_TEST_P(TypedTestP1, A) {}
+TYPED_TEST_P(TypedTestP1, B) {}
+
+// For testing that the code between TYPED_TEST_P() and
+// REGISTER_TYPED_TEST_CASE_P() is not enclosed in a namespace.
+typedef int IntBeforeRegisterTypedTestCaseP;
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP1, A, B);
+
+template <typename T>
+class TypedTestP2 : public Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP2);
+
+// This also verifies that tests from different type-parameterized
+// test cases can share the same name.
+TYPED_TEST_P(TypedTestP2, A) {}
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP2, A);
+
+// Verifies that the code between TYPED_TEST_CASE_P() and
+// REGISTER_TYPED_TEST_CASE_P() is not enclosed in a namespace.
+IntAfterTypedTestCaseP after = 0;
+IntBeforeRegisterTypedTestCaseP before = 0;
+
+// Verifies that the last argument of INSTANTIATE_TYPED_TEST_CASE_P()
+// can be either a single type or a Types<...> type list.
+INSTANTIATE_TYPED_TEST_CASE_P(Int, TypedTestP1, int);
+INSTANTIATE_TYPED_TEST_CASE_P(Int, TypedTestP2, Types<int>);
+
+// Tests that the same type-parameterized test case can be
+// instantiated more than once in the same translation unit.
+INSTANTIATE_TYPED_TEST_CASE_P(Double, TypedTestP2, Types<double>);
+
+// Tests that the same type-parameterized test case can be
+// instantiated in different translation units linked together.
+// (ContainerTest is also instantiated in gtest-typed-test_test.cc.)
+typedef Types<std::vector<double>, std::set<char> > MyContainers;
+INSTANTIATE_TYPED_TEST_CASE_P(My, ContainerTest, MyContainers);
+
+// Tests that a type-parameterized test case can be defined and
+// instantiated in a namespace.
+
+namespace library2 {
+
+template <typename T>
+class NumericTest : public Test {
+};
+
+TYPED_TEST_CASE_P(NumericTest);
+
+TYPED_TEST_P(NumericTest, DefaultIsZero) {
+  EXPECT_EQ(0, TypeParam());
+}
+
+TYPED_TEST_P(NumericTest, ZeroIsLessThanOne) {
+  EXPECT_LT(TypeParam(0), TypeParam(1));
+}
+
+REGISTER_TYPED_TEST_CASE_P(NumericTest,
+                           DefaultIsZero, ZeroIsLessThanOne);
+typedef Types<int, double> NumericTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(My, NumericTest, NumericTypes);
+
+}  // namespace library2
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#if !defined(GTEST_HAS_TYPED_TEST) && !defined(GTEST_HAS_TYPED_TEST_P)
+
+// Google Test may not support type-parameterized tests with some
+// compilers. If we use conditional compilation to compile out all
+// code referring to the gtest_main library, MSVC linker will not link
+// that library at all and consequently complain about missing entry
+// point defined in that library (fatal error LNK1561: entry point
+// must be defined). This dummy test keeps gtest_main linked in.
+TEST(DummyTest, TypedTestsAreNotSupportedOnThisPlatform) {}
+
+#endif  // #if !defined(GTEST_HAS_TYPED_TEST) && !defined(GTEST_HAS_TYPED_TEST_P)
diff --git a/nss/gtests/google_test/gtest/test/gtest-typed-test_test.h b/nss/gtests/google_test/gtest/test/gtest-typed-test_test.h
new file mode 100644
index 0000000..41d7570
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-typed-test_test.h
@@ -0,0 +1,66 @@
+// Copyright 2008 Google Inc.
+// All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#ifndef GTEST_TEST_GTEST_TYPED_TEST_TEST_H_
+#define GTEST_TEST_GTEST_TYPED_TEST_TEST_H_
+
+#include "gtest/gtest.h"
+
+#if GTEST_HAS_TYPED_TEST_P
+
+using testing::Test;
+
+// For testing that the same type-parameterized test case can be
+// instantiated in different translation units linked together.
+// ContainerTest will be instantiated in both gtest-typed-test_test.cc
+// and gtest-typed-test2_test.cc.
+
+template <typename T>
+class ContainerTest : public Test {
+};
+
+TYPED_TEST_CASE_P(ContainerTest);
+
+TYPED_TEST_P(ContainerTest, CanBeDefaultConstructed) {
+  TypeParam container;
+}
+
+TYPED_TEST_P(ContainerTest, InitialSizeIsZero) {
+  TypeParam container;
+  EXPECT_EQ(0U, container.size());
+}
+
+REGISTER_TYPED_TEST_CASE_P(ContainerTest,
+                           CanBeDefaultConstructed, InitialSizeIsZero);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#endif  // GTEST_TEST_GTEST_TYPED_TEST_TEST_H_
diff --git a/nss/gtests/google_test/gtest/test/gtest-unittest-api_test.cc b/nss/gtests/google_test/gtest/test/gtest-unittest-api_test.cc
new file mode 100644
index 0000000..b1f5168
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest-unittest-api_test.cc
@@ -0,0 +1,341 @@
+// Copyright 2009 Google Inc.  All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// The Google C++ Testing Framework (Google Test)
+//
+// This file contains tests verifying correctness of data provided via
+// UnitTest's public methods.
+
+#include "gtest/gtest.h"
+
+#include <string.h>  // For strcmp.
+#include <algorithm>
+
+using ::testing::InitGoogleTest;
+
+namespace testing {
+namespace internal {
+
+template <typename T>
+struct LessByName {
+  bool operator()(const T* a, const T* b) {
+    return strcmp(a->name(), b->name()) < 0;
+  }
+};
+
+class UnitTestHelper {
+ public:
+  // Returns the array of pointers to all test cases sorted by the test case
+  // name.  The caller is responsible for deleting the array.
+  static TestCase const** GetSortedTestCases() {
+    UnitTest& unit_test = *UnitTest::GetInstance();
+    TestCase const** const test_cases =
+        new const TestCase*[unit_test.total_test_case_count()];
+
+    for (int i = 0; i < unit_test.total_test_case_count(); ++i)
+      test_cases[i] = unit_test.GetTestCase(i);
+
+    std::sort(test_cases,
+              test_cases + unit_test.total_test_case_count(),
+              LessByName<TestCase>());
+    return test_cases;
+  }
+
+  // Returns the test case by its name.  The caller doesn't own the returned
+  // pointer.
+  static const TestCase* FindTestCase(const char* name) {
+    UnitTest& unit_test = *UnitTest::GetInstance();
+    for (int i = 0; i < unit_test.total_test_case_count(); ++i) {
+      const TestCase* test_case = unit_test.GetTestCase(i);
+      if (0 == strcmp(test_case->name(), name))
+        return test_case;
+    }
+    return NULL;
+  }
+
+  // Returns the array of pointers to all tests in a particular test case
+  // sorted by the test name.  The caller is responsible for deleting the
+  // array.
+  static TestInfo const** GetSortedTests(const TestCase* test_case) {
+    TestInfo const** const tests =
+        new const TestInfo*[test_case->total_test_count()];
+
+    for (int i = 0; i < test_case->total_test_count(); ++i)
+      tests[i] = test_case->GetTestInfo(i);
+
+    std::sort(tests, tests + test_case->total_test_count(),
+              LessByName<TestInfo>());
+    return tests;
+  }
+};
+
+#if GTEST_HAS_TYPED_TEST
+template <typename T> class TestCaseWithCommentTest : public Test {};
+TYPED_TEST_CASE(TestCaseWithCommentTest, Types<int>);
+TYPED_TEST(TestCaseWithCommentTest, Dummy) {}
+
+const int kTypedTestCases = 1;
+const int kTypedTests = 1;
+#else
+const int kTypedTestCases = 0;
+const int kTypedTests = 0;
+#endif  // GTEST_HAS_TYPED_TEST
+
+// We can only test the accessors that do not change value while tests run.
+// Since tests can be run in any order, the values the accessors that track
+// test execution (such as failed_test_count) can not be predicted.
+TEST(ApiTest, UnitTestImmutableAccessorsWork) {
+  UnitTest* unit_test = UnitTest::GetInstance();
+
+  ASSERT_EQ(2 + kTypedTestCases, unit_test->total_test_case_count());
+  EXPECT_EQ(1 + kTypedTestCases, unit_test->test_case_to_run_count());
+  EXPECT_EQ(2, unit_test->disabled_test_count());
+  EXPECT_EQ(5 + kTypedTests, unit_test->total_test_count());
+  EXPECT_EQ(3 + kTypedTests, unit_test->test_to_run_count());
+
+  const TestCase** const test_cases = UnitTestHelper::GetSortedTestCases();
+
+  EXPECT_STREQ("ApiTest", test_cases[0]->name());
+  EXPECT_STREQ("DISABLED_Test", test_cases[1]->name());
+#if GTEST_HAS_TYPED_TEST
+  EXPECT_STREQ("TestCaseWithCommentTest/0", test_cases[2]->name());
+#endif  // GTEST_HAS_TYPED_TEST
+
+  delete[] test_cases;
+
+  // The following lines initiate actions to verify certain methods in
+  // FinalSuccessChecker::TearDown.
+
+  // Records a test property to verify TestResult::GetTestProperty().
+  RecordProperty("key", "value");
+}
+
+AssertionResult IsNull(const char* str) {
+  if (str != NULL) {
+    return testing::AssertionFailure() << "argument is " << str;
+  }
+  return AssertionSuccess();
+}
+
+TEST(ApiTest, TestCaseImmutableAccessorsWork) {
+  const TestCase* test_case = UnitTestHelper::FindTestCase("ApiTest");
+  ASSERT_TRUE(test_case != NULL);
+
+  EXPECT_STREQ("ApiTest", test_case->name());
+  EXPECT_TRUE(IsNull(test_case->type_param()));
+  EXPECT_TRUE(test_case->should_run());
+  EXPECT_EQ(1, test_case->disabled_test_count());
+  EXPECT_EQ(3, test_case->test_to_run_count());
+  ASSERT_EQ(4, test_case->total_test_count());
+
+  const TestInfo** tests = UnitTestHelper::GetSortedTests(test_case);
+
+  EXPECT_STREQ("DISABLED_Dummy1", tests[0]->name());
+  EXPECT_STREQ("ApiTest", tests[0]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[0]->value_param()));
+  EXPECT_TRUE(IsNull(tests[0]->type_param()));
+  EXPECT_FALSE(tests[0]->should_run());
+
+  EXPECT_STREQ("TestCaseDisabledAccessorsWork", tests[1]->name());
+  EXPECT_STREQ("ApiTest", tests[1]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[1]->value_param()));
+  EXPECT_TRUE(IsNull(tests[1]->type_param()));
+  EXPECT_TRUE(tests[1]->should_run());
+
+  EXPECT_STREQ("TestCaseImmutableAccessorsWork", tests[2]->name());
+  EXPECT_STREQ("ApiTest", tests[2]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[2]->value_param()));
+  EXPECT_TRUE(IsNull(tests[2]->type_param()));
+  EXPECT_TRUE(tests[2]->should_run());
+
+  EXPECT_STREQ("UnitTestImmutableAccessorsWork", tests[3]->name());
+  EXPECT_STREQ("ApiTest", tests[3]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[3]->value_param()));
+  EXPECT_TRUE(IsNull(tests[3]->type_param()));
+  EXPECT_TRUE(tests[3]->should_run());
+
+  delete[] tests;
+  tests = NULL;
+
+#if GTEST_HAS_TYPED_TEST
+  test_case = UnitTestHelper::FindTestCase("TestCaseWithCommentTest/0");
+  ASSERT_TRUE(test_case != NULL);
+
+  EXPECT_STREQ("TestCaseWithCommentTest/0", test_case->name());
+  EXPECT_STREQ(GetTypeName<int>().c_str(), test_case->type_param());
+  EXPECT_TRUE(test_case->should_run());
+  EXPECT_EQ(0, test_case->disabled_test_count());
+  EXPECT_EQ(1, test_case->test_to_run_count());
+  ASSERT_EQ(1, test_case->total_test_count());
+
+  tests = UnitTestHelper::GetSortedTests(test_case);
+
+  EXPECT_STREQ("Dummy", tests[0]->name());
+  EXPECT_STREQ("TestCaseWithCommentTest/0", tests[0]->test_case_name());
+  EXPECT_TRUE(IsNull(tests[0]->value_param()));
+  EXPECT_STREQ(GetTypeName<int>().c_str(), tests[0]->type_param());
+  EXPECT_TRUE(tests[0]->should_run());
+
+  delete[] tests;
+#endif  // GTEST_HAS_TYPED_TEST
+}
+
+TEST(ApiTest, TestCaseDisabledAccessorsWork) {
+  const TestCase* test_case = UnitTestHelper::FindTestCase("DISABLED_Test");
+  ASSERT_TRUE(test_case != NULL);
+
+  EXPECT_STREQ("DISABLED_Test", test_case->name());
+  EXPECT_TRUE(IsNull(test_case->type_param()));
+  EXPECT_FALSE(test_case->should_run());
+  EXPECT_EQ(1, test_case->disabled_test_count());
+  EXPECT_EQ(0, test_case->test_to_run_count());
+  ASSERT_EQ(1, test_case->total_test_count());
+
+  const TestInfo* const test_info = test_case->GetTestInfo(0);
+  EXPECT_STREQ("Dummy2", test_info->name());
+  EXPECT_STREQ("DISABLED_Test", test_info->test_case_name());
+  EXPECT_TRUE(IsNull(test_info->value_param()));
+  EXPECT_TRUE(IsNull(test_info->type_param()));
+  EXPECT_FALSE(test_info->should_run());
+}
+
+// These two tests are here to provide support for testing
+// test_case_to_run_count, disabled_test_count, and test_to_run_count.
+TEST(ApiTest, DISABLED_Dummy1) {}
+TEST(DISABLED_Test, Dummy2) {}
+
+class FinalSuccessChecker : public Environment {
+ protected:
+  virtual void TearDown() {
+    UnitTest* unit_test = UnitTest::GetInstance();
+
+    EXPECT_EQ(1 + kTypedTestCases, unit_test->successful_test_case_count());
+    EXPECT_EQ(3 + kTypedTests, unit_test->successful_test_count());
+    EXPECT_EQ(0, unit_test->failed_test_case_count());
+    EXPECT_EQ(0, unit_test->failed_test_count());
+    EXPECT_TRUE(unit_test->Passed());
+    EXPECT_FALSE(unit_test->Failed());
+    ASSERT_EQ(2 + kTypedTestCases, unit_test->total_test_case_count());
+
+    const TestCase** const test_cases = UnitTestHelper::GetSortedTestCases();
+
+    EXPECT_STREQ("ApiTest", test_cases[0]->name());
+    EXPECT_TRUE(IsNull(test_cases[0]->type_param()));
+    EXPECT_TRUE(test_cases[0]->should_run());
+    EXPECT_EQ(1, test_cases[0]->disabled_test_count());
+    ASSERT_EQ(4, test_cases[0]->total_test_count());
+    EXPECT_EQ(3, test_cases[0]->successful_test_count());
+    EXPECT_EQ(0, test_cases[0]->failed_test_count());
+    EXPECT_TRUE(test_cases[0]->Passed());
+    EXPECT_FALSE(test_cases[0]->Failed());
+
+    EXPECT_STREQ("DISABLED_Test", test_cases[1]->name());
+    EXPECT_TRUE(IsNull(test_cases[1]->type_param()));
+    EXPECT_FALSE(test_cases[1]->should_run());
+    EXPECT_EQ(1, test_cases[1]->disabled_test_count());
+    ASSERT_EQ(1, test_cases[1]->total_test_count());
+    EXPECT_EQ(0, test_cases[1]->successful_test_count());
+    EXPECT_EQ(0, test_cases[1]->failed_test_count());
+
+#if GTEST_HAS_TYPED_TEST
+    EXPECT_STREQ("TestCaseWithCommentTest/0", test_cases[2]->name());
+    EXPECT_STREQ(GetTypeName<int>().c_str(), test_cases[2]->type_param());
+    EXPECT_TRUE(test_cases[2]->should_run());
+    EXPECT_EQ(0, test_cases[2]->disabled_test_count());
+    ASSERT_EQ(1, test_cases[2]->total_test_count());
+    EXPECT_EQ(1, test_cases[2]->successful_test_count());
+    EXPECT_EQ(0, test_cases[2]->failed_test_count());
+    EXPECT_TRUE(test_cases[2]->Passed());
+    EXPECT_FALSE(test_cases[2]->Failed());
+#endif  // GTEST_HAS_TYPED_TEST
+
+    const TestCase* test_case = UnitTestHelper::FindTestCase("ApiTest");
+    const TestInfo** tests = UnitTestHelper::GetSortedTests(test_case);
+    EXPECT_STREQ("DISABLED_Dummy1", tests[0]->name());
+    EXPECT_STREQ("ApiTest", tests[0]->test_case_name());
+    EXPECT_FALSE(tests[0]->should_run());
+
+    EXPECT_STREQ("TestCaseDisabledAccessorsWork", tests[1]->name());
+    EXPECT_STREQ("ApiTest", tests[1]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[1]->value_param()));
+    EXPECT_TRUE(IsNull(tests[1]->type_param()));
+    EXPECT_TRUE(tests[1]->should_run());
+    EXPECT_TRUE(tests[1]->result()->Passed());
+    EXPECT_EQ(0, tests[1]->result()->test_property_count());
+
+    EXPECT_STREQ("TestCaseImmutableAccessorsWork", tests[2]->name());
+    EXPECT_STREQ("ApiTest", tests[2]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[2]->value_param()));
+    EXPECT_TRUE(IsNull(tests[2]->type_param()));
+    EXPECT_TRUE(tests[2]->should_run());
+    EXPECT_TRUE(tests[2]->result()->Passed());
+    EXPECT_EQ(0, tests[2]->result()->test_property_count());
+
+    EXPECT_STREQ("UnitTestImmutableAccessorsWork", tests[3]->name());
+    EXPECT_STREQ("ApiTest", tests[3]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[3]->value_param()));
+    EXPECT_TRUE(IsNull(tests[3]->type_param()));
+    EXPECT_TRUE(tests[3]->should_run());
+    EXPECT_TRUE(tests[3]->result()->Passed());
+    EXPECT_EQ(1, tests[3]->result()->test_property_count());
+    const TestProperty& property = tests[3]->result()->GetTestProperty(0);
+    EXPECT_STREQ("key", property.key());
+    EXPECT_STREQ("value", property.value());
+
+    delete[] tests;
+
+#if GTEST_HAS_TYPED_TEST
+    test_case = UnitTestHelper::FindTestCase("TestCaseWithCommentTest/0");
+    tests = UnitTestHelper::GetSortedTests(test_case);
+
+    EXPECT_STREQ("Dummy", tests[0]->name());
+    EXPECT_STREQ("TestCaseWithCommentTest/0", tests[0]->test_case_name());
+    EXPECT_TRUE(IsNull(tests[0]->value_param()));
+    EXPECT_STREQ(GetTypeName<int>().c_str(), tests[0]->type_param());
+    EXPECT_TRUE(tests[0]->should_run());
+    EXPECT_TRUE(tests[0]->result()->Passed());
+    EXPECT_EQ(0, tests[0]->result()->test_property_count());
+
+    delete[] tests;
+#endif  // GTEST_HAS_TYPED_TEST
+    delete[] test_cases;
+  }
+};
+
+}  // namespace internal
+}  // namespace testing
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  AddGlobalTestEnvironment(new testing::internal::FinalSuccessChecker());
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_all_test.cc b/nss/gtests/google_test/gtest/test/gtest_all_test.cc
new file mode 100644
index 0000000..955aa62
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_all_test.cc
@@ -0,0 +1,47 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for Google C++ Testing Framework (Google Test)
+//
+// Sometimes it's desirable to build most of Google Test's own tests
+// by compiling a single file.  This file serves this purpose.
+#include "test/gtest-filepath_test.cc"
+#include "test/gtest-linked_ptr_test.cc"
+#include "test/gtest-message_test.cc"
+#include "test/gtest-options_test.cc"
+#include "test/gtest-port_test.cc"
+#include "test/gtest_pred_impl_unittest.cc"
+#include "test/gtest_prod_test.cc"
+#include "test/gtest-test-part_test.cc"
+#include "test/gtest-typed-test_test.cc"
+#include "test/gtest-typed-test2_test.cc"
+#include "test/gtest_unittest.cc"
+#include "test/production.cc"
diff --git a/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest.py b/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest.py
new file mode 100755
index 0000000..78f3e0f
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest.py
@@ -0,0 +1,212 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for Google Test's break-on-failure mode.
+
+A user can ask Google Test to seg-fault when an assertion fails, using
+either the GTEST_BREAK_ON_FAILURE environment variable or the
+--gtest_break_on_failure flag.  This script tests such functionality
+by invoking gtest_break_on_failure_unittest_ (a program written with
+Google Test) with different environments and command line flags.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import gtest_test_utils
+import os
+import sys
+
+
+# Constants.
+
+IS_WINDOWS = os.name == 'nt'
+
+# The environment variable for enabling/disabling the break-on-failure mode.
+BREAK_ON_FAILURE_ENV_VAR = 'GTEST_BREAK_ON_FAILURE'
+
+# The command line flag for enabling/disabling the break-on-failure mode.
+BREAK_ON_FAILURE_FLAG = 'gtest_break_on_failure'
+
+# The environment variable for enabling/disabling the throw-on-failure mode.
+THROW_ON_FAILURE_ENV_VAR = 'GTEST_THROW_ON_FAILURE'
+
+# The environment variable for enabling/disabling the catch-exceptions mode.
+CATCH_EXCEPTIONS_ENV_VAR = 'GTEST_CATCH_EXCEPTIONS'
+
+# Path to the gtest_break_on_failure_unittest_ program.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_break_on_failure_unittest_')
+
+
+environ = gtest_test_utils.environ
+SetEnvVar = gtest_test_utils.SetEnvVar
+
+# Tests in this file run a Google-Test-based test program and expect it
+# to terminate prematurely.  Therefore they are incompatible with
+# the premature-exit-file protocol by design.  Unset the
+# premature-exit filepath to prevent Google Test from creating
+# the file.
+SetEnvVar(gtest_test_utils.PREMATURE_EXIT_FILE_ENV_VAR, None)
+
+
+def Run(command):
+  """Runs a command; returns 1 if it was killed by a signal, or 0 otherwise."""
+
+  p = gtest_test_utils.Subprocess(command, env=environ)
+  if p.terminated_by_signal:
+    return 1
+  else:
+    return 0
+
+
+# The tests.
+
+
+class GTestBreakOnFailureUnitTest(gtest_test_utils.TestCase):
+  """Tests using the GTEST_BREAK_ON_FAILURE environment variable or
+  the --gtest_break_on_failure flag to turn assertion failures into
+  segmentation faults.
+  """
+
+  def RunAndVerify(self, env_var_value, flag_value, expect_seg_fault):
+    """Runs gtest_break_on_failure_unittest_ and verifies that it does
+    (or does not) have a seg-fault.
+
+    Args:
+      env_var_value:    value of the GTEST_BREAK_ON_FAILURE environment
+                        variable; None if the variable should be unset.
+      flag_value:       value of the --gtest_break_on_failure flag;
+                        None if the flag should not be present.
+      expect_seg_fault: 1 if the program is expected to generate a seg-fault;
+                        0 otherwise.
+    """
+
+    SetEnvVar(BREAK_ON_FAILURE_ENV_VAR, env_var_value)
+
+    if env_var_value is None:
+      env_var_value_msg = ' is not set'
+    else:
+      env_var_value_msg = '=' + env_var_value
+
+    if flag_value is None:
+      flag = ''
+    elif flag_value == '0':
+      flag = '--%s=0' % BREAK_ON_FAILURE_FLAG
+    else:
+      flag = '--%s' % BREAK_ON_FAILURE_FLAG
+
+    command = [EXE_PATH]
+    if flag:
+      command.append(flag)
+
+    if expect_seg_fault:
+      should_or_not = 'should'
+    else:
+      should_or_not = 'should not'
+
+    has_seg_fault = Run(command)
+
+    SetEnvVar(BREAK_ON_FAILURE_ENV_VAR, None)
+
+    msg = ('when %s%s, an assertion failure in "%s" %s cause a seg-fault.' %
+           (BREAK_ON_FAILURE_ENV_VAR, env_var_value_msg, ' '.join(command),
+            should_or_not))
+    self.assert_(has_seg_fault == expect_seg_fault, msg)
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of the default mode."""
+
+    self.RunAndVerify(env_var_value=None,
+                      flag_value=None,
+                      expect_seg_fault=0)
+
+  def testEnvVar(self):
+    """Tests using the GTEST_BREAK_ON_FAILURE environment variable."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value=None,
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value=None,
+                      expect_seg_fault=1)
+
+  def testFlag(self):
+    """Tests using the --gtest_break_on_failure flag."""
+
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='0',
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='1',
+                      expect_seg_fault=1)
+
+  def testFlagOverridesEnvVar(self):
+    """Tests that the flag overrides the environment variable."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='0',
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='1',
+                      expect_seg_fault=1)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='0',
+                      expect_seg_fault=0)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='1',
+                      expect_seg_fault=1)
+
+  def testBreakOnFailureOverridesThrowOnFailure(self):
+    """Tests that gtest_break_on_failure overrides gtest_throw_on_failure."""
+
+    SetEnvVar(THROW_ON_FAILURE_ENV_VAR, '1')
+    try:
+      self.RunAndVerify(env_var_value=None,
+                        flag_value='1',
+                        expect_seg_fault=1)
+    finally:
+      SetEnvVar(THROW_ON_FAILURE_ENV_VAR, None)
+
+  if IS_WINDOWS:
+    def testCatchExceptionsDoesNotInterfere(self):
+      """Tests that gtest_catch_exceptions doesn't interfere."""
+
+      SetEnvVar(CATCH_EXCEPTIONS_ENV_VAR, '1')
+      try:
+        self.RunAndVerify(env_var_value='1',
+                          flag_value='1',
+                          expect_seg_fault=1)
+      finally:
+        SetEnvVar(CATCH_EXCEPTIONS_ENV_VAR, None)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc b/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
new file mode 100644
index 0000000..dd07478
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_break_on_failure_unittest_.cc
@@ -0,0 +1,88 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Unit test for Google Test's break-on-failure mode.
+//
+// A user can ask Google Test to seg-fault when an assertion fails, using
+// either the GTEST_BREAK_ON_FAILURE environment variable or the
+// --gtest_break_on_failure flag.  This file is used for testing such
+// functionality.
+//
+// This program will be invoked from a Python unit test.  It is
+// expected to fail.  Don't run it directly.
+
+#include "gtest/gtest.h"
+
+#if GTEST_OS_WINDOWS
+# include <windows.h>
+# include <stdlib.h>
+#endif
+
+namespace {
+
+// A test that's expected to fail.
+TEST(Foo, Bar) {
+  EXPECT_EQ(2, 3);
+}
+
+#if GTEST_HAS_SEH && !GTEST_OS_WINDOWS_MOBILE
+// On Windows Mobile global exception handlers are not supported.
+LONG WINAPI ExitWithExceptionCode(
+    struct _EXCEPTION_POINTERS* exception_pointers) {
+  exit(exception_pointers->ExceptionRecord->ExceptionCode);
+}
+#endif
+
+}  // namespace
+
+int main(int argc, char **argv) {
+#if GTEST_OS_WINDOWS
+  // Suppresses display of the Windows error dialog upon encountering
+  // a general protection fault (segment violation).
+  SetErrorMode(SEM_NOGPFAULTERRORBOX | SEM_FAILCRITICALERRORS);
+
+# if GTEST_HAS_SEH && !GTEST_OS_WINDOWS_MOBILE
+
+  // The default unhandled exception filter does not always exit
+  // with the exception code as exit code - for example it exits with
+  // 0 for EXCEPTION_ACCESS_VIOLATION and 1 for EXCEPTION_BREAKPOINT
+  // if the application is compiled in debug mode. Thus we use our own
+  // filter which always exits with the exception code for unhandled
+  // exceptions.
+  SetUnhandledExceptionFilter(ExitWithExceptionCode);
+
+# endif
+#endif
+
+  testing::InitGoogleTest(&argc, argv);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test.py b/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test.py
new file mode 100755
index 0000000..e6fc22f
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test.py
@@ -0,0 +1,237 @@
+#!/usr/bin/env python
+#
+# Copyright 2010 Google Inc.  All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests Google Test's exception catching behavior.
+
+This script invokes gtest_catch_exceptions_test_ and
+gtest_catch_exceptions_ex_test_ (programs written with
+Google Test) and verifies their output.
+"""
+
+__author__ = 'vladl@google.com (Vlad Losev)'
+
+import os
+
+import gtest_test_utils
+
+# Constants.
+FLAG_PREFIX = '--gtest_'
+LIST_TESTS_FLAG = FLAG_PREFIX + 'list_tests'
+NO_CATCH_EXCEPTIONS_FLAG = FLAG_PREFIX + 'catch_exceptions=0'
+FILTER_FLAG = FLAG_PREFIX + 'filter'
+
+# Path to the gtest_catch_exceptions_ex_test_ binary, compiled with
+# exceptions enabled.
+EX_EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_catch_exceptions_ex_test_')
+
+# Path to the gtest_catch_exceptions_test_ binary, compiled with
+# exceptions disabled.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_catch_exceptions_no_ex_test_')
+
+environ = gtest_test_utils.environ
+SetEnvVar = gtest_test_utils.SetEnvVar
+
+# Tests in this file run a Google-Test-based test program and expect it
+# to terminate prematurely.  Therefore they are incompatible with
+# the premature-exit-file protocol by design.  Unset the
+# premature-exit filepath to prevent Google Test from creating
+# the file.
+SetEnvVar(gtest_test_utils.PREMATURE_EXIT_FILE_ENV_VAR, None)
+
+TEST_LIST = gtest_test_utils.Subprocess(
+    [EXE_PATH, LIST_TESTS_FLAG], env=environ).output
+
+SUPPORTS_SEH_EXCEPTIONS = 'ThrowsSehException' in TEST_LIST
+
+if SUPPORTS_SEH_EXCEPTIONS:
+  BINARY_OUTPUT = gtest_test_utils.Subprocess([EXE_PATH], env=environ).output
+
+EX_BINARY_OUTPUT = gtest_test_utils.Subprocess(
+    [EX_EXE_PATH], env=environ).output
+
+
+# The tests.
+if SUPPORTS_SEH_EXCEPTIONS:
+  # pylint:disable-msg=C6302
+  class CatchSehExceptionsTest(gtest_test_utils.TestCase):
+    """Tests exception-catching behavior."""
+
+
+    def TestSehExceptions(self, test_output):
+      self.assert_('SEH exception with code 0x2a thrown '
+                   'in the test fixture\'s constructor'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown '
+                   'in the test fixture\'s destructor'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in SetUpTestCase()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in TearDownTestCase()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in SetUp()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in TearDown()'
+                   in test_output)
+      self.assert_('SEH exception with code 0x2a thrown in the test body'
+                   in test_output)
+
+    def testCatchesSehExceptionsWithCxxExceptionsEnabled(self):
+      self.TestSehExceptions(EX_BINARY_OUTPUT)
+
+    def testCatchesSehExceptionsWithCxxExceptionsDisabled(self):
+      self.TestSehExceptions(BINARY_OUTPUT)
+
+
+class CatchCxxExceptionsTest(gtest_test_utils.TestCase):
+  """Tests C++ exception-catching behavior.
+
+     Tests in this test case verify that:
+     * C++ exceptions are caught and logged as C++ (not SEH) exceptions
+     * Exception thrown affect the remainder of the test work flow in the
+       expected manner.
+  """
+
+  def testCatchesCxxExceptionsInFixtureConstructor(self):
+    self.assert_('C++ exception with description '
+                 '"Standard C++ exception" thrown '
+                 'in the test fixture\'s constructor'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('unexpected' not in EX_BINARY_OUTPUT,
+                 'This failure belongs in this test only if '
+                 '"CxxExceptionInConstructorTest" (no quotes) '
+                 'appears on the same line as words "called unexpectedly"')
+
+  if ('CxxExceptionInDestructorTest.ThrowsExceptionInDestructor' in
+      EX_BINARY_OUTPUT):
+
+    def testCatchesCxxExceptionsInFixtureDestructor(self):
+      self.assert_('C++ exception with description '
+                   '"Standard C++ exception" thrown '
+                   'in the test fixture\'s destructor'
+                   in EX_BINARY_OUTPUT)
+      self.assert_('CxxExceptionInDestructorTest::TearDownTestCase() '
+                   'called as expected.'
+                   in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInSetUpTestCase(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in SetUpTestCase()'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInConstructorTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest constructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest::SetUp() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest::TearDown() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTestCaseTest test body '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInTearDownTestCase(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in TearDownTestCase()'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInSetUp(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in SetUp()'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInSetUpTest::TearDown() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('unexpected' not in EX_BINARY_OUTPUT,
+                 'This failure belongs in this test only if '
+                 '"CxxExceptionInSetUpTest" (no quotes) '
+                 'appears on the same line as words "called unexpectedly"')
+
+  def testCatchesCxxExceptionsInTearDown(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in TearDown()'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTearDownTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTearDownTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesCxxExceptionsInTestBody(self):
+    self.assert_('C++ exception with description "Standard C++ exception"'
+                 ' thrown in the test body'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTestBodyTest::TearDownTestCase() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTestBodyTest destructor '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+    self.assert_('CxxExceptionInTestBodyTest::TearDown() '
+                 'called as expected.'
+                 in EX_BINARY_OUTPUT)
+
+  def testCatchesNonStdCxxExceptions(self):
+    self.assert_('Unknown C++ exception thrown in the test body'
+                 in EX_BINARY_OUTPUT)
+
+  def testUnhandledCxxExceptionsAbortTheProgram(self):
+    # Filters out SEH exception tests on Windows. Unhandled SEH exceptions
+    # cause tests to show pop-up windows there.
+    FITLER_OUT_SEH_TESTS_FLAG = FILTER_FLAG + '=-*Seh*'
+    # By default, Google Test doesn't catch the exceptions.
+    uncaught_exceptions_ex_binary_output = gtest_test_utils.Subprocess(
+        [EX_EXE_PATH,
+         NO_CATCH_EXCEPTIONS_FLAG,
+         FITLER_OUT_SEH_TESTS_FLAG],
+        env=environ).output
+
+    self.assert_('Unhandled C++ exception terminating the program'
+                 in uncaught_exceptions_ex_binary_output)
+    self.assert_('unexpected' not in uncaught_exceptions_ex_binary_output)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test_.cc b/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
new file mode 100644
index 0000000..d0fc82c
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_catch_exceptions_test_.cc
@@ -0,0 +1,311 @@
+// Copyright 2010, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: vladl@google.com (Vlad Losev)
+//
+// Tests for Google Test itself. Tests in this file throw C++ or SEH
+// exceptions, and the output is verified by gtest_catch_exceptions_test.py.
+
+#include "gtest/gtest.h"
+
+#include <stdio.h>  // NOLINT
+#include <stdlib.h>  // For exit().
+
+#if GTEST_HAS_SEH
+# include <windows.h>
+#endif
+
+#if GTEST_HAS_EXCEPTIONS
+# include <exception>  // For set_terminate().
+# include <stdexcept>
+#endif
+
+using testing::Test;
+
+#if GTEST_HAS_SEH
+
+class SehExceptionInConstructorTest : public Test {
+ public:
+  SehExceptionInConstructorTest() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInConstructorTest, ThrowsExceptionInConstructor) {}
+
+class SehExceptionInDestructorTest : public Test {
+ public:
+  ~SehExceptionInDestructorTest() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInDestructorTest, ThrowsExceptionInDestructor) {}
+
+class SehExceptionInSetUpTestCaseTest : public Test {
+ public:
+  static void SetUpTestCase() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInSetUpTestCaseTest, ThrowsExceptionInSetUpTestCase) {}
+
+class SehExceptionInTearDownTestCaseTest : public Test {
+ public:
+  static void TearDownTestCase() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInTearDownTestCaseTest, ThrowsExceptionInTearDownTestCase) {}
+
+class SehExceptionInSetUpTest : public Test {
+ protected:
+  virtual void SetUp() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInSetUpTest, ThrowsExceptionInSetUp) {}
+
+class SehExceptionInTearDownTest : public Test {
+ protected:
+  virtual void TearDown() { RaiseException(42, 0, 0, NULL); }
+};
+
+TEST_F(SehExceptionInTearDownTest, ThrowsExceptionInTearDown) {}
+
+TEST(SehExceptionTest, ThrowsSehException) {
+  RaiseException(42, 0, 0, NULL);
+}
+
+#endif  // GTEST_HAS_SEH
+
+#if GTEST_HAS_EXCEPTIONS
+
+class CxxExceptionInConstructorTest : public Test {
+ public:
+  CxxExceptionInConstructorTest() {
+    // Without this macro VC++ complains about unreachable code at the end of
+    // the constructor.
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(
+        throw std::runtime_error("Standard C++ exception"));
+  }
+
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInConstructorTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInConstructorTest() {
+    ADD_FAILURE() << "CxxExceptionInConstructorTest destructor "
+                  << "called unexpectedly.";
+  }
+
+  virtual void SetUp() {
+    ADD_FAILURE() << "CxxExceptionInConstructorTest::SetUp() "
+                  << "called unexpectedly.";
+  }
+
+  virtual void TearDown() {
+    ADD_FAILURE() << "CxxExceptionInConstructorTest::TearDown() "
+                  << "called unexpectedly.";
+  }
+};
+
+TEST_F(CxxExceptionInConstructorTest, ThrowsExceptionInConstructor) {
+  ADD_FAILURE() << "CxxExceptionInConstructorTest test body "
+                << "called unexpectedly.";
+}
+
+// Exceptions in destructors are not supported in C++11.
+#if !defined(__GXX_EXPERIMENTAL_CXX0X__) &&  __cplusplus < 201103L
+class CxxExceptionInDestructorTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInDestructorTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInDestructorTest() {
+    GTEST_SUPPRESS_UNREACHABLE_CODE_WARNING_BELOW_(
+        throw std::runtime_error("Standard C++ exception"));
+  }
+};
+
+TEST_F(CxxExceptionInDestructorTest, ThrowsExceptionInDestructor) {}
+#endif  // C++11 mode
+
+class CxxExceptionInSetUpTestCaseTest : public Test {
+ public:
+  CxxExceptionInSetUpTestCaseTest() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest constructor "
+           "called as expected.\n");
+  }
+
+  static void SetUpTestCase() {
+    throw std::runtime_error("Standard C++ exception");
+  }
+
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInSetUpTestCaseTest() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void SetUp() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest::SetUp() "
+           "called as expected.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s",
+           "CxxExceptionInSetUpTestCaseTest::TearDown() "
+           "called as expected.\n");
+  }
+};
+
+TEST_F(CxxExceptionInSetUpTestCaseTest, ThrowsExceptionInSetUpTestCase) {
+  printf("%s",
+         "CxxExceptionInSetUpTestCaseTest test body "
+         "called as expected.\n");
+}
+
+class CxxExceptionInTearDownTestCaseTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    throw std::runtime_error("Standard C++ exception");
+  }
+};
+
+TEST_F(CxxExceptionInTearDownTestCaseTest, ThrowsExceptionInTearDownTestCase) {}
+
+class CxxExceptionInSetUpTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInSetUpTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInSetUpTest() {
+    printf("%s",
+           "CxxExceptionInSetUpTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void SetUp() { throw std::runtime_error("Standard C++ exception"); }
+
+  virtual void TearDown() {
+    printf("%s",
+           "CxxExceptionInSetUpTest::TearDown() "
+           "called as expected.\n");
+  }
+};
+
+TEST_F(CxxExceptionInSetUpTest, ThrowsExceptionInSetUp) {
+  ADD_FAILURE() << "CxxExceptionInSetUpTest test body "
+                << "called unexpectedly.";
+}
+
+class CxxExceptionInTearDownTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInTearDownTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInTearDownTest() {
+    printf("%s",
+           "CxxExceptionInTearDownTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void TearDown() {
+    throw std::runtime_error("Standard C++ exception");
+  }
+};
+
+TEST_F(CxxExceptionInTearDownTest, ThrowsExceptionInTearDown) {}
+
+class CxxExceptionInTestBodyTest : public Test {
+ public:
+  static void TearDownTestCase() {
+    printf("%s",
+           "CxxExceptionInTestBodyTest::TearDownTestCase() "
+           "called as expected.\n");
+  }
+
+ protected:
+  ~CxxExceptionInTestBodyTest() {
+    printf("%s",
+           "CxxExceptionInTestBodyTest destructor "
+           "called as expected.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s",
+           "CxxExceptionInTestBodyTest::TearDown() "
+           "called as expected.\n");
+  }
+};
+
+TEST_F(CxxExceptionInTestBodyTest, ThrowsStdCxxException) {
+  throw std::runtime_error("Standard C++ exception");
+}
+
+TEST(CxxExceptionTest, ThrowsNonStdCxxException) {
+  throw "C-string";
+}
+
+// This terminate handler aborts the program using exit() rather than abort().
+// This avoids showing pop-ups on Windows systems and core dumps on Unix-like
+// ones.
+void TerminateHandler() {
+  fprintf(stderr, "%s\n", "Unhandled C++ exception terminating the program.");
+  fflush(NULL);
+  exit(3);
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+int main(int argc, char** argv) {
+#if GTEST_HAS_EXCEPTIONS
+  std::set_terminate(&TerminateHandler);
+#endif
+  testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_color_test.py b/nss/gtests/google_test/gtest/test/gtest_color_test.py
new file mode 100755
index 0000000..d02a53e
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_color_test.py
@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that Google Test correctly determines whether to use colors."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+
+IS_WINDOWS = os.name = 'nt'
+
+COLOR_ENV_VAR = 'GTEST_COLOR'
+COLOR_FLAG = 'gtest_color'
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_color_test_')
+
+
+def SetEnvVar(env_var, value):
+  """Sets the env variable to 'value'; unsets it when 'value' is None."""
+
+  if value is not None:
+    os.environ[env_var] = value
+  elif env_var in os.environ:
+    del os.environ[env_var]
+
+
+def UsesColor(term, color_env_var, color_flag):
+  """Runs gtest_color_test_ and returns its exit code."""
+
+  SetEnvVar('TERM', term)
+  SetEnvVar(COLOR_ENV_VAR, color_env_var)
+
+  if color_flag is None:
+    args = []
+  else:
+    args = ['--%s=%s' % (COLOR_FLAG, color_flag)]
+  p = gtest_test_utils.Subprocess([COMMAND] + args)
+  return not p.exited or p.exit_code
+
+
+class GTestColorTest(gtest_test_utils.TestCase):
+  def testNoEnvVarNoFlag(self):
+    """Tests the case when there's neither GTEST_COLOR nor --gtest_color."""
+
+    if not IS_WINDOWS:
+      self.assert_(not UsesColor('dumb', None, None))
+      self.assert_(not UsesColor('emacs', None, None))
+      self.assert_(not UsesColor('xterm-mono', None, None))
+      self.assert_(not UsesColor('unknown', None, None))
+      self.assert_(not UsesColor(None, None, None))
+    self.assert_(UsesColor('linux', None, None))
+    self.assert_(UsesColor('cygwin', None, None))
+    self.assert_(UsesColor('xterm', None, None))
+    self.assert_(UsesColor('xterm-color', None, None))
+    self.assert_(UsesColor('xterm-256color', None, None))
+
+  def testFlagOnly(self):
+    """Tests the case when there's --gtest_color but not GTEST_COLOR."""
+
+    self.assert_(not UsesColor('dumb', None, 'no'))
+    self.assert_(not UsesColor('xterm-color', None, 'no'))
+    if not IS_WINDOWS:
+      self.assert_(not UsesColor('emacs', None, 'auto'))
+    self.assert_(UsesColor('xterm', None, 'auto'))
+    self.assert_(UsesColor('dumb', None, 'yes'))
+    self.assert_(UsesColor('xterm', None, 'yes'))
+
+  def testEnvVarOnly(self):
+    """Tests the case when there's GTEST_COLOR but not --gtest_color."""
+
+    self.assert_(not UsesColor('dumb', 'no', None))
+    self.assert_(not UsesColor('xterm-color', 'no', None))
+    if not IS_WINDOWS:
+      self.assert_(not UsesColor('dumb', 'auto', None))
+    self.assert_(UsesColor('xterm-color', 'auto', None))
+    self.assert_(UsesColor('dumb', 'yes', None))
+    self.assert_(UsesColor('xterm-color', 'yes', None))
+
+  def testEnvVarAndFlag(self):
+    """Tests the case when there are both GTEST_COLOR and --gtest_color."""
+
+    self.assert_(not UsesColor('xterm-color', 'no', 'no'))
+    self.assert_(UsesColor('dumb', 'no', 'yes'))
+    self.assert_(UsesColor('xterm-color', 'no', 'auto'))
+
+  def testAliasesOfYesAndNo(self):
+    """Tests using aliases in specifying --gtest_color."""
+
+    self.assert_(UsesColor('dumb', None, 'true'))
+    self.assert_(UsesColor('dumb', None, 'YES'))
+    self.assert_(UsesColor('dumb', None, 'T'))
+    self.assert_(UsesColor('dumb', None, '1'))
+
+    self.assert_(not UsesColor('xterm', None, 'f'))
+    self.assert_(not UsesColor('xterm', None, 'false'))
+    self.assert_(not UsesColor('xterm', None, '0'))
+    self.assert_(not UsesColor('xterm', None, 'unknown'))
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_color_test_.cc b/nss/gtests/google_test/gtest/test/gtest_color_test_.cc
new file mode 100644
index 0000000..f61ebb8
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_color_test_.cc
@@ -0,0 +1,71 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// A helper program for testing how Google Test determines whether to use
+// colors in the output.  It prints "YES" and returns 1 if Google Test
+// decides to use colors, and prints "NO" and returns 0 otherwise.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+using testing::internal::ShouldUseColor;
+
+// The purpose of this is to ensure that the UnitTest singleton is
+// created before main() is entered, and thus that ShouldUseColor()
+// works the same way as in a real Google-Test-based test.  We don't actual
+// run the TEST itself.
+TEST(GTestColorTest, Dummy) {
+}
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  if (ShouldUseColor(true)) {
+    // Google Test decides to use colors in the output (assuming it
+    // goes to a TTY).
+    printf("YES\n");
+    return 1;
+  } else {
+    // Google Test decides not to use colors in the output.
+    printf("NO\n");
+    return 0;
+  }
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_env_var_test.py b/nss/gtests/google_test/gtest/test/gtest_env_var_test.py
new file mode 100755
index 0000000..ac24337
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_env_var_test.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that Google Test correctly parses environment variables."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+
+IS_WINDOWS = os.name == 'nt'
+IS_LINUX = os.name == 'posix' and os.uname()[0] == 'Linux'
+
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_env_var_test_')
+
+environ = os.environ.copy()
+
+
+def AssertEq(expected, actual):
+  if expected != actual:
+    print 'Expected: %s' % (expected,)
+    print '  Actual: %s' % (actual,)
+    raise AssertionError
+
+
+def SetEnvVar(env_var, value):
+  """Sets the env variable to 'value'; unsets it when 'value' is None."""
+
+  if value is not None:
+    environ[env_var] = value
+  elif env_var in environ:
+    del environ[env_var]
+
+
+def GetFlag(flag):
+  """Runs gtest_env_var_test_ and returns its output."""
+
+  args = [COMMAND]
+  if flag is not None:
+    args += [flag]
+  return gtest_test_utils.Subprocess(args, env=environ).output
+
+
+def TestFlag(flag, test_val, default_val):
+  """Verifies that the given flag is affected by the corresponding env var."""
+
+  env_var = 'GTEST_' + flag.upper()
+  SetEnvVar(env_var, test_val)
+  AssertEq(test_val, GetFlag(flag))
+  SetEnvVar(env_var, None)
+  AssertEq(default_val, GetFlag(flag))
+
+
+class GTestEnvVarTest(gtest_test_utils.TestCase):
+  def testEnvVarAffectsFlag(self):
+    """Tests that environment variable should affect the corresponding flag."""
+
+    TestFlag('break_on_failure', '1', '0')
+    TestFlag('color', 'yes', 'auto')
+    TestFlag('filter', 'FooTest.Bar', '*')
+    TestFlag('output', 'xml:tmp/foo.xml', '')
+    TestFlag('print_time', '0', '1')
+    TestFlag('repeat', '999', '1')
+    TestFlag('throw_on_failure', '1', '0')
+    TestFlag('death_test_style', 'threadsafe', 'fast')
+    TestFlag('catch_exceptions', '0', '1')
+
+    if IS_LINUX:
+      TestFlag('death_test_use_fork', '1', '0')
+      TestFlag('stack_trace_depth', '0', '100')
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_env_var_test_.cc b/nss/gtests/google_test/gtest/test/gtest_env_var_test_.cc
new file mode 100644
index 0000000..539afc9
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_env_var_test_.cc
@@ -0,0 +1,126 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// A helper program for testing that Google Test parses the environment
+// variables correctly.
+
+#include "gtest/gtest.h"
+
+#include <iostream>
+
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+using ::std::cout;
+
+namespace testing {
+
+// The purpose of this is to make the test more realistic by ensuring
+// that the UnitTest singleton is created before main() is entered.
+// We don't actual run the TEST itself.
+TEST(GTestEnvVarTest, Dummy) {
+}
+
+void PrintFlag(const char* flag) {
+  if (strcmp(flag, "break_on_failure") == 0) {
+    cout << GTEST_FLAG(break_on_failure);
+    return;
+  }
+
+  if (strcmp(flag, "catch_exceptions") == 0) {
+    cout << GTEST_FLAG(catch_exceptions);
+    return;
+  }
+
+  if (strcmp(flag, "color") == 0) {
+    cout << GTEST_FLAG(color);
+    return;
+  }
+
+  if (strcmp(flag, "death_test_style") == 0) {
+    cout << GTEST_FLAG(death_test_style);
+    return;
+  }
+
+  if (strcmp(flag, "death_test_use_fork") == 0) {
+    cout << GTEST_FLAG(death_test_use_fork);
+    return;
+  }
+
+  if (strcmp(flag, "filter") == 0) {
+    cout << GTEST_FLAG(filter);
+    return;
+  }
+
+  if (strcmp(flag, "output") == 0) {
+    cout << GTEST_FLAG(output);
+    return;
+  }
+
+  if (strcmp(flag, "print_time") == 0) {
+    cout << GTEST_FLAG(print_time);
+    return;
+  }
+
+  if (strcmp(flag, "repeat") == 0) {
+    cout << GTEST_FLAG(repeat);
+    return;
+  }
+
+  if (strcmp(flag, "stack_trace_depth") == 0) {
+    cout << GTEST_FLAG(stack_trace_depth);
+    return;
+  }
+
+  if (strcmp(flag, "throw_on_failure") == 0) {
+    cout << GTEST_FLAG(throw_on_failure);
+    return;
+  }
+
+  cout << "Invalid flag name " << flag
+       << ".  Valid names are break_on_failure, color, filter, etc.\n";
+  exit(1);
+}
+
+}  // namespace testing
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  if (argc != 2) {
+    cout << "Usage: gtest_env_var_test_ NAME_OF_FLAG\n";
+    return 1;
+  }
+
+  testing::PrintFlag(argv[1]);
+  return 0;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_environment_test.cc b/nss/gtests/google_test/gtest/test/gtest_environment_test.cc
new file mode 100644
index 0000000..3cff19e
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_environment_test.cc
@@ -0,0 +1,192 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests using global test environments.
+
+#include <stdlib.h>
+#include <stdio.h>
+#include "gtest/gtest.h"
+
+#define GTEST_IMPLEMENTATION_ 1  // Required for the next #include.
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+GTEST_DECLARE_string_(filter);
+}
+
+namespace {
+
+enum FailureType {
+  NO_FAILURE, NON_FATAL_FAILURE, FATAL_FAILURE
+};
+
+// For testing using global test environments.
+class MyEnvironment : public testing::Environment {
+ public:
+  MyEnvironment() { Reset(); }
+
+  // Depending on the value of failure_in_set_up_, SetUp() will
+  // generate a non-fatal failure, generate a fatal failure, or
+  // succeed.
+  virtual void SetUp() {
+    set_up_was_run_ = true;
+
+    switch (failure_in_set_up_) {
+      case NON_FATAL_FAILURE:
+        ADD_FAILURE() << "Expected non-fatal failure in global set-up.";
+        break;
+      case FATAL_FAILURE:
+        FAIL() << "Expected fatal failure in global set-up.";
+        break;
+      default:
+        break;
+    }
+  }
+
+  // Generates a non-fatal failure.
+  virtual void TearDown() {
+    tear_down_was_run_ = true;
+    ADD_FAILURE() << "Expected non-fatal failure in global tear-down.";
+  }
+
+  // Resets the state of the environment s.t. it can be reused.
+  void Reset() {
+    failure_in_set_up_ = NO_FAILURE;
+    set_up_was_run_ = false;
+    tear_down_was_run_ = false;
+  }
+
+  // We call this function to set the type of failure SetUp() should
+  // generate.
+  void set_failure_in_set_up(FailureType type) {
+    failure_in_set_up_ = type;
+  }
+
+  // Was SetUp() run?
+  bool set_up_was_run() const { return set_up_was_run_; }
+
+  // Was TearDown() run?
+  bool tear_down_was_run() const { return tear_down_was_run_; }
+
+ private:
+  FailureType failure_in_set_up_;
+  bool set_up_was_run_;
+  bool tear_down_was_run_;
+};
+
+// Was the TEST run?
+bool test_was_run;
+
+// The sole purpose of this TEST is to enable us to check whether it
+// was run.
+TEST(FooTest, Bar) {
+  test_was_run = true;
+}
+
+// Prints the message and aborts the program if condition is false.
+void Check(bool condition, const char* msg) {
+  if (!condition) {
+    printf("FAILED: %s\n", msg);
+    testing::internal::posix::Abort();
+  }
+}
+
+// Runs the tests.  Return true iff successful.
+//
+// The 'failure' parameter specifies the type of failure that should
+// be generated by the global set-up.
+int RunAllTests(MyEnvironment* env, FailureType failure) {
+  env->Reset();
+  env->set_failure_in_set_up(failure);
+  test_was_run = false;
+  testing::internal::GetUnitTestImpl()->ClearAdHocTestResult();
+  return RUN_ALL_TESTS();
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  // Registers a global test environment, and verifies that the
+  // registration function returns its argument.
+  MyEnvironment* const env = new MyEnvironment;
+  Check(testing::AddGlobalTestEnvironment(env) == env,
+        "AddGlobalTestEnvironment() should return its argument.");
+
+  // Verifies that RUN_ALL_TESTS() runs the tests when the global
+  // set-up is successful.
+  Check(RunAllTests(env, NO_FAILURE) != 0,
+        "RUN_ALL_TESTS() should return non-zero, as the global tear-down "
+        "should generate a failure.");
+  Check(test_was_run,
+        "The tests should run, as the global set-up should generate no "
+        "failure");
+  Check(env->tear_down_was_run(),
+        "The global tear-down should run, as the global set-up was run.");
+
+  // Verifies that RUN_ALL_TESTS() runs the tests when the global
+  // set-up generates no fatal failure.
+  Check(RunAllTests(env, NON_FATAL_FAILURE) != 0,
+        "RUN_ALL_TESTS() should return non-zero, as both the global set-up "
+        "and the global tear-down should generate a non-fatal failure.");
+  Check(test_was_run,
+        "The tests should run, as the global set-up should generate no "
+        "fatal failure.");
+  Check(env->tear_down_was_run(),
+        "The global tear-down should run, as the global set-up was run.");
+
+  // Verifies that RUN_ALL_TESTS() runs no test when the global set-up
+  // generates a fatal failure.
+  Check(RunAllTests(env, FATAL_FAILURE) != 0,
+        "RUN_ALL_TESTS() should return non-zero, as the global set-up "
+        "should generate a fatal failure.");
+  Check(!test_was_run,
+        "The tests should not run, as the global set-up should generate "
+        "a fatal failure.");
+  Check(env->tear_down_was_run(),
+        "The global tear-down should run, as the global set-up was run.");
+
+  // Verifies that RUN_ALL_TESTS() doesn't do global set-up or
+  // tear-down when there is no test to run.
+  testing::GTEST_FLAG(filter) = "-*";
+  Check(RunAllTests(env, NO_FAILURE) == 0,
+        "RUN_ALL_TESTS() should return zero, as there is no test to run.");
+  Check(!env->set_up_was_run(),
+        "The global set-up should not run, as there is no test to run.");
+  Check(!env->tear_down_was_run(),
+        "The global tear-down should not run, "
+        "as the global set-up was not run.");
+
+  printf("PASS\n");
+  return 0;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_filter_unittest.py b/nss/gtests/google_test/gtest/test/gtest_filter_unittest.py
new file mode 100755
index 0000000..0d1a770
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_filter_unittest.py
@@ -0,0 +1,633 @@
+#!/usr/bin/env python
+#
+# Copyright 2005 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for Google Test test filters.
+
+A user can specify which test(s) in a Google Test program to run via either
+the GTEST_FILTER environment variable or the --gtest_filter flag.
+This script tests such functionality by invoking
+gtest_filter_unittest_ (a program written with Google Test) with different
+environments and command line flags.
+
+Note that test sharding may also influence which tests are filtered. Therefore,
+we test that here also.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sets
+import sys
+
+import gtest_test_utils
+
+# Constants.
+
+# Checks if this platform can pass empty environment variables to child
+# processes.  We set an env variable to an empty string and invoke a python
+# script in a subprocess to print whether the variable is STILL in
+# os.environ.  We then use 'eval' to parse the child's output so that an
+# exception is thrown if the input is anything other than 'True' nor 'False'.
+os.environ['EMPTY_VAR'] = ''
+child = gtest_test_utils.Subprocess(
+    [sys.executable, '-c', 'import os; print \'EMPTY_VAR\' in os.environ'])
+CAN_PASS_EMPTY_ENV = eval(child.output)
+
+
+# Check if this platform can unset environment variables in child processes.
+# We set an env variable to a non-empty string, unset it, and invoke
+# a python script in a subprocess to print whether the variable
+# is NO LONGER in os.environ.
+# We use 'eval' to parse the child's output so that an exception
+# is thrown if the input is neither 'True' nor 'False'.
+os.environ['UNSET_VAR'] = 'X'
+del os.environ['UNSET_VAR']
+child = gtest_test_utils.Subprocess(
+    [sys.executable, '-c', 'import os; print \'UNSET_VAR\' not in os.environ'])
+CAN_UNSET_ENV = eval(child.output)
+
+
+# Checks if we should test with an empty filter. This doesn't
+# make sense on platforms that cannot pass empty env variables (Win32)
+# and on platforms that cannot unset variables (since we cannot tell
+# the difference between "" and NULL -- Borland and Solaris < 5.10)
+CAN_TEST_EMPTY_FILTER = (CAN_PASS_EMPTY_ENV and CAN_UNSET_ENV)
+
+
+# The environment variable for specifying the test filters.
+FILTER_ENV_VAR = 'GTEST_FILTER'
+
+# The environment variables for test sharding.
+TOTAL_SHARDS_ENV_VAR = 'GTEST_TOTAL_SHARDS'
+SHARD_INDEX_ENV_VAR = 'GTEST_SHARD_INDEX'
+SHARD_STATUS_FILE_ENV_VAR = 'GTEST_SHARD_STATUS_FILE'
+
+# The command line flag for specifying the test filters.
+FILTER_FLAG = 'gtest_filter'
+
+# The command line flag for including disabled tests.
+ALSO_RUN_DISABED_TESTS_FLAG = 'gtest_also_run_disabled_tests'
+
+# Command to run the gtest_filter_unittest_ program.
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_filter_unittest_')
+
+# Regex for determining whether parameterized tests are enabled in the binary.
+PARAM_TEST_REGEX = re.compile(r'/ParamTest')
+
+# Regex for parsing test case names from Google Test's output.
+TEST_CASE_REGEX = re.compile(r'^\[\-+\] \d+ tests? from (\w+(/\w+)?)')
+
+# Regex for parsing test names from Google Test's output.
+TEST_REGEX = re.compile(r'^\[\s*RUN\s*\].*\.(\w+(/\w+)?)')
+
+# The command line flag to tell Google Test to output the list of tests it
+# will run.
+LIST_TESTS_FLAG = '--gtest_list_tests'
+
+# Indicates whether Google Test supports death tests.
+SUPPORTS_DEATH_TESTS = 'HasDeathTest' in gtest_test_utils.Subprocess(
+    [COMMAND, LIST_TESTS_FLAG]).output
+
+# Full names of all tests in gtest_filter_unittests_.
+PARAM_TESTS = [
+    'SeqP/ParamTest.TestX/0',
+    'SeqP/ParamTest.TestX/1',
+    'SeqP/ParamTest.TestY/0',
+    'SeqP/ParamTest.TestY/1',
+    'SeqQ/ParamTest.TestX/0',
+    'SeqQ/ParamTest.TestX/1',
+    'SeqQ/ParamTest.TestY/0',
+    'SeqQ/ParamTest.TestY/1',
+    ]
+
+DISABLED_TESTS = [
+    'BarTest.DISABLED_TestFour',
+    'BarTest.DISABLED_TestFive',
+    'BazTest.DISABLED_TestC',
+    'DISABLED_FoobarTest.Test1',
+    'DISABLED_FoobarTest.DISABLED_Test2',
+    'DISABLED_FoobarbazTest.TestA',
+    ]
+
+if SUPPORTS_DEATH_TESTS:
+  DEATH_TESTS = [
+    'HasDeathTest.Test1',
+    'HasDeathTest.Test2',
+    ]
+else:
+  DEATH_TESTS = []
+
+# All the non-disabled tests.
+ACTIVE_TESTS = [
+    'FooTest.Abc',
+    'FooTest.Xyz',
+
+    'BarTest.TestOne',
+    'BarTest.TestTwo',
+    'BarTest.TestThree',
+
+    'BazTest.TestOne',
+    'BazTest.TestA',
+    'BazTest.TestB',
+    ] + DEATH_TESTS + PARAM_TESTS
+
+param_tests_present = None
+
+# Utilities.
+
+environ = os.environ.copy()
+
+
+def SetEnvVar(env_var, value):
+  """Sets the env variable to 'value'; unsets it when 'value' is None."""
+
+  if value is not None:
+    environ[env_var] = value
+  elif env_var in environ:
+    del environ[env_var]
+
+
+def RunAndReturnOutput(args = None):
+  """Runs the test program and returns its output."""
+
+  return gtest_test_utils.Subprocess([COMMAND] + (args or []),
+                                     env=environ).output
+
+
+def RunAndExtractTestList(args = None):
+  """Runs the test program and returns its exit code and a list of tests run."""
+
+  p = gtest_test_utils.Subprocess([COMMAND] + (args or []), env=environ)
+  tests_run = []
+  test_case = ''
+  test = ''
+  for line in p.output.split('\n'):
+    match = TEST_CASE_REGEX.match(line)
+    if match is not None:
+      test_case = match.group(1)
+    else:
+      match = TEST_REGEX.match(line)
+      if match is not None:
+        test = match.group(1)
+        tests_run.append(test_case + '.' + test)
+  return (tests_run, p.exit_code)
+
+
+def InvokeWithModifiedEnv(extra_env, function, *args, **kwargs):
+  """Runs the given function and arguments in a modified environment."""
+  try:
+    original_env = environ.copy()
+    environ.update(extra_env)
+    return function(*args, **kwargs)
+  finally:
+    environ.clear()
+    environ.update(original_env)
+
+
+def RunWithSharding(total_shards, shard_index, command):
+  """Runs a test program shard and returns exit code and a list of tests run."""
+
+  extra_env = {SHARD_INDEX_ENV_VAR: str(shard_index),
+               TOTAL_SHARDS_ENV_VAR: str(total_shards)}
+  return InvokeWithModifiedEnv(extra_env, RunAndExtractTestList, command)
+
+# The unit test.
+
+
+class GTestFilterUnitTest(gtest_test_utils.TestCase):
+  """Tests the env variable or the command line flag to filter tests."""
+
+  # Utilities.
+
+  def AssertSetEqual(self, lhs, rhs):
+    """Asserts that two sets are equal."""
+
+    for elem in lhs:
+      self.assert_(elem in rhs, '%s in %s' % (elem, rhs))
+
+    for elem in rhs:
+      self.assert_(elem in lhs, '%s in %s' % (elem, lhs))
+
+  def AssertPartitionIsValid(self, set_var, list_of_sets):
+    """Asserts that list_of_sets is a valid partition of set_var."""
+
+    full_partition = []
+    for slice_var in list_of_sets:
+      full_partition.extend(slice_var)
+    self.assertEqual(len(set_var), len(full_partition))
+    self.assertEqual(sets.Set(set_var), sets.Set(full_partition))
+
+  def AdjustForParameterizedTests(self, tests_to_run):
+    """Adjust tests_to_run in case value parameterized tests are disabled."""
+
+    global param_tests_present
+    if not param_tests_present:
+      return list(sets.Set(tests_to_run) - sets.Set(PARAM_TESTS))
+    else:
+      return tests_to_run
+
+  def RunAndVerify(self, gtest_filter, tests_to_run):
+    """Checks that the binary runs correct set of tests for a given filter."""
+
+    tests_to_run = self.AdjustForParameterizedTests(tests_to_run)
+
+    # First, tests using the environment variable.
+
+    # Windows removes empty variables from the environment when passing it
+    # to a new process.  This means it is impossible to pass an empty filter
+    # into a process using the environment variable.  However, we can still
+    # test the case when the variable is not supplied (i.e., gtest_filter is
+    # None).
+    # pylint: disable-msg=C6403
+    if CAN_TEST_EMPTY_FILTER or gtest_filter != '':
+      SetEnvVar(FILTER_ENV_VAR, gtest_filter)
+      tests_run = RunAndExtractTestList()[0]
+      SetEnvVar(FILTER_ENV_VAR, None)
+      self.AssertSetEqual(tests_run, tests_to_run)
+    # pylint: enable-msg=C6403
+
+    # Next, tests using the command line flag.
+
+    if gtest_filter is None:
+      args = []
+    else:
+      args = ['--%s=%s' % (FILTER_FLAG, gtest_filter)]
+
+    tests_run = RunAndExtractTestList(args)[0]
+    self.AssertSetEqual(tests_run, tests_to_run)
+
+  def RunAndVerifyWithSharding(self, gtest_filter, total_shards, tests_to_run,
+                               args=None, check_exit_0=False):
+    """Checks that binary runs correct tests for the given filter and shard.
+
+    Runs all shards of gtest_filter_unittest_ with the given filter, and
+    verifies that the right set of tests were run. The union of tests run
+    on each shard should be identical to tests_to_run, without duplicates.
+
+    Args:
+      gtest_filter: A filter to apply to the tests.
+      total_shards: A total number of shards to split test run into.
+      tests_to_run: A set of tests expected to run.
+      args   :      Arguments to pass to the to the test binary.
+      check_exit_0: When set to a true value, make sure that all shards
+                    return 0.
+    """
+
+    tests_to_run = self.AdjustForParameterizedTests(tests_to_run)
+
+    # Windows removes empty variables from the environment when passing it
+    # to a new process.  This means it is impossible to pass an empty filter
+    # into a process using the environment variable.  However, we can still
+    # test the case when the variable is not supplied (i.e., gtest_filter is
+    # None).
+    # pylint: disable-msg=C6403
+    if CAN_TEST_EMPTY_FILTER or gtest_filter != '':
+      SetEnvVar(FILTER_ENV_VAR, gtest_filter)
+      partition = []
+      for i in range(0, total_shards):
+        (tests_run, exit_code) = RunWithSharding(total_shards, i, args)
+        if check_exit_0:
+          self.assertEqual(0, exit_code)
+        partition.append(tests_run)
+
+      self.AssertPartitionIsValid(tests_to_run, partition)
+      SetEnvVar(FILTER_ENV_VAR, None)
+    # pylint: enable-msg=C6403
+
+  def RunAndVerifyAllowingDisabled(self, gtest_filter, tests_to_run):
+    """Checks that the binary runs correct set of tests for the given filter.
+
+    Runs gtest_filter_unittest_ with the given filter, and enables
+    disabled tests. Verifies that the right set of tests were run.
+
+    Args:
+      gtest_filter: A filter to apply to the tests.
+      tests_to_run: A set of tests expected to run.
+    """
+
+    tests_to_run = self.AdjustForParameterizedTests(tests_to_run)
+
+    # Construct the command line.
+    args = ['--%s' % ALSO_RUN_DISABED_TESTS_FLAG]
+    if gtest_filter is not None:
+      args.append('--%s=%s' % (FILTER_FLAG, gtest_filter))
+
+    tests_run = RunAndExtractTestList(args)[0]
+    self.AssertSetEqual(tests_run, tests_to_run)
+
+  def setUp(self):
+    """Sets up test case.
+
+    Determines whether value-parameterized tests are enabled in the binary and
+    sets the flags accordingly.
+    """
+
+    global param_tests_present
+    if param_tests_present is None:
+      param_tests_present = PARAM_TEST_REGEX.search(
+          RunAndReturnOutput()) is not None
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of not specifying the filter."""
+
+    self.RunAndVerify(None, ACTIVE_TESTS)
+
+  def testDefaultBehaviorWithShards(self):
+    """Tests the behavior without the filter, with sharding enabled."""
+
+    self.RunAndVerifyWithSharding(None, 1, ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, 2, ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, len(ACTIVE_TESTS) - 1, ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, len(ACTIVE_TESTS), ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding(None, len(ACTIVE_TESTS) + 1, ACTIVE_TESTS)
+
+  def testEmptyFilter(self):
+    """Tests an empty filter."""
+
+    self.RunAndVerify('', [])
+    self.RunAndVerifyWithSharding('', 1, [])
+    self.RunAndVerifyWithSharding('', 2, [])
+
+  def testBadFilter(self):
+    """Tests a filter that matches nothing."""
+
+    self.RunAndVerify('BadFilter', [])
+    self.RunAndVerifyAllowingDisabled('BadFilter', [])
+
+  def testFullName(self):
+    """Tests filtering by full name."""
+
+    self.RunAndVerify('FooTest.Xyz', ['FooTest.Xyz'])
+    self.RunAndVerifyAllowingDisabled('FooTest.Xyz', ['FooTest.Xyz'])
+    self.RunAndVerifyWithSharding('FooTest.Xyz', 5, ['FooTest.Xyz'])
+
+  def testUniversalFilters(self):
+    """Tests filters that match everything."""
+
+    self.RunAndVerify('*', ACTIVE_TESTS)
+    self.RunAndVerify('*.*', ACTIVE_TESTS)
+    self.RunAndVerifyWithSharding('*.*', len(ACTIVE_TESTS) - 3, ACTIVE_TESTS)
+    self.RunAndVerifyAllowingDisabled('*', ACTIVE_TESTS + DISABLED_TESTS)
+    self.RunAndVerifyAllowingDisabled('*.*', ACTIVE_TESTS + DISABLED_TESTS)
+
+  def testFilterByTestCase(self):
+    """Tests filtering by test case name."""
+
+    self.RunAndVerify('FooTest.*', ['FooTest.Abc', 'FooTest.Xyz'])
+
+    BAZ_TESTS = ['BazTest.TestOne', 'BazTest.TestA', 'BazTest.TestB']
+    self.RunAndVerify('BazTest.*', BAZ_TESTS)
+    self.RunAndVerifyAllowingDisabled('BazTest.*',
+                                      BAZ_TESTS + ['BazTest.DISABLED_TestC'])
+
+  def testFilterByTest(self):
+    """Tests filtering by test name."""
+
+    self.RunAndVerify('*.TestOne', ['BarTest.TestOne', 'BazTest.TestOne'])
+
+  def testFilterDisabledTests(self):
+    """Select only the disabled tests to run."""
+
+    self.RunAndVerify('DISABLED_FoobarTest.Test1', [])
+    self.RunAndVerifyAllowingDisabled('DISABLED_FoobarTest.Test1',
+                                      ['DISABLED_FoobarTest.Test1'])
+
+    self.RunAndVerify('*DISABLED_*', [])
+    self.RunAndVerifyAllowingDisabled('*DISABLED_*', DISABLED_TESTS)
+
+    self.RunAndVerify('*.DISABLED_*', [])
+    self.RunAndVerifyAllowingDisabled('*.DISABLED_*', [
+        'BarTest.DISABLED_TestFour',
+        'BarTest.DISABLED_TestFive',
+        'BazTest.DISABLED_TestC',
+        'DISABLED_FoobarTest.DISABLED_Test2',
+        ])
+
+    self.RunAndVerify('DISABLED_*', [])
+    self.RunAndVerifyAllowingDisabled('DISABLED_*', [
+        'DISABLED_FoobarTest.Test1',
+        'DISABLED_FoobarTest.DISABLED_Test2',
+        'DISABLED_FoobarbazTest.TestA',
+        ])
+
+  def testWildcardInTestCaseName(self):
+    """Tests using wildcard in the test case name."""
+
+    self.RunAndVerify('*a*.*', [
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+
+        'BazTest.TestOne',
+        'BazTest.TestA',
+        'BazTest.TestB', ] + DEATH_TESTS + PARAM_TESTS)
+
+  def testWildcardInTestName(self):
+    """Tests using wildcard in the test name."""
+
+    self.RunAndVerify('*.*A*', ['FooTest.Abc', 'BazTest.TestA'])
+
+  def testFilterWithoutDot(self):
+    """Tests a filter that has no '.' in it."""
+
+    self.RunAndVerify('*z*', [
+        'FooTest.Xyz',
+
+        'BazTest.TestOne',
+        'BazTest.TestA',
+        'BazTest.TestB',
+        ])
+
+  def testTwoPatterns(self):
+    """Tests filters that consist of two patterns."""
+
+    self.RunAndVerify('Foo*.*:*A*', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BazTest.TestA',
+        ])
+
+    # An empty pattern + a non-empty one
+    self.RunAndVerify(':*A*', ['FooTest.Abc', 'BazTest.TestA'])
+
+  def testThreePatterns(self):
+    """Tests filters that consist of three patterns."""
+
+    self.RunAndVerify('*oo*:*A*:*One', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+
+        'BazTest.TestOne',
+        'BazTest.TestA',
+        ])
+
+    # The 2nd pattern is empty.
+    self.RunAndVerify('*oo*::*One', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+
+        'BazTest.TestOne',
+        ])
+
+    # The last 2 patterns are empty.
+    self.RunAndVerify('*oo*::', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+        ])
+
+  def testNegativeFilters(self):
+    self.RunAndVerify('*-BazTest.TestOne', [
+        'FooTest.Abc',
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+
+        'BazTest.TestA',
+        'BazTest.TestB',
+        ] + DEATH_TESTS + PARAM_TESTS)
+
+    self.RunAndVerify('*-FooTest.Abc:BazTest.*', [
+        'FooTest.Xyz',
+
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+        ] + DEATH_TESTS + PARAM_TESTS)
+
+    self.RunAndVerify('BarTest.*-BarTest.TestOne', [
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+        ])
+
+    # Tests without leading '*'.
+    self.RunAndVerify('-FooTest.Abc:FooTest.Xyz:BazTest.*', [
+        'BarTest.TestOne',
+        'BarTest.TestTwo',
+        'BarTest.TestThree',
+        ] + DEATH_TESTS + PARAM_TESTS)
+
+    # Value parameterized tests.
+    self.RunAndVerify('*/*', PARAM_TESTS)
+
+    # Value parameterized tests filtering by the sequence name.
+    self.RunAndVerify('SeqP/*', [
+        'SeqP/ParamTest.TestX/0',
+        'SeqP/ParamTest.TestX/1',
+        'SeqP/ParamTest.TestY/0',
+        'SeqP/ParamTest.TestY/1',
+        ])
+
+    # Value parameterized tests filtering by the test name.
+    self.RunAndVerify('*/0', [
+        'SeqP/ParamTest.TestX/0',
+        'SeqP/ParamTest.TestY/0',
+        'SeqQ/ParamTest.TestX/0',
+        'SeqQ/ParamTest.TestY/0',
+        ])
+
+  def testFlagOverridesEnvVar(self):
+    """Tests that the filter flag overrides the filtering env. variable."""
+
+    SetEnvVar(FILTER_ENV_VAR, 'Foo*')
+    args = ['--%s=%s' % (FILTER_FLAG, '*One')]
+    tests_run = RunAndExtractTestList(args)[0]
+    SetEnvVar(FILTER_ENV_VAR, None)
+
+    self.AssertSetEqual(tests_run, ['BarTest.TestOne', 'BazTest.TestOne'])
+
+  def testShardStatusFileIsCreated(self):
+    """Tests that the shard file is created if specified in the environment."""
+
+    shard_status_file = os.path.join(gtest_test_utils.GetTempDir(),
+                                     'shard_status_file')
+    self.assert_(not os.path.exists(shard_status_file))
+
+    extra_env = {SHARD_STATUS_FILE_ENV_VAR: shard_status_file}
+    try:
+      InvokeWithModifiedEnv(extra_env, RunAndReturnOutput)
+    finally:
+      self.assert_(os.path.exists(shard_status_file))
+      os.remove(shard_status_file)
+
+  def testShardStatusFileIsCreatedWithListTests(self):
+    """Tests that the shard file is created with the "list_tests" flag."""
+
+    shard_status_file = os.path.join(gtest_test_utils.GetTempDir(),
+                                     'shard_status_file2')
+    self.assert_(not os.path.exists(shard_status_file))
+
+    extra_env = {SHARD_STATUS_FILE_ENV_VAR: shard_status_file}
+    try:
+      output = InvokeWithModifiedEnv(extra_env,
+                                     RunAndReturnOutput,
+                                     [LIST_TESTS_FLAG])
+    finally:
+      # This assertion ensures that Google Test enumerated the tests as
+      # opposed to running them.
+      self.assert_('[==========]' not in output,
+                   'Unexpected output during test enumeration.\n'
+                   'Please ensure that LIST_TESTS_FLAG is assigned the\n'
+                   'correct flag value for listing Google Test tests.')
+
+      self.assert_(os.path.exists(shard_status_file))
+      os.remove(shard_status_file)
+
+  if SUPPORTS_DEATH_TESTS:
+    def testShardingWorksWithDeathTests(self):
+      """Tests integration with death tests and sharding."""
+
+      gtest_filter = 'HasDeathTest.*:SeqP/*'
+      expected_tests = [
+          'HasDeathTest.Test1',
+          'HasDeathTest.Test2',
+
+          'SeqP/ParamTest.TestX/0',
+          'SeqP/ParamTest.TestX/1',
+          'SeqP/ParamTest.TestY/0',
+          'SeqP/ParamTest.TestY/1',
+          ]
+
+      for flag in ['--gtest_death_test_style=threadsafe',
+                   '--gtest_death_test_style=fast']:
+        self.RunAndVerifyWithSharding(gtest_filter, 3, expected_tests,
+                                      check_exit_0=True, args=[flag])
+        self.RunAndVerifyWithSharding(gtest_filter, 5, expected_tests,
+                                      check_exit_0=True, args=[flag])
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_filter_unittest_.cc b/nss/gtests/google_test/gtest/test/gtest_filter_unittest_.cc
new file mode 100644
index 0000000..77deffc
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_filter_unittest_.cc
@@ -0,0 +1,140 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Unit test for Google Test test filters.
+//
+// A user can specify which test(s) in a Google Test program to run via
+// either the GTEST_FILTER environment variable or the --gtest_filter
+// flag.  This is used for testing such functionality.
+//
+// The program will be invoked from a Python unit test.  Don't run it
+// directly.
+
+#include "gtest/gtest.h"
+
+namespace {
+
+// Test case FooTest.
+
+class FooTest : public testing::Test {
+};
+
+TEST_F(FooTest, Abc) {
+}
+
+TEST_F(FooTest, Xyz) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case BarTest.
+
+TEST(BarTest, TestOne) {
+}
+
+TEST(BarTest, TestTwo) {
+}
+
+TEST(BarTest, TestThree) {
+}
+
+TEST(BarTest, DISABLED_TestFour) {
+  FAIL() << "Expected failure.";
+}
+
+TEST(BarTest, DISABLED_TestFive) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case BazTest.
+
+TEST(BazTest, TestOne) {
+  FAIL() << "Expected failure.";
+}
+
+TEST(BazTest, TestA) {
+}
+
+TEST(BazTest, TestB) {
+}
+
+TEST(BazTest, DISABLED_TestC) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case HasDeathTest
+
+TEST(HasDeathTest, Test1) {
+  EXPECT_DEATH_IF_SUPPORTED(exit(1), ".*");
+}
+
+// We need at least two death tests to make sure that the all death tests
+// aren't on the first shard.
+TEST(HasDeathTest, Test2) {
+  EXPECT_DEATH_IF_SUPPORTED(exit(1), ".*");
+}
+
+// Test case FoobarTest
+
+TEST(DISABLED_FoobarTest, Test1) {
+  FAIL() << "Expected failure.";
+}
+
+TEST(DISABLED_FoobarTest, DISABLED_Test2) {
+  FAIL() << "Expected failure.";
+}
+
+// Test case FoobarbazTest
+
+TEST(DISABLED_FoobarbazTest, TestA) {
+  FAIL() << "Expected failure.";
+}
+
+#if GTEST_HAS_PARAM_TEST
+class ParamTest : public testing::TestWithParam<int> {
+};
+
+TEST_P(ParamTest, TestX) {
+}
+
+TEST_P(ParamTest, TestY) {
+}
+
+INSTANTIATE_TEST_CASE_P(SeqP, ParamTest, testing::Values(1, 2));
+INSTANTIATE_TEST_CASE_P(SeqQ, ParamTest, testing::Values(5, 6));
+#endif  // GTEST_HAS_PARAM_TEST
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_help_test.py b/nss/gtests/google_test/gtest/test/gtest_help_test.py
new file mode 100755
index 0000000..093c838
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_help_test.py
@@ -0,0 +1,172 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests the --help flag of Google C++ Testing Framework.
+
+SYNOPSIS
+       gtest_help_test.py --build_dir=BUILD/DIR
+         # where BUILD/DIR contains the built gtest_help_test_ file.
+       gtest_help_test.py
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import gtest_test_utils
+
+
+IS_LINUX = os.name == 'posix' and os.uname()[0] == 'Linux'
+IS_WINDOWS = os.name == 'nt'
+
+PROGRAM_PATH = gtest_test_utils.GetTestExecutablePath('gtest_help_test_')
+FLAG_PREFIX = '--gtest_'
+DEATH_TEST_STYLE_FLAG = FLAG_PREFIX + 'death_test_style'
+STREAM_RESULT_TO_FLAG = FLAG_PREFIX + 'stream_result_to'
+UNKNOWN_FLAG = FLAG_PREFIX + 'unknown_flag_for_testing'
+LIST_TESTS_FLAG = FLAG_PREFIX + 'list_tests'
+INCORRECT_FLAG_VARIANTS = [re.sub('^--', '-', LIST_TESTS_FLAG),
+                           re.sub('^--', '/', LIST_TESTS_FLAG),
+                           re.sub('_', '-', LIST_TESTS_FLAG)]
+INTERNAL_FLAG_FOR_TESTING = FLAG_PREFIX + 'internal_flag_for_testing'
+
+SUPPORTS_DEATH_TESTS = "DeathTest" in gtest_test_utils.Subprocess(
+    [PROGRAM_PATH, LIST_TESTS_FLAG]).output
+
+# The help message must match this regex.
+HELP_REGEX = re.compile(
+    FLAG_PREFIX + r'list_tests.*' +
+    FLAG_PREFIX + r'filter=.*' +
+    FLAG_PREFIX + r'also_run_disabled_tests.*' +
+    FLAG_PREFIX + r'repeat=.*' +
+    FLAG_PREFIX + r'shuffle.*' +
+    FLAG_PREFIX + r'random_seed=.*' +
+    FLAG_PREFIX + r'color=.*' +
+    FLAG_PREFIX + r'print_time.*' +
+    FLAG_PREFIX + r'output=.*' +
+    FLAG_PREFIX + r'break_on_failure.*' +
+    FLAG_PREFIX + r'throw_on_failure.*' +
+    FLAG_PREFIX + r'catch_exceptions=0.*',
+    re.DOTALL)
+
+
+def RunWithFlag(flag):
+  """Runs gtest_help_test_ with the given flag.
+
+  Returns:
+    the exit code and the text output as a tuple.
+  Args:
+    flag: the command-line flag to pass to gtest_help_test_, or None.
+  """
+
+  if flag is None:
+    command = [PROGRAM_PATH]
+  else:
+    command = [PROGRAM_PATH, flag]
+  child = gtest_test_utils.Subprocess(command)
+  return child.exit_code, child.output
+
+
+class GTestHelpTest(gtest_test_utils.TestCase):
+  """Tests the --help flag and its equivalent forms."""
+
+  def TestHelpFlag(self, flag):
+    """Verifies correct behavior when help flag is specified.
+
+    The right message must be printed and the tests must
+    skipped when the given flag is specified.
+
+    Args:
+      flag:  A flag to pass to the binary or None.
+    """
+
+    exit_code, output = RunWithFlag(flag)
+    self.assertEquals(0, exit_code)
+    self.assert_(HELP_REGEX.search(output), output)
+
+    if IS_LINUX:
+      self.assert_(STREAM_RESULT_TO_FLAG in output, output)
+    else:
+      self.assert_(STREAM_RESULT_TO_FLAG not in output, output)
+
+    if SUPPORTS_DEATH_TESTS and not IS_WINDOWS:
+      self.assert_(DEATH_TEST_STYLE_FLAG in output, output)
+    else:
+      self.assert_(DEATH_TEST_STYLE_FLAG not in output, output)
+
+  def TestNonHelpFlag(self, flag):
+    """Verifies correct behavior when no help flag is specified.
+
+    Verifies that when no help flag is specified, the tests are run
+    and the help message is not printed.
+
+    Args:
+      flag:  A flag to pass to the binary or None.
+    """
+
+    exit_code, output = RunWithFlag(flag)
+    self.assert_(exit_code != 0)
+    self.assert_(not HELP_REGEX.search(output), output)
+
+  def testPrintsHelpWithFullFlag(self):
+    self.TestHelpFlag('--help')
+
+  def testPrintsHelpWithShortFlag(self):
+    self.TestHelpFlag('-h')
+
+  def testPrintsHelpWithQuestionFlag(self):
+    self.TestHelpFlag('-?')
+
+  def testPrintsHelpWithWindowsStyleQuestionFlag(self):
+    self.TestHelpFlag('/?')
+
+  def testPrintsHelpWithUnrecognizedGoogleTestFlag(self):
+    self.TestHelpFlag(UNKNOWN_FLAG)
+
+  def testPrintsHelpWithIncorrectFlagStyle(self):
+    for incorrect_flag in INCORRECT_FLAG_VARIANTS:
+      self.TestHelpFlag(incorrect_flag)
+
+  def testRunsTestsWithoutHelpFlag(self):
+    """Verifies that when no help flag is specified, the tests are run
+    and the help message is not printed."""
+
+    self.TestNonHelpFlag(None)
+
+  def testRunsTestsWithGtestInternalFlag(self):
+    """Verifies that the tests are run and no help message is printed when
+    a flag starting with Google Test prefix and 'internal_' is supplied."""
+
+    self.TestNonHelpFlag(INTERNAL_FLAG_FOR_TESTING)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_help_test_.cc b/nss/gtests/google_test/gtest/test/gtest_help_test_.cc
new file mode 100644
index 0000000..31f78c2
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_help_test_.cc
@@ -0,0 +1,46 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// This program is meant to be run by gtest_help_test.py.  Do not run
+// it directly.
+
+#include "gtest/gtest.h"
+
+// When a help flag is specified, this program should skip the tests
+// and exit with 0; otherwise the following test will be executed,
+// causing this program to exit with a non-zero code.
+TEST(HelpFlagTest, ShouldNotBeRun) {
+  ASSERT_TRUE(false) << "Tests shouldn't be run when --help is specified.";
+}
+
+#if GTEST_HAS_DEATH_TEST
+TEST(DeathTest, UsedByPythonScriptToDetectSupportForDeathTestsInThisBinary) {}
+#endif
diff --git a/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest.py b/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest.py
new file mode 100755
index 0000000..925b09d
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest.py
@@ -0,0 +1,207 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for Google Test's --gtest_list_tests flag.
+
+A user can ask Google Test to list all tests by specifying the
+--gtest_list_tests flag.  This script tests such functionality
+by invoking gtest_list_tests_unittest_ (a program written with
+Google Test) the command line flags.
+"""
+
+__author__ = 'phanna@google.com (Patrick Hanna)'
+
+import gtest_test_utils
+import re
+
+
+# Constants.
+
+# The command line flag for enabling/disabling listing all tests.
+LIST_TESTS_FLAG = 'gtest_list_tests'
+
+# Path to the gtest_list_tests_unittest_ program.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath('gtest_list_tests_unittest_')
+
+# The expected output when running gtest_list_tests_unittest_ with
+# --gtest_list_tests
+EXPECTED_OUTPUT_NO_FILTER_RE = re.compile(r"""FooDeathTest\.
+  Test1
+Foo\.
+  Bar1
+  Bar2
+  DISABLED_Bar3
+Abc\.
+  Xyz
+  Def
+FooBar\.
+  Baz
+FooTest\.
+  Test1
+  DISABLED_Test2
+  Test3
+TypedTest/0\.  # TypeParam = (VeryLo{245}|class VeryLo{239})\.\.\.
+  TestA
+  TestB
+TypedTest/1\.  # TypeParam = int\s*\*
+  TestA
+  TestB
+TypedTest/2\.  # TypeParam = .*MyArray<bool,\s*42>
+  TestA
+  TestB
+My/TypeParamTest/0\.  # TypeParam = (VeryLo{245}|class VeryLo{239})\.\.\.
+  TestA
+  TestB
+My/TypeParamTest/1\.  # TypeParam = int\s*\*
+  TestA
+  TestB
+My/TypeParamTest/2\.  # TypeParam = .*MyArray<bool,\s*42>
+  TestA
+  TestB
+MyInstantiation/ValueParamTest\.
+  TestA/0  # GetParam\(\) = one line
+  TestA/1  # GetParam\(\) = two\\nlines
+  TestA/2  # GetParam\(\) = a very\\nlo{241}\.\.\.
+  TestB/0  # GetParam\(\) = one line
+  TestB/1  # GetParam\(\) = two\\nlines
+  TestB/2  # GetParam\(\) = a very\\nlo{241}\.\.\.
+""")
+
+# The expected output when running gtest_list_tests_unittest_ with
+# --gtest_list_tests and --gtest_filter=Foo*.
+EXPECTED_OUTPUT_FILTER_FOO_RE = re.compile(r"""FooDeathTest\.
+  Test1
+Foo\.
+  Bar1
+  Bar2
+  DISABLED_Bar3
+FooBar\.
+  Baz
+FooTest\.
+  Test1
+  DISABLED_Test2
+  Test3
+""")
+
+# Utilities.
+
+
+def Run(args):
+  """Runs gtest_list_tests_unittest_ and returns the list of tests printed."""
+
+  return gtest_test_utils.Subprocess([EXE_PATH] + args,
+                                     capture_stderr=False).output
+
+
+# The unit test.
+
+class GTestListTestsUnitTest(gtest_test_utils.TestCase):
+  """Tests using the --gtest_list_tests flag to list all tests."""
+
+  def RunAndVerify(self, flag_value, expected_output_re, other_flag):
+    """Runs gtest_list_tests_unittest_ and verifies that it prints
+    the correct tests.
+
+    Args:
+      flag_value:         value of the --gtest_list_tests flag;
+                          None if the flag should not be present.
+      expected_output_re: regular expression that matches the expected
+                          output after running command;
+      other_flag:         a different flag to be passed to command
+                          along with gtest_list_tests;
+                          None if the flag should not be present.
+    """
+
+    if flag_value is None:
+      flag = ''
+      flag_expression = 'not set'
+    elif flag_value == '0':
+      flag = '--%s=0' % LIST_TESTS_FLAG
+      flag_expression = '0'
+    else:
+      flag = '--%s' % LIST_TESTS_FLAG
+      flag_expression = '1'
+
+    args = [flag]
+
+    if other_flag is not None:
+      args += [other_flag]
+
+    output = Run(args)
+
+    if expected_output_re:
+      self.assert_(
+          expected_output_re.match(output),
+          ('when %s is %s, the output of "%s" is "%s",\n'
+           'which does not match regex "%s"' %
+           (LIST_TESTS_FLAG, flag_expression, ' '.join(args), output,
+            expected_output_re.pattern)))
+    else:
+      self.assert_(
+          not EXPECTED_OUTPUT_NO_FILTER_RE.match(output),
+          ('when %s is %s, the output of "%s" is "%s"'%
+           (LIST_TESTS_FLAG, flag_expression, ' '.join(args), output)))
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of the default mode."""
+
+    self.RunAndVerify(flag_value=None,
+                      expected_output_re=None,
+                      other_flag=None)
+
+  def testFlag(self):
+    """Tests using the --gtest_list_tests flag."""
+
+    self.RunAndVerify(flag_value='0',
+                      expected_output_re=None,
+                      other_flag=None)
+    self.RunAndVerify(flag_value='1',
+                      expected_output_re=EXPECTED_OUTPUT_NO_FILTER_RE,
+                      other_flag=None)
+
+  def testOverrideNonFilterFlags(self):
+    """Tests that --gtest_list_tests overrides the non-filter flags."""
+
+    self.RunAndVerify(flag_value='1',
+                      expected_output_re=EXPECTED_OUTPUT_NO_FILTER_RE,
+                      other_flag='--gtest_break_on_failure')
+
+  def testWithFilterFlags(self):
+    """Tests that --gtest_list_tests takes into account the
+    --gtest_filter flag."""
+
+    self.RunAndVerify(flag_value='1',
+                      expected_output_re=EXPECTED_OUTPUT_FILTER_FOO_RE,
+                      other_flag='--gtest_filter=Foo*')
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest_.cc b/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest_.cc
new file mode 100644
index 0000000..907c176
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_list_tests_unittest_.cc
@@ -0,0 +1,157 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: phanna@google.com (Patrick Hanna)
+
+// Unit test for Google Test's --gtest_list_tests flag.
+//
+// A user can ask Google Test to list all tests that will run
+// so that when using a filter, a user will know what
+// tests to look for. The tests will not be run after listing.
+//
+// This program will be invoked from a Python unit test.
+// Don't run it directly.
+
+#include "gtest/gtest.h"
+
+// Several different test cases and tests that will be listed.
+TEST(Foo, Bar1) {
+}
+
+TEST(Foo, Bar2) {
+}
+
+TEST(Foo, DISABLED_Bar3) {
+}
+
+TEST(Abc, Xyz) {
+}
+
+TEST(Abc, Def) {
+}
+
+TEST(FooBar, Baz) {
+}
+
+class FooTest : public testing::Test {
+};
+
+TEST_F(FooTest, Test1) {
+}
+
+TEST_F(FooTest, DISABLED_Test2) {
+}
+
+TEST_F(FooTest, Test3) {
+}
+
+TEST(FooDeathTest, Test1) {
+}
+
+// A group of value-parameterized tests.
+
+class MyType {
+ public:
+  explicit MyType(const std::string& a_value) : value_(a_value) {}
+
+  const std::string& value() const { return value_; }
+
+ private:
+  std::string value_;
+};
+
+// Teaches Google Test how to print a MyType.
+void PrintTo(const MyType& x, std::ostream* os) {
+  *os << x.value();
+}
+
+class ValueParamTest : public testing::TestWithParam<MyType> {
+};
+
+TEST_P(ValueParamTest, TestA) {
+}
+
+TEST_P(ValueParamTest, TestB) {
+}
+
+INSTANTIATE_TEST_CASE_P(
+    MyInstantiation, ValueParamTest,
+    testing::Values(MyType("one line"),
+                    MyType("two\nlines"),
+                    MyType("a very\nloooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooong line")));  // NOLINT
+
+// A group of typed tests.
+
+// A deliberately long type name for testing the line-truncating
+// behavior when printing a type parameter.
+class VeryLoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooogName {  // NOLINT
+};
+
+template <typename T>
+class TypedTest : public testing::Test {
+};
+
+template <typename T, int kSize>
+class MyArray {
+};
+
+typedef testing::Types<VeryLoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooogName,  // NOLINT
+                       int*, MyArray<bool, 42> > MyTypes;
+
+TYPED_TEST_CASE(TypedTest, MyTypes);
+
+TYPED_TEST(TypedTest, TestA) {
+}
+
+TYPED_TEST(TypedTest, TestB) {
+}
+
+// A group of type-parameterized tests.
+
+template <typename T>
+class TypeParamTest : public testing::Test {
+};
+
+TYPED_TEST_CASE_P(TypeParamTest);
+
+TYPED_TEST_P(TypeParamTest, TestA) {
+}
+
+TYPED_TEST_P(TypeParamTest, TestB) {
+}
+
+REGISTER_TYPED_TEST_CASE_P(TypeParamTest, TestA, TestB);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, TypeParamTest, MyTypes);
+
+int main(int argc, char **argv) {
+  ::testing::InitGoogleTest(&argc, argv);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_main_unittest.cc b/nss/gtests/google_test/gtest/test/gtest_main_unittest.cc
new file mode 100644
index 0000000..ecd9bb8
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_main_unittest.cc
@@ -0,0 +1,45 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+
+// Tests that we don't have to define main() when we link to
+// gtest_main instead of gtest.
+
+namespace {
+
+TEST(GTestMainTest, ShouldSucceed) {
+}
+
+}  // namespace
+
+// We are using the main() function defined in src/gtest_main.cc, so
+// we don't define it here.
diff --git a/nss/gtests/google_test/gtest/test/gtest_no_test_unittest.cc b/nss/gtests/google_test/gtest/test/gtest_no_test_unittest.cc
new file mode 100644
index 0000000..292599a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_no_test_unittest.cc
@@ -0,0 +1,56 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Tests that a Google Test program that has no test defined can run
+// successfully.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  // An ad-hoc assertion outside of all tests.
+  //
+  // This serves three purposes:
+  //
+  // 1. It verifies that an ad-hoc assertion can be executed even if
+  //    no test is defined.
+  // 2. It verifies that a failed ad-hoc assertion causes the test
+  //    program to fail.
+  // 3. We had a bug where the XML output won't be generated if an
+  //    assertion is executed before RUN_ALL_TESTS() is called, even
+  //    though --gtest_output=xml is specified.  This makes sure the
+  //    bug is fixed and doesn't regress.
+  EXPECT_EQ(1, 2);
+
+  // The above EXPECT_EQ() should cause RUN_ALL_TESTS() to return non-zero.
+  return RUN_ALL_TESTS() ? 0 : 1;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_output_test.py b/nss/gtests/google_test/gtest/test/gtest_output_test.py
new file mode 100755
index 0000000..fa1a311
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_output_test.py
@@ -0,0 +1,335 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests the text output of Google C++ Testing Framework.
+
+SYNOPSIS
+       gtest_output_test.py --build_dir=BUILD/DIR --gengolden
+         # where BUILD/DIR contains the built gtest_output_test_ file.
+       gtest_output_test.py --gengolden
+       gtest_output_test.py
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import re
+import sys
+import gtest_test_utils
+
+
+# The flag for generating the golden file
+GENGOLDEN_FLAG = '--gengolden'
+CATCH_EXCEPTIONS_ENV_VAR_NAME = 'GTEST_CATCH_EXCEPTIONS'
+
+IS_WINDOWS = os.name == 'nt'
+
+# TODO(vladl@google.com): remove the _lin suffix.
+GOLDEN_NAME = 'gtest_output_test_golden_lin.txt'
+
+PROGRAM_PATH = gtest_test_utils.GetTestExecutablePath('gtest_output_test_')
+
+# At least one command we exercise must not have the
+# --gtest_internal_skip_environment_and_ad_hoc_tests flag.
+COMMAND_LIST_TESTS = ({}, [PROGRAM_PATH, '--gtest_list_tests'])
+COMMAND_WITH_COLOR = ({}, [PROGRAM_PATH, '--gtest_color=yes'])
+COMMAND_WITH_TIME = ({}, [PROGRAM_PATH,
+                          '--gtest_print_time',
+                          '--gtest_internal_skip_environment_and_ad_hoc_tests',
+                          '--gtest_filter=FatalFailureTest.*:LoggingTest.*'])
+COMMAND_WITH_DISABLED = (
+    {}, [PROGRAM_PATH,
+         '--gtest_also_run_disabled_tests',
+         '--gtest_internal_skip_environment_and_ad_hoc_tests',
+         '--gtest_filter=*DISABLED_*'])
+COMMAND_WITH_SHARDING = (
+    {'GTEST_SHARD_INDEX': '1', 'GTEST_TOTAL_SHARDS': '2'},
+    [PROGRAM_PATH,
+     '--gtest_internal_skip_environment_and_ad_hoc_tests',
+     '--gtest_filter=PassingTest.*'])
+
+GOLDEN_PATH = os.path.join(gtest_test_utils.GetSourceDir(), GOLDEN_NAME)
+
+
+def ToUnixLineEnding(s):
+  """Changes all Windows/Mac line endings in s to UNIX line endings."""
+
+  return s.replace('\r\n', '\n').replace('\r', '\n')
+
+
+def RemoveLocations(test_output):
+  """Removes all file location info from a Google Test program's output.
+
+  Args:
+       test_output:  the output of a Google Test program.
+
+  Returns:
+       output with all file location info (in the form of
+       'DIRECTORY/FILE_NAME:LINE_NUMBER: 'or
+       'DIRECTORY\\FILE_NAME(LINE_NUMBER): ') replaced by
+       'FILE_NAME:#: '.
+  """
+
+  return re.sub(r'.*[/\\](.+)(\:\d+|\(\d+\))\: ', r'\1:#: ', test_output)
+
+
+def RemoveStackTraceDetails(output):
+  """Removes all stack traces from a Google Test program's output."""
+
+  # *? means "find the shortest string that matches".
+  return re.sub(r'Stack trace:(.|\n)*?\n\n',
+                'Stack trace: (omitted)\n\n', output)
+
+
+def RemoveStackTraces(output):
+  """Removes all traces of stack traces from a Google Test program's output."""
+
+  # *? means "find the shortest string that matches".
+  return re.sub(r'Stack trace:(.|\n)*?\n\n', '', output)
+
+
+def RemoveTime(output):
+  """Removes all time information from a Google Test program's output."""
+
+  return re.sub(r'\(\d+ ms', '(? ms', output)
+
+
+def RemoveTypeInfoDetails(test_output):
+  """Removes compiler-specific type info from Google Test program's output.
+
+  Args:
+       test_output:  the output of a Google Test program.
+
+  Returns:
+       output with type information normalized to canonical form.
+  """
+
+  # some compilers output the name of type 'unsigned int' as 'unsigned'
+  return re.sub(r'unsigned int', 'unsigned', test_output)
+
+
+def NormalizeToCurrentPlatform(test_output):
+  """Normalizes platform specific output details for easier comparison."""
+
+  if IS_WINDOWS:
+    # Removes the color information that is not present on Windows.
+    test_output = re.sub('\x1b\\[(0;3\d)?m', '', test_output)
+    # Changes failure message headers into the Windows format.
+    test_output = re.sub(r': Failure\n', r': error: ', test_output)
+    # Changes file(line_number) to file:line_number.
+    test_output = re.sub(r'((\w|\.)+)\((\d+)\):', r'\1:\3:', test_output)
+
+  return test_output
+
+
+def RemoveTestCounts(output):
+  """Removes test counts from a Google Test program's output."""
+
+  output = re.sub(r'\d+ tests?, listed below',
+                  '? tests, listed below', output)
+  output = re.sub(r'\d+ FAILED TESTS',
+                  '? FAILED TESTS', output)
+  output = re.sub(r'\d+ tests? from \d+ test cases?',
+                  '? tests from ? test cases', output)
+  output = re.sub(r'\d+ tests? from ([a-zA-Z_])',
+                  r'? tests from \1', output)
+  return re.sub(r'\d+ tests?\.', '? tests.', output)
+
+
+def RemoveMatchingTests(test_output, pattern):
+  """Removes output of specified tests from a Google Test program's output.
+
+  This function strips not only the beginning and the end of a test but also
+  all output in between.
+
+  Args:
+    test_output:       A string containing the test output.
+    pattern:           A regex string that matches names of test cases or
+                       tests to remove.
+
+  Returns:
+    Contents of test_output with tests whose names match pattern removed.
+  """
+
+  test_output = re.sub(
+      r'.*\[ RUN      \] .*%s(.|\n)*?\[(  FAILED  |       OK )\] .*%s.*\n' % (
+          pattern, pattern),
+      '',
+      test_output)
+  return re.sub(r'.*%s.*\n' % pattern, '', test_output)
+
+
+def NormalizeOutput(output):
+  """Normalizes output (the output of gtest_output_test_.exe)."""
+
+  output = ToUnixLineEnding(output)
+  output = RemoveLocations(output)
+  output = RemoveStackTraceDetails(output)
+  output = RemoveTime(output)
+  return output
+
+
+def GetShellCommandOutput(env_cmd):
+  """Runs a command in a sub-process, and returns its output in a string.
+
+  Args:
+    env_cmd: The shell command. A 2-tuple where element 0 is a dict of extra
+             environment variables to set, and element 1 is a string with
+             the command and any flags.
+
+  Returns:
+    A string with the command's combined standard and diagnostic output.
+  """
+
+  # Spawns cmd in a sub-process, and gets its standard I/O file objects.
+  # Set and save the environment properly.
+  environ = os.environ.copy()
+  environ.update(env_cmd[0])
+  p = gtest_test_utils.Subprocess(env_cmd[1], env=environ)
+
+  return p.output
+
+
+def GetCommandOutput(env_cmd):
+  """Runs a command and returns its output with all file location
+  info stripped off.
+
+  Args:
+    env_cmd:  The shell command. A 2-tuple where element 0 is a dict of extra
+              environment variables to set, and element 1 is a string with
+              the command and any flags.
+  """
+
+  # Disables exception pop-ups on Windows.
+  environ, cmdline = env_cmd
+  environ = dict(environ)  # Ensures we are modifying a copy.
+  environ[CATCH_EXCEPTIONS_ENV_VAR_NAME] = '1'
+  return NormalizeOutput(GetShellCommandOutput((environ, cmdline)))
+
+
+def GetOutputOfAllCommands():
+  """Returns concatenated output from several representative commands."""
+
+  return (GetCommandOutput(COMMAND_WITH_COLOR) +
+          GetCommandOutput(COMMAND_WITH_TIME) +
+          GetCommandOutput(COMMAND_WITH_DISABLED) +
+          GetCommandOutput(COMMAND_WITH_SHARDING))
+
+
+test_list = GetShellCommandOutput(COMMAND_LIST_TESTS)
+SUPPORTS_DEATH_TESTS = 'DeathTest' in test_list
+SUPPORTS_TYPED_TESTS = 'TypedTest' in test_list
+SUPPORTS_THREADS = 'ExpectFailureWithThreadsTest' in test_list
+SUPPORTS_STACK_TRACES = False
+
+CAN_GENERATE_GOLDEN_FILE = (SUPPORTS_DEATH_TESTS and
+                            SUPPORTS_TYPED_TESTS and
+                            SUPPORTS_THREADS and
+                            not IS_WINDOWS)
+
+class GTestOutputTest(gtest_test_utils.TestCase):
+  def RemoveUnsupportedTests(self, test_output):
+    if not SUPPORTS_DEATH_TESTS:
+      test_output = RemoveMatchingTests(test_output, 'DeathTest')
+    if not SUPPORTS_TYPED_TESTS:
+      test_output = RemoveMatchingTests(test_output, 'TypedTest')
+      test_output = RemoveMatchingTests(test_output, 'TypedDeathTest')
+      test_output = RemoveMatchingTests(test_output, 'TypeParamDeathTest')
+    if not SUPPORTS_THREADS:
+      test_output = RemoveMatchingTests(test_output,
+                                        'ExpectFailureWithThreadsTest')
+      test_output = RemoveMatchingTests(test_output,
+                                        'ScopedFakeTestPartResultReporterTest')
+      test_output = RemoveMatchingTests(test_output,
+                                        'WorksConcurrently')
+    if not SUPPORTS_STACK_TRACES:
+      test_output = RemoveStackTraces(test_output)
+
+    return test_output
+
+  def testOutput(self):
+    output = GetOutputOfAllCommands()
+
+    golden_file = open(GOLDEN_PATH, 'rb')
+    # A mis-configured source control system can cause \r appear in EOL
+    # sequences when we read the golden file irrespective of an operating
+    # system used. Therefore, we need to strip those \r's from newlines
+    # unconditionally.
+    golden = ToUnixLineEnding(golden_file.read())
+    golden_file.close()
+
+    # We want the test to pass regardless of certain features being
+    # supported or not.
+
+    # We still have to remove type name specifics in all cases.
+    normalized_actual = RemoveTypeInfoDetails(output)
+    normalized_golden = RemoveTypeInfoDetails(golden)
+
+    if CAN_GENERATE_GOLDEN_FILE:
+      self.assertEqual(normalized_golden, normalized_actual)
+    else:
+      normalized_actual = NormalizeToCurrentPlatform(
+          RemoveTestCounts(normalized_actual))
+      normalized_golden = NormalizeToCurrentPlatform(
+          RemoveTestCounts(self.RemoveUnsupportedTests(normalized_golden)))
+
+      # This code is very handy when debugging golden file differences:
+      if os.getenv('DEBUG_GTEST_OUTPUT_TEST'):
+        open(os.path.join(
+            gtest_test_utils.GetSourceDir(),
+            '_gtest_output_test_normalized_actual.txt'), 'wb').write(
+                normalized_actual)
+        open(os.path.join(
+            gtest_test_utils.GetSourceDir(),
+            '_gtest_output_test_normalized_golden.txt'), 'wb').write(
+                normalized_golden)
+
+      self.assertEqual(normalized_golden, normalized_actual)
+
+
+if __name__ == '__main__':
+  if sys.argv[1:] == [GENGOLDEN_FLAG]:
+    if CAN_GENERATE_GOLDEN_FILE:
+      output = GetOutputOfAllCommands()
+      golden_file = open(GOLDEN_PATH, 'wb')
+      golden_file.write(output)
+      golden_file.close()
+    else:
+      message = (
+          """Unable to write a golden file when compiled in an environment
+that does not support all the required features (death tests, typed tests,
+and multiple threads).  Please generate the golden file using a binary built
+with those features enabled.""")
+
+      sys.stderr.write(message)
+      sys.exit(1)
+  else:
+    gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_output_test_.cc b/nss/gtests/google_test/gtest/test/gtest_output_test_.cc
new file mode 100644
index 0000000..5361d8d
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_output_test_.cc
@@ -0,0 +1,1039 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// The purpose of this file is to generate Google Test output under
+// various conditions.  The output will then be verified by
+// gtest_output_test.py to ensure that Google Test generates the
+// desired messages.  Therefore, most tests in this file are MEANT TO
+// FAIL.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest-spi.h"
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#include <stdlib.h>
+
+#if GTEST_IS_THREADSAFE
+using testing::ScopedFakeTestPartResultReporter;
+using testing::TestPartResultArray;
+
+using testing::internal::Notification;
+using testing::internal::ThreadWithParam;
+#endif
+
+namespace posix = ::testing::internal::posix;
+using testing::internal::scoped_ptr;
+
+// Tests catching fatal failures.
+
+// A subroutine used by the following test.
+void TestEq1(int x) {
+  ASSERT_EQ(1, x);
+}
+
+// This function calls a test subroutine, catches the fatal failure it
+// generates, and then returns early.
+void TryTestSubroutine() {
+  // Calls a subrountine that yields a fatal failure.
+  TestEq1(2);
+
+  // Catches the fatal failure and aborts the test.
+  //
+  // The testing::Test:: prefix is necessary when calling
+  // HasFatalFailure() outside of a TEST, TEST_F, or test fixture.
+  if (testing::Test::HasFatalFailure()) return;
+
+  // If we get here, something is wrong.
+  FAIL() << "This should never be reached.";
+}
+
+TEST(PassingTest, PassingTest1) {
+}
+
+TEST(PassingTest, PassingTest2) {
+}
+
+// Tests that parameters of failing parameterized tests are printed in the
+// failing test summary.
+class FailingParamTest : public testing::TestWithParam<int> {};
+
+TEST_P(FailingParamTest, Fails) {
+  EXPECT_EQ(1, GetParam());
+}
+
+// This generates a test which will fail. Google Test is expected to print
+// its parameter when it outputs the list of all failed tests.
+INSTANTIATE_TEST_CASE_P(PrintingFailingParams,
+                        FailingParamTest,
+                        testing::Values(2));
+
+static const char kGoldenString[] = "\"Line\0 1\"\nLine 2";
+
+TEST(NonfatalFailureTest, EscapesStringOperands) {
+  std::string actual = "actual \"string\"";
+  EXPECT_EQ(kGoldenString, actual);
+
+  const char* golden = kGoldenString;
+  EXPECT_EQ(golden, actual);
+}
+
+TEST(NonfatalFailureTest, DiffForLongStrings) {
+  std::string golden_str(kGoldenString, sizeof(kGoldenString) - 1);
+  EXPECT_EQ(golden_str, "Line 2");
+}
+
+// Tests catching a fatal failure in a subroutine.
+TEST(FatalFailureTest, FatalFailureInSubroutine) {
+  printf("(expecting a failure that x should be 1)\n");
+
+  TryTestSubroutine();
+}
+
+// Tests catching a fatal failure in a nested subroutine.
+TEST(FatalFailureTest, FatalFailureInNestedSubroutine) {
+  printf("(expecting a failure that x should be 1)\n");
+
+  // Calls a subrountine that yields a fatal failure.
+  TryTestSubroutine();
+
+  // Catches the fatal failure and aborts the test.
+  //
+  // When calling HasFatalFailure() inside a TEST, TEST_F, or test
+  // fixture, the testing::Test:: prefix is not needed.
+  if (HasFatalFailure()) return;
+
+  // If we get here, something is wrong.
+  FAIL() << "This should never be reached.";
+}
+
+// Tests HasFatalFailure() after a failed EXPECT check.
+TEST(FatalFailureTest, NonfatalFailureInSubroutine) {
+  printf("(expecting a failure on false)\n");
+  EXPECT_TRUE(false);  // Generates a nonfatal failure
+  ASSERT_FALSE(HasFatalFailure());  // This should succeed.
+}
+
+// Tests interleaving user logging and Google Test assertions.
+TEST(LoggingTest, InterleavingLoggingAndAssertions) {
+  static const int a[4] = {
+    3, 9, 2, 6
+  };
+
+  printf("(expecting 2 failures on (3) >= (a[i]))\n");
+  for (int i = 0; i < static_cast<int>(sizeof(a)/sizeof(*a)); i++) {
+    printf("i == %d\n", i);
+    EXPECT_GE(3, a[i]);
+  }
+}
+
+// Tests the SCOPED_TRACE macro.
+
+// A helper function for testing SCOPED_TRACE.
+void SubWithoutTrace(int n) {
+  EXPECT_EQ(1, n);
+  ASSERT_EQ(2, n);
+}
+
+// Another helper function for testing SCOPED_TRACE.
+void SubWithTrace(int n) {
+  SCOPED_TRACE(testing::Message() << "n = " << n);
+
+  SubWithoutTrace(n);
+}
+
+// Tests that SCOPED_TRACE() obeys lexical scopes.
+TEST(SCOPED_TRACETest, ObeysScopes) {
+  printf("(expected to fail)\n");
+
+  // There should be no trace before SCOPED_TRACE() is invoked.
+  ADD_FAILURE() << "This failure is expected, and shouldn't have a trace.";
+
+  {
+    SCOPED_TRACE("Expected trace");
+    // After SCOPED_TRACE(), a failure in the current scope should contain
+    // the trace.
+    ADD_FAILURE() << "This failure is expected, and should have a trace.";
+  }
+
+  // Once the control leaves the scope of the SCOPED_TRACE(), there
+  // should be no trace again.
+  ADD_FAILURE() << "This failure is expected, and shouldn't have a trace.";
+}
+
+// Tests that SCOPED_TRACE works inside a loop.
+TEST(SCOPED_TRACETest, WorksInLoop) {
+  printf("(expected to fail)\n");
+
+  for (int i = 1; i <= 2; i++) {
+    SCOPED_TRACE(testing::Message() << "i = " << i);
+
+    SubWithoutTrace(i);
+  }
+}
+
+// Tests that SCOPED_TRACE works in a subroutine.
+TEST(SCOPED_TRACETest, WorksInSubroutine) {
+  printf("(expected to fail)\n");
+
+  SubWithTrace(1);
+  SubWithTrace(2);
+}
+
+// Tests that SCOPED_TRACE can be nested.
+TEST(SCOPED_TRACETest, CanBeNested) {
+  printf("(expected to fail)\n");
+
+  SCOPED_TRACE("");  // A trace without a message.
+
+  SubWithTrace(2);
+}
+
+// Tests that multiple SCOPED_TRACEs can be used in the same scope.
+TEST(SCOPED_TRACETest, CanBeRepeated) {
+  printf("(expected to fail)\n");
+
+  SCOPED_TRACE("A");
+  ADD_FAILURE()
+      << "This failure is expected, and should contain trace point A.";
+
+  SCOPED_TRACE("B");
+  ADD_FAILURE()
+      << "This failure is expected, and should contain trace point A and B.";
+
+  {
+    SCOPED_TRACE("C");
+    ADD_FAILURE() << "This failure is expected, and should "
+                  << "contain trace point A, B, and C.";
+  }
+
+  SCOPED_TRACE("D");
+  ADD_FAILURE() << "This failure is expected, and should "
+                << "contain trace point A, B, and D.";
+}
+
+#if GTEST_IS_THREADSAFE
+// Tests that SCOPED_TRACE()s can be used concurrently from multiple
+// threads.  Namely, an assertion should be affected by
+// SCOPED_TRACE()s in its own thread only.
+
+// Here's the sequence of actions that happen in the test:
+//
+//   Thread A (main)                | Thread B (spawned)
+//   ===============================|================================
+//   spawns thread B                |
+//   -------------------------------+--------------------------------
+//   waits for n1                   | SCOPED_TRACE("Trace B");
+//                                  | generates failure #1
+//                                  | notifies n1
+//   -------------------------------+--------------------------------
+//   SCOPED_TRACE("Trace A");       | waits for n2
+//   generates failure #2           |
+//   notifies n2                    |
+//   -------------------------------|--------------------------------
+//   waits for n3                   | generates failure #3
+//                                  | trace B dies
+//                                  | generates failure #4
+//                                  | notifies n3
+//   -------------------------------|--------------------------------
+//   generates failure #5           | finishes
+//   trace A dies                   |
+//   generates failure #6           |
+//   -------------------------------|--------------------------------
+//   waits for thread B to finish   |
+
+struct CheckPoints {
+  Notification n1;
+  Notification n2;
+  Notification n3;
+};
+
+static void ThreadWithScopedTrace(CheckPoints* check_points) {
+  {
+    SCOPED_TRACE("Trace B");
+    ADD_FAILURE()
+        << "Expected failure #1 (in thread B, only trace B alive).";
+    check_points->n1.Notify();
+    check_points->n2.WaitForNotification();
+
+    ADD_FAILURE()
+        << "Expected failure #3 (in thread B, trace A & B both alive).";
+  }  // Trace B dies here.
+  ADD_FAILURE()
+      << "Expected failure #4 (in thread B, only trace A alive).";
+  check_points->n3.Notify();
+}
+
+TEST(SCOPED_TRACETest, WorksConcurrently) {
+  printf("(expecting 6 failures)\n");
+
+  CheckPoints check_points;
+  ThreadWithParam<CheckPoints*> thread(&ThreadWithScopedTrace,
+                                       &check_points,
+                                       NULL);
+  check_points.n1.WaitForNotification();
+
+  {
+    SCOPED_TRACE("Trace A");
+    ADD_FAILURE()
+        << "Expected failure #2 (in thread A, trace A & B both alive).";
+    check_points.n2.Notify();
+    check_points.n3.WaitForNotification();
+
+    ADD_FAILURE()
+        << "Expected failure #5 (in thread A, only trace A alive).";
+  }  // Trace A dies here.
+  ADD_FAILURE()
+      << "Expected failure #6 (in thread A, no trace alive).";
+  thread.Join();
+}
+#endif  // GTEST_IS_THREADSAFE
+
+TEST(DisabledTestsWarningTest,
+     DISABLED_AlsoRunDisabledTestsFlagSuppressesWarning) {
+  // This test body is intentionally empty.  Its sole purpose is for
+  // verifying that the --gtest_also_run_disabled_tests flag
+  // suppresses the "YOU HAVE 12 DISABLED TESTS" warning at the end of
+  // the test output.
+}
+
+// Tests using assertions outside of TEST and TEST_F.
+//
+// This function creates two failures intentionally.
+void AdHocTest() {
+  printf("The non-test part of the code is expected to have 2 failures.\n\n");
+  EXPECT_TRUE(false);
+  EXPECT_EQ(2, 3);
+}
+
+// Runs all TESTs, all TEST_Fs, and the ad hoc test.
+int RunAllTests() {
+  AdHocTest();
+  return RUN_ALL_TESTS();
+}
+
+// Tests non-fatal failures in the fixture constructor.
+class NonFatalFailureInFixtureConstructorTest : public testing::Test {
+ protected:
+  NonFatalFailureInFixtureConstructorTest() {
+    printf("(expecting 5 failures)\n");
+    ADD_FAILURE() << "Expected failure #1, in the test fixture c'tor.";
+  }
+
+  ~NonFatalFailureInFixtureConstructorTest() {
+    ADD_FAILURE() << "Expected failure #5, in the test fixture d'tor.";
+  }
+
+  virtual void SetUp() {
+    ADD_FAILURE() << "Expected failure #2, in SetUp().";
+  }
+
+  virtual void TearDown() {
+    ADD_FAILURE() << "Expected failure #4, in TearDown.";
+  }
+};
+
+TEST_F(NonFatalFailureInFixtureConstructorTest, FailureInConstructor) {
+  ADD_FAILURE() << "Expected failure #3, in the test body.";
+}
+
+// Tests fatal failures in the fixture constructor.
+class FatalFailureInFixtureConstructorTest : public testing::Test {
+ protected:
+  FatalFailureInFixtureConstructorTest() {
+    printf("(expecting 2 failures)\n");
+    Init();
+  }
+
+  ~FatalFailureInFixtureConstructorTest() {
+    ADD_FAILURE() << "Expected failure #2, in the test fixture d'tor.";
+  }
+
+  virtual void SetUp() {
+    ADD_FAILURE() << "UNEXPECTED failure in SetUp().  "
+                  << "We should never get here, as the test fixture c'tor "
+                  << "had a fatal failure.";
+  }
+
+  virtual void TearDown() {
+    ADD_FAILURE() << "UNEXPECTED failure in TearDown().  "
+                  << "We should never get here, as the test fixture c'tor "
+                  << "had a fatal failure.";
+  }
+
+ private:
+  void Init() {
+    FAIL() << "Expected failure #1, in the test fixture c'tor.";
+  }
+};
+
+TEST_F(FatalFailureInFixtureConstructorTest, FailureInConstructor) {
+  ADD_FAILURE() << "UNEXPECTED failure in the test body.  "
+                << "We should never get here, as the test fixture c'tor "
+                << "had a fatal failure.";
+}
+
+// Tests non-fatal failures in SetUp().
+class NonFatalFailureInSetUpTest : public testing::Test {
+ protected:
+  virtual ~NonFatalFailureInSetUpTest() {
+    Deinit();
+  }
+
+  virtual void SetUp() {
+    printf("(expecting 4 failures)\n");
+    ADD_FAILURE() << "Expected failure #1, in SetUp().";
+  }
+
+  virtual void TearDown() {
+    FAIL() << "Expected failure #3, in TearDown().";
+  }
+ private:
+  void Deinit() {
+    FAIL() << "Expected failure #4, in the test fixture d'tor.";
+  }
+};
+
+TEST_F(NonFatalFailureInSetUpTest, FailureInSetUp) {
+  FAIL() << "Expected failure #2, in the test function.";
+}
+
+// Tests fatal failures in SetUp().
+class FatalFailureInSetUpTest : public testing::Test {
+ protected:
+  virtual ~FatalFailureInSetUpTest() {
+    Deinit();
+  }
+
+  virtual void SetUp() {
+    printf("(expecting 3 failures)\n");
+    FAIL() << "Expected failure #1, in SetUp().";
+  }
+
+  virtual void TearDown() {
+    FAIL() << "Expected failure #2, in TearDown().";
+  }
+ private:
+  void Deinit() {
+    FAIL() << "Expected failure #3, in the test fixture d'tor.";
+  }
+};
+
+TEST_F(FatalFailureInSetUpTest, FailureInSetUp) {
+  FAIL() << "UNEXPECTED failure in the test function.  "
+         << "We should never get here, as SetUp() failed.";
+}
+
+TEST(AddFailureAtTest, MessageContainsSpecifiedFileAndLineNumber) {
+  ADD_FAILURE_AT("foo.cc", 42) << "Expected failure in foo.cc";
+}
+
+#if GTEST_IS_THREADSAFE
+
+// A unary function that may die.
+void DieIf(bool should_die) {
+  GTEST_CHECK_(!should_die) << " - death inside DieIf().";
+}
+
+// Tests running death tests in a multi-threaded context.
+
+// Used for coordination between the main and the spawn thread.
+struct SpawnThreadNotifications {
+  SpawnThreadNotifications() {}
+
+  Notification spawn_thread_started;
+  Notification spawn_thread_ok_to_terminate;
+
+ private:
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(SpawnThreadNotifications);
+};
+
+// The function to be executed in the thread spawn by the
+// MultipleThreads test (below).
+static void ThreadRoutine(SpawnThreadNotifications* notifications) {
+  // Signals the main thread that this thread has started.
+  notifications->spawn_thread_started.Notify();
+
+  // Waits for permission to finish from the main thread.
+  notifications->spawn_thread_ok_to_terminate.WaitForNotification();
+}
+
+// This is a death-test test, but it's not named with a DeathTest
+// suffix.  It starts threads which might interfere with later
+// death tests, so it must run after all other death tests.
+class DeathTestAndMultiThreadsTest : public testing::Test {
+ protected:
+  // Starts a thread and waits for it to begin.
+  virtual void SetUp() {
+    thread_.reset(new ThreadWithParam<SpawnThreadNotifications*>(
+        &ThreadRoutine, &notifications_, NULL));
+    notifications_.spawn_thread_started.WaitForNotification();
+  }
+  // Tells the thread to finish, and reaps it.
+  // Depending on the version of the thread library in use,
+  // a manager thread might still be left running that will interfere
+  // with later death tests.  This is unfortunate, but this class
+  // cleans up after itself as best it can.
+  virtual void TearDown() {
+    notifications_.spawn_thread_ok_to_terminate.Notify();
+  }
+
+ private:
+  SpawnThreadNotifications notifications_;
+  scoped_ptr<ThreadWithParam<SpawnThreadNotifications*> > thread_;
+};
+
+#endif  // GTEST_IS_THREADSAFE
+
+// The MixedUpTestCaseTest test case verifies that Google Test will fail a
+// test if it uses a different fixture class than what other tests in
+// the same test case use.  It deliberately contains two fixture
+// classes with the same name but defined in different namespaces.
+
+// The MixedUpTestCaseWithSameTestNameTest test case verifies that
+// when the user defines two tests with the same test case name AND
+// same test name (but in different namespaces), the second test will
+// fail.
+
+namespace foo {
+
+class MixedUpTestCaseTest : public testing::Test {
+};
+
+TEST_F(MixedUpTestCaseTest, FirstTestFromNamespaceFoo) {}
+TEST_F(MixedUpTestCaseTest, SecondTestFromNamespaceFoo) {}
+
+class MixedUpTestCaseWithSameTestNameTest : public testing::Test {
+};
+
+TEST_F(MixedUpTestCaseWithSameTestNameTest,
+       TheSecondTestWithThisNameShouldFail) {}
+
+}  // namespace foo
+
+namespace bar {
+
+class MixedUpTestCaseTest : public testing::Test {
+};
+
+// The following two tests are expected to fail.  We rely on the
+// golden file to check that Google Test generates the right error message.
+TEST_F(MixedUpTestCaseTest, ThisShouldFail) {}
+TEST_F(MixedUpTestCaseTest, ThisShouldFailToo) {}
+
+class MixedUpTestCaseWithSameTestNameTest : public testing::Test {
+};
+
+// Expected to fail.  We rely on the golden file to check that Google Test
+// generates the right error message.
+TEST_F(MixedUpTestCaseWithSameTestNameTest,
+       TheSecondTestWithThisNameShouldFail) {}
+
+}  // namespace bar
+
+// The following two test cases verify that Google Test catches the user
+// error of mixing TEST and TEST_F in the same test case.  The first
+// test case checks the scenario where TEST_F appears before TEST, and
+// the second one checks where TEST appears before TEST_F.
+
+class TEST_F_before_TEST_in_same_test_case : public testing::Test {
+};
+
+TEST_F(TEST_F_before_TEST_in_same_test_case, DefinedUsingTEST_F) {}
+
+// Expected to fail.  We rely on the golden file to check that Google Test
+// generates the right error message.
+TEST(TEST_F_before_TEST_in_same_test_case, DefinedUsingTESTAndShouldFail) {}
+
+class TEST_before_TEST_F_in_same_test_case : public testing::Test {
+};
+
+TEST(TEST_before_TEST_F_in_same_test_case, DefinedUsingTEST) {}
+
+// Expected to fail.  We rely on the golden file to check that Google Test
+// generates the right error message.
+TEST_F(TEST_before_TEST_F_in_same_test_case, DefinedUsingTEST_FAndShouldFail) {
+}
+
+// Used for testing EXPECT_NONFATAL_FAILURE() and EXPECT_FATAL_FAILURE().
+int global_integer = 0;
+
+// Tests that EXPECT_NONFATAL_FAILURE() can reference global variables.
+TEST(ExpectNonfatalFailureTest, CanReferenceGlobalVariables) {
+  global_integer = 0;
+  EXPECT_NONFATAL_FAILURE({
+    EXPECT_EQ(1, global_integer) << "Expected non-fatal failure.";
+  }, "Expected non-fatal failure.");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() can reference local variables
+// (static or not).
+TEST(ExpectNonfatalFailureTest, CanReferenceLocalVariables) {
+  int m = 0;
+  static int n;
+  n = 1;
+  EXPECT_NONFATAL_FAILURE({
+    EXPECT_EQ(m, n) << "Expected non-fatal failure.";
+  }, "Expected non-fatal failure.");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() succeeds when there is exactly
+// one non-fatal failure and no fatal failure.
+TEST(ExpectNonfatalFailureTest, SucceedsWhenThereIsOneNonfatalFailure) {
+  EXPECT_NONFATAL_FAILURE({
+    ADD_FAILURE() << "Expected non-fatal failure.";
+  }, "Expected non-fatal failure.");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when there is no
+// non-fatal failure.
+TEST(ExpectNonfatalFailureTest, FailsWhenThereIsNoNonfatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+  }, "");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when there are two
+// non-fatal failures.
+TEST(ExpectNonfatalFailureTest, FailsWhenThereAreTwoNonfatalFailures) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+    ADD_FAILURE() << "Expected non-fatal failure 1.";
+    ADD_FAILURE() << "Expected non-fatal failure 2.";
+  }, "");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when there is one fatal
+// failure.
+TEST(ExpectNonfatalFailureTest, FailsWhenThereIsOneFatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+    FAIL() << "Expected fatal failure.";
+  }, "");
+}
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when the statement being
+// tested returns.
+TEST(ExpectNonfatalFailureTest, FailsWhenStatementReturns) {
+  printf("(expecting a failure)\n");
+  EXPECT_NONFATAL_FAILURE({
+    return;
+  }, "");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Tests that EXPECT_NONFATAL_FAILURE() fails when the statement being
+// tested throws.
+TEST(ExpectNonfatalFailureTest, FailsWhenStatementThrows) {
+  printf("(expecting a failure)\n");
+  try {
+    EXPECT_NONFATAL_FAILURE({
+      throw 0;
+    }, "");
+  } catch(int) {  // NOLINT
+  }
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Tests that EXPECT_FATAL_FAILURE() can reference global variables.
+TEST(ExpectFatalFailureTest, CanReferenceGlobalVariables) {
+  global_integer = 0;
+  EXPECT_FATAL_FAILURE({
+    ASSERT_EQ(1, global_integer) << "Expected fatal failure.";
+  }, "Expected fatal failure.");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() can reference local static
+// variables.
+TEST(ExpectFatalFailureTest, CanReferenceLocalStaticVariables) {
+  static int n;
+  n = 1;
+  EXPECT_FATAL_FAILURE({
+    ASSERT_EQ(0, n) << "Expected fatal failure.";
+  }, "Expected fatal failure.");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() succeeds when there is exactly
+// one fatal failure and no non-fatal failure.
+TEST(ExpectFatalFailureTest, SucceedsWhenThereIsOneFatalFailure) {
+  EXPECT_FATAL_FAILURE({
+    FAIL() << "Expected fatal failure.";
+  }, "Expected fatal failure.");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when there is no fatal
+// failure.
+TEST(ExpectFatalFailureTest, FailsWhenThereIsNoFatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+  }, "");
+}
+
+// A helper for generating a fatal failure.
+void FatalFailure() {
+  FAIL() << "Expected fatal failure.";
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when there are two
+// fatal failures.
+TEST(ExpectFatalFailureTest, FailsWhenThereAreTwoFatalFailures) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+    FatalFailure();
+    FatalFailure();
+  }, "");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when there is one non-fatal
+// failure.
+TEST(ExpectFatalFailureTest, FailsWhenThereIsOneNonfatalFailure) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+    ADD_FAILURE() << "Expected non-fatal failure.";
+  }, "");
+}
+
+// Tests that EXPECT_FATAL_FAILURE() fails when the statement being
+// tested returns.
+TEST(ExpectFatalFailureTest, FailsWhenStatementReturns) {
+  printf("(expecting a failure)\n");
+  EXPECT_FATAL_FAILURE({
+    return;
+  }, "");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Tests that EXPECT_FATAL_FAILURE() fails when the statement being
+// tested throws.
+TEST(ExpectFatalFailureTest, FailsWhenStatementThrows) {
+  printf("(expecting a failure)\n");
+  try {
+    EXPECT_FATAL_FAILURE({
+      throw 0;
+    }, "");
+  } catch(int) {  // NOLINT
+  }
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// This #ifdef block tests the output of typed tests.
+#if GTEST_HAS_TYPED_TEST
+
+template <typename T>
+class TypedTest : public testing::Test {
+};
+
+TYPED_TEST_CASE(TypedTest, testing::Types<int>);
+
+TYPED_TEST(TypedTest, Success) {
+  EXPECT_EQ(0, TypeParam());
+}
+
+TYPED_TEST(TypedTest, Failure) {
+  EXPECT_EQ(1, TypeParam()) << "Expected failure";
+}
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// This #ifdef block tests the output of type-parameterized tests.
+#if GTEST_HAS_TYPED_TEST_P
+
+template <typename T>
+class TypedTestP : public testing::Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP);
+
+TYPED_TEST_P(TypedTestP, Success) {
+  EXPECT_EQ(0U, TypeParam());
+}
+
+TYPED_TEST_P(TypedTestP, Failure) {
+  EXPECT_EQ(1U, TypeParam()) << "Expected failure";
+}
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP, Success, Failure);
+
+typedef testing::Types<unsigned char, unsigned int> UnsignedTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(Unsigned, TypedTestP, UnsignedTypes);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+#if GTEST_HAS_DEATH_TEST
+
+// We rely on the golden file to verify that tests whose test case
+// name ends with DeathTest are run first.
+
+TEST(ADeathTest, ShouldRunFirst) {
+}
+
+# if GTEST_HAS_TYPED_TEST
+
+// We rely on the golden file to verify that typed tests whose test
+// case name ends with DeathTest are run first.
+
+template <typename T>
+class ATypedDeathTest : public testing::Test {
+};
+
+typedef testing::Types<int, double> NumericTypes;
+TYPED_TEST_CASE(ATypedDeathTest, NumericTypes);
+
+TYPED_TEST(ATypedDeathTest, ShouldRunFirst) {
+}
+
+# endif  // GTEST_HAS_TYPED_TEST
+
+# if GTEST_HAS_TYPED_TEST_P
+
+
+// We rely on the golden file to verify that type-parameterized tests
+// whose test case name ends with DeathTest are run first.
+
+template <typename T>
+class ATypeParamDeathTest : public testing::Test {
+};
+
+TYPED_TEST_CASE_P(ATypeParamDeathTest);
+
+TYPED_TEST_P(ATypeParamDeathTest, ShouldRunFirst) {
+}
+
+REGISTER_TYPED_TEST_CASE_P(ATypeParamDeathTest, ShouldRunFirst);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, ATypeParamDeathTest, NumericTypes);
+
+# endif  // GTEST_HAS_TYPED_TEST_P
+
+#endif  // GTEST_HAS_DEATH_TEST
+
+// Tests various failure conditions of
+// EXPECT_{,NON}FATAL_FAILURE{,_ON_ALL_THREADS}.
+class ExpectFailureTest : public testing::Test {
+ public:  // Must be public and not protected due to a bug in g++ 3.4.2.
+  enum FailureMode {
+    FATAL_FAILURE,
+    NONFATAL_FAILURE
+  };
+  static void AddFailure(FailureMode failure) {
+    if (failure == FATAL_FAILURE) {
+      FAIL() << "Expected fatal failure.";
+    } else {
+      ADD_FAILURE() << "Expected non-fatal failure.";
+    }
+  }
+};
+
+TEST_F(ExpectFailureTest, ExpectFatalFailure) {
+  // Expected fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE(SUCCEED(), "Expected fatal failure.");
+  // Expected fatal failure, but got a non-fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE(AddFailure(NONFATAL_FAILURE), "Expected non-fatal "
+                       "failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE(AddFailure(FATAL_FAILURE), "Some other fatal failure "
+                       "expected.");
+}
+
+TEST_F(ExpectFailureTest, ExpectNonFatalFailure) {
+  // Expected non-fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE(SUCCEED(), "Expected non-fatal failure.");
+  // Expected non-fatal failure, but got a fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE(AddFailure(FATAL_FAILURE), "Expected fatal failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE(AddFailure(NONFATAL_FAILURE), "Some other non-fatal "
+                          "failure.");
+}
+
+#if GTEST_IS_THREADSAFE
+
+class ExpectFailureWithThreadsTest : public ExpectFailureTest {
+ protected:
+  static void AddFailureInOtherThread(FailureMode failure) {
+    ThreadWithParam<FailureMode> thread(&AddFailure, failure, NULL);
+    thread.Join();
+  }
+};
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectFatalFailure) {
+  // We only intercept the current thread.
+  printf("(expecting 2 failures)\n");
+  EXPECT_FATAL_FAILURE(AddFailureInOtherThread(FATAL_FAILURE),
+                       "Expected fatal failure.");
+}
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectNonFatalFailure) {
+  // We only intercept the current thread.
+  printf("(expecting 2 failures)\n");
+  EXPECT_NONFATAL_FAILURE(AddFailureInOtherThread(NONFATAL_FAILURE),
+                          "Expected non-fatal failure.");
+}
+
+typedef ExpectFailureWithThreadsTest ScopedFakeTestPartResultReporterTest;
+
+// Tests that the ScopedFakeTestPartResultReporter only catches failures from
+// the current thread if it is instantiated with INTERCEPT_ONLY_CURRENT_THREAD.
+TEST_F(ScopedFakeTestPartResultReporterTest, InterceptOnlyCurrentThread) {
+  printf("(expecting 2 failures)\n");
+  TestPartResultArray results;
+  {
+    ScopedFakeTestPartResultReporter reporter(
+        ScopedFakeTestPartResultReporter::INTERCEPT_ONLY_CURRENT_THREAD,
+        &results);
+    AddFailureInOtherThread(FATAL_FAILURE);
+    AddFailureInOtherThread(NONFATAL_FAILURE);
+  }
+  // The two failures should not have been intercepted.
+  EXPECT_EQ(0, results.size()) << "This shouldn't fail.";
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+TEST_F(ExpectFailureTest, ExpectFatalFailureOnAllThreads) {
+  // Expected fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(SUCCEED(), "Expected fatal failure.");
+  // Expected fatal failure, but got a non-fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFailure(NONFATAL_FAILURE),
+                                      "Expected non-fatal failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFailure(FATAL_FAILURE),
+                                      "Some other fatal failure expected.");
+}
+
+TEST_F(ExpectFailureTest, ExpectNonFatalFailureOnAllThreads) {
+  // Expected non-fatal failure, but succeeds.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(SUCCEED(), "Expected non-fatal "
+                                         "failure.");
+  // Expected non-fatal failure, but got a fatal failure.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(AddFailure(FATAL_FAILURE),
+                                         "Expected fatal failure.");
+  // Wrong message.
+  printf("(expecting 1 failure)\n");
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(AddFailure(NONFATAL_FAILURE),
+                                         "Some other non-fatal failure.");
+}
+
+
+// Two test environments for testing testing::AddGlobalTestEnvironment().
+
+class FooEnvironment : public testing::Environment {
+ public:
+  virtual void SetUp() {
+    printf("%s", "FooEnvironment::SetUp() called.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s", "FooEnvironment::TearDown() called.\n");
+    FAIL() << "Expected fatal failure.";
+  }
+};
+
+class BarEnvironment : public testing::Environment {
+ public:
+  virtual void SetUp() {
+    printf("%s", "BarEnvironment::SetUp() called.\n");
+  }
+
+  virtual void TearDown() {
+    printf("%s", "BarEnvironment::TearDown() called.\n");
+    ADD_FAILURE() << "Expected non-fatal failure.";
+  }
+};
+
+bool GTEST_FLAG(internal_skip_environment_and_ad_hoc_tests) = false;
+
+// The main function.
+//
+// The idea is to use Google Test to run all the tests we have defined (some
+// of them are intended to fail), and then compare the test results
+// with the "golden" file.
+int main(int argc, char **argv) {
+  testing::GTEST_FLAG(print_time) = false;
+
+  // We just run the tests, knowing some of them are intended to fail.
+  // We will use a separate Python script to compare the output of
+  // this program with the golden file.
+
+  // It's hard to test InitGoogleTest() directly, as it has many
+  // global side effects.  The following line serves as a sanity test
+  // for it.
+  testing::InitGoogleTest(&argc, argv);
+  if (argc >= 2 &&
+      (std::string(argv[1]) ==
+       "--gtest_internal_skip_environment_and_ad_hoc_tests"))
+    GTEST_FLAG(internal_skip_environment_and_ad_hoc_tests) = true;
+
+#if GTEST_HAS_DEATH_TEST
+  if (testing::internal::GTEST_FLAG(internal_run_death_test) != "") {
+    // Skip the usual output capturing if we're running as the child
+    // process of an threadsafe-style death test.
+# if GTEST_OS_WINDOWS
+    posix::FReopen("nul:", "w", stdout);
+# else
+    posix::FReopen("/dev/null", "w", stdout);
+# endif  // GTEST_OS_WINDOWS
+    return RUN_ALL_TESTS();
+  }
+#endif  // GTEST_HAS_DEATH_TEST
+
+  if (GTEST_FLAG(internal_skip_environment_and_ad_hoc_tests))
+    return RUN_ALL_TESTS();
+
+  // Registers two global test environments.
+  // The golden file verifies that they are set up in the order they
+  // are registered, and torn down in the reverse order.
+  testing::AddGlobalTestEnvironment(new FooEnvironment);
+  testing::AddGlobalTestEnvironment(new BarEnvironment);
+
+  return RunAllTests();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_output_test_golden_lin.txt b/nss/gtests/google_test/gtest/test/gtest_output_test_golden_lin.txt
new file mode 100644
index 0000000..da54170
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_output_test_golden_lin.txt
@@ -0,0 +1,732 @@
+The non-test part of the code is expected to have 2 failures.
+
+gtest_output_test_.cc:#: Failure
+Value of: false
+  Actual: false
+Expected: true
+gtest_output_test_.cc:#: Failure
+Value of: 3
+Expected: 2
+[==========] Running 64 tests from 28 test cases.
+[----------] Global test environment set-up.
+FooEnvironment::SetUp() called.
+BarEnvironment::SetUp() called.
+[----------] 1 test from ADeathTest
+[ RUN      ] ADeathTest.ShouldRunFirst
+[       OK ] ADeathTest.ShouldRunFirst
+[----------] 1 test from ATypedDeathTest/0, where TypeParam = int
+[ RUN      ] ATypedDeathTest/0.ShouldRunFirst
+[       OK ] ATypedDeathTest/0.ShouldRunFirst
+[----------] 1 test from ATypedDeathTest/1, where TypeParam = double
+[ RUN      ] ATypedDeathTest/1.ShouldRunFirst
+[       OK ] ATypedDeathTest/1.ShouldRunFirst
+[----------] 1 test from My/ATypeParamDeathTest/0, where TypeParam = int
+[ RUN      ] My/ATypeParamDeathTest/0.ShouldRunFirst
+[       OK ] My/ATypeParamDeathTest/0.ShouldRunFirst
+[----------] 1 test from My/ATypeParamDeathTest/1, where TypeParam = double
+[ RUN      ] My/ATypeParamDeathTest/1.ShouldRunFirst
+[       OK ] My/ATypeParamDeathTest/1.ShouldRunFirst
+[----------] 2 tests from PassingTest
+[ RUN      ] PassingTest.PassingTest1
+[       OK ] PassingTest.PassingTest1
+[ RUN      ] PassingTest.PassingTest2
+[       OK ] PassingTest.PassingTest2
+[----------] 2 tests from NonfatalFailureTest
+[ RUN      ] NonfatalFailureTest.EscapesStringOperands
+gtest_output_test_.cc:#: Failure
+Value of: actual
+  Actual: "actual \"string\""
+Expected: kGoldenString
+Which is: "\"Line"
+gtest_output_test_.cc:#: Failure
+Value of: actual
+  Actual: "actual \"string\""
+Expected: golden
+Which is: "\"Line"
+[  FAILED  ] NonfatalFailureTest.EscapesStringOperands
+[ RUN      ] NonfatalFailureTest.DiffForLongStrings
+gtest_output_test_.cc:#: Failure
+Value of: "Line 2"
+Expected: golden_str
+Which is: "\"Line\0 1\"\nLine 2"
+With diff:
+@@ -1,2 @@
+-\"Line\0 1\"
+ Line 2
+
+[  FAILED  ] NonfatalFailureTest.DiffForLongStrings
+[----------] 3 tests from FatalFailureTest
+[ RUN      ] FatalFailureTest.FatalFailureInSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine
+[ RUN      ] FatalFailureTest.FatalFailureInNestedSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine
+[ RUN      ] FatalFailureTest.NonfatalFailureInSubroutine
+(expecting a failure on false)
+gtest_output_test_.cc:#: Failure
+Value of: false
+  Actual: false
+Expected: true
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine
+[----------] 1 test from LoggingTest
+[ RUN      ] LoggingTest.InterleavingLoggingAndAssertions
+(expecting 2 failures on (3) >= (a[i]))
+i == 0
+i == 1
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 9
+i == 2
+i == 3
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 6
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions
+[----------] 6 tests from SCOPED_TRACETest
+[ RUN      ] SCOPED_TRACETest.ObeysScopes
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and shouldn't have a trace.
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should have a trace.
+Google Test trace:
+gtest_output_test_.cc:#: Expected trace
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and shouldn't have a trace.
+[  FAILED  ] SCOPED_TRACETest.ObeysScopes
+[ RUN      ] SCOPED_TRACETest.WorksInLoop
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 1
+Expected: 2
+Google Test trace:
+gtest_output_test_.cc:#: i = 1
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 2
+Expected: 1
+Google Test trace:
+gtest_output_test_.cc:#: i = 2
+[  FAILED  ] SCOPED_TRACETest.WorksInLoop
+[ RUN      ] SCOPED_TRACETest.WorksInSubroutine
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 1
+Expected: 2
+Google Test trace:
+gtest_output_test_.cc:#: n = 1
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 2
+Expected: 1
+Google Test trace:
+gtest_output_test_.cc:#: n = 2
+[  FAILED  ] SCOPED_TRACETest.WorksInSubroutine
+[ RUN      ] SCOPED_TRACETest.CanBeNested
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Value of: n
+  Actual: 2
+Expected: 1
+Google Test trace:
+gtest_output_test_.cc:#: n = 2
+gtest_output_test_.cc:#: 
+[  FAILED  ] SCOPED_TRACETest.CanBeNested
+[ RUN      ] SCOPED_TRACETest.CanBeRepeated
+(expected to fail)
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A.
+Google Test trace:
+gtest_output_test_.cc:#: A
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A and B.
+Google Test trace:
+gtest_output_test_.cc:#: B
+gtest_output_test_.cc:#: A
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A, B, and C.
+Google Test trace:
+gtest_output_test_.cc:#: C
+gtest_output_test_.cc:#: B
+gtest_output_test_.cc:#: A
+gtest_output_test_.cc:#: Failure
+Failed
+This failure is expected, and should contain trace point A, B, and D.
+Google Test trace:
+gtest_output_test_.cc:#: D
+gtest_output_test_.cc:#: B
+gtest_output_test_.cc:#: A
+[  FAILED  ] SCOPED_TRACETest.CanBeRepeated
+[ RUN      ] SCOPED_TRACETest.WorksConcurrently
+(expecting 6 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1 (in thread B, only trace B alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace B
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2 (in thread A, trace A & B both alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace A
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3 (in thread B, trace A & B both alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace B
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #4 (in thread B, only trace A alive).
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #5 (in thread A, only trace A alive).
+Google Test trace:
+gtest_output_test_.cc:#: Trace A
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #6 (in thread A, no trace alive).
+[  FAILED  ] SCOPED_TRACETest.WorksConcurrently
+[----------] 1 test from NonFatalFailureInFixtureConstructorTest
+[ RUN      ] NonFatalFailureInFixtureConstructorTest.FailureInConstructor
+(expecting 5 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in the test fixture c'tor.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in SetUp().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3, in the test body.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #4, in TearDown.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #5, in the test fixture d'tor.
+[  FAILED  ] NonFatalFailureInFixtureConstructorTest.FailureInConstructor
+[----------] 1 test from FatalFailureInFixtureConstructorTest
+[ RUN      ] FatalFailureInFixtureConstructorTest.FailureInConstructor
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in the test fixture c'tor.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in the test fixture d'tor.
+[  FAILED  ] FatalFailureInFixtureConstructorTest.FailureInConstructor
+[----------] 1 test from NonFatalFailureInSetUpTest
+[ RUN      ] NonFatalFailureInSetUpTest.FailureInSetUp
+(expecting 4 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in SetUp().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in the test function.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3, in TearDown().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #4, in the test fixture d'tor.
+[  FAILED  ] NonFatalFailureInSetUpTest.FailureInSetUp
+[----------] 1 test from FatalFailureInSetUpTest
+[ RUN      ] FatalFailureInSetUpTest.FailureInSetUp
+(expecting 3 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #1, in SetUp().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #2, in TearDown().
+gtest_output_test_.cc:#: Failure
+Failed
+Expected failure #3, in the test fixture d'tor.
+[  FAILED  ] FatalFailureInSetUpTest.FailureInSetUp
+[----------] 1 test from AddFailureAtTest
+[ RUN      ] AddFailureAtTest.MessageContainsSpecifiedFileAndLineNumber
+foo.cc:42: Failure
+Failed
+Expected failure in foo.cc
+[  FAILED  ] AddFailureAtTest.MessageContainsSpecifiedFileAndLineNumber
+[----------] 4 tests from MixedUpTestCaseTest
+[ RUN      ] MixedUpTestCaseTest.FirstTestFromNamespaceFoo
+[       OK ] MixedUpTestCaseTest.FirstTestFromNamespaceFoo
+[ RUN      ] MixedUpTestCaseTest.SecondTestFromNamespaceFoo
+[       OK ] MixedUpTestCaseTest.SecondTestFromNamespaceFoo
+[ RUN      ] MixedUpTestCaseTest.ThisShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class.  However, in test case MixedUpTestCaseTest,
+you defined test FirstTestFromNamespaceFoo and test ThisShouldFail
+using two different test fixture classes.  This can happen if
+the two classes are from different namespaces or translation
+units and have the same name.  You should probably rename one
+of the classes to put the tests into different test cases.
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFail
+[ RUN      ] MixedUpTestCaseTest.ThisShouldFailToo
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class.  However, in test case MixedUpTestCaseTest,
+you defined test FirstTestFromNamespaceFoo and test ThisShouldFailToo
+using two different test fixture classes.  This can happen if
+the two classes are from different namespaces or translation
+units and have the same name.  You should probably rename one
+of the classes to put the tests into different test cases.
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFailToo
+[----------] 2 tests from MixedUpTestCaseWithSameTestNameTest
+[ RUN      ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[       OK ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[ RUN      ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class.  However, in test case MixedUpTestCaseWithSameTestNameTest,
+you defined test TheSecondTestWithThisNameShouldFail and test TheSecondTestWithThisNameShouldFail
+using two different test fixture classes.  This can happen if
+the two classes are from different namespaces or translation
+units and have the same name.  You should probably rename one
+of the classes to put the tests into different test cases.
+[  FAILED  ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[----------] 2 tests from TEST_F_before_TEST_in_same_test_case
+[ RUN      ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTEST_F
+[       OK ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTEST_F
+[ RUN      ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTESTAndShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class, so mixing TEST_F and TEST in the same test case is
+illegal.  In test case TEST_F_before_TEST_in_same_test_case,
+test DefinedUsingTEST_F is defined using TEST_F but
+test DefinedUsingTESTAndShouldFail is defined using TEST.  You probably
+want to change the TEST to TEST_F or move it to another test
+case.
+[  FAILED  ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTESTAndShouldFail
+[----------] 2 tests from TEST_before_TEST_F_in_same_test_case
+[ RUN      ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST
+[       OK ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST
+[ RUN      ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST_FAndShouldFail
+gtest.cc:#: Failure
+Failed
+All tests in the same test case must use the same test fixture
+class, so mixing TEST_F and TEST in the same test case is
+illegal.  In test case TEST_before_TEST_F_in_same_test_case,
+test DefinedUsingTEST_FAndShouldFail is defined using TEST_F but
+test DefinedUsingTEST is defined using TEST.  You probably
+want to change the TEST to TEST_F or move it to another test
+case.
+[  FAILED  ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST_FAndShouldFail
+[----------] 8 tests from ExpectNonfatalFailureTest
+[ RUN      ] ExpectNonfatalFailureTest.CanReferenceGlobalVariables
+[       OK ] ExpectNonfatalFailureTest.CanReferenceGlobalVariables
+[ RUN      ] ExpectNonfatalFailureTest.CanReferenceLocalVariables
+[       OK ] ExpectNonfatalFailureTest.CanReferenceLocalVariables
+[ RUN      ] ExpectNonfatalFailureTest.SucceedsWhenThereIsOneNonfatalFailure
+[       OK ] ExpectNonfatalFailureTest.SucceedsWhenThereIsOneNonfatalFailure
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenThereIsNoNonfatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsNoNonfatalFailure
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenThereAreTwoNonfatalFailures
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 2 failures
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure 1.
+
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure 2.
+
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereAreTwoNonfatalFailures
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenThereIsOneFatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsOneFatalFailure
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenStatementReturns
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementReturns
+[ RUN      ] ExpectNonfatalFailureTest.FailsWhenStatementThrows
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementThrows
+[----------] 8 tests from ExpectFatalFailureTest
+[ RUN      ] ExpectFatalFailureTest.CanReferenceGlobalVariables
+[       OK ] ExpectFatalFailureTest.CanReferenceGlobalVariables
+[ RUN      ] ExpectFatalFailureTest.CanReferenceLocalStaticVariables
+[       OK ] ExpectFatalFailureTest.CanReferenceLocalStaticVariables
+[ RUN      ] ExpectFatalFailureTest.SucceedsWhenThereIsOneFatalFailure
+[       OK ] ExpectFatalFailureTest.SucceedsWhenThereIsOneFatalFailure
+[ RUN      ] ExpectFatalFailureTest.FailsWhenThereIsNoFatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsNoFatalFailure
+[ RUN      ] ExpectFatalFailureTest.FailsWhenThereAreTwoFatalFailures
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 2 failures
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereAreTwoFatalFailures
+[ RUN      ] ExpectFatalFailureTest.FailsWhenThereIsOneNonfatalFailure
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsOneNonfatalFailure
+[ RUN      ] ExpectFatalFailureTest.FailsWhenStatementReturns
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementReturns
+[ RUN      ] ExpectFatalFailureTest.FailsWhenStatementThrows
+(expecting a failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementThrows
+[----------] 2 tests from TypedTest/0, where TypeParam = int
+[ RUN      ] TypedTest/0.Success
+[       OK ] TypedTest/0.Success
+[ RUN      ] TypedTest/0.Failure
+gtest_output_test_.cc:#: Failure
+Value of: TypeParam()
+  Actual: 0
+Expected: 1
+Expected failure
+[  FAILED  ] TypedTest/0.Failure, where TypeParam = int
+[----------] 2 tests from Unsigned/TypedTestP/0, where TypeParam = unsigned char
+[ RUN      ] Unsigned/TypedTestP/0.Success
+[       OK ] Unsigned/TypedTestP/0.Success
+[ RUN      ] Unsigned/TypedTestP/0.Failure
+gtest_output_test_.cc:#: Failure
+Value of: TypeParam()
+  Actual: '\0'
+Expected: 1U
+Which is: 1
+Expected failure
+[  FAILED  ] Unsigned/TypedTestP/0.Failure, where TypeParam = unsigned char
+[----------] 2 tests from Unsigned/TypedTestP/1, where TypeParam = unsigned int
+[ RUN      ] Unsigned/TypedTestP/1.Success
+[       OK ] Unsigned/TypedTestP/1.Success
+[ RUN      ] Unsigned/TypedTestP/1.Failure
+gtest_output_test_.cc:#: Failure
+Value of: TypeParam()
+  Actual: 0
+Expected: 1U
+Which is: 1
+Expected failure
+[  FAILED  ] Unsigned/TypedTestP/1.Failure, where TypeParam = unsigned int
+[----------] 4 tests from ExpectFailureTest
+[ RUN      ] ExpectFailureTest.ExpectFatalFailure
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure containing "Some other fatal failure expected."
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailure
+[ RUN      ] ExpectFailureTest.ExpectNonFatalFailure
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure containing "Some other non-fatal failure."
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailure
+[ RUN      ] ExpectFailureTest.ExpectFatalFailureOnAllThreads
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 fatal failure containing "Some other fatal failure expected."
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailureOnAllThreads
+[ RUN      ] ExpectFailureTest.ExpectNonFatalFailureOnAllThreads
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Success:
+Succeeded
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual:
+gtest_output_test_.cc:#: Fatal failure:
+Failed
+Expected fatal failure.
+
+(expecting 1 failure)
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure containing "Some other non-fatal failure."
+  Actual:
+gtest_output_test_.cc:#: Non-fatal failure:
+Failed
+Expected non-fatal failure.
+
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailureOnAllThreads
+[----------] 2 tests from ExpectFailureWithThreadsTest
+[ RUN      ] ExpectFailureWithThreadsTest.ExpectFatalFailure
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected fatal failure.
+gtest.cc:#: Failure
+Expected: 1 fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectFatalFailure
+[ RUN      ] ExpectFailureWithThreadsTest.ExpectNonFatalFailure
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected non-fatal failure.
+gtest.cc:#: Failure
+Expected: 1 non-fatal failure
+  Actual: 0 failures
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectNonFatalFailure
+[----------] 1 test from ScopedFakeTestPartResultReporterTest
+[ RUN      ] ScopedFakeTestPartResultReporterTest.InterceptOnlyCurrentThread
+(expecting 2 failures)
+gtest_output_test_.cc:#: Failure
+Failed
+Expected fatal failure.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected non-fatal failure.
+[  FAILED  ] ScopedFakeTestPartResultReporterTest.InterceptOnlyCurrentThread
+[----------] 1 test from PrintingFailingParams/FailingParamTest
+[ RUN      ] PrintingFailingParams/FailingParamTest.Fails/0
+gtest_output_test_.cc:#: Failure
+Value of: GetParam()
+  Actual: 2
+Expected: 1
+[  FAILED  ] PrintingFailingParams/FailingParamTest.Fails/0, where GetParam() = 2
+[----------] Global test environment tear-down
+BarEnvironment::TearDown() called.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected non-fatal failure.
+FooEnvironment::TearDown() called.
+gtest_output_test_.cc:#: Failure
+Failed
+Expected fatal failure.
+[==========] 64 tests from 28 test cases ran.
+[  PASSED  ] 21 tests.
+[  FAILED  ] 43 tests, listed below:
+[  FAILED  ] NonfatalFailureTest.EscapesStringOperands
+[  FAILED  ] NonfatalFailureTest.DiffForLongStrings
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions
+[  FAILED  ] SCOPED_TRACETest.ObeysScopes
+[  FAILED  ] SCOPED_TRACETest.WorksInLoop
+[  FAILED  ] SCOPED_TRACETest.WorksInSubroutine
+[  FAILED  ] SCOPED_TRACETest.CanBeNested
+[  FAILED  ] SCOPED_TRACETest.CanBeRepeated
+[  FAILED  ] SCOPED_TRACETest.WorksConcurrently
+[  FAILED  ] NonFatalFailureInFixtureConstructorTest.FailureInConstructor
+[  FAILED  ] FatalFailureInFixtureConstructorTest.FailureInConstructor
+[  FAILED  ] NonFatalFailureInSetUpTest.FailureInSetUp
+[  FAILED  ] FatalFailureInSetUpTest.FailureInSetUp
+[  FAILED  ] AddFailureAtTest.MessageContainsSpecifiedFileAndLineNumber
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFail
+[  FAILED  ] MixedUpTestCaseTest.ThisShouldFailToo
+[  FAILED  ] MixedUpTestCaseWithSameTestNameTest.TheSecondTestWithThisNameShouldFail
+[  FAILED  ] TEST_F_before_TEST_in_same_test_case.DefinedUsingTESTAndShouldFail
+[  FAILED  ] TEST_before_TEST_F_in_same_test_case.DefinedUsingTEST_FAndShouldFail
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsNoNonfatalFailure
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereAreTwoNonfatalFailures
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenThereIsOneFatalFailure
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementReturns
+[  FAILED  ] ExpectNonfatalFailureTest.FailsWhenStatementThrows
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsNoFatalFailure
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereAreTwoFatalFailures
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenThereIsOneNonfatalFailure
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementReturns
+[  FAILED  ] ExpectFatalFailureTest.FailsWhenStatementThrows
+[  FAILED  ] TypedTest/0.Failure, where TypeParam = int
+[  FAILED  ] Unsigned/TypedTestP/0.Failure, where TypeParam = unsigned char
+[  FAILED  ] Unsigned/TypedTestP/1.Failure, where TypeParam = unsigned int
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailure
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailure
+[  FAILED  ] ExpectFailureTest.ExpectFatalFailureOnAllThreads
+[  FAILED  ] ExpectFailureTest.ExpectNonFatalFailureOnAllThreads
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectFatalFailure
+[  FAILED  ] ExpectFailureWithThreadsTest.ExpectNonFatalFailure
+[  FAILED  ] ScopedFakeTestPartResultReporterTest.InterceptOnlyCurrentThread
+[  FAILED  ] PrintingFailingParams/FailingParamTest.Fails/0, where GetParam() = 2
+
+43 FAILED TESTS
+  YOU HAVE 1 DISABLED TEST
+
+Note: Google Test filter = FatalFailureTest.*:LoggingTest.*
+[==========] Running 4 tests from 2 test cases.
+[----------] Global test environment set-up.
+[----------] 3 tests from FatalFailureTest
+[ RUN      ] FatalFailureTest.FatalFailureInSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine (? ms)
+[ RUN      ] FatalFailureTest.FatalFailureInNestedSubroutine
+(expecting a failure that x should be 1)
+gtest_output_test_.cc:#: Failure
+Value of: x
+  Actual: 2
+Expected: 1
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine (? ms)
+[ RUN      ] FatalFailureTest.NonfatalFailureInSubroutine
+(expecting a failure on false)
+gtest_output_test_.cc:#: Failure
+Value of: false
+  Actual: false
+Expected: true
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine (? ms)
+[----------] 3 tests from FatalFailureTest (? ms total)
+
+[----------] 1 test from LoggingTest
+[ RUN      ] LoggingTest.InterleavingLoggingAndAssertions
+(expecting 2 failures on (3) >= (a[i]))
+i == 0
+i == 1
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 9
+i == 2
+i == 3
+gtest_output_test_.cc:#: Failure
+Expected: (3) >= (a[i]), actual: 3 vs 6
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions (? ms)
+[----------] 1 test from LoggingTest (? ms total)
+
+[----------] Global test environment tear-down
+[==========] 4 tests from 2 test cases ran. (? ms total)
+[  PASSED  ] 0 tests.
+[  FAILED  ] 4 tests, listed below:
+[  FAILED  ] FatalFailureTest.FatalFailureInSubroutine
+[  FAILED  ] FatalFailureTest.FatalFailureInNestedSubroutine
+[  FAILED  ] FatalFailureTest.NonfatalFailureInSubroutine
+[  FAILED  ] LoggingTest.InterleavingLoggingAndAssertions
+
+ 4 FAILED TESTS
+Note: Google Test filter = *DISABLED_*
+[==========] Running 1 test from 1 test case.
+[----------] Global test environment set-up.
+[----------] 1 test from DisabledTestsWarningTest
+[ RUN      ] DisabledTestsWarningTest.DISABLED_AlsoRunDisabledTestsFlagSuppressesWarning
+[       OK ] DisabledTestsWarningTest.DISABLED_AlsoRunDisabledTestsFlagSuppressesWarning
+[----------] Global test environment tear-down
+[==========] 1 test from 1 test case ran.
+[  PASSED  ] 1 test.
+Note: Google Test filter = PassingTest.*
+Note: This is test shard 2 of 2.
+[==========] Running 1 test from 1 test case.
+[----------] Global test environment set-up.
+[----------] 1 test from PassingTest
+[ RUN      ] PassingTest.PassingTest2
+[       OK ] PassingTest.PassingTest2
+[----------] Global test environment tear-down
+[==========] 1 test from 1 test case ran.
+[  PASSED  ] 1 test.
diff --git a/nss/gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc b/nss/gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc
new file mode 100644
index 0000000..a84eff8
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_pred_impl_unittest.cc
@@ -0,0 +1,2427 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// This file is AUTOMATICALLY GENERATED on 10/31/2011 by command
+// 'gen_gtest_pred_impl.py 5'.  DO NOT EDIT BY HAND!
+
+// Regression test for gtest_pred_impl.h
+//
+// This file is generated by a script and quite long.  If you intend to
+// learn how Google Test works by reading its unit tests, read
+// gtest_unittest.cc instead.
+//
+// This is intended as a regression test for the Google Test predicate
+// assertions.  We compile it as part of the gtest_unittest target
+// only to keep the implementation tidy and compact, as it is quite
+// involved to set up the stage for testing Google Test using Google
+// Test itself.
+//
+// Currently, gtest_unittest takes ~11 seconds to run in the testing
+// daemon.  In the future, if it grows too large and needs much more
+// time to finish, we should consider separating this file into a
+// stand-alone regression test.
+
+#include <iostream>
+
+#include "gtest/gtest.h"
+#include "gtest/gtest-spi.h"
+
+// A user-defined data type.
+struct Bool {
+  explicit Bool(int val) : value(val != 0) {}
+
+  bool operator>(int n) const { return value > Bool(n).value; }
+
+  Bool operator+(const Bool& rhs) const { return Bool(value + rhs.value); }
+
+  bool operator==(const Bool& rhs) const { return value == rhs.value; }
+
+  bool value;
+};
+
+// Enables Bool to be used in assertions.
+std::ostream& operator<<(std::ostream& os, const Bool& x) {
+  return os << (x.value ? "true" : "false");
+}
+
+// Sample functions/functors for testing unary predicate assertions.
+
+// A unary predicate function.
+template <typename T1>
+bool PredFunction1(T1 v1) {
+  return v1 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction1Int(int v1) {
+  return v1 > 0;
+}
+bool PredFunction1Bool(Bool v1) {
+  return v1 > 0;
+}
+
+// A unary predicate functor.
+struct PredFunctor1 {
+  template <typename T1>
+  bool operator()(const T1& v1) {
+    return v1 > 0;
+  }
+};
+
+// A unary predicate-formatter function.
+template <typename T1>
+testing::AssertionResult PredFormatFunction1(const char* e1,
+                                             const T1& v1) {
+  if (PredFunction1(v1))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1
+      << " is expected to be positive, but evaluates to "
+      << v1 << ".";
+}
+
+// A unary predicate-formatter functor.
+struct PredFormatFunctor1 {
+  template <typename T1>
+  testing::AssertionResult operator()(const char* e1,
+                                      const T1& v1) const {
+    return PredFormatFunction1(e1, v1);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT1.
+
+class Predicate1Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+};
+
+bool Predicate1Test::expected_to_finish_;
+bool Predicate1Test::finished_;
+int Predicate1Test::n1_;
+
+typedef Predicate1Test EXPECT_PRED_FORMAT1Test;
+typedef Predicate1Test ASSERT_PRED_FORMAT1Test;
+typedef Predicate1Test EXPECT_PRED1Test;
+typedef Predicate1Test ASSERT_PRED1Test;
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED1(PredFunction1Int,
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED1(PredFunction1Bool,
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED1(PredFunctor1(),
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED1(PredFunctor1(),
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunction1Int,
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunction1Bool,
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED1Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunctor1(),
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED1Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(PredFunctor1(),
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED1(PredFunction1Int,
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED1(PredFunction1Bool,
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED1(PredFunctor1(),
+               ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED1(PredFunctor1(),
+               Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunction1Int,
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunction1Bool,
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED1Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunctor1(),
+                 n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED1Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED1(PredFunctor1(),
+                 Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunction1,
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT1Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT1(PredFormatFunctor1(),
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                      ++n1_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                      Bool(++n1_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunction1,
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                        n1_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT1 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT1Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(PredFormatFunctor1(),
+                        Bool(n1_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing binary predicate assertions.
+
+// A binary predicate function.
+template <typename T1, typename T2>
+bool PredFunction2(T1 v1, T2 v2) {
+  return v1 + v2 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction2Int(int v1, int v2) {
+  return v1 + v2 > 0;
+}
+bool PredFunction2Bool(Bool v1, Bool v2) {
+  return v1 + v2 > 0;
+}
+
+// A binary predicate functor.
+struct PredFunctor2 {
+  template <typename T1, typename T2>
+  bool operator()(const T1& v1,
+                  const T2& v2) {
+    return v1 + v2 > 0;
+  }
+};
+
+// A binary predicate-formatter function.
+template <typename T1, typename T2>
+testing::AssertionResult PredFormatFunction2(const char* e1,
+                                             const char* e2,
+                                             const T1& v1,
+                                             const T2& v2) {
+  if (PredFunction2(v1, v2))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 << ".";
+}
+
+// A binary predicate-formatter functor.
+struct PredFormatFunctor2 {
+  template <typename T1, typename T2>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const T1& v1,
+                                      const T2& v2) const {
+    return PredFormatFunction2(e1, e2, v1, v2);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT2.
+
+class Predicate2Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+};
+
+bool Predicate2Test::expected_to_finish_;
+bool Predicate2Test::finished_;
+int Predicate2Test::n1_;
+int Predicate2Test::n2_;
+
+typedef Predicate2Test EXPECT_PRED_FORMAT2Test;
+typedef Predicate2Test ASSERT_PRED_FORMAT2Test;
+typedef Predicate2Test EXPECT_PRED2Test;
+typedef Predicate2Test ASSERT_PRED2Test;
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED2(PredFunction2Int,
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED2(PredFunction2Bool,
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED2(PredFunctor2(),
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED2(PredFunctor2(),
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunction2Int,
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunction2Bool,
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED2Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunctor2(),
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED2Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(PredFunctor2(),
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED2(PredFunction2Int,
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED2(PredFunction2Bool,
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED2(PredFunctor2(),
+               ++n1_,
+               ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED2(PredFunctor2(),
+               Bool(++n1_),
+               Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunction2Int,
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunction2Bool,
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED2Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunctor2(),
+                 n1_++,
+                 n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED2Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED2(PredFunctor2(),
+                 Bool(n1_++),
+                 Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunction2,
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT2Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(PredFormatFunctor2(),
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                      ++n1_,
+                      ++n2_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                      Bool(++n1_),
+                      Bool(++n2_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunction2,
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                        n1_++,
+                        n2_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT2 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT2Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(PredFormatFunctor2(),
+                        Bool(n1_++),
+                        Bool(n2_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing ternary predicate assertions.
+
+// A ternary predicate function.
+template <typename T1, typename T2, typename T3>
+bool PredFunction3(T1 v1, T2 v2, T3 v3) {
+  return v1 + v2 + v3 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction3Int(int v1, int v2, int v3) {
+  return v1 + v2 + v3 > 0;
+}
+bool PredFunction3Bool(Bool v1, Bool v2, Bool v3) {
+  return v1 + v2 + v3 > 0;
+}
+
+// A ternary predicate functor.
+struct PredFunctor3 {
+  template <typename T1, typename T2, typename T3>
+  bool operator()(const T1& v1,
+                  const T2& v2,
+                  const T3& v3) {
+    return v1 + v2 + v3 > 0;
+  }
+};
+
+// A ternary predicate-formatter function.
+template <typename T1, typename T2, typename T3>
+testing::AssertionResult PredFormatFunction3(const char* e1,
+                                             const char* e2,
+                                             const char* e3,
+                                             const T1& v1,
+                                             const T2& v2,
+                                             const T3& v3) {
+  if (PredFunction3(v1, v2, v3))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2 << " + " << e3
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 + v3 << ".";
+}
+
+// A ternary predicate-formatter functor.
+struct PredFormatFunctor3 {
+  template <typename T1, typename T2, typename T3>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const char* e3,
+                                      const T1& v1,
+                                      const T2& v2,
+                                      const T3& v3) const {
+    return PredFormatFunction3(e1, e2, e3, v1, v2, v3);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT3.
+
+class Predicate3Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = n3_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+    EXPECT_EQ(1, n3_) <<
+        "The predicate assertion didn't evaluate argument 4 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+  static int n3_;
+};
+
+bool Predicate3Test::expected_to_finish_;
+bool Predicate3Test::finished_;
+int Predicate3Test::n1_;
+int Predicate3Test::n2_;
+int Predicate3Test::n3_;
+
+typedef Predicate3Test EXPECT_PRED_FORMAT3Test;
+typedef Predicate3Test ASSERT_PRED_FORMAT3Test;
+typedef Predicate3Test EXPECT_PRED3Test;
+typedef Predicate3Test ASSERT_PRED3Test;
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED3(PredFunction3Int,
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED3(PredFunction3Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED3(PredFunctor3(),
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED3(PredFunctor3(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunction3Int,
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunction3Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED3Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunctor3(),
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED3Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(PredFunctor3(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED3(PredFunction3Int,
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED3(PredFunction3Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED3(PredFunctor3(),
+               ++n1_,
+               ++n2_,
+               ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED3(PredFunctor3(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunction3Int,
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunction3Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED3Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunctor3(),
+                 n1_++,
+                 n2_++,
+                 n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED3Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(PredFunctor3(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunction3,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT3Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT3(PredFormatFunctor3(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunction3,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                        n1_++,
+                        n2_++,
+                        n3_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT3 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT3Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT3(PredFormatFunctor3(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing 4-ary predicate assertions.
+
+// A 4-ary predicate function.
+template <typename T1, typename T2, typename T3, typename T4>
+bool PredFunction4(T1 v1, T2 v2, T3 v3, T4 v4) {
+  return v1 + v2 + v3 + v4 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction4Int(int v1, int v2, int v3, int v4) {
+  return v1 + v2 + v3 + v4 > 0;
+}
+bool PredFunction4Bool(Bool v1, Bool v2, Bool v3, Bool v4) {
+  return v1 + v2 + v3 + v4 > 0;
+}
+
+// A 4-ary predicate functor.
+struct PredFunctor4 {
+  template <typename T1, typename T2, typename T3, typename T4>
+  bool operator()(const T1& v1,
+                  const T2& v2,
+                  const T3& v3,
+                  const T4& v4) {
+    return v1 + v2 + v3 + v4 > 0;
+  }
+};
+
+// A 4-ary predicate-formatter function.
+template <typename T1, typename T2, typename T3, typename T4>
+testing::AssertionResult PredFormatFunction4(const char* e1,
+                                             const char* e2,
+                                             const char* e3,
+                                             const char* e4,
+                                             const T1& v1,
+                                             const T2& v2,
+                                             const T3& v3,
+                                             const T4& v4) {
+  if (PredFunction4(v1, v2, v3, v4))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2 << " + " << e3 << " + " << e4
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 + v3 + v4 << ".";
+}
+
+// A 4-ary predicate-formatter functor.
+struct PredFormatFunctor4 {
+  template <typename T1, typename T2, typename T3, typename T4>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const char* e3,
+                                      const char* e4,
+                                      const T1& v1,
+                                      const T2& v2,
+                                      const T3& v3,
+                                      const T4& v4) const {
+    return PredFormatFunction4(e1, e2, e3, e4, v1, v2, v3, v4);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT4.
+
+class Predicate4Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = n3_ = n4_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+    EXPECT_EQ(1, n3_) <<
+        "The predicate assertion didn't evaluate argument 4 "
+        "exactly once.";
+    EXPECT_EQ(1, n4_) <<
+        "The predicate assertion didn't evaluate argument 5 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+  static int n3_;
+  static int n4_;
+};
+
+bool Predicate4Test::expected_to_finish_;
+bool Predicate4Test::finished_;
+int Predicate4Test::n1_;
+int Predicate4Test::n2_;
+int Predicate4Test::n3_;
+int Predicate4Test::n4_;
+
+typedef Predicate4Test EXPECT_PRED_FORMAT4Test;
+typedef Predicate4Test ASSERT_PRED_FORMAT4Test;
+typedef Predicate4Test EXPECT_PRED4Test;
+typedef Predicate4Test ASSERT_PRED4Test;
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED4(PredFunction4Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED4(PredFunction4Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED4(PredFunctor4(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED4(PredFunctor4(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunction4Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunction4Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED4Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunctor4(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED4Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED4(PredFunctor4(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED4(PredFunction4Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED4(PredFunction4Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED4(PredFunctor4(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED4(PredFunctor4(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunction4Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunction4Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED4Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunctor4(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED4Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED4(PredFunctor4(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunction4,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT4Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(PredFormatFunctor4(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunction4,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT4 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT4Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT4(PredFormatFunctor4(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++));
+    finished_ = true;
+  }, "");
+}
+// Sample functions/functors for testing 5-ary predicate assertions.
+
+// A 5-ary predicate function.
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+bool PredFunction5(T1 v1, T2 v2, T3 v3, T4 v4, T5 v5) {
+  return v1 + v2 + v3 + v4 + v5 > 0;
+}
+
+// The following two functions are needed to circumvent a bug in
+// gcc 2.95.3, which sometimes has problem with the above template
+// function.
+bool PredFunction5Int(int v1, int v2, int v3, int v4, int v5) {
+  return v1 + v2 + v3 + v4 + v5 > 0;
+}
+bool PredFunction5Bool(Bool v1, Bool v2, Bool v3, Bool v4, Bool v5) {
+  return v1 + v2 + v3 + v4 + v5 > 0;
+}
+
+// A 5-ary predicate functor.
+struct PredFunctor5 {
+  template <typename T1, typename T2, typename T3, typename T4, typename T5>
+  bool operator()(const T1& v1,
+                  const T2& v2,
+                  const T3& v3,
+                  const T4& v4,
+                  const T5& v5) {
+    return v1 + v2 + v3 + v4 + v5 > 0;
+  }
+};
+
+// A 5-ary predicate-formatter function.
+template <typename T1, typename T2, typename T3, typename T4, typename T5>
+testing::AssertionResult PredFormatFunction5(const char* e1,
+                                             const char* e2,
+                                             const char* e3,
+                                             const char* e4,
+                                             const char* e5,
+                                             const T1& v1,
+                                             const T2& v2,
+                                             const T3& v3,
+                                             const T4& v4,
+                                             const T5& v5) {
+  if (PredFunction5(v1, v2, v3, v4, v5))
+    return testing::AssertionSuccess();
+
+  return testing::AssertionFailure()
+      << e1 << " + " << e2 << " + " << e3 << " + " << e4 << " + " << e5
+      << " is expected to be positive, but evaluates to "
+      << v1 + v2 + v3 + v4 + v5 << ".";
+}
+
+// A 5-ary predicate-formatter functor.
+struct PredFormatFunctor5 {
+  template <typename T1, typename T2, typename T3, typename T4, typename T5>
+  testing::AssertionResult operator()(const char* e1,
+                                      const char* e2,
+                                      const char* e3,
+                                      const char* e4,
+                                      const char* e5,
+                                      const T1& v1,
+                                      const T2& v2,
+                                      const T3& v3,
+                                      const T4& v4,
+                                      const T5& v5) const {
+    return PredFormatFunction5(e1, e2, e3, e4, e5, v1, v2, v3, v4, v5);
+  }
+};
+
+// Tests for {EXPECT|ASSERT}_PRED_FORMAT5.
+
+class Predicate5Test : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    expected_to_finish_ = true;
+    finished_ = false;
+    n1_ = n2_ = n3_ = n4_ = n5_ = 0;
+  }
+
+  virtual void TearDown() {
+    // Verifies that each of the predicate's arguments was evaluated
+    // exactly once.
+    EXPECT_EQ(1, n1_) <<
+        "The predicate assertion didn't evaluate argument 2 "
+        "exactly once.";
+    EXPECT_EQ(1, n2_) <<
+        "The predicate assertion didn't evaluate argument 3 "
+        "exactly once.";
+    EXPECT_EQ(1, n3_) <<
+        "The predicate assertion didn't evaluate argument 4 "
+        "exactly once.";
+    EXPECT_EQ(1, n4_) <<
+        "The predicate assertion didn't evaluate argument 5 "
+        "exactly once.";
+    EXPECT_EQ(1, n5_) <<
+        "The predicate assertion didn't evaluate argument 6 "
+        "exactly once.";
+
+    // Verifies that the control flow in the test function is expected.
+    if (expected_to_finish_ && !finished_) {
+      FAIL() << "The predicate assertion unexpactedly aborted the test.";
+    } else if (!expected_to_finish_ && finished_) {
+      FAIL() << "The failed predicate assertion didn't abort the test "
+                "as expected.";
+    }
+  }
+
+  // true iff the test function is expected to run to finish.
+  static bool expected_to_finish_;
+
+  // true iff the test function did run to finish.
+  static bool finished_;
+
+  static int n1_;
+  static int n2_;
+  static int n3_;
+  static int n4_;
+  static int n5_;
+};
+
+bool Predicate5Test::expected_to_finish_;
+bool Predicate5Test::finished_;
+int Predicate5Test::n1_;
+int Predicate5Test::n2_;
+int Predicate5Test::n3_;
+int Predicate5Test::n4_;
+int Predicate5Test::n5_;
+
+typedef Predicate5Test EXPECT_PRED_FORMAT5Test;
+typedef Predicate5Test ASSERT_PRED_FORMAT5Test;
+typedef Predicate5Test EXPECT_PRED5Test;
+typedef Predicate5Test ASSERT_PRED5Test;
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED5(PredFunction5Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED5(PredFunction5Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED5(PredFunctor5(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED5(PredFunctor5(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunction5Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunction5Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED5Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunctor5(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED5Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED5(PredFunctor5(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED5(PredFunction5Int,
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED5(PredFunction5Bool,
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED5(PredFunctor5(),
+               ++n1_,
+               ++n2_,
+               ++n3_,
+               ++n4_,
+               ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED5(PredFunctor5(),
+               Bool(++n1_),
+               Bool(++n2_),
+               Bool(++n3_),
+               Bool(++n4_),
+               Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunction5Int,
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunction5Bool,
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED5Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunctor5(),
+                 n1_++,
+                 n2_++,
+                 n3_++,
+                 n4_++,
+                 n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED5Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED5(PredFunctor5(),
+                 Bool(n1_++),
+                 Bool(n2_++),
+                 Bool(n3_++),
+                 Bool(n4_++),
+                 Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnBuiltInTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnUserTypeSuccess) {
+  EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctionOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunction5,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnBuiltInTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed EXPECT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(EXPECT_PRED_FORMAT5Test, FunctorOnUserTypeFailure) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT5(PredFormatFunctor5(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnBuiltInTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                      ++n1_,
+                      ++n2_,
+                      ++n3_,
+                      ++n4_,
+                      ++n5_);
+  finished_ = true;
+}
+
+// Tests a successful ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnUserTypeSuccess) {
+  ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                      Bool(++n1_),
+                      Bool(++n2_),
+                      Bool(++n3_),
+                      Bool(++n4_),
+                      Bool(++n5_));
+  finished_ = true;
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a function on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctionOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunction5,
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a built-in type (int).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnBuiltInTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                        n1_++,
+                        n2_++,
+                        n3_++,
+                        n4_++,
+                        n5_++);
+    finished_ = true;
+  }, "");
+}
+
+// Tests a failed ASSERT_PRED_FORMAT5 where the
+// predicate-formatter is a functor on a user-defined type (Bool).
+TEST_F(ASSERT_PRED_FORMAT5Test, FunctorOnUserTypeFailure) {
+  expected_to_finish_ = false;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(PredFormatFunctor5(),
+                        Bool(n1_++),
+                        Bool(n2_++),
+                        Bool(n3_++),
+                        Bool(n4_++),
+                        Bool(n5_++));
+    finished_ = true;
+  }, "");
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_premature_exit_test.cc b/nss/gtests/google_test/gtest/test/gtest_premature_exit_test.cc
new file mode 100644
index 0000000..c1ed968
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_premature_exit_test.cc
@@ -0,0 +1,143 @@
+// Copyright 2013, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests that Google Test manipulates the premature-exit-detection
+// file correctly.
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+
+using ::testing::InitGoogleTest;
+using ::testing::Test;
+using ::testing::internal::posix::GetEnv;
+using ::testing::internal::posix::Stat;
+using ::testing::internal::posix::StatStruct;
+
+namespace {
+
+// Is the TEST_PREMATURE_EXIT_FILE environment variable expected to be
+// set?
+const bool kTestPrematureExitFileEnvVarShouldBeSet = false;
+
+class PrematureExitTest : public Test {
+ public:
+  // Returns true iff the given file exists.
+  static bool FileExists(const char* filepath) {
+    StatStruct stat;
+    return Stat(filepath, &stat) == 0;
+  }
+
+ protected:
+  PrematureExitTest() {
+    premature_exit_file_path_ = GetEnv("TEST_PREMATURE_EXIT_FILE");
+
+    // Normalize NULL to "" for ease of handling.
+    if (premature_exit_file_path_ == NULL) {
+      premature_exit_file_path_ = "";
+    }
+  }
+
+  // Returns true iff the premature-exit file exists.
+  bool PrematureExitFileExists() const {
+    return FileExists(premature_exit_file_path_);
+  }
+
+  const char* premature_exit_file_path_;
+};
+
+typedef PrematureExitTest PrematureExitDeathTest;
+
+// Tests that:
+//   - the premature-exit file exists during the execution of a
+//     death test (EXPECT_DEATH*), and
+//   - a death test doesn't interfere with the main test process's
+//     handling of the premature-exit file.
+TEST_F(PrematureExitDeathTest, FileExistsDuringExecutionOfDeathTest) {
+  if (*premature_exit_file_path_ == '\0') {
+    return;
+  }
+
+  EXPECT_DEATH_IF_SUPPORTED({
+      // If the file exists, crash the process such that the main test
+      // process will catch the (expected) crash and report a success;
+      // otherwise don't crash, which will cause the main test process
+      // to report that the death test has failed.
+      if (PrematureExitFileExists()) {
+        exit(1);
+      }
+    }, "");
+}
+
+// Tests that TEST_PREMATURE_EXIT_FILE is set where it's expected to
+// be set.
+TEST_F(PrematureExitTest, TestPrematureExitFileEnvVarIsSet) {
+  GTEST_INTENTIONAL_CONST_COND_PUSH_()
+  if (kTestPrematureExitFileEnvVarShouldBeSet) {
+  GTEST_INTENTIONAL_CONST_COND_POP_()
+    const char* const filepath = GetEnv("TEST_PREMATURE_EXIT_FILE");
+    ASSERT_TRUE(filepath != NULL);
+    ASSERT_NE(*filepath, '\0');
+  }
+}
+
+// Tests that the premature-exit file exists during the execution of a
+// normal (non-death) test.
+TEST_F(PrematureExitTest, PrematureExitFileExistsDuringTestExecution) {
+  if (*premature_exit_file_path_ == '\0') {
+    return;
+  }
+
+  EXPECT_TRUE(PrematureExitFileExists())
+      << " file " << premature_exit_file_path_
+      << " should exist during test execution, but doesn't.";
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+  const int exit_code = RUN_ALL_TESTS();
+
+  // Test that the premature-exit file is deleted upon return from
+  // RUN_ALL_TESTS().
+  const char* const filepath = GetEnv("TEST_PREMATURE_EXIT_FILE");
+  if (filepath != NULL && *filepath != '\0') {
+    if (PrematureExitTest::FileExists(filepath)) {
+      printf(
+          "File %s shouldn't exist after the test program finishes, but does.",
+          filepath);
+      return 1;
+    }
+  }
+
+  return exit_code;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_prod_test.cc b/nss/gtests/google_test/gtest/test/gtest_prod_test.cc
new file mode 100644
index 0000000..060abce
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_prod_test.cc
@@ -0,0 +1,57 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Unit test for include/gtest/gtest_prod.h.
+
+#include "gtest/gtest.h"
+#include "test/production.h"
+
+// Tests that private members can be accessed from a TEST declared as
+// a friend of the class.
+TEST(PrivateCodeTest, CanAccessPrivateMembers) {
+  PrivateCode a;
+  EXPECT_EQ(0, a.x_);
+
+  a.set_x(1);
+  EXPECT_EQ(1, a.x_);
+}
+
+typedef testing::Test PrivateCodeFixtureTest;
+
+// Tests that private members can be accessed from a TEST_F declared
+// as a friend of the class.
+TEST_F(PrivateCodeFixtureTest, CanAccessPrivateMembers) {
+  PrivateCode a;
+  EXPECT_EQ(0, a.x_);
+
+  a.set_x(2);
+  EXPECT_EQ(2, a.x_);
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_repeat_test.cc b/nss/gtests/google_test/gtest/test/gtest_repeat_test.cc
new file mode 100644
index 0000000..481012a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_repeat_test.cc
@@ -0,0 +1,253 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests the --gtest_repeat=number flag.
+
+#include <stdlib.h>
+#include <iostream>
+#include "gtest/gtest.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+
+GTEST_DECLARE_string_(death_test_style);
+GTEST_DECLARE_string_(filter);
+GTEST_DECLARE_int32_(repeat);
+
+}  // namespace testing
+
+using testing::GTEST_FLAG(death_test_style);
+using testing::GTEST_FLAG(filter);
+using testing::GTEST_FLAG(repeat);
+
+namespace {
+
+// We need this when we are testing Google Test itself and therefore
+// cannot use Google Test assertions.
+#define GTEST_CHECK_INT_EQ_(expected, actual) \
+  do {\
+    const int expected_val = (expected);\
+    const int actual_val = (actual);\
+    if (::testing::internal::IsTrue(expected_val != actual_val)) {\
+      ::std::cout << "Value of: " #actual "\n"\
+                  << "  Actual: " << actual_val << "\n"\
+                  << "Expected: " #expected "\n"\
+                  << "Which is: " << expected_val << "\n";\
+      ::testing::internal::posix::Abort();\
+    }\
+  } while (::testing::internal::AlwaysFalse())
+
+
+// Used for verifying that global environment set-up and tear-down are
+// inside the gtest_repeat loop.
+
+int g_environment_set_up_count = 0;
+int g_environment_tear_down_count = 0;
+
+class MyEnvironment : public testing::Environment {
+ public:
+  MyEnvironment() {}
+  virtual void SetUp() { g_environment_set_up_count++; }
+  virtual void TearDown() { g_environment_tear_down_count++; }
+};
+
+// A test that should fail.
+
+int g_should_fail_count = 0;
+
+TEST(FooTest, ShouldFail) {
+  g_should_fail_count++;
+  EXPECT_EQ(0, 1) << "Expected failure.";
+}
+
+// A test that should pass.
+
+int g_should_pass_count = 0;
+
+TEST(FooTest, ShouldPass) {
+  g_should_pass_count++;
+}
+
+// A test that contains a thread-safe death test and a fast death
+// test.  It should pass.
+
+int g_death_test_count = 0;
+
+TEST(BarDeathTest, ThreadSafeAndFast) {
+  g_death_test_count++;
+
+  GTEST_FLAG(death_test_style) = "threadsafe";
+  EXPECT_DEATH_IF_SUPPORTED(::testing::internal::posix::Abort(), "");
+
+  GTEST_FLAG(death_test_style) = "fast";
+  EXPECT_DEATH_IF_SUPPORTED(::testing::internal::posix::Abort(), "");
+}
+
+#if GTEST_HAS_PARAM_TEST
+int g_param_test_count = 0;
+
+const int kNumberOfParamTests = 10;
+
+class MyParamTest : public testing::TestWithParam<int> {};
+
+TEST_P(MyParamTest, ShouldPass) {
+  // TODO(vladl@google.com): Make parameter value checking robust
+  //                         WRT order of tests.
+  GTEST_CHECK_INT_EQ_(g_param_test_count % kNumberOfParamTests, GetParam());
+  g_param_test_count++;
+}
+INSTANTIATE_TEST_CASE_P(MyParamSequence,
+                        MyParamTest,
+                        testing::Range(0, kNumberOfParamTests));
+#endif  // GTEST_HAS_PARAM_TEST
+
+// Resets the count for each test.
+void ResetCounts() {
+  g_environment_set_up_count = 0;
+  g_environment_tear_down_count = 0;
+  g_should_fail_count = 0;
+  g_should_pass_count = 0;
+  g_death_test_count = 0;
+#if GTEST_HAS_PARAM_TEST
+  g_param_test_count = 0;
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+// Checks that the count for each test is expected.
+void CheckCounts(int expected) {
+  GTEST_CHECK_INT_EQ_(expected, g_environment_set_up_count);
+  GTEST_CHECK_INT_EQ_(expected, g_environment_tear_down_count);
+  GTEST_CHECK_INT_EQ_(expected, g_should_fail_count);
+  GTEST_CHECK_INT_EQ_(expected, g_should_pass_count);
+  GTEST_CHECK_INT_EQ_(expected, g_death_test_count);
+#if GTEST_HAS_PARAM_TEST
+  GTEST_CHECK_INT_EQ_(expected * kNumberOfParamTests, g_param_test_count);
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+// Tests the behavior of Google Test when --gtest_repeat is not specified.
+void TestRepeatUnspecified() {
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(1, RUN_ALL_TESTS());
+  CheckCounts(1);
+}
+
+// Tests the behavior of Google Test when --gtest_repeat has the given value.
+void TestRepeat(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(repeat > 0 ? 1 : 0, RUN_ALL_TESTS());
+  CheckCounts(repeat);
+}
+
+// Tests using --gtest_repeat when --gtest_filter specifies an empty
+// set of tests.
+void TestRepeatWithEmptyFilter(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+  GTEST_FLAG(filter) = "None";
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(0, RUN_ALL_TESTS());
+  CheckCounts(0);
+}
+
+// Tests using --gtest_repeat when --gtest_filter specifies a set of
+// successful tests.
+void TestRepeatWithFilterForSuccessfulTests(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+  GTEST_FLAG(filter) = "*-*ShouldFail";
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(0, RUN_ALL_TESTS());
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_set_up_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_tear_down_count);
+  GTEST_CHECK_INT_EQ_(0, g_should_fail_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_should_pass_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_death_test_count);
+#if GTEST_HAS_PARAM_TEST
+  GTEST_CHECK_INT_EQ_(repeat * kNumberOfParamTests, g_param_test_count);
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+// Tests using --gtest_repeat when --gtest_filter specifies a set of
+// failed tests.
+void TestRepeatWithFilterForFailedTests(int repeat) {
+  GTEST_FLAG(repeat) = repeat;
+  GTEST_FLAG(filter) = "*ShouldFail";
+
+  ResetCounts();
+  GTEST_CHECK_INT_EQ_(1, RUN_ALL_TESTS());
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_set_up_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_environment_tear_down_count);
+  GTEST_CHECK_INT_EQ_(repeat, g_should_fail_count);
+  GTEST_CHECK_INT_EQ_(0, g_should_pass_count);
+  GTEST_CHECK_INT_EQ_(0, g_death_test_count);
+#if GTEST_HAS_PARAM_TEST
+  GTEST_CHECK_INT_EQ_(0, g_param_test_count);
+#endif  // GTEST_HAS_PARAM_TEST
+}
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+  testing::AddGlobalTestEnvironment(new MyEnvironment);
+
+  TestRepeatUnspecified();
+  TestRepeat(0);
+  TestRepeat(1);
+  TestRepeat(5);
+
+  TestRepeatWithEmptyFilter(2);
+  TestRepeatWithEmptyFilter(3);
+
+  TestRepeatWithFilterForSuccessfulTests(3);
+
+  TestRepeatWithFilterForFailedTests(4);
+
+  // It would be nice to verify that the tests indeed loop forever
+  // when GTEST_FLAG(repeat) is negative, but this test will be quite
+  // complicated to write.  Since this flag is for interactive
+  // debugging only and doesn't affect the normal test result, such a
+  // test would be an overkill.
+
+  printf("PASS\n");
+  return 0;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_shuffle_test.py b/nss/gtests/google_test/gtest/test/gtest_shuffle_test.py
new file mode 100755
index 0000000..30d0303
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_shuffle_test.py
@@ -0,0 +1,325 @@
+#!/usr/bin/env python
+#
+# Copyright 2009 Google Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that test shuffling works."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+# Command to run the gtest_shuffle_test_ program.
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_shuffle_test_')
+
+# The environment variables for test sharding.
+TOTAL_SHARDS_ENV_VAR = 'GTEST_TOTAL_SHARDS'
+SHARD_INDEX_ENV_VAR = 'GTEST_SHARD_INDEX'
+
+TEST_FILTER = 'A*.A:A*.B:C*'
+
+ALL_TESTS = []
+ACTIVE_TESTS = []
+FILTERED_TESTS = []
+SHARDED_TESTS = []
+
+SHUFFLED_ALL_TESTS = []
+SHUFFLED_ACTIVE_TESTS = []
+SHUFFLED_FILTERED_TESTS = []
+SHUFFLED_SHARDED_TESTS = []
+
+
+def AlsoRunDisabledTestsFlag():
+  return '--gtest_also_run_disabled_tests'
+
+
+def FilterFlag(test_filter):
+  return '--gtest_filter=%s' % (test_filter,)
+
+
+def RepeatFlag(n):
+  return '--gtest_repeat=%s' % (n,)
+
+
+def ShuffleFlag():
+  return '--gtest_shuffle'
+
+
+def RandomSeedFlag(n):
+  return '--gtest_random_seed=%s' % (n,)
+
+
+def RunAndReturnOutput(extra_env, args):
+  """Runs the test program and returns its output."""
+
+  environ_copy = os.environ.copy()
+  environ_copy.update(extra_env)
+
+  return gtest_test_utils.Subprocess([COMMAND] + args, env=environ_copy).output
+
+
+def GetTestsForAllIterations(extra_env, args):
+  """Runs the test program and returns a list of test lists.
+
+  Args:
+    extra_env: a map from environment variables to their values
+    args: command line flags to pass to gtest_shuffle_test_
+
+  Returns:
+    A list where the i-th element is the list of tests run in the i-th
+    test iteration.
+  """
+
+  test_iterations = []
+  for line in RunAndReturnOutput(extra_env, args).split('\n'):
+    if line.startswith('----'):
+      tests = []
+      test_iterations.append(tests)
+    elif line.strip():
+      tests.append(line.strip())  # 'TestCaseName.TestName'
+
+  return test_iterations
+
+
+def GetTestCases(tests):
+  """Returns a list of test cases in the given full test names.
+
+  Args:
+    tests: a list of full test names
+
+  Returns:
+    A list of test cases from 'tests', in their original order.
+    Consecutive duplicates are removed.
+  """
+
+  test_cases = []
+  for test in tests:
+    test_case = test.split('.')[0]
+    if not test_case in test_cases:
+      test_cases.append(test_case)
+
+  return test_cases
+
+
+def CalculateTestLists():
+  """Calculates the list of tests run under different flags."""
+
+  if not ALL_TESTS:
+    ALL_TESTS.extend(
+        GetTestsForAllIterations({}, [AlsoRunDisabledTestsFlag()])[0])
+
+  if not ACTIVE_TESTS:
+    ACTIVE_TESTS.extend(GetTestsForAllIterations({}, [])[0])
+
+  if not FILTERED_TESTS:
+    FILTERED_TESTS.extend(
+        GetTestsForAllIterations({}, [FilterFlag(TEST_FILTER)])[0])
+
+  if not SHARDED_TESTS:
+    SHARDED_TESTS.extend(
+        GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                  SHARD_INDEX_ENV_VAR: '1'},
+                                 [])[0])
+
+  if not SHUFFLED_ALL_TESTS:
+    SHUFFLED_ALL_TESTS.extend(GetTestsForAllIterations(
+        {}, [AlsoRunDisabledTestsFlag(), ShuffleFlag(), RandomSeedFlag(1)])[0])
+
+  if not SHUFFLED_ACTIVE_TESTS:
+    SHUFFLED_ACTIVE_TESTS.extend(GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(1)])[0])
+
+  if not SHUFFLED_FILTERED_TESTS:
+    SHUFFLED_FILTERED_TESTS.extend(GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(1), FilterFlag(TEST_FILTER)])[0])
+
+  if not SHUFFLED_SHARDED_TESTS:
+    SHUFFLED_SHARDED_TESTS.extend(
+        GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                  SHARD_INDEX_ENV_VAR: '1'},
+                                 [ShuffleFlag(), RandomSeedFlag(1)])[0])
+
+
+class GTestShuffleUnitTest(gtest_test_utils.TestCase):
+  """Tests test shuffling."""
+
+  def setUp(self):
+    CalculateTestLists()
+
+  def testShufflePreservesNumberOfTests(self):
+    self.assertEqual(len(ALL_TESTS), len(SHUFFLED_ALL_TESTS))
+    self.assertEqual(len(ACTIVE_TESTS), len(SHUFFLED_ACTIVE_TESTS))
+    self.assertEqual(len(FILTERED_TESTS), len(SHUFFLED_FILTERED_TESTS))
+    self.assertEqual(len(SHARDED_TESTS), len(SHUFFLED_SHARDED_TESTS))
+
+  def testShuffleChangesTestOrder(self):
+    self.assert_(SHUFFLED_ALL_TESTS != ALL_TESTS, SHUFFLED_ALL_TESTS)
+    self.assert_(SHUFFLED_ACTIVE_TESTS != ACTIVE_TESTS, SHUFFLED_ACTIVE_TESTS)
+    self.assert_(SHUFFLED_FILTERED_TESTS != FILTERED_TESTS,
+                 SHUFFLED_FILTERED_TESTS)
+    self.assert_(SHUFFLED_SHARDED_TESTS != SHARDED_TESTS,
+                 SHUFFLED_SHARDED_TESTS)
+
+  def testShuffleChangesTestCaseOrder(self):
+    self.assert_(GetTestCases(SHUFFLED_ALL_TESTS) != GetTestCases(ALL_TESTS),
+                 GetTestCases(SHUFFLED_ALL_TESTS))
+    self.assert_(
+        GetTestCases(SHUFFLED_ACTIVE_TESTS) != GetTestCases(ACTIVE_TESTS),
+        GetTestCases(SHUFFLED_ACTIVE_TESTS))
+    self.assert_(
+        GetTestCases(SHUFFLED_FILTERED_TESTS) != GetTestCases(FILTERED_TESTS),
+        GetTestCases(SHUFFLED_FILTERED_TESTS))
+    self.assert_(
+        GetTestCases(SHUFFLED_SHARDED_TESTS) != GetTestCases(SHARDED_TESTS),
+        GetTestCases(SHUFFLED_SHARDED_TESTS))
+
+  def testShuffleDoesNotRepeatTest(self):
+    for test in SHUFFLED_ALL_TESTS:
+      self.assertEqual(1, SHUFFLED_ALL_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+    for test in SHUFFLED_ACTIVE_TESTS:
+      self.assertEqual(1, SHUFFLED_ACTIVE_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+    for test in SHUFFLED_FILTERED_TESTS:
+      self.assertEqual(1, SHUFFLED_FILTERED_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+    for test in SHUFFLED_SHARDED_TESTS:
+      self.assertEqual(1, SHUFFLED_SHARDED_TESTS.count(test),
+                       '%s appears more than once' % (test,))
+
+  def testShuffleDoesNotCreateNewTest(self):
+    for test in SHUFFLED_ALL_TESTS:
+      self.assert_(test in ALL_TESTS, '%s is an invalid test' % (test,))
+    for test in SHUFFLED_ACTIVE_TESTS:
+      self.assert_(test in ACTIVE_TESTS, '%s is an invalid test' % (test,))
+    for test in SHUFFLED_FILTERED_TESTS:
+      self.assert_(test in FILTERED_TESTS, '%s is an invalid test' % (test,))
+    for test in SHUFFLED_SHARDED_TESTS:
+      self.assert_(test in SHARDED_TESTS, '%s is an invalid test' % (test,))
+
+  def testShuffleIncludesAllTests(self):
+    for test in ALL_TESTS:
+      self.assert_(test in SHUFFLED_ALL_TESTS, '%s is missing' % (test,))
+    for test in ACTIVE_TESTS:
+      self.assert_(test in SHUFFLED_ACTIVE_TESTS, '%s is missing' % (test,))
+    for test in FILTERED_TESTS:
+      self.assert_(test in SHUFFLED_FILTERED_TESTS, '%s is missing' % (test,))
+    for test in SHARDED_TESTS:
+      self.assert_(test in SHUFFLED_SHARDED_TESTS, '%s is missing' % (test,))
+
+  def testShuffleLeavesDeathTestsAtFront(self):
+    non_death_test_found = False
+    for test in SHUFFLED_ACTIVE_TESTS:
+      if 'DeathTest.' in test:
+        self.assert_(not non_death_test_found,
+                     '%s appears after a non-death test' % (test,))
+      else:
+        non_death_test_found = True
+
+  def _VerifyTestCasesDoNotInterleave(self, tests):
+    test_cases = []
+    for test in tests:
+      [test_case, _] = test.split('.')
+      if test_cases and test_cases[-1] != test_case:
+        test_cases.append(test_case)
+        self.assertEqual(1, test_cases.count(test_case),
+                         'Test case %s is not grouped together in %s' %
+                         (test_case, tests))
+
+  def testShuffleDoesNotInterleaveTestCases(self):
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_ALL_TESTS)
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_ACTIVE_TESTS)
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_FILTERED_TESTS)
+    self._VerifyTestCasesDoNotInterleave(SHUFFLED_SHARDED_TESTS)
+
+  def testShuffleRestoresOrderAfterEachIteration(self):
+    # Get the test lists in all 3 iterations, using random seed 1, 2,
+    # and 3 respectively.  Google Test picks a different seed in each
+    # iteration, and this test depends on the current implementation
+    # picking successive numbers.  This dependency is not ideal, but
+    # makes the test much easier to write.
+    [tests_in_iteration1, tests_in_iteration2, tests_in_iteration3] = (
+        GetTestsForAllIterations(
+            {}, [ShuffleFlag(), RandomSeedFlag(1), RepeatFlag(3)]))
+
+    # Make sure running the tests with random seed 1 gets the same
+    # order as in iteration 1 above.
+    [tests_with_seed1] = GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(1)])
+    self.assertEqual(tests_in_iteration1, tests_with_seed1)
+
+    # Make sure running the tests with random seed 2 gets the same
+    # order as in iteration 2 above.  Success means that Google Test
+    # correctly restores the test order before re-shuffling at the
+    # beginning of iteration 2.
+    [tests_with_seed2] = GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(2)])
+    self.assertEqual(tests_in_iteration2, tests_with_seed2)
+
+    # Make sure running the tests with random seed 3 gets the same
+    # order as in iteration 3 above.  Success means that Google Test
+    # correctly restores the test order before re-shuffling at the
+    # beginning of iteration 3.
+    [tests_with_seed3] = GetTestsForAllIterations(
+        {}, [ShuffleFlag(), RandomSeedFlag(3)])
+    self.assertEqual(tests_in_iteration3, tests_with_seed3)
+
+  def testShuffleGeneratesNewOrderInEachIteration(self):
+    [tests_in_iteration1, tests_in_iteration2, tests_in_iteration3] = (
+        GetTestsForAllIterations(
+            {}, [ShuffleFlag(), RandomSeedFlag(1), RepeatFlag(3)]))
+
+    self.assert_(tests_in_iteration1 != tests_in_iteration2,
+                 tests_in_iteration1)
+    self.assert_(tests_in_iteration1 != tests_in_iteration3,
+                 tests_in_iteration1)
+    self.assert_(tests_in_iteration2 != tests_in_iteration3,
+                 tests_in_iteration2)
+
+  def testShuffleShardedTestsPreservesPartition(self):
+    # If we run M tests on N shards, the same M tests should be run in
+    # total, regardless of the random seeds used by the shards.
+    [tests1] = GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                         SHARD_INDEX_ENV_VAR: '0'},
+                                        [ShuffleFlag(), RandomSeedFlag(1)])
+    [tests2] = GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                         SHARD_INDEX_ENV_VAR: '1'},
+                                        [ShuffleFlag(), RandomSeedFlag(20)])
+    [tests3] = GetTestsForAllIterations({TOTAL_SHARDS_ENV_VAR: '3',
+                                         SHARD_INDEX_ENV_VAR: '2'},
+                                        [ShuffleFlag(), RandomSeedFlag(25)])
+    sorted_sharded_tests = tests1 + tests2 + tests3
+    sorted_sharded_tests.sort()
+    sorted_active_tests = []
+    sorted_active_tests.extend(ACTIVE_TESTS)
+    sorted_active_tests.sort()
+    self.assertEqual(sorted_active_tests, sorted_sharded_tests)
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_shuffle_test_.cc b/nss/gtests/google_test/gtest/test/gtest_shuffle_test_.cc
new file mode 100644
index 0000000..6fb441b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_shuffle_test_.cc
@@ -0,0 +1,103 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Verifies that test shuffling works.
+
+#include "gtest/gtest.h"
+
+namespace {
+
+using ::testing::EmptyTestEventListener;
+using ::testing::InitGoogleTest;
+using ::testing::Message;
+using ::testing::Test;
+using ::testing::TestEventListeners;
+using ::testing::TestInfo;
+using ::testing::UnitTest;
+using ::testing::internal::scoped_ptr;
+
+// The test methods are empty, as the sole purpose of this program is
+// to print the test names before/after shuffling.
+
+class A : public Test {};
+TEST_F(A, A) {}
+TEST_F(A, B) {}
+
+TEST(ADeathTest, A) {}
+TEST(ADeathTest, B) {}
+TEST(ADeathTest, C) {}
+
+TEST(B, A) {}
+TEST(B, B) {}
+TEST(B, C) {}
+TEST(B, DISABLED_D) {}
+TEST(B, DISABLED_E) {}
+
+TEST(BDeathTest, A) {}
+TEST(BDeathTest, B) {}
+
+TEST(C, A) {}
+TEST(C, B) {}
+TEST(C, C) {}
+TEST(C, DISABLED_D) {}
+
+TEST(CDeathTest, A) {}
+
+TEST(DISABLED_D, A) {}
+TEST(DISABLED_D, DISABLED_B) {}
+
+// This printer prints the full test names only, starting each test
+// iteration with a "----" marker.
+class TestNamePrinter : public EmptyTestEventListener {
+ public:
+  virtual void OnTestIterationStart(const UnitTest& /* unit_test */,
+                                    int /* iteration */) {
+    printf("----\n");
+  }
+
+  virtual void OnTestStart(const TestInfo& test_info) {
+    printf("%s.%s\n", test_info.test_case_name(), test_info.name());
+  }
+};
+
+}  // namespace
+
+int main(int argc, char **argv) {
+  InitGoogleTest(&argc, argv);
+
+  // Replaces the default printer with TestNamePrinter, which prints
+  // the test name only.
+  TestEventListeners& listeners = UnitTest::GetInstance()->listeners();
+  delete listeners.Release(listeners.default_result_printer());
+  listeners.Append(new TestNamePrinter);
+
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_sole_header_test.cc b/nss/gtests/google_test/gtest/test/gtest_sole_header_test.cc
new file mode 100644
index 0000000..ccd091a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_sole_header_test.cc
@@ -0,0 +1,57 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: mheule@google.com (Markus Heule)
+//
+// This test verifies that it's possible to use Google Test by including
+// the gtest.h header file alone.
+
+#include "gtest/gtest.h"
+
+namespace {
+
+void Subroutine() {
+  EXPECT_EQ(42, 42);
+}
+
+TEST(NoFatalFailureTest, ExpectNoFatalFailure) {
+  EXPECT_NO_FATAL_FAILURE(;);
+  EXPECT_NO_FATAL_FAILURE(SUCCEED());
+  EXPECT_NO_FATAL_FAILURE(Subroutine());
+  EXPECT_NO_FATAL_FAILURE({ SUCCEED(); });
+}
+
+TEST(NoFatalFailureTest, AssertNoFatalFailure) {
+  ASSERT_NO_FATAL_FAILURE(;);
+  ASSERT_NO_FATAL_FAILURE(SUCCEED());
+  ASSERT_NO_FATAL_FAILURE(Subroutine());
+  ASSERT_NO_FATAL_FAILURE({ SUCCEED(); });
+}
+
+}  // namespace
diff --git a/nss/gtests/google_test/gtest/test/gtest_stress_test.cc b/nss/gtests/google_test/gtest/test/gtest_stress_test.cc
new file mode 100644
index 0000000..e7daa43
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_stress_test.cc
@@ -0,0 +1,256 @@
+// Copyright 2007, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests that SCOPED_TRACE() and various Google Test assertions can be
+// used in a large number of threads concurrently.
+
+#include "gtest/gtest.h"
+
+#include <iostream>
+#include <vector>
+
+// We must define this macro in order to #include
+// gtest-internal-inl.h.  This is how Google Test prevents a user from
+// accidentally depending on its internal implementation.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+#if GTEST_IS_THREADSAFE
+
+namespace testing {
+namespace {
+
+using internal::Notification;
+using internal::TestPropertyKeyIs;
+using internal::ThreadWithParam;
+using internal::scoped_ptr;
+
+// In order to run tests in this file, for platforms where Google Test is
+// thread safe, implement ThreadWithParam. See the description of its API
+// in gtest-port.h, where it is defined for already supported platforms.
+
+// How many threads to create?
+const int kThreadCount = 50;
+
+std::string IdToKey(int id, const char* suffix) {
+  Message key;
+  key << "key_" << id << "_" << suffix;
+  return key.GetString();
+}
+
+std::string IdToString(int id) {
+  Message id_message;
+  id_message << id;
+  return id_message.GetString();
+}
+
+void ExpectKeyAndValueWereRecordedForId(
+    const std::vector<TestProperty>& properties,
+    int id, const char* suffix) {
+  TestPropertyKeyIs matches_key(IdToKey(id, suffix).c_str());
+  const std::vector<TestProperty>::const_iterator property =
+      std::find_if(properties.begin(), properties.end(), matches_key);
+  ASSERT_TRUE(property != properties.end())
+      << "expecting " << suffix << " value for id " << id;
+  EXPECT_STREQ(IdToString(id).c_str(), property->value());
+}
+
+// Calls a large number of Google Test assertions, where exactly one of them
+// will fail.
+void ManyAsserts(int id) {
+  GTEST_LOG_(INFO) << "Thread #" << id << " running...";
+
+  SCOPED_TRACE(Message() << "Thread #" << id);
+
+  for (int i = 0; i < kThreadCount; i++) {
+    SCOPED_TRACE(Message() << "Iteration #" << i);
+
+    // A bunch of assertions that should succeed.
+    EXPECT_TRUE(true);
+    ASSERT_FALSE(false) << "This shouldn't fail.";
+    EXPECT_STREQ("a", "a");
+    ASSERT_LE(5, 6);
+    EXPECT_EQ(i, i) << "This shouldn't fail.";
+
+    // RecordProperty() should interact safely with other threads as well.
+    // The shared_key forces property updates.
+    Test::RecordProperty(IdToKey(id, "string").c_str(), IdToString(id).c_str());
+    Test::RecordProperty(IdToKey(id, "int").c_str(), id);
+    Test::RecordProperty("shared_key", IdToString(id).c_str());
+
+    // This assertion should fail kThreadCount times per thread.  It
+    // is for testing whether Google Test can handle failed assertions in a
+    // multi-threaded context.
+    EXPECT_LT(i, 0) << "This should always fail.";
+  }
+}
+
+void CheckTestFailureCount(int expected_failures) {
+  const TestInfo* const info = UnitTest::GetInstance()->current_test_info();
+  const TestResult* const result = info->result();
+  GTEST_CHECK_(expected_failures == result->total_part_count())
+      << "Logged " << result->total_part_count() << " failures "
+      << " vs. " << expected_failures << " expected";
+}
+
+// Tests using SCOPED_TRACE() and Google Test assertions in many threads
+// concurrently.
+TEST(StressTest, CanUseScopedTraceAndAssertionsInManyThreads) {
+  {
+    scoped_ptr<ThreadWithParam<int> > threads[kThreadCount];
+    Notification threads_can_start;
+    for (int i = 0; i != kThreadCount; i++)
+      threads[i].reset(new ThreadWithParam<int>(&ManyAsserts,
+                                                i,
+                                                &threads_can_start));
+
+    threads_can_start.Notify();
+
+    // Blocks until all the threads are done.
+    for (int i = 0; i != kThreadCount; i++)
+      threads[i]->Join();
+  }
+
+  // Ensures that kThreadCount*kThreadCount failures have been reported.
+  const TestInfo* const info = UnitTest::GetInstance()->current_test_info();
+  const TestResult* const result = info->result();
+
+  std::vector<TestProperty> properties;
+  // We have no access to the TestResult's list of properties but we can
+  // copy them one by one.
+  for (int i = 0; i < result->test_property_count(); ++i)
+    properties.push_back(result->GetTestProperty(i));
+
+  EXPECT_EQ(kThreadCount * 2 + 1, result->test_property_count())
+      << "String and int values recorded on each thread, "
+      << "as well as one shared_key";
+  for (int i = 0; i < kThreadCount; ++i) {
+    ExpectKeyAndValueWereRecordedForId(properties, i, "string");
+    ExpectKeyAndValueWereRecordedForId(properties, i, "int");
+  }
+  CheckTestFailureCount(kThreadCount*kThreadCount);
+}
+
+void FailingThread(bool is_fatal) {
+  if (is_fatal)
+    FAIL() << "Fatal failure in some other thread. "
+           << "(This failure is expected.)";
+  else
+    ADD_FAILURE() << "Non-fatal failure in some other thread. "
+                  << "(This failure is expected.)";
+}
+
+void GenerateFatalFailureInAnotherThread(bool is_fatal) {
+  ThreadWithParam<bool> thread(&FailingThread, is_fatal, NULL);
+  thread.Join();
+}
+
+TEST(NoFatalFailureTest, ExpectNoFatalFailureIgnoresFailuresInOtherThreads) {
+  EXPECT_NO_FATAL_FAILURE(GenerateFatalFailureInAnotherThread(true));
+  // We should only have one failure (the one from
+  // GenerateFatalFailureInAnotherThread()), since the EXPECT_NO_FATAL_FAILURE
+  // should succeed.
+  CheckTestFailureCount(1);
+}
+
+void AssertNoFatalFailureIgnoresFailuresInOtherThreads() {
+  ASSERT_NO_FATAL_FAILURE(GenerateFatalFailureInAnotherThread(true));
+}
+TEST(NoFatalFailureTest, AssertNoFatalFailureIgnoresFailuresInOtherThreads) {
+  // Using a subroutine, to make sure, that the test continues.
+  AssertNoFatalFailureIgnoresFailuresInOtherThreads();
+  // We should only have one failure (the one from
+  // GenerateFatalFailureInAnotherThread()), since the EXPECT_NO_FATAL_FAILURE
+  // should succeed.
+  CheckTestFailureCount(1);
+}
+
+TEST(FatalFailureTest, ExpectFatalFailureIgnoresFailuresInOtherThreads) {
+  // This statement should fail, since the current thread doesn't generate a
+  // fatal failure, only another one does.
+  EXPECT_FATAL_FAILURE(GenerateFatalFailureInAnotherThread(true), "expected");
+  CheckTestFailureCount(2);
+}
+
+TEST(FatalFailureOnAllThreadsTest, ExpectFatalFailureOnAllThreads) {
+  // This statement should succeed, because failures in all threads are
+  // considered.
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(
+      GenerateFatalFailureInAnotherThread(true), "expected");
+  CheckTestFailureCount(0);
+  // We need to add a failure, because main() checks that there are failures.
+  // But when only this test is run, we shouldn't have any failures.
+  ADD_FAILURE() << "This is an expected non-fatal failure.";
+}
+
+TEST(NonFatalFailureTest, ExpectNonFatalFailureIgnoresFailuresInOtherThreads) {
+  // This statement should fail, since the current thread doesn't generate a
+  // fatal failure, only another one does.
+  EXPECT_NONFATAL_FAILURE(GenerateFatalFailureInAnotherThread(false),
+                          "expected");
+  CheckTestFailureCount(2);
+}
+
+TEST(NonFatalFailureOnAllThreadsTest, ExpectNonFatalFailureOnAllThreads) {
+  // This statement should succeed, because failures in all threads are
+  // considered.
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(
+      GenerateFatalFailureInAnotherThread(false), "expected");
+  CheckTestFailureCount(0);
+  // We need to add a failure, because main() checks that there are failures,
+  // But when only this test is run, we shouldn't have any failures.
+  ADD_FAILURE() << "This is an expected non-fatal failure.";
+}
+
+}  // namespace
+}  // namespace testing
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  const int result = RUN_ALL_TESTS();  // Expected to fail.
+  GTEST_CHECK_(result == 1) << "RUN_ALL_TESTS() did not fail as expected";
+
+  printf("\nPASS\n");
+  return 0;
+}
+
+#else
+TEST(StressTest,
+     DISABLED_ThreadSafetyTestsAreSkippedWhenGoogleTestIsNotThreadSafe) {
+}
+
+int main(int argc, char **argv) {
+  testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
+#endif  // GTEST_IS_THREADSAFE
diff --git a/nss/gtests/google_test/gtest/test/gtest_test_utils.py b/nss/gtests/google_test/gtest/test/gtest_test_utils.py
new file mode 100755
index 0000000..7e3cbca
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_test_utils.py
@@ -0,0 +1,320 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test utilities for Google C++ Testing Framework."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import atexit
+import os
+import shutil
+import sys
+import tempfile
+import unittest
+_test_module = unittest
+
+# Suppresses the 'Import not at the top of the file' lint complaint.
+# pylint: disable-msg=C6204
+try:
+  import subprocess
+  _SUBPROCESS_MODULE_AVAILABLE = True
+except:
+  import popen2
+  _SUBPROCESS_MODULE_AVAILABLE = False
+# pylint: enable-msg=C6204
+
+GTEST_OUTPUT_VAR_NAME = 'GTEST_OUTPUT'
+
+IS_WINDOWS = os.name == 'nt'
+IS_CYGWIN = os.name == 'posix' and 'CYGWIN' in os.uname()[0]
+
+# The environment variable for specifying the path to the premature-exit file.
+PREMATURE_EXIT_FILE_ENV_VAR = 'TEST_PREMATURE_EXIT_FILE'
+
+environ = os.environ.copy()
+
+
+def SetEnvVar(env_var, value):
+  """Sets/unsets an environment variable to a given value."""
+
+  if value is not None:
+    environ[env_var] = value
+  elif env_var in environ:
+    del environ[env_var]
+
+
+# Here we expose a class from a particular module, depending on the
+# environment. The comment suppresses the 'Invalid variable name' lint
+# complaint.
+TestCase = _test_module.TestCase  # pylint: disable-msg=C6409
+
+# Initially maps a flag to its default value. After
+# _ParseAndStripGTestFlags() is called, maps a flag to its actual value.
+_flag_map = {'source_dir': os.path.dirname(sys.argv[0]),
+             'build_dir': os.path.dirname(sys.argv[0])}
+_gtest_flags_are_parsed = False
+
+
+def _ParseAndStripGTestFlags(argv):
+  """Parses and strips Google Test flags from argv.  This is idempotent."""
+
+  # Suppresses the lint complaint about a global variable since we need it
+  # here to maintain module-wide state.
+  global _gtest_flags_are_parsed  # pylint: disable-msg=W0603
+  if _gtest_flags_are_parsed:
+    return
+
+  _gtest_flags_are_parsed = True
+  for flag in _flag_map:
+    # The environment variable overrides the default value.
+    if flag.upper() in os.environ:
+      _flag_map[flag] = os.environ[flag.upper()]
+
+    # The command line flag overrides the environment variable.
+    i = 1  # Skips the program name.
+    while i < len(argv):
+      prefix = '--' + flag + '='
+      if argv[i].startswith(prefix):
+        _flag_map[flag] = argv[i][len(prefix):]
+        del argv[i]
+        break
+      else:
+        # We don't increment i in case we just found a --gtest_* flag
+        # and removed it from argv.
+        i += 1
+
+
+def GetFlag(flag):
+  """Returns the value of the given flag."""
+
+  # In case GetFlag() is called before Main(), we always call
+  # _ParseAndStripGTestFlags() here to make sure the --gtest_* flags
+  # are parsed.
+  _ParseAndStripGTestFlags(sys.argv)
+
+  return _flag_map[flag]
+
+
+def GetSourceDir():
+  """Returns the absolute path of the directory where the .py files are."""
+
+  return os.path.abspath(GetFlag('source_dir'))
+
+
+def GetBuildDir():
+  """Returns the absolute path of the directory where the test binaries are."""
+
+  return os.path.abspath(GetFlag('build_dir'))
+
+
+_temp_dir = None
+
+def _RemoveTempDir():
+  if _temp_dir:
+    shutil.rmtree(_temp_dir, ignore_errors=True)
+
+atexit.register(_RemoveTempDir)
+
+
+def GetTempDir():
+  """Returns a directory for temporary files."""
+
+  global _temp_dir
+  if not _temp_dir:
+    _temp_dir = tempfile.mkdtemp()
+  return _temp_dir
+
+
+def GetTestExecutablePath(executable_name, build_dir=None):
+  """Returns the absolute path of the test binary given its name.
+
+  The function will print a message and abort the program if the resulting file
+  doesn't exist.
+
+  Args:
+    executable_name: name of the test binary that the test script runs.
+    build_dir:       directory where to look for executables, by default
+                     the result of GetBuildDir().
+
+  Returns:
+    The absolute path of the test binary.
+  """
+
+  path = os.path.abspath(os.path.join(build_dir or GetBuildDir(),
+                                      executable_name))
+  if (IS_WINDOWS or IS_CYGWIN) and not path.endswith('.exe'):
+    path += '.exe'
+
+  if not os.path.exists(path):
+    message = (
+        'Unable to find the test binary "%s". Please make sure to provide\n'
+        'a path to the binary via the --build_dir flag or the BUILD_DIR\n'
+        'environment variable.' % path)
+    print >> sys.stderr, message
+    sys.exit(1)
+
+  return path
+
+
+def GetExitStatus(exit_code):
+  """Returns the argument to exit(), or -1 if exit() wasn't called.
+
+  Args:
+    exit_code: the result value of os.system(command).
+  """
+
+  if os.name == 'nt':
+    # On Windows, os.WEXITSTATUS() doesn't work and os.system() returns
+    # the argument to exit() directly.
+    return exit_code
+  else:
+    # On Unix, os.WEXITSTATUS() must be used to extract the exit status
+    # from the result of os.system().
+    if os.WIFEXITED(exit_code):
+      return os.WEXITSTATUS(exit_code)
+    else:
+      return -1
+
+
+class Subprocess:
+  def __init__(self, command, working_dir=None, capture_stderr=True, env=None):
+    """Changes into a specified directory, if provided, and executes a command.
+
+    Restores the old directory afterwards.
+
+    Args:
+      command:        The command to run, in the form of sys.argv.
+      working_dir:    The directory to change into.
+      capture_stderr: Determines whether to capture stderr in the output member
+                      or to discard it.
+      env:            Dictionary with environment to pass to the subprocess.
+
+    Returns:
+      An object that represents outcome of the executed process. It has the
+      following attributes:
+        terminated_by_signal   True iff the child process has been terminated
+                               by a signal.
+        signal                 Sygnal that terminated the child process.
+        exited                 True iff the child process exited normally.
+        exit_code              The code with which the child process exited.
+        output                 Child process's stdout and stderr output
+                               combined in a string.
+    """
+
+    # The subprocess module is the preferrable way of running programs
+    # since it is available and behaves consistently on all platforms,
+    # including Windows. But it is only available starting in python 2.4.
+    # In earlier python versions, we revert to the popen2 module, which is
+    # available in python 2.0 and later but doesn't provide required
+    # functionality (Popen4) under Windows. This allows us to support Mac
+    # OS X 10.4 Tiger, which has python 2.3 installed.
+    if _SUBPROCESS_MODULE_AVAILABLE:
+      if capture_stderr:
+        stderr = subprocess.STDOUT
+      else:
+        stderr = subprocess.PIPE
+
+      p = subprocess.Popen(command,
+                           stdout=subprocess.PIPE, stderr=stderr,
+                           cwd=working_dir, universal_newlines=True, env=env)
+      # communicate returns a tuple with the file obect for the child's
+      # output.
+      self.output = p.communicate()[0]
+      self._return_code = p.returncode
+    else:
+      old_dir = os.getcwd()
+
+      def _ReplaceEnvDict(dest, src):
+        # Changes made by os.environ.clear are not inheritable by child
+        # processes until Python 2.6. To produce inheritable changes we have
+        # to delete environment items with the del statement.
+        for key in dest.keys():
+          del dest[key]
+        dest.update(src)
+
+      # When 'env' is not None, backup the environment variables and replace
+      # them with the passed 'env'. When 'env' is None, we simply use the
+      # current 'os.environ' for compatibility with the subprocess.Popen
+      # semantics used above.
+      if env is not None:
+        old_environ = os.environ.copy()
+        _ReplaceEnvDict(os.environ, env)
+
+      try:
+        if working_dir is not None:
+          os.chdir(working_dir)
+        if capture_stderr:
+          p = popen2.Popen4(command)
+        else:
+          p = popen2.Popen3(command)
+        p.tochild.close()
+        self.output = p.fromchild.read()
+        ret_code = p.wait()
+      finally:
+        os.chdir(old_dir)
+
+        # Restore the old environment variables
+        # if they were replaced.
+        if env is not None:
+          _ReplaceEnvDict(os.environ, old_environ)
+
+      # Converts ret_code to match the semantics of
+      # subprocess.Popen.returncode.
+      if os.WIFSIGNALED(ret_code):
+        self._return_code = -os.WTERMSIG(ret_code)
+      else:  # os.WIFEXITED(ret_code) should return True here.
+        self._return_code = os.WEXITSTATUS(ret_code)
+
+    if self._return_code < 0:
+      self.terminated_by_signal = True
+      self.exited = False
+      self.signal = -self._return_code
+    else:
+      self.terminated_by_signal = False
+      self.exited = True
+      self.exit_code = self._return_code
+
+
+def Main():
+  """Runs the unit test."""
+
+  # We must call _ParseAndStripGTestFlags() before calling
+  # unittest.main().  Otherwise the latter will be confused by the
+  # --gtest_* flags.
+  _ParseAndStripGTestFlags(sys.argv)
+  # The tested binaries should not be writing XML output files unless the
+  # script explicitly instructs them to.
+  # TODO(vladl@google.com): Move this into Subprocess when we implement
+  # passing environment into it as a parameter.
+  if GTEST_OUTPUT_VAR_NAME in os.environ:
+    del os.environ[GTEST_OUTPUT_VAR_NAME]
+
+  _test_module.main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc b/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
new file mode 100644
index 0000000..8d46c76
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_ex_test.cc
@@ -0,0 +1,92 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests Google Test's throw-on-failure mode with exceptions enabled.
+
+#include "gtest/gtest.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdexcept>
+
+// Prints the given failure message and exits the program with
+// non-zero.  We use this instead of a Google Test assertion to
+// indicate a failure, as the latter is been tested and cannot be
+// relied on.
+void Fail(const char* msg) {
+  printf("FAILURE: %s\n", msg);
+  fflush(stdout);
+  exit(1);
+}
+
+// Tests that an assertion failure throws a subclass of
+// std::runtime_error.
+void TestFailureThrowsRuntimeError() {
+  testing::GTEST_FLAG(throw_on_failure) = true;
+
+  // A successful assertion shouldn't throw.
+  try {
+    EXPECT_EQ(3, 3);
+  } catch(...) {
+    Fail("A successful assertion wrongfully threw.");
+  }
+
+  // A failed assertion should throw a subclass of std::runtime_error.
+  try {
+    EXPECT_EQ(2, 3) << "Expected failure";
+  } catch(const std::runtime_error& e) {
+    if (strstr(e.what(), "Expected failure") != NULL)
+      return;
+
+    printf("%s",
+           "A failed assertion did throw an exception of the right type, "
+           "but the message is incorrect.  Instead of containing \"Expected "
+           "failure\", it is:\n");
+    Fail(e.what());
+  } catch(...) {
+    Fail("A failed assertion threw the wrong type of exception.");
+  }
+  Fail("A failed assertion should've thrown but didn't.");
+}
+
+int main(int argc, char** argv) {
+  testing::InitGoogleTest(&argc, argv);
+
+  // We want to ensure that people can use Google Test assertions in
+  // other testing frameworks, as long as they initialize Google Test
+  // properly and set the thrown-on-failure mode.  Therefore, we don't
+  // use Google Test's constructs for defining and running tests
+  // (e.g. TEST and RUN_ALL_TESTS) here.
+
+  TestFailureThrowsRuntimeError();
+  return 0;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test.py b/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test.py
new file mode 100755
index 0000000..5678ffe
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test.py
@@ -0,0 +1,171 @@
+#!/usr/bin/env python
+#
+# Copyright 2009, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Tests Google Test's throw-on-failure mode with exceptions disabled.
+
+This script invokes gtest_throw_on_failure_test_ (a program written with
+Google Test) with different environments and command line flags.
+"""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import os
+import gtest_test_utils
+
+
+# Constants.
+
+# The command line flag for enabling/disabling the throw-on-failure mode.
+THROW_ON_FAILURE = 'gtest_throw_on_failure'
+
+# Path to the gtest_throw_on_failure_test_ program, compiled with
+# exceptions disabled.
+EXE_PATH = gtest_test_utils.GetTestExecutablePath(
+    'gtest_throw_on_failure_test_')
+
+
+# Utilities.
+
+
+def SetEnvVar(env_var, value):
+  """Sets an environment variable to a given value; unsets it when the
+  given value is None.
+  """
+
+  env_var = env_var.upper()
+  if value is not None:
+    os.environ[env_var] = value
+  elif env_var in os.environ:
+    del os.environ[env_var]
+
+
+def Run(command):
+  """Runs a command; returns True/False if its exit code is/isn't 0."""
+
+  print 'Running "%s". . .' % ' '.join(command)
+  p = gtest_test_utils.Subprocess(command)
+  return p.exited and p.exit_code == 0
+
+
+# The tests.  TODO(wan@google.com): refactor the class to share common
+# logic with code in gtest_break_on_failure_unittest.py.
+class ThrowOnFailureTest(gtest_test_utils.TestCase):
+  """Tests the throw-on-failure mode."""
+
+  def RunAndVerify(self, env_var_value, flag_value, should_fail):
+    """Runs gtest_throw_on_failure_test_ and verifies that it does
+    (or does not) exit with a non-zero code.
+
+    Args:
+      env_var_value:    value of the GTEST_BREAK_ON_FAILURE environment
+                        variable; None if the variable should be unset.
+      flag_value:       value of the --gtest_break_on_failure flag;
+                        None if the flag should not be present.
+      should_fail:      True iff the program is expected to fail.
+    """
+
+    SetEnvVar(THROW_ON_FAILURE, env_var_value)
+
+    if env_var_value is None:
+      env_var_value_msg = ' is not set'
+    else:
+      env_var_value_msg = '=' + env_var_value
+
+    if flag_value is None:
+      flag = ''
+    elif flag_value == '0':
+      flag = '--%s=0' % THROW_ON_FAILURE
+    else:
+      flag = '--%s' % THROW_ON_FAILURE
+
+    command = [EXE_PATH]
+    if flag:
+      command.append(flag)
+
+    if should_fail:
+      should_or_not = 'should'
+    else:
+      should_or_not = 'should not'
+
+    failed = not Run(command)
+
+    SetEnvVar(THROW_ON_FAILURE, None)
+
+    msg = ('when %s%s, an assertion failure in "%s" %s cause a non-zero '
+           'exit code.' %
+           (THROW_ON_FAILURE, env_var_value_msg, ' '.join(command),
+            should_or_not))
+    self.assert_(failed == should_fail, msg)
+
+  def testDefaultBehavior(self):
+    """Tests the behavior of the default mode."""
+
+    self.RunAndVerify(env_var_value=None, flag_value=None, should_fail=False)
+
+  def testThrowOnFailureEnvVar(self):
+    """Tests using the GTEST_THROW_ON_FAILURE environment variable."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value=None,
+                      should_fail=False)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value=None,
+                      should_fail=True)
+
+  def testThrowOnFailureFlag(self):
+    """Tests using the --gtest_throw_on_failure flag."""
+
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='0',
+                      should_fail=False)
+    self.RunAndVerify(env_var_value=None,
+                      flag_value='1',
+                      should_fail=True)
+
+  def testThrowOnFailureFlagOverridesEnvVar(self):
+    """Tests that --gtest_throw_on_failure overrides GTEST_THROW_ON_FAILURE."""
+
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='0',
+                      should_fail=False)
+    self.RunAndVerify(env_var_value='0',
+                      flag_value='1',
+                      should_fail=True)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='0',
+                      should_fail=False)
+    self.RunAndVerify(env_var_value='1',
+                      flag_value='1',
+                      should_fail=True)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test_.cc b/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
new file mode 100644
index 0000000..2b88fe3
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_throw_on_failure_test_.cc
@@ -0,0 +1,72 @@
+// Copyright 2009, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+// Tests Google Test's throw-on-failure mode with exceptions disabled.
+//
+// This program must be compiled with exceptions disabled.  It will be
+// invoked by gtest_throw_on_failure_test.py, and is expected to exit
+// with non-zero in the throw-on-failure mode or 0 otherwise.
+
+#include "gtest/gtest.h"
+
+#include <stdio.h>                      // for fflush, fprintf, NULL, etc.
+#include <stdlib.h>                     // for exit
+#include <exception>                    // for set_terminate
+
+// This terminate handler aborts the program using exit() rather than abort().
+// This avoids showing pop-ups on Windows systems and core dumps on Unix-like
+// ones.
+void TerminateHandler() {
+  fprintf(stderr, "%s\n", "Unhandled C++ exception terminating the program.");
+  fflush(NULL);
+  exit(1);
+}
+
+int main(int argc, char** argv) {
+#if GTEST_HAS_EXCEPTIONS
+  std::set_terminate(&TerminateHandler);
+#endif
+  testing::InitGoogleTest(&argc, argv);
+
+  // We want to ensure that people can use Google Test assertions in
+  // other testing frameworks, as long as they initialize Google Test
+  // properly and set the throw-on-failure mode.  Therefore, we don't
+  // use Google Test's constructs for defining and running tests
+  // (e.g. TEST and RUN_ALL_TESTS) here.
+
+  // In the throw-on-failure mode with exceptions disabled, this
+  // assertion will cause the program to exit with a non-zero code.
+  EXPECT_EQ(2, 3);
+
+  // When not in the throw-on-failure mode, the control will reach
+  // here.
+  return 0;
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_uninitialized_test.py b/nss/gtests/google_test/gtest/test/gtest_uninitialized_test.py
new file mode 100755
index 0000000..6ae57ee
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_uninitialized_test.py
@@ -0,0 +1,70 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Verifies that Google Test warns the user when not initialized properly."""
+
+__author__ = 'wan@google.com (Zhanyong Wan)'
+
+import gtest_test_utils
+
+
+COMMAND = gtest_test_utils.GetTestExecutablePath('gtest_uninitialized_test_')
+
+
+def Assert(condition):
+  if not condition:
+    raise AssertionError
+
+
+def AssertEq(expected, actual):
+  if expected != actual:
+    print 'Expected: %s' % (expected,)
+    print '  Actual: %s' % (actual,)
+    raise AssertionError
+
+
+def TestExitCodeAndOutput(command):
+  """Runs the given command and verifies its exit code and output."""
+
+  # Verifies that 'command' exits with code 1.
+  p = gtest_test_utils.Subprocess(command)
+  Assert(p.exited)
+  AssertEq(1, p.exit_code)
+  Assert('InitGoogleTest' in p.output)
+
+
+class GTestUninitializedTest(gtest_test_utils.TestCase):
+  def testExitCodeAndOutput(self):
+    TestExitCodeAndOutput(COMMAND)
+
+
+if __name__ == '__main__':
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_uninitialized_test_.cc b/nss/gtests/google_test/gtest/test/gtest_uninitialized_test_.cc
new file mode 100644
index 0000000..4431698
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_uninitialized_test_.cc
@@ -0,0 +1,43 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+
+#include "gtest/gtest.h"
+
+TEST(DummyTest, Dummy) {
+  // This test doesn't verify anything.  We just need it to create a
+  // realistic stage for testing the behavior of Google Test when
+  // RUN_ALL_TESTS() is called without testing::InitGoogleTest() being
+  // called first.
+}
+
+int main() {
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_unittest.cc b/nss/gtests/google_test/gtest/test/gtest_unittest.cc
new file mode 100644
index 0000000..9625fa4
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_unittest.cc
@@ -0,0 +1,7525 @@
+// Copyright 2005, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// Tests for Google Test itself.  This verifies that the basic constructs of
+// Google Test work.
+
+#include "gtest/gtest.h"
+
+// Verifies that the command line flag variables can be accessed
+// in code once <gtest/gtest.h> has been #included.
+// Do not move it after other #includes.
+TEST(CommandLineFlagsTest, CanBeAccessedInCodeOnceGTestHIsIncluded) {
+  bool dummy = testing::GTEST_FLAG(also_run_disabled_tests)
+      || testing::GTEST_FLAG(break_on_failure)
+      || testing::GTEST_FLAG(catch_exceptions)
+      || testing::GTEST_FLAG(color) != "unknown"
+      || testing::GTEST_FLAG(filter) != "unknown"
+      || testing::GTEST_FLAG(list_tests)
+      || testing::GTEST_FLAG(output) != "unknown"
+      || testing::GTEST_FLAG(print_time)
+      || testing::GTEST_FLAG(random_seed)
+      || testing::GTEST_FLAG(repeat) > 0
+      || testing::GTEST_FLAG(show_internal_stack_frames)
+      || testing::GTEST_FLAG(shuffle)
+      || testing::GTEST_FLAG(stack_trace_depth) > 0
+      || testing::GTEST_FLAG(stream_result_to) != "unknown"
+      || testing::GTEST_FLAG(throw_on_failure);
+  EXPECT_TRUE(dummy || !dummy);  // Suppresses warning that dummy is unused.
+}
+
+#include <limits.h>  // For INT_MAX.
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include <map>
+#include <vector>
+#include <ostream>
+
+#include "gtest/gtest-spi.h"
+
+// Indicates that this translation unit is part of Google Test's
+// implementation.  It must come before gtest-internal-inl.h is
+// included, or there will be a compiler error.  This trick is to
+// prevent a user from accidentally including gtest-internal-inl.h in
+// his code.
+#define GTEST_IMPLEMENTATION_ 1
+#include "src/gtest-internal-inl.h"
+#undef GTEST_IMPLEMENTATION_
+
+namespace testing {
+namespace internal {
+
+#if GTEST_CAN_STREAM_RESULTS_
+
+class StreamingListenerTest : public Test {
+ public:
+  class FakeSocketWriter : public StreamingListener::AbstractSocketWriter {
+   public:
+    // Sends a string to the socket.
+    virtual void Send(const string& message) { output_ += message; }
+
+    string output_;
+  };
+
+  StreamingListenerTest()
+      : fake_sock_writer_(new FakeSocketWriter),
+        streamer_(fake_sock_writer_),
+        test_info_obj_("FooTest", "Bar", NULL, NULL, 0, NULL) {}
+
+ protected:
+  string* output() { return &(fake_sock_writer_->output_); }
+
+  FakeSocketWriter* const fake_sock_writer_;
+  StreamingListener streamer_;
+  UnitTest unit_test_;
+  TestInfo test_info_obj_;  // The name test_info_ was taken by testing::Test.
+};
+
+TEST_F(StreamingListenerTest, OnTestProgramEnd) {
+  *output() = "";
+  streamer_.OnTestProgramEnd(unit_test_);
+  EXPECT_EQ("event=TestProgramEnd&passed=1\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestIterationEnd) {
+  *output() = "";
+  streamer_.OnTestIterationEnd(unit_test_, 42);
+  EXPECT_EQ("event=TestIterationEnd&passed=1&elapsed_time=0ms\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestCaseStart) {
+  *output() = "";
+  streamer_.OnTestCaseStart(TestCase("FooTest", "Bar", NULL, NULL));
+  EXPECT_EQ("event=TestCaseStart&name=FooTest\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestCaseEnd) {
+  *output() = "";
+  streamer_.OnTestCaseEnd(TestCase("FooTest", "Bar", NULL, NULL));
+  EXPECT_EQ("event=TestCaseEnd&passed=1&elapsed_time=0ms\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestStart) {
+  *output() = "";
+  streamer_.OnTestStart(test_info_obj_);
+  EXPECT_EQ("event=TestStart&name=Bar\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestEnd) {
+  *output() = "";
+  streamer_.OnTestEnd(test_info_obj_);
+  EXPECT_EQ("event=TestEnd&passed=1&elapsed_time=0ms\n", *output());
+}
+
+TEST_F(StreamingListenerTest, OnTestPartResult) {
+  *output() = "";
+  streamer_.OnTestPartResult(TestPartResult(
+      TestPartResult::kFatalFailure, "foo.cc", 42, "failed=\n&%"));
+
+  // Meta characters in the failure message should be properly escaped.
+  EXPECT_EQ(
+      "event=TestPartResult&file=foo.cc&line=42&message=failed%3D%0A%26%25\n",
+      *output());
+}
+
+#endif  // GTEST_CAN_STREAM_RESULTS_
+
+// Provides access to otherwise private parts of the TestEventListeners class
+// that are needed to test it.
+class TestEventListenersAccessor {
+ public:
+  static TestEventListener* GetRepeater(TestEventListeners* listeners) {
+    return listeners->repeater();
+  }
+
+  static void SetDefaultResultPrinter(TestEventListeners* listeners,
+                                      TestEventListener* listener) {
+    listeners->SetDefaultResultPrinter(listener);
+  }
+  static void SetDefaultXmlGenerator(TestEventListeners* listeners,
+                                     TestEventListener* listener) {
+    listeners->SetDefaultXmlGenerator(listener);
+  }
+
+  static bool EventForwardingEnabled(const TestEventListeners& listeners) {
+    return listeners.EventForwardingEnabled();
+  }
+
+  static void SuppressEventForwarding(TestEventListeners* listeners) {
+    listeners->SuppressEventForwarding();
+  }
+};
+
+class UnitTestRecordPropertyTestHelper : public Test {
+ protected:
+  UnitTestRecordPropertyTestHelper() {}
+
+  // Forwards to UnitTest::RecordProperty() to bypass access controls.
+  void UnitTestRecordProperty(const char* key, const std::string& value) {
+    unit_test_.RecordProperty(key, value);
+  }
+
+  UnitTest unit_test_;
+};
+
+}  // namespace internal
+}  // namespace testing
+
+using testing::AssertionFailure;
+using testing::AssertionResult;
+using testing::AssertionSuccess;
+using testing::DoubleLE;
+using testing::EmptyTestEventListener;
+using testing::Environment;
+using testing::FloatLE;
+using testing::GTEST_FLAG(also_run_disabled_tests);
+using testing::GTEST_FLAG(break_on_failure);
+using testing::GTEST_FLAG(catch_exceptions);
+using testing::GTEST_FLAG(color);
+using testing::GTEST_FLAG(death_test_use_fork);
+using testing::GTEST_FLAG(filter);
+using testing::GTEST_FLAG(list_tests);
+using testing::GTEST_FLAG(output);
+using testing::GTEST_FLAG(print_time);
+using testing::GTEST_FLAG(random_seed);
+using testing::GTEST_FLAG(repeat);
+using testing::GTEST_FLAG(show_internal_stack_frames);
+using testing::GTEST_FLAG(shuffle);
+using testing::GTEST_FLAG(stack_trace_depth);
+using testing::GTEST_FLAG(stream_result_to);
+using testing::GTEST_FLAG(throw_on_failure);
+using testing::IsNotSubstring;
+using testing::IsSubstring;
+using testing::Message;
+using testing::ScopedFakeTestPartResultReporter;
+using testing::StaticAssertTypeEq;
+using testing::Test;
+using testing::TestCase;
+using testing::TestEventListeners;
+using testing::TestInfo;
+using testing::TestPartResult;
+using testing::TestPartResultArray;
+using testing::TestProperty;
+using testing::TestResult;
+using testing::TimeInMillis;
+using testing::UnitTest;
+using testing::internal::AddReference;
+using testing::internal::AlwaysFalse;
+using testing::internal::AlwaysTrue;
+using testing::internal::AppendUserMessage;
+using testing::internal::ArrayAwareFind;
+using testing::internal::ArrayEq;
+using testing::internal::CodePointToUtf8;
+using testing::internal::CompileAssertTypesEqual;
+using testing::internal::CopyArray;
+using testing::internal::CountIf;
+using testing::internal::EqFailure;
+using testing::internal::FloatingPoint;
+using testing::internal::ForEach;
+using testing::internal::FormatEpochTimeInMillisAsIso8601;
+using testing::internal::FormatTimeInMillisAsSeconds;
+using testing::internal::GTestFlagSaver;
+using testing::internal::GetCurrentOsStackTraceExceptTop;
+using testing::internal::GetElementOr;
+using testing::internal::GetNextRandomSeed;
+using testing::internal::GetRandomSeedFromFlag;
+using testing::internal::GetTestTypeId;
+using testing::internal::GetTimeInMillis;
+using testing::internal::GetTypeId;
+using testing::internal::GetUnitTestImpl;
+using testing::internal::ImplicitlyConvertible;
+using testing::internal::Int32;
+using testing::internal::Int32FromEnvOrDie;
+using testing::internal::IsAProtocolMessage;
+using testing::internal::IsContainer;
+using testing::internal::IsContainerTest;
+using testing::internal::IsNotContainer;
+using testing::internal::NativeArray;
+using testing::internal::ParseInt32Flag;
+using testing::internal::RelationToSourceCopy;
+using testing::internal::RelationToSourceReference;
+using testing::internal::RemoveConst;
+using testing::internal::RemoveReference;
+using testing::internal::ShouldRunTestOnShard;
+using testing::internal::ShouldShard;
+using testing::internal::ShouldUseColor;
+using testing::internal::Shuffle;
+using testing::internal::ShuffleRange;
+using testing::internal::SkipPrefix;
+using testing::internal::StreamableToString;
+using testing::internal::String;
+using testing::internal::TestEventListenersAccessor;
+using testing::internal::TestResultAccessor;
+using testing::internal::UInt32;
+using testing::internal::WideStringToUtf8;
+using testing::internal::edit_distance::CalculateOptimalEdits;
+using testing::internal::edit_distance::CreateUnifiedDiff;
+using testing::internal::edit_distance::EditType;
+using testing::internal::kMaxRandomSeed;
+using testing::internal::kTestTypeIdInGoogleTest;
+using testing::internal::scoped_ptr;
+using testing::kMaxStackTraceDepth;
+
+#if GTEST_HAS_STREAM_REDIRECTION
+using testing::internal::CaptureStdout;
+using testing::internal::GetCapturedStdout;
+#endif
+
+#if GTEST_IS_THREADSAFE
+using testing::internal::ThreadWithParam;
+#endif
+
+class TestingVector : public std::vector<int> {
+};
+
+::std::ostream& operator<<(::std::ostream& os,
+                           const TestingVector& vector) {
+  os << "{ ";
+  for (size_t i = 0; i < vector.size(); i++) {
+    os << vector[i] << " ";
+  }
+  os << "}";
+  return os;
+}
+
+// This line tests that we can define tests in an unnamed namespace.
+namespace {
+
+TEST(GetRandomSeedFromFlagTest, HandlesZero) {
+  const int seed = GetRandomSeedFromFlag(0);
+  EXPECT_LE(1, seed);
+  EXPECT_LE(seed, static_cast<int>(kMaxRandomSeed));
+}
+
+TEST(GetRandomSeedFromFlagTest, PreservesValidSeed) {
+  EXPECT_EQ(1, GetRandomSeedFromFlag(1));
+  EXPECT_EQ(2, GetRandomSeedFromFlag(2));
+  EXPECT_EQ(kMaxRandomSeed - 1, GetRandomSeedFromFlag(kMaxRandomSeed - 1));
+  EXPECT_EQ(static_cast<int>(kMaxRandomSeed),
+            GetRandomSeedFromFlag(kMaxRandomSeed));
+}
+
+TEST(GetRandomSeedFromFlagTest, NormalizesInvalidSeed) {
+  const int seed1 = GetRandomSeedFromFlag(-1);
+  EXPECT_LE(1, seed1);
+  EXPECT_LE(seed1, static_cast<int>(kMaxRandomSeed));
+
+  const int seed2 = GetRandomSeedFromFlag(kMaxRandomSeed + 1);
+  EXPECT_LE(1, seed2);
+  EXPECT_LE(seed2, static_cast<int>(kMaxRandomSeed));
+}
+
+TEST(GetNextRandomSeedTest, WorksForValidInput) {
+  EXPECT_EQ(2, GetNextRandomSeed(1));
+  EXPECT_EQ(3, GetNextRandomSeed(2));
+  EXPECT_EQ(static_cast<int>(kMaxRandomSeed),
+            GetNextRandomSeed(kMaxRandomSeed - 1));
+  EXPECT_EQ(1, GetNextRandomSeed(kMaxRandomSeed));
+
+  // We deliberately don't test GetNextRandomSeed() with invalid
+  // inputs, as that requires death tests, which are expensive.  This
+  // is fine as GetNextRandomSeed() is internal and has a
+  // straightforward definition.
+}
+
+static void ClearCurrentTestPartResults() {
+  TestResultAccessor::ClearTestPartResults(
+      GetUnitTestImpl()->current_test_result());
+}
+
+// Tests GetTypeId.
+
+TEST(GetTypeIdTest, ReturnsSameValueForSameType) {
+  EXPECT_EQ(GetTypeId<int>(), GetTypeId<int>());
+  EXPECT_EQ(GetTypeId<Test>(), GetTypeId<Test>());
+}
+
+class SubClassOfTest : public Test {};
+class AnotherSubClassOfTest : public Test {};
+
+TEST(GetTypeIdTest, ReturnsDifferentValuesForDifferentTypes) {
+  EXPECT_NE(GetTypeId<int>(), GetTypeId<const int>());
+  EXPECT_NE(GetTypeId<int>(), GetTypeId<char>());
+  EXPECT_NE(GetTypeId<int>(), GetTestTypeId());
+  EXPECT_NE(GetTypeId<SubClassOfTest>(), GetTestTypeId());
+  EXPECT_NE(GetTypeId<AnotherSubClassOfTest>(), GetTestTypeId());
+  EXPECT_NE(GetTypeId<AnotherSubClassOfTest>(), GetTypeId<SubClassOfTest>());
+}
+
+// Verifies that GetTestTypeId() returns the same value, no matter it
+// is called from inside Google Test or outside of it.
+TEST(GetTestTypeIdTest, ReturnsTheSameValueInsideOrOutsideOfGoogleTest) {
+  EXPECT_EQ(kTestTypeIdInGoogleTest, GetTestTypeId());
+}
+
+// Tests FormatTimeInMillisAsSeconds().
+
+TEST(FormatTimeInMillisAsSecondsTest, FormatsZero) {
+  EXPECT_EQ("0", FormatTimeInMillisAsSeconds(0));
+}
+
+TEST(FormatTimeInMillisAsSecondsTest, FormatsPositiveNumber) {
+  EXPECT_EQ("0.003", FormatTimeInMillisAsSeconds(3));
+  EXPECT_EQ("0.01", FormatTimeInMillisAsSeconds(10));
+  EXPECT_EQ("0.2", FormatTimeInMillisAsSeconds(200));
+  EXPECT_EQ("1.2", FormatTimeInMillisAsSeconds(1200));
+  EXPECT_EQ("3", FormatTimeInMillisAsSeconds(3000));
+}
+
+TEST(FormatTimeInMillisAsSecondsTest, FormatsNegativeNumber) {
+  EXPECT_EQ("-0.003", FormatTimeInMillisAsSeconds(-3));
+  EXPECT_EQ("-0.01", FormatTimeInMillisAsSeconds(-10));
+  EXPECT_EQ("-0.2", FormatTimeInMillisAsSeconds(-200));
+  EXPECT_EQ("-1.2", FormatTimeInMillisAsSeconds(-1200));
+  EXPECT_EQ("-3", FormatTimeInMillisAsSeconds(-3000));
+}
+
+// Tests FormatEpochTimeInMillisAsIso8601().  The correctness of conversion
+// for particular dates below was verified in Python using
+// datetime.datetime.fromutctimestamp(<timetamp>/1000).
+
+// FormatEpochTimeInMillisAsIso8601 depends on the current timezone, so we
+// have to set up a particular timezone to obtain predictable results.
+class FormatEpochTimeInMillisAsIso8601Test : public Test {
+ public:
+  // On Cygwin, GCC doesn't allow unqualified integer literals to exceed
+  // 32 bits, even when 64-bit integer types are available.  We have to
+  // force the constants to have a 64-bit type here.
+  static const TimeInMillis kMillisPerSec = 1000;
+
+ private:
+  virtual void SetUp() {
+    saved_tz_ = NULL;
+
+    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* PR_GetEnvSecure, strdup: deprecated */)
+    if (PR_GetEnvSecure("TZ"))
+      saved_tz_ = strdup(PR_GetEnvSecure("TZ"));
+    GTEST_DISABLE_MSC_WARNINGS_POP_()
+
+    // Set up the time zone for FormatEpochTimeInMillisAsIso8601 to use.  We
+    // cannot use the local time zone because the function's output depends
+    // on the time zone.
+    SetTimeZone("UTC+00");
+  }
+
+  virtual void TearDown() {
+    SetTimeZone(saved_tz_);
+    free(const_cast<char*>(saved_tz_));
+    saved_tz_ = NULL;
+  }
+
+  static void SetTimeZone(const char* time_zone) {
+    // tzset() distinguishes between the TZ variable being present and empty
+    // and not being present, so we have to consider the case of time_zone
+    // being NULL.
+#if _MSC_VER
+    // ...Unless it's MSVC, whose standard library's _putenv doesn't
+    // distinguish between an empty and a missing variable.
+    const std::string env_var =
+        std::string("TZ=") + (time_zone ? time_zone : "");
+    _putenv(env_var.c_str());
+    GTEST_DISABLE_MSC_WARNINGS_PUSH_(4996 /* deprecated function */)
+    tzset();
+    GTEST_DISABLE_MSC_WARNINGS_POP_()
+#else
+    if (time_zone) {
+      setenv(("TZ"), time_zone, 1);
+    } else {
+      unsetenv("TZ");
+    }
+    tzset();
+#endif
+  }
+
+  const char* saved_tz_;
+};
+
+const TimeInMillis FormatEpochTimeInMillisAsIso8601Test::kMillisPerSec;
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, PrintsTwoDigitSegments) {
+  EXPECT_EQ("2011-10-31T18:52:42",
+            FormatEpochTimeInMillisAsIso8601(1320087162 * kMillisPerSec));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, MillisecondsDoNotAffectResult) {
+  EXPECT_EQ(
+      "2011-10-31T18:52:42",
+      FormatEpochTimeInMillisAsIso8601(1320087162 * kMillisPerSec + 234));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, PrintsLeadingZeroes) {
+  EXPECT_EQ("2011-09-03T05:07:02",
+            FormatEpochTimeInMillisAsIso8601(1315026422 * kMillisPerSec));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, Prints24HourTime) {
+  EXPECT_EQ("2011-09-28T17:08:22",
+            FormatEpochTimeInMillisAsIso8601(1317229702 * kMillisPerSec));
+}
+
+TEST_F(FormatEpochTimeInMillisAsIso8601Test, PrintsEpochStart) {
+  EXPECT_EQ("1970-01-01T00:00:00", FormatEpochTimeInMillisAsIso8601(0));
+}
+
+#if GTEST_CAN_COMPARE_NULL
+
+# ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+#  pragma option push -w-ccc -w-rch
+# endif
+
+// Tests that GTEST_IS_NULL_LITERAL_(x) is true when x is a null
+// pointer literal.
+TEST(NullLiteralTest, IsTrueForNullLiterals) {
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(NULL));
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(0));
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(0U));
+  EXPECT_TRUE(GTEST_IS_NULL_LITERAL_(0L));
+}
+
+// Tests that GTEST_IS_NULL_LITERAL_(x) is false when x is not a null
+// pointer literal.
+TEST(NullLiteralTest, IsFalseForNonNullLiterals) {
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_(1));
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_(0.0));
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_('a'));
+  EXPECT_FALSE(GTEST_IS_NULL_LITERAL_(static_cast<void*>(NULL)));
+}
+
+# ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" suppressed them.
+#  pragma option pop
+# endif
+
+#endif  // GTEST_CAN_COMPARE_NULL
+//
+// Tests CodePointToUtf8().
+
+// Tests that the NUL character L'\0' is encoded correctly.
+TEST(CodePointToUtf8Test, CanEncodeNul) {
+  EXPECT_EQ("", CodePointToUtf8(L'\0'));
+}
+
+// Tests that ASCII characters are encoded correctly.
+TEST(CodePointToUtf8Test, CanEncodeAscii) {
+  EXPECT_EQ("a", CodePointToUtf8(L'a'));
+  EXPECT_EQ("Z", CodePointToUtf8(L'Z'));
+  EXPECT_EQ("&", CodePointToUtf8(L'&'));
+  EXPECT_EQ("\x7F", CodePointToUtf8(L'\x7F'));
+}
+
+// Tests that Unicode code-points that have 8 to 11 bits are encoded
+// as 110xxxxx 10xxxxxx.
+TEST(CodePointToUtf8Test, CanEncode8To11Bits) {
+  // 000 1101 0011 => 110-00011 10-010011
+  EXPECT_EQ("\xC3\x93", CodePointToUtf8(L'\xD3'));
+
+  // 101 0111 0110 => 110-10101 10-110110
+  // Some compilers (e.g., GCC on MinGW) cannot handle non-ASCII codepoints
+  // in wide strings and wide chars. In order to accomodate them, we have to
+  // introduce such character constants as integers.
+  EXPECT_EQ("\xD5\xB6",
+            CodePointToUtf8(static_cast<wchar_t>(0x576)));
+}
+
+// Tests that Unicode code-points that have 12 to 16 bits are encoded
+// as 1110xxxx 10xxxxxx 10xxxxxx.
+TEST(CodePointToUtf8Test, CanEncode12To16Bits) {
+  // 0000 1000 1101 0011 => 1110-0000 10-100011 10-010011
+  EXPECT_EQ("\xE0\xA3\x93",
+            CodePointToUtf8(static_cast<wchar_t>(0x8D3)));
+
+  // 1100 0111 0100 1101 => 1110-1100 10-011101 10-001101
+  EXPECT_EQ("\xEC\x9D\x8D",
+            CodePointToUtf8(static_cast<wchar_t>(0xC74D)));
+}
+
+#if !GTEST_WIDE_STRING_USES_UTF16_
+// Tests in this group require a wchar_t to hold > 16 bits, and thus
+// are skipped on Windows, Cygwin, and Symbian, where a wchar_t is
+// 16-bit wide. This code may not compile on those systems.
+
+// Tests that Unicode code-points that have 17 to 21 bits are encoded
+// as 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx.
+TEST(CodePointToUtf8Test, CanEncode17To21Bits) {
+  // 0 0001 0000 1000 1101 0011 => 11110-000 10-010000 10-100011 10-010011
+  EXPECT_EQ("\xF0\x90\xA3\x93", CodePointToUtf8(L'\x108D3'));
+
+  // 0 0001 0000 0100 0000 0000 => 11110-000 10-010000 10-010000 10-000000
+  EXPECT_EQ("\xF0\x90\x90\x80", CodePointToUtf8(L'\x10400'));
+
+  // 1 0000 1000 0110 0011 0100 => 11110-100 10-001000 10-011000 10-110100
+  EXPECT_EQ("\xF4\x88\x98\xB4", CodePointToUtf8(L'\x108634'));
+}
+
+// Tests that encoding an invalid code-point generates the expected result.
+TEST(CodePointToUtf8Test, CanEncodeInvalidCodePoint) {
+  EXPECT_EQ("(Invalid Unicode 0x1234ABCD)", CodePointToUtf8(L'\x1234ABCD'));
+}
+
+#endif  // !GTEST_WIDE_STRING_USES_UTF16_
+
+// Tests WideStringToUtf8().
+
+// Tests that the NUL character L'\0' is encoded correctly.
+TEST(WideStringToUtf8Test, CanEncodeNul) {
+  EXPECT_STREQ("", WideStringToUtf8(L"", 0).c_str());
+  EXPECT_STREQ("", WideStringToUtf8(L"", -1).c_str());
+}
+
+// Tests that ASCII strings are encoded correctly.
+TEST(WideStringToUtf8Test, CanEncodeAscii) {
+  EXPECT_STREQ("a", WideStringToUtf8(L"a", 1).c_str());
+  EXPECT_STREQ("ab", WideStringToUtf8(L"ab", 2).c_str());
+  EXPECT_STREQ("a", WideStringToUtf8(L"a", -1).c_str());
+  EXPECT_STREQ("ab", WideStringToUtf8(L"ab", -1).c_str());
+}
+
+// Tests that Unicode code-points that have 8 to 11 bits are encoded
+// as 110xxxxx 10xxxxxx.
+TEST(WideStringToUtf8Test, CanEncode8To11Bits) {
+  // 000 1101 0011 => 110-00011 10-010011
+  EXPECT_STREQ("\xC3\x93", WideStringToUtf8(L"\xD3", 1).c_str());
+  EXPECT_STREQ("\xC3\x93", WideStringToUtf8(L"\xD3", -1).c_str());
+
+  // 101 0111 0110 => 110-10101 10-110110
+  const wchar_t s[] = { 0x576, '\0' };
+  EXPECT_STREQ("\xD5\xB6", WideStringToUtf8(s, 1).c_str());
+  EXPECT_STREQ("\xD5\xB6", WideStringToUtf8(s, -1).c_str());
+}
+
+// Tests that Unicode code-points that have 12 to 16 bits are encoded
+// as 1110xxxx 10xxxxxx 10xxxxxx.
+TEST(WideStringToUtf8Test, CanEncode12To16Bits) {
+  // 0000 1000 1101 0011 => 1110-0000 10-100011 10-010011
+  const wchar_t s1[] = { 0x8D3, '\0' };
+  EXPECT_STREQ("\xE0\xA3\x93", WideStringToUtf8(s1, 1).c_str());
+  EXPECT_STREQ("\xE0\xA3\x93", WideStringToUtf8(s1, -1).c_str());
+
+  // 1100 0111 0100 1101 => 1110-1100 10-011101 10-001101
+  const wchar_t s2[] = { 0xC74D, '\0' };
+  EXPECT_STREQ("\xEC\x9D\x8D", WideStringToUtf8(s2, 1).c_str());
+  EXPECT_STREQ("\xEC\x9D\x8D", WideStringToUtf8(s2, -1).c_str());
+}
+
+// Tests that the conversion stops when the function encounters \0 character.
+TEST(WideStringToUtf8Test, StopsOnNulCharacter) {
+  EXPECT_STREQ("ABC", WideStringToUtf8(L"ABC\0XYZ", 100).c_str());
+}
+
+// Tests that the conversion stops when the function reaches the limit
+// specified by the 'length' parameter.
+TEST(WideStringToUtf8Test, StopsWhenLengthLimitReached) {
+  EXPECT_STREQ("ABC", WideStringToUtf8(L"ABCDEF", 3).c_str());
+}
+
+#if !GTEST_WIDE_STRING_USES_UTF16_
+// Tests that Unicode code-points that have 17 to 21 bits are encoded
+// as 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx. This code may not compile
+// on the systems using UTF-16 encoding.
+TEST(WideStringToUtf8Test, CanEncode17To21Bits) {
+  // 0 0001 0000 1000 1101 0011 => 11110-000 10-010000 10-100011 10-010011
+  EXPECT_STREQ("\xF0\x90\xA3\x93", WideStringToUtf8(L"\x108D3", 1).c_str());
+  EXPECT_STREQ("\xF0\x90\xA3\x93", WideStringToUtf8(L"\x108D3", -1).c_str());
+
+  // 1 0000 1000 0110 0011 0100 => 11110-100 10-001000 10-011000 10-110100
+  EXPECT_STREQ("\xF4\x88\x98\xB4", WideStringToUtf8(L"\x108634", 1).c_str());
+  EXPECT_STREQ("\xF4\x88\x98\xB4", WideStringToUtf8(L"\x108634", -1).c_str());
+}
+
+// Tests that encoding an invalid code-point generates the expected result.
+TEST(WideStringToUtf8Test, CanEncodeInvalidCodePoint) {
+  EXPECT_STREQ("(Invalid Unicode 0xABCDFF)",
+               WideStringToUtf8(L"\xABCDFF", -1).c_str());
+}
+#else  // !GTEST_WIDE_STRING_USES_UTF16_
+// Tests that surrogate pairs are encoded correctly on the systems using
+// UTF-16 encoding in the wide strings.
+TEST(WideStringToUtf8Test, CanEncodeValidUtf16SUrrogatePairs) {
+  const wchar_t s[] = { 0xD801, 0xDC00, '\0' };
+  EXPECT_STREQ("\xF0\x90\x90\x80", WideStringToUtf8(s, -1).c_str());
+}
+
+// Tests that encoding an invalid UTF-16 surrogate pair
+// generates the expected result.
+TEST(WideStringToUtf8Test, CanEncodeInvalidUtf16SurrogatePair) {
+  // Leading surrogate is at the end of the string.
+  const wchar_t s1[] = { 0xD800, '\0' };
+  EXPECT_STREQ("\xED\xA0\x80", WideStringToUtf8(s1, -1).c_str());
+  // Leading surrogate is not followed by the trailing surrogate.
+  const wchar_t s2[] = { 0xD800, 'M', '\0' };
+  EXPECT_STREQ("\xED\xA0\x80M", WideStringToUtf8(s2, -1).c_str());
+  // Trailing surrogate appearas without a leading surrogate.
+  const wchar_t s3[] = { 0xDC00, 'P', 'Q', 'R', '\0' };
+  EXPECT_STREQ("\xED\xB0\x80PQR", WideStringToUtf8(s3, -1).c_str());
+}
+#endif  // !GTEST_WIDE_STRING_USES_UTF16_
+
+// Tests that codepoint concatenation works correctly.
+#if !GTEST_WIDE_STRING_USES_UTF16_
+TEST(WideStringToUtf8Test, ConcatenatesCodepointsCorrectly) {
+  const wchar_t s[] = { 0x108634, 0xC74D, '\n', 0x576, 0x8D3, 0x108634, '\0'};
+  EXPECT_STREQ(
+      "\xF4\x88\x98\xB4"
+          "\xEC\x9D\x8D"
+          "\n"
+          "\xD5\xB6"
+          "\xE0\xA3\x93"
+          "\xF4\x88\x98\xB4",
+      WideStringToUtf8(s, -1).c_str());
+}
+#else
+TEST(WideStringToUtf8Test, ConcatenatesCodepointsCorrectly) {
+  const wchar_t s[] = { 0xC74D, '\n', 0x576, 0x8D3, '\0'};
+  EXPECT_STREQ(
+      "\xEC\x9D\x8D" "\n" "\xD5\xB6" "\xE0\xA3\x93",
+      WideStringToUtf8(s, -1).c_str());
+}
+#endif  // !GTEST_WIDE_STRING_USES_UTF16_
+
+// Tests the Random class.
+
+TEST(RandomDeathTest, GeneratesCrashesOnInvalidRange) {
+  testing::internal::Random random(42);
+  EXPECT_DEATH_IF_SUPPORTED(
+      random.Generate(0),
+      "Cannot generate a number in the range \\[0, 0\\)");
+  EXPECT_DEATH_IF_SUPPORTED(
+      random.Generate(testing::internal::Random::kMaxRange + 1),
+      "Generation of a number in \\[0, 2147483649\\) was requested, "
+      "but this can only generate numbers in \\[0, 2147483648\\)");
+}
+
+TEST(RandomTest, GeneratesNumbersWithinRange) {
+  const UInt32 kRange = 10000;
+  testing::internal::Random random(12345);
+  for (int i = 0; i < 10; i++) {
+    EXPECT_LT(random.Generate(kRange), kRange) << " for iteration " << i;
+  }
+
+  testing::internal::Random random2(testing::internal::Random::kMaxRange);
+  for (int i = 0; i < 10; i++) {
+    EXPECT_LT(random2.Generate(kRange), kRange) << " for iteration " << i;
+  }
+}
+
+TEST(RandomTest, RepeatsWhenReseeded) {
+  const int kSeed = 123;
+  const int kArraySize = 10;
+  const UInt32 kRange = 10000;
+  UInt32 values[kArraySize];
+
+  testing::internal::Random random(kSeed);
+  for (int i = 0; i < kArraySize; i++) {
+    values[i] = random.Generate(kRange);
+  }
+
+  random.Reseed(kSeed);
+  for (int i = 0; i < kArraySize; i++) {
+    EXPECT_EQ(values[i], random.Generate(kRange)) << " for iteration " << i;
+  }
+}
+
+// Tests STL container utilities.
+
+// Tests CountIf().
+
+static bool IsPositive(int n) { return n > 0; }
+
+TEST(ContainerUtilityTest, CountIf) {
+  std::vector<int> v;
+  EXPECT_EQ(0, CountIf(v, IsPositive));  // Works for an empty container.
+
+  v.push_back(-1);
+  v.push_back(0);
+  EXPECT_EQ(0, CountIf(v, IsPositive));  // Works when no value satisfies.
+
+  v.push_back(2);
+  v.push_back(-10);
+  v.push_back(10);
+  EXPECT_EQ(2, CountIf(v, IsPositive));
+}
+
+// Tests ForEach().
+
+static int g_sum = 0;
+static void Accumulate(int n) { g_sum += n; }
+
+TEST(ContainerUtilityTest, ForEach) {
+  std::vector<int> v;
+  g_sum = 0;
+  ForEach(v, Accumulate);
+  EXPECT_EQ(0, g_sum);  // Works for an empty container;
+
+  g_sum = 0;
+  v.push_back(1);
+  ForEach(v, Accumulate);
+  EXPECT_EQ(1, g_sum);  // Works for a container with one element.
+
+  g_sum = 0;
+  v.push_back(20);
+  v.push_back(300);
+  ForEach(v, Accumulate);
+  EXPECT_EQ(321, g_sum);
+}
+
+// Tests GetElementOr().
+TEST(ContainerUtilityTest, GetElementOr) {
+  std::vector<char> a;
+  EXPECT_EQ('x', GetElementOr(a, 0, 'x'));
+
+  a.push_back('a');
+  a.push_back('b');
+  EXPECT_EQ('a', GetElementOr(a, 0, 'x'));
+  EXPECT_EQ('b', GetElementOr(a, 1, 'x'));
+  EXPECT_EQ('x', GetElementOr(a, -2, 'x'));
+  EXPECT_EQ('x', GetElementOr(a, 2, 'x'));
+}
+
+TEST(ContainerUtilityDeathTest, ShuffleRange) {
+  std::vector<int> a;
+  a.push_back(0);
+  a.push_back(1);
+  a.push_back(2);
+  testing::internal::Random random(1);
+
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, -1, 1, &a),
+      "Invalid shuffle range start -1: must be in range \\[0, 3\\]");
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, 4, 4, &a),
+      "Invalid shuffle range start 4: must be in range \\[0, 3\\]");
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, 3, 2, &a),
+      "Invalid shuffle range finish 2: must be in range \\[3, 3\\]");
+  EXPECT_DEATH_IF_SUPPORTED(
+      ShuffleRange(&random, 3, 4, &a),
+      "Invalid shuffle range finish 4: must be in range \\[3, 3\\]");
+}
+
+class VectorShuffleTest : public Test {
+ protected:
+  static const int kVectorSize = 20;
+
+  VectorShuffleTest() : random_(1) {
+    for (int i = 0; i < kVectorSize; i++) {
+      vector_.push_back(i);
+    }
+  }
+
+  static bool VectorIsCorrupt(const TestingVector& vector) {
+    if (kVectorSize != static_cast<int>(vector.size())) {
+      return true;
+    }
+
+    bool found_in_vector[kVectorSize] = { false };
+    for (size_t i = 0; i < vector.size(); i++) {
+      const int e = vector[i];
+      if (e < 0 || e >= kVectorSize || found_in_vector[e]) {
+        return true;
+      }
+      found_in_vector[e] = true;
+    }
+
+    // Vector size is correct, elements' range is correct, no
+    // duplicate elements.  Therefore no corruption has occurred.
+    return false;
+  }
+
+  static bool VectorIsNotCorrupt(const TestingVector& vector) {
+    return !VectorIsCorrupt(vector);
+  }
+
+  static bool RangeIsShuffled(const TestingVector& vector, int begin, int end) {
+    for (int i = begin; i < end; i++) {
+      if (i != vector[i]) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  static bool RangeIsUnshuffled(
+      const TestingVector& vector, int begin, int end) {
+    return !RangeIsShuffled(vector, begin, end);
+  }
+
+  static bool VectorIsShuffled(const TestingVector& vector) {
+    return RangeIsShuffled(vector, 0, static_cast<int>(vector.size()));
+  }
+
+  static bool VectorIsUnshuffled(const TestingVector& vector) {
+    return !VectorIsShuffled(vector);
+  }
+
+  testing::internal::Random random_;
+  TestingVector vector_;
+};  // class VectorShuffleTest
+
+const int VectorShuffleTest::kVectorSize;
+
+TEST_F(VectorShuffleTest, HandlesEmptyRange) {
+  // Tests an empty range at the beginning...
+  ShuffleRange(&random_, 0, 0, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...in the middle...
+  ShuffleRange(&random_, kVectorSize/2, kVectorSize/2, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...at the end...
+  ShuffleRange(&random_, kVectorSize - 1, kVectorSize - 1, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...and past the end.
+  ShuffleRange(&random_, kVectorSize, kVectorSize, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+}
+
+TEST_F(VectorShuffleTest, HandlesRangeOfSizeOne) {
+  // Tests a size one range at the beginning...
+  ShuffleRange(&random_, 0, 1, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...in the middle...
+  ShuffleRange(&random_, kVectorSize/2, kVectorSize/2 + 1, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+
+  // ...and at the end.
+  ShuffleRange(&random_, kVectorSize - 1, kVectorSize, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsUnshuffled, vector_);
+}
+
+// Because we use our own random number generator and a fixed seed,
+// we can guarantee that the following "random" tests will succeed.
+
+TEST_F(VectorShuffleTest, ShufflesEntireVector) {
+  Shuffle(&random_, &vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_FALSE(VectorIsUnshuffled(vector_)) << vector_;
+
+  // Tests the first and last elements in particular to ensure that
+  // there are no off-by-one problems in our shuffle algorithm.
+  EXPECT_NE(0, vector_[0]);
+  EXPECT_NE(kVectorSize - 1, vector_[kVectorSize - 1]);
+}
+
+TEST_F(VectorShuffleTest, ShufflesStartOfVector) {
+  const int kRangeSize = kVectorSize/2;
+
+  ShuffleRange(&random_, 0, kRangeSize, &vector_);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_PRED3(RangeIsShuffled, vector_, 0, kRangeSize);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, kRangeSize, kVectorSize);
+}
+
+TEST_F(VectorShuffleTest, ShufflesEndOfVector) {
+  const int kRangeSize = kVectorSize / 2;
+  ShuffleRange(&random_, kRangeSize, kVectorSize, &vector_);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, 0, kRangeSize);
+  EXPECT_PRED3(RangeIsShuffled, vector_, kRangeSize, kVectorSize);
+}
+
+TEST_F(VectorShuffleTest, ShufflesMiddleOfVector) {
+  int kRangeSize = kVectorSize/3;
+  ShuffleRange(&random_, kRangeSize, 2*kRangeSize, &vector_);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, 0, kRangeSize);
+  EXPECT_PRED3(RangeIsShuffled, vector_, kRangeSize, 2*kRangeSize);
+  EXPECT_PRED3(RangeIsUnshuffled, vector_, 2*kRangeSize, kVectorSize);
+}
+
+TEST_F(VectorShuffleTest, ShufflesRepeatably) {
+  TestingVector vector2;
+  for (int i = 0; i < kVectorSize; i++) {
+    vector2.push_back(i);
+  }
+
+  random_.Reseed(1234);
+  Shuffle(&random_, &vector_);
+  random_.Reseed(1234);
+  Shuffle(&random_, &vector2);
+
+  ASSERT_PRED1(VectorIsNotCorrupt, vector_);
+  ASSERT_PRED1(VectorIsNotCorrupt, vector2);
+
+  for (int i = 0; i < kVectorSize; i++) {
+    EXPECT_EQ(vector_[i], vector2[i]) << " where i is " << i;
+  }
+}
+
+// Tests the size of the AssertHelper class.
+
+TEST(AssertHelperTest, AssertHelperIsSmall) {
+  // To avoid breaking clients that use lots of assertions in one
+  // function, we cannot grow the size of AssertHelper.
+  EXPECT_LE(sizeof(testing::internal::AssertHelper), sizeof(void*));
+}
+
+// Tests String::EndsWithCaseInsensitive().
+TEST(StringTest, EndsWithCaseInsensitive) {
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("foobar", "BAR"));
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("foobaR", "bar"));
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("foobar", ""));
+  EXPECT_TRUE(String::EndsWithCaseInsensitive("", ""));
+
+  EXPECT_FALSE(String::EndsWithCaseInsensitive("Foobar", "foo"));
+  EXPECT_FALSE(String::EndsWithCaseInsensitive("foobar", "Foo"));
+  EXPECT_FALSE(String::EndsWithCaseInsensitive("", "foo"));
+}
+
+// C++Builder's preprocessor is buggy; it fails to expand macros that
+// appear in macro parameters after wide char literals.  Provide an alias
+// for NULL as a workaround.
+static const wchar_t* const kNull = NULL;
+
+// Tests String::CaseInsensitiveWideCStringEquals
+TEST(StringTest, CaseInsensitiveWideCStringEquals) {
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(NULL, NULL));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(kNull, L""));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(L"", kNull));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(kNull, L"foobar"));
+  EXPECT_FALSE(String::CaseInsensitiveWideCStringEquals(L"foobar", kNull));
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(L"foobar", L"foobar"));
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(L"foobar", L"FOOBAR"));
+  EXPECT_TRUE(String::CaseInsensitiveWideCStringEquals(L"FOOBAR", L"foobar"));
+}
+
+#if GTEST_OS_WINDOWS
+
+// Tests String::ShowWideCString().
+TEST(StringTest, ShowWideCString) {
+  EXPECT_STREQ("(null)",
+               String::ShowWideCString(NULL).c_str());
+  EXPECT_STREQ("", String::ShowWideCString(L"").c_str());
+  EXPECT_STREQ("foo", String::ShowWideCString(L"foo").c_str());
+}
+
+# if GTEST_OS_WINDOWS_MOBILE
+TEST(StringTest, AnsiAndUtf16Null) {
+  EXPECT_EQ(NULL, String::AnsiToUtf16(NULL));
+  EXPECT_EQ(NULL, String::Utf16ToAnsi(NULL));
+}
+
+TEST(StringTest, AnsiAndUtf16ConvertBasic) {
+  const char* ansi = String::Utf16ToAnsi(L"str");
+  EXPECT_STREQ("str", ansi);
+  delete [] ansi;
+  const WCHAR* utf16 = String::AnsiToUtf16("str");
+  EXPECT_EQ(0, wcsncmp(L"str", utf16, 3));
+  delete [] utf16;
+}
+
+TEST(StringTest, AnsiAndUtf16ConvertPathChars) {
+  const char* ansi = String::Utf16ToAnsi(L".:\\ \"*?");
+  EXPECT_STREQ(".:\\ \"*?", ansi);
+  delete [] ansi;
+  const WCHAR* utf16 = String::AnsiToUtf16(".:\\ \"*?");
+  EXPECT_EQ(0, wcsncmp(L".:\\ \"*?", utf16, 3));
+  delete [] utf16;
+}
+# endif  // GTEST_OS_WINDOWS_MOBILE
+
+#endif  // GTEST_OS_WINDOWS
+
+// Tests TestProperty construction.
+TEST(TestPropertyTest, StringValue) {
+  TestProperty property("key", "1");
+  EXPECT_STREQ("key", property.key());
+  EXPECT_STREQ("1", property.value());
+}
+
+// Tests TestProperty replacing a value.
+TEST(TestPropertyTest, ReplaceStringValue) {
+  TestProperty property("key", "1");
+  EXPECT_STREQ("1", property.value());
+  property.SetValue("2");
+  EXPECT_STREQ("2", property.value());
+}
+
+// AddFatalFailure() and AddNonfatalFailure() must be stand-alone
+// functions (i.e. their definitions cannot be inlined at the call
+// sites), or C++Builder won't compile the code.
+static void AddFatalFailure() {
+  FAIL() << "Expected fatal failure.";
+}
+
+static void AddNonfatalFailure() {
+  ADD_FAILURE() << "Expected non-fatal failure.";
+}
+
+class ScopedFakeTestPartResultReporterTest : public Test {
+ public:  // Must be public and not protected due to a bug in g++ 3.4.2.
+  enum FailureMode {
+    FATAL_FAILURE,
+    NONFATAL_FAILURE
+  };
+  static void AddFailure(FailureMode failure) {
+    if (failure == FATAL_FAILURE) {
+      AddFatalFailure();
+    } else {
+      AddNonfatalFailure();
+    }
+  }
+};
+
+// Tests that ScopedFakeTestPartResultReporter intercepts test
+// failures.
+TEST_F(ScopedFakeTestPartResultReporterTest, InterceptsTestFailures) {
+  TestPartResultArray results;
+  {
+    ScopedFakeTestPartResultReporter reporter(
+        ScopedFakeTestPartResultReporter::INTERCEPT_ONLY_CURRENT_THREAD,
+        &results);
+    AddFailure(NONFATAL_FAILURE);
+    AddFailure(FATAL_FAILURE);
+  }
+
+  EXPECT_EQ(2, results.size());
+  EXPECT_TRUE(results.GetTestPartResult(0).nonfatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(1).fatally_failed());
+}
+
+TEST_F(ScopedFakeTestPartResultReporterTest, DeprecatedConstructor) {
+  TestPartResultArray results;
+  {
+    // Tests, that the deprecated constructor still works.
+    ScopedFakeTestPartResultReporter reporter(&results);
+    AddFailure(NONFATAL_FAILURE);
+  }
+  EXPECT_EQ(1, results.size());
+}
+
+#if GTEST_IS_THREADSAFE
+
+class ScopedFakeTestPartResultReporterWithThreadsTest
+  : public ScopedFakeTestPartResultReporterTest {
+ protected:
+  static void AddFailureInOtherThread(FailureMode failure) {
+    ThreadWithParam<FailureMode> thread(&AddFailure, failure, NULL);
+    thread.Join();
+  }
+};
+
+TEST_F(ScopedFakeTestPartResultReporterWithThreadsTest,
+       InterceptsTestFailuresInAllThreads) {
+  TestPartResultArray results;
+  {
+    ScopedFakeTestPartResultReporter reporter(
+        ScopedFakeTestPartResultReporter::INTERCEPT_ALL_THREADS, &results);
+    AddFailure(NONFATAL_FAILURE);
+    AddFailure(FATAL_FAILURE);
+    AddFailureInOtherThread(NONFATAL_FAILURE);
+    AddFailureInOtherThread(FATAL_FAILURE);
+  }
+
+  EXPECT_EQ(4, results.size());
+  EXPECT_TRUE(results.GetTestPartResult(0).nonfatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(1).fatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(2).nonfatally_failed());
+  EXPECT_TRUE(results.GetTestPartResult(3).fatally_failed());
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+// Tests EXPECT_FATAL_FAILURE{,ON_ALL_THREADS}.  Makes sure that they
+// work even if the failure is generated in a called function rather than
+// the current context.
+
+typedef ScopedFakeTestPartResultReporterTest ExpectFatalFailureTest;
+
+TEST_F(ExpectFatalFailureTest, CatchesFatalFaliure) {
+  EXPECT_FATAL_FAILURE(AddFatalFailure(), "Expected fatal failure.");
+}
+
+#if GTEST_HAS_GLOBAL_STRING
+TEST_F(ExpectFatalFailureTest, AcceptsStringObject) {
+  EXPECT_FATAL_FAILURE(AddFatalFailure(), ::string("Expected fatal failure."));
+}
+#endif
+
+TEST_F(ExpectFatalFailureTest, AcceptsStdStringObject) {
+  EXPECT_FATAL_FAILURE(AddFatalFailure(),
+                       ::std::string("Expected fatal failure."));
+}
+
+TEST_F(ExpectFatalFailureTest, CatchesFatalFailureOnAllThreads) {
+  // We have another test below to verify that the macro catches fatal
+  // failures generated on another thread.
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFatalFailure(),
+                                      "Expected fatal failure.");
+}
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true"
+# pragma option push -w-ccc
+#endif
+
+// Tests that EXPECT_FATAL_FAILURE() can be used in a non-void
+// function even when the statement in it contains ASSERT_*.
+
+int NonVoidFunction() {
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(false), "");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(FAIL(), "");
+  return 0;
+}
+
+TEST_F(ExpectFatalFailureTest, CanBeUsedInNonVoidFunction) {
+  NonVoidFunction();
+}
+
+// Tests that EXPECT_FATAL_FAILURE(statement, ...) doesn't abort the
+// current function even though 'statement' generates a fatal failure.
+
+void DoesNotAbortHelper(bool* aborted) {
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(false), "");
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(FAIL(), "");
+
+  *aborted = false;
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" suppressed them.
+# pragma option pop
+#endif
+
+TEST_F(ExpectFatalFailureTest, DoesNotAbort) {
+  bool aborted = true;
+  DoesNotAbortHelper(&aborted);
+  EXPECT_FALSE(aborted);
+}
+
+// Tests that the EXPECT_FATAL_FAILURE{,_ON_ALL_THREADS} accepts a
+// statement that contains a macro which expands to code containing an
+// unprotected comma.
+
+static int global_var = 0;
+#define GTEST_USE_UNPROTECTED_COMMA_ global_var++, global_var++
+
+TEST_F(ExpectFatalFailureTest, AcceptsMacroThatExpandsToUnprotectedComma) {
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddFatalFailure();
+  }, "");
+#endif
+
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddFatalFailure();
+  }, "");
+}
+
+// Tests EXPECT_NONFATAL_FAILURE{,ON_ALL_THREADS}.
+
+typedef ScopedFakeTestPartResultReporterTest ExpectNonfatalFailureTest;
+
+TEST_F(ExpectNonfatalFailureTest, CatchesNonfatalFailure) {
+  EXPECT_NONFATAL_FAILURE(AddNonfatalFailure(),
+                          "Expected non-fatal failure.");
+}
+
+#if GTEST_HAS_GLOBAL_STRING
+TEST_F(ExpectNonfatalFailureTest, AcceptsStringObject) {
+  EXPECT_NONFATAL_FAILURE(AddNonfatalFailure(),
+                          ::string("Expected non-fatal failure."));
+}
+#endif
+
+TEST_F(ExpectNonfatalFailureTest, AcceptsStdStringObject) {
+  EXPECT_NONFATAL_FAILURE(AddNonfatalFailure(),
+                          ::std::string("Expected non-fatal failure."));
+}
+
+TEST_F(ExpectNonfatalFailureTest, CatchesNonfatalFailureOnAllThreads) {
+  // We have another test below to verify that the macro catches
+  // non-fatal failures generated on another thread.
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(AddNonfatalFailure(),
+                                         "Expected non-fatal failure.");
+}
+
+// Tests that the EXPECT_NONFATAL_FAILURE{,_ON_ALL_THREADS} accepts a
+// statement that contains a macro which expands to code containing an
+// unprotected comma.
+TEST_F(ExpectNonfatalFailureTest, AcceptsMacroThatExpandsToUnprotectedComma) {
+  EXPECT_NONFATAL_FAILURE({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddNonfatalFailure();
+  }, "");
+
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS({
+    GTEST_USE_UNPROTECTED_COMMA_;
+    AddNonfatalFailure();
+  }, "");
+}
+
+#if GTEST_IS_THREADSAFE
+
+typedef ScopedFakeTestPartResultReporterWithThreadsTest
+    ExpectFailureWithThreadsTest;
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectFatalFailureOnAllThreads) {
+  EXPECT_FATAL_FAILURE_ON_ALL_THREADS(AddFailureInOtherThread(FATAL_FAILURE),
+                                      "Expected fatal failure.");
+}
+
+TEST_F(ExpectFailureWithThreadsTest, ExpectNonFatalFailureOnAllThreads) {
+  EXPECT_NONFATAL_FAILURE_ON_ALL_THREADS(
+      AddFailureInOtherThread(NONFATAL_FAILURE), "Expected non-fatal failure.");
+}
+
+#endif  // GTEST_IS_THREADSAFE
+
+// Tests the TestProperty class.
+
+TEST(TestPropertyTest, ConstructorWorks) {
+  const TestProperty property("key", "value");
+  EXPECT_STREQ("key", property.key());
+  EXPECT_STREQ("value", property.value());
+}
+
+TEST(TestPropertyTest, SetValue) {
+  TestProperty property("key", "value_1");
+  EXPECT_STREQ("key", property.key());
+  property.SetValue("value_2");
+  EXPECT_STREQ("key", property.key());
+  EXPECT_STREQ("value_2", property.value());
+}
+
+// Tests the TestResult class
+
+// The test fixture for testing TestResult.
+class TestResultTest : public Test {
+ protected:
+  typedef std::vector<TestPartResult> TPRVector;
+
+  // We make use of 2 TestPartResult objects,
+  TestPartResult * pr1, * pr2;
+
+  // ... and 3 TestResult objects.
+  TestResult * r0, * r1, * r2;
+
+  virtual void SetUp() {
+    // pr1 is for success.
+    pr1 = new TestPartResult(TestPartResult::kSuccess,
+                             "foo/bar.cc",
+                             10,
+                             "Success!");
+
+    // pr2 is for fatal failure.
+    pr2 = new TestPartResult(TestPartResult::kFatalFailure,
+                             "foo/bar.cc",
+                             -1,  // This line number means "unknown"
+                             "Failure!");
+
+    // Creates the TestResult objects.
+    r0 = new TestResult();
+    r1 = new TestResult();
+    r2 = new TestResult();
+
+    // In order to test TestResult, we need to modify its internal
+    // state, in particular the TestPartResult vector it holds.
+    // test_part_results() returns a const reference to this vector.
+    // We cast it to a non-const object s.t. it can be modified (yes,
+    // this is a hack).
+    TPRVector* results1 = const_cast<TPRVector*>(
+        &TestResultAccessor::test_part_results(*r1));
+    TPRVector* results2 = const_cast<TPRVector*>(
+        &TestResultAccessor::test_part_results(*r2));
+
+    // r0 is an empty TestResult.
+
+    // r1 contains a single SUCCESS TestPartResult.
+    results1->push_back(*pr1);
+
+    // r2 contains a SUCCESS, and a FAILURE.
+    results2->push_back(*pr1);
+    results2->push_back(*pr2);
+  }
+
+  virtual void TearDown() {
+    delete pr1;
+    delete pr2;
+
+    delete r0;
+    delete r1;
+    delete r2;
+  }
+
+  // Helper that compares two two TestPartResults.
+  static void CompareTestPartResult(const TestPartResult& expected,
+                                    const TestPartResult& actual) {
+    EXPECT_EQ(expected.type(), actual.type());
+    EXPECT_STREQ(expected.file_name(), actual.file_name());
+    EXPECT_EQ(expected.line_number(), actual.line_number());
+    EXPECT_STREQ(expected.summary(), actual.summary());
+    EXPECT_STREQ(expected.message(), actual.message());
+    EXPECT_EQ(expected.passed(), actual.passed());
+    EXPECT_EQ(expected.failed(), actual.failed());
+    EXPECT_EQ(expected.nonfatally_failed(), actual.nonfatally_failed());
+    EXPECT_EQ(expected.fatally_failed(), actual.fatally_failed());
+  }
+};
+
+// Tests TestResult::total_part_count().
+TEST_F(TestResultTest, total_part_count) {
+  ASSERT_EQ(0, r0->total_part_count());
+  ASSERT_EQ(1, r1->total_part_count());
+  ASSERT_EQ(2, r2->total_part_count());
+}
+
+// Tests TestResult::Passed().
+TEST_F(TestResultTest, Passed) {
+  ASSERT_TRUE(r0->Passed());
+  ASSERT_TRUE(r1->Passed());
+  ASSERT_FALSE(r2->Passed());
+}
+
+// Tests TestResult::Failed().
+TEST_F(TestResultTest, Failed) {
+  ASSERT_FALSE(r0->Failed());
+  ASSERT_FALSE(r1->Failed());
+  ASSERT_TRUE(r2->Failed());
+}
+
+// Tests TestResult::GetTestPartResult().
+
+typedef TestResultTest TestResultDeathTest;
+
+TEST_F(TestResultDeathTest, GetTestPartResult) {
+  CompareTestPartResult(*pr1, r2->GetTestPartResult(0));
+  CompareTestPartResult(*pr2, r2->GetTestPartResult(1));
+  EXPECT_DEATH_IF_SUPPORTED(r2->GetTestPartResult(2), "");
+  EXPECT_DEATH_IF_SUPPORTED(r2->GetTestPartResult(-1), "");
+}
+
+// Tests TestResult has no properties when none are added.
+TEST(TestResultPropertyTest, NoPropertiesFoundWhenNoneAreAdded) {
+  TestResult test_result;
+  ASSERT_EQ(0, test_result.test_property_count());
+}
+
+// Tests TestResult has the expected property when added.
+TEST(TestResultPropertyTest, OnePropertyFoundWhenAdded) {
+  TestResult test_result;
+  TestProperty property("key_1", "1");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property);
+  ASSERT_EQ(1, test_result.test_property_count());
+  const TestProperty& actual_property = test_result.GetTestProperty(0);
+  EXPECT_STREQ("key_1", actual_property.key());
+  EXPECT_STREQ("1", actual_property.value());
+}
+
+// Tests TestResult has multiple properties when added.
+TEST(TestResultPropertyTest, MultiplePropertiesFoundWhenAdded) {
+  TestResult test_result;
+  TestProperty property_1("key_1", "1");
+  TestProperty property_2("key_2", "2");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2);
+  ASSERT_EQ(2, test_result.test_property_count());
+  const TestProperty& actual_property_1 = test_result.GetTestProperty(0);
+  EXPECT_STREQ("key_1", actual_property_1.key());
+  EXPECT_STREQ("1", actual_property_1.value());
+
+  const TestProperty& actual_property_2 = test_result.GetTestProperty(1);
+  EXPECT_STREQ("key_2", actual_property_2.key());
+  EXPECT_STREQ("2", actual_property_2.value());
+}
+
+// Tests TestResult::RecordProperty() overrides values for duplicate keys.
+TEST(TestResultPropertyTest, OverridesValuesForDuplicateKeys) {
+  TestResult test_result;
+  TestProperty property_1_1("key_1", "1");
+  TestProperty property_2_1("key_2", "2");
+  TestProperty property_1_2("key_1", "12");
+  TestProperty property_2_2("key_2", "22");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1_2);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2_2);
+
+  ASSERT_EQ(2, test_result.test_property_count());
+  const TestProperty& actual_property_1 = test_result.GetTestProperty(0);
+  EXPECT_STREQ("key_1", actual_property_1.key());
+  EXPECT_STREQ("12", actual_property_1.value());
+
+  const TestProperty& actual_property_2 = test_result.GetTestProperty(1);
+  EXPECT_STREQ("key_2", actual_property_2.key());
+  EXPECT_STREQ("22", actual_property_2.value());
+}
+
+// Tests TestResult::GetTestProperty().
+TEST(TestResultPropertyTest, GetTestProperty) {
+  TestResult test_result;
+  TestProperty property_1("key_1", "1");
+  TestProperty property_2("key_2", "2");
+  TestProperty property_3("key_3", "3");
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_1);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_2);
+  TestResultAccessor::RecordProperty(&test_result, "testcase", property_3);
+
+  const TestProperty& fetched_property_1 = test_result.GetTestProperty(0);
+  const TestProperty& fetched_property_2 = test_result.GetTestProperty(1);
+  const TestProperty& fetched_property_3 = test_result.GetTestProperty(2);
+
+  EXPECT_STREQ("key_1", fetched_property_1.key());
+  EXPECT_STREQ("1", fetched_property_1.value());
+
+  EXPECT_STREQ("key_2", fetched_property_2.key());
+  EXPECT_STREQ("2", fetched_property_2.value());
+
+  EXPECT_STREQ("key_3", fetched_property_3.key());
+  EXPECT_STREQ("3", fetched_property_3.value());
+
+  EXPECT_DEATH_IF_SUPPORTED(test_result.GetTestProperty(3), "");
+  EXPECT_DEATH_IF_SUPPORTED(test_result.GetTestProperty(-1), "");
+}
+
+// Tests that GTestFlagSaver works on Windows and Mac.
+
+class GTestFlagSaverTest : public Test {
+ protected:
+  // Saves the Google Test flags such that we can restore them later, and
+  // then sets them to their default values.  This will be called
+  // before the first test in this test case is run.
+  static void SetUpTestCase() {
+    saver_ = new GTestFlagSaver;
+
+    GTEST_FLAG(also_run_disabled_tests) = false;
+    GTEST_FLAG(break_on_failure) = false;
+    GTEST_FLAG(catch_exceptions) = false;
+    GTEST_FLAG(death_test_use_fork) = false;
+    GTEST_FLAG(color) = "auto";
+    GTEST_FLAG(filter) = "";
+    GTEST_FLAG(list_tests) = false;
+    GTEST_FLAG(output) = "";
+    GTEST_FLAG(print_time) = true;
+    GTEST_FLAG(random_seed) = 0;
+    GTEST_FLAG(repeat) = 1;
+    GTEST_FLAG(shuffle) = false;
+    GTEST_FLAG(stack_trace_depth) = kMaxStackTraceDepth;
+    GTEST_FLAG(stream_result_to) = "";
+    GTEST_FLAG(throw_on_failure) = false;
+  }
+
+  // Restores the Google Test flags that the tests have modified.  This will
+  // be called after the last test in this test case is run.
+  static void TearDownTestCase() {
+    delete saver_;
+    saver_ = NULL;
+  }
+
+  // Verifies that the Google Test flags have their default values, and then
+  // modifies each of them.
+  void VerifyAndModifyFlags() {
+    EXPECT_FALSE(GTEST_FLAG(also_run_disabled_tests));
+    EXPECT_FALSE(GTEST_FLAG(break_on_failure));
+    EXPECT_FALSE(GTEST_FLAG(catch_exceptions));
+    EXPECT_STREQ("auto", GTEST_FLAG(color).c_str());
+    EXPECT_FALSE(GTEST_FLAG(death_test_use_fork));
+    EXPECT_STREQ("", GTEST_FLAG(filter).c_str());
+    EXPECT_FALSE(GTEST_FLAG(list_tests));
+    EXPECT_STREQ("", GTEST_FLAG(output).c_str());
+    EXPECT_TRUE(GTEST_FLAG(print_time));
+    EXPECT_EQ(0, GTEST_FLAG(random_seed));
+    EXPECT_EQ(1, GTEST_FLAG(repeat));
+    EXPECT_FALSE(GTEST_FLAG(shuffle));
+    EXPECT_EQ(kMaxStackTraceDepth, GTEST_FLAG(stack_trace_depth));
+    EXPECT_STREQ("", GTEST_FLAG(stream_result_to).c_str());
+    EXPECT_FALSE(GTEST_FLAG(throw_on_failure));
+
+    GTEST_FLAG(also_run_disabled_tests) = true;
+    GTEST_FLAG(break_on_failure) = true;
+    GTEST_FLAG(catch_exceptions) = true;
+    GTEST_FLAG(color) = "no";
+    GTEST_FLAG(death_test_use_fork) = true;
+    GTEST_FLAG(filter) = "abc";
+    GTEST_FLAG(list_tests) = true;
+    GTEST_FLAG(output) = "xml:foo.xml";
+    GTEST_FLAG(print_time) = false;
+    GTEST_FLAG(random_seed) = 1;
+    GTEST_FLAG(repeat) = 100;
+    GTEST_FLAG(shuffle) = true;
+    GTEST_FLAG(stack_trace_depth) = 1;
+    GTEST_FLAG(stream_result_to) = "localhost:1234";
+    GTEST_FLAG(throw_on_failure) = true;
+  }
+
+ private:
+  // For saving Google Test flags during this test case.
+  static GTestFlagSaver* saver_;
+};
+
+GTestFlagSaver* GTestFlagSaverTest::saver_ = NULL;
+
+// Google Test doesn't guarantee the order of tests.  The following two
+// tests are designed to work regardless of their order.
+
+// Modifies the Google Test flags in the test body.
+TEST_F(GTestFlagSaverTest, ModifyGTestFlags) {
+  VerifyAndModifyFlags();
+}
+
+// Verifies that the Google Test flags in the body of the previous test were
+// restored to their original values.
+TEST_F(GTestFlagSaverTest, VerifyGTestFlags) {
+  VerifyAndModifyFlags();
+}
+
+// Sets an environment variable with the given name to the given
+// value.  If the value argument is "", unsets the environment
+// variable.  The caller must ensure that both arguments are not NULL.
+static void SetEnv(const char* name, const char* value) {
+#if GTEST_OS_WINDOWS_MOBILE
+  // Environment variables are not supported on Windows CE.
+  return;
+#elif defined(__BORLANDC__) || defined(__SunOS_5_8) || defined(__SunOS_5_9)
+  // C++Builder's putenv only stores a pointer to its parameter; we have to
+  // ensure that the string remains valid as long as it might be needed.
+  // We use an std::map to do so.
+  static std::map<std::string, std::string*> added_env;
+
+  // Because putenv stores a pointer to the string buffer, we can't delete the
+  // previous string (if present) until after it's replaced.
+  std::string *prev_env = NULL;
+  if (added_env.find(name) != added_env.end()) {
+    prev_env = added_env[name];
+  }
+  added_env[name] = new std::string(
+      (Message() << name << "=" << value).GetString());
+
+  // The standard signature of putenv accepts a 'char*' argument. Other
+  // implementations, like C++Builder's, accept a 'const char*'.
+  // We cast away the 'const' since that would work for both variants.
+  putenv(const_cast<char*>(added_env[name]->c_str()));
+  delete prev_env;
+#elif GTEST_OS_WINDOWS  // If we are on Windows proper.
+  _putenv((Message() << name << "=" << value).GetString().c_str());
+#else
+  if (*value == '\0') {
+    unsetenv(name);
+  } else {
+    setenv(name, value, 1);
+  }
+#endif  // GTEST_OS_WINDOWS_MOBILE
+}
+
+#if !GTEST_OS_WINDOWS_MOBILE
+// Environment variables are not supported on Windows CE.
+
+using testing::internal::Int32FromGTestEnv;
+
+// Tests Int32FromGTestEnv().
+
+// Tests that Int32FromGTestEnv() returns the default value when the
+// environment variable is not set.
+TEST(Int32FromGTestEnvTest, ReturnsDefaultWhenVariableIsNotSet) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "");
+  EXPECT_EQ(10, Int32FromGTestEnv("temp", 10));
+}
+
+// Tests that Int32FromGTestEnv() returns the default value when the
+// environment variable overflows as an Int32.
+TEST(Int32FromGTestEnvTest, ReturnsDefaultWhenValueOverflows) {
+  printf("(expecting 2 warnings)\n");
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "12345678987654321");
+  EXPECT_EQ(20, Int32FromGTestEnv("temp", 20));
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "-12345678987654321");
+  EXPECT_EQ(30, Int32FromGTestEnv("temp", 30));
+}
+
+// Tests that Int32FromGTestEnv() returns the default value when the
+// environment variable does not represent a valid decimal integer.
+TEST(Int32FromGTestEnvTest, ReturnsDefaultWhenValueIsInvalid) {
+  printf("(expecting 2 warnings)\n");
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "A1");
+  EXPECT_EQ(40, Int32FromGTestEnv("temp", 40));
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "12X");
+  EXPECT_EQ(50, Int32FromGTestEnv("temp", 50));
+}
+
+// Tests that Int32FromGTestEnv() parses and returns the value of the
+// environment variable when it represents a valid decimal integer in
+// the range of an Int32.
+TEST(Int32FromGTestEnvTest, ParsesAndReturnsValidValue) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "123");
+  EXPECT_EQ(123, Int32FromGTestEnv("temp", 0));
+
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "TEMP", "-321");
+  EXPECT_EQ(-321, Int32FromGTestEnv("temp", 0));
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+// Tests ParseInt32Flag().
+
+// Tests that ParseInt32Flag() returns false and doesn't change the
+// output value when the flag has wrong format
+TEST(ParseInt32FlagTest, ReturnsFalseForInvalidFlag) {
+  Int32 value = 123;
+  EXPECT_FALSE(ParseInt32Flag("--a=100", "b", &value));
+  EXPECT_EQ(123, value);
+
+  EXPECT_FALSE(ParseInt32Flag("a=100", "a", &value));
+  EXPECT_EQ(123, value);
+}
+
+// Tests that ParseInt32Flag() returns false and doesn't change the
+// output value when the flag overflows as an Int32.
+TEST(ParseInt32FlagTest, ReturnsDefaultWhenValueOverflows) {
+  printf("(expecting 2 warnings)\n");
+
+  Int32 value = 123;
+  EXPECT_FALSE(ParseInt32Flag("--abc=12345678987654321", "abc", &value));
+  EXPECT_EQ(123, value);
+
+  EXPECT_FALSE(ParseInt32Flag("--abc=-12345678987654321", "abc", &value));
+  EXPECT_EQ(123, value);
+}
+
+// Tests that ParseInt32Flag() returns false and doesn't change the
+// output value when the flag does not represent a valid decimal
+// integer.
+TEST(ParseInt32FlagTest, ReturnsDefaultWhenValueIsInvalid) {
+  printf("(expecting 2 warnings)\n");
+
+  Int32 value = 123;
+  EXPECT_FALSE(ParseInt32Flag("--abc=A1", "abc", &value));
+  EXPECT_EQ(123, value);
+
+  EXPECT_FALSE(ParseInt32Flag("--abc=12X", "abc", &value));
+  EXPECT_EQ(123, value);
+}
+
+// Tests that ParseInt32Flag() parses the value of the flag and
+// returns true when the flag represents a valid decimal integer in
+// the range of an Int32.
+TEST(ParseInt32FlagTest, ParsesAndReturnsValidValue) {
+  Int32 value = 123;
+  EXPECT_TRUE(ParseInt32Flag("--" GTEST_FLAG_PREFIX_ "abc=456", "abc", &value));
+  EXPECT_EQ(456, value);
+
+  EXPECT_TRUE(ParseInt32Flag("--" GTEST_FLAG_PREFIX_ "abc=-789",
+                             "abc", &value));
+  EXPECT_EQ(-789, value);
+}
+
+// Tests that Int32FromEnvOrDie() parses the value of the var or
+// returns the correct default.
+// Environment variables are not supported on Windows CE.
+#if !GTEST_OS_WINDOWS_MOBILE
+TEST(Int32FromEnvOrDieTest, ParsesAndReturnsValidValue) {
+  EXPECT_EQ(333, Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", 333));
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", "123");
+  EXPECT_EQ(123, Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", 333));
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", "-123");
+  EXPECT_EQ(-123, Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "UnsetVar", 333));
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+// Tests that Int32FromEnvOrDie() aborts with an error message
+// if the variable is not an Int32.
+TEST(Int32FromEnvOrDieDeathTest, AbortsOnFailure) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "VAR", "xxx");
+  EXPECT_DEATH_IF_SUPPORTED(
+      Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "VAR", 123),
+      ".*");
+}
+
+// Tests that Int32FromEnvOrDie() aborts with an error message
+// if the variable cannot be represnted by an Int32.
+TEST(Int32FromEnvOrDieDeathTest, AbortsOnInt32Overflow) {
+  SetEnv(GTEST_FLAG_PREFIX_UPPER_ "VAR", "1234567891234567891234");
+  EXPECT_DEATH_IF_SUPPORTED(
+      Int32FromEnvOrDie(GTEST_FLAG_PREFIX_UPPER_ "VAR", 123),
+      ".*");
+}
+
+// Tests that ShouldRunTestOnShard() selects all tests
+// where there is 1 shard.
+TEST(ShouldRunTestOnShardTest, IsPartitionWhenThereIsOneShard) {
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 0));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 1));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 2));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 3));
+  EXPECT_TRUE(ShouldRunTestOnShard(1, 0, 4));
+}
+
+class ShouldShardTest : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    index_var_ = GTEST_FLAG_PREFIX_UPPER_ "INDEX";
+    total_var_ = GTEST_FLAG_PREFIX_UPPER_ "TOTAL";
+  }
+
+  virtual void TearDown() {
+    SetEnv(index_var_, "");
+    SetEnv(total_var_, "");
+  }
+
+  const char* index_var_;
+  const char* total_var_;
+};
+
+// Tests that sharding is disabled if neither of the environment variables
+// are set.
+TEST_F(ShouldShardTest, ReturnsFalseWhenNeitherEnvVarIsSet) {
+  SetEnv(index_var_, "");
+  SetEnv(total_var_, "");
+
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+}
+
+// Tests that sharding is not enabled if total_shards  == 1.
+TEST_F(ShouldShardTest, ReturnsFalseWhenTotalShardIsOne) {
+  SetEnv(index_var_, "0");
+  SetEnv(total_var_, "1");
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+}
+
+// Tests that sharding is enabled if total_shards > 1 and
+// we are not in a death test subprocess.
+// Environment variables are not supported on Windows CE.
+#if !GTEST_OS_WINDOWS_MOBILE
+TEST_F(ShouldShardTest, WorksWhenShardEnvVarsAreValid) {
+  SetEnv(index_var_, "4");
+  SetEnv(total_var_, "22");
+  EXPECT_TRUE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+
+  SetEnv(index_var_, "8");
+  SetEnv(total_var_, "9");
+  EXPECT_TRUE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+
+  SetEnv(index_var_, "0");
+  SetEnv(total_var_, "9");
+  EXPECT_TRUE(ShouldShard(total_var_, index_var_, false));
+  EXPECT_FALSE(ShouldShard(total_var_, index_var_, true));
+}
+#endif  // !GTEST_OS_WINDOWS_MOBILE
+
+// Tests that we exit in error if the sharding values are not valid.
+
+typedef ShouldShardTest ShouldShardDeathTest;
+
+TEST_F(ShouldShardDeathTest, AbortsWhenShardingEnvVarsAreInvalid) {
+  SetEnv(index_var_, "4");
+  SetEnv(total_var_, "4");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+
+  SetEnv(index_var_, "4");
+  SetEnv(total_var_, "-2");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+
+  SetEnv(index_var_, "5");
+  SetEnv(total_var_, "");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+
+  SetEnv(index_var_, "");
+  SetEnv(total_var_, "5");
+  EXPECT_DEATH_IF_SUPPORTED(ShouldShard(total_var_, index_var_, false), ".*");
+}
+
+// Tests that ShouldRunTestOnShard is a partition when 5
+// shards are used.
+TEST(ShouldRunTestOnShardTest, IsPartitionWhenThereAreFiveShards) {
+  // Choose an arbitrary number of tests and shards.
+  const int num_tests = 17;
+  const int num_shards = 5;
+
+  // Check partitioning: each test should be on exactly 1 shard.
+  for (int test_id = 0; test_id < num_tests; test_id++) {
+    int prev_selected_shard_index = -1;
+    for (int shard_index = 0; shard_index < num_shards; shard_index++) {
+      if (ShouldRunTestOnShard(num_shards, shard_index, test_id)) {
+        if (prev_selected_shard_index < 0) {
+          prev_selected_shard_index = shard_index;
+        } else {
+          ADD_FAILURE() << "Shard " << prev_selected_shard_index << " and "
+            << shard_index << " are both selected to run test " << test_id;
+        }
+      }
+    }
+  }
+
+  // Check balance: This is not required by the sharding protocol, but is a
+  // desirable property for performance.
+  for (int shard_index = 0; shard_index < num_shards; shard_index++) {
+    int num_tests_on_shard = 0;
+    for (int test_id = 0; test_id < num_tests; test_id++) {
+      num_tests_on_shard +=
+        ShouldRunTestOnShard(num_shards, shard_index, test_id);
+    }
+    EXPECT_GE(num_tests_on_shard, num_tests / num_shards);
+  }
+}
+
+// For the same reason we are not explicitly testing everything in the
+// Test class, there are no separate tests for the following classes
+// (except for some trivial cases):
+//
+//   TestCase, UnitTest, UnitTestResultPrinter.
+//
+// Similarly, there are no separate tests for the following macros:
+//
+//   TEST, TEST_F, RUN_ALL_TESTS
+
+TEST(UnitTestTest, CanGetOriginalWorkingDir) {
+  ASSERT_TRUE(UnitTest::GetInstance()->original_working_dir() != NULL);
+  EXPECT_STRNE(UnitTest::GetInstance()->original_working_dir(), "");
+}
+
+TEST(UnitTestTest, ReturnsPlausibleTimestamp) {
+  EXPECT_LT(0, UnitTest::GetInstance()->start_timestamp());
+  EXPECT_LE(UnitTest::GetInstance()->start_timestamp(), GetTimeInMillis());
+}
+
+// When a property using a reserved key is supplied to this function, it
+// tests that a non-fatal failure is added, a fatal failure is not added,
+// and that the property is not recorded.
+void ExpectNonFatalFailureRecordingPropertyWithReservedKey(
+    const TestResult& test_result, const char* key) {
+  EXPECT_NONFATAL_FAILURE(Test::RecordProperty(key, "1"), "Reserved key");
+  ASSERT_EQ(0, test_result.test_property_count()) << "Property for key '" << key
+                                                  << "' recorded unexpectedly.";
+}
+
+void ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+    const char* key) {
+  const TestInfo* test_info = UnitTest::GetInstance()->current_test_info();
+  ASSERT_TRUE(test_info != NULL);
+  ExpectNonFatalFailureRecordingPropertyWithReservedKey(*test_info->result(),
+                                                        key);
+}
+
+void ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+    const char* key) {
+  const TestCase* test_case = UnitTest::GetInstance()->current_test_case();
+  ASSERT_TRUE(test_case != NULL);
+  ExpectNonFatalFailureRecordingPropertyWithReservedKey(
+      test_case->ad_hoc_test_result(), key);
+}
+
+void ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+    const char* key) {
+  ExpectNonFatalFailureRecordingPropertyWithReservedKey(
+      UnitTest::GetInstance()->ad_hoc_test_result(), key);
+}
+
+// Tests that property recording functions in UnitTest outside of tests
+// functions correcly.  Creating a separate instance of UnitTest ensures it
+// is in a state similar to the UnitTest's singleton's between tests.
+class UnitTestRecordPropertyTest :
+    public testing::internal::UnitTestRecordPropertyTestHelper {
+ public:
+  static void SetUpTestCase() {
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "disabled");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "errors");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "failures");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "name");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "tests");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTestCase(
+        "time");
+
+    Test::RecordProperty("test_case_key_1", "1");
+    const TestCase* test_case = UnitTest::GetInstance()->current_test_case();
+    ASSERT_TRUE(test_case != NULL);
+
+    ASSERT_EQ(1, test_case->ad_hoc_test_result().test_property_count());
+    EXPECT_STREQ("test_case_key_1",
+                 test_case->ad_hoc_test_result().GetTestProperty(0).key());
+    EXPECT_STREQ("1",
+                 test_case->ad_hoc_test_result().GetTestProperty(0).value());
+  }
+};
+
+// Tests TestResult has the expected property when added.
+TEST_F(UnitTestRecordPropertyTest, OnePropertyFoundWhenAdded) {
+  UnitTestRecordProperty("key_1", "1");
+
+  ASSERT_EQ(1, unit_test_.ad_hoc_test_result().test_property_count());
+
+  EXPECT_STREQ("key_1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).key());
+  EXPECT_STREQ("1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).value());
+}
+
+// Tests TestResult has multiple properties when added.
+TEST_F(UnitTestRecordPropertyTest, MultiplePropertiesFoundWhenAdded) {
+  UnitTestRecordProperty("key_1", "1");
+  UnitTestRecordProperty("key_2", "2");
+
+  ASSERT_EQ(2, unit_test_.ad_hoc_test_result().test_property_count());
+
+  EXPECT_STREQ("key_1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).key());
+  EXPECT_STREQ("1", unit_test_.ad_hoc_test_result().GetTestProperty(0).value());
+
+  EXPECT_STREQ("key_2",
+               unit_test_.ad_hoc_test_result().GetTestProperty(1).key());
+  EXPECT_STREQ("2", unit_test_.ad_hoc_test_result().GetTestProperty(1).value());
+}
+
+// Tests TestResult::RecordProperty() overrides values for duplicate keys.
+TEST_F(UnitTestRecordPropertyTest, OverridesValuesForDuplicateKeys) {
+  UnitTestRecordProperty("key_1", "1");
+  UnitTestRecordProperty("key_2", "2");
+  UnitTestRecordProperty("key_1", "12");
+  UnitTestRecordProperty("key_2", "22");
+
+  ASSERT_EQ(2, unit_test_.ad_hoc_test_result().test_property_count());
+
+  EXPECT_STREQ("key_1",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).key());
+  EXPECT_STREQ("12",
+               unit_test_.ad_hoc_test_result().GetTestProperty(0).value());
+
+  EXPECT_STREQ("key_2",
+               unit_test_.ad_hoc_test_result().GetTestProperty(1).key());
+  EXPECT_STREQ("22",
+               unit_test_.ad_hoc_test_result().GetTestProperty(1).value());
+}
+
+TEST_F(UnitTestRecordPropertyTest,
+       AddFailureInsideTestsWhenUsingTestCaseReservedKeys) {
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "name");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "value_param");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "type_param");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "status");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "time");
+  ExpectNonFatalFailureRecordingPropertyWithReservedKeyForCurrentTest(
+      "classname");
+}
+
+TEST_F(UnitTestRecordPropertyTest,
+       AddRecordWithReservedKeysGeneratesCorrectPropertyList) {
+  EXPECT_NONFATAL_FAILURE(
+      Test::RecordProperty("name", "1"),
+      "'classname', 'name', 'status', 'time', 'type_param', and 'value_param'"
+      " are reserved");
+}
+
+class UnitTestRecordPropertyTestEnvironment : public Environment {
+ public:
+  virtual void TearDown() {
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "tests");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "failures");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "disabled");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "errors");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "name");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "timestamp");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "time");
+    ExpectNonFatalFailureRecordingPropertyWithReservedKeyOutsideOfTestCase(
+        "random_seed");
+  }
+};
+
+// This will test property recording outside of any test or test case.
+static Environment* record_property_env =
+    AddGlobalTestEnvironment(new UnitTestRecordPropertyTestEnvironment);
+
+// This group of tests is for predicate assertions (ASSERT_PRED*, etc)
+// of various arities.  They do not attempt to be exhaustive.  Rather,
+// view them as smoke tests that can be easily reviewed and verified.
+// A more complete set of tests for predicate assertions can be found
+// in gtest_pred_impl_unittest.cc.
+
+// First, some predicates and predicate-formatters needed by the tests.
+
+// Returns true iff the argument is an even number.
+bool IsEven(int n) {
+  return (n % 2) == 0;
+}
+
+// A functor that returns true iff the argument is an even number.
+struct IsEvenFunctor {
+  bool operator()(int n) { return IsEven(n); }
+};
+
+// A predicate-formatter function that asserts the argument is an even
+// number.
+AssertionResult AssertIsEven(const char* expr, int n) {
+  if (IsEven(n)) {
+    return AssertionSuccess();
+  }
+
+  Message msg;
+  msg << expr << " evaluates to " << n << ", which is not even.";
+  return AssertionFailure(msg);
+}
+
+// A predicate function that returns AssertionResult for use in
+// EXPECT/ASSERT_TRUE/FALSE.
+AssertionResult ResultIsEven(int n) {
+  if (IsEven(n))
+    return AssertionSuccess() << n << " is even";
+  else
+    return AssertionFailure() << n << " is odd";
+}
+
+// A predicate function that returns AssertionResult but gives no
+// explanation why it succeeds. Needed for testing that
+// EXPECT/ASSERT_FALSE handles such functions correctly.
+AssertionResult ResultIsEvenNoExplanation(int n) {
+  if (IsEven(n))
+    return AssertionSuccess();
+  else
+    return AssertionFailure() << n << " is odd";
+}
+
+// A predicate-formatter functor that asserts the argument is an even
+// number.
+struct AssertIsEvenFunctor {
+  AssertionResult operator()(const char* expr, int n) {
+    return AssertIsEven(expr, n);
+  }
+};
+
+// Returns true iff the sum of the arguments is an even number.
+bool SumIsEven2(int n1, int n2) {
+  return IsEven(n1 + n2);
+}
+
+// A functor that returns true iff the sum of the arguments is an even
+// number.
+struct SumIsEven3Functor {
+  bool operator()(int n1, int n2, int n3) {
+    return IsEven(n1 + n2 + n3);
+  }
+};
+
+// A predicate-formatter function that asserts the sum of the
+// arguments is an even number.
+AssertionResult AssertSumIsEven4(
+    const char* e1, const char* e2, const char* e3, const char* e4,
+    int n1, int n2, int n3, int n4) {
+  const int sum = n1 + n2 + n3 + n4;
+  if (IsEven(sum)) {
+    return AssertionSuccess();
+  }
+
+  Message msg;
+  msg << e1 << " + " << e2 << " + " << e3 << " + " << e4
+      << " (" << n1 << " + " << n2 << " + " << n3 << " + " << n4
+      << ") evaluates to " << sum << ", which is not even.";
+  return AssertionFailure(msg);
+}
+
+// A predicate-formatter functor that asserts the sum of the arguments
+// is an even number.
+struct AssertSumIsEven5Functor {
+  AssertionResult operator()(
+      const char* e1, const char* e2, const char* e3, const char* e4,
+      const char* e5, int n1, int n2, int n3, int n4, int n5) {
+    const int sum = n1 + n2 + n3 + n4 + n5;
+    if (IsEven(sum)) {
+      return AssertionSuccess();
+    }
+
+    Message msg;
+    msg << e1 << " + " << e2 << " + " << e3 << " + " << e4 << " + " << e5
+        << " ("
+        << n1 << " + " << n2 << " + " << n3 << " + " << n4 << " + " << n5
+        << ") evaluates to " << sum << ", which is not even.";
+    return AssertionFailure(msg);
+  }
+};
+
+
+// Tests unary predicate assertions.
+
+// Tests unary predicate assertions that don't use a custom formatter.
+TEST(Pred1Test, WithoutFormat) {
+  // Success cases.
+  EXPECT_PRED1(IsEvenFunctor(), 2) << "This failure is UNEXPECTED!";
+  ASSERT_PRED1(IsEven, 4);
+
+  // Failure cases.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED1(IsEven, 5) << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_FATAL_FAILURE(ASSERT_PRED1(IsEvenFunctor(), 5),
+                       "evaluates to false");
+}
+
+// Tests unary predicate assertions that use a custom formatter.
+TEST(Pred1Test, WithFormat) {
+  // Success cases.
+  EXPECT_PRED_FORMAT1(AssertIsEven, 2);
+  ASSERT_PRED_FORMAT1(AssertIsEvenFunctor(), 4)
+    << "This failure is UNEXPECTED!";
+
+  // Failure cases.
+  const int n = 5;
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED_FORMAT1(AssertIsEvenFunctor(), n),
+                          "n evaluates to 5, which is not even.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(AssertIsEven, 5) << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+// Tests that unary predicate assertions evaluates their arguments
+// exactly once.
+TEST(Pred1Test, SingleEvaluationOnFailure) {
+  // A success case.
+  static int n = 0;
+  EXPECT_PRED1(IsEven, n++);
+  EXPECT_EQ(1, n) << "The argument is not evaluated exactly once.";
+
+  // A failure case.
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT1(AssertIsEvenFunctor(), n++)
+        << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_EQ(2, n) << "The argument is not evaluated exactly once.";
+}
+
+
+// Tests predicate assertions whose arity is >= 2.
+
+// Tests predicate assertions that don't use a custom formatter.
+TEST(PredTest, WithoutFormat) {
+  // Success cases.
+  ASSERT_PRED2(SumIsEven2, 2, 4) << "This failure is UNEXPECTED!";
+  EXPECT_PRED3(SumIsEven3Functor(), 4, 6, 8);
+
+  // Failure cases.
+  const int n1 = 1;
+  const int n2 = 2;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED2(SumIsEven2, n1, n2) << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED3(SumIsEven3Functor(), 1, 2, 4);
+  }, "evaluates to false");
+}
+
+// Tests predicate assertions that use a custom formatter.
+TEST(PredTest, WithFormat) {
+  // Success cases.
+  ASSERT_PRED_FORMAT4(AssertSumIsEven4, 4, 6, 8, 10) <<
+    "This failure is UNEXPECTED!";
+  EXPECT_PRED_FORMAT5(AssertSumIsEven5Functor(), 2, 4, 6, 8, 10);
+
+  // Failure cases.
+  const int n1 = 1;
+  const int n2 = 2;
+  const int n3 = 4;
+  const int n4 = 6;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(AssertSumIsEven4, n1, n2, n3, n4);
+  }, "evaluates to 13, which is not even.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT5(AssertSumIsEven5Functor(), 1, 2, 4, 6, 8)
+        << "This failure is expected.";
+  }, "This failure is expected.");
+}
+
+// Tests that predicate assertions evaluates their arguments
+// exactly once.
+TEST(PredTest, SingleEvaluationOnFailure) {
+  // A success case.
+  int n1 = 0;
+  int n2 = 0;
+  EXPECT_PRED2(SumIsEven2, n1++, n2++);
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+
+  // Another success case.
+  n1 = n2 = 0;
+  int n3 = 0;
+  int n4 = 0;
+  int n5 = 0;
+  ASSERT_PRED_FORMAT5(AssertSumIsEven5Functor(),
+                      n1++, n2++, n3++, n4++, n5++)
+                        << "This failure is UNEXPECTED!";
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+  EXPECT_EQ(1, n3) << "Argument 3 is not evaluated exactly once.";
+  EXPECT_EQ(1, n4) << "Argument 4 is not evaluated exactly once.";
+  EXPECT_EQ(1, n5) << "Argument 5 is not evaluated exactly once.";
+
+  // A failure case.
+  n1 = n2 = n3 = 0;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED3(SumIsEven3Functor(), ++n1, n2++, n3++)
+        << "This failure is expected.";
+  }, "This failure is expected.");
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+  EXPECT_EQ(1, n3) << "Argument 3 is not evaluated exactly once.";
+
+  // Another failure case.
+  n1 = n2 = n3 = n4 = 0;
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT4(AssertSumIsEven4, ++n1, n2++, n3++, n4++);
+  }, "evaluates to 1, which is not even.");
+  EXPECT_EQ(1, n1) << "Argument 1 is not evaluated exactly once.";
+  EXPECT_EQ(1, n2) << "Argument 2 is not evaluated exactly once.";
+  EXPECT_EQ(1, n3) << "Argument 3 is not evaluated exactly once.";
+  EXPECT_EQ(1, n4) << "Argument 4 is not evaluated exactly once.";
+}
+
+
+// Some helper functions for testing using overloaded/template
+// functions with ASSERT_PREDn and EXPECT_PREDn.
+
+bool IsPositive(double x) {
+  return x > 0;
+}
+
+template <typename T>
+bool IsNegative(T x) {
+  return x < 0;
+}
+
+template <typename T1, typename T2>
+bool GreaterThan(T1 x1, T2 x2) {
+  return x1 > x2;
+}
+
+// Tests that overloaded functions can be used in *_PRED* as long as
+// their types are explicitly specified.
+TEST(PredicateAssertionTest, AcceptsOverloadedFunction) {
+  // C++Builder requires C-style casts rather than static_cast.
+  EXPECT_PRED1((bool (*)(int))(IsPositive), 5);  // NOLINT
+  ASSERT_PRED1((bool (*)(double))(IsPositive), 6.0);  // NOLINT
+}
+
+// Tests that template functions can be used in *_PRED* as long as
+// their types are explicitly specified.
+TEST(PredicateAssertionTest, AcceptsTemplateFunction) {
+  EXPECT_PRED1(IsNegative<int>, -5);
+  // Makes sure that we can handle templates with more than one
+  // parameter.
+  ASSERT_PRED2((GreaterThan<int, int>), 5, 0);
+}
+
+
+// Some helper functions for testing using overloaded/template
+// functions with ASSERT_PRED_FORMATn and EXPECT_PRED_FORMATn.
+
+AssertionResult IsPositiveFormat(const char* /* expr */, int n) {
+  return n > 0 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+AssertionResult IsPositiveFormat(const char* /* expr */, double x) {
+  return x > 0 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+template <typename T>
+AssertionResult IsNegativeFormat(const char* /* expr */, T x) {
+  return x < 0 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+template <typename T1, typename T2>
+AssertionResult EqualsFormat(const char* /* expr1 */, const char* /* expr2 */,
+                             const T1& x1, const T2& x2) {
+  return x1 == x2 ? AssertionSuccess() :
+      AssertionFailure(Message() << "Failure");
+}
+
+// Tests that overloaded functions can be used in *_PRED_FORMAT*
+// without explicitly specifying their types.
+TEST(PredicateFormatAssertionTest, AcceptsOverloadedFunction) {
+  EXPECT_PRED_FORMAT1(IsPositiveFormat, 5);
+  ASSERT_PRED_FORMAT1(IsPositiveFormat, 6.0);
+}
+
+// Tests that template functions can be used in *_PRED_FORMAT* without
+// explicitly specifying their types.
+TEST(PredicateFormatAssertionTest, AcceptsTemplateFunction) {
+  EXPECT_PRED_FORMAT1(IsNegativeFormat, -5);
+  ASSERT_PRED_FORMAT2(EqualsFormat, 3, 3);
+}
+
+
+// Tests string assertions.
+
+// Tests ASSERT_STREQ with non-NULL arguments.
+TEST(StringAssertionTest, ASSERT_STREQ) {
+  const char * const p1 = "good";
+  ASSERT_STREQ(p1, p1);
+
+  // Let p2 have the same content as p1, but be at a different address.
+  const char p2[] = "good";
+  ASSERT_STREQ(p1, p2);
+
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ("bad", "good"),
+                       "Expected: \"bad\"");
+}
+
+// Tests ASSERT_STREQ with NULL arguments.
+TEST(StringAssertionTest, ASSERT_STREQ_Null) {
+  ASSERT_STREQ(static_cast<const char *>(NULL), NULL);
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ(NULL, "non-null"),
+                       "non-null");
+}
+
+// Tests ASSERT_STREQ with NULL arguments.
+TEST(StringAssertionTest, ASSERT_STREQ_Null2) {
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ("non-null", NULL),
+                       "non-null");
+}
+
+// Tests ASSERT_STRNE.
+TEST(StringAssertionTest, ASSERT_STRNE) {
+  ASSERT_STRNE("hi", "Hi");
+  ASSERT_STRNE("Hi", NULL);
+  ASSERT_STRNE(NULL, "Hi");
+  ASSERT_STRNE("", NULL);
+  ASSERT_STRNE(NULL, "");
+  ASSERT_STRNE("", "Hi");
+  ASSERT_STRNE("Hi", "");
+  EXPECT_FATAL_FAILURE(ASSERT_STRNE("Hi", "Hi"),
+                       "\"Hi\" vs \"Hi\"");
+}
+
+// Tests ASSERT_STRCASEEQ.
+TEST(StringAssertionTest, ASSERT_STRCASEEQ) {
+  ASSERT_STRCASEEQ("hi", "Hi");
+  ASSERT_STRCASEEQ(static_cast<const char *>(NULL), NULL);
+
+  ASSERT_STRCASEEQ("", "");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASEEQ("Hi", "hi2"),
+                       "(ignoring case)");
+}
+
+// Tests ASSERT_STRCASENE.
+TEST(StringAssertionTest, ASSERT_STRCASENE) {
+  ASSERT_STRCASENE("hi1", "Hi2");
+  ASSERT_STRCASENE("Hi", NULL);
+  ASSERT_STRCASENE(NULL, "Hi");
+  ASSERT_STRCASENE("", NULL);
+  ASSERT_STRCASENE(NULL, "");
+  ASSERT_STRCASENE("", "Hi");
+  ASSERT_STRCASENE("Hi", "");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASENE("Hi", "hi"),
+                       "(ignoring case)");
+}
+
+// Tests *_STREQ on wide strings.
+TEST(StringAssertionTest, STREQ_Wide) {
+  // NULL strings.
+  ASSERT_STREQ(static_cast<const wchar_t *>(NULL), NULL);
+
+  // Empty strings.
+  ASSERT_STREQ(L"", L"");
+
+  // Non-null vs NULL.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ(L"non-null", NULL),
+                          "non-null");
+
+  // Equal strings.
+  EXPECT_STREQ(L"Hi", L"Hi");
+
+  // Unequal strings.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ(L"abc", L"Abc"),
+                          "Abc");
+
+  // Strings containing wide characters.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ(L"abc\x8119", L"abc\x8120"),
+                          "abc");
+
+  // The streaming variation.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_STREQ(L"abc\x8119", L"abc\x8121") << "Expected failure";
+  }, "Expected failure");
+}
+
+// Tests *_STRNE on wide strings.
+TEST(StringAssertionTest, STRNE_Wide) {
+  // NULL strings.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_STRNE(static_cast<const wchar_t *>(NULL), NULL);
+  }, "");
+
+  // Empty strings.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE(L"", L""),
+                          "L\"\"");
+
+  // Non-null vs NULL.
+  ASSERT_STRNE(L"non-null", NULL);
+
+  // Equal strings.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE(L"Hi", L"Hi"),
+                          "L\"Hi\"");
+
+  // Unequal strings.
+  EXPECT_STRNE(L"abc", L"Abc");
+
+  // Strings containing wide characters.
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE(L"abc\x8119", L"abc\x8119"),
+                          "abc");
+
+  // The streaming variation.
+  ASSERT_STRNE(L"abc\x8119", L"abc\x8120") << "This shouldn't happen";
+}
+
+// Tests for ::testing::IsSubstring().
+
+// Tests that IsSubstring() returns the correct result when the input
+// argument type is const char*.
+TEST(IsSubstringTest, ReturnsCorrectResultForCString) {
+  EXPECT_FALSE(IsSubstring("", "", NULL, "a"));
+  EXPECT_FALSE(IsSubstring("", "", "b", NULL));
+  EXPECT_FALSE(IsSubstring("", "", "needle", "haystack"));
+
+  EXPECT_TRUE(IsSubstring("", "", static_cast<const char*>(NULL), NULL));
+  EXPECT_TRUE(IsSubstring("", "", "needle", "two needles"));
+}
+
+// Tests that IsSubstring() returns the correct result when the input
+// argument type is const wchar_t*.
+TEST(IsSubstringTest, ReturnsCorrectResultForWideCString) {
+  EXPECT_FALSE(IsSubstring("", "", kNull, L"a"));
+  EXPECT_FALSE(IsSubstring("", "", L"b", kNull));
+  EXPECT_FALSE(IsSubstring("", "", L"needle", L"haystack"));
+
+  EXPECT_TRUE(IsSubstring("", "", static_cast<const wchar_t*>(NULL), NULL));
+  EXPECT_TRUE(IsSubstring("", "", L"needle", L"two needles"));
+}
+
+// Tests that IsSubstring() generates the correct message when the input
+// argument type is const char*.
+TEST(IsSubstringTest, GeneratesCorrectMessageForCString) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: \"needle\"\n"
+               "Expected: a substring of haystack_expr\n"
+               "Which is: \"haystack\"",
+               IsSubstring("needle_expr", "haystack_expr",
+                           "needle", "haystack").failure_message());
+}
+
+// Tests that IsSubstring returns the correct result when the input
+// argument type is ::std::string.
+TEST(IsSubstringTest, ReturnsCorrectResultsForStdString) {
+  EXPECT_TRUE(IsSubstring("", "", std::string("hello"), "ahellob"));
+  EXPECT_FALSE(IsSubstring("", "", "hello", std::string("world")));
+}
+
+#if GTEST_HAS_STD_WSTRING
+// Tests that IsSubstring returns the correct result when the input
+// argument type is ::std::wstring.
+TEST(IsSubstringTest, ReturnsCorrectResultForStdWstring) {
+  EXPECT_TRUE(IsSubstring("", "", ::std::wstring(L"needle"), L"two needles"));
+  EXPECT_FALSE(IsSubstring("", "", L"needle", ::std::wstring(L"haystack")));
+}
+
+// Tests that IsSubstring() generates the correct message when the input
+// argument type is ::std::wstring.
+TEST(IsSubstringTest, GeneratesCorrectMessageForWstring) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: L\"needle\"\n"
+               "Expected: a substring of haystack_expr\n"
+               "Which is: L\"haystack\"",
+               IsSubstring(
+                   "needle_expr", "haystack_expr",
+                   ::std::wstring(L"needle"), L"haystack").failure_message());
+}
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+// Tests for ::testing::IsNotSubstring().
+
+// Tests that IsNotSubstring() returns the correct result when the input
+// argument type is const char*.
+TEST(IsNotSubstringTest, ReturnsCorrectResultForCString) {
+  EXPECT_TRUE(IsNotSubstring("", "", "needle", "haystack"));
+  EXPECT_FALSE(IsNotSubstring("", "", "needle", "two needles"));
+}
+
+// Tests that IsNotSubstring() returns the correct result when the input
+// argument type is const wchar_t*.
+TEST(IsNotSubstringTest, ReturnsCorrectResultForWideCString) {
+  EXPECT_TRUE(IsNotSubstring("", "", L"needle", L"haystack"));
+  EXPECT_FALSE(IsNotSubstring("", "", L"needle", L"two needles"));
+}
+
+// Tests that IsNotSubstring() generates the correct message when the input
+// argument type is const wchar_t*.
+TEST(IsNotSubstringTest, GeneratesCorrectMessageForWideCString) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: L\"needle\"\n"
+               "Expected: not a substring of haystack_expr\n"
+               "Which is: L\"two needles\"",
+               IsNotSubstring(
+                   "needle_expr", "haystack_expr",
+                   L"needle", L"two needles").failure_message());
+}
+
+// Tests that IsNotSubstring returns the correct result when the input
+// argument type is ::std::string.
+TEST(IsNotSubstringTest, ReturnsCorrectResultsForStdString) {
+  EXPECT_FALSE(IsNotSubstring("", "", std::string("hello"), "ahellob"));
+  EXPECT_TRUE(IsNotSubstring("", "", "hello", std::string("world")));
+}
+
+// Tests that IsNotSubstring() generates the correct message when the input
+// argument type is ::std::string.
+TEST(IsNotSubstringTest, GeneratesCorrectMessageForStdString) {
+  EXPECT_STREQ("Value of: needle_expr\n"
+               "  Actual: \"needle\"\n"
+               "Expected: not a substring of haystack_expr\n"
+               "Which is: \"two needles\"",
+               IsNotSubstring(
+                   "needle_expr", "haystack_expr",
+                   ::std::string("needle"), "two needles").failure_message());
+}
+
+#if GTEST_HAS_STD_WSTRING
+
+// Tests that IsNotSubstring returns the correct result when the input
+// argument type is ::std::wstring.
+TEST(IsNotSubstringTest, ReturnsCorrectResultForStdWstring) {
+  EXPECT_FALSE(
+      IsNotSubstring("", "", ::std::wstring(L"needle"), L"two needles"));
+  EXPECT_TRUE(IsNotSubstring("", "", L"needle", ::std::wstring(L"haystack")));
+}
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+// Tests floating-point assertions.
+
+template <typename RawType>
+class FloatingPointTest : public Test {
+ protected:
+  // Pre-calculated numbers to be used by the tests.
+  struct TestValues {
+    RawType close_to_positive_zero;
+    RawType close_to_negative_zero;
+    RawType further_from_negative_zero;
+
+    RawType close_to_one;
+    RawType further_from_one;
+
+    RawType infinity;
+    RawType close_to_infinity;
+    RawType further_from_infinity;
+
+    RawType nan1;
+    RawType nan2;
+  };
+
+  typedef typename testing::internal::FloatingPoint<RawType> Floating;
+  typedef typename Floating::Bits Bits;
+
+  virtual void SetUp() {
+    const size_t max_ulps = Floating::kMaxUlps;
+
+    // The bits that represent 0.0.
+    const Bits zero_bits = Floating(0).bits();
+
+    // Makes some numbers close to 0.0.
+    values_.close_to_positive_zero = Floating::ReinterpretBits(
+        zero_bits + max_ulps/2);
+    values_.close_to_negative_zero = -Floating::ReinterpretBits(
+        zero_bits + max_ulps - max_ulps/2);
+    values_.further_from_negative_zero = -Floating::ReinterpretBits(
+        zero_bits + max_ulps + 1 - max_ulps/2);
+
+    // The bits that represent 1.0.
+    const Bits one_bits = Floating(1).bits();
+
+    // Makes some numbers close to 1.0.
+    values_.close_to_one = Floating::ReinterpretBits(one_bits + max_ulps);
+    values_.further_from_one = Floating::ReinterpretBits(
+        one_bits + max_ulps + 1);
+
+    // +infinity.
+    values_.infinity = Floating::Infinity();
+
+    // The bits that represent +infinity.
+    const Bits infinity_bits = Floating(values_.infinity).bits();
+
+    // Makes some numbers close to infinity.
+    values_.close_to_infinity = Floating::ReinterpretBits(
+        infinity_bits - max_ulps);
+    values_.further_from_infinity = Floating::ReinterpretBits(
+        infinity_bits - max_ulps - 1);
+
+    // Makes some NAN's.  Sets the most significant bit of the fraction so that
+    // our NaN's are quiet; trying to process a signaling NaN would raise an
+    // exception if our environment enables floating point exceptions.
+    values_.nan1 = Floating::ReinterpretBits(Floating::kExponentBitMask
+        | (static_cast<Bits>(1) << (Floating::kFractionBitCount - 1)) | 1);
+    values_.nan2 = Floating::ReinterpretBits(Floating::kExponentBitMask
+        | (static_cast<Bits>(1) << (Floating::kFractionBitCount - 1)) | 200);
+  }
+
+  void TestSize() {
+    EXPECT_EQ(sizeof(RawType), sizeof(Bits));
+  }
+
+  static TestValues values_;
+};
+
+template <typename RawType>
+typename FloatingPointTest<RawType>::TestValues
+    FloatingPointTest<RawType>::values_;
+
+// Instantiates FloatingPointTest for testing *_FLOAT_EQ.
+typedef FloatingPointTest<float> FloatTest;
+
+// Tests that the size of Float::Bits matches the size of float.
+TEST_F(FloatTest, Size) {
+  TestSize();
+}
+
+// Tests comparing with +0 and -0.
+TEST_F(FloatTest, Zeros) {
+  EXPECT_FLOAT_EQ(0.0, -0.0);
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(-0.0, 1.0),
+                          "1.0");
+  EXPECT_FATAL_FAILURE(ASSERT_FLOAT_EQ(0.0, 1.5),
+                       "1.5");
+}
+
+// Tests comparing numbers close to 0.
+//
+// This ensures that *_FLOAT_EQ handles the sign correctly and no
+// overflow occurs when comparing numbers whose absolute value is very
+// small.
+TEST_F(FloatTest, AlmostZeros) {
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const FloatTest::TestValues& v = this->values_;
+
+  EXPECT_FLOAT_EQ(0.0, v.close_to_positive_zero);
+  EXPECT_FLOAT_EQ(-0.0, v.close_to_negative_zero);
+  EXPECT_FLOAT_EQ(v.close_to_positive_zero, v.close_to_negative_zero);
+
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_FLOAT_EQ(v.close_to_positive_zero,
+                    v.further_from_negative_zero);
+  }, "v.further_from_negative_zero");
+}
+
+// Tests comparing numbers close to each other.
+TEST_F(FloatTest, SmallDiff) {
+  EXPECT_FLOAT_EQ(1.0, values_.close_to_one);
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(1.0, values_.further_from_one),
+                          "values_.further_from_one");
+}
+
+// Tests comparing numbers far apart.
+TEST_F(FloatTest, LargeDiff) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(2.5, 3.0),
+                          "3.0");
+}
+
+// Tests comparing with infinity.
+//
+// This ensures that no overflow occurs when comparing numbers whose
+// absolute value is very large.
+TEST_F(FloatTest, Infinity) {
+  EXPECT_FLOAT_EQ(values_.infinity, values_.close_to_infinity);
+  EXPECT_FLOAT_EQ(-values_.infinity, -values_.close_to_infinity);
+#if !GTEST_OS_SYMBIAN
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(values_.infinity, -values_.infinity),
+                          "-values_.infinity");
+
+  // This is interesting as the representations of infinity and nan1
+  // are only 1 DLP apart.
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(values_.infinity, values_.nan1),
+                          "values_.nan1");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that comparing with NAN always returns false.
+TEST_F(FloatTest, NaN) {
+#if !GTEST_OS_SYMBIAN
+// Nokia's STLport crashes if we try to output infinity or NaN.
+
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const FloatTest::TestValues& v = this->values_;
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(v.nan1, v.nan1),
+                          "v.nan1");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(v.nan1, v.nan2),
+                          "v.nan2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(1.0, v.nan1),
+                          "v.nan1");
+
+  EXPECT_FATAL_FAILURE(ASSERT_FLOAT_EQ(v.nan1, v.infinity),
+                       "v.infinity");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that *_FLOAT_EQ are reflexive.
+TEST_F(FloatTest, Reflexive) {
+  EXPECT_FLOAT_EQ(0.0, 0.0);
+  EXPECT_FLOAT_EQ(1.0, 1.0);
+  ASSERT_FLOAT_EQ(values_.infinity, values_.infinity);
+}
+
+// Tests that *_FLOAT_EQ are commutative.
+TEST_F(FloatTest, Commutative) {
+  // We already tested EXPECT_FLOAT_EQ(1.0, values_.close_to_one).
+  EXPECT_FLOAT_EQ(values_.close_to_one, 1.0);
+
+  // We already tested EXPECT_FLOAT_EQ(1.0, values_.further_from_one).
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(values_.further_from_one, 1.0),
+                          "1.0");
+}
+
+// Tests EXPECT_NEAR.
+TEST_F(FloatTest, EXPECT_NEAR) {
+  EXPECT_NEAR(-1.0f, -1.1f, 0.2f);
+  EXPECT_NEAR(2.0f, 3.0f, 1.0f);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NEAR(1.0f,1.5f, 0.25f),  // NOLINT
+                          "The difference between 1.0f and 1.5f is 0.5, "
+                          "which exceeds 0.25f");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous line.
+}
+
+// Tests ASSERT_NEAR.
+TEST_F(FloatTest, ASSERT_NEAR) {
+  ASSERT_NEAR(-1.0f, -1.1f, 0.2f);
+  ASSERT_NEAR(2.0f, 3.0f, 1.0f);
+  EXPECT_FATAL_FAILURE(ASSERT_NEAR(1.0f,1.5f, 0.25f),  // NOLINT
+                       "The difference between 1.0f and 1.5f is 0.5, "
+                       "which exceeds 0.25f");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous line.
+}
+
+// Tests the cases where FloatLE() should succeed.
+TEST_F(FloatTest, FloatLESucceeds) {
+  EXPECT_PRED_FORMAT2(FloatLE, 1.0f, 2.0f);  // When val1 < val2,
+  ASSERT_PRED_FORMAT2(FloatLE, 1.0f, 1.0f);  // val1 == val2,
+
+  // or when val1 is greater than, but almost equals to, val2.
+  EXPECT_PRED_FORMAT2(FloatLE, values_.close_to_positive_zero, 0.0f);
+}
+
+// Tests the cases where FloatLE() should fail.
+TEST_F(FloatTest, FloatLEFails) {
+  // When val1 is greater than val2 by a large margin,
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED_FORMAT2(FloatLE, 2.0f, 1.0f),
+                          "(2.0f) <= (1.0f)");
+
+  // or by a small yet non-negligible margin,
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(FloatLE, values_.further_from_one, 1.0f);
+  }, "(values_.further_from_one) <= (1.0f)");
+
+#if !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  // C++Builder gives bad results for ordered comparisons involving NaNs
+  // due to compiler bugs.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(FloatLE, values_.nan1, values_.infinity);
+  }, "(values_.nan1) <= (values_.infinity)");
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(FloatLE, -values_.infinity, values_.nan1);
+  }, "(-values_.infinity) <= (values_.nan1)");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(FloatLE, values_.nan1, values_.nan1);
+  }, "(values_.nan1) <= (values_.nan1)");
+#endif  // !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+}
+
+// Instantiates FloatingPointTest for testing *_DOUBLE_EQ.
+typedef FloatingPointTest<double> DoubleTest;
+
+// Tests that the size of Double::Bits matches the size of double.
+TEST_F(DoubleTest, Size) {
+  TestSize();
+}
+
+// Tests comparing with +0 and -0.
+TEST_F(DoubleTest, Zeros) {
+  EXPECT_DOUBLE_EQ(0.0, -0.0);
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(-0.0, 1.0),
+                          "1.0");
+  EXPECT_FATAL_FAILURE(ASSERT_DOUBLE_EQ(0.0, 1.0),
+                       "1.0");
+}
+
+// Tests comparing numbers close to 0.
+//
+// This ensures that *_DOUBLE_EQ handles the sign correctly and no
+// overflow occurs when comparing numbers whose absolute value is very
+// small.
+TEST_F(DoubleTest, AlmostZeros) {
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const DoubleTest::TestValues& v = this->values_;
+
+  EXPECT_DOUBLE_EQ(0.0, v.close_to_positive_zero);
+  EXPECT_DOUBLE_EQ(-0.0, v.close_to_negative_zero);
+  EXPECT_DOUBLE_EQ(v.close_to_positive_zero, v.close_to_negative_zero);
+
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_DOUBLE_EQ(v.close_to_positive_zero,
+                     v.further_from_negative_zero);
+  }, "v.further_from_negative_zero");
+}
+
+// Tests comparing numbers close to each other.
+TEST_F(DoubleTest, SmallDiff) {
+  EXPECT_DOUBLE_EQ(1.0, values_.close_to_one);
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(1.0, values_.further_from_one),
+                          "values_.further_from_one");
+}
+
+// Tests comparing numbers far apart.
+TEST_F(DoubleTest, LargeDiff) {
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(2.0, 3.0),
+                          "3.0");
+}
+
+// Tests comparing with infinity.
+//
+// This ensures that no overflow occurs when comparing numbers whose
+// absolute value is very large.
+TEST_F(DoubleTest, Infinity) {
+  EXPECT_DOUBLE_EQ(values_.infinity, values_.close_to_infinity);
+  EXPECT_DOUBLE_EQ(-values_.infinity, -values_.close_to_infinity);
+#if !GTEST_OS_SYMBIAN
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(values_.infinity, -values_.infinity),
+                          "-values_.infinity");
+
+  // This is interesting as the representations of infinity_ and nan1_
+  // are only 1 DLP apart.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(values_.infinity, values_.nan1),
+                          "values_.nan1");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that comparing with NAN always returns false.
+TEST_F(DoubleTest, NaN) {
+#if !GTEST_OS_SYMBIAN
+  // In C++Builder, names within local classes (such as used by
+  // EXPECT_FATAL_FAILURE) cannot be resolved against static members of the
+  // scoping class.  Use a static local alias as a workaround.
+  // We use the assignment syntax since some compilers, like Sun Studio,
+  // don't allow initializing references using construction syntax
+  // (parentheses).
+  static const DoubleTest::TestValues& v = this->values_;
+
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(v.nan1, v.nan1),
+                          "v.nan1");
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(v.nan1, v.nan2), "v.nan2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(1.0, v.nan1), "v.nan1");
+  EXPECT_FATAL_FAILURE(ASSERT_DOUBLE_EQ(v.nan1, v.infinity),
+                       "v.infinity");
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that *_DOUBLE_EQ are reflexive.
+TEST_F(DoubleTest, Reflexive) {
+  EXPECT_DOUBLE_EQ(0.0, 0.0);
+  EXPECT_DOUBLE_EQ(1.0, 1.0);
+#if !GTEST_OS_SYMBIAN
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  ASSERT_DOUBLE_EQ(values_.infinity, values_.infinity);
+#endif  // !GTEST_OS_SYMBIAN
+}
+
+// Tests that *_DOUBLE_EQ are commutative.
+TEST_F(DoubleTest, Commutative) {
+  // We already tested EXPECT_DOUBLE_EQ(1.0, values_.close_to_one).
+  EXPECT_DOUBLE_EQ(values_.close_to_one, 1.0);
+
+  // We already tested EXPECT_DOUBLE_EQ(1.0, values_.further_from_one).
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(values_.further_from_one, 1.0),
+                          "1.0");
+}
+
+// Tests EXPECT_NEAR.
+TEST_F(DoubleTest, EXPECT_NEAR) {
+  EXPECT_NEAR(-1.0, -1.1, 0.2);
+  EXPECT_NEAR(2.0, 3.0, 1.0);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NEAR(1.0, 1.5, 0.25),  // NOLINT
+                          "The difference between 1.0 and 1.5 is 0.5, "
+                          "which exceeds 0.25");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous statement.
+}
+
+// Tests ASSERT_NEAR.
+TEST_F(DoubleTest, ASSERT_NEAR) {
+  ASSERT_NEAR(-1.0, -1.1, 0.2);
+  ASSERT_NEAR(2.0, 3.0, 1.0);
+  EXPECT_FATAL_FAILURE(ASSERT_NEAR(1.0, 1.5, 0.25),  // NOLINT
+                       "The difference between 1.0 and 1.5 is 0.5, "
+                       "which exceeds 0.25");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous statement.
+}
+
+// Tests the cases where DoubleLE() should succeed.
+TEST_F(DoubleTest, DoubleLESucceeds) {
+  EXPECT_PRED_FORMAT2(DoubleLE, 1.0, 2.0);  // When val1 < val2,
+  ASSERT_PRED_FORMAT2(DoubleLE, 1.0, 1.0);  // val1 == val2,
+
+  // or when val1 is greater than, but almost equals to, val2.
+  EXPECT_PRED_FORMAT2(DoubleLE, values_.close_to_positive_zero, 0.0);
+}
+
+// Tests the cases where DoubleLE() should fail.
+TEST_F(DoubleTest, DoubleLEFails) {
+  // When val1 is greater than val2 by a large margin,
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED_FORMAT2(DoubleLE, 2.0, 1.0),
+                          "(2.0) <= (1.0)");
+
+  // or by a small yet non-negligible margin,
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(DoubleLE, values_.further_from_one, 1.0);
+  }, "(values_.further_from_one) <= (1.0)");
+
+#if !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+  // Nokia's STLport crashes if we try to output infinity or NaN.
+  // C++Builder gives bad results for ordered comparisons involving NaNs
+  // due to compiler bugs.
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(DoubleLE, values_.nan1, values_.infinity);
+  }, "(values_.nan1) <= (values_.infinity)");
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_PRED_FORMAT2(DoubleLE, -values_.infinity, values_.nan1);
+  }, " (-values_.infinity) <= (values_.nan1)");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_PRED_FORMAT2(DoubleLE, values_.nan1, values_.nan1);
+  }, "(values_.nan1) <= (values_.nan1)");
+#endif  // !GTEST_OS_SYMBIAN && !defined(__BORLANDC__)
+}
+
+
+// Verifies that a test or test case whose name starts with DISABLED_ is
+// not run.
+
+// A test whose name starts with DISABLED_.
+// Should not run.
+TEST(DisabledTest, DISABLED_TestShouldNotRun) {
+  FAIL() << "Unexpected failure: Disabled test should not be run.";
+}
+
+// A test whose name does not start with DISABLED_.
+// Should run.
+TEST(DisabledTest, NotDISABLED_TestShouldRun) {
+  EXPECT_EQ(1, 1);
+}
+
+// A test case whose name starts with DISABLED_.
+// Should not run.
+TEST(DISABLED_TestCase, TestShouldNotRun) {
+  FAIL() << "Unexpected failure: Test in disabled test case should not be run.";
+}
+
+// A test case and test whose names start with DISABLED_.
+// Should not run.
+TEST(DISABLED_TestCase, DISABLED_TestShouldNotRun) {
+  FAIL() << "Unexpected failure: Test in disabled test case should not be run.";
+}
+
+// Check that when all tests in a test case are disabled, SetupTestCase() and
+// TearDownTestCase() are not called.
+class DisabledTestsTest : public Test {
+ protected:
+  static void SetUpTestCase() {
+    FAIL() << "Unexpected failure: All tests disabled in test case. "
+              "SetupTestCase() should not be called.";
+  }
+
+  static void TearDownTestCase() {
+    FAIL() << "Unexpected failure: All tests disabled in test case. "
+              "TearDownTestCase() should not be called.";
+  }
+};
+
+TEST_F(DisabledTestsTest, DISABLED_TestShouldNotRun_1) {
+  FAIL() << "Unexpected failure: Disabled test should not be run.";
+}
+
+TEST_F(DisabledTestsTest, DISABLED_TestShouldNotRun_2) {
+  FAIL() << "Unexpected failure: Disabled test should not be run.";
+}
+
+// Tests that disabled typed tests aren't run.
+
+#if GTEST_HAS_TYPED_TEST
+
+template <typename T>
+class TypedTest : public Test {
+};
+
+typedef testing::Types<int, double> NumericTypes;
+TYPED_TEST_CASE(TypedTest, NumericTypes);
+
+TYPED_TEST(TypedTest, DISABLED_ShouldNotRun) {
+  FAIL() << "Unexpected failure: Disabled typed test should not run.";
+}
+
+template <typename T>
+class DISABLED_TypedTest : public Test {
+};
+
+TYPED_TEST_CASE(DISABLED_TypedTest, NumericTypes);
+
+TYPED_TEST(DISABLED_TypedTest, ShouldNotRun) {
+  FAIL() << "Unexpected failure: Disabled typed test should not run.";
+}
+
+#endif  // GTEST_HAS_TYPED_TEST
+
+// Tests that disabled type-parameterized tests aren't run.
+
+#if GTEST_HAS_TYPED_TEST_P
+
+template <typename T>
+class TypedTestP : public Test {
+};
+
+TYPED_TEST_CASE_P(TypedTestP);
+
+TYPED_TEST_P(TypedTestP, DISABLED_ShouldNotRun) {
+  FAIL() << "Unexpected failure: "
+         << "Disabled type-parameterized test should not run.";
+}
+
+REGISTER_TYPED_TEST_CASE_P(TypedTestP, DISABLED_ShouldNotRun);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, TypedTestP, NumericTypes);
+
+template <typename T>
+class DISABLED_TypedTestP : public Test {
+};
+
+TYPED_TEST_CASE_P(DISABLED_TypedTestP);
+
+TYPED_TEST_P(DISABLED_TypedTestP, ShouldNotRun) {
+  FAIL() << "Unexpected failure: "
+         << "Disabled type-parameterized test should not run.";
+}
+
+REGISTER_TYPED_TEST_CASE_P(DISABLED_TypedTestP, ShouldNotRun);
+
+INSTANTIATE_TYPED_TEST_CASE_P(My, DISABLED_TypedTestP, NumericTypes);
+
+#endif  // GTEST_HAS_TYPED_TEST_P
+
+// Tests that assertion macros evaluate their arguments exactly once.
+
+class SingleEvaluationTest : public Test {
+ public:  // Must be public and not protected due to a bug in g++ 3.4.2.
+  // This helper function is needed by the FailedASSERT_STREQ test
+  // below.  It's public to work around C++Builder's bug with scoping local
+  // classes.
+  static void CompareAndIncrementCharPtrs() {
+    ASSERT_STREQ(p1_++, p2_++);
+  }
+
+  // This helper function is needed by the FailedASSERT_NE test below.  It's
+  // public to work around C++Builder's bug with scoping local classes.
+  static void CompareAndIncrementInts() {
+    ASSERT_NE(a_++, b_++);
+  }
+
+ protected:
+  SingleEvaluationTest() {
+    p1_ = s1_;
+    p2_ = s2_;
+    a_ = 0;
+    b_ = 0;
+  }
+
+  static const char* const s1_;
+  static const char* const s2_;
+  static const char* p1_;
+  static const char* p2_;
+
+  static int a_;
+  static int b_;
+};
+
+const char* const SingleEvaluationTest::s1_ = "01234";
+const char* const SingleEvaluationTest::s2_ = "abcde";
+const char* SingleEvaluationTest::p1_;
+const char* SingleEvaluationTest::p2_;
+int SingleEvaluationTest::a_;
+int SingleEvaluationTest::b_;
+
+// Tests that when ASSERT_STREQ fails, it evaluates its arguments
+// exactly once.
+TEST_F(SingleEvaluationTest, FailedASSERT_STREQ) {
+  EXPECT_FATAL_FAILURE(SingleEvaluationTest::CompareAndIncrementCharPtrs(),
+                       "p2_++");
+  EXPECT_EQ(s1_ + 1, p1_);
+  EXPECT_EQ(s2_ + 1, p2_);
+}
+
+// Tests that string assertion arguments are evaluated exactly once.
+TEST_F(SingleEvaluationTest, ASSERT_STR) {
+  // successful EXPECT_STRNE
+  EXPECT_STRNE(p1_++, p2_++);
+  EXPECT_EQ(s1_ + 1, p1_);
+  EXPECT_EQ(s2_ + 1, p2_);
+
+  // failed EXPECT_STRCASEEQ
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASEEQ(p1_++, p2_++),
+                          "ignoring case");
+  EXPECT_EQ(s1_ + 2, p1_);
+  EXPECT_EQ(s2_ + 2, p2_);
+}
+
+// Tests that when ASSERT_NE fails, it evaluates its arguments exactly
+// once.
+TEST_F(SingleEvaluationTest, FailedASSERT_NE) {
+  EXPECT_FATAL_FAILURE(SingleEvaluationTest::CompareAndIncrementInts(),
+                       "(a_++) != (b_++)");
+  EXPECT_EQ(1, a_);
+  EXPECT_EQ(1, b_);
+}
+
+// Tests that assertion arguments are evaluated exactly once.
+TEST_F(SingleEvaluationTest, OtherCases) {
+  // successful EXPECT_TRUE
+  EXPECT_TRUE(0 == a_++);  // NOLINT
+  EXPECT_EQ(1, a_);
+
+  // failed EXPECT_TRUE
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(-1 == a_++), "-1 == a_++");
+  EXPECT_EQ(2, a_);
+
+  // successful EXPECT_GT
+  EXPECT_GT(a_++, b_++);
+  EXPECT_EQ(3, a_);
+  EXPECT_EQ(1, b_);
+
+  // failed EXPECT_LT
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(a_++, b_++), "(a_++) < (b_++)");
+  EXPECT_EQ(4, a_);
+  EXPECT_EQ(2, b_);
+
+  // successful ASSERT_TRUE
+  ASSERT_TRUE(0 < a_++);  // NOLINT
+  EXPECT_EQ(5, a_);
+
+  // successful ASSERT_GT
+  ASSERT_GT(a_++, b_++);
+  EXPECT_EQ(6, a_);
+  EXPECT_EQ(3, b_);
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+void ThrowAnInteger() {
+  throw 1;
+}
+
+// Tests that assertion arguments are evaluated exactly once.
+TEST_F(SingleEvaluationTest, ExceptionTests) {
+  // successful EXPECT_THROW
+  EXPECT_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  }, int);
+  EXPECT_EQ(1, a_);
+
+  // failed EXPECT_THROW, throws different
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  }, bool), "throws a different type");
+  EXPECT_EQ(2, a_);
+
+  // failed EXPECT_THROW, throws nothing
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(a_++, bool), "throws nothing");
+  EXPECT_EQ(3, a_);
+
+  // successful EXPECT_NO_THROW
+  EXPECT_NO_THROW(a_++);
+  EXPECT_EQ(4, a_);
+
+  // failed EXPECT_NO_THROW
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  }), "it throws");
+  EXPECT_EQ(5, a_);
+
+  // successful EXPECT_ANY_THROW
+  EXPECT_ANY_THROW({  // NOLINT
+    a_++;
+    ThrowAnInteger();
+  });
+  EXPECT_EQ(6, a_);
+
+  // failed EXPECT_ANY_THROW
+  EXPECT_NONFATAL_FAILURE(EXPECT_ANY_THROW(a_++), "it doesn't");
+  EXPECT_EQ(7, a_);
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Tests {ASSERT|EXPECT}_NO_FATAL_FAILURE.
+class NoFatalFailureTest : public Test {
+ protected:
+  void Succeeds() {}
+  void FailsNonFatal() {
+    ADD_FAILURE() << "some non-fatal failure";
+  }
+  void Fails() {
+    FAIL() << "some fatal failure";
+  }
+
+  void DoAssertNoFatalFailureOnFails() {
+    ASSERT_NO_FATAL_FAILURE(Fails());
+    ADD_FAILURE() << "shold not reach here.";
+  }
+
+  void DoExpectNoFatalFailureOnFails() {
+    EXPECT_NO_FATAL_FAILURE(Fails());
+    ADD_FAILURE() << "other failure";
+  }
+};
+
+TEST_F(NoFatalFailureTest, NoFailure) {
+  EXPECT_NO_FATAL_FAILURE(Succeeds());
+  ASSERT_NO_FATAL_FAILURE(Succeeds());
+}
+
+TEST_F(NoFatalFailureTest, NonFatalIsNoFailure) {
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_NO_FATAL_FAILURE(FailsNonFatal()),
+      "some non-fatal failure");
+  EXPECT_NONFATAL_FAILURE(
+      ASSERT_NO_FATAL_FAILURE(FailsNonFatal()),
+      "some non-fatal failure");
+}
+
+TEST_F(NoFatalFailureTest, AssertNoFatalFailureOnFatalFailure) {
+  TestPartResultArray gtest_failures;
+  {
+    ScopedFakeTestPartResultReporter gtest_reporter(&gtest_failures);
+    DoAssertNoFatalFailureOnFails();
+  }
+  ASSERT_EQ(2, gtest_failures.size());
+  EXPECT_EQ(TestPartResult::kFatalFailure,
+            gtest_failures.GetTestPartResult(0).type());
+  EXPECT_EQ(TestPartResult::kFatalFailure,
+            gtest_failures.GetTestPartResult(1).type());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "some fatal failure",
+                      gtest_failures.GetTestPartResult(0).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "it does",
+                      gtest_failures.GetTestPartResult(1).message());
+}
+
+TEST_F(NoFatalFailureTest, ExpectNoFatalFailureOnFatalFailure) {
+  TestPartResultArray gtest_failures;
+  {
+    ScopedFakeTestPartResultReporter gtest_reporter(&gtest_failures);
+    DoExpectNoFatalFailureOnFails();
+  }
+  ASSERT_EQ(3, gtest_failures.size());
+  EXPECT_EQ(TestPartResult::kFatalFailure,
+            gtest_failures.GetTestPartResult(0).type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(1).type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(2).type());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "some fatal failure",
+                      gtest_failures.GetTestPartResult(0).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "it does",
+                      gtest_failures.GetTestPartResult(1).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "other failure",
+                      gtest_failures.GetTestPartResult(2).message());
+}
+
+TEST_F(NoFatalFailureTest, MessageIsStreamable) {
+  TestPartResultArray gtest_failures;
+  {
+    ScopedFakeTestPartResultReporter gtest_reporter(&gtest_failures);
+    EXPECT_NO_FATAL_FAILURE(FAIL() << "foo") << "my message";
+  }
+  ASSERT_EQ(2, gtest_failures.size());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(0).type());
+  EXPECT_EQ(TestPartResult::kNonFatalFailure,
+            gtest_failures.GetTestPartResult(1).type());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "foo",
+                      gtest_failures.GetTestPartResult(0).message());
+  EXPECT_PRED_FORMAT2(testing::IsSubstring, "my message",
+                      gtest_failures.GetTestPartResult(1).message());
+}
+
+// Tests non-string assertions.
+
+std::string EditsToString(const std::vector<EditType>& edits) {
+  std::string out;
+  for (size_t i = 0; i < edits.size(); ++i) {
+    static const char kEdits[] = " +-/";
+    out.append(1, kEdits[edits[i]]);
+  }
+  return out;
+}
+
+std::vector<size_t> CharsToIndices(const std::string& str) {
+  std::vector<size_t> out;
+  for (size_t i = 0; i < str.size(); ++i) {
+    out.push_back(str[i]);
+  }
+  return out;
+}
+
+std::vector<std::string> CharsToLines(const std::string& str) {
+  std::vector<std::string> out;
+  for (size_t i = 0; i < str.size(); ++i) {
+    out.push_back(str.substr(i, 1));
+  }
+  return out;
+}
+
+TEST(EditDistance, TestCases) {
+  struct Case {
+    int line;
+    const char* left;
+    const char* right;
+    const char* expected_edits;
+    const char* expected_diff;
+  };
+  static const Case kCases[] = {
+      // No change.
+      {__LINE__, "A", "A", " ", ""},
+      {__LINE__, "ABCDE", "ABCDE", "     ", ""},
+      // Simple adds.
+      {__LINE__, "X", "XA", " +", "@@ +1,2 @@\n X\n+A\n"},
+      {__LINE__, "X", "XABCD", " ++++", "@@ +1,5 @@\n X\n+A\n+B\n+C\n+D\n"},
+      // Simple removes.
+      {__LINE__, "XA", "X", " -", "@@ -1,2 @@\n X\n-A\n"},
+      {__LINE__, "XABCD", "X", " ----", "@@ -1,5 @@\n X\n-A\n-B\n-C\n-D\n"},
+      // Simple replaces.
+      {__LINE__, "A", "a", "/", "@@ -1,1 +1,1 @@\n-A\n+a\n"},
+      {__LINE__, "ABCD", "abcd", "////",
+       "@@ -1,4 +1,4 @@\n-A\n-B\n-C\n-D\n+a\n+b\n+c\n+d\n"},
+      // Path finding.
+      {__LINE__, "ABCDEFGH", "ABXEGH1", "  -/ -  +",
+       "@@ -1,8 +1,7 @@\n A\n B\n-C\n-D\n+X\n E\n-F\n G\n H\n+1\n"},
+      {__LINE__, "AAAABCCCC", "ABABCDCDC", "- /   + / ",
+       "@@ -1,9 +1,9 @@\n-A\n A\n-A\n+B\n A\n B\n C\n+D\n C\n-C\n+D\n C\n"},
+      {__LINE__, "ABCDE", "BCDCD", "-   +/",
+       "@@ -1,5 +1,5 @@\n-A\n B\n C\n D\n-E\n+C\n+D\n"},
+      {__LINE__, "ABCDEFGHIJKL", "BCDCDEFGJKLJK", "- ++     --   ++",
+       "@@ -1,4 +1,5 @@\n-A\n B\n+C\n+D\n C\n D\n"
+       "@@ -6,7 +7,7 @@\n F\n G\n-H\n-I\n J\n K\n L\n+J\n+K\n"},
+      {}};
+  for (const Case* c = kCases; c->left; ++c) {
+    EXPECT_TRUE(c->expected_edits ==
+                EditsToString(CalculateOptimalEdits(CharsToIndices(c->left),
+                                                    CharsToIndices(c->right))))
+        << "Left <" << c->left << "> Right <" << c->right << "> Edits <"
+        << EditsToString(CalculateOptimalEdits(
+               CharsToIndices(c->left), CharsToIndices(c->right))) << ">";
+    EXPECT_TRUE(c->expected_diff == CreateUnifiedDiff(CharsToLines(c->left),
+                                                      CharsToLines(c->right)))
+        << "Left <" << c->left << "> Right <" << c->right << "> Diff <"
+        << CreateUnifiedDiff(CharsToLines(c->left), CharsToLines(c->right))
+        << ">";
+  }
+}
+
+// Tests EqFailure(), used for implementing *EQ* assertions.
+TEST(AssertionTest, EqFailure) {
+  const std::string foo_val("5"), bar_val("6");
+  const std::string msg1(
+      EqFailure("foo", "bar", foo_val, bar_val, false)
+      .failure_message());
+  EXPECT_STREQ(
+      "Value of: bar\n"
+      "  Actual: 6\n"
+      "Expected: foo\n"
+      "Which is: 5",
+      msg1.c_str());
+
+  const std::string msg2(
+      EqFailure("foo", "6", foo_val, bar_val, false)
+      .failure_message());
+  EXPECT_STREQ(
+      "Value of: 6\n"
+      "Expected: foo\n"
+      "Which is: 5",
+      msg2.c_str());
+
+  const std::string msg3(
+      EqFailure("5", "bar", foo_val, bar_val, false)
+      .failure_message());
+  EXPECT_STREQ(
+      "Value of: bar\n"
+      "  Actual: 6\n"
+      "Expected: 5",
+      msg3.c_str());
+
+  const std::string msg4(
+      EqFailure("5", "6", foo_val, bar_val, false).failure_message());
+  EXPECT_STREQ(
+      "Value of: 6\n"
+      "Expected: 5",
+      msg4.c_str());
+
+  const std::string msg5(
+      EqFailure("foo", "bar",
+                std::string("\"x\""), std::string("\"y\""),
+                true).failure_message());
+  EXPECT_STREQ(
+      "Value of: bar\n"
+      "  Actual: \"y\"\n"
+      "Expected: foo (ignoring case)\n"
+      "Which is: \"x\"",
+      msg5.c_str());
+}
+
+TEST(AssertionTest, EqFailureWithDiff) {
+  const std::string left(
+      "1\\n2XXX\\n3\\n5\\n6\\n7\\n8\\n9\\n10\\n11\\n12XXX\\n13\\n14\\n15");
+  const std::string right(
+      "1\\n2\\n3\\n4\\n5\\n6\\n7\\n8\\n9\\n11\\n12\\n13\\n14");
+  const std::string msg1(
+      EqFailure("left", "right", left, right, false).failure_message());
+  EXPECT_STREQ(
+      "Value of: right\n"
+      "  Actual: 1\\n2\\n3\\n4\\n5\\n6\\n7\\n8\\n9\\n11\\n12\\n13\\n14\n"
+      "Expected: left\n"
+      "Which is: "
+      "1\\n2XXX\\n3\\n5\\n6\\n7\\n8\\n9\\n10\\n11\\n12XXX\\n13\\n14\\n15\n"
+      "With diff:\n@@ -1,5 +1,6 @@\n 1\n-2XXX\n+2\n 3\n+4\n 5\n 6\n"
+      "@@ -7,8 +8,6 @@\n 8\n 9\n-10\n 11\n-12XXX\n+12\n 13\n 14\n-15\n",
+      msg1.c_str());
+}
+
+// Tests AppendUserMessage(), used for implementing the *EQ* macros.
+TEST(AssertionTest, AppendUserMessage) {
+  const std::string foo("foo");
+
+  Message msg;
+  EXPECT_STREQ("foo",
+               AppendUserMessage(foo, msg).c_str());
+
+  msg << "bar";
+  EXPECT_STREQ("foo\nbar",
+               AppendUserMessage(foo, msg).c_str());
+}
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+# pragma option push -w-ccc -w-rch
+#endif
+
+// Tests ASSERT_TRUE.
+TEST(AssertionTest, ASSERT_TRUE) {
+  ASSERT_TRUE(2 > 1);  // NOLINT
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(2 < 1),
+                       "2 < 1");
+}
+
+// Tests ASSERT_TRUE(predicate) for predicates returning AssertionResult.
+TEST(AssertionTest, AssertTrueWithAssertionResult) {
+  ASSERT_TRUE(ResultIsEven(2));
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(ResultIsEven(3)),
+                       "Value of: ResultIsEven(3)\n"
+                       "  Actual: false (3 is odd)\n"
+                       "Expected: true");
+#endif
+  ASSERT_TRUE(ResultIsEvenNoExplanation(2));
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(ResultIsEvenNoExplanation(3)),
+                       "Value of: ResultIsEvenNoExplanation(3)\n"
+                       "  Actual: false (3 is odd)\n"
+                       "Expected: true");
+}
+
+// Tests ASSERT_FALSE.
+TEST(AssertionTest, ASSERT_FALSE) {
+  ASSERT_FALSE(2 < 1);  // NOLINT
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(2 > 1),
+                       "Value of: 2 > 1\n"
+                       "  Actual: true\n"
+                       "Expected: false");
+}
+
+// Tests ASSERT_FALSE(predicate) for predicates returning AssertionResult.
+TEST(AssertionTest, AssertFalseWithAssertionResult) {
+  ASSERT_FALSE(ResultIsEven(3));
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(ResultIsEven(2)),
+                       "Value of: ResultIsEven(2)\n"
+                       "  Actual: true (2 is even)\n"
+                       "Expected: false");
+#endif
+  ASSERT_FALSE(ResultIsEvenNoExplanation(3));
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(ResultIsEvenNoExplanation(2)),
+                       "Value of: ResultIsEvenNoExplanation(2)\n"
+                       "  Actual: true\n"
+                       "Expected: false");
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" supressed them
+# pragma option pop
+#endif
+
+// Tests using ASSERT_EQ on double values.  The purpose is to make
+// sure that the specialization we did for integer and anonymous enums
+// isn't used for double arguments.
+TEST(ExpectTest, ASSERT_EQ_Double) {
+  // A success.
+  ASSERT_EQ(5.6, 5.6);
+
+  // A failure.
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(5.1, 5.2),
+                       "5.1");
+}
+
+// Tests ASSERT_EQ.
+TEST(AssertionTest, ASSERT_EQ) {
+  ASSERT_EQ(5, 2 + 3);
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(5, 2*3),
+                       "Value of: 2*3\n"
+                       "  Actual: 6\n"
+                       "Expected: 5");
+}
+
+// Tests ASSERT_EQ(NULL, pointer).
+#if GTEST_CAN_COMPARE_NULL
+TEST(AssertionTest, ASSERT_EQ_NULL) {
+  // A success.
+  const char* p = NULL;
+  // Some older GCC versions may issue a spurious waring in this or the next
+  // assertion statement. This warning should not be suppressed with
+  // static_cast since the test verifies the ability to use bare NULL as the
+  // expected parameter to the macro.
+  ASSERT_EQ(NULL, p);
+
+  // A failure.
+  static int n = 0;
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(NULL, &n),
+                       "Value of: &n\n");
+}
+#endif  // GTEST_CAN_COMPARE_NULL
+
+// Tests ASSERT_EQ(0, non_pointer).  Since the literal 0 can be
+// treated as a null pointer by the compiler, we need to make sure
+// that ASSERT_EQ(0, non_pointer) isn't interpreted by Google Test as
+// ASSERT_EQ(static_cast<void*>(NULL), non_pointer).
+TEST(ExpectTest, ASSERT_EQ_0) {
+  int n = 0;
+
+  // A success.
+  ASSERT_EQ(0, n);
+
+  // A failure.
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(0, 5.6),
+                       "Expected: 0");
+}
+
+// Tests ASSERT_NE.
+TEST(AssertionTest, ASSERT_NE) {
+  ASSERT_NE(6, 7);
+  EXPECT_FATAL_FAILURE(ASSERT_NE('a', 'a'),
+                       "Expected: ('a') != ('a'), "
+                       "actual: 'a' (97, 0x61) vs 'a' (97, 0x61)");
+}
+
+// Tests ASSERT_LE.
+TEST(AssertionTest, ASSERT_LE) {
+  ASSERT_LE(2, 3);
+  ASSERT_LE(2, 2);
+  EXPECT_FATAL_FAILURE(ASSERT_LE(2, 0),
+                       "Expected: (2) <= (0), actual: 2 vs 0");
+}
+
+// Tests ASSERT_LT.
+TEST(AssertionTest, ASSERT_LT) {
+  ASSERT_LT(2, 3);
+  EXPECT_FATAL_FAILURE(ASSERT_LT(2, 2),
+                       "Expected: (2) < (2), actual: 2 vs 2");
+}
+
+// Tests ASSERT_GE.
+TEST(AssertionTest, ASSERT_GE) {
+  ASSERT_GE(2, 1);
+  ASSERT_GE(2, 2);
+  EXPECT_FATAL_FAILURE(ASSERT_GE(2, 3),
+                       "Expected: (2) >= (3), actual: 2 vs 3");
+}
+
+// Tests ASSERT_GT.
+TEST(AssertionTest, ASSERT_GT) {
+  ASSERT_GT(2, 1);
+  EXPECT_FATAL_FAILURE(ASSERT_GT(2, 2),
+                       "Expected: (2) > (2), actual: 2 vs 2");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+void ThrowNothing() {}
+
+// Tests ASSERT_THROW.
+TEST(AssertionTest, ASSERT_THROW) {
+  ASSERT_THROW(ThrowAnInteger(), int);
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder 2007 and 2009.
+  EXPECT_FATAL_FAILURE(
+      ASSERT_THROW(ThrowAnInteger(), bool),
+      "Expected: ThrowAnInteger() throws an exception of type bool.\n"
+      "  Actual: it throws a different type.");
+# endif
+
+  EXPECT_FATAL_FAILURE(
+      ASSERT_THROW(ThrowNothing(), bool),
+      "Expected: ThrowNothing() throws an exception of type bool.\n"
+      "  Actual: it throws nothing.");
+}
+
+// Tests ASSERT_NO_THROW.
+TEST(AssertionTest, ASSERT_NO_THROW) {
+  ASSERT_NO_THROW(ThrowNothing());
+  EXPECT_FATAL_FAILURE(ASSERT_NO_THROW(ThrowAnInteger()),
+                       "Expected: ThrowAnInteger() doesn't throw an exception."
+                       "\n  Actual: it throws.");
+}
+
+// Tests ASSERT_ANY_THROW.
+TEST(AssertionTest, ASSERT_ANY_THROW) {
+  ASSERT_ANY_THROW(ThrowAnInteger());
+  EXPECT_FATAL_FAILURE(
+      ASSERT_ANY_THROW(ThrowNothing()),
+      "Expected: ThrowNothing() throws an exception.\n"
+      "  Actual: it doesn't.");
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Makes sure we deal with the precedence of <<.  This test should
+// compile.
+TEST(AssertionTest, AssertPrecedence) {
+  ASSERT_EQ(1 < 2, true);
+  bool false_value = false;
+  ASSERT_EQ(true && false_value, false);
+}
+
+// A subroutine used by the following test.
+void TestEq1(int x) {
+  ASSERT_EQ(1, x);
+}
+
+// Tests calling a test subroutine that's not part of a fixture.
+TEST(AssertionTest, NonFixtureSubroutine) {
+  EXPECT_FATAL_FAILURE(TestEq1(2),
+                       "Value of: x");
+}
+
+// An uncopyable class.
+class Uncopyable {
+ public:
+  explicit Uncopyable(int a_value) : value_(a_value) {}
+
+  int value() const { return value_; }
+  bool operator==(const Uncopyable& rhs) const {
+    return value() == rhs.value();
+  }
+ private:
+  // This constructor deliberately has no implementation, as we don't
+  // want this class to be copyable.
+  Uncopyable(const Uncopyable&);  // NOLINT
+
+  int value_;
+};
+
+::std::ostream& operator<<(::std::ostream& os, const Uncopyable& value) {
+  return os << value.value();
+}
+
+
+bool IsPositiveUncopyable(const Uncopyable& x) {
+  return x.value() > 0;
+}
+
+// A subroutine used by the following test.
+void TestAssertNonPositive() {
+  Uncopyable y(-1);
+  ASSERT_PRED1(IsPositiveUncopyable, y);
+}
+// A subroutine used by the following test.
+void TestAssertEqualsUncopyable() {
+  Uncopyable x(5);
+  Uncopyable y(-1);
+  ASSERT_EQ(x, y);
+}
+
+// Tests that uncopyable objects can be used in assertions.
+TEST(AssertionTest, AssertWorksWithUncopyableObject) {
+  Uncopyable x(5);
+  ASSERT_PRED1(IsPositiveUncopyable, x);
+  ASSERT_EQ(x, x);
+  EXPECT_FATAL_FAILURE(TestAssertNonPositive(),
+    "IsPositiveUncopyable(y) evaluates to false, where\ny evaluates to -1");
+  EXPECT_FATAL_FAILURE(TestAssertEqualsUncopyable(),
+    "Value of: y\n  Actual: -1\nExpected: x\nWhich is: 5");
+}
+
+// Tests that uncopyable objects can be used in expects.
+TEST(AssertionTest, ExpectWorksWithUncopyableObject) {
+  Uncopyable x(5);
+  EXPECT_PRED1(IsPositiveUncopyable, x);
+  Uncopyable y(-1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_PRED1(IsPositiveUncopyable, y),
+    "IsPositiveUncopyable(y) evaluates to false, where\ny evaluates to -1");
+  EXPECT_EQ(x, x);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(x, y),
+    "Value of: y\n  Actual: -1\nExpected: x\nWhich is: 5");
+}
+
+enum NamedEnum {
+  kE1 = 0,
+  kE2 = 1
+};
+
+TEST(AssertionTest, NamedEnum) {
+  EXPECT_EQ(kE1, kE1);
+  EXPECT_LT(kE1, kE2);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(kE1, kE2), "Which is: 0");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(kE1, kE2), "Actual: 1");
+}
+
+// The version of gcc used in XCode 2.2 has a bug and doesn't allow
+// anonymous enums in assertions.  Therefore the following test is not
+// done on Mac.
+// Sun Studio and HP aCC also reject this code.
+#if !GTEST_OS_MAC && !defined(__SUNPRO_CC) && !defined(__HP_aCC)
+
+// Tests using assertions with anonymous enums.
+enum {
+  kCaseA = -1,
+
+# if GTEST_OS_LINUX
+
+  // We want to test the case where the size of the anonymous enum is
+  // larger than sizeof(int), to make sure our implementation of the
+  // assertions doesn't truncate the enums.  However, MSVC
+  // (incorrectly) doesn't allow an enum value to exceed the range of
+  // an int, so this has to be conditionally compiled.
+  //
+  // On Linux, kCaseB and kCaseA have the same value when truncated to
+  // int size.  We want to test whether this will confuse the
+  // assertions.
+  kCaseB = testing::internal::kMaxBiggestInt,
+
+# else
+
+  kCaseB = INT_MAX,
+
+# endif  // GTEST_OS_LINUX
+
+  kCaseC = 42
+};
+
+TEST(AssertionTest, AnonymousEnum) {
+# if GTEST_OS_LINUX
+
+  EXPECT_EQ(static_cast<int>(kCaseA), static_cast<int>(kCaseB));
+
+# endif  // GTEST_OS_LINUX
+
+  EXPECT_EQ(kCaseA, kCaseA);
+  EXPECT_NE(kCaseA, kCaseB);
+  EXPECT_LT(kCaseA, kCaseB);
+  EXPECT_LE(kCaseA, kCaseB);
+  EXPECT_GT(kCaseB, kCaseA);
+  EXPECT_GE(kCaseA, kCaseA);
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(kCaseA, kCaseB),
+                          "(kCaseA) >= (kCaseB)");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(kCaseA, kCaseC),
+                          "-1 vs 42");
+
+  ASSERT_EQ(kCaseA, kCaseA);
+  ASSERT_NE(kCaseA, kCaseB);
+  ASSERT_LT(kCaseA, kCaseB);
+  ASSERT_LE(kCaseA, kCaseB);
+  ASSERT_GT(kCaseB, kCaseA);
+  ASSERT_GE(kCaseA, kCaseA);
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(kCaseA, kCaseB),
+                       "Value of: kCaseB");
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(kCaseA, kCaseC),
+                       "Actual: 42");
+# endif
+
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(kCaseA, kCaseC),
+                       "Which is: -1");
+}
+
+#endif  // !GTEST_OS_MAC && !defined(__SUNPRO_CC)
+
+#if GTEST_OS_WINDOWS
+
+static HRESULT UnexpectedHRESULTFailure() {
+  return E_UNEXPECTED;
+}
+
+static HRESULT OkHRESULTSuccess() {
+  return S_OK;
+}
+
+static HRESULT FalseHRESULTSuccess() {
+  return S_FALSE;
+}
+
+// HRESULT assertion tests test both zero and non-zero
+// success codes as well as failure message for each.
+//
+// Windows CE doesn't support message texts.
+TEST(HRESULTAssertionTest, EXPECT_HRESULT_SUCCEEDED) {
+  EXPECT_HRESULT_SUCCEEDED(S_OK);
+  EXPECT_HRESULT_SUCCEEDED(S_FALSE);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_HRESULT_SUCCEEDED(UnexpectedHRESULTFailure()),
+    "Expected: (UnexpectedHRESULTFailure()) succeeds.\n"
+    "  Actual: 0x8000FFFF");
+}
+
+TEST(HRESULTAssertionTest, ASSERT_HRESULT_SUCCEEDED) {
+  ASSERT_HRESULT_SUCCEEDED(S_OK);
+  ASSERT_HRESULT_SUCCEEDED(S_FALSE);
+
+  EXPECT_FATAL_FAILURE(ASSERT_HRESULT_SUCCEEDED(UnexpectedHRESULTFailure()),
+    "Expected: (UnexpectedHRESULTFailure()) succeeds.\n"
+    "  Actual: 0x8000FFFF");
+}
+
+TEST(HRESULTAssertionTest, EXPECT_HRESULT_FAILED) {
+  EXPECT_HRESULT_FAILED(E_UNEXPECTED);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_HRESULT_FAILED(OkHRESULTSuccess()),
+    "Expected: (OkHRESULTSuccess()) fails.\n"
+    "  Actual: 0x0");
+  EXPECT_NONFATAL_FAILURE(EXPECT_HRESULT_FAILED(FalseHRESULTSuccess()),
+    "Expected: (FalseHRESULTSuccess()) fails.\n"
+    "  Actual: 0x1");
+}
+
+TEST(HRESULTAssertionTest, ASSERT_HRESULT_FAILED) {
+  ASSERT_HRESULT_FAILED(E_UNEXPECTED);
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder 2007 and 2009.
+  EXPECT_FATAL_FAILURE(ASSERT_HRESULT_FAILED(OkHRESULTSuccess()),
+    "Expected: (OkHRESULTSuccess()) fails.\n"
+    "  Actual: 0x0");
+# endif
+
+  EXPECT_FATAL_FAILURE(ASSERT_HRESULT_FAILED(FalseHRESULTSuccess()),
+    "Expected: (FalseHRESULTSuccess()) fails.\n"
+    "  Actual: 0x1");
+}
+
+// Tests that streaming to the HRESULT macros works.
+TEST(HRESULTAssertionTest, Streaming) {
+  EXPECT_HRESULT_SUCCEEDED(S_OK) << "unexpected failure";
+  ASSERT_HRESULT_SUCCEEDED(S_OK) << "unexpected failure";
+  EXPECT_HRESULT_FAILED(E_UNEXPECTED) << "unexpected failure";
+  ASSERT_HRESULT_FAILED(E_UNEXPECTED) << "unexpected failure";
+
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_HRESULT_SUCCEEDED(E_UNEXPECTED) << "expected failure",
+      "expected failure");
+
+# ifndef __BORLANDC__
+
+  // ICE's in C++Builder 2007 and 2009.
+  EXPECT_FATAL_FAILURE(
+      ASSERT_HRESULT_SUCCEEDED(E_UNEXPECTED) << "expected failure",
+      "expected failure");
+# endif
+
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_HRESULT_FAILED(S_OK) << "expected failure",
+      "expected failure");
+
+  EXPECT_FATAL_FAILURE(
+      ASSERT_HRESULT_FAILED(S_OK) << "expected failure",
+      "expected failure");
+}
+
+#endif  // GTEST_OS_WINDOWS
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+# pragma option push -w-ccc -w-rch
+#endif
+
+// Tests that the assertion macros behave like single statements.
+TEST(AssertionSyntaxTest, BasicAssertionsBehavesLikeSingleStatement) {
+  if (AlwaysFalse())
+    ASSERT_TRUE(false) << "This should never be executed; "
+                          "It's a compilation test only.";
+
+  if (AlwaysTrue())
+    EXPECT_FALSE(false);
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ASSERT_LT(1, 3);
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    EXPECT_GT(3, 2) << "";
+}
+
+#if GTEST_HAS_EXCEPTIONS
+// Tests that the compiler will not complain about unreachable code in the
+// EXPECT_THROW/EXPECT_ANY_THROW/EXPECT_NO_THROW macros.
+TEST(ExpectThrowTest, DoesNotGenerateUnreachableCodeWarning) {
+  int n = 0;
+
+  EXPECT_THROW(throw 1, int);
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(n++, int), "");
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(throw 1, const char*), "");
+  EXPECT_NO_THROW(n++);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW(throw 1), "");
+  EXPECT_ANY_THROW(throw 1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_ANY_THROW(n++), "");
+}
+
+TEST(AssertionSyntaxTest, ExceptionAssertionsBehavesLikeSingleStatement) {
+  if (AlwaysFalse())
+    EXPECT_THROW(ThrowNothing(), bool);
+
+  if (AlwaysTrue())
+    EXPECT_THROW(ThrowAnInteger(), int);
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    EXPECT_NO_THROW(ThrowAnInteger());
+
+  if (AlwaysTrue())
+    EXPECT_NO_THROW(ThrowNothing());
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    EXPECT_ANY_THROW(ThrowNothing());
+
+  if (AlwaysTrue())
+    EXPECT_ANY_THROW(ThrowAnInteger());
+  else
+    ;  // NOLINT
+}
+#endif  // GTEST_HAS_EXCEPTIONS
+
+TEST(AssertionSyntaxTest, NoFatalFailureAssertionsBehavesLikeSingleStatement) {
+  if (AlwaysFalse())
+    EXPECT_NO_FATAL_FAILURE(FAIL()) << "This should never be executed. "
+                                    << "It's a compilation test only.";
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ASSERT_NO_FATAL_FAILURE(FAIL()) << "";
+  else
+    ;  // NOLINT
+
+  if (AlwaysTrue())
+    EXPECT_NO_FATAL_FAILURE(SUCCEED());
+  else
+    ;  // NOLINT
+
+  if (AlwaysFalse())
+    ;  // NOLINT
+  else
+    ASSERT_NO_FATAL_FAILURE(SUCCEED());
+}
+
+// Tests that the assertion macros work well with switch statements.
+TEST(AssertionSyntaxTest, WorksWithSwitch) {
+  switch (0) {
+    case 1:
+      break;
+    default:
+      ASSERT_TRUE(true);
+  }
+
+  switch (0)
+    case 0:
+      EXPECT_FALSE(false) << "EXPECT_FALSE failed in switch case";
+
+  // Binary assertions are implemented using a different code path
+  // than the Boolean assertions.  Hence we test them separately.
+  switch (0) {
+    case 1:
+    default:
+      ASSERT_EQ(1, 1) << "ASSERT_EQ failed in default switch handler";
+  }
+
+  switch (0)
+    case 0:
+      EXPECT_NE(1, 2);
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+void ThrowAString() {
+    throw "std::string";
+}
+
+// Test that the exception assertion macros compile and work with const
+// type qualifier.
+TEST(AssertionSyntaxTest, WorksWithConst) {
+    ASSERT_THROW(ThrowAString(), const char*);
+
+    EXPECT_THROW(ThrowAString(), const char*);
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+}  // namespace
+
+namespace testing {
+
+// Tests that Google Test tracks SUCCEED*.
+TEST(SuccessfulAssertionTest, SUCCEED) {
+  SUCCEED();
+  SUCCEED() << "OK";
+  EXPECT_EQ(2, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful EXPECT_*.
+TEST(SuccessfulAssertionTest, EXPECT) {
+  EXPECT_TRUE(true);
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful EXPECT_STR*.
+TEST(SuccessfulAssertionTest, EXPECT_STR) {
+  EXPECT_STREQ("", "");
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful ASSERT_*.
+TEST(SuccessfulAssertionTest, ASSERT) {
+  ASSERT_TRUE(true);
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+// Tests that Google Test doesn't track successful ASSERT_STR*.
+TEST(SuccessfulAssertionTest, ASSERT_STR) {
+  ASSERT_STREQ("", "");
+  EXPECT_EQ(0, GetUnitTestImpl()->current_test_result()->total_part_count());
+}
+
+}  // namespace testing
+
+namespace {
+
+// Tests the message streaming variation of assertions.
+
+TEST(AssertionWithMessageTest, EXPECT) {
+  EXPECT_EQ(1, 1) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(1, 1) << "Expected failure #1.",
+                          "Expected failure #1");
+  EXPECT_LE(1, 2) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(1, 0) << "Expected failure #2.",
+                          "Expected failure #2.");
+  EXPECT_GE(1, 0) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(1, 2) << "Expected failure #3.",
+                          "Expected failure #3.");
+
+  EXPECT_STREQ("1", "1") << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE("1", "1") << "Expected failure #4.",
+                          "Expected failure #4.");
+  EXPECT_STRCASEEQ("a", "A") << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASENE("a", "A") << "Expected failure #5.",
+                          "Expected failure #5.");
+
+  EXPECT_FLOAT_EQ(1, 1) << "This should succeed.";
+  EXPECT_NONFATAL_FAILURE(EXPECT_DOUBLE_EQ(1, 1.2) << "Expected failure #6.",
+                          "Expected failure #6.");
+  EXPECT_NEAR(1, 1.1, 0.2) << "This should succeed.";
+}
+
+TEST(AssertionWithMessageTest, ASSERT) {
+  ASSERT_EQ(1, 1) << "This should succeed.";
+  ASSERT_NE(1, 2) << "This should succeed.";
+  ASSERT_LE(1, 2) << "This should succeed.";
+  ASSERT_LT(1, 2) << "This should succeed.";
+  ASSERT_GE(1, 0) << "This should succeed.";
+  EXPECT_FATAL_FAILURE(ASSERT_GT(1, 2) << "Expected failure.",
+                       "Expected failure.");
+}
+
+TEST(AssertionWithMessageTest, ASSERT_STR) {
+  ASSERT_STREQ("1", "1") << "This should succeed.";
+  ASSERT_STRNE("1", "2") << "This should succeed.";
+  ASSERT_STRCASEEQ("a", "A") << "This should succeed.";
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASENE("a", "A") << "Expected failure.",
+                       "Expected failure.");
+}
+
+TEST(AssertionWithMessageTest, ASSERT_FLOATING) {
+  ASSERT_FLOAT_EQ(1, 1) << "This should succeed.";
+  ASSERT_DOUBLE_EQ(1, 1) << "This should succeed.";
+  EXPECT_FATAL_FAILURE(ASSERT_NEAR(1,1.2, 0.1) << "Expect failure.",  // NOLINT
+                       "Expect failure.");
+  // To work around a bug in gcc 2.95.0, there is intentionally no
+  // space after the first comma in the previous statement.
+}
+
+// Tests using ASSERT_FALSE with a streamed message.
+TEST(AssertionWithMessageTest, ASSERT_FALSE) {
+  ASSERT_FALSE(false) << "This shouldn't fail.";
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_FALSE(true) << "Expected failure: " << 2 << " > " << 1
+                       << " evaluates to " << true;
+  }, "Expected failure");
+}
+
+// Tests using FAIL with a streamed message.
+TEST(AssertionWithMessageTest, FAIL) {
+  EXPECT_FATAL_FAILURE(FAIL() << 0,
+                       "0");
+}
+
+// Tests using SUCCEED with a streamed message.
+TEST(AssertionWithMessageTest, SUCCEED) {
+  SUCCEED() << "Success == " << 1;
+}
+
+// Tests using ASSERT_TRUE with a streamed message.
+TEST(AssertionWithMessageTest, ASSERT_TRUE) {
+  ASSERT_TRUE(true) << "This should succeed.";
+  ASSERT_TRUE(true) << true;
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_TRUE(false) << static_cast<const char *>(NULL)
+                       << static_cast<char *>(NULL);
+  }, "(null)(null)");
+}
+
+#if GTEST_OS_WINDOWS
+// Tests using wide strings in assertion messages.
+TEST(AssertionWithMessageTest, WideStringMessage) {
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_TRUE(false) << L"This failure is expected.\x8119";
+  }, "This failure is expected.");
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EQ(1, 2) << "This failure is "
+                    << L"expected too.\x8120";
+  }, "This failure is expected too.");
+}
+#endif  // GTEST_OS_WINDOWS
+
+// Tests EXPECT_TRUE.
+TEST(ExpectTest, EXPECT_TRUE) {
+  EXPECT_TRUE(true) << "Intentional success";
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(false) << "Intentional failure #1.",
+                          "Intentional failure #1.");
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(false) << "Intentional failure #2.",
+                          "Intentional failure #2.");
+  EXPECT_TRUE(2 > 1);  // NOLINT
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(2 < 1),
+                          "Value of: 2 < 1\n"
+                          "  Actual: false\n"
+                          "Expected: true");
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(2 > 3),
+                          "2 > 3");
+}
+
+// Tests EXPECT_TRUE(predicate) for predicates returning AssertionResult.
+TEST(ExpectTest, ExpectTrueWithAssertionResult) {
+  EXPECT_TRUE(ResultIsEven(2));
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(ResultIsEven(3)),
+                          "Value of: ResultIsEven(3)\n"
+                          "  Actual: false (3 is odd)\n"
+                          "Expected: true");
+  EXPECT_TRUE(ResultIsEvenNoExplanation(2));
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(ResultIsEvenNoExplanation(3)),
+                          "Value of: ResultIsEvenNoExplanation(3)\n"
+                          "  Actual: false (3 is odd)\n"
+                          "Expected: true");
+}
+
+// Tests EXPECT_FALSE with a streamed message.
+TEST(ExpectTest, EXPECT_FALSE) {
+  EXPECT_FALSE(2 < 1);  // NOLINT
+  EXPECT_FALSE(false) << "Intentional success";
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(true) << "Intentional failure #1.",
+                          "Intentional failure #1.");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(true) << "Intentional failure #2.",
+                          "Intentional failure #2.");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(2 > 1),
+                          "Value of: 2 > 1\n"
+                          "  Actual: true\n"
+                          "Expected: false");
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(2 < 3),
+                          "2 < 3");
+}
+
+// Tests EXPECT_FALSE(predicate) for predicates returning AssertionResult.
+TEST(ExpectTest, ExpectFalseWithAssertionResult) {
+  EXPECT_FALSE(ResultIsEven(3));
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(ResultIsEven(2)),
+                          "Value of: ResultIsEven(2)\n"
+                          "  Actual: true (2 is even)\n"
+                          "Expected: false");
+  EXPECT_FALSE(ResultIsEvenNoExplanation(3));
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(ResultIsEvenNoExplanation(2)),
+                          "Value of: ResultIsEvenNoExplanation(2)\n"
+                          "  Actual: true\n"
+                          "Expected: false");
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" supressed them
+# pragma option pop
+#endif
+
+// Tests EXPECT_EQ.
+TEST(ExpectTest, EXPECT_EQ) {
+  EXPECT_EQ(5, 2 + 3);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(5, 2*3),
+                          "Value of: 2*3\n"
+                          "  Actual: 6\n"
+                          "Expected: 5");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(5, 2 - 3),
+                          "2 - 3");
+}
+
+// Tests using EXPECT_EQ on double values.  The purpose is to make
+// sure that the specialization we did for integer and anonymous enums
+// isn't used for double arguments.
+TEST(ExpectTest, EXPECT_EQ_Double) {
+  // A success.
+  EXPECT_EQ(5.6, 5.6);
+
+  // A failure.
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(5.1, 5.2),
+                          "5.1");
+}
+
+#if GTEST_CAN_COMPARE_NULL
+// Tests EXPECT_EQ(NULL, pointer).
+TEST(ExpectTest, EXPECT_EQ_NULL) {
+  // A success.
+  const char* p = NULL;
+  // Some older GCC versions may issue a spurious warning in this or the next
+  // assertion statement. This warning should not be suppressed with
+  // static_cast since the test verifies the ability to use bare NULL as the
+  // expected parameter to the macro.
+  EXPECT_EQ(NULL, p);
+
+  // A failure.
+  int n = 0;
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(NULL, &n),
+                          "Value of: &n\n");
+}
+#endif  // GTEST_CAN_COMPARE_NULL
+
+// Tests EXPECT_EQ(0, non_pointer).  Since the literal 0 can be
+// treated as a null pointer by the compiler, we need to make sure
+// that EXPECT_EQ(0, non_pointer) isn't interpreted by Google Test as
+// EXPECT_EQ(static_cast<void*>(NULL), non_pointer).
+TEST(ExpectTest, EXPECT_EQ_0) {
+  int n = 0;
+
+  // A success.
+  EXPECT_EQ(0, n);
+
+  // A failure.
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(0, 5.6),
+                          "Expected: 0");
+}
+
+// Tests EXPECT_NE.
+TEST(ExpectTest, EXPECT_NE) {
+  EXPECT_NE(6, 7);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE('a', 'a'),
+                          "Expected: ('a') != ('a'), "
+                          "actual: 'a' (97, 0x61) vs 'a' (97, 0x61)");
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(2, 2),
+                          "2");
+  char* const p0 = NULL;
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(p0, p0),
+                          "p0");
+  // Only way to get the Nokia compiler to compile the cast
+  // is to have a separate void* variable first. Putting
+  // the two casts on the same line doesn't work, neither does
+  // a direct C-style to char*.
+  void* pv1 = (void*)0x1234;  // NOLINT
+  char* const p1 = reinterpret_cast<char*>(pv1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_NE(p1, p1),
+                          "p1");
+}
+
+// Tests EXPECT_LE.
+TEST(ExpectTest, EXPECT_LE) {
+  EXPECT_LE(2, 3);
+  EXPECT_LE(2, 2);
+  EXPECT_NONFATAL_FAILURE(EXPECT_LE(2, 0),
+                          "Expected: (2) <= (0), actual: 2 vs 0");
+  EXPECT_NONFATAL_FAILURE(EXPECT_LE(1.1, 0.9),
+                          "(1.1) <= (0.9)");
+}
+
+// Tests EXPECT_LT.
+TEST(ExpectTest, EXPECT_LT) {
+  EXPECT_LT(2, 3);
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(2, 2),
+                          "Expected: (2) < (2), actual: 2 vs 2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(2, 1),
+                          "(2) < (1)");
+}
+
+// Tests EXPECT_GE.
+TEST(ExpectTest, EXPECT_GE) {
+  EXPECT_GE(2, 1);
+  EXPECT_GE(2, 2);
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(2, 3),
+                          "Expected: (2) >= (3), actual: 2 vs 3");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GE(0.9, 1.1),
+                          "(0.9) >= (1.1)");
+}
+
+// Tests EXPECT_GT.
+TEST(ExpectTest, EXPECT_GT) {
+  EXPECT_GT(2, 1);
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(2, 2),
+                          "Expected: (2) > (2), actual: 2 vs 2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(2, 3),
+                          "(2) > (3)");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+// Tests EXPECT_THROW.
+TEST(ExpectTest, EXPECT_THROW) {
+  EXPECT_THROW(ThrowAnInteger(), int);
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(ThrowAnInteger(), bool),
+                          "Expected: ThrowAnInteger() throws an exception of "
+                          "type bool.\n  Actual: it throws a different type.");
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_THROW(ThrowNothing(), bool),
+      "Expected: ThrowNothing() throws an exception of type bool.\n"
+      "  Actual: it throws nothing.");
+}
+
+// Tests EXPECT_NO_THROW.
+TEST(ExpectTest, EXPECT_NO_THROW) {
+  EXPECT_NO_THROW(ThrowNothing());
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW(ThrowAnInteger()),
+                          "Expected: ThrowAnInteger() doesn't throw an "
+                          "exception.\n  Actual: it throws.");
+}
+
+// Tests EXPECT_ANY_THROW.
+TEST(ExpectTest, EXPECT_ANY_THROW) {
+  EXPECT_ANY_THROW(ThrowAnInteger());
+  EXPECT_NONFATAL_FAILURE(
+      EXPECT_ANY_THROW(ThrowNothing()),
+      "Expected: ThrowNothing() throws an exception.\n"
+      "  Actual: it doesn't.");
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Make sure we deal with the precedence of <<.
+TEST(ExpectTest, ExpectPrecedence) {
+  EXPECT_EQ(1 < 2, true);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(true, true && false),
+                          "Value of: true && false");
+}
+
+
+// Tests the StreamableToString() function.
+
+// Tests using StreamableToString() on a scalar.
+TEST(StreamableToStringTest, Scalar) {
+  EXPECT_STREQ("5", StreamableToString(5).c_str());
+}
+
+// Tests using StreamableToString() on a non-char pointer.
+TEST(StreamableToStringTest, Pointer) {
+  int n = 0;
+  int* p = &n;
+  EXPECT_STRNE("(null)", StreamableToString(p).c_str());
+}
+
+// Tests using StreamableToString() on a NULL non-char pointer.
+TEST(StreamableToStringTest, NullPointer) {
+  int* p = NULL;
+  EXPECT_STREQ("(null)", StreamableToString(p).c_str());
+}
+
+// Tests using StreamableToString() on a C string.
+TEST(StreamableToStringTest, CString) {
+  EXPECT_STREQ("Foo", StreamableToString("Foo").c_str());
+}
+
+// Tests using StreamableToString() on a NULL C string.
+TEST(StreamableToStringTest, NullCString) {
+  char* p = NULL;
+  EXPECT_STREQ("(null)", StreamableToString(p).c_str());
+}
+
+// Tests using streamable values as assertion messages.
+
+// Tests using std::string as an assertion message.
+TEST(StreamableTest, string) {
+  static const std::string str(
+      "This failure message is a std::string, and is expected.");
+  EXPECT_FATAL_FAILURE(FAIL() << str,
+                       str.c_str());
+}
+
+// Tests that we can output strings containing embedded NULs.
+// Limited to Linux because we can only do this with std::string's.
+TEST(StreamableTest, stringWithEmbeddedNUL) {
+  static const char char_array_with_nul[] =
+      "Here's a NUL\0 and some more string";
+  static const std::string string_with_nul(char_array_with_nul,
+                                           sizeof(char_array_with_nul)
+                                           - 1);  // drops the trailing NUL
+  EXPECT_FATAL_FAILURE(FAIL() << string_with_nul,
+                       "Here's a NUL\\0 and some more string");
+}
+
+// Tests that we can output a NUL char.
+TEST(StreamableTest, NULChar) {
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    FAIL() << "A NUL" << '\0' << " and some more string";
+  }, "A NUL\\0 and some more string");
+}
+
+// Tests using int as an assertion message.
+TEST(StreamableTest, int) {
+  EXPECT_FATAL_FAILURE(FAIL() << 900913,
+                       "900913");
+}
+
+// Tests using NULL char pointer as an assertion message.
+//
+// In MSVC, streaming a NULL char * causes access violation.  Google Test
+// implemented a workaround (substituting "(null)" for NULL).  This
+// tests whether the workaround works.
+TEST(StreamableTest, NullCharPtr) {
+  EXPECT_FATAL_FAILURE(FAIL() << static_cast<const char*>(NULL),
+                       "(null)");
+}
+
+// Tests that basic IO manipulators (endl, ends, and flush) can be
+// streamed to testing::Message.
+TEST(StreamableTest, BasicIoManip) {
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    FAIL() << "Line 1." << std::endl
+           << "A NUL char " << std::ends << std::flush << " in line 2.";
+  }, "Line 1.\nA NUL char \\0 in line 2.");
+}
+
+// Tests the macros that haven't been covered so far.
+
+void AddFailureHelper(bool* aborted) {
+  *aborted = true;
+  ADD_FAILURE() << "Intentional failure.";
+  *aborted = false;
+}
+
+// Tests ADD_FAILURE.
+TEST(MacroTest, ADD_FAILURE) {
+  bool aborted = true;
+  EXPECT_NONFATAL_FAILURE(AddFailureHelper(&aborted),
+                          "Intentional failure.");
+  EXPECT_FALSE(aborted);
+}
+
+// Tests ADD_FAILURE_AT.
+TEST(MacroTest, ADD_FAILURE_AT) {
+  // Verifies that ADD_FAILURE_AT does generate a nonfatal failure and
+  // the failure message contains the user-streamed part.
+  EXPECT_NONFATAL_FAILURE(ADD_FAILURE_AT("foo.cc", 42) << "Wrong!", "Wrong!");
+
+  // Verifies that the user-streamed part is optional.
+  EXPECT_NONFATAL_FAILURE(ADD_FAILURE_AT("foo.cc", 42), "Failed");
+
+  // Unfortunately, we cannot verify that the failure message contains
+  // the right file path and line number the same way, as
+  // EXPECT_NONFATAL_FAILURE() doesn't get to see the file path and
+  // line number.  Instead, we do that in gtest_output_test_.cc.
+}
+
+// Tests FAIL.
+TEST(MacroTest, FAIL) {
+  EXPECT_FATAL_FAILURE(FAIL(),
+                       "Failed");
+  EXPECT_FATAL_FAILURE(FAIL() << "Intentional failure.",
+                       "Intentional failure.");
+}
+
+// Tests SUCCEED
+TEST(MacroTest, SUCCEED) {
+  SUCCEED();
+  SUCCEED() << "Explicit success.";
+}
+
+// Tests for EXPECT_EQ() and ASSERT_EQ().
+//
+// These tests fail *intentionally*, s.t. the failure messages can be
+// generated and tested.
+//
+// We have different tests for different argument types.
+
+// Tests using bool values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Bool) {
+  EXPECT_EQ(true,  true);
+  EXPECT_FATAL_FAILURE({
+      bool false_value = false;
+      ASSERT_EQ(false_value, true);
+    }, "Value of: true");
+}
+
+// Tests using int values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Int) {
+  ASSERT_EQ(32, 32);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(32, 33),
+                          "33");
+}
+
+// Tests using time_t values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Time_T) {
+  EXPECT_EQ(static_cast<time_t>(0),
+            static_cast<time_t>(0));
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(static_cast<time_t>(0),
+                                 static_cast<time_t>(1234)),
+                       "1234");
+}
+
+// Tests using char values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, Char) {
+  ASSERT_EQ('z', 'z');
+  const char ch = 'b';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ('\0', ch),
+                          "ch");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ('a', ch),
+                          "ch");
+}
+
+// Tests using wchar_t values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, WideChar) {
+  EXPECT_EQ(L'b', L'b');
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(L'\0', L'x'),
+                          "Value of: L'x'\n"
+                          "  Actual: L'x' (120, 0x78)\n"
+                          "Expected: L'\0'\n"
+                          "Which is: L'\0' (0, 0x0)");
+
+  static wchar_t wchar;
+  wchar = L'b';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(L'a', wchar),
+                          "wchar");
+  wchar = 0x8119;
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(static_cast<wchar_t>(0x8120), wchar),
+                       "Value of: wchar");
+}
+
+// Tests using ::std::string values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, StdString) {
+  // Compares a const char* to an std::string that has identical
+  // content.
+  ASSERT_EQ("Test", ::std::string("Test"));
+
+  // Compares two identical std::strings.
+  static const ::std::string str1("A * in the middle");
+  static const ::std::string str2(str1);
+  EXPECT_EQ(str1, str2);
+
+  // Compares a const char* to an std::string that has different
+  // content
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ("Test", ::std::string("test")),
+                          "\"test\"");
+
+  // Compares an std::string to a char* that has different content.
+  char* const p1 = const_cast<char*>("foo");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(::std::string("bar"), p1),
+                          "p1");
+
+  // Compares two std::strings that have different contents, one of
+  // which having a NUL character in the middle.  This should fail.
+  static ::std::string str3(str1);
+  str3.at(2) = '\0';
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(str1, str3),
+                       "Value of: str3\n"
+                       "  Actual: \"A \\0 in the middle\"");
+}
+
+#if GTEST_HAS_STD_WSTRING
+
+// Tests using ::std::wstring values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, StdWideString) {
+  // Compares two identical std::wstrings.
+  const ::std::wstring wstr1(L"A * in the middle");
+  const ::std::wstring wstr2(wstr1);
+  ASSERT_EQ(wstr1, wstr2);
+
+  // Compares an std::wstring to a const wchar_t* that has identical
+  // content.
+  const wchar_t kTestX8119[] = { 'T', 'e', 's', 't', 0x8119, '\0' };
+  EXPECT_EQ(::std::wstring(kTestX8119), kTestX8119);
+
+  // Compares an std::wstring to a const wchar_t* that has different
+  // content.
+  const wchar_t kTestX8120[] = { 'T', 'e', 's', 't', 0x8120, '\0' };
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_EQ(::std::wstring(kTestX8119), kTestX8120);
+  }, "kTestX8120");
+
+  // Compares two std::wstrings that have different contents, one of
+  // which having a NUL character in the middle.
+  ::std::wstring wstr3(wstr1);
+  wstr3.at(2) = L'\0';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(wstr1, wstr3),
+                          "wstr3");
+
+  // Compares a wchar_t* to an std::wstring that has different
+  // content.
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EQ(const_cast<wchar_t*>(L"foo"), ::std::wstring(L"bar"));
+  }, "");
+}
+
+#endif  // GTEST_HAS_STD_WSTRING
+
+#if GTEST_HAS_GLOBAL_STRING
+// Tests using ::string values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, GlobalString) {
+  // Compares a const char* to a ::string that has identical content.
+  EXPECT_EQ("Test", ::string("Test"));
+
+  // Compares two identical ::strings.
+  const ::string str1("A * in the middle");
+  const ::string str2(str1);
+  ASSERT_EQ(str1, str2);
+
+  // Compares a ::string to a const char* that has different content.
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(::string("Test"), "test"),
+                          "test");
+
+  // Compares two ::strings that have different contents, one of which
+  // having a NUL character in the middle.
+  ::string str3(str1);
+  str3.at(2) = '\0';
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(str1, str3),
+                          "str3");
+
+  // Compares a ::string to a char* that has different content.
+  EXPECT_FATAL_FAILURE({  // NOLINT
+    ASSERT_EQ(::string("bar"), const_cast<char*>("foo"));
+  }, "");
+}
+
+#endif  // GTEST_HAS_GLOBAL_STRING
+
+#if GTEST_HAS_GLOBAL_WSTRING
+
+// Tests using ::wstring values in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, GlobalWideString) {
+  // Compares two identical ::wstrings.
+  static const ::wstring wstr1(L"A * in the middle");
+  static const ::wstring wstr2(wstr1);
+  EXPECT_EQ(wstr1, wstr2);
+
+  // Compares a const wchar_t* to a ::wstring that has identical content.
+  const wchar_t kTestX8119[] = { 'T', 'e', 's', 't', 0x8119, '\0' };
+  ASSERT_EQ(kTestX8119, ::wstring(kTestX8119));
+
+  // Compares a const wchar_t* to a ::wstring that has different
+  // content.
+  const wchar_t kTestX8120[] = { 'T', 'e', 's', 't', 0x8120, '\0' };
+  EXPECT_NONFATAL_FAILURE({  // NOLINT
+    EXPECT_EQ(kTestX8120, ::wstring(kTestX8119));
+  }, "Test\\x8119");
+
+  // Compares a wchar_t* to a ::wstring that has different content.
+  wchar_t* const p1 = const_cast<wchar_t*>(L"foo");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p1, ::wstring(L"bar")),
+                          "bar");
+
+  // Compares two ::wstrings that have different contents, one of which
+  // having a NUL character in the middle.
+  static ::wstring wstr3;
+  wstr3 = wstr1;
+  wstr3.at(2) = L'\0';
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(wstr1, wstr3),
+                       "wstr3");
+}
+
+#endif  // GTEST_HAS_GLOBAL_WSTRING
+
+// Tests using char pointers in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, CharPointer) {
+  char* const p0 = NULL;
+  // Only way to get the Nokia compiler to compile the cast
+  // is to have a separate void* variable first. Putting
+  // the two casts on the same line doesn't work, neither does
+  // a direct C-style to char*.
+  void* pv1 = (void*)0x1234;  // NOLINT
+  void* pv2 = (void*)0xABC0;  // NOLINT
+  char* const p1 = reinterpret_cast<char*>(pv1);
+  char* const p2 = reinterpret_cast<char*>(pv2);
+  ASSERT_EQ(p1, p1);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p0, p2),
+                          "Value of: p2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p1, p2),
+                          "p2");
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(reinterpret_cast<char*>(0x1234),
+                                 reinterpret_cast<char*>(0xABC0)),
+                       "ABC0");
+}
+
+// Tests using wchar_t pointers in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, WideCharPointer) {
+  wchar_t* const p0 = NULL;
+  // Only way to get the Nokia compiler to compile the cast
+  // is to have a separate void* variable first. Putting
+  // the two casts on the same line doesn't work, neither does
+  // a direct C-style to char*.
+  void* pv1 = (void*)0x1234;  // NOLINT
+  void* pv2 = (void*)0xABC0;  // NOLINT
+  wchar_t* const p1 = reinterpret_cast<wchar_t*>(pv1);
+  wchar_t* const p2 = reinterpret_cast<wchar_t*>(pv2);
+  EXPECT_EQ(p0, p0);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p0, p2),
+                          "Value of: p2");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p1, p2),
+                          "p2");
+  void* pv3 = (void*)0x1234;  // NOLINT
+  void* pv4 = (void*)0xABC0;  // NOLINT
+  const wchar_t* p3 = reinterpret_cast<const wchar_t*>(pv3);
+  const wchar_t* p4 = reinterpret_cast<const wchar_t*>(pv4);
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(p3, p4),
+                          "p4");
+}
+
+// Tests using other types of pointers in {EXPECT|ASSERT}_EQ.
+TEST(EqAssertionTest, OtherPointer) {
+  ASSERT_EQ(static_cast<const int*>(NULL),
+            static_cast<const int*>(NULL));
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(static_cast<const int*>(NULL),
+                                 reinterpret_cast<const int*>(0x1234)),
+                       "0x1234");
+}
+
+// A class that supports binary comparison operators but not streaming.
+class UnprintableChar {
+ public:
+  explicit UnprintableChar(char ch) : char_(ch) {}
+
+  bool operator==(const UnprintableChar& rhs) const {
+    return char_ == rhs.char_;
+  }
+  bool operator!=(const UnprintableChar& rhs) const {
+    return char_ != rhs.char_;
+  }
+  bool operator<(const UnprintableChar& rhs) const {
+    return char_ < rhs.char_;
+  }
+  bool operator<=(const UnprintableChar& rhs) const {
+    return char_ <= rhs.char_;
+  }
+  bool operator>(const UnprintableChar& rhs) const {
+    return char_ > rhs.char_;
+  }
+  bool operator>=(const UnprintableChar& rhs) const {
+    return char_ >= rhs.char_;
+  }
+
+ private:
+  char char_;
+};
+
+// Tests that ASSERT_EQ() and friends don't require the arguments to
+// be printable.
+TEST(ComparisonAssertionTest, AcceptsUnprintableArgs) {
+  const UnprintableChar x('x'), y('y');
+  ASSERT_EQ(x, x);
+  EXPECT_NE(x, y);
+  ASSERT_LT(x, y);
+  EXPECT_LE(x, y);
+  ASSERT_GT(y, x);
+  EXPECT_GE(x, x);
+
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(x, y), "1-byte object <78>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(x, y), "1-byte object <79>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(y, y), "1-byte object <79>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(x, y), "1-byte object <78>");
+  EXPECT_NONFATAL_FAILURE(EXPECT_GT(x, y), "1-byte object <79>");
+
+  // Code tested by EXPECT_FATAL_FAILURE cannot reference local
+  // variables, so we have to write UnprintableChar('x') instead of x.
+#ifndef __BORLANDC__
+  // ICE's in C++Builder.
+  EXPECT_FATAL_FAILURE(ASSERT_NE(UnprintableChar('x'), UnprintableChar('x')),
+                       "1-byte object <78>");
+  EXPECT_FATAL_FAILURE(ASSERT_LE(UnprintableChar('y'), UnprintableChar('x')),
+                       "1-byte object <78>");
+#endif
+  EXPECT_FATAL_FAILURE(ASSERT_LE(UnprintableChar('y'), UnprintableChar('x')),
+                       "1-byte object <79>");
+  EXPECT_FATAL_FAILURE(ASSERT_GE(UnprintableChar('x'), UnprintableChar('y')),
+                       "1-byte object <78>");
+  EXPECT_FATAL_FAILURE(ASSERT_GE(UnprintableChar('x'), UnprintableChar('y')),
+                       "1-byte object <79>");
+}
+
+// Tests the FRIEND_TEST macro.
+
+// This class has a private member we want to test.  We will test it
+// both in a TEST and in a TEST_F.
+class Foo {
+ public:
+  Foo() {}
+
+ private:
+  int Bar() const { return 1; }
+
+  // Declares the friend tests that can access the private member
+  // Bar().
+  FRIEND_TEST(FRIEND_TEST_Test, TEST);
+  FRIEND_TEST(FRIEND_TEST_Test2, TEST_F);
+};
+
+// Tests that the FRIEND_TEST declaration allows a TEST to access a
+// class's private members.  This should compile.
+TEST(FRIEND_TEST_Test, TEST) {
+  ASSERT_EQ(1, Foo().Bar());
+}
+
+// The fixture needed to test using FRIEND_TEST with TEST_F.
+class FRIEND_TEST_Test2 : public Test {
+ protected:
+  Foo foo;
+};
+
+// Tests that the FRIEND_TEST declaration allows a TEST_F to access a
+// class's private members.  This should compile.
+TEST_F(FRIEND_TEST_Test2, TEST_F) {
+  ASSERT_EQ(1, foo.Bar());
+}
+
+// Tests the life cycle of Test objects.
+
+// The test fixture for testing the life cycle of Test objects.
+//
+// This class counts the number of live test objects that uses this
+// fixture.
+class TestLifeCycleTest : public Test {
+ protected:
+  // Constructor.  Increments the number of test objects that uses
+  // this fixture.
+  TestLifeCycleTest() { count_++; }
+
+  // Destructor.  Decrements the number of test objects that uses this
+  // fixture.
+  ~TestLifeCycleTest() { count_--; }
+
+  // Returns the number of live test objects that uses this fixture.
+  int count() const { return count_; }
+
+ private:
+  static int count_;
+};
+
+int TestLifeCycleTest::count_ = 0;
+
+// Tests the life cycle of test objects.
+TEST_F(TestLifeCycleTest, Test1) {
+  // There should be only one test object in this test case that's
+  // currently alive.
+  ASSERT_EQ(1, count());
+}
+
+// Tests the life cycle of test objects.
+TEST_F(TestLifeCycleTest, Test2) {
+  // After Test1 is done and Test2 is started, there should still be
+  // only one live test object, as the object for Test1 should've been
+  // deleted.
+  ASSERT_EQ(1, count());
+}
+
+}  // namespace
+
+// Tests that the copy constructor works when it is NOT optimized away by
+// the compiler.
+TEST(AssertionResultTest, CopyConstructorWorksWhenNotOptimied) {
+  // Checks that the copy constructor doesn't try to dereference NULL pointers
+  // in the source object.
+  AssertionResult r1 = AssertionSuccess();
+  AssertionResult r2 = r1;
+  // The following line is added to prevent the compiler from optimizing
+  // away the constructor call.
+  r1 << "abc";
+
+  AssertionResult r3 = r1;
+  EXPECT_EQ(static_cast<bool>(r3), static_cast<bool>(r1));
+  EXPECT_STREQ("abc", r1.message());
+}
+
+// Tests that AssertionSuccess and AssertionFailure construct
+// AssertionResult objects as expected.
+TEST(AssertionResultTest, ConstructionWorks) {
+  AssertionResult r1 = AssertionSuccess();
+  EXPECT_TRUE(r1);
+  EXPECT_STREQ("", r1.message());
+
+  AssertionResult r2 = AssertionSuccess() << "abc";
+  EXPECT_TRUE(r2);
+  EXPECT_STREQ("abc", r2.message());
+
+  AssertionResult r3 = AssertionFailure();
+  EXPECT_FALSE(r3);
+  EXPECT_STREQ("", r3.message());
+
+  AssertionResult r4 = AssertionFailure() << "def";
+  EXPECT_FALSE(r4);
+  EXPECT_STREQ("def", r4.message());
+
+  AssertionResult r5 = AssertionFailure(Message() << "ghi");
+  EXPECT_FALSE(r5);
+  EXPECT_STREQ("ghi", r5.message());
+}
+
+// Tests that the negation flips the predicate result but keeps the message.
+TEST(AssertionResultTest, NegationWorks) {
+  AssertionResult r1 = AssertionSuccess() << "abc";
+  EXPECT_FALSE(!r1);
+  EXPECT_STREQ("abc", (!r1).message());
+
+  AssertionResult r2 = AssertionFailure() << "def";
+  EXPECT_TRUE(!r2);
+  EXPECT_STREQ("def", (!r2).message());
+}
+
+TEST(AssertionResultTest, StreamingWorks) {
+  AssertionResult r = AssertionSuccess();
+  r << "abc" << 'd' << 0 << true;
+  EXPECT_STREQ("abcd0true", r.message());
+}
+
+TEST(AssertionResultTest, CanStreamOstreamManipulators) {
+  AssertionResult r = AssertionSuccess();
+  r << "Data" << std::endl << std::flush << std::ends << "Will be visible";
+  EXPECT_STREQ("Data\n\\0Will be visible", r.message());
+}
+
+// The next test uses explicit conversion operators -- a C++11 feature.
+#if GTEST_LANG_CXX11
+
+TEST(AssertionResultTest, ConstructibleFromContextuallyConvertibleToBool) {
+  struct ExplicitlyConvertibleToBool {
+    explicit operator bool() const { return value; }
+    bool value;
+  };
+  ExplicitlyConvertibleToBool v1 = {false};
+  ExplicitlyConvertibleToBool v2 = {true};
+  EXPECT_FALSE(v1);
+  EXPECT_TRUE(v2);
+}
+
+#endif  // GTEST_LANG_CXX11
+
+struct ConvertibleToAssertionResult {
+  operator AssertionResult() const { return AssertionResult(true); }
+};
+
+TEST(AssertionResultTest, ConstructibleFromImplicitlyConvertible) {
+  ConvertibleToAssertionResult obj;
+  EXPECT_TRUE(obj);
+}
+
+// Tests streaming a user type whose definition and operator << are
+// both in the global namespace.
+class Base {
+ public:
+  explicit Base(int an_x) : x_(an_x) {}
+  int x() const { return x_; }
+ private:
+  int x_;
+};
+std::ostream& operator<<(std::ostream& os,
+                         const Base& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const Base* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+
+TEST(MessageTest, CanStreamUserTypeInGlobalNameSpace) {
+  Message msg;
+  Base a(1);
+
+  msg << a << &a;  // Uses ::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming a user type whose definition and operator<< are
+// both in an unnamed namespace.
+namespace {
+class MyTypeInUnnamedNameSpace : public Base {
+ public:
+  explicit MyTypeInUnnamedNameSpace(int an_x): Base(an_x) {}
+};
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInUnnamedNameSpace& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInUnnamedNameSpace* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+}  // namespace
+
+TEST(MessageTest, CanStreamUserTypeInUnnamedNameSpace) {
+  Message msg;
+  MyTypeInUnnamedNameSpace a(1);
+
+  msg << a << &a;  // Uses <unnamed_namespace>::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming a user type whose definition and operator<< are
+// both in a user namespace.
+namespace namespace1 {
+class MyTypeInNameSpace1 : public Base {
+ public:
+  explicit MyTypeInNameSpace1(int an_x): Base(an_x) {}
+};
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInNameSpace1& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const MyTypeInNameSpace1* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+}  // namespace namespace1
+
+TEST(MessageTest, CanStreamUserTypeInUserNameSpace) {
+  Message msg;
+  namespace1::MyTypeInNameSpace1 a(1);
+
+  msg << a << &a;  // Uses namespace1::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming a user type whose definition is in a user namespace
+// but whose operator<< is in the global namespace.
+namespace namespace2 {
+class MyTypeInNameSpace2 : public ::Base {
+ public:
+  explicit MyTypeInNameSpace2(int an_x): Base(an_x) {}
+};
+}  // namespace namespace2
+std::ostream& operator<<(std::ostream& os,
+                         const namespace2::MyTypeInNameSpace2& val) {
+  return os << val.x();
+}
+std::ostream& operator<<(std::ostream& os,
+                         const namespace2::MyTypeInNameSpace2* pointer) {
+  return os << "(" << pointer->x() << ")";
+}
+
+TEST(MessageTest, CanStreamUserTypeInUserNameSpaceWithStreamOperatorInGlobal) {
+  Message msg;
+  namespace2::MyTypeInNameSpace2 a(1);
+
+  msg << a << &a;  // Uses ::operator<<.
+  EXPECT_STREQ("1(1)", msg.GetString().c_str());
+}
+
+// Tests streaming NULL pointers to testing::Message.
+TEST(MessageTest, NullPointers) {
+  Message msg;
+  char* const p1 = NULL;
+  unsigned char* const p2 = NULL;
+  int* p3 = NULL;
+  double* p4 = NULL;
+  bool* p5 = NULL;
+  Message* p6 = NULL;
+
+  msg << p1 << p2 << p3 << p4 << p5 << p6;
+  ASSERT_STREQ("(null)(null)(null)(null)(null)(null)",
+               msg.GetString().c_str());
+}
+
+// Tests streaming wide strings to testing::Message.
+TEST(MessageTest, WideStrings) {
+  // Streams a NULL of type const wchar_t*.
+  const wchar_t* const_wstr = NULL;
+  EXPECT_STREQ("(null)",
+               (Message() << const_wstr).GetString().c_str());
+
+  // Streams a NULL of type wchar_t*.
+  wchar_t* wstr = NULL;
+  EXPECT_STREQ("(null)",
+               (Message() << wstr).GetString().c_str());
+
+  // Streams a non-NULL of type const wchar_t*.
+  const_wstr = L"abc\x8119";
+  EXPECT_STREQ("abc\xe8\x84\x99",
+               (Message() << const_wstr).GetString().c_str());
+
+  // Streams a non-NULL of type wchar_t*.
+  wstr = const_cast<wchar_t*>(const_wstr);
+  EXPECT_STREQ("abc\xe8\x84\x99",
+               (Message() << wstr).GetString().c_str());
+}
+
+
+// This line tests that we can define tests in the testing namespace.
+namespace testing {
+
+// Tests the TestInfo class.
+
+class TestInfoTest : public Test {
+ protected:
+  static const TestInfo* GetTestInfo(const char* test_name) {
+    const TestCase* const test_case = GetUnitTestImpl()->
+        GetTestCase("TestInfoTest", "", NULL, NULL);
+
+    for (int i = 0; i < test_case->total_test_count(); ++i) {
+      const TestInfo* const test_info = test_case->GetTestInfo(i);
+      if (strcmp(test_name, test_info->name()) == 0)
+        return test_info;
+    }
+    return NULL;
+  }
+
+  static const TestResult* GetTestResult(
+      const TestInfo* test_info) {
+    return test_info->result();
+  }
+};
+
+// Tests TestInfo::test_case_name() and TestInfo::name().
+TEST_F(TestInfoTest, Names) {
+  const TestInfo* const test_info = GetTestInfo("Names");
+
+  ASSERT_STREQ("TestInfoTest", test_info->test_case_name());
+  ASSERT_STREQ("Names", test_info->name());
+}
+
+// Tests TestInfo::result().
+TEST_F(TestInfoTest, result) {
+  const TestInfo* const test_info = GetTestInfo("result");
+
+  // Initially, there is no TestPartResult for this test.
+  ASSERT_EQ(0, GetTestResult(test_info)->total_part_count());
+
+  // After the previous assertion, there is still none.
+  ASSERT_EQ(0, GetTestResult(test_info)->total_part_count());
+}
+
+// Tests setting up and tearing down a test case.
+
+class SetUpTestCaseTest : public Test {
+ protected:
+  // This will be called once before the first test in this test case
+  // is run.
+  static void SetUpTestCase() {
+    printf("Setting up the test case . . .\n");
+
+    // Initializes some shared resource.  In this simple example, we
+    // just create a C string.  More complex stuff can be done if
+    // desired.
+    shared_resource_ = "123";
+
+    // Increments the number of test cases that have been set up.
+    counter_++;
+
+    // SetUpTestCase() should be called only once.
+    EXPECT_EQ(1, counter_);
+  }
+
+  // This will be called once after the last test in this test case is
+  // run.
+  static void TearDownTestCase() {
+    printf("Tearing down the test case . . .\n");
+
+    // Decrements the number of test cases that have been set up.
+    counter_--;
+
+    // TearDownTestCase() should be called only once.
+    EXPECT_EQ(0, counter_);
+
+    // Cleans up the shared resource.
+    shared_resource_ = NULL;
+  }
+
+  // This will be called before each test in this test case.
+  virtual void SetUp() {
+    // SetUpTestCase() should be called only once, so counter_ should
+    // always be 1.
+    EXPECT_EQ(1, counter_);
+  }
+
+  // Number of test cases that have been set up.
+  static int counter_;
+
+  // Some resource to be shared by all tests in this test case.
+  static const char* shared_resource_;
+};
+
+int SetUpTestCaseTest::counter_ = 0;
+const char* SetUpTestCaseTest::shared_resource_ = NULL;
+
+// A test that uses the shared resource.
+TEST_F(SetUpTestCaseTest, Test1) {
+  EXPECT_STRNE(NULL, shared_resource_);
+}
+
+// Another test that uses the shared resource.
+TEST_F(SetUpTestCaseTest, Test2) {
+  EXPECT_STREQ("123", shared_resource_);
+}
+
+// The InitGoogleTestTest test case tests testing::InitGoogleTest().
+
+// The Flags struct stores a copy of all Google Test flags.
+struct Flags {
+  // Constructs a Flags struct where each flag has its default value.
+  Flags() : also_run_disabled_tests(false),
+            break_on_failure(false),
+            catch_exceptions(false),
+            death_test_use_fork(false),
+            filter(""),
+            list_tests(false),
+            output(""),
+            print_time(true),
+            random_seed(0),
+            repeat(1),
+            shuffle(false),
+            stack_trace_depth(kMaxStackTraceDepth),
+            stream_result_to(""),
+            throw_on_failure(false) {}
+
+  // Factory methods.
+
+  // Creates a Flags struct where the gtest_also_run_disabled_tests flag has
+  // the given value.
+  static Flags AlsoRunDisabledTests(bool also_run_disabled_tests) {
+    Flags flags;
+    flags.also_run_disabled_tests = also_run_disabled_tests;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_break_on_failure flag has
+  // the given value.
+  static Flags BreakOnFailure(bool break_on_failure) {
+    Flags flags;
+    flags.break_on_failure = break_on_failure;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_catch_exceptions flag has
+  // the given value.
+  static Flags CatchExceptions(bool catch_exceptions) {
+    Flags flags;
+    flags.catch_exceptions = catch_exceptions;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_death_test_use_fork flag has
+  // the given value.
+  static Flags DeathTestUseFork(bool death_test_use_fork) {
+    Flags flags;
+    flags.death_test_use_fork = death_test_use_fork;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_filter flag has the given
+  // value.
+  static Flags Filter(const char* filter) {
+    Flags flags;
+    flags.filter = filter;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_list_tests flag has the
+  // given value.
+  static Flags ListTests(bool list_tests) {
+    Flags flags;
+    flags.list_tests = list_tests;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_output flag has the given
+  // value.
+  static Flags Output(const char* output) {
+    Flags flags;
+    flags.output = output;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_print_time flag has the given
+  // value.
+  static Flags PrintTime(bool print_time) {
+    Flags flags;
+    flags.print_time = print_time;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_random_seed flag has
+  // the given value.
+  static Flags RandomSeed(Int32 random_seed) {
+    Flags flags;
+    flags.random_seed = random_seed;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_repeat flag has the given
+  // value.
+  static Flags Repeat(Int32 repeat) {
+    Flags flags;
+    flags.repeat = repeat;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_shuffle flag has
+  // the given value.
+  static Flags Shuffle(bool shuffle) {
+    Flags flags;
+    flags.shuffle = shuffle;
+    return flags;
+  }
+
+  // Creates a Flags struct where the GTEST_FLAG(stack_trace_depth) flag has
+  // the given value.
+  static Flags StackTraceDepth(Int32 stack_trace_depth) {
+    Flags flags;
+    flags.stack_trace_depth = stack_trace_depth;
+    return flags;
+  }
+
+  // Creates a Flags struct where the GTEST_FLAG(stream_result_to) flag has
+  // the given value.
+  static Flags StreamResultTo(const char* stream_result_to) {
+    Flags flags;
+    flags.stream_result_to = stream_result_to;
+    return flags;
+  }
+
+  // Creates a Flags struct where the gtest_throw_on_failure flag has
+  // the given value.
+  static Flags ThrowOnFailure(bool throw_on_failure) {
+    Flags flags;
+    flags.throw_on_failure = throw_on_failure;
+    return flags;
+  }
+
+  // These fields store the flag values.
+  bool also_run_disabled_tests;
+  bool break_on_failure;
+  bool catch_exceptions;
+  bool death_test_use_fork;
+  const char* filter;
+  bool list_tests;
+  const char* output;
+  bool print_time;
+  Int32 random_seed;
+  Int32 repeat;
+  bool shuffle;
+  Int32 stack_trace_depth;
+  const char* stream_result_to;
+  bool throw_on_failure;
+};
+
+// Fixture for testing InitGoogleTest().
+class InitGoogleTestTest : public Test {
+ protected:
+  // Clears the flags before each test.
+  virtual void SetUp() {
+    GTEST_FLAG(also_run_disabled_tests) = false;
+    GTEST_FLAG(break_on_failure) = false;
+    GTEST_FLAG(catch_exceptions) = false;
+    GTEST_FLAG(death_test_use_fork) = false;
+    GTEST_FLAG(filter) = "";
+    GTEST_FLAG(list_tests) = false;
+    GTEST_FLAG(output) = "";
+    GTEST_FLAG(print_time) = true;
+    GTEST_FLAG(random_seed) = 0;
+    GTEST_FLAG(repeat) = 1;
+    GTEST_FLAG(shuffle) = false;
+    GTEST_FLAG(stack_trace_depth) = kMaxStackTraceDepth;
+    GTEST_FLAG(stream_result_to) = "";
+    GTEST_FLAG(throw_on_failure) = false;
+  }
+
+  // Asserts that two narrow or wide string arrays are equal.
+  template <typename CharType>
+  static void AssertStringArrayEq(size_t size1, CharType** array1,
+                                  size_t size2, CharType** array2) {
+    ASSERT_EQ(size1, size2) << " Array sizes different.";
+
+    for (size_t i = 0; i != size1; i++) {
+      ASSERT_STREQ(array1[i], array2[i]) << " where i == " << i;
+    }
+  }
+
+  // Verifies that the flag values match the expected values.
+  static void CheckFlags(const Flags& expected) {
+    EXPECT_EQ(expected.also_run_disabled_tests,
+              GTEST_FLAG(also_run_disabled_tests));
+    EXPECT_EQ(expected.break_on_failure, GTEST_FLAG(break_on_failure));
+    EXPECT_EQ(expected.catch_exceptions, GTEST_FLAG(catch_exceptions));
+    EXPECT_EQ(expected.death_test_use_fork, GTEST_FLAG(death_test_use_fork));
+    EXPECT_STREQ(expected.filter, GTEST_FLAG(filter).c_str());
+    EXPECT_EQ(expected.list_tests, GTEST_FLAG(list_tests));
+    EXPECT_STREQ(expected.output, GTEST_FLAG(output).c_str());
+    EXPECT_EQ(expected.print_time, GTEST_FLAG(print_time));
+    EXPECT_EQ(expected.random_seed, GTEST_FLAG(random_seed));
+    EXPECT_EQ(expected.repeat, GTEST_FLAG(repeat));
+    EXPECT_EQ(expected.shuffle, GTEST_FLAG(shuffle));
+    EXPECT_EQ(expected.stack_trace_depth, GTEST_FLAG(stack_trace_depth));
+    EXPECT_STREQ(expected.stream_result_to,
+                 GTEST_FLAG(stream_result_to).c_str());
+    EXPECT_EQ(expected.throw_on_failure, GTEST_FLAG(throw_on_failure));
+  }
+
+  // Parses a command line (specified by argc1 and argv1), then
+  // verifies that the flag values are expected and that the
+  // recognized flags are removed from the command line.
+  template <typename CharType>
+  static void TestParsingFlags(int argc1, const CharType** argv1,
+                               int argc2, const CharType** argv2,
+                               const Flags& expected, bool should_print_help) {
+    const bool saved_help_flag = ::testing::internal::g_help_flag;
+    ::testing::internal::g_help_flag = false;
+
+#if GTEST_HAS_STREAM_REDIRECTION
+    CaptureStdout();
+#endif
+
+    // Parses the command line.
+    internal::ParseGoogleTestFlagsOnly(&argc1, const_cast<CharType**>(argv1));
+
+#if GTEST_HAS_STREAM_REDIRECTION
+    const std::string captured_stdout = GetCapturedStdout();
+#endif
+
+    // Verifies the flag values.
+    CheckFlags(expected);
+
+    // Verifies that the recognized flags are removed from the command
+    // line.
+    AssertStringArrayEq(argc1 + 1, argv1, argc2 + 1, argv2);
+
+    // ParseGoogleTestFlagsOnly should neither set g_help_flag nor print the
+    // help message for the flags it recognizes.
+    EXPECT_EQ(should_print_help, ::testing::internal::g_help_flag);
+
+#if GTEST_HAS_STREAM_REDIRECTION
+    const char* const expected_help_fragment =
+        "This program contains tests written using";
+    if (should_print_help) {
+      EXPECT_PRED_FORMAT2(IsSubstring, expected_help_fragment, captured_stdout);
+    } else {
+      EXPECT_PRED_FORMAT2(IsNotSubstring,
+                          expected_help_fragment, captured_stdout);
+    }
+#endif  // GTEST_HAS_STREAM_REDIRECTION
+
+    ::testing::internal::g_help_flag = saved_help_flag;
+  }
+
+  // This macro wraps TestParsingFlags s.t. the user doesn't need
+  // to specify the array sizes.
+
+#define GTEST_TEST_PARSING_FLAGS_(argv1, argv2, expected, should_print_help) \
+  TestParsingFlags(sizeof(argv1)/sizeof(*argv1) - 1, argv1, \
+                   sizeof(argv2)/sizeof(*argv2) - 1, argv2, \
+                   expected, should_print_help)
+};
+
+// Tests parsing an empty command line.
+TEST_F(InitGoogleTestTest, Empty) {
+  const char* argv[] = {
+    NULL
+  };
+
+  const char* argv2[] = {
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags(), false);
+}
+
+// Tests parsing a command line that has no flag.
+TEST_F(InitGoogleTestTest, NoFlag) {
+  const char* argv[] = {
+    "foo.exe",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags(), false);
+}
+
+// Tests parsing a bad --gtest_filter flag.
+TEST_F(InitGoogleTestTest, FilterBad) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    "--gtest_filter",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter(""), true);
+}
+
+// Tests parsing an empty --gtest_filter flag.
+TEST_F(InitGoogleTestTest, FilterEmpty) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter=",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter(""), false);
+}
+
+// Tests parsing a non-empty --gtest_filter flag.
+TEST_F(InitGoogleTestTest, FilterNonEmpty) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter=abc",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter("abc"), false);
+}
+
+// Tests parsing --gtest_break_on_failure.
+TEST_F(InitGoogleTestTest, BreakOnFailureWithoutValue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure",
+    NULL
+};
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(true), false);
+}
+
+// Tests parsing --gtest_break_on_failure=0.
+TEST_F(InitGoogleTestTest, BreakOnFailureFalse_0) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=0",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(false), false);
+}
+
+// Tests parsing --gtest_break_on_failure=f.
+TEST_F(InitGoogleTestTest, BreakOnFailureFalse_f) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=f",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(false), false);
+}
+
+// Tests parsing --gtest_break_on_failure=F.
+TEST_F(InitGoogleTestTest, BreakOnFailureFalse_F) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=F",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(false), false);
+}
+
+// Tests parsing a --gtest_break_on_failure flag that has a "true"
+// definition.
+TEST_F(InitGoogleTestTest, BreakOnFailureTrue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure=1",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::BreakOnFailure(true), false);
+}
+
+// Tests parsing --gtest_catch_exceptions.
+TEST_F(InitGoogleTestTest, CatchExceptions) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_catch_exceptions",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::CatchExceptions(true), false);
+}
+
+// Tests parsing --gtest_death_test_use_fork.
+TEST_F(InitGoogleTestTest, DeathTestUseFork) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_death_test_use_fork",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::DeathTestUseFork(true), false);
+}
+
+// Tests having the same flag twice with different values.  The
+// expected behavior is that the one coming last takes precedence.
+TEST_F(InitGoogleTestTest, DuplicatedFlags) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_filter=a",
+    "--gtest_filter=b",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Filter("b"), false);
+}
+
+// Tests having an unrecognized flag on the command line.
+TEST_F(InitGoogleTestTest, UnrecognizedFlag) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_break_on_failure",
+    "bar",  // Unrecognized by Google Test.
+    "--gtest_filter=b",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    "bar",
+    NULL
+  };
+
+  Flags flags;
+  flags.break_on_failure = true;
+  flags.filter = "b";
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, flags, false);
+}
+
+// Tests having a --gtest_list_tests flag
+TEST_F(InitGoogleTestTest, ListTestsFlag) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_list_tests",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(true), false);
+}
+
+// Tests having a --gtest_list_tests flag with a "true" value
+TEST_F(InitGoogleTestTest, ListTestsTrue) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_list_tests=1",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(true), false);
+}
+
+// Tests having a --gtest_list_tests flag with a "false" value
+TEST_F(InitGoogleTestTest, ListTestsFalse) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_list_tests=0",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(false), false);
+}
+
+// Tests parsing --gtest_list_tests=f.
+TEST_F(InitGoogleTestTest, ListTestsFalse_f) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_list_tests=f",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(false), false);
+}
+
+// Tests parsing --gtest_list_tests=F.
+TEST_F(InitGoogleTestTest, ListTestsFalse_F) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_list_tests=F",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ListTests(false), false);
+}
+
+// Tests parsing --gtest_output (invalid).
+TEST_F(InitGoogleTestTest, OutputEmpty) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    "--gtest_output",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags(), true);
+}
+
+// Tests parsing --gtest_output=xml
+TEST_F(InitGoogleTestTest, OutputXml) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output=xml",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Output("xml"), false);
+}
+
+// Tests parsing --gtest_output=xml:file
+TEST_F(InitGoogleTestTest, OutputXmlFile) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output=xml:file",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Output("xml:file"), false);
+}
+
+// Tests parsing --gtest_output=xml:directory/path/
+TEST_F(InitGoogleTestTest, OutputXmlDirectory) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_output=xml:directory/path/",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                            Flags::Output("xml:directory/path/"), false);
+}
+
+// Tests having a --gtest_print_time flag
+TEST_F(InitGoogleTestTest, PrintTimeFlag) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_print_time",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(true), false);
+}
+
+// Tests having a --gtest_print_time flag with a "true" value
+TEST_F(InitGoogleTestTest, PrintTimeTrue) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_print_time=1",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(true), false);
+}
+
+// Tests having a --gtest_print_time flag with a "false" value
+TEST_F(InitGoogleTestTest, PrintTimeFalse) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_print_time=0",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(false), false);
+}
+
+// Tests parsing --gtest_print_time=f.
+TEST_F(InitGoogleTestTest, PrintTimeFalse_f) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_print_time=f",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(false), false);
+}
+
+// Tests parsing --gtest_print_time=F.
+TEST_F(InitGoogleTestTest, PrintTimeFalse_F) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_print_time=F",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::PrintTime(false), false);
+}
+
+// Tests parsing --gtest_random_seed=number
+TEST_F(InitGoogleTestTest, RandomSeed) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_random_seed=1000",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::RandomSeed(1000), false);
+}
+
+// Tests parsing --gtest_repeat=number
+TEST_F(InitGoogleTestTest, Repeat) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_repeat=1000",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Repeat(1000), false);
+}
+
+// Tests having a --gtest_also_run_disabled_tests flag
+TEST_F(InitGoogleTestTest, AlsoRunDisabledTestsFlag) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_also_run_disabled_tests",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                              Flags::AlsoRunDisabledTests(true), false);
+}
+
+// Tests having a --gtest_also_run_disabled_tests flag with a "true" value
+TEST_F(InitGoogleTestTest, AlsoRunDisabledTestsTrue) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_also_run_disabled_tests=1",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                              Flags::AlsoRunDisabledTests(true), false);
+}
+
+// Tests having a --gtest_also_run_disabled_tests flag with a "false" value
+TEST_F(InitGoogleTestTest, AlsoRunDisabledTestsFalse) {
+    const char* argv[] = {
+      "foo.exe",
+      "--gtest_also_run_disabled_tests=0",
+      NULL
+    };
+
+    const char* argv2[] = {
+      "foo.exe",
+      NULL
+    };
+
+    GTEST_TEST_PARSING_FLAGS_(argv, argv2,
+                              Flags::AlsoRunDisabledTests(false), false);
+}
+
+// Tests parsing --gtest_shuffle.
+TEST_F(InitGoogleTestTest, ShuffleWithoutValue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_shuffle",
+    NULL
+};
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Shuffle(true), false);
+}
+
+// Tests parsing --gtest_shuffle=0.
+TEST_F(InitGoogleTestTest, ShuffleFalse_0) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_shuffle=0",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Shuffle(false), false);
+}
+
+// Tests parsing a --gtest_shuffle flag that has a "true"
+// definition.
+TEST_F(InitGoogleTestTest, ShuffleTrue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_shuffle=1",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::Shuffle(true), false);
+}
+
+// Tests parsing --gtest_stack_trace_depth=number.
+TEST_F(InitGoogleTestTest, StackTraceDepth) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_stack_trace_depth=5",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::StackTraceDepth(5), false);
+}
+
+TEST_F(InitGoogleTestTest, StreamResultTo) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_stream_result_to=localhost:1234",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(
+      argv, argv2, Flags::StreamResultTo("localhost:1234"), false);
+}
+
+// Tests parsing --gtest_throw_on_failure.
+TEST_F(InitGoogleTestTest, ThrowOnFailureWithoutValue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_throw_on_failure",
+    NULL
+};
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ThrowOnFailure(true), false);
+}
+
+// Tests parsing --gtest_throw_on_failure=0.
+TEST_F(InitGoogleTestTest, ThrowOnFailureFalse_0) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_throw_on_failure=0",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ThrowOnFailure(false), false);
+}
+
+// Tests parsing a --gtest_throw_on_failure flag that has a "true"
+// definition.
+TEST_F(InitGoogleTestTest, ThrowOnFailureTrue) {
+  const char* argv[] = {
+    "foo.exe",
+    "--gtest_throw_on_failure=1",
+    NULL
+  };
+
+  const char* argv2[] = {
+    "foo.exe",
+    NULL
+  };
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, Flags::ThrowOnFailure(true), false);
+}
+
+#if GTEST_OS_WINDOWS
+// Tests parsing wide strings.
+TEST_F(InitGoogleTestTest, WideStrings) {
+  const wchar_t* argv[] = {
+    L"foo.exe",
+    L"--gtest_filter=Foo*",
+    L"--gtest_list_tests=1",
+    L"--gtest_break_on_failure",
+    L"--non_gtest_flag",
+    NULL
+  };
+
+  const wchar_t* argv2[] = {
+    L"foo.exe",
+    L"--non_gtest_flag",
+    NULL
+  };
+
+  Flags expected_flags;
+  expected_flags.break_on_failure = true;
+  expected_flags.filter = "Foo*";
+  expected_flags.list_tests = true;
+
+  GTEST_TEST_PARSING_FLAGS_(argv, argv2, expected_flags, false);
+}
+#endif  // GTEST_OS_WINDOWS
+
+// Tests current_test_info() in UnitTest.
+class CurrentTestInfoTest : public Test {
+ protected:
+  // Tests that current_test_info() returns NULL before the first test in
+  // the test case is run.
+  static void SetUpTestCase() {
+    // There should be no tests running at this point.
+    const TestInfo* test_info =
+      UnitTest::GetInstance()->current_test_info();
+    EXPECT_TRUE(test_info == NULL)
+        << "There should be no tests running at this point.";
+  }
+
+  // Tests that current_test_info() returns NULL after the last test in
+  // the test case has run.
+  static void TearDownTestCase() {
+    const TestInfo* test_info =
+      UnitTest::GetInstance()->current_test_info();
+    EXPECT_TRUE(test_info == NULL)
+        << "There should be no tests running at this point.";
+  }
+};
+
+// Tests that current_test_info() returns TestInfo for currently running
+// test by checking the expected test name against the actual one.
+TEST_F(CurrentTestInfoTest, WorksForFirstTestInATestCase) {
+  const TestInfo* test_info =
+    UnitTest::GetInstance()->current_test_info();
+  ASSERT_TRUE(NULL != test_info)
+      << "There is a test running so we should have a valid TestInfo.";
+  EXPECT_STREQ("CurrentTestInfoTest", test_info->test_case_name())
+      << "Expected the name of the currently running test case.";
+  EXPECT_STREQ("WorksForFirstTestInATestCase", test_info->name())
+      << "Expected the name of the currently running test.";
+}
+
+// Tests that current_test_info() returns TestInfo for currently running
+// test by checking the expected test name against the actual one.  We
+// use this test to see that the TestInfo object actually changed from
+// the previous invocation.
+TEST_F(CurrentTestInfoTest, WorksForSecondTestInATestCase) {
+  const TestInfo* test_info =
+    UnitTest::GetInstance()->current_test_info();
+  ASSERT_TRUE(NULL != test_info)
+      << "There is a test running so we should have a valid TestInfo.";
+  EXPECT_STREQ("CurrentTestInfoTest", test_info->test_case_name())
+      << "Expected the name of the currently running test case.";
+  EXPECT_STREQ("WorksForSecondTestInATestCase", test_info->name())
+      << "Expected the name of the currently running test.";
+}
+
+}  // namespace testing
+
+// These two lines test that we can define tests in a namespace that
+// has the name "testing" and is nested in another namespace.
+namespace my_namespace {
+namespace testing {
+
+// Makes sure that TEST knows to use ::testing::Test instead of
+// ::my_namespace::testing::Test.
+class Test {};
+
+// Makes sure that an assertion knows to use ::testing::Message instead of
+// ::my_namespace::testing::Message.
+class Message {};
+
+// Makes sure that an assertion knows to use
+// ::testing::AssertionResult instead of
+// ::my_namespace::testing::AssertionResult.
+class AssertionResult {};
+
+// Tests that an assertion that should succeed works as expected.
+TEST(NestedTestingNamespaceTest, Success) {
+  EXPECT_EQ(1, 1) << "This shouldn't fail.";
+}
+
+// Tests that an assertion that should fail works as expected.
+TEST(NestedTestingNamespaceTest, Failure) {
+  EXPECT_FATAL_FAILURE(FAIL() << "This failure is expected.",
+                       "This failure is expected.");
+}
+
+}  // namespace testing
+}  // namespace my_namespace
+
+// Tests that one can call superclass SetUp and TearDown methods--
+// that is, that they are not private.
+// No tests are based on this fixture; the test "passes" if it compiles
+// successfully.
+class ProtectedFixtureMethodsTest : public Test {
+ protected:
+  virtual void SetUp() {
+    Test::SetUp();
+  }
+  virtual void TearDown() {
+    Test::TearDown();
+  }
+};
+
+// StreamingAssertionsTest tests the streaming versions of a representative
+// sample of assertions.
+TEST(StreamingAssertionsTest, Unconditional) {
+  SUCCEED() << "expected success";
+  EXPECT_NONFATAL_FAILURE(ADD_FAILURE() << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(FAIL() << "expected failure",
+                       "expected failure");
+}
+
+#ifdef __BORLANDC__
+// Silences warnings: "Condition is always true", "Unreachable code"
+# pragma option push -w-ccc -w-rch
+#endif
+
+TEST(StreamingAssertionsTest, Truth) {
+  EXPECT_TRUE(true) << "unexpected failure";
+  ASSERT_TRUE(true) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_TRUE(false) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_TRUE(false) << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, Truth2) {
+  EXPECT_FALSE(false) << "unexpected failure";
+  ASSERT_FALSE(false) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_FALSE(true) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_FALSE(true) << "expected failure",
+                       "expected failure");
+}
+
+#ifdef __BORLANDC__
+// Restores warnings after previous "#pragma option push" supressed them
+# pragma option pop
+#endif
+
+TEST(StreamingAssertionsTest, IntegerEquals) {
+  EXPECT_EQ(1, 1) << "unexpected failure";
+  ASSERT_EQ(1, 1) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_EQ(1, 2) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_EQ(1, 2) << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, IntegerLessThan) {
+  EXPECT_LT(1, 2) << "unexpected failure";
+  ASSERT_LT(1, 2) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_LT(2, 1) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_LT(2, 1) << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringsEqual) {
+  EXPECT_STREQ("foo", "foo") << "unexpected failure";
+  ASSERT_STREQ("foo", "foo") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STREQ("foo", "bar") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STREQ("foo", "bar") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringsNotEqual) {
+  EXPECT_STRNE("foo", "bar") << "unexpected failure";
+  ASSERT_STRNE("foo", "bar") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRNE("foo", "foo") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STRNE("foo", "foo") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringsEqualIgnoringCase) {
+  EXPECT_STRCASEEQ("foo", "FOO") << "unexpected failure";
+  ASSERT_STRCASEEQ("foo", "FOO") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASEEQ("foo", "bar") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASEEQ("foo", "bar") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, StringNotEqualIgnoringCase) {
+  EXPECT_STRCASENE("foo", "bar") << "unexpected failure";
+  ASSERT_STRCASENE("foo", "bar") << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_STRCASENE("foo", "FOO") << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_STRCASENE("bar", "BAR") << "expected failure",
+                       "expected failure");
+}
+
+TEST(StreamingAssertionsTest, FloatingPointEquals) {
+  EXPECT_FLOAT_EQ(1.0, 1.0) << "unexpected failure";
+  ASSERT_FLOAT_EQ(1.0, 1.0) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_FLOAT_EQ(0.0, 1.0) << "expected failure",
+                          "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_FLOAT_EQ(0.0, 1.0) << "expected failure",
+                       "expected failure");
+}
+
+#if GTEST_HAS_EXCEPTIONS
+
+TEST(StreamingAssertionsTest, Throw) {
+  EXPECT_THROW(ThrowAnInteger(), int) << "unexpected failure";
+  ASSERT_THROW(ThrowAnInteger(), int) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_THROW(ThrowAnInteger(), bool) <<
+                          "expected failure", "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_THROW(ThrowAnInteger(), bool) <<
+                       "expected failure", "expected failure");
+}
+
+TEST(StreamingAssertionsTest, NoThrow) {
+  EXPECT_NO_THROW(ThrowNothing()) << "unexpected failure";
+  ASSERT_NO_THROW(ThrowNothing()) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_NO_THROW(ThrowAnInteger()) <<
+                          "expected failure", "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_NO_THROW(ThrowAnInteger()) <<
+                       "expected failure", "expected failure");
+}
+
+TEST(StreamingAssertionsTest, AnyThrow) {
+  EXPECT_ANY_THROW(ThrowAnInteger()) << "unexpected failure";
+  ASSERT_ANY_THROW(ThrowAnInteger()) << "unexpected failure";
+  EXPECT_NONFATAL_FAILURE(EXPECT_ANY_THROW(ThrowNothing()) <<
+                          "expected failure", "expected failure");
+  EXPECT_FATAL_FAILURE(ASSERT_ANY_THROW(ThrowNothing()) <<
+                       "expected failure", "expected failure");
+}
+
+#endif  // GTEST_HAS_EXCEPTIONS
+
+// Tests that Google Test correctly decides whether to use colors in the output.
+
+TEST(ColoredOutputTest, UsesColorsWhenGTestColorFlagIsYes) {
+  GTEST_FLAG(color) = "yes";
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+}
+
+TEST(ColoredOutputTest, UsesColorsWhenGTestColorFlagIsAliasOfYes) {
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+
+  GTEST_FLAG(color) = "True";
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  GTEST_FLAG(color) = "t";
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  GTEST_FLAG(color) = "1";
+  EXPECT_TRUE(ShouldUseColor(false));  // Stdout is not a TTY.
+}
+
+TEST(ColoredOutputTest, UsesNoColorWhenGTestColorFlagIsNo) {
+  GTEST_FLAG(color) = "no";
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_FALSE(ShouldUseColor(false));  // Stdout is not a TTY.
+
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+  EXPECT_FALSE(ShouldUseColor(false));  // Stdout is not a TTY.
+}
+
+TEST(ColoredOutputTest, UsesNoColorWhenGTestColorFlagIsInvalid) {
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+
+  GTEST_FLAG(color) = "F";
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  GTEST_FLAG(color) = "0";
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  GTEST_FLAG(color) = "unknown";
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+}
+
+TEST(ColoredOutputTest, UsesColorsWhenStdoutIsTty) {
+  GTEST_FLAG(color) = "auto";
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_FALSE(ShouldUseColor(false));  // Stdout is not a TTY.
+  EXPECT_TRUE(ShouldUseColor(true));    // Stdout is a TTY.
+}
+
+TEST(ColoredOutputTest, UsesColorsWhenTermSupportsColors) {
+  GTEST_FLAG(color) = "auto";
+
+#if GTEST_OS_WINDOWS
+  // On Windows, we ignore the TERM variable as it's usually not set.
+
+  SetEnv("TERM", "dumb");
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "");
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm");
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+#else
+  // On non-Windows platforms, we rely on TERM to determine if the
+  // terminal supports colors.
+
+  SetEnv("TERM", "dumb");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "emacs");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "vt100");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm-mono");  // TERM doesn't support colors.
+  EXPECT_FALSE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm-color");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "xterm-256color");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "screen");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "screen-256color");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "linux");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+
+  SetEnv("TERM", "cygwin");  // TERM supports colors.
+  EXPECT_TRUE(ShouldUseColor(true));  // Stdout is a TTY.
+#endif  // GTEST_OS_WINDOWS
+}
+
+// Verifies that StaticAssertTypeEq works in a namespace scope.
+
+static bool dummy1 GTEST_ATTRIBUTE_UNUSED_ = StaticAssertTypeEq<bool, bool>();
+static bool dummy2 GTEST_ATTRIBUTE_UNUSED_ =
+    StaticAssertTypeEq<const int, const int>();
+
+// Verifies that StaticAssertTypeEq works in a class.
+
+template <typename T>
+class StaticAssertTypeEqTestHelper {
+ public:
+  StaticAssertTypeEqTestHelper() { StaticAssertTypeEq<bool, T>(); }
+};
+
+TEST(StaticAssertTypeEqTest, WorksInClass) {
+  StaticAssertTypeEqTestHelper<bool>();
+}
+
+// Verifies that StaticAssertTypeEq works inside a function.
+
+typedef int IntAlias;
+
+TEST(StaticAssertTypeEqTest, CompilesForEqualTypes) {
+  StaticAssertTypeEq<int, IntAlias>();
+  StaticAssertTypeEq<int*, IntAlias*>();
+}
+
+TEST(GetCurrentOsStackTraceExceptTopTest, ReturnsTheStackTrace) {
+  testing::UnitTest* const unit_test = testing::UnitTest::GetInstance();
+
+  // We don't have a stack walker in Google Test yet.
+  EXPECT_STREQ("", GetCurrentOsStackTraceExceptTop(unit_test, 0).c_str());
+  EXPECT_STREQ("", GetCurrentOsStackTraceExceptTop(unit_test, 1).c_str());
+}
+
+TEST(HasNonfatalFailureTest, ReturnsFalseWhenThereIsNoFailure) {
+  EXPECT_FALSE(HasNonfatalFailure());
+}
+
+static void FailFatally() { FAIL(); }
+
+TEST(HasNonfatalFailureTest, ReturnsFalseWhenThereIsOnlyFatalFailure) {
+  FailFatally();
+  const bool has_nonfatal_failure = HasNonfatalFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_FALSE(has_nonfatal_failure);
+}
+
+TEST(HasNonfatalFailureTest, ReturnsTrueWhenThereIsNonfatalFailure) {
+  ADD_FAILURE();
+  const bool has_nonfatal_failure = HasNonfatalFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_nonfatal_failure);
+}
+
+TEST(HasNonfatalFailureTest, ReturnsTrueWhenThereAreFatalAndNonfatalFailures) {
+  FailFatally();
+  ADD_FAILURE();
+  const bool has_nonfatal_failure = HasNonfatalFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_nonfatal_failure);
+}
+
+// A wrapper for calling HasNonfatalFailure outside of a test body.
+static bool HasNonfatalFailureHelper() {
+  return testing::Test::HasNonfatalFailure();
+}
+
+TEST(HasNonfatalFailureTest, WorksOutsideOfTestBody) {
+  EXPECT_FALSE(HasNonfatalFailureHelper());
+}
+
+TEST(HasNonfatalFailureTest, WorksOutsideOfTestBody2) {
+  ADD_FAILURE();
+  const bool has_nonfatal_failure = HasNonfatalFailureHelper();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_nonfatal_failure);
+}
+
+TEST(HasFailureTest, ReturnsFalseWhenThereIsNoFailure) {
+  EXPECT_FALSE(HasFailure());
+}
+
+TEST(HasFailureTest, ReturnsTrueWhenThereIsFatalFailure) {
+  FailFatally();
+  const bool has_failure = HasFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+TEST(HasFailureTest, ReturnsTrueWhenThereIsNonfatalFailure) {
+  ADD_FAILURE();
+  const bool has_failure = HasFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+TEST(HasFailureTest, ReturnsTrueWhenThereAreFatalAndNonfatalFailures) {
+  FailFatally();
+  ADD_FAILURE();
+  const bool has_failure = HasFailure();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+// A wrapper for calling HasFailure outside of a test body.
+static bool HasFailureHelper() { return testing::Test::HasFailure(); }
+
+TEST(HasFailureTest, WorksOutsideOfTestBody) {
+  EXPECT_FALSE(HasFailureHelper());
+}
+
+TEST(HasFailureTest, WorksOutsideOfTestBody2) {
+  ADD_FAILURE();
+  const bool has_failure = HasFailureHelper();
+  ClearCurrentTestPartResults();
+  EXPECT_TRUE(has_failure);
+}
+
+class TestListener : public EmptyTestEventListener {
+ public:
+  TestListener() : on_start_counter_(NULL), is_destroyed_(NULL) {}
+  TestListener(int* on_start_counter, bool* is_destroyed)
+      : on_start_counter_(on_start_counter),
+        is_destroyed_(is_destroyed) {}
+
+  virtual ~TestListener() {
+    if (is_destroyed_)
+      *is_destroyed_ = true;
+  }
+
+ protected:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {
+    if (on_start_counter_ != NULL)
+      (*on_start_counter_)++;
+  }
+
+ private:
+  int* on_start_counter_;
+  bool* is_destroyed_;
+};
+
+// Tests the constructor.
+TEST(TestEventListenersTest, ConstructionWorks) {
+  TestEventListeners listeners;
+
+  EXPECT_TRUE(TestEventListenersAccessor::GetRepeater(&listeners) != NULL);
+  EXPECT_TRUE(listeners.default_result_printer() == NULL);
+  EXPECT_TRUE(listeners.default_xml_generator() == NULL);
+}
+
+// Tests that the TestEventListeners destructor deletes all the listeners it
+// owns.
+TEST(TestEventListenersTest, DestructionWorks) {
+  bool default_result_printer_is_destroyed = false;
+  bool default_xml_printer_is_destroyed = false;
+  bool extra_listener_is_destroyed = false;
+  TestListener* default_result_printer = new TestListener(
+      NULL, &default_result_printer_is_destroyed);
+  TestListener* default_xml_printer = new TestListener(
+      NULL, &default_xml_printer_is_destroyed);
+  TestListener* extra_listener = new TestListener(
+      NULL, &extra_listener_is_destroyed);
+
+  {
+    TestEventListeners listeners;
+    TestEventListenersAccessor::SetDefaultResultPrinter(&listeners,
+                                                        default_result_printer);
+    TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners,
+                                                       default_xml_printer);
+    listeners.Append(extra_listener);
+  }
+  EXPECT_TRUE(default_result_printer_is_destroyed);
+  EXPECT_TRUE(default_xml_printer_is_destroyed);
+  EXPECT_TRUE(extra_listener_is_destroyed);
+}
+
+// Tests that a listener Append'ed to a TestEventListeners list starts
+// receiving events.
+TEST(TestEventListenersTest, Append) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    listeners.Append(listener);
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_EQ(1, on_start_counter);
+  }
+  EXPECT_TRUE(is_destroyed);
+}
+
+// Tests that listeners receive events in the order they were appended to
+// the list, except for *End requests, which must be received in the reverse
+// order.
+class SequenceTestingListener : public EmptyTestEventListener {
+ public:
+  SequenceTestingListener(std::vector<std::string>* vector, const char* id)
+      : vector_(vector), id_(id) {}
+
+ protected:
+  virtual void OnTestProgramStart(const UnitTest& /*unit_test*/) {
+    vector_->push_back(GetEventDescription("OnTestProgramStart"));
+  }
+
+  virtual void OnTestProgramEnd(const UnitTest& /*unit_test*/) {
+    vector_->push_back(GetEventDescription("OnTestProgramEnd"));
+  }
+
+  virtual void OnTestIterationStart(const UnitTest& /*unit_test*/,
+                                    int /*iteration*/) {
+    vector_->push_back(GetEventDescription("OnTestIterationStart"));
+  }
+
+  virtual void OnTestIterationEnd(const UnitTest& /*unit_test*/,
+                                  int /*iteration*/) {
+    vector_->push_back(GetEventDescription("OnTestIterationEnd"));
+  }
+
+ private:
+  std::string GetEventDescription(const char* method) {
+    Message message;
+    message << id_ << "." << method;
+    return message.GetString();
+  }
+
+  std::vector<std::string>* vector_;
+  const char* const id_;
+
+  GTEST_DISALLOW_COPY_AND_ASSIGN_(SequenceTestingListener);
+};
+
+TEST(EventListenerTest, AppendKeepsOrder) {
+  std::vector<std::string> vec;
+  TestEventListeners listeners;
+  listeners.Append(new SequenceTestingListener(&vec, "1st"));
+  listeners.Append(new SequenceTestingListener(&vec, "2nd"));
+  listeners.Append(new SequenceTestingListener(&vec, "3rd"));
+
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("1st.OnTestProgramStart", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestProgramStart", vec[1].c_str());
+  EXPECT_STREQ("3rd.OnTestProgramStart", vec[2].c_str());
+
+  vec.clear();
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramEnd(
+      *UnitTest::GetInstance());
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("3rd.OnTestProgramEnd", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestProgramEnd", vec[1].c_str());
+  EXPECT_STREQ("1st.OnTestProgramEnd", vec[2].c_str());
+
+  vec.clear();
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestIterationStart(
+      *UnitTest::GetInstance(), 0);
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("1st.OnTestIterationStart", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestIterationStart", vec[1].c_str());
+  EXPECT_STREQ("3rd.OnTestIterationStart", vec[2].c_str());
+
+  vec.clear();
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestIterationEnd(
+      *UnitTest::GetInstance(), 0);
+  ASSERT_EQ(3U, vec.size());
+  EXPECT_STREQ("3rd.OnTestIterationEnd", vec[0].c_str());
+  EXPECT_STREQ("2nd.OnTestIterationEnd", vec[1].c_str());
+  EXPECT_STREQ("1st.OnTestIterationEnd", vec[2].c_str());
+}
+
+// Tests that a listener removed from a TestEventListeners list stops receiving
+// events and is not deleted when the list is destroyed.
+TEST(TestEventListenersTest, Release) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  // Although Append passes the ownership of this object to the list,
+  // the following calls release it, and we need to delete it before the
+  // test ends.
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    listeners.Append(listener);
+    EXPECT_EQ(listener, listeners.Release(listener));
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_TRUE(listeners.Release(listener) == NULL);
+  }
+  EXPECT_EQ(0, on_start_counter);
+  EXPECT_FALSE(is_destroyed);
+  delete listener;
+}
+
+// Tests that no events are forwarded when event forwarding is disabled.
+TEST(EventListenerTest, SuppressEventForwarding) {
+  int on_start_counter = 0;
+  TestListener* listener = new TestListener(&on_start_counter, NULL);
+
+  TestEventListeners listeners;
+  listeners.Append(listener);
+  ASSERT_TRUE(TestEventListenersAccessor::EventForwardingEnabled(listeners));
+  TestEventListenersAccessor::SuppressEventForwarding(&listeners);
+  ASSERT_FALSE(TestEventListenersAccessor::EventForwardingEnabled(listeners));
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  EXPECT_EQ(0, on_start_counter);
+}
+
+// Tests that events generated by Google Test are not forwarded in
+// death test subprocesses.
+TEST(EventListenerDeathTest, EventsNotForwardedInDeathTestSubprecesses) {
+  EXPECT_DEATH_IF_SUPPORTED({
+      GTEST_CHECK_(TestEventListenersAccessor::EventForwardingEnabled(
+          *GetUnitTestImpl()->listeners())) << "expected failure";},
+      "expected failure");
+}
+
+// Tests that a listener installed via SetDefaultResultPrinter() starts
+// receiving events and is returned via default_result_printer() and that
+// the previous default_result_printer is removed from the list and deleted.
+TEST(EventListenerTest, default_result_printer) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+
+  TestEventListeners listeners;
+  TestEventListenersAccessor::SetDefaultResultPrinter(&listeners, listener);
+
+  EXPECT_EQ(listener, listeners.default_result_printer());
+
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+
+  EXPECT_EQ(1, on_start_counter);
+
+  // Replacing default_result_printer with something else should remove it
+  // from the list and destroy it.
+  TestEventListenersAccessor::SetDefaultResultPrinter(&listeners, NULL);
+
+  EXPECT_TRUE(listeners.default_result_printer() == NULL);
+  EXPECT_TRUE(is_destroyed);
+
+  // After broadcasting an event the counter is still the same, indicating
+  // the listener is not in the list anymore.
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  EXPECT_EQ(1, on_start_counter);
+}
+
+// Tests that the default_result_printer listener stops receiving events
+// when removed via Release and that is not owned by the list anymore.
+TEST(EventListenerTest, RemovingDefaultResultPrinterWorks) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  // Although Append passes the ownership of this object to the list,
+  // the following calls release it, and we need to delete it before the
+  // test ends.
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    TestEventListenersAccessor::SetDefaultResultPrinter(&listeners, listener);
+
+    EXPECT_EQ(listener, listeners.Release(listener));
+    EXPECT_TRUE(listeners.default_result_printer() == NULL);
+    EXPECT_FALSE(is_destroyed);
+
+    // Broadcasting events now should not affect default_result_printer.
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_EQ(0, on_start_counter);
+  }
+  // Destroying the list should not affect the listener now, too.
+  EXPECT_FALSE(is_destroyed);
+  delete listener;
+}
+
+// Tests that a listener installed via SetDefaultXmlGenerator() starts
+// receiving events and is returned via default_xml_generator() and that
+// the previous default_xml_generator is removed from the list and deleted.
+TEST(EventListenerTest, default_xml_generator) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+
+  TestEventListeners listeners;
+  TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners, listener);
+
+  EXPECT_EQ(listener, listeners.default_xml_generator());
+
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+
+  EXPECT_EQ(1, on_start_counter);
+
+  // Replacing default_xml_generator with something else should remove it
+  // from the list and destroy it.
+  TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners, NULL);
+
+  EXPECT_TRUE(listeners.default_xml_generator() == NULL);
+  EXPECT_TRUE(is_destroyed);
+
+  // After broadcasting an event the counter is still the same, indicating
+  // the listener is not in the list anymore.
+  TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+      *UnitTest::GetInstance());
+  EXPECT_EQ(1, on_start_counter);
+}
+
+// Tests that the default_xml_generator listener stops receiving events
+// when removed via Release and that is not owned by the list anymore.
+TEST(EventListenerTest, RemovingDefaultXmlGeneratorWorks) {
+  int on_start_counter = 0;
+  bool is_destroyed = false;
+  // Although Append passes the ownership of this object to the list,
+  // the following calls release it, and we need to delete it before the
+  // test ends.
+  TestListener* listener = new TestListener(&on_start_counter, &is_destroyed);
+  {
+    TestEventListeners listeners;
+    TestEventListenersAccessor::SetDefaultXmlGenerator(&listeners, listener);
+
+    EXPECT_EQ(listener, listeners.Release(listener));
+    EXPECT_TRUE(listeners.default_xml_generator() == NULL);
+    EXPECT_FALSE(is_destroyed);
+
+    // Broadcasting events now should not affect default_xml_generator.
+    TestEventListenersAccessor::GetRepeater(&listeners)->OnTestProgramStart(
+        *UnitTest::GetInstance());
+    EXPECT_EQ(0, on_start_counter);
+  }
+  // Destroying the list should not affect the listener now, too.
+  EXPECT_FALSE(is_destroyed);
+  delete listener;
+}
+
+// Sanity tests to ensure that the alternative, verbose spellings of
+// some of the macros work.  We don't test them thoroughly as that
+// would be quite involved.  Since their implementations are
+// straightforward, and they are rarely used, we'll just rely on the
+// users to tell us when they are broken.
+GTEST_TEST(AlternativeNameTest, Works) {  // GTEST_TEST is the same as TEST.
+  GTEST_SUCCEED() << "OK";  // GTEST_SUCCEED is the same as SUCCEED.
+
+  // GTEST_FAIL is the same as FAIL.
+  EXPECT_FATAL_FAILURE(GTEST_FAIL() << "An expected failure",
+                       "An expected failure");
+
+  // GTEST_ASSERT_XY is the same as ASSERT_XY.
+
+  GTEST_ASSERT_EQ(0, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_EQ(0, 1) << "An expected failure",
+                       "An expected failure");
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_EQ(1, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_NE(0, 1);
+  GTEST_ASSERT_NE(1, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_NE(0, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_LE(0, 0);
+  GTEST_ASSERT_LE(0, 1);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_LE(1, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_LT(0, 1);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_LT(0, 0) << "An expected failure",
+                       "An expected failure");
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_LT(1, 0) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_GE(0, 0);
+  GTEST_ASSERT_GE(1, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_GE(0, 1) << "An expected failure",
+                       "An expected failure");
+
+  GTEST_ASSERT_GT(1, 0);
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_GT(0, 1) << "An expected failure",
+                       "An expected failure");
+  EXPECT_FATAL_FAILURE(GTEST_ASSERT_GT(1, 1) << "An expected failure",
+                       "An expected failure");
+}
+
+// Tests for internal utilities necessary for implementation of the universal
+// printing.
+// TODO(vladl@google.com): Find a better home for them.
+
+class ConversionHelperBase {};
+class ConversionHelperDerived : public ConversionHelperBase {};
+
+// Tests that IsAProtocolMessage<T>::value is a compile-time constant.
+TEST(IsAProtocolMessageTest, ValueIsCompileTimeConstant) {
+  GTEST_COMPILE_ASSERT_(IsAProtocolMessage<ProtocolMessage>::value,
+                        const_true);
+  GTEST_COMPILE_ASSERT_(!IsAProtocolMessage<int>::value, const_false);
+}
+
+// Tests that IsAProtocolMessage<T>::value is true when T is
+// proto2::Message or a sub-class of it.
+TEST(IsAProtocolMessageTest, ValueIsTrueWhenTypeIsAProtocolMessage) {
+  EXPECT_TRUE(IsAProtocolMessage< ::proto2::Message>::value);
+  EXPECT_TRUE(IsAProtocolMessage<ProtocolMessage>::value);
+}
+
+// Tests that IsAProtocolMessage<T>::value is false when T is neither
+// ProtocolMessage nor a sub-class of it.
+TEST(IsAProtocolMessageTest, ValueIsFalseWhenTypeIsNotAProtocolMessage) {
+  EXPECT_FALSE(IsAProtocolMessage<int>::value);
+  EXPECT_FALSE(IsAProtocolMessage<const ConversionHelperBase>::value);
+}
+
+// Tests that CompileAssertTypesEqual compiles when the type arguments are
+// equal.
+TEST(CompileAssertTypesEqual, CompilesWhenTypesAreEqual) {
+  CompileAssertTypesEqual<void, void>();
+  CompileAssertTypesEqual<int*, int*>();
+}
+
+// Tests that RemoveReference does not affect non-reference types.
+TEST(RemoveReferenceTest, DoesNotAffectNonReferenceType) {
+  CompileAssertTypesEqual<int, RemoveReference<int>::type>();
+  CompileAssertTypesEqual<const char, RemoveReference<const char>::type>();
+}
+
+// Tests that RemoveReference removes reference from reference types.
+TEST(RemoveReferenceTest, RemovesReference) {
+  CompileAssertTypesEqual<int, RemoveReference<int&>::type>();
+  CompileAssertTypesEqual<const char, RemoveReference<const char&>::type>();
+}
+
+// Tests GTEST_REMOVE_REFERENCE_.
+
+template <typename T1, typename T2>
+void TestGTestRemoveReference() {
+  CompileAssertTypesEqual<T1, GTEST_REMOVE_REFERENCE_(T2)>();
+}
+
+TEST(RemoveReferenceTest, MacroVersion) {
+  TestGTestRemoveReference<int, int>();
+  TestGTestRemoveReference<const char, const char&>();
+}
+
+
+// Tests that RemoveConst does not affect non-const types.
+TEST(RemoveConstTest, DoesNotAffectNonConstType) {
+  CompileAssertTypesEqual<int, RemoveConst<int>::type>();
+  CompileAssertTypesEqual<char&, RemoveConst<char&>::type>();
+}
+
+// Tests that RemoveConst removes const from const types.
+TEST(RemoveConstTest, RemovesConst) {
+  CompileAssertTypesEqual<int, RemoveConst<const int>::type>();
+  CompileAssertTypesEqual<char[2], RemoveConst<const char[2]>::type>();
+  CompileAssertTypesEqual<char[2][3], RemoveConst<const char[2][3]>::type>();
+}
+
+// Tests GTEST_REMOVE_CONST_.
+
+template <typename T1, typename T2>
+void TestGTestRemoveConst() {
+  CompileAssertTypesEqual<T1, GTEST_REMOVE_CONST_(T2)>();
+}
+
+TEST(RemoveConstTest, MacroVersion) {
+  TestGTestRemoveConst<int, int>();
+  TestGTestRemoveConst<double&, double&>();
+  TestGTestRemoveConst<char, const char>();
+}
+
+// Tests GTEST_REMOVE_REFERENCE_AND_CONST_.
+
+template <typename T1, typename T2>
+void TestGTestRemoveReferenceAndConst() {
+  CompileAssertTypesEqual<T1, GTEST_REMOVE_REFERENCE_AND_CONST_(T2)>();
+}
+
+TEST(RemoveReferenceToConstTest, Works) {
+  TestGTestRemoveReferenceAndConst<int, int>();
+  TestGTestRemoveReferenceAndConst<double, double&>();
+  TestGTestRemoveReferenceAndConst<char, const char>();
+  TestGTestRemoveReferenceAndConst<char, const char&>();
+  TestGTestRemoveReferenceAndConst<const char*, const char*>();
+}
+
+// Tests that AddReference does not affect reference types.
+TEST(AddReferenceTest, DoesNotAffectReferenceType) {
+  CompileAssertTypesEqual<int&, AddReference<int&>::type>();
+  CompileAssertTypesEqual<const char&, AddReference<const char&>::type>();
+}
+
+// Tests that AddReference adds reference to non-reference types.
+TEST(AddReferenceTest, AddsReference) {
+  CompileAssertTypesEqual<int&, AddReference<int>::type>();
+  CompileAssertTypesEqual<const char&, AddReference<const char>::type>();
+}
+
+// Tests GTEST_ADD_REFERENCE_.
+
+template <typename T1, typename T2>
+void TestGTestAddReference() {
+  CompileAssertTypesEqual<T1, GTEST_ADD_REFERENCE_(T2)>();
+}
+
+TEST(AddReferenceTest, MacroVersion) {
+  TestGTestAddReference<int&, int>();
+  TestGTestAddReference<const char&, const char&>();
+}
+
+// Tests GTEST_REFERENCE_TO_CONST_.
+
+template <typename T1, typename T2>
+void TestGTestReferenceToConst() {
+  CompileAssertTypesEqual<T1, GTEST_REFERENCE_TO_CONST_(T2)>();
+}
+
+TEST(GTestReferenceToConstTest, Works) {
+  TestGTestReferenceToConst<const char&, char>();
+  TestGTestReferenceToConst<const int&, const int>();
+  TestGTestReferenceToConst<const double&, double>();
+  TestGTestReferenceToConst<const std::string&, const std::string&>();
+}
+
+// Tests that ImplicitlyConvertible<T1, T2>::value is a compile-time constant.
+TEST(ImplicitlyConvertibleTest, ValueIsCompileTimeConstant) {
+  GTEST_COMPILE_ASSERT_((ImplicitlyConvertible<int, int>::value), const_true);
+  GTEST_COMPILE_ASSERT_((!ImplicitlyConvertible<void*, int*>::value),
+                        const_false);
+}
+
+// Tests that ImplicitlyConvertible<T1, T2>::value is true when T1 can
+// be implicitly converted to T2.
+TEST(ImplicitlyConvertibleTest, ValueIsTrueWhenConvertible) {
+  EXPECT_TRUE((ImplicitlyConvertible<int, double>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<double, int>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<int*, void*>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<int*, const int*>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<ConversionHelperDerived&,
+                                     const ConversionHelperBase&>::value));
+  EXPECT_TRUE((ImplicitlyConvertible<const ConversionHelperBase,
+                                     ConversionHelperBase>::value));
+}
+
+// Tests that ImplicitlyConvertible<T1, T2>::value is false when T1
+// cannot be implicitly converted to T2.
+TEST(ImplicitlyConvertibleTest, ValueIsFalseWhenNotConvertible) {
+  EXPECT_FALSE((ImplicitlyConvertible<double, int*>::value));
+  EXPECT_FALSE((ImplicitlyConvertible<void*, int*>::value));
+  EXPECT_FALSE((ImplicitlyConvertible<const int*, int*>::value));
+  EXPECT_FALSE((ImplicitlyConvertible<ConversionHelperBase&,
+                                      ConversionHelperDerived&>::value));
+}
+
+// Tests IsContainerTest.
+
+class NonContainer {};
+
+TEST(IsContainerTestTest, WorksForNonContainer) {
+  EXPECT_EQ(sizeof(IsNotContainer), sizeof(IsContainerTest<int>(0)));
+  EXPECT_EQ(sizeof(IsNotContainer), sizeof(IsContainerTest<char[5]>(0)));
+  EXPECT_EQ(sizeof(IsNotContainer), sizeof(IsContainerTest<NonContainer>(0)));
+}
+
+TEST(IsContainerTestTest, WorksForContainer) {
+  EXPECT_EQ(sizeof(IsContainer),
+            sizeof(IsContainerTest<std::vector<bool> >(0)));
+  EXPECT_EQ(sizeof(IsContainer),
+            sizeof(IsContainerTest<std::map<int, double> >(0)));
+}
+
+// Tests ArrayEq().
+
+TEST(ArrayEqTest, WorksForDegeneratedArrays) {
+  EXPECT_TRUE(ArrayEq(5, 5L));
+  EXPECT_FALSE(ArrayEq('a', 0));
+}
+
+TEST(ArrayEqTest, WorksForOneDimensionalArrays) {
+  // Note that a and b are distinct but compatible types.
+  const int a[] = { 0, 1 };
+  long b[] = { 0, 1 };
+  EXPECT_TRUE(ArrayEq(a, b));
+  EXPECT_TRUE(ArrayEq(a, 2, b));
+
+  b[0] = 2;
+  EXPECT_FALSE(ArrayEq(a, b));
+  EXPECT_FALSE(ArrayEq(a, 1, b));
+}
+
+TEST(ArrayEqTest, WorksForTwoDimensionalArrays) {
+  const char a[][3] = { "hi", "lo" };
+  const char b[][3] = { "hi", "lo" };
+  const char c[][3] = { "hi", "li" };
+
+  EXPECT_TRUE(ArrayEq(a, b));
+  EXPECT_TRUE(ArrayEq(a, 2, b));
+
+  EXPECT_FALSE(ArrayEq(a, c));
+  EXPECT_FALSE(ArrayEq(a, 2, c));
+}
+
+// Tests ArrayAwareFind().
+
+TEST(ArrayAwareFindTest, WorksForOneDimensionalArray) {
+  const char a[] = "hello";
+  EXPECT_EQ(a + 4, ArrayAwareFind(a, a + 5, 'o'));
+  EXPECT_EQ(a + 5, ArrayAwareFind(a, a + 5, 'x'));
+}
+
+TEST(ArrayAwareFindTest, WorksForTwoDimensionalArray) {
+  int a[][2] = { { 0, 1 }, { 2, 3 }, { 4, 5 } };
+  const int b[2] = { 2, 3 };
+  EXPECT_EQ(a + 1, ArrayAwareFind(a, a + 3, b));
+
+  const int c[2] = { 6, 7 };
+  EXPECT_EQ(a + 3, ArrayAwareFind(a, a + 3, c));
+}
+
+// Tests CopyArray().
+
+TEST(CopyArrayTest, WorksForDegeneratedArrays) {
+  int n = 0;
+  CopyArray('a', &n);
+  EXPECT_EQ('a', n);
+}
+
+TEST(CopyArrayTest, WorksForOneDimensionalArrays) {
+  const char a[3] = "hi";
+  int b[3];
+#ifndef __BORLANDC__  // C++Builder cannot compile some array size deductions.
+  CopyArray(a, &b);
+  EXPECT_TRUE(ArrayEq(a, b));
+#endif
+
+  int c[3];
+  CopyArray(a, 3, c);
+  EXPECT_TRUE(ArrayEq(a, c));
+}
+
+TEST(CopyArrayTest, WorksForTwoDimensionalArrays) {
+  const int a[2][3] = { { 0, 1, 2 }, { 3, 4, 5 } };
+  int b[2][3];
+#ifndef __BORLANDC__  // C++Builder cannot compile some array size deductions.
+  CopyArray(a, &b);
+  EXPECT_TRUE(ArrayEq(a, b));
+#endif
+
+  int c[2][3];
+  CopyArray(a, 2, c);
+  EXPECT_TRUE(ArrayEq(a, c));
+}
+
+// Tests NativeArray.
+
+TEST(NativeArrayTest, ConstructorFromArrayWorks) {
+  const int a[3] = { 0, 1, 2 };
+  NativeArray<int> na(a, 3, RelationToSourceReference());
+  EXPECT_EQ(3U, na.size());
+  EXPECT_EQ(a, na.begin());
+}
+
+TEST(NativeArrayTest, CreatesAndDeletesCopyOfArrayWhenAskedTo) {
+  typedef int Array[2];
+  Array* a = new Array[1];
+  (*a)[0] = 0;
+  (*a)[1] = 1;
+  NativeArray<int> na(*a, 2, RelationToSourceCopy());
+  EXPECT_NE(*a, na.begin());
+  delete[] a;
+  EXPECT_EQ(0, na.begin()[0]);
+  EXPECT_EQ(1, na.begin()[1]);
+
+  // We rely on the heap checker to verify that na deletes the copy of
+  // array.
+}
+
+TEST(NativeArrayTest, TypeMembersAreCorrect) {
+  StaticAssertTypeEq<char, NativeArray<char>::value_type>();
+  StaticAssertTypeEq<int[2], NativeArray<int[2]>::value_type>();
+
+  StaticAssertTypeEq<const char*, NativeArray<char>::const_iterator>();
+  StaticAssertTypeEq<const bool(*)[2], NativeArray<bool[2]>::const_iterator>();
+}
+
+TEST(NativeArrayTest, MethodsWork) {
+  const int a[3] = { 0, 1, 2 };
+  NativeArray<int> na(a, 3, RelationToSourceCopy());
+  ASSERT_EQ(3U, na.size());
+  EXPECT_EQ(3, na.end() - na.begin());
+
+  NativeArray<int>::const_iterator it = na.begin();
+  EXPECT_EQ(0, *it);
+  ++it;
+  EXPECT_EQ(1, *it);
+  it++;
+  EXPECT_EQ(2, *it);
+  ++it;
+  EXPECT_EQ(na.end(), it);
+
+  EXPECT_TRUE(na == na);
+
+  NativeArray<int> na2(a, 3, RelationToSourceReference());
+  EXPECT_TRUE(na == na2);
+
+  const int b1[3] = { 0, 1, 1 };
+  const int b2[4] = { 0, 1, 2, 3 };
+  EXPECT_FALSE(na == NativeArray<int>(b1, 3, RelationToSourceReference()));
+  EXPECT_FALSE(na == NativeArray<int>(b2, 4, RelationToSourceCopy()));
+}
+
+TEST(NativeArrayTest, WorksForTwoDimensionalArray) {
+  const char a[2][3] = { "hi", "lo" };
+  NativeArray<char[3]> na(a, 2, RelationToSourceReference());
+  ASSERT_EQ(2U, na.size());
+  EXPECT_EQ(a, na.begin());
+}
+
+// Tests SkipPrefix().
+
+TEST(SkipPrefixTest, SkipsWhenPrefixMatches) {
+  const char* const str = "hello";
+
+  const char* p = str;
+  EXPECT_TRUE(SkipPrefix("", &p));
+  EXPECT_EQ(str, p);
+
+  p = str;
+  EXPECT_TRUE(SkipPrefix("hell", &p));
+  EXPECT_EQ(str + 4, p);
+}
+
+TEST(SkipPrefixTest, DoesNotSkipWhenPrefixDoesNotMatch) {
+  const char* const str = "world";
+
+  const char* p = str;
+  EXPECT_FALSE(SkipPrefix("W", &p));
+  EXPECT_EQ(str, p);
+
+  p = str;
+  EXPECT_FALSE(SkipPrefix("world!", &p));
+  EXPECT_EQ(str, p);
+}
+
diff --git a/nss/gtests/google_test/gtest/test/gtest_xml_outfile1_test_.cc b/nss/gtests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
new file mode 100644
index 0000000..531ced4
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_xml_outfile1_test_.cc
@@ -0,0 +1,49 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: keith.ray@gmail.com (Keith Ray)
+//
+// gtest_xml_outfile1_test_ writes some xml via TestProperty used by
+// gtest_xml_outfiles_test.py
+
+#include "gtest/gtest.h"
+
+class PropertyOne : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    RecordProperty("SetUpProp", 1);
+  }
+  virtual void TearDown() {
+    RecordProperty("TearDownProp", 1);
+  }
+};
+
+TEST_F(PropertyOne, TestSomeProperties) {
+  RecordProperty("TestSomeProperty", 1);
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_xml_outfile2_test_.cc b/nss/gtests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
new file mode 100644
index 0000000..7b400b2
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_xml_outfile2_test_.cc
@@ -0,0 +1,49 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: keith.ray@gmail.com (Keith Ray)
+//
+// gtest_xml_outfile2_test_ writes some xml via TestProperty used by
+// gtest_xml_outfiles_test.py
+
+#include "gtest/gtest.h"
+
+class PropertyTwo : public testing::Test {
+ protected:
+  virtual void SetUp() {
+    RecordProperty("SetUpProp", 2);
+  }
+  virtual void TearDown() {
+    RecordProperty("TearDownProp", 2);
+  }
+};
+
+TEST_F(PropertyTwo, TestSomeProperties) {
+  RecordProperty("TestSomeProperty", 2);
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_xml_outfiles_test.py b/nss/gtests/google_test/gtest/test/gtest_xml_outfiles_test.py
new file mode 100755
index 0000000..524e437
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_xml_outfiles_test.py
@@ -0,0 +1,132 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for the gtest_xml_output module."""
+
+__author__ = "keith.ray@gmail.com (Keith Ray)"
+
+import os
+from xml.dom import minidom, Node
+
+import gtest_test_utils
+import gtest_xml_test_utils
+
+
+GTEST_OUTPUT_SUBDIR = "xml_outfiles"
+GTEST_OUTPUT_1_TEST = "gtest_xml_outfile1_test_"
+GTEST_OUTPUT_2_TEST = "gtest_xml_outfile2_test_"
+
+EXPECTED_XML_1 = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="1" failures="0" disabled="0" errors="0" time="*" timestamp="*" name="AllTests">
+  <testsuite name="PropertyOne" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="TestSomeProperties" status="run" time="*" classname="PropertyOne" SetUpProp="1" TestSomeProperty="1" TearDownProp="1" />
+  </testsuite>
+</testsuites>
+"""
+
+EXPECTED_XML_2 = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="1" failures="0" disabled="0" errors="0" time="*" timestamp="*" name="AllTests">
+  <testsuite name="PropertyTwo" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="TestSomeProperties" status="run" time="*" classname="PropertyTwo" SetUpProp="2" TestSomeProperty="2" TearDownProp="2" />
+  </testsuite>
+</testsuites>
+"""
+
+
+class GTestXMLOutFilesTest(gtest_xml_test_utils.GTestXMLTestCase):
+  """Unit test for Google Test's XML output functionality."""
+
+  def setUp(self):
+    # We want the trailing '/' that the last "" provides in os.path.join, for
+    # telling Google Test to create an output directory instead of a single file
+    # for xml output.
+    self.output_dir_ = os.path.join(gtest_test_utils.GetTempDir(),
+                                    GTEST_OUTPUT_SUBDIR, "")
+    self.DeleteFilesAndDir()
+
+  def tearDown(self):
+    self.DeleteFilesAndDir()
+
+  def DeleteFilesAndDir(self):
+    try:
+      os.remove(os.path.join(self.output_dir_, GTEST_OUTPUT_1_TEST + ".xml"))
+    except os.error:
+      pass
+    try:
+      os.remove(os.path.join(self.output_dir_, GTEST_OUTPUT_2_TEST + ".xml"))
+    except os.error:
+      pass
+    try:
+      os.rmdir(self.output_dir_)
+    except os.error:
+      pass
+
+  def testOutfile1(self):
+    self._TestOutFile(GTEST_OUTPUT_1_TEST, EXPECTED_XML_1)
+
+  def testOutfile2(self):
+    self._TestOutFile(GTEST_OUTPUT_2_TEST, EXPECTED_XML_2)
+
+  def _TestOutFile(self, test_name, expected_xml):
+    gtest_prog_path = gtest_test_utils.GetTestExecutablePath(test_name)
+    command = [gtest_prog_path, "--gtest_output=xml:%s" % self.output_dir_]
+    p = gtest_test_utils.Subprocess(command,
+                                    working_dir=gtest_test_utils.GetTempDir())
+    self.assert_(p.exited)
+    self.assertEquals(0, p.exit_code)
+
+    # TODO(wan@google.com): libtool causes the built test binary to be
+    #   named lt-gtest_xml_outfiles_test_ instead of
+    #   gtest_xml_outfiles_test_.  To account for this possibillity, we
+    #   allow both names in the following code.  We should remove this
+    #   hack when Chandler Carruth's libtool replacement tool is ready.
+    output_file_name1 = test_name + ".xml"
+    output_file1 = os.path.join(self.output_dir_, output_file_name1)
+    output_file_name2 = 'lt-' + output_file_name1
+    output_file2 = os.path.join(self.output_dir_, output_file_name2)
+    self.assert_(os.path.isfile(output_file1) or os.path.isfile(output_file2),
+                 output_file1)
+
+    expected = minidom.parseString(expected_xml)
+    if os.path.isfile(output_file1):
+      actual = minidom.parse(output_file1)
+    else:
+      actual = minidom.parse(output_file2)
+    self.NormalizeXml(actual.documentElement)
+    self.AssertEquivalentNodes(expected.documentElement,
+                               actual.documentElement)
+    expected.unlink()
+    actual.unlink()
+
+
+if __name__ == "__main__":
+  os.environ["GTEST_STACK_TRACE_DEPTH"] = "0"
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py b/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py
new file mode 100755
index 0000000..f605d4e
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py
@@ -0,0 +1,307 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test for the gtest_xml_output module"""
+
+__author__ = 'eefacm@gmail.com (Sean Mcafee)'
+
+import datetime
+import errno
+import os
+import re
+import sys
+from xml.dom import minidom, Node
+
+import gtest_test_utils
+import gtest_xml_test_utils
+
+
+GTEST_FILTER_FLAG = '--gtest_filter'
+GTEST_LIST_TESTS_FLAG = '--gtest_list_tests'
+GTEST_OUTPUT_FLAG         = "--gtest_output"
+GTEST_DEFAULT_OUTPUT_FILE = "test_detail.xml"
+GTEST_PROGRAM_NAME = "gtest_xml_output_unittest_"
+
+SUPPORTS_STACK_TRACES = False
+
+if SUPPORTS_STACK_TRACES:
+  STACK_TRACE_TEMPLATE = '\nStack trace:\n*'
+else:
+  STACK_TRACE_TEMPLATE = ''
+
+EXPECTED_NON_EMPTY_XML = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="23" failures="4" disabled="2" errors="0" time="*" timestamp="*" name="AllTests" ad_hoc_property="42">
+  <testsuite name="SuccessfulTest" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="Succeeds" status="run" time="*" classname="SuccessfulTest"/>
+  </testsuite>
+  <testsuite name="FailedTest" tests="1" failures="1" disabled="0" errors="0" time="*">
+    <testcase name="Fails" status="run" time="*" classname="FailedTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Value of: 2&#x0A;Expected: 1" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Value of: 2
+Expected: 1%(stack)s]]></failure>
+    </testcase>
+  </testsuite>
+  <testsuite name="MixedResultTest" tests="3" failures="1" disabled="1" errors="0" time="*">
+    <testcase name="Succeeds" status="run" time="*" classname="MixedResultTest"/>
+    <testcase name="Fails" status="run" time="*" classname="MixedResultTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Value of: 2&#x0A;Expected: 1" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Value of: 2
+Expected: 1%(stack)s]]></failure>
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Value of: 3&#x0A;Expected: 2" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Value of: 3
+Expected: 2%(stack)s]]></failure>
+    </testcase>
+    <testcase name="DISABLED_test" status="notrun" time="*" classname="MixedResultTest"/>
+  </testsuite>
+  <testsuite name="XmlQuotingTest" tests="1" failures="1" disabled="0" errors="0" time="*">
+    <testcase name="OutputsCData" status="run" time="*" classname="XmlQuotingTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Failed&#x0A;XML output: &lt;?xml encoding=&quot;utf-8&quot;&gt;&lt;top&gt;&lt;![CDATA[cdata text]]&gt;&lt;/top&gt;" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Failed
+XML output: <?xml encoding="utf-8"><top><![CDATA[cdata text]]>]]&gt;<![CDATA[</top>%(stack)s]]></failure>
+    </testcase>
+  </testsuite>
+  <testsuite name="InvalidCharactersTest" tests="1" failures="1" disabled="0" errors="0" time="*">
+    <testcase name="InvalidCharactersInMessage" status="run" time="*" classname="InvalidCharactersTest">
+      <failure message="gtest_xml_output_unittest_.cc:*&#x0A;Failed&#x0A;Invalid characters in brackets []" type=""><![CDATA[gtest_xml_output_unittest_.cc:*
+Failed
+Invalid characters in brackets []%(stack)s]]></failure>
+    </testcase>
+  </testsuite>
+  <testsuite name="DisabledTest" tests="1" failures="0" disabled="1" errors="0" time="*">
+    <testcase name="DISABLED_test_not_run" status="notrun" time="*" classname="DisabledTest"/>
+  </testsuite>
+  <testsuite name="PropertyRecordingTest" tests="4" failures="0" disabled="0" errors="0" time="*" SetUpTestCase="yes" TearDownTestCase="aye">
+    <testcase name="OneProperty" status="run" time="*" classname="PropertyRecordingTest" key_1="1"/>
+    <testcase name="IntValuedProperty" status="run" time="*" classname="PropertyRecordingTest" key_int="1"/>
+    <testcase name="ThreeProperties" status="run" time="*" classname="PropertyRecordingTest" key_1="1" key_2="2" key_3="3"/>
+    <testcase name="TwoValuesForOneKeyUsesLastValue" status="run" time="*" classname="PropertyRecordingTest" key_1="2"/>
+  </testsuite>
+  <testsuite name="NoFixtureTest" tests="3" failures="0" disabled="0" errors="0" time="*">
+     <testcase name="RecordProperty" status="run" time="*" classname="NoFixtureTest" key="1"/>
+     <testcase name="ExternalUtilityThatCallsRecordIntValuedProperty" status="run" time="*" classname="NoFixtureTest" key_for_utility_int="1"/>
+     <testcase name="ExternalUtilityThatCallsRecordStringValuedProperty" status="run" time="*" classname="NoFixtureTest" key_for_utility_string="1"/>
+  </testsuite>
+  <testsuite name="Single/ValueParamTest" tests="4" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasValueParamAttribute/0" value_param="33" status="run" time="*" classname="Single/ValueParamTest" />
+    <testcase name="HasValueParamAttribute/1" value_param="42" status="run" time="*" classname="Single/ValueParamTest" />
+    <testcase name="AnotherTestThatHasValueParamAttribute/0" value_param="33" status="run" time="*" classname="Single/ValueParamTest" />
+    <testcase name="AnotherTestThatHasValueParamAttribute/1" value_param="42" status="run" time="*" classname="Single/ValueParamTest" />
+  </testsuite>
+  <testsuite name="TypedTest/0" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="TypedTest/0" />
+  </testsuite>
+  <testsuite name="TypedTest/1" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="TypedTest/1" />
+  </testsuite>
+  <testsuite name="Single/TypeParameterizedTestCase/0" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="Single/TypeParameterizedTestCase/0" />
+  </testsuite>
+  <testsuite name="Single/TypeParameterizedTestCase/1" tests="1" failures="0" disabled="0" errors="0" time="*">
+    <testcase name="HasTypeParamAttribute" type_param="*" status="run" time="*" classname="Single/TypeParameterizedTestCase/1" />
+  </testsuite>
+</testsuites>""" % {'stack': STACK_TRACE_TEMPLATE}
+
+EXPECTED_FILTERED_TEST_XML = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="1" failures="0" disabled="0" errors="0" time="*"
+            timestamp="*" name="AllTests" ad_hoc_property="42">
+  <testsuite name="SuccessfulTest" tests="1" failures="0" disabled="0"
+             errors="0" time="*">
+    <testcase name="Succeeds" status="run" time="*" classname="SuccessfulTest"/>
+  </testsuite>
+</testsuites>"""
+
+EXPECTED_EMPTY_XML = """<?xml version="1.0" encoding="UTF-8"?>
+<testsuites tests="0" failures="0" disabled="0" errors="0" time="*"
+            timestamp="*" name="AllTests">
+</testsuites>"""
+
+GTEST_PROGRAM_PATH = gtest_test_utils.GetTestExecutablePath(GTEST_PROGRAM_NAME)
+
+SUPPORTS_TYPED_TESTS = 'TypedTest' in gtest_test_utils.Subprocess(
+    [GTEST_PROGRAM_PATH, GTEST_LIST_TESTS_FLAG], capture_stderr=False).output
+
+
+class GTestXMLOutputUnitTest(gtest_xml_test_utils.GTestXMLTestCase):
+  """
+  Unit test for Google Test's XML output functionality.
+  """
+
+  # This test currently breaks on platforms that do not support typed and
+  # type-parameterized tests, so we don't run it under them.
+  if SUPPORTS_TYPED_TESTS:
+    def testNonEmptyXmlOutput(self):
+      """
+      Runs a test program that generates a non-empty XML output, and
+      tests that the XML output is expected.
+      """
+      self._TestXmlOutput(GTEST_PROGRAM_NAME, EXPECTED_NON_EMPTY_XML, 1)
+
+  def testEmptyXmlOutput(self):
+    """Verifies XML output for a Google Test binary without actual tests.
+
+    Runs a test program that generates an empty XML output, and
+    tests that the XML output is expected.
+    """
+
+    self._TestXmlOutput('gtest_no_test_unittest', EXPECTED_EMPTY_XML, 0)
+
+  def testTimestampValue(self):
+    """Checks whether the timestamp attribute in the XML output is valid.
+
+    Runs a test program that generates an empty XML output, and checks if
+    the timestamp attribute in the testsuites tag is valid.
+    """
+    actual = self._GetXmlOutput('gtest_no_test_unittest', [], 0)
+    date_time_str = actual.documentElement.getAttributeNode('timestamp').value
+    # datetime.strptime() is only available in Python 2.5+ so we have to
+    # parse the expected datetime manually.
+    match = re.match(r'(\d+)-(\d\d)-(\d\d)T(\d\d):(\d\d):(\d\d)', date_time_str)
+    self.assertTrue(
+        re.match,
+        'XML datettime string %s has incorrect format' % date_time_str)
+    date_time_from_xml = datetime.datetime(
+        year=int(match.group(1)), month=int(match.group(2)),
+        day=int(match.group(3)), hour=int(match.group(4)),
+        minute=int(match.group(5)), second=int(match.group(6)))
+
+    time_delta = abs(datetime.datetime.now() - date_time_from_xml)
+    # timestamp value should be near the current local time
+    self.assertTrue(time_delta < datetime.timedelta(seconds=600),
+                    'time_delta is %s' % time_delta)
+    actual.unlink()
+
+  def testDefaultOutputFile(self):
+    """
+    Confirms that Google Test produces an XML output file with the expected
+    default name if no name is explicitly specified.
+    """
+    output_file = os.path.join(gtest_test_utils.GetTempDir(),
+                               GTEST_DEFAULT_OUTPUT_FILE)
+    gtest_prog_path = gtest_test_utils.GetTestExecutablePath(
+        'gtest_no_test_unittest')
+    try:
+      os.remove(output_file)
+    except OSError, e:
+      if e.errno != errno.ENOENT:
+        raise
+
+    p = gtest_test_utils.Subprocess(
+        [gtest_prog_path, '%s=xml' % GTEST_OUTPUT_FLAG],
+        working_dir=gtest_test_utils.GetTempDir())
+    self.assert_(p.exited)
+    self.assertEquals(0, p.exit_code)
+    self.assert_(os.path.isfile(output_file))
+
+  def testSuppressedXmlOutput(self):
+    """
+    Tests that no XML file is generated if the default XML listener is
+    shut down before RUN_ALL_TESTS is invoked.
+    """
+
+    xml_path = os.path.join(gtest_test_utils.GetTempDir(),
+                            GTEST_PROGRAM_NAME + 'out.xml')
+    if os.path.isfile(xml_path):
+      os.remove(xml_path)
+
+    command = [GTEST_PROGRAM_PATH,
+               '%s=xml:%s' % (GTEST_OUTPUT_FLAG, xml_path),
+               '--shut_down_xml']
+    p = gtest_test_utils.Subprocess(command)
+    if p.terminated_by_signal:
+      # p.signal is avalable only if p.terminated_by_signal is True.
+      self.assertFalse(
+          p.terminated_by_signal,
+          '%s was killed by signal %d' % (GTEST_PROGRAM_NAME, p.signal))
+    else:
+      self.assert_(p.exited)
+      self.assertEquals(1, p.exit_code,
+                        "'%s' exited with code %s, which doesn't match "
+                        'the expected exit code %s.'
+                        % (command, p.exit_code, 1))
+
+    self.assert_(not os.path.isfile(xml_path))
+
+  def testFilteredTestXmlOutput(self):
+    """Verifies XML output when a filter is applied.
+
+    Runs a test program that executes only some tests and verifies that
+    non-selected tests do not show up in the XML output.
+    """
+
+    self._TestXmlOutput(GTEST_PROGRAM_NAME, EXPECTED_FILTERED_TEST_XML, 0,
+                        extra_args=['%s=SuccessfulTest.*' % GTEST_FILTER_FLAG])
+
+  def _GetXmlOutput(self, gtest_prog_name, extra_args, expected_exit_code):
+    """
+    Returns the xml output generated by running the program gtest_prog_name.
+    Furthermore, the program's exit code must be expected_exit_code.
+    """
+    xml_path = os.path.join(gtest_test_utils.GetTempDir(),
+                            gtest_prog_name + 'out.xml')
+    gtest_prog_path = gtest_test_utils.GetTestExecutablePath(gtest_prog_name)
+
+    command = ([gtest_prog_path, '%s=xml:%s' % (GTEST_OUTPUT_FLAG, xml_path)] +
+               extra_args)
+    p = gtest_test_utils.Subprocess(command)
+    if p.terminated_by_signal:
+      self.assert_(False,
+                   '%s was killed by signal %d' % (gtest_prog_name, p.signal))
+    else:
+      self.assert_(p.exited)
+      self.assertEquals(expected_exit_code, p.exit_code,
+                        "'%s' exited with code %s, which doesn't match "
+                        'the expected exit code %s.'
+                        % (command, p.exit_code, expected_exit_code))
+    actual = minidom.parse(xml_path)
+    return actual
+
+  def _TestXmlOutput(self, gtest_prog_name, expected_xml,
+                     expected_exit_code, extra_args=None):
+    """
+    Asserts that the XML document generated by running the program
+    gtest_prog_name matches expected_xml, a string containing another
+    XML document.  Furthermore, the program's exit code must be
+    expected_exit_code.
+    """
+
+    actual = self._GetXmlOutput(gtest_prog_name, extra_args or [],
+                                expected_exit_code)
+    expected = minidom.parseString(expected_xml)
+    self.NormalizeXml(actual.documentElement)
+    self.AssertEquivalentNodes(expected.documentElement,
+                               actual.documentElement)
+    expected.unlink()
+    actual.unlink()
+
+
+if __name__ == '__main__':
+  os.environ['GTEST_STACK_TRACE_DEPTH'] = '1'
+  gtest_test_utils.Main()
diff --git a/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc b/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc
new file mode 100644
index 0000000..48b8771
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest_.cc
@@ -0,0 +1,181 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Author: eefacm@gmail.com (Sean Mcafee)
+
+// Unit test for Google Test XML output.
+//
+// A user can specify XML output in a Google Test program to run via
+// either the GTEST_OUTPUT environment variable or the --gtest_output
+// flag.  This is used for testing such functionality.
+//
+// This program will be invoked from a Python unit test.  Don't run it
+// directly.
+
+#include "gtest/gtest.h"
+
+using ::testing::InitGoogleTest;
+using ::testing::TestEventListeners;
+using ::testing::TestWithParam;
+using ::testing::UnitTest;
+using ::testing::Test;
+using ::testing::Values;
+
+class SuccessfulTest : public Test {
+};
+
+TEST_F(SuccessfulTest, Succeeds) {
+  SUCCEED() << "This is a success.";
+  ASSERT_EQ(1, 1);
+}
+
+class FailedTest : public Test {
+};
+
+TEST_F(FailedTest, Fails) {
+  ASSERT_EQ(1, 2);
+}
+
+class DisabledTest : public Test {
+};
+
+TEST_F(DisabledTest, DISABLED_test_not_run) {
+  FAIL() << "Unexpected failure: Disabled test should not be run";
+}
+
+TEST(MixedResultTest, Succeeds) {
+  EXPECT_EQ(1, 1);
+  ASSERT_EQ(1, 1);
+}
+
+TEST(MixedResultTest, Fails) {
+  EXPECT_EQ(1, 2);
+  ASSERT_EQ(2, 3);
+}
+
+TEST(MixedResultTest, DISABLED_test) {
+  FAIL() << "Unexpected failure: Disabled test should not be run";
+}
+
+TEST(XmlQuotingTest, OutputsCData) {
+  FAIL() << "XML output: "
+            "<?xml encoding=\"utf-8\"><top><![CDATA[cdata text]]></top>";
+}
+
+// Helps to test that invalid characters produced by test code do not make
+// it into the XML file.
+TEST(InvalidCharactersTest, InvalidCharactersInMessage) {
+  FAIL() << "Invalid characters in brackets [\x1\x2]";
+}
+
+class PropertyRecordingTest : public Test {
+ public:
+  static void SetUpTestCase() { RecordProperty("SetUpTestCase", "yes"); }
+  static void TearDownTestCase() { RecordProperty("TearDownTestCase", "aye"); }
+};
+
+TEST_F(PropertyRecordingTest, OneProperty) {
+  RecordProperty("key_1", "1");
+}
+
+TEST_F(PropertyRecordingTest, IntValuedProperty) {
+  RecordProperty("key_int", 1);
+}
+
+TEST_F(PropertyRecordingTest, ThreeProperties) {
+  RecordProperty("key_1", "1");
+  RecordProperty("key_2", "2");
+  RecordProperty("key_3", "3");
+}
+
+TEST_F(PropertyRecordingTest, TwoValuesForOneKeyUsesLastValue) {
+  RecordProperty("key_1", "1");
+  RecordProperty("key_1", "2");
+}
+
+TEST(NoFixtureTest, RecordProperty) {
+  RecordProperty("key", "1");
+}
+
+void ExternalUtilityThatCallsRecordProperty(const std::string& key, int value) {
+  testing::Test::RecordProperty(key, value);
+}
+
+void ExternalUtilityThatCallsRecordProperty(const std::string& key,
+                                            const std::string& value) {
+  testing::Test::RecordProperty(key, value);
+}
+
+TEST(NoFixtureTest, ExternalUtilityThatCallsRecordIntValuedProperty) {
+  ExternalUtilityThatCallsRecordProperty("key_for_utility_int", 1);
+}
+
+TEST(NoFixtureTest, ExternalUtilityThatCallsRecordStringValuedProperty) {
+  ExternalUtilityThatCallsRecordProperty("key_for_utility_string", "1");
+}
+
+// Verifies that the test parameter value is output in the 'value_param'
+// XML attribute for value-parameterized tests.
+class ValueParamTest : public TestWithParam<int> {};
+TEST_P(ValueParamTest, HasValueParamAttribute) {}
+TEST_P(ValueParamTest, AnotherTestThatHasValueParamAttribute) {}
+INSTANTIATE_TEST_CASE_P(Single, ValueParamTest, Values(33, 42));
+
+#if GTEST_HAS_TYPED_TEST
+// Verifies that the type parameter name is output in the 'type_param'
+// XML attribute for typed tests.
+template <typename T> class TypedTest : public Test {};
+typedef testing::Types<int, long> TypedTestTypes;
+TYPED_TEST_CASE(TypedTest, TypedTestTypes);
+TYPED_TEST(TypedTest, HasTypeParamAttribute) {}
+#endif
+
+#if GTEST_HAS_TYPED_TEST_P
+// Verifies that the type parameter name is output in the 'type_param'
+// XML attribute for type-parameterized tests.
+template <typename T> class TypeParameterizedTestCase : public Test {};
+TYPED_TEST_CASE_P(TypeParameterizedTestCase);
+TYPED_TEST_P(TypeParameterizedTestCase, HasTypeParamAttribute) {}
+REGISTER_TYPED_TEST_CASE_P(TypeParameterizedTestCase, HasTypeParamAttribute);
+typedef testing::Types<int, long> TypeParameterizedTestCaseTypes;
+INSTANTIATE_TYPED_TEST_CASE_P(Single,
+                              TypeParameterizedTestCase,
+                              TypeParameterizedTestCaseTypes);
+#endif
+
+int main(int argc, char** argv) {
+  InitGoogleTest(&argc, argv);
+
+  if (argc > 1 && strcmp(argv[1], "--shut_down_xml") == 0) {
+    TestEventListeners& listeners = UnitTest::GetInstance()->listeners();
+    delete listeners.Release(listeners.default_xml_generator());
+  }
+  testing::Test::RecordProperty("ad_hoc_property", "42");
+  return RUN_ALL_TESTS();
+}
diff --git a/nss/gtests/google_test/gtest/test/gtest_xml_test_utils.py b/nss/gtests/google_test/gtest/test/gtest_xml_test_utils.py
new file mode 100755
index 0000000..3d0c3b2
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/gtest_xml_test_utils.py
@@ -0,0 +1,194 @@
+#!/usr/bin/env python
+#
+# Copyright 2006, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""Unit test utilities for gtest_xml_output"""
+
+__author__ = 'eefacm@gmail.com (Sean Mcafee)'
+
+import re
+from xml.dom import minidom, Node
+
+import gtest_test_utils
+
+
+GTEST_OUTPUT_FLAG         = '--gtest_output'
+GTEST_DEFAULT_OUTPUT_FILE = 'test_detail.xml'
+
+class GTestXMLTestCase(gtest_test_utils.TestCase):
+  """
+  Base class for tests of Google Test's XML output functionality.
+  """
+
+
+  def AssertEquivalentNodes(self, expected_node, actual_node):
+    """
+    Asserts that actual_node (a DOM node object) is equivalent to
+    expected_node (another DOM node object), in that either both of
+    them are CDATA nodes and have the same value, or both are DOM
+    elements and actual_node meets all of the following conditions:
+
+    *  It has the same tag name as expected_node.
+    *  It has the same set of attributes as expected_node, each with
+       the same value as the corresponding attribute of expected_node.
+       Exceptions are any attribute named "time", which needs only be
+       convertible to a floating-point number and any attribute named
+       "type_param" which only has to be non-empty.
+    *  It has an equivalent set of child nodes (including elements and
+       CDATA sections) as expected_node.  Note that we ignore the
+       order of the children as they are not guaranteed to be in any
+       particular order.
+    """
+
+    if expected_node.nodeType == Node.CDATA_SECTION_NODE:
+      self.assertEquals(Node.CDATA_SECTION_NODE, actual_node.nodeType)
+      self.assertEquals(expected_node.nodeValue, actual_node.nodeValue)
+      return
+
+    self.assertEquals(Node.ELEMENT_NODE, actual_node.nodeType)
+    self.assertEquals(Node.ELEMENT_NODE, expected_node.nodeType)
+    self.assertEquals(expected_node.tagName, actual_node.tagName)
+
+    expected_attributes = expected_node.attributes
+    actual_attributes   = actual_node  .attributes
+    self.assertEquals(
+        expected_attributes.length, actual_attributes.length,
+        'attribute numbers differ in element %s:\nExpected: %r\nActual: %r' % (
+            actual_node.tagName, expected_attributes.keys(),
+            actual_attributes.keys()))
+    for i in range(expected_attributes.length):
+      expected_attr = expected_attributes.item(i)
+      actual_attr   = actual_attributes.get(expected_attr.name)
+      self.assert_(
+          actual_attr is not None,
+          'expected attribute %s not found in element %s' %
+          (expected_attr.name, actual_node.tagName))
+      self.assertEquals(
+          expected_attr.value, actual_attr.value,
+          ' values of attribute %s in element %s differ: %s vs %s' %
+          (expected_attr.name, actual_node.tagName,
+           expected_attr.value, actual_attr.value))
+
+    expected_children = self._GetChildren(expected_node)
+    actual_children = self._GetChildren(actual_node)
+    self.assertEquals(
+        len(expected_children), len(actual_children),
+        'number of child elements differ in element ' + actual_node.tagName)
+    for child_id, child in expected_children.iteritems():
+      self.assert_(child_id in actual_children,
+                   '<%s> is not in <%s> (in element %s)' %
+                   (child_id, actual_children, actual_node.tagName))
+      self.AssertEquivalentNodes(child, actual_children[child_id])
+
+  identifying_attribute = {
+    'testsuites': 'name',
+    'testsuite': 'name',
+    'testcase':  'name',
+    'failure':   'message',
+    }
+
+  def _GetChildren(self, element):
+    """
+    Fetches all of the child nodes of element, a DOM Element object.
+    Returns them as the values of a dictionary keyed by the IDs of the
+    children.  For <testsuites>, <testsuite> and <testcase> elements, the ID
+    is the value of their "name" attribute; for <failure> elements, it is
+    the value of the "message" attribute; CDATA sections and non-whitespace
+    text nodes are concatenated into a single CDATA section with ID
+    "detail".  An exception is raised if any element other than the above
+    four is encountered, if two child elements with the same identifying
+    attributes are encountered, or if any other type of node is encountered.
+    """
+
+    children = {}
+    for child in element.childNodes:
+      if child.nodeType == Node.ELEMENT_NODE:
+        self.assert_(child.tagName in self.identifying_attribute,
+                     'Encountered unknown element <%s>' % child.tagName)
+        childID = child.getAttribute(self.identifying_attribute[child.tagName])
+        self.assert_(childID not in children)
+        children[childID] = child
+      elif child.nodeType in [Node.TEXT_NODE, Node.CDATA_SECTION_NODE]:
+        if 'detail' not in children:
+          if (child.nodeType == Node.CDATA_SECTION_NODE or
+              not child.nodeValue.isspace()):
+            children['detail'] = child.ownerDocument.createCDATASection(
+                child.nodeValue)
+        else:
+          children['detail'].nodeValue += child.nodeValue
+      else:
+        self.fail('Encountered unexpected node type %d' % child.nodeType)
+    return children
+
+  def NormalizeXml(self, element):
+    """
+    Normalizes Google Test's XML output to eliminate references to transient
+    information that may change from run to run.
+
+    *  The "time" attribute of <testsuites>, <testsuite> and <testcase>
+       elements is replaced with a single asterisk, if it contains
+       only digit characters.
+    *  The "timestamp" attribute of <testsuites> elements is replaced with a
+       single asterisk, if it contains a valid ISO8601 datetime value.
+    *  The "type_param" attribute of <testcase> elements is replaced with a
+       single asterisk (if it sn non-empty) as it is the type name returned
+       by the compiler and is platform dependent.
+    *  The line info reported in the first line of the "message"
+       attribute and CDATA section of <failure> elements is replaced with the
+       file's basename and a single asterisk for the line number.
+    *  The directory names in file paths are removed.
+    *  The stack traces are removed.
+    """
+
+    if element.tagName == 'testsuites':
+      timestamp = element.getAttributeNode('timestamp')
+      timestamp.value = re.sub(r'^\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d$',
+                               '*', timestamp.value)
+    if element.tagName in ('testsuites', 'testsuite', 'testcase'):
+      time = element.getAttributeNode('time')
+      time.value = re.sub(r'^\d+(\.\d+)?$', '*', time.value)
+      type_param = element.getAttributeNode('type_param')
+      if type_param and type_param.value:
+        type_param.value = '*'
+    elif element.tagName == 'failure':
+      source_line_pat = r'^.*[/\\](.*:)\d+\n'
+      # Replaces the source line information with a normalized form.
+      message = element.getAttributeNode('message')
+      message.value = re.sub(source_line_pat, '\\1*\n', message.value)
+      for child in element.childNodes:
+        if child.nodeType == Node.CDATA_SECTION_NODE:
+          # Replaces the source line information with a normalized form.
+          cdata = re.sub(source_line_pat, '\\1*\n', child.nodeValue)
+          # Removes the actual stack trace.
+          child.nodeValue = re.sub(r'\nStack trace:\n(.|\n)*',
+                                   '', cdata)
+    for child in element.childNodes:
+      if child.nodeType == Node.ELEMENT_NODE:
+        self.NormalizeXml(child)
diff --git a/nss/gtests/google_test/gtest/test/production.cc b/nss/gtests/google_test/gtest/test/production.cc
new file mode 100644
index 0000000..8b8a40b
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/production.cc
@@ -0,0 +1,36 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// This is part of the unit test for include/gtest/gtest_prod.h.
+
+#include "production.h"
+
+PrivateCode::PrivateCode() : x_(0) {}
diff --git a/nss/gtests/google_test/gtest/test/production.h b/nss/gtests/google_test/gtest/test/production.h
new file mode 100644
index 0000000..98fd5e4
--- /dev/null
+++ b/nss/gtests/google_test/gtest/test/production.h
@@ -0,0 +1,55 @@
+// Copyright 2006, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: wan@google.com (Zhanyong Wan)
+//
+// This is part of the unit test for include/gtest/gtest_prod.h.
+
+#ifndef GTEST_TEST_PRODUCTION_H_
+#define GTEST_TEST_PRODUCTION_H_
+
+#include "gtest/gtest_prod.h"
+
+class PrivateCode {
+ public:
+  // Declares a friend test that does not use a fixture.
+  FRIEND_TEST(PrivateCodeTest, CanAccessPrivateMembers);
+
+  // Declares a friend test that uses a fixture.
+  FRIEND_TEST(PrivateCodeFixtureTest, CanAccessPrivateMembers);
+
+  PrivateCode();
+
+  int x() const { return x_; }
+ private:
+  void set_x(int an_x) { x_ = an_x; }
+  int x_;
+};
+
+#endif  // GTEST_TEST_PRODUCTION_H_
diff --git a/nss/gtests/google_test/gtest/xcode/Config/DebugProject.xcconfig b/nss/gtests/google_test/gtest/xcode/Config/DebugProject.xcconfig
new file mode 100644
index 0000000..3d68157
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Config/DebugProject.xcconfig
@@ -0,0 +1,30 @@
+//
+//  DebugProject.xcconfig
+//
+//  These are Debug Configuration project settings for the gtest framework and
+//  examples. It is set in the "Based On:" dropdown in the "Project" info
+//  dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+#include "General.xcconfig"
+
+// No optimization
+GCC_OPTIMIZATION_LEVEL = 0
+
+// Deployment postprocessing is what triggers Xcode to strip, turn it off
+DEPLOYMENT_POSTPROCESSING = NO
+
+// Dead code stripping off
+DEAD_CODE_STRIPPING = NO
+
+// Debug symbols should be on obviously
+GCC_GENERATE_DEBUGGING_SYMBOLS = YES
+
+// Define the DEBUG macro in all debug builds
+OTHER_CFLAGS = $(OTHER_CFLAGS) -DDEBUG=1
+
+// These are turned off to avoid STL incompatibilities with client code
+// // Turns on special C++ STL checks to "encourage" good STL use
+// GCC_PREPROCESSOR_DEFINITIONS = $(GCC_PREPROCESSOR_DEFINITIONS) _GLIBCXX_DEBUG_PEDANTIC _GLIBCXX_DEBUG _GLIBCPP_CONCEPT_CHECKS
diff --git a/nss/gtests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig b/nss/gtests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
new file mode 100644
index 0000000..357b1c8
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Config/FrameworkTarget.xcconfig
@@ -0,0 +1,17 @@
+//
+//  FrameworkTarget.xcconfig
+//
+//  These are Framework target settings for the gtest framework and examples. It
+//  is set in the "Based On:" dropdown in the "Target" info dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+// Dynamic libs need to be position independent
+GCC_DYNAMIC_NO_PIC = NO
+
+// Dynamic libs should not have their external symbols stripped.
+STRIP_STYLE = non-global
+
+// Let the user install by specifying the $DSTROOT with xcodebuild
+SKIP_INSTALL = NO
diff --git a/nss/gtests/google_test/gtest/xcode/Config/General.xcconfig b/nss/gtests/google_test/gtest/xcode/Config/General.xcconfig
new file mode 100644
index 0000000..f23e322
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Config/General.xcconfig
@@ -0,0 +1,41 @@
+//
+//  General.xcconfig
+//
+//  These are General configuration settings for the gtest framework and
+//  examples.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+// Build for PPC and Intel, 32- and 64-bit
+ARCHS = i386 x86_64 ppc ppc64
+
+// Zerolink prevents link warnings so turn it off
+ZERO_LINK = NO
+
+// Prebinding considered unhelpful in 10.3 and later
+PREBINDING = NO
+
+// Strictest warning policy
+WARNING_CFLAGS = -Wall -Werror -Wendif-labels -Wnewline-eof -Wno-sign-compare -Wshadow
+
+// Work around Xcode bugs by using external strip. See:
+// http://lists.apple.com/archives/Xcode-users/2006/Feb/msg00050.html
+SEPARATE_STRIP = YES
+
+// Force C99 dialect
+GCC_C_LANGUAGE_STANDARD = c99
+
+// not sure why apple defaults this on, but it's pretty risky
+ALWAYS_SEARCH_USER_PATHS = NO
+
+// Turn on position dependent code for most cases (overridden where appropriate)
+GCC_DYNAMIC_NO_PIC = YES
+
+// Default SDK and minimum OS version is 10.4
+SDKROOT = $(DEVELOPER_SDK_DIR)/MacOSX10.4u.sdk
+MACOSX_DEPLOYMENT_TARGET = 10.4
+GCC_VERSION = 4.0
+
+// VERSIONING BUILD SETTINGS (used in Info.plist)
+GTEST_VERSIONINFO_ABOUT =  © 2008 Google Inc.
diff --git a/nss/gtests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig b/nss/gtests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
new file mode 100644
index 0000000..5349f0a
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Config/ReleaseProject.xcconfig
@@ -0,0 +1,32 @@
+//
+//  ReleaseProject.xcconfig
+//
+//  These are Release Configuration project settings for the gtest framework
+//  and examples. It is set in the "Based On:" dropdown in the "Project" info
+//  dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+#include "General.xcconfig"
+
+// subconfig/Release.xcconfig
+
+// Optimize for space and size (Apple recommendation)
+GCC_OPTIMIZATION_LEVEL = s
+
+// Deploment postprocessing is what triggers Xcode to strip
+DEPLOYMENT_POSTPROCESSING = YES
+
+// No symbols
+GCC_GENERATE_DEBUGGING_SYMBOLS = NO
+
+// Dead code strip does not affect ObjC code but can help for C
+DEAD_CODE_STRIPPING = YES
+
+// NDEBUG is used by things like assert.h, so define it for general compat.
+// ASSERT going away in release tends to create unused vars.
+OTHER_CFLAGS = $(OTHER_CFLAGS) -DNDEBUG=1 -Wno-unused-variable
+
+// When we strip we want to strip all symbols in release, but save externals.
+STRIP_STYLE = all
diff --git a/nss/gtests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig b/nss/gtests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
new file mode 100644
index 0000000..3922fa5
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Config/StaticLibraryTarget.xcconfig
@@ -0,0 +1,18 @@
+//
+//  StaticLibraryTarget.xcconfig
+//
+//  These are static library target settings for libgtest.a. It
+//  is set in the "Based On:" dropdown in the "Target" info dialog.
+//  This file is based on the Xcode Configuration files in:
+//  http://code.google.com/p/google-toolbox-for-mac/
+// 
+
+// Static libs can be included in bundles so make them position independent
+GCC_DYNAMIC_NO_PIC = NO
+
+// Static libs should not have their internal globals or external symbols
+// stripped.
+STRIP_STYLE = debugging
+
+// Let the user install by specifying the $DSTROOT with xcodebuild
+SKIP_INSTALL = NO
diff --git a/nss/gtests/google_test/gtest/xcode/Config/TestTarget.xcconfig b/nss/gtests/google_test/gtest/xcode/Config/TestTarget.xcconfig
new file mode 100644
index 0000000..e6652ba
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Config/TestTarget.xcconfig
@@ -0,0 +1,8 @@
+//
+//  TestTarget.xcconfig
+//
+//  These are Test target settings for the gtest framework and examples. It
+//  is set in the "Based On:" dropdown in the "Target" info dialog.
+
+PRODUCT_NAME = $(TARGET_NAME)
+HEADER_SEARCH_PATHS = ../include
diff --git a/nss/gtests/google_test/gtest/xcode/Resources/Info.plist b/nss/gtests/google_test/gtest/xcode/Resources/Info.plist
new file mode 100644
index 0000000..9dd28ea
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Resources/Info.plist
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>English</string>
+	<key>CFBundleExecutable</key>
+	<string>${EXECUTABLE_NAME}</string>
+	<key>CFBundleIconFile</key>
+	<string></string>
+	<key>CFBundleIdentifier</key>
+	<string>com.google.${PRODUCT_NAME}</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>GTEST_VERSIONINFO_LONG</string>
+	<key>CFBundleShortVersionString</key>
+	<string>GTEST_VERSIONINFO_SHORT</string>
+	<key>CFBundleGetInfoString</key>
+	<string>${PRODUCT_NAME} GTEST_VERSIONINFO_LONG, ${GTEST_VERSIONINFO_ABOUT}</string>
+	<key>NSHumanReadableCopyright</key>
+	<string>${GTEST_VERSIONINFO_ABOUT}</string>
+	<key>CSResourcesFileMapped</key>
+	<true/>
+</dict>
+</plist>
diff --git a/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
new file mode 100644
index 0000000..f3852ed
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/Info.plist
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>English</string>
+	<key>CFBundleExecutable</key>
+	<string>${EXECUTABLE_NAME}</string>
+	<key>CFBundleIconFile</key>
+	<string></string>
+	<key>CFBundleIdentifier</key>
+	<string>com.google.gtest.${PRODUCT_NAME:identifier}</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>${PRODUCT_NAME}</string>
+	<key>CFBundlePackageType</key>
+	<string>FMWK</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleSignature</key>
+	<string>????</string>
+	<key>CFBundleVersion</key>
+	<string>1.0</string>
+	<key>CSResourcesFileMapped</key>
+	<true/>
+</dict>
+</plist>
diff --git a/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
new file mode 100644
index 0000000..497617e
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/WidgetFramework.xcodeproj/project.pbxproj
@@ -0,0 +1,457 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 42;
+	objects = {
+
+/* Begin PBXAggregateTarget section */
+		4024D162113D7D2400C7059E /* Test */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 4024D169113D7D4600C7059E /* Build configuration list for PBXAggregateTarget "Test" */;
+			buildPhases = (
+				4024D161113D7D2400C7059E /* ShellScript */,
+			);
+			dependencies = (
+				4024D166113D7D3100C7059E /* PBXTargetDependency */,
+			);
+			name = Test;
+			productName = TestAndBuild;
+		};
+		4024D1E9113D83FF00C7059E /* TestAndBuild */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 4024D1F0113D842B00C7059E /* Build configuration list for PBXAggregateTarget "TestAndBuild" */;
+			buildPhases = (
+			);
+			dependencies = (
+				4024D1ED113D840900C7059E /* PBXTargetDependency */,
+				4024D1EF113D840D00C7059E /* PBXTargetDependency */,
+			);
+			name = TestAndBuild;
+			productName = TestAndBuild;
+		};
+/* End PBXAggregateTarget section */
+
+/* Begin PBXBuildFile section */
+		3B7EB1250E5AEE3500C7F239 /* widget.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B7EB1230E5AEE3500C7F239 /* widget.cc */; };
+		3B7EB1260E5AEE3500C7F239 /* widget.h in Headers */ = {isa = PBXBuildFile; fileRef = 3B7EB1240E5AEE3500C7F239 /* widget.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		3B7EB1280E5AEE4600C7F239 /* widget_test.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B7EB1270E5AEE4600C7F239 /* widget_test.cc */; };
+		3B7EB1480E5AF3B400C7F239 /* Widget.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8D07F2C80486CC7A007CD1D0 /* Widget.framework */; };
+		4024D188113D7D7800C7059E /* libgtest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4024D185113D7D5500C7059E /* libgtest.a */; };
+		4024D189113D7D7A00C7059E /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4024D183113D7D5500C7059E /* libgtest_main.a */; };
+/* End PBXBuildFile section */
+
+/* Begin PBXContainerItemProxy section */
+		3B07BDF00E3F3FAE00647869 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = gTestExample;
+		};
+		4024D165113D7D3100C7059E /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 3B07BDE90E3F3F9E00647869;
+			remoteInfo = WidgetFrameworkTest;
+		};
+		4024D1EC113D840900C7059E /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = WidgetFramework;
+		};
+		4024D1EE113D840D00C7059E /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 4024D162113D7D2400C7059E;
+			remoteInfo = Test;
+		};
+/* End PBXContainerItemProxy section */
+
+/* Begin PBXFileReference section */
+		3B07BDEA0E3F3F9E00647869 /* WidgetFrameworkTest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = WidgetFrameworkTest; sourceTree = BUILT_PRODUCTS_DIR; };
+		3B7EB1230E5AEE3500C7F239 /* widget.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = widget.cc; sourceTree = "<group>"; };
+		3B7EB1240E5AEE3500C7F239 /* widget.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = widget.h; sourceTree = "<group>"; };
+		3B7EB1270E5AEE4600C7F239 /* widget_test.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = widget_test.cc; sourceTree = "<group>"; };
+		4024D183113D7D5500C7059E /* libgtest_main.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libgtest_main.a; path = /usr/local/lib/libgtest_main.a; sourceTree = "<absolute>"; };
+		4024D185113D7D5500C7059E /* libgtest.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libgtest.a; path = /usr/local/lib/libgtest.a; sourceTree = "<absolute>"; };
+		4024D1E2113D838200C7059E /* runtests.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = runtests.sh; sourceTree = "<group>"; };
+		8D07F2C70486CC7A007CD1D0 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist; path = Info.plist; sourceTree = "<group>"; };
+		8D07F2C80486CC7A007CD1D0 /* Widget.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Widget.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		3B07BDE80E3F3F9E00647869 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				4024D189113D7D7A00C7059E /* libgtest_main.a in Frameworks */,
+				4024D188113D7D7800C7059E /* libgtest.a in Frameworks */,
+				3B7EB1480E5AF3B400C7F239 /* Widget.framework in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		8D07F2C30486CC7A007CD1D0 /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		034768DDFF38A45A11DB9C8B /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				8D07F2C80486CC7A007CD1D0 /* Widget.framework */,
+				3B07BDEA0E3F3F9E00647869 /* WidgetFrameworkTest */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		0867D691FE84028FC02AAC07 /* gTestExample */ = {
+			isa = PBXGroup;
+			children = (
+				4024D1E1113D836C00C7059E /* Scripts */,
+				08FB77ACFE841707C02AAC07 /* Source */,
+				089C1665FE841158C02AAC07 /* Resources */,
+				3B07BE350E4094E400647869 /* Test */,
+				0867D69AFE84028FC02AAC07 /* External Frameworks and Libraries */,
+				034768DDFF38A45A11DB9C8B /* Products */,
+			);
+			name = gTestExample;
+			sourceTree = "<group>";
+		};
+		0867D69AFE84028FC02AAC07 /* External Frameworks and Libraries */ = {
+			isa = PBXGroup;
+			children = (
+				4024D183113D7D5500C7059E /* libgtest_main.a */,
+				4024D185113D7D5500C7059E /* libgtest.a */,
+			);
+			name = "External Frameworks and Libraries";
+			sourceTree = "<group>";
+		};
+		089C1665FE841158C02AAC07 /* Resources */ = {
+			isa = PBXGroup;
+			children = (
+				8D07F2C70486CC7A007CD1D0 /* Info.plist */,
+			);
+			name = Resources;
+			sourceTree = "<group>";
+		};
+		08FB77ACFE841707C02AAC07 /* Source */ = {
+			isa = PBXGroup;
+			children = (
+				3B7EB1230E5AEE3500C7F239 /* widget.cc */,
+				3B7EB1240E5AEE3500C7F239 /* widget.h */,
+			);
+			name = Source;
+			sourceTree = "<group>";
+		};
+		3B07BE350E4094E400647869 /* Test */ = {
+			isa = PBXGroup;
+			children = (
+				3B7EB1270E5AEE4600C7F239 /* widget_test.cc */,
+			);
+			name = Test;
+			sourceTree = "<group>";
+		};
+		4024D1E1113D836C00C7059E /* Scripts */ = {
+			isa = PBXGroup;
+			children = (
+				4024D1E2113D838200C7059E /* runtests.sh */,
+			);
+			name = Scripts;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXHeadersBuildPhase section */
+		8D07F2BD0486CC7A007CD1D0 /* Headers */ = {
+			isa = PBXHeadersBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				3B7EB1260E5AEE3500C7F239 /* widget.h in Headers */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXHeadersBuildPhase section */
+
+/* Begin PBXNativeTarget section */
+		3B07BDE90E3F3F9E00647869 /* WidgetFrameworkTest */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 3B07BDF40E3F3FB600647869 /* Build configuration list for PBXNativeTarget "WidgetFrameworkTest" */;
+			buildPhases = (
+				3B07BDE70E3F3F9E00647869 /* Sources */,
+				3B07BDE80E3F3F9E00647869 /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				3B07BDF10E3F3FAE00647869 /* PBXTargetDependency */,
+			);
+			name = WidgetFrameworkTest;
+			productName = gTestExampleTest;
+			productReference = 3B07BDEA0E3F3F9E00647869 /* WidgetFrameworkTest */;
+			productType = "com.apple.product-type.tool";
+		};
+		8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "WidgetFramework" */;
+			buildPhases = (
+				8D07F2C10486CC7A007CD1D0 /* Sources */,
+				8D07F2C30486CC7A007CD1D0 /* Frameworks */,
+				8D07F2BD0486CC7A007CD1D0 /* Headers */,
+				8D07F2BF0486CC7A007CD1D0 /* Resources */,
+				8D07F2C50486CC7A007CD1D0 /* Rez */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = WidgetFramework;
+			productInstallPath = "$(HOME)/Library/Frameworks";
+			productName = gTestExample;
+			productReference = 8D07F2C80486CC7A007CD1D0 /* Widget.framework */;
+			productType = "com.apple.product-type.framework";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		0867D690FE84028FC02AAC07 /* Project object */ = {
+			isa = PBXProject;
+			buildConfigurationList = 4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "WidgetFramework" */;
+			compatibilityVersion = "Xcode 2.4";
+			hasScannedForEncodings = 1;
+			mainGroup = 0867D691FE84028FC02AAC07 /* gTestExample */;
+			productRefGroup = 034768DDFF38A45A11DB9C8B /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */,
+				3B07BDE90E3F3F9E00647869 /* WidgetFrameworkTest */,
+				4024D162113D7D2400C7059E /* Test */,
+				4024D1E9113D83FF00C7059E /* TestAndBuild */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		8D07F2BF0486CC7A007CD1D0 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXRezBuildPhase section */
+		8D07F2C50486CC7A007CD1D0 /* Rez */ = {
+			isa = PBXRezBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXRezBuildPhase section */
+
+/* Begin PBXShellScriptBuildPhase section */
+		4024D161113D7D2400C7059E /* ShellScript */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "/bin/bash $SRCROOT/runtests.sh $BUILT_PRODUCTS_DIR/WidgetFrameworkTest\n";
+		};
+/* End PBXShellScriptBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		3B07BDE70E3F3F9E00647869 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				3B7EB1280E5AEE4600C7F239 /* widget_test.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		8D07F2C10486CC7A007CD1D0 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				3B7EB1250E5AEE3500C7F239 /* widget.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin PBXTargetDependency section */
+		3B07BDF10E3F3FAE00647869 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */;
+			targetProxy = 3B07BDF00E3F3FAE00647869 /* PBXContainerItemProxy */;
+		};
+		4024D166113D7D3100C7059E /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 3B07BDE90E3F3F9E00647869 /* WidgetFrameworkTest */;
+			targetProxy = 4024D165113D7D3100C7059E /* PBXContainerItemProxy */;
+		};
+		4024D1ED113D840900C7059E /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* WidgetFramework */;
+			targetProxy = 4024D1EC113D840900C7059E /* PBXContainerItemProxy */;
+		};
+		4024D1EF113D840D00C7059E /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 4024D162113D7D2400C7059E /* Test */;
+			targetProxy = 4024D1EE113D840D00C7059E /* PBXContainerItemProxy */;
+		};
+/* End PBXTargetDependency section */
+
+/* Begin XCBuildConfiguration section */
+		3B07BDEC0E3F3F9F00647869 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = WidgetFrameworkTest;
+			};
+			name = Debug;
+		};
+		3B07BDED0E3F3F9F00647869 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = WidgetFrameworkTest;
+			};
+			name = Release;
+		};
+		4024D163113D7D2400C7059E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Debug;
+		};
+		4024D164113D7D2400C7059E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Release;
+		};
+		4024D1EA113D83FF00C7059E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Debug;
+		};
+		4024D1EB113D83FF00C7059E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				PRODUCT_NAME = TestAndBuild;
+			};
+			name = Release;
+		};
+		4FADC24308B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				FRAMEWORK_VERSION = A;
+				INFOPLIST_FILE = Info.plist;
+				INSTALL_PATH = "@loader_path/../Frameworks";
+				PRODUCT_NAME = Widget;
+			};
+			name = Debug;
+		};
+		4FADC24408B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				FRAMEWORK_VERSION = A;
+				INFOPLIST_FILE = Info.plist;
+				INSTALL_PATH = "@loader_path/../Frameworks";
+				PRODUCT_NAME = Widget;
+			};
+			name = Release;
+		};
+		4FADC24708B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = 4.0;
+				SDKROOT = /Developer/SDKs/MacOSX10.4u.sdk;
+			};
+			name = Debug;
+		};
+		4FADC24808B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = 4.0;
+				SDKROOT = /Developer/SDKs/MacOSX10.4u.sdk;
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		3B07BDF40E3F3FB600647869 /* Build configuration list for PBXNativeTarget "WidgetFrameworkTest" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				3B07BDEC0E3F3F9F00647869 /* Debug */,
+				3B07BDED0E3F3F9F00647869 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4024D169113D7D4600C7059E /* Build configuration list for PBXAggregateTarget "Test" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4024D163113D7D2400C7059E /* Debug */,
+				4024D164113D7D2400C7059E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4024D1F0113D842B00C7059E /* Build configuration list for PBXAggregateTarget "TestAndBuild" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4024D1EA113D83FF00C7059E /* Debug */,
+				4024D1EB113D83FF00C7059E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "WidgetFramework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24308B4156D00ABE55E /* Debug */,
+				4FADC24408B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "WidgetFramework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24708B4156D00ABE55E /* Debug */,
+				4FADC24808B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 0867D690FE84028FC02AAC07 /* Project object */;
+}
diff --git a/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
new file mode 100644
index 0000000..4a0d413
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/runtests.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Executes the samples and tests for the Google Test Framework.
+
+# Help the dynamic linker find the path to the libraries.
+export DYLD_FRAMEWORK_PATH=$BUILT_PRODUCTS_DIR
+export DYLD_LIBRARY_PATH=$BUILT_PRODUCTS_DIR
+
+# Create some executables.
+test_executables=$@
+
+# Now execute each one in turn keeping track of how many succeeded and failed.
+succeeded=0
+failed=0
+failed_list=()
+for test in ${test_executables[*]}; do
+  "$test"
+  result=$?
+  if [ $result -eq 0 ]; then
+    succeeded=$(( $succeeded + 1 ))
+  else
+    failed=$(( failed + 1 ))
+    failed_list="$failed_list $test"
+  fi
+done
+
+# Report the successes and failures to the console.
+echo "Tests complete with $succeeded successes and $failed failures."
+if [ $failed -ne 0 ]; then
+  echo "The following tests failed:"
+  echo $failed_list
+fi
+exit $failed
diff --git a/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
new file mode 100644
index 0000000..bfc4e7f
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.cc
@@ -0,0 +1,63 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: preston.a.jackson@gmail.com (Preston Jackson)
+//
+// Google Test - FrameworkSample
+// widget.cc
+//
+
+// Widget is a very simple class used for demonstrating the use of gtest
+
+#include "widget.h"
+
+Widget::Widget(int number, const std::string& name)
+    : number_(number),
+      name_(name) {}
+
+Widget::~Widget() {}
+
+float Widget::GetFloatValue() const {
+  return number_;
+}
+
+int Widget::GetIntValue() const {
+  return static_cast<int>(number_);
+}
+
+std::string Widget::GetStringValue() const {
+  return name_;
+}
+
+void Widget::GetCharPtrValue(char* buffer, size_t max_size) const {
+  // Copy the char* representation of name_ into buffer, up to max_size.
+  strncpy(buffer, name_.c_str(), max_size-1);
+  buffer[max_size-1] = '\0';
+  return;
+}
diff --git a/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
new file mode 100644
index 0000000..0c55cdc
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget.h
@@ -0,0 +1,59 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: preston.a.jackson@gmail.com (Preston Jackson)
+//
+// Google Test - FrameworkSample
+// widget.h
+//
+
+// Widget is a very simple class used for demonstrating the use of gtest. It
+// simply stores two values a string and an integer, which are returned via
+// public accessors in multiple forms.
+
+#import <string>
+
+class Widget {
+ public:
+  Widget(int number, const std::string& name);
+  ~Widget();
+
+  // Public accessors to number data
+  float GetFloatValue() const;
+  int GetIntValue() const;
+
+  // Public accessors to the string data
+  std::string GetStringValue() const;
+  void GetCharPtrValue(char* buffer, size_t max_size) const;
+
+ private:
+  // Data members
+  float number_;
+  std::string name_;
+};
diff --git a/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
new file mode 100644
index 0000000..8725994
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Samples/FrameworkSample/widget_test.cc
@@ -0,0 +1,68 @@
+// Copyright 2008, Google Inc.
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// Author: preston.a.jackson@gmail.com (Preston Jackson)
+//
+// Google Test - FrameworkSample
+// widget_test.cc
+//
+
+// This is a simple test file for the Widget class in the Widget.framework
+
+#include <string>
+#include "gtest/gtest.h"
+
+#include <Widget/widget.h>
+
+// This test verifies that the constructor sets the internal state of the
+// Widget class correctly.
+TEST(WidgetInitializerTest, TestConstructor) {
+  Widget widget(1.0f, "name");
+  EXPECT_FLOAT_EQ(1.0f, widget.GetFloatValue());
+  EXPECT_EQ(std::string("name"), widget.GetStringValue());
+}
+
+// This test verifies the conversion of the float and string values to int and
+// char*, respectively.
+TEST(WidgetInitializerTest, TestConversion) {
+  Widget widget(1.0f, "name");
+  EXPECT_EQ(1, widget.GetIntValue());
+
+  size_t max_size = 128;
+  char buffer[max_size];
+  widget.GetCharPtrValue(buffer, max_size);
+  EXPECT_STREQ("name", buffer);
+}
+
+// Use the Google Test main that is linked into the framework. It does something
+// like this:
+// int main(int argc, char** argv) {
+//   testing::InitGoogleTest(&argc, argv);
+//   return RUN_ALL_TESTS();
+// }
diff --git a/nss/gtests/google_test/gtest/xcode/Scripts/runtests.sh b/nss/gtests/google_test/gtest/xcode/Scripts/runtests.sh
new file mode 100644
index 0000000..3fc229f
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Scripts/runtests.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Executes the samples and tests for the Google Test Framework.
+
+# Help the dynamic linker find the path to the libraries.
+export DYLD_FRAMEWORK_PATH=$BUILT_PRODUCTS_DIR
+export DYLD_LIBRARY_PATH=$BUILT_PRODUCTS_DIR
+
+# Create some executables.
+test_executables=("$BUILT_PRODUCTS_DIR/gtest_unittest-framework"
+                  "$BUILT_PRODUCTS_DIR/gtest_unittest"
+                  "$BUILT_PRODUCTS_DIR/sample1_unittest-framework"
+                  "$BUILT_PRODUCTS_DIR/sample1_unittest-static")
+
+# Now execute each one in turn keeping track of how many succeeded and failed. 
+succeeded=0
+failed=0
+failed_list=()
+for test in ${test_executables[*]}; do
+  "$test"
+  result=$?
+  if [ $result -eq 0 ]; then
+    succeeded=$(( $succeeded + 1 ))
+  else
+    failed=$(( failed + 1 ))
+    failed_list="$failed_list $test"
+  fi
+done
+
+# Report the successes and failures to the console.
+echo "Tests complete with $succeeded successes and $failed failures."
+if [ $failed -ne 0 ]; then
+  echo "The following tests failed:"
+  echo $failed_list
+fi
+exit $failed
diff --git a/nss/gtests/google_test/gtest/xcode/Scripts/versiongenerate.py b/nss/gtests/google_test/gtest/xcode/Scripts/versiongenerate.py
new file mode 100644
index 0000000..81de8c9
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/Scripts/versiongenerate.py
@@ -0,0 +1,100 @@
+#!/usr/bin/env python
+#
+# Copyright 2008, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""A script to prepare version informtion for use the gtest Info.plist file.
+
+  This script extracts the version information from the configure.ac file and
+  uses it to generate a header file containing the same information. The
+  #defines in this header file will be included in during the generation of
+  the Info.plist of the framework, giving the correct value to the version
+  shown in the Finder.
+
+  This script makes the following assumptions (these are faults of the script,
+  not problems with the Autoconf):
+    1. The AC_INIT macro will be contained within the first 1024 characters
+       of configure.ac
+    2. The version string will be 3 integers separated by periods and will be
+       surrounded by squre brackets, "[" and "]" (e.g. [1.0.1]). The first
+       segment represents the major version, the second represents the minor
+       version and the third represents the fix version.
+    3. No ")" character exists between the opening "(" and closing ")" of
+       AC_INIT, including in comments and character strings.
+"""
+
+import sys
+import re
+
+# Read the command line argument (the output directory for Version.h)
+if (len(sys.argv) < 3):
+  print "Usage: versiongenerate.py input_dir output_dir"
+  sys.exit(1)
+else:
+  input_dir = sys.argv[1]
+  output_dir = sys.argv[2]
+
+# Read the first 1024 characters of the configure.ac file
+config_file = open("%s/configure.ac" % input_dir, 'r')
+buffer_size = 1024
+opening_string = config_file.read(buffer_size)
+config_file.close()
+
+# Extract the version string from the AC_INIT macro
+#   The following init_expression means:
+#     Extract three integers separated by periods and surrounded by squre
+#     brackets(e.g. "[1.0.1]") between "AC_INIT(" and ")". Do not be greedy
+#     (*? is the non-greedy flag) since that would pull in everything between
+#     the first "(" and the last ")" in the file.
+version_expression = re.compile(r"AC_INIT\(.*?\[(\d+)\.(\d+)\.(\d+)\].*?\)",
+                                re.DOTALL)
+version_values = version_expression.search(opening_string)
+major_version = version_values.group(1)
+minor_version = version_values.group(2)
+fix_version = version_values.group(3)
+
+# Write the version information to a header file to be included in the
+# Info.plist file.
+file_data = """//
+// DO NOT MODIFY THIS FILE (but you can delete it)
+//
+// This file is autogenerated by the versiongenerate.py script. This script
+// is executed in a "Run Script" build phase when creating gtest.framework. This
+// header file is not used during compilation of C-source. Rather, it simply
+// defines some version strings for substitution in the Info.plist. Because of
+// this, we are not not restricted to C-syntax nor are we using include guards.
+//
+
+#define GTEST_VERSIONINFO_SHORT %s.%s
+#define GTEST_VERSIONINFO_LONG %s.%s.%s
+
+""" % (major_version, minor_version, major_version, minor_version, fix_version)
+version_file = open("%s/Version.h" % output_dir, 'w')
+version_file.write(file_data)
+version_file.close()
diff --git a/nss/gtests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj b/nss/gtests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
new file mode 100644
index 0000000..0452a63
--- /dev/null
+++ b/nss/gtests/google_test/gtest/xcode/gtest.xcodeproj/project.pbxproj
@@ -0,0 +1,1135 @@
+// !$*UTF8*$!
+{
+	archiveVersion = 1;
+	classes = {
+	};
+	objectVersion = 46;
+	objects = {
+
+/* Begin PBXAggregateTarget section */
+		3B238F5F0E828B5400846E11 /* Check */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 3B238FA30E828BB600846E11 /* Build configuration list for PBXAggregateTarget "Check" */;
+			buildPhases = (
+				3B238F5E0E828B5400846E11 /* ShellScript */,
+			);
+			dependencies = (
+				40899F9D0FFA740F000B29AE /* PBXTargetDependency */,
+				40C849F7101A43440083642A /* PBXTargetDependency */,
+				4089A0980FFAD34A000B29AE /* PBXTargetDependency */,
+				40C849F9101A43490083642A /* PBXTargetDependency */,
+			);
+			name = Check;
+			productName = Check;
+		};
+		40C44ADC0E3798F4008FCC51 /* Version Info */ = {
+			isa = PBXAggregateTarget;
+			buildConfigurationList = 40C44AE40E379905008FCC51 /* Build configuration list for PBXAggregateTarget "Version Info" */;
+			buildPhases = (
+				40C44ADB0E3798F4008FCC51 /* Generate Version.h */,
+			);
+			comments = "The generation of Version.h must be performed in its own target. Since the Info.plist is preprocessed before any of the other build phases in gtest, the Version.h file would not be ready if included as a build phase of that target.";
+			dependencies = (
+			);
+			name = "Version Info";
+			productName = Version.h;
+		};
+/* End PBXAggregateTarget section */
+
+/* Begin PBXBuildFile section */
+		224A12A30E9EADCC00BD17FD /* gtest-test-part.h in Headers */ = {isa = PBXBuildFile; fileRef = 224A12A20E9EADCC00BD17FD /* gtest-test-part.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		3BF6F2A00E79B5AD000F2EEE /* gtest-type-util.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 3BF6F29F0E79B5AD000F2EEE /* gtest-type-util.h */; };
+		3BF6F2A50E79B616000F2EEE /* gtest-typed-test.h in Headers */ = {isa = PBXBuildFile; fileRef = 3BF6F2A40E79B616000F2EEE /* gtest-typed-test.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		404884380E2F799B00CF7658 /* gtest-death-test.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DB0E2F799B00CF7658 /* gtest-death-test.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		404884390E2F799B00CF7658 /* gtest-message.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DC0E2F799B00CF7658 /* gtest-message.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843A0E2F799B00CF7658 /* gtest-spi.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DD0E2F799B00CF7658 /* gtest-spi.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843B0E2F799B00CF7658 /* gtest.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DE0E2F799B00CF7658 /* gtest.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843C0E2F799B00CF7658 /* gtest_pred_impl.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883DF0E2F799B00CF7658 /* gtest_pred_impl.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4048843D0E2F799B00CF7658 /* gtest_prod.h in Headers */ = {isa = PBXBuildFile; fileRef = 404883E00E2F799B00CF7658 /* gtest_prod.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		404884500E2F799B00CF7658 /* README in Resources */ = {isa = PBXBuildFile; fileRef = 404883F60E2F799B00CF7658 /* README */; };
+		404884A00E2F7BE600CF7658 /* gtest-death-test-internal.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E20E2F799B00CF7658 /* gtest-death-test-internal.h */; };
+		404884A10E2F7BE600CF7658 /* gtest-filepath.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E30E2F799B00CF7658 /* gtest-filepath.h */; };
+		404884A20E2F7BE600CF7658 /* gtest-internal.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E40E2F799B00CF7658 /* gtest-internal.h */; };
+		404884A30E2F7BE600CF7658 /* gtest-port.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E50E2F799B00CF7658 /* gtest-port.h */; };
+		404884A40E2F7BE600CF7658 /* gtest-string.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 404883E60E2F799B00CF7658 /* gtest-string.h */; };
+		404884AC0E2F7CD900CF7658 /* CHANGES in Resources */ = {isa = PBXBuildFile; fileRef = 404884A90E2F7CD900CF7658 /* CHANGES */; };
+		404884AD0E2F7CD900CF7658 /* CONTRIBUTORS in Resources */ = {isa = PBXBuildFile; fileRef = 404884AA0E2F7CD900CF7658 /* CONTRIBUTORS */; };
+		404884AE0E2F7CD900CF7658 /* LICENSE in Resources */ = {isa = PBXBuildFile; fileRef = 404884AB0E2F7CD900CF7658 /* LICENSE */; };
+		40899F3A0FFA70D4000B29AE /* gtest-all.cc in Sources */ = {isa = PBXBuildFile; fileRef = 224A12A10E9EADA700BD17FD /* gtest-all.cc */; };
+		40899F500FFA7281000B29AE /* gtest-tuple.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 40899F4D0FFA7271000B29AE /* gtest-tuple.h */; };
+		40899F530FFA72A0000B29AE /* gtest_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B238C120E7FE13C00846E11 /* gtest_unittest.cc */; };
+		4089A0440FFAD1BE000B29AE /* sample1.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02C0FFACF7F000B29AE /* sample1.cc */; };
+		4089A0460FFAD1BE000B29AE /* sample1_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */; };
+		40C848FF101A21150083642A /* gtest-all.cc in Sources */ = {isa = PBXBuildFile; fileRef = 224A12A10E9EADA700BD17FD /* gtest-all.cc */; };
+		40C84915101A21DF0083642A /* gtest_main.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4048840D0E2F799B00CF7658 /* gtest_main.cc */; };
+		40C84916101A235B0083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C84921101A23AD0083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C84978101A36540083642A /* libgtest_main.a in Resources */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C84980101A36850083642A /* gtest_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 3B238C120E7FE13C00846E11 /* gtest_unittest.cc */; };
+		40C84982101A36850083642A /* libgtest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C848FA101A209C0083642A /* libgtest.a */; };
+		40C84983101A36850083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C8498F101A36A60083642A /* sample1.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02C0FFACF7F000B29AE /* sample1.cc */; };
+		40C84990101A36A60083642A /* sample1_unittest.cc in Sources */ = {isa = PBXBuildFile; fileRef = 4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */; };
+		40C84992101A36A60083642A /* libgtest.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C848FA101A209C0083642A /* libgtest.a */; };
+		40C84993101A36A60083642A /* libgtest_main.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 40C8490B101A217E0083642A /* libgtest_main.a */; };
+		40C849A2101A37050083642A /* gtest.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4539C8FF0EC27F6400A70F4C /* gtest.framework */; };
+		40C849A4101A37150083642A /* gtest.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4539C8FF0EC27F6400A70F4C /* gtest.framework */; };
+		4539C9340EC280AE00A70F4C /* gtest-param-test.h in Headers */ = {isa = PBXBuildFile; fileRef = 4539C9330EC280AE00A70F4C /* gtest-param-test.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		4539C9380EC280E200A70F4C /* gtest-linked_ptr.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 4539C9350EC280E200A70F4C /* gtest-linked_ptr.h */; };
+		4539C9390EC280E200A70F4C /* gtest-param-util-generated.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 4539C9360EC280E200A70F4C /* gtest-param-util-generated.h */; };
+		4539C93A0EC280E200A70F4C /* gtest-param-util.h in Copy Headers Internal */ = {isa = PBXBuildFile; fileRef = 4539C9370EC280E200A70F4C /* gtest-param-util.h */; };
+		4567C8181264FF71007740BE /* gtest-printers.h in Headers */ = {isa = PBXBuildFile; fileRef = 4567C8171264FF71007740BE /* gtest-printers.h */; settings = {ATTRIBUTES = (Public, ); }; };
+/* End PBXBuildFile section */
+
+/* Begin PBXContainerItemProxy section */
+		40899F9C0FFA740F000B29AE /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40899F420FFA7184000B29AE;
+			remoteInfo = gtest_unittest;
+		};
+		4089A0970FFAD34A000B29AE /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 4089A0120FFACEFC000B29AE;
+			remoteInfo = sample1_unittest;
+		};
+		408BEC0F1046CFE900DEF522 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C848F9101A209C0083642A;
+			remoteInfo = "gtest-static";
+		};
+		40C44AE50E379922008FCC51 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C44ADC0E3798F4008FCC51;
+			remoteInfo = Version.h;
+		};
+		40C8497C101A36850083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C848F9101A209C0083642A;
+			remoteInfo = "gtest-static";
+		};
+		40C8497E101A36850083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8490A101A217E0083642A;
+			remoteInfo = "gtest_main-static";
+		};
+		40C8498B101A36A60083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C848F9101A209C0083642A;
+			remoteInfo = "gtest-static";
+		};
+		40C8498D101A36A60083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8490A101A217E0083642A;
+			remoteInfo = "gtest_main-static";
+		};
+		40C8499B101A36DC0083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8490A101A217E0083642A;
+			remoteInfo = "gtest_main-static";
+		};
+		40C8499D101A36E50083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = "gtest-framework";
+		};
+		40C8499F101A36F10083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 8D07F2BC0486CC7A007CD1D0;
+			remoteInfo = "gtest-framework";
+		};
+		40C849F6101A43440083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C8497A101A36850083642A;
+			remoteInfo = "gtest_unittest-static";
+		};
+		40C849F8101A43490083642A /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 0867D690FE84028FC02AAC07 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 40C84989101A36A60083642A;
+			remoteInfo = "sample1_unittest-static";
+		};
+/* End PBXContainerItemProxy section */
+
+/* Begin PBXCopyFilesBuildPhase section */
+		404884A50E2F7C0400CF7658 /* Copy Headers Internal */ = {
+			isa = PBXCopyFilesBuildPhase;
+			buildActionMask = 2147483647;
+			dstPath = Headers/internal;
+			dstSubfolderSpec = 6;
+			files = (
+				404884A00E2F7BE600CF7658 /* gtest-death-test-internal.h in Copy Headers Internal */,
+				404884A10E2F7BE600CF7658 /* gtest-filepath.h in Copy Headers Internal */,
+				404884A20E2F7BE600CF7658 /* gtest-internal.h in Copy Headers Internal */,
+				4539C9380EC280E200A70F4C /* gtest-linked_ptr.h in Copy Headers Internal */,
+				4539C9390EC280E200A70F4C /* gtest-param-util-generated.h in Copy Headers Internal */,
+				4539C93A0EC280E200A70F4C /* gtest-param-util.h in Copy Headers Internal */,
+				404884A30E2F7BE600CF7658 /* gtest-port.h in Copy Headers Internal */,
+				404884A40E2F7BE600CF7658 /* gtest-string.h in Copy Headers Internal */,
+				40899F500FFA7281000B29AE /* gtest-tuple.h in Copy Headers Internal */,
+				3BF6F2A00E79B5AD000F2EEE /* gtest-type-util.h in Copy Headers Internal */,
+			);
+			name = "Copy Headers Internal";
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXCopyFilesBuildPhase section */
+
+/* Begin PBXFileReference section */
+		224A12A10E9EADA700BD17FD /* gtest-all.cc */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = "gtest-all.cc"; sourceTree = "<group>"; };
+		224A12A20E9EADCC00BD17FD /* gtest-test-part.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "gtest-test-part.h"; sourceTree = "<group>"; };
+		3B238C120E7FE13C00846E11 /* gtest_unittest.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = gtest_unittest.cc; sourceTree = "<group>"; };
+		3B87D2100E96B92E000D1852 /* runtests.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = runtests.sh; sourceTree = "<group>"; };
+		3BF6F29F0E79B5AD000F2EEE /* gtest-type-util.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-type-util.h"; sourceTree = "<group>"; };
+		3BF6F2A40E79B616000F2EEE /* gtest-typed-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-typed-test.h"; sourceTree = "<group>"; };
+		403EE37C0E377822004BD1E2 /* versiongenerate.py */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.python; path = versiongenerate.py; sourceTree = "<group>"; };
+		404883DB0E2F799B00CF7658 /* gtest-death-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-death-test.h"; sourceTree = "<group>"; };
+		404883DC0E2F799B00CF7658 /* gtest-message.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-message.h"; sourceTree = "<group>"; };
+		404883DD0E2F799B00CF7658 /* gtest-spi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-spi.h"; sourceTree = "<group>"; };
+		404883DE0E2F799B00CF7658 /* gtest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gtest.h; sourceTree = "<group>"; };
+		404883DF0E2F799B00CF7658 /* gtest_pred_impl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gtest_pred_impl.h; sourceTree = "<group>"; };
+		404883E00E2F799B00CF7658 /* gtest_prod.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = gtest_prod.h; sourceTree = "<group>"; };
+		404883E20E2F799B00CF7658 /* gtest-death-test-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-death-test-internal.h"; sourceTree = "<group>"; };
+		404883E30E2F799B00CF7658 /* gtest-filepath.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-filepath.h"; sourceTree = "<group>"; };
+		404883E40E2F799B00CF7658 /* gtest-internal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-internal.h"; sourceTree = "<group>"; };
+		404883E50E2F799B00CF7658 /* gtest-port.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-port.h"; sourceTree = "<group>"; };
+		404883E60E2F799B00CF7658 /* gtest-string.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-string.h"; sourceTree = "<group>"; };
+		404883F60E2F799B00CF7658 /* README */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = README; path = ../README; sourceTree = SOURCE_ROOT; };
+		4048840D0E2F799B00CF7658 /* gtest_main.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = gtest_main.cc; sourceTree = "<group>"; };
+		404884A90E2F7CD900CF7658 /* CHANGES */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = CHANGES; path = ../CHANGES; sourceTree = SOURCE_ROOT; };
+		404884AA0E2F7CD900CF7658 /* CONTRIBUTORS */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = CONTRIBUTORS; path = ../CONTRIBUTORS; sourceTree = SOURCE_ROOT; };
+		404884AB0E2F7CD900CF7658 /* LICENSE */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = LICENSE; path = ../LICENSE; sourceTree = SOURCE_ROOT; };
+		40899F430FFA7184000B29AE /* gtest_unittest-framework */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "gtest_unittest-framework"; sourceTree = BUILT_PRODUCTS_DIR; };
+		40899F4D0FFA7271000B29AE /* gtest-tuple.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-tuple.h"; sourceTree = "<group>"; };
+		40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = StaticLibraryTarget.xcconfig; sourceTree = "<group>"; };
+		4089A0130FFACEFC000B29AE /* sample1_unittest-framework */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "sample1_unittest-framework"; sourceTree = BUILT_PRODUCTS_DIR; };
+		4089A02C0FFACF7F000B29AE /* sample1.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = sample1.cc; sourceTree = "<group>"; };
+		4089A02D0FFACF7F000B29AE /* sample1.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = sample1.h; sourceTree = "<group>"; };
+		4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = sample1_unittest.cc; sourceTree = "<group>"; };
+		40C848FA101A209C0083642A /* libgtest.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libgtest.a; sourceTree = BUILT_PRODUCTS_DIR; };
+		40C8490B101A217E0083642A /* libgtest_main.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libgtest_main.a; sourceTree = BUILT_PRODUCTS_DIR; };
+		40C84987101A36850083642A /* gtest_unittest */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = gtest_unittest; sourceTree = BUILT_PRODUCTS_DIR; };
+		40C84997101A36A60083642A /* sample1_unittest-static */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = "sample1_unittest-static"; sourceTree = BUILT_PRODUCTS_DIR; };
+		40D4CDF10E30E07400294801 /* DebugProject.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = DebugProject.xcconfig; sourceTree = "<group>"; };
+		40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = FrameworkTarget.xcconfig; sourceTree = "<group>"; };
+		40D4CDF30E30E07400294801 /* General.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = General.xcconfig; sourceTree = "<group>"; };
+		40D4CDF40E30E07400294801 /* ReleaseProject.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = ReleaseProject.xcconfig; sourceTree = "<group>"; };
+		40D4CF510E30F5E200294801 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+		4539C8FF0EC27F6400A70F4C /* gtest.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = gtest.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		4539C9330EC280AE00A70F4C /* gtest-param-test.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-param-test.h"; sourceTree = "<group>"; };
+		4539C9350EC280E200A70F4C /* gtest-linked_ptr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-linked_ptr.h"; sourceTree = "<group>"; };
+		4539C9360EC280E200A70F4C /* gtest-param-util-generated.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-param-util-generated.h"; sourceTree = "<group>"; };
+		4539C9370EC280E200A70F4C /* gtest-param-util.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-param-util.h"; sourceTree = "<group>"; };
+		4567C8171264FF71007740BE /* gtest-printers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "gtest-printers.h"; sourceTree = "<group>"; };
+/* End PBXFileReference section */
+
+/* Begin PBXFrameworksBuildPhase section */
+		40899F410FFA7184000B29AE /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C849A4101A37150083642A /* gtest.framework in Frameworks */,
+				40C84916101A235B0083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		4089A0110FFACEFC000B29AE /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C849A2101A37050083642A /* gtest.framework in Frameworks */,
+				40C84921101A23AD0083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C84981101A36850083642A /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84982101A36850083642A /* libgtest.a in Frameworks */,
+				40C84983101A36850083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C84991101A36A60083642A /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84992101A36A60083642A /* libgtest.a in Frameworks */,
+				40C84993101A36A60083642A /* libgtest_main.a in Frameworks */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXFrameworksBuildPhase section */
+
+/* Begin PBXGroup section */
+		034768DDFF38A45A11DB9C8B /* Products */ = {
+			isa = PBXGroup;
+			children = (
+				4539C8FF0EC27F6400A70F4C /* gtest.framework */,
+				40C848FA101A209C0083642A /* libgtest.a */,
+				40C8490B101A217E0083642A /* libgtest_main.a */,
+				40899F430FFA7184000B29AE /* gtest_unittest-framework */,
+				40C84987101A36850083642A /* gtest_unittest */,
+				4089A0130FFACEFC000B29AE /* sample1_unittest-framework */,
+				40C84997101A36A60083642A /* sample1_unittest-static */,
+			);
+			name = Products;
+			sourceTree = "<group>";
+		};
+		0867D691FE84028FC02AAC07 /* gtest */ = {
+			isa = PBXGroup;
+			children = (
+				40D4CDF00E30E07400294801 /* Config */,
+				08FB77ACFE841707C02AAC07 /* Source */,
+				40D4CF4E0E30F5E200294801 /* Resources */,
+				403EE37B0E377822004BD1E2 /* Scripts */,
+				034768DDFF38A45A11DB9C8B /* Products */,
+			);
+			name = gtest;
+			sourceTree = "<group>";
+		};
+		08FB77ACFE841707C02AAC07 /* Source */ = {
+			isa = PBXGroup;
+			children = (
+				404884A90E2F7CD900CF7658 /* CHANGES */,
+				404884AA0E2F7CD900CF7658 /* CONTRIBUTORS */,
+				404884AB0E2F7CD900CF7658 /* LICENSE */,
+				404883F60E2F799B00CF7658 /* README */,
+				404883D90E2F799B00CF7658 /* include */,
+				4089A02F0FFACF84000B29AE /* samples */,
+				404884070E2F799B00CF7658 /* src */,
+				3B238BF00E7FE13B00846E11 /* test */,
+			);
+			name = Source;
+			sourceTree = "<group>";
+		};
+		3B238BF00E7FE13B00846E11 /* test */ = {
+			isa = PBXGroup;
+			children = (
+				3B238C120E7FE13C00846E11 /* gtest_unittest.cc */,
+			);
+			name = test;
+			path = ../test;
+			sourceTree = SOURCE_ROOT;
+		};
+		403EE37B0E377822004BD1E2 /* Scripts */ = {
+			isa = PBXGroup;
+			children = (
+				403EE37C0E377822004BD1E2 /* versiongenerate.py */,
+				3B87D2100E96B92E000D1852 /* runtests.sh */,
+			);
+			path = Scripts;
+			sourceTree = "<group>";
+		};
+		404883D90E2F799B00CF7658 /* include */ = {
+			isa = PBXGroup;
+			children = (
+				404883DA0E2F799B00CF7658 /* gtest */,
+			);
+			name = include;
+			path = ../include;
+			sourceTree = SOURCE_ROOT;
+		};
+		404883DA0E2F799B00CF7658 /* gtest */ = {
+			isa = PBXGroup;
+			children = (
+				404883E10E2F799B00CF7658 /* internal */,
+				224A12A20E9EADCC00BD17FD /* gtest-test-part.h */,
+				404883DB0E2F799B00CF7658 /* gtest-death-test.h */,
+				404883DC0E2F799B00CF7658 /* gtest-message.h */,
+				4539C9330EC280AE00A70F4C /* gtest-param-test.h */,
+				4567C8171264FF71007740BE /* gtest-printers.h */,
+				404883DD0E2F799B00CF7658 /* gtest-spi.h */,
+				404883DE0E2F799B00CF7658 /* gtest.h */,
+				404883DF0E2F799B00CF7658 /* gtest_pred_impl.h */,
+				404883E00E2F799B00CF7658 /* gtest_prod.h */,
+				3BF6F2A40E79B616000F2EEE /* gtest-typed-test.h */,
+			);
+			path = gtest;
+			sourceTree = "<group>";
+		};
+		404883E10E2F799B00CF7658 /* internal */ = {
+			isa = PBXGroup;
+			children = (
+				404883E20E2F799B00CF7658 /* gtest-death-test-internal.h */,
+				404883E30E2F799B00CF7658 /* gtest-filepath.h */,
+				404883E40E2F799B00CF7658 /* gtest-internal.h */,
+				4539C9350EC280E200A70F4C /* gtest-linked_ptr.h */,
+				4539C9360EC280E200A70F4C /* gtest-param-util-generated.h */,
+				4539C9370EC280E200A70F4C /* gtest-param-util.h */,
+				404883E50E2F799B00CF7658 /* gtest-port.h */,
+				404883E60E2F799B00CF7658 /* gtest-string.h */,
+				40899F4D0FFA7271000B29AE /* gtest-tuple.h */,
+				3BF6F29F0E79B5AD000F2EEE /* gtest-type-util.h */,
+			);
+			path = internal;
+			sourceTree = "<group>";
+		};
+		404884070E2F799B00CF7658 /* src */ = {
+			isa = PBXGroup;
+			children = (
+				224A12A10E9EADA700BD17FD /* gtest-all.cc */,
+				4048840D0E2F799B00CF7658 /* gtest_main.cc */,
+			);
+			name = src;
+			path = ../src;
+			sourceTree = SOURCE_ROOT;
+		};
+		4089A02F0FFACF84000B29AE /* samples */ = {
+			isa = PBXGroup;
+			children = (
+				4089A02C0FFACF7F000B29AE /* sample1.cc */,
+				4089A02D0FFACF7F000B29AE /* sample1.h */,
+				4089A02E0FFACF7F000B29AE /* sample1_unittest.cc */,
+			);
+			name = samples;
+			path = ../samples;
+			sourceTree = SOURCE_ROOT;
+		};
+		40D4CDF00E30E07400294801 /* Config */ = {
+			isa = PBXGroup;
+			children = (
+				40D4CDF10E30E07400294801 /* DebugProject.xcconfig */,
+				40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */,
+				40D4CDF30E30E07400294801 /* General.xcconfig */,
+				40D4CDF40E30E07400294801 /* ReleaseProject.xcconfig */,
+				40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */,
+			);
+			path = Config;
+			sourceTree = "<group>";
+		};
+		40D4CF4E0E30F5E200294801 /* Resources */ = {
+			isa = PBXGroup;
+			children = (
+				40D4CF510E30F5E200294801 /* Info.plist */,
+			);
+			path = Resources;
+			sourceTree = "<group>";
+		};
+/* End PBXGroup section */
+
+/* Begin PBXHeadersBuildPhase section */
+		8D07F2BD0486CC7A007CD1D0 /* Headers */ = {
+			isa = PBXHeadersBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				404884380E2F799B00CF7658 /* gtest-death-test.h in Headers */,
+				404884390E2F799B00CF7658 /* gtest-message.h in Headers */,
+				4539C9340EC280AE00A70F4C /* gtest-param-test.h in Headers */,
+				4567C8181264FF71007740BE /* gtest-printers.h in Headers */,
+				3BF6F2A50E79B616000F2EEE /* gtest-typed-test.h in Headers */,
+				4048843A0E2F799B00CF7658 /* gtest-spi.h in Headers */,
+				4048843B0E2F799B00CF7658 /* gtest.h in Headers */,
+				4048843C0E2F799B00CF7658 /* gtest_pred_impl.h in Headers */,
+				4048843D0E2F799B00CF7658 /* gtest_prod.h in Headers */,
+				224A12A30E9EADCC00BD17FD /* gtest-test-part.h in Headers */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXHeadersBuildPhase section */
+
+/* Begin PBXNativeTarget section */
+		40899F420FFA7184000B29AE /* gtest_unittest-framework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40899F4A0FFA71BC000B29AE /* Build configuration list for PBXNativeTarget "gtest_unittest-framework" */;
+			buildPhases = (
+				40899F400FFA7184000B29AE /* Sources */,
+				40899F410FFA7184000B29AE /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C849A0101A36F10083642A /* PBXTargetDependency */,
+			);
+			name = "gtest_unittest-framework";
+			productName = gtest_unittest;
+			productReference = 40899F430FFA7184000B29AE /* gtest_unittest-framework */;
+			productType = "com.apple.product-type.tool";
+		};
+		4089A0120FFACEFC000B29AE /* sample1_unittest-framework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 4089A0240FFACF01000B29AE /* Build configuration list for PBXNativeTarget "sample1_unittest-framework" */;
+			buildPhases = (
+				4089A0100FFACEFC000B29AE /* Sources */,
+				4089A0110FFACEFC000B29AE /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C8499E101A36E50083642A /* PBXTargetDependency */,
+			);
+			name = "sample1_unittest-framework";
+			productName = sample1_unittest;
+			productReference = 4089A0130FFACEFC000B29AE /* sample1_unittest-framework */;
+			productType = "com.apple.product-type.tool";
+		};
+		40C848F9101A209C0083642A /* gtest-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84902101A212E0083642A /* Build configuration list for PBXNativeTarget "gtest-static" */;
+			buildPhases = (
+				40C848F7101A209C0083642A /* Sources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = "gtest-static";
+			productName = "gtest-static";
+			productReference = 40C848FA101A209C0083642A /* libgtest.a */;
+			productType = "com.apple.product-type.library.static";
+		};
+		40C8490A101A217E0083642A /* gtest_main-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84912101A21D20083642A /* Build configuration list for PBXNativeTarget "gtest_main-static" */;
+			buildPhases = (
+				40C84908101A217E0083642A /* Sources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = "gtest_main-static";
+			productName = "gtest_main-static";
+			productReference = 40C8490B101A217E0083642A /* libgtest_main.a */;
+			productType = "com.apple.product-type.library.static";
+		};
+		40C8497A101A36850083642A /* gtest_unittest-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84984101A36850083642A /* Build configuration list for PBXNativeTarget "gtest_unittest-static" */;
+			buildPhases = (
+				40C8497F101A36850083642A /* Sources */,
+				40C84981101A36850083642A /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C8497B101A36850083642A /* PBXTargetDependency */,
+				40C8497D101A36850083642A /* PBXTargetDependency */,
+			);
+			name = "gtest_unittest-static";
+			productName = gtest_unittest;
+			productReference = 40C84987101A36850083642A /* gtest_unittest */;
+			productType = "com.apple.product-type.tool";
+		};
+		40C84989101A36A60083642A /* sample1_unittest-static */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 40C84994101A36A60083642A /* Build configuration list for PBXNativeTarget "sample1_unittest-static" */;
+			buildPhases = (
+				40C8498E101A36A60083642A /* Sources */,
+				40C84991101A36A60083642A /* Frameworks */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C8498A101A36A60083642A /* PBXTargetDependency */,
+				40C8498C101A36A60083642A /* PBXTargetDependency */,
+			);
+			name = "sample1_unittest-static";
+			productName = sample1_unittest;
+			productReference = 40C84997101A36A60083642A /* sample1_unittest-static */;
+			productType = "com.apple.product-type.tool";
+		};
+		8D07F2BC0486CC7A007CD1D0 /* gtest-framework */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "gtest-framework" */;
+			buildPhases = (
+				8D07F2C10486CC7A007CD1D0 /* Sources */,
+				8D07F2BD0486CC7A007CD1D0 /* Headers */,
+				404884A50E2F7C0400CF7658 /* Copy Headers Internal */,
+				8D07F2BF0486CC7A007CD1D0 /* Resources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+				40C44AE60E379922008FCC51 /* PBXTargetDependency */,
+				408BEC101046CFE900DEF522 /* PBXTargetDependency */,
+				40C8499C101A36DC0083642A /* PBXTargetDependency */,
+			);
+			name = "gtest-framework";
+			productInstallPath = "$(HOME)/Library/Frameworks";
+			productName = gtest;
+			productReference = 4539C8FF0EC27F6400A70F4C /* gtest.framework */;
+			productType = "com.apple.product-type.framework";
+		};
+/* End PBXNativeTarget section */
+
+/* Begin PBXProject section */
+		0867D690FE84028FC02AAC07 /* Project object */ = {
+			isa = PBXProject;
+			attributes = {
+				LastUpgradeCheck = 0460;
+			};
+			buildConfigurationList = 4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "gtest" */;
+			compatibilityVersion = "Xcode 3.2";
+			developmentRegion = English;
+			hasScannedForEncodings = 1;
+			knownRegions = (
+				English,
+				Japanese,
+				French,
+				German,
+				en,
+			);
+			mainGroup = 0867D691FE84028FC02AAC07 /* gtest */;
+			productRefGroup = 034768DDFF38A45A11DB9C8B /* Products */;
+			projectDirPath = "";
+			projectRoot = "";
+			targets = (
+				8D07F2BC0486CC7A007CD1D0 /* gtest-framework */,
+				40C848F9101A209C0083642A /* gtest-static */,
+				40C8490A101A217E0083642A /* gtest_main-static */,
+				40899F420FFA7184000B29AE /* gtest_unittest-framework */,
+				40C8497A101A36850083642A /* gtest_unittest-static */,
+				4089A0120FFACEFC000B29AE /* sample1_unittest-framework */,
+				40C84989101A36A60083642A /* sample1_unittest-static */,
+				3B238F5F0E828B5400846E11 /* Check */,
+				40C44ADC0E3798F4008FCC51 /* Version Info */,
+			);
+		};
+/* End PBXProject section */
+
+/* Begin PBXResourcesBuildPhase section */
+		8D07F2BF0486CC7A007CD1D0 /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				404884500E2F799B00CF7658 /* README in Resources */,
+				404884AC0E2F7CD900CF7658 /* CHANGES in Resources */,
+				404884AD0E2F7CD900CF7658 /* CONTRIBUTORS in Resources */,
+				404884AE0E2F7CD900CF7658 /* LICENSE in Resources */,
+				40C84978101A36540083642A /* libgtest_main.a in Resources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXResourcesBuildPhase section */
+
+/* Begin PBXShellScriptBuildPhase section */
+		3B238F5E0E828B5400846E11 /* ShellScript */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "# Remember, this \"Run Script\" build phase will be executed from $SRCROOT\n/bin/bash Scripts/runtests.sh";
+		};
+		40C44ADB0E3798F4008FCC51 /* Generate Version.h */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+				"$(SRCROOT)/Scripts/versiongenerate.py",
+				"$(SRCROOT)/../configure.ac",
+			);
+			name = "Generate Version.h";
+			outputPaths = (
+				"$(PROJECT_TEMP_DIR)/Version.h",
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "# Remember, this \"Run Script\" build phase will be executed from $SRCROOT\n/usr/bin/python Scripts/versiongenerate.py ../ $PROJECT_TEMP_DIR";
+		};
+/* End PBXShellScriptBuildPhase section */
+
+/* Begin PBXSourcesBuildPhase section */
+		40899F400FFA7184000B29AE /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40899F530FFA72A0000B29AE /* gtest_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		4089A0100FFACEFC000B29AE /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				4089A0440FFAD1BE000B29AE /* sample1.cc in Sources */,
+				4089A0460FFAD1BE000B29AE /* sample1_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C848F7101A209C0083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C848FF101A21150083642A /* gtest-all.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C84908101A217E0083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84915101A21DF0083642A /* gtest_main.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C8497F101A36850083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C84980101A36850083642A /* gtest_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		40C8498E101A36A60083642A /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40C8498F101A36A60083642A /* sample1.cc in Sources */,
+				40C84990101A36A60083642A /* sample1_unittest.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		8D07F2C10486CC7A007CD1D0 /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				40899F3A0FFA70D4000B29AE /* gtest-all.cc in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+/* End PBXSourcesBuildPhase section */
+
+/* Begin PBXTargetDependency section */
+		40899F9D0FFA740F000B29AE /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40899F420FFA7184000B29AE /* gtest_unittest-framework */;
+			targetProxy = 40899F9C0FFA740F000B29AE /* PBXContainerItemProxy */;
+		};
+		4089A0980FFAD34A000B29AE /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 4089A0120FFACEFC000B29AE /* sample1_unittest-framework */;
+			targetProxy = 4089A0970FFAD34A000B29AE /* PBXContainerItemProxy */;
+		};
+		408BEC101046CFE900DEF522 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C848F9101A209C0083642A /* gtest-static */;
+			targetProxy = 408BEC0F1046CFE900DEF522 /* PBXContainerItemProxy */;
+		};
+		40C44AE60E379922008FCC51 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C44ADC0E3798F4008FCC51 /* Version Info */;
+			targetProxy = 40C44AE50E379922008FCC51 /* PBXContainerItemProxy */;
+		};
+		40C8497B101A36850083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C848F9101A209C0083642A /* gtest-static */;
+			targetProxy = 40C8497C101A36850083642A /* PBXContainerItemProxy */;
+		};
+		40C8497D101A36850083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8490A101A217E0083642A /* gtest_main-static */;
+			targetProxy = 40C8497E101A36850083642A /* PBXContainerItemProxy */;
+		};
+		40C8498A101A36A60083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C848F9101A209C0083642A /* gtest-static */;
+			targetProxy = 40C8498B101A36A60083642A /* PBXContainerItemProxy */;
+		};
+		40C8498C101A36A60083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8490A101A217E0083642A /* gtest_main-static */;
+			targetProxy = 40C8498D101A36A60083642A /* PBXContainerItemProxy */;
+		};
+		40C8499C101A36DC0083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8490A101A217E0083642A /* gtest_main-static */;
+			targetProxy = 40C8499B101A36DC0083642A /* PBXContainerItemProxy */;
+		};
+		40C8499E101A36E50083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* gtest-framework */;
+			targetProxy = 40C8499D101A36E50083642A /* PBXContainerItemProxy */;
+		};
+		40C849A0101A36F10083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 8D07F2BC0486CC7A007CD1D0 /* gtest-framework */;
+			targetProxy = 40C8499F101A36F10083642A /* PBXContainerItemProxy */;
+		};
+		40C849F7101A43440083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C8497A101A36850083642A /* gtest_unittest-static */;
+			targetProxy = 40C849F6101A43440083642A /* PBXContainerItemProxy */;
+		};
+		40C849F9101A43490083642A /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 40C84989101A36A60083642A /* sample1_unittest-static */;
+			targetProxy = 40C849F8101A43490083642A /* PBXContainerItemProxy */;
+		};
+/* End PBXTargetDependency section */
+
+/* Begin XCBuildConfiguration section */
+		3B238F600E828B5400846E11 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				COPY_PHASE_STRIP = NO;
+				GCC_DYNAMIC_NO_PIC = NO;
+				GCC_OPTIMIZATION_LEVEL = 0;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = Check;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		3B238F610E828B5400846E11 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				COPY_PHASE_STRIP = YES;
+				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = Check;
+				SDKROOT = macosx;
+				ZERO_LINK = NO;
+			};
+			name = Release;
+		};
+		40899F450FFA7185000B29AE /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = "gtest_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40899F460FFA7185000B29AE /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = "gtest_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		4089A0150FFACEFD000B29AE /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		4089A0160FFACEFD000B29AE /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-framework";
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C44ADF0E3798F4008FCC51 /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				TARGET_NAME = gtest;
+			};
+			name = Debug;
+		};
+		40C44AE00E3798F4008FCC51 /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				MACOSX_DEPLOYMENT_TARGET = 10.7;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				TARGET_NAME = gtest;
+			};
+			name = Release;
+		};
+		40C848FB101A209D0083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_INLINES_ARE_PRIVATE_EXTERN = YES;
+				GCC_SYMBOLS_PRIVATE_EXTERN = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C848FC101A209D0083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_INLINES_ARE_PRIVATE_EXTERN = YES;
+				GCC_SYMBOLS_PRIVATE_EXTERN = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C8490E101A217F0083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest_main;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C8490F101A217F0083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40899FB30FFA7567000B29AE /* StaticLibraryTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				PRODUCT_NAME = gtest_main;
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C84985101A36850083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = gtest_unittest;
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C84986101A36850083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = ../;
+				PRODUCT_NAME = gtest_unittest;
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		40C84995101A36A60083642A /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-static";
+				SDKROOT = macosx;
+			};
+			name = Debug;
+		};
+		40C84996101A36A60083642A /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				PRODUCT_NAME = "sample1_unittest-static";
+				SDKROOT = macosx;
+			};
+			name = Release;
+		};
+		4FADC24308B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				INFOPLIST_FILE = Resources/Info.plist;
+				INFOPLIST_PREFIX_HEADER = "$(PROJECT_TEMP_DIR)/Version.h";
+				INFOPLIST_PREPROCESS = YES;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				VERSIONING_SYSTEM = "apple-generic";
+			};
+			name = Debug;
+		};
+		4FADC24408B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF20E30E07400294801 /* FrameworkTarget.xcconfig */;
+			buildSettings = {
+				COMBINE_HIDPI_IMAGES = YES;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				GCC_VERSION = com.apple.compilers.llvm.clang.1_0;
+				HEADER_SEARCH_PATHS = (
+					../,
+					../include/,
+				);
+				INFOPLIST_FILE = Resources/Info.plist;
+				INFOPLIST_PREFIX_HEADER = "$(PROJECT_TEMP_DIR)/Version.h";
+				INFOPLIST_PREPROCESS = YES;
+				PRODUCT_NAME = gtest;
+				SDKROOT = macosx;
+				VERSIONING_SYSTEM = "apple-generic";
+			};
+			name = Release;
+		};
+		4FADC24708B4156D00ABE55E /* Debug */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF10E30E07400294801 /* DebugProject.xcconfig */;
+			buildSettings = {
+			};
+			name = Debug;
+		};
+		4FADC24808B4156D00ABE55E /* Release */ = {
+			isa = XCBuildConfiguration;
+			baseConfigurationReference = 40D4CDF40E30E07400294801 /* ReleaseProject.xcconfig */;
+			buildSettings = {
+			};
+			name = Release;
+		};
+/* End XCBuildConfiguration section */
+
+/* Begin XCConfigurationList section */
+		3B238FA30E828BB600846E11 /* Build configuration list for PBXAggregateTarget "Check" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				3B238F600E828B5400846E11 /* Debug */,
+				3B238F610E828B5400846E11 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40899F4A0FFA71BC000B29AE /* Build configuration list for PBXNativeTarget "gtest_unittest-framework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40899F450FFA7185000B29AE /* Debug */,
+				40899F460FFA7185000B29AE /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4089A0240FFACF01000B29AE /* Build configuration list for PBXNativeTarget "sample1_unittest-framework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4089A0150FFACEFD000B29AE /* Debug */,
+				4089A0160FFACEFD000B29AE /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C44AE40E379905008FCC51 /* Build configuration list for PBXAggregateTarget "Version Info" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C44ADF0E3798F4008FCC51 /* Debug */,
+				40C44AE00E3798F4008FCC51 /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84902101A212E0083642A /* Build configuration list for PBXNativeTarget "gtest-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C848FB101A209D0083642A /* Debug */,
+				40C848FC101A209D0083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84912101A21D20083642A /* Build configuration list for PBXNativeTarget "gtest_main-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C8490E101A217F0083642A /* Debug */,
+				40C8490F101A217F0083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84984101A36850083642A /* Build configuration list for PBXNativeTarget "gtest_unittest-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C84985101A36850083642A /* Debug */,
+				40C84986101A36850083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		40C84994101A36A60083642A /* Build configuration list for PBXNativeTarget "sample1_unittest-static" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				40C84995101A36A60083642A /* Debug */,
+				40C84996101A36A60083642A /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24208B4156D00ABE55E /* Build configuration list for PBXNativeTarget "gtest-framework" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24308B4156D00ABE55E /* Debug */,
+				4FADC24408B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+		4FADC24608B4156D00ABE55E /* Build configuration list for PBXProject "gtest" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				4FADC24708B4156D00ABE55E /* Debug */,
+				4FADC24808B4156D00ABE55E /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
+/* End XCConfigurationList section */
+	};
+	rootObject = 0867D690FE84028FC02AAC07 /* Project object */;
+}
diff --git a/nss/gtests/google_test/manifest.mn b/nss/gtests/google_test/manifest.mn
new file mode 100644
index 0000000..70e33e6
--- /dev/null
+++ b/nss/gtests/google_test/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+
+MODULE = gtest
+LIBRARY_NAME = gtest
+LIBRARY_VERSION = 1
+
+INCLUDES += -Igtest/include/ -Igtest
+
+CPPSRCS = \
+	gtest/src/gtest-all.cc \
+	$(NULL)
+
+
+EXPORTS = \
+	$(NULL)
+
+
+
diff --git a/nss/gtests/manifest.mn b/nss/gtests/manifest.mn
new file mode 100644
index 0000000..149e24b
--- /dev/null
+++ b/nss/gtests/manifest.mn
@@ -0,0 +1,16 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ..
+DEPTH      = ..
+
+DIRS = \
+	google_test \
+	common \
+	der_gtest \
+	util_gtest \
+	pk11_gtest \
+	ssl_gtest \
+        nss_bogo_shim \
+	$(NULL)
diff --git a/nss/gtests/nss_bogo_shim/Makefile b/nss/gtests/nss_bogo_shim/Makefile
new file mode 100644
index 0000000..fd6426d
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/Makefile
@@ -0,0 +1,52 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+CXXFLAGS += -std=c++0x
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/ssl
+
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
diff --git a/nss/gtests/nss_bogo_shim/config.cc b/nss/gtests/nss_bogo_shim/config.cc
new file mode 100644
index 0000000..2e6f7f7
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/config.cc
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <queue>
+#include <string>
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args,
+                                    std::string *out) {
+  if (args->empty()) return false;
+  *out = args->front();
+  args->pop();
+  return true;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, int *out) {
+  if (args->empty()) return false;
+
+  char *endptr;
+  *out = strtol(args->front(), &endptr, 10);
+  args->pop();
+
+  return !*endptr;
+}
+
+bool ConfigEntryBase::ParseInternal(std::queue<const char *> *args, bool *out) {
+  *out = true;
+  return true;
+}
+
+std::string Config::XformFlag(const std::string &arg) {
+  if (arg.empty()) return "";
+
+  if (arg[0] != '-') return "";
+
+  return arg.substr(1);
+}
+
+Config::Status Config::ParseArgs(int argc, char **argv) {
+  std::queue<const char *> args;
+  for (int i = 1; i < argc; ++i) {
+    args.push(argv[i]);
+  }
+  while (!args.empty()) {
+    auto e = entries_.find(XformFlag(args.front()));
+    args.pop();
+    if (e == entries_.end()) {
+      return kUnknownFlag;
+    }
+    if (!e->second->Parse(&args)) return kMalformedArgument;
+  }
+
+  return kOK;
+}
diff --git a/nss/gtests/nss_bogo_shim/config.h b/nss/gtests/nss_bogo_shim/config.h
new file mode 100644
index 0000000..3764783
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/config.h
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Generic command line flags system for NSS BoGo shim.  This class
+// could actually in principle handle other programs. The flags are
+// defined in the consumer code.
+
+#ifndef config_h_
+#define config_h_
+
+#include <cassert>
+
+#include <iostream>
+#include <map>
+#include <memory>
+#include <queue>
+#include <string>
+#include <typeinfo>
+
+// Abstract base class for a given config flag.
+class ConfigEntryBase {
+ public:
+  ConfigEntryBase(const std::string& name, const std::string& type)
+      : name_(name), type_(type) {}
+
+  virtual ~ConfigEntryBase() {}
+
+  const std::string& type() const { return type_; }
+  virtual bool Parse(std::queue<const char*>* args) = 0;
+
+ protected:
+  bool ParseInternal(std::queue<const char*>* args, std::string* out);
+  bool ParseInternal(std::queue<const char*>* args, int* out);
+  bool ParseInternal(std::queue<const char*>* args, bool* out);
+
+  const std::string name_;
+  const std::string type_;
+};
+
+// Template specializations for the concrete flag types.
+template <typename T>
+class ConfigEntry : public ConfigEntryBase {
+ public:
+  ConfigEntry(const std::string& name, T init)
+      : ConfigEntryBase(name, typeid(T).name()), value_(init) {}
+  T get() const { return value_; }
+
+  bool Parse(std::queue<const char*>* args) {
+    return ParseInternal(args, &value_);
+  }
+
+ private:
+  T value_;
+};
+
+// The overall configuration (I.e., the total set of flags).
+class Config {
+ public:
+  enum Status { kOK, kUnknownFlag, kMalformedArgument, kMissingValue };
+
+  Config() : entries_() {}
+
+  template <typename T>
+  void AddEntry(const std::string& name, T init) {
+    entries_[name] = std::unique_ptr<ConfigEntryBase>(
+      new ConfigEntry<T>(name, init));
+  }
+
+  Status ParseArgs(int argc, char** argv);
+
+  template <typename T>
+  T get(const std::string& key) const {
+    auto e = entry(key);
+    assert(e->type() == typeid(T).name());
+    return static_cast<const ConfigEntry<T>*>(e)->get();
+  }
+
+ private:
+  static std::string XformFlag(const std::string& arg);
+
+  std::map<std::string, std::unique_ptr<ConfigEntryBase>> entries_;
+
+  const ConfigEntryBase* entry(const std::string& key) const {
+    auto e = entries_.find(key);
+    if (e == entries_.end()) return nullptr;
+    return e->second.get();
+  }
+};
+
+#endif  // config_h_
diff --git a/nss/gtests/nss_bogo_shim/config.json b/nss/gtests/nss_bogo_shim/config.json
new file mode 100644
index 0000000..7a52888
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/config.json
@@ -0,0 +1,68 @@
+{
+    "DisabledTests": {
+        "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
+        "#*TLS13*":"(NSS=18, BoGo=16)",
+        "#*HelloRetryRequest*":"(NSS=18, BoGo=16)",
+        "#*KeyShare*":"(NSS=18, BoGo=16)",
+        "#*EncryptedExtensions*":"(NSS=18, BoGo=16)",
+        "#*SecondClientHello*":"(NSS=18, BoGo=16)",
+        "#*IgnoreClientVersionOrder*":"(NSS=18, BoGo=16)",
+        "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)",
+        "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)",
+        "CheckRecordVersion-TLS*":"Bug 1317634",
+        "GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it",
+        "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)",
+        "*KeyUpdate*":"KeyUpdate Unimplemented",
+        "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
+        "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
+        "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
+        "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
+        "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
+        "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
+        "*SSL3*":"NSS disables SSLv3",
+        "*SSLv3*":"NSS disables SSLv3",
+        "*AES256*":"Inconsistent support for AES256",
+        "*AES128-SHA256*":"No support for Suite B ciphers",
+        "DuplicateExtension*":"NSS sends unexpected_extension alert",
+        "WeakDH":"NSS supports 768-bit DH",
+        "SillyDH":"NSS supports 4097-bit DH",
+        "SendWarningAlerts":"This appears to be Boring-specific",
+        "TLS12-AES128-GCM-client":"Bug 1292895",
+        "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895",
+        "Renegotiate-Client-Forbidden-1":"Bug 1292898",
+        "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default",
+        "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default",
+        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default",
+        "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error",
+        "FragmentedClientVersion":"received a malformed Client Hello handshake message",
+        "UnofferedExtension-Client-TLS13":"nss updated/broken",
+        "UnknownExtension-Client-TLS13":"nss updated/broken",
+        "WrongMessageType-TLS13-EncryptedExtensions":"nss updated/broken",
+        "WrongMessageType-TLS13-CertificateRequest":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
+        "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
+        "EncryptedExtensionsWithKeyShare":"nss updated/broken",
+        "EmptyEncryptedExtensions":"nss updated/broken",
+        "TrailingMessageData-*": "Bug 1304575",
+        "DuplicateKeyShares":"Bug 1304578",
+        "Resume-Server-TLS13-TLS13":"Bug 1314351",
+        "SkipEarlyData-Interleaved":"Bug 1336916",
+        "ECDSAKeyUsage-TLS1*":"Bug 1338194",
+        "PointFormat-Client-MissingUncompressed":"We ignore ec_point_formats extensions sent by servers.",
+        "SkipEarlyData-SecondClientHelloEarlyData":"Boring doesn't reject early_data in the 2nd CH but fails later with bad_record_mac.",
+        "SkipEarlyData-*TooMuchData":"Bug 1339373",
+        "UnsolicitedServerNameAck-TLS1*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.",
+        "RequireAnyClientCertificate-TLS1*":"Bug 1339387",
+        "SendExtensionOnClientCertificate-TLS13":"Bug 1339392",
+        "ALPNClient-Mismatch-TLS1*":"Bug 1339418"
+    },
+    "ErrorMap" : {
+        ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_RX_MALFORMED_SERVER_HELLO",
+        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP",
+        ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE"
+    }
+}
+
diff --git a/nss/gtests/nss_bogo_shim/manifest.mn b/nss/gtests/nss_bogo_shim/manifest.mn
new file mode 100644
index 0000000..2d60dde
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/manifest.mn
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      config.cc \
+      nsskeys.cc \
+      nss_bogo_shim.cc \
+      $(NULL)
+
+REQUIRES = nspr nss libdbm
+
+PROGRAM = nss_bogo_shim
+#EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)softokn.$(LIB_SUFFIX)
+
+USE_STATIC_LIBS = 1
diff --git a/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc b/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc
new file mode 100644
index 0000000..850d5cd
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/nss_bogo_shim.cc
@@ -0,0 +1,579 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "config.h"
+
+#include <cstdlib>
+#include <iostream>
+#include <memory>
+#include "nspr.h"
+#include "nss.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "ssl3prot.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "nsskeys.h"
+
+static const char* kVersionDisableFlags[] = {"no-ssl3", "no-tls1", "no-tls11",
+                                             "no-tls12", "no-tls13"};
+
+bool exitCodeUnimplemented = false;
+
+std::string FormatError(PRErrorCode code) {
+  return std::string(":") + PORT_ErrorToName(code) + ":" + ":" +
+         PORT_ErrorToString(code);
+}
+
+class TestAgent {
+ public:
+  TestAgent(const Config& cfg)
+      : cfg_(cfg),
+        pr_fd_(nullptr),
+        ssl_fd_(nullptr),
+        cert_(nullptr),
+        key_(nullptr) {}
+
+  ~TestAgent() {
+    if (pr_fd_) {
+      PR_Close(pr_fd_);
+    }
+
+    if (ssl_fd_) {
+      PR_Close(ssl_fd_);
+    }
+
+    if (key_) {
+      SECKEY_DestroyPrivateKey(key_);
+    }
+
+    if (cert_) {
+      CERT_DestroyCertificate(cert_);
+    }
+  }
+
+  static std::unique_ptr<TestAgent> Create(const Config& cfg) {
+    std::unique_ptr<TestAgent> agent(new TestAgent(cfg));
+
+    if (!agent->Init()) return nullptr;
+
+    return agent;
+  }
+
+  bool Init() {
+    if (!ConnectTcp()) {
+      return false;
+    }
+
+    if (!SetupKeys()) {
+      std::cerr << "Couldn't set up keys/certs\n";
+      return false;
+    }
+
+    if (!SetupOptions()) {
+      std::cerr << "Couldn't configure socket\n";
+      return false;
+    }
+
+    SECStatus rv = SSL_ResetHandshake(ssl_fd_, cfg_.get<bool>("server"));
+    if (rv != SECSuccess) return false;
+
+    return true;
+  }
+
+  bool ConnectTcp() {
+    PRStatus prv;
+    PRNetAddr addr;
+
+    prv = PR_StringToNetAddr("127.0.0.1", &addr);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+    addr.inet.port = PR_htons(cfg_.get<int>("port"));
+
+    pr_fd_ = PR_OpenTCPSocket(addr.raw.family);
+    if (!pr_fd_) return false;
+
+    prv = PR_Connect(pr_fd_, &addr, PR_INTERVAL_NO_TIMEOUT);
+    if (prv != PR_SUCCESS) {
+      return false;
+    }
+
+    ssl_fd_ = SSL_ImportFD(NULL, pr_fd_);
+    if (!ssl_fd_) return false;
+    pr_fd_ = nullptr;
+
+    return true;
+  }
+
+  bool SetupKeys() {
+    SECStatus rv;
+
+    if (cfg_.get<std::string>("key-file") != "") {
+      key_ = ReadPrivateKey(cfg_.get<std::string>("key-file"));
+      if (!key_) return false;
+    }
+    if (cfg_.get<std::string>("cert-file") != "") {
+      cert_ = ReadCertificate(cfg_.get<std::string>("cert-file"));
+      if (!cert_) return false;
+    }
+
+    // Needed because certs are not entirely valid.
+    rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, this);
+    if (rv != SECSuccess) return false;
+
+    if (cfg_.get<bool>("server")) {
+      // Server
+      rv = SSL_ConfigServerCert(ssl_fd_, cert_, key_, nullptr, 0);
+      if (rv != SECSuccess) {
+        std::cerr << "Couldn't configure server cert\n";
+        return false;
+      }
+
+    } else if (key_ && cert_) {
+      // Client.
+      rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, this);
+      if (rv != SECSuccess) return false;
+    }
+
+    return true;
+  }
+
+  static bool ConvertFromWireVersion(SSLProtocolVariant variant,
+                                     int wire_version, uint16_t* lib_version) {
+    // These default values are used when {min,max}-version isn't given.
+    if (wire_version == 0 || wire_version == 0xffff) {
+      *lib_version = static_cast<uint16_t>(wire_version);
+      return true;
+    }
+
+#ifdef TLS_1_3_DRAFT_VERSION
+    if (wire_version == (0x7f00 | TLS_1_3_DRAFT_VERSION)) {
+      // N.B. SSL_LIBRARY_VERSION_DTLS_1_3_WIRE == SSL_LIBRARY_VERSION_TLS_1_3
+      wire_version = SSL_LIBRARY_VERSION_TLS_1_3;
+    }
+#endif
+
+    if (variant == ssl_variant_datagram) {
+      switch (wire_version) {
+        case SSL_LIBRARY_VERSION_DTLS_1_0_WIRE:
+          *lib_version = SSL_LIBRARY_VERSION_DTLS_1_0;
+          break;
+        case SSL_LIBRARY_VERSION_DTLS_1_2_WIRE:
+          *lib_version = SSL_LIBRARY_VERSION_DTLS_1_2;
+          break;
+        case SSL_LIBRARY_VERSION_DTLS_1_3_WIRE:
+          *lib_version = SSL_LIBRARY_VERSION_DTLS_1_3;
+          break;
+        default:
+          std::cerr << "Unrecognized DTLS version " << wire_version << ".\n";
+          return false;
+      }
+    } else {
+      if (wire_version < SSL_LIBRARY_VERSION_3_0 ||
+          wire_version > SSL_LIBRARY_VERSION_TLS_1_3) {
+        std::cerr << "Unrecognized TLS version " << wire_version << ".\n";
+        return false;
+      }
+      *lib_version = static_cast<uint16_t>(wire_version);
+    }
+    return true;
+  }
+
+  bool GetVersionRange(SSLVersionRange* range_out, SSLProtocolVariant variant) {
+    SSLVersionRange supported;
+    if (SSL_VersionRangeGetSupported(variant, &supported) != SECSuccess) {
+      return false;
+    }
+
+    uint16_t min_allowed;
+    uint16_t max_allowed;
+    if (!ConvertFromWireVersion(variant, cfg_.get<int>("min-version"),
+                                &min_allowed)) {
+      return false;
+    }
+    if (!ConvertFromWireVersion(variant, cfg_.get<int>("max-version"),
+                                &max_allowed)) {
+      return false;
+    }
+
+    min_allowed = std::max(min_allowed, supported.min);
+    max_allowed = std::min(max_allowed, supported.max);
+
+    bool found_min = false;
+    bool found_max = false;
+    // Ignore -no-ssl3, because SSLv3 is never supported.
+    for (size_t i = 1; i < PR_ARRAY_SIZE(kVersionDisableFlags); ++i) {
+      auto version =
+          static_cast<uint16_t>(SSL_LIBRARY_VERSION_TLS_1_0 + (i - 1));
+      if (variant == ssl_variant_datagram) {
+        // In DTLS mode, the -no-tlsN flags refer to DTLS versions,
+        // but NSS wants the corresponding TLS versions.
+        if (version == SSL_LIBRARY_VERSION_TLS_1_1) {
+          // DTLS 1.1 doesn't exist.
+          continue;
+        }
+        if (version == SSL_LIBRARY_VERSION_TLS_1_0) {
+          version = SSL_LIBRARY_VERSION_DTLS_1_0;
+        }
+      }
+
+      if (version < min_allowed) {
+        continue;
+      }
+      if (version > max_allowed) {
+        break;
+      }
+
+      const bool allowed = !cfg_.get<bool>(kVersionDisableFlags[i]);
+
+      if (!found_min && allowed) {
+        found_min = true;
+        range_out->min = version;
+      }
+      if (found_min && !found_max) {
+        if (allowed) {
+          range_out->max = version;
+        } else {
+          found_max = true;
+        }
+      }
+      if (found_max && allowed) {
+        std::cerr << "Discontiguous version range.\n";
+        return false;
+      }
+    }
+
+    if (!found_min) {
+      std::cerr << "All versions disabled.\n";
+    }
+    return found_min;
+  }
+
+  bool SetupOptions() {
+    SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    SSLVersionRange vrange;
+    if (!GetVersionRange(&vrange, ssl_variant_stream)) return false;
+
+    rv = SSL_VersionRangeSet(ssl_fd_, &vrange);
+    if (rv != SECSuccess) return false;
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE, false);
+    if (rv != SECSuccess) return false;
+
+    auto alpn = cfg_.get<std::string>("advertise-alpn");
+    if (!alpn.empty()) {
+      assert(!cfg_.get<bool>("server"));
+
+      rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_ALPN, PR_TRUE);
+      if (rv != SECSuccess) return false;
+
+      rv = SSL_SetNextProtoNego(
+          ssl_fd_, reinterpret_cast<const unsigned char*>(alpn.c_str()),
+          alpn.size());
+      if (rv != SECSuccess) return false;
+    }
+
+    if (cfg_.get<bool>("fallback-scsv")) {
+      rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE);
+      if (rv != SECSuccess) return false;
+    }
+
+    if (cfg_.get<bool>("false-start")) {
+      rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_FALSE_START, PR_TRUE);
+      if (rv != SECSuccess) return false;
+    }
+
+    if (cfg_.get<bool>("enable-ocsp-stapling")) {
+      rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+      if (rv != SECSuccess) return false;
+    }
+
+    bool requireClientCert = cfg_.get<bool>("require-any-client-certificate");
+    if (requireClientCert || cfg_.get<bool>("verify-peer")) {
+      assert(cfg_.get<bool>("server"));
+
+      rv = SSL_OptionSet(ssl_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE);
+      if (rv != SECSuccess) return false;
+
+      rv = SSL_OptionSet(
+          ssl_fd_, SSL_REQUIRE_CERTIFICATE,
+          requireClientCert ? SSL_REQUIRE_ALWAYS : SSL_REQUIRE_NO_ERROR);
+      if (rv != SECSuccess) return false;
+    }
+
+    if (!cfg_.get<bool>("server")) {
+      // Needed to make resumption work.
+      rv = SSL_SetURL(ssl_fd_, "server");
+      if (rv != SECSuccess) return false;
+    }
+
+    rv = SSL_OptionSet(ssl_fd_, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+    if (rv != SECSuccess) return false;
+
+    if (!EnableNonExportCiphers()) return false;
+
+    return true;
+  }
+
+  bool EnableNonExportCiphers() {
+    for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+      SSLCipherSuiteInfo csinfo;
+
+      SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                            sizeof(csinfo));
+      if (rv != SECSuccess) {
+        return false;
+      }
+
+      rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_TRUE);
+      if (rv != SECSuccess) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  // Dummy auth certificate hook.
+  static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    return SECSuccess;
+  }
+
+  static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                         CERTDistNames* caNames,
+                                         CERTCertificate** cert,
+                                         SECKEYPrivateKey** privKey) {
+    TestAgent* a = static_cast<TestAgent*>(self);
+    *cert = CERT_DupCertificate(a->cert_);
+    *privKey = SECKEY_CopyPrivateKey(a->key_);
+    return SECSuccess;
+  }
+
+  SECStatus Handshake() { return SSL_ForceHandshake(ssl_fd_); }
+
+  // Implement a trivial echo client/server. Read bytes from the other side,
+  // flip all the bits, and send them back.
+  SECStatus ReadWrite() {
+    for (;;) {
+      uint8_t block[512];
+      int32_t rv = PR_Read(ssl_fd_, block, sizeof(block));
+      if (rv < 0) {
+        std::cerr << "Failure reading\n";
+        return SECFailure;
+      }
+      if (rv == 0) return SECSuccess;
+
+      int32_t len = rv;
+      for (int32_t i = 0; i < len; ++i) {
+        block[i] ^= 0xff;
+      }
+
+      rv = PR_Write(ssl_fd_, block, len);
+      if (rv != len) {
+        std::cerr << "Write failure\n";
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+      }
+    }
+    return SECSuccess;
+  }
+
+  // Write bytes to the other side then read them back and check
+  // that they were correctly XORed as in ReadWrite.
+  SECStatus WriteRead() {
+    static const uint8_t ch = 'E';
+
+    // We do 600-byte blocks to provide mis-alignment of the
+    // reader and writer.
+    uint8_t block[600];
+    memset(block, ch, sizeof(block));
+    int32_t rv = PR_Write(ssl_fd_, block, sizeof(block));
+    if (rv != sizeof(block)) {
+      std::cerr << "Write failure\n";
+      PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+      return SECFailure;
+    }
+
+    size_t left = sizeof(block);
+    while (left) {
+      int32_t rv = PR_Read(ssl_fd_, block, left);
+      if (rv < 0) {
+        std::cerr << "Failure reading\n";
+        return SECFailure;
+      }
+      if (rv == 0) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+      }
+
+      int32_t len = rv;
+      for (int32_t i = 0; i < len; ++i) {
+        if (block[i] != (ch ^ 0xff)) {
+          PORT_SetError(SEC_ERROR_BAD_DATA);
+          return SECFailure;
+        }
+      }
+      left -= len;
+    }
+    return SECSuccess;
+  }
+
+  SECStatus DoExchange() {
+    SECStatus rv = Handshake();
+    if (rv != SECSuccess) {
+      PRErrorCode err = PR_GetError();
+      std::cerr << "Handshake failed with error=" << err << FormatError(err)
+                << std::endl;
+      return SECFailure;
+    }
+
+    if (cfg_.get<bool>("write-then-read")) {
+      rv = WriteRead();
+      if (rv != SECSuccess) {
+        PRErrorCode err = PR_GetError();
+        std::cerr << "WriteRead failed with error=" << FormatError(err)
+                  << std::endl;
+        return SECFailure;
+      }
+    } else {
+      rv = ReadWrite();
+      if (rv != SECSuccess) {
+        PRErrorCode err = PR_GetError();
+        std::cerr << "ReadWrite failed with error=" << FormatError(err)
+                  << std::endl;
+        return SECFailure;
+      }
+    }
+
+    auto alpn = cfg_.get<std::string>("expect-alpn");
+    if (!alpn.empty()) {
+      SSLNextProtoState state;
+      char chosen[256];
+      unsigned int chosen_len;
+      rv = SSL_GetNextProto(ssl_fd_, &state,
+                            reinterpret_cast<unsigned char*>(chosen),
+                            &chosen_len, sizeof(chosen));
+      if (rv != SECSuccess) {
+        PRErrorCode err = PR_GetError();
+        std::cerr << "SSL_GetNextProto failed with error=" << FormatError(err)
+                  << std::endl;
+        return SECFailure;
+      }
+
+      assert(chosen_len <= sizeof(chosen));
+      if (std::string(chosen, chosen_len) != alpn) {
+        std::cerr << "Unexpected ALPN selection" << std::endl;
+        return SECFailure;
+      }
+    }
+
+    return SECSuccess;
+  }
+
+ private:
+  const Config& cfg_;
+  PRFileDesc* pr_fd_;
+  PRFileDesc* ssl_fd_;
+  CERTCertificate* cert_;
+  SECKEYPrivateKey* key_;
+};
+
+std::unique_ptr<const Config> ReadConfig(int argc, char** argv) {
+  std::unique_ptr<Config> cfg(new Config());
+
+  cfg->AddEntry<int>("port", 0);
+  cfg->AddEntry<bool>("server", false);
+  cfg->AddEntry<int>("resume-count", 0);
+  cfg->AddEntry<std::string>("key-file", "");
+  cfg->AddEntry<std::string>("cert-file", "");
+  cfg->AddEntry<int>("min-version", 0);
+  cfg->AddEntry<int>("max-version", 0xffff);
+  for (auto flag : kVersionDisableFlags) {
+    cfg->AddEntry<bool>(flag, false);
+  }
+  cfg->AddEntry<bool>("fallback-scsv", false);
+  cfg->AddEntry<bool>("false-start", false);
+  cfg->AddEntry<bool>("enable-ocsp-stapling", false);
+  cfg->AddEntry<bool>("write-then-read", false);
+  cfg->AddEntry<bool>("require-any-client-certificate", false);
+  cfg->AddEntry<bool>("verify-peer", false);
+  cfg->AddEntry<std::string>("advertise-alpn", "");
+  cfg->AddEntry<std::string>("expect-alpn", "");
+
+  auto rv = cfg->ParseArgs(argc, argv);
+  switch (rv) {
+    case Config::kOK:
+      break;
+    case Config::kUnknownFlag:
+      exitCodeUnimplemented = true;
+    default:
+      return nullptr;
+  }
+
+  // Needed to change to std::unique_ptr<const Config>
+  return std::move(cfg);
+}
+
+bool RunCycle(std::unique_ptr<const Config>& cfg) {
+  std::unique_ptr<TestAgent> agent(TestAgent::Create(*cfg));
+  return agent && agent->DoExchange() == SECSuccess;
+}
+
+int GetExitCode(bool success) {
+  if (exitCodeUnimplemented) {
+    return 89;
+  }
+
+  if (success) {
+    return 0;
+  }
+
+  return 1;
+}
+
+int main(int argc, char** argv) {
+  std::unique_ptr<const Config> cfg = ReadConfig(argc, argv);
+  if (!cfg) {
+    return GetExitCode(false);
+  }
+
+  if (cfg->get<bool>("server")) {
+    if (SSL_ConfigServerSessionIDCache(1024, 0, 0, ".") != SECSuccess) {
+      std::cerr << "Couldn't configure session cache\n";
+      return 1;
+    }
+  }
+
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return 1;
+  }
+
+  // Run a single test cycle.
+  bool success = RunCycle(cfg);
+
+  int resume_count = cfg->get<int>("resume-count");
+  while (success && resume_count-- > 0) {
+    std::cout << "Resuming" << std::endl;
+    success = RunCycle(cfg);
+  }
+
+  SSL_ClearSessionCache();
+
+  if (cfg->get<bool>("server")) {
+    SSL_ShutdownServerSessionIDCache();
+  }
+
+  if (NSS_Shutdown() != SECSuccess) {
+    success = false;
+  }
+
+  return GetExitCode(success);
+}
diff --git a/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp b/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
new file mode 100644
index 0000000..7f71311
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/nss_bogo_shim.gyp
@@ -0,0 +1,76 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nss_bogo_shim',
+      'type': 'executable',
+      'sources': [
+        'config.cc',
+        'nss_bogo_shim.cc',
+        'nsskeys.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+        '<(DEPTH)/lib/smime/smime.gyp:smime',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/cmd/lib/lib.gyp:sectool',
+        '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
+        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+        '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+      ],
+      'conditions': [
+        [ 'disable_dbm==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
+          ],
+        }],
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
+            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
+            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
+            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
+            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
+            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
+            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
+            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
+          ],
+        }],
+      ],
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ],
+    'include_dirs': [
+      '../../lib/ssl'
+    ],
+  },
+  'variables': {
+    'module': 'nss',
+    'use_static_libs': 1
+  }
+}
diff --git a/nss/gtests/nss_bogo_shim/nsskeys.cc b/nss/gtests/nss_bogo_shim/nsskeys.cc
new file mode 100644
index 0000000..471dac3
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/nsskeys.cc
@@ -0,0 +1,83 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsskeys.h"
+
+#include <cstring>
+
+#include <fstream>
+#include <iostream>
+#include <string>
+
+#include "cert.h"
+#include "keyhi.h"
+#include "nspr.h"
+#include "nss.h"
+#include "nssb64.h"
+#include "pk11pub.h"
+
+const std::string kPEMBegin = "-----BEGIN ";
+const std::string kPEMEnd = "-----END ";
+
+// Read a PEM file, base64 decode it, and return the result.
+static bool ReadPEMFile(const std::string& filename, SECItem* item) {
+  std::ifstream in(filename);
+  if (in.bad()) return false;
+
+  char buf[1024];
+  in.getline(buf, sizeof(buf));
+  if (in.bad()) return false;
+
+  if (strncmp(buf, kPEMBegin.c_str(), kPEMBegin.size())) return false;
+
+  std::string value = "";
+  for (;;) {
+    in.getline(buf, sizeof(buf));
+    if (in.bad()) return false;
+
+    if (!strncmp(buf, kPEMEnd.c_str(), kPEMEnd.size())) break;
+
+    value += buf;
+  }
+
+  // Now we have a base64-encoded block.
+  if (!NSSBase64_DecodeBuffer(nullptr, item, value.c_str(), value.size()))
+    return false;
+
+  return true;
+}
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+  SECKEYPrivateKey* privkey = NULL;
+  PK11SlotInfo* slot = PK11_GetInternalSlot();
+  SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+      slot, &item, nullptr, nullptr, PR_FALSE, PR_FALSE,
+      KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | KU_DIGITAL_SIGNATURE,
+      &privkey, nullptr);
+  PK11_FreeSlot(slot);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  if (rv != SECSuccess) {
+    std::cerr << "Couldn't import key " << PORT_ErrorToString(PORT_GetError())
+              << "\n";
+    return nullptr;
+  }
+
+  return privkey;
+}
+
+CERTCertificate* ReadCertificate(const std::string& file) {
+  SECItem item = {siBuffer, nullptr, 0};
+
+  if (!ReadPEMFile(file, &item)) return nullptr;
+
+  CERTCertificate* cert = CERT_NewTempCertificate(
+      CERT_GetDefaultCertDB(), &item, NULL, PR_FALSE, PR_TRUE);
+  SECITEM_FreeItem(&item, PR_FALSE);
+  return cert;
+}
diff --git a/nss/gtests/nss_bogo_shim/nsskeys.h b/nss/gtests/nss_bogo_shim/nsskeys.h
new file mode 100644
index 0000000..45e56c3
--- /dev/null
+++ b/nss/gtests/nss_bogo_shim/nsskeys.h
@@ -0,0 +1,20 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Utilities to pull in OpenSSL-formatted keys.
+
+#ifndef nsskeys_h_
+#define nsskeys_h_
+
+#include "cert.h"
+#include "keyhi.h"
+
+#include <string>
+
+SECKEYPrivateKey* ReadPrivateKey(const std::string& file);
+CERTCertificate* ReadCertificate(const std::string& file);
+
+#endif
diff --git a/nss/gtests/pk11_gtest/Makefile b/nss/gtests/pk11_gtest/Makefile
new file mode 100644
index 0000000..0d547e0
--- /dev/null
+++ b/nss/gtests/pk11_gtest/Makefile
@@ -0,0 +1,43 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/gtests/pk11_gtest/manifest.mn b/nss/gtests/pk11_gtest/manifest.mn
new file mode 100644
index 0000000..453e09a
--- /dev/null
+++ b/nss/gtests/pk11_gtest/manifest.mn
@@ -0,0 +1,31 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+      pk11_aeskeywrap_unittest.cc \
+      pk11_chacha20poly1305_unittest.cc \
+      pk11_curve25519_unittest.cc \
+      pk11_ecdsa_unittest.cc \
+      pk11_export_unittest.cc \
+      pk11_pbkdf2_unittest.cc \
+      pk11_prf_unittest.cc \
+      pk11_prng_unittest.cc \
+      pk11_rsapss_unittest.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common \
+            -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = pk11_gtest
+
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
+             ../common/$(OBJDIR)/gtests$(OBJ_SUFFIX)
+
diff --git a/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc b/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
new file mode 100644
index 0000000..a0226e6
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+// Test vectors from https://tools.ietf.org/html/rfc3394#section-4.1 to 4.6
+unsigned char kKEK1[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+
+unsigned char kKD1[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF};
+
+unsigned char kC1[] = {0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
+                       0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
+                       0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5};
+
+unsigned char kKEK2[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17};
+
+unsigned char kC2[] = {0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
+                       0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
+                       0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D};
+
+unsigned char kKEK3[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                         0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+                         0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+                         0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+
+unsigned char kC3[] = {0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
+                       0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
+                       0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7};
+
+unsigned char kKD4[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+unsigned char kC4[] = {0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
+                       0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
+                       0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
+                       0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2};
+
+unsigned char kC5[] = {0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
+                       0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
+                       0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
+                       0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1};
+
+unsigned char kKD6[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+                        0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+                        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+
+unsigned char kC6[] = {0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
+                       0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
+                       0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
+                       0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
+                       0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21};
+
+class Pkcs11AESKeyWrapTest : public ::testing::Test {
+ protected:
+  CK_MECHANISM_TYPE mechanism = CKM_NSS_AES_KEY_WRAP;
+
+  void WrapUnwrap(unsigned char* kek, unsigned int kekLen,
+                  unsigned char* keyData, unsigned int keyDataLen,
+                  unsigned char* expectedCiphertext) {
+    unsigned char wrappedKey[40];
+    unsigned int wrappedKeyLen;
+    unsigned char unwrappedKey[40];
+    unsigned int unwrappedKeyLen = 0;
+    SECStatus rv;
+
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    ASSERT_NE(nullptr, slot);
+
+    // Import encryption key.
+    SECItem keyItem = {siBuffer, kek, kekLen};
+    ScopedPK11SymKey encryptionKey(
+        PK11_ImportSymKey(slot.get(), CKM_NSS_AES_KEY_WRAP, PK11_OriginUnwrap,
+                          CKA_ENCRYPT, &keyItem, nullptr));
+    EXPECT_TRUE(!!encryptionKey);
+
+    // Wrap key
+    rv = PK11_Encrypt(encryptionKey.get(), mechanism, nullptr /* param */,
+                      wrappedKey, &wrappedKeyLen, sizeof(wrappedKey), keyData,
+                      keyDataLen);
+    EXPECT_EQ(rv, SECSuccess) << "CKM_NSS_AES_KEY_WRAP encrypt failed";
+    EXPECT_TRUE(!memcmp(expectedCiphertext, wrappedKey, wrappedKeyLen));
+
+    // Unwrap key
+    rv = PK11_Decrypt(encryptionKey.get(), mechanism, nullptr /* param */,
+                      unwrappedKey, &unwrappedKeyLen, sizeof(unwrappedKey),
+                      wrappedKey, wrappedKeyLen);
+    EXPECT_EQ(rv, SECSuccess) << " CKM_NSS_AES_KEY_WRAP decrypt failed\n";
+    EXPECT_TRUE(!memcmp(keyData, unwrappedKey, unwrappedKeyLen));
+  }
+};
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest1) {
+  WrapUnwrap(kKEK1, sizeof(kKEK1), kKD1, sizeof(kKD1), kC1);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest2) {
+  WrapUnwrap(kKEK2, sizeof(kKEK2), kKD1, sizeof(kKD1), kC2);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest3) {
+  WrapUnwrap(kKEK3, sizeof(kKEK3), kKD1, sizeof(kKD1), kC3);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest4) {
+  WrapUnwrap(kKEK2, sizeof(kKEK2), kKD4, sizeof(kKD4), kC4);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest5) {
+  WrapUnwrap(kKEK3, sizeof(kKEK3), kKD4, sizeof(kKD4), kC5);
+}
+
+TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest6) {
+  WrapUnwrap(kKEK3, sizeof(kKEK3), kKD6, sizeof(kKD6), kC6);
+}
+
+} /* nss_test */
\ No newline at end of file
diff --git a/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
new file mode 100644
index 0000000..1d6ff01
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -0,0 +1,263 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "sechash.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+// ChaCha20/Poly1305 Test Vector 1, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#section-2.8.2>
+const uint8_t kTestVector1Data[] = {
+    0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47,
+    0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+    0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66,
+    0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+    0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79,
+    0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+    0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20,
+    0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+    0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20,
+    0x62, 0x65, 0x20, 0x69, 0x74, 0x2e};
+const uint8_t kTestVector1AAD[] = {0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1,
+                                   0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7};
+const uint8_t kTestVector1Key[] = {
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a,
+    0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
+    0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f};
+const uint8_t kTestVector1IV[] = {0x07, 0x00, 0x00, 0x00, 0x40, 0x41,
+                                  0x42, 0x43, 0x44, 0x45, 0x46, 0x47};
+const uint8_t kTestVector1CT[] = {
+    0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc,
+    0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
+    0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e,
+    0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
+    0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6,
+    0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
+    0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4,
+    0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
+    0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65,
+    0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16, 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09,
+    0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91};
+
+// ChaCha20/Poly1305 Test Vector 2, RFC 7539
+// <http://tools.ietf.org/html/rfc7539#appendix-A.5>
+const uint8_t kTestVector2Data[] = {
+    0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
+    0x66, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
+    0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
+    0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73,
+    0x69, 0x78, 0x20, 0x6d, 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
+    0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, 0x20, 0x75, 0x70, 0x64,
+    0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
+    0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c,
+    0x65, 0x74, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
+    0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x20,
+    0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
+    0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70,
+    0x72, 0x6f, 0x70, 0x72, 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
+    0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
+    0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
+    0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74,
+    0x65, 0x72, 0x69, 0x61, 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
+    0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, 0x6d, 0x20, 0x6f, 0x74,
+    0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
+    0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20,
+    0x70, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
+    0x9d};
+const uint8_t kTestVector2AAD[] = {0xf3, 0x33, 0x88, 0x86, 0x00, 0x00,
+                                   0x00, 0x00, 0x00, 0x00, 0x4e, 0x91};
+const uint8_t kTestVector2Key[] = {
+    0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88,
+    0x86, 0x04, 0xf6, 0xb5, 0xf0, 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b,
+    0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0};
+const uint8_t kTestVector2IV[] = {0x00, 0x00, 0x00, 0x00, 0x01, 0x02,
+                                  0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
+const uint8_t kTestVector2CT[] = {
+    0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7,
+    0x9b, 0xe6, 0x43, 0xbd, 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
+    0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, 0x4c, 0x6c, 0xfc, 0x18,
+    0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
+    0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f,
+    0x35, 0x58, 0x94, 0xcf, 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
+    0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, 0x14, 0xad, 0x17, 0x6e,
+    0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
+    0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e,
+    0x2b, 0x35, 0x06, 0x38, 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
+    0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, 0xb9, 0x16, 0x6c, 0x76,
+    0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
+    0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0,
+    0xa0, 0x6c, 0x52, 0x3e, 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
+    0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, 0x0d, 0x07, 0x2b, 0x04,
+    0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
+    0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6,
+    0x31, 0x59, 0x43, 0x4e, 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
+    0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, 0x49, 0xe6, 0x17, 0xd9,
+    0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
+    0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d,
+    0x6c, 0x6f, 0x2c, 0x29, 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
+    0x9b, 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36,
+    0xfe, 0xa1, 0x85, 0x1f, 0x38};
+
+class Pkcs11ChaCha20Poly1305Test : public ::testing::Test {
+ public:
+  void EncryptDecrypt(PK11SymKey* symKey, const uint8_t* data, size_t data_len,
+                      const uint8_t* aad, size_t aad_len, const uint8_t* iv,
+                      size_t iv_len, const uint8_t* ct = nullptr,
+                      size_t ct_len = 0) {
+    // Prepare AEAD params.
+    CK_NSS_AEAD_PARAMS aead_params;
+    aead_params.pNonce = toUcharPtr(iv);
+    aead_params.ulNonceLen = iv_len;
+    aead_params.pAAD = toUcharPtr(aad);
+    aead_params.ulAADLen = aad_len;
+    aead_params.ulTagLen = 16;
+
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                      sizeof(aead_params)};
+
+    // Encrypt.
+    unsigned int outputLen = 0;
+    std::vector<uint8_t> output(data_len + aead_params.ulTagLen);
+    SECStatus rv = PK11_Encrypt(symKey, mech, &params, &output[0], &outputLen,
+                                output.size(), data, data_len);
+    EXPECT_EQ(rv, SECSuccess);
+
+    // Check ciphertext and tag.
+    if (ct) {
+      EXPECT_TRUE(!memcmp(ct, &output[0], outputLen));
+    }
+
+    // Decrypt.
+    unsigned int decryptedLen = 0;
+    std::vector<uint8_t> decrypted(data_len);
+    rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
+                      decrypted.size(), &output[0], outputLen);
+    EXPECT_EQ(rv, SECSuccess);
+
+    // Check the plaintext.
+    EXPECT_TRUE(!memcmp(data, &decrypted[0], decryptedLen));
+
+    // Decrypt with bogus data.
+    {
+      std::vector<uint8_t> bogusCiphertext(output);
+      bogusCiphertext[0] ^= 0xff;
+      rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
+                        decrypted.size(), &bogusCiphertext[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+
+    // Decrypt with bogus tag.
+    {
+      std::vector<uint8_t> bogusTag(output);
+      bogusTag[outputLen - 1] ^= 0xff;
+      rv = PK11_Decrypt(symKey, mech, &params, &decrypted[0], &decryptedLen,
+                        decrypted.size(), &bogusTag[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+
+    // Decrypt with bogus IV.
+    {
+      SECItem bogusParams(params);
+      CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
+      bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
+
+      std::vector<uint8_t> bogusIV(iv, iv + iv_len);
+      bogusAeadParams.pNonce = toUcharPtr(&bogusIV[0]);
+      bogusIV[0] ^= 0xff;
+
+      rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
+                        &decryptedLen, data_len, &output[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+
+    // Decrypt with bogus additional data.
+    {
+      SECItem bogusParams(params);
+      CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
+      bogusParams.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
+
+      std::vector<uint8_t> bogusAAD(aad, aad + aad_len);
+      bogusAeadParams.pAAD = toUcharPtr(&bogusAAD[0]);
+      bogusAAD[0] ^= 0xff;
+
+      rv = PK11_Decrypt(symKey, mech, &bogusParams, &decrypted[0],
+                        &decryptedLen, data_len, &output[0], outputLen);
+      EXPECT_NE(rv, SECSuccess);
+    }
+  }
+
+  void EncryptDecrypt(const uint8_t* key, size_t key_len, const uint8_t* data,
+                      size_t data_len, const uint8_t* aad, size_t aad_len,
+                      const uint8_t* iv, size_t iv_len, const uint8_t* ct,
+                      size_t ct_len) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    SECItem keyItem = {siBuffer, toUcharPtr(key),
+                       static_cast<unsigned int>(key_len)};
+
+    // Import key.
+    ScopedPK11SymKey symKey(PK11_ImportSymKey(
+        slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
+    EXPECT_TRUE(!!symKey);
+
+    // Check.
+    EncryptDecrypt(symKey.get(), data, data_len, aad, aad_len, iv, iv_len, ct,
+                   ct_len);
+  }
+
+ protected:
+  CK_MECHANISM_TYPE mech = CKM_NSS_CHACHA20_POLY1305;
+
+  unsigned char* toUcharPtr(const uint8_t* v) {
+    return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
+  }
+};
+
+#define ENCRYPT_DECRYPT(v)                                                 \
+  EncryptDecrypt(v##Key, sizeof(v##Key), v##Data, sizeof(v##Data), v##AAD, \
+                 sizeof(v##AAD), v##IV, sizeof(v##IV), v##CT, sizeof(v##CT));
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) {
+  // Generate a random key.
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  ScopedPK11SymKey symKey(PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr));
+  EXPECT_TRUE(!!symKey);
+
+  // Generate random data.
+  std::vector<uint8_t> data(512);
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), &data[0], data.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Generate random AAD.
+  std::vector<uint8_t> aad(16);
+  rv = PK11_GenerateRandomOnSlot(slot.get(), &aad[0], aad.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Generate random IV.
+  std::vector<uint8_t> iv(12);
+  rv = PK11_GenerateRandomOnSlot(slot.get(), &iv[0], iv.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Check.
+  EncryptDecrypt(symKey.get(), &data[0], data.size(), &aad[0], aad.size(),
+                 &iv[0], iv.size());
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector1) {
+  ENCRYPT_DECRYPT(kTestVector1);
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, CheckTestVector2) {
+  ENCRYPT_DECRYPT(kTestVector2);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc b/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
new file mode 100644
index 0000000..b2bd805
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
@@ -0,0 +1,117 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+// <https://tools.ietf.org/html/rfc7748#section-6.1>
+const uint8_t kPkcs8[] = {
+    0x30, 0x67, 0x02, 0x01, 0x00, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x02, 0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda,
+    0x47, 0x0f, 0x01, 0x04, 0x4c, 0x30, 0x4a, 0x02, 0x01, 0x01, 0x04, 0x20,
+    0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72,
+    0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
+    0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a, 0xa1, 0x23, 0x03, 0x21,
+    0x00, 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
+    0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a,
+    0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a};
+const uint8_t kSpki[] = {
+    0x30, 0x39, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+    0x03, 0x21, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+    0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+    0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f};
+const uint8_t kSecret[] = {0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
+                           0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
+                           0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
+                           0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42};
+
+// A public key that's too short (31 bytes).
+const uint8_t kSpkiShort[] = {
+    0x30, 0x38, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+    0x03, 0x20, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b,
+    0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78,
+    0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f};
+
+// A public key that's too long (33 bytes).
+const uint8_t kSpkiLong[] = {
+    0x30, 0x3a, 0x30, 0x14, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01,
+    0x03, 0x22, 0x00, 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3,
+    0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b,
+    0x78, 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f, 0x34};
+
+static unsigned char* toUcharPtr(const uint8_t* v) {
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
+}
+
+class Pkcs11Curve25519Test : public ::testing::Test {
+ protected:
+  void Derive(const uint8_t* pkcs8, size_t pkcs8_len, const uint8_t* spki,
+              size_t spki_len, const uint8_t* secret, size_t secret_len,
+              bool expect_success) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    ASSERT_TRUE(slot);
+
+    SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8),
+                         static_cast<unsigned int>(pkcs8_len)};
+
+    SECKEYPrivateKey* key = nullptr;
+    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+        slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL, &key,
+        nullptr);
+    EXPECT_EQ(SECSuccess, rv);
+
+    ScopedSECKEYPrivateKey privKey(key);
+    ASSERT_TRUE(privKey);
+
+    SECItem spkiItem = {siBuffer, toUcharPtr(spki),
+                        static_cast<unsigned int>(spki_len)};
+
+    ScopedCERTSubjectPublicKeyInfo certSpki(
+        SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+    ASSERT_TRUE(certSpki);
+
+    ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
+    ASSERT_TRUE(pubKey);
+
+    ScopedPK11SymKey symKey(PK11_PubDeriveWithKDF(
+        privKey.get(), pubKey.get(), false, nullptr, nullptr, CKM_ECDH1_DERIVE,
+        CKM_SHA512_HMAC, CKA_DERIVE, 0, CKD_NULL, nullptr, nullptr));
+    EXPECT_EQ(expect_success, !!symKey);
+
+    if (expect_success) {
+      rv = PK11_ExtractKeyValue(symKey.get());
+      EXPECT_EQ(SECSuccess, rv);
+
+      SECItem* keyData = PK11_GetKeyData(symKey.get());
+      EXPECT_EQ(secret_len, keyData->len);
+      EXPECT_EQ(memcmp(keyData->data, secret, secret_len), 0);
+    }
+  }
+};
+
+TEST_F(Pkcs11Curve25519Test, DeriveSharedSecret) {
+  Derive(kPkcs8, sizeof(kPkcs8), kSpki, sizeof(kSpki), kSecret, sizeof(kSecret),
+         true);
+}
+
+TEST_F(Pkcs11Curve25519Test, DeriveSharedSecretShort) {
+  Derive(kPkcs8, sizeof(kPkcs8), kSpkiShort, sizeof(kSpkiShort), nullptr, 0,
+         false);
+}
+
+TEST_F(Pkcs11Curve25519Test, DeriveSharedSecretLong) {
+  Derive(kPkcs8, sizeof(kPkcs8), kSpkiLong, sizeof(kSpkiLong), nullptr, 0,
+         false);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc b/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
new file mode 100644
index 0000000..a54190c
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
@@ -0,0 +1,156 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "sechash.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+#include "pk11_ecdsa_vectors.h"
+#include "pk11_signature_test.h"
+
+namespace nss_test {
+
+class Pkcs11EcdsaTest : public Pk11SignatureTest {
+ protected:
+  CK_MECHANISM_TYPE mechanism() { return CKM_ECDSA; }
+  SECItem* parameters() { return nullptr; }
+};
+
+class Pkcs11EcdsaSha256Test : public Pkcs11EcdsaTest {
+ protected:
+  SECOidTag hashOID() { return SEC_OID_SHA256; }
+};
+
+class Pkcs11EcdsaSha384Test : public Pkcs11EcdsaTest {
+ protected:
+  SECOidTag hashOID() { return SEC_OID_SHA384; }
+};
+
+class Pkcs11EcdsaSha512Test : public Pkcs11EcdsaTest {
+ protected:
+  SECOidTag hashOID() { return SEC_OID_SHA512; }
+};
+
+TEST_F(Pkcs11EcdsaSha256Test, VerifyP256) {
+  SIG_TEST_VECTOR_VERIFY(kP256Spki, kP256Data, kP256Signature)
+}
+TEST_F(Pkcs11EcdsaSha256Test, SignAndVerifyP256) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kP256Pkcs8, kP256Spki, kP256Data)
+}
+
+TEST_F(Pkcs11EcdsaSha384Test, VerifyP384) {
+  SIG_TEST_VECTOR_VERIFY(kP384Spki, kP384Data, kP384Signature)
+}
+TEST_F(Pkcs11EcdsaSha384Test, SignAndVerifyP384) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kP384Pkcs8, kP384Spki, kP384Data)
+}
+
+TEST_F(Pkcs11EcdsaSha512Test, VerifyP521) {
+  SIG_TEST_VECTOR_VERIFY(kP521Spki, kP521Data, kP521Signature)
+}
+TEST_F(Pkcs11EcdsaSha512Test, SignAndVerifyP521) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kP521Pkcs8, kP521Spki, kP521Data)
+}
+
+// Importing a private key in PKCS#8 format must fail when the outer AlgID
+// struct contains neither id-ecPublicKey nor a namedCurve parameter.
+TEST_F(Pkcs11EcdsaSha256Test, ImportNoCurveOIDOrAlgorithmParams) {
+  EXPECT_FALSE(ImportPrivateKey(kP256Pkcs8NoCurveOIDOrAlgorithmParams,
+                                sizeof(kP256Pkcs8NoCurveOIDOrAlgorithmParams)));
+};
+
+// Importing a private key in PKCS#8 format must succeed when only the outer
+// AlgID struct contains the namedCurve parameters.
+TEST_F(Pkcs11EcdsaSha256Test, ImportOnlyAlgorithmParams) {
+  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(
+      kP256Pkcs8OnlyAlgorithmParams, sizeof(kP256Pkcs8OnlyAlgorithmParams),
+      kP256Data, sizeof(kP256Data)));
+};
+
+// Importing a private key in PKCS#8 format must succeed when the outer AlgID
+// struct and the inner ECPrivateKey contain the same namedCurve parameters.
+// The inner curveOID is always ignored, so only the outer one will be used.
+TEST_F(Pkcs11EcdsaSha256Test, ImportMatchingCurveOIDAndAlgorithmParams) {
+  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(
+      kP256Pkcs8MatchingCurveOIDAndAlgorithmParams,
+      sizeof(kP256Pkcs8MatchingCurveOIDAndAlgorithmParams), kP256Data,
+      sizeof(kP256Data)));
+};
+
+// Importing a private key in PKCS#8 format must succeed when the outer AlgID
+// struct and the inner ECPrivateKey contain dissimilar namedCurve parameters.
+// The inner curveOID is always ignored, so only the outer one will be used.
+TEST_F(Pkcs11EcdsaSha256Test, ImportDissimilarCurveOIDAndAlgorithmParams) {
+  EXPECT_TRUE(ImportPrivateKeyAndSignHashedData(
+      kP256Pkcs8DissimilarCurveOIDAndAlgorithmParams,
+      sizeof(kP256Pkcs8DissimilarCurveOIDAndAlgorithmParams), kP256Data,
+      sizeof(kP256Data)));
+};
+
+// Importing a private key in PKCS#8 format must fail when the outer ASN.1
+// AlgorithmID struct contains only id-ecPublicKey but no namedCurve parameter.
+TEST_F(Pkcs11EcdsaSha256Test, ImportNoAlgorithmParams) {
+  EXPECT_FALSE(ImportPrivateKey(kP256Pkcs8NoAlgorithmParams,
+                                sizeof(kP256Pkcs8NoAlgorithmParams)));
+};
+
+// Importing a private key in PKCS#8 format must fail when id-ecPublicKey is
+// given (so we know it's an EC key) but the namedCurve parameter is unknown.
+TEST_F(Pkcs11EcdsaSha256Test, ImportInvalidAlgorithmParams) {
+  EXPECT_FALSE(ImportPrivateKey(kP256Pkcs8InvalidAlgorithmParams,
+                                sizeof(kP256Pkcs8InvalidAlgorithmParams)));
+};
+
+// Importing a private key in PKCS#8 format with a point not on the curve will
+// succeed. Using the contained public key however will fail when trying to
+// import it before using it for any operation.
+TEST_F(Pkcs11EcdsaSha256Test, ImportPointNotOnCurve) {
+  ScopedSECKEYPrivateKey privKey(ImportPrivateKey(
+      kP256Pkcs8PointNotOnCurve, sizeof(kP256Pkcs8PointNotOnCurve)));
+  ASSERT_TRUE(privKey);
+
+  ScopedSECKEYPublicKey pubKey(SECKEY_ConvertToPublicKey(privKey.get()));
+  ASSERT_TRUE(pubKey);
+
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  ASSERT_TRUE(slot);
+
+  auto handle = PK11_ImportPublicKey(slot.get(), pubKey.get(), false);
+  EXPECT_EQ(handle, static_cast<decltype(handle)>(CK_INVALID_HANDLE));
+};
+
+// Importing a private key in PKCS#8 format must fail when no point is given.
+// PK11 currently offers no APIs to derive raw public keys from private values.
+TEST_F(Pkcs11EcdsaSha256Test, ImportNoPublicKey) {
+  EXPECT_FALSE(
+      ImportPrivateKey(kP256Pkcs8NoPublicKey, sizeof(kP256Pkcs8NoPublicKey)));
+};
+
+// Importing a public key in SPKI format must fail when id-ecPublicKey is
+// given (so we know it's an EC key) but the namedCurve parameter is missing.
+TEST_F(Pkcs11EcdsaSha256Test, ImportSpkiNoAlgorithmParams) {
+  EXPECT_FALSE(ImportPublicKey(kP256SpkiNoAlgorithmParams,
+                               sizeof(kP256SpkiNoAlgorithmParams)));
+}
+
+// Importing a public key in SPKI format with a point not on the curve will
+// succeed. Using the public key however will fail when trying to import
+// it before using it for any operation.
+TEST_F(Pkcs11EcdsaSha256Test, ImportSpkiPointNotOnCurve) {
+  ScopedSECKEYPublicKey pubKey(ImportPublicKey(
+      kP256SpkiPointNotOnCurve, sizeof(kP256SpkiPointNotOnCurve)));
+  ASSERT_TRUE(pubKey);
+
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  ASSERT_TRUE(slot);
+
+  auto handle = PK11_ImportPublicKey(slot.get(), pubKey.get(), false);
+  EXPECT_EQ(handle, static_cast<decltype(handle)>(CK_INVALID_HANDLE));
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h b/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h
new file mode 100644
index 0000000..1dd2c87
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_ecdsa_vectors.h
@@ -0,0 +1,251 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+namespace nss_test {
+
+// ECDSA test vector, A.2.5. ECDSA, 256 Bits (Prime Field), SHA-256
+// <https://tools.ietf.org/html/rfc6979#appendix-A.2.5>
+const uint8_t kP256Pkcs8[] = {
+    0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+    0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57,
+    0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12,
+    0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa1, 0x44, 0x03, 0x42,
+    0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61,
+    0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61,
+    0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03,
+    0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28,
+    0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3,
+    0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+const uint8_t kP256Spki[] = {
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+    0x42, 0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9,
+    0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b,
+    0x61, 0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79,
+    0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56,
+    0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77,
+    0xa3, 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+const uint8_t kP256Data[] = {'s', 'a', 'm', 'p', 'l', 'e'};
+const uint8_t kP256Signature[] = {
+    0xef, 0xd4, 0x8b, 0x2a, 0xac, 0xb6, 0xa8, 0xfd, 0x11, 0x40, 0xdd,
+    0x9c, 0xd4, 0x5e, 0x81, 0xd6, 0x9d, 0x2c, 0x87, 0x7b, 0x56, 0xaa,
+    0xf9, 0x91, 0xc3, 0x4d, 0x0e, 0xa8, 0x4e, 0xaf, 0x37, 0x16, 0xf7,
+    0xcb, 0x1c, 0x94, 0x2d, 0x65, 0x7c, 0x41, 0xd4, 0x36, 0xc7, 0xa1,
+    0xb6, 0xe2, 0x9f, 0x65, 0xf3, 0xe9, 0x00, 0xdb, 0xb9, 0xaf, 0xf4,
+    0x06, 0x4d, 0xc4, 0xab, 0x2f, 0x84, 0x3a, 0xcd, 0xa8};
+
+// ECDSA test vector, A.2.6. ECDSA, 384 Bits (Prime Field), SHA-384
+// <https://tools.ietf.org/html/rfc6979#appendix-A.2.6>
+const uint8_t kP384Pkcs8[] = {
+    0x30, 0x81, 0xb6, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22,
+    0x04, 0x81, 0x9e, 0x30, 0x81, 0x9b, 0x02, 0x01, 0x01, 0x04, 0x30, 0x6b,
+    0x9d, 0x3d, 0xad, 0x2e, 0x1b, 0x8c, 0x1c, 0x05, 0xb1, 0x98, 0x75, 0xb6,
+    0x65, 0x9f, 0x4d, 0xe2, 0x3c, 0x3b, 0x66, 0x7b, 0xf2, 0x97, 0xba, 0x9a,
+    0xa4, 0x77, 0x40, 0x78, 0x71, 0x37, 0xd8, 0x96, 0xd5, 0x72, 0x4e, 0x4c,
+    0x70, 0xa8, 0x25, 0xf8, 0x72, 0xc9, 0xea, 0x60, 0xd2, 0xed, 0xf5, 0xa1,
+    0x64, 0x03, 0x62, 0x00, 0x04, 0xec, 0x3a, 0x4e, 0x41, 0x5b, 0x4e, 0x19,
+    0xa4, 0x56, 0x86, 0x18, 0x02, 0x9f, 0x42, 0x7f, 0xa5, 0xda, 0x9a, 0x8b,
+    0xc4, 0xae, 0x92, 0xe0, 0x2e, 0x06, 0xaa, 0xe5, 0x28, 0x6b, 0x30, 0x0c,
+    0x64, 0xde, 0xf8, 0xf0, 0xea, 0x90, 0x55, 0x86, 0x60, 0x64, 0xa2, 0x54,
+    0x51, 0x54, 0x80, 0xbc, 0x13, 0x80, 0x15, 0xd9, 0xb7, 0x2d, 0x7d, 0x57,
+    0x24, 0x4e, 0xa8, 0xef, 0x9a, 0xc0, 0xc6, 0x21, 0x89, 0x67, 0x08, 0xa5,
+    0x93, 0x67, 0xf9, 0xdf, 0xb9, 0xf5, 0x4c, 0xa8, 0x4b, 0x3f, 0x1c, 0x9d,
+    0xb1, 0x28, 0x8b, 0x23, 0x1c, 0x3a, 0xe0, 0xd4, 0xfe, 0x73, 0x44, 0xfd,
+    0x25, 0x33, 0x26, 0x47, 0x20};
+const uint8_t kP384Spki[] = {
+    0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04,
+    0xec, 0x3a, 0x4e, 0x41, 0x5b, 0x4e, 0x19, 0xa4, 0x56, 0x86, 0x18, 0x02,
+    0x9f, 0x42, 0x7f, 0xa5, 0xda, 0x9a, 0x8b, 0xc4, 0xae, 0x92, 0xe0, 0x2e,
+    0x06, 0xaa, 0xe5, 0x28, 0x6b, 0x30, 0x0c, 0x64, 0xde, 0xf8, 0xf0, 0xea,
+    0x90, 0x55, 0x86, 0x60, 0x64, 0xa2, 0x54, 0x51, 0x54, 0x80, 0xbc, 0x13,
+    0x80, 0x15, 0xd9, 0xb7, 0x2d, 0x7d, 0x57, 0x24, 0x4e, 0xa8, 0xef, 0x9a,
+    0xc0, 0xc6, 0x21, 0x89, 0x67, 0x08, 0xa5, 0x93, 0x67, 0xf9, 0xdf, 0xb9,
+    0xf5, 0x4c, 0xa8, 0x4b, 0x3f, 0x1c, 0x9d, 0xb1, 0x28, 0x8b, 0x23, 0x1c,
+    0x3a, 0xe0, 0xd4, 0xfe, 0x73, 0x44, 0xfd, 0x25, 0x33, 0x26, 0x47, 0x20};
+const uint8_t kP384Data[] = {'s', 'a', 'm', 'p', 'l', 'e'};
+const uint8_t kP384Signature[] = {
+    0x94, 0xed, 0xbb, 0x92, 0xa5, 0xec, 0xb8, 0xaa, 0xd4, 0x73, 0x6e, 0x56,
+    0xc6, 0x91, 0x91, 0x6b, 0x3f, 0x88, 0x14, 0x06, 0x66, 0xce, 0x9f, 0xa7,
+    0x3d, 0x64, 0xc4, 0xea, 0x95, 0xad, 0x13, 0x3c, 0x81, 0xa6, 0x48, 0x15,
+    0x2e, 0x44, 0xac, 0xf9, 0x6e, 0x36, 0xdd, 0x1e, 0x80, 0xfa, 0xbe, 0x46,
+    0x99, 0xef, 0x4a, 0xeb, 0x15, 0xf1, 0x78, 0xce, 0xa1, 0xfe, 0x40, 0xdb,
+    0x26, 0x03, 0x13, 0x8f, 0x13, 0x0e, 0x74, 0x0a, 0x19, 0x62, 0x45, 0x26,
+    0x20, 0x3b, 0x63, 0x51, 0xd0, 0xa3, 0xa9, 0x4f, 0xa3, 0x29, 0xc1, 0x45,
+    0x78, 0x6e, 0x67, 0x9e, 0x7b, 0x82, 0xc7, 0x1a, 0x38, 0x62, 0x8a, 0xc8};
+
+// ECDSA test vector, A.2.7. ECDSA, 521 Bits (Prime Field), SHA-512
+// <https://tools.ietf.org/html/rfc6979#appendix-A.2.7>
+const uint8_t kP521Pkcs8[] = {
+    0x30, 0x81, 0xed, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23,
+    0x04, 0x81, 0xd5, 0x30, 0x81, 0xd2, 0x02, 0x01, 0x01, 0x04, 0x42, 0x00,
+    0xfa, 0xd0, 0x6d, 0xaa, 0x62, 0xba, 0x3b, 0x25, 0xd2, 0xfb, 0x40, 0x13,
+    0x3d, 0xa7, 0x57, 0x20, 0x5d, 0xe6, 0x7f, 0x5b, 0xb0, 0x01, 0x8f, 0xee,
+    0x8c, 0x86, 0xe1, 0xb6, 0x8c, 0x7e, 0x75, 0xca, 0xa8, 0x96, 0xeb, 0x32,
+    0xf1, 0xf4, 0x7c, 0x70, 0x85, 0x58, 0x36, 0xa6, 0xd1, 0x6f, 0xcc, 0x14,
+    0x66, 0xf6, 0xd8, 0xfb, 0xec, 0x67, 0xdb, 0x89, 0xec, 0x0c, 0x08, 0xb0,
+    0xe9, 0x96, 0xb8, 0x35, 0x38, 0xa1, 0x81, 0x88, 0x03, 0x81, 0x85, 0x00,
+    0x04, 0x18, 0x94, 0x55, 0x0d, 0x07, 0x85, 0x93, 0x2e, 0x00, 0xea, 0xa2,
+    0x3b, 0x69, 0x4f, 0x21, 0x3f, 0x8c, 0x31, 0x21, 0xf8, 0x6d, 0xc9, 0x7a,
+    0x04, 0xe5, 0xa7, 0x16, 0x7d, 0xb4, 0xe5, 0xbc, 0xd3, 0x71, 0x12, 0x3d,
+    0x46, 0xe4, 0x5d, 0xb6, 0xb5, 0xd5, 0x37, 0x0a, 0x7f, 0x20, 0xfb, 0x63,
+    0x31, 0x55, 0xd3, 0x8f, 0xfa, 0x16, 0xd2, 0xbd, 0x76, 0x1d, 0xca, 0xc4,
+    0x74, 0xb9, 0xa2, 0xf5, 0x02, 0x3a, 0x40, 0x49, 0x31, 0x01, 0xc9, 0x62,
+    0xcd, 0x4d, 0x2f, 0xdd, 0xf7, 0x82, 0x28, 0x5e, 0x64, 0x58, 0x41, 0x39,
+    0xc2, 0xf9, 0x1b, 0x47, 0xf8, 0x7f, 0xf8, 0x23, 0x54, 0xd6, 0x63, 0x0f,
+    0x74, 0x6a, 0x28, 0xa0, 0xdb, 0x25, 0x74, 0x1b, 0x5b, 0x34, 0xa8, 0x28,
+    0x00, 0x8b, 0x22, 0xac, 0xc2, 0x3f, 0x92, 0x4f, 0xaa, 0xfb, 0xd4, 0xd3,
+    0x3f, 0x81, 0xea, 0x66, 0x95, 0x6d, 0xfe, 0xaa, 0x2b, 0xfd, 0xfc, 0xf5};
+const uint8_t kP521Spki[] = {
+    0x30, 0x81, 0x9b, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0x03, 0x81, 0x86,
+    0x00, 0x04, 0x01, 0x89, 0x45, 0x50, 0xd0, 0x78, 0x59, 0x32, 0xe0, 0x0e,
+    0xaa, 0x23, 0xb6, 0x94, 0xf2, 0x13, 0xf8, 0xc3, 0x12, 0x1f, 0x86, 0xdc,
+    0x97, 0xa0, 0x4e, 0x5a, 0x71, 0x67, 0xdb, 0x4e, 0x5b, 0xcd, 0x37, 0x11,
+    0x23, 0xd4, 0x6e, 0x45, 0xdb, 0x6b, 0x5d, 0x53, 0x70, 0xa7, 0xf2, 0x0f,
+    0xb6, 0x33, 0x15, 0x5d, 0x38, 0xff, 0xa1, 0x6d, 0x2b, 0xd7, 0x61, 0xdc,
+    0xac, 0x47, 0x4b, 0x9a, 0x2f, 0x50, 0x23, 0xa4, 0x00, 0x49, 0x31, 0x01,
+    0xc9, 0x62, 0xcd, 0x4d, 0x2f, 0xdd, 0xf7, 0x82, 0x28, 0x5e, 0x64, 0x58,
+    0x41, 0x39, 0xc2, 0xf9, 0x1b, 0x47, 0xf8, 0x7f, 0xf8, 0x23, 0x54, 0xd6,
+    0x63, 0x0f, 0x74, 0x6a, 0x28, 0xa0, 0xdb, 0x25, 0x74, 0x1b, 0x5b, 0x34,
+    0xa8, 0x28, 0x00, 0x8b, 0x22, 0xac, 0xc2, 0x3f, 0x92, 0x4f, 0xaa, 0xfb,
+    0xd4, 0xd3, 0x3f, 0x81, 0xea, 0x66, 0x95, 0x6d, 0xfe, 0xaa, 0x2b, 0xfd,
+    0xfc, 0xf5};
+const uint8_t kP521Data[] = {'s', 'a', 'm', 'p', 'l', 'e'};
+const uint8_t kP521Signature[] = {
+    0x00, 0xc3, 0x28, 0xfa, 0xfc, 0xbd, 0x79, 0xdd, 0x77, 0x85, 0x03, 0x70,
+    0xc4, 0x63, 0x25, 0xd9, 0x87, 0xcb, 0x52, 0x55, 0x69, 0xfb, 0x63, 0xc5,
+    0xd3, 0xbc, 0x53, 0x95, 0x0e, 0x6d, 0x4c, 0x5f, 0x17, 0x4e, 0x25, 0xa1,
+    0xee, 0x90, 0x17, 0xb5, 0xd4, 0x50, 0x60, 0x6a, 0xdd, 0x15, 0x2b, 0x53,
+    0x49, 0x31, 0xd7, 0xd4, 0xe8, 0x45, 0x5c, 0xc9, 0x1f, 0x9b, 0x15, 0xbf,
+    0x05, 0xec, 0x36, 0xe3, 0x77, 0xfa, 0x00, 0x61, 0x7c, 0xce, 0x7c, 0xf5,
+    0x06, 0x48, 0x06, 0xc4, 0x67, 0xf6, 0x78, 0xd3, 0xb4, 0x08, 0x0d, 0x6f,
+    0x1c, 0xc5, 0x0a, 0xf2, 0x6c, 0xa2, 0x09, 0x41, 0x73, 0x08, 0x28, 0x1b,
+    0x68, 0xaf, 0x28, 0x26, 0x23, 0xea, 0xa6, 0x3e, 0x5b, 0x5c, 0x07, 0x23,
+    0xd8, 0xb8, 0xc3, 0x7f, 0xf0, 0x77, 0x7b, 0x1a, 0x20, 0xf8, 0xcc, 0xb1,
+    0xdc, 0xcc, 0x43, 0x99, 0x7f, 0x1e, 0xe0, 0xe4, 0x4d, 0xa4, 0xa6, 0x7a};
+
+// ECDSA test vectors, SPKI and PKCS#8 edge cases.
+const uint8_t kP256Pkcs8NoCurveOIDOrAlgorithmParams[] = {
+    0x30, 0x7d, 0x02, 0x01, 0x00, 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x02, 0x01, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04,
+    0x20, 0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21,
+    0x57, 0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b,
+    0x12, 0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa1, 0x44, 0x03,
+    0x42, 0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9,
+    0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b,
+    0x61, 0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79,
+    0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56,
+    0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77,
+    0xa3, 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+const uint8_t kP256Pkcs8OnlyAlgorithmParams[] = {
+    0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+    0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57,
+    0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12,
+    0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa1, 0x44, 0x03, 0x42,
+    0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61,
+    0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61,
+    0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03,
+    0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28,
+    0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3,
+    0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+const uint8_t kP256Pkcs8NoAlgorithmParams[] = {
+    0x30, 0x81, 0x89, 0x02, 0x01, 0x00, 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x04, 0x79, 0x30, 0x77, 0x02, 0x01, 0x01,
+    0x04, 0x20, 0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c,
+    0x21, 0x57, 0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8,
+    0x9b, 0x12, 0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa0, 0x0a,
+    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0xa1, 0x44,
+    0x03, 0x42, 0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31,
+    0xc9, 0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92,
+    0x3b, 0x61, 0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6,
+    0x79, 0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9,
+    0x56, 0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51,
+    0x77, 0xa3, 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+const uint8_t kP256Pkcs8MatchingCurveOIDAndAlgorithmParams[] = {
+    0x30, 0x81, 0x93, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07, 0x04, 0x79, 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20,
+    0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57,
+    0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12,
+    0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa0, 0x0a, 0x06, 0x08,
+    0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42,
+    0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61,
+    0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61,
+    0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03,
+    0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28,
+    0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3,
+    0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+const uint8_t kP256Pkcs8DissimilarCurveOIDAndAlgorithmParams[] = {
+    0x30, 0x81, 0x90, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07, 0x04, 0x76, 0x30, 0x74, 0x02, 0x01, 0x01, 0x04, 0x20,
+    0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57,
+    0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12,
+    0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa0, 0x07, 0x06, 0x05,
+    0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x60,
+    0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61, 0xeb, 0x74, 0xc6,
+    0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61, 0xfa, 0x6c, 0xe6,
+    0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03, 0xfe, 0x10, 0x08,
+    0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28, 0xbc, 0x64, 0xf2,
+    0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3, 0xc2, 0x94, 0xd4,
+    0x46, 0x22, 0x99};
+const uint8_t kP256Pkcs8InvalidAlgorithmParams[] = {
+    0x30, 0x81, 0x82, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x03, 0x2a, 0x03, 0x04, 0x04, 0x6d,
+    0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 0xc9, 0xaf, 0xa9, 0xd8, 0x45,
+    0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57, 0x67, 0xb1, 0xd6, 0x93, 0x4e,
+    0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12, 0x7b, 0x8a, 0x62, 0x2b, 0x12,
+    0x0f, 0x67, 0x21, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x60, 0xfe, 0xd4,
+    0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d,
+    0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61, 0xfa, 0x6c, 0xe6, 0x69, 0x62,
+    0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc,
+    0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2,
+    0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3, 0xc2, 0x94, 0xd4, 0x46, 0x22,
+    0x99};
+const uint8_t kP256Pkcs8PointNotOnCurve[] = {
+    0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+    0xc9, 0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57,
+    0x67, 0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12,
+    0x7b, 0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21, 0xa1, 0x44, 0x03, 0x42,
+    0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9, 0x61,
+    0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b, 0x61,
+    0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79, 0x03,
+    0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56, 0x28,
+    0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77, 0xa3,
+    0xc2, 0x94, 0xd4, 0x33, 0x11, 0x77};
+const uint8_t kP256Pkcs8NoPublicKey[] = {
+    0x30, 0x41, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
+    0x01, 0x07, 0x04, 0x27, 0x30, 0x25, 0x02, 0x01, 0x01, 0x04, 0x20, 0xc9,
+    0xaf, 0xa9, 0xd8, 0x45, 0xba, 0x75, 0x16, 0x6b, 0x5c, 0x21, 0x57, 0x67,
+    0xb1, 0xd6, 0x93, 0x4e, 0x50, 0xc3, 0xdb, 0x36, 0xe8, 0x9b, 0x12, 0x7b,
+    0x8a, 0x62, 0x2b, 0x12, 0x0f, 0x67, 0x21};
+const uint8_t kP256SpkiNoAlgorithmParams[] = {
+    0x30, 0x4f, 0x30, 0x09, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x03, 0x42, 0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d,
+    0x31, 0xc9, 0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8,
+    0x92, 0x3b, 0x61, 0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f,
+    0xb6, 0x79, 0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9,
+    0xe9, 0x56, 0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f,
+    0x51, 0x77, 0xa3, 0xc2, 0x94, 0xd4, 0x46, 0x22, 0x99};
+const uint8_t kP256SpkiPointNotOnCurve[] = {
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+    0x42, 0x00, 0x04, 0x60, 0xfe, 0xd4, 0xba, 0x25, 0x5a, 0x9d, 0x31, 0xc9,
+    0x61, 0xeb, 0x74, 0xc6, 0x35, 0x6d, 0x68, 0xc0, 0x49, 0xb8, 0x92, 0x3b,
+    0x61, 0xfa, 0x6c, 0xe6, 0x69, 0x62, 0x2e, 0x60, 0xf2, 0x9f, 0xb6, 0x79,
+    0x03, 0xfe, 0x10, 0x08, 0xb8, 0xbc, 0x99, 0xa4, 0x1a, 0xe9, 0xe9, 0x56,
+    0x28, 0xbc, 0x64, 0xf2, 0xf1, 0xb2, 0x0c, 0x2d, 0x7e, 0x9f, 0x51, 0x77,
+    0xa3, 0xc2, 0x94, 0x00, 0x33, 0x11, 0x77};
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_export_unittest.cc b/nss/gtests/pk11_gtest/pk11_export_unittest.cc
new file mode 100644
index 0000000..e5d5ae8
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_export_unittest.cc
@@ -0,0 +1,66 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+class Pkcs11ExportTest : public ::testing::Test {
+ public:
+  void Derive(bool is_export) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    EXPECT_TRUE(slot.get());
+
+    uint8_t keyData[48] = {0};
+    SECItem keyItem = {siBuffer, (unsigned char*)keyData, sizeof(keyData)};
+
+    CK_MECHANISM_TYPE mechanism = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+    ScopedPK11SymKey baseKey(PK11_ImportSymKey(
+        slot.get(), mechanism, PK11_OriginUnwrap, CKA_WRAP, &keyItem, nullptr));
+    EXPECT_TRUE(baseKey.get());
+
+    CK_SSL3_KEY_MAT_OUT kmo;
+    kmo.hClientMacSecret = CK_INVALID_HANDLE;
+    kmo.hServerMacSecret = CK_INVALID_HANDLE;
+    kmo.hClientKey = CK_INVALID_HANDLE;
+    kmo.hServerKey = CK_INVALID_HANDLE;
+
+    CK_BYTE iv[8];
+    kmo.pIVClient = iv;
+    kmo.pIVServer = iv;
+
+    CK_SSL3_KEY_MAT_PARAMS kmp;
+    kmp.ulMacSizeInBits = 256;
+    kmp.ulKeySizeInBits = 128;
+    kmp.ulIVSizeInBits = 64;
+    kmp.pReturnedKeyMaterial = &kmo;
+    kmp.bIsExport = is_export;
+
+    unsigned char random[32] = {0};
+    kmp.RandomInfo.pClientRandom = random;
+    kmp.RandomInfo.ulClientRandomLen = sizeof(random);
+    kmp.RandomInfo.pServerRandom = random;
+    kmp.RandomInfo.ulServerRandomLen = sizeof(random);
+
+    SECItem params = {siBuffer, (unsigned char*)&kmp, sizeof(kmp)};
+    ScopedPK11SymKey symKey(PK11_Derive(baseKey.get(), mechanism, &params,
+                                        CKM_SHA512_HMAC, CKA_SIGN, 16));
+
+    // Deriving must fail when is_export=true.
+    EXPECT_EQ(!symKey.get(), is_export);
+  }
+};
+
+TEST_F(Pkcs11ExportTest, DeriveNonExport) { Derive(false); }
+
+TEST_F(Pkcs11ExportTest, DeriveExport) { Derive(true); }
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_gtest.gyp b/nss/gtests/pk11_gtest/pk11_gtest.gyp
new file mode 100644
index 0000000..41578e7
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -0,0 +1,54 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'pk11_gtest',
+      'type': 'executable',
+      'sources': [
+        'pk11_aeskeywrap_unittest.cc',
+        'pk11_chacha20poly1305_unittest.cc',
+        'pk11_curve25519_unittest.cc',
+        'pk11_ecdsa_unittest.cc',
+        'pk11_pbkdf2_unittest.cc',
+        'pk11_prf_unittest.cc',
+        'pk11_prng_unittest.cc',
+        'pk11_rsapss_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+      ],
+      'conditions': [
+        [ 'test_build==1', {
+          'dependencies': [
+            '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+            '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+            '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+            '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+            '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+            '<(DEPTH)/lib/base/base.gyp:nssb',
+            '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+            '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+            '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+          ],
+        }, {
+          'dependencies': [
+            '<(DEPTH)/lib/nss/nss.gyp:nss3',
+            '<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
+          ],
+        }],
+      ],
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc b/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
new file mode 100644
index 0000000..d72f94c
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+static unsigned char* ToUcharPtr(std::string& str) {
+  return const_cast<unsigned char*>(
+      reinterpret_cast<const unsigned char*>(str.c_str()));
+}
+
+class Pkcs11Pbkdf2Test : public ::testing::Test {
+ public:
+  void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg) {
+    // Shared between test vectors.
+    const unsigned int iterations = 4096;
+    std::string pass("passwordPASSWORDpassword");
+    std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
+
+    // Derivation must succeed with the right values.
+    EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations));
+
+    // Derivation must fail when the password is bogus.
+    std::string bogusPass("PasswordPASSWORDpassword");
+    EXPECT_FALSE(DeriveBytes(bogusPass, salt, derived, hash_alg, iterations));
+
+    // Derivation must fail when the salt is bogus.
+    std::string bogusSalt("SaltSALTsaltSALTsaltSALTsaltSALTsalt");
+    EXPECT_FALSE(DeriveBytes(pass, bogusSalt, derived, hash_alg, iterations));
+
+    // Derivation must fail when using the wrong hash function.
+    SECOidTag next_hash_alg = static_cast<SECOidTag>(hash_alg + 1);
+    EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, iterations));
+
+    // Derivation must fail when using the wrong number of iterations.
+    EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1));
+  }
+
+ private:
+  bool DeriveBytes(std::string& pass, std::string& salt,
+                   std::vector<uint8_t>& derived, SECOidTag hash_alg,
+                   unsigned int iterations) {
+    SECItem passItem = {siBuffer, ToUcharPtr(pass),
+                        static_cast<unsigned int>(pass.length())};
+    SECItem saltItem = {siBuffer, ToUcharPtr(salt),
+                        static_cast<unsigned int>(salt.length())};
+
+    // Set up PBKDF2 params.
+    ScopedSECAlgorithmID alg_id(
+        PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
+                                    derived.size(), iterations, &saltItem));
+
+    // Derive.
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    ScopedPK11SymKey symKey(
+        PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
+
+    SECStatus rv = PK11_ExtractKeyValue(symKey.get());
+    EXPECT_EQ(rv, SECSuccess);
+
+    SECItem* keyData = PK11_GetKeyData(symKey.get());
+    return !memcmp(&derived[0], keyData->data, keyData->len);
+  }
+};
+
+// RFC 6070 <http://tools.ietf.org/html/rfc6070>
+TEST_F(Pkcs11Pbkdf2Test, DeriveKnown1) {
+  std::vector<uint8_t> derived = {0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84,
+                                  0x9b, 0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0,
+                                  0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c,
+                                  0xf2, 0xf0, 0x70, 0x38};
+
+  Derive(derived, SEC_OID_HMAC_SHA1);
+}
+
+// https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
+TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) {
+  std::vector<uint8_t> derived = {
+      0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8,
+      0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e,
+      0xbc, 0x18, 0x00, 0x18, 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd,
+      0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c, 0x7d, 0xac, 0x47, 0xe9};
+
+  Derive(derived, SEC_OID_HMAC_SHA256);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_prf_unittest.cc b/nss/gtests/pk11_gtest/pk11_prf_unittest.cc
new file mode 100644
index 0000000..f2d4cf3
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_prf_unittest.cc
@@ -0,0 +1,229 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+const size_t kPmsSize = 48;
+const size_t kMasterSecretSize = 48;
+const size_t kPrfSeedSizeSha256 = 32;
+const size_t kPrfSeedSizeTlsPrf = 36;
+
+// This is not the right size for anything
+const size_t kIncorrectSize = 17;
+
+const uint8_t kPmsData[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
+
+const uint8_t kPrfSeed[] = {
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3};
+
+const uint8_t kExpectedOutputEmsSha256[] = {
+    0x75, 0xa7, 0xa5, 0x98, 0xef, 0xab, 0x90, 0xe7, 0x7c, 0x67, 0x80, 0xde,
+    0xab, 0x3a, 0x11, 0xf3, 0x5d, 0xb2, 0xf8, 0x47, 0xff, 0x09, 0x01, 0xec,
+    0xf8, 0x93, 0x89, 0xfc, 0x98, 0x2e, 0x6e, 0xf9, 0x2c, 0xf5, 0x9b, 0x04,
+    0x04, 0x6f, 0xd7, 0x28, 0x6e, 0xea, 0xe3, 0x83, 0xc4, 0x4a, 0xff, 0x03};
+
+const uint8_t kExpectedOutputEmsTlsPrf[] = {
+    0x06, 0xbf, 0x29, 0x86, 0x5d, 0xf3, 0x3e, 0x38, 0xfd, 0xfa, 0x91, 0x10,
+    0x2a, 0x20, 0xff, 0xd6, 0xb9, 0xd5, 0x72, 0x5a, 0x6d, 0x42, 0x20, 0x16,
+    0xde, 0xa4, 0xa0, 0x51, 0xe5, 0x53, 0xc1, 0x28, 0x04, 0x99, 0xbc, 0xb1,
+    0x2c, 0x9d, 0xe8, 0x0b, 0x18, 0xa2, 0x0e, 0x48, 0x52, 0x8d, 0x61, 0x13};
+
+static unsigned char* toUcharPtr(const uint8_t* v) {
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
+}
+
+class TlsPrfTest : public ::testing::Test {
+ public:
+  TlsPrfTest()
+      : params_({siBuffer, nullptr, 0}),
+        pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize}),
+        key_mech_(0),
+        slot_(nullptr),
+        pms_(nullptr),
+        ms_(nullptr),
+        pms_version_({0, 0}) {}
+
+  ~TlsPrfTest() {
+    if (slot_) {
+      PK11_FreeSlot(slot_);
+    }
+    ClearTempVars();
+  }
+
+  void ClearTempVars() {
+    if (pms_) {
+      PK11_FreeSymKey(pms_);
+    }
+    if (ms_) {
+      PK11_FreeSymKey(ms_);
+    }
+  }
+
+  void Init() {
+    params_.type = siBuffer;
+
+    pms_item_.type = siBuffer;
+    pms_item_.data =
+        const_cast<unsigned char*>(static_cast<const unsigned char*>(kPmsData));
+
+    slot_ = PK11_GetInternalSlot();
+    ASSERT_NE(nullptr, slot_);
+  }
+
+  void CheckForError(CK_MECHANISM_TYPE hash_mech, size_t seed_len,
+                     size_t pms_len, size_t output_len) {
+    // Error tests don't depend on the derivation mechansim
+    Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech, seed_len, pms_len,
+          output_len, nullptr, nullptr);
+  }
+
+  void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech,
+                          CK_MECHANISM_TYPE hash_mech, CK_VERSION* version,
+                          const uint8_t* expected) {
+    // Infer seed length from mechanism
+    int seed_len = 0;
+    switch (hash_mech) {
+      case CKM_TLS_PRF:
+        seed_len = kPrfSeedSizeTlsPrf;
+        break;
+      case CKM_SHA256:
+        seed_len = kPrfSeedSizeSha256;
+        break;
+      default:
+        ASSERT_TRUE(false);
+    }
+
+    Inner(derive_mech, hash_mech, seed_len, kPmsSize, 0, version, expected);
+  }
+
+  // Set output == nullptr to test when errors occur
+  void Inner(CK_MECHANISM_TYPE derive_mech, CK_MECHANISM_TYPE hash_mech,
+             size_t seed_len, size_t pms_len, size_t output_len,
+             CK_VERSION* version, const uint8_t* expected) {
+    ClearTempVars();
+
+    // Infer the key mechanism from the hash type
+    switch (hash_mech) {
+      case CKM_TLS_PRF:
+        key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE;
+        break;
+      case CKM_SHA256:
+        key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256;
+        break;
+      default:
+        ASSERT_TRUE(false);
+    }
+
+    // Import the params
+    CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = {
+        hash_mech, toUcharPtr(kPrfSeed), static_cast<CK_ULONG>(seed_len),
+        version};
+    params_.data = reinterpret_cast<unsigned char*>(&master_params);
+    params_.len = sizeof(master_params);
+
+    // Import the PMS
+    pms_item_.len = pms_len;
+    pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, CKA_DERIVE,
+                             &pms_item_, NULL);
+    ASSERT_NE(nullptr, pms_);
+
+    // Compute the EMS
+    ms_ = PK11_DeriveWithFlags(pms_, derive_mech, &params_, key_mech_,
+                               CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
+
+    // Verify the EMS has the expected value (null or otherwise)
+    if (!expected) {
+      EXPECT_EQ(nullptr, ms_);
+    } else {
+      ASSERT_NE(nullptr, ms_);
+
+      SECStatus rv = PK11_ExtractKeyValue(ms_);
+      ASSERT_EQ(SECSuccess, rv);
+
+      SECItem* msData = PK11_GetKeyData(ms_);
+      ASSERT_NE(nullptr, msData);
+
+      ASSERT_EQ(kMasterSecretSize, msData->len);
+      EXPECT_EQ(0, memcmp(msData->data, expected, kMasterSecretSize));
+    }
+  }
+
+ protected:
+  SECItem params_;
+  SECItem pms_item_;
+  CK_MECHANISM_TYPE key_mech_;
+  PK11SlotInfo* slot_;
+  PK11SymKey* pms_;
+  PK11SymKey* ms_;
+  CK_VERSION pms_version_;
+};
+
+TEST_F(TlsPrfTest, ExtendedMsParamErr) {
+  Init();
+
+  // This should fail; it's the correct set from which the below are derived
+  // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+  // kPrfSeedSizeTlsPrf, kPmsSize, 0);
+
+  // Output key size != 0, SSL3_MASTER_SECRET_LENGTH
+  CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize);
+
+  // not-DH && pms size != SSL3_PMS_LENGTH
+  CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
+
+  // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
+  CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0);
+
+  // !CKM_TLS_PRF && seed length != hash output length
+  CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0);
+}
+
+// Test matrix:
+//
+//            DH  RSA
+//  TLS_PRF   1   2
+//  SHA256    3   4
+TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_TLS_PRF,
+                     nullptr, kExpectedOutputEmsTlsPrf);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF,
+                     &pms_version_, kExpectedOutputEmsTlsPrf);
+  EXPECT_EQ(0, pms_version_.major);
+  EXPECT_EQ(1, pms_version_.minor);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, CKM_SHA256,
+                     nullptr, kExpectedOutputEmsSha256);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
+  Init();
+  ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_SHA256,
+                     &pms_version_, kExpectedOutputEmsSha256);
+  EXPECT_EQ(0, pms_version_.major);
+  EXPECT_EQ(1, pms_version_.minor);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_prng_unittest.cc b/nss/gtests/pk11_gtest/pk11_prng_unittest.cc
new file mode 100644
index 0000000..fd28651
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_prng_unittest.cc
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "blapi.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+class PK11PrngTest : public ::testing::Test {};
+
+#ifdef UNSAFE_FUZZER_MODE
+
+// Test that two consecutive calls to the RNG return two distinct values.
+TEST_F(PK11PrngTest, Fuzz_DetPRNG) {
+  std::vector<uint8_t> rnd1(2048, 0);
+  std::vector<uint8_t> rnd2(2048, 0);
+
+  SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  rv = PK11_GenerateRandom(rnd2.data(), rnd2.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  EXPECT_NE(rnd1, rnd2);
+}
+
+// Test that two consecutive calls to the RNG return two equal values
+// when the RNG's internal state is reset before each call.
+TEST_F(PK11PrngTest, Fuzz_DetPRNG_Reset) {
+  std::vector<uint8_t> rnd1(2048, 0);
+  std::vector<uint8_t> rnd2(2048, 0);
+
+  RNG_ResetForFuzzing();
+
+  SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  RNG_ResetForFuzzing();
+
+  rv = PK11_GenerateRandom(rnd2.data(), rnd2.size());
+  EXPECT_EQ(rv, SECSuccess);
+
+  EXPECT_EQ(rnd1, rnd2);
+}
+
+// Test that the RNG's internal state progresses in a consistent manner.
+TEST_F(PK11PrngTest, Fuzz_DetPRNG_StatefulReset) {
+  std::vector<uint8_t> rnd1(2048, 0);
+  std::vector<uint8_t> rnd2(2048, 0);
+
+  RNG_ResetForFuzzing();
+
+  SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  rv = PK11_GenerateRandom(rnd1.data() + 1024, rnd1.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  RNG_ResetForFuzzing();
+
+  rv = PK11_GenerateRandom(rnd2.data(), rnd2.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  rv = PK11_GenerateRandom(rnd2.data() + 1024, rnd2.size() - 1024);
+  EXPECT_EQ(rv, SECSuccess);
+
+  EXPECT_EQ(rnd1, rnd2);
+}
+
+#endif
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc b/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
new file mode 100644
index 0000000..012bae0
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -0,0 +1,199 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "sechash.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+#include "pk11_rsapss_vectors.h"
+#include "pk11_signature_test.h"
+
+namespace nss_test {
+
+class Pkcs11RsaPssVectorTest : public Pk11SignatureTest {
+ public:
+  Pkcs11RsaPssVectorTest() {
+    rsaPssParams_.hashAlg = CKM_SHA_1;
+    rsaPssParams_.mgf = CKG_MGF1_SHA1;
+    rsaPssParams_.sLen = HASH_ResultLenByOidTag(SEC_OID_SHA1);
+
+    params_.type = siBuffer;
+    params_.data = reinterpret_cast<unsigned char*>(&rsaPssParams_);
+    params_.len = sizeof(rsaPssParams_);
+  }
+
+ protected:
+  CK_MECHANISM_TYPE mechanism() { return CKM_RSA_PKCS_PSS; }
+  SECItem* parameters() { return &params_; }
+  SECOidTag hashOID() { return SEC_OID_SHA1; }
+
+ private:
+  CK_RSA_PKCS_PSS_PARAMS rsaPssParams_;
+  SECItem params_;
+};
+
+TEST_F(Pkcs11RsaPssVectorTest, GenerateAndSignAndVerify) {
+  // Sign data with a 1024-bit RSA key, using PSS/SHA-256.
+  SECOidTag hashOid = SEC_OID_SHA256;
+  CK_MECHANISM_TYPE hashMech = CKM_SHA256;
+  CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA256;
+  PK11RSAGenParams rsaGenParams = {1024, 0x10001};
+
+  // Generate RSA key pair.
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  SECKEYPublicKey* pubKeyRaw = nullptr;
+  ScopedSECKEYPrivateKey privKey(
+      PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaGenParams,
+                           &pubKeyRaw, false, false, nullptr));
+  ASSERT_TRUE(!!privKey && pubKeyRaw);
+  ScopedSECKEYPublicKey pubKey(pubKeyRaw);
+
+  // Generate random data to sign.
+  uint8_t dataBuf[50];
+  SECItem data = {siBuffer, dataBuf, sizeof(dataBuf)};
+  unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), data.data, data.len);
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Allocate memory for the signature.
+  std::vector<uint8_t> sigBuf(PK11_SignatureLen(privKey.get()));
+  SECItem sig = {siBuffer, &sigBuf[0],
+                 static_cast<unsigned int>(sigBuf.size())};
+
+  // Set up PSS parameters.
+  CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
+  SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+                    sizeof(rsaPssParams)};
+
+  // Sign.
+  rv = PK11_SignWithMechanism(privKey.get(), mechanism(), &params, &sig, &data);
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Verify.
+  rv = PK11_VerifyWithMechanism(pubKey.get(), mechanism(), &params, &sig, &data,
+                                nullptr);
+  EXPECT_EQ(rv, SECSuccess);
+
+  // Verification with modified data must fail.
+  data.data[0] ^= 0xff;
+  rv = PK11_VerifyWithMechanism(pubKey.get(), mechanism(), &params, &sig, &data,
+                                nullptr);
+  EXPECT_EQ(rv, SECFailure);
+
+  // Verification with original data but the wrong signature must fail.
+  data.data[0] ^= 0xff;  // Revert previous changes.
+  sig.data[0] ^= 0xff;
+  rv = PK11_VerifyWithMechanism(pubKey.get(), mechanism(), &params, &sig, &data,
+                                nullptr);
+  EXPECT_EQ(rv, SECFailure);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature1) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector1Spki, kTestVector1Data, kTestVector1Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify1) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector1Pkcs8, kTestVector1Spki,
+                              kTestVector1Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 2.1: A 1025-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify2) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector2Pkcs8, kTestVector2Spki,
+                              kTestVector2Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 3.1: A 1026-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature3) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector3Spki, kTestVector3Data, kTestVector3Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify3) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector3Pkcs8, kTestVector3Spki,
+                              kTestVector3Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 4.1: A 1027-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature4) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector4Spki, kTestVector4Data, kTestVector4Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify4) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector4Pkcs8, kTestVector4Spki,
+                              kTestVector4Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 5.1: A 1028-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature5) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector5Spki, kTestVector5Data, kTestVector5Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify5) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector5Pkcs8, kTestVector5Spki,
+                              kTestVector5Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 6.1: A 1029-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature6) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector6Spki, kTestVector6Data, kTestVector6Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify6) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector6Pkcs8, kTestVector6Spki,
+                              kTestVector6Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 7.1: A 1030-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature7) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector7Spki, kTestVector7Data, kTestVector7Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify7) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector7Pkcs8, kTestVector7Spki,
+                              kTestVector7Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 8.1: A 1031-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature8) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector8Spki, kTestVector8Data, kTestVector8Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify8) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector8Pkcs8, kTestVector8Spki,
+                              kTestVector8Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 9.1: A 1536-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature9) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector9Spki, kTestVector9Data, kTestVector9Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify9) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector9Pkcs8, kTestVector9Spki,
+                              kTestVector9Data);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature10) {
+  SIG_TEST_VECTOR_VERIFY(kTestVector10Spki, kTestVector10Data,
+                         kTestVector10Sig);
+}
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify10) {
+  SIG_TEST_VECTOR_SIGN_VERIFY(kTestVector10Pkcs8, kTestVector10Spki,
+                              kTestVector10Data);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_rsapss_vectors.h b/nss/gtests/pk11_gtest/pk11_rsapss_vectors.h
new file mode 100644
index 0000000..2af1044
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_rsapss_vectors.h
@@ -0,0 +1,1083 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+namespace nss_test {
+
+// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector1Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x72, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x5c, 0x30, 0x82, 0x02, 0x58, 0x02, 0x01, 0x00, 0x02, 0x81, 0x80,
+    0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc,
+    0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4,
+    0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56,
+    0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3,
+    0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
+    0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b,
+    0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2,
+    0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1,
+    0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38,
+    0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
+    0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37, 0x02, 0x03, 0x01, 0x00,
+    0x01, 0x02, 0x81, 0x80, 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f,
+    0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
+    0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8,
+    0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0,
+    0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1,
+    0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89,
+    0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
+    0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba,
+    0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37,
+    0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22,
+    0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25,
+    0x02, 0x40, 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
+    0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5,
+    0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7,
+    0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf,
+    0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d,
+    0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43, 0x02, 0x40, 0xb6, 0x9d, 0xca, 0x1c,
+    0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a,
+    0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b,
+    0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
+    0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63,
+    0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd,
+    0x02, 0x40, 0x28, 0xfa, 0x13, 0x93, 0x86, 0x55, 0xbe, 0x1f, 0x8a, 0x15,
+    0x9c, 0xba, 0xca, 0x5a, 0x72, 0xea, 0x19, 0x0c, 0x30, 0x08, 0x9e, 0x19,
+    0xcd, 0x27, 0x4a, 0x55, 0x6f, 0x36, 0xc4, 0xf6, 0xe1, 0x9f, 0x55, 0x4b,
+    0x34, 0xc0, 0x77, 0x79, 0x04, 0x27, 0xbb, 0xdd, 0x8d, 0xd3, 0xed, 0xe2,
+    0x44, 0x83, 0x28, 0xf3, 0x85, 0xd8, 0x1b, 0x30, 0xe8, 0xe4, 0x3b, 0x2f,
+    0xff, 0xa0, 0x27, 0x86, 0x19, 0x79, 0x02, 0x40, 0x1a, 0x8b, 0x38, 0xf3,
+    0x98, 0xfa, 0x71, 0x20, 0x49, 0x89, 0x8d, 0x7f, 0xb7, 0x9e, 0xe0, 0xa7,
+    0x76, 0x68, 0x79, 0x12, 0x99, 0xcd, 0xfa, 0x09, 0xef, 0xc0, 0xe5, 0x07,
+    0xac, 0xb2, 0x1e, 0xd7, 0x43, 0x01, 0xef, 0x5b, 0xfd, 0x48, 0xbe, 0x45,
+    0x5e, 0xae, 0xb6, 0xe1, 0x67, 0x82, 0x55, 0x82, 0x75, 0x80, 0xa8, 0xe4,
+    0xe8, 0xe1, 0x41, 0x51, 0xd1, 0x51, 0x0a, 0x82, 0xa3, 0xf2, 0xe7, 0x29,
+    0x02, 0x40, 0x27, 0x15, 0x6a, 0xba, 0x41, 0x26, 0xd2, 0x4a, 0x81, 0xf3,
+    0xa5, 0x28, 0xcb, 0xfb, 0x27, 0xf5, 0x68, 0x86, 0xf8, 0x40, 0xa9, 0xf6,
+    0xe8, 0x6e, 0x17, 0xa4, 0x4b, 0x94, 0xfe, 0x93, 0x19, 0x58, 0x4b, 0x8e,
+    0x22, 0xfd, 0xde, 0x1e, 0x5a, 0x2e, 0x3b, 0xd8, 0xaa, 0x5b, 0xa8, 0xd8,
+    0x58, 0x41, 0x94, 0xeb, 0x21, 0x90, 0xac, 0xf8, 0x32, 0xb8, 0x47, 0xf1,
+    0x3a, 0x3d, 0x24, 0xa7, 0x9f, 0x4d};
+const uint8_t kTestVector1Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17,
+    0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec,
+    0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9,
+    0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2,
+    0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91,
+    0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95,
+    0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63,
+    0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e,
+    0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35,
+    0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1,
+    0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
+    0x37, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1
+const uint8_t kTestVector1Data[] = {
+    0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb,
+    0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54,
+    0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c,
+    0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15,
+    0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09,
+    0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe,
+    0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2,
+    0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0,
+    0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f,
+    0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0,
+    0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e,
+    0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08,
+    0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
+    0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41,
+    0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9,
+    0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16,
+    0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26,
+    0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67,
+    0xd0};
+const uint8_t kTestVector1Sig[] = {
+    0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38,
+    0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1,
+    0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd,
+    0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2,
+    0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31,
+    0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa,
+    0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4,
+    0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65,
+    0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1,
+    0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b,
+    0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 2: A 1025-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector2Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x01, 0xd4, 0x0c, 0x1b, 0xcf, 0x97, 0xa6, 0x8a, 0xe7, 0xcd, 0xbd, 0x8a,
+    0x7b, 0xf3, 0xe3, 0x4f, 0xa1, 0x9d, 0xcc, 0xa4, 0xef, 0x75, 0xa4, 0x74,
+    0x54, 0x37, 0x5f, 0x94, 0x51, 0x4d, 0x88, 0xfe, 0xd0, 0x06, 0xfb, 0x82,
+    0x9f, 0x84, 0x19, 0xff, 0x87, 0xd6, 0x31, 0x5d, 0xa6, 0x8a, 0x1f, 0xf3,
+    0xa0, 0x93, 0x8e, 0x9a, 0xbb, 0x34, 0x64, 0x01, 0x1c, 0x30, 0x3a, 0xd9,
+    0x91, 0x99, 0xcf, 0x0c, 0x7c, 0x7a, 0x8b, 0x47, 0x7d, 0xce, 0x82, 0x9e,
+    0x88, 0x44, 0xf6, 0x25, 0xb1, 0x15, 0xe5, 0xe9, 0xc4, 0xa5, 0x9c, 0xf8,
+    0xf8, 0x11, 0x3b, 0x68, 0x34, 0x33, 0x6a, 0x2f, 0xd2, 0x68, 0x9b, 0x47,
+    0x2c, 0xbb, 0x5e, 0x5c, 0xab, 0xe6, 0x74, 0x35, 0x0c, 0x59, 0xb6, 0xc1,
+    0x7e, 0x17, 0x68, 0x74, 0xfb, 0x42, 0xf8, 0xfc, 0x3d, 0x17, 0x6a, 0x01,
+    0x7e, 0xdc, 0x61, 0xfd, 0x32, 0x6c, 0x4b, 0x33, 0xc9, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x02, 0x7d, 0x14, 0x7e, 0x46, 0x73, 0x05,
+    0x73, 0x77, 0xfd, 0x1e, 0xa2, 0x01, 0x56, 0x57, 0x72, 0x17, 0x6a, 0x7d,
+    0xc3, 0x83, 0x58, 0xd3, 0x76, 0x04, 0x56, 0x85, 0xa2, 0xe7, 0x87, 0xc2,
+    0x3c, 0x15, 0x57, 0x6b, 0xc1, 0x6b, 0x9f, 0x44, 0x44, 0x02, 0xd6, 0xbf,
+    0xc5, 0xd9, 0x8a, 0x3e, 0x88, 0xea, 0x13, 0xef, 0x67, 0xc3, 0x53, 0xec,
+    0xa0, 0xc0, 0xdd, 0xba, 0x92, 0x55, 0xbd, 0x7b, 0x8b, 0xb5, 0x0a, 0x64,
+    0x4a, 0xfd, 0xfd, 0x1d, 0xd5, 0x16, 0x95, 0xb2, 0x52, 0xd2, 0x2e, 0x73,
+    0x18, 0xd1, 0xb6, 0x68, 0x7a, 0x1c, 0x10, 0xff, 0x75, 0x54, 0x5f, 0x3d,
+    0xb0, 0xfe, 0x60, 0x2d, 0x5f, 0x2b, 0x7f, 0x29, 0x4e, 0x36, 0x01, 0xea,
+    0xb7, 0xb9, 0xd1, 0xce, 0xcd, 0x76, 0x7f, 0x64, 0x69, 0x2e, 0x3e, 0x53,
+    0x6c, 0xa2, 0x84, 0x6c, 0xb0, 0xc2, 0xdd, 0x48, 0x6a, 0x39, 0xfa, 0x75,
+    0xb1, 0x02, 0x41, 0x01, 0x66, 0x01, 0xe9, 0x26, 0xa0, 0xf8, 0xc9, 0xe2,
+    0x6e, 0xca, 0xb7, 0x69, 0xea, 0x65, 0xa5, 0xe7, 0xc5, 0x2c, 0xc9, 0xe0,
+    0x80, 0xef, 0x51, 0x94, 0x57, 0xc6, 0x44, 0xda, 0x68, 0x91, 0xc5, 0xa1,
+    0x04, 0xd3, 0xea, 0x79, 0x55, 0x92, 0x9a, 0x22, 0xe7, 0xc6, 0x8a, 0x7a,
+    0xf9, 0xfc, 0xad, 0x77, 0x7c, 0x3c, 0xcc, 0x2b, 0x9e, 0x3d, 0x36, 0x50,
+    0xbc, 0xe4, 0x04, 0x39, 0x9b, 0x7e, 0x59, 0xd1, 0x02, 0x41, 0x01, 0x4e,
+    0xaf, 0xa1, 0xd4, 0xd0, 0x18, 0x4d, 0xa7, 0xe3, 0x1f, 0x87, 0x7d, 0x12,
+    0x81, 0xdd, 0xda, 0x62, 0x56, 0x64, 0x86, 0x9e, 0x83, 0x79, 0xe6, 0x7a,
+    0xd3, 0xb7, 0x5e, 0xae, 0x74, 0xa5, 0x80, 0xe9, 0x82, 0x7a, 0xbd, 0x6e,
+    0xb7, 0xa0, 0x02, 0xcb, 0x54, 0x11, 0xf5, 0x26, 0x67, 0x97, 0x76, 0x8f,
+    0xb8, 0xe9, 0x5a, 0xe4, 0x0e, 0x3e, 0x8a, 0x01, 0xf3, 0x5f, 0xf8, 0x9e,
+    0x56, 0xc0, 0x79, 0x02, 0x40, 0xe2, 0x47, 0xcc, 0xe5, 0x04, 0x93, 0x9b,
+    0x8f, 0x0a, 0x36, 0x09, 0x0d, 0xe2, 0x00, 0x93, 0x87, 0x55, 0xe2, 0x44,
+    0x4b, 0x29, 0x53, 0x9a, 0x7d, 0xa7, 0xa9, 0x02, 0xf6, 0x05, 0x68, 0x35,
+    0xc0, 0xdb, 0x7b, 0x52, 0x55, 0x94, 0x97, 0xcf, 0xe2, 0xc6, 0x1a, 0x80,
+    0x86, 0xd0, 0x21, 0x3c, 0x47, 0x2c, 0x78, 0x85, 0x18, 0x00, 0xb1, 0x71,
+    0xf6, 0x40, 0x1d, 0xe2, 0xe9, 0xc2, 0x75, 0x6f, 0x31, 0x02, 0x40, 0xb1,
+    0x2f, 0xba, 0x75, 0x78, 0x55, 0xe5, 0x86, 0xe4, 0x6f, 0x64, 0xc3, 0x8a,
+    0x70, 0xc6, 0x8b, 0x3f, 0x54, 0x8d, 0x93, 0xd7, 0x87, 0xb3, 0x99, 0x99,
+    0x9d, 0x4c, 0x8f, 0x0b, 0xbd, 0x25, 0x81, 0xc2, 0x1e, 0x19, 0xed, 0x00,
+    0x18, 0xa6, 0xd5, 0xd3, 0xdf, 0x86, 0x42, 0x4b, 0x3a, 0xbc, 0xad, 0x40,
+    0x19, 0x9d, 0x31, 0x49, 0x5b, 0x61, 0x30, 0x9f, 0x27, 0xc1, 0xbf, 0x55,
+    0xd4, 0x87, 0xc1, 0x02, 0x40, 0x56, 0x4b, 0x1e, 0x1f, 0xa0, 0x03, 0xbd,
+    0xa9, 0x1e, 0x89, 0x09, 0x04, 0x25, 0xaa, 0xc0, 0x5b, 0x91, 0xda, 0x9e,
+    0xe2, 0x50, 0x61, 0xe7, 0x62, 0x8d, 0x5f, 0x51, 0x30, 0x4a, 0x84, 0x99,
+    0x2f, 0xdc, 0x33, 0x76, 0x2b, 0xd3, 0x78, 0xa5, 0x9f, 0x03, 0x0a, 0x33,
+    0x4d, 0x53, 0x2b, 0xd0, 0xda, 0xe8, 0xf2, 0x98, 0xea, 0x9e, 0xd8, 0x44,
+    0x63, 0x6a, 0xd5, 0xfb, 0x8c, 0xbd, 0xc0, 0x3c, 0xad};
+const uint8_t kTestVector2Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x01, 0xd4, 0x0c, 0x1b, 0xcf, 0x97, 0xa6, 0x8a,
+    0xe7, 0xcd, 0xbd, 0x8a, 0x7b, 0xf3, 0xe3, 0x4f, 0xa1, 0x9d, 0xcc, 0xa4,
+    0xef, 0x75, 0xa4, 0x74, 0x54, 0x37, 0x5f, 0x94, 0x51, 0x4d, 0x88, 0xfe,
+    0xd0, 0x06, 0xfb, 0x82, 0x9f, 0x84, 0x19, 0xff, 0x87, 0xd6, 0x31, 0x5d,
+    0xa6, 0x8a, 0x1f, 0xf3, 0xa0, 0x93, 0x8e, 0x9a, 0xbb, 0x34, 0x64, 0x01,
+    0x1c, 0x30, 0x3a, 0xd9, 0x91, 0x99, 0xcf, 0x0c, 0x7c, 0x7a, 0x8b, 0x47,
+    0x7d, 0xce, 0x82, 0x9e, 0x88, 0x44, 0xf6, 0x25, 0xb1, 0x15, 0xe5, 0xe9,
+    0xc4, 0xa5, 0x9c, 0xf8, 0xf8, 0x11, 0x3b, 0x68, 0x34, 0x33, 0x6a, 0x2f,
+    0xd2, 0x68, 0x9b, 0x47, 0x2c, 0xbb, 0x5e, 0x5c, 0xab, 0xe6, 0x74, 0x35,
+    0x0c, 0x59, 0xb6, 0xc1, 0x7e, 0x17, 0x68, 0x74, 0xfb, 0x42, 0xf8, 0xfc,
+    0x3d, 0x17, 0x6a, 0x01, 0x7e, 0xdc, 0x61, 0xfd, 0x32, 0x6c, 0x4b, 0x33,
+    0xc9, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 2.1
+const uint8_t kTestVector2Data[] = {
+    0xda, 0xba, 0x03, 0x20, 0x66, 0x26, 0x3f, 0xae, 0xdb, 0x65, 0x98,
+    0x48, 0x11, 0x52, 0x78, 0xa5, 0x2c, 0x44, 0xfa, 0xa3, 0xa7, 0x6f,
+    0x37, 0x51, 0x5e, 0xd3, 0x36, 0x32, 0x10, 0x72, 0xc4, 0x0a, 0x9d,
+    0x9b, 0x53, 0xbc, 0x05, 0x01, 0x40, 0x78, 0xad, 0xf5, 0x20, 0x87,
+    0x51, 0x46, 0xaa, 0xe7, 0x0f, 0xf0, 0x60, 0x22, 0x6d, 0xcb, 0x7b,
+    0x1f, 0x1f, 0xc2, 0x7e, 0x93, 0x60};
+const uint8_t kTestVector2Sig[] = {
+    0x01, 0x4c, 0x5b, 0xa5, 0x33, 0x83, 0x28, 0xcc, 0xc6, 0xe7, 0xa9, 0x0b,
+    0xf1, 0xc0, 0xab, 0x3f, 0xd6, 0x06, 0xff, 0x47, 0x96, 0xd3, 0xc1, 0x2e,
+    0x4b, 0x63, 0x9e, 0xd9, 0x13, 0x6a, 0x5f, 0xec, 0x6c, 0x16, 0xd8, 0x88,
+    0x4b, 0xdd, 0x99, 0xcf, 0xdc, 0x52, 0x14, 0x56, 0xb0, 0x74, 0x2b, 0x73,
+    0x68, 0x68, 0xcf, 0x90, 0xde, 0x09, 0x9a, 0xdb, 0x8d, 0x5f, 0xfd, 0x1d,
+    0xef, 0xf3, 0x9b, 0xa4, 0x00, 0x7a, 0xb7, 0x46, 0xce, 0xfd, 0xb2, 0x2d,
+    0x7d, 0xf0, 0xe2, 0x25, 0xf5, 0x46, 0x27, 0xdc, 0x65, 0x46, 0x61, 0x31,
+    0x72, 0x1b, 0x90, 0xaf, 0x44, 0x53, 0x63, 0xa8, 0x35, 0x8b, 0x9f, 0x60,
+    0x76, 0x42, 0xf7, 0x8f, 0xab, 0x0a, 0xb0, 0xf4, 0x3b, 0x71, 0x68, 0xd6,
+    0x4b, 0xae, 0x70, 0xd8, 0x82, 0x78, 0x48, 0xd8, 0xef, 0x1e, 0x42, 0x1c,
+    0x57, 0x54, 0xdd, 0xf4, 0x2c, 0x25, 0x89, 0xb5, 0xb3};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 3: A 1026-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector3Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x02, 0xf2, 0x46, 0xef, 0x45, 0x1e, 0xd3, 0xee, 0xbb, 0x9a, 0x31, 0x02,
+    0x00, 0xcc, 0x25, 0x85, 0x9c, 0x04, 0x8e, 0x4b, 0xe7, 0x98, 0x30, 0x29,
+    0x91, 0x11, 0x2e, 0xb6, 0x8c, 0xe6, 0xdb, 0x67, 0x4e, 0x28, 0x0d, 0xa2,
+    0x1f, 0xed, 0xed, 0x1a, 0xe7, 0x48, 0x80, 0xca, 0x52, 0x2b, 0x18, 0xdb,
+    0x24, 0x93, 0x85, 0x01, 0x28, 0x27, 0xc5, 0x15, 0xf0, 0xe4, 0x66, 0xa1,
+    0xff, 0xa6, 0x91, 0xd9, 0x81, 0x70, 0x57, 0x4e, 0x9d, 0x0e, 0xad, 0xb0,
+    0x87, 0x58, 0x6c, 0xa4, 0x89, 0x33, 0xda, 0x3c, 0xc9, 0x53, 0xd9, 0x5b,
+    0xd0, 0xed, 0x50, 0xde, 0x10, 0xdd, 0xcb, 0x67, 0x36, 0x10, 0x7d, 0x6c,
+    0x83, 0x1c, 0x7f, 0x66, 0x3e, 0x83, 0x3c, 0xa4, 0xc0, 0x97, 0xe7, 0x00,
+    0xce, 0x0f, 0xb9, 0x45, 0xf8, 0x8f, 0xb8, 0x5f, 0xe8, 0xe5, 0xa7, 0x73,
+    0x17, 0x25, 0x65, 0xb9, 0x14, 0xa4, 0x71, 0xa4, 0x43, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x65, 0x14, 0x51, 0x73, 0x3b, 0x56, 0xde,
+    0x5a, 0xc0, 0xa6, 0x89, 0xa4, 0xae, 0xb6, 0xe6, 0x89, 0x4a, 0x69, 0x01,
+    0x4e, 0x07, 0x6c, 0x88, 0xdd, 0x7a, 0x66, 0x7e, 0xab, 0x32, 0x32, 0xbb,
+    0xcc, 0xd2, 0xfc, 0x44, 0xba, 0x2f, 0xa9, 0xc3, 0x1d, 0xb4, 0x6f, 0x21,
+    0xed, 0xd1, 0xfd, 0xb2, 0x3c, 0x5c, 0x12, 0x8a, 0x5d, 0xa5, 0xba, 0xb9,
+    0x1e, 0x7f, 0x95, 0x2b, 0x67, 0x75, 0x9c, 0x7c, 0xff, 0x70, 0x54, 0x15,
+    0xac, 0x9f, 0xa0, 0x90, 0x7c, 0x7c, 0xa6, 0x17, 0x8f, 0x66, 0x8f, 0xb9,
+    0x48, 0xd8, 0x69, 0xda, 0x4c, 0xc3, 0xb7, 0x35, 0x6f, 0x40, 0x08, 0xdf,
+    0xd5, 0x44, 0x9d, 0x32, 0xee, 0x02, 0xd9, 0xa4, 0x77, 0xeb, 0x69, 0xfc,
+    0x29, 0x26, 0x6e, 0x5d, 0x90, 0x70, 0x51, 0x23, 0x75, 0xa5, 0x0f, 0xbb,
+    0xcc, 0x27, 0xe2, 0x38, 0xad, 0x98, 0x42, 0x5f, 0x6e, 0xbb, 0xf8, 0x89,
+    0x91, 0x02, 0x41, 0x01, 0xbd, 0x36, 0xe1, 0x8e, 0xce, 0x4b, 0x0f, 0xdb,
+    0x2e, 0x9c, 0x9d, 0x54, 0x8b, 0xd1, 0xa7, 0xd6, 0xe2, 0xc2, 0x1c, 0x6f,
+    0xdc, 0x35, 0x07, 0x4a, 0x1d, 0x05, 0xb1, 0xc6, 0xc8, 0xb3, 0xd5, 0x58,
+    0xea, 0x26, 0x39, 0xc9, 0xa9, 0xa4, 0x21, 0x68, 0x01, 0x69, 0x31, 0x72,
+    0x52, 0x55, 0x8b, 0xd1, 0x48, 0xad, 0x21, 0x5a, 0xac, 0x55, 0x0e, 0x2d,
+    0xcf, 0x12, 0xa8, 0x2d, 0x0e, 0xbf, 0xe8, 0x53, 0x02, 0x41, 0x01, 0xb1,
+    0xb6, 0x56, 0xad, 0x86, 0xd8, 0xe1, 0x9d, 0x5d, 0xc8, 0x62, 0x92, 0xb3,
+    0xa1, 0x92, 0xfd, 0xf6, 0xe0, 0xdd, 0x37, 0x87, 0x7b, 0xad, 0x14, 0x82,
+    0x2f, 0xa0, 0x01, 0x90, 0xca, 0xb2, 0x65, 0xf9, 0x0d, 0x3f, 0x02, 0x05,
+    0x7b, 0x6f, 0x54, 0xd6, 0xec, 0xb1, 0x44, 0x91, 0xe5, 0xad, 0xea, 0xce,
+    0xbc, 0x48, 0xbf, 0x0e, 0xbd, 0x2a, 0x2a, 0xd2, 0x6d, 0x40, 0x2e, 0x54,
+    0xf6, 0x16, 0x51, 0x02, 0x40, 0x1f, 0x27, 0x79, 0xfd, 0x2e, 0x3e, 0x5e,
+    0x6b, 0xae, 0x05, 0x53, 0x95, 0x18, 0xfb, 0xa0, 0xcd, 0x0e, 0xad, 0x1a,
+    0xa4, 0x51, 0x3a, 0x7c, 0xba, 0x18, 0xf1, 0xcf, 0x10, 0xe3, 0xf6, 0x81,
+    0x95, 0x69, 0x3d, 0x27, 0x8a, 0x0f, 0x0e, 0xe7, 0x2f, 0x89, 0xf9, 0xbc,
+    0x76, 0x0d, 0x80, 0xe2, 0xf9, 0xd0, 0x26, 0x1d, 0x51, 0x65, 0x01, 0xc6,
+    0xae, 0x39, 0xf1, 0x4a, 0x47, 0x6c, 0xe2, 0xcc, 0xf5, 0x02, 0x41, 0x01,
+    0x1a, 0x0d, 0x36, 0x79, 0x4b, 0x04, 0xa8, 0x54, 0xaa, 0xb4, 0xb2, 0x46,
+    0x2d, 0x43, 0x9a, 0x50, 0x46, 0xc9, 0x1d, 0x94, 0x0b, 0x2b, 0xc6, 0xf7,
+    0x5b, 0x62, 0x95, 0x6f, 0xef, 0x35, 0xa2, 0xa6, 0xe6, 0x3c, 0x53, 0x09,
+    0x81, 0x7f, 0x30, 0x7b, 0xbf, 0xf9, 0xd5, 0x9e, 0x7e, 0x33, 0x1b, 0xd3,
+    0x63, 0xf6, 0xd6, 0x68, 0x49, 0xb1, 0x83, 0x46, 0xad, 0xea, 0x16, 0x9f,
+    0x0a, 0xe9, 0xae, 0xc1, 0x02, 0x40, 0x0b, 0x30, 0xf0, 0xec, 0xf5, 0x58,
+    0x75, 0x2f, 0xb3, 0xa6, 0xce, 0x4b, 0xa2, 0xb8, 0xc6, 0x75, 0xf6, 0x59,
+    0xeb, 0xa6, 0xc3, 0x76, 0x58, 0x5a, 0x1b, 0x39, 0x71, 0x2d, 0x03, 0x8a,
+    0xe3, 0xd2, 0xb4, 0x6f, 0xcb, 0x41, 0x8a, 0xe1, 0x5d, 0x09, 0x05, 0xda,
+    0x64, 0x40, 0xe1, 0x51, 0x3a, 0x30, 0xb9, 0xb7, 0xd6, 0x66, 0x8f, 0xbc,
+    0x5e, 0x88, 0xe5, 0xab, 0x7a, 0x17, 0x5e, 0x73, 0xba, 0x35};
+const uint8_t kTestVector3Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x02, 0xf2, 0x46, 0xef, 0x45, 0x1e, 0xd3, 0xee,
+    0xbb, 0x9a, 0x31, 0x02, 0x00, 0xcc, 0x25, 0x85, 0x9c, 0x04, 0x8e, 0x4b,
+    0xe7, 0x98, 0x30, 0x29, 0x91, 0x11, 0x2e, 0xb6, 0x8c, 0xe6, 0xdb, 0x67,
+    0x4e, 0x28, 0x0d, 0xa2, 0x1f, 0xed, 0xed, 0x1a, 0xe7, 0x48, 0x80, 0xca,
+    0x52, 0x2b, 0x18, 0xdb, 0x24, 0x93, 0x85, 0x01, 0x28, 0x27, 0xc5, 0x15,
+    0xf0, 0xe4, 0x66, 0xa1, 0xff, 0xa6, 0x91, 0xd9, 0x81, 0x70, 0x57, 0x4e,
+    0x9d, 0x0e, 0xad, 0xb0, 0x87, 0x58, 0x6c, 0xa4, 0x89, 0x33, 0xda, 0x3c,
+    0xc9, 0x53, 0xd9, 0x5b, 0xd0, 0xed, 0x50, 0xde, 0x10, 0xdd, 0xcb, 0x67,
+    0x36, 0x10, 0x7d, 0x6c, 0x83, 0x1c, 0x7f, 0x66, 0x3e, 0x83, 0x3c, 0xa4,
+    0xc0, 0x97, 0xe7, 0x00, 0xce, 0x0f, 0xb9, 0x45, 0xf8, 0x8f, 0xb8, 0x5f,
+    0xe8, 0xe5, 0xa7, 0x73, 0x17, 0x25, 0x65, 0xb9, 0x14, 0xa4, 0x71, 0xa4,
+    0x43, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 3.1
+const uint8_t kTestVector3Data[] = {
+    0x59, 0x4b, 0x37, 0x33, 0x3b, 0xbb, 0x2c, 0x84, 0x52, 0x4a,
+    0x87, 0xc1, 0xa0, 0x1f, 0x75, 0xfc, 0xec, 0x0e, 0x32, 0x56,
+    0xf1, 0x08, 0xe3, 0x8d, 0xca, 0x36, 0xd7, 0x0d, 0x00, 0x57};
+const uint8_t kTestVector3Sig[] = {
+    0x00, 0x88, 0xb1, 0x35, 0xfb, 0x17, 0x94, 0xb6, 0xb9, 0x6c, 0x4a, 0x3e,
+    0x67, 0x81, 0x97, 0xf8, 0xca, 0xc5, 0x2b, 0x64, 0xb2, 0xfe, 0x90, 0x7d,
+    0x6f, 0x27, 0xde, 0x76, 0x11, 0x24, 0x96, 0x4a, 0x99, 0xa0, 0x1a, 0x88,
+    0x27, 0x40, 0xec, 0xfa, 0xed, 0x6c, 0x01, 0xa4, 0x74, 0x64, 0xbb, 0x05,
+    0x18, 0x23, 0x13, 0xc0, 0x13, 0x38, 0xa8, 0xcd, 0x09, 0x72, 0x14, 0xcd,
+    0x68, 0xca, 0x10, 0x3b, 0xd5, 0x7d, 0x3b, 0xc9, 0xe8, 0x16, 0x21, 0x3e,
+    0x61, 0xd7, 0x84, 0xf1, 0x82, 0x46, 0x7a, 0xbf, 0x8a, 0x01, 0xcf, 0x25,
+    0x3e, 0x99, 0xa1, 0x56, 0xea, 0xa8, 0xe3, 0xe1, 0xf9, 0x0e, 0x3c, 0x6e,
+    0x4e, 0x3a, 0xa2, 0xd8, 0x3e, 0xd0, 0x34, 0x5b, 0x89, 0xfa, 0xfc, 0x9c,
+    0x26, 0x07, 0x7c, 0x14, 0xb6, 0xac, 0x51, 0x45, 0x4f, 0xa2, 0x6e, 0x44,
+    0x6e, 0x3a, 0x2f, 0x15, 0x3b, 0x2b, 0x16, 0x79, 0x7f};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 4: A 1027-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector4Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x05, 0x4a, 0xdb, 0x78, 0x86, 0x44, 0x7e, 0xfe, 0x6f, 0x57, 0xe0, 0x36,
+    0x8f, 0x06, 0xcf, 0x52, 0xb0, 0xa3, 0x37, 0x07, 0x60, 0xd1, 0x61, 0xce,
+    0xf1, 0x26, 0xb9, 0x1b, 0xe7, 0xf8, 0x9c, 0x42, 0x1b, 0x62, 0xa6, 0xec,
+    0x1d, 0xa3, 0xc3, 0x11, 0xd7, 0x5e, 0xd5, 0x0e, 0x0a, 0xb5, 0xff, 0xf3,
+    0xfd, 0x33, 0x8a, 0xcc, 0x3a, 0xa8, 0xa4, 0xe7, 0x7e, 0xe2, 0x63, 0x69,
+    0xac, 0xb8, 0x1b, 0xa9, 0x00, 0xfa, 0x83, 0xf5, 0x30, 0x0c, 0xf9, 0xbb,
+    0x6c, 0x53, 0xad, 0x1d, 0xc8, 0xa1, 0x78, 0xb8, 0x15, 0xdb, 0x42, 0x35,
+    0xa9, 0xa9, 0xda, 0x0c, 0x06, 0xde, 0x4e, 0x61, 0x5e, 0xa1, 0x27, 0x7c,
+    0xe5, 0x59, 0xe9, 0xc1, 0x08, 0xde, 0x58, 0xc1, 0x4a, 0x81, 0xaa, 0x77,
+    0xf5, 0xa6, 0xf8, 0xd1, 0x33, 0x54, 0x94, 0x49, 0x88, 0x48, 0xc8, 0xb9,
+    0x59, 0x40, 0x74, 0x0b, 0xe7, 0xbf, 0x7c, 0x37, 0x05, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x80, 0xfa, 0x04, 0x1f, 0x8c, 0xd9, 0x69, 0x7c,
+    0xee, 0xd3, 0x8e, 0xc8, 0xca, 0xa2, 0x75, 0x52, 0x3b, 0x4d, 0xd7, 0x2b,
+    0x09, 0xa3, 0x01, 0xd3, 0x54, 0x1d, 0x72, 0xf5, 0xd3, 0x1c, 0x05, 0xcb,
+    0xce, 0x2d, 0x69, 0x83, 0xb3, 0x61, 0x83, 0xaf, 0x10, 0x69, 0x0b, 0xd4,
+    0x6c, 0x46, 0x13, 0x1e, 0x35, 0x78, 0x94, 0x31, 0xa5, 0x56, 0x77, 0x1d,
+    0xd0, 0x04, 0x9b, 0x57, 0x46, 0x1b, 0xf0, 0x60, 0xc1, 0xf6, 0x84, 0x72,
+    0xe8, 0xa6, 0x7c, 0x25, 0xf3, 0x57, 0xe5, 0xb6, 0xb4, 0x73, 0x8f, 0xa5,
+    0x41, 0xa7, 0x30, 0x34, 0x6b, 0x4a, 0x07, 0x64, 0x9a, 0x2d, 0xfa, 0x80,
+    0x6a, 0x69, 0xc9, 0x75, 0xb6, 0xab, 0xa6, 0x46, 0x78, 0xac, 0xc7, 0xf5,
+    0x91, 0x3e, 0x89, 0xc6, 0x22, 0xf2, 0xd8, 0xab, 0xb1, 0xe3, 0xe3, 0x25,
+    0x54, 0xe3, 0x9d, 0xf9, 0x4b, 0xa6, 0x0c, 0x00, 0x2e, 0x38, 0x7d, 0x90,
+    0x11, 0x02, 0x41, 0x02, 0x92, 0x32, 0x33, 0x6d, 0x28, 0x38, 0x94, 0x5d,
+    0xba, 0x9d, 0xd7, 0x72, 0x3f, 0x4e, 0x62, 0x4a, 0x05, 0xf7, 0x37, 0x5b,
+    0x92, 0x7a, 0x87, 0xab, 0xe6, 0xa8, 0x93, 0xa1, 0x65, 0x8f, 0xd4, 0x9f,
+    0x47, 0xf6, 0xc7, 0xb0, 0xfa, 0x59, 0x6c, 0x65, 0xfa, 0x68, 0xa2, 0x3f,
+    0x0a, 0xb4, 0x32, 0x96, 0x2d, 0x18, 0xd4, 0x34, 0x3b, 0xd6, 0xfd, 0x67,
+    0x1a, 0x5e, 0xa8, 0xd1, 0x48, 0x41, 0x39, 0x95, 0x02, 0x41, 0x02, 0x0e,
+    0xf5, 0xef, 0xe7, 0xc5, 0x39, 0x4a, 0xed, 0x22, 0x72, 0xf7, 0xe8, 0x1a,
+    0x74, 0xf4, 0xc0, 0x2d, 0x14, 0x58, 0x94, 0xcb, 0x1b, 0x3c, 0xab, 0x23,
+    0xa9, 0xa0, 0x71, 0x0a, 0x2a, 0xfc, 0x7e, 0x33, 0x29, 0xac, 0xbb, 0x74,
+    0x3d, 0x01, 0xf6, 0x80, 0xc4, 0xd0, 0x2a, 0xfb, 0x4c, 0x8f, 0xde, 0x7e,
+    0x20, 0x93, 0x08, 0x11, 0xbb, 0x2b, 0x99, 0x57, 0x88, 0xb5, 0xe8, 0x72,
+    0xc2, 0x0b, 0xb1, 0x02, 0x41, 0x02, 0x6e, 0x7e, 0x28, 0x01, 0x0e, 0xcf,
+    0x24, 0x12, 0xd9, 0x52, 0x3a, 0xd7, 0x04, 0x64, 0x7f, 0xb4, 0xfe, 0x9b,
+    0x66, 0xb1, 0xa6, 0x81, 0x58, 0x1b, 0x0e, 0x15, 0x55, 0x3a, 0x89, 0xb1,
+    0x54, 0x28, 0x28, 0x89, 0x8f, 0x27, 0x24, 0x3e, 0xba, 0xb4, 0x5f, 0xf5,
+    0xe1, 0xac, 0xb9, 0xd4, 0xdf, 0x1b, 0x05, 0x1f, 0xbc, 0x62, 0x82, 0x4d,
+    0xbc, 0x6f, 0x6c, 0x93, 0x26, 0x1a, 0x78, 0xb9, 0xa7, 0x59, 0x02, 0x41,
+    0x01, 0x2d, 0xdc, 0xc8, 0x6e, 0xf6, 0x55, 0x99, 0x8c, 0x39, 0xdd, 0xae,
+    0x11, 0x71, 0x86, 0x69, 0xe5, 0xe4, 0x6c, 0xf1, 0x49, 0x5b, 0x07, 0xe1,
+    0x3b, 0x10, 0x14, 0xcd, 0x69, 0xb3, 0xaf, 0x68, 0x30, 0x4a, 0xd2, 0xa6,
+    0xb6, 0x43, 0x21, 0xe7, 0x8b, 0xf3, 0xbb, 0xca, 0x9b, 0xb4, 0x94, 0xe9,
+    0x1d, 0x45, 0x17, 0x17, 0xe2, 0xd9, 0x75, 0x64, 0xc6, 0x54, 0x94, 0x65,
+    0xd0, 0x20, 0x5c, 0xf4, 0x21, 0x02, 0x41, 0x01, 0x06, 0x00, 0xc4, 0xc2,
+    0x18, 0x47, 0x45, 0x9f, 0xe5, 0x76, 0x70, 0x3e, 0x2e, 0xbe, 0xca, 0xe8,
+    0xa5, 0x09, 0x4e, 0xe6, 0x3f, 0x53, 0x6b, 0xf4, 0xac, 0x68, 0xd3, 0xc1,
+    0x3e, 0x5e, 0x4f, 0x12, 0xac, 0x5c, 0xc1, 0x0a, 0xb6, 0xa2, 0xd0, 0x5a,
+    0x19, 0x92, 0x14, 0xd1, 0x82, 0x47, 0x47, 0xd5, 0x51, 0x90, 0x96, 0x36,
+    0xb7, 0x74, 0xc2, 0x2c, 0xac, 0x0b, 0x83, 0x75, 0x99, 0xab, 0xcc, 0x75};
+const uint8_t kTestVector4Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x05, 0x4a, 0xdb, 0x78, 0x86, 0x44, 0x7e, 0xfe,
+    0x6f, 0x57, 0xe0, 0x36, 0x8f, 0x06, 0xcf, 0x52, 0xb0, 0xa3, 0x37, 0x07,
+    0x60, 0xd1, 0x61, 0xce, 0xf1, 0x26, 0xb9, 0x1b, 0xe7, 0xf8, 0x9c, 0x42,
+    0x1b, 0x62, 0xa6, 0xec, 0x1d, 0xa3, 0xc3, 0x11, 0xd7, 0x5e, 0xd5, 0x0e,
+    0x0a, 0xb5, 0xff, 0xf3, 0xfd, 0x33, 0x8a, 0xcc, 0x3a, 0xa8, 0xa4, 0xe7,
+    0x7e, 0xe2, 0x63, 0x69, 0xac, 0xb8, 0x1b, 0xa9, 0x00, 0xfa, 0x83, 0xf5,
+    0x30, 0x0c, 0xf9, 0xbb, 0x6c, 0x53, 0xad, 0x1d, 0xc8, 0xa1, 0x78, 0xb8,
+    0x15, 0xdb, 0x42, 0x35, 0xa9, 0xa9, 0xda, 0x0c, 0x06, 0xde, 0x4e, 0x61,
+    0x5e, 0xa1, 0x27, 0x7c, 0xe5, 0x59, 0xe9, 0xc1, 0x08, 0xde, 0x58, 0xc1,
+    0x4a, 0x81, 0xaa, 0x77, 0xf5, 0xa6, 0xf8, 0xd1, 0x33, 0x54, 0x94, 0x49,
+    0x88, 0x48, 0xc8, 0xb9, 0x59, 0x40, 0x74, 0x0b, 0xe7, 0xbf, 0x7c, 0x37,
+    0x05, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 4.1
+const uint8_t kTestVector4Data[] = {0x9f, 0xb0, 0x3b, 0x82,
+                                    0x7c, 0x82, 0x17, 0xd9};
+const uint8_t kTestVector4Sig[] = {
+    0x03, 0x23, 0xd5, 0xb7, 0xbf, 0x20, 0xba, 0x45, 0x39, 0x28, 0x9a, 0xe4,
+    0x52, 0xae, 0x42, 0x97, 0x08, 0x0f, 0xef, 0xf4, 0x51, 0x84, 0x23, 0xff,
+    0x48, 0x11, 0xa8, 0x17, 0x83, 0x7e, 0x7d, 0x82, 0xf1, 0x83, 0x6c, 0xdf,
+    0xab, 0x54, 0x51, 0x4f, 0xf0, 0x88, 0x7b, 0xdd, 0xee, 0xbf, 0x40, 0xbf,
+    0x99, 0xb0, 0x47, 0xab, 0xc3, 0xec, 0xfa, 0x6a, 0x37, 0xa3, 0xef, 0x00,
+    0xf4, 0xa0, 0xc4, 0xa8, 0x8a, 0xae, 0x09, 0x04, 0xb7, 0x45, 0xc8, 0x46,
+    0xc4, 0x10, 0x7e, 0x87, 0x97, 0x72, 0x3e, 0x8a, 0xc8, 0x10, 0xd9, 0xe3,
+    0xd9, 0x5d, 0xfa, 0x30, 0xff, 0x49, 0x66, 0xf4, 0xd7, 0x5d, 0x13, 0x76,
+    0x8d, 0x20, 0x85, 0x7f, 0x2b, 0x14, 0x06, 0xf2, 0x64, 0xcf, 0xe7, 0x5e,
+    0x27, 0xd7, 0x65, 0x2f, 0x4b, 0x5e, 0xd3, 0x57, 0x5f, 0x28, 0xa7, 0x02,
+    0xf8, 0xc4, 0xed, 0x9c, 0xf9, 0xb2, 0xd4, 0x49, 0x48};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 5: A 1028-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector5Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x0d, 0x10, 0xf6, 0x61, 0xf2, 0x99, 0x40, 0xf5, 0xed, 0x39, 0xaa, 0x26,
+    0x09, 0x66, 0xde, 0xb4, 0x78, 0x43, 0x67, 0x9d, 0x2b, 0x6f, 0xb2, 0x5b,
+    0x3d, 0xe3, 0x70, 0xf3, 0xac, 0x7c, 0x19, 0x91, 0x63, 0x91, 0xfd, 0x25,
+    0xfb, 0x52, 0x7e, 0xbf, 0xa6, 0xa4, 0xb4, 0xdf, 0x45, 0xa1, 0x75, 0x9d,
+    0x99, 0x6c, 0x4b, 0xb4, 0xeb, 0xd1, 0x88, 0x28, 0xc4, 0x4f, 0xc5, 0x2d,
+    0x01, 0x91, 0x87, 0x17, 0x40, 0x52, 0x5f, 0x47, 0xa4, 0xb0, 0xcc, 0x8d,
+    0xa3, 0x25, 0xed, 0x8a, 0xa6, 0x76, 0xb0, 0xd0, 0xf6, 0x26, 0xe0, 0xa7,
+    0x7f, 0x07, 0x69, 0x21, 0x70, 0xac, 0xac, 0x80, 0x82, 0xf4, 0x2f, 0xaa,
+    0x7d, 0xc7, 0xcd, 0x12, 0x3e, 0x73, 0x0e, 0x31, 0xa8, 0x79, 0x85, 0x20,
+    0x4c, 0xab, 0xcb, 0xe6, 0x67, 0x0d, 0x43, 0xa2, 0xdd, 0x2b, 0x2d, 0xde,
+    0xf5, 0xe0, 0x53, 0x92, 0xfc, 0x21, 0x3b, 0xc5, 0x07, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x81, 0x03, 0xce, 0x08, 0xb1, 0x04, 0xff, 0xf3,
+    0x96, 0xa9, 0x79, 0xbd, 0x3e, 0x4e, 0x46, 0x92, 0x5b, 0x63, 0x19, 0xdd,
+    0xb6, 0x3a, 0xcb, 0xcf, 0xd8, 0x19, 0xf1, 0x7d, 0x16, 0xb8, 0x07, 0x7b,
+    0x3a, 0x87, 0x10, 0x1f, 0xf3, 0x4b, 0x77, 0xfe, 0x48, 0xb8, 0xb2, 0x05,
+    0xa9, 0x6e, 0x91, 0x51, 0xba, 0x8e, 0xce, 0xa6, 0x4d, 0x0c, 0xce, 0x7b,
+    0x23, 0xc3, 0xe6, 0xa6, 0xb8, 0x30, 0x58, 0xbc, 0x49, 0xda, 0xe8, 0x16,
+    0xae, 0x73, 0x6d, 0xb5, 0xa4, 0x70, 0x8e, 0x2a, 0xd4, 0x35, 0x23, 0x2b,
+    0x56, 0x7f, 0x90, 0x96, 0xce, 0x59, 0xff, 0x28, 0x06, 0x1e, 0x79, 0xab,
+    0x1c, 0x02, 0xd7, 0x17, 0xe6, 0xb2, 0x3c, 0xea, 0x6d, 0xb8, 0xeb, 0x51,
+    0x92, 0xfa, 0x7c, 0x1e, 0xab, 0x22, 0x7d, 0xba, 0x74, 0x62, 0x1c, 0x45,
+    0x60, 0x18, 0x96, 0xee, 0xf1, 0x37, 0x92, 0xc8, 0x44, 0x0b, 0xeb, 0x15,
+    0xaa, 0xc1, 0x02, 0x41, 0x03, 0xf2, 0xf3, 0x31, 0xf4, 0x14, 0x2d, 0x4f,
+    0x24, 0xb4, 0x3a, 0xa1, 0x02, 0x79, 0xa8, 0x96, 0x52, 0xd4, 0xe7, 0x53,
+    0x72, 0x21, 0xa1, 0xa7, 0xb2, 0xa2, 0x5d, 0xeb, 0x55, 0x1e, 0x5d, 0xe9,
+    0xac, 0x49, 0x74, 0x11, 0xc2, 0x27, 0xa9, 0x4e, 0x45, 0xf9, 0x1c, 0x2d,
+    0x1c, 0x13, 0xcc, 0x04, 0x6c, 0xf4, 0xce, 0x14, 0xe3, 0x2d, 0x05, 0x87,
+    0x34, 0x21, 0x0d, 0x44, 0xa8, 0x7e, 0xe1, 0xb7, 0x3f, 0x02, 0x41, 0x03,
+    0x4f, 0x09, 0x0d, 0x73, 0xb5, 0x58, 0x03, 0x03, 0x0c, 0xf0, 0x36, 0x1a,
+    0x5d, 0x80, 0x81, 0xbf, 0xb7, 0x9f, 0x85, 0x15, 0x23, 0xfe, 0xac, 0x0a,
+    0x21, 0x24, 0xd0, 0x8d, 0x40, 0x13, 0xff, 0x08, 0x48, 0x77, 0x71, 0xa8,
+    0x70, 0xd0, 0x47, 0x9d, 0xc0, 0x68, 0x6c, 0x62, 0xf7, 0x71, 0x8d, 0xfe,
+    0xcf, 0x02, 0x4b, 0x17, 0xc9, 0x26, 0x76, 0x78, 0x05, 0x91, 0x71, 0x33,
+    0x9c, 0xc0, 0x08, 0x39, 0x02, 0x41, 0x02, 0xaa, 0x66, 0x3a, 0xdb, 0xf5,
+    0x1a, 0xb8, 0x87, 0xa0, 0x18, 0xcb, 0x42, 0x6e, 0x78, 0xbc, 0x2f, 0xe1,
+    0x82, 0xdc, 0xb2, 0xf7, 0xbc, 0xb5, 0x04, 0x41, 0xd1, 0x7f, 0xdf, 0x0f,
+    0x06, 0x79, 0x8b, 0x50, 0x71, 0xc6, 0xe2, 0xf5, 0xfe, 0xb4, 0xd5, 0x4a,
+    0xd8, 0x18, 0x23, 0x11, 0xc1, 0xef, 0x62, 0xd4, 0xc4, 0x9f, 0x18, 0xd1,
+    0xf5, 0x1f, 0x54, 0xb2, 0xd2, 0xcf, 0xfb, 0xa4, 0xda, 0x1b, 0xe5, 0x02,
+    0x41, 0x02, 0xbb, 0xe7, 0x06, 0x07, 0x8b, 0x5c, 0x0b, 0x39, 0x15, 0x12,
+    0xd4, 0x11, 0xdb, 0x1b, 0x19, 0x9b, 0x5a, 0x56, 0x64, 0xb8, 0x40, 0x42,
+    0xea, 0xd3, 0x7f, 0xe9, 0x94, 0xae, 0x72, 0xb9, 0x53, 0x2d, 0xfb, 0xfb,
+    0x3e, 0x9e, 0x69, 0x81, 0xa0, 0xfb, 0xb8, 0x06, 0x51, 0x31, 0x41, 0xb7,
+    0xc2, 0x16, 0x3f, 0xe5, 0x6c, 0x39, 0x5e, 0x4b, 0xfa, 0xee, 0x57, 0xe3,
+    0x83, 0x3f, 0x9b, 0x91, 0x8d, 0xf9, 0x02, 0x40, 0x02, 0x42, 0xb6, 0xcd,
+    0x00, 0xd3, 0x0a, 0x76, 0x7a, 0xee, 0x9a, 0x89, 0x8e, 0xad, 0x45, 0x3c,
+    0x8e, 0xae, 0xa6, 0x3d, 0x50, 0x0b, 0x7d, 0x1e, 0x00, 0x71, 0x3e, 0xda,
+    0xe5, 0x1c, 0xe3, 0x6b, 0x23, 0xb6, 0x64, 0xdf, 0x26, 0xe6, 0x3e, 0x26,
+    0x6e, 0xc8, 0xf7, 0x6e, 0x6e, 0x63, 0xed, 0x1b, 0xa4, 0x1e, 0xb0, 0x33,
+    0xb1, 0x20, 0xf7, 0xea, 0x52, 0x12, 0xae, 0x21, 0xa9, 0x8f, 0xbc, 0x16};
+const uint8_t kTestVector5Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x0d, 0x10, 0xf6, 0x61, 0xf2, 0x99, 0x40, 0xf5,
+    0xed, 0x39, 0xaa, 0x26, 0x09, 0x66, 0xde, 0xb4, 0x78, 0x43, 0x67, 0x9d,
+    0x2b, 0x6f, 0xb2, 0x5b, 0x3d, 0xe3, 0x70, 0xf3, 0xac, 0x7c, 0x19, 0x91,
+    0x63, 0x91, 0xfd, 0x25, 0xfb, 0x52, 0x7e, 0xbf, 0xa6, 0xa4, 0xb4, 0xdf,
+    0x45, 0xa1, 0x75, 0x9d, 0x99, 0x6c, 0x4b, 0xb4, 0xeb, 0xd1, 0x88, 0x28,
+    0xc4, 0x4f, 0xc5, 0x2d, 0x01, 0x91, 0x87, 0x17, 0x40, 0x52, 0x5f, 0x47,
+    0xa4, 0xb0, 0xcc, 0x8d, 0xa3, 0x25, 0xed, 0x8a, 0xa6, 0x76, 0xb0, 0xd0,
+    0xf6, 0x26, 0xe0, 0xa7, 0x7f, 0x07, 0x69, 0x21, 0x70, 0xac, 0xac, 0x80,
+    0x82, 0xf4, 0x2f, 0xaa, 0x7d, 0xc7, 0xcd, 0x12, 0x3e, 0x73, 0x0e, 0x31,
+    0xa8, 0x79, 0x85, 0x20, 0x4c, 0xab, 0xcb, 0xe6, 0x67, 0x0d, 0x43, 0xa2,
+    0xdd, 0x2b, 0x2d, 0xde, 0xf5, 0xe0, 0x53, 0x92, 0xfc, 0x21, 0x3b, 0xc5,
+    0x07, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 5.1
+const uint8_t kTestVector5Data[] = {
+    0x30, 0xc7, 0xd5, 0x57, 0x45, 0x8b, 0x43, 0x6d, 0xec, 0xfd, 0xc1, 0x4d,
+    0x06, 0xcb, 0x7b, 0x96, 0xb0, 0x67, 0x18, 0xc4, 0x8d, 0x7d, 0xe5, 0x74,
+    0x82, 0xa8, 0x68, 0xae, 0x7f, 0x06, 0x58, 0x70, 0xa6, 0x21, 0x65, 0x06,
+    0xd1, 0x1b, 0x77, 0x93, 0x23, 0xdf, 0xdf, 0x04, 0x6c, 0xf5, 0x77, 0x51,
+    0x29, 0x13, 0x4b, 0x4d, 0x56, 0x89, 0xe4, 0xd9, 0xc0, 0xce, 0x1e, 0x12,
+    0xd7, 0xd4, 0xb0, 0x6c, 0xb5, 0xfc, 0x58, 0x20, 0xde, 0xcf, 0xa4, 0x1b,
+    0xaf, 0x59, 0xbf, 0x25, 0x7b, 0x32, 0xf0, 0x25, 0xb7, 0x67, 0x9b, 0x44,
+    0x5b, 0x94, 0x99, 0xc9, 0x25, 0x55, 0x14, 0x58, 0x85, 0x99, 0x2f, 0x1b,
+    0x76, 0xf8, 0x48, 0x91, 0xee, 0x4d, 0x3b, 0xe0, 0xf5, 0x15, 0x0f, 0xd5,
+    0x90, 0x1e, 0x3a, 0x4c, 0x8e, 0xd4, 0x3f, 0xd3, 0x6b, 0x61, 0xd0, 0x22,
+    0xe6, 0x5a, 0xd5, 0x00, 0x8d, 0xbf, 0x33, 0x29, 0x3c, 0x22, 0xbf, 0xbf,
+    0xd0, 0x73, 0x21, 0xf0, 0xf1, 0xd5, 0xfa, 0x9f, 0xdf, 0x00, 0x14, 0xc2,
+    0xfc, 0xb0, 0x35, 0x8a, 0xad, 0x0e, 0x35, 0x4b, 0x0d, 0x29};
+const uint8_t kTestVector5Sig[] = {
+    0x0b, 0xa3, 0x73, 0xf7, 0x6e, 0x09, 0x21, 0xb7, 0x0a, 0x8f, 0xbf, 0xe6,
+    0x22, 0xf0, 0xbf, 0x77, 0xb2, 0x8a, 0x3d, 0xb9, 0x8e, 0x36, 0x10, 0x51,
+    0xc3, 0xd7, 0xcb, 0x92, 0xad, 0x04, 0x52, 0x91, 0x5a, 0x4d, 0xe9, 0xc0,
+    0x17, 0x22, 0xf6, 0x82, 0x3e, 0xeb, 0x6a, 0xdf, 0x7e, 0x0c, 0xa8, 0x29,
+    0x0f, 0x5d, 0xe3, 0xe5, 0x49, 0x89, 0x0a, 0xc2, 0xa3, 0xc5, 0x95, 0x0a,
+    0xb2, 0x17, 0xba, 0x58, 0x59, 0x08, 0x94, 0x95, 0x2d, 0xe9, 0x6f, 0x8d,
+    0xf1, 0x11, 0xb2, 0x57, 0x52, 0x15, 0xda, 0x6c, 0x16, 0x15, 0x90, 0xc7,
+    0x45, 0xbe, 0x61, 0x24, 0x76, 0xee, 0x57, 0x8e, 0xd3, 0x84, 0xab, 0x33,
+    0xe3, 0xec, 0xe9, 0x74, 0x81, 0xa2, 0x52, 0xf5, 0xc7, 0x9a, 0x98, 0xb5,
+    0x53, 0x2a, 0xe0, 0x0c, 0xdd, 0x62, 0xf2, 0xec, 0xc0, 0xcd, 0x1b, 0xae,
+    0xfe, 0x80, 0xd8, 0x0b, 0x96, 0x21, 0x93, 0xec, 0x1d};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 6: A 1029-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector6Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x79, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x63, 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x16, 0x4c, 0xa3, 0x1c, 0xff, 0x60, 0x9f, 0x3a, 0x0e, 0x71, 0x01, 0xb0,
+    0x39, 0xf2, 0xe4, 0xfe, 0x6d, 0xd3, 0x75, 0x19, 0xab, 0x98, 0x59, 0x8d,
+    0x17, 0x9e, 0x17, 0x49, 0x96, 0x59, 0x80, 0x71, 0xf4, 0x7d, 0x3a, 0x04,
+    0x55, 0x91, 0x58, 0xd7, 0xbe, 0x37, 0x3c, 0xf1, 0xaa, 0x53, 0xf0, 0xaa,
+    0x6e, 0xf0, 0x90, 0x39, 0xe5, 0x67, 0x8c, 0x2a, 0x4c, 0x63, 0x90, 0x05,
+    0x14, 0xc8, 0xc4, 0xf8, 0xaa, 0xed, 0x5d, 0xe1, 0x2a, 0x5f, 0x10, 0xb0,
+    0x9c, 0x31, 0x1a, 0xf8, 0xc0, 0xff, 0xb5, 0xb7, 0xa2, 0x97, 0xf2, 0xef,
+    0xc6, 0x3b, 0x8d, 0x6b, 0x05, 0x10, 0x93, 0x1f, 0x0b, 0x98, 0xe4, 0x8b,
+    0xf5, 0xfc, 0x6e, 0xc4, 0xe7, 0xb8, 0xdb, 0x1f, 0xfa, 0xeb, 0x08, 0xc3,
+    0x8e, 0x02, 0xad, 0xb8, 0xf0, 0x3a, 0x48, 0x22, 0x9c, 0x99, 0xe9, 0x69,
+    0x43, 0x1f, 0x61, 0xcb, 0x8c, 0x4d, 0xc6, 0x98, 0xd1, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x81, 0x03, 0xb6, 0x64, 0xee, 0x3b, 0x75, 0x66,
+    0x72, 0x3f, 0xc6, 0xea, 0xf2, 0x8a, 0xbb, 0x43, 0x0a, 0x39, 0x80, 0xf1,
+    0x12, 0x6c, 0x81, 0xde, 0x8a, 0xd7, 0x09, 0xea, 0xb3, 0x9a, 0xc9, 0xdc,
+    0xd0, 0xb1, 0x55, 0x0b, 0x37, 0x29, 0xd8, 0x70, 0x68, 0xe9, 0x52, 0x00,
+    0x9d, 0xf5, 0x44, 0x53, 0x4c, 0x1f, 0x50, 0x82, 0x9a, 0x78, 0xf4, 0x59,
+    0x1e, 0xb8, 0xfd, 0x57, 0x14, 0x04, 0x26, 0xa6, 0xbb, 0x04, 0x05, 0xb6,
+    0xa6, 0xf5, 0x1a, 0x57, 0xd9, 0x26, 0x7b, 0x7b, 0xbc, 0x65, 0x33, 0x91,
+    0xa6, 0x99, 0xa2, 0xa9, 0x0d, 0xac, 0x8a, 0xe2, 0x26, 0xbc, 0xc6, 0x0f,
+    0xa8, 0xcd, 0x93, 0x4c, 0x73, 0xc7, 0xb0, 0x3b, 0x1f, 0x6b, 0x81, 0x81,
+    0x58, 0x63, 0x18, 0x38, 0xa8, 0x61, 0x2e, 0x6e, 0x6e, 0xa9, 0x2b, 0xe2,
+    0x4f, 0x83, 0x24, 0xfa, 0xf5, 0xb1, 0xfd, 0x85, 0x87, 0x22, 0x52, 0x67,
+    0xba, 0x6f, 0x02, 0x41, 0x04, 0xf0, 0x54, 0x8c, 0x96, 0x26, 0xab, 0x1e,
+    0xbf, 0x12, 0x44, 0x93, 0x47, 0x41, 0xd9, 0x9a, 0x06, 0x22, 0x0e, 0xfa,
+    0x2a, 0x58, 0x56, 0xaa, 0x0e, 0x75, 0x73, 0x0b, 0x2e, 0xc9, 0x6a, 0xdc,
+    0x86, 0xbe, 0x89, 0x4f, 0xa2, 0x80, 0x3b, 0x53, 0xa5, 0xe8, 0x5d, 0x27,
+    0x6a, 0xcb, 0xd2, 0x9a, 0xb8, 0x23, 0xf8, 0x0a, 0x73, 0x91, 0xbb, 0x54,
+    0xa5, 0x05, 0x16, 0x72, 0xfb, 0x04, 0xee, 0xb5, 0x43, 0x02, 0x41, 0x04,
+    0x83, 0xe0, 0xae, 0x47, 0x91, 0x55, 0x87, 0x74, 0x3f, 0xf3, 0x45, 0x36,
+    0x2b, 0x55, 0x5d, 0x39, 0x62, 0xd9, 0x8b, 0xb6, 0xf1, 0x5f, 0x84, 0x8b,
+    0x4c, 0x92, 0xb1, 0x77, 0x1c, 0xa8, 0xed, 0x10, 0x7d, 0x8d, 0x3e, 0xe6,
+    0x5e, 0xc4, 0x45, 0x17, 0xdd, 0x0f, 0xaa, 0x48, 0x1a, 0x38, 0x7e, 0x90,
+    0x2f, 0x7a, 0x2e, 0x74, 0x7c, 0x26, 0x9e, 0x7e, 0xa4, 0x44, 0x80, 0xbc,
+    0x53, 0x8b, 0x8e, 0x5b, 0x02, 0x41, 0x03, 0xa8, 0xe8, 0xae, 0xa9, 0x92,
+    0x0c, 0x1a, 0xa3, 0xb2, 0xf0, 0xd8, 0x46, 0xe4, 0xb8, 0x50, 0xd8, 0x1c,
+    0xa3, 0x06, 0xa5, 0x1c, 0x83, 0x54, 0x4f, 0x94, 0x9f, 0x64, 0xf9, 0x0d,
+    0xcf, 0x3f, 0x8e, 0x26, 0x61, 0xf0, 0x7e, 0x56, 0x12, 0x20, 0xa1, 0x80,
+    0x38, 0x8f, 0xbe, 0x27, 0x3e, 0x70, 0xe2, 0xe5, 0xdc, 0xa8, 0x3a, 0x0e,
+    0x13, 0x48, 0xdd, 0x64, 0x90, 0xc7, 0x31, 0xd6, 0xec, 0xe1, 0xab, 0x02,
+    0x41, 0x01, 0x35, 0xbd, 0xcd, 0xb6, 0x0b, 0xf2, 0x19, 0x7c, 0x43, 0x6e,
+    0xd3, 0x4b, 0x32, 0xcd, 0x8b, 0x4f, 0xc7, 0x77, 0x78, 0x83, 0x2b, 0xa7,
+    0x67, 0x03, 0x55, 0x1f, 0xb2, 0x42, 0xb3, 0x01, 0x69, 0x95, 0x93, 0xaf,
+    0x77, 0xfd, 0x8f, 0xc3, 0x94, 0xa8, 0x52, 0x6a, 0xd2, 0x3c, 0xc4, 0x1a,
+    0x03, 0x80, 0x6b, 0xd8, 0x97, 0xfe, 0x4b, 0x0e, 0xa6, 0x46, 0x55, 0x8a,
+    0xad, 0xdc, 0xc9, 0x9e, 0x8a, 0x25, 0x02, 0x41, 0x03, 0x04, 0xc0, 0x3d,
+    0x9c, 0x73, 0x65, 0x03, 0xa9, 0x84, 0xab, 0xbd, 0x9b, 0xa2, 0x23, 0x01,
+    0x40, 0x7c, 0x4a, 0x2a, 0xb1, 0xdd, 0x85, 0x76, 0x64, 0x81, 0xb6, 0x0d,
+    0x45, 0x40, 0x11, 0x52, 0xe6, 0x92, 0xbe, 0x14, 0xf4, 0x12, 0x1d, 0x9a,
+    0xa3, 0xfd, 0x6e, 0x0b, 0x4d, 0x1d, 0x3a, 0x97, 0x35, 0x38, 0xa3, 0x1d,
+    0x42, 0xee, 0x6e, 0x1e, 0x5e, 0xf6, 0x20, 0x23, 0x1a, 0x2b, 0xba, 0xf3,
+    0x5f};
+const uint8_t kTestVector6Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x16, 0x4c, 0xa3, 0x1c, 0xff, 0x60, 0x9f, 0x3a,
+    0x0e, 0x71, 0x01, 0xb0, 0x39, 0xf2, 0xe4, 0xfe, 0x6d, 0xd3, 0x75, 0x19,
+    0xab, 0x98, 0x59, 0x8d, 0x17, 0x9e, 0x17, 0x49, 0x96, 0x59, 0x80, 0x71,
+    0xf4, 0x7d, 0x3a, 0x04, 0x55, 0x91, 0x58, 0xd7, 0xbe, 0x37, 0x3c, 0xf1,
+    0xaa, 0x53, 0xf0, 0xaa, 0x6e, 0xf0, 0x90, 0x39, 0xe5, 0x67, 0x8c, 0x2a,
+    0x4c, 0x63, 0x90, 0x05, 0x14, 0xc8, 0xc4, 0xf8, 0xaa, 0xed, 0x5d, 0xe1,
+    0x2a, 0x5f, 0x10, 0xb0, 0x9c, 0x31, 0x1a, 0xf8, 0xc0, 0xff, 0xb5, 0xb7,
+    0xa2, 0x97, 0xf2, 0xef, 0xc6, 0x3b, 0x8d, 0x6b, 0x05, 0x10, 0x93, 0x1f,
+    0x0b, 0x98, 0xe4, 0x8b, 0xf5, 0xfc, 0x6e, 0xc4, 0xe7, 0xb8, 0xdb, 0x1f,
+    0xfa, 0xeb, 0x08, 0xc3, 0x8e, 0x02, 0xad, 0xb8, 0xf0, 0x3a, 0x48, 0x22,
+    0x9c, 0x99, 0xe9, 0x69, 0x43, 0x1f, 0x61, 0xcb, 0x8c, 0x4d, 0xc6, 0x98,
+    0xd1, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 6.1
+const uint8_t kTestVector6Data[] = {
+    0x0a, 0x20, 0xb7, 0x74, 0xad, 0xdc, 0x2f, 0xa5, 0x12, 0x45, 0xed,
+    0x7c, 0xb9, 0xda, 0x60, 0x9e, 0x50, 0xca, 0xc6, 0x63, 0x6a, 0x52,
+    0x54, 0x3f, 0x97, 0x45, 0x8e, 0xed, 0x73, 0x40, 0xf8, 0xd5, 0x3f,
+    0xfc, 0x64, 0x91, 0x8f, 0x94, 0x90, 0x78, 0xee, 0x03, 0xef, 0x60,
+    0xd4, 0x2b, 0x5f, 0xec, 0x24, 0x60, 0x50, 0xbd, 0x55, 0x05, 0xcd,
+    0x8c, 0xb5, 0x97, 0xba, 0xd3, 0xc4, 0xe7, 0x13, 0xb0, 0xef, 0x30,
+    0x64, 0x4e, 0x76, 0xad, 0xab, 0xb0, 0xde, 0x01, 0xa1, 0x56, 0x1e,
+    0xfb, 0x25, 0x51, 0x58, 0xc7, 0x4f, 0xc8, 0x01, 0xe6, 0xe9, 0x19,
+    0xe5, 0x81, 0xb4, 0x6f, 0x0f, 0x0d, 0xdd, 0x08, 0xe4, 0xf3, 0x4c,
+    0x78, 0x10, 0xb5, 0xed, 0x83, 0x18, 0xf9, 0x1d, 0x7c, 0x8c};
+const uint8_t kTestVector6Sig[] = {
+    0x04, 0xc0, 0xcf, 0xac, 0xec, 0x04, 0xe5, 0xba, 0xdb, 0xec, 0xe1, 0x59,
+    0xa5, 0xa1, 0x10, 0x3f, 0x69, 0xb3, 0xf3, 0x2b, 0xa5, 0x93, 0xcb, 0x4c,
+    0xc4, 0xb1, 0xb7, 0xab, 0x45, 0x59, 0x16, 0xa9, 0x6a, 0x27, 0xcd, 0x26,
+    0x78, 0xea, 0x0f, 0x46, 0xba, 0x37, 0xf7, 0xfc, 0x9c, 0x86, 0x32, 0x5f,
+    0x29, 0x73, 0x3b, 0x38, 0x9f, 0x1d, 0x97, 0xf4, 0x3e, 0x72, 0x01, 0xc0,
+    0xf3, 0x48, 0xfc, 0x45, 0xfe, 0x42, 0x89, 0x23, 0x35, 0x36, 0x2e, 0xee,
+    0x01, 0x8b, 0x5b, 0x16, 0x1f, 0x2f, 0x93, 0x93, 0x03, 0x12, 0x25, 0xc7,
+    0x13, 0x01, 0x2a, 0x57, 0x6b, 0xc8, 0x8e, 0x23, 0x05, 0x24, 0x89, 0x86,
+    0x8d, 0x90, 0x10, 0xcb, 0xf0, 0x33, 0xec, 0xc5, 0x68, 0xe8, 0xbc, 0x15,
+    0x2b, 0xdc, 0x59, 0xd5, 0x60, 0xe4, 0x12, 0x91, 0x91, 0x5d, 0x28, 0x56,
+    0x52, 0x08, 0xe2, 0x2a, 0xee, 0xc9, 0xef, 0x85, 0xd1};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 7: A 1030-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector7Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x61, 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x37, 0xc9, 0xda, 0x4a, 0x66, 0xc8, 0xc4, 0x08, 0xb8, 0xda, 0x27, 0xd0,
+    0xc9, 0xd7, 0x9f, 0x8c, 0xcb, 0x1e, 0xaf, 0xc1, 0xd2, 0xfe, 0x48, 0x74,
+    0x6d, 0x94, 0x0b, 0x7c, 0x4e, 0xf5, 0xde, 0xe1, 0x8a, 0xd1, 0x26, 0x47,
+    0xce, 0xfa, 0xa0, 0xc4, 0xb3, 0x18, 0x8b, 0x22, 0x1c, 0x51, 0x53, 0x86,
+    0x75, 0x9b, 0x93, 0xf0, 0x20, 0x24, 0xb2, 0x5a, 0xb9, 0x24, 0x2f, 0x83,
+    0x57, 0xd8, 0xf3, 0xfd, 0x49, 0x64, 0x0e, 0xe5, 0xe6, 0x43, 0xea, 0xf6,
+    0xc6, 0x4d, 0xee, 0xfa, 0x70, 0x89, 0x72, 0x7c, 0x8f, 0xf0, 0x39, 0x93,
+    0x33, 0x39, 0x15, 0xc6, 0xef, 0x21, 0xbf, 0x59, 0x75, 0xb6, 0xe5, 0x0d,
+    0x11, 0x8b, 0x51, 0x00, 0x8e, 0xc3, 0x3e, 0x9f, 0x01, 0xa0, 0xa5, 0x45,
+    0xa1, 0x0a, 0x83, 0x6a, 0x43, 0xdd, 0xbc, 0xa9, 0xd8, 0xb5, 0xc5, 0xd3,
+    0x54, 0x80, 0x22, 0xd7, 0x06, 0x4e, 0xa2, 0x9a, 0xb3, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x3b, 0xed, 0x99, 0x90, 0x52, 0xd9, 0x57,
+    0xbc, 0x06, 0xd6, 0x51, 0xee, 0xf6, 0xe3, 0xa9, 0x80, 0x94, 0xb1, 0x62,
+    0x1b, 0xd3, 0x8b, 0x54, 0x49, 0xbd, 0x6c, 0x4a, 0xea, 0x3d, 0xe7, 0xe0,
+    0x84, 0x67, 0x9a, 0x44, 0x84, 0xde, 0xd2, 0x5b, 0xe0, 0xf0, 0x82, 0x6c,
+    0xf3, 0x37, 0x78, 0x25, 0x41, 0x4b, 0x14, 0xd4, 0xd6, 0x1d, 0xb1, 0x4d,
+    0xe6, 0x26, 0xfb, 0xb8, 0x0e, 0x5f, 0x4f, 0xae, 0xc9, 0x56, 0xf9, 0xa0,
+    0xa2, 0xd2, 0x4f, 0x99, 0x57, 0x63, 0x80, 0xf0, 0x84, 0xeb, 0x62, 0xe4,
+    0x6a, 0x57, 0xd5, 0x54, 0x27, 0x8b, 0x53, 0x56, 0x26, 0x19, 0x3c, 0xe0,
+    0x20, 0x60, 0x57, 0x5e, 0xb6, 0x6c, 0x57, 0x98, 0xd3, 0x6f, 0x6c, 0x5d,
+    0x40, 0xfb, 0x00, 0xd8, 0x09, 0xb4, 0x2a, 0x73, 0x10, 0x2c, 0x1c, 0x74,
+    0xee, 0x95, 0xbd, 0x71, 0x42, 0x0f, 0xff, 0xef, 0x63, 0x18, 0xb5, 0x2c,
+    0x29, 0x02, 0x41, 0x07, 0xee, 0xfb, 0x42, 0x4b, 0x0e, 0x3a, 0x40, 0xe4,
+    0x20, 0x8e, 0xe5, 0xaf, 0xb2, 0x80, 0xb2, 0x23, 0x17, 0x30, 0x81, 0x14,
+    0xdd, 0xe0, 0xb4, 0xb6, 0x4f, 0x73, 0x01, 0x84, 0xec, 0x68, 0xda, 0x6c,
+    0xe2, 0x86, 0x7a, 0x9f, 0x48, 0xed, 0x77, 0x26, 0xd5, 0xe2, 0x61, 0x4e,
+    0xd0, 0x4a, 0x54, 0x10, 0x73, 0x6c, 0x8c, 0x71, 0x4e, 0xe7, 0x02, 0x47,
+    0x42, 0x98, 0xc6, 0x29, 0x2a, 0xf0, 0x75, 0x35, 0x02, 0x41, 0x07, 0x08,
+    0x30, 0xdb, 0xf9, 0x47, 0xea, 0xc0, 0x22, 0x8d, 0xe2, 0x63, 0x14, 0xb5,
+    0x9b, 0x66, 0x99, 0x4c, 0xc6, 0x0e, 0x83, 0x60, 0xe7, 0x5d, 0x38, 0x76,
+    0x29, 0x8f, 0x8f, 0x8a, 0x7d, 0x14, 0x1d, 0xa0, 0x64, 0xe5, 0xca, 0x02,
+    0x6a, 0x97, 0x3e, 0x28, 0xf2, 0x54, 0x73, 0x8c, 0xee, 0x66, 0x9c, 0x72,
+    0x1b, 0x03, 0x4c, 0xb5, 0xf8, 0xe2, 0x44, 0xda, 0xdd, 0x7c, 0xd1, 0xe1,
+    0x59, 0xd5, 0x47, 0x02, 0x41, 0x05, 0x24, 0xd2, 0x0c, 0x3d, 0x95, 0xcf,
+    0xf7, 0x5a, 0xf2, 0x31, 0x34, 0x83, 0x22, 0x7d, 0x87, 0x02, 0x71, 0x7a,
+    0xa5, 0x76, 0xde, 0x15, 0x5f, 0x96, 0x05, 0x15, 0x50, 0x1a, 0xdb, 0x1d,
+    0x70, 0xe1, 0xc0, 0x4d, 0xe9, 0x1b, 0x75, 0xb1, 0x61, 0xdb, 0xf0, 0x39,
+    0x83, 0x56, 0x12, 0x7e, 0xde, 0xda, 0x7b, 0xbc, 0x19, 0xa3, 0x2d, 0xc1,
+    0x62, 0x1c, 0xc9, 0xf5, 0x3c, 0x26, 0x5d, 0x0c, 0xe3, 0x31, 0x02, 0x41,
+    0x05, 0xf9, 0x84, 0xa1, 0xf2, 0x3c, 0x93, 0x8d, 0x6a, 0x0e, 0x89, 0x72,
+    0x4b, 0xcf, 0x3d, 0xd9, 0x3f, 0x99, 0x46, 0x92, 0x60, 0x37, 0xfe, 0x7c,
+    0x6b, 0x13, 0xa2, 0x9e, 0x52, 0x84, 0x85, 0x5f, 0x89, 0x08, 0x95, 0x91,
+    0xd4, 0x40, 0x97, 0x56, 0x27, 0xbf, 0x5c, 0x9e, 0x3a, 0x8b, 0x5c, 0xa7,
+    0x9c, 0x77, 0x2a, 0xd2, 0x73, 0xe4, 0x0d, 0x32, 0x1a, 0xf4, 0xa6, 0xc9,
+    0x7d, 0xfd, 0xed, 0x78, 0xd3, 0x02, 0x40, 0xdd, 0xd9, 0x18, 0xad, 0xad,
+    0xa2, 0x9d, 0xca, 0xb9, 0x81, 0xff, 0x9a, 0xcb, 0xa4, 0x25, 0x70, 0x23,
+    0xc0, 0x9a, 0x38, 0x01, 0xcc, 0xce, 0x09, 0x8c, 0xe2, 0x68, 0xf8, 0x55,
+    0xd0, 0xdf, 0x57, 0x0c, 0xd6, 0xe7, 0xb9, 0xb1, 0x4b, 0xd9, 0xa5, 0xa9,
+    0x25, 0x4c, 0xbc, 0x31, 0x5b, 0xe6, 0xf8, 0xba, 0x1e, 0x25, 0x46, 0xdd,
+    0xd5, 0x69, 0xc5, 0xea, 0x19, 0xee, 0xd8, 0x35, 0x3b, 0xde, 0x5e};
+const uint8_t kTestVector7Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x37, 0xc9, 0xda, 0x4a, 0x66, 0xc8, 0xc4, 0x08,
+    0xb8, 0xda, 0x27, 0xd0, 0xc9, 0xd7, 0x9f, 0x8c, 0xcb, 0x1e, 0xaf, 0xc1,
+    0xd2, 0xfe, 0x48, 0x74, 0x6d, 0x94, 0x0b, 0x7c, 0x4e, 0xf5, 0xde, 0xe1,
+    0x8a, 0xd1, 0x26, 0x47, 0xce, 0xfa, 0xa0, 0xc4, 0xb3, 0x18, 0x8b, 0x22,
+    0x1c, 0x51, 0x53, 0x86, 0x75, 0x9b, 0x93, 0xf0, 0x20, 0x24, 0xb2, 0x5a,
+    0xb9, 0x24, 0x2f, 0x83, 0x57, 0xd8, 0xf3, 0xfd, 0x49, 0x64, 0x0e, 0xe5,
+    0xe6, 0x43, 0xea, 0xf6, 0xc6, 0x4d, 0xee, 0xfa, 0x70, 0x89, 0x72, 0x7c,
+    0x8f, 0xf0, 0x39, 0x93, 0x33, 0x39, 0x15, 0xc6, 0xef, 0x21, 0xbf, 0x59,
+    0x75, 0xb6, 0xe5, 0x0d, 0x11, 0x8b, 0x51, 0x00, 0x8e, 0xc3, 0x3e, 0x9f,
+    0x01, 0xa0, 0xa5, 0x45, 0xa1, 0x0a, 0x83, 0x6a, 0x43, 0xdd, 0xbc, 0xa9,
+    0xd8, 0xb5, 0xc5, 0xd3, 0x54, 0x80, 0x22, 0xd7, 0x06, 0x4e, 0xa2, 0x9a,
+    0xb3, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 7.1
+const uint8_t kTestVector7Data[] = {
+    0x9e, 0xad, 0x0e, 0x01, 0x94, 0x56, 0x40, 0x67, 0x4e, 0xb4, 0x1c, 0xad,
+    0x43, 0x5e, 0x23, 0x74, 0xea, 0xef, 0xa8, 0xad, 0x71, 0x97, 0xd9, 0x79,
+    0x13, 0xc4, 0x49, 0x57, 0xd8, 0xd8, 0x3f, 0x40, 0xd7, 0x6e, 0xe6, 0x0e,
+    0x39, 0xbf, 0x9c, 0x0f, 0x9e, 0xaf, 0x30, 0x21, 0x42, 0x1a, 0x07, 0x4d,
+    0x1a, 0xde, 0x96, 0x2c, 0x6e, 0x9d, 0x3d, 0xc3, 0xbb, 0x17, 0x4f, 0xe4,
+    0xdf, 0xe6, 0x52, 0xb0, 0x91, 0x15, 0x49, 0x5b, 0x8f, 0xd2, 0x79, 0x41,
+    0x74, 0x02, 0x0a, 0x06, 0x02, 0xb5, 0xca, 0x51, 0x84, 0x8c, 0xfc, 0x96,
+    0xce, 0x5e, 0xb5, 0x7f, 0xc0, 0xa2, 0xad, 0xc1, 0xdd, 0xa3, 0x6a, 0x7c,
+    0xc4, 0x52, 0x64, 0x1a, 0x14, 0x91, 0x1b, 0x37, 0xe4, 0x5b, 0xfa, 0x11,
+    0xda, 0xa5, 0xc7, 0xec, 0xdb, 0x74, 0xf6, 0xd0, 0x10, 0x0d, 0x1d, 0x3e,
+    0x39, 0xe7, 0x52, 0x80, 0x0e, 0x20, 0x33, 0x97, 0xde, 0x02, 0x33, 0x07,
+    0x7b, 0x9a, 0x88, 0x85, 0x55, 0x37, 0xfa, 0xe9, 0x27, 0xf9, 0x24, 0x38,
+    0x0d, 0x78, 0x0f, 0x98, 0xe1, 0x8d, 0xcf, 0xf3, 0x9c, 0x5e, 0xa7, 0x41,
+    0xb1, 0x7d, 0x6f, 0xdd, 0x18, 0x85, 0xbc, 0x9d, 0x58, 0x14, 0x82, 0xd7,
+    0x71, 0xce, 0xb5, 0x62, 0xd7, 0x8a, 0x8b, 0xf8, 0x8f, 0x0c, 0x75, 0xb1,
+    0x13, 0x63, 0xe5, 0xe3, 0x6c, 0xd4, 0x79, 0xce, 0xb0, 0x54, 0x5f, 0x9d,
+    0xa8, 0x42, 0x03, 0xe0, 0xe6, 0xe5, 0x08, 0x37, 0x5c, 0xc9, 0xe8, 0x44,
+    0xb8, 0x8b, 0x7a, 0xc7, 0xa0, 0xa2, 0x01, 0xea, 0x0f, 0x1b, 0xee, 0x9a,
+    0x2c, 0x57, 0x79, 0x20, 0xca, 0x02, 0xc0, 0x1b, 0x9d, 0x83, 0x20, 0xe9,
+    0x74, 0xa5, 0x6f, 0x4e, 0xfb, 0x57, 0x63, 0xb9, 0x62, 0x55, 0xab, 0xbf,
+    0x80, 0x37, 0xbf, 0x18, 0x02, 0xcf, 0x01, 0x8f, 0x56, 0x37, 0x94, 0x93,
+    0xe5, 0x69, 0xa9};
+const uint8_t kTestVector7Sig[] = {
+    0x18, 0x7f, 0x39, 0x07, 0x23, 0xc8, 0x90, 0x25, 0x91, 0xf0, 0x15, 0x4b,
+    0xae, 0x6d, 0x4e, 0xcb, 0xff, 0xe0, 0x67, 0xf0, 0xe8, 0xb7, 0x95, 0x47,
+    0x6e, 0xa4, 0xf4, 0xd5, 0x1c, 0xcc, 0x81, 0x05, 0x20, 0xbb, 0x3c, 0xa9,
+    0xbc, 0xa7, 0xd0, 0xb1, 0xf2, 0xea, 0x8a, 0x17, 0xd8, 0x73, 0xfa, 0x27,
+    0x57, 0x0a, 0xcd, 0x64, 0x2e, 0x38, 0x08, 0x56, 0x1c, 0xb9, 0xe9, 0x75,
+    0xcc, 0xfd, 0x80, 0xb2, 0x3d, 0xc5, 0x77, 0x1c, 0xdb, 0x33, 0x06, 0xa5,
+    0xf2, 0x31, 0x59, 0xda, 0xcb, 0xd3, 0xaa, 0x2d, 0xb9, 0x3d, 0x46, 0xd7,
+    0x66, 0xe0, 0x9e, 0xd1, 0x5d, 0x90, 0x0a, 0xd8, 0x97, 0xa8, 0xd2, 0x74,
+    0xdc, 0x26, 0xb4, 0x7e, 0x99, 0x4a, 0x27, 0xe9, 0x7e, 0x22, 0x68, 0xa7,
+    0x66, 0x53, 0x3a, 0xe4, 0xb5, 0xe4, 0x2a, 0x2f, 0xca, 0xf7, 0x55, 0xc1,
+    0xc4, 0x79, 0x4b, 0x29, 0x4c, 0x60, 0x55, 0x58, 0x23};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 8: A 1031-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector8Pkcs8[] = {
+    0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x49, 0x53, 0x70, 0xa1, 0xfb, 0x18, 0x54, 0x3c, 0x16, 0xd3, 0x63, 0x1e,
+    0x31, 0x63, 0x25, 0x5d, 0xf6, 0x2b, 0xe6, 0xee, 0xe8, 0x90, 0xd5, 0xf2,
+    0x55, 0x09, 0xe4, 0xf7, 0x78, 0xa8, 0xea, 0x6f, 0xbb, 0xbc, 0xdf, 0x85,
+    0xdf, 0xf6, 0x4e, 0x0d, 0x97, 0x20, 0x03, 0xab, 0x36, 0x81, 0xfb, 0xba,
+    0x6d, 0xd4, 0x1f, 0xd5, 0x41, 0x82, 0x9b, 0x2e, 0x58, 0x2d, 0xe9, 0xf2,
+    0xa4, 0xa4, 0xe0, 0xa2, 0xd0, 0x90, 0x0b, 0xef, 0x47, 0x53, 0xdb, 0x3c,
+    0xee, 0x0e, 0xe0, 0x6c, 0x7d, 0xfa, 0xe8, 0xb1, 0xd5, 0x3b, 0x59, 0x53,
+    0x21, 0x8f, 0x9c, 0xce, 0xea, 0x69, 0x5b, 0x08, 0x66, 0x8e, 0xde, 0xaa,
+    0xdc, 0xed, 0x94, 0x63, 0xb1, 0xd7, 0x90, 0xd5, 0xeb, 0xf2, 0x7e, 0x91,
+    0x15, 0xb4, 0x6c, 0xad, 0x4d, 0x9a, 0x2b, 0x8e, 0xfa, 0xb0, 0x56, 0x1b,
+    0x08, 0x10, 0x34, 0x47, 0x39, 0xad, 0xa0, 0x73, 0x3f, 0x02, 0x03, 0x01,
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x6c, 0x66, 0xff, 0xe9, 0x89, 0x80, 0xc3,
+    0x8f, 0xcd, 0xea, 0xb5, 0x15, 0x98, 0x98, 0x83, 0x61, 0x65, 0xf4, 0xb4,
+    0xb8, 0x17, 0xc4, 0xf6, 0xa8, 0xd4, 0x86, 0xee, 0x4e, 0xa9, 0x13, 0x0f,
+    0xe9, 0xb9, 0x09, 0x2b, 0xd1, 0x36, 0xd1, 0x84, 0xf9, 0x5f, 0x50, 0x4a,
+    0x60, 0x7e, 0xac, 0x56, 0x58, 0x46, 0xd2, 0xfd, 0xd6, 0x59, 0x7a, 0x89,
+    0x67, 0xc7, 0x39, 0x6e, 0xf9, 0x5a, 0x6e, 0xee, 0xbb, 0x45, 0x78, 0xa6,
+    0x43, 0x96, 0x6d, 0xca, 0x4d, 0x8e, 0xe3, 0xde, 0x84, 0x2d, 0xe6, 0x32,
+    0x79, 0xc6, 0x18, 0x15, 0x9c, 0x1a, 0xb5, 0x4a, 0x89, 0x43, 0x7b, 0x6a,
+    0x61, 0x20, 0xe4, 0x93, 0x0a, 0xfb, 0x52, 0xa4, 0xba, 0x6c, 0xed, 0x8a,
+    0x49, 0x47, 0xac, 0x64, 0xb3, 0x0a, 0x34, 0x97, 0xcb, 0xe7, 0x01, 0xc2,
+    0xd6, 0x26, 0x6d, 0x51, 0x72, 0x19, 0xad, 0x0e, 0xc6, 0xd3, 0x47, 0xdb,
+    0xe9, 0x02, 0x41, 0x08, 0xda, 0xd7, 0xf1, 0x13, 0x63, 0xfa, 0xa6, 0x23,
+    0xd5, 0xd6, 0xd5, 0xe8, 0xa3, 0x19, 0x32, 0x8d, 0x82, 0x19, 0x0d, 0x71,
+    0x27, 0xd2, 0x84, 0x6c, 0x43, 0x9b, 0x0a, 0xb7, 0x26, 0x19, 0xb0, 0xa4,
+    0x3a, 0x95, 0x32, 0x0e, 0x4e, 0xc3, 0x4f, 0xc3, 0xa9, 0xce, 0xa8, 0x76,
+    0x42, 0x23, 0x05, 0xbd, 0x76, 0xc5, 0xba, 0x7b, 0xe9, 0xe2, 0xf4, 0x10,
+    0xc8, 0x06, 0x06, 0x45, 0xa1, 0xd2, 0x9e, 0xdb, 0x02, 0x41, 0x08, 0x47,
+    0xe7, 0x32, 0x37, 0x6f, 0xc7, 0x90, 0x0f, 0x89, 0x8e, 0xa8, 0x2e, 0xb2,
+    0xb0, 0xfc, 0x41, 0x85, 0x65, 0xfd, 0xae, 0x62, 0xf7, 0xd9, 0xec, 0x4c,
+    0xe2, 0x21, 0x7b, 0x97, 0x99, 0x0d, 0xd2, 0x72, 0xdb, 0x15, 0x7f, 0x99,
+    0xf6, 0x3c, 0x0d, 0xcb, 0xb9, 0xfb, 0xac, 0xdb, 0xd4, 0xc4, 0xda, 0xdb,
+    0x6d, 0xf6, 0x77, 0x56, 0x35, 0x8c, 0xa4, 0x17, 0x48, 0x25, 0xb4, 0x8f,
+    0x49, 0x70, 0x6d, 0x02, 0x41, 0x05, 0xc2, 0xa8, 0x3c, 0x12, 0x4b, 0x36,
+    0x21, 0xa2, 0xaa, 0x57, 0xea, 0x2c, 0x3e, 0xfe, 0x03, 0x5e, 0xff, 0x45,
+    0x60, 0xf3, 0x3d, 0xde, 0xbb, 0x7a, 0xda, 0xb8, 0x1f, 0xce, 0x69, 0xa0,
+    0xc8, 0xc2, 0xed, 0xc1, 0x65, 0x20, 0xdd, 0xa8, 0x3d, 0x59, 0xa2, 0x3b,
+    0xe8, 0x67, 0x96, 0x3a, 0xc6, 0x5f, 0x2c, 0xc7, 0x10, 0xbb, 0xcf, 0xb9,
+    0x6e, 0xe1, 0x03, 0xde, 0xb7, 0x71, 0xd1, 0x05, 0xfd, 0x85, 0x02, 0x41,
+    0x04, 0xca, 0xe8, 0xaa, 0x0d, 0x9f, 0xaa, 0x16, 0x5c, 0x87, 0xb6, 0x82,
+    0xec, 0x14, 0x0b, 0x8e, 0xd3, 0xb5, 0x0b, 0x24, 0x59, 0x4b, 0x7a, 0x3b,
+    0x2c, 0x22, 0x0b, 0x36, 0x69, 0xbb, 0x81, 0x9f, 0x98, 0x4f, 0x55, 0x31,
+    0x0a, 0x1a, 0xe7, 0x82, 0x36, 0x51, 0xd4, 0xa0, 0x2e, 0x99, 0x44, 0x79,
+    0x72, 0x59, 0x51, 0x39, 0x36, 0x34, 0x34, 0xe5, 0xe3, 0x0a, 0x7e, 0x7d,
+    0x24, 0x15, 0x51, 0xe1, 0xb9, 0x02, 0x41, 0x07, 0xd3, 0xe4, 0x7b, 0xf6,
+    0x86, 0x60, 0x0b, 0x11, 0xac, 0x28, 0x3c, 0xe8, 0x8d, 0xbb, 0x3f, 0x60,
+    0x51, 0xe8, 0xef, 0xd0, 0x46, 0x80, 0xe4, 0x4c, 0x17, 0x1e, 0xf5, 0x31,
+    0xb8, 0x0b, 0x2b, 0x7c, 0x39, 0xfc, 0x76, 0x63, 0x20, 0xe2, 0xcf, 0x15,
+    0xd8, 0xd9, 0x98, 0x20, 0xe9, 0x6f, 0xf3, 0x0d, 0xc6, 0x96, 0x91, 0x83,
+    0x9c, 0x4b, 0x40, 0xd7, 0xb0, 0x6e, 0x45, 0x30, 0x7d, 0xc9, 0x1f, 0x3f};
+const uint8_t kTestVector8Spki[] = {
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+    0x89, 0x02, 0x81, 0x81, 0x49, 0x53, 0x70, 0xa1, 0xfb, 0x18, 0x54, 0x3c,
+    0x16, 0xd3, 0x63, 0x1e, 0x31, 0x63, 0x25, 0x5d, 0xf6, 0x2b, 0xe6, 0xee,
+    0xe8, 0x90, 0xd5, 0xf2, 0x55, 0x09, 0xe4, 0xf7, 0x78, 0xa8, 0xea, 0x6f,
+    0xbb, 0xbc, 0xdf, 0x85, 0xdf, 0xf6, 0x4e, 0x0d, 0x97, 0x20, 0x03, 0xab,
+    0x36, 0x81, 0xfb, 0xba, 0x6d, 0xd4, 0x1f, 0xd5, 0x41, 0x82, 0x9b, 0x2e,
+    0x58, 0x2d, 0xe9, 0xf2, 0xa4, 0xa4, 0xe0, 0xa2, 0xd0, 0x90, 0x0b, 0xef,
+    0x47, 0x53, 0xdb, 0x3c, 0xee, 0x0e, 0xe0, 0x6c, 0x7d, 0xfa, 0xe8, 0xb1,
+    0xd5, 0x3b, 0x59, 0x53, 0x21, 0x8f, 0x9c, 0xce, 0xea, 0x69, 0x5b, 0x08,
+    0x66, 0x8e, 0xde, 0xaa, 0xdc, 0xed, 0x94, 0x63, 0xb1, 0xd7, 0x90, 0xd5,
+    0xeb, 0xf2, 0x7e, 0x91, 0x15, 0xb4, 0x6c, 0xad, 0x4d, 0x9a, 0x2b, 0x8e,
+    0xfa, 0xb0, 0x56, 0x1b, 0x08, 0x10, 0x34, 0x47, 0x39, 0xad, 0xa0, 0x73,
+    0x3f, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 8.1
+const uint8_t kTestVector8Data[] = {
+    0x81, 0x33, 0x2f, 0x4b, 0xe6, 0x29, 0x48, 0x41, 0x5e, 0xa1, 0xd8, 0x99,
+    0x79, 0x2e, 0xea, 0xcf, 0x6c, 0x6e, 0x1d, 0xb1, 0xda, 0x8b, 0xe1, 0x3b,
+    0x5c, 0xea, 0x41, 0xdb, 0x2f, 0xed, 0x46, 0x70, 0x92, 0xe1, 0xff, 0x39,
+    0x89, 0x14, 0xc7, 0x14, 0x25, 0x97, 0x75, 0xf5, 0x95, 0xf8, 0x54, 0x7f,
+    0x73, 0x56, 0x92, 0xa5, 0x75, 0xe6, 0x92, 0x3a, 0xf7, 0x8f, 0x22, 0xc6,
+    0x99, 0x7d, 0xdb, 0x90, 0xfb, 0x6f, 0x72, 0xd7, 0xbb, 0x0d, 0xd5, 0x74,
+    0x4a, 0x31, 0xde, 0xcd, 0x3d, 0xc3, 0x68, 0x58, 0x49, 0x83, 0x6e, 0xd3,
+    0x4a, 0xec, 0x59, 0x63, 0x04, 0xad, 0x11, 0x84, 0x3c, 0x4f, 0x88, 0x48,
+    0x9f, 0x20, 0x97, 0x35, 0xf5, 0xfb, 0x7f, 0xda, 0xf7, 0xce, 0xc8, 0xad,
+    0xdc, 0x58, 0x18, 0x16, 0x8f, 0x88, 0x0a, 0xcb, 0xf4, 0x90, 0xd5, 0x10,
+    0x05, 0xb7, 0xa8, 0xe8, 0x4e, 0x43, 0xe5, 0x42, 0x87, 0x97, 0x75, 0x71,
+    0xdd, 0x99, 0xee, 0xa4, 0xb1, 0x61, 0xeb, 0x2d, 0xf1, 0xf5, 0x10, 0x8f,
+    0x12, 0xa4, 0x14, 0x2a, 0x83, 0x32, 0x2e, 0xdb, 0x05, 0xa7, 0x54, 0x87,
+    0xa3, 0x43, 0x5c, 0x9a, 0x78, 0xce, 0x53, 0xed, 0x93, 0xbc, 0x55, 0x08,
+    0x57, 0xd7, 0xa9, 0xfb};
+const uint8_t kTestVector8Sig[] = {
+    0x02, 0x62, 0xac, 0x25, 0x4b, 0xfa, 0x77, 0xf3, 0xc1, 0xac, 0xa2, 0x2c,
+    0x51, 0x79, 0xf8, 0xf0, 0x40, 0x42, 0x2b, 0x3c, 0x5b, 0xaf, 0xd4, 0x0a,
+    0x8f, 0x21, 0xcf, 0x0f, 0xa5, 0xa6, 0x67, 0xcc, 0xd5, 0x99, 0x3d, 0x42,
+    0xdb, 0xaf, 0xb4, 0x09, 0xc5, 0x20, 0xe2, 0x5f, 0xce, 0x2b, 0x1e, 0xe1,
+    0xe7, 0x16, 0x57, 0x7f, 0x1e, 0xfa, 0x17, 0xf3, 0xda, 0x28, 0x05, 0x2f,
+    0x40, 0xf0, 0x41, 0x9b, 0x23, 0x10, 0x6d, 0x78, 0x45, 0xaa, 0xf0, 0x11,
+    0x25, 0xb6, 0x98, 0xe7, 0xa4, 0xdf, 0xe9, 0x2d, 0x39, 0x67, 0xbb, 0x00,
+    0xc4, 0xd0, 0xd3, 0x5b, 0xa3, 0x55, 0x2a, 0xb9, 0xa8, 0xb3, 0xee, 0xf0,
+    0x7c, 0x7f, 0xec, 0xdb, 0xc5, 0x42, 0x4a, 0xc4, 0xdb, 0x1e, 0x20, 0xcb,
+    0x37, 0xd0, 0xb2, 0x74, 0x47, 0x69, 0x94, 0x0e, 0xa9, 0x07, 0xe1, 0x7f,
+    0xbb, 0xca, 0x67, 0x3b, 0x20, 0x52, 0x23, 0x80, 0xc5};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 9: A 1536-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector9Pkcs8[] = {
+    0x30, 0x82, 0x03, 0x92, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x03, 0x7c, 0x30, 0x82, 0x03, 0x78, 0x02, 0x01, 0x00, 0x02, 0x81, 0xc0,
+    0xe6, 0xbd, 0x69, 0x2a, 0xc9, 0x66, 0x45, 0x79, 0x04, 0x03, 0xfd, 0xd0,
+    0xf5, 0xbe, 0xb8, 0xb9, 0xbf, 0x92, 0xed, 0x10, 0x00, 0x7f, 0xc3, 0x65,
+    0x04, 0x64, 0x19, 0xdd, 0x06, 0xc0, 0x5c, 0x5b, 0x5b, 0x2f, 0x48, 0xec,
+    0xf9, 0x89, 0xe4, 0xce, 0x26, 0x91, 0x09, 0x97, 0x9c, 0xbb, 0x40, 0xb4,
+    0xa0, 0xad, 0x24, 0xd2, 0x24, 0x83, 0xd1, 0xee, 0x31, 0x5a, 0xd4, 0xcc,
+    0xb1, 0x53, 0x42, 0x68, 0x35, 0x26, 0x91, 0xc5, 0x24, 0xf6, 0xdd, 0x8e,
+    0x6c, 0x29, 0xd2, 0x24, 0xcf, 0x24, 0x69, 0x73, 0xae, 0xc8, 0x6c, 0x5b,
+    0xf6, 0xb1, 0x40, 0x1a, 0x85, 0x0d, 0x1b, 0x9a, 0xd1, 0xbb, 0x8c, 0xbc,
+    0xec, 0x47, 0xb0, 0x6f, 0x0f, 0x8c, 0x7f, 0x45, 0xd3, 0xfc, 0x8f, 0x31,
+    0x92, 0x99, 0xc5, 0x43, 0x3d, 0xdb, 0xc2, 0xb3, 0x05, 0x3b, 0x47, 0xde,
+    0xd2, 0xec, 0xd4, 0xa4, 0xca, 0xef, 0xd6, 0x14, 0x83, 0x3d, 0xc8, 0xbb,
+    0x62, 0x2f, 0x31, 0x7e, 0xd0, 0x76, 0xb8, 0x05, 0x7f, 0xe8, 0xde, 0x3f,
+    0x84, 0x48, 0x0a, 0xd5, 0xe8, 0x3e, 0x4a, 0x61, 0x90, 0x4a, 0x4f, 0x24,
+    0x8f, 0xb3, 0x97, 0x02, 0x73, 0x57, 0xe1, 0xd3, 0x0e, 0x46, 0x31, 0x39,
+    0x81, 0x5c, 0x6f, 0xd4, 0xfd, 0x5a, 0xc5, 0xb8, 0x17, 0x2a, 0x45, 0x23,
+    0x0e, 0xcb, 0x63, 0x18, 0xa0, 0x4f, 0x14, 0x55, 0xd8, 0x4e, 0x5a, 0x8b,
+    0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0xc0, 0x6a, 0x7f, 0xd8, 0x4f,
+    0xb8, 0x5f, 0xad, 0x07, 0x3b, 0x34, 0x40, 0x6d, 0xb7, 0x4f, 0x8d, 0x61,
+    0xa6, 0xab, 0xc1, 0x21, 0x96, 0xa9, 0x61, 0xdd, 0x79, 0x56, 0x5e, 0x9d,
+    0xa6, 0xe5, 0x18, 0x7b, 0xce, 0x2d, 0x98, 0x02, 0x50, 0xf7, 0x35, 0x95,
+    0x75, 0x35, 0x92, 0x70, 0xd9, 0x15, 0x90, 0xbb, 0x0e, 0x42, 0x7c, 0x71,
+    0x46, 0x0b, 0x55, 0xd5, 0x14, 0x10, 0xb1, 0x91, 0xbc, 0xf3, 0x09, 0xfe,
+    0xa1, 0x31, 0xa9, 0x2c, 0x8e, 0x70, 0x27, 0x38, 0xfa, 0x71, 0x9f, 0x1e,
+    0x00, 0x41, 0xf5, 0x2e, 0x40, 0xe9, 0x1f, 0x22, 0x9f, 0x4d, 0x96, 0xa1,
+    0xe6, 0xf1, 0x72, 0xe1, 0x55, 0x96, 0xb4, 0x51, 0x0a, 0x6d, 0xae, 0xc2,
+    0x61, 0x05, 0xf2, 0xbe, 0xbc, 0x53, 0x31, 0x6b, 0x87, 0xbd, 0xf2, 0x13,
+    0x11, 0x66, 0x60, 0x70, 0xe8, 0xdf, 0xee, 0x69, 0xd5, 0x2c, 0x71, 0xa9,
+    0x76, 0xca, 0xae, 0x79, 0xc7, 0x2b, 0x68, 0xd2, 0x85, 0x80, 0xdc, 0x68,
+    0x6d, 0x9f, 0x51, 0x29, 0xd2, 0x25, 0xf8, 0x2b, 0x3d, 0x61, 0x55, 0x13,
+    0xa8, 0x82, 0xb3, 0xdb, 0x91, 0x41, 0x6b, 0x48, 0xce, 0x08, 0x88, 0x82,
+    0x13, 0xe3, 0x7e, 0xeb, 0x9a, 0xf8, 0x00, 0xd8, 0x1c, 0xab, 0x32, 0x8c,
+    0xe4, 0x20, 0x68, 0x99, 0x03, 0xc0, 0x0c, 0x7b, 0x5f, 0xd3, 0x1b, 0x75,
+    0x50, 0x3a, 0x6d, 0x41, 0x96, 0x84, 0xd6, 0x29, 0x02, 0x60, 0xf8, 0xeb,
+    0x97, 0xe9, 0x8d, 0xf1, 0x26, 0x64, 0xee, 0xfd, 0xb7, 0x61, 0x59, 0x6a,
+    0x69, 0xdd, 0xcd, 0x0e, 0x76, 0xda, 0xec, 0xe6, 0xed, 0x4b, 0xf5, 0xa1,
+    0xb5, 0x0a, 0xc0, 0x86, 0xf7, 0x92, 0x8a, 0x4d, 0x2f, 0x87, 0x26, 0xa7,
+    0x7e, 0x51, 0x5b, 0x74, 0xda, 0x41, 0x98, 0x8f, 0x22, 0x0b, 0x1c, 0xc8,
+    0x7a, 0xa1, 0xfc, 0x81, 0x0c, 0xe9, 0x9a, 0x82, 0xf2, 0xd1, 0xce, 0x82,
+    0x1e, 0xdc, 0xed, 0x79, 0x4c, 0x69, 0x41, 0xf4, 0x2c, 0x7a, 0x1a, 0x0b,
+    0x8c, 0x4d, 0x28, 0xc7, 0x5e, 0xc6, 0x0b, 0x65, 0x22, 0x79, 0xf6, 0x15,
+    0x4a, 0x76, 0x2a, 0xed, 0x16, 0x5d, 0x47, 0xde, 0xe3, 0x67, 0x02, 0x60,
+    0xed, 0x4d, 0x71, 0xd0, 0xa6, 0xe2, 0x4b, 0x93, 0xc2, 0xe5, 0xf6, 0xb4,
+    0xbb, 0xe0, 0x5f, 0x5f, 0xb0, 0xaf, 0xa0, 0x42, 0xd2, 0x04, 0xfe, 0x33,
+    0x78, 0xd3, 0x65, 0xc2, 0xf2, 0x88, 0xb6, 0xa8, 0xda, 0xd7, 0xef, 0xe4,
+    0x5d, 0x15, 0x3e, 0xef, 0x40, 0xca, 0xcc, 0x7b, 0x81, 0xff, 0x93, 0x40,
+    0x02, 0xd1, 0x08, 0x99, 0x4b, 0x94, 0xa5, 0xe4, 0x72, 0x8c, 0xd9, 0xc9,
+    0x63, 0x37, 0x5a, 0xe4, 0x99, 0x65, 0xbd, 0xa5, 0x5c, 0xbf, 0x0e, 0xfe,
+    0xd8, 0xd6, 0x55, 0x3b, 0x40, 0x27, 0xf2, 0xd8, 0x62, 0x08, 0xa6, 0xe6,
+    0xb4, 0x89, 0xc1, 0x76, 0x12, 0x80, 0x92, 0xd6, 0x29, 0xe4, 0x9d, 0x3d,
+    0x02, 0x60, 0x2b, 0xb6, 0x8b, 0xdd, 0xfb, 0x0c, 0x4f, 0x56, 0xc8, 0x55,
+    0x8b, 0xff, 0xaf, 0x89, 0x2d, 0x80, 0x43, 0x03, 0x78, 0x41, 0xe7, 0xfa,
+    0x81, 0xcf, 0xa6, 0x1a, 0x38, 0xc5, 0xe3, 0x9b, 0x90, 0x1c, 0x8e, 0xe7,
+    0x11, 0x22, 0xa5, 0xda, 0x22, 0x27, 0xbd, 0x6c, 0xde, 0xeb, 0x48, 0x14,
+    0x52, 0xc1, 0x2a, 0xd3, 0xd6, 0x1d, 0x5e, 0x4f, 0x77, 0x6a, 0x0a, 0xb5,
+    0x56, 0x59, 0x1b, 0xef, 0xe3, 0xe5, 0x9e, 0x5a, 0x7f, 0xdd, 0xb8, 0x34,
+    0x5e, 0x1f, 0x2f, 0x35, 0xb9, 0xf4, 0xce, 0xe5, 0x7c, 0x32, 0x41, 0x4c,
+    0x08, 0x6a, 0xec, 0x99, 0x3e, 0x93, 0x53, 0xe4, 0x80, 0xd9, 0xee, 0xc6,
+    0x28, 0x9f, 0x02, 0x60, 0x4f, 0xf8, 0x97, 0x70, 0x9f, 0xad, 0x07, 0x97,
+    0x46, 0x49, 0x45, 0x78, 0xe7, 0x0f, 0xd8, 0x54, 0x61, 0x30, 0xee, 0xab,
+    0x56, 0x27, 0xc4, 0x9b, 0x08, 0x0f, 0x05, 0xee, 0x4a, 0xd9, 0xf3, 0xe4,
+    0xb7, 0xcb, 0xa9, 0xd6, 0xa5, 0xdf, 0xf1, 0x13, 0xa4, 0x1c, 0x34, 0x09,
+    0x33, 0x68, 0x33, 0xf1, 0x90, 0x81, 0x6d, 0x8a, 0x6b, 0xc4, 0x2e, 0x9b,
+    0xec, 0x56, 0xb7, 0x56, 0x7d, 0x0f, 0x3c, 0x9c, 0x69, 0x6d, 0xb6, 0x19,
+    0xb2, 0x45, 0xd9, 0x01, 0xdd, 0x85, 0x6d, 0xb7, 0xc8, 0x09, 0x2e, 0x77,
+    0xe9, 0xa1, 0xcc, 0xcd, 0x56, 0xee, 0x4d, 0xba, 0x42, 0xc5, 0xfd, 0xb6,
+    0x1a, 0xec, 0x26, 0x69, 0x02, 0x60, 0x77, 0xb9, 0xd1, 0x13, 0x7b, 0x50,
+    0x40, 0x4a, 0x98, 0x27, 0x29, 0x31, 0x6e, 0xfa, 0xfc, 0x7d, 0xfe, 0x66,
+    0xd3, 0x4e, 0x5a, 0x18, 0x26, 0x00, 0xd5, 0xf3, 0x0a, 0x0a, 0x85, 0x12,
+    0x05, 0x1c, 0x56, 0x0d, 0x08, 0x1d, 0x4d, 0x0a, 0x18, 0x35, 0xec, 0x3d,
+    0x25, 0xa6, 0x0f, 0x4e, 0x4d, 0x6a, 0xa9, 0x48, 0xb2, 0xbf, 0x3d, 0xbb,
+    0x5b, 0x12, 0x4c, 0xbb, 0xc3, 0x48, 0x92, 0x55, 0xa3, 0xa9, 0x48, 0x37,
+    0x2f, 0x69, 0x78, 0x49, 0x67, 0x45, 0xf9, 0x43, 0xe1, 0xdb, 0x4f, 0x18,
+    0x38, 0x2c, 0xea, 0xa5, 0x05, 0xdf, 0xc6, 0x57, 0x57, 0xbb, 0x3f, 0x85,
+    0x7a, 0x58, 0xdc, 0xe5, 0x21, 0x56};
+const uint8_t kTestVector9Spki[] = {
+    0x30, 0x81, 0xdf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0xcd, 0x00, 0x30, 0x81,
+    0xc9, 0x02, 0x81, 0xc1, 0x00, 0xe6, 0xbd, 0x69, 0x2a, 0xc9, 0x66, 0x45,
+    0x79, 0x04, 0x03, 0xfd, 0xd0, 0xf5, 0xbe, 0xb8, 0xb9, 0xbf, 0x92, 0xed,
+    0x10, 0x00, 0x7f, 0xc3, 0x65, 0x04, 0x64, 0x19, 0xdd, 0x06, 0xc0, 0x5c,
+    0x5b, 0x5b, 0x2f, 0x48, 0xec, 0xf9, 0x89, 0xe4, 0xce, 0x26, 0x91, 0x09,
+    0x97, 0x9c, 0xbb, 0x40, 0xb4, 0xa0, 0xad, 0x24, 0xd2, 0x24, 0x83, 0xd1,
+    0xee, 0x31, 0x5a, 0xd4, 0xcc, 0xb1, 0x53, 0x42, 0x68, 0x35, 0x26, 0x91,
+    0xc5, 0x24, 0xf6, 0xdd, 0x8e, 0x6c, 0x29, 0xd2, 0x24, 0xcf, 0x24, 0x69,
+    0x73, 0xae, 0xc8, 0x6c, 0x5b, 0xf6, 0xb1, 0x40, 0x1a, 0x85, 0x0d, 0x1b,
+    0x9a, 0xd1, 0xbb, 0x8c, 0xbc, 0xec, 0x47, 0xb0, 0x6f, 0x0f, 0x8c, 0x7f,
+    0x45, 0xd3, 0xfc, 0x8f, 0x31, 0x92, 0x99, 0xc5, 0x43, 0x3d, 0xdb, 0xc2,
+    0xb3, 0x05, 0x3b, 0x47, 0xde, 0xd2, 0xec, 0xd4, 0xa4, 0xca, 0xef, 0xd6,
+    0x14, 0x83, 0x3d, 0xc8, 0xbb, 0x62, 0x2f, 0x31, 0x7e, 0xd0, 0x76, 0xb8,
+    0x05, 0x7f, 0xe8, 0xde, 0x3f, 0x84, 0x48, 0x0a, 0xd5, 0xe8, 0x3e, 0x4a,
+    0x61, 0x90, 0x4a, 0x4f, 0x24, 0x8f, 0xb3, 0x97, 0x02, 0x73, 0x57, 0xe1,
+    0xd3, 0x0e, 0x46, 0x31, 0x39, 0x81, 0x5c, 0x6f, 0xd4, 0xfd, 0x5a, 0xc5,
+    0xb8, 0x17, 0x2a, 0x45, 0x23, 0x0e, 0xcb, 0x63, 0x18, 0xa0, 0x4f, 0x14,
+    0x55, 0xd8, 0x4e, 0x5a, 0x8b, 0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 9.1
+const uint8_t kTestVector9Data[] = {
+    0xa8, 0x8e, 0x26, 0x58, 0x55, 0xe9, 0xd7, 0xca, 0x36, 0xc6, 0x87, 0x95,
+    0xf0, 0xb3, 0x1b, 0x59, 0x1c, 0xd6, 0x58, 0x7c, 0x71, 0xd0, 0x60, 0xa0,
+    0xb3, 0xf7, 0xf3, 0xea, 0xef, 0x43, 0x79, 0x59, 0x22, 0x02, 0x8b, 0xc2,
+    0xb6, 0xad, 0x46, 0x7c, 0xfc, 0x2d, 0x7f, 0x65, 0x9c, 0x53, 0x85, 0xaa,
+    0x70, 0xba, 0x36, 0x72, 0xcd, 0xde, 0x4c, 0xfe, 0x49, 0x70, 0xcc, 0x79,
+    0x04, 0x60, 0x1b, 0x27, 0x88, 0x72, 0xbf, 0x51, 0x32, 0x1c, 0x4a, 0x97,
+    0x2f, 0x3c, 0x95, 0x57, 0x0f, 0x34, 0x45, 0xd4, 0xf5, 0x79, 0x80, 0xe0,
+    0xf2, 0x0d, 0xf5, 0x48, 0x46, 0xe6, 0xa5, 0x2c, 0x66, 0x8f, 0x12, 0x88,
+    0xc0, 0x3f, 0x95, 0x00, 0x6e, 0xa3, 0x2f, 0x56, 0x2d, 0x40, 0xd5, 0x2a,
+    0xf9, 0xfe, 0xb3, 0x2f, 0x0f, 0xa0, 0x6d, 0xb6, 0x5b, 0x58, 0x8a, 0x23,
+    0x7b, 0x34, 0xe5, 0x92, 0xd5, 0x5c, 0xf9, 0x79, 0xf9, 0x03, 0xa6, 0x42,
+    0xef, 0x64, 0xd2, 0xed, 0x54, 0x2a, 0xa8, 0xc7, 0x7d, 0xc1, 0xdd, 0x76,
+    0x2f, 0x45, 0xa5, 0x93, 0x03, 0xed, 0x75, 0xe5, 0x41, 0xca, 0x27, 0x1e,
+    0x2b, 0x60, 0xca, 0x70, 0x9e, 0x44, 0xfa, 0x06, 0x61, 0x13, 0x1e, 0x8d,
+    0x5d, 0x41, 0x63, 0xfd, 0x8d, 0x39, 0x85, 0x66, 0xce, 0x26, 0xde, 0x87,
+    0x30, 0xe7, 0x2f, 0x9c, 0xca, 0x73, 0x76, 0x41, 0xc2, 0x44, 0x15, 0x94,
+    0x20, 0x63, 0x70, 0x28, 0xdf, 0x0a, 0x18, 0x07, 0x9d, 0x62, 0x08, 0xea,
+    0x8b, 0x47, 0x11, 0xa2, 0xc7, 0x50, 0xf5};
+const uint8_t kTestVector9Sig[] = {
+    0x58, 0x61, 0x07, 0x22, 0x6c, 0x3c, 0xe0, 0x13, 0xa7, 0xc8, 0xf0, 0x4d,
+    0x1a, 0x6a, 0x29, 0x59, 0xbb, 0x4b, 0x8e, 0x20, 0x5b, 0xa4, 0x3a, 0x27,
+    0xb5, 0x0f, 0x12, 0x41, 0x11, 0xbc, 0x35, 0xef, 0x58, 0x9b, 0x03, 0x9f,
+    0x59, 0x32, 0x18, 0x7c, 0xb6, 0x96, 0xd7, 0xd9, 0xa3, 0x2c, 0x0c, 0x38,
+    0x30, 0x0a, 0x5c, 0xdd, 0xa4, 0x83, 0x4b, 0x62, 0xd2, 0xeb, 0x24, 0x0a,
+    0xf3, 0x3f, 0x79, 0xd1, 0x3d, 0xfb, 0xf0, 0x95, 0xbf, 0x59, 0x9e, 0x0d,
+    0x96, 0x86, 0x94, 0x8c, 0x19, 0x64, 0x74, 0x7b, 0x67, 0xe8, 0x9c, 0x9a,
+    0xba, 0x5c, 0xd8, 0x50, 0x16, 0x23, 0x6f, 0x56, 0x6c, 0xc5, 0x80, 0x2c,
+    0xb1, 0x3e, 0xad, 0x51, 0xbc, 0x7c, 0xa6, 0xbe, 0xf3, 0xb9, 0x4d, 0xcb,
+    0xdb, 0xb1, 0xd5, 0x70, 0x46, 0x97, 0x71, 0xdf, 0x0e, 0x00, 0xb1, 0xa8,
+    0xa0, 0x67, 0x77, 0x47, 0x2d, 0x23, 0x16, 0x27, 0x9e, 0xda, 0xe8, 0x64,
+    0x74, 0x66, 0x8d, 0x4e, 0x1e, 0xff, 0xf9, 0x5f, 0x1d, 0xe6, 0x1c, 0x60,
+    0x20, 0xda, 0x32, 0xae, 0x92, 0xbb, 0xf1, 0x65, 0x20, 0xfe, 0xf3, 0xcf,
+    0x4d, 0x88, 0xf6, 0x11, 0x21, 0xf2, 0x4b, 0xbd, 0x9f, 0xe9, 0x1b, 0x59,
+    0xca, 0xf1, 0x23, 0x5b, 0x2a, 0x93, 0xff, 0x81, 0xfc, 0x40, 0x3a, 0xdd,
+    0xf4, 0xeb, 0xde, 0xa8, 0x49, 0x34, 0xa9, 0xcd, 0xaf, 0x8e, 0x1a, 0x9e};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector10Pkcs8[] = {
+    0x30, 0x82, 0x04, 0xb9, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
+    0x04, 0xa3, 0x30, 0x82, 0x04, 0x9f, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+    0x00, 0xa5, 0xdd, 0x86, 0x7a, 0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57,
+    0xd4, 0x8c, 0x14, 0xa7, 0x70, 0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e,
+    0xc6, 0x5f, 0xd1, 0x1a, 0xfa, 0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7,
+    0xac, 0x73, 0xb4, 0x5c, 0x00, 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3,
+    0x18, 0x75, 0x3b, 0x60, 0x27, 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80,
+    0x90, 0xfe, 0xe2, 0xa7, 0xad, 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba,
+    0x49, 0x97, 0xc7, 0xa4, 0x2d, 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae,
+    0x00, 0x1f, 0xe5, 0x21, 0xc1, 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5,
+    0xae, 0x4f, 0x5e, 0x4c, 0x7e, 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40,
+    0x71, 0xf2, 0x0e, 0x57, 0x7e, 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0,
+    0x6d, 0x1d, 0xe5, 0xae, 0x62, 0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3,
+    0x1a, 0x5d, 0xa5, 0xda, 0xbc, 0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d,
+    0x37, 0x39, 0xe2, 0x62, 0x79, 0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21,
+    0xdf, 0xf0, 0x4e, 0x6e, 0xea, 0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f,
+    0xf9, 0x30, 0x7e, 0xed, 0xe9, 0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85,
+    0xa2, 0x37, 0xd6, 0xd3, 0x70, 0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92,
+    0x07, 0x0d, 0xf7, 0xad, 0xf1, 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3,
+    0x66, 0x7d, 0xe8, 0x3f, 0x17, 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d,
+    0xce, 0x09, 0xcb, 0x4a, 0xd0, 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81,
+    0x98, 0xee, 0x27, 0xcf, 0x55, 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65,
+    0x82, 0xec, 0x8b, 0x17, 0x4b, 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c,
+    0x61, 0x37, 0x21, 0xae, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82,
+    0x01, 0x00, 0x2d, 0x2f, 0xf5, 0x67, 0xb3, 0xfe, 0x74, 0xe0, 0x61, 0x91,
+    0xb7, 0xfd, 0xed, 0x6d, 0xe1, 0x12, 0x29, 0x0c, 0x67, 0x06, 0x92, 0x43,
+    0x0d, 0x59, 0x69, 0x18, 0x40, 0x47, 0xda, 0x23, 0x4c, 0x96, 0x93, 0xde,
+    0xed, 0x16, 0x73, 0xed, 0x42, 0x95, 0x39, 0xc9, 0x69, 0xd3, 0x72, 0xc0,
+    0x4d, 0x6b, 0x47, 0xe0, 0xf5, 0xb8, 0xce, 0xe0, 0x84, 0x3e, 0x5c, 0x22,
+    0x83, 0x5d, 0xbd, 0x3b, 0x05, 0xa0, 0x99, 0x79, 0x84, 0xae, 0x60, 0x58,
+    0xb1, 0x1b, 0xc4, 0x90, 0x7c, 0xbf, 0x67, 0xed, 0x84, 0xfa, 0x9a, 0xe2,
+    0x52, 0xdf, 0xb0, 0xd0, 0xcd, 0x49, 0xe6, 0x18, 0xe3, 0x5d, 0xfd, 0xfe,
+    0x59, 0xbc, 0xa3, 0xdd, 0xd6, 0x6c, 0x33, 0xce, 0xbb, 0xc7, 0x7a, 0xd4,
+    0x41, 0xaa, 0x69, 0x5e, 0x13, 0xe3, 0x24, 0xb5, 0x18, 0xf0, 0x1c, 0x60,
+    0xf5, 0xa8, 0x5c, 0x99, 0x4a, 0xd1, 0x79, 0xf2, 0xa6, 0xb5, 0xfb, 0xe9,
+    0x34, 0x02, 0xb1, 0x17, 0x67, 0xbe, 0x01, 0xbf, 0x07, 0x34, 0x44, 0xd6,
+    0xba, 0x1d, 0xd2, 0xbc, 0xa5, 0xbd, 0x07, 0x4d, 0x4a, 0x5f, 0xae, 0x35,
+    0x31, 0xad, 0x13, 0x03, 0xd8, 0x4b, 0x30, 0xd8, 0x97, 0x31, 0x8c, 0xbb,
+    0xba, 0x04, 0xe0, 0x3c, 0x2e, 0x66, 0xde, 0x6d, 0x91, 0xf8, 0x2f, 0x96,
+    0xea, 0x1d, 0x4b, 0xb5, 0x4a, 0x5a, 0xae, 0x10, 0x2d, 0x59, 0x46, 0x57,
+    0xf5, 0xc9, 0x78, 0x95, 0x53, 0x51, 0x2b, 0x29, 0x6d, 0xea, 0x29, 0xd8,
+    0x02, 0x31, 0x96, 0x35, 0x7e, 0x3e, 0x3a, 0x6e, 0x95, 0x8f, 0x39, 0xe3,
+    0xc2, 0x34, 0x40, 0x38, 0xea, 0x60, 0x4b, 0x31, 0xed, 0xc6, 0xf0, 0xf7,
+    0xff, 0x6e, 0x71, 0x81, 0xa5, 0x7c, 0x92, 0x82, 0x6a, 0x26, 0x8f, 0x86,
+    0x76, 0x8e, 0x96, 0xf8, 0x78, 0x56, 0x2f, 0xc7, 0x1d, 0x85, 0xd6, 0x9e,
+    0x44, 0x86, 0x12, 0xf7, 0x04, 0x8f, 0x02, 0x81, 0x80, 0xcf, 0xd5, 0x02,
+    0x83, 0xfe, 0xee, 0xb9, 0x7f, 0x6f, 0x08, 0xd7, 0x3c, 0xbc, 0x7b, 0x38,
+    0x36, 0xf8, 0x2b, 0xbc, 0xd4, 0x99, 0x47, 0x9f, 0x5e, 0x6f, 0x76, 0xfd,
+    0xfc, 0xb8, 0xb3, 0x8c, 0x4f, 0x71, 0xdc, 0x9e, 0x88, 0xbd, 0x6a, 0x6f,
+    0x76, 0x37, 0x1a, 0xfd, 0x65, 0xd2, 0xaf, 0x18, 0x62, 0xb3, 0x2a, 0xfb,
+    0x34, 0xa9, 0x5f, 0x71, 0xb8, 0xb1, 0x32, 0x04, 0x3f, 0xfe, 0xbe, 0x3a,
+    0x95, 0x2b, 0xaf, 0x75, 0x92, 0x44, 0x81, 0x48, 0xc0, 0x3f, 0x9c, 0x69,
+    0xb1, 0xd6, 0x8e, 0x4c, 0xe5, 0xcf, 0x32, 0xc8, 0x6b, 0xaf, 0x46, 0xfe,
+    0xd3, 0x01, 0xca, 0x1a, 0xb4, 0x03, 0x06, 0x9b, 0x32, 0xf4, 0x56, 0xb9,
+    0x1f, 0x71, 0x89, 0x8a, 0xb0, 0x81, 0xcd, 0x8c, 0x42, 0x52, 0xef, 0x52,
+    0x71, 0x91, 0x5c, 0x97, 0x94, 0xb8, 0xf2, 0x95, 0x85, 0x1d, 0xa7, 0x51,
+    0x0f, 0x99, 0xcb, 0x73, 0xeb, 0x02, 0x81, 0x80, 0xcc, 0x4e, 0x90, 0xd2,
+    0xa1, 0xb3, 0xa0, 0x65, 0xd3, 0xb2, 0xd1, 0xf5, 0xa8, 0xfc, 0xe3, 0x1b,
+    0x54, 0x44, 0x75, 0x66, 0x4e, 0xab, 0x56, 0x1d, 0x29, 0x71, 0xb9, 0x9f,
+    0xb7, 0xbe, 0xf8, 0x44, 0xe8, 0xec, 0x1f, 0x36, 0x0b, 0x8c, 0x2a, 0xc8,
+    0x35, 0x96, 0x92, 0x97, 0x1e, 0xa6, 0xa3, 0x8f, 0x72, 0x3f, 0xcc, 0x21,
+    0x1f, 0x5d, 0xbc, 0xb1, 0x77, 0xa0, 0xfd, 0xac, 0x51, 0x64, 0xa1, 0xd4,
+    0xff, 0x7f, 0xbb, 0x4e, 0x82, 0x99, 0x86, 0x35, 0x3c, 0xb9, 0x83, 0x65,
+    0x9a, 0x14, 0x8c, 0xdd, 0x42, 0x0c, 0x7d, 0x31, 0xba, 0x38, 0x22, 0xea,
+    0x90, 0xa3, 0x2b, 0xe4, 0x6c, 0x03, 0x0e, 0x8c, 0x17, 0xe1, 0xfa, 0x0a,
+    0xd3, 0x78, 0x59, 0xe0, 0x6b, 0x0a, 0xa6, 0xfa, 0x3b, 0x21, 0x6d, 0x9c,
+    0xbe, 0x6c, 0x0e, 0x22, 0x33, 0x97, 0x69, 0xc0, 0xa6, 0x15, 0x91, 0x3e,
+    0x5d, 0xa7, 0x19, 0xcf, 0x02, 0x81, 0x80, 0x1c, 0x2d, 0x1f, 0xc3, 0x2f,
+    0x6b, 0xc4, 0x00, 0x4f, 0xd8, 0x5d, 0xfd, 0xe0, 0xfb, 0xbf, 0x9a, 0x4c,
+    0x38, 0xf9, 0xc7, 0xc4, 0xe4, 0x1d, 0xea, 0x1a, 0xa8, 0x82, 0x34, 0xa2,
+    0x01, 0xcd, 0x92, 0xf3, 0xb7, 0xda, 0x52, 0x65, 0x83, 0xa9, 0x8a, 0xd8,
+    0x5b, 0xb3, 0x60, 0xfb, 0x98, 0x3b, 0x71, 0x1e, 0x23, 0x44, 0x9d, 0x56,
+    0x1d, 0x17, 0x78, 0xd7, 0xa5, 0x15, 0x48, 0x6b, 0xcb, 0xf4, 0x7b, 0x46,
+    0xc9, 0xe9, 0xe1, 0xa3, 0xa1, 0xf7, 0x70, 0x00, 0xef, 0xbe, 0xb0, 0x9a,
+    0x8a, 0xfe, 0x47, 0xe5, 0xb8, 0x57, 0xcd, 0xa9, 0x9c, 0xb1, 0x6d, 0x7f,
+    0xff, 0x9b, 0x71, 0x2e, 0x3b, 0xd6, 0x0c, 0xa9, 0x6d, 0x9c, 0x79, 0x73,
+    0xd6, 0x16, 0xd4, 0x69, 0x34, 0xa9, 0xc0, 0x50, 0x28, 0x1c, 0x00, 0x43,
+    0x99, 0xce, 0xff, 0x1d, 0xb7, 0xdd, 0xa7, 0x87, 0x66, 0xa8, 0xa9, 0xb9,
+    0xcb, 0x08, 0x73, 0x02, 0x81, 0x80, 0xcb, 0x3b, 0x3c, 0x04, 0xca, 0xa5,
+    0x8c, 0x60, 0xbe, 0x7d, 0x9b, 0x2d, 0xeb, 0xb3, 0xe3, 0x96, 0x43, 0xf4,
+    0xf5, 0x73, 0x97, 0xbe, 0x08, 0x23, 0x6a, 0x1e, 0x9e, 0xaf, 0xaa, 0x70,
+    0x65, 0x36, 0xe7, 0x1c, 0x3a, 0xcf, 0xe0, 0x1c, 0xc6, 0x51, 0xf2, 0x3c,
+    0x9e, 0x05, 0x85, 0x8f, 0xee, 0x13, 0xbb, 0x6a, 0x8a, 0xfc, 0x47, 0xdf,
+    0x4e, 0xdc, 0x9a, 0x4b, 0xa3, 0x0b, 0xce, 0xcb, 0x73, 0xd0, 0x15, 0x78,
+    0x52, 0x32, 0x7e, 0xe7, 0x89, 0x01, 0x5c, 0x2e, 0x8d, 0xee, 0x7b, 0x9f,
+    0x05, 0xa0, 0xf3, 0x1a, 0xc9, 0x4e, 0xb6, 0x17, 0x31, 0x64, 0x74, 0x0c,
+    0x5c, 0x95, 0x14, 0x7c, 0xd5, 0xf3, 0xb5, 0xae, 0x2c, 0xb4, 0xa8, 0x37,
+    0x87, 0xf0, 0x1d, 0x8a, 0xb3, 0x1f, 0x27, 0xc2, 0xd0, 0xee, 0xa2, 0xdd,
+    0x8a, 0x11, 0xab, 0x90, 0x6a, 0xba, 0x20, 0x7c, 0x43, 0xc6, 0xee, 0x12,
+    0x53, 0x31, 0x02, 0x81, 0x80, 0x12, 0xf6, 0xb2, 0xcf, 0x13, 0x74, 0xa7,
+    0x36, 0xfa, 0xd0, 0x56, 0x16, 0x05, 0x0f, 0x96, 0xab, 0x4b, 0x61, 0xd1,
+    0x17, 0x7c, 0x7f, 0x9d, 0x52, 0x5a, 0x29, 0xf3, 0xd1, 0x80, 0xe7, 0x76,
+    0x67, 0xe9, 0x9d, 0x99, 0xab, 0xf0, 0x52, 0x5d, 0x07, 0x58, 0x66, 0x0f,
+    0x37, 0x52, 0x65, 0x5b, 0x0f, 0x25, 0xb8, 0xdf, 0x84, 0x31, 0xd9, 0xa8,
+    0xff, 0x77, 0xc1, 0x6c, 0x12, 0xa0, 0xa5, 0x12, 0x2a, 0x9f, 0x0b, 0xf7,
+    0xcf, 0xd5, 0xa2, 0x66, 0xa3, 0x5c, 0x15, 0x9f, 0x99, 0x12, 0x08, 0xb9,
+    0x03, 0x16, 0xff, 0x44, 0x4f, 0x3e, 0x0b, 0x6b, 0xd0, 0xe9, 0x3b, 0x8a,
+    0x7a, 0x24, 0x48, 0xe9, 0x57, 0xe3, 0xdd, 0xa6, 0xcf, 0xcf, 0x22, 0x66,
+    0xb1, 0x06, 0x01, 0x3a, 0xc4, 0x68, 0x08, 0xd3, 0xb3, 0x88, 0x7b, 0x3b,
+    0x00, 0x34, 0x4b, 0xaa, 0xc9, 0x53, 0x0b, 0x4c, 0xe7, 0x08, 0xfc, 0x32,
+    0xb6};
+const uint8_t kTestVector10Spki[] = {
+    0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00,
+    0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a,
+    0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70,
+    0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa,
+    0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00,
+    0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27,
+    0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad,
+    0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d,
+    0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1,
+    0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e,
+    0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e,
+    0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
+    0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc,
+    0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79,
+    0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea,
+    0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9,
+    0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70,
+    0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1,
+    0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17,
+    0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0,
+    0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55,
+    0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b,
+    0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05,
+    0x02, 0x03, 0x01, 0x00, 0x01};
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1
+const uint8_t kTestVector10Data[] = {
+    0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9,
+    0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f,
+    0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09};
+const uint8_t kTestVector10Sig[] = {
+    0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b,
+    0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f,
+    0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd,
+    0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14,
+    0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5,
+    0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20,
+    0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6,
+    0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74,
+    0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73,
+    0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0,
+    0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce,
+    0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16,
+    0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
+    0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8,
+    0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77,
+    0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00,
+    0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86,
+    0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f,
+    0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f,
+    0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1,
+    0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70,
+    0xd0, 0x7e, 0x16, 0x66};
+
+}  // namespace nss_test
diff --git a/nss/gtests/pk11_gtest/pk11_signature_test.h b/nss/gtests/pk11_gtest/pk11_signature_test.h
new file mode 100644
index 0000000..ea84764
--- /dev/null
+++ b/nss/gtests/pk11_gtest/pk11_signature_test.h
@@ -0,0 +1,140 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "sechash.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+static unsigned char* toUcharPtr(const uint8_t* v) {
+  return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
+}
+
+class Pk11SignatureTest : public ::testing::Test {
+ protected:
+  virtual CK_MECHANISM_TYPE mechanism() = 0;
+  virtual SECItem* parameters() = 0;
+  virtual SECOidTag hashOID() = 0;
+
+  ScopedSECKEYPrivateKey ImportPrivateKey(const uint8_t* pkcs8,
+                                          size_t pkcs8_len) {
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+    if (!slot) {
+      return nullptr;
+    }
+
+    SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8),
+                         static_cast<unsigned int>(pkcs8_len)};
+
+    SECKEYPrivateKey* key = nullptr;
+    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+        slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL, &key,
+        nullptr);
+
+    if (rv != SECSuccess) {
+      return nullptr;
+    }
+
+    return ScopedSECKEYPrivateKey(key);
+  }
+
+  ScopedSECKEYPublicKey ImportPublicKey(const uint8_t* spki, size_t spki_len) {
+    SECItem spkiItem = {siBuffer, toUcharPtr(spki),
+                        static_cast<unsigned int>(spki_len)};
+
+    ScopedCERTSubjectPublicKeyInfo certSpki(
+        SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+
+    return ScopedSECKEYPublicKey(SECKEY_ExtractPublicKey(certSpki.get()));
+  }
+
+  ScopedSECItem ComputeHash(const uint8_t* data, size_t len) {
+    unsigned int hLen = HASH_ResultLenByOidTag(hashOID());
+    ScopedSECItem hash(SECITEM_AllocItem(nullptr, nullptr, hLen));
+    if (!hash) {
+      return nullptr;
+    }
+
+    SECStatus rv = PK11_HashBuf(hashOID(), hash->data, data, len);
+    if (rv != SECSuccess) {
+      return nullptr;
+    }
+
+    return hash;
+  }
+
+  ScopedSECItem SignHashedData(ScopedSECKEYPrivateKey& privKey,
+                               ScopedSECItem& hash) {
+    unsigned int sLen = PK11_SignatureLen(privKey.get());
+    ScopedSECItem sig(SECITEM_AllocItem(nullptr, nullptr, sLen));
+    if (!sig) {
+      return nullptr;
+    }
+
+    SECStatus rv = PK11_SignWithMechanism(privKey.get(), mechanism(),
+                                          parameters(), sig.get(), hash.get());
+    if (rv != SECSuccess) {
+      return nullptr;
+    }
+
+    return sig;
+  }
+
+  ScopedSECItem ImportPrivateKeyAndSignHashedData(const uint8_t* pkcs8,
+                                                  size_t pkcs8_len,
+                                                  const uint8_t* data,
+                                                  size_t data_len) {
+    ScopedSECKEYPrivateKey privKey(ImportPrivateKey(pkcs8, pkcs8_len));
+    if (!privKey) {
+      return nullptr;
+    }
+
+    ScopedSECItem hash(ComputeHash(data, data_len));
+    if (!hash) {
+      return nullptr;
+    }
+
+    return ScopedSECItem(SignHashedData(privKey, hash));
+  }
+
+  void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data,
+              size_t data_len, const uint8_t* sig, size_t sig_len) {
+    ScopedSECKEYPublicKey pubKey(ImportPublicKey(spki, spki_len));
+    ASSERT_TRUE(pubKey);
+
+    ScopedSECItem hash(ComputeHash(data, data_len));
+    ASSERT_TRUE(hash);
+
+    SECItem sigItem = {siBuffer, toUcharPtr(sig),
+                       static_cast<unsigned int>(sig_len)};
+
+    // Verify.
+    SECStatus rv = PK11_VerifyWithMechanism(
+        pubKey.get(), mechanism(), parameters(), &sigItem, hash.get(), nullptr);
+    EXPECT_EQ(rv, SECSuccess);
+  }
+
+  void SignAndVerify(const uint8_t* pkcs8, size_t pkcs8_len,
+                     const uint8_t* spki, size_t spki_len, const uint8_t* data,
+                     size_t data_len) {
+    ScopedSECItem sig(
+        ImportPrivateKeyAndSignHashedData(pkcs8, pkcs8_len, data, data_len));
+    ASSERT_TRUE(sig);
+
+    Verify(spki, spki_len, data, data_len, sig->data, sig->len);
+  }
+};
+
+#define SIG_TEST_VECTOR_VERIFY(spki, data, sig) \
+  Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
+
+#define SIG_TEST_VECTOR_SIGN_VERIFY(pkcs8, spki, data) \
+  SignAndVerify(pkcs8, sizeof(pkcs8), spki, sizeof(spki), data, sizeof(data));
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/Makefile b/nss/gtests/ssl_gtest/Makefile
new file mode 100644
index 0000000..a9a9290
--- /dev/null
+++ b/nss/gtests/ssl_gtest/Makefile
@@ -0,0 +1,56 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/ssl
+
+ifdef NSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
+ifdef NSS_DISABLE_TLS_1_3
+NSS_DISABLE_TLS_1_3=1
+# Run parameterized tests only, for which we can easily exclude TLS 1.3
+CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
+CFLAGS += -DNSS_DISABLE_TLS_1_3
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/gtests/ssl_gtest/databuffer.h b/nss/gtests/ssl_gtest/databuffer.h
new file mode 100644
index 0000000..e7236d4
--- /dev/null
+++ b/nss/gtests/ssl_gtest/databuffer.h
@@ -0,0 +1,191 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef databuffer_h__
+#define databuffer_h__
+
+#include <algorithm>
+#include <cassert>
+#include <cstring>
+#include <iomanip>
+#include <iostream>
+#if defined(WIN32) || defined(WIN64)
+#include <winsock2.h>
+#else
+#include <arpa/inet.h>
+#endif
+
+extern bool g_ssl_gtest_verbose;
+
+namespace nss_test {
+
+class DataBuffer {
+ public:
+  DataBuffer() : data_(nullptr), len_(0) {}
+  DataBuffer(const uint8_t* data, size_t len) : data_(nullptr), len_(0) {
+    Assign(data, len);
+  }
+  DataBuffer(const DataBuffer& other) : data_(nullptr), len_(0) {
+    Assign(other);
+  }
+  ~DataBuffer() { delete[] data_; }
+
+  DataBuffer& operator=(const DataBuffer& other) {
+    if (&other != this) {
+      Assign(other);
+    }
+    return *this;
+  }
+
+  void Allocate(size_t len) {
+    delete[] data_;
+    data_ = new uint8_t[len ? len : 1];  // Don't depend on new [0].
+    len_ = len;
+  }
+
+  void Truncate(size_t len) { len_ = std::min(len_, len); }
+
+  void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
+
+  void Assign(const uint8_t* data, size_t len) {
+    if (data) {
+      Allocate(len);
+      memcpy(static_cast<void*>(data_), static_cast<const void*>(data), len);
+    } else {
+      assert(len == 0);
+      data_ = nullptr;
+      len_ = 0;
+    }
+  }
+
+  // Write will do a new allocation and expand the size of the buffer if needed.
+  // Returns the offset of the end of the write.
+  size_t Write(size_t index, const uint8_t* val, size_t count) {
+    assert(val);
+    if (index + count > len_) {
+      size_t newlen = index + count;
+      uint8_t* tmp = new uint8_t[newlen];  // Always > 0.
+      if (data_) {
+        memcpy(static_cast<void*>(tmp), static_cast<const void*>(data_), len_);
+      }
+      if (index > len_) {
+        memset(static_cast<void*>(tmp + len_), 0, index - len_);
+      }
+      delete[] data_;
+      data_ = tmp;
+      len_ = newlen;
+    }
+    if (data_) {
+      memcpy(static_cast<void*>(data_ + index), static_cast<const void*>(val),
+             count);
+    }
+    return index + count;
+  }
+
+  size_t Write(size_t index, const DataBuffer& buf) {
+    return Write(index, buf.data(), buf.len());
+  }
+
+  // Write an integer, also performing host-to-network order conversion.
+  // Returns the offset of the end of the write.
+  size_t Write(size_t index, uint32_t val, size_t count) {
+    assert(count <= sizeof(uint32_t));
+    uint32_t nvalue = htonl(val);
+    auto* addr = reinterpret_cast<const uint8_t*>(&nvalue);
+    return Write(index, addr + sizeof(uint32_t) - count, count);
+  }
+
+  // This can't use the same trick as Write(), since we might be reading from a
+  // smaller data source.
+  bool Read(size_t index, size_t count, uint32_t* val) const {
+    assert(count < sizeof(uint32_t));
+    assert(val);
+    if ((index > len()) || (count > (len() - index))) {
+      return false;
+    }
+    *val = 0;
+    for (size_t i = 0; i < count; ++i) {
+      *val = (*val << 8) | data()[index + i];
+    }
+    return true;
+  }
+
+  // Starting at |index|, remove |remove| bytes and replace them with the
+  // contents of |buf|.
+  void Splice(const DataBuffer& buf, size_t index, size_t remove = 0) {
+    Splice(buf.data(), buf.len(), index, remove);
+  }
+
+  void Splice(const uint8_t* ins, size_t ins_len, size_t index,
+              size_t remove = 0) {
+    assert(ins);
+    uint8_t* old_value = data_;
+    size_t old_len = len_;
+
+    // The amount of stuff remaining from the tail of the old.
+    size_t tail_len = old_len - std::min(old_len, index + remove);
+    // The new length: the head of the old, the new, and the tail of the old.
+    len_ = index + ins_len + tail_len;
+    data_ = new uint8_t[len_ ? len_ : 1];
+
+    // The head of the old.
+    if (old_value) {
+      Write(0, old_value, std::min(old_len, index));
+    }
+    // Maybe a gap.
+    if (old_value && index > old_len) {
+      memset(old_value + index, 0, index - old_len);
+    }
+    // The new.
+    Write(index, ins, ins_len);
+    // The tail of the old.
+    if (tail_len > 0) {
+      Write(index + ins_len, old_value + index + remove, tail_len);
+    }
+
+    delete[] old_value;
+  }
+
+  void Append(const DataBuffer& buf) { Splice(buf, len_); }
+
+  const uint8_t* data() const { return data_; }
+  uint8_t* data() { return data_; }
+  size_t len() const { return len_; }
+  bool empty() const { return len_ == 0; }
+
+ private:
+  uint8_t* data_;
+  size_t len_;
+};
+
+static const size_t kMaxBufferPrint = 32;
+
+inline std::ostream& operator<<(std::ostream& stream, const DataBuffer& buf) {
+  stream << "[" << buf.len() << "] ";
+  for (size_t i = 0; i < buf.len(); ++i) {
+    if (!g_ssl_gtest_verbose && i >= kMaxBufferPrint) {
+      stream << "...";
+      break;
+    }
+    stream << std::hex << std::setfill('0') << std::setw(2)
+           << static_cast<unsigned>(buf.data()[i]);
+  }
+  stream << std::dec;
+  return stream;
+}
+
+inline bool operator==(const DataBuffer& a, const DataBuffer& b) {
+  return (a.empty() && b.empty()) ||
+         (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
+}
+
+inline bool operator!=(const DataBuffer& a, const DataBuffer& b) {
+  return !(a == b);
+}
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/gtests/ssl_gtest/gtest_utils.h b/nss/gtests/ssl_gtest/gtest_utils.h
new file mode 100644
index 0000000..2344c3c
--- /dev/null
+++ b/nss/gtests/ssl_gtest/gtest_utils.h
@@ -0,0 +1,57 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef gtest_utils_h__
+#define gtest_utils_h__
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+#include "test_io.h"
+
+namespace nss_test {
+
+// Gtest utilities
+class Timeout : public PollTarget {
+ public:
+  Timeout(int32_t timer_ms) : handle_(nullptr) {
+    Poller::Instance()->SetTimer(timer_ms, this, &Timeout::ExpiredCallback,
+                                 &handle_);
+  }
+  ~Timeout() {
+    if (handle_) {
+      handle_->Cancel();
+    }
+  }
+
+  static void ExpiredCallback(PollTarget* target, Event event) {
+    Timeout* timeout = static_cast<Timeout*>(target);
+    timeout->handle_ = nullptr;
+  }
+
+  bool timed_out() const { return !handle_; }
+
+ private:
+  std::shared_ptr<Poller::Timer> handle_;
+};
+
+}  // namespace nss_test
+
+#define WAIT_(expression, timeout) \
+  do {                             \
+    Timeout tm(timeout);           \
+    while (!(expression)) {        \
+      Poller::Instance()->Poll();  \
+      if (tm.timed_out()) break;   \
+    }                              \
+  } while (0)
+
+#define ASSERT_TRUE_WAIT(expression, timeout) \
+  do {                                        \
+    WAIT_(expression, timeout);               \
+    ASSERT_TRUE(expression);                  \
+  } while (0)
+
+#endif
diff --git a/nss/gtests/ssl_gtest/libssl_internals.c b/nss/gtests/ssl_gtest/libssl_internals.c
new file mode 100644
index 0000000..dd168d2
--- /dev/null
+++ b/nss/gtests/ssl_gtest/libssl_internals.c
@@ -0,0 +1,373 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file contains functions for frobbing the internals of libssl */
+#include "libssl_internals.h"
+
+#include "nss.h"
+#include "pk11pub.h"
+#include "seccomon.h"
+
+SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  ++ss->clientHelloVersion;
+
+  return SECSuccess;
+}
+
+/* Use this function to update the ClientRandom of a client's handshake state
+ * after replacing its ClientHello message. We for example need to do this
+ * when replacing an SSLv3 ClientHello with its SSLv2 equivalent. */
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  SECStatus rv = ssl3_InitState(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+
+  rv = ssl3_RestartHandshakeHashes(ss);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+
+  // Ensure we don't overrun hs.client_random.
+  rnd_len = PR_MIN(SSL3_RANDOM_LENGTH, rnd_len);
+
+  // Zero the client_random struct.
+  PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
+
+  // Copy over the challenge bytes.
+  size_t offset = SSL3_RANDOM_LENGTH - rnd_len;
+  PORT_Memcpy(&ss->ssl3.hs.client_random.rand[offset], rnd, rnd_len);
+
+  // Rehash the SSLv2 client hello message.
+  return ssl3_UpdateHandshakeHashes(ss, msg, msg_len);
+}
+
+PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  return (PRBool)(ss && ssl3_ExtensionNegotiated(ss, ext));
+}
+
+void SSLInt_ClearSessionTicketKey() { ssl_ResetSessionTicketKeys(); }
+
+SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (ss) {
+    ss->ssl3.mtu = mtu;
+    return SECSuccess;
+  }
+  return SECFailure;
+}
+
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd) {
+  PRCList *cur_p;
+  PRInt32 ct = 0;
+
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return -1;
+  }
+
+  for (cur_p = PR_NEXT_LINK(&ss->ssl3.hs.cipherSpecs);
+       cur_p != &ss->ssl3.hs.cipherSpecs; cur_p = PR_NEXT_LINK(cur_p)) {
+    ++ct;
+  }
+  return ct;
+}
+
+void SSLInt_PrintTls13CipherSpecs(PRFileDesc *fd) {
+  PRCList *cur_p;
+
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return;
+  }
+
+  fprintf(stderr, "Cipher specs\n");
+  for (cur_p = PR_NEXT_LINK(&ss->ssl3.hs.cipherSpecs);
+       cur_p != &ss->ssl3.hs.cipherSpecs; cur_p = PR_NEXT_LINK(cur_p)) {
+    ssl3CipherSpec *spec = (ssl3CipherSpec *)cur_p;
+    fprintf(stderr, "  %s\n", spec->phase);
+  }
+}
+
+/* Force a timer expiry by backdating when the timer was started.
+ * We could set the remaining time to 0 but then backoff would not
+ * work properly if we decide to test it. */
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return;
+  }
+
+  if (!ss->ssl3.hs.rtTimerCb) return;
+
+  ss->ssl3.hs.rtTimerStarted =
+      PR_IntervalNow() - PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs + 1);
+}
+
+#define CHECK_SECRET(secret)                  \
+  if (ss->ssl3.hs.secret) {                   \
+    fprintf(stderr, "%s != NULL\n", #secret); \
+    return PR_FALSE;                          \
+  }
+
+PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  CHECK_SECRET(currentSecret);
+  CHECK_SECRET(resumptionMasterSecret);
+  CHECK_SECRET(dheSecret);
+  CHECK_SECRET(clientEarlyTrafficSecret);
+  CHECK_SECRET(clientHsTrafficSecret);
+  CHECK_SECRET(serverHsTrafficSecret);
+
+  return PR_TRUE;
+}
+
+PRBool sslint_DamageTrafficSecret(PRFileDesc *fd, size_t offset) {
+  unsigned char data[32] = {0};
+  PK11SymKey **keyPtr;
+  PK11SlotInfo *slot = PK11_GetInternalSlot();
+  SECItem key_item = {siBuffer, data, sizeof(data)};
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+  if (!slot) {
+    return PR_FALSE;
+  }
+  keyPtr = (PK11SymKey **)((char *)&ss->ssl3.hs + offset);
+  if (!*keyPtr) {
+    return PR_FALSE;
+  }
+  PK11_FreeSymKey(*keyPtr);
+  *keyPtr = PK11_ImportSymKey(slot, CKM_NSS_HKDF_SHA256, PK11_OriginUnwrap,
+                              CKA_DERIVE, &key_item, NULL);
+  PK11_FreeSlot(slot);
+  if (!*keyPtr) {
+    return PR_FALSE;
+  }
+
+  return PR_TRUE;
+}
+
+PRBool SSLInt_DamageClientHsTrafficSecret(PRFileDesc *fd) {
+  return sslint_DamageTrafficSecret(
+      fd, offsetof(SSL3HandshakeState, clientHsTrafficSecret));
+}
+
+PRBool SSLInt_DamageServerHsTrafficSecret(PRFileDesc *fd) {
+  return sslint_DamageTrafficSecret(
+      fd, offsetof(SSL3HandshakeState, serverHsTrafficSecret));
+}
+
+PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd) {
+  return sslint_DamageTrafficSecret(
+      fd, offsetof(SSL3HandshakeState, clientEarlyTrafficSecret));
+}
+
+SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  ss->xtnData.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
+  if (ss->xtnData.nextProto.data) {
+    SECITEM_FreeItem(&ss->xtnData.nextProto, PR_FALSE);
+  }
+  if (!SECITEM_AllocItem(NULL, &ss->xtnData.nextProto, len)) return SECFailure;
+  PORT_Memcpy(ss->xtnData.nextProto.data, data, len);
+
+  return SECSuccess;
+}
+
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  return (PRBool)(!!ssl_FindServerCert(ss, authType, NULL));
+}
+
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  SECStatus rv = SSL3_SendAlert(ss, level, type);
+  if (rv != SECSuccess) return PR_FALSE;
+
+  return PR_TRUE;
+}
+
+PRBool SSLInt_SendNewSessionTicket(PRFileDesc *fd) {
+  sslSocket *ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return PR_FALSE;
+  }
+
+  ssl_GetSSL3HandshakeLock(ss);
+  ssl_GetXmitBufLock(ss);
+
+  SECStatus rv = tls13_SendNewSessionTicket(ss);
+  if (rv == SECSuccess) {
+    rv = ssl3_FlushHandshake(ss, 0);
+  }
+
+  ssl_ReleaseXmitBufLock(ss);
+  ssl_ReleaseSSL3HandshakeLock(ss);
+
+  return rv == SECSuccess;
+}
+
+SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to) {
+  PRUint64 epoch;
+  sslSocket *ss;
+  ssl3CipherSpec *spec;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+  if (to >= (1ULL << 48)) {
+    return SECFailure;
+  }
+  ssl_GetSpecWriteLock(ss);
+  spec = ss->ssl3.crSpec;
+  epoch = spec->read_seq_num >> 48;
+  spec->read_seq_num = (epoch << 48) | to;
+
+  /* For DTLS, we need to fix the record sequence number.  For this, we can just
+   * scrub the entire structure on the assumption that the new sequence number
+   * is far enough past the last received sequence number. */
+  if (to <= spec->recvdRecords.right + DTLS_RECVD_RECORDS_WINDOW) {
+    return SECFailure;
+  }
+  dtls_RecordSetRecvd(&spec->recvdRecords, to);
+
+  ssl_ReleaseSpecWriteLock(ss);
+  return SECSuccess;
+}
+
+SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to) {
+  PRUint64 epoch;
+  sslSocket *ss;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+  if (to >= (1ULL << 48)) {
+    return SECFailure;
+  }
+  ssl_GetSpecWriteLock(ss);
+  epoch = ss->ssl3.cwSpec->write_seq_num >> 48;
+  ss->ssl3.cwSpec->write_seq_num = (epoch << 48) | to;
+  ssl_ReleaseSpecWriteLock(ss);
+  return SECSuccess;
+}
+
+SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra) {
+  sslSocket *ss;
+  sslSequenceNumber to;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+  ssl_GetSpecReadLock(ss);
+  to = ss->ssl3.cwSpec->write_seq_num + DTLS_RECVD_RECORDS_WINDOW + extra;
+  ssl_ReleaseSpecReadLock(ss);
+  return SSLInt_AdvanceWriteSeqNum(fd, to & RECORD_SEQ_MAX);
+}
+
+SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group) {
+  const sslNamedGroupDef *groupDef = ssl_LookupNamedGroup(group);
+  if (!groupDef) return ssl_kea_null;
+
+  return groupDef->keaType;
+}
+
+SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd,
+                                         sslCipherSpecChangedFunc func,
+                                         void *arg) {
+  sslSocket *ss;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  ss->ssl3.changedCipherSpecFunc = func;
+  ss->ssl3.changedCipherSpecArg = arg;
+
+  return SECSuccess;
+}
+
+static ssl3KeyMaterial *GetKeyingMaterial(PRBool isServer,
+                                          ssl3CipherSpec *spec) {
+  return isServer ? &spec->server : &spec->client;
+}
+
+PK11SymKey *SSLInt_CipherSpecToKey(PRBool isServer, ssl3CipherSpec *spec) {
+  return GetKeyingMaterial(isServer, spec)->write_key;
+}
+
+SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(PRBool isServer,
+                                                ssl3CipherSpec *spec) {
+  return spec->cipher_def->calg;
+}
+
+unsigned char *SSLInt_CipherSpecToIv(PRBool isServer, ssl3CipherSpec *spec) {
+  return GetKeyingMaterial(isServer, spec)->write_iv;
+}
+
+SECStatus SSLInt_EnableShortHeaders(PRFileDesc *fd) {
+  sslSocket *ss;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  ss->opt.enableShortHeaders = PR_TRUE;
+  return SECSuccess;
+}
+
+SECStatus SSLInt_UsingShortHeaders(PRFileDesc *fd, PRBool *result) {
+  sslSocket *ss;
+
+  ss = ssl_FindSocket(fd);
+  if (!ss) {
+    return SECFailure;
+  }
+
+  *result = ss->ssl3.hs.shortHeaders;
+
+  return SECSuccess;
+}
+
+void SSLInt_SetTicketLifetime(uint32_t lifetime) {
+  ssl_ticket_lifetime = lifetime;
+}
diff --git a/nss/gtests/ssl_gtest/libssl_internals.h b/nss/gtests/ssl_gtest/libssl_internals.h
new file mode 100644
index 0000000..9058f32
--- /dev/null
+++ b/nss/gtests/ssl_gtest/libssl_internals.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef libssl_internals_h_
+#define libssl_internals_h_
+
+#include <stdint.h>
+
+#include "prio.h"
+#include "seccomon.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslt.h"
+
+SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd);
+
+SECStatus SSLInt_UpdateSSLv2ClientRandom(PRFileDesc *fd, uint8_t *rnd,
+                                         size_t rnd_len, uint8_t *msg,
+                                         size_t msg_len);
+
+PRBool SSLInt_ExtensionNegotiated(PRFileDesc *fd, PRUint16 ext);
+void SSLInt_ClearSessionTicketKey();
+PRInt32 SSLInt_CountTls13CipherSpecs(PRFileDesc *fd);
+void SSLInt_PrintTls13CipherSpecs(PRFileDesc *fd);
+void SSLInt_ForceTimerExpiry(PRFileDesc *fd);
+SECStatus SSLInt_SetMTU(PRFileDesc *fd, PRUint16 mtu);
+PRBool SSLInt_CheckSecretsDestroyed(PRFileDesc *fd);
+PRBool SSLInt_DamageClientHsTrafficSecret(PRFileDesc *fd);
+PRBool SSLInt_DamageServerHsTrafficSecret(PRFileDesc *fd);
+PRBool SSLInt_DamageEarlyTrafficSecret(PRFileDesc *fd);
+SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len);
+PRBool SSLInt_HasCertWithAuthType(PRFileDesc *fd, SSLAuthType authType);
+PRBool SSLInt_SendAlert(PRFileDesc *fd, uint8_t level, uint8_t type);
+PRBool SSLInt_SendNewSessionTicket(PRFileDesc *fd);
+SECStatus SSLInt_AdvanceWriteSeqNum(PRFileDesc *fd, PRUint64 to);
+SECStatus SSLInt_AdvanceReadSeqNum(PRFileDesc *fd, PRUint64 to);
+SECStatus SSLInt_AdvanceWriteSeqByAWindow(PRFileDesc *fd, PRInt32 extra);
+SSLKEAType SSLInt_GetKEAType(SSLNamedGroup group);
+
+SECStatus SSLInt_SetCipherSpecChangeFunc(PRFileDesc *fd,
+                                         sslCipherSpecChangedFunc func,
+                                         void *arg);
+PK11SymKey *SSLInt_CipherSpecToKey(PRBool isServer, ssl3CipherSpec *spec);
+SSLCipherAlgorithm SSLInt_CipherSpecToAlgorithm(PRBool isServer,
+                                                ssl3CipherSpec *spec);
+unsigned char *SSLInt_CipherSpecToIv(PRBool isServer, ssl3CipherSpec *spec);
+SECStatus SSLInt_EnableShortHeaders(PRFileDesc *fd);
+SECStatus SSLInt_UsingShortHeaders(PRFileDesc *fd, PRBool *result);
+void SSLInt_SetTicketLifetime(uint32_t lifetime);
+
+#endif  // ndef libssl_internals_h_
diff --git a/nss/gtests/ssl_gtest/manifest.mn b/nss/gtests/ssl_gtest/manifest.mn
new file mode 100644
index 0000000..9f1b7f3
--- /dev/null
+++ b/nss/gtests/ssl_gtest/manifest.mn
@@ -0,0 +1,59 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+# These sources have access to libssl internals
+CSRCS = \
+      libssl_internals.c \
+      $(NULL)
+
+CPPSRCS = \
+      $(CORE_DEPTH)/cpputil/dummy_io.cc \
+      $(CORE_DEPTH)/cpputil/dummy_io_fwd.cc \
+      ssl_0rtt_unittest.cc \
+      ssl_agent_unittest.cc \
+      ssl_auth_unittest.cc \
+      ssl_cert_ext_unittest.cc \
+      ssl_ciphersuite_unittest.cc \
+      ssl_damage_unittest.cc \
+      ssl_dhe_unittest.cc \
+      ssl_drop_unittest.cc \
+      ssl_ecdh_unittest.cc \
+      ssl_ems_unittest.cc \
+      ssl_exporter_unittest.cc \
+      ssl_extension_unittest.cc \
+      ssl_fragment_unittest.cc \
+      ssl_fuzz_unittest.cc \
+      ssl_gather_unittest.cc \
+      ssl_gtest.cc \
+      ssl_hrr_unittest.cc \
+      ssl_loopback_unittest.cc \
+      ssl_record_unittest.cc \
+      ssl_resumption_unittest.cc \
+      ssl_skip_unittest.cc \
+      ssl_staticrsa_unittest.cc \
+      ssl_v2_client_hello_unittest.cc \
+      ssl_version_unittest.cc \
+      test_io.cc \
+      tls_agent.cc \
+      tls_connect.cc \
+      tls_hkdf_unittest.cc \
+      tls_filter.cc \
+      tls_parser.cc \
+      tls_protect.cc \
+      $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+            -I$(CORE_DEPTH)/gtests/common \
+            -I$(CORE_DEPTH)/cpputil
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = ssl_gtest
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
+
+USE_STATIC_LIBS = 1
diff --git a/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc b/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
new file mode 100644
index 0000000..6fed5a1
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
@@ -0,0 +1,285 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectTls13, ZeroRtt) {
+  SetupForZeroRtt();
+  client_->SetExpectedAlertSentCount(1);
+  server_->SetExpectedAlertReceivedCount(1);
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+  SendReceive();
+}
+
+TEST_P(TlsConnectTls13, ZeroRttServerRejectByOption) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, false);
+  Handshake();
+  CheckConnected();
+  SendReceive();
+}
+
+// Test that we don't try to send 0-RTT data when the server sent
+// us a ticket without the 0-RTT flags.
+TEST_P(TlsConnectTls13, ZeroRttOptionsSetLate) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  Reset();
+  server_->StartConnect();
+  client_->StartConnect();
+  // Now turn on 0-RTT but too late for the ticket.
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(false, false);
+  Handshake();
+  CheckConnected();
+  SendReceive();
+}
+
+TEST_P(TlsConnectTls13, ZeroRttServerForgetTicket) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ClearServerCache();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  ZeroRttSendReceive(true, false);
+  Handshake();
+  CheckConnected();
+  SendReceive();
+}
+
+TEST_P(TlsConnectTls13, ZeroRttServerOnly) {
+  ExpectResumption(RESUME_NONE);
+  server_->Set0RttEnabled(true);
+  client_->StartConnect();
+  server_->StartConnect();
+
+  // Client sends ordinary ClientHello.
+  client_->Handshake();
+
+  // Verify that the server doesn't get data.
+  uint8_t buf[100];
+  PRInt32 rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+
+  // Now make sure that things complete.
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckKeys();
+}
+
+TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpn) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  EnableAlpn();
+  client_->SetExpectedAlertSentCount(1);
+  server_->SetExpectedAlertReceivedCount(1);
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ExpectEarlyDataAccepted(true);
+  ZeroRttSendReceive(true, true, [this]() {
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckAlpn("a");
+}
+
+// Have the server negotiate a different ALPN value, and therefore
+// reject 0-RTT.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpnChangeServer) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  static const uint8_t client_alpn[] = {0x01, 0x61, 0x01, 0x62};  // "a", "b"
+  static const uint8_t server_alpn[] = {0x01, 0x62};              // "b"
+  client_->EnableAlpn(client_alpn, sizeof(client_alpn));
+  server_->EnableAlpn(server_alpn, sizeof(server_alpn));
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, false, [this]() {
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    return true;
+  });
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckAlpn("b");
+}
+
+// Check that the client validates the ALPN selection of the server.
+// Stomp the ALPN on the client after sending the ClientHello so
+// that the server selection appears to be incorrect. The client
+// should then fail the connection.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnServer) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  EnableAlpn();
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true, [this]() {
+    PRUint8 b[] = {'b'};
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, sizeof(b)));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
+  Handshake();
+  client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+// Set up with no ALPN and then set the client so it thinks it has ALPN.
+// The server responds without the extension and the client returns an
+// error.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnClient) {
+  SetupForZeroRtt();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true, [this]() {
+    PRUint8 b[] = {'b'};
+    EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
+    client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
+    return true;
+  });
+  Handshake();
+  client_->CheckErrorCode(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+// Remove the old ALPN value and so the client will not offer early data.
+TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpnChangeBoth) {
+  EnableAlpn();
+  SetupForZeroRtt();
+  static const uint8_t alpn[] = {0x01, 0x62};  // "b"
+  EnableAlpn(alpn, sizeof(alpn));
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, false, [this]() {
+    client_->CheckAlpn(SSL_NEXT_PROTO_NO_SUPPORT);
+    return false;
+  });
+  Handshake();
+  CheckConnected();
+  SendReceive();
+  CheckAlpn("b");
+}
+
+// The client should abort the connection when sending a 0-rtt handshake but
+// the servers responds with a TLS 1.2 ServerHello. (no app data sent)
+TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngrade) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  server_->Set0RttEnabled(true);  // set ticket_allow_early_data
+  Connect();
+
+  SendReceive();  // Need to read so that we absorb the session tickets.
+  CheckKeys();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->StartConnect();
+  server_->StartConnect();
+
+  // We will send the early data xtn without sending actual early data. Thus
+  // a 1.2 server shouldn't fail until the client sends an alert because the
+  // client sends end_of_early_data only after reading the server's flight.
+  client_->Set0RttEnabled(true);
+
+  client_->Handshake();
+  server_->Handshake();
+  ASSERT_TRUE_WAIT(
+      (client_->error_code() == SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA), 2000);
+
+  // DTLS will timeout as we bump the epoch when installing the early app data
+  // cipher suite. Thus the encrypted alert will be ignored.
+  if (mode_ == STREAM) {
+    // The client sends an encrypted alert message.
+    ASSERT_TRUE_WAIT(
+        (server_->error_code() == SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA),
+        2000);
+  }
+}
+
+// The client should abort the connection when sending a 0-rtt handshake but
+// the servers responds with a TLS 1.2 ServerHello. (with app data)
+TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngradeEarlyData) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  server_->Set0RttEnabled(true);  // set ticket_allow_early_data
+  Connect();
+
+  SendReceive();  // Need to read so that we absorb the session tickets.
+  CheckKeys();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->StartConnect();
+  server_->StartConnect();
+
+  // Send the early data xtn in the CH, followed by early app data. The server
+  // will fail right after sending its flight, when receiving the early data.
+  client_->Set0RttEnabled(true);
+  ZeroRttSendReceive(true, false);
+
+  client_->Handshake();
+  server_->Handshake();
+  ASSERT_TRUE_WAIT(
+      (client_->error_code() == SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA), 2000);
+
+  // DTLS will timeout as we bump the epoch when installing the early app data
+  // cipher suite. Thus the encrypted alert will be ignored.
+  if (mode_ == STREAM) {
+    // The server sends an alert when receiving the early app data record.
+    ASSERT_TRUE_WAIT(
+        (server_->error_code() == SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA),
+        2000);
+  }
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_agent_unittest.cc b/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
new file mode 100644
index 0000000..c227948
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
@@ -0,0 +1,210 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+// This is an internal header, used to get TLS_1_3_DRAFT_VERSION.
+#include "ssl3prot.h"
+
+#include <memory>
+
+#include "databuffer.h"
+#include "tls_agent.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+static const uint8_t kD13 = TLS_1_3_DRAFT_VERSION;
+// This is a 1-RTT ClientHello with ECDHE.
+const static uint8_t kCannedTls13ClientHello[] = {
+    0x01, 0x00, 0x00, 0xcf, 0x03, 0x03, 0x6c, 0xb3, 0x46, 0x81, 0xc8, 0x1a,
+    0xf9, 0xd2, 0x05, 0x97, 0x48, 0x7c, 0xa8, 0x31, 0x03, 0x1c, 0x06, 0xa8,
+    0x62, 0xb1, 0x90, 0xd6, 0x21, 0x44, 0x7f, 0xc1, 0x9b, 0x87, 0x3e, 0xad,
+    0x91, 0x85, 0x00, 0x00, 0x06, 0x13, 0x01, 0x13, 0x03, 0x13, 0x02, 0x01,
+    0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06,
+    0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+    0x0a, 0x00, 0x12, 0x00, 0x10, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01,
+    0x00, 0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x00, 0x28, 0x00,
+    0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x86, 0x4a, 0xb9, 0xdc,
+    0x6a, 0x38, 0xa7, 0xce, 0xe7, 0xc2, 0x4f, 0xa6, 0x28, 0xb9, 0xdc, 0x65,
+    0xbf, 0x73, 0x47, 0x3c, 0x9c, 0x65, 0x8c, 0x47, 0x6d, 0x57, 0x22, 0x8a,
+    0xc2, 0xb3, 0xc6, 0x80, 0x72, 0x86, 0x08, 0x86, 0x8f, 0x52, 0xc5, 0xcb,
+    0xbf, 0x2a, 0xb5, 0x59, 0x64, 0xcc, 0x0c, 0x49, 0x95, 0x36, 0xe4, 0xd9,
+    0x2f, 0xd4, 0x24, 0x66, 0x71, 0x6f, 0x5d, 0x70, 0xe2, 0xa0, 0xea, 0x26,
+    0x00, 0x2b, 0x00, 0x03, 0x02, 0x7f, kD13, 0x00, 0x0d, 0x00, 0x20, 0x00,
+    0x1e, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x02, 0x03, 0x08, 0x04, 0x08,
+    0x05, 0x08, 0x06, 0x04, 0x01, 0x05, 0x01, 0x06, 0x01, 0x02, 0x01, 0x04,
+    0x02, 0x05, 0x02, 0x06, 0x02, 0x02, 0x02};
+
+const static uint8_t kCannedTls13ServerHello[] = {
+    0x7f, kD13, 0x9c, 0xbc, 0x14, 0x9b, 0x0e, 0x2e, 0xfa, 0x0d, 0xf3, 0xf0,
+    0x5c, 0x70, 0x7a, 0xe0, 0xd1, 0x9b, 0x3e, 0x5a, 0x44, 0x6b, 0xdf, 0xe5,
+    0xc2, 0x28, 0x64, 0xf7, 0x00, 0xc1, 0x9c, 0x08, 0x76, 0x08, 0x13, 0x01,
+    0x00, 0x28, 0x00, 0x28, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xc2, 0xcf,
+    0x23, 0x17, 0x64, 0x23, 0x03, 0xf0, 0xfb, 0x45, 0x98, 0x26, 0xd1, 0x65,
+    0x24, 0xa1, 0x6c, 0xa9, 0x80, 0x8f, 0x2c, 0xac, 0x0a, 0xea, 0x53, 0x3a,
+    0xcb, 0xe3, 0x08, 0x84, 0xae, 0x19};
+static const char *k0RttData = "ABCDEF";
+
+TEST_P(TlsAgentTest, EarlyFinished) {
+  DataBuffer buffer;
+  MakeTrivialHandshakeRecord(kTlsHandshakeFinished, 0, &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_FINISHED);
+}
+
+TEST_P(TlsAgentTest, EarlyCertificateVerify) {
+  DataBuffer buffer;
+  MakeTrivialHandshakeRecord(kTlsHandshakeCertificateVerify, 0, &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
+}
+
+TEST_P(TlsAgentTestClient13, CannedHello) {
+  DataBuffer buffer;
+  EnsureInit();
+  DataBuffer server_hello;
+  MakeHandshakeMessage(kTlsHandshakeServerHello, kCannedTls13ServerHello,
+                       sizeof(kCannedTls13ServerHello), &server_hello);
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), server_hello.len(), &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+}
+
+TEST_P(TlsAgentTestClient13, EncryptedExtensionsInClear) {
+  DataBuffer server_hello;
+  MakeHandshakeMessage(kTlsHandshakeServerHello, kCannedTls13ServerHello,
+                       sizeof(kCannedTls13ServerHello), &server_hello);
+  DataBuffer encrypted_extensions;
+  MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
+                       &encrypted_extensions, 1);
+  server_hello.Append(encrypted_extensions);
+  DataBuffer buffer;
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), server_hello.len(), &buffer);
+  EnsureInit();
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+}
+
+TEST_F(TlsAgentStreamTestClient, EncryptedExtensionsInClearTwoPieces) {
+  DataBuffer server_hello;
+  MakeHandshakeMessage(kTlsHandshakeServerHello, kCannedTls13ServerHello,
+                       sizeof(kCannedTls13ServerHello), &server_hello);
+  DataBuffer encrypted_extensions;
+  MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
+                       &encrypted_extensions, 1);
+  server_hello.Append(encrypted_extensions);
+  DataBuffer buffer;
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data(), 20, &buffer);
+
+  DataBuffer buffer2;
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello.data() + 20, server_hello.len() - 20, &buffer2);
+
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+  ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+}
+
+TEST_F(TlsAgentDgramTestClient, EncryptedExtensionsInClearTwoPieces) {
+  DataBuffer server_hello_frag1;
+  MakeHandshakeMessageFragment(
+      kTlsHandshakeServerHello, kCannedTls13ServerHello,
+      sizeof(kCannedTls13ServerHello), &server_hello_frag1, 0, 0, 20);
+  DataBuffer server_hello_frag2;
+  MakeHandshakeMessageFragment(
+      kTlsHandshakeServerHello, kCannedTls13ServerHello + 20,
+      sizeof(kCannedTls13ServerHello), &server_hello_frag2, 0, 20,
+      sizeof(kCannedTls13ServerHello) - 20);
+  DataBuffer encrypted_extensions;
+  MakeHandshakeMessage(kTlsHandshakeEncryptedExtensions, nullptr, 0,
+                       &encrypted_extensions, 1);
+  server_hello_frag2.Append(encrypted_extensions);
+  DataBuffer buffer;
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag1.data(), server_hello_frag1.len(), &buffer);
+
+  DataBuffer buffer2;
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             server_hello_frag2.data(), server_hello_frag2.len(), &buffer2, 1);
+
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+  ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+}
+
+TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenWrite) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+  agent_->Set0RttEnabled(true);
+  auto filter = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeClientHello);
+  agent_->SetPacketFilter(filter);
+  PRInt32 rv = PR_Write(agent_->ssl_fd(), k0RttData, strlen(k0RttData));
+  EXPECT_EQ(-1, rv);
+  int32_t err = PORT_GetError();
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, err);
+  EXPECT_LT(0UL, filter->buffer().len());
+}
+
+TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenRead) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+  agent_->Set0RttEnabled(true);
+  DataBuffer buffer;
+  MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
+}
+
+// The server is allowing 0-RTT but the client doesn't offer it,
+// so trial decryption isn't engaged and 0-RTT messages cause
+// an error.
+TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
+  EnsureInit();
+  agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                          SSL_LIBRARY_VERSION_TLS_1_3);
+  agent_->StartConnect();
+  agent_->Set0RttEnabled(true);
+  DataBuffer buffer;
+  MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
+             kCannedTls13ClientHello, sizeof(kCannedTls13ClientHello), &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
+  MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
+             reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
+             &buffer);
+  ProcessMessage(buffer, TlsAgent::STATE_ERROR, SSL_ERROR_BAD_MAC_READ);
+}
+
+INSTANTIATE_TEST_CASE_P(AgentTests, TlsAgentTest,
+                        ::testing::Combine(TlsAgentTestBase::kTlsRolesAll,
+                                           TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsVAll));
+INSTANTIATE_TEST_CASE_P(ClientTests, TlsAgentTestClient,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsVAll));
+INSTANTIATE_TEST_CASE_P(ClientTests13, TlsAgentTestClient13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV13));
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_auth_unittest.cc b/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
new file mode 100644
index 0000000..4f2536e
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -0,0 +1,831 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGeneric, ServerAuthBigRsa) {
+  Reset(TlsAgent::kRsa2048);
+  Connect();
+  CheckKeys();
+}
+
+TEST_P(TlsConnectGeneric, ServerAuthRsaChain) {
+  Reset(TlsAgent::kServerRsaChain);
+  Connect();
+  CheckKeys();
+  size_t chain_length;
+  EXPECT_TRUE(client_->GetPeerChainLength(&chain_length));
+  EXPECT_EQ(2UL, chain_length);
+}
+
+TEST_P(TlsConnectGeneric, ClientAuth) {
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys();
+}
+
+// In TLS 1.3, the client sends its cert rejection on the
+// second flight, and since it has already received the
+// server's Finished, it transitions to complete and
+// then gets an alert from the server. The test harness
+// doesn't handle this right yet.
+TEST_P(TlsConnectStream, DISABLED_ClientAuthRequiredRejected) {
+  server_->RequestClientAuth(true);
+  ConnectExpectFail();
+}
+
+TEST_P(TlsConnectGeneric, ClientAuthRequestedRejected) {
+  server_->RequestClientAuth(false);
+  Connect();
+  CheckKeys();
+}
+
+TEST_P(TlsConnectGeneric, ClientAuthEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+TEST_P(TlsConnectGeneric, ClientAuthBigRsa) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys();
+}
+
+// Offset is the position in the captured buffer where the signature sits.
+static void CheckSigScheme(
+    std::shared_ptr<TlsInspectorRecordHandshakeMessage>& capture, size_t offset,
+    std::shared_ptr<TlsAgent>& peer, uint16_t expected_scheme,
+    size_t expected_size) {
+  EXPECT_LT(offset + 2U, capture->buffer().len());
+
+  uint32_t scheme = 0;
+  capture->buffer().Read(offset, 2, &scheme);
+  EXPECT_EQ(expected_scheme, static_cast<uint16_t>(scheme));
+
+  ScopedCERTCertificate remote_cert(SSL_PeerCertificate(peer->ssl_fd()));
+  ScopedSECKEYPublicKey remote_key(CERT_ExtractPublicKey(remote_cert.get()));
+  EXPECT_EQ(expected_size, SECKEY_PublicKeyStrengthInBits(remote_key.get()));
+}
+
+// The server should prefer SHA-256 by default, even for the small key size used
+// in the default certificate.
+TEST_P(TlsConnectTls12, ServerAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_ske = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(capture_ske);
+  Connect();
+  CheckKeys();
+
+  const DataBuffer& buffer = capture_ske->buffer();
+  EXPECT_LT(3U, buffer.len());
+  EXPECT_EQ(3U, buffer.data()[0]) << "curve_type == named_curve";
+  uint32_t tmp;
+  EXPECT_TRUE(buffer.Read(1, 2, &tmp)) << "read NamedCurve";
+  EXPECT_EQ(ssl_grp_ec_curve25519, tmp);
+  EXPECT_TRUE(buffer.Read(3, 1, &tmp)) << " read ECPoint";
+  CheckSigScheme(capture_ske, 4 + tmp, client_, ssl_sig_rsa_pss_sha256, 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthCheckSigAlg) {
+  EnsureTlsSetup();
+  auto capture_cert_verify =
+      std::make_shared<TlsInspectorRecordHandshakeMessage>(
+          kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys();
+
+  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pkcs1_sha1, 1024);
+}
+
+TEST_P(TlsConnectTls12, ClientAuthBigRsaCheckSigAlg) {
+  Reset(TlsAgent::kServerRsa, TlsAgent::kRsa2048);
+  auto capture_cert_verify =
+      std::make_shared<TlsInspectorRecordHandshakeMessage>(
+          kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  Connect();
+  CheckKeys();
+  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_sha256, 2048);
+}
+
+class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
+ public:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeCertificateRequest) {
+      return KEEP;
+    }
+
+    TlsParser parser(input);
+    std::cerr << "Zeroing CertReq.supported_signature_algorithms" << std::endl;
+
+    DataBuffer cert_types;
+    if (!parser.ReadVariable(&cert_types, 1)) {
+      ADD_FAILURE();
+      return KEEP;
+    }
+
+    if (!parser.SkipVariable(2)) {
+      ADD_FAILURE();
+      return KEEP;
+    }
+
+    DataBuffer cas;
+    if (!parser.ReadVariable(&cas, 2)) {
+      ADD_FAILURE();
+      return KEEP;
+    }
+
+    size_t idx = 0;
+
+    // Write certificate types.
+    idx = output->Write(idx, cert_types.len(), 1);
+    idx = output->Write(idx, cert_types);
+
+    // Write zero signature algorithms.
+    idx = output->Write(idx, 0U, 2);
+
+    // Write certificate authorities.
+    idx = output->Write(idx, cas.len(), 2);
+    idx = output->Write(idx, cas);
+
+    return CHANGE;
+  }
+};
+
+// Check that we fall back to SHA-1 when the server doesn't provide any
+// supported_signature_algorithms in the CertificateRequest message.
+TEST_P(TlsConnectTls12, ClientAuthNoSigAlgsFallback) {
+  EnsureTlsSetup();
+  auto filter = std::make_shared<TlsZeroCertificateRequestSigAlgsFilter>();
+  server_->SetPacketFilter(filter);
+  auto capture_cert_verify =
+      std::make_shared<TlsInspectorRecordHandshakeMessage>(
+          kTlsHandshakeCertificateVerify);
+  client_->SetPacketFilter(capture_cert_verify);
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+
+  ConnectExpectFail();
+
+  // We're expecting a bad signature here because we tampered with a handshake
+  // message (CertReq). Previously, without the SHA-1 fallback, we would've
+  // seen a malformed record alert.
+  server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+
+  CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pkcs1_sha1, 1024);
+}
+
+static const SSLSignatureScheme SignatureSchemeEcdsaSha384[] = {
+    ssl_sig_ecdsa_secp384r1_sha384};
+static const SSLSignatureScheme SignatureSchemeEcdsaSha256[] = {
+    ssl_sig_ecdsa_secp256r1_sha256};
+static const SSLSignatureScheme SignatureSchemeRsaSha384[] = {
+    ssl_sig_rsa_pkcs1_sha384};
+static const SSLSignatureScheme SignatureSchemeRsaSha256[] = {
+    ssl_sig_rsa_pkcs1_sha256};
+
+static SSLNamedGroup NamedGroupForEcdsa384(uint16_t version) {
+  // NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and
+  // 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so
+  // we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519.
+  if (version <= SSL_LIBRARY_VERSION_TLS_1_1) {
+    return ssl_grp_ec_secp384r1;
+  }
+  return ssl_grp_ec_curve25519;
+}
+
+// When signature algorithms match up, this should connect successfully; even
+// for TLS 1.1 and 1.0, where they should be ignored.
+TEST_P(TlsConnectGeneric, SignatureAlgorithmServerAuth) {
+  Reset(TlsAgent::kServerEcdsa384);
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, NamedGroupForEcdsa384(version_), ssl_auth_ecdsa,
+            ssl_sig_ecdsa_secp384r1_sha384);
+}
+
+// Here the client picks a single option, which should work in all versions.
+// Defaults on the server include the first option.
+TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) {
+  const SSLSignatureAndHashAlg clientAlgorithms[] = {
+      {ssl_hash_sha384, ssl_sign_ecdsa},
+      {ssl_hash_sha384, ssl_sign_rsa},  // supported but unusable
+      {ssl_hash_md5, ssl_sign_ecdsa}    // unsupported and ignored
+  };
+  Reset(TlsAgent::kServerEcdsa384);
+  EnsureTlsSetup();
+  // Use the old API for this function.
+  EXPECT_EQ(SECSuccess,
+            SSL_SignaturePrefSet(client_->ssl_fd(), clientAlgorithms,
+                                 PR_ARRAY_SIZE(clientAlgorithms)));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, NamedGroupForEcdsa384(version_), ssl_auth_ecdsa,
+            ssl_sig_ecdsa_secp384r1_sha384);
+}
+
+// Here the server picks a single option, which should work in all versions.
+// Defaults on the client include the provided option.
+TEST_P(TlsConnectGeneric, SignatureAlgorithmServerOnly) {
+  Reset(TlsAgent::kServerEcdsa384);
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  Connect();
+  CheckKeys(ssl_kea_ecdh, NamedGroupForEcdsa384(version_), ssl_auth_ecdsa,
+            ssl_sig_ecdsa_secp384r1_sha384);
+}
+
+// In TLS 1.2, curve and hash aren't bound together.
+TEST_P(TlsConnectTls12, SignatureSchemeCurveMismatch) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  Connect();
+}
+
+// In TLS 1.3, curve and hash are coupled.
+TEST_P(TlsConnectTls13, SignatureSchemeCurveMismatch) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+// Configuring a P-256 cert with only SHA-384 signatures is OK in TLS 1.2.
+TEST_P(TlsConnectTls12, SignatureSchemeBadConfig) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert can't be used.
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  Connect();
+}
+
+// A P-256 certificate in TLS 1.3 needs a SHA-256 signature scheme.
+TEST_P(TlsConnectTls13, SignatureSchemeBadConfig) {
+  Reset(TlsAgent::kServerEcdsa256);  // P-256 cert can't be used.
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+// Where there is no overlap on signature schemes, we still connect successfully
+// if we aren't going to use a signature.
+TEST_P(TlsConnectGenericPre13, SignatureAlgorithmNoOverlapStaticRsa) {
+  client_->SetSignatureSchemes(SignatureSchemeRsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeRsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeRsaSha256,
+                               PR_ARRAY_SIZE(SignatureSchemeRsaSha256));
+  EnableOnlyStaticRsaCiphers();
+  Connect();
+  CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt);
+}
+
+TEST_P(TlsConnectTls12Plus, SignatureAlgorithmNoOverlapEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha256,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha256));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+}
+
+// Pre 1.2, a mismatch on signature algorithms shouldn't affect anything.
+TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
+  server_->SetSignatureSchemes(SignatureSchemeEcdsaSha256,
+                               PR_ARRAY_SIZE(SignatureSchemeEcdsaSha256));
+  Connect();
+}
+
+// The signature_algorithms extension is mandatory in TLS 1.3.
+TEST_P(TlsConnectTls13, SignatureAlgorithmDrop) {
+  client_->SetPacketFilter(
+      std::make_shared<TlsExtensionDropper>(ssl_signature_algorithms_xtn));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION);
+}
+
+// TLS 1.2 has trouble detecting this sort of modification: it uses SHA1 and
+// only fails when the Finished is checked.
+TEST_P(TlsConnectTls12, SignatureAlgorithmDrop) {
+  client_->SetPacketFilter(
+      std::make_shared<TlsExtensionDropper>(ssl_signature_algorithms_xtn));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+}
+
+TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) {
+  server_->SetSignatureSchemes(SignatureSchemeRsaSha384,
+                               PR_ARRAY_SIZE(SignatureSchemeRsaSha384));
+  server_->RequestClientAuth(false);
+  Connect();
+}
+
+class BeforeFinished : public TlsRecordFilter {
+ private:
+  enum HandshakeState { BEFORE_CCS, AFTER_CCS, DONE };
+
+ public:
+  BeforeFinished(std::shared_ptr<TlsAgent>& client,
+                 std::shared_ptr<TlsAgent>& server, VoidFunction before_ccs,
+                 VoidFunction before_finished)
+      : client_(client),
+        server_(server),
+        before_ccs_(before_ccs),
+        before_finished_(before_finished),
+        state_(BEFORE_CCS) {}
+
+ protected:
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& body,
+                                            DataBuffer* out) {
+    switch (state_) {
+      case BEFORE_CCS:
+        // Awaken when we see the CCS.
+        if (header.content_type() == kTlsChangeCipherSpecType) {
+          before_ccs_();
+
+          // Write the CCS out as a separate write, so that we can make
+          // progress. Ordinarily, libssl sends the CCS and Finished together,
+          // but that means that they both get processed together.
+          DataBuffer ccs;
+          header.Write(&ccs, 0, body);
+          server_.lock()->SendDirect(ccs);
+          client_.lock()->Handshake();
+          state_ = AFTER_CCS;
+          // Request that the original record be dropped by the filter.
+          return DROP;
+        }
+        break;
+
+      case AFTER_CCS:
+        EXPECT_EQ(kTlsHandshakeType, header.content_type());
+        // This could check that data contains a Finished message, but it's
+        // encrypted, so that's too much extra work.
+
+        before_finished_();
+        state_ = DONE;
+        break;
+
+      case DONE:
+        break;
+    }
+    return KEEP;
+  }
+
+ private:
+  std::weak_ptr<TlsAgent> client_;
+  std::weak_ptr<TlsAgent> server_;
+  VoidFunction before_ccs_;
+  VoidFunction before_finished_;
+  HandshakeState state_;
+};
+
+// Running code after the client has started processing the encrypted part of
+// the server's first flight, but before the Finished is processed is very hard
+// in TLS 1.3.  These encrypted messages are sent in a single encrypted blob.
+// The following test uses DTLS to make it possible to force the client to
+// process the handshake in pieces.
+//
+// The first encrypted message from the server is dropped, and the MTU is
+// reduced to just below the original message size so that the server sends two
+// messages.  The Finished message is then processed separately.
+class BeforeFinished13 : public PacketFilter {
+ private:
+  enum HandshakeState {
+    INIT,
+    BEFORE_FIRST_FRAGMENT,
+    BEFORE_SECOND_FRAGMENT,
+    DONE
+  };
+
+ public:
+  BeforeFinished13(std::shared_ptr<TlsAgent>& client,
+                   std::shared_ptr<TlsAgent>& server,
+                   VoidFunction before_finished)
+      : client_(client),
+        server_(server),
+        before_finished_(before_finished),
+        records_(0) {}
+
+ protected:
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output) {
+    switch (++records_) {
+      case 1:
+        // Packet 1 is the server's entire first flight.  Drop it.
+        EXPECT_EQ(SECSuccess,
+                  SSLInt_SetMTU(server_.lock()->ssl_fd(), input.len() - 1));
+        return DROP;
+
+      // Packet 2 is the first part of the server's retransmitted first
+      // flight.  Keep that.
+
+      case 3:
+        // Packet 3 is the second part of the server's retransmitted first
+        // flight.  Before passing that on, make sure that the client processes
+        // packet 2, then call the before_finished_() callback.
+        client_.lock()->Handshake();
+        before_finished_();
+        break;
+
+      default:
+        break;
+    }
+    return KEEP;
+  }
+
+ private:
+  std::weak_ptr<TlsAgent> client_;
+  std::weak_ptr<TlsAgent> server_;
+  VoidFunction before_finished_;
+  size_t records_;
+};
+
+static SECStatus AuthCompleteBlock(TlsAgent*, PRBool, PRBool) {
+  return SECWouldBlock;
+}
+
+// This test uses an AuthCertificateCallback that blocks.  A filter is used to
+// split the server's first flight into two pieces.  Before the second piece is
+// processed by the client, SSL_AuthCertificateComplete() is called.
+TEST_F(TlsConnectDatagram13, AuthCompleteBeforeFinished) {
+  client_->SetAuthCertificateCallback(AuthCompleteBlock);
+  server_->SetPacketFilter(
+      std::make_shared<BeforeFinished13>(client_, server_, [this]() {
+        EXPECT_EQ(SECSuccess,
+                  SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+      }));
+  Connect();
+}
+
+static void TriggerAuthComplete(PollTarget* target, Event event) {
+  std::cerr << "client: call SSL_AuthCertificateComplete" << std::endl;
+  EXPECT_EQ(TIMER_EVENT, event);
+  TlsAgent* client = static_cast<TlsAgent*>(target);
+  EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client->ssl_fd(), 0));
+}
+
+// This test uses a simple AuthCertificateCallback.  Due to the way that the
+// entire server flight is processed, the call to SSL_AuthCertificateComplete
+// will trigger after the Finished message is processed.
+TEST_F(TlsConnectDatagram13, AuthCompleteAfterFinished) {
+  client_->SetAuthCertificateCallback(
+      [this](TlsAgent*, PRBool, PRBool) -> SECStatus {
+        std::shared_ptr<Poller::Timer> timer_handle;
+        // This is really just to unroll the stack.
+        Poller::Instance()->SetTimer(1U, client_.get(), TriggerAuthComplete,
+                                     &timer_handle);
+        return SECWouldBlock;
+      });
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ClientWriteBetweenCCSAndFinishedWithFalseStart) {
+  client_->EnableFalseStart();
+  server_->SetPacketFilter(std::make_shared<BeforeFinished>(
+      client_, server_,
+      [this]() { EXPECT_TRUE(client_->can_falsestart_hook_called()); },
+      [this]() {
+        // Write something, which used to fail: bug 1235366.
+        client_->SendData(10);
+      }));
+
+  Connect();
+  server_->SendData(10);
+  Receive(10);
+}
+
+TEST_P(TlsConnectGenericPre13, AuthCompleteBeforeFinishedWithFalseStart) {
+  client_->EnableFalseStart();
+  client_->SetAuthCertificateCallback(AuthCompleteBlock);
+  server_->SetPacketFilter(std::make_shared<BeforeFinished>(
+      client_, server_,
+      []() {
+        // Do nothing before CCS
+      },
+      [this]() {
+        EXPECT_FALSE(client_->can_falsestart_hook_called());
+        // AuthComplete before Finished still enables false start.
+        EXPECT_EQ(SECSuccess,
+                  SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+        EXPECT_TRUE(client_->can_falsestart_hook_called());
+        client_->SendData(10);
+      }));
+
+  Connect();
+  server_->SendData(10);
+  Receive(10);
+}
+
+class EnforceNoActivity : public PacketFilter {
+ protected:
+  PacketFilter::Action Filter(const DataBuffer& input,
+                              DataBuffer* output) override {
+    std::cerr << "Unexpected packet: " << input << std::endl;
+    EXPECT_TRUE(false) << "should not send anything";
+    return KEEP;
+  }
+};
+
+// In this test, we want to make sure that the server completes its handshake,
+// but the client does not.  Because the AuthCertificate callback blocks and we
+// never call SSL_AuthCertificateComplete(), the client should never report that
+// it has completed the handshake.  Manually call Handshake(), alternating sides
+// between client and server, until the desired state is reached.
+TEST_P(TlsConnectGenericPre13, AuthCompleteDelayed) {
+  client_->SetAuthCertificateCallback(AuthCompleteBlock);
+
+  server_->StartConnect();
+  client_->StartConnect();
+  client_->Handshake();  // Send ClientHello
+  server_->Handshake();  // Send ServerHello
+  client_->Handshake();  // Send ClientKeyExchange and Finished
+  server_->Handshake();  // Send Finished
+  // The server should now report that it is connected
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+  // The client should send nothing from here on.
+  client_->SetPacketFilter(std::make_shared<EnforceNoActivity>());
+  client_->Handshake();
+  EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state());
+
+  // This should allow the handshake to complete now.
+  EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+  client_->Handshake();  // Transition to connected
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+  // Remove this before closing or the close_notify alert will trigger it.
+  client_->DeletePacketFilter();
+}
+
+// TLS 1.3 handles a delayed AuthComplete callback differently since the
+// shape of the handshake is different.
+TEST_P(TlsConnectTls13, AuthCompleteDelayed) {
+  client_->SetAuthCertificateCallback(AuthCompleteBlock);
+
+  server_->StartConnect();
+  client_->StartConnect();
+  client_->Handshake();  // Send ClientHello
+  server_->Handshake();  // Send ServerHello
+  EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state());
+  EXPECT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
+
+  // The client will send nothing until AuthCertificateComplete is called.
+  client_->SetPacketFilter(std::make_shared<EnforceNoActivity>());
+  client_->Handshake();
+  EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state());
+
+  // This should allow the handshake to complete now.
+  client_->DeletePacketFilter();
+  EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0));
+  client_->Handshake();  // Send Finished
+  server_->Handshake();  // Transition to connected and send NewSessionTicket
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+}
+
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Decrypt = {
+    ssl_auth_rsa_decrypt, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPkcs1Sign = {
+    ssl_auth_rsa_sign, nullptr, nullptr, nullptr};
+static const SSLExtraServerCertData ServerCertDataRsaPss = {
+    ssl_auth_rsa_pss, nullptr, nullptr, nullptr};
+
+// Test RSA cert with usage=[signature, encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1SignAndKEX) {
+  Reset(TlsAgent::kServerRsa);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign, rsa_pss, or rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsa, false,
+                                       &ServerCertDataRsaPss));
+}
+
+// Test RSA cert with usage=[signature].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1Sign) {
+  Reset(TlsAgent::kServerRsaSign);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_sign or rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPkcs1Sign));
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaSign, false,
+                                       &ServerCertDataRsaPss));
+}
+
+// Test RSA cert with usage=[encipherment].
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPkcs1KEX) {
+  Reset(TlsAgent::kServerRsaDecrypt);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_pss should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                        &ServerCertDataRsaPss));
+
+  // Configuring for only rsa_decrypt should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaDecrypt, false,
+                                       &ServerCertDataRsaPkcs1Decrypt));
+}
+
+// Test configuring an RSA-PSS cert.
+TEST_F(TlsAgentStreamTestServer, ConfigureCertRsaPss) {
+  Reset(TlsAgent::kServerRsaPss);
+
+  PRFileDesc* ssl_fd = agent_->ssl_fd();
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_decrypt));
+  EXPECT_FALSE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_sign));
+  EXPECT_TRUE(SSLInt_HasCertWithAuthType(ssl_fd, ssl_auth_rsa_pss));
+
+  // Configuring for only rsa_sign or rsa_decrypt should fail.
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Sign));
+  EXPECT_FALSE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                        &ServerCertDataRsaPkcs1Decrypt));
+
+  // Configuring for only rsa_pss should work.
+  EXPECT_TRUE(agent_->ConfigServerCert(TlsAgent::kServerRsaPss, false,
+                                       &ServerCertDataRsaPss));
+}
+
+// mode, version, certificate, auth type, signature scheme
+typedef std::tuple<std::string, uint16_t, std::string, SSLAuthType,
+                   SSLSignatureScheme>
+    SignatureSchemeProfile;
+
+class TlsSignatureSchemeConfiguration
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<SignatureSchemeProfile> {
+ public:
+  TlsSignatureSchemeConfiguration()
+      : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())),
+        certificate_(std::get<2>(GetParam())),
+        auth_type_(std::get<3>(GetParam())),
+        signature_scheme_(std::get<4>(GetParam())) {}
+
+ protected:
+  void TestSignatureSchemeConfig(std::shared_ptr<TlsAgent>& configPeer) {
+    EnsureTlsSetup();
+    configPeer->SetSignatureSchemes(&signature_scheme_, 1);
+    Connect();
+    CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, auth_type_,
+              signature_scheme_);
+  }
+
+  std::string certificate_;
+  SSLAuthType auth_type_;
+  SSLSignatureScheme signature_scheme_;
+};
+
+TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigServer) {
+  Reset(certificate_);
+  TestSignatureSchemeConfig(server_);
+}
+
+TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigClient) {
+  Reset(certificate_);
+  auto capture =
+      std::make_shared<TlsExtensionCapture>(ssl_signature_algorithms_xtn);
+  client_->SetPacketFilter(capture);
+  TestSignatureSchemeConfig(client_);
+
+  const DataBuffer& ext = capture->extension();
+  ASSERT_EQ(2U + 2U, ext.len());
+  uint32_t v = 0;
+  ASSERT_TRUE(ext.Read(0, 2, &v));
+  EXPECT_EQ(2U, v);
+  ASSERT_TRUE(ext.Read(2, 2, &v));
+  EXPECT_EQ(signature_scheme_, static_cast<SSLSignatureScheme>(v));
+}
+
+TEST_P(TlsSignatureSchemeConfiguration, SignatureSchemeConfigBoth) {
+  Reset(certificate_);
+  EnsureTlsSetup();
+  client_->SetSignatureSchemes(&signature_scheme_, 1);
+  server_->SetSignatureSchemes(&signature_scheme_, 1);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, auth_type_, signature_scheme_);
+}
+
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeRsa, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(
+        TlsConnectTestBase::kTlsModesAll, TlsConnectTestBase::kTlsV12Plus,
+        ::testing::Values(TlsAgent::kServerRsaSign),
+        ::testing::Values(ssl_auth_rsa_sign),
+        ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384,
+                          ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_sha256,
+                          ssl_sig_rsa_pss_sha384)));
+// PSS with SHA-512 needs a bigger key to work.
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kRsa2048),
+                       ::testing::Values(ssl_auth_rsa_sign),
+                       ::testing::Values(ssl_sig_rsa_pss_sha512)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeRsaSha1, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12,
+                       ::testing::Values(TlsAgent::kServerRsa),
+                       ::testing::Values(ssl_auth_rsa_sign),
+                       ::testing::Values(ssl_sig_rsa_pkcs1_sha1)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaP256, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kServerEcdsa256),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_secp256r1_sha256)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaP384, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kServerEcdsa384),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaP521, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12Plus,
+                       ::testing::Values(TlsAgent::kServerEcdsa521),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_secp521r1_sha512)));
+INSTANTIATE_TEST_CASE_P(
+    SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                       TlsConnectTestBase::kTlsV12,
+                       ::testing::Values(TlsAgent::kServerEcdsa256,
+                                         TlsAgent::kServerEcdsa384),
+                       ::testing::Values(ssl_auth_ecdsa),
+                       ::testing::Values(ssl_sig_ecdsa_sha1)));
+}
diff --git a/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc b/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
new file mode 100644
index 0000000..c9bb390
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
@@ -0,0 +1,257 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// Tests for Certificate Transparency (RFC 6962)
+// These don't work with TLS 1.3: see bug 1252745.
+
+// Helper class - stores signed certificate timestamps as provided
+// by the relevant callbacks on the client.
+class SignedCertificateTimestampsExtractor {
+ public:
+  SignedCertificateTimestampsExtractor(std::shared_ptr<TlsAgent>& client)
+      : client_(client) {
+    client->SetAuthCertificateCallback(
+        [this](TlsAgent* agent, bool checksig, bool isServer) -> SECStatus {
+          const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+          EXPECT_TRUE(scts);
+          if (!scts) {
+            return SECFailure;
+          }
+          auth_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+          return SECSuccess;
+        });
+    client->SetHandshakeCallback([this](TlsAgent* agent) {
+      const SECItem* scts = SSL_PeerSignedCertTimestamps(agent->ssl_fd());
+      ASSERT_TRUE(scts);
+      handshake_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+    });
+  }
+
+  void assertTimestamps(const DataBuffer& timestamps) {
+    EXPECT_TRUE(auth_timestamps_);
+    EXPECT_EQ(timestamps, *auth_timestamps_);
+
+    EXPECT_TRUE(handshake_timestamps_);
+    EXPECT_EQ(timestamps, *handshake_timestamps_);
+
+    const SECItem* current =
+        SSL_PeerSignedCertTimestamps(client_.lock()->ssl_fd());
+    EXPECT_EQ(timestamps, DataBuffer(current->data, current->len));
+  }
+
+ private:
+  std::weak_ptr<TlsAgent> client_;
+  std::unique_ptr<DataBuffer> auth_timestamps_;
+  std::unique_ptr<DataBuffer> handshake_timestamps_;
+};
+
+static const uint8_t kSctValue[] = {0x01, 0x23, 0x45, 0x67, 0x89};
+static const SECItem kSctItem = {siBuffer, const_cast<uint8_t*>(kSctValue),
+                                 sizeof(kSctValue)};
+static const DataBuffer kSctBuffer(kSctValue, sizeof(kSctValue));
+static const SSLExtraServerCertData kExtraSctData = {ssl_auth_null, nullptr,
+                                                     nullptr, &kSctItem};
+
+// Test timestamps extraction during a successful handshake.
+TEST_P(TlsConnectGenericPre13, SignedCertificateTimestampsLegacy) {
+  EnsureTlsSetup();
+
+  // We have to use the legacy API consistently here for configuring certs.
+  // Also, this doesn't work in TLS 1.3 because this only configures the SCT for
+  // RSA decrypt and PKCS#1 signing, not PSS.
+  ScopedCERTCertificate cert;
+  ScopedSECKEYPrivateKey priv;
+  ASSERT_TRUE(TlsAgent::LoadCertificate(TlsAgent::kServerRsa, &cert, &priv));
+  EXPECT_EQ(SECSuccess, SSL_ConfigSecureServerWithCertChain(
+                            server_->ssl_fd(), cert.get(), nullptr, priv.get(),
+                            ssl_kea_rsa));
+  EXPECT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+                                                    &kSctItem, ssl_kea_rsa));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+
+  timestamps_extractor.assertTimestamps(kSctBuffer);
+}
+
+TEST_P(TlsConnectGeneric, SignedCertificateTimestampsSuccess) {
+  EnsureTlsSetup();
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kExtraSctData));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+
+  timestamps_extractor.assertTimestamps(kSctBuffer);
+}
+
+// Test SSL_PeerSignedCertTimestamps returning zero-length SECItem
+// when the client / the server / both have not enabled the feature.
+TEST_P(TlsConnectGeneric, SignedCertificateTimestampsInactiveClient) {
+  EnsureTlsSetup();
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kExtraSctData));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsConnectGeneric, SignedCertificateTimestampsInactiveServer) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(client_->ssl_fd(), SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+                          PR_TRUE));
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsConnectGeneric, SignedCertificateTimestampsInactiveBoth) {
+  EnsureTlsSetup();
+  SignedCertificateTimestampsExtractor timestamps_extractor(client_);
+
+  Connect();
+  timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+// Check that the given agent doesn't have an OCSP response for its peer.
+static SECStatus CheckNoOCSP(TlsAgent* agent, bool checksig, bool isServer) {
+  const SECItemArray* ocsp = SSL_PeerStapledOCSPResponses(agent->ssl_fd());
+  EXPECT_TRUE(ocsp);
+  EXPECT_EQ(0U, ocsp->len);
+  return SECSuccess;
+}
+
+static const uint8_t kOcspValue1[] = {1, 2, 3, 4, 5, 6};
+static const uint8_t kOcspValue2[] = {7, 8, 9};
+static const SECItem kOcspItems[] = {
+    {siBuffer, const_cast<uint8_t*>(kOcspValue1), sizeof(kOcspValue1)},
+    {siBuffer, const_cast<uint8_t*>(kOcspValue2), sizeof(kOcspValue2)}};
+static const SECItemArray kOcspResponses = {const_cast<SECItem*>(kOcspItems),
+                                            PR_ARRAY_SIZE(kOcspItems)};
+const static SSLExtraServerCertData kOcspExtraData = {ssl_auth_null, nullptr,
+                                                      &kOcspResponses, nullptr};
+
+TEST_P(TlsConnectGeneric, NoOcsp) {
+  EnsureTlsSetup();
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  Connect();
+}
+
+// The client doesn't get OCSP stapling unless it asks.
+TEST_P(TlsConnectGeneric, OcspNotRequested) {
+  EnsureTlsSetup();
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+  Connect();
+}
+
+// Even if the client asks, the server has nothing unless it is configured.
+TEST_P(TlsConnectGeneric, OcspNotProvided) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  client_->SetAuthCertificateCallback(CheckNoOCSP);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, OcspMangled) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+
+  static const uint8_t val[] = {1};
+  auto replacer = std::make_shared<TlsExtensionReplacer>(
+      ssl_cert_status_xtn, DataBuffer(val, sizeof(val)));
+  server_->SetPacketFilter(replacer);
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+TEST_P(TlsConnectGeneric, OcspSuccess) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+  auto capture_ocsp =
+      std::make_shared<TlsExtensionCapture>(ssl_cert_status_xtn);
+  server_->SetPacketFilter(capture_ocsp);
+
+  // The value should be available during the AuthCertificateCallback
+  client_->SetAuthCertificateCallback([](TlsAgent* agent, bool checksig,
+                                         bool isServer) -> SECStatus {
+    const SECItemArray* ocsp = SSL_PeerStapledOCSPResponses(agent->ssl_fd());
+    if (!ocsp) {
+      return SECFailure;
+    }
+    EXPECT_EQ(1U, ocsp->len) << "We only provide the first item";
+    EXPECT_EQ(0, SECITEM_CompareItem(&kOcspItems[0], &ocsp->items[0]));
+    return SECSuccess;
+  });
+  EXPECT_TRUE(
+      server_->ConfigServerCert(TlsAgent::kServerRsa, true, &kOcspExtraData));
+
+  Connect();
+  // In TLS 1.3, the server doesn't provide a visible ServerHello extension.
+  // For earlier versions, the extension is just empty.
+  EXPECT_EQ(0U, capture_ocsp->extension().len());
+}
+
+TEST_P(TlsConnectGeneric, OcspHugeSuccess) {
+  EnsureTlsSetup();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_ENABLE_OCSP_STAPLING, PR_TRUE));
+
+  uint8_t hugeOcspValue[16385];
+  memset(hugeOcspValue, 0xa1, sizeof(hugeOcspValue));
+  const SECItem hugeOcspItems[] = {
+      {siBuffer, const_cast<uint8_t*>(hugeOcspValue), sizeof(hugeOcspValue)}};
+  const SECItemArray hugeOcspResponses = {const_cast<SECItem*>(hugeOcspItems),
+                                          PR_ARRAY_SIZE(hugeOcspItems)};
+  const SSLExtraServerCertData hugeOcspExtraData = {
+      ssl_auth_null, nullptr, &hugeOcspResponses, nullptr};
+
+  // The value should be available during the AuthCertificateCallback
+  client_->SetAuthCertificateCallback([&](TlsAgent* agent, bool checksig,
+                                          bool isServer) -> SECStatus {
+    const SECItemArray* ocsp = SSL_PeerStapledOCSPResponses(agent->ssl_fd());
+    if (!ocsp) {
+      return SECFailure;
+    }
+    EXPECT_EQ(1U, ocsp->len) << "We only provide the first item";
+    EXPECT_EQ(0, SECITEM_CompareItem(&hugeOcspItems[0], &ocsp->items[0]));
+    return SECSuccess;
+  });
+  EXPECT_TRUE(server_->ConfigServerCert(TlsAgent::kServerRsa, true,
+                                        &hugeOcspExtraData));
+
+  Connect();
+}
+
+}  // namespace nspr_test
diff --git a/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
new file mode 100644
index 0000000..93c1b85
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc
@@ -0,0 +1,464 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// mode, version, cipher suite
+typedef std::tuple<std::string, uint16_t, uint16_t, SSLNamedGroup,
+                   SSLSignatureScheme>
+    CipherSuiteProfile;
+
+class TlsCipherSuiteTestBase : public TlsConnectTestBase {
+ public:
+  TlsCipherSuiteTestBase(const std::string &mode, uint16_t version,
+                         uint16_t cipher_suite, SSLNamedGroup group,
+                         SSLSignatureScheme signature_scheme)
+      : TlsConnectTestBase(mode, version),
+        cipher_suite_(cipher_suite),
+        group_(group),
+        signature_scheme_(signature_scheme),
+        csinfo_({0}) {
+    SECStatus rv =
+        SSL_GetCipherSuiteInfo(cipher_suite_, &csinfo_, sizeof(csinfo_));
+    EXPECT_EQ(SECSuccess, rv);
+    if (rv == SECSuccess) {
+      std::cerr << "Cipher suite: " << csinfo_.cipherSuiteName << std::endl;
+    }
+    auth_type_ = csinfo_.authType;
+    kea_type_ = csinfo_.keaType;
+  }
+
+ protected:
+  void EnableSingleCipher() {
+    EnsureTlsSetup();
+    // It doesn't matter which does this, but the test is better if both do it.
+    client_->EnableSingleCipher(cipher_suite_);
+    server_->EnableSingleCipher(cipher_suite_);
+
+    if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+      std::vector<SSLNamedGroup> groups = {group_};
+      client_->ConfigNamedGroups(groups);
+      server_->ConfigNamedGroups(groups);
+      kea_type_ = SSLInt_GetKEAType(group_);
+
+      client_->SetSignatureSchemes(&signature_scheme_, 1);
+      server_->SetSignatureSchemes(&signature_scheme_, 1);
+    }
+  }
+
+  virtual void SetupCertificate() {
+    if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+      switch (signature_scheme_) {
+        case ssl_sig_rsa_pkcs1_sha256:
+        case ssl_sig_rsa_pkcs1_sha384:
+        case ssl_sig_rsa_pkcs1_sha512:
+          Reset(TlsAgent::kServerRsaSign);
+          auth_type_ = ssl_auth_rsa_sign;
+          break;
+        case ssl_sig_rsa_pss_sha256:
+        case ssl_sig_rsa_pss_sha384:
+          Reset(TlsAgent::kServerRsaSign);
+          auth_type_ = ssl_auth_rsa_sign;
+          break;
+        case ssl_sig_rsa_pss_sha512:
+          // You can't fit SHA-512 PSS in a 1024-bit key.
+          Reset(TlsAgent::kRsa2048);
+          auth_type_ = ssl_auth_rsa_sign;
+          break;
+        case ssl_sig_ecdsa_secp256r1_sha256:
+          Reset(TlsAgent::kServerEcdsa256);
+          auth_type_ = ssl_auth_ecdsa;
+          break;
+        case ssl_sig_ecdsa_secp384r1_sha384:
+          Reset(TlsAgent::kServerEcdsa384);
+          auth_type_ = ssl_auth_ecdsa;
+          break;
+        default:
+          ASSERT_TRUE(false) << "Unsupported signature scheme: "
+                             << signature_scheme_;
+          break;
+      }
+    } else {
+      switch (csinfo_.authType) {
+        case ssl_auth_rsa_sign:
+          Reset(TlsAgent::kServerRsaSign);
+          break;
+        case ssl_auth_rsa_decrypt:
+          Reset(TlsAgent::kServerRsaDecrypt);
+          break;
+        case ssl_auth_ecdsa:
+          Reset(TlsAgent::kServerEcdsa256);
+          break;
+        case ssl_auth_ecdh_ecdsa:
+          Reset(TlsAgent::kServerEcdhEcdsa);
+          break;
+        case ssl_auth_ecdh_rsa:
+          Reset(TlsAgent::kServerEcdhRsa);
+          break;
+        case ssl_auth_dsa:
+          Reset(TlsAgent::kServerDsa);
+          break;
+        default:
+          ASSERT_TRUE(false) << "Unsupported cipher suite: " << cipher_suite_;
+          break;
+      }
+    }
+  }
+
+  void ConnectAndCheckCipherSuite() {
+    Connect();
+    SendReceive();
+
+    // Check that we used the right cipher suite, auth type and kea type.
+    uint16_t actual;
+    EXPECT_TRUE(client_->cipher_suite(&actual));
+    EXPECT_EQ(cipher_suite_, actual);
+    EXPECT_TRUE(server_->cipher_suite(&actual));
+    EXPECT_EQ(cipher_suite_, actual);
+    SSLAuthType auth;
+    EXPECT_TRUE(client_->auth_type(&auth));
+    EXPECT_EQ(auth_type_, auth);
+    EXPECT_TRUE(server_->auth_type(&auth));
+    EXPECT_EQ(auth_type_, auth);
+    SSLKEAType kea;
+    EXPECT_TRUE(client_->kea_type(&kea));
+    EXPECT_EQ(kea_type_, kea);
+    EXPECT_TRUE(server_->kea_type(&kea));
+    EXPECT_EQ(kea_type_, kea);
+  }
+
+  // Get the expected limit on the number of records that can be sent for the
+  // cipher suite.
+  uint64_t record_limit() const {
+    switch (csinfo_.symCipher) {
+      case ssl_calg_rc4:
+      case ssl_calg_3des:
+        return 1ULL << 20;
+      case ssl_calg_aes:
+      case ssl_calg_aes_gcm:
+        return 0x5aULL << 28;
+      case ssl_calg_null:
+      case ssl_calg_chacha20:
+        return (1ULL << 48) - 1;
+      case ssl_calg_rc2:
+      case ssl_calg_des:
+      case ssl_calg_idea:
+      case ssl_calg_fortezza:
+      case ssl_calg_camellia:
+      case ssl_calg_seed:
+        break;
+    }
+    EXPECT_TRUE(false) << "No limit for " << csinfo_.cipherSuiteName;
+    return 1ULL < 48;
+  }
+
+  uint64_t last_safe_write() const {
+    uint64_t limit = record_limit() - 1;
+    if (version_ < SSL_LIBRARY_VERSION_TLS_1_1 &&
+        (csinfo_.symCipher == ssl_calg_3des ||
+         csinfo_.symCipher == ssl_calg_aes)) {
+      // 1/n-1 record splitting needs space for two records.
+      limit--;
+    }
+    return limit;
+  }
+
+ protected:
+  uint16_t cipher_suite_;
+  SSLAuthType auth_type_;
+  SSLKEAType kea_type_;
+  SSLNamedGroup group_;
+  SSLSignatureScheme signature_scheme_;
+  SSLCipherSuiteInfo csinfo_;
+};
+
+class TlsCipherSuiteTest
+    : public TlsCipherSuiteTestBase,
+      public ::testing::WithParamInterface<CipherSuiteProfile> {
+ public:
+  TlsCipherSuiteTest()
+      : TlsCipherSuiteTestBase(std::get<0>(GetParam()), std::get<1>(GetParam()),
+                               std::get<2>(GetParam()), std::get<3>(GetParam()),
+                               std::get<4>(GetParam())) {}
+
+ protected:
+  bool SkipIfCipherSuiteIsDSA() {
+    bool isDSA = csinfo_.authType == ssl_auth_dsa;
+    if (isDSA) {
+      std::cerr << "Skipping DSA suite: " << csinfo_.cipherSuiteName
+                << std::endl;
+    }
+    return isDSA;
+  }
+};
+
+TEST_P(TlsCipherSuiteTest, SingleCipherSuite) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+}
+
+TEST_P(TlsCipherSuiteTest, ResumeCipherSuite) {
+  if (SkipIfCipherSuiteIsDSA()) {
+    return;  // Tickets don't work with DSA (bug 1174677).
+  }
+
+  SetupCertificate();  // This is only needed once.
+
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableSingleCipher();
+
+  ConnectAndCheckCipherSuite();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableSingleCipher();
+  ExpectResumption(RESUME_TICKET);
+  ConnectAndCheckCipherSuite();
+}
+
+// This only works for stream ciphers because we modify the sequence number -
+// which is included explicitly in the DTLS record header - and that trips a
+// different error code.  Note that the message that the client sends would not
+// decrypt (the nonce/IV wouldn't match), but the record limit is hit before
+// attempting to decrypt a record.
+TEST_P(TlsCipherSuiteTest, ReadLimit) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceReadSeqNum(server_->ssl_fd(), last_safe_write()));
+
+  client_->SendData(10, 10);
+  server_->ReadBytes();  // This should be OK.
+
+  // The payload needs to be big enough to pass for encrypted.  In the extreme
+  // case (TLS 1.3), this means 1 for payload, 1 for content type and 16 for
+  // authentication tag.
+  static const uint8_t payload[18] = {6};
+  DataBuffer record;
+  uint64_t epoch;
+  if (mode_ == DGRAM) {
+    if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+      epoch = 3;  // Application traffic keys.
+    } else {
+      epoch = 1;
+    }
+  } else {
+    epoch = 0;
+  }
+  TlsAgentTestBase::MakeRecord(mode_, kTlsApplicationDataType, version_,
+                               payload, sizeof(payload), &record,
+                               (epoch << 48) | record_limit());
+  server_->adapter()->PacketReceived(record);
+  server_->ExpectReadWriteError();
+  server_->ReadBytes();
+  EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, server_->error_code());
+}
+
+TEST_P(TlsCipherSuiteTest, WriteLimit) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), last_safe_write()));
+  client_->SendData(10, 10);
+  client_->ExpectReadWriteError();
+  client_->SendData(10, 10);
+  EXPECT_EQ(SSL_ERROR_TOO_MANY_RECORDS, client_->error_code());
+}
+
+// This awful macro makes the test instantiations easier to read.
+#define INSTANTIATE_CIPHER_TEST_P(name, modes, versions, groups, sigalgs, ...) \
+  static const uint16_t k##name##CiphersArr[] = {__VA_ARGS__};                 \
+  static const ::testing::internal::ParamGenerator<uint16_t>                   \
+      k##name##Ciphers = ::testing::ValuesIn(k##name##CiphersArr);             \
+  INSTANTIATE_TEST_CASE_P(                                                     \
+      CipherSuite##name, TlsCipherSuiteTest,                                   \
+      ::testing::Combine(TlsConnectTestBase::kTlsModes##modes,                 \
+                         TlsConnectTestBase::kTls##versions, k##name##Ciphers, \
+                         groups, sigalgs));
+
+static const auto kDummyNamedGroupParams = ::testing::Values(ssl_grp_none);
+static const auto kDummySignatureSchemesParams =
+    ::testing::Values(ssl_sig_none);
+
+#ifndef NSS_DISABLE_TLS_1_3
+static SSLSignatureScheme kSignatureSchemesParamsArr[] = {
+    ssl_sig_rsa_pkcs1_sha256,       ssl_sig_rsa_pkcs1_sha384,
+    ssl_sig_rsa_pkcs1_sha512,       ssl_sig_ecdsa_secp256r1_sha256,
+    ssl_sig_ecdsa_secp384r1_sha384, ssl_sig_rsa_pss_sha256,
+    ssl_sig_rsa_pss_sha384,         ssl_sig_rsa_pss_sha512,
+};
+#endif
+
+INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams,
+                          kDummySignatureSchemesParams,
+                          TLS_RSA_WITH_RC4_128_SHA,
+                          TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+                          TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+                          TLS_ECDH_RSA_WITH_RC4_128_SHA,
+                          TLS_ECDHE_RSA_WITH_RC4_128_SHA);
+INSTANTIATE_CIPHER_TEST_P(AEAD12, All, V12, kDummyNamedGroupParams,
+                          kDummySignatureSchemesParams,
+                          TLS_RSA_WITH_AES_128_GCM_SHA256,
+                          TLS_RSA_WITH_AES_256_GCM_SHA384,
+                          TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+                          TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+                          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+                          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
+INSTANTIATE_CIPHER_TEST_P(AEAD, All, V12, kDummyNamedGroupParams,
+                          kDummySignatureSchemesParams,
+                          TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+                          TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+                          TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+                          TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+                          TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+                          TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+                          TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+                          TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+                          TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+INSTANTIATE_CIPHER_TEST_P(
+    CBC12, All, V12, kDummyNamedGroupParams, kDummySignatureSchemesParams,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
+INSTANTIATE_CIPHER_TEST_P(
+    CBCStream, Stream, V10ToV12, kDummyNamedGroupParams,
+    kDummySignatureSchemesParams, TLS_ECDH_ECDSA_WITH_NULL_SHA,
+    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_NULL_SHA,
+    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA,
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+INSTANTIATE_CIPHER_TEST_P(
+    CBCDatagram, Datagram, V11V12, kDummyNamedGroupParams,
+    kDummySignatureSchemesParams, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13,
+                          ::testing::ValuesIn(kFasterDHEGroups),
+                          ::testing::ValuesIn(kSignatureSchemesParamsArr),
+                          TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256,
+                          TLS_AES_256_GCM_SHA384);
+INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13,
+                          ::testing::ValuesIn(kAllDHEGroups),
+                          ::testing::Values(ssl_sig_ecdsa_secp384r1_sha384),
+                          TLS_AES_256_GCM_SHA384);
+#endif
+
+// Fields are: version, cipher suite, bulk cipher name, secretKeySize
+struct SecStatusParams {
+  uint16_t version;
+  uint16_t cipher_suite;
+  std::string name;
+  int keySize;
+};
+
+inline std::ostream &operator<<(std::ostream &stream,
+                                const SecStatusParams &vals) {
+  SSLCipherSuiteInfo csinfo;
+  SECStatus rv =
+      SSL_GetCipherSuiteInfo(vals.cipher_suite, &csinfo, sizeof(csinfo));
+  if (rv != SECSuccess) {
+    return stream << "Error invoking SSL_GetCipherSuiteInfo()";
+  }
+
+  return stream << "TLS " << VersionString(vals.version) << ", "
+                << csinfo.cipherSuiteName << ", name = \"" << vals.name
+                << "\", key size = " << vals.keySize;
+}
+
+class SecurityStatusTest
+    : public TlsCipherSuiteTestBase,
+      public ::testing::WithParamInterface<SecStatusParams> {
+ public:
+  SecurityStatusTest()
+      : TlsCipherSuiteTestBase("TLS", GetParam().version,
+                               GetParam().cipher_suite, ssl_grp_none,
+                               ssl_sig_none) {}
+};
+
+// SSL_SecurityStatus produces fairly useless output when compared to
+// SSL_GetCipherSuiteInfo and SSL_GetChannelInfo, but we can't break it, so we
+// need to check it.
+TEST_P(SecurityStatusTest, CheckSecurityStatus) {
+  SetupCertificate();
+  EnableSingleCipher();
+  ConnectAndCheckCipherSuite();
+
+  int on;
+  char *cipher;
+  int keySize;
+  int secretKeySize;
+  char *issuer;
+  char *subject;
+  EXPECT_EQ(SECSuccess,
+            SSL_SecurityStatus(client_->ssl_fd(), &on, &cipher, &keySize,
+                               &secretKeySize, &issuer, &subject));
+  if (std::string(cipher) == "NULL") {
+    EXPECT_EQ(0, on);
+  } else {
+    EXPECT_NE(0, on);
+  }
+  EXPECT_EQ(GetParam().name, std::string(cipher));
+  // All the ciphers we support have secret key size == key size.
+  EXPECT_EQ(GetParam().keySize, keySize);
+  EXPECT_EQ(GetParam().keySize, secretKeySize);
+  EXPECT_LT(0U, strlen(issuer));
+  EXPECT_LT(0U, strlen(subject));
+
+  PORT_Free(cipher);
+  PORT_Free(issuer);
+  PORT_Free(subject);
+}
+
+static const SecStatusParams kSecStatusTestValuesArr[] = {
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_ECDHE_RSA_WITH_NULL_SHA, "NULL", 0},
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_RSA_WITH_RC4_128_SHA, "RC4", 128},
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+     "3DES-EDE-CBC", 168},
+    {SSL_LIBRARY_VERSION_TLS_1_0, TLS_RSA_WITH_AES_128_CBC_SHA, "AES-128", 128},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_256_CBC_SHA256, "AES-256",
+     256},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_128_GCM_SHA256,
+     "AES-128-GCM", 128},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_RSA_WITH_AES_256_GCM_SHA384,
+     "AES-256-GCM", 256},
+    {SSL_LIBRARY_VERSION_TLS_1_2, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+     "ChaCha20-Poly1305", 256}};
+INSTANTIATE_TEST_CASE_P(TestSecurityStatus, SecurityStatusTest,
+                        ::testing::ValuesIn(kSecStatusTestValuesArr));
+
+}  // namespace nspr_test
diff --git a/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
new file mode 100644
index 0000000..12be054
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->StartConnect();
+  client_->StartConnect();
+  client_->Handshake();
+  server_->Handshake();
+  std::cerr << "Damaging HS secret\n";
+  SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd());
+  client_->Handshake();
+  server_->Handshake();
+  // The client thinks it has connected.
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetPacketFilter(std::make_shared<AfterRecordN>(
+      server_, client_,
+      0,  // ServerHello.
+      [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+}
+
+}  // namespace nspr_test
diff --git a/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc b/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
new file mode 100644
index 0000000..3a59564
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
@@ -0,0 +1,614 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include <set>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGeneric, ConnectDhe) {
+  EnableOnlyDheCiphers();
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+TEST_P(TlsConnectTls13, SharesForBothEcdheAndDhe) {
+  EnsureTlsSetup();
+  client_->ConfigNamedGroups(kAllDHEGroups);
+
+  auto groups_capture =
+      std::make_shared<TlsExtensionCapture>(ssl_supported_groups_xtn);
+  auto shares_capture =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
+  std::vector<std::shared_ptr<PacketFilter>> captures = {groups_capture,
+                                                         shares_capture};
+  client_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(captures));
+
+  Connect();
+
+  CheckKeys();
+
+  bool ec, dh;
+  auto track_group_type = [&ec, &dh](SSLNamedGroup group) {
+    if ((group & 0xff00U) == 0x100U) {
+      dh = true;
+    } else {
+      ec = true;
+    }
+  };
+  CheckGroups(groups_capture->extension(), track_group_type);
+  CheckShares(shares_capture->extension(), track_group_type);
+  EXPECT_TRUE(ec) << "Should include an EC group and share";
+  EXPECT_TRUE(dh) << "Should include an FFDHE group and share";
+}
+
+TEST_P(TlsConnectGeneric, ConnectFfdheClient) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  auto groups_capture =
+      std::make_shared<TlsExtensionCapture>(ssl_supported_groups_xtn);
+  auto shares_capture =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
+  std::vector<std::shared_ptr<PacketFilter>> captures = {groups_capture,
+                                                         shares_capture};
+  client_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(captures));
+
+  Connect();
+
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+  auto is_ffdhe = [](SSLNamedGroup group) {
+    // The group has to be in this range.
+    EXPECT_LE(ssl_grp_ffdhe_2048, group);
+    EXPECT_GE(ssl_grp_ffdhe_8192, group);
+  };
+  CheckGroups(groups_capture->extension(), is_ffdhe);
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
+    CheckShares(shares_capture->extension(), is_ffdhe);
+  } else {
+    EXPECT_EQ(0U, shares_capture->extension().len());
+  }
+}
+
+// Requiring the FFDHE extension on the server alone means that clients won't be
+// able to connect using a DHE suite.  They should still connect in TLS 1.3,
+// because the client automatically sends the supported groups extension.
+TEST_P(TlsConnectGenericPre13, ConnectFfdheServer) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    Connect();
+    CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+  } else {
+    ConnectExpectFail();
+    client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+    server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  }
+}
+
+class TlsDheServerKeyExchangeDamager : public TlsHandshakeFilter {
+ public:
+  TlsDheServerKeyExchangeDamager() {}
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    // Damage the first octet of dh_p.  Anything other than the known prime will
+    // be rejected as "weak" when we have SSL_REQUIRE_DH_NAMED_GROUPS enabled.
+    *output = input;
+    output->data()[3] ^= 73;
+    return CHANGE;
+  }
+};
+
+// Changing the prime in the server's key share results in an error.  This will
+// invalidate the signature over the ServerKeyShare. That's ok, NSS won't check
+// the signature until everything else has been checked.
+TEST_P(TlsConnectGenericPre13, DamageServerKeyShare) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  server_->SetPacketFilter(std::make_shared<TlsDheServerKeyExchangeDamager>());
+
+  ConnectExpectFail();
+
+  client_->CheckErrorCode(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+class TlsDheSkeChangeY : public TlsHandshakeFilter {
+ public:
+  enum ChangeYTo {
+    kYZero,
+    kYOne,
+    kYPMinusOne,
+    kYGreaterThanP,
+    kYTooLarge,
+    kYZeroPad
+  };
+
+  TlsDheSkeChangeY(ChangeYTo change) : change_Y_(change) {}
+
+ protected:
+  void ChangeY(const DataBuffer& input, DataBuffer* output, size_t offset,
+               const DataBuffer& prime) {
+    static const uint8_t kExtraZero = 0;
+    static const uint8_t kTooLargeExtra = 1;
+
+    uint32_t dh_Ys_len;
+    EXPECT_TRUE(input.Read(offset, 2, &dh_Ys_len));
+    EXPECT_LT(offset + dh_Ys_len, input.len());
+    offset += 2;
+
+    // This isn't generally true, but our code pads.
+    EXPECT_EQ(prime.len(), dh_Ys_len)
+        << "Length of dh_Ys must equal length of dh_p";
+
+    *output = input;
+    switch (change_Y_) {
+      case kYZero:
+        memset(output->data() + offset, 0, prime.len());
+        break;
+
+      case kYOne:
+        memset(output->data() + offset, 0, prime.len() - 1);
+        output->Write(offset + prime.len() - 1, 1U, 1);
+        break;
+
+      case kYPMinusOne:
+        output->Write(offset, prime);
+        EXPECT_TRUE(output->data()[offset + prime.len() - 1] & 0x01)
+            << "P must at least be odd";
+        --output->data()[offset + prime.len() - 1];
+        break;
+
+      case kYGreaterThanP:
+        // Set the first 32 octets of Y to 0xff, except the first which we set
+        // to p[0].  This will make Y > p.  That is, unless p is Mersenne, or
+        // improbably large (but still the same bit length).  We currently only
+        // use a fixed prime that isn't a problem for this code.
+        EXPECT_LT(0, prime.data()[0]) << "dh_p should not be zero-padded";
+        offset = output->Write(offset, prime.data()[0], 1);
+        memset(output->data() + offset, 0xff, 31);
+        break;
+
+      case kYTooLarge:
+        // Increase the dh_Ys length.
+        output->Write(offset - 2, prime.len() + sizeof(kTooLargeExtra), 2);
+        // Then insert the octet.
+        output->Splice(&kTooLargeExtra, sizeof(kTooLargeExtra), offset);
+        break;
+
+      case kYZeroPad:
+        output->Write(offset - 2, prime.len() + sizeof(kExtraZero), 2);
+        output->Splice(&kExtraZero, sizeof(kExtraZero), offset);
+        break;
+    }
+  }
+
+ private:
+  ChangeYTo change_Y_;
+};
+
+class TlsDheSkeChangeYServer : public TlsDheSkeChangeY {
+ public:
+  TlsDheSkeChangeYServer(ChangeYTo change, bool modify)
+      : TlsDheSkeChangeY(change), modify_(modify), p_() {}
+
+  const DataBuffer& prime() const { return p_; }
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    size_t offset = 2;
+    // Read dh_p
+    uint32_t dh_len = 0;
+    EXPECT_TRUE(input.Read(0, 2, &dh_len));
+    EXPECT_GT(input.len(), offset + dh_len);
+    p_.Assign(input.data() + offset, dh_len);
+    offset += dh_len;
+
+    // Skip dh_g to find dh_Ys
+    EXPECT_TRUE(input.Read(offset, 2, &dh_len));
+    offset += 2 + dh_len;
+
+    if (modify_) {
+      ChangeY(input, output, offset, p_);
+      return CHANGE;
+    }
+    return KEEP;
+  }
+
+ private:
+  bool modify_;
+  DataBuffer p_;
+};
+
+class TlsDheSkeChangeYClient : public TlsDheSkeChangeY {
+ public:
+  TlsDheSkeChangeYClient(
+      ChangeYTo change,
+      std::shared_ptr<const TlsDheSkeChangeYServer> server_filter)
+      : TlsDheSkeChangeY(change), server_filter_(server_filter) {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeClientKeyExchange) {
+      return KEEP;
+    }
+
+    ChangeY(input, output, 0, server_filter_->prime());
+    return CHANGE;
+  }
+
+ private:
+  std::shared_ptr<const TlsDheSkeChangeYServer> server_filter_;
+};
+
+/* This matrix includes: mode (stream/datagram), TLS version, what change to
+ * make to dh_Ys, whether the client will be configured to require DH named
+ * groups.  Test all combinations. */
+typedef std::tuple<std::string, uint16_t, TlsDheSkeChangeY::ChangeYTo, bool>
+    DamageDHYProfile;
+class TlsDamageDHYTest
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<DamageDHYProfile> {
+ public:
+  TlsDamageDHYTest()
+      : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
+};
+
+TEST_P(TlsDamageDHYTest, DamageServerY) {
+  EnableOnlyDheCiphers();
+  if (std::get<3>(GetParam())) {
+    EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                        SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  }
+  TlsDheSkeChangeY::ChangeYTo change = std::get<2>(GetParam());
+  server_->SetPacketFilter(
+      std::make_shared<TlsDheSkeChangeYServer>(change, true));
+
+  ConnectExpectFail();
+  if (change == TlsDheSkeChangeY::kYZeroPad) {
+    // Zero padding Y only manifests in a signature failure.
+    // In TLS 1.0 and 1.1, the client reports a device error.
+    if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
+      client_->CheckErrorCode(SEC_ERROR_PKCS11_DEVICE_ERROR);
+    } else {
+      client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+    }
+    server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  }
+}
+
+TEST_P(TlsDamageDHYTest, DamageClientY) {
+  EnableOnlyDheCiphers();
+  if (std::get<3>(GetParam())) {
+    EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                        SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  }
+  // The filter on the server is required to capture the prime.
+  auto server_filter =
+      std::make_shared<TlsDheSkeChangeYServer>(TlsDheSkeChangeY::kYZero, false);
+  server_->SetPacketFilter(server_filter);
+
+  // The client filter does the damage.
+  TlsDheSkeChangeY::ChangeYTo change = std::get<2>(GetParam());
+  client_->SetPacketFilter(
+      std::make_shared<TlsDheSkeChangeYClient>(change, server_filter));
+
+  ConnectExpectFail();
+  if (change == TlsDheSkeChangeY::kYZeroPad) {
+    // Zero padding Y only manifests in a finished error.
+    client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+  }
+}
+
+static const TlsDheSkeChangeY::ChangeYTo kAllYArr[] = {
+    TlsDheSkeChangeY::kYZero,      TlsDheSkeChangeY::kYOne,
+    TlsDheSkeChangeY::kYPMinusOne, TlsDheSkeChangeY::kYGreaterThanP,
+    TlsDheSkeChangeY::kYTooLarge,  TlsDheSkeChangeY::kYZeroPad};
+static ::testing::internal::ParamGenerator<TlsDheSkeChangeY::ChangeYTo> kAllY =
+    ::testing::ValuesIn(kAllYArr);
+static const bool kTrueFalseArr[] = {true, false};
+static ::testing::internal::ParamGenerator<bool> kTrueFalse =
+    ::testing::ValuesIn(kTrueFalseArr);
+
+INSTANTIATE_TEST_CASE_P(DamageYStream, TlsDamageDHYTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10ToV12,
+                                           kAllY, kTrueFalse));
+INSTANTIATE_TEST_CASE_P(
+    DamageYDatagram, TlsDamageDHYTest,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11V12, kAllY, kTrueFalse));
+
+class TlsDheSkeMakePEven : public TlsHandshakeFilter {
+ public:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    // Find the end of dh_p
+    uint32_t dh_len = 0;
+    EXPECT_TRUE(input.Read(0, 2, &dh_len));
+    EXPECT_GT(input.len(), 2 + dh_len) << "enough space for dh_p";
+    size_t offset = 2 + dh_len - 1;
+    EXPECT_TRUE((input.data()[offset] & 0x01) == 0x01) << "p should be odd";
+
+    *output = input;
+    output->data()[offset] &= 0xfe;
+
+    return CHANGE;
+  }
+};
+
+// Even without requiring named groups, an even value for p is bad news.
+TEST_P(TlsConnectGenericPre13, MakeDhePEven) {
+  EnableOnlyDheCiphers();
+  server_->SetPacketFilter(std::make_shared<TlsDheSkeMakePEven>());
+
+  ConnectExpectFail();
+
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+class TlsDheSkeZeroPadP : public TlsHandshakeFilter {
+ public:
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    *output = input;
+    uint32_t dh_len = 0;
+    EXPECT_TRUE(input.Read(0, 2, &dh_len));
+    static const uint8_t kZeroPad = 0;
+    output->Write(0, dh_len + sizeof(kZeroPad), 2);  // increment the length
+    output->Splice(&kZeroPad, sizeof(kZeroPad), 2);  // insert a zero
+
+    return CHANGE;
+  }
+};
+
+// Zero padding only causes signature failure.
+TEST_P(TlsConnectGenericPre13, PadDheP) {
+  EnableOnlyDheCiphers();
+  server_->SetPacketFilter(std::make_shared<TlsDheSkeZeroPadP>());
+
+  ConnectExpectFail();
+
+  // In TLS 1.0 and 1.1, the client reports a device error.
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
+    client_->CheckErrorCode(SEC_ERROR_PKCS11_DEVICE_ERROR);
+  } else {
+    client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+  }
+  server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+// The server should not pick the weak DH group if the client includes FFDHE
+// named groups in the supported_groups extension. The server then picks a
+// commonly-supported named DH group and this connects.
+//
+// Note: This test case can take ages to generate the weak DH key.
+TEST_P(TlsConnectGenericPre13, WeakDHGroup) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  EXPECT_EQ(SECSuccess,
+            SSL_EnableWeakDHEPrimeGroup(server_->ssl_fd(), PR_TRUE));
+
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, Ffdhe3072) {
+  EnableOnlyDheCiphers();
+  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ffdhe_3072};
+  client_->ConfigNamedGroups(groups);
+
+  Connect();
+}
+
+// Even though the client doesn't have DHE groups enabled the server assumes it
+// does. Because the client doesn't require named groups it accepts FF3072 as
+// custom group.
+TEST_P(TlsConnectGenericPre13, NamedGroupMismatchPre13) {
+  EnableOnlyDheCiphers();
+  static const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_3072};
+  static const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_secp256r1};
+  server_->ConfigNamedGroups(server_groups);
+  client_->ConfigNamedGroups(client_groups);
+
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_custom, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+// Same test but for TLS 1.3. This has to fail.
+TEST_P(TlsConnectTls13, NamedGroupMismatch13) {
+  EnableOnlyDheCiphers();
+  static const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_3072};
+  static const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_secp256r1};
+  server_->ConfigNamedGroups(server_groups);
+  client_->ConfigNamedGroups(client_groups);
+
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+// Even though the client doesn't have DHE groups enabled the server assumes it
+// does. The client requires named groups and thus does not accept FF3072 as
+// custom group in contrast to the previous test.
+TEST_P(TlsConnectGenericPre13, RequireNamedGroupsMismatchPre13) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  static const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_3072};
+  static const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1,
+                                                           ssl_grp_ffdhe_2048};
+  server_->ConfigNamedGroups(server_groups);
+  client_->ConfigNamedGroups(client_groups);
+
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectGenericPre13, PreferredFfdhe) {
+  EnableOnlyDheCiphers();
+  static const SSLDHEGroupType groups[] = {ssl_ff_dhe_3072_group,
+                                           ssl_ff_dhe_2048_group};
+  EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), groups,
+                                            PR_ARRAY_SIZE(groups)));
+
+  Connect();
+  client_->CheckKEA(ssl_kea_dh, ssl_grp_ffdhe_3072, 3072);
+  server_->CheckKEA(ssl_kea_dh, ssl_grp_ffdhe_3072, 3072);
+  client_->CheckAuthType(ssl_auth_rsa_sign, ssl_sig_rsa_pss_sha256);
+  server_->CheckAuthType(ssl_auth_rsa_sign, ssl_sig_rsa_pss_sha256);
+}
+
+TEST_P(TlsConnectGenericPre13, MismatchDHE) {
+  EnableOnlyDheCiphers();
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(),
+                                      SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
+  static const SSLDHEGroupType serverGroups[] = {ssl_ff_dhe_3072_group};
+  EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(server_->ssl_fd(), serverGroups,
+                                            PR_ARRAY_SIZE(serverGroups)));
+  static const SSLDHEGroupType clientGroups[] = {ssl_ff_dhe_2048_group};
+  EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(client_->ssl_fd(), clientGroups,
+                                            PR_ARRAY_SIZE(clientGroups)));
+
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectTls13, ResumeFfdhe) {
+  EnableOnlyDheCiphers();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableOnlyDheCiphers();
+  auto clientCapture =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(clientCapture);
+  auto serverCapture =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_pre_shared_key_xtn);
+  server_->SetPacketFilter(serverCapture);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign, ssl_sig_none);
+  ASSERT_LT(0UL, clientCapture->extension().len());
+  ASSERT_LT(0UL, serverCapture->extension().len());
+}
+
+class TlsDheSkeChangeSignature : public TlsHandshakeFilter {
+ public:
+  TlsDheSkeChangeSignature(uint16_t version, const uint8_t* data, size_t len)
+      : version_(version), data_(data), len_(len) {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    TlsParser parser(input);
+    EXPECT_TRUE(parser.SkipVariable(2));  // dh_p
+    EXPECT_TRUE(parser.SkipVariable(2));  // dh_g
+    EXPECT_TRUE(parser.SkipVariable(2));  // dh_Ys
+
+    // Copy DH params to output.
+    size_t offset = output->Write(0, input.data(), parser.consumed());
+
+    if (version_ == SSL_LIBRARY_VERSION_TLS_1_2) {
+      // Write signature algorithm.
+      offset = output->Write(offset, ssl_sig_dsa_sha256, 2);
+    }
+
+    // Write new signature.
+    offset = output->Write(offset, len_, 2);
+    offset = output->Write(offset, data_, len_);
+
+    return CHANGE;
+  }
+
+ private:
+  uint16_t version_;
+  const uint8_t* data_;
+  size_t len_;
+};
+
+TEST_P(TlsConnectGenericPre13, InvalidDERSignatureFfdhe) {
+  const uint8_t kBogusDheSignature[] = {
+      0x30, 0x69, 0x3c, 0x02, 0x1c, 0x7d, 0x0b, 0x2f, 0x64, 0x00, 0x27,
+      0xae, 0xcf, 0x1e, 0x28, 0x08, 0x6a, 0x7f, 0xb1, 0xbd, 0x78, 0xb5,
+      0x3b, 0x8c, 0x8f, 0x59, 0xed, 0x8f, 0xee, 0x78, 0xeb, 0x2c, 0xe9,
+      0x02, 0x1c, 0x6d, 0x7f, 0x3c, 0x0f, 0xf4, 0x44, 0x35, 0x0b, 0xb2,
+      0x6d, 0xdc, 0xb8, 0x21, 0x87, 0xdd, 0x0d, 0xb9, 0x46, 0x09, 0x3e,
+      0xef, 0x81, 0x5b, 0x37, 0x09, 0x39, 0xeb};
+
+  Reset(TlsAgent::kServerDsa);
+
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ffdhe_2048};
+  client_->ConfigNamedGroups(client_groups);
+
+  server_->SetPacketFilter(std::make_shared<TlsDheSkeChangeSignature>(
+      version_, kBogusDheSignature, sizeof(kBogusDheSignature)));
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_drop_unittest.cc b/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
new file mode 100644
index 0000000..3cc3b0e
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
@@ -0,0 +1,133 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectDatagram, DropClientFirstFlightOnce) {
+  client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x1));
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectDatagram, DropServerFirstFlightOnce) {
+  server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x1));
+  Connect();
+  SendReceive();
+}
+
+// This drops the first transmission from both the client and server of all
+// flights that they send.  Note: In DTLS 1.3, the shorter handshake means that
+// this will also drop some application data, so we can't call SendReceive().
+TEST_P(TlsConnectDatagram, DropAllFirstTransmissions) {
+  client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x15));
+  server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x5));
+  Connect();
+}
+
+// This drops the server's first flight three times.
+TEST_P(TlsConnectDatagram, DropServerFirstFlightThrice) {
+  server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x7));
+  Connect();
+}
+
+// This drops the client's second flight once
+TEST_P(TlsConnectDatagram, DropClientSecondFlightOnce) {
+  client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x2));
+  Connect();
+}
+
+// This drops the client's second flight three times.
+TEST_P(TlsConnectDatagram, DropClientSecondFlightThrice) {
+  client_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0xe));
+  Connect();
+}
+
+// This drops the server's second flight three times.
+TEST_P(TlsConnectDatagram, DropServerSecondFlightThrice) {
+  server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0xe));
+  Connect();
+}
+
+static void GetCipherAndLimit(uint16_t version, uint16_t* cipher,
+                              uint64_t* limit = nullptr) {
+  uint64_t l;
+  if (!limit) limit = &l;
+
+  if (version < SSL_LIBRARY_VERSION_TLS_1_2) {
+    *cipher = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
+    *limit = 0x5aULL << 28;
+  } else if (version == SSL_LIBRARY_VERSION_TLS_1_2) {
+    *cipher = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
+    *limit = (1ULL << 48) - 1;
+  } else {
+    *cipher = TLS_CHACHA20_POLY1305_SHA256;
+    *limit = (1ULL << 48) - 1;
+  }
+}
+
+// This simulates a huge number of drops on one side.
+TEST_P(TlsConnectDatagram, MissLotsOfPackets) {
+  uint16_t cipher;
+  uint64_t limit;
+
+  GetCipherAndLimit(version_, &cipher, &limit);
+
+  EnsureTlsSetup();
+  server_->EnableSingleCipher(cipher);
+  Connect();
+
+  // Note that the limit for ChaCha is 2^48-1.
+  EXPECT_EQ(SECSuccess,
+            SSLInt_AdvanceWriteSeqNum(client_->ssl_fd(), limit - 10));
+  SendReceive();
+}
+
+class TlsConnectDatagram12Plus : public TlsConnectDatagram {
+ public:
+  TlsConnectDatagram12Plus() : TlsConnectDatagram() {}
+};
+
+// This simulates missing a window's worth of packets.
+TEST_P(TlsConnectDatagram12Plus, MissAWindow) {
+  EnsureTlsSetup();
+  uint16_t cipher;
+  GetCipherAndLimit(version_, &cipher);
+  server_->EnableSingleCipher(cipher);
+  Connect();
+
+  EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 0));
+  SendReceive();
+}
+
+TEST_P(TlsConnectDatagram12Plus, MissAWindowAndOne) {
+  EnsureTlsSetup();
+  uint16_t cipher;
+  GetCipherAndLimit(version_, &cipher);
+  server_->EnableSingleCipher(cipher);
+  Connect();
+
+  EXPECT_EQ(SECSuccess, SSLInt_AdvanceWriteSeqByAWindow(client_->ssl_fd(), 1));
+  SendReceive();
+}
+
+INSTANTIATE_TEST_CASE_P(Datagram12Plus, TlsConnectDatagram12Plus,
+                        TlsConnectTestBase::kTlsV12Plus);
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc b/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
new file mode 100644
index 0000000..7ddb509
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
@@ -0,0 +1,586 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGenericPre13, ConnectEcdh) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Reset(TlsAgent::kServerEcdhEcdsa);
+  DisableAllCiphers();
+  EnableSomeEcdhCiphers();
+
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_ecdh_ecdsa,
+            ssl_sig_none);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectEcdhWithoutDisablingSuites) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Reset(TlsAgent::kServerEcdhEcdsa);
+  EnableSomeEcdhCiphers();
+
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_ecdh_ecdsa,
+            ssl_sig_none);
+}
+
+TEST_P(TlsConnectGeneric, ConnectEcdhe) {
+  Connect();
+  CheckKeys();
+}
+
+// If we pick a 256-bit cipher suite and use a P-384 certificate, the server
+// should choose P-384 for key exchange too.  Only valid for TLS == 1.2 because
+// we don't have 256-bit ciphers before then and 1.3 doesn't try to couple
+// DHE size to symmetric size.
+TEST_P(TlsConnectTls12, ConnectEcdheP384) {
+  Reset(TlsAgent::kServerEcdsa384);
+  ConnectWithCipherSuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_ecdsa,
+            ssl_sig_ecdsa_secp256r1_sha256);
+}
+
+TEST_P(TlsConnectGeneric, ConnectEcdheP384Client) {
+  EnsureTlsSetup();
+  const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
+                                             ssl_grp_ffdhe_2048};
+  client_->ConfigNamedGroups(groups);
+  server_->ConfigNamedGroups(groups);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+// This causes a HelloRetryRequest in TLS 1.3.  Earlier versions don't care.
+TEST_P(TlsConnectGeneric, ConnectEcdheP384Server) {
+  EnsureTlsSetup();
+  auto hrr_capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeHelloRetryRequest);
+  server_->SetPacketFilter(hrr_capture);
+  const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
+  server_->ConfigNamedGroups(groups);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  EXPECT_EQ(version_ == SSL_LIBRARY_VERSION_TLS_1_3,
+            hrr_capture->buffer().len() != 0);
+}
+
+// This enables only P-256 on the client and disables it on the server.
+// This test will fail when we add other groups that identify as ECDHE.
+TEST_P(TlsConnectGeneric, ConnectEcdheGroupMismatch) {
+  EnsureTlsSetup();
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1,
+                                                    ssl_grp_ffdhe_2048};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ffdhe_2048};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
+}
+
+TEST_P(TlsKeyExchangeTest, P384Priority) {
+  // P256, P384 and P521 are enabled. Both prefer P384.
+  const std::vector<SSLNamedGroup> groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+  EnsureKeyShareSetup();
+  ConfigNamedGroups(groups);
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+
+  std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
+  CheckKEXDetails(groups, shares);
+}
+
+TEST_P(TlsKeyExchangeTest, DuplicateGroupConfig) {
+  const std::vector<SSLNamedGroup> groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_secp384r1, ssl_grp_ec_secp384r1,
+      ssl_grp_ec_secp256r1, ssl_grp_ec_secp256r1};
+  EnsureKeyShareSetup();
+  ConfigNamedGroups(groups);
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+
+  std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
+  std::vector<SSLNamedGroup> expectedGroups = {ssl_grp_ec_secp384r1,
+                                               ssl_grp_ec_secp256r1};
+  CheckKEXDetails(expectedGroups, shares);
+}
+
+TEST_P(TlsKeyExchangeTest, P384PriorityDHEnabled) {
+  // P256, P384,  P521, and FFDHE2048 are enabled. Both prefer P384.
+  const std::vector<SSLNamedGroup> groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ffdhe_2048, ssl_grp_ec_secp256r1,
+      ssl_grp_ec_secp521r1};
+  EnsureKeyShareSetup();
+  ConfigNamedGroups(groups);
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp384r1};
+    CheckKEXDetails(groups, shares);
+  } else {
+    std::vector<SSLNamedGroup> oldtlsgroups = {
+        ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+    CheckKEXDetails(oldtlsgroups, std::vector<SSLNamedGroup>());
+  }
+}
+
+TEST_P(TlsConnectGenericPre13, P384PriorityOnServer) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  // The server prefers P384. It has to win.
+  const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+TEST_P(TlsConnectGenericPre13, P384PriorityFromModelSocket) {
+  EnsureModelSockets();
+
+  /* Both prefer P384, set on the model socket. */
+  const std::vector<SSLNamedGroup> groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1,
+      ssl_grp_ffdhe_2048};
+  client_model_->ConfigNamedGroups(groups);
+  server_model_->ConfigNamedGroups(groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp384r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+class TlsKeyExchangeGroupCapture : public TlsHandshakeFilter {
+ public:
+  TlsKeyExchangeGroupCapture() : group_(ssl_grp_none) {}
+
+  SSLNamedGroup group() const { return group_; }
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
+                                               const DataBuffer &input,
+                                               DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    uint32_t value = 0;
+    EXPECT_TRUE(input.Read(0, 1, &value));
+    EXPECT_EQ(3U, value) << "curve type has to be 3";
+
+    EXPECT_TRUE(input.Read(1, 2, &value));
+    group_ = static_cast<SSLNamedGroup>(value);
+
+    return KEEP;
+  }
+
+ private:
+  SSLNamedGroup group_;
+};
+
+// If we strip the client's supported groups extension, the server should assume
+// P-256 is supported by the client (<= 1.2 only).
+TEST_P(TlsConnectGenericPre13, DropSupportedGroupExtensionP256) {
+  EnsureTlsSetup();
+  client_->SetPacketFilter(
+      std::make_shared<TlsExtensionDropper>(ssl_supported_groups_xtn));
+  auto group_capture = std::make_shared<TlsKeyExchangeGroupCapture>();
+  server_->SetPacketFilter(group_capture);
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+
+  EXPECT_EQ(ssl_grp_ec_secp256r1, group_capture->group());
+}
+
+// Supported groups is mandatory in TLS 1.3.
+TEST_P(TlsConnectTls13, DropSupportedGroupExtension) {
+  EnsureTlsSetup();
+  client_->SetPacketFilter(
+      std::make_shared<TlsExtensionDropper>(ssl_supported_groups_xtn));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION);
+}
+
+// If we only have a lame group, we fall back to static RSA.
+TEST_P(TlsConnectGenericPre13, UseLameGroup) {
+  const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp192r1};
+  client_->ConfigNamedGroups(groups);
+  server_->ConfigNamedGroups(groups);
+  Connect();
+  CheckKeys(ssl_kea_rsa, ssl_grp_none, ssl_auth_rsa_decrypt, ssl_sig_none);
+}
+
+// In TLS 1.3, we can't generate the ClientHello.
+TEST_P(TlsConnectTls13, UseLameGroup) {
+  const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_sect283k1};
+  client_->ConfigNamedGroups(groups);
+  server_->ConfigNamedGroups(groups);
+  client_->StartConnect();
+  client_->Handshake();
+  client_->CheckErrorCode(SSL_ERROR_NO_CIPHERS_SUPPORTED);
+}
+
+TEST_P(TlsConnectStreamPre13, ConfiguredGroupsRenegotiate) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ec_secp256r1,
+                                                    ssl_grp_ec_secp256r1};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  CheckConnected();
+
+  // The renegotiation has to use the same preferences as the original session.
+  server_->PrepareForRenegotiate();
+  client_->StartRenegotiate();
+  Handshake();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+TEST_P(TlsKeyExchangeTest, Curve25519) {
+  Reset(TlsAgent::kServerEcdsa256);
+  const std::vector<SSLNamedGroup> groups = {
+      ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+  EnsureKeyShareSetup();
+  ConfigNamedGroups(groups);
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_ecdsa,
+            ssl_sig_ecdsa_secp256r1_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(groups, shares);
+}
+
+TEST_P(TlsConnectGenericPre13, GroupPreferenceServerPriority) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  // The client prefers P256 while the server prefers 25519.
+  // The server's preference has to win.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1,
+                                                    ssl_grp_ec_curve25519};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ec_curve25519,
+                                                    ssl_grp_ec_secp256r1};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+}
+
+#ifndef NSS_DISABLE_TLS_1_3
+TEST_P(TlsKeyExchangeTest13, Curve25519P256EqualPriorityClient13) {
+  EnsureKeyShareSetup();
+
+  // The client sends a P256 key share while the server prefers 25519.
+  // We have to accept P256 without retry.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1,
+                                                    ssl_grp_ec_curve25519};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ec_curve25519,
+                                                    ssl_grp_ec_secp256r1};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_secp256r1};
+  CheckKEXDetails(client_groups, shares);
+}
+
+TEST_P(TlsKeyExchangeTest13, Curve25519P256EqualPriorityServer13) {
+  EnsureKeyShareSetup();
+
+  // The client sends a 25519 key share while the server prefers P256.
+  // We have to accept 25519 without retry.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_curve25519,
+                                                    ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ec_secp256r1,
+                                                    ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(client_groups, shares);
+}
+
+TEST_P(TlsKeyExchangeTest13, EqualPriorityTestRetryECServer13) {
+  EnsureKeyShareSetup();
+
+  // The client sends a 25519 key share while the server prefers P256.
+  // The server prefers P-384 over x25519, so it must not consider P-256 and
+  // x25519 to be equivalent. It will therefore request a P-256 share
+  // with a HelloRetryRequest.
+  const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1};
+  const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
+}
+
+TEST_P(TlsKeyExchangeTest13, NotEqualPriorityWithIntermediateGroup13) {
+  EnsureKeyShareSetup();
+
+  // The client sends a 25519 key share while the server prefers P256.
+  // The server prefers ffdhe_2048 over x25519, so it must not consider the
+  // P-256 and x25519 to be equivalent. It will therefore request a P-256 share
+  // with a HelloRetryRequest.
+  const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ffdhe_2048};
+  const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_secp256r1, ssl_grp_ffdhe_2048, ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
+}
+
+TEST_P(TlsKeyExchangeTest13,
+       NotEqualPriorityWithUnsupportedFFIntermediateGroup13) {
+  EnsureKeyShareSetup();
+
+  // As in the previous test, the server prefers ffdhe_2048. Thus, even though
+  // the client doesn't support this group, the server must not regard x25519 as
+  // equivalent to P-256.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_curve25519,
+                                                    ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_secp256r1, ssl_grp_ffdhe_2048, ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
+}
+
+TEST_P(TlsKeyExchangeTest13,
+       NotEqualPriorityWithUnsupportedECIntermediateGroup13) {
+  EnsureKeyShareSetup();
+
+  // As in the previous test, the server prefers P-384. Thus, even though
+  // the client doesn't support this group, the server must not regard x25519 as
+  // equivalent to P-256. The server sends a HelloRetryRequest.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_curve25519,
+                                                    ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(client_groups, shares, ssl_grp_ec_secp256r1);
+}
+
+TEST_P(TlsKeyExchangeTest13, EqualPriority13) {
+  EnsureKeyShareSetup();
+
+  // The client sends a 25519 key share while the server prefers P256.
+  // We have to accept 25519 without retry because it's considered equivalent to
+  // P256 by the server.
+  const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_curve25519, ssl_grp_ffdhe_2048, ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ec_secp256r1,
+                                                    ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  Connect();
+
+  CheckKeys();
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519};
+  CheckKEXDetails(client_groups, shares);
+}
+#endif
+
+TEST_P(TlsConnectGeneric, P256ClientAndCurve25519Server) {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  client_->EnableCiphersByKeyExchange(ssl_kea_ecdh);
+
+  // The client sends a P256 key share while the server prefers 25519.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ec_curve25519};
+
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsKeyExchangeTest13, MultipleClientShares) {
+  EnsureKeyShareSetup();
+
+  // The client sends 25519 and P256 key shares. The server prefers P256,
+  // which must be chosen here.
+  const std::vector<SSLNamedGroup> client_groups = {ssl_grp_ec_curve25519,
+                                                    ssl_grp_ec_secp256r1};
+  const std::vector<SSLNamedGroup> server_groups = {ssl_grp_ec_secp256r1,
+                                                    ssl_grp_ec_curve25519};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+
+  // Generate a key share on the client for both curves.
+  EXPECT_EQ(SECSuccess, SSL_SendAdditionalKeyShares(client_->ssl_fd(), 1));
+
+  Connect();
+
+  // The server would accept 25519 but its preferred group (P256) has to win.
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp256r1, ssl_auth_rsa_sign,
+            ssl_sig_rsa_pss_sha256);
+  const std::vector<SSLNamedGroup> shares = {ssl_grp_ec_curve25519,
+                                             ssl_grp_ec_secp256r1};
+  CheckKEXDetails(client_groups, shares);
+}
+
+// Replace the point in the client key exchange message with an empty one
+class ECCClientKEXFilter : public TlsHandshakeFilter {
+ public:
+  ECCClientKEXFilter() {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
+                                               const DataBuffer &input,
+                                               DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeClientKeyExchange) {
+      return KEEP;
+    }
+
+    // Replace the client key exchange message with an empty point
+    output->Allocate(1);
+    output->Write(0, 0U, 1);  // set point length 0
+    return CHANGE;
+  }
+};
+
+// Replace the point in the server key exchange message with an empty one
+class ECCServerKEXFilter : public TlsHandshakeFilter {
+ public:
+  ECCServerKEXFilter() {}
+
+ protected:
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader &header,
+                                               const DataBuffer &input,
+                                               DataBuffer *output) {
+    if (header.handshake_type() != kTlsHandshakeServerKeyExchange) {
+      return KEEP;
+    }
+
+    // Replace the server key exchange message with an empty point
+    output->Allocate(4);
+    output->Write(0, 3U, 1);  // named curve
+    uint32_t curve;
+    EXPECT_TRUE(input.Read(1, 2, &curve));  // get curve id
+    output->Write(1, curve, 2);             // write curve id
+    output->Write(3, 0U, 1);                // point length 0
+    return CHANGE;
+  }
+};
+
+TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyServerPoint) {
+  // add packet filter
+  server_->SetPacketFilter(std::make_shared<ECCServerKEXFilter>());
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyClientPoint) {
+  // add packet filter
+  client_->SetPacketFilter(std::make_shared<ECCClientKEXFilter>());
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH);
+}
+
+INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11Plus));
+
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(KeyExchangeTest, TlsKeyExchangeTest13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV13));
+#endif
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_ems_unittest.cc b/nss/gtests/ssl_gtest/ssl_ems_unittest.cc
new file mode 100644
index 0000000..03953f8
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_ems_unittest.cc
@@ -0,0 +1,100 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecret) {
+  EnableExtendedMasterSecret();
+  Connect();
+  Reset();
+  ExpectResumption(RESUME_SESSIONID);
+  EnableExtendedMasterSecret();
+  Connect();
+}
+
+TEST_P(TlsConnectTls12, ConnectExtendedMasterSecretSha384) {
+  EnableExtendedMasterSecret();
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+  ConnectWithCipherSuite(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretStaticRSA) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretECDHE) {
+  EnableExtendedMasterSecret();
+  Connect();
+
+  Reset();
+  EnableExtendedMasterSecret();
+  ExpectResumption(RESUME_SESSIONID);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretTicket) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  EnableExtendedMasterSecret();
+  Connect();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+
+  EnableExtendedMasterSecret();
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretClientOnly) {
+  client_->EnableExtendedMasterSecret();
+  ExpectExtendedMasterSecret(false);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretServerOnly) {
+  server_->EnableExtendedMasterSecret();
+  ExpectExtendedMasterSecret(false);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretResumeWithout) {
+  EnableExtendedMasterSecret();
+  Connect();
+
+  Reset();
+  server_->EnableExtendedMasterSecret();
+  auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description());
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectNormalResumeWithExtendedMasterSecret) {
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
+  ExpectExtendedMasterSecret(false);
+  Connect();
+
+  Reset();
+  EnableExtendedMasterSecret();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc b/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
new file mode 100644
index 0000000..e027d57
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
@@ -0,0 +1,125 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+
+namespace nss_test {
+
+static const char* kExporterLabel = "EXPORTER-duck";
+static const uint8_t kExporterContext[] = {0x12, 0x34, 0x56};
+
+static void ExportAndCompare(std::shared_ptr<TlsAgent>& client,
+                             std::shared_ptr<TlsAgent>& server, bool context) {
+  static const size_t exporter_len = 10;
+  uint8_t client_value[exporter_len] = {0};
+  EXPECT_EQ(SECSuccess,
+            SSL_ExportKeyingMaterial(
+                client->ssl_fd(), kExporterLabel, strlen(kExporterLabel),
+                context ? PR_TRUE : PR_FALSE, kExporterContext,
+                sizeof(kExporterContext), client_value, sizeof(client_value)));
+  uint8_t server_value[exporter_len] = {0xff};
+  EXPECT_EQ(SECSuccess,
+            SSL_ExportKeyingMaterial(
+                server->ssl_fd(), kExporterLabel, strlen(kExporterLabel),
+                context ? PR_TRUE : PR_FALSE, kExporterContext,
+                sizeof(kExporterContext), server_value, sizeof(server_value)));
+  EXPECT_EQ(0, memcmp(client_value, server_value, sizeof(client_value)));
+}
+
+TEST_P(TlsConnectGeneric, ExporterBasic) {
+  EnsureTlsSetup();
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+  } else {
+    server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  }
+  Connect();
+  CheckKeys();
+  ExportAndCompare(client_, server_, false);
+}
+
+TEST_P(TlsConnectGeneric, ExporterContext) {
+  EnsureTlsSetup();
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+  } else {
+    server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  }
+  Connect();
+  CheckKeys();
+  ExportAndCompare(client_, server_, true);
+}
+
+// Bug 1312976 - SHA-384 doesn't work in 1.2 right now.
+TEST_P(TlsConnectTls13, ExporterSha384) {
+  EnsureTlsSetup();
+  client_->EnableSingleCipher(TLS_AES_256_GCM_SHA384);
+  Connect();
+  CheckKeys();
+  ExportAndCompare(client_, server_, false);
+}
+
+TEST_P(TlsConnectTls13, ExporterContextEmptyIsSameAsNone) {
+  EnsureTlsSetup();
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    server_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+  } else {
+    server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  }
+  Connect();
+  CheckKeys();
+  ExportAndCompare(client_, server_, false);
+}
+
+// This has a weird signature so that it can be passed to the SNI callback.
+int32_t RegularExporterShouldFail(TlsAgent* agent, const SECItem* srvNameArr,
+                                  PRUint32 srvNameArrSize) {
+  uint8_t val[10];
+  EXPECT_EQ(SECFailure, SSL_ExportKeyingMaterial(
+                            agent->ssl_fd(), kExporterLabel,
+                            strlen(kExporterLabel), PR_TRUE, kExporterContext,
+                            sizeof(kExporterContext), val, sizeof(val)))
+      << "regular exporter should fail";
+  return 0;
+}
+
+TEST_P(TlsConnectTls13, EarlyExporter) {
+  SetupForZeroRtt();
+  client_->SetExpectedAlertSentCount(1);
+  server_->SetExpectedAlertReceivedCount(1);
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+
+  client_->Handshake();  // Send ClientHello.
+  uint8_t client_value[10] = {0};
+  RegularExporterShouldFail(client_.get(), nullptr, 0);
+  EXPECT_EQ(SECSuccess,
+            SSL_ExportEarlyKeyingMaterial(
+                client_->ssl_fd(), kExporterLabel, strlen(kExporterLabel),
+                kExporterContext, sizeof(kExporterContext), client_value,
+                sizeof(client_value)));
+
+  server_->SetSniCallback(RegularExporterShouldFail);
+  server_->Handshake();  // Handle ClientHello.
+  uint8_t server_value[10] = {0};
+  EXPECT_EQ(SECSuccess,
+            SSL_ExportEarlyKeyingMaterial(
+                server_->ssl_fd(), kExporterLabel, strlen(kExporterLabel),
+                kExporterContext, sizeof(kExporterContext), server_value,
+                sizeof(server_value)));
+  EXPECT_EQ(0, memcmp(client_value, server_value, sizeof(client_value)));
+
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+  SendReceive();
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_extension_unittest.cc b/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
new file mode 100644
index 0000000..293878d
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -0,0 +1,1032 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "ssl3prot.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include <memory>
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+class TlsExtensionTruncator : public TlsExtensionFilter {
+ public:
+  TlsExtensionTruncator(uint16_t extension, size_t length)
+      : extension_(extension), length_(length) {}
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (extension_type != extension_) {
+      return KEEP;
+    }
+    if (input.len() <= length_) {
+      return KEEP;
+    }
+
+    output->Assign(input.data(), length_);
+    return CHANGE;
+  }
+
+ private:
+  uint16_t extension_;
+  size_t length_;
+};
+
+class TlsExtensionDamager : public TlsExtensionFilter {
+ public:
+  TlsExtensionDamager(uint16_t extension, size_t index)
+      : extension_(extension), index_(index) {}
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (extension_type != extension_) {
+      return KEEP;
+    }
+
+    *output = input;
+    output->data()[index_] += 73;  // Increment selected for maximum damage
+    return CHANGE;
+  }
+
+ private:
+  uint16_t extension_;
+  size_t index_;
+};
+
+class TlsExtensionInjector : public TlsHandshakeFilter {
+ public:
+  TlsExtensionInjector(uint16_t ext, DataBuffer& data)
+      : extension_(ext), data_(data) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    size_t offset;
+    if (header.handshake_type() == kTlsHandshakeClientHello) {
+      TlsParser parser(input);
+      if (!TlsExtensionFilter::FindClientHelloExtensions(&parser, header)) {
+        return KEEP;
+      }
+      offset = parser.consumed();
+    } else if (header.handshake_type() == kTlsHandshakeServerHello) {
+      TlsParser parser(input);
+      if (!TlsExtensionFilter::FindServerHelloExtensions(&parser)) {
+        return KEEP;
+      }
+      offset = parser.consumed();
+    } else {
+      return KEEP;
+    }
+
+    *output = input;
+
+    // Increase the size of the extensions.
+    uint16_t ext_len;
+    memcpy(&ext_len, output->data() + offset, sizeof(ext_len));
+    ext_len = htons(ntohs(ext_len) + data_.len() + 4);
+    memcpy(output->data() + offset, &ext_len, sizeof(ext_len));
+
+    // Insert the extension type and length.
+    DataBuffer type_length;
+    type_length.Allocate(4);
+    type_length.Write(0, extension_, 2);
+    type_length.Write(2, data_.len(), 2);
+    output->Splice(type_length, offset + 2);
+
+    // Insert the payload.
+    if (data_.len() > 0) {
+      output->Splice(data_, offset + 6);
+    }
+
+    return CHANGE;
+  }
+
+ private:
+  const uint16_t extension_;
+  const DataBuffer data_;
+};
+
+class TlsExtensionAppender : public TlsHandshakeFilter {
+ public:
+  TlsExtensionAppender(uint16_t ext, DataBuffer& data)
+      : extension_(ext), data_(data) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    size_t offset;
+    TlsParser parser(input);
+    if (header.handshake_type() == kTlsHandshakeClientHello) {
+      if (!TlsExtensionFilter::FindClientHelloExtensions(&parser, header)) {
+        return KEEP;
+      }
+    } else if (header.handshake_type() == kTlsHandshakeServerHello) {
+      if (!TlsExtensionFilter::FindServerHelloExtensions(&parser)) {
+        return KEEP;
+      }
+    } else {
+      return KEEP;
+    }
+    offset = parser.consumed();
+    *output = input;
+
+    uint32_t ext_len;
+    if (!parser.Read(&ext_len, 2)) {
+      ADD_FAILURE();
+      return KEEP;
+    }
+
+    ext_len += 4 + data_.len();
+    output->Write(offset, ext_len, 2);
+
+    offset = output->len();
+    offset = output->Write(offset, extension_, 2);
+    WriteVariable(output, offset, data_, 2);
+
+    return CHANGE;
+  }
+
+ private:
+  const uint16_t extension_;
+  const DataBuffer data_;
+};
+
+class TlsExtensionTestBase : public TlsConnectTestBase {
+ protected:
+  TlsExtensionTestBase(Mode mode, uint16_t version)
+      : TlsConnectTestBase(mode, version) {}
+  TlsExtensionTestBase(const std::string& mode, uint16_t version)
+      : TlsConnectTestBase(mode, version) {}
+
+  void ClientHelloErrorTest(std::shared_ptr<PacketFilter> filter,
+                            uint8_t desc = kTlsAlertDecodeError) {
+    SSLAlert alert;
+
+    auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+    server_->SetPacketFilter(alert_recorder);
+    client_->SetPacketFilter(filter);
+    ConnectExpectFail();
+
+    EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+    EXPECT_EQ(desc, alert_recorder->description());
+
+    // verify no alerts received by the server
+    EXPECT_EQ(0U, server_->alert_received_count());
+
+    // verify the alert sent by the server
+    EXPECT_EQ(1U, server_->alert_sent_count());
+    EXPECT_TRUE(server_->GetLastAlertSent(&alert));
+    EXPECT_EQ(kTlsAlertFatal, alert.level);
+    EXPECT_EQ(desc, alert.description);
+
+    // verify the alert received by the client
+    EXPECT_EQ(1U, client_->alert_received_count());
+    EXPECT_TRUE(client_->GetLastAlertReceived(&alert));
+    EXPECT_EQ(kTlsAlertFatal, alert.level);
+    EXPECT_EQ(desc, alert.description);
+
+    // verify no alerts sent by the client
+    EXPECT_EQ(0U, client_->alert_sent_count());
+  }
+
+  void ServerHelloErrorTest(std::shared_ptr<PacketFilter> filter,
+                            uint8_t desc = kTlsAlertDecodeError) {
+    SSLAlert alert;
+
+    auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+    client_->SetPacketFilter(alert_recorder);
+    server_->SetPacketFilter(filter);
+    ConnectExpectFail();
+
+    EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+    EXPECT_EQ(desc, alert_recorder->description());
+
+    // verify no alerts received by the client
+    EXPECT_EQ(0U, client_->alert_received_count());
+
+    // verify the alert sent by the client
+    EXPECT_EQ(1U, client_->alert_sent_count());
+    EXPECT_TRUE(client_->GetLastAlertSent(&alert));
+    EXPECT_EQ(kTlsAlertFatal, alert.level);
+    EXPECT_EQ(desc, alert.description);
+
+    // verify the alert received by the server
+    EXPECT_EQ(1U, server_->alert_received_count());
+    EXPECT_TRUE(server_->GetLastAlertReceived(&alert));
+    EXPECT_EQ(kTlsAlertFatal, alert.level);
+    EXPECT_EQ(desc, alert.description);
+
+    // verify no alerts sent by the server
+    EXPECT_EQ(0U, server_->alert_sent_count());
+  }
+
+  static void InitSimpleSni(DataBuffer* extension) {
+    const char* name = "host.name";
+    const size_t namelen = PL_strlen(name);
+    extension->Allocate(namelen + 5);
+    extension->Write(0, namelen + 3, 2);
+    extension->Write(2, static_cast<uint32_t>(0), 1);  // 0 == hostname
+    extension->Write(3, namelen, 2);
+    extension->Write(5, reinterpret_cast<const uint8_t*>(name), namelen);
+  }
+
+  void HrrThenRemoveExtensionsTest(SSLExtensionType type, PRInt32 client_error,
+                                   PRInt32 server_error) {
+    static const std::vector<SSLNamedGroup> client_groups = {
+        ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
+    static const std::vector<SSLNamedGroup> server_groups = {
+        ssl_grp_ec_curve25519, ssl_grp_ec_secp384r1};
+    client_->ConfigNamedGroups(client_groups);
+    server_->ConfigNamedGroups(server_groups);
+    EnsureTlsSetup();
+    client_->StartConnect();
+    server_->StartConnect();
+    client_->Handshake();  // Send ClientHello
+    server_->Handshake();  // Send HRR.
+    client_->SetPacketFilter(std::make_shared<TlsExtensionDropper>(type));
+    Handshake();
+    client_->CheckErrorCode(client_error);
+    server_->CheckErrorCode(server_error);
+  }
+};
+
+class TlsExtensionTestDtls : public TlsExtensionTestBase,
+                             public ::testing::WithParamInterface<uint16_t> {
+ public:
+  TlsExtensionTestDtls() : TlsExtensionTestBase(DGRAM, GetParam()) {}
+};
+
+class TlsExtensionTest12Plus
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTest12Plus()
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
+};
+
+class TlsExtensionTest12
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTest12()
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
+};
+
+class TlsExtensionTest13 : public TlsExtensionTestBase,
+                           public ::testing::WithParamInterface<std::string> {
+ public:
+  TlsExtensionTest13()
+      : TlsExtensionTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_3) {}
+
+  void ConnectWithBogusVersionList(const uint8_t* buf, size_t len) {
+    DataBuffer versions_buf(buf, len);
+    client_->SetPacketFilter(std::make_shared<TlsExtensionReplacer>(
+        ssl_tls13_supported_versions_xtn, versions_buf));
+    ConnectExpectFail();
+    client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+  }
+
+  void ConnectWithReplacementVersionList(uint16_t version) {
+    DataBuffer versions_buf;
+
+    size_t index = versions_buf.Write(0, 2, 1);
+    versions_buf.Write(index, version, 2);
+    client_->SetPacketFilter(std::make_shared<TlsExtensionReplacer>(
+        ssl_tls13_supported_versions_xtn, versions_buf));
+    ConnectExpectFail();
+  }
+};
+
+class TlsExtensionTest13Stream : public TlsExtensionTestBase {
+ public:
+  TlsExtensionTest13Stream()
+      : TlsExtensionTestBase(STREAM, SSL_LIBRARY_VERSION_TLS_1_3) {}
+};
+
+class TlsExtensionTestGeneric
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTestGeneric()
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
+};
+
+class TlsExtensionTestPre13
+    : public TlsExtensionTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsExtensionTestPre13()
+      : TlsExtensionTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {
+  }
+};
+
+TEST_P(TlsExtensionTestGeneric, DamageSniLength) {
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionDamager>(ssl_server_name_xtn, 1));
+}
+
+TEST_P(TlsExtensionTestGeneric, DamageSniHostLength) {
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionDamager>(ssl_server_name_xtn, 4));
+}
+
+TEST_P(TlsExtensionTestGeneric, TruncateSni) {
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionTruncator>(ssl_server_name_xtn, 7));
+}
+
+// A valid extension that appears twice will be reported as unsupported.
+TEST_P(TlsExtensionTestGeneric, RepeatSni) {
+  DataBuffer extension;
+  InitSimpleSni(&extension);
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionInjector>(ssl_server_name_xtn, extension),
+      kTlsAlertIllegalParameter);
+}
+
+// An SNI entry with zero length is considered invalid (strangely, not if it is
+// the last entry, which is probably a bug).
+TEST_P(TlsExtensionTestGeneric, BadSni) {
+  DataBuffer simple;
+  InitSimpleSni(&simple);
+  DataBuffer extension;
+  extension.Allocate(simple.len() + 3);
+  extension.Write(0, static_cast<uint32_t>(0), 3);
+  extension.Write(3, simple);
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionReplacer>(ssl_server_name_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, EmptySni) {
+  DataBuffer extension;
+  extension.Allocate(2);
+  extension.Write(0, static_cast<uint32_t>(0), 2);
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionReplacer>(ssl_server_name_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, EmptyAlpnExtension) {
+  EnableAlpn();
+  DataBuffer extension;
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+                           ssl_app_layer_protocol_xtn, extension),
+                       kTlsAlertIllegalParameter);
+}
+
+// An empty ALPN isn't considered bad, though it does lead to there being no
+// protocol for the server to select.
+TEST_P(TlsExtensionTestGeneric, EmptyAlpnList) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+                           ssl_app_layer_protocol_xtn, extension),
+                       kTlsAlertNoApplicationProtocol);
+}
+
+TEST_P(TlsExtensionTestGeneric, OneByteAlpn) {
+  EnableAlpn();
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionTruncator>(ssl_app_layer_protocol_xtn, 1));
+}
+
+TEST_P(TlsExtensionTestGeneric, AlpnMissingValue) {
+  EnableAlpn();
+  // This will leave the length of the second entry, but no value.
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionTruncator>(ssl_app_layer_protocol_xtn, 5));
+}
+
+TEST_P(TlsExtensionTestGeneric, AlpnZeroLength) {
+  EnableAlpn();
+  const uint8_t val[] = {0x01, 0x61, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, AlpnMismatch) {
+  const uint8_t client_alpn[] = {0x01, 0x61};
+  client_->EnableAlpn(client_alpn, sizeof(client_alpn));
+  const uint8_t server_alpn[] = {0x02, 0x61, 0x62};
+  server_->EnableAlpn(server_alpn, sizeof(server_alpn));
+
+  ClientHelloErrorTest(nullptr, kTlsAlertNoApplicationProtocol);
+}
+
+// Many of these tests fail in TLS 1.3 because the extension is encrypted, which
+// prevents modification of the value from the ServerHello.
+TEST_P(TlsExtensionTestPre13, AlpnReturnedEmptyList) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedEmptyName) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x01, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedListTrailingData) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x02, 0x01, 0x61, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedExtraEntry) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x04, 0x01, 0x61, 0x01, 0x62};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedBadListLength) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x99, 0x01, 0x61, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, AlpnReturnedBadNameLength) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x02, 0x99, 0x61};
+  DataBuffer extension(val, sizeof(val));
+  ServerHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestDtls, SrtpShort) {
+  EnableSrtp();
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionTruncator>(ssl_use_srtp_xtn, 3));
+}
+
+TEST_P(TlsExtensionTestDtls, SrtpOdd) {
+  EnableSrtp();
+  const uint8_t val[] = {0x00, 0x01, 0xff, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionReplacer>(ssl_use_srtp_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsBadLength) {
+  const uint8_t val[] = {0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsTrailingData) {
+  const uint8_t val[] = {0x00, 0x02, 0x04, 0x01, 0x00};  // sha-256, rsa
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsEmpty) {
+  const uint8_t val[] = {0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsOddLength) {
+  const uint8_t val[] = {0x00, 0x01, 0x04};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_signature_algorithms_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, NoSupportedGroups) {
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionDropper>(ssl_supported_groups_xtn),
+      version_ < SSL_LIBRARY_VERSION_TLS_1_3 ? kTlsAlertDecryptError
+                                             : kTlsAlertMissingExtension);
+}
+
+TEST_P(TlsExtensionTestGeneric, SupportedCurvesShort) {
+  const uint8_t val[] = {0x00, 0x01, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_elliptic_curves_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, SupportedCurvesBadLength) {
+  const uint8_t val[] = {0x09, 0x99, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_elliptic_curves_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, SupportedCurvesTrailingData) {
+  const uint8_t val[] = {0x00, 0x02, 0x00, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_elliptic_curves_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, SupportedPointsEmpty) {
+  const uint8_t val[] = {0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_ec_point_formats_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, SupportedPointsBadLength) {
+  const uint8_t val[] = {0x99, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_ec_point_formats_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, SupportedPointsTrailingData) {
+  const uint8_t val[] = {0x01, 0x00, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_ec_point_formats_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, RenegotiationInfoBadLength) {
+  const uint8_t val[] = {0x99};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_renegotiation_info_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestPre13, RenegotiationInfoMismatch) {
+  const uint8_t val[] = {0x01, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_renegotiation_info_xtn, extension));
+}
+
+// The extension has to contain a length.
+TEST_P(TlsExtensionTestPre13, RenegotiationInfoExtensionEmpty) {
+  DataBuffer extension;
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      ssl_renegotiation_info_xtn, extension));
+}
+
+// This only works on TLS 1.2, since it relies on static RSA; otherwise libssl
+// picks the wrong cipher suite.
+TEST_P(TlsExtensionTest12, SignatureAlgorithmConfiguration) {
+  const SSLSignatureScheme schemes[] = {ssl_sig_rsa_pss_sha512,
+                                        ssl_sig_rsa_pss_sha384};
+
+  auto capture =
+      std::make_shared<TlsExtensionCapture>(ssl_signature_algorithms_xtn);
+  client_->SetSignatureSchemes(schemes, PR_ARRAY_SIZE(schemes));
+  client_->SetPacketFilter(capture);
+  EnableOnlyStaticRsaCiphers();
+  Connect();
+
+  const DataBuffer& ext = capture->extension();
+  EXPECT_EQ(2 + PR_ARRAY_SIZE(schemes) * 2, ext.len());
+  for (size_t i = 0, cursor = 2;
+       i < PR_ARRAY_SIZE(schemes) && cursor < ext.len(); ++i) {
+    uint32_t v = 0;
+    EXPECT_TRUE(ext.Read(cursor, 2, &v));
+    cursor += 2;
+    EXPECT_EQ(schemes[i], static_cast<SSLSignatureScheme>(v));
+  }
+}
+
+// Temporary test to verify that we choke on an empty ClientKeyShare.
+// This test will fail when we implement HelloRetryRequest.
+TEST_P(TlsExtensionTest13, EmptyClientKeyShare) {
+  ClientHelloErrorTest(
+      std::make_shared<TlsExtensionTruncator>(ssl_tls13_key_share_xtn, 2),
+      kTlsAlertHandshakeFailure);
+}
+
+// These tests only work in stream mode because the client sends a
+// cleartext alert which causes a MAC error on the server. With
+// stream this causes handshake failure but with datagram, the
+// packet gets dropped.
+TEST_F(TlsExtensionTest13Stream, DropServerKeyShare) {
+  EnsureTlsSetup();
+  server_->SetPacketFilter(
+      std::make_shared<TlsExtensionDropper>(ssl_tls13_key_share_xtn));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_MISSING_KEY_SHARE, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
+}
+
+TEST_F(TlsExtensionTest13Stream, WrongServerKeyShare) {
+  const uint16_t wrong_group = ssl_grp_ec_secp384r1;
+
+  static const uint8_t key_share[] = {
+      wrong_group >> 8,
+      wrong_group & 0xff,  // Group we didn't offer.
+      0x00,
+      0x02,  // length = 2
+      0x01,
+      0x02};
+  DataBuffer buf(key_share, sizeof(key_share));
+  EnsureTlsSetup();
+  server_->SetPacketFilter(
+      std::make_shared<TlsExtensionReplacer>(ssl_tls13_key_share_xtn, buf));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_KEY_SHARE, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
+}
+
+// TODO(ekr@rtfm.com): This is the wrong error code. See bug 1307269.
+TEST_F(TlsExtensionTest13Stream, UnknownServerKeyShare) {
+  const uint16_t wrong_group = 0xffff;
+
+  static const uint8_t key_share[] = {
+      wrong_group >> 8,
+      wrong_group & 0xff,  // Group we didn't offer.
+      0x00,
+      0x02,  // length = 2
+      0x01,
+      0x02};
+  DataBuffer buf(key_share, sizeof(key_share));
+  EnsureTlsSetup();
+  server_->SetPacketFilter(
+      std::make_shared<TlsExtensionReplacer>(ssl_tls13_key_share_xtn, buf));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_MISSING_KEY_SHARE, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
+}
+
+TEST_F(TlsExtensionTest13Stream, AddServerSignatureAlgorithmsOnResumption) {
+  SetupForResume();
+  DataBuffer empty;
+  server_->SetPacketFilter(std::make_shared<TlsExtensionInjector>(
+      ssl_signature_algorithms_xtn, empty));
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
+}
+
+struct PskIdentity {
+  DataBuffer identity;
+  uint32_t obfuscated_ticket_age;
+};
+
+class TlsPreSharedKeyReplacer;
+
+typedef std::function<void(TlsPreSharedKeyReplacer*)>
+    TlsPreSharedKeyReplacerFunc;
+
+class TlsPreSharedKeyReplacer : public TlsExtensionFilter {
+ public:
+  TlsPreSharedKeyReplacer(TlsPreSharedKeyReplacerFunc function)
+      : identities_(), binders_(), function_(function) {}
+
+  static size_t CopyAndMaybeReplace(TlsParser* parser, size_t size,
+                                    const std::unique_ptr<DataBuffer>& replace,
+                                    size_t index, DataBuffer* output) {
+    DataBuffer tmp;
+    bool ret = parser->ReadVariable(&tmp, size);
+    EXPECT_EQ(true, ret);
+    if (!ret) return 0;
+    if (replace) {
+      tmp = *replace;
+    }
+
+    return WriteVariable(output, index, tmp, size);
+  }
+
+  PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) {
+    if (extension_type != ssl_tls13_pre_shared_key_xtn) {
+      return KEEP;
+    }
+
+    if (!Decode(input)) {
+      return KEEP;
+    }
+
+    // Call the function.
+    function_(this);
+
+    Encode(output);
+
+    return CHANGE;
+  }
+
+  std::vector<PskIdentity> identities_;
+  std::vector<DataBuffer> binders_;
+
+ private:
+  bool Decode(const DataBuffer& input) {
+    std::unique_ptr<TlsParser> parser(new TlsParser(input));
+    DataBuffer identities;
+
+    if (!parser->ReadVariable(&identities, 2)) {
+      ADD_FAILURE();
+      return false;
+    }
+
+    DataBuffer binders;
+    if (!parser->ReadVariable(&binders, 2)) {
+      ADD_FAILURE();
+      return false;
+    }
+    EXPECT_EQ(0UL, parser->remaining());
+
+    // Now parse the inner sections.
+    parser.reset(new TlsParser(identities));
+    while (parser->remaining()) {
+      PskIdentity identity;
+
+      if (!parser->ReadVariable(&identity.identity, 2)) {
+        ADD_FAILURE();
+        return false;
+      }
+
+      if (!parser->Read(&identity.obfuscated_ticket_age, 4)) {
+        ADD_FAILURE();
+        return false;
+      }
+
+      identities_.push_back(identity);
+    }
+
+    parser.reset(new TlsParser(binders));
+    while (parser->remaining()) {
+      DataBuffer binder;
+
+      if (!parser->ReadVariable(&binder, 1)) {
+        ADD_FAILURE();
+        return false;
+      }
+
+      binders_.push_back(binder);
+    }
+
+    return true;
+  }
+
+  void Encode(DataBuffer* output) {
+    DataBuffer identities;
+    size_t index = 0;
+    for (auto id : identities_) {
+      index = WriteVariable(&identities, index, id.identity, 2);
+      index = identities.Write(index, id.obfuscated_ticket_age, 4);
+    }
+
+    DataBuffer binders;
+    index = 0;
+    for (auto binder : binders_) {
+      index = WriteVariable(&binders, index, binder, 1);
+    }
+
+    output->Truncate(0);
+    index = 0;
+    index = WriteVariable(output, index, identities, 2);
+    index = WriteVariable(output, index, binders, 2);
+  }
+
+  TlsPreSharedKeyReplacerFunc function_;
+};
+
+TEST_F(TlsExtensionTest13Stream, ResumeEmptyPskLabel) {
+  SetupForResume();
+
+  client_->SetPacketFilter(std::make_shared<TlsPreSharedKeyReplacer>([](
+      TlsPreSharedKeyReplacer* r) { r->identities_[0].identity.Truncate(0); }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+}
+
+// Flip the first byte of the binder.
+TEST_F(TlsExtensionTest13Stream, ResumeIncorrectBinderValue) {
+  SetupForResume();
+
+  client_->SetPacketFilter(
+      std::make_shared<TlsPreSharedKeyReplacer>([](TlsPreSharedKeyReplacer* r) {
+        r->binders_[0].Write(0, r->binders_[0].data()[0] ^ 0xff, 1);
+      }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+}
+
+// Extend the binder by one.
+TEST_F(TlsExtensionTest13Stream, ResumeIncorrectBinderLength) {
+  SetupForResume();
+
+  client_->SetPacketFilter(
+      std::make_shared<TlsPreSharedKeyReplacer>([](TlsPreSharedKeyReplacer* r) {
+        r->binders_[0].Write(r->binders_[0].len(), 0xff, 1);
+      }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+}
+
+// Binders must be at least 32 bytes.
+TEST_F(TlsExtensionTest13Stream, ResumeBinderTooShort) {
+  SetupForResume();
+
+  client_->SetPacketFilter(std::make_shared<TlsPreSharedKeyReplacer>(
+      [](TlsPreSharedKeyReplacer* r) { r->binders_[0].Truncate(31); }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+}
+
+// Duplicate the identity and binder. This will fail with an error
+// processing the binder (because we extended the identity list.)
+TEST_F(TlsExtensionTest13Stream, ResumeTwoPsks) {
+  SetupForResume();
+
+  client_->SetPacketFilter(
+      std::make_shared<TlsPreSharedKeyReplacer>([](TlsPreSharedKeyReplacer* r) {
+        r->identities_.push_back(r->identities_[0]);
+        r->binders_.push_back(r->binders_[0]);
+      }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+}
+
+// The next two tests have mismatches in the number of identities
+// and binders. This generates an illegal parameter alert.
+TEST_F(TlsExtensionTest13Stream, ResumeTwoIdentitiesOneBinder) {
+  SetupForResume();
+
+  client_->SetPacketFilter(
+      std::make_shared<TlsPreSharedKeyReplacer>([](TlsPreSharedKeyReplacer* r) {
+        r->identities_.push_back(r->identities_[0]);
+      }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+}
+
+TEST_F(TlsExtensionTest13Stream, ResumeOneIdentityTwoBinders) {
+  SetupForResume();
+
+  client_->SetPacketFilter(std::make_shared<TlsPreSharedKeyReplacer>([](
+      TlsPreSharedKeyReplacer* r) { r->binders_.push_back(r->binders_[0]); }));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+}
+
+TEST_F(TlsExtensionTest13Stream, ResumePskExtensionNotLast) {
+  SetupForResume();
+
+  const uint8_t empty_buf[] = {0};
+  DataBuffer empty(empty_buf, 0);
+  client_->SetPacketFilter(
+      // Inject an unused extension.
+      std::make_shared<TlsExtensionAppender>(0xffff, empty));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+}
+
+TEST_F(TlsExtensionTest13Stream, ResumeNoKeModes) {
+  SetupForResume();
+
+  DataBuffer empty;
+  client_->SetPacketFilter(std::make_shared<TlsExtensionDropper>(
+      ssl_tls13_psk_key_exchange_modes_xtn));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES);
+}
+
+// The following test contains valid but unacceptable PreSharedKey
+// modes and therefore produces non-resumption followed by MAC
+// errors.
+TEST_F(TlsExtensionTest13Stream, ResumeBogusKeModes) {
+  SetupForResume();
+  const static uint8_t ke_modes[] = {1,  // Length
+                                     kTls13PskKe};
+
+  DataBuffer modes(ke_modes, sizeof(ke_modes));
+  client_->SetPacketFilter(std::make_shared<TlsExtensionReplacer>(
+      ssl_tls13_psk_key_exchange_modes_xtn, modes));
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+}
+
+TEST_P(TlsExtensionTest13, NoKeModesIfResumptionOff) {
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  auto capture = std::make_shared<TlsExtensionCapture>(
+      ssl_tls13_psk_key_exchange_modes_xtn);
+  client_->SetPacketFilter(capture);
+  Connect();
+  EXPECT_FALSE(capture->captured());
+}
+
+// In these tests, we downgrade to TLS 1.2, causing the
+// server to negotiate TLS 1.2.
+// 1. Both sides only support TLS 1.3, so we get a cipher version
+//    error.
+TEST_P(TlsExtensionTest13, RemoveTls13FromVersionList) {
+  ConnectWithReplacementVersionList(SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+}
+
+// 2. Server supports 1.2 and 1.3, client supports 1.2, so we
+//    can't negotiate any ciphers.
+TEST_P(TlsExtensionTest13, RemoveTls13FromVersionListServerV12) {
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConnectWithReplacementVersionList(SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+// 3. Server supports 1.2 and 1.3, client supports 1.2 and 1.3
+// but advertises 1.2 (because we changed things).
+TEST_P(TlsExtensionTest13, RemoveTls13FromVersionListBothV12) {
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConnectWithReplacementVersionList(SSL_LIBRARY_VERSION_TLS_1_2);
+#ifndef TLS_1_3_DRAFT_VERSION
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+#else
+  client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+#endif
+}
+
+TEST_P(TlsExtensionTest13, HrrThenRemoveSignatureAlgorithms) {
+  HrrThenRemoveExtensionsTest(ssl_signature_algorithms_xtn,
+                              SSL_ERROR_MISSING_EXTENSION_ALERT,
+                              SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION);
+}
+
+TEST_P(TlsExtensionTest13, HrrThenRemoveKeyShare) {
+  HrrThenRemoveExtensionsTest(ssl_tls13_key_share_xtn,
+                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT,
+                              SSL_ERROR_BAD_2ND_CLIENT_HELLO);
+}
+
+TEST_P(TlsExtensionTest13, HrrThenRemoveSupportedGroups) {
+  HrrThenRemoveExtensionsTest(ssl_supported_groups_xtn,
+                              SSL_ERROR_MISSING_EXTENSION_ALERT,
+                              SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION);
+}
+
+TEST_P(TlsExtensionTest13, EmptyVersionList) {
+  static const uint8_t ext[] = {0x00, 0x00};
+  ConnectWithBogusVersionList(ext, sizeof(ext));
+}
+
+TEST_P(TlsExtensionTest13, OddVersionList) {
+  static const uint8_t ext[] = {0x00, 0x01, 0x00};
+  ConnectWithBogusVersionList(ext, sizeof(ext));
+}
+
+INSTANTIATE_TEST_CASE_P(ExtensionStream, TlsExtensionTestGeneric,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsVAll));
+INSTANTIATE_TEST_CASE_P(ExtensionDatagram, TlsExtensionTestGeneric,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11Plus));
+INSTANTIATE_TEST_CASE_P(ExtensionDatagramOnly, TlsExtensionTestDtls,
+                        TlsConnectTestBase::kTlsV11Plus);
+
+INSTANTIATE_TEST_CASE_P(ExtensionTls12Plus, TlsExtensionTest12Plus,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV12Plus));
+
+INSTANTIATE_TEST_CASE_P(ExtensionPre13Stream, TlsExtensionTestPre13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10ToV12));
+INSTANTIATE_TEST_CASE_P(ExtensionPre13Datagram, TlsExtensionTestPre13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11V12));
+
+INSTANTIATE_TEST_CASE_P(ExtensionTls13, TlsExtensionTest13,
+                        TlsConnectTestBase::kTlsModesAll);
+
+}  // namespace nspr_test
diff --git a/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc b/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
new file mode 100644
index 0000000..44cacce
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_fragment_unittest.cc
@@ -0,0 +1,157 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+// This class cuts every unencrypted handshake record into two parts.
+class RecordFragmenter : public PacketFilter {
+ public:
+  RecordFragmenter() : sequence_number_(0), splitting_(true) {}
+
+ private:
+  class HandshakeSplitter {
+   public:
+    HandshakeSplitter(const DataBuffer& input, DataBuffer* output,
+                      uint64_t* sequence_number)
+        : input_(input),
+          output_(output),
+          cursor_(0),
+          sequence_number_(sequence_number) {}
+
+   private:
+    void WriteRecord(TlsRecordHeader& record_header,
+                     DataBuffer& record_fragment) {
+      TlsRecordHeader fragment_header(record_header.version(),
+                                      record_header.content_type(),
+                                      *sequence_number_);
+      ++*sequence_number_;
+      if (::g_ssl_gtest_verbose) {
+        std::cerr << "Fragment: " << fragment_header << ' ' << record_fragment
+                  << std::endl;
+      }
+      cursor_ = fragment_header.Write(output_, cursor_, record_fragment);
+    }
+
+    bool SplitRecord(TlsRecordHeader& record_header, DataBuffer& record) {
+      TlsParser parser(record);
+      while (parser.remaining()) {
+        TlsHandshakeFilter::HandshakeHeader handshake_header;
+        DataBuffer handshake_body;
+        if (!handshake_header.Parse(&parser, record_header, &handshake_body)) {
+          ADD_FAILURE() << "couldn't parse handshake header";
+          return false;
+        }
+
+        DataBuffer record_fragment;
+        // We can't fragment handshake records that are too small.
+        if (handshake_body.len() < 2) {
+          handshake_header.Write(&record_fragment, 0U, handshake_body);
+          WriteRecord(record_header, record_fragment);
+          continue;
+        }
+
+        size_t cut = handshake_body.len() / 2;
+        handshake_header.WriteFragment(&record_fragment, 0U, handshake_body, 0U,
+                                       cut);
+        WriteRecord(record_header, record_fragment);
+
+        handshake_header.WriteFragment(&record_fragment, 0U, handshake_body,
+                                       cut, handshake_body.len() - cut);
+        WriteRecord(record_header, record_fragment);
+      }
+      return true;
+    }
+
+   public:
+    bool Split() {
+      TlsParser parser(input_);
+      while (parser.remaining()) {
+        TlsRecordHeader header;
+        DataBuffer record;
+        if (!header.Parse(&parser, &record)) {
+          ADD_FAILURE() << "bad record header";
+          return false;
+        }
+
+        if (::g_ssl_gtest_verbose) {
+          std::cerr << "Record: " << header << ' ' << record << std::endl;
+        }
+
+        // Don't touch packets from a non-zero epoch.  Leave these unmodified.
+        if ((header.sequence_number() >> 48) != 0ULL) {
+          cursor_ = header.Write(output_, cursor_, record);
+          continue;
+        }
+
+        // Just rewrite the sequence number (CCS only).
+        if (header.content_type() != kTlsHandshakeType) {
+          EXPECT_EQ(kTlsChangeCipherSpecType, header.content_type());
+          WriteRecord(header, record);
+          continue;
+        }
+
+        if (!SplitRecord(header, record)) {
+          return false;
+        }
+      }
+      return true;
+    }
+
+   private:
+    const DataBuffer& input_;
+    DataBuffer* output_;
+    size_t cursor_;
+    uint64_t* sequence_number_;
+  };
+
+ protected:
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output) override {
+    if (!splitting_) {
+      return KEEP;
+    }
+
+    output->Allocate(input.len());
+    HandshakeSplitter splitter(input, output, &sequence_number_);
+    if (!splitter.Split()) {
+      // If splitting fails, we obviously reached encrypted packets.
+      // Stop splitting from that point onward.
+      splitting_ = false;
+      return KEEP;
+    }
+
+    return CHANGE;
+  }
+
+ private:
+  uint64_t sequence_number_;
+  bool splitting_;
+};
+
+TEST_P(TlsConnectDatagram, FragmentClientPackets) {
+  client_->SetPacketFilter(std::make_shared<RecordFragmenter>());
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectDatagram, FragmentServerPackets) {
+  server_->SetPacketFilter(std::make_shared<RecordFragmenter>());
+  Connect();
+  SendReceive();
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc b/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
new file mode 100644
index 0000000..aa6a9cf
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
@@ -0,0 +1,229 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "blapi.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "tls_connect.h"
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+#ifdef UNSAFE_FUZZER_MODE
+#define FUZZ_F(c, f) TEST_F(c, Fuzz_##f)
+#define FUZZ_P(c, f) TEST_P(c, Fuzz_##f)
+#else
+#define FUZZ_F(c, f) TEST_F(c, DISABLED_Fuzz_##f)
+#define FUZZ_P(c, f) TEST_P(c, DISABLED_Fuzz_##f)
+// RNG_ResetForFuzzing() isn't exported from the shared libraries, rather than
+// fail to link to it, make it fail (we're not running it anyway).
+#define RNG_ResetForFuzzing() SECFailure
+#endif
+
+const uint8_t kShortEmptyFinished[8] = {0};
+const uint8_t kLongEmptyFinished[128] = {0};
+
+class TlsFuzzTest : public ::testing::Test {};
+
+// Record the application data stream.
+class TlsApplicationDataRecorder : public TlsRecordFilter {
+ public:
+  TlsApplicationDataRecorder() : buffer_() {}
+
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& input,
+                                            DataBuffer* output) {
+    if (header.content_type() == kTlsApplicationDataType) {
+      buffer_.Append(input);
+    }
+
+    return KEEP;
+  }
+
+  const DataBuffer& buffer() const { return buffer_; }
+
+ private:
+  DataBuffer buffer_;
+};
+
+// Damages an SKE or CV signature.
+class TlsSignatureDamager : public TlsHandshakeFilter {
+ public:
+  TlsSignatureDamager(uint8_t type) : type_(type) {}
+  virtual PacketFilter::Action FilterHandshake(
+      const TlsHandshakeFilter::HandshakeHeader& header,
+      const DataBuffer& input, DataBuffer* output) {
+    if (header.handshake_type() != type_) {
+      return KEEP;
+    }
+
+    *output = input;
+
+    // Modify the last byte of the signature.
+    output->data()[output->len() - 1]++;
+    return CHANGE;
+  }
+
+ private:
+  uint8_t type_;
+};
+
+// Ensure that ssl_Time() returns a constant value.
+FUZZ_F(TlsFuzzTest, SSL_Time_Constant) {
+  PRUint32 now = ssl_Time();
+  PR_Sleep(PR_SecondsToInterval(2));
+  EXPECT_EQ(ssl_Time(), now);
+}
+
+// Check that due to the deterministic PRNG we derive
+// the same master secret in two consecutive TLS sessions.
+FUZZ_P(TlsConnectGeneric, DeterministicExporter) {
+  const char kLabel[] = "label";
+  std::vector<unsigned char> out1(32), out2(32);
+
+  // Make sure we have RSA blinding params.
+  Connect();
+
+  Reset();
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  DisableECDHEServerKeyReuse();
+
+  // Reset the RNG state.
+  EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing());
+  Connect();
+
+  // Export a key derived from the MS and nonces.
+  SECStatus rv =
+      SSL_ExportKeyingMaterial(client_->ssl_fd(), kLabel, strlen(kLabel), false,
+                               NULL, 0, out1.data(), out1.size());
+  EXPECT_EQ(SECSuccess, rv);
+
+  Reset();
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  DisableECDHEServerKeyReuse();
+
+  // Reset the RNG state.
+  EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing());
+  Connect();
+
+  // Export another key derived from the MS and nonces.
+  rv = SSL_ExportKeyingMaterial(client_->ssl_fd(), kLabel, strlen(kLabel),
+                                false, NULL, 0, out2.data(), out2.size());
+  EXPECT_EQ(SECSuccess, rv);
+
+  // The two exported keys should be the same.
+  EXPECT_EQ(out1, out2);
+}
+
+// Check that due to the deterministic RNG two consecutive
+// TLS sessions will have the exact same transcript.
+FUZZ_P(TlsConnectGeneric, DeterministicTranscript) {
+  // Make sure we have RSA blinding params.
+  Connect();
+
+  // Connect a few times and compare the transcripts byte-by-byte.
+  DataBuffer last;
+  for (size_t i = 0; i < 5; i++) {
+    Reset();
+    ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+    DisableECDHEServerKeyReuse();
+
+    DataBuffer buffer;
+    client_->SetPacketFilter(std::make_shared<TlsConversationRecorder>(buffer));
+    server_->SetPacketFilter(std::make_shared<TlsConversationRecorder>(buffer));
+
+    // Reset the RNG state.
+    EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing());
+    Connect();
+
+    // Ensure the filters go away before |buffer| does.
+    client_->DeletePacketFilter();
+    server_->DeletePacketFilter();
+
+    if (last.len() > 0) {
+      EXPECT_EQ(last, buffer);
+    }
+
+    last = buffer;
+  }
+}
+
+// Check that we can establish and use a connection
+// with all supported TLS versions, STREAM and DGRAM.
+// Check that records are NOT encrypted.
+// Check that records don't have a MAC.
+FUZZ_P(TlsConnectGeneric, ConnectSendReceive_NullCipher) {
+  EnsureTlsSetup();
+
+  // Set up app data filters.
+  auto client_recorder = std::make_shared<TlsApplicationDataRecorder>();
+  client_->SetPacketFilter(client_recorder);
+  auto server_recorder = std::make_shared<TlsApplicationDataRecorder>();
+  server_->SetPacketFilter(server_recorder);
+
+  Connect();
+
+  // Construct the plaintext.
+  DataBuffer buf;
+  buf.Allocate(50);
+  for (size_t i = 0; i < buf.len(); ++i) {
+    buf.data()[i] = i & 0xff;
+  }
+
+  // Send/Receive data.
+  client_->SendBuffer(buf);
+  server_->SendBuffer(buf);
+  Receive(buf.len());
+
+  // Check for plaintext on the wire.
+  EXPECT_EQ(buf, client_recorder->buffer());
+  EXPECT_EQ(buf, server_recorder->buffer());
+}
+
+// Check that an invalid Finished message doesn't abort the connection.
+FUZZ_P(TlsConnectGeneric, BogusClientFinished) {
+  EnsureTlsSetup();
+
+  auto i1 = std::make_shared<TlsInspectorReplaceHandshakeMessage>(
+      kTlsHandshakeFinished,
+      DataBuffer(kShortEmptyFinished, sizeof(kShortEmptyFinished)));
+  client_->SetPacketFilter(i1);
+  Connect();
+  SendReceive();
+}
+
+// Check that an invalid Finished message doesn't abort the connection.
+FUZZ_P(TlsConnectGeneric, BogusServerFinished) {
+  EnsureTlsSetup();
+
+  auto i1 = std::make_shared<TlsInspectorReplaceHandshakeMessage>(
+      kTlsHandshakeFinished,
+      DataBuffer(kLongEmptyFinished, sizeof(kLongEmptyFinished)));
+  server_->SetPacketFilter(i1);
+  Connect();
+  SendReceive();
+}
+
+// Check that an invalid server auth signature doesn't abort the connection.
+FUZZ_P(TlsConnectGeneric, BogusServerAuthSignature) {
+  EnsureTlsSetup();
+  uint8_t msg_type = version_ == SSL_LIBRARY_VERSION_TLS_1_3
+                         ? kTlsHandshakeCertificateVerify
+                         : kTlsHandshakeServerKeyExchange;
+  server_->SetPacketFilter(std::make_shared<TlsSignatureDamager>(msg_type));
+  Connect();
+  SendReceive();
+}
+
+// Check that an invalid client auth signature doesn't abort the connection.
+FUZZ_P(TlsConnectGeneric, BogusClientAuthSignature) {
+  EnsureTlsSetup();
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  client_->SetPacketFilter(
+      std::make_shared<TlsSignatureDamager>(kTlsHandshakeCertificateVerify));
+  Connect();
+}
+}
diff --git a/nss/gtests/ssl_gtest/ssl_gather_unittest.cc b/nss/gtests/ssl_gtest/ssl_gather_unittest.cc
new file mode 100644
index 0000000..f3a348d
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_gather_unittest.cc
@@ -0,0 +1,153 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+
+namespace nss_test {
+
+class GatherV2ClientHelloTest : public TlsConnectTestBase {
+ public:
+  GatherV2ClientHelloTest() : TlsConnectTestBase(STREAM, 0) {}
+
+  void ConnectExpectMalformedClientHello(const DataBuffer &data) {
+    EnsureTlsSetup();
+
+    auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+    server_->SetPacketFilter(alert_recorder);
+
+    client_->SendDirect(data);
+    server_->StartConnect();
+    server_->Handshake();
+    ASSERT_TRUE_WAIT(
+        (server_->error_code() == SSL_ERROR_RX_MALFORMED_CLIENT_HELLO), 2000);
+
+    EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+    EXPECT_EQ(illegal_parameter, alert_recorder->description());
+  }
+};
+
+// Gather a 5-byte v3 record, with a zero fragment length. The empty handshake
+// message should be ignored, and the connection will succeed afterwards.
+TEST_F(TlsConnectTest, GatherEmptyV3Record) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x16, 1);    // handshake
+  idx = buffer.Write(idx, 0x0301, 2);  // record_version
+  (void)buffer.Write(idx, 0U, 2);      // length=0
+
+  EnsureTlsSetup();
+  client_->SendDirect(buffer);
+  Connect();
+}
+
+// Gather a 5-byte v3 record, with a fragment length exceeding the maximum.
+TEST_F(TlsConnectTest, GatherExcessiveV3Record) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x16, 1);                            // handshake
+  idx = buffer.Write(idx, 0x0301, 2);                          // record_version
+  (void)buffer.Write(idx, MAX_FRAGMENT_LENGTH + 2048 + 1, 2);  // length=max+1
+
+  EnsureTlsSetup();
+  auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+  server_->SetPacketFilter(alert_recorder);
+  client_->SendDirect(buffer);
+  server_->StartConnect();
+  server_->Handshake();
+  ASSERT_TRUE_WAIT((server_->error_code() == SSL_ERROR_RX_RECORD_TOO_LONG),
+                   2000);
+
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(record_overflow, alert_recorder->description());
+}
+
+// Gather a 3-byte v2 header, with a fragment length of 2.
+TEST_F(GatherV2ClientHelloTest, GatherV2RecordLongHeader) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x0002, 2);  // length=2 (long header)
+  idx = buffer.Write(idx, 0U, 1);      // padding=0
+  (void)buffer.Write(idx, 0U, 2);      // data
+
+  ConnectExpectMalformedClientHello(buffer);
+}
+
+// Gather a 3-byte v2 header, with a fragment length of 1.
+TEST_F(GatherV2ClientHelloTest, GatherV2RecordLongHeader2) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x0001, 2);  // length=1 (long header)
+  idx = buffer.Write(idx, 0U, 1);      // padding=0
+  idx = buffer.Write(idx, 0U, 1);      // data
+  (void)buffer.Write(idx, 0U, 1);      // surplus (need 5 bytes total)
+
+  ConnectExpectMalformedClientHello(buffer);
+}
+
+// Gather a 3-byte v2 header, with a zero fragment length.
+TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordLongHeader) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0U, 2);  // length=0 (long header)
+  idx = buffer.Write(idx, 0U, 1);  // padding=0
+  (void)buffer.Write(idx, 0U, 2);  // surplus (need 5 bytes total)
+
+  ConnectExpectMalformedClientHello(buffer);
+}
+
+// Gather a 2-byte v2 header, with a fragment length of 3.
+TEST_F(GatherV2ClientHelloTest, GatherV2RecordShortHeader) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x8003, 2);  // length=3 (short header)
+  (void)buffer.Write(idx, 0U, 3);      // data
+
+  ConnectExpectMalformedClientHello(buffer);
+}
+
+// Gather a 2-byte v2 header, with a fragment length of 2.
+TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordShortHeader2) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x8002, 2);  // length=2 (short header)
+  idx = buffer.Write(idx, 0U, 2);      // data
+  (void)buffer.Write(idx, 0U, 1);      // surplus (need 5 bytes total)
+
+  ConnectExpectMalformedClientHello(buffer);
+}
+
+// Gather a 2-byte v2 header, with a fragment length of 1.
+TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordShortHeader3) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x8001, 2);  // length=1 (short header)
+  idx = buffer.Write(idx, 0U, 1);      // data
+  (void)buffer.Write(idx, 0U, 2);      // surplus (need 5 bytes total)
+
+  ConnectExpectMalformedClientHello(buffer);
+}
+
+// Gather a 2-byte v2 header, with a zero fragment length.
+TEST_F(GatherV2ClientHelloTest, GatherEmptyV2RecordShortHeader) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x8000, 2);  // length=0 (short header)
+  (void)buffer.Write(idx, 0U, 3);      // surplus (need 5 bytes total)
+
+  ConnectExpectMalformedClientHello(buffer);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_gtest.cc b/nss/gtests/ssl_gtest/ssl_gtest.cc
new file mode 100644
index 0000000..cd10076
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_gtest.cc
@@ -0,0 +1,50 @@
+#include "nspr.h"
+#include "nss.h"
+#include "prenv.h"
+#include "ssl.h"
+
+#include <cstdlib>
+
+#include "test_io.h"
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+std::string g_working_dir_path;
+bool g_ssl_gtest_verbose;
+
+int main(int argc, char** argv) {
+  // Start the tests
+  ::testing::InitGoogleTest(&argc, argv);
+  g_working_dir_path = ".";
+  g_ssl_gtest_verbose = false;
+
+  char* workdir = PR_GetEnvSecure("NSS_GTEST_WORKDIR");
+  if (workdir) g_working_dir_path = workdir;
+
+  for (int i = 0; i < argc; i++) {
+    if (!strcmp(argv[i], "-d")) {
+      g_working_dir_path = argv[i + 1];
+      ++i;
+    } else if (!strcmp(argv[i], "-v")) {
+      g_ssl_gtest_verbose = true;
+    }
+  }
+
+  if (NSS_Initialize(g_working_dir_path.c_str(), "", "", SECMOD_DB,
+                     NSS_INIT_READONLY) != SECSuccess) {
+    return 1;
+  }
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    return 1;
+  }
+  int rv = RUN_ALL_TESTS();
+
+  if (NSS_Shutdown() != SECSuccess) {
+    return 1;
+  }
+
+  nss_test::Poller::Shutdown();
+
+  return rv;
+}
diff --git a/nss/gtests/ssl_gtest/ssl_gtest.gyp b/nss/gtests/ssl_gtest/ssl_gtest.gyp
new file mode 100644
index 0000000..c49d0d6
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_gtest.gyp
@@ -0,0 +1,112 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'ssl_gtest',
+      'type': 'executable',
+      'sources': [
+        'libssl_internals.c',
+        'ssl_0rtt_unittest.cc',
+        'ssl_agent_unittest.cc',
+        'ssl_auth_unittest.cc',
+        'ssl_cert_ext_unittest.cc',
+        'ssl_ciphersuite_unittest.cc',
+        'ssl_damage_unittest.cc',
+        'ssl_dhe_unittest.cc',
+        'ssl_drop_unittest.cc',
+        'ssl_ecdh_unittest.cc',
+        'ssl_ems_unittest.cc',
+        'ssl_exporter_unittest.cc',
+        'ssl_extension_unittest.cc',
+        'ssl_fuzz_unittest.cc',
+        'ssl_fragment_unittest.cc',
+        'ssl_gather_unittest.cc',
+        'ssl_gtest.cc',
+        'ssl_hrr_unittest.cc',
+        'ssl_loopback_unittest.cc',
+        'ssl_record_unittest.cc',
+        'ssl_resumption_unittest.cc',
+        'ssl_skip_unittest.cc',
+        'ssl_staticrsa_unittest.cc',
+        'ssl_v2_client_hello_unittest.cc',
+        'ssl_version_unittest.cc',
+        'test_io.cc',
+        'tls_agent.cc',
+        'tls_connect.cc',
+        'tls_filter.cc',
+        'tls_hkdf_unittest.cc',
+        'tls_parser.cc',
+        'tls_protect.cc'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/smime/smime.gyp:smime',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
+        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib',
+        '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+      ],
+      'conditions': [
+        [ 'test_build==1', {
+          'dependencies': [
+            '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+          ],
+        }, {
+          'dependencies': [
+            '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+            '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+            '<(DEPTH)/lib/softoken/softoken.gyp:softokn',
+            '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+          ],
+        }],
+        [ 'disable_dbm==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/dbm/src/src.gyp:dbm',
+          ],
+        }],
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
+            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
+            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
+            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
+            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
+            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
+            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
+            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
+          ],
+        }],
+      ],
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../lib/ssl'
+    ],
+    'defines': [
+      'NSS_USE_STATIC_LIBS'
+    ],
+  },
+  'variables': {
+    'module': 'nss',
+  }
+}
diff --git a/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc b/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
new file mode 100644
index 0000000..9ebae34
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
@@ -0,0 +1,363 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+// This is internal, just to get TLS_1_3_DRAFT_VERSION.
+#include "ssl3prot.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectTls13, HelloRetryRequestAbortsZeroRtt) {
+  const char* k0RttData = "Such is life";
+  const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
+
+  SetupForZeroRtt();  // initial handshake as normal
+
+  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
+                                                    ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups);
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+  ExpectResumption(RESUME_TICKET);
+
+  // Send first ClientHello and send 0-RTT data
+  auto capture_early_data =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_early_data_xtn);
+  client_->SetPacketFilter(capture_early_data);
+  client_->Handshake();
+  EXPECT_EQ(k0RttDataLen, PR_Write(client_->ssl_fd(), k0RttData,
+                                   k0RttDataLen));  // 0-RTT write.
+  EXPECT_TRUE(capture_early_data->captured());
+
+  // Send the HelloRetryRequest
+  auto hrr_capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeHelloRetryRequest);
+  server_->SetPacketFilter(hrr_capture);
+  server_->Handshake();
+  EXPECT_LT(0U, hrr_capture->buffer().len());
+
+  // The server can't read
+  std::vector<uint8_t> buf(k0RttDataLen);
+  EXPECT_EQ(SECFailure, PR_Read(server_->ssl_fd(), buf.data(), k0RttDataLen));
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+
+  // Make a new capture for the early data.
+  capture_early_data =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_early_data_xtn);
+  client_->SetPacketFilter(capture_early_data);
+
+  // Complete the handshake successfully
+  Handshake();
+  ExpectEarlyDataAccepted(false);  // The server should reject 0-RTT
+  CheckConnected();
+  SendReceive();
+  EXPECT_FALSE(capture_early_data->captured());
+}
+
+// This filter only works for DTLS 1.3 where there is exactly one handshake
+// packet. If the record is split into two packets, or there are multiple
+// handshake packets, this will break.
+class CorrectMessageSeqAfterHrrFilter : public TlsRecordFilter {
+ protected:
+  PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                    const DataBuffer& record, size_t* offset,
+                                    DataBuffer* output) {
+    if (filtered_packets() > 0 || header.content_type() != content_handshake) {
+      return KEEP;
+    }
+
+    DataBuffer buffer(record);
+    TlsRecordHeader new_header = {header.version(), header.content_type(),
+                                  header.sequence_number() + 1};
+
+    // Correct message_seq.
+    buffer.Write(4, 1U, 2);
+
+    *offset = new_header.Write(output, *offset, buffer);
+    return CHANGE;
+  }
+};
+
+TEST_P(TlsConnectTls13, SecondClientHelloRejectEarlyDataXtn) {
+  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
+                                                    ssl_grp_ec_secp521r1};
+
+  SetupForZeroRtt();
+  ExpectResumption(RESUME_TICKET);
+
+  client_->ConfigNamedGroups(groups);
+  server_->ConfigNamedGroups(groups);
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  // A new client that tries to resume with 0-RTT but doesn't send the
+  // correct key share(s). The server will respond with an HRR.
+  auto orig_client =
+      std::make_shared<TlsAgent>(client_->name(), TlsAgent::CLIENT, mode_);
+  client_.swap(orig_client);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  client_->ConfigureSessionCache(RESUME_BOTH);
+  client_->Set0RttEnabled(true);
+  client_->StartConnect();
+
+  // Swap in the new client.
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+
+  // Send the ClientHello.
+  client_->Handshake();
+  // Process the CH, send an HRR.
+  server_->Handshake();
+
+  // Swap the client we created manually with the one that successfully
+  // received a PSK, and try to resume with 0-RTT. The client doesn't know
+  // about the HRR so it will send the early_data xtn as well as 0-RTT data.
+  client_.swap(orig_client);
+  orig_client.reset();
+
+  // Correct the DTLS message sequence number after an HRR.
+  if (mode_ == DGRAM) {
+    client_->SetPacketFilter(
+        std::make_shared<CorrectMessageSeqAfterHrrFilter>());
+  }
+
+  server_->SetPeer(client_);
+  client_->Handshake();
+
+  // Send 0-RTT data.
+  const char* k0RttData = "ABCDEF";
+  const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
+  PRInt32 rv = PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen);
+  EXPECT_EQ(k0RttDataLen, rv);
+
+  Handshake();
+  client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT);
+}
+
+class KeyShareReplayer : public TlsExtensionFilter {
+ public:
+  KeyShareReplayer() {}
+
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) {
+    if (extension_type != ssl_tls13_key_share_xtn) {
+      return KEEP;
+    }
+
+    if (!data_.len()) {
+      data_ = input;
+      return KEEP;
+    }
+
+    *output = data_;
+    return CHANGE;
+  }
+
+ private:
+  DataBuffer data_;
+};
+
+// This forces a HelloRetryRequest by disabling P-256 on the server.  However,
+// the second ClientHello is modified so that it omits the requested share.  The
+// server should reject this.
+TEST_P(TlsConnectTls13, RetryWithSameKeyShare) {
+  EnsureTlsSetup();
+  client_->SetPacketFilter(std::make_shared<KeyShareReplayer>());
+  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
+                                                    ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups);
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_BAD_2ND_CLIENT_HELLO, server_->error_code());
+  EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, client_->error_code());
+}
+
+// This tests that the second attempt at sending a ClientHello (after receiving
+// a HelloRetryRequest) is correctly retransmitted.
+TEST_F(TlsConnectDatagram13, DropClientSecondFlightWithHelloRetry) {
+  static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
+                                                    ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(groups);
+  server_->SetPacketFilter(std::make_shared<SelectiveDropFilter>(0x2));
+  Connect();
+}
+
+class TlsKeyExchange13 : public TlsKeyExchangeTest {};
+
+// This should work, with an HRR, because the server prefers x25519 and the
+// client generates a share for P-384 on the initial ClientHello.
+TEST_P(TlsKeyExchange13, ConnectEcdhePreferenceMismatchHrr) {
+  EnsureKeyShareSetup();
+  static const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
+  static const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_curve25519, ssl_grp_ec_secp384r1};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+  Connect();
+  CheckKeys();
+  static const std::vector<SSLNamedGroup> expectedShares = {
+      ssl_grp_ec_secp384r1};
+  CheckKEXDetails(client_groups, expectedShares, ssl_grp_ec_curve25519);
+}
+
+// This should work, but not use HRR because the key share for x25519 was
+// pre-generated by the client.
+TEST_P(TlsKeyExchange13, ConnectEcdhePreferenceMismatchHrrExtraShares) {
+  EnsureKeyShareSetup();
+  static const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
+  static const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_curve25519, ssl_grp_ec_secp384r1};
+  client_->ConfigNamedGroups(client_groups);
+  server_->ConfigNamedGroups(server_groups);
+  EXPECT_EQ(SECSuccess, SSL_SendAdditionalKeyShares(client_->ssl_fd(), 1));
+
+  Connect();
+  CheckKeys();
+  CheckKEXDetails(client_groups, client_groups);
+}
+
+TEST_F(TlsConnectTest, Select12AfterHelloRetryRequest) {
+  EnsureTlsSetup();
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  static const std::vector<SSLNamedGroup> client_groups = {
+      ssl_grp_ec_secp256r1, ssl_grp_ec_secp521r1};
+  client_->ConfigNamedGroups(client_groups);
+  static const std::vector<SSLNamedGroup> server_groups = {
+      ssl_grp_ec_secp384r1, ssl_grp_ec_secp521r1};
+  server_->ConfigNamedGroups(server_groups);
+  client_->StartConnect();
+  server_->StartConnect();
+
+  client_->Handshake();
+  server_->Handshake();
+
+  // Here we replace the TLS server with one that does TLS 1.2 only.
+  // This will happily send the client a TLS 1.2 ServerHello.
+  server_.reset(new TlsAgent(server_->name(), TlsAgent::SERVER, mode_));
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  server_->StartConnect();
+  Handshake();
+  EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, server_->error_code());
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+class HelloRetryRequestAgentTest : public TlsAgentTestClient {
+ protected:
+  void SetUp() override {
+    TlsAgentTestClient::SetUp();
+    EnsureInit();
+    agent_->StartConnect();
+  }
+
+  void MakeCannedHrr(const uint8_t* body, size_t len, DataBuffer* hrr_record,
+                     uint32_t seq_num = 0) const {
+    DataBuffer hrr_data;
+    hrr_data.Allocate(len + 4);
+    size_t i = 0;
+    i = hrr_data.Write(i, 0x7f00 | TLS_1_3_DRAFT_VERSION, 2);
+    i = hrr_data.Write(i, static_cast<uint32_t>(len), 2);
+    if (len) {
+      hrr_data.Write(i, body, len);
+    }
+    DataBuffer hrr;
+    MakeHandshakeMessage(kTlsHandshakeHelloRetryRequest, hrr_data.data(),
+                         hrr_data.len(), &hrr, seq_num);
+    MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3, hrr.data(),
+               hrr.len(), hrr_record, seq_num);
+  }
+
+  void MakeGroupHrr(SSLNamedGroup group, DataBuffer* hrr_record,
+                    uint32_t seq_num = 0) const {
+    const uint8_t group_hrr[] = {
+        static_cast<uint8_t>(ssl_tls13_key_share_xtn >> 8),
+        static_cast<uint8_t>(ssl_tls13_key_share_xtn),
+        0,
+        2,  // length of key share extension
+        static_cast<uint8_t>(group >> 8),
+        static_cast<uint8_t>(group)};
+    MakeCannedHrr(group_hrr, sizeof(group_hrr), hrr_record, seq_num);
+  }
+};
+
+// Send two HelloRetryRequest messages in response to the ClientHello.  The are
+// constructed to appear legitimate by asking for a new share in each, so that
+// the client has to count to work out that the server is being unreasonable.
+TEST_P(HelloRetryRequestAgentTest, SendSecondHelloRetryRequest) {
+  DataBuffer hrr;
+  MakeGroupHrr(ssl_grp_ec_secp384r1, &hrr, 0);
+  ProcessMessage(hrr, TlsAgent::STATE_CONNECTING);
+  MakeGroupHrr(ssl_grp_ec_secp521r1, &hrr, 1);
+  ProcessMessage(hrr, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST);
+}
+
+// Here the client receives a HelloRetryRequest with a group that they already
+// provided a share for.
+TEST_P(HelloRetryRequestAgentTest, HandleBogusHelloRetryRequest) {
+  DataBuffer hrr;
+  MakeGroupHrr(ssl_grp_ec_curve25519, &hrr);
+  ProcessMessage(hrr, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
+}
+
+TEST_P(HelloRetryRequestAgentTest, HandleNoopHelloRetryRequest) {
+  DataBuffer hrr;
+  MakeCannedHrr(nullptr, 0U, &hrr);
+  ProcessMessage(hrr, TlsAgent::STATE_ERROR,
+                 SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
+}
+
+TEST_P(HelloRetryRequestAgentTest, HandleHelloRetryRequestCookie) {
+  const uint8_t canned_cookie_hrr[] = {
+      static_cast<uint8_t>(ssl_tls13_cookie_xtn >> 8),
+      static_cast<uint8_t>(ssl_tls13_cookie_xtn),
+      0,
+      5,  // length of cookie extension
+      0,
+      3,  // cookie value length
+      0xc0,
+      0x0c,
+      0x13};
+  DataBuffer hrr;
+  MakeCannedHrr(canned_cookie_hrr, sizeof(canned_cookie_hrr), &hrr);
+  auto capture = std::make_shared<TlsExtensionCapture>(ssl_tls13_cookie_xtn);
+  agent_->SetPacketFilter(capture);
+  ProcessMessage(hrr, TlsAgent::STATE_CONNECTING);
+  const size_t cookie_pos = 2 + 2;  // cookie_xtn, extension len
+  DataBuffer cookie(canned_cookie_hrr + cookie_pos,
+                    sizeof(canned_cookie_hrr) - cookie_pos);
+  EXPECT_EQ(cookie, capture->extension());
+}
+
+INSTANTIATE_TEST_CASE_P(HelloRetryRequestAgentTests, HelloRetryRequestAgentTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV13));
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(HelloRetryRequestKeyExchangeTests, TlsKeyExchange13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV13));
+#endif
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc b/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
new file mode 100644
index 0000000..279bc18
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
@@ -0,0 +1,273 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectGeneric, SetupOnly) {}
+
+TEST_P(TlsConnectGeneric, Connect) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Connect();
+  CheckKeys();
+}
+
+TEST_P(TlsConnectGeneric, ConnectEcdsa) {
+  SetExpectedVersion(std::get<1>(GetParam()));
+  Reset(TlsAgent::kServerEcdsa256);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+}
+
+TEST_P(TlsConnectGenericPre13, CipherSuiteMismatch) {
+  EnsureTlsSetup();
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    client_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
+    server_->EnableSingleCipher(TLS_AES_256_GCM_SHA384);
+  } else {
+    client_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+    server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
+  }
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+  server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectFalseStart) {
+  client_->EnableFalseStart();
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectAlpn) {
+  EnableAlpn();
+  Connect();
+  CheckAlpn("a");
+}
+
+TEST_P(TlsConnectGeneric, ConnectAlpnClone) {
+  EnsureModelSockets();
+  client_model_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+  server_model_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+  Connect();
+  CheckAlpn("a");
+}
+
+TEST_P(TlsConnectDatagram, ConnectSrtp) {
+  EnableSrtp();
+  Connect();
+  CheckSrtp();
+  SendReceive();
+}
+
+// 1.3 is disabled in the next few tests because we don't
+// presently support resumption in 1.3.
+TEST_P(TlsConnectStreamPre13, ConnectAndClientRenegotiate) {
+  Connect();
+  server_->PrepareForRenegotiate();
+  client_->StartRenegotiate();
+  Handshake();
+  CheckConnected();
+}
+
+TEST_P(TlsConnectStreamPre13, ConnectAndServerRenegotiate) {
+  Connect();
+  client_->PrepareForRenegotiate();
+  server_->StartRenegotiate();
+  Handshake();
+  CheckConnected();
+}
+
+TEST_P(TlsConnectGeneric, ConnectSendReceive) {
+  Connect();
+  SendReceive();
+}
+
+// The next two tests takes advantage of the fact that we
+// automatically read the first 1024 bytes, so if
+// we provide 1200 bytes, they overrun the read buffer
+// provided by the calling test.
+
+// DTLS should return an error.
+TEST_P(TlsConnectDatagram, ShortRead) {
+  Connect();
+  client_->ExpectReadWriteError();
+  server_->SendData(1200, 1200);
+  client_->WaitForErrorCode(SSL_ERROR_RX_SHORT_DTLS_READ, 2000);
+
+  // Now send and receive another packet.
+  server_->ResetSentBytes();  // Reset the counter.
+  SendReceive();
+}
+
+// TLS should get the write in two chunks.
+TEST_P(TlsConnectStream, ShortRead) {
+  // This test behaves oddly with TLS 1.0 because of 1/n+1 splitting,
+  // so skip in that case.
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_1) return;
+
+  Connect();
+  server_->SendData(1200, 1200);
+  // Read the first tranche.
+  WAIT_(client_->received_bytes() == 1024, 2000);
+  ASSERT_EQ(1024U, client_->received_bytes());
+  // The second tranche should now immediately be available.
+  client_->ReadBytes();
+  ASSERT_EQ(1200U, client_->received_bytes());
+}
+
+TEST_P(TlsConnectGeneric, ConnectWithCompressionMaybe) {
+  EnsureTlsSetup();
+  client_->EnableCompression();
+  server_->EnableCompression();
+  Connect();
+  EXPECT_EQ(client_->version() < SSL_LIBRARY_VERSION_TLS_1_3 && mode_ != DGRAM,
+            client_->is_compressed());
+  SendReceive();
+}
+
+TEST_P(TlsConnectDatagram, TestDtlsHolddownExpiry) {
+  Connect();
+  std::cerr << "Expiring holddown timer\n";
+  SSLInt_ForceTimerExpiry(client_->ssl_fd());
+  SSLInt_ForceTimerExpiry(server_->ssl_fd());
+  SendReceive();
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // One for send, one for receive.
+    EXPECT_EQ(2, SSLInt_CountTls13CipherSpecs(client_->ssl_fd()));
+  }
+}
+
+class TlsPreCCSHeaderInjector : public TlsRecordFilter {
+ public:
+  TlsPreCCSHeaderInjector() {}
+  virtual PacketFilter::Action FilterRecord(
+      const TlsRecordHeader& record_header, const DataBuffer& input,
+      size_t* offset, DataBuffer* output) override {
+    if (record_header.content_type() != kTlsChangeCipherSpecType) return KEEP;
+
+    std::cerr << "Injecting Finished header before CCS\n";
+    const uint8_t hhdr[] = {kTlsHandshakeFinished, 0x00, 0x00, 0x0c};
+    DataBuffer hhdr_buf(hhdr, sizeof(hhdr));
+    TlsRecordHeader nhdr(record_header.version(), kTlsHandshakeType, 0);
+    *offset = nhdr.Write(output, *offset, hhdr_buf);
+    *offset = record_header.Write(output, *offset, input);
+    return CHANGE;
+  }
+};
+
+TEST_P(TlsConnectStreamPre13, ClientFinishedHeaderBeforeCCS) {
+  client_->SetPacketFilter(std::make_shared<TlsPreCCSHeaderInjector>());
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+  server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
+}
+
+TEST_P(TlsConnectStreamPre13, ServerFinishedHeaderBeforeCCS) {
+  server_->SetPacketFilter(std::make_shared<TlsPreCCSHeaderInjector>());
+  client_->StartConnect();
+  server_->StartConnect();
+  Handshake();
+  EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+}
+
+TEST_P(TlsConnectTls13, UnknownAlert) {
+  Connect();
+  SSLInt_SendAlert(server_->ssl_fd(), kTlsAlertWarning,
+                   0xff);  // Unknown value.
+  client_->ExpectReadWriteError();
+  client_->WaitForErrorCode(SSL_ERROR_RX_UNKNOWN_ALERT, 2000);
+}
+
+TEST_P(TlsConnectTls13, AlertWrongLevel) {
+  Connect();
+  SSLInt_SendAlert(server_->ssl_fd(), kTlsAlertWarning,
+                   kTlsAlertUnexpectedMessage);
+  client_->ExpectReadWriteError();
+  client_->WaitForErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, 2000);
+}
+
+TEST_F(TlsConnectStreamTls13, Tls13FailedWriteSecondFlight) {
+  EnsureTlsSetup();
+  client_->StartConnect();
+  server_->StartConnect();
+  client_->Handshake();
+  server_->Handshake();  // Send first flight.
+  client_->adapter()->CloseWrites();
+  client_->Handshake();  // This will get an error, but shouldn't crash.
+  client_->CheckErrorCode(SSL_ERROR_SOCKET_WRITE_FAILURE);
+}
+
+TEST_F(TlsConnectStreamTls13, NegotiateShortHeaders) {
+  client_->SetShortHeadersEnabled();
+  server_->SetShortHeadersEnabled();
+  client_->ExpectShortHeaders();
+  server_->ExpectShortHeaders();
+  Connect();
+}
+
+INSTANTIATE_TEST_CASE_P(GenericStream, TlsConnectGeneric,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsVAll));
+INSTANTIATE_TEST_CASE_P(
+    GenericDatagram, TlsConnectGeneric,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11Plus));
+
+INSTANTIATE_TEST_CASE_P(StreamOnly, TlsConnectStream,
+                        TlsConnectTestBase::kTlsVAll);
+INSTANTIATE_TEST_CASE_P(DatagramOnly, TlsConnectDatagram,
+                        TlsConnectTestBase::kTlsV11Plus);
+
+INSTANTIATE_TEST_CASE_P(Pre12Stream, TlsConnectPre12,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10V11));
+INSTANTIATE_TEST_CASE_P(
+    Pre12Datagram, TlsConnectPre12,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11));
+
+INSTANTIATE_TEST_CASE_P(Version12Only, TlsConnectTls12,
+                        TlsConnectTestBase::kTlsModesAll);
+#ifndef NSS_DISABLE_TLS_1_3
+INSTANTIATE_TEST_CASE_P(Version13Only, TlsConnectTls13,
+                        TlsConnectTestBase::kTlsModesAll);
+#endif
+
+INSTANTIATE_TEST_CASE_P(Pre13Stream, TlsConnectGenericPre13,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10ToV12));
+INSTANTIATE_TEST_CASE_P(
+    Pre13Datagram, TlsConnectGenericPre13,
+    ::testing::Combine(TlsConnectTestBase::kTlsModesDatagram,
+                       TlsConnectTestBase::kTlsV11V12));
+INSTANTIATE_TEST_CASE_P(Pre13StreamOnly, TlsConnectStreamPre13,
+                        TlsConnectTestBase::kTlsV10ToV12);
+
+INSTANTIATE_TEST_CASE_P(Version12Plus, TlsConnectTls12Plus,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV12Plus));
+
+}  // namespace nspr_test
diff --git a/nss/gtests/ssl_gtest/ssl_record_unittest.cc b/nss/gtests/ssl_gtest/ssl_record_unittest.cc
new file mode 100644
index 0000000..ef81b22
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_record_unittest.cc
@@ -0,0 +1,111 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include "ssl.h"
+#include "sslimpl.h"
+
+#include "databuffer.h"
+#include "gtest_utils.h"
+
+namespace nss_test {
+
+const static size_t kMacSize = 20;
+
+class TlsPaddingTest
+    : public ::testing::Test,
+      public ::testing::WithParamInterface<std::tuple<size_t, bool>> {
+ public:
+  TlsPaddingTest() : plaintext_len_(std::get<0>(GetParam())) {
+    size_t extra =
+        (plaintext_len_ + 1) % 16;  // Bytes past a block (1 == pad len)
+    // Minimal padding.
+    pad_len_ = extra ? 16 - extra : 0;
+    if (std::get<1>(GetParam())) {
+      // Maximal padding.
+      pad_len_ += 240;
+    }
+    MakePaddedPlaintext();
+  }
+
+  // Makes a plaintext record with correct padding.
+  void MakePaddedPlaintext() {
+    EXPECT_EQ(0UL, (plaintext_len_ + pad_len_ + 1) % 16);
+    size_t i = 0;
+    plaintext_.Allocate(plaintext_len_ + pad_len_ + 1);
+    for (; i < plaintext_len_; ++i) {
+      plaintext_.Write(i, 'A', 1);
+    }
+
+    for (; i < plaintext_len_ + pad_len_ + 1; ++i) {
+      plaintext_.Write(i, pad_len_, 1);
+    }
+  }
+
+  void Unpad(bool expect_success) {
+    std::cerr << "Content length=" << plaintext_len_
+              << " padding length=" << pad_len_
+              << " total length=" << plaintext_.len() << std::endl;
+    std::cerr << "Plaintext: " << plaintext_ << std::endl;
+    sslBuffer s;
+    s.buf = const_cast<unsigned char *>(
+        static_cast<const unsigned char *>(plaintext_.data()));
+    s.len = plaintext_.len();
+    SECStatus rv = ssl_RemoveTLSCBCPadding(&s, kMacSize);
+    if (expect_success) {
+      EXPECT_EQ(SECSuccess, rv);
+      EXPECT_EQ(plaintext_len_, static_cast<size_t>(s.len));
+    } else {
+      EXPECT_EQ(SECFailure, rv);
+    }
+  }
+
+ protected:
+  size_t plaintext_len_;
+  size_t pad_len_;
+  DataBuffer plaintext_;
+};
+
+TEST_P(TlsPaddingTest, Correct) {
+  if (plaintext_len_ >= kMacSize) {
+    Unpad(true);
+  } else {
+    Unpad(false);
+  }
+}
+
+TEST_P(TlsPaddingTest, PadTooLong) {
+  if (plaintext_.len() < 255) {
+    plaintext_.Write(plaintext_.len() - 1, plaintext_.len(), 1);
+    Unpad(false);
+  }
+}
+
+TEST_P(TlsPaddingTest, FirstByteOfPadWrong) {
+  if (pad_len_) {
+    plaintext_.Write(plaintext_len_, plaintext_.data()[plaintext_len_] + 1, 1);
+    Unpad(false);
+  }
+}
+
+TEST_P(TlsPaddingTest, LastByteOfPadWrong) {
+  if (pad_len_) {
+    plaintext_.Write(plaintext_.len() - 2,
+                     plaintext_.data()[plaintext_.len() - 1] + 1, 1);
+    Unpad(false);
+  }
+}
+
+const static size_t kContentSizesArr[] = {
+    1, kMacSize - 1, kMacSize, 30, 31, 32, 36, 256, 257, 287, 288};
+
+auto kContentSizes = ::testing::ValuesIn(kContentSizesArr);
+const static bool kTrueFalseArr[] = {true, false};
+auto kTrueFalse = ::testing::ValuesIn(kTrueFalseArr);
+
+INSTANTIATE_TEST_CASE_P(TlsPadding, TlsPaddingTest,
+                        ::testing::Combine(kContentSizes, kTrueFalse));
+}  // namespace nspr_test
diff --git a/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc b/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
new file mode 100644
index 0000000..9b8d9fa
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
@@ -0,0 +1,699 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+#include "tls_protect.h"
+
+namespace nss_test {
+
+class TlsServerKeyExchangeEcdhe {
+ public:
+  bool Parse(const DataBuffer& buffer) {
+    TlsParser parser(buffer);
+
+    uint8_t curve_type;
+    if (!parser.Read(&curve_type)) {
+      return false;
+    }
+
+    if (curve_type != 3) {  // named_curve
+      return false;
+    }
+
+    uint32_t named_curve;
+    if (!parser.Read(&named_curve, 2)) {
+      return false;
+    }
+
+    return parser.ReadVariable(&public_key_, 1);
+  }
+
+  DataBuffer public_key_;
+};
+
+TEST_P(TlsConnectGenericPre13, ConnectResumed) {
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
+  Connect();
+
+  Reset();
+  ExpectResumption(RESUME_SESSIONID);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ConnectClientCacheDisabled) {
+  ConfigureSessionCache(RESUME_NONE, RESUME_SESSIONID);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectServerCacheDisabled) {
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_NONE);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectSessionCacheDisabled) {
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeSupportBoth) {
+  // This prefers tickets.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientTicketServerBoth) {
+  // This causes no resumption because the client needs the
+  // session cache to resume even with tickets.
+  ConfigureSessionCache(RESUME_TICKET, RESUME_BOTH);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_TICKET, RESUME_BOTH);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicket) {
+  // This causes a ticket resumption.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientServerTicketOnly) {
+  // This causes no resumption because the client needs the
+  // session cache to resume even with tickets.
+  ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientBothServerNone) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_NONE);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_NONE);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientNoneServerBoth) {
+  ConfigureSessionCache(RESUME_NONE, RESUME_BOTH);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_NONE, RESUME_BOTH);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGenericPre13, ConnectResumeWithHigherVersion) {
+  ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+  Connect();
+
+  Reset();
+  EnsureTlsSetup();
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicketForget) {
+  // This causes a ticket resumption.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ClearServerCache();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  Connect();
+  SendReceive();
+}
+
+TEST_P(TlsConnectGeneric, ConnectWithExpiredTicketAtClient) {
+  SSLInt_SetTicketLifetime(1);  // one second
+  // This causes a ticket resumption.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  WAIT_(false, 1000);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+
+  // TLS 1.3 uses the pre-shared key extension instead.
+  SSLExtensionType xtn = (version_ >= SSL_LIBRARY_VERSION_TLS_1_3)
+                             ? ssl_tls13_pre_shared_key_xtn
+                             : ssl_session_ticket_xtn;
+  auto capture = std::make_shared<TlsExtensionCapture>(xtn);
+  client_->SetPacketFilter(capture);
+  Connect();
+
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    EXPECT_FALSE(capture->captured());
+  } else {
+    EXPECT_TRUE(capture->captured());
+    EXPECT_EQ(0U, capture->extension().len());
+  }
+}
+
+TEST_P(TlsConnectGeneric, ConnectWithExpiredTicketAtServer) {
+  SSLInt_SetTicketLifetime(1);  // one second
+  // This causes a ticket resumption.
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+
+  SSLExtensionType xtn = (version_ >= SSL_LIBRARY_VERSION_TLS_1_3)
+                             ? ssl_tls13_pre_shared_key_xtn
+                             : ssl_session_ticket_xtn;
+  auto capture = std::make_shared<TlsExtensionCapture>(xtn);
+  client_->SetPacketFilter(capture);
+  client_->StartConnect();
+  server_->StartConnect();
+  client_->Handshake();
+  EXPECT_TRUE(capture->captured());
+  EXPECT_LT(0U, capture->extension().len());
+
+  WAIT_(false, 1000);  // Let the ticket expire on the server.
+
+  Handshake();
+  CheckConnected();
+}
+
+// This callback switches out the "server" cert used on the server with
+// the "client" certificate, which should be the same type.
+static int32_t SwitchCertificates(TlsAgent* agent, const SECItem* srvNameArr,
+                                  uint32_t srvNameArrSize) {
+  bool ok = agent->ConfigServerCert("client");
+  if (!ok) return SSL_SNI_SEND_ALERT;
+
+  return 0;  // first config
+};
+
+TEST_P(TlsConnectGeneric, ServerSNICertSwitch) {
+  Connect();
+  ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+
+  Reset();
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+
+  server_->SetSniCallback(SwitchCertificates);
+
+  Connect();
+  ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+  CheckKeys();
+  EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
+TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) {
+  Reset(TlsAgent::kServerEcdsa256);
+  Connect();
+  ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+
+  Reset();
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+
+  // Because we configure an RSA certificate here, it only adds a second, unused
+  // certificate, which has no effect on what the server uses.
+  server_->SetSniCallback(SwitchCertificates);
+
+  Connect();
+  ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+  CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
+  EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert));
+}
+
+// Prior to TLS 1.3, we were not fully ephemeral; though 1.3 fixes that
+TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceReuseKey) {
+  auto i1 = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i1);
+  Connect();
+  CheckKeys();
+  TlsServerKeyExchangeEcdhe dhe1;
+  EXPECT_TRUE(dhe1.Parse(i1->buffer()));
+
+  // Restart
+  Reset();
+  auto i2 = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i2);
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  Connect();
+  CheckKeys();
+
+  TlsServerKeyExchangeEcdhe dhe2;
+  EXPECT_TRUE(dhe2.Parse(i2->buffer()));
+
+  // Make sure they are the same.
+  EXPECT_EQ(dhe1.public_key_.len(), dhe2.public_key_.len());
+  EXPECT_TRUE(!memcmp(dhe1.public_key_.data(), dhe2.public_key_.data(),
+                      dhe1.public_key_.len()));
+}
+
+// This test parses the ServerKeyExchange, which isn't in 1.3
+TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceNewKey) {
+  server_->EnsureTlsSetup();
+  SECStatus rv =
+      SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+  auto i1 = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i1);
+  Connect();
+  CheckKeys();
+  TlsServerKeyExchangeEcdhe dhe1;
+  EXPECT_TRUE(dhe1.Parse(i1->buffer()));
+
+  // Restart
+  Reset();
+  server_->EnsureTlsSetup();
+  rv = SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+  auto i2 = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeServerKeyExchange);
+  server_->SetPacketFilter(i2);
+  ConfigureSessionCache(RESUME_NONE, RESUME_NONE);
+  Connect();
+  CheckKeys();
+
+  TlsServerKeyExchangeEcdhe dhe2;
+  EXPECT_TRUE(dhe2.Parse(i2->buffer()));
+
+  // Make sure they are different.
+  EXPECT_FALSE((dhe1.public_key_.len() == dhe2.public_key_.len()) &&
+               (!memcmp(dhe1.public_key_.data(), dhe2.public_key_.data(),
+                        dhe1.public_key_.len())));
+}
+
+// Verify that TLS 1.3 reports an accurate group on resumption.
+TEST_P(TlsConnectTls13, TestTls13ResumeDifferentGroup) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_TICKET);
+  client_->ConfigNamedGroups(kFFDHEGroups);
+  server_->ConfigNamedGroups(kFFDHEGroups);
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_grp_ffdhe_2048, ssl_auth_rsa_sign, ssl_sig_none);
+}
+
+// We need to enable different cipher suites at different times in the following
+// tests.  Those cipher suites need to be suited to the version.
+static uint16_t ChooseOneCipher(uint16_t version) {
+  if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    return TLS_AES_128_GCM_SHA256;
+  }
+  return TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
+}
+
+static uint16_t ChooseAnotherCipher(uint16_t version) {
+  if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    return TLS_AES_256_GCM_SHA384;
+  }
+  return TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
+}
+
+// Test that we don't resume when we can't negotiate the same cipher.
+TEST_P(TlsConnectGeneric, TestResumeClientDifferentCipher) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->EnableSingleCipher(ChooseOneCipher(version_));
+  Connect();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  client_->EnableSingleCipher(ChooseAnotherCipher(version_));
+  uint16_t ticket_extension;
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    ticket_extension = ssl_tls13_pre_shared_key_xtn;
+  } else {
+    ticket_extension = ssl_session_ticket_xtn;
+  }
+  auto ticket_capture = std::make_shared<TlsExtensionCapture>(ticket_extension);
+  client_->SetPacketFilter(ticket_capture);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  EXPECT_EQ(0U, ticket_capture->extension().len());
+}
+
+// Test that we don't resume when we can't negotiate the same cipher.
+TEST_P(TlsConnectGeneric, TestResumeServerDifferentCipher) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  server_->EnableSingleCipher(ChooseOneCipher(version_));
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys();
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ExpectResumption(RESUME_NONE);
+  server_->EnableSingleCipher(ChooseAnotherCipher(version_));
+  Connect();
+  CheckKeys();
+}
+
+class SelectedCipherSuiteReplacer : public TlsHandshakeFilter {
+ public:
+  SelectedCipherSuiteReplacer(uint16_t suite) : cipher_suite_(suite) {}
+
+ protected:
+  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerHello) {
+      return KEEP;
+    }
+
+    *output = input;
+    uint32_t temp = 0;
+    EXPECT_TRUE(input.Read(0, 2, &temp));
+    // Cipher suite is after version(2) and random(32).
+    size_t pos = 34;
+    if (temp < SSL_LIBRARY_VERSION_TLS_1_3) {
+      // In old versions, we have to skip a session_id too.
+      EXPECT_TRUE(input.Read(pos, 1, &temp));
+      pos += 1 + temp;
+    }
+    output->Write(pos, static_cast<uint32_t>(cipher_suite_), 2);
+    return CHANGE;
+  }
+
+ private:
+  uint16_t cipher_suite_;
+};
+
+// Test that the client doesn't tolerate the server picking a different cipher
+// suite for resumption.
+TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  server_->EnableSingleCipher(ChooseOneCipher(version_));
+  Connect();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  server_->SetPacketFilter(std::make_shared<SelectedCipherSuiteReplacer>(
+      ChooseAnotherCipher(version_)));
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // The reason this test is stream only: the server is unable to decrypt
+    // the alert that the client sends, see bug 1304603.
+    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  } else {
+    server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
+  }
+}
+
+class SelectedVersionReplacer : public TlsHandshakeFilter {
+ public:
+  SelectedVersionReplacer(uint16_t version) : version_(version) {}
+
+ protected:
+  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override {
+    if (header.handshake_type() != kTlsHandshakeServerHello) {
+      return KEEP;
+    }
+
+    *output = input;
+    output->Write(0, static_cast<uint32_t>(version_), 2);
+    return CHANGE;
+  }
+
+ private:
+  uint16_t version_;
+};
+
+// Test how the client handles the case where the server picks a
+// lower version number on resumption.
+TEST_P(TlsConnectGenericPre13, TestResumptionOverrideVersion) {
+  uint16_t override_version = 0;
+  if (mode_ == STREAM) {
+    switch (version_) {
+      case SSL_LIBRARY_VERSION_TLS_1_0:
+        return;  // Skip the test.
+      case SSL_LIBRARY_VERSION_TLS_1_1:
+        override_version = SSL_LIBRARY_VERSION_TLS_1_0;
+        break;
+      case SSL_LIBRARY_VERSION_TLS_1_2:
+        override_version = SSL_LIBRARY_VERSION_TLS_1_1;
+        break;
+      default:
+        ASSERT_TRUE(false) << "unknown version";
+    }
+  } else {
+    if (version_ == SSL_LIBRARY_VERSION_TLS_1_2) {
+      override_version = SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+    } else {
+      ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, version_);
+      return;  // Skip the test.
+    }
+  }
+
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  // Need to use a cipher that is plausible for the lower version.
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  Connect();
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  // Enable the lower version on the client.
+  client_->SetVersionRange(version_ - 1, version_);
+  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  server_->SetPacketFilter(
+      std::make_shared<SelectedVersionReplacer>(override_version));
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
+}
+
+// Test that two TLS resumptions work and produce the same ticket.
+// This will change after bug 1257047 is fixed.
+TEST_F(TlsConnectTest, TestTls13ResumptionTwice) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys();
+  uint16_t original_suite;
+  EXPECT_TRUE(client_->cipher_suite(&original_suite));
+
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  ExpectResumption(RESUME_TICKET);
+  auto c1 = std::make_shared<TlsExtensionCapture>(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(c1);
+  Connect();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
+            ssl_sig_none);
+  // The filter will go away when we reset, so save the captured extension.
+  DataBuffer initialTicket(c1->extension());
+  ASSERT_LT(0U, initialTicket.len());
+
+  ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd()));
+  ASSERT_TRUE(!!cert1.get());
+
+  Reset();
+  ClearStats();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  auto c2 = std::make_shared<TlsExtensionCapture>(ssl_tls13_pre_shared_key_xtn);
+  client_->SetPacketFilter(c2);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+  CheckKeys(ssl_kea_ecdh, ssl_grp_ec_curve25519, ssl_auth_rsa_sign,
+            ssl_sig_none);
+  ASSERT_LT(0U, c2->extension().len());
+
+  ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd()));
+  ASSERT_TRUE(!!cert2.get());
+
+  // Check that the cipher suite is reported the same on both sides, though in
+  // TLS 1.3 resumption actually negotiates a different cipher suite.
+  uint16_t resumed_suite;
+  EXPECT_TRUE(server_->cipher_suite(&resumed_suite));
+  EXPECT_EQ(original_suite, resumed_suite);
+  EXPECT_TRUE(client_->cipher_suite(&resumed_suite));
+  EXPECT_EQ(original_suite, resumed_suite);
+
+  ASSERT_NE(initialTicket, c2->extension());
+}
+
+// Check that resumption works after receiving two NST messages.
+TEST_F(TlsConnectTest, TestTls13ResumptionDuplicateNST) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+
+  // Clear the session ticket keys to invalidate the old ticket.
+  SSLInt_ClearSessionTicketKey();
+  SSLInt_SendNewSessionTicket(server_->ssl_fd());
+
+  SendReceive();  // Need to read so that we absorb the session tickets.
+  CheckKeys();
+
+  // Resume the connection.
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  ExpectResumption(RESUME_TICKET);
+  Connect();
+  SendReceive();
+}
+
+TEST_F(TlsConnectTest, TestTls13ResumptionDowngrade) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+
+  SendReceive();  // Need to read so that we absorb the session tickets.
+  CheckKeys();
+
+  // Try resuming the connection. This will fail resuming the 1.3 session
+  // from before, but will successfully establish a 1.2 connection.
+  Reset();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  Connect();
+
+  // Renegotiate to ensure we don't carryover any state
+  // from the 1.3 resumption attempt.
+  client_->SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->PrepareForRenegotiate();
+  server_->StartRenegotiate();
+  Handshake();
+
+  SendReceive();
+  CheckKeys();
+}
+
+TEST_F(TlsConnectTest, TestTls13ResumptionForcedDowngrade) {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+
+  SendReceive();  // Need to read so that we absorb the session tickets.
+  CheckKeys();
+
+  // Try resuming the connection.
+  Reset();
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  // Enable the lower version on the client.
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+
+  // Add filters that set downgrade SH.version to 1.2 and the cipher suite
+  // to one that works with 1.2, so that we don't run into early sanity checks.
+  // We will eventually fail the (sid.version == SH.version) check.
+  std::vector<std::shared_ptr<PacketFilter>> filters;
+  filters.push_back(std::make_shared<SelectedCipherSuiteReplacer>(
+      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256));
+  filters.push_back(
+      std::make_shared<SelectedVersionReplacer>(SSL_LIBRARY_VERSION_TLS_1_2));
+  server_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(filters));
+
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_skip_unittest.cc b/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
new file mode 100644
index 0000000..235c551
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
@@ -0,0 +1,235 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "sslerr.h"
+
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+/*
+ * The tests in this file test that the TLS state machine is robust against
+ * attacks that alter the order of handshake messages.
+ *
+ * See <https://www.smacktls.com/smack.pdf> for a description of the problems
+ * that this sort of attack can enable.
+ */
+namespace nss_test {
+
+class TlsHandshakeSkipFilter : public TlsRecordFilter {
+ public:
+  // A TLS record filter that skips handshake messages of the identified type.
+  TlsHandshakeSkipFilter(uint8_t handshake_type)
+      : handshake_type_(handshake_type), skipped_(false) {}
+
+ protected:
+  // Takes a record; if it is a handshake record, it removes the first handshake
+  // message that is of handshake_type_ type.
+  virtual PacketFilter::Action FilterRecord(
+      const TlsRecordHeader& record_header, const DataBuffer& input,
+      DataBuffer* output) {
+    if (record_header.content_type() != kTlsHandshakeType) {
+      return KEEP;
+    }
+
+    size_t output_offset = 0U;
+    output->Allocate(input.len());
+
+    TlsParser parser(input);
+    while (parser.remaining()) {
+      size_t start = parser.consumed();
+      TlsHandshakeFilter::HandshakeHeader header;
+      DataBuffer ignored;
+      if (!header.Parse(&parser, record_header, &ignored)) {
+        return KEEP;
+      }
+
+      if (skipped_ || header.handshake_type() != handshake_type_) {
+        size_t entire_length = parser.consumed() - start;
+        output->Write(output_offset, input.data() + start, entire_length);
+        // DTLS sequence numbers need to be rewritten
+        if (skipped_ && header.is_dtls()) {
+          output->data()[start + 5] -= 1;
+        }
+        output_offset += entire_length;
+      } else {
+        std::cerr << "Dropping handshake: "
+                  << static_cast<unsigned>(handshake_type_) << std::endl;
+        // We only need to report that the output contains changed data if we
+        // drop a handshake message.  But once we've skipped one message, we
+        // have to modify all subsequent handshake messages so that they include
+        // the correct DTLS sequence numbers.
+        skipped_ = true;
+      }
+    }
+    output->Truncate(output_offset);
+    return skipped_ ? CHANGE : KEEP;
+  }
+
+ private:
+  // The type of handshake message to drop.
+  uint8_t handshake_type_;
+  // Whether this filter has ever skipped a handshake message.  Track this so
+  // that sequence numbers on DTLS handshake messages can be rewritten in
+  // subsequent calls.
+  bool skipped_;
+};
+
+class TlsSkipTest
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ protected:
+  TlsSkipTest()
+      : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
+
+  void ServerSkipTest(std::shared_ptr<PacketFilter> filter,
+                      uint8_t alert = kTlsAlertUnexpectedMessage) {
+    auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+    client_->SetPacketFilter(alert_recorder);
+    server_->SetPacketFilter(filter);
+    ConnectExpectFail();
+    EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+    EXPECT_EQ(alert, alert_recorder->description());
+  }
+};
+
+class Tls13SkipTest : public TlsConnectTestBase,
+                      public ::testing::WithParamInterface<std::string> {
+ protected:
+  Tls13SkipTest()
+      : TlsConnectTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_3) {}
+
+  void ServerSkipTest(std::shared_ptr<TlsRecordFilter> filter, int32_t error) {
+    EnsureTlsSetup();
+    server_->SetTlsRecordFilter(filter);
+    filter->EnableDecryption();
+    if (mode_ == STREAM) {
+      ConnectExpectFail();
+    } else {
+      ConnectExpectFailOneSide(TlsAgent::CLIENT);
+    }
+    client_->CheckErrorCode(error);
+    if (mode_ == STREAM) {
+      server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+    } else {
+      ASSERT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
+    }
+  }
+
+  void ClientSkipTest(std::shared_ptr<TlsRecordFilter> filter, int32_t error) {
+    EnsureTlsSetup();
+    client_->SetTlsRecordFilter(filter);
+    filter->EnableDecryption();
+    ConnectExpectFailOneSide(TlsAgent::SERVER);
+
+    server_->CheckErrorCode(error);
+    ASSERT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+  }
+};
+
+TEST_P(TlsSkipTest, SkipCertificateRsa) {
+  EnableOnlyStaticRsaCiphers();
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipCertificateDhe) {
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsSkipTest, SkipCertificateEcdhe) {
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsSkipTest, SkipCertificateEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+}
+
+TEST_P(TlsSkipTest, SkipServerKeyExchange) {
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeServerKeyExchange));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipServerKeyExchangeEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeServerKeyExchange));
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipCertAndKeyExch) {
+  auto chain = std::make_shared<ChainedPacketFilter>();
+  chain->Add(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate));
+  chain->Add(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeServerKeyExchange));
+  ServerSkipTest(chain);
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(TlsSkipTest, SkipCertAndKeyExchEcdsa) {
+  Reset(TlsAgent::kServerEcdsa256);
+  auto chain = std::make_shared<ChainedPacketFilter>();
+  chain->Add(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate));
+  chain->Add(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeServerKeyExchange));
+  ServerSkipTest(chain);
+  client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+}
+
+TEST_P(Tls13SkipTest, SkipEncryptedExtensions) {
+  ServerSkipTest(std::make_shared<TlsHandshakeSkipFilter>(
+                     kTlsHandshakeEncryptedExtensions),
+                 SSL_ERROR_RX_UNEXPECTED_CERTIFICATE);
+}
+
+TEST_P(Tls13SkipTest, SkipServerCertificate) {
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate),
+      SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
+}
+
+TEST_P(Tls13SkipTest, SkipServerCertificateVerify) {
+  ServerSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificateVerify),
+      SSL_ERROR_RX_UNEXPECTED_FINISHED);
+}
+
+TEST_P(Tls13SkipTest, SkipClientCertificate) {
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  ClientSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate),
+      SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
+}
+
+TEST_P(Tls13SkipTest, SkipClientCertificateVerify) {
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  ClientSkipTest(
+      std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificateVerify),
+      SSL_ERROR_RX_UNEXPECTED_FINISHED);
+}
+
+INSTANTIATE_TEST_CASE_P(SkipTls10, TlsSkipTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesStream,
+                                           TlsConnectTestBase::kTlsV10));
+INSTANTIATE_TEST_CASE_P(SkipVariants, TlsSkipTest,
+                        ::testing::Combine(TlsConnectTestBase::kTlsModesAll,
+                                           TlsConnectTestBase::kTlsV11V12));
+INSTANTIATE_TEST_CASE_P(Skip13Variants, Tls13SkipTest,
+                        TlsConnectTestBase::kTlsModesAll);
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc b/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
new file mode 100644
index 0000000..8e1c331
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
@@ -0,0 +1,125 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <functional>
+#include <memory>
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+const uint8_t kBogusClientKeyExchange[] = {
+    0x01, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+TEST_P(TlsConnectGenericPre13, ConnectStaticRSA) {
+  EnableOnlyStaticRsaCiphers();
+  Connect();
+  CheckKeys(ssl_kea_rsa, ssl_grp_none, ssl_auth_rsa_decrypt, ssl_sig_none);
+}
+
+// Test that a totally bogus EPMS is handled correctly.
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusCKE) {
+  EnableOnlyStaticRsaCiphers();
+  auto i1 = std::make_shared<TlsInspectorReplaceHandshakeMessage>(
+      kTlsHandshakeClientKeyExchange,
+      DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange)));
+  client_->SetPacketFilter(i1);
+  auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+// Test that a PMS with a bogus version number is handled correctly.
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusPMSVersionDetect) {
+  EnableOnlyStaticRsaCiphers();
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
+  auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+// Test that a PMS with a bogus version number is ignored when
+// rollback detection is disabled. This is a positive control for
+// ConnectStaticRSABogusPMSVersionDetect.
+TEST_P(TlsConnectGenericPre13, ConnectStaticRSABogusPMSVersionIgnore) {
+  EnableOnlyStaticRsaCiphers();
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
+  server_->DisableRollbackDetection();
+  Connect();
+}
+
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13, ConnectExtendedMasterSecretStaticRSABogusCKE) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  auto inspect = std::make_shared<TlsInspectorReplaceHandshakeMessage>(
+      kTlsHandshakeClientKeyExchange,
+      DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange)));
+  client_->SetPacketFilter(inspect);
+  auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+// This test is stream so we can catch the bad_record_mac alert.
+TEST_P(TlsConnectStreamPre13,
+       ConnectExtendedMasterSecretStaticRSABogusPMSVersionDetect) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
+  auto alert_recorder = std::make_shared<TlsAlertRecorder>();
+  server_->SetPacketFilter(alert_recorder);
+  ConnectExpectFail();
+  EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
+  EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
+}
+
+TEST_P(TlsConnectStreamPre13,
+       ConnectExtendedMasterSecretStaticRSABogusPMSVersionIgnore) {
+  EnableOnlyStaticRsaCiphers();
+  EnableExtendedMasterSecret();
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
+  server_->DisableRollbackDetection();
+  Connect();
+}
+
+}  // namespace nspr_test
diff --git a/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc b/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
new file mode 100644
index 0000000..66caba7
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
@@ -0,0 +1,373 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11pub.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+
+namespace nss_test {
+
+// Replaces the client hello with an SSLv2 version once.
+class SSLv2ClientHelloFilter : public PacketFilter {
+ public:
+  SSLv2ClientHelloFilter(std::shared_ptr<TlsAgent>& client, uint16_t version)
+      : replaced_(false),
+        client_(client),
+        version_(version),
+        pad_len_(0),
+        reported_pad_len_(0),
+        client_random_len_(16),
+        ciphers_(0),
+        send_escape_(false) {}
+
+  void SetVersion(uint16_t version) { version_ = version; }
+
+  void SetCipherSuites(const std::vector<uint16_t>& ciphers) {
+    ciphers_ = ciphers;
+  }
+
+  // Set a padding length and announce it correctly.
+  void SetPadding(uint8_t pad_len) { SetPadding(pad_len, pad_len); }
+
+  // Set a padding length and allow to lie about its length.
+  void SetPadding(uint8_t pad_len, uint8_t reported_pad_len) {
+    pad_len_ = pad_len;
+    reported_pad_len_ = reported_pad_len;
+  }
+
+  void SetClientRandomLength(uint16_t client_random_len) {
+    client_random_len_ = client_random_len;
+  }
+
+  void SetSendEscape(bool send_escape) { send_escape_ = send_escape; }
+
+ protected:
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output) {
+    if (replaced_) {
+      return KEEP;
+    }
+
+    // Replace only the very first packet.
+    replaced_ = true;
+
+    // The SSLv2 client hello size.
+    size_t packet_len = SSL_HL_CLIENT_HELLO_HBYTES + (ciphers_.size() * 3) +
+                        client_random_len_ + pad_len_;
+
+    size_t idx = 0;
+    *output = input;
+    output->Allocate(packet_len);
+    output->Truncate(packet_len);
+
+    // Write record length.
+    if (pad_len_ > 0) {
+      size_t masked_len = 0x3fff & packet_len;
+      if (send_escape_) {
+        masked_len |= 0x4000;
+      }
+
+      idx = output->Write(idx, masked_len, 2);
+      idx = output->Write(idx, reported_pad_len_, 1);
+    } else {
+      PR_ASSERT(!send_escape_);
+      idx = output->Write(idx, 0x8000 | packet_len, 2);
+    }
+
+    // Remember header length.
+    size_t hdr_len = idx;
+
+    // Write client hello.
+    idx = output->Write(idx, SSL_MT_CLIENT_HELLO, 1);
+    idx = output->Write(idx, version_, 2);
+
+    // Cipher list length.
+    idx = output->Write(idx, (ciphers_.size() * 3), 2);
+
+    // Session ID length.
+    idx = output->Write(idx, static_cast<uint32_t>(0), 2);
+
+    // ClientRandom length.
+    idx = output->Write(idx, client_random_len_, 2);
+
+    // Cipher suites.
+    for (auto cipher : ciphers_) {
+      idx = output->Write(idx, static_cast<uint32_t>(cipher), 3);
+    }
+
+    // Challenge.
+    std::vector<uint8_t> challenge(client_random_len_);
+    PK11_GenerateRandom(challenge.data(), challenge.size());
+    idx = output->Write(idx, challenge.data(), challenge.size());
+
+    // Add padding if any.
+    if (pad_len_ > 0) {
+      std::vector<uint8_t> pad(pad_len_);
+      idx = output->Write(idx, pad.data(), pad.size());
+    }
+
+    // Update the client random so that the handshake succeeds.
+    SECStatus rv = SSLInt_UpdateSSLv2ClientRandom(
+        client_.lock()->ssl_fd(), challenge.data(), challenge.size(),
+        output->data() + hdr_len, output->len() - hdr_len);
+    EXPECT_EQ(SECSuccess, rv);
+
+    return CHANGE;
+  }
+
+ private:
+  bool replaced_;
+  std::weak_ptr<TlsAgent> client_;
+  uint16_t version_;
+  uint8_t pad_len_;
+  uint8_t reported_pad_len_;
+  uint16_t client_random_len_;
+  std::vector<uint16_t> ciphers_;
+  bool send_escape_;
+};
+
+class SSLv2ClientHelloTestF : public TlsConnectTestBase {
+ public:
+  SSLv2ClientHelloTestF() : TlsConnectTestBase(STREAM, 0), filter_(nullptr) {}
+
+  SSLv2ClientHelloTestF(Mode mode, uint16_t version)
+      : TlsConnectTestBase(mode, version), filter_(nullptr) {}
+
+  void SetUp() {
+    TlsConnectTestBase::SetUp();
+    filter_ = std::make_shared<SSLv2ClientHelloFilter>(client_, version_);
+    client_->SetPacketFilter(filter_);
+  }
+
+  void RequireSafeRenegotiation() {
+    server_->EnsureTlsSetup();
+    SECStatus rv =
+        SSL_OptionSet(server_->ssl_fd(), SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
+    EXPECT_EQ(rv, SECSuccess);
+  }
+
+  void SetExpectedVersion(uint16_t version) {
+    TlsConnectTestBase::SetExpectedVersion(version);
+    filter_->SetVersion(version);
+  }
+
+  void SetAvailableCipherSuite(uint16_t cipher) {
+    filter_->SetCipherSuites(std::vector<uint16_t>(1, cipher));
+  }
+
+  void SetAvailableCipherSuites(const std::vector<uint16_t>& ciphers) {
+    filter_->SetCipherSuites(ciphers);
+  }
+
+  void SetPadding(uint8_t pad_len) { filter_->SetPadding(pad_len); }
+
+  void SetPadding(uint8_t pad_len, uint8_t reported_pad_len) {
+    filter_->SetPadding(pad_len, reported_pad_len);
+  }
+
+  void SetClientRandomLength(uint16_t client_random_len) {
+    filter_->SetClientRandomLength(client_random_len);
+  }
+
+  void SetSendEscape(bool send_escape) { filter_->SetSendEscape(send_escape); }
+
+ private:
+  std::shared_ptr<SSLv2ClientHelloFilter> filter_;
+};
+
+// Parameterized version of SSLv2ClientHelloTestF we can
+// use with TEST_P to test multiple TLS versions easily.
+class SSLv2ClientHelloTest : public SSLv2ClientHelloTestF,
+                             public ::testing::WithParamInterface<uint16_t> {
+ public:
+  SSLv2ClientHelloTest() : SSLv2ClientHelloTestF(STREAM, GetParam()) {}
+};
+
+// Test negotiating TLS 1.0 - 1.2.
+TEST_P(SSLv2ClientHelloTest, Connect) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  Connect();
+}
+
+// Sending a v2 ClientHello after a no-op v3 record must fail.
+TEST_P(SSLv2ClientHelloTest, ConnectAfterEmptyV3Record) {
+  DataBuffer buffer;
+
+  size_t idx = 0;
+  idx = buffer.Write(idx, 0x16, 1);    // handshake
+  idx = buffer.Write(idx, 0x0301, 2);  // record_version
+  (void)buffer.Write(idx, 0U, 2);      // length=0
+
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  EnsureTlsSetup();
+  client_->SendDirect(buffer);
+
+  // Need padding so the connection doesn't just time out. With a v2
+  // ClientHello parsed as a v3 record we will use the record version
+  // as the record length.
+  SetPadding(255);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_BAD_CLIENT, server_->error_code());
+}
+
+// Test negotiating TLS 1.3.
+TEST_F(SSLv2ClientHelloTestF, Connect13) {
+  EnsureTlsSetup();
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+
+  std::vector<uint16_t> cipher_suites = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256};
+  SetAvailableCipherSuites(cipher_suites);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Test negotiating an EC suite.
+TEST_P(SSLv2ClientHelloTest, NegotiateECSuite) {
+  SetAvailableCipherSuite(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
+  Connect();
+}
+
+// Test negotiating TLS 1.0 - 1.2 with a padded client hello.
+TEST_P(SSLv2ClientHelloTest, AddPadding) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  SetPadding(255);
+  Connect();
+}
+
+// Test that sending a security escape fails the handshake.
+TEST_P(SSLv2ClientHelloTest, SendSecurityEscape) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Send a security escape.
+  SetSendEscape(true);
+
+  // Set a big padding so that the server fails instead of timing out.
+  SetPadding(255);
+
+  ConnectExpectFail();
+}
+
+// Invalid SSLv2 client hello padding must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, AddErroneousPadding) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Append 5 bytes of padding but say it's only 4.
+  SetPadding(5, 4);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Invalid SSLv2 client hello padding must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, AddErroneousPadding2) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Append 5 bytes of padding but say it's 6.
+  SetPadding(5, 6);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Wrong amount of bytes for the ClientRandom must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, SmallClientRandom) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Send a ClientRandom that's too small.
+  SetClientRandomLength(15);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Test sending the maximum accepted number of ClientRandom bytes.
+TEST_P(SSLv2ClientHelloTest, MaxClientRandom) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  SetClientRandomLength(32);
+  Connect();
+}
+
+// Wrong amount of bytes for the ClientRandom must fail the handshake.
+TEST_P(SSLv2ClientHelloTest, BigClientRandom) {
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+
+  // Send a ClientRandom that's too big.
+  SetClientRandomLength(33);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
+}
+
+// Connection must fail if we require safe renegotiation but the client doesn't
+// include TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the list of cipher suites.
+TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiation) {
+  RequireSafeRenegotiation();
+  SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_UNSAFE_NEGOTIATION, server_->error_code());
+}
+
+// Connection must succeed when requiring safe renegotiation and the client
+// includes TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the list of cipher suites.
+TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiationWithSCSV) {
+  RequireSafeRenegotiation();
+  std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+                                         TLS_EMPTY_RENEGOTIATION_INFO_SCSV};
+  SetAvailableCipherSuites(cipher_suites);
+  Connect();
+}
+
+// Connect to the server with TLS 1.1, signalling that this is a fallback from
+// a higher version. As the server doesn't support anything higher than TLS 1.1
+// it must accept the connection.
+TEST_F(SSLv2ClientHelloTestF, FallbackSCSV) {
+  EnsureTlsSetup();
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+
+  std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+                                         TLS_FALLBACK_SCSV};
+  SetAvailableCipherSuites(cipher_suites);
+  Connect();
+}
+
+// Connect to the server with TLS 1.1, signalling that this is a fallback from
+// a higher version. As the server supports TLS 1.2 though it must reject the
+// connection due to a possible downgrade attack.
+TEST_F(SSLv2ClientHelloTestF, InappropriateFallbackSCSV) {
+  SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+
+  std::vector<uint16_t> cipher_suites = {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+                                         TLS_FALLBACK_SCSV};
+  SetAvailableCipherSuites(cipher_suites);
+
+  ConnectExpectFail();
+  EXPECT_EQ(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, server_->error_code());
+}
+
+INSTANTIATE_TEST_CASE_P(VersionsStream10Pre13, SSLv2ClientHelloTest,
+                        TlsConnectTestBase::kTlsV10);
+INSTANTIATE_TEST_CASE_P(VersionsStreamPre13, SSLv2ClientHelloTest,
+                        TlsConnectTestBase::kTlsV11V12);
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/ssl_version_unittest.cc b/nss/gtests/ssl_gtest/ssl_version_unittest.cc
new file mode 100644
index 0000000..ebe152c
--- /dev/null
+++ b/nss/gtests/ssl_gtest/ssl_version_unittest.cc
@@ -0,0 +1,319 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secerr.h"
+#include "ssl.h"
+#include "ssl3prot.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+TEST_P(TlsConnectStream, ServerNegotiateTls10) {
+  uint16_t minver, maxver;
+  client_->GetVersionRange(&minver, &maxver);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, maxver);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ServerNegotiateTls11) {
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_1) return;
+
+  uint16_t minver, maxver;
+  client_->GetVersionRange(&minver, &maxver);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, maxver);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  Connect();
+}
+
+TEST_P(TlsConnectGeneric, ServerNegotiateTls12) {
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) return;
+
+  uint16_t minver, maxver;
+  client_->GetVersionRange(&minver, &maxver);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, maxver);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  Connect();
+}
+#ifndef TLS_1_3_DRAFT_VERSION
+
+// Test the ServerRandom version hack from
+// [draft-ietf-tls-tls13-11 Section 6.3.1.1].
+// The first three tests test for active tampering. The next
+// two validate that we can also detect fallback using the
+// SSL_SetDowngradeCheckVersion() API.
+TEST_F(TlsConnectTest, TestDowngradeDetectionToTls11) {
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionSetter>(
+          SSL_LIBRARY_VERSION_TLS_1_1));
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+/* Attempt to negotiate the bogus DTLS 1.1 version. */
+TEST_F(DtlsConnectTest, TestDtlsVersion11) {
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionSetter>(
+          ((~0x0101) & 0xffff)));
+  ConnectExpectFail();
+  // It's kind of surprising that SSL_ERROR_NO_CYPHER_OVERLAP is
+  // what is returned here, but this is deliberate in ssl3_HandleAlert().
+  EXPECT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP, client_->error_code());
+  EXPECT_EQ(SSL_ERROR_UNSUPPORTED_VERSION, server_->error_code());
+}
+
+// Disabled as long as we have draft version.
+TEST_F(TlsConnectTest, TestDowngradeDetectionToTls12) {
+  EnsureTlsSetup();
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionSetter>(
+          SSL_LIBRARY_VERSION_TLS_1_2));
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+// TLS 1.1 clients do not check the random values, so we should
+// instead get a handshake failure alert from the server.
+TEST_F(TlsConnectTest, TestDowngradeDetectionToTls10) {
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionSetter>(
+          SSL_LIBRARY_VERSION_TLS_1_0));
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE, server_->error_code());
+  ASSERT_EQ(SSL_ERROR_DECRYPT_ERROR_ALERT, client_->error_code());
+}
+
+TEST_F(TlsConnectTest, TestFallbackFromTls12) {
+  EnsureTlsSetup();
+  client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_2);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_1);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+
+TEST_F(TlsConnectTest, TestFallbackFromTls13) {
+  EnsureTlsSetup();
+  client_->SetDowngradeCheckVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                           SSL_LIBRARY_VERSION_TLS_1_2);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  ConnectExpectFail();
+  ASSERT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
+}
+#endif
+
+TEST_P(TlsConnectGeneric, TestFallbackSCSVVersionMatch) {
+  client_->SetFallbackSCSVEnabled(true);
+  Connect();
+}
+
+TEST_P(TlsConnectGenericPre13, TestFallbackSCSVVersionMismatch) {
+  client_->SetFallbackSCSVEnabled(true);
+  server_->SetVersionRange(version_, version_ + 1);
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT);
+}
+
+// The TLS v1.3 spec section C.4 states that 'Implementations MUST NOT send or
+// accept any records with a version less than { 3, 0 }'. Thus we will not
+// allow version ranges including both SSL v3 and TLS v1.3.
+TEST_F(TlsConnectTest, DisallowSSLv3HelloWithTLSv13Enabled) {
+  SECStatus rv;
+  SSLVersionRange vrange = {SSL_LIBRARY_VERSION_3_0,
+                            SSL_LIBRARY_VERSION_TLS_1_3};
+
+  EnsureTlsSetup();
+  rv = SSL_VersionRangeSet(client_->ssl_fd(), &vrange);
+  EXPECT_EQ(SECFailure, rv);
+
+  rv = SSL_VersionRangeSet(server_->ssl_fd(), &vrange);
+  EXPECT_EQ(SECFailure, rv);
+}
+
+TEST_P(TlsConnectStream, ConnectTls10AndServerRenegotiateHigher) {
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+  // Set the client so it will accept any version from 1.0
+  // to |version_|.
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  // Reset version so that the checks succeed.
+  uint16_t test_version = version_;
+  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
+  Connect();
+
+  // Now renegotiate, with the server being set to do
+  // |version_|.
+  client_->PrepareForRenegotiate();
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
+  // Reset version and cipher suite so that the preinfo callback
+  // doesn't fail.
+  server_->ResetPreliminaryInfo();
+  server_->StartRenegotiate();
+  Handshake();
+  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // In TLS 1.3, the server detects this problem.
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  }
+}
+
+TEST_P(TlsConnectStream, ConnectTls10AndClientRenegotiateHigher) {
+  if (version_ == SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+  // Set the client so it will accept any version from 1.0
+  // to |version_|.
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, version_);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0,
+                           SSL_LIBRARY_VERSION_TLS_1_0);
+  // Reset version so that the checks succeed.
+  uint16_t test_version = version_;
+  version_ = SSL_LIBRARY_VERSION_TLS_1_0;
+  Connect();
+
+  // Now renegotiate, with the server being set to do
+  // |version_|.
+  server_->PrepareForRenegotiate();
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_0, test_version);
+  // Reset version and cipher suite so that the preinfo callback
+  // doesn't fail.
+  server_->ResetPreliminaryInfo();
+  client_->StartRenegotiate();
+  Handshake();
+  if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    // In TLS 1.3, the server detects this problem.
+    client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+  } else {
+    client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
+    server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+  }
+}
+
+TEST_F(TlsConnectTest, Tls13RejectsRehandshakeClient) {
+  EnsureTlsSetup();
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SECStatus rv = SSL_ReHandshake(client_->ssl_fd(), PR_TRUE);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
+}
+
+TEST_F(TlsConnectTest, Tls13RejectsRehandshakeServer) {
+  EnsureTlsSetup();
+  ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+  Connect();
+  SECStatus rv = SSL_ReHandshake(server_->ssl_fd(), PR_TRUE);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, PORT_GetError());
+}
+
+TEST_P(TlsConnectGeneric, AlertBeforeServerHello) {
+  EnsureTlsSetup();
+  client_->SetExpectedAlertReceivedCount(1);
+  client_->StartConnect();
+  server_->StartConnect();
+  client_->Handshake();  // Send ClientHello.
+  static const uint8_t kWarningAlert[] = {kTlsAlertWarning,
+                                          kTlsAlertUnrecognizedName};
+  DataBuffer alert;
+  TlsAgentTestBase::MakeRecord(mode_, kTlsAlertType,
+                               SSL_LIBRARY_VERSION_TLS_1_0, kWarningAlert,
+                               PR_ARRAY_SIZE(kWarningAlert), &alert);
+  client_->adapter()->PacketReceived(alert);
+  Handshake();
+  CheckConnected();
+}
+
+class Tls13NoSupportedVersions : public TlsConnectStreamTls12 {
+ protected:
+  void Run(uint16_t overwritten_client_version, uint16_t max_server_version) {
+    client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
+                             SSL_LIBRARY_VERSION_TLS_1_2);
+    server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2, max_server_version);
+    client_->SetPacketFilter(
+        std::make_shared<TlsInspectorClientHelloVersionSetter>(
+            overwritten_client_version));
+    auto capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+        kTlsHandshakeServerHello);
+    server_->SetPacketFilter(capture);
+    ConnectExpectFail();
+    client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+    server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+    const DataBuffer& server_hello = capture->buffer();
+    ASSERT_GT(server_hello.len(), 2U);
+    uint32_t ver;
+    ASSERT_TRUE(server_hello.Read(0, 2, &ver));
+    ASSERT_EQ(static_cast<uint32_t>(SSL_LIBRARY_VERSION_TLS_1_2), ver);
+  }
+};
+
+// If we offer a 1.3 ClientHello w/o supported_versions, the server should
+// negotiate 1.2.
+TEST_F(Tls13NoSupportedVersions,
+       Tls13ClientHelloWithoutSupportedVersionsServer12) {
+  Run(SSL_LIBRARY_VERSION_TLS_1_3, SSL_LIBRARY_VERSION_TLS_1_2);
+}
+
+TEST_F(Tls13NoSupportedVersions,
+       Tls13ClientHelloWithoutSupportedVersionsServer13) {
+  Run(SSL_LIBRARY_VERSION_TLS_1_3, SSL_LIBRARY_VERSION_TLS_1_3);
+}
+
+TEST_F(Tls13NoSupportedVersions,
+       Tls14ClientHelloWithoutSupportedVersionsServer13) {
+  Run(SSL_LIBRARY_VERSION_TLS_1_3 + 1, SSL_LIBRARY_VERSION_TLS_1_3);
+}
+
+// Offer 1.3 but with ClientHello.legacy_version == TLS 1.4. This
+// causes a bad MAC error when we read EncryptedExtensions.
+TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) {
+  client_->SetPacketFilter(
+      std::make_shared<TlsInspectorClientHelloVersionSetter>(
+          SSL_LIBRARY_VERSION_TLS_1_3 + 1));
+  auto capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeServerHello);
+  server_->SetPacketFilter(capture);
+  ConnectExpectFail();
+  client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  const DataBuffer& server_hello = capture->buffer();
+  ASSERT_GT(server_hello.len(), 2U);
+  uint32_t ver;
+  ASSERT_TRUE(server_hello.Read(0, 2, &ver));
+  // This way we don't need to change with new draft version.
+  ASSERT_LT(static_cast<uint32_t>(SSL_LIBRARY_VERSION_TLS_1_2), ver);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/test_io.cc b/nss/gtests/ssl_gtest/test_io.cc
new file mode 100644
index 0000000..42470a1
--- /dev/null
+++ b/nss/gtests/ssl_gtest/test_io.cc
@@ -0,0 +1,251 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "test_io.h"
+
+#include <algorithm>
+#include <cassert>
+#include <iostream>
+#include <memory>
+
+#include "prerror.h"
+#include "prlog.h"
+#include "prthread.h"
+
+extern bool g_ssl_gtest_verbose;
+
+namespace nss_test {
+
+#define LOG(a) std::cerr << name_ << ": " << a << std::endl
+#define LOGV(a)                      \
+  do {                               \
+    if (g_ssl_gtest_verbose) LOG(a); \
+  } while (false)
+
+void DummyPrSocket::SetPacketFilter(std::shared_ptr<PacketFilter> filter) {
+  filter_ = filter;
+}
+
+ScopedPRFileDesc DummyPrSocket::CreateFD() {
+  static PRDescIdentity test_fd_identity =
+      PR_GetUniqueIdentity("testtransportadapter");
+  return DummyIOLayerMethods::CreateFD(test_fd_identity, this);
+}
+
+void DummyPrSocket::PacketReceived(const DataBuffer &packet) {
+  input_.push(Packet(packet));
+}
+
+int32_t DummyPrSocket::Read(PRFileDesc *f, void *data, int32_t len) {
+  PR_ASSERT(mode_ == STREAM);
+
+  if (mode_ != STREAM) {
+    PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+    return -1;
+  }
+
+  if (input_.empty()) {
+    LOGV("Read --> wouldblock " << len);
+    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+    return -1;
+  }
+
+  auto &front = input_.front();
+  size_t to_read =
+      std::min(static_cast<size_t>(len), front.len() - front.offset());
+  memcpy(data, static_cast<const void *>(front.data() + front.offset()),
+         to_read);
+  front.Advance(to_read);
+
+  if (!front.remaining()) {
+    input_.pop();
+  }
+
+  return static_cast<int32_t>(to_read);
+}
+
+int32_t DummyPrSocket::Recv(PRFileDesc *f, void *buf, int32_t buflen,
+                            int32_t flags, PRIntervalTime to) {
+  PR_ASSERT(flags == 0);
+  if (flags != 0) {
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return -1;
+  }
+
+  if (mode() != DGRAM) {
+    return Read(f, buf, buflen);
+  }
+
+  if (input_.empty()) {
+    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+    return -1;
+  }
+
+  auto &front = input_.front();
+  if (static_cast<size_t>(buflen) < front.len()) {
+    PR_ASSERT(false);
+    PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+    return -1;
+  }
+
+  size_t count = front.len();
+  memcpy(buf, front.data(), count);
+
+  input_.pop();
+  return static_cast<int32_t>(count);
+}
+
+int32_t DummyPrSocket::Write(PRFileDesc *f, const void *buf, int32_t length) {
+  auto peer = peer_.lock();
+  if (!peer || !writeable_) {
+    PR_SetError(PR_IO_ERROR, 0);
+    return -1;
+  }
+
+  DataBuffer packet(static_cast<const uint8_t *>(buf),
+                    static_cast<size_t>(length));
+  DataBuffer filtered;
+  PacketFilter::Action action = PacketFilter::KEEP;
+  if (filter_) {
+    action = filter_->Filter(packet, &filtered);
+  }
+  switch (action) {
+    case PacketFilter::CHANGE:
+      LOG("Original packet: " << packet);
+      LOG("Filtered packet: " << filtered);
+      peer->PacketReceived(filtered);
+      break;
+    case PacketFilter::DROP:
+      LOG("Droppped packet: " << packet);
+      break;
+    case PacketFilter::KEEP:
+      LOGV("Packet: " << packet);
+      peer->PacketReceived(packet);
+      break;
+  }
+  // libssl can't handle it if this reports something other than the length
+  // of what was passed in (or less, but we're not doing partial writes).
+  return static_cast<int32_t>(packet.len());
+}
+
+Poller *Poller::instance;
+
+Poller *Poller::Instance() {
+  if (!instance) instance = new Poller();
+
+  return instance;
+}
+
+void Poller::Shutdown() {
+  delete instance;
+  instance = nullptr;
+}
+
+void Poller::Wait(Event event, std::shared_ptr<DummyPrSocket> &adapter,
+                  PollTarget *target, PollCallback cb) {
+  assert(event < TIMER_EVENT);
+  if (event >= TIMER_EVENT) return;
+
+  std::unique_ptr<Waiter> waiter;
+  auto it = waiters_.find(adapter);
+  if (it == waiters_.end()) {
+    waiter.reset(new Waiter(adapter));
+  } else {
+    waiter = std::move(it->second);
+  }
+
+  waiter->targets_[event] = target;
+  waiter->callbacks_[event] = cb;
+  waiters_[adapter] = std::move(waiter);
+}
+
+void Poller::Cancel(Event event, std::shared_ptr<DummyPrSocket> &adapter) {
+  auto it = waiters_.find(adapter);
+  if (it == waiters_.end()) {
+    return;
+  }
+
+  auto &waiter = it->second;
+  waiter->targets_[event] = nullptr;
+  waiter->callbacks_[event] = nullptr;
+
+  // Clean up if there are no callbacks.
+  for (size_t i = 0; i < TIMER_EVENT; ++i) {
+    if (waiter->callbacks_[i]) return;
+  }
+
+  waiters_.erase(adapter);
+}
+
+void Poller::SetTimer(uint32_t timer_ms, PollTarget *target, PollCallback cb,
+                      std::shared_ptr<Timer> *timer) {
+  auto t = std::make_shared<Timer>(PR_Now() + timer_ms * 1000, target, cb);
+  timers_.push(t);
+  if (timer) *timer = t;
+}
+
+bool Poller::Poll() {
+  if (g_ssl_gtest_verbose) {
+    std::cerr << "Poll() waiters = " << waiters_.size()
+              << " timers = " << timers_.size() << std::endl;
+  }
+  PRIntervalTime timeout = PR_INTERVAL_NO_TIMEOUT;
+  PRTime now = PR_Now();
+  bool fired = false;
+
+  // Figure out the timer for the select.
+  if (!timers_.empty()) {
+    auto first_timer = timers_.top();
+    if (now >= first_timer->deadline_) {
+      // Timer expired.
+      timeout = PR_INTERVAL_NO_WAIT;
+    } else {
+      timeout =
+          PR_MillisecondsToInterval((first_timer->deadline_ - now) / 1000);
+    }
+  }
+
+  for (auto it = waiters_.begin(); it != waiters_.end(); ++it) {
+    auto &waiter = it->second;
+
+    if (waiter->callbacks_[READABLE_EVENT]) {
+      if (waiter->io_->readable()) {
+        PollCallback callback = waiter->callbacks_[READABLE_EVENT];
+        PollTarget *target = waiter->targets_[READABLE_EVENT];
+        waiter->callbacks_[READABLE_EVENT] = nullptr;
+        waiter->targets_[READABLE_EVENT] = nullptr;
+        callback(target, READABLE_EVENT);
+        fired = true;
+      }
+    }
+  }
+
+  if (fired) timeout = PR_INTERVAL_NO_WAIT;
+
+  // Can't wait forever and also have nothing readable now.
+  if (timeout == PR_INTERVAL_NO_TIMEOUT) return false;
+
+  // Sleep.
+  if (timeout != PR_INTERVAL_NO_WAIT) {
+    PR_Sleep(timeout);
+  }
+
+  // Now process anything that timed out.
+  now = PR_Now();
+  while (!timers_.empty()) {
+    if (now < timers_.top()->deadline_) break;
+
+    auto timer = timers_.top();
+    timers_.pop();
+    if (timer->callback_) {
+      timer->callback_(timer->target_, TIMER_EVENT);
+    }
+  }
+
+  return true;
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/test_io.h b/nss/gtests/ssl_gtest/test_io.h
new file mode 100644
index 0000000..3cd7571
--- /dev/null
+++ b/nss/gtests/ssl_gtest/test_io.h
@@ -0,0 +1,174 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef test_io_h_
+#define test_io_h_
+
+#include <string.h>
+#include <map>
+#include <memory>
+#include <ostream>
+#include <queue>
+#include <string>
+
+#include "databuffer.h"
+#include "dummy_io.h"
+#include "prio.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+class DataBuffer;
+class DummyPrSocket;  // Fwd decl.
+
+// Allow us to inspect a packet before it is written.
+class PacketFilter {
+ public:
+  enum Action {
+    KEEP,    // keep the original packet unmodified
+    CHANGE,  // change the packet to a different value
+    DROP     // drop the packet
+  };
+
+  virtual ~PacketFilter() {}
+
+  // The packet filter takes input and has the option of mutating it.
+  //
+  // A filter that modifies the data places the modified data in *output and
+  // returns CHANGE.  A filter that does not modify data returns LEAVE, in which
+  // case the value in *output is ignored.  A Filter can return DROP, in which
+  // case the packet is dropped (and *output is ignored).
+  virtual Action Filter(const DataBuffer& input, DataBuffer* output) = 0;
+};
+
+enum Mode { STREAM, DGRAM };
+
+inline std::ostream& operator<<(std::ostream& os, Mode m) {
+  return os << ((m == STREAM) ? "TLS" : "DTLS");
+}
+
+class DummyPrSocket : public DummyIOLayerMethods {
+ public:
+  DummyPrSocket(const std::string& name, Mode mode)
+      : name_(name),
+        mode_(mode),
+        peer_(),
+        input_(),
+        filter_(nullptr),
+        writeable_(true) {}
+  virtual ~DummyPrSocket() {}
+
+  // Create a file descriptor that will reference this object.  The fd must not
+  // live longer than this adapter; call PR_Close() before.
+  ScopedPRFileDesc CreateFD();
+
+  std::weak_ptr<DummyPrSocket>& peer() { return peer_; }
+  void SetPeer(const std::shared_ptr<DummyPrSocket>& peer) { peer_ = peer; }
+  void SetPacketFilter(std::shared_ptr<PacketFilter> filter);
+  // Drops peer, packet filter and any outstanding packets.
+  void Reset();
+
+  void PacketReceived(const DataBuffer& data);
+  int32_t Read(PRFileDesc* f, void* data, int32_t len) override;
+  int32_t Recv(PRFileDesc* f, void* buf, int32_t buflen, int32_t flags,
+               PRIntervalTime to) override;
+  int32_t Write(PRFileDesc* f, const void* buf, int32_t length) override;
+  void CloseWrites() { writeable_ = false; }
+
+  Mode mode() const { return mode_; }
+  bool readable() const { return !input_.empty(); }
+
+ private:
+  class Packet : public DataBuffer {
+   public:
+    Packet(const DataBuffer& buf) : DataBuffer(buf), offset_(0) {}
+
+    void Advance(size_t delta) {
+      PR_ASSERT(offset_ + delta <= len());
+      offset_ = std::min(len(), offset_ + delta);
+    }
+
+    size_t offset() const { return offset_; }
+    size_t remaining() const { return len() - offset_; }
+
+   private:
+    size_t offset_;
+  };
+
+  const std::string name_;
+  Mode mode_;
+  std::weak_ptr<DummyPrSocket> peer_;
+  std::queue<Packet> input_;
+  std::shared_ptr<PacketFilter> filter_;
+  bool writeable_;
+};
+
+// Marker interface.
+class PollTarget {};
+
+enum Event { READABLE_EVENT, TIMER_EVENT /* Must be last */ };
+
+typedef void (*PollCallback)(PollTarget*, Event);
+
+class Poller {
+ public:
+  static Poller* Instance();  // Get a singleton.
+  static void Shutdown();     // Shut it down.
+
+  class Timer {
+   public:
+    Timer(PRTime deadline, PollTarget* target, PollCallback callback)
+        : deadline_(deadline), target_(target), callback_(callback) {}
+    void Cancel() { callback_ = nullptr; }
+
+    PRTime deadline_;
+    PollTarget* target_;
+    PollCallback callback_;
+  };
+
+  void Wait(Event event, std::shared_ptr<DummyPrSocket>& adapter,
+            PollTarget* target, PollCallback cb);
+  void Cancel(Event event, std::shared_ptr<DummyPrSocket>& adapter);
+  void SetTimer(uint32_t timer_ms, PollTarget* target, PollCallback cb,
+                std::shared_ptr<Timer>* handle);
+  bool Poll();
+
+ private:
+  Poller() : waiters_(), timers_() {}
+  ~Poller() {}
+
+  class Waiter {
+   public:
+    Waiter(std::shared_ptr<DummyPrSocket> io) : io_(io) {
+      memset(&targets_[0], 0, sizeof(targets_));
+      memset(&callbacks_[0], 0, sizeof(callbacks_));
+    }
+
+    void WaitFor(Event event, PollCallback callback);
+
+    std::shared_ptr<DummyPrSocket> io_;
+    PollTarget* targets_[TIMER_EVENT];
+    PollCallback callbacks_[TIMER_EVENT];
+  };
+
+  class TimerComparator {
+   public:
+    bool operator()(const std::shared_ptr<Timer> lhs,
+                    const std::shared_ptr<Timer> rhs) {
+      return lhs->deadline_ > rhs->deadline_;
+    }
+  };
+
+  static Poller* instance;
+  std::map<std::shared_ptr<DummyPrSocket>, std::unique_ptr<Waiter>> waiters_;
+  std::priority_queue<std::shared_ptr<Timer>,
+                      std::vector<std::shared_ptr<Timer>>, TimerComparator>
+      timers_;
+};
+
+}  // end of namespace
+
+#endif
diff --git a/nss/gtests/ssl_gtest/tls_agent.cc b/nss/gtests/ssl_gtest/tls_agent.cc
new file mode 100644
index 0000000..9c52822
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_agent.cc
@@ -0,0 +1,1027 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_agent.h"
+#include "databuffer.h"
+#include "keyhi.h"
+#include "pk11func.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+#include "tls_parser.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+
+extern std::string g_working_dir_path;
+
+namespace nss_test {
+
+const char* TlsAgent::states[] = {"INIT", "CONNECTING", "CONNECTED", "ERROR"};
+
+const std::string TlsAgent::kClient = "client";    // both sign and encrypt
+const std::string TlsAgent::kRsa2048 = "rsa2048";  // bigger
+const std::string TlsAgent::kServerRsa = "rsa";    // both sign and encrypt
+const std::string TlsAgent::kServerRsaSign = "rsa_sign";
+const std::string TlsAgent::kServerRsaPss = "rsa_pss";
+const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt";
+const std::string TlsAgent::kServerRsaChain = "rsa_chain";
+const std::string TlsAgent::kServerEcdsa256 = "ecdsa256";
+const std::string TlsAgent::kServerEcdsa384 = "ecdsa384";
+const std::string TlsAgent::kServerEcdsa521 = "ecdsa521";
+const std::string TlsAgent::kServerEcdhRsa = "ecdh_rsa";
+const std::string TlsAgent::kServerEcdhEcdsa = "ecdh_ecdsa";
+const std::string TlsAgent::kServerDsa = "dsa";
+
+TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode)
+    : name_(name),
+      mode_(mode),
+      role_(role),
+      server_key_bits_(0),
+      adapter_(new DummyPrSocket(role_str(), mode)),
+      ssl_fd_(nullptr),
+      state_(STATE_INIT),
+      timer_handle_(nullptr),
+      falsestart_enabled_(false),
+      expected_version_(0),
+      expected_cipher_suite_(0),
+      expect_resumption_(false),
+      expect_client_auth_(false),
+      can_falsestart_hook_called_(false),
+      sni_hook_called_(false),
+      auth_certificate_hook_called_(false),
+      alert_received_count_(0),
+      expected_alert_received_count_(0),
+      last_alert_received_({0, 0}),
+      alert_sent_count_(0),
+      expected_alert_sent_count_(0),
+      last_alert_sent_({0, 0}),
+      handshake_callback_called_(false),
+      error_code_(0),
+      send_ctr_(0),
+      recv_ctr_(0),
+      expect_readwrite_error_(false),
+      handshake_callback_(),
+      auth_certificate_callback_(),
+      sni_callback_(),
+      expect_short_headers_(false) {
+  memset(&info_, 0, sizeof(info_));
+  memset(&csinfo_, 0, sizeof(csinfo_));
+  SECStatus rv = SSL_VersionRangeGetDefault(
+      mode_ == STREAM ? ssl_variant_stream : ssl_variant_datagram, &vrange_);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+TlsAgent::~TlsAgent() {
+  if (timer_handle_) {
+    timer_handle_->Cancel();
+  }
+
+  if (adapter_) {
+    Poller::Instance()->Cancel(READABLE_EVENT, adapter_);
+  }
+}
+
+void TlsAgent::SetState(State state) {
+  if (state_ == state) return;
+
+  LOG("Changing state from " << state_ << " to " << state);
+  state_ = state;
+}
+
+/*static*/ bool TlsAgent::LoadCertificate(const std::string& name,
+                                          ScopedCERTCertificate* cert,
+                                          ScopedSECKEYPrivateKey* priv) {
+  cert->reset(PK11_FindCertFromNickname(name.c_str(), nullptr));
+  EXPECT_NE(nullptr, cert->get());
+  if (!cert->get()) return false;
+
+  priv->reset(PK11_FindKeyByAnyCert(cert->get(), nullptr));
+  EXPECT_NE(nullptr, priv->get());
+  if (!priv->get()) return false;
+
+  return true;
+}
+
+bool TlsAgent::ConfigServerCert(const std::string& name, bool updateKeyBits,
+                                const SSLExtraServerCertData* serverCertData) {
+  ScopedCERTCertificate cert;
+  ScopedSECKEYPrivateKey priv;
+  if (!TlsAgent::LoadCertificate(name, &cert, &priv)) {
+    return false;
+  }
+
+  if (updateKeyBits) {
+    ScopedSECKEYPublicKey pub(CERT_ExtractPublicKey(cert.get()));
+    EXPECT_NE(nullptr, pub.get());
+    if (!pub.get()) return false;
+    server_key_bits_ = SECKEY_PublicKeyStrengthInBits(pub.get());
+  }
+
+  SECStatus rv =
+      SSL_ConfigSecureServer(ssl_fd(), nullptr, nullptr, ssl_kea_null);
+  EXPECT_EQ(SECFailure, rv);
+  rv = SSL_ConfigServerCert(ssl_fd(), cert.get(), priv.get(), serverCertData,
+                            serverCertData ? sizeof(*serverCertData) : 0);
+  return rv == SECSuccess;
+}
+
+bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
+  // Don't set up twice
+  if (ssl_fd_) return true;
+
+  ScopedPRFileDesc dummy_fd(adapter_->CreateFD());
+  EXPECT_NE(nullptr, dummy_fd);
+  if (!dummy_fd) {
+    return false;
+  }
+  if (adapter_->mode() == STREAM) {
+    ssl_fd_.reset(SSL_ImportFD(modelSocket, dummy_fd.get()));
+  } else {
+    ssl_fd_.reset(DTLS_ImportFD(modelSocket, dummy_fd.get()));
+  }
+
+  EXPECT_NE(nullptr, ssl_fd_);
+  if (!ssl_fd_) {
+    return false;
+  }
+  dummy_fd.release();  // Now subsumed by ssl_fd_.
+
+  SECStatus rv = SSL_VersionRangeSet(ssl_fd(), &vrange_);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  if (role_ == SERVER) {
+    EXPECT_TRUE(ConfigServerCert(name_, true));
+
+    rv = SSL_SNISocketConfigHook(ssl_fd(), SniHook, this);
+    EXPECT_EQ(SECSuccess, rv);
+    if (rv != SECSuccess) return false;
+
+    ScopedCERTCertList anchors(CERT_NewCertList());
+    rv = SSL_SetTrustAnchors(ssl_fd(), anchors.get());
+    if (rv != SECSuccess) return false;
+  } else {
+    rv = SSL_SetURL(ssl_fd(), "server");
+    EXPECT_EQ(SECSuccess, rv);
+    if (rv != SECSuccess) return false;
+  }
+
+  rv = SSL_AuthCertificateHook(ssl_fd(), AuthCertificateHook, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  rv = SSL_AlertReceivedCallback(ssl_fd(), AlertReceivedCallback, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  rv = SSL_AlertSentCallback(ssl_fd(), AlertSentCallback, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  rv = SSL_HandshakeCallback(ssl_fd(), HandshakeCallback, this);
+  EXPECT_EQ(SECSuccess, rv);
+  if (rv != SECSuccess) return false;
+
+  return true;
+}
+
+void TlsAgent::SetupClientAuth() {
+  EXPECT_TRUE(EnsureTlsSetup());
+  ASSERT_EQ(CLIENT, role_);
+
+  EXPECT_EQ(SECSuccess,
+            SSL_GetClientAuthDataHook(ssl_fd(), GetClientAuthDataHook,
+                                      reinterpret_cast<void*>(this)));
+}
+
+SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                          CERTDistNames* caNames,
+                                          CERTCertificate** clientCert,
+                                          SECKEYPrivateKey** clientKey) {
+  TlsAgent* agent = reinterpret_cast<TlsAgent*>(self);
+  ScopedCERTCertificate peerCert(SSL_PeerCertificate(agent->ssl_fd()));
+  EXPECT_TRUE(peerCert) << "Client should be able to see the server cert";
+
+  ScopedCERTCertificate cert;
+  ScopedSECKEYPrivateKey priv;
+  if (!TlsAgent::LoadCertificate(agent->name(), &cert, &priv)) {
+    return SECFailure;
+  }
+
+  *clientCert = cert.release();
+  *clientKey = priv.release();
+  return SECSuccess;
+}
+
+bool TlsAgent::GetPeerChainLength(size_t* count) {
+  CERTCertList* chain = SSL_PeerCertificateChain(ssl_fd());
+  if (!chain) return false;
+  *count = 0;
+
+  for (PRCList* cursor = PR_NEXT_LINK(&chain->list); cursor != &chain->list;
+       cursor = PR_NEXT_LINK(cursor)) {
+    CERTCertListNode* node = (CERTCertListNode*)cursor;
+    std::cerr << node->cert->subjectName << std::endl;
+    ++(*count);
+  }
+
+  CERT_DestroyCertList(chain);
+
+  return true;
+}
+
+void TlsAgent::RequestClientAuth(bool requireAuth) {
+  EXPECT_TRUE(EnsureTlsSetup());
+  ASSERT_EQ(SERVER, role_);
+
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(ssl_fd(), SSL_REQUEST_CERTIFICATE, PR_TRUE));
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(ssl_fd(), SSL_REQUIRE_CERTIFICATE,
+                                      requireAuth ? PR_TRUE : PR_FALSE));
+
+  EXPECT_EQ(SECSuccess, SSL_AuthCertificateHook(
+                            ssl_fd(), &TlsAgent::ClientAuthenticated, this));
+  expect_client_auth_ = true;
+}
+
+void TlsAgent::StartConnect(PRFileDesc* model) {
+  EXPECT_TRUE(EnsureTlsSetup(model));
+
+  SECStatus rv;
+  rv = SSL_ResetHandshake(ssl_fd(), role_ == SERVER ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+  SetState(STATE_CONNECTING);
+}
+
+void TlsAgent::DisableAllCiphers() {
+  for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    SECStatus rv =
+        SSL_CipherPrefSet(ssl_fd(), SSL_ImplementedCiphers[i], PR_FALSE);
+    EXPECT_EQ(SECSuccess, rv);
+  }
+}
+
+// Not actually all groups, just the onece that we are actually willing
+// to use.
+const std::vector<SSLNamedGroup> kAllDHEGroups = {
+    ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+    ssl_grp_ec_secp521r1,  ssl_grp_ffdhe_2048,   ssl_grp_ffdhe_3072,
+    ssl_grp_ffdhe_4096,    ssl_grp_ffdhe_6144,   ssl_grp_ffdhe_8192};
+
+const std::vector<SSLNamedGroup> kECDHEGroups = {
+    ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+    ssl_grp_ec_secp521r1};
+
+const std::vector<SSLNamedGroup> kFFDHEGroups = {
+    ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072, ssl_grp_ffdhe_4096,
+    ssl_grp_ffdhe_6144, ssl_grp_ffdhe_8192};
+
+// Defined because the big DHE groups are ridiculously slow.
+const std::vector<SSLNamedGroup> kFasterDHEGroups = {
+    ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+    ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072};
+
+void TlsAgent::EnableCiphersByKeyExchange(SSLKEAType kea) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    SSLCipherSuiteInfo csinfo;
+
+    SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                          sizeof(csinfo));
+    ASSERT_EQ(SECSuccess, rv);
+    EXPECT_EQ(sizeof(csinfo), csinfo.length);
+
+    if ((csinfo.keaType == kea) || (csinfo.keaType == ssl_kea_tls13_any)) {
+      rv = SSL_CipherPrefSet(ssl_fd(), SSL_ImplementedCiphers[i], PR_TRUE);
+      EXPECT_EQ(SECSuccess, rv);
+    }
+  }
+}
+
+void TlsAgent::EnableGroupsByKeyExchange(SSLKEAType kea) {
+  switch (kea) {
+    case ssl_kea_dh:
+      ConfigNamedGroups(kFFDHEGroups);
+      break;
+    case ssl_kea_ecdh:
+      ConfigNamedGroups(kECDHEGroups);
+      break;
+    default:
+      break;
+  }
+}
+
+void TlsAgent::EnableGroupsByAuthType(SSLAuthType authType) {
+  if (authType == ssl_auth_ecdh_rsa || authType == ssl_auth_ecdh_ecdsa ||
+      authType == ssl_auth_ecdsa || authType == ssl_auth_tls13_any) {
+    ConfigNamedGroups(kECDHEGroups);
+  }
+}
+
+void TlsAgent::EnableCiphersByAuthType(SSLAuthType authType) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    SSLCipherSuiteInfo csinfo;
+
+    SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo,
+                                          sizeof(csinfo));
+    ASSERT_EQ(SECSuccess, rv);
+
+    if ((csinfo.authType == authType) ||
+        (csinfo.keaType == ssl_kea_tls13_any)) {
+      rv = SSL_CipherPrefSet(ssl_fd(), SSL_ImplementedCiphers[i], PR_TRUE);
+      EXPECT_EQ(SECSuccess, rv);
+    }
+  }
+}
+
+void TlsAgent::EnableSingleCipher(uint16_t cipher) {
+  DisableAllCiphers();
+  SECStatus rv = SSL_CipherPrefSet(ssl_fd(), cipher, PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups) {
+  EXPECT_TRUE(EnsureTlsSetup());
+  SECStatus rv = SSL_NamedGroupConfig(ssl_fd(), &groups[0], groups.size());
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetSessionTicketsEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_SESSION_TICKETS,
+                               en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetSessionCacheEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_NO_CACHE, en ? PR_FALSE : PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::Set0RttEnabled(bool en) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv =
+      SSL_OptionSet(ssl_fd(), SSL_ENABLE_0RTT_DATA, en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetFallbackSCSVEnabled(bool en) {
+  EXPECT_TRUE(role_ == CLIENT && EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_FALLBACK_SCSV,
+                               en ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetShortHeadersEnabled() {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSLInt_EnableShortHeaders(ssl_fd());
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetVersionRange(uint16_t minver, uint16_t maxver) {
+  vrange_.min = minver;
+  vrange_.max = maxver;
+
+  if (ssl_fd()) {
+    SECStatus rv = SSL_VersionRangeSet(ssl_fd(), &vrange_);
+    EXPECT_EQ(SECSuccess, rv);
+  }
+}
+
+void TlsAgent::GetVersionRange(uint16_t* minver, uint16_t* maxver) {
+  *minver = vrange_.min;
+  *maxver = vrange_.max;
+}
+
+void TlsAgent::SetExpectedVersion(uint16_t version) {
+  expected_version_ = version;
+}
+
+void TlsAgent::SetServerKeyBits(uint16_t bits) { server_key_bits_ = bits; }
+
+void TlsAgent::ExpectReadWriteError() { expect_readwrite_error_ = true; }
+
+void TlsAgent::ExpectShortHeaders() { expect_short_headers_ = true; }
+
+void TlsAgent::SetSignatureSchemes(const SSLSignatureScheme* schemes,
+                                   size_t count) {
+  EXPECT_TRUE(EnsureTlsSetup());
+  EXPECT_LE(count, SSL_SignatureMaxCount());
+  EXPECT_EQ(SECSuccess,
+            SSL_SignatureSchemePrefSet(ssl_fd(), schemes,
+                                       static_cast<unsigned int>(count)));
+  EXPECT_EQ(SECFailure, SSL_SignatureSchemePrefSet(ssl_fd(), schemes, 0))
+      << "setting no schemes should fail and do nothing";
+
+  std::vector<SSLSignatureScheme> configuredSchemes(count);
+  unsigned int configuredCount;
+  EXPECT_EQ(SECFailure,
+            SSL_SignatureSchemePrefGet(ssl_fd(), nullptr, &configuredCount, 1))
+      << "get schemes, schemes is nullptr";
+  EXPECT_EQ(SECFailure,
+            SSL_SignatureSchemePrefGet(ssl_fd(), &configuredSchemes[0],
+                                       &configuredCount, 0))
+      << "get schemes, too little space";
+  EXPECT_EQ(SECFailure,
+            SSL_SignatureSchemePrefGet(ssl_fd(), &configuredSchemes[0], nullptr,
+                                       configuredSchemes.size()))
+      << "get schemes, countOut is nullptr";
+
+  EXPECT_EQ(SECSuccess, SSL_SignatureSchemePrefGet(
+                            ssl_fd(), &configuredSchemes[0], &configuredCount,
+                            configuredSchemes.size()));
+  // SignatureSchemePrefSet drops unsupported algorithms silently, so the
+  // number that are configured might be fewer.
+  EXPECT_LE(configuredCount, count);
+  unsigned int i = 0;
+  for (unsigned int j = 0; j < count && i < configuredCount; ++j) {
+    if (i < configuredCount && schemes[j] == configuredSchemes[i]) {
+      ++i;
+    }
+  }
+  EXPECT_EQ(i, configuredCount) << "schemes in use were all set";
+}
+
+void TlsAgent::CheckKEA(SSLKEAType kea_type, SSLNamedGroup kea_group,
+                        size_t kea_size) const {
+  EXPECT_EQ(STATE_CONNECTED, state_);
+  EXPECT_EQ(kea_type, info_.keaType);
+  if (kea_size == 0) {
+    switch (kea_group) {
+      case ssl_grp_ec_curve25519:
+        kea_size = 255;
+        break;
+      case ssl_grp_ec_secp256r1:
+        kea_size = 256;
+        break;
+      case ssl_grp_ec_secp384r1:
+        kea_size = 384;
+        break;
+      case ssl_grp_ffdhe_2048:
+        kea_size = 2048;
+        break;
+      case ssl_grp_ffdhe_3072:
+        kea_size = 3072;
+        break;
+      case ssl_grp_ffdhe_custom:
+        break;
+      default:
+        if (kea_type == ssl_kea_rsa) {
+          kea_size = server_key_bits_;
+        } else {
+          EXPECT_TRUE(false) << "need to update group sizes";
+        }
+    }
+  }
+  if (kea_group != ssl_grp_ffdhe_custom) {
+    EXPECT_EQ(kea_size, info_.keaKeyBits);
+    EXPECT_EQ(kea_group, info_.keaGroup);
+  }
+}
+
+void TlsAgent::CheckAuthType(SSLAuthType auth_type,
+                             SSLSignatureScheme sig_scheme) const {
+  EXPECT_EQ(STATE_CONNECTED, state_);
+  EXPECT_EQ(auth_type, info_.authType);
+  EXPECT_EQ(server_key_bits_, info_.authKeyBits);
+  if (expected_version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
+    switch (auth_type) {
+      case ssl_auth_rsa_sign:
+        sig_scheme = ssl_sig_rsa_pkcs1_sha1md5;
+        break;
+      case ssl_auth_ecdsa:
+        sig_scheme = ssl_sig_ecdsa_sha1;
+        break;
+      default:
+        break;
+    }
+  }
+  EXPECT_EQ(sig_scheme, info_.signatureScheme);
+
+  if (info_.protocolVersion >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    return;
+  }
+
+  // Check authAlgorithm, which is the old value for authType.  This is a second
+  // switch
+  // statement because default label is different.
+  switch (auth_type) {
+    case ssl_auth_rsa_sign:
+      EXPECT_EQ(ssl_auth_rsa_decrypt, csinfo_.authAlgorithm)
+          << "authAlgorithm for RSA is always decrypt";
+      break;
+    case ssl_auth_ecdh_rsa:
+      EXPECT_EQ(ssl_auth_rsa_decrypt, csinfo_.authAlgorithm)
+          << "authAlgorithm for ECDH_RSA is RSA decrypt (i.e., wrong)";
+      break;
+    case ssl_auth_ecdh_ecdsa:
+      EXPECT_EQ(ssl_auth_ecdsa, csinfo_.authAlgorithm)
+          << "authAlgorithm for ECDH_ECDSA is ECDSA (i.e., wrong)";
+      break;
+    default:
+      EXPECT_EQ(auth_type, csinfo_.authAlgorithm)
+          << "authAlgorithm is (usually) the same as authType";
+      break;
+  }
+}
+
+void TlsAgent::EnableFalseStart() {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  falsestart_enabled_ = true;
+  EXPECT_EQ(SECSuccess, SSL_SetCanFalseStartCallback(
+                            ssl_fd(), CanFalseStartCallback, this));
+  EXPECT_EQ(SECSuccess,
+            SSL_OptionSet(ssl_fd(), SSL_ENABLE_FALSE_START, PR_TRUE));
+}
+
+void TlsAgent::ExpectResumption() { expect_resumption_ = true; }
+
+void TlsAgent::EnableAlpn(const uint8_t* val, size_t len) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  EXPECT_EQ(SECSuccess, SSL_OptionSet(ssl_fd(), SSL_ENABLE_ALPN, PR_TRUE));
+  EXPECT_EQ(SECSuccess, SSL_SetNextProtoNego(ssl_fd(), val, len));
+}
+
+void TlsAgent::CheckAlpn(SSLNextProtoState expected_state,
+                         const std::string& expected) const {
+  SSLNextProtoState state;
+  char chosen[10];
+  unsigned int chosen_len;
+  SECStatus rv = SSL_GetNextProto(ssl_fd(), &state,
+                                  reinterpret_cast<unsigned char*>(chosen),
+                                  &chosen_len, sizeof(chosen));
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ(expected_state, state);
+  if (state == SSL_NEXT_PROTO_NO_SUPPORT) {
+    EXPECT_EQ("", expected);
+  } else {
+    EXPECT_NE("", expected);
+    EXPECT_EQ(expected, std::string(chosen, chosen_len));
+  }
+}
+
+void TlsAgent::EnableSrtp() {
+  EXPECT_TRUE(EnsureTlsSetup());
+  const uint16_t ciphers[] = {SRTP_AES128_CM_HMAC_SHA1_80,
+                              SRTP_AES128_CM_HMAC_SHA1_32};
+  EXPECT_EQ(SECSuccess,
+            SSL_SetSRTPCiphers(ssl_fd(), ciphers, PR_ARRAY_SIZE(ciphers)));
+}
+
+void TlsAgent::CheckSrtp() const {
+  uint16_t actual;
+  EXPECT_EQ(SECSuccess, SSL_GetSRTPCipher(ssl_fd(), &actual));
+  EXPECT_EQ(SRTP_AES128_CM_HMAC_SHA1_80, actual);
+}
+
+void TlsAgent::CheckErrorCode(int32_t expected) const {
+  EXPECT_EQ(STATE_ERROR, state_);
+  EXPECT_EQ(expected, error_code_)
+      << "Got error code " << PORT_ErrorToName(error_code_) << " expecting "
+      << PORT_ErrorToName(expected) << std::endl;
+}
+
+void TlsAgent::CheckAlerts() const {
+  EXPECT_EQ(expected_alert_received_count_, alert_received_count_);
+  EXPECT_EQ(expected_alert_sent_count_, alert_sent_count_);
+}
+
+void TlsAgent::WaitForErrorCode(int32_t expected, uint32_t delay) const {
+  ASSERT_EQ(0, error_code_);
+  WAIT_(error_code_ != 0, delay);
+  EXPECT_EQ(expected, error_code_)
+      << "Got error code " << PORT_ErrorToName(error_code_) << " expecting "
+      << PORT_ErrorToName(expected) << std::endl;
+}
+
+void TlsAgent::CheckPreliminaryInfo() {
+  SSLPreliminaryChannelInfo info;
+  EXPECT_EQ(SECSuccess,
+            SSL_GetPreliminaryChannelInfo(ssl_fd(), &info, sizeof(info)));
+  EXPECT_EQ(sizeof(info), info.length);
+  EXPECT_TRUE(info.valuesSet & ssl_preinfo_version);
+  EXPECT_TRUE(info.valuesSet & ssl_preinfo_cipher_suite);
+
+  // A version of 0 is invalid and indicates no expectation.  This value is
+  // initialized to 0 so that tests that don't explicitly set an expected
+  // version can negotiate a version.
+  if (!expected_version_) {
+    expected_version_ = info.protocolVersion;
+  }
+  EXPECT_EQ(expected_version_, info.protocolVersion);
+
+  // As with the version; 0 is the null cipher suite (and also invalid).
+  if (!expected_cipher_suite_) {
+    expected_cipher_suite_ = info.cipherSuite;
+  }
+  EXPECT_EQ(expected_cipher_suite_, info.cipherSuite);
+}
+
+// Check that all the expected callbacks have been called.
+void TlsAgent::CheckCallbacks() const {
+  // If false start happens, the handshake is reported as being complete at the
+  // point that false start happens.
+  if (expect_resumption_ || !falsestart_enabled_) {
+    EXPECT_TRUE(handshake_callback_called_);
+  }
+
+  // These callbacks shouldn't fire if we are resuming, except on TLS 1.3.
+  if (role_ == SERVER) {
+    PRBool have_sni = SSLInt_ExtensionNegotiated(ssl_fd(), ssl_server_name_xtn);
+    EXPECT_EQ(((!expect_resumption_ && have_sni) ||
+               expected_version_ >= SSL_LIBRARY_VERSION_TLS_1_3),
+              sni_hook_called_);
+  } else {
+    EXPECT_EQ(!expect_resumption_, auth_certificate_hook_called_);
+    // Note that this isn't unconditionally called, even with false start on.
+    // But the callback is only skipped if a cipher that is ridiculously weak
+    // (80 bits) is chosen.  Don't test that: plan to remove bad ciphers.
+    EXPECT_EQ(falsestart_enabled_ && !expect_resumption_,
+              can_falsestart_hook_called_);
+  }
+}
+
+void TlsAgent::ResetPreliminaryInfo() {
+  expected_version_ = 0;
+  expected_cipher_suite_ = 0;
+}
+
+void TlsAgent::Connected() {
+  if (state_ == STATE_CONNECTED) {
+    return;
+  }
+
+  LOG("Handshake success");
+  CheckPreliminaryInfo();
+  CheckCallbacks();
+
+  SECStatus rv = SSL_GetChannelInfo(ssl_fd(), &info_, sizeof(info_));
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ(sizeof(info_), info_.length);
+
+  // Preliminary values are exposed through callbacks during the handshake.
+  // If either expected values were set or the callbacks were called, check
+  // that the final values are correct.
+  EXPECT_EQ(expected_version_, info_.protocolVersion);
+  EXPECT_EQ(expected_cipher_suite_, info_.cipherSuite);
+
+  rv = SSL_GetCipherSuiteInfo(info_.cipherSuite, &csinfo_, sizeof(csinfo_));
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ(sizeof(csinfo_), csinfo_.length);
+
+  if (expected_version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    PRInt32 cipherSuites = SSLInt_CountTls13CipherSpecs(ssl_fd());
+    // We use one ciphersuite in each direction, plus one that's kept around
+    // by DTLS for retransmission.
+    PRInt32 expected = ((mode_ == DGRAM) && (role_ == CLIENT)) ? 3 : 2;
+    EXPECT_EQ(expected, cipherSuites);
+    if (expected != cipherSuites) {
+      SSLInt_PrintTls13CipherSpecs(ssl_fd());
+    }
+  }
+
+  PRBool short_headers;
+  rv = SSLInt_UsingShortHeaders(ssl_fd(), &short_headers);
+  EXPECT_EQ(SECSuccess, rv);
+  EXPECT_EQ((PRBool)expect_short_headers_, short_headers);
+  SetState(STATE_CONNECTED);
+}
+
+void TlsAgent::EnableExtendedMasterSecret() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv =
+      SSL_OptionSet(ssl_fd(), SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
+
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::CheckExtendedMasterSecret(bool expected) {
+  if (version() >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    expected = PR_TRUE;
+  }
+  ASSERT_EQ(expected, info_.extendedMasterSecretUsed != PR_FALSE)
+      << "unexpected extended master secret state for " << name_;
+}
+
+void TlsAgent::CheckEarlyDataAccepted(bool expected) {
+  if (version() < SSL_LIBRARY_VERSION_TLS_1_3) {
+    expected = false;
+  }
+  ASSERT_EQ(expected, info_.earlyDataAccepted != PR_FALSE)
+      << "unexpected early data state for " << name_;
+}
+
+void TlsAgent::CheckSecretsDestroyed() {
+  ASSERT_EQ(PR_TRUE, SSLInt_CheckSecretsDestroyed(ssl_fd()));
+}
+
+void TlsAgent::DisableRollbackDetection() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ROLLBACK_DETECTION, PR_FALSE);
+
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::EnableCompression() {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_DEFLATE, PR_TRUE);
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SetDowngradeCheckVersion(uint16_t version) {
+  ASSERT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_SetDowngradeCheckVersion(ssl_fd(), version);
+  ASSERT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::Handshake() {
+  LOGV("Handshake");
+  SECStatus rv = SSL_ForceHandshake(ssl_fd());
+  if (rv == SECSuccess) {
+    Connected();
+    Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
+                             &TlsAgent::ReadableCallback);
+    return;
+  }
+
+  int32_t err = PR_GetError();
+  if (err == PR_WOULD_BLOCK_ERROR) {
+    LOGV("Would have blocked");
+    if (mode_ == DGRAM) {
+      if (timer_handle_) {
+        timer_handle_->Cancel();
+        timer_handle_ = nullptr;
+      }
+
+      PRIntervalTime timeout;
+      rv = DTLS_GetHandshakeTimeout(ssl_fd(), &timeout);
+      if (rv == SECSuccess) {
+        Poller::Instance()->SetTimer(
+            timeout + 1, this, &TlsAgent::ReadableCallback, &timer_handle_);
+      }
+    }
+    Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
+                             &TlsAgent::ReadableCallback);
+    return;
+  }
+
+  LOG("Handshake failed with error " << PORT_ErrorToName(err) << ": "
+                                     << PORT_ErrorToString(err));
+  error_code_ = err;
+  SetState(STATE_ERROR);
+}
+
+void TlsAgent::PrepareForRenegotiate() {
+  EXPECT_EQ(STATE_CONNECTED, state_);
+
+  SetState(STATE_CONNECTING);
+}
+
+void TlsAgent::StartRenegotiate() {
+  PrepareForRenegotiate();
+
+  SECStatus rv = SSL_ReHandshake(ssl_fd(), PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::SendDirect(const DataBuffer& buf) {
+  LOG("Send Direct " << buf);
+  auto peer = adapter_->peer().lock();
+  if (peer) {
+    peer->PacketReceived(buf);
+  } else {
+    LOG("Send Direct peer absent");
+  }
+}
+
+static bool ErrorIsNonFatal(PRErrorCode code) {
+  return code == PR_WOULD_BLOCK_ERROR || code == SSL_ERROR_RX_SHORT_DTLS_READ;
+}
+
+void TlsAgent::SendData(size_t bytes, size_t blocksize) {
+  uint8_t block[4096];
+
+  ASSERT_LT(blocksize, sizeof(block));
+
+  while (bytes) {
+    size_t tosend = std::min(blocksize, bytes);
+
+    for (size_t i = 0; i < tosend; ++i) {
+      block[i] = 0xff & send_ctr_;
+      ++send_ctr_;
+    }
+
+    SendBuffer(DataBuffer(block, tosend));
+    bytes -= tosend;
+  }
+}
+
+void TlsAgent::SendBuffer(const DataBuffer& buf) {
+  LOGV("Writing " << buf.len() << " bytes");
+  int32_t rv = PR_Write(ssl_fd(), buf.data(), buf.len());
+  if (expect_readwrite_error_) {
+    EXPECT_GT(0, rv);
+    EXPECT_NE(PR_WOULD_BLOCK_ERROR, error_code_);
+    error_code_ = PR_GetError();
+    expect_readwrite_error_ = false;
+  } else {
+    ASSERT_EQ(buf.len(), static_cast<size_t>(rv));
+  }
+}
+
+void TlsAgent::ReadBytes() {
+  uint8_t block[1024];
+
+  int32_t rv = PR_Read(ssl_fd(), block, sizeof(block));
+  LOGV("ReadBytes " << rv);
+  int32_t err;
+
+  if (rv >= 0) {
+    size_t count = static_cast<size_t>(rv);
+    for (size_t i = 0; i < count; ++i) {
+      ASSERT_EQ(recv_ctr_ & 0xff, block[i]);
+      recv_ctr_++;
+    }
+  } else {
+    err = PR_GetError();
+    LOG("Read error " << PORT_ErrorToName(err) << ": "
+                      << PORT_ErrorToString(err));
+    if (err != PR_WOULD_BLOCK_ERROR && expect_readwrite_error_) {
+      error_code_ = err;
+      expect_readwrite_error_ = false;
+    }
+  }
+
+  // If closed, then don't bother waiting around.
+  if (rv > 0 || (rv < 0 && ErrorIsNonFatal(err))) {
+    LOGV("Re-arming");
+    Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
+                             &TlsAgent::ReadableCallback);
+  }
+}
+
+void TlsAgent::ResetSentBytes() { send_ctr_ = 0; }
+
+void TlsAgent::ConfigureSessionCache(SessionResumptionMode mode) {
+  EXPECT_TRUE(EnsureTlsSetup());
+
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_NO_CACHE,
+                               mode & RESUME_SESSIONID ? PR_FALSE : PR_TRUE);
+  EXPECT_EQ(SECSuccess, rv);
+
+  rv = SSL_OptionSet(ssl_fd(), SSL_ENABLE_SESSION_TICKETS,
+                     mode & RESUME_TICKET ? PR_TRUE : PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+void TlsAgent::DisableECDHEServerKeyReuse() {
+  ASSERT_TRUE(EnsureTlsSetup());
+  ASSERT_EQ(TlsAgent::SERVER, role_);
+  SECStatus rv = SSL_OptionSet(ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  EXPECT_EQ(SECSuccess, rv);
+}
+
+static const std::string kTlsRolesAllArr[] = {"CLIENT", "SERVER"};
+::testing::internal::ParamGenerator<std::string>
+    TlsAgentTestBase::kTlsRolesAll = ::testing::ValuesIn(kTlsRolesAllArr);
+
+void TlsAgentTestBase::SetUp() {
+  SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
+}
+
+void TlsAgentTestBase::TearDown() {
+  agent_ = nullptr;
+  SSL_ClearSessionCache();
+  SSL_ShutdownServerSessionIDCache();
+}
+
+void TlsAgentTestBase::Reset(const std::string& server_name) {
+  agent_.reset(
+      new TlsAgent(role_ == TlsAgent::CLIENT ? TlsAgent::kClient : server_name,
+                   role_, mode_));
+  if (version_) {
+    agent_->SetVersionRange(version_, version_);
+  }
+  agent_->adapter()->SetPeer(sink_adapter_);
+  agent_->StartConnect();
+}
+
+void TlsAgentTestBase::EnsureInit() {
+  if (!agent_) {
+    Reset();
+  }
+  const std::vector<SSLNamedGroup> groups = {
+      ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+      ssl_grp_ffdhe_2048};
+  agent_->ConfigNamedGroups(groups);
+}
+
+void TlsAgentTestBase::ProcessMessage(const DataBuffer& buffer,
+                                      TlsAgent::State expected_state,
+                                      int32_t error_code) {
+  std::cerr << "Process message: " << buffer << std::endl;
+  EnsureInit();
+  agent_->adapter()->PacketReceived(buffer);
+  agent_->Handshake();
+
+  ASSERT_EQ(expected_state, agent_->state());
+
+  if (expected_state == TlsAgent::STATE_ERROR) {
+    ASSERT_EQ(error_code, agent_->error_code());
+  }
+}
+
+void TlsAgentTestBase::MakeRecord(Mode mode, uint8_t type, uint16_t version,
+                                  const uint8_t* buf, size_t len,
+                                  DataBuffer* out, uint64_t seq_num) {
+  size_t index = 0;
+  index = out->Write(index, type, 1);
+  index = out->Write(
+      index, mode == STREAM ? version : TlsVersionToDtlsVersion(version), 2);
+  if (mode == DGRAM) {
+    index = out->Write(index, seq_num >> 32, 4);
+    index = out->Write(index, seq_num & PR_UINT32_MAX, 4);
+  }
+  index = out->Write(index, len, 2);
+  out->Write(index, buf, len);
+}
+
+void TlsAgentTestBase::MakeRecord(uint8_t type, uint16_t version,
+                                  const uint8_t* buf, size_t len,
+                                  DataBuffer* out, uint64_t seq_num) const {
+  MakeRecord(mode_, type, version, buf, len, out, seq_num);
+}
+
+void TlsAgentTestBase::MakeHandshakeMessage(uint8_t hs_type,
+                                            const uint8_t* data, size_t hs_len,
+                                            DataBuffer* out,
+                                            uint64_t seq_num) const {
+  return MakeHandshakeMessageFragment(hs_type, data, hs_len, out, seq_num, 0,
+                                      0);
+}
+
+void TlsAgentTestBase::MakeHandshakeMessageFragment(
+    uint8_t hs_type, const uint8_t* data, size_t hs_len, DataBuffer* out,
+    uint64_t seq_num, uint32_t fragment_offset,
+    uint32_t fragment_length) const {
+  size_t index = 0;
+  if (!fragment_length) fragment_length = hs_len;
+  index = out->Write(index, hs_type, 1);  // Handshake record type.
+  index = out->Write(index, hs_len, 3);   // Handshake length
+  if (mode_ == DGRAM) {
+    index = out->Write(index, seq_num, 2);
+    index = out->Write(index, fragment_offset, 3);
+    index = out->Write(index, fragment_length, 3);
+  }
+  if (data) {
+    index = out->Write(index, data, fragment_length);
+  } else {
+    for (size_t i = 0; i < fragment_length; ++i) {
+      index = out->Write(index, 1, 1);
+    }
+  }
+}
+
+void TlsAgentTestBase::MakeTrivialHandshakeRecord(uint8_t hs_type,
+                                                  size_t hs_len,
+                                                  DataBuffer* out) {
+  size_t index = 0;
+  index = out->Write(index, kTlsHandshakeType, 1);  // Content Type
+  index = out->Write(index, 3, 1);                  // Version high
+  index = out->Write(index, 1, 1);                  // Version low
+  index = out->Write(index, 4 + hs_len, 2);         // Length
+
+  index = out->Write(index, hs_type, 1);  // Handshake record type.
+  index = out->Write(index, hs_len, 3);   // Handshake length
+  for (size_t i = 0; i < hs_len; ++i) {
+    index = out->Write(index, 1, 1);
+  }
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/tls_agent.h b/nss/gtests/ssl_gtest/tls_agent.h
new file mode 100644
index 0000000..d9fe394
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_agent.h
@@ -0,0 +1,535 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_agent_h_
+#define tls_agent_h_
+
+#include "prio.h"
+#include "ssl.h"
+
+#include <functional>
+#include <iostream>
+
+#include "test_io.h"
+#include "tls_filter.h"
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+extern bool g_ssl_gtest_verbose;
+
+namespace nss_test {
+
+#define LOG(msg) std::cerr << role_str() << ": " << msg << std::endl
+#define LOGV(msg)                      \
+  do {                                 \
+    if (g_ssl_gtest_verbose) LOG(msg); \
+  } while (false)
+
+enum SessionResumptionMode {
+  RESUME_NONE = 0,
+  RESUME_SESSIONID = 1,
+  RESUME_TICKET = 2,
+  RESUME_BOTH = RESUME_SESSIONID | RESUME_TICKET
+};
+
+class TlsAgent;
+
+const extern std::vector<SSLNamedGroup> kAllDHEGroups;
+const extern std::vector<SSLNamedGroup> kECDHEGroups;
+const extern std::vector<SSLNamedGroup> kFFDHEGroups;
+const extern std::vector<SSLNamedGroup> kFasterDHEGroups;
+
+// These functions are called from callbacks.  They use bare pointers because
+// TlsAgent sets up the callback and it doesn't know who owns it.
+typedef std::function<SECStatus(TlsAgent* agent, bool checksig, bool isServer)>
+    AuthCertificateCallbackFunction;
+
+typedef std::function<void(TlsAgent* agent)> HandshakeCallbackFunction;
+
+typedef std::function<int32_t(TlsAgent* agent, const SECItem* srvNameArr,
+                              PRUint32 srvNameArrSize)>
+    SniCallbackFunction;
+
+class TlsAgent : public PollTarget {
+ public:
+  enum Role { CLIENT, SERVER };
+  enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR };
+
+  static const std::string kClient;     // the client key is sign only
+  static const std::string kRsa2048;    // bigger sign and encrypt for either
+  static const std::string kServerRsa;  // both sign and encrypt
+  static const std::string kServerRsaSign;
+  static const std::string kServerRsaPss;
+  static const std::string kServerRsaDecrypt;
+  static const std::string kServerRsaChain;  // A cert that requires a chain.
+  static const std::string kServerEcdsa256;
+  static const std::string kServerEcdsa384;
+  static const std::string kServerEcdsa521;
+  static const std::string kServerEcdhEcdsa;
+  static const std::string kServerEcdhRsa;
+  static const std::string kServerDsa;
+
+  TlsAgent(const std::string& name, Role role, Mode mode);
+  virtual ~TlsAgent();
+
+  void SetPeer(std::shared_ptr<TlsAgent>& peer) {
+    adapter_->SetPeer(peer->adapter_);
+  }
+
+  void SetTlsRecordFilter(std::shared_ptr<TlsRecordFilter> filter) {
+    filter->SetAgent(this);
+    adapter_->SetPacketFilter(filter);
+  }
+
+  void SetPacketFilter(std::shared_ptr<PacketFilter> filter) {
+    adapter_->SetPacketFilter(filter);
+  }
+
+  void DeletePacketFilter() { adapter_->SetPacketFilter(nullptr); }
+
+  void StartConnect(PRFileDesc* model = nullptr);
+  void CheckKEA(SSLKEAType kea_type, SSLNamedGroup group,
+                size_t kea_size = 0) const;
+  void CheckAuthType(SSLAuthType auth_type,
+                     SSLSignatureScheme sig_scheme) const;
+
+  void DisableAllCiphers();
+  void EnableCiphersByAuthType(SSLAuthType authType);
+  void EnableCiphersByKeyExchange(SSLKEAType kea);
+  void EnableGroupsByKeyExchange(SSLKEAType kea);
+  void EnableGroupsByAuthType(SSLAuthType authType);
+  void EnableSingleCipher(uint16_t cipher);
+
+  void Handshake();
+  // Marks the internal state as CONNECTING in anticipation of renegotiation.
+  void PrepareForRenegotiate();
+  // Prepares for renegotiation, then actually triggers it.
+  void StartRenegotiate();
+  static bool LoadCertificate(const std::string& name,
+                              ScopedCERTCertificate* cert,
+                              ScopedSECKEYPrivateKey* priv);
+  bool ConfigServerCert(const std::string& name, bool updateKeyBits = false,
+                        const SSLExtraServerCertData* serverCertData = nullptr);
+  bool ConfigServerCertWithChain(const std::string& name);
+  bool EnsureTlsSetup(PRFileDesc* modelSocket = nullptr);
+
+  void SetupClientAuth();
+  void RequestClientAuth(bool requireAuth);
+
+  void ConfigureSessionCache(SessionResumptionMode mode);
+  void SetSessionTicketsEnabled(bool en);
+  void SetSessionCacheEnabled(bool en);
+  void Set0RttEnabled(bool en);
+  void SetFallbackSCSVEnabled(bool en);
+  void SetShortHeadersEnabled();
+  void SetVersionRange(uint16_t minver, uint16_t maxver);
+  void GetVersionRange(uint16_t* minver, uint16_t* maxver);
+  void CheckPreliminaryInfo();
+  void ResetPreliminaryInfo();
+  void SetExpectedVersion(uint16_t version);
+  void SetServerKeyBits(uint16_t bits);
+  void ExpectReadWriteError();
+  void EnableFalseStart();
+  void ExpectResumption();
+  void ExpectShortHeaders();
+  void SetSignatureSchemes(const SSLSignatureScheme* schemes, size_t count);
+  void EnableAlpn(const uint8_t* val, size_t len);
+  void CheckAlpn(SSLNextProtoState expected_state,
+                 const std::string& expected = "") const;
+  void EnableSrtp();
+  void CheckSrtp() const;
+  void CheckErrorCode(int32_t expected) const;
+  void CheckAlerts() const;
+  void WaitForErrorCode(int32_t expected, uint32_t delay) const;
+  // Send data on the socket, encrypting it.
+  void SendData(size_t bytes, size_t blocksize = 1024);
+  void SendBuffer(const DataBuffer& buf);
+  // Send data directly to the underlying socket, skipping the TLS layer.
+  void SendDirect(const DataBuffer& buf);
+  void ReadBytes();
+  void ResetSentBytes();  // Hack to test drops.
+  void EnableExtendedMasterSecret();
+  void CheckExtendedMasterSecret(bool expected);
+  void CheckEarlyDataAccepted(bool expected);
+  void DisableRollbackDetection();
+  void EnableCompression();
+  void SetDowngradeCheckVersion(uint16_t version);
+  void CheckSecretsDestroyed();
+  void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups);
+  void DisableECDHEServerKeyReuse();
+  bool GetPeerChainLength(size_t* count);
+
+  const std::string& name() const { return name_; }
+
+  Role role() const { return role_; }
+  std::string role_str() const { return role_ == SERVER ? "server" : "client"; }
+
+  State state() const { return state_; }
+
+  const CERTCertificate* peer_cert() const {
+    return SSL_PeerCertificate(ssl_fd_.get());
+  }
+
+  const char* state_str() const { return state_str(state()); }
+
+  static const char* state_str(State state) { return states[state]; }
+
+  PRFileDesc* ssl_fd() const { return ssl_fd_.get(); }
+  std::shared_ptr<DummyPrSocket>& adapter() { return adapter_; }
+
+  bool is_compressed() const {
+    return info_.compressionMethod != ssl_compression_null;
+  }
+  uint16_t server_key_bits() const { return server_key_bits_; }
+  uint16_t min_version() const { return vrange_.min; }
+  uint16_t max_version() const { return vrange_.max; }
+  uint16_t version() const {
+    EXPECT_EQ(STATE_CONNECTED, state_);
+    return info_.protocolVersion;
+  }
+
+  bool cipher_suite(uint16_t* cipher_suite) const {
+    if (state_ != STATE_CONNECTED) return false;
+
+    *cipher_suite = info_.cipherSuite;
+    return true;
+  }
+
+  std::string cipher_suite_name() const {
+    if (state_ != STATE_CONNECTED) return "UNKNOWN";
+
+    return csinfo_.cipherSuiteName;
+  }
+
+  std::vector<uint8_t> session_id() const {
+    return std::vector<uint8_t>(info_.sessionID,
+                                info_.sessionID + info_.sessionIDLength);
+  }
+
+  bool auth_type(SSLAuthType* auth_type) const {
+    if (state_ != STATE_CONNECTED) return false;
+
+    *auth_type = info_.authType;
+    return true;
+  }
+
+  bool kea_type(SSLKEAType* kea_type) const {
+    if (state_ != STATE_CONNECTED) return false;
+
+    *kea_type = info_.keaType;
+    return true;
+  }
+
+  size_t received_bytes() const { return recv_ctr_; }
+  PRErrorCode error_code() const { return error_code_; }
+
+  bool can_falsestart_hook_called() const {
+    return can_falsestart_hook_called_;
+  }
+
+  void SetHandshakeCallback(HandshakeCallbackFunction handshake_callback) {
+    handshake_callback_ = handshake_callback;
+  }
+
+  void SetAuthCertificateCallback(
+      AuthCertificateCallbackFunction auth_certificate_callback) {
+    auth_certificate_callback_ = auth_certificate_callback;
+  }
+
+  void SetSniCallback(SniCallbackFunction sni_callback) {
+    sni_callback_ = sni_callback;
+  }
+
+  size_t alert_received_count() const { return alert_received_count_; }
+
+  void SetExpectedAlertReceivedCount(size_t count) {
+    expected_alert_received_count_ = count;
+  }
+
+  size_t expected_alert_received_count() const {
+    return expected_alert_received_count_;
+  }
+
+  bool GetLastAlertReceived(SSLAlert* alert) const {
+    if (!alert_received_count_) {
+      return false;
+    }
+    *alert = last_alert_received_;
+    return true;
+  }
+
+  size_t alert_sent_count() const { return alert_sent_count_; }
+
+  void SetExpectedAlertSentCount(size_t count) {
+    expected_alert_sent_count_ = count;
+  }
+
+  size_t expected_alert_sent_count() const {
+    return expected_alert_sent_count_;
+  }
+
+  bool GetLastAlertSent(SSLAlert* alert) const {
+    if (!alert_sent_count_) {
+      return false;
+    }
+    *alert = last_alert_sent_;
+    return true;
+  }
+
+ private:
+  const static char* states[];
+
+  void SetState(State state);
+
+  // Dummy auth certificate hook.
+  static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->CheckPreliminaryInfo();
+    agent->auth_certificate_hook_called_ = true;
+    if (agent->auth_certificate_callback_) {
+      return agent->auth_certificate_callback_(agent, checksig ? true : false,
+                                               isServer ? true : false);
+    }
+    return SECSuccess;
+  }
+
+  // Client auth certificate hook.
+  static SECStatus ClientAuthenticated(void* arg, PRFileDesc* fd,
+                                       PRBool checksig, PRBool isServer) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    EXPECT_TRUE(agent->expect_client_auth_);
+    EXPECT_EQ(PR_TRUE, isServer);
+    if (agent->auth_certificate_callback_) {
+      return agent->auth_certificate_callback_(agent, checksig ? true : false,
+                                               isServer ? true : false);
+    }
+    return SECSuccess;
+  }
+
+  static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
+                                         CERTDistNames* caNames,
+                                         CERTCertificate** cert,
+                                         SECKEYPrivateKey** privKey);
+
+  static void ReadableCallback(PollTarget* self, Event event) {
+    TlsAgent* agent = static_cast<TlsAgent*>(self);
+    if (event == TIMER_EVENT) {
+      agent->timer_handle_ = nullptr;
+    }
+    agent->ReadableCallback_int();
+  }
+
+  void ReadableCallback_int() {
+    LOGV("Readable");
+    switch (state_) {
+      case STATE_CONNECTING:
+        Handshake();
+        break;
+      case STATE_CONNECTED:
+        ReadBytes();
+        break;
+      default:
+        break;
+    }
+  }
+
+  static PRInt32 SniHook(PRFileDesc* fd, const SECItem* srvNameArr,
+                         PRUint32 srvNameArrSize, void* arg) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->CheckPreliminaryInfo();
+    agent->sni_hook_called_ = true;
+    EXPECT_EQ(1UL, srvNameArrSize);
+    if (agent->sni_callback_) {
+      return agent->sni_callback_(agent, srvNameArr, srvNameArrSize);
+    }
+    return 0;  // First configuration.
+  }
+
+  static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg,
+                                         PRBool* canFalseStart) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->CheckPreliminaryInfo();
+    EXPECT_TRUE(agent->falsestart_enabled_);
+    EXPECT_FALSE(agent->can_falsestart_hook_called_);
+    agent->can_falsestart_hook_called_ = true;
+    *canFalseStart = true;
+    return SECSuccess;
+  }
+
+  static void AlertReceivedCallback(const PRFileDesc* fd, void* arg,
+                                    const SSLAlert* alert) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+
+    std::cerr << agent->role_str()
+              << ": Alert received: level=" << static_cast<int>(alert->level)
+              << " desc=" << static_cast<int>(alert->description) << std::endl;
+
+    ++agent->alert_received_count_;
+    agent->last_alert_received_ = *alert;
+  }
+
+  static void AlertSentCallback(const PRFileDesc* fd, void* arg,
+                                const SSLAlert* alert) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+
+    std::cerr << agent->role_str()
+              << ": Alert sent: level=" << static_cast<int>(alert->level)
+              << " desc=" << static_cast<int>(alert->description) << std::endl;
+
+    ++agent->alert_sent_count_;
+    agent->last_alert_sent_ = *alert;
+  }
+
+  static void HandshakeCallback(PRFileDesc* fd, void* arg) {
+    TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
+    agent->handshake_callback_called_ = true;
+    agent->Connected();
+    if (agent->handshake_callback_) {
+      agent->handshake_callback_(agent);
+    }
+  }
+
+  void DisableLameGroups();
+  void ConfigStrongECGroups(bool en);
+  void ConfigAllDHGroups(bool en);
+  void CheckCallbacks() const;
+  void Connected();
+
+  const std::string name_;
+  Mode mode_;
+  Role role_;
+  uint16_t server_key_bits_;
+  std::shared_ptr<DummyPrSocket> adapter_;
+  ScopedPRFileDesc ssl_fd_;
+  State state_;
+  std::shared_ptr<Poller::Timer> timer_handle_;
+  bool falsestart_enabled_;
+  uint16_t expected_version_;
+  uint16_t expected_cipher_suite_;
+  bool expect_resumption_;
+  bool expect_client_auth_;
+  bool can_falsestart_hook_called_;
+  bool sni_hook_called_;
+  bool auth_certificate_hook_called_;
+  size_t alert_received_count_;
+  size_t expected_alert_received_count_;
+  SSLAlert last_alert_received_;
+  size_t alert_sent_count_;
+  size_t expected_alert_sent_count_;
+  SSLAlert last_alert_sent_;
+  bool handshake_callback_called_;
+  SSLChannelInfo info_;
+  SSLCipherSuiteInfo csinfo_;
+  SSLVersionRange vrange_;
+  PRErrorCode error_code_;
+  size_t send_ctr_;
+  size_t recv_ctr_;
+  bool expect_readwrite_error_;
+  HandshakeCallbackFunction handshake_callback_;
+  AuthCertificateCallbackFunction auth_certificate_callback_;
+  SniCallbackFunction sni_callback_;
+  bool expect_short_headers_;
+};
+
+inline std::ostream& operator<<(std::ostream& stream,
+                                const TlsAgent::State& state) {
+  return stream << TlsAgent::state_str(state);
+}
+
+class TlsAgentTestBase : public ::testing::Test {
+ public:
+  static ::testing::internal::ParamGenerator<std::string> kTlsRolesAll;
+
+  TlsAgentTestBase(TlsAgent::Role role, Mode mode, uint16_t version = 0)
+      : agent_(nullptr),
+        role_(role),
+        mode_(mode),
+        version_(version),
+        sink_adapter_(new DummyPrSocket("sink", mode)) {}
+  virtual ~TlsAgentTestBase() {}
+
+  void SetUp();
+  void TearDown();
+
+  static void MakeRecord(Mode mode, uint8_t type, uint16_t version,
+                         const uint8_t* buf, size_t len, DataBuffer* out,
+                         uint64_t seq_num = 0);
+  void MakeRecord(uint8_t type, uint16_t version, const uint8_t* buf,
+                  size_t len, DataBuffer* out, uint64_t seq_num = 0) const;
+  void MakeHandshakeMessage(uint8_t hs_type, const uint8_t* data, size_t hs_len,
+                            DataBuffer* out, uint64_t seq_num = 0) const;
+  void MakeHandshakeMessageFragment(uint8_t hs_type, const uint8_t* data,
+                                    size_t hs_len, DataBuffer* out,
+                                    uint64_t seq_num, uint32_t fragment_offset,
+                                    uint32_t fragment_length) const;
+  static void MakeTrivialHandshakeRecord(uint8_t hs_type, size_t hs_len,
+                                         DataBuffer* out);
+  static inline TlsAgent::Role ToRole(const std::string& str) {
+    return str == "CLIENT" ? TlsAgent::CLIENT : TlsAgent::SERVER;
+  }
+
+  static inline Mode ToMode(const std::string& str) {
+    return str == "TLS" ? STREAM : DGRAM;
+  }
+
+  void Init(const std::string& server_name = TlsAgent::kServerRsa);
+  void Reset(const std::string& server_name = TlsAgent::kServerRsa);
+
+ protected:
+  void EnsureInit();
+  void ProcessMessage(const DataBuffer& buffer, TlsAgent::State expected_state,
+                      int32_t error_code = 0);
+
+  std::unique_ptr<TlsAgent> agent_;
+  TlsAgent::Role role_;
+  Mode mode_;
+  uint16_t version_;
+  // This adapter is here just to accept packets from this agent.
+  std::shared_ptr<DummyPrSocket> sink_adapter_;
+};
+
+class TlsAgentTest : public TlsAgentTestBase,
+                     public ::testing::WithParamInterface<
+                         std::tuple<std::string, std::string, uint16_t>> {
+ public:
+  TlsAgentTest()
+      : TlsAgentTestBase(ToRole(std::get<0>(GetParam())),
+                         ToMode(std::get<1>(GetParam())),
+                         std::get<2>(GetParam())) {}
+};
+
+class TlsAgentTestClient
+    : public TlsAgentTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsAgentTestClient()
+      : TlsAgentTestBase(TlsAgent::CLIENT, ToMode(std::get<0>(GetParam())),
+                         std::get<1>(GetParam())) {}
+};
+
+class TlsAgentTestClient13 : public TlsAgentTestClient {};
+
+class TlsAgentStreamTestClient : public TlsAgentTestBase {
+ public:
+  TlsAgentStreamTestClient() : TlsAgentTestBase(TlsAgent::CLIENT, STREAM) {}
+};
+
+class TlsAgentStreamTestServer : public TlsAgentTestBase {
+ public:
+  TlsAgentStreamTestServer() : TlsAgentTestBase(TlsAgent::SERVER, STREAM) {}
+};
+
+class TlsAgentDgramTestClient : public TlsAgentTestBase {
+ public:
+  TlsAgentDgramTestClient() : TlsAgentTestBase(TlsAgent::CLIENT, DGRAM) {}
+};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/gtests/ssl_gtest/tls_connect.cc b/nss/gtests/ssl_gtest/tls_connect.cc
new file mode 100644
index 0000000..400ae85
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_connect.cc
@@ -0,0 +1,729 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_connect.h"
+extern "C" {
+#include "libssl_internals.h"
+}
+
+#include <iostream>
+
+#include "databuffer.h"
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+#include "sslproto.h"
+
+extern std::string g_working_dir_path;
+
+namespace nss_test {
+
+static const std::string kTlsModesStreamArr[] = {"TLS"};
+::testing::internal::ParamGenerator<std::string>
+    TlsConnectTestBase::kTlsModesStream =
+        ::testing::ValuesIn(kTlsModesStreamArr);
+static const std::string kTlsModesDatagramArr[] = {"DTLS"};
+::testing::internal::ParamGenerator<std::string>
+    TlsConnectTestBase::kTlsModesDatagram =
+        ::testing::ValuesIn(kTlsModesDatagramArr);
+static const std::string kTlsModesAllArr[] = {"TLS", "DTLS"};
+::testing::internal::ParamGenerator<std::string>
+    TlsConnectTestBase::kTlsModesAll = ::testing::ValuesIn(kTlsModesAllArr);
+
+static const uint16_t kTlsV10Arr[] = {SSL_LIBRARY_VERSION_TLS_1_0};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV10 =
+    ::testing::ValuesIn(kTlsV10Arr);
+static const uint16_t kTlsV11Arr[] = {SSL_LIBRARY_VERSION_TLS_1_1};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV11 =
+    ::testing::ValuesIn(kTlsV11Arr);
+static const uint16_t kTlsV12Arr[] = {SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV12 =
+    ::testing::ValuesIn(kTlsV12Arr);
+static const uint16_t kTlsV10V11Arr[] = {SSL_LIBRARY_VERSION_TLS_1_0,
+                                         SSL_LIBRARY_VERSION_TLS_1_1};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV10V11 =
+    ::testing::ValuesIn(kTlsV10V11Arr);
+static const uint16_t kTlsV10ToV12Arr[] = {SSL_LIBRARY_VERSION_TLS_1_0,
+                                           SSL_LIBRARY_VERSION_TLS_1_1,
+                                           SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV10ToV12 =
+    ::testing::ValuesIn(kTlsV10ToV12Arr);
+static const uint16_t kTlsV11V12Arr[] = {SSL_LIBRARY_VERSION_TLS_1_1,
+                                         SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV11V12 =
+    ::testing::ValuesIn(kTlsV11V12Arr);
+
+static const uint16_t kTlsV11PlusArr[] = {
+#ifndef NSS_DISABLE_TLS_1_3
+    SSL_LIBRARY_VERSION_TLS_1_3,
+#endif
+    SSL_LIBRARY_VERSION_TLS_1_2, SSL_LIBRARY_VERSION_TLS_1_1};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV11Plus =
+    ::testing::ValuesIn(kTlsV11PlusArr);
+static const uint16_t kTlsV12PlusArr[] = {
+#ifndef NSS_DISABLE_TLS_1_3
+    SSL_LIBRARY_VERSION_TLS_1_3,
+#endif
+    SSL_LIBRARY_VERSION_TLS_1_2};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV12Plus =
+    ::testing::ValuesIn(kTlsV12PlusArr);
+static const uint16_t kTlsV13Arr[] = {SSL_LIBRARY_VERSION_TLS_1_3};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsV13 =
+    ::testing::ValuesIn(kTlsV13Arr);
+static const uint16_t kTlsVAllArr[] = {
+#ifndef NSS_DISABLE_TLS_1_3
+    SSL_LIBRARY_VERSION_TLS_1_3,
+#endif
+    SSL_LIBRARY_VERSION_TLS_1_2, SSL_LIBRARY_VERSION_TLS_1_1,
+    SSL_LIBRARY_VERSION_TLS_1_0};
+::testing::internal::ParamGenerator<uint16_t> TlsConnectTestBase::kTlsVAll =
+    ::testing::ValuesIn(kTlsVAllArr);
+
+std::string VersionString(uint16_t version) {
+  switch (version) {
+    case 0:
+      return "(no version)";
+    case SSL_LIBRARY_VERSION_TLS_1_0:
+      return "1.0";
+    case SSL_LIBRARY_VERSION_TLS_1_1:
+      return "1.1";
+    case SSL_LIBRARY_VERSION_TLS_1_2:
+      return "1.2";
+    case SSL_LIBRARY_VERSION_TLS_1_3:
+      return "1.3";
+    default:
+      std::cerr << "Invalid version: " << version << std::endl;
+      EXPECT_TRUE(false);
+      return "";
+  }
+}
+
+TlsConnectTestBase::TlsConnectTestBase(Mode mode, uint16_t version)
+    : mode_(mode),
+      client_(new TlsAgent(TlsAgent::kClient, TlsAgent::CLIENT, mode_)),
+      server_(new TlsAgent(TlsAgent::kServerRsa, TlsAgent::SERVER, mode_)),
+      client_model_(nullptr),
+      server_model_(nullptr),
+      version_(version),
+      expected_resumption_mode_(RESUME_NONE),
+      session_ids_(),
+      expect_extended_master_secret_(false),
+      expect_early_data_accepted_(false) {
+  std::string v;
+  if (mode_ == DGRAM && version_ == SSL_LIBRARY_VERSION_TLS_1_1) {
+    v = "1.0";
+  } else {
+    v = VersionString(version_);
+  }
+  std::cerr << "Version: " << mode_ << " " << v << std::endl;
+}
+
+TlsConnectTestBase::TlsConnectTestBase(const std::string& mode,
+                                       uint16_t version)
+    : TlsConnectTestBase(TlsConnectTestBase::ToMode(mode), version) {}
+
+TlsConnectTestBase::~TlsConnectTestBase() {}
+
+// Check the group of each of the supported groups
+void TlsConnectTestBase::CheckGroups(
+    const DataBuffer& groups, std::function<void(SSLNamedGroup)> check_group) {
+  DuplicateGroupChecker group_set;
+  uint32_t tmp = 0;
+  EXPECT_TRUE(groups.Read(0, 2, &tmp));
+  EXPECT_EQ(groups.len() - 2, static_cast<size_t>(tmp));
+  for (size_t i = 2; i < groups.len(); i += 2) {
+    EXPECT_TRUE(groups.Read(i, 2, &tmp));
+    SSLNamedGroup group = static_cast<SSLNamedGroup>(tmp);
+    group_set.AddAndCheckGroup(group);
+    check_group(group);
+  }
+}
+
+// Check the group of each of the shares
+void TlsConnectTestBase::CheckShares(
+    const DataBuffer& shares, std::function<void(SSLNamedGroup)> check_group) {
+  DuplicateGroupChecker group_set;
+  uint32_t tmp = 0;
+  EXPECT_TRUE(shares.Read(0, 2, &tmp));
+  EXPECT_EQ(shares.len() - 2, static_cast<size_t>(tmp));
+  size_t i;
+  for (i = 2; i < shares.len(); i += 4 + tmp) {
+    ASSERT_TRUE(shares.Read(i, 2, &tmp));
+    SSLNamedGroup group = static_cast<SSLNamedGroup>(tmp);
+    group_set.AddAndCheckGroup(group);
+    check_group(group);
+    ASSERT_TRUE(shares.Read(i + 2, 2, &tmp));
+  }
+  EXPECT_EQ(shares.len(), i);
+}
+
+void TlsConnectTestBase::ClearStats() {
+  // Clear statistics.
+  SSL3Statistics* stats = SSL_GetStatistics();
+  memset(stats, 0, sizeof(*stats));
+}
+
+void TlsConnectTestBase::ClearServerCache() {
+  SSL_ShutdownServerSessionIDCache();
+  SSLInt_ClearSessionTicketKey();
+  SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
+}
+
+void TlsConnectTestBase::SetUp() {
+  SSL_ConfigServerSessionIDCache(1024, 0, 0, g_working_dir_path.c_str());
+  SSLInt_ClearSessionTicketKey();
+  SSLInt_SetTicketLifetime(30);
+  ClearStats();
+  Init();
+}
+
+void TlsConnectTestBase::TearDown() {
+  client_ = nullptr;
+  server_ = nullptr;
+
+  SSL_ClearSessionCache();
+  SSLInt_ClearSessionTicketKey();
+  SSL_ShutdownServerSessionIDCache();
+}
+
+void TlsConnectTestBase::Init() {
+  client_->SetPeer(server_);
+  server_->SetPeer(client_);
+
+  if (version_) {
+    ConfigureVersion(version_);
+  }
+}
+
+void TlsConnectTestBase::Reset() {
+  // Take a copy of the names because they are about to disappear.
+  std::string server_name = server_->name();
+  std::string client_name = client_->name();
+  Reset(server_name, client_name);
+}
+
+void TlsConnectTestBase::Reset(const std::string& server_name,
+                               const std::string& client_name) {
+  client_.reset(new TlsAgent(client_name, TlsAgent::CLIENT, mode_));
+  server_.reset(new TlsAgent(server_name, TlsAgent::SERVER, mode_));
+
+  Init();
+}
+
+void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected) {
+  expected_resumption_mode_ = expected;
+  if (expected != RESUME_NONE) {
+    client_->ExpectResumption();
+    server_->ExpectResumption();
+  }
+}
+
+void TlsConnectTestBase::EnsureTlsSetup() {
+  EXPECT_TRUE(server_->EnsureTlsSetup(server_model_ ? server_model_->ssl_fd()
+                                                    : nullptr));
+  EXPECT_TRUE(client_->EnsureTlsSetup(client_model_ ? client_model_->ssl_fd()
+                                                    : nullptr));
+}
+
+void TlsConnectTestBase::Handshake() {
+  EnsureTlsSetup();
+  client_->SetServerKeyBits(server_->server_key_bits());
+  client_->Handshake();
+  server_->Handshake();
+
+  ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) &&
+                       (server_->state() != TlsAgent::STATE_CONNECTING),
+                   5000);
+}
+
+void TlsConnectTestBase::EnableExtendedMasterSecret() {
+  client_->EnableExtendedMasterSecret();
+  server_->EnableExtendedMasterSecret();
+  ExpectExtendedMasterSecret(true);
+}
+
+void TlsConnectTestBase::Connect() {
+  server_->StartConnect(server_model_ ? server_model_->ssl_fd() : nullptr);
+  client_->StartConnect(client_model_ ? client_model_->ssl_fd() : nullptr);
+  Handshake();
+  CheckConnected();
+}
+
+void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) {
+  EnsureTlsSetup();
+  client_->EnableSingleCipher(cipher_suite);
+
+  Connect();
+  SendReceive();
+
+  // Check that we used the right cipher suite.
+  uint16_t actual;
+  EXPECT_TRUE(client_->cipher_suite(&actual));
+  EXPECT_EQ(cipher_suite, actual);
+  EXPECT_TRUE(server_->cipher_suite(&actual));
+  EXPECT_EQ(cipher_suite, actual);
+}
+
+void TlsConnectTestBase::CheckConnected() {
+  // Check the version is as expected
+  EXPECT_EQ(client_->version(), server_->version());
+  EXPECT_EQ(std::min(client_->max_version(), server_->max_version()),
+            client_->version());
+
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+
+  uint16_t cipher_suite1, cipher_suite2;
+  bool ret = client_->cipher_suite(&cipher_suite1);
+  EXPECT_TRUE(ret);
+  ret = server_->cipher_suite(&cipher_suite2);
+  EXPECT_TRUE(ret);
+  EXPECT_EQ(cipher_suite1, cipher_suite2);
+
+  std::cerr << "Connected with version " << client_->version()
+            << " cipher suite " << client_->cipher_suite_name() << std::endl;
+
+  if (client_->version() < SSL_LIBRARY_VERSION_TLS_1_3) {
+    // Check and store session ids.
+    std::vector<uint8_t> sid_c1 = client_->session_id();
+    EXPECT_EQ(32U, sid_c1.size());
+    std::vector<uint8_t> sid_s1 = server_->session_id();
+    EXPECT_EQ(32U, sid_s1.size());
+    EXPECT_EQ(sid_c1, sid_s1);
+    session_ids_.push_back(sid_c1);
+  }
+
+  CheckExtendedMasterSecret();
+  CheckEarlyDataAccepted();
+  CheckResumption(expected_resumption_mode_);
+  client_->CheckSecretsDestroyed();
+  server_->CheckSecretsDestroyed();
+
+  client_->CheckAlerts();
+  server_->CheckAlerts();
+}
+
+void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type, SSLNamedGroup kea_group,
+                                   SSLAuthType auth_type,
+                                   SSLSignatureScheme sig_scheme) const {
+  client_->CheckKEA(kea_type, kea_group);
+  server_->CheckKEA(kea_type, kea_group);
+  client_->CheckAuthType(auth_type, sig_scheme);
+  server_->CheckAuthType(auth_type, sig_scheme);
+}
+
+void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type,
+                                   SSLAuthType auth_type) const {
+  SSLNamedGroup group;
+  switch (kea_type) {
+    case ssl_kea_ecdh:
+      group = ssl_grp_ec_curve25519;
+      break;
+    case ssl_kea_dh:
+      group = ssl_grp_ffdhe_2048;
+      break;
+    case ssl_kea_rsa:
+      group = ssl_grp_none;
+      break;
+    default:
+      EXPECT_TRUE(false) << "unexpected KEA";
+      group = ssl_grp_none;
+      break;
+  }
+
+  SSLSignatureScheme scheme;
+  switch (auth_type) {
+    case ssl_auth_rsa_decrypt:
+      scheme = ssl_sig_none;
+      break;
+    case ssl_auth_rsa_sign:
+      if (version_ >= SSL_LIBRARY_VERSION_TLS_1_2) {
+        scheme = ssl_sig_rsa_pss_sha256;
+      } else {
+        scheme = ssl_sig_rsa_pkcs1_sha256;
+      }
+      break;
+    case ssl_auth_rsa_pss:
+      scheme = ssl_sig_rsa_pss_sha256;
+      break;
+    case ssl_auth_ecdsa:
+      scheme = ssl_sig_ecdsa_secp256r1_sha256;
+      break;
+    case ssl_auth_dsa:
+      scheme = ssl_sig_dsa_sha1;
+      break;
+    default:
+      EXPECT_TRUE(false) << "unexpected auth type";
+      scheme = static_cast<SSLSignatureScheme>(0x0100);
+      break;
+  }
+  CheckKeys(kea_type, group, auth_type, scheme);
+}
+
+void TlsConnectTestBase::CheckKeys() const {
+  CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+}
+
+void TlsConnectTestBase::ConnectExpectFail() {
+  server_->StartConnect();
+  client_->StartConnect();
+  Handshake();
+  ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state());
+  ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state());
+}
+
+void TlsConnectTestBase::ConnectExpectFailOneSide(TlsAgent::Role failing_side) {
+  server_->StartConnect();
+  client_->StartConnect();
+  client_->SetServerKeyBits(server_->server_key_bits());
+  client_->Handshake();
+  server_->Handshake();
+
+  auto failing_agent = server_;
+  if (failing_side == TlsAgent::CLIENT) {
+    failing_agent = client_;
+  }
+  ASSERT_TRUE_WAIT(failing_agent->state() == TlsAgent::STATE_ERROR, 5000);
+}
+
+void TlsConnectTestBase::ConfigureVersion(uint16_t version) {
+  version_ = version;
+  client_->SetVersionRange(version, version);
+  server_->SetVersionRange(version, version);
+}
+
+void TlsConnectTestBase::SetExpectedVersion(uint16_t version) {
+  client_->SetExpectedVersion(version);
+  server_->SetExpectedVersion(version);
+}
+
+void TlsConnectTestBase::DisableAllCiphers() {
+  EnsureTlsSetup();
+  client_->DisableAllCiphers();
+  server_->DisableAllCiphers();
+}
+
+void TlsConnectTestBase::EnableOnlyStaticRsaCiphers() {
+  DisableAllCiphers();
+
+  client_->EnableCiphersByKeyExchange(ssl_kea_rsa);
+  server_->EnableCiphersByKeyExchange(ssl_kea_rsa);
+}
+
+void TlsConnectTestBase::EnableOnlyDheCiphers() {
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
+    DisableAllCiphers();
+    client_->EnableCiphersByKeyExchange(ssl_kea_dh);
+    server_->EnableCiphersByKeyExchange(ssl_kea_dh);
+  } else {
+    client_->ConfigNamedGroups(kFFDHEGroups);
+    server_->ConfigNamedGroups(kFFDHEGroups);
+  }
+}
+
+void TlsConnectTestBase::EnableSomeEcdhCiphers() {
+  if (version_ < SSL_LIBRARY_VERSION_TLS_1_3) {
+    client_->EnableCiphersByAuthType(ssl_auth_ecdh_rsa);
+    client_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa);
+    server_->EnableCiphersByAuthType(ssl_auth_ecdh_rsa);
+    server_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa);
+  } else {
+    client_->ConfigNamedGroups(kECDHEGroups);
+    server_->ConfigNamedGroups(kECDHEGroups);
+  }
+}
+
+void TlsConnectTestBase::ConfigureSessionCache(SessionResumptionMode client,
+                                               SessionResumptionMode server) {
+  client_->ConfigureSessionCache(client);
+  server_->ConfigureSessionCache(server);
+  if ((server & RESUME_TICKET) != 0) {
+    ScopedCERTCertificate cert;
+    ScopedSECKEYPrivateKey privKey;
+    ASSERT_TRUE(TlsAgent::LoadCertificate(TlsAgent::kServerRsaDecrypt, &cert,
+                                          &privKey));
+
+    ScopedSECKEYPublicKey pubKey(CERT_ExtractPublicKey(cert.get()));
+    ASSERT_TRUE(pubKey);
+
+    EXPECT_EQ(SECSuccess,
+              SSL_SetSessionTicketKeyPair(pubKey.get(), privKey.get()));
+  }
+}
+
+void TlsConnectTestBase::CheckResumption(SessionResumptionMode expected) {
+  EXPECT_NE(RESUME_BOTH, expected);
+
+  int resume_count = expected ? 1 : 0;
+  int stateless_count = (expected & RESUME_TICKET) ? 1 : 0;
+
+  // Note: hch == server counter; hsh == client counter.
+  SSL3Statistics* stats = SSL_GetStatistics();
+  EXPECT_EQ(resume_count, stats->hch_sid_cache_hits);
+  EXPECT_EQ(resume_count, stats->hsh_sid_cache_hits);
+
+  EXPECT_EQ(stateless_count, stats->hch_sid_stateless_resumes);
+  EXPECT_EQ(stateless_count, stats->hsh_sid_stateless_resumes);
+
+  if (expected != RESUME_NONE) {
+    if (client_->version() < SSL_LIBRARY_VERSION_TLS_1_3) {
+      // Check that the last two session ids match.
+      ASSERT_EQ(2U, session_ids_.size());
+      EXPECT_EQ(session_ids_[session_ids_.size() - 1],
+                session_ids_[session_ids_.size() - 2]);
+    } else {
+      // TLS 1.3 only uses tickets.
+      EXPECT_TRUE(expected & RESUME_TICKET);
+    }
+  }
+}
+
+void TlsConnectTestBase::EnableAlpn() {
+  client_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+  server_->EnableAlpn(alpn_dummy_val_, sizeof(alpn_dummy_val_));
+}
+
+void TlsConnectTestBase::EnableAlpn(const uint8_t* val, size_t len) {
+  client_->EnableAlpn(val, len);
+  server_->EnableAlpn(val, len);
+}
+
+void TlsConnectTestBase::EnsureModelSockets() {
+  // Make sure models agents are available.
+  if (!client_model_) {
+    ASSERT_EQ(server_model_, nullptr);
+    client_model_.reset(
+        new TlsAgent(TlsAgent::kClient, TlsAgent::CLIENT, mode_));
+    server_model_.reset(
+        new TlsAgent(TlsAgent::kServerRsa, TlsAgent::SERVER, mode_));
+  }
+}
+
+void TlsConnectTestBase::CheckAlpn(const std::string& val) {
+  client_->CheckAlpn(SSL_NEXT_PROTO_SELECTED, val);
+  server_->CheckAlpn(SSL_NEXT_PROTO_NEGOTIATED, val);
+}
+
+void TlsConnectTestBase::EnableSrtp() {
+  client_->EnableSrtp();
+  server_->EnableSrtp();
+}
+
+void TlsConnectTestBase::CheckSrtp() const {
+  client_->CheckSrtp();
+  server_->CheckSrtp();
+}
+
+void TlsConnectTestBase::SendReceive() {
+  client_->SendData(50);
+  server_->SendData(50);
+  Receive(50);
+}
+
+// Do a first connection so we can do 0-RTT on the second one.
+void TlsConnectTestBase::SetupForZeroRtt() {
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->Set0RttEnabled(true);  // So we signal that we allow 0-RTT.
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys();
+
+  Reset();
+  client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
+                           SSL_LIBRARY_VERSION_TLS_1_3);
+  server_->StartConnect();
+  client_->StartConnect();
+}
+
+// Do a first connection so we can do resumption
+void TlsConnectTestBase::SetupForResume() {
+  EnsureTlsSetup();
+  ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
+  Connect();
+  SendReceive();  // Need to read so that we absorb the session ticket.
+  CheckKeys();
+
+  Reset();
+}
+
+void TlsConnectTestBase::ZeroRttSendReceive(
+    bool expect_writable, bool expect_readable,
+    std::function<bool()> post_clienthello_check) {
+  const char* k0RttData = "ABCDEF";
+  const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
+
+  client_->Handshake();  // Send ClientHello.
+  if (post_clienthello_check) {
+    if (!post_clienthello_check()) return;
+  }
+  PRInt32 rv =
+      PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen);  // 0-RTT write.
+  if (expect_writable) {
+    EXPECT_EQ(k0RttDataLen, rv);
+  } else {
+    EXPECT_EQ(SECFailure, rv);
+  }
+  server_->Handshake();  // Consume ClientHello, EE, Finished.
+
+  std::vector<uint8_t> buf(k0RttDataLen);
+  rv = PR_Read(server_->ssl_fd(), buf.data(), k0RttDataLen);  // 0-RTT read
+  if (expect_readable) {
+    std::cerr << "0-RTT read " << rv << " bytes\n";
+    EXPECT_EQ(k0RttDataLen, rv);
+  } else {
+    EXPECT_EQ(SECFailure, rv);
+    EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+  }
+
+  // Do a second read. this should fail.
+  rv = PR_Read(server_->ssl_fd(), buf.data(), k0RttDataLen);
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(PR_WOULD_BLOCK_ERROR, PORT_GetError());
+}
+
+void TlsConnectTestBase::Receive(size_t amount) {
+  WAIT_(client_->received_bytes() == amount &&
+            server_->received_bytes() == amount,
+        2000);
+  ASSERT_EQ(amount, client_->received_bytes());
+  ASSERT_EQ(amount, server_->received_bytes());
+}
+
+void TlsConnectTestBase::ExpectExtendedMasterSecret(bool expected) {
+  expect_extended_master_secret_ = expected;
+}
+
+void TlsConnectTestBase::CheckExtendedMasterSecret() {
+  client_->CheckExtendedMasterSecret(expect_extended_master_secret_);
+  server_->CheckExtendedMasterSecret(expect_extended_master_secret_);
+}
+
+void TlsConnectTestBase::ExpectEarlyDataAccepted(bool expected) {
+  expect_early_data_accepted_ = expected;
+}
+
+void TlsConnectTestBase::CheckEarlyDataAccepted() {
+  client_->CheckEarlyDataAccepted(expect_early_data_accepted_);
+  server_->CheckEarlyDataAccepted(expect_early_data_accepted_);
+}
+
+void TlsConnectTestBase::DisableECDHEServerKeyReuse() {
+  server_->DisableECDHEServerKeyReuse();
+}
+
+TlsConnectGeneric::TlsConnectGeneric()
+    : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
+
+TlsConnectPre12::TlsConnectPre12()
+    : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
+
+TlsConnectTls12::TlsConnectTls12()
+    : TlsConnectTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_2) {}
+
+TlsConnectTls12Plus::TlsConnectTls12Plus()
+    : TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
+
+TlsConnectTls13::TlsConnectTls13()
+    : TlsConnectTestBase(GetParam(), SSL_LIBRARY_VERSION_TLS_1_3) {}
+
+void TlsKeyExchangeTest::EnsureKeyShareSetup() {
+  EnsureTlsSetup();
+  groups_capture_ =
+      std::make_shared<TlsExtensionCapture>(ssl_supported_groups_xtn);
+  shares_capture_ =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn);
+  shares_capture2_ =
+      std::make_shared<TlsExtensionCapture>(ssl_tls13_key_share_xtn, true);
+  std::vector<std::shared_ptr<PacketFilter>> captures = {
+      groups_capture_, shares_capture_, shares_capture2_};
+  client_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(captures));
+  capture_hrr_ = std::make_shared<TlsInspectorRecordHandshakeMessage>(
+      kTlsHandshakeHelloRetryRequest);
+  server_->SetPacketFilter(capture_hrr_);
+}
+
+void TlsKeyExchangeTest::ConfigNamedGroups(
+    const std::vector<SSLNamedGroup>& groups) {
+  client_->ConfigNamedGroups(groups);
+  server_->ConfigNamedGroups(groups);
+}
+
+std::vector<SSLNamedGroup> TlsKeyExchangeTest::GetGroupDetails(
+    const DataBuffer& ext) {
+  uint32_t tmp = 0;
+  EXPECT_TRUE(ext.Read(0, 2, &tmp));
+  EXPECT_EQ(ext.len() - 2, static_cast<size_t>(tmp));
+  EXPECT_TRUE(ext.len() % 2 == 0);
+  std::vector<SSLNamedGroup> groups;
+  for (size_t i = 1; i < ext.len() / 2; i += 1) {
+    EXPECT_TRUE(ext.Read(2 * i, 2, &tmp));
+    groups.push_back(static_cast<SSLNamedGroup>(tmp));
+  }
+  return groups;
+}
+
+std::vector<SSLNamedGroup> TlsKeyExchangeTest::GetShareDetails(
+    const DataBuffer& ext) {
+  uint32_t tmp = 0;
+  EXPECT_TRUE(ext.Read(0, 2, &tmp));
+  EXPECT_EQ(ext.len() - 2, static_cast<size_t>(tmp));
+  std::vector<SSLNamedGroup> shares;
+  size_t i = 2;
+  while (i < ext.len()) {
+    EXPECT_TRUE(ext.Read(i, 2, &tmp));
+    shares.push_back(static_cast<SSLNamedGroup>(tmp));
+    EXPECT_TRUE(ext.Read(i + 2, 2, &tmp));
+    i += 4 + tmp;
+  }
+  EXPECT_EQ(ext.len(), i);
+  return shares;
+}
+
+void TlsKeyExchangeTest::CheckKEXDetails(
+    const std::vector<SSLNamedGroup>& expected_groups,
+    const std::vector<SSLNamedGroup>& expected_shares, bool expect_hrr) {
+  std::vector<SSLNamedGroup> groups =
+      GetGroupDetails(groups_capture_->extension());
+  EXPECT_EQ(expected_groups, groups);
+
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    ASSERT_LT(0U, expected_shares.size());
+    std::vector<SSLNamedGroup> shares =
+        GetShareDetails(shares_capture_->extension());
+    EXPECT_EQ(expected_shares, shares);
+  } else {
+    EXPECT_EQ(0U, shares_capture_->extension().len());
+  }
+
+  EXPECT_EQ(expect_hrr, capture_hrr_->buffer().len() != 0);
+}
+
+void TlsKeyExchangeTest::CheckKEXDetails(
+    const std::vector<SSLNamedGroup>& expected_groups,
+    const std::vector<SSLNamedGroup>& expected_shares) {
+  CheckKEXDetails(expected_groups, expected_shares, false);
+}
+
+void TlsKeyExchangeTest::CheckKEXDetails(
+    const std::vector<SSLNamedGroup>& expected_groups,
+    const std::vector<SSLNamedGroup>& expected_shares,
+    SSLNamedGroup expected_share2) {
+  CheckKEXDetails(expected_groups, expected_shares, true);
+
+  for (auto it : expected_shares) {
+    EXPECT_NE(expected_share2, it);
+  }
+  std::vector<SSLNamedGroup> expected_shares2 = {expected_share2};
+  std::vector<SSLNamedGroup> shares =
+      GetShareDetails(shares_capture2_->extension());
+  EXPECT_EQ(expected_shares2, shares);
+}
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/tls_connect.h b/nss/gtests/ssl_gtest/tls_connect.h
new file mode 100644
index 0000000..b918d54
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_connect.h
@@ -0,0 +1,275 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_connect_h_
+#define tls_connect_h_
+
+#include <tuple>
+
+#include "sslproto.h"
+#include "sslt.h"
+
+#include "tls_agent.h"
+#include "tls_filter.h"
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+extern std::string VersionString(uint16_t version);
+
+// A generic TLS connection test base.
+class TlsConnectTestBase : public ::testing::Test {
+ public:
+  static ::testing::internal::ParamGenerator<std::string> kTlsModesStream;
+  static ::testing::internal::ParamGenerator<std::string> kTlsModesDatagram;
+  static ::testing::internal::ParamGenerator<std::string> kTlsModesAll;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV10;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV11;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV12;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV10V11;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV11V12;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV10ToV12;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV13;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV11Plus;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsV12Plus;
+  static ::testing::internal::ParamGenerator<uint16_t> kTlsVAll;
+
+  TlsConnectTestBase(Mode mode, uint16_t version);
+  TlsConnectTestBase(const std::string& mode, uint16_t version);
+  virtual ~TlsConnectTestBase();
+
+  void SetUp();
+  void TearDown();
+
+  // Initialize client and server.
+  void Init();
+  // Clear the statistics.
+  void ClearStats();
+  // Clear the server session cache.
+  void ClearServerCache();
+  // Make sure TLS is configured for a connection.
+  void EnsureTlsSetup();
+  // Reset and keep the same certificate names
+  void Reset();
+  // Reset, and update the certificate names on both peers
+  void Reset(const std::string& server_name,
+             const std::string& client_name = "client");
+
+  // Run the handshake.
+  void Handshake();
+  // Connect and check that it works.
+  void Connect();
+  // Check that the connection was successfully established.
+  void CheckConnected();
+  // Connect and expect it to fail.
+  void ConnectExpectFail();
+  void ConnectExpectFailOneSide(TlsAgent::Role failingSide);
+  void ConnectWithCipherSuite(uint16_t cipher_suite);
+  // Check that the keys used in the handshake match expectations.
+  void CheckKeys(SSLKEAType kea_type, SSLNamedGroup kea_group,
+                 SSLAuthType auth_type, SSLSignatureScheme sig_scheme) const;
+  // This version guesses some of the values.
+  void CheckKeys(SSLKEAType kea_type, SSLAuthType auth_type) const;
+  // This version assumes defaults.
+  void CheckKeys() const;
+  void CheckGroups(const DataBuffer& groups,
+                   std::function<void(SSLNamedGroup)> check_group);
+  void CheckShares(const DataBuffer& shares,
+                   std::function<void(SSLNamedGroup)> check_group);
+
+  void ConfigureVersion(uint16_t version);
+  void SetExpectedVersion(uint16_t version);
+  // Expect resumption of a particular type.
+  void ExpectResumption(SessionResumptionMode expected);
+  void DisableAllCiphers();
+  void EnableOnlyStaticRsaCiphers();
+  void EnableOnlyDheCiphers();
+  void EnableSomeEcdhCiphers();
+  void EnableExtendedMasterSecret();
+  void ConfigureSessionCache(SessionResumptionMode client,
+                             SessionResumptionMode server);
+  void EnableAlpn();
+  void EnableAlpn(const uint8_t* val, size_t len);
+  void EnsureModelSockets();
+  void CheckAlpn(const std::string& val);
+  void EnableSrtp();
+  void CheckSrtp() const;
+  void SendReceive();
+  void SetupForZeroRtt();
+  void SetupForResume();
+  void ZeroRttSendReceive(
+      bool expect_writable, bool expect_readable,
+      std::function<bool()> post_clienthello_check = nullptr);
+  void Receive(size_t amount);
+  void ExpectExtendedMasterSecret(bool expected);
+  void ExpectEarlyDataAccepted(bool expected);
+  void DisableECDHEServerKeyReuse();
+
+ protected:
+  Mode mode_;
+  std::shared_ptr<TlsAgent> client_;
+  std::shared_ptr<TlsAgent> server_;
+  std::unique_ptr<TlsAgent> client_model_;
+  std::unique_ptr<TlsAgent> server_model_;
+  uint16_t version_;
+  SessionResumptionMode expected_resumption_mode_;
+  std::vector<std::vector<uint8_t>> session_ids_;
+
+  // A simple value of "a", "b".  Note that the preferred value of "a" is placed
+  // at the end, because the NSS API follows the now defunct NPN specification,
+  // which places the preferred (and default) entry at the end of the list.
+  // NSS will move this final entry to the front when used with ALPN.
+  const uint8_t alpn_dummy_val_[4] = {0x01, 0x62, 0x01, 0x61};
+
+ private:
+  static inline Mode ToMode(const std::string& str) {
+    return str == "TLS" ? STREAM : DGRAM;
+  }
+
+  void CheckResumption(SessionResumptionMode expected);
+  void CheckExtendedMasterSecret();
+  void CheckEarlyDataAccepted();
+
+  bool expect_extended_master_secret_;
+  bool expect_early_data_accepted_;
+
+  // Track groups and make sure that there are no duplicates.
+  class DuplicateGroupChecker {
+   public:
+    void AddAndCheckGroup(SSLNamedGroup group) {
+      EXPECT_EQ(groups_.end(), groups_.find(group))
+          << "Group " << group << " should not be duplicated";
+      groups_.insert(group);
+    }
+
+   private:
+    std::set<SSLNamedGroup> groups_;
+  };
+};
+
+// A non-parametrized TLS test base.
+class TlsConnectTest : public TlsConnectTestBase {
+ public:
+  TlsConnectTest() : TlsConnectTestBase(STREAM, 0) {}
+};
+
+// A non-parametrized DTLS-only test base.
+class DtlsConnectTest : public TlsConnectTestBase {
+ public:
+  DtlsConnectTest() : TlsConnectTestBase(DGRAM, 0) {}
+};
+
+// A TLS-only test base.
+class TlsConnectStream : public TlsConnectTestBase,
+                         public ::testing::WithParamInterface<uint16_t> {
+ public:
+  TlsConnectStream() : TlsConnectTestBase(STREAM, GetParam()) {}
+};
+
+// A TLS-only test base for tests before 1.3
+class TlsConnectStreamPre13 : public TlsConnectStream {};
+
+// A DTLS-only test base.
+class TlsConnectDatagram : public TlsConnectTestBase,
+                           public ::testing::WithParamInterface<uint16_t> {
+ public:
+  TlsConnectDatagram() : TlsConnectTestBase(DGRAM, GetParam()) {}
+};
+
+// A generic test class that can be either STREAM or DGRAM and a single version
+// of TLS.  This is configured in ssl_loopback_unittest.cc.  All uses of this
+// should use TEST_P().
+class TlsConnectGeneric
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsConnectGeneric();
+};
+
+// A Pre TLS 1.2 generic test.
+class TlsConnectPre12
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsConnectPre12();
+};
+
+// A TLS 1.2 only generic test.
+class TlsConnectTls12 : public TlsConnectTestBase,
+                        public ::testing::WithParamInterface<std::string> {
+ public:
+  TlsConnectTls12();
+};
+
+// A TLS 1.2 only stream test.
+class TlsConnectStreamTls12 : public TlsConnectTestBase {
+ public:
+  TlsConnectStreamTls12()
+      : TlsConnectTestBase(STREAM, SSL_LIBRARY_VERSION_TLS_1_2) {}
+};
+
+// A TLS 1.2+ generic test.
+class TlsConnectTls12Plus
+    : public TlsConnectTestBase,
+      public ::testing::WithParamInterface<std::tuple<std::string, uint16_t>> {
+ public:
+  TlsConnectTls12Plus();
+};
+
+// A TLS 1.3 only generic test.
+class TlsConnectTls13 : public TlsConnectTestBase,
+                        public ::testing::WithParamInterface<std::string> {
+ public:
+  TlsConnectTls13();
+};
+
+// A TLS 1.3 only stream test.
+class TlsConnectStreamTls13 : public TlsConnectTestBase {
+ public:
+  TlsConnectStreamTls13()
+      : TlsConnectTestBase(STREAM, SSL_LIBRARY_VERSION_TLS_1_3) {}
+};
+
+class TlsConnectDatagram13 : public TlsConnectTestBase {
+ public:
+  TlsConnectDatagram13()
+      : TlsConnectTestBase(DGRAM, SSL_LIBRARY_VERSION_TLS_1_3) {}
+};
+
+// A variant that is used only with Pre13.
+class TlsConnectGenericPre13 : public TlsConnectGeneric {};
+
+class TlsKeyExchangeTest : public TlsConnectGeneric {
+ protected:
+  std::shared_ptr<TlsExtensionCapture> groups_capture_;
+  std::shared_ptr<TlsExtensionCapture> shares_capture_;
+  std::shared_ptr<TlsExtensionCapture> shares_capture2_;
+  std::shared_ptr<TlsInspectorRecordHandshakeMessage> capture_hrr_;
+
+  void EnsureKeyShareSetup();
+  void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups);
+  std::vector<SSLNamedGroup> GetGroupDetails(const DataBuffer& ext);
+  std::vector<SSLNamedGroup> GetShareDetails(const DataBuffer& ext);
+  void CheckKEXDetails(const std::vector<SSLNamedGroup>& expectedGroups,
+                       const std::vector<SSLNamedGroup>& expectedShares);
+  void CheckKEXDetails(const std::vector<SSLNamedGroup>& expectedGroups,
+                       const std::vector<SSLNamedGroup>& expectedShares,
+                       SSLNamedGroup expectedShare2);
+
+ private:
+  void CheckKEXDetails(const std::vector<SSLNamedGroup>& expectedGroups,
+                       const std::vector<SSLNamedGroup>& expectedShares,
+                       bool expect_hrr);
+};
+
+class TlsKeyExchangeTest13 : public TlsKeyExchangeTest {};
+class TlsKeyExchangeTestPre13 : public TlsKeyExchangeTest {};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/gtests/ssl_gtest/tls_filter.cc b/nss/gtests/ssl_gtest/tls_filter.cc
new file mode 100644
index 0000000..1f0cd1f
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_filter.cc
@@ -0,0 +1,617 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_filter.h"
+#include "sslproto.h"
+
+extern "C" {
+// This is not something that should make you happy.
+#include "libssl_internals.h"
+}
+
+#include <iostream>
+#include "gtest_utils.h"
+#include "tls_agent.h"
+#include "tls_filter.h"
+#include "tls_protect.h"
+
+namespace nss_test {
+
+void TlsVersioned::WriteStream(std::ostream& stream) const {
+  stream << (is_dtls() ? "DTLS " : "TLS ");
+  switch (version()) {
+    case 0:
+      stream << "(no version)";
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_0:
+      stream << "1.0";
+      break;
+    case SSL_LIBRARY_VERSION_DTLS_1_0_WIRE:
+    case SSL_LIBRARY_VERSION_TLS_1_1:
+      stream << (is_dtls() ? "1.0" : "1.1");
+      break;
+    case SSL_LIBRARY_VERSION_DTLS_1_2_WIRE:
+    case SSL_LIBRARY_VERSION_TLS_1_2:
+      stream << "1.2";
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_3:
+      stream << "1.3";
+      break;
+    default:
+      stream << "Invalid version: " << version();
+      break;
+  }
+}
+
+void TlsRecordFilter::EnableDecryption() {
+  SSLInt_SetCipherSpecChangeFunc(agent()->ssl_fd(), CipherSpecChanged,
+                                 (void*)this);
+}
+
+void TlsRecordFilter::CipherSpecChanged(void* arg, PRBool sending,
+                                        ssl3CipherSpec* newSpec) {
+  TlsRecordFilter* self = static_cast<TlsRecordFilter*>(arg);
+  PRBool isServer = self->agent()->role() == TlsAgent::SERVER;
+
+  if (g_ssl_gtest_verbose) {
+    std::cerr << "Cipher spec changed. Role="
+              << (isServer ? "server" : "client")
+              << " direction=" << (sending ? "send" : "receive") << std::endl;
+  }
+  if (!sending) return;
+
+  self->cipher_spec_.reset(new TlsCipherSpec());
+  bool ret =
+      self->cipher_spec_->Init(SSLInt_CipherSpecToAlgorithm(isServer, newSpec),
+                               SSLInt_CipherSpecToKey(isServer, newSpec),
+                               SSLInt_CipherSpecToIv(isServer, newSpec));
+  EXPECT_EQ(true, ret);
+}
+
+PacketFilter::Action TlsRecordFilter::Filter(const DataBuffer& input,
+                                             DataBuffer* output) {
+  bool changed = false;
+  size_t offset = 0U;
+  output->Allocate(input.len());
+
+  TlsParser parser(input);
+
+  while (parser.remaining()) {
+    TlsRecordHeader header;
+    DataBuffer record;
+
+    if (!header.Parse(&parser, &record)) {
+      ADD_FAILURE() << "not a valid record";
+      return KEEP;
+    }
+
+    if (FilterRecord(header, record, &offset, output) != KEEP) {
+      changed = true;
+    } else {
+      offset = header.Write(output, offset, record);
+    }
+  }
+  output->Truncate(offset);
+
+  // Record how many packets we actually touched.
+  if (changed) {
+    ++count_;
+    return (offset == 0) ? DROP : CHANGE;
+  }
+
+  return KEEP;
+}
+
+PacketFilter::Action TlsRecordFilter::FilterRecord(
+    const TlsRecordHeader& header, const DataBuffer& record, size_t* offset,
+    DataBuffer* output) {
+  DataBuffer filtered;
+  uint8_t inner_content_type;
+  DataBuffer plaintext;
+
+  if (!Unprotect(header, record, &inner_content_type, &plaintext)) {
+    return KEEP;
+  }
+
+  TlsRecordHeader real_header = {header.version(), inner_content_type,
+                                 header.sequence_number()};
+
+  PacketFilter::Action action = FilterRecord(real_header, plaintext, &filtered);
+  if (action == KEEP) {
+    return KEEP;
+  }
+
+  if (action == DROP) {
+    std::cerr << "record drop: " << record << std::endl;
+    return DROP;
+  }
+
+  EXPECT_GT(0x10000U, filtered.len());
+  std::cerr << "record old: " << plaintext << std::endl;
+  std::cerr << "record new: " << filtered << std::endl;
+
+  DataBuffer ciphertext;
+  bool rv = Protect(header, inner_content_type, filtered, &ciphertext);
+  EXPECT_TRUE(rv);
+  if (!rv) {
+    return KEEP;
+  }
+  *offset = header.Write(output, *offset, ciphertext);
+  return CHANGE;
+}
+
+bool TlsRecordHeader::Parse(TlsParser* parser, DataBuffer* body) {
+  if (!parser->Read(&content_type_)) {
+    return false;
+  }
+
+  uint32_t version;
+  if (!parser->Read(&version, 2)) {
+    return false;
+  }
+  version_ = version;
+
+  sequence_number_ = 0;
+  if (IsDtls(version)) {
+    uint32_t tmp;
+    if (!parser->Read(&tmp, 4)) {
+      return false;
+    }
+    sequence_number_ = static_cast<uint64_t>(tmp) << 32;
+    if (!parser->Read(&tmp, 4)) {
+      return false;
+    }
+    sequence_number_ |= static_cast<uint64_t>(tmp);
+  }
+  return parser->ReadVariable(body, 2);
+}
+
+size_t TlsRecordHeader::Write(DataBuffer* buffer, size_t offset,
+                              const DataBuffer& body) const {
+  offset = buffer->Write(offset, content_type_, 1);
+  offset = buffer->Write(offset, version_, 2);
+  if (is_dtls()) {
+    // write epoch (2 octet), and seqnum (6 octet)
+    offset = buffer->Write(offset, sequence_number_ >> 32, 4);
+    offset = buffer->Write(offset, sequence_number_ & 0xffffffff, 4);
+  }
+  offset = buffer->Write(offset, body.len(), 2);
+  offset = buffer->Write(offset, body);
+  return offset;
+}
+
+bool TlsRecordFilter::Unprotect(const TlsRecordHeader& header,
+                                const DataBuffer& ciphertext,
+                                uint8_t* inner_content_type,
+                                DataBuffer* plaintext) {
+  if (!cipher_spec_ || header.content_type() != kTlsApplicationDataType) {
+    *inner_content_type = header.content_type();
+    *plaintext = ciphertext;
+    return true;
+  }
+
+  if (!cipher_spec_->Unprotect(header, ciphertext, plaintext)) return false;
+
+  size_t len = plaintext->len();
+  while (len > 0 && !plaintext->data()[len - 1]) {
+    --len;
+  }
+  if (!len) {
+    // Bogus padding.
+    return false;
+  }
+
+  *inner_content_type = plaintext->data()[len - 1];
+  plaintext->Truncate(len - 1);
+
+  return true;
+}
+
+bool TlsRecordFilter::Protect(const TlsRecordHeader& header,
+                              uint8_t inner_content_type,
+                              const DataBuffer& plaintext,
+                              DataBuffer* ciphertext) {
+  if (!cipher_spec_ || header.content_type() != kTlsApplicationDataType) {
+    *ciphertext = plaintext;
+    return true;
+  }
+  DataBuffer padded = plaintext;
+  padded.Write(padded.len(), inner_content_type, 1);
+  return cipher_spec_->Protect(header, padded, ciphertext);
+}
+
+PacketFilter::Action TlsHandshakeFilter::FilterRecord(
+    const TlsRecordHeader& record_header, const DataBuffer& input,
+    DataBuffer* output) {
+  // Check that the first byte is as requested.
+  if (record_header.content_type() != kTlsHandshakeType) {
+    return KEEP;
+  }
+
+  bool changed = false;
+  size_t offset = 0U;
+  output->Allocate(input.len());  // Preallocate a little.
+
+  TlsParser parser(input);
+  while (parser.remaining()) {
+    HandshakeHeader header;
+    DataBuffer handshake;
+    if (!header.Parse(&parser, record_header, &handshake)) {
+      return KEEP;
+    }
+
+    DataBuffer filtered;
+    PacketFilter::Action action = FilterHandshake(header, handshake, &filtered);
+    if (action == DROP) {
+      changed = true;
+      std::cerr << "handshake drop: " << handshake << std::endl;
+      continue;
+    }
+
+    const DataBuffer* source = &handshake;
+    if (action == CHANGE) {
+      EXPECT_GT(0x1000000U, filtered.len());
+      changed = true;
+      std::cerr << "handshake old: " << handshake << std::endl;
+      std::cerr << "handshake new: " << filtered << std::endl;
+      source = &filtered;
+    }
+
+    offset = header.Write(output, offset, *source);
+  }
+  output->Truncate(offset);
+  return changed ? (offset ? CHANGE : DROP) : KEEP;
+}
+
+bool TlsHandshakeFilter::HandshakeHeader::ReadLength(
+    TlsParser* parser, const TlsRecordHeader& header, uint32_t* length) {
+  if (!parser->Read(length, 3)) {
+    return false;  // malformed
+  }
+
+  if (!header.is_dtls()) {
+    return true;  // nothing left to do
+  }
+
+  // Read and check DTLS parameters
+  uint32_t message_seq_tmp;
+  if (!parser->Read(&message_seq_tmp, 2)) {  // sequence number
+    return false;
+  }
+  message_seq_ = message_seq_tmp;
+
+  uint32_t fragment_offset;
+  if (!parser->Read(&fragment_offset, 3)) {
+    return false;
+  }
+
+  uint32_t fragment_length;
+  if (!parser->Read(&fragment_length, 3)) {
+    return false;
+  }
+
+  // All current tests where we are using this code don't fragment.
+  return (fragment_offset == 0 && fragment_length == *length);
+}
+
+bool TlsHandshakeFilter::HandshakeHeader::Parse(
+    TlsParser* parser, const TlsRecordHeader& record_header, DataBuffer* body) {
+  version_ = record_header.version();
+  if (!parser->Read(&handshake_type_)) {
+    return false;  // malformed
+  }
+  uint32_t length;
+  if (!ReadLength(parser, record_header, &length)) {
+    return false;
+  }
+
+  return parser->Read(body, length);
+}
+
+size_t TlsHandshakeFilter::HandshakeHeader::WriteFragment(
+    DataBuffer* buffer, size_t offset, const DataBuffer& body,
+    size_t fragment_offset, size_t fragment_length) const {
+  EXPECT_TRUE(is_dtls());
+  EXPECT_GE(body.len(), fragment_offset + fragment_length);
+  offset = buffer->Write(offset, handshake_type(), 1);
+  offset = buffer->Write(offset, body.len(), 3);
+  offset = buffer->Write(offset, message_seq_, 2);
+  offset = buffer->Write(offset, fragment_offset, 3);
+  offset = buffer->Write(offset, fragment_length, 3);
+  offset =
+      buffer->Write(offset, body.data() + fragment_offset, fragment_length);
+  return offset;
+}
+
+size_t TlsHandshakeFilter::HandshakeHeader::Write(
+    DataBuffer* buffer, size_t offset, const DataBuffer& body) const {
+  if (is_dtls()) {
+    return WriteFragment(buffer, offset, body, 0U, body.len());
+  }
+  offset = buffer->Write(offset, handshake_type(), 1);
+  offset = buffer->Write(offset, body.len(), 3);
+  offset = buffer->Write(offset, body);
+  return offset;
+}
+
+PacketFilter::Action TlsInspectorRecordHandshakeMessage::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  // Only do this once.
+  if (buffer_.len()) {
+    return KEEP;
+  }
+
+  if (header.handshake_type() == handshake_type_) {
+    buffer_ = input;
+  }
+  return KEEP;
+}
+
+PacketFilter::Action TlsInspectorReplaceHandshakeMessage::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (header.handshake_type() == handshake_type_) {
+    *output = buffer_;
+    return CHANGE;
+  }
+
+  return KEEP;
+}
+
+PacketFilter::Action TlsConversationRecorder::FilterRecord(
+    const TlsRecordHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  buffer_.Append(input);
+  return KEEP;
+}
+
+PacketFilter::Action TlsAlertRecorder::FilterRecord(
+    const TlsRecordHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (level_ == kTlsAlertFatal) {  // already fatal
+    return KEEP;
+  }
+  if (header.content_type() != kTlsAlertType) {
+    return KEEP;
+  }
+
+  std::cerr << "Alert: " << input << std::endl;
+
+  TlsParser parser(input);
+  uint8_t lvl;
+  if (!parser.Read(&lvl)) {
+    return KEEP;
+  }
+  if (lvl == kTlsAlertWarning) {  // not strong enough
+    return KEEP;
+  }
+  level_ = lvl;
+  (void)parser.Read(&description_);
+  return KEEP;
+}
+
+PacketFilter::Action ChainedPacketFilter::Filter(const DataBuffer& input,
+                                                 DataBuffer* output) {
+  DataBuffer in(input);
+  bool changed = false;
+  for (auto it = filters_.begin(); it != filters_.end(); ++it) {
+    PacketFilter::Action action = (*it)->Filter(in, output);
+    if (action == DROP) {
+      return DROP;
+    }
+    if (action == CHANGE) {
+      in = *output;
+      changed = true;
+    }
+  }
+  return changed ? CHANGE : KEEP;
+}
+
+PacketFilter::Action TlsExtensionFilter::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (header.handshake_type() == kTlsHandshakeClientHello) {
+    TlsParser parser(input);
+    if (!FindClientHelloExtensions(&parser, header)) {
+      return KEEP;
+    }
+    return FilterExtensions(&parser, input, output);
+  }
+  if (header.handshake_type() == kTlsHandshakeServerHello) {
+    TlsParser parser(input);
+    if (!FindServerHelloExtensions(&parser)) {
+      return KEEP;
+    }
+    return FilterExtensions(&parser, input, output);
+  }
+  return KEEP;
+}
+
+bool TlsExtensionFilter::FindClientHelloExtensions(TlsParser* parser,
+                                                   const TlsVersioned& header) {
+  if (!parser->Skip(2 + 32)) {  // version + random
+    return false;
+  }
+  if (!parser->SkipVariable(1)) {  // session ID
+    return false;
+  }
+  if (header.is_dtls() && !parser->SkipVariable(1)) {  // DTLS cookie
+    return false;
+  }
+  if (!parser->SkipVariable(2)) {  // cipher suites
+    return false;
+  }
+  if (!parser->SkipVariable(1)) {  // compression methods
+    return false;
+  }
+  return true;
+}
+
+bool TlsExtensionFilter::FindServerHelloExtensions(TlsParser* parser) {
+  uint32_t vtmp;
+  if (!parser->Read(&vtmp, 2)) {
+    return false;
+  }
+  uint16_t version = static_cast<uint16_t>(vtmp);
+  if (!parser->Skip(32)) {  // random
+    return false;
+  }
+  if (NormalizeTlsVersion(version) <= SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (!parser->SkipVariable(1)) {  // session ID
+      return false;
+    }
+  }
+  if (!parser->Skip(2)) {  // cipher suite
+    return false;
+  }
+  if (NormalizeTlsVersion(version) <= SSL_LIBRARY_VERSION_TLS_1_2) {
+    if (!parser->Skip(1)) {  // compression method
+      return false;
+    }
+  }
+  return true;
+}
+
+PacketFilter::Action TlsExtensionFilter::FilterExtensions(
+    TlsParser* parser, const DataBuffer& input, DataBuffer* output) {
+  size_t length_offset = parser->consumed();
+  uint32_t all_extensions;
+  if (!parser->Read(&all_extensions, 2)) {
+    return KEEP;  // no extensions, odd but OK
+  }
+  if (all_extensions != parser->remaining()) {
+    return KEEP;  // malformed
+  }
+
+  bool changed = false;
+
+  // Write out the start of the message.
+  output->Allocate(input.len());
+  size_t offset = output->Write(0, input.data(), parser->consumed());
+
+  while (parser->remaining()) {
+    uint32_t extension_type;
+    if (!parser->Read(&extension_type, 2)) {
+      return KEEP;  // malformed
+    }
+
+    DataBuffer extension;
+    if (!parser->ReadVariable(&extension, 2)) {
+      return KEEP;  // malformed
+    }
+
+    DataBuffer filtered;
+    PacketFilter::Action action =
+        FilterExtension(extension_type, extension, &filtered);
+    if (action == DROP) {
+      changed = true;
+      std::cerr << "extension drop: " << extension << std::endl;
+      continue;
+    }
+
+    const DataBuffer* source = &extension;
+    if (action == CHANGE) {
+      EXPECT_GT(0x10000U, filtered.len());
+      changed = true;
+      std::cerr << "extension old: " << extension << std::endl;
+      std::cerr << "extension new: " << filtered << std::endl;
+      source = &filtered;
+    }
+
+    // Write out extension.
+    offset = output->Write(offset, extension_type, 2);
+    offset = output->Write(offset, source->len(), 2);
+    if (source->len() > 0) {
+      offset = output->Write(offset, *source);
+    }
+  }
+  output->Truncate(offset);
+
+  if (changed) {
+    size_t newlen = output->len() - length_offset - 2;
+    EXPECT_GT(0x10000U, newlen);
+    if (newlen >= 0x10000) {
+      return KEEP;  // bad: size increased too much
+    }
+    output->Write(length_offset, newlen, 2);
+    return CHANGE;
+  }
+  return KEEP;
+}
+
+PacketFilter::Action TlsExtensionCapture::FilterExtension(
+    uint16_t extension_type, const DataBuffer& input, DataBuffer* output) {
+  if (extension_type == extension_ && (last_ || !captured_)) {
+    data_.Assign(input);
+    captured_ = true;
+  }
+  return KEEP;
+}
+
+PacketFilter::Action TlsExtensionReplacer::FilterExtension(
+    uint16_t extension_type, const DataBuffer& input, DataBuffer* output) {
+  if (extension_type != extension_) {
+    return KEEP;
+  }
+
+  *output = data_;
+  return CHANGE;
+}
+
+PacketFilter::Action TlsExtensionDropper::FilterExtension(
+    uint16_t extension_type, const DataBuffer& input, DataBuffer* output) {
+  if (extension_type == extension_) {
+    return DROP;
+  }
+  return KEEP;
+}
+
+PacketFilter::Action AfterRecordN::FilterRecord(const TlsRecordHeader& header,
+                                                const DataBuffer& body,
+                                                DataBuffer* out) {
+  if (counter_++ == record_) {
+    DataBuffer buf;
+    header.Write(&buf, 0, body);
+    src_.lock()->SendDirect(buf);
+    dest_.lock()->Handshake();
+    func_();
+    return DROP;
+  }
+
+  return KEEP;
+}
+
+PacketFilter::Action TlsInspectorClientHelloVersionChanger::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (header.handshake_type() == kTlsHandshakeClientKeyExchange) {
+    EXPECT_EQ(SECSuccess,
+              SSLInt_IncrementClientHandshakeVersion(server_.lock()->ssl_fd()));
+  }
+  return KEEP;
+}
+
+PacketFilter::Action SelectiveDropFilter::Filter(const DataBuffer& input,
+                                                 DataBuffer* output) {
+  if (counter_ >= 32) {
+    return KEEP;
+  }
+  return ((1 << counter_++) & pattern_) ? DROP : KEEP;
+}
+
+PacketFilter::Action TlsInspectorClientHelloVersionSetter::FilterHandshake(
+    const HandshakeHeader& header, const DataBuffer& input,
+    DataBuffer* output) {
+  if (header.handshake_type() == kTlsHandshakeClientHello) {
+    *output = input;
+    output->Write(0, version_, 2);
+    return CHANGE;
+  }
+  return KEEP;
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/tls_filter.h b/nss/gtests/ssl_gtest/tls_filter.h
new file mode 100644
index 0000000..0d63187
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_filter.h
@@ -0,0 +1,401 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_filter_h_
+#define tls_filter_h_
+
+#include <functional>
+#include <memory>
+#include <vector>
+
+#include "test_io.h"
+#include "tls_parser.h"
+#include "tls_protect.h"
+
+extern "C" {
+#include "libssl_internals.h"
+}
+
+namespace nss_test {
+
+class TlsCipherSpec;
+class TlsAgent;
+
+class TlsVersioned {
+ public:
+  TlsVersioned() : version_(0) {}
+  explicit TlsVersioned(uint16_t version) : version_(version) {}
+
+  bool is_dtls() const { return IsDtls(version_); }
+  uint16_t version() const { return version_; }
+
+  void WriteStream(std::ostream& stream) const;
+
+ protected:
+  uint16_t version_;
+};
+
+class TlsRecordHeader : public TlsVersioned {
+ public:
+  TlsRecordHeader() : TlsVersioned(), content_type_(0), sequence_number_(0) {}
+  TlsRecordHeader(uint16_t version, uint8_t content_type,
+                  uint64_t sequence_number)
+      : TlsVersioned(version),
+        content_type_(content_type),
+        sequence_number_(sequence_number) {}
+
+  uint8_t content_type() const { return content_type_; }
+  uint64_t sequence_number() const { return sequence_number_; }
+  size_t header_length() const { return is_dtls() ? 11 : 3; }
+
+  // Parse the header; return true if successful; body in an outparam if OK.
+  bool Parse(TlsParser* parser, DataBuffer* body);
+  // Write the header and body to a buffer at the given offset.
+  // Return the offset of the end of the write.
+  size_t Write(DataBuffer* buffer, size_t offset, const DataBuffer& body) const;
+
+ private:
+  uint8_t content_type_;
+  uint64_t sequence_number_;
+};
+
+// Abstract filter that operates on entire (D)TLS records.
+class TlsRecordFilter : public PacketFilter {
+ public:
+  TlsRecordFilter() : agent_(nullptr), count_(0), cipher_spec_() {}
+
+  void SetAgent(const TlsAgent* agent) { agent_ = agent; }
+  const TlsAgent* agent() const { return agent_; }
+
+  // External interface. Overrides PacketFilter.
+  PacketFilter::Action Filter(const DataBuffer& input, DataBuffer* output);
+
+  // Report how many packets were altered by the filter.
+  size_t filtered_packets() const { return count_; }
+
+  // Enable decryption. This only works properly for TLS 1.3 and above.
+  // Enabling it for lower version tests will cause undefined
+  // behavior.
+  void EnableDecryption();
+  bool Unprotect(const TlsRecordHeader& header, const DataBuffer& cipherText,
+                 uint8_t* inner_content_type, DataBuffer* plaintext);
+  bool Protect(const TlsRecordHeader& header, uint8_t inner_content_type,
+               const DataBuffer& plaintext, DataBuffer* ciphertext);
+
+ protected:
+  // There are two filter functions which can be overriden. Both are
+  // called with the header and the record but the outer one is called
+  // with a raw pointer to let you write into the buffer and lets you
+  // do anything with this section of the stream. The inner one
+  // just lets you change the record contents. By default, the
+  // outer one calls the inner one, so if you override the outer
+  // one, the inner one is never called unless you call it yourself.
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& record,
+                                            size_t* offset, DataBuffer* output);
+
+  // The record filter receives the record contentType, version and DTLS
+  // sequence number (which is zero for TLS), plus the existing record payload.
+  // It returns an action (KEEP, CHANGE, DROP).  It writes to the `changed`
+  // outparam with the new record contents if it chooses to CHANGE the record.
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& data,
+                                            DataBuffer* changed) {
+    return KEEP;
+  }
+
+ private:
+  static void CipherSpecChanged(void* arg, PRBool sending,
+                                ssl3CipherSpec* newSpec);
+
+  const TlsAgent* agent_;
+  size_t count_;
+  std::unique_ptr<TlsCipherSpec> cipher_spec_;
+};
+
+inline std::ostream& operator<<(std::ostream& stream, TlsVersioned v) {
+  v.WriteStream(stream);
+  return stream;
+}
+
+inline std::ostream& operator<<(std::ostream& stream, TlsRecordHeader& hdr) {
+  hdr.WriteStream(stream);
+  stream << ' ';
+  switch (hdr.content_type()) {
+    case kTlsChangeCipherSpecType:
+      stream << "CCS";
+      break;
+    case kTlsAlertType:
+      stream << "Alert";
+      break;
+    case kTlsHandshakeType:
+      stream << "Handshake";
+      break;
+    case kTlsApplicationDataType:
+      stream << "Data";
+      break;
+    default:
+      stream << '<' << hdr.content_type() << '>';
+      break;
+  }
+  return stream << ' ' << std::hex << hdr.sequence_number() << std::dec;
+}
+
+// Abstract filter that operates on handshake messages rather than records.
+// This assumes that the handshake messages are written in a block as entire
+// records and that they don't span records or anything crazy like that.
+class TlsHandshakeFilter : public TlsRecordFilter {
+ public:
+  TlsHandshakeFilter() {}
+
+  class HandshakeHeader : public TlsVersioned {
+   public:
+    HandshakeHeader() : TlsVersioned(), handshake_type_(0), message_seq_(0) {}
+
+    uint8_t handshake_type() const { return handshake_type_; }
+    bool Parse(TlsParser* parser, const TlsRecordHeader& record_header,
+               DataBuffer* body);
+    size_t Write(DataBuffer* buffer, size_t offset,
+                 const DataBuffer& body) const;
+    size_t WriteFragment(DataBuffer* buffer, size_t offset,
+                         const DataBuffer& body, size_t fragment_offset,
+                         size_t fragment_length) const;
+
+   private:
+    // Reads the length from the record header.
+    // This also reads the DTLS fragment information and checks it.
+    bool ReadLength(TlsParser* parser, const TlsRecordHeader& header,
+                    uint32_t* length);
+
+    uint8_t handshake_type_;
+    uint16_t message_seq_;
+    // fragment_offset is always zero in these tests.
+  };
+
+ protected:
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& input,
+                                            DataBuffer* output);
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) = 0;
+
+ private:
+};
+
+// Make a copy of the first instance of a handshake message.
+class TlsInspectorRecordHandshakeMessage : public TlsHandshakeFilter {
+ public:
+  TlsInspectorRecordHandshakeMessage(uint8_t handshake_type)
+      : handshake_type_(handshake_type), buffer_() {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+  const DataBuffer& buffer() const { return buffer_; }
+
+ private:
+  uint8_t handshake_type_;
+  DataBuffer buffer_;
+};
+
+// Replace all instances of a handshake message.
+class TlsInspectorReplaceHandshakeMessage : public TlsHandshakeFilter {
+ public:
+  TlsInspectorReplaceHandshakeMessage(uint8_t handshake_type,
+                                      const DataBuffer& replacement)
+      : handshake_type_(handshake_type), buffer_(replacement) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+ private:
+  uint8_t handshake_type_;
+  DataBuffer buffer_;
+};
+
+// Make a copy of the complete conversation.
+class TlsConversationRecorder : public TlsRecordFilter {
+ public:
+  TlsConversationRecorder(DataBuffer& buffer) : buffer_(buffer) {}
+
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& input,
+                                            DataBuffer* output);
+
+ private:
+  DataBuffer& buffer_;
+};
+
+// Records an alert.  If an alert has already been recorded, it won't save the
+// new alert unless the old alert is a warning and the new one is fatal.
+class TlsAlertRecorder : public TlsRecordFilter {
+ public:
+  TlsAlertRecorder() : level_(255), description_(255) {}
+
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& input,
+                                            DataBuffer* output);
+
+  uint8_t level() const { return level_; }
+  uint8_t description() const { return description_; }
+
+ private:
+  uint8_t level_;
+  uint8_t description_;
+};
+
+// Runs multiple packet filters in series.
+class ChainedPacketFilter : public PacketFilter {
+ public:
+  ChainedPacketFilter() {}
+  ChainedPacketFilter(const std::vector<std::shared_ptr<PacketFilter>> filters)
+      : filters_(filters.begin(), filters.end()) {}
+  virtual ~ChainedPacketFilter() {}
+
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output);
+
+  // Takes ownership of the filter.
+  void Add(std::shared_ptr<PacketFilter> filter) { filters_.push_back(filter); }
+
+ private:
+  std::vector<std::shared_ptr<PacketFilter>> filters_;
+};
+
+class TlsExtensionFilter : public TlsHandshakeFilter {
+ protected:
+  PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override;
+
+  virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                               const DataBuffer& input,
+                                               DataBuffer* output) = 0;
+
+ public:
+  static bool FindClientHelloExtensions(TlsParser* parser,
+                                        const TlsVersioned& header);
+  static bool FindServerHelloExtensions(TlsParser* parser);
+
+ private:
+  PacketFilter::Action FilterExtensions(TlsParser* parser,
+                                        const DataBuffer& input,
+                                        DataBuffer* output);
+};
+
+class TlsExtensionCapture : public TlsExtensionFilter {
+ public:
+  TlsExtensionCapture(uint16_t ext, bool last = false)
+      : extension_(ext), captured_(false), last_(last), data_() {}
+
+  const DataBuffer& extension() const { return data_; }
+  bool captured() const { return captured_; }
+
+ protected:
+  PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override;
+
+ private:
+  const uint16_t extension_;
+  bool captured_;
+  bool last_;
+  DataBuffer data_;
+};
+
+class TlsExtensionReplacer : public TlsExtensionFilter {
+ public:
+  TlsExtensionReplacer(uint16_t extension, const DataBuffer& data)
+      : extension_(extension), data_(data) {}
+  PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                       const DataBuffer& input,
+                                       DataBuffer* output) override;
+
+ private:
+  const uint16_t extension_;
+  const DataBuffer data_;
+};
+
+class TlsExtensionDropper : public TlsExtensionFilter {
+ public:
+  TlsExtensionDropper(uint16_t extension) : extension_(extension) {}
+  PacketFilter::Action FilterExtension(uint16_t extension_type,
+                                       const DataBuffer&, DataBuffer*) override;
+
+ private:
+  uint16_t extension_;
+};
+
+class TlsAgent;
+typedef std::function<void(void)> VoidFunction;
+
+class AfterRecordN : public TlsRecordFilter {
+ public:
+  AfterRecordN(std::shared_ptr<TlsAgent>& src, std::shared_ptr<TlsAgent>& dest,
+               unsigned int record, VoidFunction func)
+      : src_(src), dest_(dest), record_(record), func_(func), counter_(0) {}
+
+  virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+                                            const DataBuffer& body,
+                                            DataBuffer* out) override;
+
+ private:
+  std::weak_ptr<TlsAgent> src_;
+  std::weak_ptr<TlsAgent> dest_;
+  unsigned int record_;
+  VoidFunction func_;
+  unsigned int counter_;
+};
+
+// When we see the ClientKeyExchange from |client|, increment the
+// ClientHelloVersion on |server|.
+class TlsInspectorClientHelloVersionChanger : public TlsHandshakeFilter {
+ public:
+  TlsInspectorClientHelloVersionChanger(std::shared_ptr<TlsAgent>& server)
+      : server_(server) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+ private:
+  std::weak_ptr<TlsAgent> server_;
+};
+
+// This class selectively drops complete writes.  This relies on the fact that
+// writes in libssl are on record boundaries.
+class SelectiveDropFilter : public PacketFilter {
+ public:
+  SelectiveDropFilter(uint32_t pattern) : pattern_(pattern), counter_(0) {}
+
+ protected:
+  virtual PacketFilter::Action Filter(const DataBuffer& input,
+                                      DataBuffer* output) override;
+
+ private:
+  const uint32_t pattern_;
+  uint8_t counter_;
+};
+
+// Set the version number in the ClientHello.
+class TlsInspectorClientHelloVersionSetter : public TlsHandshakeFilter {
+ public:
+  TlsInspectorClientHelloVersionSetter(uint16_t version) : version_(version) {}
+
+  virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
+                                               const DataBuffer& input,
+                                               DataBuffer* output);
+
+ private:
+  uint16_t version_;
+};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc b/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
new file mode 100644
index 0000000..51ff938
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_hkdf_unittest.cc
@@ -0,0 +1,262 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include "nss.h"
+#include "pk11pub.h"
+#include "tls13hkdf.h"
+
+#include "databuffer.h"
+#include "gtest_utils.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+const uint8_t kKey1Data[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
+const DataBuffer kKey1(kKey1Data, sizeof(kKey1Data));
+
+// The same as key1 but with the first byte
+// 0x01.
+const uint8_t kKey2Data[] = {
+    0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+    0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f};
+const DataBuffer kKey2(kKey2Data, sizeof(kKey2Data));
+
+const char kLabelMasterSecret[] = "master secret";
+
+const uint8_t kSessionHash[] = {
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xd0, 0xd1, 0xd2, 0xd3,
+    0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb,
+    0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0xe0, 0xe1, 0xe2, 0xe3,
+    0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+    0xfc, 0xfd, 0xfe, 0xff,
+};
+
+const size_t kHashLength[] = {
+    0,  /* ssl_hash_none   */
+    16, /* ssl_hash_md5    */
+    20, /* ssl_hash_sha1   */
+    28, /* ssl_hash_sha224 */
+    32, /* ssl_hash_sha256 */
+    48, /* ssl_hash_sha384 */
+    64, /* ssl_hash_sha512 */
+};
+
+const std::string kHashName[] = {"None",    "MD5",     "SHA-1",  "SHA-224",
+                                 "SHA-256", "SHA-384", "SHA-512"};
+
+static void ImportKey(ScopedPK11SymKey* to, const DataBuffer& key,
+                      PK11SlotInfo* slot) {
+  SECItem key_item = {siBuffer, const_cast<uint8_t*>(key.data()),
+                      static_cast<unsigned int>(key.len())};
+
+  PK11SymKey* inner =
+      PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE, PK11_OriginUnwrap,
+                        CKA_DERIVE, &key_item, NULL);
+  ASSERT_NE(nullptr, inner);
+  to->reset(inner);
+}
+
+static void DumpData(const std::string& label, const uint8_t* buf, size_t len) {
+  DataBuffer d(buf, len);
+
+  std::cerr << label << ": " << d << std::endl;
+}
+
+void DumpKey(const std::string& label, ScopedPK11SymKey& key) {
+  SECStatus rv = PK11_ExtractKeyValue(key.get());
+  ASSERT_EQ(SECSuccess, rv);
+
+  SECItem* key_data = PK11_GetKeyData(key.get());
+  ASSERT_NE(nullptr, key_data);
+
+  DumpData(label, key_data->data, key_data->len);
+}
+
+extern "C" {
+extern char ssl_trace;
+extern FILE* ssl_trace_iob;
+}
+
+class TlsHkdfTest : public ::testing::Test,
+                    public ::testing::WithParamInterface<SSLHashType> {
+ public:
+  TlsHkdfTest()
+      : k1_(), k2_(), hash_type_(GetParam()), slot_(PK11_GetInternalSlot()) {
+    EXPECT_NE(nullptr, slot_);
+    char* ev = getenv("SSLTRACE");
+    if (ev && ev[0]) {
+      ssl_trace = atoi(ev);
+      ssl_trace_iob = stderr;
+    }
+  }
+
+  void SetUp() {
+    ImportKey(&k1_, kKey1, slot_.get());
+    ImportKey(&k2_, kKey2, slot_.get());
+  }
+
+  void VerifyKey(const ScopedPK11SymKey& key, const DataBuffer& expected) {
+    SECStatus rv = PK11_ExtractKeyValue(key.get());
+    ASSERT_EQ(SECSuccess, rv);
+
+    SECItem* key_data = PK11_GetKeyData(key.get());
+    ASSERT_NE(nullptr, key_data);
+
+    EXPECT_EQ(expected.len(), key_data->len);
+    EXPECT_EQ(0, memcmp(expected.data(), key_data->data, expected.len()));
+  }
+
+  void HkdfExtract(const ScopedPK11SymKey& ikmk1, const ScopedPK11SymKey& ikmk2,
+                   SSLHashType base_hash, const DataBuffer& expected) {
+    std::cerr << "Hash = " << kHashName[base_hash] << std::endl;
+
+    PK11SymKey* prk = nullptr;
+    SECStatus rv = tls13_HkdfExtract(ikmk1.get(), ikmk2.get(), base_hash, &prk);
+    ASSERT_EQ(SECSuccess, rv);
+    ScopedPK11SymKey prkk(prk);
+
+    DumpKey("Output", prkk);
+    VerifyKey(prkk, expected);
+  }
+
+  void HkdfExpandLabel(ScopedPK11SymKey* prk, SSLHashType base_hash,
+                       const uint8_t* session_hash, size_t session_hash_len,
+                       const char* label, size_t label_len,
+                       const DataBuffer& expected) {
+    std::cerr << "Hash = " << kHashName[base_hash] << std::endl;
+
+    std::vector<uint8_t> output(expected.len());
+
+    SECStatus rv = tls13_HkdfExpandLabelRaw(prk->get(), base_hash, session_hash,
+                                            session_hash_len, label, label_len,
+                                            &output[0], output.size());
+    ASSERT_EQ(SECSuccess, rv);
+    DumpData("Output", &output[0], output.size());
+    EXPECT_EQ(0, memcmp(expected.data(), &output[0], expected.len()));
+  }
+
+ protected:
+  ScopedPK11SymKey k1_;
+  ScopedPK11SymKey k2_;
+  SSLHashType hash_type_;
+
+ private:
+  ScopedPK11SlotInfo slot_;
+};
+
+TEST_P(TlsHkdfTest, HkdfNullNull) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b, 0x09, 0xe6, 0xcd,
+       0x98, 0x93, 0x68, 0x0c, 0xe2, 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f,
+       0x26, 0x60, 0xe1, 0xb2, 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a},
+      {0x7e, 0xe8, 0x20, 0x6f, 0x55, 0x70, 0x02, 0x3e, 0x6d, 0xc7, 0x51, 0x9e,
+       0xb1, 0x07, 0x3b, 0xc4, 0xe7, 0x91, 0xad, 0x37, 0xb5, 0xc3, 0x82, 0xaa,
+       0x10, 0xba, 0x18, 0xe2, 0x35, 0x7e, 0x71, 0x69, 0x71, 0xf9, 0x36, 0x2f,
+       0x2c, 0x2f, 0xe2, 0xa7, 0x6b, 0xfd, 0x78, 0xdf, 0xec, 0x4e, 0xa9, 0xb5}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(nullptr, nullptr, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfKey1Only) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {0x11, 0x87, 0x38, 0x28, 0xa9, 0x19, 0x78, 0x11, 0x33, 0x91, 0x24,
+       0xb5, 0x8a, 0x1b, 0xb0, 0x9f, 0x7f, 0x0d, 0x8d, 0xbb, 0x10, 0xf4,
+       0x9c, 0x54, 0xbd, 0x1f, 0xd8, 0x85, 0xcd, 0x15, 0x30, 0x33},
+      {0x51, 0xb1, 0xd5, 0xb4, 0x59, 0x79, 0x79, 0x08, 0x4a, 0x15, 0xb2, 0xdb,
+       0x84, 0xd3, 0xd6, 0xbc, 0xfc, 0x93, 0x45, 0xd9, 0xdc, 0x74, 0xda, 0x1a,
+       0x57, 0xc2, 0x76, 0x9f, 0x3f, 0x83, 0x45, 0x2f, 0xf6, 0xf3, 0x56, 0x1f,
+       0x58, 0x63, 0xdb, 0x88, 0xda, 0x40, 0xce, 0x63, 0x7d, 0x24, 0x37, 0xf3}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(k1_, nullptr, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfKey2Only) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {
+          0x2f, 0x5f, 0x78, 0xd0, 0xa4, 0xc4, 0x36, 0xee, 0x6c, 0x8a, 0x4e,
+          0xf9, 0xd0, 0x43, 0x81, 0x02, 0x13, 0xfd, 0x47, 0x83, 0x63, 0x3a,
+          0xd2, 0xe1, 0x40, 0x6d, 0x2d, 0x98, 0x00, 0xfd, 0xc1, 0x87,
+      },
+      {0x7b, 0x40, 0xf9, 0xef, 0x91, 0xff, 0xc9, 0xd1, 0x29, 0x24, 0x5c, 0xbf,
+       0xf8, 0x82, 0x76, 0x68, 0xae, 0x4b, 0x63, 0xe8, 0x03, 0xdd, 0x39, 0xa8,
+       0xd4, 0x6a, 0xf6, 0xe5, 0xec, 0xea, 0xf8, 0x7d, 0x91, 0x71, 0x81, 0xf1,
+       0xdb, 0x3b, 0xaf, 0xbf, 0xde, 0x71, 0x61, 0x15, 0xeb, 0xb5, 0x5f, 0x68}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(nullptr, k2_, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfKey1Key2) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {
+          0x79, 0x53, 0xb8, 0xdd, 0x6b, 0x98, 0xce, 0x00, 0xb7, 0xdc, 0xe8,
+          0x03, 0x70, 0x8c, 0xe3, 0xac, 0x06, 0x8b, 0x22, 0xfd, 0x0e, 0x34,
+          0x48, 0xe6, 0xe5, 0xe0, 0x8a, 0xd6, 0x16, 0x18, 0xe5, 0x48,
+      },
+      {0x01, 0x93, 0xc0, 0x07, 0x3f, 0x6a, 0x83, 0x0e, 0x2e, 0x4f, 0xb2, 0x58,
+       0xe4, 0x00, 0x08, 0x5c, 0x68, 0x9c, 0x37, 0x32, 0x00, 0x37, 0xff, 0xc3,
+       0x1c, 0x5b, 0x98, 0x0b, 0x02, 0x92, 0x3f, 0xfd, 0x73, 0x5a, 0x6f, 0x2a,
+       0x95, 0xa3, 0xee, 0xf6, 0xd6, 0x8e, 0x6f, 0x86, 0xea, 0x63, 0xf8, 0x33}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExtract(k1_, k2_, hash_type_, expected_data);
+}
+
+TEST_P(TlsHkdfTest, HkdfExpandLabel) {
+  const uint8_t tv[][48] = {
+      {/* ssl_hash_none   */},
+      {/* ssl_hash_md5    */},
+      {/* ssl_hash_sha1   */},
+      {/* ssl_hash_sha224 */},
+      {0x34, 0x7c, 0x67, 0x80, 0xff, 0x0b, 0xba, 0xd7, 0x1c, 0x28, 0x3b,
+       0x16, 0xeb, 0x2f, 0x9c, 0xf6, 0x2d, 0x24, 0xe6, 0xcd, 0xb6, 0x13,
+       0xd5, 0x17, 0x76, 0x54, 0x8c, 0xb0, 0x7d, 0xcd, 0xe7, 0x4c},
+      {0x4b, 0x1e, 0x5e, 0xc1, 0x49, 0x30, 0x78, 0xea, 0x35, 0xbd, 0x3f, 0x01,
+       0x04, 0xe6, 0x1a, 0xea, 0x14, 0xcc, 0x18, 0x2a, 0xd1, 0xc4, 0x76, 0x21,
+       0xc4, 0x64, 0xc0, 0x4e, 0x4b, 0x36, 0x16, 0x05, 0x6f, 0x04, 0xab, 0xe9,
+       0x43, 0xb1, 0x2d, 0xa8, 0xa7, 0x17, 0x9a, 0x5f, 0x09, 0x91, 0x7d, 0x1f}};
+
+  const DataBuffer expected_data(tv[hash_type_], kHashLength[hash_type_]);
+  HkdfExpandLabel(&k1_, hash_type_, kSessionHash, kHashLength[hash_type_],
+                  kLabelMasterSecret, strlen(kLabelMasterSecret),
+                  expected_data);
+}
+
+static const SSLHashType kHashTypes[] = {ssl_hash_sha256, ssl_hash_sha384};
+INSTANTIATE_TEST_CASE_P(AllHashFuncs, TlsHkdfTest,
+                        ::testing::ValuesIn(kHashTypes));
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/tls_parser.cc b/nss/gtests/ssl_gtest/tls_parser.cc
new file mode 100644
index 0000000..e4c06aa
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_parser.cc
@@ -0,0 +1,73 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_parser.h"
+
+namespace nss_test {
+
+bool TlsParser::Read(uint8_t* val) {
+  if (remaining() < 1) {
+    return false;
+  }
+  *val = *ptr();
+  consume(1);
+  return true;
+}
+
+bool TlsParser::Read(uint32_t* val, size_t size) {
+  if (size > sizeof(uint32_t)) {
+    return false;
+  }
+
+  uint32_t v = 0;
+  for (size_t i = 0; i < size; ++i) {
+    uint8_t tmp;
+    if (!Read(&tmp)) {
+      return false;
+    }
+
+    v = (v << 8) | tmp;
+  }
+
+  *val = v;
+  return true;
+}
+
+bool TlsParser::Read(DataBuffer* val, size_t len) {
+  if (remaining() < len) {
+    return false;
+  }
+
+  val->Assign(ptr(), len);
+  consume(len);
+  return true;
+}
+
+bool TlsParser::ReadVariable(DataBuffer* val, size_t len_size) {
+  uint32_t len;
+  if (!Read(&len, len_size)) {
+    return false;
+  }
+  return Read(val, len);
+}
+
+bool TlsParser::Skip(size_t len) {
+  if (len > remaining()) {
+    return false;
+  }
+  consume(len);
+  return true;
+}
+
+bool TlsParser::SkipVariable(size_t len_size) {
+  uint32_t len;
+  if (!Read(&len, len_size)) {
+    return false;
+  }
+  return Skip(len);
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/tls_parser.h b/nss/gtests/ssl_gtest/tls_parser.h
new file mode 100644
index 0000000..8b6e5b9
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_parser.h
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_parser_h_
+#define tls_parser_h_
+
+#include <cstdint>
+#include <cstring>
+#include <memory>
+#if defined(WIN32) || defined(WIN64)
+#include <winsock2.h>
+#else
+#include <arpa/inet.h>
+#endif
+#include "databuffer.h"
+
+namespace nss_test {
+
+const uint8_t kTlsChangeCipherSpecType = 20;
+const uint8_t kTlsAlertType = 21;
+const uint8_t kTlsHandshakeType = 22;
+const uint8_t kTlsApplicationDataType = 23;
+
+const uint8_t kTlsHandshakeClientHello = 1;
+const uint8_t kTlsHandshakeServerHello = 2;
+const uint8_t kTlsHandshakeHelloRetryRequest = 6;
+const uint8_t kTlsHandshakeEncryptedExtensions = 8;
+const uint8_t kTlsHandshakeCertificate = 11;
+const uint8_t kTlsHandshakeServerKeyExchange = 12;
+const uint8_t kTlsHandshakeCertificateRequest = 13;
+const uint8_t kTlsHandshakeCertificateVerify = 15;
+const uint8_t kTlsHandshakeClientKeyExchange = 16;
+const uint8_t kTlsHandshakeFinished = 20;
+
+const uint8_t kTlsAlertWarning = 1;
+const uint8_t kTlsAlertFatal = 2;
+
+const uint8_t kTlsAlertUnexpectedMessage = 10;
+const uint8_t kTlsAlertBadRecordMac = 20;
+const uint8_t kTlsAlertHandshakeFailure = 40;
+const uint8_t kTlsAlertIllegalParameter = 47;
+const uint8_t kTlsAlertDecodeError = 50;
+const uint8_t kTlsAlertDecryptError = 51;
+const uint8_t kTlsAlertMissingExtension = 109;
+const uint8_t kTlsAlertUnsupportedExtension = 110;
+const uint8_t kTlsAlertUnrecognizedName = 112;
+const uint8_t kTlsAlertNoApplicationProtocol = 120;
+
+const uint8_t kTlsFakeChangeCipherSpec[] = {
+    kTlsChangeCipherSpecType,  // Type
+    0xfe,
+    0xff,  // Version
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x00,
+    0x10,  // Fictitious sequence #
+    0x00,
+    0x01,  // Length
+    0x01   // Value
+};
+
+static const uint8_t kTls13PskKe = 0;
+static const uint8_t kTls13PskDhKe = 1;
+static const uint8_t kTls13PskAuth = 0;
+static const uint8_t kTls13PskSignAuth = 1;
+
+inline bool IsDtls(uint16_t version) { return (version & 0x8000) == 0x8000; }
+
+inline uint16_t NormalizeTlsVersion(uint16_t version) {
+  if (version == 0xfeff) {
+    return 0x0302;  // special: DTLS 1.0 == TLS 1.1
+  }
+  if (IsDtls(version)) {
+    return (version ^ 0xffff) + 0x0201;
+  }
+  return version;
+}
+
+inline uint16_t TlsVersionToDtlsVersion(uint16_t version) {
+  if (version == 0x0302) {
+    return 0xfeff;
+  }
+  if (version == 0x0304) {
+    return version;
+  }
+  return 0xffff - version + 0x0201;
+}
+
+inline size_t WriteVariable(DataBuffer* target, size_t index,
+                            const DataBuffer& buf, size_t len_size) {
+  index = target->Write(index, static_cast<uint32_t>(buf.len()), len_size);
+  return target->Write(index, buf.data(), buf.len());
+}
+
+class TlsParser {
+ public:
+  TlsParser(const uint8_t* data, size_t len) : buffer_(data, len), offset_(0) {}
+  explicit TlsParser(const DataBuffer& buf) : buffer_(buf), offset_(0) {}
+
+  bool Read(uint8_t* val);
+  // Read an integral type of specified width.
+  bool Read(uint32_t* val, size_t size);
+  // Reads len bytes into dest buffer, overwriting it.
+  bool Read(DataBuffer* dest, size_t len);
+  // Reads bytes into dest buffer, overwriting it.  The number of bytes is
+  // determined by reading from len_size bytes from the stream first.
+  bool ReadVariable(DataBuffer* dest, size_t len_size);
+
+  bool Skip(size_t len);
+  bool SkipVariable(size_t len_size);
+
+  size_t consumed() const { return offset_; }
+  size_t remaining() const { return buffer_.len() - offset_; }
+
+ private:
+  void consume(size_t len) { offset_ += len; }
+  const uint8_t* ptr() const { return buffer_.data() + offset_; }
+
+  DataBuffer buffer_;
+  size_t offset_;
+};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/gtests/ssl_gtest/tls_protect.cc b/nss/gtests/ssl_gtest/tls_protect.cc
new file mode 100644
index 0000000..efcd89e
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_protect.cc
@@ -0,0 +1,145 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "tls_protect.h"
+#include "tls_filter.h"
+
+namespace nss_test {
+
+AeadCipher::~AeadCipher() {
+  if (key_) {
+    PK11_FreeSymKey(key_);
+  }
+}
+
+bool AeadCipher::Init(PK11SymKey *key, const uint8_t *iv) {
+  key_ = PK11_ReferenceSymKey(key);
+  if (!key_) return false;
+
+  memcpy(iv_, iv, sizeof(iv_));
+  return true;
+}
+
+void AeadCipher::FormatNonce(uint64_t seq, uint8_t *nonce) {
+  memcpy(nonce, iv_, 12);
+
+  for (size_t i = 0; i < 8; ++i) {
+    nonce[12 - (i + 1)] ^= seq & 0xff;
+    seq >>= 8;
+  }
+
+  DataBuffer d(nonce, 12);
+  std::cerr << "Nonce " << d << std::endl;
+}
+
+bool AeadCipher::AeadInner(bool decrypt, void *params, size_t param_length,
+                           const uint8_t *in, size_t inlen, uint8_t *out,
+                           size_t *outlen, size_t maxlen) {
+  SECStatus rv;
+  unsigned int uoutlen = 0;
+  SECItem param = {
+      siBuffer, static_cast<unsigned char *>(params),
+      static_cast<unsigned int>(param_length),
+  };
+
+  if (decrypt) {
+    rv = PK11_Decrypt(key_, mech_, &param, out, &uoutlen, maxlen, in, inlen);
+  } else {
+    rv = PK11_Encrypt(key_, mech_, &param, out, &uoutlen, maxlen, in, inlen);
+  }
+  *outlen = (int)uoutlen;
+
+  return rv == SECSuccess;
+}
+
+bool AeadCipherAesGcm::Aead(bool decrypt, uint64_t seq, const uint8_t *in,
+                            size_t inlen, uint8_t *out, size_t *outlen,
+                            size_t maxlen) {
+  CK_GCM_PARAMS aeadParams;
+  unsigned char nonce[12];
+
+  memset(&aeadParams, 0, sizeof(aeadParams));
+  aeadParams.pIv = nonce;
+  aeadParams.ulIvLen = sizeof(nonce);
+  aeadParams.pAAD = NULL;
+  aeadParams.ulAADLen = 0;
+  aeadParams.ulTagBits = 128;
+
+  FormatNonce(seq, nonce);
+  return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams),
+                   in, inlen, out, outlen, maxlen);
+}
+
+bool AeadCipherChacha20Poly1305::Aead(bool decrypt, uint64_t seq,
+                                      const uint8_t *in, size_t inlen,
+                                      uint8_t *out, size_t *outlen,
+                                      size_t maxlen) {
+  CK_NSS_AEAD_PARAMS aeadParams;
+  unsigned char nonce[12];
+
+  memset(&aeadParams, 0, sizeof(aeadParams));
+  aeadParams.pNonce = nonce;
+  aeadParams.ulNonceLen = sizeof(nonce);
+  aeadParams.pAAD = NULL;
+  aeadParams.ulAADLen = 0;
+  aeadParams.ulTagLen = 16;
+
+  FormatNonce(seq, nonce);
+  return AeadInner(decrypt, (unsigned char *)&aeadParams, sizeof(aeadParams),
+                   in, inlen, out, outlen, maxlen);
+}
+
+bool TlsCipherSpec::Init(SSLCipherAlgorithm cipher, PK11SymKey *key,
+                         const uint8_t *iv) {
+  switch (cipher) {
+    case ssl_calg_aes_gcm:
+      aead_.reset(new AeadCipherAesGcm());
+      break;
+    case ssl_calg_chacha20:
+      aead_.reset(new AeadCipherChacha20Poly1305());
+      break;
+    default:
+      return false;
+  }
+
+  return aead_->Init(key, iv);
+}
+
+bool TlsCipherSpec::Unprotect(const TlsRecordHeader &header,
+                              const DataBuffer &ciphertext,
+                              DataBuffer *plaintext) {
+  // Make space.
+  plaintext->Allocate(ciphertext.len());
+
+  size_t len;
+  bool ret =
+      aead_->Aead(true, header.sequence_number(), ciphertext.data(),
+                  ciphertext.len(), plaintext->data(), &len, plaintext->len());
+  if (!ret) return false;
+
+  plaintext->Truncate(len);
+
+  return true;
+}
+
+bool TlsCipherSpec::Protect(const TlsRecordHeader &header,
+                            const DataBuffer &plaintext,
+                            DataBuffer *ciphertext) {
+  // Make a padded buffer.
+
+  ciphertext->Allocate(plaintext.len() +
+                       32);  // Room for any plausible auth tag
+  size_t len;
+  bool ret =
+      aead_->Aead(false, header.sequence_number(), plaintext.data(),
+                  plaintext.len(), ciphertext->data(), &len, ciphertext->len());
+  if (!ret) return false;
+  ciphertext->Truncate(len);
+
+  return true;
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/ssl_gtest/tls_protect.h b/nss/gtests/ssl_gtest/tls_protect.h
new file mode 100644
index 0000000..4efbd6e
--- /dev/null
+++ b/nss/gtests/ssl_gtest/tls_protect.h
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_protection_h_
+#define tls_protection_h_
+
+#include <cstdint>
+#include <memory>
+
+#include "databuffer.h"
+#include "pk11pub.h"
+#include "sslt.h"
+
+namespace nss_test {
+class TlsRecordHeader;
+
+class AeadCipher {
+ public:
+  AeadCipher(CK_MECHANISM_TYPE mech) : mech_(mech), key_(nullptr) {}
+  ~AeadCipher();
+
+  bool Init(PK11SymKey *key, const uint8_t *iv);
+  virtual bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen,
+                    uint8_t *out, size_t *outlen, size_t maxlen) = 0;
+
+ protected:
+  void FormatNonce(uint64_t seq, uint8_t *nonce);
+  bool AeadInner(bool decrypt, void *params, size_t param_length,
+                 const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen,
+                 size_t maxlen);
+
+  CK_MECHANISM_TYPE mech_;
+  PK11SymKey *key_;
+  uint8_t iv_[12];
+};
+
+class AeadCipherChacha20Poly1305 : public AeadCipher {
+ public:
+  AeadCipherChacha20Poly1305() : AeadCipher(CKM_NSS_CHACHA20_POLY1305) {}
+
+ protected:
+  bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen,
+            uint8_t *out, size_t *outlen, size_t maxlen);
+};
+
+class AeadCipherAesGcm : public AeadCipher {
+ public:
+  AeadCipherAesGcm() : AeadCipher(CKM_AES_GCM) {}
+
+ protected:
+  bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen,
+            uint8_t *out, size_t *outlen, size_t maxlen);
+};
+
+// Our analog of ssl3CipherSpec
+class TlsCipherSpec {
+ public:
+  TlsCipherSpec() : aead_() {}
+
+  bool Init(SSLCipherAlgorithm cipher, PK11SymKey *key, const uint8_t *iv);
+
+  bool Protect(const TlsRecordHeader &header, const DataBuffer &plaintext,
+               DataBuffer *ciphertext);
+  bool Unprotect(const TlsRecordHeader &header, const DataBuffer &ciphertext,
+                 DataBuffer *plaintext);
+
+ private:
+  std::unique_ptr<AeadCipher> aead_;
+};
+
+}  // namespace nss_test
+
+#endif
diff --git a/nss/gtests/util_gtest/Makefile b/nss/gtests/util_gtest/Makefile
new file mode 100644
index 0000000..9966697
--- /dev/null
+++ b/nss/gtests/util_gtest/Makefile
@@ -0,0 +1,45 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../common/gtest.mk
+
+CFLAGS += -I$(CORE_DEPTH)/lib/util
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
diff --git a/nss/gtests/util_gtest/manifest.mn b/nss/gtests/util_gtest/manifest.mn
new file mode 100644
index 0000000..41e7d8e
--- /dev/null
+++ b/nss/gtests/util_gtest/manifest.mn
@@ -0,0 +1,28 @@
+# -*- makefile -*-
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+MODULE = nss
+
+CPPSRCS = \
+	util_utf8_unittest.cc \
+	util_b64_unittest.cc \
+	$(NULL)
+
+INCLUDES += \
+	-I$(CORE_DEPTH)/gtests/google_test/gtest/include \
+	-I$(CORE_DEPTH)/gtests/common \
+	-I$(CORE_DEPTH)/cpputil \
+	$(NULL)
+
+REQUIRES = nspr gtest
+
+PROGRAM = util_gtest
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssutil.$(LIB_SUFFIX) \
+	../common/$(OBJDIR)/gtests$(OBJ_SUFFIX) \
+	$(NULL)
diff --git a/nss/gtests/util_gtest/util_b64_unittest.cc b/nss/gtests/util_gtest/util_b64_unittest.cc
new file mode 100644
index 0000000..5a691ff
--- /dev/null
+++ b/nss/gtests/util_gtest/util_b64_unittest.cc
@@ -0,0 +1,79 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <climits>
+#include <memory>
+#include "nssb64.h"
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+class B64EncodeDecodeTest : public ::testing::Test {
+ public:
+  void TestDecodeStr(const std::string &str) {
+    ScopedSECItem tmp(
+        NSSBase64_DecodeBuffer(nullptr, nullptr, str.c_str(), str.size()));
+    ASSERT_TRUE(tmp);
+    char *out = NSSBase64_EncodeItem(nullptr, nullptr, 0, tmp.get());
+    ASSERT_TRUE(out);
+    ASSERT_EQ(std::string(out), str);
+    PORT_Free(out);
+  }
+  bool TestEncodeItem(SECItem *item) {
+    bool rv = true;
+    char *out = NSSBase64_EncodeItem(nullptr, nullptr, 0, item);
+    rv = !!out;
+    if (out) {
+      ScopedSECItem tmp(
+          NSSBase64_DecodeBuffer(nullptr, nullptr, out, strlen(out)));
+      EXPECT_TRUE(tmp);
+      EXPECT_EQ(SECEqual, SECITEM_CompareItem(item, tmp.get()));
+      PORT_Free(out);
+    }
+    return rv;
+  }
+  bool TestFakeDecode(size_t str_len) {
+    std::string str(str_len, 'A');
+    ScopedSECItem tmp(
+        NSSBase64_DecodeBuffer(nullptr, nullptr, str.c_str(), str.size()));
+    return !!tmp;
+  }
+  bool TestFakeEncode(size_t len) {
+    std::vector<uint8_t> data(len, 0x30);
+    SECItem tmp = {siBuffer, data.data(),
+                   static_cast<unsigned int>(data.size())};
+    return TestEncodeItem(&tmp);
+  }
+
+ protected:
+};
+
+TEST_F(B64EncodeDecodeTest, DecEncTest) { TestDecodeStr("VGhpcyBpcyBOU1Mh"); }
+
+TEST_F(B64EncodeDecodeTest, EncDecTest) {
+  uint8_t data[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09};
+  SECItem tmp = {siBuffer, data, sizeof(data)};
+  TestEncodeItem(&tmp);
+}
+
+TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); }
+
+TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
+  EXPECT_TRUE(TestFakeEncode(100));
+}
+
+// These takes a while ...
+TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) {
+  EXPECT_TRUE(TestFakeDecode(0x66666666));
+}
+TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); }
+TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) {
+  EXPECT_FALSE(TestFakeEncode(0x40000000));
+}
+
+}  // namespace nss_test
diff --git a/nss/gtests/util_gtest/util_gtest.gyp b/nss/gtests/util_gtest/util_gtest.gyp
new file mode 100644
index 0000000..81a8de2
--- /dev/null
+++ b/nss/gtests/util_gtest/util_gtest.gyp
@@ -0,0 +1,42 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi',
+    '../common/gtest.gypi',
+  ],
+  'targets': [
+    {
+      'target_name': 'util_gtest',
+      'type': 'executable',
+      'sources': [
+        'util_utf8_unittest.cc',
+        'util_b64_unittest.cc',
+        '<(DEPTH)/gtests/common/gtests.cc',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
+        '<(DEPTH)/lib/util/util.gyp:nssutil',
+        '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/ssl/ssl.gyp:ssl',
+      ]
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '../../lib/util'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/gtests/util_gtest/util_utf8_unittest.cc b/nss/gtests/util_gtest/util_utf8_unittest.cc
new file mode 100644
index 0000000..d57f01d
--- /dev/null
+++ b/nss/gtests/util_gtest/util_utf8_unittest.cc
@@ -0,0 +1,986 @@
+// -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// vim: set ts=2 et sw=2 tw=80:
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "secport.h"
+
+#include "gtest/gtest.h"
+#include "prnetdb.h"
+
+#include <stdint.h>
+#include <string.h>
+#include <string>
+
+namespace nss_test {
+
+// Structures to represent test cases.  These are small enough that
+// passing by value isn't a problem.
+
+struct Ucs4Case {
+  PRUint32 c;
+  const char *utf8;
+};
+
+struct Ucs2Case {
+  PRUint16 c;
+  const char *utf8;
+};
+
+struct Utf16Case {
+  PRUint32 c;
+  PRUint16 w[2];
+};
+
+struct Utf16BadCase {
+  PRUint16 w[3];
+};
+
+// Test classes for parameterized tests:
+
+class Ucs4Test : public ::testing::TestWithParam<Ucs4Case> {};
+
+class Ucs2Test : public ::testing::TestWithParam<Ucs2Case> {};
+
+class Utf16Test : public ::testing::TestWithParam<Utf16Case> {};
+
+class BadUtf8Test : public ::testing::TestWithParam<const char *> {};
+
+class BadUtf16Test : public ::testing::TestWithParam<Utf16BadCase> {};
+
+class Iso88591Test : public ::testing::TestWithParam<Ucs2Case> {};
+
+// Tests of sec_port_ucs4_utf8_conversion_function, by itself, on
+// valid inputs:
+
+TEST_P(Ucs4Test, ToUtf8) {
+  const Ucs4Case testCase = GetParam();
+  PRUint32 nc = PR_htonl(testCase.c);
+  unsigned char utf8[8] = {0};
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8, sizeof(utf8), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_LT(len, sizeof(utf8));
+  EXPECT_EQ(std::string(testCase.utf8), std::string((char *)utf8, len));
+  EXPECT_EQ('\0', utf8[len]);
+}
+
+TEST_P(Ucs4Test, FromUtf8) {
+  const Ucs4Case testCase = GetParam();
+  PRUint32 nc;
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)testCase.utf8, strlen(testCase.utf8),
+      (unsigned char *)&nc, sizeof(nc), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(nc), len);
+  EXPECT_EQ(testCase.c, PR_ntohl(nc));
+}
+
+TEST_P(Ucs4Test, DestTooSmall) {
+  const Ucs4Case testCase = GetParam();
+  PRUint32 nc = PR_htonl(testCase.c);
+  unsigned char utf8[8];
+  unsigned char *utf8end = utf8 + sizeof(utf8);
+  unsigned int len = strlen(testCase.utf8) - 1;
+
+  ASSERT_LE(len, sizeof(utf8));
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8end - len, len, &len);
+
+  ASSERT_FALSE(result);
+  ASSERT_EQ(strlen(testCase.utf8), len);
+}
+
+// Tests of sec_port_ucs2_utf8_conversion_function, by itself, on
+// valid inputs:
+
+TEST_P(Ucs2Test, ToUtf8) {
+  const Ucs2Case testCase = GetParam();
+  PRUint16 nc = PR_htons(testCase.c);
+  unsigned char utf8[8] = {0};
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8, sizeof(utf8), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_LT(len, sizeof(utf8));
+  EXPECT_EQ(std::string(testCase.utf8), std::string((char *)utf8, len));
+  EXPECT_EQ('\0', utf8[len]);
+}
+
+TEST_P(Ucs2Test, FromUtf8) {
+  const Ucs2Case testCase = GetParam();
+  PRUint16 nc;
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)testCase.utf8, strlen(testCase.utf8),
+      (unsigned char *)&nc, sizeof(nc), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  ASSERT_EQ(sizeof(nc), len);
+  EXPECT_EQ(testCase.c, PR_ntohs(nc));
+}
+
+TEST_P(Ucs2Test, DestTooSmall) {
+  const Ucs2Case testCase = GetParam();
+  PRUint16 nc = PR_htons(testCase.c);
+  unsigned char utf8[8];
+  unsigned char *utf8end = utf8 + sizeof(utf8);
+  unsigned int len = strlen(testCase.utf8) - 1;
+
+  ASSERT_LE(len, sizeof(utf8));
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&nc, sizeof(nc), utf8end - len, len, &len);
+
+  ASSERT_EQ(result, PR_FALSE);
+  ASSERT_EQ(strlen(testCase.utf8), len);
+}
+
+// Tests using UTF-16 and UCS-4 conversion together:
+
+TEST_P(Utf16Test, From16To32) {
+  const Utf16Case testCase = GetParam();
+  PRUint16 from[2] = {PR_htons(testCase.w[0]), PR_htons(testCase.w[1])};
+  PRUint32 to;
+  unsigned char utf8[8];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), utf8, sizeof(utf8), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+
+  result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, utf8, len, (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(testCase.c, PR_ntohl(to));
+}
+
+TEST_P(Utf16Test, From32To16) {
+  const Utf16Case testCase = GetParam();
+  PRUint32 from = PR_htonl(testCase.c);
+  unsigned char utf8[8];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), utf8, sizeof(utf8), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  const std::string utf8copy((char *)utf8, len);
+  PRUint16 to[2];
+
+  result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, utf8, len, (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_EQ(PR_TRUE, result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(testCase.w[0], PR_ntohs(to[0]));
+  EXPECT_EQ(testCase.w[1], PR_ntohs(to[1]));
+}
+
+TEST_P(Utf16Test, SameUtf8) {
+  const Utf16Case testCase = GetParam();
+  PRUint32 from32 = PR_htonl(testCase.c);
+  unsigned char utf8from32[8];
+  unsigned int lenFrom32 = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from32, sizeof(from32), utf8from32,
+      sizeof(utf8from32), &lenFrom32);
+
+  ASSERT_TRUE(result);
+  ASSERT_LE(lenFrom32, sizeof(utf8from32));
+
+  PRUint16 from16[2] = {PR_htons(testCase.w[0]), PR_htons(testCase.w[1])};
+  unsigned char utf8from16[8];
+  unsigned int lenFrom16 = 0;
+
+  result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from16, sizeof(from16), utf8from16,
+      sizeof(utf8from16), &lenFrom16);
+
+  ASSERT_TRUE(result);
+  ASSERT_LE(lenFrom16, sizeof(utf8from16));
+
+  EXPECT_EQ(std::string((char *)utf8from32, lenFrom32),
+            std::string((char *)utf8from16, lenFrom16));
+}
+
+// Tests of invalid UTF-8 input:
+
+TEST_P(BadUtf8Test, HasNoUcs2) {
+  const char *const utf8 = GetParam();
+  unsigned char destBuf[30];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)utf8, strlen(utf8), destBuf, sizeof(destBuf),
+      &len);
+
+  EXPECT_FALSE(result);
+}
+
+TEST_P(BadUtf8Test, HasNoUcs4) {
+  const char *const utf8 = GetParam();
+  unsigned char destBuf[30];
+  unsigned int len = 0;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, (unsigned char *)utf8, strlen(utf8), destBuf, sizeof(destBuf),
+      &len);
+
+  EXPECT_FALSE(result);
+}
+
+// Tests of invalid UTF-16 input:
+
+TEST_P(BadUtf16Test, HasNoUtf8) {
+  const Utf16BadCase testCase = GetParam();
+  Utf16BadCase srcBuf;
+  unsigned int len;
+  static const size_t maxLen = PR_ARRAY_SIZE(srcBuf.w);
+
+  size_t srcLen = 0;
+  while (testCase.w[srcLen] != 0) {
+    srcBuf.w[srcLen] = PR_htons(testCase.w[srcLen]);
+    srcLen++;
+    ASSERT_LT(srcLen, maxLen);
+  }
+
+  unsigned char destBuf[18];
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)srcBuf.w, srcLen * sizeof(PRUint16), destBuf,
+      sizeof(destBuf), &len);
+
+  EXPECT_FALSE(result);
+}
+
+// Tests of sec_port_iso88591_utf8_conversion_function on valid inputs:
+
+TEST_P(Iso88591Test, ToUtf8) {
+  const Ucs2Case testCase = GetParam();
+  unsigned char iso88591 = testCase.c;
+  unsigned char utf8[3] = {0};
+  unsigned int len = 0;
+
+  ASSERT_EQ(testCase.c, (PRUint16)iso88591);
+
+  PRBool result = sec_port_iso88591_utf8_conversion_function(
+      &iso88591, 1, utf8, sizeof(utf8), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_LT(len, sizeof(utf8));
+  EXPECT_EQ(std::string(testCase.utf8), std::string((char *)utf8, len));
+  EXPECT_EQ(0U, utf8[len]);
+}
+
+// Tests for the various representations of NUL (which the above
+// NUL-terminated test cases omitted):
+
+TEST(Utf8Zeroes, From32To8) {
+  unsigned int len;
+  PRUint32 from = 0;
+  unsigned char to;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), &to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+TEST(Utf8Zeroes, From16To8) {
+  unsigned int len;
+  PRUint16 from = 0;
+  unsigned char to;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_FALSE, (unsigned char *)&from, sizeof(from), &to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+TEST(Utf8Zeroes, From8To32) {
+  unsigned int len;
+  unsigned char from = 0;
+  PRUint32 to;
+
+  PRBool result = sec_port_ucs4_utf8_conversion_function(
+      PR_TRUE, &from, sizeof(from), (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+TEST(Utf8Zeroes, From8To16) {
+  unsigned int len;
+  unsigned char from = 0;
+  PRUint16 to;
+
+  PRBool result = sec_port_ucs2_utf8_conversion_function(
+      PR_TRUE, &from, sizeof(from), (unsigned char *)&to, sizeof(to), &len);
+
+  ASSERT_TRUE(result);
+  ASSERT_EQ(sizeof(to), len);
+  EXPECT_EQ(0U, to);
+}
+
+// UCS-4 <-> UTF-8 cases
+
+const Ucs4Case kUcs4Cases[] = {
+    {0x00000001, "\x01"},
+    {0x00000002, "\x02"},
+    {0x00000003, "\x03"},
+    {0x00000004, "\x04"},
+    {0x00000007, "\x07"},
+    {0x00000008, "\x08"},
+    {0x0000000F, "\x0F"},
+    {0x00000010, "\x10"},
+    {0x0000001F, "\x1F"},
+    {0x00000020, "\x20"},
+    {0x0000003F, "\x3F"},
+    {0x00000040, "\x40"},
+    {0x0000007F, "\x7F"},
+
+    {0x00000080, "\xC2\x80"},
+    {0x00000081, "\xC2\x81"},
+    {0x00000082, "\xC2\x82"},
+    {0x00000084, "\xC2\x84"},
+    {0x00000088, "\xC2\x88"},
+    {0x00000090, "\xC2\x90"},
+    {0x000000A0, "\xC2\xA0"},
+    {0x000000C0, "\xC3\x80"},
+    {0x000000FF, "\xC3\xBF"},
+    {0x00000100, "\xC4\x80"},
+    {0x00000101, "\xC4\x81"},
+    {0x00000102, "\xC4\x82"},
+    {0x00000104, "\xC4\x84"},
+    {0x00000108, "\xC4\x88"},
+    {0x00000110, "\xC4\x90"},
+    {0x00000120, "\xC4\xA0"},
+    {0x00000140, "\xC5\x80"},
+    {0x00000180, "\xC6\x80"},
+    {0x000001FF, "\xC7\xBF"},
+    {0x00000200, "\xC8\x80"},
+    {0x00000201, "\xC8\x81"},
+    {0x00000202, "\xC8\x82"},
+    {0x00000204, "\xC8\x84"},
+    {0x00000208, "\xC8\x88"},
+    {0x00000210, "\xC8\x90"},
+    {0x00000220, "\xC8\xA0"},
+    {0x00000240, "\xC9\x80"},
+    {0x00000280, "\xCA\x80"},
+    {0x00000300, "\xCC\x80"},
+    {0x000003FF, "\xCF\xBF"},
+    {0x00000400, "\xD0\x80"},
+    {0x00000401, "\xD0\x81"},
+    {0x00000402, "\xD0\x82"},
+    {0x00000404, "\xD0\x84"},
+    {0x00000408, "\xD0\x88"},
+    {0x00000410, "\xD0\x90"},
+    {0x00000420, "\xD0\xA0"},
+    {0x00000440, "\xD1\x80"},
+    {0x00000480, "\xD2\x80"},
+    {0x00000500, "\xD4\x80"},
+    {0x00000600, "\xD8\x80"},
+    {0x000007FF, "\xDF\xBF"},
+
+    {0x00000800, "\xE0\xA0\x80"},
+    {0x00000801, "\xE0\xA0\x81"},
+    {0x00000802, "\xE0\xA0\x82"},
+    {0x00000804, "\xE0\xA0\x84"},
+    {0x00000808, "\xE0\xA0\x88"},
+    {0x00000810, "\xE0\xA0\x90"},
+    {0x00000820, "\xE0\xA0\xA0"},
+    {0x00000840, "\xE0\xA1\x80"},
+    {0x00000880, "\xE0\xA2\x80"},
+    {0x00000900, "\xE0\xA4\x80"},
+    {0x00000A00, "\xE0\xA8\x80"},
+    {0x00000C00, "\xE0\xB0\x80"},
+    {0x00000FFF, "\xE0\xBF\xBF"},
+    {0x00001000, "\xE1\x80\x80"},
+    {0x00001001, "\xE1\x80\x81"},
+    {0x00001002, "\xE1\x80\x82"},
+    {0x00001004, "\xE1\x80\x84"},
+    {0x00001008, "\xE1\x80\x88"},
+    {0x00001010, "\xE1\x80\x90"},
+    {0x00001020, "\xE1\x80\xA0"},
+    {0x00001040, "\xE1\x81\x80"},
+    {0x00001080, "\xE1\x82\x80"},
+    {0x00001100, "\xE1\x84\x80"},
+    {0x00001200, "\xE1\x88\x80"},
+    {0x00001400, "\xE1\x90\x80"},
+    {0x00001800, "\xE1\xA0\x80"},
+    {0x00001FFF, "\xE1\xBF\xBF"},
+    {0x00002000, "\xE2\x80\x80"},
+    {0x00002001, "\xE2\x80\x81"},
+    {0x00002002, "\xE2\x80\x82"},
+    {0x00002004, "\xE2\x80\x84"},
+    {0x00002008, "\xE2\x80\x88"},
+    {0x00002010, "\xE2\x80\x90"},
+    {0x00002020, "\xE2\x80\xA0"},
+    {0x00002040, "\xE2\x81\x80"},
+    {0x00002080, "\xE2\x82\x80"},
+    {0x00002100, "\xE2\x84\x80"},
+    {0x00002200, "\xE2\x88\x80"},
+    {0x00002400, "\xE2\x90\x80"},
+    {0x00002800, "\xE2\xA0\x80"},
+    {0x00003000, "\xE3\x80\x80"},
+    {0x00003FFF, "\xE3\xBF\xBF"},
+    {0x00004000, "\xE4\x80\x80"},
+    {0x00004001, "\xE4\x80\x81"},
+    {0x00004002, "\xE4\x80\x82"},
+    {0x00004004, "\xE4\x80\x84"},
+    {0x00004008, "\xE4\x80\x88"},
+    {0x00004010, "\xE4\x80\x90"},
+    {0x00004020, "\xE4\x80\xA0"},
+    {0x00004040, "\xE4\x81\x80"},
+    {0x00004080, "\xE4\x82\x80"},
+    {0x00004100, "\xE4\x84\x80"},
+    {0x00004200, "\xE4\x88\x80"},
+    {0x00004400, "\xE4\x90\x80"},
+    {0x00004800, "\xE4\xA0\x80"},
+    {0x00005000, "\xE5\x80\x80"},
+    {0x00006000, "\xE6\x80\x80"},
+    {0x00007FFF, "\xE7\xBF\xBF"},
+    {0x00008000, "\xE8\x80\x80"},
+    {0x00008001, "\xE8\x80\x81"},
+    {0x00008002, "\xE8\x80\x82"},
+    {0x00008004, "\xE8\x80\x84"},
+    {0x00008008, "\xE8\x80\x88"},
+    {0x00008010, "\xE8\x80\x90"},
+    {0x00008020, "\xE8\x80\xA0"},
+    {0x00008040, "\xE8\x81\x80"},
+    {0x00008080, "\xE8\x82\x80"},
+    {0x00008100, "\xE8\x84\x80"},
+    {0x00008200, "\xE8\x88\x80"},
+    {0x00008400, "\xE8\x90\x80"},
+    {0x00008800, "\xE8\xA0\x80"},
+    {0x00009000, "\xE9\x80\x80"},
+    {0x0000A000, "\xEA\x80\x80"},
+    {0x0000C000, "\xEC\x80\x80"},
+    {0x0000FFFF, "\xEF\xBF\xBF"},
+
+    {0x00010000, "\xF0\x90\x80\x80"},
+    {0x00010001, "\xF0\x90\x80\x81"},
+    {0x00010002, "\xF0\x90\x80\x82"},
+    {0x00010004, "\xF0\x90\x80\x84"},
+    {0x00010008, "\xF0\x90\x80\x88"},
+    {0x00010010, "\xF0\x90\x80\x90"},
+    {0x00010020, "\xF0\x90\x80\xA0"},
+    {0x00010040, "\xF0\x90\x81\x80"},
+    {0x00010080, "\xF0\x90\x82\x80"},
+    {0x00010100, "\xF0\x90\x84\x80"},
+    {0x00010200, "\xF0\x90\x88\x80"},
+    {0x00010400, "\xF0\x90\x90\x80"},
+    {0x00010800, "\xF0\x90\xA0\x80"},
+    {0x00011000, "\xF0\x91\x80\x80"},
+    {0x00012000, "\xF0\x92\x80\x80"},
+    {0x00014000, "\xF0\x94\x80\x80"},
+    {0x00018000, "\xF0\x98\x80\x80"},
+    {0x0001FFFF, "\xF0\x9F\xBF\xBF"},
+    {0x00020000, "\xF0\xA0\x80\x80"},
+    {0x00020001, "\xF0\xA0\x80\x81"},
+    {0x00020002, "\xF0\xA0\x80\x82"},
+    {0x00020004, "\xF0\xA0\x80\x84"},
+    {0x00020008, "\xF0\xA0\x80\x88"},
+    {0x00020010, "\xF0\xA0\x80\x90"},
+    {0x00020020, "\xF0\xA0\x80\xA0"},
+    {0x00020040, "\xF0\xA0\x81\x80"},
+    {0x00020080, "\xF0\xA0\x82\x80"},
+    {0x00020100, "\xF0\xA0\x84\x80"},
+    {0x00020200, "\xF0\xA0\x88\x80"},
+    {0x00020400, "\xF0\xA0\x90\x80"},
+    {0x00020800, "\xF0\xA0\xA0\x80"},
+    {0x00021000, "\xF0\xA1\x80\x80"},
+    {0x00022000, "\xF0\xA2\x80\x80"},
+    {0x00024000, "\xF0\xA4\x80\x80"},
+    {0x00028000, "\xF0\xA8\x80\x80"},
+    {0x00030000, "\xF0\xB0\x80\x80"},
+    {0x0003FFFF, "\xF0\xBF\xBF\xBF"},
+    {0x00040000, "\xF1\x80\x80\x80"},
+    {0x00040001, "\xF1\x80\x80\x81"},
+    {0x00040002, "\xF1\x80\x80\x82"},
+    {0x00040004, "\xF1\x80\x80\x84"},
+    {0x00040008, "\xF1\x80\x80\x88"},
+    {0x00040010, "\xF1\x80\x80\x90"},
+    {0x00040020, "\xF1\x80\x80\xA0"},
+    {0x00040040, "\xF1\x80\x81\x80"},
+    {0x00040080, "\xF1\x80\x82\x80"},
+    {0x00040100, "\xF1\x80\x84\x80"},
+    {0x00040200, "\xF1\x80\x88\x80"},
+    {0x00040400, "\xF1\x80\x90\x80"},
+    {0x00040800, "\xF1\x80\xA0\x80"},
+    {0x00041000, "\xF1\x81\x80\x80"},
+    {0x00042000, "\xF1\x82\x80\x80"},
+    {0x00044000, "\xF1\x84\x80\x80"},
+    {0x00048000, "\xF1\x88\x80\x80"},
+    {0x00050000, "\xF1\x90\x80\x80"},
+    {0x00060000, "\xF1\xA0\x80\x80"},
+    {0x0007FFFF, "\xF1\xBF\xBF\xBF"},
+    {0x00080000, "\xF2\x80\x80\x80"},
+    {0x00080001, "\xF2\x80\x80\x81"},
+    {0x00080002, "\xF2\x80\x80\x82"},
+    {0x00080004, "\xF2\x80\x80\x84"},
+    {0x00080008, "\xF2\x80\x80\x88"},
+    {0x00080010, "\xF2\x80\x80\x90"},
+    {0x00080020, "\xF2\x80\x80\xA0"},
+    {0x00080040, "\xF2\x80\x81\x80"},
+    {0x00080080, "\xF2\x80\x82\x80"},
+    {0x00080100, "\xF2\x80\x84\x80"},
+    {0x00080200, "\xF2\x80\x88\x80"},
+    {0x00080400, "\xF2\x80\x90\x80"},
+    {0x00080800, "\xF2\x80\xA0\x80"},
+    {0x00081000, "\xF2\x81\x80\x80"},
+    {0x00082000, "\xF2\x82\x80\x80"},
+    {0x00084000, "\xF2\x84\x80\x80"},
+    {0x00088000, "\xF2\x88\x80\x80"},
+    {0x00090000, "\xF2\x90\x80\x80"},
+    {0x000A0000, "\xF2\xA0\x80\x80"},
+    {0x000C0000, "\xF3\x80\x80\x80"},
+    {0x000FFFFF, "\xF3\xBF\xBF\xBF"},
+    {0x00100000, "\xF4\x80\x80\x80"},
+    {0x00100001, "\xF4\x80\x80\x81"},
+    {0x00100002, "\xF4\x80\x80\x82"},
+    {0x00100004, "\xF4\x80\x80\x84"},
+    {0x00100008, "\xF4\x80\x80\x88"},
+    {0x00100010, "\xF4\x80\x80\x90"},
+    {0x00100020, "\xF4\x80\x80\xA0"},
+    {0x00100040, "\xF4\x80\x81\x80"},
+    {0x00100080, "\xF4\x80\x82\x80"},
+    {0x00100100, "\xF4\x80\x84\x80"},
+    {0x00100200, "\xF4\x80\x88\x80"},
+    {0x00100400, "\xF4\x80\x90\x80"},
+    {0x00100800, "\xF4\x80\xA0\x80"},
+    {0x00101000, "\xF4\x81\x80\x80"},
+    {0x00102000, "\xF4\x82\x80\x80"},
+    {0x00104000, "\xF4\x84\x80\x80"},
+    {0x00108000, "\xF4\x88\x80\x80"},
+    {0x0010FFFF, "\xF4\x8F\xBF\xBF"},
+};
+
+// UCS-2 <-> UTF-8 cases (divided into ISO-8859-1 vs. not).
+
+const Ucs2Case kIso88591Cases[] = {
+    {0x0001, "\x01"},     {0x0002, "\x02"},     {0x0003, "\x03"},
+    {0x0004, "\x04"},     {0x0007, "\x07"},     {0x0008, "\x08"},
+    {0x000F, "\x0F"},     {0x0010, "\x10"},     {0x001F, "\x1F"},
+    {0x0020, "\x20"},     {0x003F, "\x3F"},     {0x0040, "\x40"},
+    {0x007F, "\x7F"},
+
+    {0x0080, "\xC2\x80"}, {0x0081, "\xC2\x81"}, {0x0082, "\xC2\x82"},
+    {0x0084, "\xC2\x84"}, {0x0088, "\xC2\x88"}, {0x0090, "\xC2\x90"},
+    {0x00A0, "\xC2\xA0"}, {0x00C0, "\xC3\x80"}, {0x00FF, "\xC3\xBF"},
+};
+
+const Ucs2Case kUcs2Cases[] = {
+    {0x0100, "\xC4\x80"},     {0x0101, "\xC4\x81"},
+    {0x0102, "\xC4\x82"},     {0x0104, "\xC4\x84"},
+    {0x0108, "\xC4\x88"},     {0x0110, "\xC4\x90"},
+    {0x0120, "\xC4\xA0"},     {0x0140, "\xC5\x80"},
+    {0x0180, "\xC6\x80"},     {0x01FF, "\xC7\xBF"},
+    {0x0200, "\xC8\x80"},     {0x0201, "\xC8\x81"},
+    {0x0202, "\xC8\x82"},     {0x0204, "\xC8\x84"},
+    {0x0208, "\xC8\x88"},     {0x0210, "\xC8\x90"},
+    {0x0220, "\xC8\xA0"},     {0x0240, "\xC9\x80"},
+    {0x0280, "\xCA\x80"},     {0x0300, "\xCC\x80"},
+    {0x03FF, "\xCF\xBF"},     {0x0400, "\xD0\x80"},
+    {0x0401, "\xD0\x81"},     {0x0402, "\xD0\x82"},
+    {0x0404, "\xD0\x84"},     {0x0408, "\xD0\x88"},
+    {0x0410, "\xD0\x90"},     {0x0420, "\xD0\xA0"},
+    {0x0440, "\xD1\x80"},     {0x0480, "\xD2\x80"},
+    {0x0500, "\xD4\x80"},     {0x0600, "\xD8\x80"},
+    {0x07FF, "\xDF\xBF"},
+
+    {0x0800, "\xE0\xA0\x80"}, {0x0801, "\xE0\xA0\x81"},
+    {0x0802, "\xE0\xA0\x82"}, {0x0804, "\xE0\xA0\x84"},
+    {0x0808, "\xE0\xA0\x88"}, {0x0810, "\xE0\xA0\x90"},
+    {0x0820, "\xE0\xA0\xA0"}, {0x0840, "\xE0\xA1\x80"},
+    {0x0880, "\xE0\xA2\x80"}, {0x0900, "\xE0\xA4\x80"},
+    {0x0A00, "\xE0\xA8\x80"}, {0x0C00, "\xE0\xB0\x80"},
+    {0x0FFF, "\xE0\xBF\xBF"}, {0x1000, "\xE1\x80\x80"},
+    {0x1001, "\xE1\x80\x81"}, {0x1002, "\xE1\x80\x82"},
+    {0x1004, "\xE1\x80\x84"}, {0x1008, "\xE1\x80\x88"},
+    {0x1010, "\xE1\x80\x90"}, {0x1020, "\xE1\x80\xA0"},
+    {0x1040, "\xE1\x81\x80"}, {0x1080, "\xE1\x82\x80"},
+    {0x1100, "\xE1\x84\x80"}, {0x1200, "\xE1\x88\x80"},
+    {0x1400, "\xE1\x90\x80"}, {0x1800, "\xE1\xA0\x80"},
+    {0x1FFF, "\xE1\xBF\xBF"}, {0x2000, "\xE2\x80\x80"},
+    {0x2001, "\xE2\x80\x81"}, {0x2002, "\xE2\x80\x82"},
+    {0x2004, "\xE2\x80\x84"}, {0x2008, "\xE2\x80\x88"},
+    {0x2010, "\xE2\x80\x90"}, {0x2020, "\xE2\x80\xA0"},
+    {0x2040, "\xE2\x81\x80"}, {0x2080, "\xE2\x82\x80"},
+    {0x2100, "\xE2\x84\x80"}, {0x2200, "\xE2\x88\x80"},
+    {0x2400, "\xE2\x90\x80"}, {0x2800, "\xE2\xA0\x80"},
+    {0x3000, "\xE3\x80\x80"}, {0x3FFF, "\xE3\xBF\xBF"},
+    {0x4000, "\xE4\x80\x80"}, {0x4001, "\xE4\x80\x81"},
+    {0x4002, "\xE4\x80\x82"}, {0x4004, "\xE4\x80\x84"},
+    {0x4008, "\xE4\x80\x88"}, {0x4010, "\xE4\x80\x90"},
+    {0x4020, "\xE4\x80\xA0"}, {0x4040, "\xE4\x81\x80"},
+    {0x4080, "\xE4\x82\x80"}, {0x4100, "\xE4\x84\x80"},
+    {0x4200, "\xE4\x88\x80"}, {0x4400, "\xE4\x90\x80"},
+    {0x4800, "\xE4\xA0\x80"}, {0x5000, "\xE5\x80\x80"},
+    {0x6000, "\xE6\x80\x80"}, {0x7FFF, "\xE7\xBF\xBF"},
+    {0x8000, "\xE8\x80\x80"}, {0x8001, "\xE8\x80\x81"},
+    {0x8002, "\xE8\x80\x82"}, {0x8004, "\xE8\x80\x84"},
+    {0x8008, "\xE8\x80\x88"}, {0x8010, "\xE8\x80\x90"},
+    {0x8020, "\xE8\x80\xA0"}, {0x8040, "\xE8\x81\x80"},
+    {0x8080, "\xE8\x82\x80"}, {0x8100, "\xE8\x84\x80"},
+    {0x8200, "\xE8\x88\x80"}, {0x8400, "\xE8\x90\x80"},
+    {0x8800, "\xE8\xA0\x80"}, {0x9000, "\xE9\x80\x80"},
+    {0xA000, "\xEA\x80\x80"}, {0xC000, "\xEC\x80\x80"},
+    {0xFB01, "\xEF\xAC\x81"}, {0xFFFF, "\xEF\xBF\xBF"}};
+
+// UTF-16 <-> UCS-4 cases
+
+const Utf16Case kUtf16Cases[] = {{0x00010000, {0xD800, 0xDC00}},
+                                 {0x00010001, {0xD800, 0xDC01}},
+                                 {0x00010002, {0xD800, 0xDC02}},
+                                 {0x00010003, {0xD800, 0xDC03}},
+                                 {0x00010004, {0xD800, 0xDC04}},
+                                 {0x00010007, {0xD800, 0xDC07}},
+                                 {0x00010008, {0xD800, 0xDC08}},
+                                 {0x0001000F, {0xD800, 0xDC0F}},
+                                 {0x00010010, {0xD800, 0xDC10}},
+                                 {0x0001001F, {0xD800, 0xDC1F}},
+                                 {0x00010020, {0xD800, 0xDC20}},
+                                 {0x0001003F, {0xD800, 0xDC3F}},
+                                 {0x00010040, {0xD800, 0xDC40}},
+                                 {0x0001007F, {0xD800, 0xDC7F}},
+                                 {0x00010080, {0xD800, 0xDC80}},
+                                 {0x00010081, {0xD800, 0xDC81}},
+                                 {0x00010082, {0xD800, 0xDC82}},
+                                 {0x00010084, {0xD800, 0xDC84}},
+                                 {0x00010088, {0xD800, 0xDC88}},
+                                 {0x00010090, {0xD800, 0xDC90}},
+                                 {0x000100A0, {0xD800, 0xDCA0}},
+                                 {0x000100C0, {0xD800, 0xDCC0}},
+                                 {0x000100FF, {0xD800, 0xDCFF}},
+                                 {0x00010100, {0xD800, 0xDD00}},
+                                 {0x00010101, {0xD800, 0xDD01}},
+                                 {0x00010102, {0xD800, 0xDD02}},
+                                 {0x00010104, {0xD800, 0xDD04}},
+                                 {0x00010108, {0xD800, 0xDD08}},
+                                 {0x00010110, {0xD800, 0xDD10}},
+                                 {0x00010120, {0xD800, 0xDD20}},
+                                 {0x00010140, {0xD800, 0xDD40}},
+                                 {0x00010180, {0xD800, 0xDD80}},
+                                 {0x000101FF, {0xD800, 0xDDFF}},
+                                 {0x00010200, {0xD800, 0xDE00}},
+                                 {0x00010201, {0xD800, 0xDE01}},
+                                 {0x00010202, {0xD800, 0xDE02}},
+                                 {0x00010204, {0xD800, 0xDE04}},
+                                 {0x00010208, {0xD800, 0xDE08}},
+                                 {0x00010210, {0xD800, 0xDE10}},
+                                 {0x00010220, {0xD800, 0xDE20}},
+                                 {0x00010240, {0xD800, 0xDE40}},
+                                 {0x00010280, {0xD800, 0xDE80}},
+                                 {0x00010300, {0xD800, 0xDF00}},
+                                 {0x000103FF, {0xD800, 0xDFFF}},
+                                 {0x00010400, {0xD801, 0xDC00}},
+                                 {0x00010401, {0xD801, 0xDC01}},
+                                 {0x00010402, {0xD801, 0xDC02}},
+                                 {0x00010404, {0xD801, 0xDC04}},
+                                 {0x00010408, {0xD801, 0xDC08}},
+                                 {0x00010410, {0xD801, 0xDC10}},
+                                 {0x00010420, {0xD801, 0xDC20}},
+                                 {0x00010440, {0xD801, 0xDC40}},
+                                 {0x00010480, {0xD801, 0xDC80}},
+                                 {0x00010500, {0xD801, 0xDD00}},
+                                 {0x00010600, {0xD801, 0xDE00}},
+                                 {0x000107FF, {0xD801, 0xDFFF}},
+                                 {0x00010800, {0xD802, 0xDC00}},
+                                 {0x00010801, {0xD802, 0xDC01}},
+                                 {0x00010802, {0xD802, 0xDC02}},
+                                 {0x00010804, {0xD802, 0xDC04}},
+                                 {0x00010808, {0xD802, 0xDC08}},
+                                 {0x00010810, {0xD802, 0xDC10}},
+                                 {0x00010820, {0xD802, 0xDC20}},
+                                 {0x00010840, {0xD802, 0xDC40}},
+                                 {0x00010880, {0xD802, 0xDC80}},
+                                 {0x00010900, {0xD802, 0xDD00}},
+                                 {0x00010A00, {0xD802, 0xDE00}},
+                                 {0x00010C00, {0xD803, 0xDC00}},
+                                 {0x00010FFF, {0xD803, 0xDFFF}},
+                                 {0x00011000, {0xD804, 0xDC00}},
+                                 {0x00011001, {0xD804, 0xDC01}},
+                                 {0x00011002, {0xD804, 0xDC02}},
+                                 {0x00011004, {0xD804, 0xDC04}},
+                                 {0x00011008, {0xD804, 0xDC08}},
+                                 {0x00011010, {0xD804, 0xDC10}},
+                                 {0x00011020, {0xD804, 0xDC20}},
+                                 {0x00011040, {0xD804, 0xDC40}},
+                                 {0x00011080, {0xD804, 0xDC80}},
+                                 {0x00011100, {0xD804, 0xDD00}},
+                                 {0x00011200, {0xD804, 0xDE00}},
+                                 {0x00011400, {0xD805, 0xDC00}},
+                                 {0x00011800, {0xD806, 0xDC00}},
+                                 {0x00011FFF, {0xD807, 0xDFFF}},
+                                 {0x00012000, {0xD808, 0xDC00}},
+                                 {0x00012001, {0xD808, 0xDC01}},
+                                 {0x00012002, {0xD808, 0xDC02}},
+                                 {0x00012004, {0xD808, 0xDC04}},
+                                 {0x00012008, {0xD808, 0xDC08}},
+                                 {0x00012010, {0xD808, 0xDC10}},
+                                 {0x00012020, {0xD808, 0xDC20}},
+                                 {0x00012040, {0xD808, 0xDC40}},
+                                 {0x00012080, {0xD808, 0xDC80}},
+                                 {0x00012100, {0xD808, 0xDD00}},
+                                 {0x00012200, {0xD808, 0xDE00}},
+                                 {0x00012400, {0xD809, 0xDC00}},
+                                 {0x00012800, {0xD80A, 0xDC00}},
+                                 {0x00013000, {0xD80C, 0xDC00}},
+                                 {0x00013FFF, {0xD80F, 0xDFFF}},
+                                 {0x00014000, {0xD810, 0xDC00}},
+                                 {0x00014001, {0xD810, 0xDC01}},
+                                 {0x00014002, {0xD810, 0xDC02}},
+                                 {0x00014004, {0xD810, 0xDC04}},
+                                 {0x00014008, {0xD810, 0xDC08}},
+                                 {0x00014010, {0xD810, 0xDC10}},
+                                 {0x00014020, {0xD810, 0xDC20}},
+                                 {0x00014040, {0xD810, 0xDC40}},
+                                 {0x00014080, {0xD810, 0xDC80}},
+                                 {0x00014100, {0xD810, 0xDD00}},
+                                 {0x00014200, {0xD810, 0xDE00}},
+                                 {0x00014400, {0xD811, 0xDC00}},
+                                 {0x00014800, {0xD812, 0xDC00}},
+                                 {0x00015000, {0xD814, 0xDC00}},
+                                 {0x00016000, {0xD818, 0xDC00}},
+                                 {0x00017FFF, {0xD81F, 0xDFFF}},
+                                 {0x00018000, {0xD820, 0xDC00}},
+                                 {0x00018001, {0xD820, 0xDC01}},
+                                 {0x00018002, {0xD820, 0xDC02}},
+                                 {0x00018004, {0xD820, 0xDC04}},
+                                 {0x00018008, {0xD820, 0xDC08}},
+                                 {0x00018010, {0xD820, 0xDC10}},
+                                 {0x00018020, {0xD820, 0xDC20}},
+                                 {0x00018040, {0xD820, 0xDC40}},
+                                 {0x00018080, {0xD820, 0xDC80}},
+                                 {0x00018100, {0xD820, 0xDD00}},
+                                 {0x00018200, {0xD820, 0xDE00}},
+                                 {0x00018400, {0xD821, 0xDC00}},
+                                 {0x00018800, {0xD822, 0xDC00}},
+                                 {0x00019000, {0xD824, 0xDC00}},
+                                 {0x0001A000, {0xD828, 0xDC00}},
+                                 {0x0001C000, {0xD830, 0xDC00}},
+                                 {0x0001FFFF, {0xD83F, 0xDFFF}},
+                                 {0x00020000, {0xD840, 0xDC00}},
+                                 {0x00020001, {0xD840, 0xDC01}},
+                                 {0x00020002, {0xD840, 0xDC02}},
+                                 {0x00020004, {0xD840, 0xDC04}},
+                                 {0x00020008, {0xD840, 0xDC08}},
+                                 {0x00020010, {0xD840, 0xDC10}},
+                                 {0x00020020, {0xD840, 0xDC20}},
+                                 {0x00020040, {0xD840, 0xDC40}},
+                                 {0x00020080, {0xD840, 0xDC80}},
+                                 {0x00020100, {0xD840, 0xDD00}},
+                                 {0x00020200, {0xD840, 0xDE00}},
+                                 {0x00020400, {0xD841, 0xDC00}},
+                                 {0x00020800, {0xD842, 0xDC00}},
+                                 {0x00021000, {0xD844, 0xDC00}},
+                                 {0x00022000, {0xD848, 0xDC00}},
+                                 {0x00024000, {0xD850, 0xDC00}},
+                                 {0x00028000, {0xD860, 0xDC00}},
+                                 {0x0002FFFF, {0xD87F, 0xDFFF}},
+                                 {0x00030000, {0xD880, 0xDC00}},
+                                 {0x00030001, {0xD880, 0xDC01}},
+                                 {0x00030002, {0xD880, 0xDC02}},
+                                 {0x00030004, {0xD880, 0xDC04}},
+                                 {0x00030008, {0xD880, 0xDC08}},
+                                 {0x00030010, {0xD880, 0xDC10}},
+                                 {0x00030020, {0xD880, 0xDC20}},
+                                 {0x00030040, {0xD880, 0xDC40}},
+                                 {0x00030080, {0xD880, 0xDC80}},
+                                 {0x00030100, {0xD880, 0xDD00}},
+                                 {0x00030200, {0xD880, 0xDE00}},
+                                 {0x00030400, {0xD881, 0xDC00}},
+                                 {0x00030800, {0xD882, 0xDC00}},
+                                 {0x00031000, {0xD884, 0xDC00}},
+                                 {0x00032000, {0xD888, 0xDC00}},
+                                 {0x00034000, {0xD890, 0xDC00}},
+                                 {0x00038000, {0xD8A0, 0xDC00}},
+                                 {0x0003FFFF, {0xD8BF, 0xDFFF}},
+                                 {0x00040000, {0xD8C0, 0xDC00}},
+                                 {0x00040001, {0xD8C0, 0xDC01}},
+                                 {0x00040002, {0xD8C0, 0xDC02}},
+                                 {0x00040004, {0xD8C0, 0xDC04}},
+                                 {0x00040008, {0xD8C0, 0xDC08}},
+                                 {0x00040010, {0xD8C0, 0xDC10}},
+                                 {0x00040020, {0xD8C0, 0xDC20}},
+                                 {0x00040040, {0xD8C0, 0xDC40}},
+                                 {0x00040080, {0xD8C0, 0xDC80}},
+                                 {0x00040100, {0xD8C0, 0xDD00}},
+                                 {0x00040200, {0xD8C0, 0xDE00}},
+                                 {0x00040400, {0xD8C1, 0xDC00}},
+                                 {0x00040800, {0xD8C2, 0xDC00}},
+                                 {0x00041000, {0xD8C4, 0xDC00}},
+                                 {0x00042000, {0xD8C8, 0xDC00}},
+                                 {0x00044000, {0xD8D0, 0xDC00}},
+                                 {0x00048000, {0xD8E0, 0xDC00}},
+                                 {0x0004FFFF, {0xD8FF, 0xDFFF}},
+                                 {0x00050000, {0xD900, 0xDC00}},
+                                 {0x00050001, {0xD900, 0xDC01}},
+                                 {0x00050002, {0xD900, 0xDC02}},
+                                 {0x00050004, {0xD900, 0xDC04}},
+                                 {0x00050008, {0xD900, 0xDC08}},
+                                 {0x00050010, {0xD900, 0xDC10}},
+                                 {0x00050020, {0xD900, 0xDC20}},
+                                 {0x00050040, {0xD900, 0xDC40}},
+                                 {0x00050080, {0xD900, 0xDC80}},
+                                 {0x00050100, {0xD900, 0xDD00}},
+                                 {0x00050200, {0xD900, 0xDE00}},
+                                 {0x00050400, {0xD901, 0xDC00}},
+                                 {0x00050800, {0xD902, 0xDC00}},
+                                 {0x00051000, {0xD904, 0xDC00}},
+                                 {0x00052000, {0xD908, 0xDC00}},
+                                 {0x00054000, {0xD910, 0xDC00}},
+                                 {0x00058000, {0xD920, 0xDC00}},
+                                 {0x00060000, {0xD940, 0xDC00}},
+                                 {0x00070000, {0xD980, 0xDC00}},
+                                 {0x0007FFFF, {0xD9BF, 0xDFFF}},
+                                 {0x00080000, {0xD9C0, 0xDC00}},
+                                 {0x00080001, {0xD9C0, 0xDC01}},
+                                 {0x00080002, {0xD9C0, 0xDC02}},
+                                 {0x00080004, {0xD9C0, 0xDC04}},
+                                 {0x00080008, {0xD9C0, 0xDC08}},
+                                 {0x00080010, {0xD9C0, 0xDC10}},
+                                 {0x00080020, {0xD9C0, 0xDC20}},
+                                 {0x00080040, {0xD9C0, 0xDC40}},
+                                 {0x00080080, {0xD9C0, 0xDC80}},
+                                 {0x00080100, {0xD9C0, 0xDD00}},
+                                 {0x00080200, {0xD9C0, 0xDE00}},
+                                 {0x00080400, {0xD9C1, 0xDC00}},
+                                 {0x00080800, {0xD9C2, 0xDC00}},
+                                 {0x00081000, {0xD9C4, 0xDC00}},
+                                 {0x00082000, {0xD9C8, 0xDC00}},
+                                 {0x00084000, {0xD9D0, 0xDC00}},
+                                 {0x00088000, {0xD9E0, 0xDC00}},
+                                 {0x0008FFFF, {0xD9FF, 0xDFFF}},
+                                 {0x00090000, {0xDA00, 0xDC00}},
+                                 {0x00090001, {0xDA00, 0xDC01}},
+                                 {0x00090002, {0xDA00, 0xDC02}},
+                                 {0x00090004, {0xDA00, 0xDC04}},
+                                 {0x00090008, {0xDA00, 0xDC08}},
+                                 {0x00090010, {0xDA00, 0xDC10}},
+                                 {0x00090020, {0xDA00, 0xDC20}},
+                                 {0x00090040, {0xDA00, 0xDC40}},
+                                 {0x00090080, {0xDA00, 0xDC80}},
+                                 {0x00090100, {0xDA00, 0xDD00}},
+                                 {0x00090200, {0xDA00, 0xDE00}},
+                                 {0x00090400, {0xDA01, 0xDC00}},
+                                 {0x00090800, {0xDA02, 0xDC00}},
+                                 {0x00091000, {0xDA04, 0xDC00}},
+                                 {0x00092000, {0xDA08, 0xDC00}},
+                                 {0x00094000, {0xDA10, 0xDC00}},
+                                 {0x00098000, {0xDA20, 0xDC00}},
+                                 {0x000A0000, {0xDA40, 0xDC00}},
+                                 {0x000B0000, {0xDA80, 0xDC00}},
+                                 {0x000C0000, {0xDAC0, 0xDC00}},
+                                 {0x000D0000, {0xDB00, 0xDC00}},
+                                 {0x000FFFFF, {0xDBBF, 0xDFFF}},
+                                 {0x0010FFFF, {0xDBFF, 0xDFFF}}
+
+};
+
+// Invalid UTF-8 sequences
+
+const char *const kUtf8BadCases[] = {
+    "\xC0\x80",
+    "\xC1\xBF",
+    "\xE0\x80\x80",
+    "\xE0\x9F\xBF",
+    "\xF0\x80\x80\x80",
+    "\xF0\x8F\xBF\xBF",
+    "\xF4\x90\x80\x80",
+    "\xF7\xBF\xBF\xBF",
+    "\xF8\x80\x80\x80\x80",
+    "\xF8\x88\x80\x80\x80",
+    "\xF8\x92\x80\x80\x80",
+    "\xF8\x9F\xBF\xBF\xBF",
+    "\xF8\xA0\x80\x80\x80",
+    "\xF8\xA8\x80\x80\x80",
+    "\xF8\xB0\x80\x80\x80",
+    "\xF8\xBF\xBF\xBF\xBF",
+    "\xF9\x80\x80\x80\x88",
+    "\xF9\x84\x80\x80\x80",
+    "\xF9\xBF\xBF\xBF\xBF",
+    "\xFA\x80\x80\x80\x80",
+    "\xFA\x90\x80\x80\x80",
+    "\xFB\xBF\xBF\xBF\xBF",
+    "\xFC\x84\x80\x80\x80\x81",
+    "\xFC\x85\x80\x80\x80\x80",
+    "\xFC\x86\x80\x80\x80\x80",
+    "\xFC\x87\xBF\xBF\xBF\xBF",
+    "\xFC\x88\xA0\x80\x80\x80",
+    "\xFC\x89\x80\x80\x80\x80",
+    "\xFC\x8A\x80\x80\x80\x80",
+    "\xFC\x90\x80\x80\x80\x82",
+    "\xFD\x80\x80\x80\x80\x80",
+    "\xFD\xBF\xBF\xBF\xBF\xBF",
+    "\x80",
+    "\xC3",
+    "\xC3\xC3\x80",
+    "\xED\xA0\x80",
+    "\xED\xBF\x80",
+    "\xED\xBF\xBF",
+    "\xED\xA0\x80\xE0\xBF\xBF",
+};
+
+// Invalid UTF-16 sequences (0-terminated)
+
+const Utf16BadCase kUtf16BadCases[] = {
+    // Leading surrogate not followed by trailing surrogate:
+    {{0xD800, 0, 0}},
+    {{0xD800, 0x41, 0}},
+    {{0xD800, 0xfe, 0}},
+    {{0xD800, 0x3bb, 0}},
+    {{0xD800, 0xD800, 0}},
+    {{0xD800, 0xFEFF, 0}},
+    {{0xD800, 0xFFFD, 0}},
+    // Trailing surrogate, not preceded by a leading one.
+    {{0xDC00, 0, 0}},
+    {{0xDE6D, 0xD834, 0}},
+};
+
+// Parameterized test instantiations:
+
+INSTANTIATE_TEST_CASE_P(Ucs4TestCases, Ucs4Test,
+                        ::testing::ValuesIn(kUcs4Cases));
+
+INSTANTIATE_TEST_CASE_P(Iso88591TestCases, Ucs2Test,
+                        ::testing::ValuesIn(kIso88591Cases));
+
+INSTANTIATE_TEST_CASE_P(Ucs2TestCases, Ucs2Test,
+                        ::testing::ValuesIn(kUcs2Cases));
+
+INSTANTIATE_TEST_CASE_P(Utf16TestCases, Utf16Test,
+                        ::testing::ValuesIn(kUtf16Cases));
+
+INSTANTIATE_TEST_CASE_P(BadUtf8TestCases, BadUtf8Test,
+                        ::testing::ValuesIn(kUtf8BadCases));
+
+INSTANTIATE_TEST_CASE_P(BadUtf16TestCases, BadUtf16Test,
+                        ::testing::ValuesIn(kUtf16BadCases));
+
+INSTANTIATE_TEST_CASE_P(Iso88591TestCases, Iso88591Test,
+                        ::testing::ValuesIn(kIso88591Cases));
+;
+
+}  // namespace nss_test
diff --git a/nss/lib/Makefile b/nss/lib/Makefile
new file mode 100644
index 0000000..8eedad0
--- /dev/null
+++ b/nss/lib/Makefile
@@ -0,0 +1,97 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+ifndef USE_SYSTEM_ZLIB
+ZLIB_SRCDIR = zlib  # Add the zlib directory to DIRS.
+endif
+
+ifndef MOZILLA_CLIENT
+ifndef NSS_USE_SYSTEM_SQLITE
+SQLITE_SRCDIR = sqlite  # Add the sqlite directory to DIRS.
+endif
+endif
+
+ifndef MOZILLA_CLIENT
+ifeq ($(OS_ARCH),Linux)
+SYSINIT_SRCDIR = sysinit  # Add the sysinit directory to DIRS.
+endif
+endif
+
+ifndef NSS_DISABLE_DBM
+DBM_SRCDIR = dbm  # Add the dbm directory to DIRS.
+endif
+
+ifeq ($(NSS_BUILD_UTIL_ONLY),1)
+SYSINIT_SRCDIR=
+endif
+
+ifndef NSS_DISABLE_LIBPKIX
+LIBPKIX_SRCDIR = libpkix  # Add the libpkix directory to DIRS.
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+ifeq ($(NSS_BUILD_UTIL_ONLY),1)
+  UTIL_SRCDIR = util
+  FREEBL_SRCDIR =
+  SOFTOKEN_SRCDIR =
+else
+  ifeq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
+      UTIL_SRCDIR =
+      FREEBL_SRCDIR = freebl
+      SOFTOKEN_SRCDIR = softoken
+  else
+    ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+      # Not included when building nss without softoken
+      # This build type uses the build results of the prior
+      # NSS_BUILD_UTIL_ONLY and NSS_BUILD_SOFTOKEN_ONLY builds
+      UTIL_SRCDIR =
+      FREEBL_SRCDIR =
+      SOFTOKEN_SRCDIR =
+    else
+      # default is to include all
+      UTIL_SRCDIR = util
+      FREEBL_SRCDIR = freebl
+      SOFTOKEN_SRCDIR = softoken
+    endif
+  endif
+endif
diff --git a/nss/lib/base/Makefile b/nss/lib/base/Makefile
new file mode 100644
index 0000000..fc78ae9
--- /dev/null
+++ b/nss/lib/base/Makefile
@@ -0,0 +1,11 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+export:: private_export
diff --git a/nss/lib/base/arena.c b/nss/lib/base/arena.c
new file mode 100644
index 0000000..b8e6464
--- /dev/null
+++ b/nss/lib/base/arena.c
@@ -0,0 +1,1143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * arena.c
+ *
+ * This contains the implementation of NSS's thread-safe arenas.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#ifdef ARENA_THREADMARK
+#include "prthread.h"
+#endif /* ARENA_THREADMARK */
+
+#include "prlock.h"
+#include "plarena.h"
+
+#include <string.h>
+
+/*
+ * NSSArena
+ *
+ * This is based on NSPR's arena code, but it is threadsafe.
+ *
+ * The public methods relating to this type are:
+ *
+ *  NSSArena_Create  -- constructor
+ *  NSSArena_Destroy
+ *  NSS_ZAlloc
+ *  NSS_ZRealloc
+ *  NSS_ZFreeIf
+ *
+ * The nonpublic methods relating to this type are:
+ *
+ *  nssArena_Create  -- constructor
+ *  nssArena_Destroy
+ *  nssArena_Mark
+ *  nssArena_Release
+ *  nssArena_Unmark
+ *
+ *  nss_ZAlloc
+ *  nss_ZFreeIf
+ *  nss_ZRealloc
+ *
+ * In debug builds, the following calls are available:
+ *
+ *  nssArena_verifyPointer
+ *  nssArena_registerDestructor
+ *  nssArena_deregisterDestructor
+ */
+
+struct NSSArenaStr {
+    PLArenaPool pool;
+    PRLock *lock;
+#ifdef ARENA_THREADMARK
+    PRThread *marking_thread;
+    nssArenaMark *first_mark;
+    nssArenaMark *last_mark;
+#endif /* ARENA_THREADMARK */
+#ifdef ARENA_DESTRUCTOR_LIST
+    struct arena_destructor_node *first_destructor;
+    struct arena_destructor_node *last_destructor;
+#endif /* ARENA_DESTRUCTOR_LIST */
+};
+
+/*
+ * nssArenaMark
+ *
+ * This type is used to mark the current state of an NSSArena.
+ */
+
+struct nssArenaMarkStr {
+    PRUint32 magic;
+    void *mark;
+#ifdef ARENA_THREADMARK
+    nssArenaMark *next;
+#endif /* ARENA_THREADMARK */
+#ifdef ARENA_DESTRUCTOR_LIST
+    struct arena_destructor_node *next_destructor;
+    struct arena_destructor_node *prev_destructor;
+#endif /* ARENA_DESTRUCTOR_LIST */
+};
+
+#define MARK_MAGIC 0x4d41524b /* "MARK" how original */
+
+/*
+ * But first, the pointer-tracking code
+ */
+#ifdef DEBUG
+extern const NSSError NSS_ERROR_INTERNAL_ERROR;
+
+static nssPointerTracker arena_pointer_tracker;
+
+static PRStatus
+arena_add_pointer(const NSSArena *arena)
+{
+    PRStatus rv;
+
+    rv = nssPointerTracker_initialize(&arena_pointer_tracker);
+    if (PR_SUCCESS != rv) {
+        return rv;
+    }
+
+    rv = nssPointerTracker_add(&arena_pointer_tracker, arena);
+    if (PR_SUCCESS != rv) {
+        NSSError e = NSS_GetError();
+        if (NSS_ERROR_NO_MEMORY != e) {
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+        }
+
+        return rv;
+    }
+
+    return PR_SUCCESS;
+}
+
+static PRStatus
+arena_remove_pointer(const NSSArena *arena)
+{
+    PRStatus rv;
+
+    rv = nssPointerTracker_remove(&arena_pointer_tracker, arena);
+    if (PR_SUCCESS != rv) {
+        nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+    }
+
+    return rv;
+}
+
+/*
+ * nssArena_verifyPointer
+ *
+ * This method is only present in debug builds.
+ *
+ * If the specified pointer is a valid pointer to an NSSArena object,
+ * this routine will return PR_SUCCESS.  Otherwise, it will put an
+ * error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *
+ * Return value:
+ *  PR_SUCCESS if the pointer is valid
+ *  PR_FAILURE if it isn't
+ */
+
+NSS_IMPLEMENT PRStatus
+nssArena_verifyPointer(const NSSArena *arena)
+{
+    PRStatus rv;
+
+    rv = nssPointerTracker_initialize(&arena_pointer_tracker);
+    if (PR_SUCCESS != rv) {
+        /*
+         * This is a little disingenious.  We have to initialize the
+         * tracker, because someone could "legitimately" try to verify
+         * an arena pointer before one is ever created.  And this step
+         * might fail, due to lack of memory.  But the only way that
+         * this step can fail is if it's doing the call_once stuff,
+         * (later calls just no-op).  And if it didn't no-op, there
+         * aren't any valid arenas.. so the argument certainly isn't one.
+         */
+        nss_SetError(NSS_ERROR_INVALID_ARENA);
+        return PR_FAILURE;
+    }
+
+    rv = nssPointerTracker_verify(&arena_pointer_tracker, arena);
+    if (PR_SUCCESS != rv) {
+        nss_SetError(NSS_ERROR_INVALID_ARENA);
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+#endif /* DEBUG */
+
+#ifdef ARENA_DESTRUCTOR_LIST
+
+struct arena_destructor_node {
+    struct arena_destructor_node *next;
+    struct arena_destructor_node *prev;
+    void (*destructor)(void *argument);
+    void *arg;
+};
+
+/*
+ * nssArena_registerDestructor
+ *
+ * This routine stores a pointer to a callback and an arbitrary
+ * pointer-sized argument in the arena, at the current point in
+ * the mark stack.  If the arena is destroyed, or an "earlier"
+ * mark is released, then this destructor will be called at that
+ * time.  Note that the destructor will be called with the arena
+ * locked, which means the destructor may free memory in that
+ * arena, but it may not allocate or cause to be allocated any
+ * memory.  This callback facility was included to support our
+ * debug-version pointer-tracker feature; overuse runs counter to
+ * the the original intent of arenas.  This routine returns a
+ * PRStatus value; if successful, it will return PR_SUCCESS.  If
+ * unsuccessful, it will set an error on the error stack and
+ * return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssArena_registerDestructor(NSSArena *arena, void (*destructor)(void *argument),
+                            void *arg)
+{
+    struct arena_destructor_node *it;
+
+#ifdef NSSDEBUG
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        return PR_FAILURE;
+    }
+#endif /* NSSDEBUG */
+
+    it = nss_ZNEW(arena, struct arena_destructor_node);
+    if ((struct arena_destructor_node *)NULL == it) {
+        return PR_FAILURE;
+    }
+
+    it->prev = arena->last_destructor;
+    arena->last_destructor->next = it;
+    arena->last_destructor = it;
+    it->destructor = destructor;
+    it->arg = arg;
+
+    if ((nssArenaMark *)NULL != arena->last_mark) {
+        arena->last_mark->prev_destructor = it->prev;
+        arena->last_mark->next_destructor = it->next;
+    }
+
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssArena_deregisterDestructor(NSSArena *arena,
+                              void (*destructor)(void *argument), void *arg)
+{
+    struct arena_destructor_node *it;
+
+#ifdef NSSDEBUG
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        return PR_FAILURE;
+    }
+#endif /* NSSDEBUG */
+
+    for (it = arena->first_destructor; it; it = it->next) {
+        if ((it->destructor == destructor) && (it->arg == arg)) {
+            break;
+        }
+    }
+
+    if ((struct arena_destructor_node *)NULL == it) {
+        nss_SetError(NSS_ERROR_NOT_FOUND);
+        return PR_FAILURE;
+    }
+
+    if (it == arena->first_destructor) {
+        arena->first_destructor = it->next;
+    }
+
+    if (it == arena->last_destructor) {
+        arena->last_destructor = it->prev;
+    }
+
+    if ((struct arena_destructor_node *)NULL != it->prev) {
+        it->prev->next = it->next;
+    }
+
+    if ((struct arena_destructor_node *)NULL != it->next) {
+        it->next->prev = it->prev;
+    }
+
+    {
+        nssArenaMark *m;
+        for (m = arena->first_mark; m; m = m->next) {
+            if (m->next_destructor == it) {
+                m->next_destructor = it->next;
+            }
+            if (m->prev_destructor == it) {
+                m->prev_destructor = it->prev;
+            }
+        }
+    }
+
+    nss_ZFreeIf(it);
+    return PR_SUCCESS;
+}
+
+static void
+nss_arena_call_destructor_chain(struct arena_destructor_node *it)
+{
+    for (; it; it = it->next) {
+        (*(it->destructor))(it->arg);
+    }
+}
+
+#endif /* ARENA_DESTRUCTOR_LIST */
+
+/*
+ * NSSArena_Create
+ *
+ * This routine creates a new memory arena.  This routine may return
+ * NULL upon error, in which case it will have created an error stack.
+ *
+ * The top-level error may be one of the following values:
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to an NSSArena upon success
+ */
+
+NSS_IMPLEMENT NSSArena *
+NSSArena_Create(void)
+{
+    nss_ClearErrorStack();
+    return nssArena_Create();
+}
+
+/*
+ * nssArena_Create
+ *
+ * This routine creates a new memory arena.  This routine may return
+ * NULL upon error, in which case it will have set an error on the
+ * error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to an NSSArena upon success
+ */
+
+NSS_IMPLEMENT NSSArena *
+nssArena_Create(void)
+{
+    NSSArena *rv = (NSSArena *)NULL;
+
+    rv = nss_ZNEW((NSSArena *)NULL, NSSArena);
+    if ((NSSArena *)NULL == rv) {
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return (NSSArena *)NULL;
+    }
+
+    rv->lock = PR_NewLock();
+    if ((PRLock *)NULL == rv->lock) {
+        (void)nss_ZFreeIf(rv);
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return (NSSArena *)NULL;
+    }
+
+    /*
+     * Arena sizes.  The current security code has 229 occurrences of
+     * PORT_NewArena.  The default chunksizes specified break down as
+     *
+     *  Size    Mult.   Specified as
+     *   512       1    512
+     *  1024       7    1024
+     *  2048       5    2048
+     *  2048       5    CRMF_DEFAULT_ARENA_SIZE
+     *  2048     190    DER_DEFAULT_CHUNKSIZE
+     *  2048      20    SEC_ASN1_DEFAULT_ARENA_SIZE
+     *  4096       1    4096
+     *
+     * Obviously this "default chunksize" flexibility isn't very
+     * useful to us, so I'll just pick 2048.
+     */
+
+    PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double));
+
+#ifdef DEBUG
+    {
+        PRStatus st;
+        st = arena_add_pointer(rv);
+        if (PR_SUCCESS != st) {
+            PL_FinishArenaPool(&rv->pool);
+            PR_DestroyLock(rv->lock);
+            (void)nss_ZFreeIf(rv);
+            return (NSSArena *)NULL;
+        }
+    }
+#endif /* DEBUG */
+
+    return rv;
+}
+
+/*
+ * NSSArena_Destroy
+ *
+ * This routine will destroy the specified arena, freeing all memory
+ * allocated from it.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS.  If unsuccessful, it will
+ * create an error stack and return PR_FAILURE.
+ *
+ * The top-level error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *
+ * Return value:
+ *  PR_SUCCESS upon success
+ *  PR_FAILURE upon failure
+ */
+
+NSS_IMPLEMENT PRStatus
+NSSArena_Destroy(NSSArena *arena)
+{
+    nss_ClearErrorStack();
+
+#ifdef DEBUG
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        return PR_FAILURE;
+    }
+#endif /* DEBUG */
+
+    return nssArena_Destroy(arena);
+}
+
+/*
+ * nssArena_Destroy
+ *
+ * This routine will destroy the specified arena, freeing all memory
+ * allocated from it.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS.  If unsuccessful, it will
+ * set an error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssArena_Destroy(NSSArena *arena)
+{
+    PRLock *lock;
+
+#ifdef NSSDEBUG
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        return PR_FAILURE;
+    }
+#endif /* NSSDEBUG */
+
+    if ((PRLock *)NULL == arena->lock) {
+        /* Just got destroyed */
+        nss_SetError(NSS_ERROR_INVALID_ARENA);
+        return PR_FAILURE;
+    }
+    PR_Lock(arena->lock);
+
+#ifdef DEBUG
+    if (PR_SUCCESS != arena_remove_pointer(arena)) {
+        PR_Unlock(arena->lock);
+        return PR_FAILURE;
+    }
+#endif /* DEBUG */
+
+#ifdef ARENA_DESTRUCTOR_LIST
+    /* Note that the arena is locked at this time */
+    nss_arena_call_destructor_chain(arena->first_destructor);
+#endif /* ARENA_DESTRUCTOR_LIST */
+
+    PL_FinishArenaPool(&arena->pool);
+    lock = arena->lock;
+    arena->lock = (PRLock *)NULL;
+    PR_Unlock(lock);
+    PR_DestroyLock(lock);
+    (void)nss_ZFreeIf(arena);
+    return PR_SUCCESS;
+}
+
+static void *nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size);
+
+/*
+ * nssArena_Mark
+ *
+ * This routine "marks" the current state of an arena.  Space
+ * allocated after the arena has been marked can be freed by
+ * releasing the arena back to the mark with nssArena_Release,
+ * or committed by calling nssArena_Unmark.  When successful,
+ * this routine returns a valid nssArenaMark pointer.  This
+ * routine may return NULL upon error, in which case it will
+ * have set an error on the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon failure
+ *  An nssArenaMark pointer upon success
+ */
+
+NSS_IMPLEMENT nssArenaMark *
+nssArena_Mark(NSSArena *arena)
+{
+    nssArenaMark *rv;
+    void *p;
+
+#ifdef NSSDEBUG
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        return (nssArenaMark *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if ((PRLock *)NULL == arena->lock) {
+        /* Just got destroyed */
+        nss_SetError(NSS_ERROR_INVALID_ARENA);
+        return (nssArenaMark *)NULL;
+    }
+    PR_Lock(arena->lock);
+
+#ifdef ARENA_THREADMARK
+    if ((PRThread *)NULL == arena->marking_thread) {
+        /* Unmarked.  Store our thread ID */
+        arena->marking_thread = PR_GetCurrentThread();
+        /* This call never fails. */
+    } else {
+        /* Marked.  Verify it's the current thread */
+        if (PR_GetCurrentThread() != arena->marking_thread) {
+            PR_Unlock(arena->lock);
+            nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+            return (nssArenaMark *)NULL;
+        }
+    }
+#endif /* ARENA_THREADMARK */
+
+    p = PL_ARENA_MARK(&arena->pool);
+    /* No error possible */
+
+    /* Do this after the mark */
+    rv = (nssArenaMark *)nss_zalloc_arena_locked(arena, sizeof(nssArenaMark));
+    if ((nssArenaMark *)NULL == rv) {
+        PR_Unlock(arena->lock);
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return (nssArenaMark *)NULL;
+    }
+
+#ifdef ARENA_THREADMARK
+    if ((nssArenaMark *)NULL == arena->first_mark) {
+        arena->first_mark = rv;
+        arena->last_mark = rv;
+    } else {
+        arena->last_mark->next = rv;
+        arena->last_mark = rv;
+    }
+#endif /* ARENA_THREADMARK */
+
+    rv->mark = p;
+    rv->magic = MARK_MAGIC;
+
+#ifdef ARENA_DESTRUCTOR_LIST
+    rv->prev_destructor = arena->last_destructor;
+#endif /* ARENA_DESTRUCTOR_LIST */
+
+    PR_Unlock(arena->lock);
+
+    return rv;
+}
+
+/*
+ * nss_arena_unmark_release
+ *
+ * This static routine implements the routines nssArena_Release
+ * ans nssArena_Unmark, which are almost identical.
+ */
+
+static PRStatus
+nss_arena_unmark_release(NSSArena *arena, nssArenaMark *arenaMark,
+                         PRBool release)
+{
+    void *inner_mark;
+
+#ifdef NSSDEBUG
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        return PR_FAILURE;
+    }
+#endif /* NSSDEBUG */
+
+    if (MARK_MAGIC != arenaMark->magic) {
+        nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
+        return PR_FAILURE;
+    }
+
+    if ((PRLock *)NULL == arena->lock) {
+        /* Just got destroyed */
+        nss_SetError(NSS_ERROR_INVALID_ARENA);
+        return PR_FAILURE;
+    }
+    PR_Lock(arena->lock);
+
+#ifdef ARENA_THREADMARK
+    if ((PRThread *)NULL != arena->marking_thread) {
+        if (PR_GetCurrentThread() != arena->marking_thread) {
+            PR_Unlock(arena->lock);
+            nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+            return PR_FAILURE;
+        }
+    }
+#endif /* ARENA_THREADMARK */
+
+    if (MARK_MAGIC != arenaMark->magic) {
+        /* Just got released */
+        PR_Unlock(arena->lock);
+        nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
+        return PR_FAILURE;
+    }
+
+    arenaMark->magic = 0;
+    inner_mark = arenaMark->mark;
+
+#ifdef ARENA_THREADMARK
+    {
+        nssArenaMark **pMark = &arena->first_mark;
+        nssArenaMark *rest;
+        nssArenaMark *last = (nssArenaMark *)NULL;
+
+        /* Find this mark */
+        while (*pMark != arenaMark) {
+            last = *pMark;
+            pMark = &(*pMark)->next;
+        }
+
+        /* Remember the pointer, then zero it */
+        rest = (*pMark)->next;
+        *pMark = (nssArenaMark *)NULL;
+
+        arena->last_mark = last;
+
+        /* Invalidate any later marks being implicitly released */
+        for (; (nssArenaMark *)NULL != rest; rest = rest->next) {
+            rest->magic = 0;
+        }
+
+        /* If we just got rid of the first mark, clear the thread ID */
+        if ((nssArenaMark *)NULL == arena->first_mark) {
+            arena->marking_thread = (PRThread *)NULL;
+        }
+    }
+#endif /* ARENA_THREADMARK */
+
+    if (release) {
+#ifdef ARENA_DESTRUCTOR_LIST
+        if ((struct arena_destructor_node *)NULL !=
+            arenaMark->prev_destructor) {
+            arenaMark->prev_destructor->next =
+                (struct arena_destructor_node *)NULL;
+        }
+        arena->last_destructor = arenaMark->prev_destructor;
+
+        /* Note that the arena is locked at this time */
+        nss_arena_call_destructor_chain(arenaMark->next_destructor);
+#endif /* ARENA_DESTRUCTOR_LIST */
+
+        PL_ARENA_RELEASE(&arena->pool, inner_mark);
+        /* No error return */
+    }
+
+    PR_Unlock(arena->lock);
+    return PR_SUCCESS;
+}
+
+/*
+ * nssArena_Release
+ *
+ * This routine invalidates and releases all memory allocated from
+ * the specified arena after the point at which the specified mark
+ * was obtained.  This routine returns a PRStatus value; if successful,
+ * it will return PR_SUCCESS.  If unsuccessful, it will set an error
+ * on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_INVALID_ARENA_MARK
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark)
+{
+    return nss_arena_unmark_release(arena, arenaMark, PR_TRUE);
+}
+
+/*
+ * nssArena_Unmark
+ *
+ * This routine "commits" the indicated mark and any marks after
+ * it, making them unreleasable.  Note that any earlier marks can
+ * still be released, and such a release will invalidate these
+ * later unmarked regions.  If an arena is to be safely shared by
+ * more than one thread, all marks must be either released or
+ * unmarked.  This routine returns a PRStatus value; if successful,
+ * it will return PR_SUCCESS.  If unsuccessful, it will set an error
+ * on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_INVALID_ARENA_MARK
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark)
+{
+    return nss_arena_unmark_release(arena, arenaMark, PR_FALSE);
+}
+
+/*
+ * We prefix this header to all allocated blocks.  It is a multiple
+ * of the alignment size.  Note that this usage of a header may make
+ * purify spew bogus warnings about "potentially leaked blocks" of
+ * memory; if that gets too annoying we can add in a pointer to the
+ * header in the header itself.  There's not a lot of safety here;
+ * maybe we should add a magic value?
+ */
+struct pointer_header {
+    NSSArena *arena;
+    PRUint32 size;
+};
+
+static void *
+nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size)
+{
+    void *p;
+    void *rv;
+    struct pointer_header *h;
+    PRUint32 my_size = size + sizeof(struct pointer_header);
+    PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
+    if ((void *)NULL == p) {
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return (void *)NULL;
+    }
+    /*
+     * Do this before we unlock.  This way if the user is using
+     * an arena in one thread while destroying it in another, he'll
+     * fault/FMR in his code, not ours.
+     */
+    h = (struct pointer_header *)p;
+    h->arena = arena;
+    h->size = size;
+    rv = (void *)((char *)h + sizeof(struct pointer_header));
+    (void)nsslibc_memset(rv, 0, size);
+    return rv;
+}
+
+/*
+ * NSS_ZAlloc
+ *
+ * This routine allocates and zeroes a section of memory of the
+ * size, and returns to the caller a pointer to that memory.  If
+ * the optional arena argument is non-null, the memory will be
+ * obtained from that arena; otherwise, the memory will be obtained
+ * from the heap.  This routine may return NULL upon error, in
+ * which case it will have set an error upon the error stack.  The
+ * value specified for size may be zero; in which case a valid
+ * zero-length block of memory will be allocated.  This block may
+ * be expanded by calling NSS_ZRealloc.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+NSS_IMPLEMENT void *
+NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
+{
+    return nss_ZAlloc(arenaOpt, size);
+}
+
+/*
+ * nss_ZAlloc
+ *
+ * This routine allocates and zeroes a section of memory of the
+ * size, and returns to the caller a pointer to that memory.  If
+ * the optional arena argument is non-null, the memory will be
+ * obtained from that arena; otherwise, the memory will be obtained
+ * from the heap.  This routine may return NULL upon error, in
+ * which case it will have set an error upon the error stack.  The
+ * value specified for size may be zero; in which case a valid
+ * zero-length block of memory will be allocated.  This block may
+ * be expanded by calling nss_ZRealloc.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+NSS_IMPLEMENT void *
+nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
+{
+    struct pointer_header *h;
+    PRUint32 my_size = size + sizeof(struct pointer_header);
+
+    if (my_size < sizeof(struct pointer_header)) {
+        /* Wrapped */
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return (void *)NULL;
+    }
+
+    if ((NSSArena *)NULL == arenaOpt) {
+        /* Heap allocation, no locking required. */
+        h = (struct pointer_header *)PR_Calloc(1, my_size);
+        if ((struct pointer_header *)NULL == h) {
+            nss_SetError(NSS_ERROR_NO_MEMORY);
+            return (void *)NULL;
+        }
+
+        h->arena = (NSSArena *)NULL;
+        h->size = size;
+        /* We used calloc: it's already zeroed */
+
+        return (void *)((char *)h + sizeof(struct pointer_header));
+    } else {
+        void *rv;
+/* Arena allocation */
+#ifdef NSSDEBUG
+        if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+            return (void *)NULL;
+        }
+#endif /* NSSDEBUG */
+
+        if ((PRLock *)NULL == arenaOpt->lock) {
+            /* Just got destroyed */
+            nss_SetError(NSS_ERROR_INVALID_ARENA);
+            return (void *)NULL;
+        }
+        PR_Lock(arenaOpt->lock);
+
+#ifdef ARENA_THREADMARK
+        if ((PRThread *)NULL != arenaOpt->marking_thread) {
+            if (PR_GetCurrentThread() != arenaOpt->marking_thread) {
+                nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+                PR_Unlock(arenaOpt->lock);
+                return (void *)NULL;
+            }
+        }
+#endif /* ARENA_THREADMARK */
+
+        rv = nss_zalloc_arena_locked(arenaOpt, size);
+
+        PR_Unlock(arenaOpt->lock);
+        return rv;
+    }
+    /*NOTREACHED*/
+}
+
+/*
+ * NSS_ZFreeIf
+ *
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * NSS_ZAlloc -- will be zeroed and released.  This routine
+ * returns a PRStatus value; if successful, it will return PR_SUCCESS.
+ * If unsuccessful, it will set an error on the error stack and return
+ * PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+NSS_IMPLEMENT PRStatus
+NSS_ZFreeIf(void *pointer)
+{
+    return nss_ZFreeIf(pointer);
+}
+
+/*
+ * nss_ZFreeIf
+ *
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * nss_ZAlloc -- will be zeroed and released.  This routine
+ * returns a PRStatus value; if successful, it will return PR_SUCCESS.
+ * If unsuccessful, it will set an error on the error stack and return
+ * PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nss_ZFreeIf(void *pointer)
+{
+    struct pointer_header *h;
+
+    if ((void *)NULL == pointer) {
+        return PR_SUCCESS;
+    }
+
+    h = (struct pointer_header *)((char *)pointer -
+                                  sizeof(struct pointer_header));
+
+    /* Check any magic here */
+
+    if ((NSSArena *)NULL == h->arena) {
+        /* Heap */
+        (void)nsslibc_memset(pointer, 0, h->size);
+        PR_Free(h);
+        return PR_SUCCESS;
+    } else {
+/* Arena */
+#ifdef NSSDEBUG
+        if (PR_SUCCESS != nssArena_verifyPointer(h->arena)) {
+            return PR_FAILURE;
+        }
+#endif /* NSSDEBUG */
+
+        if ((PRLock *)NULL == h->arena->lock) {
+            /* Just got destroyed.. so this pointer is invalid */
+            nss_SetError(NSS_ERROR_INVALID_POINTER);
+            return PR_FAILURE;
+        }
+        PR_Lock(h->arena->lock);
+
+        (void)nsslibc_memset(pointer, 0, h->size);
+
+        /* No way to "free" it within an NSPR arena. */
+
+        PR_Unlock(h->arena->lock);
+        return PR_SUCCESS;
+    }
+    /*NOTREACHED*/
+}
+
+/*
+ * NSS_ZRealloc
+ *
+ * This routine reallocates a block of memory obtained by calling
+ * nss_ZAlloc or nss_ZRealloc.  The portion of memory
+ * between the new and old sizes -- which is either being newly
+ * obtained or released -- is in either case zeroed.  This routine
+ * may return NULL upon failure, in which case it will have placed
+ * an error on the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the replacement segment of memory
+ */
+
+NSS_EXTERN void *
+NSS_ZRealloc(void *pointer, PRUint32 newSize)
+{
+    return nss_ZRealloc(pointer, newSize);
+}
+
+/*
+ * nss_ZRealloc
+ *
+ * This routine reallocates a block of memory obtained by calling
+ * nss_ZAlloc or nss_ZRealloc.  The portion of memory
+ * between the new and old sizes -- which is either being newly
+ * obtained or released -- is in either case zeroed.  This routine
+ * may return NULL upon failure, in which case it will have placed
+ * an error on the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the replacement segment of memory
+ */
+
+NSS_EXTERN void *
+nss_ZRealloc(void *pointer, PRUint32 newSize)
+{
+    NSSArena *arena;
+    struct pointer_header *h, *new_h;
+    PRUint32 my_newSize = newSize + sizeof(struct pointer_header);
+    void *rv;
+
+    if (my_newSize < sizeof(struct pointer_header)) {
+        /* Wrapped */
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return (void *)NULL;
+    }
+
+    if ((void *)NULL == pointer) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return (void *)NULL;
+    }
+
+    h = (struct pointer_header *)((char *)pointer -
+                                  sizeof(struct pointer_header));
+
+    /* Check any magic here */
+
+    if (newSize == h->size) {
+        /* saves thrashing */
+        return pointer;
+    }
+
+    arena = h->arena;
+    if (!arena) {
+        /* Heap */
+        new_h = (struct pointer_header *)PR_Calloc(1, my_newSize);
+        if ((struct pointer_header *)NULL == new_h) {
+            nss_SetError(NSS_ERROR_NO_MEMORY);
+            return (void *)NULL;
+        }
+
+        new_h->arena = (NSSArena *)NULL;
+        new_h->size = newSize;
+        rv = (void *)((char *)new_h + sizeof(struct pointer_header));
+
+        if (newSize > h->size) {
+            (void)nsslibc_memcpy(rv, pointer, h->size);
+            (void)nsslibc_memset(&((char *)rv)[h->size], 0,
+                                 (newSize - h->size));
+        } else {
+            (void)nsslibc_memcpy(rv, pointer, newSize);
+        }
+
+        (void)nsslibc_memset(pointer, 0, h->size);
+        h->size = 0;
+        PR_Free(h);
+
+        return rv;
+    } else {
+        void *p;
+/* Arena */
+#ifdef NSSDEBUG
+        if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+            return (void *)NULL;
+        }
+#endif /* NSSDEBUG */
+
+        if (!arena->lock) {
+            /* Just got destroyed.. so this pointer is invalid */
+            nss_SetError(NSS_ERROR_INVALID_POINTER);
+            return (void *)NULL;
+        }
+        PR_Lock(arena->lock);
+
+#ifdef ARENA_THREADMARK
+        if (arena->marking_thread) {
+            if (PR_GetCurrentThread() != arena->marking_thread) {
+                PR_Unlock(arena->lock);
+                nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+                return (void *)NULL;
+            }
+        }
+#endif /* ARENA_THREADMARK */
+
+        if (newSize < h->size) {
+            /*
+             * We have no general way of returning memory to the arena
+             * (mark/release doesn't work because things may have been
+             * allocated after this object), so the memory is gone
+             * anyway.  We might as well just return the same pointer to
+             * the user, saying "yeah, uh-hunh, you can only use less of
+             * it now."  We'll zero the leftover part, of course.  And
+             * in fact we might as well *not* adjust h->size-- this way,
+             * if the user reallocs back up to something not greater than
+             * the original size, then voila, there's the memory!  This
+             * way a thrash big/small/big/small doesn't burn up the arena.
+             */
+            char *extra = &((char *)pointer)[newSize];
+            (void)nsslibc_memset(extra, 0, (h->size - newSize));
+            PR_Unlock(arena->lock);
+            return pointer;
+        }
+
+        PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
+        if ((void *)NULL == p) {
+            PR_Unlock(arena->lock);
+            nss_SetError(NSS_ERROR_NO_MEMORY);
+            return (void *)NULL;
+        }
+
+        new_h = (struct pointer_header *)p;
+        new_h->arena = arena;
+        new_h->size = newSize;
+        rv = (void *)((char *)new_h + sizeof(struct pointer_header));
+        if (rv != pointer) {
+            (void)nsslibc_memcpy(rv, pointer, h->size);
+            (void)nsslibc_memset(pointer, 0, h->size);
+        }
+        (void)nsslibc_memset(&((char *)rv)[h->size], 0, (newSize - h->size));
+        h->arena = (NSSArena *)NULL;
+        h->size = 0;
+        PR_Unlock(arena->lock);
+        return rv;
+    }
+    /*NOTREACHED*/
+}
+
+PRStatus
+nssArena_Shutdown(void)
+{
+    PRStatus rv = PR_SUCCESS;
+#ifdef DEBUG
+    rv = nssPointerTracker_finalize(&arena_pointer_tracker);
+#endif
+    return rv;
+}
diff --git a/nss/lib/base/base.gyp b/nss/lib/base/base.gyp
new file mode 100644
index 0000000..42318c8
--- /dev/null
+++ b/nss/lib/base/base.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nssb',
+      'type': 'static_library',
+      'sources': [
+        'arena.c',
+        'error.c',
+        'errorval.c',
+        'hash.c',
+        'hashops.c',
+        'item.c',
+        'libc.c',
+        'list.c',
+        'tracker.c',
+        'utf8.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/base/base.h b/nss/lib/base/base.h
new file mode 100644
index 0000000..2033c44
--- /dev/null
+++ b/nss/lib/base/base.h
@@ -0,0 +1,1106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BASE_H
+#define BASE_H
+
+/*
+ * base.h
+ *
+ * This header file contains basic prototypes and preprocessor
+ * definitions used throughout nss but not available publicly.
+ */
+
+#ifndef BASET_H
+#include "baset.h"
+#endif /* BASET_H */
+
+#ifndef NSSBASE_H
+#include "nssbase.h"
+#endif /* NSSBASE_H */
+
+#include "plhash.h"
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * NSSArena
+ *
+ * The nonpublic methods relating to this type are:
+ *
+ *  nssArena_Create  -- constructor
+ *  nssArena_Destroy
+ *  nssArena_Mark
+ *  nssArena_Release
+ *  nssArena_Unmark
+ *
+ *  nss_ZAlloc
+ *  nss_ZFreeIf
+ *  nss_ZRealloc
+ *
+ * Additionally, there are some preprocessor macros:
+ *
+ *  nss_ZNEW
+ *  nss_ZNEWARRAY
+ *
+ * In debug builds, the following calls are available:
+ *
+ *  nssArena_verifyPointer
+ *  nssArena_registerDestructor
+ *  nssArena_deregisterDestructor
+ *
+ * The following preprocessor macro is also always available:
+ *
+ *  nssArena_VERIFYPOINTER
+ *
+ * A constant PLHashAllocOps structure is available for users
+ * of the NSPL PLHashTable routines.
+ *
+ *  nssArenaHashAllocOps
+ */
+
+/*
+ * nssArena_Create
+ *
+ * This routine creates a new memory arena.  This routine may return
+ * NULL upon error, in which case it will have set an error on the
+ * error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to an NSSArena upon success
+ */
+
+/*
+ * XXX fgmr
+ * Arenas can be named upon creation; this is mostly of use when
+ * debugging.  Should we expose that here, allowing an optional
+ * "const char *name" argument?  Should the public version of this
+ * call (NSSArena_Create) have it too?
+ */
+
+NSS_EXTERN NSSArena *nssArena_Create(void);
+
+extern const NSSError NSS_ERROR_NO_MEMORY;
+
+/*
+ * nssArena_Destroy
+ *
+ * This routine will destroy the specified arena, freeing all memory
+ * allocated from it.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS.  If unsuccessful, it will
+ * set an error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_EXTERN PRStatus nssArena_Destroy(NSSArena *arena);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+
+/*
+ * nssArena_Mark
+ *
+ * This routine "marks" the current state of an arena.  Space
+ * allocated after the arena has been marked can be freed by
+ * releasing the arena back to the mark with nssArena_Release,
+ * or committed by calling nssArena_Unmark.  When successful,
+ * this routine returns a valid nssArenaMark pointer.  This
+ * routine may return NULL upon error, in which case it will
+ * have set an error on the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon failure
+ *  An nssArenaMark pointer upon success
+ */
+
+NSS_EXTERN nssArenaMark *nssArena_Mark(NSSArena *arena);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+extern const NSSError NSS_ERROR_NO_MEMORY;
+extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
+
+/*
+ * nssArena_Release
+ *
+ * This routine invalidates and releases all memory allocated from
+ * the specified arena after the point at which the specified mark
+ * was obtained.  This routine returns a PRStatus value; if successful,
+ * it will return PR_SUCCESS.  If unsuccessful, it will set an error
+ * on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_INVALID_ARENA_MARK
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_EXTERN PRStatus nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
+
+/*
+ * nssArena_Unmark
+ *
+ * This routine "commits" the indicated mark and any marks after
+ * it, making them unreleasable.  Note that any earlier marks can
+ * still be released, and such a release will invalidate these
+ * later unmarked regions.  If an arena is to be safely shared by
+ * more than one thread, all marks must be either released or
+ * unmarked.  This routine returns a PRStatus value; if successful,
+ * it will return PR_SUCCESS.  If unsuccessful, it will set an error
+ * on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_INVALID_ARENA_MARK
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_EXTERN PRStatus nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
+extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
+
+#ifdef ARENA_DESTRUCTOR_LIST
+
+/*
+ * nssArena_registerDestructor
+ *
+ * This routine stores a pointer to a callback and an arbitrary
+ * pointer-sized argument in the arena, at the current point in
+ * the mark stack.  If the arena is destroyed, or an "earlier"
+ * mark is released, then this destructor will be called at that
+ * time.  Note that the destructor will be called with the arena
+ * locked, which means the destructor may free memory in that
+ * arena, but it may not allocate or cause to be allocated any
+ * memory.  This callback facility was included to support our
+ * debug-version pointer-tracker feature; overuse runs counter to
+ * the the original intent of arenas.  This routine returns a
+ * PRStatus value; if successful, it will return PR_SUCCESS.  If
+ * unsuccessful, it will set an error on the error stack and
+ * return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_EXTERN PRStatus nssArena_registerDestructor(
+    NSSArena *arena, void (*destructor)(void *argument), void *arg);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+extern const NSSError NSS_ERROR_NO_MEMORY;
+
+/*
+ * nssArena_deregisterDestructor
+ *
+ * This routine will remove the first destructor in the specified
+ * arena which has the specified destructor and argument values.
+ * The destructor will not be called.  This routine returns a
+ * PRStatus value; if successful, it will return PR_SUCCESS.  If
+ * unsuccessful, it will set an error on the error stack and
+ * return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NOT_FOUND
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_EXTERN PRStatus nssArena_deregisterDestructor(
+    NSSArena *arena, void (*destructor)(void *argument), void *arg);
+
+extern const NSSError NSS_ERROR_INVALID_ITEM;
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+extern const NSSError NSS_ERROR_NOT_FOUND;
+
+#endif /* ARENA_DESTRUCTOR_LIST */
+
+/*
+ * nss_ZAlloc
+ *
+ * This routine allocates and zeroes a section of memory of the
+ * size, and returns to the caller a pointer to that memory.  If
+ * the optional arena argument is non-null, the memory will be
+ * obtained from that arena; otherwise, the memory will be obtained
+ * from the heap.  This routine may return NULL upon error, in
+ * which case it will have set an error upon the error stack.  The
+ * value specified for size may be zero; in which case a valid
+ * zero-length block of memory will be allocated.  This block may
+ * be expanded by calling nss_ZRealloc.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+NSS_EXTERN void *nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+extern const NSSError NSS_ERROR_NO_MEMORY;
+extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
+
+/*
+ * nss_ZFreeIf
+ *
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * nss_ZAlloc -- will be zeroed and released.  This routine
+ * returns a PRStatus value; if successful, it will return PR_SUCCESS.
+ * If unsuccessful, it will set an error on the error stack and return
+ * PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_EXTERN PRStatus nss_ZFreeIf(void *pointer);
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+
+/*
+ * nss_ZRealloc
+ *
+ * This routine reallocates a block of memory obtained by calling
+ * nss_ZAlloc or nss_ZRealloc.  The portion of memory
+ * between the new and old sizes -- which is either being newly
+ * obtained or released -- is in either case zeroed.  This routine
+ * may return NULL upon failure, in which case it will have placed
+ * an error on the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the replacement segment of memory
+ */
+
+NSS_EXTERN void *nss_ZRealloc(void *pointer, PRUint32 newSize);
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+extern const NSSError NSS_ERROR_NO_MEMORY;
+extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
+
+/*
+ * nss_ZNEW
+ *
+ * This preprocessor macro will allocate memory for a new object
+ * of the specified type with nss_ZAlloc, and will cast the
+ * return value appropriately.  If the optional arena argument is
+ * non-null, the memory will be obtained from that arena; otherwise,
+ * the memory will be obtained from the heap.  This routine may
+ * return NULL upon error, in which case it will have set an error
+ * upon the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+#define nss_ZNEW(arenaOpt, type) ((type *)nss_ZAlloc((arenaOpt), sizeof(type)))
+
+/*
+ * nss_ZNEWARRAY
+ *
+ * This preprocessor macro will allocate memory for an array of
+ * new objects, and will cast the return value appropriately.
+ * If the optional arena argument is non-null, the memory will
+ * be obtained from that arena; otherwise, the memory will be
+ * obtained from the heap.  This routine may return NULL upon
+ * error, in which case it will have set an error upon the error
+ * stack.  The array size may be specified as zero.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+#define nss_ZNEWARRAY(arenaOpt, type, quantity) \
+    ((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
+
+/*
+ * nss_ZREALLOCARRAY
+ *
+ * This preprocessor macro will reallocate memory for an array of
+ * new objects, and will cast the return value appropriately.
+ * This routine may return NULL upon error, in which case it will
+ *  have set an error upon the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the replacement segment of memory
+ */
+#define nss_ZREALLOCARRAY(p, type, quantity) \
+    ((type *)nss_ZRealloc((p), sizeof(type) * (quantity)))
+
+/*
+ * nssArena_verifyPointer
+ *
+ * This method is only present in debug builds.
+ *
+ * If the specified pointer is a valid pointer to an NSSArena object,
+ * this routine will return PR_SUCCESS.  Otherwise, it will put an
+ * error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *
+ * Return value:
+ *  PR_SUCCESS if the pointer is valid
+ *  PR_FAILURE if it isn't
+ */
+
+#ifdef DEBUG
+NSS_EXTERN PRStatus nssArena_verifyPointer(const NSSArena *arena);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+#endif /* DEBUG */
+
+/*
+ * nssArena_VERIFYPOINTER
+ *
+ * This macro is always available.  In debug builds it will call
+ * nssArena_verifyPointer; in non-debug builds, it will merely
+ * check that the pointer is not null.  Note that in non-debug
+ * builds it cannot place an error on the error stack.
+ *
+ * Return value:
+ *  PR_SUCCESS if the pointer is valid
+ *  PR_FAILURE if it isn't
+ */
+
+#ifdef DEBUG
+#define nssArena_VERIFYPOINTER(p) nssArena_verifyPointer(p)
+#else /* DEBUG */
+
+#define nssArena_VERIFYPOINTER(p) \
+    (((NSSArena *)NULL == (p)) ? PR_FAILURE : PR_SUCCESS)
+#endif /* DEBUG */
+
+/*
+ * Private function to be called by NSS_Shutdown to cleanup nssArena
+ * bookkeeping.
+ */
+extern PRStatus nssArena_Shutdown(void);
+
+/*
+ * nssArenaHashAllocOps
+ *
+ * This constant structure contains allocation callbacks designed for
+ * use with the NSPL routine PL_NewHashTable.  For example:
+ *
+ *  NSSArena *hashTableArena = nssArena_Create();
+ *  PLHashTable *t = PL_NewHashTable(n, hasher, key_compare,
+ *    value_compare, nssArenaHashAllocOps, hashTableArena);
+ */
+
+NSS_EXTERN_DATA PLHashAllocOps nssArenaHashAllocOps;
+
+/*
+ * The error stack
+ *
+ * The nonpublic methods relating to the error stack are:
+ *
+ *  nss_SetError
+ *  nss_ClearErrorStack
+ */
+
+/*
+ * nss_SetError
+ *
+ * This routine places a new error code on the top of the calling
+ * thread's error stack.  Calling this routine wiht an error code
+ * of zero will clear the error stack.
+ */
+
+NSS_EXTERN void nss_SetError(PRUint32 error);
+
+/*
+ * nss_ClearErrorStack
+ *
+ * This routine clears the calling thread's error stack.
+ */
+
+NSS_EXTERN void nss_ClearErrorStack(void);
+
+/*
+ * nss_DestroyErrorStack
+ *
+ * This routine frees the calling thread's error stack.
+ */
+
+NSS_EXTERN void nss_DestroyErrorStack(void);
+
+/*
+ * NSSItem
+ *
+ * nssItem_Create
+ * nssItem_Duplicate
+ * nssItem_Equal
+ */
+
+NSS_EXTERN NSSItem *nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt,
+                                   PRUint32 length, const void *data);
+
+NSS_EXTERN void nssItem_Destroy(NSSItem *item);
+
+NSS_EXTERN NSSItem *nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt,
+                                      NSSItem *rvOpt);
+
+NSS_EXTERN PRBool nssItem_Equal(const NSSItem *one, const NSSItem *two,
+                                PRStatus *statusOpt);
+
+/*
+ * NSSUTF8
+ *
+ *  nssUTF8_CaseIgnoreMatch
+ *  nssUTF8_Duplicate
+ *  nssUTF8_Size
+ *  nssUTF8_Length
+ *  nssUTF8_CopyIntoFixedBuffer
+ */
+
+/*
+ * nssUTF8_CaseIgnoreMatch
+ *
+ * Returns true if the two UTF8-encoded strings pointed to by the
+ * two specified NSSUTF8 pointers differ only in typcase.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_TRUE if the strings match, ignoring case
+ *  PR_FALSE if they don't
+ *  PR_FALSE upon error
+ */
+
+NSS_EXTERN PRBool nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b,
+                                          PRStatus *statusOpt);
+
+/*
+ * nssUTF8_Duplicate
+ *
+ * This routine duplicates the UTF8-encoded string pointed to by the
+ * specified NSSUTF8 pointer.  If the optional arenaOpt argument is
+ * not null, the memory required will be obtained from that arena;
+ * otherwise, the memory required will be obtained from the heap.
+ * A pointer to the new string will be returned.  In case of error,
+ * an error will be placed on the error stack and NULL will be
+ * returned.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ */
+
+NSS_EXTERN NSSUTF8 *nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt);
+
+/*
+ * nssUTF8_PrintableMatch
+ *
+ * Returns true if the two Printable strings pointed to by the
+ * two specified NSSUTF8 pointers match when compared with the
+ * rules for Printable String (leading and trailing spaces are
+ * disregarded, extents of whitespace match irregardless of length,
+ * and case is not significant), then PR_TRUE will be returned.
+ * Otherwise, PR_FALSE will be returned.  Upon failure, PR_FALSE
+ * will be returned.  If the optional statusOpt argument is not
+ * NULL, then PR_SUCCESS or PR_FAILURE will be stored in that
+ * location.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_TRUE if the strings match, ignoring case
+ *  PR_FALSE if they don't
+ *  PR_FALSE upon error
+ */
+
+NSS_EXTERN PRBool nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b,
+                                         PRStatus *statusOpt);
+
+/*
+ * nssUTF8_Size
+ *
+ * This routine returns the length in bytes (including the terminating
+ * null) of the UTF8-encoded string pointed to by the specified
+ * NSSUTF8 pointer.  Zero is returned on error.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_VALUE_TOO_LARGE
+ *
+ * Return value:
+ *  nonzero size of the string
+ *  0 on error
+ */
+
+NSS_EXTERN PRUint32 nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt);
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
+
+/*
+ * nssUTF8_Length
+ *
+ * This routine returns the length in characters (not including the
+ * terminating null) of the UTF8-encoded string pointed to by the
+ * specified NSSUTF8 pointer.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_VALUE_TOO_LARGE
+ *  NSS_ERROR_INVALID_STRING
+ *
+ * Return value:
+ *  length of the string (which may be zero)
+ *  0 on error
+ */
+
+NSS_EXTERN PRUint32 nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt);
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
+extern const NSSError NSS_ERROR_INVALID_STRING;
+
+/*
+ * nssUTF8_Create
+ *
+ * This routine creates a UTF8 string from a string in some other
+ * format.  Some types of string may include embedded null characters,
+ * so for them the length parameter must be used.  For string types
+ * that are null-terminated, the length parameter is optional; if it
+ * is zero, it will be ignored.  If the optional arena argument is
+ * non-null, the memory used for the new string will be obtained from
+ * that arena, otherwise it will be obtained from the heap.  This
+ * routine may return NULL upon error, in which case it will have
+ * placed an error on the error stack.
+ *
+ * The error may be one of the following:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_UNSUPPORTED_TYPE
+ *
+ * Return value:
+ *  NULL upon error
+ *  A non-null pointer to a new UTF8 string otherwise
+ */
+
+NSS_EXTERN NSSUTF8 *nssUTF8_Create(NSSArena *arenaOpt, nssStringType type,
+                                   const void *inputString,
+                                   PRUint32 size /* in bytes, not characters */
+                                   );
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+extern const NSSError NSS_ERROR_NO_MEMORY;
+extern const NSSError NSS_ERROR_UNSUPPORTED_TYPE;
+
+NSS_EXTERN NSSItem *nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt,
+                                        nssStringType type, NSSUTF8 *string);
+
+/*
+ * nssUTF8_CopyIntoFixedBuffer
+ *
+ * This will copy a UTF8 string into a fixed-length buffer, making
+ * sure that the all characters are valid.  Any remaining space will
+ * be padded with the specified ASCII character, typically either
+ * null or space.
+ *
+ * Blah, blah, blah.
+ */
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
+
+NSS_EXTERN PRStatus nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer,
+                                                PRUint32 bufferSize, char pad);
+
+/*
+ * nssUTF8_Equal
+ *
+ */
+
+NSS_EXTERN PRBool nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b,
+                                PRStatus *statusOpt);
+
+/*
+ * nssList
+ *
+ * The goal is to provide a simple, optionally threadsafe, linked list
+ * class.  Since NSS did not seem to use the circularity of PRCList
+ * much before, this provides a list that appears to be a linear,
+ * NULL-terminated list.
+ */
+
+/*
+ * nssList_Create
+ *
+ * If threadsafe is true, the list will be locked during modifications
+ * and traversals.
+ */
+NSS_EXTERN nssList *nssList_Create(NSSArena *arenaOpt, PRBool threadSafe);
+
+/*
+ * nssList_Destroy
+ */
+NSS_EXTERN PRStatus nssList_Destroy(nssList *list);
+
+NSS_EXTERN void nssList_Clear(nssList *list,
+                              nssListElementDestructorFunc destructor);
+
+/*
+ * nssList_SetCompareFunction
+ *
+ * By default, two list elements will be compared by comparing their
+ * data pointers.  By setting this function, the user can control
+ * how elements are compared.
+ */
+NSS_EXTERN void nssList_SetCompareFunction(nssList *list,
+                                           nssListCompareFunc compareFunc);
+
+/*
+ * nssList_SetSortFunction
+ *
+ * Sort function to use for an ordered list.
+ */
+NSS_EXTERN void nssList_SetSortFunction(nssList *list,
+                                        nssListSortFunc sortFunc);
+
+/*
+ * nssList_Add
+ */
+NSS_EXTERN PRStatus nssList_Add(nssList *list, void *data);
+
+/*
+ * nssList_AddUnique
+ *
+ * This will use the compare function to see if the element is already
+ * in the list.
+ */
+NSS_EXTERN PRStatus nssList_AddUnique(nssList *list, void *data);
+
+/*
+ * nssList_Remove
+ *
+ * Uses the compare function to locate the element and remove it.
+ */
+NSS_EXTERN PRStatus nssList_Remove(nssList *list, void *data);
+
+/*
+ * nssList_Get
+ *
+ * Uses the compare function to locate an element.  Also serves as
+ * nssList_Exists.
+ */
+NSS_EXTERN void *nssList_Get(nssList *list, void *data);
+
+/*
+ * nssList_Count
+ */
+NSS_EXTERN PRUint32 nssList_Count(nssList *list);
+
+/*
+ * nssList_GetArray
+ *
+ * Fill rvArray, up to maxElements, with elements in the list.  The
+ * array is NULL-terminated, so its allocated size must be maxElements + 1.
+ */
+NSS_EXTERN PRStatus nssList_GetArray(nssList *list, void **rvArray,
+                                     PRUint32 maxElements);
+
+/*
+ * nssList_CreateIterator
+ *
+ * Create an iterator for list traversal.
+ */
+NSS_EXTERN nssListIterator *nssList_CreateIterator(nssList *list);
+
+NSS_EXTERN nssList *nssList_Clone(nssList *list);
+
+/*
+ * nssListIterator_Destroy
+ */
+NSS_EXTERN void nssListIterator_Destroy(nssListIterator *iter);
+
+/*
+ * nssListIterator_Start
+ *
+ * Begin a list iteration.  After this call, if the list is threadSafe,
+ * the list is *locked*.
+ */
+NSS_EXTERN void *nssListIterator_Start(nssListIterator *iter);
+
+/*
+ * nssListIterator_Next
+ *
+ * Continue a list iteration.
+ */
+NSS_EXTERN void *nssListIterator_Next(nssListIterator *iter);
+
+/*
+ * nssListIterator_Finish
+ *
+ * Complete a list iteration.  This *must* be called in order for the
+ * lock to be released.
+ */
+NSS_EXTERN PRStatus nssListIterator_Finish(nssListIterator *iter);
+
+/*
+ * nssHash
+ *
+ *  nssHash_Create
+ *  nssHash_Destroy
+ *  nssHash_Add
+ *  nssHash_Remove
+ *  nssHash_Count
+ *  nssHash_Exists
+ *  nssHash_Lookup
+ *  nssHash_Iterate
+ */
+
+/*
+ * nssHash_Create
+ *
+ */
+
+NSS_EXTERN nssHash *nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets,
+                                   PLHashFunction keyHash,
+                                   PLHashComparator keyCompare,
+                                   PLHashComparator valueCompare);
+
+NSS_EXTERN nssHash *nssHash_CreatePointer(NSSArena *arenaOpt,
+                                          PRUint32 numBuckets);
+
+NSS_EXTERN nssHash *nssHash_CreateString(NSSArena *arenaOpt,
+                                         PRUint32 numBuckets);
+
+NSS_EXTERN nssHash *nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets);
+
+/*
+ * nssHash_Destroy
+ *
+ */
+NSS_EXTERN void nssHash_Destroy(nssHash *hash);
+
+/*
+ * nssHash_Add
+ *
+ */
+
+extern const NSSError NSS_ERROR_HASH_COLLISION;
+
+NSS_EXTERN PRStatus nssHash_Add(nssHash *hash, const void *key,
+                                const void *value);
+
+/*
+ * nssHash_Remove
+ *
+ */
+NSS_EXTERN void nssHash_Remove(nssHash *hash, const void *it);
+
+/*
+ * nssHash_Count
+ *
+ */
+NSS_EXTERN PRUint32 nssHash_Count(nssHash *hash);
+
+/*
+ * nssHash_Exists
+ *
+ */
+NSS_EXTERN PRBool nssHash_Exists(nssHash *hash, const void *it);
+
+/*
+ * nssHash_Lookup
+ *
+ */
+NSS_EXTERN void *nssHash_Lookup(nssHash *hash, const void *it);
+
+/*
+ * nssHash_Iterate
+ *
+ */
+NSS_EXTERN void nssHash_Iterate(nssHash *hash, nssHashIterator fcn,
+                                void *closure);
+
+/*
+ * nssPointerTracker
+ *
+ * This type and these methods are only present in debug builds.
+ *
+ * The nonpublic methods relating to this type are:
+ *
+ *  nssPointerTracker_initialize
+ *  nssPointerTracker_finalize
+ *  nssPointerTracker_add
+ *  nssPointerTracker_remove
+ *  nssPointerTracker_verify
+ */
+
+/*
+ * nssPointerTracker_initialize
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine initializes an nssPointerTracker object.  Note that
+ * the object must have been declared *static* to guarantee that it
+ * is in a zeroed state initially.  This routine is idempotent, and
+ * may even be safely called by multiple threads simultaneously with
+ * the same argument.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS.  On failure it will set an
+ * error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+#ifdef DEBUG
+NSS_EXTERN PRStatus nssPointerTracker_initialize(nssPointerTracker *tracker);
+
+extern const NSSError NSS_ERROR_NO_MEMORY;
+#endif /* DEBUG */
+
+/*
+ * nssPointerTracker_finalize
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine returns the nssPointerTracker object to the pre-
+ * initialized state, releasing all resources used by the object.
+ * It will *NOT* destroy the objects being tracked by the pointer
+ * (should any remain), and therefore cannot be used to "sweep up"
+ * remaining objects.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCES.  On failure it will set an
+ * error on the error stack and return PR_FAILURE.  If any objects
+ * remain in the tracker when it is finalized, that will be treated
+ * as an error.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_TRACKER_NOT_EMPTY
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+#ifdef DEBUG
+NSS_EXTERN PRStatus nssPointerTracker_finalize(nssPointerTracker *tracker);
+
+extern const NSSError NSS_ERROR_TRACKER_NOT_EMPTY;
+#endif /* DEBUG */
+
+/*
+ * nssPointerTracker_add
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine adds the specified pointer to the nssPointerTracker
+ * object.  It should be called in constructor objects to register
+ * new valid objects.  The nssPointerTracker is threadsafe, but this
+ * call is not idempotent.  This routine returns a PRStatus value;
+ * if successful it will return PR_SUCCESS.  On failure it will set
+ * an error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_TRACKER_NOT_INITIALIZED
+ *  NSS_ERROR_DUPLICATE_POINTER
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+#ifdef DEBUG
+NSS_EXTERN PRStatus nssPointerTracker_add(nssPointerTracker *tracker,
+                                          const void *pointer);
+
+extern const NSSError NSS_ERROR_NO_MEMORY;
+extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
+extern const NSSError NSS_ERROR_DUPLICATE_POINTER;
+#endif /* DEBUG */
+
+/*
+ * nssPointerTracker_remove
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine removes the specified pointer from the
+ * nssPointerTracker object.  It does not call any destructor for the
+ * object; rather, this should be called from the object's destructor.
+ * The nssPointerTracker is threadsafe, but this call is not
+ * idempotent.  This routine returns a PRStatus value; if successful
+ * it will return PR_SUCCESS.  On failure it will set an error on the
+ * error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_TRACKER_NOT_INITIALIZED
+ *  NSS_ERROR_POINTER_NOT_REGISTERED
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+#ifdef DEBUG
+NSS_EXTERN PRStatus nssPointerTracker_remove(nssPointerTracker *tracker,
+                                             const void *pointer);
+
+extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
+extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
+#endif /* DEBUG */
+
+/*
+ * nssPointerTracker_verify
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine verifies that the specified pointer has been registered
+ * with the nssPointerTracker object.  The nssPointerTracker object is
+ * threadsafe, and this call may be safely called from multiple threads
+ * simultaneously with the same arguments.  This routine returns a
+ * PRStatus value; if the pointer is registered this will return
+ * PR_SUCCESS.  Otherwise it will set an error on the error stack and
+ * return PR_FAILURE.  Although the error is suitable for leaving on
+ * the stack, callers may wish to augment the information available by
+ * placing a more type-specific error on the stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_POINTER_NOT_REGISTERED
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILRUE
+ */
+
+#ifdef DEBUG
+NSS_EXTERN PRStatus nssPointerTracker_verify(nssPointerTracker *tracker,
+                                             const void *pointer);
+
+extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
+#endif /* DEBUG */
+
+/*
+ * libc
+ *
+ * nsslibc_memcpy
+ * nsslibc_memset
+ * nsslibc_offsetof
+ */
+
+/*
+ * nsslibc_memcpy
+ *
+ * Errors:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  NULL on error
+ *  The destination pointer on success
+ */
+
+NSS_EXTERN void *nsslibc_memcpy(void *dest, const void *source, PRUint32 n);
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+
+/*
+ * nsslibc_memset
+ *
+ * Errors:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  NULL on error
+ *  The destination pointer on success
+ */
+
+NSS_EXTERN void *nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n);
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+
+/*
+ * nsslibc_memequal
+ *
+ * Errors:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_TRUE if they match
+ *  PR_FALSE if they don't
+ *  PR_FALSE upon error
+ */
+
+NSS_EXTERN PRBool nsslibc_memequal(const void *a, const void *b, PRUint32 len,
+                                   PRStatus *statusOpt);
+
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+
+#define nsslibc_offsetof(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
+
+PR_END_EXTERN_C
+
+#endif /* BASE_H */
diff --git a/nss/lib/base/baset.h b/nss/lib/base/baset.h
new file mode 100644
index 0000000..3953a75
--- /dev/null
+++ b/nss/lib/base/baset.h
@@ -0,0 +1,124 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BASET_H
+#define BASET_H
+
+/*
+ * baset.h
+ *
+ * This file contains definitions for the basic types used throughout
+ * nss but not available publicly.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#include "plhash.h"
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * nssArenaMark
+ *
+ * This type is used to mark the current state of an NSSArena.
+ */
+
+struct nssArenaMarkStr;
+typedef struct nssArenaMarkStr nssArenaMark;
+
+#ifdef DEBUG
+/*
+ * ARENA_THREADMARK
+ *
+ * Optionally, this arena implementation can be compiled with some
+ * runtime checking enabled, which will catch the situation where
+ * one thread "marks" the arena, another thread allocates memory,
+ * and then the mark is released.  Usually this is a surprise to
+ * the second thread, and this leads to weird runtime errors.
+ * Define ARENA_THREADMARK to catch these cases; we define it for all
+ * (internal and external) debug builds.
+ */
+#define ARENA_THREADMARK
+
+/*
+ * ARENA_DESTRUCTOR_LIST
+ *
+ * Unfortunately, our pointer-tracker facility, used in debug
+ * builds to agressively fight invalid pointers, requries that
+ * pointers be deregistered when objects are destroyed.  This
+ * conflicts with the standard arena usage where "memory-only"
+ * objects (that don't hold onto resources outside the arena)
+ * can be allocated in an arena, and never destroyed other than
+ * when the arena is destroyed.  Therefore we have added a
+ * destructor-registratio facility to our arenas.  This was not
+ * a simple decision, since we're getting ever-further away from
+ * the original arena philosophy.  However, it was felt that
+ * adding this in debug builds wouldn't be so bad; as it would
+ * discourage them from being used for "serious" purposes.
+ * This facility requires ARENA_THREADMARK to be defined.
+ */
+#ifdef ARENA_THREADMARK
+#define ARENA_DESTRUCTOR_LIST
+#endif /* ARENA_THREADMARK */
+
+#endif /* DEBUG */
+
+typedef struct nssListStr nssList;
+typedef struct nssListIteratorStr nssListIterator;
+typedef PRBool (*nssListCompareFunc)(void *a, void *b);
+typedef PRIntn (*nssListSortFunc)(void *a, void *b);
+typedef void (*nssListElementDestructorFunc)(void *el);
+
+typedef struct nssHashStr nssHash;
+typedef void(PR_CALLBACK *nssHashIterator)(const void *key, void *value,
+                                           void *arg);
+
+/*
+ * nssPointerTracker
+ *
+ * This type is used in debug builds (both external and internal) to
+ * track our object pointers.  Objects of this type must be statically
+ * allocated, which means the structure size must be available to the
+ * compiler.  Therefore we must expose the contents of this structure.
+ * But please don't access elements directly; use the accessors.
+ */
+
+#ifdef DEBUG
+struct nssPointerTrackerStr {
+    PRCallOnceType once;
+    PZLock *lock;
+    PLHashTable *table;
+};
+typedef struct nssPointerTrackerStr nssPointerTracker;
+#endif /* DEBUG */
+
+/*
+ * nssStringType
+ *
+ * There are several types of strings in the real world.  We try to
+ * use only UTF8 and avoid the rest, but that's not always possible.
+ * So we have a couple converter routines to go to and from the other
+ * string types.  We have to be able to specify those string types,
+ * so we have this enumeration.
+ */
+
+enum nssStringTypeEnum {
+    nssStringType_DirectoryString,
+    nssStringType_TeletexString, /* Not "teletext" with trailing 't' */
+    nssStringType_PrintableString,
+    nssStringType_UniversalString,
+    nssStringType_BMPString,
+    nssStringType_UTF8String,
+    nssStringType_PHGString,
+    nssStringType_GeneralString,
+
+    nssStringType_Unknown = -1
+};
+typedef enum nssStringTypeEnum nssStringType;
+
+PR_END_EXTERN_C
+
+#endif /* BASET_H */
diff --git a/nss/lib/base/config.mk b/nss/lib/base/config.mk
new file mode 100644
index 0000000..2676cd5
--- /dev/null
+++ b/nss/lib/base/config.mk
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef BUILD_IDG
+DEFINES += -DNSSDEBUG
+endif
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/base/error.c b/nss/lib/base/error.c
new file mode 100644
index 0000000..95a76cf
--- /dev/null
+++ b/nss/lib/base/error.c
@@ -0,0 +1,272 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * error.c
+ *
+ * This file contains the code implementing the per-thread error
+ * stacks upon which most NSS routines report their errors.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif              /* BASE_H */
+#include <limits.h> /* for UINT_MAX */
+#include <string.h> /* for memmove */
+
+#define NSS_MAX_ERROR_STACK_COUNT 16 /* error codes */
+
+/*
+ * The stack itself has a header, and a sequence of integers.
+ * The header records the amount of space (as measured in stack
+ * slots) already allocated for the stack, and the count of the
+ * number of records currently being used.
+ */
+
+struct stack_header_str {
+    PRUint16 space;
+    PRUint16 count;
+};
+
+struct error_stack_str {
+    struct stack_header_str header;
+    PRInt32 stack[1];
+};
+typedef struct error_stack_str error_stack;
+
+/*
+ * error_stack_index
+ *
+ * Thread-private data must be indexed.  This is that index.
+ * See PR_NewThreadPrivateIndex for more information.
+ *
+ * Thread-private data indexes are in the range [0, 127].
+ */
+
+#define INVALID_TPD_INDEX UINT_MAX
+static PRUintn error_stack_index = INVALID_TPD_INDEX;
+
+/*
+ * call_once
+ *
+ * The thread-private index must be obtained (once!) at runtime.
+ * This block is used for that one-time call.
+ */
+
+static PRCallOnceType error_call_once;
+static const PRCallOnceType error_call_again;
+
+/*
+ * error_once_function
+ *
+ * This is the once-called callback.
+ */
+static PRStatus
+error_once_function(void)
+{
+    return PR_NewThreadPrivateIndex(&error_stack_index, PR_Free);
+}
+
+/*
+ * error_get_my_stack
+ *
+ * This routine returns the calling thread's error stack, creating
+ * it if necessary.  It may return NULL upon error, which implicitly
+ * means that it ran out of memory.
+ */
+
+static error_stack *
+error_get_my_stack(void)
+{
+    PRStatus st;
+    error_stack *rv;
+    PRUintn new_size;
+    PRUint32 new_bytes;
+    error_stack *new_stack;
+
+    if (INVALID_TPD_INDEX == error_stack_index) {
+        st = PR_CallOnce(&error_call_once, error_once_function);
+        if (PR_SUCCESS != st) {
+            return (error_stack *)NULL;
+        }
+    }
+
+    rv = (error_stack *)PR_GetThreadPrivate(error_stack_index);
+    if ((error_stack *)NULL == rv) {
+        /* Doesn't exist; create one */
+        new_size = 16;
+    } else if (rv->header.count == rv->header.space &&
+               rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
+        /* Too small, expand it */
+        new_size = PR_MIN(rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
+    } else {
+        /* Okay, return it */
+        return rv;
+    }
+
+    new_bytes = (new_size * sizeof(PRInt32)) + sizeof(error_stack);
+    /* Use NSPR's calloc/realloc, not NSS's, to avoid loops! */
+    new_stack = PR_Calloc(1, new_bytes);
+
+    if ((error_stack *)NULL != new_stack) {
+        if ((error_stack *)NULL != rv) {
+            (void)nsslibc_memcpy(new_stack, rv, rv->header.space);
+        }
+        new_stack->header.space = new_size;
+    }
+
+    /* Set the value, whether or not the allocation worked */
+    PR_SetThreadPrivate(error_stack_index, new_stack);
+    return new_stack;
+}
+
+/*
+ * The error stack
+ *
+ * The public methods relating to the error stack are:
+ *
+ *  NSS_GetError
+ *  NSS_GetErrorStack
+ *
+ * The nonpublic methods relating to the error stack are:
+ *
+ *  nss_SetError
+ *  nss_ClearErrorStack
+ *
+ */
+
+/*
+ * NSS_GetError
+ *
+ * This routine returns the highest-level (most general) error set
+ * by the most recent NSS library routine called by the same thread
+ * calling this routine.
+ *
+ * This routine cannot fail.  However, it may return zero, which
+ * indicates that the previous NSS library call did not set an error.
+ *
+ * Return value:
+ *  0 if no error has been set
+ *  A nonzero error number
+ */
+
+NSS_IMPLEMENT PRInt32
+NSS_GetError(void)
+{
+    error_stack *es = error_get_my_stack();
+
+    if ((error_stack *)NULL == es) {
+        return NSS_ERROR_NO_MEMORY; /* Good guess! */
+    }
+
+    if (0 == es->header.count) {
+        return 0;
+    }
+
+    return es->stack[es->header.count - 1];
+}
+
+/*
+ * NSS_GetErrorStack
+ *
+ * This routine returns a pointer to an array of integers, containing
+ * the entire sequence or "stack" of errors set by the most recent NSS
+ * library routine called by the same thread calling this routine.
+ * NOTE: the caller DOES NOT OWN the memory pointed to by the return
+ * value.  The pointer will remain valid until the calling thread
+ * calls another NSS routine.  The lowest-level (most specific) error
+ * is first in the array, and the highest-level is last.  The array is
+ * zero-terminated.  This routine may return NULL upon error; this
+ * indicates a low-memory situation.
+ *
+ * Return value:
+ *  NULL upon error, which is an implied NSS_ERROR_NO_MEMORY
+ *  A NON-caller-owned pointer to an array of integers
+ */
+
+NSS_IMPLEMENT PRInt32 *
+NSS_GetErrorStack(void)
+{
+    error_stack *es = error_get_my_stack();
+
+    if ((error_stack *)NULL == es) {
+        return (PRInt32 *)NULL;
+    }
+
+    /* Make sure it's terminated */
+    es->stack[es->header.count] = 0;
+
+    return es->stack;
+}
+
+/*
+ * nss_SetError
+ *
+ * This routine places a new error code on the top of the calling
+ * thread's error stack.  Calling this routine wiht an error code
+ * of zero will clear the error stack.
+ */
+
+NSS_IMPLEMENT void
+nss_SetError(PRUint32 error)
+{
+    error_stack *es;
+
+    if (0 == error) {
+        nss_ClearErrorStack();
+        return;
+    }
+
+    es = error_get_my_stack();
+    if ((error_stack *)NULL == es) {
+        /* Oh, well. */
+        return;
+    }
+
+    if (es->header.count < es->header.space) {
+        es->stack[es->header.count++] = error;
+    } else {
+        memmove(es->stack, es->stack + 1,
+                (es->header.space - 1) * (sizeof es->stack[0]));
+        es->stack[es->header.space - 1] = error;
+    }
+    return;
+}
+
+/*
+ * nss_ClearErrorStack
+ *
+ * This routine clears the calling thread's error stack.
+ */
+
+NSS_IMPLEMENT void
+nss_ClearErrorStack(void)
+{
+    error_stack *es = error_get_my_stack();
+    if ((error_stack *)NULL == es) {
+        /* Oh, well. */
+        return;
+    }
+
+    es->header.count = 0;
+    es->stack[0] = 0;
+    return;
+}
+
+/*
+ * nss_DestroyErrorStack
+ *
+ * This routine frees the calling thread's error stack.
+ */
+
+NSS_IMPLEMENT void
+nss_DestroyErrorStack(void)
+{
+    if (INVALID_TPD_INDEX != error_stack_index) {
+        PR_SetThreadPrivate(error_stack_index, NULL);
+        error_stack_index = INVALID_TPD_INDEX;
+        error_call_once = error_call_again; /* allow to init again */
+    }
+    return;
+}
diff --git a/nss/lib/base/errorval.c b/nss/lib/base/errorval.c
new file mode 100644
index 0000000..b7045a3
--- /dev/null
+++ b/nss/lib/base/errorval.c
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * errorval.c
+ *
+ * This file contains the actual error constants used in NSS.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+/* clang-format off */
+
+const NSSError NSS_ERROR_NO_ERROR                       =  0;
+const NSSError NSS_ERROR_INTERNAL_ERROR                 =  1;
+const NSSError NSS_ERROR_NO_MEMORY                      =  2;
+const NSSError NSS_ERROR_INVALID_POINTER                =  3;
+const NSSError NSS_ERROR_INVALID_ARENA                  =  4;
+const NSSError NSS_ERROR_INVALID_ARENA_MARK             =  5;
+const NSSError NSS_ERROR_DUPLICATE_POINTER              =  6;
+const NSSError NSS_ERROR_POINTER_NOT_REGISTERED         =  7;
+const NSSError NSS_ERROR_TRACKER_NOT_EMPTY              =  8;
+const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED        =  9;
+const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD = 10;
+const NSSError NSS_ERROR_VALUE_TOO_LARGE                = 11;
+const NSSError NSS_ERROR_UNSUPPORTED_TYPE               = 12;
+const NSSError NSS_ERROR_BUFFER_TOO_SHORT               = 13;
+const NSSError NSS_ERROR_INVALID_ATOB_CONTEXT           = 14;
+const NSSError NSS_ERROR_INVALID_BASE64                 = 15;
+const NSSError NSS_ERROR_INVALID_BTOA_CONTEXT           = 16;
+const NSSError NSS_ERROR_INVALID_ITEM                   = 17;
+const NSSError NSS_ERROR_INVALID_STRING                 = 18;
+const NSSError NSS_ERROR_INVALID_ASN1ENCODER            = 19;
+const NSSError NSS_ERROR_INVALID_ASN1DECODER            = 20;
+
+const NSSError NSS_ERROR_INVALID_BER                    = 21;
+const NSSError NSS_ERROR_INVALID_ATAV                   = 22;
+const NSSError NSS_ERROR_INVALID_ARGUMENT               = 23;
+const NSSError NSS_ERROR_INVALID_UTF8                   = 24;
+const NSSError NSS_ERROR_INVALID_NSSOID                 = 25;
+const NSSError NSS_ERROR_UNKNOWN_ATTRIBUTE              = 26;
+
+const NSSError NSS_ERROR_NOT_FOUND                      = 27;
+
+const NSSError NSS_ERROR_INVALID_PASSWORD               = 28;
+const NSSError NSS_ERROR_USER_CANCELED                  = 29;
+
+const NSSError NSS_ERROR_MAXIMUM_FOUND                  = 30;
+
+const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND   = 31;
+
+const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE           = 32;
+
+const NSSError NSS_ERROR_HASH_COLLISION                 = 33;
+const NSSError NSS_ERROR_DEVICE_ERROR                   = 34;
+const NSSError NSS_ERROR_INVALID_CERTIFICATE            = 35;
+const NSSError NSS_ERROR_BUSY                           = 36;
+const NSSError NSS_ERROR_ALREADY_INITIALIZED            = 37;
+
+const NSSError NSS_ERROR_PKCS11                         = 38;
+
+/* clang-format on */
\ No newline at end of file
diff --git a/nss/lib/base/exports.gyp b/nss/lib/base/exports.gyp
new file mode 100644
index 0000000..394bc1d
--- /dev/null
+++ b/nss/lib/base/exports.gyp
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_base_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'nssbase.h',
+            'nssbaset.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'base.h',
+            'baset.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/base/hash.c b/nss/lib/base/hash.c
new file mode 100644
index 0000000..f9ee758
--- /dev/null
+++ b/nss/lib/base/hash.c
@@ -0,0 +1,314 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * hash.c
+ *
+ * This is merely a couple wrappers around NSPR's PLHashTable, using
+ * the identity hash and arena-aware allocators.
+ * This is a copy of ckfw/hash.c, with modifications to use NSS types
+ * (not Cryptoki types).  Would like for this to be a single implementation,
+ * but doesn't seem like it will work.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#include "prbit.h"
+
+/*
+ * nssHash
+ *
+ *  nssHash_Create
+ *  nssHash_Destroy
+ *  nssHash_Add
+ *  nssHash_Remove
+ *  nssHash_Count
+ *  nssHash_Exists
+ *  nssHash_Lookup
+ *  nssHash_Iterate
+ */
+
+struct nssHashStr {
+    NSSArena *arena;
+    PRBool i_alloced_arena;
+    PRLock *mutex;
+
+    /*
+     * The invariant that mutex protects is:
+     *   The count accurately reflects the hashtable state.
+     */
+
+    PLHashTable *plHashTable;
+    PRUint32 count;
+};
+
+static PLHashNumber
+nss_identity_hash(const void *key)
+{
+    return (PLHashNumber)((char *)key - (char *)NULL);
+}
+
+static PLHashNumber
+nss_item_hash(const void *key)
+{
+    unsigned int i;
+    PLHashNumber h;
+    NSSItem *it = (NSSItem *)key;
+    h = 0;
+    for (i = 0; i < it->size; i++)
+        h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)it->data)[i];
+    return h;
+}
+
+static int
+nss_compare_items(const void *v1, const void *v2)
+{
+    PRStatus ignore;
+    return (int)nssItem_Equal((NSSItem *)v1, (NSSItem *)v2, &ignore);
+}
+
+/*
+ * nssHash_create
+ *
+ */
+NSS_IMPLEMENT nssHash *
+nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash,
+               PLHashComparator keyCompare, PLHashComparator valueCompare)
+{
+    nssHash *rv;
+    NSSArena *arena;
+    PRBool i_alloced;
+
+#ifdef NSSDEBUG
+    if (arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return (nssHash *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (arenaOpt) {
+        arena = arenaOpt;
+        i_alloced = PR_FALSE;
+    } else {
+        arena = nssArena_Create();
+        i_alloced = PR_TRUE;
+    }
+
+    rv = nss_ZNEW(arena, nssHash);
+    if ((nssHash *)NULL == rv) {
+        goto loser;
+    }
+
+    rv->mutex = PZ_NewLock(nssILockOther);
+    if ((PZLock *)NULL == rv->mutex) {
+        goto loser;
+    }
+
+    rv->plHashTable =
+        PL_NewHashTable(numBuckets, keyHash, keyCompare, valueCompare,
+                        &nssArenaHashAllocOps, arena);
+    if ((PLHashTable *)NULL == rv->plHashTable) {
+        (void)PZ_DestroyLock(rv->mutex);
+        goto loser;
+    }
+
+    rv->count = 0;
+    rv->arena = arena;
+    rv->i_alloced_arena = i_alloced;
+
+    return rv;
+loser:
+    (void)nss_ZFreeIf(rv);
+    return (nssHash *)NULL;
+}
+
+/*
+ * nssHash_CreatePointer
+ *
+ */
+NSS_IMPLEMENT nssHash *
+nssHash_CreatePointer(NSSArena *arenaOpt, PRUint32 numBuckets)
+{
+    return nssHash_Create(arenaOpt, numBuckets, nss_identity_hash,
+                          PL_CompareValues, PL_CompareValues);
+}
+
+/*
+ * nssHash_CreateString
+ *
+ */
+NSS_IMPLEMENT nssHash *
+nssHash_CreateString(NSSArena *arenaOpt, PRUint32 numBuckets)
+{
+    return nssHash_Create(arenaOpt, numBuckets, PL_HashString,
+                          PL_CompareStrings, PL_CompareStrings);
+}
+
+/*
+ * nssHash_CreateItem
+ *
+ */
+NSS_IMPLEMENT nssHash *
+nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets)
+{
+    return nssHash_Create(arenaOpt, numBuckets, nss_item_hash,
+                          nss_compare_items, PL_CompareValues);
+}
+
+/*
+ * nssHash_Destroy
+ *
+ */
+NSS_IMPLEMENT void
+nssHash_Destroy(nssHash *hash)
+{
+    (void)PZ_DestroyLock(hash->mutex);
+    PL_HashTableDestroy(hash->plHashTable);
+    if (hash->i_alloced_arena) {
+        nssArena_Destroy(hash->arena);
+    } else {
+        nss_ZFreeIf(hash);
+    }
+}
+
+/*
+ * nssHash_Add
+ *
+ */
+NSS_IMPLEMENT PRStatus
+nssHash_Add(nssHash *hash, const void *key, const void *value)
+{
+    PRStatus error = PR_FAILURE;
+    PLHashEntry *he;
+
+    PZ_Lock(hash->mutex);
+
+    he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
+    if ((PLHashEntry *)NULL == he) {
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+    } else if (he->value != value) {
+        nss_SetError(NSS_ERROR_HASH_COLLISION);
+    } else {
+        hash->count++;
+        error = PR_SUCCESS;
+    }
+
+    (void)PZ_Unlock(hash->mutex);
+
+    return error;
+}
+
+/*
+ * nssHash_Remove
+ *
+ */
+NSS_IMPLEMENT void
+nssHash_Remove(nssHash *hash, const void *it)
+{
+    PRBool found;
+
+    PZ_Lock(hash->mutex);
+
+    found = PL_HashTableRemove(hash->plHashTable, it);
+    if (found) {
+        hash->count--;
+    }
+
+    (void)PZ_Unlock(hash->mutex);
+    return;
+}
+
+/*
+ * nssHash_Count
+ *
+ */
+NSS_IMPLEMENT PRUint32
+nssHash_Count(nssHash *hash)
+{
+    PRUint32 count;
+
+    PZ_Lock(hash->mutex);
+
+    count = hash->count;
+
+    (void)PZ_Unlock(hash->mutex);
+
+    return count;
+}
+
+/*
+ * nssHash_Exists
+ *
+ */
+NSS_IMPLEMENT PRBool
+nssHash_Exists(nssHash *hash, const void *it)
+{
+    void *value;
+
+    PZ_Lock(hash->mutex);
+
+    value = PL_HashTableLookup(hash->plHashTable, it);
+
+    (void)PZ_Unlock(hash->mutex);
+
+    if ((void *)NULL == value) {
+        return PR_FALSE;
+    } else {
+        return PR_TRUE;
+    }
+}
+
+/*
+ * nssHash_Lookup
+ *
+ */
+NSS_IMPLEMENT void *
+nssHash_Lookup(nssHash *hash, const void *it)
+{
+    void *rv;
+
+    PZ_Lock(hash->mutex);
+
+    rv = PL_HashTableLookup(hash->plHashTable, it);
+
+    (void)PZ_Unlock(hash->mutex);
+
+    return rv;
+}
+
+struct arg_str {
+    nssHashIterator fcn;
+    void *closure;
+};
+
+static PRIntn
+nss_hash_enumerator(PLHashEntry *he, PRIntn index, void *arg)
+{
+    struct arg_str *as = (struct arg_str *)arg;
+    as->fcn(he->key, he->value, as->closure);
+    return HT_ENUMERATE_NEXT;
+}
+
+/*
+ * nssHash_Iterate
+ *
+ * NOTE that the iteration function will be called with the hashtable locked.
+ */
+NSS_IMPLEMENT void
+nssHash_Iterate(nssHash *hash, nssHashIterator fcn, void *closure)
+{
+    struct arg_str as;
+    as.fcn = fcn;
+    as.closure = closure;
+
+    PZ_Lock(hash->mutex);
+
+    PL_HashTableEnumerateEntries(hash->plHashTable, nss_hash_enumerator, &as);
+
+    (void)PZ_Unlock(hash->mutex);
+
+    return;
+}
diff --git a/nss/lib/base/hashops.c b/nss/lib/base/hashops.c
new file mode 100644
index 0000000..57b30dd
--- /dev/null
+++ b/nss/lib/base/hashops.c
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * hashops.c
+ *
+ * This file includes a set of PLHashAllocOps that use NSSArenas.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+static void *PR_CALLBACK
+nss_arena_hash_alloc_table(void *pool, PRSize size)
+{
+    NSSArena *arena = (NSSArena *)NULL;
+
+#ifdef NSSDEBUG
+    if ((void *)NULL != arena) {
+        if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+            return (void *)NULL;
+        }
+    }
+#endif /* NSSDEBUG */
+
+    return nss_ZAlloc(arena, size);
+}
+
+static void PR_CALLBACK
+nss_arena_hash_free_table(void *pool, void *item)
+{
+    (void)nss_ZFreeIf(item);
+}
+
+static PLHashEntry *PR_CALLBACK
+nss_arena_hash_alloc_entry(void *pool, const void *key)
+{
+    NSSArena *arena = NULL;
+
+#ifdef NSSDEBUG
+    if ((void *)NULL != arena) {
+        if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+            return (void *)NULL;
+        }
+    }
+#endif /* NSSDEBUG */
+
+    return nss_ZNEW(arena, PLHashEntry);
+}
+
+static void PR_CALLBACK
+nss_arena_hash_free_entry(void *pool, PLHashEntry *he, PRUintn flag)
+{
+    if (HT_FREE_ENTRY == flag) {
+        (void)nss_ZFreeIf(he);
+    }
+}
+
+NSS_IMPLEMENT_DATA PLHashAllocOps nssArenaHashAllocOps = {
+    nss_arena_hash_alloc_table, nss_arena_hash_free_table,
+    nss_arena_hash_alloc_entry, nss_arena_hash_free_entry
+};
diff --git a/nss/lib/base/item.c b/nss/lib/base/item.c
new file mode 100644
index 0000000..a1bb802
--- /dev/null
+++ b/nss/lib/base/item.c
@@ -0,0 +1,186 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * item.c
+ *
+ * This contains some item-manipulation code.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+/*
+ * nssItem_Create
+ *
+ * -- fgmr comments --
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  A pointer to an NSSItem upon success
+ *  NULL upon failure
+ */
+
+NSS_IMPLEMENT NSSItem *
+nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length,
+               const void *data)
+{
+    NSSItem *rv = (NSSItem *)NULL;
+
+#ifdef DEBUG
+    if ((NSSArena *)NULL != arenaOpt) {
+        if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+            return (NSSItem *)NULL;
+        }
+    }
+
+    if ((const void *)NULL == data) {
+        if (length > 0) {
+            nss_SetError(NSS_ERROR_INVALID_POINTER);
+            return (NSSItem *)NULL;
+        }
+    }
+#endif /* DEBUG */
+
+    if ((NSSItem *)NULL == rvOpt) {
+        rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
+        if ((NSSItem *)NULL == rv) {
+            goto loser;
+        }
+    } else {
+        rv = rvOpt;
+    }
+
+    rv->size = length;
+    rv->data = nss_ZAlloc(arenaOpt, length);
+    if ((void *)NULL == rv->data) {
+        goto loser;
+    }
+
+    if (length > 0) {
+        (void)nsslibc_memcpy(rv->data, data, length);
+    }
+
+    return rv;
+
+loser:
+    if (rv != rvOpt) {
+        nss_ZFreeIf(rv);
+    }
+
+    return (NSSItem *)NULL;
+}
+
+NSS_IMPLEMENT void
+nssItem_Destroy(NSSItem *item)
+{
+    nss_ClearErrorStack();
+
+    nss_ZFreeIf(item->data);
+    nss_ZFreeIf(item);
+}
+
+/*
+ * nssItem_Duplicate
+ *
+ * -- fgmr comments --
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *  NSS_ERROR_INVALID_ITEM
+ *
+ * Return value:
+ *  A pointer to an NSSItem upon success
+ *  NULL upon failure
+ */
+
+NSS_IMPLEMENT NSSItem *
+nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt, NSSItem *rvOpt)
+{
+#ifdef DEBUG
+    if ((NSSArena *)NULL != arenaOpt) {
+        if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+            return (NSSItem *)NULL;
+        }
+    }
+
+    if ((NSSItem *)NULL == obj) {
+        nss_SetError(NSS_ERROR_INVALID_ITEM);
+        return (NSSItem *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssItem_Create(arenaOpt, rvOpt, obj->size, obj->data);
+}
+
+#ifdef DEBUG
+/*
+ * nssItem_verifyPointer
+ *
+ * -- fgmr comments --
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ITEM
+ *
+ * Return value:
+ *  PR_SUCCESS upon success
+ *  PR_FAILURE upon failure
+ */
+
+NSS_IMPLEMENT PRStatus
+nssItem_verifyPointer(const NSSItem *item)
+{
+    if (((const NSSItem *)NULL == item) ||
+        (((void *)NULL == item->data) && (item->size > 0))) {
+        nss_SetError(NSS_ERROR_INVALID_ITEM);
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+#endif /* DEBUG */
+
+/*
+ * nssItem_Equal
+ *
+ * -- fgmr comments --
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ITEM
+ *
+ * Return value:
+ *  PR_TRUE if the items are identical
+ *  PR_FALSE if they aren't
+ *  PR_FALSE upon error
+ */
+
+NSS_IMPLEMENT PRBool
+nssItem_Equal(const NSSItem *one, const NSSItem *two, PRStatus *statusOpt)
+{
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+
+    if (((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two)) {
+        return PR_TRUE;
+    }
+
+    if (((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two)) {
+        return PR_FALSE;
+    }
+
+    if (one->size != two->size) {
+        return PR_FALSE;
+    }
+
+    return nsslibc_memequal(one->data, two->data, one->size, statusOpt);
+}
diff --git a/nss/lib/base/libc.c b/nss/lib/base/libc.c
new file mode 100644
index 0000000..7954a31
--- /dev/null
+++ b/nss/lib/base/libc.c
@@ -0,0 +1,143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * libc.c
+ *
+ * This file contains our wrappers/reimplementations for "standard"
+ * libc functions.  Things like "memcpy."  We add to this as we need
+ * it.  Oh, and let's keep it in alphabetical order, should it ever
+ * get large.  Most string/character stuff should be in utf8.c, not
+ * here.  This file (and maybe utf8.c) should be the only ones in
+ * NSS to include files with angle brackets.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#include <string.h> /* memcpy, memset */
+
+/*
+ * nsslibc_memcpy
+ * nsslibc_memset
+ * nsslibc_offsetof
+ * nsslibc_memequal
+ */
+
+/*
+ * nsslibc_memcpy
+ *
+ * Errors:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  NULL on error
+ *  The destination pointer on success
+ */
+
+NSS_IMPLEMENT void *
+nsslibc_memcpy(void *dest, const void *source, PRUint32 n)
+{
+#ifdef NSSDEBUG
+    if (((void *)NULL == dest) || ((const void *)NULL == source)) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return (void *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return memcpy(dest, source, (size_t)n);
+}
+
+/*
+ * nsslibc_memset
+ *
+ * Errors:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  NULL on error
+ *  The destination pointer on success
+ */
+
+NSS_IMPLEMENT void *
+nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n)
+{
+#ifdef NSSDEBUG
+    if (((void *)NULL == dest)) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return (void *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return memset(dest, (int)byte, (size_t)n);
+}
+
+/*
+ * nsslibc_memequal
+ *
+ * Errors:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_TRUE if they match
+ *  PR_FALSE if they don't
+ *  PR_FALSE upon error
+ */
+
+NSS_IMPLEMENT PRBool
+nsslibc_memequal(const void *a, const void *b, PRUint32 len,
+                 PRStatus *statusOpt)
+{
+#ifdef NSSDEBUG
+    if ((((void *)NULL == a) || ((void *)NULL == b))) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        if ((PRStatus *)NULL != statusOpt) {
+            *statusOpt = PR_FAILURE;
+        }
+        return PR_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+
+    if (0 == memcmp(a, b, len)) {
+        return PR_TRUE;
+    } else {
+        return PR_FALSE;
+    }
+}
+
+/*
+ * nsslibc_memcmp
+ */
+
+NSS_IMPLEMENT PRInt32
+nsslibc_memcmp(const void *a, const void *b, PRUint32 len, PRStatus *statusOpt)
+{
+    int v;
+
+#ifdef NSSDEBUG
+    if ((((void *)NULL == a) || ((void *)NULL == b))) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        if ((PRStatus *)NULL != statusOpt) {
+            *statusOpt = PR_FAILURE;
+        }
+        return -2;
+    }
+#endif /* NSSDEBUG */
+
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+
+    v = memcmp(a, b, len);
+    return (PRInt32)v;
+}
+
+/*
+ * offsetof is a preprocessor definition
+ */
diff --git a/nss/lib/base/list.c b/nss/lib/base/list.c
new file mode 100644
index 0000000..e798cf0
--- /dev/null
+++ b/nss/lib/base/list.c
@@ -0,0 +1,405 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * list.c
+ *
+ * This contains the implementation of NSS's thread-safe linked list.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+struct nssListElementStr {
+    PRCList link;
+    void *data;
+};
+
+typedef struct nssListElementStr nssListElement;
+
+struct nssListStr {
+    NSSArena *arena;
+    PZLock *lock;
+    nssListElement *head;
+    PRUint32 count;
+    nssListCompareFunc compareFunc;
+    nssListSortFunc sortFunc;
+    PRBool i_alloced_arena;
+};
+
+struct nssListIteratorStr {
+    PZLock *lock;
+    nssList *list;
+    nssListElement *current;
+};
+
+#define NSSLIST_LOCK_IF(list) \
+    if ((list)->lock)         \
+    PZ_Lock((list)->lock)
+
+#define NSSLIST_UNLOCK_IF(list) \
+    if ((list)->lock)           \
+    PZ_Unlock((list)->lock)
+
+static PRBool
+pointer_compare(void *a, void *b)
+{
+    return (PRBool)(a == b);
+}
+
+static nssListElement *
+nsslist_get_matching_element(nssList *list, void *data)
+{
+    nssListElement *node;
+    node = list->head;
+    if (!node) {
+        return NULL;
+    }
+    while (node) {
+        /* using a callback slows things down when it's just compare ... */
+        if (list->compareFunc(node->data, data)) {
+            break;
+        }
+        if (&node->link == PR_LIST_TAIL(&list->head->link)) {
+            node = NULL;
+            break;
+        }
+        node = (nssListElement *)PR_NEXT_LINK(&node->link);
+    }
+    return node;
+}
+
+NSS_IMPLEMENT nssList *
+nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
+{
+    NSSArena *arena;
+    nssList *list;
+    PRBool i_alloced;
+    if (arenaOpt) {
+        arena = arenaOpt;
+        i_alloced = PR_FALSE;
+    } else {
+        arena = nssArena_Create();
+        i_alloced = PR_TRUE;
+    }
+    if (!arena) {
+        return (nssList *)NULL;
+    }
+    list = nss_ZNEW(arena, nssList);
+    if (!list) {
+        if (!arenaOpt) {
+            NSSArena_Destroy(arena);
+        }
+        return (nssList *)NULL;
+    }
+    if (threadSafe) {
+        list->lock = PZ_NewLock(nssILockOther);
+        if (!list->lock) {
+            if (arenaOpt) {
+                nss_ZFreeIf(list);
+            } else {
+                NSSArena_Destroy(arena);
+            }
+            return (nssList *)NULL;
+        }
+    }
+    list->arena = arena;
+    list->i_alloced_arena = i_alloced;
+    list->compareFunc = pointer_compare;
+    return list;
+}
+
+NSS_IMPLEMENT PRStatus
+nssList_Destroy(nssList *list)
+{
+    if (!list) {
+        return PR_SUCCESS;
+    }
+    if (!list->i_alloced_arena) {
+        nssList_Clear(list, NULL);
+    }
+    if (list->lock) {
+        (void)PZ_DestroyLock(list->lock);
+    }
+    if (list->i_alloced_arena) {
+        NSSArena_Destroy(list->arena);
+        list = NULL;
+    }
+    nss_ZFreeIf(list);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT void
+nssList_SetCompareFunction(nssList *list, nssListCompareFunc compareFunc)
+{
+    list->compareFunc = compareFunc;
+}
+
+NSS_IMPLEMENT void
+nssList_SetSortFunction(nssList *list, nssListSortFunc sortFunc)
+{
+    /* XXX if list already has elements, sort them */
+    list->sortFunc = sortFunc;
+}
+
+NSS_IMPLEMENT nssListCompareFunc
+nssList_GetCompareFunction(nssList *list)
+{
+    return list->compareFunc;
+}
+
+NSS_IMPLEMENT void
+nssList_Clear(nssList *list, nssListElementDestructorFunc destructor)
+{
+    PRCList *link;
+    nssListElement *node, *tmp;
+    if (!list) {
+        return;
+    }
+    NSSLIST_LOCK_IF(list);
+    node = list->head;
+    list->head = NULL;
+    while (node && list->count > 0) {
+        if (destructor)
+            (*destructor)(node->data);
+        link = &node->link;
+        tmp = (nssListElement *)PR_NEXT_LINK(link);
+        PR_REMOVE_LINK(link);
+        nss_ZFreeIf(node);
+        node = tmp;
+        --list->count;
+    }
+    NSSLIST_UNLOCK_IF(list);
+}
+
+static PRStatus
+nsslist_add_element(nssList *list, void *data)
+{
+    nssListElement *node = nss_ZNEW(list->arena, nssListElement);
+    if (!node) {
+        return PR_FAILURE;
+    }
+    PR_INIT_CLIST(&node->link);
+    node->data = data;
+    if (list->head) {
+        if (list->sortFunc) {
+            PRCList *link;
+            nssListElement *currNode;
+            currNode = list->head;
+            /* insert in ordered list */
+            while (currNode) {
+                link = &currNode->link;
+                if (list->sortFunc(data, currNode->data) <= 0) {
+                    /* new element goes before current node */
+                    PR_INSERT_BEFORE(&node->link, link);
+                    /* reset head if this is first */
+                    if (currNode == list->head)
+                        list->head = node;
+                    break;
+                }
+                if (link == PR_LIST_TAIL(&list->head->link)) {
+                    /* reached end of list, append */
+                    PR_INSERT_AFTER(&node->link, link);
+                    break;
+                }
+                currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
+            }
+        } else {
+            /* not sorting */
+            PR_APPEND_LINK(&node->link, &list->head->link);
+        }
+    } else {
+        list->head = node;
+    }
+    ++list->count;
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssList_Add(nssList *list, void *data)
+{
+    NSSLIST_LOCK_IF(list);
+    (void)nsslist_add_element(list, data);
+    NSSLIST_UNLOCK_IF(list);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssList_AddUnique(nssList *list, void *data)
+{
+    PRStatus nssrv;
+    nssListElement *node;
+    NSSLIST_LOCK_IF(list);
+    node = nsslist_get_matching_element(list, data);
+    if (node) {
+        /* already in, finish */
+        NSSLIST_UNLOCK_IF(list);
+        return PR_SUCCESS;
+    }
+    nssrv = nsslist_add_element(list, data);
+    NSSLIST_UNLOCK_IF(list);
+    return nssrv;
+}
+
+NSS_IMPLEMENT PRStatus
+nssList_Remove(nssList *list, void *data)
+{
+    nssListElement *node;
+    NSSLIST_LOCK_IF(list);
+    node = nsslist_get_matching_element(list, data);
+    if (node) {
+        if (node == list->head) {
+            list->head = (nssListElement *)PR_NEXT_LINK(&node->link);
+        }
+        PR_REMOVE_LINK(&node->link);
+        nss_ZFreeIf(node);
+        if (--list->count == 0) {
+            list->head = NULL;
+        }
+    }
+    NSSLIST_UNLOCK_IF(list);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT void *
+nssList_Get(nssList *list, void *data)
+{
+    nssListElement *node;
+    NSSLIST_LOCK_IF(list);
+    node = nsslist_get_matching_element(list, data);
+    NSSLIST_UNLOCK_IF(list);
+    return (node) ? node->data : NULL;
+}
+
+NSS_IMPLEMENT PRUint32
+nssList_Count(nssList *list)
+{
+    return list->count;
+}
+
+NSS_IMPLEMENT PRStatus
+nssList_GetArray(nssList *list, void **rvArray, PRUint32 maxElements)
+{
+    nssListElement *node;
+    PRUint32 i = 0;
+    PR_ASSERT(maxElements > 0);
+    node = list->head;
+    if (!node) {
+        return PR_SUCCESS;
+    }
+    NSSLIST_LOCK_IF(list);
+    while (node) {
+        rvArray[i++] = node->data;
+        if (i == maxElements)
+            break;
+        node = (nssListElement *)PR_NEXT_LINK(&node->link);
+        if (node == list->head) {
+            break;
+        }
+    }
+    NSSLIST_UNLOCK_IF(list);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT nssList *
+nssList_Clone(nssList *list)
+{
+    nssList *rvList;
+    nssListElement *node;
+    rvList = nssList_Create(NULL, (list->lock != NULL));
+    if (!rvList) {
+        return NULL;
+    }
+    NSSLIST_LOCK_IF(list);
+    if (list->count > 0) {
+        node = list->head;
+        while (PR_TRUE) {
+            nssList_Add(rvList, node->data);
+            node = (nssListElement *)PR_NEXT_LINK(&node->link);
+            if (node == list->head) {
+                break;
+            }
+        }
+    }
+    NSSLIST_UNLOCK_IF(list);
+    return rvList;
+}
+
+NSS_IMPLEMENT nssListIterator *
+nssList_CreateIterator(nssList *list)
+{
+    nssListIterator *rvIterator;
+    rvIterator = nss_ZNEW(NULL, nssListIterator);
+    if (!rvIterator) {
+        return NULL;
+    }
+    rvIterator->list = nssList_Clone(list);
+    if (!rvIterator->list) {
+        nss_ZFreeIf(rvIterator);
+        return NULL;
+    }
+    rvIterator->current = rvIterator->list->head;
+    if (list->lock) {
+        rvIterator->lock = PZ_NewLock(nssILockOther);
+        if (!rvIterator->lock) {
+            nssList_Destroy(rvIterator->list);
+            nss_ZFreeIf(rvIterator);
+            rvIterator = NULL;
+        }
+    }
+    return rvIterator;
+}
+
+NSS_IMPLEMENT void
+nssListIterator_Destroy(nssListIterator *iter)
+{
+    if (iter->lock) {
+        (void)PZ_DestroyLock(iter->lock);
+    }
+    if (iter->list) {
+        nssList_Destroy(iter->list);
+    }
+    nss_ZFreeIf(iter);
+}
+
+NSS_IMPLEMENT void *
+nssListIterator_Start(nssListIterator *iter)
+{
+    NSSLIST_LOCK_IF(iter);
+    if (iter->list->count == 0) {
+        return NULL;
+    }
+    iter->current = iter->list->head;
+    return iter->current->data;
+}
+
+NSS_IMPLEMENT void *
+nssListIterator_Next(nssListIterator *iter)
+{
+    nssListElement *node;
+    PRCList *link;
+    if (iter->list->count == 1 || iter->current == NULL) {
+        /* Reached the end of the list.  Don't change the state, force to
+         * user to call nssList_Finish to clean up.
+         */
+        return NULL;
+    }
+    node = (nssListElement *)PR_NEXT_LINK(&iter->current->link);
+    link = &node->link;
+    if (link == PR_LIST_TAIL(&iter->list->head->link)) {
+        /* Signal the end of the list. */
+        iter->current = NULL;
+        return node->data;
+    }
+    iter->current = node;
+    return node->data;
+}
+
+NSS_IMPLEMENT PRStatus
+nssListIterator_Finish(nssListIterator *iter)
+{
+    iter->current = iter->list->head;
+    return (iter->lock) ? PZ_Unlock(iter->lock) : PR_SUCCESS;
+}
diff --git a/nss/lib/base/manifest.mn b/nss/lib/base/manifest.mn
new file mode 100644
index 0000000..da3a0f3
--- /dev/null
+++ b/nss/lib/base/manifest.mn
@@ -0,0 +1,38 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+PRIVATE_EXPORTS = \
+	baset.h		  \
+	base.h		  \
+	$(NULL)
+
+EXPORTS =	   \
+	nssbaset.h \
+	nssbase.h  \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS =		   \
+	arena.c	   \
+	error.c	   \
+	errorval.c \
+	hashops.c  \
+	libc.c	   \
+	tracker.c  \
+	item.c     \
+	utf8.c	   \
+	list.c     \
+	hash.c     \
+	$(NULL)
+
+REQUIRES = nspr
+
+LIBRARY_NAME = nssb
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/base/nssbase.h b/nss/lib/base/nssbase.h
new file mode 100644
index 0000000..02e285f
--- /dev/null
+++ b/nss/lib/base/nssbase.h
@@ -0,0 +1,233 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSBASE_H
+#define NSSBASE_H
+
+/*
+ * nssbase.h
+ *
+ * This header file contains the prototypes of the basic public
+ * NSS routines.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * NSSArena
+ *
+ * The public methods relating to this type are:
+ *
+ *  NSSArena_Create  -- constructor
+ *  NSSArena_Destroy
+ *  NSS_ZAlloc
+ *  NSS_ZRealloc
+ *  NSS_ZFreeIf
+ */
+
+/*
+ * NSSArena_Create
+ *
+ * This routine creates a new memory arena.  This routine may return
+ * NULL upon error, in which case it will have created an error stack.
+ *
+ * The top-level error may be one of the following values:
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to an NSSArena upon success
+ */
+
+NSS_EXTERN NSSArena *NSSArena_Create(void);
+
+extern const NSSError NSS_ERROR_NO_MEMORY;
+
+/*
+ * NSSArena_Destroy
+ *
+ * This routine will destroy the specified arena, freeing all memory
+ * allocated from it.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS.  If unsuccessful, it will
+ * create an error stack and return PR_FAILURE.
+ *
+ * The top-level error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *
+ * Return value:
+ *  PR_SUCCESS upon success
+ *  PR_FAILURE upon failure
+ */
+
+NSS_EXTERN PRStatus NSSArena_Destroy(NSSArena *arena);
+
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+
+/*
+ * The error stack
+ *
+ * The public methods relating to the error stack are:
+ *
+ *  NSS_GetError
+ *  NSS_GetErrorStack
+ */
+
+/*
+ * NSS_GetError
+ *
+ * This routine returns the highest-level (most general) error set
+ * by the most recent NSS library routine called by the same thread
+ * calling this routine.
+ *
+ * This routine cannot fail.  It may return NSS_ERROR_NO_ERROR, which
+ * indicates that the previous NSS library call did not set an error.
+ *
+ * Return value:
+ *  0 if no error has been set
+ *  A nonzero error number
+ */
+
+NSS_EXTERN NSSError NSS_GetError(void);
+
+extern const NSSError NSS_ERROR_NO_ERROR;
+
+/*
+ * NSS_GetErrorStack
+ *
+ * This routine returns a pointer to an array of NSSError values,
+ * containingthe entire sequence or "stack" of errors set by the most
+ * recent NSS library routine called by the same thread calling this
+ * routine.  NOTE: the caller DOES NOT OWN the memory pointed to by
+ * the return value.  The pointer will remain valid until the calling
+ * thread calls another NSS routine.  The lowest-level (most specific)
+ * error is first in the array, and the highest-level is last.  The
+ * array is zero-terminated.  This routine may return NULL upon error;
+ * this indicates a low-memory situation.
+ *
+ * Return value:
+ *  NULL upon error, which is an implied NSS_ERROR_NO_MEMORY
+ *  A NON-caller-owned pointer to an array of NSSError values
+ */
+
+NSS_EXTERN NSSError *NSS_GetErrorStack(void);
+
+/*
+ * NSS_ZNEW
+ *
+ * This preprocessor macro will allocate memory for a new object
+ * of the specified type with nss_ZAlloc, and will cast the
+ * return value appropriately.  If the optional arena argument is
+ * non-null, the memory will be obtained from that arena; otherwise,
+ * the memory will be obtained from the heap.  This routine may
+ * return NULL upon error, in which case it will have set an error
+ * upon the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+#define NSS_ZNEW(arenaOpt, type) ((type *)NSS_ZAlloc((arenaOpt), sizeof(type)))
+
+/*
+ * NSS_ZNEWARRAY
+ *
+ * This preprocessor macro will allocate memory for an array of
+ * new objects, and will cast the return value appropriately.
+ * If the optional arena argument is non-null, the memory will
+ * be obtained from that arena; otherwise, the memory will be
+ * obtained from the heap.  This routine may return NULL upon
+ * error, in which case it will have set an error upon the error
+ * stack.  The array size may be specified as zero.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+#define NSS_ZNEWARRAY(arenaOpt, type, quantity) \
+    ((type *)NSS_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
+
+/*
+ * NSS_ZAlloc
+ *
+ * This routine allocates and zeroes a section of memory of the
+ * size, and returns to the caller a pointer to that memory.  If
+ * the optional arena argument is non-null, the memory will be
+ * obtained from that arena; otherwise, the memory will be obtained
+ * from the heap.  This routine may return NULL upon error, in
+ * which case it will have set an error upon the error stack.  The
+ * value specified for size may be zero; in which case a valid
+ * zero-length block of memory will be allocated.  This block may
+ * be expanded by calling NSS_ZRealloc.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the new segment of zeroed memory
+ */
+
+NSS_EXTERN void *NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
+
+/*
+ * NSS_ZRealloc
+ *
+ * This routine reallocates a block of memory obtained by calling
+ * nss_ZAlloc or nss_ZRealloc.  The portion of memory
+ * between the new and old sizes -- which is either being newly
+ * obtained or released -- is in either case zeroed.  This routine
+ * may return NULL upon failure, in which case it will have placed
+ * an error on the error stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
+ *
+ * Return value:
+ *  NULL upon error
+ *  A pointer to the replacement segment of memory
+ */
+
+NSS_EXTERN void *NSS_ZRealloc(void *pointer, PRUint32 newSize);
+
+/*
+ * NSS_ZFreeIf
+ *
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * nss_ZAlloc -- will be zeroed and released.  This routine
+ * returns a PRStatus value; if successful, it will return PR_SUCCESS.
+ * If unsuccessful, it will set an error on the error stack and return
+ * PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_EXTERN PRStatus NSS_ZFreeIf(void *pointer);
+
+PR_END_EXTERN_C
+
+#endif /* NSSBASE_H */
diff --git a/nss/lib/base/nssbaset.h b/nss/lib/base/nssbaset.h
new file mode 100644
index 0000000..8bc556e
--- /dev/null
+++ b/nss/lib/base/nssbaset.h
@@ -0,0 +1,118 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSBASET_H
+#define NSSBASET_H
+
+/*
+ * nssbaset.h
+ *
+ * This file contains the most low-level, fundamental public types.
+ */
+
+#include "nspr.h"
+#include "nssilock.h"
+
+/*
+ * NSS_EXTERN, NSS_IMPLEMENT, NSS_EXTERN_DATA, NSS_IMPLEMENT_DATA
+ *
+ * NSS has its own versions of these NSPR macros, in a form which
+ * does not confuse ctags and other related utilities.  NSPR
+ * defines these macros to take the type as an argument, because
+ * of certain OS requirements on platforms not supported by NSS.
+ */
+
+#define DUMMY /* dummy */
+#define NSS_EXTERN extern
+#define NSS_EXTERN_DATA extern
+#define NSS_IMPLEMENT
+#define NSS_IMPLEMENT_DATA
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * NSSError
+ *
+ * Calls to NSS routines may result in one or more errors being placed
+ * on the calling thread's "error stack."  Every possible error that
+ * may be returned from a function is declared where the function is
+ * prototyped.  All errors are of the following type.
+ */
+
+typedef PRInt32 NSSError;
+
+/*
+ * NSSArena
+ *
+ * Arenas are logical sets of heap memory, from which memory may be
+ * allocated.  When an arena is destroyed, all memory allocated within
+ * that arena is implicitly freed.  These arenas are thread-safe:
+ * an arena pointer may be used by multiple threads simultaneously.
+ * However, as they are not backed by shared memory, they may only be
+ * used within one process.
+ */
+
+struct NSSArenaStr;
+typedef struct NSSArenaStr NSSArena;
+
+/*
+ * NSSItem
+ *
+ * This is the basic type used to refer to an unconstrained datum of
+ * arbitrary size.
+ */
+
+struct NSSItemStr {
+    void *data;
+    PRUint32 size;
+};
+typedef struct NSSItemStr NSSItem;
+
+/*
+ * NSSBER
+ *
+ * Data packed according to the Basic Encoding Rules of ASN.1.
+ */
+
+typedef NSSItem NSSBER;
+
+/*
+ * NSSDER
+ *
+ * Data packed according to the Distinguished Encoding Rules of ASN.1;
+ * this form is also known as the Canonical Encoding Rules form (CER).
+ */
+
+typedef NSSBER NSSDER;
+
+/*
+ * NSSBitString
+ *
+ * Some ASN.1 types use "bit strings," which are passed around as
+ * octet strings but whose length is counted in bits.  We use this
+ * typedef of NSSItem to point out the occasions when the length
+ * is counted in bits, not octets.
+ */
+
+typedef NSSItem NSSBitString;
+
+/*
+ * NSSUTF8
+ *
+ * Character strings encoded in UTF-8, as defined by RFC 2279.
+ */
+
+typedef char NSSUTF8;
+
+/*
+ * NSSASCII7
+ *
+ * Character strings guaranteed to be 7-bit ASCII.
+ */
+
+typedef char NSSASCII7;
+
+PR_END_EXTERN_C
+
+#endif /* NSSBASET_H */
diff --git a/nss/lib/base/tracker.c b/nss/lib/base/tracker.c
new file mode 100644
index 0000000..850add7
--- /dev/null
+++ b/nss/lib/base/tracker.c
@@ -0,0 +1,378 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * tracker.c
+ *
+ * This file contains the code used by the pointer-tracking calls used
+ * in the debug builds to catch bad pointers.  The entire contents are
+ * only available in debug builds (both internal and external builds).
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#ifdef DEBUG
+/*
+ * identity_hash
+ *
+ * This static callback is a PLHashFunction as defined in plhash.h
+ * It merely returns the value of the object pointer as its hash.
+ * There are no possible errors.
+ */
+
+static PLHashNumber PR_CALLBACK
+identity_hash(const void *key)
+{
+    return (PLHashNumber)((char *)key - (char *)NULL);
+}
+
+/*
+ * trackerOnceFunc
+ *
+ * This function is called once, using the nssCallOnce function above.
+ * It creates a new pointer tracker object; initialising its hash
+ * table and protective lock.
+ */
+
+static PRStatus
+trackerOnceFunc(void *arg)
+{
+    nssPointerTracker *tracker = (nssPointerTracker *)arg;
+
+    tracker->lock = PZ_NewLock(nssILockOther);
+    if ((PZLock *)NULL == tracker->lock) {
+        return PR_FAILURE;
+    }
+
+    tracker->table =
+        PL_NewHashTable(0, identity_hash, PL_CompareValues, PL_CompareValues,
+                        (PLHashAllocOps *)NULL, (void *)NULL);
+    if ((PLHashTable *)NULL == tracker->table) {
+        PZ_DestroyLock(tracker->lock);
+        tracker->lock = (PZLock *)NULL;
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+
+/*
+ * nssPointerTracker_initialize
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine initializes an nssPointerTracker object.  Note that
+ * the object must have been declared *static* to guarantee that it
+ * is in a zeroed state initially.  This routine is idempotent, and
+ * may even be safely called by multiple threads simultaneously with
+ * the same argument.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS.  On failure it will set an
+ * error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_NO_MEMORY
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssPointerTracker_initialize(nssPointerTracker *tracker)
+{
+    PRStatus rv = PR_CallOnceWithArg(&tracker->once, trackerOnceFunc, tracker);
+    if (PR_SUCCESS != rv) {
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+    }
+
+    return rv;
+}
+
+#ifdef DONT_DESTROY_EMPTY_TABLES
+/* See same #ifdef below */
+/*
+ * count_entries
+ *
+ * This static routine is a PLHashEnumerator, as defined in plhash.h.
+ * It merely causes the enumeration function to count the number of
+ * entries.
+ */
+
+static PRIntn PR_CALLBACK
+count_entries(PLHashEntry *he, PRIntn index, void *arg)
+{
+    return HT_ENUMERATE_NEXT;
+}
+#endif /* DONT_DESTROY_EMPTY_TABLES */
+
+/*
+ * zero_once
+ *
+ * This is a guaranteed zeroed once block.  It's used to help clear
+ * the tracker.
+ */
+
+static const PRCallOnceType zero_once;
+
+/*
+ * nssPointerTracker_finalize
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine returns the nssPointerTracker object to the pre-
+ * initialized state, releasing all resources used by the object.
+ * It will *NOT* destroy the objects being tracked by the pointer
+ * (should any remain), and therefore cannot be used to "sweep up"
+ * remaining objects.  This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCES.  On failure it will set an
+ * error on the error stack and return PR_FAILURE.  If any objects
+ * remain in the tracker when it is finalized, that will be treated
+ * as an error.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_TRACKER_NOT_INITIALIZED
+ *  NSS_ERROR_TRACKER_NOT_EMPTY
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssPointerTracker_finalize(nssPointerTracker *tracker)
+{
+    PZLock *lock;
+
+    if ((nssPointerTracker *)NULL == tracker) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return PR_FAILURE;
+    }
+
+    if ((PZLock *)NULL == tracker->lock) {
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+    lock = tracker->lock;
+    PZ_Lock(lock);
+
+    if ((PLHashTable *)NULL == tracker->table) {
+        PZ_Unlock(lock);
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+#ifdef DONT_DESTROY_EMPTY_TABLES
+    /*
+     * I changed my mind; I think we don't want this after all.
+     * Comments?
+     */
+    count = PL_HashTableEnumerateEntries(tracker->table, count_entries,
+                                         (void *)NULL);
+
+    if (0 != count) {
+        PZ_Unlock(lock);
+        nss_SetError(NSS_ERROR_TRACKER_NOT_EMPTY);
+        return PR_FAILURE;
+    }
+#endif /* DONT_DESTROY_EMPTY_TABLES */
+
+    PL_HashTableDestroy(tracker->table);
+    /* memset(tracker, 0, sizeof(nssPointerTracker)); */
+    tracker->once = zero_once;
+    tracker->lock = (PZLock *)NULL;
+    tracker->table = (PLHashTable *)NULL;
+
+    PZ_Unlock(lock);
+    PZ_DestroyLock(lock);
+
+    return PR_SUCCESS;
+}
+
+/*
+ * nssPointerTracker_add
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine adds the specified pointer to the nssPointerTracker
+ * object.  It should be called in constructor objects to register
+ * new valid objects.  The nssPointerTracker is threadsafe, but this
+ * call is not idempotent.  This routine returns a PRStatus value;
+ * if successful it will return PR_SUCCESS.  On failure it will set
+ * an error on the error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_TRACKER_NOT_INITIALIZED
+ *  NSS_ERROR_DUPLICATE_POINTER
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssPointerTracker_add(nssPointerTracker *tracker, const void *pointer)
+{
+    void *check;
+    PLHashEntry *entry;
+
+    if ((nssPointerTracker *)NULL == tracker) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return PR_FAILURE;
+    }
+
+    if ((PZLock *)NULL == tracker->lock) {
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+    PZ_Lock(tracker->lock);
+
+    if ((PLHashTable *)NULL == tracker->table) {
+        PZ_Unlock(tracker->lock);
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+    check = PL_HashTableLookup(tracker->table, pointer);
+    if ((void *)NULL != check) {
+        PZ_Unlock(tracker->lock);
+        nss_SetError(NSS_ERROR_DUPLICATE_POINTER);
+        return PR_FAILURE;
+    }
+
+    entry = PL_HashTableAdd(tracker->table, pointer, (void *)pointer);
+
+    PZ_Unlock(tracker->lock);
+
+    if ((PLHashEntry *)NULL == entry) {
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+
+/*
+ * nssPointerTracker_remove
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine removes the specified pointer from the
+ * nssPointerTracker object.  It does not call any destructor for the
+ * object; rather, this should be called from the object's destructor.
+ * The nssPointerTracker is threadsafe, but this call is not
+ * idempotent.  This routine returns a PRStatus value; if successful
+ * it will return PR_SUCCESS.  On failure it will set an error on the
+ * error stack and return PR_FAILURE.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_TRACKER_NOT_INITIALIZED
+ *  NSS_ERROR_POINTER_NOT_REGISTERED
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILURE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssPointerTracker_remove(nssPointerTracker *tracker, const void *pointer)
+{
+    PRBool registered;
+
+    if ((nssPointerTracker *)NULL == tracker) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return PR_FAILURE;
+    }
+
+    if ((PZLock *)NULL == tracker->lock) {
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+    PZ_Lock(tracker->lock);
+
+    if ((PLHashTable *)NULL == tracker->table) {
+        PZ_Unlock(tracker->lock);
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+    registered = PL_HashTableRemove(tracker->table, pointer);
+    PZ_Unlock(tracker->lock);
+
+    if (!registered) {
+        nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+
+/*
+ * nssPointerTracker_verify
+ *
+ * This method is only present in debug builds.
+ *
+ * This routine verifies that the specified pointer has been registered
+ * with the nssPointerTracker object.  The nssPointerTracker object is
+ * threadsafe, and this call may be safely called from multiple threads
+ * simultaneously with the same arguments.  This routine returns a
+ * PRStatus value; if the pointer is registered this will return
+ * PR_SUCCESS.  Otherwise it will set an error on the error stack and
+ * return PR_FAILURE.  Although the error is suitable for leaving on
+ * the stack, callers may wish to augment the information available by
+ * placing a more type-specific error on the stack.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_TRACKER_NOT_INITIALIZED
+ *  NSS_ERROR_POINTER_NOT_REGISTERED
+ *
+ * Return value:
+ *  PR_SUCCESS
+ *  PR_FAILRUE
+ */
+
+NSS_IMPLEMENT PRStatus
+nssPointerTracker_verify(nssPointerTracker *tracker, const void *pointer)
+{
+    void *check;
+
+    if ((nssPointerTracker *)NULL == tracker) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return PR_FAILURE;
+    }
+
+    if ((PZLock *)NULL == tracker->lock) {
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+    PZ_Lock(tracker->lock);
+
+    if ((PLHashTable *)NULL == tracker->table) {
+        PZ_Unlock(tracker->lock);
+        nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+
+    check = PL_HashTableLookup(tracker->table, pointer);
+    PZ_Unlock(tracker->lock);
+
+    if ((void *)NULL == check) {
+        nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+
+#endif /* DEBUG */
diff --git a/nss/lib/base/utf8.c b/nss/lib/base/utf8.c
new file mode 100644
index 0000000..6d7b6a0
--- /dev/null
+++ b/nss/lib/base/utf8.c
@@ -0,0 +1,679 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * utf8.c
+ *
+ * This file contains some additional utility routines required for
+ * handling UTF8 strings.
+ */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#include "plstr.h"
+
+/*
+ * NOTES:
+ *
+ * There's an "is hex string" function in pki1/atav.c.  If we need
+ * it in more places, pull that one out.
+ */
+
+/*
+ * nssUTF8_CaseIgnoreMatch
+ *
+ * Returns true if the two UTF8-encoded strings pointed to by the
+ * two specified NSSUTF8 pointers differ only in typcase.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_TRUE if the strings match, ignoring case
+ *  PR_FALSE if they don't
+ *  PR_FALSE upon error
+ */
+
+NSS_IMPLEMENT PRBool
+nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
+{
+#ifdef NSSDEBUG
+    if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        if ((PRStatus *)NULL != statusOpt) {
+            *statusOpt = PR_FAILURE;
+        }
+        return PR_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+
+    /*
+     * XXX fgmr
+     *
+     * This is, like, so wrong!
+     */
+    if (0 == PL_strcasecmp((const char *)a, (const char *)b)) {
+        return PR_TRUE;
+    } else {
+        return PR_FALSE;
+    }
+}
+
+/*
+ * nssUTF8_PrintableMatch
+ *
+ * Returns true if the two Printable strings pointed to by the
+ * two specified NSSUTF8 pointers match when compared with the
+ * rules for Printable String (leading and trailing spaces are
+ * disregarded, extents of whitespace match irregardless of length,
+ * and case is not significant), then PR_TRUE will be returned.
+ * Otherwise, PR_FALSE will be returned.  Upon failure, PR_FALSE
+ * will be returned.  If the optional statusOpt argument is not
+ * NULL, then PR_SUCCESS or PR_FAILURE will be stored in that
+ * location.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *
+ * Return value:
+ *  PR_TRUE if the strings match, ignoring case
+ *  PR_FALSE if they don't
+ *  PR_FALSE upon error
+ */
+
+NSS_IMPLEMENT PRBool
+nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
+{
+    PRUint8 *c;
+    PRUint8 *d;
+
+#ifdef NSSDEBUG
+    if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        if ((PRStatus *)NULL != statusOpt) {
+            *statusOpt = PR_FAILURE;
+        }
+        return PR_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+
+    c = (PRUint8 *)a;
+    d = (PRUint8 *)b;
+
+    while (' ' == *c) {
+        c++;
+    }
+
+    while (' ' == *d) {
+        d++;
+    }
+
+    while (('\0' != *c) && ('\0' != *d)) {
+        PRUint8 e, f;
+
+        e = *c;
+        f = *d;
+
+        if (('a' <= e) && (e <= 'z')) {
+            e -= ('a' - 'A');
+        }
+
+        if (('a' <= f) && (f <= 'z')) {
+            f -= ('a' - 'A');
+        }
+
+        if (e != f) {
+            return PR_FALSE;
+        }
+
+        c++;
+        d++;
+
+        if (' ' == *c) {
+            while (' ' == *c) {
+                c++;
+            }
+            c--;
+        }
+
+        if (' ' == *d) {
+            while (' ' == *d) {
+                d++;
+            }
+            d--;
+        }
+    }
+
+    while (' ' == *c) {
+        c++;
+    }
+
+    while (' ' == *d) {
+        d++;
+    }
+
+    if (*c == *d) {
+        /* And both '\0', btw */
+        return PR_TRUE;
+    } else {
+        return PR_FALSE;
+    }
+}
+
+/*
+ * nssUTF8_Duplicate
+ *
+ * This routine duplicates the UTF8-encoded string pointed to by the
+ * specified NSSUTF8 pointer.  If the optional arenaOpt argument is
+ * not null, the memory required will be obtained from that arena;
+ * otherwise, the memory required will be obtained from the heap.
+ * A pointer to the new string will be returned.  In case of error,
+ * an error will be placed on the error stack and NULL will be
+ * returned.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_INVALID_ARENA
+ *  NSS_ERROR_NO_MEMORY
+ */
+
+NSS_IMPLEMENT NSSUTF8 *
+nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt)
+{
+    NSSUTF8 *rv;
+    PRUint32 len;
+
+#ifdef NSSDEBUG
+    if ((const NSSUTF8 *)NULL == s) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return (NSSUTF8 *)NULL;
+    }
+
+    if ((NSSArena *)NULL != arenaOpt) {
+        if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+            return (NSSUTF8 *)NULL;
+        }
+    }
+#endif /* NSSDEBUG */
+
+    len = PL_strlen((const char *)s);
+#ifdef PEDANTIC
+    if ('\0' != ((const char *)s)[len]) {
+        /* must have wrapped, e.g., too big for PRUint32 */
+        nss_SetError(NSS_ERROR_NO_MEMORY);
+        return (NSSUTF8 *)NULL;
+    }
+#endif     /* PEDANTIC */
+    len++; /* zero termination */
+
+    rv = nss_ZAlloc(arenaOpt, len);
+    if ((void *)NULL == rv) {
+        return (NSSUTF8 *)NULL;
+    }
+
+    (void)nsslibc_memcpy(rv, s, len);
+    return rv;
+}
+
+/*
+ * nssUTF8_Size
+ *
+ * This routine returns the length in bytes (including the terminating
+ * null) of the UTF8-encoded string pointed to by the specified
+ * NSSUTF8 pointer.  Zero is returned on error.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_VALUE_TOO_LARGE
+ *
+ * Return value:
+ *  0 on error
+ *  nonzero length of the string.
+ */
+
+NSS_IMPLEMENT PRUint32
+nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt)
+{
+    PRUint32 sv;
+
+#ifdef NSSDEBUG
+    if ((const NSSUTF8 *)NULL == s) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        if ((PRStatus *)NULL != statusOpt) {
+            *statusOpt = PR_FAILURE;
+        }
+        return 0;
+    }
+#endif /* NSSDEBUG */
+
+    sv = PL_strlen((const char *)s) + 1;
+#ifdef PEDANTIC
+    if ('\0' != ((const char *)s)[sv - 1]) {
+        /* wrapped */
+        nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
+        if ((PRStatus *)NULL != statusOpt) {
+            *statusOpt = PR_FAILURE;
+        }
+        return 0;
+    }
+#endif /* PEDANTIC */
+
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+
+    return sv;
+}
+
+/*
+ * nssUTF8_Length
+ *
+ * This routine returns the length in characters (not including the
+ * terminating null) of the UTF8-encoded string pointed to by the
+ * specified NSSUTF8 pointer.
+ *
+ * The error may be one of the following values:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_VALUE_TOO_LARGE
+ *  NSS_ERROR_INVALID_STRING
+ *
+ * Return value:
+ *  length of the string (which may be zero)
+ *  0 on error
+ */
+
+NSS_IMPLEMENT PRUint32
+nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt)
+{
+    PRUint32 l = 0;
+    const PRUint8 *c = (const PRUint8 *)s;
+
+#ifdef NSSDEBUG
+    if ((const NSSUTF8 *)NULL == s) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        goto loser;
+    }
+#endif /* NSSDEBUG */
+
+    /*
+     * From RFC 2044:
+     *
+     * UCS-4 range (hex.)           UTF-8 octet sequence (binary)
+     * 0000 0000-0000 007F   0xxxxxxx
+     * 0000 0080-0000 07FF   110xxxxx 10xxxxxx
+     * 0000 0800-0000 FFFF   1110xxxx 10xxxxxx 10xxxxxx
+     * 0001 0000-001F FFFF   11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+     * 0020 0000-03FF FFFF   111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+     * 0400 0000-7FFF FFFF   1111110x 10xxxxxx ... 10xxxxxx
+     */
+
+    while (0 != *c) {
+        PRUint32 incr;
+        if ((*c & 0x80) == 0) {
+            incr = 1;
+        } else if ((*c & 0xE0) == 0xC0) {
+            incr = 2;
+        } else if ((*c & 0xF0) == 0xE0) {
+            incr = 3;
+        } else if ((*c & 0xF8) == 0xF0) {
+            incr = 4;
+        } else if ((*c & 0xFC) == 0xF8) {
+            incr = 5;
+        } else if ((*c & 0xFE) == 0xFC) {
+            incr = 6;
+        } else {
+            nss_SetError(NSS_ERROR_INVALID_STRING);
+            goto loser;
+        }
+
+        l += incr;
+
+#ifdef PEDANTIC
+        if (l < incr) {
+            /* Wrapped-- too big */
+            nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
+            goto loser;
+        }
+
+        {
+            PRUint8 *d;
+            for (d = &c[1]; d < &c[incr]; d++) {
+                if ((*d & 0xC0) != 0xF0) {
+                    nss_SetError(NSS_ERROR_INVALID_STRING);
+                    goto loser;
+                }
+            }
+        }
+#endif /* PEDANTIC */
+
+        c += incr;
+    }
+
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+
+    return l;
+
+loser:
+    if ((PRStatus *)NULL != statusOpt) {
+        *statusOpt = PR_FAILURE;
+    }
+
+    return 0;
+}
+
+/*
+ * nssUTF8_Create
+ *
+ * This routine creates a UTF8 string from a string in some other
+ * format.  Some types of string may include embedded null characters,
+ * so for them the length parameter must be used.  For string types
+ * that are null-terminated, the length parameter is optional; if it
+ * is zero, it will be ignored.  If the optional arena argument is
+ * non-null, the memory used for the new string will be obtained from
+ * that arena, otherwise it will be obtained from the heap.  This
+ * routine may return NULL upon error, in which case it will have
+ * placed an error on the error stack.
+ *
+ * The error may be one of the following:
+ *  NSS_ERROR_INVALID_POINTER
+ *  NSS_ERROR_NO_MEMORY
+ *  NSS_ERROR_UNSUPPORTED_TYPE
+ *
+ * Return value:
+ *  NULL upon error
+ *  A non-null pointer to a new UTF8 string otherwise
+ */
+
+extern const NSSError NSS_ERROR_INTERNAL_ERROR; /* XXX fgmr */
+
+NSS_IMPLEMENT NSSUTF8 *
+nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
+               PRUint32 size /* in bytes, not characters */
+               )
+{
+    NSSUTF8 *rv = NULL;
+
+#ifdef NSSDEBUG
+    if ((NSSArena *)NULL != arenaOpt) {
+        if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+            return (NSSUTF8 *)NULL;
+        }
+    }
+
+    if ((const void *)NULL == inputString) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return (NSSUTF8 *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    switch (type) {
+        case nssStringType_DirectoryString:
+            /* This is a composite type requiring BER */
+            nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+            break;
+        case nssStringType_TeletexString:
+            /*
+             * draft-ietf-pkix-ipki-part1-11 says in part:
+             *
+             * In addition, many legacy implementations support names encoded
+             * in the ISO 8859-1 character set (Latin1String) but tag them as
+             * TeletexString.  The Latin1String includes characters used in
+             * Western European countries which are not part of the
+             * TeletexString charcter set.  Implementations that process
+             * TeletexString SHOULD be prepared to handle the entire ISO
+             * 8859-1 character set.[ISO 8859-1].
+             */
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_PrintableString:
+            /*
+             * PrintableString consists of A-Za-z0-9 ,()+,-./:=?
+             * This is a subset of ASCII, which is a subset of UTF8.
+             * So we can just duplicate the string over.
+             */
+
+            if (0 == size) {
+                rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
+            } else {
+                rv = nss_ZAlloc(arenaOpt, size + 1);
+                if ((NSSUTF8 *)NULL == rv) {
+                    return (NSSUTF8 *)NULL;
+                }
+
+                (void)nsslibc_memcpy(rv, inputString, size);
+            }
+
+            break;
+        case nssStringType_UniversalString:
+            /* 4-byte unicode */
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_BMPString:
+            /* Base Multilingual Plane of Unicode */
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_UTF8String:
+            if (0 == size) {
+                rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
+            } else {
+                rv = nss_ZAlloc(arenaOpt, size + 1);
+                if ((NSSUTF8 *)NULL == rv) {
+                    return (NSSUTF8 *)NULL;
+                }
+
+                (void)nsslibc_memcpy(rv, inputString, size);
+            }
+
+            break;
+        case nssStringType_PHGString:
+            /*
+             * PHGString is an IA5String (with case-insensitive comparisons).
+             * IA5 is ~almost~ ascii; ascii has dollar-sign where IA5 has
+             * currency symbol.
+             */
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_GeneralString:
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        default:
+            nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+            break;
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT NSSItem *
+nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt, nssStringType type,
+                    NSSUTF8 *string)
+{
+    NSSItem *rv = (NSSItem *)NULL;
+    PRStatus status = PR_SUCCESS;
+
+#ifdef NSSDEBUG
+    if ((NSSArena *)NULL != arenaOpt) {
+        if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+            return (NSSItem *)NULL;
+        }
+    }
+
+    if ((NSSUTF8 *)NULL == string) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return (NSSItem *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    switch (type) {
+        case nssStringType_DirectoryString:
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_TeletexString:
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_PrintableString:
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_UniversalString:
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_BMPString:
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        case nssStringType_UTF8String: {
+            NSSUTF8 *dup = nssUTF8_Duplicate(string, arenaOpt);
+            if ((NSSUTF8 *)NULL == dup) {
+                return (NSSItem *)NULL;
+            }
+
+            if ((NSSItem *)NULL == rvOpt) {
+                rv = nss_ZNEW(arenaOpt, NSSItem);
+                if ((NSSItem *)NULL == rv) {
+                    (void)nss_ZFreeIf(dup);
+                    return (NSSItem *)NULL;
+                }
+            } else {
+                rv = rvOpt;
+            }
+
+            rv->data = dup;
+            dup = (NSSUTF8 *)NULL;
+            rv->size = nssUTF8_Size(rv->data, &status);
+            if ((0 == rv->size) && (PR_SUCCESS != status)) {
+                if ((NSSItem *)NULL == rvOpt) {
+                    (void)nss_ZFreeIf(rv);
+                }
+                return (NSSItem *)NULL;
+            }
+        } break;
+        case nssStringType_PHGString:
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+            break;
+        default:
+            nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+            break;
+    }
+
+    return rv;
+}
+
+/*
+ * nssUTF8_CopyIntoFixedBuffer
+ *
+ * This will copy a UTF8 string into a fixed-length buffer, making
+ * sure that the all characters are valid.  Any remaining space will
+ * be padded with the specified ASCII character, typically either
+ * null or space.
+ *
+ * Blah, blah, blah.
+ */
+
+NSS_IMPLEMENT PRStatus
+nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer, PRUint32 bufferSize,
+                            char pad)
+{
+    PRUint32 stringSize = 0;
+
+#ifdef NSSDEBUG
+    if ((char *)NULL == buffer) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        return PR_FALSE;
+    }
+
+    if (0 == bufferSize) {
+        nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+        return PR_FALSE;
+    }
+
+    if ((pad & 0x80) != 0x00) {
+        nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+        return PR_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if ((NSSUTF8 *)NULL == string) {
+        string = (NSSUTF8 *)"";
+    }
+
+    stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
+    stringSize--; /* don't count the trailing null */
+    if (stringSize > bufferSize) {
+        PRUint32 bs = bufferSize;
+        (void)nsslibc_memcpy(buffer, string, bufferSize);
+
+        if ((((buffer[bs - 1] & 0x80) == 0x00)) ||
+            ((bs > 1) && ((buffer[bs - 2] & 0xE0) == 0xC0)) ||
+            ((bs > 2) && ((buffer[bs - 3] & 0xF0) == 0xE0)) ||
+            ((bs > 3) && ((buffer[bs - 4] & 0xF8) == 0xF0)) ||
+            ((bs > 4) && ((buffer[bs - 5] & 0xFC) == 0xF8)) ||
+            ((bs > 5) && ((buffer[bs - 6] & 0xFE) == 0xFC))) {
+            /* It fit exactly */
+            return PR_SUCCESS;
+        }
+
+        /* Too long.  We have to trim the last character */
+        for (/*bs*/; bs != 0; bs--) {
+            if ((buffer[bs - 1] & 0xC0) != 0x80) {
+                buffer[bs - 1] = pad;
+                break;
+            } else {
+                buffer[bs - 1] = pad;
+            }
+        }
+    } else {
+        (void)nsslibc_memset(buffer, pad, bufferSize);
+        (void)nsslibc_memcpy(buffer, string, stringSize);
+    }
+
+    return PR_SUCCESS;
+}
+
+/*
+ * nssUTF8_Equal
+ *
+ */
+
+NSS_IMPLEMENT PRBool
+nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
+{
+    PRUint32 la, lb;
+
+#ifdef NSSDEBUG
+    if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        if ((PRStatus *)NULL != statusOpt) {
+            *statusOpt = PR_FAILURE;
+        }
+        return PR_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    la = nssUTF8_Size(a, statusOpt);
+    if (0 == la) {
+        return PR_FALSE;
+    }
+
+    lb = nssUTF8_Size(b, statusOpt);
+    if (0 == lb) {
+        return PR_FALSE;
+    }
+
+    if (la != lb) {
+        return PR_FALSE;
+    }
+
+    return nsslibc_memequal(a, b, la, statusOpt);
+}
diff --git a/nss/lib/certdb/Makefile b/nss/lib/certdb/Makefile
new file mode 100644
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/certdb/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/certdb/alg1485.c b/nss/lib/certdb/alg1485.c
new file mode 100644
index 0000000..8d475ff
--- /dev/null
+++ b/nss/lib/certdb/alg1485.c
@@ -0,0 +1,1579 @@
+/* alg1485.c - implementation of RFCs 1485, 1779 and 2253.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prprf.h"
+#include "cert.h"
+#include "certi.h"
+#include "xconst.h"
+#include "genname.h"
+#include "secitem.h"
+#include "secerr.h"
+
+typedef struct NameToKindStr {
+    const char* name;
+    unsigned int maxLen; /* max bytes in UTF8 encoded string value */
+    SECOidTag kind;
+    int valueType;
+} NameToKind;
+
+/* local type for directory string--could be printable_string or utf8 */
+#define SEC_ASN1_DS SEC_ASN1_HIGH_TAG_NUMBER
+
+/* clang-format off */
+
+/* Add new entries to this table, and maybe to function ParseRFC1485AVA */
+static const NameToKind name2kinds[] = {
+/* IANA registered type names
+ * (See: http://www.iana.org/assignments/ldap-parameters)
+ */
+/* RFC 3280, 4630 MUST SUPPORT */
+    { "CN",            640, SEC_OID_AVA_COMMON_NAME,    SEC_ASN1_DS},
+    { "ST",            128, SEC_OID_AVA_STATE_OR_PROVINCE,
+                                                        SEC_ASN1_DS},
+    { "O",             128, SEC_OID_AVA_ORGANIZATION_NAME,
+                                                        SEC_ASN1_DS},
+    { "OU",            128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
+                                                        SEC_ASN1_DS},
+    { "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING},
+    { "C",               2, SEC_OID_AVA_COUNTRY_NAME, SEC_ASN1_PRINTABLE_STRING},
+    { "serialNumber",   64, SEC_OID_AVA_SERIAL_NUMBER,SEC_ASN1_PRINTABLE_STRING},
+
+/* RFC 3280, 4630 SHOULD SUPPORT */
+    { "L",             128, SEC_OID_AVA_LOCALITY,       SEC_ASN1_DS},
+    { "title",          64, SEC_OID_AVA_TITLE,          SEC_ASN1_DS},
+    { "SN",             64, SEC_OID_AVA_SURNAME,        SEC_ASN1_DS},
+    { "givenName",      64, SEC_OID_AVA_GIVEN_NAME,     SEC_ASN1_DS},
+    { "initials",       64, SEC_OID_AVA_INITIALS,       SEC_ASN1_DS},
+    { "generationQualifier",
+                        64, SEC_OID_AVA_GENERATION_QUALIFIER,
+                                                        SEC_ASN1_DS},
+/* RFC 3280, 4630 MAY SUPPORT */
+    { "DC",            128, SEC_OID_AVA_DC,             SEC_ASN1_IA5_STRING},
+    { "MAIL",          256, SEC_OID_RFC1274_MAIL,       SEC_ASN1_IA5_STRING},
+    { "UID",           256, SEC_OID_RFC1274_UID,        SEC_ASN1_DS},
+
+/* ------------------ "strict" boundary ---------------------------------
+ * In strict mode, cert_NameToAscii does not encode any of the attributes
+ * below this line. The first SECOidTag below this line must be used to
+ * conditionally define the "endKind" in function AppendAVA() below.
+ * Most new attribute names should be added below this line.
+ * Maybe this line should be up higher?  Say, after the 3280 MUSTs and
+ * before the 3280 SHOULDs?
+ */
+
+/* values from draft-ietf-ldapbis-user-schema-05 (not in RFC 3280) */
+    { "postalAddress", 128, SEC_OID_AVA_POSTAL_ADDRESS, SEC_ASN1_DS},
+    { "postalCode",     40, SEC_OID_AVA_POSTAL_CODE,    SEC_ASN1_DS},
+    { "postOfficeBox",  40, SEC_OID_AVA_POST_OFFICE_BOX,SEC_ASN1_DS},
+    { "houseIdentifier",64, SEC_OID_AVA_HOUSE_IDENTIFIER,SEC_ASN1_DS},
+/* end of IANA registered type names */
+
+/* legacy keywords */
+    { "E",             128, SEC_OID_PKCS9_EMAIL_ADDRESS,SEC_ASN1_IA5_STRING},
+    { "STREET",        128, SEC_OID_AVA_STREET_ADDRESS, SEC_ASN1_DS},
+    { "pseudonym",      64, SEC_OID_AVA_PSEUDONYM,      SEC_ASN1_DS},
+
+/* values defined by the CAB Forum for EV */
+    { "incorporationLocality", 128, SEC_OID_EV_INCORPORATION_LOCALITY,
+                                    SEC_ASN1_DS},
+    { "incorporationState",    128, SEC_OID_EV_INCORPORATION_STATE,
+                                    SEC_ASN1_DS},
+    { "incorporationCountry",    2, SEC_OID_EV_INCORPORATION_COUNTRY,
+                                    SEC_ASN1_PRINTABLE_STRING},
+    { "businessCategory",       64, SEC_OID_BUSINESS_CATEGORY, SEC_ASN1_DS},
+
+/* values defined in X.520 */
+    { "name",           64, SEC_OID_AVA_NAME,           SEC_ASN1_DS},
+
+    { 0,               256, SEC_OID_UNKNOWN,            0},
+};
+
+/* Table facilitates conversion of ASCII hex to binary. */
+static const PRInt16 x2b[256] = {
+/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #3x */  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, -1, -1, -1, -1, -1, -1,
+/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #fx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
+};
+
+#define IS_HEX(c) (x2b[(PRUint8)(c)] >= 0)
+
+#define C_DOUBLE_QUOTE '\042'
+
+#define C_BACKSLASH '\134'
+
+#define C_EQUAL '='
+
+#define OPTIONAL_SPACE(c)                                                      \
+    (((c) == ' ') || ((c) == '\r') || ((c) == '\n'))
+
+#define SPECIAL_CHAR(c)                                                        \
+    (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) ||                \
+     ((c) == '\r') || ((c) == '\n') || ((c) == '+') ||                         \
+     ((c) == '<') || ((c) == '>') || ((c) == '#') ||                           \
+     ((c) == ';') || ((c) == C_BACKSLASH))
+
+
+#define IS_PRINTABLE(c)                                                        \
+    ((((c) >= 'a') && ((c) <= 'z')) ||                                         \
+     (((c) >= 'A') && ((c) <= 'Z')) ||                                         \
+     (((c) >= '0') && ((c) <= '9')) ||                                         \
+     ((c) == ' ') ||                                                           \
+     ((c) == '\'') ||                                                          \
+     ((c) == '\050') ||                     /* ( */                            \
+     ((c) == '\051') ||                     /* ) */                            \
+     (((c) >= '+') && ((c) <= '/')) ||      /* + , - . / */                    \
+     ((c) == ':') ||                                                           \
+     ((c) == '=') ||                                                           \
+     ((c) == '?'))
+
+/* clang-format on */
+
+/* RFC 2253 says we must escape ",+\"\\<>;=" EXCEPT inside a quoted string.
+ * Inside a quoted string, we only need to escape " and \
+ * We choose to quote strings containing any of those special characters,
+ * so we only need to escape " and \
+ */
+#define NEEDS_ESCAPE(c) (c == C_DOUBLE_QUOTE || c == C_BACKSLASH)
+
+#define NEEDS_HEX_ESCAPE(c) ((PRUint8)c < 0x20 || c == 0x7f)
+
+int
+cert_AVAOidTagToMaxLen(SECOidTag tag)
+{
+    const NameToKind* n2k = name2kinds;
+
+    while (n2k->kind != tag && n2k->kind != SEC_OID_UNKNOWN) {
+        ++n2k;
+    }
+    return (n2k->kind != SEC_OID_UNKNOWN) ? n2k->maxLen : -1;
+}
+
+static PRBool
+IsPrintable(unsigned char* data, unsigned len)
+{
+    unsigned char ch, *end;
+
+    end = data + len;
+    while (data < end) {
+        ch = *data++;
+        if (!IS_PRINTABLE(ch)) {
+            return PR_FALSE;
+        }
+    }
+    return PR_TRUE;
+}
+
+static void
+skipSpace(const char** pbp, const char* endptr)
+{
+    const char* bp = *pbp;
+    while (bp < endptr && OPTIONAL_SPACE(*bp)) {
+        bp++;
+    }
+    *pbp = bp;
+}
+
+static SECStatus
+scanTag(const char** pbp, const char* endptr, char* tagBuf, int tagBufSize)
+{
+    const char* bp;
+    char* tagBufp;
+    int taglen;
+
+    PORT_Assert(tagBufSize > 0);
+
+    /* skip optional leading space */
+    skipSpace(pbp, endptr);
+    if (*pbp == endptr) {
+        /* nothing left */
+        return SECFailure;
+    }
+
+    /* fill tagBuf */
+    taglen = 0;
+    bp = *pbp;
+    tagBufp = tagBuf;
+    while (bp < endptr && !OPTIONAL_SPACE(*bp) && (*bp != C_EQUAL)) {
+        if (++taglen >= tagBufSize) {
+            *pbp = bp;
+            return SECFailure;
+        }
+        *tagBufp++ = *bp++;
+    }
+    /* null-terminate tagBuf -- guaranteed at least one space left */
+    *tagBufp++ = 0;
+    *pbp = bp;
+
+    /* skip trailing spaces till we hit something - should be an equal sign */
+    skipSpace(pbp, endptr);
+    if (*pbp == endptr) {
+        /* nothing left */
+        return SECFailure;
+    }
+    if (**pbp != C_EQUAL) {
+        /* should be an equal sign */
+        return SECFailure;
+    }
+    /* skip over the equal sign */
+    (*pbp)++;
+
+    return SECSuccess;
+}
+
+/* Returns the number of bytes in the value. 0 means failure. */
+static int
+scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize)
+{
+    const char* bp;
+    char* valBufp;
+    int vallen = 0;
+    PRBool isQuoted;
+
+    PORT_Assert(valBufSize > 0);
+
+    /* skip optional leading space */
+    skipSpace(pbp, endptr);
+    if (*pbp == endptr) {
+        /* nothing left */
+        return 0;
+    }
+
+    bp = *pbp;
+
+    /* quoted? */
+    if (*bp == C_DOUBLE_QUOTE) {
+        isQuoted = PR_TRUE;
+        /* skip over it */
+        bp++;
+    } else {
+        isQuoted = PR_FALSE;
+    }
+
+    valBufp = valBuf;
+    while (bp < endptr) {
+        char c = *bp;
+        if (c == C_BACKSLASH) {
+            /* escape character */
+            bp++;
+            if (bp >= endptr) {
+                /* escape charater must appear with paired char */
+                *pbp = bp;
+                return 0;
+            }
+            c = *bp;
+            if (IS_HEX(c) && (endptr - bp) >= 2 && IS_HEX(bp[1])) {
+                bp++;
+                c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]);
+            }
+        } else if (c == '#' && bp == *pbp) {
+            /* ignore leading #, quotation not required for it. */
+        } else if (!isQuoted && SPECIAL_CHAR(c)) {
+            /* unescaped special and not within quoted value */
+            break;
+        } else if (c == C_DOUBLE_QUOTE) {
+            /* reached unescaped double quote */
+            break;
+        }
+        /* append character */
+        vallen++;
+        if (vallen >= valBufSize) {
+            *pbp = bp;
+            return 0;
+        }
+        *valBufp++ = c;
+        bp++;
+    }
+
+    /* strip trailing spaces from unquoted values */
+    if (!isQuoted) {
+        while (valBufp > valBuf) {
+            char c = valBufp[-1];
+            if (!OPTIONAL_SPACE(c))
+                break;
+            --valBufp;
+        }
+        vallen = valBufp - valBuf;
+    }
+
+    if (isQuoted) {
+        /* insist that we stopped on a double quote */
+        if (*bp != C_DOUBLE_QUOTE) {
+            *pbp = bp;
+            return 0;
+        }
+        /* skip over the quote and skip optional space */
+        bp++;
+        skipSpace(&bp, endptr);
+    }
+
+    *pbp = bp;
+
+    /* null-terminate valBuf -- guaranteed at least one space left */
+    *valBufp = 0;
+
+    return vallen;
+}
+
+/* Caller must set error code upon failure */
+static SECStatus
+hexToBin(PLArenaPool* pool, SECItem* destItem, const char* src, int len)
+{
+    PRUint8* dest;
+
+    destItem->data = NULL;
+    if (len <= 0 || (len & 1)) {
+        goto loser;
+    }
+    len >>= 1;
+    if (!SECITEM_AllocItem(pool, destItem, len)) {
+        goto loser;
+    }
+    dest = destItem->data;
+    for (; len > 0; len--, src += 2) {
+        PRUint16 bin = ((PRUint16)x2b[(PRUint8)src[0]] << 4);
+        bin |= (PRUint16)x2b[(PRUint8)src[1]];
+        if (bin >> 15) { /* is negative */
+            goto loser;
+        }
+        *dest++ = (PRUint8)bin;
+    }
+    return SECSuccess;
+loser:
+    if (!pool)
+        SECITEM_FreeItem(destItem, PR_FALSE);
+    return SECFailure;
+}
+
+/* Parses one AVA, starting at *pbp.  Stops at endptr.
+ * Advances *pbp past parsed AVA and trailing separator (if present).
+ * On any error, returns NULL and *pbp is undefined.
+ * On success, returns CERTAVA allocated from arena, and (*pbp)[-1] was
+ * the last character parsed.  *pbp is either equal to endptr or
+ * points to first character after separator.
+ */
+static CERTAVA*
+ParseRFC1485AVA(PLArenaPool* arena, const char** pbp, const char* endptr)
+{
+    CERTAVA* a;
+    const NameToKind* n2k;
+    const char* bp;
+    int vt = -1;
+    int valLen;
+    SECOidTag kind = SEC_OID_UNKNOWN;
+    SECStatus rv = SECFailure;
+    SECItem derOid = { 0, NULL, 0 };
+    SECItem derVal = { 0, NULL, 0 };
+    char sep = 0;
+
+    char tagBuf[32];
+    char valBuf[1024];
+
+    PORT_Assert(arena);
+    if (SECSuccess != scanTag(pbp, endptr, tagBuf, sizeof tagBuf) ||
+        !(valLen = scanVal(pbp, endptr, valBuf, sizeof valBuf))) {
+        goto loser;
+    }
+
+    bp = *pbp;
+    if (bp < endptr) {
+        sep = *bp++; /* skip over separator */
+    }
+    *pbp = bp;
+    /* if we haven't finished, insist that we've stopped on a separator */
+    if (sep && sep != ',' && sep != ';' && sep != '+') {
+        goto loser;
+    }
+
+    /* is this a dotted decimal OID attribute type ? */
+    if (!PL_strncasecmp("oid.", tagBuf, 4)) {
+        rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf));
+    } else {
+        for (n2k = name2kinds; n2k->name; n2k++) {
+            SECOidData* oidrec;
+            if (PORT_Strcasecmp(n2k->name, tagBuf) == 0) {
+                kind = n2k->kind;
+                vt = n2k->valueType;
+                oidrec = SECOID_FindOIDByTag(kind);
+                if (oidrec == NULL)
+                    goto loser;
+                derOid = oidrec->oid;
+                break;
+            }
+        }
+    }
+    if (kind == SEC_OID_UNKNOWN && rv != SECSuccess)
+        goto loser;
+
+    /* Is this a hex encoding of a DER attribute value ? */
+    if ('#' == valBuf[0]) {
+        /* convert attribute value from hex to binary */
+        rv = hexToBin(arena, &derVal, valBuf + 1, valLen - 1);
+        if (rv)
+            goto loser;
+        a = CERT_CreateAVAFromRaw(arena, &derOid, &derVal);
+    } else {
+        if (kind == SEC_OID_UNKNOWN)
+            goto loser;
+        if (kind == SEC_OID_AVA_COUNTRY_NAME && valLen != 2)
+            goto loser;
+        if (vt == SEC_ASN1_PRINTABLE_STRING &&
+            !IsPrintable((unsigned char*)valBuf, valLen))
+            goto loser;
+        if (vt == SEC_ASN1_DS) {
+            /* RFC 4630: choose PrintableString or UTF8String */
+            if (IsPrintable((unsigned char*)valBuf, valLen))
+                vt = SEC_ASN1_PRINTABLE_STRING;
+            else
+                vt = SEC_ASN1_UTF8_STRING;
+        }
+
+        derVal.data = (unsigned char*)valBuf;
+        derVal.len = valLen;
+        a = CERT_CreateAVAFromSECItem(arena, kind, vt, &derVal);
+    }
+    return a;
+
+loser:
+    /* matched no kind -- invalid tag */
+    PORT_SetError(SEC_ERROR_INVALID_AVA);
+    return 0;
+}
+
+static CERTName*
+ParseRFC1485Name(const char* buf, int len)
+{
+    SECStatus rv;
+    CERTName* name;
+    const char *bp, *e;
+    CERTAVA* ava;
+    CERTRDN* rdn = NULL;
+
+    name = CERT_CreateName(NULL);
+    if (name == NULL) {
+        return NULL;
+    }
+
+    e = buf + len;
+    bp = buf;
+    while (bp < e) {
+        ava = ParseRFC1485AVA(name->arena, &bp, e);
+        if (ava == 0)
+            goto loser;
+        if (!rdn) {
+            rdn = CERT_CreateRDN(name->arena, ava, (CERTAVA*)0);
+            if (rdn == 0)
+                goto loser;
+            rv = CERT_AddRDN(name, rdn);
+        } else {
+            rv = CERT_AddAVA(name->arena, rdn, ava);
+        }
+        if (rv)
+            goto loser;
+        if (bp[-1] != '+')
+            rdn = NULL; /* done with this RDN */
+        skipSpace(&bp, e);
+    }
+
+    if (name->rdns[0] == 0) {
+        /* empty name -- illegal */
+        goto loser;
+    }
+
+    /* Reverse order of RDNS to comply with RFC */
+    {
+        CERTRDN** firstRdn;
+        CERTRDN** lastRdn;
+        CERTRDN* tmp;
+
+        /* get first one */
+        firstRdn = name->rdns;
+
+        /* find last one */
+        lastRdn = name->rdns;
+        while (*lastRdn)
+            lastRdn++;
+        lastRdn--;
+
+        /* reverse list */
+        for (; firstRdn < lastRdn; firstRdn++, lastRdn--) {
+            tmp = *firstRdn;
+            *firstRdn = *lastRdn;
+            *lastRdn = tmp;
+        }
+    }
+
+    /* return result */
+    return name;
+
+loser:
+    CERT_DestroyName(name);
+    return NULL;
+}
+
+CERTName*
+CERT_AsciiToName(const char* string)
+{
+    CERTName* name;
+    name = ParseRFC1485Name(string, PORT_Strlen(string));
+    return name;
+}
+
+/************************************************************************/
+
+typedef struct stringBufStr {
+    char* buffer;
+    unsigned offset;
+    unsigned size;
+} stringBuf;
+
+#define DEFAULT_BUFFER_SIZE 200
+
+static SECStatus
+AppendStr(stringBuf* bufp, char* str)
+{
+    char* buf;
+    unsigned bufLen, bufSize, len;
+    int size = 0;
+
+    /* Figure out how much to grow buf by (add in the '\0') */
+    buf = bufp->buffer;
+    bufLen = bufp->offset;
+    len = PORT_Strlen(str);
+    bufSize = bufLen + len;
+    if (!buf) {
+        bufSize++;
+        size = PR_MAX(DEFAULT_BUFFER_SIZE, bufSize * 2);
+        buf = (char*)PORT_Alloc(size);
+        bufp->size = size;
+    } else if (bufp->size < bufSize) {
+        size = bufSize * 2;
+        buf = (char*)PORT_Realloc(buf, size);
+        bufp->size = size;
+    }
+    if (!buf) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    bufp->buffer = buf;
+    bufp->offset = bufSize;
+
+    /* Concatenate str onto buf */
+    buf = buf + bufLen;
+    if (bufLen)
+        buf--;                      /* stomp on old '\0' */
+    PORT_Memcpy(buf, str, len + 1); /* put in new null */
+    return SECSuccess;
+}
+
+typedef enum {
+    minimalEscape = 0,     /* only hex escapes, and " and \ */
+    minimalEscapeAndQuote, /* as above, plus quoting        */
+    fullEscape             /* no quoting, full escaping     */
+} EQMode;
+
+/* Some characters must be escaped as a hex string, e.g. c -> \nn .
+ * Others must be escaped by preceding with a '\', e.g. c -> \c , but
+ * there are certain "special characters" that may be handled by either
+ * escaping them, or by enclosing the entire attribute value in quotes.
+ * A NULL value for pEQMode implies selecting minimalEscape mode.
+ * Some callers will do quoting when needed, others will not.
+ * If a caller selects minimalEscapeAndQuote, and the string does not
+ * need quoting, then this function changes it to minimalEscape.
+ */
+static int
+cert_RFC1485_GetRequiredLen(const char* src, int srclen, EQMode* pEQMode)
+{
+    int i, reqLen = 0;
+    EQMode mode = pEQMode ? *pEQMode : minimalEscape;
+    PRBool needsQuoting = PR_FALSE;
+    char lastC = 0;
+
+    /* need to make an initial pass to determine if quoting is needed */
+    for (i = 0; i < srclen; i++) {
+        char c = src[i];
+        reqLen++;
+        if (NEEDS_HEX_ESCAPE(c)) { /* c -> \xx  */
+            reqLen += 2;
+        } else if (NEEDS_ESCAPE(c)) { /* c -> \c   */
+            reqLen++;
+        } else if (SPECIAL_CHAR(c)) {
+            if (mode == minimalEscapeAndQuote) /* quoting is allowed */
+                needsQuoting = PR_TRUE;        /* entirety will need quoting */
+            else if (mode == fullEscape)
+                reqLen++; /* MAY escape this character */
+        } else if (OPTIONAL_SPACE(c) && OPTIONAL_SPACE(lastC)) {
+            if (mode == minimalEscapeAndQuote) /* quoting is allowed */
+                needsQuoting = PR_TRUE;        /* entirety will need quoting */
+        }
+        lastC = c;
+    }
+    /* if it begins or ends in optional space it needs quoting */
+    if (!needsQuoting && srclen > 0 && mode == minimalEscapeAndQuote &&
+        (OPTIONAL_SPACE(src[srclen - 1]) || OPTIONAL_SPACE(src[0]))) {
+        needsQuoting = PR_TRUE;
+    }
+
+    if (needsQuoting)
+        reqLen += 2;
+    if (pEQMode && mode == minimalEscapeAndQuote && !needsQuoting)
+        *pEQMode = minimalEscape;
+    return reqLen;
+}
+
+static const char hexChars[16] = { "0123456789abcdef" };
+
+static SECStatus
+escapeAndQuote(char* dst, int dstlen, char* src, int srclen, EQMode* pEQMode)
+{
+    int i, reqLen = 0;
+    EQMode mode = pEQMode ? *pEQMode : minimalEscape;
+
+    /* space for terminal null */
+    reqLen = cert_RFC1485_GetRequiredLen(src, srclen, &mode) + 1;
+    if (reqLen > dstlen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    if (mode == minimalEscapeAndQuote)
+        *dst++ = C_DOUBLE_QUOTE;
+    for (i = 0; i < srclen; i++) {
+        char c = src[i];
+        if (NEEDS_HEX_ESCAPE(c)) {
+            *dst++ = C_BACKSLASH;
+            *dst++ = hexChars[(c >> 4) & 0x0f];
+            *dst++ = hexChars[c & 0x0f];
+        } else {
+            if (NEEDS_ESCAPE(c) || (SPECIAL_CHAR(c) && mode == fullEscape)) {
+                *dst++ = C_BACKSLASH;
+            }
+            *dst++ = c;
+        }
+    }
+    if (mode == minimalEscapeAndQuote)
+        *dst++ = C_DOUBLE_QUOTE;
+    *dst++ = 0;
+    if (pEQMode)
+        *pEQMode = mode;
+    return SECSuccess;
+}
+
+SECStatus
+CERT_RFC1485_EscapeAndQuote(char* dst, int dstlen, char* src, int srclen)
+{
+    EQMode mode = minimalEscapeAndQuote;
+    return escapeAndQuote(dst, dstlen, src, srclen, &mode);
+}
+
+/* convert an OID to dotted-decimal representation */
+/* Returns a string that must be freed with PR_smprintf_free(), */
+char*
+CERT_GetOidString(const SECItem* oid)
+{
+    PRUint8* stop;  /* points to first byte after OID string */
+    PRUint8* first; /* byte of an OID component integer      */
+    PRUint8* last;  /* byte of an OID component integer      */
+    char* rvString = NULL;
+    char* prefix = NULL;
+
+#define MAX_OID_LEN 1024 /* bytes */
+
+    if (oid->len > MAX_OID_LEN) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return NULL;
+    }
+
+    /* first will point to the next sequence of bytes to decode */
+    first = (PRUint8*)oid->data;
+    /* stop points to one past the legitimate data */
+    stop = &first[oid->len];
+
+    /*
+   * Check for our pseudo-encoded single-digit OIDs
+   */
+    if ((*first == 0x80) && (2 == oid->len)) {
+        /* Funky encoding.  The second byte is the number */
+        rvString = PR_smprintf("%lu", (PRUint32)first[1]);
+        if (!rvString) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+        }
+        return rvString;
+    }
+
+    for (; first < stop; first = last + 1) {
+        unsigned int bytesBeforeLast;
+
+        for (last = first; last < stop; last++) {
+            if (0 == (*last & 0x80)) {
+                break;
+            }
+        }
+        bytesBeforeLast = (unsigned int)(last - first);
+        if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
+            PRUint32 n = 0;
+            PRUint32 c;
+
+#define CGET(i, m)    \
+    c = last[-i] & m; \
+    n |= c << (7 * i)
+
+#define CASE(i, m)  \
+    case i:         \
+        CGET(i, m); \
+        if (!n)     \
+        goto unsupported /* fall-through */
+
+            switch (bytesBeforeLast) {
+                CASE(3, 0x7f);
+                CASE(2, 0x7f);
+                CASE(1, 0x7f);
+                case 0:
+                    n |=
+                        last[0] & 0x7f;
+                    break;
+            }
+            if (last[0] & 0x80)
+                goto unsupported;
+
+            if (!rvString) {
+                /* This is the first number.. decompose it */
+                PRUint32 one = PR_MIN(n / 40, 2); /* never > 2 */
+                PRUint32 two = n - (one * 40);
+
+                rvString = PR_smprintf("OID.%lu.%lu", one, two);
+            } else {
+                prefix = rvString;
+                rvString = PR_smprintf("%s.%lu", prefix, n);
+            }
+        } else if (bytesBeforeLast <= 9U) { /* 29-64 bit number */
+            PRUint64 n = 0;
+            PRUint64 c;
+
+            switch (bytesBeforeLast) {
+                CASE(9, 0x01);
+                CASE(8, 0x7f);
+                CASE(7, 0x7f);
+                CASE(6, 0x7f);
+                CASE(5, 0x7f);
+                CASE(4, 0x7f);
+                CGET(3, 0x7f);
+                CGET(2, 0x7f);
+                CGET(1, 0x7f);
+                CGET(0, 0x7f);
+                break;
+            }
+            if (last[0] & 0x80)
+                goto unsupported;
+
+            if (!rvString) {
+                /* This is the first number.. decompose it */
+                PRUint64 one = PR_MIN(n / 40, 2); /* never > 2 */
+                PRUint64 two = n - (one * 40);
+
+                rvString = PR_smprintf("OID.%llu.%llu", one, two);
+            } else {
+                prefix = rvString;
+                rvString = PR_smprintf("%s.%llu", prefix, n);
+            }
+        } else {
+        /* More than a 64-bit number, or not minimal encoding. */
+        unsupported:
+            if (!rvString)
+                rvString = PR_smprintf("OID.UNSUPPORTED");
+            else {
+                prefix = rvString;
+                rvString = PR_smprintf("%s.UNSUPPORTED", prefix);
+            }
+        }
+
+        if (prefix) {
+            PR_smprintf_free(prefix);
+            prefix = NULL;
+        }
+        if (!rvString) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            break;
+        }
+    }
+    return rvString;
+}
+
+/* convert DER-encoded hex to a string */
+static SECItem*
+get_hex_string(SECItem* data)
+{
+    SECItem* rv;
+    unsigned int i, j;
+    static const char hex[] = { "0123456789ABCDEF" };
+
+    /* '#' + 2 chars per octet + terminator */
+    rv = SECITEM_AllocItem(NULL, NULL, data->len * 2 + 2);
+    if (!rv) {
+        return NULL;
+    }
+    rv->data[0] = '#';
+    rv->len = 1 + 2 * data->len;
+    for (i = 0; i < data->len; i++) {
+        j = data->data[i];
+        rv->data[2 * i + 1] = hex[j >> 4];
+        rv->data[2 * i + 2] = hex[j & 15];
+    }
+    rv->data[rv->len] = 0;
+    return rv;
+}
+
+/* For compliance with RFC 2253, RFC 3280 and RFC 4630, we choose to
+ * use the NAME=STRING form, rather than the OID.N.N=#hexXXXX form,
+ * when both of these conditions are met:
+ *  1) The attribute name OID (kind) has a known name string that is
+ *     defined in one of those RFCs, or in RFCs that they cite, AND
+ *  2) The attribute's value encoding is RFC compliant for the kind
+ *     (e.g., the value's encoding tag is correct for the kind, and
+ *     the value's length is in the range allowed for the kind, and
+ *     the value's contents are appropriate for the encoding tag).
+ *  Otherwise, we use the OID.N.N=#hexXXXX form.
+ *
+ *  If the caller prefers maximum human readability to RFC compliance,
+ *  then
+ *  - We print the kind in NAME= string form if we know the name
+ *    string for the attribute type OID, regardless of whether the
+ *    value is correctly encoded or not. else we use the OID.N.N= form.
+ *  - We use the non-hex STRING form for the attribute value if the
+ *    value can be represented in such a form.  Otherwise, we use
+ *    the hex string form.
+ *  This implies that, for maximum human readability, in addition to
+ *  the two forms allowed by the RFC, we allow two other forms of output:
+ *  - the OID.N.N=STRING form, and
+ *  - the NAME=#hexXXXX form
+ *  When the caller prefers maximum human readability, we do not allow
+ *  the value of any attribute to exceed the length allowed by the RFC.
+ *  If the attribute value exceeds the allowed length, we truncate it to
+ *  the allowed length and append "...".
+ *  Also in this case, we arbitrarily impose a limit on the length of the
+ *  entire AVA encoding, regardless of the form, of 384 bytes per AVA.
+ *  This limit includes the trailing NULL character.  If the encoded
+ *  AVA length exceeds that limit, this function reports failure to encode
+ *  the AVA.
+ *
+ *  An ASCII representation of an AVA is said to be "invertible" if
+ *  conversion back to DER reproduces the original DER encoding exactly.
+ *  The RFC 2253 rules do not ensure that all ASCII AVAs derived according
+ *  to its rules are invertible. That is because the RFCs allow some
+ *  attribute values to be encoded in any of a number of encodings,
+ *  and the encoding type information is lost in the non-hex STRING form.
+ *  This is particularly true of attributes of type DirectoryString.
+ *  The encoding type information is always preserved in the hex string
+ *  form, because the hex includes the entire DER encoding of the value.
+ *
+ *  So, when the caller perfers maximum invertibility, we apply the
+ *  RFC compliance rules stated above, and add a third required
+ *  condition on the use of the NAME=STRING form.
+ *   3) The attribute's kind is not is allowed to be encoded in any of
+ *      several different encodings, such as DirectoryStrings.
+ *
+ * The chief difference between CERT_N2A_STRICT and CERT_N2A_INVERTIBLE
+ * is that the latter forces DirectoryStrings to be hex encoded.
+ *
+ * As a simplification, we assume the value is correctly encoded for
+ * its encoding type.  That is, we do not test that all the characters
+ * in a string encoded type are allowed by that type.  We assume it.
+ */
+static SECStatus
+AppendAVA(stringBuf* bufp, CERTAVA* ava, CertStrictnessLevel strict)
+{
+#define TMPBUF_LEN 2048
+    const NameToKind* pn2k = name2kinds;
+    SECItem* avaValue = NULL;
+    char* unknownTag = NULL;
+    char* encodedAVA = NULL;
+    PRBool useHex = PR_FALSE; /* use =#hexXXXX form */
+    PRBool truncateName = PR_FALSE;
+    PRBool truncateValue = PR_FALSE;
+    SECOidTag endKind;
+    SECStatus rv;
+    unsigned int len;
+    unsigned int nameLen, valueLen;
+    unsigned int maxName, maxValue;
+    EQMode mode = minimalEscapeAndQuote;
+    NameToKind n2k = { NULL, 32767, SEC_OID_UNKNOWN, SEC_ASN1_DS };
+    char tmpBuf[TMPBUF_LEN];
+
+#define tagName n2k.name /* non-NULL means use NAME= form */
+#define maxBytes n2k.maxLen
+#define tag n2k.kind
+#define vt n2k.valueType
+
+    /* READABLE mode recognizes more names from the name2kinds table
+   * than do STRICT or INVERTIBLE modes.  This assignment chooses the
+   * point in the table where the attribute type name scanning stops.
+   */
+    endKind = (strict == CERT_N2A_READABLE) ? SEC_OID_UNKNOWN
+                                            : SEC_OID_AVA_POSTAL_ADDRESS;
+    tag = CERT_GetAVATag(ava);
+    while (pn2k->kind != tag && pn2k->kind != endKind) {
+        ++pn2k;
+    }
+
+    if (pn2k->kind != endKind) {
+        n2k = *pn2k;
+    } else if (strict != CERT_N2A_READABLE) {
+        useHex = PR_TRUE;
+    }
+    /* For invertable form, force Directory Strings to use hex form. */
+    if (strict == CERT_N2A_INVERTIBLE && vt == SEC_ASN1_DS) {
+        tagName = NULL;   /* must use OID.N form */
+        useHex = PR_TRUE; /* must use hex string */
+    }
+    if (!useHex) {
+        avaValue = CERT_DecodeAVAValue(&ava->value);
+        if (!avaValue) {
+            useHex = PR_TRUE;
+            if (strict != CERT_N2A_READABLE) {
+                tagName = NULL; /* must use OID.N form */
+            }
+        }
+    }
+    if (!tagName) {
+        /* handle unknown attribute types per RFC 2253 */
+        tagName = unknownTag = CERT_GetOidString(&ava->type);
+        if (!tagName) {
+            if (avaValue)
+                SECITEM_FreeItem(avaValue, PR_TRUE);
+            return SECFailure;
+        }
+    }
+    if (useHex) {
+        avaValue = get_hex_string(&ava->value);
+        if (!avaValue) {
+            if (unknownTag)
+                PR_smprintf_free(unknownTag);
+            return SECFailure;
+        }
+    }
+
+    nameLen = strlen(tagName);
+    valueLen =
+        (useHex ? avaValue->len : cert_RFC1485_GetRequiredLen(
+                                      (char*)avaValue->data, avaValue->len, &mode));
+    len = nameLen + valueLen + 2; /* Add 2 for '=' and trailing NUL */
+
+    maxName = nameLen;
+    maxValue = valueLen;
+    if (len <= sizeof(tmpBuf)) {
+        encodedAVA = tmpBuf;
+    } else if (strict != CERT_N2A_READABLE) {
+        encodedAVA = PORT_Alloc(len);
+        if (!encodedAVA) {
+            SECITEM_FreeItem(avaValue, PR_TRUE);
+            if (unknownTag)
+                PR_smprintf_free(unknownTag);
+            return SECFailure;
+        }
+    } else {
+        /* Must make output fit in tmpbuf */
+        unsigned int fair = (sizeof tmpBuf) / 2 - 1; /* for = and \0 */
+
+        if (nameLen < fair) {
+            /* just truncate the value */
+            maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0",
+                                                     and possibly '"' */
+        } else if (valueLen < fair) {
+            /* just truncate the name */
+            maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */
+        } else {
+            /* truncate both */
+            maxName = maxValue = fair - 3; /* for "..." */
+        }
+        if (nameLen > maxName) {
+            PORT_Assert(unknownTag && unknownTag == tagName);
+            truncateName = PR_TRUE;
+            nameLen = maxName;
+        }
+        encodedAVA = tmpBuf;
+    }
+
+    memcpy(encodedAVA, tagName, nameLen);
+    if (truncateName) {
+        /* If tag name is too long, we know it is an OID form that was
+     * allocated from the heap, so we can modify it in place
+     */
+        encodedAVA[nameLen - 1] = '.';
+        encodedAVA[nameLen - 2] = '.';
+        encodedAVA[nameLen - 3] = '.';
+    }
+    encodedAVA[nameLen++] = '=';
+    if (unknownTag)
+        PR_smprintf_free(unknownTag);
+
+    if (strict == CERT_N2A_READABLE && maxValue > maxBytes)
+        maxValue = maxBytes;
+    if (valueLen > maxValue) {
+        valueLen = maxValue;
+        truncateValue = PR_TRUE;
+    }
+    /* escape and quote as necessary - don't quote hex strings */
+    if (useHex) {
+        char* end = encodedAVA + nameLen + valueLen;
+        memcpy(encodedAVA + nameLen, (char*)avaValue->data, valueLen);
+        end[0] = '\0';
+        if (truncateValue) {
+            end[-1] = '.';
+            end[-2] = '.';
+            end[-3] = '.';
+        }
+        rv = SECSuccess;
+    } else if (!truncateValue) {
+        rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen,
+                            (char*)avaValue->data, avaValue->len, &mode);
+    } else {
+        /* must truncate the escaped and quoted value */
+        char bigTmpBuf[TMPBUF_LEN * 3 + 3];
+        PORT_Assert(valueLen < sizeof tmpBuf);
+        rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf, (char*)avaValue->data,
+                            PR_MIN(avaValue->len, valueLen), &mode);
+
+        bigTmpBuf[valueLen--] = '\0'; /* hard stop here */
+        /* See if we're in the middle of a multi-byte UTF8 character */
+        while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) {
+            bigTmpBuf[valueLen--] = '\0';
+        }
+        /* add ellipsis to signify truncation. */
+        bigTmpBuf[++valueLen] = '.';
+        bigTmpBuf[++valueLen] = '.';
+        bigTmpBuf[++valueLen] = '.';
+        if (bigTmpBuf[0] == '"')
+            bigTmpBuf[++valueLen] = '"';
+        bigTmpBuf[++valueLen] = '\0';
+        PORT_Assert(nameLen + valueLen <= (sizeof tmpBuf) - 1);
+        memcpy(encodedAVA + nameLen, bigTmpBuf, valueLen + 1);
+    }
+
+    SECITEM_FreeItem(avaValue, PR_TRUE);
+    if (rv == SECSuccess)
+        rv = AppendStr(bufp, encodedAVA);
+    if (encodedAVA != tmpBuf)
+        PORT_Free(encodedAVA);
+    return rv;
+}
+
+#undef tagName
+#undef maxBytes
+#undef tag
+#undef vt
+
+char*
+CERT_NameToAsciiInvertible(CERTName* name, CertStrictnessLevel strict)
+{
+    CERTRDN** rdns;
+    CERTRDN** lastRdn;
+    CERTRDN** rdn;
+    PRBool first = PR_TRUE;
+    stringBuf strBuf = { NULL, 0, 0 };
+
+    rdns = name->rdns;
+    if (rdns == NULL) {
+        return NULL;
+    }
+
+    /* find last RDN */
+    lastRdn = rdns;
+    while (*lastRdn)
+        lastRdn++;
+    lastRdn--;
+
+    /*
+   * Loop over name contents in _reverse_ RDN order appending to string
+   */
+    for (rdn = lastRdn; rdn >= rdns; rdn--) {
+        CERTAVA** avas = (*rdn)->avas;
+        CERTAVA* ava;
+        PRBool newRDN = PR_TRUE;
+
+        /*
+     * XXX Do we need to traverse the AVAs in reverse order, too?
+     */
+        while (avas && (ava = *avas++) != NULL) {
+            SECStatus rv;
+            /* Put in comma or plus separator */
+            if (!first) {
+                /* Use of spaces is deprecated in RFC 2253. */
+                rv = AppendStr(&strBuf, newRDN ? "," : "+");
+                if (rv)
+                    goto loser;
+            } else {
+                first = PR_FALSE;
+            }
+
+            /* Add in tag type plus value into strBuf */
+            rv = AppendAVA(&strBuf, ava, strict);
+            if (rv)
+                goto loser;
+            newRDN = PR_FALSE;
+        }
+    }
+    return strBuf.buffer;
+loser:
+    if (strBuf.buffer) {
+        PORT_Free(strBuf.buffer);
+    }
+    return NULL;
+}
+
+char*
+CERT_NameToAscii(CERTName* name)
+{
+    return CERT_NameToAsciiInvertible(name, CERT_N2A_READABLE);
+}
+
+/*
+ * Return the string representation of a DER encoded distinguished name
+ * "dername" - The DER encoded name to convert
+ */
+char*
+CERT_DerNameToAscii(SECItem* dername)
+{
+    int rv;
+    PLArenaPool* arena = NULL;
+    CERTName name;
+    char* retstr = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, &name, CERT_NameTemplate, dername);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    retstr = CERT_NameToAscii(&name);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (retstr);
+}
+
+static char*
+avaToString(PLArenaPool* arena, CERTAVA* ava)
+{
+    char* buf = NULL;
+    SECItem* avaValue;
+    int valueLen;
+
+    avaValue = CERT_DecodeAVAValue(&ava->value);
+    if (!avaValue) {
+        return buf;
+    }
+    valueLen =
+        cert_RFC1485_GetRequiredLen((char*)avaValue->data, avaValue->len, NULL) + 1;
+    if (arena) {
+        buf = (char*)PORT_ArenaZAlloc(arena, valueLen);
+    } else {
+        buf = (char*)PORT_ZAlloc(valueLen);
+    }
+    if (buf) {
+        SECStatus rv =
+            escapeAndQuote(buf, valueLen, (char*)avaValue->data, avaValue->len, NULL);
+        if (rv != SECSuccess) {
+            if (!arena)
+                PORT_Free(buf);
+            buf = NULL;
+        }
+    }
+    SECITEM_FreeItem(avaValue, PR_TRUE);
+    return buf;
+}
+
+/* RDNs are sorted from most general to most specific.
+ * This code returns the FIRST one found, the most general one found.
+ */
+static char*
+CERT_GetNameElement(PLArenaPool* arena, const CERTName* name, int wantedTag)
+{
+    CERTRDN** rdns = name->rdns;
+    CERTRDN* rdn;
+    CERTAVA* ava = NULL;
+
+    while (rdns && (rdn = *rdns++) != 0) {
+        CERTAVA** avas = rdn->avas;
+        while (avas && (ava = *avas++) != 0) {
+            int tag = CERT_GetAVATag(ava);
+            if (tag == wantedTag) {
+                avas = NULL;
+                rdns = NULL; /* break out of all loops */
+            }
+        }
+    }
+    return ava ? avaToString(arena, ava) : NULL;
+}
+
+/* RDNs are sorted from most general to most specific.
+ * This code returns the LAST one found, the most specific one found.
+ * This is particularly appropriate for Common Name.  See RFC 2818.
+ */
+static char*
+CERT_GetLastNameElement(PLArenaPool* arena, const CERTName* name, int wantedTag)
+{
+    CERTRDN** rdns = name->rdns;
+    CERTRDN* rdn;
+    CERTAVA* lastAva = NULL;
+
+    while (rdns && (rdn = *rdns++) != 0) {
+        CERTAVA** avas = rdn->avas;
+        CERTAVA* ava;
+        while (avas && (ava = *avas++) != 0) {
+            int tag = CERT_GetAVATag(ava);
+            if (tag == wantedTag) {
+                lastAva = ava;
+            }
+        }
+    }
+    return lastAva ? avaToString(arena, lastAva) : NULL;
+}
+
+char*
+CERT_GetCertificateEmailAddress(CERTCertificate* cert)
+{
+    char* rawEmailAddr = NULL;
+    SECItem subAltName;
+    SECStatus rv;
+    CERTGeneralName* nameList = NULL;
+    CERTGeneralName* current;
+    PLArenaPool* arena = NULL;
+    int i;
+
+    subAltName.data = NULL;
+
+    rawEmailAddr = CERT_GetNameElement(cert->arena, &(cert->subject),
+                                       SEC_OID_PKCS9_EMAIL_ADDRESS);
+    if (rawEmailAddr == NULL) {
+        rawEmailAddr =
+            CERT_GetNameElement(cert->arena, &(cert->subject), SEC_OID_RFC1274_MAIL);
+    }
+    if (rawEmailAddr == NULL) {
+
+        rv =
+            CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, &subAltName);
+        if (rv != SECSuccess) {
+            goto finish;
+        }
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            goto finish;
+        }
+        nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
+        if (!nameList) {
+            goto finish;
+        }
+        if (nameList != NULL) {
+            do {
+                if (current->type == certDirectoryName) {
+                    rawEmailAddr =
+                        CERT_GetNameElement(cert->arena, &(current->name.directoryName),
+                                            SEC_OID_PKCS9_EMAIL_ADDRESS);
+                    if (rawEmailAddr ==
+                        NULL) {
+                        rawEmailAddr =
+                            CERT_GetNameElement(cert->arena, &(current->name.directoryName),
+                                                SEC_OID_RFC1274_MAIL);
+                    }
+                } else if (current->type == certRFC822Name) {
+                    rawEmailAddr =
+                        (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
+                                                                 1);
+                    if (!rawEmailAddr) {
+                        goto finish;
+                    }
+                    PORT_Memcpy(rawEmailAddr, current->name.other.data,
+                                current->name.other.len);
+                    rawEmailAddr[current->name.other.len] =
+                        '\0';
+                }
+                if (rawEmailAddr) {
+                    break;
+                }
+                current = CERT_GetNextGeneralName(current);
+            } while (current != nameList);
+        }
+    }
+    if (rawEmailAddr) {
+        for (i = 0; i <= (int)PORT_Strlen(rawEmailAddr); i++) {
+            rawEmailAddr[i] = tolower(rawEmailAddr[i]);
+        }
+    }
+
+finish:
+
+    /* Don't free nameList, it's part of the arena. */
+
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    if (subAltName.data) {
+        SECITEM_FreeItem(&subAltName, PR_FALSE);
+    }
+
+    return (rawEmailAddr);
+}
+
+static char*
+appendStringToBuf(char* dest, char* src, PRUint32* pRemaining)
+{
+    PRUint32 len;
+    if (dest && src && src[0] && *pRemaining > (len = PL_strlen(src))) {
+        PRUint32 i;
+        for (i = 0; i < len; ++i)
+            dest[i] = tolower(src[i]);
+        dest[len] = 0;
+        dest += len + 1;
+        *pRemaining -= len + 1;
+    }
+    return dest;
+}
+
+#undef NEEDS_HEX_ESCAPE
+#define NEEDS_HEX_ESCAPE(c) (c < 0x20)
+
+static char*
+appendItemToBuf(char* dest, SECItem* src, PRUint32* pRemaining)
+{
+    if (dest && src && src->data && src->len && src->data[0]) {
+        PRUint32 len = src->len;
+        PRUint32 i;
+        PRUint32 reqLen = len + 1;
+        /* are there any embedded control characters ? */
+        for (i = 0; i < len; i++) {
+            if (NEEDS_HEX_ESCAPE(src->data[i]))
+                reqLen += 2;
+        }
+        if (*pRemaining > reqLen) {
+            for (i = 0; i < len; ++i) {
+                PRUint8 c = src->data[i];
+                if (NEEDS_HEX_ESCAPE(c)) {
+                    *dest++ =
+                        C_BACKSLASH;
+                    *dest++ =
+                        hexChars[(c >> 4) & 0x0f];
+                    *dest++ =
+                        hexChars[c & 0x0f];
+                } else {
+                    *dest++ =
+                        tolower(c);
+                }
+            }
+            *dest++ = '\0';
+            *pRemaining -= reqLen;
+        }
+    }
+    return dest;
+}
+
+/* Returns a pointer to an environment-like string, a series of
+** null-terminated strings, terminated by a zero-length string.
+** This function is intended to be internal to NSS.
+*/
+char*
+cert_GetCertificateEmailAddresses(CERTCertificate* cert)
+{
+    char* rawEmailAddr = NULL;
+    char* addrBuf = NULL;
+    char* pBuf = NULL;
+    PORTCheapArenaPool tmpArena;
+    PRUint32 maxLen = 0;
+    PRInt32 finalLen = 0;
+    SECStatus rv;
+    SECItem subAltName;
+
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+
+    subAltName.data = NULL;
+    maxLen = cert->derCert.len;
+    PORT_Assert(maxLen);
+    if (!maxLen)
+        maxLen = 2000; /* a guess, should never happen */
+
+    pBuf = addrBuf = (char*)PORT_ArenaZAlloc(&tmpArena.arena, maxLen + 1);
+    if (!addrBuf)
+        goto loser;
+
+    rawEmailAddr = CERT_GetNameElement(&tmpArena.arena, &cert->subject,
+                                       SEC_OID_PKCS9_EMAIL_ADDRESS);
+    pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
+
+    rawEmailAddr = CERT_GetNameElement(&tmpArena.arena, &cert->subject,
+                                       SEC_OID_RFC1274_MAIL);
+    pBuf = appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME, &subAltName);
+    if (rv == SECSuccess && subAltName.data) {
+        CERTGeneralName* nameList = NULL;
+
+        if (!!(nameList = CERT_DecodeAltNameExtension(&tmpArena.arena, &subAltName))) {
+            CERTGeneralName* current = nameList;
+            do {
+                if (current->type == certDirectoryName) {
+                    rawEmailAddr =
+                        CERT_GetNameElement(&tmpArena.arena,
+                                            &current->name.directoryName,
+                                            SEC_OID_PKCS9_EMAIL_ADDRESS);
+                    pBuf =
+                        appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
+
+                    rawEmailAddr =
+                        CERT_GetNameElement(&tmpArena.arena,
+                                            &current->name.directoryName,
+                                            SEC_OID_RFC1274_MAIL);
+                    pBuf =
+                        appendStringToBuf(pBuf, rawEmailAddr, &maxLen);
+                } else if (current->type == certRFC822Name) {
+                    pBuf =
+                        appendItemToBuf(pBuf, &current->name.other, &maxLen);
+                }
+                current = CERT_GetNextGeneralName(current);
+            } while (current != nameList);
+        }
+        SECITEM_FreeItem(&subAltName, PR_FALSE);
+        /* Don't free nameList, it's part of the tmpArena. */
+    }
+    /* now copy superstring to cert's arena */
+    finalLen = (pBuf - addrBuf) + 1;
+    pBuf = NULL;
+    if (finalLen > 1) {
+        pBuf = PORT_ArenaAlloc(cert->arena, finalLen);
+        if (pBuf) {
+            PORT_Memcpy(pBuf, addrBuf, finalLen);
+        }
+    }
+loser:
+    PORT_DestroyCheapArena(&tmpArena);
+
+    return pBuf;
+}
+
+/* returns pointer to storage in cert's arena.  Storage remains valid
+** as long as cert's reference count doesn't go to zero.
+** Caller should strdup or otherwise copy.
+*/
+const char* /* const so caller won't muck with it. */
+    CERT_GetFirstEmailAddress(CERTCertificate* cert)
+{
+    if (cert && cert->emailAddr && cert->emailAddr[0])
+        return (const char*)cert->emailAddr;
+    return NULL;
+}
+
+/* returns pointer to storage in cert's arena.  Storage remains valid
+** as long as cert's reference count doesn't go to zero.
+** Caller should strdup or otherwise copy.
+*/
+const char* /* const so caller won't muck with it. */
+    CERT_GetNextEmailAddress(CERTCertificate* cert, const char* prev)
+{
+    if (cert && prev && prev[0]) {
+        PRUint32 len = PL_strlen(prev);
+        prev += len + 1;
+        if (prev && prev[0])
+            return prev;
+    }
+    return NULL;
+}
+
+/* This is seriously bogus, now that certs store their email addresses in
+** subject Alternative Name extensions.
+** Returns a string allocated by PORT_StrDup, which the caller must free.
+*/
+char*
+CERT_GetCertEmailAddress(const CERTName* name)
+{
+    char* rawEmailAddr;
+    char* emailAddr;
+
+    rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_PKCS9_EMAIL_ADDRESS);
+    if (rawEmailAddr == NULL) {
+        rawEmailAddr = CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_MAIL);
+    }
+    emailAddr = CERT_FixupEmailAddr(rawEmailAddr);
+    if (rawEmailAddr) {
+        PORT_Free(rawEmailAddr);
+    }
+    return (emailAddr);
+}
+
+/* The return value must be freed with PORT_Free. */
+char*
+CERT_GetCommonName(const CERTName* name)
+{
+    return (CERT_GetLastNameElement(NULL, name, SEC_OID_AVA_COMMON_NAME));
+}
+
+char*
+CERT_GetCountryName(const CERTName* name)
+{
+    return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_COUNTRY_NAME));
+}
+
+char*
+CERT_GetLocalityName(const CERTName* name)
+{
+    return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_LOCALITY));
+}
+
+char*
+CERT_GetStateName(const CERTName* name)
+{
+    return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_STATE_OR_PROVINCE));
+}
+
+char*
+CERT_GetOrgName(const CERTName* name)
+{
+    return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATION_NAME));
+}
+
+char*
+CERT_GetDomainComponentName(const CERTName* name)
+{
+    return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_DC));
+}
+
+char*
+CERT_GetOrgUnitName(const CERTName* name)
+{
+    return (
+        CERT_GetNameElement(NULL, name, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME));
+}
+
+char*
+CERT_GetDnQualifier(const CERTName* name)
+{
+    return (CERT_GetNameElement(NULL, name, SEC_OID_AVA_DN_QUALIFIER));
+}
+
+char*
+CERT_GetCertUid(const CERTName* name)
+{
+    return (CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_UID));
+}
diff --git a/nss/lib/certdb/cert.h b/nss/lib/certdb/cert.h
new file mode 100644
index 0000000..e0af65a
--- /dev/null
+++ b/nss/lib/certdb/cert.h
@@ -0,0 +1,1584 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * cert.h - public data structures and prototypes for the certificate library
+ */
+
+#ifndef _CERT_H_
+#define _CERT_H_
+
+#include "utilrename.h"
+#include "plarena.h"
+#include "plhash.h"
+#include "prlong.h"
+#include "prlog.h"
+
+#include "seccomon.h"
+#include "secdert.h"
+#include "secoidt.h"
+#include "keyt.h"
+#include "certt.h"
+
+SEC_BEGIN_PROTOS
+
+/****************************************************************************
+ *
+ * RFC1485 ascii to/from X.? RelativeDistinguishedName (aka CERTName)
+ *
+ ****************************************************************************/
+
+/*
+** Convert an ascii RFC1485 encoded name into its CERTName equivalent.
+*/
+extern CERTName *CERT_AsciiToName(const char *string);
+
+/*
+** Convert an CERTName into its RFC1485 encoded equivalent.
+** Returns a string that must be freed with PORT_Free().
+** This version produces a string for maximum human readability,
+** not for strict RFC compliance.
+*/
+extern char *CERT_NameToAscii(CERTName *name);
+
+/*
+** Convert an CERTName into its RFC1485 encoded equivalent.
+** Returns a string that must be freed with PORT_Free().
+** Caller chooses encoding rules.
+*/
+extern char *CERT_NameToAsciiInvertible(CERTName *name,
+                                        CertStrictnessLevel strict);
+
+extern CERTAVA *CERT_CopyAVA(PLArenaPool *arena, CERTAVA *src);
+
+/* convert an OID to dotted-decimal representation */
+/* Returns a string that must be freed with PR_smprintf_free(). */
+extern char *CERT_GetOidString(const SECItem *oid);
+
+/*
+** Examine an AVA and return the tag that refers to it. The AVA tags are
+** defined as SEC_OID_AVA*.
+*/
+extern SECOidTag CERT_GetAVATag(CERTAVA *ava);
+
+/*
+** Compare two AVA's, returning the difference between them.
+*/
+extern SECComparison CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b);
+
+/*
+** Create an RDN (relative-distinguished-name). The argument list is a
+** NULL terminated list of AVA's.
+*/
+extern CERTRDN *CERT_CreateRDN(PLArenaPool *arena, CERTAVA *avas, ...);
+
+/*
+** Make a copy of "src" storing it in "dest".
+*/
+extern SECStatus CERT_CopyRDN(PLArenaPool *arena, CERTRDN *dest, CERTRDN *src);
+
+/*
+** Add an AVA to an RDN.
+**	"rdn" the RDN to add to
+**	"ava" the AVA to add
+*/
+extern SECStatus CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava);
+
+/*
+** Compare two RDN's, returning the difference between them.
+*/
+extern SECComparison CERT_CompareRDN(const CERTRDN *a, const CERTRDN *b);
+
+/*
+** Create an X.500 style name using a NULL terminated list of RDN's.
+*/
+extern CERTName *CERT_CreateName(CERTRDN *rdn, ...);
+
+/*
+** Make a copy of "src" storing it in "dest". Memory is allocated in
+** "dest" for each of the appropriate sub objects. Memory is not freed in
+** "dest" before allocation is done (use CERT_DestroyName(dest, PR_FALSE) to
+** do that).
+*/
+extern SECStatus CERT_CopyName(PLArenaPool *arena, CERTName *dest,
+                               const CERTName *src);
+
+/*
+** Destroy a Name object.
+**	"name" the CERTName to destroy
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void CERT_DestroyName(CERTName *name);
+
+/*
+** Add an RDN to a name.
+**	"name" the name to add the RDN to
+**	"rdn" the RDN to add to name
+*/
+extern SECStatus CERT_AddRDN(CERTName *name, CERTRDN *rdn);
+
+/*
+** Compare two names, returning the difference between them.
+*/
+extern SECComparison CERT_CompareName(const CERTName *a, const CERTName *b);
+
+/*
+** Convert a CERTName into something readable
+*/
+extern char *CERT_FormatName(CERTName *name);
+
+/*
+** Convert a der-encoded integer to a hex printable string form.
+** Perhaps this should be a SEC function but it's only used for certs.
+*/
+extern char *CERT_Hexify(SECItem *i, int do_colon);
+
+/*
+** Converts DER string (with explicit length) into zString, if destination
+** buffer is big enough to receive it.  Does quoting and/or escaping as
+** specified in RFC 1485.  Input string must be single or multi-byte DER
+** character set, (ASCII, UTF8, or ISO 8851-x) not a wide character set.
+** Returns SECSuccess or SECFailure with error code set. If output buffer
+** is too small, sets error code SEC_ERROR_OUTPUT_LEN.
+*/
+extern SECStatus CERT_RFC1485_EscapeAndQuote(char *dst, int dstlen, char *src,
+                                             int srclen);
+
+/******************************************************************************
+ *
+ * Certificate handling operations
+ *
+ *****************************************************************************/
+
+/*
+** Create a new validity object given two unix time values.
+**	"notBefore" the time before which the validity is not valid
+**	"notAfter" the time after which the validity is not valid
+*/
+extern CERTValidity *CERT_CreateValidity(PRTime notBefore, PRTime notAfter);
+
+/*
+** Destroy a validity object.
+**	"v" the validity to destroy
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void CERT_DestroyValidity(CERTValidity *v);
+
+/*
+** Copy the "src" object to "dest". Memory is allocated in "dest" for
+** each of the appropriate sub-objects. Memory in "dest" is not freed
+** before memory is allocated (use CERT_DestroyValidity(v, PR_FALSE) to do
+** that).
+*/
+extern SECStatus CERT_CopyValidity(PLArenaPool *arena, CERTValidity *dest,
+                                   CERTValidity *src);
+
+/*
+** The cert lib considers a cert or CRL valid if the "notBefore" time is
+** in the not-too-distant future, e.g. within the next 24 hours. This
+** prevents freshly issued certificates from being considered invalid
+** because the local system's time zone is incorrectly set.
+** The amount of "pending slop time" is adjustable by the application.
+** Units of SlopTime are seconds.  Default is 86400  (24 hours).
+** Negative SlopTime values are not allowed.
+*/
+PRInt32 CERT_GetSlopTime(void);
+
+SECStatus CERT_SetSlopTime(PRInt32 slop);
+
+/*
+** Create a new certificate object. The result must be wrapped with an
+** CERTSignedData to create a signed certificate.
+**	"serialNumber" the serial number
+**	"issuer" the name of the certificate issuer
+**	"validity" the validity period of the certificate
+**	"req" the certificate request that prompted the certificate issuance
+*/
+extern CERTCertificate *CERT_CreateCertificate(unsigned long serialNumber,
+                                               CERTName *issuer,
+                                               CERTValidity *validity,
+                                               CERTCertificateRequest *req);
+
+/*
+** Destroy a certificate object
+**	"cert" the certificate to destroy
+** NOTE: certificate's are reference counted. This call decrements the
+** reference count, and if the result is zero, then the object is destroyed
+** and optionally freed.
+*/
+extern void CERT_DestroyCertificate(CERTCertificate *cert);
+
+/*
+** Make a shallow copy of a certificate "c". Just increments the
+** reference count on "c".
+*/
+extern CERTCertificate *CERT_DupCertificate(CERTCertificate *c);
+
+/*
+** Create a new certificate request. This result must be wrapped with an
+** CERTSignedData to create a signed certificate request.
+**	"name" the subject name (who the certificate request is from)
+**	"spki" describes/defines the public key the certificate is for
+**	"attributes" if non-zero, some optional attribute data
+*/
+extern CERTCertificateRequest *CERT_CreateCertificateRequest(
+    CERTName *name, CERTSubjectPublicKeyInfo *spki, SECItem **attributes);
+
+/*
+** Destroy a certificate-request object
+**	"r" the certificate-request to destroy
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void CERT_DestroyCertificateRequest(CERTCertificateRequest *r);
+
+/*
+** Start adding extensions to a certificate request.
+*/
+void *CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req);
+
+/*
+** Reformat the certificate extension list into a CertificateRequest
+** attribute list.
+*/
+SECStatus CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req);
+
+/*
+** Extract the Extension Requests from a DER CertRequest attribute list.
+*/
+SECStatus CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
+                                               CERTCertExtension ***exts);
+
+/*
+** Extract a public key object from a certificate
+*/
+extern SECKEYPublicKey *CERT_ExtractPublicKey(CERTCertificate *cert);
+
+/*
+** Retrieve the Key Type associated with the cert we're dealing with
+*/
+
+extern KeyType CERT_GetCertKeyType(const CERTSubjectPublicKeyInfo *spki);
+
+/*
+** Initialize the certificate database.  This is called to create
+**  the initial list of certificates in the database.
+*/
+extern SECStatus CERT_InitCertDB(CERTCertDBHandle *handle);
+
+extern int CERT_GetDBContentVersion(CERTCertDBHandle *handle);
+
+/*
+** Default certificate database routines
+*/
+extern void CERT_SetDefaultCertDB(CERTCertDBHandle *handle);
+
+extern CERTCertDBHandle *CERT_GetDefaultCertDB(void);
+
+extern CERTCertList *CERT_GetCertChainFromCert(CERTCertificate *cert,
+                                               PRTime time, SECCertUsage usage);
+extern CERTCertificate *CERT_NewTempCertificate(CERTCertDBHandle *handle,
+                                                SECItem *derCert,
+                                                char *nickname, PRBool isperm,
+                                                PRBool copyDER);
+
+/******************************************************************************
+ *
+ * X.500 Name handling operations
+ *
+ *****************************************************************************/
+
+/*
+** Create an AVA (attribute-value-assertion)
+**	"arena" the memory arena to alloc from
+**	"kind" is one of SEC_OID_AVA_*
+**	"valueType" is one of DER_PRINTABLE_STRING, DER_IA5_STRING, or
+**	   DER_T61_STRING
+**	"value" is the null terminated string containing the value
+*/
+extern CERTAVA *CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind,
+                               int valueType, char *value);
+
+/*
+** Extract the Distinguished Name from a DER encoded certificate
+**	"derCert" is the DER encoded certificate
+**	"derName" is the SECItem that the name is returned in
+*/
+extern SECStatus CERT_NameFromDERCert(SECItem *derCert, SECItem *derName);
+
+/*
+** Extract the Issuers Distinguished Name from a DER encoded certificate
+**	"derCert" is the DER encoded certificate
+**	"derName" is the SECItem that the name is returned in
+*/
+extern SECStatus CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName);
+
+extern SECItem *CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
+                                       PLArenaPool *arena);
+
+extern CERTGeneralName *CERT_DecodeGeneralName(PLArenaPool *reqArena,
+                                               SECItem *encodedName,
+                                               CERTGeneralName *genName);
+
+/*
+** Generate a database search key for a certificate, based on the
+** issuer and serial number.
+**	"arena" the memory arena to alloc from
+**	"derCert" the DER encoded certificate
+**	"key" the returned key
+*/
+extern SECStatus CERT_KeyFromDERCert(PLArenaPool *reqArena, SECItem *derCert,
+                                     SECItem *key);
+
+extern SECStatus CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer,
+                                         SECItem *sn, SECItem *key);
+
+extern SECStatus CERT_SerialNumberFromDERCert(SECItem *derCert,
+                                              SECItem *derName);
+
+/*
+** Generate a database search key for a crl, based on the
+** issuer.
+**	"arena" the memory arena to alloc from
+**	"derCrl" the DER encoded crl
+**	"key" the returned key
+*/
+extern SECStatus CERT_KeyFromDERCrl(PLArenaPool *arena, SECItem *derCrl,
+                                    SECItem *key);
+
+/*
+** Open the certificate database.  Use callback to get name of database.
+*/
+extern SECStatus CERT_OpenCertDB(CERTCertDBHandle *handle, PRBool readOnly,
+                                 CERTDBNameFunc namecb, void *cbarg);
+
+/* Open the certificate database.  Use given filename for database. */
+extern SECStatus CERT_OpenCertDBFilename(CERTCertDBHandle *handle,
+                                         char *certdbname, PRBool readOnly);
+
+/*
+** Open and initialize a cert database that is entirely in memory.  This
+** can be used when the permanent database can not be opened or created.
+*/
+extern SECStatus CERT_OpenVolatileCertDB(CERTCertDBHandle *handle);
+
+/*
+** Extract the list of host names, host name patters, IP address strings
+** this cert is valid for.
+** This function does NOT return nicknames.
+** Type CERTCertNicknames is being used because it's a convenient
+** data structure to carry a list of strings and its count.
+*/
+extern CERTCertNicknames *CERT_GetValidDNSPatternsFromCert(
+    CERTCertificate *cert);
+
+/*
+** Check the hostname to make sure that it matches the shexp that
+** is given in the common name of the certificate.
+*/
+extern SECStatus CERT_VerifyCertName(const CERTCertificate *cert,
+                                     const char *hostname);
+
+/*
+** Add a domain name to the list of names that the user has explicitly
+** allowed (despite cert name mismatches) for use with a server cert.
+*/
+extern SECStatus CERT_AddOKDomainName(CERTCertificate *cert,
+                                      const char *hostname);
+
+/*
+** Decode a DER encoded certificate into an CERTCertificate structure
+**	"derSignedCert" is the DER encoded signed certificate
+**	"copyDER" is true if the DER should be copied, false if the
+**		existing copy should be referenced
+**	"nickname" is the nickname to use in the database.  If it is NULL
+**		then a temporary nickname is generated.
+*/
+extern CERTCertificate *CERT_DecodeDERCertificate(SECItem *derSignedCert,
+                                                  PRBool copyDER,
+                                                  char *nickname);
+/*
+** Decode a DER encoded CRL into a CERTSignedCrl structure
+**	"derSignedCrl" is the DER encoded signed CRL.
+**	"type" must be SEC_CRL_TYPE.
+*/
+#define SEC_CRL_TYPE 1
+#define SEC_KRL_TYPE 0 /* deprecated */
+
+extern CERTSignedCrl *CERT_DecodeDERCrl(PLArenaPool *arena,
+                                        SECItem *derSignedCrl, int type);
+
+/*
+ * same as CERT_DecodeDERCrl, plus allow options to be passed in
+ */
+
+extern CERTSignedCrl *CERT_DecodeDERCrlWithFlags(PLArenaPool *narena,
+                                                 SECItem *derSignedCrl,
+                                                 int type, PRInt32 options);
+
+/* CRL options to pass */
+
+#define CRL_DECODE_DEFAULT_OPTIONS 0x00000000
+
+/* when CRL_DECODE_DONT_COPY_DER is set, the DER is not copied . The
+   application must then keep derSignedCrl until it destroys the
+   CRL . Ideally, it should allocate derSignedCrl in an arena
+   and pass that arena in as the first argument to
+   CERT_DecodeDERCrlWithFlags */
+
+#define CRL_DECODE_DONT_COPY_DER 0x00000001
+#define CRL_DECODE_SKIP_ENTRIES 0x00000002
+#define CRL_DECODE_KEEP_BAD_CRL 0x00000004
+#define CRL_DECODE_ADOPT_HEAP_DER 0x00000008
+
+/* complete the decoding of a partially decoded CRL, ie. decode the
+   entries. Note that entries is an optional field in a CRL, so the
+   "entries" pointer in CERTCrlStr may still be NULL even after
+   function returns SECSuccess */
+
+extern SECStatus CERT_CompleteCRLDecodeEntries(CERTSignedCrl *crl);
+
+/* Validate CRL then import it to the dbase.  If there is already a CRL with the
+ * same CA in the dbase, it will be replaced if derCRL is more up to date.
+ * If the process successes, a CRL will be returned.  Otherwise, a NULL will
+ * be returned. The caller should call PORT_GetError() for the exactly error
+ * code.
+ */
+extern CERTSignedCrl *CERT_ImportCRL(CERTCertDBHandle *handle, SECItem *derCRL,
+                                     char *url, int type, void *wincx);
+
+extern void CERT_DestroyCrl(CERTSignedCrl *crl);
+
+/* this is a hint to flush the CRL cache. crlKey is the DER subject of
+   the issuer (CA). */
+void CERT_CRLCacheRefreshIssuer(CERTCertDBHandle *dbhandle, SECItem *crlKey);
+
+/* add the specified DER CRL object to the CRL cache. Doing so will allow
+   certificate verification functions (such as CERT_VerifyCertificate)
+   to automatically find and make use of this CRL object.
+   Once a CRL is added to the CRL cache, the application must hold on to
+   the object's memory, because the cache will reference it directly. The
+   application can only free the object after it calls CERT_UncacheCRL to
+   remove it from the CRL cache.
+*/
+SECStatus CERT_CacheCRL(CERTCertDBHandle *dbhandle, SECItem *newcrl);
+
+/* remove a previously added CRL object from the CRL cache. It is OK
+   for the application to free the memory after a successful removal
+*/
+SECStatus CERT_UncacheCRL(CERTCertDBHandle *dbhandle, SECItem *oldcrl);
+
+/*
+** Find a certificate in the database
+**	"key" is the database key to look for
+*/
+extern CERTCertificate *CERT_FindCertByKey(CERTCertDBHandle *handle,
+                                           SECItem *key);
+
+/*
+** Find a certificate in the database by name
+**	"name" is the distinguished name to look up
+*/
+extern CERTCertificate *CERT_FindCertByName(CERTCertDBHandle *handle,
+                                            SECItem *name);
+
+/*
+** Find a certificate in the database by name
+**	"name" is the distinguished name to look up (in ascii)
+*/
+extern CERTCertificate *CERT_FindCertByNameString(CERTCertDBHandle *handle,
+                                                  char *name);
+
+/*
+** Find a certificate in the database by name and keyid
+**	"name" is the distinguished name to look up
+**	"keyID" is the value of the subjectKeyID to match
+*/
+extern CERTCertificate *CERT_FindCertByKeyID(CERTCertDBHandle *handle,
+                                             SECItem *name, SECItem *keyID);
+
+/*
+** Generate a certificate key from the issuer and serialnumber, then look it
+** up in the database.  Return the cert if found.
+**	"issuerAndSN" is the issuer and serial number to look for
+*/
+extern CERTCertificate *CERT_FindCertByIssuerAndSN(
+    CERTCertDBHandle *handle, CERTIssuerAndSN *issuerAndSN);
+
+/*
+** Find a certificate in the database by a subject key ID
+**	"subjKeyID" is the subject Key ID to look for
+*/
+extern CERTCertificate *CERT_FindCertBySubjectKeyID(CERTCertDBHandle *handle,
+                                                    SECItem *subjKeyID);
+
+/*
+** Encode Certificate SKID (Subject Key ID) extension.
+**
+*/
+extern SECStatus CERT_EncodeSubjectKeyID(PLArenaPool *arena,
+                                         const SECItem *srcString,
+                                         SECItem *encodedValue);
+
+/*
+** Find a certificate in the database by a nickname
+**	"nickname" is the ascii string nickname to look for
+*/
+extern CERTCertificate *CERT_FindCertByNickname(CERTCertDBHandle *handle,
+                                                const char *nickname);
+
+/*
+** Find a certificate in the database by a DER encoded certificate
+**	"derCert" is the DER encoded certificate
+*/
+extern CERTCertificate *CERT_FindCertByDERCert(CERTCertDBHandle *handle,
+                                               SECItem *derCert);
+
+/*
+** Find a certificate in the database by a email address
+**	"emailAddr" is the email address to look up
+*/
+CERTCertificate *CERT_FindCertByEmailAddr(CERTCertDBHandle *handle,
+                                          char *emailAddr);
+
+/*
+** Find a certificate in the database by a email address or nickname
+**	"name" is the email address or nickname to look up
+*/
+CERTCertificate *CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle,
+                                                    const char *name);
+
+/*
+** Find a certificate in the database by a email address or nickname
+** and require it to have the given usage.
+**      "name" is the email address or nickname to look up
+*/
+CERTCertificate *CERT_FindCertByNicknameOrEmailAddrForUsage(
+    CERTCertDBHandle *handle, const char *name, SECCertUsage lookingForUsage);
+
+/*
+** Find a certificate in the database by a digest of a subject public key
+**	"spkDigest" is the digest to look up
+*/
+extern CERTCertificate *CERT_FindCertBySPKDigest(CERTCertDBHandle *handle,
+                                                 SECItem *spkDigest);
+
+/*
+ * Find the issuer of a cert
+ */
+CERTCertificate *CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime,
+                                     SECCertUsage usage);
+
+/*
+** Check the validity times of a certificate vs. time 't', allowing
+** some slop for broken clocks and stuff.
+**	"cert" is the certificate to be checked
+**	"t" is the time to check against
+**	"allowOverride" if true then check to see if the invalidity has
+**		been overridden by the user.
+*/
+extern SECCertTimeValidity CERT_CheckCertValidTimes(const CERTCertificate *cert,
+                                                    PRTime t,
+                                                    PRBool allowOverride);
+
+/*
+** WARNING - this function is deprecated, and will either go away or have
+**		a new API in the near future.
+**
+** Check the validity times of a certificate vs. the current time, allowing
+** some slop for broken clocks and stuff.
+**	"cert" is the certificate to be checked
+*/
+extern SECStatus CERT_CertTimesValid(CERTCertificate *cert);
+
+/*
+** Extract the validity times from a certificate
+**	"c" is the certificate
+**	"notBefore" is the start of the validity period
+**	"notAfter" is the end of the validity period
+*/
+extern SECStatus CERT_GetCertTimes(const CERTCertificate *c, PRTime *notBefore,
+                                   PRTime *notAfter);
+
+/*
+** Extract the issuer and serial number from a certificate
+*/
+extern CERTIssuerAndSN *CERT_GetCertIssuerAndSN(PLArenaPool *,
+                                                CERTCertificate *);
+
+/*
+** verify the signature of a signed data object with a given certificate
+**	"sd" the signed data object to be verified
+**	"cert" the certificate to use to check the signature
+*/
+extern SECStatus CERT_VerifySignedData(CERTSignedData *sd,
+                                       CERTCertificate *cert, PRTime t,
+                                       void *wincx);
+/*
+** verify the signature of a signed data object with the given DER publickey
+*/
+extern SECStatus CERT_VerifySignedDataWithPublicKeyInfo(
+    CERTSignedData *sd, CERTSubjectPublicKeyInfo *pubKeyInfo, void *wincx);
+
+/*
+** verify the signature of a signed data object with a SECKEYPublicKey.
+*/
+extern SECStatus CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
+                                                    SECKEYPublicKey *pubKey,
+                                                    void *wincx);
+
+/*
+** NEW FUNCTIONS with new bit-field-FIELD SECCertificateUsage - please use
+** verify a certificate by checking validity times against a certain time,
+** that we trust the issuer, and that the signature on the certificate is
+** valid.
+**	"cert" the certificate to verify
+**	"checkSig" only check signatures if true
+*/
+extern SECStatus CERT_VerifyCertificate(CERTCertDBHandle *handle,
+                                        CERTCertificate *cert, PRBool checkSig,
+                                        SECCertificateUsage requiredUsages,
+                                        PRTime t, void *wincx,
+                                        CERTVerifyLog *log,
+                                        SECCertificateUsage *returnedUsages);
+
+/* same as above, but uses current time */
+extern SECStatus CERT_VerifyCertificateNow(CERTCertDBHandle *handle,
+                                           CERTCertificate *cert,
+                                           PRBool checkSig,
+                                           SECCertificateUsage requiredUsages,
+                                           void *wincx,
+                                           SECCertificateUsage *returnedUsages);
+
+/*
+** Verify that a CA cert can certify some (unspecified) leaf cert for a given
+** purpose. This is used by UI code to help identify where a chain may be
+** broken and why. This takes identical parameters to CERT_VerifyCert
+*/
+extern SECStatus CERT_VerifyCACertForUsage(CERTCertDBHandle *handle,
+                                           CERTCertificate *cert,
+                                           PRBool checkSig,
+                                           SECCertUsage certUsage, PRTime t,
+                                           void *wincx, CERTVerifyLog *log);
+
+/*
+** OLD OBSOLETE FUNCTIONS with enum SECCertUsage - DO NOT USE FOR NEW CODE
+** verify a certificate by checking validity times against a certain time,
+** that we trust the issuer, and that the signature on the certificate is
+** valid.
+**	"cert" the certificate to verify
+**	"checkSig" only check signatures if true
+*/
+extern SECStatus CERT_VerifyCert(CERTCertDBHandle *handle,
+                                 CERTCertificate *cert, PRBool checkSig,
+                                 SECCertUsage certUsage, PRTime t, void *wincx,
+                                 CERTVerifyLog *log);
+
+/* same as above, but uses current time */
+extern SECStatus CERT_VerifyCertNow(CERTCertDBHandle *handle,
+                                    CERTCertificate *cert, PRBool checkSig,
+                                    SECCertUsage certUsage, void *wincx);
+
+SECStatus CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
+                               PRBool checkSig, SECCertUsage certUsage,
+                               PRTime t, void *wincx, CERTVerifyLog *log);
+
+/*
+** Read a base64 ascii encoded DER certificate and convert it to our
+** internal format.
+**	"certstr" is a null-terminated string containing the certificate
+*/
+extern CERTCertificate *CERT_ConvertAndDecodeCertificate(char *certstr);
+
+/*
+** Read a certificate in some foreign format, and convert it to our
+** internal format.
+**	"certbuf" is the buffer containing the certificate
+**	"certlen" is the length of the buffer
+** NOTE - currently supports netscape base64 ascii encoded raw certs
+**  and netscape binary DER typed files.
+*/
+extern CERTCertificate *CERT_DecodeCertFromPackage(char *certbuf, int certlen);
+
+extern SECStatus CERT_ImportCAChain(SECItem *certs, int numcerts,
+                                    SECCertUsage certUsage);
+
+extern SECStatus CERT_ImportCAChainTrusted(SECItem *certs, int numcerts,
+                                           SECCertUsage certUsage);
+
+/*
+** Read a certificate chain in some foreign format, and pass it to a
+** callback function.
+**	"certbuf" is the buffer containing the certificate
+**	"certlen" is the length of the buffer
+**	"f" is the callback function
+**	"arg" is the callback argument
+*/
+typedef SECStatus(PR_CALLBACK *CERTImportCertificateFunc)(void *arg,
+                                                          SECItem **certs,
+                                                          int numcerts);
+
+extern SECStatus CERT_DecodeCertPackage(char *certbuf, int certlen,
+                                        CERTImportCertificateFunc f, void *arg);
+
+/*
+** Returns the value of an AVA.  This was a formerly static
+** function that has been exposed due to the need to decode
+** and convert unicode strings to UTF8.
+**
+** XXX This function resides in certhtml.c, should it be
+** moved elsewhere?
+*/
+extern SECItem *CERT_DecodeAVAValue(const SECItem *derAVAValue);
+
+/*
+** extract various element strings from a distinguished name.
+**	"name" the distinguished name
+*/
+
+extern char *CERT_GetCertificateEmailAddress(CERTCertificate *cert);
+
+extern char *CERT_GetCertEmailAddress(const CERTName *name);
+
+extern const char *CERT_GetFirstEmailAddress(CERTCertificate *cert);
+
+extern const char *CERT_GetNextEmailAddress(CERTCertificate *cert,
+                                            const char *prev);
+
+/* The return value must be freed with PORT_Free. */
+extern char *CERT_GetCommonName(const CERTName *name);
+
+extern char *CERT_GetCountryName(const CERTName *name);
+
+extern char *CERT_GetLocalityName(const CERTName *name);
+
+extern char *CERT_GetStateName(const CERTName *name);
+
+extern char *CERT_GetOrgName(const CERTName *name);
+
+extern char *CERT_GetOrgUnitName(const CERTName *name);
+
+extern char *CERT_GetDomainComponentName(const CERTName *name);
+
+extern char *CERT_GetCertUid(const CERTName *name);
+
+/* manipulate the trust parameters of a certificate */
+
+extern SECStatus CERT_GetCertTrust(const CERTCertificate *cert,
+                                   CERTCertTrust *trust);
+
+extern SECStatus CERT_ChangeCertTrust(CERTCertDBHandle *handle,
+                                      CERTCertificate *cert,
+                                      CERTCertTrust *trust);
+
+extern SECStatus CERT_ChangeCertTrustByUsage(CERTCertDBHandle *certdb,
+                                             CERTCertificate *cert,
+                                             SECCertUsage usage);
+
+/*************************************************************************
+ *
+ * manipulate the extensions of a certificate
+ *
+ ************************************************************************/
+
+/*
+** Set up a cert for adding X509v3 extensions.  Returns an opaque handle
+** used by the next two routines.
+**	"cert" is the certificate we are adding extensions to
+*/
+extern void *CERT_StartCertExtensions(CERTCertificate *cert);
+
+/*
+** Add an extension to a certificate.
+**	"exthandle" is the handle returned by the previous function
+**	"idtag" is the integer tag for the OID that should ID this extension
+**	"value" is the value of the extension
+**	"critical" is the critical extension flag
+**	"copyData" is a flag indicating whether the value data should be
+**		copied.
+*/
+extern SECStatus CERT_AddExtension(void *exthandle, int idtag, SECItem *value,
+                                   PRBool critical, PRBool copyData);
+
+extern SECStatus CERT_AddExtensionByOID(void *exthandle, SECItem *oid,
+                                        SECItem *value, PRBool critical,
+                                        PRBool copyData);
+
+extern SECStatus CERT_EncodeAndAddExtension(void *exthandle, int idtag,
+                                            void *value, PRBool critical,
+                                            const SEC_ASN1Template *atemplate);
+
+extern SECStatus CERT_EncodeAndAddBitStrExtension(void *exthandle, int idtag,
+                                                  SECItem *value,
+                                                  PRBool critical);
+
+extern SECStatus CERT_EncodeAltNameExtension(PLArenaPool *arena,
+                                             CERTGeneralName *value,
+                                             SECItem *encodedValue);
+
+/*
+** Finish adding cert extensions.  Does final processing on extension
+** data, putting it in the right format, and freeing any temporary
+** storage.
+**	"exthandle" is the handle used to add extensions to a certificate
+*/
+extern SECStatus CERT_FinishExtensions(void *exthandle);
+
+/*
+** Merge an external list of extensions into a cert's extension list, adding one
+** only when its OID matches none of the cert's existing extensions. Call this
+** immediately before calling CERT_FinishExtensions().
+*/
+SECStatus CERT_MergeExtensions(void *exthandle, CERTCertExtension **exts);
+
+/* If the extension is found, return its criticality and value.
+** This allocate storage for the returning extension value.
+*/
+extern SECStatus CERT_GetExtenCriticality(CERTCertExtension **extensions,
+                                          int tag, PRBool *isCritical);
+
+extern void CERT_DestroyOidSequence(CERTOidSequence *oidSeq);
+
+/****************************************************************************
+ *
+ * DER encode and decode extension values
+ *
+ ****************************************************************************/
+
+/* Encode the value of the basicConstraint extension.
+**	arena - where to allocate memory for the encoded value.
+**	value - extension value to encode
+**	encodedValue - output encoded value
+*/
+extern SECStatus CERT_EncodeBasicConstraintValue(PLArenaPool *arena,
+                                                 CERTBasicConstraints *value,
+                                                 SECItem *encodedValue);
+
+/*
+** Encode the value of the authorityKeyIdentifier extension.
+*/
+extern SECStatus CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
+                                      SECItem *encodedValue);
+
+/*
+** Encode the value of the crlDistributionPoints extension.
+*/
+extern SECStatus CERT_EncodeCRLDistributionPoints(
+    PLArenaPool *arena, CERTCrlDistributionPoints *value, SECItem *derValue);
+
+/*
+** Decodes a DER encoded basicConstaint extension value into a readable format
+**	value - decoded value
+**	encodedValue - value to decoded
+*/
+extern SECStatus CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
+                                                 const SECItem *encodedValue);
+
+/* Decodes a DER encoded authorityKeyIdentifier extension value into a
+** readable format.
+**	arena - where to allocate memory for the decoded value
+**	encodedValue - value to be decoded
+**	Returns a CERTAuthKeyID structure which contains the decoded value
+*/
+extern CERTAuthKeyID *CERT_DecodeAuthKeyID(PLArenaPool *arena,
+                                           const SECItem *encodedValue);
+
+/* Decodes a DER encoded crlDistributionPoints extension value into a
+** readable format.
+**	arena - where to allocate memory for the decoded value
+**	der - value to be decoded
+**	Returns a CERTCrlDistributionPoints structure which contains the
+**          decoded value
+*/
+extern CERTCrlDistributionPoints *CERT_DecodeCRLDistributionPoints(
+    PLArenaPool *arena, SECItem *der);
+
+/* Extract certain name type from a generalName */
+extern void *CERT_GetGeneralNameByType(CERTGeneralName *genNames,
+                                       CERTGeneralNameType type,
+                                       PRBool derFormat);
+
+extern CERTOidSequence *CERT_DecodeOidSequence(const SECItem *seqItem);
+
+/****************************************************************************
+ *
+ * Find extension values of a certificate
+ *
+ ***************************************************************************/
+
+extern SECStatus CERT_FindCertExtension(const CERTCertificate *cert, int tag,
+                                        SECItem *value);
+
+extern SECStatus CERT_FindNSCertTypeExtension(CERTCertificate *cert,
+                                              SECItem *value);
+
+extern char *CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag);
+
+extern SECStatus CERT_FindCertExtensionByOID(CERTCertificate *cert,
+                                             SECItem *oid, SECItem *value);
+
+/* Returns the decoded value of the authKeyID extension.
+**   Note that this uses passed in the arena to allocate storage for the result
+*/
+extern CERTAuthKeyID *CERT_FindAuthKeyIDExten(PLArenaPool *arena,
+                                              CERTCertificate *cert);
+
+/* Returns the decoded value of the basicConstraint extension.
+ */
+extern SECStatus CERT_FindBasicConstraintExten(CERTCertificate *cert,
+                                               CERTBasicConstraints *value);
+
+/* Returns the decoded value of the crlDistributionPoints extension.
+**  Note that the arena in cert is used to allocate storage for the result
+*/
+extern CERTCrlDistributionPoints *CERT_FindCRLDistributionPoints(
+    CERTCertificate *cert);
+
+/* Returns value of the keyUsage extension.  This uses PR_Alloc to allocate
+** buffer for the decoded value. The caller should free up the storage
+** allocated in value->data.
+*/
+extern SECStatus CERT_FindKeyUsageExtension(CERTCertificate *cert,
+                                            SECItem *value);
+
+/* Return the decoded value of the subjectKeyID extension. The caller should
+** free up the storage allocated in retItem->data.
+*/
+extern SECStatus CERT_FindSubjectKeyIDExtension(CERTCertificate *cert,
+                                                SECItem *retItem);
+
+/*
+** If cert is a v3 certificate, and a critical keyUsage extension is included,
+** then check the usage against the extension value.  If a non-critical
+** keyUsage extension is included, this will return SECSuccess without
+** checking, since the extension is an advisory field, not a restriction.
+** If cert is not a v3 certificate, this will return SECSuccess.
+**	cert - certificate
+**	usage - one of the x.509 v3 the Key Usage Extension flags
+*/
+extern SECStatus CERT_CheckCertUsage(CERTCertificate *cert,
+                                     unsigned char usage);
+
+/****************************************************************************
+ *
+ *  CRL v2 Extensions supported routines
+ *
+ ****************************************************************************/
+
+extern SECStatus CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid,
+                                            SECItem *value);
+
+extern SECStatus CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value);
+
+extern SECStatus CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value);
+
+/*
+** Set up a crl for adding X509v3 extensions.  Returns an opaque handle
+** used by routines that take an exthandle (void*) argument .
+**	"crl" is the CRL we are adding extensions to
+*/
+extern void *CERT_StartCRLExtensions(CERTCrl *crl);
+
+/*
+** Set up a crl entry for adding X509v3 extensions.  Returns an opaque handle
+** used by routines that take an exthandle (void*) argument .
+**	"crl" is the crl we are adding certs entries to
+**      "entry" is the crl entry we are adding extensions to
+*/
+extern void *CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry);
+
+extern CERTCertNicknames *CERT_GetCertNicknames(CERTCertDBHandle *handle,
+                                                int what, void *wincx);
+
+/*
+** Finds the crlNumber extension and decodes its value into 'value'
+*/
+extern SECStatus CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
+                                         SECItem *value);
+
+extern SECStatus CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
+                                              CERTCRLEntryReasonCode *value);
+
+extern void CERT_FreeNicknames(CERTCertNicknames *nicknames);
+
+extern PRBool CERT_CompareCerts(const CERTCertificate *c1,
+                                const CERTCertificate *c2);
+
+extern PRBool CERT_CompareCertsForRedirection(CERTCertificate *c1,
+                                              CERTCertificate *c2);
+
+/*
+** Generate an array of the Distinguished Names that the given cert database
+** "trusts"
+*/
+extern CERTDistNames *CERT_GetSSLCACerts(CERTCertDBHandle *handle);
+
+extern void CERT_FreeDistNames(CERTDistNames *names);
+
+/* Duplicate distinguished name array */
+extern CERTDistNames *CERT_DupDistNames(CERTDistNames *orig);
+
+/*
+** Generate an array of Distinguished names from an array of nicknames
+*/
+extern CERTDistNames *CERT_DistNamesFromNicknames(CERTCertDBHandle *handle,
+                                                  char **nicknames, int nnames);
+
+/*
+** Generate an array of Distinguished names from a list of certs.
+*/
+extern CERTDistNames *CERT_DistNamesFromCertList(CERTCertList *list);
+
+/*
+** Generate a certificate chain from a certificate.
+*/
+extern CERTCertificateList *CERT_CertChainFromCert(CERTCertificate *cert,
+                                                   SECCertUsage usage,
+                                                   PRBool includeRoot);
+
+extern CERTCertificateList *CERT_CertListFromCert(CERTCertificate *cert);
+
+extern CERTCertificateList *CERT_DupCertList(
+    const CERTCertificateList *oldList);
+
+extern void CERT_DestroyCertificateList(CERTCertificateList *list);
+
+/*
+** is cert a user cert? i.e. does it have CERTDB_USER trust,
+** i.e. a private key?
+*/
+PRBool CERT_IsUserCert(CERTCertificate *cert);
+
+/* is cert a newer than cert b? */
+PRBool CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb);
+
+/* currently a stub for address book */
+PRBool CERT_IsCertRevoked(CERTCertificate *cert);
+
+void CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts);
+
+/* convert an email address to lower case */
+char *CERT_FixupEmailAddr(const char *emailAddr);
+
+/* decode string representation of trust flags into trust struct */
+SECStatus CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts);
+
+/* encode trust struct into string representation of trust flags */
+char *CERT_EncodeTrustString(CERTCertTrust *trust);
+
+/* find the next or prev cert in a subject list */
+CERTCertificate *CERT_PrevSubjectCert(CERTCertificate *cert);
+CERTCertificate *CERT_NextSubjectCert(CERTCertificate *cert);
+
+/*
+ * import a collection of certs into the temporary or permanent cert
+ * database
+ */
+SECStatus CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
+                           unsigned int ncerts, SECItem **derCerts,
+                           CERTCertificate ***retCerts, PRBool keepCerts,
+                           PRBool caOnly, char *nickname);
+
+char *CERT_MakeCANickname(CERTCertificate *cert);
+
+PRBool CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype);
+
+PRBool CERT_IsCADERCert(SECItem *derCert, unsigned int *rettype);
+
+PRBool CERT_IsRootDERCert(SECItem *derCert);
+
+SECStatus CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
+                                SECItem *profileTime);
+
+/*
+ * find the smime symmetric capabilities profile for a given cert
+ */
+SECItem *CERT_FindSMimeProfile(CERTCertificate *cert);
+
+SECStatus CERT_AddNewCerts(CERTCertDBHandle *handle);
+
+CERTCertificatePolicies *CERT_DecodeCertificatePoliciesExtension(
+    const SECItem *extnValue);
+
+void CERT_DestroyCertificatePoliciesExtension(
+    CERTCertificatePolicies *policies);
+
+CERTCertificatePolicyMappings *CERT_DecodePolicyMappingsExtension(
+    SECItem *encodedCertPolicyMaps);
+
+SECStatus CERT_DestroyPolicyMappingsExtension(
+    CERTCertificatePolicyMappings *mappings);
+
+SECStatus CERT_DecodePolicyConstraintsExtension(
+    CERTCertificatePolicyConstraints *decodedValue,
+    const SECItem *encodedValue);
+
+SECStatus CERT_DecodeInhibitAnyExtension(
+    CERTCertificateInhibitAny *decodedValue, SECItem *extnValue);
+
+CERTUserNotice *CERT_DecodeUserNotice(SECItem *noticeItem);
+
+extern CERTGeneralName *CERT_DecodeAltNameExtension(PLArenaPool *reqArena,
+                                                    SECItem *EncodedAltName);
+
+extern CERTNameConstraints *CERT_DecodeNameConstraintsExtension(
+    PLArenaPool *arena, const SECItem *encodedConstraints);
+
+/* returns addr of a NULL termainated array of pointers to CERTAuthInfoAccess */
+extern CERTAuthInfoAccess **CERT_DecodeAuthInfoAccessExtension(
+    PLArenaPool *reqArena, const SECItem *encodedExtension);
+
+extern CERTPrivKeyUsagePeriod *CERT_DecodePrivKeyUsagePeriodExtension(
+    PLArenaPool *arena, SECItem *extnValue);
+
+extern CERTGeneralName *CERT_GetNextGeneralName(CERTGeneralName *current);
+
+extern CERTGeneralName *CERT_GetPrevGeneralName(CERTGeneralName *current);
+
+/*
+ * Look up name constraints for some certs that do not include name constraints
+ * (Most importantly, root certificates)
+ *
+ * If a matching subject is found, |extensions| will be populated with a copy of
+ * the
+ * DER-encoded name constraints extension. The data in |extensions| will point
+ * to
+ * memory that the caller owns.
+ *
+ * There is no mechanism to configure imposed name constraints right now.  All
+ * imposed name constraints are built into NSS.
+ */
+SECStatus CERT_GetImposedNameConstraints(const SECItem *derSubject,
+                                         SECItem *extensions);
+
+CERTNameConstraint *CERT_GetNextNameConstraint(CERTNameConstraint *current);
+
+CERTNameConstraint *CERT_GetPrevNameConstraint(CERTNameConstraint *current);
+
+void CERT_DestroyUserNotice(CERTUserNotice *userNotice);
+
+typedef char *(*CERTPolicyStringCallback)(char *org, unsigned long noticeNumber,
+                                          void *arg);
+void CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg);
+
+char *CERT_GetCertCommentString(CERTCertificate *cert);
+
+PRBool CERT_GovtApprovedBitSet(CERTCertificate *cert);
+
+SECStatus CERT_AddPermNickname(CERTCertificate *cert, char *nickname);
+
+CERTCertList *CERT_MatchUserCert(CERTCertDBHandle *handle, SECCertUsage usage,
+                                 int nCANames, char **caNames, void *proto_win);
+
+CERTCertList *CERT_NewCertList(void);
+
+/* free the cert list and all the certs in the list */
+void CERT_DestroyCertList(CERTCertList *certs);
+
+/* remove the node and free the cert */
+void CERT_RemoveCertListNode(CERTCertListNode *node);
+
+/* equivalent to CERT_AddCertToListTailWithData(certs, cert, NULL) */
+SECStatus CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert);
+
+/* equivalent to CERT_AddCertToListHeadWithData(certs, cert, NULL) */
+SECStatus CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert);
+
+/*
+ * The new cert list node takes ownership of "cert". "cert" is freed
+ * when the list node is removed.
+ */
+SECStatus CERT_AddCertToListTailWithData(CERTCertList *certs,
+                                         CERTCertificate *cert, void *appData);
+
+/*
+ * The new cert list node takes ownership of "cert". "cert" is freed
+ * when the list node is removed.
+ */
+SECStatus CERT_AddCertToListHeadWithData(CERTCertList *certs,
+                                         CERTCertificate *cert, void *appData);
+
+typedef PRBool (*CERTSortCallback)(CERTCertificate *certa,
+                                   CERTCertificate *certb, void *arg);
+SECStatus CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
+                                   CERTSortCallback f, void *arg);
+
+/* callback for CERT_AddCertToListSorted that sorts based on validity
+ * period and a given time.
+ */
+PRBool CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb,
+                           void *arg);
+
+SECStatus CERT_CheckForEvilCert(CERTCertificate *cert);
+
+CERTGeneralName *CERT_GetCertificateNames(CERTCertificate *cert,
+                                          PLArenaPool *arena);
+
+CERTGeneralName *CERT_GetConstrainedCertificateNames(
+    const CERTCertificate *cert, PLArenaPool *arena,
+    PRBool includeSubjectCommonName);
+
+/*
+ * Creates or adds to a list of all certs with a give subject name, sorted by
+ * validity time, newest first.  Invalid certs are considered older than
+ * valid certs. If validOnly is set, do not include invalid certs on list.
+ */
+CERTCertList *CERT_CreateSubjectCertList(CERTCertList *certList,
+                                         CERTCertDBHandle *handle,
+                                         const SECItem *name, PRTime sorttime,
+                                         PRBool validOnly);
+
+/*
+ * remove certs from a list that don't have keyUsage and certType
+ * that match the given usage.
+ */
+SECStatus CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
+                                     PRBool ca);
+
+/*
+ * check the key usage of a cert against a set of required values
+ */
+SECStatus CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage);
+
+/*
+ * return required key usage and cert type based on cert usage
+ */
+SECStatus CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca,
+                                           unsigned int *retKeyUsage,
+                                           unsigned int *retCertType);
+/*
+ * return required trust flags for various cert usages for CAs
+ */
+SECStatus CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
+                                        unsigned int *retFlags,
+                                        SECTrustType *retTrustType);
+
+/*
+ * Find all user certificates that match the given criteria.
+ *
+ *	"handle" - database to search
+ *	"usage" - certificate usage to match
+ *	"oneCertPerName" - if set then only return the "best" cert per
+ *			name
+ *	"validOnly" - only return certs that are curently valid
+ *	"proto_win" - window handle passed to pkcs11
+ */
+CERTCertList *CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
+                                        SECCertUsage usage,
+                                        PRBool oneCertPerName, PRBool validOnly,
+                                        void *proto_win);
+
+/*
+ * Find a user certificate that matchs the given criteria.
+ *
+ *	"handle" - database to search
+ *	"nickname" - nickname to match
+ *	"usage" - certificate usage to match
+ *	"validOnly" - only return certs that are curently valid
+ *	"proto_win" - window handle passed to pkcs11
+ */
+CERTCertificate *CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
+                                          const char *nickname,
+                                          SECCertUsage usage, PRBool validOnly,
+                                          void *proto_win);
+
+/*
+ * Filter a list of certificates, removing those certs that do not have
+ * one of the named CA certs somewhere in their cert chain.
+ *
+ *	"certList" - the list of certificates to filter
+ *	"nCANames" - number of CA names
+ *	"caNames" - array of CA names in string(rfc 1485) form
+ *	"usage" - what use the certs are for, this is used when
+ *		selecting CA certs
+ */
+SECStatus CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
+                                       char **caNames, SECCertUsage usage);
+
+/*
+ * Filter a list of certificates, removing those certs that aren't user certs
+ */
+SECStatus CERT_FilterCertListForUserCerts(CERTCertList *certList);
+
+/*
+ * Collect the nicknames from all certs in a CertList.  If the cert is not
+ * valid, append a string to that nickname.
+ *
+ * "certList" - the list of certificates
+ * "expiredString" - the string to append to the nickname of any expired cert
+ * "notYetGoodString" - the string to append to the nickname of any cert
+ *		that is not yet valid
+ */
+CERTCertNicknames *CERT_NicknameStringsFromCertList(CERTCertList *certList,
+                                                    char *expiredString,
+                                                    char *notYetGoodString);
+
+/*
+ * Extract the nickname from a nickmake string that may have either
+ * expiredString or notYetGoodString appended.
+ *
+ * Args:
+ *	"namestring" - the string containing the nickname, and possibly
+ *		one of the validity label strings
+ *	"expiredString" - the expired validity label string
+ *	"notYetGoodString" - the not yet good validity label string
+ *
+ * Returns the raw nickname
+ */
+char *CERT_ExtractNicknameString(char *namestring, char *expiredString,
+                                 char *notYetGoodString);
+
+/*
+ * Given a certificate, return a string containing the nickname, and possibly
+ * one of the validity strings, based on the current validity state of the
+ * certificate.
+ *
+ * "arena" - arena to allocate returned string from.  If NULL, then heap
+ *	is used.
+ * "cert" - the cert to get nickname from
+ * "expiredString" - the string to append to the nickname if the cert is
+ *		expired.
+ * "notYetGoodString" - the string to append to the nickname if the cert is
+ *		not yet good.
+ */
+char *CERT_GetCertNicknameWithValidity(PLArenaPool *arena,
+                                       CERTCertificate *cert,
+                                       char *expiredString,
+                                       char *notYetGoodString);
+
+/*
+ * Return the string representation of a DER encoded distinguished name
+ * "dername" - The DER encoded name to convert
+ */
+char *CERT_DerNameToAscii(SECItem *dername);
+
+/*
+ * Supported usage values and types:
+ *	certUsageSSLClient
+ *	certUsageSSLServer
+ *	certUsageSSLServerWithStepUp
+ *	certUsageEmailSigner
+ *	certUsageEmailRecipient
+ *	certUsageObjectSigner
+ */
+
+CERTCertificate *CERT_FindMatchingCert(CERTCertDBHandle *handle,
+                                       SECItem *derName, CERTCertOwner owner,
+                                       SECCertUsage usage, PRBool preferTrusted,
+                                       PRTime validTime, PRBool validOnly);
+
+/*
+ * Acquire the global lock on the cert database.
+ * This lock is currently used for the following operations:
+ *	adding or deleting a cert to either the temp or perm databases
+ *	converting a temp to perm or perm to temp
+ *	changing(maybe just adding?) the trust of a cert
+ *	adjusting the reference count of a cert
+ */
+void CERT_LockDB(CERTCertDBHandle *handle);
+
+/*
+ * Free the global cert database lock.
+ */
+void CERT_UnlockDB(CERTCertDBHandle *handle);
+
+/*
+ * Get the certificate status checking configuratino data for
+ * the certificate database
+ */
+CERTStatusConfig *CERT_GetStatusConfig(CERTCertDBHandle *handle);
+
+/*
+ * Set the certificate status checking information for the
+ * database.  The input structure becomes part of the certificate
+ * database and will be freed by calling the 'Destroy' function in
+ * the configuration object.
+ */
+void CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
+
+/*
+ * Acquire the cert reference count lock
+ * There is currently one global lock for all certs, but I'm putting a cert
+ * arg here so that it will be easy to make it per-cert in the future if
+ * that turns out to be necessary.
+ */
+void CERT_LockCertRefCount(CERTCertificate *cert);
+
+/*
+ * Free the cert reference count lock
+ */
+void CERT_UnlockCertRefCount(CERTCertificate *cert);
+
+/*
+ * Acquire the cert trust lock
+ * There is currently one global lock for all certs, but I'm putting a cert
+ * arg here so that it will be easy to make it per-cert in the future if
+ * that turns out to be necessary.
+ */
+void CERT_LockCertTrust(const CERTCertificate *cert);
+
+/*
+ * Free the cert trust lock
+ */
+void CERT_UnlockCertTrust(const CERTCertificate *cert);
+
+/*
+ * Digest the cert's subject public key using the specified algorithm.
+ * NOTE: this digests the value of the BIT STRING subjectPublicKey (excluding
+ * the tag, length, and number of unused bits) rather than the whole
+ * subjectPublicKeyInfo field.
+ *
+ * The necessary storage for the digest data is allocated.  If "fill" is
+ * non-null, the data is put there, otherwise a SECItem is allocated.
+ * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
+ * results in a NULL being returned (and an appropriate error set).
+ */
+extern SECItem *CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena,
+                                               const CERTCertificate *cert,
+                                               SECOidTag digestAlg,
+                                               SECItem *fill);
+
+/*
+ * Digest the cert's subject name using the specified algorithm.
+ */
+extern SECItem *CERT_GetSubjectNameDigest(PLArenaPool *arena,
+                                          const CERTCertificate *cert,
+                                          SECOidTag digestAlg, SECItem *fill);
+
+SECStatus CERT_CheckCRL(CERTCertificate *cert, CERTCertificate *issuer,
+                        const SECItem *dp, PRTime t, void *wincx);
+
+/*
+ * Add a CERTNameConstraint to the CERTNameConstraint list
+ */
+extern CERTNameConstraint *CERT_AddNameConstraint(
+    CERTNameConstraint *list, CERTNameConstraint *constraint);
+
+/*
+ * Allocate space and copy CERTNameConstraint from src to dest.
+ * Arena is used to allocate result(if dest eq NULL) and its members
+ * SECItem data.
+ */
+extern CERTNameConstraint *CERT_CopyNameConstraint(PLArenaPool *arena,
+                                                   CERTNameConstraint *dest,
+                                                   CERTNameConstraint *src);
+
+/*
+ * Verify name against all the constraints relevant to that type of
+ * the name.
+ */
+extern SECStatus CERT_CheckNameSpace(PLArenaPool *arena,
+                                     const CERTNameConstraints *constraints,
+                                     const CERTGeneralName *currentName);
+
+/*
+ * Extract and allocate the name constraints extension from the CA cert.
+ * If the certificate contains no name constraints extension, but
+ * CERT_GetImposedNameConstraints returns a name constraints extension
+ * for the subject of the certificate, then that extension will be returned.
+ */
+extern SECStatus CERT_FindNameConstraintsExten(
+    PLArenaPool *arena, CERTCertificate *cert,
+    CERTNameConstraints **constraints);
+
+/*
+ * Initialize a new GERTGeneralName fields (link)
+ */
+extern CERTGeneralName *CERT_NewGeneralName(PLArenaPool *arena,
+                                            CERTGeneralNameType type);
+
+/*
+ * Lookup a CERTGeneralNameType constant by its human readable string.
+ */
+extern CERTGeneralNameType CERT_GetGeneralNameTypeFromString(
+    const char *string);
+
+/*
+ * PKIX extension encoding routines
+ */
+extern SECStatus CERT_EncodePolicyConstraintsExtension(
+    PLArenaPool *arena, CERTCertificatePolicyConstraints *constr,
+    SECItem *dest);
+extern SECStatus CERT_EncodeInhibitAnyExtension(
+    PLArenaPool *arena, CERTCertificateInhibitAny *inhibitAny, SECItem *dest);
+extern SECStatus CERT_EncodePolicyMappingExtension(
+    PLArenaPool *arena, CERTCertificatePolicyMappings *maps, SECItem *dest);
+
+extern SECStatus CERT_EncodeInfoAccessExtension(PLArenaPool *arena,
+                                                CERTAuthInfoAccess **info,
+                                                SECItem *dest);
+extern SECStatus CERT_EncodeUserNotice(PLArenaPool *arena,
+                                       CERTUserNotice *notice, SECItem *dest);
+
+extern SECStatus CERT_EncodeDisplayText(PLArenaPool *arena, SECItem *text,
+                                        SECItem *dest);
+
+extern SECStatus CERT_EncodeCertPoliciesExtension(PLArenaPool *arena,
+                                                  CERTPolicyInfo **info,
+                                                  SECItem *dest);
+extern SECStatus CERT_EncodeNoticeReference(PLArenaPool *arena,
+                                            CERTNoticeReference *reference,
+                                            SECItem *dest);
+
+/*
+ * Returns a pointer to a static structure.
+ */
+extern const CERTRevocationFlags *CERT_GetPKIXVerifyNistRevocationPolicy(void);
+
+/*
+ * Returns a pointer to a static structure.
+ */
+extern const CERTRevocationFlags *CERT_GetClassicOCSPEnabledSoftFailurePolicy(
+    void);
+
+/*
+ * Returns a pointer to a static structure.
+ */
+extern const CERTRevocationFlags *CERT_GetClassicOCSPEnabledHardFailurePolicy(
+    void);
+
+/*
+ * Returns a pointer to a static structure.
+ */
+extern const CERTRevocationFlags *CERT_GetClassicOCSPDisabledPolicy(void);
+
+/*
+ * Verify a Cert with libpkix
+ *  paramsIn control the verification options. If a value isn't specified
+ *   in paramsIn, it reverts to the application default.
+ *  paramsOut specifies the parameters the caller would like to get back.
+ *   the caller may pass NULL, in which case no parameters are returned.
+ */
+extern SECStatus CERT_PKIXVerifyCert(CERTCertificate *cert,
+                                     SECCertificateUsage usages,
+                                     CERTValInParam *paramsIn,
+                                     CERTValOutParam *paramsOut, void *wincx);
+
+/* Makes old cert validation APIs(CERT_VerifyCert, CERT_VerifyCertificate)
+ * to use libpkix validation engine. The function should be called ones at
+ * application initialization time.
+ * Function is not thread safe.*/
+extern SECStatus CERT_SetUsePKIXForValidation(PRBool enable);
+
+/* The function return PR_TRUE if cert validation should use
+ * libpkix cert validation engine. */
+extern PRBool CERT_GetUsePKIXForValidation(void);
+
+/*
+ * Allocate a parameter container of type CERTRevocationFlags,
+ * and allocate the inner arrays of the given sizes.
+ * To cleanup call CERT_DestroyCERTRevocationFlags.
+ */
+extern CERTRevocationFlags *CERT_AllocCERTRevocationFlags(
+    PRUint32 number_leaf_methods, PRUint32 number_leaf_pref_methods,
+    PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods);
+
+/*
+ * Destroy the arrays inside flags,
+ * and destroy the object pointed to by flags, too.
+ */
+extern void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
+
+SEC_END_PROTOS
+
+#endif /* _CERT_H_ */
diff --git a/nss/lib/certdb/certdb.c b/nss/lib/certdb/certdb.c
new file mode 100644
index 0000000..19c99ee
--- /dev/null
+++ b/nss/lib/certdb/certdb.c
@@ -0,0 +1,3231 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Certificate handling code
+ */
+
+#include "nssilock.h"
+#include "prmon.h"
+#include "prtime.h"
+#include "cert.h"
+#include "certi.h"
+#include "secder.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "genname.h"
+#include "keyhi.h"
+#include "secitem.h"
+#include "certdb.h"
+#include "prprf.h"
+#include "sechash.h"
+#include "prlong.h"
+#include "certxutl.h"
+#include "portreg.h"
+#include "secerr.h"
+#include "sslerr.h"
+#include "pk11func.h"
+#include "xconst.h" /* for  CERT_DecodeAltNameExtension */
+
+#include "pki.h"
+#include "pki3hack.h"
+
+SEC_ASN1_MKSUB(CERT_TimeChoiceTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_BitStringTemplate)
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_SkipTemplate)
+
+/*
+ * Certificate database handling code
+ */
+
+const SEC_ASN1Template CERT_CertExtensionTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertExtension) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTCertExtension, id) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+      offsetof(CERTCertExtension, critical) },
+    { SEC_ASN1_OCTET_STRING, offsetof(CERTCertExtension, value) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_SequenceOfCertExtensionTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, CERT_CertExtensionTemplate }
+};
+
+const SEC_ASN1Template CERT_TimeChoiceTemplate[] = {
+    { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
+    { SEC_ASN1_UTC_TIME, 0, 0, siUTCTime },
+    { SEC_ASN1_GENERALIZED_TIME, 0, 0, siGeneralizedTime },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_ValidityTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTValidity) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTValidity, notBefore),
+      SEC_ASN1_SUB(CERT_TimeChoiceTemplate), 0 },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTValidity, notAfter),
+      SEC_ASN1_SUB(CERT_TimeChoiceTemplate), 0 },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_CertificateTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificate) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, /* XXX DER_DEFAULT */
+      offsetof(CERTCertificate, version),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { SEC_ASN1_INTEGER, offsetof(CERTCertificate, serialNumber) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCertificate, signature),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_SAVE, offsetof(CERTCertificate, derIssuer) },
+    { SEC_ASN1_INLINE, offsetof(CERTCertificate, issuer), CERT_NameTemplate },
+    { SEC_ASN1_INLINE, offsetof(CERTCertificate, validity),
+      CERT_ValidityTemplate },
+    { SEC_ASN1_SAVE, offsetof(CERTCertificate, derSubject) },
+    { SEC_ASN1_INLINE, offsetof(CERTCertificate, subject), CERT_NameTemplate },
+    { SEC_ASN1_SAVE, offsetof(CERTCertificate, derPublicKey) },
+    { SEC_ASN1_INLINE, offsetof(CERTCertificate, subjectPublicKeyInfo),
+      CERT_SubjectPublicKeyInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(CERTCertificate, issuerID),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+      offsetof(CERTCertificate, subjectID),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | 3,
+      offsetof(CERTCertificate, extensions),
+      CERT_SequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template SEC_SignedCertificateTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificate) },
+    { SEC_ASN1_SAVE, offsetof(CERTCertificate, signatureWrap.data) },
+    { SEC_ASN1_INLINE, 0, CERT_CertificateTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(CERTCertificate, signatureWrap.signatureAlgorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING, offsetof(CERTCertificate, signatureWrap.signature) },
+    { 0 }
+};
+
+/*
+ * Find the subjectName in a DER encoded certificate
+ */
+const SEC_ASN1Template SEC_CertSubjectTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+    { SEC_ASN1_SKIP },                     /* serial number */
+    { SEC_ASN1_SKIP },                     /* signature algorithm */
+    { SEC_ASN1_SKIP },                     /* issuer */
+    { SEC_ASN1_SKIP },                     /* validity */
+    { SEC_ASN1_ANY, 0, NULL },             /* subject */
+    { SEC_ASN1_SKIP_REST },
+    { 0 }
+};
+
+/*
+ * Find the issuerName in a DER encoded certificate
+ */
+const SEC_ASN1Template SEC_CertIssuerTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+    { SEC_ASN1_SKIP },                     /* serial number */
+    { SEC_ASN1_SKIP },                     /* signature algorithm */
+    { SEC_ASN1_ANY, 0, NULL },             /* issuer */
+    { SEC_ASN1_SKIP_REST },
+    { 0 }
+};
+/*
+ * Find the subjectName in a DER encoded certificate
+ */
+const SEC_ASN1Template SEC_CertSerialNumberTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+    { SEC_ASN1_ANY, 0, NULL },             /* serial number */
+    { SEC_ASN1_SKIP_REST },
+    { 0 }
+};
+
+/*
+ * Find the issuer and serialNumber in a DER encoded certificate.
+ * This data is used as the database lookup key since its the unique
+ * identifier of a certificate.
+ */
+const SEC_ASN1Template CERT_CertKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertKey) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      0, SEC_ASN1_SUB(SEC_SkipTemplate) }, /* version */
+    { SEC_ASN1_INTEGER, offsetof(CERTCertKey, serialNumber) },
+    { SEC_ASN1_SKIP }, /* signature algorithm */
+    { SEC_ASN1_ANY, offsetof(CERTCertKey, derIssuer) },
+    { SEC_ASN1_SKIP_REST },
+    { 0 }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_TimeChoiceTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SignedCertificateTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SequenceOfCertExtensionTemplate)
+
+SECStatus
+CERT_KeyFromIssuerAndSN(PLArenaPool *arena, SECItem *issuer, SECItem *sn,
+                        SECItem *key)
+{
+    key->len = sn->len + issuer->len;
+
+    if ((sn->data == NULL) || (issuer->data == NULL)) {
+        goto loser;
+    }
+
+    key->data = (unsigned char *)PORT_ArenaAlloc(arena, key->len);
+    if (!key->data) {
+        goto loser;
+    }
+
+    /* copy the serialNumber */
+    PORT_Memcpy(key->data, sn->data, sn->len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * Extract the subject name from a DER certificate
+ */
+SECStatus
+CERT_NameFromDERCert(SECItem *derCert, SECItem *derName)
+{
+    int rv;
+    PLArenaPool *arena;
+    CERTSignedData sd;
+    void *tmpptr;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        return (SECFailure);
+    }
+
+    PORT_Memset(&sd, 0, sizeof(CERTSignedData));
+    rv = SEC_QuickDERDecodeItem(arena, &sd, CERT_SignedDataTemplate, derCert);
+
+    if (rv) {
+        goto loser;
+    }
+
+    PORT_Memset(derName, 0, sizeof(SECItem));
+    rv = SEC_QuickDERDecodeItem(arena, derName, SEC_CertSubjectTemplate,
+                                &sd.data);
+
+    if (rv) {
+        goto loser;
+    }
+
+    tmpptr = derName->data;
+    derName->data = (unsigned char *)PORT_Alloc(derName->len);
+    if (derName->data == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(derName->data, tmpptr, derName->len);
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (SECFailure);
+}
+
+SECStatus
+CERT_IssuerNameFromDERCert(SECItem *derCert, SECItem *derName)
+{
+    int rv;
+    PORTCheapArenaPool tmpArena;
+    CERTSignedData sd;
+    void *tmpptr;
+
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+
+    PORT_Memset(&sd, 0, sizeof(CERTSignedData));
+    rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &sd, CERT_SignedDataTemplate,
+                                derCert);
+    if (rv) {
+        goto loser;
+    }
+
+    PORT_Memset(derName, 0, sizeof(SECItem));
+    rv = SEC_QuickDERDecodeItem(&tmpArena.arena, derName,
+                                SEC_CertIssuerTemplate, &sd.data);
+    if (rv) {
+        goto loser;
+    }
+
+    tmpptr = derName->data;
+    derName->data = (unsigned char *)PORT_Alloc(derName->len);
+    if (derName->data == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(derName->data, tmpptr, derName->len);
+
+    PORT_DestroyCheapArena(&tmpArena);
+    return (SECSuccess);
+
+loser:
+    PORT_DestroyCheapArena(&tmpArena);
+    return (SECFailure);
+}
+
+SECStatus
+CERT_SerialNumberFromDERCert(SECItem *derCert, SECItem *derName)
+{
+    int rv;
+    PORTCheapArenaPool tmpArena;
+    CERTSignedData sd;
+    void *tmpptr;
+
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+
+    PORT_Memset(&sd, 0, sizeof(CERTSignedData));
+    rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &sd, CERT_SignedDataTemplate,
+                                derCert);
+    if (rv) {
+        goto loser;
+    }
+
+    PORT_Memset(derName, 0, sizeof(SECItem));
+    rv = SEC_QuickDERDecodeItem(&tmpArena.arena, derName,
+                                SEC_CertSerialNumberTemplate, &sd.data);
+    if (rv) {
+        goto loser;
+    }
+
+    tmpptr = derName->data;
+    derName->data = (unsigned char *)PORT_Alloc(derName->len);
+    if (derName->data == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(derName->data, tmpptr, derName->len);
+
+    PORT_DestroyCheapArena(&tmpArena);
+    return (SECSuccess);
+
+loser:
+    PORT_DestroyCheapArena(&tmpArena);
+    return (SECFailure);
+}
+
+/*
+ * Generate a database key, based on serial number and issuer, from a
+ * DER certificate.
+ */
+SECStatus
+CERT_KeyFromDERCert(PLArenaPool *reqArena, SECItem *derCert, SECItem *key)
+{
+    int rv;
+    CERTSignedData sd;
+    CERTCertKey certkey;
+
+    if (!reqArena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    PORT_Memset(&sd, 0, sizeof(CERTSignedData));
+    rv =
+        SEC_QuickDERDecodeItem(reqArena, &sd, CERT_SignedDataTemplate, derCert);
+
+    if (rv) {
+        goto loser;
+    }
+
+    PORT_Memset(&certkey, 0, sizeof(CERTCertKey));
+    rv = SEC_QuickDERDecodeItem(reqArena, &certkey, CERT_CertKeyTemplate,
+                                &sd.data);
+
+    if (rv) {
+        goto loser;
+    }
+
+    return (CERT_KeyFromIssuerAndSN(reqArena, &certkey.derIssuer,
+                                    &certkey.serialNumber, key));
+loser:
+    return (SECFailure);
+}
+
+/*
+ * fill in keyUsage field of the cert based on the cert extension
+ * if the extension is not critical, then we allow all uses
+ */
+static SECStatus
+GetKeyUsage(CERTCertificate *cert)
+{
+    SECStatus rv;
+    SECItem tmpitem;
+
+    rv = CERT_FindKeyUsageExtension(cert, &tmpitem);
+    if (rv == SECSuccess) {
+        /* remember the actual value of the extension */
+        cert->rawKeyUsage = tmpitem.data[0];
+        cert->keyUsagePresent = PR_TRUE;
+        cert->keyUsage = tmpitem.data[0];
+
+        PORT_Free(tmpitem.data);
+        tmpitem.data = NULL;
+    } else {
+        /* if the extension is not present, then we allow all uses */
+        cert->keyUsage = KU_ALL;
+        cert->rawKeyUsage = KU_ALL;
+        cert->keyUsagePresent = PR_FALSE;
+    }
+
+    if (CERT_GovtApprovedBitSet(cert)) {
+        cert->keyUsage |= KU_NS_GOVT_APPROVED;
+        cert->rawKeyUsage |= KU_NS_GOVT_APPROVED;
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+findOIDinOIDSeqByTagNum(CERTOidSequence *seq, SECOidTag tagnum)
+{
+    SECItem **oids;
+    SECItem *oid;
+    SECStatus rv = SECFailure;
+
+    if (seq != NULL) {
+        oids = seq->oids;
+        while (oids != NULL && *oids != NULL) {
+            oid = *oids;
+            if (SECOID_FindOIDTag(oid) == tagnum) {
+                rv = SECSuccess;
+                break;
+            }
+            oids++;
+        }
+    }
+    return rv;
+}
+
+/*
+ * fill in nsCertType field of the cert based on the cert extension
+ */
+SECStatus
+cert_GetCertType(CERTCertificate *cert)
+{
+    PRUint32 nsCertType;
+
+    if (cert->nsCertType) {
+        /* once set, no need to recalculate */
+        return SECSuccess;
+    }
+    nsCertType = cert_ComputeCertType(cert);
+
+    /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */
+    PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32));
+    PR_ATOMIC_SET((PRInt32 *)&cert->nsCertType, nsCertType);
+    return SECSuccess;
+}
+
+PRUint32
+cert_ComputeCertType(CERTCertificate *cert)
+{
+    SECStatus rv;
+    SECItem tmpitem;
+    SECItem encodedExtKeyUsage;
+    CERTOidSequence *extKeyUsage = NULL;
+    PRBool basicConstraintPresent = PR_FALSE;
+    CERTBasicConstraints basicConstraint;
+    PRUint32 nsCertType = 0;
+
+    tmpitem.data = NULL;
+    CERT_FindNSCertTypeExtension(cert, &tmpitem);
+    encodedExtKeyUsage.data = NULL;
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE,
+                                &encodedExtKeyUsage);
+    if (rv == SECSuccess) {
+        extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage);
+    }
+    rv = CERT_FindBasicConstraintExten(cert, &basicConstraint);
+    if (rv == SECSuccess) {
+        basicConstraintPresent = PR_TRUE;
+    }
+    if (tmpitem.data != NULL || extKeyUsage != NULL) {
+        if (tmpitem.data == NULL) {
+            nsCertType = 0;
+        } else {
+            nsCertType = tmpitem.data[0];
+        }
+
+        /* free tmpitem data pointer to avoid memory leak */
+        PORT_Free(tmpitem.data);
+        tmpitem.data = NULL;
+
+        /*
+         * for this release, we will allow SSL certs with an email address
+         * to be used for email
+         */
+        if ((nsCertType & NS_CERT_TYPE_SSL_CLIENT) && cert->emailAddr &&
+            cert->emailAddr[0]) {
+            nsCertType |= NS_CERT_TYPE_EMAIL;
+        }
+        /*
+         * for this release, we will allow SSL intermediate CAs to be
+         * email intermediate CAs too.
+         */
+        if (nsCertType & NS_CERT_TYPE_SSL_CA) {
+            nsCertType |= NS_CERT_TYPE_EMAIL_CA;
+        }
+        /*
+         * allow a cert with the extended key usage of EMail Protect
+         * to be used for email or as an email CA, if basic constraints
+         * indicates that it is a CA.
+         */
+        if (findOIDinOIDSeqByTagNum(extKeyUsage,
+                                    SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT) ==
+            SECSuccess) {
+            if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+                nsCertType |= NS_CERT_TYPE_EMAIL_CA;
+            } else {
+                nsCertType |= NS_CERT_TYPE_EMAIL;
+            }
+        }
+        if (findOIDinOIDSeqByTagNum(
+                extKeyUsage, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) == SECSuccess) {
+            if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+                nsCertType |= NS_CERT_TYPE_SSL_CA;
+            } else {
+                nsCertType |= NS_CERT_TYPE_SSL_SERVER;
+            }
+        }
+        /*
+         * Treat certs with step-up OID as also having SSL server type.
+         * COMODO needs this behaviour until June 2020.  See Bug 737802.
+         */
+        if (findOIDinOIDSeqByTagNum(extKeyUsage,
+                                    SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) ==
+            SECSuccess) {
+            if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+                nsCertType |= NS_CERT_TYPE_SSL_CA;
+            } else {
+                nsCertType |= NS_CERT_TYPE_SSL_SERVER;
+            }
+        }
+        if (findOIDinOIDSeqByTagNum(
+                extKeyUsage, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH) == SECSuccess) {
+            if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+                nsCertType |= NS_CERT_TYPE_SSL_CA;
+            } else {
+                nsCertType |= NS_CERT_TYPE_SSL_CLIENT;
+            }
+        }
+        if (findOIDinOIDSeqByTagNum(
+                extKeyUsage, SEC_OID_EXT_KEY_USAGE_CODE_SIGN) == SECSuccess) {
+            if (basicConstraintPresent == PR_TRUE && (basicConstraint.isCA)) {
+                nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
+            } else {
+                nsCertType |= NS_CERT_TYPE_OBJECT_SIGNING;
+            }
+        }
+        if (findOIDinOIDSeqByTagNum(
+                extKeyUsage, SEC_OID_EXT_KEY_USAGE_TIME_STAMP) == SECSuccess) {
+            nsCertType |= EXT_KEY_USAGE_TIME_STAMP;
+        }
+        if (findOIDinOIDSeqByTagNum(extKeyUsage, SEC_OID_OCSP_RESPONDER) ==
+            SECSuccess) {
+            nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
+        }
+    } else {
+        /* If no NS Cert Type extension and no EKU extension, then */
+        nsCertType = 0;
+        if (CERT_IsCACert(cert, &nsCertType))
+            nsCertType |= EXT_KEY_USAGE_STATUS_RESPONDER;
+        /* if the basic constraint extension says the cert is a CA, then
+           allow SSL CA and EMAIL CA and Status Responder */
+        if (basicConstraintPresent && basicConstraint.isCA) {
+            nsCertType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
+                           EXT_KEY_USAGE_STATUS_RESPONDER);
+        }
+        /* allow any ssl or email (no ca or object signing. */
+        nsCertType |= NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER |
+                      NS_CERT_TYPE_EMAIL;
+    }
+
+    if (encodedExtKeyUsage.data != NULL) {
+        PORT_Free(encodedExtKeyUsage.data);
+    }
+    if (extKeyUsage != NULL) {
+        CERT_DestroyOidSequence(extKeyUsage);
+    }
+    return nsCertType;
+}
+
+/*
+ * cert_GetKeyID() - extract or generate the subjectKeyID from a certificate
+ */
+SECStatus
+cert_GetKeyID(CERTCertificate *cert)
+{
+    SECItem tmpitem;
+    SECStatus rv;
+
+    cert->subjectKeyID.len = 0;
+
+    /* see of the cert has a key identifier extension */
+    rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem);
+    if (rv == SECSuccess) {
+        cert->subjectKeyID.data =
+            (unsigned char *)PORT_ArenaAlloc(cert->arena, tmpitem.len);
+        if (cert->subjectKeyID.data != NULL) {
+            PORT_Memcpy(cert->subjectKeyID.data, tmpitem.data, tmpitem.len);
+            cert->subjectKeyID.len = tmpitem.len;
+            cert->keyIDGenerated = PR_FALSE;
+        }
+
+        PORT_Free(tmpitem.data);
+    }
+
+    /* if the cert doesn't have a key identifier extension, then generate one*/
+    if (cert->subjectKeyID.len == 0) {
+        /*
+         * pkix says that if the subjectKeyID is not present, then we should
+         * use the SHA-1 hash of the DER-encoded publicKeyInfo from the cert
+         */
+        cert->subjectKeyID.data =
+            (unsigned char *)PORT_ArenaAlloc(cert->arena, SHA1_LENGTH);
+        if (cert->subjectKeyID.data != NULL) {
+            rv = PK11_HashBuf(SEC_OID_SHA1, cert->subjectKeyID.data,
+                              cert->derPublicKey.data, cert->derPublicKey.len);
+            if (rv == SECSuccess) {
+                cert->subjectKeyID.len = SHA1_LENGTH;
+            }
+        }
+    }
+
+    if (cert->subjectKeyID.len == 0) {
+        return (SECFailure);
+    }
+    return (SECSuccess);
+}
+
+static PRBool
+cert_IsRootCert(CERTCertificate *cert)
+{
+    SECStatus rv;
+    SECItem tmpitem;
+
+    /* cache the authKeyID extension, if present */
+    cert->authKeyID = CERT_FindAuthKeyIDExten(cert->arena, cert);
+
+    /* it MUST be self-issued to be a root */
+    if (cert->derIssuer.len == 0 ||
+        !SECITEM_ItemsAreEqual(&cert->derIssuer, &cert->derSubject)) {
+        return PR_FALSE;
+    }
+
+    /* check the authKeyID extension */
+    if (cert->authKeyID) {
+        /* authority key identifier is present */
+        if (cert->authKeyID->keyID.len > 0) {
+            /* the keyIdentifier field is set, look for subjectKeyID */
+            rv = CERT_FindSubjectKeyIDExtension(cert, &tmpitem);
+            if (rv == SECSuccess) {
+                PRBool match;
+                /* also present, they MUST match for it to be a root */
+                match =
+                    SECITEM_ItemsAreEqual(&cert->authKeyID->keyID, &tmpitem);
+                PORT_Free(tmpitem.data);
+                if (!match)
+                    return PR_FALSE; /* else fall through */
+            } else {
+                /* the subject key ID is required when AKI is present */
+                return PR_FALSE;
+            }
+        }
+        if (cert->authKeyID->authCertIssuer) {
+            SECItem *caName;
+            caName = (SECItem *)CERT_GetGeneralNameByType(
+                cert->authKeyID->authCertIssuer, certDirectoryName, PR_TRUE);
+            if (caName) {
+                if (!SECITEM_ItemsAreEqual(&cert->derIssuer, caName)) {
+                    return PR_FALSE;
+                } /* else fall through */
+            }     /* else ??? could not get general name as directory name? */
+        }
+        if (cert->authKeyID->authCertSerialNumber.len > 0) {
+            if (!SECITEM_ItemsAreEqual(
+                    &cert->serialNumber,
+                    &cert->authKeyID->authCertSerialNumber)) {
+                return PR_FALSE;
+            } /* else fall through */
+        }
+        /* all of the AKI fields that were present passed the test */
+        return PR_TRUE;
+    }
+    /* else the AKI was not present, so this is a root */
+    return PR_TRUE;
+}
+
+/*
+ * take a DER certificate and decode it into a certificate structure
+ */
+CERTCertificate *
+CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
+                          char *nickname)
+{
+    CERTCertificate *cert;
+    PLArenaPool *arena;
+    void *data;
+    int rv;
+    int len;
+    char *tmpname;
+
+    /* make a new arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        return 0;
+    }
+
+    /* allocate the certificate structure */
+    cert = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
+
+    if (!cert) {
+        goto loser;
+    }
+
+    cert->arena = arena;
+
+    if (copyDER) {
+        /* copy the DER data for the cert into this arena */
+        data = (void *)PORT_ArenaAlloc(arena, derSignedCert->len);
+        if (!data) {
+            goto loser;
+        }
+        cert->derCert.data = (unsigned char *)data;
+        cert->derCert.len = derSignedCert->len;
+        PORT_Memcpy(data, derSignedCert->data, derSignedCert->len);
+    } else {
+        /* point to passed in DER data */
+        cert->derCert = *derSignedCert;
+    }
+
+    /* decode the certificate info */
+    rv = SEC_QuickDERDecodeItem(arena, cert, SEC_SignedCertificateTemplate,
+                                &cert->derCert);
+
+    if (rv) {
+        goto loser;
+    }
+
+    if (cert_HasUnknownCriticalExten(cert->extensions) == PR_TRUE) {
+        cert->options.bits.hasUnsupportedCriticalExt = PR_TRUE;
+    }
+
+    /* generate and save the database key for the cert */
+    rv = CERT_KeyFromIssuerAndSN(arena, &cert->derIssuer, &cert->serialNumber,
+                                 &cert->certKey);
+    if (rv) {
+        goto loser;
+    }
+
+    /* set the nickname */
+    if (nickname == NULL) {
+        cert->nickname = NULL;
+    } else {
+        /* copy and install the nickname */
+        len = PORT_Strlen(nickname) + 1;
+        cert->nickname = (char *)PORT_ArenaAlloc(arena, len);
+        if (cert->nickname == NULL) {
+            goto loser;
+        }
+
+        PORT_Memcpy(cert->nickname, nickname, len);
+    }
+
+    /* set the email address */
+    cert->emailAddr = cert_GetCertificateEmailAddresses(cert);
+
+    /* initialize the subjectKeyID */
+    rv = cert_GetKeyID(cert);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* initialize keyUsage */
+    rv = GetKeyUsage(cert);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* determine if this is a root cert */
+    cert->isRoot = cert_IsRootCert(cert);
+
+    /* initialize the certType */
+    rv = cert_GetCertType(cert);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    tmpname = CERT_NameToAscii(&cert->subject);
+    if (tmpname != NULL) {
+        cert->subjectName = PORT_ArenaStrdup(cert->arena, tmpname);
+        PORT_Free(tmpname);
+    }
+
+    tmpname = CERT_NameToAscii(&cert->issuer);
+    if (tmpname != NULL) {
+        cert->issuerName = PORT_ArenaStrdup(cert->arena, tmpname);
+        PORT_Free(tmpname);
+    }
+
+    cert->referenceCount = 1;
+    cert->slot = NULL;
+    cert->pkcs11ID = CK_INVALID_HANDLE;
+    cert->dbnickname = NULL;
+
+    return (cert);
+
+loser:
+
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (0);
+}
+
+CERTCertificate *
+__CERT_DecodeDERCertificate(SECItem *derSignedCert, PRBool copyDER,
+                            char *nickname)
+{
+    return CERT_DecodeDERCertificate(derSignedCert, copyDER, nickname);
+}
+
+CERTValidity *
+CERT_CreateValidity(PRTime notBefore, PRTime notAfter)
+{
+    CERTValidity *v;
+    int rv;
+    PLArenaPool *arena;
+
+    if (notBefore > notAfter) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        return (0);
+    }
+
+    v = (CERTValidity *)PORT_ArenaZAlloc(arena, sizeof(CERTValidity));
+    if (v) {
+        v->arena = arena;
+        rv = DER_EncodeTimeChoice(arena, &v->notBefore, notBefore);
+        if (rv)
+            goto loser;
+        rv = DER_EncodeTimeChoice(arena, &v->notAfter, notAfter);
+        if (rv)
+            goto loser;
+    }
+    return v;
+
+loser:
+    CERT_DestroyValidity(v);
+    return 0;
+}
+
+SECStatus
+CERT_CopyValidity(PLArenaPool *arena, CERTValidity *to, CERTValidity *from)
+{
+    SECStatus rv;
+
+    CERT_DestroyValidity(to);
+    to->arena = arena;
+
+    rv = SECITEM_CopyItem(arena, &to->notBefore, &from->notBefore);
+    if (rv)
+        return rv;
+    rv = SECITEM_CopyItem(arena, &to->notAfter, &from->notAfter);
+    return rv;
+}
+
+void
+CERT_DestroyValidity(CERTValidity *v)
+{
+    if (v && v->arena) {
+        PORT_FreeArena(v->arena, PR_FALSE);
+    }
+    return;
+}
+
+/*
+** Amount of time that a certifiate is allowed good before it is actually
+** good. This is used for pending certificates, ones that are about to be
+** valid. The slop is designed to allow for some variance in the clocks
+** of the machine checking the certificate.
+*/
+#define PENDING_SLOP (24L * 60L * 60L)     /* seconds per day */
+static PRInt32 pendingSlop = PENDING_SLOP; /* seconds */
+
+PRInt32
+CERT_GetSlopTime(void)
+{
+    return pendingSlop; /* seconds */
+}
+
+SECStatus CERT_SetSlopTime(PRInt32 slop) /* seconds */
+{
+    if (slop < 0)
+        return SECFailure;
+    pendingSlop = slop;
+    return SECSuccess;
+}
+
+SECStatus
+CERT_GetCertTimes(const CERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
+{
+    SECStatus rv;
+
+    if (!c || !notBefore || !notAfter) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* convert DER not-before time */
+    rv = DER_DecodeTimeChoice(notBefore, &c->validity.notBefore);
+    if (rv) {
+        return (SECFailure);
+    }
+
+    /* convert DER not-after time */
+    rv = DER_DecodeTimeChoice(notAfter, &c->validity.notAfter);
+    if (rv) {
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+/*
+ * Check the validity times of a certificate
+ */
+SECCertTimeValidity
+CERT_CheckCertValidTimes(const CERTCertificate *c, PRTime t,
+                         PRBool allowOverride)
+{
+    PRTime notBefore, notAfter, llPendingSlop, tmp1;
+    SECStatus rv;
+
+    if (!c) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return (secCertTimeUndetermined);
+    }
+    /* if cert is already marked OK, then don't bother to check */
+    if (allowOverride && c->timeOK) {
+        return (secCertTimeValid);
+    }
+
+    rv = CERT_GetCertTimes(c, &notBefore, &notAfter);
+
+    if (rv) {
+        return (secCertTimeExpired); /*XXX is this the right thing to do here?*/
+    }
+
+    LL_I2L(llPendingSlop, pendingSlop);
+    /* convert to micro seconds */
+    LL_UI2L(tmp1, PR_USEC_PER_SEC);
+    LL_MUL(llPendingSlop, llPendingSlop, tmp1);
+    LL_SUB(notBefore, notBefore, llPendingSlop);
+    if (LL_CMP(t, <, notBefore)) {
+        PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
+        return (secCertTimeNotValidYet);
+    }
+    if (LL_CMP(t, >, notAfter)) {
+        PORT_SetError(SEC_ERROR_EXPIRED_CERTIFICATE);
+        return (secCertTimeExpired);
+    }
+
+    return (secCertTimeValid);
+}
+
+SECStatus
+SEC_GetCrlTimes(CERTCrl *date, PRTime *notBefore, PRTime *notAfter)
+{
+    int rv;
+
+    /* convert DER not-before time */
+    rv = DER_DecodeTimeChoice(notBefore, &date->lastUpdate);
+    if (rv) {
+        return (SECFailure);
+    }
+
+    /* convert DER not-after time */
+    if (date->nextUpdate.data) {
+        rv = DER_DecodeTimeChoice(notAfter, &date->nextUpdate);
+        if (rv) {
+            return (SECFailure);
+        }
+    } else {
+        LL_I2L(*notAfter, 0L);
+    }
+    return (SECSuccess);
+}
+
+/* These routines should probably be combined with the cert
+ * routines using an common extraction routine.
+ */
+SECCertTimeValidity
+SEC_CheckCrlTimes(CERTCrl *crl, PRTime t)
+{
+    PRTime notBefore, notAfter, llPendingSlop, tmp1;
+    SECStatus rv;
+
+    if (!crl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return (secCertTimeUndetermined);
+    }
+
+    rv = SEC_GetCrlTimes(crl, &notBefore, &notAfter);
+
+    if (rv) {
+        return (secCertTimeExpired);
+    }
+
+    LL_I2L(llPendingSlop, pendingSlop);
+    /* convert to micro seconds */
+    LL_I2L(tmp1, PR_USEC_PER_SEC);
+    LL_MUL(llPendingSlop, llPendingSlop, tmp1);
+    LL_SUB(notBefore, notBefore, llPendingSlop);
+    if (LL_CMP(t, <, notBefore)) {
+        PORT_SetError(SEC_ERROR_CRL_EXPIRED);
+        return (secCertTimeNotValidYet);
+    }
+
+    /* If next update is omitted and the test for notBefore passes, then
+       we assume that the crl is up to date.
+     */
+    if (LL_IS_ZERO(notAfter)) {
+        return (secCertTimeValid);
+    }
+
+    if (LL_CMP(t, >, notAfter)) {
+        PORT_SetError(SEC_ERROR_CRL_EXPIRED);
+        return (secCertTimeExpired);
+    }
+
+    return (secCertTimeValid);
+}
+
+PRBool
+SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old)
+{
+    PRTime newNotBefore, newNotAfter;
+    PRTime oldNotBefore, oldNotAfter;
+    SECStatus rv;
+
+    /* problems with the new CRL? reject it */
+    rv = SEC_GetCrlTimes(inNew, &newNotBefore, &newNotAfter);
+    if (rv)
+        return PR_FALSE;
+
+    /* problems with the old CRL? replace it */
+    rv = SEC_GetCrlTimes(old, &oldNotBefore, &oldNotAfter);
+    if (rv)
+        return PR_TRUE;
+
+    /* Question: what about the notAfter's? */
+    return ((PRBool)LL_CMP(oldNotBefore, <, newNotBefore));
+}
+
+/*
+ * return required key usage and cert type based on cert usage
+ */
+SECStatus
+CERT_KeyUsageAndTypeForCertUsage(SECCertUsage usage, PRBool ca,
+                                 unsigned int *retKeyUsage,
+                                 unsigned int *retCertType)
+{
+    unsigned int requiredKeyUsage = 0;
+    unsigned int requiredCertType = 0;
+
+    if (ca) {
+        switch (usage) {
+            case certUsageSSLServerWithStepUp:
+                requiredKeyUsage = KU_NS_GOVT_APPROVED | KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_SSL_CA;
+                break;
+            case certUsageSSLClient:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_SSL_CA;
+                break;
+            case certUsageSSLServer:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_SSL_CA;
+                break;
+            case certUsageSSLCA:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_SSL_CA;
+                break;
+            case certUsageEmailSigner:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_EMAIL_CA;
+                break;
+            case certUsageEmailRecipient:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_EMAIL_CA;
+                break;
+            case certUsageObjectSigner:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA;
+                break;
+            case certUsageAnyCA:
+            case certUsageVerifyCA:
+            case certUsageStatusResponder:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING_CA |
+                                   NS_CERT_TYPE_EMAIL_CA | NS_CERT_TYPE_SSL_CA;
+                break;
+            default:
+                PORT_Assert(0);
+                goto loser;
+        }
+    } else {
+        switch (usage) {
+            case certUsageSSLClient:
+                /*
+                 * RFC 5280 lists digitalSignature and keyAgreement for
+                 * id-kp-clientAuth.  NSS does not support the *_fixed_dh and
+                 * *_fixed_ecdh client certificate types.
+                 */
+                requiredKeyUsage = KU_DIGITAL_SIGNATURE;
+                requiredCertType = NS_CERT_TYPE_SSL_CLIENT;
+                break;
+            case certUsageSSLServer:
+                requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
+                requiredCertType = NS_CERT_TYPE_SSL_SERVER;
+                break;
+            case certUsageSSLServerWithStepUp:
+                requiredKeyUsage =
+                    KU_KEY_AGREEMENT_OR_ENCIPHERMENT | KU_NS_GOVT_APPROVED;
+                requiredCertType = NS_CERT_TYPE_SSL_SERVER;
+                break;
+            case certUsageSSLCA:
+                requiredKeyUsage = KU_KEY_CERT_SIGN;
+                requiredCertType = NS_CERT_TYPE_SSL_CA;
+                break;
+            case certUsageEmailSigner:
+                requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
+                requiredCertType = NS_CERT_TYPE_EMAIL;
+                break;
+            case certUsageEmailRecipient:
+                requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT;
+                requiredCertType = NS_CERT_TYPE_EMAIL;
+                break;
+            case certUsageObjectSigner:
+                /* RFC 5280 lists only digitalSignature for id-kp-codeSigning.
+                 */
+                requiredKeyUsage = KU_DIGITAL_SIGNATURE;
+                requiredCertType = NS_CERT_TYPE_OBJECT_SIGNING;
+                break;
+            case certUsageStatusResponder:
+                requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION;
+                requiredCertType = EXT_KEY_USAGE_STATUS_RESPONDER;
+                break;
+            default:
+                PORT_Assert(0);
+                goto loser;
+        }
+    }
+
+    if (retKeyUsage != NULL) {
+        *retKeyUsage = requiredKeyUsage;
+    }
+    if (retCertType != NULL) {
+        *retCertType = requiredCertType;
+    }
+
+    return (SECSuccess);
+loser:
+    return (SECFailure);
+}
+
+/*
+ * check the key usage of a cert against a set of required values
+ */
+SECStatus
+CERT_CheckKeyUsage(CERTCertificate *cert, unsigned int requiredUsage)
+{
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* choose between key agreement or key encipherment based on key
+     * type in cert
+     */
+    if (requiredUsage & KU_KEY_AGREEMENT_OR_ENCIPHERMENT) {
+        KeyType keyType = CERT_GetCertKeyType(&cert->subjectPublicKeyInfo);
+        /* turn off the special bit */
+        requiredUsage &= (~KU_KEY_AGREEMENT_OR_ENCIPHERMENT);
+
+        switch (keyType) {
+            case rsaKey:
+                requiredUsage |= KU_KEY_ENCIPHERMENT;
+                break;
+            case dsaKey:
+                requiredUsage |= KU_DIGITAL_SIGNATURE;
+                break;
+            case dhKey:
+                requiredUsage |= KU_KEY_AGREEMENT;
+                break;
+            case ecKey:
+                /* Accept either signature or agreement. */
+                if (!(cert->keyUsage &
+                      (KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)))
+                    goto loser;
+                break;
+            default:
+                goto loser;
+        }
+    }
+
+    /* Allow either digital signature or non-repudiation */
+    if (requiredUsage & KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION) {
+        /* turn off the special bit */
+        requiredUsage &= (~KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION);
+
+        if (!(cert->keyUsage & (KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)))
+            goto loser;
+    }
+
+    if ((cert->keyUsage & requiredUsage) == requiredUsage)
+        return SECSuccess;
+
+loser:
+    PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+    return SECFailure;
+}
+
+CERTCertificate *
+CERT_DupCertificate(CERTCertificate *c)
+{
+    if (c) {
+        NSSCertificate *tmp = STAN_GetNSSCertificate(c);
+        nssCertificate_AddRef(tmp);
+    }
+    return c;
+}
+
+/*
+ * Allow use of default cert database, so that apps(such as mozilla) don't
+ * have to pass the handle all over the place.
+ */
+static CERTCertDBHandle *default_cert_db_handle = 0;
+
+void
+CERT_SetDefaultCertDB(CERTCertDBHandle *handle)
+{
+    default_cert_db_handle = handle;
+
+    return;
+}
+
+CERTCertDBHandle *
+CERT_GetDefaultCertDB(void)
+{
+    return (default_cert_db_handle);
+}
+
+/* XXX this would probably be okay/better as an xp routine? */
+static void
+sec_lower_string(char *s)
+{
+    if (s == NULL) {
+        return;
+    }
+
+    while (*s) {
+        *s = PORT_Tolower(*s);
+        s++;
+    }
+
+    return;
+}
+
+static PRBool
+cert_IsIPAddr(const char *hn)
+{
+    PRBool isIPaddr = PR_FALSE;
+    PRNetAddr netAddr;
+    isIPaddr = (PR_SUCCESS == PR_StringToNetAddr(hn, &netAddr));
+    return isIPaddr;
+}
+
+/*
+** Add a domain name to the list of names that the user has explicitly
+** allowed (despite cert name mismatches) for use with a server cert.
+*/
+SECStatus
+CERT_AddOKDomainName(CERTCertificate *cert, const char *hn)
+{
+    CERTOKDomainName *domainOK;
+    int newNameLen;
+
+    if (!hn || !(newNameLen = strlen(hn))) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    domainOK = (CERTOKDomainName *)PORT_ArenaZAlloc(cert->arena, sizeof(*domainOK));
+    if (!domainOK) {
+        return SECFailure; /* error code is already set. */
+    }
+    domainOK->name = (char *)PORT_ArenaZAlloc(cert->arena, newNameLen + 1);
+    if (!domainOK->name) {
+        return SECFailure; /* error code is already set. */
+    }
+
+    PORT_Strncpy(domainOK->name, hn, newNameLen + 1);
+    sec_lower_string(domainOK->name);
+
+    /* put at head of list. */
+    domainOK->next = cert->domainOK;
+    cert->domainOK = domainOK;
+    return SECSuccess;
+}
+
+/* returns SECSuccess if hn matches pattern cn,
+** returns SECFailure with SSL_ERROR_BAD_CERT_DOMAIN if no match,
+** returns SECFailure with some other error code if another error occurs.
+**
+** This function may modify string cn, so caller must pass a modifiable copy.
+*/
+static SECStatus
+cert_TestHostName(char *cn, const char *hn)
+{
+    static int useShellExp = -1;
+
+    if (useShellExp < 0) {
+        useShellExp = (NULL != PR_GetEnvSecure("NSS_USE_SHEXP_IN_CERT_NAME"));
+    }
+    if (useShellExp) {
+        /* Backward compatible code, uses Shell Expressions (SHEXP). */
+        int regvalid = PORT_RegExpValid(cn);
+        if (regvalid != NON_SXP) {
+            SECStatus rv;
+            /* cn is a regular expression, try to match the shexp */
+            int match = PORT_RegExpCaseSearch(hn, cn);
+
+            if (match == 0) {
+                rv = SECSuccess;
+            } else {
+                PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+                rv = SECFailure;
+            }
+            return rv;
+        }
+    } else {
+        /* New approach conforms to RFC 6125. */
+        char *wildcard = PORT_Strchr(cn, '*');
+        char *firstcndot = PORT_Strchr(cn, '.');
+        char *secondcndot =
+            firstcndot ? PORT_Strchr(firstcndot + 1, '.') : NULL;
+        char *firsthndot = PORT_Strchr(hn, '.');
+
+        /* For a cn pattern to be considered valid, the wildcard character...
+         * - may occur only in a DNS name with at least 3 components, and
+         * - may occur only as last character in the first component, and
+         * - may be preceded by additional characters, and
+         * - must not be preceded by an IDNA ACE prefix (xn--)
+         */
+        if (wildcard && secondcndot && secondcndot[1] && firsthndot &&
+            firstcndot - wildcard == 1           /* wildcard is last char in first component */
+            && secondcndot - firstcndot > 1      /* second component is non-empty */
+            && PORT_Strrchr(cn, '*') == wildcard /* only one wildcard in cn */
+            && !PORT_Strncasecmp(cn, hn, wildcard - cn) &&
+            !PORT_Strcasecmp(firstcndot, firsthndot)
+            /* If hn starts with xn--, then cn must start with wildcard */
+            && (PORT_Strncasecmp(hn, "xn--", 4) || wildcard == cn)) {
+            /* valid wildcard pattern match */
+            return SECSuccess;
+        }
+    }
+    /* String cn has no wildcard or shell expression.
+     * Compare entire string hn with cert name.
+     */
+    if (PORT_Strcasecmp(hn, cn) == 0) {
+        return SECSuccess;
+    }
+
+    PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+    return SECFailure;
+}
+
+SECStatus
+cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
+{
+    PLArenaPool *arena = NULL;
+    CERTGeneralName *nameList = NULL;
+    CERTGeneralName *current;
+    char *cn;
+    int cnBufLen;
+    int DNSextCount = 0;
+    int IPextCount = 0;
+    PRBool isIPaddr = PR_FALSE;
+    SECStatus rv = SECFailure;
+    SECItem subAltName;
+    PRNetAddr netAddr;
+    char cnbuf[128];
+
+    subAltName.data = NULL;
+    cn = cnbuf;
+    cnBufLen = sizeof cnbuf;
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
+                                &subAltName);
+    if (rv != SECSuccess) {
+        goto fail;
+    }
+    isIPaddr = (PR_SUCCESS == PR_StringToNetAddr(hn, &netAddr));
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena)
+        goto fail;
+
+    nameList = current = CERT_DecodeAltNameExtension(arena, &subAltName);
+    if (!current)
+        goto fail;
+
+    do {
+        switch (current->type) {
+            case certDNSName:
+                if (!isIPaddr) {
+                    /* DNS name current->name.other.data is not null terminated.
+                    ** so must copy it.
+                    */
+                    int cnLen = current->name.other.len;
+                    rv = CERT_RFC1485_EscapeAndQuote(
+                        cn, cnBufLen, (char *)current->name.other.data, cnLen);
+                    if (rv != SECSuccess &&
+                        PORT_GetError() == SEC_ERROR_OUTPUT_LEN) {
+                        cnBufLen =
+                            cnLen * 3 + 3; /* big enough for worst case */
+                        cn = (char *)PORT_ArenaAlloc(arena, cnBufLen);
+                        if (!cn)
+                            goto fail;
+                        rv = CERT_RFC1485_EscapeAndQuote(
+                            cn, cnBufLen, (char *)current->name.other.data,
+                            cnLen);
+                    }
+                    if (rv == SECSuccess)
+                        rv = cert_TestHostName(cn, hn);
+                    if (rv == SECSuccess)
+                        goto finish;
+                }
+                DNSextCount++;
+                break;
+            case certIPAddress:
+                if (isIPaddr) {
+                    int match = 0;
+                    PRIPv6Addr v6Addr;
+                    if (current->name.other.len == 4 && /* IP v4 address */
+                        netAddr.inet.family == PR_AF_INET) {
+                        match = !memcmp(&netAddr.inet.ip,
+                                        current->name.other.data, 4);
+                    } else if (current->name.other.len ==
+                                   16 && /* IP v6 address */
+                               netAddr.ipv6.family == PR_AF_INET6) {
+                        match = !memcmp(&netAddr.ipv6.ip,
+                                        current->name.other.data, 16);
+                    } else if (current->name.other.len ==
+                                   16 && /* IP v6 address */
+                               netAddr.inet.family == PR_AF_INET) {
+                        /* convert netAddr to ipv6, then compare. */
+                        /* ipv4 must be in Network Byte Order on input. */
+                        PR_ConvertIPv4AddrToIPv6(netAddr.inet.ip, &v6Addr);
+                        match = !memcmp(&v6Addr, current->name.other.data, 16);
+                    } else if (current->name.other.len == 4 && /* IP v4 address */
+                               netAddr.inet.family == PR_AF_INET6) {
+                        /* convert netAddr to ipv6, then compare. */
+                        PRUint32 ipv4 = (current->name.other.data[0] << 24) |
+                                        (current->name.other.data[1] << 16) |
+                                        (current->name.other.data[2] << 8) |
+                                        current->name.other.data[3];
+                        /* ipv4 must be in Network Byte Order on input. */
+                        PR_ConvertIPv4AddrToIPv6(PR_htonl(ipv4), &v6Addr);
+                        match = !memcmp(&netAddr.ipv6.ip, &v6Addr, 16);
+                    }
+                    if (match) {
+                        rv = SECSuccess;
+                        goto finish;
+                    }
+                }
+                IPextCount++;
+                break;
+            default:
+                break;
+        }
+        current = CERT_GetNextGeneralName(current);
+    } while (current != nameList);
+
+fail:
+
+    if (!(isIPaddr ? IPextCount : DNSextCount)) {
+        /* no relevant value in the extension was found. */
+        PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+    } else {
+        PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+    }
+    rv = SECFailure;
+
+finish:
+
+    /* Don't free nameList, it's part of the arena. */
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    if (subAltName.data) {
+        SECITEM_FreeItem(&subAltName, PR_FALSE);
+    }
+
+    return rv;
+}
+
+/*
+ * If found:
+ *   - subAltName contains the extension (caller must free)
+ *   - return value is the decoded namelist (allocated off arena)
+ * if not found, or if failure to decode:
+ *   - return value is NULL
+ */
+CERTGeneralName *
+cert_GetSubjectAltNameList(const CERTCertificate *cert, PLArenaPool *arena)
+{
+    CERTGeneralName *nameList = NULL;
+    SECStatus rv = SECFailure;
+    SECItem subAltName;
+
+    if (!cert || !arena)
+        return NULL;
+
+    subAltName.data = NULL;
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
+                                &subAltName);
+    if (rv != SECSuccess)
+        return NULL;
+
+    nameList = CERT_DecodeAltNameExtension(arena, &subAltName);
+    SECITEM_FreeItem(&subAltName, PR_FALSE);
+    return nameList;
+}
+
+PRUint32
+cert_CountDNSPatterns(CERTGeneralName *firstName)
+{
+    CERTGeneralName *current;
+    PRUint32 count = 0;
+
+    if (!firstName)
+        return 0;
+
+    current = firstName;
+    do {
+        switch (current->type) {
+            case certDNSName:
+            case certIPAddress:
+                ++count;
+                break;
+            default:
+                break;
+        }
+        current = CERT_GetNextGeneralName(current);
+    } while (current != firstName);
+
+    return count;
+}
+
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46
+#endif
+
+/* will fill nickNames,
+ * will allocate all data from nickNames->arena,
+ * numberOfGeneralNames should have been obtained from cert_CountDNSPatterns,
+ * will ensure the numberOfGeneralNames matches the number of output entries.
+ */
+SECStatus
+cert_GetDNSPatternsFromGeneralNames(CERTGeneralName *firstName,
+                                    PRUint32 numberOfGeneralNames,
+                                    CERTCertNicknames *nickNames)
+{
+    CERTGeneralName *currentInput;
+    char **currentOutput;
+
+    if (!firstName || !nickNames || !numberOfGeneralNames)
+        return SECFailure;
+
+    nickNames->numnicknames = numberOfGeneralNames;
+    nickNames->nicknames = PORT_ArenaAlloc(
+        nickNames->arena, sizeof(char *) * numberOfGeneralNames);
+    if (!nickNames->nicknames)
+        return SECFailure;
+
+    currentInput = firstName;
+    currentOutput = nickNames->nicknames;
+    do {
+        char *cn = NULL;
+        char ipbuf[INET6_ADDRSTRLEN];
+        PRNetAddr addr;
+
+        if (numberOfGeneralNames < 1) {
+            /* internal consistency error */
+            return SECFailure;
+        }
+
+        switch (currentInput->type) {
+            case certDNSName:
+                /* DNS name currentInput->name.other.data is not null
+                *terminated.
+                ** so must copy it.
+                */
+                cn = (char *)PORT_ArenaAlloc(nickNames->arena,
+                                             currentInput->name.other.len + 1);
+                if (!cn)
+                    return SECFailure;
+                PORT_Memcpy(cn, currentInput->name.other.data,
+                            currentInput->name.other.len);
+                cn[currentInput->name.other.len] = 0;
+                break;
+            case certIPAddress:
+                if (currentInput->name.other.len == 4) {
+                    addr.inet.family = PR_AF_INET;
+                    memcpy(&addr.inet.ip, currentInput->name.other.data,
+                           currentInput->name.other.len);
+                } else if (currentInput->name.other.len == 16) {
+                    addr.ipv6.family = PR_AF_INET6;
+                    memcpy(&addr.ipv6.ip, currentInput->name.other.data,
+                           currentInput->name.other.len);
+                }
+                if (PR_NetAddrToString(&addr, ipbuf, sizeof(ipbuf)) ==
+                    PR_FAILURE)
+                    return SECFailure;
+                cn = PORT_ArenaStrdup(nickNames->arena, ipbuf);
+                if (!cn)
+                    return SECFailure;
+                break;
+            default:
+                break;
+        }
+        if (cn) {
+            *currentOutput = cn;
+            nickNames->totallen += PORT_Strlen(cn);
+            ++currentOutput;
+            --numberOfGeneralNames;
+        }
+        currentInput = CERT_GetNextGeneralName(currentInput);
+    } while (currentInput != firstName);
+
+    return (numberOfGeneralNames == 0) ? SECSuccess : SECFailure;
+}
+
+/*
+ * Collect all valid DNS names from the given cert.
+ * The output arena will reference some temporaray data,
+ * but this saves us from dealing with two arenas.
+ * The caller may free all data by freeing CERTCertNicknames->arena.
+ */
+CERTCertNicknames *
+CERT_GetValidDNSPatternsFromCert(CERTCertificate *cert)
+{
+    CERTGeneralName *generalNames;
+    CERTCertNicknames *nickNames;
+    PLArenaPool *arena;
+    char *singleName;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return NULL;
+    }
+
+    nickNames = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
+    if (!nickNames) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    /* init the structure */
+    nickNames->arena = arena;
+    nickNames->head = NULL;
+    nickNames->numnicknames = 0;
+    nickNames->nicknames = NULL;
+    nickNames->totallen = 0;
+
+    generalNames = cert_GetSubjectAltNameList(cert, arena);
+    if (generalNames) {
+        SECStatus rv_getnames = SECFailure;
+        PRUint32 numNames = cert_CountDNSPatterns(generalNames);
+
+        if (numNames) {
+            rv_getnames = cert_GetDNSPatternsFromGeneralNames(
+                generalNames, numNames, nickNames);
+        }
+
+        /* if there were names, we'll exit now, either with success or failure
+         */
+        if (numNames) {
+            if (rv_getnames == SECSuccess) {
+                return nickNames;
+            }
+
+            /* failure to produce output */
+            PORT_FreeArena(arena, PR_FALSE);
+            return NULL;
+        }
+    }
+
+    /* no SAN extension or no names found in extension */
+    singleName = CERT_GetCommonName(&cert->subject);
+    if (singleName) {
+        nickNames->numnicknames = 1;
+        nickNames->nicknames = PORT_ArenaAlloc(arena, sizeof(char *));
+        if (nickNames->nicknames) {
+            *nickNames->nicknames = PORT_ArenaStrdup(arena, singleName);
+        }
+        PORT_Free(singleName);
+
+        /* Did we allocate both the buffer of pointers and the string? */
+        if (nickNames->nicknames && *nickNames->nicknames) {
+            return nickNames;
+        }
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+/* Make sure that the name of the host we are connecting to matches the
+ * name that is incoded in the common-name component of the certificate
+ * that they are using.
+ */
+SECStatus
+CERT_VerifyCertName(const CERTCertificate *cert, const char *hn)
+{
+    char *cn;
+    SECStatus rv;
+    CERTOKDomainName *domainOK;
+
+    if (!hn || !strlen(hn)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* if the name is one that the user has already approved, it's OK. */
+    for (domainOK = cert->domainOK; domainOK; domainOK = domainOK->next) {
+        if (0 == PORT_Strcasecmp(hn, domainOK->name)) {
+            return SECSuccess;
+        }
+    }
+
+    /* Per RFC 2818, if the SubjectAltName extension is present, it must
+    ** be used as the cert's identity.
+    */
+    rv = cert_VerifySubjectAltName(cert, hn);
+    if (rv == SECSuccess || PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND)
+        return rv;
+
+    cn = CERT_GetCommonName(&cert->subject);
+    if (cn) {
+        PRBool isIPaddr = cert_IsIPAddr(hn);
+        if (isIPaddr) {
+            if (PORT_Strcasecmp(hn, cn) == 0) {
+                rv = SECSuccess;
+            } else {
+                PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+                rv = SECFailure;
+            }
+        } else {
+            rv = cert_TestHostName(cn, hn);
+        }
+        PORT_Free(cn);
+    } else
+        PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+    return rv;
+}
+
+PRBool
+CERT_CompareCerts(const CERTCertificate *c1, const CERTCertificate *c2)
+{
+    SECComparison comp;
+
+    comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
+    if (comp == SECEqual) { /* certs are the same */
+        return (PR_TRUE);
+    } else {
+        return (PR_FALSE);
+    }
+}
+
+static SECStatus
+StringsEqual(char *s1, char *s2)
+{
+    if ((s1 == NULL) || (s2 == NULL)) {
+        if (s1 != s2) { /* only one is null */
+            return (SECFailure);
+        }
+        return (SECSuccess); /* both are null */
+    }
+
+    if (PORT_Strcmp(s1, s2) != 0) {
+        return (SECFailure); /* not equal */
+    }
+
+    return (SECSuccess); /* strings are equal */
+}
+
+PRBool
+CERT_CompareCertsForRedirection(CERTCertificate *c1, CERTCertificate *c2)
+{
+    SECComparison comp;
+    char *c1str, *c2str;
+    SECStatus eq;
+
+    comp = SECITEM_CompareItem(&c1->derCert, &c2->derCert);
+    if (comp == SECEqual) { /* certs are the same */
+        return (PR_TRUE);
+    }
+
+    /* check if they are issued by the same CA */
+    comp = SECITEM_CompareItem(&c1->derIssuer, &c2->derIssuer);
+    if (comp != SECEqual) { /* different issuer */
+        return (PR_FALSE);
+    }
+
+    /* check country name */
+    c1str = CERT_GetCountryName(&c1->subject);
+    c2str = CERT_GetCountryName(&c2->subject);
+    eq = StringsEqual(c1str, c2str);
+    PORT_Free(c1str);
+    PORT_Free(c2str);
+    if (eq != SECSuccess) {
+        return (PR_FALSE);
+    }
+
+    /* check locality name */
+    c1str = CERT_GetLocalityName(&c1->subject);
+    c2str = CERT_GetLocalityName(&c2->subject);
+    eq = StringsEqual(c1str, c2str);
+    PORT_Free(c1str);
+    PORT_Free(c2str);
+    if (eq != SECSuccess) {
+        return (PR_FALSE);
+    }
+
+    /* check state name */
+    c1str = CERT_GetStateName(&c1->subject);
+    c2str = CERT_GetStateName(&c2->subject);
+    eq = StringsEqual(c1str, c2str);
+    PORT_Free(c1str);
+    PORT_Free(c2str);
+    if (eq != SECSuccess) {
+        return (PR_FALSE);
+    }
+
+    /* check org name */
+    c1str = CERT_GetOrgName(&c1->subject);
+    c2str = CERT_GetOrgName(&c2->subject);
+    eq = StringsEqual(c1str, c2str);
+    PORT_Free(c1str);
+    PORT_Free(c2str);
+    if (eq != SECSuccess) {
+        return (PR_FALSE);
+    }
+
+#ifdef NOTDEF
+    /* check orgUnit name */
+    /*
+     * We need to revisit this and decide which fields should be allowed to be
+     * different
+     */
+    c1str = CERT_GetOrgUnitName(&c1->subject);
+    c2str = CERT_GetOrgUnitName(&c2->subject);
+    eq = StringsEqual(c1str, c2str);
+    PORT_Free(c1str);
+    PORT_Free(c2str);
+    if (eq != SECSuccess) {
+        return (PR_FALSE);
+    }
+#endif
+
+    return (PR_TRUE); /* all fields but common name are the same */
+}
+
+/* CERT_CertChainFromCert and CERT_DestroyCertificateList moved
+   to certhigh.c */
+
+CERTIssuerAndSN *
+CERT_GetCertIssuerAndSN(PLArenaPool *arena, CERTCertificate *cert)
+{
+    CERTIssuerAndSN *result;
+    SECStatus rv;
+
+    if (arena == NULL) {
+        arena = cert->arena;
+    }
+
+    result = (CERTIssuerAndSN *)PORT_ArenaZAlloc(arena, sizeof(*result));
+    if (result == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    rv = SECITEM_CopyItem(arena, &result->derIssuer, &cert->derIssuer);
+    if (rv != SECSuccess)
+        return NULL;
+
+    rv = CERT_CopyName(arena, &result->issuer, &cert->issuer);
+    if (rv != SECSuccess)
+        return NULL;
+
+    rv = SECITEM_CopyItem(arena, &result->serialNumber, &cert->serialNumber);
+    if (rv != SECSuccess)
+        return NULL;
+
+    return result;
+}
+
+char *
+CERT_MakeCANickname(CERTCertificate *cert)
+{
+    char *firstname = NULL;
+    char *org = NULL;
+    char *nickname = NULL;
+    int count;
+    CERTCertificate *dummycert;
+
+    firstname = CERT_GetCommonName(&cert->subject);
+    if (firstname == NULL) {
+        firstname = CERT_GetOrgUnitName(&cert->subject);
+    }
+
+    org = CERT_GetOrgName(&cert->issuer);
+    if (org == NULL) {
+        org = CERT_GetDomainComponentName(&cert->issuer);
+        if (org == NULL) {
+            if (firstname) {
+                org = firstname;
+                firstname = NULL;
+            } else {
+                org = PORT_Strdup("Unknown CA");
+            }
+        }
+    }
+
+    /* can only fail if PORT_Strdup fails, in which case
+     * we're having memory problems. */
+    if (org == NULL) {
+        goto done;
+    }
+
+    count = 1;
+    while (1) {
+
+        if (firstname) {
+            if (count == 1) {
+                nickname = PR_smprintf("%s - %s", firstname, org);
+            } else {
+                nickname = PR_smprintf("%s - %s #%d", firstname, org, count);
+            }
+        } else {
+            if (count == 1) {
+                nickname = PR_smprintf("%s", org);
+            } else {
+                nickname = PR_smprintf("%s #%d", org, count);
+            }
+        }
+        if (nickname == NULL) {
+            goto done;
+        }
+
+        /* look up the nickname to make sure it isn't in use already */
+        dummycert = CERT_FindCertByNickname(cert->dbhandle, nickname);
+
+        if (dummycert == NULL) {
+            goto done;
+        }
+
+        /* found a cert, destroy it and loop */
+        CERT_DestroyCertificate(dummycert);
+
+        /* free the nickname */
+        PORT_Free(nickname);
+
+        count++;
+    }
+
+done:
+    if (firstname) {
+        PORT_Free(firstname);
+    }
+    if (org) {
+        PORT_Free(org);
+    }
+
+    return (nickname);
+}
+
+/* CERT_Import_CAChain moved to certhigh.c */
+
+void
+CERT_DestroyCrl(CERTSignedCrl *crl)
+{
+    SEC_DestroyCrl(crl);
+}
+
+static int
+cert_Version(CERTCertificate *cert)
+{
+    int version = 0;
+    if (cert && cert->version.data && cert->version.len) {
+        version = DER_GetInteger(&cert->version);
+        if (version < 0)
+            version = 0;
+    }
+    return version;
+}
+
+static unsigned int
+cert_ComputeTrustOverrides(CERTCertificate *cert, unsigned int cType)
+{
+    CERTCertTrust trust;
+    SECStatus rv = SECFailure;
+
+    rv = CERT_GetCertTrust(cert, &trust);
+
+    if (rv == SECSuccess &&
+        (trust.sslFlags | trust.emailFlags | trust.objectSigningFlags)) {
+
+        if (trust.sslFlags & (CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED))
+            cType |= NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_SSL_CLIENT;
+        if (trust.sslFlags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA))
+            cType |= NS_CERT_TYPE_SSL_CA;
+#if defined(CERTDB_NOT_TRUSTED)
+        if (trust.sslFlags & CERTDB_NOT_TRUSTED)
+            cType &= ~(NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_SSL_CLIENT |
+                       NS_CERT_TYPE_SSL_CA);
+#endif
+        if (trust.emailFlags & (CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED))
+            cType |= NS_CERT_TYPE_EMAIL;
+        if (trust.emailFlags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA))
+            cType |= NS_CERT_TYPE_EMAIL_CA;
+#if defined(CERTDB_NOT_TRUSTED)
+        if (trust.emailFlags & CERTDB_NOT_TRUSTED)
+            cType &= ~(NS_CERT_TYPE_EMAIL | NS_CERT_TYPE_EMAIL_CA);
+#endif
+        if (trust.objectSigningFlags &
+            (CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED))
+            cType |= NS_CERT_TYPE_OBJECT_SIGNING;
+        if (trust.objectSigningFlags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA))
+            cType |= NS_CERT_TYPE_OBJECT_SIGNING_CA;
+#if defined(CERTDB_NOT_TRUSTED)
+        if (trust.objectSigningFlags & CERTDB_NOT_TRUSTED)
+            cType &=
+                ~(NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA);
+#endif
+    }
+    return cType;
+}
+
+/*
+ * Does a cert belong to a CA?  We decide based on perm database trust
+ * flags, Netscape Cert Type Extension, and KeyUsage Extension.
+ */
+PRBool
+CERT_IsCACert(CERTCertificate *cert, unsigned int *rettype)
+{
+    unsigned int cType = cert->nsCertType;
+    PRBool ret = PR_FALSE;
+
+    /*
+     * Check if the constraints are available and it's a CA, OR if it's
+     * a X.509 v1 Root CA.
+     */
+    CERTBasicConstraints constraints;
+    if ((CERT_FindBasicConstraintExten(cert, &constraints) == SECSuccess &&
+         constraints.isCA) ||
+        (cert->isRoot && cert_Version(cert) < SEC_CERTIFICATE_VERSION_3))
+        cType |= (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA);
+
+    /*
+     * Apply trust overrides, if any.
+     */
+    cType = cert_ComputeTrustOverrides(cert, cType);
+    ret = (cType & (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA |
+                    NS_CERT_TYPE_OBJECT_SIGNING_CA))
+              ? PR_TRUE
+              : PR_FALSE;
+
+    if (rettype) {
+        *rettype = cType;
+    }
+
+    return ret;
+}
+
+PRBool
+CERT_IsCADERCert(SECItem *derCert, unsigned int *type)
+{
+    CERTCertificate *cert;
+    PRBool isCA;
+
+    /* This is okay -- only looks at extensions */
+    cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
+    if (cert == NULL)
+        return PR_FALSE;
+
+    isCA = CERT_IsCACert(cert, type);
+    CERT_DestroyCertificate(cert);
+    return isCA;
+}
+
+PRBool
+CERT_IsRootDERCert(SECItem *derCert)
+{
+    CERTCertificate *cert;
+    PRBool isRoot;
+
+    /* This is okay -- only looks at extensions */
+    cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
+    if (cert == NULL)
+        return PR_FALSE;
+
+    isRoot = cert->isRoot;
+    CERT_DestroyCertificate(cert);
+    return isRoot;
+}
+
+CERTCompareValidityStatus
+CERT_CompareValidityTimes(CERTValidity *val_a, CERTValidity *val_b)
+{
+    PRTime notBeforeA, notBeforeB, notAfterA, notAfterB;
+
+    if (!val_a || !val_b) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return certValidityUndetermined;
+    }
+
+    if (SECSuccess != DER_DecodeTimeChoice(&notBeforeA, &val_a->notBefore) ||
+        SECSuccess != DER_DecodeTimeChoice(&notBeforeB, &val_b->notBefore) ||
+        SECSuccess != DER_DecodeTimeChoice(&notAfterA, &val_a->notAfter) ||
+        SECSuccess != DER_DecodeTimeChoice(&notAfterB, &val_b->notAfter)) {
+        return certValidityUndetermined;
+    }
+
+    /* sanity check */
+    if (LL_CMP(notBeforeA, >, notAfterA) || LL_CMP(notBeforeB, >, notAfterB)) {
+        PORT_SetError(SEC_ERROR_INVALID_TIME);
+        return certValidityUndetermined;
+    }
+
+    if (LL_CMP(notAfterA, !=, notAfterB)) {
+        /* one cert validity goes farther into the future, select it */
+        return LL_CMP(notAfterA, <, notAfterB) ? certValidityChooseB
+                                               : certValidityChooseA;
+    }
+    /* the two certs have the same expiration date */
+    PORT_Assert(LL_CMP(notAfterA, ==, notAfterB));
+    /* do they also have the same start date ? */
+    if (LL_CMP(notBeforeA, ==, notBeforeB)) {
+        return certValidityEqual;
+    }
+    /* choose cert with the later start date */
+    return LL_CMP(notBeforeA, <, notBeforeB) ? certValidityChooseB
+                                             : certValidityChooseA;
+}
+
+/*
+ * is certa newer than certb?  If one is expired, pick the other one.
+ */
+PRBool
+CERT_IsNewer(CERTCertificate *certa, CERTCertificate *certb)
+{
+    PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now;
+    SECStatus rv;
+    PRBool newerbefore, newerafter;
+
+    rv = CERT_GetCertTimes(certa, &notBeforeA, &notAfterA);
+    if (rv != SECSuccess) {
+        return (PR_FALSE);
+    }
+
+    rv = CERT_GetCertTimes(certb, &notBeforeB, &notAfterB);
+    if (rv != SECSuccess) {
+        return (PR_TRUE);
+    }
+
+    newerbefore = PR_FALSE;
+    if (LL_CMP(notBeforeA, >, notBeforeB)) {
+        newerbefore = PR_TRUE;
+    }
+
+    newerafter = PR_FALSE;
+    if (LL_CMP(notAfterA, >, notAfterB)) {
+        newerafter = PR_TRUE;
+    }
+
+    if (newerbefore && newerafter) {
+        return (PR_TRUE);
+    }
+
+    if ((!newerbefore) && (!newerafter)) {
+        return (PR_FALSE);
+    }
+
+    /* get current time */
+    now = PR_Now();
+
+    if (newerbefore) {
+        /* cert A was issued after cert B, but expires sooner */
+        /* if A is expired, then pick B */
+        if (LL_CMP(notAfterA, <, now)) {
+            return (PR_FALSE);
+        }
+        return (PR_TRUE);
+    } else {
+        /* cert B was issued after cert A, but expires sooner */
+        /* if B is expired, then pick A */
+        if (LL_CMP(notAfterB, <, now)) {
+            return (PR_TRUE);
+        }
+        return (PR_FALSE);
+    }
+}
+
+void
+CERT_DestroyCertArray(CERTCertificate **certs, unsigned int ncerts)
+{
+    unsigned int i;
+
+    if (certs) {
+        for (i = 0; i < ncerts; i++) {
+            if (certs[i]) {
+                CERT_DestroyCertificate(certs[i]);
+            }
+        }
+
+        PORT_Free(certs);
+    }
+
+    return;
+}
+
+char *
+CERT_FixupEmailAddr(const char *emailAddr)
+{
+    char *retaddr;
+    char *str;
+
+    if (emailAddr == NULL) {
+        return (NULL);
+    }
+
+    /* copy the string */
+    str = retaddr = PORT_Strdup(emailAddr);
+    if (str == NULL) {
+        return (NULL);
+    }
+
+    /* make it lower case */
+    while (*str) {
+        *str = tolower(*str);
+        str++;
+    }
+
+    return (retaddr);
+}
+
+/*
+ * NOTE - don't allow encode of govt-approved or invisible bits
+ */
+SECStatus
+CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
+{
+    unsigned int i;
+    unsigned int *pflags;
+
+    if (!trust) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    trust->sslFlags = 0;
+    trust->emailFlags = 0;
+    trust->objectSigningFlags = 0;
+    if (!trusts) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    pflags = &trust->sslFlags;
+
+    for (i = 0; i < PORT_Strlen(trusts); i++) {
+        switch (trusts[i]) {
+            case 'p':
+                *pflags = *pflags | CERTDB_TERMINAL_RECORD;
+                break;
+
+            case 'P':
+                *pflags = *pflags | CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD;
+                break;
+
+            case 'w':
+                *pflags = *pflags | CERTDB_SEND_WARN;
+                break;
+
+            case 'c':
+                *pflags = *pflags | CERTDB_VALID_CA;
+                break;
+
+            case 'T':
+                *pflags = *pflags | CERTDB_TRUSTED_CLIENT_CA | CERTDB_VALID_CA;
+                break;
+
+            case 'C':
+                *pflags = *pflags | CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
+                break;
+
+            case 'u':
+                *pflags = *pflags | CERTDB_USER;
+                break;
+
+            case 'i':
+                *pflags = *pflags | CERTDB_INVISIBLE_CA;
+                break;
+            case 'g':
+                *pflags = *pflags | CERTDB_GOVT_APPROVED_CA;
+                break;
+
+            case ',':
+                if (pflags == &trust->sslFlags) {
+                    pflags = &trust->emailFlags;
+                } else {
+                    pflags = &trust->objectSigningFlags;
+                }
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+static void
+EncodeFlags(char *trusts, unsigned int flags)
+{
+    if (flags & CERTDB_VALID_CA)
+        if (!(flags & CERTDB_TRUSTED_CA) && !(flags & CERTDB_TRUSTED_CLIENT_CA))
+            PORT_Strcat(trusts, "c");
+    if (flags & CERTDB_TERMINAL_RECORD)
+        if (!(flags & CERTDB_TRUSTED))
+            PORT_Strcat(trusts, "p");
+    if (flags & CERTDB_TRUSTED_CA)
+        PORT_Strcat(trusts, "C");
+    if (flags & CERTDB_TRUSTED_CLIENT_CA)
+        PORT_Strcat(trusts, "T");
+    if (flags & CERTDB_TRUSTED)
+        PORT_Strcat(trusts, "P");
+    if (flags & CERTDB_USER)
+        PORT_Strcat(trusts, "u");
+    if (flags & CERTDB_SEND_WARN)
+        PORT_Strcat(trusts, "w");
+    if (flags & CERTDB_INVISIBLE_CA)
+        PORT_Strcat(trusts, "I");
+    if (flags & CERTDB_GOVT_APPROVED_CA)
+        PORT_Strcat(trusts, "G");
+    return;
+}
+
+char *
+CERT_EncodeTrustString(CERTCertTrust *trust)
+{
+    char tmpTrustSSL[32];
+    char tmpTrustEmail[32];
+    char tmpTrustSigning[32];
+    char *retstr = NULL;
+
+    if (trust) {
+        tmpTrustSSL[0] = '\0';
+        tmpTrustEmail[0] = '\0';
+        tmpTrustSigning[0] = '\0';
+
+        EncodeFlags(tmpTrustSSL, trust->sslFlags);
+        EncodeFlags(tmpTrustEmail, trust->emailFlags);
+        EncodeFlags(tmpTrustSigning, trust->objectSigningFlags);
+
+        retstr = PR_smprintf("%s,%s,%s", tmpTrustSSL, tmpTrustEmail,
+                             tmpTrustSigning);
+    }
+
+    return (retstr);
+}
+
+SECStatus
+CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
+                 unsigned int ncerts, SECItem **derCerts,
+                 CERTCertificate ***retCerts, PRBool keepCerts, PRBool caOnly,
+                 char *nickname)
+{
+    unsigned int i;
+    CERTCertificate **certs = NULL;
+    unsigned int fcerts = 0;
+
+    if (ncerts) {
+        certs = PORT_ZNewArray(CERTCertificate *, ncerts);
+        if (certs == NULL) {
+            return (SECFailure);
+        }
+
+        /* decode all of the certs into the temporary DB */
+        for (i = 0, fcerts = 0; i < ncerts; i++) {
+            certs[fcerts] = CERT_NewTempCertificate(certdb, derCerts[i], NULL,
+                                                    PR_FALSE, PR_TRUE);
+            if (certs[fcerts]) {
+                SECItem subjKeyID = { siBuffer, NULL, 0 };
+                if (CERT_FindSubjectKeyIDExtension(certs[fcerts], &subjKeyID) ==
+                    SECSuccess) {
+                    if (subjKeyID.data) {
+                        cert_AddSubjectKeyIDMapping(&subjKeyID, certs[fcerts]);
+                    }
+                    SECITEM_FreeItem(&subjKeyID, PR_FALSE);
+                }
+                fcerts++;
+            }
+        }
+
+        if (keepCerts) {
+            for (i = 0; i < fcerts; i++) {
+                char *canickname = NULL;
+                PRBool isCA;
+
+                SECKEY_UpdateCertPQG(certs[i]);
+
+                isCA = CERT_IsCACert(certs[i], NULL);
+                if (isCA) {
+                    canickname = CERT_MakeCANickname(certs[i]);
+                }
+
+                if (isCA && (fcerts > 1)) {
+                    /* if we are importing only a single cert and specifying
+                     * a nickname, we want to use that nickname if it a CA,
+                     * otherwise if there are more than one cert, we don't
+                     * know which cert it belongs to. But we still may try
+                     * the individual canickname from the cert itself.
+                     */
+                    /* Bug 1192442 - propagate errors from these calls. */
+                    (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
+                } else {
+                    (void)CERT_AddTempCertToPerm(
+                        certs[i], nickname ? nickname : canickname, NULL);
+                }
+
+                PORT_Free(canickname);
+                /* don't care if it fails - keep going */
+            }
+        }
+    }
+
+    if (retCerts) {
+        *retCerts = certs;
+    } else {
+        if (certs) {
+            CERT_DestroyCertArray(certs, fcerts);
+        }
+    }
+
+    return (fcerts || !ncerts) ? SECSuccess : SECFailure;
+}
+
+/*
+ * a real list of certificates - need to convert CERTCertificateList
+ * stuff and ASN 1 encoder/decoder over to using this...
+ */
+CERTCertList *
+CERT_NewCertList(void)
+{
+    PLArenaPool *arena = NULL;
+    CERTCertList *ret = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    ret = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
+    if (ret == NULL) {
+        goto loser;
+    }
+
+    ret->arena = arena;
+
+    PR_INIT_CLIST(&ret->list);
+
+    return (ret);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+void
+CERT_DestroyCertList(CERTCertList *certs)
+{
+    PRCList *node;
+
+    while (!PR_CLIST_IS_EMPTY(&certs->list)) {
+        node = PR_LIST_HEAD(&certs->list);
+        CERT_DestroyCertificate(((CERTCertListNode *)node)->cert);
+        PR_REMOVE_LINK(node);
+    }
+
+    PORT_FreeArena(certs->arena, PR_FALSE);
+
+    return;
+}
+
+void
+CERT_RemoveCertListNode(CERTCertListNode *node)
+{
+    CERT_DestroyCertificate(node->cert);
+    PR_REMOVE_LINK(&node->links);
+    return;
+}
+
+SECStatus
+CERT_AddCertToListTailWithData(CERTCertList *certs, CERTCertificate *cert,
+                               void *appData)
+{
+    CERTCertListNode *node;
+
+    node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
+                                                sizeof(CERTCertListNode));
+    if (node == NULL) {
+        goto loser;
+    }
+
+    PR_INSERT_BEFORE(&node->links, &certs->list);
+    /* certs->count++; */
+    node->cert = cert;
+    node->appData = appData;
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+SECStatus
+CERT_AddCertToListTail(CERTCertList *certs, CERTCertificate *cert)
+{
+    return CERT_AddCertToListTailWithData(certs, cert, NULL);
+}
+
+SECStatus
+CERT_AddCertToListHeadWithData(CERTCertList *certs, CERTCertificate *cert,
+                               void *appData)
+{
+    CERTCertListNode *node;
+    CERTCertListNode *head;
+
+    head = CERT_LIST_HEAD(certs);
+    if (head == NULL) {
+        goto loser;
+    }
+
+    node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
+                                                sizeof(CERTCertListNode));
+    if (node == NULL) {
+        goto loser;
+    }
+
+    PR_INSERT_BEFORE(&node->links, &head->links);
+    /* certs->count++; */
+    node->cert = cert;
+    node->appData = appData;
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+SECStatus
+CERT_AddCertToListHead(CERTCertList *certs, CERTCertificate *cert)
+{
+    return CERT_AddCertToListHeadWithData(certs, cert, NULL);
+}
+
+/*
+ * Sort callback function to determine if cert a is newer than cert b.
+ * Not valid certs are considered older than valid certs.
+ */
+PRBool
+CERT_SortCBValidity(CERTCertificate *certa, CERTCertificate *certb, void *arg)
+{
+    PRTime sorttime;
+    PRTime notBeforeA, notAfterA, notBeforeB, notAfterB;
+    SECStatus rv;
+    PRBool newerbefore, newerafter;
+    PRBool aNotValid = PR_FALSE, bNotValid = PR_FALSE;
+
+    sorttime = *(PRTime *)arg;
+
+    rv = CERT_GetCertTimes(certa, &notBeforeA, &notAfterA);
+    if (rv != SECSuccess) {
+        return (PR_FALSE);
+    }
+
+    rv = CERT_GetCertTimes(certb, &notBeforeB, &notAfterB);
+    if (rv != SECSuccess) {
+        return (PR_TRUE);
+    }
+    newerbefore = PR_FALSE;
+    if (LL_CMP(notBeforeA, >, notBeforeB)) {
+        newerbefore = PR_TRUE;
+    }
+    newerafter = PR_FALSE;
+    if (LL_CMP(notAfterA, >, notAfterB)) {
+        newerafter = PR_TRUE;
+    }
+
+    /* check if A is valid at sorttime */
+    if (CERT_CheckCertValidTimes(certa, sorttime, PR_FALSE) !=
+        secCertTimeValid) {
+        aNotValid = PR_TRUE;
+    }
+
+    /* check if B is valid at sorttime */
+    if (CERT_CheckCertValidTimes(certb, sorttime, PR_FALSE) !=
+        secCertTimeValid) {
+        bNotValid = PR_TRUE;
+    }
+
+    /* a is valid, b is not */
+    if (bNotValid && (!aNotValid)) {
+        return (PR_TRUE);
+    }
+
+    /* b is valid, a is not */
+    if (aNotValid && (!bNotValid)) {
+        return (PR_FALSE);
+    }
+
+    /* a and b are either valid or not valid */
+    if (newerbefore && newerafter) {
+        return (PR_TRUE);
+    }
+
+    if ((!newerbefore) && (!newerafter)) {
+        return (PR_FALSE);
+    }
+
+    if (newerbefore) {
+        /* cert A was issued after cert B, but expires sooner */
+        return (PR_TRUE);
+    } else {
+        /* cert B was issued after cert A, but expires sooner */
+        return (PR_FALSE);
+    }
+}
+
+SECStatus
+CERT_AddCertToListSorted(CERTCertList *certs, CERTCertificate *cert,
+                         CERTSortCallback f, void *arg)
+{
+    CERTCertListNode *node;
+    CERTCertListNode *head;
+    PRBool ret;
+
+    node = (CERTCertListNode *)PORT_ArenaZAlloc(certs->arena,
+                                                sizeof(CERTCertListNode));
+    if (node == NULL) {
+        goto loser;
+    }
+
+    head = CERT_LIST_HEAD(certs);
+
+    while (!CERT_LIST_END(head, certs)) {
+
+        /* if cert is already in the list, then don't add it again */
+        if (cert == head->cert) {
+            /*XXX*/
+            /* don't keep a reference */
+            CERT_DestroyCertificate(cert);
+            goto done;
+        }
+
+        ret = (*f)(cert, head->cert, arg);
+        /* if sort function succeeds, then insert before current node */
+        if (ret) {
+            PR_INSERT_BEFORE(&node->links, &head->links);
+            goto done;
+        }
+
+        head = CERT_LIST_NEXT(head);
+    }
+    /* if we get to the end, then just insert it at the tail */
+    PR_INSERT_BEFORE(&node->links, &certs->list);
+
+done:
+    /* certs->count++; */
+    node->cert = cert;
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/* This routine is here because pcertdb.c still has a call to it.
+ * The SMIME profile code in pcertdb.c should be split into high (find
+ * the email cert) and low (store the profile) code.  At that point, we
+ * can move this to certhigh.c where it belongs.
+ *
+ * remove certs from a list that don't have keyUsage and certType
+ * that match the given usage.
+ */
+SECStatus
+CERT_FilterCertListByUsage(CERTCertList *certList, SECCertUsage usage,
+                           PRBool ca)
+{
+    unsigned int requiredKeyUsage;
+    unsigned int requiredCertType;
+    CERTCertListNode *node, *savenode;
+    SECStatus rv;
+
+    if (certList == NULL)
+        goto loser;
+
+    rv = CERT_KeyUsageAndTypeForCertUsage(usage, ca, &requiredKeyUsage,
+                                          &requiredCertType);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    node = CERT_LIST_HEAD(certList);
+
+    while (!CERT_LIST_END(node, certList)) {
+
+        PRBool bad = (PRBool)(!node->cert);
+
+        /* bad key usage ? */
+        if (!bad &&
+            CERT_CheckKeyUsage(node->cert, requiredKeyUsage) != SECSuccess) {
+            bad = PR_TRUE;
+        }
+        /* bad cert type ? */
+        if (!bad) {
+            unsigned int certType = 0;
+            if (ca) {
+                /* This function returns a more comprehensive cert type that
+                 * takes trust flags into consideration.  Should probably
+                 * fix the cert decoding code to do this.
+                 */
+                (void)CERT_IsCACert(node->cert, &certType);
+            } else {
+                certType = node->cert->nsCertType;
+            }
+            if (!(certType & requiredCertType)) {
+                bad = PR_TRUE;
+            }
+        }
+
+        if (bad) {
+            /* remove the node if it is bad */
+            savenode = CERT_LIST_NEXT(node);
+            CERT_RemoveCertListNode(node);
+            node = savenode;
+        } else {
+            node = CERT_LIST_NEXT(node);
+        }
+    }
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+PRBool
+CERT_IsUserCert(CERTCertificate *cert)
+{
+    CERTCertTrust trust;
+    SECStatus rv = SECFailure;
+
+    rv = CERT_GetCertTrust(cert, &trust);
+    if (rv == SECSuccess &&
+        ((trust.sslFlags & CERTDB_USER) || (trust.emailFlags & CERTDB_USER) ||
+         (trust.objectSigningFlags & CERTDB_USER))) {
+        return PR_TRUE;
+    } else {
+        return PR_FALSE;
+    }
+}
+
+SECStatus
+CERT_FilterCertListForUserCerts(CERTCertList *certList)
+{
+    CERTCertListNode *node, *freenode;
+    CERTCertificate *cert;
+
+    if (!certList) {
+        return SECFailure;
+    }
+
+    node = CERT_LIST_HEAD(certList);
+
+    while (!CERT_LIST_END(node, certList)) {
+        cert = node->cert;
+        if (PR_TRUE != CERT_IsUserCert(cert)) {
+            /* Not a User Cert, so remove this cert from the list */
+            freenode = node;
+            node = CERT_LIST_NEXT(node);
+            CERT_RemoveCertListNode(freenode);
+        } else {
+            /* Is a User cert, so leave it in the list */
+            node = CERT_LIST_NEXT(node);
+        }
+    }
+
+    return (SECSuccess);
+}
+
+static PZLock *certRefCountLock = NULL;
+
+/*
+ * Acquire the cert reference count lock
+ * There is currently one global lock for all certs, but I'm putting a cert
+ * arg here so that it will be easy to make it per-cert in the future if
+ * that turns out to be necessary.
+ */
+void
+CERT_LockCertRefCount(CERTCertificate *cert)
+{
+    PORT_Assert(certRefCountLock != NULL);
+    PZ_Lock(certRefCountLock);
+    return;
+}
+
+/*
+ * Free the cert reference count lock
+ */
+void
+CERT_UnlockCertRefCount(CERTCertificate *cert)
+{
+    PORT_Assert(certRefCountLock != NULL);
+
+#ifdef DEBUG
+    {
+        PRStatus prstat = PZ_Unlock(certRefCountLock);
+        PORT_Assert(prstat == PR_SUCCESS);
+    }
+#else
+    PZ_Unlock(certRefCountLock);
+#endif
+}
+
+static PZLock *certTrustLock = NULL;
+
+/*
+ * Acquire the cert trust lock
+ * There is currently one global lock for all certs, but I'm putting a cert
+ * arg here so that it will be easy to make it per-cert in the future if
+ * that turns out to be necessary.
+ */
+void
+CERT_LockCertTrust(const CERTCertificate *cert)
+{
+    PORT_Assert(certTrustLock != NULL);
+    PZ_Lock(certTrustLock);
+    return;
+}
+
+SECStatus
+cert_InitLocks(void)
+{
+    if (certRefCountLock == NULL) {
+        certRefCountLock = PZ_NewLock(nssILockRefLock);
+        PORT_Assert(certRefCountLock != NULL);
+        if (!certRefCountLock) {
+            return SECFailure;
+        }
+    }
+
+    if (certTrustLock == NULL) {
+        certTrustLock = PZ_NewLock(nssILockCertDB);
+        PORT_Assert(certTrustLock != NULL);
+        if (!certTrustLock) {
+            PZ_DestroyLock(certRefCountLock);
+            certRefCountLock = NULL;
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+cert_DestroyLocks(void)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(certRefCountLock != NULL);
+    if (certRefCountLock) {
+        PZ_DestroyLock(certRefCountLock);
+        certRefCountLock = NULL;
+    } else {
+        rv = SECFailure;
+    }
+
+    PORT_Assert(certTrustLock != NULL);
+    if (certTrustLock) {
+        PZ_DestroyLock(certTrustLock);
+        certTrustLock = NULL;
+    } else {
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+ * Free the cert trust lock
+ */
+void
+CERT_UnlockCertTrust(const CERTCertificate *cert)
+{
+    PORT_Assert(certTrustLock != NULL);
+
+#ifdef DEBUG
+    {
+        PRStatus prstat = PZ_Unlock(certTrustLock);
+        PORT_Assert(prstat == PR_SUCCESS);
+    }
+#else
+    PZ_Unlock(certTrustLock);
+#endif
+}
+
+/*
+ * Get the StatusConfig data for this handle
+ */
+CERTStatusConfig *
+CERT_GetStatusConfig(CERTCertDBHandle *handle)
+{
+    return handle->statusConfig;
+}
+
+/*
+ * Set the StatusConfig data for this handle.  There
+ * should not be another configuration set.
+ */
+void
+CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *statusConfig)
+{
+    PORT_Assert(handle->statusConfig == NULL);
+    handle->statusConfig = statusConfig;
+}
+
+/*
+ * Code for dealing with subjKeyID to cert mappings.
+ */
+
+static PLHashTable *gSubjKeyIDHash = NULL;
+static PRLock *gSubjKeyIDLock = NULL;
+static PLHashTable *gSubjKeyIDSlotCheckHash = NULL;
+static PRLock *gSubjKeyIDSlotCheckLock = NULL;
+
+static void *
+cert_AllocTable(void *pool, PRSize size)
+{
+    return PORT_Alloc(size);
+}
+
+static void
+cert_FreeTable(void *pool, void *item)
+{
+    PORT_Free(item);
+}
+
+static PLHashEntry *
+cert_AllocEntry(void *pool, const void *key)
+{
+    return PORT_New(PLHashEntry);
+}
+
+static void
+cert_FreeEntry(void *pool, PLHashEntry *he, PRUintn flag)
+{
+    SECITEM_FreeItem((SECItem *)(he->value), PR_TRUE);
+    if (flag == HT_FREE_ENTRY) {
+        SECITEM_FreeItem((SECItem *)(he->key), PR_TRUE);
+        PORT_Free(he);
+    }
+}
+
+static PLHashAllocOps cert_AllocOps = { cert_AllocTable, cert_FreeTable,
+                                        cert_AllocEntry, cert_FreeEntry };
+
+SECStatus
+cert_CreateSubjectKeyIDSlotCheckHash(void)
+{
+    /*
+     * This hash is used to remember the series of a slot
+     * when we last checked for user certs
+     */
+    gSubjKeyIDSlotCheckHash =
+        PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+                        SECITEM_HashCompare, &cert_AllocOps, NULL);
+    if (!gSubjKeyIDSlotCheckHash) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    gSubjKeyIDSlotCheckLock = PR_NewLock();
+    if (!gSubjKeyIDSlotCheckLock) {
+        PL_HashTableDestroy(gSubjKeyIDSlotCheckHash);
+        gSubjKeyIDSlotCheckHash = NULL;
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+cert_CreateSubjectKeyIDHashTable(void)
+{
+    gSubjKeyIDHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+                                     SECITEM_HashCompare, &cert_AllocOps, NULL);
+    if (!gSubjKeyIDHash) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    gSubjKeyIDLock = PR_NewLock();
+    if (!gSubjKeyIDLock) {
+        PL_HashTableDestroy(gSubjKeyIDHash);
+        gSubjKeyIDHash = NULL;
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    /* initialize the companion hash (for remembering slot series) */
+    if (cert_CreateSubjectKeyIDSlotCheckHash() != SECSuccess) {
+        cert_DestroySubjectKeyIDHashTable();
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+cert_AddSubjectKeyIDMapping(SECItem *subjKeyID, CERTCertificate *cert)
+{
+    SECItem *newKeyID, *oldVal, *newVal;
+    SECStatus rv = SECFailure;
+
+    if (!gSubjKeyIDLock) {
+        /* If one is created, then both are there.  So only check for one. */
+        return SECFailure;
+    }
+
+    newVal = SECITEM_DupItem(&cert->derCert);
+    if (!newVal) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto done;
+    }
+    newKeyID = SECITEM_DupItem(subjKeyID);
+    if (!newKeyID) {
+        SECITEM_FreeItem(newVal, PR_TRUE);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto done;
+    }
+
+    PR_Lock(gSubjKeyIDLock);
+    /* The hash table implementation does not free up the memory
+     * associated with the key of an already existing entry if we add a
+     * duplicate, so we would wind up leaking the previously allocated
+     * key if we don't remove before adding.
+     */
+    oldVal = (SECItem *)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
+    if (oldVal) {
+        PL_HashTableRemove(gSubjKeyIDHash, subjKeyID);
+    }
+
+    rv = (PL_HashTableAdd(gSubjKeyIDHash, newKeyID, newVal)) ? SECSuccess
+                                                             : SECFailure;
+    PR_Unlock(gSubjKeyIDLock);
+done:
+    return rv;
+}
+
+SECStatus
+cert_RemoveSubjectKeyIDMapping(SECItem *subjKeyID)
+{
+    SECStatus rv;
+    if (!gSubjKeyIDLock)
+        return SECFailure;
+
+    PR_Lock(gSubjKeyIDLock);
+    rv = (PL_HashTableRemove(gSubjKeyIDHash, subjKeyID)) ? SECSuccess
+                                                         : SECFailure;
+    PR_Unlock(gSubjKeyIDLock);
+    return rv;
+}
+
+SECStatus
+cert_UpdateSubjectKeyIDSlotCheck(SECItem *slotid, int series)
+{
+    SECItem *oldSeries, *newSlotid, *newSeries;
+    SECStatus rv = SECFailure;
+
+    if (!gSubjKeyIDSlotCheckLock) {
+        return rv;
+    }
+
+    newSlotid = SECITEM_DupItem(slotid);
+    newSeries = SECITEM_AllocItem(NULL, NULL, sizeof(int));
+    if (!newSlotid || !newSeries) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    PORT_Memcpy(newSeries->data, &series, sizeof(int));
+
+    PR_Lock(gSubjKeyIDSlotCheckLock);
+    oldSeries = (SECItem *)PL_HashTableLookup(gSubjKeyIDSlotCheckHash, slotid);
+    if (oldSeries) {
+        /*
+         * make sure we don't leak the key of an existing entry
+         * (similar to cert_AddSubjectKeyIDMapping, see comment there)
+         */
+        PL_HashTableRemove(gSubjKeyIDSlotCheckHash, slotid);
+    }
+    rv = (PL_HashTableAdd(gSubjKeyIDSlotCheckHash, newSlotid, newSeries))
+             ? SECSuccess
+             : SECFailure;
+    PR_Unlock(gSubjKeyIDSlotCheckLock);
+    if (rv == SECSuccess) {
+        return rv;
+    }
+
+loser:
+    if (newSlotid) {
+        SECITEM_FreeItem(newSlotid, PR_TRUE);
+    }
+    if (newSeries) {
+        SECITEM_FreeItem(newSeries, PR_TRUE);
+    }
+    return rv;
+}
+
+int
+cert_SubjectKeyIDSlotCheckSeries(SECItem *slotid)
+{
+    SECItem *seriesItem = NULL;
+    int series;
+
+    if (!gSubjKeyIDSlotCheckLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return -1;
+    }
+
+    PR_Lock(gSubjKeyIDSlotCheckLock);
+    seriesItem = (SECItem *)PL_HashTableLookup(gSubjKeyIDSlotCheckHash, slotid);
+    PR_Unlock(gSubjKeyIDSlotCheckLock);
+    /* getting a null series just means we haven't registered one yet,
+     * just return 0 */
+    if (seriesItem == NULL) {
+        return 0;
+    }
+    /* if we got a series back, assert if it's not the proper length. */
+    PORT_Assert(seriesItem->len == sizeof(int));
+    if (seriesItem->len != sizeof(int)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return -1;
+    }
+    PORT_Memcpy(&series, seriesItem->data, sizeof(int));
+    return series;
+}
+
+SECStatus
+cert_DestroySubjectKeyIDSlotCheckHash(void)
+{
+    if (gSubjKeyIDSlotCheckHash) {
+        PR_Lock(gSubjKeyIDSlotCheckLock);
+        PL_HashTableDestroy(gSubjKeyIDSlotCheckHash);
+        gSubjKeyIDSlotCheckHash = NULL;
+        PR_Unlock(gSubjKeyIDSlotCheckLock);
+        PR_DestroyLock(gSubjKeyIDSlotCheckLock);
+        gSubjKeyIDSlotCheckLock = NULL;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+cert_DestroySubjectKeyIDHashTable(void)
+{
+    if (gSubjKeyIDHash) {
+        PR_Lock(gSubjKeyIDLock);
+        PL_HashTableDestroy(gSubjKeyIDHash);
+        gSubjKeyIDHash = NULL;
+        PR_Unlock(gSubjKeyIDLock);
+        PR_DestroyLock(gSubjKeyIDLock);
+        gSubjKeyIDLock = NULL;
+    }
+    cert_DestroySubjectKeyIDSlotCheckHash();
+    return SECSuccess;
+}
+
+SECItem *
+cert_FindDERCertBySubjectKeyID(SECItem *subjKeyID)
+{
+    SECItem *val;
+
+    if (!gSubjKeyIDLock)
+        return NULL;
+
+    PR_Lock(gSubjKeyIDLock);
+    val = (SECItem *)PL_HashTableLookup(gSubjKeyIDHash, subjKeyID);
+    if (val) {
+        val = SECITEM_DupItem(val);
+    }
+    PR_Unlock(gSubjKeyIDLock);
+    return val;
+}
+
+CERTCertificate *
+CERT_FindCertBySubjectKeyID(CERTCertDBHandle *handle, SECItem *subjKeyID)
+{
+    CERTCertificate *cert = NULL;
+    SECItem *derCert;
+
+    derCert = cert_FindDERCertBySubjectKeyID(subjKeyID);
+    if (derCert) {
+        cert = CERT_FindCertByDERCert(handle, derCert);
+        SECITEM_FreeItem(derCert, PR_TRUE);
+    }
+    return cert;
+}
diff --git a/nss/lib/certdb/certdb.gyp b/nss/lib/certdb/certdb.gyp
new file mode 100644
index 0000000..673d56d
--- /dev/null
+++ b/nss/lib/certdb/certdb.gyp
@@ -0,0 +1,34 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'certdb',
+      'type': 'static_library',
+      'sources': [
+        'alg1485.c',
+        'certdb.c',
+        'certv3.c',
+        'certxutl.c',
+        'crl.c',
+        'genname.c',
+        'polcyxtn.c',
+        'secname.c',
+        'stanpcertdb.c',
+        'xauthkid.c',
+        'xbsconst.c',
+        'xconst.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/certdb/certdb.h b/nss/lib/certdb/certdb.h
new file mode 100644
index 0000000..53d8a39
--- /dev/null
+++ b/nss/lib/certdb/certdb.h
@@ -0,0 +1,89 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CERTDB_H_
+#define _CERTDB_H_
+
+/* common flags for all types of certificates */
+#define CERTDB_TERMINAL_RECORD (1u << 0)
+#define CERTDB_TRUSTED (1u << 1)
+#define CERTDB_SEND_WARN (1u << 2)
+#define CERTDB_VALID_CA (1u << 3)
+#define CERTDB_TRUSTED_CA (1u << 4) /* trusted for issuing server certs */
+#define CERTDB_NS_TRUSTED_CA (1u << 5)
+#define CERTDB_USER (1u << 6)
+#define CERTDB_TRUSTED_CLIENT_CA (1u << 7) /* trusted for issuing client certs */
+#define CERTDB_INVISIBLE_CA (1u << 8)      /* don't show in UI */
+#define CERTDB_GOVT_APPROVED_CA (1u << 9)  /* can do strong crypto in export ver */
+
+/* old usage, to keep old programs compiling */
+/* On Windows, Mac, and Linux (and other gcc platforms), we can give compile
+ * time deprecation warnings when applications use the old CERTDB_VALID_PEER
+ * define */
+#if __GNUC__ > 3
+#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
+typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated));
+#else
+typedef unsigned int __CERTDB_VALID_PEER __attribute__((
+    deprecated("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD")));
+#endif
+#define CERTDB_VALID_PEER ((__CERTDB_VALID_PEER)CERTDB_TERMINAL_RECORD)
+#else
+#ifdef _WIN32
+#pragma deprecated(CERTDB_VALID_PEER)
+#endif
+#define CERTDB_VALID_PEER CERTDB_TERMINAL_RECORD
+#endif
+
+SEC_BEGIN_PROTOS
+
+CERTSignedCrl *SEC_FindCrlByKey(CERTCertDBHandle *handle, SECItem *crlKey,
+                                int type);
+
+CERTSignedCrl *SEC_FindCrlByName(CERTCertDBHandle *handle, SECItem *crlKey,
+                                 int type);
+
+CERTSignedCrl *SEC_FindCrlByDERCert(CERTCertDBHandle *handle, SECItem *derCrl,
+                                    int type);
+
+PRBool SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
+                                CERTCertDBHandle *handle);
+CERTSignedCrl *SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl,
+                          int type);
+
+SECStatus SEC_DeletePermCRL(CERTSignedCrl *crl);
+
+SECStatus SEC_LookupCrls(CERTCertDBHandle *handle, CERTCrlHeadNode **nodes,
+                         int type);
+
+SECStatus SEC_DestroyCrl(CERTSignedCrl *crl);
+
+CERTSignedCrl *SEC_DupCrl(CERTSignedCrl *acrl);
+
+SECStatus CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
+                                 CERTCertTrust *trust);
+
+SECStatus SEC_DeletePermCertificate(CERTCertificate *cert);
+
+PRBool SEC_CrlIsNewer(CERTCrl *inNew, CERTCrl *old);
+
+/*
+** Extract the validity times from a CRL
+**	"crl" is the CRL
+**	"notBefore" is the start of the validity period (last update)
+**	"notAfter" is the end of the validity period (next update)
+*/
+SECStatus SEC_GetCrlTimes(CERTCrl *crl, PRTime *notBefore, PRTime *notAfter);
+
+/*
+** Check the validity times of a crl vs. time 't', allowing
+** some slop for broken clocks and stuff.
+**	"crl" is the certificate to be checked
+**	"t" is the time to check against
+*/
+SECCertTimeValidity SEC_CheckCrlTimes(CERTCrl *crl, PRTime t);
+
+SEC_END_PROTOS
+
+#endif /* _CERTDB_H_ */
diff --git a/nss/lib/certdb/certi.h b/nss/lib/certdb/certi.h
new file mode 100644
index 0000000..1cdf4b8
--- /dev/null
+++ b/nss/lib/certdb/certi.h
@@ -0,0 +1,381 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * certi.h - private data structures for the certificate library
+ */
+#ifndef _CERTI_H_
+#define _CERTI_H_
+
+#include "certt.h"
+#include "nssrwlkt.h"
+
+/*
+#define GLOBAL_RWLOCK 1
+*/
+
+#define DPC_RWLOCK 1
+
+/* all definitions in this file are subject to change */
+
+typedef struct OpaqueCRLFieldsStr OpaqueCRLFields;
+typedef struct CRLEntryCacheStr CRLEntryCache;
+typedef struct CRLDPCacheStr CRLDPCache;
+typedef struct CRLIssuerCacheStr CRLIssuerCache;
+typedef struct CRLCacheStr CRLCache;
+typedef struct CachedCrlStr CachedCrl;
+typedef struct NamedCRLCacheStr NamedCRLCache;
+typedef struct NamedCRLCacheEntryStr NamedCRLCacheEntry;
+
+struct OpaqueCRLFieldsStr {
+    PRBool partial;
+    PRBool decodingError;
+    PRBool badEntries;
+    PRBool badDER;
+    PRBool badExtensions;
+    PRBool heapDER;
+};
+
+typedef struct PreAllocatorStr PreAllocator;
+
+struct PreAllocatorStr {
+    PRSize len;
+    void* data;
+    PRSize used;
+    PLArenaPool* arena;
+    PRSize extra;
+};
+
+/*  CRL entry cache.
+    This is the same as an entry plus the next/prev pointers for the hash table
+*/
+
+struct CRLEntryCacheStr {
+    CERTCrlEntry entry;
+    CRLEntryCache *prev, *next;
+};
+
+#define CRL_CACHE_INVALID_CRLS 0x0001      /* this state will be set             \
+                 if we have CRL objects with an invalid DER or signature. Can be \
+                 cleared if the invalid objects are deleted from the token */
+#define CRL_CACHE_LAST_FETCH_FAILED 0x0002 /* this state will be set        \
+            if the last CRL fetch encountered an error. Can be cleared if a \
+            new fetch succeeds */
+
+#define CRL_CACHE_OUT_OF_MEMORY 0x0004 /* this state will be set \
+            if we don't have enough memory to build the hash table of entries */
+
+typedef enum {
+    CRL_OriginToken = 0,   /* CRL came from PKCS#11 token */
+    CRL_OriginExplicit = 1 /* CRL was explicitly added to the cache, from RAM */
+} CRLOrigin;
+
+typedef enum {
+    dpcacheNoEntry = 0,           /* no entry found for this SN */
+    dpcacheFoundEntry = 1,        /* entry found for this SN */
+    dpcacheCallerError = 2,       /* invalid args */
+    dpcacheInvalidCacheError = 3, /* CRL in cache may be bad DER */
+                                  /* or unverified */
+    dpcacheEmpty = 4,             /* no CRL in cache */
+    dpcacheLookupError = 5        /* internal error */
+} dpcacheStatus;
+
+struct CachedCrlStr {
+    CERTSignedCrl* crl;
+    CRLOrigin origin;
+    /* hash table of entries. We use a PLHashTable and pre-allocate the
+       required amount of memory in one shot, so that our allocator can
+       simply pass offsets into it when hashing.
+
+       This won't work anymore when we support delta CRLs and iCRLs, because
+       the size of the hash table will vary over time. At that point, the best
+       solution will be to allocate large CRLEntry structures by modifying
+       the DER decoding template. The extra space would be for next/prev
+       pointers. This would allow entries from different CRLs to be mixed in
+       the same hash table.
+    */
+    PLHashTable* entries;
+    PreAllocator* prebuffer; /* big pre-allocated buffer mentioned above */
+    PRBool sigChecked;       /* this CRL signature has already been checked */
+    PRBool sigValid;         /* signature verification status .
+                                Only meaningful if checked is PR_TRUE . */
+    PRBool unbuildable;      /* Avoid using assosiated CRL is it fails
+                              * a decoding step */
+};
+
+/*  CRL distribution point cache object
+    This is a cache of CRL entries for a given distribution point of an issuer
+    It is built from a collection of one full and 0 or more delta CRLs.
+*/
+
+struct CRLDPCacheStr {
+#ifdef DPC_RWLOCK
+    NSSRWLock* lock;
+#else
+    PRLock* lock;
+#endif
+    SECItem* issuerDERCert; /* issuer DER cert. Don't hold a reference
+                               to the actual cert so the trust can be
+                               updated on the cert automatically.
+                               XXX there may be multiple issuer certs,
+                               with different validity dates. Also
+                               need to deal with SKID/AKID . See
+                               bugzilla 217387, 233118 */
+
+    CERTCertDBHandle* dbHandle;
+
+    SECItem* subject;           /* DER of issuer subject */
+    SECItem* distributionPoint; /* DER of distribution point. This may be
+                                   NULL when distribution points aren't
+                                   in use (ie. the CA has a single CRL).
+                                   Currently not used. */
+
+    /* array of full CRLs matching this distribution point */
+    PRUint32 ncrls;   /* total number of CRLs in crls */
+    CachedCrl** crls; /* array of all matching CRLs */
+    /* XCRL With iCRLs and multiple DPs, the CRL can be shared accross several
+       issuers. In the future, we'll need to globally recycle the CRL in a
+       separate list in order to avoid extra lookups, decodes, and copies */
+
+    /* pointers to good decoded CRLs used to build the cache */
+    CachedCrl* selected; /* full CRL selected for use in the cache */
+#if 0
+    /* for future use */
+    PRInt32 numdeltas;      /* number of delta CRLs used for the cache */
+    CachedCrl** deltas;     /* delta CRLs used for the cache */
+#endif
+    /* cache invalidity bitflag */
+    PRUint16 invalid;  /* this state will be set if either
+        CRL_CACHE_INVALID_CRLS or CRL_CACHE_LAST_FETCH_FAILED is set.
+        In those cases, all certs are considered to have unknown status.
+        The invalid state can only be cleared during an update if all
+        error states are cleared */
+    PRBool refresh;    /* manual refresh from tokens has been forced */
+    PRBool mustchoose; /* trigger reselection algorithm, for case when
+                          RAM CRL objects are dropped from the cache */
+    PRTime lastfetch;  /* time a CRL token fetch was last performed */
+    PRTime lastcheck;  /* time CRL token objects were last checked for
+                          existence */
+};
+
+/*  CRL issuer cache object
+    This object tracks all the distribution point caches for a given issuer.
+    XCRL once we support multiple issuing distribution points, this object
+    will be a hash table. For now, it just holds the single CRL distribution
+    point cache structure.
+*/
+
+struct CRLIssuerCacheStr {
+    SECItem* subject; /* DER of issuer subject */
+    CRLDPCache* dpp;
+};
+
+/*  CRL revocation cache object
+    This object tracks all the issuer caches
+*/
+
+struct CRLCacheStr {
+#ifdef GLOBAL_RWLOCK
+    NSSRWLock* lock;
+#else
+    PRLock* lock;
+#endif
+    /* hash table of issuer to CRLIssuerCacheStr,
+       indexed by issuer DER subject */
+    PLHashTable* issuers;
+};
+
+SECStatus InitCRLCache(void);
+SECStatus ShutdownCRLCache(void);
+
+/* Returns a pointer to an environment-like string, a series of
+** null-terminated strings, terminated by a zero-length string.
+** This function is intended to be internal to NSS.
+*/
+extern char* cert_GetCertificateEmailAddresses(CERTCertificate* cert);
+
+/*
+ * These functions are used to map subjectKeyID extension values to certs
+ * and to keep track of the checks for user certificates in each slot
+ */
+SECStatus cert_CreateSubjectKeyIDHashTable(void);
+
+SECStatus cert_AddSubjectKeyIDMapping(SECItem* subjKeyID,
+                                      CERTCertificate* cert);
+
+SECStatus cert_UpdateSubjectKeyIDSlotCheck(SECItem* slotid, int series);
+
+int cert_SubjectKeyIDSlotCheckSeries(SECItem* slotid);
+
+/*
+ * Call this function to remove an entry from the mapping table.
+ */
+SECStatus cert_RemoveSubjectKeyIDMapping(SECItem* subjKeyID);
+
+SECStatus cert_DestroySubjectKeyIDHashTable(void);
+
+SECItem* cert_FindDERCertBySubjectKeyID(SECItem* subjKeyID);
+
+/* return maximum length of AVA value based on its type OID tag. */
+extern int cert_AVAOidTagToMaxLen(SECOidTag tag);
+
+/* Make an AVA, allocated from pool, from OID and DER encoded value */
+extern CERTAVA* CERT_CreateAVAFromRaw(PLArenaPool* pool, const SECItem* OID,
+                                      const SECItem* value);
+
+/* Make an AVA from binary input specified by SECItem */
+extern CERTAVA* CERT_CreateAVAFromSECItem(PLArenaPool* arena, SECOidTag kind,
+                                          int valueType, SECItem* value);
+
+/*
+ * get a DPCache object for the given issuer subject and dp
+ * Automatically creates the cache object if it doesn't exist yet.
+ */
+SECStatus AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
+                         const SECItem* dp, PRTime t, void* wincx,
+                         CRLDPCache** dpcache, PRBool* writeLocked);
+
+/* check if a particular SN is in the CRL cache and return its entry */
+dpcacheStatus DPCache_Lookup(CRLDPCache* cache, const SECItem* sn,
+                             CERTCrlEntry** returned);
+
+/* release a DPCache object that was previously acquired */
+void ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked);
+
+/*
+ * map Stan errors into NSS errors
+ * This function examines the stan error stack and automatically sets
+ * PORT_SetError(); to the appropriate SEC_ERROR value.
+ */
+void CERT_MapStanError();
+
+/* Like CERT_VerifyCert, except with an additional argument, flags. The
+ * flags are defined immediately below.
+ */
+SECStatus cert_VerifyCertWithFlags(CERTCertDBHandle* handle,
+                                   CERTCertificate* cert, PRBool checkSig,
+                                   SECCertUsage certUsage, PRTime t,
+                                   PRUint32 flags, void* wincx,
+                                   CERTVerifyLog* log);
+
+/* Use the default settings.
+ * cert_VerifyCertWithFlags(..., CERT_VERIFYCERT_USE_DEFAULTS, ...) is
+ * equivalent to CERT_VerifyCert(...);
+ */
+#define CERT_VERIFYCERT_USE_DEFAULTS 0
+
+/* Skip all the OCSP checks during certificate verification, regardless of
+ * the global OCSP settings. By default, certificate |cert| will have its
+ * revocation status checked via OCSP according to the global OCSP settings.
+ *
+ * OCSP checking is always skipped when certUsage is certUsageStatusResponder.
+ */
+#define CERT_VERIFYCERT_SKIP_OCSP 1
+
+/* Interface function for libpkix cert validation engine:
+ * cert_verify wrapper. */
+SECStatus cert_VerifyCertChainPkix(CERTCertificate* cert, PRBool checkSig,
+                                   SECCertUsage requiredUsage, PRTime time,
+                                   void* wincx, CERTVerifyLog* log,
+                                   PRBool* sigError, PRBool* revoked);
+
+SECStatus cert_InitLocks(void);
+
+SECStatus cert_DestroyLocks(void);
+
+/*
+ * fill in nsCertType field of the cert based on the cert extension
+ */
+extern SECStatus cert_GetCertType(CERTCertificate* cert);
+
+/*
+ * compute and return the value of nsCertType for cert, but do not
+ * update the CERTCertificate.
+ */
+extern PRUint32 cert_ComputeCertType(CERTCertificate* cert);
+
+void cert_AddToVerifyLog(CERTVerifyLog* log, CERTCertificate* cert,
+                         long errorCode, unsigned int depth, void* arg);
+
+/* Insert a DER CRL into the CRL cache, and take ownership of it.
+ *
+ * cert_CacheCRLByGeneralName takes ownership of the memory in crl argument
+ * completely.  crl must be freeable by SECITEM_FreeItem. It will be freed
+ * immediately if it is rejected from the CRL cache, or later during cache
+ * updates when a new crl is available, or at shutdown time.
+ *
+ * canonicalizedName represents the source of the CRL, a GeneralName.
+ * The format of the encoding is not restricted, but all callers of
+ * cert_CacheCRLByGeneralName and cert_FindCRLByGeneralName must use
+ * the same encoding. To facilitate X.500 name matching, a canonicalized
+ * encoding of the GeneralName should be used, if available.
+ */
+
+SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
+                                     const SECItem* canonicalizedName);
+
+struct NamedCRLCacheStr {
+    PRLock* lock;
+    PLHashTable* entries;
+};
+
+/* NamedCRLCacheEntryStr is filled in by cert_CacheCRLByGeneralName,
+ * and read by cert_FindCRLByGeneralName */
+struct NamedCRLCacheEntryStr {
+    SECItem* canonicalizedName;
+    SECItem* crl; /* DER, kept only if CRL
+                   * is successfully cached */
+    PRBool inCRLCache;
+    PRTime successfulInsertionTime; /* insertion time */
+    PRTime lastAttemptTime;         /* time of last call to
+                              cert_CacheCRLByGeneralName with this name */
+    PRBool badDER;                  /* ASN.1 error */
+    PRBool dupe;                    /* matching DER CRL already in CRL cache */
+    PRBool unsupported;             /* IDP, delta, any other reason */
+};
+
+typedef enum {
+    certRevocationStatusRevoked = 0,
+    certRevocationStatusValid = 1,
+    certRevocationStatusUnknown = 2
+} CERTRevocationStatus;
+
+/* Returns detailed status of the cert(revStatus variable). Tells if
+ * issuer cache has OriginFetchedWithTimeout crl in it. */
+SECStatus cert_CheckCertRevocationStatus(CERTCertificate* cert,
+                                         CERTCertificate* issuer,
+                                         const SECItem* dp, PRTime t,
+                                         void* wincx,
+                                         CERTRevocationStatus* revStatus,
+                                         CERTCRLEntryReasonCode* revReason);
+
+SECStatus cert_AcquireNamedCRLCache(NamedCRLCache** returned);
+
+/* cert_FindCRLByGeneralName must be called only while the named cache is
+ * acquired, and the entry is only valid until cache is released.
+ */
+SECStatus cert_FindCRLByGeneralName(NamedCRLCache* ncc,
+                                    const SECItem* canonicalizedName,
+                                    NamedCRLCacheEntry** retEntry);
+
+SECStatus cert_ReleaseNamedCRLCache(NamedCRLCache* ncc);
+
+/* This is private for now.  Maybe shoule be public. */
+CERTGeneralName* cert_GetSubjectAltNameList(const CERTCertificate* cert,
+                                            PLArenaPool* arena);
+
+/* Count DNS names and IP addresses in a list of GeneralNames */
+PRUint32 cert_CountDNSPatterns(CERTGeneralName* firstName);
+
+/*
+ * returns the trust status of the leaf certificate based on usage.
+ * If the leaf is explicitly untrusted, this function will fail and
+ * failedFlags will be set to the trust bit value that lead to the failure.
+ * If the leaf is trusted, isTrusted is set to true and the function returns
+ * SECSuccess. This function does not check if the cert is fit for a
+ * particular usage.
+ */
+SECStatus cert_CheckLeafTrust(CERTCertificate* cert, SECCertUsage usage,
+                              unsigned int* failedFlags, PRBool* isTrusted);
+
+#endif /* _CERTI_H_ */
diff --git a/nss/lib/certdb/certt.h b/nss/lib/certdb/certt.h
new file mode 100644
index 0000000..797f9f5
--- /dev/null
+++ b/nss/lib/certdb/certt.h
@@ -0,0 +1,1328 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * certt.h - public data structures for the certificate library
+ */
+#ifndef _CERTT_H_
+#define _CERTT_H_
+
+#include "prclist.h"
+#include "pkcs11t.h"
+#include "seccomon.h"
+#include "secmodt.h"
+#include "secoidt.h"
+#include "plarena.h"
+#include "prcvar.h"
+#include "nssilock.h"
+#include "prio.h"
+#include "prmon.h"
+
+/* Stan data types */
+struct NSSCertificateStr;
+struct NSSTrustDomainStr;
+
+/* Non-opaque objects */
+typedef struct CERTAVAStr CERTAVA;
+typedef struct CERTAttributeStr CERTAttribute;
+typedef struct CERTAuthInfoAccessStr CERTAuthInfoAccess;
+typedef struct CERTAuthKeyIDStr CERTAuthKeyID;
+typedef struct CERTBasicConstraintsStr CERTBasicConstraints;
+typedef struct NSSTrustDomainStr CERTCertDBHandle;
+typedef struct CERTCertExtensionStr CERTCertExtension;
+typedef struct CERTCertKeyStr CERTCertKey;
+typedef struct CERTCertListStr CERTCertList;
+typedef struct CERTCertListNodeStr CERTCertListNode;
+typedef struct CERTCertNicknamesStr CERTCertNicknames;
+typedef struct CERTCertTrustStr CERTCertTrust;
+typedef struct CERTCertificateStr CERTCertificate;
+typedef struct CERTCertificateListStr CERTCertificateList;
+typedef struct CERTCertificateRequestStr CERTCertificateRequest;
+typedef struct CERTCrlStr CERTCrl;
+typedef struct CERTCrlDistributionPointsStr CERTCrlDistributionPoints;
+typedef struct CERTCrlEntryStr CERTCrlEntry;
+typedef struct CERTCrlHeadNodeStr CERTCrlHeadNode;
+typedef struct CERTCrlKeyStr CERTCrlKey;
+typedef struct CERTCrlNodeStr CERTCrlNode;
+typedef struct CERTDERCertsStr CERTDERCerts;
+typedef struct CERTDistNamesStr CERTDistNames;
+typedef struct CERTGeneralNameStr CERTGeneralName;
+typedef struct CERTGeneralNameListStr CERTGeneralNameList;
+typedef struct CERTIssuerAndSNStr CERTIssuerAndSN;
+typedef struct CERTNameStr CERTName;
+typedef struct CERTNameConstraintStr CERTNameConstraint;
+typedef struct CERTNameConstraintsStr CERTNameConstraints;
+typedef struct CERTOKDomainNameStr CERTOKDomainName;
+typedef struct CERTPrivKeyUsagePeriodStr CERTPrivKeyUsagePeriod;
+typedef struct CERTPublicKeyAndChallengeStr CERTPublicKeyAndChallenge;
+typedef struct CERTRDNStr CERTRDN;
+typedef struct CERTSignedCrlStr CERTSignedCrl;
+typedef struct CERTSignedDataStr CERTSignedData;
+typedef struct CERTStatusConfigStr CERTStatusConfig;
+typedef struct CERTSubjectListStr CERTSubjectList;
+typedef struct CERTSubjectNodeStr CERTSubjectNode;
+typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
+typedef struct CERTValidityStr CERTValidity;
+typedef struct CERTVerifyLogStr CERTVerifyLog;
+typedef struct CERTVerifyLogNodeStr CERTVerifyLogNode;
+typedef struct CRLDistributionPointStr CRLDistributionPoint;
+
+/* CRL extensions type */
+typedef unsigned long CERTCrlNumber;
+
+/*
+** An X.500 AVA object
+*/
+struct CERTAVAStr {
+    SECItem type;
+    SECItem value;
+};
+
+/*
+** An X.500 RDN object
+*/
+struct CERTRDNStr {
+    CERTAVA **avas;
+};
+
+/*
+** An X.500 name object
+*/
+struct CERTNameStr {
+    PLArenaPool *arena;
+    CERTRDN **rdns;
+};
+
+/*
+** An X.509 validity object
+*/
+struct CERTValidityStr {
+    PLArenaPool *arena;
+    SECItem notBefore;
+    SECItem notAfter;
+};
+
+/*
+ * A serial number and issuer name, which is used as a database key
+ */
+struct CERTCertKeyStr {
+    SECItem serialNumber;
+    SECItem derIssuer;
+};
+
+/*
+** A signed data object. Used to implement the "signed" macro used
+** in the X.500 specs.
+*/
+struct CERTSignedDataStr {
+    SECItem data;
+    SECAlgorithmID signatureAlgorithm;
+    SECItem signature;
+};
+
+/*
+** An X.509 subject-public-key-info object
+*/
+struct CERTSubjectPublicKeyInfoStr {
+    PLArenaPool *arena;
+    SECAlgorithmID algorithm;
+    SECItem subjectPublicKey;
+};
+
+struct CERTPublicKeyAndChallengeStr {
+    SECItem spki;
+    SECItem challenge;
+};
+
+struct CERTCertTrustStr {
+    unsigned int sslFlags;
+    unsigned int emailFlags;
+    unsigned int objectSigningFlags;
+};
+
+/*
+ * defined the types of trust that exist
+ */
+typedef enum SECTrustTypeEnum {
+    trustSSL = 0,
+    trustEmail = 1,
+    trustObjectSigning = 2,
+    trustTypeNone = 3
+} SECTrustType;
+
+#define SEC_GET_TRUST_FLAGS(trust, type)                                  \
+    (((type) == trustSSL)                                                 \
+         ? ((trust)->sslFlags)                                            \
+         : (((type) == trustEmail) ? ((trust)->emailFlags)                \
+                                   : (((type) == trustObjectSigning)      \
+                                          ? ((trust)->objectSigningFlags) \
+                                          : 0)))
+
+/*
+** An X.509.3 certificate extension
+*/
+struct CERTCertExtensionStr {
+    SECItem id;
+    SECItem critical;
+    SECItem value;
+};
+
+struct CERTSubjectNodeStr {
+    struct CERTSubjectNodeStr *next;
+    struct CERTSubjectNodeStr *prev;
+    SECItem certKey;
+    SECItem keyID;
+};
+
+struct CERTSubjectListStr {
+    PLArenaPool *arena;
+    int ncerts;
+    char *emailAddr;
+    CERTSubjectNode *head;
+    CERTSubjectNode *tail; /* do we need tail? */
+    void *entry;
+};
+
+/*
+** An X.509 certificate object (the unsigned form)
+*/
+struct CERTCertificateStr {
+    /* the arena is used to allocate any data structures that have the same
+     * lifetime as the cert.  This is all stuff that hangs off of the cert
+     * structure, and is all freed at the same time.  It is used when the
+     * cert is decoded, destroyed, and at some times when it changes
+     * state
+     */
+    PLArenaPool *arena;
+
+    /* The following fields are static after the cert has been decoded */
+    char *subjectName;
+    char *issuerName;
+    CERTSignedData signatureWrap; /* XXX */
+    SECItem derCert;              /* original DER for the cert */
+    SECItem derIssuer;            /* DER for issuer name */
+    SECItem derSubject;           /* DER for subject name */
+    SECItem derPublicKey;         /* DER for the public key */
+    SECItem certKey;              /* database key for this cert */
+    SECItem version;
+    SECItem serialNumber;
+    SECAlgorithmID signature;
+    CERTName issuer;
+    CERTValidity validity;
+    CERTName subject;
+    CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
+    SECItem issuerID;
+    SECItem subjectID;
+    CERTCertExtension **extensions;
+    char *emailAddr;
+    CERTCertDBHandle *dbhandle;
+    SECItem subjectKeyID;     /* x509v3 subject key identifier */
+    PRBool keyIDGenerated;    /* was the keyid generated? */
+    unsigned int keyUsage;    /* what uses are allowed for this cert */
+    unsigned int rawKeyUsage; /* value of the key usage extension */
+    PRBool keyUsagePresent;   /* was the key usage extension present */
+    PRUint32 nsCertType;      /* value of the ns cert type extension */
+                              /* must be 32-bit for PR_ATOMIC_SET */
+
+    /* these values can be set by the application to bypass certain checks
+     * or to keep the cert in memory for an entire session.
+     * XXX - need an api to set these
+     */
+    PRBool keepSession;         /* keep this cert for entire session*/
+    PRBool timeOK;              /* is the bad validity time ok? */
+    CERTOKDomainName *domainOK; /* these domain names are ok */
+
+    /*
+     * these values can change when the cert changes state.  These state
+     * changes include transitions from temp to perm or vice-versa, and
+     * changes of trust flags
+     */
+    PRBool isperm;
+    PRBool istemp;
+    char *nickname;
+    char *dbnickname;
+    struct NSSCertificateStr *nssCertificate; /* This is Stan stuff. */
+    CERTCertTrust *trust;
+
+    /* the reference count is modified whenever someone looks up, dups
+     * or destroys a certificate
+     */
+    int referenceCount;
+
+    /* The subject list is a list of all certs with the same subject name.
+     * It can be modified any time a cert is added or deleted from either
+     * the in-memory(temporary) or on-disk(permanent) database.
+     */
+    CERTSubjectList *subjectList;
+
+    /* these belong in the static section, but are here to maintain
+     * the structure's integrity
+     */
+    CERTAuthKeyID *authKeyID; /* x509v3 authority key identifier */
+    PRBool isRoot;            /* cert is the end of a chain */
+
+    /* these fields are used by client GUI code to keep track of ssl sockets
+     * that are blocked waiting on GUI feedback related to this cert.
+     * XXX - these should be moved into some sort of application specific
+     *       data structure.  They are only used by the browser right now.
+     */
+    union {
+        void *apointer; /* was struct SECSocketNode* authsocketlist */
+        struct {
+            unsigned int hasUnsupportedCriticalExt : 1;
+            /* add any new option bits needed here */
+        } bits;
+    } options;
+    int series; /* was int authsocketcount; record the series of the pkcs11ID */
+
+    /* This is PKCS #11 stuff. */
+    PK11SlotInfo *slot;        /*if this cert came of a token, which is it*/
+    CK_OBJECT_HANDLE pkcs11ID; /*and which object on that token is it */
+    PRBool ownSlot;            /*true if the cert owns the slot reference */
+};
+#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
+#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
+#define SEC_CERTIFICATE_VERSION_3 2 /* v3 extensions */
+
+#define SEC_CRL_VERSION_1 0 /* default */
+#define SEC_CRL_VERSION_2 1 /* v2 extensions */
+
+/*
+ * used to identify class of cert in mime stream code
+ */
+#define SEC_CERT_CLASS_CA 1
+#define SEC_CERT_CLASS_SERVER 2
+#define SEC_CERT_CLASS_USER 3
+#define SEC_CERT_CLASS_EMAIL 4
+
+struct CERTDERCertsStr {
+    PLArenaPool *arena;
+    int numcerts;
+    SECItem *rawCerts;
+};
+
+/*
+** A PKCS ? Attribute
+** XXX this is duplicated through out the code, it *should* be moved
+** to a central location.  Where would be appropriate?
+*/
+struct CERTAttributeStr {
+    SECItem attrType;
+    SECItem **attrValue;
+};
+
+/*
+** A PKCS#10 certificate-request object (the unsigned form)
+*/
+struct CERTCertificateRequestStr {
+    PLArenaPool *arena;
+    SECItem version;
+    CERTName subject;
+    CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
+    CERTAttribute **attributes;
+};
+#define SEC_CERTIFICATE_REQUEST_VERSION 0 /* what we *create* */
+
+/*
+** A certificate list object.
+*/
+struct CERTCertificateListStr {
+    SECItem *certs;
+    int len; /* number of certs */
+    PLArenaPool *arena;
+};
+
+struct CERTCertListNodeStr {
+    PRCList links;
+    CERTCertificate *cert;
+    void *appData;
+};
+
+struct CERTCertListStr {
+    PRCList list;
+    PLArenaPool *arena;
+};
+
+#define CERT_LIST_HEAD(l) ((CERTCertListNode *)PR_LIST_HEAD(&l->list))
+#define CERT_LIST_TAIL(l) ((CERTCertListNode *)PR_LIST_TAIL(&l->list))
+#define CERT_LIST_NEXT(n) ((CERTCertListNode *)n->links.next)
+#define CERT_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
+#define CERT_LIST_EMPTY(l) CERT_LIST_END(CERT_LIST_HEAD(l), l)
+
+struct CERTCrlEntryStr {
+    SECItem serialNumber;
+    SECItem revocationDate;
+    CERTCertExtension **extensions;
+};
+
+struct CERTCrlStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECAlgorithmID signatureAlg;
+    SECItem derName;
+    CERTName name;
+    SECItem lastUpdate;
+    SECItem nextUpdate; /* optional for x.509 CRL  */
+    CERTCrlEntry **entries;
+    CERTCertExtension **extensions;
+    /* can't add anything there for binary backwards compatibility reasons */
+};
+
+struct CERTCrlKeyStr {
+    SECItem derName;
+    SECItem dummy; /* The decoder can not skip a primitive,
+                      this serves as a place holder for the
+                      decoder to finish its task only
+                   */
+};
+
+struct CERTSignedCrlStr {
+    PLArenaPool *arena;
+    CERTCrl crl;
+    void *reserved1;
+    PRBool reserved2;
+    PRBool isperm;
+    PRBool istemp;
+    int referenceCount;
+    CERTCertDBHandle *dbhandle;
+    CERTSignedData signatureWrap; /* XXX */
+    char *url;
+    SECItem *derCrl;
+    PK11SlotInfo *slot;
+    CK_OBJECT_HANDLE pkcs11ID;
+    void *opaque; /* do not touch */
+};
+
+struct CERTCrlHeadNodeStr {
+    PLArenaPool *arena;
+    CERTCertDBHandle *dbhandle;
+    CERTCrlNode *first;
+    CERTCrlNode *last;
+};
+
+struct CERTCrlNodeStr {
+    CERTCrlNode *next;
+    int type;
+    CERTSignedCrl *crl;
+};
+
+/*
+ * Array of X.500 Distinguished Names
+ */
+struct CERTDistNamesStr {
+    PLArenaPool *arena;
+    int nnames;
+    SECItem *names;
+    void *head; /* private */
+};
+
+#define NS_CERT_TYPE_SSL_CLIENT (0x80)        /* bit 0 */
+#define NS_CERT_TYPE_SSL_SERVER (0x40)        /* bit 1 */
+#define NS_CERT_TYPE_EMAIL (0x20)             /* bit 2 */
+#define NS_CERT_TYPE_OBJECT_SIGNING (0x10)    /* bit 3 */
+#define NS_CERT_TYPE_RESERVED (0x08)          /* bit 4 */
+#define NS_CERT_TYPE_SSL_CA (0x04)            /* bit 5 */
+#define NS_CERT_TYPE_EMAIL_CA (0x02)          /* bit 6 */
+#define NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
+
+#define EXT_KEY_USAGE_TIME_STAMP (0x8000)
+#define EXT_KEY_USAGE_STATUS_RESPONDER (0x4000)
+
+#define NS_CERT_TYPE_APP                                                      \
+    (NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | NS_CERT_TYPE_EMAIL | \
+     NS_CERT_TYPE_OBJECT_SIGNING)
+
+#define NS_CERT_TYPE_CA                            \
+    (NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA | \
+     NS_CERT_TYPE_OBJECT_SIGNING_CA | EXT_KEY_USAGE_STATUS_RESPONDER)
+typedef enum SECCertUsageEnum {
+    certUsageSSLClient = 0,
+    certUsageSSLServer = 1,
+    certUsageSSLServerWithStepUp = 2,
+    certUsageSSLCA = 3,
+    certUsageEmailSigner = 4,
+    certUsageEmailRecipient = 5,
+    certUsageObjectSigner = 6,
+    certUsageUserCertImport = 7,
+    certUsageVerifyCA = 8,
+    certUsageProtectedObjectSigner = 9,
+    certUsageStatusResponder = 10,
+    certUsageAnyCA = 11
+} SECCertUsage;
+
+typedef PRInt64 SECCertificateUsage;
+
+#define certificateUsageCheckAllUsages (0x0000)
+#define certificateUsageSSLClient (0x0001)
+#define certificateUsageSSLServer (0x0002)
+#define certificateUsageSSLServerWithStepUp (0x0004)
+#define certificateUsageSSLCA (0x0008)
+#define certificateUsageEmailSigner (0x0010)
+#define certificateUsageEmailRecipient (0x0020)
+#define certificateUsageObjectSigner (0x0040)
+#define certificateUsageUserCertImport (0x0080)
+#define certificateUsageVerifyCA (0x0100)
+#define certificateUsageProtectedObjectSigner (0x0200)
+#define certificateUsageStatusResponder (0x0400)
+#define certificateUsageAnyCA (0x0800)
+
+#define certificateUsageHighest certificateUsageAnyCA
+
+/*
+ * Does the cert belong to the user, a peer, or a CA.
+ */
+typedef enum CERTCertOwnerEnum {
+    certOwnerUser = 0,
+    certOwnerPeer = 1,
+    certOwnerCA = 2
+} CERTCertOwner;
+
+/*
+ * This enum represents the state of validity times of a certificate
+ */
+typedef enum SECCertTimeValidityEnum {
+    secCertTimeValid = 0,
+    secCertTimeExpired = 1,
+    secCertTimeNotValidYet = 2,
+    secCertTimeUndetermined = 3 /* validity could not be decoded from the
+                                   cert, most likely because it was NULL */
+} SECCertTimeValidity;
+
+/*
+ * This is used as return status in functions that compare the validity
+ * periods of two certificates A and B, currently only
+ * CERT_CompareValidityTimes.
+ */
+
+typedef enum CERTCompareValidityStatusEnum {
+    certValidityUndetermined = 0, /* the function is unable to select one cert
+                                     over another */
+    certValidityChooseB = 1,      /* cert B should be preferred */
+    certValidityEqual = 2,        /* both certs have the same validity period */
+    certValidityChooseA = 3       /* cert A should be preferred */
+} CERTCompareValidityStatus;
+
+/*
+ * Interface for getting certificate nickname strings out of the database
+ */
+
+/* these are values for the what argument below */
+#define SEC_CERT_NICKNAMES_ALL 1
+#define SEC_CERT_NICKNAMES_USER 2
+#define SEC_CERT_NICKNAMES_SERVER 3
+#define SEC_CERT_NICKNAMES_CA 4
+
+struct CERTCertNicknamesStr {
+    PLArenaPool *arena;
+    void *head;
+    int numnicknames;
+    char **nicknames;
+    int what;
+    int totallen;
+};
+
+struct CERTIssuerAndSNStr {
+    SECItem derIssuer;
+    CERTName issuer;
+    SECItem serialNumber;
+};
+
+/* X.509 v3 Key Usage Extension flags */
+#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
+#define KU_NON_REPUDIATION (0x40)   /* bit 1 */
+#define KU_KEY_ENCIPHERMENT (0x20)  /* bit 2 */
+#define KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
+#define KU_KEY_AGREEMENT (0x08)     /* bit 4 */
+#define KU_KEY_CERT_SIGN (0x04)     /* bit 5 */
+#define KU_CRL_SIGN (0x02)          /* bit 6 */
+#define KU_ENCIPHER_ONLY (0x01)     /* bit 7 */
+#define KU_ALL                                                         \
+    (KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT | \
+     KU_DATA_ENCIPHERMENT | KU_KEY_AGREEMENT | KU_KEY_CERT_SIGN |      \
+     KU_CRL_SIGN | KU_ENCIPHER_ONLY)
+
+/* This value will not occur in certs.  It is used internally for the case
+ * when either digital signature or non-repudiation is the correct value.
+ */
+#define KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION (0x2000)
+
+/* This value will not occur in certs.  It is used internally for the case
+ * when the key type is not know ahead of time and either key agreement or
+ * key encipherment are the correct value based on key type
+ */
+#define KU_KEY_AGREEMENT_OR_ENCIPHERMENT (0x4000)
+
+/* internal bits that do not match bits in the x509v3 spec, but are used
+ * for similar purposes
+ */
+#define KU_NS_GOVT_APPROVED (0x8000) /*don't make part of KU_ALL!*/
+/*
+* x.509 v3 Basic Constraints Extension
+* If isCA is false, the pathLenConstraint is ignored.
+* Otherwise, the following pathLenConstraint values will apply:
+*	< 0 - there is no limit to the certificate path
+*	0   - CA can issues end-entity certificates only
+*	> 0 - the number of certificates in the certificate path is
+*	      limited to this number
+*/
+#define CERT_UNLIMITED_PATH_CONSTRAINT -2
+
+struct CERTBasicConstraintsStr {
+    PRBool isCA;           /* on if is CA */
+    int pathLenConstraint; /* maximum number of certificates that can be
+                              in the cert path.  Only applies to a CA
+                              certificate; otherwise, it's ignored.
+                            */
+};
+
+/* Maximum length of a certificate chain */
+#define CERT_MAX_CERT_CHAIN 20
+
+#define CERT_MAX_SERIAL_NUMBER_BYTES 20 /* from RFC 3280 */
+#define CERT_MAX_DN_BYTES 4096          /* arbitrary */
+
+/* x.509 v3 Reason Flags, used in CRLDistributionPoint Extension */
+#define RF_UNUSED (0x80)                 /* bit 0 */
+#define RF_KEY_COMPROMISE (0x40)         /* bit 1 */
+#define RF_CA_COMPROMISE (0x20)          /* bit 2 */
+#define RF_AFFILIATION_CHANGED (0x10)    /* bit 3 */
+#define RF_SUPERSEDED (0x08)             /* bit 4 */
+#define RF_CESSATION_OF_OPERATION (0x04) /* bit 5 */
+#define RF_CERTIFICATE_HOLD (0x02)       /* bit 6 */
+
+/* enum for CRL Entry Reason Code */
+typedef enum CERTCRLEntryReasonCodeEnum {
+    crlEntryReasonUnspecified = 0,
+    crlEntryReasonKeyCompromise = 1,
+    crlEntryReasonCaCompromise = 2,
+    crlEntryReasonAffiliationChanged = 3,
+    crlEntryReasonSuperseded = 4,
+    crlEntryReasonCessationOfOperation = 5,
+    crlEntryReasoncertificatedHold = 6,
+    crlEntryReasonRemoveFromCRL = 8,
+    crlEntryReasonPrivilegeWithdrawn = 9,
+    crlEntryReasonAaCompromise = 10
+} CERTCRLEntryReasonCode;
+
+/* If we needed to extract the general name field, use this */
+/* General Name types */
+typedef enum CERTGeneralNameTypeEnum {
+    certOtherName = 1,
+    certRFC822Name = 2,
+    certDNSName = 3,
+    certX400Address = 4,
+    certDirectoryName = 5,
+    certEDIPartyName = 6,
+    certURI = 7,
+    certIPAddress = 8,
+    certRegisterID = 9
+} CERTGeneralNameType;
+
+typedef struct OtherNameStr {
+    SECItem name;
+    SECItem oid;
+} OtherName;
+
+struct CERTGeneralNameStr {
+    CERTGeneralNameType type; /* name type */
+    union {
+        CERTName directoryName; /* distinguish name */
+        OtherName OthName;      /* Other Name */
+        SECItem other;          /* the rest of the name forms */
+    } name;
+    SECItem derDirectoryName; /* this is saved to simplify directory name
+                                 comparison */
+    PRCList l;
+};
+
+struct CERTGeneralNameListStr {
+    PLArenaPool *arena;
+    CERTGeneralName *name;
+    int refCount;
+    int len;
+    PZLock *lock;
+};
+
+struct CERTNameConstraintStr {
+    CERTGeneralName name;
+    SECItem DERName;
+    SECItem min;
+    SECItem max;
+    PRCList l;
+};
+
+struct CERTNameConstraintsStr {
+    CERTNameConstraint *permited;
+    CERTNameConstraint *excluded;
+    SECItem **DERPermited;
+    SECItem **DERExcluded;
+};
+
+/* Private Key Usage Period extension struct. */
+struct CERTPrivKeyUsagePeriodStr {
+    SECItem notBefore;
+    SECItem notAfter;
+    PLArenaPool *arena;
+};
+
+/* X.509 v3 Authority Key Identifier extension.  For the authority certificate
+   issuer field, we only support URI now.
+ */
+struct CERTAuthKeyIDStr {
+    SECItem keyID;                   /* unique key identifier */
+    CERTGeneralName *authCertIssuer; /* CA's issuer name.  End with a NULL */
+    SECItem authCertSerialNumber;    /* CA's certificate serial number */
+    SECItem **DERAuthCertIssuer;     /* This holds the DER encoded format of
+                                        the authCertIssuer field. It is used
+                                        by the encoding engine. It should be
+                                        used as a read only field by the caller.
+                                     */
+};
+
+/* x.509 v3 CRL Distributeion Point */
+
+/*
+ * defined the types of CRL Distribution points
+ */
+typedef enum DistributionPointTypesEnum {
+    generalName = 1, /* only support this for now */
+    relativeDistinguishedName = 2
+} DistributionPointTypes;
+
+struct CRLDistributionPointStr {
+    DistributionPointTypes distPointType;
+    union {
+        CERTGeneralName *fullName;
+        CERTRDN relativeName;
+    } distPoint;
+    SECItem reasons;
+    CERTGeneralName *crlIssuer;
+
+    /* Reserved for internal use only*/
+    SECItem derDistPoint;
+    SECItem derRelativeName;
+    SECItem **derCrlIssuer;
+    SECItem **derFullName;
+    SECItem bitsmap;
+};
+
+struct CERTCrlDistributionPointsStr {
+    CRLDistributionPoint **distPoints;
+};
+
+/*
+ * This structure is used to keep a log of errors when verifying
+ * a cert chain.  This allows multiple errors to be reported all at
+ * once.
+ */
+struct CERTVerifyLogNodeStr {
+    CERTCertificate *cert;             /* what cert had the error */
+    long error;                        /* what error was it? */
+    unsigned int depth;                /* how far up the chain are we */
+    void *arg;                         /* error specific argument */
+    struct CERTVerifyLogNodeStr *next; /* next in the list */
+    struct CERTVerifyLogNodeStr *prev; /* next in the list */
+};
+
+struct CERTVerifyLogStr {
+    PLArenaPool *arena;
+    unsigned int count;
+    struct CERTVerifyLogNodeStr *head;
+    struct CERTVerifyLogNodeStr *tail;
+};
+
+struct CERTOKDomainNameStr {
+    CERTOKDomainName *next;
+    char *name;
+};
+
+typedef SECStatus(PR_CALLBACK *CERTStatusChecker)(CERTCertDBHandle *handle,
+                                                  CERTCertificate *cert,
+                                                  PRTime time, void *pwArg);
+
+typedef SECStatus(PR_CALLBACK *CERTStatusDestroy)(CERTStatusConfig *handle);
+
+struct CERTStatusConfigStr {
+    CERTStatusChecker statusChecker; /* NULL means no checking enabled */
+    CERTStatusDestroy statusDestroy; /* enabled or no, will clean up */
+    void *statusContext;             /* cx specific to checking protocol */
+};
+
+struct CERTAuthInfoAccessStr {
+    SECItem method;
+    SECItem derLocation;
+    CERTGeneralName *location; /* decoded location */
+};
+
+/* This is the typedef for the callback passed to CERT_OpenCertDB() */
+/* callback to return database name based on version number */
+typedef char *(*CERTDBNameFunc)(void *arg, int dbVersion);
+
+/*
+ * types of cert packages that we can decode
+ */
+typedef enum CERTPackageTypeEnum {
+    certPackageNone = 0,
+    certPackageCert = 1,
+    certPackagePKCS7 = 2,
+    certPackageNSCertSeq = 3,
+    certPackageNSCertWrap = 4
+} CERTPackageType;
+
+/*
+ * these types are for the PKIX Certificate Policies extension
+ */
+typedef struct {
+    SECOidTag oid;
+    SECItem qualifierID;
+    SECItem qualifierValue;
+} CERTPolicyQualifier;
+
+typedef struct {
+    SECOidTag oid;
+    SECItem policyID;
+    CERTPolicyQualifier **policyQualifiers;
+} CERTPolicyInfo;
+
+typedef struct {
+    PLArenaPool *arena;
+    CERTPolicyInfo **policyInfos;
+} CERTCertificatePolicies;
+
+typedef struct {
+    SECItem organization;
+    SECItem **noticeNumbers;
+} CERTNoticeReference;
+
+typedef struct {
+    PLArenaPool *arena;
+    CERTNoticeReference noticeReference;
+    SECItem derNoticeReference;
+    SECItem displayText;
+} CERTUserNotice;
+
+typedef struct {
+    PLArenaPool *arena;
+    SECItem **oids;
+} CERTOidSequence;
+
+/*
+ * these types are for the PKIX Policy Mappings extension
+ */
+typedef struct {
+    SECItem issuerDomainPolicy;
+    SECItem subjectDomainPolicy;
+} CERTPolicyMap;
+
+typedef struct {
+    PLArenaPool *arena;
+    CERTPolicyMap **policyMaps;
+} CERTCertificatePolicyMappings;
+
+/*
+ * these types are for the PKIX inhibitAnyPolicy extension
+ */
+typedef struct {
+    SECItem inhibitAnySkipCerts;
+} CERTCertificateInhibitAny;
+
+/*
+ * these types are for the PKIX Policy Constraints extension
+ */
+typedef struct {
+    SECItem explicitPolicySkipCerts;
+    SECItem inhibitMappingSkipCerts;
+} CERTCertificatePolicyConstraints;
+
+/*
+ * These types are for the validate chain callback param.
+ *
+ * CERTChainVerifyCallback is an application-supplied callback that can be used
+ * to augment libpkix's certificate chain validation with additional
+ * application-specific checks. It may be called multiple times if there are
+ * multiple potentially-valid paths for the certificate being validated. This
+ * callback is called before revocation checking is done on the certificates in
+ * the given chain.
+ *
+ * - isValidChainArg contains the application-provided opaque argument
+ * - currentChain is the currently validated chain. It is ordered with the leaf
+ *   certificate at the head and the trust anchor at the tail.
+ *
+ * The callback should set *chainOK = PR_TRUE and return SECSuccess if the
+ * certificate chain is acceptable. It should set *chainOK = PR_FALSE and
+ * return SECSuccess if the chain is unacceptable, to indicate that the given
+ * chain is bad and path building should continue. It should return SECFailure
+ * to indicate an fatal error that will cause path validation to fail
+ * immediately.
+ */
+typedef SECStatus (*CERTChainVerifyCallbackFunc)(
+    void *isChainValidArg, const CERTCertList *currentChain, PRBool *chainOK);
+
+/*
+ * Note: If extending this structure, it will be necessary to change the
+ * associated CERTValParamInType
+ */
+typedef struct {
+    CERTChainVerifyCallbackFunc isChainValid;
+    void *isChainValidArg;
+} CERTChainVerifyCallback;
+
+/*
+ * these types are for the CERT_PKIX* Verification functions
+ * These are all optional parameters.
+ */
+
+typedef enum {
+    cert_pi_end = 0,              /* SPECIAL: signifies end of array of
+                              * CERTValParam* */
+    cert_pi_nbioContext = 1,      /* specify a non-blocking IO context used to
+                              * resume a session. If this argument is
+                              * specified, no other arguments should be.
+                              * Specified in value.pointer.p. If the
+                              * operation completes the context will be
+                              * freed. */
+    cert_pi_nbioAbort = 2,        /* specify a non-blocking IO context for an
+                              * existing operation which the caller wants
+                              * to abort. If this argument is
+                              * specified, no other arguments should be.
+                              * Specified in value.pointer.p. If the
+                              * operation succeeds the context will be
+                              * freed. */
+    cert_pi_certList = 3,         /* specify the chain to validate against. If
+                              * this value is given, then the path
+                              * construction step in the validation is
+                              * skipped. Specified in value.pointer.chain */
+    cert_pi_policyOID = 4,        /* validate certificate for policy OID.
+                              * Specified in value.array.oids. Cert must
+                              * be good for at least one OID in order
+                              * to validate. Default is that the user is not
+                              * concerned about certificate policy. */
+    cert_pi_policyFlags = 5,      /* flags for each policy specified in policyOID.
+                              * Specified in value.scalar.ul. Policy flags
+                              * apply to all specified oids.
+                              * Use CERT_POLICY_FLAG_* macros below. If not
+                              * specified policy flags default to 0 */
+    cert_pi_keyusage = 6,         /* specify what the keyusages the certificate
+                              * will be evaluated against, specified in
+                              * value.scalar.ui. The cert must validate for
+                              * at least one of the specified key usages.
+                              * Values match the KU_  bit flags defined
+                              * in this file. Default is derived from
+                              * the 'usages' function argument */
+    cert_pi_extendedKeyusage = 7, /* specify what the required extended key
+                                   * usage of the certificate. Specified as
+                                   * an array of oidTags in value.array.oids.
+                                   * The cert must validate for at least one
+                                   * of the specified extended key usages.
+                                   * If not specified, no extended key usages
+                                   * will be checked. */
+    cert_pi_date = 8,             /* validate certificate is valid as of date
+                                   * specified in value.scalar.time. A special
+                                   * value '0' indicates 'now'. default is '0' */
+    cert_pi_revocationFlags = 9,  /* Specify what revocation checking to do.
+                                   * See CERT_REV_FLAG_* macros below
+                                   * Set in value.pointer.revocation */
+    cert_pi_certStores = 10,      /* Bitmask of Cert Store flags (see below)
+                                   * Set in value.scalar.ui */
+    cert_pi_trustAnchors =
+        11,                       /* Specify the list of trusted roots to
+                                   * validate against.
+                                   * The default set of trusted roots, these are
+                                   * root CA certs from libnssckbi.so or CA
+                                   * certs trusted by user, are used in any of
+                                   * the following cases:
+                                   *      * when the parameter is not set.
+                                   *      * when the list of trust anchors is
+                                   *        empty.
+                                   * Note that this handling can be further
+                                   * altered by altering the
+                                   * cert_pi_useOnlyTrustAnchors flag
+                                   * Specified in value.pointer.chain */
+    cert_pi_useAIACertFetch = 12, /* Enables cert fetching using AIA extension.
+                                  * In NSS 3.12.1 or later. Default is off.
+                                  * Value is in value.scalar.b */
+    cert_pi_chainVerifyCallback = 13,
+    /* The callback container for doing extra
+     * validation on the currently calculated chain.
+     * Value is in value.pointer.chainVerifyCallback */
+    cert_pi_useOnlyTrustAnchors = 14,
+    /* If true, disables trusting any
+        * certificates other than the ones passed in via cert_pi_trustAnchors.
+        * If false, then the certificates specified via cert_pi_trustAnchors
+        * will be combined with the pre-existing trusted roots, but only
+        * for the certificate validation being performed.
+        * If no value has been supplied via cert_pi_trustAnchors, this has
+        * no effect.
+        * The default value is true, meaning if this is not supplied, only
+        * trust anchors supplied via cert_pi_trustAnchors are trusted.
+        * Specified in value.scalar.b */
+    cert_pi_max /* SPECIAL: signifies maximum allowed value,
+                 *  can increase in future releases */
+} CERTValParamInType;
+
+/*
+ * for all out parameters:
+ *  out parameters are only returned if the caller asks for them in
+ *  the CERTValOutParam array. Caller is responsible for the CERTValOutParam
+ *  array itself. The pkix verify function will allocate and other arrays
+ *  pointers, or objects. The Caller is responsible for freeing those results.
+ * If SECWouldBlock is returned, only cert_pi_nbioContext is returned.
+ */
+typedef enum {
+    cert_po_end = 0,              /* SPECIAL: signifies end of array of
+                                   * CERTValParam* */
+    cert_po_nbioContext = 1,      /* Return a nonblocking context. If no
+                                   * non-blocking context is specified, then
+                                   * blocking IO will be used.
+                                   * Returned in value.pointer.p. The context is
+                                   * freed after an abort or a complete operation.
+                                   * This value is only returned on SECWouldBlock.
+                                   */
+    cert_po_trustAnchor = 2,      /* Return the trust anchor for the chain that
+                                   * was validated. Returned in
+                                   * value.pointer.cert, this value is only
+                                   * returned on SECSuccess. */
+    cert_po_certList = 3,         /* Return the entire chain that was validated.
+                                   * Returned in value.pointer.certList. If no
+                                   * chain could be constructed, this value
+                                   * would be NULL. */
+    cert_po_policyOID = 4,        /* Return the policies that were found to be
+                                   * valid. Returned in value.array.oids as an
+                                   * array. This is only returned on
+                                   * SECSuccess. */
+    cert_po_errorLog = 5,         /* Return a log of problems with the chain.
+                                   * Returned in value.pointer.log  */
+    cert_po_usages = 6,           /* Return what usages the certificate is valid
+                                     for. Returned in value.scalar.usages */
+    cert_po_keyUsage = 7,         /* Return what key usages the certificate
+                                   * is valid for.
+                                   * Returned in value.scalar.usage */
+    cert_po_extendedKeyusage = 8, /* Return what extended key usages the
+                                   * certificate is valid for.
+                                   * Returned in value.array.oids */
+    cert_po_max                   /* SPECIAL: signifies maximum allowed value,
+                                   *  can increase in future releases */
+
+} CERTValParamOutType;
+
+typedef enum {
+    cert_revocation_method_crl = 0,
+    cert_revocation_method_ocsp,
+    cert_revocation_method_count
+} CERTRevocationMethodIndex;
+
+/*
+ * The following flags are supposed to be used to control bits in
+ * each integer contained in the array pointed to be:
+ *     CERTRevocationTests.cert_rev_flags_per_method
+ * All Flags are prefixed by CERT_REV_M_, where _M_ indicates
+ * this is a method dependent flag.
+ */
+
+/*
+ * Whether or not to use a method for revocation testing.
+ * If set to "do not test", then all other flags are ignored.
+ */
+#define CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0UL
+#define CERT_REV_M_TEST_USING_THIS_METHOD 1UL
+
+/*
+ * Whether or not NSS is allowed to attempt to fetch fresh information
+ *         from the network.
+ * (Although fetching will never happen if fresh information for the
+ *           method is already locally available.)
+ */
+#define CERT_REV_M_ALLOW_NETWORK_FETCHING 0UL
+#define CERT_REV_M_FORBID_NETWORK_FETCHING 2UL
+
+/*
+ * Example for an implicit default source:
+ *         The globally configured default OCSP responder.
+ * IGNORE means:
+ *        ignore the implicit default source, whether it's configured or not.
+ * ALLOW means:
+ *       if an implicit default source is configured,
+ *          then it overrides any available or missing source in the cert.
+ *       if no implicit default source is configured,
+ *          then we continue to use what's available (or not available)
+ *          in the certs.
+ */
+#define CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0UL
+#define CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 4UL
+
+/*
+ * Defines the behavior if no fresh information is available,
+ *   fetching from the network is allowed, but the source of revocation
+ *   information is unknown (even after considering implicit sources,
+ *   if allowed by other flags).
+ * SKIPT_TEST means:
+ *          We ignore that no fresh information is available and
+ *          skip this test.
+ * REQUIRE_INFO means:
+ *          We still require that fresh information is available.
+ *          Other flags define what happens on missing fresh info.
+ */
+#define CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0UL
+#define CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 8UL
+
+/*
+ * Defines the behavior if we are unable to obtain fresh information.
+ * INGORE means:
+ *      Return "cert status unknown"
+ * FAIL means:
+ *      Return "cert revoked".
+ */
+#define CERT_REV_M_IGNORE_MISSING_FRESH_INFO 0UL
+#define CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO 16UL
+
+/*
+ * What should happen if we were able to find fresh information using
+ * this method, and the data indicated the cert is good?
+ * STOP_TESTING means:
+ *              Our success is sufficient, do not continue testing
+ *              other methods.
+ * CONTINUE_TESTING means:
+ *                  We will continue and test the next allowed
+ *                  specified method.
+ */
+#define CERT_REV_M_STOP_TESTING_ON_FRESH_INFO 0UL
+#define CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 32UL
+
+/* When this flag is used, libpkix will never attempt to use the GET HTTP
+ * method for OCSP requests; it will always use POST.
+ */
+#define CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP 64UL
+
+/*
+ * The following flags are supposed to be used to control bits in
+ *     CERTRevocationTests.cert_rev_method_independent_flags
+ * All Flags are prefixed by CERT_REV_M_, where _M_ indicates
+ * this is a method independent flag.
+ */
+
+/*
+ * This defines the order to checking.
+ * EACH_METHOD_SEPARATELY means:
+ *      Do all tests related to a particular allowed method
+ *      (both local information and network fetching) in a single step.
+ *      Only after testing for a particular method is done,
+ *      then switching to the next method will happen.
+ * ALL_LOCAL_INFORMATION_FIRST means:
+ *      Start by testing the information for all allowed methods
+ *      which are already locally available. Only after that is done
+ *      consider to fetch from the network (as allowed by other flags).
+ */
+#define CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY 0UL
+#define CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 1UL
+
+/*
+ * Use this flag to specify that it's necessary that fresh information
+ * is available for at least one of the allowed methods, but it's
+ * irrelevant which of the mechanisms succeeded.
+ * NO_OVERALL_INFO_REQUIREMENT means:
+ *     We strictly follow the requirements for each individual method.
+ * REQUIRE_SOME_FRESH_INFO_AVAILABLE means:
+ *     After the individual tests have been executed, we must have
+ *     been able to find fresh information using at least one method.
+ *     If we were unable to find fresh info, it's a failure.
+ *     This setting overrides the CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
+ *     flag on all methods.
+ */
+#define CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0UL
+#define CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 2UL
+
+typedef struct {
+    /*
+     * The size of the array that cert_rev_flags_per_method points to,
+     * meaning, the number of methods that are known and defined
+     * by the caller.
+     */
+    PRUint32 number_of_defined_methods;
+
+    /*
+     * A pointer to an array of integers.
+     * Each integer defines revocation checking for a single method,
+     *      by having individual CERT_REV_M_* bits set or not set.
+     * The meaning of index numbers into this array are defined by
+     *     enum CERTRevocationMethodIndex
+     * The size of the array must be specified by the caller in the separate
+     *     variable number_of_defined_methods.
+     * The size of the array may be smaller than
+     *     cert_revocation_method_count, it can happen if a caller
+     *     is not yet aware of the latest revocation methods
+     *     (or does not want to use them).
+     */
+    PRUint64 *cert_rev_flags_per_method;
+
+    /*
+     * How many preferred methods are specified?
+     * This is equivalent to the size of the array that
+     *      preferred_methods points to.
+     * It's allowed to set this value to zero,
+     *      then NSS will decide which methods to prefer.
+     */
+    PRUint32 number_of_preferred_methods;
+
+    /* Array that may specify an optional order of preferred methods.
+     * Each array entry shall contain a method identifier as defined
+     *   by CERTRevocationMethodIndex.
+     * The entry at index [0] specifies the method with highest preference.
+     * These methods will be tested first for locally available information.
+     * Methods allowed for downloading will be attempted in the same order.
+     */
+    CERTRevocationMethodIndex *preferred_methods;
+
+    /*
+     * An integer which defines certain aspects of revocation checking
+     * (independent of individual methods) by having individual
+     * CERT_REV_MI_* bits set or not set.
+     */
+    PRUint64 cert_rev_method_independent_flags;
+} CERTRevocationTests;
+
+typedef struct {
+    CERTRevocationTests leafTests;
+    CERTRevocationTests chainTests;
+} CERTRevocationFlags;
+
+typedef struct CERTValParamInValueStr {
+    union {
+        PRBool b;
+        PRInt32 i;
+        PRUint32 ui;
+        PRInt64 l;
+        PRUint64 ul;
+        PRTime time;
+    } scalar;
+    union {
+        const void *p;
+        const char *s;
+        const CERTCertificate *cert;
+        const CERTCertList *chain;
+        const CERTRevocationFlags *revocation;
+        const CERTChainVerifyCallback *chainVerifyCallback;
+    } pointer;
+    union {
+        const PRInt32 *pi;
+        const PRUint32 *pui;
+        const PRInt64 *pl;
+        const PRUint64 *pul;
+        const SECOidTag *oids;
+    } array;
+    int arraySize;
+} CERTValParamInValue;
+
+typedef struct CERTValParamOutValueStr {
+    union {
+        PRBool b;
+        PRInt32 i;
+        PRUint32 ui;
+        PRInt64 l;
+        PRUint64 ul;
+        SECCertificateUsage usages;
+    } scalar;
+    union {
+        void *p;
+        char *s;
+        CERTVerifyLog *log;
+        CERTCertificate *cert;
+        CERTCertList *chain;
+    } pointer;
+    union {
+        void *p;
+        SECOidTag *oids;
+    } array;
+    int arraySize;
+} CERTValParamOutValue;
+
+typedef struct {
+    CERTValParamInType type;
+    CERTValParamInValue value;
+} CERTValInParam;
+
+typedef struct {
+    CERTValParamOutType type;
+    CERTValParamOutValue value;
+} CERTValOutParam;
+
+/*
+ * Levels of standards conformance strictness for CERT_NameToAsciiInvertible
+ */
+typedef enum CertStrictnessLevels {
+    CERT_N2A_READABLE = 0,   /* maximum human readability */
+    CERT_N2A_STRICT = 10,    /* strict RFC compliance    */
+    CERT_N2A_INVERTIBLE = 20 /* maximum invertibility,
+                                all DirectoryStrings encoded in hex */
+} CertStrictnessLevel;
+
+/*
+ * policy flag defines
+ */
+#define CERT_POLICY_FLAG_NO_MAPPING 1
+#define CERT_POLICY_FLAG_EXPLICIT 2
+#define CERT_POLICY_FLAG_NO_ANY 4
+
+/*
+ * CertStore flags
+ */
+#define CERT_ENABLE_LDAP_FETCH 1
+#define CERT_ENABLE_HTTP_FETCH 2
+
+/* This functin pointer type may be used for any function that takes
+ * a CERTCertificate * and returns an allocated string, which must be
+ * freed by a call to PORT_Free.
+ */
+typedef char *(*CERT_StringFromCertFcn)(CERTCertificate *cert);
+
+/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
+
+#include "secasn1t.h" /* way down here because I expect template stuff to
+                       * move out of here anyway */
+
+SEC_BEGIN_PROTOS
+
+extern const SEC_ASN1Template CERT_CertificateRequestTemplate[];
+extern const SEC_ASN1Template CERT_CertificateTemplate[];
+extern const SEC_ASN1Template SEC_SignedCertificateTemplate[];
+extern const SEC_ASN1Template CERT_CertExtensionTemplate[];
+extern const SEC_ASN1Template CERT_SequenceOfCertExtensionTemplate[];
+extern const SEC_ASN1Template SECKEY_PublicKeyTemplate[];
+extern const SEC_ASN1Template CERT_SubjectPublicKeyInfoTemplate[];
+extern const SEC_ASN1Template CERT_TimeChoiceTemplate[];
+extern const SEC_ASN1Template CERT_ValidityTemplate[];
+extern const SEC_ASN1Template CERT_PublicKeyAndChallengeTemplate[];
+extern const SEC_ASN1Template SEC_CertSequenceTemplate[];
+
+extern const SEC_ASN1Template CERT_IssuerAndSNTemplate[];
+extern const SEC_ASN1Template CERT_NameTemplate[];
+extern const SEC_ASN1Template CERT_SetOfSignedCrlTemplate[];
+extern const SEC_ASN1Template CERT_RDNTemplate[];
+extern const SEC_ASN1Template CERT_SignedDataTemplate[];
+extern const SEC_ASN1Template CERT_CrlTemplate[];
+extern const SEC_ASN1Template CERT_SignedCrlTemplate[];
+
+/*
+** XXX should the attribute stuff be centralized for all of ns/security?
+*/
+extern const SEC_ASN1Template CERT_AttributeTemplate[];
+extern const SEC_ASN1Template CERT_SetOfAttributeTemplate[];
+
+/* These functions simply return the address of the above-declared templates.
+** This is necessary for Windows DLLs.  Sigh.
+*/
+SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateRequestTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_CertificateTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_CrlTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_NameTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_SequenceOfCertExtensionTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_SignedDataTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_SubjectPublicKeyInfoTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_SignedCertificateTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_SignedCrlTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_TimeChoiceTemplate)
+
+SEC_END_PROTOS
+
+#endif /* _CERTT_H_ */
diff --git a/nss/lib/certdb/certv3.c b/nss/lib/certdb/certv3.c
new file mode 100644
index 0000000..bf0bcf9
--- /dev/null
+++ b/nss/lib/certdb/certv3.c
@@ -0,0 +1,222 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Code for dealing with X509.V3 extensions.
+ */
+
+#include "cert.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "certxutl.h"
+#include "secerr.h"
+
+SECStatus
+CERT_FindCertExtensionByOID(CERTCertificate *cert, SECItem *oid, SECItem *value)
+{
+    return (cert_FindExtensionByOID(cert->extensions, oid, value));
+}
+
+SECStatus
+CERT_FindCertExtension(const CERTCertificate *cert, int tag, SECItem *value)
+{
+    return (cert_FindExtension(cert->extensions, tag, value));
+}
+
+static void
+SetExts(void *object, CERTCertExtension **exts)
+{
+    CERTCertificate *cert = (CERTCertificate *)object;
+
+    cert->extensions = exts;
+    DER_SetUInteger(cert->arena, &(cert->version), SEC_CERTIFICATE_VERSION_3);
+}
+
+void *
+CERT_StartCertExtensions(CERTCertificate *cert)
+{
+    return (cert_StartExtensions((void *)cert, cert->arena, SetExts));
+}
+
+/*
+ * get the value of the Netscape Certificate Type Extension
+ */
+SECStatus
+CERT_FindNSCertTypeExtension(CERTCertificate *cert, SECItem *retItem)
+{
+
+    return (CERT_FindBitStringExtension(
+        cert->extensions, SEC_OID_NS_CERT_EXT_CERT_TYPE, retItem));
+}
+
+/*
+ * get the value of a string type extension
+ */
+char *
+CERT_FindNSStringExtension(CERTCertificate *cert, int oidtag)
+{
+    SECItem wrapperItem, tmpItem = { siBuffer, 0 };
+    SECStatus rv;
+    PLArenaPool *arena = NULL;
+    char *retstring = NULL;
+
+    wrapperItem.data = NULL;
+    tmpItem.data = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+
+    rv = cert_FindExtension(cert->extensions, oidtag, &wrapperItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(
+        arena, &tmpItem, SEC_ASN1_GET(SEC_IA5StringTemplate), &wrapperItem);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    retstring = (char *)PORT_Alloc(tmpItem.len + 1);
+    if (retstring == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(retstring, tmpItem.data, tmpItem.len);
+    retstring[tmpItem.len] = '\0';
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    if (wrapperItem.data) {
+        PORT_Free(wrapperItem.data);
+    }
+
+    return (retstring);
+}
+
+/*
+ * get the value of the X.509 v3 Key Usage Extension
+ */
+SECStatus
+CERT_FindKeyUsageExtension(CERTCertificate *cert, SECItem *retItem)
+{
+
+    return (CERT_FindBitStringExtension(cert->extensions,
+                                        SEC_OID_X509_KEY_USAGE, retItem));
+}
+
+/*
+ * get the value of the X.509 v3 Key Usage Extension
+ */
+SECStatus
+CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem)
+{
+
+    SECStatus rv;
+    SECItem encodedValue = { siBuffer, NULL, 0 };
+    SECItem decodedValue = { siBuffer, NULL, 0 };
+
+    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID,
+                            &encodedValue);
+    if (rv == SECSuccess) {
+        PORTCheapArenaPool tmpArena;
+        PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+        rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &decodedValue,
+                                    SEC_ASN1_GET(SEC_OctetStringTemplate),
+                                    &encodedValue);
+        if (rv == SECSuccess) {
+            rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
+        }
+        PORT_DestroyCheapArena(&tmpArena);
+    }
+    SECITEM_FreeItem(&encodedValue, PR_FALSE);
+    return rv;
+}
+
+SECStatus
+CERT_FindBasicConstraintExten(CERTCertificate *cert,
+                              CERTBasicConstraints *value)
+{
+    SECItem encodedExtenValue;
+    SECStatus rv;
+
+    encodedExtenValue.data = NULL;
+    encodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_BASIC_CONSTRAINTS,
+                            &encodedExtenValue);
+    if (rv != SECSuccess) {
+        return (rv);
+    }
+
+    rv = CERT_DecodeBasicConstraintValue(value, &encodedExtenValue);
+
+    /* free the raw extension data */
+    PORT_Free(encodedExtenValue.data);
+    encodedExtenValue.data = NULL;
+
+    return (rv);
+}
+
+CERTAuthKeyID *
+CERT_FindAuthKeyIDExten(PLArenaPool *arena, CERTCertificate *cert)
+{
+    SECItem encodedExtenValue;
+    SECStatus rv;
+    CERTAuthKeyID *ret;
+
+    encodedExtenValue.data = NULL;
+    encodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_AUTH_KEY_ID,
+                            &encodedExtenValue);
+    if (rv != SECSuccess) {
+        return (NULL);
+    }
+
+    ret = CERT_DecodeAuthKeyID(arena, &encodedExtenValue);
+
+    PORT_Free(encodedExtenValue.data);
+    encodedExtenValue.data = NULL;
+
+    return (ret);
+}
+
+SECStatus
+CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage)
+{
+    SECItem keyUsage;
+    SECStatus rv;
+
+    /* There is no extension, v1 or v2 certificate */
+    if (cert->extensions == NULL) {
+        return (SECSuccess);
+    }
+
+    keyUsage.data = NULL;
+
+    /* This code formerly ignored the Key Usage extension if it was
+    ** marked non-critical.  That was wrong.  Since we do understand it,
+    ** we are obligated to honor it, whether or not it is critical.
+    */
+    rv = CERT_FindKeyUsageExtension(cert, &keyUsage);
+    if (rv == SECFailure) {
+        rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess
+                                                                : SECFailure;
+    } else if (!(keyUsage.data[0] & usage)) {
+        PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID);
+        rv = SECFailure;
+    }
+    PORT_Free(keyUsage.data);
+    return (rv);
+}
diff --git a/nss/lib/certdb/certxutl.c b/nss/lib/certdb/certxutl.c
new file mode 100644
index 0000000..c53f15c
--- /dev/null
+++ b/nss/lib/certdb/certxutl.c
@@ -0,0 +1,493 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Certificate Extensions handling code
+ *
+ */
+
+#include "cert.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "certxutl.h"
+#include "secerr.h"
+
+#ifdef OLD
+#include "ocspti.h" /* XXX a better extensions interface would not
+			 * require knowledge of data structures of callers */
+#endif
+
+static CERTCertExtension *
+GetExtension(CERTCertExtension **extensions, SECItem *oid)
+{
+    CERTCertExtension **exts;
+    CERTCertExtension *ext = NULL;
+    SECComparison comp;
+
+    exts = extensions;
+
+    if (exts) {
+        while (*exts) {
+            ext = *exts;
+            comp = SECITEM_CompareItem(oid, &ext->id);
+            if (comp == SECEqual)
+                break;
+
+            exts++;
+        }
+        return (*exts ? ext : NULL);
+    }
+    return (NULL);
+}
+
+SECStatus
+cert_FindExtensionByOID(CERTCertExtension **extensions, SECItem *oid,
+                        SECItem *value)
+{
+    CERTCertExtension *ext;
+    SECStatus rv = SECSuccess;
+
+    ext = GetExtension(extensions, oid);
+    if (ext == NULL) {
+        PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+        return (SECFailure);
+    }
+    if (value)
+        rv = SECITEM_CopyItem(NULL, value, &ext->value);
+    return (rv);
+}
+
+SECStatus
+CERT_GetExtenCriticality(CERTCertExtension **extensions, int tag,
+                         PRBool *isCritical)
+{
+    CERTCertExtension *ext;
+    SECOidData *oid;
+
+    if (!isCritical)
+        return (SECSuccess);
+
+    /* find the extension in the extensions list */
+    oid = SECOID_FindOIDByTag((SECOidTag)tag);
+    if (!oid) {
+        return (SECFailure);
+    }
+    ext = GetExtension(extensions, &oid->oid);
+    if (ext == NULL) {
+        PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+        return (SECFailure);
+    }
+
+    /* If the criticality is omitted, then it is false by default.
+       ex->critical.data is NULL */
+    if (ext->critical.data == NULL)
+        *isCritical = PR_FALSE;
+    else
+        *isCritical = (ext->critical.data[0] == 0xff) ? PR_TRUE : PR_FALSE;
+    return (SECSuccess);
+}
+
+SECStatus
+cert_FindExtension(CERTCertExtension **extensions, int tag, SECItem *value)
+{
+    SECOidData *oid;
+
+    oid = SECOID_FindOIDByTag((SECOidTag)tag);
+    if (!oid) {
+        return (SECFailure);
+    }
+
+    return (cert_FindExtensionByOID(extensions, &oid->oid, value));
+}
+
+typedef struct _extNode {
+    struct _extNode *next;
+    CERTCertExtension *ext;
+} extNode;
+
+typedef struct {
+    void (*setExts)(void *object, CERTCertExtension **exts);
+    void *object;
+    PLArenaPool *ownerArena;
+    PLArenaPool *arena;
+    extNode *head;
+    int count;
+} extRec;
+
+/*
+ * cert_StartExtensions
+ *
+ * NOTE: This interface changed significantly to remove knowledge
+ *   about callers data structures (owner objects)
+ */
+void *
+cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
+                     void (*setExts)(void *object, CERTCertExtension **exts))
+{
+    PLArenaPool *arena;
+    extRec *handle;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return (0);
+    }
+
+    handle = (extRec *)PORT_ArenaAlloc(arena, sizeof(extRec));
+    if (!handle) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return (0);
+    }
+
+    handle->object = owner;
+    handle->ownerArena = ownerArena;
+    handle->setExts = setExts;
+
+    handle->arena = arena;
+    handle->head = 0;
+    handle->count = 0;
+
+    return (handle);
+}
+
+static unsigned char hextrue = 0xff;
+
+/*
+ * Note - assumes that data pointed to by oid->data will not move
+ */
+SECStatus
+CERT_AddExtensionByOID(void *exthandle, SECItem *oid, SECItem *value,
+                       PRBool critical, PRBool copyData)
+{
+    CERTCertExtension *ext;
+    SECStatus rv;
+    extNode *node;
+    extRec *handle;
+
+    handle = (extRec *)exthandle;
+
+    /* allocate space for extension and list node */
+    ext = (CERTCertExtension *)PORT_ArenaZAlloc(handle->ownerArena,
+                                                sizeof(CERTCertExtension));
+    if (!ext) {
+        return (SECFailure);
+    }
+
+    node = (extNode *)PORT_ArenaAlloc(handle->arena, sizeof(extNode));
+    if (!node) {
+        return (SECFailure);
+    }
+
+    /* add to list */
+    node->next = handle->head;
+    handle->head = node;
+
+    /* point to ext struct */
+    node->ext = ext;
+
+    /* set critical field */
+    if (critical) {
+        ext->critical.data = (unsigned char *)&hextrue;
+        ext->critical.len = 1;
+    }
+
+    /* set object ID of the extension and its value */
+    if (copyData) {
+        rv = SECITEM_CopyItem(handle->ownerArena, &ext->id, oid);
+        if (rv) {
+            return (SECFailure);
+        }
+
+        rv = SECITEM_CopyItem(handle->ownerArena, &ext->value, value);
+        if (rv) {
+            return (SECFailure);
+        }
+    } else {
+        ext->id = *oid;
+        ext->value = *value;
+    }
+
+    handle->count++;
+
+    return (SECSuccess);
+}
+
+SECStatus
+CERT_AddExtension(void *exthandle, int idtag, SECItem *value, PRBool critical,
+                  PRBool copyData)
+{
+    SECOidData *oid;
+
+    oid = SECOID_FindOIDByTag((SECOidTag)idtag);
+    if (!oid) {
+        return (SECFailure);
+    }
+
+    return (CERT_AddExtensionByOID(exthandle, &oid->oid, value, critical,
+                                   copyData));
+}
+
+SECStatus
+CERT_EncodeAndAddExtension(void *exthandle, int idtag, void *value,
+                           PRBool critical, const SEC_ASN1Template *atemplate)
+{
+    extRec *handle;
+    SECItem *encitem;
+
+    handle = (extRec *)exthandle;
+
+    encitem = SEC_ASN1EncodeItem(handle->ownerArena, NULL, value, atemplate);
+    if (encitem == NULL) {
+        return (SECFailure);
+    }
+
+    return CERT_AddExtension(exthandle, idtag, encitem, critical, PR_FALSE);
+}
+
+void
+PrepareBitStringForEncoding(SECItem *bitsmap, SECItem *value)
+{
+    unsigned char onebyte;
+    unsigned int i, len = 0;
+
+    /* to prevent warning on some platform at compile time */
+    onebyte = '\0';
+    /* Get the position of the right-most turn-on bit */
+    for (i = 0; i < (value->len) * 8; ++i) {
+        if (i % 8 == 0)
+            onebyte = value->data[i / 8];
+        if (onebyte & 0x80)
+            len = i;
+        onebyte <<= 1;
+    }
+    bitsmap->data = value->data;
+    /* Add one here since we work with base 1 */
+    bitsmap->len = len + 1;
+}
+
+SECStatus
+CERT_EncodeAndAddBitStrExtension(void *exthandle, int idtag, SECItem *value,
+                                 PRBool critical)
+{
+    SECItem bitsmap;
+
+    PrepareBitStringForEncoding(&bitsmap, value);
+    return (CERT_EncodeAndAddExtension(exthandle, idtag, &bitsmap, critical,
+                                       SEC_ASN1_GET(SEC_BitStringTemplate)));
+}
+
+SECStatus
+CERT_FinishExtensions(void *exthandle)
+{
+    extRec *handle;
+    extNode *node;
+    CERTCertExtension **exts;
+    SECStatus rv = SECFailure;
+
+    handle = (extRec *)exthandle;
+
+    /* allocate space for extensions array */
+    exts = PORT_ArenaNewArray(handle->ownerArena, CERTCertExtension *,
+                              handle->count + 1);
+    if (exts == NULL) {
+        goto loser;
+    }
+
+/* put extensions in owner object and update its version number */
+
+#ifdef OLD
+    switch (handle->type) {
+        case CertificateExtensions:
+            handle->owner.cert->extensions = exts;
+            DER_SetUInteger(ownerArena, &(handle->owner.cert->version),
+                            SEC_CERTIFICATE_VERSION_3);
+            break;
+        case CrlExtensions:
+            handle->owner.crl->extensions = exts;
+            DER_SetUInteger(ownerArena, &(handle->owner.crl->version),
+                            SEC_CRL_VERSION_2);
+            break;
+        case OCSPRequestExtensions:
+            handle->owner.request->tbsRequest->requestExtensions = exts;
+            break;
+        case OCSPSingleRequestExtensions:
+            handle->owner.singleRequest->singleRequestExtensions = exts;
+            break;
+        case OCSPResponseSingleExtensions:
+            handle->owner.singleResponse->singleExtensions = exts;
+            break;
+    }
+#endif
+
+    handle->setExts(handle->object, exts);
+
+    /* update the version number */
+
+    /* copy each extension pointer */
+    node = handle->head;
+    while (node) {
+        *exts = node->ext;
+
+        node = node->next;
+        exts++;
+    }
+
+    /* terminate the array of extensions */
+    *exts = 0;
+
+    rv = SECSuccess;
+
+loser:
+    /* free working arena */
+    PORT_FreeArena(handle->arena, PR_FALSE);
+    return rv;
+}
+
+SECStatus
+CERT_MergeExtensions(void *exthandle, CERTCertExtension **extensions)
+{
+    CERTCertExtension *ext;
+    SECStatus rv = SECSuccess;
+    SECOidTag tag;
+    extNode *node;
+    extRec *handle = exthandle;
+
+    if (!exthandle || !extensions) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    while ((ext = *extensions++) != NULL) {
+        tag = SECOID_FindOIDTag(&ext->id);
+        for (node = handle->head; node != NULL; node = node->next) {
+            if (tag == 0) {
+                if (SECITEM_ItemsAreEqual(&ext->id, &node->ext->id))
+                    break;
+            } else {
+                if (SECOID_FindOIDTag(&node->ext->id) == tag) {
+                    break;
+                }
+            }
+        }
+        if (node == NULL) {
+            PRBool critical = (ext->critical.len != 0 &&
+                               ext->critical.data[ext->critical.len - 1] != 0);
+            if (critical && tag == SEC_OID_UNKNOWN) {
+                PORT_SetError(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+                rv = SECFailure;
+                break;
+            }
+            /* add to list */
+            rv = CERT_AddExtensionByOID(exthandle, &ext->id, &ext->value,
+                                        critical, PR_TRUE);
+            if (rv != SECSuccess)
+                break;
+        }
+    }
+    return rv;
+}
+
+/*
+ * get the value of the Netscape Certificate Type Extension
+ */
+SECStatus
+CERT_FindBitStringExtension(CERTCertExtension **extensions, int tag,
+                            SECItem *retItem)
+{
+    SECItem wrapperItem, tmpItem = { siBuffer, 0 };
+    SECStatus rv;
+    PORTCheapArenaPool tmpArena;
+
+    wrapperItem.data = NULL;
+    tmpItem.data = NULL;
+
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+
+    rv = cert_FindExtension(extensions, tag, &wrapperItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &tmpItem,
+                                SEC_ASN1_GET(SEC_BitStringTemplate),
+                                &wrapperItem);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    retItem->data = (unsigned char *)PORT_Alloc((tmpItem.len + 7) >> 3);
+    if (retItem->data == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(retItem->data, tmpItem.data, (tmpItem.len + 7) >> 3);
+    retItem->len = tmpItem.len;
+
+    rv = SECSuccess;
+    goto done;
+
+loser:
+    rv = SECFailure;
+
+done:
+    PORT_DestroyCheapArena(&tmpArena);
+
+    if (wrapperItem.data) {
+        PORT_Free(wrapperItem.data);
+    }
+
+    return (rv);
+}
+
+PRBool
+cert_HasCriticalExtension(CERTCertExtension **extensions)
+{
+    CERTCertExtension **exts;
+    CERTCertExtension *ext = NULL;
+    PRBool hasCriticalExten = PR_FALSE;
+
+    exts = extensions;
+
+    if (exts) {
+        while (*exts) {
+            ext = *exts;
+            /* If the criticality is omitted, it's non-critical */
+            if (ext->critical.data && ext->critical.data[0] == 0xff) {
+                hasCriticalExten = PR_TRUE;
+                break;
+            }
+            exts++;
+        }
+    }
+    return (hasCriticalExten);
+}
+
+PRBool
+cert_HasUnknownCriticalExten(CERTCertExtension **extensions)
+{
+    CERTCertExtension **exts;
+    CERTCertExtension *ext = NULL;
+    PRBool hasUnknownCriticalExten = PR_FALSE;
+
+    exts = extensions;
+
+    if (exts) {
+        while (*exts) {
+            ext = *exts;
+            /* If the criticality is omitted, it's non-critical.
+               If an extension is critical, make sure that we know
+               how to process the extension.
+             */
+            if (ext->critical.data && ext->critical.data[0] == 0xff) {
+                if (SECOID_KnownCertExtenOID(&ext->id) == PR_FALSE) {
+                    hasUnknownCriticalExten = PR_TRUE;
+                    break;
+                }
+            }
+            exts++;
+        }
+    }
+    return (hasUnknownCriticalExten);
+}
diff --git a/nss/lib/certdb/certxutl.h b/nss/lib/certdb/certxutl.h
new file mode 100644
index 0000000..a8c76b5
--- /dev/null
+++ b/nss/lib/certdb/certxutl.h
@@ -0,0 +1,44 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * x.509 v3 certificate extension helper routines
+ *
+ */
+
+#ifndef _CERTXUTL_H_
+#define _CERTXUTL_H_
+
+#include "nspr.h"
+
+#ifdef OLD
+typedef enum {
+    CertificateExtensions,
+    CrlExtensions,
+    OCSPRequestExtensions,
+    OCSPSingleRequestExtensions,
+    OCSPResponseSingleExtensions
+} ExtensionsType;
+#endif
+
+extern PRBool cert_HasCriticalExtension(CERTCertExtension **extensions);
+
+extern SECStatus CERT_FindBitStringExtension(CERTCertExtension **extensions,
+                                             int tag, SECItem *retItem);
+extern void *cert_StartExtensions(void *owner, PLArenaPool *arena,
+                                  void (*setExts)(void *object,
+                                                  CERTCertExtension **exts));
+
+extern SECStatus cert_FindExtension(CERTCertExtension **extensions, int tag,
+                                    SECItem *value);
+
+extern SECStatus cert_FindExtensionByOID(CERTCertExtension **extensions,
+                                         SECItem *oid, SECItem *value);
+
+extern SECStatus cert_GetExtenCriticality(CERTCertExtension **extensions,
+                                          int tag, PRBool *isCritical);
+
+extern PRBool cert_HasUnknownCriticalExten(CERTCertExtension **extensions);
+
+#endif
diff --git a/nss/lib/certdb/config.mk b/nss/lib/certdb/config.mk
new file mode 100644
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/certdb/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/certdb/crl.c b/nss/lib/certdb/crl.c
new file mode 100644
index 0000000..8746908
--- /dev/null
+++ b/nss/lib/certdb/crl.c
@@ -0,0 +1,3045 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Moved from secpkcs7.c
+ */
+
+#include "cert.h"
+#include "certi.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "certdb.h"
+#include "certxutl.h"
+#include "prtime.h"
+#include "secerr.h"
+#include "pk11func.h"
+#include "dev.h"
+#include "dev3hack.h"
+#include "nssbase.h"
+#if defined(DPC_RWLOCK) || defined(GLOBAL_RWLOCK)
+#include "nssrwlk.h"
+#endif
+#include "pk11priv.h"
+
+const SEC_ASN1Template SEC_CERTExtensionTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertExtension) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTCertExtension, id) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+      offsetof(CERTCertExtension, critical) },
+    { SEC_ASN1_OCTET_STRING, offsetof(CERTCertExtension, value) },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_CERTExtensionsTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_CERTExtensionTemplate }
+};
+
+/*
+ * XXX Also, these templates need to be tested; Lisa did the obvious
+ * translation but they still should be verified.
+ */
+
+const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTIssuerAndSN) },
+    { SEC_ASN1_SAVE, offsetof(CERTIssuerAndSN, derIssuer) },
+    { SEC_ASN1_INLINE, offsetof(CERTIssuerAndSN, issuer), CERT_NameTemplate },
+    { SEC_ASN1_INTEGER, offsetof(CERTIssuerAndSN, serialNumber) },
+    { 0 }
+};
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(CERT_TimeChoiceTemplate)
+
+static const SEC_ASN1Template cert_CrlKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrlKey) },
+    { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrlKey, dummy) },
+    { SEC_ASN1_SKIP },
+    { SEC_ASN1_ANY, offsetof(CERTCrlKey, derName) },
+    { SEC_ASN1_SKIP_REST },
+    { 0 }
+};
+
+static const SEC_ASN1Template cert_CrlEntryTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrlEntry) },
+    { SEC_ASN1_INTEGER, offsetof(CERTCrlEntry, serialNumber) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrlEntry, revocationDate),
+      SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
+      offsetof(CERTCrlEntry, extensions), SEC_CERTExtensionTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_CrlTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrl) },
+    { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrl, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, signatureAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_SAVE, offsetof(CERTCrl, derName) },
+    { SEC_ASN1_INLINE, offsetof(CERTCrl, name), CERT_NameTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, lastUpdate),
+      SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
+      offsetof(CERTCrl, nextUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, offsetof(CERTCrl, entries),
+      cert_CrlEntryTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_EXPLICIT | 0,
+      offsetof(CERTCrl, extensions), SEC_CERTExtensionsTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_CrlTemplateNoEntries[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrl) },
+    { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL, offsetof(CERTCrl, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, signatureAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_SAVE, offsetof(CERTCrl, derName) },
+    { SEC_ASN1_INLINE, offsetof(CERTCrl, name), CERT_NameTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(CERTCrl, lastUpdate),
+      SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
+      offsetof(CERTCrl, nextUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF |
+      SEC_ASN1_SKIP }, /* skip entries */
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_EXPLICIT | 0,
+      offsetof(CERTCrl, extensions), SEC_CERTExtensionsTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_CrlTemplateEntriesOnly[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCrl) },
+    { SEC_ASN1_SKIP | SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL },
+    { SEC_ASN1_SKIP },
+    { SEC_ASN1_SKIP },
+    { SEC_ASN1_SKIP | SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(CERTCrl, lastUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_SKIP | SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
+      offsetof(CERTCrl, nextUpdate), SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF, offsetof(CERTCrl, entries),
+      cert_CrlEntryTemplate }, /* decode entries */
+    { SEC_ASN1_SKIP_REST },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_SignedCrlTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTSignedCrl) },
+    { SEC_ASN1_SAVE, offsetof(CERTSignedCrl, signatureWrap.data) },
+    { SEC_ASN1_INLINE, offsetof(CERTSignedCrl, crl), CERT_CrlTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(CERTSignedCrl, signatureWrap.signatureAlgorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING, offsetof(CERTSignedCrl, signatureWrap.signature) },
+    { 0 }
+};
+
+static const SEC_ASN1Template cert_SignedCrlTemplateNoEntries[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTSignedCrl) },
+    { SEC_ASN1_SAVE, offsetof(CERTSignedCrl, signatureWrap.data) },
+    { SEC_ASN1_INLINE, offsetof(CERTSignedCrl, crl),
+      CERT_CrlTemplateNoEntries },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(CERTSignedCrl, signatureWrap.signatureAlgorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING, offsetof(CERTSignedCrl, signatureWrap.signature) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_SetOfSignedCrlTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, CERT_SignedCrlTemplate },
+};
+
+/* get CRL version */
+int
+cert_get_crl_version(CERTCrl* crl)
+{
+    /* CRL version is defaulted to v1 */
+    int version = SEC_CRL_VERSION_1;
+    if (crl && crl->version.data != 0) {
+        version = (int)DER_GetUInteger(&crl->version);
+    }
+    return version;
+}
+
+/* check the entries in the CRL */
+SECStatus
+cert_check_crl_entries(CERTCrl* crl)
+{
+    CERTCrlEntry** entries;
+    CERTCrlEntry* entry;
+    PRBool hasCriticalExten = PR_FALSE;
+    SECStatus rv = SECSuccess;
+
+    if (!crl) {
+        return SECFailure;
+    }
+
+    if (crl->entries == NULL) {
+        /* CRLs with no entries are valid */
+        return (SECSuccess);
+    }
+
+    /* Look in the crl entry extensions.  If there is a critical extension,
+       then the crl version must be v2; otherwise, it should be v1.
+     */
+    entries = crl->entries;
+    while (*entries) {
+        entry = *entries;
+        if (entry->extensions) {
+            /* If there is a critical extension in the entries, then the
+               CRL must be of version 2.  If we already saw a critical
+               extension,
+               there is no need to check the version again.
+            */
+            if (hasCriticalExten == PR_FALSE) {
+                hasCriticalExten = cert_HasCriticalExtension(entry->extensions);
+                if (hasCriticalExten) {
+                    if (cert_get_crl_version(crl) != SEC_CRL_VERSION_2) {
+                        /* only CRL v2 critical extensions are supported */
+                        PORT_SetError(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION);
+                        rv = SECFailure;
+                        break;
+                    }
+                }
+            }
+
+            /* For each entry, make sure that it does not contain an unknown
+               critical extension.  If it does, we must reject the CRL since
+               we don't know how to process the extension.
+            */
+            if (cert_HasUnknownCriticalExten(entry->extensions) == PR_TRUE) {
+                PORT_SetError(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION);
+                rv = SECFailure;
+                break;
+            }
+        }
+        ++entries;
+    }
+    return (rv);
+}
+
+/* Check the version of the CRL.  If there is a critical extension in the crl
+   or crl entry, then the version must be v2. Otherwise, it should be v1. If
+   the crl contains critical extension(s), then we must recognized the
+   extension's OID.
+   */
+SECStatus
+cert_check_crl_version(CERTCrl* crl)
+{
+    PRBool hasCriticalExten = PR_FALSE;
+    int version = cert_get_crl_version(crl);
+
+    if (version > SEC_CRL_VERSION_2) {
+        PORT_SetError(SEC_ERROR_CRL_INVALID_VERSION);
+        return (SECFailure);
+    }
+
+    /* Check the crl extensions for a critial extension.  If one is found,
+       and the version is not v2, then we are done.
+     */
+    if (crl->extensions) {
+        hasCriticalExten = cert_HasCriticalExtension(crl->extensions);
+        if (hasCriticalExten) {
+            if (version != SEC_CRL_VERSION_2) {
+                /* only CRL v2 critical extensions are supported */
+                PORT_SetError(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION);
+                return (SECFailure);
+            }
+            /* make sure that there is no unknown critical extension */
+            if (cert_HasUnknownCriticalExten(crl->extensions) == PR_TRUE) {
+                PORT_SetError(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION);
+                return (SECFailure);
+            }
+        }
+    }
+
+    return (SECSuccess);
+}
+
+/*
+ * Generate a database key, based on the issuer name from a
+ * DER crl.
+ */
+SECStatus
+CERT_KeyFromDERCrl(PLArenaPool* arena, SECItem* derCrl, SECItem* key)
+{
+    SECStatus rv;
+    CERTSignedData sd;
+    CERTCrlKey crlkey;
+    PLArenaPool* myArena;
+
+    if (!arena) {
+        /* arena needed for QuickDER */
+        myArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    } else {
+        myArena = arena;
+    }
+    PORT_Memset(&sd, 0, sizeof(sd));
+    rv = SEC_QuickDERDecodeItem(myArena, &sd, CERT_SignedDataTemplate, derCrl);
+    if (SECSuccess == rv) {
+        PORT_Memset(&crlkey, 0, sizeof(crlkey));
+        rv = SEC_QuickDERDecodeItem(myArena, &crlkey, cert_CrlKeyTemplate,
+                                    &sd.data);
+    }
+
+    /* make a copy so the data doesn't point to memory inside derCrl, which
+       may be temporary */
+    if (SECSuccess == rv) {
+        rv = SECITEM_CopyItem(arena, key, &crlkey.derName);
+    }
+
+    if (myArena != arena) {
+        PORT_FreeArena(myArena, PR_FALSE);
+    }
+
+    return rv;
+}
+
+#define GetOpaqueCRLFields(x) ((OpaqueCRLFields*)x->opaque)
+
+SECStatus
+CERT_CompleteCRLDecodeEntries(CERTSignedCrl* crl)
+{
+    SECStatus rv = SECSuccess;
+    SECItem* crldata = NULL;
+    OpaqueCRLFields* extended = NULL;
+
+    if ((!crl) || (!(extended = (OpaqueCRLFields*)crl->opaque)) ||
+        (PR_TRUE == extended->decodingError)) {
+        rv = SECFailure;
+    } else {
+        if (PR_FALSE == extended->partial) {
+            /* the CRL has already been fully decoded */
+            return SECSuccess;
+        }
+        if (PR_TRUE == extended->badEntries) {
+            /* the entries decoding already failed */
+            return SECFailure;
+        }
+        crldata = &crl->signatureWrap.data;
+        if (!crldata) {
+            rv = SECFailure;
+        }
+    }
+
+    if (SECSuccess == rv) {
+        rv = SEC_QuickDERDecodeItem(crl->arena, &crl->crl,
+                                    CERT_CrlTemplateEntriesOnly, crldata);
+        if (SECSuccess == rv) {
+            extended->partial = PR_FALSE; /* successful decode, avoid
+                decoding again */
+        } else {
+            extended->decodingError = PR_TRUE;
+            extended->badEntries = PR_TRUE;
+            /* cache the decoding failure. If it fails the first time,
+               it will fail again, which will grow the arena and leak
+               memory, so we want to avoid it */
+        }
+        rv = cert_check_crl_entries(&crl->crl);
+        if (rv != SECSuccess) {
+            extended->badExtensions = PR_TRUE;
+        }
+    }
+    return rv;
+}
+
+/*
+ * take a DER CRL and decode it into a CRL structure
+ * allow reusing the input DER without making a copy
+ */
+CERTSignedCrl*
+CERT_DecodeDERCrlWithFlags(PLArenaPool* narena, SECItem* derSignedCrl, int type,
+                           PRInt32 options)
+{
+    PLArenaPool* arena;
+    CERTSignedCrl* crl;
+    SECStatus rv;
+    OpaqueCRLFields* extended = NULL;
+    const SEC_ASN1Template* crlTemplate = CERT_SignedCrlTemplate;
+    PRInt32 testOptions = options;
+
+    PORT_Assert(derSignedCrl);
+    if (!derSignedCrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /* Adopting DER requires not copying it.  Code that sets ADOPT flag
+     * but doesn't set DONT_COPY probably doesn't know What it is doing.
+     * That condition is a programming error in the caller.
+     */
+    testOptions &= (CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_DONT_COPY_DER);
+    PORT_Assert(testOptions != CRL_DECODE_ADOPT_HEAP_DER);
+    if (testOptions == CRL_DECODE_ADOPT_HEAP_DER) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /* make a new arena if needed */
+    if (narena == NULL) {
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            return NULL;
+        }
+    } else {
+        arena = narena;
+    }
+
+    /* allocate the CRL structure */
+    crl = (CERTSignedCrl*)PORT_ArenaZAlloc(arena, sizeof(CERTSignedCrl));
+    if (!crl) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    crl->arena = arena;
+
+    /* allocate opaque fields */
+    crl->opaque = (void*)PORT_ArenaZAlloc(arena, sizeof(OpaqueCRLFields));
+    if (!crl->opaque) {
+        goto loser;
+    }
+    extended = (OpaqueCRLFields*)crl->opaque;
+    if (options & CRL_DECODE_ADOPT_HEAP_DER) {
+        extended->heapDER = PR_TRUE;
+    }
+    if (options & CRL_DECODE_DONT_COPY_DER) {
+        crl->derCrl = derSignedCrl; /* DER is not copied . The application
+                                       must keep derSignedCrl until it
+                                       destroys the CRL */
+    } else {
+        crl->derCrl = (SECItem*)PORT_ArenaZAlloc(arena, sizeof(SECItem));
+        if (crl->derCrl == NULL) {
+            goto loser;
+        }
+        rv = SECITEM_CopyItem(arena, crl->derCrl, derSignedCrl);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    /* Save the arena in the inner crl for CRL extensions support */
+    crl->crl.arena = arena;
+    if (options & CRL_DECODE_SKIP_ENTRIES) {
+        crlTemplate = cert_SignedCrlTemplateNoEntries;
+        extended->partial = PR_TRUE;
+    }
+
+    /* decode the CRL info */
+    switch (type) {
+        case SEC_CRL_TYPE:
+            rv = SEC_QuickDERDecodeItem(arena, crl, crlTemplate, crl->derCrl);
+            if (rv != SECSuccess) {
+                extended->badDER = PR_TRUE;
+                break;
+            }
+            /* check for critical extensions */
+            rv = cert_check_crl_version(&crl->crl);
+            if (rv != SECSuccess) {
+                extended->badExtensions = PR_TRUE;
+                break;
+            }
+
+            if (PR_TRUE == extended->partial) {
+                /* partial decoding, don't verify entries */
+                break;
+            }
+
+            rv = cert_check_crl_entries(&crl->crl);
+            if (rv != SECSuccess) {
+                extended->badExtensions = PR_TRUE;
+            }
+
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+            break;
+    }
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    crl->referenceCount = 1;
+
+    return (crl);
+
+loser:
+    if (options & CRL_DECODE_KEEP_BAD_CRL) {
+        if (extended) {
+            extended->decodingError = PR_TRUE;
+        }
+        if (crl) {
+            crl->referenceCount = 1;
+            return (crl);
+        }
+    }
+
+    if ((narena == NULL) && arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (0);
+}
+
+/*
+ * take a DER CRL and decode it into a CRL structure
+ */
+CERTSignedCrl*
+CERT_DecodeDERCrl(PLArenaPool* narena, SECItem* derSignedCrl, int type)
+{
+    return CERT_DecodeDERCrlWithFlags(narena, derSignedCrl, type,
+                                      CRL_DECODE_DEFAULT_OPTIONS);
+}
+
+/*
+ * Lookup a CRL in the databases. We mirror the same fast caching data base
+ *  caching stuff used by certificates....?
+ * return values :
+ *
+ * SECSuccess means we got a valid decodable DER CRL, or no CRL at all.
+ * Caller may distinguish those cases by the value returned in "decoded".
+ * When DER CRL is not found, error code will be SEC_ERROR_CRL_NOT_FOUND.
+ *
+ * SECFailure means we got a fatal error - most likely, we found a CRL,
+ * and it failed decoding, or there was an out of memory error. Do NOT ignore
+ * it and specifically do NOT treat it the same as having no CRL, as this
+ * can compromise security !!! Ideally, you should treat this case as if you
+ * received a "catch-all" CRL where all certs you were looking up are
+ * considered to be revoked
+ */
+static SECStatus
+SEC_FindCrlByKeyOnSlot(PK11SlotInfo* slot, SECItem* crlKey, int type,
+                       CERTSignedCrl** decoded, PRInt32 decodeoptions)
+{
+    SECStatus rv = SECSuccess;
+    CERTSignedCrl* crl = NULL;
+    SECItem* derCrl = NULL;
+    CK_OBJECT_HANDLE crlHandle = 0;
+    char* url = NULL;
+
+    PORT_Assert(decoded);
+    if (!decoded) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    derCrl = PK11_FindCrlByName(&slot, &crlHandle, crlKey, type, &url);
+    if (derCrl == NULL) {
+        /* if we had a problem other than the CRL just didn't exist, return
+         * a failure to the upper level */
+        int nsserror = PORT_GetError();
+        if (nsserror != SEC_ERROR_CRL_NOT_FOUND) {
+            rv = SECFailure;
+        }
+        goto loser;
+    }
+    PORT_Assert(crlHandle != CK_INVALID_HANDLE);
+    /* PK11_FindCrlByName obtained a slot reference. */
+
+    /* derCRL is a fresh HEAP copy made for us by PK11_FindCrlByName.
+       Force adoption of the DER CRL from the heap - this will cause it
+       to be automatically freed when SEC_DestroyCrl is invoked */
+    decodeoptions |= (CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_DONT_COPY_DER);
+
+    crl = CERT_DecodeDERCrlWithFlags(NULL, derCrl, type, decodeoptions);
+    if (crl) {
+        crl->slot = slot;
+        slot = NULL;   /* adopt it */
+        derCrl = NULL; /* adopted by the crl struct */
+        crl->pkcs11ID = crlHandle;
+        if (url) {
+            crl->url = PORT_ArenaStrdup(crl->arena, url);
+        }
+    } else {
+        rv = SECFailure;
+    }
+
+    if (url) {
+        PORT_Free(url);
+    }
+
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+
+loser:
+    if (derCrl) {
+        SECITEM_FreeItem(derCrl, PR_TRUE);
+    }
+
+    *decoded = crl;
+
+    return rv;
+}
+
+CERTSignedCrl*
+crl_storeCRL(PK11SlotInfo* slot, char* url, CERTSignedCrl* newCrl,
+             SECItem* derCrl, int type)
+{
+    CERTSignedCrl *oldCrl = NULL, *crl = NULL;
+    PRBool deleteOldCrl = PR_FALSE;
+    CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE;
+
+    PORT_Assert(newCrl);
+    PORT_Assert(derCrl);
+    PORT_Assert(type == SEC_CRL_TYPE);
+
+    if (type != SEC_CRL_TYPE) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /* we can't use the cache here because we must look in the same
+       token */
+    (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, &oldCrl,
+                                 CRL_DECODE_SKIP_ENTRIES);
+    /* if there is an old crl on the token, make sure the one we are
+       installing is newer. If not, exit out, otherwise delete the
+       old crl.
+     */
+    if (oldCrl != NULL) {
+        /* if it's already there, quietly continue */
+        if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl) == SECEqual) {
+            crl = newCrl;
+            crl->slot = PK11_ReferenceSlot(slot);
+            crl->pkcs11ID = oldCrl->pkcs11ID;
+            if (oldCrl->url && !url)
+                url = oldCrl->url;
+            if (url)
+                crl->url = PORT_ArenaStrdup(crl->arena, url);
+            goto done;
+        }
+        if (!SEC_CrlIsNewer(&newCrl->crl, &oldCrl->crl)) {
+            PORT_SetError(SEC_ERROR_OLD_CRL);
+            goto done;
+        }
+
+        /* if we have a url in the database, use that one */
+        if (oldCrl->url && !url) {
+            url = oldCrl->url;
+        }
+
+        /* really destroy this crl */
+        /* first drum it out of the permanment Data base */
+        deleteOldCrl = PR_TRUE;
+    }
+
+    /* invalidate CRL cache for this issuer */
+    CERT_CRLCacheRefreshIssuer(NULL, &newCrl->crl.derName);
+    /* Write the new entry into the data base */
+    crlHandle = PK11_PutCrl(slot, derCrl, &newCrl->crl.derName, url, type);
+    if (crlHandle != CK_INVALID_HANDLE) {
+        crl = newCrl;
+        crl->slot = PK11_ReferenceSlot(slot);
+        crl->pkcs11ID = crlHandle;
+        if (url) {
+            crl->url = PORT_ArenaStrdup(crl->arena, url);
+        }
+    }
+
+done:
+    if (oldCrl) {
+        if (deleteOldCrl && crlHandle != CK_INVALID_HANDLE) {
+            SEC_DeletePermCRL(oldCrl);
+        }
+        SEC_DestroyCrl(oldCrl);
+    }
+
+    return crl;
+}
+
+/*
+ *
+ * create a new CRL from DER material.
+ *
+ * The signature on this CRL must be checked before you
+ * load it. ???
+ */
+CERTSignedCrl*
+SEC_NewCrl(CERTCertDBHandle* handle, char* url, SECItem* derCrl, int type)
+{
+    CERTSignedCrl* retCrl = NULL;
+    PK11SlotInfo* slot = PK11_GetInternalKeySlot();
+    retCrl =
+        PK11_ImportCRL(slot, derCrl, url, type, NULL, CRL_IMPORT_BYPASS_CHECKS,
+                       NULL, CRL_DECODE_DEFAULT_OPTIONS);
+    PK11_FreeSlot(slot);
+
+    return retCrl;
+}
+
+CERTSignedCrl*
+SEC_FindCrlByDERCert(CERTCertDBHandle* handle, SECItem* derCrl, int type)
+{
+    PLArenaPool* arena;
+    SECItem crlKey;
+    SECStatus rv;
+    CERTSignedCrl* crl = NULL;
+
+    /* create a scratch arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return (NULL);
+    }
+
+    /* extract the database key from the cert */
+    rv = CERT_KeyFromDERCrl(arena, derCrl, &crlKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* find the crl */
+    crl = SEC_FindCrlByName(handle, &crlKey, type);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (crl);
+}
+
+CERTSignedCrl*
+SEC_DupCrl(CERTSignedCrl* acrl)
+{
+    if (acrl) {
+        PR_ATOMIC_INCREMENT(&acrl->referenceCount);
+        return acrl;
+    }
+    return NULL;
+}
+
+SECStatus
+SEC_DestroyCrl(CERTSignedCrl* crl)
+{
+    if (crl) {
+        if (PR_ATOMIC_DECREMENT(&crl->referenceCount) < 1) {
+            if (crl->slot) {
+                PK11_FreeSlot(crl->slot);
+            }
+            if (GetOpaqueCRLFields(crl) &&
+                PR_TRUE == GetOpaqueCRLFields(crl)->heapDER) {
+                SECITEM_FreeItem(crl->derCrl, PR_TRUE);
+            }
+            if (crl->arena) {
+                PORT_FreeArena(crl->arena, PR_FALSE);
+            }
+        }
+        return SECSuccess;
+    } else {
+        return SECFailure;
+    }
+}
+
+SECStatus
+SEC_LookupCrls(CERTCertDBHandle* handle, CERTCrlHeadNode** nodes, int type)
+{
+    CERTCrlHeadNode* head;
+    PLArenaPool* arena = NULL;
+    SECStatus rv;
+
+    *nodes = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return SECFailure;
+    }
+
+    /* build a head structure */
+    head = (CERTCrlHeadNode*)PORT_ArenaAlloc(arena, sizeof(CERTCrlHeadNode));
+    head->arena = arena;
+    head->first = NULL;
+    head->last = NULL;
+    head->dbhandle = handle;
+
+    /* Look up the proper crl types */
+    *nodes = head;
+
+    rv = PK11_LookupCrls(head, type, NULL);
+
+    if (rv != SECSuccess) {
+        if (arena) {
+            PORT_FreeArena(arena, PR_FALSE);
+            *nodes = NULL;
+        }
+    }
+
+    return rv;
+}
+
+/* These functions simply return the address of the above-declared templates.
+** This is necessary for Windows DLLs.  Sigh.
+*/
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_IssuerAndSNTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CrlTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedCrlTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SetOfSignedCrlTemplate)
+
+/* CRL cache code starts here */
+
+/* constructor */
+static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl,
+                                  CRLOrigin origin);
+/* destructor */
+static SECStatus CachedCrl_Destroy(CachedCrl* crl);
+
+/* create hash table of CRL entries */
+static SECStatus CachedCrl_Populate(CachedCrl* crlobject);
+
+/* empty the cache content */
+static SECStatus CachedCrl_Depopulate(CachedCrl* crl);
+
+/* are these CRLs the same, as far as the cache is concerned ?
+   Or are they the same token object, but with different DER ? */
+
+static SECStatus CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe,
+                                   PRBool* isUpdated);
+
+/* create a DPCache object */
+static SECStatus DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer,
+                                const SECItem* subject, SECItem* dp);
+
+/* destructor for CRL DPCache object */
+static SECStatus DPCache_Destroy(CRLDPCache* cache);
+
+/* add a new CRL object to the dynamic array of CRLs of the DPCache, and
+   returns the cached CRL object . Needs write access to DPCache. */
+static SECStatus DPCache_AddCRL(CRLDPCache* cache, CachedCrl* crl,
+                                PRBool* added);
+
+/* fetch the CRL for this DP from the PKCS#11 tokens */
+static SECStatus DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate,
+                                         void* wincx);
+
+/* update the content of the CRL cache, including fetching of CRLs, and
+   reprocessing with specified issuer and date */
+static SECStatus DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* issuer,
+                                     PRBool readlocked, PRTime vfdate,
+                                     void* wincx);
+
+/* returns true if there are CRLs from PKCS#11 slots */
+static PRBool DPCache_HasTokenCRLs(CRLDPCache* cache);
+
+/* remove CRL at offset specified */
+static SECStatus DPCache_RemoveCRL(CRLDPCache* cache, PRUint32 offset);
+
+/* Pick best CRL to use . needs write access */
+static SECStatus DPCache_SelectCRL(CRLDPCache* cache);
+
+/* create an issuer cache object (per CA subject ) */
+static SECStatus IssuerCache_Create(CRLIssuerCache** returned,
+                                    CERTCertificate* issuer,
+                                    const SECItem* subject, const SECItem* dp);
+
+/* destructor for CRL IssuerCache object */
+SECStatus IssuerCache_Destroy(CRLIssuerCache* cache);
+
+/* add a DPCache to the issuer cache */
+static SECStatus IssuerCache_AddDP(CRLIssuerCache* cache,
+                                   CERTCertificate* issuer,
+                                   const SECItem* subject, const SECItem* dp,
+                                   CRLDPCache** newdpc);
+
+/* get a particular DPCache object from an IssuerCache */
+static CRLDPCache* IssuerCache_GetDPCache(CRLIssuerCache* cache,
+                                          const SECItem* dp);
+
+/*
+** Pre-allocator hash allocator ops.
+*/
+
+/* allocate memory for hash table */
+static void* PR_CALLBACK
+PreAllocTable(void* pool, PRSize size)
+{
+    PreAllocator* alloc = (PreAllocator*)pool;
+    PORT_Assert(alloc);
+    if (!alloc) {
+        /* no allocator, or buffer full */
+        return NULL;
+    }
+    if (size > (alloc->len - alloc->used)) {
+        /* initial buffer full, let's use the arena */
+        alloc->extra += size;
+        return PORT_ArenaAlloc(alloc->arena, size);
+    }
+    /* use the initial buffer */
+    alloc->used += size;
+    return (char*)alloc->data + alloc->used - size;
+}
+
+/* free hash table memory.
+   Individual PreAllocator elements cannot be freed, so this is a no-op. */
+static void PR_CALLBACK
+PreFreeTable(void* pool, void* item)
+{
+}
+
+/* allocate memory for hash table */
+static PLHashEntry* PR_CALLBACK
+PreAllocEntry(void* pool, const void* key)
+{
+    return PreAllocTable(pool, sizeof(PLHashEntry));
+}
+
+/* free hash table entry.
+   Individual PreAllocator elements cannot be freed, so this is a no-op. */
+static void PR_CALLBACK
+PreFreeEntry(void* pool, PLHashEntry* he, PRUintn flag)
+{
+}
+
+/* methods required for PL hash table functions */
+static PLHashAllocOps preAllocOps = { PreAllocTable, PreFreeTable,
+                                      PreAllocEntry, PreFreeEntry };
+
+/* destructor for PreAllocator object */
+void
+PreAllocator_Destroy(PreAllocator* PreAllocator)
+{
+    if (!PreAllocator) {
+        return;
+    }
+    if (PreAllocator->arena) {
+        PORT_FreeArena(PreAllocator->arena, PR_TRUE);
+    }
+}
+
+/* constructor for PreAllocator object */
+PreAllocator*
+PreAllocator_Create(PRSize size)
+{
+    PLArenaPool* arena = NULL;
+    PreAllocator* prebuffer = NULL;
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return NULL;
+    }
+    prebuffer = (PreAllocator*)PORT_ArenaZAlloc(arena, sizeof(PreAllocator));
+    if (!prebuffer) {
+        PORT_FreeArena(arena, PR_TRUE);
+        return NULL;
+    }
+    prebuffer->arena = arena;
+
+    if (size) {
+        prebuffer->len = size;
+        prebuffer->data = PORT_ArenaAlloc(arena, size);
+        if (!prebuffer->data) {
+            PORT_FreeArena(arena, PR_TRUE);
+            return NULL;
+        }
+    }
+    return prebuffer;
+}
+
+/* global Named CRL cache object */
+static NamedCRLCache namedCRLCache = { NULL, NULL };
+
+/* global CRL cache object */
+static CRLCache crlcache = { NULL, NULL };
+
+/* initial state is off */
+static PRBool crlcache_initialized = PR_FALSE;
+
+PRTime CRLCache_Empty_TokenFetch_Interval = 60 * 1000000; /* how often
+    to query the tokens for CRL objects, in order to discover new objects, if
+    the cache does not contain any token CRLs . In microseconds */
+
+PRTime CRLCache_TokenRefetch_Interval = 600 * 1000000; /* how often
+   to query the tokens for CRL objects, in order to discover new objects, if
+   the cache already contains token CRLs In microseconds */
+
+PRTime CRLCache_ExistenceCheck_Interval = 60 * 1000000; /* how often to check
+    if a token CRL object still exists. In microseconds */
+
+/* this function is called at NSS initialization time */
+SECStatus
+InitCRLCache(void)
+{
+    if (PR_FALSE == crlcache_initialized) {
+        PORT_Assert(NULL == crlcache.lock);
+        PORT_Assert(NULL == crlcache.issuers);
+        PORT_Assert(NULL == namedCRLCache.lock);
+        PORT_Assert(NULL == namedCRLCache.entries);
+        if (crlcache.lock || crlcache.issuers || namedCRLCache.lock ||
+            namedCRLCache.entries) {
+            /* CRL cache already partially initialized */
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+#ifdef GLOBAL_RWLOCK
+        crlcache.lock = NSSRWLock_New(NSS_RWLOCK_RANK_NONE, NULL);
+#else
+        crlcache.lock = PR_NewLock();
+#endif
+        namedCRLCache.lock = PR_NewLock();
+        crlcache.issuers = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+                                           PL_CompareValues, NULL, NULL);
+        namedCRLCache.entries = PL_NewHashTable(
+            0, SECITEM_Hash, SECITEM_HashCompare, PL_CompareValues, NULL, NULL);
+        if (!crlcache.lock || !namedCRLCache.lock || !crlcache.issuers ||
+            !namedCRLCache.entries) {
+            if (crlcache.lock) {
+#ifdef GLOBAL_RWLOCK
+                NSSRWLock_Destroy(crlcache.lock);
+#else
+                PR_DestroyLock(crlcache.lock);
+#endif
+                crlcache.lock = NULL;
+            }
+            if (namedCRLCache.lock) {
+                PR_DestroyLock(namedCRLCache.lock);
+                namedCRLCache.lock = NULL;
+            }
+            if (crlcache.issuers) {
+                PL_HashTableDestroy(crlcache.issuers);
+                crlcache.issuers = NULL;
+            }
+            if (namedCRLCache.entries) {
+                PL_HashTableDestroy(namedCRLCache.entries);
+                namedCRLCache.entries = NULL;
+            }
+
+            return SECFailure;
+        }
+        crlcache_initialized = PR_TRUE;
+        return SECSuccess;
+    } else {
+        PORT_Assert(crlcache.lock);
+        PORT_Assert(crlcache.issuers);
+        if ((NULL == crlcache.lock) || (NULL == crlcache.issuers)) {
+            /* CRL cache not fully initialized */
+            return SECFailure;
+        } else {
+            /* CRL cache already initialized */
+            return SECSuccess;
+        }
+    }
+}
+
+/* destructor for CRL DPCache object */
+static SECStatus
+DPCache_Destroy(CRLDPCache* cache)
+{
+    PRUint32 i = 0;
+    PORT_Assert(cache);
+    if (!cache) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (cache->lock) {
+#ifdef DPC_RWLOCK
+        NSSRWLock_Destroy(cache->lock);
+#else
+        PR_DestroyLock(cache->lock);
+#endif
+    } else {
+        PORT_Assert(0);
+        return SECFailure;
+    }
+    /* destroy all our CRL objects */
+    for (i = 0; i < cache->ncrls; i++) {
+        if (!cache->crls || !cache->crls[i] ||
+            SECSuccess != CachedCrl_Destroy(cache->crls[i])) {
+            return SECFailure;
+        }
+    }
+    /* free the array of CRLs */
+    if (cache->crls) {
+        PORT_Free(cache->crls);
+    }
+    /* destroy the cert */
+    if (cache->issuerDERCert) {
+        SECITEM_FreeItem(cache->issuerDERCert, PR_TRUE);
+    }
+    /* free the subject */
+    if (cache->subject) {
+        SECITEM_FreeItem(cache->subject, PR_TRUE);
+    }
+    /* free the distribution points */
+    if (cache->distributionPoint) {
+        SECITEM_FreeItem(cache->distributionPoint, PR_TRUE);
+    }
+    PORT_Free(cache);
+    return SECSuccess;
+}
+
+/* destructor for CRL IssuerCache object */
+SECStatus
+IssuerCache_Destroy(CRLIssuerCache* cache)
+{
+    PORT_Assert(cache);
+    if (!cache) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+#ifdef XCRL
+    if (cache->lock) {
+        NSSRWLock_Destroy(cache->lock);
+    } else {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (cache->issuer) {
+        CERT_DestroyCertificate(cache->issuer);
+    }
+#endif
+    /* free the subject */
+    if (cache->subject) {
+        SECITEM_FreeItem(cache->subject, PR_TRUE);
+    }
+    if (SECSuccess != DPCache_Destroy(cache->dpp)) {
+        PORT_Assert(0);
+        return SECFailure;
+    }
+    PORT_Free(cache);
+    return SECSuccess;
+}
+
+/* create a named CRL entry object */
+static SECStatus
+NamedCRLCacheEntry_Create(NamedCRLCacheEntry** returned)
+{
+    NamedCRLCacheEntry* entry = NULL;
+    if (!returned) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    *returned = NULL;
+    entry = (NamedCRLCacheEntry*)PORT_ZAlloc(sizeof(NamedCRLCacheEntry));
+    if (!entry) {
+        return SECFailure;
+    }
+    *returned = entry;
+    return SECSuccess;
+}
+
+/* destroy a named CRL entry object */
+static SECStatus
+NamedCRLCacheEntry_Destroy(NamedCRLCacheEntry* entry)
+{
+    if (!entry) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (entry->crl) {
+        /* named CRL cache owns DER memory */
+        SECITEM_ZfreeItem(entry->crl, PR_TRUE);
+    }
+    if (entry->canonicalizedName) {
+        SECITEM_FreeItem(entry->canonicalizedName, PR_TRUE);
+    }
+    PORT_Free(entry);
+    return SECSuccess;
+}
+
+/* callback function used in hash table destructor */
+static PRIntn PR_CALLBACK
+FreeIssuer(PLHashEntry* he, PRIntn i, void* arg)
+{
+    CRLIssuerCache* issuer = NULL;
+    SECStatus* rv = (SECStatus*)arg;
+
+    PORT_Assert(he);
+    if (!he) {
+        return HT_ENUMERATE_NEXT;
+    }
+    issuer = (CRLIssuerCache*)he->value;
+    PORT_Assert(issuer);
+    if (issuer) {
+        if (SECSuccess != IssuerCache_Destroy(issuer)) {
+            PORT_Assert(rv);
+            if (rv) {
+                *rv = SECFailure;
+            }
+            return HT_ENUMERATE_NEXT;
+        }
+    }
+    return HT_ENUMERATE_NEXT;
+}
+
+/* callback function used in hash table destructor */
+static PRIntn PR_CALLBACK
+FreeNamedEntries(PLHashEntry* he, PRIntn i, void* arg)
+{
+    NamedCRLCacheEntry* entry = NULL;
+    SECStatus* rv = (SECStatus*)arg;
+
+    PORT_Assert(he);
+    if (!he) {
+        return HT_ENUMERATE_NEXT;
+    }
+    entry = (NamedCRLCacheEntry*)he->value;
+    PORT_Assert(entry);
+    if (entry) {
+        if (SECSuccess != NamedCRLCacheEntry_Destroy(entry)) {
+            PORT_Assert(rv);
+            if (rv) {
+                *rv = SECFailure;
+            }
+            return HT_ENUMERATE_NEXT;
+        }
+    }
+    return HT_ENUMERATE_NEXT;
+}
+
+/* needs to be called at NSS shutdown time
+   This will destroy the global CRL cache, including
+   - the hash table of issuer cache objects
+   - the issuer cache objects
+   - DPCache objects in issuer cache objects */
+SECStatus
+ShutdownCRLCache(void)
+{
+    SECStatus rv = SECSuccess;
+    if (PR_FALSE == crlcache_initialized && !crlcache.lock &&
+        !crlcache.issuers) {
+        /* CRL cache has already been shut down */
+        return SECSuccess;
+    }
+    if (PR_TRUE == crlcache_initialized &&
+        (!crlcache.lock || !crlcache.issuers || !namedCRLCache.lock ||
+         !namedCRLCache.entries)) {
+        /* CRL cache has partially been shut down */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* empty the CRL cache */
+    /* free the issuers */
+    PL_HashTableEnumerateEntries(crlcache.issuers, &FreeIssuer, &rv);
+    /* free the hash table of issuers */
+    PL_HashTableDestroy(crlcache.issuers);
+    crlcache.issuers = NULL;
+/* free the global lock */
+#ifdef GLOBAL_RWLOCK
+    NSSRWLock_Destroy(crlcache.lock);
+#else
+    PR_DestroyLock(crlcache.lock);
+#endif
+    crlcache.lock = NULL;
+
+    /* empty the named CRL cache. This must be done after freeing the CRL
+     * cache, since some CRLs in this cache are in the memory for the other  */
+    /* free the entries */
+    PL_HashTableEnumerateEntries(namedCRLCache.entries, &FreeNamedEntries, &rv);
+    /* free the hash table of issuers */
+    PL_HashTableDestroy(namedCRLCache.entries);
+    namedCRLCache.entries = NULL;
+    /* free the global lock */
+    PR_DestroyLock(namedCRLCache.lock);
+    namedCRLCache.lock = NULL;
+
+    crlcache_initialized = PR_FALSE;
+    return rv;
+}
+
+/* add a new CRL object to the dynamic array of CRLs of the DPCache, and
+   returns the cached CRL object . Needs write access to DPCache. */
+static SECStatus
+DPCache_AddCRL(CRLDPCache* cache, CachedCrl* newcrl, PRBool* added)
+{
+    CachedCrl** newcrls = NULL;
+    PRUint32 i = 0;
+    PORT_Assert(cache);
+    PORT_Assert(newcrl);
+    PORT_Assert(added);
+    if (!cache || !newcrl || !added) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    *added = PR_FALSE;
+    /* before adding a new CRL, check if it is a duplicate */
+    for (i = 0; i < cache->ncrls; i++) {
+        CachedCrl* existing = NULL;
+        SECStatus rv = SECSuccess;
+        PRBool dupe = PR_FALSE, updated = PR_FALSE;
+        if (!cache->crls) {
+            PORT_Assert(0);
+            return SECFailure;
+        }
+        existing = cache->crls[i];
+        if (!existing) {
+            PORT_Assert(0);
+            return SECFailure;
+        }
+        rv = CachedCrl_Compare(existing, newcrl, &dupe, &updated);
+        if (SECSuccess != rv) {
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+        if (PR_TRUE == dupe) {
+            /* dupe */
+            PORT_SetError(SEC_ERROR_CRL_ALREADY_EXISTS);
+            return SECSuccess;
+        }
+        if (PR_TRUE == updated) {
+            /* this token CRL is in the same slot and has the same object ID,
+               but different content. We need to remove the old object */
+            if (SECSuccess != DPCache_RemoveCRL(cache, i)) {
+                PORT_Assert(0);
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                return PR_FALSE;
+            }
+        }
+    }
+
+    newcrls = (CachedCrl**)PORT_Realloc(cache->crls, (cache->ncrls + 1) *
+                                                         sizeof(CachedCrl*));
+    if (!newcrls) {
+        return SECFailure;
+    }
+    cache->crls = newcrls;
+    cache->ncrls++;
+    cache->crls[cache->ncrls - 1] = newcrl;
+    *added = PR_TRUE;
+    return SECSuccess;
+}
+
+/* remove CRL at offset specified */
+static SECStatus
+DPCache_RemoveCRL(CRLDPCache* cache, PRUint32 offset)
+{
+    CachedCrl* acrl = NULL;
+    PORT_Assert(cache);
+    if (!cache || (!cache->crls) || (!(offset < cache->ncrls))) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    acrl = cache->crls[offset];
+    PORT_Assert(acrl);
+    if (!acrl) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    cache->crls[offset] = cache->crls[cache->ncrls - 1];
+    cache->crls[cache->ncrls - 1] = NULL;
+    cache->ncrls--;
+    if (cache->selected == acrl) {
+        cache->selected = NULL;
+    }
+    if (SECSuccess != CachedCrl_Destroy(acrl)) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* check whether a CRL object stored in a PKCS#11 token still exists in
+   that token . This has to be efficient (the entire CRL value cannot be
+   transferred accross the token boundaries), so this is accomplished by
+   simply fetching the subject attribute and making sure it hasn't changed .
+   Note that technically, the CRL object could have been replaced with a new
+   PKCS#11 object of the same ID and subject (which actually happens in
+   softoken), but this function has no way of knowing that the object
+   value changed, since CKA_VALUE isn't checked. */
+static PRBool
+TokenCRLStillExists(CERTSignedCrl* crl)
+{
+    NSSItem newsubject;
+    SECItem subject;
+    CK_ULONG crl_class;
+    PRStatus status;
+    PK11SlotInfo* slot = NULL;
+    nssCryptokiObject instance;
+    NSSArena* arena;
+    PRBool xstatus = PR_TRUE;
+    SECItem* oldSubject = NULL;
+
+    PORT_Assert(crl);
+    if (!crl) {
+        return PR_FALSE;
+    }
+    slot = crl->slot;
+    PORT_Assert(crl->slot);
+    if (!slot) {
+        return PR_FALSE;
+    }
+    oldSubject = &crl->crl.derName;
+    PORT_Assert(oldSubject);
+    if (!oldSubject) {
+        return PR_FALSE;
+    }
+
+    /* query subject and type attributes in order to determine if the
+       object has been deleted */
+
+    /* first, make an nssCryptokiObject */
+    instance.handle = crl->pkcs11ID;
+    PORT_Assert(instance.handle);
+    if (!instance.handle) {
+        return PR_FALSE;
+    }
+    instance.token = PK11Slot_GetNSSToken(slot);
+    PORT_Assert(instance.token);
+    if (!instance.token) {
+        return PR_FALSE;
+    }
+    instance.isTokenObject = PR_TRUE;
+    instance.label = NULL;
+
+    arena = NSSArena_Create();
+    PORT_Assert(arena);
+    if (!arena) {
+        return PR_FALSE;
+    }
+
+    status =
+        nssCryptokiCRL_GetAttributes(&instance, NULL,          /* XXX sessionOpt */
+                                     arena, NULL, &newsubject, /* subject */
+                                     &crl_class,               /* class */
+                                     NULL, NULL);
+    if (PR_SUCCESS == status) {
+        subject.data = newsubject.data;
+        subject.len = newsubject.size;
+        if (SECITEM_CompareItem(oldSubject, &subject) != SECEqual) {
+            xstatus = PR_FALSE;
+        }
+        if (CKO_NETSCAPE_CRL != crl_class) {
+            xstatus = PR_FALSE;
+        }
+    } else {
+        xstatus = PR_FALSE;
+    }
+    NSSArena_Destroy(arena);
+    return xstatus;
+}
+
+/* verify the signature of a CRL against its issuer at a given date */
+static SECStatus
+CERT_VerifyCRL(CERTSignedCrl* crlobject, CERTCertificate* issuer, PRTime vfdate,
+               void* wincx)
+{
+    return CERT_VerifySignedData(&crlobject->signatureWrap, issuer, vfdate,
+                                 wincx);
+}
+
+/* verify a CRL and update cache state */
+static SECStatus
+CachedCrl_Verify(CRLDPCache* cache, CachedCrl* crlobject, PRTime vfdate,
+                 void* wincx)
+{
+    /*  Check if it is an invalid CRL
+        if we got a bad CRL, we want to cache it in order to avoid
+        subsequent fetches of this same identical bad CRL. We set
+        the cache to the invalid state to ensure that all certs on this
+        DP are considered to have unknown status from now on. The cache
+        object will remain in this state until the bad CRL object
+        is removed from the token it was fetched from. If the cause
+        of the failure is that we didn't have the issuer cert to
+        verify the signature, this state can be cleared when
+        the issuer certificate becomes available if that causes the
+        signature to verify */
+
+    if (!cache || !crlobject) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (PR_TRUE == GetOpaqueCRLFields(crlobject->crl)->decodingError) {
+        crlobject->sigChecked = PR_TRUE; /* we can never verify a CRL
+            with bogus DER. Mark it checked so we won't try again */
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return SECSuccess;
+    } else {
+        SECStatus signstatus = SECFailure;
+        if (cache->issuerDERCert) {
+            CERTCertificate* issuer = CERT_NewTempCertificate(
+                cache->dbHandle, cache->issuerDERCert, NULL, PR_FALSE, PR_TRUE);
+
+            if (issuer) {
+                signstatus =
+                    CERT_VerifyCRL(crlobject->crl, issuer, vfdate, wincx);
+                CERT_DestroyCertificate(issuer);
+            }
+        }
+        if (SECSuccess != signstatus) {
+            if (!cache->issuerDERCert) {
+                /* we tried to verify without an issuer cert . This is
+                   because this CRL came through a call to SEC_FindCrlByName.
+                   So, we don't cache this verification failure. We'll try
+                   to verify the CRL again when a certificate from that issuer
+                   becomes available */
+            } else {
+                crlobject->sigChecked = PR_TRUE;
+            }
+            PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE);
+            return SECSuccess;
+        } else {
+            crlobject->sigChecked = PR_TRUE;
+            crlobject->sigValid = PR_TRUE;
+        }
+    }
+
+    return SECSuccess;
+}
+
+/* fetch the CRLs for this DP from the PKCS#11 tokens */
+static SECStatus
+DPCache_FetchFromTokens(CRLDPCache* cache, PRTime vfdate, void* wincx)
+{
+    SECStatus rv = SECSuccess;
+    CERTCrlHeadNode head;
+    if (!cache) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* first, initialize list */
+    memset(&head, 0, sizeof(head));
+    head.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    rv = pk11_RetrieveCrls(&head, cache->subject, wincx);
+
+    /* if this function fails, something very wrong happened, such as an out
+       of memory error during CRL decoding. We don't want to proceed and must
+       mark the cache object invalid */
+    if (SECFailure == rv) {
+        /* fetch failed, add error bit */
+        cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
+    } else {
+        /* fetch was successful, clear this error bit */
+        cache->invalid &= (~CRL_CACHE_LAST_FETCH_FAILED);
+    }
+
+    /* add any CRLs found to our array */
+    if (SECSuccess == rv) {
+        CERTCrlNode* crlNode = NULL;
+
+        for (crlNode = head.first; crlNode; crlNode = crlNode->next) {
+            CachedCrl* returned = NULL;
+            CERTSignedCrl* crlobject = crlNode->crl;
+            if (!crlobject) {
+                PORT_Assert(0);
+                continue;
+            }
+            rv = CachedCrl_Create(&returned, crlobject, CRL_OriginToken);
+            if (SECSuccess == rv) {
+                PRBool added = PR_FALSE;
+                rv = DPCache_AddCRL(cache, returned, &added);
+                if (PR_TRUE != added) {
+                    rv = CachedCrl_Destroy(returned);
+                    returned = NULL;
+                } else if (vfdate) {
+                    rv = CachedCrl_Verify(cache, returned, vfdate, wincx);
+                }
+            } else {
+                /* not enough memory to add the CRL to the cache. mark it
+                   invalid so we will try again . */
+                cache->invalid |= CRL_CACHE_LAST_FETCH_FAILED;
+            }
+            if (SECFailure == rv) {
+                break;
+            }
+        }
+    }
+
+    if (head.arena) {
+        CERTCrlNode* crlNode = NULL;
+        /* clean up the CRL list in case we got a partial one
+           during a failed fetch */
+        for (crlNode = head.first; crlNode; crlNode = crlNode->next) {
+            if (crlNode->crl) {
+                SEC_DestroyCrl(crlNode->crl); /* free the CRL. Either it got
+                   added to the cache and the refcount got bumped, or not, and
+                   thus we need to free its RAM */
+            }
+        }
+        PORT_FreeArena(head.arena, PR_FALSE); /* destroy CRL list */
+    }
+
+    return rv;
+}
+
+static SECStatus
+CachedCrl_GetEntry(CachedCrl* crl, const SECItem* sn, CERTCrlEntry** returned)
+{
+    CERTCrlEntry* acrlEntry;
+
+    PORT_Assert(crl);
+    PORT_Assert(crl->entries);
+    PORT_Assert(sn);
+    PORT_Assert(returned);
+    if (!crl || !sn || !returned || !crl->entries) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    acrlEntry = PL_HashTableLookup(crl->entries, (void*)sn);
+    if (acrlEntry) {
+        *returned = acrlEntry;
+    } else {
+        *returned = NULL;
+    }
+    return SECSuccess;
+}
+
+/* check if a particular SN is in the CRL cache and return its entry */
+dpcacheStatus
+DPCache_Lookup(CRLDPCache* cache, const SECItem* sn, CERTCrlEntry** returned)
+{
+    SECStatus rv;
+    if (!cache || !sn || !returned) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        /* no cache or SN to look up, or no way to return entry */
+        return dpcacheCallerError;
+    }
+    *returned = NULL;
+    if (0 != cache->invalid) {
+        /* the cache contains a bad CRL, or there was a CRL fetching error. */
+        PORT_SetError(SEC_ERROR_CRL_INVALID);
+        return dpcacheInvalidCacheError;
+    }
+    if (!cache->selected) {
+        /* no CRL means no entry to return. This is OK, except for
+         * NIST policy */
+        return dpcacheEmpty;
+    }
+    rv = CachedCrl_GetEntry(cache->selected, sn, returned);
+    if (SECSuccess != rv) {
+        return dpcacheLookupError;
+    } else {
+        if (*returned) {
+            return dpcacheFoundEntry;
+        } else {
+            return dpcacheNoEntry;
+        }
+    }
+}
+
+#if defined(DPC_RWLOCK)
+
+#define DPCache_LockWrite()                    \
+    {                                          \
+        if (readlocked) {                      \
+            NSSRWLock_UnlockRead(cache->lock); \
+        }                                      \
+        NSSRWLock_LockWrite(cache->lock);      \
+    }
+
+#define DPCache_UnlockWrite()                \
+    {                                        \
+        if (readlocked) {                    \
+            NSSRWLock_LockRead(cache->lock); \
+        }                                    \
+        NSSRWLock_UnlockWrite(cache->lock);  \
+    }
+
+#else
+
+/* with a global lock, we are always locked for read before we need write
+   access, so do nothing */
+
+#define DPCache_LockWrite() \
+    {                       \
+    }
+
+#define DPCache_UnlockWrite() \
+    {                         \
+    }
+
+#endif
+
+/* update the content of the CRL cache, including fetching of CRLs, and
+   reprocessing with specified issuer and date . We are always holding
+   either the read or write lock on DPCache upon entry. */
+static SECStatus
+DPCache_GetUpToDate(CRLDPCache* cache, CERTCertificate* issuer,
+                    PRBool readlocked, PRTime vfdate, void* wincx)
+{
+    /* Update the CRLDPCache now. We don't cache token CRL lookup misses
+       yet, as we have no way of getting notified of new PKCS#11 object
+       creation that happens in a token  */
+    SECStatus rv = SECSuccess;
+    PRUint32 i = 0;
+    PRBool forcedrefresh = PR_FALSE;
+    PRBool dirty = PR_FALSE; /* whether something was changed in the
+                                cache state during this update cycle */
+    PRBool hastokenCRLs = PR_FALSE;
+    PRTime now = 0;
+    PRTime lastfetch = 0;
+    PRBool mustunlock = PR_FALSE;
+
+    if (!cache) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /* first, make sure we have obtained all the CRLs we need.
+       We do an expensive token fetch in the following cases :
+       1) cache is empty because no fetch was ever performed yet
+       2) cache is explicitly set to refresh state
+       3) cache is in invalid state because last fetch failed
+       4) cache contains no token CRLs, and it's been more than one minute
+          since the last fetch
+       5) cache contains token CRLs, and it's been more than 10 minutes since
+          the last fetch
+    */
+    forcedrefresh = cache->refresh;
+    lastfetch = cache->lastfetch;
+    if (PR_TRUE != forcedrefresh &&
+        (!(cache->invalid & CRL_CACHE_LAST_FETCH_FAILED))) {
+        now = PR_Now();
+        hastokenCRLs = DPCache_HasTokenCRLs(cache);
+    }
+    if ((0 == lastfetch) ||
+
+        (PR_TRUE == forcedrefresh) ||
+
+        (cache->invalid & CRL_CACHE_LAST_FETCH_FAILED) ||
+
+        ((PR_FALSE == hastokenCRLs) &&
+         ((now - cache->lastfetch > CRLCache_Empty_TokenFetch_Interval) ||
+          (now < cache->lastfetch))) ||
+
+        ((PR_TRUE == hastokenCRLs) &&
+         ((now - cache->lastfetch > CRLCache_TokenRefetch_Interval) ||
+          (now < cache->lastfetch)))) {
+        /* the cache needs to be refreshed, and/or we had zero CRL for this
+           DP. Try to get one from PKCS#11 tokens */
+        DPCache_LockWrite();
+        /* check if another thread updated before us, and skip update if so */
+        if (lastfetch == cache->lastfetch) {
+            /* we are the first */
+            rv = DPCache_FetchFromTokens(cache, vfdate, wincx);
+            if (PR_TRUE == cache->refresh) {
+                cache->refresh = PR_FALSE; /* clear refresh state */
+            }
+            dirty = PR_TRUE;
+            cache->lastfetch = PR_Now();
+        }
+        DPCache_UnlockWrite();
+    }
+
+    /* now, make sure we have no extraneous CRLs (deleted token objects)
+       we'll do this inexpensive existence check either
+       1) if there was a token object fetch
+       2) every minute */
+    if ((PR_TRUE != dirty) && (!now)) {
+        now = PR_Now();
+    }
+    if ((PR_TRUE == dirty) ||
+        ((now - cache->lastcheck > CRLCache_ExistenceCheck_Interval) ||
+         (now < cache->lastcheck))) {
+        PRTime lastcheck = cache->lastcheck;
+        mustunlock = PR_FALSE;
+        /* check if all CRLs still exist */
+        for (i = 0; (i < cache->ncrls); i++) {
+            CachedCrl* savcrl = cache->crls[i];
+            if ((!savcrl) || (savcrl && CRL_OriginToken != savcrl->origin)) {
+                /* we only want to check token CRLs */
+                continue;
+            }
+            if ((PR_TRUE != TokenCRLStillExists(savcrl->crl))) {
+
+                /* this CRL is gone */
+                if (PR_TRUE != mustunlock) {
+                    DPCache_LockWrite();
+                    mustunlock = PR_TRUE;
+                }
+                /* first, we need to check if another thread did an update
+                   before we did */
+                if (lastcheck == cache->lastcheck) {
+                    /* the CRL is gone. And we are the one to do the update */
+                    DPCache_RemoveCRL(cache, i);
+                    dirty = PR_TRUE;
+                }
+                /* stay locked here intentionally so we do all the other
+                   updates in this thread for the remaining CRLs */
+            }
+        }
+        if (PR_TRUE == mustunlock) {
+            cache->lastcheck = PR_Now();
+            DPCache_UnlockWrite();
+            mustunlock = PR_FALSE;
+        }
+    }
+
+    /* add issuer certificate if it was previously unavailable */
+    if (issuer && (NULL == cache->issuerDERCert) &&
+        (SECSuccess == CERT_CheckCertUsage(issuer, KU_CRL_SIGN))) {
+        /* if we didn't have a valid issuer cert yet, but we do now. add it */
+        DPCache_LockWrite();
+        if (!cache->issuerDERCert) {
+            dirty = PR_TRUE;
+            cache->dbHandle = issuer->dbhandle;
+            cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
+        }
+        DPCache_UnlockWrite();
+    }
+
+    /* verify CRLs that couldn't be checked when inserted into the cache
+       because the issuer cert or a verification date was unavailable.
+       These are CRLs that were inserted into the cache through
+       SEC_FindCrlByName, or through manual insertion, rather than through a
+       certificate verification (CERT_CheckCRL) */
+
+    if (cache->issuerDERCert && vfdate) {
+        mustunlock = PR_FALSE;
+        /* re-process all unverified CRLs */
+        for (i = 0; i < cache->ncrls; i++) {
+            CachedCrl* savcrl = cache->crls[i];
+            if (!savcrl) {
+                continue;
+            }
+            if (PR_TRUE != savcrl->sigChecked) {
+                if (!mustunlock) {
+                    DPCache_LockWrite();
+                    mustunlock = PR_TRUE;
+                }
+                /* first, we need to check if another thread updated
+                   it before we did, and abort if it has been modified since
+                   we acquired the lock. Make sure first that the CRL is still
+                   in the array at the same position */
+                if ((i < cache->ncrls) && (savcrl == cache->crls[i]) &&
+                    (PR_TRUE != savcrl->sigChecked)) {
+                    /* the CRL is still there, unverified. Do it */
+                    CachedCrl_Verify(cache, savcrl, vfdate, wincx);
+                    dirty = PR_TRUE;
+                }
+                /* stay locked here intentionally so we do all the other
+                   updates in this thread for the remaining CRLs */
+            }
+            if (mustunlock && !dirty) {
+                DPCache_UnlockWrite();
+                mustunlock = PR_FALSE;
+            }
+        }
+    }
+
+    if (dirty || cache->mustchoose) {
+        /* changes to the content of the CRL cache necessitate examining all
+           CRLs for selection of the most appropriate one to cache */
+        if (!mustunlock) {
+            DPCache_LockWrite();
+            mustunlock = PR_TRUE;
+        }
+        DPCache_SelectCRL(cache);
+        cache->mustchoose = PR_FALSE;
+    }
+    if (mustunlock)
+        DPCache_UnlockWrite();
+
+    return rv;
+}
+
+/* callback for qsort to sort by thisUpdate */
+static int
+SortCRLsByThisUpdate(const void* arg1, const void* arg2)
+{
+    PRTime timea, timeb;
+    SECStatus rv = SECSuccess;
+    CachedCrl *a, *b;
+
+    a = *(CachedCrl**)arg1;
+    b = *(CachedCrl**)arg2;
+
+    if (!a || !b) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
+    }
+
+    if (SECSuccess == rv) {
+        rv = DER_DecodeTimeChoice(&timea, &a->crl->crl.lastUpdate);
+    }
+    if (SECSuccess == rv) {
+        rv = DER_DecodeTimeChoice(&timeb, &b->crl->crl.lastUpdate);
+    }
+    if (SECSuccess == rv) {
+        if (timea > timeb) {
+            return 1; /* a is better than b */
+        }
+        if (timea < timeb) {
+            return -1; /* a is not as good as b */
+        }
+    }
+
+    /* if they are equal, or if all else fails, use pointer differences */
+    PORT_Assert(a != b); /* they should never be equal */
+    return a > b ? 1 : -1;
+}
+
+/* callback for qsort to sort a set of disparate CRLs, some of which are
+   invalid DER or failed signature check.
+
+   Validated CRLs are differentiated by thisUpdate .
+   Validated CRLs are preferred over non-validated CRLs .
+   Proper DER CRLs are preferred over non-DER data .
+*/
+static int
+SortImperfectCRLs(const void* arg1, const void* arg2)
+{
+    CachedCrl *a, *b;
+
+    a = *(CachedCrl**)arg1;
+    b = *(CachedCrl**)arg2;
+
+    if (!a || !b) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        PORT_Assert(0);
+    } else {
+        PRBool aDecoded = PR_FALSE, bDecoded = PR_FALSE;
+        if ((PR_TRUE == a->sigValid) && (PR_TRUE == b->sigValid)) {
+            /* both CRLs have been validated, choose the latest one */
+            return SortCRLsByThisUpdate(arg1, arg2);
+        }
+        if (PR_TRUE == a->sigValid) {
+            return 1; /* a is greater than b */
+        }
+        if (PR_TRUE == b->sigValid) {
+            return -1; /* a is not as good as b */
+        }
+        aDecoded = GetOpaqueCRLFields(a->crl)->decodingError;
+        bDecoded = GetOpaqueCRLFields(b->crl)->decodingError;
+        /* neither CRL had its signature check pass */
+        if ((PR_FALSE == aDecoded) && (PR_FALSE == bDecoded)) {
+            /* both CRLs are proper DER, choose the latest one */
+            return SortCRLsByThisUpdate(arg1, arg2);
+        }
+        if (PR_FALSE == aDecoded) {
+            return 1; /* a is better than b */
+        }
+        if (PR_FALSE == bDecoded) {
+            return -1; /* a is not as good as b */
+        }
+        /* both are invalid DER. sigh. */
+    }
+    /* if they are equal, or if all else fails, use pointer differences */
+    PORT_Assert(a != b); /* they should never be equal */
+    return a > b ? 1 : -1;
+}
+
+/* Pick best CRL to use . needs write access */
+static SECStatus
+DPCache_SelectCRL(CRLDPCache* cache)
+{
+    PRUint32 i;
+    PRBool valid = PR_TRUE;
+    CachedCrl* selected = NULL;
+
+    PORT_Assert(cache);
+    if (!cache) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* if any invalid CRL is present, then the CRL cache is
+       considered invalid, for security reasons */
+    for (i = 0; i < cache->ncrls; i++) {
+        if (!cache->crls[i] || !cache->crls[i]->sigChecked ||
+            !cache->crls[i]->sigValid) {
+            valid = PR_FALSE;
+            break;
+        }
+    }
+    if (PR_TRUE == valid) {
+        /* all CRLs are valid, clear this error */
+        cache->invalid &= (~CRL_CACHE_INVALID_CRLS);
+    } else {
+        /* some CRLs are invalid, set this error */
+        cache->invalid |= CRL_CACHE_INVALID_CRLS;
+    }
+
+    if (cache->invalid) {
+        /* cache is in an invalid state, so reset it */
+        if (cache->selected) {
+            cache->selected = NULL;
+        }
+        /* also sort the CRLs imperfectly */
+        qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*), SortImperfectCRLs);
+        return SECSuccess;
+    }
+
+    if (cache->ncrls) {
+        /* all CRLs are good, sort them by thisUpdate */
+        qsort(cache->crls, cache->ncrls, sizeof(CachedCrl*), SortCRLsByThisUpdate);
+
+        /* pick the newest CRL */
+        selected = cache->crls[cache->ncrls - 1];
+
+        /* and populate the cache */
+        if (SECSuccess != CachedCrl_Populate(selected)) {
+            return SECFailure;
+        }
+    }
+
+    cache->selected = selected;
+
+    return SECSuccess;
+}
+
+/* initialize a DPCache object */
+static SECStatus
+DPCache_Create(CRLDPCache** returned, CERTCertificate* issuer,
+               const SECItem* subject, SECItem* dp)
+{
+    CRLDPCache* cache = NULL;
+    PORT_Assert(returned);
+    /* issuer and dp are allowed to be NULL */
+    if (!returned || !subject) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    *returned = NULL;
+    cache = PORT_ZAlloc(sizeof(CRLDPCache));
+    if (!cache) {
+        return SECFailure;
+    }
+#ifdef DPC_RWLOCK
+    cache->lock = NSSRWLock_New(NSS_RWLOCK_RANK_NONE, NULL);
+#else
+    cache->lock = PR_NewLock();
+#endif
+    if (!cache->lock) {
+        PORT_Free(cache);
+        return SECFailure;
+    }
+    if (issuer) {
+        cache->dbHandle = issuer->dbhandle;
+        cache->issuerDERCert = SECITEM_DupItem(&issuer->derCert);
+    }
+    cache->distributionPoint = SECITEM_DupItem(dp);
+    cache->subject = SECITEM_DupItem(subject);
+    cache->lastfetch = 0;
+    cache->lastcheck = 0;
+    *returned = cache;
+    return SECSuccess;
+}
+
+/* create an issuer cache object (per CA subject ) */
+static SECStatus
+IssuerCache_Create(CRLIssuerCache** returned, CERTCertificate* issuer,
+                   const SECItem* subject, const SECItem* dp)
+{
+    SECStatus rv = SECSuccess;
+    CRLIssuerCache* cache = NULL;
+    PORT_Assert(returned);
+    PORT_Assert(subject);
+    /* issuer and dp are allowed to be NULL */
+    if (!returned || !subject) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    *returned = NULL;
+    cache = (CRLIssuerCache*)PORT_ZAlloc(sizeof(CRLIssuerCache));
+    if (!cache) {
+        return SECFailure;
+    }
+    cache->subject = SECITEM_DupItem(subject);
+#ifdef XCRL
+    cache->lock = NSSRWLock_New(NSS_RWLOCK_RANK_NONE, NULL);
+    if (!cache->lock) {
+        rv = SECFailure;
+    }
+    if (SECSuccess == rv && issuer) {
+        cache->issuer = CERT_DupCertificate(issuer);
+        if (!cache->issuer) {
+            rv = SECFailure;
+        }
+    }
+#endif
+    if (SECSuccess != rv) {
+        PORT_Assert(SECSuccess == IssuerCache_Destroy(cache));
+        return SECFailure;
+    }
+    *returned = cache;
+    return SECSuccess;
+}
+
+/* add a DPCache to the issuer cache */
+static SECStatus
+IssuerCache_AddDP(CRLIssuerCache* cache, CERTCertificate* issuer,
+                  const SECItem* subject, const SECItem* dp,
+                  CRLDPCache** newdpc)
+{
+    /* now create the required DP cache object */
+    if (!cache || !subject || !newdpc) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (!dp) {
+        /* default distribution point */
+        SECStatus rv = DPCache_Create(&cache->dpp, issuer, subject, NULL);
+        if (SECSuccess == rv) {
+            *newdpc = cache->dpp;
+            return SECSuccess;
+        }
+    } else {
+        /* we should never hit this until we support multiple DPs */
+        PORT_Assert(dp);
+        /* XCRL allocate a new distribution point cache object, initialize it,
+           and add it to the hash table of DPs */
+    }
+    return SECFailure;
+}
+
+/* add an IssuerCache to the global hash table of issuers */
+static SECStatus
+CRLCache_AddIssuer(CRLIssuerCache* issuer)
+{
+    PORT_Assert(issuer);
+    PORT_Assert(crlcache.issuers);
+    if (!issuer || !crlcache.issuers) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (NULL == PL_HashTableAdd(crlcache.issuers, (void*)issuer->subject,
+                                (void*)issuer)) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* retrieve the issuer cache object for a given issuer subject */
+static SECStatus
+CRLCache_GetIssuerCache(CRLCache* cache, const SECItem* subject,
+                        CRLIssuerCache** returned)
+{
+    /* we need to look up the issuer in the hash table */
+    SECStatus rv = SECSuccess;
+    PORT_Assert(cache);
+    PORT_Assert(subject);
+    PORT_Assert(returned);
+    PORT_Assert(crlcache.issuers);
+    if (!cache || !subject || !returned || !crlcache.issuers) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
+    }
+
+    if (SECSuccess == rv) {
+        *returned = (CRLIssuerCache*)PL_HashTableLookup(crlcache.issuers,
+                                                        (void*)subject);
+    }
+
+    return rv;
+}
+
+/* retrieve the full CRL object that best matches the content of a DPCache */
+static CERTSignedCrl*
+GetBestCRL(CRLDPCache* cache, PRBool entries)
+{
+    CachedCrl* acrl = NULL;
+
+    PORT_Assert(cache);
+    if (!cache) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+
+    if (0 == cache->ncrls) {
+        /* empty cache*/
+        PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
+        return NULL;
+    }
+
+    /* if we have a valid full CRL selected, return it */
+    if (cache->selected) {
+        return SEC_DupCrl(cache->selected->crl);
+    }
+
+    /* otherwise, use latest valid DER CRL */
+    acrl = cache->crls[cache->ncrls - 1];
+
+    if (acrl && (PR_FALSE == GetOpaqueCRLFields(acrl->crl)->decodingError)) {
+        SECStatus rv = SECSuccess;
+        if (PR_TRUE == entries) {
+            rv = CERT_CompleteCRLDecodeEntries(acrl->crl);
+        }
+        if (SECSuccess == rv) {
+            return SEC_DupCrl(acrl->crl);
+        }
+    }
+
+    PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
+    return NULL;
+}
+
+/* get a particular DPCache object from an IssuerCache */
+static CRLDPCache*
+IssuerCache_GetDPCache(CRLIssuerCache* cache, const SECItem* dp)
+{
+    CRLDPCache* dpp = NULL;
+    PORT_Assert(cache);
+    /* XCRL for now we only support the "default" DP, ie. the
+       full CRL. So we can return the global one without locking. In
+       the future we will have a lock */
+    PORT_Assert(NULL == dp);
+    if (!cache || dp) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+#ifdef XCRL
+    NSSRWLock_LockRead(cache->lock);
+#endif
+    dpp = cache->dpp;
+#ifdef XCRL
+    NSSRWLock_UnlockRead(cache->lock);
+#endif
+    return dpp;
+}
+
+/* get a DPCache object for the given issuer subject and dp
+   Automatically creates the cache object if it doesn't exist yet.
+   */
+SECStatus
+AcquireDPCache(CERTCertificate* issuer, const SECItem* subject,
+               const SECItem* dp, PRTime t, void* wincx, CRLDPCache** dpcache,
+               PRBool* writeLocked)
+{
+    SECStatus rv = SECSuccess;
+    CRLIssuerCache* issuercache = NULL;
+#ifdef GLOBAL_RWLOCK
+    PRBool globalwrite = PR_FALSE;
+#endif
+    PORT_Assert(crlcache.lock);
+    if (!crlcache.lock) {
+        /* CRL cache is not initialized */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+#ifdef GLOBAL_RWLOCK
+    NSSRWLock_LockRead(crlcache.lock);
+#else
+    PR_Lock(crlcache.lock);
+#endif
+    rv = CRLCache_GetIssuerCache(&crlcache, subject, &issuercache);
+    if (SECSuccess != rv) {
+#ifdef GLOBAL_RWLOCK
+        NSSRWLock_UnlockRead(crlcache.lock);
+#else
+        PR_Unlock(crlcache.lock);
+#endif
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (!issuercache) {
+        /* there is no cache for this issuer yet. This means this is the
+           first time we look up a cert from that issuer, and we need to
+           create the cache. */
+
+        rv = IssuerCache_Create(&issuercache, issuer, subject, dp);
+        if (SECSuccess == rv && !issuercache) {
+            PORT_Assert(issuercache);
+            rv = SECFailure;
+        }
+
+        if (SECSuccess == rv) {
+            /* This is the first time we look up a cert of this issuer.
+               Create the DPCache for this DP . */
+            rv = IssuerCache_AddDP(issuercache, issuer, subject, dp, dpcache);
+        }
+
+        if (SECSuccess == rv) {
+            /* lock the DPCache for write to ensure the update happens in this
+               thread */
+            *writeLocked = PR_TRUE;
+#ifdef DPC_RWLOCK
+            NSSRWLock_LockWrite((*dpcache)->lock);
+#else
+            PR_Lock((*dpcache)->lock);
+#endif
+        }
+
+        if (SECSuccess == rv) {
+/* now add the new issuer cache to the global hash table of
+   issuers */
+#ifdef GLOBAL_RWLOCK
+            CRLIssuerCache* existing = NULL;
+            NSSRWLock_UnlockRead(crlcache.lock);
+            /* when using a r/w lock for the global cache, check if the issuer
+               already exists before adding to the hash table */
+            NSSRWLock_LockWrite(crlcache.lock);
+            globalwrite = PR_TRUE;
+            rv = CRLCache_GetIssuerCache(&crlcache, subject, &existing);
+            if (!existing) {
+#endif
+                rv = CRLCache_AddIssuer(issuercache);
+                if (SECSuccess != rv) {
+                    /* failure */
+                    rv = SECFailure;
+                }
+#ifdef GLOBAL_RWLOCK
+            } else {
+                /* somebody else updated before we did */
+                IssuerCache_Destroy(issuercache); /* destroy the new object */
+                issuercache = existing;           /* use the existing one */
+                *dpcache = IssuerCache_GetDPCache(issuercache, dp);
+            }
+#endif
+        }
+
+/* now unlock the global cache. We only want to lock the issuer hash
+   table addition. Holding it longer would hurt scalability */
+#ifdef GLOBAL_RWLOCK
+        if (PR_TRUE == globalwrite) {
+            NSSRWLock_UnlockWrite(crlcache.lock);
+            globalwrite = PR_FALSE;
+        } else {
+            NSSRWLock_UnlockRead(crlcache.lock);
+        }
+#else
+        PR_Unlock(crlcache.lock);
+#endif
+
+        /* if there was a failure adding an issuer cache object, destroy it */
+        if (SECSuccess != rv && issuercache) {
+            if (PR_TRUE == *writeLocked) {
+#ifdef DPC_RWLOCK
+                NSSRWLock_UnlockWrite((*dpcache)->lock);
+#else
+                PR_Unlock((*dpcache)->lock);
+#endif
+            }
+            IssuerCache_Destroy(issuercache);
+            issuercache = NULL;
+        }
+
+        if (SECSuccess != rv) {
+            return SECFailure;
+        }
+    } else {
+#ifdef GLOBAL_RWLOCK
+        NSSRWLock_UnlockRead(crlcache.lock);
+#else
+        PR_Unlock(crlcache.lock);
+#endif
+        *dpcache = IssuerCache_GetDPCache(issuercache, dp);
+    }
+    /* we now have a DPCache that we can use for lookups */
+    /* lock it for read, unless we already locked for write */
+    if (PR_FALSE == *writeLocked) {
+#ifdef DPC_RWLOCK
+        NSSRWLock_LockRead((*dpcache)->lock);
+#else
+        PR_Lock((*dpcache)->lock);
+#endif
+    }
+
+    if (SECSuccess == rv) {
+        /* currently there is always one and only one DPCache per issuer */
+        PORT_Assert(*dpcache);
+        if (*dpcache) {
+            /* make sure the DP cache is up to date before using it */
+            rv = DPCache_GetUpToDate(*dpcache, issuer, PR_FALSE == *writeLocked,
+                                     t, wincx);
+        } else {
+            rv = SECFailure;
+        }
+    }
+    return rv;
+}
+
+/* unlock access to the DPCache */
+void
+ReleaseDPCache(CRLDPCache* dpcache, PRBool writeLocked)
+{
+    if (!dpcache) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return;
+    }
+#ifdef DPC_RWLOCK
+    if (PR_TRUE == writeLocked) {
+        NSSRWLock_UnlockWrite(dpcache->lock);
+    } else {
+        NSSRWLock_UnlockRead(dpcache->lock);
+    }
+#else
+    PR_Unlock(dpcache->lock);
+#endif
+}
+
+SECStatus
+cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
+                               const SECItem* dp, PRTime t, void* wincx,
+                               CERTRevocationStatus* revStatus,
+                               CERTCRLEntryReasonCode* revReason)
+{
+    PRBool lockedwrite = PR_FALSE;
+    SECStatus rv = SECSuccess;
+    CRLDPCache* dpcache = NULL;
+    CERTRevocationStatus status = certRevocationStatusRevoked;
+    CERTCRLEntryReasonCode reason = crlEntryReasonUnspecified;
+    CERTCrlEntry* entry = NULL;
+    dpcacheStatus ds;
+
+    if (!cert || !issuer) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    if (revStatus) {
+        *revStatus = status;
+    }
+    if (revReason) {
+        *revReason = reason;
+    }
+
+    if (t &&
+        secCertTimeValid != CERT_CheckCertValidTimes(issuer, t, PR_FALSE)) {
+        /* we won't be able to check the CRL's signature if the issuer cert
+           is expired as of the time we are verifying. This may cause a valid
+           CRL to be cached as bad. short-circuit to avoid this case. */
+        PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
+        return SECFailure;
+    }
+
+    rv = AcquireDPCache(issuer, &issuer->derSubject, dp, t, wincx, &dpcache,
+                        &lockedwrite);
+    PORT_Assert(SECSuccess == rv);
+    if (SECSuccess != rv) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* now look up the certificate SN in the DP cache's CRL */
+    ds = DPCache_Lookup(dpcache, &cert->serialNumber, &entry);
+    switch (ds) {
+        case dpcacheFoundEntry:
+            PORT_Assert(entry);
+            /* check the time if we have one */
+            if (entry->revocationDate.data && entry->revocationDate.len) {
+                PRTime revocationDate = 0;
+                if (SECSuccess ==
+                    DER_DecodeTimeChoice(&revocationDate,
+                                         &entry->revocationDate)) {
+                    /* we got a good revocation date, only consider the
+                       certificate revoked if the time we are inquiring about
+                       is past the revocation date */
+                    if (t >= revocationDate) {
+                        rv = SECFailure;
+                    } else {
+                        status = certRevocationStatusValid;
+                    }
+                } else {
+                    /* invalid revocation date, consider the certificate
+                       permanently revoked */
+                    rv = SECFailure;
+                }
+            } else {
+                /* no revocation date, certificate is permanently revoked */
+                rv = SECFailure;
+            }
+            if (SECFailure == rv) {
+                (void)CERT_FindCRLEntryReasonExten(entry, &reason);
+                PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
+            }
+            break;
+
+        case dpcacheEmpty:
+            /* useful for NIST policy */
+            status = certRevocationStatusUnknown;
+            break;
+
+        case dpcacheNoEntry:
+            status = certRevocationStatusValid;
+            break;
+
+        case dpcacheInvalidCacheError:
+            /* treat it as unknown and let the caller decide based on
+               the policy */
+            status = certRevocationStatusUnknown;
+            break;
+
+        default:
+            /* leave status as revoked */
+            break;
+    }
+
+    ReleaseDPCache(dpcache, lockedwrite);
+    if (revStatus) {
+        *revStatus = status;
+    }
+    if (revReason) {
+        *revReason = reason;
+    }
+    return rv;
+}
+
+/* check CRL revocation status of given certificate and issuer */
+SECStatus
+CERT_CheckCRL(CERTCertificate* cert, CERTCertificate* issuer, const SECItem* dp,
+              PRTime t, void* wincx)
+{
+    return cert_CheckCertRevocationStatus(cert, issuer, dp, t, wincx, NULL,
+                                          NULL);
+}
+
+/* retrieve full CRL object that best matches the cache status */
+CERTSignedCrl*
+SEC_FindCrlByName(CERTCertDBHandle* handle, SECItem* crlKey, int type)
+{
+    CERTSignedCrl* acrl = NULL;
+    CRLDPCache* dpcache = NULL;
+    SECStatus rv = SECSuccess;
+    PRBool writeLocked = PR_FALSE;
+
+    if (!crlKey) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    rv = AcquireDPCache(NULL, crlKey, NULL, 0, NULL, &dpcache, &writeLocked);
+    if (SECSuccess == rv) {
+        acrl = GetBestCRL(dpcache, PR_TRUE); /* decode entries, because
+        SEC_FindCrlByName always returned fully decoded CRLs in the past */
+        ReleaseDPCache(dpcache, writeLocked);
+    }
+    return acrl;
+}
+
+/* invalidate the CRL cache for a given issuer, which forces a refetch of
+   CRL objects from PKCS#11 tokens */
+void
+CERT_CRLCacheRefreshIssuer(CERTCertDBHandle* dbhandle, SECItem* crlKey)
+{
+    CRLDPCache* cache = NULL;
+    SECStatus rv = SECSuccess;
+    PRBool writeLocked = PR_FALSE;
+    PRBool readlocked;
+
+    (void)dbhandle; /* silence compiler warnings */
+
+    /* XCRL we will need to refresh all the DPs of the issuer in the future,
+            not just the default one */
+    rv = AcquireDPCache(NULL, crlKey, NULL, 0, NULL, &cache, &writeLocked);
+    if (SECSuccess != rv) {
+        return;
+    }
+    /* we need to invalidate the DPCache here */
+    readlocked = (writeLocked == PR_TRUE ? PR_FALSE : PR_TRUE);
+    DPCache_LockWrite();
+    cache->refresh = PR_TRUE;
+    DPCache_UnlockWrite();
+    ReleaseDPCache(cache, writeLocked);
+    return;
+}
+
+/* add the specified RAM CRL object to the cache */
+SECStatus
+CERT_CacheCRL(CERTCertDBHandle* dbhandle, SECItem* newdercrl)
+{
+    CRLDPCache* cache = NULL;
+    SECStatus rv = SECSuccess;
+    PRBool writeLocked = PR_FALSE;
+    PRBool readlocked;
+    CachedCrl* returned = NULL;
+    PRBool added = PR_FALSE;
+    CERTSignedCrl* newcrl = NULL;
+    int realerror = 0;
+
+    if (!dbhandle || !newdercrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* first decode the DER CRL to make sure it's OK */
+    newcrl = CERT_DecodeDERCrlWithFlags(NULL, newdercrl, SEC_CRL_TYPE,
+                                        CRL_DECODE_DONT_COPY_DER |
+                                            CRL_DECODE_SKIP_ENTRIES);
+
+    if (!newcrl) {
+        return SECFailure;
+    }
+
+    /* XXX check if it has IDP extension. If so, do not proceed and set error */
+
+    rv = AcquireDPCache(NULL, &newcrl->crl.derName, NULL, 0, NULL, &cache,
+                        &writeLocked);
+    if (SECSuccess == rv) {
+        readlocked = (writeLocked == PR_TRUE ? PR_FALSE : PR_TRUE);
+
+        rv = CachedCrl_Create(&returned, newcrl, CRL_OriginExplicit);
+        if (SECSuccess == rv && returned) {
+            DPCache_LockWrite();
+            rv = DPCache_AddCRL(cache, returned, &added);
+            if (PR_TRUE != added) {
+                realerror = PORT_GetError();
+                CachedCrl_Destroy(returned);
+                returned = NULL;
+            }
+            DPCache_UnlockWrite();
+        }
+
+        ReleaseDPCache(cache, writeLocked);
+
+        if (!added) {
+            rv = SECFailure;
+        }
+    }
+    SEC_DestroyCrl(newcrl); /* free the CRL. Either it got added to the cache
+        and the refcount got bumped, or not, and thus we need to free its
+        RAM */
+    if (realerror) {
+        PORT_SetError(realerror);
+    }
+    return rv;
+}
+
+/* remove the specified RAM CRL object from the cache */
+SECStatus
+CERT_UncacheCRL(CERTCertDBHandle* dbhandle, SECItem* olddercrl)
+{
+    CRLDPCache* cache = NULL;
+    SECStatus rv = SECSuccess;
+    PRBool writeLocked = PR_FALSE;
+    PRBool readlocked;
+    PRBool removed = PR_FALSE;
+    PRUint32 i;
+    CERTSignedCrl* oldcrl = NULL;
+
+    if (!dbhandle || !olddercrl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* first decode the DER CRL to make sure it's OK */
+    oldcrl = CERT_DecodeDERCrlWithFlags(NULL, olddercrl, SEC_CRL_TYPE,
+                                        CRL_DECODE_DONT_COPY_DER |
+                                            CRL_DECODE_SKIP_ENTRIES);
+
+    if (!oldcrl) {
+        /* if this DER CRL can't decode, it can't be in the cache */
+        return SECFailure;
+    }
+
+    rv = AcquireDPCache(NULL, &oldcrl->crl.derName, NULL, 0, NULL, &cache,
+                        &writeLocked);
+    if (SECSuccess == rv) {
+        CachedCrl* returned = NULL;
+
+        readlocked = (writeLocked == PR_TRUE ? PR_FALSE : PR_TRUE);
+
+        rv = CachedCrl_Create(&returned, oldcrl, CRL_OriginExplicit);
+        if (SECSuccess == rv && returned) {
+            DPCache_LockWrite();
+            for (i = 0; i < cache->ncrls; i++) {
+                PRBool dupe = PR_FALSE, updated = PR_FALSE;
+                rv = CachedCrl_Compare(returned, cache->crls[i], &dupe,
+                                       &updated);
+                if (SECSuccess != rv) {
+                    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                    break;
+                }
+                if (PR_TRUE == dupe) {
+                    rv = DPCache_RemoveCRL(cache, i); /* got a match */
+                    if (SECSuccess == rv) {
+                        cache->mustchoose = PR_TRUE;
+                        removed = PR_TRUE;
+                    }
+                    break;
+                }
+            }
+
+            DPCache_UnlockWrite();
+
+            if (SECSuccess != CachedCrl_Destroy(returned)) {
+                rv = SECFailure;
+            }
+        }
+
+        ReleaseDPCache(cache, writeLocked);
+    }
+    if (SECSuccess != SEC_DestroyCrl(oldcrl)) {
+        /* need to do this because object is refcounted */
+        rv = SECFailure;
+    }
+    if (SECSuccess == rv && PR_TRUE != removed) {
+        PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
+    }
+    return rv;
+}
+
+SECStatus
+cert_AcquireNamedCRLCache(NamedCRLCache** returned)
+{
+    PORT_Assert(returned);
+    if (!namedCRLCache.lock) {
+        PORT_Assert(0);
+        return SECFailure;
+    }
+    PR_Lock(namedCRLCache.lock);
+    *returned = &namedCRLCache;
+    return SECSuccess;
+}
+
+/* This must be called only while cache is acquired, and the entry is only
+ * valid until cache is released.
+ */
+SECStatus
+cert_FindCRLByGeneralName(NamedCRLCache* ncc, const SECItem* canonicalizedName,
+                          NamedCRLCacheEntry** retEntry)
+{
+    if (!ncc || !canonicalizedName || !retEntry) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    *retEntry = (NamedCRLCacheEntry*)PL_HashTableLookup(
+        namedCRLCache.entries, (void*)canonicalizedName);
+    return SECSuccess;
+}
+
+SECStatus
+cert_ReleaseNamedCRLCache(NamedCRLCache* ncc)
+{
+    if (!ncc) {
+        return SECFailure;
+    }
+    if (!ncc->lock) {
+        PORT_Assert(0);
+        return SECFailure;
+    }
+    PR_Unlock(namedCRLCache.lock);
+    return SECSuccess;
+}
+
+/* creates new named cache entry from CRL, and tries to add it to CRL cache */
+static SECStatus
+addCRLToCache(CERTCertDBHandle* dbhandle, SECItem* crl,
+              const SECItem* canonicalizedName, NamedCRLCacheEntry** newEntry)
+{
+    SECStatus rv = SECSuccess;
+    NamedCRLCacheEntry* entry = NULL;
+
+    /* create new named entry */
+    if (SECSuccess != NamedCRLCacheEntry_Create(newEntry) || !*newEntry) {
+        /* no need to keep unused CRL around */
+        SECITEM_ZfreeItem(crl, PR_TRUE);
+        return SECFailure;
+    }
+    entry = *newEntry;
+    entry->crl = crl; /* named CRL cache owns DER */
+    entry->lastAttemptTime = PR_Now();
+    entry->canonicalizedName = SECITEM_DupItem(canonicalizedName);
+    if (!entry->canonicalizedName) {
+        rv = NamedCRLCacheEntry_Destroy(entry); /* destroys CRL too */
+        PORT_Assert(SECSuccess == rv);
+        return SECFailure;
+    }
+    /* now, attempt to insert CRL into CRL cache */
+    if (SECSuccess == CERT_CacheCRL(dbhandle, entry->crl)) {
+        entry->inCRLCache = PR_TRUE;
+        entry->successfulInsertionTime = entry->lastAttemptTime;
+    } else {
+        switch (PR_GetError()) {
+            case SEC_ERROR_CRL_ALREADY_EXISTS:
+                entry->dupe = PR_TRUE;
+                break;
+
+            case SEC_ERROR_BAD_DER:
+                entry->badDER = PR_TRUE;
+                break;
+
+            /* all other reasons */
+            default:
+                entry->unsupported = PR_TRUE;
+                break;
+        }
+        rv = SECFailure;
+        /* no need to keep unused CRL around */
+        SECITEM_ZfreeItem(entry->crl, PR_TRUE);
+        entry->crl = NULL;
+    }
+    return rv;
+}
+
+/* take ownership of CRL, and insert it into the named CRL cache
+ * and indexed CRL cache
+ */
+SECStatus
+cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
+                           const SECItem* canonicalizedName)
+{
+    NamedCRLCacheEntry *oldEntry, *newEntry = NULL;
+    NamedCRLCache* ncc = NULL;
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(namedCRLCache.lock);
+    PORT_Assert(namedCRLCache.entries);
+
+    if (!crl || !canonicalizedName) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    rv = cert_AcquireNamedCRLCache(&ncc);
+    PORT_Assert(SECSuccess == rv);
+    if (SECSuccess != rv) {
+        SECITEM_ZfreeItem(crl, PR_TRUE);
+        return SECFailure;
+    }
+    rv = cert_FindCRLByGeneralName(ncc, canonicalizedName, &oldEntry);
+    PORT_Assert(SECSuccess == rv);
+    if (SECSuccess != rv) {
+        (void)cert_ReleaseNamedCRLCache(ncc);
+        SECITEM_ZfreeItem(crl, PR_TRUE);
+        return SECFailure;
+    }
+    if (SECSuccess ==
+        addCRLToCache(dbhandle, crl, canonicalizedName, &newEntry)) {
+        if (!oldEntry) {
+            /* add new good entry to the hash table */
+            if (NULL == PL_HashTableAdd(namedCRLCache.entries,
+                                        (void*)newEntry->canonicalizedName,
+                                        (void*)newEntry)) {
+                PORT_Assert(0);
+                NamedCRLCacheEntry_Destroy(newEntry);
+                rv = SECFailure;
+            }
+        } else {
+            PRBool removed;
+            /* remove the old CRL from the cache if needed */
+            if (oldEntry->inCRLCache) {
+                rv = CERT_UncacheCRL(dbhandle, oldEntry->crl);
+                PORT_Assert(SECSuccess == rv);
+            }
+            removed = PL_HashTableRemove(namedCRLCache.entries,
+                                         (void*)oldEntry->canonicalizedName);
+            PORT_Assert(removed);
+            if (!removed) {
+                rv = SECFailure;
+                /* leak old entry since we couldn't remove it from the hash
+                 * table */
+            } else {
+                PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
+            }
+            if (NULL == PL_HashTableAdd(namedCRLCache.entries,
+                                        (void*)newEntry->canonicalizedName,
+                                        (void*)newEntry)) {
+                PORT_Assert(0);
+                rv = SECFailure;
+            }
+        }
+    } else {
+        /* error adding new CRL to cache */
+        if (!oldEntry) {
+            /* no old cache entry, use the new one even though it's bad */
+            if (NULL == PL_HashTableAdd(namedCRLCache.entries,
+                                        (void*)newEntry->canonicalizedName,
+                                        (void*)newEntry)) {
+                PORT_Assert(0);
+                rv = SECFailure;
+            }
+        } else {
+            if (oldEntry->inCRLCache) {
+                /* previous cache entry was good, keep it and update time */
+                oldEntry->lastAttemptTime = newEntry->lastAttemptTime;
+                /* throw away new bad entry */
+                rv = NamedCRLCacheEntry_Destroy(newEntry);
+                PORT_Assert(SECSuccess == rv);
+            } else {
+                /* previous cache entry was bad, just replace it */
+                PRBool removed = PL_HashTableRemove(
+                    namedCRLCache.entries, (void*)oldEntry->canonicalizedName);
+                PORT_Assert(removed);
+                if (!removed) {
+                    /* leak old entry since we couldn't remove it from the hash
+                     * table */
+                    rv = SECFailure;
+                } else {
+                    PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
+                }
+                if (NULL == PL_HashTableAdd(namedCRLCache.entries,
+                                            (void*)newEntry->canonicalizedName,
+                                            (void*)newEntry)) {
+                    PORT_Assert(0);
+                    rv = SECFailure;
+                }
+            }
+        }
+    }
+    PORT_CheckSuccess(cert_ReleaseNamedCRLCache(ncc));
+
+    return rv;
+}
+
+static SECStatus
+CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl, CRLOrigin origin)
+{
+    CachedCrl* newcrl = NULL;
+    if (!returned) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    newcrl = PORT_ZAlloc(sizeof(CachedCrl));
+    if (!newcrl) {
+        return SECFailure;
+    }
+    newcrl->crl = SEC_DupCrl(crl);
+    newcrl->origin = origin;
+    *returned = newcrl;
+    return SECSuccess;
+}
+
+/* empty the cache content */
+static SECStatus
+CachedCrl_Depopulate(CachedCrl* crl)
+{
+    if (!crl) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* destroy the hash table */
+    if (crl->entries) {
+        PL_HashTableDestroy(crl->entries);
+        crl->entries = NULL;
+    }
+
+    /* free the pre buffer */
+    if (crl->prebuffer) {
+        PreAllocator_Destroy(crl->prebuffer);
+        crl->prebuffer = NULL;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+CachedCrl_Destroy(CachedCrl* crl)
+{
+    if (!crl) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    CachedCrl_Depopulate(crl);
+    SEC_DestroyCrl(crl->crl);
+    PORT_Free(crl);
+    return SECSuccess;
+}
+
+/* create hash table of CRL entries */
+static SECStatus
+CachedCrl_Populate(CachedCrl* crlobject)
+{
+    SECStatus rv = SECFailure;
+    CERTCrlEntry** crlEntry = NULL;
+    PRUint32 numEntries = 0;
+
+    if (!crlobject) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* complete the entry decoding . XXX thread-safety of CRL object */
+    rv = CERT_CompleteCRLDecodeEntries(crlobject->crl);
+    if (SECSuccess != rv) {
+        crlobject->unbuildable = PR_TRUE; /* don't try to build this again */
+        return SECFailure;
+    }
+
+    if (crlobject->entries && crlobject->prebuffer) {
+        /* cache is already built */
+        return SECSuccess;
+    }
+
+    /* build the hash table from the full CRL */
+    /* count CRL entries so we can pre-allocate space for hash table entries */
+    for (crlEntry = crlobject->crl->crl.entries; crlEntry && *crlEntry;
+         crlEntry++) {
+        numEntries++;
+    }
+    crlobject->prebuffer =
+        PreAllocator_Create(numEntries * sizeof(PLHashEntry));
+    PORT_Assert(crlobject->prebuffer);
+    if (!crlobject->prebuffer) {
+        return SECFailure;
+    }
+    /* create a new hash table */
+    crlobject->entries =
+        PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, PL_CompareValues,
+                        &preAllocOps, crlobject->prebuffer);
+    PORT_Assert(crlobject->entries);
+    if (!crlobject->entries) {
+        return SECFailure;
+    }
+    /* add all serial numbers to the hash table */
+    for (crlEntry = crlobject->crl->crl.entries; crlEntry && *crlEntry;
+         crlEntry++) {
+        PL_HashTableAdd(crlobject->entries, &(*crlEntry)->serialNumber,
+                        *crlEntry);
+    }
+
+    return SECSuccess;
+}
+
+/* returns true if there are CRLs from PKCS#11 slots */
+static PRBool
+DPCache_HasTokenCRLs(CRLDPCache* cache)
+{
+    PRBool answer = PR_FALSE;
+    PRUint32 i;
+    for (i = 0; i < cache->ncrls; i++) {
+        if (cache->crls[i] && (CRL_OriginToken == cache->crls[i]->origin)) {
+            answer = PR_TRUE;
+            break;
+        }
+    }
+    return answer;
+}
+
+/* are these CRLs the same, as far as the cache is concerned ? */
+/* are these CRLs the same token object but with different DER ?
+   This can happen if the DER CRL got updated in the token, but the PKCS#11
+   object ID did not change. NSS softoken has the unfortunate property to
+   never change the object ID for CRL objects. */
+static SECStatus
+CachedCrl_Compare(CachedCrl* a, CachedCrl* b, PRBool* isDupe, PRBool* isUpdated)
+{
+    PORT_Assert(a);
+    PORT_Assert(b);
+    PORT_Assert(isDupe);
+    PORT_Assert(isUpdated);
+    if (!a || !b || !isDupe || !isUpdated || !a->crl || !b->crl) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    *isDupe = *isUpdated = PR_FALSE;
+
+    if (a == b) {
+        /* dupe */
+        *isDupe = PR_TRUE;
+        *isUpdated = PR_FALSE;
+        return SECSuccess;
+    }
+    if (b->origin != a->origin) {
+        /* CRLs of different origins are not considered dupes,
+           and can't be updated either */
+        return SECSuccess;
+    }
+    if (CRL_OriginToken == b->origin) {
+        /* for token CRLs, slot and PKCS#11 object handle must match for CRL
+           to truly be a dupe */
+        if ((b->crl->slot == a->crl->slot) &&
+            (b->crl->pkcs11ID == a->crl->pkcs11ID)) {
+            /* ASN.1 DER needs to match for dupe check */
+            /* could optimize by just checking a few fields like thisUpdate */
+            if (SECEqual ==
+                SECITEM_CompareItem(b->crl->derCrl, a->crl->derCrl)) {
+                *isDupe = PR_TRUE;
+            } else {
+                *isUpdated = PR_TRUE;
+            }
+        }
+        return SECSuccess;
+    }
+    if (CRL_OriginExplicit == b->origin) {
+        /* We need to make sure this is the same object that the user provided
+           to CERT_CacheCRL previously. That API takes a SECItem*, thus, we
+           just do a pointer comparison here.
+        */
+        if (b->crl->derCrl == a->crl->derCrl) {
+            *isDupe = PR_TRUE;
+        }
+    }
+    return SECSuccess;
+}
diff --git a/nss/lib/certdb/exports.gyp b/nss/lib/certdb/exports.gyp
new file mode 100644
index 0000000..359c930
--- /dev/null
+++ b/nss/lib/certdb/exports.gyp
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_certdb_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'cert.h',
+            'certdb.h',
+            'certt.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'certi.h',
+            'certxutl.h',
+            'genname.h',
+            'xconst.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/certdb/genname.c b/nss/lib/certdb/genname.c
new file mode 100644
index 0000000..b8f6654
--- /dev/null
+++ b/nss/lib/certdb/genname.c
@@ -0,0 +1,1990 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plarena.h"
+#include "seccomon.h"
+#include "secitem.h"
+#include "secoidt.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "certt.h"
+#include "cert.h"
+#include "certi.h"
+#include "xconst.h"
+#include "secerr.h"
+#include "secoid.h"
+#include "prprf.h"
+#include "genname.h"
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_IA5StringTemplate)
+SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+
+static const SEC_ASN1Template CERTNameConstraintTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraint) },
+    { SEC_ASN1_ANY, offsetof(CERTNameConstraint, DERName) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(CERTNameConstraint, min), SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(CERTNameConstraint, max), SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_NameConstraintSubtreeSubTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+static const SEC_ASN1Template CERTNameConstraintsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNameConstraints) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(CERTNameConstraints, DERPermited),
+      CERT_NameConstraintSubtreeSubTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(CERTNameConstraints, DERExcluded),
+      CERT_NameConstraintSubtreeSubTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template CERTOthNameTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(OtherName) },
+    { SEC_ASN1_OBJECT_ID, offsetof(OtherName, oid) },
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_XTRN | 0,
+      offsetof(OtherName, name), SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template CERTOtherNameTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
+      offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate,
+      sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_RFC822NameTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(CERTGeneralName, name.other),
+      SEC_ASN1_SUB(SEC_IA5StringTemplate), sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_DNSNameTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+      offsetof(CERTGeneralName, name.other),
+      SEC_ASN1_SUB(SEC_IA5StringTemplate), sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_X400AddressTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_XTRN | 3,
+      offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_AnyTemplate),
+      sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_DirectoryNameTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_XTRN | 4,
+      offsetof(CERTGeneralName, derDirectoryName),
+      SEC_ASN1_SUB(SEC_AnyTemplate), sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_EDIPartyNameTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_XTRN | 5,
+      offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_AnyTemplate),
+      sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_URITemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 6,
+      offsetof(CERTGeneralName, name.other),
+      SEC_ASN1_SUB(SEC_IA5StringTemplate), sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_IPAddressTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 7,
+      offsetof(CERTGeneralName, name.other),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate), sizeof(CERTGeneralName) }
+};
+
+static const SEC_ASN1Template CERT_RegisteredIDTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 8,
+      offsetof(CERTGeneralName, name.other), SEC_ASN1_SUB(SEC_ObjectIDTemplate),
+      sizeof(CERTGeneralName) }
+};
+
+const SEC_ASN1Template CERT_GeneralNamesTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+static struct {
+    CERTGeneralNameType type;
+    char *name;
+} typesArray[] = { { certOtherName, "other" },
+                   { certRFC822Name, "email" },
+                   { certRFC822Name, "rfc822" },
+                   { certDNSName, "dns" },
+                   { certX400Address, "x400" },
+                   { certX400Address, "x400addr" },
+                   { certDirectoryName, "directory" },
+                   { certDirectoryName, "dn" },
+                   { certEDIPartyName, "edi" },
+                   { certEDIPartyName, "ediparty" },
+                   { certURI, "uri" },
+                   { certIPAddress, "ip" },
+                   { certIPAddress, "ipaddr" },
+                   { certRegisterID, "registerid" } };
+
+CERTGeneralNameType
+CERT_GetGeneralNameTypeFromString(const char *string)
+{
+    int types_count = sizeof(typesArray) / sizeof(typesArray[0]);
+    int i;
+
+    for (i = 0; i < types_count; i++) {
+        if (PORT_Strcasecmp(string, typesArray[i].name) == 0) {
+            return typesArray[i].type;
+        }
+    }
+    return 0;
+}
+
+CERTGeneralName *
+CERT_NewGeneralName(PLArenaPool *arena, CERTGeneralNameType type)
+{
+    CERTGeneralName *name = arena ? PORT_ArenaZNew(arena, CERTGeneralName)
+                                  : PORT_ZNew(CERTGeneralName);
+    if (name) {
+        name->type = type;
+        name->l.prev = name->l.next = &name->l;
+    }
+    return name;
+}
+
+/* Copy content of one General Name to another.
+** Caller has allocated destination general name.
+** This function does not change the destinate's GeneralName's list linkage.
+*/
+SECStatus
+cert_CopyOneGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
+                        CERTGeneralName *src)
+{
+    SECStatus rv;
+    void *mark = NULL;
+
+    PORT_Assert(dest != NULL);
+    dest->type = src->type;
+
+    mark = PORT_ArenaMark(arena);
+
+    switch (src->type) {
+        case certDirectoryName:
+            rv = SECITEM_CopyItem(arena, &dest->derDirectoryName,
+                                  &src->derDirectoryName);
+            if (rv == SECSuccess)
+                rv = CERT_CopyName(arena, &dest->name.directoryName,
+                                   &src->name.directoryName);
+            break;
+
+        case certOtherName:
+            rv = SECITEM_CopyItem(arena, &dest->name.OthName.name,
+                                  &src->name.OthName.name);
+            if (rv == SECSuccess)
+                rv = SECITEM_CopyItem(arena, &dest->name.OthName.oid,
+                                      &src->name.OthName.oid);
+            break;
+
+        default:
+            rv = SECITEM_CopyItem(arena, &dest->name.other, &src->name.other);
+            break;
+    }
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(arena, mark);
+    } else {
+        PORT_ArenaUnmark(arena, mark);
+    }
+    return rv;
+}
+
+void
+CERT_DestroyGeneralNameList(CERTGeneralNameList *list)
+{
+    PZLock *lock;
+
+    if (list != NULL) {
+        lock = list->lock;
+        PZ_Lock(lock);
+        if (--list->refCount <= 0 && list->arena != NULL) {
+            PORT_FreeArena(list->arena, PR_FALSE);
+            PZ_Unlock(lock);
+            PZ_DestroyLock(lock);
+        } else {
+            PZ_Unlock(lock);
+        }
+    }
+    return;
+}
+
+CERTGeneralNameList *
+CERT_CreateGeneralNameList(CERTGeneralName *name)
+{
+    PLArenaPool *arena;
+    CERTGeneralNameList *list = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto done;
+    }
+    list = PORT_ArenaZNew(arena, CERTGeneralNameList);
+    if (!list)
+        goto loser;
+    if (name != NULL) {
+        SECStatus rv;
+        list->name = CERT_NewGeneralName(arena, (CERTGeneralNameType)0);
+        if (!list->name)
+            goto loser;
+        rv = CERT_CopyGeneralName(arena, list->name, name);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+    list->lock = PZ_NewLock(nssILockList);
+    if (!list->lock)
+        goto loser;
+    list->arena = arena;
+    list->refCount = 1;
+done:
+    return list;
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+CERTGeneralName *
+CERT_GetNextGeneralName(CERTGeneralName *current)
+{
+    PRCList *next;
+
+    next = current->l.next;
+    return (CERTGeneralName *)(((char *)next) - offsetof(CERTGeneralName, l));
+}
+
+CERTGeneralName *
+CERT_GetPrevGeneralName(CERTGeneralName *current)
+{
+    PRCList *prev;
+    prev = current->l.prev;
+    return (CERTGeneralName *)(((char *)prev) - offsetof(CERTGeneralName, l));
+}
+
+CERTNameConstraint *
+CERT_GetNextNameConstraint(CERTNameConstraint *current)
+{
+    PRCList *next;
+
+    next = current->l.next;
+    return (CERTNameConstraint *)(((char *)next) -
+                                  offsetof(CERTNameConstraint, l));
+}
+
+CERTNameConstraint *
+CERT_GetPrevNameConstraint(CERTNameConstraint *current)
+{
+    PRCList *prev;
+    prev = current->l.prev;
+    return (CERTNameConstraint *)(((char *)prev) -
+                                  offsetof(CERTNameConstraint, l));
+}
+
+SECItem *
+CERT_EncodeGeneralName(CERTGeneralName *genName, SECItem *dest,
+                       PLArenaPool *arena)
+{
+
+    const SEC_ASN1Template *template;
+
+    PORT_Assert(arena);
+    if (arena == NULL || !genName) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    /* TODO: mark arena */
+    if (dest == NULL) {
+        dest = PORT_ArenaZNew(arena, SECItem);
+        if (!dest)
+            goto loser;
+    }
+    if (genName->type == certDirectoryName) {
+        if (genName->derDirectoryName.data == NULL) {
+            /* The field hasn't been encoded yet. */
+            SECItem *pre_dest = SEC_ASN1EncodeItem(
+                arena, &(genName->derDirectoryName),
+                &(genName->name.directoryName), CERT_NameTemplate);
+            if (!pre_dest)
+                goto loser;
+        }
+        if (genName->derDirectoryName.data == NULL) {
+            goto loser;
+        }
+    }
+    switch (genName->type) {
+        case certURI:
+            template = CERT_URITemplate;
+            break;
+        case certRFC822Name:
+            template = CERT_RFC822NameTemplate;
+            break;
+        case certDNSName:
+            template = CERT_DNSNameTemplate;
+            break;
+        case certIPAddress:
+            template = CERT_IPAddressTemplate;
+            break;
+        case certOtherName:
+            template = CERTOtherNameTemplate;
+            break;
+        case certRegisterID:
+            template = CERT_RegisteredIDTemplate;
+            break;
+        /* for this type, we expect the value is already encoded */
+        case certEDIPartyName:
+            template = CERT_EDIPartyNameTemplate;
+            break;
+        /* for this type, we expect the value is already encoded */
+        case certX400Address:
+            template = CERT_X400AddressTemplate;
+            break;
+        case certDirectoryName:
+            template = CERT_DirectoryNameTemplate;
+            break;
+        default:
+            PORT_Assert(0);
+            goto loser;
+    }
+    dest = SEC_ASN1EncodeItem(arena, dest, genName, template);
+    if (!dest) {
+        goto loser;
+    }
+    /* TODO: unmark arena */
+    return dest;
+loser:
+    /* TODO: release arena back to mark */
+    return NULL;
+}
+
+SECItem **
+cert_EncodeGeneralNames(PLArenaPool *arena, CERTGeneralName *names)
+{
+    CERTGeneralName *current_name;
+    SECItem **items = NULL;
+    int count = 1;
+    int i;
+    PRCList *head;
+
+    if (!names) {
+        return NULL;
+    }
+
+    PORT_Assert(arena);
+    /* TODO: mark arena */
+    current_name = names;
+    head = &(names->l);
+    while (current_name->l.next != head) {
+        current_name = CERT_GetNextGeneralName(current_name);
+        ++count;
+    }
+    current_name = CERT_GetNextGeneralName(current_name);
+    items = PORT_ArenaNewArray(arena, SECItem *, count + 1);
+    if (items == NULL) {
+        goto loser;
+    }
+    for (i = 0; i < count; i++) {
+        items[i] = CERT_EncodeGeneralName(current_name, (SECItem *)NULL, arena);
+        if (items[i] == NULL) {
+            goto loser;
+        }
+        current_name = CERT_GetNextGeneralName(current_name);
+    }
+    items[i] = NULL;
+    /* TODO: unmark arena */
+    return items;
+loser:
+    /* TODO: release arena to mark */
+    return NULL;
+}
+
+CERTGeneralName *
+CERT_DecodeGeneralName(PLArenaPool *reqArena, SECItem *encodedName,
+                       CERTGeneralName *genName)
+{
+    const SEC_ASN1Template *template;
+    CERTGeneralNameType genNameType;
+    SECStatus rv = SECSuccess;
+    SECItem *newEncodedName;
+
+    if (!reqArena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    /* make a copy for decoding so the data decoded with QuickDER doesn't
+       point to temporary memory */
+    newEncodedName = SECITEM_ArenaDupItem(reqArena, encodedName);
+    if (!newEncodedName) {
+        return NULL;
+    }
+    /* TODO: mark arena */
+    genNameType = (CERTGeneralNameType)((*(newEncodedName->data) & 0x0f) + 1);
+    if (genName == NULL) {
+        genName = CERT_NewGeneralName(reqArena, genNameType);
+        if (!genName)
+            goto loser;
+    } else {
+        genName->type = genNameType;
+        genName->l.prev = genName->l.next = &genName->l;
+    }
+
+    switch (genNameType) {
+        case certURI:
+            template = CERT_URITemplate;
+            break;
+        case certRFC822Name:
+            template = CERT_RFC822NameTemplate;
+            break;
+        case certDNSName:
+            template = CERT_DNSNameTemplate;
+            break;
+        case certIPAddress:
+            template = CERT_IPAddressTemplate;
+            break;
+        case certOtherName:
+            template = CERTOtherNameTemplate;
+            break;
+        case certRegisterID:
+            template = CERT_RegisteredIDTemplate;
+            break;
+        case certEDIPartyName:
+            template = CERT_EDIPartyNameTemplate;
+            break;
+        case certX400Address:
+            template = CERT_X400AddressTemplate;
+            break;
+        case certDirectoryName:
+            template = CERT_DirectoryNameTemplate;
+            break;
+        default:
+            goto loser;
+    }
+    rv = SEC_QuickDERDecodeItem(reqArena, genName, template, newEncodedName);
+    if (rv != SECSuccess)
+        goto loser;
+    if (genNameType == certDirectoryName) {
+        rv = SEC_QuickDERDecodeItem(reqArena, &(genName->name.directoryName),
+                                    CERT_NameTemplate,
+                                    &(genName->derDirectoryName));
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    /* TODO: unmark arena */
+    return genName;
+loser:
+    /* TODO: release arena to mark */
+    return NULL;
+}
+
+CERTGeneralName *
+cert_DecodeGeneralNames(PLArenaPool *arena, SECItem **encodedGenName)
+{
+    PRCList *head = NULL;
+    PRCList *tail = NULL;
+    CERTGeneralName *currentName = NULL;
+
+    PORT_Assert(arena);
+    if (!encodedGenName || !arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    /* TODO: mark arena */
+    while (*encodedGenName != NULL) {
+        currentName = CERT_DecodeGeneralName(arena, *encodedGenName, NULL);
+        if (currentName == NULL)
+            break;
+        if (head == NULL) {
+            head = &(currentName->l);
+            tail = head;
+        }
+        currentName->l.next = head;
+        currentName->l.prev = tail;
+        tail = head->prev = tail->next = &(currentName->l);
+        encodedGenName++;
+    }
+    if (currentName) {
+        /* TODO: unmark arena */
+        return CERT_GetNextGeneralName(currentName);
+    }
+    /* TODO: release arena to mark */
+    return NULL;
+}
+
+void
+CERT_DestroyGeneralName(CERTGeneralName *name)
+{
+    cert_DestroyGeneralNames(name);
+}
+
+SECStatus
+cert_DestroyGeneralNames(CERTGeneralName *name)
+{
+    CERTGeneralName *first;
+    CERTGeneralName *next = NULL;
+
+    first = name;
+    do {
+        next = CERT_GetNextGeneralName(name);
+        PORT_Free(name);
+        name = next;
+    } while (name != first);
+    return SECSuccess;
+}
+
+static SECItem *
+cert_EncodeNameConstraint(CERTNameConstraint *constraint, SECItem *dest,
+                          PLArenaPool *arena)
+{
+    PORT_Assert(arena);
+    if (dest == NULL) {
+        dest = PORT_ArenaZNew(arena, SECItem);
+        if (dest == NULL) {
+            return NULL;
+        }
+    }
+    CERT_EncodeGeneralName(&(constraint->name), &(constraint->DERName), arena);
+
+    dest =
+        SEC_ASN1EncodeItem(arena, dest, constraint, CERTNameConstraintTemplate);
+    return dest;
+}
+
+SECStatus
+cert_EncodeNameConstraintSubTree(CERTNameConstraint *constraints,
+                                 PLArenaPool *arena, SECItem ***dest,
+                                 PRBool permited)
+{
+    CERTNameConstraint *current_constraint = constraints;
+    SECItem **items = NULL;
+    int count = 0;
+    int i;
+    PRCList *head;
+
+    PORT_Assert(arena);
+    /* TODO: mark arena */
+    if (constraints != NULL) {
+        count = 1;
+    }
+    head = &constraints->l;
+    while (current_constraint->l.next != head) {
+        current_constraint = CERT_GetNextNameConstraint(current_constraint);
+        ++count;
+    }
+    current_constraint = CERT_GetNextNameConstraint(current_constraint);
+    items = PORT_ArenaZNewArray(arena, SECItem *, count + 1);
+    if (items == NULL) {
+        goto loser;
+    }
+    for (i = 0; i < count; i++) {
+        items[i] = cert_EncodeNameConstraint(current_constraint,
+                                             (SECItem *)NULL, arena);
+        if (items[i] == NULL) {
+            goto loser;
+        }
+        current_constraint = CERT_GetNextNameConstraint(current_constraint);
+    }
+    *dest = items;
+    if (*dest == NULL) {
+        goto loser;
+    }
+    /* TODO: unmark arena */
+    return SECSuccess;
+loser:
+    /* TODO: release arena to mark */
+    return SECFailure;
+}
+
+SECStatus
+cert_EncodeNameConstraints(CERTNameConstraints *constraints, PLArenaPool *arena,
+                           SECItem *dest)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(arena);
+    /* TODO: mark arena */
+    if (constraints->permited != NULL) {
+        rv = cert_EncodeNameConstraintSubTree(
+            constraints->permited, arena, &constraints->DERPermited, PR_TRUE);
+        if (rv == SECFailure) {
+            goto loser;
+        }
+    }
+    if (constraints->excluded != NULL) {
+        rv = cert_EncodeNameConstraintSubTree(
+            constraints->excluded, arena, &constraints->DERExcluded, PR_FALSE);
+        if (rv == SECFailure) {
+            goto loser;
+        }
+    }
+    dest = SEC_ASN1EncodeItem(arena, dest, constraints,
+                              CERTNameConstraintsTemplate);
+    if (dest == NULL) {
+        goto loser;
+    }
+    /* TODO: unmark arena */
+    return SECSuccess;
+loser:
+    /* TODO: release arena to mark */
+    return SECFailure;
+}
+
+CERTNameConstraint *
+cert_DecodeNameConstraint(PLArenaPool *reqArena, SECItem *encodedConstraint)
+{
+    CERTNameConstraint *constraint;
+    SECStatus rv = SECSuccess;
+    CERTGeneralName *temp;
+    SECItem *newEncodedConstraint;
+
+    if (!reqArena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    newEncodedConstraint = SECITEM_ArenaDupItem(reqArena, encodedConstraint);
+    if (!newEncodedConstraint) {
+        return NULL;
+    }
+    /* TODO: mark arena */
+    constraint = PORT_ArenaZNew(reqArena, CERTNameConstraint);
+    if (!constraint)
+        goto loser;
+    rv = SEC_QuickDERDecodeItem(
+        reqArena, constraint, CERTNameConstraintTemplate, newEncodedConstraint);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    temp = CERT_DecodeGeneralName(reqArena, &(constraint->DERName),
+                                  &(constraint->name));
+    if (temp != &(constraint->name)) {
+        goto loser;
+    }
+
+    /* ### sjlee: since the name constraint contains only one
+     *            CERTGeneralName, the list within CERTGeneralName shouldn't
+     *            point anywhere else.  Otherwise, bad things will happen.
+     */
+    constraint->name.l.prev = constraint->name.l.next = &(constraint->name.l);
+    /* TODO: unmark arena */
+    return constraint;
+loser:
+    /* TODO: release arena back to mark */
+    return NULL;
+}
+
+static CERTNameConstraint *
+cert_DecodeNameConstraintSubTree(PLArenaPool *arena, SECItem **subTree,
+                                 PRBool permited)
+{
+    CERTNameConstraint *current = NULL;
+    CERTNameConstraint *first = NULL;
+    CERTNameConstraint *last = NULL;
+    int i = 0;
+
+    PORT_Assert(arena);
+    /* TODO: mark arena */
+    while (subTree[i] != NULL) {
+        current = cert_DecodeNameConstraint(arena, subTree[i]);
+        if (current == NULL) {
+            goto loser;
+        }
+        if (first == NULL) {
+            first = current;
+        } else {
+            current->l.prev = &(last->l);
+            last->l.next = &(current->l);
+        }
+        last = current;
+        i++;
+    }
+    if (first && last) {
+        first->l.prev = &(last->l);
+        last->l.next = &(first->l);
+    }
+    /* TODO: unmark arena */
+    return first;
+loser:
+    /* TODO: release arena back to mark */
+    return NULL;
+}
+
+CERTNameConstraints *
+cert_DecodeNameConstraints(PLArenaPool *reqArena,
+                           const SECItem *encodedConstraints)
+{
+    CERTNameConstraints *constraints;
+    SECStatus rv;
+    SECItem *newEncodedConstraints;
+
+    if (!reqArena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    PORT_Assert(encodedConstraints);
+    newEncodedConstraints = SECITEM_ArenaDupItem(reqArena, encodedConstraints);
+
+    /* TODO: mark arena */
+    constraints = PORT_ArenaZNew(reqArena, CERTNameConstraints);
+    if (constraints == NULL) {
+        goto loser;
+    }
+    rv = SEC_QuickDERDecodeItem(reqArena, constraints,
+                                CERTNameConstraintsTemplate,
+                                newEncodedConstraints);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (constraints->DERPermited != NULL &&
+        constraints->DERPermited[0] != NULL) {
+        constraints->permited = cert_DecodeNameConstraintSubTree(
+            reqArena, constraints->DERPermited, PR_TRUE);
+        if (constraints->permited == NULL) {
+            goto loser;
+        }
+    }
+    if (constraints->DERExcluded != NULL &&
+        constraints->DERExcluded[0] != NULL) {
+        constraints->excluded = cert_DecodeNameConstraintSubTree(
+            reqArena, constraints->DERExcluded, PR_FALSE);
+        if (constraints->excluded == NULL) {
+            goto loser;
+        }
+    }
+    /* TODO: unmark arena */
+    return constraints;
+loser:
+    /* TODO: release arena back to mark */
+    return NULL;
+}
+
+/* Copy a chain of one or more general names to a destination chain.
+** Caller has allocated at least the first destination GeneralName struct.
+** Both source and destination chains are circular doubly-linked lists.
+** The first source struct is copied to the first destination struct.
+** If the source chain has more than one member, and the destination chain
+** has only one member, then this function allocates new structs for all but
+** the first copy from the arena and links them into the destination list.
+** If the destination struct is part of a list with more than one member,
+** then this function traverses both the source and destination lists,
+** copying each source struct to the corresponding dest struct.
+** In that case, the destination list MUST contain at least as many
+** structs as the source list or some dest entries will be overwritten.
+*/
+SECStatus
+CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
+                     CERTGeneralName *src)
+{
+    SECStatus rv;
+    CERTGeneralName *destHead = dest;
+    CERTGeneralName *srcHead = src;
+
+    PORT_Assert(dest != NULL);
+    if (!dest) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* TODO: mark arena */
+    do {
+        rv = cert_CopyOneGeneralName(arena, dest, src);
+        if (rv != SECSuccess)
+            goto loser;
+        src = CERT_GetNextGeneralName(src);
+        /* if there is only one general name, we shouldn't do this */
+        if (src != srcHead) {
+            if (dest->l.next == &destHead->l) {
+                CERTGeneralName *temp;
+                temp = CERT_NewGeneralName(arena, (CERTGeneralNameType)0);
+                if (!temp)
+                    goto loser;
+                temp->l.next = &destHead->l;
+                temp->l.prev = &dest->l;
+                destHead->l.prev = &temp->l;
+                dest->l.next = &temp->l;
+                dest = temp;
+            } else {
+                dest = CERT_GetNextGeneralName(dest);
+            }
+        }
+    } while (src != srcHead && rv == SECSuccess);
+    /* TODO: unmark arena */
+    return rv;
+loser:
+    /* TODO: release back to mark */
+    return SECFailure;
+}
+
+CERTGeneralNameList *
+CERT_DupGeneralNameList(CERTGeneralNameList *list)
+{
+    if (list != NULL) {
+        PZ_Lock(list->lock);
+        list->refCount++;
+        PZ_Unlock(list->lock);
+    }
+    return list;
+}
+
+/* Allocate space and copy CERTNameConstraint from src to dest */
+CERTNameConstraint *
+CERT_CopyNameConstraint(PLArenaPool *arena, CERTNameConstraint *dest,
+                        CERTNameConstraint *src)
+{
+    SECStatus rv;
+
+    /* TODO: mark arena */
+    if (dest == NULL) {
+        dest = PORT_ArenaZNew(arena, CERTNameConstraint);
+        if (!dest)
+            goto loser;
+        /* mark that it is not linked */
+        dest->name.l.prev = dest->name.l.next = &(dest->name.l);
+    }
+    rv = CERT_CopyGeneralName(arena, &dest->name, &src->name);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(arena, &dest->DERName, &src->DERName);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(arena, &dest->min, &src->min);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(arena, &dest->max, &src->max);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    dest->l.prev = dest->l.next = &dest->l;
+    /* TODO: unmark arena */
+    return dest;
+loser:
+    /* TODO: release arena to mark */
+    return NULL;
+}
+
+CERTGeneralName *
+cert_CombineNamesLists(CERTGeneralName *list1, CERTGeneralName *list2)
+{
+    PRCList *begin1;
+    PRCList *begin2;
+    PRCList *end1;
+    PRCList *end2;
+
+    if (list1 == NULL) {
+        return list2;
+    } else if (list2 == NULL) {
+        return list1;
+    } else {
+        begin1 = &list1->l;
+        begin2 = &list2->l;
+        end1 = list1->l.prev;
+        end2 = list2->l.prev;
+        end1->next = begin2;
+        end2->next = begin1;
+        begin1->prev = end2;
+        begin2->prev = end1;
+        return list1;
+    }
+}
+
+CERTNameConstraint *
+cert_CombineConstraintsLists(CERTNameConstraint *list1,
+                             CERTNameConstraint *list2)
+{
+    PRCList *begin1;
+    PRCList *begin2;
+    PRCList *end1;
+    PRCList *end2;
+
+    if (list1 == NULL) {
+        return list2;
+    } else if (list2 == NULL) {
+        return list1;
+    } else {
+        begin1 = &list1->l;
+        begin2 = &list2->l;
+        end1 = list1->l.prev;
+        end2 = list2->l.prev;
+        end1->next = begin2;
+        end2->next = begin1;
+        begin1->prev = end2;
+        begin2->prev = end1;
+        return list1;
+    }
+}
+
+/* Add a CERTNameConstraint to the CERTNameConstraint list */
+CERTNameConstraint *
+CERT_AddNameConstraint(CERTNameConstraint *list, CERTNameConstraint *constraint)
+{
+    PORT_Assert(constraint != NULL);
+    constraint->l.next = constraint->l.prev = &constraint->l;
+    list = cert_CombineConstraintsLists(list, constraint);
+    return list;
+}
+
+SECStatus
+CERT_GetNameConstraintByType(CERTNameConstraint *constraints,
+                             CERTGeneralNameType type,
+                             CERTNameConstraint **returnList,
+                             PLArenaPool *arena)
+{
+    CERTNameConstraint *current = NULL;
+    void *mark = NULL;
+
+    *returnList = NULL;
+    if (!constraints)
+        return SECSuccess;
+
+    mark = PORT_ArenaMark(arena);
+
+    current = constraints;
+    do {
+        PORT_Assert(current->name.type);
+        if (current->name.type == type) {
+            CERTNameConstraint *temp;
+            temp = CERT_CopyNameConstraint(arena, NULL, current);
+            if (temp == NULL)
+                goto loser;
+            *returnList = CERT_AddNameConstraint(*returnList, temp);
+        }
+        current = CERT_GetNextNameConstraint(current);
+    } while (current != constraints);
+    PORT_ArenaUnmark(arena, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return SECFailure;
+}
+
+void *
+CERT_GetGeneralNameByType(CERTGeneralName *genNames, CERTGeneralNameType type,
+                          PRBool derFormat)
+{
+    CERTGeneralName *current;
+
+    if (!genNames)
+        return NULL;
+    current = genNames;
+
+    do {
+        if (current->type == type) {
+            switch (type) {
+                case certDNSName:
+                case certEDIPartyName:
+                case certIPAddress:
+                case certRegisterID:
+                case certRFC822Name:
+                case certX400Address:
+                case certURI:
+                    return (void *)&current->name.other; /* SECItem * */
+
+                case certOtherName:
+                    return (void *)&current->name.OthName; /* OthName * */
+
+                case certDirectoryName:
+                    return derFormat
+                               ? (void *)&current
+                                     ->derDirectoryName /* SECItem * */
+                               : (void *)&current->name
+                                     .directoryName; /* CERTName * */
+            }
+            PORT_Assert(0);
+            return NULL;
+        }
+        current = CERT_GetNextGeneralName(current);
+    } while (current != genNames);
+    return NULL;
+}
+
+int
+CERT_GetNamesLength(CERTGeneralName *names)
+{
+    int length = 0;
+    CERTGeneralName *first;
+
+    first = names;
+    if (names != NULL) {
+        do {
+            length++;
+            names = CERT_GetNextGeneralName(names);
+        } while (names != first);
+    }
+    return length;
+}
+
+/* Creates new GeneralNames for any email addresses found in the
+** input DN, and links them onto the list for the DN.
+*/
+SECStatus
+cert_ExtractDNEmailAddrs(CERTGeneralName *name, PLArenaPool *arena)
+{
+    CERTGeneralName *nameList = NULL;
+    const CERTRDN **nRDNs = (const CERTRDN **)(name->name.directoryName.rdns);
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(name->type == certDirectoryName);
+    if (name->type != certDirectoryName) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* TODO: mark arena */
+    while (nRDNs && *nRDNs) { /* loop over RDNs */
+        const CERTRDN *nRDN = *nRDNs++;
+        CERTAVA **nAVAs = nRDN->avas;
+        while (nAVAs && *nAVAs) { /* loop over AVAs */
+            int tag;
+            CERTAVA *nAVA = *nAVAs++;
+            tag = CERT_GetAVATag(nAVA);
+            if (tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
+                tag == SEC_OID_RFC1274_MAIL) { /* email AVA */
+                CERTGeneralName *newName = NULL;
+                SECItem *avaValue = CERT_DecodeAVAValue(&nAVA->value);
+                if (!avaValue)
+                    goto loser;
+                rv = SECFailure;
+                newName = CERT_NewGeneralName(arena, certRFC822Name);
+                if (newName) {
+                    rv =
+                        SECITEM_CopyItem(arena, &newName->name.other, avaValue);
+                }
+                SECITEM_FreeItem(avaValue, PR_TRUE);
+                if (rv != SECSuccess)
+                    goto loser;
+                nameList = cert_CombineNamesLists(nameList, newName);
+            } /* handle one email AVA */
+        }     /* loop over AVAs */
+    }         /* loop over RDNs */
+    /* combine new names with old one. */
+    (void)cert_CombineNamesLists(name, nameList);
+    /* TODO: unmark arena */
+    return SECSuccess;
+
+loser:
+    /* TODO: release arena back to mark */
+    return SECFailure;
+}
+
+/* Extract all names except Subject Common Name from a cert
+** in preparation for a name constraints test.
+*/
+CERTGeneralName *
+CERT_GetCertificateNames(CERTCertificate *cert, PLArenaPool *arena)
+{
+    return CERT_GetConstrainedCertificateNames(cert, arena, PR_FALSE);
+}
+
+/* This function is called by CERT_VerifyCertChain to extract all
+** names from a cert in preparation for a name constraints test.
+*/
+CERTGeneralName *
+CERT_GetConstrainedCertificateNames(const CERTCertificate *cert,
+                                    PLArenaPool *arena,
+                                    PRBool includeSubjectCommonName)
+{
+    CERTGeneralName *DN;
+    CERTGeneralName *SAN;
+    PRUint32 numDNSNames = 0;
+    SECStatus rv;
+
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    /* TODO: mark arena */
+    DN = CERT_NewGeneralName(arena, certDirectoryName);
+    if (DN == NULL) {
+        goto loser;
+    }
+    rv = CERT_CopyName(arena, &DN->name.directoryName, &cert->subject);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(arena, &DN->derDirectoryName, &cert->derSubject);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* Extract email addresses from DN, construct CERTGeneralName structs
+    ** for them, add them to the name list
+    */
+    rv = cert_ExtractDNEmailAddrs(DN, arena);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Now extract any GeneralNames from the subject name names extension. */
+    SAN = cert_GetSubjectAltNameList(cert, arena);
+    if (SAN) {
+        numDNSNames = cert_CountDNSPatterns(SAN);
+        DN = cert_CombineNamesLists(DN, SAN);
+    }
+    if (!numDNSNames && includeSubjectCommonName) {
+        char *cn = CERT_GetCommonName(&cert->subject);
+        if (cn) {
+            CERTGeneralName *CN = CERT_NewGeneralName(arena, certDNSName);
+            if (CN) {
+                SECItem cnItem = { siBuffer, NULL, 0 };
+                cnItem.data = (unsigned char *)cn;
+                cnItem.len = strlen(cn);
+                rv = SECITEM_CopyItem(arena, &CN->name.other, &cnItem);
+                if (rv == SECSuccess) {
+                    DN = cert_CombineNamesLists(DN, CN);
+                }
+            }
+            PORT_Free(cn);
+        }
+    }
+    if (rv == SECSuccess) {
+        /* TODO: unmark arena */
+        return DN;
+    }
+loser:
+    /* TODO: release arena to mark */
+    return NULL;
+}
+
+/* Returns SECSuccess if name matches constraint per RFC 3280 rules for
+** URI name constraints.  SECFailure otherwise.
+** If the constraint begins with a dot, it is a domain name, otherwise
+** It is a host name.  Examples:
+**  Constraint            Name             Result
+** ------------      ---------------      --------
+**  foo.bar.com          foo.bar.com      matches
+**  foo.bar.com          FoO.bAr.CoM      matches
+**  foo.bar.com      www.foo.bar.com      no match
+**  foo.bar.com        nofoo.bar.com      no match
+** .foo.bar.com      www.foo.bar.com      matches
+** .foo.bar.com        nofoo.bar.com      no match
+** .foo.bar.com          foo.bar.com      no match
+** .foo.bar.com     www..foo.bar.com      no match
+*/
+static SECStatus
+compareURIN2C(const SECItem *name, const SECItem *constraint)
+{
+    int offset;
+    /* The spec is silent on intepreting zero-length constraints.
+    ** We interpret them as matching no URI names.
+    */
+    if (!constraint->len)
+        return SECFailure;
+    if (constraint->data[0] != '.') {
+        /* constraint is a host name. */
+        if (name->len != constraint->len ||
+            PL_strncasecmp((char *)name->data, (char *)constraint->data,
+                           constraint->len))
+            return SECFailure;
+        return SECSuccess;
+    }
+    /* constraint is a domain name. */
+    if (name->len < constraint->len)
+        return SECFailure;
+    offset = name->len - constraint->len;
+    if (PL_strncasecmp((char *)(name->data + offset), (char *)constraint->data,
+                       constraint->len))
+        return SECFailure;
+    if (!offset ||
+        (name->data[offset - 1] == '.') + (constraint->data[0] == '.') == 1)
+        return SECSuccess;
+    return SECFailure;
+}
+
+/* for DNSname constraints, RFC 3280 says, (section 4.2.1.11, page 38)
+**
+** DNS name restrictions are expressed as foo.bar.com.  Any DNS name
+** that can be constructed by simply adding to the left hand side of the
+** name satisfies the name constraint.  For example, www.foo.bar.com
+** would satisfy the constraint but foo1.bar.com would not.
+**
+** But NIST's PKITS test suite requires that the constraint be treated
+** as a domain name, and requires that any name added to the left hand
+** side end in a dot ".".  Sensible, but not strictly following the RFC.
+**
+**  Constraint            Name            RFC 3280  NIST PKITS
+** ------------      ---------------      --------  ----------
+**  foo.bar.com          foo.bar.com      matches    matches
+**  foo.bar.com          FoO.bAr.CoM      matches    matches
+**  foo.bar.com      www.foo.bar.com      matches    matches
+**  foo.bar.com        nofoo.bar.com      MATCHES    NO MATCH
+** .foo.bar.com      www.foo.bar.com      matches    matches? disallowed?
+** .foo.bar.com          foo.bar.com      no match   no match
+** .foo.bar.com     www..foo.bar.com      matches    probably not
+**
+** We will try to conform to NIST's PKITS tests, and the unstated
+** rules they imply.
+*/
+static SECStatus
+compareDNSN2C(const SECItem *name, const SECItem *constraint)
+{
+    int offset;
+    /* The spec is silent on intepreting zero-length constraints.
+    ** We interpret them as matching all DNSnames.
+    */
+    if (!constraint->len)
+        return SECSuccess;
+    if (name->len < constraint->len)
+        return SECFailure;
+    offset = name->len - constraint->len;
+    if (PL_strncasecmp((char *)(name->data + offset), (char *)constraint->data,
+                       constraint->len))
+        return SECFailure;
+    if (!offset ||
+        (name->data[offset - 1] == '.') + (constraint->data[0] == '.') == 1)
+        return SECSuccess;
+    return SECFailure;
+}
+
+/* Returns SECSuccess if name matches constraint per RFC 3280 rules for
+** internet email addresses.  SECFailure otherwise.
+** If constraint contains a '@' then the two strings much match exactly.
+** Else if constraint starts with a '.'. then it must match the right-most
+** substring of the name,
+** else constraint string must match entire name after the name's '@'.
+** Empty constraint string matches all names. All comparisons case insensitive.
+*/
+static SECStatus
+compareRFC822N2C(const SECItem *name, const SECItem *constraint)
+{
+    int offset;
+    if (!constraint->len)
+        return SECSuccess;
+    if (name->len < constraint->len)
+        return SECFailure;
+    if (constraint->len == 1 && constraint->data[0] == '.')
+        return SECSuccess;
+    for (offset = constraint->len - 1; offset >= 0; --offset) {
+        if (constraint->data[offset] == '@') {
+            return (name->len == constraint->len &&
+                    !PL_strncasecmp((char *)name->data,
+                                    (char *)constraint->data, constraint->len))
+                       ? SECSuccess
+                       : SECFailure;
+        }
+    }
+    offset = name->len - constraint->len;
+    if (PL_strncasecmp((char *)(name->data + offset), (char *)constraint->data,
+                       constraint->len))
+        return SECFailure;
+    if (constraint->data[0] == '.')
+        return SECSuccess;
+    if (offset > 0 && name->data[offset - 1] == '@')
+        return SECSuccess;
+    return SECFailure;
+}
+
+/* name contains either a 4 byte IPv4 address or a 16 byte IPv6 address.
+** constraint contains an address of the same length, and a subnet mask
+** of the same length.  Compare name's address to the constraint's
+** address, subject to the mask.
+** Return SECSuccess if they match, SECFailure if they don't.
+*/
+static SECStatus
+compareIPaddrN2C(const SECItem *name, const SECItem *constraint)
+{
+    int i;
+    if (name->len == 4 && constraint->len == 8) { /* ipv4 addr */
+        for (i = 0; i < 4; i++) {
+            if ((name->data[i] ^ constraint->data[i]) & constraint->data[i + 4])
+                goto loser;
+        }
+        return SECSuccess;
+    }
+    if (name->len == 16 && constraint->len == 32) { /* ipv6 addr */
+        for (i = 0; i < 16; i++) {
+            if ((name->data[i] ^ constraint->data[i]) &
+                constraint->data[i + 16])
+                goto loser;
+        }
+        return SECSuccess;
+    }
+loser:
+    return SECFailure;
+}
+
+/* start with a SECItem that points to a URI.  Parse it lookingg for
+** a hostname.  Modify item->data and item->len to define the hostname,
+** but do not modify and data at item->data.
+** If anything goes wrong, the contents of *item are undefined.
+*/
+static SECStatus
+parseUriHostname(SECItem *item)
+{
+    int i;
+    PRBool found = PR_FALSE;
+    for (i = 0; (unsigned)(i + 2) < item->len; ++i) {
+        if (item->data[i] == ':' && item->data[i + 1] == '/' &&
+            item->data[i + 2] == '/') {
+            i += 3;
+            item->data += i;
+            item->len -= i;
+            found = PR_TRUE;
+            break;
+        }
+    }
+    if (!found)
+        return SECFailure;
+    /* now look for a '/', which is an upper bound in the end of the name */
+    for (i = 0; (unsigned)i < item->len; ++i) {
+        if (item->data[i] == '/') {
+            item->len = i;
+            break;
+        }
+    }
+    /* now look for a ':', which marks the end of the name */
+    for (i = item->len; --i >= 0;) {
+        if (item->data[i] == ':') {
+            item->len = i;
+            break;
+        }
+    }
+    /* now look for an '@', which marks the beginning of the hostname */
+    for (i = 0; (unsigned)i < item->len; ++i) {
+        if (item->data[i] == '@') {
+            ++i;
+            item->data += i;
+            item->len -= i;
+            break;
+        }
+    }
+    return item->len ? SECSuccess : SECFailure;
+}
+
+/* This function takes one name, and a list of constraints.
+** It searches the constraints looking for a match.
+** It returns SECSuccess if the name satisfies the constraints, i.e.,
+** if excluded, then the name does not match any constraint,
+** if permitted, then the name matches at least one constraint.
+** It returns SECFailure if the name fails to satisfy the constraints,
+** or if some code fails (e.g. out of memory, or invalid constraint)
+*/
+SECStatus
+cert_CompareNameWithConstraints(const CERTGeneralName *name,
+                                const CERTNameConstraint *constraints,
+                                PRBool excluded)
+{
+    SECStatus rv = SECSuccess;
+    SECStatus matched = SECFailure;
+    const CERTNameConstraint *current;
+
+    PORT_Assert(constraints); /* caller should not call with NULL */
+    if (!constraints) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    current = constraints;
+    do {
+        rv = SECSuccess;
+        matched = SECFailure;
+        PORT_Assert(name->type == current->name.type);
+        switch (name->type) {
+
+            case certDNSName:
+                matched =
+                    compareDNSN2C(&name->name.other, &current->name.name.other);
+                break;
+
+            case certRFC822Name:
+                matched = compareRFC822N2C(&name->name.other,
+                                           &current->name.name.other);
+                break;
+
+            case certURI: {
+                /* make a modifiable copy of the URI SECItem. */
+                SECItem uri = name->name.other;
+                /* find the hostname in the URI */
+                rv = parseUriHostname(&uri);
+                if (rv == SECSuccess) {
+                    /* does our hostname meet the constraint? */
+                    matched = compareURIN2C(&uri, &current->name.name.other);
+                }
+            } break;
+
+            case certDirectoryName:
+                /* Determine if the constraint directory name is a "prefix"
+                ** for the directory name being tested.
+                */
+                {
+                    /* status defaults to SECEqual, so that a constraint with
+                    ** no AVAs will be a wildcard, matching all directory names.
+                    */
+                    SECComparison status = SECEqual;
+                    const CERTRDN **cRDNs =
+                        (const CERTRDN **)current->name.name.directoryName.rdns;
+                    const CERTRDN **nRDNs =
+                        (const CERTRDN **)name->name.directoryName.rdns;
+                    while (cRDNs && *cRDNs && nRDNs && *nRDNs) {
+                        /* loop over name RDNs and constraint RDNs in lock step
+                         */
+                        const CERTRDN *cRDN = *cRDNs++;
+                        const CERTRDN *nRDN = *nRDNs++;
+                        CERTAVA **cAVAs = cRDN->avas;
+                        while (cAVAs &&
+                               *cAVAs) { /* loop over constraint AVAs */
+                            CERTAVA *cAVA = *cAVAs++;
+                            CERTAVA **nAVAs = nRDN->avas;
+                            while (nAVAs && *nAVAs) { /* loop over name AVAs */
+                                CERTAVA *nAVA = *nAVAs++;
+                                status = CERT_CompareAVA(cAVA, nAVA);
+                                if (status == SECEqual)
+                                    break;
+                            } /* loop over name AVAs */
+                            if (status != SECEqual)
+                                break;
+                        } /* loop over constraint AVAs */
+                        if (status != SECEqual)
+                            break;
+                    } /* loop over name RDNs and constraint RDNs */
+                    matched = (status == SECEqual) ? SECSuccess : SECFailure;
+                    break;
+                }
+
+            case certIPAddress: /* type 8 */
+                matched = compareIPaddrN2C(&name->name.other,
+                                           &current->name.name.other);
+                break;
+
+            /* NSS does not know how to compare these "Other" type names with
+            ** their respective constraints.  But it does know how to tell
+            ** if the constraint applies to the type of name (by comparing
+            ** the constraint OID to the name OID).  NSS makes no use of "Other"
+            ** type names at all, so NSS errs on the side of leniency for these
+            ** types, provided that their OIDs match.  So, when an "Other"
+            ** name constraint appears in an excluded subtree, it never causes
+            ** a name to fail.  When an "Other" name constraint appears in a
+            ** permitted subtree, AND the constraint's OID matches the name's
+            ** OID, then name is treated as if it matches the constraint.
+            */
+            case certOtherName: /* type 1 */
+                matched =
+                    (!excluded && name->type == current->name.type &&
+                     SECITEM_ItemsAreEqual(&name->name.OthName.oid,
+                                           &current->name.name.OthName.oid))
+                        ? SECSuccess
+                        : SECFailure;
+                break;
+
+            /* NSS does not know how to compare these types of names with their
+            ** respective constraints.  But NSS makes no use of these types of
+            ** names at all, so it errs on the side of leniency for these types.
+            ** Constraints for these types of names never cause the name to
+            ** fail the constraints test.  NSS behaves as if the name matched
+            ** for permitted constraints, and did not match for excluded ones.
+            */
+            case certX400Address:  /* type 4 */
+            case certEDIPartyName: /* type 6 */
+            case certRegisterID:   /* type 9 */
+                matched = excluded ? SECFailure : SECSuccess;
+                break;
+
+            default: /* non-standard types are not supported */
+                rv = SECFailure;
+                break;
+        }
+        if (matched == SECSuccess || rv != SECSuccess)
+            break;
+        current = CERT_GetNextNameConstraint((CERTNameConstraint *)current);
+    } while (current != constraints);
+    if (rv == SECSuccess) {
+        if (matched == SECSuccess)
+            rv = excluded ? SECFailure : SECSuccess;
+        else
+            rv = excluded ? SECSuccess : SECFailure;
+        return rv;
+    }
+
+    return SECFailure;
+}
+
+/* Add and link a CERTGeneralName to a CERTNameConstraint list. Most
+** likely the CERTNameConstraint passed in is either the permitted
+** list or the excluded list of a CERTNameConstraints.
+*/
+SECStatus
+CERT_AddNameConstraintByGeneralName(PLArenaPool *arena,
+                                    CERTNameConstraint **constraints,
+                                    CERTGeneralName *name)
+{
+    SECStatus rv;
+    CERTNameConstraint *current = NULL;
+    CERTNameConstraint *first = *constraints;
+    void *mark = NULL;
+
+    mark = PORT_ArenaMark(arena);
+
+    current = PORT_ArenaZNew(arena, CERTNameConstraint);
+    if (current == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    rv = cert_CopyOneGeneralName(arena, &current->name, name);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    current->name.l.prev = current->name.l.next = &(current->name.l);
+
+    if (first == NULL) {
+        *constraints = current;
+        PR_INIT_CLIST(&current->l);
+    } else {
+        PR_INSERT_BEFORE(&current->l, &first->l);
+    }
+
+done:
+    if (rv == SECFailure) {
+        PORT_ArenaRelease(arena, mark);
+    } else {
+        PORT_ArenaUnmark(arena, mark);
+    }
+    return rv;
+}
+
+/*
+ * Here we define a list of name constraints to be imposed on
+ * certain certificates, most importantly root certificates.
+ *
+ * Each entry in the name constraints list is constructed with this
+ * macro.  An entry contains two SECItems, which have names in
+ * specific forms to make the macro work:
+ *
+ *  * ${CA}_SUBJECT_DN - The subject DN for which the constraints
+ *                       should be applied
+ *  * ${CA}_NAME_CONSTRAINTS - The name constraints extension
+ *
+ * Entities subject to name constraints are identified by subject name
+ * so that we can cover all certificates for that entity, including, e.g.,
+ * cross-certificates.  We use subject rather than public key because
+ * calling methods often have easy access to that field (vs., say, a key ID),
+ * and in practice, subject names and public keys are usually in one-to-one
+ * correspondence anyway.
+ *
+ */
+
+#define STRING_TO_SECITEM(str)                          \
+    {                                                   \
+        siBuffer, (unsigned char *)str, sizeof(str) - 1 \
+    }
+
+#define NAME_CONSTRAINTS_ENTRY(CA)                   \
+    {                                                \
+        STRING_TO_SECITEM(CA##_SUBJECT_DN)           \
+        ,                                            \
+            STRING_TO_SECITEM(CA##_NAME_CONSTRAINTS) \
+    }
+
+/* Agence Nationale de la Securite des Systemes d'Information (ANSSI) */
+
+/* clang-format off */
+
+#define ANSSI_SUBJECT_DN                                                       \
+    "\x30\x81\x85"                                                             \
+    "\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02" "FR"       /* C */          \
+    "\x31\x0F\x30\x0D\x06\x03\x55\x04\x08\x13\x06" "France"   /* ST */         \
+    "\x31\x0E\x30\x0C\x06\x03\x55\x04\x07\x13\x05" "Paris"    /* L */          \
+    "\x31\x10\x30\x0E\x06\x03\x55\x04\x0A\x13\x07" "PM/SGDN"  /* O */          \
+    "\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05" "DCSSI"    /* OU */         \
+    "\x31\x0E\x30\x0C\x06\x03\x55\x04\x03\x13\x05" "IGC/A"    /* CN */         \
+    "\x31\x23\x30\x21\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"             \
+    "\x16\x14" "igca@sgdn.pm.gouv.fr" /* emailAddress */                       \
+
+#define ANSSI_NAME_CONSTRAINTS                                                 \
+    "\x30\x5D\xA0\x5B"                                                         \
+    "\x30\x05\x82\x03" ".fr"                                                   \
+    "\x30\x05\x82\x03" ".gp"                                                   \
+    "\x30\x05\x82\x03" ".gf"                                                   \
+    "\x30\x05\x82\x03" ".mq"                                                   \
+    "\x30\x05\x82\x03" ".re"                                                   \
+    "\x30\x05\x82\x03" ".yt"                                                   \
+    "\x30\x05\x82\x03" ".pm"                                                   \
+    "\x30\x05\x82\x03" ".bl"                                                   \
+    "\x30\x05\x82\x03" ".mf"                                                   \
+    "\x30\x05\x82\x03" ".wf"                                                   \
+    "\x30\x05\x82\x03" ".pf"                                                   \
+    "\x30\x05\x82\x03" ".nc"                                                   \
+    "\x30\x05\x82\x03" ".tf"
+
+/* clang-format on */
+
+static const SECItem builtInNameConstraints[][2] = { NAME_CONSTRAINTS_ENTRY(
+    ANSSI) };
+
+SECStatus
+CERT_GetImposedNameConstraints(const SECItem *derSubject, SECItem *extensions)
+{
+    size_t i;
+
+    if (!extensions) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    for (i = 0; i < PR_ARRAY_SIZE(builtInNameConstraints); ++i) {
+        if (SECITEM_ItemsAreEqual(derSubject, &builtInNameConstraints[i][0])) {
+            return SECITEM_CopyItem(NULL, extensions,
+                                    &builtInNameConstraints[i][1]);
+        }
+    }
+
+    PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+    return SECFailure;
+}
+
+/*
+ * Extract the name constraints extension from the CA cert.
+ * If the certificate contains no name constraints extension, but
+ * CERT_GetImposedNameConstraints returns a name constraints extension
+ * for the subject of the certificate, then that extension will be returned.
+ */
+SECStatus
+CERT_FindNameConstraintsExten(PLArenaPool *arena, CERTCertificate *cert,
+                              CERTNameConstraints **constraints)
+{
+    SECStatus rv = SECSuccess;
+    SECItem constraintsExtension;
+    void *mark = NULL;
+
+    *constraints = NULL;
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS,
+                                &constraintsExtension);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
+            return rv;
+        }
+        rv = CERT_GetImposedNameConstraints(&cert->derSubject,
+                                            &constraintsExtension);
+        if (rv != SECSuccess) {
+            if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
+                return SECSuccess;
+            }
+            return rv;
+        }
+    }
+
+    mark = PORT_ArenaMark(arena);
+
+    *constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);
+    if (*constraints == NULL) { /* decode failed */
+        rv = SECFailure;
+    }
+    PORT_Free(constraintsExtension.data);
+
+    if (rv == SECFailure) {
+        PORT_ArenaRelease(arena, mark);
+    } else {
+        PORT_ArenaUnmark(arena, mark);
+    }
+
+    return rv;
+}
+
+/* Verify name against all the constraints relevant to that type of
+** the name.
+*/
+SECStatus
+CERT_CheckNameSpace(PLArenaPool *arena, const CERTNameConstraints *constraints,
+                    const CERTGeneralName *currentName)
+{
+    CERTNameConstraint *matchingConstraints;
+    SECStatus rv = SECSuccess;
+
+    if (constraints->excluded != NULL) {
+        rv = CERT_GetNameConstraintByType(constraints->excluded,
+                                          currentName->type,
+                                          &matchingConstraints, arena);
+        if (rv == SECSuccess && matchingConstraints != NULL) {
+            rv = cert_CompareNameWithConstraints(currentName,
+                                                 matchingConstraints, PR_TRUE);
+        }
+        if (rv != SECSuccess) {
+            return (rv);
+        }
+    }
+
+    if (constraints->permited != NULL) {
+        rv = CERT_GetNameConstraintByType(constraints->permited,
+                                          currentName->type,
+                                          &matchingConstraints, arena);
+        if (rv == SECSuccess && matchingConstraints != NULL) {
+            rv = cert_CompareNameWithConstraints(currentName,
+                                                 matchingConstraints, PR_FALSE);
+        }
+        if (rv != SECSuccess) {
+            return (rv);
+        }
+    }
+
+    return (SECSuccess);
+}
+
+/* Extract the name constraints extension from the CA cert.
+** Test each and every name in namesList against all the constraints
+** relevant to that type of name.
+** Returns NULL in pBadCert for success, if all names are acceptable.
+** If some name is not acceptable, returns a pointer to the cert that
+** contained that name.
+*/
+SECStatus
+CERT_CompareNameSpace(CERTCertificate *cert, CERTGeneralName *namesList,
+                      CERTCertificate **certsList, PLArenaPool *reqArena,
+                      CERTCertificate **pBadCert)
+{
+    SECStatus rv = SECSuccess;
+    CERTNameConstraints *constraints;
+    CERTGeneralName *currentName;
+    int count = 0;
+    CERTCertificate *badCert = NULL;
+
+    /* If no names to check, then no names can be bad. */
+    if (!namesList)
+        goto done;
+    rv = CERT_FindNameConstraintsExten(reqArena, cert, &constraints);
+    if (rv != SECSuccess) {
+        count = -1;
+        goto done;
+    }
+
+    currentName = namesList;
+    do {
+        if (constraints) {
+            rv = CERT_CheckNameSpace(reqArena, constraints, currentName);
+            if (rv != SECSuccess) {
+                break;
+            }
+        }
+        currentName = CERT_GetNextGeneralName(currentName);
+        count++;
+    } while (currentName != namesList);
+
+done:
+    if (rv != SECSuccess) {
+        badCert = (count >= 0) ? certsList[count] : cert;
+    }
+    if (pBadCert)
+        *pBadCert = badCert;
+
+    return rv;
+}
+
+#if 0
+/* not exported from shared libs, not used.  Turn on if we ever need it. */
+SECStatus
+CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b)
+{
+    CERTGeneralName *currentA;
+    CERTGeneralName *currentB;
+    PRBool found;
+
+    currentA = a;
+    currentB = b;
+    if (a != NULL) {
+	do {
+	    if (currentB == NULL) {
+		return SECFailure;
+	    }
+	    currentB = CERT_GetNextGeneralName(currentB);
+	    currentA = CERT_GetNextGeneralName(currentA);
+	} while (currentA != a);
+    }
+    if (currentB != b) {
+	return SECFailure;
+    }
+    currentA = a;
+    do {
+	currentB = b;
+	found = PR_FALSE;
+	do {
+	    if (currentB->type == currentA->type) {
+		switch (currentB->type) {
+		  case certDNSName:
+		  case certEDIPartyName:
+		  case certIPAddress:
+		  case certRegisterID:
+		  case certRFC822Name:
+		  case certX400Address:
+		  case certURI:
+		    if (SECITEM_CompareItem(&currentA->name.other,
+					    &currentB->name.other)
+			== SECEqual) {
+			found = PR_TRUE;
+		    }
+		    break;
+		  case certOtherName:
+		    if (SECITEM_CompareItem(&currentA->name.OthName.oid,
+					    &currentB->name.OthName.oid)
+			== SECEqual &&
+			SECITEM_CompareItem(&currentA->name.OthName.name,
+					    &currentB->name.OthName.name)
+			== SECEqual) {
+			found = PR_TRUE;
+		    }
+		    break;
+		  case certDirectoryName:
+		    if (CERT_CompareName(&currentA->name.directoryName,
+					 &currentB->name.directoryName)
+			== SECEqual) {
+			found = PR_TRUE;
+		    }
+		}
+
+	    }
+	    currentB = CERT_GetNextGeneralName(currentB);
+	} while (currentB != b && found != PR_TRUE);
+	if (found != PR_TRUE) {
+	    return SECFailure;
+	}
+	currentA = CERT_GetNextGeneralName(currentA);
+    } while (currentA != a);
+    return SECSuccess;
+}
+
+SECStatus
+CERT_CompareGeneralNameLists(CERTGeneralNameList *a, CERTGeneralNameList *b)
+{
+    SECStatus rv;
+
+    if (a == b) {
+	return SECSuccess;
+    }
+    if (a != NULL && b != NULL) {
+	PZ_Lock(a->lock);
+	PZ_Lock(b->lock);
+	rv = CERT_CompareGeneralName(a->name, b->name);
+	PZ_Unlock(a->lock);
+	PZ_Unlock(b->lock);
+    } else {
+	rv = SECFailure;
+    }
+    return rv;
+}
+#endif
+
+#if 0
+/* This function is not exported from NSS shared libraries, and is not
+** used inside of NSS.
+** XXX it doesn't check for failed allocations. :-(
+*/
+void *
+CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
+				  CERTGeneralNameType type,
+				  PLArenaPool *arena)
+{
+    CERTName *name = NULL;
+    SECItem *item = NULL;
+    OtherName *other = NULL;
+    OtherName *tmpOther = NULL;
+    void *data;
+
+    PZ_Lock(list->lock);
+    data = CERT_GetGeneralNameByType(list->name, type, PR_FALSE);
+    if (data != NULL) {
+	switch (type) {
+	  case certDNSName:
+	  case certEDIPartyName:
+	  case certIPAddress:
+	  case certRegisterID:
+	  case certRFC822Name:
+	  case certX400Address:
+	  case certURI:
+	    if (arena != NULL) {
+		item = PORT_ArenaNew(arena, SECItem);
+		if (item != NULL) {
+XXX		    SECITEM_CopyItem(arena, item, (SECItem *) data);
+		}
+	    } else {
+		item = SECITEM_DupItem((SECItem *) data);
+	    }
+	    PZ_Unlock(list->lock);
+	    return item;
+	  case certOtherName:
+	    other = (OtherName *) data;
+	    if (arena != NULL) {
+		tmpOther = PORT_ArenaNew(arena, OtherName);
+	    } else {
+		tmpOther = PORT_New(OtherName);
+	    }
+	    if (tmpOther != NULL) {
+XXX		SECITEM_CopyItem(arena, &tmpOther->oid, &other->oid);
+XXX		SECITEM_CopyItem(arena, &tmpOther->name, &other->name);
+	    }
+	    PZ_Unlock(list->lock);
+	    return tmpOther;
+	  case certDirectoryName:
+	    if (arena) {
+		name = PORT_ArenaZNew(list->arena, CERTName);
+		if (name) {
+XXX		    CERT_CopyName(arena, name, (CERTName *) data);
+		}
+	    }
+	    PZ_Unlock(list->lock);
+	    return name;
+	}
+    }
+    PZ_Unlock(list->lock);
+    return NULL;
+}
+#endif
+
+#if 0
+/* This function is not exported from NSS shared libraries, and is not
+** used inside of NSS.
+** XXX it should NOT be a void function, since it does allocations
+** that can fail.
+*/
+void
+CERT_AddGeneralNameToList(CERTGeneralNameList *list,
+			  CERTGeneralNameType type,
+			  void *data, SECItem *oid)
+{
+    CERTGeneralName *name;
+
+    if (list != NULL && data != NULL) {
+	PZ_Lock(list->lock);
+	name = CERT_NewGeneralName(list->arena, type);
+	if (!name)
+	    goto done;
+	switch (type) {
+	  case certDNSName:
+	  case certEDIPartyName:
+	  case certIPAddress:
+	  case certRegisterID:
+	  case certRFC822Name:
+	  case certX400Address:
+	  case certURI:
+XXX	    SECITEM_CopyItem(list->arena, &name->name.other, (SECItem *)data);
+	    break;
+	  case certOtherName:
+XXX	    SECITEM_CopyItem(list->arena, &name->name.OthName.name,
+			     (SECItem *) data);
+XXX	    SECITEM_CopyItem(list->arena, &name->name.OthName.oid,
+			     oid);
+	    break;
+	  case certDirectoryName:
+XXX	    CERT_CopyName(list->arena, &name->name.directoryName,
+			  (CERTName *) data);
+	    break;
+	}
+	list->name = cert_CombineNamesLists(list->name, name);
+	list->len++;
+done:
+	PZ_Unlock(list->lock);
+    }
+    return;
+}
+#endif
diff --git a/nss/lib/certdb/genname.h b/nss/lib/certdb/genname.h
new file mode 100644
index 0000000..5824157
--- /dev/null
+++ b/nss/lib/certdb/genname.h
@@ -0,0 +1,93 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _GENAME_H_
+#define _GENAME_H_
+
+#include "plarena.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "certt.h"
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+extern const SEC_ASN1Template CERT_GeneralNamesTemplate[];
+
+extern SECItem **cert_EncodeGeneralNames(PLArenaPool *arena,
+                                         CERTGeneralName *names);
+
+extern CERTGeneralName *cert_DecodeGeneralNames(PLArenaPool *arena,
+                                                SECItem **encodedGenName);
+
+extern SECStatus cert_DestroyGeneralNames(CERTGeneralName *name);
+
+extern SECStatus cert_EncodeNameConstraints(CERTNameConstraints *constraints,
+                                            PLArenaPool *arena, SECItem *dest);
+
+extern CERTNameConstraints *cert_DecodeNameConstraints(
+    PLArenaPool *arena, const SECItem *encodedConstraints);
+
+extern CERTGeneralName *cert_CombineNamesLists(CERTGeneralName *list1,
+                                               CERTGeneralName *list2);
+
+extern CERTNameConstraint *cert_CombineConstraintsLists(
+    CERTNameConstraint *list1, CERTNameConstraint *list2);
+
+/*********************************************************************/
+/* A thread safe implementation of General Names                     */
+/*********************************************************************/
+
+/* Destroy a Single CERTGeneralName */
+void CERT_DestroyGeneralName(CERTGeneralName *name);
+
+SECStatus CERT_CompareGeneralName(CERTGeneralName *a, CERTGeneralName *b);
+
+SECStatus CERT_CopyGeneralName(PLArenaPool *arena, CERTGeneralName *dest,
+                               CERTGeneralName *src);
+
+/* General Name Lists are a thread safe, reference counting layer to
+ * general names */
+
+/* Destroys a CERTGeneralNameList */
+void CERT_DestroyGeneralNameList(CERTGeneralNameList *list);
+
+/* Creates a CERTGeneralNameList */
+CERTGeneralNameList *CERT_CreateGeneralNameList(CERTGeneralName *name);
+
+/* Compares two CERTGeneralNameList */
+SECStatus CERT_CompareGeneralNameLists(CERTGeneralNameList *a,
+                                       CERTGeneralNameList *b);
+
+/* returns a copy of the first name of the type requested */
+void *CERT_GetGeneralNameFromListByType(CERTGeneralNameList *list,
+                                        CERTGeneralNameType type,
+                                        PLArenaPool *arena);
+
+/* Adds a name to the tail of the list */
+void CERT_AddGeneralNameToList(CERTGeneralNameList *list,
+                               CERTGeneralNameType type, void *data,
+                               SECItem *oid);
+
+/* returns a duplicate of the CERTGeneralNameList */
+CERTGeneralNameList *CERT_DupGeneralNameList(CERTGeneralNameList *list);
+
+/* returns the number of CERTGeneralName objects in the  doubly linked
+** list of which *names is a member.
+*/
+extern int CERT_GetNamesLength(CERTGeneralName *names);
+
+/************************************************************************/
+
+SECStatus CERT_CompareNameSpace(CERTCertificate *cert,
+                                CERTGeneralName *namesList,
+                                CERTCertificate **certsList,
+                                PLArenaPool *reqArena,
+                                CERTCertificate **pBadCert);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/certdb/manifest.mn b/nss/lib/certdb/manifest.mn
new file mode 100644
index 0000000..28548f4
--- /dev/null
+++ b/nss/lib/certdb/manifest.mn
@@ -0,0 +1,40 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+EXPORTS = \
+	cert.h \
+	certt.h \
+	certdb.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	genname.h \
+	xconst.h \
+	certxutl.h \
+	certi.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	alg1485.c \
+	certdb.c \
+	certv3.c \
+	certxutl.c \
+	crl.c \
+	genname.c \
+	stanpcertdb.c \
+	polcyxtn.c \
+	secname.c \
+	xauthkid.c \
+	xbsconst.c \
+	xconst.c \
+	$(NULL)
+
+LIBRARY_NAME = certdb
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/certdb/polcyxtn.c b/nss/lib/certdb/polcyxtn.c
new file mode 100644
index 0000000..aae34e2
--- /dev/null
+++ b/nss/lib/certdb/polcyxtn.c
@@ -0,0 +1,806 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support for various policy related extensions
+ */
+
+#include "seccomon.h"
+#include "secport.h"
+#include "secder.h"
+#include "cert.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "nspr.h"
+
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
+
+const SEC_ASN1Template CERT_DisplayTextTypeTemplate[] = {
+    { SEC_ASN1_CHOICE, offsetof(SECItem, type), 0, sizeof(SECItem) },
+    { SEC_ASN1_IA5_STRING, 0, 0, siAsciiString },
+    { SEC_ASN1_VISIBLE_STRING, 0, 0, siVisibleString },
+    { SEC_ASN1_BMP_STRING, 0, 0, siBMPString },
+    { SEC_ASN1_UTF8_STRING, 0, 0, siUTF8String },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_NoticeReferenceTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTNoticeReference) },
+    { SEC_ASN1_INLINE, offsetof(CERTNoticeReference, organization),
+      CERT_DisplayTextTypeTemplate, 0 },
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
+      offsetof(CERTNoticeReference, noticeNumbers),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_UserNoticeTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTUserNotice) },
+    { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
+      offsetof(CERTUserNotice, noticeReference), CERT_NoticeReferenceTemplate,
+      0 },
+    { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
+      offsetof(CERTUserNotice, displayText), CERT_DisplayTextTypeTemplate, 0 },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_PolicyQualifierTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyQualifier) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyQualifier, qualifierID) },
+    { SEC_ASN1_ANY, offsetof(CERTPolicyQualifier, qualifierValue) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_PolicyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyInfo) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyInfo, policyID) },
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_OPTIONAL,
+      offsetof(CERTPolicyInfo, policyQualifiers),
+      CERT_PolicyQualifierTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_CertificatePoliciesTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicies, policyInfos),
+      CERT_PolicyInfoTemplate, sizeof(CERTCertificatePolicies) }
+};
+
+const SEC_ASN1Template CERT_PolicyMapTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPolicyMap) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, issuerDomainPolicy) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTPolicyMap, subjectDomainPolicy) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_PolicyMappingsTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, offsetof(CERTCertificatePolicyMappings, policyMaps),
+      CERT_PolicyMapTemplate, sizeof(CERTPolicyMap) }
+};
+
+const SEC_ASN1Template CERT_PolicyConstraintsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTCertificatePolicyConstraints) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(CERTCertificatePolicyConstraints, explicitPolicySkipCerts),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(CERTCertificatePolicyConstraints, inhibitMappingSkipCerts),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_InhibitAnyTemplate[] = {
+    { SEC_ASN1_INTEGER,
+      offsetof(CERTCertificateInhibitAny, inhibitAnySkipCerts), NULL,
+      sizeof(CERTCertificateInhibitAny) }
+};
+
+static void
+breakLines(char *string)
+{
+    char *tmpstr;
+    char *lastspace = NULL;
+    int curlen = 0;
+    int c;
+
+    tmpstr = string;
+
+    while ((c = *tmpstr) != '\0') {
+        switch (c) {
+            case ' ':
+                lastspace = tmpstr;
+                break;
+            case '\n':
+                lastspace = NULL;
+                curlen = 0;
+                break;
+        }
+
+        if ((curlen >= 55) && (lastspace != NULL)) {
+            *lastspace = '\n';
+            curlen = (tmpstr - lastspace);
+            lastspace = NULL;
+        }
+
+        curlen++;
+        tmpstr++;
+    }
+
+    return;
+}
+
+CERTCertificatePolicies *
+CERT_DecodeCertificatePoliciesExtension(const SECItem *extnValue)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    CERTCertificatePolicies *policies;
+    CERTPolicyInfo **policyInfos, *policyInfo;
+    CERTPolicyQualifier **policyQualifiers, *policyQualifier;
+    SECItem newExtnValue;
+
+    /* make a new arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+
+    /* allocate the certificate policies structure */
+    policies = (CERTCertificatePolicies *)PORT_ArenaZAlloc(
+        arena, sizeof(CERTCertificatePolicies));
+
+    if (policies == NULL) {
+        goto loser;
+    }
+
+    policies->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* decode the policy info */
+    rv = SEC_QuickDERDecodeItem(
+        arena, policies, CERT_CertificatePoliciesTemplate, &newExtnValue);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* initialize the oid tags */
+    policyInfos = policies->policyInfos;
+    while (*policyInfos != NULL) {
+        policyInfo = *policyInfos;
+        policyInfo->oid = SECOID_FindOIDTag(&policyInfo->policyID);
+        policyQualifiers = policyInfo->policyQualifiers;
+        while (policyQualifiers != NULL && *policyQualifiers != NULL) {
+            policyQualifier = *policyQualifiers;
+            policyQualifier->oid =
+                SECOID_FindOIDTag(&policyQualifier->qualifierID);
+            policyQualifiers++;
+        }
+        policyInfos++;
+    }
+
+    return (policies);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+void
+CERT_DestroyCertificatePoliciesExtension(CERTCertificatePolicies *policies)
+{
+    if (policies != NULL) {
+        PORT_FreeArena(policies->arena, PR_FALSE);
+    }
+    return;
+}
+
+CERTCertificatePolicyMappings *
+CERT_DecodePolicyMappingsExtension(SECItem *extnValue)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    CERTCertificatePolicyMappings *mappings;
+    SECItem newExtnValue;
+
+    /* make a new arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        goto loser;
+    }
+
+    /* allocate the policy mappings structure */
+    mappings = (CERTCertificatePolicyMappings *)PORT_ArenaZAlloc(
+        arena, sizeof(CERTCertificatePolicyMappings));
+    if (mappings == NULL) {
+        goto loser;
+    }
+    mappings->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* decode the policy mappings */
+    rv = SEC_QuickDERDecodeItem(arena, mappings, CERT_PolicyMappingsTemplate,
+                                &newExtnValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return (mappings);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+SECStatus
+CERT_DestroyPolicyMappingsExtension(CERTCertificatePolicyMappings *mappings)
+{
+    if (mappings != NULL) {
+        PORT_FreeArena(mappings->arena, PR_FALSE);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CERT_DecodePolicyConstraintsExtension(
+    CERTCertificatePolicyConstraints *decodedValue, const SECItem *encodedValue)
+{
+    CERTCertificatePolicyConstraints decodeContext;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+
+    /* initialize so we can tell when an optional component is omitted */
+    PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
+
+    /* make a new arena */
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    do {
+        /* decode the policy constraints */
+        rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
+                                    CERT_PolicyConstraintsTemplate,
+                                    encodedValue);
+
+        if (rv != SECSuccess) {
+            break;
+        }
+
+        if (decodeContext.explicitPolicySkipCerts.len == 0) {
+            *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data = -1;
+        } else {
+            *(PRInt32 *)decodedValue->explicitPolicySkipCerts.data =
+                DER_GetInteger(&decodeContext.explicitPolicySkipCerts);
+        }
+
+        if (decodeContext.inhibitMappingSkipCerts.len == 0) {
+            *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data = -1;
+        } else {
+            *(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data =
+                DER_GetInteger(&decodeContext.inhibitMappingSkipCerts);
+        }
+
+        if ((*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
+             PR_INT32_MIN) ||
+            (*(PRInt32 *)decodedValue->explicitPolicySkipCerts.data ==
+             PR_INT32_MAX) ||
+            (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
+             PR_INT32_MIN) ||
+            (*(PRInt32 *)decodedValue->inhibitMappingSkipCerts.data ==
+             PR_INT32_MAX)) {
+            rv = SECFailure;
+        }
+
+    } while (0);
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+SECStatus
+CERT_DecodeInhibitAnyExtension(CERTCertificateInhibitAny *decodedValue,
+                               SECItem *encodedValue)
+{
+    CERTCertificateInhibitAny decodeContext;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+
+    /* make a new arena */
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    do {
+
+        /* decode the policy mappings */
+        decodeContext.inhibitAnySkipCerts.type = siUnsignedInteger;
+        rv = SEC_QuickDERDecodeItem(arena, &decodeContext,
+                                    CERT_InhibitAnyTemplate, encodedValue);
+
+        if (rv != SECSuccess) {
+            break;
+        }
+
+        *(PRInt32 *)decodedValue->inhibitAnySkipCerts.data =
+            DER_GetInteger(&decodeContext.inhibitAnySkipCerts);
+
+    } while (0);
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return (rv);
+}
+
+CERTUserNotice *
+CERT_DecodeUserNotice(SECItem *noticeItem)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    CERTUserNotice *userNotice;
+    SECItem newNoticeItem;
+
+    /* make a new arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+
+    /* allocate the userNotice structure */
+    userNotice =
+        (CERTUserNotice *)PORT_ArenaZAlloc(arena, sizeof(CERTUserNotice));
+
+    if (userNotice == NULL) {
+        goto loser;
+    }
+
+    userNotice->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newNoticeItem, noticeItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* decode the user notice */
+    rv = SEC_QuickDERDecodeItem(arena, userNotice, CERT_UserNoticeTemplate,
+                                &newNoticeItem);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (userNotice->derNoticeReference.data != NULL) {
+
+        rv = SEC_QuickDERDecodeItem(arena, &userNotice->noticeReference,
+                                    CERT_NoticeReferenceTemplate,
+                                    &userNotice->derNoticeReference);
+        if (rv == SECFailure) {
+            goto loser;
+        }
+    }
+
+    return (userNotice);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+void
+CERT_DestroyUserNotice(CERTUserNotice *userNotice)
+{
+    if (userNotice != NULL) {
+        PORT_FreeArena(userNotice->arena, PR_FALSE);
+    }
+    return;
+}
+
+static CERTPolicyStringCallback policyStringCB = NULL;
+static void *policyStringCBArg = NULL;
+
+void
+CERT_SetCAPolicyStringCallback(CERTPolicyStringCallback cb, void *cbarg)
+{
+    policyStringCB = cb;
+    policyStringCBArg = cbarg;
+    return;
+}
+
+char *
+stringFromUserNotice(SECItem *noticeItem)
+{
+    SECItem *org;
+    unsigned int len, headerlen;
+    char *stringbuf;
+    CERTUserNotice *userNotice;
+    char *policystr;
+    char *retstr = NULL;
+    SECItem *displayText;
+    SECItem **noticeNumbers;
+    unsigned int strnum;
+
+    /* decode the user notice */
+    userNotice = CERT_DecodeUserNotice(noticeItem);
+    if (userNotice == NULL) {
+        return (NULL);
+    }
+
+    org = &userNotice->noticeReference.organization;
+    if ((org->len != 0) && (policyStringCB != NULL)) {
+        /* has a noticeReference */
+
+        /* extract the org string */
+        len = org->len;
+        stringbuf = (char *)PORT_Alloc(len + 1);
+        if (stringbuf != NULL) {
+            PORT_Memcpy(stringbuf, org->data, len);
+            stringbuf[len] = '\0';
+
+            noticeNumbers = userNotice->noticeReference.noticeNumbers;
+            while (*noticeNumbers != NULL) {
+                /* XXX - only one byte integers right now*/
+                strnum = (*noticeNumbers)->data[0];
+                policystr =
+                    (*policyStringCB)(stringbuf, strnum, policyStringCBArg);
+                if (policystr != NULL) {
+                    if (retstr != NULL) {
+                        retstr = PR_sprintf_append(retstr, "\n%s", policystr);
+                    } else {
+                        retstr = PR_sprintf_append(retstr, "%s", policystr);
+                    }
+
+                    PORT_Free(policystr);
+                }
+
+                noticeNumbers++;
+            }
+
+            PORT_Free(stringbuf);
+        }
+    }
+
+    if (retstr == NULL) {
+        if (userNotice->displayText.len != 0) {
+            displayText = &userNotice->displayText;
+
+            if (displayText->len > 2) {
+                if (displayText->data[0] == SEC_ASN1_VISIBLE_STRING) {
+                    headerlen = 2;
+                    if (displayText->data[1] & 0x80) {
+                        /* multibyte length */
+                        headerlen += (displayText->data[1] & 0x7f);
+                    }
+
+                    len = displayText->len - headerlen;
+                    retstr = (char *)PORT_Alloc(len + 1);
+                    if (retstr != NULL) {
+                        PORT_Memcpy(retstr, &displayText->data[headerlen], len);
+                        retstr[len] = '\0';
+                    }
+                }
+            }
+        }
+    }
+
+    CERT_DestroyUserNotice(userNotice);
+
+    return (retstr);
+}
+
+char *
+CERT_GetCertCommentString(CERTCertificate *cert)
+{
+    char *retstring = NULL;
+    SECStatus rv;
+    SECItem policyItem;
+    CERTCertificatePolicies *policies = NULL;
+    CERTPolicyInfo **policyInfos;
+    CERTPolicyQualifier **policyQualifiers, *qualifier;
+
+    policyItem.data = NULL;
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_CERTIFICATE_POLICIES,
+                                &policyItem);
+    if (rv != SECSuccess) {
+        goto nopolicy;
+    }
+
+    policies = CERT_DecodeCertificatePoliciesExtension(&policyItem);
+    if (policies == NULL) {
+        goto nopolicy;
+    }
+
+    policyInfos = policies->policyInfos;
+    /* search through policyInfos looking for the verisign policy */
+    while (*policyInfos != NULL) {
+        if ((*policyInfos)->oid == SEC_OID_VERISIGN_USER_NOTICES) {
+            policyQualifiers = (*policyInfos)->policyQualifiers;
+            /* search through the policy qualifiers looking for user notice */
+            while (policyQualifiers != NULL && *policyQualifiers != NULL) {
+                qualifier = *policyQualifiers;
+                if (qualifier->oid == SEC_OID_PKIX_USER_NOTICE_QUALIFIER) {
+                    retstring =
+                        stringFromUserNotice(&qualifier->qualifierValue);
+                    break;
+                }
+
+                policyQualifiers++;
+            }
+            break;
+        }
+        policyInfos++;
+    }
+
+nopolicy:
+    if (policyItem.data != NULL) {
+        PORT_Free(policyItem.data);
+    }
+
+    if (policies != NULL) {
+        CERT_DestroyCertificatePoliciesExtension(policies);
+    }
+
+    if (retstring == NULL) {
+        retstring =
+            CERT_FindNSStringExtension(cert, SEC_OID_NS_CERT_EXT_COMMENT);
+    }
+
+    if (retstring != NULL) {
+        breakLines(retstring);
+    }
+
+    return (retstring);
+}
+
+const SEC_ASN1Template CERT_OidSeqTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, offsetof(CERTOidSequence, oids),
+      SEC_ASN1_SUB(SEC_ObjectIDTemplate) }
+};
+
+CERTOidSequence *
+CERT_DecodeOidSequence(const SECItem *seqItem)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    CERTOidSequence *oidSeq;
+    SECItem newSeqItem;
+
+    /* make a new arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+
+    /* allocate the userNotice structure */
+    oidSeq =
+        (CERTOidSequence *)PORT_ArenaZAlloc(arena, sizeof(CERTOidSequence));
+
+    if (oidSeq == NULL) {
+        goto loser;
+    }
+
+    oidSeq->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newSeqItem, seqItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* decode the user notice */
+    rv =
+        SEC_QuickDERDecodeItem(arena, oidSeq, CERT_OidSeqTemplate, &newSeqItem);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return (oidSeq);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return (NULL);
+}
+
+void
+CERT_DestroyOidSequence(CERTOidSequence *oidSeq)
+{
+    if (oidSeq != NULL) {
+        PORT_FreeArena(oidSeq->arena, PR_FALSE);
+    }
+    return;
+}
+
+PRBool
+CERT_GovtApprovedBitSet(CERTCertificate *cert)
+{
+    SECStatus rv;
+    SECItem extItem;
+    CERTOidSequence *oidSeq = NULL;
+    PRBool ret;
+    SECItem **oids;
+    SECItem *oid;
+    SECOidTag oidTag;
+
+    extItem.data = NULL;
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    oidSeq = CERT_DecodeOidSequence(&extItem);
+    if (oidSeq == NULL) {
+        goto loser;
+    }
+
+    oids = oidSeq->oids;
+    while (oids != NULL && *oids != NULL) {
+        oid = *oids;
+
+        oidTag = SECOID_FindOIDTag(oid);
+
+        if (oidTag == SEC_OID_NS_KEY_USAGE_GOVT_APPROVED) {
+            goto success;
+        }
+
+        oids++;
+    }
+
+loser:
+    ret = PR_FALSE;
+    goto done;
+success:
+    ret = PR_TRUE;
+done:
+    if (oidSeq != NULL) {
+        CERT_DestroyOidSequence(oidSeq);
+    }
+    if (extItem.data != NULL) {
+        PORT_Free(extItem.data);
+    }
+    return (ret);
+}
+
+SECStatus
+CERT_EncodePolicyConstraintsExtension(PLArenaPool *arena,
+                                      CERTCertificatePolicyConstraints *constr,
+                                      SECItem *dest)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(constr != NULL && dest != NULL);
+    if (constr == NULL || dest == NULL) {
+        return SECFailure;
+    }
+
+    if (SEC_ASN1EncodeItem(arena, dest, constr,
+                           CERT_PolicyConstraintsTemplate) == NULL) {
+        rv = SECFailure;
+    }
+    return (rv);
+}
+
+SECStatus
+CERT_EncodePolicyMappingExtension(PLArenaPool *arena,
+                                  CERTCertificatePolicyMappings *mapping,
+                                  SECItem *dest)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(mapping != NULL && dest != NULL);
+    if (mapping == NULL || dest == NULL) {
+        return SECFailure;
+    }
+
+    if (SEC_ASN1EncodeItem(arena, dest, mapping, CERT_PolicyMappingsTemplate) ==
+        NULL) {
+        rv = SECFailure;
+    }
+    return (rv);
+}
+
+SECStatus
+CERT_EncodeCertPoliciesExtension(PLArenaPool *arena, CERTPolicyInfo **info,
+                                 SECItem *dest)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(info != NULL && dest != NULL);
+    if (info == NULL || dest == NULL) {
+        return SECFailure;
+    }
+
+    if (SEC_ASN1EncodeItem(arena, dest, info,
+                           CERT_CertificatePoliciesTemplate) == NULL) {
+        rv = SECFailure;
+    }
+    return (rv);
+}
+
+SECStatus
+CERT_EncodeUserNotice(PLArenaPool *arena, CERTUserNotice *notice, SECItem *dest)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(notice != NULL && dest != NULL);
+    if (notice == NULL || dest == NULL) {
+        return SECFailure;
+    }
+
+    if (SEC_ASN1EncodeItem(arena, dest, notice, CERT_UserNoticeTemplate) ==
+        NULL) {
+        rv = SECFailure;
+    }
+
+    return (rv);
+}
+
+SECStatus
+CERT_EncodeNoticeReference(PLArenaPool *arena, CERTNoticeReference *reference,
+                           SECItem *dest)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(reference != NULL && dest != NULL);
+    if (reference == NULL || dest == NULL) {
+        return SECFailure;
+    }
+
+    if (SEC_ASN1EncodeItem(arena, dest, reference,
+                           CERT_NoticeReferenceTemplate) == NULL) {
+        rv = SECFailure;
+    }
+
+    return (rv);
+}
+
+SECStatus
+CERT_EncodeInhibitAnyExtension(PLArenaPool *arena,
+                               CERTCertificateInhibitAny *certInhibitAny,
+                               SECItem *dest)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(certInhibitAny != NULL && dest != NULL);
+    if (certInhibitAny == NULL || dest == NULL) {
+        return SECFailure;
+    }
+
+    if (SEC_ASN1EncodeItem(arena, dest, certInhibitAny,
+                           CERT_InhibitAnyTemplate) == NULL) {
+        rv = SECFailure;
+    }
+    return (rv);
+}
diff --git a/nss/lib/certdb/secname.c b/nss/lib/certdb/secname.c
new file mode 100644
index 0000000..6d3e9d3
--- /dev/null
+++ b/nss/lib/certdb/secname.c
@@ -0,0 +1,711 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "secoid.h"
+#include "secder.h" /* XXX remove this when remove the DERTemplates */
+#include "secasn1.h"
+#include "secitem.h"
+#include <stdarg.h>
+#include "secerr.h"
+#include "certi.h"
+
+static const SEC_ASN1Template cert_AVATemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAVA) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTAVA, type) },
+    { SEC_ASN1_ANY, offsetof(CERTAVA, value) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_RDNTemplate[] = {
+    { SEC_ASN1_SET_OF, offsetof(CERTRDN, avas), cert_AVATemplate,
+      sizeof(CERTRDN) }
+};
+
+static int
+CountArray(void **array)
+{
+    int count = 0;
+    if (array) {
+        while (*array++) {
+            count++;
+        }
+    }
+    return count;
+}
+
+static void **
+AddToArray(PLArenaPool *arena, void **array, void *element)
+{
+    unsigned count;
+    void **ap;
+
+    /* Count up number of slots already in use in the array */
+    count = 0;
+    ap = array;
+    if (ap) {
+        while (*ap++) {
+            count++;
+        }
+    }
+
+    if (array) {
+        array =
+            (void **)PORT_ArenaGrow(arena, array, (count + 1) * sizeof(void *),
+                                    (count + 2) * sizeof(void *));
+    } else {
+        array = (void **)PORT_ArenaAlloc(arena, (count + 2) * sizeof(void *));
+    }
+    if (array) {
+        array[count] = element;
+        array[count + 1] = 0;
+    }
+    return array;
+}
+
+SECOidTag
+CERT_GetAVATag(CERTAVA *ava)
+{
+    SECOidData *oid;
+    if (!ava->type.data)
+        return (SECOidTag)-1;
+
+    oid = SECOID_FindOID(&ava->type);
+
+    if (oid) {
+        return (oid->offset);
+    }
+    return (SECOidTag)-1;
+}
+
+static SECStatus
+SetupAVAType(PLArenaPool *arena, SECOidTag type, SECItem *it, unsigned *maxLenp)
+{
+    unsigned char *oid;
+    unsigned oidLen;
+    unsigned char *cp;
+    int maxLen;
+    SECOidData *oidrec;
+
+    oidrec = SECOID_FindOIDByTag(type);
+    if (oidrec == NULL)
+        return SECFailure;
+
+    oid = oidrec->oid.data;
+    oidLen = oidrec->oid.len;
+
+    maxLen = cert_AVAOidTagToMaxLen(type);
+    if (maxLen < 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    it->data = cp = (unsigned char *)PORT_ArenaAlloc(arena, oidLen);
+    if (cp == NULL) {
+        return SECFailure;
+    }
+    it->len = oidLen;
+    PORT_Memcpy(cp, oid, oidLen);
+    *maxLenp = (unsigned)maxLen;
+    return SECSuccess;
+}
+
+static SECStatus
+SetupAVAValue(PLArenaPool *arena, int valueType, const SECItem *in,
+              SECItem *out, unsigned maxLen)
+{
+    PRUint8 *value, *cp, *ucs4Val;
+    unsigned valueLen, valueLenLen, total;
+    unsigned ucs4Len = 0, ucs4MaxLen;
+
+    value = in->data;
+    valueLen = in->len;
+    switch (valueType) {
+        case SEC_ASN1_PRINTABLE_STRING:
+        case SEC_ASN1_IA5_STRING:
+        case SEC_ASN1_T61_STRING:
+        case SEC_ASN1_UTF8_STRING: /* no conversion required */
+            break;
+        case SEC_ASN1_UNIVERSAL_STRING:
+            ucs4MaxLen = valueLen * 6;
+            ucs4Val = (PRUint8 *)PORT_ArenaZAlloc(arena, ucs4MaxLen);
+            if (!ucs4Val ||
+                !PORT_UCS4_UTF8Conversion(PR_TRUE, value, valueLen, ucs4Val,
+                                          ucs4MaxLen, &ucs4Len)) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            value = ucs4Val;
+            valueLen = ucs4Len;
+            maxLen *= 4;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+
+    if (valueLen > maxLen) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    valueLenLen = DER_LengthLength(valueLen);
+    total = 1 + valueLenLen + valueLen;
+    cp = (PRUint8 *)PORT_ArenaAlloc(arena, total);
+    if (!cp) {
+        return SECFailure;
+    }
+    out->data = cp;
+    out->len = total;
+    cp = (PRUint8 *)DER_StoreHeader(cp, valueType, valueLen);
+    PORT_Memcpy(cp, value, valueLen);
+    return SECSuccess;
+}
+
+CERTAVA *
+CERT_CreateAVAFromRaw(PLArenaPool *pool, const SECItem *OID,
+                      const SECItem *value)
+{
+    CERTAVA *ava;
+    int rv;
+
+    ava = PORT_ArenaZNew(pool, CERTAVA);
+    if (ava) {
+        rv = SECITEM_CopyItem(pool, &ava->type, OID);
+        if (rv)
+            return NULL;
+
+        rv = SECITEM_CopyItem(pool, &ava->value, value);
+        if (rv)
+            return NULL;
+    }
+    return ava;
+}
+
+CERTAVA *
+CERT_CreateAVAFromSECItem(PLArenaPool *arena, SECOidTag kind, int valueType,
+                          SECItem *value)
+{
+    CERTAVA *ava;
+    int rv;
+    unsigned maxLen;
+
+    ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
+    if (ava) {
+        rv = SetupAVAType(arena, kind, &ava->type, &maxLen);
+        if (rv) {
+            /* Illegal AVA type */
+            return NULL;
+        }
+        rv = SetupAVAValue(arena, valueType, value, &ava->value, maxLen);
+        if (rv) {
+            /* Illegal value type */
+            return NULL;
+        }
+    }
+    return ava;
+}
+
+CERTAVA *
+CERT_CreateAVA(PLArenaPool *arena, SECOidTag kind, int valueType, char *value)
+{
+    SECItem item = { siBuffer, NULL, 0 };
+
+    item.data = (PRUint8 *)value;
+    item.len = PORT_Strlen(value);
+
+    return CERT_CreateAVAFromSECItem(arena, kind, valueType, &item);
+}
+
+CERTAVA *
+CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
+{
+    CERTAVA *ava;
+    int rv;
+
+    ava = (CERTAVA *)PORT_ArenaZAlloc(arena, sizeof(CERTAVA));
+    if (ava) {
+        rv = SECITEM_CopyItem(arena, &ava->type, &from->type);
+        if (rv)
+            goto loser;
+        rv = SECITEM_CopyItem(arena, &ava->value, &from->value);
+        if (rv)
+            goto loser;
+    }
+    return ava;
+
+loser:
+    return 0;
+}
+
+CERTRDN *
+CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
+{
+    CERTAVA *ava;
+    CERTRDN *rdn;
+    va_list ap;
+    unsigned count;
+    CERTAVA **avap;
+
+    rdn = (CERTRDN *)PORT_ArenaAlloc(arena, sizeof(CERTRDN));
+    if (rdn) {
+        /* Count number of avas going into the rdn */
+        count = 0;
+        if (ava0) {
+            count++;
+            va_start(ap, ava0);
+            while ((ava = va_arg(ap, CERTAVA *)) != 0) {
+                count++;
+            }
+            va_end(ap);
+        }
+
+        /* Now fill in the pointers */
+        rdn->avas = avap =
+            (CERTAVA **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTAVA *));
+        if (!avap) {
+            return 0;
+        }
+        if (ava0) {
+            *avap++ = ava0;
+            va_start(ap, ava0);
+            while ((ava = va_arg(ap, CERTAVA *)) != 0) {
+                *avap++ = ava;
+            }
+            va_end(ap);
+        }
+        *avap++ = 0;
+    }
+    return rdn;
+}
+
+SECStatus
+CERT_AddAVA(PLArenaPool *arena, CERTRDN *rdn, CERTAVA *ava)
+{
+    rdn->avas = (CERTAVA **)AddToArray(arena, (void **)rdn->avas, ava);
+    return rdn->avas ? SECSuccess : SECFailure;
+}
+
+SECStatus
+CERT_CopyRDN(PLArenaPool *arena, CERTRDN *to, CERTRDN *from)
+{
+    CERTAVA **avas, *fava, *tava;
+    SECStatus rv = SECSuccess;
+
+    /* Copy each ava from from */
+    avas = from->avas;
+    if (avas) {
+        if (avas[0] == NULL) {
+            rv = CERT_AddAVA(arena, to, NULL);
+            return rv;
+        }
+        while ((fava = *avas++) != 0) {
+            tava = CERT_CopyAVA(arena, fava);
+            if (!tava) {
+                rv = SECFailure;
+                break;
+            }
+            rv = CERT_AddAVA(arena, to, tava);
+            if (rv != SECSuccess)
+                break;
+        }
+    }
+    return rv;
+}
+
+/************************************************************************/
+
+const SEC_ASN1Template CERT_NameTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, offsetof(CERTName, rdns), CERT_RDNTemplate,
+      sizeof(CERTName) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_NameTemplate)
+
+CERTName *
+CERT_CreateName(CERTRDN *rdn0, ...)
+{
+    CERTRDN *rdn;
+    CERTName *name;
+    va_list ap;
+    unsigned count;
+    CERTRDN **rdnp;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return (0);
+    }
+
+    name = (CERTName *)PORT_ArenaAlloc(arena, sizeof(CERTName));
+    if (name) {
+        name->arena = arena;
+
+        /* Count number of RDNs going into the Name */
+        if (!rdn0) {
+            count = 0;
+        } else {
+            count = 1;
+            va_start(ap, rdn0);
+            while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
+                count++;
+            }
+            va_end(ap);
+        }
+
+        /* Allocate space (including space for terminal null ptr) */
+        name->rdns = rdnp =
+            (CERTRDN **)PORT_ArenaAlloc(arena, (count + 1) * sizeof(CERTRDN *));
+        if (!name->rdns) {
+            goto loser;
+        }
+
+        /* Now fill in the pointers */
+        if (count > 0) {
+            *rdnp++ = rdn0;
+            va_start(ap, rdn0);
+            while ((rdn = va_arg(ap, CERTRDN *)) != 0) {
+                *rdnp++ = rdn;
+            }
+            va_end(ap);
+        }
+
+        /* null terminate the list */
+        *rdnp++ = 0;
+    }
+    return name;
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (0);
+}
+
+void
+CERT_DestroyName(CERTName *name)
+{
+    if (name) {
+        PLArenaPool *arena = name->arena;
+        name->rdns = NULL;
+        name->arena = NULL;
+        if (arena)
+            PORT_FreeArena(arena, PR_FALSE);
+    }
+}
+
+SECStatus
+CERT_AddRDN(CERTName *name, CERTRDN *rdn)
+{
+    name->rdns = (CERTRDN **)AddToArray(name->arena, (void **)name->rdns, rdn);
+    return name->rdns ? SECSuccess : SECFailure;
+}
+
+SECStatus
+CERT_CopyName(PLArenaPool *arena, CERTName *to, const CERTName *from)
+{
+    CERTRDN **rdns, *frdn, *trdn;
+    SECStatus rv = SECSuccess;
+
+    if (!to || !from) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    CERT_DestroyName(to);
+    to->arena = arena;
+
+    /* Copy each rdn from from */
+    rdns = from->rdns;
+    if (rdns) {
+        if (rdns[0] == NULL) {
+            rv = CERT_AddRDN(to, NULL);
+            return rv;
+        }
+        while ((frdn = *rdns++) != NULL) {
+            trdn = CERT_CreateRDN(arena, NULL);
+            if (!trdn) {
+                rv = SECFailure;
+                break;
+            }
+            rv = CERT_CopyRDN(arena, trdn, frdn);
+            if (rv != SECSuccess)
+                break;
+            rv = CERT_AddRDN(to, trdn);
+            if (rv != SECSuccess)
+                break;
+        }
+    }
+    return rv;
+}
+
+/************************************************************************/
+
+static void
+canonicalize(SECItem *foo)
+{
+    int ch, lastch, len, src, dest;
+
+    /* strip trailing whitespace. */
+    len = foo->len;
+    while (len > 0 && ((ch = foo->data[len - 1]) == ' ' || ch == '\t' ||
+                       ch == '\r' || ch == '\n')) {
+        len--;
+    }
+
+    src = 0;
+    /* strip leading whitespace. */
+    while (src < len && ((ch = foo->data[src]) == ' ' || ch == '\t' ||
+                         ch == '\r' || ch == '\n')) {
+        src++;
+    }
+    dest = 0;
+    lastch = ' ';
+    while (src < len) {
+        ch = foo->data[src++];
+        if (ch == ' ' || ch == '\t' || ch == '\r' || ch == '\n') {
+            ch = ' ';
+            if (ch == lastch)
+                continue;
+        } else if (ch >= 'A' && ch <= 'Z') {
+            ch |= 0x20; /* downshift */
+        }
+        foo->data[dest++] = lastch = ch;
+    }
+    foo->len = dest;
+}
+
+/* SECItems a and b contain DER-encoded printable strings. */
+SECComparison
+CERT_CompareDERPrintableStrings(const SECItem *a, const SECItem *b)
+{
+    SECComparison rv = SECLessThan;
+    SECItem *aVal = CERT_DecodeAVAValue(a);
+    SECItem *bVal = CERT_DecodeAVAValue(b);
+
+    if (aVal && aVal->len && aVal->data && bVal && bVal->len && bVal->data) {
+        canonicalize(aVal);
+        canonicalize(bVal);
+        rv = SECITEM_CompareItem(aVal, bVal);
+    }
+    SECITEM_FreeItem(aVal, PR_TRUE);
+    SECITEM_FreeItem(bVal, PR_TRUE);
+    return rv;
+}
+
+SECComparison
+CERT_CompareAVA(const CERTAVA *a, const CERTAVA *b)
+{
+    SECComparison rv;
+
+    rv = SECITEM_CompareItem(&a->type, &b->type);
+    if (SECEqual != rv)
+        return rv; /* Attribute types don't match. */
+    /* Let's be optimistic.  Maybe the values will just compare equal. */
+    rv = SECITEM_CompareItem(&a->value, &b->value);
+    if (SECEqual == rv)
+        return rv; /* values compared exactly. */
+    if (a->value.len && a->value.data && b->value.len && b->value.data) {
+        /* Here, the values did not match.
+        ** If the values had different encodings, convert them to the same
+        ** encoding and compare that way.
+        */
+        if (a->value.data[0] != b->value.data[0]) {
+            /* encodings differ.  Convert both to UTF-8 and compare. */
+            SECItem *aVal = CERT_DecodeAVAValue(&a->value);
+            SECItem *bVal = CERT_DecodeAVAValue(&b->value);
+            if (aVal && aVal->len && aVal->data && bVal && bVal->len &&
+                bVal->data) {
+                rv = SECITEM_CompareItem(aVal, bVal);
+            }
+            SECITEM_FreeItem(aVal, PR_TRUE);
+            SECITEM_FreeItem(bVal, PR_TRUE);
+        } else if (a->value.data[0] == 0x13) { /* both are printable strings. */
+            /* printable strings */
+            rv = CERT_CompareDERPrintableStrings(&a->value, &b->value);
+        }
+    }
+    return rv;
+}
+
+SECComparison
+CERT_CompareRDN(const CERTRDN *a, const CERTRDN *b)
+{
+    CERTAVA **aavas, *aava;
+    CERTAVA **bavas, *bava;
+    int ac, bc;
+    SECComparison rv = SECEqual;
+
+    aavas = a->avas;
+    bavas = b->avas;
+
+    /*
+    ** Make sure array of ava's are the same length. If not, then we are
+    ** not equal
+    */
+    ac = CountArray((void **)aavas);
+    bc = CountArray((void **)bavas);
+    if (ac < bc)
+        return SECLessThan;
+    if (ac > bc)
+        return SECGreaterThan;
+
+    while (NULL != (aava = *aavas++)) {
+        for (bavas = b->avas; NULL != (bava = *bavas++);) {
+            rv = SECITEM_CompareItem(&aava->type, &bava->type);
+            if (SECEqual == rv) {
+                rv = CERT_CompareAVA(aava, bava);
+                if (SECEqual != rv)
+                    return rv;
+                break;
+            }
+        }
+        if (!bava) /* didn't find a match */
+            return SECGreaterThan;
+    }
+    return rv;
+}
+
+SECComparison
+CERT_CompareName(const CERTName *a, const CERTName *b)
+{
+    CERTRDN **ardns, *ardn;
+    CERTRDN **brdns, *brdn;
+    int ac, bc;
+    SECComparison rv = SECEqual;
+
+    ardns = a->rdns;
+    brdns = b->rdns;
+
+    /*
+    ** Make sure array of rdn's are the same length. If not, then we are
+    ** not equal
+    */
+    ac = CountArray((void **)ardns);
+    bc = CountArray((void **)brdns);
+    if (ac < bc)
+        return SECLessThan;
+    if (ac > bc)
+        return SECGreaterThan;
+
+    for (;;) {
+        if (!ardns++ || !brdns++) {
+            break;
+        }
+        ardn = *ardns;
+        brdn = *brdns;
+        if (!ardn) {
+            break;
+        }
+        rv = CERT_CompareRDN(ardn, brdn);
+        if (rv)
+            return rv;
+    }
+    return rv;
+}
+
+/* Moved from certhtml.c */
+SECItem *
+CERT_DecodeAVAValue(const SECItem *derAVAValue)
+{
+    SECItem *retItem;
+    const SEC_ASN1Template *theTemplate = NULL;
+    enum { conv_none,
+           conv_ucs4,
+           conv_ucs2,
+           conv_iso88591 } convert = conv_none;
+    SECItem avaValue = { siBuffer, 0 };
+    PORTCheapArenaPool tmpArena;
+
+    if (!derAVAValue || !derAVAValue->len || !derAVAValue->data) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    switch (derAVAValue->data[0]) {
+        case SEC_ASN1_UNIVERSAL_STRING:
+            convert = conv_ucs4;
+            theTemplate = SEC_ASN1_GET(SEC_UniversalStringTemplate);
+            break;
+        case SEC_ASN1_IA5_STRING:
+            theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
+            break;
+        case SEC_ASN1_PRINTABLE_STRING:
+            theTemplate = SEC_ASN1_GET(SEC_PrintableStringTemplate);
+            break;
+        case SEC_ASN1_T61_STRING:
+            /*
+             * Per common practice, we're not decoding actual T.61, but instead
+             * treating T61-labeled strings as containing ISO-8859-1.
+             */
+            convert = conv_iso88591;
+            theTemplate = SEC_ASN1_GET(SEC_T61StringTemplate);
+            break;
+        case SEC_ASN1_BMP_STRING:
+            convert = conv_ucs2;
+            theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate);
+            break;
+        case SEC_ASN1_UTF8_STRING:
+            /* No conversion needed ! */
+            theTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_AVA);
+            return NULL;
+    }
+
+    PORT_Memset(&avaValue, 0, sizeof(SECItem));
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+    if (SEC_QuickDERDecodeItem(&tmpArena.arena, &avaValue, theTemplate,
+                               derAVAValue) != SECSuccess) {
+        PORT_DestroyCheapArena(&tmpArena);
+        return NULL;
+    }
+
+    if (convert != conv_none) {
+        unsigned int utf8ValLen = avaValue.len * 3;
+        unsigned char *utf8Val =
+            (unsigned char *)PORT_ArenaZAlloc(&tmpArena.arena, utf8ValLen);
+
+        switch (convert) {
+            case conv_ucs4:
+                if (avaValue.len % 4 != 0 ||
+                    !PORT_UCS4_UTF8Conversion(PR_FALSE, avaValue.data,
+                                              avaValue.len, utf8Val, utf8ValLen,
+                                              &utf8ValLen)) {
+                    PORT_DestroyCheapArena(&tmpArena);
+                    PORT_SetError(SEC_ERROR_INVALID_AVA);
+                    return NULL;
+                }
+                break;
+            case conv_ucs2:
+                if (avaValue.len % 2 != 0 ||
+                    !PORT_UCS2_UTF8Conversion(PR_FALSE, avaValue.data,
+                                              avaValue.len, utf8Val, utf8ValLen,
+                                              &utf8ValLen)) {
+                    PORT_DestroyCheapArena(&tmpArena);
+                    PORT_SetError(SEC_ERROR_INVALID_AVA);
+                    return NULL;
+                }
+                break;
+            case conv_iso88591:
+                if (!PORT_ISO88591_UTF8Conversion(avaValue.data, avaValue.len,
+                                                  utf8Val, utf8ValLen,
+                                                  &utf8ValLen)) {
+                    PORT_DestroyCheapArena(&tmpArena);
+                    PORT_SetError(SEC_ERROR_INVALID_AVA);
+                    return NULL;
+                }
+                break;
+            case conv_none:
+                PORT_Assert(0); /* not reached */
+                break;
+        }
+
+        avaValue.data = utf8Val;
+        avaValue.len = utf8ValLen;
+    }
+
+    retItem = SECITEM_DupItem(&avaValue);
+    PORT_DestroyCheapArena(&tmpArena);
+    return retItem;
+}
diff --git a/nss/lib/certdb/stanpcertdb.c b/nss/lib/certdb/stanpcertdb.c
new file mode 100644
index 0000000..3d7275d
--- /dev/null
+++ b/nss/lib/certdb/stanpcertdb.c
@@ -0,0 +1,1035 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prtime.h"
+
+#include "cert.h"
+#include "certi.h"
+#include "certdb.h"
+#include "secitem.h"
+#include "secder.h"
+
+/* Call to PK11_FreeSlot below */
+
+#include "secasn1.h"
+#include "secerr.h"
+#include "nssilock.h"
+#include "prmon.h"
+#include "base64.h"
+#include "sechash.h"
+#include "plhash.h"
+#include "pk11func.h" /* sigh */
+
+#include "nsspki.h"
+#include "pki.h"
+#include "pkim.h"
+#include "pki3hack.h"
+#include "ckhelper.h"
+#include "base.h"
+#include "pkistore.h"
+#include "dev3hack.h"
+#include "dev.h"
+
+PRBool
+SEC_CertNicknameConflict(const char *nickname, const SECItem *derSubject,
+                         CERTCertDBHandle *handle)
+{
+    CERTCertificate *cert;
+    PRBool conflict = PR_FALSE;
+
+    cert = CERT_FindCertByNickname(handle, nickname);
+
+    if (!cert) {
+        return conflict;
+    }
+
+    conflict = !SECITEM_ItemsAreEqual(derSubject, &cert->derSubject);
+    CERT_DestroyCertificate(cert);
+    return conflict;
+}
+
+SECStatus
+SEC_DeletePermCertificate(CERTCertificate *cert)
+{
+    PRStatus nssrv;
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+    NSSCertificate *c = STAN_GetNSSCertificate(cert);
+    CERTCertTrust *certTrust;
+
+    if (c == NULL) {
+        /* error code is set */
+        return SECFailure;
+    }
+
+    certTrust = nssTrust_GetCERTCertTrustForCert(c, cert);
+    if (certTrust) {
+        NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c);
+        if (nssTrust) {
+            nssrv = STAN_DeleteCertTrustMatchingSlot(c);
+            if (nssrv != PR_SUCCESS) {
+                CERT_MapStanError();
+            }
+            /* This call always returns PR_SUCCESS! */
+            (void)nssTrust_Destroy(nssTrust);
+        }
+    }
+
+    /* get rid of the token instances */
+    nssrv = NSSCertificate_DeleteStoredObject(c, NULL);
+
+    /* get rid of the cache entry */
+    nssTrustDomain_LockCertCache(td);
+    nssTrustDomain_RemoveCertFromCacheLOCKED(td, c);
+    nssTrustDomain_UnlockCertCache(td);
+
+    return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
+}
+
+SECStatus
+CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust)
+{
+    SECStatus rv;
+    CERT_LockCertTrust(cert);
+    if (cert->trust == NULL) {
+        rv = SECFailure;
+    } else {
+        *trust = *cert->trust;
+        rv = SECSuccess;
+    }
+    CERT_UnlockCertTrust(cert);
+    return (rv);
+}
+
+extern const NSSError NSS_ERROR_NO_ERROR;
+extern const NSSError NSS_ERROR_INTERNAL_ERROR;
+extern const NSSError NSS_ERROR_NO_MEMORY;
+extern const NSSError NSS_ERROR_INVALID_POINTER;
+extern const NSSError NSS_ERROR_INVALID_ARENA;
+extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
+extern const NSSError NSS_ERROR_DUPLICATE_POINTER;
+extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
+extern const NSSError NSS_ERROR_TRACKER_NOT_EMPTY;
+extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
+extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
+extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
+extern const NSSError NSS_ERROR_UNSUPPORTED_TYPE;
+extern const NSSError NSS_ERROR_BUFFER_TOO_SHORT;
+extern const NSSError NSS_ERROR_INVALID_ATOB_CONTEXT;
+extern const NSSError NSS_ERROR_INVALID_BASE64;
+extern const NSSError NSS_ERROR_INVALID_BTOA_CONTEXT;
+extern const NSSError NSS_ERROR_INVALID_ITEM;
+extern const NSSError NSS_ERROR_INVALID_STRING;
+extern const NSSError NSS_ERROR_INVALID_ASN1ENCODER;
+extern const NSSError NSS_ERROR_INVALID_ASN1DECODER;
+extern const NSSError NSS_ERROR_INVALID_BER;
+extern const NSSError NSS_ERROR_INVALID_ATAV;
+extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
+extern const NSSError NSS_ERROR_INVALID_UTF8;
+extern const NSSError NSS_ERROR_INVALID_NSSOID;
+extern const NSSError NSS_ERROR_UNKNOWN_ATTRIBUTE;
+extern const NSSError NSS_ERROR_NOT_FOUND;
+extern const NSSError NSS_ERROR_INVALID_PASSWORD;
+extern const NSSError NSS_ERROR_USER_CANCELED;
+extern const NSSError NSS_ERROR_MAXIMUM_FOUND;
+extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND;
+extern const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE;
+extern const NSSError NSS_ERROR_HASH_COLLISION;
+extern const NSSError NSS_ERROR_DEVICE_ERROR;
+extern const NSSError NSS_ERROR_INVALID_CERTIFICATE;
+extern const NSSError NSS_ERROR_BUSY;
+extern const NSSError NSS_ERROR_ALREADY_INITIALIZED;
+extern const NSSError NSS_ERROR_PKCS11;
+
+/* Look at the stan error stack and map it to NSS 3 errors */
+#define STAN_MAP_ERROR(x, y) \
+    else if (error == (x)) { secError = y; }
+
+/*
+ * map Stan errors into NSS errors
+ * This function examines the stan error stack and automatically sets
+ * PORT_SetError(); to the appropriate SEC_ERROR value.
+ */
+void
+CERT_MapStanError()
+{
+    PRInt32 *errorStack;
+    NSSError error, prevError;
+    int secError;
+    int i;
+
+    errorStack = NSS_GetErrorStack();
+    if (errorStack == 0) {
+        PORT_SetError(0);
+        return;
+    }
+    error = prevError = CKR_GENERAL_ERROR;
+    /* get the 'top 2' error codes from the stack */
+    for (i = 0; errorStack[i]; i++) {
+        prevError = error;
+        error = errorStack[i];
+    }
+    if (error == NSS_ERROR_PKCS11) {
+        /* map it */
+        secError = PK11_MapError(prevError);
+    }
+    STAN_MAP_ERROR(NSS_ERROR_NO_ERROR, 0)
+    STAN_MAP_ERROR(NSS_ERROR_NO_MEMORY, SEC_ERROR_NO_MEMORY)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_BASE64, SEC_ERROR_BAD_DATA)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_BER, SEC_ERROR_BAD_DER)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ATAV, SEC_ERROR_INVALID_AVA)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_PASSWORD, SEC_ERROR_BAD_PASSWORD)
+    STAN_MAP_ERROR(NSS_ERROR_BUSY, SEC_ERROR_BUSY)
+    STAN_MAP_ERROR(NSS_ERROR_DEVICE_ERROR, SEC_ERROR_IO)
+    STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND,
+                   SEC_ERROR_UNKNOWN_ISSUER)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_CERTIFICATE, SEC_ERROR_CERT_NOT_VALID)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_UTF8, SEC_ERROR_BAD_DATA)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_NSSOID, SEC_ERROR_BAD_DATA)
+
+    /* these are library failure for lack of a better error code */
+    STAN_MAP_ERROR(NSS_ERROR_NOT_FOUND, SEC_ERROR_LIBRARY_FAILURE)
+    STAN_MAP_ERROR(NSS_ERROR_CERTIFICATE_IN_CACHE, SEC_ERROR_LIBRARY_FAILURE)
+    STAN_MAP_ERROR(NSS_ERROR_MAXIMUM_FOUND, SEC_ERROR_LIBRARY_FAILURE)
+    STAN_MAP_ERROR(NSS_ERROR_USER_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
+    STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
+    STAN_MAP_ERROR(NSS_ERROR_ALREADY_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
+    STAN_MAP_ERROR(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD,
+                   SEC_ERROR_LIBRARY_FAILURE)
+    STAN_MAP_ERROR(NSS_ERROR_HASH_COLLISION, SEC_ERROR_LIBRARY_FAILURE)
+
+    STAN_MAP_ERROR(NSS_ERROR_INTERNAL_ERROR, SEC_ERROR_LIBRARY_FAILURE)
+
+    /* these are all invalid arguments */
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ARGUMENT, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_POINTER, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ARENA_MARK, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_DUPLICATE_POINTER, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_POINTER_NOT_REGISTERED, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_TRACKER_NOT_EMPTY, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_VALUE_TOO_LARGE, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_UNSUPPORTED_TYPE, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_BUFFER_TOO_SHORT, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ATOB_CONTEXT, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_BTOA_CONTEXT, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ITEM, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_STRING, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1ENCODER, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_INVALID_ASN1DECODER, SEC_ERROR_INVALID_ARGS)
+    STAN_MAP_ERROR(NSS_ERROR_UNKNOWN_ATTRIBUTE, SEC_ERROR_INVALID_ARGS)
+    else { secError = SEC_ERROR_LIBRARY_FAILURE; }
+    PORT_SetError(secError);
+}
+
+SECStatus
+CERT_ChangeCertTrust(CERTCertDBHandle *handle, CERTCertificate *cert,
+                     CERTCertTrust *trust)
+{
+    SECStatus rv = SECSuccess;
+    PRStatus ret;
+
+    ret = STAN_ChangeCertTrust(cert, trust);
+    if (ret != PR_SUCCESS) {
+        rv = SECFailure;
+        CERT_MapStanError();
+    }
+    return rv;
+}
+
+extern const NSSError NSS_ERROR_INVALID_CERTIFICATE;
+
+SECStatus
+__CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
+                         CERTCertTrust *trust)
+{
+    NSSUTF8 *stanNick;
+    PK11SlotInfo *slot;
+    NSSToken *internal;
+    NSSCryptoContext *context;
+    nssCryptokiObject *permInstance;
+    NSSCertificate *c = STAN_GetNSSCertificate(cert);
+    nssCertificateStoreTrace lockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
+    nssCertificateStoreTrace unlockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
+    SECStatus rv;
+    PRStatus ret;
+
+    if (c == NULL) {
+        CERT_MapStanError();
+        return SECFailure;
+    }
+
+    context = c->object.cryptoContext;
+    if (!context) {
+        PORT_SetError(SEC_ERROR_ADDING_CERT);
+        return SECFailure; /* wasn't a temp cert */
+    }
+    stanNick = nssCertificate_GetNickname(c, NULL);
+    if (stanNick && nickname && strcmp(nickname, stanNick) != 0) {
+        /* different: take the new nickname */
+        cert->nickname = NULL;
+        nss_ZFreeIf(stanNick);
+        stanNick = NULL;
+    }
+    if (!stanNick && nickname) {
+        /* Either there was no nickname yet, or we have a new nickname */
+        stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, NULL);
+    } /* else: old stanNick is identical to new nickname */
+    /* Delete the temp instance */
+    nssCertificateStore_Lock(context->certStore, &lockTrace);
+    nssCertificateStore_RemoveCertLOCKED(context->certStore, c);
+    nssCertificateStore_Unlock(context->certStore, &lockTrace, &unlockTrace);
+    c->object.cryptoContext = NULL;
+    /* Import the perm instance onto the internal token */
+    slot = PK11_GetInternalKeySlot();
+    internal = PK11Slot_GetNSSToken(slot);
+    permInstance = nssToken_ImportCertificate(
+        internal, NULL, NSSCertificateType_PKIX, &c->id, stanNick, &c->encoding,
+        &c->issuer, &c->subject, &c->serial, cert->emailAddr, PR_TRUE);
+    nss_ZFreeIf(stanNick);
+    stanNick = NULL;
+    PK11_FreeSlot(slot);
+    if (!permInstance) {
+        if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) {
+            PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
+        }
+        return SECFailure;
+    }
+    nssPKIObject_AddInstance(&c->object, permInstance);
+    nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
+    /* reset the CERTCertificate fields */
+    cert->nssCertificate = NULL;
+    cert = STAN_GetCERTCertificateOrRelease(c); /* should return same pointer */
+    if (!cert) {
+        CERT_MapStanError();
+        return SECFailure;
+    }
+    cert->istemp = PR_FALSE;
+    cert->isperm = PR_TRUE;
+    if (!trust) {
+        return SECSuccess;
+    }
+    ret = STAN_ChangeCertTrust(cert, trust);
+    rv = SECSuccess;
+    if (ret != PR_SUCCESS) {
+        rv = SECFailure;
+        CERT_MapStanError();
+    }
+    return rv;
+}
+
+SECStatus
+CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
+                       CERTCertTrust *trust)
+{
+    return __CERT_AddTempCertToPerm(cert, nickname, trust);
+}
+
+CERTCertificate *
+CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
+                        char *nickname, PRBool isperm, PRBool copyDER)
+{
+    NSSCertificate *c;
+    CERTCertificate *cc;
+    NSSCertificate *tempCert = NULL;
+    nssPKIObject *pkio;
+    NSSCryptoContext *gCC = STAN_GetDefaultCryptoContext();
+    NSSTrustDomain *gTD = STAN_GetDefaultTrustDomain();
+    if (!isperm) {
+        NSSDER encoding;
+        NSSITEM_FROM_SECITEM(&encoding, derCert);
+        /* First, see if it is already a temp cert */
+        c = NSSCryptoContext_FindCertificateByEncodedCertificate(gCC,
+                                                                 &encoding);
+        if (!c) {
+            /* Then, see if it is already a perm cert */
+            c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
+                                                                   &encoding);
+        }
+        if (c) {
+            /* actually, that search ends up going by issuer/serial,
+             * so it is still possible to return a cert with the same
+             * issuer/serial but a different encoding, and we're
+             * going to reject that
+             */
+            if (!nssItem_Equal(&c->encoding, &encoding, NULL)) {
+                nssCertificate_Destroy(c);
+                PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
+                cc = NULL;
+            } else {
+                cc = STAN_GetCERTCertificateOrRelease(c);
+                if (cc == NULL) {
+                    CERT_MapStanError();
+                }
+            }
+            return cc;
+        }
+    }
+    pkio = nssPKIObject_Create(NULL, NULL, gTD, gCC, nssPKIMonitor);
+    if (!pkio) {
+        CERT_MapStanError();
+        return NULL;
+    }
+    c = nss_ZNEW(pkio->arena, NSSCertificate);
+    if (!c) {
+        CERT_MapStanError();
+        nssPKIObject_Destroy(pkio);
+        return NULL;
+    }
+    c->object = *pkio;
+    if (copyDER) {
+        nssItem_Create(c->object.arena, &c->encoding, derCert->len,
+                       derCert->data);
+    } else {
+        NSSITEM_FROM_SECITEM(&c->encoding, derCert);
+    }
+    /* Forces a decoding of the cert in order to obtain the parts used
+     * below
+     */
+    /* 'c' is not adopted here, if we fail loser frees what has been
+     * allocated so far for 'c' */
+    cc = STAN_GetCERTCertificate(c);
+    if (!cc) {
+        CERT_MapStanError();
+        goto loser;
+    }
+    nssItem_Create(c->object.arena, &c->issuer, cc->derIssuer.len,
+                   cc->derIssuer.data);
+    nssItem_Create(c->object.arena, &c->subject, cc->derSubject.len,
+                   cc->derSubject.data);
+    if (PR_TRUE) {
+        /* CERTCertificate stores serial numbers decoded.  I need the DER
+        * here.  sigh.
+        */
+        SECItem derSerial = { 0 };
+        CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
+        if (!derSerial.data)
+            goto loser;
+        nssItem_Create(c->object.arena, &c->serial, derSerial.len,
+                       derSerial.data);
+        PORT_Free(derSerial.data);
+    }
+    if (nickname) {
+        c->object.tempName =
+            nssUTF8_Create(c->object.arena, nssStringType_UTF8String,
+                           (NSSUTF8 *)nickname, PORT_Strlen(nickname));
+    }
+    if (cc->emailAddr && cc->emailAddr[0]) {
+        c->email = nssUTF8_Create(
+            c->object.arena, nssStringType_PrintableString,
+            (NSSUTF8 *)cc->emailAddr, PORT_Strlen(cc->emailAddr));
+    }
+
+    tempCert = NSSCryptoContext_FindOrImportCertificate(gCC, c);
+    if (!tempCert) {
+        CERT_MapStanError();
+        goto loser;
+    }
+    /* destroy our copy */
+    NSSCertificate_Destroy(c);
+    /* and use the stored entry */
+    c = tempCert;
+    cc = STAN_GetCERTCertificateOrRelease(c);
+    if (!cc) {
+        /* STAN_GetCERTCertificateOrRelease destroys c on failure. */
+        CERT_MapStanError();
+        return NULL;
+    }
+
+    cc->istemp = PR_TRUE;
+    cc->isperm = PR_FALSE;
+    return cc;
+loser:
+    /* Perhaps this should be nssCertificate_Destroy(c) */
+    nssPKIObject_Destroy(&c->object);
+    return NULL;
+}
+
+/* This symbol is exported for backward compatibility. */
+CERTCertificate *
+__CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
+                          char *nickname, PRBool isperm, PRBool copyDER)
+{
+    return CERT_NewTempCertificate(handle, derCert, nickname, isperm, copyDER);
+}
+
+/* maybe all the wincx's should be some const for internal token login? */
+CERTCertificate *
+CERT_FindCertByIssuerAndSN(CERTCertDBHandle *handle,
+                           CERTIssuerAndSN *issuerAndSN)
+{
+    PK11SlotInfo *slot;
+    CERTCertificate *cert;
+
+    cert = PK11_FindCertByIssuerAndSN(&slot, issuerAndSN, NULL);
+    if (cert && slot) {
+        PK11_FreeSlot(slot);
+    }
+
+    return cert;
+}
+
+static NSSCertificate *
+get_best_temp_or_perm(NSSCertificate *ct, NSSCertificate *cp)
+{
+    NSSUsage usage;
+    NSSCertificate *arr[3];
+    if (!ct) {
+        return nssCertificate_AddRef(cp);
+    } else if (!cp) {
+        return nssCertificate_AddRef(ct);
+    }
+    arr[0] = ct;
+    arr[1] = cp;
+    arr[2] = NULL;
+    usage.anyUsage = PR_TRUE;
+    return nssCertificateArray_FindBestCertificate(arr, NULL, &usage, NULL);
+}
+
+CERTCertificate *
+CERT_FindCertByName(CERTCertDBHandle *handle, SECItem *name)
+{
+    NSSCertificate *cp, *ct, *c;
+    NSSDER subject;
+    NSSUsage usage;
+    NSSCryptoContext *cc;
+    NSSITEM_FROM_SECITEM(&subject, name);
+    usage.anyUsage = PR_TRUE;
+    cc = STAN_GetDefaultCryptoContext();
+    ct = NSSCryptoContext_FindBestCertificateBySubject(cc, &subject, NULL,
+                                                       &usage, NULL);
+    cp = NSSTrustDomain_FindBestCertificateBySubject(handle, &subject, NULL,
+                                                     &usage, NULL);
+    c = get_best_temp_or_perm(ct, cp);
+    if (ct) {
+        CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+    }
+    if (cp) {
+        CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(cp));
+    }
+    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
+}
+
+CERTCertificate *
+CERT_FindCertByKeyID(CERTCertDBHandle *handle, SECItem *name, SECItem *keyID)
+{
+    CERTCertList *list;
+    CERTCertificate *cert = NULL;
+    CERTCertListNode *node;
+
+    list = CERT_CreateSubjectCertList(NULL, handle, name, 0, PR_FALSE);
+    if (list == NULL)
+        return NULL;
+
+    node = CERT_LIST_HEAD(list);
+    while (!CERT_LIST_END(node, list)) {
+        if (node->cert &&
+            SECITEM_ItemsAreEqual(&node->cert->subjectKeyID, keyID)) {
+            cert = CERT_DupCertificate(node->cert);
+            goto done;
+        }
+        node = CERT_LIST_NEXT(node);
+    }
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+
+done:
+    CERT_DestroyCertList(list);
+    return cert;
+}
+
+CERTCertificate *
+CERT_FindCertByNickname(CERTCertDBHandle *handle, const char *nickname)
+{
+    NSSCryptoContext *cc;
+    NSSCertificate *c, *ct;
+    CERTCertificate *cert;
+    NSSUsage usage;
+    usage.anyUsage = PR_TRUE;
+    cc = STAN_GetDefaultCryptoContext();
+    ct = NSSCryptoContext_FindBestCertificateByNickname(cc, nickname, NULL,
+                                                        &usage, NULL);
+    cert = PK11_FindCertFromNickname(nickname, NULL);
+    c = NULL;
+    if (cert) {
+        c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
+        CERT_DestroyCertificate(cert);
+        if (ct) {
+            CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+        }
+    } else {
+        c = ct;
+    }
+    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
+}
+
+CERTCertificate *
+CERT_FindCertByDERCert(CERTCertDBHandle *handle, SECItem *derCert)
+{
+    NSSCryptoContext *cc;
+    NSSCertificate *c;
+    NSSDER encoding;
+    NSSITEM_FROM_SECITEM(&encoding, derCert);
+    cc = STAN_GetDefaultCryptoContext();
+    c = NSSCryptoContext_FindCertificateByEncodedCertificate(cc, &encoding);
+    if (!c) {
+        c = NSSTrustDomain_FindCertificateByEncodedCertificate(handle,
+                                                               &encoding);
+        if (!c)
+            return NULL;
+    }
+    return STAN_GetCERTCertificateOrRelease(c);
+}
+
+static CERTCertificate *
+common_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
+                                             const char *name, PRBool anyUsage,
+                                             SECCertUsage lookingForUsage)
+{
+    NSSCryptoContext *cc;
+    NSSCertificate *c, *ct;
+    CERTCertificate *cert = NULL;
+    NSSUsage usage;
+    CERTCertList *certlist;
+
+    if (NULL == name) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    usage.anyUsage = anyUsage;
+
+    if (!anyUsage) {
+        usage.nss3lookingForCA = PR_FALSE;
+        usage.nss3usage = lookingForUsage;
+    }
+
+    cc = STAN_GetDefaultCryptoContext();
+    ct = NSSCryptoContext_FindBestCertificateByNickname(cc, name, NULL, &usage,
+                                                        NULL);
+    if (!ct && PORT_Strchr(name, '@') != NULL) {
+        char *lowercaseName = CERT_FixupEmailAddr(name);
+        if (lowercaseName) {
+            ct = NSSCryptoContext_FindBestCertificateByEmail(
+                cc, lowercaseName, NULL, &usage, NULL);
+            PORT_Free(lowercaseName);
+        }
+    }
+
+    if (anyUsage) {
+        cert = PK11_FindCertFromNickname(name, NULL);
+    } else {
+        if (ct) {
+            /* Does ct really have the required usage? */
+            nssDecodedCert *dc;
+            dc = nssCertificate_GetDecoding(ct);
+            if (!dc->matchUsage(dc, &usage)) {
+                CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+                ct = NULL;
+            }
+        }
+
+        certlist = PK11_FindCertsFromNickname(name, NULL);
+        if (certlist) {
+            SECStatus rv =
+                CERT_FilterCertListByUsage(certlist, lookingForUsage, PR_FALSE);
+            if (SECSuccess == rv && !CERT_LIST_EMPTY(certlist)) {
+                cert = CERT_DupCertificate(CERT_LIST_HEAD(certlist)->cert);
+            }
+            CERT_DestroyCertList(certlist);
+        }
+    }
+
+    if (cert) {
+        c = get_best_temp_or_perm(ct, STAN_GetNSSCertificate(cert));
+        CERT_DestroyCertificate(cert);
+        if (ct) {
+            CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(ct));
+        }
+    } else {
+        c = ct;
+    }
+    return c ? STAN_GetCERTCertificateOrRelease(c) : NULL;
+}
+
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddr(CERTCertDBHandle *handle, const char *name)
+{
+    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_TRUE,
+                                                        0);
+}
+
+CERTCertificate *
+CERT_FindCertByNicknameOrEmailAddrForUsage(CERTCertDBHandle *handle,
+                                           const char *name,
+                                           SECCertUsage lookingForUsage)
+{
+    return common_FindCertByNicknameOrEmailAddrForUsage(handle, name, PR_FALSE,
+                                                        lookingForUsage);
+}
+
+static void
+add_to_subject_list(CERTCertList *certList, CERTCertificate *cert,
+                    PRBool validOnly, PRTime sorttime)
+{
+    SECStatus secrv;
+    if (!validOnly ||
+        CERT_CheckCertValidTimes(cert, sorttime, PR_FALSE) ==
+            secCertTimeValid) {
+        secrv = CERT_AddCertToListSorted(certList, cert, CERT_SortCBValidity,
+                                         (void *)&sorttime);
+        if (secrv != SECSuccess) {
+            CERT_DestroyCertificate(cert);
+        }
+    } else {
+        CERT_DestroyCertificate(cert);
+    }
+}
+
+CERTCertList *
+CERT_CreateSubjectCertList(CERTCertList *certList, CERTCertDBHandle *handle,
+                           const SECItem *name, PRTime sorttime,
+                           PRBool validOnly)
+{
+    NSSCryptoContext *cc;
+    NSSCertificate **tSubjectCerts, **pSubjectCerts;
+    NSSCertificate **ci;
+    CERTCertificate *cert;
+    NSSDER subject;
+    PRBool myList = PR_FALSE;
+    cc = STAN_GetDefaultCryptoContext();
+    NSSITEM_FROM_SECITEM(&subject, name);
+    /* Collect both temp and perm certs for the subject */
+    tSubjectCerts =
+        NSSCryptoContext_FindCertificatesBySubject(cc, &subject, NULL, 0, NULL);
+    pSubjectCerts = NSSTrustDomain_FindCertificatesBySubject(handle, &subject,
+                                                             NULL, 0, NULL);
+    if (!tSubjectCerts && !pSubjectCerts) {
+        return NULL;
+    }
+    if (certList == NULL) {
+        certList = CERT_NewCertList();
+        myList = PR_TRUE;
+        if (!certList)
+            goto loser;
+    }
+    /* Iterate over the matching temp certs.  Add them to the list */
+    ci = tSubjectCerts;
+    while (ci && *ci) {
+        cert = STAN_GetCERTCertificateOrRelease(*ci);
+        /* *ci may be invalid at this point, don't reference it again */
+        if (cert) {
+            /* NOTE: add_to_subject_list adopts the incoming cert. */
+            add_to_subject_list(certList, cert, validOnly, sorttime);
+        }
+        ci++;
+    }
+    /* Iterate over the matching perm certs.  Add them to the list */
+    ci = pSubjectCerts;
+    while (ci && *ci) {
+        cert = STAN_GetCERTCertificateOrRelease(*ci);
+        /* *ci may be invalid at this point, don't reference it again */
+        if (cert) {
+            /* NOTE: add_to_subject_list adopts the incoming cert. */
+            add_to_subject_list(certList, cert, validOnly, sorttime);
+        }
+        ci++;
+    }
+    /* all the references have been adopted or freed at this point, just
+     * free the arrays now */
+    nss_ZFreeIf(tSubjectCerts);
+    nss_ZFreeIf(pSubjectCerts);
+    return certList;
+loser:
+    /* need to free the references in tSubjectCerts and pSubjectCerts! */
+    nssCertificateArray_Destroy(tSubjectCerts);
+    nssCertificateArray_Destroy(pSubjectCerts);
+    if (myList && certList != NULL) {
+        CERT_DestroyCertList(certList);
+    }
+    return NULL;
+}
+
+void
+CERT_DestroyCertificate(CERTCertificate *cert)
+{
+    if (cert) {
+        /* don't use STAN_GetNSSCertificate because we don't want to
+         * go to the trouble of translating the CERTCertificate into
+         * an NSSCertificate just to destroy it.  If it hasn't been done
+         * yet, don't do it at all.
+         */
+        NSSCertificate *tmp = cert->nssCertificate;
+        if (tmp) {
+            /* delete the NSSCertificate */
+            NSSCertificate_Destroy(tmp);
+        } else if (cert->arena) {
+            PORT_FreeArena(cert->arena, PR_FALSE);
+        }
+    }
+    return;
+}
+
+int
+CERT_GetDBContentVersion(CERTCertDBHandle *handle)
+{
+    /* should read the DB content version from the pkcs #11 device */
+    return 0;
+}
+
+SECStatus
+certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
+                         SECItem *emailProfile, SECItem *profileTime)
+{
+    PRTime oldtime;
+    PRTime newtime;
+    SECStatus rv = SECFailure;
+    PRBool saveit;
+    SECItem oldprof, oldproftime;
+    SECItem *oldProfile = NULL;
+    SECItem *oldProfileTime = NULL;
+    PK11SlotInfo *slot = NULL;
+    NSSCertificate *c;
+    NSSCryptoContext *cc;
+    nssSMIMEProfile *stanProfile = NULL;
+    PRBool freeOldProfile = PR_FALSE;
+
+    c = STAN_GetNSSCertificate(cert);
+    if (!c)
+        return SECFailure;
+    cc = c->object.cryptoContext;
+    if (cc != NULL) {
+        stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
+        if (stanProfile) {
+            PORT_Assert(stanProfile->profileData);
+            SECITEM_FROM_NSSITEM(&oldprof, stanProfile->profileData);
+            oldProfile = &oldprof;
+            SECITEM_FROM_NSSITEM(&oldproftime, stanProfile->profileTime);
+            oldProfileTime = &oldproftime;
+        }
+    } else {
+        oldProfile = PK11_FindSMimeProfile(&slot, (char *)emailAddr,
+                                           &cert->derSubject, &oldProfileTime);
+        freeOldProfile = PR_TRUE;
+    }
+
+    saveit = PR_FALSE;
+
+    /* both profileTime and emailProfile have to exist or not exist */
+    if (emailProfile == NULL) {
+        profileTime = NULL;
+    } else if (profileTime == NULL) {
+        emailProfile = NULL;
+    }
+
+    if (oldProfileTime == NULL) {
+        saveit = PR_TRUE;
+    } else {
+        /* there was already a profile for this email addr */
+        if (profileTime) {
+            /* we have an old and new profile - save whichever is more recent*/
+            if (oldProfileTime->len == 0) {
+                /* always replace if old entry doesn't have a time */
+                oldtime = LL_MININT;
+            } else {
+                rv = DER_UTCTimeToTime(&oldtime, oldProfileTime);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+            }
+
+            rv = DER_UTCTimeToTime(&newtime, profileTime);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+
+            if (LL_CMP(newtime, >, oldtime)) {
+                /* this is a newer profile, save it and cert */
+                saveit = PR_TRUE;
+            }
+        } else {
+            saveit = PR_TRUE;
+        }
+    }
+
+    if (saveit) {
+        if (cc) {
+            if (stanProfile && profileTime && emailProfile) {
+                /* stanProfile is already stored in the crypto context,
+                 * overwrite the data
+                 */
+                NSSArena *arena = stanProfile->object.arena;
+                stanProfile->profileTime = nssItem_Create(
+                    arena, NULL, profileTime->len, profileTime->data);
+                stanProfile->profileData = nssItem_Create(
+                    arena, NULL, emailProfile->len, emailProfile->data);
+            } else if (profileTime && emailProfile) {
+                PRStatus nssrv;
+                NSSItem profTime, profData;
+                NSSITEM_FROM_SECITEM(&profTime, profileTime);
+                NSSITEM_FROM_SECITEM(&profData, emailProfile);
+                stanProfile = nssSMIMEProfile_Create(c, &profTime, &profData);
+                if (!stanProfile)
+                    goto loser;
+                nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
+                rv = (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
+            }
+        } else {
+            rv = PK11_SaveSMimeProfile(slot, (char *)emailAddr,
+                                       &cert->derSubject, emailProfile,
+                                       profileTime);
+        }
+    } else {
+        rv = SECSuccess;
+    }
+
+loser:
+    if (oldProfile && freeOldProfile) {
+        SECITEM_FreeItem(oldProfile, PR_TRUE);
+    }
+    if (oldProfileTime && freeOldProfile) {
+        SECITEM_FreeItem(oldProfileTime, PR_TRUE);
+    }
+    if (stanProfile) {
+        nssSMIMEProfile_Destroy(stanProfile);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+
+    return (rv);
+}
+
+/*
+ *
+ * Manage S/MIME profiles
+ *
+ */
+
+SECStatus
+CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
+                      SECItem *profileTime)
+{
+    const char *emailAddr;
+    SECStatus rv;
+
+    if (!cert) {
+        return SECFailure;
+    }
+
+    if (cert->slot && !PK11_IsInternal(cert->slot)) {
+        /* this cert comes from an external source, we need to add it
+        to the cert db before creating an S/MIME profile */
+        PK11SlotInfo *internalslot = PK11_GetInternalKeySlot();
+        if (!internalslot) {
+            return SECFailure;
+        }
+        rv = PK11_ImportCert(internalslot, cert, CK_INVALID_HANDLE, NULL,
+                             PR_FALSE);
+
+        PK11_FreeSlot(internalslot);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+
+    if (cert->slot && cert->isperm && CERT_IsUserCert(cert) &&
+        (!emailProfile || !emailProfile->len)) {
+        /* Don't clobber emailProfile for user certs. */
+        return SECSuccess;
+    }
+
+    for (emailAddr = CERT_GetFirstEmailAddress(cert); emailAddr != NULL;
+         emailAddr = CERT_GetNextEmailAddress(cert, emailAddr)) {
+        rv = certdb_SaveSingleProfile(cert, emailAddr, emailProfile,
+                                      profileTime);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+SECItem *
+CERT_FindSMimeProfile(CERTCertificate *cert)
+{
+    PK11SlotInfo *slot = NULL;
+    NSSCertificate *c;
+    NSSCryptoContext *cc;
+    SECItem *rvItem = NULL;
+
+    if (!cert || !cert->emailAddr || !cert->emailAddr[0]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    c = STAN_GetNSSCertificate(cert);
+    if (!c)
+        return NULL;
+    cc = c->object.cryptoContext;
+    if (cc != NULL) {
+        nssSMIMEProfile *stanProfile;
+        stanProfile = nssCryptoContext_FindSMIMEProfileForCertificate(cc, c);
+        if (stanProfile) {
+            rvItem =
+                SECITEM_AllocItem(NULL, NULL, stanProfile->profileData->size);
+            if (rvItem) {
+                rvItem->data = stanProfile->profileData->data;
+            }
+            nssSMIMEProfile_Destroy(stanProfile);
+        }
+        return rvItem;
+    }
+    rvItem =
+        PK11_FindSMimeProfile(&slot, cert->emailAddr, &cert->derSubject, NULL);
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    return rvItem;
+}
+
+/*
+ * deprecated functions that are now just stubs.
+ */
+/*
+ * Close the database
+ */
+void
+__CERT_ClosePermCertDB(CERTCertDBHandle *handle)
+{
+    PORT_Assert("CERT_ClosePermCertDB is Deprecated" == NULL);
+    return;
+}
+
+SECStatus
+CERT_OpenCertDBFilename(CERTCertDBHandle *handle, char *certdbname,
+                        PRBool readOnly)
+{
+    PORT_Assert("CERT_OpenCertDBFilename is Deprecated" == NULL);
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+SECItem *
+SECKEY_HashPassword(char *pw, SECItem *salt)
+{
+    PORT_Assert("SECKEY_HashPassword is Deprecated" == NULL);
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+}
+
+SECStatus
+__CERT_TraversePermCertsForSubject(CERTCertDBHandle *handle,
+                                   SECItem *derSubject, void *cb, void *cbarg)
+{
+    PORT_Assert("CERT_TraversePermCertsForSubject is Deprecated" == NULL);
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+SECStatus
+__CERT_TraversePermCertsForNickname(CERTCertDBHandle *handle, char *nickname,
+                                    void *cb, void *cbarg)
+{
+    PORT_Assert("CERT_TraversePermCertsForNickname is Deprecated" == NULL);
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
diff --git a/nss/lib/certdb/xauthkid.c b/nss/lib/certdb/xauthkid.c
new file mode 100644
index 0000000..c7ef046
--- /dev/null
+++ b/nss/lib/certdb/xauthkid.c
@@ -0,0 +1,128 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * X.509 v3 Subject Key Usage Extension
+ *
+ */
+
+#include "prtypes.h"
+#include "seccomon.h"
+#include "secdert.h"
+#include "secoidt.h"
+#include "secasn1t.h"
+#include "secasn1.h"
+#include "secport.h"
+#include "certt.h"
+#include "genname.h"
+#include "secerr.h"
+
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+
+const SEC_ASN1Template CERTAuthKeyIDTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthKeyID) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(CERTAuthKeyID, keyID), SEC_ASN1_SUB(SEC_OctetStringTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(CERTAuthKeyID, DERAuthCertIssuer), CERT_GeneralNamesTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+      offsetof(CERTAuthKeyID, authCertSerialNumber),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { 0 }
+};
+
+SECStatus
+CERT_EncodeAuthKeyID(PLArenaPool *arena, CERTAuthKeyID *value,
+                     SECItem *encodedValue)
+{
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(value);
+    PORT_Assert(arena);
+    PORT_Assert(value->DERAuthCertIssuer == NULL);
+    PORT_Assert(encodedValue);
+
+    do {
+
+        /* If both of the authCertIssuer and the serial number exist, encode
+           the name first.  Otherwise, it is an error if one exist and the other
+           is not.
+         */
+        if (value->authCertIssuer) {
+            if (!value->authCertSerialNumber.data) {
+                PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+                break;
+            }
+
+            value->DERAuthCertIssuer =
+                cert_EncodeGeneralNames(arena, value->authCertIssuer);
+            if (!value->DERAuthCertIssuer) {
+                PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+                break;
+            }
+        } else if (value->authCertSerialNumber.data) {
+            PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+            break;
+        }
+
+        if (SEC_ASN1EncodeItem(arena, encodedValue, value,
+                               CERTAuthKeyIDTemplate) == NULL)
+            break;
+        rv = SECSuccess;
+
+    } while (0);
+    return (rv);
+}
+
+CERTAuthKeyID *
+CERT_DecodeAuthKeyID(PLArenaPool *arena, const SECItem *encodedValue)
+{
+    CERTAuthKeyID *value = NULL;
+    SECStatus rv = SECFailure;
+    void *mark;
+    SECItem newEncodedValue;
+
+    PORT_Assert(arena);
+
+    do {
+        mark = PORT_ArenaMark(arena);
+        value = (CERTAuthKeyID *)PORT_ArenaZAlloc(arena, sizeof(*value));
+        if (value == NULL)
+            break;
+        value->DERAuthCertIssuer = NULL;
+        /* copy the DER into the arena, since Quick DER returns data that points
+           into the DER input, which may get freed by the caller */
+        rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
+        if (rv != SECSuccess) {
+            break;
+        }
+
+        rv = SEC_QuickDERDecodeItem(arena, value, CERTAuthKeyIDTemplate,
+                                    &newEncodedValue);
+        if (rv != SECSuccess)
+            break;
+
+        value->authCertIssuer =
+            cert_DecodeGeneralNames(arena, value->DERAuthCertIssuer);
+        if (value->authCertIssuer == NULL)
+            break;
+
+        /* what if the general name contains other format but not URI ?
+           hl
+         */
+        if ((value->authCertSerialNumber.data && !value->authCertIssuer) ||
+            (!value->authCertSerialNumber.data && value->authCertIssuer)) {
+            PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+            break;
+        }
+    } while (0);
+
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(arena, mark);
+        return ((CERTAuthKeyID *)NULL);
+    }
+    PORT_ArenaUnmark(arena, mark);
+    return (value);
+}
diff --git a/nss/lib/certdb/xbsconst.c b/nss/lib/certdb/xbsconst.c
new file mode 100644
index 0000000..4f01f51
--- /dev/null
+++ b/nss/lib/certdb/xbsconst.c
@@ -0,0 +1,143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * X.509 v3 Basic Constraints Extension
+ */
+
+#include "prtypes.h"
+#include <limits.h> /* for LONG_MAX */
+#include "seccomon.h"
+#include "secdert.h"
+#include "secoidt.h"
+#include "secasn1t.h"
+#include "secasn1.h"
+#include "certt.h"
+#include "secder.h"
+#include "prprf.h"
+#include "secerr.h"
+
+typedef struct EncodedContext {
+    SECItem isCA;
+    SECItem pathLenConstraint;
+    SECItem encodedValue;
+    PLArenaPool *arena;
+} EncodedContext;
+
+static const SEC_ASN1Template CERTBasicConstraintsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(EncodedContext) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+      offsetof(EncodedContext, isCA) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
+      offsetof(EncodedContext, pathLenConstraint) },
+    { 0 }
+};
+
+static unsigned char hexTrue = 0xff;
+static unsigned char hexFalse = 0x00;
+
+#define GEN_BREAK(status) \
+    rv = status;          \
+    break;
+
+SECStatus
+CERT_EncodeBasicConstraintValue(PLArenaPool *arena, CERTBasicConstraints *value,
+                                SECItem *encodedValue)
+{
+    EncodedContext encodeContext;
+    PLArenaPool *our_pool = NULL;
+    SECStatus rv = SECSuccess;
+
+    do {
+        PORT_Memset(&encodeContext, 0, sizeof(encodeContext));
+        if (!value->isCA && value->pathLenConstraint >= 0) {
+            PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+            GEN_BREAK(SECFailure);
+        }
+
+        encodeContext.arena = arena;
+        if (value->isCA == PR_TRUE) {
+            encodeContext.isCA.data = &hexTrue;
+            encodeContext.isCA.len = 1;
+        }
+
+        /* If the pathLenConstraint is less than 0, then it should be
+         * omitted from the encoding.
+         */
+        if (value->isCA && value->pathLenConstraint >= 0) {
+            our_pool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+            if (our_pool == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                GEN_BREAK(SECFailure);
+            }
+            if (SEC_ASN1EncodeUnsignedInteger(
+                    our_pool, &encodeContext.pathLenConstraint,
+                    (unsigned long)value->pathLenConstraint) == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                GEN_BREAK(SECFailure);
+            }
+        }
+        if (SEC_ASN1EncodeItem(arena, encodedValue, &encodeContext,
+                               CERTBasicConstraintsTemplate) == NULL) {
+            GEN_BREAK(SECFailure);
+        }
+    } while (0);
+    if (our_pool)
+        PORT_FreeArena(our_pool, PR_FALSE);
+    return (rv);
+}
+
+SECStatus
+CERT_DecodeBasicConstraintValue(CERTBasicConstraints *value,
+                                const SECItem *encodedValue)
+{
+    EncodedContext decodeContext;
+    PORTCheapArenaPool tmpArena;
+    SECStatus rv = SECSuccess;
+
+    do {
+        PORT_Memset(&decodeContext, 0, sizeof(decodeContext));
+        /* initialize the value just in case we got "0x30 00", or when the
+           pathLenConstraint is omitted.
+         */
+        decodeContext.isCA.data = &hexFalse;
+        decodeContext.isCA.len = 1;
+
+        PORT_InitCheapArena(&tmpArena, SEC_ASN1_DEFAULT_ARENA_SIZE);
+
+        rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &decodeContext,
+                                    CERTBasicConstraintsTemplate, encodedValue);
+        if (rv == SECFailure)
+            break;
+
+        value->isCA = decodeContext.isCA.data
+                          ? (PRBool)(decodeContext.isCA.data[0] != 0)
+                          : PR_FALSE;
+        if (decodeContext.pathLenConstraint.data == NULL) {
+            /* if the pathLenConstraint is not encoded, and the current setting
+              is CA, then the pathLenConstraint should be set to a negative
+              number
+              for unlimited certificate path.
+             */
+            if (value->isCA)
+                value->pathLenConstraint = CERT_UNLIMITED_PATH_CONSTRAINT;
+        } else if (value->isCA) {
+            long len = DER_GetInteger(&decodeContext.pathLenConstraint);
+            if (len < 0 || len == LONG_MAX) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                GEN_BREAK(SECFailure);
+            }
+            value->pathLenConstraint = len;
+        } else {
+            /* here we get an error where the subject is not a CA, but
+               the pathLenConstraint is set */
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            GEN_BREAK(SECFailure);
+            break;
+        }
+    } while (0);
+
+    PORT_DestroyCheapArena(&tmpArena);
+    return (rv);
+}
diff --git a/nss/lib/certdb/xconst.c b/nss/lib/certdb/xconst.c
new file mode 100644
index 0000000..9a5634a
--- /dev/null
+++ b/nss/lib/certdb/xconst.c
@@ -0,0 +1,269 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * X.509 Extension Encoding
+ */
+
+#include "prtypes.h"
+#include "seccomon.h"
+#include "secdert.h"
+#include "secoidt.h"
+#include "secasn1t.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "secder.h"
+#include "prprf.h"
+#include "xconst.h"
+#include "genname.h"
+#include "secasn1.h"
+#include "secerr.h"
+
+static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
+    { SEC_ASN1_OCTET_STRING }
+};
+
+static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
+    { SEC_ASN1_IA5_STRING }
+};
+
+SEC_ASN1_MKSUB(SEC_GeneralizedTimeTemplate)
+
+static const SEC_ASN1Template CERTPrivateKeyUsagePeriodTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPrivKeyUsagePeriod) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(CERTPrivKeyUsagePeriod, notBefore),
+      SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(CERTPrivKeyUsagePeriod, notAfter),
+      SEC_ASN1_SUB(SEC_GeneralizedTimeTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERTAltNameTemplate[] = {
+    { SEC_ASN1_CONSTRUCTED, offsetof(CERTAltNameEncodedContext, encodedGenName),
+      CERT_GeneralNamesTemplate }
+};
+
+const SEC_ASN1Template CERTAuthInfoAccessItemTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTAuthInfoAccess) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTAuthInfoAccess, method) },
+    { SEC_ASN1_ANY, offsetof(CERTAuthInfoAccess, derLocation) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERTAuthInfoAccessTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, CERTAuthInfoAccessItemTemplate }
+};
+
+SECStatus
+CERT_EncodeSubjectKeyID(PLArenaPool *arena, const SECItem *srcString,
+                        SECItem *encodedValue)
+{
+    SECStatus rv = SECSuccess;
+
+    if (!srcString) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (SEC_ASN1EncodeItem(arena, encodedValue, srcString,
+                           CERTSubjectKeyIDTemplate) == NULL) {
+        rv = SECFailure;
+    }
+
+    return (rv);
+}
+
+SECStatus
+CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
+                                 CERTPrivKeyUsagePeriod *pkup,
+                                 SECItem *encodedValue)
+{
+    SECStatus rv = SECSuccess;
+
+    if (SEC_ASN1EncodeItem(arena, encodedValue, pkup,
+                           CERTPrivateKeyUsagePeriodTemplate) == NULL) {
+        rv = SECFailure;
+    }
+    return (rv);
+}
+
+CERTPrivKeyUsagePeriod *
+CERT_DecodePrivKeyUsagePeriodExtension(PLArenaPool *arena, SECItem *extnValue)
+{
+    SECStatus rv;
+    CERTPrivKeyUsagePeriod *pPeriod;
+    SECItem newExtnValue;
+
+    /* allocate the certificate policies structure */
+    pPeriod = PORT_ArenaZNew(arena, CERTPrivKeyUsagePeriod);
+    if (pPeriod == NULL) {
+        goto loser;
+    }
+
+    pPeriod->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newExtnValue, extnValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(
+        arena, pPeriod, CERTPrivateKeyUsagePeriodTemplate, &newExtnValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return pPeriod;
+
+loser:
+    return NULL;
+}
+
+SECStatus
+CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
+                            SECItem *encodedValue)
+{
+    SECItem encodeContext;
+    SECStatus rv = SECSuccess;
+
+    PORT_Memset(&encodeContext, 0, sizeof(encodeContext));
+
+    if (value != NULL) {
+        encodeContext.data = (unsigned char *)value;
+        encodeContext.len = strlen(value);
+    }
+    if (SEC_ASN1EncodeItem(arena, encodedValue, &encodeContext,
+                           CERTIA5TypeTemplate) == NULL) {
+        rv = SECFailure;
+    }
+
+    return (rv);
+}
+
+SECStatus
+CERT_EncodeAltNameExtension(PLArenaPool *arena, CERTGeneralName *value,
+                            SECItem *encodedValue)
+{
+    SECItem **encodedGenName;
+    SECStatus rv = SECSuccess;
+
+    encodedGenName = cert_EncodeGeneralNames(arena, value);
+    if (SEC_ASN1EncodeItem(arena, encodedValue, &encodedGenName,
+                           CERT_GeneralNamesTemplate) == NULL) {
+        rv = SECFailure;
+    }
+
+    return rv;
+}
+
+CERTGeneralName *
+CERT_DecodeAltNameExtension(PLArenaPool *reqArena, SECItem *EncodedAltName)
+{
+    SECStatus rv = SECSuccess;
+    CERTAltNameEncodedContext encodedContext;
+    SECItem *newEncodedAltName;
+
+    if (!reqArena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    newEncodedAltName = SECITEM_ArenaDupItem(reqArena, EncodedAltName);
+    if (!newEncodedAltName) {
+        return NULL;
+    }
+
+    encodedContext.encodedGenName = NULL;
+    PORT_Memset(&encodedContext, 0, sizeof(CERTAltNameEncodedContext));
+    rv = SEC_QuickDERDecodeItem(reqArena, &encodedContext,
+                                CERT_GeneralNamesTemplate, newEncodedAltName);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+    if (encodedContext.encodedGenName && encodedContext.encodedGenName[0])
+        return cert_DecodeGeneralNames(reqArena, encodedContext.encodedGenName);
+    /* Extension contained an empty GeneralNames sequence */
+    /* Treat as extension not found */
+    PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
+loser:
+    return NULL;
+}
+
+SECStatus
+CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
+                                    CERTNameConstraints *value,
+                                    SECItem *encodedValue)
+{
+    SECStatus rv = SECSuccess;
+
+    rv = cert_EncodeNameConstraints(value, arena, encodedValue);
+    return rv;
+}
+
+CERTNameConstraints *
+CERT_DecodeNameConstraintsExtension(PLArenaPool *arena,
+                                    const SECItem *encodedConstraints)
+{
+    return cert_DecodeNameConstraints(arena, encodedConstraints);
+}
+
+CERTAuthInfoAccess **
+CERT_DecodeAuthInfoAccessExtension(PLArenaPool *reqArena,
+                                   const SECItem *encodedExtension)
+{
+    CERTAuthInfoAccess **info = NULL;
+    SECStatus rv;
+    int i;
+    SECItem *newEncodedExtension;
+
+    if (!reqArena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    newEncodedExtension = SECITEM_ArenaDupItem(reqArena, encodedExtension);
+    if (!newEncodedExtension) {
+        return NULL;
+    }
+
+    rv = SEC_QuickDERDecodeItem(reqArena, &info, CERTAuthInfoAccessTemplate,
+                                newEncodedExtension);
+    if (rv != SECSuccess || info == NULL) {
+        return NULL;
+    }
+
+    for (i = 0; info[i] != NULL; i++) {
+        info[i]->location =
+            CERT_DecodeGeneralName(reqArena, &(info[i]->derLocation), NULL);
+    }
+    return info;
+}
+
+SECStatus
+CERT_EncodeInfoAccessExtension(PLArenaPool *arena, CERTAuthInfoAccess **info,
+                               SECItem *dest)
+{
+    SECItem *dummy;
+    int i;
+
+    PORT_Assert(info != NULL);
+    PORT_Assert(dest != NULL);
+    if (info == NULL || dest == NULL) {
+        return SECFailure;
+    }
+
+    for (i = 0; info[i] != NULL; i++) {
+        if (CERT_EncodeGeneralName(info[i]->location, &(info[i]->derLocation),
+                                   arena) == NULL)
+            /* Note that this may leave some of the locations filled in. */
+            return SECFailure;
+    }
+    dummy = SEC_ASN1EncodeItem(arena, dest, &info, CERTAuthInfoAccessTemplate);
+    if (dummy == NULL) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
diff --git a/nss/lib/certdb/xconst.h b/nss/lib/certdb/xconst.h
new file mode 100644
index 0000000..8cf2e82
--- /dev/null
+++ b/nss/lib/certdb/xconst.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _XCONST_H_
+#define _XCONST_H_
+
+#include "certt.h"
+
+typedef struct CERTAltNameEncodedContextStr {
+    SECItem **encodedGenName;
+} CERTAltNameEncodedContext;
+
+SEC_BEGIN_PROTOS
+
+extern SECStatus CERT_EncodePrivateKeyUsagePeriod(PLArenaPool *arena,
+                                                  CERTPrivKeyUsagePeriod *pkup,
+                                                  SECItem *encodedValue);
+
+extern SECStatus CERT_EncodeNameConstraintsExtension(PLArenaPool *arena,
+                                                     CERTNameConstraints *value,
+                                                     SECItem *encodedValue);
+
+extern SECStatus CERT_EncodeIA5TypeExtension(PLArenaPool *arena, char *value,
+                                             SECItem *encodedValue);
+
+SECStatus cert_EncodeAuthInfoAccessExtension(PLArenaPool *arena,
+                                             CERTAuthInfoAccess **info,
+                                             SECItem *dest);
+SEC_END_PROTOS
+#endif
diff --git a/nss/lib/certhigh/Makefile b/nss/lib/certhigh/Makefile
new file mode 100644
index 0000000..a2f0cf7
--- /dev/null
+++ b/nss/lib/certhigh/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+-include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/certhigh/certhigh.c b/nss/lib/certhigh/certhigh.c
new file mode 100644
index 0000000..607fe0d
--- /dev/null
+++ b/nss/lib/certhigh/certhigh.c
@@ -0,0 +1,1207 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nspr.h"
+#include "secerr.h"
+#include "secasn1.h"
+#include "seccomon.h"
+#include "pk11func.h"
+#include "certdb.h"
+#include "certt.h"
+#include "cert.h"
+#include "certxutl.h"
+
+#include "nsspki.h"
+#include "pki.h"
+#include "pkit.h"
+#include "pkitm.h"
+#include "pki3hack.h"
+
+PRBool
+CERT_MatchNickname(char *name1, char *name2)
+{
+    char *nickname1 = NULL;
+    char *nickname2 = NULL;
+    char *token1;
+    char *token2;
+
+    /* first deal with the straight comparison */
+    if (PORT_Strcmp(name1, name2) == 0) {
+        return PR_TRUE;
+    }
+    /* we need to handle the case where one name has an explicit token and the other
+     * doesn't */
+    token1 = PORT_Strchr(name1, ':');
+    token2 = PORT_Strchr(name2, ':');
+    if ((token1 && token2) || (!token1 && !token2)) {
+        /* either both token names are specified or neither are, not match */
+        return PR_FALSE;
+    }
+    if (token1) {
+        nickname1 = token1;
+        nickname2 = name2;
+    } else {
+        nickname1 = token2;
+        nickname2 = name1;
+    }
+    nickname1++;
+    if (PORT_Strcmp(nickname1, nickname2) != 0) {
+        return PR_FALSE;
+    }
+    /* Bug 1192443 - compare the other token with the internal slot here */
+    return PR_TRUE;
+}
+
+/*
+ * Find all user certificates that match the given criteria.
+ *
+ *      "handle" - database to search
+ *      "usage" - certificate usage to match
+ *      "oneCertPerName" - if set then only return the "best" cert per
+ *                      name
+ *      "validOnly" - only return certs that are curently valid
+ *      "proto_win" - window handle passed to pkcs11
+ */
+CERTCertList *
+CERT_FindUserCertsByUsage(CERTCertDBHandle *handle,
+                          SECCertUsage usage,
+                          PRBool oneCertPerName,
+                          PRBool validOnly,
+                          void *proto_win)
+{
+    CERTCertNicknames *nicknames = NULL;
+    char **nnptr;
+    int nn;
+    CERTCertificate *cert = NULL;
+    CERTCertList *certList = NULL;
+    SECStatus rv;
+    PRTime time;
+    CERTCertListNode *node = NULL;
+    CERTCertListNode *freenode = NULL;
+    int n;
+
+    time = PR_Now();
+
+    nicknames = CERT_GetCertNicknames(handle, SEC_CERT_NICKNAMES_USER,
+                                      proto_win);
+
+    if ((nicknames == NULL) || (nicknames->numnicknames == 0)) {
+        goto loser;
+    }
+
+    nnptr = nicknames->nicknames;
+    nn = nicknames->numnicknames;
+
+    while (nn > 0) {
+        cert = NULL;
+        /* use the pk11 call so that we pick up any certs on tokens,
+         * which may require login
+         */
+        if (proto_win != NULL) {
+            cert = PK11_FindCertFromNickname(*nnptr, proto_win);
+        }
+
+        /* Sigh, It turns out if the cert is already in the temp db, because
+         * it's in the perm db, then the nickname lookup doesn't work.
+         * since we already have the cert here, though, than we can just call
+         * CERT_CreateSubjectCertList directly. For those cases where we didn't
+         * find the cert in pkcs #11 (because we didn't have a password arg,
+         * or because the nickname is for a peer, server, or CA cert, then we
+         * go look the cert up.
+         */
+        if (cert == NULL) {
+            cert = CERT_FindCertByNickname(handle, *nnptr);
+        }
+
+        if (cert != NULL) {
+            /* collect certs for this nickname, sorting them into the list */
+            certList = CERT_CreateSubjectCertList(certList, handle,
+                                                  &cert->derSubject, time, validOnly);
+
+            CERT_FilterCertListForUserCerts(certList);
+
+            /* drop the extra reference */
+            CERT_DestroyCertificate(cert);
+        }
+
+        nnptr++;
+        nn--;
+    }
+
+    /* remove certs with incorrect usage */
+    rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* remove any extra certs for each name */
+    if (oneCertPerName) {
+        PRBool *flags;
+
+        nn = nicknames->numnicknames;
+        nnptr = nicknames->nicknames;
+
+        if (!certList) {
+            goto loser;
+        }
+
+        flags = (PRBool *)PORT_ZAlloc(sizeof(PRBool) * nn);
+        if (flags == NULL) {
+            goto loser;
+        }
+
+        node = CERT_LIST_HEAD(certList);
+
+        /* treverse all certs in the list */
+        while (!CERT_LIST_END(node, certList)) {
+
+            /* find matching nickname index */
+            for (n = 0; n < nn; n++) {
+                if (CERT_MatchNickname(nnptr[n], node->cert->nickname)) {
+                    /* We found a match.  If this is the first one, then
+                     * set the flag and move on to the next cert.  If this
+                     * is not the first one then delete it from the list.
+                     */
+                    if (flags[n]) {
+                        /* We have already seen a cert with this nickname,
+                         * so delete this one.
+                         */
+                        freenode = node;
+                        node = CERT_LIST_NEXT(node);
+                        CERT_RemoveCertListNode(freenode);
+                    } else {
+                        /* keep the first cert for each nickname, but set the
+                         * flag so we know to delete any others with the same
+                         * nickname.
+                         */
+                        flags[n] = PR_TRUE;
+                        node = CERT_LIST_NEXT(node);
+                    }
+                    break;
+                }
+            }
+            if (n == nn) {
+                /* if we get here it means that we didn't find a matching
+                 * nickname, which should not happen.
+                 */
+                PORT_Assert(0);
+                node = CERT_LIST_NEXT(node);
+            }
+        }
+        PORT_Free(flags);
+    }
+
+    goto done;
+
+loser:
+    if (certList != NULL) {
+        CERT_DestroyCertList(certList);
+        certList = NULL;
+    }
+
+done:
+    if (nicknames != NULL) {
+        CERT_FreeNicknames(nicknames);
+    }
+
+    return (certList);
+}
+
+/*
+ * Find a user certificate that matchs the given criteria.
+ *
+ *      "handle" - database to search
+ *      "nickname" - nickname to match
+ *      "usage" - certificate usage to match
+ *      "validOnly" - only return certs that are curently valid
+ *      "proto_win" - window handle passed to pkcs11
+ */
+CERTCertificate *
+CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
+                         const char *nickname,
+                         SECCertUsage usage,
+                         PRBool validOnly,
+                         void *proto_win)
+{
+    CERTCertificate *cert = NULL;
+    CERTCertList *certList = NULL;
+    SECStatus rv;
+    PRTime time;
+
+    time = PR_Now();
+
+    /* use the pk11 call so that we pick up any certs on tokens,
+     * which may require login
+     */
+    /* XXX - why is this restricted? */
+    if (proto_win != NULL) {
+        cert = PK11_FindCertFromNickname(nickname, proto_win);
+    }
+
+    /* sigh, There are still problems find smart cards from the temp
+     * db. This will get smart cards working again. The real fix
+     * is to make sure we can search the temp db by their token nickname.
+     */
+    if (cert == NULL) {
+        cert = CERT_FindCertByNickname(handle, nickname);
+    }
+
+    if (cert != NULL) {
+        unsigned int requiredKeyUsage;
+        unsigned int requiredCertType;
+
+        rv = CERT_KeyUsageAndTypeForCertUsage(usage, PR_FALSE,
+                                              &requiredKeyUsage, &requiredCertType);
+        if (rv != SECSuccess) {
+            /* drop the extra reference */
+            CERT_DestroyCertificate(cert);
+            cert = NULL;
+            goto loser;
+        }
+        /* If we already found the right cert, just return it */
+        if ((!validOnly || CERT_CheckCertValidTimes(cert, time, PR_FALSE) == secCertTimeValid) &&
+            (CERT_CheckKeyUsage(cert, requiredKeyUsage) == SECSuccess) &&
+            (cert->nsCertType & requiredCertType) &&
+            CERT_IsUserCert(cert)) {
+            return (cert);
+        }
+
+        /* collect certs for this nickname, sorting them into the list */
+        certList = CERT_CreateSubjectCertList(certList, handle,
+                                              &cert->derSubject, time, validOnly);
+
+        CERT_FilterCertListForUserCerts(certList);
+
+        /* drop the extra reference */
+        CERT_DestroyCertificate(cert);
+        cert = NULL;
+    }
+
+    if (certList == NULL) {
+        goto loser;
+    }
+
+    /* remove certs with incorrect usage */
+    rv = CERT_FilterCertListByUsage(certList, usage, PR_FALSE);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (!CERT_LIST_EMPTY(certList)) {
+        cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
+    }
+
+loser:
+    if (certList != NULL) {
+        CERT_DestroyCertList(certList);
+    }
+
+    return (cert);
+}
+
+CERTCertList *
+CERT_MatchUserCert(CERTCertDBHandle *handle,
+                   SECCertUsage usage,
+                   int nCANames, char **caNames,
+                   void *proto_win)
+{
+    CERTCertList *certList = NULL;
+    SECStatus rv;
+
+    certList = CERT_FindUserCertsByUsage(handle, usage, PR_TRUE, PR_TRUE,
+                                         proto_win);
+    if (certList == NULL) {
+        goto loser;
+    }
+
+    rv = CERT_FilterCertListByCANames(certList, nCANames, caNames, usage);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    goto done;
+
+loser:
+    if (certList != NULL) {
+        CERT_DestroyCertList(certList);
+        certList = NULL;
+    }
+
+done:
+
+    return (certList);
+}
+
+typedef struct stringNode {
+    struct stringNode *next;
+    char *string;
+} stringNode;
+
+static PRStatus
+CollectNicknames(NSSCertificate *c, void *data)
+{
+    CERTCertNicknames *names;
+    PRBool saveit = PR_FALSE;
+    stringNode *node;
+    int len;
+#ifdef notdef
+    NSSTrustDomain *td;
+    NSSTrust *trust;
+#endif
+    char *stanNickname;
+    char *nickname = NULL;
+
+    names = (CERTCertNicknames *)data;
+
+    stanNickname = nssCertificate_GetNickname(c, NULL);
+
+    if (stanNickname) {
+        nss_ZFreeIf(stanNickname);
+        stanNickname = NULL;
+        if (names->what == SEC_CERT_NICKNAMES_USER) {
+            saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL);
+        }
+#ifdef notdef
+        else {
+            td = NSSCertificate_GetTrustDomain(c);
+            if (!td) {
+                return PR_SUCCESS;
+            }
+            trust = nssTrustDomain_FindTrustForCertificate(td, c);
+
+            switch (names->what) {
+                case SEC_CERT_NICKNAMES_ALL:
+                    if ((trust->sslFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEER)) ||
+                        (trust->emailFlags & (CERTDB_VALID_CA | CERTDB_VALID_PEER)) ||
+                        (trust->objectSigningFlags &
+                         (CERTDB_VALID_CA | CERTDB_VALID_PEER))) {
+                        saveit = PR_TRUE;
+                    }
+
+                    break;
+                case SEC_CERT_NICKNAMES_SERVER:
+                    if (trust->sslFlags & CERTDB_VALID_PEER) {
+                        saveit = PR_TRUE;
+                    }
+
+                    break;
+                case SEC_CERT_NICKNAMES_CA:
+                    if (((trust->sslFlags & CERTDB_VALID_CA) == CERTDB_VALID_CA) ||
+                        ((trust->emailFlags & CERTDB_VALID_CA) == CERTDB_VALID_CA) ||
+                        ((trust->objectSigningFlags & CERTDB_VALID_CA) ==
+                         CERTDB_VALID_CA)) {
+                        saveit = PR_TRUE;
+                    }
+                    break;
+            }
+        }
+#endif
+    }
+
+    /* traverse the list of collected nicknames and make sure we don't make
+     * a duplicate
+     */
+    if (saveit) {
+        nickname = STAN_GetCERTCertificateName(NULL, c);
+        /* nickname can only be NULL here if we are having memory
+         * alloc problems */
+        if (nickname == NULL) {
+            return PR_FAILURE;
+        }
+        node = (stringNode *)names->head;
+        while (node != NULL) {
+            if (PORT_Strcmp(nickname, node->string) == 0) {
+                /* if the string matches, then don't save this one */
+                saveit = PR_FALSE;
+                break;
+            }
+            node = node->next;
+        }
+    }
+
+    if (saveit) {
+
+        /* allocate the node */
+        node = (stringNode *)PORT_ArenaAlloc(names->arena, sizeof(stringNode));
+        if (node == NULL) {
+            PORT_Free(nickname);
+            return PR_FAILURE;
+        }
+
+        /* copy the string */
+        len = PORT_Strlen(nickname) + 1;
+        node->string = (char *)PORT_ArenaAlloc(names->arena, len);
+        if (node->string == NULL) {
+            PORT_Free(nickname);
+            return PR_FAILURE;
+        }
+        PORT_Memcpy(node->string, nickname, len);
+
+        /* link it into the list */
+        node->next = (stringNode *)names->head;
+        names->head = (void *)node;
+
+        /* bump the count */
+        names->numnicknames++;
+    }
+
+    if (nickname)
+        PORT_Free(nickname);
+    return (PR_SUCCESS);
+}
+
+CERTCertNicknames *
+CERT_GetCertNicknames(CERTCertDBHandle *handle, int what, void *wincx)
+{
+    PLArenaPool *arena;
+    CERTCertNicknames *names;
+    int i;
+    stringNode *node;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (NULL);
+    }
+
+    names = (CERTCertNicknames *)PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
+    if (names == NULL) {
+        goto loser;
+    }
+
+    names->arena = arena;
+    names->head = NULL;
+    names->numnicknames = 0;
+    names->nicknames = NULL;
+    names->what = what;
+    names->totallen = 0;
+
+    /* make sure we are logged in */
+    (void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
+
+    NSSTrustDomain_TraverseCertificates(handle,
+                                        CollectNicknames, (void *)names);
+    if (names->numnicknames) {
+        names->nicknames = (char **)PORT_ArenaAlloc(arena,
+                                                    names->numnicknames *
+                                                        sizeof(char *));
+
+        if (names->nicknames == NULL) {
+            goto loser;
+        }
+
+        node = (stringNode *)names->head;
+
+        for (i = 0; i < names->numnicknames; i++) {
+            PORT_Assert(node != NULL);
+
+            names->nicknames[i] = node->string;
+            names->totallen += PORT_Strlen(node->string);
+            node = node->next;
+        }
+
+        PORT_Assert(node == NULL);
+    }
+
+    return (names);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (NULL);
+}
+
+void
+CERT_FreeNicknames(CERTCertNicknames *nicknames)
+{
+    PORT_FreeArena(nicknames->arena, PR_FALSE);
+
+    return;
+}
+
+/* [ FROM pcertdb.c ] */
+
+typedef struct dnameNode {
+    struct dnameNode *next;
+    SECItem name;
+} dnameNode;
+
+void
+CERT_FreeDistNames(CERTDistNames *names)
+{
+    PORT_FreeArena(names->arena, PR_FALSE);
+
+    return;
+}
+
+static SECStatus
+CollectDistNames(CERTCertificate *cert, SECItem *k, void *data)
+{
+    CERTDistNames *names;
+    PRBool saveit = PR_FALSE;
+    CERTCertTrust trust;
+    dnameNode *node;
+    int len;
+
+    names = (CERTDistNames *)data;
+
+    if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+        /* only collect names of CAs trusted for issuing SSL clients */
+        if (trust.sslFlags & CERTDB_TRUSTED_CLIENT_CA) {
+            saveit = PR_TRUE;
+        }
+    }
+
+    if (saveit) {
+        /* allocate the node */
+        node = (dnameNode *)PORT_ArenaAlloc(names->arena, sizeof(dnameNode));
+        if (node == NULL) {
+            return (SECFailure);
+        }
+
+        /* copy the name */
+        node->name.len = len = cert->derSubject.len;
+        node->name.type = siBuffer;
+        node->name.data = (unsigned char *)PORT_ArenaAlloc(names->arena, len);
+        if (node->name.data == NULL) {
+            return (SECFailure);
+        }
+        PORT_Memcpy(node->name.data, cert->derSubject.data, len);
+
+        /* link it into the list */
+        node->next = (dnameNode *)names->head;
+        names->head = (void *)node;
+
+        /* bump the count */
+        names->nnames++;
+    }
+
+    return (SECSuccess);
+}
+
+/*
+ * Return all of the CAs that are "trusted" for SSL.
+ */
+CERTDistNames *
+CERT_DupDistNames(CERTDistNames *orig)
+{
+    PLArenaPool *arena;
+    CERTDistNames *names;
+    int i;
+    SECStatus rv;
+
+    /* allocate an arena to use */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (NULL);
+    }
+
+    /* allocate the header structure */
+    names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames));
+    if (names == NULL) {
+        goto loser;
+    }
+
+    /* initialize the header struct */
+    names->arena = arena;
+    names->head = NULL;
+    names->nnames = orig->nnames;
+    names->names = NULL;
+
+    /* construct the array from the list */
+    if (orig->nnames) {
+        names->names = (SECItem *)PORT_ArenaNewArray(arena, SECItem,
+                                                     orig->nnames);
+        if (names->names == NULL) {
+            goto loser;
+        }
+        for (i = 0; i < orig->nnames; i++) {
+            rv = SECITEM_CopyItem(arena, &names->names[i], &orig->names[i]);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+        }
+    }
+    return (names);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (NULL);
+}
+
+CERTDistNames *
+CERT_GetSSLCACerts(CERTCertDBHandle *handle)
+{
+    PLArenaPool *arena;
+    CERTDistNames *names;
+    int i;
+    SECStatus rv;
+    dnameNode *node;
+
+    /* allocate an arena to use */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (NULL);
+    }
+
+    /* allocate the header structure */
+    names = (CERTDistNames *)PORT_ArenaAlloc(arena, sizeof(CERTDistNames));
+    if (names == NULL) {
+        goto loser;
+    }
+
+    /* initialize the header struct */
+    names->arena = arena;
+    names->head = NULL;
+    names->nnames = 0;
+    names->names = NULL;
+
+    /* collect the names from the database */
+    rv = PK11_TraverseSlotCerts(CollectDistNames, (void *)names, NULL);
+    if (rv) {
+        goto loser;
+    }
+
+    /* construct the array from the list */
+    if (names->nnames) {
+        names->names = (SECItem *)PORT_ArenaAlloc(arena, names->nnames * sizeof(SECItem));
+
+        if (names->names == NULL) {
+            goto loser;
+        }
+
+        node = (dnameNode *)names->head;
+
+        for (i = 0; i < names->nnames; i++) {
+            PORT_Assert(node != NULL);
+
+            names->names[i] = node->name;
+            node = node->next;
+        }
+
+        PORT_Assert(node == NULL);
+    }
+
+    return (names);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (NULL);
+}
+
+CERTDistNames *
+CERT_DistNamesFromCertList(CERTCertList *certList)
+{
+    CERTDistNames *dnames = NULL;
+    PLArenaPool *arena;
+    CERTCertListNode *node = NULL;
+    SECItem *names = NULL;
+    int listLen = 0, i = 0;
+
+    if (certList == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    node = CERT_LIST_HEAD(certList);
+    while (!CERT_LIST_END(node, certList)) {
+        listLen += 1;
+        node = CERT_LIST_NEXT(node);
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto loser;
+    dnames = PORT_ArenaZNew(arena, CERTDistNames);
+    if (dnames == NULL)
+        goto loser;
+
+    dnames->arena = arena;
+    dnames->nnames = listLen;
+    dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, listLen);
+    if (names == NULL)
+        goto loser;
+
+    node = CERT_LIST_HEAD(certList);
+    while (!CERT_LIST_END(node, certList)) {
+        CERTCertificate *cert = node->cert;
+        SECStatus rv = SECITEM_CopyItem(arena, &names[i++], &cert->derSubject);
+        if (rv == SECFailure) {
+            goto loser;
+        }
+        node = CERT_LIST_NEXT(node);
+    }
+    return dnames;
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+CERTDistNames *
+CERT_DistNamesFromNicknames(CERTCertDBHandle *handle, char **nicknames,
+                            int nnames)
+{
+    CERTDistNames *dnames = NULL;
+    PLArenaPool *arena;
+    int i, rv;
+    SECItem *names = NULL;
+    CERTCertificate *cert = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto loser;
+    dnames = PORT_ArenaZNew(arena, CERTDistNames);
+    if (dnames == NULL)
+        goto loser;
+
+    dnames->arena = arena;
+    dnames->nnames = nnames;
+    dnames->names = names = PORT_ArenaZNewArray(arena, SECItem, nnames);
+    if (names == NULL)
+        goto loser;
+
+    for (i = 0; i < nnames; i++) {
+        cert = CERT_FindCertByNicknameOrEmailAddr(handle, nicknames[i]);
+        if (cert == NULL)
+            goto loser;
+        rv = SECITEM_CopyItem(arena, &names[i], &cert->derSubject);
+        if (rv == SECFailure)
+            goto loser;
+        CERT_DestroyCertificate(cert);
+    }
+    return dnames;
+
+loser:
+    if (cert != NULL)
+        CERT_DestroyCertificate(cert);
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+/* [ from pcertdb.c - calls Ascii to Name ] */
+/*
+ * Lookup a certificate in the database by name
+ */
+CERTCertificate *
+CERT_FindCertByNameString(CERTCertDBHandle *handle, char *nameStr)
+{
+    CERTName *name;
+    SECItem *nameItem;
+    CERTCertificate *cert = NULL;
+    PLArenaPool *arena = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    name = CERT_AsciiToName(nameStr);
+
+    if (name) {
+        nameItem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+                                      CERT_NameTemplate);
+        if (nameItem != NULL) {
+            cert = CERT_FindCertByName(handle, nameItem);
+        }
+        CERT_DestroyName(name);
+    }
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (cert);
+}
+
+/* From certv3.c */
+
+CERTCrlDistributionPoints *
+CERT_FindCRLDistributionPoints(CERTCertificate *cert)
+{
+    SECItem encodedExtenValue;
+    SECStatus rv;
+    CERTCrlDistributionPoints *dps;
+
+    encodedExtenValue.data = NULL;
+    encodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(cert->extensions, SEC_OID_X509_CRL_DIST_POINTS,
+                            &encodedExtenValue);
+    if (rv != SECSuccess) {
+        return (NULL);
+    }
+
+    dps = CERT_DecodeCRLDistributionPoints(cert->arena, &encodedExtenValue);
+
+    PORT_Free(encodedExtenValue.data);
+
+    return dps;
+}
+
+/* From crl.c */
+CERTSignedCrl *
+CERT_ImportCRL(CERTCertDBHandle *handle, SECItem *derCRL, char *url, int type, void *wincx)
+{
+    CERTSignedCrl *retCrl = NULL;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    retCrl = PK11_ImportCRL(slot, derCRL, url, type, wincx,
+                            CRL_IMPORT_DEFAULT_OPTIONS, NULL, CRL_DECODE_DEFAULT_OPTIONS);
+    PK11_FreeSlot(slot);
+
+    return retCrl;
+}
+
+/* From certdb.c */
+static SECStatus
+cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool trusted)
+{
+    SECStatus rv;
+    SECItem *derCert;
+    CERTCertificate *cert = NULL;
+    CERTCertificate *newcert = NULL;
+    CERTCertDBHandle *handle;
+    CERTCertTrust trust;
+    PRBool isca;
+    char *nickname;
+    unsigned int certtype;
+
+    handle = CERT_GetDefaultCertDB();
+
+    while (numcerts--) {
+        derCert = certs;
+        certs++;
+
+        /* decode my certificate */
+        /* This use is ok -- only looks at decoded parts, calls NewTemp later */
+        newcert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
+        if (newcert == NULL) {
+            goto loser;
+        }
+
+        if (!trusted) {
+            /* make sure that cert is valid */
+            rv = CERT_CertTimesValid(newcert);
+            if (rv == SECFailure) {
+                goto endloop;
+            }
+        }
+
+        /* does it have the CA extension */
+
+        /*
+         * Make sure that if this is an intermediate CA in the chain that
+         * it was given permission by its signer to be a CA.
+         */
+        isca = CERT_IsCACert(newcert, &certtype);
+
+        if (!isca) {
+            if (!trusted) {
+                goto endloop;
+            }
+            trust.sslFlags = CERTDB_VALID_CA;
+            trust.emailFlags = CERTDB_VALID_CA;
+            trust.objectSigningFlags = CERTDB_VALID_CA;
+        } else {
+            /* SSL ca's must have the ssl bit set */
+            if ((certUsage == certUsageSSLCA) &&
+                ((certtype & NS_CERT_TYPE_SSL_CA) != NS_CERT_TYPE_SSL_CA)) {
+                goto endloop;
+            }
+
+            /* it passed all of the tests, so lets add it to the database */
+            /* mark it as a CA */
+            PORT_Memset((void *)&trust, 0, sizeof(trust));
+            switch (certUsage) {
+                case certUsageSSLCA:
+                    trust.sslFlags = CERTDB_VALID_CA;
+                    break;
+                case certUsageUserCertImport:
+                    if ((certtype & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
+                        trust.sslFlags = CERTDB_VALID_CA;
+                    }
+                    if ((certtype & NS_CERT_TYPE_EMAIL_CA) ==
+                        NS_CERT_TYPE_EMAIL_CA) {
+                        trust.emailFlags = CERTDB_VALID_CA;
+                    }
+                    if ((certtype & NS_CERT_TYPE_OBJECT_SIGNING_CA) ==
+                        NS_CERT_TYPE_OBJECT_SIGNING_CA) {
+                        trust.objectSigningFlags = CERTDB_VALID_CA;
+                    }
+                    break;
+                default:
+                    PORT_Assert(0);
+                    break;
+            }
+        }
+
+        cert = CERT_NewTempCertificate(handle, derCert, NULL,
+                                       PR_FALSE, PR_FALSE);
+        if (cert == NULL) {
+            goto loser;
+        }
+
+        /* if the cert is temp, make it perm; otherwise we're done */
+        if (cert->istemp) {
+            /* get a default nickname for it */
+            nickname = CERT_MakeCANickname(cert);
+
+            rv = CERT_AddTempCertToPerm(cert, nickname, &trust);
+
+            /* free the nickname */
+            if (nickname) {
+                PORT_Free(nickname);
+            }
+        } else {
+            rv = SECSuccess;
+        }
+
+        CERT_DestroyCertificate(cert);
+        cert = NULL;
+
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+    endloop:
+        if (newcert) {
+            CERT_DestroyCertificate(newcert);
+            newcert = NULL;
+        }
+    }
+
+    rv = SECSuccess;
+    goto done;
+loser:
+    rv = SECFailure;
+done:
+
+    if (newcert) {
+        CERT_DestroyCertificate(newcert);
+        newcert = NULL;
+    }
+
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+        cert = NULL;
+    }
+
+    return (rv);
+}
+
+SECStatus
+CERT_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage)
+{
+    return cert_ImportCAChain(certs, numcerts, certUsage, PR_FALSE);
+}
+
+SECStatus
+CERT_ImportCAChainTrusted(SECItem *certs, int numcerts, SECCertUsage certUsage)
+{
+    return cert_ImportCAChain(certs, numcerts, certUsage, PR_TRUE);
+}
+
+/* Moved from certdb.c */
+/*
+** CERT_CertChainFromCert
+**
+** Construct a CERTCertificateList consisting of the given certificate and all
+** of the issuer certs until we either get to a self-signed cert or can't find
+** an issuer.  Since we don't know how many certs are in the chain we have to
+** build a linked list first as we count them.
+*/
+
+typedef struct certNode {
+    struct certNode *next;
+    CERTCertificate *cert;
+} certNode;
+
+CERTCertificateList *
+CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
+                       PRBool includeRoot)
+{
+    CERTCertificateList *chain = NULL;
+    NSSCertificate **stanChain;
+    NSSCertificate *stanCert;
+    PLArenaPool *arena;
+    NSSUsage nssUsage;
+    int i, len;
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+    NSSCryptoContext *cc = STAN_GetDefaultCryptoContext();
+
+    stanCert = STAN_GetNSSCertificate(cert);
+    if (!stanCert) {
+        /* error code is set */
+        return NULL;
+    }
+    nssUsage.anyUsage = PR_FALSE;
+    nssUsage.nss3usage = usage;
+    nssUsage.nss3lookingForCA = PR_FALSE;
+    stanChain = NSSCertificate_BuildChain(stanCert, NULL, &nssUsage, NULL, NULL,
+                                          CERT_MAX_CERT_CHAIN, NULL, NULL, td, cc);
+    if (!stanChain) {
+        PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+        return NULL;
+    }
+
+    len = 0;
+    stanCert = stanChain[0];
+    while (stanCert) {
+        stanCert = stanChain[++len];
+    }
+
+    arena = PORT_NewArena(4096);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    chain = (CERTCertificateList *)PORT_ArenaAlloc(arena,
+                                                   sizeof(CERTCertificateList));
+    if (!chain)
+        goto loser;
+    chain->certs = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
+    if (!chain->certs)
+        goto loser;
+    i = 0;
+    stanCert = stanChain[i];
+    while (stanCert) {
+        SECItem derCert;
+        CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
+        if (!cCert) {
+            goto loser;
+        }
+        derCert.len = (unsigned int)stanCert->encoding.size;
+        derCert.data = (unsigned char *)stanCert->encoding.data;
+        derCert.type = siBuffer;
+        if (SECITEM_CopyItem(arena, &chain->certs[i], &derCert) != SECSuccess) {
+            CERT_DestroyCertificate(cCert);
+            goto loser;
+        }
+        stanCert = stanChain[++i];
+        if (!stanCert && !cCert->isRoot) {
+            /* reached the end of the chain, but the final cert is
+             * not a root.  Don't discard it.
+             */
+            includeRoot = PR_TRUE;
+        }
+        CERT_DestroyCertificate(cCert);
+    }
+    if (!includeRoot && len > 1) {
+        chain->len = len - 1;
+    } else {
+        chain->len = len;
+    }
+
+    chain->arena = arena;
+    nss_ZFreeIf(stanChain);
+    return chain;
+loser:
+    i = 0;
+    stanCert = stanChain[i];
+    while (stanCert) {
+        CERTCertificate *cCert = STAN_GetCERTCertificate(stanCert);
+        if (cCert) {
+            CERT_DestroyCertificate(cCert);
+        }
+        stanCert = stanChain[++i];
+    }
+    nss_ZFreeIf(stanChain);
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+/* Builds a CERTCertificateList holding just one DER-encoded cert, namely
+** the one for the cert passed as an argument.
+*/
+CERTCertificateList *
+CERT_CertListFromCert(CERTCertificate *cert)
+{
+    CERTCertificateList *chain = NULL;
+    int rv;
+    PLArenaPool *arena;
+
+    /* arena for SecCertificateList */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto no_memory;
+
+    /* build the CERTCertificateList */
+    chain = (CERTCertificateList *)PORT_ArenaAlloc(arena, sizeof(CERTCertificateList));
+    if (chain == NULL)
+        goto no_memory;
+    chain->certs = (SECItem *)PORT_ArenaAlloc(arena, 1 * sizeof(SECItem));
+    if (chain->certs == NULL)
+        goto no_memory;
+    rv = SECITEM_CopyItem(arena, chain->certs, &(cert->derCert));
+    if (rv < 0)
+        goto loser;
+    chain->len = 1;
+    chain->arena = arena;
+
+    return chain;
+
+no_memory:
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+CERTCertificateList *
+CERT_DupCertList(const CERTCertificateList *oldList)
+{
+    CERTCertificateList *newList = NULL;
+    PLArenaPool *arena = NULL;
+    SECItem *newItem;
+    SECItem *oldItem;
+    int len = oldList->len;
+    int rv;
+
+    /* arena for SecCertificateList */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto no_memory;
+
+    /* now build the CERTCertificateList */
+    newList = PORT_ArenaNew(arena, CERTCertificateList);
+    if (newList == NULL)
+        goto no_memory;
+    newList->arena = arena;
+    newItem = (SECItem *)PORT_ArenaAlloc(arena, len * sizeof(SECItem));
+    if (newItem == NULL)
+        goto no_memory;
+    newList->certs = newItem;
+    newList->len = len;
+
+    for (oldItem = oldList->certs; len > 0; --len, ++newItem, ++oldItem) {
+        rv = SECITEM_CopyItem(arena, newItem, oldItem);
+        if (rv < 0)
+            goto loser;
+    }
+    return newList;
+
+no_memory:
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+void
+CERT_DestroyCertificateList(CERTCertificateList *list)
+{
+    PORT_FreeArena(list->arena, PR_FALSE);
+}
diff --git a/nss/lib/certhigh/certhigh.gyp b/nss/lib/certhigh/certhigh.gyp
new file mode 100644
index 0000000..5817c3e
--- /dev/null
+++ b/nss/lib/certhigh/certhigh.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'certhi',
+      'type': 'static_library',
+      'sources': [
+        'certhigh.c',
+        'certhtml.c',
+        'certreq.c',
+        'certvfy.c',
+        'certvfypkix.c',
+        'crlv2.c',
+        'ocsp.c',
+        'ocspsig.c',
+        'xcrldist.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/certhigh/certhtml.c b/nss/lib/certhigh/certhtml.c
new file mode 100644
index 0000000..a522f69
--- /dev/null
+++ b/nss/lib/certhigh/certhtml.c
@@ -0,0 +1,300 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * certhtml.c --- convert a cert to html
+ */
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "sechash.h"
+#include "cert.h"
+#include "keyhi.h"
+#include "secder.h"
+#include "prprf.h"
+#include "secport.h"
+#include "secasn1.h"
+#include "pk11func.h"
+
+static char *hex = "0123456789ABCDEF";
+
+/*
+** Convert a der-encoded integer to a hex printable string form
+*/
+char *
+CERT_Hexify(SECItem *i, int do_colon)
+{
+    unsigned char *cp, *end;
+    char *rv, *o;
+
+    if (!i->len) {
+        return PORT_Strdup("00");
+    }
+
+    rv = o = (char *)PORT_Alloc(i->len * 3);
+    if (!rv)
+        return rv;
+
+    cp = i->data;
+    end = cp + i->len;
+    while (cp < end) {
+        unsigned char ch = *cp++;
+        *o++ = hex[(ch >> 4) & 0xf];
+        *o++ = hex[ch & 0xf];
+        if (cp != end) {
+            if (do_colon) {
+                *o++ = ':';
+            }
+        }
+    }
+    *o = 0; /* Null terminate the string */
+    return rv;
+}
+
+#define BREAK "<br>"
+#define BREAKLEN 4
+#define COMMA ", "
+#define COMMALEN 2
+
+#define MAX_OUS 20
+#define MAX_DC MAX_OUS
+
+char *
+CERT_FormatName(CERTName *name)
+{
+    CERTRDN **rdns;
+    CERTRDN *rdn;
+    CERTAVA **avas;
+    CERTAVA *ava;
+    char *buf = 0;
+    char *tmpbuf = 0;
+    SECItem *cn = 0;
+    SECItem *email = 0;
+    SECItem *org = 0;
+    SECItem *loc = 0;
+    SECItem *state = 0;
+    SECItem *country = 0;
+    SECItem *dq = 0;
+
+    unsigned len = 0;
+    int tag;
+    int i;
+    int ou_count = 0;
+    int dc_count = 0;
+    PRBool first;
+    SECItem *orgunit[MAX_OUS];
+    SECItem *dc[MAX_DC];
+
+    /* Loop over name components and gather the interesting ones */
+    rdns = name->rdns;
+    while ((rdn = *rdns++) != 0) {
+        avas = rdn->avas;
+        while ((ava = *avas++) != 0) {
+            tag = CERT_GetAVATag(ava);
+            switch (tag) {
+                case SEC_OID_AVA_COMMON_NAME:
+                    if (cn) {
+                        break;
+                    }
+                    cn = CERT_DecodeAVAValue(&ava->value);
+                    if (!cn) {
+                        goto loser;
+                    }
+                    len += cn->len;
+                    break;
+                case SEC_OID_AVA_COUNTRY_NAME:
+                    if (country) {
+                        break;
+                    }
+                    country = CERT_DecodeAVAValue(&ava->value);
+                    if (!country) {
+                        goto loser;
+                    }
+                    len += country->len;
+                    break;
+                case SEC_OID_AVA_LOCALITY:
+                    if (loc) {
+                        break;
+                    }
+                    loc = CERT_DecodeAVAValue(&ava->value);
+                    if (!loc) {
+                        goto loser;
+                    }
+                    len += loc->len;
+                    break;
+                case SEC_OID_AVA_STATE_OR_PROVINCE:
+                    if (state) {
+                        break;
+                    }
+                    state = CERT_DecodeAVAValue(&ava->value);
+                    if (!state) {
+                        goto loser;
+                    }
+                    len += state->len;
+                    break;
+                case SEC_OID_AVA_ORGANIZATION_NAME:
+                    if (org) {
+                        break;
+                    }
+                    org = CERT_DecodeAVAValue(&ava->value);
+                    if (!org) {
+                        goto loser;
+                    }
+                    len += org->len;
+                    break;
+                case SEC_OID_AVA_DN_QUALIFIER:
+                    if (dq) {
+                        break;
+                    }
+                    dq = CERT_DecodeAVAValue(&ava->value);
+                    if (!dq) {
+                        goto loser;
+                    }
+                    len += dq->len;
+                    break;
+                case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
+                    if (ou_count < MAX_OUS) {
+                        orgunit[ou_count] = CERT_DecodeAVAValue(&ava->value);
+                        if (!orgunit[ou_count]) {
+                            goto loser;
+                        }
+                        len += orgunit[ou_count++]->len;
+                    }
+                    break;
+                case SEC_OID_AVA_DC:
+                    if (dc_count < MAX_DC) {
+                        dc[dc_count] = CERT_DecodeAVAValue(&ava->value);
+                        if (!dc[dc_count]) {
+                            goto loser;
+                        }
+                        len += dc[dc_count++]->len;
+                    }
+                    break;
+                case SEC_OID_PKCS9_EMAIL_ADDRESS:
+                case SEC_OID_RFC1274_MAIL:
+                    if (email) {
+                        break;
+                    }
+                    email = CERT_DecodeAVAValue(&ava->value);
+                    if (!email) {
+                        goto loser;
+                    }
+                    len += email->len;
+                    break;
+                default:
+                    break;
+            }
+        }
+    }
+
+    /* XXX - add some for formatting */
+    len += 128;
+
+    /* allocate buffer */
+    buf = (char *)PORT_Alloc(len);
+    if (!buf) {
+        goto loser;
+    }
+
+    tmpbuf = buf;
+
+    if (cn) {
+        PORT_Memcpy(tmpbuf, cn->data, cn->len);
+        tmpbuf += cn->len;
+        PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+        tmpbuf += BREAKLEN;
+    }
+    if (email) {
+        PORT_Memcpy(tmpbuf, email->data, email->len);
+        tmpbuf += (email->len);
+        PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+        tmpbuf += BREAKLEN;
+    }
+    for (i = ou_count - 1; i >= 0; i--) {
+        PORT_Memcpy(tmpbuf, orgunit[i]->data, orgunit[i]->len);
+        tmpbuf += (orgunit[i]->len);
+        PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+        tmpbuf += BREAKLEN;
+    }
+    if (dq) {
+        PORT_Memcpy(tmpbuf, dq->data, dq->len);
+        tmpbuf += (dq->len);
+        PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+        tmpbuf += BREAKLEN;
+    }
+    if (org) {
+        PORT_Memcpy(tmpbuf, org->data, org->len);
+        tmpbuf += (org->len);
+        PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+        tmpbuf += BREAKLEN;
+    }
+    for (i = dc_count - 1; i >= 0; i--) {
+        PORT_Memcpy(tmpbuf, dc[i]->data, dc[i]->len);
+        tmpbuf += (dc[i]->len);
+        PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+        tmpbuf += BREAKLEN;
+    }
+    first = PR_TRUE;
+    if (loc) {
+        PORT_Memcpy(tmpbuf, loc->data, loc->len);
+        tmpbuf += (loc->len);
+        first = PR_FALSE;
+    }
+    if (state) {
+        if (!first) {
+            PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
+            tmpbuf += COMMALEN;
+        }
+        PORT_Memcpy(tmpbuf, state->data, state->len);
+        tmpbuf += (state->len);
+        first = PR_FALSE;
+    }
+    if (country) {
+        if (!first) {
+            PORT_Memcpy(tmpbuf, COMMA, COMMALEN);
+            tmpbuf += COMMALEN;
+        }
+        PORT_Memcpy(tmpbuf, country->data, country->len);
+        tmpbuf += (country->len);
+        first = PR_FALSE;
+    }
+    if (!first) {
+        PORT_Memcpy(tmpbuf, BREAK, BREAKLEN);
+        tmpbuf += BREAKLEN;
+    }
+
+    *tmpbuf = 0;
+
+/* fall through and clean */
+loser:
+    if (cn) {
+        SECITEM_FreeItem(cn, PR_TRUE);
+    }
+    if (email) {
+        SECITEM_FreeItem(email, PR_TRUE);
+    }
+    for (i = ou_count - 1; i >= 0; i--) {
+        SECITEM_FreeItem(orgunit[i], PR_TRUE);
+    }
+    if (dq) {
+        SECITEM_FreeItem(dq, PR_TRUE);
+    }
+    if (org) {
+        SECITEM_FreeItem(org, PR_TRUE);
+    }
+    for (i = dc_count - 1; i >= 0; i--) {
+        SECITEM_FreeItem(dc[i], PR_TRUE);
+    }
+    if (loc) {
+        SECITEM_FreeItem(loc, PR_TRUE);
+    }
+    if (state) {
+        SECITEM_FreeItem(state, PR_TRUE);
+    }
+    if (country) {
+        SECITEM_FreeItem(country, PR_TRUE);
+    }
+
+    return (buf);
+}
diff --git a/nss/lib/certhigh/certreq.c b/nss/lib/certhigh/certreq.c
new file mode 100644
index 0000000..4087bc9
--- /dev/null
+++ b/nss/lib/certhigh/certreq.c
@@ -0,0 +1,331 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "certt.h"
+#include "secder.h"
+#include "key.h"
+#include "secitem.h"
+#include "secasn1.h"
+#include "secerr.h"
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+
+const SEC_ASN1Template CERT_AttributeTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTAttribute) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CERTAttribute, attrType) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(CERTAttribute, attrValue),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_SetOfAttributeTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, CERT_AttributeTemplate },
+};
+
+const SEC_ASN1Template CERT_CertificateRequestTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTCertificateRequest) },
+    { SEC_ASN1_INTEGER,
+      offsetof(CERTCertificateRequest, version) },
+    { SEC_ASN1_INLINE,
+      offsetof(CERTCertificateRequest, subject),
+      CERT_NameTemplate },
+    { SEC_ASN1_INLINE,
+      offsetof(CERTCertificateRequest, subjectPublicKeyInfo),
+      CERT_SubjectPublicKeyInfoTemplate },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(CERTCertificateRequest, attributes),
+      CERT_SetOfAttributeTemplate },
+    { 0 }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_CertificateRequestTemplate)
+
+CERTCertificate *
+CERT_CreateCertificate(unsigned long serialNumber,
+                       CERTName *issuer,
+                       CERTValidity *validity,
+                       CERTCertificateRequest *req)
+{
+    CERTCertificate *c;
+    int rv;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        return (0);
+    }
+
+    c = (CERTCertificate *)PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
+
+    if (!c) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return 0;
+    }
+
+    c->referenceCount = 1;
+    c->arena = arena;
+
+    /*
+     * Default is a plain version 1.
+     * If extensions are added, it will get changed as appropriate.
+     */
+    rv = DER_SetUInteger(arena, &c->version, SEC_CERTIFICATE_VERSION_1);
+    if (rv)
+        goto loser;
+
+    rv = DER_SetUInteger(arena, &c->serialNumber, serialNumber);
+    if (rv)
+        goto loser;
+
+    rv = CERT_CopyName(arena, &c->issuer, issuer);
+    if (rv)
+        goto loser;
+
+    rv = CERT_CopyValidity(arena, &c->validity, validity);
+    if (rv)
+        goto loser;
+
+    rv = CERT_CopyName(arena, &c->subject, &req->subject);
+    if (rv)
+        goto loser;
+    rv = SECKEY_CopySubjectPublicKeyInfo(arena, &c->subjectPublicKeyInfo,
+                                         &req->subjectPublicKeyInfo);
+    if (rv)
+        goto loser;
+
+    return c;
+
+loser:
+    CERT_DestroyCertificate(c);
+    return 0;
+}
+
+/************************************************************************/
+/* It's clear from the comments that the original author of this
+ * function expected the template for certificate requests to treat
+ * the attributes as a SET OF ANY.  This function expected to be
+ * passed an array of SECItems each of which contained an already encoded
+ * Attribute.  But the cert request template does not treat the
+ * Attributes as a SET OF ANY, and AFAIK never has.  Instead the template
+ * encodes attributes as a SET OF xxxxxxx.  That is, it expects to encode
+ * each of the Attributes, not have them pre-encoded.  Consequently an
+ * array of SECItems containing encoded Attributes is of no value to this
+ * function.  But we cannot change the signature of this public function.
+ * It must continue to take SECItems.
+ *
+ * I have recoded this function so that each SECItem contains an
+ * encoded cert extension.  The encoded cert extensions form the list for the
+ * single attribute of the cert request. In this implementation there is at most
+ * one attribute and it is always of type SEC_OID_PKCS9_EXTENSION_REQUEST.
+ */
+
+CERTCertificateRequest *
+CERT_CreateCertificateRequest(CERTName *subject,
+                              CERTSubjectPublicKeyInfo *spki,
+                              SECItem **attributes)
+{
+    CERTCertificateRequest *certreq;
+    PLArenaPool *arena;
+    CERTAttribute *attribute;
+    SECOidData *oidData;
+    SECStatus rv;
+    int i = 0;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    certreq = PORT_ArenaZNew(arena, CERTCertificateRequest);
+    if (!certreq) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    /* below here it is safe to goto loser */
+
+    certreq->arena = arena;
+
+    rv = DER_SetUInteger(arena, &certreq->version,
+                         SEC_CERTIFICATE_REQUEST_VERSION);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = CERT_CopyName(arena, &certreq->subject, subject);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = SECKEY_CopySubjectPublicKeyInfo(arena,
+                                         &certreq->subjectPublicKeyInfo,
+                                         spki);
+    if (rv != SECSuccess)
+        goto loser;
+
+    certreq->attributes = PORT_ArenaZNewArray(arena, CERTAttribute *, 2);
+    if (!certreq->attributes)
+        goto loser;
+
+    /* Copy over attribute information */
+    if (!attributes || !attributes[0]) {
+        /*
+	 ** Invent empty attribute information. According to the
+	 ** pkcs#10 spec, attributes has this ASN.1 type:
+	 **
+	 ** attributes [0] IMPLICIT Attributes
+	 **
+	 ** Which means, we should create a NULL terminated list
+	 ** with the first entry being NULL;
+	 */
+        certreq->attributes[0] = NULL;
+        return certreq;
+    }
+
+    /* allocate space for attributes */
+    attribute = PORT_ArenaZNew(arena, CERTAttribute);
+    if (!attribute)
+        goto loser;
+
+    oidData = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
+    PORT_Assert(oidData);
+    if (!oidData)
+        goto loser;
+    rv = SECITEM_CopyItem(arena, &attribute->attrType, &oidData->oid);
+    if (rv != SECSuccess)
+        goto loser;
+
+    for (i = 0; attributes[i] != NULL; i++)
+        ;
+    attribute->attrValue = PORT_ArenaZNewArray(arena, SECItem *, i + 1);
+    if (!attribute->attrValue)
+        goto loser;
+
+    /* copy attributes */
+    for (i = 0; attributes[i]; i++) {
+        /*
+	** Attributes are a SetOf Attribute which implies
+	** lexigraphical ordering.  It is assumes that the
+	** attributes are passed in sorted.  If we need to
+	** add functionality to sort them, there is an
+	** example in the PKCS 7 code.
+	*/
+        attribute->attrValue[i] = SECITEM_ArenaDupItem(arena, attributes[i]);
+        if (!attribute->attrValue[i])
+            goto loser;
+    }
+
+    certreq->attributes[0] = attribute;
+
+    return certreq;
+
+loser:
+    CERT_DestroyCertificateRequest(certreq);
+    return NULL;
+}
+
+void
+CERT_DestroyCertificateRequest(CERTCertificateRequest *req)
+{
+    if (req && req->arena) {
+        PORT_FreeArena(req->arena, PR_FALSE);
+    }
+    return;
+}
+
+static void
+setCRExt(void *o, CERTCertExtension **exts)
+{
+    ((CERTCertificateRequest *)o)->attributes = (struct CERTAttributeStr **)exts;
+}
+
+/*
+** Set up to start gathering cert extensions for a cert request.
+** The list is created as CertExtensions and converted to an
+** attribute list by CERT_FinishCRAttributes().
+ */
+extern void *cert_StartExtensions(void *owner, PLArenaPool *ownerArena,
+                                  void (*setExts)(void *object, CERTCertExtension **exts));
+void *
+CERT_StartCertificateRequestAttributes(CERTCertificateRequest *req)
+{
+    return (cert_StartExtensions((void *)req, req->arena, setCRExt));
+}
+
+/*
+** At entry req->attributes actually contains an list of cert extensions--
+** req-attributes is overloaded until the list is DER encoded (the first
+** ...EncodeItem() below).
+** We turn this into an attribute list by encapsulating it
+** in a PKCS 10 Attribute structure
+ */
+SECStatus
+CERT_FinishCertificateRequestAttributes(CERTCertificateRequest *req)
+{
+    SECItem *extlist;
+    SECOidData *oidrec;
+    CERTAttribute *attribute;
+
+    if (!req || !req->arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (req->attributes == NULL || req->attributes[0] == NULL)
+        return SECSuccess;
+
+    extlist = SEC_ASN1EncodeItem(req->arena, NULL, &req->attributes,
+                                 SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate));
+    if (extlist == NULL)
+        return (SECFailure);
+
+    oidrec = SECOID_FindOIDByTag(SEC_OID_PKCS9_EXTENSION_REQUEST);
+    if (oidrec == NULL)
+        return SECFailure;
+
+    /* now change the list of cert extensions into a list of attributes
+     */
+    req->attributes = PORT_ArenaZNewArray(req->arena, CERTAttribute *, 2);
+
+    attribute = PORT_ArenaZNew(req->arena, CERTAttribute);
+
+    if (req->attributes == NULL || attribute == NULL ||
+        SECITEM_CopyItem(req->arena, &attribute->attrType, &oidrec->oid) != 0) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    attribute->attrValue = PORT_ArenaZNewArray(req->arena, SECItem *, 2);
+
+    if (attribute->attrValue == NULL)
+        return SECFailure;
+
+    attribute->attrValue[0] = extlist;
+    attribute->attrValue[1] = NULL;
+    req->attributes[0] = attribute;
+    req->attributes[1] = NULL;
+
+    return SECSuccess;
+}
+
+SECStatus
+CERT_GetCertificateRequestExtensions(CERTCertificateRequest *req,
+                                     CERTCertExtension ***exts)
+{
+    if (req == NULL || exts == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (req->attributes == NULL || *req->attributes == NULL)
+        return SECSuccess;
+
+    if ((*req->attributes)->attrValue == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    return (SEC_ASN1DecodeItem(req->arena, exts,
+                               SEC_ASN1_GET(CERT_SequenceOfCertExtensionTemplate),
+                               (*req->attributes)->attrValue[0]));
+}
diff --git a/nss/lib/certhigh/certvfy.c b/nss/lib/certhigh/certvfy.c
new file mode 100644
index 0000000..ccd38e6
--- /dev/null
+++ b/nss/lib/certhigh/certvfy.c
@@ -0,0 +1,2082 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nspr.h"
+#include "secerr.h"
+#include "secport.h"
+#include "seccomon.h"
+#include "secoid.h"
+#include "genname.h"
+#include "keyhi.h"
+#include "cert.h"
+#include "certdb.h"
+#include "certi.h"
+#include "cryptohi.h"
+
+#ifndef NSS_DISABLE_LIBPKIX
+#include "pkix.h"
+#include "pkix_pl_cert.h"
+#else
+#include "nss.h"
+#endif /* NSS_DISABLE_LIBPKIX */
+
+#include "nsspki.h"
+#include "pkitm.h"
+#include "pkim.h"
+#include "pki3hack.h"
+#include "base.h"
+#include "keyhi.h"
+
+/*
+ * Check the validity times of a certificate
+ */
+SECStatus
+CERT_CertTimesValid(CERTCertificate *c)
+{
+    SECCertTimeValidity valid = CERT_CheckCertValidTimes(c, PR_Now(), PR_TRUE);
+    return (valid == secCertTimeValid) ? SECSuccess : SECFailure;
+}
+
+SECStatus
+checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key)
+{
+    SECStatus rv;
+    SECOidTag sigAlg;
+    SECOidTag curve;
+    PRUint32 policyFlags = 0;
+    PRInt32 minLen, len;
+
+    sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm);
+
+    switch (sigAlg) {
+        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+            if (key->keyType != ecKey) {
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                return SECFailure;
+            }
+
+            curve = SECKEY_GetECCOid(&key->u.ec.DEREncodedParams);
+            if (curve != 0) {
+                if (NSS_GetAlgorithmPolicy(curve, &policyFlags) == SECFailure ||
+                    !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+                    PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+                    return SECFailure;
+                } else {
+                    return SECSuccess;
+                }
+            } else {
+                PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+                return SECFailure;
+            }
+            return SECSuccess;
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+        case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+        case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
+            if (key->keyType != rsaKey && key->keyType != rsaPssKey) {
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                return SECFailure;
+            }
+
+            len = 8 * key->u.rsa.modulus.len;
+
+            rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minLen);
+            if (rv != SECSuccess) {
+                return SECFailure;
+            }
+
+            if (len < minLen) {
+                return SECFailure;
+            }
+
+            return SECSuccess;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+        case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+        case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+        case SEC_OID_SDN702_DSA_SIGNATURE:
+        case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+        case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+            if (key->keyType != dsaKey) {
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                return SECFailure;
+            }
+
+            len = 8 * key->u.dsa.params.prime.len;
+
+            rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minLen);
+            if (rv != SECSuccess) {
+                return SECFailure;
+            }
+
+            if (len < minLen) {
+                return SECFailure;
+            }
+
+            return SECSuccess;
+        default:
+            return SECSuccess;
+    }
+}
+
+/*
+ * verify the signature of a signed data object with the given DER publickey
+ */
+SECStatus
+CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd,
+                                   SECKEYPublicKey *pubKey,
+                                   void *wincx)
+{
+    SECStatus rv;
+    SECItem sig;
+    SECOidTag hashAlg = SEC_OID_UNKNOWN;
+
+    if (!pubKey || !sd) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    /* check the signature */
+    sig = sd->signature;
+    /* convert sig->len from bit counts to byte count. */
+    DER_ConvertBitString(&sig);
+
+    rv = VFY_VerifyDataWithAlgorithmID(sd->data.data, sd->data.len, pubKey,
+                                       &sig, &sd->signatureAlgorithm, &hashAlg, wincx);
+    if (rv == SECSuccess) {
+        /* Are we honoring signatures for this algorithm?  */
+        PRUint32 policyFlags = 0;
+        rv = checkKeyParams(&sd->signatureAlgorithm, pubKey);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+            return SECFailure;
+        }
+
+        rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags);
+        if (rv == SECSuccess &&
+            !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) {
+            PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+            return SECFailure;
+        }
+    }
+    return rv;
+}
+
+/*
+ * verify the signature of a signed data object with the given DER publickey
+ */
+SECStatus
+CERT_VerifySignedDataWithPublicKeyInfo(CERTSignedData *sd,
+                                       CERTSubjectPublicKeyInfo *pubKeyInfo,
+                                       void *wincx)
+{
+    SECKEYPublicKey *pubKey;
+    SECStatus rv = SECFailure;
+
+    /* get cert's public key */
+    pubKey = SECKEY_ExtractPublicKey(pubKeyInfo);
+    if (pubKey) {
+        rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
+        SECKEY_DestroyPublicKey(pubKey);
+    }
+    return rv;
+}
+
+/*
+ * verify the signature of a signed data object with the given certificate
+ */
+SECStatus
+CERT_VerifySignedData(CERTSignedData *sd, CERTCertificate *cert,
+                      PRTime t, void *wincx)
+{
+    SECKEYPublicKey *pubKey = 0;
+    SECStatus rv = SECFailure;
+    SECCertTimeValidity validity;
+
+    /* check the certificate's validity */
+    validity = CERT_CheckCertValidTimes(cert, t, PR_FALSE);
+    if (validity != secCertTimeValid) {
+        return rv;
+    }
+
+    /* get cert's public key */
+    pubKey = CERT_ExtractPublicKey(cert);
+    if (pubKey) {
+        rv = CERT_VerifySignedDataWithPublicKey(sd, pubKey, wincx);
+        SECKEY_DestroyPublicKey(pubKey);
+    }
+    return rv;
+}
+
+SECStatus
+SEC_CheckCRL(CERTCertDBHandle *handle, CERTCertificate *cert,
+             CERTCertificate *caCert, PRTime t, void *wincx)
+{
+    return CERT_CheckCRL(cert, caCert, NULL, t, wincx);
+}
+
+/*
+ * Find the issuer of a cert.  Use the authorityKeyID if it exists.
+ */
+CERTCertificate *
+CERT_FindCertIssuer(CERTCertificate *cert, PRTime validTime, SECCertUsage usage)
+{
+    NSSCertificate *me;
+    NSSTime *nssTime;
+    NSSTrustDomain *td;
+    NSSCryptoContext *cc;
+    NSSCertificate *chain[3];
+    NSSUsage nssUsage;
+    PRStatus status;
+
+    me = STAN_GetNSSCertificate(cert);
+    if (!me) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    nssTime = NSSTime_SetPRTime(NULL, validTime);
+    nssUsage.anyUsage = PR_FALSE;
+    nssUsage.nss3usage = usage;
+    nssUsage.nss3lookingForCA = PR_TRUE;
+    memset(chain, 0, 3 * sizeof(NSSCertificate *));
+    td = STAN_GetDefaultTrustDomain();
+    cc = STAN_GetDefaultCryptoContext();
+    (void)NSSCertificate_BuildChain(me, nssTime, &nssUsage, NULL,
+                                    chain, 2, NULL, &status, td, cc);
+    nss_ZFreeIf(nssTime);
+    if (status == PR_SUCCESS) {
+        PORT_Assert(me == chain[0]);
+        /* if it's a root, the chain will only have one cert */
+        if (!chain[1]) {
+            /* already has a reference from the call to BuildChain */
+            return cert;
+        }
+        NSSCertificate_Destroy(chain[0]);         /* the first cert in the chain */
+        return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */
+    }
+    if (chain[0]) {
+        PORT_Assert(me == chain[0]);
+        NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
+    }
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+    return NULL;
+}
+
+/*
+ * return required trust flags for various cert usages for CAs
+ */
+SECStatus
+CERT_TrustFlagsForCACertUsage(SECCertUsage usage,
+                              unsigned int *retFlags,
+                              SECTrustType *retTrustType)
+{
+    unsigned int requiredFlags;
+    SECTrustType trustType;
+
+    switch (usage) {
+        case certUsageSSLClient:
+            requiredFlags = CERTDB_TRUSTED_CLIENT_CA;
+            trustType = trustSSL;
+            break;
+        case certUsageSSLServer:
+        case certUsageSSLCA:
+            requiredFlags = CERTDB_TRUSTED_CA;
+            trustType = trustSSL;
+            break;
+        case certUsageSSLServerWithStepUp:
+            requiredFlags = CERTDB_TRUSTED_CA | CERTDB_GOVT_APPROVED_CA;
+            trustType = trustSSL;
+            break;
+        case certUsageEmailSigner:
+        case certUsageEmailRecipient:
+            requiredFlags = CERTDB_TRUSTED_CA;
+            trustType = trustEmail;
+            break;
+        case certUsageObjectSigner:
+            requiredFlags = CERTDB_TRUSTED_CA;
+            trustType = trustObjectSigning;
+            break;
+        case certUsageVerifyCA:
+        case certUsageAnyCA:
+        case certUsageStatusResponder:
+            requiredFlags = CERTDB_TRUSTED_CA;
+            trustType = trustTypeNone;
+            break;
+        default:
+            PORT_Assert(0);
+            goto loser;
+    }
+    if (retFlags != NULL) {
+        *retFlags = requiredFlags;
+    }
+    if (retTrustType != NULL) {
+        *retTrustType = trustType;
+    }
+
+    return (SECSuccess);
+loser:
+    return (SECFailure);
+}
+
+void
+cert_AddToVerifyLog(CERTVerifyLog *log, CERTCertificate *cert, long error,
+                    unsigned int depth, void *arg)
+{
+    CERTVerifyLogNode *node, *tnode;
+
+    PORT_Assert(log != NULL);
+
+    node = (CERTVerifyLogNode *)PORT_ArenaAlloc(log->arena,
+                                                sizeof(CERTVerifyLogNode));
+    if (node != NULL) {
+        node->cert = CERT_DupCertificate(cert);
+        node->error = error;
+        node->depth = depth;
+        node->arg = arg;
+
+        if (log->tail == NULL) {
+            /* empty list */
+            log->head = log->tail = node;
+            node->prev = NULL;
+            node->next = NULL;
+        } else if (depth >= log->tail->depth) {
+            /* add to tail */
+            node->prev = log->tail;
+            log->tail->next = node;
+            log->tail = node;
+            node->next = NULL;
+        } else if (depth < log->head->depth) {
+            /* add at head */
+            node->prev = NULL;
+            node->next = log->head;
+            log->head->prev = node;
+            log->head = node;
+        } else {
+            /* add in middle */
+            tnode = log->tail;
+            while (tnode != NULL) {
+                if (depth >= tnode->depth) {
+                    /* insert after tnode */
+                    node->prev = tnode;
+                    node->next = tnode->next;
+                    tnode->next->prev = node;
+                    tnode->next = node;
+                    break;
+                }
+
+                tnode = tnode->prev;
+            }
+        }
+
+        log->count++;
+    }
+    return;
+}
+
+#define EXIT_IF_NOT_LOGGING(log) \
+    if (log == NULL) {           \
+        goto loser;              \
+    }
+
+#define LOG_ERROR_OR_EXIT(log, cert, depth, arg)               \
+    if (log != NULL) {                                         \
+        cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
+                            (void *)(PRWord)arg);              \
+    } else {                                                   \
+        goto loser;                                            \
+    }
+
+#define LOG_ERROR(log, cert, depth, arg)                       \
+    if (log != NULL) {                                         \
+        cert_AddToVerifyLog(log, cert, PORT_GetError(), depth, \
+                            (void *)(PRWord)arg);              \
+    }
+
+/* /C=CN/O=WoSign CA Limited/CN=CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6
+ * Using a consistent naming convention, this would actually be called
+ * 'CA沃通根�书DN', but since GCC 6.2.1 apparently can't handle UTF-8
+ * identifiers, this will have to do.
+ */
+static const unsigned char CAWoSignRootDN[72] = {
+    0x30, 0x46, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
+    0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
+    0x69, 0x74, 0x65, 0x64, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x0C, 0x12, 0x43, 0x41, 0x20, 0xE6, 0xB2, 0x83, 0xE9, 0x80, 0x9A, 0xE6, 0xA0,
+    0xB9, 0xE8, 0xAF, 0x81, 0xE4, 0xB9, 0xA6,
+};
+
+/* /C=CN/O=WoSign CA Limited/CN=CA WoSign ECC Root */
+static const unsigned char CAWoSignECCRootDN[72] = {
+    0x30, 0x46, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
+    0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
+    0x69, 0x74, 0x65, 0x64, 0x31, 0x1B, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x13, 0x12, 0x43, 0x41, 0x20, 0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x45,
+    0x43, 0x43, 0x20, 0x52, 0x6F, 0x6F, 0x74,
+};
+
+/* /C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign */
+static const unsigned char CertificationAuthorityofWoSignDN[87] = {
+    0x30, 0x55, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
+    0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
+    0x69, 0x74, 0x65, 0x64, 0x31, 0x2A, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x13, 0x21, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
+    0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20,
+    0x6F, 0x66, 0x20, 0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E,
+};
+
+/* /C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign G2 */
+static const unsigned char CertificationAuthorityofWoSignG2DN[90] = {
+    0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x43, 0x4E, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x11,
+    0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x43, 0x41, 0x20, 0x4C, 0x69, 0x6D,
+    0x69, 0x74, 0x65, 0x64, 0x31, 0x2D, 0x30, 0x2B, 0x06, 0x03, 0x55, 0x04, 0x03,
+    0x13, 0x24, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69,
+    0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20,
+    0x6F, 0x66, 0x20, 0x57, 0x6F, 0x53, 0x69, 0x67, 0x6E, 0x20, 0x47, 0x32,
+};
+
+/* /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority */
+static const unsigned char StartComCertificationAuthorityDN[127] = {
+    0x30, 0x7D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x49, 0x4C, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0D,
+    0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20, 0x4C, 0x74, 0x64, 0x2E,
+    0x31, 0x2B, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x22, 0x53, 0x65,
+    0x63, 0x75, 0x72, 0x65, 0x20, 0x44, 0x69, 0x67, 0x69, 0x74, 0x61, 0x6C, 0x20,
+    0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53,
+    0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55,
+    0x04, 0x03, 0x13, 0x20, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20,
+    0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E,
+    0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79,
+};
+
+/* /C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2 */
+static const unsigned char StartComCertificationAuthorityG2DN[85] = {
+    0x30, 0x53, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x49, 0x4C, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0D,
+    0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20, 0x4C, 0x74, 0x64, 0x2E,
+    0x31, 0x2C, 0x30, 0x2A, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x23, 0x53, 0x74,
+    0x61, 0x72, 0x74, 0x43, 0x6F, 0x6D, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+    0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F,
+    0x72, 0x69, 0x74, 0x79, 0x20, 0x47, 0x32,
+};
+
+struct DataAndLength {
+    const unsigned char *data;
+    PRUint32 len;
+};
+
+static const struct DataAndLength StartComAndWoSignDNs[] = {
+    { CAWoSignRootDN,
+      sizeof(CAWoSignRootDN) },
+    { CAWoSignECCRootDN,
+      sizeof(CAWoSignECCRootDN) },
+    { CertificationAuthorityofWoSignDN,
+      sizeof(CertificationAuthorityofWoSignDN) },
+    { CertificationAuthorityofWoSignG2DN,
+      sizeof(CertificationAuthorityofWoSignG2DN) },
+    { StartComCertificationAuthorityDN,
+      sizeof(StartComCertificationAuthorityDN) },
+    { StartComCertificationAuthorityG2DN,
+      sizeof(StartComCertificationAuthorityG2DN) },
+};
+
+static PRBool
+CertIsStartComOrWoSign(const CERTCertificate *cert)
+{
+    int i;
+    const struct DataAndLength *dn = StartComAndWoSignDNs;
+
+    for (i = 0; i < sizeof(StartComAndWoSignDNs) / sizeof(struct DataAndLength); ++i, dn++) {
+        if (cert->derSubject.len == dn->len &&
+            memcmp(cert->derSubject.data, dn->data, dn->len) == 0) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+SECStatus
+isIssuerCertAllowedAtCertIssuanceTime(CERTCertificate *issuerCert,
+                                      CERTCertificate *referenceCert)
+{
+    if (!issuerCert || !referenceCert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (CertIsStartComOrWoSign(issuerCert)) {
+        /* PRTime is microseconds since the epoch, whereas JS time is milliseconds.
+         * (new Date("2016-10-21T00:00:00Z")).getTime() * 1000
+         */
+        static const PRTime OCTOBER_21_2016 = 1477008000000000;
+
+        PRTime notBefore, notAfter;
+        SECStatus rv;
+
+        rv = CERT_GetCertTimes(referenceCert, &notBefore, &notAfter);
+        if (rv != SECSuccess)
+            return rv;
+
+        if (notBefore > OCTOBER_21_2016) {
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+cert_VerifyCertChainOld(CERTCertDBHandle *handle, CERTCertificate *cert,
+                        PRBool checkSig, PRBool *sigerror,
+                        SECCertUsage certUsage, PRTime t, void *wincx,
+                        CERTVerifyLog *log, PRBool *revoked)
+{
+    SECTrustType trustType;
+    CERTBasicConstraints basicConstraint;
+    CERTCertificate *issuerCert = NULL;
+    CERTCertificate *subjectCert = NULL;
+    CERTCertificate *badCert = NULL;
+    PRBool isca;
+    SECStatus rv;
+    SECStatus rvFinal = SECSuccess;
+    int count;
+    int currentPathLen = 0;
+    int pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
+    unsigned int caCertType;
+    unsigned int requiredCAKeyUsage;
+    unsigned int requiredFlags;
+    PLArenaPool *arena = NULL;
+    CERTGeneralName *namesList = NULL;
+    CERTCertificate **certsList = NULL;
+    int certsListLen = 16;
+    int namesCount = 0;
+    PRBool subjectCertIsSelfIssued;
+    CERTCertTrust issuerTrust;
+
+    if (revoked) {
+        *revoked = PR_FALSE;
+    }
+
+    if (CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_TRUE,
+                                         &requiredCAKeyUsage,
+                                         &caCertType) !=
+        SECSuccess) {
+        PORT_Assert(0);
+        EXIT_IF_NOT_LOGGING(log);
+        requiredCAKeyUsage = 0;
+        caCertType = 0;
+    }
+
+    switch (certUsage) {
+        case certUsageSSLClient:
+        case certUsageSSLServer:
+        case certUsageSSLCA:
+        case certUsageSSLServerWithStepUp:
+        case certUsageEmailSigner:
+        case certUsageEmailRecipient:
+        case certUsageObjectSigner:
+        case certUsageVerifyCA:
+        case certUsageAnyCA:
+        case certUsageStatusResponder:
+            if (CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
+                                              &trustType) != SECSuccess) {
+                PORT_Assert(0);
+                EXIT_IF_NOT_LOGGING(log);
+                /* XXX continuing with requiredFlags = 0 seems wrong.  It'll
+                 * cause the following test to be true incorrectly:
+                 *   flags = SEC_GET_TRUST_FLAGS(issuerCert->trust, trustType);
+                 *   if (( flags & requiredFlags ) == requiredFlags) {
+                 *       rv = rvFinal;
+                 *       goto done;
+                 *   }
+                 * There are three other instances of this problem.
+                 */
+                requiredFlags = 0;
+                trustType = trustSSL;
+            }
+            break;
+        default:
+            PORT_Assert(0);
+            EXIT_IF_NOT_LOGGING(log);
+            requiredFlags = 0;
+            trustType = trustSSL; /* This used to be 0, but we need something
+                                   * that matches the enumeration type.
+                                   */
+            caCertType = 0;
+    }
+
+    subjectCert = CERT_DupCertificate(cert);
+    if (subjectCert == NULL) {
+        goto loser;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    certsList = PORT_ZNewArray(CERTCertificate *, certsListLen);
+    if (certsList == NULL)
+        goto loser;
+
+    /* RFC 3280 says that the name constraints will apply to the names
+    ** in the leaf (EE) cert, whether it is self issued or not, so
+    ** we pretend that it is not.
+    */
+    subjectCertIsSelfIssued = PR_FALSE;
+    for (count = 0; count < CERT_MAX_CERT_CHAIN; count++) {
+        PRBool validCAOverride = PR_FALSE;
+
+        /* Construct a list of names for the current and all previous
+         * certifcates (except leaf (EE) certs, root CAs, and self-issued
+         * intermediate CAs) to be verified against the name constraints
+         * extension of the issuer certificate.
+         */
+        if (subjectCertIsSelfIssued == PR_FALSE) {
+            CERTGeneralName *subjectNameList;
+            int subjectNameListLen;
+            int i;
+            PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer);
+            subjectNameList =
+                CERT_GetConstrainedCertificateNames(subjectCert, arena,
+                                                    getSubjectCN);
+            if (!subjectNameList)
+                goto loser;
+            subjectNameListLen = CERT_GetNamesLength(subjectNameList);
+            if (!subjectNameListLen)
+                goto loser;
+            if (certsListLen <= namesCount + subjectNameListLen) {
+                CERTCertificate **tmpCertsList;
+                certsListLen = (namesCount + subjectNameListLen) * 2;
+                tmpCertsList =
+                    (CERTCertificate **)PORT_Realloc(certsList,
+                                                     certsListLen *
+                                                         sizeof(CERTCertificate *));
+                if (tmpCertsList == NULL) {
+                    goto loser;
+                }
+                certsList = tmpCertsList;
+            }
+            for (i = 0; i < subjectNameListLen; i++) {
+                certsList[namesCount + i] = subjectCert;
+            }
+            namesCount += subjectNameListLen;
+            namesList = cert_CombineNamesLists(namesList, subjectNameList);
+        }
+
+        /* check if the cert has an unsupported critical extension */
+        if (subjectCert->options.bits.hasUnsupportedCriticalExt) {
+            PORT_SetError(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+            LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
+        }
+
+        /* find the certificate of the issuer */
+        issuerCert = CERT_FindCertIssuer(subjectCert, t, certUsage);
+        if (!issuerCert) {
+            PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+            LOG_ERROR(log, subjectCert, count, 0);
+            goto loser;
+        }
+
+        /* verify the signature on the cert */
+        if (checkSig) {
+            rv = CERT_VerifySignedData(&subjectCert->signatureWrap,
+                                       issuerCert, t, wincx);
+
+            if (rv != SECSuccess) {
+                if (sigerror) {
+                    *sigerror = PR_TRUE;
+                }
+                if (PORT_GetError() == SEC_ERROR_EXPIRED_CERTIFICATE) {
+                    PORT_SetError(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
+                    LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+                } else {
+                    if (PORT_GetError() !=
+                        SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
+                        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                    }
+                    LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
+                }
+            }
+        }
+
+        /* If the basicConstraint extension is included in an immediate CA
+         * certificate, make sure that the isCA flag is on.  If the
+         * pathLenConstraint component exists, it must be greater than the
+         * number of CA certificates we have seen so far.  If the extension
+         * is omitted, we will assume that this is a CA certificate with
+         * an unlimited pathLenConstraint (since it already passes the
+         * netscape-cert-type extension checking).
+         */
+
+        rv = CERT_FindBasicConstraintExten(issuerCert, &basicConstraint);
+        if (rv != SECSuccess) {
+            if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
+                LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+            }
+            pathLengthLimit = CERT_UNLIMITED_PATH_CONSTRAINT;
+            /* no basic constraints found, we aren't (yet) a CA. */
+            isca = PR_FALSE;
+        } else {
+            if (basicConstraint.isCA == PR_FALSE) {
+                PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+                LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+            }
+            pathLengthLimit = basicConstraint.pathLenConstraint;
+            isca = PR_TRUE;
+        }
+        /* make sure that the path len constraint is properly set.*/
+        if (pathLengthLimit >= 0 && currentPathLen > pathLengthLimit) {
+            PORT_SetError(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID);
+            LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, pathLengthLimit);
+        }
+
+        /* make sure that the entire chain is within the name space of the
+         * current issuer certificate.
+         */
+        rv = CERT_CompareNameSpace(issuerCert, namesList, certsList,
+                                   arena, &badCert);
+        if (rv != SECSuccess || badCert != NULL) {
+            PORT_SetError(SEC_ERROR_CERT_NOT_IN_NAME_SPACE);
+            LOG_ERROR_OR_EXIT(log, badCert, count + 1, 0);
+            goto loser;
+        }
+
+        rv = isIssuerCertAllowedAtCertIssuanceTime(issuerCert, cert);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+            LOG_ERROR(log, issuerCert, count + 1, 0);
+            goto loser;
+        }
+
+        /* XXX - the error logging may need to go down into CRL stuff at some
+         * point
+         */
+        /* check revoked list (issuer) */
+        rv = SEC_CheckCRL(handle, subjectCert, issuerCert, t, wincx);
+        if (rv == SECFailure) {
+            if (revoked) {
+                *revoked = PR_TRUE;
+            }
+            LOG_ERROR_OR_EXIT(log, subjectCert, count, 0);
+        } else if (rv == SECWouldBlock) {
+            /* We found something fishy, so we intend to issue an
+             * error to the user, but the user may wish to continue
+             * processing, in which case we better make sure nothing
+             * worse has happened... so keep cranking the loop */
+            rvFinal = SECFailure;
+            if (revoked) {
+                *revoked = PR_TRUE;
+            }
+            LOG_ERROR(log, subjectCert, count, 0);
+        }
+
+        if (CERT_GetCertTrust(issuerCert, &issuerTrust) == SECSuccess) {
+            /* we have some trust info, but this does NOT imply that this
+             * cert is actually trusted for any purpose.  The cert may be
+             * explicitly UNtrusted.  We won't know until we examine the
+             * trust bits.
+             */
+            unsigned int flags;
+
+            if (certUsage != certUsageAnyCA &&
+                certUsage != certUsageStatusResponder) {
+
+                /*
+                 * XXX This choice of trustType seems arbitrary.
+                 */
+                if (certUsage == certUsageVerifyCA) {
+                    if (subjectCert->nsCertType & NS_CERT_TYPE_EMAIL_CA) {
+                        trustType = trustEmail;
+                    } else if (subjectCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
+                        trustType = trustSSL;
+                    } else {
+                        trustType = trustObjectSigning;
+                    }
+                }
+
+                flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
+                if ((flags & requiredFlags) == requiredFlags) {
+                    /* we found a trusted one, so return */
+                    rv = rvFinal;
+                    goto done;
+                }
+                if (flags & CERTDB_VALID_CA) {
+                    validCAOverride = PR_TRUE;
+                }
+                /* is it explicitly distrusted? */
+                if ((flags & CERTDB_TERMINAL_RECORD) &&
+                    ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
+                    /* untrusted -- the cert is explicitly untrusted, not
+                     * just that it doesn't chain to a trusted cert */
+                    PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+                    LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
+                }
+            } else {
+                /* Check if we have any valid trust when cheching for
+                 * certUsageAnyCA or certUsageStatusResponder. */
+                for (trustType = trustSSL; trustType < trustTypeNone;
+                     trustType++) {
+                    flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
+                    if ((flags & requiredFlags) == requiredFlags) {
+                        rv = rvFinal;
+                        goto done;
+                    }
+                    if (flags & CERTDB_VALID_CA)
+                        validCAOverride = PR_TRUE;
+                }
+                /* We have 2 separate loops because we want any single trust
+                 * bit to allow this usage to return trusted. Only if none of
+                 * the trust bits are on do we check to see if the cert is
+                 * untrusted */
+                for (trustType = trustSSL; trustType < trustTypeNone;
+                     trustType++) {
+                    flags = SEC_GET_TRUST_FLAGS(&issuerTrust, trustType);
+                    /* is it explicitly distrusted? */
+                    if ((flags & CERTDB_TERMINAL_RECORD) &&
+                        ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
+                        /* untrusted -- the cert is explicitly untrusted, not
+                         * just that it doesn't chain to a trusted cert */
+                        PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+                        LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, flags);
+                    }
+                }
+            }
+        }
+
+        if (!validCAOverride) {
+            /*
+             * Make sure that if this is an intermediate CA in the chain that
+             * it was given permission by its signer to be a CA.
+             */
+            /*
+             * if basicConstraints says it is a ca, then we check the
+             * nsCertType.  If the nsCertType has any CA bits set, then
+             * it must have the right one.
+             */
+            if (!isca || (issuerCert->nsCertType & NS_CERT_TYPE_CA)) {
+                isca = (issuerCert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
+            }
+
+            if (!isca) {
+                PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+                LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, 0);
+            }
+
+            /* make sure key usage allows cert signing */
+            if (CERT_CheckKeyUsage(issuerCert, requiredCAKeyUsage) != SECSuccess) {
+                PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+                LOG_ERROR_OR_EXIT(log, issuerCert, count + 1, requiredCAKeyUsage);
+            }
+        }
+
+        /* make sure that the issuer is not self signed.  If it is, then
+         * stop here to prevent looping.
+         */
+        if (issuerCert->isRoot) {
+            PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+            LOG_ERROR(log, issuerCert, count + 1, 0);
+            goto loser;
+        }
+        /* The issuer cert will be the subject cert in the next loop.
+         * A cert is self-issued if its subject and issuer are equal and
+         * both are of non-zero length.
+         */
+        subjectCertIsSelfIssued = (PRBool)
+                                      SECITEM_ItemsAreEqual(&issuerCert->derIssuer,
+                                                            &issuerCert->derSubject) &&
+                                  issuerCert->derSubject.len >
+                                      0;
+        if (subjectCertIsSelfIssued == PR_FALSE) {
+            /* RFC 3280 says only non-self-issued intermediate CA certs
+             * count in path length.
+             */
+            ++currentPathLen;
+        }
+
+        CERT_DestroyCertificate(subjectCert);
+        subjectCert = issuerCert;
+        issuerCert = NULL;
+    }
+
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+    LOG_ERROR(log, subjectCert, count, 0);
+loser:
+    rv = SECFailure;
+done:
+    if (certsList != NULL) {
+        PORT_Free(certsList);
+    }
+    if (issuerCert) {
+        CERT_DestroyCertificate(issuerCert);
+    }
+
+    if (subjectCert) {
+        CERT_DestroyCertificate(subjectCert);
+    }
+
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+SECStatus
+cert_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
+                     PRBool checkSig, PRBool *sigerror,
+                     SECCertUsage certUsage, PRTime t, void *wincx,
+                     CERTVerifyLog *log, PRBool *revoked)
+{
+    if (CERT_GetUsePKIXForValidation()) {
+        return cert_VerifyCertChainPkix(cert, checkSig, certUsage, t,
+                                        wincx, log, sigerror, revoked);
+    }
+    return cert_VerifyCertChainOld(handle, cert, checkSig, sigerror,
+                                   certUsage, t, wincx, log, revoked);
+}
+
+SECStatus
+CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
+                     PRBool checkSig, SECCertUsage certUsage, PRTime t,
+                     void *wincx, CERTVerifyLog *log)
+{
+    return cert_VerifyCertChain(handle, cert, checkSig, NULL, certUsage, t,
+                                wincx, log, NULL);
+}
+
+/*
+ * verify that a CA can sign a certificate with the requested usage.
+ */
+SECStatus
+CERT_VerifyCACertForUsage(CERTCertDBHandle *handle, CERTCertificate *cert,
+                          PRBool checkSig, SECCertUsage certUsage, PRTime t,
+                          void *wincx, CERTVerifyLog *log)
+{
+    SECTrustType trustType;
+    CERTBasicConstraints basicConstraint;
+    PRBool isca;
+    PRBool validCAOverride = PR_FALSE;
+    SECStatus rv;
+    SECStatus rvFinal = SECSuccess;
+    unsigned int flags;
+    unsigned int caCertType;
+    unsigned int requiredCAKeyUsage;
+    unsigned int requiredFlags;
+    CERTCertificate *issuerCert;
+    CERTCertTrust certTrust;
+
+    if (CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_TRUE,
+                                         &requiredCAKeyUsage,
+                                         &caCertType) != SECSuccess) {
+        PORT_Assert(0);
+        EXIT_IF_NOT_LOGGING(log);
+        requiredCAKeyUsage = 0;
+        caCertType = 0;
+    }
+
+    switch (certUsage) {
+        case certUsageSSLClient:
+        case certUsageSSLServer:
+        case certUsageSSLCA:
+        case certUsageSSLServerWithStepUp:
+        case certUsageEmailSigner:
+        case certUsageEmailRecipient:
+        case certUsageObjectSigner:
+        case certUsageVerifyCA:
+        case certUsageStatusResponder:
+            if (CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
+                                              &trustType) != SECSuccess) {
+                PORT_Assert(0);
+                EXIT_IF_NOT_LOGGING(log);
+                requiredFlags = 0;
+                trustType = trustSSL;
+            }
+            break;
+        default:
+            PORT_Assert(0);
+            EXIT_IF_NOT_LOGGING(log);
+            requiredFlags = 0;
+            trustType = trustSSL; /* This used to be 0, but we need something
+                                   * that matches the enumeration type.
+                                   */
+            caCertType = 0;
+    }
+
+    /* If the basicConstraint extension is included in an intermmediate CA
+     * certificate, make sure that the isCA flag is on.  If the
+     * pathLenConstraint component exists, it must be greater than the
+     * number of CA certificates we have seen so far.  If the extension
+     * is omitted, we will assume that this is a CA certificate with
+     * an unlimited pathLenConstraint (since it already passes the
+     * netscape-cert-type extension checking).
+     */
+
+    rv = CERT_FindBasicConstraintExten(cert, &basicConstraint);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND) {
+            LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+        }
+        /* no basic constraints found, we aren't (yet) a CA. */
+        isca = PR_FALSE;
+    } else {
+        if (basicConstraint.isCA == PR_FALSE) {
+            PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+            LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+        }
+
+        /* can't check path length if we don't know the previous path */
+        isca = PR_TRUE;
+    }
+
+    if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
+        /* we have some trust info, but this does NOT imply that this
+         * cert is actually trusted for any purpose.  The cert may be
+         * explicitly UNtrusted.  We won't know until we examine the
+         * trust bits.
+         */
+        if (certUsage == certUsageStatusResponder) {
+            /* Check the special case of certUsageStatusResponder */
+            issuerCert = CERT_FindCertIssuer(cert, t, certUsage);
+            if (issuerCert) {
+                if (SEC_CheckCRL(handle, cert, issuerCert, t, wincx) !=
+                    SECSuccess) {
+                    PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
+                    CERT_DestroyCertificate(issuerCert);
+                    goto loser;
+                }
+                CERT_DestroyCertificate(issuerCert);
+            }
+            /* XXX We have NOT determined that this cert is trusted.
+             * For years, NSS has treated this as trusted,
+             * but it seems incorrect.
+             */
+            rv = rvFinal;
+            goto done;
+        }
+
+        /*
+         * check the trust params of the issuer
+         */
+        flags = SEC_GET_TRUST_FLAGS(&certTrust, trustType);
+        if ((flags & requiredFlags) == requiredFlags) {
+            /* we found a trusted one, so return */
+            rv = rvFinal;
+            goto done;
+        }
+        if (flags & CERTDB_VALID_CA) {
+            validCAOverride = PR_TRUE;
+        }
+        /* is it explicitly distrusted? */
+        if ((flags & CERTDB_TERMINAL_RECORD) &&
+            ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0)) {
+            /* untrusted -- the cert is explicitly untrusted, not
+             * just that it doesn't chain to a trusted cert */
+            PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+            LOG_ERROR_OR_EXIT(log, cert, 0, flags);
+        }
+    }
+    if (!validCAOverride) {
+        /*
+         * Make sure that if this is an intermediate CA in the chain that
+         * it was given permission by its signer to be a CA.
+         */
+        /*
+         * if basicConstraints says it is a ca, then we check the
+         * nsCertType.  If the nsCertType has any CA bits set, then
+         * it must have the right one.
+         */
+        if (!isca || (cert->nsCertType & NS_CERT_TYPE_CA)) {
+            isca = (cert->nsCertType & caCertType) ? PR_TRUE : PR_FALSE;
+        }
+
+        if (!isca) {
+            PORT_SetError(SEC_ERROR_CA_CERT_INVALID);
+            LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+        }
+
+        /* make sure key usage allows cert signing */
+        if (CERT_CheckKeyUsage(cert, requiredCAKeyUsage) != SECSuccess) {
+            PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+            LOG_ERROR_OR_EXIT(log, cert, 0, requiredCAKeyUsage);
+        }
+    }
+    /* make sure that the issuer is not self signed.  If it is, then
+     * stop here to prevent looping.
+     */
+    if (cert->isRoot) {
+        PORT_SetError(SEC_ERROR_UNTRUSTED_ISSUER);
+        LOG_ERROR(log, cert, 0, 0);
+        goto loser;
+    }
+
+    return CERT_VerifyCertChain(handle, cert, checkSig, certUsage, t,
+                                wincx, log);
+loser:
+    rv = SECFailure;
+done:
+    return rv;
+}
+
+#define NEXT_USAGE() \
+    {                \
+        i *= 2;      \
+        certUsage++; \
+        continue;    \
+    }
+
+#define VALID_USAGE() \
+    {                 \
+        NEXT_USAGE(); \
+    }
+
+#define INVALID_USAGE()                 \
+    {                                   \
+        if (returnedUsages) {           \
+            *returnedUsages &= (~i);    \
+        }                               \
+        if (PR_TRUE == requiredUsage) { \
+            valid = SECFailure;         \
+        }                               \
+        NEXT_USAGE();                   \
+    }
+
+/*
+ * check the leaf cert against trust and usage.
+ *   returns success if the cert is not distrusted. If the cert is
+ *       trusted, then the trusted bool will be true.
+ *   returns failure if the cert is distrusted. If failure, flags
+ *       will return the flag bits that indicated distrust.
+ */
+SECStatus
+cert_CheckLeafTrust(CERTCertificate *cert, SECCertUsage certUsage,
+                    unsigned int *failedFlags, PRBool *trusted)
+{
+    unsigned int flags;
+    CERTCertTrust trust;
+
+    *failedFlags = 0;
+    *trusted = PR_FALSE;
+
+    /* check trust flags to see if this cert is directly trusted */
+    if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+        switch (certUsage) {
+            case certUsageSSLClient:
+            case certUsageSSLServer:
+                flags = trust.sslFlags;
+
+                /* is the cert directly trusted or not trusted ? */
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                            * authoritative */
+                    if (flags & CERTDB_TRUSTED) {     /* trust this cert */
+                        *trusted = PR_TRUE;
+                        return SECSuccess;
+                    } else { /* don't trust this cert */
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+                break;
+            case certUsageSSLServerWithStepUp:
+                /* XXX - step up certs can't be directly trusted, only distrust */
+                flags = trust.sslFlags;
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                                                       * authoritative */
+                    if ((flags & CERTDB_TRUSTED) == 0) {
+                        /* don't trust this cert */
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+                break;
+            case certUsageSSLCA:
+                flags = trust.sslFlags;
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                                                       * authoritative */
+                    if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+                        /* don't trust this cert */
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+                break;
+            case certUsageEmailSigner:
+            case certUsageEmailRecipient:
+                flags = trust.emailFlags;
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                                                       * authoritative */
+                    if (flags & CERTDB_TRUSTED) {     /* trust this cert */
+                        *trusted = PR_TRUE;
+                        return SECSuccess;
+                    } else { /* don't trust this cert */
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+
+                break;
+            case certUsageObjectSigner:
+                flags = trust.objectSigningFlags;
+
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                                                       * authoritative */
+                    if (flags & CERTDB_TRUSTED) {     /* trust this cert */
+                        *trusted = PR_TRUE;
+                        return SECSuccess;
+                    } else { /* don't trust this cert */
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+                break;
+            case certUsageVerifyCA:
+            case certUsageStatusResponder:
+                flags = trust.sslFlags;
+                /* is the cert directly trusted or not trusted ? */
+                if ((flags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) ==
+                    (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) {
+                    *trusted = PR_TRUE;
+                    return SECSuccess;
+                }
+                flags = trust.emailFlags;
+                /* is the cert directly trusted or not trusted ? */
+                if ((flags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) ==
+                    (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) {
+                    *trusted = PR_TRUE;
+                    return SECSuccess;
+                }
+                flags = trust.objectSigningFlags;
+                /* is the cert directly trusted or not trusted ? */
+                if ((flags & (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) ==
+                    (CERTDB_VALID_CA | CERTDB_TRUSTED_CA)) {
+                    *trusted = PR_TRUE;
+                    return SECSuccess;
+                }
+            /* fall through to test distrust */
+            case certUsageAnyCA:
+            case certUsageUserCertImport:
+                /* do we distrust these certs explicitly */
+                flags = trust.sslFlags;
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                            * authoritative */
+                    if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+                flags = trust.emailFlags;
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                            * authoritative */
+                    if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+            /* fall through */
+            case certUsageProtectedObjectSigner:
+                flags = trust.objectSigningFlags;
+                if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is
+                                                       * authoritative */
+                    if ((flags & (CERTDB_TRUSTED | CERTDB_TRUSTED_CA)) == 0) {
+                        *failedFlags = flags;
+                        return SECFailure;
+                    }
+                }
+                break;
+        }
+    }
+    return SECSuccess;
+}
+
+/*
+ * verify a certificate by checking if it's valid and that we
+ * trust the issuer.
+ *
+ * certificateUsage contains a bitfield of all cert usages that are
+ * required for verification to succeed
+ *
+ * a bitfield of cert usages is returned in *returnedUsages
+ * if requiredUsages is non-zero, the returned bitmap is only
+ * for those required usages, otherwise it is for all usages
+ *
+ */
+SECStatus
+CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
+                       PRBool checkSig, SECCertificateUsage requiredUsages, PRTime t,
+                       void *wincx, CERTVerifyLog *log, SECCertificateUsage *returnedUsages)
+{
+    SECStatus rv;
+    SECStatus valid;
+    unsigned int requiredKeyUsage;
+    unsigned int requiredCertType;
+    unsigned int flags;
+    unsigned int certType;
+    PRBool allowOverride;
+    SECCertTimeValidity validity;
+    CERTStatusConfig *statusConfig;
+    PRInt32 i;
+    SECCertUsage certUsage = 0;
+    PRBool checkedOCSP = PR_FALSE;
+    PRBool checkAllUsages = PR_FALSE;
+    PRBool revoked = PR_FALSE;
+    PRBool sigerror = PR_FALSE;
+    PRBool trusted = PR_FALSE;
+
+    if (!requiredUsages) {
+        /* there are no required usages, so the user probably wants to
+           get status for all usages */
+        checkAllUsages = PR_TRUE;
+    }
+
+    if (returnedUsages) {
+        *returnedUsages = 0;
+    } else {
+        /* we don't have a place to return status for all usages,
+           so we can skip checks for usages that aren't required */
+        checkAllUsages = PR_FALSE;
+    }
+    valid = SECSuccess; /* start off assuming cert is valid */
+
+    /* make sure that the cert is valid at time t */
+    allowOverride = (PRBool)((requiredUsages & certificateUsageSSLServer) ||
+                             (requiredUsages & certificateUsageSSLServerWithStepUp));
+    validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
+    if (validity != secCertTimeValid) {
+        valid = SECFailure;
+        LOG_ERROR_OR_EXIT(log, cert, 0, validity);
+    }
+
+    /* check key usage and netscape cert type */
+    cert_GetCertType(cert);
+    certType = cert->nsCertType;
+
+    for (i = 1; i <= certificateUsageHighest &&
+                (SECSuccess == valid || returnedUsages || log);) {
+        PRBool requiredUsage = (i & requiredUsages) ? PR_TRUE : PR_FALSE;
+        if (PR_FALSE == requiredUsage && PR_FALSE == checkAllUsages) {
+            NEXT_USAGE();
+        }
+        if (returnedUsages) {
+            *returnedUsages |= i; /* start off assuming this usage is valid */
+        }
+        switch (certUsage) {
+            case certUsageSSLClient:
+            case certUsageSSLServer:
+            case certUsageSSLServerWithStepUp:
+            case certUsageSSLCA:
+            case certUsageEmailSigner:
+            case certUsageEmailRecipient:
+            case certUsageObjectSigner:
+            case certUsageStatusResponder:
+                rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
+                                                      &requiredKeyUsage,
+                                                      &requiredCertType);
+                if (rv != SECSuccess) {
+                    PORT_Assert(0);
+                    /* EXIT_IF_NOT_LOGGING(log); XXX ??? */
+                    requiredKeyUsage = 0;
+                    requiredCertType = 0;
+                    INVALID_USAGE();
+                }
+                break;
+
+            case certUsageAnyCA:
+            case certUsageProtectedObjectSigner:
+            case certUsageUserCertImport:
+            case certUsageVerifyCA:
+                /* these usages cannot be verified */
+                NEXT_USAGE();
+
+            default:
+                PORT_Assert(0);
+                requiredKeyUsage = 0;
+                requiredCertType = 0;
+                INVALID_USAGE();
+        }
+        if (CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess) {
+            if (PR_TRUE == requiredUsage) {
+                PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+            }
+            LOG_ERROR(log, cert, 0, requiredKeyUsage);
+            INVALID_USAGE();
+        }
+        if (!(certType & requiredCertType)) {
+            if (PR_TRUE == requiredUsage) {
+                PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
+            }
+            LOG_ERROR(log, cert, 0, requiredCertType);
+            INVALID_USAGE();
+        }
+
+        rv = cert_CheckLeafTrust(cert, certUsage, &flags, &trusted);
+        if (rv == SECFailure) {
+            if (PR_TRUE == requiredUsage) {
+                PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+            }
+            LOG_ERROR(log, cert, 0, flags);
+            INVALID_USAGE();
+        } else if (trusted) {
+            VALID_USAGE();
+        }
+
+        if (PR_TRUE == revoked || PR_TRUE == sigerror) {
+            INVALID_USAGE();
+        }
+
+        rv = cert_VerifyCertChain(handle, cert,
+                                  checkSig, &sigerror,
+                                  certUsage, t, wincx, log,
+                                  &revoked);
+
+        if (rv != SECSuccess) {
+            /* EXIT_IF_NOT_LOGGING(log); XXX ???? */
+            INVALID_USAGE();
+        }
+
+        /*
+         * Check OCSP revocation status, but only if the cert we are checking
+         * is not a status responder itself. We only do this in the case
+         * where we checked the cert chain (above); explicit trust "wins"
+         * (avoids status checking, just as it avoids CRL checking) by
+         * bypassing this code.
+         */
+
+        if (PR_FALSE == checkedOCSP) {
+            checkedOCSP = PR_TRUE; /* only check OCSP once */
+            statusConfig = CERT_GetStatusConfig(handle);
+            if (requiredUsages != certificateUsageStatusResponder &&
+                statusConfig != NULL) {
+                if (statusConfig->statusChecker != NULL) {
+                    rv = (*statusConfig->statusChecker)(handle, cert,
+                                                        t, wincx);
+                    if (rv != SECSuccess) {
+                        LOG_ERROR(log, cert, 0, 0);
+                        revoked = PR_TRUE;
+                        INVALID_USAGE();
+                    }
+                }
+            }
+        }
+
+        NEXT_USAGE();
+    }
+
+loser:
+    return (valid);
+}
+
+SECStatus
+CERT_VerifyCert(CERTCertDBHandle *handle, CERTCertificate *cert,
+                PRBool checkSig, SECCertUsage certUsage, PRTime t,
+                void *wincx, CERTVerifyLog *log)
+{
+    return cert_VerifyCertWithFlags(handle, cert, checkSig, certUsage, t,
+                                    CERT_VERIFYCERT_USE_DEFAULTS, wincx, log);
+}
+
+SECStatus
+cert_VerifyCertWithFlags(CERTCertDBHandle *handle, CERTCertificate *cert,
+                         PRBool checkSig, SECCertUsage certUsage, PRTime t,
+                         PRUint32 flags, void *wincx, CERTVerifyLog *log)
+{
+    SECStatus rv;
+    unsigned int requiredKeyUsage;
+    unsigned int requiredCertType;
+    unsigned int failedFlags;
+    unsigned int certType;
+    PRBool trusted;
+    PRBool allowOverride;
+    SECCertTimeValidity validity;
+    CERTStatusConfig *statusConfig;
+
+#ifdef notdef
+    /* check if this cert is in the Evil list */
+    rv = CERT_CheckForEvilCert(cert);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
+        LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+    }
+#endif
+
+    /* make sure that the cert is valid at time t */
+    allowOverride = (PRBool)((certUsage == certUsageSSLServer) ||
+                             (certUsage == certUsageSSLServerWithStepUp));
+    validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
+    if (validity != secCertTimeValid) {
+        LOG_ERROR_OR_EXIT(log, cert, 0, validity);
+    }
+
+    /* check key usage and netscape cert type */
+    cert_GetCertType(cert);
+    certType = cert->nsCertType;
+    switch (certUsage) {
+        case certUsageSSLClient:
+        case certUsageSSLServer:
+        case certUsageSSLServerWithStepUp:
+        case certUsageSSLCA:
+        case certUsageEmailSigner:
+        case certUsageEmailRecipient:
+        case certUsageObjectSigner:
+        case certUsageStatusResponder:
+            rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE,
+                                                  &requiredKeyUsage,
+                                                  &requiredCertType);
+            if (rv != SECSuccess) {
+                PORT_Assert(0);
+                EXIT_IF_NOT_LOGGING(log);
+                requiredKeyUsage = 0;
+                requiredCertType = 0;
+            }
+            break;
+        case certUsageVerifyCA:
+        case certUsageAnyCA:
+            requiredKeyUsage = KU_KEY_CERT_SIGN;
+            requiredCertType = NS_CERT_TYPE_CA;
+            if (!(certType & NS_CERT_TYPE_CA)) {
+                certType |= NS_CERT_TYPE_CA;
+            }
+            break;
+        default:
+            PORT_Assert(0);
+            EXIT_IF_NOT_LOGGING(log);
+            requiredKeyUsage = 0;
+            requiredCertType = 0;
+    }
+    if (CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
+        LOG_ERROR_OR_EXIT(log, cert, 0, requiredKeyUsage);
+    }
+    if (!(certType & requiredCertType)) {
+        PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE);
+        LOG_ERROR_OR_EXIT(log, cert, 0, requiredCertType);
+    }
+
+    rv = cert_CheckLeafTrust(cert, certUsage, &failedFlags, &trusted);
+    if (rv == SECFailure) {
+        PORT_SetError(SEC_ERROR_UNTRUSTED_CERT);
+        LOG_ERROR_OR_EXIT(log, cert, 0, failedFlags);
+    } else if (trusted) {
+        goto done;
+    }
+
+    rv = CERT_VerifyCertChain(handle, cert, checkSig, certUsage,
+                              t, wincx, log);
+    if (rv != SECSuccess) {
+        EXIT_IF_NOT_LOGGING(log);
+    }
+
+    /*
+     * Check revocation status, but only if the cert we are checking is not a
+     * status responder itself and the caller did not ask us to skip the check.
+     * We only do this in the case where we checked the cert chain (above);
+     * explicit trust "wins" (avoids status checking, just as it avoids CRL
+     * checking, which is all done inside VerifyCertChain) by bypassing this
+     * code.
+     */
+    if (!(flags & CERT_VERIFYCERT_SKIP_OCSP) &&
+        certUsage != certUsageStatusResponder) {
+        statusConfig = CERT_GetStatusConfig(handle);
+        if (statusConfig && statusConfig->statusChecker) {
+            rv = (*statusConfig->statusChecker)(handle, cert,
+                                                t, wincx);
+            if (rv != SECSuccess) {
+                LOG_ERROR_OR_EXIT(log, cert, 0, 0);
+            }
+        }
+    }
+
+done:
+    if (log && log->head) {
+        return SECFailure;
+    }
+    return (SECSuccess);
+
+loser:
+    rv = SECFailure;
+
+    return (rv);
+}
+
+/*
+ * verify a certificate by checking if its valid and that we
+ * trust the issuer.  Verify time against now.
+ */
+SECStatus
+CERT_VerifyCertificateNow(CERTCertDBHandle *handle, CERTCertificate *cert,
+                          PRBool checkSig, SECCertificateUsage requiredUsages,
+                          void *wincx, SECCertificateUsage *returnedUsages)
+{
+    return (CERT_VerifyCertificate(handle, cert, checkSig,
+                                   requiredUsages, PR_Now(), wincx, NULL, returnedUsages));
+}
+
+/* obsolete, do not use for new code */
+SECStatus
+CERT_VerifyCertNow(CERTCertDBHandle *handle, CERTCertificate *cert,
+                   PRBool checkSig, SECCertUsage certUsage, void *wincx)
+{
+    return (CERT_VerifyCert(handle, cert, checkSig,
+                            certUsage, PR_Now(), wincx, NULL));
+}
+
+/* [ FROM pcertdb.c ] */
+/*
+ * Supported usage values and types:
+ *  certUsageSSLClient
+ *  certUsageSSLServer
+ *  certUsageSSLServerWithStepUp
+ *  certUsageEmailSigner
+ *  certUsageEmailRecipient
+ *  certUsageObjectSigner
+ */
+
+CERTCertificate *
+CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName,
+                      CERTCertOwner owner, SECCertUsage usage,
+                      PRBool preferTrusted, PRTime validTime, PRBool validOnly)
+{
+    CERTCertList *certList = NULL;
+    CERTCertificate *cert = NULL;
+    CERTCertTrust certTrust;
+    unsigned int requiredTrustFlags;
+    SECTrustType requiredTrustType;
+    unsigned int flags;
+
+    PRBool lookingForCA = PR_FALSE;
+    SECStatus rv;
+    CERTCertListNode *node;
+    CERTCertificate *saveUntrustedCA = NULL;
+
+    /* if preferTrusted is set, must be a CA cert */
+    PORT_Assert(!(preferTrusted && (owner != certOwnerCA)));
+
+    if (owner == certOwnerCA) {
+        lookingForCA = PR_TRUE;
+        if (preferTrusted) {
+            rv = CERT_TrustFlagsForCACertUsage(usage, &requiredTrustFlags,
+                                               &requiredTrustType);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            requiredTrustFlags |= CERTDB_VALID_CA;
+        }
+    }
+
+    certList = CERT_CreateSubjectCertList(NULL, handle, derName, validTime,
+                                          validOnly);
+    if (certList != NULL) {
+        rv = CERT_FilterCertListByUsage(certList, usage, lookingForCA);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        node = CERT_LIST_HEAD(certList);
+
+        while (!CERT_LIST_END(node, certList)) {
+            cert = node->cert;
+
+            /* looking for a trusted CA cert */
+            if ((owner == certOwnerCA) && preferTrusted &&
+                (requiredTrustType != trustTypeNone)) {
+
+                if (CERT_GetCertTrust(cert, &certTrust) != SECSuccess) {
+                    flags = 0;
+                } else {
+                    flags = SEC_GET_TRUST_FLAGS(&certTrust, requiredTrustType);
+                }
+
+                if ((flags & requiredTrustFlags) != requiredTrustFlags) {
+                    /* cert is not trusted */
+                    /* if this is the first cert to get this far, then save
+                     * it, so we can use it if we can't find a trusted one
+                     */
+                    if (saveUntrustedCA == NULL) {
+                        saveUntrustedCA = cert;
+                    }
+                    goto endloop;
+                }
+            }
+            /* if we got this far, then this cert meets all criteria */
+            break;
+
+        endloop:
+            node = CERT_LIST_NEXT(node);
+            cert = NULL;
+        }
+
+        /* use the saved one if we have it */
+        if (cert == NULL) {
+            cert = saveUntrustedCA;
+        }
+
+        /* if we found one then bump the ref count before freeing the list */
+        if (cert != NULL) {
+            /* bump the ref count */
+            cert = CERT_DupCertificate(cert);
+        }
+
+        CERT_DestroyCertList(certList);
+    }
+
+    return (cert);
+
+loser:
+    if (certList != NULL) {
+        CERT_DestroyCertList(certList);
+    }
+
+    return (NULL);
+}
+
+/* [ From certdb.c ] */
+/*
+ * Filter a list of certificates, removing those certs that do not have
+ * one of the named CA certs somewhere in their cert chain.
+ *
+ *  "certList" - the list of certificates to filter
+ *  "nCANames" - number of CA names
+ *  "caNames" - array of CA names in string(rfc 1485) form
+ *  "usage" - what use the certs are for, this is used when
+ *      selecting CA certs
+ */
+SECStatus
+CERT_FilterCertListByCANames(CERTCertList *certList, int nCANames,
+                             char **caNames, SECCertUsage usage)
+{
+    CERTCertificate *issuerCert = NULL;
+    CERTCertificate *subjectCert;
+    CERTCertListNode *node, *freenode;
+    CERTCertificate *cert;
+    int n;
+    char **names;
+    PRBool found;
+    PRTime time;
+
+    if (nCANames <= 0) {
+        return (SECSuccess);
+    }
+
+    time = PR_Now();
+
+    node = CERT_LIST_HEAD(certList);
+
+    while (!CERT_LIST_END(node, certList)) {
+        cert = node->cert;
+
+        subjectCert = CERT_DupCertificate(cert);
+
+        /* traverse the CA certs for this cert */
+        found = PR_FALSE;
+        while (subjectCert != NULL) {
+            n = nCANames;
+            names = caNames;
+
+            if (subjectCert->issuerName != NULL) {
+                while (n > 0) {
+                    if (PORT_Strcmp(*names, subjectCert->issuerName) == 0) {
+                        found = PR_TRUE;
+                        break;
+                    }
+
+                    n--;
+                    names++;
+                }
+            }
+
+            if (found) {
+                break;
+            }
+
+            issuerCert = CERT_FindCertIssuer(subjectCert, time, usage);
+            if (issuerCert == subjectCert) {
+                CERT_DestroyCertificate(issuerCert);
+                issuerCert = NULL;
+                break;
+            }
+            CERT_DestroyCertificate(subjectCert);
+            subjectCert = issuerCert;
+        }
+        CERT_DestroyCertificate(subjectCert);
+        if (!found) {
+            /* CA was not found, so remove this cert from the list */
+            freenode = node;
+            node = CERT_LIST_NEXT(node);
+            CERT_RemoveCertListNode(freenode);
+        } else {
+            /* CA was found, so leave it in the list */
+            node = CERT_LIST_NEXT(node);
+        }
+    }
+
+    return (SECSuccess);
+}
+
+/*
+ * Given a certificate, return a string containing the nickname, and possibly
+ * one of the validity strings, based on the current validity state of the
+ * certificate.
+ *
+ * "arena" - arena to allocate returned string from.  If NULL, then heap
+ *  is used.
+ * "cert" - the cert to get nickname from
+ * "expiredString" - the string to append to the nickname if the cert is
+ *      expired.
+ * "notYetGoodString" - the string to append to the nickname if the cert is
+ *      not yet good.
+ */
+char *
+CERT_GetCertNicknameWithValidity(PLArenaPool *arena, CERTCertificate *cert,
+                                 char *expiredString, char *notYetGoodString)
+{
+    SECCertTimeValidity validity;
+    char *nickname = NULL, *tmpstr = NULL;
+
+    validity = CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE);
+
+    /* if the cert is good, then just use the nickname directly */
+    if (validity == secCertTimeValid) {
+        if (arena == NULL) {
+            nickname = PORT_Strdup(cert->nickname);
+        } else {
+            nickname = PORT_ArenaStrdup(arena, cert->nickname);
+        }
+
+        if (nickname == NULL) {
+            goto loser;
+        }
+    } else {
+
+        /* if the cert is not valid, then tack one of the strings on the
+         * end
+         */
+        if (validity == secCertTimeExpired) {
+            tmpstr = PR_smprintf("%s%s", cert->nickname,
+                                 expiredString);
+        } else if (validity == secCertTimeNotValidYet) {
+            /* not yet valid */
+            tmpstr = PR_smprintf("%s%s", cert->nickname,
+                                 notYetGoodString);
+        } else {
+            /* undetermined */
+            tmpstr = PR_smprintf("%s",
+                                 "(NULL) (Validity Unknown)");
+        }
+
+        if (tmpstr == NULL) {
+            goto loser;
+        }
+
+        if (arena) {
+            /* copy the string into the arena and free the malloc'd one */
+            nickname = PORT_ArenaStrdup(arena, tmpstr);
+            PORT_Free(tmpstr);
+        } else {
+            nickname = tmpstr;
+        }
+        if (nickname == NULL) {
+            goto loser;
+        }
+    }
+    return (nickname);
+
+loser:
+    return (NULL);
+}
+
+/*
+ * Collect the nicknames from all certs in a CertList.  If the cert is not
+ * valid, append a string to that nickname.
+ *
+ * "certList" - the list of certificates
+ * "expiredString" - the string to append to the nickname of any expired cert
+ * "notYetGoodString" - the string to append to the nickname of any cert
+ *      that is not yet valid
+ */
+CERTCertNicknames *
+CERT_NicknameStringsFromCertList(CERTCertList *certList, char *expiredString,
+                                 char *notYetGoodString)
+{
+    CERTCertNicknames *names;
+    PLArenaPool *arena;
+    CERTCertListNode *node;
+    char **nn;
+
+    /* allocate an arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return (NULL);
+    }
+
+    /* allocate the structure */
+    names = PORT_ArenaAlloc(arena, sizeof(CERTCertNicknames));
+    if (names == NULL) {
+        goto loser;
+    }
+
+    /* init the structure */
+    names->arena = arena;
+    names->head = NULL;
+    names->numnicknames = 0;
+    names->nicknames = NULL;
+    names->totallen = 0;
+
+    /* count the certs in the list */
+    node = CERT_LIST_HEAD(certList);
+    while (!CERT_LIST_END(node, certList)) {
+        names->numnicknames++;
+        node = CERT_LIST_NEXT(node);
+    }
+
+    /* allocate nicknames array */
+    names->nicknames = PORT_ArenaAlloc(arena,
+                                       sizeof(char *) * names->numnicknames);
+    if (names->nicknames == NULL) {
+        goto loser;
+    }
+
+    /* just in case printf can't deal with null strings */
+    if (expiredString == NULL) {
+        expiredString = "";
+    }
+
+    if (notYetGoodString == NULL) {
+        notYetGoodString = "";
+    }
+
+    /* traverse the list of certs and collect the nicknames */
+    nn = names->nicknames;
+    node = CERT_LIST_HEAD(certList);
+    while (!CERT_LIST_END(node, certList)) {
+        *nn = CERT_GetCertNicknameWithValidity(arena, node->cert,
+                                               expiredString,
+                                               notYetGoodString);
+        if (*nn == NULL) {
+            goto loser;
+        }
+
+        names->totallen += PORT_Strlen(*nn);
+
+        nn++;
+        node = CERT_LIST_NEXT(node);
+    }
+
+    return (names);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (NULL);
+}
+
+/*
+ * Extract the nickname from a nickmake string that may have either
+ * expiredString or notYetGoodString appended.
+ *
+ * Args:
+ *  "namestring" - the string containing the nickname, and possibly
+ *      one of the validity label strings
+ *  "expiredString" - the expired validity label string
+ *  "notYetGoodString" - the not yet good validity label string
+ *
+ * Returns the raw nickname
+ */
+char *
+CERT_ExtractNicknameString(char *namestring, char *expiredString,
+                           char *notYetGoodString)
+{
+    int explen, nyglen, namelen;
+    int retlen;
+    char *retstr;
+
+    namelen = PORT_Strlen(namestring);
+    explen = PORT_Strlen(expiredString);
+    nyglen = PORT_Strlen(notYetGoodString);
+
+    if (namelen > explen) {
+        if (PORT_Strcmp(expiredString, &namestring[namelen - explen]) == 0) {
+            retlen = namelen - explen;
+            retstr = (char *)PORT_Alloc(retlen + 1);
+            if (retstr == NULL) {
+                goto loser;
+            }
+
+            PORT_Memcpy(retstr, namestring, retlen);
+            retstr[retlen] = '\0';
+            goto done;
+        }
+    }
+
+    if (namelen > nyglen) {
+        if (PORT_Strcmp(notYetGoodString, &namestring[namelen - nyglen]) == 0) {
+            retlen = namelen - nyglen;
+            retstr = (char *)PORT_Alloc(retlen + 1);
+            if (retstr == NULL) {
+                goto loser;
+            }
+
+            PORT_Memcpy(retstr, namestring, retlen);
+            retstr[retlen] = '\0';
+            goto done;
+        }
+    }
+
+    /* if name string is shorter than either invalid string, then it must
+     * be a raw nickname
+     */
+    retstr = PORT_Strdup(namestring);
+
+done:
+    return (retstr);
+
+loser:
+    return (NULL);
+}
+
+CERTCertList *
+CERT_GetCertChainFromCert(CERTCertificate *cert, PRTime time, SECCertUsage usage)
+{
+    CERTCertList *chain = NULL;
+    int count = 0;
+
+    if (NULL == cert) {
+        return NULL;
+    }
+
+    cert = CERT_DupCertificate(cert);
+    if (NULL == cert) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    chain = CERT_NewCertList();
+    if (NULL == chain) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    while (cert != NULL && ++count <= CERT_MAX_CERT_CHAIN) {
+        if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
+            /* return partial chain */
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return chain;
+        }
+
+        if (cert->isRoot) {
+            /* return complete chain */
+            return chain;
+        }
+
+        cert = CERT_FindCertIssuer(cert, time, usage);
+    }
+
+    /* return partial chain */
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+    return chain;
+}
diff --git a/nss/lib/certhigh/certvfypkix.c b/nss/lib/certhigh/certvfypkix.c
new file mode 100644
index 0000000..a536c21
--- /dev/null
+++ b/nss/lib/certhigh/certvfypkix.c
@@ -0,0 +1,2305 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * nss_pkix_proxy.h
+ *
+ * PKIX - NSS proxy functions
+ *
+ * NOTE: All structures, functions, data types are parts of library private
+ * api and are subjects to change in any following releases.
+ *
+ */
+#include "prerror.h"
+#include "prprf.h"
+
+#include "nspr.h"
+#include "pk11func.h"
+#include "certdb.h"
+#include "cert.h"
+#include "secerr.h"
+#include "nssb64.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "pkit.h"
+
+#ifndef NSS_DISABLE_LIBPKIX
+#include "pkix_pl_common.h"
+
+extern PRLogModuleInfo *pkixLog;
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+
+extern PKIX_UInt32
+pkix_pl_lifecycle_ObjectLeakCheck(int *);
+
+extern SECStatus
+pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable);
+
+PRInt32 parallelFnInvocationCount;
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+static PRBool usePKIXValidationEngine = PR_FALSE;
+#endif /* NSS_DISABLE_LIBPKIX */
+
+/*
+ * FUNCTION: CERT_SetUsePKIXForValidation
+ * DESCRIPTION:
+ *
+ * Enables or disables use of libpkix for certificate validation
+ *
+ * PARAMETERS:
+ *  "enable"
+ *      PR_TRUE: enables use of libpkix for cert validation.
+ *      PR_FALSE: disables.
+ * THREAD SAFETY:
+ *  NOT Thread Safe.
+ * RETURNS:
+ *  Returns SECSuccess if successfully enabled
+ */
+SECStatus
+CERT_SetUsePKIXForValidation(PRBool enable)
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+#else
+    usePKIXValidationEngine = (enable > 0) ? PR_TRUE : PR_FALSE;
+    return SECSuccess;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+/*
+ * FUNCTION: CERT_GetUsePKIXForValidation
+ * DESCRIPTION:
+ *
+ * Checks if libpkix building function should be use for certificate
+ * chain building.
+ *
+ * PARAMETERS:
+ *  NONE
+ * THREAD SAFETY:
+ *  NOT Thread Safe
+ * RETURNS:
+ *  Returns PR_TRUE if libpkix should be used. PR_FALSE otherwise.
+ */
+PRBool
+CERT_GetUsePKIXForValidation()
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    return PR_FALSE;
+#else
+    return usePKIXValidationEngine;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+#ifndef NSS_DISABLE_LIBPKIX
+#ifdef NOTDEF
+/*
+ * FUNCTION: cert_NssKeyUsagesToPkix
+ * DESCRIPTION:
+ *
+ * Converts nss key usage bit field(PRUint32) to pkix key usage
+ * bit field.
+ *
+ * PARAMETERS:
+ *  "nssKeyUsage"
+ *      Nss key usage bit field.
+ *  "pkixKeyUsage"
+ *      Pkix key usage big field.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_NssKeyUsagesToPkix(
+    PRUint32 nssKeyUsage,
+    PKIX_UInt32 *pPkixKeyUsage,
+    void *plContext)
+{
+    PKIX_UInt32 pkixKeyUsage = 0;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_NssKeyUsagesToPkix");
+    PKIX_NULLCHECK_ONE(pPkixKeyUsage);
+
+    *pPkixKeyUsage = 0;
+
+    if (nssKeyUsage & KU_DIGITAL_SIGNATURE) {
+        pkixKeyUsage |= PKIX_DIGITAL_SIGNATURE;
+    }
+
+    if (nssKeyUsage & KU_NON_REPUDIATION) {
+        pkixKeyUsage |= PKIX_NON_REPUDIATION;
+    }
+
+    if (nssKeyUsage & KU_KEY_ENCIPHERMENT) {
+        pkixKeyUsage |= PKIX_KEY_ENCIPHERMENT;
+    }
+
+    if (nssKeyUsage & KU_DATA_ENCIPHERMENT) {
+        pkixKeyUsage |= PKIX_DATA_ENCIPHERMENT;
+    }
+
+    if (nssKeyUsage & KU_KEY_AGREEMENT) {
+        pkixKeyUsage |= PKIX_KEY_AGREEMENT;
+    }
+
+    if (nssKeyUsage & KU_KEY_CERT_SIGN) {
+        pkixKeyUsage |= PKIX_KEY_CERT_SIGN;
+    }
+
+    if (nssKeyUsage & KU_CRL_SIGN) {
+        pkixKeyUsage |= PKIX_CRL_SIGN;
+    }
+
+    if (nssKeyUsage & KU_ENCIPHER_ONLY) {
+        pkixKeyUsage |= PKIX_ENCIPHER_ONLY;
+    }
+
+    /* Not supported. XXX we should support this once it is
+     * fixed in NSS */
+    /* pkixKeyUsage |= PKIX_DECIPHER_ONLY; */
+
+    *pPkixKeyUsage = pkixKeyUsage;
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+extern SECOidTag ekuOidStrings[];
+
+enum {
+    ekuIndexSSLServer = 0,
+    ekuIndexSSLClient,
+    ekuIndexCodeSigner,
+    ekuIndexEmail,
+    ekuIndexTimeStamp,
+    ekuIndexStatusResponder,
+    ekuIndexUnknown
+} ekuIndex;
+
+typedef struct {
+    SECCertUsage certUsage;
+    PRUint32 ekuStringIndex;
+} SECCertUsageToEku;
+
+const SECCertUsageToEku certUsageEkuStringMap[] = {
+    { certUsageSSLClient, ekuIndexSSLClient },
+    { certUsageSSLServer, ekuIndexSSLServer },
+    { certUsageSSLCA, ekuIndexSSLServer },
+    { certUsageEmailSigner, ekuIndexEmail },
+    { certUsageEmailRecipient, ekuIndexEmail },
+    { certUsageObjectSigner, ekuIndexCodeSigner },
+    { certUsageUserCertImport, ekuIndexUnknown },
+    { certUsageVerifyCA, ekuIndexUnknown },
+    { certUsageProtectedObjectSigner, ekuIndexUnknown },
+    { certUsageStatusResponder, ekuIndexStatusResponder },
+    { certUsageAnyCA, ekuIndexUnknown },
+};
+
+/*
+ * FUNCTION: cert_NssCertificateUsageToPkixKUAndEKU
+ * DESCRIPTION:
+ *
+ * Converts nss CERTCertificateUsage bit field to pkix key and
+ * extended key usages.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Pointer to CERTCertificate structure of validating cert.
+ *  "requiredCertUsages"
+ *      Required usage that will be converted to pkix eku and ku.
+ *  "requiredKeyUsage",
+ *      Additional key usages impose to cert.
+ *  "isCA",
+ *      it true, convert usages for cert that is a CA cert.
+ *  "ppkixEKUList"
+ *      Returned address of a list of pkix extended key usages.
+ *  "ppkixKU"
+ *      Returned address of pkix required key usages bit field.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_NssCertificateUsageToPkixKUAndEKU(
+    CERTCertificate *cert,
+    SECCertUsage requiredCertUsage,
+    PRUint32 requiredKeyUsages,
+    PRBool isCA,
+    PKIX_List **ppkixEKUList,
+    PKIX_UInt32 *ppkixKU,
+    void *plContext)
+{
+    PKIX_List *ekuOidsList = NULL;
+    PKIX_PL_OID *ekuOid = NULL;
+    int i = 0;
+    int ekuIndex = ekuIndexUnknown;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_NssCertificateUsageToPkixEku");
+    PKIX_NULLCHECK_TWO(ppkixEKUList, ppkixKU);
+
+    PKIX_CHECK(
+        PKIX_List_Create(&ekuOidsList, plContext),
+        PKIX_LISTCREATEFAILED);
+
+    for (; i < PR_ARRAY_SIZE(certUsageEkuStringMap); i++) {
+        const SECCertUsageToEku *usageToEkuElem =
+            &certUsageEkuStringMap[i];
+        if (usageToEkuElem->certUsage == requiredCertUsage) {
+            ekuIndex = usageToEkuElem->ekuStringIndex;
+            break;
+        }
+    }
+    if (ekuIndex != ekuIndexUnknown) {
+        PRUint32 reqKeyUsage = 0;
+        PRUint32 reqCertType = 0;
+
+        CERT_KeyUsageAndTypeForCertUsage(requiredCertUsage, isCA,
+                                         &reqKeyUsage,
+                                         &reqCertType);
+
+        requiredKeyUsages |= reqKeyUsage;
+
+        PKIX_CHECK(
+            PKIX_PL_OID_Create(ekuOidStrings[ekuIndex], &ekuOid,
+                               plContext),
+            PKIX_OIDCREATEFAILED);
+
+        PKIX_CHECK(
+            PKIX_List_AppendItem(ekuOidsList, (PKIX_PL_Object *)ekuOid,
+                                 plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_DECREF(ekuOid);
+    }
+
+    PKIX_CHECK(
+        cert_NssKeyUsagesToPkix(requiredKeyUsages, ppkixKU, plContext),
+        PKIX_NSSCERTIFICATEUSAGETOPKIXKUANDEKUFAILED);
+
+    *ppkixEKUList = ekuOidsList;
+    ekuOidsList = NULL;
+
+cleanup:
+
+    PKIX_DECREF(ekuOid);
+    PKIX_DECREF(ekuOidsList);
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+#endif
+
+/*
+ * FUNCTION: cert_ProcessingParamsSetKeyAndCertUsage
+ * DESCRIPTION:
+ *
+ * Converts cert usage to pkix KU type and sets
+ * converted data into PKIX_ProcessingParams object. It also sets
+ * proper cert usage into nsscontext object.
+ *
+ * PARAMETERS:
+ *  "procParams"
+ *      Pointer to PKIX_ProcessingParams used during validation.
+ *  "requiredCertUsage"
+ *      Required certificate usages the certificate and chain is built and
+ *      validated for.
+ *  "requiredKeyUsage"
+ *      Request additional key usages the certificate should be validated for.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_ProcessingParamsSetKeyAndCertUsage(
+    PKIX_ProcessingParams *procParams,
+    SECCertUsage requiredCertUsage,
+    PRUint32 requiredKeyUsages,
+    void *plContext)
+{
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_ProcessingParamsSetKeyAndCertUsage");
+    PKIX_NULLCHECK_TWO(procParams, nssContext);
+
+    PKIX_CHECK(
+        pkix_pl_NssContext_SetCertUsage(
+            ((SECCertificateUsage)1) << requiredCertUsage, nssContext),
+        PKIX_NSSCONTEXTSETCERTUSAGEFAILED);
+
+    if (requiredKeyUsages) {
+        PKIX_CHECK(
+            PKIX_ProcessingParams_GetTargetCertConstraints(procParams,
+                                                           &certSelector, plContext),
+            PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
+
+        PKIX_CHECK(
+            PKIX_CertSelector_GetCommonCertSelectorParams(certSelector,
+                                                          &certSelParams, plContext),
+            PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
+
+        PKIX_CHECK(
+            PKIX_ComCertSelParams_SetKeyUsage(certSelParams, requiredKeyUsages,
+                                              plContext),
+            PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED);
+    }
+cleanup:
+    PKIX_DECREF(certSelector);
+    PKIX_DECREF(certSelParams);
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+/*
+ * Unused parameters:
+ *
+ *  CERTCertList *initialChain,
+ *  CERTCertStores certStores,
+ *  CERTCertRevCheckers certRevCheckers,
+ *  CERTCertChainCheckers certChainCheckers,
+ *  SECItem *initPolicies,
+ *  PRBool policyQualifierRejected,
+ *  PRBool anyPolicyInhibited,
+ *  PRBool reqExplicitPolicy,
+ *  PRBool policyMappingInhibited,
+ *  PKIX_CertSelector certConstraints,
+ */
+
+/*
+ * FUNCTION: cert_CreatePkixProcessingParams
+ * DESCRIPTION:
+ *
+ * Creates and fills in PKIX_ProcessingParams structure to be used
+ * for certificate chain building.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Pointer to the CERTCertificate: the leaf certificate of a chain.
+ *  "time"
+ *      Validity time.
+ *  "wincx"
+ *      Nss db password token.
+ *  "useArena"
+ *      Flags to use arena for data allocation during chain building process.
+ *  "pprocParams"
+ *      Address to return created processing parameters.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_CreatePkixProcessingParams(
+    CERTCertificate *cert,
+    PRBool checkSig, /* not used yet. See bug 391476 */
+    PRTime time,
+    void *wincx,
+    PRBool useArena,
+    PRBool disableOCSPRemoteFetching,
+    PKIX_ProcessingParams **pprocParams,
+    void **pplContext)
+{
+    PKIX_List *anchors = NULL;
+    PKIX_PL_Cert *targetCert = NULL;
+    PKIX_PL_Date *date = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_List *certStores = NULL;
+    PKIX_RevocationChecker *revChecker = NULL;
+    PKIX_UInt32 methodFlags = 0;
+    void *plContext = NULL;
+    CERTStatusConfig *statusConfig = NULL;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_CreatePkixProcessingParams");
+    PKIX_NULLCHECK_TWO(cert, pprocParams);
+
+    PKIX_CHECK(
+        PKIX_PL_NssContext_Create(0, useArena, wincx, &plContext),
+        PKIX_NSSCONTEXTCREATEFAILED);
+
+    *pplContext = plContext;
+
+#ifdef PKIX_NOTDEF
+    /* Functions should be implemented in patch for 390532 */
+    PKIX_CHECK(
+        pkix_pl_NssContext_SetCertSignatureCheck(checkSig,
+                                                 (PKIX_PL_NssContext *)plContext),
+        PKIX_NSSCONTEXTSETCERTSIGNCHECKFAILED);
+
+#endif /* PKIX_NOTDEF */
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_Create(&procParams, plContext),
+        PKIX_PROCESSINGPARAMSCREATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_ComCertSelParams_Create(&certSelParams, plContext),
+        PKIX_COMCERTSELPARAMSCREATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_PL_Cert_CreateFromCERTCertificate(cert, &targetCert, plContext),
+        PKIX_CERTCREATEWITHNSSCERTFAILED);
+
+    PKIX_CHECK(
+        PKIX_ComCertSelParams_SetCertificate(certSelParams,
+                                             targetCert, plContext),
+        PKIX_COMCERTSELPARAMSSETCERTIFICATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext),
+        PKIX_COULDNOTCREATECERTSELECTOROBJECT);
+
+    PKIX_CHECK(
+        PKIX_CertSelector_SetCommonCertSelectorParams(certSelector,
+                                                      certSelParams, plContext),
+        PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetTargetCertConstraints(procParams,
+                                                       certSelector, plContext),
+        PKIX_PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED);
+
+    /* Turn off quialification of target cert since leaf cert is
+     * already check for date validity, key usages and extended
+     * key usages. */
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetQualifyTargetCert(procParams, PKIX_FALSE,
+                                                   plContext),
+        PKIX_PROCESSINGPARAMSSETQUALIFYTARGETCERTFLAGFAILED);
+
+    PKIX_CHECK(
+        PKIX_PL_Pk11CertStore_Create(&certStore, plContext),
+        PKIX_PK11CERTSTORECREATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_List_Create(&certStores, plContext),
+        PKIX_UNABLETOCREATELIST);
+
+    PKIX_CHECK(
+        PKIX_List_AppendItem(certStores, (PKIX_PL_Object *)certStore,
+                             plContext),
+        PKIX_LISTAPPENDITEMFAILED);
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetCertStores(procParams, certStores,
+                                            plContext),
+        PKIX_PROCESSINGPARAMSADDCERTSTOREFAILED);
+
+    PKIX_CHECK(
+        PKIX_PL_Date_CreateFromPRTime(time, &date, plContext),
+        PKIX_DATECREATEFROMPRTIMEFAILED);
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetDate(procParams, date, plContext),
+        PKIX_PROCESSINGPARAMSSETDATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_RevocationChecker_Create(
+            PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+                PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
+            PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST |
+                PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT,
+            &revChecker, plContext),
+        PKIX_REVOCATIONCHECKERCREATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetRevocationChecker(procParams, revChecker,
+                                                   plContext),
+        PKIX_PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED);
+
+    /* CRL method flags */
+    methodFlags =
+        PKIX_REV_M_TEST_USING_THIS_METHOD |
+        PKIX_REV_M_FORBID_NETWORK_FETCHING |
+        PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE | /* 0 */
+        PKIX_REV_M_IGNORE_MISSING_FRESH_INFO |   /* 0 */
+        PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
+
+    /* add CRL revocation method to check the leaf certificate */
+    PKIX_CHECK(
+        PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
+                                                  PKIX_RevocationMethod_CRL, methodFlags,
+                                                  0, NULL, PKIX_TRUE, plContext),
+        PKIX_REVOCATIONCHECKERADDMETHODFAILED);
+
+    /* add CRL revocation method for other certs in the chain. */
+    PKIX_CHECK(
+        PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
+                                                  PKIX_RevocationMethod_CRL, methodFlags,
+                                                  0, NULL, PKIX_FALSE, plContext),
+        PKIX_REVOCATIONCHECKERADDMETHODFAILED);
+
+    /* For compatibility with the old code, need to check that
+     * statusConfig is set in the db handle and status checker
+     * is defined befor allow ocsp status check on the leaf cert.*/
+    statusConfig = CERT_GetStatusConfig(CERT_GetDefaultCertDB());
+    if (statusConfig != NULL && statusConfig->statusChecker != NULL) {
+
+        /* Enable OCSP revocation checking for the leaf cert. */
+        /* OCSP method flags */
+        methodFlags =
+            PKIX_REV_M_TEST_USING_THIS_METHOD |
+            PKIX_REV_M_ALLOW_NETWORK_FETCHING |        /* 0 */
+            PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE | /* 0 */
+            PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE |   /* 0 */
+            PKIX_REV_M_IGNORE_MISSING_FRESH_INFO |     /* 0 */
+            PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO;
+
+        /* Disabling ocsp fetching when checking the status
+         * of ocsp response signer. Here and in the next if,
+         * adjust flags for ocsp signer cert validation case. */
+        if (disableOCSPRemoteFetching) {
+            methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
+        }
+
+        if (ocsp_FetchingFailureIsVerificationFailure() &&
+            !disableOCSPRemoteFetching) {
+            methodFlags |=
+                PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
+        }
+
+        /* add OCSP revocation method to check only the leaf certificate.*/
+        PKIX_CHECK(
+            PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
+                                                      PKIX_RevocationMethod_OCSP, methodFlags,
+                                                      1, NULL, PKIX_TRUE, plContext),
+            PKIX_REVOCATIONCHECKERADDMETHODFAILED);
+    }
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetAnyPolicyInhibited(procParams, PR_FALSE,
+                                                    plContext),
+        PKIX_PROCESSINGPARAMSSETANYPOLICYINHIBITED);
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetExplicitPolicyRequired(procParams, PR_FALSE,
+                                                        plContext),
+        PKIX_PROCESSINGPARAMSSETEXPLICITPOLICYREQUIRED);
+
+    PKIX_CHECK(
+        PKIX_ProcessingParams_SetPolicyMappingInhibited(procParams, PR_FALSE,
+                                                        plContext),
+        PKIX_PROCESSINGPARAMSSETPOLICYMAPPINGINHIBITED);
+
+    *pprocParams = procParams;
+    procParams = NULL;
+
+cleanup:
+    PKIX_DECREF(anchors);
+    PKIX_DECREF(targetCert);
+    PKIX_DECREF(date);
+    PKIX_DECREF(certSelector);
+    PKIX_DECREF(certSelParams);
+    PKIX_DECREF(certStore);
+    PKIX_DECREF(certStores);
+    PKIX_DECREF(procParams);
+    PKIX_DECREF(revChecker);
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+/*
+ * FUNCTION: cert_PkixToNssCertsChain
+ * DESCRIPTION:
+ *
+ * Converts pkix cert list into nss cert list.
+ *
+ * PARAMETERS:
+ *  "pkixCertChain"
+ *      Pkix certificate list.
+ *  "pvalidChain"
+ *      An address of returned nss certificate list.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_PkixToNssCertsChain(
+    PKIX_List *pkixCertChain,
+    CERTCertList **pvalidChain,
+    void *plContext)
+{
+    PLArenaPool *arena = NULL;
+    CERTCertificate *nssCert = NULL;
+    CERTCertList *validChain = NULL;
+    PKIX_PL_Object *certItem = NULL;
+    PKIX_UInt32 length = 0;
+    PKIX_UInt32 i = 0;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_PkixToNssCertsChain");
+    PKIX_NULLCHECK_ONE(pvalidChain);
+
+    if (pkixCertChain == NULL) {
+        goto cleanup;
+    }
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PKIX_ERROR(PKIX_OUTOFMEMORY);
+    }
+    validChain = (CERTCertList *)PORT_ArenaZAlloc(arena, sizeof(CERTCertList));
+    if (validChain == NULL) {
+        PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+    }
+    PR_INIT_CLIST(&validChain->list);
+    validChain->arena = arena;
+    arena = NULL;
+
+    PKIX_CHECK(
+        PKIX_List_GetLength(pkixCertChain, &length, plContext),
+        PKIX_LISTGETLENGTHFAILED);
+
+    for (i = 0; i < length; i++) {
+        CERTCertListNode *node = NULL;
+
+        PKIX_CHECK(
+            PKIX_List_GetItem(pkixCertChain, i, &certItem, plContext),
+            PKIX_LISTGETITEMFAILED);
+
+        PKIX_CHECK(
+            PKIX_PL_Cert_GetCERTCertificate((PKIX_PL_Cert *)certItem, &nssCert,
+                                            plContext),
+            PKIX_CERTGETCERTCERTIFICATEFAILED);
+
+        node =
+            (CERTCertListNode *)PORT_ArenaZAlloc(validChain->arena,
+                                                 sizeof(CERTCertListNode));
+        if (node == NULL) {
+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+
+        PR_INSERT_BEFORE(&node->links, &validChain->list);
+
+        node->cert = nssCert;
+        nssCert = NULL;
+
+        PKIX_DECREF(certItem);
+    }
+
+    *pvalidChain = validChain;
+
+cleanup:
+    if (PKIX_ERROR_RECEIVED) {
+        if (validChain) {
+            CERT_DestroyCertList(validChain);
+        } else if (arena) {
+            PORT_FreeArena(arena, PR_FALSE);
+        }
+        if (nssCert) {
+            CERT_DestroyCertificate(nssCert);
+        }
+    }
+    PKIX_DECREF(certItem);
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+/*
+ * FUNCTION: cert_BuildAndValidateChain
+ * DESCRIPTION:
+ *
+ * The function builds and validates a cert chain based on certificate
+ * selection criterias from procParams. This function call PKIX_BuildChain
+ * to accomplish chain building. If PKIX_BuildChain returns with incomplete
+ * IO, the function waits with PR_Poll until the blocking IO is finished and
+ * return control back to PKIX_BuildChain.
+ *
+ * PARAMETERS:
+ *  "procParams"
+ *      Processing parameters to be used during chain building.
+ *  "pResult"
+ *      Returned build result.
+ *  "pVerifyNode"
+ *      Returned pointed to verify node structure: the tree-like structure
+ *      that reports points of chain building failures.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_BuildAndValidateChain(
+    PKIX_ProcessingParams *procParams,
+    PKIX_BuildResult **pResult,
+    PKIX_VerifyNode **pVerifyNode,
+    void *plContext)
+{
+    PKIX_BuildResult *result = NULL;
+    PKIX_VerifyNode *verifyNode = NULL;
+    void *nbioContext = NULL;
+    void *state = NULL;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_BuildAndVerifyChain");
+    PKIX_NULLCHECK_TWO(procParams, pResult);
+
+    do {
+        if (nbioContext && state) {
+            /* PKIX-XXX: need to test functionality of NBIO handling in libPkix.
+             * See bug 391180 */
+            PRInt32 filesReady = 0;
+            PRPollDesc *pollDesc = (PRPollDesc *)nbioContext;
+            filesReady = PR_Poll(pollDesc, 1, PR_INTERVAL_NO_TIMEOUT);
+            if (filesReady <= 0) {
+                PKIX_ERROR(PKIX_PRPOLLRETBADFILENUM);
+            }
+        }
+
+        PKIX_CHECK(
+            PKIX_BuildChain(procParams, &nbioContext, &state,
+                            &result, &verifyNode, plContext),
+            PKIX_UNABLETOBUILDCHAIN);
+
+    } while (nbioContext && state);
+
+    *pResult = result;
+
+cleanup:
+    if (pVerifyNode) {
+        *pVerifyNode = verifyNode;
+    }
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+/*
+ * FUNCTION: cert_PkixErrorToNssCode
+ * DESCRIPTION:
+ *
+ * Converts pkix error(PKIX_Error) structure to PR error codes.
+ *
+ * PKIX-XXX to be implemented. See 391183.
+ *
+ * PARAMETERS:
+ *  "error"
+ *      Pkix error that will be converted.
+ *  "nssCode"
+ *      Corresponding nss error code.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_PkixErrorToNssCode(
+    PKIX_Error *error,
+    SECErrorCodes *pNssErr,
+    void *plContext)
+{
+    int errLevel = 0;
+    PKIX_Int32 nssErr = 0;
+    PKIX_Error *errPtr = error;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_PkixErrorToNssCode");
+    PKIX_NULLCHECK_TWO(error, pNssErr);
+
+    /* Loop until we find at least one error with non-null
+     * plErr code, that is going to be nss error code. */
+    while (errPtr) {
+        if (errPtr->plErr && !nssErr) {
+            nssErr = errPtr->plErr;
+            if (!pkixLog)
+                break;
+        }
+        if (pkixLog) {
+#ifdef PKIX_ERROR_DESCRIPTION
+            PR_LOG(pkixLog, 2, ("Error at level %d: %s\n", errLevel,
+                                PKIX_ErrorText[errPtr->errCode]));
+#else
+            PR_LOG(pkixLog, 2, ("Error at level %d: Error code %d\n", errLevel,
+                                errPtr->errCode));
+#endif /* PKIX_ERROR_DESCRIPTION */
+        }
+        errPtr = errPtr->cause;
+        errLevel += 1;
+    }
+    PORT_Assert(nssErr);
+    if (!nssErr) {
+        *pNssErr = SEC_ERROR_LIBPKIX_INTERNAL;
+    } else {
+        *pNssErr = nssErr;
+    }
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+/*
+ * FUNCTION: cert_GetLogFromVerifyNode
+ * DESCRIPTION:
+ *
+ * Recursive function that converts verify node tree-like set of structures
+ * to CERTVerifyLog.
+ *
+ * PARAMETERS:
+ *  "log"
+ *      Pointed to already allocated CERTVerifyLog structure.
+ *  "node"
+ *      A node of PKIX_VerifyNode tree.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_GetLogFromVerifyNode(
+    CERTVerifyLog *log,
+    PKIX_VerifyNode *node,
+    void *plContext)
+{
+    PKIX_List *children = NULL;
+    PKIX_VerifyNode *childNode = NULL;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_GetLogFromVerifyNode");
+
+    children = node->children;
+
+    if (children == NULL) {
+        PKIX_ERRORCODE errCode = PKIX_ANCHORDIDNOTCHAINTOCERT;
+        if (node->error && node->error->errCode != errCode) {
+            if (log != NULL) {
+                SECErrorCodes nssErrorCode = 0;
+                CERTCertificate *cert = NULL;
+
+                cert = node->verifyCert->nssCert;
+
+                PKIX_CHECK(
+                    cert_PkixErrorToNssCode(node->error, &nssErrorCode,
+                                            plContext),
+                    PKIX_GETPKIXERRORCODEFAILED);
+
+                cert_AddToVerifyLog(log, cert, nssErrorCode, node->depth, NULL);
+            }
+        }
+        PKIX_RETURN(CERTVFYPKIX);
+    } else {
+        PRUint32 i = 0;
+        PKIX_UInt32 length = 0;
+
+        PKIX_CHECK(
+            PKIX_List_GetLength(children, &length, plContext),
+            PKIX_LISTGETLENGTHFAILED);
+
+        for (i = 0; i < length; i++) {
+
+            PKIX_CHECK(
+                PKIX_List_GetItem(children, i, (PKIX_PL_Object **)&childNode,
+                                  plContext),
+                PKIX_LISTGETITEMFAILED);
+
+            PKIX_CHECK(
+                cert_GetLogFromVerifyNode(log, childNode, plContext),
+                PKIX_ERRORINRECURSIVEEQUALSCALL);
+
+            PKIX_DECREF(childNode);
+        }
+    }
+
+cleanup:
+    PKIX_DECREF(childNode);
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+
+/*
+ * FUNCTION: cert_GetBuildResults
+ * DESCRIPTION:
+ *
+ * Converts pkix build results to nss results. This function is called
+ * regardless of build result.
+ *
+ * If it called after chain was successfully constructed, then it will
+ * convert:
+ *   * pkix cert list that represent the chain to nss cert list
+ *   * trusted root the chain was anchored to nss certificate.
+ *
+ * In case of failure it will convert:
+ *   * pkix error to PR error code(will set it with PORT_SetError)
+ *   * pkix validation log to nss CERTVerifyLog
+ *
+ * PARAMETERS:
+ *  "buildResult"
+ *      Build results returned by PKIX_BuildChain.
+ *  "verifyNode"
+ *      Tree-like structure of chain building/validation failures
+ *      returned by PKIX_BuildChain. Ignored in case of success.
+ *  "error"
+ *      Final error returned by PKIX_BuildChain. Should be NULL in
+ *      case of success.
+ *  "log"
+ *      Address of pre-allocated(if not NULL) CERTVerifyLog structure.
+ *  "ptrustedRoot"
+ *      Address of returned trusted root the chain was anchored to.
+ *  "pvalidChain"
+ *      Address of returned valid chain.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Verify Error if the function fails in an unrecoverable way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+cert_GetBuildResults(
+    PKIX_BuildResult *buildResult,
+    PKIX_VerifyNode *verifyNode,
+    PKIX_Error *error,
+    CERTVerifyLog *log,
+    CERTCertificate **ptrustedRoot,
+    CERTCertList **pvalidChain,
+    void *plContext)
+{
+    PKIX_ValidateResult *validResult = NULL;
+    CERTCertList *validChain = NULL;
+    CERTCertificate *trustedRoot = NULL;
+    PKIX_TrustAnchor *trustAnchor = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_List *pkixCertChain = NULL;
+
+    PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults");
+    if (buildResult == NULL && error == NULL) {
+        PKIX_ERROR(PKIX_NULLARGUMENT);
+    }
+
+    if (error) {
+        SECErrorCodes nssErrorCode = 0;
+        if (verifyNode) {
+            PKIX_Error *tmpError =
+                cert_GetLogFromVerifyNode(log, verifyNode, plContext);
+            if (tmpError) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)tmpError, plContext);
+            }
+        }
+        cert_PkixErrorToNssCode(error, &nssErrorCode, plContext);
+        PORT_SetError(nssErrorCode);
+        goto cleanup;
+    }
+
+    if (pvalidChain) {
+        PKIX_CHECK(
+            PKIX_BuildResult_GetCertChain(buildResult, &pkixCertChain,
+                                          plContext),
+            PKIX_BUILDRESULTGETCERTCHAINFAILED);
+
+        PKIX_CHECK(
+            cert_PkixToNssCertsChain(pkixCertChain, &validChain, plContext),
+            PKIX_CERTCHAINTONSSCHAINFAILED);
+    }
+
+    if (ptrustedRoot) {
+        PKIX_CHECK(
+            PKIX_BuildResult_GetValidateResult(buildResult, &validResult,
+                                               plContext),
+            PKIX_BUILDRESULTGETVALIDATERESULTFAILED);
+
+        PKIX_CHECK(
+            PKIX_ValidateResult_GetTrustAnchor(validResult, &trustAnchor,
+                                               plContext),
+            PKIX_VALIDATERESULTGETTRUSTANCHORFAILED);
+
+        PKIX_CHECK(
+            PKIX_TrustAnchor_GetTrustedCert(trustAnchor, &trustedCert,
+                                            plContext),
+            PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
+
+        PKIX_CHECK(
+            PKIX_PL_Cert_GetCERTCertificate(trustedCert, &trustedRoot,
+                                            plContext),
+            PKIX_CERTGETCERTCERTIFICATEFAILED);
+    }
+
+    PORT_Assert(!PKIX_ERROR_RECEIVED);
+
+    if (trustedRoot) {
+        *ptrustedRoot = trustedRoot;
+    }
+    if (validChain) {
+        *pvalidChain = validChain;
+    }
+
+cleanup:
+    if (PKIX_ERROR_RECEIVED) {
+        if (trustedRoot) {
+            CERT_DestroyCertificate(trustedRoot);
+        }
+        if (validChain) {
+            CERT_DestroyCertList(validChain);
+        }
+    }
+    PKIX_DECREF(trustAnchor);
+    PKIX_DECREF(trustedCert);
+    PKIX_DECREF(pkixCertChain);
+    PKIX_DECREF(validResult);
+    PKIX_DECREF(error);
+    PKIX_DECREF(verifyNode);
+    PKIX_DECREF(buildResult);
+
+    PKIX_RETURN(CERTVFYPKIX);
+}
+#endif /* NSS_DISABLE_LIBPKIX */
+
+/*
+ * FUNCTION: cert_VerifyCertChainPkix
+ * DESCRIPTION:
+ *
+ * The main wrapper function that is called from CERT_VerifyCert and
+ * CERT_VerifyCACertForUsage functions to validate cert with libpkix.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Leaf certificate of a chain we want to build.
+ *  "checkSig"
+ *      Certificate signatures will not be verified if this
+ *      flag is set to PR_FALSE.
+ *  "requiredUsage"
+ *      Required usage for certificate and chain.
+ *  "time"
+ *      Validity time.
+ *  "wincx"
+ *      Nss database password token.
+ *  "log"
+ *      Address of already allocated CERTVerifyLog structure. Not
+ *      used if NULL;
+ *  "pSigerror"
+ *      Address of PRBool. If not NULL, returns true is cert chain
+ *      was invalidated because of bad certificate signature.
+ *  "pRevoked"
+ *      Address of PRBool. If not NULL, returns true is cert chain
+ *      was invalidated because a revoked certificate was found in
+ *      the chain.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  SECFailure is chain building process has failed. SECSuccess otherwise.
+ */
+SECStatus
+cert_VerifyCertChainPkix(
+    CERTCertificate *cert,
+    PRBool checkSig,
+    SECCertUsage requiredUsage,
+    PRTime time,
+    void *wincx,
+    CERTVerifyLog *log,
+    PRBool *pSigerror,
+    PRBool *pRevoked)
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+#else
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_BuildResult *result = NULL;
+    PKIX_VerifyNode *verifyNode = NULL;
+    PKIX_Error *error = NULL;
+
+    SECStatus rv = SECFailure;
+    void *plContext = NULL;
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+    int leakedObjNum = 0;
+    int memLeakLoopCount = 0;
+    int objCountTable[PKIX_NUMTYPES];
+    int fnInvLocalCount = 0;
+    PKIX_Boolean savedUsePkixEngFlag = usePKIXValidationEngine;
+
+    if (usePKIXValidationEngine) {
+        /* current memory leak testing implementation does not allow
+         * to run simultaneous tests one the same or a different threads.
+         * Setting the variable to false, to make additional chain
+         * validations be handled by old nss. */
+        usePKIXValidationEngine = PR_FALSE;
+    }
+    testStartFnStackPosition = 2;
+    fnStackNameArr[0] = "cert_VerifyCertChainPkix";
+    fnStackInvCountArr[0] = 0;
+    PKIX_Boolean abortOnLeak =
+        (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
+                                                                         : PKIX_TRUE;
+    runningLeakTest = PKIX_TRUE;
+
+    /* Prevent multi-threaded run of object leak test */
+    fnInvLocalCount = PR_ATOMIC_INCREMENT(&parallelFnInvocationCount);
+    PORT_Assert(fnInvLocalCount == 1);
+
+    do {
+        rv = SECFailure;
+        plContext = NULL;
+        procParams = NULL;
+        result = NULL;
+        verifyNode = NULL;
+        error = NULL;
+        errorGenerated = PKIX_FALSE;
+        stackPosition = 0;
+
+        if (leakedObjNum) {
+            pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
+        }
+        memLeakLoopCount += 1;
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        error =
+            cert_CreatePkixProcessingParams(cert, checkSig, time, wincx,
+                                            PR_FALSE /*use arena*/,
+                                            requiredUsage == certUsageStatusResponder,
+                                            &procParams, &plContext);
+        if (error) {
+            goto cleanup;
+        }
+
+        error =
+            cert_ProcessingParamsSetKeyAndCertUsage(procParams, requiredUsage, 0,
+                                                    plContext);
+        if (error) {
+            goto cleanup;
+        }
+
+        error =
+            cert_BuildAndValidateChain(procParams, &result, &verifyNode, plContext);
+        if (error) {
+            goto cleanup;
+        }
+
+        if (pRevoked) {
+            /* Currently always PR_FALSE. Will be fixed as a part of 394077 */
+            *pRevoked = PR_FALSE;
+        }
+        if (pSigerror) {
+            /* Currently always PR_FALSE. Will be fixed as a part of 394077 */
+            *pSigerror = PR_FALSE;
+        }
+        rv = SECSuccess;
+
+    cleanup:
+        error = cert_GetBuildResults(result, verifyNode, error, log, NULL, NULL,
+                                     plContext);
+        if (error) {
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+        }
+        if (procParams) {
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
+        }
+        if (plContext) {
+            PKIX_PL_NssContext_Destroy(plContext);
+        }
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+        leakedObjNum =
+            pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
+
+        if (pkixLog && leakedObjNum) {
+            PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
+                                "Stack %s\n",
+                                memLeakLoopCount, errorFnStackString));
+        }
+        PR_Free(errorFnStackString);
+        errorFnStackString = NULL;
+        if (abortOnLeak) {
+            PORT_Assert(leakedObjNum == 0);
+        }
+
+    } while (errorGenerated);
+
+    runningLeakTest = PKIX_FALSE;
+    PR_ATOMIC_DECREMENT(&parallelFnInvocationCount);
+    usePKIXValidationEngine = savedUsePkixEngFlag;
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+    return rv;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+#ifndef NSS_DISABLE_LIBPKIX
+PKIX_CertSelector *
+cert_GetTargetCertConstraints(CERTCertificate *target, void *plContext)
+{
+    PKIX_ComCertSelParams *certSelParams = NULL;
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_CertSelector *r = NULL;
+    PKIX_PL_Cert *eeCert = NULL;
+    PKIX_Error *error = NULL;
+
+    error = PKIX_PL_Cert_CreateFromCERTCertificate(target, &eeCert, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_CertSelector_Create(NULL, NULL, &certSelector, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_ComCertSelParams_Create(&certSelParams, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_ComCertSelParams_SetCertificate(
+        certSelParams, eeCert, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_CertSelector_SetCommonCertSelectorParams(certSelector, certSelParams, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)certSelector, plContext);
+    if (error == NULL)
+        r = certSelector;
+
+cleanup:
+    if (certSelParams != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelParams, plContext);
+
+    if (eeCert != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)eeCert, plContext);
+
+    if (certSelector != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelector, plContext);
+
+    if (error != NULL) {
+        SECErrorCodes nssErr;
+
+        cert_PkixErrorToNssCode(error, &nssErr, plContext);
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+        PORT_SetError(nssErr);
+    }
+
+    return r;
+}
+
+static PKIX_List *
+cert_GetCertStores(void *plContext)
+{
+    PKIX_CertStore *certStore = NULL;
+    PKIX_List *certStores = NULL;
+    PKIX_List *r = NULL;
+    PKIX_Error *error = NULL;
+
+    error = PKIX_PL_Pk11CertStore_Create(&certStore, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_List_Create(&certStores, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_List_AppendItem(certStores,
+                                 (PKIX_PL_Object *)certStore, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)certStores, plContext);
+    if (error == NULL)
+        r = certStores;
+
+cleanup:
+    if (certStores != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStores, plContext);
+
+    if (certStore != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStore, plContext);
+
+    if (error != NULL) {
+        SECErrorCodes nssErr;
+
+        cert_PkixErrorToNssCode(error, &nssErr, plContext);
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+        PORT_SetError(nssErr);
+    }
+
+    return r;
+}
+
+struct fake_PKIX_PL_CertStruct {
+    CERTCertificate *nssCert;
+};
+
+/* This needs to be part of the PKIX_PL_* */
+/* This definitely needs to go away, and be replaced with
+   a real accessor function in PKIX */
+static CERTCertificate *
+cert_NSSCertFromPKIXCert(const PKIX_PL_Cert *pkix_cert)
+{
+    struct fake_PKIX_PL_CertStruct *fcert = NULL;
+
+    fcert = (struct fake_PKIX_PL_CertStruct *)pkix_cert;
+
+    return CERT_DupCertificate(fcert->nssCert);
+}
+
+PKIX_List *
+cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plContext)
+{
+    PKIX_List *r = NULL;
+    PKIX_List *policyList = NULL;
+    PKIX_PL_OID *policyOID = NULL;
+    PKIX_Error *error = NULL;
+    int i;
+
+    error = PKIX_List_Create(&policyList, plContext);
+    if (error != NULL) {
+        goto cleanup;
+    }
+
+    for (i = 0; i < oidCount; i++) {
+        error = PKIX_PL_OID_Create(oids[i], &policyOID, plContext);
+        if (error) {
+            goto cleanup;
+        }
+        error = PKIX_List_AppendItem(policyList,
+                                     (PKIX_PL_Object *)policyOID, plContext);
+        if (error != NULL) {
+            goto cleanup;
+        }
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyOID, plContext);
+        policyOID = NULL;
+    }
+
+    error = PKIX_List_SetImmutable(policyList, plContext);
+    if (error != NULL)
+        goto cleanup;
+
+    error = PKIX_PL_Object_IncRef((PKIX_PL_Object *)policyList, plContext);
+    if (error == NULL)
+        r = policyList;
+
+cleanup:
+    if (policyOID != NULL) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyOID, plContext);
+    }
+    if (policyList != NULL) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyList, plContext);
+    }
+    if (error != NULL) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+    }
+
+    return r;
+}
+
+CERTValOutParam *
+cert_pkix_FindOutputParam(CERTValOutParam *params, const CERTValParamOutType t)
+{
+    CERTValOutParam *i;
+    if (params == NULL) {
+        return NULL;
+    }
+    for (i = params; i->type != cert_po_end; i++) {
+        if (i->type == t) {
+            return i;
+        }
+    }
+    return NULL;
+}
+
+static PKIX_Error *
+setRevocationMethod(PKIX_RevocationChecker *revChecker,
+                    PKIX_ProcessingParams *procParams,
+                    const CERTRevocationTests *revTest,
+                    CERTRevocationMethodIndex certRevMethod,
+                    PKIX_RevocationMethodType pkixRevMethod,
+                    PKIX_Boolean verifyResponderUsages,
+                    PKIX_Boolean isLeafTest,
+                    void *plContext)
+{
+    PKIX_UInt32 methodFlags = 0;
+    PKIX_Error *error = NULL;
+    PKIX_UInt32 priority = 0;
+
+    if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) {
+        return NULL;
+    }
+    if (revTest->preferred_methods) {
+        unsigned int i = 0;
+        for (; i < revTest->number_of_preferred_methods; i++) {
+            if (revTest->preferred_methods[i] == certRevMethod)
+                break;
+        }
+        priority = i;
+    }
+    methodFlags = revTest->cert_rev_flags_per_method[certRevMethod];
+    if (verifyResponderUsages &&
+        pkixRevMethod == PKIX_RevocationMethod_OCSP) {
+        methodFlags |= PKIX_REV_M_FORBID_NETWORK_FETCHING;
+    }
+    error =
+        PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
+                                                  pkixRevMethod, methodFlags,
+                                                  priority, NULL,
+                                                  isLeafTest, plContext);
+    return error;
+}
+
+SECStatus
+cert_pkixSetParam(PKIX_ProcessingParams *procParams,
+                  const CERTValInParam *param, void *plContext)
+{
+    PKIX_Error *error = NULL;
+    SECStatus r = SECSuccess;
+    PKIX_PL_Date *date = NULL;
+    PKIX_List *policyOIDList = NULL;
+    PKIX_List *certListPkix = NULL;
+    const CERTRevocationFlags *flags;
+    SECErrorCodes errCode = SEC_ERROR_INVALID_ARGS;
+    const CERTCertList *certList = NULL;
+    CERTCertListNode *node;
+    PKIX_PL_Cert *certPkix = NULL;
+    PKIX_TrustAnchor *trustAnchor = NULL;
+    PKIX_RevocationChecker *revChecker = NULL;
+    PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext;
+
+    /* XXX we need a way to map generic PKIX error to generic NSS errors */
+
+    switch (param->type) {
+
+        case cert_pi_policyOID:
+
+            /* needed? */
+            error = PKIX_ProcessingParams_SetExplicitPolicyRequired(
+                procParams, PKIX_TRUE, plContext);
+
+            if (error != NULL) {
+                break;
+            }
+
+            policyOIDList = cert_PKIXMakeOIDList(param->value.array.oids,
+                                                 param->value.arraySize, plContext);
+            if (policyOIDList == NULL) {
+                r = SECFailure;
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                break;
+            }
+
+            error = PKIX_ProcessingParams_SetInitialPolicies(
+                procParams, policyOIDList, plContext);
+            break;
+
+        case cert_pi_date:
+            if (param->value.scalar.time == 0) {
+                error = PKIX_PL_Date_Create_UTCTime(NULL, &date, plContext);
+                if (error != NULL) {
+                    errCode = SEC_ERROR_INVALID_TIME;
+                    break;
+                }
+            } else {
+                error = pkix_pl_Date_CreateFromPRTime(param->value.scalar.time,
+                                                      &date, plContext);
+                if (error != NULL) {
+                    errCode = SEC_ERROR_INVALID_TIME;
+                    break;
+                }
+            }
+
+            error = PKIX_ProcessingParams_SetDate(procParams, date, plContext);
+            if (error != NULL) {
+                errCode = SEC_ERROR_INVALID_TIME;
+            }
+            break;
+
+        case cert_pi_revocationFlags: {
+            PKIX_UInt32 leafIMFlags = 0;
+            PKIX_UInt32 chainIMFlags = 0;
+            PKIX_Boolean validatingResponderCert = PKIX_FALSE;
+
+            flags = param->value.pointer.revocation;
+            if (!flags) {
+                PORT_SetError(errCode);
+                r = SECFailure;
+                break;
+            }
+
+            leafIMFlags =
+                flags->leafTests.cert_rev_method_independent_flags;
+            chainIMFlags =
+                flags->chainTests.cert_rev_method_independent_flags;
+
+            error =
+                PKIX_RevocationChecker_Create(leafIMFlags, chainIMFlags,
+                                              &revChecker, plContext);
+            if (error) {
+                break;
+            }
+
+            error =
+                PKIX_ProcessingParams_SetRevocationChecker(procParams,
+                                                           revChecker, plContext);
+            if (error) {
+                break;
+            }
+
+            if (((PKIX_PL_NssContext *)plContext)->certificateUsage &
+                certificateUsageStatusResponder) {
+                validatingResponderCert = PKIX_TRUE;
+            }
+
+            error = setRevocationMethod(revChecker,
+                                        procParams, &flags->leafTests,
+                                        cert_revocation_method_crl,
+                                        PKIX_RevocationMethod_CRL,
+                                        validatingResponderCert,
+                                        PKIX_TRUE, plContext);
+            if (error) {
+                break;
+            }
+
+            error = setRevocationMethod(revChecker,
+                                        procParams, &flags->leafTests,
+                                        cert_revocation_method_ocsp,
+                                        PKIX_RevocationMethod_OCSP,
+                                        validatingResponderCert,
+                                        PKIX_TRUE, plContext);
+            if (error) {
+                break;
+            }
+
+            error = setRevocationMethod(revChecker,
+                                        procParams, &flags->chainTests,
+                                        cert_revocation_method_crl,
+                                        PKIX_RevocationMethod_CRL,
+                                        validatingResponderCert,
+                                        PKIX_FALSE, plContext);
+            if (error) {
+                break;
+            }
+
+            error = setRevocationMethod(revChecker,
+                                        procParams, &flags->chainTests,
+                                        cert_revocation_method_ocsp,
+                                        PKIX_RevocationMethod_OCSP,
+                                        validatingResponderCert,
+                                        PKIX_FALSE, plContext);
+            if (error) {
+                break;
+            }
+
+        } break;
+
+        case cert_pi_trustAnchors:
+            certList = param->value.pointer.chain;
+            if (!certList) {
+                PORT_SetError(errCode);
+                r = SECFailure;
+                break;
+            }
+            error = PKIX_List_Create(&certListPkix, plContext);
+            if (error != NULL) {
+                break;
+            }
+            for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
+                 node = CERT_LIST_NEXT(node)) {
+                error = PKIX_PL_Cert_CreateFromCERTCertificate(node->cert,
+                                                               &certPkix, plContext);
+                if (error) {
+                    break;
+                }
+                error = PKIX_TrustAnchor_CreateWithCert(certPkix, &trustAnchor,
+                                                        plContext);
+                if (error) {
+                    break;
+                }
+                error = PKIX_List_AppendItem(certListPkix,
+                                             (PKIX_PL_Object *)trustAnchor, plContext);
+                if (error) {
+                    break;
+                }
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
+                trustAnchor = NULL;
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)certPkix, plContext);
+                certPkix = NULL;
+            }
+            error =
+                PKIX_ProcessingParams_SetTrustAnchors(procParams, certListPkix,
+                                                      plContext);
+            break;
+
+        case cert_pi_useAIACertFetch:
+            error =
+                PKIX_ProcessingParams_SetUseAIAForCertFetching(procParams,
+                                                               (PRBool)(param->value.scalar.b !=
+                                                                        0),
+                                                               plContext);
+            break;
+
+        case cert_pi_chainVerifyCallback: {
+            const CERTChainVerifyCallback *chainVerifyCallback =
+                param->value.pointer.chainVerifyCallback;
+            if (!chainVerifyCallback || !chainVerifyCallback->isChainValid) {
+                PORT_SetError(errCode);
+                r = SECFailure;
+                break;
+            }
+
+            nssContext->chainVerifyCallback = *chainVerifyCallback;
+        } break;
+
+        case cert_pi_useOnlyTrustAnchors:
+            error =
+                PKIX_ProcessingParams_SetUseOnlyTrustAnchors(procParams,
+                                                             (PRBool)(param->value.scalar.b !=
+                                                                      0),
+                                                             plContext);
+            break;
+
+        default:
+            PORT_SetError(errCode);
+            r = SECFailure;
+            break;
+    }
+
+    if (policyOIDList != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)policyOIDList, plContext);
+
+    if (date != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext);
+
+    if (revChecker != NULL)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext);
+
+    if (certListPkix)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)certListPkix, plContext);
+
+    if (trustAnchor)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
+
+    if (certPkix)
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)certPkix, plContext);
+
+    if (error != NULL) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+        PORT_SetError(errCode);
+        r = SECFailure;
+    }
+
+    return r;
+}
+
+void
+cert_pkixDestroyValOutParam(CERTValOutParam *params)
+{
+    CERTValOutParam *i;
+
+    if (params == NULL) {
+        return;
+    }
+    for (i = params; i->type != cert_po_end; i++) {
+        switch (i->type) {
+            case cert_po_trustAnchor:
+                if (i->value.pointer.cert) {
+                    CERT_DestroyCertificate(i->value.pointer.cert);
+                    i->value.pointer.cert = NULL;
+                }
+                break;
+
+            case cert_po_certList:
+                if (i->value.pointer.chain) {
+                    CERT_DestroyCertList(i->value.pointer.chain);
+                    i->value.pointer.chain = NULL;
+                }
+                break;
+
+            default:
+                break;
+        }
+    }
+}
+
+static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_LeafFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+    /* ocsp */
+    CERT_REV_M_TEST_USING_THIS_METHOD
+};
+
+static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_ChainFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+    /* ocsp */
+    0
+};
+
+static CERTRevocationMethodIndex
+    certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference = {
+        cert_revocation_method_crl
+    };
+
+static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy = {
+    { /* leafTests */
+      2,
+      certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_LeafFlags,
+      1,
+      &certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_Method_Preference,
+      0 },
+    { /* chainTests */
+      2,
+      certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy_ChainFlags,
+      0,
+      0,
+      0 }
+};
+#endif /* NSS_DISABLE_LIBPKIX */
+
+extern const CERTRevocationFlags *
+CERT_GetClassicOCSPEnabledSoftFailurePolicy()
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+#else
+    return &certRev_NSS_3_11_Ocsp_Enabled_Soft_Policy;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+#ifndef NSS_DISABLE_LIBPKIX
+static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+    /* ocsp */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO
+};
+
+static PRUint64 certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_ChainFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+    /* ocsp */
+    0
+};
+
+static CERTRevocationMethodIndex
+    certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference = {
+        cert_revocation_method_crl
+    };
+
+static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy = {
+    { /* leafTests */
+      2,
+      certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_LeafFlags,
+      1,
+      &certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_Method_Preference,
+      0 },
+    { /* chainTests */
+      2,
+      certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy_ChainFlags,
+      0,
+      0,
+      0 }
+};
+#endif /* NSS_DISABLE_LIBPKIX */
+
+extern const CERTRevocationFlags *
+CERT_GetClassicOCSPEnabledHardFailurePolicy()
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+#else
+    return &certRev_NSS_3_11_Ocsp_Enabled_Hard_Policy;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+#ifndef NSS_DISABLE_LIBPKIX
+static PRUint64 certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+    /* ocsp */
+    0
+};
+
+static PRUint64 certRev_NSS_3_11_Ocsp_Disabled_Policy_ChainFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FORBID_NETWORK_FETCHING |
+        CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO,
+    /* ocsp */
+    0
+};
+
+static const CERTRevocationFlags certRev_NSS_3_11_Ocsp_Disabled_Policy = {
+    { /* leafTests */
+      2,
+      certRev_NSS_3_11_Ocsp_Disabled_Policy_LeafFlags,
+      0,
+      0,
+      0 },
+    { /* chainTests */
+      2,
+      certRev_NSS_3_11_Ocsp_Disabled_Policy_ChainFlags,
+      0,
+      0,
+      0 }
+};
+#endif /* NSS_DISABLE_LIBPKIX */
+
+extern const CERTRevocationFlags *
+CERT_GetClassicOCSPDisabledPolicy()
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+#else
+    return &certRev_NSS_3_11_Ocsp_Disabled_Policy;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+#ifndef NSS_DISABLE_LIBPKIX
+static PRUint64 certRev_PKIX_Verify_Nist_Policy_LeafFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
+        CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
+    /* ocsp */
+    0
+};
+
+static PRUint64 certRev_PKIX_Verify_Nist_Policy_ChainFlags[2] = {
+    /* crl */
+    CERT_REV_M_TEST_USING_THIS_METHOD |
+        CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO |
+        CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE,
+    /* ocsp */
+    0
+};
+
+static const CERTRevocationFlags certRev_PKIX_Verify_Nist_Policy = {
+    { /* leafTests */
+      2,
+      certRev_PKIX_Verify_Nist_Policy_LeafFlags,
+      0,
+      0,
+      0 },
+    { /* chainTests */
+      2,
+      certRev_PKIX_Verify_Nist_Policy_ChainFlags,
+      0,
+      0,
+      0 }
+};
+#endif /* NSS_DISABLE_LIBPKIX */
+
+extern const CERTRevocationFlags *
+CERT_GetPKIXVerifyNistRevocationPolicy()
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+#else
+    return &certRev_PKIX_Verify_Nist_Policy;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+CERTRevocationFlags *
+CERT_AllocCERTRevocationFlags(
+    PRUint32 number_leaf_methods, PRUint32 number_leaf_pref_methods,
+    PRUint32 number_chain_methods, PRUint32 number_chain_pref_methods)
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+#else
+    CERTRevocationFlags *flags;
+
+    flags = PORT_New(CERTRevocationFlags);
+    if (!flags)
+        return (NULL);
+
+    flags->leafTests.number_of_defined_methods = number_leaf_methods;
+    flags->leafTests.cert_rev_flags_per_method =
+        PORT_NewArray(PRUint64, number_leaf_methods);
+
+    flags->leafTests.number_of_preferred_methods = number_leaf_pref_methods;
+    flags->leafTests.preferred_methods =
+        PORT_NewArray(CERTRevocationMethodIndex, number_leaf_pref_methods);
+
+    flags->chainTests.number_of_defined_methods = number_chain_methods;
+    flags->chainTests.cert_rev_flags_per_method =
+        PORT_NewArray(PRUint64, number_chain_methods);
+
+    flags->chainTests.number_of_preferred_methods = number_chain_pref_methods;
+    flags->chainTests.preferred_methods =
+        PORT_NewArray(CERTRevocationMethodIndex, number_chain_pref_methods);
+
+    if (!flags->leafTests.cert_rev_flags_per_method ||
+        !flags->leafTests.preferred_methods ||
+        !flags->chainTests.cert_rev_flags_per_method ||
+        !flags->chainTests.preferred_methods) {
+        CERT_DestroyCERTRevocationFlags(flags);
+        return (NULL);
+    }
+
+    return flags;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+void
+CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags)
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return;
+#else
+    if (!flags)
+        return;
+
+    if (flags->leafTests.cert_rev_flags_per_method)
+        PORT_Free(flags->leafTests.cert_rev_flags_per_method);
+
+    if (flags->leafTests.preferred_methods)
+        PORT_Free(flags->leafTests.preferred_methods);
+
+    if (flags->chainTests.cert_rev_flags_per_method)
+        PORT_Free(flags->chainTests.cert_rev_flags_per_method);
+
+    if (flags->chainTests.preferred_methods)
+        PORT_Free(flags->chainTests.preferred_methods);
+
+    PORT_Free(flags);
+#endif /* NSS_DISABLE_LIBPKIX */
+}
+
+/*
+ * CERT_PKIXVerifyCert
+ *
+ * Verify a Certificate using the PKIX library.
+ *
+ * Parameters:
+ *  cert    - the target certificate to verify. Must be non-null
+ *  params  - an array of type/value parameters which can be
+ *            used to modify the behavior of the validation
+ *            algorithm, or supply additional constraints.
+ *
+ *  outputTrustAnchor - the trust anchor which the certificate
+ *                      chains to. The caller is responsible
+ *                      for freeing this.
+ *
+ * Example Usage:
+ *    CERTValParam args[3];
+ *    args[0].type = cvpt_policyOID;
+ *    args[0].value.si = oid;
+ *    args[1].type = revCheckRequired;
+ *    args[1].value.b = PR_TRUE;
+ *    args[2].type = cvpt_end;
+ *
+ *    CERT_PKIXVerifyCert(cert, &output, args
+ */
+SECStatus
+CERT_PKIXVerifyCert(
+    CERTCertificate *cert,
+    SECCertificateUsage usages,
+    CERTValInParam *paramsIn,
+    CERTValOutParam *paramsOut,
+    void *wincx)
+{
+#ifdef NSS_DISABLE_LIBPKIX
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+#else
+    SECStatus r = SECFailure;
+    PKIX_Error *error = NULL;
+    PKIX_ProcessingParams *procParams = NULL;
+    PKIX_BuildResult *buildResult = NULL;
+    void *nbioContext = NULL; /* for non-blocking IO */
+    void *buildState = NULL;  /* for non-blocking IO */
+    PKIX_CertSelector *certSelector = NULL;
+    PKIX_List *certStores = NULL;
+    PKIX_ValidateResult *valResult = NULL;
+    PKIX_VerifyNode *verifyNode = NULL;
+    PKIX_TrustAnchor *trustAnchor = NULL;
+    PKIX_PL_Cert *trustAnchorCert = NULL;
+    PKIX_List *builtCertList = NULL;
+    CERTValOutParam *oparam = NULL;
+    int i = 0;
+
+    void *plContext = NULL;
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+    int leakedObjNum = 0;
+    int memLeakLoopCount = 0;
+    int objCountTable[PKIX_NUMTYPES];
+    int fnInvLocalCount = 0;
+    PKIX_Boolean savedUsePkixEngFlag = usePKIXValidationEngine;
+
+    if (usePKIXValidationEngine) {
+        /* current memory leak testing implementation does not allow
+         * to run simultaneous tests one the same or a different threads.
+         * Setting the variable to false, to make additional chain
+         * validations be handled by old nss. */
+        usePKIXValidationEngine = PR_FALSE;
+    }
+    testStartFnStackPosition = 1;
+    fnStackNameArr[0] = "CERT_PKIXVerifyCert";
+    fnStackInvCountArr[0] = 0;
+    PKIX_Boolean abortOnLeak =
+        (PR_GetEnvSecure("PKIX_OBJECT_LEAK_TEST_ABORT_ON_LEAK") == NULL) ? PKIX_FALSE
+                                                                         : PKIX_TRUE;
+    runningLeakTest = PKIX_TRUE;
+
+    /* Prevent multi-threaded run of object leak test */
+    fnInvLocalCount = PR_ATOMIC_INCREMENT(&parallelFnInvocationCount);
+    PORT_Assert(fnInvLocalCount == 1);
+
+    do {
+        r = SECFailure;
+        error = NULL;
+        procParams = NULL;
+        buildResult = NULL;
+        nbioContext = NULL; /* for non-blocking IO */
+        buildState = NULL;  /* for non-blocking IO */
+        certSelector = NULL;
+        certStores = NULL;
+        valResult = NULL;
+        verifyNode = NULL;
+        trustAnchor = NULL;
+        trustAnchorCert = NULL;
+        builtCertList = NULL;
+        oparam = NULL;
+        i = 0;
+        errorGenerated = PKIX_FALSE;
+        stackPosition = 0;
+
+        if (leakedObjNum) {
+            pkix_pl_lifecycle_ObjectTableUpdate(objCountTable);
+        }
+        memLeakLoopCount += 1;
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        error = PKIX_PL_NssContext_Create(
+            0, PR_FALSE /*use arena*/, wincx, &plContext);
+        if (error != NULL) { /* need pkix->nss error map */
+            PORT_SetError(SEC_ERROR_CERT_NOT_VALID);
+            goto cleanup;
+        }
+
+        error = pkix_pl_NssContext_SetCertUsage(usages, plContext);
+        if (error != NULL) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            goto cleanup;
+        }
+
+        error = PKIX_ProcessingParams_Create(&procParams, plContext);
+        if (error != NULL) { /* need pkix->nss error map */
+            PORT_SetError(SEC_ERROR_CERT_NOT_VALID);
+            goto cleanup;
+        }
+
+        /* local cert store should be set into procParams before
+         * filling in revocation settings. */
+        certStores = cert_GetCertStores(plContext);
+        if (certStores == NULL) {
+            goto cleanup;
+        }
+        error = PKIX_ProcessingParams_SetCertStores(procParams, certStores, plContext);
+        if (error != NULL) {
+            goto cleanup;
+        }
+
+        /* now process the extensible input parameters structure */
+        if (paramsIn != NULL) {
+            i = 0;
+            while (paramsIn[i].type != cert_pi_end) {
+                if (paramsIn[i].type >= cert_pi_max) {
+                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                    goto cleanup;
+                }
+                if (cert_pkixSetParam(procParams,
+                                      &paramsIn[i], plContext) !=
+                    SECSuccess) {
+                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                    goto cleanup;
+                }
+                i++;
+            }
+        }
+
+        certSelector = cert_GetTargetCertConstraints(cert, plContext);
+        if (certSelector == NULL) {
+            goto cleanup;
+        }
+        error = PKIX_ProcessingParams_SetTargetCertConstraints(procParams, certSelector, plContext);
+        if (error != NULL) {
+            goto cleanup;
+        }
+
+        error = PKIX_BuildChain(procParams, &nbioContext,
+                                &buildState, &buildResult, &verifyNode,
+                                plContext);
+        if (error != NULL) {
+            goto cleanup;
+        }
+
+        error = PKIX_BuildResult_GetValidateResult(buildResult, &valResult,
+                                                   plContext);
+        if (error != NULL) {
+            goto cleanup;
+        }
+
+        error = PKIX_ValidateResult_GetTrustAnchor(valResult, &trustAnchor,
+                                                   plContext);
+        if (error != NULL) {
+            goto cleanup;
+        }
+
+        if (trustAnchor != NULL) {
+            error = PKIX_TrustAnchor_GetTrustedCert(trustAnchor, &trustAnchorCert,
+                                                    plContext);
+            if (error != NULL) {
+                goto cleanup;
+            }
+        }
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+        /* Can not continue if error was generated but not returned.
+         * Jumping to cleanup. */
+        if (errorGenerated)
+            goto cleanup;
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_trustAnchor);
+        if (oparam != NULL) {
+            if (trustAnchorCert != NULL) {
+                oparam->value.pointer.cert =
+                    cert_NSSCertFromPKIXCert(trustAnchorCert);
+            } else {
+                oparam->value.pointer.cert = NULL;
+            }
+        }
+
+        error = PKIX_BuildResult_GetCertChain(buildResult, &builtCertList,
+                                              plContext);
+        if (error != NULL) {
+            goto cleanup;
+        }
+
+        oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_certList);
+        if (oparam != NULL) {
+            error = cert_PkixToNssCertsChain(builtCertList,
+                                             &oparam->value.pointer.chain,
+                                             plContext);
+            if (error)
+                goto cleanup;
+        }
+
+        r = SECSuccess;
+
+    cleanup:
+        if (verifyNode) {
+            /* Return validation log only upon error. */
+            oparam = cert_pkix_FindOutputParam(paramsOut, cert_po_errorLog);
+#ifdef PKIX_OBJECT_LEAK_TEST
+            if (!errorGenerated)
+#endif /* PKIX_OBJECT_LEAK_TEST */
+                if (r && oparam != NULL) {
+                    PKIX_Error *tmpError =
+                        cert_GetLogFromVerifyNode(oparam->value.pointer.log,
+                                                  verifyNode, plContext);
+                    if (tmpError) {
+                        PKIX_PL_Object_DecRef((PKIX_PL_Object *)tmpError, plContext);
+                    }
+                }
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)verifyNode, plContext);
+        }
+
+        if (procParams != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)procParams, plContext);
+
+        if (trustAnchorCert != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchorCert, plContext);
+
+        if (trustAnchor != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)trustAnchor, plContext);
+
+        if (valResult != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)valResult, plContext);
+
+        if (buildResult != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)buildResult, plContext);
+
+        if (certStores != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStores, plContext);
+
+        if (certSelector != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelector, plContext);
+
+        if (builtCertList != NULL)
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)builtCertList, plContext);
+
+        if (error != NULL) {
+            SECErrorCodes nssErrorCode = 0;
+
+            cert_PkixErrorToNssCode(error, &nssErrorCode, plContext);
+            cert_pkixDestroyValOutParam(paramsOut);
+            PORT_SetError(nssErrorCode);
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
+        }
+
+        PKIX_PL_NssContext_Destroy(plContext);
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+        leakedObjNum =
+            pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL);
+
+        if (pkixLog && leakedObjNum) {
+            PR_LOG(pkixLog, 1, ("The generated error caused an object leaks. Loop %d."
+                                "Stack %s\n",
+                                memLeakLoopCount, errorFnStackString));
+        }
+        PR_Free(errorFnStackString);
+        errorFnStackString = NULL;
+        if (abortOnLeak) {
+            PORT_Assert(leakedObjNum == 0);
+        }
+
+    } while (errorGenerated);
+
+    runningLeakTest = PKIX_FALSE;
+    PR_ATOMIC_DECREMENT(&parallelFnInvocationCount);
+    usePKIXValidationEngine = savedUsePkixEngFlag;
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+    return r;
+#endif /* NSS_DISABLE_LIBPKIX */
+}
diff --git a/nss/lib/certhigh/config.mk b/nss/lib/certhigh/config.mk
new file mode 100644
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/certhigh/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/certhigh/crlv2.c b/nss/lib/certhigh/crlv2.c
new file mode 100644
index 0000000..d58d4e0
--- /dev/null
+++ b/nss/lib/certhigh/crlv2.c
@@ -0,0 +1,160 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Code for dealing with x.509 v3 crl and crl entries extensions.
+ */
+
+#include "cert.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secoidt.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "certxutl.h"
+
+SECStatus
+CERT_FindCRLExtensionByOID(CERTCrl *crl, SECItem *oid, SECItem *value)
+{
+    return (cert_FindExtensionByOID(crl->extensions, oid, value));
+}
+
+SECStatus
+CERT_FindCRLExtension(CERTCrl *crl, int tag, SECItem *value)
+{
+    return (cert_FindExtension(crl->extensions, tag, value));
+}
+
+/* Callback to set extensions and adjust verison */
+static void
+SetCrlExts(void *object, CERTCertExtension **exts)
+{
+    CERTCrl *crl = (CERTCrl *)object;
+
+    crl->extensions = exts;
+    DER_SetUInteger(crl->arena, &crl->version, SEC_CRL_VERSION_2);
+}
+
+void *
+CERT_StartCRLExtensions(CERTCrl *crl)
+{
+    return (cert_StartExtensions((void *)crl, crl->arena, SetCrlExts));
+}
+
+static void
+SetCrlEntryExts(void *object, CERTCertExtension **exts)
+{
+    CERTCrlEntry *crlEntry = (CERTCrlEntry *)object;
+
+    crlEntry->extensions = exts;
+}
+
+void *
+CERT_StartCRLEntryExtensions(CERTCrl *crl, CERTCrlEntry *entry)
+{
+    return (cert_StartExtensions(entry, crl->arena, SetCrlEntryExts));
+}
+
+SECStatus
+CERT_FindCRLNumberExten(PLArenaPool *arena, CERTCrl *crl,
+                        SECItem *value)
+{
+    SECItem encodedExtenValue;
+    SECItem *tmpItem = NULL;
+    SECStatus rv;
+    void *mark = NULL;
+
+    encodedExtenValue.data = NULL;
+    encodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_CRL_NUMBER,
+                            &encodedExtenValue);
+    if (rv != SECSuccess)
+        return (rv);
+
+    mark = PORT_ArenaMark(arena);
+
+    tmpItem = SECITEM_ArenaDupItem(arena, &encodedExtenValue);
+    if (tmpItem) {
+        rv = SEC_QuickDERDecodeItem(arena, value,
+                                    SEC_ASN1_GET(SEC_IntegerTemplate),
+                                    tmpItem);
+    } else {
+        rv = SECFailure;
+    }
+
+    PORT_Free(encodedExtenValue.data);
+    if (rv == SECFailure) {
+        PORT_ArenaRelease(arena, mark);
+    } else {
+        PORT_ArenaUnmark(arena, mark);
+    }
+    return (rv);
+}
+
+SECStatus
+CERT_FindCRLEntryReasonExten(CERTCrlEntry *crlEntry,
+                             CERTCRLEntryReasonCode *value)
+{
+    SECItem wrapperItem = { siBuffer, 0 };
+    SECItem tmpItem = { siBuffer, 0 };
+    SECStatus rv;
+    PLArenaPool *arena = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return (SECFailure);
+    }
+
+    rv = cert_FindExtension(crlEntry->extensions, SEC_OID_X509_REASON_CODE,
+                            &wrapperItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, &tmpItem,
+                                SEC_ASN1_GET(SEC_EnumeratedTemplate),
+                                &wrapperItem);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    *value = (CERTCRLEntryReasonCode)DER_GetInteger(&tmpItem);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    if (wrapperItem.data) {
+        PORT_Free(wrapperItem.data);
+    }
+
+    return (rv);
+}
+
+SECStatus
+CERT_FindInvalidDateExten(CERTCrl *crl, PRTime *value)
+{
+    SECItem encodedExtenValue;
+    SECItem decodedExtenValue = { siBuffer, 0 };
+    SECStatus rv;
+
+    encodedExtenValue.data = decodedExtenValue.data = NULL;
+    encodedExtenValue.len = decodedExtenValue.len = 0;
+
+    rv = cert_FindExtension(crl->extensions, SEC_OID_X509_INVALID_DATE, &encodedExtenValue);
+    if (rv != SECSuccess)
+        return (rv);
+
+    rv = SEC_ASN1DecodeItem(NULL, &decodedExtenValue,
+                            SEC_ASN1_GET(SEC_GeneralizedTimeTemplate),
+                            &encodedExtenValue);
+    if (rv == SECSuccess)
+        rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
+    PORT_Free(decodedExtenValue.data);
+    PORT_Free(encodedExtenValue.data);
+    return (rv);
+}
diff --git a/nss/lib/certhigh/exports.gyp b/nss/lib/certhigh/exports.gyp
new file mode 100644
index 0000000..b8e2f3e
--- /dev/null
+++ b/nss/lib/certhigh/exports.gyp
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_certhigh_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'ocsp.h',
+            'ocspt.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'ocspi.h',
+            'ocspti.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/certhigh/manifest.mn b/nss/lib/certhigh/manifest.mn
new file mode 100644
index 0000000..ed9b910
--- /dev/null
+++ b/nss/lib/certhigh/manifest.mn
@@ -0,0 +1,34 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+EXPORTS = \
+	ocsp.h \
+	ocspt.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	ocspti.h \
+	ocspi.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	certhtml.c \
+	certreq.c \
+	crlv2.c \
+	ocsp.c \
+	ocspsig.c \
+	certhigh.c \
+ 	certvfy.c \
+ 	certvfypkix.c \
+ 	xcrldist.c \
+	$(NULL)
+
+LIBRARY_NAME = certhi
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/certhigh/ocsp.c b/nss/lib/certhigh/ocsp.c
new file mode 100644
index 0000000..cea8456
--- /dev/null
+++ b/nss/lib/certhigh/ocsp.c
@@ -0,0 +1,6120 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Implementation of OCSP services, for both client and server.
+ * (XXX, really, mostly just for client right now, but intended to do both.)
+ */
+
+#include "prerror.h"
+#include "prprf.h"
+#include "plarena.h"
+#include "prnetdb.h"
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "secoidt.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "cert.h"
+#include "certi.h"
+#include "xconst.h"
+#include "secerr.h"
+#include "secoid.h"
+#include "hasht.h"
+#include "sechash.h"
+#include "secasn1.h"
+#include "plbase64.h"
+#include "keyhi.h"
+#include "cryptohi.h"
+#include "ocsp.h"
+#include "ocspti.h"
+#include "ocspi.h"
+#include "genname.h"
+#include "certxutl.h"
+#include "pk11func.h" /* for PK11_HashBuf */
+#include <stdarg.h>
+#include <plhash.h>
+
+#define DEFAULT_OCSP_CACHE_SIZE 1000
+#define DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 1 * 60 * 60L
+#define DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT 24 * 60 * 60L
+#define DEFAULT_OSCP_TIMEOUT_SECONDS 60
+#define MICROSECONDS_PER_SECOND 1000000L
+
+typedef struct OCSPCacheItemStr OCSPCacheItem;
+typedef struct OCSPCacheDataStr OCSPCacheData;
+
+struct OCSPCacheItemStr {
+    /* LRU linking */
+    OCSPCacheItem *moreRecent;
+    OCSPCacheItem *lessRecent;
+
+    /* key */
+    CERTOCSPCertID *certID;
+    /* CertID's arena also used to allocate "this" cache item */
+
+    /* cache control information */
+    PRTime nextFetchAttemptTime;
+
+    /* Cached contents. Use a separate arena, because lifetime is different */
+    PLArenaPool *certStatusArena; /* NULL means: no cert status cached */
+    ocspCertStatus certStatus;
+
+    /* This may contain an error code when no OCSP response is available. */
+    SECErrorCodes missingResponseError;
+
+    PRPackedBool haveThisUpdate;
+    PRPackedBool haveNextUpdate;
+    PRTime thisUpdate;
+    PRTime nextUpdate;
+};
+
+struct OCSPCacheDataStr {
+    PLHashTable *entries;
+    PRUint32 numberOfEntries;
+    OCSPCacheItem *MRUitem; /* most recently used cache item */
+    OCSPCacheItem *LRUitem; /* least recently used cache item */
+};
+
+static struct OCSPGlobalStruct {
+    PRMonitor *monitor;
+    const SEC_HttpClientFcn *defaultHttpClientFcn;
+    PRInt32 maxCacheEntries;
+    PRUint32 minimumSecondsToNextFetchAttempt;
+    PRUint32 maximumSecondsToNextFetchAttempt;
+    PRUint32 timeoutSeconds;
+    OCSPCacheData cache;
+    SEC_OcspFailureMode ocspFailureMode;
+    CERT_StringFromCertFcn alternateOCSPAIAFcn;
+    PRBool forcePost;
+} OCSP_Global = { NULL,
+                  NULL,
+                  DEFAULT_OCSP_CACHE_SIZE,
+                  DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT,
+                  DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT,
+                  DEFAULT_OSCP_TIMEOUT_SECONDS,
+                  { NULL, 0, NULL, NULL },
+                  ocspMode_FailureIsVerificationFailure,
+                  NULL,
+                  PR_FALSE };
+
+/* Forward declarations */
+static SECItem *
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
+                                       CERTOCSPRequest *request,
+                                       const char *location,
+                                       const char *method,
+                                       PRTime time,
+                                       PRBool addServiceLocator,
+                                       void *pwArg,
+                                       CERTOCSPRequest **pRequest);
+static SECStatus
+ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
+                              CERTOCSPCertID *certID,
+                              CERTCertificate *cert,
+                              PRTime time,
+                              void *pwArg,
+                              PRBool *certIDWasConsumed,
+                              SECStatus *rv_ocsp);
+
+static SECStatus
+ocsp_GetDecodedVerifiedSingleResponseForID(CERTCertDBHandle *handle,
+                                           CERTOCSPCertID *certID,
+                                           CERTCertificate *cert,
+                                           PRTime time,
+                                           void *pwArg,
+                                           const SECItem *encodedResponse,
+                                           CERTOCSPResponse **pDecodedResponse,
+                                           CERTOCSPSingleResponse **pSingle);
+
+static SECStatus
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time);
+
+static CERTOCSPCertID *
+cert_DupOCSPCertID(const CERTOCSPCertID *src);
+
+#ifndef DEBUG
+#define OCSP_TRACE(msg)
+#define OCSP_TRACE_TIME(msg, time)
+#define OCSP_TRACE_CERT(cert)
+#define OCSP_TRACE_CERTID(certid)
+#else
+#define OCSP_TRACE(msg) ocsp_Trace msg
+#define OCSP_TRACE_TIME(msg, time) ocsp_dumpStringWithTime(msg, time)
+#define OCSP_TRACE_CERT(cert) dumpCertificate(cert)
+#define OCSP_TRACE_CERTID(certid) dumpCertID(certid)
+
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS) || \
+    defined(XP_MACOSX)
+#define NSS_HAVE_GETENV 1
+#endif
+
+static PRBool
+wantOcspTrace(void)
+{
+    static PRBool firstTime = PR_TRUE;
+    static PRBool wantTrace = PR_FALSE;
+
+#ifdef NSS_HAVE_GETENV
+    if (firstTime) {
+        char *ev = PR_GetEnvSecure("NSS_TRACE_OCSP");
+        if (ev && ev[0]) {
+            wantTrace = PR_TRUE;
+        }
+        firstTime = PR_FALSE;
+    }
+#endif
+    return wantTrace;
+}
+
+static void
+ocsp_Trace(const char *format, ...)
+{
+    char buf[2000];
+    va_list args;
+
+    if (!wantOcspTrace())
+        return;
+    va_start(args, format);
+    PR_vsnprintf(buf, sizeof(buf), format, args);
+    va_end(args);
+    PR_LogPrint("%s", buf);
+}
+
+static void
+ocsp_dumpStringWithTime(const char *str, PRTime time)
+{
+    PRExplodedTime timePrintable;
+    char timestr[256];
+
+    if (!wantOcspTrace())
+        return;
+    PR_ExplodeTime(time, PR_GMTParameters, &timePrintable);
+    if (PR_FormatTime(timestr, 256, "%a %b %d %H:%M:%S %Y", &timePrintable)) {
+        ocsp_Trace("OCSP %s %s\n", str, timestr);
+    }
+}
+
+static void
+printHexString(const char *prefix, SECItem *hexval)
+{
+    unsigned int i;
+    char *hexbuf = NULL;
+
+    for (i = 0; i < hexval->len; i++) {
+        if (i != hexval->len - 1) {
+            hexbuf = PR_sprintf_append(hexbuf, "%02x:", hexval->data[i]);
+        } else {
+            hexbuf = PR_sprintf_append(hexbuf, "%02x", hexval->data[i]);
+        }
+    }
+    if (hexbuf) {
+        ocsp_Trace("%s %s\n", prefix, hexbuf);
+        PR_smprintf_free(hexbuf);
+    }
+}
+
+static void
+dumpCertificate(CERTCertificate *cert)
+{
+    if (!wantOcspTrace())
+        return;
+
+    ocsp_Trace("OCSP ----------------\n");
+    ocsp_Trace("OCSP ## SUBJECT:  %s\n", cert->subjectName);
+    {
+        PRTime timeBefore, timeAfter;
+        PRExplodedTime beforePrintable, afterPrintable;
+        char beforestr[256], afterstr[256];
+        PRStatus rv1, rv2;
+        DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
+        DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
+        PR_ExplodeTime(timeBefore, PR_GMTParameters, &beforePrintable);
+        PR_ExplodeTime(timeAfter, PR_GMTParameters, &afterPrintable);
+        rv1 = PR_FormatTime(beforestr, 256, "%a %b %d %H:%M:%S %Y",
+                            &beforePrintable);
+        rv2 = PR_FormatTime(afterstr, 256, "%a %b %d %H:%M:%S %Y",
+                            &afterPrintable);
+        ocsp_Trace("OCSP ## VALIDITY:  %s to %s\n", rv1 ? beforestr : "",
+                   rv2 ? afterstr : "");
+    }
+    ocsp_Trace("OCSP ## ISSUER:  %s\n", cert->issuerName);
+    printHexString("OCSP ## SERIAL NUMBER:", &cert->serialNumber);
+}
+
+static void
+dumpCertID(CERTOCSPCertID *certID)
+{
+    if (!wantOcspTrace())
+        return;
+
+    printHexString("OCSP certID issuer", &certID->issuerNameHash);
+    printHexString("OCSP certID serial", &certID->serialNumber);
+}
+#endif
+
+SECStatus
+SEC_RegisterDefaultHttpClient(const SEC_HttpClientFcn *fcnTable)
+{
+    if (!OCSP_Global.monitor) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    OCSP_Global.defaultHttpClientFcn = fcnTable;
+    PR_ExitMonitor(OCSP_Global.monitor);
+
+    return SECSuccess;
+}
+
+SECStatus
+CERT_RegisterAlternateOCSPAIAInfoCallBack(
+    CERT_StringFromCertFcn newCallback,
+    CERT_StringFromCertFcn *oldCallback)
+{
+    CERT_StringFromCertFcn old;
+
+    if (!OCSP_Global.monitor) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    old = OCSP_Global.alternateOCSPAIAFcn;
+    OCSP_Global.alternateOCSPAIAFcn = newCallback;
+    PR_ExitMonitor(OCSP_Global.monitor);
+    if (oldCallback)
+        *oldCallback = old;
+    return SECSuccess;
+}
+
+static PLHashNumber PR_CALLBACK
+ocsp_CacheKeyHashFunction(const void *key)
+{
+    CERTOCSPCertID *cid = (CERTOCSPCertID *)key;
+    PLHashNumber hash = 0;
+    unsigned int i;
+    unsigned char *walk;
+
+    /* a very simple hash calculation for the initial coding phase */
+    walk = (unsigned char *)cid->issuerNameHash.data;
+    for (i = 0; i < cid->issuerNameHash.len; ++i, ++walk) {
+        hash += *walk;
+    }
+    walk = (unsigned char *)cid->issuerKeyHash.data;
+    for (i = 0; i < cid->issuerKeyHash.len; ++i, ++walk) {
+        hash += *walk;
+    }
+    walk = (unsigned char *)cid->serialNumber.data;
+    for (i = 0; i < cid->serialNumber.len; ++i, ++walk) {
+        hash += *walk;
+    }
+    return hash;
+}
+
+static PRIntn PR_CALLBACK
+ocsp_CacheKeyCompareFunction(const void *v1, const void *v2)
+{
+    CERTOCSPCertID *cid1 = (CERTOCSPCertID *)v1;
+    CERTOCSPCertID *cid2 = (CERTOCSPCertID *)v2;
+
+    return (SECEqual == SECITEM_CompareItem(&cid1->issuerNameHash,
+                                            &cid2->issuerNameHash) &&
+            SECEqual == SECITEM_CompareItem(&cid1->issuerKeyHash,
+                                            &cid2->issuerKeyHash) &&
+            SECEqual == SECITEM_CompareItem(&cid1->serialNumber,
+                                            &cid2->serialNumber));
+}
+
+static SECStatus
+ocsp_CopyRevokedInfo(PLArenaPool *arena, ocspCertStatus *dest,
+                     ocspRevokedInfo *src)
+{
+    SECStatus rv = SECFailure;
+    void *mark;
+
+    mark = PORT_ArenaMark(arena);
+
+    dest->certStatusInfo.revokedInfo =
+        (ocspRevokedInfo *)PORT_ArenaZAlloc(arena, sizeof(ocspRevokedInfo));
+    if (!dest->certStatusInfo.revokedInfo) {
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(arena,
+                          &dest->certStatusInfo.revokedInfo->revocationTime,
+                          &src->revocationTime);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (src->revocationReason) {
+        dest->certStatusInfo.revokedInfo->revocationReason =
+            SECITEM_ArenaDupItem(arena, src->revocationReason);
+        if (!dest->certStatusInfo.revokedInfo->revocationReason) {
+            goto loser;
+        }
+    } else {
+        dest->certStatusInfo.revokedInfo->revocationReason = NULL;
+    }
+
+    PORT_ArenaUnmark(arena, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return SECFailure;
+}
+
+static SECStatus
+ocsp_CopyCertStatus(PLArenaPool *arena, ocspCertStatus *dest,
+                    ocspCertStatus *src)
+{
+    SECStatus rv = SECFailure;
+    dest->certStatusType = src->certStatusType;
+
+    switch (src->certStatusType) {
+        case ocspCertStatus_good:
+            dest->certStatusInfo.goodInfo =
+                SECITEM_ArenaDupItem(arena, src->certStatusInfo.goodInfo);
+            if (dest->certStatusInfo.goodInfo != NULL) {
+                rv = SECSuccess;
+            }
+            break;
+        case ocspCertStatus_revoked:
+            rv = ocsp_CopyRevokedInfo(arena, dest,
+                                      src->certStatusInfo.revokedInfo);
+            break;
+        case ocspCertStatus_unknown:
+            dest->certStatusInfo.unknownInfo =
+                SECITEM_ArenaDupItem(arena, src->certStatusInfo.unknownInfo);
+            if (dest->certStatusInfo.unknownInfo != NULL) {
+                rv = SECSuccess;
+            }
+            break;
+        case ocspCertStatus_other:
+        default:
+            PORT_Assert(src->certStatusType == ocspCertStatus_other);
+            dest->certStatusInfo.otherInfo =
+                SECITEM_ArenaDupItem(arena, src->certStatusInfo.otherInfo);
+            if (dest->certStatusInfo.otherInfo != NULL) {
+                rv = SECSuccess;
+            }
+            break;
+    }
+    return rv;
+}
+
+static void
+ocsp_AddCacheItemToLinkedList(OCSPCacheData *cache, OCSPCacheItem *new_most_recent)
+{
+    PR_EnterMonitor(OCSP_Global.monitor);
+
+    if (!cache->LRUitem) {
+        cache->LRUitem = new_most_recent;
+    }
+    new_most_recent->lessRecent = cache->MRUitem;
+    new_most_recent->moreRecent = NULL;
+
+    if (cache->MRUitem) {
+        cache->MRUitem->moreRecent = new_most_recent;
+    }
+    cache->MRUitem = new_most_recent;
+
+    PR_ExitMonitor(OCSP_Global.monitor);
+}
+
+static void
+ocsp_RemoveCacheItemFromLinkedList(OCSPCacheData *cache, OCSPCacheItem *item)
+{
+    PR_EnterMonitor(OCSP_Global.monitor);
+
+    if (!item->lessRecent && !item->moreRecent) {
+        /*
+         * Fail gracefully on attempts to remove an item from the list,
+         * which is currently not part of the list.
+         * But check for the edge case it is the single entry in the list.
+         */
+        if (item == cache->LRUitem &&
+            item == cache->MRUitem) {
+            /* remove the single entry */
+            PORT_Assert(cache->numberOfEntries == 1);
+            PORT_Assert(item->moreRecent == NULL);
+            cache->MRUitem = NULL;
+            cache->LRUitem = NULL;
+        }
+        PR_ExitMonitor(OCSP_Global.monitor);
+        return;
+    }
+
+    PORT_Assert(cache->numberOfEntries > 1);
+
+    if (item == cache->LRUitem) {
+        PORT_Assert(item != cache->MRUitem);
+        PORT_Assert(item->lessRecent == NULL);
+        PORT_Assert(item->moreRecent != NULL);
+        PORT_Assert(item->moreRecent->lessRecent == item);
+        cache->LRUitem = item->moreRecent;
+        cache->LRUitem->lessRecent = NULL;
+    } else if (item == cache->MRUitem) {
+        PORT_Assert(item->moreRecent == NULL);
+        PORT_Assert(item->lessRecent != NULL);
+        PORT_Assert(item->lessRecent->moreRecent == item);
+        cache->MRUitem = item->lessRecent;
+        cache->MRUitem->moreRecent = NULL;
+    } else {
+        /* remove an entry in the middle of the list */
+        PORT_Assert(item->moreRecent != NULL);
+        PORT_Assert(item->lessRecent != NULL);
+        PORT_Assert(item->lessRecent->moreRecent == item);
+        PORT_Assert(item->moreRecent->lessRecent == item);
+        item->moreRecent->lessRecent = item->lessRecent;
+        item->lessRecent->moreRecent = item->moreRecent;
+    }
+
+    item->lessRecent = NULL;
+    item->moreRecent = NULL;
+
+    PR_ExitMonitor(OCSP_Global.monitor);
+}
+
+static void
+ocsp_MakeCacheEntryMostRecent(OCSPCacheData *cache, OCSPCacheItem *new_most_recent)
+{
+    OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent THREADID %p\n",
+                PR_GetCurrentThread()));
+    PR_EnterMonitor(OCSP_Global.monitor);
+    if (cache->MRUitem == new_most_recent) {
+        OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent ALREADY MOST\n"));
+        PR_ExitMonitor(OCSP_Global.monitor);
+        return;
+    }
+    OCSP_TRACE(("OCSP ocsp_MakeCacheEntryMostRecent NEW entry\n"));
+    ocsp_RemoveCacheItemFromLinkedList(cache, new_most_recent);
+    ocsp_AddCacheItemToLinkedList(cache, new_most_recent);
+    PR_ExitMonitor(OCSP_Global.monitor);
+}
+
+static PRBool
+ocsp_IsCacheDisabled(void)
+{
+    /*
+     * maxCacheEntries == 0 means unlimited cache entries
+     * maxCacheEntries  < 0 means cache is disabled
+     */
+    PRBool retval;
+    PR_EnterMonitor(OCSP_Global.monitor);
+    retval = (OCSP_Global.maxCacheEntries < 0);
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return retval;
+}
+
+static OCSPCacheItem *
+ocsp_FindCacheEntry(OCSPCacheData *cache, CERTOCSPCertID *certID)
+{
+    OCSPCacheItem *found_ocsp_item = NULL;
+    OCSP_TRACE(("OCSP ocsp_FindCacheEntry\n"));
+    OCSP_TRACE_CERTID(certID);
+    PR_EnterMonitor(OCSP_Global.monitor);
+    if (ocsp_IsCacheDisabled())
+        goto loser;
+
+    found_ocsp_item = (OCSPCacheItem *)PL_HashTableLookup(
+        cache->entries, certID);
+    if (!found_ocsp_item)
+        goto loser;
+
+    OCSP_TRACE(("OCSP ocsp_FindCacheEntry FOUND!\n"));
+    ocsp_MakeCacheEntryMostRecent(cache, found_ocsp_item);
+
+loser:
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return found_ocsp_item;
+}
+
+static void
+ocsp_FreeCacheItem(OCSPCacheItem *item)
+{
+    OCSP_TRACE(("OCSP ocsp_FreeCacheItem\n"));
+    if (item->certStatusArena) {
+        PORT_FreeArena(item->certStatusArena, PR_FALSE);
+    }
+    if (item->certID->poolp) {
+        /* freeing this poolp arena will also free item */
+        PORT_FreeArena(item->certID->poolp, PR_FALSE);
+    }
+}
+
+static void
+ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item)
+{
+    /* The item we're removing could be either the least recently used item,
+     * or it could be an item that couldn't get updated with newer status info
+     * because of an allocation failure, or it could get removed because we're
+     * cleaning up.
+     */
+    OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread()));
+    PR_EnterMonitor(OCSP_Global.monitor);
+
+    ocsp_RemoveCacheItemFromLinkedList(cache, item);
+#ifdef DEBUG
+    {
+        PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries,
+                                                             item->certID);
+        PORT_Assert(couldRemoveFromHashTable);
+    }
+#else
+    PL_HashTableRemove(cache->entries, item->certID);
+#endif
+    --cache->numberOfEntries;
+    ocsp_FreeCacheItem(item);
+    PR_ExitMonitor(OCSP_Global.monitor);
+}
+
+static void
+ocsp_CheckCacheSize(OCSPCacheData *cache)
+{
+    OCSP_TRACE(("OCSP ocsp_CheckCacheSize\n"));
+    PR_EnterMonitor(OCSP_Global.monitor);
+    if (OCSP_Global.maxCacheEntries > 0) {
+        /* Cache is not disabled. Number of cache entries is limited.
+         * The monitor ensures that maxCacheEntries remains positive.
+         */
+        while (cache->numberOfEntries >
+               (PRUint32)OCSP_Global.maxCacheEntries) {
+            ocsp_RemoveCacheItem(cache, cache->LRUitem);
+        }
+    }
+    PR_ExitMonitor(OCSP_Global.monitor);
+}
+
+SECStatus
+CERT_ClearOCSPCache(void)
+{
+    OCSP_TRACE(("OCSP CERT_ClearOCSPCache\n"));
+    PR_EnterMonitor(OCSP_Global.monitor);
+    while (OCSP_Global.cache.numberOfEntries > 0) {
+        ocsp_RemoveCacheItem(&OCSP_Global.cache,
+                             OCSP_Global.cache.LRUitem);
+    }
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return SECSuccess;
+}
+
+static SECStatus
+ocsp_CreateCacheItemAndConsumeCertID(OCSPCacheData *cache,
+                                     CERTOCSPCertID *certID,
+                                     OCSPCacheItem **pCacheItem)
+{
+    PLArenaPool *arena;
+    void *mark;
+    PLHashEntry *new_hash_entry;
+    OCSPCacheItem *item;
+
+    PORT_Assert(pCacheItem != NULL);
+    *pCacheItem = NULL;
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    arena = certID->poolp;
+    mark = PORT_ArenaMark(arena);
+
+    /* ZAlloc will init all Bools to False and all Pointers to NULL
+       and all error codes to zero/good. */
+    item = (OCSPCacheItem *)PORT_ArenaZAlloc(certID->poolp,
+                                             sizeof(OCSPCacheItem));
+    if (!item) {
+        goto loser;
+    }
+    item->certID = certID;
+    new_hash_entry = PL_HashTableAdd(cache->entries, item->certID,
+                                     item);
+    if (!new_hash_entry) {
+        goto loser;
+    }
+    ++cache->numberOfEntries;
+    PORT_ArenaUnmark(arena, mark);
+    ocsp_AddCacheItemToLinkedList(cache, item);
+    *pCacheItem = item;
+
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return SECFailure;
+}
+
+static SECStatus
+ocsp_SetCacheItemResponse(OCSPCacheItem *item,
+                          const CERTOCSPSingleResponse *response)
+{
+    if (item->certStatusArena) {
+        PORT_FreeArena(item->certStatusArena, PR_FALSE);
+        item->certStatusArena = NULL;
+    }
+    item->haveThisUpdate = item->haveNextUpdate = PR_FALSE;
+    if (response) {
+        SECStatus rv;
+        item->certStatusArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (item->certStatusArena == NULL) {
+            return SECFailure;
+        }
+        rv = ocsp_CopyCertStatus(item->certStatusArena, &item->certStatus,
+                                 response->certStatus);
+        if (rv != SECSuccess) {
+            PORT_FreeArena(item->certStatusArena, PR_FALSE);
+            item->certStatusArena = NULL;
+            return rv;
+        }
+        item->missingResponseError = 0;
+        rv = DER_GeneralizedTimeToTime(&item->thisUpdate,
+                                       &response->thisUpdate);
+        item->haveThisUpdate = (rv == SECSuccess);
+        if (response->nextUpdate) {
+            rv = DER_GeneralizedTimeToTime(&item->nextUpdate,
+                                           response->nextUpdate);
+            item->haveNextUpdate = (rv == SECSuccess);
+        } else {
+            item->haveNextUpdate = PR_FALSE;
+        }
+    }
+    return SECSuccess;
+}
+
+static void
+ocsp_FreshenCacheItemNextFetchAttemptTime(OCSPCacheItem *cacheItem)
+{
+    PRTime now;
+    PRTime earliestAllowedNextFetchAttemptTime;
+    PRTime latestTimeWhenResponseIsConsideredFresh;
+
+    OCSP_TRACE(("OCSP ocsp_FreshenCacheItemNextFetchAttemptTime\n"));
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+
+    now = PR_Now();
+    OCSP_TRACE_TIME("now:", now);
+
+    if (cacheItem->haveThisUpdate) {
+        OCSP_TRACE_TIME("thisUpdate:", cacheItem->thisUpdate);
+        latestTimeWhenResponseIsConsideredFresh = cacheItem->thisUpdate +
+                                                  OCSP_Global.maximumSecondsToNextFetchAttempt *
+                                                      MICROSECONDS_PER_SECOND;
+        OCSP_TRACE_TIME("latestTimeWhenResponseIsConsideredFresh:",
+                        latestTimeWhenResponseIsConsideredFresh);
+    } else {
+        latestTimeWhenResponseIsConsideredFresh = now +
+                                                  OCSP_Global.minimumSecondsToNextFetchAttempt *
+                                                      MICROSECONDS_PER_SECOND;
+        OCSP_TRACE_TIME("no thisUpdate, "
+                        "latestTimeWhenResponseIsConsideredFresh:",
+                        latestTimeWhenResponseIsConsideredFresh);
+    }
+
+    if (cacheItem->haveNextUpdate) {
+        OCSP_TRACE_TIME("have nextUpdate:", cacheItem->nextUpdate);
+    }
+
+    if (cacheItem->haveNextUpdate &&
+        cacheItem->nextUpdate < latestTimeWhenResponseIsConsideredFresh) {
+        latestTimeWhenResponseIsConsideredFresh = cacheItem->nextUpdate;
+        OCSP_TRACE_TIME("nextUpdate is smaller than latestFresh, setting "
+                        "latestTimeWhenResponseIsConsideredFresh:",
+                        latestTimeWhenResponseIsConsideredFresh);
+    }
+
+    earliestAllowedNextFetchAttemptTime = now +
+                                          OCSP_Global.minimumSecondsToNextFetchAttempt *
+                                              MICROSECONDS_PER_SECOND;
+    OCSP_TRACE_TIME("earliestAllowedNextFetchAttemptTime:",
+                    earliestAllowedNextFetchAttemptTime);
+
+    if (latestTimeWhenResponseIsConsideredFresh <
+        earliestAllowedNextFetchAttemptTime) {
+        latestTimeWhenResponseIsConsideredFresh =
+            earliestAllowedNextFetchAttemptTime;
+        OCSP_TRACE_TIME("latest < earliest, setting latest to:",
+                        latestTimeWhenResponseIsConsideredFresh);
+    }
+
+    cacheItem->nextFetchAttemptTime =
+        latestTimeWhenResponseIsConsideredFresh;
+    OCSP_TRACE_TIME("nextFetchAttemptTime",
+                    latestTimeWhenResponseIsConsideredFresh);
+
+    PR_ExitMonitor(OCSP_Global.monitor);
+}
+
+static PRBool
+ocsp_IsCacheItemFresh(OCSPCacheItem *cacheItem)
+{
+    PRTime now;
+    PRBool fresh;
+
+    now = PR_Now();
+
+    fresh = cacheItem->nextFetchAttemptTime > now;
+
+    /* Work around broken OCSP responders that return unknown responses for
+     * certificates, especially certificates that were just recently issued.
+     */
+    if (fresh && cacheItem->certStatusArena &&
+        cacheItem->certStatus.certStatusType == ocspCertStatus_unknown) {
+        fresh = PR_FALSE;
+    }
+
+    OCSP_TRACE(("OCSP ocsp_IsCacheItemFresh: %d\n", fresh));
+
+    return fresh;
+}
+
+/*
+ * Status in *certIDWasConsumed will always be correct, regardless of
+ * return value.
+ * If the caller is unable to transfer ownership of certID,
+ * then the caller must set certIDWasConsumed to NULL,
+ * and this function will potentially duplicate the certID object.
+ */
+static SECStatus
+ocsp_CreateOrUpdateCacheEntry(OCSPCacheData *cache,
+                              CERTOCSPCertID *certID,
+                              CERTOCSPSingleResponse *single,
+                              PRBool *certIDWasConsumed)
+{
+    SECStatus rv;
+    OCSPCacheItem *cacheItem;
+    OCSP_TRACE(("OCSP ocsp_CreateOrUpdateCacheEntry\n"));
+
+    if (certIDWasConsumed)
+        *certIDWasConsumed = PR_FALSE;
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    PORT_Assert(OCSP_Global.maxCacheEntries >= 0);
+
+    cacheItem = ocsp_FindCacheEntry(cache, certID);
+
+    /* Don't replace an unknown or revoked entry with an error entry, even if
+     * the existing entry is expired. Instead, we'll continue to use the
+     * existing (possibly expired) cache entry until we receive a valid signed
+     * response to replace it.
+     */
+    if (!single && cacheItem && cacheItem->certStatusArena &&
+        (cacheItem->certStatus.certStatusType == ocspCertStatus_revoked ||
+         cacheItem->certStatus.certStatusType == ocspCertStatus_unknown)) {
+        PR_ExitMonitor(OCSP_Global.monitor);
+        return SECSuccess;
+    }
+
+    if (!cacheItem) {
+        CERTOCSPCertID *myCertID;
+        if (certIDWasConsumed) {
+            myCertID = certID;
+            *certIDWasConsumed = PR_TRUE;
+        } else {
+            myCertID = cert_DupOCSPCertID(certID);
+            if (!myCertID) {
+                PR_ExitMonitor(OCSP_Global.monitor);
+                PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+                return SECFailure;
+            }
+        }
+
+        rv = ocsp_CreateCacheItemAndConsumeCertID(cache, myCertID,
+                                                  &cacheItem);
+        if (rv != SECSuccess) {
+            PR_ExitMonitor(OCSP_Global.monitor);
+            return rv;
+        }
+    }
+    if (single) {
+        PRTime thisUpdate;
+        rv = DER_GeneralizedTimeToTime(&thisUpdate, &single->thisUpdate);
+
+        if (!cacheItem->haveThisUpdate ||
+            (rv == SECSuccess && cacheItem->thisUpdate < thisUpdate)) {
+            rv = ocsp_SetCacheItemResponse(cacheItem, single);
+            if (rv != SECSuccess) {
+                ocsp_RemoveCacheItem(cache, cacheItem);
+                PR_ExitMonitor(OCSP_Global.monitor);
+                return rv;
+            }
+        } else {
+            OCSP_TRACE(("Not caching response because the response is not "
+                        "newer than the cache"));
+        }
+    } else {
+        cacheItem->missingResponseError = PORT_GetError();
+        if (cacheItem->certStatusArena) {
+            PORT_FreeArena(cacheItem->certStatusArena, PR_FALSE);
+            cacheItem->certStatusArena = NULL;
+        }
+    }
+    ocsp_FreshenCacheItemNextFetchAttemptTime(cacheItem);
+    ocsp_CheckCacheSize(cache);
+
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return SECSuccess;
+}
+
+extern SECStatus
+CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode)
+{
+    switch (ocspFailureMode) {
+        case ocspMode_FailureIsVerificationFailure:
+        case ocspMode_FailureIsNotAVerificationFailure:
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    OCSP_Global.ocspFailureMode = ocspFailureMode;
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return SECSuccess;
+}
+
+SECStatus
+CERT_OCSPCacheSettings(PRInt32 maxCacheEntries,
+                       PRUint32 minimumSecondsToNextFetchAttempt,
+                       PRUint32 maximumSecondsToNextFetchAttempt)
+{
+    if (minimumSecondsToNextFetchAttempt > maximumSecondsToNextFetchAttempt ||
+        maxCacheEntries < -1) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+
+    if (maxCacheEntries < 0) {
+        OCSP_Global.maxCacheEntries = -1; /* disable cache */
+    } else if (maxCacheEntries == 0) {
+        OCSP_Global.maxCacheEntries = 0; /* unlimited cache entries */
+    } else {
+        OCSP_Global.maxCacheEntries = maxCacheEntries;
+    }
+
+    if (minimumSecondsToNextFetchAttempt <
+            OCSP_Global.minimumSecondsToNextFetchAttempt ||
+        maximumSecondsToNextFetchAttempt <
+            OCSP_Global.maximumSecondsToNextFetchAttempt) {
+        /*
+         * Ensure our existing cache entries are not used longer than the
+         * new settings allow, we're lazy and just clear the cache
+         */
+        CERT_ClearOCSPCache();
+    }
+
+    OCSP_Global.minimumSecondsToNextFetchAttempt =
+        minimumSecondsToNextFetchAttempt;
+    OCSP_Global.maximumSecondsToNextFetchAttempt =
+        maximumSecondsToNextFetchAttempt;
+    ocsp_CheckCacheSize(&OCSP_Global.cache);
+
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return SECSuccess;
+}
+
+SECStatus
+CERT_SetOCSPTimeout(PRUint32 seconds)
+{
+    /* no locking, see bug 406120 */
+    OCSP_Global.timeoutSeconds = seconds;
+    return SECSuccess;
+}
+
+/* this function is called at NSS initialization time */
+SECStatus
+OCSP_InitGlobal(void)
+{
+    SECStatus rv = SECFailure;
+
+    if (OCSP_Global.monitor == NULL) {
+        OCSP_Global.monitor = PR_NewMonitor();
+    }
+    if (!OCSP_Global.monitor)
+        return SECFailure;
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    if (!OCSP_Global.cache.entries) {
+        OCSP_Global.cache.entries =
+            PL_NewHashTable(0,
+                            ocsp_CacheKeyHashFunction,
+                            ocsp_CacheKeyCompareFunction,
+                            PL_CompareValues,
+                            NULL,
+                            NULL);
+        OCSP_Global.ocspFailureMode = ocspMode_FailureIsVerificationFailure;
+        OCSP_Global.cache.numberOfEntries = 0;
+        OCSP_Global.cache.MRUitem = NULL;
+        OCSP_Global.cache.LRUitem = NULL;
+    } else {
+        /*
+         * NSS might call this function twice while attempting to init.
+         * But it's not allowed to call this again after any activity.
+         */
+        PORT_Assert(OCSP_Global.cache.numberOfEntries == 0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    }
+    if (OCSP_Global.cache.entries)
+        rv = SECSuccess;
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return rv;
+}
+
+SECStatus
+OCSP_ShutdownGlobal(void)
+{
+    if (!OCSP_Global.monitor)
+        return SECSuccess;
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    if (OCSP_Global.cache.entries) {
+        CERT_ClearOCSPCache();
+        PL_HashTableDestroy(OCSP_Global.cache.entries);
+        OCSP_Global.cache.entries = NULL;
+    }
+    PORT_Assert(OCSP_Global.cache.numberOfEntries == 0);
+    OCSP_Global.cache.MRUitem = NULL;
+    OCSP_Global.cache.LRUitem = NULL;
+
+    OCSP_Global.defaultHttpClientFcn = NULL;
+    OCSP_Global.maxCacheEntries = DEFAULT_OCSP_CACHE_SIZE;
+    OCSP_Global.minimumSecondsToNextFetchAttempt =
+        DEFAULT_MINIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
+    OCSP_Global.maximumSecondsToNextFetchAttempt =
+        DEFAULT_MAXIMUM_SECONDS_TO_NEXT_OCSP_FETCH_ATTEMPT;
+    OCSP_Global.ocspFailureMode =
+        ocspMode_FailureIsVerificationFailure;
+    PR_ExitMonitor(OCSP_Global.monitor);
+
+    PR_DestroyMonitor(OCSP_Global.monitor);
+    OCSP_Global.monitor = NULL;
+    return SECSuccess;
+}
+
+/*
+ * A return value of NULL means:
+ *   The application did not register it's own HTTP client.
+ */
+const SEC_HttpClientFcn *
+SEC_GetRegisteredHttpClient(void)
+{
+    const SEC_HttpClientFcn *retval;
+
+    if (!OCSP_Global.monitor) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return NULL;
+    }
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    retval = OCSP_Global.defaultHttpClientFcn;
+    PR_ExitMonitor(OCSP_Global.monitor);
+
+    return retval;
+}
+
+/*
+ * The following structure is only used internally.  It is allocated when
+ * someone turns on OCSP checking, and hangs off of the status-configuration
+ * structure in the certdb structure.  We use it to keep configuration
+ * information specific to OCSP checking.
+ */
+typedef struct ocspCheckingContextStr {
+    PRBool useDefaultResponder;
+    char *defaultResponderURI;
+    char *defaultResponderNickname;
+    CERTCertificate *defaultResponderCert;
+} ocspCheckingContext;
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_NullTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+SEC_ASN1_MKSUB(SEC_PointerToAnyTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_SequenceOfAnyTemplate)
+SEC_ASN1_MKSUB(SEC_PointerToGeneralizedTimeTemplate)
+SEC_ASN1_MKSUB(SEC_PointerToEnumeratedTemplate)
+
+/*
+ * Forward declarations of sub-types, so I can lay out the types in the
+ * same order as the ASN.1 is laid out in the OCSP spec itself.
+ *
+ * These are in alphabetical order (case-insensitive); please keep it that way!
+ */
+extern const SEC_ASN1Template ocsp_CertIDTemplate[];
+extern const SEC_ASN1Template ocsp_PointerToSignatureTemplate[];
+extern const SEC_ASN1Template ocsp_PointerToResponseBytesTemplate[];
+extern const SEC_ASN1Template ocsp_ResponseDataTemplate[];
+extern const SEC_ASN1Template ocsp_RevokedInfoTemplate[];
+extern const SEC_ASN1Template ocsp_SingleRequestTemplate[];
+extern const SEC_ASN1Template ocsp_SingleResponseTemplate[];
+extern const SEC_ASN1Template ocsp_TBSRequestTemplate[];
+
+/*
+ * Request-related templates...
+ */
+
+/*
+ * OCSPRequest	::=	SEQUENCE {
+ *	tbsRequest		TBSRequest,
+ *	optionalSignature	[0] EXPLICIT Signature OPTIONAL }
+ */
+static const SEC_ASN1Template ocsp_OCSPRequestTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTOCSPRequest) },
+    { SEC_ASN1_POINTER,
+      offsetof(CERTOCSPRequest, tbsRequest),
+      ocsp_TBSRequestTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(CERTOCSPRequest, optionalSignature),
+      ocsp_PointerToSignatureTemplate },
+    { 0 }
+};
+
+/*
+ * TBSRequest	::=	SEQUENCE {
+ *	version			[0] EXPLICIT Version DEFAULT v1,
+ *	requestorName		[1] EXPLICIT GeneralName OPTIONAL,
+ *	requestList		SEQUENCE OF Request,
+ *	requestExtensions	[2] EXPLICIT Extensions OPTIONAL }
+ *
+ * Version	::=	INTEGER { v1(0) }
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_TBSRequestTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspTBSRequest) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(ocspTBSRequest, version),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(ocspTBSRequest, derRequestorName),
+      SEC_ASN1_SUB(SEC_PointerToAnyTemplate) },
+    { SEC_ASN1_SEQUENCE_OF,
+      offsetof(ocspTBSRequest, requestList),
+      ocsp_SingleRequestTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+      offsetof(ocspTBSRequest, requestExtensions),
+      CERT_SequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+/*
+ * Signature	::=	SEQUENCE {
+ *	signatureAlgorithm	AlgorithmIdentifier,
+ *	signature		BIT STRING,
+ *	certs			[0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+static const SEC_ASN1Template ocsp_SignatureTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspSignature) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(ocspSignature, signatureAlgorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING,
+      offsetof(ocspSignature, signature) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(ocspSignature, derCerts),
+      SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
+    { 0 }
+};
+
+/*
+ * This template is just an extra level to use in an explicitly-tagged
+ * reference to a Signature.
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_PointerToSignatureTemplate[] = {
+    { SEC_ASN1_POINTER, 0, ocsp_SignatureTemplate }
+};
+
+/*
+ * Request	::=	SEQUENCE {
+ *	reqCert			CertID,
+ *	singleRequestExtensions	[0] EXPLICIT Extensions OPTIONAL }
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_SingleRequestTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspSingleRequest) },
+    { SEC_ASN1_POINTER,
+      offsetof(ocspSingleRequest, reqCert),
+      ocsp_CertIDTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(ocspSingleRequest, singleRequestExtensions),
+      CERT_SequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+/*
+ * This data structure and template (CertID) is used by both OCSP
+ * requests and responses.  It is the only one that is shared.
+ *
+ * CertID	::=	SEQUENCE {
+ *	hashAlgorithm		AlgorithmIdentifier,
+ *	issuerNameHash		OCTET STRING,	-- Hash of Issuer DN
+ *	issuerKeyHash		OCTET STRING,	-- Hash of Issuer public key
+ *	serialNumber		CertificateSerialNumber }
+ *
+ * CertificateSerialNumber ::=	INTEGER
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_CertIDTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTOCSPCertID) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(CERTOCSPCertID, hashAlgorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(CERTOCSPCertID, issuerNameHash) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(CERTOCSPCertID, issuerKeyHash) },
+    { SEC_ASN1_INTEGER,
+      offsetof(CERTOCSPCertID, serialNumber) },
+    { 0 }
+};
+
+/*
+ * Response-related templates...
+ */
+
+/*
+ * OCSPResponse	::=	SEQUENCE {
+ *	responseStatus		OCSPResponseStatus,
+ *	responseBytes		[0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+const SEC_ASN1Template ocsp_OCSPResponseTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTOCSPResponse) },
+    { SEC_ASN1_ENUMERATED,
+      offsetof(CERTOCSPResponse, responseStatus) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(CERTOCSPResponse, responseBytes),
+      ocsp_PointerToResponseBytesTemplate },
+    { 0 }
+};
+
+/*
+ * ResponseBytes	::=	SEQUENCE {
+ *	responseType		OBJECT IDENTIFIER,
+ *	response		OCTET STRING }
+ */
+const SEC_ASN1Template ocsp_ResponseBytesTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspResponseBytes) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(ocspResponseBytes, responseType) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(ocspResponseBytes, response) },
+    { 0 }
+};
+
+/*
+ * This template is just an extra level to use in an explicitly-tagged
+ * reference to a ResponseBytes.
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_PointerToResponseBytesTemplate[] = {
+    { SEC_ASN1_POINTER, 0, ocsp_ResponseBytesTemplate }
+};
+
+/*
+ * BasicOCSPResponse	::=	SEQUENCE {
+ *	tbsResponseData		ResponseData,
+ *	signatureAlgorithm	AlgorithmIdentifier,
+ *	signature		BIT STRING,
+ *	certs			[0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+static const SEC_ASN1Template ocsp_BasicOCSPResponseTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspBasicOCSPResponse) },
+    { SEC_ASN1_ANY | SEC_ASN1_SAVE,
+      offsetof(ocspBasicOCSPResponse, tbsResponseDataDER) },
+    { SEC_ASN1_POINTER,
+      offsetof(ocspBasicOCSPResponse, tbsResponseData),
+      ocsp_ResponseDataTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING,
+      offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
+      SEC_ASN1_SUB(SEC_SequenceOfAnyTemplate) },
+    { 0 }
+};
+
+/*
+ * ResponseData	::=	SEQUENCE {
+ *	version			[0] EXPLICIT Version DEFAULT v1,
+ *	responderID		ResponderID,
+ *	producedAt		GeneralizedTime,
+ *	responses		SEQUENCE OF SingleResponse,
+ *	responseExtensions	[1] EXPLICIT Extensions OPTIONAL }
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_ResponseDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspResponseData) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(ocspResponseData, version),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { SEC_ASN1_ANY,
+      offsetof(ocspResponseData, derResponderID) },
+    { SEC_ASN1_GENERALIZED_TIME,
+      offsetof(ocspResponseData, producedAt) },
+    { SEC_ASN1_SEQUENCE_OF,
+      offsetof(ocspResponseData, responses),
+      ocsp_SingleResponseTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(ocspResponseData, responseExtensions),
+      CERT_SequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+/*
+ * ResponderID	::=	CHOICE {
+ *	byName			[1] EXPLICIT Name,
+ *	byKey			[2] EXPLICIT KeyHash }
+ *
+ * KeyHash ::=	OCTET STRING -- SHA-1 hash of responder's public key
+ * (excluding the tag and length fields)
+ *
+ * XXX Because the ASN.1 encoder and decoder currently do not provide
+ * a way to automatically handle a CHOICE, we need to do it in two
+ * steps, looking at the type tag and feeding the exact choice back
+ * to the ASN.1 code.  Hopefully that will change someday and this
+ * can all be simplified down into a single template.  Anyway, for
+ * now we list each choice as its own template:
+ */
+const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[] = {
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(ocspResponderID, responderIDValue.name),
+      CERT_NameTemplate }
+};
+const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[] = {
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 2,
+      offsetof(ocspResponderID, responderIDValue.keyHash),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate) }
+};
+static const SEC_ASN1Template ocsp_ResponderIDOtherTemplate[] = {
+    { SEC_ASN1_ANY,
+      offsetof(ocspResponderID, responderIDValue.other) }
+};
+
+/* Decode choice container, but leave x509 name object encoded */
+static const SEC_ASN1Template ocsp_ResponderIDDerNameTemplate[] = {
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      0, SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+/*
+ * SingleResponse	::=	SEQUENCE {
+ *	certID			CertID,
+ *	certStatus		CertStatus,
+ *	thisUpdate		GeneralizedTime,
+ *	nextUpdate		[0] EXPLICIT GeneralizedTime OPTIONAL,
+ *	singleExtensions	[1] EXPLICIT Extensions OPTIONAL }
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_SingleResponseTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTOCSPSingleResponse) },
+    { SEC_ASN1_POINTER,
+      offsetof(CERTOCSPSingleResponse, certID),
+      ocsp_CertIDTemplate },
+    { SEC_ASN1_ANY,
+      offsetof(CERTOCSPSingleResponse, derCertStatus) },
+    { SEC_ASN1_GENERALIZED_TIME,
+      offsetof(CERTOCSPSingleResponse, thisUpdate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(CERTOCSPSingleResponse, nextUpdate),
+      SEC_ASN1_SUB(SEC_PointerToGeneralizedTimeTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(CERTOCSPSingleResponse, singleExtensions),
+      CERT_SequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+/*
+ * CertStatus	::=	CHOICE {
+ *	good			[0] IMPLICIT NULL,
+ *	revoked			[1] IMPLICIT RevokedInfo,
+ *	unknown			[2] IMPLICIT UnknownInfo }
+ *
+ * Because the ASN.1 encoder and decoder currently do not provide
+ * a way to automatically handle a CHOICE, we need to do it in two
+ * steps, looking at the type tag and feeding the exact choice back
+ * to the ASN.1 code.  Hopefully that will change someday and this
+ * can all be simplified down into a single template.  Anyway, for
+ * now we list each choice as its own template:
+ */
+static const SEC_ASN1Template ocsp_CertStatusGoodTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(ocspCertStatus, certStatusInfo.goodInfo),
+      SEC_ASN1_SUB(SEC_NullTemplate) }
+};
+static const SEC_ASN1Template ocsp_CertStatusRevokedTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
+      ocsp_RevokedInfoTemplate }
+};
+static const SEC_ASN1Template ocsp_CertStatusUnknownTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+      offsetof(ocspCertStatus, certStatusInfo.unknownInfo),
+      SEC_ASN1_SUB(SEC_NullTemplate) }
+};
+static const SEC_ASN1Template ocsp_CertStatusOtherTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(ocspCertStatus, certStatusInfo.otherInfo),
+      SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+/*
+ * RevokedInfo	::=	SEQUENCE {
+ *	revocationTime		GeneralizedTime,
+ *	revocationReason	[0] EXPLICIT CRLReason OPTIONAL }
+ *
+ * Note: this should be static but the AIX compiler doesn't like it (because it
+ * was forward-declared above); it is not meant to be exported, but this
+ * is the only way it will compile.
+ */
+const SEC_ASN1Template ocsp_RevokedInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspRevokedInfo) },
+    { SEC_ASN1_GENERALIZED_TIME,
+      offsetof(ocspRevokedInfo, revocationTime) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(ocspRevokedInfo, revocationReason),
+      SEC_ASN1_SUB(SEC_PointerToEnumeratedTemplate) },
+    { 0 }
+};
+
+/*
+ * OCSP-specific extension templates:
+ */
+
+/*
+ * ServiceLocator	::=	SEQUENCE {
+ *	issuer			Name,
+ *	locator			AuthorityInfoAccessSyntax OPTIONAL }
+ */
+static const SEC_ASN1Template ocsp_ServiceLocatorTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspServiceLocator) },
+    { SEC_ASN1_POINTER,
+      offsetof(ocspServiceLocator, issuer),
+      CERT_NameTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
+      offsetof(ocspServiceLocator, locator) },
+    { 0 }
+};
+
+/*
+ * REQUEST SUPPORT FUNCTIONS (encode/create/decode/destroy):
+ */
+
+/*
+ * FUNCTION: CERT_EncodeOCSPRequest
+ *   DER encodes an OCSP Request, possibly adding a signature as well.
+ *   XXX Signing is not yet supported, however; see comments in code.
+ * INPUTS:
+ *   PLArenaPool *arena
+ *     The return value is allocated from here.
+ *     If a NULL is passed in, allocation is done from the heap instead.
+ *   CERTOCSPRequest *request
+ *     The request to be encoded.
+ *   void *pwArg
+ *     Pointer to argument for password prompting, if needed.  (Definitely
+ *     not needed if not signing.)
+ * RETURN:
+ *   Returns a NULL on error and a pointer to the SECItem with the
+ *   encoded value otherwise.  Any error is likely to be low-level
+ *   (e.g. no memory).
+ */
+SECItem *
+CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
+                       void *pwArg)
+{
+    SECStatus rv;
+
+    /* XXX All of these should generate errors if they fail. */
+    PORT_Assert(request);
+    PORT_Assert(request->tbsRequest);
+
+    if (request->tbsRequest->extensionHandle != NULL) {
+        rv = CERT_FinishExtensions(request->tbsRequest->extensionHandle);
+        request->tbsRequest->extensionHandle = NULL;
+        if (rv != SECSuccess)
+            return NULL;
+    }
+
+    /*
+     * XXX When signed requests are supported and request->optionalSignature
+     * is not NULL:
+     *  - need to encode tbsRequest->requestorName
+     *  - need to encode tbsRequest
+     *  - need to sign that encoded result (using cert in sig), filling in the
+     *    request->optionalSignature structure with the result, the signing
+     *    algorithm and (perhaps?) the cert (and its chain?) in derCerts
+     */
+
+    return SEC_ASN1EncodeItem(arena, NULL, request, ocsp_OCSPRequestTemplate);
+}
+
+/*
+ * FUNCTION: CERT_DecodeOCSPRequest
+ *   Decode a DER encoded OCSP Request.
+ * INPUTS:
+ *   SECItem *src
+ *     Pointer to a SECItem holding DER encoded OCSP Request.
+ * RETURN:
+ *   Returns a pointer to a CERTOCSPRequest containing the decoded request.
+ *   On error, returns NULL.  Most likely error is trouble decoding
+ *   (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
+ */
+CERTOCSPRequest *
+CERT_DecodeOCSPRequest(const SECItem *src)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECFailure;
+    CERTOCSPRequest *dest = NULL;
+    int i;
+    SECItem newSrc;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+    dest = (CERTOCSPRequest *)PORT_ArenaZAlloc(arena,
+                                               sizeof(CERTOCSPRequest));
+    if (dest == NULL) {
+        goto loser;
+    }
+    dest->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newSrc, src);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, dest, ocsp_OCSPRequestTemplate, &newSrc);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_BAD_DER)
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
+        goto loser;
+    }
+
+    /*
+     * XXX I would like to find a way to get rid of the necessity
+     * of doing this copying of the arena pointer.
+     */
+    for (i = 0; dest->tbsRequest->requestList[i] != NULL; i++) {
+        dest->tbsRequest->requestList[i]->arena = arena;
+    }
+
+    return dest;
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+SECStatus
+CERT_DestroyOCSPCertID(CERTOCSPCertID *certID)
+{
+    if (certID && certID->poolp) {
+        PORT_FreeArena(certID->poolp, PR_FALSE);
+        return SECSuccess;
+    }
+    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    return SECFailure;
+}
+
+/*
+ * Digest data using the specified algorithm.
+ * The necessary storage for the digest data is allocated.  If "fill" is
+ * non-null, the data is put there, otherwise a SECItem is allocated.
+ * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
+ * results in a NULL being returned (and an appropriate error set).
+ */
+
+SECItem *
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
+                 SECItem *fill, const SECItem *src)
+{
+    const SECHashObject *digestObject;
+    SECItem *result = NULL;
+    void *mark = NULL;
+    void *digestBuff = NULL;
+
+    if (arena != NULL) {
+        mark = PORT_ArenaMark(arena);
+    }
+
+    digestObject = HASH_GetHashObjectByOidTag(digestAlg);
+    if (digestObject == NULL) {
+        goto loser;
+    }
+
+    if (fill == NULL || fill->data == NULL) {
+        result = SECITEM_AllocItem(arena, fill, digestObject->length);
+        if (result == NULL) {
+            goto loser;
+        }
+        digestBuff = result->data;
+    } else {
+        if (fill->len < digestObject->length) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            goto loser;
+        }
+        digestBuff = fill->data;
+    }
+
+    if (PK11_HashBuf(digestAlg, digestBuff,
+                     src->data, src->len) != SECSuccess) {
+        goto loser;
+    }
+
+    if (arena != NULL) {
+        PORT_ArenaUnmark(arena, mark);
+    }
+
+    if (result == NULL) {
+        result = fill;
+    }
+    return result;
+
+loser:
+    if (arena != NULL) {
+        PORT_ArenaRelease(arena, mark);
+    } else {
+        if (result != NULL) {
+            SECITEM_FreeItem(result, (fill == NULL) ? PR_TRUE : PR_FALSE);
+        }
+    }
+    return (NULL);
+}
+
+/*
+ * Digest the cert's subject public key using the specified algorithm.
+ * The necessary storage for the digest data is allocated.  If "fill" is
+ * non-null, the data is put there, otherwise a SECItem is allocated.
+ * Allocation from "arena" if it is non-null, heap otherwise.  Any problem
+ * results in a NULL being returned (and an appropriate error set).
+ */
+SECItem *
+CERT_GetSubjectPublicKeyDigest(PLArenaPool *arena, const CERTCertificate *cert,
+                               SECOidTag digestAlg, SECItem *fill)
+{
+    SECItem spk;
+
+    /*
+     * Copy just the length and data pointer (nothing needs to be freed)
+     * of the subject public key so we can convert the length from bits
+     * to bytes, which is what the digest function expects.
+     */
+    spk = cert->subjectPublicKeyInfo.subjectPublicKey;
+    DER_ConvertBitString(&spk);
+
+    return ocsp_DigestValue(arena, digestAlg, fill, &spk);
+}
+
+/*
+ * Digest the cert's subject name using the specified algorithm.
+ */
+SECItem *
+CERT_GetSubjectNameDigest(PLArenaPool *arena, const CERTCertificate *cert,
+                          SECOidTag digestAlg, SECItem *fill)
+{
+    SECItem name;
+
+    /*
+     * Copy just the length and data pointer (nothing needs to be freed)
+     * of the subject name
+     */
+    name = cert->derSubject;
+
+    return ocsp_DigestValue(arena, digestAlg, fill, &name);
+}
+
+/*
+ * Create and fill-in a CertID.  This function fills in the hash values
+ * (issuerNameHash and issuerKeyHash), and is hardwired to use SHA1.
+ * Someday it might need to be more flexible about hash algorithm, but
+ * for now we have no intention/need to create anything else.
+ *
+ * Error causes a null to be returned; most likely cause is trouble
+ * finding the certificate issuer (SEC_ERROR_UNKNOWN_ISSUER).
+ * Other errors are low-level problems (no memory, bad database, etc.).
+ */
+static CERTOCSPCertID *
+ocsp_CreateCertID(PLArenaPool *arena, CERTCertificate *cert, PRTime time)
+{
+    CERTOCSPCertID *certID;
+    CERTCertificate *issuerCert = NULL;
+    void *mark = PORT_ArenaMark(arena);
+    SECStatus rv;
+
+    PORT_Assert(arena != NULL);
+
+    certID = PORT_ArenaZNew(arena, CERTOCSPCertID);
+    if (certID == NULL) {
+        goto loser;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, &certID->hashAlgorithm, SEC_OID_SHA1,
+                               NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    issuerCert = CERT_FindCertIssuer(cert, time, certUsageAnyCA);
+    if (issuerCert == NULL) {
+        goto loser;
+    }
+
+    if (CERT_GetSubjectNameDigest(arena, issuerCert, SEC_OID_SHA1,
+                                  &(certID->issuerNameHash)) == NULL) {
+        goto loser;
+    }
+    certID->issuerSHA1NameHash.data = certID->issuerNameHash.data;
+    certID->issuerSHA1NameHash.len = certID->issuerNameHash.len;
+
+    if (CERT_GetSubjectNameDigest(arena, issuerCert, SEC_OID_MD5,
+                                  &(certID->issuerMD5NameHash)) == NULL) {
+        goto loser;
+    }
+
+    if (CERT_GetSubjectNameDigest(arena, issuerCert, SEC_OID_MD2,
+                                  &(certID->issuerMD2NameHash)) == NULL) {
+        goto loser;
+    }
+
+    if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_SHA1,
+                                       &certID->issuerKeyHash) == NULL) {
+        goto loser;
+    }
+    certID->issuerSHA1KeyHash.data = certID->issuerKeyHash.data;
+    certID->issuerSHA1KeyHash.len = certID->issuerKeyHash.len;
+    /* cache the other two hash algorithms as well */
+    if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_MD5,
+                                       &certID->issuerMD5KeyHash) == NULL) {
+        goto loser;
+    }
+    if (CERT_GetSubjectPublicKeyDigest(arena, issuerCert, SEC_OID_MD2,
+                                       &certID->issuerMD2KeyHash) == NULL) {
+        goto loser;
+    }
+
+    /* now we are done with issuerCert */
+    CERT_DestroyCertificate(issuerCert);
+    issuerCert = NULL;
+
+    rv = SECITEM_CopyItem(arena, &certID->serialNumber, &cert->serialNumber);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(arena, mark);
+    return certID;
+
+loser:
+    if (issuerCert != NULL) {
+        CERT_DestroyCertificate(issuerCert);
+    }
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+CERTOCSPCertID *
+CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time)
+{
+    PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    CERTOCSPCertID *certID;
+    PORT_Assert(arena != NULL);
+    if (!arena)
+        return NULL;
+
+    certID = ocsp_CreateCertID(arena, cert, time);
+    if (!certID) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    certID->poolp = arena;
+    return certID;
+}
+
+static CERTOCSPCertID *
+cert_DupOCSPCertID(const CERTOCSPCertID *src)
+{
+    CERTOCSPCertID *dest;
+    PLArenaPool *arena = NULL;
+
+    if (!src) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena)
+        goto loser;
+
+    dest = PORT_ArenaZNew(arena, CERTOCSPCertID);
+    if (!dest)
+        goto loser;
+
+#define DUPHELP(element)                                          \
+    if (src->element.data &&                                      \
+        SECITEM_CopyItem(arena, &dest->element, &src->element) != \
+            SECSuccess) {                                         \
+        goto loser;                                               \
+    }
+
+    DUPHELP(hashAlgorithm.algorithm)
+    DUPHELP(hashAlgorithm.parameters)
+    DUPHELP(issuerNameHash)
+    DUPHELP(issuerKeyHash)
+    DUPHELP(serialNumber)
+    DUPHELP(issuerSHA1NameHash)
+    DUPHELP(issuerMD5NameHash)
+    DUPHELP(issuerMD2NameHash)
+    DUPHELP(issuerSHA1KeyHash)
+    DUPHELP(issuerMD5KeyHash)
+    DUPHELP(issuerMD2KeyHash)
+
+    dest->poolp = arena;
+    return dest;
+
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+    return NULL;
+}
+
+/*
+ * Callback to set Extensions in request object
+ */
+void
+SetSingleReqExts(void *object, CERTCertExtension **exts)
+{
+    ocspSingleRequest *singleRequest =
+        (ocspSingleRequest *)object;
+
+    singleRequest->singleRequestExtensions = exts;
+}
+
+/*
+ * Add the Service Locator extension to the singleRequestExtensions
+ * for the given singleRequest.
+ *
+ * All errors are internal or low-level problems (e.g. no memory).
+ */
+static SECStatus
+ocsp_AddServiceLocatorExtension(ocspSingleRequest *singleRequest,
+                                CERTCertificate *cert)
+{
+    ocspServiceLocator *serviceLocator = NULL;
+    void *extensionHandle = NULL;
+    SECStatus rv = SECFailure;
+
+    serviceLocator = PORT_ZNew(ocspServiceLocator);
+    if (serviceLocator == NULL)
+        goto loser;
+
+    /*
+     * Normally it would be a bad idea to do a direct reference like
+     * this rather than allocate and copy the name *or* at least dup
+     * a reference of the cert.  But all we need is to be able to read
+     * the issuer name during the encoding we are about to do, so a
+     * copy is just a waste of time.
+     */
+    serviceLocator->issuer = &cert->issuer;
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
+                                &serviceLocator->locator);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() != SEC_ERROR_EXTENSION_NOT_FOUND)
+            goto loser;
+    }
+
+    /* prepare for following loser gotos */
+    rv = SECFailure;
+    PORT_SetError(0);
+
+    extensionHandle = cert_StartExtensions(singleRequest,
+                                           singleRequest->arena, SetSingleReqExts);
+    if (extensionHandle == NULL)
+        goto loser;
+
+    rv = CERT_EncodeAndAddExtension(extensionHandle,
+                                    SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
+                                    serviceLocator, PR_FALSE,
+                                    ocsp_ServiceLocatorTemplate);
+
+loser:
+    if (extensionHandle != NULL) {
+        /*
+	 * Either way we have to finish out the extension context (so it gets
+	 * freed).  But careful not to override any already-set bad status.
+	 */
+        SECStatus tmprv = CERT_FinishExtensions(extensionHandle);
+        if (rv == SECSuccess)
+            rv = tmprv;
+    }
+
+    /*
+     * Finally, free the serviceLocator structure itself and we are done.
+     */
+    if (serviceLocator != NULL) {
+        if (serviceLocator->locator.data != NULL)
+            SECITEM_FreeItem(&serviceLocator->locator, PR_FALSE);
+        PORT_Free(serviceLocator);
+    }
+
+    return rv;
+}
+
+/*
+ * Creates an array of ocspSingleRequest based on a list of certs.
+ * Note that the code which later compares the request list with the
+ * response expects this array to be in the exact same order as the
+ * certs are found in the list.  It would be harder to change that
+ * order than preserve it, but since the requirement is not obvious,
+ * it deserves to be mentioned.
+ *
+ * Any problem causes a null return and error set:
+ *      SEC_ERROR_UNKNOWN_ISSUER
+ * Other errors are low-level problems (no memory, bad database, etc.).
+ */
+static ocspSingleRequest **
+ocsp_CreateSingleRequestList(PLArenaPool *arena, CERTCertList *certList,
+                             PRTime time, PRBool includeLocator)
+{
+    ocspSingleRequest **requestList = NULL;
+    CERTCertListNode *node = NULL;
+    int i, count;
+    void *mark = PORT_ArenaMark(arena);
+
+    node = CERT_LIST_HEAD(certList);
+    for (count = 0; !CERT_LIST_END(node, certList); count++) {
+        node = CERT_LIST_NEXT(node);
+    }
+
+    if (count == 0)
+        goto loser;
+
+    requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, count + 1);
+    if (requestList == NULL)
+        goto loser;
+
+    node = CERT_LIST_HEAD(certList);
+    for (i = 0; !CERT_LIST_END(node, certList); i++) {
+        requestList[i] = PORT_ArenaZNew(arena, ocspSingleRequest);
+        if (requestList[i] == NULL)
+            goto loser;
+
+        OCSP_TRACE(("OCSP CERT_CreateOCSPRequest %s\n", node->cert->subjectName));
+        requestList[i]->arena = arena;
+        requestList[i]->reqCert = ocsp_CreateCertID(arena, node->cert, time);
+        if (requestList[i]->reqCert == NULL)
+            goto loser;
+
+        if (includeLocator == PR_TRUE) {
+            SECStatus rv;
+
+            rv = ocsp_AddServiceLocatorExtension(requestList[i], node->cert);
+            if (rv != SECSuccess)
+                goto loser;
+        }
+
+        node = CERT_LIST_NEXT(node);
+    }
+
+    PORT_Assert(i == count);
+
+    PORT_ArenaUnmark(arena, mark);
+    requestList[i] = NULL;
+    return requestList;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+static ocspSingleRequest **
+ocsp_CreateRequestFromCert(PLArenaPool *arena,
+                           CERTOCSPCertID *certID,
+                           CERTCertificate *singleCert,
+                           PRTime time,
+                           PRBool includeLocator)
+{
+    ocspSingleRequest **requestList = NULL;
+    void *mark = PORT_ArenaMark(arena);
+    PORT_Assert(certID != NULL && singleCert != NULL);
+
+    /* meaning of value 2: one entry + one end marker */
+    requestList = PORT_ArenaNewArray(arena, ocspSingleRequest *, 2);
+    if (requestList == NULL)
+        goto loser;
+    requestList[0] = PORT_ArenaZNew(arena, ocspSingleRequest);
+    if (requestList[0] == NULL)
+        goto loser;
+    requestList[0]->arena = arena;
+    /* certID will live longer than the request */
+    requestList[0]->reqCert = certID;
+
+    if (includeLocator == PR_TRUE) {
+        SECStatus rv;
+        rv = ocsp_AddServiceLocatorExtension(requestList[0], singleCert);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    PORT_ArenaUnmark(arena, mark);
+    requestList[1] = NULL;
+    return requestList;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+static CERTOCSPRequest *
+ocsp_prepareEmptyOCSPRequest(void)
+{
+    PLArenaPool *arena = NULL;
+    CERTOCSPRequest *request = NULL;
+    ocspTBSRequest *tbsRequest = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+    request = PORT_ArenaZNew(arena, CERTOCSPRequest);
+    if (request == NULL) {
+        goto loser;
+    }
+    request->arena = arena;
+
+    tbsRequest = PORT_ArenaZNew(arena, ocspTBSRequest);
+    if (tbsRequest == NULL) {
+        goto loser;
+    }
+    request->tbsRequest = tbsRequest;
+    /* version 1 is the default, so we need not fill in a version number */
+    return request;
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+CERTOCSPRequest *
+cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
+                                 CERTCertificate *singleCert,
+                                 PRTime time,
+                                 PRBool addServiceLocator,
+                                 CERTCertificate *signerCert)
+{
+    CERTOCSPRequest *request;
+    OCSP_TRACE(("OCSP cert_CreateSingleCertOCSPRequest %s\n", singleCert->subjectName));
+
+    /* XXX Support for signerCert may be implemented later,
+     * see also the comment in CERT_CreateOCSPRequest.
+     */
+    if (signerCert != NULL) {
+        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+        return NULL;
+    }
+
+    request = ocsp_prepareEmptyOCSPRequest();
+    if (!request)
+        return NULL;
+    /*
+     * Version 1 is the default, so we need not fill in a version number.
+     * Now create the list of single requests, one for each cert.
+     */
+    request->tbsRequest->requestList =
+        ocsp_CreateRequestFromCert(request->arena,
+                                   certID,
+                                   singleCert,
+                                   time,
+                                   addServiceLocator);
+    if (request->tbsRequest->requestList == NULL) {
+        PORT_FreeArena(request->arena, PR_FALSE);
+        return NULL;
+    }
+    return request;
+}
+
+/*
+ * FUNCTION: CERT_CreateOCSPRequest
+ *   Creates a CERTOCSPRequest, requesting the status of the certs in
+ *   the given list.
+ * INPUTS:
+ *   CERTCertList *certList
+ *     A list of certs for which status will be requested.
+ *     Note that all of these certificates should have the same issuer,
+ *     or it's expected the response will be signed by a trusted responder.
+ *     If the certs need to be broken up into multiple requests, that
+ *     must be handled by the caller (and thus by having multiple calls
+ *     to this routine), who knows about where the request(s) are being
+ *     sent and whether there are any trusted responders in place.
+ *   PRTime time
+ *     Indicates the time for which the certificate status is to be
+ *     determined -- this may be used in the search for the cert's issuer
+ *     but has no effect on the request itself.
+ *   PRBool addServiceLocator
+ *     If true, the Service Locator extension should be added to the
+ *     single request(s) for each cert.
+ *   CERTCertificate *signerCert
+ *     If non-NULL, means sign the request using this cert.  Otherwise,
+ *     do not sign.
+ *     XXX note that request signing is not yet supported; see comment in code
+ * RETURN:
+ *   A pointer to a CERTOCSPRequest structure containing an OCSP request
+ *   for the cert list.  On error, null is returned, with an error set
+ *   indicating the reason.  This is likely SEC_ERROR_UNKNOWN_ISSUER.
+ *   (The issuer is needed to create a request for the certificate.)
+ *   Other errors are low-level problems (no memory, bad database, etc.).
+ */
+CERTOCSPRequest *
+CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
+                       PRBool addServiceLocator,
+                       CERTCertificate *signerCert)
+{
+    CERTOCSPRequest *request = NULL;
+
+    if (!certList) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    /*
+     * XXX When we are prepared to put signing of requests back in,
+     * we will need to allocate a signature
+     * structure for the request, fill in the "derCerts" field in it,
+     * save the signerCert there, as well as fill in the "requestorName"
+     * field of the tbsRequest.
+     */
+    if (signerCert != NULL) {
+        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+        return NULL;
+    }
+    request = ocsp_prepareEmptyOCSPRequest();
+    if (!request)
+        return NULL;
+    /*
+     * Now create the list of single requests, one for each cert.
+     */
+    request->tbsRequest->requestList =
+        ocsp_CreateSingleRequestList(request->arena,
+                                     certList,
+                                     time,
+                                     addServiceLocator);
+    if (request->tbsRequest->requestList == NULL) {
+        PORT_FreeArena(request->arena, PR_FALSE);
+        return NULL;
+    }
+    return request;
+}
+
+/*
+ * FUNCTION: CERT_AddOCSPAcceptableResponses
+ *   Add the AcceptableResponses extension to an OCSP Request.
+ * INPUTS:
+ *   CERTOCSPRequest *request
+ *     The request to which the extension should be added.
+ *   ...
+ *     A list (of one or more) of SECOidTag -- each of the response types
+ *     to be added.  The last OID *must* be SEC_OID_PKIX_OCSP_BASIC_RESPONSE.
+ *     (This marks the end of the list, and it must be specified because a
+ *     client conforming to the OCSP standard is required to handle the basic
+ *     response type.)  The OIDs are not checked in any way.
+ * RETURN:
+ *   SECSuccess if the extension is added; SECFailure if anything goes wrong.
+ *   All errors are internal or low-level problems (e.g. no memory).
+ */
+
+void
+SetRequestExts(void *object, CERTCertExtension **exts)
+{
+    CERTOCSPRequest *request = (CERTOCSPRequest *)object;
+
+    request->tbsRequest->requestExtensions = exts;
+}
+
+#if defined(__GNUC__) && !defined(NSS_NO_GCC48)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wvarargs"
+#endif
+SECStatus
+CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request,
+                                SECOidTag responseType0, ...)
+{
+    void *extHandle;
+    va_list ap;
+    int i, count;
+    SECOidTag responseType;
+    SECOidData *responseOid;
+    SECItem **acceptableResponses = NULL;
+    SECStatus rv = SECFailure;
+
+    extHandle = request->tbsRequest->extensionHandle;
+    if (extHandle == NULL) {
+        extHandle = cert_StartExtensions(request, request->arena, SetRequestExts);
+        if (extHandle == NULL)
+            goto loser;
+    }
+
+    /* Count number of OIDS going into the extension value. */
+    count = 1;
+    if (responseType0 != SEC_OID_PKIX_OCSP_BASIC_RESPONSE) {
+        va_start(ap, responseType0);
+        do {
+            count++;
+            responseType = va_arg(ap, SECOidTag);
+        } while (responseType != SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+        va_end(ap);
+    }
+
+    acceptableResponses = PORT_NewArray(SECItem *, count + 1);
+    if (acceptableResponses == NULL)
+        goto loser;
+
+    i = 0;
+    responseOid = SECOID_FindOIDByTag(responseType0);
+    acceptableResponses[i++] = &(responseOid->oid);
+    if (count > 1) {
+        va_start(ap, responseType0);
+        for (; i < count; i++) {
+            responseType = va_arg(ap, SECOidTag);
+            responseOid = SECOID_FindOIDByTag(responseType);
+            acceptableResponses[i] = &(responseOid->oid);
+        }
+        va_end(ap);
+    }
+    acceptableResponses[i] = NULL;
+
+    rv = CERT_EncodeAndAddExtension(extHandle, SEC_OID_PKIX_OCSP_RESPONSE,
+                                    &acceptableResponses, PR_FALSE,
+                                    SEC_ASN1_GET(SEC_SequenceOfObjectIDTemplate));
+    if (rv != SECSuccess)
+        goto loser;
+
+    PORT_Free(acceptableResponses);
+    if (request->tbsRequest->extensionHandle == NULL)
+        request->tbsRequest->extensionHandle = extHandle;
+    return SECSuccess;
+
+loser:
+    if (acceptableResponses != NULL)
+        PORT_Free(acceptableResponses);
+    if (extHandle != NULL)
+        (void)CERT_FinishExtensions(extHandle);
+    return rv;
+}
+#if defined(__GNUC__) && !defined(NSS_NO_GCC48)
+#pragma GCC diagnostic pop
+#endif
+
+/*
+ * FUNCTION: CERT_DestroyOCSPRequest
+ *   Frees an OCSP Request structure.
+ * INPUTS:
+ *   CERTOCSPRequest *request
+ *     Pointer to CERTOCSPRequest to be freed.
+ * RETURN:
+ *   No return value; no errors.
+ */
+void
+CERT_DestroyOCSPRequest(CERTOCSPRequest *request)
+{
+    if (request == NULL)
+        return;
+
+    if (request->tbsRequest != NULL) {
+        if (request->tbsRequest->requestorName != NULL)
+            CERT_DestroyGeneralNameList(request->tbsRequest->requestorName);
+        if (request->tbsRequest->extensionHandle != NULL)
+            (void)CERT_FinishExtensions(request->tbsRequest->extensionHandle);
+    }
+
+    if (request->optionalSignature != NULL) {
+        if (request->optionalSignature->cert != NULL)
+            CERT_DestroyCertificate(request->optionalSignature->cert);
+
+        /*
+	 * XXX Need to free derCerts?  Or do they come out of arena?
+	 * (Currently we never fill in derCerts, which is why the
+	 * answer is not obvious.  Once we do, add any necessary code
+	 * here and remove this comment.)
+	 */
+    }
+
+    /*
+     * We should actually never have a request without an arena,
+     * but check just in case.  (If there isn't one, there is not
+     * much we can do about it...)
+     */
+    PORT_Assert(request->arena != NULL);
+    if (request->arena != NULL)
+        PORT_FreeArena(request->arena, PR_FALSE);
+}
+
+/*
+ * RESPONSE SUPPORT FUNCTIONS (encode/create/decode/destroy):
+ */
+
+/*
+ * Helper function for encoding or decoding a ResponderID -- based on the
+ * given type, return the associated template for that choice.
+ */
+static const SEC_ASN1Template *
+ocsp_ResponderIDTemplateByType(CERTOCSPResponderIDType responderIDType)
+{
+    const SEC_ASN1Template *responderIDTemplate;
+
+    switch (responderIDType) {
+        case ocspResponderID_byName:
+            responderIDTemplate = ocsp_ResponderIDByNameTemplate;
+            break;
+        case ocspResponderID_byKey:
+            responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
+            break;
+        case ocspResponderID_other:
+        default:
+            PORT_Assert(responderIDType == ocspResponderID_other);
+            responderIDTemplate = ocsp_ResponderIDOtherTemplate;
+            break;
+    }
+
+    return responderIDTemplate;
+}
+
+/*
+ * Helper function for encoding or decoding a CertStatus -- based on the
+ * given type, return the associated template for that choice.
+ */
+static const SEC_ASN1Template *
+ocsp_CertStatusTemplateByType(ocspCertStatusType certStatusType)
+{
+    const SEC_ASN1Template *certStatusTemplate;
+
+    switch (certStatusType) {
+        case ocspCertStatus_good:
+            certStatusTemplate = ocsp_CertStatusGoodTemplate;
+            break;
+        case ocspCertStatus_revoked:
+            certStatusTemplate = ocsp_CertStatusRevokedTemplate;
+            break;
+        case ocspCertStatus_unknown:
+            certStatusTemplate = ocsp_CertStatusUnknownTemplate;
+            break;
+        case ocspCertStatus_other:
+        default:
+            PORT_Assert(certStatusType == ocspCertStatus_other);
+            certStatusTemplate = ocsp_CertStatusOtherTemplate;
+            break;
+    }
+
+    return certStatusTemplate;
+}
+
+/*
+ * Helper function for decoding a certStatus -- turn the actual DER tag
+ * into our local translation.
+ */
+static ocspCertStatusType
+ocsp_CertStatusTypeByTag(int derTag)
+{
+    ocspCertStatusType certStatusType;
+
+    switch (derTag) {
+        case 0:
+            certStatusType = ocspCertStatus_good;
+            break;
+        case 1:
+            certStatusType = ocspCertStatus_revoked;
+            break;
+        case 2:
+            certStatusType = ocspCertStatus_unknown;
+            break;
+        default:
+            certStatusType = ocspCertStatus_other;
+            break;
+    }
+
+    return certStatusType;
+}
+
+/*
+ * Helper function for decoding SingleResponses -- they each contain
+ * a status which is encoded as CHOICE, which needs to be decoded "by hand".
+ *
+ * Note -- on error, this routine does not release the memory it may
+ * have allocated; it expects its caller to do that.
+ */
+static SECStatus
+ocsp_FinishDecodingSingleResponses(PLArenaPool *reqArena,
+                                   CERTOCSPSingleResponse **responses)
+{
+    ocspCertStatus *certStatus;
+    ocspCertStatusType certStatusType;
+    const SEC_ASN1Template *certStatusTemplate;
+    int derTag;
+    int i;
+    SECStatus rv = SECFailure;
+
+    if (!reqArena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (responses == NULL) /* nothing to do */
+        return SECSuccess;
+
+    for (i = 0; responses[i] != NULL; i++) {
+        SECItem *newStatus;
+        /*
+	 * The following assert points out internal errors (problems in
+	 * the template definitions or in the ASN.1 decoder itself, etc.).
+	 */
+        PORT_Assert(responses[i]->derCertStatus.data != NULL);
+
+        derTag = responses[i]->derCertStatus.data[0] & SEC_ASN1_TAGNUM_MASK;
+        certStatusType = ocsp_CertStatusTypeByTag(derTag);
+        certStatusTemplate = ocsp_CertStatusTemplateByType(certStatusType);
+
+        certStatus = PORT_ArenaZAlloc(reqArena, sizeof(ocspCertStatus));
+        if (certStatus == NULL) {
+            goto loser;
+        }
+        newStatus = SECITEM_ArenaDupItem(reqArena, &responses[i]->derCertStatus);
+        if (!newStatus) {
+            goto loser;
+        }
+        rv = SEC_QuickDERDecodeItem(reqArena, certStatus, certStatusTemplate,
+                                    newStatus);
+        if (rv != SECSuccess) {
+            if (PORT_GetError() == SEC_ERROR_BAD_DER)
+                PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+            goto loser;
+        }
+
+        certStatus->certStatusType = certStatusType;
+        responses[i]->certStatus = certStatus;
+    }
+
+    return SECSuccess;
+
+loser:
+    return rv;
+}
+
+/*
+ * Helper function for decoding a responderID -- turn the actual DER tag
+ * into our local translation.
+ */
+static CERTOCSPResponderIDType
+ocsp_ResponderIDTypeByTag(int derTag)
+{
+    CERTOCSPResponderIDType responderIDType;
+
+    switch (derTag) {
+        case 1:
+            responderIDType = ocspResponderID_byName;
+            break;
+        case 2:
+            responderIDType = ocspResponderID_byKey;
+            break;
+        default:
+            responderIDType = ocspResponderID_other;
+            break;
+    }
+
+    return responderIDType;
+}
+
+/*
+ * Decode "src" as a BasicOCSPResponse, returning the result.
+ */
+static ocspBasicOCSPResponse *
+ocsp_DecodeBasicOCSPResponse(PLArenaPool *arena, SECItem *src)
+{
+    void *mark;
+    ocspBasicOCSPResponse *basicResponse;
+    ocspResponseData *responseData;
+    ocspResponderID *responderID;
+    CERTOCSPResponderIDType responderIDType;
+    const SEC_ASN1Template *responderIDTemplate;
+    int derTag;
+    SECStatus rv;
+    SECItem newsrc;
+
+    mark = PORT_ArenaMark(arena);
+
+    basicResponse = PORT_ArenaZAlloc(arena, sizeof(ocspBasicOCSPResponse));
+    if (basicResponse == NULL) {
+        goto loser;
+    }
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newsrc, src);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, basicResponse,
+                                ocsp_BasicOCSPResponseTemplate, &newsrc);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_BAD_DER)
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+        goto loser;
+    }
+
+    responseData = basicResponse->tbsResponseData;
+
+    /*
+     * The following asserts point out internal errors (problems in
+     * the template definitions or in the ASN.1 decoder itself, etc.).
+     */
+    PORT_Assert(responseData != NULL);
+    PORT_Assert(responseData->derResponderID.data != NULL);
+
+    /*
+     * XXX Because responderID is a CHOICE, which is not currently handled
+     * by our ASN.1 decoder, we have to decode it "by hand".
+     */
+    derTag = responseData->derResponderID.data[0] & SEC_ASN1_TAGNUM_MASK;
+    responderIDType = ocsp_ResponderIDTypeByTag(derTag);
+    responderIDTemplate = ocsp_ResponderIDTemplateByType(responderIDType);
+
+    responderID = PORT_ArenaZAlloc(arena, sizeof(ocspResponderID));
+    if (responderID == NULL) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, responderID, responderIDTemplate,
+                                &responseData->derResponderID);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_BAD_DER)
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+        goto loser;
+    }
+
+    responderID->responderIDType = responderIDType;
+    responseData->responderID = responderID;
+
+    /*
+     * XXX Each SingleResponse also contains a CHOICE, which has to be
+     * fixed up by hand.
+     */
+    rv = ocsp_FinishDecodingSingleResponses(arena, responseData->responses);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(arena, mark);
+    return basicResponse;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+/*
+ * Decode the responseBytes based on the responseType found in "rbytes",
+ * leaving the resulting translated/decoded information in there as well.
+ */
+static SECStatus
+ocsp_DecodeResponseBytes(PLArenaPool *arena, ocspResponseBytes *rbytes)
+{
+    if (rbytes == NULL) {
+        PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
+        return SECFailure;
+    }
+
+    rbytes->responseTypeTag = SECOID_FindOIDTag(&rbytes->responseType);
+    switch (rbytes->responseTypeTag) {
+        case SEC_OID_PKIX_OCSP_BASIC_RESPONSE: {
+            ocspBasicOCSPResponse *basicResponse;
+
+            basicResponse = ocsp_DecodeBasicOCSPResponse(arena,
+                                                         &rbytes->response);
+            if (basicResponse == NULL)
+                return SECFailure;
+
+            rbytes->decodedResponse.basic = basicResponse;
+        } break;
+
+        /*
+	 * Add new/future response types here.
+	 */
+
+        default:
+            PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE);
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * FUNCTION: CERT_DecodeOCSPResponse
+ *   Decode a DER encoded OCSP Response.
+ * INPUTS:
+ *   SECItem *src
+ *     Pointer to a SECItem holding DER encoded OCSP Response.
+ * RETURN:
+ *   Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response);
+ *   the caller is responsible for destroying it.  Or NULL if error (either
+ *   response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
+ *   it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
+ *   or a low-level or internal error occurred).
+ */
+CERTOCSPResponse *
+CERT_DecodeOCSPResponse(const SECItem *src)
+{
+    PLArenaPool *arena = NULL;
+    CERTOCSPResponse *response = NULL;
+    SECStatus rv = SECFailure;
+    ocspResponseStatus sv;
+    SECItem newSrc;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+    response = (CERTOCSPResponse *)PORT_ArenaZAlloc(arena,
+                                                    sizeof(CERTOCSPResponse));
+    if (response == NULL) {
+        goto loser;
+    }
+    response->arena = arena;
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newSrc, src);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, response, ocsp_OCSPResponseTemplate, &newSrc);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_BAD_DER)
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+        goto loser;
+    }
+
+    sv = (ocspResponseStatus)DER_GetInteger(&response->responseStatus);
+    response->statusValue = sv;
+    if (sv != ocspResponse_successful) {
+        /*
+	 * If the response status is anything but successful, then we
+	 * are all done with decoding; the status is all there is.
+	 */
+        return response;
+    }
+
+    /*
+     * A successful response contains much more information, still encoded.
+     * Now we need to decode that.
+     */
+    rv = ocsp_DecodeResponseBytes(arena, response->responseBytes);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return response;
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+/*
+ * The way an OCSPResponse is defined, there are many levels to descend
+ * before getting to the actual response information.  And along the way
+ * we need to check that the response *type* is recognizable, which for
+ * now means that it is a BasicOCSPResponse, because that is the only
+ * type currently defined.  Rather than force all routines to perform
+ * a bunch of sanity checking every time they want to work on a response,
+ * this function isolates that and gives back the interesting part.
+ * Note that no copying is done, this just returns a pointer into the
+ * substructure of the response which is passed in.
+ *
+ * XXX This routine only works when a valid response structure is passed
+ * into it; this is checked with many assertions.  Assuming the response
+ * was creating by decoding, it wouldn't make it this far without being
+ * okay.  That is a sufficient assumption since the entire OCSP interface
+ * is only used internally.  When this interface is officially exported,
+ * each assertion below will need to be followed-up with setting an error
+ * and returning (null).
+ *
+ * FUNCTION: ocsp_GetResponseData
+ *   Returns ocspResponseData structure and a pointer to tbs response
+ *   data DER from a valid ocsp response.
+ * INPUTS:
+ *   CERTOCSPResponse *response
+ *     structure of a valid ocsp response
+ * RETURN:
+ *   Returns a pointer to ocspResponseData structure: decoded OCSP response
+ *   data, and a pointer(tbsResponseDataDER) to its undecoded data DER.
+ */
+ocspResponseData *
+ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER)
+{
+    ocspBasicOCSPResponse *basic;
+    ocspResponseData *responseData;
+
+    PORT_Assert(response != NULL);
+
+    PORT_Assert(response->responseBytes != NULL);
+
+    PORT_Assert(response->responseBytes->responseTypeTag ==
+                SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+
+    basic = response->responseBytes->decodedResponse.basic;
+    PORT_Assert(basic != NULL);
+
+    responseData = basic->tbsResponseData;
+    PORT_Assert(responseData != NULL);
+
+    if (tbsResponseDataDER) {
+        *tbsResponseDataDER = &basic->tbsResponseDataDER;
+
+        PORT_Assert((*tbsResponseDataDER)->data != NULL);
+        PORT_Assert((*tbsResponseDataDER)->len != 0);
+    }
+
+    return responseData;
+}
+
+/*
+ * Much like the routine above, except it returns the response signature.
+ * Again, no copy is done.
+ */
+ocspSignature *
+ocsp_GetResponseSignature(CERTOCSPResponse *response)
+{
+    ocspBasicOCSPResponse *basic;
+
+    PORT_Assert(response != NULL);
+    if (NULL == response->responseBytes) {
+        return NULL;
+    }
+    if (response->responseBytes->responseTypeTag !=
+        SEC_OID_PKIX_OCSP_BASIC_RESPONSE) {
+        return NULL;
+    }
+    basic = response->responseBytes->decodedResponse.basic;
+    PORT_Assert(basic != NULL);
+
+    return &(basic->responseSignature);
+}
+
+/*
+ * FUNCTION: CERT_DestroyOCSPResponse
+ *   Frees an OCSP Response structure.
+ * INPUTS:
+ *   CERTOCSPResponse *request
+ *     Pointer to CERTOCSPResponse to be freed.
+ * RETURN:
+ *   No return value; no errors.
+ */
+void
+CERT_DestroyOCSPResponse(CERTOCSPResponse *response)
+{
+    if (response != NULL) {
+        ocspSignature *signature = ocsp_GetResponseSignature(response);
+        if (signature && signature->cert != NULL)
+            CERT_DestroyCertificate(signature->cert);
+
+        /*
+	 * We should actually never have a response without an arena,
+	 * but check just in case.  (If there isn't one, there is not
+	 * much we can do about it...)
+	 */
+        PORT_Assert(response->arena != NULL);
+        if (response->arena != NULL) {
+            PORT_FreeArena(response->arena, PR_FALSE);
+        }
+    }
+}
+
+/*
+ * OVERALL OCSP CLIENT SUPPORT (make and send a request, verify a response):
+ */
+
+/*
+ * Pick apart a URL, saving the important things in the passed-in pointers.
+ *
+ * We expect to find "http://<hostname>[:<port>]/[path]", though we will
+ * tolerate that final slash character missing, as well as beginning and
+ * trailing whitespace, and any-case-characters for "http".  All of that
+ * tolerance is what complicates this routine.  What we want is just to
+ * pick out the hostname, the port, and the path.
+ *
+ * On a successful return, the caller will need to free the output pieces
+ * of hostname and path, which are copies of the values found in the url.
+ */
+static SECStatus
+ocsp_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath)
+{
+    unsigned short port = 80; /* default, in case not in url */
+    char *hostname = NULL;
+    char *path = NULL;
+    const char *save;
+    char c;
+    int len;
+
+    if (url == NULL)
+        goto loser;
+
+    /*
+     * Skip beginning whitespace.
+     */
+    c = *url;
+    while ((c == ' ' || c == '\t') && c != '\0') {
+        url++;
+        c = *url;
+    }
+    if (c == '\0')
+        goto loser;
+
+    /*
+     * Confirm, then skip, protocol.  (Since we only know how to do http,
+     * that is all we will accept).
+     */
+    if (PORT_Strncasecmp(url, "http://", 7) != 0)
+        goto loser;
+    url += 7;
+
+    /*
+     * Whatever comes next is the hostname (or host IP address).  We just
+     * save it aside and then search for its end so we can determine its
+     * length and copy it.
+     *
+     * XXX Note that because we treat a ':' as a terminator character
+     * (and below, we expect that to mean there is a port specification
+     * immediately following), we will not handle IPv6 addresses.  That is
+     * apparently an acceptable limitation, for the time being.  Some day,
+     * when there is a clear way to specify a URL with an IPv6 address that
+     * can be parsed unambiguously, this code should be made to do that.
+     */
+    save = url;
+    c = *url;
+    while (c != '/' && c != ':' && c != '\0' && c != ' ' && c != '\t') {
+        url++;
+        c = *url;
+    }
+    len = url - save;
+    hostname = PORT_Alloc(len + 1);
+    if (hostname == NULL)
+        goto loser;
+    PORT_Memcpy(hostname, save, len);
+    hostname[len] = '\0';
+
+    /*
+     * Now we figure out if there was a port specified or not.
+     * If so, we need to parse it (as a number) and skip it.
+     */
+    if (c == ':') {
+        url++;
+        port = (unsigned short)PORT_Atoi(url);
+        c = *url;
+        while (c != '/' && c != '\0' && c != ' ' && c != '\t') {
+            if (c < '0' || c > '9')
+                goto loser;
+            url++;
+            c = *url;
+        }
+    }
+
+    /*
+     * Last thing to find is a path.  There *should* be a slash,
+     * if nothing else -- but if there is not we provide one.
+     */
+    if (c == '/') {
+        save = url;
+        while (c != '\0' && c != ' ' && c != '\t') {
+            url++;
+            c = *url;
+        }
+        len = url - save;
+        path = PORT_Alloc(len + 1);
+        if (path == NULL)
+            goto loser;
+        PORT_Memcpy(path, save, len);
+        path[len] = '\0';
+    } else {
+        path = PORT_Strdup("/");
+        if (path == NULL)
+            goto loser;
+    }
+
+    *pHostname = hostname;
+    *pPort = port;
+    *pPath = path;
+    return SECSuccess;
+
+loser:
+    if (hostname != NULL)
+        PORT_Free(hostname);
+    PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    return SECFailure;
+}
+
+/*
+ * Open a socket to the specified host on the specified port, and return it.
+ * The host is either a hostname or an IP address.
+ */
+static PRFileDesc *
+ocsp_ConnectToHost(const char *host, PRUint16 port)
+{
+    PRFileDesc *sock = NULL;
+    PRIntervalTime timeout;
+    PRNetAddr addr;
+    char *netdbbuf = NULL;
+
+    sock = PR_NewTCPSocket();
+    if (sock == NULL)
+        goto loser;
+
+    /* XXX Some day need a way to set (and get?) the following value */
+    timeout = PR_SecondsToInterval(30);
+
+    /*
+     * If the following converts an IP address string in "dot notation"
+     * into a PRNetAddr.  If it fails, we assume that is because we do not
+     * have such an address, but instead a host *name*.  In that case we
+     * then lookup the host by name.  Using the NSPR function this way
+     * means we do not have to have our own logic for distinguishing a
+     * valid numerical IP address from a hostname.
+     */
+    if (PR_StringToNetAddr(host, &addr) != PR_SUCCESS) {
+        PRIntn hostIndex;
+        PRHostEnt hostEntry;
+
+        netdbbuf = PORT_Alloc(PR_NETDB_BUF_SIZE);
+        if (netdbbuf == NULL)
+            goto loser;
+
+        if (PR_GetHostByName(host, netdbbuf, PR_NETDB_BUF_SIZE,
+                             &hostEntry) != PR_SUCCESS)
+            goto loser;
+
+        hostIndex = 0;
+        do {
+            hostIndex = PR_EnumerateHostEnt(hostIndex, &hostEntry, port, &addr);
+            if (hostIndex <= 0)
+                goto loser;
+        } while (PR_Connect(sock, &addr, timeout) != PR_SUCCESS);
+
+        PORT_Free(netdbbuf);
+    } else {
+        /*
+	 * First put the port into the address, then connect.
+	 */
+        if (PR_InitializeNetAddr(PR_IpAddrNull, port, &addr) != PR_SUCCESS)
+            goto loser;
+        if (PR_Connect(sock, &addr, timeout) != PR_SUCCESS)
+            goto loser;
+    }
+
+    return sock;
+
+loser:
+    if (sock != NULL)
+        PR_Close(sock);
+    if (netdbbuf != NULL)
+        PORT_Free(netdbbuf);
+    return NULL;
+}
+
+/*
+ * Sends an encoded OCSP request to the server identified by "location",
+ * and returns the socket on which it was sent (so can listen for the reply).
+ * "location" is expected to be a valid URL -- an error parsing it produces
+ * SEC_ERROR_CERT_BAD_ACCESS_LOCATION.  Other errors are likely problems
+ * connecting to it, or writing to it, or allocating memory, and the low-level
+ * errors appropriate to the problem will be set.
+ * if (encodedRequest == NULL)
+ *   then location MUST already include the full request,
+ *        including base64 and urlencode,
+ *        and the request will be sent with GET
+ * if (encodedRequest != NULL)
+ *   then the request will be sent with POST
+ */
+static PRFileDesc *
+ocsp_SendEncodedRequest(const char *location, const SECItem *encodedRequest)
+{
+    char *hostname = NULL;
+    char *path = NULL;
+    PRUint16 port;
+    SECStatus rv;
+    PRFileDesc *sock = NULL;
+    PRFileDesc *returnSock = NULL;
+    char *header = NULL;
+    char portstr[16];
+
+    /*
+     * Take apart the location, getting the hostname, port, and path.
+     */
+    rv = ocsp_ParseURL(location, &hostname, &port, &path);
+    if (rv != SECSuccess)
+        goto loser;
+
+    PORT_Assert(hostname != NULL);
+    PORT_Assert(path != NULL);
+
+    sock = ocsp_ConnectToHost(hostname, port);
+    if (sock == NULL)
+        goto loser;
+
+    portstr[0] = '\0';
+    if (port != 80) {
+        PR_snprintf(portstr, sizeof(portstr), ":%d", port);
+    }
+
+    if (!encodedRequest) {
+        header = PR_smprintf("GET %s HTTP/1.0\r\n"
+                             "Host: %s%s\r\n\r\n",
+                             path, hostname, portstr);
+        if (header == NULL)
+            goto loser;
+
+        /*
+         * The NSPR documentation promises that if it can, it will write the full
+         * amount; this will not return a partial value expecting us to loop.
+         */
+        if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
+            goto loser;
+    } else {
+        header = PR_smprintf("POST %s HTTP/1.0\r\n"
+                             "Host: %s%s\r\n"
+                             "Content-Type: application/ocsp-request\r\n"
+                             "Content-Length: %u\r\n\r\n",
+                             path, hostname, portstr, encodedRequest->len);
+        if (header == NULL)
+            goto loser;
+
+        /*
+         * The NSPR documentation promises that if it can, it will write the full
+         * amount; this will not return a partial value expecting us to loop.
+         */
+        if (PR_Write(sock, header, (PRInt32)PORT_Strlen(header)) < 0)
+            goto loser;
+
+        if (PR_Write(sock, encodedRequest->data,
+                     (PRInt32)encodedRequest->len) < 0)
+            goto loser;
+    }
+
+    returnSock = sock;
+    sock = NULL;
+
+loser:
+    if (header != NULL)
+        PORT_Free(header);
+    if (sock != NULL)
+        PR_Close(sock);
+    if (path != NULL)
+        PORT_Free(path);
+    if (hostname != NULL)
+        PORT_Free(hostname);
+
+    return returnSock;
+}
+
+/*
+ * Read from "fd" into "buf" -- expect/attempt to read a given number of bytes
+ * Obviously, stop if hit end-of-stream. Timeout is passed in.
+ */
+
+static int
+ocsp_read(PRFileDesc *fd, char *buf, int toread, PRIntervalTime timeout)
+{
+    int total = 0;
+
+    while (total < toread) {
+        PRInt32 got;
+
+        got = PR_Recv(fd, buf + total, (PRInt32)(toread - total), 0, timeout);
+        if (got < 0) {
+            if (0 == total) {
+                total = -1; /* report the error if we didn't read anything yet */
+            }
+            break;
+        } else if (got == 0) { /* EOS */
+            break;
+        }
+
+        total += got;
+    }
+
+    return total;
+}
+
+#define OCSP_BUFSIZE 1024
+
+#define AbortHttpDecode(error)   \
+    {                            \
+        if (inBuffer)            \
+            PORT_Free(inBuffer); \
+        PORT_SetError(error);    \
+        return NULL;             \
+    }
+
+/*
+ * Reads on the given socket and returns an encoded response when received.
+ * Properly formatted HTTP/1.0 response headers are expected to be read
+ * from the socket, preceding a binary-encoded OCSP response.  Problems
+ * with parsing cause the error SEC_ERROR_OCSP_BAD_HTTP_RESPONSE to be
+ * set; any other problems are likely low-level i/o or memory allocation
+ * errors.
+ */
+static SECItem *
+ocsp_GetEncodedResponse(PLArenaPool *arena, PRFileDesc *sock)
+{
+    /* first read HTTP status line and headers */
+
+    char *inBuffer = NULL;
+    PRInt32 offset = 0;
+    PRInt32 inBufsize = 0;
+    const PRInt32 bufSizeIncrement = OCSP_BUFSIZE;   /* 1 KB at a time */
+    const PRInt32 maxBufSize = 8 * bufSizeIncrement; /* 8 KB max */
+    const char *CRLF = "\r\n";
+    const PRInt32 CRLFlen = strlen(CRLF);
+    const char *headerEndMark = "\r\n\r\n";
+    const PRInt32 markLen = strlen(headerEndMark);
+    const PRIntervalTime ocsptimeout =
+        PR_SecondsToInterval(30); /* hardcoded to 30s for now */
+    char *headerEnd = NULL;
+    PRBool EOS = PR_FALSE;
+    const char *httpprotocol = "HTTP/";
+    const PRInt32 httplen = strlen(httpprotocol);
+    const char *httpcode = NULL;
+    const char *contenttype = NULL;
+    PRInt32 contentlength = 0;
+    PRInt32 bytesRead = 0;
+    char *statusLineEnd = NULL;
+    char *space = NULL;
+    char *nextHeader = NULL;
+    SECItem *result = NULL;
+
+    /* read up to at least the end of the HTTP headers */
+    do {
+        inBufsize += bufSizeIncrement;
+        inBuffer = PORT_Realloc(inBuffer, inBufsize + 1);
+        if (NULL == inBuffer) {
+            AbortHttpDecode(SEC_ERROR_NO_MEMORY);
+        }
+        bytesRead = ocsp_read(sock, inBuffer + offset, bufSizeIncrement,
+                              ocsptimeout);
+        if (bytesRead > 0) {
+            PRInt32 searchOffset = (offset - markLen) > 0 ? offset - markLen : 0;
+            offset += bytesRead;
+            *(inBuffer + offset) = '\0'; /* NULL termination */
+            headerEnd = strstr((const char *)inBuffer + searchOffset, headerEndMark);
+            if (bytesRead < bufSizeIncrement) {
+                /* we read less data than requested, therefore we are at
+                   EOS or there was a read error */
+                EOS = PR_TRUE;
+            }
+        } else {
+            /* recv error or EOS */
+            EOS = PR_TRUE;
+        }
+    } while ((!headerEnd) && (PR_FALSE == EOS) &&
+             (inBufsize < maxBufSize));
+
+    if (!headerEnd) {
+        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+    }
+
+    /* parse the HTTP status line  */
+    statusLineEnd = strstr((const char *)inBuffer, CRLF);
+    if (!statusLineEnd) {
+        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+    }
+    *statusLineEnd = '\0';
+
+    /* check for HTTP/ response */
+    space = strchr((const char *)inBuffer, ' ');
+    if (!space || PORT_Strncasecmp((const char *)inBuffer, httpprotocol, httplen) != 0) {
+        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+    }
+
+    /* check the HTTP status code of 200 */
+    httpcode = space + 1;
+    space = strchr(httpcode, ' ');
+    if (!space) {
+        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+    }
+    *space = 0;
+    if (0 != strcmp(httpcode, "200")) {
+        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+    }
+
+    /* parse the HTTP headers in the buffer . We only care about
+       content-type and content-length
+    */
+
+    nextHeader = statusLineEnd + CRLFlen;
+    *headerEnd = '\0'; /* terminate */
+    do {
+        char *thisHeaderEnd = NULL;
+        char *value = NULL;
+        char *colon = strchr(nextHeader, ':');
+
+        if (!colon) {
+            AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+        }
+
+        *colon = '\0';
+        value = colon + 1;
+
+        /* jpierre - note : the following code will only handle the basic form
+           of HTTP/1.0 response headers, of the form "name: value" . Headers
+           split among multiple lines are not supported. This is not common
+           and should not be an issue, but it could become one in the
+           future */
+
+        if (*value != ' ') {
+            AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+        }
+
+        value++;
+        thisHeaderEnd = strstr(value, CRLF);
+        if (thisHeaderEnd) {
+            *thisHeaderEnd = '\0';
+        }
+
+        if (0 == PORT_Strcasecmp(nextHeader, "content-type")) {
+            contenttype = value;
+        } else if (0 == PORT_Strcasecmp(nextHeader, "content-length")) {
+            contentlength = atoi(value);
+        }
+
+        if (thisHeaderEnd) {
+            nextHeader = thisHeaderEnd + CRLFlen;
+        } else {
+            nextHeader = NULL;
+        }
+
+    } while (nextHeader && (nextHeader < (headerEnd + CRLFlen)));
+
+    /* check content-type */
+    if (!contenttype ||
+        (0 != PORT_Strcasecmp(contenttype, "application/ocsp-response"))) {
+        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+    }
+
+    /* read the body of the OCSP response */
+    offset = offset - (PRInt32)(headerEnd - (const char *)inBuffer) - markLen;
+    if (offset) {
+        /* move all data to the beginning of the buffer */
+        PORT_Memmove(inBuffer, headerEnd + markLen, offset);
+    }
+
+    /* resize buffer to only what's needed to hold the current response */
+    inBufsize = (1 + (offset - 1) / bufSizeIncrement) * bufSizeIncrement;
+
+    while ((PR_FALSE == EOS) &&
+           ((contentlength == 0) || (offset < contentlength)) &&
+           (inBufsize < maxBufSize)) {
+        /* we still need to receive more body data */
+        inBufsize += bufSizeIncrement;
+        inBuffer = PORT_Realloc(inBuffer, inBufsize + 1);
+        if (NULL == inBuffer) {
+            AbortHttpDecode(SEC_ERROR_NO_MEMORY);
+        }
+        bytesRead = ocsp_read(sock, inBuffer + offset, bufSizeIncrement,
+                              ocsptimeout);
+        if (bytesRead > 0) {
+            offset += bytesRead;
+            if (bytesRead < bufSizeIncrement) {
+                /* we read less data than requested, therefore we are at
+                   EOS or there was a read error */
+                EOS = PR_TRUE;
+            }
+        } else {
+            /* recv error or EOS */
+            EOS = PR_TRUE;
+        }
+    }
+
+    if (0 == offset) {
+        AbortHttpDecode(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+    }
+
+    /*
+     * Now allocate the item to hold the data.
+     */
+    result = SECITEM_AllocItem(arena, NULL, offset);
+    if (NULL == result) {
+        AbortHttpDecode(SEC_ERROR_NO_MEMORY);
+    }
+
+    /*
+     * And copy the data left in the buffer.
+     */
+    PORT_Memcpy(result->data, inBuffer, offset);
+
+    /* and free the temporary buffer */
+    PORT_Free(inBuffer);
+    return result;
+}
+
+SECStatus
+CERT_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath)
+{
+    return ocsp_ParseURL(url, pHostname, pPort, pPath);
+}
+
+/*
+ * Limit the size of http responses we are willing to accept.
+ */
+#define MAX_WANTED_OCSP_RESPONSE_LEN 64 * 1024
+
+/* if (encodedRequest == NULL)
+ *   then location MUST already include the full request,
+ *        including base64 and urlencode,
+ *        and the request will be sent with GET
+ * if (encodedRequest != NULL)
+ *   then the request will be sent with POST
+ */
+static SECItem *
+fetchOcspHttpClientV1(PLArenaPool *arena,
+                      const SEC_HttpClientFcnV1 *hcv1,
+                      const char *location,
+                      const SECItem *encodedRequest)
+{
+    char *hostname = NULL;
+    char *path = NULL;
+    PRUint16 port;
+    SECItem *encodedResponse = NULL;
+    SEC_HTTP_SERVER_SESSION pServerSession = NULL;
+    SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
+    PRUint16 myHttpResponseCode;
+    const char *myHttpResponseData;
+    PRUint32 myHttpResponseDataLen;
+
+    if (ocsp_ParseURL(location, &hostname, &port, &path) == SECFailure) {
+        PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
+        goto loser;
+    }
+
+    PORT_Assert(hostname != NULL);
+    PORT_Assert(path != NULL);
+
+    if ((*hcv1->createSessionFcn)(
+            hostname,
+            port,
+            &pServerSession) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
+        goto loser;
+    }
+
+    /* We use a non-zero timeout, which means:
+       - the client will use blocking I/O
+       - TryFcn will not return WOULD_BLOCK nor a poll descriptor
+       - it's sufficient to call TryFcn once
+       No lock for accessing OCSP_Global.timeoutSeconds, bug 406120
+    */
+
+    if ((*hcv1->createFcn)(
+            pServerSession,
+            "http",
+            path,
+            encodedRequest ? "POST" : "GET",
+            PR_TicksPerSecond() * OCSP_Global.timeoutSeconds,
+            &pRequestSession) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
+        goto loser;
+    }
+
+    if (encodedRequest &&
+        (*hcv1->setPostDataFcn)(
+            pRequestSession,
+            (char *)encodedRequest->data,
+            encodedRequest->len,
+            "application/ocsp-request") != SECSuccess) {
+        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
+        goto loser;
+    }
+
+    /* we don't want result objects larger than this: */
+    myHttpResponseDataLen = MAX_WANTED_OCSP_RESPONSE_LEN;
+
+    OCSP_TRACE(("OCSP trySendAndReceive %s\n", location));
+
+    if ((*hcv1->trySendAndReceiveFcn)(
+            pRequestSession,
+            NULL,
+            &myHttpResponseCode,
+            NULL,
+            NULL,
+            &myHttpResponseData,
+            &myHttpResponseDataLen) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
+        goto loser;
+    }
+
+    OCSP_TRACE(("OCSP trySendAndReceive result http %d\n", myHttpResponseCode));
+
+    if (myHttpResponseCode != 200) {
+        PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+        goto loser;
+    }
+
+    encodedResponse = SECITEM_AllocItem(arena, NULL, myHttpResponseDataLen);
+
+    if (!encodedResponse) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    PORT_Memcpy(encodedResponse->data, myHttpResponseData, myHttpResponseDataLen);
+
+loser:
+    if (pRequestSession != NULL)
+        (*hcv1->freeFcn)(pRequestSession);
+    if (pServerSession != NULL)
+        (*hcv1->freeSessionFcn)(pServerSession);
+    if (path != NULL)
+        PORT_Free(path);
+    if (hostname != NULL)
+        PORT_Free(hostname);
+
+    return encodedResponse;
+}
+
+/*
+ * FUNCTION: CERT_GetEncodedOCSPResponseByMethod
+ *   Creates and sends a request to an OCSP responder, then reads and
+ *   returns the (encoded) response.
+ * INPUTS:
+ *   PLArenaPool *arena
+ *     Pointer to arena from which return value will be allocated.
+ *     If NULL, result will be allocated from the heap (and thus should
+ *     be freed via SECITEM_FreeItem).
+ *   CERTCertList *certList
+ *     A list of certs for which status will be requested.
+ *     Note that all of these certificates should have the same issuer,
+ *     or it's expected the response will be signed by a trusted responder.
+ *     If the certs need to be broken up into multiple requests, that
+ *     must be handled by the caller (and thus by having multiple calls
+ *     to this routine), who knows about where the request(s) are being
+ *     sent and whether there are any trusted responders in place.
+ *   const char *location
+ *     The location of the OCSP responder (a URL).
+ *   const char *method
+ *     The protocol method used when retrieving the OCSP response.
+ *     Currently support: "GET" (http GET) and "POST" (http POST).
+ *     Additionals methods for http or other protocols might be added
+ *     in the future.
+ *   PRTime time
+ *     Indicates the time for which the certificate status is to be
+ *     determined -- this may be used in the search for the cert's issuer
+ *     but has no other bearing on the operation.
+ *   PRBool addServiceLocator
+ *     If true, the Service Locator extension should be added to the
+ *     single request(s) for each cert.
+ *   CERTCertificate *signerCert
+ *     If non-NULL, means sign the request using this cert.  Otherwise,
+ *     do not sign.
+ *   void *pwArg
+ *     Pointer to argument for password prompting, if needed.  (Definitely
+ *     not needed if not signing.)
+ * OUTPUTS:
+ *   CERTOCSPRequest **pRequest
+ *     Pointer in which to store the OCSP request created for the given
+ *     list of certificates.  It is only filled in if the entire operation
+ *     is successful and the pointer is not null -- and in that case the
+ *     caller is then reponsible for destroying it.
+ * RETURN:
+ *   Returns a pointer to the SECItem holding the response.
+ *   On error, returns null with error set describing the reason:
+ *	SEC_ERROR_UNKNOWN_ISSUER
+ *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
+ *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
+ *   Other errors are low-level problems (no memory, bad database, etc.).
+ */
+SECItem *
+CERT_GetEncodedOCSPResponseByMethod(PLArenaPool *arena, CERTCertList *certList,
+                                    const char *location, const char *method,
+                                    PRTime time, PRBool addServiceLocator,
+                                    CERTCertificate *signerCert, void *pwArg,
+                                    CERTOCSPRequest **pRequest)
+{
+    CERTOCSPRequest *request;
+    request = CERT_CreateOCSPRequest(certList, time, addServiceLocator,
+                                     signerCert);
+    if (!request)
+        return NULL;
+    return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location,
+                                                  method, time, addServiceLocator,
+                                                  pwArg, pRequest);
+}
+
+/*
+ * FUNCTION: CERT_GetEncodedOCSPResponse
+ *   Creates and sends a request to an OCSP responder, then reads and
+ *   returns the (encoded) response.
+ *
+ * This is a legacy API that behaves identically to
+ * CERT_GetEncodedOCSPResponseByMethod using the "POST" method.
+ */
+SECItem *
+CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
+                            const char *location, PRTime time,
+                            PRBool addServiceLocator,
+                            CERTCertificate *signerCert, void *pwArg,
+                            CERTOCSPRequest **pRequest)
+{
+    return CERT_GetEncodedOCSPResponseByMethod(arena, certList, location,
+                                               "POST", time, addServiceLocator,
+                                               signerCert, pwArg, pRequest);
+}
+
+/* URL encode a buffer that consists of base64-characters, only,
+ * which means we can use a simple encoding logic.
+ *
+ * No output buffer size checking is performed.
+ * You should call the function twice, to calculate the required buffer size.
+ *
+ * If the outpufBuf parameter is NULL, the function will calculate the
+ * required size, including the trailing zero termination char.
+ *
+ * The function returns the number of bytes calculated or produced.
+ */
+size_t
+ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf)
+{
+    const char *walkInput = NULL;
+    char *walkOutput = outputBuf;
+    size_t count = 0;
+
+    for (walkInput = base64Buf; *walkInput; ++walkInput) {
+        char c = *walkInput;
+        if (isspace(c))
+            continue;
+        switch (c) {
+            case '+':
+                if (outputBuf) {
+                    strcpy(walkOutput, "%2B");
+                    walkOutput += 3;
+                }
+                count += 3;
+                break;
+            case '/':
+                if (outputBuf) {
+                    strcpy(walkOutput, "%2F");
+                    walkOutput += 3;
+                }
+                count += 3;
+                break;
+            case '=':
+                if (outputBuf) {
+                    strcpy(walkOutput, "%3D");
+                    walkOutput += 3;
+                }
+                count += 3;
+                break;
+            default:
+                if (outputBuf) {
+                    *walkOutput = *walkInput;
+                    ++walkOutput;
+                }
+                ++count;
+                break;
+        }
+    }
+    if (outputBuf) {
+        *walkOutput = 0;
+    }
+    ++count;
+    return count;
+}
+
+enum { max_get_request_size = 255 }; /* defined by RFC2560 */
+
+static SECItem *
+cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
+                     const SECItem *encodedRequest);
+
+static SECItem *
+ocsp_GetEncodedOCSPResponseFromRequest(PLArenaPool *arena,
+                                       CERTOCSPRequest *request,
+                                       const char *location,
+                                       const char *method,
+                                       PRTime time,
+                                       PRBool addServiceLocator,
+                                       void *pwArg,
+                                       CERTOCSPRequest **pRequest)
+{
+    SECItem *encodedRequest = NULL;
+    SECItem *encodedResponse = NULL;
+    SECStatus rv;
+
+    if (!location || !*location) /* location should be at least one byte */
+        goto loser;
+
+    rv = CERT_AddOCSPAcceptableResponses(request,
+                                         SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+    if (rv != SECSuccess)
+        goto loser;
+
+    encodedRequest = CERT_EncodeOCSPRequest(NULL, request, pwArg);
+    if (encodedRequest == NULL)
+        goto loser;
+
+    if (!strcmp(method, "GET")) {
+        encodedResponse = cert_GetOCSPResponse(arena, location, encodedRequest);
+    } else if (!strcmp(method, "POST")) {
+        encodedResponse = CERT_PostOCSPRequest(arena, location, encodedRequest);
+    } else {
+        goto loser;
+    }
+
+    if (encodedResponse != NULL && pRequest != NULL) {
+        *pRequest = request;
+        request = NULL; /* avoid destroying below */
+    }
+
+loser:
+    if (request != NULL)
+        CERT_DestroyOCSPRequest(request);
+    if (encodedRequest != NULL)
+        SECITEM_FreeItem(encodedRequest, PR_TRUE);
+    return encodedResponse;
+}
+
+static SECItem *
+cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
+                       const SECItem *encodedRequest);
+
+/* using HTTP GET method */
+static SECItem *
+cert_GetOCSPResponse(PLArenaPool *arena, const char *location,
+                     const SECItem *encodedRequest)
+{
+    char *walkOutput = NULL;
+    char *fullGetPath = NULL;
+    size_t pathLength;
+    PRInt32 urlEncodedBufLength;
+    size_t base64size;
+    char b64ReqBuf[max_get_request_size + 1];
+    size_t slashLengthIfNeeded = 0;
+    size_t getURLLength;
+    SECItem *item;
+
+    if (!location || !*location) {
+        return NULL;
+    }
+
+    pathLength = strlen(location);
+    if (location[pathLength - 1] != '/') {
+        slashLengthIfNeeded = 1;
+    }
+
+    /* Calculation as documented by PL_Base64Encode function.
+     * Use integer conversion to avoid having to use function ceil().
+     */
+    base64size = (((encodedRequest->len + 2) / 3) * 4);
+    if (base64size > max_get_request_size) {
+        return NULL;
+    }
+    memset(b64ReqBuf, 0, sizeof(b64ReqBuf));
+    PL_Base64Encode((const char *)encodedRequest->data, encodedRequest->len,
+                    b64ReqBuf);
+
+    urlEncodedBufLength = ocsp_UrlEncodeBase64Buf(b64ReqBuf, NULL);
+    getURLLength = pathLength + urlEncodedBufLength + slashLengthIfNeeded;
+
+    /* urlEncodedBufLength already contains room for the zero terminator.
+     * Add another if we must add the '/' char.
+     */
+    if (arena) {
+        fullGetPath = (char *)PORT_ArenaAlloc(arena, getURLLength);
+    } else {
+        fullGetPath = (char *)PORT_Alloc(getURLLength);
+    }
+    if (!fullGetPath) {
+        return NULL;
+    }
+
+    strcpy(fullGetPath, location);
+    walkOutput = fullGetPath + pathLength;
+
+    if (walkOutput > fullGetPath && slashLengthIfNeeded) {
+        strcpy(walkOutput, "/");
+        ++walkOutput;
+    }
+    ocsp_UrlEncodeBase64Buf(b64ReqBuf, walkOutput);
+
+    item = cert_FetchOCSPResponse(arena, fullGetPath, NULL);
+    if (!arena) {
+        PORT_Free(fullGetPath);
+    }
+    return item;
+}
+
+SECItem *
+CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
+                     const SECItem *encodedRequest)
+{
+    return cert_FetchOCSPResponse(arena, location, encodedRequest);
+}
+
+SECItem *
+cert_FetchOCSPResponse(PLArenaPool *arena, const char *location,
+                       const SECItem *encodedRequest)
+{
+    const SEC_HttpClientFcn *registeredHttpClient;
+    SECItem *encodedResponse = NULL;
+
+    registeredHttpClient = SEC_GetRegisteredHttpClient();
+
+    if (registeredHttpClient && registeredHttpClient->version == 1) {
+        encodedResponse = fetchOcspHttpClientV1(
+            arena,
+            &registeredHttpClient->fcnTable.ftable1,
+            location,
+            encodedRequest);
+    } else {
+        /* use internal http client */
+        PRFileDesc *sock = ocsp_SendEncodedRequest(location, encodedRequest);
+        if (sock) {
+            encodedResponse = ocsp_GetEncodedResponse(arena, sock);
+            PR_Close(sock);
+        }
+    }
+
+    return encodedResponse;
+}
+
+static SECItem *
+ocsp_GetEncodedOCSPResponseForSingleCert(PLArenaPool *arena,
+                                         CERTOCSPCertID *certID,
+                                         CERTCertificate *singleCert,
+                                         const char *location,
+                                         const char *method,
+                                         PRTime time,
+                                         PRBool addServiceLocator,
+                                         void *pwArg,
+                                         CERTOCSPRequest **pRequest)
+{
+    CERTOCSPRequest *request;
+    request = cert_CreateSingleCertOCSPRequest(certID, singleCert, time,
+                                               addServiceLocator, NULL);
+    if (!request)
+        return NULL;
+    return ocsp_GetEncodedOCSPResponseFromRequest(arena, request, location,
+                                                  method, time, addServiceLocator,
+                                                  pwArg, pRequest);
+}
+
+/* Checks a certificate for the key usage extension of OCSP signer. */
+static PRBool
+ocsp_CertIsOCSPDesignatedResponder(CERTCertificate *cert)
+{
+    SECStatus rv;
+    SECItem extItem;
+    SECItem **oids;
+    SECItem *oid;
+    SECOidTag oidTag;
+    PRBool retval;
+    CERTOidSequence *oidSeq = NULL;
+
+    extItem.data = NULL;
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, &extItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    oidSeq = CERT_DecodeOidSequence(&extItem);
+    if (oidSeq == NULL) {
+        goto loser;
+    }
+
+    oids = oidSeq->oids;
+    while (*oids != NULL) {
+        oid = *oids;
+
+        oidTag = SECOID_FindOIDTag(oid);
+
+        if (oidTag == SEC_OID_OCSP_RESPONDER) {
+            goto success;
+        }
+
+        oids++;
+    }
+
+loser:
+    retval = PR_FALSE;
+    PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
+    goto done;
+success:
+    retval = PR_TRUE;
+done:
+    if (extItem.data != NULL) {
+        PORT_Free(extItem.data);
+    }
+    if (oidSeq != NULL) {
+        CERT_DestroyOidSequence(oidSeq);
+    }
+
+    return (retval);
+}
+
+#ifdef LATER /*                                                    \
+              * XXX This function is not currently used, but will  \
+              * be needed later when we do revocation checking of  \
+              * the responder certificate.  Of course, it may need \
+              * revising then, if the cert extension interface has \
+              * changed.  (Hopefully it will!)                     \
+              */
+
+/* Checks a certificate to see if it has the OCSP no check extension. */
+static PRBool
+ocsp_CertHasNoCheckExtension(CERTCertificate *cert)
+{
+    SECStatus rv;
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_PKIX_OCSP_NO_CHECK,
+                                NULL);
+    if (rv == SECSuccess) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+#endif /* LATER */
+
+static PRBool
+ocsp_matchcert(SECItem *certIndex, CERTCertificate *testCert)
+{
+    SECItem item;
+    unsigned char buf[HASH_LENGTH_MAX];
+
+    item.data = buf;
+    item.len = SHA1_LENGTH;
+
+    if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_SHA1,
+                                       &item) == NULL) {
+        return PR_FALSE;
+    }
+    if (SECITEM_ItemsAreEqual(certIndex, &item)) {
+        return PR_TRUE;
+    }
+    if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_MD5,
+                                       &item) == NULL) {
+        return PR_FALSE;
+    }
+    if (SECITEM_ItemsAreEqual(certIndex, &item)) {
+        return PR_TRUE;
+    }
+    if (CERT_GetSubjectPublicKeyDigest(NULL, testCert, SEC_OID_MD2,
+                                       &item) == NULL) {
+        return PR_FALSE;
+    }
+    if (SECITEM_ItemsAreEqual(certIndex, &item)) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+static CERTCertificate *
+ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle, CERTOCSPCertID *certID);
+
+CERTCertificate *
+ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
+                          ocspSignature *signature, CERTCertificate *issuer)
+{
+    CERTCertificate **certs = NULL;
+    CERTCertificate *signerCert = NULL;
+    SECStatus rv = SECFailure;
+    PRBool lookupByName = PR_TRUE;
+    void *certIndex = NULL;
+    int certCount = 0;
+
+    PORT_Assert(tbsData->responderID != NULL);
+    switch (tbsData->responderID->responderIDType) {
+        case ocspResponderID_byName:
+            lookupByName = PR_TRUE;
+            certIndex = &tbsData->derResponderID;
+            break;
+        case ocspResponderID_byKey:
+            lookupByName = PR_FALSE;
+            certIndex = &tbsData->responderID->responderIDValue.keyHash;
+            break;
+        case ocspResponderID_other:
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+            return NULL;
+    }
+
+    /*
+     * If the signature contains some certificates as well, temporarily
+     * import them in case they are needed for verification.
+     *
+     * Note that the result of this is that each cert in "certs" needs
+     * to be destroyed.
+     */
+    if (signature->derCerts != NULL) {
+        for (; signature->derCerts[certCount] != NULL; certCount++) {
+            /* just counting */
+        }
+        rv = CERT_ImportCerts(handle, certUsageStatusResponder, certCount,
+                              signature->derCerts, &certs,
+                              PR_FALSE, PR_FALSE, NULL);
+        if (rv != SECSuccess)
+            goto finish;
+    }
+
+    /*
+     * Now look up the certificate that did the signing.
+     * The signer can be specified either by name or by key hash.
+     */
+    if (lookupByName) {
+        SECItem *crIndex = (SECItem *)certIndex;
+        SECItem encodedName;
+        PLArenaPool *arena;
+
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena != NULL) {
+
+            rv = SEC_QuickDERDecodeItem(arena, &encodedName,
+                                        ocsp_ResponderIDDerNameTemplate,
+                                        crIndex);
+            if (rv != SECSuccess) {
+                if (PORT_GetError() == SEC_ERROR_BAD_DER)
+                    PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+            } else {
+                signerCert = CERT_FindCertByName(handle, &encodedName);
+            }
+            PORT_FreeArena(arena, PR_FALSE);
+        }
+    } else {
+        /*
+    	 * The signer is either 1) a known issuer CA we passed in,
+    	 * 2) the default OCSP responder, or 3) an intermediate CA
+    	 * passed in the cert list to use. Figure out which it is.
+    	 */
+        int i;
+        CERTCertificate *responder =
+            ocsp_CertGetDefaultResponder(handle, NULL);
+        if (responder && ocsp_matchcert(certIndex, responder)) {
+            signerCert = CERT_DupCertificate(responder);
+        } else if (issuer && ocsp_matchcert(certIndex, issuer)) {
+            signerCert = CERT_DupCertificate(issuer);
+        }
+        for (i = 0; (signerCert == NULL) && (i < certCount); i++) {
+            if (ocsp_matchcert(certIndex, certs[i])) {
+                signerCert = CERT_DupCertificate(certs[i]);
+            }
+        }
+        if (signerCert == NULL) {
+            PORT_SetError(SEC_ERROR_UNKNOWN_CERT);
+        }
+    }
+
+finish:
+    if (certs != NULL) {
+        CERT_DestroyCertArray(certs, certCount);
+    }
+
+    return signerCert;
+}
+
+SECStatus
+ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
+                             ocspSignature *signature,
+                             SECItem *tbsResponseDataDER,
+                             void *pwArg)
+{
+    SECKEYPublicKey *signerKey = NULL;
+    SECStatus rv = SECFailure;
+    CERTSignedData signedData;
+
+    /*
+     * Now get the public key from the signer's certificate; we need
+     * it to perform the verification.
+     */
+    signerKey = CERT_ExtractPublicKey(signerCert);
+    if (signerKey == NULL) {
+        return SECFailure;
+    }
+
+    /*
+     * We copy the signature data *pointer* and length, so that we can
+     * modify the length without damaging the original copy.  This is a
+     * simple copy, not a dup, so no destroy/free is necessary.
+     */
+    signedData.signature = signature->signature;
+    signedData.signatureAlgorithm = signature->signatureAlgorithm;
+    signedData.data = *tbsResponseDataDER;
+
+    rv = CERT_VerifySignedDataWithPublicKey(&signedData, signerKey, pwArg);
+    if (rv != SECSuccess &&
+        (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE ||
+         PORT_GetError() == SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED)) {
+        PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE);
+    }
+
+    if (signerKey != NULL) {
+        SECKEY_DestroyPublicKey(signerKey);
+    }
+
+    return rv;
+}
+
+/*
+ * FUNCTION: CERT_VerifyOCSPResponseSignature
+ *   Check the signature on an OCSP Response.  Will also perform a
+ *   verification of the signer's certificate.  Note, however, that a
+ *   successful verification does not make any statement about the
+ *   signer's *authority* to provide status for the certificate(s),
+ *   that must be checked individually for each certificate.
+ * INPUTS:
+ *   CERTOCSPResponse *response
+ *     Pointer to response structure with signature to be checked.
+ *   CERTCertDBHandle *handle
+ *     Pointer to CERTCertDBHandle for certificate DB to use for verification.
+ *   void *pwArg
+ *     Pointer to argument for password prompting, if needed.
+ * OUTPUTS:
+ *   CERTCertificate **pSignerCert
+ *     Pointer in which to store signer's certificate; only filled-in if
+ *     non-null.
+ * RETURN:
+ *   Returns SECSuccess when signature is valid, anything else means invalid.
+ *   Possible errors set:
+ *	SEC_ERROR_OCSP_MALFORMED_RESPONSE - unknown type of ResponderID
+ *	SEC_ERROR_INVALID_TIME - bad format of "ProducedAt" time
+ *	SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found
+ *	SEC_ERROR_BAD_SIGNATURE - the signature did not verify
+ *   Other errors are any of the many possible failures in cert verification
+ *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
+ *   verifying the signer's cert, or low-level problems (no memory, etc.)
+ */
+SECStatus
+CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
+                                 CERTCertDBHandle *handle, void *pwArg,
+                                 CERTCertificate **pSignerCert,
+                                 CERTCertificate *issuer)
+{
+    SECItem *tbsResponseDataDER;
+    CERTCertificate *signerCert = NULL;
+    SECStatus rv = SECFailure;
+    PRTime producedAt;
+
+    /* ocsp_DecodeBasicOCSPResponse will fail if asn1 decoder is unable
+     * to properly decode tbsData (see the function and
+     * ocsp_BasicOCSPResponseTemplate). Thus, tbsData can not be
+     * equal to null */
+    ocspResponseData *tbsData = ocsp_GetResponseData(response,
+                                                     &tbsResponseDataDER);
+    ocspSignature *signature = ocsp_GetResponseSignature(response);
+
+    if (!signature) {
+        PORT_SetError(SEC_ERROR_OCSP_BAD_SIGNATURE);
+        return SECFailure;
+    }
+
+    /*
+     * If this signature has already gone through verification, just
+     * return the cached result.
+     */
+    if (signature->wasChecked) {
+        if (signature->status == SECSuccess) {
+            if (pSignerCert != NULL)
+                *pSignerCert = CERT_DupCertificate(signature->cert);
+        } else {
+            PORT_SetError(signature->failureReason);
+        }
+        return signature->status;
+    }
+
+    signerCert = ocsp_GetSignerCertificate(handle, tbsData,
+                                           signature, issuer);
+    if (signerCert == NULL) {
+        rv = SECFailure;
+        if (PORT_GetError() == SEC_ERROR_UNKNOWN_CERT) {
+            /* Make the error a little more specific. */
+            PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
+        }
+        goto finish;
+    }
+
+    /*
+     * We could mark this true at the top of this function, or always
+     * below at "finish", but if the problem was just that we could not
+     * find the signer's cert, leave that as if the signature hasn't
+     * been checked in case a subsequent call might have better luck.
+     */
+    signature->wasChecked = PR_TRUE;
+
+    /*
+     * The function will also verify the signer certificate; we
+     * need to tell it *when* that certificate must be valid -- for our
+     * purposes we expect it to be valid when the response was signed.
+     * The value of "producedAt" is the signing time.
+     */
+    rv = DER_GeneralizedTimeToTime(&producedAt, &tbsData->producedAt);
+    if (rv != SECSuccess)
+        goto finish;
+
+    /*
+     * Just because we have a cert does not mean it is any good; check
+     * it for validity, trust and usage.
+     */
+    if (!ocsp_CertIsOCSPDefaultResponder(handle, signerCert)) {
+        SECCertUsage certUsage;
+        if (CERT_IsCACert(signerCert, NULL)) {
+            certUsage = certUsageAnyCA;
+        } else {
+            certUsage = certUsageStatusResponder;
+        }
+        rv = cert_VerifyCertWithFlags(handle, signerCert, PR_TRUE, certUsage,
+                                      producedAt, CERT_VERIFYCERT_SKIP_OCSP,
+                                      pwArg, NULL);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
+            goto finish;
+        }
+    }
+
+    rv = ocsp_VerifyResponseSignature(signerCert, signature,
+                                      tbsResponseDataDER,
+                                      pwArg);
+
+finish:
+    if (signature->wasChecked)
+        signature->status = rv;
+
+    if (rv != SECSuccess) {
+        signature->failureReason = PORT_GetError();
+        if (signerCert != NULL)
+            CERT_DestroyCertificate(signerCert);
+    } else {
+        /*
+    	 * Save signer's certificate in signature.
+    	 */
+        signature->cert = signerCert;
+        if (pSignerCert != NULL) {
+            /*
+    	     * Pass pointer to signer's certificate back to our caller,
+    	     * who is also now responsible for destroying it.
+    	     */
+            *pSignerCert = CERT_DupCertificate(signerCert);
+        }
+    }
+
+    return rv;
+}
+
+/*
+ * See if the request's certID and the single response's certID match.
+ * This can be easy or difficult, depending on whether the same hash
+ * algorithm was used.
+ */
+static PRBool
+ocsp_CertIDsMatch(CERTOCSPCertID *requestCertID,
+                  CERTOCSPCertID *responseCertID)
+{
+    PRBool match = PR_FALSE;
+    SECOidTag hashAlg;
+    SECItem *keyHash = NULL;
+    SECItem *nameHash = NULL;
+
+    /*
+     * In order to match, they must have the same issuer and the same
+     * serial number.
+     *
+     * We just compare the easier things first.
+     */
+    if (SECITEM_CompareItem(&requestCertID->serialNumber,
+                            &responseCertID->serialNumber) != SECEqual) {
+        goto done;
+    }
+
+    /*
+     * Make sure the "parameters" are not too bogus.  Since we encoded
+     * requestCertID->hashAlgorithm, we don't need to check it.
+     */
+    if (responseCertID->hashAlgorithm.parameters.len > 2) {
+        goto done;
+    }
+    if (SECITEM_CompareItem(&requestCertID->hashAlgorithm.algorithm,
+                            &responseCertID->hashAlgorithm.algorithm) ==
+        SECEqual) {
+        /*
+    	 * If the hash algorithms match then we can do a simple compare
+    	 * of the hash values themselves.
+    	 */
+        if ((SECITEM_CompareItem(&requestCertID->issuerNameHash,
+                                 &responseCertID->issuerNameHash) == SECEqual) &&
+            (SECITEM_CompareItem(&requestCertID->issuerKeyHash,
+                                 &responseCertID->issuerKeyHash) == SECEqual)) {
+            match = PR_TRUE;
+        }
+        goto done;
+    }
+
+    hashAlg = SECOID_FindOIDTag(&responseCertID->hashAlgorithm.algorithm);
+    switch (hashAlg) {
+        case SEC_OID_SHA1:
+            keyHash = &requestCertID->issuerSHA1KeyHash;
+            nameHash = &requestCertID->issuerSHA1NameHash;
+            break;
+        case SEC_OID_MD5:
+            keyHash = &requestCertID->issuerMD5KeyHash;
+            nameHash = &requestCertID->issuerMD5NameHash;
+            break;
+        case SEC_OID_MD2:
+            keyHash = &requestCertID->issuerMD2KeyHash;
+            nameHash = &requestCertID->issuerMD2NameHash;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            return PR_FALSE;
+    }
+
+    if ((keyHash != NULL) &&
+        (SECITEM_CompareItem(nameHash,
+                             &responseCertID->issuerNameHash) == SECEqual) &&
+        (SECITEM_CompareItem(keyHash,
+                             &responseCertID->issuerKeyHash) == SECEqual)) {
+        match = PR_TRUE;
+    }
+
+done:
+    return match;
+}
+
+/*
+ * Find the single response for the cert specified by certID.
+ * No copying is done; this just returns a pointer to the appropriate
+ * response within responses, if it is found (and null otherwise).
+ * This is fine, of course, since this function is internal-use only.
+ */
+static CERTOCSPSingleResponse *
+ocsp_GetSingleResponseForCertID(CERTOCSPSingleResponse **responses,
+                                CERTCertDBHandle *handle,
+                                CERTOCSPCertID *certID)
+{
+    CERTOCSPSingleResponse *single;
+    int i;
+
+    if (responses == NULL)
+        return NULL;
+
+    for (i = 0; responses[i] != NULL; i++) {
+        single = responses[i];
+        if (ocsp_CertIDsMatch(certID, single->certID)) {
+            return single;
+        }
+    }
+
+    /*
+     * The OCSP server should have included a response even if it knew
+     * nothing about the certificate in question.  Since it did not,
+     * this will make it look as if it had.
+     *
+     * XXX Should we make this a separate error to notice the server's
+     * bad behavior?
+     */
+    PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
+    return NULL;
+}
+
+static ocspCheckingContext *
+ocsp_GetCheckingContext(CERTCertDBHandle *handle)
+{
+    CERTStatusConfig *statusConfig;
+    ocspCheckingContext *ocspcx = NULL;
+
+    statusConfig = CERT_GetStatusConfig(handle);
+    if (statusConfig != NULL) {
+        ocspcx = statusConfig->statusContext;
+
+        /*
+    	 * This is actually an internal error, because we should never
+    	 * have a good statusConfig without a good statusContext, too.
+    	 * For lack of anything better, though, we just assert and use
+    	 * the same error as if there were no statusConfig (set below).
+    	 */
+        PORT_Assert(ocspcx != NULL);
+    }
+
+    if (ocspcx == NULL)
+        PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
+
+    return ocspcx;
+}
+
+/*
+ * Return cert reference if the given signerCert is the default responder for
+ * the given certID.  If not, or if any error, return NULL.
+ */
+static CERTCertificate *
+ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle, CERTOCSPCertID *certID)
+{
+    ocspCheckingContext *ocspcx;
+
+    ocspcx = ocsp_GetCheckingContext(handle);
+    if (ocspcx == NULL)
+        goto loser;
+
+    /*
+     * Right now we have only one default responder.  It applies to
+     * all certs when it is used, so the check is simple and certID
+     * has no bearing on the answer.  Someday in the future we may
+     * allow configuration of different responders for different
+     * issuers, and then we would have to use the issuer specified
+     * in certID to determine if signerCert is the right one.
+     */
+    if (ocspcx->useDefaultResponder) {
+        PORT_Assert(ocspcx->defaultResponderCert != NULL);
+        return ocspcx->defaultResponderCert;
+    }
+
+loser:
+    return NULL;
+}
+
+/*
+ * Return true if the cert is one of the default responders configured for
+ * ocsp context. If not, or if any error, return false.
+ */
+PRBool
+ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert)
+{
+    ocspCheckingContext *ocspcx;
+
+    ocspcx = ocsp_GetCheckingContext(handle);
+    if (ocspcx == NULL)
+        return PR_FALSE;
+
+    /*
+     * Right now we have only one default responder.  It applies to
+     * all certs when it is used, so the check is simple and certID
+     * has no bearing on the answer.  Someday in the future we may
+     * allow configuration of different responders for different
+     * issuers, and then we would have to use the issuer specified
+     * in certID to determine if signerCert is the right one.
+     */
+    if (ocspcx->useDefaultResponder &&
+        CERT_CompareCerts(ocspcx->defaultResponderCert, cert)) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+/*
+ * Check that the given signer certificate is authorized to sign status
+ * information for the given certID.  Return true if it is, false if not
+ * (or if there is any error along the way).  If false is returned because
+ * the signer is not authorized, the following error will be set:
+ *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
+ * Other errors are low-level problems (no memory, bad database, etc.).
+ *
+ * There are three ways to be authorized.  In the order in which we check,
+ * using the terms used in the OCSP spec, the signer must be one of:
+ *  1.  A "trusted responder" -- it matches a local configuration
+ *      of OCSP signing authority for the certificate in question.
+ *  2.  The CA who issued the certificate in question.
+ *  3.  A "CA designated responder", aka an "authorized responder" -- it
+ *      must be represented by a special cert issued by the CA who issued
+ *      the certificate in question.
+ */
+static PRBool
+ocsp_AuthorizedResponderForCertID(CERTCertDBHandle *handle,
+                                  CERTCertificate *signerCert,
+                                  CERTOCSPCertID *certID,
+                                  PRTime thisUpdate)
+{
+    CERTCertificate *issuerCert = NULL, *defRespCert;
+    SECItem *keyHash = NULL;
+    SECItem *nameHash = NULL;
+    SECOidTag hashAlg;
+    PRBool keyHashEQ = PR_FALSE, nameHashEQ = PR_FALSE;
+
+    /*
+     * Check first for a trusted responder, which overrides everything else.
+     */
+    if ((defRespCert = ocsp_CertGetDefaultResponder(handle, certID)) &&
+        CERT_CompareCerts(defRespCert, signerCert)) {
+        return PR_TRUE;
+    }
+
+    /*
+     * In the other two cases, we need to do an issuer comparison.
+     * How we do it depends on whether the signer certificate has the
+     * special extension (for a designated responder) or not.
+     *
+     * First, lets check if signer of the response is the actual issuer
+     * of the cert. For that we will use signer cert key hash and cert subj
+     * name hash and will compare them with already calculated issuer key
+     * hash and issuer name hash. The hash algorithm is picked from response
+     * certID hash to avoid second hash calculation.
+     */
+
+    hashAlg = SECOID_FindOIDTag(&certID->hashAlgorithm.algorithm);
+
+    keyHash = CERT_GetSubjectPublicKeyDigest(NULL, signerCert, hashAlg, NULL);
+    if (keyHash != NULL) {
+
+        keyHashEQ =
+            (SECITEM_CompareItem(keyHash,
+                                 &certID->issuerKeyHash) == SECEqual);
+        SECITEM_FreeItem(keyHash, PR_TRUE);
+    }
+    if (keyHashEQ &&
+        (nameHash = CERT_GetSubjectNameDigest(NULL, signerCert,
+                                              hashAlg, NULL))) {
+        nameHashEQ =
+            (SECITEM_CompareItem(nameHash,
+                                 &certID->issuerNameHash) == SECEqual);
+
+        SECITEM_FreeItem(nameHash, PR_TRUE);
+        if (nameHashEQ) {
+            /* The issuer of the cert is the the signer of the response */
+            return PR_TRUE;
+        }
+    }
+
+    keyHashEQ = PR_FALSE;
+    nameHashEQ = PR_FALSE;
+
+    if (!ocsp_CertIsOCSPDesignatedResponder(signerCert)) {
+        PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
+        return PR_FALSE;
+    }
+
+    /*
+     * The signer is a designated responder.  Its issuer must match
+     * the issuer of the cert being checked.
+     */
+    issuerCert = CERT_FindCertIssuer(signerCert, thisUpdate,
+                                     certUsageAnyCA);
+    if (issuerCert == NULL) {
+        /*
+         * We could leave the SEC_ERROR_UNKNOWN_ISSUER error alone,
+         * but the following will give slightly more information.
+         * Once we have an error stack, things will be much better.
+         */
+        PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
+        return PR_FALSE;
+    }
+
+    keyHash = CERT_GetSubjectPublicKeyDigest(NULL, issuerCert, hashAlg, NULL);
+    nameHash = CERT_GetSubjectNameDigest(NULL, issuerCert, hashAlg, NULL);
+
+    CERT_DestroyCertificate(issuerCert);
+
+    if (keyHash != NULL && nameHash != NULL) {
+        keyHashEQ =
+            (SECITEM_CompareItem(keyHash,
+                                 &certID->issuerKeyHash) == SECEqual);
+
+        nameHashEQ =
+            (SECITEM_CompareItem(nameHash,
+                                 &certID->issuerNameHash) == SECEqual);
+    }
+
+    if (keyHash) {
+        SECITEM_FreeItem(keyHash, PR_TRUE);
+    }
+    if (nameHash) {
+        SECITEM_FreeItem(nameHash, PR_TRUE);
+    }
+
+    if (keyHashEQ && nameHashEQ) {
+        return PR_TRUE;
+    }
+
+    PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE);
+    return PR_FALSE;
+}
+
+/*
+ * We need to check that a responder gives us "recent" information.
+ * Since a responder can pre-package responses, we need to pick an amount
+ * of time that is acceptable to us, and reject any response that is
+ * older than that.
+ *
+ * XXX This *should* be based on some configuration parameter, so that
+ * different usages could specify exactly what constitutes "sufficiently
+ * recent".  But that is not going to happen right away.  For now, we
+ * want something from within the last 24 hours.  This macro defines that
+ * number in seconds.
+ */
+#define OCSP_ALLOWABLE_LAPSE_SECONDS (24L * 60L * 60L)
+
+static PRBool
+ocsp_TimeIsRecent(PRTime checkTime)
+{
+    PRTime now = PR_Now();
+    PRTime lapse, tmp;
+
+    LL_I2L(lapse, OCSP_ALLOWABLE_LAPSE_SECONDS);
+    LL_I2L(tmp, PR_USEC_PER_SEC);
+    LL_MUL(lapse, lapse, tmp); /* allowable lapse in microseconds */
+
+    LL_ADD(checkTime, checkTime, lapse);
+    if (LL_CMP(now, >, checkTime))
+        return PR_FALSE;
+
+    return PR_TRUE;
+}
+
+#define OCSP_SLOP (5L * 60L) /* OCSP responses are allowed to be 5 minutes \
+                                in the future by default */
+
+static PRUint32 ocspsloptime = OCSP_SLOP; /* seconds */
+
+/*
+ * If an old response contains the revoked certificate status, we want
+ * to return SECSuccess so the response will be used.
+ */
+static SECStatus
+ocsp_HandleOldSingleResponse(CERTOCSPSingleResponse *single, PRTime time)
+{
+    SECStatus rv;
+    ocspCertStatus *status = single->certStatus;
+    if (status->certStatusType == ocspCertStatus_revoked) {
+        rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
+        if (rv != SECSuccess &&
+            PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE) {
+            /*
+             * Return SECSuccess now.  The subsequent ocsp_CertRevokedAfter
+             * call in ocsp_CertHasGoodStatus will cause
+             * ocsp_CertHasGoodStatus to fail with
+             * SEC_ERROR_REVOKED_CERTIFICATE.
+             */
+            return SECSuccess;
+        }
+    }
+    PORT_SetError(SEC_ERROR_OCSP_OLD_RESPONSE);
+    return SECFailure;
+}
+
+/*
+ * Check that this single response is okay.  A return of SECSuccess means:
+ *   1. The signer (represented by "signerCert") is authorized to give status
+ *	for the cert represented by the individual response in "single".
+ *   2. The value of thisUpdate is earlier than now.
+ *   3. The value of producedAt is later than or the same as thisUpdate.
+ *   4. If nextUpdate is given:
+ *	- The value of nextUpdate is later than now.
+ *	- The value of producedAt is earlier than nextUpdate.
+ *	Else if no nextUpdate:
+ *	- The value of thisUpdate is fairly recent.
+ *	- The value of producedAt is fairly recent.
+ *	However we do not need to perform an explicit check for this last
+ *	constraint because it is already guaranteed by checking that
+ *	producedAt is later than thisUpdate and thisUpdate is recent.
+ * Oh, and any responder is "authorized" to say that a cert is unknown to it.
+ *
+ * If any of those checks fail, SECFailure is returned and an error is set:
+ *	SEC_ERROR_OCSP_FUTURE_RESPONSE
+ *	SEC_ERROR_OCSP_OLD_RESPONSE
+ *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
+ * Other errors are low-level problems (no memory, bad database, etc.).
+ */
+static SECStatus
+ocsp_VerifySingleResponse(CERTOCSPSingleResponse *single,
+                          CERTCertDBHandle *handle,
+                          CERTCertificate *signerCert,
+                          PRTime producedAt)
+{
+    CERTOCSPCertID *certID = single->certID;
+    PRTime now, thisUpdate, nextUpdate, tmstamp, tmp;
+    SECStatus rv;
+
+    OCSP_TRACE(("OCSP ocsp_VerifySingleResponse, nextUpdate: %d\n",
+                ((single->nextUpdate) != 0)));
+    /*
+     * If all the responder said was that the given cert was unknown to it,
+     * that is a valid response.  Not very interesting to us, of course,
+     * but all this function is concerned with is validity of the response,
+     * not the status of the cert.
+     */
+    PORT_Assert(single->certStatus != NULL);
+    if (single->certStatus->certStatusType == ocspCertStatus_unknown)
+        return SECSuccess;
+
+    /*
+     * We need to extract "thisUpdate" for use below and to pass along
+     * to AuthorizedResponderForCertID in case it needs it for doing an
+     * issuer look-up.
+     */
+    rv = DER_GeneralizedTimeToTime(&thisUpdate, &single->thisUpdate);
+    if (rv != SECSuccess)
+        return rv;
+
+    /*
+     * First confirm that signerCert is authorized to give this status.
+     */
+    if (ocsp_AuthorizedResponderForCertID(handle, signerCert, certID,
+                                          thisUpdate) != PR_TRUE)
+        return SECFailure;
+
+    /*
+     * Now check the time stuff, as described above.
+     */
+    now = PR_Now();
+    /* allow slop time for future response */
+    LL_UI2L(tmstamp, ocspsloptime); /* get slop time in seconds */
+    LL_UI2L(tmp, PR_USEC_PER_SEC);
+    LL_MUL(tmp, tmstamp, tmp); /* convert the slop time to PRTime */
+    LL_ADD(tmstamp, tmp, now); /* add current time to it */
+
+    if (LL_CMP(thisUpdate, >, tmstamp) || LL_CMP(producedAt, <, thisUpdate)) {
+        PORT_SetError(SEC_ERROR_OCSP_FUTURE_RESPONSE);
+        return SECFailure;
+    }
+    if (single->nextUpdate != NULL) {
+        rv = DER_GeneralizedTimeToTime(&nextUpdate, single->nextUpdate);
+        if (rv != SECSuccess)
+            return rv;
+
+        LL_ADD(tmp, tmp, nextUpdate);
+        if (LL_CMP(tmp, <, now) || LL_CMP(producedAt, >, nextUpdate))
+            return ocsp_HandleOldSingleResponse(single, now);
+    } else if (ocsp_TimeIsRecent(thisUpdate) != PR_TRUE) {
+        return ocsp_HandleOldSingleResponse(single, now);
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
+ *   Get the value of the URI of the OCSP responder for the given cert.
+ *   This is found in the (optional) Authority Information Access extension
+ *   in the cert.
+ * INPUTS:
+ *   CERTCertificate *cert
+ *     The certificate being examined.
+ * RETURN:
+ *   char *
+ *     A copy of the URI for the OCSP method, if found.  If either the
+ *     extension is not present or it does not contain an entry for OCSP,
+ *     SEC_ERROR_CERT_BAD_ACCESS_LOCATION will be set and a NULL returned.
+ *     Any other error will also result in a NULL being returned.
+ *
+ *     This result should be freed (via PORT_Free) when no longer in use.
+ */
+char *
+CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert)
+{
+    CERTGeneralName *locname = NULL;
+    SECItem *location = NULL;
+    SECItem *encodedAuthInfoAccess = NULL;
+    CERTAuthInfoAccess **authInfoAccess = NULL;
+    char *locURI = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    int i;
+
+    /*
+     * Allocate this one from the heap because it will get filled in
+     * by CERT_FindCertExtension which will also allocate from the heap,
+     * and we can free the entire thing on our way out.
+     */
+    encodedAuthInfoAccess = SECITEM_AllocItem(NULL, NULL, 0);
+    if (encodedAuthInfoAccess == NULL)
+        goto loser;
+
+    rv = CERT_FindCertExtension(cert, SEC_OID_X509_AUTH_INFO_ACCESS,
+                                encodedAuthInfoAccess);
+    if (rv == SECFailure) {
+        PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+        goto loser;
+    }
+
+    /*
+     * The rest of the things allocated in the routine will come out of
+     * this arena, which is temporary just for us to decode and get at the
+     * AIA extension.  The whole thing will be destroyed on our way out,
+     * after we have copied the location string (url) itself (if found).
+     */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto loser;
+
+    authInfoAccess = CERT_DecodeAuthInfoAccessExtension(arena,
+                                                        encodedAuthInfoAccess);
+    if (authInfoAccess == NULL)
+        goto loser;
+
+    for (i = 0; authInfoAccess[i] != NULL; i++) {
+        if (SECOID_FindOIDTag(&authInfoAccess[i]->method) == SEC_OID_PKIX_OCSP)
+            locname = authInfoAccess[i]->location;
+    }
+
+    /*
+     * If we found an AIA extension, but it did not include an OCSP method,
+     * that should look to our caller as if we did not find the extension
+     * at all, because it is only an OCSP method that we care about.
+     * So set the same error that would be set if the AIA extension was
+     * not there at all.
+     */
+    if (locname == NULL) {
+        PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+        goto loser;
+    }
+
+    /*
+     * The following is just a pointer back into locname (i.e. not a copy);
+     * thus it should not be freed.
+     */
+    location = CERT_GetGeneralNameByType(locname, certURI, PR_FALSE);
+    if (location == NULL) {
+        /*
+    	 * XXX Appears that CERT_GetGeneralNameByType does not set an
+    	 * error if there is no name by that type.  For lack of anything
+    	 * better, act as if the extension was not found.  In the future
+    	 * this should probably be something more like the extension was
+    	 * badly formed.
+    	 */
+        PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+        goto loser;
+    }
+
+    /*
+     * That location is really a string, but it has a specified length
+     * without a null-terminator.  We need a real string that does have
+     * a null-terminator, and we need a copy of it anyway to return to
+     * our caller -- so allocate and copy.
+     */
+    locURI = PORT_Alloc(location->len + 1);
+    if (locURI == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(locURI, location->data, location->len);
+    locURI[location->len] = '\0';
+
+loser:
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_FALSE);
+
+    if (encodedAuthInfoAccess != NULL)
+        SECITEM_FreeItem(encodedAuthInfoAccess, PR_TRUE);
+
+    return locURI;
+}
+
+/*
+ * Figure out where we should go to find out the status of the given cert
+ * via OCSP.  If allowed to use a default responder uri and a default
+ * responder is set up, then that is our answer.
+ * If not, see if the certificate has an Authority Information Access (AIA)
+ * extension for OCSP, and return the value of that.  Otherwise return NULL.
+ * We also let our caller know whether or not the responder chosen was
+ * a default responder or not through the output variable isDefault;
+ * its value has no meaning unless a good (non-null) value is returned
+ * for the location.
+ *
+ * The result needs to be freed (PORT_Free) when no longer in use.
+ */
+char *
+ocsp_GetResponderLocation(CERTCertDBHandle *handle, CERTCertificate *cert,
+                          PRBool canUseDefault, PRBool *isDefault)
+{
+    ocspCheckingContext *ocspcx = NULL;
+    char *ocspUrl = NULL;
+
+    if (canUseDefault) {
+        ocspcx = ocsp_GetCheckingContext(handle);
+    }
+    if (ocspcx != NULL && ocspcx->useDefaultResponder) {
+        /*
+    	 * A default responder wins out, if specified.
+    	 * XXX Someday this may be a more complicated determination based
+    	 * on the cert's issuer.  (That is, we could have different default
+    	 * responders configured for different issuers.)
+    	 */
+        PORT_Assert(ocspcx->defaultResponderURI != NULL);
+        *isDefault = PR_TRUE;
+        return (PORT_Strdup(ocspcx->defaultResponderURI));
+    }
+
+    /*
+     * No default responder set up, so go see if we can find an AIA
+     * extension that has a value for OCSP, and get the url from that.
+     */
+    *isDefault = PR_FALSE;
+    ocspUrl = CERT_GetOCSPAuthorityInfoAccessLocation(cert);
+    if (!ocspUrl) {
+        CERT_StringFromCertFcn altFcn;
+
+        PR_EnterMonitor(OCSP_Global.monitor);
+        altFcn = OCSP_Global.alternateOCSPAIAFcn;
+        PR_ExitMonitor(OCSP_Global.monitor);
+        if (altFcn) {
+            ocspUrl = (*altFcn)(cert);
+            if (ocspUrl)
+                *isDefault = PR_TRUE;
+        }
+    }
+    return ocspUrl;
+}
+
+/*
+ * Return SECSuccess if the cert was revoked *after* "time",
+ * SECFailure otherwise.
+ */
+static SECStatus
+ocsp_CertRevokedAfter(ocspRevokedInfo *revokedInfo, PRTime time)
+{
+    PRTime revokedTime;
+    SECStatus rv;
+
+    rv = DER_GeneralizedTimeToTime(&revokedTime, &revokedInfo->revocationTime);
+    if (rv != SECSuccess)
+        return rv;
+
+    /*
+     * Set the error even if we will return success; someone might care.
+     */
+    PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
+
+    if (LL_CMP(revokedTime, >, time))
+        return SECSuccess;
+
+    return SECFailure;
+}
+
+/*
+ * See if the cert represented in the single response had a good status
+ * at the specified time.
+ */
+SECStatus
+ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time)
+{
+    SECStatus rv;
+    switch (status->certStatusType) {
+        case ocspCertStatus_good:
+            rv = SECSuccess;
+            break;
+        case ocspCertStatus_revoked:
+            rv = ocsp_CertRevokedAfter(status->certStatusInfo.revokedInfo, time);
+            break;
+        case ocspCertStatus_unknown:
+            PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_CERT);
+            rv = SECFailure;
+            break;
+        case ocspCertStatus_other:
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+            rv = SECFailure;
+            break;
+    }
+    return rv;
+}
+
+static SECStatus
+ocsp_SingleResponseCertHasGoodStatus(CERTOCSPSingleResponse *single,
+                                     PRTime time)
+{
+    return ocsp_CertHasGoodStatus(single->certStatus, time);
+}
+
+/* SECFailure means the arguments were invalid.
+ * On SECSuccess, the out parameters contain the OCSP status.
+ * rvOcsp contains the overall result of the OCSP operation.
+ * Depending on input parameter ignoreGlobalOcspFailureSetting,
+ * a soft failure might be converted into *rvOcsp=SECSuccess.
+ * If the cached attempt to obtain OCSP information had resulted
+ * in a failure, missingResponseError shows the error code of
+ * that failure.
+ * cacheFreshness is ocspMissing if no entry was found,
+ *                   ocspFresh if a fresh entry was found, or
+ *                   ocspStale if a stale entry was found.
+ */
+SECStatus
+ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
+                                 PRTime time,
+                                 PRBool ignoreGlobalOcspFailureSetting,
+                                 SECStatus *rvOcsp,
+                                 SECErrorCodes *missingResponseError,
+                                 OCSPFreshness *cacheFreshness)
+{
+    OCSPCacheItem *cacheItem = NULL;
+
+    if (!certID || !missingResponseError || !rvOcsp || !cacheFreshness) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    *rvOcsp = SECFailure;
+    *missingResponseError = 0;
+    *cacheFreshness = ocspMissing;
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    cacheItem = ocsp_FindCacheEntry(&OCSP_Global.cache, certID);
+    if (cacheItem) {
+        *cacheFreshness = ocsp_IsCacheItemFresh(cacheItem) ? ocspFresh
+                                                           : ocspStale;
+        /* having an arena means, we have a cached certStatus */
+        if (cacheItem->certStatusArena) {
+            *rvOcsp = ocsp_CertHasGoodStatus(&cacheItem->certStatus, time);
+            if (*rvOcsp != SECSuccess) {
+                *missingResponseError = PORT_GetError();
+            }
+        } else {
+            /*
+             * No status cached, the previous attempt failed.
+             * If OCSP is required, we never decide based on a failed attempt
+             * However, if OCSP is optional, a recent OCSP failure is
+             * an allowed good state.
+             */
+            if (*cacheFreshness == ocspFresh &&
+                !ignoreGlobalOcspFailureSetting &&
+                OCSP_Global.ocspFailureMode ==
+                    ocspMode_FailureIsNotAVerificationFailure) {
+                *rvOcsp = SECSuccess;
+            }
+            *missingResponseError = cacheItem->missingResponseError;
+        }
+    }
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return SECSuccess;
+}
+
+PRBool
+ocsp_FetchingFailureIsVerificationFailure(void)
+{
+    PRBool isFailure;
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    isFailure =
+        OCSP_Global.ocspFailureMode == ocspMode_FailureIsVerificationFailure;
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return isFailure;
+}
+
+/*
+ * FUNCTION: CERT_CheckOCSPStatus
+ *   Checks the status of a certificate via OCSP.  Will only check status for
+ *   a certificate that has an AIA (Authority Information Access) extension
+ *   for OCSP *or* when a "default responder" is specified and enabled.
+ *   (If no AIA extension for OCSP and no default responder in place, the
+ *   cert is considered to have a good status and SECSuccess is returned.)
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     certificate DB of the cert that is being checked
+ *   CERTCertificate *cert
+ *     the certificate being checked
+ *   XXX in the long term also need a boolean parameter that specifies
+ *	whether to check the cert chain, as well; for now we check only
+ *	the leaf (the specified certificate)
+ *   PRTime time
+ *     time for which status is to be determined
+ *   void *pwArg
+ *     argument for password prompting, if needed
+ * RETURN:
+ *   Returns SECSuccess if an approved OCSP responder "knows" the cert
+ *   *and* returns a non-revoked status for it; SECFailure otherwise,
+ *   with an error set describing the reason:
+ *
+ *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
+ *	SEC_ERROR_OCSP_FUTURE_RESPONSE
+ *	SEC_ERROR_OCSP_MALFORMED_REQUEST
+ *	SEC_ERROR_OCSP_MALFORMED_RESPONSE
+ *	SEC_ERROR_OCSP_OLD_RESPONSE
+ *	SEC_ERROR_OCSP_REQUEST_NEEDS_SIG
+ *	SEC_ERROR_OCSP_SERVER_ERROR
+ *	SEC_ERROR_OCSP_TRY_SERVER_LATER
+ *	SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
+ *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
+ *	SEC_ERROR_OCSP_UNKNOWN_CERT
+ *	SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS
+ *	SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE
+ *
+ *	SEC_ERROR_BAD_SIGNATURE
+ *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
+ *	SEC_ERROR_INVALID_TIME
+ *	SEC_ERROR_REVOKED_CERTIFICATE
+ *	SEC_ERROR_UNKNOWN_ISSUER
+ *	SEC_ERROR_UNKNOWN_SIGNER
+ *
+ *   Other errors are any of the many possible failures in cert verification
+ *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
+ *   verifying the signer's cert, or low-level problems (error allocating
+ *   memory, error performing ASN.1 decoding, etc.).
+ */
+SECStatus
+CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
+                     PRTime time, void *pwArg)
+{
+    CERTOCSPCertID *certID;
+    PRBool certIDWasConsumed = PR_FALSE;
+    SECStatus rv;
+    SECStatus rvOcsp;
+    SECErrorCodes cachedErrorCode;
+    OCSPFreshness cachedResponseFreshness;
+
+    OCSP_TRACE_CERT(cert);
+    OCSP_TRACE_TIME("## requested validity time:", time);
+
+    certID = CERT_CreateOCSPCertID(cert, time);
+    if (!certID)
+        return SECFailure;
+    rv = ocsp_GetCachedOCSPResponseStatus(
+        certID, time, PR_FALSE, /* ignoreGlobalOcspFailureSetting */
+        &rvOcsp, &cachedErrorCode, &cachedResponseFreshness);
+    if (rv != SECSuccess) {
+        CERT_DestroyOCSPCertID(certID);
+        return SECFailure;
+    }
+    if (cachedResponseFreshness == ocspFresh) {
+        CERT_DestroyOCSPCertID(certID);
+        if (rvOcsp != SECSuccess) {
+            PORT_SetError(cachedErrorCode);
+        }
+        return rvOcsp;
+    }
+
+    rv = ocsp_GetOCSPStatusFromNetwork(handle, certID, cert, time, pwArg,
+                                       &certIDWasConsumed,
+                                       &rvOcsp);
+    if (rv != SECSuccess) {
+        PRErrorCode err = PORT_GetError();
+        if (ocsp_FetchingFailureIsVerificationFailure()) {
+            PORT_SetError(err);
+            rvOcsp = SECFailure;
+        } else if (cachedResponseFreshness == ocspStale &&
+                   (cachedErrorCode == SEC_ERROR_OCSP_UNKNOWN_CERT ||
+                    cachedErrorCode == SEC_ERROR_REVOKED_CERTIFICATE)) {
+            /* If we couldn't get a response for a certificate that the OCSP
+             * responder previously told us was bad, then assume it is still
+             * bad until we hear otherwise, as it is very unlikely that the
+             * certificate status has changed from "revoked" to "good" and it
+             * is also unlikely that the certificate status has changed from
+             * "unknown" to "good", except for some buggy OCSP responders.
+             */
+            PORT_SetError(cachedErrorCode);
+            rvOcsp = SECFailure;
+        } else {
+            rvOcsp = SECSuccess;
+        }
+    }
+    if (!certIDWasConsumed) {
+        CERT_DestroyOCSPCertID(certID);
+    }
+    return rvOcsp;
+}
+
+/*
+ * FUNCTION: CERT_CacheOCSPResponseFromSideChannel
+ *   First, this function checks the OCSP cache to see if a good response
+ *   for the given certificate already exists. If it does, then the function
+ *   returns successfully.
+ *
+ *   If not, then it validates that the given OCSP response is a valid,
+ *   good response for the given certificate and inserts it into the
+ *   cache.
+ *
+ *   This function is intended for use when OCSP responses are provided via a
+ *   side-channel, i.e. TLS OCSP stapling (a.k.a. the status_request extension).
+ *
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     certificate DB of the cert that is being checked
+ *   CERTCertificate *cert
+ *     the certificate being checked
+ *   PRTime time
+ *     time for which status is to be determined
+ *   SECItem *encodedResponse
+ *     the DER encoded bytes of the OCSP response
+ *   void *pwArg
+ *     argument for password prompting, if needed
+ * RETURN:
+ *   SECSuccess if the cert was found in the cache, or if the OCSP response was
+ *   found to be valid and inserted into the cache. SECFailure otherwise.
+ */
+SECStatus
+CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
+                                      CERTCertificate *cert,
+                                      PRTime time,
+                                      const SECItem *encodedResponse,
+                                      void *pwArg)
+{
+    CERTOCSPCertID *certID = NULL;
+    PRBool certIDWasConsumed = PR_FALSE;
+    SECStatus rv = SECFailure;
+    SECStatus rvOcsp = SECFailure;
+    SECErrorCodes dummy_error_code; /* we ignore this */
+    CERTOCSPResponse *decodedResponse = NULL;
+    CERTOCSPSingleResponse *singleResponse = NULL;
+    OCSPFreshness freshness;
+
+    /* The OCSP cache can be in three states regarding this certificate:
+     *    + Good (cached, timely, 'good' response, or revoked in the future)
+     *    + Revoked (cached, timely, but doesn't fit in the last category)
+     *    + Miss (no knowledge)
+     *
+     * Likewise, the side-channel information can be
+     *    + Good (timely, 'good' response, or revoked in the future)
+     *    + Revoked (timely, but doesn't fit in the last category)
+     *    + Invalid (bad syntax, bad signature, not timely etc)
+     *
+     * The common case is that the cache result is Good and so is the
+     * side-channel information. We want to save processing time in this case
+     * so we say that any time we see a Good result from the cache we return
+     * early.
+     *
+     *                       Cache result
+     *      | Good             Revoked               Miss
+     *   ---+--------------------------------------------
+     *    G |  noop           Cache more           Cache it
+     * S    |                 recent result
+     * i    |
+     * d    |
+     * e    |
+     *    R |  noop           Cache more           Cache it
+     * C    |                 recent result
+     * h    |
+     * a    |
+     * n    |
+     * n  I |  noop           Noop                  Noop
+     * e    |
+     * l    |
+     *
+     * When we fetch from the network we might choose to cache a negative
+     * result when the response is invalid. This saves us hammering, uselessly,
+     * at a broken responder. However, side channels are commonly attacker
+     * controlled and so we must not cache a negative result for an Invalid
+     * side channel.
+     */
+
+    if (!cert || !encodedResponse) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    certID = CERT_CreateOCSPCertID(cert, time);
+    if (!certID)
+        return SECFailure;
+
+    /* We pass PR_TRUE for ignoreGlobalOcspFailureSetting so that a cached
+     * error entry is not interpreted as being a 'Good' entry here.
+     */
+    rv = ocsp_GetCachedOCSPResponseStatus(
+        certID, time, PR_TRUE, /* ignoreGlobalOcspFailureSetting */
+        &rvOcsp, &dummy_error_code, &freshness);
+    if (rv == SECSuccess && rvOcsp == SECSuccess && freshness == ocspFresh) {
+        /* The cached value is good. We don't want to waste time validating
+         * this OCSP response. This is the first column in the table above. */
+        CERT_DestroyOCSPCertID(certID);
+        return rv;
+    }
+
+    /* The logic for caching the more recent response is handled in
+     * ocsp_CacheSingleResponse. */
+
+    rv = ocsp_GetDecodedVerifiedSingleResponseForID(handle, certID, cert,
+                                                    time, pwArg,
+                                                    encodedResponse,
+                                                    &decodedResponse,
+                                                    &singleResponse);
+    if (rv == SECSuccess) {
+        rvOcsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
+        /* Cache any valid singleResponse, regardless of status. */
+        ocsp_CacheSingleResponse(certID, singleResponse, &certIDWasConsumed);
+    }
+    if (decodedResponse) {
+        CERT_DestroyOCSPResponse(decodedResponse);
+    }
+    if (!certIDWasConsumed) {
+        CERT_DestroyOCSPCertID(certID);
+    }
+    return rv == SECSuccess ? rvOcsp : rv;
+}
+
+/*
+ * Status in *certIDWasConsumed will always be correct, regardless of
+ * return value.
+ */
+static SECStatus
+ocsp_GetOCSPStatusFromNetwork(CERTCertDBHandle *handle,
+                              CERTOCSPCertID *certID,
+                              CERTCertificate *cert,
+                              PRTime time,
+                              void *pwArg,
+                              PRBool *certIDWasConsumed,
+                              SECStatus *rv_ocsp)
+{
+    char *location = NULL;
+    PRBool locationIsDefault;
+    SECItem *encodedResponse = NULL;
+    CERTOCSPRequest *request = NULL;
+    SECStatus rv = SECFailure;
+
+    CERTOCSPResponse *decodedResponse = NULL;
+    CERTOCSPSingleResponse *singleResponse = NULL;
+    enum { stageGET,
+           stagePOST } currentStage;
+    PRBool retry = PR_FALSE;
+
+    if (!certIDWasConsumed || !rv_ocsp) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    *certIDWasConsumed = PR_FALSE;
+    *rv_ocsp = SECFailure;
+
+    if (!OCSP_Global.monitor) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+    PR_EnterMonitor(OCSP_Global.monitor);
+    if (OCSP_Global.forcePost) {
+        currentStage = stagePOST;
+    } else {
+        currentStage = stageGET;
+    }
+    PR_ExitMonitor(OCSP_Global.monitor);
+
+    /*
+     * The first thing we need to do is find the location of the responder.
+     * This will be the value of the default responder (if enabled), else
+     * it will come out of the AIA extension in the cert (if present).
+     * If we have no such location, then this cert does not "deserve" to
+     * be checked -- that is, we consider it a success and just return.
+     * The way we tell that is by looking at the error number to see if
+     * the problem was no AIA extension was found; any other error was
+     * a true failure that we unfortunately have to treat as an overall
+     * failure here.
+     */
+    location = ocsp_GetResponderLocation(handle, cert, PR_TRUE,
+                                         &locationIsDefault);
+    if (location == NULL) {
+        int err = PORT_GetError();
+        if (err == SEC_ERROR_EXTENSION_NOT_FOUND ||
+            err == SEC_ERROR_CERT_BAD_ACCESS_LOCATION) {
+            PORT_SetError(0);
+            *rv_ocsp = SECSuccess;
+            return SECSuccess;
+        }
+        return SECFailure;
+    }
+
+    /*
+     * XXX In the fullness of time, we will want/need to handle a
+     * certificate chain.  This will be done either when a new parameter
+     * tells us to, or some configuration variable tells us to.  In any
+     * case, handling it is complicated because we may need to send as
+     * many requests (and receive as many responses) as we have certs
+     * in the chain.  If we are going to talk to a default responder,
+     * and we only support one default responder, we can put all of the
+     * certs together into one request.  Otherwise, we must break them up
+     * into multiple requests.  (Even if all of the requests will go to
+     * the same location, the signature on each response will be different,
+     * because each issuer is different.  Carefully read the OCSP spec
+     * if you do not understand this.)
+     */
+
+    /*
+     * XXX If/when signing of requests is supported, that second NULL
+     * should be changed to be the signer certificate.  Not sure if that
+     * should be passed into this function or retrieved via some operation
+     * on the handle/context.
+     */
+
+    do {
+        const char *method;
+        PRBool validResponseWithAccurateInfo = PR_FALSE;
+        retry = PR_FALSE;
+        *rv_ocsp = SECFailure;
+
+        if (currentStage == stageGET) {
+            method = "GET";
+        } else {
+            PORT_Assert(currentStage == stagePOST);
+            method = "POST";
+        }
+
+        encodedResponse =
+            ocsp_GetEncodedOCSPResponseForSingleCert(NULL, certID, cert,
+                                                     location, method,
+                                                     time, locationIsDefault,
+                                                     pwArg, &request);
+
+        if (encodedResponse) {
+            rv = ocsp_GetDecodedVerifiedSingleResponseForID(handle, certID, cert,
+                                                            time, pwArg,
+                                                            encodedResponse,
+                                                            &decodedResponse,
+                                                            &singleResponse);
+            if (rv == SECSuccess) {
+                switch (singleResponse->certStatus->certStatusType) {
+                    case ocspCertStatus_good:
+                    case ocspCertStatus_revoked:
+                        validResponseWithAccurateInfo = PR_TRUE;
+                        break;
+                    default:
+                        break;
+                }
+                *rv_ocsp = ocsp_SingleResponseCertHasGoodStatus(singleResponse, time);
+            }
+        }
+
+        if (currentStage == stageGET) {
+            /* only accept GET response if good or revoked */
+            if (validResponseWithAccurateInfo) {
+                ocsp_CacheSingleResponse(certID, singleResponse,
+                                         certIDWasConsumed);
+            } else {
+                retry = PR_TRUE;
+                currentStage = stagePOST;
+            }
+        } else {
+            /* cache the POST respone, regardless of status */
+            if (!singleResponse) {
+                cert_RememberOCSPProcessingFailure(certID, certIDWasConsumed);
+            } else {
+                ocsp_CacheSingleResponse(certID, singleResponse,
+                                         certIDWasConsumed);
+            }
+        }
+
+        if (encodedResponse) {
+            SECITEM_FreeItem(encodedResponse, PR_TRUE);
+            encodedResponse = NULL;
+        }
+        if (request) {
+            CERT_DestroyOCSPRequest(request);
+            request = NULL;
+        }
+        if (decodedResponse) {
+            CERT_DestroyOCSPResponse(decodedResponse);
+            decodedResponse = NULL;
+        }
+        singleResponse = NULL;
+
+    } while (retry);
+
+    PORT_Free(location);
+    return rv;
+}
+
+/*
+ * FUNCTION: ocsp_GetDecodedVerifiedSingleResponseForID
+ *   This function decodes an OCSP response and checks for a valid response
+ *   concerning the given certificate.
+ *
+ *   Note: a 'valid' response is one that parses successfully, is not an OCSP
+ *   exception (see RFC 2560 Section 2.3), is correctly signed and is current.
+ *   A 'good' response is a valid response that attests that the certificate
+ *   is not currently revoked (see RFC 2560 Section 2.2).
+ *
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     certificate DB of the cert that is being checked
+ *   CERTOCSPCertID *certID
+ *     the cert ID corresponding to |cert|
+ *   CERTCertificate *cert
+ *     the certificate being checked
+ *   PRTime time
+ *     time for which status is to be determined
+ *   void *pwArg
+ *     the opaque argument to the password prompting function.
+ *   SECItem *encodedResponse
+ *     the DER encoded bytes of the OCSP response
+ *   CERTOCSPResponse **pDecodedResponse
+ *     (output) The caller must ALWAYS check for this output parameter,
+ *     and if it's non-null, must destroy it using CERT_DestroyOCSPResponse.
+ *   CERTOCSPSingleResponse **pSingle
+ *     (output) on success, this points to the single response that corresponds
+ *     to the certID parameter. Points to the inside of pDecodedResponse.
+ *     It isn't a copy, don't free it.
+ * RETURN:
+ *   SECSuccess iff the response is valid.
+ */
+static SECStatus
+ocsp_GetDecodedVerifiedSingleResponseForID(CERTCertDBHandle *handle,
+                                           CERTOCSPCertID *certID,
+                                           CERTCertificate *cert,
+                                           PRTime time,
+                                           void *pwArg,
+                                           const SECItem *encodedResponse,
+                                           CERTOCSPResponse **pDecodedResponse,
+                                           CERTOCSPSingleResponse **pSingle)
+{
+    CERTCertificate *signerCert = NULL;
+    CERTCertificate *issuerCert = NULL;
+    SECStatus rv = SECFailure;
+
+    if (!pSingle || !pDecodedResponse) {
+        return SECFailure;
+    }
+    *pSingle = NULL;
+    *pDecodedResponse = CERT_DecodeOCSPResponse(encodedResponse);
+    if (!*pDecodedResponse) {
+        return SECFailure;
+    }
+
+    /*
+     * Okay, we at least have a response that *looks* like a response!
+     * Now see if the overall response status value is good or not.
+     * If not, we set an error and give up.  (It means that either the
+     * server had a problem, or it didn't like something about our
+     * request.  Either way there is nothing to do but give up.)
+     * Otherwise, we continue to find the actual per-cert status
+     * in the response.
+     */
+    if (CERT_GetOCSPResponseStatus(*pDecodedResponse) != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * If we've made it this far, we expect a response with a good signature.
+     * So, check for that.
+     */
+    issuerCert = CERT_FindCertIssuer(cert, time, certUsageAnyCA);
+    rv = CERT_VerifyOCSPResponseSignature(*pDecodedResponse, handle, pwArg,
+                                          &signerCert, issuerCert);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_Assert(signerCert != NULL); /* internal consistency check */
+    /* XXX probably should set error, return failure if signerCert is null */
+
+    /*
+     * Again, we are only doing one request for one cert.
+     * XXX When we handle cert chains, the following code will obviously
+     * have to be modified, in coordation with the code above that will
+     * have to determine how to make multiple requests, etc.
+     */
+    rv = ocsp_GetVerifiedSingleResponseForCertID(handle, *pDecodedResponse, certID,
+                                                 signerCert, time, pSingle);
+loser:
+    if (issuerCert != NULL)
+        CERT_DestroyCertificate(issuerCert);
+    if (signerCert != NULL)
+        CERT_DestroyCertificate(signerCert);
+    return rv;
+}
+
+/*
+ * FUNCTION: ocsp_CacheSingleResponse
+ *   This function requires that the caller has checked that the response
+ *   is valid and verified.
+ *   The (positive or negative) valid response will be used to update the cache.
+ * INPUTS:
+ *   CERTOCSPCertID *certID
+ *     the cert ID corresponding to |cert|
+ *   PRBool *certIDWasConsumed
+ *     (output) on return, this is true iff |certID| was consumed by this
+ *     function.
+ */
+void
+ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
+                         CERTOCSPSingleResponse *single,
+                         PRBool *certIDWasConsumed)
+{
+    if (single != NULL) {
+        PR_EnterMonitor(OCSP_Global.monitor);
+        if (OCSP_Global.maxCacheEntries >= 0) {
+            ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, single,
+                                          certIDWasConsumed);
+            /* ignore cache update failures */
+        }
+        PR_ExitMonitor(OCSP_Global.monitor);
+    }
+}
+
+SECStatus
+ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
+                                        CERTOCSPResponse *response,
+                                        CERTOCSPCertID *certID,
+                                        CERTCertificate *signerCert,
+                                        PRTime time,
+                                        CERTOCSPSingleResponse
+                                            **pSingleResponse)
+{
+    SECStatus rv;
+    ocspResponseData *responseData;
+    PRTime producedAt;
+    CERTOCSPSingleResponse *single;
+
+    /*
+     * The ResponseData part is the real guts of the response.
+     */
+    responseData = ocsp_GetResponseData(response, NULL);
+    if (responseData == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /*
+     * There is one producedAt time for the entire response (and a separate
+     * thisUpdate time for each individual single response).  We need to
+     * compare them, so get the overall time to pass into the check of each
+     * single response.
+     */
+    rv = DER_GeneralizedTimeToTime(&producedAt, &responseData->producedAt);
+    if (rv != SECSuccess)
+        goto loser;
+
+    single = ocsp_GetSingleResponseForCertID(responseData->responses,
+                                             handle, certID);
+    if (single == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = ocsp_VerifySingleResponse(single, handle, signerCert, producedAt);
+    if (rv != SECSuccess)
+        goto loser;
+    *pSingleResponse = single;
+
+loser:
+    return rv;
+}
+
+SECStatus
+CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
+                            CERTOCSPResponse *response,
+                            CERTOCSPCertID *certID,
+                            CERTCertificate *signerCert,
+                            PRTime time)
+{
+    /*
+     * We do not update the cache, because:
+     *
+     * CERT_GetOCSPStatusForCertID is an old exported API that was introduced
+     * before the OCSP cache got implemented.
+     *
+     * The implementation of helper function cert_ProcessOCSPResponse
+     * requires the ability to transfer ownership of the the given certID to
+     * the cache. The external API doesn't allow us to prevent the caller from
+     * destroying the certID. We don't have the original certificate available,
+     * therefore we are unable to produce another certID object (that could
+     * be stored in the cache).
+     *
+     * Should we ever implement code to produce a deep copy of certID,
+     * then this could be changed to allow updating the cache.
+     * The duplication would have to be done in
+     * cert_ProcessOCSPResponse, if the out parameter to indicate
+     * a transfer of ownership is NULL.
+     */
+    return cert_ProcessOCSPResponse(handle, response, certID,
+                                    signerCert, time,
+                                    NULL, NULL);
+}
+
+/*
+ * The first 5 parameters match the definition of CERT_GetOCSPStatusForCertID.
+ */
+SECStatus
+cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
+                         CERTOCSPResponse *response,
+                         CERTOCSPCertID *certID,
+                         CERTCertificate *signerCert,
+                         PRTime time,
+                         PRBool *certIDWasConsumed,
+                         SECStatus *cacheUpdateStatus)
+{
+    SECStatus rv;
+    SECStatus rv_cache = SECSuccess;
+    CERTOCSPSingleResponse *single = NULL;
+
+    rv = ocsp_GetVerifiedSingleResponseForCertID(handle, response, certID,
+                                                 signerCert, time, &single);
+    if (rv == SECSuccess) {
+        /*
+         * Check whether the status says revoked, and if so
+         * how that compares to the time value passed into this routine.
+         */
+        rv = ocsp_SingleResponseCertHasGoodStatus(single, time);
+    }
+
+    if (certIDWasConsumed) {
+        /*
+         * We don't have copy-of-certid implemented. In order to update
+         * the cache, the caller must supply an out variable
+         * certIDWasConsumed, allowing us to return ownership status.
+         */
+
+        PR_EnterMonitor(OCSP_Global.monitor);
+        if (OCSP_Global.maxCacheEntries >= 0) {
+            /* single == NULL means: remember response failure */
+            rv_cache =
+                ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID,
+                                              single, certIDWasConsumed);
+        }
+        PR_ExitMonitor(OCSP_Global.monitor);
+        if (cacheUpdateStatus) {
+            *cacheUpdateStatus = rv_cache;
+        }
+    }
+
+    return rv;
+}
+
+SECStatus
+cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
+                                   PRBool *certIDWasConsumed)
+{
+    SECStatus rv = SECSuccess;
+    PR_EnterMonitor(OCSP_Global.monitor);
+    if (OCSP_Global.maxCacheEntries >= 0) {
+        rv = ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, NULL,
+                                           certIDWasConsumed);
+    }
+    PR_ExitMonitor(OCSP_Global.monitor);
+    return rv;
+}
+
+/*
+ * Disable status checking and destroy related structures/data.
+ */
+static SECStatus
+ocsp_DestroyStatusChecking(CERTStatusConfig *statusConfig)
+{
+    ocspCheckingContext *statusContext;
+
+    /*
+     * Disable OCSP checking
+     */
+    statusConfig->statusChecker = NULL;
+
+    statusContext = statusConfig->statusContext;
+    PORT_Assert(statusContext != NULL);
+    if (statusContext == NULL)
+        return SECFailure;
+
+    if (statusContext->defaultResponderURI != NULL)
+        PORT_Free(statusContext->defaultResponderURI);
+    if (statusContext->defaultResponderNickname != NULL)
+        PORT_Free(statusContext->defaultResponderNickname);
+
+    PORT_Free(statusContext);
+    statusConfig->statusContext = NULL;
+
+    PORT_Free(statusConfig);
+
+    return SECSuccess;
+}
+
+/*
+ * FUNCTION: CERT_DisableOCSPChecking
+ *   Turns off OCSP checking for the given certificate database.
+ *   This routine disables OCSP checking.  Though it will return
+ *   SECFailure if OCSP checking is not enabled, it is "safe" to
+ *   call it that way and just ignore the return value, if it is
+ *   easier to just call it than to "remember" whether it is enabled.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Certificate database for which OCSP checking will be disabled.
+ * RETURN:
+ *   Returns SECFailure if an error occurred (usually means that OCSP
+ *   checking was not enabled or status contexts were not initialized --
+ *   error set will be SEC_ERROR_OCSP_NOT_ENABLED); SECSuccess otherwise.
+ */
+SECStatus
+CERT_DisableOCSPChecking(CERTCertDBHandle *handle)
+{
+    CERTStatusConfig *statusConfig;
+    ocspCheckingContext *statusContext;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    statusConfig = CERT_GetStatusConfig(handle);
+    statusContext = ocsp_GetCheckingContext(handle);
+    if (statusContext == NULL)
+        return SECFailure;
+
+    if (statusConfig->statusChecker != CERT_CheckOCSPStatus) {
+        /*
+    	 * Status configuration is present, but either not currently
+    	 * enabled or not for OCSP.
+    	 */
+        PORT_SetError(SEC_ERROR_OCSP_NOT_ENABLED);
+        return SECFailure;
+    }
+
+    /* cache no longer necessary */
+    CERT_ClearOCSPCache();
+
+    /*
+     * This is how we disable status checking.  Everything else remains
+     * in place in case we are enabled again.
+     */
+    statusConfig->statusChecker = NULL;
+
+    return SECSuccess;
+}
+
+/*
+ * Allocate and initialize the informational structures for status checking.
+ * This is done when some configuration of OCSP is being done or when OCSP
+ * checking is being turned on, whichever comes first.
+ */
+static SECStatus
+ocsp_InitStatusChecking(CERTCertDBHandle *handle)
+{
+    CERTStatusConfig *statusConfig = NULL;
+    ocspCheckingContext *statusContext = NULL;
+
+    PORT_Assert(CERT_GetStatusConfig(handle) == NULL);
+    if (CERT_GetStatusConfig(handle) != NULL) {
+        /* XXX or call statusConfig->statusDestroy and continue? */
+        return SECFailure;
+    }
+
+    statusConfig = PORT_ZNew(CERTStatusConfig);
+    if (statusConfig == NULL)
+        goto loser;
+
+    statusContext = PORT_ZNew(ocspCheckingContext);
+    if (statusContext == NULL)
+        goto loser;
+
+    statusConfig->statusDestroy = ocsp_DestroyStatusChecking;
+    statusConfig->statusContext = statusContext;
+
+    CERT_SetStatusConfig(handle, statusConfig);
+
+    return SECSuccess;
+
+loser:
+    if (statusConfig != NULL)
+        PORT_Free(statusConfig);
+    return SECFailure;
+}
+
+/*
+ * FUNCTION: CERT_EnableOCSPChecking
+ *   Turns on OCSP checking for the given certificate database.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Certificate database for which OCSP checking will be enabled.
+ * RETURN:
+ *   Returns SECFailure if an error occurred (likely only problem
+ *   allocating memory); SECSuccess otherwise.
+ */
+SECStatus
+CERT_EnableOCSPChecking(CERTCertDBHandle *handle)
+{
+    CERTStatusConfig *statusConfig;
+
+    SECStatus rv;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    statusConfig = CERT_GetStatusConfig(handle);
+    if (statusConfig == NULL) {
+        rv = ocsp_InitStatusChecking(handle);
+        if (rv != SECSuccess)
+            return rv;
+
+        /* Get newly established value */
+        statusConfig = CERT_GetStatusConfig(handle);
+        PORT_Assert(statusConfig != NULL);
+    }
+
+    /*
+     * Setting the checker function is what really enables the checking
+     * when each cert verification is done.
+     */
+    statusConfig->statusChecker = CERT_CheckOCSPStatus;
+
+    return SECSuccess;
+}
+
+/*
+ * FUNCTION: CERT_SetOCSPDefaultResponder
+ *   Specify the location and cert of the default responder.
+ *   If OCSP checking is already enabled *and* use of a default responder
+ *   is also already enabled, all OCSP checking from now on will go directly
+ *   to the specified responder.  If OCSP checking is not enabled, or if
+ *   it is but use of a default responder is not enabled, the information
+ *   will be recorded and take effect whenever both are enabled.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Cert database on which OCSP checking should use the default responder.
+ *   char *url
+ *     The location of the default responder (e.g. "http://foo.com:80/ocsp")
+ *     Note that the location will not be tested until the first attempt
+ *     to send a request there.
+ *   char *name
+ *     The nickname of the cert to trust (expected) to sign the OCSP responses.
+ *     If the corresponding cert cannot be found, SECFailure is returned.
+ * RETURN:
+ *   Returns SECFailure if an error occurred; SECSuccess otherwise.
+ *   The most likely error is that the cert for "name" could not be found
+ *   (probably SEC_ERROR_UNKNOWN_CERT).  Other errors are low-level (no memory,
+ *   bad database, etc.).
+ */
+SECStatus
+CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
+                             const char *url, const char *name)
+{
+    CERTCertificate *cert;
+    ocspCheckingContext *statusContext;
+    char *url_copy = NULL;
+    char *name_copy = NULL;
+    SECStatus rv;
+
+    if (handle == NULL || url == NULL || name == NULL) {
+        /*
+    	 * XXX When interface is exported, probably want better errors;
+    	 * perhaps different one for each parameter.
+    	 */
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /*
+     * Find the certificate for the specified nickname.  Do this first
+     * because it seems the most likely to fail.
+     *
+     * XXX Shouldn't need that cast if the FindCertByNickname interface
+     * used const to convey that it does not modify the name.  Maybe someday.
+     */
+    cert = CERT_FindCertByNickname(handle, (char *)name);
+    if (cert == NULL) {
+        /*
+         * look for the cert on an external token.
+         */
+        cert = PK11_FindCertFromNickname((char *)name, NULL);
+    }
+    if (cert == NULL)
+        return SECFailure;
+
+    /*
+     * Make a copy of the url and nickname.
+     */
+    url_copy = PORT_Strdup(url);
+    name_copy = PORT_Strdup(name);
+    if (url_copy == NULL || name_copy == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    statusContext = ocsp_GetCheckingContext(handle);
+
+    /*
+     * Allocate and init the context if it doesn't already exist.
+     */
+    if (statusContext == NULL) {
+        rv = ocsp_InitStatusChecking(handle);
+        if (rv != SECSuccess)
+            goto loser;
+
+        statusContext = ocsp_GetCheckingContext(handle);
+        PORT_Assert(statusContext != NULL); /* extreme paranoia */
+    }
+
+    /*
+     * Note -- we do not touch the status context until after all of
+     * the steps which could cause errors.  If something goes wrong,
+     * we want to leave things as they were.
+     */
+
+    /*
+     * Get rid of old url and name if there.
+     */
+    if (statusContext->defaultResponderNickname != NULL)
+        PORT_Free(statusContext->defaultResponderNickname);
+    if (statusContext->defaultResponderURI != NULL)
+        PORT_Free(statusContext->defaultResponderURI);
+
+    /*
+     * And replace them with the new ones.
+     */
+    statusContext->defaultResponderURI = url_copy;
+    statusContext->defaultResponderNickname = name_copy;
+
+    /*
+     * If there was already a cert in place, get rid of it and replace it.
+     * Otherwise, we are not currently enabled, so we don't want to save it;
+     * it will get re-found and set whenever use of a default responder is
+     * enabled.
+     */
+    if (statusContext->defaultResponderCert != NULL) {
+        CERT_DestroyCertificate(statusContext->defaultResponderCert);
+        statusContext->defaultResponderCert = cert;
+        /*OCSP enabled, switching responder: clear cache*/
+        CERT_ClearOCSPCache();
+    } else {
+        PORT_Assert(statusContext->useDefaultResponder == PR_FALSE);
+        CERT_DestroyCertificate(cert);
+        /*OCSP currently not enabled, no need to clear cache*/
+    }
+
+    return SECSuccess;
+
+loser:
+    CERT_DestroyCertificate(cert);
+    if (url_copy != NULL)
+        PORT_Free(url_copy);
+    if (name_copy != NULL)
+        PORT_Free(name_copy);
+    return rv;
+}
+
+/*
+ * FUNCTION: CERT_EnableOCSPDefaultResponder
+ *   Turns on use of a default responder when OCSP checking.
+ *   If OCSP checking is already enabled, this will make subsequent checks
+ *   go directly to the default responder.  (The location of the responder
+ *   and the nickname of the responder cert must already be specified.)
+ *   If OCSP checking is not enabled, this will be recorded and take effect
+ *   whenever it is enabled.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Cert database on which OCSP checking should use the default responder.
+ * RETURN:
+ *   Returns SECFailure if an error occurred; SECSuccess otherwise.
+ *   No errors are especially likely unless the caller did not previously
+ *   perform a successful call to SetOCSPDefaultResponder (in which case
+ *   the error set will be SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER).
+ */
+SECStatus
+CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle)
+{
+    ocspCheckingContext *statusContext;
+    CERTCertificate *cert;
+    SECStatus rv;
+    SECCertificateUsage usage;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    statusContext = ocsp_GetCheckingContext(handle);
+
+    if (statusContext == NULL) {
+        /*
+    	 * Strictly speaking, the error already set is "correct",
+    	 * but cover over it with one more helpful in this context.
+    	 */
+        PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
+        return SECFailure;
+    }
+
+    if (statusContext->defaultResponderURI == NULL) {
+        PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
+        return SECFailure;
+    }
+
+    if (statusContext->defaultResponderNickname == NULL) {
+        PORT_SetError(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER);
+        return SECFailure;
+    }
+
+    /*
+     * Find the cert for the nickname.
+     */
+    cert = CERT_FindCertByNickname(handle,
+                                   statusContext->defaultResponderNickname);
+    if (cert == NULL) {
+        cert = PK11_FindCertFromNickname(statusContext->defaultResponderNickname,
+                                         NULL);
+    }
+    /*
+     * We should never have trouble finding the cert, because its
+     * existence should have been proven by SetOCSPDefaultResponder.
+     */
+    PORT_Assert(cert != NULL);
+    if (cert == NULL)
+        return SECFailure;
+
+    /*
+     * Supplied cert should at least have  a signing capability in order for us
+     * to use it as a trusted responder cert. Ability to sign is guaranteed  if
+     * cert is validated to have any set of the usages below.
+     */
+    rv = CERT_VerifyCertificateNow(handle, cert, PR_TRUE,
+                                   certificateUsageCheckAllUsages,
+                                   NULL, &usage);
+    if (rv != SECSuccess || (usage & (certificateUsageSSLClient | certificateUsageSSLServer | certificateUsageSSLServerWithStepUp | certificateUsageEmailSigner | certificateUsageObjectSigner | certificateUsageStatusResponder | certificateUsageSSLCA)) == 0) {
+        PORT_SetError(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID);
+        return SECFailure;
+    }
+
+    /*
+     * And hang onto it.
+     */
+    statusContext->defaultResponderCert = cert;
+
+    /* we don't allow a mix of cache entries from different responders */
+    CERT_ClearOCSPCache();
+
+    /*
+     * Finally, record the fact that we now have a default responder enabled.
+     */
+    statusContext->useDefaultResponder = PR_TRUE;
+    return SECSuccess;
+}
+
+/*
+ * FUNCTION: CERT_DisableOCSPDefaultResponder
+ *   Turns off use of a default responder when OCSP checking.
+ *   (Does nothing if use of a default responder is not enabled.)
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Cert database on which OCSP checking should stop using a default
+ *     responder.
+ * RETURN:
+ *   Returns SECFailure if an error occurred; SECSuccess otherwise.
+ *   Errors very unlikely (like random memory corruption...).
+ */
+SECStatus
+CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle)
+{
+    CERTStatusConfig *statusConfig;
+    ocspCheckingContext *statusContext;
+    CERTCertificate *tmpCert;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    statusConfig = CERT_GetStatusConfig(handle);
+    if (statusConfig == NULL)
+        return SECSuccess;
+
+    statusContext = ocsp_GetCheckingContext(handle);
+    PORT_Assert(statusContext != NULL);
+    if (statusContext == NULL)
+        return SECFailure;
+
+    tmpCert = statusContext->defaultResponderCert;
+    if (tmpCert) {
+        statusContext->defaultResponderCert = NULL;
+        CERT_DestroyCertificate(tmpCert);
+        /* we don't allow a mix of cache entries from different responders */
+        CERT_ClearOCSPCache();
+    }
+
+    /*
+     * Finally, record the fact.
+     */
+    statusContext->useDefaultResponder = PR_FALSE;
+    return SECSuccess;
+}
+
+SECStatus
+CERT_ForcePostMethodForOCSP(PRBool forcePost)
+{
+    if (!OCSP_Global.monitor) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+
+    PR_EnterMonitor(OCSP_Global.monitor);
+    OCSP_Global.forcePost = forcePost;
+    PR_ExitMonitor(OCSP_Global.monitor);
+
+    return SECSuccess;
+}
+
+SECStatus
+CERT_GetOCSPResponseStatus(CERTOCSPResponse *response)
+{
+    PORT_Assert(response);
+    if (response->statusValue == ocspResponse_successful)
+        return SECSuccess;
+
+    switch (response->statusValue) {
+        case ocspResponse_malformedRequest:
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_REQUEST);
+            break;
+        case ocspResponse_internalError:
+            PORT_SetError(SEC_ERROR_OCSP_SERVER_ERROR);
+            break;
+        case ocspResponse_tryLater:
+            PORT_SetError(SEC_ERROR_OCSP_TRY_SERVER_LATER);
+            break;
+        case ocspResponse_sigRequired:
+            /* XXX We *should* retry with a signature, if possible. */
+            PORT_SetError(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG);
+            break;
+        case ocspResponse_unauthorized:
+            PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
+            break;
+        case ocspResponse_unused:
+        default:
+            PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS);
+            break;
+    }
+    return SECFailure;
+}
diff --git a/nss/lib/certhigh/ocsp.h b/nss/lib/certhigh/ocsp.h
new file mode 100644
index 0000000..ac9dd64
--- /dev/null
+++ b/nss/lib/certhigh/ocsp.h
@@ -0,0 +1,723 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Interface to the OCSP implementation.
+ */
+
+#ifndef _OCSP_H_
+#define _OCSP_H_
+
+#include "plarena.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "keyt.h"
+#include "certt.h"
+#include "ocspt.h"
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/*
+ * This function registers the HttpClient with whose functions the
+ * HttpClientFcn structure has been populated as the default Http
+ * client.
+ *
+ * The function table must be a global object.
+ * The caller must ensure that NSS will be able to call
+ * the registered functions for the lifetime of the process.
+ */
+extern SECStatus
+SEC_RegisterDefaultHttpClient(const SEC_HttpClientFcn *fcnTable);
+
+/*
+ * This function obtains the HttpClient which has been registered
+ * by an earlier call to SEC_RegisterDefaultHttpClient.
+ */
+extern const SEC_HttpClientFcn *
+SEC_GetRegisteredHttpClient(void);
+
+/*
+ * Sets parameters that control NSS' internal OCSP cache.
+ * maxCacheEntries, special varlues are:
+ *   -1 disable cache
+ *   0 unlimited cache entries
+ * minimumSecondsToNextFetchAttempt:
+ *   whenever an OCSP request was attempted or completed over the network,
+ *   wait at least this number of seconds before trying to fetch again.
+ * maximumSecondsToNextFetchAttempt:
+ *   this is the maximum age of a cached response we allow, until we try
+ *   to fetch an updated response, even if the OCSP responder expects
+ *   that newer information update will not be available yet.
+ */
+extern SECStatus
+CERT_OCSPCacheSettings(PRInt32 maxCacheEntries,
+                       PRUint32 minimumSecondsToNextFetchAttempt,
+                       PRUint32 maximumSecondsToNextFetchAttempt);
+
+/*
+ * Set the desired behaviour on OCSP failures.
+ * See definition of ocspFailureMode for allowed choices.
+ */
+extern SECStatus
+CERT_SetOCSPFailureMode(SEC_OcspFailureMode ocspFailureMode);
+
+/*
+ * Configure the maximum time NSS will wait for an OCSP response.
+ */
+extern SECStatus
+CERT_SetOCSPTimeout(PRUint32 seconds);
+
+/*
+ * Removes all items currently stored in the OCSP cache.
+ */
+extern SECStatus
+CERT_ClearOCSPCache(void);
+
+/*
+ * FUNCTION: CERT_EnableOCSPChecking
+ *   Turns on OCSP checking for the given certificate database.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Certificate database for which OCSP checking will be enabled.
+ * RETURN:
+ *   Returns SECFailure if an error occurred (likely only problem
+ *   allocating memory); SECSuccess otherwise.
+ */
+extern SECStatus
+CERT_EnableOCSPChecking(CERTCertDBHandle *handle);
+
+/*
+ * FUNCTION: CERT_DisableOCSPChecking
+ *   Turns off OCSP checking for the given certificate database.
+ *   This routine disables OCSP checking.  Though it will return
+ *   SECFailure if OCSP checking is not enabled, it is "safe" to
+ *   call it that way and just ignore the return value, if it is
+ *   easier to just call it than to "remember" whether it is enabled.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Certificate database for which OCSP checking will be disabled.
+ * RETURN:
+ *   Returns SECFailure if an error occurred (usually means that OCSP
+ *   checking was not enabled or status contexts were not initialized --
+ *   error set will be SEC_ERROR_OCSP_NOT_ENABLED); SECSuccess otherwise.
+ */
+extern SECStatus
+CERT_DisableOCSPChecking(CERTCertDBHandle *handle);
+
+/*
+ * FUNCTION: CERT_SetOCSPDefaultResponder
+ *   Specify the location and cert of the default responder.
+ *   If OCSP checking is already enabled *and* use of a default responder
+ *   is also already enabled, all OCSP checking from now on will go directly
+ *   to the specified responder.  If OCSP checking is not enabled, or if
+ *   it is but use of a default responder is not enabled, the information
+ *   will be recorded and take effect whenever both are enabled.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Cert database on which OCSP checking should use the default responder.
+ *   const char *url
+ *     The location of the default responder (e.g. "http://foo.com:80/ocsp")
+ *     Note that the location will not be tested until the first attempt
+ *     to send a request there.
+ *   const char *name
+ *     The nickname of the cert to trust (expected) to sign the OCSP responses.
+ *     If the corresponding cert cannot be found, SECFailure is returned.
+ * RETURN:
+ *   Returns SECFailure if an error occurred; SECSuccess otherwise.
+ *   The most likely error is that the cert for "name" could not be found
+ *   (probably SEC_ERROR_UNKNOWN_CERT).  Other errors are low-level (no memory,
+ *   bad database, etc.).
+ */
+extern SECStatus
+CERT_SetOCSPDefaultResponder(CERTCertDBHandle *handle,
+                             const char *url, const char *name);
+
+/*
+ * FUNCTION: CERT_EnableOCSPDefaultResponder
+ *   Turns on use of a default responder when OCSP checking.
+ *   If OCSP checking is already enabled, this will make subsequent checks
+ *   go directly to the default responder.  (The location of the responder
+ *   and the nickname of the responder cert must already be specified.)
+ *   If OCSP checking is not enabled, this will be recorded and take effect
+ *   whenever it is enabled.
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Cert database on which OCSP checking should use the default responder.
+ * RETURN:
+ *   Returns SECFailure if an error occurred; SECSuccess otherwise.
+ *   No errors are especially likely unless the caller did not previously
+ *   perform a successful call to SetOCSPDefaultResponder (in which case
+ *   the error set will be SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER).
+ */
+extern SECStatus
+CERT_EnableOCSPDefaultResponder(CERTCertDBHandle *handle);
+
+/*
+ * FUNCTION: CERT_DisableOCSPDefaultResponder
+ *   Turns off use of a default responder when OCSP checking.
+ *   (Does nothing if use of a default responder is not enabled.)
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     Cert database on which OCSP checking should stop using a default
+ *     responder.
+ * RETURN:
+ *   Returns SECFailure if an error occurred; SECSuccess otherwise.
+ *   Errors very unlikely (like random memory corruption...).
+ */
+extern SECStatus
+CERT_DisableOCSPDefaultResponder(CERTCertDBHandle *handle);
+
+/* If forcePost is set, OCSP requests will only be sent using the HTTP POST
+ * method. When forcePost is not set, OCSP requests will be sent using the
+ * HTTP GET method, with a fallback to POST when we fail to receive a response
+ * and/or when we receive an uncacheable response like "Unknown."
+ *
+ * The default is to use GET and fallback to POST.
+ */
+extern SECStatus CERT_ForcePostMethodForOCSP(PRBool forcePost);
+
+/*
+ * -------------------------------------------------------
+ * The Functions above are those expected to be used by a client
+ * providing OCSP status checking along with every cert verification.
+ * The functions below are for OCSP testing, debugging, or clients
+ * or servers performing more specialized OCSP tasks.
+ * -------------------------------------------------------
+ */
+
+/*
+ * FUNCTION: CERT_CreateOCSPRequest
+ *   Creates a CERTOCSPRequest, requesting the status of the certs in
+ *   the given list.
+ * INPUTS:
+ *   CERTCertList *certList
+ *     A list of certs for which status will be requested.
+ *     Note that all of these certificates should have the same issuer,
+ *     or it's expected the response will be signed by a trusted responder.
+ *     If the certs need to be broken up into multiple requests, that
+ *     must be handled by the caller (and thus by having multiple calls
+ *     to this routine), who knows about where the request(s) are being
+ *     sent and whether there are any trusted responders in place.
+ *   PRTime time
+ *     Indicates the time for which the certificate status is to be
+ *     determined -- this may be used in the search for the cert's issuer
+ *     but has no effect on the request itself.
+ *   PRBool addServiceLocator
+ *     If true, the Service Locator extension should be added to the
+ *     single request(s) for each cert.
+ *   CERTCertificate *signerCert
+ *     If non-NULL, means sign the request using this cert.  Otherwise,
+ *     do not sign.
+ *     XXX note that request signing is not yet supported; see comment in code
+ * RETURN:
+ *   A pointer to a CERTOCSPRequest structure containing an OCSP request
+ *   for the cert list.  On error, null is returned, with an error set
+ *   indicating the reason.  This is likely SEC_ERROR_UNKNOWN_ISSUER.
+ *   (The issuer is needed to create a request for the certificate.)
+ *   Other errors are low-level problems (no memory, bad database, etc.).
+ */
+extern CERTOCSPRequest *
+CERT_CreateOCSPRequest(CERTCertList *certList, PRTime time,
+                       PRBool addServiceLocator,
+                       CERTCertificate *signerCert);
+
+/*
+ * FUNCTION: CERT_AddOCSPAcceptableResponses
+ *   Add the AcceptableResponses extension to an OCSP Request.
+ * INPUTS:
+ *   CERTOCSPRequest *request
+ *     The request to which the extension should be added.
+ *   SECOidTag responseType0, ...
+ *     A list (of one or more) of SECOidTag -- each of the response types
+ *     to be added.  The last OID *must* be SEC_OID_PKIX_OCSP_BASIC_RESPONSE.
+ *     (This marks the end of the list, and it must be specified because a
+ *     client conforming to the OCSP standard is required to handle the basic
+ *     response type.)  The OIDs are not checked in any way.
+ * RETURN:
+ *   SECSuccess if the extension is added; SECFailure if anything goes wrong.
+ *   All errors are internal or low-level problems (e.g. no memory).
+ */
+extern SECStatus
+CERT_AddOCSPAcceptableResponses(CERTOCSPRequest *request,
+                                SECOidTag responseType0, ...);
+
+/*
+ * FUNCTION: CERT_EncodeOCSPRequest
+ *   DER encodes an OCSP Request, possibly adding a signature as well.
+ *   XXX Signing is not yet supported, however; see comments in code.
+ * INPUTS:
+ *   PLArenaPool *arena
+ *     The return value is allocated from here.
+ *     If a NULL is passed in, allocation is done from the heap instead.
+ *   CERTOCSPRequest *request
+ *     The request to be encoded.
+ *   void *pwArg
+ *     Pointer to argument for password prompting, if needed.  (Definitely
+ *     not needed if not signing.)
+ * RETURN:
+ *   Returns a NULL on error and a pointer to the SECItem with the
+ *   encoded value otherwise.  Any error is likely to be low-level
+ *   (e.g. no memory).
+ */
+extern SECItem *
+CERT_EncodeOCSPRequest(PLArenaPool *arena, CERTOCSPRequest *request,
+                       void *pwArg);
+
+/*
+ * FUNCTION: CERT_DecodeOCSPRequest
+ *   Decode a DER encoded OCSP Request.
+ * INPUTS:
+ *   SECItem *src
+ *     Pointer to a SECItem holding DER encoded OCSP Request.
+ * RETURN:
+ *   Returns a pointer to a CERTOCSPRequest containing the decoded request.
+ *   On error, returns NULL.  Most likely error is trouble decoding
+ *   (SEC_ERROR_OCSP_MALFORMED_REQUEST), or low-level problem (no memory).
+ */
+extern CERTOCSPRequest *
+CERT_DecodeOCSPRequest(const SECItem *src);
+
+/*
+ * FUNCTION: CERT_DestroyOCSPRequest
+ *   Frees an OCSP Request structure.
+ * INPUTS:
+ *   CERTOCSPRequest *request
+ *     Pointer to CERTOCSPRequest to be freed.
+ * RETURN:
+ *   No return value; no errors.
+ */
+extern void
+CERT_DestroyOCSPRequest(CERTOCSPRequest *request);
+
+/*
+ * FUNCTION: CERT_DecodeOCSPResponse
+ *   Decode a DER encoded OCSP Response.
+ * INPUTS:
+ *   SECItem *src
+ *     Pointer to a SECItem holding DER encoded OCSP Response.
+ * RETURN:
+ *   Returns a pointer to a CERTOCSPResponse (the decoded OCSP Response);
+ *   the caller is responsible for destroying it.  Or NULL if error (either
+ *   response could not be decoded (SEC_ERROR_OCSP_MALFORMED_RESPONSE),
+ *   it was of an unexpected type (SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE),
+ *   or a low-level or internal error occurred).
+ */
+extern CERTOCSPResponse *
+CERT_DecodeOCSPResponse(const SECItem *src);
+
+/*
+ * FUNCTION: CERT_DestroyOCSPResponse
+ *   Frees an OCSP Response structure.
+ * INPUTS:
+ *   CERTOCSPResponse *request
+ *     Pointer to CERTOCSPResponse to be freed.
+ * RETURN:
+ *   No return value; no errors.
+ */
+extern void
+CERT_DestroyOCSPResponse(CERTOCSPResponse *response);
+
+/*
+ * FUNCTION: CERT_GetEncodedOCSPResponse
+ *   Creates and sends a request to an OCSP responder, then reads and
+ *   returns the (encoded) response.
+ * INPUTS:
+ *   PLArenaPool *arena
+ *     Pointer to arena from which return value will be allocated.
+ *     If NULL, result will be allocated from the heap (and thus should
+ *     be freed via SECITEM_FreeItem).
+ *   CERTCertList *certList
+ *     A list of certs for which status will be requested.
+ *     Note that all of these certificates should have the same issuer,
+ *     or it's expected the response will be signed by a trusted responder.
+ *     If the certs need to be broken up into multiple requests, that
+ *     must be handled by the caller (and thus by having multiple calls
+ *     to this routine), who knows about where the request(s) are being
+ *     sent and whether there are any trusted responders in place.
+ *   const char *location
+ *     The location of the OCSP responder (a URL).
+ *   PRTime time
+ *     Indicates the time for which the certificate status is to be
+ *     determined -- this may be used in the search for the cert's issuer
+ *     but has no other bearing on the operation.
+ *   PRBool addServiceLocator
+ *     If true, the Service Locator extension should be added to the
+ *     single request(s) for each cert.
+ *   CERTCertificate *signerCert
+ *     If non-NULL, means sign the request using this cert.  Otherwise,
+ *     do not sign.
+ *   void *pwArg
+ *     Pointer to argument for password prompting, if needed.  (Definitely
+ *     not needed if not signing.)
+ * OUTPUTS:
+ *   CERTOCSPRequest **pRequest
+ *     Pointer in which to store the OCSP request created for the given
+ *     list of certificates.  It is only filled in if the entire operation
+ *     is successful and the pointer is not null -- and in that case the
+ *     caller is then reponsible for destroying it.
+ * RETURN:
+ *   Returns a pointer to the SECItem holding the response.
+ *   On error, returns null with error set describing the reason:
+ *	SEC_ERROR_UNKNOWN_ISSUER
+ *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
+ *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
+ *   Other errors are low-level problems (no memory, bad database, etc.).
+ */
+extern SECItem *
+CERT_GetEncodedOCSPResponse(PLArenaPool *arena, CERTCertList *certList,
+                            const char *location, PRTime time,
+                            PRBool addServiceLocator,
+                            CERTCertificate *signerCert, void *pwArg,
+                            CERTOCSPRequest **pRequest);
+
+/*
+ * FUNCTION: CERT_VerifyOCSPResponseSignature
+ *   Check the signature on an OCSP Response.  Will also perform a
+ *   verification of the signer's certificate.  Note, however, that a
+ *   successful verification does not make any statement about the
+ *   signer's *authority* to provide status for the certificate(s),
+ *   that must be checked individually for each certificate.
+ * INPUTS:
+ *   CERTOCSPResponse *response
+ *     Pointer to response structure with signature to be checked.
+ *   CERTCertDBHandle *handle
+ *     Pointer to CERTCertDBHandle for certificate DB to use for verification.
+ *   void *pwArg
+ *     Pointer to argument for password prompting, if needed.
+ *   CERTCertificate *issuerCert
+ *     Issuer of the certificate that generated the OCSP request.
+ * OUTPUTS:
+ *   CERTCertificate **pSignerCert
+ *     Pointer in which to store signer's certificate; only filled-in if
+ *     non-null.
+ * RETURN:
+ *   Returns SECSuccess when signature is valid, anything else means invalid.
+ *   Possible errors set:
+ *	SEC_ERROR_OCSP_MALFORMED_RESPONSE - unknown type of ResponderID
+ *	SEC_ERROR_INVALID_TIME - bad format of "ProducedAt" time
+ *	SEC_ERROR_UNKNOWN_SIGNER - signer's cert could not be found
+ *	SEC_ERROR_BAD_SIGNATURE - the signature did not verify
+ *   Other errors are any of the many possible failures in cert verification
+ *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
+ *   verifying the signer's cert, or low-level problems (no memory, etc.)
+ */
+extern SECStatus
+CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
+                                 CERTCertDBHandle *handle, void *pwArg,
+                                 CERTCertificate **pSignerCert,
+                                 CERTCertificate *issuerCert);
+
+/*
+ * FUNCTION: CERT_GetOCSPAuthorityInfoAccessLocation
+ *   Get the value of the URI of the OCSP responder for the given cert.
+ *   This is found in the (optional) Authority Information Access extension
+ *   in the cert.
+ * INPUTS:
+ *   CERTCertificate *cert
+ *     The certificate being examined.
+ * RETURN:
+ *   char *
+ *     A copy of the URI for the OCSP method, if found.  If either the
+ *     extension is not present or it does not contain an entry for OCSP,
+ *     SEC_ERROR_EXTENSION_NOT_FOUND will be set and a NULL returned.
+ *     Any other error will also result in a NULL being returned.
+ *
+ *     This result should be freed (via PORT_Free) when no longer in use.
+ */
+extern char *
+CERT_GetOCSPAuthorityInfoAccessLocation(const CERTCertificate *cert);
+
+/*
+ * FUNCTION: CERT_RegisterAlternateOCSPAIAInfoCallBack
+ *   This function serves two purposes.
+ *   1) It registers the address of a callback function that will be
+ *   called for certs that have no OCSP AIA extension, to see if the
+ *   callback wishes to supply an alternative URL for such an OCSP inquiry.
+ *   2) It outputs the previously registered function's address to the
+ *   address supplied by the caller, unless that is NULL.
+ *   The registered callback function returns NULL, or an allocated string
+ *   that may be subsequently freed by calling PORT_Free().
+ * RETURN:
+ *   SECSuccess or SECFailure (if the library is not yet intialized)
+ */
+extern SECStatus
+CERT_RegisterAlternateOCSPAIAInfoCallBack(
+    CERT_StringFromCertFcn newCallback,
+    CERT_StringFromCertFcn *oldCallback);
+
+/*
+ * FUNCTION: CERT_ParseURL
+ *   Parse a URI into hostname, port, and path.  The scheme in the URI must
+ *   be "http".
+ * INPUTS:
+ *   const char *url
+ *     The URI to be parsed
+ * OUTPUTS:
+ *   char **pHostname
+ *     Pointer to store the hostname obtained from the URI.
+ *     This result should be freed (via PORT_Free) when no longer in use.
+ *   PRUint16 *pPort
+ *     Pointer to store the port number obtained from the URI.
+ *   char **pPath
+ *     Pointer to store the path obtained from the URI.
+ *     This result should be freed (via PORT_Free) when no longer in use.
+ * RETURN:
+ *   Returns SECSuccess when parsing was successful. Returns SECFailure when
+ *   problems were encountered.
+ */
+extern SECStatus
+CERT_ParseURL(const char *url, char **pHostname, PRUint16 *pPort, char **pPath);
+
+/*
+ * FUNCTION: CERT_CheckOCSPStatus
+ *   Checks the status of a certificate via OCSP.  Will only check status for
+ *   a certificate that has an AIA (Authority Information Access) extension
+ *   for OCSP *or* when a "default responder" is specified and enabled.
+ *   (If no AIA extension for OCSP and no default responder in place, the
+ *   cert is considered to have a good status and SECSuccess is returned.)
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     certificate DB of the cert that is being checked
+ *   CERTCertificate *cert
+ *     the certificate being checked
+ *   XXX in the long term also need a boolean parameter that specifies
+ *	whether to check the cert chain, as well; for now we check only
+ *	the leaf (the specified certificate)
+ *   PRTime time
+ *     time for which status is to be determined
+ *   void *pwArg
+ *     argument for password prompting, if needed
+ * RETURN:
+ *   Returns SECSuccess if an approved OCSP responder "knows" the cert
+ *   *and* returns a non-revoked status for it; SECFailure otherwise,
+ *   with an error set describing the reason:
+ *
+ *	SEC_ERROR_OCSP_BAD_HTTP_RESPONSE
+ *	SEC_ERROR_OCSP_FUTURE_RESPONSE
+ *	SEC_ERROR_OCSP_MALFORMED_REQUEST
+ *	SEC_ERROR_OCSP_MALFORMED_RESPONSE
+ *	SEC_ERROR_OCSP_OLD_RESPONSE
+ *	SEC_ERROR_OCSP_REQUEST_NEEDS_SIG
+ *	SEC_ERROR_OCSP_SERVER_ERROR
+ *	SEC_ERROR_OCSP_TRY_SERVER_LATER
+ *	SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
+ *	SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
+ *	SEC_ERROR_OCSP_UNKNOWN_CERT
+ *	SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS
+ *	SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE
+ *
+ *	SEC_ERROR_BAD_SIGNATURE
+ *	SEC_ERROR_CERT_BAD_ACCESS_LOCATION
+ *	SEC_ERROR_INVALID_TIME
+ *	SEC_ERROR_REVOKED_CERTIFICATE
+ *	SEC_ERROR_UNKNOWN_ISSUER
+ *	SEC_ERROR_UNKNOWN_SIGNER
+ *
+ *   Other errors are any of the many possible failures in cert verification
+ *   (e.g. SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_UNTRUSTED_ISSUER) when
+ *   verifying the signer's cert, or low-level problems (error allocating
+ *   memory, error performing ASN.1 decoding, etc.).
+ */
+extern SECStatus
+CERT_CheckOCSPStatus(CERTCertDBHandle *handle, CERTCertificate *cert,
+                     PRTime time, void *pwArg);
+
+/*
+ * FUNCTION: CERT_CacheOCSPResponseFromSideChannel
+ *   First, this function checks the OCSP cache to see if a good response
+ *   for the given certificate already exists. If it does, then the function
+ *   returns successfully.
+ *
+ *   If not, then it validates that the given OCSP response is a valid,
+ *   good response for the given certificate and inserts it into the
+ *   cache.
+ *
+ *   This function is intended for use when OCSP responses are provided via a
+ *   side-channel, i.e. TLS OCSP stapling (a.k.a. the status_request extension).
+ *
+ * INPUTS:
+ *   CERTCertDBHandle *handle
+ *     certificate DB of the cert that is being checked
+ *   CERTCertificate *cert
+ *     the certificate being checked
+ *   PRTime time
+ *     time for which status is to be determined
+ *   SECItem *encodedResponse
+ *     the DER encoded bytes of the OCSP response
+ *   void *pwArg
+ *     argument for password prompting, if needed
+ * RETURN:
+ *   SECSuccess if the cert was found in the cache, or if the OCSP response was
+ *   found to be valid and inserted into the cache. SECFailure otherwise.
+ */
+extern SECStatus
+CERT_CacheOCSPResponseFromSideChannel(CERTCertDBHandle *handle,
+                                      CERTCertificate *cert,
+                                      PRTime time,
+                                      const SECItem *encodedResponse,
+                                      void *pwArg);
+
+/*
+ * FUNCTION: CERT_GetOCSPStatusForCertID
+ *  Returns the OCSP status contained in the passed in parameter response
+ *  that corresponds to the certID passed in.
+ * INPUTS:
+ *  CERTCertDBHandle *handle
+ *    certificate DB of the cert that is being checked
+ *  CERTOCSPResponse *response
+ *    the OCSP response we want to retrieve status from.
+ *  CERTOCSPCertID *certID
+ *    the ID we want to look for from the response.
+ *  CERTCertificate *signerCert
+ *    the certificate that was used to sign the OCSP response.
+ *    must be obtained via a call to CERT_VerifyOCSPResponseSignature.
+ *  PRTime time
+ *    The time at which we're checking the status for.
+ *  RETURN:
+ *    Return values are the same as those for CERT_CheckOCSPStatus
+ */
+extern SECStatus
+CERT_GetOCSPStatusForCertID(CERTCertDBHandle *handle,
+                            CERTOCSPResponse *response,
+                            CERTOCSPCertID *certID,
+                            CERTCertificate *signerCert,
+                            PRTime time);
+
+/*
+ * FUNCTION CERT_GetOCSPResponseStatus
+ *   Returns the response status for the response passed.
+ * INPUTS:
+ *   CERTOCSPResponse *response
+ *     The response to query for status
+ *  RETURN:
+ *    Returns SECSuccess if the response has a successful status value.
+ *    Otherwise it returns SECFailure and sets one of the following error
+ *    codes via PORT_SetError
+ *        SEC_ERROR_OCSP_MALFORMED_REQUEST
+ *        SEC_ERROR_OCSP_SERVER_ERROR
+ *        SEC_ERROR_OCSP_TRY_SERVER_LATER
+ *        SEC_ERROR_OCSP_REQUEST_NEEDS_SIG
+ *        SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
+ *        SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS
+ */
+extern SECStatus
+CERT_GetOCSPResponseStatus(CERTOCSPResponse *response);
+
+/*
+ * FUNCTION CERT_CreateOCSPCertID
+ *  Returns the OCSP certID for the certificate passed in.
+ * INPUTS:
+ *  CERTCertificate *cert
+ *    The certificate for which to create the certID for.
+ *  PRTime time
+ *    The time at which the id is requested for.  This is used
+ *    to determine the appropriate issuer for the cert since
+ *    the issuing CA may be an older expired certificate.
+ *  RETURN:
+ *    A new copy of a CERTOCSPCertID*.  The memory for this certID
+ *    should be freed by calling CERT_DestroyOCSPCertID when the
+ *    certID is no longer necessary.
+ */
+extern CERTOCSPCertID *
+CERT_CreateOCSPCertID(CERTCertificate *cert, PRTime time);
+
+/*
+ * FUNCTION: CERT_DestroyOCSPCertID
+ *  Frees the memory associated with the certID passed in.
+ * INPUTS:
+ *  CERTOCSPCertID* certID
+ *    The certID that the caller no longer needs and wants to
+ *    free the associated memory.
+ * RETURN:
+ *  SECSuccess if freeing the memory was successful.  Returns
+ *  SECFailure if the memory passed in was not allocated with
+ *  a call to CERT_CreateOCSPCertID.
+ */
+extern SECStatus
+CERT_DestroyOCSPCertID(CERTOCSPCertID *certID);
+
+extern CERTOCSPSingleResponse *
+CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
+                                  CERTOCSPCertID *id,
+                                  PRTime thisUpdate,
+                                  const PRTime *nextUpdate);
+
+extern CERTOCSPSingleResponse *
+CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
+                                     CERTOCSPCertID *id,
+                                     PRTime thisUpdate,
+                                     const PRTime *nextUpdate);
+
+extern CERTOCSPSingleResponse *
+CERT_CreateOCSPSingleResponseRevoked(
+    PLArenaPool *arena,
+    CERTOCSPCertID *id,
+    PRTime thisUpdate,
+    const PRTime *nextUpdate,
+    PRTime revocationTime,
+    const CERTCRLEntryReasonCode *revocationReason);
+
+extern SECItem *
+CERT_CreateEncodedOCSPSuccessResponse(
+    PLArenaPool *arena,
+    CERTCertificate *responderCert,
+    CERTOCSPResponderIDType responderIDType,
+    PRTime producedAt,
+    CERTOCSPSingleResponse **responses,
+    void *wincx);
+
+/*
+ * FUNCTION: CERT_CreateEncodedOCSPErrorResponse
+ *  Creates an encoded OCSP response with an error response status.
+ * INPUTS:
+ *  PLArenaPool *arena
+ *    The return value is allocated from here.
+ *    If a NULL is passed in, allocation is done from the heap instead.
+ *  int error
+ *    An NSS error code indicating an error response status. The error
+ *    code is mapped to an OCSP response status as follows:
+ *        SEC_ERROR_OCSP_MALFORMED_REQUEST -> malformedRequest
+ *        SEC_ERROR_OCSP_SERVER_ERROR -> internalError
+ *        SEC_ERROR_OCSP_TRY_SERVER_LATER -> tryLater
+ *        SEC_ERROR_OCSP_REQUEST_NEEDS_SIG -> sigRequired
+ *        SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST -> unauthorized
+ *    where the OCSP response status is an enumerated type defined in
+ *    RFC 2560:
+ *    OCSPResponseStatus ::= ENUMERATED {
+ *        successful           (0),     --Response has valid confirmations
+ *        malformedRequest     (1),     --Illegal confirmation request
+ *        internalError        (2),     --Internal error in issuer
+ *        tryLater             (3),     --Try again later
+ *                                      --(4) is not used
+ *        sigRequired          (5),     --Must sign the request
+ *        unauthorized         (6)      --Request unauthorized
+ *    }
+ * RETURN:
+ *   Returns a pointer to the SECItem holding the response.
+ *   On error, returns null with error set describing the reason:
+ *	SEC_ERROR_INVALID_ARGS
+ *   Other errors are low-level problems (no memory, bad database, etc.).
+ */
+extern SECItem *
+CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error);
+
+/* Sends an OCSP request using the HTTP POST method to the location addressed
+ * by the URL in |location| parameter. The request body will be
+ * |encodedRequest|, which must be a valid encoded OCSP request. On success,
+ * the server's response is returned and the caller must free it using
+ * SECITEM_FreeItem. On failure, NULL is returned. No parsing or validation of
+ * the HTTP response is done.
+ *
+ * If a default HTTP client has been registered with
+ * SEC_RegisterDefaultHttpClient then that client is used. Otherwise, an
+ * internal HTTP client is used.
+ */
+SECItem *CERT_PostOCSPRequest(PLArenaPool *arena, const char *location,
+                              const SECItem *encodedRequest);
+
+/************************************************************************/
+SEC_END_PROTOS
+
+#endif /* _OCSP_H_ */
diff --git a/nss/lib/certhigh/ocspi.h b/nss/lib/certhigh/ocspi.h
new file mode 100644
index 0000000..c946d9f
--- /dev/null
+++ b/nss/lib/certhigh/ocspi.h
@@ -0,0 +1,166 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * ocspi.h - NSS internal interfaces to OCSP code
+ */
+
+#ifndef _OCSPI_H_
+#define _OCSPI_H_
+
+SECStatus OCSP_InitGlobal(void);
+SECStatus OCSP_ShutdownGlobal(void);
+
+ocspResponseData *
+ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER);
+
+ocspSignature *
+ocsp_GetResponseSignature(CERTOCSPResponse *response);
+
+SECItem *
+ocsp_DigestValue(PLArenaPool *arena, SECOidTag digestAlg,
+                 SECItem *fill, const SECItem *src);
+
+PRBool
+ocsp_CertIsOCSPDefaultResponder(CERTCertDBHandle *handle, CERTCertificate *cert);
+
+CERTCertificate *
+ocsp_GetSignerCertificate(CERTCertDBHandle *handle, ocspResponseData *tbsData,
+                          ocspSignature *signature, CERTCertificate *issuer);
+
+SECStatus
+ocsp_VerifyResponseSignature(CERTCertificate *signerCert,
+                             ocspSignature *signature,
+                             SECItem *tbsResponseDataDER,
+                             void *pwArg);
+
+CERTOCSPRequest *
+cert_CreateSingleCertOCSPRequest(CERTOCSPCertID *certID,
+                                 CERTCertificate *singleCert,
+                                 PRTime time,
+                                 PRBool addServiceLocator,
+                                 CERTCertificate *signerCert);
+
+typedef enum { ocspMissing,
+               ocspFresh,
+               ocspStale } OCSPFreshness;
+
+SECStatus
+ocsp_GetCachedOCSPResponseStatus(CERTOCSPCertID *certID,
+                                 PRTime time,
+                                 PRBool ignoreOcspFailureMode,
+                                 SECStatus *rvOcsp,
+                                 SECErrorCodes *missingResponseError,
+                                 OCSPFreshness *freshness);
+
+/*
+ * FUNCTION: cert_ProcessOCSPResponse
+ *  Same behavior and basic parameters as CERT_GetOCSPStatusForCertID.
+ *  In addition it can update the OCSP cache (using information
+ *  available internally to this function).
+ * INPUTS:
+ *  CERTCertDBHandle *handle
+ *    certificate DB of the cert that is being checked
+ *  CERTOCSPResponse *response
+ *    the OCSP response we want to retrieve status from.
+ *  CERTOCSPCertID *certID
+ *    the ID we want to look for from the response.
+ *  CERTCertificate *signerCert
+ *    the certificate that was used to sign the OCSP response.
+ *    must be obtained via a call to CERT_VerifyOCSPResponseSignature.
+ *  PRTime time
+ *    The time at which we're checking the status for.
+ *  PRBool *certIDWasConsumed
+ *    In and Out parameter.
+ *    If certIDWasConsumed is NULL on input,
+ *    this function might produce a deep copy of cert ID
+ *    for storing it in the cache.
+ *    If out value is true, ownership of parameter certID was
+ *    transferred to the OCSP cache.
+ *  SECStatus *cacheUpdateStatus
+ *    This optional out parameter will contain the result
+ *    of the cache update operation (if requested).
+ *  RETURN:
+ *    The return value is not influenced by the cache operation,
+ *    it matches the documentation for CERT_CheckOCSPStatus
+ */
+
+SECStatus
+cert_ProcessOCSPResponse(CERTCertDBHandle *handle,
+                         CERTOCSPResponse *response,
+                         CERTOCSPCertID *certID,
+                         CERTCertificate *signerCert,
+                         PRTime time,
+                         PRBool *certIDWasConsumed,
+                         SECStatus *cacheUpdateStatus);
+
+/*
+ * FUNCTION: cert_RememberOCSPProcessingFailure
+ *  If an application notices a failure during OCSP processing,
+ *  it should finally call this function. The failure will be recorded
+ *  in the OCSP cache in order to avoid repetitive failures.
+ * INPUTS:
+ *  CERTOCSPCertID *certID
+ *    the ID that was used for the failed OCSP processing
+ *  PRBool *certIDWasConsumed
+ *    Out parameter, if set to true, ownership of parameter certID was
+ *    transferred to the OCSP cache.
+ *  RETURN:
+ *    Status of the cache update operation.
+ */
+
+SECStatus
+cert_RememberOCSPProcessingFailure(CERTOCSPCertID *certID,
+                                   PRBool *certIDWasConsumed);
+
+/*
+ * FUNCTION: ocsp_GetResponderLocation
+ *  Check ocspx context for user-designated responder URI first. If not
+ *  found, checks cert AIA extension.
+ * INPUTS:
+ *  CERTCertDBHandle *handle
+ *    certificate DB of the cert that is being checked
+ *  CERTCertificate *cert
+ *     The certificate being examined.
+ *  PRBool *certIDWasConsumed
+ *    Out parameter, if set to true, URI of default responder is
+ *    returned.
+ *  RETURN:
+ *    Responder URI.
+ */
+char *
+ocsp_GetResponderLocation(CERTCertDBHandle *handle,
+                          CERTCertificate *cert,
+                          PRBool canUseDefaultLocation,
+                          PRBool *isDefault);
+
+/* FUNCTION: ocsp_FetchingFailureIsVerificationFailure
+ * The function checks the global ocsp settings and
+ * tells how to treat an ocsp response fetching failure.
+ * RETURNS:
+ *   if PR_TRUE is returned, then treat fetching as a
+ *   revoked cert status.
+ */
+PRBool
+ocsp_FetchingFailureIsVerificationFailure(void);
+
+size_t
+ocsp_UrlEncodeBase64Buf(const char *base64Buf, char *outputBuf);
+
+SECStatus
+ocsp_GetVerifiedSingleResponseForCertID(CERTCertDBHandle *handle,
+                                        CERTOCSPResponse *response,
+                                        CERTOCSPCertID *certID,
+                                        CERTCertificate *signerCert,
+                                        PRTime time,
+                                        CERTOCSPSingleResponse **pSingleResponse);
+
+SECStatus
+ocsp_CertHasGoodStatus(ocspCertStatus *status, PRTime time);
+
+void
+ocsp_CacheSingleResponse(CERTOCSPCertID *certID,
+                         CERTOCSPSingleResponse *single,
+                         PRBool *certIDWasConsumed);
+
+#endif /* _OCSPI_H_ */
diff --git a/nss/lib/certhigh/ocspsig.c b/nss/lib/certhigh/ocspsig.c
new file mode 100644
index 0000000..94606ba
--- /dev/null
+++ b/nss/lib/certhigh/ocspsig.c
@@ -0,0 +1,597 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plarena.h"
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "cert.h"
+#include "secerr.h"
+#include "secoid.h"
+#include "sechash.h"
+#include "keyhi.h"
+#include "cryptohi.h"
+#include "ocsp.h"
+#include "ocspti.h"
+#include "ocspi.h"
+#include "pk11pub.h"
+
+extern const SEC_ASN1Template ocsp_ResponderIDByNameTemplate[];
+extern const SEC_ASN1Template ocsp_ResponderIDByKeyTemplate[];
+extern const SEC_ASN1Template ocsp_OCSPResponseTemplate[];
+
+ocspCertStatus *
+ocsp_CreateCertStatus(PLArenaPool *arena,
+                      ocspCertStatusType status,
+                      PRTime revocationTime)
+{
+    ocspCertStatus *cs;
+
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    switch (status) {
+        case ocspCertStatus_good:
+        case ocspCertStatus_unknown:
+        case ocspCertStatus_revoked:
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return NULL;
+    }
+
+    cs = PORT_ArenaZNew(arena, ocspCertStatus);
+    if (!cs)
+        return NULL;
+    cs->certStatusType = status;
+    switch (status) {
+        case ocspCertStatus_good:
+            cs->certStatusInfo.goodInfo = SECITEM_AllocItem(arena, NULL, 0);
+            if (!cs->certStatusInfo.goodInfo)
+                return NULL;
+            break;
+        case ocspCertStatus_unknown:
+            cs->certStatusInfo.unknownInfo = SECITEM_AllocItem(arena, NULL, 0);
+            if (!cs->certStatusInfo.unknownInfo)
+                return NULL;
+            break;
+        case ocspCertStatus_revoked:
+            cs->certStatusInfo.revokedInfo =
+                PORT_ArenaZNew(arena, ocspRevokedInfo);
+            if (!cs->certStatusInfo.revokedInfo)
+                return NULL;
+            cs->certStatusInfo.revokedInfo->revocationReason =
+                SECITEM_AllocItem(arena, NULL, 0);
+            if (!cs->certStatusInfo.revokedInfo->revocationReason)
+                return NULL;
+            if (DER_TimeToGeneralizedTimeArena(arena,
+                                               &cs->certStatusInfo.revokedInfo->revocationTime,
+                                               revocationTime) !=
+                SECSuccess)
+                return NULL;
+            break;
+        default:
+            PORT_Assert(PR_FALSE);
+    }
+    return cs;
+}
+
+static const SEC_ASN1Template mySEC_EnumeratedTemplate[] = {
+    { SEC_ASN1_ENUMERATED, 0, NULL, sizeof(SECItem) }
+};
+
+static const SEC_ASN1Template mySEC_PointerToEnumeratedTemplate[] = {
+    { SEC_ASN1_POINTER, 0, mySEC_EnumeratedTemplate }
+};
+
+static const SEC_ASN1Template ocsp_EncodeRevokedInfoTemplate[] = {
+    { SEC_ASN1_GENERALIZED_TIME,
+      offsetof(ocspRevokedInfo, revocationTime) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(ocspRevokedInfo, revocationReason),
+      mySEC_PointerToEnumeratedTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template ocsp_PointerToEncodeRevokedInfoTemplate[] = {
+    { SEC_ASN1_POINTER, 0,
+      ocsp_EncodeRevokedInfoTemplate }
+};
+
+static const SEC_ASN1Template mySEC_NullTemplate[] = {
+    { SEC_ASN1_NULL, 0, NULL, sizeof(SECItem) }
+};
+
+static const SEC_ASN1Template ocsp_CertStatusTemplate[] = {
+    { SEC_ASN1_CHOICE, offsetof(ocspCertStatus, certStatusType),
+      0, sizeof(ocspCertStatus) },
+    { SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      0, mySEC_NullTemplate, ocspCertStatus_good },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(ocspCertStatus, certStatusInfo.revokedInfo),
+      ocsp_PointerToEncodeRevokedInfoTemplate, ocspCertStatus_revoked },
+    { SEC_ASN1_CONTEXT_SPECIFIC | 2,
+      0, mySEC_NullTemplate, ocspCertStatus_unknown },
+    { 0 }
+};
+
+static const SEC_ASN1Template mySECOID_AlgorithmIDTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SECAlgorithmID) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(SECAlgorithmID, algorithm) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
+      offsetof(SECAlgorithmID, parameters) },
+    { 0 }
+};
+
+static const SEC_ASN1Template mySEC_AnyTemplate[] = {
+    { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+static const SEC_ASN1Template mySEC_SequenceOfAnyTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, mySEC_AnyTemplate }
+};
+
+static const SEC_ASN1Template mySEC_PointerToSequenceOfAnyTemplate[] = {
+    { SEC_ASN1_POINTER, 0, mySEC_SequenceOfAnyTemplate }
+};
+
+static const SEC_ASN1Template mySEC_IntegerTemplate[] = {
+    { SEC_ASN1_INTEGER, 0, NULL, sizeof(SECItem) }
+};
+
+static const SEC_ASN1Template mySEC_PointerToIntegerTemplate[] = {
+    { SEC_ASN1_POINTER, 0, mySEC_IntegerTemplate }
+};
+
+static const SEC_ASN1Template mySEC_GeneralizedTimeTemplate[] = {
+    { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+static const SEC_ASN1Template mySEC_PointerToGeneralizedTimeTemplate[] = {
+    { SEC_ASN1_POINTER, 0, mySEC_GeneralizedTimeTemplate }
+};
+
+static const SEC_ASN1Template ocsp_myCertIDTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTOCSPCertID) },
+    { SEC_ASN1_INLINE,
+      offsetof(CERTOCSPCertID, hashAlgorithm),
+      mySECOID_AlgorithmIDTemplate },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(CERTOCSPCertID, issuerNameHash) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(CERTOCSPCertID, issuerKeyHash) },
+    { SEC_ASN1_INTEGER,
+      offsetof(CERTOCSPCertID, serialNumber) },
+    { 0 }
+};
+
+static const SEC_ASN1Template myCERT_CertExtensionTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTCertExtension) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(CERTCertExtension, id) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN, /* XXX DER_DEFAULT */
+      offsetof(CERTCertExtension, critical) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(CERTCertExtension, value) },
+    { 0 }
+};
+
+static const SEC_ASN1Template myCERT_SequenceOfCertExtensionTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, myCERT_CertExtensionTemplate }
+};
+
+static const SEC_ASN1Template myCERT_PointerToSequenceOfCertExtensionTemplate[] = {
+    { SEC_ASN1_POINTER, 0, myCERT_SequenceOfCertExtensionTemplate }
+};
+
+static const SEC_ASN1Template ocsp_mySingleResponseTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTOCSPSingleResponse) },
+    { SEC_ASN1_POINTER,
+      offsetof(CERTOCSPSingleResponse, certID),
+      ocsp_myCertIDTemplate },
+    { SEC_ASN1_ANY,
+      offsetof(CERTOCSPSingleResponse, derCertStatus) },
+    { SEC_ASN1_GENERALIZED_TIME,
+      offsetof(CERTOCSPSingleResponse, thisUpdate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(CERTOCSPSingleResponse, nextUpdate),
+      mySEC_PointerToGeneralizedTimeTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(CERTOCSPSingleResponse, singleExtensions),
+      myCERT_PointerToSequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template ocsp_myResponseDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspResponseData) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | /* XXX DER_DEFAULT */
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(ocspResponseData, version),
+      mySEC_PointerToIntegerTemplate },
+    { SEC_ASN1_ANY,
+      offsetof(ocspResponseData, derResponderID) },
+    { SEC_ASN1_GENERALIZED_TIME,
+      offsetof(ocspResponseData, producedAt) },
+    { SEC_ASN1_SEQUENCE_OF,
+      offsetof(ocspResponseData, responses),
+      ocsp_mySingleResponseTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(ocspResponseData, responseExtensions),
+      myCERT_PointerToSequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template ocsp_EncodeBasicOCSPResponseTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ocspBasicOCSPResponse) },
+    { SEC_ASN1_POINTER,
+      offsetof(ocspBasicOCSPResponse, tbsResponseData),
+      ocsp_myResponseDataTemplate },
+    { SEC_ASN1_INLINE,
+      offsetof(ocspBasicOCSPResponse, responseSignature.signatureAlgorithm),
+      mySECOID_AlgorithmIDTemplate },
+    { SEC_ASN1_BIT_STRING,
+      offsetof(ocspBasicOCSPResponse, responseSignature.signature) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(ocspBasicOCSPResponse, responseSignature.derCerts),
+      mySEC_PointerToSequenceOfAnyTemplate },
+    { 0 }
+};
+
+static CERTOCSPSingleResponse *
+ocsp_CreateSingleResponse(PLArenaPool *arena,
+                          CERTOCSPCertID *id, ocspCertStatus *status,
+                          PRTime thisUpdate, const PRTime *nextUpdate)
+{
+    CERTOCSPSingleResponse *sr;
+
+    if (!arena || !id || !status) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    sr = PORT_ArenaZNew(arena, CERTOCSPSingleResponse);
+    if (!sr)
+        return NULL;
+    sr->arena = arena;
+    sr->certID = id;
+    sr->certStatus = status;
+    if (DER_TimeToGeneralizedTimeArena(arena, &sr->thisUpdate, thisUpdate) !=
+        SECSuccess)
+        return NULL;
+    sr->nextUpdate = NULL;
+    if (nextUpdate) {
+        sr->nextUpdate = SECITEM_AllocItem(arena, NULL, 0);
+        if (!sr->nextUpdate)
+            return NULL;
+        if (DER_TimeToGeneralizedTimeArena(arena, sr->nextUpdate, *nextUpdate) !=
+            SECSuccess)
+            return NULL;
+    }
+
+    sr->singleExtensions = PORT_ArenaNewArray(arena, CERTCertExtension *, 1);
+    if (!sr->singleExtensions)
+        return NULL;
+
+    sr->singleExtensions[0] = NULL;
+
+    if (!SEC_ASN1EncodeItem(arena, &sr->derCertStatus,
+                            status, ocsp_CertStatusTemplate))
+        return NULL;
+
+    return sr;
+}
+
+CERTOCSPSingleResponse *
+CERT_CreateOCSPSingleResponseGood(PLArenaPool *arena,
+                                  CERTOCSPCertID *id,
+                                  PRTime thisUpdate,
+                                  const PRTime *nextUpdate)
+{
+    ocspCertStatus *cs;
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    cs = ocsp_CreateCertStatus(arena, ocspCertStatus_good, 0);
+    if (!cs)
+        return NULL;
+    return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
+}
+
+CERTOCSPSingleResponse *
+CERT_CreateOCSPSingleResponseUnknown(PLArenaPool *arena,
+                                     CERTOCSPCertID *id,
+                                     PRTime thisUpdate,
+                                     const PRTime *nextUpdate)
+{
+    ocspCertStatus *cs;
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    cs = ocsp_CreateCertStatus(arena, ocspCertStatus_unknown, 0);
+    if (!cs)
+        return NULL;
+    return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
+}
+
+CERTOCSPSingleResponse *
+CERT_CreateOCSPSingleResponseRevoked(
+    PLArenaPool *arena,
+    CERTOCSPCertID *id,
+    PRTime thisUpdate,
+    const PRTime *nextUpdate,
+    PRTime revocationTime,
+    const CERTCRLEntryReasonCode *revocationReason)
+{
+    ocspCertStatus *cs;
+    /* revocationReason is not yet supported, so it must be NULL. */
+    if (!arena || revocationReason) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    cs = ocsp_CreateCertStatus(arena, ocspCertStatus_revoked, revocationTime);
+    if (!cs)
+        return NULL;
+    return ocsp_CreateSingleResponse(arena, id, cs, thisUpdate, nextUpdate);
+}
+
+/* responderCert == 0 means:
+ * create a response with an invalid signature (for testing purposes) */
+SECItem *
+CERT_CreateEncodedOCSPSuccessResponse(
+    PLArenaPool *arena,
+    CERTCertificate *responderCert,
+    CERTOCSPResponderIDType responderIDType,
+    PRTime producedAt,
+    CERTOCSPSingleResponse **responses,
+    void *wincx)
+{
+    PLArenaPool *tmpArena;
+    ocspResponseData *rd = NULL;
+    ocspResponderID *rid = NULL;
+    const SEC_ASN1Template *responderIDTemplate = NULL;
+    ocspBasicOCSPResponse *br = NULL;
+    ocspResponseBytes *rb = NULL;
+    CERTOCSPResponse *response = NULL;
+
+    SECOidTag algID;
+    SECOidData *od = NULL;
+    SECKEYPrivateKey *privKey = NULL;
+    SECItem *result = NULL;
+
+    if (!arena || !responses) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    if (responderIDType != ocspResponderID_byName &&
+        responderIDType != ocspResponderID_byKey) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!tmpArena)
+        return NULL;
+
+    rd = PORT_ArenaZNew(tmpArena, ocspResponseData);
+    if (!rd)
+        goto done;
+    rid = PORT_ArenaZNew(tmpArena, ocspResponderID);
+    if (!rid)
+        goto done;
+    br = PORT_ArenaZNew(tmpArena, ocspBasicOCSPResponse);
+    if (!br)
+        goto done;
+    rb = PORT_ArenaZNew(tmpArena, ocspResponseBytes);
+    if (!rb)
+        goto done;
+    response = PORT_ArenaZNew(tmpArena, CERTOCSPResponse);
+    if (!response)
+        goto done;
+
+    rd->version.data = NULL;
+    rd->version.len = 0;
+    rd->responseExtensions = NULL;
+    rd->responses = responses;
+    if (DER_TimeToGeneralizedTimeArena(tmpArena, &rd->producedAt, producedAt) !=
+        SECSuccess)
+        goto done;
+
+    if (!responderCert) {
+        /* use invalid signature for testing purposes */
+        unsigned char dummyChar = 'd';
+        SECItem dummy;
+
+        dummy.len = 1;
+        dummy.data = &dummyChar;
+
+        /* it's easier to produdce a keyHash out of nowhere,
+    	 * than to produce an encoded subject,
+    	 * so for our dummy response we always use byKey
+    	 */
+
+        rid->responderIDType = ocspResponderID_byKey;
+        if (!ocsp_DigestValue(tmpArena, SEC_OID_SHA1, &rid->responderIDValue.keyHash,
+                              &dummy))
+            goto done;
+
+        if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
+                                ocsp_ResponderIDByKeyTemplate))
+            goto done;
+
+        br->tbsResponseData = rd;
+
+        if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
+                                ocsp_myResponseDataTemplate))
+            goto done;
+
+        br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem *, 1);
+        if (!br->responseSignature.derCerts)
+            goto done;
+        br->responseSignature.derCerts[0] = NULL;
+
+        algID = SEC_GetSignatureAlgorithmOidTag(rsaKey, SEC_OID_SHA1);
+        if (algID == SEC_OID_UNKNOWN)
+            goto done;
+
+        /* match the regular signature code, which doesn't use the arena */
+        if (!SECITEM_AllocItem(NULL, &br->responseSignature.signature, 1))
+            goto done;
+        PORT_Memcpy(br->responseSignature.signature.data, &dummyChar, 1);
+
+        /* convert len-in-bytes to len-in-bits */
+        br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
+    } else {
+        rid->responderIDType = responderIDType;
+        if (responderIDType == ocspResponderID_byName) {
+            responderIDTemplate = ocsp_ResponderIDByNameTemplate;
+            if (CERT_CopyName(tmpArena, &rid->responderIDValue.name,
+                              &responderCert->subject) != SECSuccess)
+                goto done;
+        } else {
+            responderIDTemplate = ocsp_ResponderIDByKeyTemplate;
+            if (!CERT_GetSubjectPublicKeyDigest(tmpArena, responderCert,
+                                                SEC_OID_SHA1, &rid->responderIDValue.keyHash))
+                goto done;
+        }
+
+        if (!SEC_ASN1EncodeItem(tmpArena, &rd->derResponderID, rid,
+                                responderIDTemplate))
+            goto done;
+
+        br->tbsResponseData = rd;
+
+        if (!SEC_ASN1EncodeItem(tmpArena, &br->tbsResponseDataDER, br->tbsResponseData,
+                                ocsp_myResponseDataTemplate))
+            goto done;
+
+        br->responseSignature.derCerts = PORT_ArenaNewArray(tmpArena, SECItem *, 1);
+        if (!br->responseSignature.derCerts)
+            goto done;
+        br->responseSignature.derCerts[0] = NULL;
+
+        privKey = PK11_FindKeyByAnyCert(responderCert, wincx);
+        if (!privKey)
+            goto done;
+
+        algID = SEC_GetSignatureAlgorithmOidTag(privKey->keyType, SEC_OID_SHA1);
+        if (algID == SEC_OID_UNKNOWN)
+            goto done;
+
+        if (SEC_SignData(&br->responseSignature.signature,
+                         br->tbsResponseDataDER.data, br->tbsResponseDataDER.len,
+                         privKey, algID) !=
+            SECSuccess)
+            goto done;
+
+        /* convert len-in-bytes to len-in-bits */
+        br->responseSignature.signature.len = br->responseSignature.signature.len << 3;
+
+        /* br->responseSignature.signature wasn't allocated from arena,
+	     * we must free it when done. */
+    }
+
+    if (SECOID_SetAlgorithmID(tmpArena, &br->responseSignature.signatureAlgorithm, algID, 0) !=
+        SECSuccess)
+        goto done;
+
+    if (!SEC_ASN1EncodeItem(tmpArena, &rb->response, br,
+                            ocsp_EncodeBasicOCSPResponseTemplate))
+        goto done;
+
+    rb->responseTypeTag = SEC_OID_PKIX_OCSP_BASIC_RESPONSE;
+
+    od = SECOID_FindOIDByTag(rb->responseTypeTag);
+    if (!od)
+        goto done;
+
+    rb->responseType = od->oid;
+    rb->decodedResponse.basic = br;
+
+    response->arena = tmpArena;
+    response->responseBytes = rb;
+    response->statusValue = ocspResponse_successful;
+
+    if (!SEC_ASN1EncodeInteger(tmpArena, &response->responseStatus,
+                               response->statusValue))
+        goto done;
+
+    result = SEC_ASN1EncodeItem(arena, NULL, response, ocsp_OCSPResponseTemplate);
+
+done:
+    if (privKey)
+        SECKEY_DestroyPrivateKey(privKey);
+    if (br && br->responseSignature.signature.data)
+        SECITEM_FreeItem(&br->responseSignature.signature, PR_FALSE);
+    PORT_FreeArena(tmpArena, PR_FALSE);
+
+    return result;
+}
+
+static const SEC_ASN1Template ocsp_OCSPErrorResponseTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTOCSPResponse) },
+    { SEC_ASN1_ENUMERATED,
+      offsetof(CERTOCSPResponse, responseStatus) },
+    { 0, 0,
+      mySEC_NullTemplate },
+    { 0 }
+};
+
+SECItem *
+CERT_CreateEncodedOCSPErrorResponse(PLArenaPool *arena, int error)
+{
+    CERTOCSPResponse response;
+    SECItem *result = NULL;
+
+    switch (error) {
+        case SEC_ERROR_OCSP_MALFORMED_REQUEST:
+            response.statusValue = ocspResponse_malformedRequest;
+            break;
+        case SEC_ERROR_OCSP_SERVER_ERROR:
+            response.statusValue = ocspResponse_internalError;
+            break;
+        case SEC_ERROR_OCSP_TRY_SERVER_LATER:
+            response.statusValue = ocspResponse_tryLater;
+            break;
+        case SEC_ERROR_OCSP_REQUEST_NEEDS_SIG:
+            response.statusValue = ocspResponse_sigRequired;
+            break;
+        case SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST:
+            response.statusValue = ocspResponse_unauthorized;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return NULL;
+    }
+
+    if (!SEC_ASN1EncodeInteger(NULL, &response.responseStatus,
+                               response.statusValue))
+        return NULL;
+
+    result = SEC_ASN1EncodeItem(arena, NULL, &response,
+                                ocsp_OCSPErrorResponseTemplate);
+
+    SECITEM_FreeItem(&response.responseStatus, PR_FALSE);
+
+    return result;
+}
diff --git a/nss/lib/certhigh/ocspt.h b/nss/lib/certhigh/ocspt.h
new file mode 100644
index 0000000..db429ff
--- /dev/null
+++ b/nss/lib/certhigh/ocspt.h
@@ -0,0 +1,301 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Public header for exported OCSP types.
+ */
+
+#ifndef _OCSPT_H_
+#define _OCSPT_H_
+
+/*
+ * The following are all opaque types.  If someone needs to get at
+ * a field within, then we need to fix the API.  Try very hard not
+ * make the type available to them.
+ */
+typedef struct CERTOCSPRequestStr CERTOCSPRequest;
+typedef struct CERTOCSPResponseStr CERTOCSPResponse;
+
+/*
+ * XXX I think only those first two above should need to be exported,
+ * but until I know for certain I am leaving the rest of these here, too.
+ */
+typedef struct CERTOCSPCertIDStr CERTOCSPCertID;
+typedef struct CERTOCSPSingleResponseStr CERTOCSPSingleResponse;
+
+/*
+ * This interface is described in terms of an HttpClient which
+ * supports at least a specified set of functions. (An implementer may
+ * provide HttpClients with additional functionality accessible only to
+ * users with a particular implementation in mind.) The basic behavior
+ * is provided by defining a set of functions, listed in an
+ * SEC_HttpServerFcnStruct. If the implementor of a SpecificHttpClient
+ * registers his SpecificHttpClient as the default HttpClient, then his
+ * functions will be called by the user of an HttpClient, such as an
+ * OCSPChecker.
+ *
+ * The implementer of a specific HttpClient (e.g., the NSS-provided
+ * DefaultHttpClient), populates an SEC_HttpClientFcnStruct, uses it to
+ * register his client, and waits for his functions to be called.
+ *
+ * For future expandability, the SEC_HttpClientFcnStruct is defined as a
+ * union, with the version field acting as a selector. The proposed
+ * initial version of the structure is given following the definition
+ * of the union. The HttpClientState structure is implementation-
+ * dependent, and should be opaque to the user.
+ */
+
+typedef void *SEC_HTTP_SERVER_SESSION;
+typedef void *SEC_HTTP_REQUEST_SESSION;
+
+/*
+ * This function creates a SEC_HTTP_SERVER_SESSION object. The implementer of a
+ * specific HttpClient will allocate the necessary space, when this
+ * function is called, and will free it when the corresponding FreeFcn
+ * is called. The SEC_HTTP_SERVER_SESSION object is passed, as an opaque object,
+ * to subsequent calls.
+ *
+ * If the function returns SECSuccess, the returned SEC_HTTP_SERVER_SESSION
+ * must be cleaned up with a call to SEC_HttpServer_FreeSession,
+ * after processing is finished.
+ */
+typedef SECStatus (*SEC_HttpServer_CreateSessionFcn)(
+    const char *host,
+    PRUint16 portnum,
+    SEC_HTTP_SERVER_SESSION *pSession);
+
+/*
+ * This function is called to allow the implementation to attempt to keep
+ * the connection alive. Depending on the underlying platform, it might
+ * immediately return SECSuccess without having performed any operations.
+ * (If a connection has not been kept alive, a subsequent call to
+ * SEC_HttpRequest_TrySendAndReceiveFcn should reopen the connection
+ * automatically.)
+ *
+ * If the connection uses nonblocking I/O, this function may return
+ * SECWouldBlock and store a nonzero value at "pPollDesc". In that case
+ * the caller may wait on the poll descriptor, and should call this function
+ * again until SECSuccess (and a zero value at "pPollDesc") is obtained.
+ */
+typedef SECStatus (*SEC_HttpServer_KeepAliveSessionFcn)(
+    SEC_HTTP_SERVER_SESSION session,
+    PRPollDesc **pPollDesc);
+
+/*
+ * This function frees the client SEC_HTTP_SERVER_SESSION object, closes all
+ * SEC_HTTP_REQUEST_SESSIONs created for that server, discards all partial results,
+ * frees any memory that was allocated by the client, and invalidates any
+ * response pointers that might have been returned by prior server or request
+ * functions.
+ */
+typedef SECStatus (*SEC_HttpServer_FreeSessionFcn)(
+    SEC_HTTP_SERVER_SESSION session);
+
+/*
+ * This function creates a SEC_HTTP_REQUEST_SESSION object. The implementer of a
+ * specific HttpClient will allocate the necessary space, when this
+ * function is called, and will free it when the corresponding FreeFcn
+ * is called. The SEC_HTTP_REQUEST_SESSION object is passed, as an opaque object,
+ * to subsequent calls.
+ *
+ * An implementation that does not support the requested protocol variant
+ * (usually "http", but could eventually allow "https") or request method
+ * should return SECFailure.
+ *
+ * Timeout values may include the constants PR_INTERVAL_NO_TIMEOUT (wait
+ * forever) or PR_INTERVAL_NO_WAIT (nonblocking I/O).
+ *
+ * If the function returns SECSuccess, the returned SEC_HTTP_REQUEST_SESSION
+ * must be cleaned up with a call to SEC_HttpRequest_FreeSession,
+ * after processing is finished.
+ */
+typedef SECStatus (*SEC_HttpRequest_CreateFcn)(
+    SEC_HTTP_SERVER_SESSION session,
+    const char *http_protocol_variant, /* usually "http" */
+    const char *path_and_query_string,
+    const char *http_request_method,
+    const PRIntervalTime timeout,
+    SEC_HTTP_REQUEST_SESSION *pRequest);
+
+/*
+ * This function sets data to be sent to the server for an HTTP request
+ * of http_request_method == POST. If a particular implementation
+ * supports it, the details for the POST request can be set by calling
+ * this function, prior to activating the request with TrySendAndReceiveFcn.
+ *
+ * An implementation that does not support the POST method should
+ * implement a SetPostDataFcn function that returns immediately.
+ *
+ * Setting http_content_type is optional, the parameter may
+ * by NULL or the empty string.
+ */
+typedef SECStatus (*SEC_HttpRequest_SetPostDataFcn)(
+    SEC_HTTP_REQUEST_SESSION request,
+    const char *http_data,
+    const PRUint32 http_data_len,
+    const char *http_content_type);
+
+/*
+ * This function sets an additional HTTP protocol request header.
+ * If a particular implementation supports it, one or multiple headers
+ * can be added to the request by calling this function once or multiple
+ * times, prior to activating the request with TryFcn.
+ *
+ * An implementation that does not support setting additional headers
+ * should implement an AddRequestHeaderFcn function that returns immediately.
+ */
+typedef SECStatus (*SEC_HttpRequest_AddHeaderFcn)(
+    SEC_HTTP_REQUEST_SESSION request,
+    const char *http_header_name,
+    const char *http_header_value);
+
+/*
+ * This function initiates or continues an HTTP request. After
+ * parameters have been set with the Create function and, optionally,
+ * modified or enhanced with the AddParams function, this call creates
+ * the socket connection and initiates the communication.
+ *
+ * If a timeout value of zero is specified, indicating non-blocking
+ * I/O, the client creates a non-blocking socket, and returns a status
+ * of SECWouldBlock and a non-NULL PRPollDesc if the operation is not
+ * complete. In that case all other return parameters are undefined.
+ * The caller is expected to repeat the call, possibly after using
+ * PRPoll to determine that a completion has occurred, until a return
+ * value of SECSuccess (and a NULL value for pPollDesc) or a return
+ * value of SECFailure (indicating failure on the network level)
+ * is obtained.
+ *
+ * http_response_data_len is both input and output parameter.
+ * If a pointer to a PRUint32 is supplied, the http client is
+ * expected to check the given integer value and always set an out
+ * value, even on failure.
+ * An input value of zero means, the caller will accept any response len.
+ * A different input value indicates the maximum response value acceptable
+ * to the caller.
+ * If data is successfully read and the size is acceptable to the caller,
+ * the function will return SECSuccess and set http_response_data_len to
+ * the size of the block returned in http_response_data.
+ * If the data read from the http server is larger than the acceptable
+ * size, the function will return SECFailure.
+ * http_response_data_len will be set to a value different from zero to
+ * indicate the reason of the failure.
+ * An out value of "0" means, the failure was unrelated to the
+ * acceptable size.
+ * An out value of "1" means, the result data is larger than the
+ * accpeptable size, but the real size is not yet known to the http client
+ * implementation and it stopped retrieving it,
+ * Any other out value combined with a return value of SECFailure
+ * will indicate the actual size of the server data.
+ *
+ * The caller is permitted to provide NULL values for any of the
+ * http_response arguments, indicating the caller is not interested in
+ * those values. If the caller does provide an address, the HttpClient
+ * stores at that address a pointer to the corresponding argument, at
+ * the completion of the operation.
+ *
+ * All returned pointers will be owned by the the HttpClient
+ * implementation and will remain valid until the call to
+ * SEC_HttpRequest_FreeFcn.
+ */
+typedef SECStatus (*SEC_HttpRequest_TrySendAndReceiveFcn)(
+    SEC_HTTP_REQUEST_SESSION request,
+    PRPollDesc **pPollDesc,
+    PRUint16 *http_response_code,
+    const char **http_response_content_type,
+    const char **http_response_headers,
+    const char **http_response_data,
+    PRUint32 *http_response_data_len);
+
+/*
+ * Calling CancelFcn asks for premature termination of the request.
+ *
+ * Future calls to SEC_HttpRequest_TrySendAndReceive should
+ * by avoided, but in this case the HttpClient implementation
+ * is expected to return immediately with SECFailure.
+ *
+ * After calling CancelFcn, a separate call to SEC_HttpRequest_FreeFcn
+ * is still necessary to free resources.
+ */
+typedef SECStatus (*SEC_HttpRequest_CancelFcn)(
+    SEC_HTTP_REQUEST_SESSION request);
+
+/*
+ * Before calling this function, it must be assured the request
+ * has been completed, i.e. either SEC_HttpRequest_TrySendAndReceiveFcn has
+ * returned SECSuccess, or the request has been canceled with
+ * a call to SEC_HttpRequest_CancelFcn.
+ *
+ * This function frees the client state object, closes all sockets,
+ * discards all partial results, frees any memory that was allocated
+ * by the client, and invalidates all response pointers that might
+ * have been returned by SEC_HttpRequest_TrySendAndReceiveFcn
+ */
+typedef SECStatus (*SEC_HttpRequest_FreeFcn)(
+    SEC_HTTP_REQUEST_SESSION request);
+
+typedef struct SEC_HttpClientFcnV1Struct {
+    SEC_HttpServer_CreateSessionFcn createSessionFcn;
+    SEC_HttpServer_KeepAliveSessionFcn keepAliveSessionFcn;
+    SEC_HttpServer_FreeSessionFcn freeSessionFcn;
+    SEC_HttpRequest_CreateFcn createFcn;
+    SEC_HttpRequest_SetPostDataFcn setPostDataFcn;
+    SEC_HttpRequest_AddHeaderFcn addHeaderFcn;
+    SEC_HttpRequest_TrySendAndReceiveFcn trySendAndReceiveFcn;
+    SEC_HttpRequest_CancelFcn cancelFcn;
+    SEC_HttpRequest_FreeFcn freeFcn;
+} SEC_HttpClientFcnV1;
+
+typedef struct SEC_HttpClientFcnStruct {
+    PRInt16 version;
+    union {
+        SEC_HttpClientFcnV1 ftable1;
+        /* SEC_HttpClientFcnV2 ftable2; */
+        /* ...                      */
+    } fcnTable;
+} SEC_HttpClientFcn;
+
+/*
+ * ocspMode_FailureIsVerificationFailure:
+ * This is the classic behaviour of NSS.
+ * Any OCSP failure is a verification failure (classic mode, default).
+ * Without a good response, OCSP networking will be retried each time
+ * it is required for verifying a cert.
+ *
+ * ocspMode_FailureIsNotAVerificationFailure:
+ * If we fail to obtain a valid OCSP response, consider the
+ * cert as good.
+ * Failed OCSP attempts might get cached and not retried until
+ * minimumSecondsToNextFetchAttempt.
+ * If we are able to obtain a valid response, the cert
+ * will be considered good, if either status is "good"
+ * or the cert was not yet revoked at verification time.
+ *
+ * Additional failure modes might be added in the future.
+ */
+typedef enum {
+    ocspMode_FailureIsVerificationFailure = 0,
+    ocspMode_FailureIsNotAVerificationFailure = 1
+} SEC_OcspFailureMode;
+
+/*
+ * A ResponderID identifies the responder -- or more correctly, the
+ * signer of the response.  The ASN.1 definition of a ResponderID is:
+ *
+ * ResponderID	::=	CHOICE {
+ *	byName			[1] EXPLICIT Name,
+ *	byKey			[2] EXPLICIT KeyHash }
+ *
+ * Because it is CHOICE, the type of identification used and the
+ * identification itself are actually encoded together.  To represent
+ * this same information internally, we explicitly define a type and
+ * save it, along with the value, into a data structure.
+ */
+
+typedef enum {
+    ocspResponderID_other = -1, /* unknown kind of responderID */
+    ocspResponderID_byName = 1,
+    ocspResponderID_byKey = 2
+} CERTOCSPResponderIDType;
+
+#endif /* _OCSPT_H_ */
diff --git a/nss/lib/certhigh/ocspti.h b/nss/lib/certhigh/ocspti.h
new file mode 100644
index 0000000..d9297db
--- /dev/null
+++ b/nss/lib/certhigh/ocspti.h
@@ -0,0 +1,356 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Private header defining OCSP types.
+ */
+
+#ifndef _OCSPTI_H_
+#define _OCSPTI_H_
+
+#include "ocspt.h"
+
+#include "certt.h"
+#include "plarena.h"
+#include "seccomon.h"
+#include "secoidt.h"
+
+/*
+ * Some notes about naming conventions...
+ *
+ * The public data types all start with "CERTOCSP" (e.g. CERTOCSPRequest).
+ * (Even the public types are opaque, however.  Only their names are
+ * "exported".)
+ *
+ * Internal-only data types drop the "CERT" prefix and use only the
+ * lower-case "ocsp" (e.g. ocspTBSRequest), for brevity sake.
+ *
+ * In either case, the base/suffix of the type name usually matches the
+ * name as defined in the OCSP specification.  The exceptions to this are:
+ *  - When there is overlap between the "OCSP" or "ocsp" prefix and
+ *    the name used in the standard.  That is, you cannot strip off the
+ *    "CERTOCSP" or "ocsp" prefix and necessarily get the name of the
+ *    type as it is defined in the standard; the "real" name will be
+ *    *either* "OCSPSuffix" or just "Suffix".
+ *  - When the name in the standard was a little too generic.  (e.g. The
+ *    standard defines "Request" but we call it a "SingleRequest".)
+ *    In this case a comment above the type definition calls attention
+ *    to the difference.
+ *
+ * The definitions laid out in this header file are intended to follow
+ * the same order as the definitions in the OCSP specification itself.
+ * With the OCSP standard in hand, you should be able to move through
+ * this file and follow along.  To future modifiers of this file: please
+ * try to keep it that way.  The only exceptions are the few cases where
+ * we need to define a type before it is referenced (e.g. enumerations),
+ * whereas in the OCSP specification these are usually defined the other
+ * way around (reference before definition).
+ */
+
+/*
+ * Forward-declarations of internal-only data structures.
+ *
+ * These are in alphabetical order (case-insensitive); please keep it that way!
+ */
+typedef struct ocspBasicOCSPResponseStr ocspBasicOCSPResponse;
+typedef struct ocspCertStatusStr ocspCertStatus;
+typedef struct ocspResponderIDStr ocspResponderID;
+typedef struct ocspResponseBytesStr ocspResponseBytes;
+typedef struct ocspResponseDataStr ocspResponseData;
+typedef struct ocspRevokedInfoStr ocspRevokedInfo;
+typedef struct ocspServiceLocatorStr ocspServiceLocator;
+typedef struct ocspSignatureStr ocspSignature;
+typedef struct ocspSingleRequestStr ocspSingleRequest;
+typedef struct ocspSingleResponseStr ocspSingleResponse;
+typedef struct ocspTBSRequestStr ocspTBSRequest;
+
+/*
+ * An OCSPRequest; this is what is sent (encoded) to an OCSP responder.
+ */
+struct CERTOCSPRequestStr {
+    PLArenaPool *arena; /* local; not part of encoding */
+    ocspTBSRequest *tbsRequest;
+    ocspSignature *optionalSignature;
+};
+
+/*
+ * A TBSRequest; when an OCSPRequest is signed, the encoding of this
+ * is what the signature is actually applied to.  ("TBS" == To Be Signed)
+ * Whether signed or not, however, this structure will be present, and
+ * is the "meat" of the OCSPRequest.
+ *
+ * Note that the "requestorName" field cannot be encoded/decoded in the
+ * same pass as the entire request -- it needs to be handled with a special
+ * call to convert to/from our internal form of a GeneralName.  Thus the
+ * "derRequestorName" field, which is the actual DER-encoded bytes.
+ *
+ * The "extensionHandle" field is used on creation only; it holds
+ * in-progress extensions as they are optionally added to the request.
+ */
+struct ocspTBSRequestStr {
+    SECItem version;                    /* an INTEGER */
+    SECItem *derRequestorName;          /* encoded GeneralName; see above */
+    CERTGeneralNameList *requestorName; /* local; not part of encoding */
+    ocspSingleRequest **requestList;
+    CERTCertExtension **requestExtensions;
+    void *extensionHandle; /* local; not part of encoding */
+};
+
+/*
+ * This is the actual signature information for an OCSPRequest (applied to
+ * the TBSRequest structure) or for a BasicOCSPResponse (applied to a
+ * ResponseData structure).
+ *
+ * Note that the "signature" field itself is a BIT STRING; operations on
+ * it need to keep that in mind, converting the length to bytes as needed
+ * and back again afterward (so that the length is usually expressing bits).
+ *
+ * The "cert" field is the signer's certificate.  In the case of a received
+ * signature, it will be filled in when the signature is verified.  In the
+ * case of a created signature, it is filled in on creation and will be the
+ * cert used to create the signature when the signing-and-encoding occurs,
+ * as well as the cert (and its chain) to fill in derCerts if requested.
+ *
+ * The extra fields cache information about the signature after we have
+ * attempted a verification.  "wasChecked", if true, means the signature
+ * has been checked against the appropriate data and thus that "status"
+ * contains the result of that verification.  If "status" is not SECSuccess,
+ * "failureReason" is a copy of the error code that was set at the time;
+ * presumably it tells why the signature verification failed.
+ */
+struct ocspSignatureStr {
+    SECAlgorithmID signatureAlgorithm;
+    SECItem signature;     /* a BIT STRING */
+    SECItem **derCerts;    /* a SEQUENCE OF Certificate */
+    CERTCertificate *cert; /* local; not part of encoding */
+    PRBool wasChecked;     /* local; not part of encoding */
+    SECStatus status;      /* local; not part of encoding */
+    int failureReason;     /* local; not part of encoding */
+};
+
+/*
+ * An OCSPRequest contains a SEQUENCE OF these, one for each certificate
+ * whose status is being checked.
+ *
+ * Note that in the OCSP specification this is just called "Request",
+ * but since that seemed confusing (vs. an OCSPRequest) and to be more
+ * consistent with the parallel type "SingleResponse", I called it a
+ * "SingleRequest".
+ *
+ * XXX figure out how to get rid of that arena -- there must be a way
+ */
+struct ocspSingleRequestStr {
+    PLArenaPool *arena; /* just a copy of the response arena,
+					 * needed here for extension handling
+					 * routines, on creation only */
+    CERTOCSPCertID *reqCert;
+    CERTCertExtension **singleRequestExtensions;
+};
+
+/*
+ * A CertID is the means of identifying a certificate, used both in requests
+ * and in responses.
+ *
+ * When in a SingleRequest it specifies the certificate to be checked.
+ * When in a SingleResponse it is the cert whose status is being given.
+ */
+struct CERTOCSPCertIDStr {
+    SECAlgorithmID hashAlgorithm;
+    SECItem issuerNameHash;     /* an OCTET STRING */
+    SECItem issuerKeyHash;      /* an OCTET STRING */
+    SECItem serialNumber;       /* an INTEGER */
+    SECItem issuerSHA1NameHash; /* keep other hashes around when */
+    SECItem issuerMD5NameHash;  /* we have them */
+    SECItem issuerMD2NameHash;
+    SECItem issuerSHA1KeyHash; /* keep other hashes around when */
+    SECItem issuerMD5KeyHash;  /* we have them */
+    SECItem issuerMD2KeyHash;
+    PLArenaPool *poolp;
+};
+
+/*
+ * This describes the value of the responseStatus field in an OCSPResponse.
+ * The corresponding ASN.1 definition is:
+ *
+ * OCSPResponseStatus	::=	ENUMERATED {
+ *	successful		(0),	--Response has valid confirmations
+ *	malformedRequest	(1),	--Illegal confirmation request
+ *	internalError		(2),	--Internal error in issuer
+ *	tryLater		(3),	--Try again later
+ *					--(4) is not used
+ *	sigRequired		(5),	--Must sign the request
+ *	unauthorized		(6),	--Request unauthorized
+ * }
+ */
+typedef enum {
+    ocspResponse_min = 0,
+    ocspResponse_successful = 0,
+    ocspResponse_malformedRequest = 1,
+    ocspResponse_internalError = 2,
+    ocspResponse_tryLater = 3,
+    ocspResponse_unused = 4,
+    ocspResponse_sigRequired = 5,
+    ocspResponse_unauthorized = 6,
+    ocspResponse_max = 6 /* Please update max when adding values.
+                          * Remember to also update arrays, e.g.
+                          * "responseStatusNames" in ocspclnt.c
+                          * and potentially other places. */
+} ocspResponseStatus;
+
+/*
+ * An OCSPResponse is what is sent (encoded) by an OCSP responder.
+ *
+ * The field "responseStatus" is the ASN.1 encoded value; the field
+ * "statusValue" is simply that same value translated into our local
+ * type ocspResponseStatus.
+ */
+struct CERTOCSPResponseStr {
+    PLArenaPool *arena;               /* local; not part of encoding */
+    SECItem responseStatus;           /* an ENUMERATED, see above */
+    ocspResponseStatus statusValue;   /* local; not part of encoding */
+    ocspResponseBytes *responseBytes; /* only when status is successful */
+};
+
+/*
+ * A ResponseBytes (despite appearances) is what contains the meat
+ * of a successful response -- but still in encoded form.  The type
+ * given as "responseType" tells you how to decode the string.
+ *
+ * We look at the OID and translate it into our local OID representation
+ * "responseTypeTag", and use that value to tell us how to decode the
+ * actual response itself.  For now the only kind of OCSP response we
+ * know about is a BasicOCSPResponse.  However, the intention in the
+ * OCSP specification is to allow for other response types, so we are
+ * building in that flexibility from the start and thus put a pointer
+ * to that data structure inside of a union.  Whenever OCSP adds more
+ * response types, just add them to the union.
+ */
+struct ocspResponseBytesStr {
+    SECItem responseType;      /* an OBJECT IDENTIFIER */
+    SECOidTag responseTypeTag; /* local; not part of encoding */
+    SECItem response;          /* an OCTET STRING */
+    union {
+        ocspBasicOCSPResponse *basic; /* when type is id-pkix-ocsp-basic */
+    } decodedResponse;                /* local; not part of encoding */
+};
+
+/*
+ * A BasicOCSPResponse -- when the responseType in a ResponseBytes is
+ * id-pkix-ocsp-basic, the "response" OCTET STRING above is the DER
+ * encoding of one of these.
+ *
+ * Note that in the OCSP specification, the signature fields are not
+ * part of a separate sub-structure.  But since they are the same fields
+ * as we define for the signature in a request, it made sense to share
+ * the C data structure here and in some shared code to operate on them.
+ */
+struct ocspBasicOCSPResponseStr {
+    SECItem tbsResponseDataDER;
+    ocspResponseData *tbsResponseData; /* "tbs" == To Be Signed */
+    ocspSignature responseSignature;
+};
+
+/*
+ * A ResponseData is the part of a BasicOCSPResponse that is signed
+ * (after it is DER encoded).  It contains the real details of the response
+ * (a per-certificate status).
+ */
+struct ocspResponseDataStr {
+    SECItem version; /* an INTEGER */
+    SECItem derResponderID;
+    ocspResponderID *responderID; /* local; not part of encoding */
+    SECItem producedAt;           /* a GeneralizedTime */
+    CERTOCSPSingleResponse **responses;
+    CERTCertExtension **responseExtensions;
+};
+
+struct ocspResponderIDStr {
+    CERTOCSPResponderIDType responderIDType; /* local; not part of encoding */
+    union {
+        CERTName name;   /* when ocspResponderID_byName */
+        SECItem keyHash; /* when ocspResponderID_byKey */
+        SECItem other;   /* when ocspResponderID_other */
+    } responderIDValue;
+};
+
+/*
+ * The ResponseData in a BasicOCSPResponse contains a SEQUENCE OF
+ * SingleResponse -- one for each certificate whose status is being supplied.
+ *
+ * XXX figure out how to get rid of that arena -- there must be a way
+ */
+struct CERTOCSPSingleResponseStr {
+    PLArenaPool *arena; /* just a copy of the response arena,
+					 * needed here for extension handling
+					 * routines, on creation only */
+    CERTOCSPCertID *certID;
+    SECItem derCertStatus;
+    ocspCertStatus *certStatus; /* local; not part of encoding */
+    SECItem thisUpdate;         /* a GeneralizedTime */
+    SECItem *nextUpdate;        /* a GeneralizedTime */
+    CERTCertExtension **singleExtensions;
+};
+
+/*
+ * A CertStatus is the actual per-certificate status.  Its ASN.1 definition:
+ *
+ * CertStatus	::=	CHOICE {
+ *	good			[0] IMPLICIT NULL,
+ *	revoked			[1] IMPLICIT RevokedInfo,
+ *	unknown			[2] IMPLICIT UnknownInfo }
+ *
+ * (where for now UnknownInfo is defined to be NULL but in the
+ * future may be replaced with an enumeration).
+ *
+ * Because it is CHOICE, the status value and its associated information
+ * (if any) are actually encoded together.  To represent this same
+ * information internally, we explicitly define a type and save it,
+ * along with the value, into a data structure.
+ */
+
+typedef enum {
+    ocspCertStatus_good,    /* cert is not revoked */
+    ocspCertStatus_revoked, /* cert is revoked */
+    ocspCertStatus_unknown, /* cert was unknown to the responder */
+    ocspCertStatus_other    /* status was not an expected value */
+} ocspCertStatusType;
+
+/*
+ * This is the actual per-certificate status.
+ *
+ * The "goodInfo" and "unknownInfo" items are only place-holders for a NULL.
+ * (Though someday OCSP may replace UnknownInfo with an enumeration that
+ * gives more detailed information.)
+ */
+struct ocspCertStatusStr {
+    ocspCertStatusType certStatusType; /* local; not part of encoding */
+    union {
+        SECItem *goodInfo;            /* when ocspCertStatus_good */
+        ocspRevokedInfo *revokedInfo; /* when ocspCertStatus_revoked */
+        SECItem *unknownInfo;         /* when ocspCertStatus_unknown */
+        SECItem *otherInfo;           /* when ocspCertStatus_other */
+    } certStatusInfo;
+};
+
+/*
+ * A RevokedInfo gives information about a revoked certificate -- when it
+ * was revoked and why.
+ */
+struct ocspRevokedInfoStr {
+    SECItem revocationTime;    /* a GeneralizedTime */
+    SECItem *revocationReason; /* a CRLReason; ignored for now */
+};
+
+/*
+ * ServiceLocator can be included as one of the singleRequestExtensions.
+ * When added, it specifies the (name of the) issuer of the cert being
+ * checked, and optionally the value of the AuthorityInfoAccess extension
+ * if the cert has one.
+ */
+struct ocspServiceLocatorStr {
+    CERTName *issuer;
+    SECItem locator; /* DER encoded authInfoAccess extension from cert */
+};
+
+#endif /* _OCSPTI_H_ */
diff --git a/nss/lib/certhigh/xcrldist.c b/nss/lib/certhigh/xcrldist.c
new file mode 100644
index 0000000..4f74cdb
--- /dev/null
+++ b/nss/lib/certhigh/xcrldist.c
@@ -0,0 +1,212 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Code for dealing with x.509 v3 CRL Distribution Point extension.
+ */
+#include "genname.h"
+#include "certt.h"
+#include "secerr.h"
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_BitStringTemplate)
+
+extern void PrepareBitStringForEncoding(SECItem *bitMap, SECItem *value);
+
+static const SEC_ASN1Template FullNameTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
+      offsetof(CRLDistributionPoint, derFullName),
+      CERT_GeneralNamesTemplate }
+};
+
+static const SEC_ASN1Template RelativeNameTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
+      offsetof(CRLDistributionPoint, distPoint.relativeName),
+      CERT_RDNTemplate }
+};
+
+static const SEC_ASN1Template DistributionPointNameTemplate[] = {
+    { SEC_ASN1_CHOICE,
+      offsetof(CRLDistributionPoint, distPointType), NULL,
+      sizeof(CRLDistributionPoint) },
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
+      offsetof(CRLDistributionPoint, derFullName),
+      CERT_GeneralNamesTemplate, generalName },
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 1,
+      offsetof(CRLDistributionPoint, distPoint.relativeName),
+      CERT_RDNTemplate, relativeDistinguishedName },
+    { 0 }
+};
+
+static const SEC_ASN1Template CRLDistributionPointTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRLDistributionPoint) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
+      offsetof(CRLDistributionPoint, derDistPoint),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(CRLDistributionPoint, bitsmap),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_CONSTRUCTED | 2,
+      offsetof(CRLDistributionPoint, derCrlIssuer),
+      CERT_GeneralNamesTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template CERTCRLDistributionPointsTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, CRLDistributionPointTemplate }
+};
+
+SECStatus
+CERT_EncodeCRLDistributionPoints(PLArenaPool *arena,
+                                 CERTCrlDistributionPoints *value,
+                                 SECItem *derValue)
+{
+    CRLDistributionPoint **pointList, *point;
+    PLArenaPool *ourPool = NULL;
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(derValue);
+    PORT_Assert(value && value->distPoints);
+
+    do {
+        ourPool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+        if (ourPool == NULL) {
+            rv = SECFailure;
+            break;
+        }
+
+        pointList = value->distPoints;
+        while (*pointList) {
+            point = *pointList;
+            point->derFullName = NULL;
+            point->derDistPoint.data = NULL;
+
+            switch (point->distPointType) {
+                case generalName:
+                    point->derFullName = cert_EncodeGeneralNames(ourPool, point->distPoint.fullName);
+
+                    if (!point->derFullName ||
+                        !SEC_ASN1EncodeItem(ourPool, &point->derDistPoint,
+                                            point, FullNameTemplate))
+                        rv = SECFailure;
+                    break;
+
+                case relativeDistinguishedName:
+                    if (!SEC_ASN1EncodeItem(ourPool, &point->derDistPoint,
+                                            point, RelativeNameTemplate))
+                        rv = SECFailure;
+                    break;
+
+                default:
+                    PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+                    rv = SECFailure;
+                    break;
+            }
+
+            if (rv != SECSuccess)
+                break;
+
+            if (point->reasons.data)
+                PrepareBitStringForEncoding(&point->bitsmap, &point->reasons);
+
+            if (point->crlIssuer) {
+                point->derCrlIssuer = cert_EncodeGeneralNames(ourPool, point->crlIssuer);
+                if (!point->derCrlIssuer) {
+                    rv = SECFailure;
+                    break;
+                }
+            }
+            ++pointList;
+        }
+        if (rv != SECSuccess)
+            break;
+        if (!SEC_ASN1EncodeItem(arena, derValue, value,
+                                CERTCRLDistributionPointsTemplate)) {
+            rv = SECFailure;
+            break;
+        }
+    } while (0);
+    PORT_FreeArena(ourPool, PR_FALSE);
+    return rv;
+}
+
+CERTCrlDistributionPoints *
+CERT_DecodeCRLDistributionPoints(PLArenaPool *arena, SECItem *encodedValue)
+{
+    CERTCrlDistributionPoints *value = NULL;
+    CRLDistributionPoint **pointList, *point;
+    SECStatus rv = SECSuccess;
+    SECItem newEncodedValue;
+
+    PORT_Assert(arena);
+    do {
+        value = PORT_ArenaZNew(arena, CERTCrlDistributionPoints);
+        if (value == NULL) {
+            rv = SECFailure;
+            break;
+        }
+
+        /* copy the DER into the arena, since Quick DER returns data that points
+           into the DER input, which may get freed by the caller */
+        rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
+        if (rv != SECSuccess)
+            break;
+
+        rv = SEC_QuickDERDecodeItem(arena, &value->distPoints,
+                                    CERTCRLDistributionPointsTemplate, &newEncodedValue);
+        if (rv != SECSuccess)
+            break;
+
+        pointList = value->distPoints;
+        while (NULL != (point = *pointList)) {
+
+            /* get the data if the distributionPointName is not omitted */
+            if (point->derDistPoint.data != NULL) {
+                rv = SEC_QuickDERDecodeItem(arena, point,
+                                            DistributionPointNameTemplate, &(point->derDistPoint));
+                if (rv != SECSuccess)
+                    break;
+
+                switch (point->distPointType) {
+                    case generalName:
+                        point->distPoint.fullName =
+                            cert_DecodeGeneralNames(arena, point->derFullName);
+                        rv = point->distPoint.fullName ? SECSuccess : SECFailure;
+                        break;
+
+                    case relativeDistinguishedName:
+                        break;
+
+                    default:
+                        PORT_SetError(SEC_ERROR_EXTENSION_VALUE_INVALID);
+                        rv = SECFailure;
+                        break;
+                } /* end switch */
+                if (rv != SECSuccess)
+                    break;
+            } /* end if */
+
+            /* Get the reason code if it's not omitted in the encoding */
+            if (point->bitsmap.data != NULL) {
+                SECItem bitsmap = point->bitsmap;
+                DER_ConvertBitString(&bitsmap);
+                rv = SECITEM_CopyItem(arena, &point->reasons, &bitsmap);
+                if (rv != SECSuccess)
+                    break;
+            }
+
+            /* Get the crl issuer name if it's not omitted in the encoding */
+            if (point->derCrlIssuer != NULL) {
+                point->crlIssuer = cert_DecodeGeneralNames(arena,
+                                                           point->derCrlIssuer);
+                if (!point->crlIssuer)
+                    break;
+            }
+            ++pointList;
+        } /* end while points remain */
+    } while (0);
+    return (rv == SECSuccess ? value : NULL);
+}
diff --git a/nss/lib/ckfw/Makefile b/nss/lib/ckfw/Makefile
new file mode 100644
index 0000000..484dbb5
--- /dev/null
+++ b/nss/lib/ckfw/Makefile
@@ -0,0 +1,39 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+ifdef NOTDEF # was ifdef MOZILLA_CLIENT
+NSS_BUILD_CAPI = 1
+endif
+
+# This'll need some help from a build person.
+
+# The generated files are checked in, and differ from what ckapi.perl
+# will produce.  ckapi.perl is currently newer than the targets, so
+# these rules are invoked, causing the wrong files to be generated.
+# Turning off to fix builds.
+#
+# nssckepv.h: ck.api ckapi.perl
+# nssckft.h: ck.api ckapi.perl
+# nssckg.h: ck.api ckapi.perl
+# nssck.api: ck.api ckapi.perl
+# 	$(PERL) ckapi.perl ck.api
+
+export:: private_export
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
+ifdef NSS_BUILD_CAPI
+DIRS += capi
+endif
+endif
+
+#ifeq ($(OS_ARCH), Darwin)
+#DIRS += nssmkey
+#endif
diff --git a/nss/lib/ckfw/builtins/Makefile b/nss/lib/ckfw/builtins/Makefile
new file mode 100644
index 0000000..22726e2
--- /dev/null
+++ b/nss/lib/ckfw/builtins/Makefile
@@ -0,0 +1,54 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+	$(NULL)
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+else 
+EXTRA_SHARED_LIBS += \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+        $(NULL)
+endif # NS_USE_GCC
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+endif
+
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+# Generate certdata.c.
+
+# By default, use the unmodified certdata.txt.
+ifndef NSS_CERTDATA_TXT
+NSS_CERTDATA_TXT = certdata.txt
+endif
+
+$(OBJDIR)/certdata.c: $(NSS_CERTDATA_TXT) certdata.perl
+	@$(MAKE_OBJDIR)
+	$(PERL) certdata.perl $(NSS_CERTDATA_TXT) $@
diff --git a/nss/lib/ckfw/builtins/README b/nss/lib/ckfw/builtins/README
new file mode 100644
index 0000000..fc0393c
--- /dev/null
+++ b/nss/lib/ckfw/builtins/README
@@ -0,0 +1,45 @@
+This README file explains how to add a builtin root CA certificate to NSS
+or remove a builtin root CA certificate from NSS.
+
+The builtin root CA certificates in NSS are stored in the nssckbi PKCS #11
+module. The sources to the nssckbi module are in this directory.
+
+I. Adding a Builtin Root CA Certificate
+
+You need to use the addbuiltin command-line tool to add a root CA certificate
+to the nssckbi module. In the procedure described below, we assume that the
+new root CA certificate is distributed in DER format in the file newroot.der.
+
+1. Add the directory where the addbuiltin executable resides to your PATH
+environment variable. Then, add the directory where the NSPR and NSS shared
+libraries (DLLs) reside to the platform-specific environment variable that
+specifies your shared library search path: LD_LIBRARY_PATH (most Unix
+variants), SHLIB_PATH (32-bit HP-UX), LIBPATH (AIX), or PATH (Windows).
+
+2. Copy newroot.der to this directory.
+
+3. In this directory, run addbuiltin to add the new root certificate. The
+argument to the -n option should be replaced by the nickname of the root
+certificate.
+
+    % addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der >> certdata.txt
+
+4. Edit nssckbi.h to bump the version of the module.
+
+5. Run gmake in this directory to build the nssckbi module.
+
+6. After you verify that the new nssckbi module is correct, check in
+certdata.txt and nssckbi.h.
+
+II. Removing a Builtin Root CA Certificate
+
+1. Change directory to this directory.
+
+2. Edit certdata.txt and remove the root CA certificate.
+
+3. Edit nssckbi.h to bump the version of the module.
+
+4. Run gmake in this directory to build the nssckbi module.
+
+5. After you verify that the new nssckbi module is correct, check in
+certdata.txt and nssckbi.h.
diff --git a/nss/lib/ckfw/builtins/anchor.c b/nss/lib/ckfw/builtins/anchor.c
new file mode 100644
index 0000000..af21c6a
--- /dev/null
+++ b/nss/lib/ckfw/builtins/anchor.c
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * builtins/anchor.c
+ *
+ * This file "anchors" the actual cryptoki entry points in this module's
+ * shared library, which is required for dynamic loading.  See the
+ * comments in nssck.api for more information.
+ */
+
+#include "builtins.h"
+
+#define MODULE_NAME builtins
+#define INSTANCE_NAME (NSSCKMDInstance *)&nss_builtins_mdInstance
+#include "nssck.api"
diff --git a/nss/lib/ckfw/builtins/bfind.c b/nss/lib/ckfw/builtins/bfind.c
new file mode 100644
index 0000000..3e5da1a
--- /dev/null
+++ b/nss/lib/ckfw/builtins/bfind.c
@@ -0,0 +1,261 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BUILTINS_H
+#include "builtins.h"
+#endif /* BUILTINS_H */
+
+/*
+ * builtins/find.c
+ *
+ * This file implements the NSSCKMDFindObjects object for the
+ * "builtin objects" cryptoki module.
+ */
+
+struct builtinsFOStr {
+    NSSArena *arena;
+    CK_ULONG n;
+    CK_ULONG i;
+    builtinsInternalObject **objs;
+};
+
+static void
+builtins_mdFindObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+    NSSArena *arena = fo->arena;
+
+    nss_ZFreeIf(fo->objs);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(mdFindObjects);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+
+    return;
+}
+
+static NSSCKMDObject *
+builtins_mdFindObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    struct builtinsFOStr *fo = (struct builtinsFOStr *)mdFindObjects->etc;
+    builtinsInternalObject *io;
+
+    if (fo->i == fo->n) {
+        *pError = CKR_OK;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    io = fo->objs[fo->i];
+    fo->i++;
+
+    return nss_builtins_CreateMDObject(arena, io, pError);
+}
+
+static int
+builtins_derUnwrapInt(unsigned char *src, int size, unsigned char **dest)
+{
+    unsigned char *start = src;
+    int len = 0;
+
+    if (*src++ != 2) {
+        return 0;
+    }
+    len = *src++;
+    if (len & 0x80) {
+        int count = len & 0x7f;
+        len = 0;
+
+        if (count + 2 > size) {
+            return 0;
+        }
+        while (count-- > 0) {
+            len = (len << 8) | *src++;
+        }
+    }
+    if (len + (src - start) != size) {
+        return 0;
+    }
+    *dest = src;
+    return len;
+}
+
+static CK_BBOOL
+builtins_attrmatch(
+    CK_ATTRIBUTE_PTR a,
+    const NSSItem *b)
+{
+    PRBool prb;
+
+    if (a->ulValueLen != b->size) {
+        /* match a decoded serial number */
+        if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+            int len;
+            unsigned char *data = NULL;
+
+            len = builtins_derUnwrapInt(b->data, b->size, &data);
+            if (data &&
+                (len == a->ulValueLen) &&
+                nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+                return CK_TRUE;
+            }
+        }
+        return CK_FALSE;
+    }
+
+    prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+
+    if (PR_TRUE == prb) {
+        return CK_TRUE;
+    } else {
+        return CK_FALSE;
+    }
+}
+
+static CK_BBOOL
+builtins_match(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    builtinsInternalObject *o)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < ulAttributeCount; i++) {
+        CK_ULONG j;
+
+        for (j = 0; j < o->n; j++) {
+            if (o->types[j] == pTemplate[i].type) {
+                if (CK_FALSE == builtins_attrmatch(&pTemplate[i], &o->items[j])) {
+                    return CK_FALSE;
+                } else {
+                    break;
+                }
+            }
+        }
+
+        if (j == o->n) {
+            /* Loop ran to the end: no matching attribute */
+            return CK_FALSE;
+        }
+    }
+
+    /* Every attribute passed */
+    return CK_TRUE;
+}
+
+NSS_IMPLEMENT NSSCKMDFindObjects *
+nss_builtins_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    /* This could be made more efficient.  I'm rather rushed. */
+    NSSArena *arena;
+    NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+    struct builtinsFOStr *fo = (struct builtinsFOStr *)NULL;
+
+/*
+   * 99% of the time we get 0 or 1 matches. So we start with a small
+   * stack-allocated array to hold the matches and switch to a heap-allocated
+   * array later if the number of matches exceeds STACK_BUF_LENGTH.
+   */
+#define STACK_BUF_LENGTH 1
+    builtinsInternalObject *stackTemp[STACK_BUF_LENGTH];
+    builtinsInternalObject **temp = stackTemp;
+    PRBool tempIsHeapAllocated = PR_FALSE;
+    PRUint32 i;
+
+    arena = NSSArena_Create();
+    if ((NSSArena *)NULL == arena) {
+        goto loser;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+    if ((NSSCKMDFindObjects *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fo = nss_ZNEW(arena, struct builtinsFOStr);
+    if ((struct builtinsFOStr *)NULL == fo) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fo->arena = arena;
+    /* fo->n and fo->i are already zero */
+
+    rv->etc = (void *)fo;
+    rv->Final = builtins_mdFindObjects_Final;
+    rv->Next = builtins_mdFindObjects_Next;
+    rv->null = (void *)NULL;
+
+    for (i = 0; i < nss_builtins_nObjects; i++) {
+        builtinsInternalObject *o = (builtinsInternalObject *)&nss_builtins_data[i];
+
+        if (CK_TRUE == builtins_match(pTemplate, ulAttributeCount, o)) {
+            if (fo->n == STACK_BUF_LENGTH) {
+                /* Switch from the small stack array to a heap-allocated array large
+         * enough to handle matches in all remaining cases. */
+                temp = nss_ZNEWARRAY((NSSArena *)NULL, builtinsInternalObject *,
+                                     fo->n + nss_builtins_nObjects - i);
+                if ((builtinsInternalObject **)NULL == temp) {
+                    *pError =
+                        CKR_HOST_MEMORY;
+                    goto loser;
+                }
+                tempIsHeapAllocated = PR_TRUE;
+                (void)nsslibc_memcpy(temp, stackTemp,
+                                     sizeof(builtinsInternalObject *) * fo->n);
+            }
+
+            temp[fo->n] = o;
+            fo->n++;
+        }
+    }
+
+    fo->objs = nss_ZNEWARRAY(arena, builtinsInternalObject *, fo->n);
+    if ((builtinsInternalObject **)NULL == fo->objs) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    (void)nsslibc_memcpy(fo->objs, temp, sizeof(builtinsInternalObject *) * fo->n);
+    if (tempIsHeapAllocated) {
+        nss_ZFreeIf(temp);
+        temp = (builtinsInternalObject **)NULL;
+    }
+
+    return rv;
+
+loser:
+    if (tempIsHeapAllocated) {
+        nss_ZFreeIf(temp);
+    }
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(rv);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+    return (NSSCKMDFindObjects *)NULL;
+}
diff --git a/nss/lib/ckfw/builtins/binst.c b/nss/lib/ckfw/builtins/binst.c
new file mode 100644
index 0000000..ca1dac8
--- /dev/null
+++ b/nss/lib/ckfw/builtins/binst.c
@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "builtins.h"
+
+/*
+ * builtins/instance.c
+ *
+ * This file implements the NSSCKMDInstance object for the
+ * "builtin objects" cryptoki module.
+ */
+
+/*
+ * NSSCKMDInstance methods
+ */
+
+static CK_ULONG
+builtins_mdInstance_GetNSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (CK_ULONG)1;
+}
+
+static CK_VERSION
+builtins_mdInstance_GetCryptokiVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_builtins_CryptokiVersion;
+}
+
+static NSSUTF8 *
+builtins_mdInstance_GetManufacturerID(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_ManufacturerID;
+}
+
+static NSSUTF8 *
+builtins_mdInstance_GetLibraryDescription(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_LibraryDescription;
+}
+
+static CK_VERSION
+builtins_mdInstance_GetLibraryVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+#define NSS_VERSION_VARIABLE __nss_builtins_version
+#include "verref.h"
+    return nss_builtins_LibraryVersion;
+}
+
+static CK_RV
+builtins_mdInstance_GetSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *slots[])
+{
+    slots[0] = (NSSCKMDSlot *)&nss_builtins_mdSlot;
+    return CKR_OK;
+}
+
+const NSSCKMDInstance
+    nss_builtins_mdInstance = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Finalize */
+        builtins_mdInstance_GetNSlots,
+        builtins_mdInstance_GetCryptokiVersion,
+        builtins_mdInstance_GetManufacturerID,
+        builtins_mdInstance_GetLibraryDescription,
+        builtins_mdInstance_GetLibraryVersion,
+        NULL, /* ModuleHandlesSessionObjects -- defaults to false */
+        builtins_mdInstance_GetSlots,
+        NULL,        /* WaitForSlotEvent */
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/builtins/bobject.c b/nss/lib/ckfw/builtins/bobject.c
new file mode 100644
index 0000000..1c0babd
--- /dev/null
+++ b/nss/lib/ckfw/builtins/bobject.c
@@ -0,0 +1,206 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "builtins.h"
+
+/*
+ * builtins/object.c
+ *
+ * This file implements the NSSCKMDObject object for the
+ * "builtin objects" cryptoki module.
+ */
+
+/*
+ * Finalize - unneeded
+ * Destroy - CKR_SESSION_READ_ONLY
+ * IsTokenObject - CK_TRUE
+ * GetAttributeCount
+ * GetAttributeTypes
+ * GetAttributeSize
+ * GetAttribute
+ * SetAttribute - unneeded
+ * GetObjectSize
+ */
+
+static CK_RV
+builtins_mdObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CKR_SESSION_READ_ONLY;
+}
+
+static CK_BBOOL
+builtins_mdObject_IsTokenObject(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_TRUE;
+}
+
+static CK_ULONG
+builtins_mdObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    return io->n;
+}
+
+static CK_RV
+builtins_mdObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
+{
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
+
+    if (io->n != ulCount) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+
+    for (i = 0; i < io->n; i++) {
+        typeArray[i] = io->types[i];
+    }
+
+    return CKR_OK;
+}
+
+static CK_ULONG
+builtins_mdObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
+
+    for (i = 0; i < io->n; i++) {
+        if (attribute == io->types[i]) {
+            return (CK_ULONG)(io->items[i].size);
+        }
+    }
+
+    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    return 0;
+}
+
+static NSSCKFWItem
+builtins_mdObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    NSSCKFWItem mdItem;
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
+
+    mdItem.needsFreeing = PR_FALSE;
+    mdItem.item = (NSSItem *)NULL;
+
+    for (i = 0; i < io->n; i++) {
+        if (attribute == io->types[i]) {
+            mdItem.item = (NSSItem *)&io->items[i];
+            return mdItem;
+        }
+    }
+
+    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    return mdItem;
+}
+
+static CK_ULONG
+builtins_mdObject_GetObjectSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    builtinsInternalObject *io = (builtinsInternalObject *)mdObject->etc;
+    CK_ULONG i;
+    CK_ULONG rv = sizeof(CK_ULONG);
+
+    for (i = 0; i < io->n; i++) {
+        rv += sizeof(CK_ATTRIBUTE_TYPE) + sizeof(NSSItem) + io->items[i].size;
+    }
+
+    return rv;
+}
+
+static const NSSCKMDObject
+    builtins_prototype_mdObject = {
+        (void *)NULL, /* etc */
+        NULL,         /* Finalize */
+        builtins_mdObject_Destroy,
+        builtins_mdObject_IsTokenObject,
+        builtins_mdObject_GetAttributeCount,
+        builtins_mdObject_GetAttributeTypes,
+        builtins_mdObject_GetAttributeSize,
+        builtins_mdObject_GetAttribute,
+        NULL, /* FreeAttribute */
+        NULL, /* SetAttribute */
+        builtins_mdObject_GetObjectSize,
+        (void *)NULL /* null terminator */
+    };
+
+NSS_IMPLEMENT NSSCKMDObject *
+nss_builtins_CreateMDObject(
+    NSSArena *arena,
+    builtinsInternalObject *io,
+    CK_RV *pError)
+{
+    if ((void *)NULL == io->mdObject.etc) {
+        (void)nsslibc_memcpy(&io->mdObject, &builtins_prototype_mdObject,
+                             sizeof(builtins_prototype_mdObject));
+        io->mdObject.etc = (void *)io;
+    }
+
+    return &io->mdObject;
+}
diff --git a/nss/lib/ckfw/builtins/bsession.c b/nss/lib/ckfw/builtins/bsession.c
new file mode 100644
index 0000000..6828a49
--- /dev/null
+++ b/nss/lib/ckfw/builtins/bsession.c
@@ -0,0 +1,71 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "builtins.h"
+
+/*
+ * builtins/session.c
+ *
+ * This file implements the NSSCKMDSession object for the
+ * "builtin objects" cryptoki module.
+ */
+
+static NSSCKMDFindObjects *
+builtins_mdSession_FindObjectsInit(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    return nss_builtins_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+}
+
+NSS_IMPLEMENT NSSCKMDSession *
+nss_builtins_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+    NSSArena *arena;
+    NSSCKMDSession *rv;
+
+    arena = NSSCKFWSession_GetArena(fwSession, pError);
+    if ((NSSArena *)NULL == arena) {
+        return (NSSCKMDSession *)NULL;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDSession);
+    if ((NSSCKMDSession *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSession *)NULL;
+    }
+
+    /*
+     * rv was zeroed when allocated, so we only
+     * need to set the non-zero members.
+     */
+
+    rv->etc = (void *)fwSession;
+    /* rv->Close */
+    /* rv->GetDeviceError */
+    /* rv->Login */
+    /* rv->Logout */
+    /* rv->InitPIN */
+    /* rv->SetPIN */
+    /* rv->GetOperationStateLen */
+    /* rv->GetOperationState */
+    /* rv->SetOperationState */
+    /* rv->CreateObject */
+    /* rv->CopyObject */
+    rv->FindObjectsInit = builtins_mdSession_FindObjectsInit;
+    /* rv->SeedRandom */
+    /* rv->GetRandom */
+    /* rv->null */
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/builtins/bslot.c b/nss/lib/ckfw/builtins/bslot.c
new file mode 100644
index 0000000..f2ef1ef
--- /dev/null
+++ b/nss/lib/ckfw/builtins/bslot.c
@@ -0,0 +1,81 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "builtins.h"
+
+/*
+ * builtins/slot.c
+ *
+ * This file implements the NSSCKMDSlot object for the
+ * "builtin objects" cryptoki module.
+ */
+
+static NSSUTF8 *
+builtins_mdSlot_GetSlotDescription(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_SlotDescription;
+}
+
+static NSSUTF8 *
+builtins_mdSlot_GetManufacturerID(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_ManufacturerID;
+}
+
+static CK_VERSION
+builtins_mdSlot_GetHardwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_builtins_HardwareVersion;
+}
+
+static CK_VERSION
+builtins_mdSlot_GetFirmwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_builtins_FirmwareVersion;
+}
+
+static NSSCKMDToken *
+builtins_mdSlot_GetToken(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSCKMDToken *)&nss_builtins_mdToken;
+}
+
+const NSSCKMDSlot
+    nss_builtins_mdSlot = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Destroy */
+        builtins_mdSlot_GetSlotDescription,
+        builtins_mdSlot_GetManufacturerID,
+        NULL, /* GetTokenPresent -- defaults to true */
+        NULL, /* GetRemovableDevice -- defaults to false */
+        NULL, /* GetHardwareSlot -- defaults to false */
+        builtins_mdSlot_GetHardwareVersion,
+        builtins_mdSlot_GetFirmwareVersion,
+        builtins_mdSlot_GetToken,
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/builtins/btoken.c b/nss/lib/ckfw/builtins/btoken.c
new file mode 100644
index 0000000..ae1e138
--- /dev/null
+++ b/nss/lib/ckfw/builtins/btoken.c
@@ -0,0 +1,135 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "builtins.h"
+
+/*
+ * builtins/token.c
+ *
+ * This file implements the NSSCKMDToken object for the
+ * "builtin objects" cryptoki module.
+ */
+
+static NSSUTF8 *
+builtins_mdToken_GetLabel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_TokenLabel;
+}
+
+static NSSUTF8 *
+builtins_mdToken_GetManufacturerID(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_ManufacturerID;
+}
+
+static NSSUTF8 *
+builtins_mdToken_GetModel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_TokenModel;
+}
+
+static NSSUTF8 *
+builtins_mdToken_GetSerialNumber(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_builtins_TokenSerialNumber;
+}
+
+static CK_BBOOL
+builtins_mdToken_GetIsWriteProtected(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_TRUE;
+}
+
+static CK_VERSION
+builtins_mdToken_GetHardwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_builtins_HardwareVersion;
+}
+
+static CK_VERSION
+builtins_mdToken_GetFirmwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_builtins_FirmwareVersion;
+}
+
+static NSSCKMDSession *
+builtins_mdToken_OpenSession(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_BBOOL rw,
+    CK_RV *pError)
+{
+    return nss_builtins_CreateSession(fwSession, pError);
+}
+
+const NSSCKMDToken
+    nss_builtins_mdToken = {
+        (void *)NULL, /* etc */
+        NULL,         /* Setup */
+        NULL,         /* Invalidate */
+        NULL,         /* InitToken -- default errs */
+        builtins_mdToken_GetLabel,
+        builtins_mdToken_GetManufacturerID,
+        builtins_mdToken_GetModel,
+        builtins_mdToken_GetSerialNumber,
+        NULL, /* GetHasRNG -- default is false */
+        builtins_mdToken_GetIsWriteProtected,
+        NULL, /* GetLoginRequired -- default is false */
+        NULL, /* GetUserPinInitialized -- default is false */
+        NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+        NULL, /* GetHasClockOnToken -- default is false */
+        NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+        NULL, /* GetSupportsDualCryptoOperations -- default is false */
+        NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxPinLen -- irrelevant */
+        NULL, /* GetMinPinLen -- irrelevant */
+        NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        builtins_mdToken_GetHardwareVersion,
+        builtins_mdToken_GetFirmwareVersion,
+        NULL, /* GetUTCTime -- no clock */
+        builtins_mdToken_OpenSession,
+        NULL,        /* GetMechanismCount -- default is zero */
+        NULL,        /* GetMechanismTypes -- irrelevant */
+        NULL,        /* GetMechanism -- irrelevant */
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/builtins/builtins.gyp b/nss/lib/ckfw/builtins/builtins.gyp
new file mode 100644
index 0000000..d854425
--- /dev/null
+++ b/nss/lib/ckfw/builtins/builtins.gyp
@@ -0,0 +1,61 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nssckbi',
+      'type': 'shared_library',
+      'sources': [
+        'anchor.c',
+        'bfind.c',
+        'binst.c',
+        'bobject.c',
+        'bsession.c',
+        'bslot.c',
+        'btoken.c',
+        'ckbiver.c',
+        'constants.c',
+        '<(INTERMEDIATE_DIR)/certdata.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/ckfw/ckfw.gyp:nssckfw',
+        '<(DEPTH)/lib/base/base.gyp:nssb'
+      ],
+      'actions': [
+        {
+          'msvs_cygwin_shell': 0,
+          'action': [
+            'perl',
+            'certdata.perl',
+            'certdata.txt',
+            '<@(_outputs)',
+          ],
+          'inputs': [
+            'certdata.perl',
+            'certdata.txt'
+          ],
+          'outputs': [
+            '<(INTERMEDIATE_DIR)/certdata.c'
+          ],
+          'action_name': 'generate_certdata_c'
+        }
+      ],
+      'variables': {
+        'mapfile': 'nssckbi.def'
+      }
+    }
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      '.'
+    ]
+  },
+  'variables': {
+    'module': 'nss',
+  }
+}
diff --git a/nss/lib/ckfw/builtins/builtins.h b/nss/lib/ckfw/builtins/builtins.h
new file mode 100644
index 0000000..a1693c2
--- /dev/null
+++ b/nss/lib/ckfw/builtins/builtins.h
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssckmdt.h"
+#include "nssckfw.h"
+
+/*
+ * I'm including this for access to the arena functions.
+ * Looks like we should publish that API.
+ */
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+/*
+ * This is where the Netscape extensions live, at least for now.
+ */
+#ifndef CKT_H
+#include "ckt.h"
+#endif /* CKT_H */
+
+struct builtinsInternalObjectStr {
+    CK_ULONG n;
+    const CK_ATTRIBUTE_TYPE *types;
+    const NSSItem *items;
+    NSSCKMDObject mdObject;
+};
+typedef struct builtinsInternalObjectStr builtinsInternalObject;
+
+extern builtinsInternalObject nss_builtins_data[];
+extern const PRUint32 nss_builtins_nObjects;
+
+extern const CK_VERSION nss_builtins_CryptokiVersion;
+extern const CK_VERSION nss_builtins_LibraryVersion;
+extern const CK_VERSION nss_builtins_HardwareVersion;
+extern const CK_VERSION nss_builtins_FirmwareVersion;
+
+extern const NSSUTF8 nss_builtins_ManufacturerID[];
+extern const NSSUTF8 nss_builtins_LibraryDescription[];
+extern const NSSUTF8 nss_builtins_SlotDescription[];
+extern const NSSUTF8 nss_builtins_TokenLabel[];
+extern const NSSUTF8 nss_builtins_TokenModel[];
+extern const NSSUTF8 nss_builtins_TokenSerialNumber[];
+
+extern const NSSCKMDInstance nss_builtins_mdInstance;
+extern const NSSCKMDSlot nss_builtins_mdSlot;
+extern const NSSCKMDToken nss_builtins_mdToken;
+
+NSS_EXTERN NSSCKMDSession *
+nss_builtins_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDFindObjects *
+nss_builtins_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDObject *
+nss_builtins_CreateMDObject(
+    NSSArena *arena,
+    builtinsInternalObject *io,
+    CK_RV *pError);
diff --git a/nss/lib/ckfw/builtins/certdata.perl b/nss/lib/ckfw/builtins/certdata.perl
new file mode 100644
index 0000000..502dfb0
--- /dev/null
+++ b/nss/lib/ckfw/builtins/certdata.perl
@@ -0,0 +1,192 @@
+#!perl -w
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+use strict;
+
+my %constants;
+my $count = 0;
+my $o;
+my @objects = ();
+my @objsize;
+
+$constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n";
+$constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n";
+
+if( scalar @ARGV == 0 ) {
+  print STDERR "Usage: $0 <input-file> [output-file]\n";
+  exit 1;
+}
+
+open(STDIN, '<', $ARGV[0])
+  or die "Could not open input file '$ARGV[0]' $!";
+if( scalar @ARGV > 1 ) {
+  open(STDOUT, '>', $ARGV[1])
+    or die "Could not open output file '$ARGV[1]' $!";
+}
+
+while(<>) {
+  my @fields = ();
+  my $size;
+
+  s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
+  next if (/^\s*$/);
+
+  # This was taken from the perl faq #4.
+  my $text = $_;
+  push(@fields, $+) while $text =~ m{
+      "([^\"\\]*(?:\\.[^\"\\]*)*)"\s?  # groups the phrase inside the quotes
+    | ([^\s]+)\s?
+    | \s
+  }gx;
+  push(@fields, undef) if substr($text,-1,1) eq '\s';
+
+  if( $fields[0] =~ /BEGINDATA/ ) {
+    next;
+  }
+
+  if( $fields[1] =~ /MULTILINE/ ) {
+    $fields[2] = "";
+    while(<>) {
+      last if /END/;
+      chomp;
+      $fields[2] .= "\"$_\"\n";
+    }
+  }
+
+  if( $fields[1] =~ /UTF8/ ) {
+    if( $fields[2] =~ /^"/ ) {
+      ;
+    } else {
+      $fields[2] = "\"" . $fields[2] . "\"";
+    }
+
+    my $scratch = eval($fields[2]);
+
+    $size = length($scratch) + 1; # null terminate
+  }
+
+  if( $fields[1] =~ /OCTAL/ ) {
+    if( $fields[2] =~ /^"/ ) {
+      ;
+    } else {
+      $fields[2] = "\"" . $fields[2] . "\"";
+    }
+
+    my $scratch = $fields[2];
+    $size = $scratch =~ tr/\\//;
+    # no null termination
+  }
+
+  if( $fields[1] =~ /^CK_/ ) {
+    my $lcv = $fields[2];
+    $lcv =~ tr/A-Z/a-z/;
+    if( !defined($constants{$fields[2]}) ) {
+      $constants{$fields[2]} = "static const $fields[1] $lcv = $fields[2];\n";
+    }
+    
+    $size = "sizeof($fields[1])";
+    $fields[2] = "&$lcv";
+  }
+
+  if( $fields[0] =~ /CKA_CLASS/ ) {
+    $count++;
+    $objsize[$count] = 0;
+  }
+
+  @{$objects[$count][$objsize[$count]++]} = ( "$fields[0]", $fields[2], "$size" );
+
+ # print "$fields[0] | $fields[1] | $size | $fields[2]\n";
+}
+
+doprint();
+
+sub dudump {
+my $i;
+for( $i = 1; $i <= $count; $i++ ) {
+  print "\n";
+  $o = $objects[$i];
+  my @ob = @{$o};
+  my $l;
+  my $j;
+  for( $j = 0; $j < @ob; $j++ ) {
+    $l = $ob[$j];
+    my @a = @{$l};
+    print "$a[0] ! $a[1] ! $a[2]\n";
+  }
+}
+
+}
+
+sub doprint {
+my $i;
+
+print <<EOD
+/* THIS IS A GENERATED FILE */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BUILTINS_H
+#include "builtins.h"
+#endif /* BUILTINS_H */
+
+EOD
+    ;
+
+foreach $b (sort values(%constants)) {
+  print $b;
+}
+
+for( $i = 1; $i <= $count; $i++ ) {
+  print "static const CK_ATTRIBUTE_TYPE nss_builtins_types_$i [] = {\n";
+  $o = $objects[$i];
+  my @ob = @{$o};
+  my $j;
+  for( $j = 0; $j < @ob; $j++ ) {
+    my $l = $ob[$j];
+    my @a = @{$l};
+    print " $a[0]";
+    if( $j+1 != @ob ) {
+      print ", ";
+    }
+  }
+  print "\n};\n";
+}
+
+for( $i = 1; $i <= $count; $i++ ) {
+  print "static const NSSItem nss_builtins_items_$i [] = {\n";
+  $o = $objects[$i];
+  my @ob = @{$o};
+  my $j;
+  for( $j = 0; $j < @ob; $j++ ) {
+    my $l = $ob[$j];
+    my @a = @{$l};
+    print "  { (void *)$a[1], (PRUint32)$a[2] }";
+    if( $j+1 != @ob ) {
+      print ",\n";
+    } else {
+      print "\n";
+    }
+  }
+  print "};\n";
+}
+
+print "\nbuiltinsInternalObject\n";
+print "nss_builtins_data[] = {\n";
+
+for( $i = 1; $i <= $count; $i++ ) {
+  print "  { $objsize[$i], nss_builtins_types_$i, nss_builtins_items_$i, {NULL} }";
+  if( $i == $count ) {
+    print "\n";
+  } else {
+    print ",\n";
+  }
+}
+
+print "};\n";
+
+print "const PRUint32\n";
+print "nss_builtins_nObjects = $count;\n";
+}
diff --git a/nss/lib/ckfw/builtins/certdata.txt b/nss/lib/ckfw/builtins/certdata.txt
new file mode 100644
index 0000000..c8ddd96
--- /dev/null
+++ b/nss/lib/ckfw/builtins/certdata.txt
@@ -0,0 +1,30029 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# certdata.txt
+#
+# This file contains the object definitions for the certs and other
+# information "built into" NSS.
+#
+# Object definitions:
+#
+#    Certificates
+#
+#  -- Attribute --          -- type --              -- value --
+#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE
+#  CKA_TOKEN                CK_BBOOL                CK_TRUE
+#  CKA_PRIVATE              CK_BBOOL                CK_FALSE
+#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE
+#  CKA_LABEL                UTF8                    (varies)
+#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509
+#  CKA_SUBJECT              DER+base64              (varies)
+#  CKA_ID                   byte array              (varies)
+#  CKA_ISSUER               DER+base64              (varies)
+#  CKA_SERIAL_NUMBER        DER+base64              (varies)
+#  CKA_VALUE                DER+base64              (varies)
+#  CKA_NSS_EMAIL            ASCII7                  (unused here)
+#
+#    Trust
+#
+#  -- Attribute --              -- type --          -- value --
+#  CKA_CLASS                    CK_OBJECT_CLASS     CKO_TRUST
+#  CKA_TOKEN                    CK_BBOOL            CK_TRUE
+#  CKA_PRIVATE                  CK_BBOOL            CK_FALSE
+#  CKA_MODIFIABLE               CK_BBOOL            CK_FALSE
+#  CKA_LABEL                    UTF8                (varies)
+#  CKA_ISSUER                   DER+base64          (varies)
+#  CKA_SERIAL_NUMBER            DER+base64          (varies)
+#  CKA_CERT_HASH                binary+base64       (varies)
+#  CKA_EXPIRES                  CK_DATE             (not used here)
+#  CKA_TRUST_DIGITAL_SIGNATURE  CK_TRUST            (varies)
+#  CKA_TRUST_NON_REPUDIATION    CK_TRUST            (varies)
+#  CKA_TRUST_KEY_ENCIPHERMENT   CK_TRUST            (varies)
+#  CKA_TRUST_DATA_ENCIPHERMENT  CK_TRUST            (varies)
+#  CKA_TRUST_KEY_AGREEMENT      CK_TRUST            (varies)
+#  CKA_TRUST_KEY_CERT_SIGN      CK_TRUST            (varies)
+#  CKA_TRUST_CRL_SIGN           CK_TRUST            (varies)
+#  CKA_TRUST_SERVER_AUTH        CK_TRUST            (varies)
+#  CKA_TRUST_CLIENT_AUTH        CK_TRUST            (varies)
+#  CKA_TRUST_CODE_SIGNING       CK_TRUST            (varies)
+#  CKA_TRUST_EMAIL_PROTECTION   CK_TRUST            (varies)
+#  CKA_TRUST_IPSEC_END_SYSTEM   CK_TRUST            (varies)
+#  CKA_TRUST_IPSEC_TUNNEL       CK_TRUST            (varies)
+#  CKA_TRUST_IPSEC_USER         CK_TRUST            (varies)
+#  CKA_TRUST_TIME_STAMPING      CK_TRUST            (varies)
+#  CKA_TRUST_STEP_UP_APPROVED   CK_BBOOL            (varies)
+#  (other trust attributes can be defined)
+#
+
+#
+# The object to tell NSS that this is a root list and we don't
+# have to go looking for others.
+#
+BEGINDATA
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTIN_ROOT_LIST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Mozilla Builtin Roots"
+
+# Distrust "Distrust a pb.com certificate that does not comply with the baseline requirements."
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 1407252 (0x157914)
+# Subject: CN=*.pb.com,OU=Meters,O=Pitney Bowes,L=Danbury,ST=Connecticut,C=US
+# Not Valid Before: Mon Feb 01 14:54:04 2010
+# Not Valid After : Tue Sep 30 00:00:00 2014
+# Fingerprint (MD5): 8F:46:BE:99:47:6F:93:DC:5C:01:54:50:D0:4A:BD:AC
+# Fingerprint (SHA1): 30:F1:82:CA:1A:5E:4E:4F:F3:6E:D0:E6:38:18:B8:B9:41:CB:5F:8C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust a pb.com certificate that does not comply with the baseline requirements."
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\020\060\016\006\003\125\004\012\023\007\105\161\165\151\146\141
+\170\061\055\060\053\006\003\125\004\013\023\044\105\161\165\151
+\146\141\170\040\123\145\143\165\162\145\040\103\145\162\164\151
+\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\025\171\024
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GlobalSign Root CA"
+#
+# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94
+# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Not Valid Before: Tue Sep 01 12:00:00 1998
+# Not Valid After : Fri Jan 28 12:00:00 2028
+# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
+# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061
+\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
+\123\151\147\156\040\156\166\055\163\141\061\020\060\016\006\003
+\125\004\013\023\007\122\157\157\164\040\103\101\061\033\060\031
+\006\003\125\004\003\023\022\107\154\157\142\141\154\123\151\147
+\156\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061
+\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
+\123\151\147\156\040\156\166\055\163\141\061\020\060\016\006\003
+\125\004\013\023\007\122\157\157\164\040\103\101\061\033\060\031
+\006\003\125\004\003\023\022\107\154\157\142\141\154\123\151\147
+\156\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\025\113\132\303\224
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\165\060\202\002\135\240\003\002\001\002\002\013\004
+\000\000\000\000\001\025\113\132\303\224\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\060\127\061\013\060\011\006
+\003\125\004\006\023\002\102\105\061\031\060\027\006\003\125\004
+\012\023\020\107\154\157\142\141\154\123\151\147\156\040\156\166
+\055\163\141\061\020\060\016\006\003\125\004\013\023\007\122\157
+\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022
+\107\154\157\142\141\154\123\151\147\156\040\122\157\157\164\040
+\103\101\060\036\027\015\071\070\060\071\060\061\061\062\060\060
+\060\060\132\027\015\062\070\060\061\062\070\061\062\060\060\060
+\060\132\060\127\061\013\060\011\006\003\125\004\006\023\002\102
+\105\061\031\060\027\006\003\125\004\012\023\020\107\154\157\142
+\141\154\123\151\147\156\040\156\166\055\163\141\061\020\060\016
+\006\003\125\004\013\023\007\122\157\157\164\040\103\101\061\033
+\060\031\006\003\125\004\003\023\022\107\154\157\142\141\154\123
+\151\147\156\040\122\157\157\164\040\103\101\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\332\016\346\231
+\215\316\243\343\117\212\176\373\361\213\203\045\153\352\110\037
+\361\052\260\271\225\021\004\275\360\143\321\342\147\146\317\034
+\335\317\033\110\053\356\215\211\216\232\257\051\200\145\253\351
+\307\055\022\313\253\034\114\160\007\241\075\012\060\315\025\215
+\117\370\335\324\214\120\025\034\357\120\356\304\056\367\374\351
+\122\362\221\175\340\155\325\065\060\216\136\103\163\362\101\351
+\325\152\343\262\211\072\126\071\070\157\006\074\210\151\133\052
+\115\305\247\124\270\154\211\314\233\371\074\312\345\375\211\365
+\022\074\222\170\226\326\334\164\156\223\104\141\321\215\307\106
+\262\165\016\206\350\031\212\325\155\154\325\170\026\225\242\351
+\310\012\070\353\362\044\023\117\163\124\223\023\205\072\033\274
+\036\064\265\213\005\214\271\167\213\261\333\037\040\221\253\011
+\123\156\220\316\173\067\164\271\160\107\221\042\121\143\026\171
+\256\261\256\101\046\010\310\031\053\321\106\252\110\326\144\052
+\327\203\064\377\054\052\301\154\031\103\112\007\205\347\323\174
+\366\041\150\357\352\362\122\237\177\223\220\317\002\003\001\000
+\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
+\024\140\173\146\032\105\015\227\312\211\120\057\175\004\315\064
+\250\377\374\375\113\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\001\001\000\326\163\347\174\117\166\320
+\215\277\354\272\242\276\064\305\050\062\265\174\374\154\234\054
+\053\275\011\236\123\277\153\136\252\021\110\266\345\010\243\263
+\312\075\141\115\323\106\011\263\076\303\240\343\143\125\033\362
+\272\357\255\071\341\103\271\070\243\346\057\212\046\073\357\240
+\120\126\371\306\012\375\070\315\304\013\160\121\224\227\230\004
+\337\303\137\224\325\025\311\024\101\234\304\135\165\144\025\015
+\377\125\060\354\206\217\377\015\357\054\271\143\106\366\252\374
+\337\274\151\375\056\022\110\144\232\340\225\360\246\357\051\217
+\001\261\025\265\014\035\245\376\151\054\151\044\170\036\263\247
+\034\161\142\356\312\310\227\254\027\135\212\302\370\107\206\156
+\052\304\126\061\225\320\147\211\205\053\371\154\246\135\106\235
+\014\252\202\344\231\121\335\160\267\333\126\075\141\344\152\341
+\134\326\366\376\075\336\101\314\007\256\143\122\277\123\123\364
+\053\351\307\375\266\367\202\137\205\322\101\030\333\201\263\004
+\034\305\037\244\200\157\025\040\311\336\014\210\012\035\326\146
+\125\342\374\110\311\051\046\151\340
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GlobalSign Root CA"
+# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94
+# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Not Valid Before: Tue Sep 01 12:00:00 1998
+# Not Valid After : Fri Jan 28 12:00:00 2028
+# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
+# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\261\274\226\213\324\364\235\142\052\250\232\201\362\025\001\122
+\244\035\202\234
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\076\105\122\025\011\121\222\341\267\135\067\237\261\207\051\212
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061
+\031\060\027\006\003\125\004\012\023\020\107\154\157\142\141\154
+\123\151\147\156\040\156\166\055\163\141\061\020\060\016\006\003
+\125\004\013\023\007\122\157\157\164\040\103\101\061\033\060\031
+\006\003\125\004\003\023\022\107\154\157\142\141\154\123\151\147
+\156\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\025\113\132\303\224
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GlobalSign Root CA - R2"
+#
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
+# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign Root CA - R2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
+\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040
+\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
+\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040
+\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\017\206\046\346\015
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\272\060\202\002\242\240\003\002\001\002\002\013\004
+\000\000\000\000\001\017\206\046\346\015\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\060\114\061\040\060\036\006
+\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147\156
+\040\122\157\157\164\040\103\101\040\055\040\122\062\061\023\060
+\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123\151
+\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154\157
+\142\141\154\123\151\147\156\060\036\027\015\060\066\061\062\061
+\065\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065
+\060\070\060\060\060\060\132\060\114\061\040\060\036\006\003\125
+\004\013\023\027\107\154\157\142\141\154\123\151\147\156\040\122
+\157\157\164\040\103\101\040\055\040\122\062\061\023\060\021\006
+\003\125\004\012\023\012\107\154\157\142\141\154\123\151\147\156
+\061\023\060\021\006\003\125\004\003\023\012\107\154\157\142\141
+\154\123\151\147\156\060\202\001\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+\012\002\202\001\001\000\246\317\044\016\276\056\157\050\231\105
+\102\304\253\076\041\124\233\013\323\177\204\160\372\022\263\313
+\277\207\137\306\177\206\323\262\060\134\326\375\255\361\173\334
+\345\370\140\226\011\222\020\365\320\123\336\373\173\176\163\210
+\254\122\210\173\112\246\312\111\246\136\250\247\214\132\021\274
+\172\202\353\276\214\351\263\254\226\045\007\227\112\231\052\007
+\057\264\036\167\277\212\017\265\002\174\033\226\270\305\271\072
+\054\274\326\022\271\353\131\175\342\320\006\206\137\136\111\152
+\265\071\136\210\064\354\274\170\014\010\230\204\154\250\315\113
+\264\240\175\014\171\115\360\270\055\313\041\312\325\154\133\175
+\341\240\051\204\241\371\323\224\111\313\044\142\221\040\274\335
+\013\325\331\314\371\352\047\012\053\163\221\306\235\033\254\310
+\313\350\340\240\364\057\220\213\115\373\260\066\033\366\031\172
+\205\340\155\362\141\023\210\134\237\340\223\012\121\227\212\132
+\316\257\253\325\367\252\011\252\140\275\334\331\137\337\162\251
+\140\023\136\000\001\311\112\372\077\244\352\007\003\041\002\216
+\202\312\003\302\233\217\002\003\001\000\001\243\201\234\060\201
+\231\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\035\006\003\125\035\016\004\026\004\024\233\342\007
+\127\147\034\036\300\152\006\336\131\264\232\055\337\334\031\206
+\056\060\066\006\003\125\035\037\004\057\060\055\060\053\240\051
+\240\047\206\045\150\164\164\160\072\057\057\143\162\154\056\147
+\154\157\142\141\154\163\151\147\156\056\156\145\164\057\162\157
+\157\164\055\162\062\056\143\162\154\060\037\006\003\125\035\043
+\004\030\060\026\200\024\233\342\007\127\147\034\036\300\152\006
+\336\131\264\232\055\337\334\031\206\056\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\001\001\000\231\201
+\123\207\034\150\227\206\221\354\340\112\270\104\013\253\201\254
+\047\117\326\301\270\034\103\170\263\014\232\374\352\054\074\156
+\141\033\115\113\051\365\237\005\035\046\301\270\351\203\000\142
+\105\266\251\010\223\271\251\063\113\030\232\302\370\207\210\116
+\333\335\161\064\032\301\124\332\106\077\340\323\052\253\155\124
+\042\365\072\142\315\040\157\272\051\211\327\335\221\356\323\134
+\242\076\241\133\101\365\337\345\144\103\055\351\325\071\253\322
+\242\337\267\213\320\300\200\031\034\105\300\055\214\350\370\055
+\244\164\126\111\305\005\265\117\025\336\156\104\170\071\207\250
+\176\273\363\171\030\221\273\364\157\235\301\360\214\065\214\135
+\001\373\303\155\271\357\104\155\171\106\061\176\012\376\251\202
+\301\377\357\253\156\040\304\120\311\137\235\115\233\027\214\014
+\345\001\311\240\101\152\163\123\372\245\120\264\156\045\017\373
+\114\030\364\375\122\331\216\151\261\350\021\017\336\210\330\373
+\035\111\367\252\336\225\317\040\170\302\140\022\333\045\100\214
+\152\374\176\102\070\100\144\022\367\236\201\341\223\056
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GlobalSign Root CA - R2"
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
+# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign Root CA - R2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\165\340\253\266\023\205\022\047\034\004\370\137\335\336\070\344
+\267\044\056\376
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\224\024\167\176\076\136\375\217\060\275\101\260\317\347\320\060
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
+\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040
+\055\040\122\062\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\017\206\046\346\015
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
+#
+# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\061\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\061\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\213\133\165\126\204\124\205\013\000\317\257\070\110
+\316\261\244
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\032\060\202\003\002\002\021\000\213\133\165\126\204
+\124\205\013\000\317\257\070\110\316\261\244\060\015\006\011\052
+\206\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003
+\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111
+\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145
+\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164
+\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050
+\143\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156
+\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164
+\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171
+\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123
+\151\147\156\040\103\154\141\163\163\040\061\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060
+\061\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066
+\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012
+\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056
+\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123
+\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162
+\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040
+\061\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111
+\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060
+\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156
+\040\103\154\141\163\163\040\061\040\120\165\142\154\151\143\040
+\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040
+\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\335\204\324\271\264\371\247\330\363\004\170
+\234\336\075\334\154\023\026\331\172\335\044\121\146\300\307\046
+\131\015\254\006\010\302\224\321\063\037\360\203\065\037\156\033
+\310\336\252\156\025\116\124\047\357\304\155\032\354\013\343\016
+\360\104\245\127\307\100\130\036\243\107\037\161\354\140\366\155
+\224\310\030\071\355\376\102\030\126\337\344\114\111\020\170\116
+\001\166\065\143\022\066\335\146\274\001\004\066\243\125\150\325
+\242\066\011\254\253\041\046\124\006\255\077\312\024\340\254\312
+\255\006\035\225\342\370\235\361\340\140\377\302\177\165\053\114
+\314\332\376\207\231\041\352\272\376\076\124\327\322\131\170\333
+\074\156\317\240\023\000\032\270\047\241\344\276\147\226\312\240
+\305\263\234\335\311\165\236\353\060\232\137\243\315\331\256\170
+\031\077\043\351\134\333\051\275\255\125\310\033\124\214\143\366
+\350\246\352\307\067\022\134\243\051\036\002\331\333\037\073\264
+\327\017\126\107\201\025\004\112\257\203\047\321\305\130\210\301
+\335\366\252\247\243\030\332\150\252\155\021\121\341\277\145\153
+\237\226\166\321\075\002\003\001\000\001\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\001\001\000\253\146
+\215\327\263\272\307\232\266\346\125\320\005\361\237\061\215\132
+\252\331\252\106\046\017\161\355\245\255\123\126\142\001\107\052
+\104\351\376\077\164\013\023\233\271\364\115\033\262\321\137\262
+\266\322\210\134\263\237\315\313\324\247\331\140\225\204\072\370
+\301\067\035\141\312\347\260\305\345\221\332\124\246\254\061\201
+\256\227\336\315\010\254\270\300\227\200\177\156\162\244\347\151
+\023\225\145\037\304\223\074\375\171\217\004\324\076\117\352\367
+\236\316\315\147\174\117\145\002\377\221\205\124\163\307\377\066
+\367\206\055\354\320\136\117\377\021\237\162\006\326\270\032\361
+\114\015\046\145\342\104\200\036\307\237\343\335\350\012\332\354
+\245\040\200\151\150\241\117\176\341\153\317\007\101\372\203\216
+\274\070\335\260\056\021\261\153\262\102\314\232\274\371\110\042
+\171\112\031\017\262\034\076\040\164\331\152\303\276\362\050\170
+\023\126\171\117\155\120\352\033\260\265\127\261\067\146\130\043
+\363\334\017\337\012\207\304\357\206\005\325\070\024\140\231\243
+\113\336\006\226\161\054\362\333\266\037\244\357\077\356
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\040\102\205\334\367\353\166\101\225\127\216\023\153\324\267\321
+\351\216\106\245
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\261\107\274\030\127\321\030\240\170\055\354\161\350\052\225\163
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\061\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\213\133\165\126\204\124\205\013\000\317\257\070\110
+\316\261\244
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
+#
+# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\062\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\062\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\141\160\313\111\214\137\230\105\051\347\260\246\331\120
+\133\172
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\031\060\202\003\001\002\020\141\160\313\111\214\137
+\230\105\051\347\260\246\331\120\133\172\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125
+\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156
+\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162
+\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167
+\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143
+\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156\054
+\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150
+\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061
+\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151
+\147\156\040\103\154\141\163\163\040\062\040\120\165\142\154\151
+\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060\061
+\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066\062
+\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003\125
+\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012\023
+\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056\061
+\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123\151
+\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040\061
+\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111\156
+\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151
+\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060\103
+\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156\040
+\103\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120
+\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055
+\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\257\012\015\302\325\054\333\147\271\055\345\224
+\047\335\245\276\340\260\115\217\263\141\126\074\326\174\303\364
+\315\076\206\313\242\210\342\341\330\244\151\305\265\342\277\301
+\246\107\120\136\106\071\213\325\226\272\265\157\024\277\020\316
+\047\023\236\005\107\233\061\172\023\330\037\331\323\002\067\213
+\255\054\107\360\216\201\006\247\015\060\014\353\367\074\017\040
+\035\334\162\106\356\245\002\310\133\303\311\126\151\114\305\030
+\301\221\173\013\325\023\000\233\274\357\303\110\076\106\140\040
+\205\052\325\220\266\315\213\240\314\062\335\267\375\100\125\262
+\120\034\126\256\314\215\167\115\307\040\115\247\061\166\357\150
+\222\212\220\036\010\201\126\262\255\151\243\122\320\313\034\304
+\043\075\037\231\376\114\350\026\143\216\306\010\216\366\061\366
+\322\372\345\166\335\265\034\222\243\111\315\315\001\315\150\315
+\251\151\272\243\353\035\015\234\244\040\246\301\240\305\321\106
+\114\027\155\322\254\146\077\226\214\340\204\324\066\377\042\131
+\305\371\021\140\250\137\004\175\362\032\366\045\102\141\017\304
+\112\270\076\211\002\003\001\000\001\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\064\046\025
+\074\300\215\115\103\111\035\275\351\041\222\327\146\234\267\336
+\305\270\320\344\135\137\166\042\300\046\371\204\072\072\371\214
+\265\373\354\140\361\350\316\004\260\310\335\247\003\217\060\363
+\230\337\244\346\244\061\337\323\034\013\106\334\162\040\077\256
+\356\005\074\244\063\077\013\071\254\160\170\163\113\231\053\337
+\060\302\124\260\250\073\125\241\376\026\050\315\102\275\164\156
+\200\333\047\104\247\316\104\135\324\033\220\230\015\036\102\224
+\261\000\054\004\320\164\243\002\005\042\143\143\315\203\265\373
+\301\155\142\153\151\165\375\135\160\101\271\365\277\174\337\276
+\301\062\163\042\041\213\130\201\173\025\221\172\272\343\144\110
+\260\177\373\066\045\332\225\320\361\044\024\027\335\030\200\153
+\106\043\071\124\365\216\142\011\004\035\224\220\246\233\346\045
+\342\102\105\252\270\220\255\276\010\217\251\013\102\030\224\317
+\162\071\341\261\103\340\050\317\267\347\132\154\023\153\111\263
+\377\343\030\174\211\213\063\135\254\063\327\247\371\332\072\125
+\311\130\020\371\252\357\132\266\317\113\113\337\052
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\141\357\103\327\177\312\324\141\121\274\230\340\303\131\022\257
+\237\353\143\021
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\370\276\304\143\042\311\250\106\164\213\270\035\036\112\053\366
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\062\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\141\160\313\111\214\137\230\105\051\347\260\246\331\120
+\133\172
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
+#
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161
+\051\357\127
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\032\060\202\003\002\002\021\000\233\176\006\111\243
+\076\142\271\325\356\220\110\161\051\357\127\060\015\006\011\052
+\206\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003
+\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111
+\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145
+\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164
+\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050
+\143\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156
+\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164
+\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171
+\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123
+\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060
+\061\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066
+\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012
+\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056
+\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123
+\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162
+\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040
+\061\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111
+\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060
+\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156
+\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143\040
+\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040
+\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\313\272\234\122\374\170\037\032\036\157\033
+\067\163\275\370\311\153\224\022\060\117\360\066\107\365\320\221
+\012\365\027\310\245\141\301\026\100\115\373\212\141\220\345\166
+\040\301\021\006\175\253\054\156\246\365\021\101\216\372\055\255
+\052\141\131\244\147\046\114\320\350\274\122\133\160\040\004\130
+\321\172\311\244\151\274\203\027\144\255\005\213\274\320\130\316
+\215\214\365\353\360\102\111\013\235\227\047\147\062\156\341\256
+\223\025\034\160\274\040\115\057\030\336\222\210\350\154\205\127
+\021\032\351\176\343\046\021\124\242\105\226\125\203\312\060\211
+\350\334\330\243\355\052\200\077\177\171\145\127\076\025\040\146
+\010\057\225\223\277\252\107\057\250\106\227\360\022\342\376\302
+\012\053\121\346\166\346\267\106\267\342\015\246\314\250\303\114
+\131\125\211\346\350\123\134\034\352\235\360\142\026\013\247\311
+\137\014\360\336\302\166\316\257\367\152\362\372\101\246\242\063
+\024\311\345\172\143\323\236\142\067\325\205\145\236\016\346\123
+\044\164\033\136\035\022\123\133\307\054\347\203\111\073\025\256
+\212\150\271\127\227\002\003\001\000\001\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\001\001\000\021\024
+\226\301\253\222\010\367\077\057\311\262\376\344\132\237\144\336
+\333\041\117\206\231\064\166\066\127\335\320\025\057\305\255\177
+\025\037\067\142\163\076\324\347\137\316\027\003\333\065\372\053
+\333\256\140\011\137\036\137\217\156\273\013\075\352\132\023\036
+\014\140\157\265\300\265\043\042\056\007\013\313\251\164\313\107
+\273\035\301\327\245\153\314\057\322\102\375\111\335\247\211\317
+\123\272\332\000\132\050\277\202\337\370\272\023\035\120\206\202
+\375\216\060\217\051\106\260\036\075\065\332\070\142\026\030\112
+\255\346\266\121\154\336\257\142\353\001\320\036\044\376\172\217
+\022\032\022\150\270\373\146\231\024\024\105\134\256\347\256\151
+\027\201\053\132\067\311\136\052\364\306\342\241\134\124\233\246
+\124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156
+\352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255
+\117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126
+\200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255
+\153\271\012\172\116\117\113\204\356\113\361\175\335\021
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166
+\140\233\134\306
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\315\150\266\247\307\304\316\165\340\035\117\127\104\141\222\011
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161
+\051\357\127
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:4c:00:36:1b:e5:08:2b:a9:aa:ce:74:0a:05:3e:fb:34
+# Subject: CN=Egypt Trust Class 3 Managed PKI Enterprise Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
+# Not Valid Before: Sun May 18 00:00:00 2008
+# Not Valid After : Thu May 17 23:59:59 2018
+# Fingerprint (MD5): A7:91:05:96:B1:56:01:26:4E:BF:80:80:08:86:1B:4D
+# Fingerprint (SHA1): 6A:2C:5C:B0:94:D5:E0:B7:57:FB:0F:58:42:AA:C8:13:A5:80:2F:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 1/3)"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\114\000\066\033\345\010\053\251\252\316\164\012\005\076
+\373\064
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:3e:0c:9e:87:69:aa:95:5c:ea:23:d8:45:9e:d4:5b:51
+# Subject: CN=Egypt Trust Class 3 Managed PKI Operational Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
+# Not Valid Before: Sun May 18 00:00:00 2008
+# Not Valid After : Thu May 17 23:59:59 2018
+# Fingerprint (MD5): D0:C3:71:17:3E:39:80:C6:50:4F:04:22:DF:40:E1:34
+# Fingerprint (SHA1): 9C:65:5E:D5:FA:E3:B8:96:4D:89:72:F6:3A:63:53:59:3F:5E:B4:4E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 2/3)"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\014\236\207\151\252\225\134\352\043\330\105\236\324
+\133\121
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Distrust "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:12:bd:26:a2:ae:33:c0:7f:24:7b:6a:58:69:f2:0a:76
+# Subject: CN=Egypt Trust Class 3 Managed PKI SCO Administrator CA,OU=Terms of use at https://www.egypttrust.com/repository/rpa (c)08,OU=VeriSign Trust Network,O=Egypt Trust,C=EG
+# Not Valid Before: Sun May 18 00:00:00 2008
+# Not Valid After : Thu May 17 23:59:59 2018
+# Fingerprint (MD5): C2:13:5E:B2:67:8A:5C:F7:91:EF:8F:29:0F:9B:77:6E
+# Fingerprint (SHA1): 83:23:F1:4F:BC:9F:9B:80:B7:9D:ED:14:CD:01:57:CD:FB:08:95:D2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrust: O=Egypt Trust, OU=VeriSign Trust Network (cert 3/3)"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\022\275\046\242\256\063\300\177\044\173\152\130\151\362
+\012\166
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Entrust.net Premium 2048 Secure Server CA"
+#
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number: 946069240 (0x3863def8)
+# Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Not Valid Before: Fri Dec 24 17:50:51 1999
+# Not Valid After : Tue Jul 24 14:15:12 2029
+# Fingerprint (MD5): EE:29:31:BC:32:7E:9A:E6:E8:B5:F7:51:B4:34:71:90
+# Fingerprint (SHA1): 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Premium 2048 Secure Server CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\070\143\336\370
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\052\060\202\003\022\240\003\002\001\002\002\004\070
+\143\336\370\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\201\264\061\024\060\022\006\003\125\004\012\023\013
+\105\156\164\162\165\163\164\056\156\145\164\061\100\060\076\006
+\003\125\004\013\024\067\167\167\167\056\145\156\164\162\165\163
+\164\056\156\145\164\057\103\120\123\137\062\060\064\070\040\151
+\156\143\157\162\160\056\040\142\171\040\162\145\146\056\040\050
+\154\151\155\151\164\163\040\154\151\141\142\056\051\061\045\060
+\043\006\003\125\004\013\023\034\050\143\051\040\061\071\071\071
+\040\105\156\164\162\165\163\164\056\156\145\164\040\114\151\155
+\151\164\145\144\061\063\060\061\006\003\125\004\003\023\052\105
+\156\164\162\165\163\164\056\156\145\164\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\050\062\060\064\070\051\060\036\027\015\071\071\061
+\062\062\064\061\067\065\060\065\061\132\027\015\062\071\060\067
+\062\064\061\064\061\065\061\062\132\060\201\264\061\024\060\022
+\006\003\125\004\012\023\013\105\156\164\162\165\163\164\056\156
+\145\164\061\100\060\076\006\003\125\004\013\024\067\167\167\167
+\056\145\156\164\162\165\163\164\056\156\145\164\057\103\120\123
+\137\062\060\064\070\040\151\156\143\157\162\160\056\040\142\171
+\040\162\145\146\056\040\050\154\151\155\151\164\163\040\154\151
+\141\142\056\051\061\045\060\043\006\003\125\004\013\023\034\050
+\143\051\040\061\071\071\071\040\105\156\164\162\165\163\164\056
+\156\145\164\040\114\151\155\151\164\145\144\061\063\060\061\006
+\003\125\004\003\023\052\105\156\164\162\165\163\164\056\156\145
+\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\040\050\062\060\064\070\051
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\255\115\113\251\022\206\262\352\243\040\007\025\026\144\052
+\053\113\321\277\013\112\115\216\355\200\166\245\147\267\170\100
+\300\163\102\310\150\300\333\123\053\335\136\270\166\230\065\223
+\213\032\235\174\023\072\016\037\133\267\036\317\345\044\024\036
+\261\201\251\215\175\270\314\153\113\003\361\002\014\334\253\245
+\100\044\000\177\164\224\241\235\010\051\263\210\013\365\207\167
+\235\125\315\344\303\176\327\152\144\253\205\024\206\225\133\227
+\062\120\157\075\310\272\146\014\343\374\275\270\111\301\166\211
+\111\031\375\300\250\275\211\243\147\057\306\237\274\161\031\140
+\270\055\351\054\311\220\166\146\173\224\342\257\170\326\145\123
+\135\074\326\234\262\317\051\003\371\057\244\120\262\324\110\316
+\005\062\125\212\375\262\144\114\016\344\230\007\165\333\177\337
+\271\010\125\140\205\060\051\371\173\110\244\151\206\343\065\077
+\036\206\135\172\172\025\275\357\000\216\025\042\124\027\000\220
+\046\223\274\016\111\150\221\277\370\107\323\235\225\102\301\016
+\115\337\157\046\317\303\030\041\142\146\103\160\326\325\300\007
+\341\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
+\035\016\004\026\004\024\125\344\201\321\021\200\276\330\211\271
+\010\243\061\371\241\044\011\026\271\160\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\001\001\000\073\233
+\217\126\233\060\347\123\231\174\172\171\247\115\227\327\031\225
+\220\373\006\037\312\063\174\106\143\217\226\146\044\372\100\033
+\041\047\312\346\162\163\362\117\376\061\231\375\310\014\114\150
+\123\306\200\202\023\230\372\266\255\332\135\075\361\316\156\366
+\025\021\224\202\014\356\077\225\257\021\253\017\327\057\336\037
+\003\217\127\054\036\311\273\232\032\104\225\353\030\117\246\037
+\315\175\127\020\057\233\004\011\132\204\265\156\330\035\072\341
+\326\236\321\154\171\136\171\034\024\305\343\320\114\223\073\145
+\074\355\337\075\276\246\345\225\032\303\265\031\303\275\136\133
+\273\377\043\357\150\031\313\022\223\047\134\003\055\157\060\320
+\036\266\032\254\336\132\367\321\252\250\047\246\376\171\201\304
+\171\231\063\127\272\022\260\251\340\102\154\223\312\126\336\376
+\155\204\013\010\213\176\215\352\327\230\041\306\363\347\074\171
+\057\136\234\321\114\025\215\341\354\042\067\314\232\103\013\227
+\334\200\220\215\263\147\233\157\110\010\025\126\317\277\361\053
+\174\136\232\166\351\131\220\305\174\203\065\021\145\121
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Entrust.net Premium 2048 Secure Server CA"
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number: 946069240 (0x3863def8)
+# Subject: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Not Valid Before: Fri Dec 24 17:50:51 1999
+# Not Valid After : Tue Jul 24 14:15:12 2029
+# Fingerprint (MD5): EE:29:31:BC:32:7E:9A:E6:E8:B5:F7:51:B4:34:71:90
+# Fingerprint (SHA1): 50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust.net Premium 2048 Secure Server CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\120\060\006\011\035\227\324\365\256\071\367\313\347\222\175\175
+\145\055\064\061
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\356\051\061\274\062\176\232\346\350\265\367\121\264\064\161\220
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\070\143\336\370
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Baltimore CyberTrust Root"
+#
+# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Serial Number: 33554617 (0x20000b9)
+# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Not Valid Before: Fri May 12 18:46:00 2000
+# Not Valid After : Mon May 12 23:59:00 2025
+# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
+# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Baltimore CyberTrust Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061
+\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
+\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
+\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004
+\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142
+\145\162\124\162\165\163\164\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061
+\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
+\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
+\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004
+\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142
+\145\162\124\162\165\163\164\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\002\000\000\271
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\167\060\202\002\137\240\003\002\001\002\002\004\002
+\000\000\271\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\111
+\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164
+\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012
+\103\171\142\145\162\124\162\165\163\164\061\042\060\040\006\003
+\125\004\003\023\031\102\141\154\164\151\155\157\162\145\040\103
+\171\142\145\162\124\162\165\163\164\040\122\157\157\164\060\036
+\027\015\060\060\060\065\061\062\061\070\064\066\060\060\132\027
+\015\062\065\060\065\061\062\062\063\065\071\060\060\132\060\132
+\061\013\060\011\006\003\125\004\006\023\002\111\105\061\022\060
+\020\006\003\125\004\012\023\011\102\141\154\164\151\155\157\162
+\145\061\023\060\021\006\003\125\004\013\023\012\103\171\142\145
+\162\124\162\165\163\164\061\042\060\040\006\003\125\004\003\023
+\031\102\141\154\164\151\155\157\162\145\040\103\171\142\145\162
+\124\162\165\163\164\040\122\157\157\164\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\243\004\273\042\253
+\230\075\127\350\046\162\232\265\171\324\051\342\341\350\225\200
+\261\260\343\133\216\053\051\232\144\337\241\135\355\260\011\005
+\155\333\050\056\316\142\242\142\376\264\210\332\022\353\070\353
+\041\235\300\101\053\001\122\173\210\167\323\034\217\307\272\271
+\210\265\152\011\347\163\350\021\100\247\321\314\312\142\215\055
+\345\217\013\246\120\322\250\120\303\050\352\365\253\045\207\212
+\232\226\034\251\147\270\077\014\325\367\371\122\023\057\302\033
+\325\160\160\360\217\300\022\312\006\313\232\341\331\312\063\172
+\167\326\370\354\271\361\150\104\102\110\023\322\300\302\244\256
+\136\140\376\266\246\005\374\264\335\007\131\002\324\131\030\230
+\143\365\245\143\340\220\014\175\135\262\006\172\363\205\352\353
+\324\003\256\136\204\076\137\377\025\355\151\274\371\071\066\162
+\165\317\167\122\115\363\311\220\054\271\075\345\311\043\123\077
+\037\044\230\041\134\007\231\051\275\306\072\354\347\156\206\072
+\153\227\164\143\063\275\150\030\061\360\170\215\166\277\374\236
+\216\135\052\206\247\115\220\334\047\032\071\002\003\001\000\001
+\243\105\060\103\060\035\006\003\125\035\016\004\026\004\024\345
+\235\131\060\202\107\130\314\254\372\010\124\066\206\173\072\265
+\004\115\360\060\022\006\003\125\035\023\001\001\377\004\010\060
+\006\001\001\377\002\001\003\060\016\006\003\125\035\017\001\001
+\377\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\003\202\001\001\000\205\014\135\216\344
+\157\121\150\102\005\240\335\273\117\047\045\204\003\275\367\144
+\375\055\327\060\343\244\020\027\353\332\051\051\266\171\077\166
+\366\031\023\043\270\020\012\371\130\244\324\141\160\275\004\141
+\152\022\212\027\325\012\275\305\274\060\174\326\351\014\045\215
+\206\100\117\354\314\243\176\070\306\067\021\117\355\335\150\061
+\216\114\322\263\001\164\356\276\165\136\007\110\032\177\160\377
+\026\134\204\300\171\205\270\005\375\177\276\145\021\243\017\300
+\002\264\370\122\067\071\004\325\251\061\172\030\277\240\052\364
+\022\231\367\243\105\202\343\074\136\365\235\236\265\310\236\174
+\056\310\244\236\116\010\024\113\155\375\160\155\153\032\143\275
+\144\346\037\267\316\360\362\237\056\273\033\267\362\120\210\163
+\222\302\342\343\026\215\232\062\002\253\216\030\335\351\020\021
+\356\176\065\253\220\257\076\060\224\172\320\063\075\247\145\017
+\365\374\216\236\142\317\107\104\054\001\135\273\035\265\062\322
+\107\322\070\056\320\376\201\334\062\152\036\265\356\074\325\374
+\347\201\035\031\303\044\102\352\143\071\251
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Baltimore CyberTrust Root"
+# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Serial Number: 33554617 (0x20000b9)
+# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Not Valid Before: Fri May 12 18:46:00 2000
+# Not Valid After : Mon May 12 23:59:00 2025
+# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
+# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Baltimore CyberTrust Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\324\336\040\320\136\146\374\123\376\032\120\210\054\170\333\050
+\122\312\344\164
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\254\266\224\245\234\027\340\327\221\122\233\261\227\006\246\344
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061
+\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
+\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
+\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004
+\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142
+\145\162\124\162\165\163\164\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\002\000\000\271
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AddTrust Low-Value Services Root"
+#
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101
+\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040
+\103\101\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101
+\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040
+\103\101\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\030\060\202\003\000\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024
+\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163
+\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101
+\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167
+\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101\144
+\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040\103
+\101\040\122\157\157\164\060\036\027\015\060\060\060\065\063\060
+\061\060\063\070\063\061\132\027\015\062\060\060\065\063\060\061
+\060\063\070\063\061\132\060\145\061\013\060\011\006\003\125\004
+\006\023\002\123\105\061\024\060\022\006\003\125\004\012\023\013
+\101\144\144\124\162\165\163\164\040\101\102\061\035\060\033\006
+\003\125\004\013\023\024\101\144\144\124\162\165\163\164\040\124
+\124\120\040\116\145\164\167\157\162\153\061\041\060\037\006\003
+\125\004\003\023\030\101\144\144\124\162\165\163\164\040\103\154
+\141\163\163\040\061\040\103\101\040\122\157\157\164\060\202\001
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\001\017\000\060\202\001\012\002\202\001\001\000\226\226
+\324\041\111\140\342\153\350\101\007\014\336\304\340\334\023\043
+\315\301\065\307\373\326\116\021\012\147\136\365\006\133\153\245
+\010\073\133\051\026\072\347\207\262\064\006\305\274\005\245\003
+\174\202\313\051\020\256\341\210\201\275\326\236\323\376\055\126
+\301\025\316\343\046\235\025\056\020\373\006\217\060\004\336\247
+\264\143\264\377\261\234\256\074\257\167\266\126\305\265\253\242
+\351\151\072\075\016\063\171\062\077\160\202\222\231\141\155\215
+\060\010\217\161\077\246\110\127\031\370\045\334\113\146\134\245
+\164\217\230\256\310\371\300\006\042\347\254\163\337\245\056\373
+\122\334\261\025\145\040\372\065\146\151\336\337\054\361\156\274
+\060\333\054\044\022\333\353\065\065\150\220\313\000\260\227\041
+\075\164\041\043\145\064\053\273\170\131\243\326\341\166\071\232
+\244\111\216\214\164\257\156\244\232\243\331\233\322\070\134\233
+\242\030\314\165\043\204\276\353\342\115\063\161\216\032\360\302
+\370\307\035\242\255\003\227\054\370\317\045\306\366\270\044\061
+\261\143\135\222\177\143\360\045\311\123\056\037\277\115\002\003
+\001\000\001\243\201\322\060\201\317\060\035\006\003\125\035\016
+\004\026\004\024\225\261\264\360\224\266\275\307\332\321\021\011
+\041\276\301\257\111\375\020\173\060\013\006\003\125\035\017\004
+\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\201\217\006\003\125\035\043\004\201
+\207\060\201\204\200\024\225\261\264\360\224\266\275\307\332\321
+\021\011\041\276\301\257\111\375\020\173\241\151\244\147\060\145
+\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024\060
+\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163\164
+\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101\144
+\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167\157
+\162\153\061\041\060\037\006\003\125\004\003\023\030\101\144\144
+\124\162\165\163\164\040\103\154\141\163\163\040\061\040\103\101
+\040\122\157\157\164\202\001\001\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\054\155\144\033
+\037\315\015\335\271\001\372\226\143\064\062\110\107\231\256\227
+\355\375\162\026\246\163\107\132\364\353\335\351\365\326\373\105
+\314\051\211\104\135\277\106\071\075\350\356\274\115\124\206\036
+\035\154\343\027\047\103\341\211\126\053\251\157\162\116\111\063
+\343\162\174\052\043\232\274\076\377\050\052\355\243\377\034\043
+\272\103\127\011\147\115\113\142\006\055\370\377\154\235\140\036
+\330\034\113\175\265\061\057\331\320\174\135\370\336\153\203\030
+\170\067\127\057\350\063\007\147\337\036\307\153\052\225\166\256
+\217\127\243\360\364\122\264\251\123\010\317\340\117\323\172\123
+\213\375\273\034\126\066\362\376\262\266\345\166\273\325\042\145
+\247\077\376\321\146\255\013\274\153\231\206\357\077\175\363\030
+\062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173
+\054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200
+\132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317
+\213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344
+\065\341\035\026\034\320\274\053\216\326\161\331
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AddTrust Low-Value Services Root"
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353
+\044\343\224\235
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\036\102\225\002\063\222\153\271\137\300\177\332\326\262\113\374
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\003\023\030\101
+\144\144\124\162\165\163\164\040\103\154\141\163\163\040\061\040
+\103\101\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AddTrust External Root"
+#
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:48:38 2000
+# Not Valid After : Sat May 30 10:48:38 2020
+# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
+# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust External Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\066\060\202\003\036\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024
+\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163
+\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035\101
+\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141\154
+\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060\040
+\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164\040
+\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157\164
+\060\036\027\015\060\060\060\065\063\060\061\060\064\070\063\070
+\132\027\015\062\060\060\065\063\060\061\060\064\070\063\070\132
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\267\367\032\063\346\362\000\004\055\071\340\116\133\355
+\037\274\154\017\315\265\372\043\266\316\336\233\021\063\227\244
+\051\114\175\223\237\275\112\274\223\355\003\032\343\217\317\345
+\155\120\132\326\227\051\224\132\200\260\111\172\333\056\225\375
+\270\312\277\067\070\055\036\076\221\101\255\160\126\307\360\117
+\077\350\062\236\164\312\310\220\124\351\306\137\017\170\235\232
+\100\074\016\254\141\252\136\024\217\236\207\241\152\120\334\327
+\232\116\257\005\263\246\161\224\234\161\263\120\140\012\307\023
+\235\070\007\206\002\250\351\250\151\046\030\220\253\114\260\117
+\043\253\072\117\204\330\337\316\237\341\151\157\273\327\102\327
+\153\104\344\307\255\356\155\101\137\162\132\161\010\067\263\171
+\145\244\131\240\224\067\367\000\057\015\302\222\162\332\320\070
+\162\333\024\250\105\304\135\052\175\267\264\326\304\356\254\315
+\023\104\267\311\053\335\103\000\045\372\141\271\151\152\130\043
+\021\267\247\063\217\126\165\131\365\315\051\327\106\267\012\053
+\145\266\323\102\157\025\262\270\173\373\357\351\135\123\325\064
+\132\047\002\003\001\000\001\243\201\334\060\201\331\060\035\006
+\003\125\035\016\004\026\004\024\255\275\230\172\064\264\046\367
+\372\304\046\124\357\003\275\340\044\313\124\032\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\201\231\006\003\125
+\035\043\004\201\221\060\201\216\200\024\255\275\230\172\064\264
+\046\367\372\304\046\124\357\003\275\340\044\313\124\032\241\163
+\244\161\060\157\061\013\060\011\006\003\125\004\006\023\002\123
+\105\061\024\060\022\006\003\125\004\012\023\013\101\144\144\124
+\162\165\163\164\040\101\102\061\046\060\044\006\003\125\004\013
+\023\035\101\144\144\124\162\165\163\164\040\105\170\164\145\162
+\156\141\154\040\124\124\120\040\116\145\164\167\157\162\153\061
+\042\060\040\006\003\125\004\003\023\031\101\144\144\124\162\165
+\163\164\040\105\170\164\145\162\156\141\154\040\103\101\040\122
+\157\157\164\202\001\001\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\001\001\000\260\233\340\205\045\302
+\326\043\342\017\226\006\222\235\101\230\234\331\204\171\201\331
+\036\133\024\007\043\066\145\217\260\330\167\273\254\101\154\107
+\140\203\121\260\371\062\075\347\374\366\046\023\307\200\026\245
+\277\132\374\207\317\170\171\211\041\232\342\114\007\012\206\065
+\274\362\336\121\304\322\226\267\334\176\116\356\160\375\034\071
+\353\014\002\121\024\055\216\275\026\340\301\337\106\165\347\044
+\255\354\364\102\264\205\223\160\020\147\272\235\006\065\112\030
+\323\053\172\314\121\102\241\172\143\321\346\273\241\305\053\302
+\066\276\023\015\346\275\143\176\171\173\247\011\015\100\253\152
+\335\217\212\303\366\366\214\032\102\005\121\324\105\365\237\247
+\142\041\150\025\040\103\074\231\347\174\275\044\330\251\221\027
+\163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236
+\216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163
+\111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132
+\232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202
+\027\132\173\320\274\307\217\116\206\004
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AddTrust External Root"
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:48:38 2000
+# Not Valid After : Sat May 30 10:48:38 2020
+# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
+# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust External Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133
+\150\205\030\150
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\035\065\124\004\205\170\260\077\102\102\115\277\040\163\012\077
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\046\060\044\006\003\125\004\013\023\035
+\101\144\144\124\162\165\163\164\040\105\170\164\145\162\156\141
+\154\040\124\124\120\040\116\145\164\167\157\162\153\061\042\060
+\040\006\003\125\004\003\023\031\101\144\144\124\162\165\163\164
+\040\105\170\164\145\162\156\141\154\040\103\101\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AddTrust Public Services Root"
+#
+# Issuer: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:41:50 2000
+# Not Valid After : Sat May 30 10:41:50 2020
+# Fingerprint (MD5): C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
+# Fingerprint (SHA1): 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust Public Services Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\040\060\036\006\003\125\004\003\023\027\101
+\144\144\124\162\165\163\164\040\120\165\142\154\151\143\040\103
+\101\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\040\060\036\006\003\125\004\003\023\027\101
+\144\144\124\162\165\163\164\040\120\165\142\154\151\143\040\103
+\101\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\025\060\202\002\375\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024
+\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163
+\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101
+\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167
+\157\162\153\061\040\060\036\006\003\125\004\003\023\027\101\144
+\144\124\162\165\163\164\040\120\165\142\154\151\143\040\103\101
+\040\122\157\157\164\060\036\027\015\060\060\060\065\063\060\061
+\060\064\061\065\060\132\027\015\062\060\060\065\063\060\061\060
+\064\061\065\060\132\060\144\061\013\060\011\006\003\125\004\006
+\023\002\123\105\061\024\060\022\006\003\125\004\012\023\013\101
+\144\144\124\162\165\163\164\040\101\102\061\035\060\033\006\003
+\125\004\013\023\024\101\144\144\124\162\165\163\164\040\124\124
+\120\040\116\145\164\167\157\162\153\061\040\060\036\006\003\125
+\004\003\023\027\101\144\144\124\162\165\163\164\040\120\165\142
+\154\151\143\040\103\101\040\122\157\157\164\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\351\032\060\217
+\203\210\024\301\040\330\074\233\217\033\176\003\164\273\332\151
+\323\106\245\370\216\302\014\021\220\121\245\057\146\124\100\125
+\352\333\037\112\126\356\237\043\156\364\071\313\241\271\157\362
+\176\371\135\207\046\141\236\034\370\342\354\246\201\370\041\305
+\044\314\021\014\077\333\046\162\172\307\001\227\007\027\371\327
+\030\054\060\175\016\172\036\142\036\306\113\300\375\175\142\167
+\323\104\036\047\366\077\113\104\263\267\070\331\071\037\140\325
+\121\222\163\003\264\000\151\343\363\024\116\356\321\334\011\317
+\167\064\106\120\260\370\021\362\376\070\171\367\007\071\376\121
+\222\227\013\133\010\137\064\206\001\255\210\227\353\146\315\136
+\321\377\334\175\362\204\332\272\167\255\334\200\010\307\247\207
+\326\125\237\227\152\350\310\021\144\272\347\031\051\077\021\263
+\170\220\204\040\122\133\021\357\170\320\203\366\325\110\220\320
+\060\034\317\200\371\140\376\171\344\210\362\335\000\353\224\105
+\353\145\224\151\100\272\300\325\264\270\272\175\004\021\250\353
+\061\005\226\224\116\130\041\216\237\320\140\375\002\003\001\000
+\001\243\201\321\060\201\316\060\035\006\003\125\035\016\004\026
+\004\024\201\076\067\330\222\260\037\167\237\134\264\253\163\252
+\347\366\064\140\057\372\060\013\006\003\125\035\017\004\004\003
+\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\201\216\006\003\125\035\043\004\201\206\060
+\201\203\200\024\201\076\067\330\222\260\037\167\237\134\264\253
+\163\252\347\366\064\140\057\372\241\150\244\146\060\144\061\013
+\060\011\006\003\125\004\006\023\002\123\105\061\024\060\022\006
+\003\125\004\012\023\013\101\144\144\124\162\165\163\164\040\101
+\102\061\035\060\033\006\003\125\004\013\023\024\101\144\144\124
+\162\165\163\164\040\124\124\120\040\116\145\164\167\157\162\153
+\061\040\060\036\006\003\125\004\003\023\027\101\144\144\124\162
+\165\163\164\040\120\165\142\154\151\143\040\103\101\040\122\157
+\157\164\202\001\001\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\001\001\000\003\367\025\112\370\044\332
+\043\126\026\223\166\335\066\050\271\256\033\270\303\361\144\272
+\040\030\170\225\051\047\127\005\274\174\052\364\271\121\125\332
+\207\002\336\017\026\027\061\370\252\171\056\011\023\273\257\262
+\040\031\022\345\223\371\113\371\203\350\104\325\262\101\045\277
+\210\165\157\377\020\374\112\124\320\137\360\372\357\066\163\175
+\033\066\105\306\041\155\264\025\270\116\317\234\134\245\075\132
+\000\216\006\343\074\153\062\173\362\237\360\266\375\337\360\050
+\030\110\360\306\274\320\277\064\200\226\302\112\261\155\216\307
+\220\105\336\057\147\254\105\004\243\172\334\125\222\311\107\146
+\330\032\214\307\355\234\116\232\340\022\273\265\152\114\204\341
+\341\042\015\207\000\144\376\214\175\142\071\145\246\357\102\266
+\200\045\022\141\001\250\044\023\160\000\021\046\137\372\065\120
+\305\110\314\006\107\350\047\330\160\215\137\144\346\241\104\046
+\136\042\354\222\315\377\102\232\104\041\155\134\305\343\042\035
+\137\107\022\347\316\137\135\372\330\252\261\063\055\331\166\362
+\116\072\063\014\053\263\055\220\006
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AddTrust Public Services Root"
+# Issuer: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:41:50 2000
+# Not Valid After : Sat May 30 10:41:50 2020
+# Fingerprint (MD5): C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
+# Fingerprint (SHA1): 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust Public Services Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\052\266\050\110\136\170\373\363\255\236\171\020\335\153\337\231
+\162\054\226\345
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\301\142\076\043\305\202\163\234\003\131\113\053\351\167\111\177
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\040\060\036\006\003\125\004\003\023\027\101
+\144\144\124\162\165\163\164\040\120\165\142\154\151\143\040\103
+\101\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AddTrust Qualified Certificates Root"
+#
+# Issuer: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:44:50 2000
+# Not Valid After : Sat May 30 10:44:50 2020
+# Fingerprint (MD5): 27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
+# Fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust Qualified Certificates Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\043\060\041\006\003\125\004\003\023\032\101
+\144\144\124\162\165\163\164\040\121\165\141\154\151\146\151\145
+\144\040\103\101\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\043\060\041\006\003\125\004\003\023\032\101
+\144\144\124\162\165\163\164\040\121\165\141\154\151\146\151\145
+\144\040\103\101\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\036\060\202\003\006\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061\024
+\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165\163
+\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024\101
+\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164\167
+\157\162\153\061\043\060\041\006\003\125\004\003\023\032\101\144
+\144\124\162\165\163\164\040\121\165\141\154\151\146\151\145\144
+\040\103\101\040\122\157\157\164\060\036\027\015\060\060\060\065
+\063\060\061\060\064\064\065\060\132\027\015\062\060\060\065\063
+\060\061\060\064\064\065\060\132\060\147\061\013\060\011\006\003
+\125\004\006\023\002\123\105\061\024\060\022\006\003\125\004\012
+\023\013\101\144\144\124\162\165\163\164\040\101\102\061\035\060
+\033\006\003\125\004\013\023\024\101\144\144\124\162\165\163\164
+\040\124\124\120\040\116\145\164\167\157\162\153\061\043\060\041
+\006\003\125\004\003\023\032\101\144\144\124\162\165\163\164\040
+\121\165\141\154\151\146\151\145\144\040\103\101\040\122\157\157
+\164\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\344\036\232\376\334\011\132\207\244\237\107\276\021\137
+\257\204\064\333\142\074\171\170\267\351\060\265\354\014\034\052
+\304\026\377\340\354\161\353\212\365\021\156\355\117\015\221\322
+\022\030\055\111\025\001\302\244\042\023\307\021\144\377\042\022
+\232\271\216\134\057\010\317\161\152\263\147\001\131\361\135\106
+\363\260\170\245\366\016\102\172\343\177\033\314\320\360\267\050
+\375\052\352\236\263\260\271\004\252\375\366\307\264\261\270\052
+\240\373\130\361\031\240\157\160\045\176\076\151\112\177\017\042
+\330\357\255\010\021\232\051\231\341\252\104\105\232\022\136\076
+\235\155\122\374\347\240\075\150\057\360\113\160\174\023\070\255
+\274\025\045\361\326\316\253\242\300\061\326\057\237\340\377\024
+\131\374\204\223\331\207\174\114\124\023\353\237\321\055\021\370
+\030\072\072\336\045\331\367\323\100\355\244\006\022\304\073\341
+\221\301\126\065\360\024\334\145\066\011\156\253\244\007\307\065
+\321\302\003\063\066\133\165\046\155\102\361\022\153\103\157\113
+\161\224\372\064\035\355\023\156\312\200\177\230\057\154\271\145
+\330\351\002\003\001\000\001\243\201\324\060\201\321\060\035\006
+\003\125\035\016\004\026\004\024\071\225\213\142\213\134\311\324
+\200\272\130\017\227\077\025\010\103\314\230\247\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\201\221\006\003\125
+\035\043\004\201\211\060\201\206\200\024\071\225\213\142\213\134
+\311\324\200\272\130\017\227\077\025\010\103\314\230\247\241\153
+\244\151\060\147\061\013\060\011\006\003\125\004\006\023\002\123
+\105\061\024\060\022\006\003\125\004\012\023\013\101\144\144\124
+\162\165\163\164\040\101\102\061\035\060\033\006\003\125\004\013
+\023\024\101\144\144\124\162\165\163\164\040\124\124\120\040\116
+\145\164\167\157\162\153\061\043\060\041\006\003\125\004\003\023
+\032\101\144\144\124\162\165\163\164\040\121\165\141\154\151\146
+\151\145\144\040\103\101\040\122\157\157\164\202\001\001\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
+\001\000\031\253\165\352\370\213\145\141\225\023\272\151\004\357
+\206\312\023\240\307\252\117\144\033\077\030\366\250\055\054\125
+\217\005\267\060\352\102\152\035\300\045\121\055\247\277\014\263
+\355\357\010\177\154\074\106\032\352\030\103\337\166\314\371\146
+\206\234\054\150\365\351\027\370\061\263\030\304\326\110\175\043
+\114\150\301\176\273\001\024\157\305\331\156\336\273\004\102\152
+\370\366\134\175\345\332\372\207\353\015\065\122\147\320\236\227
+\166\005\223\077\225\307\001\346\151\125\070\177\020\141\231\311
+\343\137\246\312\076\202\143\110\252\342\010\110\076\252\362\262
+\205\142\246\264\247\331\275\067\234\150\265\055\126\175\260\267
+\077\240\261\007\326\351\117\334\336\105\161\060\062\177\033\056
+\011\371\277\122\241\356\302\200\076\006\134\056\125\100\301\033
+\365\160\105\260\334\135\372\366\162\132\167\322\143\315\317\130
+\211\000\102\143\077\171\071\320\104\260\202\156\101\031\350\335
+\340\301\210\132\321\036\161\223\037\044\060\164\345\036\250\336
+\074\047\067\177\203\256\236\167\317\360\060\261\377\113\231\350
+\306\241
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AddTrust Qualified Certificates Root"
+# Issuer: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:44:50 2000
+# Not Valid After : Sat May 30 10:44:50 2020
+# Fingerprint (MD5): 27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
+# Fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AddTrust Qualified Certificates Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\115\043\170\354\221\225\071\265\000\177\165\217\003\073\041\036
+\305\115\213\317
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\047\354\071\107\315\332\132\257\342\232\001\145\041\251\114\273
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061
+\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165
+\163\164\040\101\102\061\035\060\033\006\003\125\004\013\023\024
+\101\144\144\124\162\165\163\164\040\124\124\120\040\116\145\164
+\167\157\162\153\061\043\060\041\006\003\125\004\003\023\032\101
+\144\144\124\162\165\163\164\040\121\165\141\154\151\146\151\145
+\144\040\103\101\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Entrust Root Certification Authority"
+#
+# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Serial Number: 1164660820 (0x456b5054)
+# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Not Valid Before: Mon Nov 27 20:23:42 2006
+# Not Valid After : Fri Nov 27 20:53:42 2026
+# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4
+# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\167\167\167\056\145\156\164\162\165\163\164\056\156
+\145\164\057\103\120\123\040\151\163\040\151\156\143\157\162\160
+\157\162\141\164\145\144\040\142\171\040\162\145\146\145\162\145
+\156\143\145\061\037\060\035\006\003\125\004\013\023\026\050\143
+\051\040\062\060\060\066\040\105\156\164\162\165\163\164\054\040
+\111\156\143\056\061\055\060\053\006\003\125\004\003\023\044\105
+\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\167\167\167\056\145\156\164\162\165\163\164\056\156
+\145\164\057\103\120\123\040\151\163\040\151\156\143\157\162\160
+\157\162\141\164\145\144\040\142\171\040\162\145\146\145\162\145
+\156\143\145\061\037\060\035\006\003\125\004\013\023\026\050\143
+\051\040\062\060\060\066\040\105\156\164\162\165\163\164\054\040
+\111\156\143\056\061\055\060\053\006\003\125\004\003\023\044\105
+\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\105\153\120\124
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\221\060\202\003\171\240\003\002\001\002\002\004\105
+\153\120\124\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\201\260\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\026\060\024\006\003\125\004\012\023\015\105\156\164
+\162\165\163\164\054\040\111\156\143\056\061\071\060\067\006\003
+\125\004\013\023\060\167\167\167\056\145\156\164\162\165\163\164
+\056\156\145\164\057\103\120\123\040\151\163\040\151\156\143\157
+\162\160\157\162\141\164\145\144\040\142\171\040\162\145\146\145
+\162\145\156\143\145\061\037\060\035\006\003\125\004\013\023\026
+\050\143\051\040\062\060\060\066\040\105\156\164\162\165\163\164
+\054\040\111\156\143\056\061\055\060\053\006\003\125\004\003\023
+\044\105\156\164\162\165\163\164\040\122\157\157\164\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171\060\036\027\015\060\066\061\061\062\067\062
+\060\062\063\064\062\132\027\015\062\066\061\061\062\067\062\060
+\065\063\064\062\132\060\201\260\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015
+\105\156\164\162\165\163\164\054\040\111\156\143\056\061\071\060
+\067\006\003\125\004\013\023\060\167\167\167\056\145\156\164\162
+\165\163\164\056\156\145\164\057\103\120\123\040\151\163\040\151
+\156\143\157\162\160\157\162\141\164\145\144\040\142\171\040\162
+\145\146\145\162\145\156\143\145\061\037\060\035\006\003\125\004
+\013\023\026\050\143\051\040\062\060\060\066\040\105\156\164\162
+\165\163\164\054\040\111\156\143\056\061\055\060\053\006\003\125
+\004\003\023\044\105\156\164\162\165\163\164\040\122\157\157\164
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\266\225\266\103\102\372\306
+\155\052\157\110\337\224\114\071\127\005\356\303\171\021\101\150
+\066\355\354\376\232\001\217\241\070\050\374\367\020\106\146\056
+\115\036\032\261\032\116\306\321\300\225\210\260\311\377\061\213
+\063\003\333\267\203\173\076\040\204\136\355\262\126\050\247\370
+\340\271\100\161\067\305\313\107\016\227\052\150\300\042\225\142
+\025\333\107\331\365\320\053\377\202\113\311\255\076\336\114\333
+\220\200\120\077\011\212\204\000\354\060\012\075\030\315\373\375
+\052\131\232\043\225\027\054\105\236\037\156\103\171\155\014\134
+\230\376\110\247\305\043\107\134\136\375\156\347\036\264\366\150
+\105\321\206\203\133\242\212\215\261\343\051\200\376\045\161\210
+\255\276\274\217\254\122\226\113\252\121\215\344\023\061\031\350
+\116\115\237\333\254\263\152\325\274\071\124\161\312\172\172\177
+\220\335\175\035\200\331\201\273\131\046\302\021\376\346\223\342
+\367\200\344\145\373\064\067\016\051\200\160\115\257\070\206\056
+\236\177\127\257\236\027\256\353\034\313\050\041\137\266\034\330
+\347\242\004\042\371\323\332\330\313\002\003\001\000\001\243\201
+\260\060\201\255\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\053\006\003\125\035\020\004\044\060\042
+\200\017\062\060\060\066\061\061\062\067\062\060\062\063\064\062
+\132\201\017\062\060\062\066\061\061\062\067\062\060\065\063\064
+\062\132\060\037\006\003\125\035\043\004\030\060\026\200\024\150
+\220\344\147\244\246\123\200\307\206\146\244\361\367\113\103\373
+\204\275\155\060\035\006\003\125\035\016\004\026\004\024\150\220
+\344\147\244\246\123\200\307\206\146\244\361\367\113\103\373\204
+\275\155\060\035\006\011\052\206\110\206\366\175\007\101\000\004
+\020\060\016\033\010\126\067\056\061\072\064\056\060\003\002\004
+\220\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\003\202\001\001\000\223\324\060\260\327\003\040\052\320\371\143
+\350\221\014\005\040\251\137\031\312\173\162\116\324\261\333\320
+\226\373\124\132\031\054\014\010\367\262\274\205\250\235\177\155
+\073\122\263\052\333\347\324\204\214\143\366\017\313\046\001\221
+\120\154\364\137\024\342\223\164\300\023\236\060\072\120\343\264
+\140\305\034\360\042\104\215\161\107\254\310\032\311\351\233\232
+\000\140\023\377\160\176\137\021\115\111\033\263\025\122\173\311
+\124\332\277\235\225\257\153\232\330\236\351\361\344\103\215\342
+\021\104\072\277\257\275\203\102\163\122\213\252\273\247\051\317
+\365\144\034\012\115\321\274\252\254\237\052\320\377\177\177\332
+\175\352\261\355\060\045\301\204\332\064\322\133\170\203\126\354
+\234\066\303\046\342\021\366\147\111\035\222\253\214\373\353\377
+\172\356\205\112\247\120\200\360\247\134\112\224\056\137\005\231
+\074\122\101\340\315\264\143\317\001\103\272\234\203\334\217\140
+\073\363\132\264\264\173\256\332\013\220\070\165\357\201\035\146
+\322\367\127\160\066\263\277\374\050\257\161\045\205\133\023\376
+\036\177\132\264\074
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Entrust Root Certification Authority"
+# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Serial Number: 1164660820 (0x456b5054)
+# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Not Valid Before: Mon Nov 27 20:23:42 2006
+# Not Valid After : Fri Nov 27 20:53:42 2026
+# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4
+# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\263\036\261\267\100\343\154\204\002\332\334\067\324\115\365\324
+\147\111\122\371
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\326\245\303\355\135\335\076\000\301\075\207\222\037\035\077\344
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\167\167\167\056\145\156\164\162\165\163\164\056\156
+\145\164\057\103\120\123\040\151\163\040\151\156\143\157\162\160
+\157\162\141\164\145\144\040\142\171\040\162\145\146\145\162\145
+\156\143\145\061\037\060\035\006\003\125\004\013\023\026\050\143
+\051\040\062\060\060\066\040\105\156\164\162\165\163\164\054\040
+\111\156\143\056\061\055\060\053\006\003\125\004\003\023\044\105
+\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\105\153\120\124
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GeoTrust Global CA"
+#
+# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Serial Number: 144470 (0x23456)
+# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Tue May 21 04:00:00 2002
+# Not Valid After : Sat May 21 04:00:00 2022
+# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
+# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Global CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003
+\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141
+\154\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003
+\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141
+\154\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\002\064\126
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\124\060\202\002\074\240\003\002\001\002\002\003\002
+\064\126\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
+\165\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004
+\003\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142
+\141\154\040\103\101\060\036\027\015\060\062\060\065\062\061\060
+\064\060\060\060\060\132\027\015\062\062\060\065\062\061\060\064
+\060\060\060\060\132\060\102\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015\107
+\145\157\124\162\165\163\164\040\111\156\143\056\061\033\060\031
+\006\003\125\004\003\023\022\107\145\157\124\162\165\163\164\040
+\107\154\157\142\141\154\040\103\101\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\332\314\030\143\060\375
+\364\027\043\032\126\176\133\337\074\154\070\344\161\267\170\221
+\324\274\241\330\114\370\250\103\266\003\351\115\041\007\010\210
+\332\130\057\146\071\051\275\005\170\213\235\070\350\005\267\152
+\176\161\244\346\304\140\246\260\357\200\344\211\050\017\236\045
+\326\355\203\363\255\246\221\307\230\311\102\030\065\024\235\255
+\230\106\222\056\117\312\361\207\103\301\026\225\127\055\120\357
+\211\055\200\172\127\255\362\356\137\153\322\000\215\271\024\370
+\024\025\065\331\300\106\243\173\162\310\221\277\311\125\053\315
+\320\227\076\234\046\144\314\337\316\203\031\161\312\116\346\324
+\325\173\251\031\315\125\336\310\354\322\136\070\123\345\134\117
+\214\055\376\120\043\066\374\146\346\313\216\244\071\031\000\267
+\225\002\071\221\013\016\376\070\056\321\035\005\232\366\115\076
+\157\017\007\035\257\054\036\217\140\071\342\372\066\123\023\071
+\324\136\046\053\333\075\250\024\275\062\353\030\003\050\122\004
+\161\345\253\063\075\341\070\273\007\066\204\142\234\171\352\026
+\060\364\137\300\053\350\161\153\344\371\002\003\001\000\001\243
+\123\060\121\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\300
+\172\230\150\215\211\373\253\005\144\014\021\175\252\175\145\270
+\312\314\116\060\037\006\003\125\035\043\004\030\060\026\200\024
+\300\172\230\150\215\211\373\253\005\144\014\021\175\252\175\145
+\270\312\314\116\060\015\006\011\052\206\110\206\367\015\001\001
+\005\005\000\003\202\001\001\000\065\343\051\152\345\057\135\124
+\216\051\120\224\237\231\032\024\344\217\170\052\142\224\242\047
+\147\236\320\317\032\136\107\351\301\262\244\317\335\101\032\005
+\116\233\113\356\112\157\125\122\263\044\241\067\012\353\144\166
+\052\056\054\363\375\073\165\220\277\372\161\330\307\075\067\322
+\265\005\225\142\271\246\336\211\075\066\173\070\167\110\227\254
+\246\040\217\056\246\311\014\302\262\231\105\000\307\316\021\121
+\042\042\340\245\352\266\025\110\011\144\352\136\117\164\367\005
+\076\307\212\122\014\333\025\264\275\155\233\345\306\261\124\150
+\251\343\151\220\266\232\245\017\270\271\077\040\175\256\112\265
+\270\234\344\035\266\253\346\224\245\301\307\203\255\333\365\047
+\207\016\004\154\325\377\335\240\135\355\207\122\267\053\025\002
+\256\071\246\152\164\351\332\304\347\274\115\064\036\251\134\115
+\063\137\222\011\057\210\146\135\167\227\307\035\166\023\251\325
+\345\361\026\011\021\065\325\254\333\044\161\160\054\230\126\013
+\331\027\264\321\343\121\053\136\165\350\325\320\334\117\064\355
+\302\005\146\200\241\313\346\063
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GeoTrust Global CA"
+# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Serial Number: 144470 (0x23456)
+# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Tue May 21 04:00:00 2002
+# Not Valid After : Sat May 21 04:00:00 2022
+# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
+# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Global CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\336\050\364\244\377\345\271\057\243\305\003\321\243\111\247\371
+\226\052\202\022
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\367\165\253\051\373\121\116\267\167\136\377\005\074\231\216\365
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\033\060\031\006\003\125\004\003
+\023\022\107\145\157\124\162\165\163\164\040\107\154\157\142\141
+\154\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\002\064\126
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GeoTrust Global CA 2"
+#
+# Issuer: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Mon Mar 04 05:00:00 2019
+# Fingerprint (MD5): 0E:40:A7:6C:DE:03:5D:8F:D1:0F:E4:D1:8D:F9:6C:A9
+# Fingerprint (SHA1): A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Global CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\035\060\033\006\003\125\004\003
+\023\024\107\145\157\124\162\165\163\164\040\107\154\157\142\141
+\154\040\103\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\035\060\033\006\003\125\004\003
+\023\024\107\145\157\124\162\165\163\164\040\107\154\157\142\141
+\154\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\146\060\202\002\116\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026
+\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163
+\164\040\111\156\143\056\061\035\060\033\006\003\125\004\003\023
+\024\107\145\157\124\162\165\163\164\040\107\154\157\142\141\154
+\040\103\101\040\062\060\036\027\015\060\064\060\063\060\064\060
+\065\060\060\060\060\132\027\015\061\071\060\063\060\064\060\065
+\060\060\060\060\132\060\104\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015\107
+\145\157\124\162\165\163\164\040\111\156\143\056\061\035\060\033
+\006\003\125\004\003\023\024\107\145\157\124\162\165\163\164\040
+\107\154\157\142\141\154\040\103\101\040\062\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\357\074\115\100
+\075\020\337\073\123\000\341\147\376\224\140\025\076\205\210\361
+\211\015\220\310\050\043\231\005\350\053\040\235\306\363\140\106
+\330\301\262\325\214\061\331\334\040\171\044\201\277\065\062\374
+\143\151\333\261\052\153\356\041\130\362\010\351\170\313\157\313
+\374\026\122\310\221\304\377\075\163\336\261\076\247\302\175\146
+\301\365\176\122\044\032\342\325\147\221\320\202\020\327\170\113
+\117\053\102\071\275\144\055\100\240\260\020\323\070\110\106\210
+\241\014\273\072\063\052\142\230\373\000\235\023\131\177\157\073
+\162\252\356\246\017\206\371\005\141\352\147\177\014\067\226\213
+\346\151\026\107\021\302\047\131\003\263\246\140\302\041\100\126
+\372\240\307\175\072\023\343\354\127\307\263\326\256\235\211\200
+\367\001\347\054\366\226\053\023\015\171\054\331\300\344\206\173
+\113\214\014\162\202\212\373\027\315\000\154\072\023\074\260\204
+\207\113\026\172\051\262\117\333\035\324\013\363\146\067\275\330
+\366\127\273\136\044\172\270\074\213\271\372\222\032\032\204\236
+\330\164\217\252\033\177\136\364\376\105\042\041\002\003\001\000
+\001\243\143\060\141\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
+\024\161\070\066\362\002\061\123\107\053\156\272\145\106\251\020
+\025\130\040\005\011\060\037\006\003\125\035\043\004\030\060\026
+\200\024\161\070\066\362\002\061\123\107\053\156\272\145\106\251
+\020\025\130\040\005\011\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\206\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\001\001\000\003\367\265\053\253\135
+\020\374\173\262\262\136\254\233\016\176\123\170\131\076\102\004
+\376\165\243\255\254\201\116\327\002\213\136\304\055\310\122\166
+\307\054\037\374\201\062\230\321\113\306\222\223\063\065\061\057
+\374\330\035\104\335\340\201\177\235\351\213\341\144\221\142\013
+\071\010\214\254\164\235\131\331\172\131\122\227\021\271\026\173
+\157\105\323\226\331\061\175\002\066\017\234\073\156\317\054\015
+\003\106\105\353\240\364\177\110\104\306\010\100\314\336\033\160
+\265\051\255\272\213\073\064\145\165\033\161\041\035\054\024\012
+\260\226\225\270\326\352\362\145\373\051\272\117\352\221\223\164
+\151\266\362\377\341\032\320\014\321\166\205\313\212\045\275\227
+\136\054\157\025\231\046\347\266\051\377\042\354\311\002\307\126
+\000\315\111\271\263\154\173\123\004\032\342\250\311\252\022\005
+\043\302\316\347\273\004\002\314\300\107\242\344\304\051\057\133
+\105\127\211\121\356\074\353\122\010\377\007\065\036\237\065\152
+\107\112\126\230\321\132\205\037\214\365\042\277\253\316\203\363
+\342\042\051\256\175\203\100\250\272\154
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GeoTrust Global CA 2"
+# Issuer: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Mon Mar 04 05:00:00 2019
+# Fingerprint (MD5): 0E:40:A7:6C:DE:03:5D:8F:D1:0F:E4:D1:8D:F9:6C:A9
+# Fingerprint (SHA1): A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Global CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\251\351\170\010\024\067\130\210\362\005\031\260\155\053\015\053
+\140\026\220\175
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\016\100\247\154\336\003\135\217\321\017\344\321\215\371\154\251
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\035\060\033\006\003\125\004\003
+\023\024\107\145\157\124\162\165\163\164\040\107\154\157\142\141
+\154\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GeoTrust Universal CA"
+#
+# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48
+# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Universal CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003
+\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145
+\162\163\141\154\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003
+\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145
+\162\163\141\154\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\150\060\202\003\120\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026
+\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163
+\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003\023
+\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145\162
+\163\141\154\040\103\101\060\036\027\015\060\064\060\063\060\064
+\060\065\060\060\060\060\132\027\015\062\071\060\063\060\064\060
+\065\060\060\060\060\132\060\105\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023\015
+\107\145\157\124\162\165\163\164\040\111\156\143\056\061\036\060
+\034\006\003\125\004\003\023\025\107\145\157\124\162\165\163\164
+\040\125\156\151\166\145\162\163\141\154\040\103\101\060\202\002
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\002\017\000\060\202\002\012\002\202\002\001\000\246\025
+\125\240\243\306\340\037\214\235\041\120\327\301\276\053\133\265
+\244\236\241\331\162\130\275\000\033\114\277\141\311\024\035\105
+\202\253\306\035\200\326\075\353\020\234\072\257\155\044\370\274
+\161\001\236\006\365\174\137\036\301\016\125\312\203\232\131\060
+\256\031\313\060\110\225\355\042\067\215\364\112\232\162\146\076
+\255\225\300\340\026\000\340\020\037\053\061\016\327\224\124\323
+\102\063\240\064\035\036\105\166\335\117\312\030\067\354\205\025
+\172\031\010\374\325\307\234\360\362\251\056\020\251\222\346\075
+\130\075\251\026\150\074\057\165\041\030\177\050\167\245\341\141
+\027\267\246\351\370\036\231\333\163\156\364\012\242\041\154\356
+\332\252\205\222\146\257\366\172\153\202\332\272\042\010\065\017
+\317\102\361\065\372\152\356\176\053\045\314\072\021\344\155\257
+\163\262\166\035\255\320\262\170\147\032\244\071\034\121\013\147
+\126\203\375\070\135\015\316\335\360\273\053\226\037\336\173\062
+\122\375\035\273\265\006\241\262\041\136\245\326\225\150\177\360
+\231\236\334\105\010\076\347\322\011\015\065\224\335\200\116\123
+\227\327\265\011\104\040\144\026\027\003\002\114\123\015\150\336
+\325\252\162\115\223\155\202\016\333\234\275\317\264\363\134\135
+\124\172\151\011\226\326\333\021\301\215\165\250\264\317\071\310
+\316\074\274\044\174\346\142\312\341\275\175\247\275\127\145\013
+\344\376\045\355\266\151\020\334\050\032\106\275\001\035\320\227
+\265\341\230\073\300\067\144\326\075\224\356\013\341\365\050\256
+\013\126\277\161\213\043\051\101\216\206\305\113\122\173\330\161
+\253\037\212\025\246\073\203\132\327\130\001\121\306\114\101\331
+\177\330\101\147\162\242\050\337\140\203\251\236\310\173\374\123
+\163\162\131\365\223\172\027\166\016\316\367\345\134\331\013\125
+\064\242\252\133\265\152\124\347\023\312\127\354\227\155\364\136
+\006\057\105\213\130\324\043\026\222\344\026\156\050\143\131\060
+\337\120\001\234\143\211\032\237\333\027\224\202\160\067\303\044
+\236\232\107\326\132\312\116\250\151\211\162\037\221\154\333\176
+\236\033\255\307\037\163\335\054\117\031\145\375\177\223\100\020
+\056\322\360\355\074\236\056\050\076\151\046\063\305\173\002\003
+\001\000\001\243\143\060\141\060\017\006\003\125\035\023\001\001
+\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004
+\026\004\024\332\273\056\252\260\014\270\210\046\121\164\134\155
+\003\323\300\330\217\172\326\060\037\006\003\125\035\043\004\030
+\060\026\200\024\332\273\056\252\260\014\270\210\046\121\164\134
+\155\003\323\300\330\217\172\326\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\002\001\000\061\170\346\307
+\265\337\270\224\100\311\161\304\250\065\354\106\035\302\205\363
+\050\130\206\260\013\374\216\262\071\217\104\125\253\144\204\134
+\151\251\320\232\070\074\372\345\037\065\345\104\343\200\171\224
+\150\244\273\304\237\075\341\064\315\060\106\213\124\053\225\245
+\357\367\077\231\204\375\065\346\317\061\306\334\152\277\247\327
+\043\010\341\230\136\303\132\010\166\251\246\257\167\057\267\140
+\275\104\106\152\357\227\377\163\225\301\216\350\223\373\375\061
+\267\354\127\021\021\105\233\060\361\032\210\071\301\117\074\247
+\000\325\307\374\253\155\200\042\160\245\014\340\135\004\051\002
+\373\313\240\221\321\174\326\303\176\120\325\235\130\276\101\070
+\353\271\165\074\025\331\233\311\112\203\131\300\332\123\375\063
+\273\066\030\233\205\017\025\335\356\055\254\166\223\271\331\001
+\215\110\020\250\373\365\070\206\361\333\012\306\275\204\243\043
+\101\336\326\167\157\205\324\205\034\120\340\256\121\212\272\215
+\076\166\342\271\312\047\362\137\237\357\156\131\015\006\330\053
+\027\244\322\174\153\273\137\024\032\110\217\032\114\347\263\107
+\034\216\114\105\053\040\356\110\337\347\335\011\216\030\250\332
+\100\215\222\046\021\123\141\163\135\353\275\347\304\115\051\067
+\141\353\254\071\055\147\056\026\326\365\000\203\205\241\314\177
+\166\304\175\344\267\113\146\357\003\105\140\151\266\014\122\226
+\222\204\136\246\243\265\244\076\053\331\314\330\033\107\252\362
+\104\332\117\371\003\350\360\024\313\077\363\203\336\320\301\124
+\343\267\350\012\067\115\213\040\131\003\060\031\241\054\310\275
+\021\037\337\256\311\112\305\363\047\146\146\206\254\150\221\377
+\331\346\123\034\017\213\134\151\145\012\046\310\036\064\303\135
+\121\173\327\251\234\006\241\066\335\325\211\224\274\331\344\055
+\014\136\011\154\010\227\174\243\075\174\223\377\077\241\024\247
+\317\265\135\353\333\333\034\304\166\337\210\271\275\105\005\225
+\033\256\374\106\152\114\257\110\343\316\256\017\322\176\353\346
+\154\234\117\201\152\172\144\254\273\076\325\347\313\166\056\305
+\247\110\301\134\220\017\313\310\077\372\346\062\341\215\033\157
+\244\346\216\330\371\051\110\212\316\163\376\054
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GeoTrust Universal CA"
+# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48
+# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Universal CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\346\041\363\065\103\171\005\232\113\150\060\235\212\057\164\042
+\025\207\354\171
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\222\145\130\213\242\032\061\162\163\150\134\264\245\172\007\110
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\036\060\034\006\003\125\004\003
+\023\025\107\145\157\124\162\165\163\164\040\125\156\151\166\145
+\162\163\141\154\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GeoTrust Universal CA 2"
+#
+# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7
+# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Universal CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003
+\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145
+\162\163\141\154\040\103\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003
+\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145
+\162\163\141\154\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\154\060\202\003\124\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026
+\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163
+\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003\023
+\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145\162
+\163\141\154\040\103\101\040\062\060\036\027\015\060\064\060\063
+\060\064\060\065\060\060\060\060\132\027\015\062\071\060\063\060
+\064\060\065\060\060\060\060\132\060\107\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012
+\023\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061
+\040\060\036\006\003\125\004\003\023\027\107\145\157\124\162\165
+\163\164\040\125\156\151\166\145\162\163\141\154\040\103\101\040
+\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\263\124\122\301\311\076\362\331\334\261\123\032\131\051
+\347\261\303\105\050\345\327\321\355\305\305\113\241\252\164\173
+\127\257\112\046\374\330\365\136\247\156\031\333\164\014\117\065
+\133\062\013\001\343\333\353\172\167\065\352\252\132\340\326\350
+\241\127\224\360\220\243\164\126\224\104\060\003\036\134\116\053
+\205\046\164\202\172\014\166\240\157\115\316\101\055\240\025\006
+\024\137\267\102\315\173\217\130\141\064\334\052\010\371\056\303
+\001\246\042\104\034\114\007\202\346\133\316\320\112\174\004\323
+\031\163\047\360\252\230\177\056\257\116\353\207\036\044\167\152
+\135\266\350\133\105\272\334\303\241\005\157\126\216\217\020\046
+\245\111\303\056\327\101\207\042\340\117\206\312\140\265\352\241
+\143\300\001\227\020\171\275\000\074\022\155\053\025\261\254\113
+\261\356\030\271\116\226\334\334\166\377\073\276\317\137\003\300
+\374\073\350\276\106\033\377\332\100\302\122\367\376\343\072\367
+\152\167\065\320\332\215\353\136\030\152\061\307\036\272\074\033
+\050\326\153\124\306\252\133\327\242\054\033\031\314\242\002\366
+\233\131\275\067\153\206\265\155\202\272\330\352\311\126\274\251
+\066\130\375\076\031\363\355\014\046\251\223\070\370\117\301\135
+\042\006\320\227\352\341\255\306\125\340\201\053\050\203\072\372
+\364\173\041\121\000\276\122\070\316\315\146\171\250\364\201\126
+\342\320\203\011\107\121\133\120\152\317\333\110\032\135\076\367
+\313\366\145\367\154\361\225\370\002\073\062\126\202\071\172\133
+\275\057\211\033\277\241\264\350\377\177\215\214\337\003\361\140
+\116\130\021\114\353\243\077\020\053\203\232\001\163\331\224\155
+\204\000\047\146\254\360\160\100\011\102\222\255\117\223\015\141
+\011\121\044\330\222\325\013\224\141\262\207\262\355\377\232\065
+\377\205\124\312\355\104\103\254\033\074\026\153\110\112\012\034
+\100\210\037\222\302\013\000\005\377\362\310\002\112\244\252\251
+\314\231\226\234\057\130\340\175\341\276\273\007\334\137\004\162
+\134\061\064\303\354\137\055\340\075\144\220\042\346\321\354\270
+\056\335\131\256\331\241\067\277\124\065\334\163\062\117\214\004
+\036\063\262\311\106\361\330\134\310\125\120\311\150\275\250\272
+\066\011\002\003\001\000\001\243\143\060\141\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003
+\125\035\016\004\026\004\024\166\363\125\341\372\244\066\373\360
+\237\134\142\161\355\074\364\107\070\020\053\060\037\006\003\125
+\035\043\004\030\060\026\200\024\166\363\125\341\372\244\066\373
+\360\237\134\142\161\355\074\364\107\070\020\053\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\206\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001\000
+\146\301\306\043\363\331\340\056\156\137\350\317\256\260\260\045
+\115\053\370\073\130\233\100\044\067\132\313\253\026\111\377\263
+\165\171\063\241\057\155\160\027\064\221\376\147\176\217\354\233
+\345\136\202\251\125\037\057\334\324\121\007\022\376\254\026\076
+\054\065\306\143\374\334\020\353\015\243\252\320\174\314\321\320
+\057\121\056\304\024\132\336\350\031\341\076\306\314\244\051\347
+\056\204\252\006\060\170\166\124\163\050\230\131\070\340\000\015
+\142\323\102\175\041\237\256\075\072\214\325\372\167\015\030\053
+\026\016\137\066\341\374\052\265\060\044\317\340\143\014\173\130
+\032\376\231\272\102\022\261\221\364\174\150\342\310\350\257\054
+\352\311\176\256\273\052\075\015\025\334\064\225\266\030\164\250
+\152\017\307\264\364\023\304\344\133\355\012\322\244\227\114\052
+\355\057\154\022\211\075\361\047\160\252\152\003\122\041\237\100
+\250\147\120\362\363\132\037\337\337\043\366\334\170\116\346\230
+\117\125\072\123\343\357\362\364\237\307\174\330\130\257\051\042
+\227\270\340\275\221\056\260\166\354\127\021\317\357\051\104\363
+\351\205\172\140\143\344\135\063\211\027\331\061\252\332\326\363
+\030\065\162\317\207\053\057\143\043\204\135\204\214\077\127\240
+\210\374\231\221\050\046\151\231\324\217\227\104\276\216\325\110
+\261\244\050\051\361\025\264\341\345\236\335\370\217\246\157\046
+\327\011\074\072\034\021\016\246\154\067\367\255\104\207\054\050
+\307\330\164\202\263\320\157\112\127\273\065\051\047\240\213\350
+\041\247\207\144\066\135\314\330\026\254\307\262\047\100\222\125
+\070\050\215\121\156\335\024\147\123\154\161\134\046\204\115\165
+\132\266\176\140\126\251\115\255\373\233\036\227\363\015\331\322
+\227\124\167\332\075\022\267\340\036\357\010\006\254\371\205\207
+\351\242\334\257\176\030\022\203\375\126\027\101\056\325\051\202
+\175\231\364\061\366\161\251\317\054\001\047\245\005\271\252\262
+\110\116\052\357\237\223\122\121\225\074\122\163\216\126\114\027
+\100\300\011\050\344\213\152\110\123\333\354\315\125\125\361\306
+\370\351\242\054\114\246\321\046\137\176\257\132\114\332\037\246
+\362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GeoTrust Universal CA 2"
+# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7
+# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Universal CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\067\232\031\173\101\205\105\065\014\246\003\151\363\074\056\257
+\107\117\040\171
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\064\374\270\320\066\333\236\024\263\302\362\333\217\344\224\307
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\040\060\036\006\003\125\004\003
+\023\027\107\145\157\124\162\165\163\164\040\125\156\151\166\145
+\162\163\141\154\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Visa eCommerce Root"
+#
+# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
+# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Not Valid Before: Wed Jun 26 02:18:36 2002
+# Not Valid After : Fri Jun 24 00:16:12 2022
+# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
+# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Visa eCommerce Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057
+\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156
+\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166
+\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061
+\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145
+\103\157\155\155\145\162\143\145\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057
+\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156
+\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166
+\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061
+\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145
+\103\157\155\155\145\162\143\145\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220
+\034\142
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\242\060\202\002\212\240\003\002\001\002\002\020\023
+\206\065\115\035\077\006\362\301\371\145\005\325\220\034\142\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\153
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\015\060
+\013\006\003\125\004\012\023\004\126\111\123\101\061\057\060\055
+\006\003\125\004\013\023\046\126\151\163\141\040\111\156\164\145
+\162\156\141\164\151\157\156\141\154\040\123\145\162\166\151\143
+\145\040\101\163\163\157\143\151\141\164\151\157\156\061\034\060
+\032\006\003\125\004\003\023\023\126\151\163\141\040\145\103\157
+\155\155\145\162\143\145\040\122\157\157\164\060\036\027\015\060
+\062\060\066\062\066\060\062\061\070\063\066\132\027\015\062\062
+\060\066\062\064\060\060\061\066\061\062\132\060\153\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\015\060\013\006\003
+\125\004\012\023\004\126\111\123\101\061\057\060\055\006\003\125
+\004\013\023\046\126\151\163\141\040\111\156\164\145\162\156\141
+\164\151\157\156\141\154\040\123\145\162\166\151\143\145\040\101
+\163\163\157\143\151\141\164\151\157\156\061\034\060\032\006\003
+\125\004\003\023\023\126\151\163\141\040\145\103\157\155\155\145
+\162\143\145\040\122\157\157\164\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\257\127\336\126\036\156\241
+\332\140\261\224\047\313\027\333\007\077\200\205\117\310\234\266
+\320\364\157\117\317\231\330\341\333\302\110\134\072\254\071\063
+\307\037\152\213\046\075\053\065\365\110\261\221\301\002\116\004
+\226\221\173\260\063\360\261\024\116\021\157\265\100\257\033\105
+\245\112\357\176\266\254\362\240\037\130\077\022\106\140\074\215
+\241\340\175\317\127\076\063\036\373\107\361\252\025\227\007\125
+\146\245\265\055\056\330\200\131\262\247\015\267\106\354\041\143
+\377\065\253\245\002\317\052\364\114\376\173\365\224\135\204\115
+\250\362\140\217\333\016\045\074\237\163\161\317\224\337\112\352
+\333\337\162\070\214\363\226\275\361\027\274\322\272\073\105\132
+\306\247\366\306\027\213\001\235\374\031\250\052\203\026\270\072
+\110\376\116\076\240\253\006\031\351\123\363\200\023\007\355\055
+\277\077\012\074\125\040\071\054\054\000\151\164\225\112\274\040
+\262\251\171\345\030\211\221\250\334\034\115\357\273\176\067\013
+\135\376\071\245\210\122\214\000\154\354\030\174\101\275\366\213
+\165\167\272\140\235\204\347\376\055\002\003\001\000\001\243\102
+\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003
+\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\035\006\003\125\035\016\004\026\004\024\025\070
+\203\017\077\054\077\160\063\036\315\106\376\007\214\040\340\327
+\303\267\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\202\001\001\000\137\361\101\175\174\134\010\271\053\340
+\325\222\107\372\147\134\245\023\303\003\041\233\053\114\211\106
+\317\131\115\311\376\245\100\266\143\315\335\161\050\225\147\021
+\314\044\254\323\104\154\161\256\001\040\153\003\242\217\030\267
+\051\072\175\345\026\140\123\170\074\300\257\025\203\367\217\122
+\063\044\275\144\223\227\356\213\367\333\030\250\155\161\263\367
+\054\027\320\164\045\151\367\376\153\074\224\276\115\113\101\214
+\116\342\163\320\343\220\042\163\103\315\363\357\352\163\316\105
+\212\260\246\111\377\114\175\235\161\210\304\166\035\220\133\035
+\356\375\314\367\356\375\140\245\261\172\026\161\321\026\320\174
+\022\074\154\151\227\333\256\137\071\232\160\057\005\074\031\106
+\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060
+\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213
+\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000
+\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355
+\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026
+\222\340\134\366\007\017
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Visa eCommerce Root"
+# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
+# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Not Valid Before: Wed Jun 26 02:18:36 2002
+# Not Valid After : Fri Jun 24 00:16:12 2022
+# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
+# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Visa eCommerce Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062
+\275\340\005\142
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\374\021\270\330\010\223\060\000\155\043\371\176\353\122\036\002
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057
+\060\055\006\003\125\004\013\023\046\126\151\163\141\040\111\156
+\164\145\162\156\141\164\151\157\156\141\154\040\123\145\162\166
+\151\143\145\040\101\163\163\157\143\151\141\164\151\157\156\061
+\034\060\032\006\003\125\004\003\023\023\126\151\163\141\040\145
+\103\157\155\155\145\162\143\145\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220
+\034\142
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certum Root CA"
+#
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
+\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
+\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
+\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
+\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\001\000\040
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\014\060\202\001\364\240\003\002\001\002\002\003\001
+\000\040\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145
+\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060
+\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103
+\101\060\036\027\015\060\062\060\066\061\061\061\060\064\066\063
+\071\132\027\015\062\067\060\066\061\061\061\060\064\066\063\071
+\132\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145
+\164\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060
+\020\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103
+\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\316\261\301\056\323\117\174\315\045\316\030\076\117\304
+\214\157\200\152\163\310\133\121\370\233\322\334\273\000\134\261
+\240\374\165\003\356\201\360\210\356\043\122\351\346\025\063\215
+\254\055\011\305\166\371\053\071\200\211\344\227\113\220\245\250
+\170\370\163\103\173\244\141\260\330\130\314\341\154\146\176\234
+\363\011\136\125\143\204\325\250\357\363\261\056\060\150\263\304
+\074\330\254\156\215\231\132\220\116\064\334\066\232\217\201\210
+\120\267\155\226\102\011\363\327\225\203\015\101\113\260\152\153
+\370\374\017\176\142\237\147\304\355\046\137\020\046\017\010\117
+\360\244\127\050\316\217\270\355\105\366\156\356\045\135\252\156
+\071\276\344\223\057\331\107\240\162\353\372\246\133\257\312\123
+\077\342\016\306\226\126\021\156\367\351\146\251\046\330\177\225
+\123\355\012\205\210\272\117\051\245\102\214\136\266\374\205\040
+\000\252\150\013\241\032\205\001\234\304\106\143\202\210\266\042
+\261\356\376\252\106\131\176\317\065\054\325\266\332\135\367\110
+\063\024\124\266\353\331\157\316\315\210\326\253\033\332\226\073
+\035\131\002\003\001\000\001\243\023\060\021\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\270\215\316\357\347\024\272\317\356\260\104\222\154\264\071\076
+\242\204\156\255\270\041\167\322\324\167\202\207\346\040\101\201
+\356\342\370\021\267\143\321\027\067\276\031\166\044\034\004\032
+\114\353\075\252\147\157\055\324\315\376\145\061\160\305\033\246
+\002\012\272\140\173\155\130\302\232\111\376\143\062\013\153\343
+\072\300\254\253\073\260\350\323\011\121\214\020\203\306\064\340
+\305\053\340\032\266\140\024\047\154\062\167\214\274\262\162\230
+\317\315\314\077\271\310\044\102\024\326\127\374\346\046\103\251
+\035\345\200\220\316\003\124\050\076\367\077\323\370\115\355\152
+\012\072\223\023\233\073\024\043\023\143\234\077\321\207\047\171
+\345\114\121\343\001\255\205\135\032\073\261\325\163\020\244\323
+\362\274\156\144\365\132\126\220\250\307\016\114\164\017\056\161
+\073\367\310\107\364\151\157\025\362\021\136\203\036\234\174\122
+\256\375\002\332\022\250\131\147\030\333\274\160\335\233\261\151
+\355\200\316\211\100\110\152\016\065\312\051\146\025\041\224\054
+\350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Certum Root CA"
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\142\122\334\100\367\021\103\242\057\336\236\367\064\216\006\102
+\121\261\201\030
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\054\217\237\146\035\030\220\261\107\046\235\216\206\202\214\251
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\033\060\031\006\003\125\004\012\023\022\125\156\151\172\145\164
+\157\040\123\160\056\040\172\040\157\056\157\056\061\022\060\020
+\006\003\125\004\003\023\011\103\145\162\164\165\155\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\001\000\040
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Comodo AAA Services root"
+#
+# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
+# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Comodo AAA Services root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003
+\125\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151
+\143\141\164\145\040\123\145\162\166\151\143\145\163
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003
+\125\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151
+\143\141\164\145\040\123\145\162\166\151\143\145\163
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\062\060\202\003\032\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033
+\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145\162
+\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006
+\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032\060
+\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040\103
+\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003\125
+\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151\143
+\141\164\145\040\123\145\162\166\151\143\145\163\060\036\027\015
+\060\064\060\061\060\061\060\060\060\060\060\060\132\027\015\062
+\070\061\062\063\061\062\063\065\071\065\071\132\060\173\061\013
+\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006
+\003\125\004\010\014\022\107\162\145\141\164\145\162\040\115\141
+\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004
+\007\014\007\123\141\154\146\157\162\144\061\032\060\030\006\003
+\125\004\012\014\021\103\157\155\157\144\157\040\103\101\040\114
+\151\155\151\164\145\144\061\041\060\037\006\003\125\004\003\014
+\030\101\101\101\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\276\100\235\364\156\341
+\352\166\207\034\115\105\104\216\276\106\310\203\006\235\301\052
+\376\030\037\216\344\002\372\363\253\135\120\212\026\061\013\232
+\006\320\305\160\042\315\111\055\124\143\314\266\156\150\106\013
+\123\352\313\114\044\300\274\162\116\352\361\025\256\364\124\232
+\022\012\303\172\262\063\140\342\332\211\125\363\042\130\363\336
+\334\317\357\203\206\242\214\224\117\237\150\362\230\220\106\204
+\047\307\166\277\343\314\065\054\213\136\007\144\145\202\300\110
+\260\250\221\371\141\237\166\040\120\250\221\307\146\265\353\170
+\142\003\126\360\212\032\023\352\061\243\036\240\231\375\070\366
+\366\047\062\130\157\007\365\153\270\373\024\053\257\267\252\314
+\326\143\137\163\214\332\005\231\250\070\250\313\027\170\066\121
+\254\351\236\364\170\072\215\317\017\331\102\342\230\014\253\057
+\237\016\001\336\357\237\231\111\361\055\337\254\164\115\033\230
+\265\107\305\345\051\321\371\220\030\307\142\234\276\203\307\046
+\173\076\212\045\307\300\335\235\346\065\150\020\040\235\217\330
+\336\322\303\204\234\015\136\350\057\311\002\003\001\000\001\243
+\201\300\060\201\275\060\035\006\003\125\035\016\004\026\004\024
+\240\021\012\043\076\226\361\007\354\342\257\051\357\202\245\177
+\320\060\244\264\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\173\006\003\125\035\037\004\164\060\162
+\060\070\240\066\240\064\206\062\150\164\164\160\072\057\057\143
+\162\154\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\101\101\101\103\145\162\164\151\146\151\143\141\164\145\123\145
+\162\166\151\143\145\163\056\143\162\154\060\066\240\064\240\062
+\206\060\150\164\164\160\072\057\057\143\162\154\056\143\157\155
+\157\144\157\056\156\145\164\057\101\101\101\103\145\162\164\151
+\146\151\143\141\164\145\123\145\162\166\151\143\145\163\056\143
+\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\202\001\001\000\010\126\374\002\360\233\350\377\244\372
+\326\173\306\104\200\316\117\304\305\366\000\130\314\246\266\274
+\024\111\150\004\166\350\346\356\135\354\002\017\140\326\215\120
+\030\117\046\116\001\343\346\260\245\356\277\274\164\124\101\277
+\375\374\022\270\307\117\132\364\211\140\005\177\140\267\005\112
+\363\366\361\302\277\304\271\164\206\266\055\175\153\314\322\363
+\106\335\057\306\340\152\303\303\064\003\054\175\226\335\132\302
+\016\247\012\231\301\005\213\253\014\057\363\134\072\317\154\067
+\125\011\207\336\123\100\154\130\357\374\266\253\145\156\004\366
+\033\334\074\340\132\025\306\236\331\361\131\110\060\041\145\003
+\154\354\351\041\163\354\233\003\241\340\067\255\240\025\030\217
+\372\272\002\316\247\054\251\020\023\054\324\345\010\046\253\042
+\227\140\370\220\136\164\324\242\232\123\275\362\251\150\340\242
+\156\302\327\154\261\243\017\236\277\353\150\347\126\362\256\362
+\343\053\070\072\011\201\265\153\205\327\276\055\355\077\032\267
+\262\143\342\365\142\054\202\324\152\000\101\120\361\071\203\237
+\225\351\066\226\230\156
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Comodo AAA Services root"
+# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
+# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Comodo AAA Services root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\321\353\043\244\155\027\326\217\331\045\144\302\361\361\140\027
+\144\330\343\111
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\111\171\004\260\353\207\031\254\107\260\274\021\121\233\164\320
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\041\060\037\006\003
+\125\004\003\014\030\101\101\101\040\103\145\162\164\151\146\151
+\143\141\164\145\040\123\145\162\166\151\143\145\163
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Comodo Secure Services root"
+#
+# Issuer: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
+# Fingerprint (SHA1): 4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Comodo Secure Services root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\176\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\044\060\042\006\003
+\125\004\003\014\033\123\145\143\165\162\145\040\103\145\162\164
+\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145\163
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\176\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\044\060\042\006\003
+\125\004\003\014\033\123\145\143\165\162\145\040\103\145\162\164
+\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145\163
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\077\060\202\003\047\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\176\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033
+\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145\162
+\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006
+\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032\060
+\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040\103
+\101\040\114\151\155\151\164\145\144\061\044\060\042\006\003\125
+\004\003\014\033\123\145\143\165\162\145\040\103\145\162\164\151
+\146\151\143\141\164\145\040\123\145\162\166\151\143\145\163\060
+\036\027\015\060\064\060\061\060\061\060\060\060\060\060\060\132
+\027\015\062\070\061\062\063\061\062\063\065\071\065\071\132\060
+\176\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033
+\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145\162
+\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006
+\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032\060
+\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040\103
+\101\040\114\151\155\151\164\145\144\061\044\060\042\006\003\125
+\004\003\014\033\123\145\143\165\162\145\040\103\145\162\164\151
+\146\151\143\141\164\145\040\123\145\162\166\151\143\145\163\060
+\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000
+\300\161\063\202\212\320\160\353\163\207\202\100\325\035\344\313
+\311\016\102\220\371\336\064\271\241\272\021\364\045\205\363\314
+\162\155\362\173\227\153\263\007\361\167\044\221\137\045\217\366
+\164\075\344\200\302\370\074\015\363\277\100\352\367\310\122\321
+\162\157\357\310\253\101\270\156\056\027\052\225\151\014\315\322
+\036\224\173\055\224\035\252\165\327\263\230\313\254\274\144\123
+\100\274\217\254\254\066\313\134\255\273\335\340\224\027\354\321
+\134\320\277\357\245\225\311\220\305\260\254\373\033\103\337\172
+\010\135\267\270\362\100\033\053\047\236\120\316\136\145\202\210
+\214\136\323\116\014\172\352\010\221\266\066\252\053\102\373\352
+\302\243\071\345\333\046\070\255\213\012\356\031\143\307\034\044
+\337\003\170\332\346\352\301\107\032\013\013\106\011\335\002\374
+\336\313\207\137\327\060\143\150\241\256\334\062\241\272\276\376
+\104\253\150\266\245\027\025\375\275\325\247\247\232\344\104\063
+\351\210\216\374\355\121\353\223\161\116\255\001\347\104\216\253
+\055\313\250\376\001\111\110\360\300\335\307\150\330\222\376\075
+\002\003\001\000\001\243\201\307\060\201\304\060\035\006\003\125
+\035\016\004\026\004\024\074\330\223\210\302\300\202\011\314\001
+\231\006\223\040\351\236\160\011\143\117\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\201\201\006\003
+\125\035\037\004\172\060\170\060\073\240\071\240\067\206\065\150
+\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157
+\143\141\056\143\157\155\057\123\145\143\165\162\145\103\145\162
+\164\151\146\151\143\141\164\145\123\145\162\166\151\143\145\163
+\056\143\162\154\060\071\240\067\240\065\206\063\150\164\164\160
+\072\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145
+\164\057\123\145\143\165\162\145\103\145\162\164\151\146\151\143
+\141\164\145\123\145\162\166\151\143\145\163\056\143\162\154\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\207\001\155\043\035\176\133\027\175\301\141\062\317
+\217\347\363\212\224\131\146\340\236\050\250\136\323\267\364\064
+\346\252\071\262\227\026\305\202\157\062\244\351\214\347\257\375
+\357\302\350\271\113\252\243\364\346\332\215\145\041\373\272\200
+\353\046\050\205\032\376\071\214\336\133\004\004\264\124\371\243
+\147\236\101\372\011\122\314\005\110\250\311\077\041\004\036\316
+\110\153\374\205\350\302\173\257\177\267\314\370\137\072\375\065
+\306\015\357\227\334\114\253\021\341\153\313\061\321\154\373\110
+\200\253\334\234\067\270\041\024\113\015\161\075\354\203\063\156
+\321\156\062\026\354\230\307\026\213\131\246\064\253\005\127\055
+\223\367\252\023\313\322\023\342\267\056\073\315\153\120\027\011
+\150\076\265\046\127\356\266\340\266\335\271\051\200\171\175\217
+\243\360\244\050\244\025\304\205\364\047\324\153\277\345\134\344
+\145\002\166\124\264\343\067\146\044\323\031\141\310\122\020\345
+\213\067\232\271\251\371\035\277\352\231\222\141\226\377\001\315
+\241\137\015\274\161\274\016\254\013\035\107\105\035\301\354\174
+\354\375\051
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Comodo Secure Services root"
+# Issuer: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
+# Fingerprint (SHA1): 4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Comodo Secure Services root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\112\145\325\364\035\357\071\270\270\220\112\112\323\144\201\063
+\317\307\241\321
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\323\331\275\256\237\254\147\044\263\310\033\122\341\271\251\275
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\176\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\044\060\042\006\003
+\125\004\003\014\033\123\145\143\165\162\145\040\103\145\162\164
+\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145\163
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Comodo Trusted Services root"
+#
+# Issuer: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
+# Fingerprint (SHA1): E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Comodo Trusted Services root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\045\060\043\006\003
+\125\004\003\014\034\124\162\165\163\164\145\144\040\103\145\162
+\164\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145
+\163
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\045\060\043\006\003
+\125\004\003\014\034\124\162\165\163\164\145\144\040\103\145\162
+\164\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145
+\163
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\103\060\202\003\053\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\177\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033
+\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145\162
+\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006
+\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032\060
+\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040\103
+\101\040\114\151\155\151\164\145\144\061\045\060\043\006\003\125
+\004\003\014\034\124\162\165\163\164\145\144\040\103\145\162\164
+\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145\163
+\060\036\027\015\060\064\060\061\060\061\060\060\060\060\060\060
+\132\027\015\062\070\061\062\063\061\062\063\065\071\065\071\132
+\060\177\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\045\060\043\006\003
+\125\004\003\014\034\124\162\165\163\164\145\144\040\103\145\162
+\164\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145
+\163\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\337\161\157\066\130\123\132\362\066\124\127\200\304\164
+\010\040\355\030\177\052\035\346\065\232\036\045\254\234\345\226
+\176\162\122\240\025\102\333\131\335\144\172\032\320\270\173\335
+\071\025\274\125\110\304\355\072\000\352\061\021\272\362\161\164
+\032\147\270\317\063\314\250\061\257\243\343\327\177\277\063\055
+\114\152\074\354\213\303\222\322\123\167\044\164\234\007\156\160
+\374\275\013\133\166\272\137\362\377\327\067\113\112\140\170\367
+\360\372\312\160\264\352\131\252\243\316\110\057\251\303\262\013
+\176\027\162\026\014\246\007\014\033\070\317\311\142\267\077\240
+\223\245\207\101\362\267\160\100\167\330\276\024\174\343\250\300
+\172\216\351\143\152\321\017\232\306\322\364\213\072\024\004\126
+\324\355\270\314\156\365\373\342\054\130\275\177\117\153\053\367
+\140\044\130\044\316\046\357\064\221\072\325\343\201\320\262\360
+\004\002\327\133\267\076\222\254\153\022\212\371\344\005\260\073
+\221\111\134\262\353\123\352\370\237\107\206\356\277\225\300\300
+\006\237\322\133\136\021\033\364\307\004\065\051\322\125\134\344
+\355\353\002\003\001\000\001\243\201\311\060\201\306\060\035\006
+\003\125\035\016\004\026\004\024\305\173\130\275\355\332\045\151
+\322\367\131\026\250\263\062\300\173\047\133\364\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\201\203
+\006\003\125\035\037\004\174\060\172\060\074\240\072\240\070\206
+\066\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
+\144\157\143\141\056\143\157\155\057\124\162\165\163\164\145\144
+\103\145\162\164\151\146\151\143\141\164\145\123\145\162\166\151
+\143\145\163\056\143\162\154\060\072\240\070\240\066\206\064\150
+\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157
+\056\156\145\164\057\124\162\165\163\164\145\144\103\145\162\164
+\151\146\151\143\141\164\145\123\145\162\166\151\143\145\163\056
+\143\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\310\223\201\073\211\264\257\270\204
+\022\114\215\322\360\333\160\272\127\206\025\064\020\271\057\177
+\036\260\250\211\140\241\212\302\167\014\120\112\233\000\213\330
+\213\364\101\342\320\203\212\112\034\024\006\260\243\150\005\160
+\061\060\247\123\233\016\351\112\240\130\151\147\016\256\235\366
+\245\054\101\277\074\006\153\344\131\314\155\020\361\226\157\037
+\337\364\004\002\244\237\105\076\310\330\372\066\106\104\120\077
+\202\227\221\037\050\333\030\021\214\052\344\145\203\127\022\022
+\214\027\077\224\066\376\135\260\300\004\167\023\270\364\025\325
+\077\070\314\224\072\125\320\254\230\365\272\000\137\340\206\031
+\201\170\057\050\300\176\323\314\102\012\365\256\120\240\321\076
+\306\241\161\354\077\240\040\214\146\072\211\264\216\324\330\261
+\115\045\107\356\057\210\310\265\341\005\105\300\276\024\161\336
+\172\375\216\173\175\115\010\226\245\022\163\360\055\312\067\047
+\164\022\047\114\313\266\227\351\331\256\010\155\132\071\100\335
+\005\107\165\152\132\041\263\243\030\317\116\367\056\127\267\230
+\160\136\310\304\170\260\142
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Comodo Trusted Services root"
+# Issuer: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
+# Fingerprint (SHA1): E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Comodo Trusted Services root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\341\237\343\016\213\204\140\236\200\233\027\015\162\250\305\272
+\156\024\011\275
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\221\033\077\156\315\236\253\356\007\376\037\161\322\263\141\047
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\033\060\031\006\003\125\004\010\014\022\107\162\145\141\164\145
+\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016
+\006\003\125\004\007\014\007\123\141\154\146\157\162\144\061\032
+\060\030\006\003\125\004\012\014\021\103\157\155\157\144\157\040
+\103\101\040\114\151\155\151\164\145\144\061\045\060\043\006\003
+\125\004\003\014\034\124\162\165\163\164\145\144\040\103\145\162
+\164\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145
+\163
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "QuoVadis Root CA"
+#
+# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Serial Number: 985026699 (0x3ab6508b)
+# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Not Valid Before: Mon Mar 19 18:33:33 2001
+# Not Valid After : Wed Mar 17 18:33:33 2021
+# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
+# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003
+\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126
+\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003
+\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126
+\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\072\266\120\213
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\320\060\202\004\270\240\003\002\001\002\002\004\072
+\266\120\213\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\177\061\013\060\011\006\003\125\004\006\023\002\102
+\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126
+\141\144\151\163\040\114\151\155\151\164\145\144\061\045\060\043
+\006\003\125\004\013\023\034\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\061\056\060\054\006\003\125\004\003\023\045\121\165
+\157\126\141\144\151\163\040\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\060\036\027\015\060\061\060\063\061\071\061\070\063
+\063\063\063\132\027\015\062\061\060\063\061\067\061\070\063\063
+\063\063\132\060\177\061\013\060\011\006\003\125\004\006\023\002
+\102\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157
+\126\141\144\151\163\040\114\151\155\151\164\145\144\061\045\060
+\043\006\003\125\004\013\023\034\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\061\056\060\054\006\003\125\004\003\023\045\121
+\165\157\126\141\144\151\163\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\277\141\265\225\123\272\127\374\372\362\147
+\013\072\032\337\021\200\144\225\264\321\274\315\172\317\366\051
+\226\056\044\124\100\044\070\367\032\205\334\130\114\313\244\047
+\102\227\320\237\203\212\303\344\006\003\133\000\245\121\036\160
+\004\164\342\301\324\072\253\327\255\073\007\030\005\216\375\203
+\254\352\146\331\030\033\150\212\365\127\032\230\272\365\355\166
+\075\174\331\336\224\152\073\113\027\301\325\217\275\145\070\072
+\225\320\075\125\066\116\337\171\127\061\052\036\330\131\145\111
+\130\040\230\176\253\137\176\237\351\326\115\354\203\164\251\307
+\154\330\356\051\112\205\052\006\024\371\124\346\323\332\145\007
+\213\143\067\022\327\320\354\303\173\040\101\104\243\355\313\240
+\027\341\161\145\316\035\146\061\367\166\001\031\310\175\003\130
+\266\225\111\035\246\022\046\350\306\014\166\340\343\146\313\352
+\135\246\046\356\345\314\137\275\147\247\001\047\016\242\312\124
+\305\261\172\225\035\161\036\112\051\212\003\334\152\105\301\244
+\031\136\157\066\315\303\242\260\267\376\134\070\342\122\274\370
+\104\103\346\220\273\002\003\001\000\001\243\202\002\122\060\202
+\002\116\060\075\006\010\053\006\001\005\005\007\001\001\004\061
+\060\057\060\055\006\010\053\006\001\005\005\007\060\001\206\041
+\150\164\164\160\163\072\057\057\157\143\163\160\056\161\165\157
+\166\141\144\151\163\157\146\146\163\150\157\162\145\056\143\157
+\155\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\202\001\032\006\003\125\035\040\004\202\001\021\060
+\202\001\015\060\202\001\011\006\011\053\006\001\004\001\276\130
+\000\001\060\201\373\060\201\324\006\010\053\006\001\005\005\007
+\002\002\060\201\307\032\201\304\122\145\154\151\141\156\143\145
+\040\157\156\040\164\150\145\040\121\165\157\126\141\144\151\163
+\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164
+\145\040\142\171\040\141\156\171\040\160\141\162\164\171\040\141
+\163\163\165\155\145\163\040\141\143\143\145\160\164\141\156\143
+\145\040\157\146\040\164\150\145\040\164\150\145\156\040\141\160
+\160\154\151\143\141\142\154\145\040\163\164\141\156\144\141\162
+\144\040\164\145\162\155\163\040\141\156\144\040\143\157\156\144
+\151\164\151\157\156\163\040\157\146\040\165\163\145\054\040\143
+\145\162\164\151\146\151\143\141\164\151\157\156\040\160\162\141
+\143\164\151\143\145\163\054\040\141\156\144\040\164\150\145\040
+\121\165\157\126\141\144\151\163\040\103\145\162\164\151\146\151
+\143\141\164\145\040\120\157\154\151\143\171\056\060\042\006\010
+\053\006\001\005\005\007\002\001\026\026\150\164\164\160\072\057
+\057\167\167\167\056\161\165\157\166\141\144\151\163\056\142\155
+\060\035\006\003\125\035\016\004\026\004\024\213\113\155\355\323
+\051\271\006\031\354\071\071\251\360\227\204\152\313\357\337\060
+\201\256\006\003\125\035\043\004\201\246\060\201\243\200\024\213
+\113\155\355\323\051\271\006\031\354\071\071\251\360\227\204\152
+\313\357\337\241\201\204\244\201\201\060\177\061\013\060\011\006
+\003\125\004\006\023\002\102\115\061\031\060\027\006\003\125\004
+\012\023\020\121\165\157\126\141\144\151\163\040\114\151\155\151
+\164\145\144\061\045\060\043\006\003\125\004\013\023\034\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171\061\056\060\054\006\003
+\125\004\003\023\045\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171\202\004\072\266\120\213
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\212\324\024\265\376\364\232\222\247\031\324\244
+\176\162\030\217\331\150\174\122\044\335\147\157\071\172\304\252
+\136\075\342\130\260\115\160\230\204\141\350\033\343\151\030\016
+\316\373\107\120\240\116\377\360\044\037\275\262\316\365\047\374
+\354\057\123\252\163\173\003\075\164\156\346\026\236\353\245\056
+\304\277\126\047\120\053\142\272\276\113\034\074\125\134\101\035
+\044\276\202\040\107\135\325\104\176\172\026\150\337\175\115\121
+\160\170\127\035\063\036\375\002\231\234\014\315\012\005\117\307
+\273\216\244\165\372\112\155\261\200\216\011\126\271\234\032\140
+\376\135\301\327\172\334\021\170\320\326\135\301\267\325\255\062
+\231\003\072\212\314\124\045\071\061\201\173\023\042\121\272\106
+\154\241\273\236\372\004\154\111\046\164\217\322\163\353\314\060
+\242\346\352\131\042\207\370\227\365\016\375\352\314\222\244\026
+\304\122\030\352\041\316\261\361\346\204\201\345\272\251\206\050
+\362\103\132\135\022\235\254\036\331\250\345\012\152\247\177\240
+\207\051\317\362\211\115\324\354\305\342\346\172\320\066\043\212
+\112\164\066\371
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "QuoVadis Root CA"
+# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Serial Number: 985026699 (0x3ab6508b)
+# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Not Valid Before: Mon Mar 19 18:33:33 2001
+# Not Valid After : Wed Mar 17 18:33:33 2021
+# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
+# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\336\077\100\275\120\223\323\233\154\140\366\332\274\007\142\001
+\000\211\166\311
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\047\336\066\376\162\267\000\003\000\235\364\360\036\154\004\044
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\045\060\043\006\003
+\125\004\013\023\034\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\061\056\060\054\006\003\125\004\003\023\045\121\165\157\126
+\141\144\151\163\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\072\266\120\213
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "QuoVadis Root CA 2"
+#
+# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Serial Number: 1289 (0x509)
+# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 18:27:00 2006
+# Not Valid After : Mon Nov 24 18:23:33 2031
+# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B
+# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\005\011
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\267\060\202\003\237\240\003\002\001\002\002\002\005
+\011\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\062\060\036\027\015\060\066\061\061\062
+\064\061\070\062\067\060\060\132\027\015\063\061\061\061\062\064
+\061\070\062\063\063\063\132\060\105\061\013\060\011\006\003\125
+\004\006\023\002\102\115\061\031\060\027\006\003\125\004\012\023
+\020\121\165\157\126\141\144\151\163\040\114\151\155\151\164\145
+\144\061\033\060\031\006\003\125\004\003\023\022\121\165\157\126
+\141\144\151\163\040\122\157\157\164\040\103\101\040\062\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\232
+\030\312\113\224\015\000\055\257\003\051\212\360\017\201\310\256
+\114\031\205\035\010\237\253\051\104\205\363\057\201\255\062\036
+\220\106\277\243\206\046\032\036\376\176\034\030\072\134\234\140
+\027\052\072\164\203\063\060\175\141\124\021\313\355\253\340\346
+\322\242\176\365\153\157\030\267\012\013\055\375\351\076\357\012
+\306\263\020\351\334\302\106\027\370\135\375\244\332\377\236\111
+\132\234\346\063\346\044\226\367\077\272\133\053\034\172\065\302
+\326\147\376\253\146\120\213\155\050\140\053\357\327\140\303\307
+\223\274\215\066\221\363\177\370\333\021\023\304\234\167\166\301
+\256\267\002\152\201\172\251\105\203\342\005\346\271\126\301\224
+\067\217\110\161\143\042\354\027\145\007\225\212\113\337\217\306
+\132\012\345\260\343\137\136\153\021\253\014\371\205\353\104\351
+\370\004\163\362\351\376\134\230\214\365\163\257\153\264\176\315
+\324\134\002\053\114\071\341\262\225\225\055\102\207\327\325\263
+\220\103\267\154\023\361\336\335\366\304\370\211\077\321\165\365
+\222\303\221\325\212\210\320\220\354\334\155\336\211\302\145\161
+\226\213\015\003\375\234\277\133\026\254\222\333\352\376\171\174
+\255\353\257\367\026\313\333\315\045\053\345\037\373\232\237\342
+\121\314\072\123\014\110\346\016\275\311\264\166\006\122\346\021
+\023\205\162\143\003\004\340\004\066\053\040\031\002\350\164\247
+\037\266\311\126\146\360\165\045\334\147\301\016\141\140\210\263
+\076\321\250\374\243\332\035\260\321\261\043\124\337\104\166\155
+\355\101\330\301\262\042\266\123\034\337\065\035\334\241\167\052
+\061\344\055\365\345\345\333\310\340\377\345\200\327\013\143\240
+\377\063\241\017\272\054\025\025\352\227\263\322\242\265\276\362
+\214\226\036\032\217\035\154\244\141\067\271\206\163\063\327\227
+\226\236\043\175\202\244\114\201\342\241\321\272\147\137\225\007
+\243\047\021\356\026\020\173\274\105\112\114\262\004\322\253\357
+\325\375\014\121\316\120\152\010\061\371\221\332\014\217\144\134
+\003\303\072\213\040\077\156\215\147\075\072\326\376\175\133\210
+\311\136\373\314\141\334\213\063\167\323\104\062\065\011\142\004
+\222\026\020\330\236\047\107\373\073\041\343\370\353\035\133\002
+\003\001\000\001\243\201\260\060\201\255\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003\125
+\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004
+\026\004\024\032\204\142\274\110\114\063\045\004\324\356\320\366
+\003\304\031\106\321\224\153\060\156\006\003\125\035\043\004\147
+\060\145\200\024\032\204\142\274\110\114\063\045\004\324\356\320
+\366\003\304\031\106\321\224\153\241\111\244\107\060\105\061\013
+\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006
+\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114
+\151\155\151\164\145\144\061\033\060\031\006\003\125\004\003\023
+\022\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103
+\101\040\062\202\002\005\011\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\003\202\002\001\000\076\012\026\115\237
+\006\133\250\256\161\135\057\005\057\147\346\023\105\203\304\066
+\366\363\300\046\014\015\265\107\144\135\370\264\162\311\106\245
+\003\030\047\125\211\170\175\166\352\226\064\200\027\040\334\347
+\203\370\215\374\007\270\332\137\115\056\147\262\204\375\331\104
+\374\167\120\201\346\174\264\311\015\013\162\123\370\166\007\007
+\101\107\226\014\373\340\202\046\223\125\214\376\042\037\140\145
+\174\137\347\046\263\367\062\220\230\120\324\067\161\125\366\222
+\041\170\367\225\171\372\370\055\046\207\146\126\060\167\246\067
+\170\063\122\020\130\256\077\141\216\362\152\261\357\030\176\112
+\131\143\312\215\242\126\325\247\057\274\126\037\317\071\301\342
+\373\012\250\025\054\175\115\172\143\306\154\227\104\074\322\157
+\303\112\027\012\370\220\322\127\242\031\121\245\055\227\101\332
+\007\117\251\120\332\220\215\224\106\341\076\360\224\375\020\000
+\070\365\073\350\100\341\264\156\126\032\040\314\157\130\215\355
+\056\105\217\326\351\223\077\347\261\054\337\072\326\042\214\334
+\204\273\042\157\320\370\344\306\071\351\004\210\074\303\272\353
+\125\172\155\200\231\044\365\154\001\373\370\227\260\224\133\353
+\375\322\157\361\167\150\015\065\144\043\254\270\125\241\003\321
+\115\102\031\334\370\165\131\126\243\371\250\111\171\370\257\016
+\271\021\240\174\267\152\355\064\320\266\046\142\070\032\207\014
+\370\350\375\056\323\220\177\007\221\052\035\326\176\134\205\203
+\231\260\070\010\077\351\136\371\065\007\344\311\142\156\127\177
+\247\120\225\367\272\310\233\346\216\242\001\305\326\146\277\171
+\141\363\074\034\341\271\202\134\135\240\303\351\330\110\275\031
+\242\021\024\031\156\262\206\033\150\076\110\067\032\210\267\135
+\226\136\234\307\357\047\142\010\342\221\031\134\322\361\041\335
+\272\027\102\202\227\161\201\123\061\251\237\366\175\142\277\162
+\341\243\223\035\314\212\046\132\011\070\320\316\327\015\200\026
+\264\170\245\072\207\114\215\212\245\325\106\227\362\054\020\271
+\274\124\042\300\001\120\151\103\236\364\262\357\155\370\354\332
+\361\343\261\357\337\221\217\124\052\013\045\301\046\031\304\122
+\020\005\145\325\202\020\352\302\061\315\056
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "QuoVadis Root CA 2"
+# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Serial Number: 1289 (0x509)
+# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 18:27:00 2006
+# Not Valid After : Mon Nov 24 18:23:33 2031
+# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B
+# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\312\072\373\317\022\100\066\113\104\262\026\040\210\200\110\071
+\031\223\174\367
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\136\071\173\335\370\272\354\202\351\254\142\272\014\124\000\053
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\005\011
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "QuoVadis Root CA 3"
+#
+# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Serial Number: 1478 (0x5c6)
+# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 19:11:23 2006
+# Not Valid After : Mon Nov 24 19:06:44 2031
+# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF
+# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\005\306
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\235\060\202\004\205\240\003\002\001\002\002\002\005
+\306\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\063\060\036\027\015\060\066\061\061\062
+\064\061\071\061\061\062\063\132\027\015\063\061\061\061\062\064
+\061\071\060\066\064\064\132\060\105\061\013\060\011\006\003\125
+\004\006\023\002\102\115\061\031\060\027\006\003\125\004\012\023
+\020\121\165\157\126\141\144\151\163\040\114\151\155\151\164\145
+\144\061\033\060\031\006\003\125\004\003\023\022\121\165\157\126
+\141\144\151\163\040\122\157\157\164\040\103\101\040\063\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\314
+\127\102\026\124\234\346\230\323\323\115\356\376\355\307\237\103
+\071\112\145\263\350\026\210\064\333\015\131\221\164\317\222\270
+\004\100\255\002\113\061\253\274\215\221\150\330\040\016\032\001
+\342\032\173\116\027\135\342\212\267\077\231\032\315\353\141\253
+\302\145\246\037\267\267\275\267\217\374\375\160\217\013\240\147
+\276\001\242\131\317\161\346\017\051\166\377\261\126\171\105\053
+\037\236\172\124\350\243\051\065\150\244\001\117\017\244\056\067
+\357\033\277\343\217\020\250\162\253\130\127\347\124\206\310\311
+\363\133\332\054\332\135\216\156\074\243\076\332\373\202\345\335
+\362\134\262\005\063\157\212\066\316\320\023\116\377\277\112\014
+\064\114\246\303\041\275\120\004\125\353\261\273\235\373\105\036
+\144\025\336\125\001\214\002\166\265\313\241\077\102\151\274\057
+\275\150\103\026\126\211\052\067\141\221\375\246\256\116\300\313
+\024\145\224\067\113\222\006\357\004\320\310\234\210\333\013\173
+\201\257\261\075\052\304\145\072\170\266\356\334\200\261\322\323
+\231\234\072\356\153\132\153\263\215\267\325\316\234\302\276\245
+\113\057\026\261\236\150\073\006\157\256\175\237\370\336\354\314
+\051\247\230\243\045\103\057\357\361\137\046\341\210\115\370\136
+\156\327\331\024\156\031\063\151\247\073\204\211\223\304\123\125
+\023\241\121\170\100\370\270\311\242\356\173\272\122\102\203\236
+\024\355\005\122\132\131\126\247\227\374\235\077\012\051\330\334
+\117\221\016\023\274\336\225\244\337\213\231\276\254\233\063\210
+\357\265\201\257\033\306\042\123\310\366\307\356\227\024\260\305
+\174\170\122\310\360\316\156\167\140\204\246\351\052\166\040\355
+\130\001\027\060\223\351\032\213\340\163\143\331\152\222\224\111
+\116\264\255\112\205\304\243\042\060\374\011\355\150\042\163\246
+\210\014\125\041\130\305\341\072\237\052\335\312\341\220\340\331
+\163\253\154\200\270\350\013\144\223\240\234\214\031\377\263\322
+\014\354\221\046\207\212\263\242\341\160\217\054\012\345\315\155
+\150\121\353\332\077\005\177\213\062\346\023\134\153\376\137\100
+\342\042\310\264\264\144\117\326\272\175\110\076\250\151\014\327
+\273\206\161\311\163\270\077\073\235\045\113\332\377\100\353\002
+\003\001\000\001\243\202\001\225\060\202\001\221\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\201\341
+\006\003\125\035\040\004\201\331\060\201\326\060\201\323\006\011
+\053\006\001\004\001\276\130\000\003\060\201\305\060\201\223\006
+\010\053\006\001\005\005\007\002\002\060\201\206\032\201\203\101
+\156\171\040\165\163\145\040\157\146\040\164\150\151\163\040\103
+\145\162\164\151\146\151\143\141\164\145\040\143\157\156\163\164
+\151\164\165\164\145\163\040\141\143\143\145\160\164\141\156\143
+\145\040\157\146\040\164\150\145\040\121\165\157\126\141\144\151
+\163\040\122\157\157\164\040\103\101\040\063\040\103\145\162\164
+\151\146\151\143\141\164\145\040\120\157\154\151\143\171\040\057
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\120
+\162\141\143\164\151\143\145\040\123\164\141\164\145\155\145\156
+\164\056\060\055\006\010\053\006\001\005\005\007\002\001\026\041
+\150\164\164\160\072\057\057\167\167\167\056\161\165\157\166\141
+\144\151\163\147\154\157\142\141\154\056\143\157\155\057\143\160
+\163\060\013\006\003\125\035\017\004\004\003\002\001\006\060\035
+\006\003\125\035\016\004\026\004\024\362\300\023\340\202\103\076
+\373\356\057\147\062\226\065\134\333\270\313\002\320\060\156\006
+\003\125\035\043\004\147\060\145\200\024\362\300\023\340\202\103
+\076\373\356\057\147\062\226\065\134\333\270\313\002\320\241\111
+\244\107\060\105\061\013\060\011\006\003\125\004\006\023\002\102
+\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126
+\141\144\151\163\040\114\151\155\151\164\145\144\061\033\060\031
+\006\003\125\004\003\023\022\121\165\157\126\141\144\151\163\040
+\122\157\157\164\040\103\101\040\063\202\002\005\306\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001
+\000\117\255\240\054\114\372\300\362\157\367\146\125\253\043\064
+\356\347\051\332\303\133\266\260\203\331\320\320\342\041\373\363
+\140\247\073\135\140\123\047\242\233\366\010\042\052\347\277\240
+\162\345\234\044\152\061\261\220\172\047\333\204\021\211\047\246
+\167\132\070\327\277\254\206\374\356\135\203\274\006\306\321\167
+\153\017\155\044\057\113\172\154\247\007\226\312\343\204\237\255
+\210\213\035\253\026\215\133\146\027\331\026\364\213\200\322\335
+\370\262\166\303\374\070\023\252\014\336\102\151\053\156\363\074
+\353\200\047\333\365\246\104\015\237\132\125\131\013\325\015\122
+\110\305\256\237\362\057\200\305\352\062\120\065\022\227\056\301
+\341\377\361\043\210\121\070\237\362\146\126\166\347\017\121\227
+\245\122\014\115\111\121\225\066\075\277\242\113\014\020\035\206
+\231\114\252\363\162\021\223\344\352\366\233\332\250\135\247\115
+\267\236\002\256\163\000\310\332\043\003\350\371\352\031\164\142
+\000\224\313\042\040\276\224\247\131\265\202\152\276\231\171\172
+\251\362\112\044\122\367\164\375\272\116\346\250\035\002\156\261
+\015\200\104\301\256\323\043\067\137\273\205\174\053\222\056\350
+\176\245\213\335\231\341\277\047\157\055\135\252\173\207\376\012
+\335\113\374\216\365\046\344\156\160\102\156\063\354\061\236\173
+\223\301\344\311\151\032\075\300\153\116\042\155\356\253\130\115
+\306\320\101\301\053\352\117\022\207\136\353\105\330\154\365\230
+\002\323\240\330\125\212\006\231\031\242\240\167\321\060\236\254
+\314\165\356\203\365\260\142\071\317\154\127\342\114\322\221\013
+\016\165\050\033\232\277\375\032\103\361\312\167\373\073\217\141
+\270\151\050\026\102\004\136\160\052\034\041\330\217\341\275\043
+\133\055\164\100\222\331\143\031\015\163\335\151\274\142\107\274
+\340\164\053\262\353\175\276\101\033\265\300\106\305\241\042\313
+\137\116\301\050\222\336\030\272\325\052\050\273\021\213\027\223
+\230\231\140\224\134\043\317\132\047\227\136\013\005\006\223\067
+\036\073\151\066\353\251\236\141\035\217\062\332\216\014\326\164
+\076\173\011\044\332\001\167\107\304\073\315\064\214\231\365\312
+\341\045\141\063\262\131\033\342\156\327\067\127\266\015\251\022
+\332
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "QuoVadis Root CA 3"
+# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Serial Number: 1478 (0x5c6)
+# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 19:11:23 2006
+# Not Valid After : Mon Nov 24 19:06:44 2031
+# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF
+# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\037\111\024\367\330\164\225\035\335\256\002\300\276\375\072\055
+\202\165\121\205
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\061\205\074\142\224\227\143\271\252\375\211\116\257\157\340\317
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\033\060\031\006\003
+\125\004\003\023\022\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\005\306
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Security Communication Root CA"
+#
+# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Not Valid Before: Tue Sep 30 04:20:49 2003
+# Not Valid After : Sat Sep 30 04:20:49 2023
+# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
+# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040
+\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125
+\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155
+\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103
+\101\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040
+\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125
+\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155
+\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103
+\101\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\132\060\202\002\102\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061\030
+\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040\124
+\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125\004
+\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155\155
+\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103\101
+\061\060\036\027\015\060\063\060\071\063\060\060\064\062\060\064
+\071\132\027\015\062\063\060\071\063\060\060\064\062\060\064\071
+\132\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120
+\061\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115
+\040\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003
+\125\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157
+\155\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164
+\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\263\263\376\177\323\155\261\357\026\174\127\245
+\014\155\166\212\057\113\277\144\373\114\356\212\360\363\051\174
+\365\377\356\052\340\351\351\272\133\144\042\232\232\157\054\072
+\046\151\121\005\231\046\334\325\034\152\161\306\232\175\036\235
+\335\174\154\306\214\147\147\112\076\370\161\260\031\047\251\011
+\014\246\225\277\113\214\014\372\125\230\073\330\350\042\241\113
+\161\070\171\254\227\222\151\263\211\176\352\041\150\006\230\024
+\226\207\322\141\066\274\155\047\126\236\127\356\300\300\126\375
+\062\317\244\331\216\302\043\327\215\250\363\330\045\254\227\344
+\160\070\364\266\072\264\235\073\227\046\103\243\241\274\111\131
+\162\114\043\060\207\001\130\366\116\276\034\150\126\146\257\315
+\101\135\310\263\115\052\125\106\253\037\332\036\342\100\075\333
+\315\175\271\222\200\234\067\335\014\226\144\235\334\042\367\144
+\213\337\141\336\025\224\122\025\240\175\122\311\113\250\041\311
+\306\261\355\313\303\225\140\321\017\360\253\160\370\337\313\115
+\176\354\326\372\253\331\275\177\124\362\245\351\171\372\331\326
+\166\044\050\163\002\003\001\000\001\243\077\060\075\060\035\006
+\003\125\035\016\004\026\004\024\240\163\111\231\150\334\205\133
+\145\343\233\050\057\127\237\275\063\274\007\110\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\001\001\000\150\100
+\251\250\273\344\117\135\171\263\005\265\027\263\140\023\353\306
+\222\135\340\321\323\152\376\373\276\233\155\277\307\005\155\131
+\040\304\034\360\267\332\204\130\002\143\372\110\026\357\117\245
+\013\367\112\230\362\077\236\033\255\107\153\143\316\010\107\353
+\122\077\170\234\257\115\256\370\325\117\317\232\230\052\020\101
+\071\122\304\335\331\233\016\357\223\001\256\262\056\312\150\102
+\044\102\154\260\263\072\076\315\351\332\110\304\025\313\351\371
+\007\017\222\120\111\212\335\061\227\137\311\351\067\252\073\131
+\145\227\224\062\311\263\237\076\072\142\130\305\111\255\142\016
+\161\245\062\252\057\306\211\166\103\100\023\023\147\075\242\124
+\045\020\313\361\072\362\331\372\333\111\126\273\246\376\247\101
+\065\303\340\210\141\311\210\307\337\066\020\042\230\131\352\260
+\112\373\126\026\163\156\254\115\367\042\241\117\255\035\172\055
+\105\047\345\060\301\136\362\332\023\313\045\102\121\225\107\003
+\214\154\041\314\164\102\355\123\377\063\213\217\017\127\001\026
+\057\317\246\356\311\160\042\024\275\375\276\154\013\003
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Security Communication Root CA"
+# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Not Valid Before: Tue Sep 30 04:20:49 2003
+# Not Valid After : Sat Sep 30 04:20:49 2023
+# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
+# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\066\261\053\111\371\201\236\327\114\236\274\070\017\306\126\217
+\135\254\262\367
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\361\274\143\152\124\340\265\047\365\315\347\032\343\115\156\112
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\030\060\026\006\003\125\004\012\023\017\123\105\103\117\115\040
+\124\162\165\163\164\056\156\145\164\061\047\060\045\006\003\125
+\004\013\023\036\123\145\143\165\162\151\164\171\040\103\157\155
+\155\165\156\151\143\141\164\151\157\156\040\122\157\157\164\103
+\101\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Sonera Class 2 Root CA"
+#
+# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Serial Number: 29 (0x1d)
+# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 07:29:40 2001
+# Not Valid After : Tue Apr 06 07:29:40 2021
+# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Sonera Class 2 Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
+\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141
+\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162
+\141\040\103\154\141\163\163\062\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
+\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141
+\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162
+\141\040\103\154\141\163\163\062\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\035
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\040\060\202\002\010\240\003\002\001\002\002\001\035
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061\017
+\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141\061
+\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162\141
+\040\103\154\141\163\163\062\040\103\101\060\036\027\015\060\061
+\060\064\060\066\060\067\062\071\064\060\132\027\015\062\061\060
+\064\060\066\060\067\062\071\064\060\132\060\071\061\013\060\011
+\006\003\125\004\006\023\002\106\111\061\017\060\015\006\003\125
+\004\012\023\006\123\157\156\145\162\141\061\031\060\027\006\003
+\125\004\003\023\020\123\157\156\145\162\141\040\103\154\141\163
+\163\062\040\103\101\060\202\001\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+\012\002\202\001\001\000\220\027\112\065\235\312\360\015\226\307
+\104\372\026\067\374\110\275\275\177\200\055\065\073\341\157\250
+\147\251\277\003\034\115\214\157\062\107\325\101\150\244\023\004
+\301\065\014\232\204\103\374\134\035\377\211\263\350\027\030\315
+\221\137\373\211\343\352\277\116\135\174\033\046\323\165\171\355
+\346\204\343\127\345\255\051\304\364\072\050\347\245\173\204\066
+\151\263\375\136\166\275\243\055\231\323\220\116\043\050\175\030
+\143\361\124\073\046\235\166\133\227\102\262\377\256\360\116\354
+\335\071\225\116\203\006\177\347\111\100\310\305\001\262\124\132
+\146\035\075\374\371\351\074\012\236\201\270\160\360\001\213\344
+\043\124\174\310\256\370\220\036\000\226\162\324\124\317\141\043
+\274\352\373\235\002\225\321\266\271\161\072\151\010\077\017\264
+\341\102\307\210\365\077\230\250\247\272\034\340\161\161\357\130
+\127\201\120\172\134\153\164\106\016\203\003\230\303\216\250\156
+\362\166\062\156\047\203\302\163\363\334\030\350\264\223\352\165
+\104\153\004\140\040\161\127\207\235\363\276\240\220\043\075\212
+\044\341\332\041\333\303\002\003\001\000\001\243\063\060\061\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\021\006\003\125\035\016\004\012\004\010\112\240\252\130\204
+\323\136\074\060\013\006\003\125\035\017\004\004\003\002\001\006
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\132\316\207\371\026\162\025\127\113\035\331\233
+\347\242\046\060\354\223\147\337\326\055\322\064\257\367\070\245
+\316\253\026\271\253\057\174\065\313\254\320\017\264\114\053\374
+\200\357\153\214\221\137\066\166\367\333\263\033\031\352\364\262
+\021\375\141\161\104\277\050\263\072\035\277\263\103\350\237\277
+\334\061\010\161\260\235\215\326\064\107\062\220\306\145\044\367
+\240\112\174\004\163\217\071\157\027\214\162\265\275\113\310\172
+\370\173\203\303\050\116\234\011\352\147\077\262\147\004\033\303
+\024\332\370\347\111\044\221\320\035\152\372\141\071\357\153\347
+\041\165\006\007\330\022\264\041\040\160\102\161\201\332\074\232
+\066\276\246\133\015\152\154\232\037\221\173\371\371\357\102\272
+\116\116\236\314\014\215\224\334\331\105\234\136\354\102\120\143
+\256\364\135\304\261\022\334\312\073\250\056\235\024\132\005\165
+\267\354\327\143\342\272\065\266\004\010\221\350\332\235\234\366
+\146\265\030\254\012\246\124\046\064\063\322\033\301\324\177\032
+\072\216\013\252\062\156\333\374\117\045\237\331\062\307\226\132
+\160\254\337\114
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Sonera Class 2 Root CA"
+# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Serial Number: 29 (0x1d)
+# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 07:29:40 2001
+# Not Valid After : Tue Apr 06 07:29:40 2021
+# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Sonera Class 2 Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\067\367\155\346\007\174\220\305\261\076\223\032\267\101\020\264
+\362\344\232\047
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\243\354\165\017\056\210\337\372\110\001\116\013\134\110\157\373
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
+\017\060\015\006\003\125\004\012\023\006\123\157\156\145\162\141
+\061\031\060\027\006\003\125\004\003\023\020\123\157\156\145\162
+\141\040\103\154\141\163\163\062\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\035
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "UTN USERFirst Email Root CA"
+#
+# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
+# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 17:28:50 1999
+# Not Valid After : Tue Jul 09 17:36:58 2019
+# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
+# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
+\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
+\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
+\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
+\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
+\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
+\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
+\311\211
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\242\060\202\003\212\240\003\002\001\002\002\020\104
+\276\014\213\120\000\044\264\021\323\066\045\045\147\311\211\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004\003
+\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151\143
+\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154\060
+\036\027\015\071\071\060\067\060\071\061\067\062\070\065\060\132
+\027\015\061\071\060\067\060\071\061\067\063\066\065\070\132\060
+\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125\004
+\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164\151
+\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151\154
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\262\071\205\244\362\175\253\101\073\142\106\067\256\315\301
+\140\165\274\071\145\371\112\032\107\242\271\314\110\314\152\230
+\325\115\065\031\271\244\102\345\316\111\342\212\057\036\174\322
+\061\007\307\116\264\203\144\235\056\051\325\242\144\304\205\275
+\205\121\065\171\244\116\150\220\173\034\172\244\222\250\027\362
+\230\025\362\223\314\311\244\062\225\273\014\117\060\275\230\240
+\013\213\345\156\033\242\106\372\170\274\242\157\253\131\136\245
+\057\317\312\332\155\252\057\353\254\241\263\152\252\267\056\147
+\065\213\171\341\036\151\210\342\346\106\315\240\245\352\276\013
+\316\166\072\172\016\233\352\374\332\047\133\075\163\037\042\346
+\110\141\306\114\363\151\261\250\056\033\266\324\061\040\054\274
+\202\212\216\244\016\245\327\211\103\374\026\132\257\035\161\327
+\021\131\332\272\207\015\257\372\363\341\302\360\244\305\147\214
+\326\326\124\072\336\012\244\272\003\167\263\145\310\375\036\323
+\164\142\252\030\312\150\223\036\241\205\176\365\107\145\313\370
+\115\127\050\164\322\064\377\060\266\356\366\142\060\024\214\054
+\353\002\003\001\000\001\243\201\271\060\201\266\060\013\006\003
+\125\035\017\004\004\003\002\001\306\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
+\016\004\026\004\024\211\202\147\175\304\235\046\160\000\113\264
+\120\110\174\336\075\256\004\156\175\060\130\006\003\125\035\037
+\004\121\060\117\060\115\240\113\240\111\206\107\150\164\164\160
+\072\057\057\143\162\154\056\165\163\145\162\164\162\165\163\164
+\056\143\157\155\057\125\124\116\055\125\123\105\122\106\151\162
+\163\164\055\103\154\151\145\156\164\101\165\164\150\145\156\164
+\151\143\141\164\151\157\156\141\156\144\105\155\141\151\154\056
+\143\162\154\060\035\006\003\125\035\045\004\026\060\024\006\010
+\053\006\001\005\005\007\003\002\006\010\053\006\001\005\005\007
+\003\004\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\202\001\001\000\261\155\141\135\246\032\177\174\253\112
+\344\060\374\123\157\045\044\306\312\355\342\061\134\053\016\356
+\356\141\125\157\004\076\317\071\336\305\033\111\224\344\353\040
+\114\264\346\236\120\056\162\331\215\365\252\243\263\112\332\126
+\034\140\227\200\334\202\242\255\112\275\212\053\377\013\011\264
+\306\327\040\004\105\344\315\200\001\272\272\053\156\316\252\327
+\222\376\344\257\353\364\046\035\026\052\177\154\060\225\067\057
+\063\022\254\177\335\307\321\021\214\121\230\262\320\243\221\320
+\255\366\237\236\203\223\036\035\102\270\106\257\153\146\360\233
+\177\352\343\003\002\345\002\121\301\252\325\065\235\162\100\003
+\211\272\061\035\305\020\150\122\236\337\242\205\305\134\010\246
+\170\346\123\117\261\350\267\323\024\236\223\246\303\144\343\254
+\176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174
+\025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044
+\121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266
+\370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303
+\005\323\312\003\112\124
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "UTN USERFirst Email Root CA"
+# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
+# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 17:28:50 1999
+# Not Valid After : Tue Jul 09 17:36:58 2019
+# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
+# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152
+\104\143\166\212
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\327\064\075\357\035\047\011\050\341\061\002\133\023\053\335\367
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\066\060\064\006\003\125
+\004\003\023\055\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\103\154\151\145\156\164\040\101\165\164\150\145\156\164
+\151\143\141\164\151\157\156\040\141\156\144\040\105\155\141\151
+\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\276\014\213\120\000\044\264\021\323\066\045\045\147
+\311\211
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "UTN USERFirst Hardware Root CA"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+# Subject: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:10:42 1999
+# Not Valid After : Tue Jul 09 18:19:22 2019
+# Fingerprint (MD5): 4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
+# Fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UTN USERFirst Hardware Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\276\014\213\120\000\044\264\021\323\066\052\376\145
+\012\375
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\164\060\202\003\134\240\003\002\001\002\002\020\104
+\276\014\213\120\000\044\264\021\323\066\052\376\145\012\375\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\071\071\060\067
+\060\071\061\070\061\060\064\062\132\027\015\061\071\060\067\060
+\071\061\070\061\071\062\062\132\060\201\227\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\013\060\011\006\003\125\004
+\010\023\002\125\124\061\027\060\025\006\003\125\004\007\023\016
+\123\141\154\164\040\114\141\153\145\040\103\151\164\171\061\036
+\060\034\006\003\125\004\012\023\025\124\150\145\040\125\123\105
+\122\124\122\125\123\124\040\116\145\164\167\157\162\153\061\041
+\060\037\006\003\125\004\013\023\030\150\164\164\160\072\057\057
+\167\167\167\056\165\163\145\162\164\162\165\163\164\056\143\157
+\155\061\037\060\035\006\003\125\004\003\023\026\125\124\116\055
+\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167\141
+\162\145\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\261\367\303\070\077\264\250\177\317\071\202\121\147
+\320\155\237\322\377\130\363\347\237\053\354\015\211\124\231\271
+\070\231\026\367\340\041\171\110\302\273\141\164\022\226\035\074
+\152\162\325\074\020\147\072\071\355\053\023\315\146\353\225\011
+\063\244\154\227\261\350\306\354\301\165\171\234\106\136\215\253
+\320\152\375\271\052\125\027\020\124\263\031\360\232\366\361\261
+\135\266\247\155\373\340\161\027\153\242\210\373\000\337\376\032
+\061\167\014\232\001\172\261\062\343\053\001\007\070\156\303\245
+\136\043\274\105\233\173\120\301\311\060\217\333\345\053\172\323
+\133\373\063\100\036\240\325\230\027\274\213\207\303\211\323\135
+\240\216\262\252\252\366\216\151\210\006\305\372\211\041\363\010
+\235\151\056\011\063\233\051\015\106\017\214\314\111\064\260\151
+\121\275\371\006\315\150\255\146\114\274\076\254\141\275\012\210
+\016\310\337\075\356\174\004\114\235\012\136\153\221\326\356\307
+\355\050\215\253\115\207\211\163\320\156\244\320\036\026\213\024
+\341\166\104\003\177\143\254\344\315\111\234\305\222\364\253\062
+\241\110\133\002\003\001\000\001\243\201\271\060\201\266\060\013
+\006\003\125\035\017\004\004\003\002\001\306\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003
+\125\035\016\004\026\004\024\241\162\137\046\033\050\230\103\225
+\135\007\067\325\205\226\235\113\322\303\105\060\104\006\003\125
+\035\037\004\075\060\073\060\071\240\067\240\065\206\063\150\164
+\164\160\072\057\057\143\162\154\056\165\163\145\162\164\162\165
+\163\164\056\143\157\155\057\125\124\116\055\125\123\105\122\106
+\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143\162
+\154\060\061\006\003\125\035\045\004\052\060\050\006\010\053\006
+\001\005\005\007\003\001\006\010\053\006\001\005\005\007\003\005
+\006\010\053\006\001\005\005\007\003\006\006\010\053\006\001\005
+\005\007\003\007\060\015\006\011\052\206\110\206\367\015\001\001
+\005\005\000\003\202\001\001\000\107\031\017\336\164\306\231\227
+\257\374\255\050\136\165\216\353\055\147\356\116\173\053\327\014
+\377\366\336\313\125\242\012\341\114\124\145\223\140\153\237\022
+\234\255\136\203\054\353\132\256\300\344\055\364\000\143\035\270
+\300\154\362\317\111\273\115\223\157\006\246\012\042\262\111\142
+\010\116\377\310\310\024\262\210\026\135\347\001\344\022\225\345
+\105\064\263\213\151\275\317\264\205\217\165\121\236\175\072\070
+\072\024\110\022\306\373\247\073\032\215\015\202\100\007\350\004
+\010\220\241\211\313\031\120\337\312\034\001\274\035\004\031\173
+\020\166\227\073\356\220\220\312\304\016\037\026\156\165\357\063
+\370\323\157\133\036\226\343\340\164\167\164\173\212\242\156\055
+\335\166\326\071\060\202\360\253\234\122\362\052\307\257\111\136
+\176\307\150\345\202\201\310\152\047\371\047\210\052\325\130\120
+\225\037\360\073\034\127\273\175\024\071\142\053\232\311\224\222
+\052\243\042\014\377\211\046\175\137\043\053\107\327\025\035\251
+\152\236\121\015\052\121\236\201\371\324\073\136\160\022\177\020
+\062\234\036\273\235\370\146\250
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "UTN USERFirst Hardware Root CA"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+# Subject: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:10:42 1999
+# Not Valid After : Tue Jul 09 18:19:22 2019
+# Fingerprint (MD5): 4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
+# Fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UTN USERFirst Hardware Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\004\203\355\063\231\254\066\010\005\207\042\355\274\136\106\000
+\343\276\371\327
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\114\126\101\345\015\273\053\350\312\243\355\030\010\255\103\071
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\276\014\213\120\000\044\264\021\323\066\052\376\145
+\012\375
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "UTN USERFirst Object Root CA"
+#
+# Issuer: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
+# Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:31:20 1999
+# Not Valid After : Tue Jul 09 18:40:36 2019
+# Fingerprint (MD5): A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
+# Fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UTN USERFirst Object Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\225\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\035\060\033\006\003\125
+\004\003\023\024\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\117\142\152\145\143\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\225\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\035\060\033\006\003\125
+\004\003\023\024\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\117\142\152\145\143\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\276\014\213\120\000\044\264\021\323\066\055\340\263
+\137\033
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\146\060\202\003\116\240\003\002\001\002\002\020\104
+\276\014\213\120\000\044\264\021\323\066\055\340\263\137\033\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\225\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\035\060\033\006\003\125\004\003
+\023\024\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\117\142\152\145\143\164\060\036\027\015\071\071\060\067\060\071
+\061\070\063\061\062\060\132\027\015\061\071\060\067\060\071\061
+\070\064\060\063\066\132\060\201\225\061\013\060\011\006\003\125
+\004\006\023\002\125\123\061\013\060\011\006\003\125\004\010\023
+\002\125\124\061\027\060\025\006\003\125\004\007\023\016\123\141
+\154\164\040\114\141\153\145\040\103\151\164\171\061\036\060\034
+\006\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124
+\122\125\123\124\040\116\145\164\167\157\162\153\061\041\060\037
+\006\003\125\004\013\023\030\150\164\164\160\072\057\057\167\167
+\167\056\165\163\145\162\164\162\165\163\164\056\143\157\155\061
+\035\060\033\006\003\125\004\003\023\024\125\124\116\055\125\123
+\105\122\106\151\162\163\164\055\117\142\152\145\143\164\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\316
+\252\201\077\243\243\141\170\252\061\000\125\225\021\236\047\017
+\037\034\337\072\233\202\150\060\300\112\141\035\361\057\016\372
+\276\171\367\245\043\357\125\121\226\204\315\333\343\271\156\076
+\061\330\012\040\147\307\364\331\277\224\353\107\004\076\002\316
+\052\242\135\207\004\011\366\060\235\030\212\227\262\252\034\374
+\101\322\241\066\313\373\075\221\272\347\331\160\065\372\344\347
+\220\303\233\243\233\323\074\365\022\231\167\261\267\011\340\150
+\346\034\270\363\224\143\210\152\152\376\013\166\311\276\364\042
+\344\147\271\253\032\136\167\301\205\007\335\015\154\277\356\006
+\307\167\152\101\236\247\017\327\373\356\224\027\267\374\205\276
+\244\253\304\034\061\335\327\266\321\344\360\357\337\026\217\262
+\122\223\327\241\324\211\241\007\056\277\341\001\022\102\036\032
+\341\330\225\064\333\144\171\050\377\272\056\021\302\345\350\133
+\222\110\373\107\013\302\154\332\255\062\203\101\363\245\345\101
+\160\375\145\220\155\372\372\121\304\371\275\226\053\031\004\054
+\323\155\247\334\360\177\157\203\145\342\152\253\207\206\165\002
+\003\001\000\001\243\201\257\060\201\254\060\013\006\003\125\035
+\017\004\004\003\002\001\306\060\017\006\003\125\035\023\001\001
+\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004
+\026\004\024\332\355\144\164\024\234\024\074\253\335\231\251\275
+\133\050\115\213\074\311\330\060\102\006\003\125\035\037\004\073
+\060\071\060\067\240\065\240\063\206\061\150\164\164\160\072\057
+\057\143\162\154\056\165\163\145\162\164\162\165\163\164\056\143
+\157\155\057\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\117\142\152\145\143\164\056\143\162\154\060\051\006\003\125
+\035\045\004\042\060\040\006\010\053\006\001\005\005\007\003\003
+\006\010\053\006\001\005\005\007\003\010\006\012\053\006\001\004
+\001\202\067\012\003\004\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\001\001\000\010\037\122\261\067\104
+\170\333\375\316\271\332\225\226\230\252\125\144\200\265\132\100
+\335\041\245\305\301\363\137\054\114\310\107\132\151\352\350\360
+\065\065\364\320\045\363\310\246\244\207\112\275\033\261\163\010
+\275\324\303\312\266\065\273\131\206\167\061\315\247\200\024\256
+\023\357\374\261\110\371\153\045\045\055\121\266\054\155\105\301
+\230\310\212\126\135\076\356\103\116\076\153\047\216\320\072\113
+\205\013\137\323\355\152\247\165\313\321\132\207\057\071\165\023
+\132\162\260\002\201\237\276\360\017\204\124\040\142\154\151\324
+\341\115\306\015\231\103\001\015\022\226\214\170\235\277\120\242
+\261\104\252\152\317\027\172\317\157\017\324\370\044\125\137\360
+\064\026\111\146\076\120\106\311\143\161\070\061\142\270\142\271
+\363\123\255\154\265\053\242\022\252\031\117\011\332\136\347\223
+\306\216\024\010\376\360\060\200\030\240\206\205\115\310\175\327
+\213\003\376\156\325\367\235\026\254\222\054\240\043\345\234\221
+\122\037\224\337\027\224\163\303\263\301\301\161\005\040\000\170
+\275\023\122\035\250\076\315\000\037\310
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "UTN USERFirst Object Root CA"
+# Issuer: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
+# Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:31:20 1999
+# Not Valid After : Tue Jul 09 18:40:36 2019
+# Fingerprint (MD5): A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
+# Fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UTN USERFirst Object Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\341\055\373\113\101\327\331\303\053\060\121\113\254\035\201\330
+\070\136\055\106
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\247\362\344\026\006\101\021\120\060\153\234\343\264\234\260\311
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\225\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\035\060\033\006\003\125
+\004\003\023\024\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\117\142\152\145\143\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\276\014\213\120\000\044\264\021\323\066\055\340\263
+\137\033
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Camerfirma Chambers of Commerce Root"
+#
+# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:13:43 2003
+# Not Valid After : Wed Sep 30 16:13:44 2037
+# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
+# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061
+\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101
+\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004
+\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150
+\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060
+\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163
+\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157
+\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061
+\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101
+\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004
+\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150
+\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060
+\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163
+\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\275\060\202\003\245\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061\047
+\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155\145
+\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101\070
+\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004\013
+\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150\141
+\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060\040
+\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163\040
+\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157\164
+\060\036\027\015\060\063\060\071\063\060\061\066\061\063\064\063
+\132\027\015\063\067\060\071\063\060\061\066\061\063\064\064\132
+\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061
+\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101
+\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004
+\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150
+\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060
+\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163
+\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157
+\164\060\202\001\040\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\015\000\060\202\001\010\002\202\001
+\001\000\267\066\125\345\245\135\030\060\340\332\211\124\221\374
+\310\307\122\370\057\120\331\357\261\165\163\145\107\175\033\133
+\272\165\305\374\241\210\044\372\057\355\312\010\112\071\124\304
+\121\172\265\332\140\352\070\074\201\262\313\361\273\331\221\043
+\077\110\001\160\165\251\005\052\255\037\161\363\311\124\075\035
+\006\152\100\076\263\014\205\356\134\033\171\302\142\304\270\066
+\216\065\135\001\014\043\004\107\065\252\233\140\116\240\146\075
+\313\046\012\234\100\241\364\135\230\277\161\253\245\000\150\052
+\355\203\172\017\242\024\265\324\042\263\200\260\074\014\132\121
+\151\055\130\030\217\355\231\236\361\256\342\225\346\366\107\250
+\326\014\017\260\130\130\333\303\146\067\236\233\221\124\063\067
+\322\224\034\152\110\311\311\362\245\332\245\014\043\367\043\016
+\234\062\125\136\161\234\204\005\121\232\055\375\346\116\052\064
+\132\336\312\100\067\147\014\124\041\125\167\332\012\014\314\227
+\256\200\334\224\066\112\364\076\316\066\023\036\123\344\254\116
+\072\005\354\333\256\162\234\070\213\320\071\073\211\012\076\167
+\376\165\002\001\003\243\202\001\104\060\202\001\100\060\022\006
+\003\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001
+\014\060\074\006\003\125\035\037\004\065\060\063\060\061\240\057
+\240\055\206\053\150\164\164\160\072\057\057\143\162\154\056\143
+\150\141\155\142\145\162\163\151\147\156\056\157\162\147\057\143
+\150\141\155\142\145\162\163\162\157\157\164\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\343\224\365\261\115\351
+\333\241\051\133\127\213\115\166\006\166\341\321\242\212\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\021
+\006\011\140\206\110\001\206\370\102\001\001\004\004\003\002\000
+\007\060\047\006\003\125\035\021\004\040\060\036\201\034\143\150
+\141\155\142\145\162\163\162\157\157\164\100\143\150\141\155\142
+\145\162\163\151\147\156\056\157\162\147\060\047\006\003\125\035
+\022\004\040\060\036\201\034\143\150\141\155\142\145\162\163\162
+\157\157\164\100\143\150\141\155\142\145\162\163\151\147\156\056
+\157\162\147\060\130\006\003\125\035\040\004\121\060\117\060\115
+\006\013\053\006\001\004\001\201\207\056\012\003\001\060\076\060
+\074\006\010\053\006\001\005\005\007\002\001\026\060\150\164\164
+\160\072\057\057\143\160\163\056\143\150\141\155\142\145\162\163
+\151\147\156\056\157\162\147\057\143\160\163\057\143\150\141\155
+\142\145\162\163\162\157\157\164\056\150\164\155\154\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\014\101\227\302\032\206\300\042\174\237\373\220\363\032\321
+\003\261\357\023\371\041\137\004\234\332\311\245\215\047\154\226
+\207\221\276\101\220\001\162\223\347\036\175\137\366\211\306\135
+\247\100\011\075\254\111\105\105\334\056\215\060\150\262\011\272
+\373\303\057\314\272\013\337\077\167\173\106\175\072\022\044\216
+\226\217\074\005\012\157\322\224\050\035\155\014\300\056\210\042
+\325\330\317\035\023\307\360\110\327\327\005\247\317\307\107\236
+\073\074\064\310\200\117\324\024\273\374\015\120\367\372\263\354
+\102\137\251\335\155\310\364\165\317\173\301\162\046\261\001\034
+\134\054\375\172\116\264\001\305\005\127\271\347\074\252\005\331
+\210\351\007\106\101\316\357\101\201\256\130\337\203\242\256\312
+\327\167\037\347\000\074\235\157\216\344\062\011\035\115\170\064
+\170\064\074\224\233\046\355\117\161\306\031\172\275\040\042\110
+\132\376\113\175\003\267\347\130\276\306\062\116\164\036\150\335
+\250\150\133\263\076\356\142\175\331\200\350\012\165\172\267\356
+\264\145\232\041\220\340\252\320\230\274\070\265\163\074\213\370
+\334
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Camerfirma Chambers of Commerce Root"
+# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:13:43 2003
+# Not Valid After : Wed Sep 30 16:13:44 2037
+# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
+# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\156\072\125\244\031\014\031\134\223\204\074\300\333\162\056\061
+\060\141\360\261
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\260\001\356\024\331\257\051\030\224\166\216\361\151\063\052\204
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061
+\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101
+\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004
+\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150
+\141\155\142\145\162\163\151\147\156\056\157\162\147\061\042\060
+\040\006\003\125\004\003\023\031\103\150\141\155\142\145\162\163
+\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157
+\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Camerfirma Global Chambersign Root"
+#
+# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:14:18 2003
+# Not Valid After : Wed Sep 30 16:14:18 2037
+# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
+# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Camerfirma Global Chambersign Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061
+\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101
+\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004
+\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150
+\141\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060
+\036\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103
+\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061
+\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101
+\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004
+\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150
+\141\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060
+\036\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103
+\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\305\060\202\003\255\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061\047
+\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155\145
+\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101\070
+\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004\013
+\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150\141
+\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060\036
+\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103\150
+\141\155\142\145\162\163\151\147\156\040\122\157\157\164\060\036
+\027\015\060\063\060\071\063\060\061\066\061\064\061\070\132\027
+\015\063\067\060\071\063\060\061\066\061\064\061\070\132\060\175
+\061\013\060\011\006\003\125\004\006\023\002\105\125\061\047\060
+\045\006\003\125\004\012\023\036\101\103\040\103\141\155\145\162
+\146\151\162\155\141\040\123\101\040\103\111\106\040\101\070\062
+\067\064\063\062\070\067\061\043\060\041\006\003\125\004\013\023
+\032\150\164\164\160\072\057\057\167\167\167\056\143\150\141\155
+\142\145\162\163\151\147\156\056\157\162\147\061\040\060\036\006
+\003\125\004\003\023\027\107\154\157\142\141\154\040\103\150\141
+\155\142\145\162\163\151\147\156\040\122\157\157\164\060\202\001
+\040\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\001\015\000\060\202\001\010\002\202\001\001\000\242\160
+\242\320\237\102\256\133\027\307\330\175\317\024\203\374\117\311
+\241\267\023\257\212\327\236\076\004\012\222\213\140\126\372\264
+\062\057\210\115\241\140\010\364\267\011\116\240\111\057\111\326
+\323\337\235\227\132\237\224\004\160\354\077\131\331\267\314\146
+\213\230\122\050\011\002\337\305\057\204\215\172\227\167\277\354
+\100\235\045\162\253\265\077\062\230\373\267\267\374\162\204\345
+\065\207\371\125\372\243\037\016\157\056\050\335\151\240\331\102
+\020\306\370\265\104\302\320\103\177\333\274\344\242\074\152\125
+\170\012\167\251\330\352\031\062\267\057\376\134\077\033\356\261
+\230\354\312\255\172\151\105\343\226\017\125\366\346\355\165\352
+\145\350\062\126\223\106\211\250\045\212\145\006\356\153\277\171
+\007\320\361\267\257\355\054\115\222\273\300\250\137\247\147\175
+\004\362\025\010\160\254\222\326\175\004\322\063\373\114\266\013
+\013\373\032\311\304\215\003\251\176\134\362\120\253\022\245\241
+\317\110\120\245\357\322\310\032\023\372\260\177\261\202\034\167
+\152\017\137\334\013\225\217\357\103\176\346\105\011\045\002\001
+\003\243\202\001\120\060\202\001\114\060\022\006\003\125\035\023
+\001\001\377\004\010\060\006\001\001\377\002\001\014\060\077\006
+\003\125\035\037\004\070\060\066\060\064\240\062\240\060\206\056
+\150\164\164\160\072\057\057\143\162\154\056\143\150\141\155\142
+\145\162\163\151\147\156\056\157\162\147\057\143\150\141\155\142
+\145\162\163\151\147\156\162\157\157\164\056\143\162\154\060\035
+\006\003\125\035\016\004\026\004\024\103\234\066\237\260\236\060
+\115\306\316\137\255\020\253\345\003\245\372\251\024\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\021\006
+\011\140\206\110\001\206\370\102\001\001\004\004\003\002\000\007
+\060\052\006\003\125\035\021\004\043\060\041\201\037\143\150\141
+\155\142\145\162\163\151\147\156\162\157\157\164\100\143\150\141
+\155\142\145\162\163\151\147\156\056\157\162\147\060\052\006\003
+\125\035\022\004\043\060\041\201\037\143\150\141\155\142\145\162
+\163\151\147\156\162\157\157\164\100\143\150\141\155\142\145\162
+\163\151\147\156\056\157\162\147\060\133\006\003\125\035\040\004
+\124\060\122\060\120\006\013\053\006\001\004\001\201\207\056\012
+\001\001\060\101\060\077\006\010\053\006\001\005\005\007\002\001
+\026\063\150\164\164\160\072\057\057\143\160\163\056\143\150\141
+\155\142\145\162\163\151\147\156\056\157\162\147\057\143\160\163
+\057\143\150\141\155\142\145\162\163\151\147\156\162\157\157\164
+\056\150\164\155\154\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\001\001\000\074\073\160\221\371\004\124
+\047\221\341\355\355\376\150\177\141\135\345\101\145\117\062\361
+\030\005\224\152\034\336\037\160\333\076\173\062\002\064\265\014
+\154\241\212\174\245\364\217\377\324\330\255\027\325\055\004\321
+\077\130\200\342\201\131\210\276\300\343\106\223\044\376\220\275
+\046\242\060\055\350\227\046\127\065\211\164\226\030\366\025\342
+\257\044\031\126\002\002\262\272\017\024\352\306\212\146\301\206
+\105\125\213\276\222\276\234\244\004\307\111\074\236\350\051\172
+\211\327\376\257\377\150\365\245\027\220\275\254\231\314\245\206
+\127\011\147\106\333\326\026\302\106\361\344\251\120\365\217\321
+\222\025\323\137\076\306\000\111\072\156\130\262\321\321\047\015
+\045\310\062\370\040\021\315\175\062\063\110\224\124\114\335\334
+\171\304\060\237\353\216\270\125\265\327\210\134\305\152\044\075
+\262\323\005\003\121\306\007\357\314\024\162\164\075\156\162\316
+\030\050\214\112\240\167\345\011\053\105\104\107\254\267\147\177
+\001\212\005\132\223\276\241\301\377\370\347\016\147\244\107\111
+\166\135\165\220\032\365\046\217\360
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Camerfirma Global Chambersign Root"
+# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:14:18 2003
+# Not Valid After : Wed Sep 30 16:14:18 2037
+# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
+# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Camerfirma Global Chambersign Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\063\233\153\024\120\044\233\125\172\001\207\162\204\331\340\057
+\303\322\330\351
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\305\346\173\277\006\320\117\103\355\304\172\145\212\373\153\031
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061
+\047\060\045\006\003\125\004\012\023\036\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\101\040\103\111\106\040\101
+\070\062\067\064\063\062\070\067\061\043\060\041\006\003\125\004
+\013\023\032\150\164\164\160\072\057\057\167\167\167\056\143\150
+\141\155\142\145\162\163\151\147\156\056\157\162\147\061\040\060
+\036\006\003\125\004\003\023\027\107\154\157\142\141\154\040\103
+\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "XRamp Global CA Root"
+#
+# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
+# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Not Valid Before: Mon Nov 01 17:14:04 2004
+# Not Valid After : Mon Jan 01 05:37:19 2035
+# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
+# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "XRamp Global CA Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\036\060\034\006\003\125\004\013\023\025\167\167\167\056\170
+\162\141\155\160\163\145\143\165\162\151\164\171\056\143\157\155
+\061\044\060\042\006\003\125\004\012\023\033\130\122\141\155\160
+\040\123\145\143\165\162\151\164\171\040\123\145\162\166\151\143
+\145\163\040\111\156\143\061\055\060\053\006\003\125\004\003\023
+\044\130\122\141\155\160\040\107\154\157\142\141\154\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\036\060\034\006\003\125\004\013\023\025\167\167\167\056\170
+\162\141\155\160\163\145\143\165\162\151\164\171\056\143\157\155
+\061\044\060\042\006\003\125\004\012\023\033\130\122\141\155\160
+\040\123\145\143\165\162\151\164\171\040\123\145\162\166\151\143
+\145\163\040\111\156\143\061\055\060\053\006\003\125\004\003\023
+\044\130\122\141\155\160\040\107\154\157\142\141\154\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\120\224\154\354\030\352\325\234\115\325\227\357\165\217
+\240\255
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\060\060\202\003\030\240\003\002\001\002\002\020\120
+\224\154\354\030\352\325\234\115\325\227\357\165\217\240\255\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\202\061\013\060\011\006\003\125\004\006\023\002\125\123\061\036
+\060\034\006\003\125\004\013\023\025\167\167\167\056\170\162\141
+\155\160\163\145\143\165\162\151\164\171\056\143\157\155\061\044
+\060\042\006\003\125\004\012\023\033\130\122\141\155\160\040\123
+\145\143\165\162\151\164\171\040\123\145\162\166\151\143\145\163
+\040\111\156\143\061\055\060\053\006\003\125\004\003\023\044\130
+\122\141\155\160\040\107\154\157\142\141\154\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\060\036\027\015\060\064\061\061\060\061\061\067\061
+\064\060\064\132\027\015\063\065\060\061\060\061\060\065\063\067
+\061\071\132\060\201\202\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\036\060\034\006\003\125\004\013\023\025\167\167
+\167\056\170\162\141\155\160\163\145\143\165\162\151\164\171\056
+\143\157\155\061\044\060\042\006\003\125\004\012\023\033\130\122
+\141\155\160\040\123\145\143\165\162\151\164\171\040\123\145\162
+\166\151\143\145\163\040\111\156\143\061\055\060\053\006\003\125
+\004\003\023\044\130\122\141\155\160\040\107\154\157\142\141\154
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\230\044\036\275\025\264\272
+\337\307\214\245\047\266\070\013\151\363\266\116\250\054\056\041
+\035\134\104\337\041\135\176\043\164\376\136\176\264\112\267\246
+\255\037\256\340\006\026\342\233\133\331\147\164\153\135\200\217
+\051\235\206\033\331\234\015\230\155\166\020\050\130\344\145\260
+\177\112\230\171\237\340\303\061\176\200\053\265\214\300\100\073
+\021\206\320\313\242\206\066\140\244\325\060\202\155\331\156\320
+\017\022\004\063\227\137\117\141\132\360\344\371\221\253\347\035
+\073\274\350\317\364\153\055\064\174\342\110\141\034\216\363\141
+\104\314\157\240\112\251\224\260\115\332\347\251\064\172\162\070
+\250\101\314\074\224\021\175\353\310\246\214\267\206\313\312\063
+\073\331\075\067\213\373\172\076\206\054\347\163\327\012\127\254
+\144\233\031\353\364\017\004\010\212\254\003\027\031\144\364\132
+\045\042\215\064\054\262\366\150\035\022\155\323\212\036\024\332
+\304\217\246\342\043\205\325\172\015\275\152\340\351\354\354\027
+\273\102\033\147\252\045\355\105\203\041\374\301\311\174\325\142
+\076\372\362\305\055\323\375\324\145\002\003\001\000\001\243\201
+\237\060\201\234\060\023\006\011\053\006\001\004\001\202\067\024
+\002\004\006\036\004\000\103\000\101\060\013\006\003\125\035\017
+\004\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\306\117\242\075\006\143\204\011\234\316\142\344\004\254
+\215\134\265\351\266\033\060\066\006\003\125\035\037\004\057\060
+\055\060\053\240\051\240\047\206\045\150\164\164\160\072\057\057
+\143\162\154\056\170\162\141\155\160\163\145\143\165\162\151\164
+\171\056\143\157\155\057\130\107\103\101\056\143\162\154\060\020
+\006\011\053\006\001\004\001\202\067\025\001\004\003\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\221\025\071\003\001\033\147\373\112\034\371\012
+\140\133\241\332\115\227\142\371\044\123\047\327\202\144\116\220
+\056\303\111\033\053\232\334\374\250\170\147\065\361\035\360\021
+\275\267\110\343\020\366\015\337\077\322\311\266\252\125\244\110
+\272\002\333\336\131\056\025\133\073\235\026\175\107\327\067\352
+\137\115\166\022\066\273\037\327\241\201\004\106\040\243\054\155
+\251\236\001\176\077\051\316\000\223\337\375\311\222\163\211\211
+\144\236\347\053\344\034\221\054\322\271\316\175\316\157\061\231
+\323\346\276\322\036\220\360\011\024\171\134\043\253\115\322\332
+\041\037\115\231\171\235\341\317\047\237\020\233\034\210\015\260
+\212\144\101\061\270\016\154\220\044\244\233\134\161\217\272\273
+\176\034\033\333\152\200\017\041\274\351\333\246\267\100\364\262
+\213\251\261\344\357\232\032\320\075\151\231\356\250\050\243\341
+\074\263\360\262\021\234\317\174\100\346\335\347\103\175\242\330
+\072\265\251\215\362\064\231\304\324\020\341\006\375\011\204\020
+\073\356\304\114\364\354\047\174\102\302\164\174\202\212\011\311
+\264\003\045\274
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "XRamp Global CA Root"
+# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
+# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Not Valid Before: Mon Nov 01 17:14:04 2004
+# Not Valid After : Mon Jan 01 05:37:19 2035
+# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
+# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "XRamp Global CA Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\270\001\206\321\353\234\206\245\101\004\317\060\124\363\114\122
+\267\345\130\306
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\241\013\104\263\312\020\330\000\156\235\017\330\017\222\012\321
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\036\060\034\006\003\125\004\013\023\025\167\167\167\056\170
+\162\141\155\160\163\145\143\165\162\151\164\171\056\143\157\155
+\061\044\060\042\006\003\125\004\012\023\033\130\122\141\155\160
+\040\123\145\143\165\162\151\164\171\040\123\145\162\166\151\143
+\145\163\040\111\156\143\061\055\060\053\006\003\125\004\003\023
+\044\130\122\141\155\160\040\107\154\157\142\141\154\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\120\224\154\354\030\352\325\234\115\325\227\357\165\217
+\240\255
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Go Daddy Class 2 CA"
+#
+# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:06:20 2004
+# Not Valid After : Thu Jun 29 17:06:20 2034
+# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
+# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Go Daddy Class 2 CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157
+\040\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156
+\143\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040
+\104\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157
+\040\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156
+\143\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040
+\104\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\000\060\202\002\350\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061\041
+\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157\040
+\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156\143
+\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040\104
+\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\060\036\027\015\060\064\060\066\062\071\061\067
+\060\066\062\060\132\027\015\063\064\060\066\062\071\061\067\060
+\066\062\060\132\060\143\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\041\060\037\006\003\125\004\012\023\030\124\150
+\145\040\107\157\040\104\141\144\144\171\040\107\162\157\165\160
+\054\040\111\156\143\056\061\061\060\057\006\003\125\004\013\023
+\050\107\157\040\104\141\144\144\171\040\103\154\141\163\163\040
+\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\202\001\040\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\015
+\000\060\202\001\010\002\202\001\001\000\336\235\327\352\127\030
+\111\241\133\353\327\137\110\206\352\276\335\377\344\357\147\034
+\364\145\150\263\127\161\240\136\167\273\355\233\111\351\160\200
+\075\126\030\143\010\157\332\362\314\320\077\177\002\124\042\124
+\020\330\262\201\324\300\165\075\113\177\307\167\303\076\170\253
+\032\003\265\040\153\057\152\053\261\305\210\176\304\273\036\260
+\301\330\105\047\157\252\067\130\367\207\046\327\330\055\366\251
+\027\267\037\162\066\116\246\027\077\145\230\222\333\052\156\135
+\242\376\210\340\013\336\177\345\215\025\341\353\313\072\325\342
+\022\242\023\055\330\216\257\137\022\075\240\010\005\010\266\134
+\245\145\070\004\105\231\036\243\140\140\164\305\101\245\162\142
+\033\142\305\037\157\137\032\102\276\002\121\145\250\256\043\030
+\152\374\170\003\251\115\177\200\303\372\253\132\374\241\100\244
+\312\031\026\376\262\310\357\136\163\015\356\167\275\232\366\171
+\230\274\261\007\147\242\025\015\335\240\130\306\104\173\012\076
+\142\050\137\272\101\007\123\130\317\021\176\070\164\305\370\377
+\265\151\220\217\204\164\352\227\033\257\002\001\003\243\201\300
+\060\201\275\060\035\006\003\125\035\016\004\026\004\024\322\304
+\260\322\221\324\114\021\161\263\141\313\075\241\376\335\250\152
+\324\343\060\201\215\006\003\125\035\043\004\201\205\060\201\202
+\200\024\322\304\260\322\221\324\114\021\161\263\141\313\075\241
+\376\335\250\152\324\343\241\147\244\145\060\143\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\041\060\037\006\003\125
+\004\012\023\030\124\150\145\040\107\157\040\104\141\144\144\171
+\040\107\162\157\165\160\054\040\111\156\143\056\061\061\060\057
+\006\003\125\004\013\023\050\107\157\040\104\141\144\144\171\040
+\103\154\141\163\163\040\062\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\202
+\001\000\060\014\006\003\125\035\023\004\005\060\003\001\001\377
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\062\113\363\262\312\076\221\374\022\306\241\007
+\214\216\167\240\063\006\024\134\220\036\030\367\010\246\075\012
+\031\371\207\200\021\156\151\344\226\027\060\377\064\221\143\162
+\070\356\314\034\001\243\035\224\050\244\061\366\172\304\124\327
+\366\345\061\130\003\242\314\316\142\333\224\105\163\265\277\105
+\311\044\265\325\202\002\255\043\171\151\215\270\266\115\316\317
+\114\312\063\043\350\034\210\252\235\213\101\156\026\311\040\345
+\211\236\315\073\332\160\367\176\231\046\040\024\124\045\253\156
+\163\205\346\233\041\235\012\154\202\016\250\370\302\014\372\020
+\036\154\226\357\207\015\304\017\141\213\255\356\203\053\225\370
+\216\222\204\162\071\353\040\352\203\355\203\315\227\156\010\274
+\353\116\046\266\163\053\344\323\366\114\376\046\161\342\141\021
+\164\112\377\127\032\207\017\165\110\056\317\121\151\027\240\002
+\022\141\225\325\321\100\262\020\114\356\304\254\020\103\246\245
+\236\012\325\225\142\232\015\317\210\202\305\062\014\344\053\237
+\105\346\015\237\050\234\261\271\052\132\127\255\067\017\257\035
+\177\333\275\237
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Go Daddy Class 2 CA"
+# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:06:20 2004
+# Not Valid After : Thu Jun 29 17:06:20 2034
+# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
+# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Go Daddy Class 2 CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\047\226\272\346\077\030\001\342\167\046\033\240\327\167\160\002
+\217\040\356\344
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\221\336\006\045\253\332\375\062\027\014\273\045\027\052\204\147
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\124\150\145\040\107\157
+\040\104\141\144\144\171\040\107\162\157\165\160\054\040\111\156
+\143\056\061\061\060\057\006\003\125\004\013\023\050\107\157\040
+\104\141\144\144\171\040\103\154\141\163\163\040\062\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Starfield Class 2 CA"
+#
+# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:39:16 2004
+# Not Valid After : Thu Jun 29 17:39:16 2034
+# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Starfield Class 2 CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\045\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151
+\145\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163
+\054\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023
+\051\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163
+\040\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\045\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151
+\145\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163
+\054\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023
+\051\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163
+\040\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\017\060\202\002\367\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061\045
+\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151\145
+\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163\054
+\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023\051
+\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163\040
+\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\036\027\015\060\064\060
+\066\062\071\061\067\063\071\061\066\132\027\015\063\064\060\066
+\062\071\061\067\063\071\061\066\132\060\150\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\045\060\043\006\003\125\004
+\012\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143
+\150\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061
+\062\060\060\006\003\125\004\013\023\051\123\164\141\162\146\151
+\145\154\144\040\103\154\141\163\163\040\062\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\060\202\001\040\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\015\000\060\202\001\010\002
+\202\001\001\000\267\062\310\376\351\161\246\004\205\255\014\021
+\144\337\316\115\357\310\003\030\207\077\241\253\373\074\246\237
+\360\303\241\332\324\330\156\053\123\220\373\044\244\076\204\360
+\236\350\137\354\345\047\104\365\050\246\077\173\336\340\052\360
+\310\257\123\057\236\312\005\001\223\036\217\146\034\071\247\115
+\372\132\266\163\004\045\146\353\167\177\347\131\306\112\231\045
+\024\124\353\046\307\363\177\031\325\060\160\217\257\260\106\052
+\377\255\353\051\355\327\237\252\004\207\243\324\371\211\245\064
+\137\333\103\221\202\066\331\146\074\261\270\271\202\375\234\072
+\076\020\310\073\357\006\145\146\172\233\031\030\075\377\161\121
+\074\060\056\137\276\075\167\163\262\135\006\154\303\043\126\232
+\053\205\046\222\034\247\002\263\344\077\015\257\010\171\202\270
+\066\075\352\234\323\065\263\274\151\312\365\314\235\350\375\144
+\215\027\200\063\156\136\112\135\231\311\036\207\264\235\032\300
+\325\156\023\065\043\136\337\233\137\075\357\326\367\166\302\352
+\076\273\170\015\034\102\147\153\004\330\370\326\332\157\213\362
+\104\240\001\253\002\001\003\243\201\305\060\201\302\060\035\006
+\003\125\035\016\004\026\004\024\277\137\267\321\316\335\037\206
+\364\133\125\254\334\327\020\302\016\251\210\347\060\201\222\006
+\003\125\035\043\004\201\212\060\201\207\200\024\277\137\267\321
+\316\335\037\206\364\133\125\254\334\327\020\302\016\251\210\347
+\241\154\244\152\060\150\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\045\060\043\006\003\125\004\012\023\034\123\164
+\141\162\146\151\145\154\144\040\124\145\143\150\156\157\154\157
+\147\151\145\163\054\040\111\156\143\056\061\062\060\060\006\003
+\125\004\013\023\051\123\164\141\162\146\151\145\154\144\040\103
+\154\141\163\163\040\062\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\202\001
+\000\060\014\006\003\125\035\023\004\005\060\003\001\001\377\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\005\235\077\210\235\321\311\032\125\241\254\151\363
+\363\131\332\233\001\207\032\117\127\251\241\171\011\052\333\367
+\057\262\036\314\307\136\152\330\203\207\241\227\357\111\065\076
+\167\006\101\130\142\277\216\130\270\012\147\077\354\263\335\041
+\146\037\311\124\372\162\314\075\114\100\330\201\257\167\236\203
+\172\273\242\307\365\064\027\216\331\021\100\364\374\054\052\115
+\025\177\247\142\135\056\045\323\000\013\040\032\035\150\371\027
+\270\364\275\213\355\050\131\335\115\026\213\027\203\310\262\145
+\307\055\172\245\252\274\123\206\155\335\127\244\312\370\040\101
+\013\150\360\364\373\164\276\126\135\172\171\365\371\035\205\343
+\055\225\276\365\161\220\103\314\215\037\232\000\012\207\051\351
+\125\042\130\000\043\352\343\022\103\051\133\107\010\335\214\101
+\152\145\006\250\345\041\252\101\264\225\041\225\271\175\321\064
+\253\023\326\255\274\334\342\075\071\315\275\076\165\160\241\030
+\131\003\311\042\264\217\234\325\136\052\327\245\266\324\012\155
+\370\267\100\021\106\232\037\171\016\142\277\017\227\354\340\057
+\037\027\224
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Starfield Class 2 CA"
+# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:39:16 2004
+# Not Valid After : Thu Jun 29 17:39:16 2034
+# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Starfield Class 2 CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\255\176\034\050\260\144\357\217\140\003\100\040\024\303\320\343
+\067\016\265\212
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\062\112\113\273\310\143\151\233\276\164\232\306\335\035\106\044
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\045\060\043\006\003\125\004\012\023\034\123\164\141\162\146\151
+\145\154\144\040\124\145\143\150\156\157\154\157\147\151\145\163
+\054\040\111\156\143\056\061\062\060\060\006\003\125\004\013\023
+\051\123\164\141\162\146\151\145\154\144\040\103\154\141\163\163
+\040\062\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "StartCom Certification Authority"
+#
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\311\060\202\005\261\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026
+\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157
+\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023
+\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040
+\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156
+\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164
+\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036
+\027\015\060\066\060\071\061\067\061\071\064\066\063\066\132\027
+\015\063\066\060\071\061\067\061\071\064\066\063\066\132\060\175
+\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026\060
+\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157\155
+\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023\042
+\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040\103
+\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156\151
+\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164\141
+\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202\002
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\002\017\000\060\202\002\012\002\202\002\001\000\301\210
+\333\011\274\154\106\174\170\237\225\173\265\063\220\362\162\142
+\326\301\066\040\042\044\136\316\351\167\362\103\012\242\006\144
+\244\314\216\066\370\070\346\043\360\156\155\261\074\335\162\243
+\205\034\241\323\075\264\063\053\323\057\257\376\352\260\101\131
+\147\266\304\006\175\012\236\164\205\326\171\114\200\067\172\337
+\071\005\122\131\367\364\033\106\103\244\322\205\205\322\303\161
+\363\165\142\064\272\054\212\177\036\217\356\355\064\320\021\307
+\226\315\122\075\272\063\326\335\115\336\013\073\112\113\237\302
+\046\057\372\265\026\034\162\065\167\312\074\135\346\312\341\046
+\213\032\066\166\134\001\333\164\024\045\376\355\265\240\210\017
+\335\170\312\055\037\007\227\060\001\055\162\171\372\106\326\023
+\052\250\271\246\253\203\111\035\345\362\357\335\344\001\216\030
+\012\217\143\123\026\205\142\251\016\031\072\314\265\146\246\302
+\153\164\007\344\053\341\166\076\264\155\330\366\104\341\163\142
+\037\073\304\276\240\123\126\045\154\121\011\367\252\253\312\277
+\166\375\155\233\363\235\333\277\075\146\274\014\126\252\257\230
+\110\225\072\113\337\247\130\120\331\070\165\251\133\352\103\014
+\002\377\231\353\350\154\115\160\133\051\145\234\335\252\135\314
+\257\001\061\354\014\353\322\215\350\352\234\173\346\156\367\047
+\146\014\032\110\327\156\102\343\077\336\041\076\173\341\015\160
+\373\143\252\250\154\032\124\264\134\045\172\311\242\311\213\026
+\246\273\054\176\027\136\005\115\130\156\022\035\001\356\022\020
+\015\306\062\177\030\377\374\364\372\315\156\221\350\066\111\276
+\032\110\151\213\302\226\115\032\022\262\151\027\301\012\220\326
+\372\171\042\110\277\272\173\151\370\160\307\372\172\067\330\330
+\015\322\166\117\127\377\220\267\343\221\322\335\357\302\140\267
+\147\072\335\376\252\234\360\324\213\177\162\042\316\306\237\227
+\266\370\257\212\240\020\250\331\373\030\306\266\265\134\122\074
+\211\266\031\052\163\001\012\017\003\263\022\140\362\172\057\201
+\333\243\156\377\046\060\227\365\213\335\211\127\266\255\075\263
+\257\053\305\267\166\002\360\245\326\053\232\206\024\052\162\366
+\343\063\214\135\011\113\023\337\273\214\164\023\122\113\002\003
+\001\000\001\243\202\002\122\060\202\002\116\060\014\006\003\125
+\035\023\004\005\060\003\001\001\377\060\013\006\003\125\035\017
+\004\004\003\002\001\256\060\035\006\003\125\035\016\004\026\004
+\024\116\013\357\032\244\100\133\245\027\151\207\060\312\064\150
+\103\320\101\256\362\060\144\006\003\125\035\037\004\135\060\133
+\060\054\240\052\240\050\206\046\150\164\164\160\072\057\057\143
+\145\162\164\056\163\164\141\162\164\143\157\155\056\157\162\147
+\057\163\146\163\143\141\055\143\162\154\056\143\162\154\060\053
+\240\051\240\047\206\045\150\164\164\160\072\057\057\143\162\154
+\056\163\164\141\162\164\143\157\155\056\157\162\147\057\163\146
+\163\143\141\055\143\162\154\056\143\162\154\060\202\001\135\006
+\003\125\035\040\004\202\001\124\060\202\001\120\060\202\001\114
+\006\013\053\006\001\004\001\201\265\067\001\001\001\060\202\001
+\073\060\057\006\010\053\006\001\005\005\007\002\001\026\043\150
+\164\164\160\072\057\057\143\145\162\164\056\163\164\141\162\164
+\143\157\155\056\157\162\147\057\160\157\154\151\143\171\056\160
+\144\146\060\065\006\010\053\006\001\005\005\007\002\001\026\051
+\150\164\164\160\072\057\057\143\145\162\164\056\163\164\141\162
+\164\143\157\155\056\157\162\147\057\151\156\164\145\162\155\145
+\144\151\141\164\145\056\160\144\146\060\201\320\006\010\053\006
+\001\005\005\007\002\002\060\201\303\060\047\026\040\123\164\141
+\162\164\040\103\157\155\155\145\162\143\151\141\154\040\050\123
+\164\141\162\164\103\157\155\051\040\114\164\144\056\060\003\002
+\001\001\032\201\227\114\151\155\151\164\145\144\040\114\151\141
+\142\151\154\151\164\171\054\040\162\145\141\144\040\164\150\145
+\040\163\145\143\164\151\157\156\040\052\114\145\147\141\154\040
+\114\151\155\151\164\141\164\151\157\156\163\052\040\157\146\040
+\164\150\145\040\123\164\141\162\164\103\157\155\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\120\157\154\151\143\171\040\141\166\141\151
+\154\141\142\154\145\040\141\164\040\150\164\164\160\072\057\057
+\143\145\162\164\056\163\164\141\162\164\143\157\155\056\157\162
+\147\057\160\157\154\151\143\171\056\160\144\146\060\021\006\011
+\140\206\110\001\206\370\102\001\001\004\004\003\002\000\007\060
+\070\006\011\140\206\110\001\206\370\102\001\015\004\053\026\051
+\123\164\141\162\164\103\157\155\040\106\162\145\145\040\123\123
+\114\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\002\001\000\026\154\231
+\364\146\014\064\365\320\205\136\175\012\354\332\020\116\070\034
+\136\337\246\045\005\113\221\062\301\350\073\361\075\335\104\011
+\133\007\111\212\051\313\146\002\267\261\232\367\045\230\011\074
+\216\033\341\335\066\207\053\113\273\150\323\071\146\075\240\046
+\307\362\071\221\035\121\253\202\173\176\325\316\132\344\342\003
+\127\160\151\227\010\371\136\130\246\012\337\214\006\232\105\026
+\026\070\012\136\127\366\142\307\172\002\005\346\274\036\265\362
+\236\364\251\051\203\370\262\024\343\156\050\207\104\303\220\032
+\336\070\251\074\254\103\115\144\105\316\335\050\251\134\362\163
+\173\004\370\027\350\253\261\363\056\134\144\156\163\061\072\022
+\270\274\263\021\344\175\217\201\121\232\073\215\211\364\115\223
+\146\173\074\003\355\323\232\035\232\363\145\120\365\240\320\165
+\237\057\257\360\352\202\103\230\370\151\234\211\171\304\103\216
+\106\162\343\144\066\022\257\367\045\036\070\211\220\167\176\303
+\153\152\271\303\313\104\113\254\170\220\213\347\307\054\036\113
+\021\104\310\064\122\047\315\012\135\237\205\301\211\325\032\170
+\362\225\020\123\062\335\200\204\146\165\331\265\150\050\373\141
+\056\276\204\250\070\300\231\022\206\245\036\147\144\255\006\056
+\057\251\160\205\307\226\017\174\211\145\365\216\103\124\016\253
+\335\245\200\071\224\140\300\064\311\226\160\054\243\022\365\037
+\110\173\275\034\176\153\267\235\220\364\042\073\256\370\374\052
+\312\372\202\122\240\357\257\113\125\223\353\301\265\360\042\213
+\254\064\116\046\042\004\241\207\054\165\112\267\345\175\023\327
+\270\014\144\300\066\322\311\057\206\022\214\043\011\301\033\202
+\073\163\111\243\152\127\207\224\345\326\170\305\231\103\143\343
+\115\340\167\055\341\145\231\162\151\004\032\107\011\346\017\001
+\126\044\373\037\277\016\171\251\130\056\271\304\011\001\176\225
+\272\155\000\006\076\262\352\112\020\071\330\320\053\365\277\354
+\165\277\227\002\305\011\033\010\334\125\067\342\201\373\067\204
+\103\142\040\312\347\126\113\145\352\376\154\301\044\223\044\241
+\064\353\005\377\232\042\256\233\175\077\361\145\121\012\246\060
+\152\263\364\210\034\200\015\374\162\212\350\203\136
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "StartCom Certification Authority"
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\076\053\367\362\003\033\226\363\214\346\304\330\250\135\076\055
+\130\107\152\017
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\042\115\217\212\374\367\065\302\273\127\064\220\173\213\042\026
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Taiwan GRCA"
+#
+# Issuer: O=Government Root Certification Authority,C=TW
+# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
+# Subject: O=Government Root Certification Authority,C=TW
+# Not Valid Before: Thu Dec 05 13:23:33 2002
+# Not Valid After : Sun Dec 05 13:23:33 2032
+# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
+# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Taiwan GRCA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156
+\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156
+\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\037\235\131\132\327\057\302\006\104\245\200\010\151\343
+\136\366
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\162\060\202\003\132\240\003\002\001\002\002\020\037
+\235\131\132\327\057\302\006\104\245\200\010\151\343\136\366\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\077
+\061\013\060\011\006\003\125\004\006\023\002\124\127\061\060\060
+\056\006\003\125\004\012\014\047\107\157\166\145\162\156\155\145
+\156\164\040\122\157\157\164\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060
+\036\027\015\060\062\061\062\060\065\061\063\062\063\063\063\132
+\027\015\063\062\061\062\060\065\061\063\062\063\063\063\132\060
+\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061\060
+\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156\155
+\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\232\045\270\354\314\242\165\250\173\367\316\133\131\212\311
+\321\206\022\010\124\354\234\362\347\106\366\210\363\174\351\245
+\337\114\107\066\244\033\001\034\177\036\127\212\215\303\305\321
+\041\343\332\044\077\110\053\373\237\056\241\224\347\054\034\223
+\321\277\033\001\207\123\231\316\247\365\012\041\166\167\377\251
+\267\306\163\224\117\106\367\020\111\067\372\250\131\111\135\152
+\201\007\126\362\212\371\006\320\367\160\042\115\264\267\101\271
+\062\270\261\360\261\303\234\077\160\375\123\335\201\252\330\143
+\170\366\330\123\156\241\254\152\204\044\162\124\206\306\322\262
+\312\034\016\171\201\326\265\160\142\010\001\056\116\117\016\325
+\021\257\251\257\345\232\277\334\314\207\155\046\344\311\127\242
+\373\226\371\314\341\077\123\214\154\114\176\233\123\010\013\154
+\027\373\147\310\302\255\261\315\200\264\227\334\166\001\026\025
+\351\152\327\244\341\170\107\316\206\325\373\061\363\372\061\276
+\064\252\050\373\160\114\035\111\307\257\054\235\155\146\246\266
+\215\144\176\265\040\152\235\073\201\266\217\100\000\147\113\211
+\206\270\314\145\376\025\123\351\004\301\326\137\035\104\327\012
+\057\047\232\106\175\241\015\165\255\124\206\025\334\111\073\361
+\226\316\017\233\240\354\243\172\135\276\325\052\165\102\345\173
+\336\245\266\252\257\050\254\254\220\254\070\267\325\150\065\046
+\172\334\367\073\363\375\105\233\321\273\103\170\156\157\361\102
+\124\152\230\360\015\255\227\351\122\136\351\325\152\162\336\152
+\367\033\140\024\364\245\344\266\161\147\252\037\352\342\115\301
+\102\100\376\147\106\027\070\057\107\077\161\234\256\345\041\312
+\141\055\155\007\250\204\174\055\356\121\045\361\143\220\236\375
+\341\127\210\153\357\212\043\155\261\346\275\077\255\321\075\226
+\013\205\215\315\153\047\273\267\005\233\354\273\221\251\012\007
+\022\002\227\116\040\220\360\377\015\036\342\101\073\323\100\072
+\347\215\135\332\146\344\002\260\007\122\230\134\016\216\063\234
+\302\246\225\373\125\031\156\114\216\256\113\017\275\301\070\115
+\136\217\204\035\146\315\305\140\226\264\122\132\005\211\216\225
+\172\230\301\221\074\225\043\262\016\364\171\264\311\174\301\112
+\041\002\003\001\000\001\243\152\060\150\060\035\006\003\125\035
+\016\004\026\004\024\314\314\357\314\051\140\244\073\261\222\266
+\074\372\062\142\217\254\045\025\073\060\014\006\003\125\035\023
+\004\005\060\003\001\001\377\060\071\006\004\147\052\007\000\004
+\061\060\057\060\055\002\001\000\060\011\006\005\053\016\003\002
+\032\005\000\060\007\006\005\147\052\003\000\000\004\024\003\233
+\360\042\023\377\225\050\066\323\334\236\300\062\373\061\072\212
+\121\145\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\202\002\001\000\100\200\112\372\046\311\316\136\060\335
+\117\206\164\166\130\365\256\263\203\063\170\244\172\164\027\031
+\116\351\122\265\271\340\012\164\142\252\150\312\170\240\114\232
+\216\054\043\056\325\152\022\044\277\324\150\323\212\320\330\234
+\237\264\037\014\336\070\176\127\070\374\215\342\117\136\014\237
+\253\073\322\377\165\227\313\244\343\147\010\377\345\300\026\265
+\110\001\175\351\371\012\377\033\345\152\151\277\170\041\250\302
+\247\043\251\206\253\166\126\350\016\014\366\023\335\052\146\212
+\144\111\075\032\030\207\220\004\237\102\122\267\117\313\376\107
+\101\166\065\357\377\000\166\066\105\062\233\306\106\205\135\342
+\044\260\036\343\110\226\230\127\107\224\125\172\017\101\261\104
+\044\363\301\376\032\153\277\210\375\301\246\332\223\140\136\201
+\112\231\040\234\110\146\031\265\000\171\124\017\270\054\057\113
+\274\251\135\133\140\177\214\207\245\340\122\143\052\276\330\073
+\205\100\025\376\036\266\145\077\305\113\332\176\265\172\065\051
+\243\056\172\230\140\042\243\364\175\047\116\055\352\264\164\074
+\351\017\244\063\017\020\021\274\023\001\326\345\016\323\277\265
+\022\242\341\105\043\300\314\010\156\141\267\211\253\203\343\044
+\036\346\135\007\347\037\040\076\317\147\310\347\254\060\155\047
+\113\150\156\113\052\134\002\010\064\333\370\166\344\147\243\046
+\234\077\242\062\302\112\305\201\030\061\020\126\252\204\357\055
+\012\377\270\037\167\322\277\245\130\240\142\344\327\113\221\165
+\215\211\200\230\176\155\313\123\116\136\257\366\262\227\205\227
+\271\332\125\006\271\044\356\327\306\070\036\143\033\022\073\225
+\341\130\254\362\337\204\325\137\231\057\015\125\133\346\070\333
+\056\077\162\351\110\205\313\273\051\023\217\036\070\125\271\363
+\262\304\060\231\043\116\135\362\110\241\022\014\334\022\220\011
+\220\124\221\003\074\107\345\325\311\145\340\267\113\175\354\107
+\323\263\013\076\255\236\320\164\000\016\353\275\121\255\300\336
+\054\300\303\152\376\357\334\013\247\372\106\337\140\333\234\246
+\131\120\165\043\151\163\223\262\371\374\002\323\107\346\161\316
+\020\002\356\047\214\204\377\254\105\015\023\134\203\062\340\045
+\245\206\054\174\364\022
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Taiwan GRCA"
+# Issuer: O=Government Root Certification Authority,C=TW
+# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
+# Subject: O=Government Root Certification Authority,C=TW
+# Not Valid Before: Thu Dec 05 13:23:33 2002
+# Not Valid After : Sun Dec 05 13:23:33 2032
+# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
+# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Taiwan GRCA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\364\213\021\277\336\253\276\224\124\040\161\346\101\336\153\276
+\210\053\100\271
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\067\205\104\123\062\105\037\040\360\363\225\341\045\304\103\116
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156
+\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\037\235\131\132\327\057\302\006\104\245\200\010\151\343
+\136\366
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Swisscom Root CA 1"
+#
+# Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:5c:0b:85:5c:0b:e7:59:41:df:57:cc:3f:7f:9d:a8:36
+# Subject: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Thu Aug 18 12:06:20 2005
+# Not Valid After : Mon Aug 18 22:06:20 2025
+# Fingerprint (MD5): F8:38:7C:77:88:DF:2C:16:68:2E:C2:E2:52:4B:B8:F9
+# Fingerprint (SHA1): 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Swisscom Root CA 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
+\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\103\101\040\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
+\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\134\013\205\134\013\347\131\101\337\127\314\077\177\235
+\250\066
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\134
+\013\205\134\013\347\131\101\337\127\314\077\177\235\250\066\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\144
+\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060
+\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155
+\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164
+\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123
+\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003
+\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040
+\103\101\040\061\060\036\027\015\060\065\060\070\061\070\061\062
+\060\066\062\060\132\027\015\062\065\060\070\061\070\062\062\060
+\066\062\060\132\060\144\061\013\060\011\006\003\125\004\006\023
+\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167
+\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023
+\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151
+\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060
+\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155
+\040\122\157\157\164\040\103\101\040\061\060\202\002\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
+\017\000\060\202\002\012\002\202\002\001\000\320\271\260\250\014
+\331\273\077\041\370\033\325\063\223\200\026\145\040\165\262\075
+\233\140\155\106\310\214\061\157\027\303\372\232\154\126\355\074
+\305\221\127\303\315\253\226\111\220\052\031\113\036\243\155\127
+\335\361\053\142\050\165\105\136\252\326\133\372\013\045\330\241
+\026\371\034\304\056\346\225\052\147\314\320\051\156\074\205\064
+\070\141\111\261\000\237\326\072\161\137\115\155\316\137\271\251
+\344\211\177\152\122\372\312\233\362\334\251\371\235\231\107\077
+\116\051\137\264\246\215\135\173\013\231\021\003\003\376\347\333
+\333\243\377\035\245\315\220\036\001\037\065\260\177\000\333\220
+\157\306\176\173\321\356\172\172\247\252\014\127\157\244\155\305
+\023\073\260\245\331\355\062\034\264\136\147\213\124\334\163\207
+\345\323\027\174\146\120\162\135\324\032\130\301\331\317\330\211
+\002\157\247\111\264\066\135\320\244\336\007\054\266\165\267\050
+\221\326\227\276\050\365\230\036\352\133\046\311\275\260\227\163
+\332\256\221\046\353\150\301\371\071\025\326\147\113\012\155\117
+\313\317\260\344\102\161\214\123\171\347\356\341\333\035\240\156
+\035\214\032\167\065\134\026\036\053\123\037\064\213\321\154\374
+\362\147\007\172\365\255\355\326\232\253\241\261\113\341\314\067
+\137\375\177\315\115\256\270\037\234\103\371\052\130\125\103\105
+\274\226\315\160\016\374\311\343\146\272\116\215\073\201\313\025
+\144\173\271\224\350\135\063\122\205\161\056\117\216\242\006\021
+\121\311\343\313\241\156\061\010\144\014\302\322\074\365\066\350
+\327\320\016\170\043\040\221\311\044\052\145\051\133\042\367\041
+\316\203\136\244\363\336\113\323\150\217\106\165\134\203\011\156
+\051\153\304\160\214\365\235\327\040\057\377\106\322\053\070\302
+\057\165\034\075\176\332\245\357\036\140\205\151\102\323\314\370
+\143\376\036\103\071\205\246\266\143\101\020\263\163\036\274\323
+\372\312\175\026\107\342\247\325\320\243\212\012\010\226\142\126
+\156\064\333\331\002\271\060\165\343\004\322\347\217\302\260\021
+\100\012\254\325\161\002\142\213\061\276\335\306\043\130\061\102
+\103\055\164\371\306\236\246\212\017\351\376\277\203\346\103\127
+\044\272\357\106\064\252\327\022\001\070\355\002\003\001\000\001
+\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060
+\024\060\022\006\007\140\205\164\001\123\000\001\006\007\140\205
+\164\001\123\000\001\060\022\006\003\125\035\023\001\001\377\004
+\010\060\006\001\001\377\002\001\007\060\037\006\003\125\035\043
+\004\030\060\026\200\024\003\045\057\336\157\202\001\072\134\054
+\334\053\241\151\265\147\324\214\323\375\060\035\006\003\125\035
+\016\004\026\004\024\003\045\057\336\157\202\001\072\134\054\334
+\053\241\151\265\147\324\214\323\375\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\002\001\000\065\020\313
+\354\246\004\015\015\017\315\300\333\253\250\362\210\227\014\337
+\223\057\115\174\100\126\061\172\353\244\017\140\315\172\363\276
+\303\047\216\003\076\244\335\022\357\176\036\164\006\074\077\061
+\362\034\173\221\061\041\264\360\320\154\227\324\351\227\262\044
+\126\036\126\303\065\275\210\005\017\133\020\032\144\341\307\202
+\060\371\062\255\236\120\054\347\170\005\320\061\261\132\230\212
+\165\116\220\134\152\024\052\340\122\107\202\140\346\036\332\201
+\261\373\024\013\132\361\237\322\225\272\076\320\033\326\025\035
+\243\276\206\325\333\017\300\111\144\273\056\120\031\113\322\044
+\370\335\036\007\126\320\070\240\225\160\040\166\214\327\335\036
+\336\237\161\304\043\357\203\023\134\243\044\025\115\051\100\074
+\152\304\251\330\267\246\104\245\015\364\340\235\167\036\100\160
+\046\374\332\331\066\344\171\344\265\077\274\233\145\276\273\021
+\226\317\333\306\050\071\072\010\316\107\133\123\132\305\231\376
+\135\251\335\357\114\324\306\245\255\002\346\214\007\022\036\157
+\003\321\157\240\243\363\051\275\022\307\120\242\260\177\210\251
+\231\167\232\261\300\245\071\056\134\174\151\342\054\260\352\067
+\152\244\341\132\341\365\120\345\203\357\245\273\052\210\347\214
+\333\375\155\136\227\031\250\176\146\165\153\161\352\277\261\307
+\157\240\364\216\244\354\064\121\133\214\046\003\160\241\167\325
+\001\022\127\000\065\333\043\336\016\212\050\231\375\261\020\157
+\113\377\070\055\140\116\054\234\353\147\265\255\111\356\113\037
+\254\257\373\015\220\132\146\140\160\135\252\315\170\324\044\356
+\310\101\240\223\001\222\234\152\236\374\271\044\305\263\025\202
+\176\276\256\225\053\353\261\300\332\343\001\140\013\136\151\254
+\204\126\141\276\161\027\376\035\023\017\376\306\207\105\351\376
+\062\240\032\015\023\244\224\125\161\245\026\213\272\312\211\260
+\262\307\374\217\330\124\265\223\142\235\316\317\131\373\075\030
+\316\052\313\065\025\202\135\377\124\042\133\161\122\373\267\311
+\376\140\233\000\101\144\360\252\052\354\266\102\103\316\211\146
+\201\310\213\237\071\124\003\045\323\026\065\216\204\320\137\372
+\060\032\365\232\154\364\016\123\371\072\133\321\034
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Swisscom Root CA 1"
+# Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:5c:0b:85:5c:0b:e7:59:41:df:57:cc:3f:7f:9d:a8:36
+# Subject: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Thu Aug 18 12:06:20 2005
+# Not Valid After : Mon Aug 18 22:06:20 2025
+# Fingerprint (MD5): F8:38:7C:77:88:DF:2C:16:68:2E:C2:E2:52:4B:B8:F9
+# Fingerprint (SHA1): 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Swisscom Root CA 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\137\072\374\012\213\144\366\206\147\064\164\337\176\251\242\376
+\371\372\172\121
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\370\070\174\167\210\337\054\026\150\056\302\342\122\113\270\371
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
+\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\134\013\205\134\013\347\131\101\337\127\314\077\177\235
+\250\066
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert Assured ID Root CA"
+#
+# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
+# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
+# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Assured ID Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\347\340\345\027\330\106\376\217\345\140\374\033\360
+\060\071
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\267\060\202\002\237\240\003\002\001\002\002\020\014
+\347\340\345\027\330\106\376\217\345\140\374\033\360\060\071\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\145
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060
+\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164
+\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167
+\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061
+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\103\145
+\162\164\040\101\163\163\165\162\145\144\040\111\104\040\122\157
+\157\164\040\103\101\060\036\027\015\060\066\061\061\061\060\060
+\060\060\060\060\060\132\027\015\063\061\061\061\061\060\060\060
+\060\060\060\060\132\060\145\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\025\060\023\006\003\125\004\012\023\014\104
+\151\147\151\103\145\162\164\040\111\156\143\061\031\060\027\006
+\003\125\004\013\023\020\167\167\167\056\144\151\147\151\143\145
+\162\164\056\143\157\155\061\044\060\042\006\003\125\004\003\023
+\033\104\151\147\151\103\145\162\164\040\101\163\163\165\162\145
+\144\040\111\104\040\122\157\157\164\040\103\101\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\255\016\025
+\316\344\103\200\134\261\207\363\267\140\371\161\022\245\256\334
+\046\224\210\252\364\316\365\040\071\050\130\140\014\370\200\332
+\251\025\225\062\141\074\265\261\050\204\212\212\334\237\012\014
+\203\027\172\217\220\254\212\347\171\123\134\061\204\052\366\017
+\230\062\066\166\314\336\335\074\250\242\357\152\373\041\362\122
+\141\337\237\040\327\037\342\261\331\376\030\144\322\022\133\137
+\371\130\030\065\274\107\315\241\066\371\153\177\324\260\070\076
+\301\033\303\214\063\331\330\057\030\376\050\017\263\247\203\326
+\303\156\104\300\141\065\226\026\376\131\234\213\166\155\327\361
+\242\113\015\053\377\013\162\332\236\140\320\216\220\065\306\170
+\125\207\040\241\317\345\155\012\310\111\174\061\230\063\154\042
+\351\207\320\062\132\242\272\023\202\021\355\071\027\235\231\072
+\162\241\346\372\244\331\325\027\061\165\256\205\175\042\256\077
+\001\106\206\366\050\171\310\261\332\344\127\027\304\176\034\016
+\260\264\222\246\126\263\275\262\227\355\252\247\360\267\305\250
+\077\225\026\320\377\241\226\353\010\137\030\167\117\002\003\001
+\000\001\243\143\060\141\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\206\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\105\353\242\257\364\222\313\202\061\055\121\213\247\247
+\041\235\363\155\310\017\060\037\006\003\125\035\043\004\030\060
+\026\200\024\105\353\242\257\364\222\313\202\061\055\121\213\247
+\247\041\235\363\155\310\017\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\003\202\001\001\000\242\016\274\337\342
+\355\360\343\162\163\172\144\224\277\367\162\146\330\062\344\102
+\165\142\256\207\353\362\325\331\336\126\263\237\314\316\024\050
+\271\015\227\140\134\022\114\130\344\323\075\203\111\105\130\227
+\065\151\032\250\107\352\126\306\171\253\022\330\147\201\204\337
+\177\011\074\224\346\270\046\054\040\275\075\263\050\211\367\137
+\377\042\342\227\204\037\351\145\357\207\340\337\301\147\111\263
+\135\353\262\011\052\353\046\355\170\276\175\077\053\363\267\046
+\065\155\137\211\001\266\111\133\237\001\005\233\253\075\045\301
+\314\266\177\302\361\157\206\306\372\144\150\353\201\055\224\353
+\102\267\372\214\036\335\142\361\276\120\147\267\154\275\363\361
+\037\153\014\066\007\026\177\067\174\251\133\155\172\361\022\106
+\140\203\327\047\004\276\113\316\227\276\303\147\052\150\021\337
+\200\347\014\063\146\277\023\015\024\156\363\177\037\143\020\036
+\372\215\033\045\155\154\217\245\267\141\001\261\322\243\046\241
+\020\161\235\255\342\303\371\303\231\121\267\053\007\010\316\056
+\346\120\262\247\372\012\105\057\242\360\362
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "DigiCert Assured ID Root CA"
+# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
+# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
+# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Assured ID Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\005\143\270\143\015\142\327\132\273\310\253\036\113\337\265\250
+\231\262\115\103
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\207\316\013\173\052\016\111\000\341\130\161\233\067\250\223\162
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\347\340\345\027\330\106\376\217\345\140\374\033\360
+\060\071
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert Global Root CA"
+#
+# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
+# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
+# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Global Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\010\073\340\126\220\102\106\261\241\165\152\311\131\221
+\307\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\257\060\202\002\227\240\003\002\001\002\002\020\010
+\073\340\126\220\102\106\261\241\165\152\311\131\221\307\112\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\141
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060
+\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164
+\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167
+\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061
+\040\060\036\006\003\125\004\003\023\027\104\151\147\151\103\145
+\162\164\040\107\154\157\142\141\154\040\122\157\157\164\040\103
+\101\060\036\027\015\060\066\061\061\061\060\060\060\060\060\060
+\060\132\027\015\063\061\061\061\061\060\060\060\060\060\060\060
+\132\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103
+\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013
+\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143
+\157\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147
+\151\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157
+\164\040\103\101\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\342\073\341\021\162\336\250\244\323\243\127
+\252\120\242\217\013\167\220\311\242\245\356\022\316\226\133\001
+\011\040\314\001\223\247\116\060\267\123\367\103\304\151\000\127
+\235\342\215\042\335\207\006\100\000\201\011\316\316\033\203\277
+\337\315\073\161\106\342\326\146\307\005\263\166\047\026\217\173
+\236\036\225\175\356\267\110\243\010\332\326\257\172\014\071\006
+\145\177\112\135\037\274\027\370\253\276\356\050\327\164\177\172
+\170\231\131\205\150\156\134\043\062\113\277\116\300\350\132\155
+\343\160\277\167\020\277\374\001\366\205\331\250\104\020\130\062
+\251\165\030\325\321\242\276\107\342\047\152\364\232\063\370\111
+\010\140\213\324\137\264\072\204\277\241\252\112\114\175\076\317
+\117\137\154\166\136\240\113\067\221\236\334\042\346\155\316\024
+\032\216\152\313\376\315\263\024\144\027\307\133\051\236\062\277
+\362\356\372\323\013\102\324\253\267\101\062\332\014\324\357\370
+\201\325\273\215\130\077\265\033\350\111\050\242\160\332\061\004
+\335\367\262\026\362\114\012\116\007\250\355\112\075\136\265\177
+\243\220\303\257\047\002\003\001\000\001\243\143\060\141\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\003\336\120\065\126\321
+\114\273\146\360\243\342\033\033\303\227\262\075\321\125\060\037
+\006\003\125\035\043\004\030\060\026\200\024\003\336\120\065\126
+\321\114\273\146\360\243\342\033\033\303\227\262\075\321\125\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\313\234\067\252\110\023\022\012\372\335\104\234\117
+\122\260\364\337\256\004\365\171\171\010\243\044\030\374\113\053
+\204\300\055\271\325\307\376\364\301\037\130\313\270\155\234\172
+\164\347\230\051\253\021\265\343\160\240\241\315\114\210\231\223
+\214\221\160\342\253\017\034\276\223\251\377\143\325\344\007\140
+\323\243\277\235\133\011\361\325\216\343\123\364\216\143\372\077
+\247\333\264\146\337\142\146\326\321\156\101\215\362\055\265\352
+\167\112\237\235\130\342\053\131\300\100\043\355\055\050\202\105
+\076\171\124\222\046\230\340\200\110\250\067\357\360\326\171\140
+\026\336\254\350\016\315\156\254\104\027\070\057\111\332\341\105
+\076\052\271\066\123\317\072\120\006\367\056\350\304\127\111\154
+\141\041\030\325\004\255\170\074\054\072\200\153\247\353\257\025
+\024\351\330\211\301\271\070\154\342\221\154\212\377\144\271\167
+\045\127\060\300\033\044\243\341\334\351\337\107\174\265\264\044
+\010\005\060\354\055\275\013\277\105\277\120\271\251\363\353\230
+\001\022\255\310\210\306\230\064\137\215\012\074\306\351\325\225
+\225\155\336
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "DigiCert Global Root CA"
+# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
+# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
+# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Global Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\250\230\135\072\145\345\345\304\262\327\326\155\100\306\335\057
+\261\234\124\066
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\171\344\251\204\015\175\072\226\327\300\117\342\103\114\211\056
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\010\073\340\126\220\102\106\261\241\165\152\311\131\221
+\307\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert High Assurance EV Root CA"
+#
+# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
+# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A
+# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\053\060\051\006\003\125\004\003\023\042\104\151\147\151
+\103\145\162\164\040\110\151\147\150\040\101\163\163\165\162\141
+\156\143\145\040\105\126\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\053\060\051\006\003\125\004\003\023\042\104\151\147\151
+\103\145\162\164\040\110\151\147\150\040\101\163\163\165\162\141
+\156\143\145\040\105\126\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\002\254\134\046\152\013\100\233\217\013\171\362\256\106
+\045\167
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\305\060\202\002\255\240\003\002\001\002\002\020\002
+\254\134\046\152\013\100\233\217\013\171\362\256\106\045\167\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\154
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060
+\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164
+\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167
+\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061
+\053\060\051\006\003\125\004\003\023\042\104\151\147\151\103\145
+\162\164\040\110\151\147\150\040\101\163\163\165\162\141\156\143
+\145\040\105\126\040\122\157\157\164\040\103\101\060\036\027\015
+\060\066\061\061\061\060\060\060\060\060\060\060\132\027\015\063
+\061\061\061\061\060\060\060\060\060\060\060\132\060\154\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006
+\003\125\004\012\023\014\104\151\147\151\103\145\162\164\040\111
+\156\143\061\031\060\027\006\003\125\004\013\023\020\167\167\167
+\056\144\151\147\151\143\145\162\164\056\143\157\155\061\053\060
+\051\006\003\125\004\003\023\042\104\151\147\151\103\145\162\164
+\040\110\151\147\150\040\101\163\163\165\162\141\156\143\145\040
+\105\126\040\122\157\157\164\040\103\101\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\306\314\345\163\346
+\373\324\273\345\055\055\062\246\337\345\201\077\311\315\045\111
+\266\161\052\303\325\224\064\147\242\012\034\260\137\151\246\100
+\261\304\267\262\217\320\230\244\251\101\131\072\323\334\224\326
+\074\333\164\070\244\112\314\115\045\202\367\112\245\123\022\070
+\356\363\111\155\161\221\176\143\266\253\246\137\303\244\204\370
+\117\142\121\276\370\305\354\333\070\222\343\006\345\010\221\014
+\304\050\101\125\373\313\132\211\025\176\161\350\065\277\115\162
+\011\075\276\072\070\120\133\167\061\033\215\263\307\044\105\232
+\247\254\155\000\024\132\004\267\272\023\353\121\012\230\101\101
+\042\116\145\141\207\201\101\120\246\171\134\211\336\031\112\127
+\325\056\346\135\034\123\054\176\230\315\032\006\026\244\150\163
+\320\064\004\023\134\241\161\323\132\174\125\333\136\144\341\067
+\207\060\126\004\345\021\264\051\200\022\361\171\071\210\242\002
+\021\174\047\146\267\210\267\170\362\312\012\250\070\253\012\144
+\302\277\146\135\225\204\301\241\045\036\207\135\032\120\013\040
+\022\314\101\273\156\013\121\070\270\113\313\002\003\001\000\001
+\243\143\060\141\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024
+\261\076\303\151\003\370\277\107\001\324\230\046\032\010\002\357
+\143\144\053\303\060\037\006\003\125\035\043\004\030\060\026\200
+\024\261\076\303\151\003\370\277\107\001\324\230\046\032\010\002
+\357\143\144\053\303\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\001\001\000\034\032\006\227\334\327\234
+\237\074\210\146\006\010\127\041\333\041\107\370\052\147\252\277
+\030\062\166\100\020\127\301\212\363\172\331\021\145\216\065\372
+\236\374\105\265\236\331\114\061\113\270\221\350\103\054\216\263
+\170\316\333\343\123\171\161\326\345\041\224\001\332\125\207\232
+\044\144\366\212\146\314\336\234\067\315\250\064\261\151\233\043
+\310\236\170\042\053\160\103\343\125\107\061\141\031\357\130\305
+\205\057\116\060\366\240\061\026\043\310\347\342\145\026\063\313
+\277\032\033\240\075\370\312\136\213\061\213\140\010\211\055\014
+\006\134\122\267\304\371\012\230\321\025\137\237\022\276\174\066
+\143\070\275\104\244\177\344\046\053\012\304\227\151\015\351\214
+\342\300\020\127\270\310\166\022\221\125\362\110\151\330\274\052
+\002\133\017\104\324\040\061\333\364\272\160\046\135\220\140\236
+\274\113\027\011\057\264\313\036\103\150\311\007\047\301\322\134
+\367\352\041\271\150\022\234\074\234\277\236\374\200\134\233\143
+\315\354\107\252\045\047\147\240\067\363\000\202\175\124\327\251
+\370\351\056\023\243\167\350\037\112
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "DigiCert High Assurance EV Root CA"
+# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
+# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A
+# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\137\267\356\006\063\342\131\333\255\014\114\232\346\323\217\032
+\141\307\334\045
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\324\164\336\127\134\071\262\323\234\205\203\305\300\145\111\212
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\053\060\051\006\003\125\004\003\023\042\104\151\147\151
+\103\145\162\164\040\110\151\147\150\040\101\163\163\165\162\141
+\156\143\145\040\105\126\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\002\254\134\046\152\013\100\233\217\013\171\362\256\106
+\045\167
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certplus Class 2 Primary CA"
+#
+# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
+# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Not Valid Before: Wed Jul 07 17:05:00 1999
+# Not Valid After : Sat Jul 06 23:59:59 2019
+# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
+# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
+\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
+\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
+\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
+\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
+\245\104\043
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\222\060\202\002\172\240\003\002\001\002\002\021\000
+\205\275\113\363\330\332\343\151\366\224\327\137\303\245\104\043
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021
+\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165
+\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163
+\163\040\062\040\120\162\151\155\141\162\171\040\103\101\060\036
+\027\015\071\071\060\067\060\067\061\067\060\065\060\060\132\027
+\015\061\071\060\067\060\066\062\063\065\071\065\071\132\060\075
+\061\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060
+\017\006\003\125\004\012\023\010\103\145\162\164\160\154\165\163
+\061\033\060\031\006\003\125\004\003\023\022\103\154\141\163\163
+\040\062\040\120\162\151\155\141\162\171\040\103\101\060\202\001
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\001\017\000\060\202\001\012\002\202\001\001\000\334\120
+\226\320\022\370\065\322\010\170\172\266\122\160\375\157\356\317
+\271\021\313\135\167\341\354\351\176\004\215\326\314\157\163\103
+\127\140\254\063\012\104\354\003\137\034\200\044\221\345\250\221
+\126\022\202\367\340\053\364\333\256\141\056\211\020\215\153\154
+\272\263\002\275\325\066\305\110\067\043\342\360\132\067\122\063
+\027\022\342\321\140\115\276\057\101\021\343\366\027\045\014\213
+\221\300\033\231\173\231\126\015\257\356\322\274\107\127\343\171
+\111\173\064\211\047\044\204\336\261\354\351\130\116\376\116\337
+\132\276\101\255\254\010\305\030\016\357\322\123\356\154\320\235
+\022\001\023\215\334\200\142\367\225\251\104\210\112\161\116\140
+\125\236\333\043\031\171\126\007\014\077\143\013\134\260\342\276
+\176\025\374\224\063\130\101\070\164\304\341\217\213\337\046\254
+\037\265\213\073\267\103\131\153\260\044\246\155\220\213\304\162
+\352\135\063\230\267\313\336\136\173\357\224\361\033\076\312\311
+\041\301\305\230\002\252\242\366\133\167\233\365\176\226\125\064
+\034\147\151\300\361\102\343\107\254\374\050\034\146\125\002\003
+\001\000\001\243\201\214\060\201\211\060\017\006\003\125\035\023
+\004\010\060\006\001\001\377\002\001\012\060\013\006\003\125\035
+\017\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026
+\004\024\343\163\055\337\313\016\050\014\336\335\263\244\312\171
+\270\216\273\350\060\211\060\021\006\011\140\206\110\001\206\370
+\102\001\001\004\004\003\002\001\006\060\067\006\003\125\035\037
+\004\060\060\056\060\054\240\052\240\050\206\046\150\164\164\160
+\072\057\057\167\167\167\056\143\145\162\164\160\154\165\163\056
+\143\157\155\057\103\122\114\057\143\154\141\163\163\062\056\143
+\162\154\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\202\001\001\000\247\124\317\210\104\031\313\337\324\177
+\000\337\126\063\142\265\367\121\001\220\353\303\077\321\210\104
+\351\044\135\357\347\024\275\040\267\232\074\000\376\155\237\333
+\220\334\327\364\142\326\213\160\135\347\345\004\110\251\150\174
+\311\361\102\363\154\177\305\172\174\035\121\210\272\322\012\076
+\047\135\336\055\121\116\323\023\144\151\344\056\343\323\347\233
+\011\231\246\340\225\233\316\032\327\177\276\074\316\122\263\021
+\025\301\017\027\315\003\273\234\045\025\272\242\166\211\374\006
+\361\030\320\223\113\016\174\202\267\245\364\366\137\376\355\100
+\246\235\204\164\071\271\334\036\205\026\332\051\033\206\043\000
+\311\273\211\176\156\200\210\036\057\024\264\003\044\250\062\157
+\003\232\107\054\060\276\126\306\247\102\002\160\033\352\100\330
+\272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201
+\220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366
+\215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056
+\010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273
+\227\277\242\216\264\124
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Certplus Class 2 Primary CA"
+# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
+# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Not Valid Before: Wed Jul 07 17:05:00 1999
+# Not Valid After : Sat Jul 06 23:59:59 2019
+# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
+# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302
+\201\222\342\273
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\210\054\214\122\270\242\074\363\367\273\003\352\256\254\102\013
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\023\010\103\145\162\164\160\154
+\165\163\061\033\060\031\006\003\125\004\003\023\022\103\154\141
+\163\163\040\062\040\120\162\151\155\141\162\171\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\205\275\113\363\330\332\343\151\366\224\327\137\303
+\245\104\043
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DST Root CA X3"
+#
+# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
+# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Not Valid Before: Sat Sep 30 21:12:19 2000
+# Not Valid After : Thu Sep 30 14:01:15 2021
+# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
+# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DST Root CA X3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147
+\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124
+\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004
+\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130
+\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147
+\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124
+\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004
+\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130
+\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\257\260\200\326\243\047\272\211\060\071\206\056\370
+\100\153
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\112\060\202\002\062\240\003\002\001\002\002\020\104
+\257\260\200\326\243\047\272\211\060\071\206\056\370\100\153\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\077
+\061\044\060\042\006\003\125\004\012\023\033\104\151\147\151\164
+\141\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165
+\163\164\040\103\157\056\061\027\060\025\006\003\125\004\003\023
+\016\104\123\124\040\122\157\157\164\040\103\101\040\130\063\060
+\036\027\015\060\060\060\071\063\060\062\061\061\062\061\071\132
+\027\015\062\061\060\071\063\060\061\064\060\061\061\065\132\060
+\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147\151
+\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124\162
+\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004\003
+\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130\063
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\337\257\351\227\120\010\203\127\264\314\142\145\366\220\202
+\354\307\323\054\153\060\312\133\354\331\303\175\307\100\301\030
+\024\213\340\350\063\166\111\052\343\077\041\111\223\254\116\016
+\257\076\110\313\145\356\374\323\041\017\145\322\052\331\062\217
+\214\345\367\167\260\022\173\265\225\300\211\243\251\272\355\163
+\056\172\014\006\062\203\242\176\212\024\060\315\021\240\341\052
+\070\271\171\012\061\375\120\275\200\145\337\267\121\143\203\310
+\342\210\141\352\113\141\201\354\122\153\271\242\342\113\032\050
+\237\110\243\236\014\332\011\216\076\027\056\036\335\040\337\133
+\306\052\212\253\056\275\160\255\305\013\032\045\220\164\162\305
+\173\152\253\064\326\060\211\377\345\150\023\173\124\013\310\326
+\256\354\132\234\222\036\075\144\263\214\306\337\277\311\101\160
+\354\026\162\325\046\354\070\125\071\103\320\374\375\030\134\100
+\361\227\353\325\232\233\215\035\272\332\045\271\306\330\337\301
+\025\002\072\253\332\156\361\076\056\365\134\010\234\074\326\203
+\151\344\020\233\031\052\266\051\127\343\345\075\233\237\360\002
+\135\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
+\035\016\004\026\004\024\304\247\261\244\173\054\161\372\333\341
+\113\220\165\377\304\025\140\205\211\020\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\001\001\000\243\032
+\054\233\027\000\134\251\036\356\050\146\067\072\277\203\307\077
+\113\303\011\240\225\040\135\343\331\131\104\322\076\015\076\275
+\212\113\240\164\037\316\020\202\234\164\032\035\176\230\032\335
+\313\023\113\263\040\104\344\221\351\314\374\175\245\333\152\345
+\376\346\375\340\116\335\267\000\072\265\160\111\257\362\345\353
+\002\361\321\002\213\031\313\224\072\136\110\304\030\036\130\031
+\137\036\002\132\360\014\361\261\255\251\334\131\206\213\156\351
+\221\365\206\312\372\271\146\063\252\131\133\316\342\247\026\163
+\107\313\053\314\231\260\067\110\317\343\126\113\365\317\017\014
+\162\062\207\306\360\104\273\123\162\155\103\365\046\110\232\122
+\147\267\130\253\376\147\166\161\170\333\015\242\126\024\023\071
+\044\061\205\242\250\002\132\060\107\341\335\120\007\274\002\011
+\220\000\353\144\143\140\233\026\274\210\311\022\346\322\175\221
+\213\371\075\062\215\145\264\351\174\261\127\166\352\305\266\050
+\071\277\025\145\034\310\366\167\226\152\012\215\167\013\330\221
+\013\004\216\007\333\051\266\012\356\235\202\065\065\020
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "DST Root CA X3"
+# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
+# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Not Valid Before: Sat Sep 30 21:12:19 2000
+# Not Valid After : Thu Sep 30 14:01:15 2021
+# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
+# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DST Root CA X3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\332\311\002\117\124\330\366\337\224\223\137\261\163\046\070\312
+\152\327\174\023
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\101\003\122\334\017\367\120\033\026\360\002\216\272\157\105\305
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147
+\151\164\141\154\040\123\151\147\156\141\164\165\162\145\040\124
+\162\165\163\164\040\103\157\056\061\027\060\025\006\003\125\004
+\003\023\016\104\123\124\040\122\157\157\164\040\103\101\040\130
+\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\104\257\260\200\326\243\047\272\211\060\071\206\056\370
+\100\153
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DST ACES CA X6"
+#
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DST ACES CA X6"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
+\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
+\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
+\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
+\123\124\040\101\103\105\123\040\103\101\040\130\066
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
+\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
+\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
+\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
+\123\124\040\101\103\105\123\040\103\101\040\130\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\015\136\231\012\326\235\267\170\354\330\007\126\073\206
+\025\331
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\011\060\202\002\361\240\003\002\001\002\002\020\015
+\136\231\012\326\235\267\170\354\330\007\126\073\206\025\331\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\133
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\040\060
+\036\006\003\125\004\012\023\027\104\151\147\151\164\141\154\040
+\123\151\147\156\141\164\165\162\145\040\124\162\165\163\164\061
+\021\060\017\006\003\125\004\013\023\010\104\123\124\040\101\103
+\105\123\061\027\060\025\006\003\125\004\003\023\016\104\123\124
+\040\101\103\105\123\040\103\101\040\130\066\060\036\027\015\060
+\063\061\061\062\060\062\061\061\071\065\070\132\027\015\061\067
+\061\061\062\060\062\061\061\071\065\070\132\060\133\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\040\060\036\006\003
+\125\004\012\023\027\104\151\147\151\164\141\154\040\123\151\147
+\156\141\164\165\162\145\040\124\162\165\163\164\061\021\060\017
+\006\003\125\004\013\023\010\104\123\124\040\101\103\105\123\061
+\027\060\025\006\003\125\004\003\023\016\104\123\124\040\101\103
+\105\123\040\103\101\040\130\066\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\271\075\365\054\311\224\334
+\165\212\225\135\143\350\204\167\166\146\271\131\221\134\106\335
+\222\076\237\371\016\003\264\075\141\222\275\043\046\265\143\356
+\222\322\236\326\074\310\015\220\137\144\201\261\250\010\015\114
+\330\371\323\005\050\122\264\001\045\305\225\034\014\176\076\020
+\204\165\317\301\031\221\143\317\350\250\221\210\271\103\122\273
+\200\261\125\211\213\061\372\320\267\166\276\101\075\060\232\244
+\042\045\027\163\350\036\342\323\254\052\275\133\070\041\325\052
+\113\327\125\175\343\072\125\275\327\155\153\002\127\153\346\107
+\174\010\310\202\272\336\247\207\075\241\155\270\060\126\302\263
+\002\201\137\055\365\342\232\060\030\050\270\146\323\313\001\226
+\157\352\212\105\125\326\340\235\377\147\053\027\002\246\116\032
+\152\021\013\176\267\173\347\230\326\214\166\157\301\073\333\120
+\223\176\345\320\216\037\067\270\275\272\306\237\154\351\174\063
+\362\062\074\046\107\372\047\044\002\311\176\035\133\210\102\023
+\152\065\174\175\065\351\056\146\221\162\223\325\062\046\304\164
+\365\123\243\263\135\232\366\011\313\002\003\001\000\001\243\201
+\310\060\201\305\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\306\060\037\006\003\125\035\021\004\030\060\026
+\201\024\160\153\151\055\157\160\163\100\164\162\165\163\164\144
+\163\164\056\143\157\155\060\142\006\003\125\035\040\004\133\060
+\131\060\127\006\012\140\206\110\001\145\003\002\001\001\001\060
+\111\060\107\006\010\053\006\001\005\005\007\002\001\026\073\150
+\164\164\160\072\057\057\167\167\167\056\164\162\165\163\164\144
+\163\164\056\143\157\155\057\143\145\162\164\151\146\151\143\141
+\164\145\163\057\160\157\154\151\143\171\057\101\103\105\123\055
+\151\156\144\145\170\056\150\164\155\154\060\035\006\003\125\035
+\016\004\026\004\024\011\162\006\116\030\103\017\345\326\314\303
+\152\213\061\173\170\217\250\203\270\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\243\330\216
+\326\262\333\316\005\347\062\315\001\323\004\003\345\166\344\126
+\053\234\231\220\350\010\060\154\337\175\075\356\345\277\265\044
+\100\204\111\341\321\050\256\304\302\072\123\060\210\361\365\167
+\156\121\312\372\377\231\257\044\137\033\240\375\362\254\204\312
+\337\251\360\137\004\056\255\026\277\041\227\020\201\075\343\377
+\207\215\062\334\224\345\107\212\136\152\023\311\224\225\075\322
+\356\310\064\225\320\200\324\255\062\010\200\124\074\340\275\122
+\123\327\122\174\262\151\077\177\172\317\152\164\312\372\004\052
+\234\114\132\006\245\351\040\255\105\146\017\151\361\335\277\351
+\343\062\213\372\340\301\206\115\162\074\056\330\223\170\012\052
+\370\330\322\047\075\031\211\137\132\173\212\073\314\014\332\121
+\256\307\013\367\053\260\067\005\354\274\127\043\342\070\322\233
+\150\363\126\022\210\117\102\174\270\061\304\265\333\344\310\041
+\064\351\110\021\065\356\372\307\222\127\305\237\064\344\307\366
+\367\016\013\114\234\150\170\173\161\061\307\353\036\340\147\101
+\363\267\240\247\315\345\172\063\066\152\372\232\053
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "DST ACES CA X6"
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DST ACES CA X6"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\100\124\332\157\034\077\100\164\254\355\017\354\315\333\171\321
+\123\373\220\035
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\041\330\114\202\053\231\011\063\242\353\024\044\215\216\137\350
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\104\151\147\151\164\141
+\154\040\123\151\147\156\141\164\165\162\145\040\124\162\165\163
+\164\061\021\060\017\006\003\125\004\013\023\010\104\123\124\040
+\101\103\105\123\061\027\060\025\006\003\125\004\003\023\016\104
+\123\124\040\101\103\105\123\040\103\101\040\130\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\015\136\231\012\326\235\267\170\354\330\007\126\073\206
+\025\331
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "SwissSign Platinum CA - G2"
+#
+# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4e:b2:00:67:0c:03:5d:4f
+# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:36:00 2006
+# Not Valid After : Sat Oct 25 08:36:00 2036
+# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6
+# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SwissSign Platinum CA - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003\023
+\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164\151
+\156\165\155\040\103\101\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003\023
+\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164\151
+\156\165\155\040\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\116\262\000\147\014\003\135\117
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\301\060\202\003\251\240\003\002\001\002\002\010\116
+\262\000\147\014\003\135\117\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\060\111\061\013\060\011\006\003\125\004
+\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023\014
+\123\167\151\163\163\123\151\147\156\040\101\107\061\043\060\041
+\006\003\125\004\003\023\032\123\167\151\163\163\123\151\147\156
+\040\120\154\141\164\151\156\165\155\040\103\101\040\055\040\107
+\062\060\036\027\015\060\066\061\060\062\065\060\070\063\066\060
+\060\132\027\015\063\066\061\060\062\065\060\070\063\066\060\060
+\132\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110
+\061\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163
+\123\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003
+\023\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164
+\151\156\165\155\040\103\101\040\055\040\107\062\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\312\337\242
+\002\342\332\370\374\007\026\261\336\140\252\336\226\134\144\037
+\307\057\176\317\147\372\104\102\326\166\143\225\256\353\257\162
+\040\212\105\107\206\142\170\206\326\040\071\046\364\256\243\375
+\043\347\245\234\265\042\041\031\267\067\223\042\300\120\234\202
+\173\324\325\004\104\134\313\264\302\237\222\276\044\330\173\147
+\042\342\151\137\345\005\170\324\207\331\161\160\063\045\123\264
+\207\073\051\220\050\066\232\125\104\060\150\244\203\227\177\015
+\036\234\166\377\025\235\140\227\000\215\212\205\003\354\200\276
+\352\054\156\020\121\222\314\176\325\243\063\330\326\111\336\130
+\052\257\366\026\353\113\173\220\062\227\271\272\235\130\361\370
+\127\111\004\036\242\135\006\160\335\161\333\371\335\213\232\033
+\214\317\075\243\115\316\313\174\366\273\234\240\372\011\316\043
+\142\262\351\015\037\342\162\050\217\237\254\150\040\175\157\073
+\250\205\061\011\177\013\307\350\145\351\343\170\016\011\147\060
+\213\064\202\373\135\340\314\235\201\155\142\356\010\036\004\054
+\116\233\354\376\251\117\137\375\151\170\357\011\037\241\264\277
+\372\363\357\220\036\114\005\213\036\352\172\221\172\303\327\345
+\373\060\274\154\033\020\130\230\367\032\137\320\051\062\003\023
+\106\115\141\152\205\114\122\164\057\006\037\173\021\342\204\227
+\306\231\363\155\177\327\147\203\176\023\150\330\161\050\132\330
+\316\335\350\020\024\232\376\155\043\207\156\216\132\160\074\325
+\215\011\000\247\252\274\260\061\067\155\310\204\024\036\133\275
+\105\143\040\153\113\164\214\275\333\072\016\301\317\132\026\217
+\245\230\362\166\211\262\023\022\073\013\167\167\254\273\345\074
+\051\112\222\162\312\141\032\053\136\114\342\203\164\167\372\065
+\110\172\205\115\215\232\123\304\337\170\312\227\221\110\053\105
+\053\001\367\034\032\242\355\030\272\012\275\203\372\157\274\215
+\127\223\073\324\324\246\316\036\361\240\261\316\253\375\053\050
+\232\117\033\327\303\162\333\244\304\277\135\114\365\335\173\226
+\151\356\150\200\346\347\230\272\066\267\376\156\355\053\275\040
+\370\145\031\332\125\011\176\045\334\376\141\142\162\371\176\030
+\002\357\143\264\320\373\257\345\073\143\214\147\217\002\003\001
+\000\001\243\201\254\060\201\251\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016
+\004\026\004\024\120\257\314\007\207\025\107\157\070\305\264\145
+\321\336\225\252\351\337\234\314\060\037\006\003\125\035\043\004
+\030\060\026\200\024\120\257\314\007\207\025\107\157\070\305\264
+\145\321\336\225\252\351\337\234\314\060\106\006\003\125\035\040
+\004\077\060\075\060\073\006\011\140\205\164\001\131\001\001\001
+\001\060\056\060\054\006\010\053\006\001\005\005\007\002\001\026
+\040\150\164\164\160\072\057\057\162\145\160\157\163\151\164\157
+\162\171\056\163\167\151\163\163\163\151\147\156\056\143\157\155
+\057\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\003\202\002\001\000\010\205\246\365\026\014\374\104\032\301\143
+\340\371\125\106\010\374\160\034\102\050\226\216\267\305\301\101
+\165\116\011\161\171\345\155\226\312\113\245\210\140\320\060\164
+\270\312\010\334\264\060\236\100\007\026\153\145\225\167\001\256
+\244\267\065\013\201\332\161\025\251\164\027\070\173\130\312\371
+\057\373\300\145\166\215\133\001\271\175\336\202\075\144\270\276
+\024\164\243\012\124\323\054\225\030\027\065\365\121\153\077\217
+\242\226\141\071\170\153\113\345\246\240\370\123\337\121\020\223
+\142\347\200\057\342\321\340\274\216\066\106\167\063\354\270\373
+\216\232\054\211\115\061\021\017\046\236\004\273\267\004\215\013
+\362\271\374\132\235\073\026\267\057\310\230\253\376\212\120\131
+\056\243\073\374\051\135\213\301\113\311\342\212\023\035\261\277
+\273\102\035\122\335\116\330\024\136\020\306\061\007\357\161\047
+\367\033\071\011\334\202\352\213\263\225\206\136\375\365\332\135
+\061\246\340\061\266\224\346\104\111\164\305\026\345\367\037\003
+\141\050\305\310\313\022\240\102\113\371\153\210\010\215\264\062
+\030\363\165\237\304\177\000\117\005\225\234\243\027\002\303\263
+\123\233\252\040\071\051\053\146\372\235\257\136\263\222\322\265
+\246\341\032\371\055\101\151\201\024\264\264\265\355\211\075\316
+\373\251\235\065\102\104\261\034\024\163\201\317\052\001\065\232
+\061\325\055\217\155\204\337\200\115\127\343\077\305\204\165\332
+\211\306\060\273\353\217\313\042\010\240\256\252\361\003\154\072
+\113\115\011\245\016\162\306\126\153\041\102\116\043\045\024\150
+\256\166\012\174\014\007\160\144\371\232\057\366\005\071\046\306
+\014\217\031\177\103\136\156\364\133\025\057\333\141\135\346\147
+\057\077\010\224\371\140\264\230\061\332\164\361\204\223\161\115
+\137\373\140\130\321\373\304\301\155\211\242\273\040\037\235\161
+\221\313\062\233\023\075\076\175\222\122\065\254\222\224\242\323
+\030\302\174\307\352\257\166\005\026\335\147\047\302\176\034\007
+\042\041\363\100\012\033\064\007\104\023\302\204\152\216\337\031
+\132\277\177\353\035\342\032\070\321\134\257\107\222\153\200\265
+\060\245\311\215\330\253\061\201\037\337\302\146\067\323\223\251
+\205\206\171\145\322
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "SwissSign Platinum CA - G2"
+# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4e:b2:00:67:0c:03:5d:4f
+# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:36:00 2006
+# Not Valid After : Sat Oct 25 08:36:00 2036
+# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6
+# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SwissSign Platinum CA - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\126\340\372\300\073\217\030\043\125\030\345\323\021\312\350\302
+\103\061\253\146
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\311\230\047\167\050\036\075\016\025\074\204\000\270\205\003\346
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\043\060\041\006\003\125\004\003\023
+\032\123\167\151\163\163\123\151\147\156\040\120\154\141\164\151
+\156\165\155\040\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\116\262\000\147\014\003\135\117
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "SwissSign Gold CA - G2"
+#
+# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0
+# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:30:35 2006
+# Not Valid After : Sat Oct 25 08:30:35 2036
+# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
+# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SwissSign Gold CA - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\037\060\035\006\003\125\004\003\023
+\026\123\167\151\163\163\123\151\147\156\040\107\157\154\144\040
+\103\101\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\037\060\035\006\003\125\004\003\023
+\026\123\167\151\163\163\123\151\147\156\040\107\157\154\144\040
+\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\273\100\034\103\365\136\117\260
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\272\060\202\003\242\240\003\002\001\002\002\011\000
+\273\100\034\103\365\136\117\260\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\060\105\061\013\060\011\006\003\125
+\004\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023
+\014\123\167\151\163\163\123\151\147\156\040\101\107\061\037\060
+\035\006\003\125\004\003\023\026\123\167\151\163\163\123\151\147
+\156\040\107\157\154\144\040\103\101\040\055\040\107\062\060\036
+\027\015\060\066\061\060\062\065\060\070\063\060\063\065\132\027
+\015\063\066\061\060\062\065\060\070\063\060\063\065\132\060\105
+\061\013\060\011\006\003\125\004\006\023\002\103\110\061\025\060
+\023\006\003\125\004\012\023\014\123\167\151\163\163\123\151\147
+\156\040\101\107\061\037\060\035\006\003\125\004\003\023\026\123
+\167\151\163\163\123\151\147\156\040\107\157\154\144\040\103\101
+\040\055\040\107\062\060\202\002\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002
+\012\002\202\002\001\000\257\344\356\176\213\044\016\022\156\251
+\120\055\026\104\073\222\222\134\312\270\135\204\222\102\023\052
+\274\145\127\202\100\076\127\044\315\120\213\045\052\267\157\374
+\357\242\320\300\037\002\044\112\023\226\217\043\023\346\050\130
+\000\243\107\307\006\247\204\043\053\273\275\226\053\177\125\314
+\213\301\127\037\016\142\145\017\335\075\126\212\163\332\256\176
+\155\272\201\034\176\102\214\040\065\331\103\115\204\372\204\333
+\122\054\363\016\047\167\013\153\277\021\057\162\170\237\056\330
+\076\346\030\067\132\052\162\371\332\142\220\222\225\312\037\234
+\351\263\074\053\313\363\001\023\277\132\317\301\265\012\140\275
+\335\265\231\144\123\270\240\226\263\157\342\046\167\221\214\340
+\142\020\002\237\064\017\244\325\222\063\121\336\276\215\272\204
+\172\140\074\152\333\237\053\354\336\336\001\077\156\115\345\120
+\206\313\264\257\355\104\100\305\312\132\214\332\322\053\174\250
+\356\276\246\345\012\252\016\245\337\005\122\267\125\307\042\135
+\062\152\227\227\143\023\333\311\333\171\066\173\205\072\112\305
+\122\211\371\044\347\235\167\251\202\377\125\034\245\161\151\053
+\321\002\044\362\263\046\324\153\332\004\125\345\301\012\307\155
+\060\067\220\052\344\236\024\063\136\026\027\125\305\133\265\313
+\064\211\222\361\235\046\217\241\007\324\306\262\170\120\333\014
+\014\013\174\013\214\101\327\271\351\335\214\210\367\243\115\262
+\062\314\330\027\332\315\267\316\146\235\324\375\136\377\275\227
+\076\051\165\347\176\247\142\130\257\045\064\245\101\307\075\274
+\015\120\312\003\003\017\010\132\037\225\163\170\142\277\257\162
+\024\151\016\245\345\003\016\170\216\046\050\102\360\007\013\142
+\040\020\147\071\106\372\251\003\314\004\070\172\146\357\040\203
+\265\214\112\126\216\221\000\374\216\134\202\336\210\240\303\342
+\150\156\175\215\357\074\335\145\364\135\254\121\357\044\200\256
+\252\126\227\157\371\255\175\332\141\077\230\167\074\245\221\266
+\034\214\046\332\145\242\011\155\301\342\124\343\271\312\114\114
+\200\217\167\173\140\232\036\337\266\362\110\036\016\272\116\124
+\155\230\340\341\242\032\242\167\120\317\304\143\222\354\107\031
+\235\353\346\153\316\301\002\003\001\000\001\243\201\254\060\201
+\251\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\035\006\003\125\035\016\004\026\004\024\133\045\173
+\226\244\145\121\176\270\071\363\300\170\146\136\350\072\347\360
+\356\060\037\006\003\125\035\043\004\030\060\026\200\024\133\045
+\173\226\244\145\121\176\270\071\363\300\170\146\136\350\072\347
+\360\356\060\106\006\003\125\035\040\004\077\060\075\060\073\006
+\011\140\205\164\001\131\001\002\001\001\060\056\060\054\006\010
+\053\006\001\005\005\007\002\001\026\040\150\164\164\160\072\057
+\057\162\145\160\157\163\151\164\157\162\171\056\163\167\151\163
+\163\163\151\147\156\056\143\157\155\057\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\002\001\000\047\272
+\343\224\174\361\256\300\336\027\346\345\330\325\365\124\260\203
+\364\273\315\136\005\173\117\237\165\146\257\074\350\126\176\374
+\162\170\070\003\331\053\142\033\000\271\370\351\140\315\314\316
+\121\212\307\120\061\156\341\112\176\030\057\151\131\266\075\144
+\201\053\343\203\204\346\042\207\216\175\340\356\002\231\141\270
+\036\364\270\053\210\022\026\204\302\061\223\070\226\061\246\271
+\073\123\077\303\044\223\126\133\151\222\354\305\301\273\070\000
+\343\354\027\251\270\334\307\174\001\203\237\062\107\272\122\042
+\064\035\062\172\011\126\247\174\045\066\251\075\113\332\300\202
+\157\012\273\022\310\207\113\047\021\371\036\055\307\223\077\236
+\333\137\046\153\122\331\056\212\361\024\306\104\215\025\251\267
+\277\275\336\246\032\356\256\055\373\110\167\027\376\273\354\257
+\030\365\052\121\360\071\204\227\225\154\156\033\303\053\304\164
+\140\171\045\260\012\047\337\337\136\322\071\317\105\175\102\113
+\337\263\054\036\305\306\135\312\125\072\240\234\151\232\217\332
+\357\262\260\074\237\207\154\022\053\145\160\025\122\061\032\044
+\317\157\061\043\120\037\214\117\217\043\303\164\101\143\034\125
+\250\024\335\076\340\121\120\317\361\033\060\126\016\222\260\202
+\205\330\203\313\042\144\274\055\270\045\325\124\242\270\006\352
+\255\222\244\044\240\301\206\265\112\023\152\107\317\056\013\126
+\225\124\313\316\232\333\152\264\246\262\333\101\010\206\047\167
+\367\152\240\102\154\013\070\316\327\165\120\062\222\302\337\053
+\060\042\110\320\325\101\070\045\135\244\351\135\237\306\224\165
+\320\105\375\060\227\103\217\220\253\012\307\206\163\140\112\151
+\055\336\245\170\327\006\332\152\236\113\076\167\072\040\023\042
+\001\320\277\150\236\143\140\153\065\115\013\155\272\241\075\300
+\223\340\177\043\263\125\255\162\045\116\106\371\322\026\357\260
+\144\301\001\236\351\312\240\152\230\016\317\330\140\362\057\111
+\270\344\102\341\070\065\026\364\310\156\117\367\201\126\350\272
+\243\276\043\257\256\375\157\003\340\002\073\060\166\372\033\155
+\101\317\001\261\351\270\311\146\364\333\046\363\072\244\164\362
+\111\044\133\311\260\320\127\301\372\076\172\341\227\311
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "SwissSign Gold CA - G2"
+# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0
+# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:30:35 2006
+# Not Valid After : Sat Oct 25 08:30:35 2036
+# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
+# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SwissSign Gold CA - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\330\305\070\212\267\060\033\033\156\324\172\346\105\045\072\157
+\237\032\047\141
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\044\167\331\250\221\321\073\372\210\055\302\377\370\315\063\223
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\037\060\035\006\003\125\004\003\023
+\026\123\167\151\163\163\123\151\147\156\040\107\157\154\144\040
+\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\273\100\034\103\365\136\117\260
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "SwissSign Silver CA - G2"
+#
+# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
+# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:32:46 2006
+# Not Valid After : Sat Oct 25 08:32:46 2036
+# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13
+# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SwissSign Silver CA - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
+\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
+\162\040\103\101\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
+\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
+\162\040\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\117\033\324\057\124\273\057\113
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\275\060\202\003\245\240\003\002\001\002\002\010\117
+\033\324\057\124\273\057\113\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\060\107\061\013\060\011\006\003\125\004
+\006\023\002\103\110\061\025\060\023\006\003\125\004\012\023\014
+\123\167\151\163\163\123\151\147\156\040\101\107\061\041\060\037
+\006\003\125\004\003\023\030\123\167\151\163\163\123\151\147\156
+\040\123\151\154\166\145\162\040\103\101\040\055\040\107\062\060
+\036\027\015\060\066\061\060\062\065\060\070\063\062\064\066\132
+\027\015\063\066\061\060\062\065\060\070\063\062\064\066\132\060
+\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061\025
+\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123\151
+\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023\030
+\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145\162
+\040\103\101\040\055\040\107\062\060\202\002\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000
+\060\202\002\012\002\202\002\001\000\304\361\207\177\323\170\061
+\367\070\311\370\303\231\103\274\307\367\274\067\347\116\161\272
+\113\217\245\163\035\134\156\230\256\003\127\256\070\067\103\057
+\027\075\037\310\316\150\020\301\170\256\031\003\053\020\372\054
+\171\203\366\350\271\150\271\125\362\004\104\247\071\371\374\004
+\213\036\361\242\115\047\371\141\173\272\267\345\242\023\266\353
+\141\076\320\154\321\346\373\372\136\355\035\264\236\240\065\133
+\241\222\313\360\111\222\376\205\012\005\076\346\331\013\342\117
+\273\334\225\067\374\221\351\062\065\042\321\037\072\116\047\205
+\235\260\025\224\062\332\141\015\107\115\140\102\256\222\107\350
+\203\132\120\130\351\212\213\271\135\241\334\335\231\112\037\066
+\147\273\110\344\203\266\067\353\110\072\257\017\147\217\027\007
+\350\004\312\357\152\061\207\324\300\266\371\224\161\173\147\144
+\270\266\221\112\102\173\145\056\060\152\014\365\220\356\225\346
+\362\315\202\354\331\241\112\354\366\262\113\345\105\205\346\155
+\170\223\004\056\234\202\155\066\251\304\061\144\037\206\203\013
+\052\364\065\012\170\311\125\317\101\260\107\351\060\237\231\276
+\141\250\006\204\271\050\172\137\070\331\033\251\070\260\203\177
+\163\301\303\073\110\052\202\017\041\233\270\314\250\065\303\204
+\033\203\263\076\276\244\225\151\001\072\211\000\170\004\331\311
+\364\231\031\253\126\176\133\213\206\071\025\221\244\020\054\011
+\062\200\140\263\223\300\052\266\030\013\235\176\215\111\362\020
+\112\177\371\325\106\057\031\222\243\231\247\046\254\273\214\074
+\346\016\274\107\007\334\163\121\361\160\144\057\010\371\264\107
+\035\060\154\104\352\051\067\205\222\150\146\274\203\070\376\173
+\071\056\323\120\360\037\373\136\140\266\251\246\372\047\101\361
+\233\030\162\362\365\204\164\112\311\147\304\124\256\110\144\337
+\214\321\156\260\035\341\007\217\010\036\231\234\161\351\114\330
+\245\367\107\022\037\164\321\121\236\206\363\302\242\043\100\013
+\163\333\113\246\347\163\006\214\301\240\351\301\131\254\106\372
+\346\057\370\317\161\234\106\155\271\304\025\215\070\171\003\105
+\110\357\304\135\327\010\356\207\071\042\206\262\015\017\130\103
+\367\161\251\110\056\375\352\326\037\002\003\001\000\001\243\201
+\254\060\201\251\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024
+\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034\302
+\230\372\206\130\060\037\006\003\125\035\043\004\030\060\026\200
+\024\027\240\315\301\344\101\266\072\133\073\313\105\235\275\034
+\302\230\372\206\130\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\011\140\205\164\001\131\001\003\001\001\060\056\060
+\054\006\010\053\006\001\005\005\007\002\001\026\040\150\164\164
+\160\072\057\057\162\145\160\157\163\151\164\157\162\171\056\163
+\167\151\163\163\163\151\147\156\056\143\157\155\057\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001
+\000\163\306\201\340\047\322\055\017\340\225\060\342\232\101\177
+\120\054\137\137\142\141\251\206\152\151\030\014\164\111\326\135
+\204\352\101\122\030\157\130\255\120\126\040\152\306\275\050\151
+\130\221\334\221\021\065\251\072\035\274\032\245\140\236\330\037
+\177\105\221\151\331\176\273\170\162\301\006\017\052\316\217\205
+\160\141\254\240\315\013\270\071\051\126\204\062\116\206\273\075
+\304\052\331\327\037\162\356\376\121\241\042\101\261\161\002\143
+\032\202\260\142\253\136\127\022\037\337\313\335\165\240\300\135
+\171\220\214\033\340\120\346\336\061\376\230\173\160\137\245\220
+\330\255\370\002\266\157\323\140\335\100\113\042\305\075\255\072
+\172\237\032\032\107\221\171\063\272\202\334\062\151\003\226\156
+\037\113\360\161\376\343\147\162\240\261\277\134\213\344\372\231
+\042\307\204\271\033\215\043\227\077\355\045\340\317\145\273\365
+\141\004\357\335\036\262\132\101\042\132\241\237\135\054\350\133
+\311\155\251\014\014\170\252\140\306\126\217\001\132\014\150\274
+\151\031\171\304\037\176\227\005\277\305\351\044\121\136\324\325
+\113\123\355\331\043\132\066\003\145\243\301\003\255\101\060\363
+\106\033\205\220\257\145\265\325\261\344\026\133\170\165\035\227
+\172\155\131\251\052\217\173\336\303\207\211\020\231\111\163\170
+\310\075\275\121\065\164\052\325\361\176\151\033\052\273\073\275
+\045\270\232\132\075\162\141\220\146\207\356\014\326\115\324\021
+\164\013\152\376\013\003\374\243\125\127\211\376\112\313\256\133
+\027\005\310\362\215\043\061\123\070\322\055\152\077\202\271\215
+\010\152\367\136\101\164\156\303\021\176\007\254\051\140\221\077
+\070\312\127\020\015\275\060\057\307\245\346\101\240\332\256\005
+\207\232\240\244\145\154\114\011\014\211\272\270\323\271\300\223
+\212\060\372\215\345\232\153\025\001\116\147\252\332\142\126\076
+\204\010\146\322\304\066\175\247\076\020\374\210\340\324\200\345
+\000\275\252\363\116\006\243\172\152\371\142\162\343\011\117\353
+\233\016\001\043\361\237\273\174\334\334\154\021\227\045\262\362
+\264\143\024\322\006\052\147\214\203\365\316\352\007\330\232\152
+\036\354\344\012\273\052\114\353\011\140\071\316\312\142\330\056
+\156
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "SwissSign Silver CA - G2"
+# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
+# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:32:46 2006
+# Not Valid After : Sat Oct 25 08:32:46 2036
+# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13
+# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SwissSign Silver CA - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\233\252\345\237\126\356\041\313\103\132\276\045\223\337\247\360
+\100\321\035\313
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\340\006\241\311\175\317\311\374\015\300\126\165\226\330\142\023
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\025\060\023\006\003\125\004\012\023\014\123\167\151\163\163\123
+\151\147\156\040\101\107\061\041\060\037\006\003\125\004\003\023
+\030\123\167\151\163\163\123\151\147\156\040\123\151\154\166\145
+\162\040\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\117\033\324\057\124\273\057\113
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GeoTrust Primary Certification Authority"
+#
+# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
+# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 27 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF
+# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Primary Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003
+\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141
+\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003
+\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141
+\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372
+\304\241
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\174\060\202\002\144\240\003\002\001\002\002\020\030
+\254\265\152\375\151\266\025\072\143\154\257\332\372\304\241\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\130
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026\060
+\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163\164
+\040\111\156\143\056\061\061\060\057\006\003\125\004\003\023\050
+\107\145\157\124\162\165\163\164\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\060\036\027\015\060\066\061\061
+\062\067\060\060\060\060\060\060\132\027\015\063\066\060\067\061
+\066\062\063\065\071\065\071\132\060\130\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012
+\023\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061
+\061\060\057\006\003\125\004\003\023\050\107\145\157\124\162\165
+\163\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\276\270\025\173\377\324\174\175\147\255\203\144\173
+\310\102\123\055\337\366\204\010\040\141\326\001\131\152\234\104
+\021\257\357\166\375\225\176\316\141\060\273\172\203\137\002\275
+\001\146\312\356\025\215\157\241\060\234\275\241\205\236\224\072
+\363\126\210\000\061\317\330\356\152\226\002\331\355\003\214\373
+\165\155\347\352\270\125\026\005\026\232\364\340\136\261\210\300
+\144\205\134\025\115\210\307\267\272\340\165\351\255\005\075\235
+\307\211\110\340\273\050\310\003\341\060\223\144\136\122\300\131
+\160\042\065\127\210\212\361\225\012\203\327\274\061\163\001\064
+\355\357\106\161\340\153\002\250\065\162\153\227\233\146\340\313
+\034\171\137\330\032\004\150\036\107\002\346\235\140\342\066\227
+\001\337\316\065\222\337\276\147\307\155\167\131\073\217\235\326
+\220\025\224\274\102\064\020\301\071\371\261\047\076\176\326\212
+\165\305\262\257\226\323\242\336\233\344\230\276\175\341\351\201
+\255\266\157\374\327\016\332\340\064\260\015\032\167\347\343\010
+\230\357\130\372\234\204\267\066\257\302\337\254\322\364\020\006
+\160\161\065\002\003\001\000\001\243\102\060\100\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\054\325\120\101\227\025\213\360
+\217\066\141\133\112\373\153\331\231\311\063\222\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\132\160\177\054\335\267\064\117\365\206\121\251\046\276\113\270
+\252\361\161\015\334\141\307\240\352\064\036\172\167\017\004\065
+\350\047\217\154\220\277\221\026\044\106\076\112\116\316\053\026
+\325\013\122\035\374\037\147\242\002\105\061\117\316\363\372\003
+\247\171\235\123\152\331\332\143\072\370\200\327\323\231\341\245
+\341\276\324\125\161\230\065\072\276\223\352\256\255\102\262\220
+\157\340\374\041\115\065\143\063\211\111\326\233\116\312\307\347
+\116\011\000\367\332\307\357\231\142\231\167\266\225\042\136\212
+\240\253\364\270\170\230\312\070\031\231\311\162\236\170\315\113
+\254\257\031\240\163\022\055\374\302\101\272\201\221\332\026\132
+\061\267\371\264\161\200\022\110\231\162\163\132\131\123\301\143
+\122\063\355\247\311\322\071\002\160\372\340\261\102\146\051\252
+\233\121\355\060\124\042\024\137\331\253\035\301\344\224\360\370
+\365\053\367\352\312\170\106\326\270\221\375\246\015\053\032\024
+\001\076\200\360\102\240\225\007\136\155\315\314\113\244\105\215
+\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GeoTrust Primary Certification Authority"
+# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
+# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 27 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF
+# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Primary Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\062\074\021\216\033\367\270\266\122\124\342\342\020\015\326\002
+\220\067\360\226
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\002\046\303\001\136\010\060\067\103\251\320\175\317\067\346\277
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
+\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003
+\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141
+\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372
+\304\241
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "thawte Primary Root CA"
+#
+# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
+# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Fri Nov 17 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
+# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "thawte Primary Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
+\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
+\062\060\060\066\040\164\150\141\167\164\145\054\040\111\156\143
+\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
+\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035\006
+\003\125\004\003\023\026\164\150\141\167\164\145\040\120\162\151
+\155\141\162\171\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
+\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
+\062\060\060\066\040\164\150\141\167\164\145\054\040\111\156\143
+\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
+\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035\006
+\003\125\004\003\023\026\164\150\141\167\164\145\040\120\162\151
+\155\141\162\171\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\064\116\325\127\040\325\355\354\111\364\057\316\067\333
+\053\155
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\040\060\202\003\010\240\003\002\001\002\002\020\064
+\116\325\127\040\325\355\354\111\364\057\316\067\333\053\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\251\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025
+\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054
+\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145
+\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061
+\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060
+\060\066\040\164\150\141\167\164\145\054\040\111\156\143\056\040
+\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144
+\040\165\163\145\040\157\156\154\171\061\037\060\035\006\003\125
+\004\003\023\026\164\150\141\167\164\145\040\120\162\151\155\141
+\162\171\040\122\157\157\164\040\103\101\060\036\027\015\060\066
+\061\061\061\067\060\060\060\060\060\060\132\027\015\063\066\060
+\067\061\066\062\063\065\071\065\071\132\060\201\251\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006\003
+\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156\143
+\056\061\050\060\046\006\003\125\004\013\023\037\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143
+\145\163\040\104\151\166\151\163\151\157\156\061\070\060\066\006
+\003\125\004\013\023\057\050\143\051\040\062\060\060\066\040\164
+\150\141\167\164\145\054\040\111\156\143\056\040\055\040\106\157
+\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145
+\040\157\156\154\171\061\037\060\035\006\003\125\004\003\023\026
+\164\150\141\167\164\145\040\120\162\151\155\141\162\171\040\122
+\157\157\164\040\103\101\060\202\001\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202
+\001\012\002\202\001\001\000\254\240\360\373\200\131\324\234\307
+\244\317\235\241\131\163\011\020\105\014\015\054\156\150\361\154
+\133\110\150\111\131\067\374\013\063\031\302\167\177\314\020\055
+\225\064\034\346\353\115\011\247\034\322\270\311\227\066\002\267
+\211\324\044\137\006\300\314\104\224\224\215\002\142\157\353\132
+\335\021\215\050\232\134\204\220\020\172\015\275\164\146\057\152
+\070\240\342\325\124\104\353\035\007\237\007\272\157\356\351\375
+\116\013\051\365\076\204\240\001\361\234\253\370\034\176\211\244
+\350\241\330\161\145\015\243\121\173\356\274\322\042\140\015\271
+\133\235\337\272\374\121\133\013\257\230\262\351\056\351\004\350
+\142\207\336\053\310\327\116\301\114\144\036\335\317\207\130\272
+\112\117\312\150\007\035\034\235\112\306\325\057\221\314\174\161
+\162\034\305\300\147\353\062\375\311\222\134\224\332\205\300\233
+\277\123\175\053\011\364\214\235\221\037\227\152\122\313\336\011
+\066\244\167\330\173\207\120\104\325\076\156\051\151\373\071\111
+\046\036\011\245\200\173\100\055\353\350\047\205\311\376\141\375
+\176\346\174\227\035\325\235\002\003\001\000\001\243\102\060\100
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\035\006\003\125\035\016\004\026\004\024\173\133\105\317
+\257\316\313\172\375\061\222\032\152\266\363\106\353\127\110\120
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\171\021\300\113\263\221\266\374\360\351\147\324
+\015\156\105\276\125\350\223\322\316\003\077\355\332\045\260\035
+\127\313\036\072\166\240\114\354\120\166\350\144\162\014\244\251
+\361\270\213\326\326\207\204\273\062\345\101\021\300\167\331\263
+\140\235\353\033\325\321\156\104\104\251\246\001\354\125\142\035
+\167\270\134\216\110\111\174\234\073\127\021\254\255\163\067\216
+\057\170\134\220\150\107\331\140\140\346\374\007\075\042\040\027
+\304\367\026\351\304\330\162\371\310\163\174\337\026\057\025\251
+\076\375\152\047\266\241\353\132\272\230\037\325\343\115\144\012
+\235\023\310\141\272\365\071\034\207\272\270\275\173\042\177\366
+\376\254\100\171\345\254\020\157\075\217\033\171\166\213\304\067
+\263\041\030\204\345\066\000\353\143\040\231\271\351\376\063\004
+\273\101\310\301\002\371\104\143\040\236\201\316\102\323\326\077
+\054\166\323\143\234\131\335\217\246\341\016\240\056\101\367\056
+\225\107\317\274\375\063\363\366\013\141\176\176\221\053\201\107
+\302\047\060\356\247\020\135\067\217\134\071\053\344\004\360\173
+\215\126\214\150
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "thawte Primary Root CA"
+# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
+# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Fri Nov 17 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
+# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "thawte Primary Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\221\306\326\356\076\212\310\143\204\345\110\302\231\051\134\165
+\154\201\173\201
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\214\312\334\013\042\316\365\276\162\254\101\032\021\250\330\022
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
+\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
+\062\060\060\066\040\164\150\141\167\164\145\054\040\111\156\143
+\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
+\145\144\040\165\163\145\040\157\156\154\171\061\037\060\035\006
+\003\125\004\003\023\026\164\150\141\167\164\145\040\120\162\151
+\155\141\162\171\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\064\116\325\127\040\325\355\354\111\364\057\316\067\333
+\053\155
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
+#
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Nov 08 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C
+# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\065
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\030\332\321\236\046\175\350\273\112\041\130\315\314\153
+\073\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\323\060\202\003\273\240\003\002\001\002\002\020\030
+\332\321\236\046\175\350\273\112\041\130\315\314\153\073\112\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\312\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027
+\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147
+\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013
+\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164
+\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004
+\013\023\061\050\143\051\040\062\060\060\066\040\126\145\162\151
+\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162
+\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040
+\157\156\154\171\061\105\060\103\006\003\125\004\003\023\074\126
+\145\162\151\123\151\147\156\040\103\154\141\163\163\040\063\040
+\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\065\060\036\027\015\060
+\066\061\061\060\070\060\060\060\060\060\060\132\027\015\063\066
+\060\067\061\066\062\063\065\071\065\071\132\060\201\312\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006
+\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040
+\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126
+\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145
+\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061
+\050\143\051\040\062\060\060\066\040\126\145\162\151\123\151\147
+\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
+\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
+\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151
+\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142
+\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\040\055\040\107\065\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\257\044\010\010\051\172\065
+\236\140\014\252\347\113\073\116\334\174\274\074\105\034\273\053
+\340\376\051\002\371\127\010\243\144\205\025\047\365\361\255\310
+\061\211\135\042\350\052\252\246\102\263\217\370\271\125\267\261
+\267\113\263\376\217\176\007\127\354\357\103\333\146\142\025\141
+\317\140\015\244\330\336\370\340\303\142\010\075\124\023\353\111
+\312\131\124\205\046\345\053\217\033\237\353\365\241\221\302\063
+\111\330\103\143\152\122\113\322\217\350\160\121\115\321\211\151
+\173\307\160\366\263\334\022\164\333\173\135\113\126\323\226\277
+\025\167\241\260\364\242\045\362\257\034\222\147\030\345\364\006
+\004\357\220\271\344\000\344\335\072\265\031\377\002\272\364\074
+\356\340\213\353\067\213\354\364\327\254\362\366\360\075\257\335
+\165\221\063\031\035\034\100\313\164\044\031\041\223\331\024\376
+\254\052\122\307\217\325\004\111\344\215\143\107\210\074\151\203
+\313\376\107\275\053\176\117\305\225\256\016\235\324\321\103\300
+\147\163\343\024\010\176\345\077\237\163\270\063\012\317\135\077
+\064\207\226\212\356\123\350\045\025\002\003\001\000\001\243\201
+\262\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001
+\014\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026
+\011\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007
+\006\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215
+\216\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026
+\043\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162
+\151\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157
+\056\147\151\146\060\035\006\003\125\035\016\004\026\004\024\177
+\323\145\247\302\335\354\273\360\060\011\363\103\071\372\002\257
+\063\061\063\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\223\044\112\060\137\142\317\330\032
+\230\057\075\352\334\231\055\275\167\366\245\171\042\070\354\304
+\247\240\170\022\255\142\016\105\160\144\305\347\227\146\055\230
+\011\176\137\257\326\314\050\145\362\001\252\010\032\107\336\371
+\371\174\222\132\010\151\040\015\331\076\155\156\074\015\156\330
+\346\006\221\100\030\271\370\301\355\337\333\101\252\340\226\040
+\311\315\144\025\070\201\311\224\356\242\204\051\013\023\157\216
+\333\014\335\045\002\333\244\213\031\104\322\101\172\005\151\112
+\130\117\140\312\176\202\152\013\002\252\045\027\071\265\333\177
+\347\204\145\052\225\212\275\206\336\136\201\026\203\055\020\314
+\336\375\250\202\052\155\050\037\015\013\304\345\347\032\046\031
+\341\364\021\157\020\265\225\374\347\102\005\062\333\316\235\121
+\136\050\266\236\205\323\133\357\245\175\105\100\162\216\267\016
+\153\016\006\373\063\065\110\161\270\235\047\213\304\145\137\015
+\206\166\234\104\172\366\225\134\366\135\062\010\063\244\124\266
+\030\077\150\134\362\102\112\205\070\124\203\137\321\350\054\362
+\254\021\326\250\355\143\152
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Nov 08 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C
+# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\116\266\325\170\111\233\034\317\137\130\036\255\126\276\075\233
+\147\104\245\345
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\313\027\344\061\147\076\342\011\376\105\127\223\363\012\372\034
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\030\332\321\236\046\175\350\273\112\041\130\315\314\153
+\073\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "SecureTrust CA"
+#
+# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0
+# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:31:18 2006
+# Not Valid After : Mon Dec 31 19:40:55 2029
+# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1
+# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SecureTrust CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145
+\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157
+\156\061\027\060\025\006\003\125\004\003\023\016\123\145\143\165
+\162\145\124\162\165\163\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145
+\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157
+\156\061\027\060\025\006\003\125\004\003\023\016\123\145\143\165
+\162\145\124\162\165\163\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\360\216\134\010\026\245\255\102\177\360\353\047\030
+\131\320
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\270\060\202\002\240\240\003\002\001\002\002\020\014
+\360\216\134\010\026\245\255\102\177\360\353\047\030\131\320\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\110
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\040\060
+\036\006\003\125\004\012\023\027\123\145\143\165\162\145\124\162
+\165\163\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\027\060\025\006\003\125\004\003\023\016\123\145\143\165\162\145
+\124\162\165\163\164\040\103\101\060\036\027\015\060\066\061\061
+\060\067\061\071\063\061\061\070\132\027\015\062\071\061\062\063
+\061\061\071\064\060\065\065\132\060\110\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\040\060\036\006\003\125\004\012
+\023\027\123\145\143\165\162\145\124\162\165\163\164\040\103\157
+\162\160\157\162\141\164\151\157\156\061\027\060\025\006\003\125
+\004\003\023\016\123\145\143\165\162\145\124\162\165\163\164\040
+\103\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\253\244\201\345\225\315\365\366\024\216\302\117\312
+\324\342\170\225\130\234\101\341\015\231\100\044\027\071\221\063
+\146\351\276\341\203\257\142\134\211\321\374\044\133\141\263\340
+\021\021\101\034\035\156\360\270\273\370\336\247\201\272\246\110
+\306\237\035\275\276\216\251\101\076\270\224\355\051\032\324\216
+\322\003\035\003\357\155\015\147\034\127\327\006\255\312\310\365
+\376\016\257\146\045\110\004\226\013\135\243\272\026\303\010\117
+\321\106\370\024\134\362\310\136\001\231\155\375\210\314\206\250
+\301\157\061\102\154\122\076\150\313\363\031\064\337\273\207\030
+\126\200\046\304\320\334\300\157\337\336\240\302\221\026\240\144
+\021\113\104\274\036\366\347\372\143\336\146\254\166\244\161\243
+\354\066\224\150\172\167\244\261\347\016\057\201\172\342\265\162
+\206\357\242\153\213\360\017\333\323\131\077\272\162\274\104\044
+\234\343\163\263\367\257\127\057\102\046\235\251\164\272\000\122
+\362\113\315\123\174\107\013\066\205\016\146\251\010\227\026\064
+\127\301\146\367\200\343\355\160\124\307\223\340\056\050\025\131
+\207\272\273\002\003\001\000\001\243\201\235\060\201\232\060\023
+\006\011\053\006\001\004\001\202\067\024\002\004\006\036\004\000
+\103\000\101\060\013\006\003\125\035\017\004\004\003\002\001\206
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\035\006\003\125\035\016\004\026\004\024\102\062\266\026
+\372\004\375\376\135\113\172\303\375\367\114\100\035\132\103\257
+\060\064\006\003\125\035\037\004\055\060\053\060\051\240\047\240
+\045\206\043\150\164\164\160\072\057\057\143\162\154\056\163\145
+\143\165\162\145\164\162\165\163\164\056\143\157\155\057\123\124
+\103\101\056\143\162\154\060\020\006\011\053\006\001\004\001\202
+\067\025\001\004\003\002\001\000\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\060\355\117\112
+\341\130\072\122\162\133\265\246\243\145\030\246\273\121\073\167
+\351\235\352\323\237\134\340\105\145\173\015\312\133\342\160\120
+\262\224\005\024\256\111\307\215\101\007\022\163\224\176\014\043
+\041\375\274\020\177\140\020\132\162\365\230\016\254\354\271\177
+\335\172\157\135\323\034\364\377\210\005\151\102\251\005\161\310
+\267\254\046\350\056\264\214\152\377\161\334\270\261\337\231\274
+\174\041\124\053\344\130\242\273\127\051\256\236\251\243\031\046
+\017\231\056\010\260\357\375\151\317\231\032\011\215\343\247\237
+\053\311\066\064\173\044\263\170\114\225\027\244\006\046\036\266
+\144\122\066\137\140\147\331\234\305\005\164\013\347\147\043\322
+\010\374\210\351\256\213\177\341\060\364\067\176\375\306\062\332
+\055\236\104\060\060\154\356\007\336\322\064\374\322\377\100\366
+\113\364\146\106\006\124\246\362\062\012\143\046\060\153\233\321
+\334\213\107\272\341\271\325\142\320\242\240\364\147\005\170\051
+\143\032\157\004\326\370\306\114\243\232\261\067\264\215\345\050
+\113\035\236\054\302\270\150\274\355\002\356\061
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "SecureTrust CA"
+# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0
+# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:31:18 2006
+# Not Valid After : Mon Dec 31 19:40:55 2029
+# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1
+# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SecureTrust CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\207\202\306\303\004\065\073\317\322\226\222\322\131\076\175\104
+\331\064\377\021
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\334\062\303\247\155\045\127\307\150\011\235\352\055\251\242\321
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145
+\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157
+\156\061\027\060\025\006\003\125\004\003\023\016\123\145\143\165
+\162\145\124\162\165\163\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\014\360\216\134\010\026\245\255\102\177\360\353\047\030
+\131\320
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Secure Global CA"
+#
+# Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Serial Number:07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5
+# Subject: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:42:28 2006
+# Not Valid After : Mon Dec 31 19:52:06 2029
+# Fingerprint (MD5): CF:F4:27:0D:D4:ED:DC:65:16:49:6D:3D:DA:BF:6E:DE
+# Fingerprint (SHA1): 3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Secure Global CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145
+\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157
+\156\061\031\060\027\006\003\125\004\003\023\020\123\145\143\165
+\162\145\040\107\154\157\142\141\154\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145
+\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157
+\156\061\031\060\027\006\003\125\004\003\023\020\123\145\143\165
+\162\145\040\107\154\157\142\141\154\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\007\126\042\244\350\324\212\211\115\364\023\310\360\370
+\352\245
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\274\060\202\002\244\240\003\002\001\002\002\020\007
+\126\042\244\350\324\212\211\115\364\023\310\360\370\352\245\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\112
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\040\060
+\036\006\003\125\004\012\023\027\123\145\143\165\162\145\124\162
+\165\163\164\040\103\157\162\160\157\162\141\164\151\157\156\061
+\031\060\027\006\003\125\004\003\023\020\123\145\143\165\162\145
+\040\107\154\157\142\141\154\040\103\101\060\036\027\015\060\066
+\061\061\060\067\061\071\064\062\062\070\132\027\015\062\071\061
+\062\063\061\061\071\065\062\060\066\132\060\112\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\040\060\036\006\003\125
+\004\012\023\027\123\145\143\165\162\145\124\162\165\163\164\040
+\103\157\162\160\157\162\141\164\151\157\156\061\031\060\027\006
+\003\125\004\003\023\020\123\145\143\165\162\145\040\107\154\157
+\142\141\154\040\103\101\060\202\001\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202
+\001\012\002\202\001\001\000\257\065\056\330\254\154\125\151\006
+\161\345\023\150\044\263\117\330\314\041\107\370\361\140\070\211
+\211\003\351\275\352\136\106\123\011\334\134\365\132\350\367\105
+\052\002\353\061\141\327\051\063\114\316\307\174\012\067\176\017
+\272\062\230\341\035\227\257\217\307\334\311\070\226\363\333\032
+\374\121\355\150\306\320\156\244\174\044\321\256\102\310\226\120
+\143\056\340\376\165\376\230\247\137\111\056\225\343\071\063\144
+\216\036\244\137\220\322\147\074\262\331\376\101\271\125\247\011
+\216\162\005\036\213\335\104\205\202\102\320\111\300\035\140\360
+\321\027\054\225\353\366\245\301\222\243\305\302\247\010\140\015
+\140\004\020\226\171\236\026\064\346\251\266\372\045\105\071\310
+\036\145\371\223\365\252\361\122\334\231\230\075\245\206\032\014
+\065\063\372\113\245\004\006\025\034\061\200\357\252\030\153\302
+\173\327\332\316\371\063\040\325\365\275\152\063\055\201\004\373
+\260\134\324\234\243\342\134\035\343\251\102\165\136\173\324\167
+\357\071\124\272\311\012\030\033\022\231\111\057\210\113\375\120
+\142\321\163\347\217\172\103\002\003\001\000\001\243\201\235\060
+\201\232\060\023\006\011\053\006\001\004\001\202\067\024\002\004
+\006\036\004\000\103\000\101\060\013\006\003\125\035\017\004\004
+\003\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024
+\257\104\004\302\101\176\110\203\333\116\071\002\354\354\204\172
+\346\316\311\244\060\064\006\003\125\035\037\004\055\060\053\060
+\051\240\047\240\045\206\043\150\164\164\160\072\057\057\143\162
+\154\056\163\145\143\165\162\145\164\162\165\163\164\056\143\157
+\155\057\123\107\103\101\056\143\162\154\060\020\006\011\053\006
+\001\004\001\202\067\025\001\004\003\002\001\000\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\143\032\010\100\175\244\136\123\015\167\330\172\256\037\015\013
+\121\026\003\357\030\174\310\343\257\152\130\223\024\140\221\262
+\204\334\210\116\276\071\212\072\363\346\202\211\135\001\067\263
+\253\044\244\025\016\222\065\132\112\104\136\116\127\372\165\316
+\037\110\316\146\364\074\100\046\222\230\154\033\356\044\106\014
+\027\263\122\245\333\245\221\221\317\067\323\157\347\047\010\072
+\116\031\037\072\247\130\134\027\317\171\077\213\344\247\323\046
+\043\235\046\017\130\151\374\107\176\262\320\215\213\223\277\051
+\117\103\151\164\166\147\113\317\007\214\346\002\367\265\341\264
+\103\265\113\055\024\237\371\334\046\015\277\246\107\164\006\330
+\210\321\072\051\060\204\316\322\071\200\142\033\250\307\127\111
+\274\152\125\121\147\025\112\276\065\007\344\325\165\230\067\171
+\060\024\333\051\235\154\305\151\314\107\125\242\060\367\314\134
+\177\302\303\230\034\153\116\026\200\353\172\170\145\105\242\000
+\032\257\014\015\125\144\064\110\270\222\271\361\264\120\051\362
+\117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Secure Global CA"
+# Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Serial Number:07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5
+# Subject: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:42:28 2006
+# Not Valid After : Mon Dec 31 19:52:06 2029
+# Fingerprint (MD5): CF:F4:27:0D:D4:ED:DC:65:16:49:6D:3D:DA:BF:6E:DE
+# Fingerprint (SHA1): 3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Secure Global CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\072\104\163\132\345\201\220\037\044\206\141\106\036\073\234\304
+\137\365\072\033
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\317\364\047\015\324\355\334\145\026\111\155\075\332\277\156\336
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\023\027\123\145\143\165\162\145
+\124\162\165\163\164\040\103\157\162\160\157\162\141\164\151\157
+\156\061\031\060\027\006\003\125\004\003\023\020\123\145\143\165
+\162\145\040\107\154\157\142\141\154\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\007\126\042\244\350\324\212\211\115\364\023\310\360\370
+\352\245
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "COMODO Certification Authority"
+#
+# Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d
+# Subject: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): 5C:48:DC:F7:42:72:EC:56:94:6D:1C:CC:71:35:80:75
+# Fingerprint (SHA1): 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\201\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\047\060\045\006
+\003\125\004\003\023\036\103\117\115\117\104\117\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\201\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\047\060\045\006
+\003\125\004\003\023\036\103\117\115\117\104\117\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\116\201\055\212\202\145\340\013\002\356\076\065\002\106
+\345\075
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\035\060\202\003\005\240\003\002\001\002\002\020\116
+\201\055\212\202\145\340\013\002\356\076\065\002\106\345\075\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\201\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033
+\060\031\006\003\125\004\010\023\022\107\162\145\141\164\145\162
+\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006
+\003\125\004\007\023\007\123\141\154\146\157\162\144\061\032\060
+\030\006\003\125\004\012\023\021\103\117\115\117\104\117\040\103
+\101\040\114\151\155\151\164\145\144\061\047\060\045\006\003\125
+\004\003\023\036\103\117\115\117\104\117\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\060\036\027\015\060\066\061\062\060\061\060\060\060\060
+\060\060\132\027\015\062\071\061\062\063\061\062\063\065\071\065
+\071\132\060\201\201\061\013\060\011\006\003\125\004\006\023\002
+\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162\145
+\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162\061
+\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157\162
+\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115\117
+\104\117\040\103\101\040\114\151\155\151\164\145\144\061\047\060
+\045\006\003\125\004\003\023\036\103\117\115\117\104\117\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\060\202\001\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202
+\001\012\002\202\001\001\000\320\100\213\213\162\343\221\033\367
+\121\301\033\124\004\230\323\251\277\301\346\212\135\073\207\373
+\273\210\316\015\343\057\077\006\226\360\242\051\120\231\256\333
+\073\241\127\260\164\121\161\315\355\102\221\115\101\376\251\310
+\330\152\206\167\104\273\131\146\227\120\136\264\324\054\160\104
+\317\332\067\225\102\151\074\060\304\161\263\122\360\041\115\241
+\330\272\071\174\034\236\243\044\235\362\203\026\230\252\026\174
+\103\233\025\133\267\256\064\221\376\324\142\046\030\106\232\077
+\353\301\371\361\220\127\353\254\172\015\213\333\162\060\152\146
+\325\340\106\243\160\334\150\331\377\004\110\211\167\336\265\351
+\373\147\155\101\351\274\071\275\062\331\142\002\361\261\250\075
+\156\067\234\342\057\342\323\242\046\213\306\270\125\103\210\341
+\043\076\245\322\044\071\152\107\253\000\324\241\263\251\045\376
+\015\077\247\035\272\323\121\301\013\244\332\254\070\357\125\120
+\044\005\145\106\223\064\117\055\215\255\306\324\041\031\322\216
+\312\005\141\161\007\163\107\345\212\031\022\275\004\115\316\116
+\234\245\110\254\273\046\367\002\003\001\000\001\243\201\216\060
+\201\213\060\035\006\003\125\035\016\004\026\004\024\013\130\345
+\213\306\114\025\067\244\100\251\060\251\041\276\107\066\132\126
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\111\006\003\125\035\037\004\102\060\100\060\076\240
+\074\240\072\206\070\150\164\164\160\072\057\057\143\162\154\056
+\143\157\155\157\144\157\143\141\056\143\157\155\057\103\117\115
+\117\104\117\103\145\162\164\151\146\151\143\141\164\151\157\156
+\101\165\164\150\157\162\151\164\171\056\143\162\154\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\076\230\236\233\366\033\351\327\071\267\170\256\035\162\030
+\111\323\207\344\103\202\353\077\311\252\365\250\265\357\125\174
+\041\122\145\371\325\015\341\154\364\076\214\223\163\221\056\002
+\304\116\007\161\157\300\217\070\141\010\250\036\201\012\300\057
+\040\057\101\213\221\334\110\105\274\361\306\336\272\166\153\063
+\310\000\055\061\106\114\355\347\235\317\210\224\377\063\300\126
+\350\044\206\046\270\330\070\070\337\052\153\335\022\314\307\077
+\107\027\114\242\302\006\226\011\326\333\376\077\074\106\101\337
+\130\342\126\017\074\073\301\034\223\065\331\070\122\254\356\310
+\354\056\060\116\224\065\264\044\037\113\170\151\332\362\002\070
+\314\225\122\223\360\160\045\131\234\040\147\304\356\371\213\127
+\141\364\222\166\175\077\204\215\125\267\350\345\254\325\361\365
+\031\126\246\132\373\220\034\257\223\353\345\034\324\147\227\135
+\004\016\276\013\203\246\027\203\271\060\022\240\305\063\025\005
+\271\015\373\307\005\166\343\330\112\215\374\064\027\243\306\041
+\050\276\060\105\061\036\307\170\276\130\141\070\254\073\342\001
+\145
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "COMODO Certification Authority"
+# Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d
+# Subject: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): 5C:48:DC:F7:42:72:EC:56:94:6D:1C:CC:71:35:80:75
+# Fingerprint (SHA1): 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\146\061\277\236\367\117\236\266\311\325\246\014\272\152\276\321
+\367\275\357\173
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\134\110\334\367\102\162\354\126\224\155\034\314\161\065\200\165
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\201\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\047\060\045\006
+\003\125\004\003\023\036\103\117\115\117\104\117\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\116\201\055\212\202\145\340\013\002\356\076\065\002\106
+\345\075
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Network Solutions Certificate Authority"
+#
+# Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Serial Number:57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0
+# Subject: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): D3:F3:A6:16:C0:FA:6B:1D:59:B1:2D:96:4D:0E:11:2E
+# Fingerprint (SHA1): 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Network Solutions Certificate Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
+\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
+\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
+\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
+\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
+\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
+\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061
+\150\340
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\346\060\202\002\316\240\003\002\001\002\002\020\127
+\313\063\157\302\134\026\346\107\026\027\343\220\061\150\340\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\142
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\041\060
+\037\006\003\125\004\012\023\030\116\145\164\167\157\162\153\040
+\123\157\154\165\164\151\157\156\163\040\114\056\114\056\103\056
+\061\060\060\056\006\003\125\004\003\023\047\116\145\164\167\157
+\162\153\040\123\157\154\165\164\151\157\156\163\040\103\145\162
+\164\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151
+\164\171\060\036\027\015\060\066\061\062\060\061\060\060\060\060
+\060\060\132\027\015\062\071\061\062\063\061\062\063\065\071\065
+\071\132\060\142\061\013\060\011\006\003\125\004\006\023\002\125
+\123\061\041\060\037\006\003\125\004\012\023\030\116\145\164\167
+\157\162\153\040\123\157\154\165\164\151\157\156\163\040\114\056
+\114\056\103\056\061\060\060\056\006\003\125\004\003\023\047\116
+\145\164\167\157\162\153\040\123\157\154\165\164\151\157\156\163
+\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+\150\157\162\151\164\171\060\202\001\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202
+\001\012\002\202\001\001\000\344\274\176\222\060\155\306\330\216
+\053\013\274\106\316\340\047\226\336\336\371\372\022\323\074\063
+\163\263\004\057\274\161\214\345\237\266\042\140\076\137\135\316
+\011\377\202\014\033\232\121\120\032\046\211\335\325\141\135\031
+\334\022\017\055\012\242\103\135\027\320\064\222\040\352\163\317
+\070\054\006\046\011\172\162\367\372\120\062\370\302\223\323\151
+\242\043\316\101\261\314\344\325\037\066\321\212\072\370\214\143
+\342\024\131\151\355\015\323\177\153\350\270\003\345\117\152\345
+\230\143\151\110\005\276\056\377\063\266\351\227\131\151\370\147
+\031\256\223\141\226\104\025\323\162\260\077\274\152\175\354\110
+\177\215\303\253\252\161\053\123\151\101\123\064\265\260\271\305
+\006\012\304\260\105\365\101\135\156\211\105\173\075\073\046\214
+\164\302\345\322\321\175\262\021\324\373\130\062\042\232\200\311
+\334\375\014\351\177\136\003\227\316\073\000\024\207\047\160\070
+\251\216\156\263\047\166\230\121\340\005\343\041\253\032\325\205
+\042\074\051\265\232\026\305\200\250\364\273\153\060\217\057\106
+\002\242\261\014\042\340\323\002\003\001\000\001\243\201\227\060
+\201\224\060\035\006\003\125\035\016\004\026\004\024\041\060\311
+\373\000\327\116\230\332\207\252\052\320\247\056\261\100\061\247
+\114\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\122\006\003\125\035\037\004\113\060\111\060\107\240
+\105\240\103\206\101\150\164\164\160\072\057\057\143\162\154\056
+\156\145\164\163\157\154\163\163\154\056\143\157\155\057\116\145
+\164\167\157\162\153\123\157\154\165\164\151\157\156\163\103\145
+\162\164\151\146\151\143\141\164\145\101\165\164\150\157\162\151
+\164\171\056\143\162\154\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\001\001\000\273\256\113\347\267\127
+\353\177\252\055\267\163\107\205\152\301\344\245\035\344\347\074
+\351\364\131\145\167\265\172\133\132\215\045\066\340\172\227\056
+\070\300\127\140\203\230\006\203\237\271\166\172\156\120\340\272
+\210\054\374\105\314\030\260\231\225\121\016\354\035\270\210\377
+\207\120\034\202\302\343\340\062\200\277\240\013\107\310\303\061
+\357\231\147\062\200\117\027\041\171\014\151\134\336\136\064\256
+\002\265\046\352\120\337\177\030\145\054\311\362\143\341\251\007
+\376\174\161\037\153\063\044\152\036\005\367\005\150\300\152\022
+\313\056\136\141\313\256\050\323\176\302\264\146\221\046\137\074
+\056\044\137\313\130\017\353\050\354\257\021\226\363\334\173\157
+\300\247\210\362\123\167\263\140\136\256\256\050\332\065\054\157
+\064\105\323\046\341\336\354\133\117\047\153\026\174\275\104\004
+\030\202\263\211\171\027\020\161\075\172\242\026\116\365\001\315
+\244\154\145\150\241\111\166\134\103\311\330\274\066\147\154\245
+\224\265\324\314\271\275\152\065\126\041\336\330\303\353\373\313
+\244\140\114\260\125\240\240\173\127\262
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Network Solutions Certificate Authority"
+# Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Serial Number:57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0
+# Subject: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): D3:F3:A6:16:C0:FA:6B:1D:59:B1:2D:96:4D:0E:11:2E
+# Fingerprint (SHA1): 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Network Solutions Certificate Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\164\370\243\303\357\347\263\220\006\113\203\220\074\041\144\140
+\040\345\337\316
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\323\363\246\026\300\372\153\035\131\261\055\226\115\016\021\056
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\041\060\037\006\003\125\004\012\023\030\116\145\164\167\157\162
+\153\040\123\157\154\165\164\151\157\156\163\040\114\056\114\056
+\103\056\061\060\060\056\006\003\125\004\003\023\047\116\145\164
+\167\157\162\153\040\123\157\154\165\164\151\157\156\163\040\103
+\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\127\313\063\157\302\134\026\346\107\026\027\343\220\061
+\150\340
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "WellsSecure Public Root Certificate Authority"
+#
+# Issuer: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Not Valid Before: Thu Dec 13 17:07:54 2007
+# Not Valid After : Wed Dec 14 00:07:54 2022
+# Fingerprint (MD5): 15:AC:A5:C2:92:2D:79:BC:E8:7F:CB:67:ED:02:CF:36
+# Fingerprint (SHA1): E7:B4:F6:9D:61:EC:90:69:DB:7E:90:A7:40:1A:3C:F4:7D:4F:E8:EE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
+\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
+\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
+\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
+\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
+\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
+\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
+\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
+\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
+\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
+\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\275\060\202\003\245\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163\040
+\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165\162
+\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154\154
+\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101\061
+\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163\123
+\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157\157
+\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165
+\164\150\157\162\151\164\171\060\036\027\015\060\067\061\062\061
+\063\061\067\060\067\065\064\132\027\015\062\062\061\062\061\064
+\060\060\060\067\065\064\132\060\201\205\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\040\060\036\006\003\125\004\012
+\014\027\127\145\154\154\163\040\106\141\162\147\157\040\127\145
+\154\154\163\123\145\143\165\162\145\061\034\060\032\006\003\125
+\004\013\014\023\127\145\154\154\163\040\106\141\162\147\157\040
+\102\141\156\153\040\116\101\061\066\060\064\006\003\125\004\003
+\014\055\127\145\154\154\163\123\145\143\165\162\145\040\120\165
+\142\154\151\143\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171\060
+\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000
+\356\157\264\275\171\342\217\010\041\236\070\004\101\045\357\253
+\133\034\123\222\254\155\236\335\302\304\056\105\224\003\065\210
+\147\164\127\343\337\214\270\247\166\217\073\367\250\304\333\051
+\143\016\221\150\066\212\227\216\212\161\150\011\007\344\350\324
+\016\117\370\326\053\114\244\026\371\357\103\230\217\263\236\122
+\337\155\221\071\217\070\275\167\213\103\143\353\267\223\374\060
+\114\034\001\223\266\023\373\367\241\037\277\045\341\164\067\054
+\036\244\136\074\150\370\113\277\015\271\036\056\066\350\251\344
+\247\370\017\313\202\165\174\065\055\042\326\302\277\013\363\264
+\374\154\225\141\036\127\327\004\201\062\203\122\171\346\203\143
+\317\267\313\143\213\021\342\275\136\353\366\215\355\225\162\050
+\264\254\022\142\351\112\063\346\203\062\256\005\165\225\275\204
+\225\333\052\134\233\216\056\014\270\201\053\101\346\070\126\237
+\111\233\154\166\372\212\135\367\001\171\201\174\301\203\100\005
+\376\161\375\014\077\314\116\140\011\016\145\107\020\057\001\300
+\005\077\217\370\263\101\357\132\102\176\131\357\322\227\014\145
+\002\003\001\000\001\243\202\001\064\060\202\001\060\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\071
+\006\003\125\035\037\004\062\060\060\060\056\240\054\240\052\206
+\050\150\164\164\160\072\057\057\143\162\154\056\160\153\151\056
+\167\145\154\154\163\146\141\162\147\157\056\143\157\155\057\167
+\163\160\162\143\141\056\143\162\154\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016
+\004\026\004\024\046\225\031\020\331\350\241\227\221\377\334\031
+\331\265\004\076\322\163\012\152\060\201\262\006\003\125\035\043
+\004\201\252\060\201\247\200\024\046\225\031\020\331\350\241\227
+\221\377\334\031\331\265\004\076\322\163\012\152\241\201\213\244
+\201\210\060\201\205\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\040\060\036\006\003\125\004\012\014\027\127\145\154
+\154\163\040\106\141\162\147\157\040\127\145\154\154\163\123\145
+\143\165\162\145\061\034\060\032\006\003\125\004\013\014\023\127
+\145\154\154\163\040\106\141\162\147\157\040\102\141\156\153\040
+\116\101\061\066\060\064\006\003\125\004\003\014\055\127\145\154
+\154\163\123\145\143\165\162\145\040\120\165\142\154\151\143\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\145
+\040\101\165\164\150\157\162\151\164\171\202\001\001\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\271\025\261\104\221\314\043\310\053\115\167\343\370\232\173
+\047\015\315\162\273\231\000\312\174\146\031\120\306\325\230\355
+\253\277\003\132\345\115\345\036\310\117\161\227\206\325\343\035
+\375\220\311\074\165\167\127\172\175\370\336\364\324\325\367\225
+\346\164\156\035\074\256\174\235\333\002\003\005\054\161\113\045
+\076\007\343\136\232\365\146\027\051\210\032\070\237\317\252\101
+\003\204\227\153\223\070\172\312\060\104\033\044\104\063\320\344
+\321\334\050\070\364\023\103\065\065\051\143\250\174\242\265\255
+\070\244\355\255\375\306\232\037\377\227\163\376\373\263\065\247
+\223\206\306\166\221\000\346\254\121\026\304\047\062\134\333\163
+\332\245\223\127\216\076\155\065\046\010\131\325\347\104\327\166
+\040\143\347\254\023\147\303\155\261\160\106\174\325\226\021\075
+\211\157\135\250\241\353\215\012\332\303\035\063\154\243\352\147
+\031\232\231\177\113\075\203\121\052\035\312\057\206\014\242\176
+\020\055\053\324\026\225\013\007\252\056\024\222\111\267\051\157
+\330\155\061\175\365\374\241\020\007\207\316\057\131\334\076\130
+\333
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "WellsSecure Public Root Certificate Authority"
+# Issuer: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Not Valid Before: Thu Dec 13 17:07:54 2007
+# Not Valid After : Wed Dec 14 00:07:54 2022
+# Fingerprint (MD5): 15:AC:A5:C2:92:2D:79:BC:E8:7F:CB:67:ED:02:CF:36
+# Fingerprint (SHA1): E7:B4:F6:9D:61:EC:90:69:DB:7E:90:A7:40:1A:3C:F4:7D:4F:E8:EE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\347\264\366\235\141\354\220\151\333\176\220\247\100\032\074\364
+\175\117\350\356
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\025\254\245\302\222\055\171\274\350\177\313\147\355\002\317\066
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\040\060\036\006\003\125\004\012\014\027\127\145\154\154\163
+\040\106\141\162\147\157\040\127\145\154\154\163\123\145\143\165
+\162\145\061\034\060\032\006\003\125\004\013\014\023\127\145\154
+\154\163\040\106\141\162\147\157\040\102\141\156\153\040\116\101
+\061\066\060\064\006\003\125\004\003\014\055\127\145\154\154\163
+\123\145\143\165\162\145\040\120\165\142\154\151\143\040\122\157
+\157\164\040\103\145\162\164\151\146\151\143\141\164\145\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "COMODO ECC Certification Authority"
+#
+# Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a
+# Subject: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Mar 06 00:00:00 2008
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 7C:62:FF:74:9D:31:53:5E:68:4A:D5:78:AA:1E:BF:23
+# Fingerprint (SHA1): 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO ECC Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
+\231\052
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\211\060\202\002\017\240\003\002\001\002\002\020\037
+\107\257\252\142\000\160\120\124\114\001\236\233\143\231\052\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\205\061\013
+\060\011\006\003\125\004\006\023\002\107\102\061\033\060\031\006
+\003\125\004\010\023\022\107\162\145\141\164\145\162\040\115\141
+\156\143\150\145\163\164\145\162\061\020\060\016\006\003\125\004
+\007\023\007\123\141\154\146\157\162\144\061\032\060\030\006\003
+\125\004\012\023\021\103\117\115\117\104\117\040\103\101\040\114
+\151\155\151\164\145\144\061\053\060\051\006\003\125\004\003\023
+\042\103\117\115\117\104\117\040\105\103\103\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\060\036\027\015\060\070\060\063\060\066\060\060\060
+\060\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071
+\065\071\132\060\201\205\061\013\060\011\006\003\125\004\006\023
+\002\107\102\061\033\060\031\006\003\125\004\010\023\022\107\162
+\145\141\164\145\162\040\115\141\156\143\150\145\163\164\145\162
+\061\020\060\016\006\003\125\004\007\023\007\123\141\154\146\157
+\162\144\061\032\060\030\006\003\125\004\012\023\021\103\117\115
+\117\104\117\040\103\101\040\114\151\155\151\164\145\144\061\053
+\060\051\006\003\125\004\003\023\042\103\117\115\117\104\117\040
+\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\060\166\060\020\006
+\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003
+\142\000\004\003\107\173\057\165\311\202\025\205\373\165\344\221
+\026\324\253\142\231\365\076\122\013\006\316\101\000\177\227\341
+\012\044\074\035\001\004\356\075\322\215\011\227\014\340\165\344
+\372\373\167\212\052\365\003\140\113\066\213\026\043\026\255\011
+\161\364\112\364\050\120\264\376\210\034\156\077\154\057\057\011
+\131\133\245\133\013\063\231\342\303\075\211\371\152\054\357\262
+\323\006\351\243\102\060\100\060\035\006\003\125\035\016\004\026
+\004\024\165\161\247\031\110\031\274\235\235\352\101\107\337\224
+\304\110\167\231\323\171\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\012\006\010\052\206\110\316\075
+\004\003\003\003\150\000\060\145\002\061\000\357\003\133\172\254
+\267\170\012\162\267\210\337\377\265\106\024\011\012\372\240\346
+\175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316
+\231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223
+\074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157
+\030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346
+\334\335\363\377\035\054\072\026\127\331\222\071\326
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "COMODO ECC Certification Authority"
+# Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a
+# Subject: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Mar 06 00:00:00 2008
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 7C:62:FF:74:9D:31:53:5E:68:4A:D5:78:AA:1E:BF:23
+# Fingerprint (SHA1): 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO ECC Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216
+\055\223\303\021
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\174\142\377\164\235\061\123\136\150\112\325\170\252\036\277\043
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\105\103\103
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\037\107\257\252\142\000\160\120\124\114\001\236\233\143
+\231\052
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "MD5 Collisions Forged Rogue CA 25c3"
+#
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
+\040\103\157\154\154\151\163\151\157\156\163\040\111\156\143\056
+\040\050\150\164\164\160\072\057\057\167\167\167\056\160\150\162
+\145\145\144\157\155\056\157\162\147\057\155\144\065\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\062\060\202\003\233\240\003\002\001\002\002\001\102
+\060\015\006\011\052\206\110\206\367\015\001\001\004\005\000\060
+\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061\034
+\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141\170
+\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060\053
+\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040\123
+\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102\165
+\163\151\156\145\163\163\040\103\101\055\061\060\036\027\015\060
+\064\060\067\063\061\060\060\060\060\060\061\132\027\015\060\064
+\060\071\060\062\060\060\060\060\060\061\132\060\074\061\072\060
+\070\006\003\125\004\003\023\061\115\104\065\040\103\157\154\154
+\151\163\151\157\156\163\040\111\156\143\056\040\050\150\164\164
+\160\072\057\057\167\167\167\056\160\150\162\145\145\144\157\155
+\056\157\162\147\057\155\144\065\051\060\201\237\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
+\201\211\002\201\201\000\272\246\131\311\054\050\326\052\260\370
+\355\237\106\244\244\067\356\016\031\150\131\321\263\003\231\121
+\326\026\232\136\067\153\025\340\016\113\365\204\144\370\243\333
+\101\157\065\325\233\025\037\333\304\070\122\160\201\227\136\217
+\240\265\367\176\071\360\062\254\036\255\104\322\263\372\110\303
+\316\221\233\354\364\234\174\341\132\365\310\067\153\232\203\336
+\347\312\040\227\061\102\163\025\221\150\364\210\257\371\050\050
+\305\351\017\163\260\027\113\023\114\231\165\320\104\346\176\010
+\154\032\362\117\033\101\002\003\001\000\001\243\202\002\044\060
+\202\002\040\060\013\006\003\125\035\017\004\004\003\002\001\306
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\035\006\003\125\035\016\004\026\004\024\247\004\140\037
+\253\162\103\010\305\177\010\220\125\126\034\326\316\346\070\353
+\060\037\006\003\125\035\043\004\030\060\026\200\024\276\250\240
+\164\162\120\153\104\267\311\043\330\373\250\377\263\127\153\150
+\154\060\202\001\276\006\011\140\206\110\001\206\370\102\001\015
+\004\202\001\257\026\202\001\253\063\000\000\000\047\136\071\340
+\211\141\017\116\243\305\105\013\066\273\001\321\123\252\303\010
+\217\157\370\117\076\207\207\104\021\334\140\340\337\222\125\371
+\270\163\033\124\223\305\237\320\106\304\140\266\065\142\315\271
+\257\034\250\151\032\311\133\074\226\067\300\355\147\357\273\376
+\300\213\234\120\057\051\275\203\042\236\216\010\372\254\023\160
+\242\130\177\142\142\212\021\367\211\366\337\266\147\131\163\026
+\373\143\026\212\264\221\070\316\056\365\266\276\114\244\224\111
+\344\145\021\012\102\025\311\301\060\342\151\325\105\175\245\046
+\273\271\141\354\142\144\360\071\341\347\274\150\330\120\121\236
+\035\140\323\321\243\247\012\370\003\040\241\160\001\027\221\066
+\117\002\160\061\206\203\335\367\017\330\007\035\021\263\023\004
+\245\334\360\256\120\261\050\016\143\151\052\014\202\157\217\107
+\063\337\154\242\006\222\361\117\105\276\331\060\066\243\053\214
+\326\167\256\065\143\177\116\114\232\223\110\066\331\237\002\003
+\001\000\001\243\201\275\060\201\272\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\004\360\060\035\006\003\125\035\016
+\004\026\004\024\315\246\203\372\245\140\067\367\226\067\027\051
+\336\101\170\361\207\211\125\347\060\073\006\003\125\035\037\004
+\064\060\062\060\060\240\056\240\054\206\052\150\164\164\160\072
+\057\057\143\162\154\056\147\145\157\164\162\165\163\164\056\143
+\157\155\057\143\162\154\163\057\147\154\157\142\141\154\143\141
+\061\056\143\162\154\060\037\006\003\125\035\043\004\030\060\026
+\200\024\276\250\240\164\162\120\153\104\267\311\043\330\373\250
+\377\263\127\153\150\154\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\014\006\003\125\035\023\001\001\377\004
+\002\060\000\060\015\006\011\052\206\110\206\367\015\001\001\004
+\005\000\003\201\201\000\247\041\002\215\321\016\242\200\167\045
+\375\103\140\025\217\354\357\220\107\324\204\102\025\046\021\034
+\315\302\074\020\051\251\266\337\253\127\165\221\332\345\053\263
+\220\105\034\060\143\126\077\212\331\120\372\355\130\154\300\145
+\254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
+\220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
+\355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
+\310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
+\321\236\164\310\166\147
+END
+
+# Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
+\005\132\213\212
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\026\172\023\025\271\027\071\243\361\005\152\346\076\331\072\070
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141
+\170\040\123\145\143\165\162\145\040\111\156\143\056\061\055\060
+\053\006\003\125\004\003\023\044\105\161\165\151\146\141\170\040
+\123\145\143\165\162\145\040\107\154\157\142\141\154\040\145\102
+\165\163\151\156\145\163\163\040\103\101\055\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\102
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Distrust "Distrusted AC DG Tresor SSL"
+# Issuer: CN=AC DGTPE Signature Authentification,O=DGTPE,C=FR
+# Serial Number: 204199 (0x31da7)
+# Subject: CN=AC DG Tr..sor SSL,O=DG Tr..sor,C=FR
+# Not Valid Before: Thu Jul 18 10:05:28 2013
+# Not Valid After : Fri Jul 18 10:05:28 2014
+# Fingerprint (MD5): 3A:EA:9E:FC:00:0C:E2:06:6C:E0:AC:39:C1:31:DE:C8
+# Fingerprint (SHA1): 5C:E3:39:46:5F:41:A1:E4:23:14:9F:65:54:40:95:40:4D:E6:EB:E2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Distrusted AC DG Tresor SSL"
+CKA_ISSUER MULTILINE_OCTAL
+\060\113\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\016\060\014\006\003\125\004\012\023\005\104\107\124\120\105\061
+\054\060\052\006\003\125\004\003\023\043\101\103\040\104\107\124
+\120\105\040\123\151\147\156\141\164\165\162\145\040\101\165\164
+\150\145\156\164\151\146\151\143\141\164\151\157\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\003\035\247
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Security Communication EV RootCA1"
+#
+# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Wed Jun 06 02:12:32 2007
+# Not Valid After : Sat Jun 06 02:12:32 2037
+# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
+# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication EV RootCA1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
+\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
+\101\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
+\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
+\101\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\175\060\202\002\145\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045
+\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124
+\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056
+\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023\041
+\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151
+\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103\101
+\061\060\036\027\015\060\067\060\066\060\066\060\062\061\062\063
+\062\132\027\015\063\067\060\066\060\066\060\062\061\062\063\062
+\132\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120
+\061\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115
+\040\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103
+\117\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013
+\023\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165
+\156\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164
+\103\101\061\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\274\177\354\127\233\044\340\376\234\272\102\171
+\251\210\212\372\200\340\365\007\051\103\352\216\012\064\066\215
+\034\372\247\265\071\170\377\227\165\367\057\344\252\153\004\204
+\104\312\246\342\150\216\375\125\120\142\017\244\161\016\316\007
+\070\055\102\205\120\255\074\226\157\213\325\242\016\317\336\111
+\211\075\326\144\056\070\345\036\154\265\127\212\236\357\110\016
+\315\172\151\026\207\104\265\220\344\006\235\256\241\004\227\130
+\171\357\040\112\202\153\214\042\277\354\037\017\351\204\161\355
+\361\016\344\270\030\023\314\126\066\135\321\232\036\121\153\071
+\156\140\166\210\064\013\363\263\321\260\235\312\141\342\144\035
+\301\106\007\270\143\335\036\063\145\263\216\011\125\122\075\265
+\275\377\007\353\255\141\125\030\054\251\151\230\112\252\100\305
+\063\024\145\164\000\371\221\336\257\003\110\305\100\124\334\017
+\204\220\150\040\305\222\226\334\056\345\002\105\252\300\137\124
+\370\155\352\111\317\135\154\113\257\357\232\302\126\134\306\065
+\126\102\152\060\137\302\253\366\342\075\077\263\311\021\217\061
+\114\327\237\111\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\065\112\365\115\257\077\327\202
+\070\254\253\161\145\027\165\214\235\125\223\346\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\250\207\351\354\370\100\147\135\303\301\146\307\100\113\227
+\374\207\023\220\132\304\357\240\312\137\213\267\247\267\361\326
+\265\144\267\212\263\270\033\314\332\373\254\146\210\101\316\350
+\374\344\333\036\210\246\355\047\120\033\002\060\044\106\171\376
+\004\207\160\227\100\163\321\300\301\127\031\232\151\245\047\231
+\253\235\142\204\366\121\301\054\311\043\025\330\050\267\253\045
+\023\265\106\341\206\002\377\046\214\304\210\222\035\126\376\031
+\147\362\125\344\200\243\153\234\253\167\341\121\161\015\040\333
+\020\232\333\275\166\171\007\167\231\050\255\232\136\332\261\117
+\104\054\065\216\245\226\307\375\203\360\130\306\171\326\230\174
+\250\215\376\206\076\007\026\222\341\173\347\035\354\063\166\176
+\102\056\112\205\371\221\211\150\204\003\201\245\233\232\276\343
+\067\305\124\253\126\073\030\055\101\244\014\370\102\333\231\240
+\340\162\157\273\135\341\026\117\123\012\144\371\116\364\277\116
+\124\275\170\154\210\352\277\234\023\044\302\160\151\242\177\017
+\310\074\255\010\311\260\230\100\243\052\347\210\203\355\167\217
+\164
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Security Communication EV RootCA1"
+# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Wed Jun 06 02:12:32 2007
+# Not Valid After : Sat Jun 06 02:12:32 2037
+# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
+# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication EV RootCA1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\376\270\304\062\334\371\166\232\316\256\075\330\220\217\375\050
+\206\145\144\175
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\042\055\246\001\352\174\012\367\360\154\126\103\077\167\166\323
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\052\060\050\006\003\125\004\013\023
+\041\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\105\126\040\122\157\157\164\103
+\101\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "OISTE WISeKey Global Root GA CA"
+#
+# Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Serial Number:41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a
+# Subject: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Not Valid Before: Sun Dec 11 16:03:44 2005
+# Not Valid After : Fri Dec 11 16:09:51 2037
+# Fingerprint (MD5): BC:6C:51:33:A7:E9:D3:66:63:54:15:72:1B:21:92:93
+# Fingerprint (SHA1): 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OISTE WISeKey Global Root GA CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\110
+\061\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113
+\145\171\061\033\060\031\006\003\125\004\013\023\022\103\157\160
+\171\162\151\147\150\164\040\050\143\051\040\062\060\060\065\061
+\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040
+\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162
+\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111
+\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142
+\141\154\040\122\157\157\164\040\107\101\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\110
+\061\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113
+\145\171\061\033\060\031\006\003\125\004\013\023\022\103\157\160
+\171\162\151\147\150\164\040\050\143\051\040\062\060\060\065\061
+\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040
+\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162
+\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111
+\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142
+\141\154\040\122\157\157\164\040\107\101\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\101\075\162\307\364\153\037\201\103\175\361\322\050\124
+\337\232
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\361\060\202\002\331\240\003\002\001\002\002\020\101
+\075\162\307\364\153\037\201\103\175\361\322\050\124\337\232\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\212\061\013\060\011\006\003\125\004\006\023\002\103\110\061\020
+\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145\171
+\061\033\060\031\006\003\125\004\013\023\022\103\157\160\171\162
+\151\147\150\164\040\050\143\051\040\062\060\060\065\061\042\060
+\040\006\003\125\004\013\023\031\117\111\123\124\105\040\106\157
+\165\156\144\141\164\151\157\156\040\105\156\144\157\162\163\145
+\144\061\050\060\046\006\003\125\004\003\023\037\117\111\123\124
+\105\040\127\111\123\145\113\145\171\040\107\154\157\142\141\154
+\040\122\157\157\164\040\107\101\040\103\101\060\036\027\015\060
+\065\061\062\061\061\061\066\060\063\064\064\132\027\015\063\067
+\061\062\061\061\061\066\060\071\065\061\132\060\201\212\061\013
+\060\011\006\003\125\004\006\023\002\103\110\061\020\060\016\006
+\003\125\004\012\023\007\127\111\123\145\113\145\171\061\033\060
+\031\006\003\125\004\013\023\022\103\157\160\171\162\151\147\150
+\164\040\050\143\051\040\062\060\060\065\061\042\060\040\006\003
+\125\004\013\023\031\117\111\123\124\105\040\106\157\165\156\144
+\141\164\151\157\156\040\105\156\144\157\162\163\145\144\061\050
+\060\046\006\003\125\004\003\023\037\117\111\123\124\105\040\127
+\111\123\145\113\145\171\040\107\154\157\142\141\154\040\122\157
+\157\164\040\107\101\040\103\101\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\313\117\263\000\233\075\066
+\335\371\321\111\152\153\020\111\037\354\330\053\262\306\370\062
+\201\051\103\225\114\232\031\043\041\025\105\336\343\310\034\121
+\125\133\256\223\350\067\377\053\153\351\324\352\276\052\335\250
+\121\053\327\146\303\141\134\140\002\310\365\316\162\173\073\270
+\362\116\145\010\232\315\244\152\031\301\001\273\163\246\327\366
+\303\335\315\274\244\213\265\231\141\270\001\242\243\324\115\324
+\005\075\221\255\370\264\010\161\144\257\160\361\034\153\176\366
+\303\167\235\044\163\173\344\014\214\341\331\066\341\231\213\005
+\231\013\355\105\061\011\312\302\000\333\367\162\240\226\252\225
+\207\320\216\307\266\141\163\015\166\146\214\334\033\264\143\242
+\237\177\223\023\060\361\241\047\333\331\377\054\125\210\221\240
+\340\117\007\260\050\126\214\030\033\227\104\216\211\335\340\027
+\156\347\052\357\217\071\012\061\204\202\330\100\024\111\056\172
+\101\344\247\376\343\144\314\301\131\161\113\054\041\247\133\175
+\340\035\321\056\201\233\303\330\150\367\275\226\033\254\160\261
+\026\024\013\333\140\271\046\001\005\002\003\001\000\001\243\121
+\060\117\060\013\006\003\125\035\017\004\004\003\002\001\206\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\035\006\003\125\035\016\004\026\004\024\263\003\176\256\066
+\274\260\171\321\334\224\046\266\021\276\041\262\151\206\224\060
+\020\006\011\053\006\001\004\001\202\067\025\001\004\003\002\001
+\000\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\003\202\001\001\000\113\241\377\013\207\156\263\371\301\103\261
+\110\363\050\300\035\056\311\011\101\372\224\000\034\244\244\253
+\111\117\217\075\036\357\115\157\275\274\244\366\362\046\060\311
+\020\312\035\210\373\164\031\037\205\105\275\260\154\121\371\066
+\176\333\365\114\062\072\101\117\133\107\317\350\013\055\266\304
+\031\235\164\305\107\306\073\152\017\254\024\333\074\364\163\234
+\251\005\337\000\334\164\170\372\370\065\140\131\002\023\030\174
+\274\373\115\260\040\155\103\273\140\060\172\147\063\134\305\231
+\321\370\055\071\122\163\373\214\252\227\045\134\162\331\010\036
+\253\116\074\343\201\061\237\003\246\373\300\376\051\210\125\332
+\204\325\120\003\266\342\204\243\246\066\252\021\072\001\341\030
+\113\326\104\150\263\075\371\123\164\204\263\106\221\106\226\000
+\267\200\054\266\341\343\020\342\333\242\347\050\217\001\226\142
+\026\076\000\343\034\245\066\201\030\242\114\122\166\300\021\243
+\156\346\035\272\343\132\276\066\123\305\076\165\217\206\151\051
+\130\123\265\234\273\157\237\134\305\030\354\335\057\341\230\311
+\374\276\337\012\015
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "OISTE WISeKey Global Root GA CA"
+# Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Serial Number:41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a
+# Subject: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Not Valid Before: Sun Dec 11 16:03:44 2005
+# Not Valid After : Fri Dec 11 16:09:51 2037
+# Fingerprint (MD5): BC:6C:51:33:A7:E9:D3:66:63:54:15:72:1B:21:92:93
+# Fingerprint (SHA1): 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OISTE WISeKey Global Root GA CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\131\042\241\341\132\352\026\065\041\370\230\071\152\106\106\260
+\104\033\017\251
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\274\154\121\063\247\351\323\146\143\124\025\162\033\041\222\223
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\110
+\061\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113
+\145\171\061\033\060\031\006\003\125\004\013\023\022\103\157\160
+\171\162\151\147\150\164\040\050\143\051\040\062\060\060\065\061
+\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040
+\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162
+\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111
+\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142
+\141\154\040\122\157\157\164\040\107\101\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\101\075\162\307\364\153\037\201\103\175\361\322\050\124
+\337\232
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Microsec e-Szigno Root CA"
+#
+# Issuer: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:cc:b8:e7:bf:4e:29:1a:fd:a2:dc:66:a5:1c:2c:0f:11
+# Subject: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Wed Apr 06 12:28:44 2005
+# Not Valid After : Thu Apr 06 12:28:44 2017
+# Fingerprint (MD5): F0:96:B6:2F:C5:10:D5:67:8E:83:25:32:E8:5E:2E:E5
+# Fingerprint (SHA1): 23:88:C9:D3:71:CC:9E:96:3D:FF:7D:3C:A7:CE:FC:D6:25:EC:19:0D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsec e-Szigno Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\162\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\023\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\024\060\022\006\003
+\125\004\013\023\013\145\055\123\172\151\147\156\157\040\103\101
+\061\042\060\040\006\003\125\004\003\023\031\115\151\143\162\157
+\163\145\143\040\145\055\123\172\151\147\156\157\040\122\157\157
+\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\162\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\023\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\024\060\022\006\003
+\125\004\013\023\013\145\055\123\172\151\147\156\157\040\103\101
+\061\042\060\040\006\003\125\004\003\023\031\115\151\143\162\157
+\163\145\143\040\145\055\123\172\151\147\156\157\040\122\157\157
+\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\314\270\347\277\116\051\032\375\242\334\146\245\034
+\054\017\021
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\250\060\202\006\220\240\003\002\001\002\002\021\000
+\314\270\347\277\116\051\032\375\242\334\146\245\034\054\017\021
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\162\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021
+\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145\163
+\164\061\026\060\024\006\003\125\004\012\023\015\115\151\143\162
+\157\163\145\143\040\114\164\144\056\061\024\060\022\006\003\125
+\004\013\023\013\145\055\123\172\151\147\156\157\040\103\101\061
+\042\060\040\006\003\125\004\003\023\031\115\151\143\162\157\163
+\145\143\040\145\055\123\172\151\147\156\157\040\122\157\157\164
+\040\103\101\060\036\027\015\060\065\060\064\060\066\061\062\062
+\070\064\064\132\027\015\061\067\060\064\060\066\061\062\062\070
+\064\064\132\060\162\061\013\060\011\006\003\125\004\006\023\002
+\110\125\061\021\060\017\006\003\125\004\007\023\010\102\165\144
+\141\160\145\163\164\061\026\060\024\006\003\125\004\012\023\015
+\115\151\143\162\157\163\145\143\040\114\164\144\056\061\024\060
+\022\006\003\125\004\013\023\013\145\055\123\172\151\147\156\157
+\040\103\101\061\042\060\040\006\003\125\004\003\023\031\115\151
+\143\162\157\163\145\143\040\145\055\123\172\151\147\156\157\040
+\122\157\157\164\040\103\101\060\202\001\042\060\015\006\011\052
+\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060
+\202\001\012\002\202\001\001\000\355\310\000\325\201\173\315\070
+\000\107\314\333\204\301\041\151\054\164\220\014\041\331\123\207
+\355\076\103\104\123\257\253\370\200\233\074\170\215\324\215\256
+\270\357\323\021\334\201\346\317\073\226\214\326\157\025\306\167
+\176\241\057\340\137\222\266\047\327\166\232\035\103\074\352\331
+\354\057\356\071\363\152\147\113\213\202\317\042\370\145\125\376
+\054\313\057\175\110\172\075\165\371\252\240\047\273\170\302\006
+\312\121\302\176\146\113\257\315\242\247\115\002\202\077\202\254
+\205\306\341\017\220\107\231\224\012\161\162\223\052\311\246\300
+\276\074\126\114\163\222\047\361\153\265\365\375\374\060\005\140
+\222\306\353\226\176\001\221\302\151\261\036\035\173\123\105\270
+\334\101\037\311\213\161\326\124\024\343\213\124\170\077\276\364
+\142\073\133\365\243\354\325\222\164\342\164\060\357\001\333\341
+\324\253\231\233\052\153\370\275\246\034\206\043\102\137\354\111
+\336\232\213\133\364\162\072\100\305\111\076\245\276\216\252\161
+\353\154\372\365\032\344\152\375\173\175\125\100\357\130\156\346
+\331\325\274\044\253\301\357\267\002\003\001\000\001\243\202\004
+\067\060\202\004\063\060\147\006\010\053\006\001\005\005\007\001
+\001\004\133\060\131\060\050\006\010\053\006\001\005\005\007\060
+\001\206\034\150\164\164\160\163\072\057\057\162\143\141\056\145
+\055\163\172\151\147\156\157\056\150\165\057\157\143\163\160\060
+\055\006\010\053\006\001\005\005\007\060\002\206\041\150\164\164
+\160\072\057\057\167\167\167\056\145\055\163\172\151\147\156\157
+\056\150\165\057\122\157\157\164\103\101\056\143\162\164\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\202\001\163\006\003\125\035\040\004\202\001\152\060\202\001\146
+\060\202\001\142\006\014\053\006\001\004\001\201\250\030\002\001
+\001\001\060\202\001\120\060\050\006\010\053\006\001\005\005\007
+\002\001\026\034\150\164\164\160\072\057\057\167\167\167\056\145
+\055\163\172\151\147\156\157\056\150\165\057\123\132\123\132\057
+\060\202\001\042\006\010\053\006\001\005\005\007\002\002\060\202
+\001\024\036\202\001\020\000\101\000\040\000\164\000\141\000\156
+\000\372\000\163\000\355\000\164\000\166\000\341\000\156\000\171
+\000\040\000\351\000\162\000\164\000\145\000\154\000\155\000\145
+\000\172\000\351\000\163\000\351\000\150\000\145\000\172\000\040
+\000\351\000\163\000\040\000\145\000\154\000\146\000\157\000\147
+\000\141\000\144\000\341\000\163\000\341\000\150\000\157\000\172
+\000\040\000\141\000\040\000\123\000\172\000\157\000\154\000\147
+\000\341\000\154\000\164\000\141\000\164\000\363\000\040\000\123
+\000\172\000\157\000\154\000\147\000\341\000\154\000\164\000\141
+\000\164\000\341\000\163\000\151\000\040\000\123\000\172\000\141
+\000\142\000\341\000\154\000\171\000\172\000\141\000\164\000\141
+\000\040\000\163\000\172\000\145\000\162\000\151\000\156\000\164
+\000\040\000\153\000\145\000\154\000\154\000\040\000\145\000\154
+\000\152\000\341\000\162\000\156\000\151\000\072\000\040\000\150
+\000\164\000\164\000\160\000\072\000\057\000\057\000\167\000\167
+\000\167\000\056\000\145\000\055\000\163\000\172\000\151\000\147
+\000\156\000\157\000\056\000\150\000\165\000\057\000\123\000\132
+\000\123\000\132\000\057\060\201\310\006\003\125\035\037\004\201
+\300\060\201\275\060\201\272\240\201\267\240\201\264\206\041\150
+\164\164\160\072\057\057\167\167\167\056\145\055\163\172\151\147
+\156\157\056\150\165\057\122\157\157\164\103\101\056\143\162\154
+\206\201\216\154\144\141\160\072\057\057\154\144\141\160\056\145
+\055\163\172\151\147\156\157\056\150\165\057\103\116\075\115\151
+\143\162\157\163\145\143\045\062\060\145\055\123\172\151\147\156
+\157\045\062\060\122\157\157\164\045\062\060\103\101\054\117\125
+\075\145\055\123\172\151\147\156\157\045\062\060\103\101\054\117
+\075\115\151\143\162\157\163\145\143\045\062\060\114\164\144\056
+\054\114\075\102\165\144\141\160\145\163\164\054\103\075\110\125
+\077\143\145\162\164\151\146\151\143\141\164\145\122\145\166\157
+\143\141\164\151\157\156\114\151\163\164\073\142\151\156\141\162
+\171\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\201\226\006\003\125\035\021\004\201\216\060\201\213\201
+\020\151\156\146\157\100\145\055\163\172\151\147\156\157\056\150
+\165\244\167\060\165\061\043\060\041\006\003\125\004\003\014\032
+\115\151\143\162\157\163\145\143\040\145\055\123\172\151\147\156
+\303\263\040\122\157\157\164\040\103\101\061\026\060\024\006\003
+\125\004\013\014\015\145\055\123\172\151\147\156\303\263\040\110
+\123\132\061\026\060\024\006\003\125\004\012\023\015\115\151\143
+\162\157\163\145\143\040\113\146\164\056\061\021\060\017\006\003
+\125\004\007\023\010\102\165\144\141\160\145\163\164\061\013\060
+\011\006\003\125\004\006\023\002\110\125\060\201\254\006\003\125
+\035\043\004\201\244\060\201\241\200\024\307\240\111\165\026\141
+\204\333\061\113\204\322\361\067\100\220\357\116\334\367\241\166
+\244\164\060\162\061\013\060\011\006\003\125\004\006\023\002\110
+\125\061\021\060\017\006\003\125\004\007\023\010\102\165\144\141
+\160\145\163\164\061\026\060\024\006\003\125\004\012\023\015\115
+\151\143\162\157\163\145\143\040\114\164\144\056\061\024\060\022
+\006\003\125\004\013\023\013\145\055\123\172\151\147\156\157\040
+\103\101\061\042\060\040\006\003\125\004\003\023\031\115\151\143
+\162\157\163\145\143\040\145\055\123\172\151\147\156\157\040\122
+\157\157\164\040\103\101\202\021\000\314\270\347\277\116\051\032
+\375\242\334\146\245\034\054\017\021\060\035\006\003\125\035\016
+\004\026\004\024\307\240\111\165\026\141\204\333\061\113\204\322
+\361\067\100\220\357\116\334\367\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\323\023\234\146
+\143\131\056\312\134\160\014\374\203\274\125\261\364\216\007\154
+\146\047\316\301\073\040\251\034\273\106\124\160\356\132\314\240
+\167\352\150\104\047\353\362\051\335\167\251\325\373\343\324\247
+\004\304\225\270\013\341\104\150\140\007\103\060\061\102\141\345
+\356\331\345\044\325\033\337\341\112\033\252\237\307\137\370\172
+\021\352\023\223\000\312\212\130\261\356\355\016\115\264\327\250
+\066\046\174\340\072\301\325\127\202\361\165\266\375\211\137\332
+\363\250\070\237\065\006\010\316\042\225\276\315\325\374\276\133
+\336\171\153\334\172\251\145\146\276\261\045\132\137\355\176\323
+\254\106\155\114\364\062\207\264\040\004\340\154\170\260\167\321
+\205\106\113\246\022\267\165\350\112\311\126\154\327\222\253\235
+\365\111\070\322\117\123\343\125\220\021\333\230\226\306\111\362
+\076\364\237\033\340\367\210\334\045\142\231\104\330\163\277\077
+\060\363\014\067\076\324\302\050\200\163\261\001\267\235\132\226
+\024\001\113\251\021\235\051\152\056\320\135\201\300\317\262\040
+\103\307\003\340\067\116\135\012\334\131\040\045
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Microsec e-Szigno Root CA"
+# Issuer: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:cc:b8:e7:bf:4e:29:1a:fd:a2:dc:66:a5:1c:2c:0f:11
+# Subject: CN=Microsec e-Szigno Root CA,OU=e-Szigno CA,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Wed Apr 06 12:28:44 2005
+# Not Valid After : Thu Apr 06 12:28:44 2017
+# Fingerprint (MD5): F0:96:B6:2F:C5:10:D5:67:8E:83:25:32:E8:5E:2E:E5
+# Fingerprint (SHA1): 23:88:C9:D3:71:CC:9E:96:3D:FF:7D:3C:A7:CE:FC:D6:25:EC:19:0D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsec e-Szigno Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\043\210\311\323\161\314\236\226\075\377\175\074\247\316\374\326
+\045\354\031\015
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\360\226\266\057\305\020\325\147\216\203\045\062\350\136\056\345
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\162\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\023\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\023\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\024\060\022\006\003
+\125\004\013\023\013\145\055\123\172\151\147\156\157\040\103\101
+\061\042\060\040\006\003\125\004\003\023\031\115\151\143\162\157
+\163\145\143\040\145\055\123\172\151\147\156\157\040\122\157\157
+\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\314\270\347\277\116\051\032\375\242\334\146\245\034
+\054\017\021
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certigna"
+#
+# Issuer: CN=Certigna,O=Dhimyotis,C=FR
+# Serial Number:00:fe:dc:e3:01:0f:c9:48:ff
+# Subject: CN=Certigna,O=Dhimyotis,C=FR
+# Not Valid Before: Fri Jun 29 15:13:05 2007
+# Not Valid After : Tue Jun 29 15:13:05 2027
+# Fingerprint (MD5): AB:57:A6:5B:7D:42:82:19:B5:D8:58:26:28:5E:FD:FF
+# Fingerprint (SHA1): B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certigna"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\064\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157
+\164\151\163\061\021\060\017\006\003\125\004\003\014\010\103\145
+\162\164\151\147\156\141
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\064\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157
+\164\151\163\061\021\060\017\006\003\125\004\003\014\010\103\145
+\162\164\151\147\156\141
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\376\334\343\001\017\311\110\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\250\060\202\002\220\240\003\002\001\002\002\011\000
+\376\334\343\001\017\311\110\377\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\060\064\061\013\060\011\006\003\125
+\004\006\023\002\106\122\061\022\060\020\006\003\125\004\012\014
+\011\104\150\151\155\171\157\164\151\163\061\021\060\017\006\003
+\125\004\003\014\010\103\145\162\164\151\147\156\141\060\036\027
+\015\060\067\060\066\062\071\061\065\061\063\060\065\132\027\015
+\062\067\060\066\062\071\061\065\061\063\060\065\132\060\064\061
+\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020
+\006\003\125\004\012\014\011\104\150\151\155\171\157\164\151\163
+\061\021\060\017\006\003\125\004\003\014\010\103\145\162\164\151
+\147\156\141\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\310\150\361\311\326\326\263\064\165\046\202\036
+\354\264\276\352\134\341\046\355\021\107\141\341\242\174\026\170
+\100\041\344\140\236\132\310\143\341\304\261\226\222\377\030\155
+\151\043\341\053\142\367\335\342\066\057\221\007\271\110\317\016
+\354\171\266\054\347\064\113\160\010\045\243\074\207\033\031\362
+\201\007\017\070\220\031\323\021\376\206\264\362\321\136\036\036
+\226\315\200\154\316\073\061\223\266\362\240\320\251\225\022\175
+\245\232\314\153\310\204\126\212\063\251\347\042\025\123\026\360
+\314\027\354\127\137\351\242\012\230\011\336\343\137\234\157\334
+\110\343\205\013\025\132\246\272\237\254\110\343\011\262\367\364
+\062\336\136\064\276\034\170\135\102\133\316\016\042\217\115\220
+\327\175\062\030\263\013\054\152\277\216\077\024\021\211\040\016
+\167\024\265\075\224\010\207\367\045\036\325\262\140\000\354\157
+\052\050\045\156\052\076\030\143\027\045\077\076\104\040\026\366
+\046\310\045\256\005\112\264\347\143\054\363\214\026\123\176\134
+\373\021\032\010\301\106\142\237\042\270\361\302\215\151\334\372
+\072\130\006\337\002\003\001\000\001\243\201\274\060\201\271\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\035\006\003\125\035\016\004\026\004\024\032\355\376\101\071
+\220\264\044\131\276\001\362\122\325\105\366\132\071\334\021\060
+\144\006\003\125\035\043\004\135\060\133\200\024\032\355\376\101
+\071\220\264\044\131\276\001\362\122\325\105\366\132\071\334\021
+\241\070\244\066\060\064\061\013\060\011\006\003\125\004\006\023
+\002\106\122\061\022\060\020\006\003\125\004\012\014\011\104\150
+\151\155\171\157\164\151\163\061\021\060\017\006\003\125\004\003
+\014\010\103\145\162\164\151\147\156\141\202\011\000\376\334\343
+\001\017\311\110\377\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\021\006\011\140\206\110\001\206\370\102
+\001\001\004\004\003\002\000\007\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\205\003\036\222
+\161\366\102\257\341\243\141\236\353\363\300\017\362\245\324\332
+\225\346\326\276\150\066\075\176\156\037\114\212\357\321\017\041
+\155\136\245\122\143\316\022\370\357\052\332\157\353\067\376\023
+\002\307\313\073\076\042\153\332\141\056\177\324\162\075\335\060
+\341\036\114\100\031\214\017\327\234\321\203\060\173\230\131\334
+\175\306\271\014\051\114\241\063\242\353\147\072\145\204\323\226
+\342\355\166\105\160\217\265\053\336\371\043\326\111\156\074\024
+\265\306\237\065\036\120\320\301\217\152\160\104\002\142\313\256
+\035\150\101\247\252\127\350\123\252\007\322\006\366\325\024\006
+\013\221\003\165\054\154\162\265\141\225\232\015\213\271\015\347
+\365\337\124\315\336\346\330\326\011\010\227\143\345\301\056\260
+\267\104\046\300\046\300\257\125\060\236\073\325\066\052\031\004
+\364\134\036\377\317\054\267\377\320\375\207\100\021\325\021\043
+\273\110\300\041\251\244\050\055\375\025\370\260\116\053\364\060
+\133\041\374\021\221\064\276\101\357\173\235\227\165\377\227\225
+\300\226\130\057\352\273\106\327\273\344\331\056
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Certigna"
+# Issuer: CN=Certigna,O=Dhimyotis,C=FR
+# Serial Number:00:fe:dc:e3:01:0f:c9:48:ff
+# Subject: CN=Certigna,O=Dhimyotis,C=FR
+# Not Valid Before: Fri Jun 29 15:13:05 2007
+# Not Valid After : Tue Jun 29 15:13:05 2027
+# Fingerprint (MD5): AB:57:A6:5B:7D:42:82:19:B5:D8:58:26:28:5E:FD:FF
+# Fingerprint (SHA1): B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certigna"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\261\056\023\143\105\206\244\157\032\262\140\150\067\130\055\304
+\254\375\224\227
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\253\127\246\133\175\102\202\031\265\330\130\046\050\136\375\377
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\064\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157
+\164\151\163\061\021\060\017\006\003\125\004\003\014\010\103\145
+\162\164\151\147\156\141
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\376\334\343\001\017\311\110\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AC Raiz Certicamara S.A."
+#
+# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
+# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c
+# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
+# Not Valid Before: Mon Nov 27 20:46:29 2006
+# Not Valid After : Tue Apr 02 21:42:02 2030
+# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6
+# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061
+\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144
+\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145
+\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147
+\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155
+\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004
+\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164
+\151\143\303\241\155\141\162\141\040\123\056\101\056
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061
+\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144
+\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145
+\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147
+\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155
+\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004
+\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164
+\151\143\303\241\155\141\162\141\040\123\056\101\056
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354
+\014
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\146\060\202\004\116\240\003\002\001\002\002\017\007
+\176\122\223\173\340\025\343\127\360\151\214\313\354\014\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\060\173\061
+\013\060\011\006\003\125\004\006\023\002\103\117\061\107\060\105
+\006\003\125\004\012\014\076\123\157\143\151\145\144\141\144\040
+\103\141\155\145\162\141\154\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\303\263\156\040\104\151\147\151\164\141
+\154\040\055\040\103\145\162\164\151\143\303\241\155\141\162\141
+\040\123\056\101\056\061\043\060\041\006\003\125\004\003\014\032
+\101\103\040\122\141\303\255\172\040\103\145\162\164\151\143\303
+\241\155\141\162\141\040\123\056\101\056\060\036\027\015\060\066
+\061\061\062\067\062\060\064\066\062\071\132\027\015\063\060\060
+\064\060\062\062\061\064\062\060\062\132\060\173\061\013\060\011
+\006\003\125\004\006\023\002\103\117\061\107\060\105\006\003\125
+\004\012\014\076\123\157\143\151\145\144\141\144\040\103\141\155
+\145\162\141\154\040\144\145\040\103\145\162\164\151\146\151\143
+\141\143\151\303\263\156\040\104\151\147\151\164\141\154\040\055
+\040\103\145\162\164\151\143\303\241\155\141\162\141\040\123\056
+\101\056\061\043\060\041\006\003\125\004\003\014\032\101\103\040
+\122\141\303\255\172\040\103\145\162\164\151\143\303\241\155\141
+\162\141\040\123\056\101\056\060\202\002\042\060\015\006\011\052
+\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
+\202\002\012\002\202\002\001\000\253\153\211\243\123\314\110\043
+\010\373\303\317\121\226\010\056\270\010\172\155\074\220\027\206
+\251\351\355\056\023\064\107\262\320\160\334\311\074\320\215\312
+\356\113\027\253\320\205\260\247\043\004\313\250\242\374\345\165
+\333\100\312\142\211\217\120\236\001\075\046\133\030\204\034\313
+\174\067\267\175\354\323\177\163\031\260\152\262\330\210\212\055
+\105\164\250\367\263\270\300\324\332\315\042\211\164\115\132\025
+\071\163\030\164\117\265\353\231\247\301\036\210\264\302\223\220
+\143\227\363\247\247\022\262\011\042\007\063\331\221\315\016\234
+\037\016\040\307\356\273\063\215\217\302\322\130\247\137\375\145
+\067\342\210\302\330\217\206\165\136\371\055\247\207\063\362\170
+\067\057\213\274\035\206\067\071\261\224\362\330\274\112\234\203
+\030\132\006\374\363\324\324\272\214\025\011\045\360\371\266\215
+\004\176\027\022\063\153\127\110\114\117\333\046\036\353\314\220
+\347\213\371\150\174\160\017\243\052\320\072\070\337\067\227\342
+\133\336\200\141\323\200\330\221\203\102\132\114\004\211\150\021
+\074\254\137\150\200\101\314\140\102\316\015\132\052\014\017\233
+\060\300\246\360\206\333\253\111\327\227\155\110\213\371\003\300
+\122\147\233\022\367\302\362\056\230\145\102\331\326\232\343\320
+\031\061\014\255\207\325\127\002\172\060\350\206\046\373\217\043
+\212\124\207\344\277\074\356\353\303\165\110\137\036\071\157\201
+\142\154\305\055\304\027\124\031\267\067\215\234\067\221\310\366
+\013\325\352\143\157\203\254\070\302\363\077\336\232\373\341\043
+\141\360\310\046\313\066\310\241\363\060\217\244\243\242\241\335
+\123\263\336\360\232\062\037\203\221\171\060\301\251\037\123\233
+\123\242\025\123\077\335\235\263\020\073\110\175\211\017\374\355
+\003\365\373\045\144\165\016\027\031\015\217\000\026\147\171\172
+\100\374\055\131\007\331\220\372\232\255\075\334\200\212\346\134
+\065\242\147\114\021\153\261\370\200\144\000\055\157\042\141\305
+\254\113\046\345\132\020\202\233\244\203\173\064\367\236\211\221
+\040\227\216\267\102\307\146\303\320\351\244\326\365\040\215\304
+\303\225\254\104\012\235\133\163\074\046\075\057\112\276\247\311
+\247\020\036\373\237\120\151\363\002\003\001\000\001\243\201\346
+\060\201\343\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\321
+\011\320\351\327\316\171\164\124\371\072\060\263\364\155\054\003
+\003\033\150\060\201\240\006\003\125\035\040\004\201\230\060\201
+\225\060\201\222\006\004\125\035\040\000\060\201\211\060\053\006
+\010\053\006\001\005\005\007\002\001\026\037\150\164\164\160\072
+\057\057\167\167\167\056\143\145\162\164\151\143\141\155\141\162
+\141\056\143\157\155\057\144\160\143\057\060\132\006\010\053\006
+\001\005\005\007\002\002\060\116\032\114\114\151\155\151\164\141
+\143\151\157\156\145\163\040\144\145\040\147\141\162\141\156\164
+\355\141\163\040\144\145\040\145\163\164\145\040\143\145\162\164
+\151\146\151\143\141\144\157\040\163\145\040\160\165\145\144\145
+\156\040\145\156\143\157\156\164\162\141\162\040\145\156\040\154
+\141\040\104\120\103\056\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\002\001\000\134\224\265\270\105\221
+\115\216\141\037\003\050\017\123\174\346\244\131\251\263\212\172
+\305\260\377\010\174\054\243\161\034\041\023\147\241\225\022\100
+\065\203\203\217\164\333\063\134\360\111\166\012\201\122\335\111
+\324\232\062\063\357\233\247\313\165\345\172\313\227\022\220\134
+\272\173\305\233\337\273\071\043\310\377\230\316\012\115\042\001
+\110\007\176\212\300\325\040\102\224\104\357\277\167\242\211\147
+\110\033\100\003\005\241\211\354\317\142\343\075\045\166\146\277
+\046\267\273\042\276\157\377\071\127\164\272\172\311\001\225\301
+\225\121\350\253\054\370\261\206\040\351\077\313\065\133\322\027
+\351\052\376\203\023\027\100\356\210\142\145\133\325\073\140\351
+\173\074\270\311\325\177\066\002\045\252\150\302\061\025\267\060
+\145\353\177\035\110\171\261\317\071\342\102\200\026\323\365\223
+\043\374\114\227\311\132\067\154\174\042\330\112\315\322\216\066
+\203\071\221\220\020\310\361\311\065\176\077\270\323\201\306\040
+\144\032\266\120\302\041\244\170\334\320\057\073\144\223\164\360
+\226\220\361\357\373\011\132\064\100\226\360\066\022\301\243\164
+\214\223\176\101\336\167\213\354\206\331\322\017\077\055\321\314
+\100\242\211\146\110\036\040\263\234\043\131\163\251\104\163\274
+\044\171\220\126\067\263\306\051\176\243\017\361\051\071\357\176
+\134\050\062\160\065\254\332\270\310\165\146\374\233\114\071\107
+\216\033\157\233\115\002\124\042\063\357\141\272\236\051\204\357
+\116\113\063\107\166\227\152\313\176\137\375\025\246\236\102\103
+\133\146\132\212\210\015\367\026\271\077\121\145\053\146\152\213
+\321\070\122\242\326\106\021\372\374\232\034\164\236\217\227\013
+\002\117\144\306\365\150\323\113\055\377\244\067\036\213\077\277
+\104\276\141\106\241\204\075\010\047\114\201\040\167\211\010\352
+\147\100\136\154\010\121\137\064\132\214\226\150\315\327\367\211
+\302\034\323\062\000\257\122\313\323\140\133\052\072\107\176\153
+\060\063\241\142\051\177\112\271\341\055\347\024\043\016\016\030
+\107\341\171\374\025\125\320\261\374\045\161\143\165\063\034\043
+\053\257\134\331\355\107\167\140\016\073\017\036\322\300\334\144
+\005\211\374\170\326\134\054\046\103\251
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AC Raiz Certicamara S.A."
+# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
+# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c
+# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
+# Not Valid Before: Mon Nov 27 20:46:29 2006
+# Not Valid After : Tue Apr 02 21:42:02 2030
+# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6
+# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\313\241\305\370\260\343\136\270\271\105\022\323\371\064\242\351
+\006\020\323\066
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\223\052\076\366\375\043\151\015\161\040\324\053\107\231\053\246
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061
+\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144
+\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145
+\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147
+\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155
+\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004
+\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164
+\151\143\303\241\155\141\162\141\040\123\056\101\056
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354
+\014
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TC TrustCenter Class 3 CA II"
+#
+# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE
+# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf
+# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE
+# Not Valid Before: Thu Jan 12 14:41:57 2006
+# Not Valid After : Wed Dec 31 22:59:59 2025
+# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E
+# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165
+\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060
+\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164
+\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103
+\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124
+\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163
+\040\063\040\103\101\040\111\111
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165
+\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060
+\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164
+\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103
+\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124
+\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163
+\040\063\040\103\101\040\111\111
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\252\060\202\003\222\240\003\002\001\002\002\016\112
+\107\000\001\000\002\345\240\135\326\077\000\121\277\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\060\166\061\013
+\060\011\006\003\125\004\006\023\002\104\105\061\034\060\032\006
+\003\125\004\012\023\023\124\103\040\124\162\165\163\164\103\145
+\156\164\145\162\040\107\155\142\110\061\042\060\040\006\003\125
+\004\013\023\031\124\103\040\124\162\165\163\164\103\145\156\164
+\145\162\040\103\154\141\163\163\040\063\040\103\101\061\045\060
+\043\006\003\125\004\003\023\034\124\103\040\124\162\165\163\164
+\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103
+\101\040\111\111\060\036\027\015\060\066\060\061\061\062\061\064
+\064\061\065\067\132\027\015\062\065\061\062\063\061\062\062\065
+\071\065\071\132\060\166\061\013\060\011\006\003\125\004\006\023
+\002\104\105\061\034\060\032\006\003\125\004\012\023\023\124\103
+\040\124\162\165\163\164\103\145\156\164\145\162\040\107\155\142
+\110\061\042\060\040\006\003\125\004\013\023\031\124\103\040\124
+\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163
+\040\063\040\103\101\061\045\060\043\006\003\125\004\003\023\034
+\124\103\040\124\162\165\163\164\103\145\156\164\145\162\040\103
+\154\141\163\163\040\063\040\103\101\040\111\111\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\264\340\273
+\121\273\071\134\213\004\305\114\171\034\043\206\061\020\143\103
+\125\047\077\306\105\307\244\075\354\011\015\032\036\040\302\126
+\036\336\033\067\007\060\042\057\157\361\006\361\253\255\326\310
+\253\141\243\057\103\304\260\262\055\374\303\226\151\173\176\212
+\344\314\300\071\022\220\102\140\311\314\065\150\356\332\137\220
+\126\137\315\034\115\133\130\111\353\016\001\117\144\372\054\074
+\211\130\330\057\056\342\260\150\351\042\073\165\211\326\104\032
+\145\362\033\227\046\035\050\155\254\350\275\131\035\053\044\366
+\326\204\003\146\210\044\000\170\140\361\370\253\376\002\262\153
+\373\042\373\065\346\026\321\255\366\056\022\344\372\065\152\345
+\031\271\135\333\073\036\032\373\323\377\025\024\010\330\011\152
+\272\105\235\024\171\140\175\257\100\212\007\163\263\223\226\323
+\164\064\215\072\067\051\336\134\354\365\356\056\061\302\040\334
+\276\361\117\177\043\122\331\133\342\144\331\234\252\007\010\265
+\105\275\321\320\061\301\253\124\237\251\322\303\142\140\003\361
+\273\071\112\222\112\075\012\271\235\305\240\376\067\002\003\001
+\000\001\243\202\001\064\060\202\001\060\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
+\035\016\004\026\004\024\324\242\374\237\263\303\330\003\323\127
+\134\007\244\320\044\247\300\362\000\324\060\201\355\006\003\125
+\035\037\004\201\345\060\201\342\060\201\337\240\201\334\240\201
+\331\206\065\150\164\164\160\072\057\057\167\167\167\056\164\162
+\165\163\164\143\145\156\164\145\162\056\144\145\057\143\162\154
+\057\166\062\057\164\143\137\143\154\141\163\163\137\063\137\143
+\141\137\111\111\056\143\162\154\206\201\237\154\144\141\160\072
+\057\057\167\167\167\056\164\162\165\163\164\143\145\156\164\145
+\162\056\144\145\057\103\116\075\124\103\045\062\060\124\162\165
+\163\164\103\145\156\164\145\162\045\062\060\103\154\141\163\163
+\045\062\060\063\045\062\060\103\101\045\062\060\111\111\054\117
+\075\124\103\045\062\060\124\162\165\163\164\103\145\156\164\145
+\162\045\062\060\107\155\142\110\054\117\125\075\162\157\157\164
+\143\145\162\164\163\054\104\103\075\164\162\165\163\164\143\145
+\156\164\145\162\054\104\103\075\144\145\077\143\145\162\164\151
+\146\151\143\141\164\145\122\145\166\157\143\141\164\151\157\156
+\114\151\163\164\077\142\141\163\145\077\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\001\001\000\066\140
+\344\160\367\006\040\103\331\043\032\102\362\370\243\262\271\115
+\212\264\363\302\232\125\061\174\304\073\147\232\264\337\115\016
+\212\223\112\027\213\033\215\312\211\341\317\072\036\254\035\361
+\234\062\264\216\131\166\242\101\205\045\067\240\023\320\365\174
+\116\325\352\226\342\156\162\301\273\052\376\154\156\370\221\230
+\106\374\311\033\127\133\352\310\032\073\077\260\121\230\074\007
+\332\054\131\001\332\213\104\350\341\164\375\247\150\335\124\272
+\203\106\354\310\106\265\370\257\227\300\073\011\034\217\316\162
+\226\075\063\126\160\274\226\313\330\325\175\040\232\203\237\032
+\334\071\361\305\162\243\021\003\375\073\102\122\051\333\350\001
+\367\233\136\214\326\215\206\116\031\372\274\034\276\305\041\245
+\207\236\170\056\066\333\011\161\243\162\064\370\154\343\006\011
+\362\136\126\245\323\335\230\372\324\346\006\364\360\266\040\143
+\113\352\051\275\252\202\146\036\373\201\252\247\067\255\023\030
+\346\222\303\201\301\063\273\210\036\241\347\342\264\275\061\154
+\016\121\075\157\373\226\126\200\342\066\027\321\334\344
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "TC TrustCenter Class 3 CA II"
+# Issuer: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE
+# Serial Number:4a:47:00:01:00:02:e5:a0:5d:d6:3f:00:51:bf
+# Subject: CN=TC TrustCenter Class 3 CA II,OU=TC TrustCenter Class 3 CA,O=TC TrustCenter GmbH,C=DE
+# Not Valid Before: Thu Jan 12 14:41:57 2006
+# Not Valid After : Wed Dec 31 22:59:59 2025
+# Fingerprint (MD5): 56:5F:AA:80:61:12:17:F6:67:21:E6:2B:6D:61:56:8E
+# Fingerprint (SHA1): 80:25:EF:F4:6E:70:C8:D4:72:24:65:84:FE:40:3B:8A:8D:6A:DB:F5
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TC TrustCenter Class 3 CA II"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\200\045\357\364\156\160\310\324\162\044\145\204\376\100\073\212
+\215\152\333\365
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\126\137\252\200\141\022\027\366\147\041\346\053\155\141\126\216
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\166\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\034\060\032\006\003\125\004\012\023\023\124\103\040\124\162\165
+\163\164\103\145\156\164\145\162\040\107\155\142\110\061\042\060
+\040\006\003\125\004\013\023\031\124\103\040\124\162\165\163\164
+\103\145\156\164\145\162\040\103\154\141\163\163\040\063\040\103
+\101\061\045\060\043\006\003\125\004\003\023\034\124\103\040\124
+\162\165\163\164\103\145\156\164\145\162\040\103\154\141\163\163
+\040\063\040\103\101\040\111\111
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\016\112\107\000\001\000\002\345\240\135\326\077\000\121\277
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Deutsche Telekom Root CA 2"
+#
+# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
+# Serial Number: 38 (0x26)
+# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
+# Not Valid Before: Fri Jul 09 12:11:00 1999
+# Not Valid After : Tue Jul 09 23:59:00 2019
+# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
+# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
+\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
+\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
+\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
+\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
+\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
+\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
+\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
+\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
+\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
+\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\046
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\237\060\202\002\207\240\003\002\001\002\002\001\046
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061\034
+\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143\150
+\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060\035
+\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145\143
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043\060
+\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150\145
+\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103\101
+\040\062\060\036\027\015\071\071\060\067\060\071\061\062\061\061
+\060\060\132\027\015\061\071\060\067\060\071\062\063\065\071\060
+\060\132\060\161\061\013\060\011\006\003\125\004\006\023\002\104
+\105\061\034\060\032\006\003\125\004\012\023\023\104\145\165\164
+\163\143\150\145\040\124\145\154\145\153\157\155\040\101\107\061
+\037\060\035\006\003\125\004\013\023\026\124\055\124\145\154\145
+\123\145\143\040\124\162\165\163\164\040\103\145\156\164\145\162
+\061\043\060\041\006\003\125\004\003\023\032\104\145\165\164\163
+\143\150\145\040\124\145\154\145\153\157\155\040\122\157\157\164
+\040\103\101\040\062\060\202\001\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+\012\002\202\001\001\000\253\013\243\065\340\213\051\024\261\024
+\205\257\074\020\344\071\157\065\135\112\256\335\352\141\215\225
+\111\364\157\144\243\032\140\146\244\251\100\042\204\331\324\245
+\345\170\223\016\150\001\255\271\115\134\072\316\323\270\250\102
+\100\337\317\243\272\202\131\152\222\033\254\034\232\332\010\053
+\045\047\371\151\043\107\361\340\353\054\172\233\365\023\002\320
+\176\064\174\302\236\074\000\131\253\365\332\014\365\062\074\053
+\254\120\332\326\303\336\203\224\312\250\014\231\062\016\010\110
+\126\133\152\373\332\341\130\130\001\111\137\162\101\074\025\006
+\001\216\135\255\252\270\223\264\315\236\353\247\350\152\055\122
+\064\333\072\357\134\165\121\332\333\363\061\371\356\161\230\062
+\304\124\025\104\014\371\233\125\355\255\337\030\010\240\243\206
+\212\111\356\123\005\217\031\114\325\336\130\171\233\322\152\034
+\102\253\305\325\247\317\150\017\226\344\341\141\230\166\141\310
+\221\174\326\076\000\342\221\120\207\341\235\012\346\255\227\322
+\035\306\072\175\313\274\332\003\064\325\216\133\001\365\152\007
+\267\026\266\156\112\177\002\003\001\000\001\243\102\060\100\060
+\035\006\003\125\035\016\004\026\004\024\061\303\171\033\272\365
+\123\327\027\340\211\172\055\027\154\012\263\053\235\063\060\017
+\006\003\125\035\023\004\010\060\006\001\001\377\002\001\005\060
+\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\224\144\131\255\071\144\347\051\353\023\376\132\303
+\213\023\127\310\004\044\360\164\167\300\140\343\147\373\351\211
+\246\203\277\226\202\174\156\324\303\075\357\236\200\156\273\051
+\264\230\172\261\073\124\353\071\027\107\176\032\216\013\374\037
+\061\131\061\004\262\316\027\363\054\307\142\066\125\342\042\330
+\211\125\264\230\110\252\144\372\326\034\066\330\104\170\132\132
+\043\072\127\227\365\172\060\117\256\237\152\114\113\053\216\240
+\003\343\076\340\251\324\322\173\322\263\250\342\162\074\255\236
+\377\200\131\344\233\105\264\366\073\260\315\071\031\230\062\345
+\352\041\141\220\344\061\041\216\064\261\367\057\065\112\205\020
+\332\347\212\067\041\276\131\143\340\362\205\210\061\123\324\124
+\024\205\160\171\364\056\006\167\047\165\057\037\270\212\371\376
+\305\272\330\066\344\203\354\347\145\267\277\143\132\363\106\257
+\201\224\067\324\101\214\326\043\326\036\317\365\150\033\104\143
+\242\132\272\247\065\131\241\345\160\005\233\016\043\127\231\224
+\012\155\272\071\143\050\206\222\363\030\204\330\373\321\317\005
+\126\144\127
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Deutsche Telekom Root CA 2"
+# Issuer: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
+# Serial Number: 38 (0x26)
+# Subject: CN=Deutsche Telekom Root CA 2,OU=T-TeleSec Trust Center,O=Deutsche Telekom AG,C=DE
+# Not Valid Before: Fri Jul 09 12:11:00 1999
+# Not Valid After : Tue Jul 09 23:59:00 2019
+# Fingerprint (MD5): 74:01:4A:91:B1:08:C4:58:CE:47:CD:F0:DD:11:53:08
+# Fingerprint (SHA1): 85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Deutsche Telekom Root CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\205\244\010\300\234\031\076\135\121\130\175\315\326\023\060\375
+\214\336\067\277
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\164\001\112\221\261\010\304\130\316\107\315\360\335\021\123\010
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\161\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\034\060\032\006\003\125\004\012\023\023\104\145\165\164\163\143
+\150\145\040\124\145\154\145\153\157\155\040\101\107\061\037\060
+\035\006\003\125\004\013\023\026\124\055\124\145\154\145\123\145
+\143\040\124\162\165\163\164\040\103\145\156\164\145\162\061\043
+\060\041\006\003\125\004\003\023\032\104\145\165\164\163\143\150
+\145\040\124\145\154\145\153\157\155\040\122\157\157\164\040\103
+\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\046
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ComSign CA"
+#
+# Issuer: C=IL,O=ComSign,CN=ComSign CA
+# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44
+# Subject: C=IL,O=ComSign,CN=ComSign CA
+# Not Valid Before: Wed Mar 24 11:32:18 2004
+# Not Valid After : Mon Mar 19 15:02:18 2029
+# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B
+# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ComSign CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155
+\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012
+\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125
+\004\006\023\002\111\114
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155
+\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012
+\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125
+\004\006\023\002\111\114
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207
+\167\104
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\223\060\202\002\173\240\003\002\001\002\002\020\024
+\023\226\203\024\125\214\352\173\143\345\374\064\207\167\104\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\064
+\061\023\060\021\006\003\125\004\003\023\012\103\157\155\123\151
+\147\156\040\103\101\061\020\060\016\006\003\125\004\012\023\007
+\103\157\155\123\151\147\156\061\013\060\011\006\003\125\004\006
+\023\002\111\114\060\036\027\015\060\064\060\063\062\064\061\061
+\063\062\061\070\132\027\015\062\071\060\063\061\071\061\065\060
+\062\061\070\132\060\064\061\023\060\021\006\003\125\004\003\023
+\012\103\157\155\123\151\147\156\040\103\101\061\020\060\016\006
+\003\125\004\012\023\007\103\157\155\123\151\147\156\061\013\060
+\011\006\003\125\004\006\023\002\111\114\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\360\344\124\151\053
+\323\307\217\152\104\344\176\130\047\370\013\320\344\224\022\212
+\361\033\070\070\057\037\061\234\006\324\054\247\336\013\052\256
+\032\240\343\236\152\277\237\074\307\156\242\371\213\144\154\072
+\255\205\125\121\124\245\070\125\270\253\203\004\362\077\144\066
+\367\300\215\103\103\152\146\321\367\027\052\325\357\066\372\060
+\020\102\327\123\315\371\372\063\163\114\263\351\204\040\212\326
+\101\047\065\344\070\372\224\233\270\172\344\171\037\063\373\033
+\330\041\011\050\174\115\030\151\136\144\212\172\031\223\312\176
+\354\363\162\347\067\007\130\131\050\254\102\371\305\377\315\077
+\347\245\372\070\261\320\014\307\331\122\032\123\326\201\314\102
+\172\065\133\355\113\072\172\366\265\216\314\377\017\174\344\140
+\066\207\057\255\360\241\045\175\377\322\113\021\210\160\124\246
+\101\250\147\123\122\102\136\344\064\236\344\276\243\354\252\142
+\135\335\303\114\246\202\101\344\063\013\254\311\063\017\144\202
+\127\052\375\014\255\066\341\014\256\113\305\357\073\231\331\043
+\263\133\135\264\127\354\164\160\014\052\117\002\003\001\000\001
+\243\201\240\060\201\235\060\014\006\003\125\035\023\004\005\060
+\003\001\001\377\060\075\006\003\125\035\037\004\066\060\064\060
+\062\240\060\240\056\206\054\150\164\164\160\072\057\057\146\145
+\144\151\162\056\143\157\155\163\151\147\156\056\143\157\056\151
+\154\057\143\162\154\057\103\157\155\123\151\147\156\103\101\056
+\143\162\154\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\206\060\037\006\003\125\035\043\004\030\060\026\200\024
+\113\001\233\076\126\032\145\066\166\313\173\227\252\222\005\356
+\062\347\050\061\060\035\006\003\125\035\016\004\026\004\024\113
+\001\233\076\126\032\145\066\166\313\173\227\252\222\005\356\062
+\347\050\061\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\320\331\245\176\376\051\140\105\235
+\176\203\317\156\274\107\156\365\032\236\124\166\102\161\264\074
+\130\077\055\100\045\102\366\201\234\361\211\020\310\016\252\170
+\117\070\011\127\260\074\300\010\374\065\216\361\110\121\215\014
+\161\164\272\204\304\327\162\233\204\174\070\116\144\006\047\052
+\341\247\265\354\010\231\264\012\015\324\205\163\310\022\341\065
+\355\361\005\061\035\163\231\014\353\226\312\335\323\346\205\252
+\360\212\373\165\301\362\011\074\145\145\144\363\114\330\255\313
+\210\151\363\344\203\267\014\275\027\132\226\027\312\133\377\255
+\273\034\351\055\204\200\330\041\276\205\122\331\324\164\271\151
+\205\272\115\355\050\062\353\371\141\112\344\304\066\036\031\334
+\157\204\021\037\225\365\203\050\030\250\063\222\103\047\335\135
+\023\004\105\117\207\325\106\315\075\250\272\360\363\270\126\044
+\105\353\067\307\341\166\117\162\071\030\337\176\164\162\307\163
+\055\071\352\140\346\255\021\242\126\207\173\303\150\232\376\370
+\214\160\250\337\145\062\364\244\100\214\241\302\104\003\016\224
+\000\147\240\161\000\202\110
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "ComSign CA"
+# Issuer: C=IL,O=ComSign,CN=ComSign CA
+# Serial Number:14:13:96:83:14:55:8c:ea:7b:63:e5:fc:34:87:77:44
+# Subject: C=IL,O=ComSign,CN=ComSign CA
+# Not Valid Before: Wed Mar 24 11:32:18 2004
+# Not Valid After : Mon Mar 19 15:02:18 2029
+# Fingerprint (MD5): CD:F4:39:F3:B5:18:50:D7:3E:A4:C5:91:A0:3E:21:4B
+# Fingerprint (SHA1): E1:A4:5B:14:1A:21:DA:1A:79:F4:1A:42:A9:61:D6:69:CD:06:34:C1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ComSign CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\341\244\133\024\032\041\332\032\171\364\032\102\251\141\326\151
+\315\006\064\301
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\315\364\071\363\265\030\120\327\076\244\305\221\240\076\041\113
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\064\061\023\060\021\006\003\125\004\003\023\012\103\157\155
+\123\151\147\156\040\103\101\061\020\060\016\006\003\125\004\012
+\023\007\103\157\155\123\151\147\156\061\013\060\011\006\003\125
+\004\006\023\002\111\114
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\024\023\226\203\024\125\214\352\173\143\345\374\064\207
+\167\104
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ComSign Secured CA"
+#
+# Issuer: C=IL,O=ComSign,CN=ComSign Secured CA
+# Serial Number:00:c7:28:47:09:b3:b8:6c:45:8c:1d:fa:24:f5:36:4e:e9
+# Subject: C=IL,O=ComSign,CN=ComSign Secured CA
+# Not Valid Before: Wed Mar 24 11:37:20 2004
+# Not Valid After : Fri Mar 16 15:04:56 2029
+# Fingerprint (MD5): 40:01:25:06:8D:21:43:6A:0E:43:00:9C:E7:43:F3:D5
+# Fingerprint (SHA1): F9:CD:0E:2C:DA:76:24:C1:8F:BD:F0:F0:AB:B6:45:B8:F7:FE:D5:7A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ComSign Secured CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\033\060\031\006\003\125\004\003\023\022\103\157\155
+\123\151\147\156\040\123\145\143\165\162\145\144\040\103\101\061
+\020\060\016\006\003\125\004\012\023\007\103\157\155\123\151\147
+\156\061\013\060\011\006\003\125\004\006\023\002\111\114
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\074\061\033\060\031\006\003\125\004\003\023\022\103\157\155
+\123\151\147\156\040\123\145\143\165\162\145\144\040\103\101\061
+\020\060\016\006\003\125\004\012\023\007\103\157\155\123\151\147
+\156\061\013\060\011\006\003\125\004\006\023\002\111\114
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\307\050\107\011\263\270\154\105\214\035\372\044\365
+\066\116\351
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\253\060\202\002\223\240\003\002\001\002\002\021\000
+\307\050\107\011\263\270\154\105\214\035\372\044\365\066\116\351
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\074\061\033\060\031\006\003\125\004\003\023\022\103\157\155\123
+\151\147\156\040\123\145\143\165\162\145\144\040\103\101\061\020
+\060\016\006\003\125\004\012\023\007\103\157\155\123\151\147\156
+\061\013\060\011\006\003\125\004\006\023\002\111\114\060\036\027
+\015\060\064\060\063\062\064\061\061\063\067\062\060\132\027\015
+\062\071\060\063\061\066\061\065\060\064\065\066\132\060\074\061
+\033\060\031\006\003\125\004\003\023\022\103\157\155\123\151\147
+\156\040\123\145\143\165\162\145\144\040\103\101\061\020\060\016
+\006\003\125\004\012\023\007\103\157\155\123\151\147\156\061\013
+\060\011\006\003\125\004\006\023\002\111\114\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\306\265\150\137
+\035\224\025\303\244\010\125\055\343\240\127\172\357\351\164\052
+\273\271\174\127\111\032\021\136\117\051\207\014\110\326\152\347
+\217\324\176\127\044\271\006\211\344\034\074\352\254\343\332\041
+\200\163\041\012\357\171\230\154\037\010\377\241\120\175\362\230
+\033\311\124\157\076\245\050\354\041\004\017\105\273\007\075\241
+\300\372\052\230\035\116\006\223\373\365\210\073\253\137\313\026
+\277\346\363\236\112\207\355\031\352\302\237\103\344\361\201\245
+\177\020\117\076\321\112\142\255\123\033\313\203\377\007\145\245
+\222\055\146\251\133\270\132\364\035\264\041\221\112\027\173\236
+\062\376\126\044\071\262\124\204\103\365\204\302\330\274\101\220
+\314\235\326\150\332\351\202\120\251\073\150\317\265\135\002\224
+\140\026\261\103\331\103\135\335\135\207\156\352\273\263\311\153
+\366\003\224\011\160\336\026\021\172\053\350\166\217\111\020\230
+\167\271\143\134\213\063\227\165\366\013\214\262\253\133\336\164
+\040\045\077\343\363\021\371\207\150\206\065\161\303\035\214\055
+\353\345\032\254\017\163\325\202\131\100\200\323\002\003\001\000
+\001\243\201\247\060\201\244\060\014\006\003\125\035\023\004\005
+\060\003\001\001\377\060\104\006\003\125\035\037\004\075\060\073
+\060\071\240\067\240\065\206\063\150\164\164\160\072\057\057\146
+\145\144\151\162\056\143\157\155\163\151\147\156\056\143\157\056
+\151\154\057\143\162\154\057\103\157\155\123\151\147\156\123\145
+\143\165\162\145\144\103\101\056\143\162\154\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\206\060\037\006\003\125
+\035\043\004\030\060\026\200\024\301\113\355\160\266\367\076\174
+\000\073\000\217\307\076\016\105\237\036\135\354\060\035\006\003
+\125\035\016\004\026\004\024\301\113\355\160\266\367\076\174\000
+\073\000\217\307\076\016\105\237\036\135\354\060\015\006\011\052
+\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000\026
+\317\356\222\023\120\253\173\024\236\063\266\102\040\152\324\025
+\275\011\253\374\162\350\357\107\172\220\254\121\301\144\116\351
+\210\275\103\105\201\343\146\043\077\022\206\115\031\344\005\260
+\346\067\302\215\332\006\050\311\017\211\244\123\251\165\077\260
+\226\373\253\114\063\125\371\170\046\106\157\033\066\230\373\102
+\166\301\202\271\216\336\373\105\371\143\033\142\073\071\006\312
+\167\172\250\074\011\317\154\066\075\017\012\105\113\151\026\032
+\105\175\063\003\145\371\122\161\220\046\225\254\114\014\365\213
+\223\077\314\165\164\205\230\272\377\142\172\115\037\211\376\256
+\275\224\000\231\277\021\245\334\340\171\305\026\013\175\002\141
+\035\352\205\371\002\025\117\347\132\211\116\024\157\343\067\113
+\205\365\301\074\141\340\375\005\101\262\222\177\303\035\240\320
+\256\122\144\140\153\030\306\046\234\330\365\144\344\066\032\142
+\237\212\017\076\377\155\116\031\126\116\040\221\154\237\064\063
+\072\064\127\120\072\157\201\136\006\306\365\076\174\116\216\053
+\316\145\006\056\135\322\052\123\164\136\323\156\047\236\217
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "ComSign Secured CA"
+# Issuer: C=IL,O=ComSign,CN=ComSign Secured CA
+# Serial Number:00:c7:28:47:09:b3:b8:6c:45:8c:1d:fa:24:f5:36:4e:e9
+# Subject: C=IL,O=ComSign,CN=ComSign Secured CA
+# Not Valid Before: Wed Mar 24 11:37:20 2004
+# Not Valid After : Fri Mar 16 15:04:56 2029
+# Fingerprint (MD5): 40:01:25:06:8D:21:43:6A:0E:43:00:9C:E7:43:F3:D5
+# Fingerprint (SHA1): F9:CD:0E:2C:DA:76:24:C1:8F:BD:F0:F0:AB:B6:45:B8:F7:FE:D5:7A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ComSign Secured CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\371\315\016\054\332\166\044\301\217\275\360\360\253\266\105\270
+\367\376\325\172
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\100\001\045\006\215\041\103\152\016\103\000\234\347\103\363\325
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\074\061\033\060\031\006\003\125\004\003\023\022\103\157\155
+\123\151\147\156\040\123\145\143\165\162\145\144\040\103\101\061
+\020\060\016\006\003\125\004\012\023\007\103\157\155\123\151\147
+\156\061\013\060\011\006\003\125\004\006\023\002\111\114
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\307\050\107\011\263\270\154\105\214\035\372\044\365
+\066\116\351
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Cybertrust Global Root"
+#
+# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc"
+# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48
+# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc"
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1
+# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Cybertrust Global Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142
+\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035
+\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163
+\164\040\107\154\157\142\141\154\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142
+\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035
+\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163
+\164\040\107\154\157\142\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\017\205\252\055\110
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\241\060\202\002\211\240\003\002\001\002\002\013\004
+\000\000\000\000\001\017\205\252\055\110\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\060\073\061\030\060\026\006
+\003\125\004\012\023\017\103\171\142\145\162\164\162\165\163\164
+\054\040\111\156\143\061\037\060\035\006\003\125\004\003\023\026
+\103\171\142\145\162\164\162\165\163\164\040\107\154\157\142\141
+\154\040\122\157\157\164\060\036\027\015\060\066\061\062\061\065
+\060\070\060\060\060\060\132\027\015\062\061\061\062\061\065\060
+\070\060\060\060\060\132\060\073\061\030\060\026\006\003\125\004
+\012\023\017\103\171\142\145\162\164\162\165\163\164\054\040\111
+\156\143\061\037\060\035\006\003\125\004\003\023\026\103\171\142
+\145\162\164\162\165\163\164\040\107\154\157\142\141\154\040\122
+\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\370\310\274\275\024\120\146\023\377\360\323\171
+\354\043\362\267\032\307\216\205\361\022\163\246\031\252\020\333
+\234\242\145\164\132\167\076\121\175\126\366\334\043\266\324\355
+\137\130\261\067\115\325\111\016\156\365\152\207\326\322\214\322
+\047\306\342\377\066\237\230\145\240\023\116\306\052\144\233\325
+\220\022\317\024\006\364\073\343\324\050\276\350\016\370\253\116
+\110\224\155\216\225\061\020\134\355\242\055\275\325\072\155\262
+\034\273\140\300\106\113\001\365\111\256\176\106\212\320\164\215
+\241\014\002\316\356\374\347\217\270\153\146\363\177\104\000\277
+\146\045\024\053\335\020\060\035\007\226\077\115\366\153\270\217
+\267\173\014\245\070\353\336\107\333\325\135\071\374\210\247\363
+\327\052\164\361\350\132\242\073\237\120\272\246\214\105\065\302
+\120\145\225\334\143\202\357\335\277\167\115\234\142\311\143\163
+\026\320\051\017\111\251\110\360\263\252\267\154\305\247\060\071
+\100\135\256\304\342\135\046\123\360\316\034\043\010\141\250\224
+\031\272\004\142\100\354\037\070\160\167\022\006\161\247\060\030
+\135\045\047\245\002\003\001\000\001\243\201\245\060\201\242\060
+\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\035\006\003\125\035\016\004\026\004\024\266\010\173\015\172
+\314\254\040\114\206\126\062\136\317\253\156\205\055\160\127\060
+\077\006\003\125\035\037\004\070\060\066\060\064\240\062\240\060
+\206\056\150\164\164\160\072\057\057\167\167\167\062\056\160\165
+\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143
+\162\154\057\143\164\057\143\164\162\157\157\164\056\143\162\154
+\060\037\006\003\125\035\043\004\030\060\026\200\024\266\010\173
+\015\172\314\254\040\114\206\126\062\136\317\253\156\205\055\160
+\127\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\003\202\001\001\000\126\357\012\043\240\124\116\225\227\311\370
+\211\332\105\301\324\243\000\045\364\037\023\253\267\243\205\130
+\151\302\060\255\330\025\212\055\343\311\315\201\132\370\163\043
+\132\247\174\005\363\375\042\073\016\321\006\304\333\066\114\163
+\004\216\345\260\042\344\305\363\056\245\331\043\343\270\116\112
+\040\247\156\002\044\237\042\140\147\173\213\035\162\011\305\061
+\134\351\171\237\200\107\075\255\241\013\007\024\075\107\377\003
+\151\032\014\013\104\347\143\045\247\177\262\311\270\166\204\355
+\043\366\175\007\253\105\176\323\337\263\277\351\212\266\315\250
+\242\147\053\122\325\267\145\360\071\114\143\240\221\171\223\122
+\017\124\335\203\273\237\321\217\247\123\163\303\313\377\060\354
+\174\004\270\330\104\037\223\137\161\011\042\267\156\076\352\034
+\003\116\235\032\040\141\373\201\067\354\136\374\012\105\253\327
+\347\027\125\320\240\352\140\233\246\366\343\214\133\051\302\006
+\140\024\235\055\227\114\251\223\025\235\141\304\001\137\110\326
+\130\275\126\061\022\116\021\310\041\340\263\021\221\145\333\264
+\246\210\070\316\125
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Cybertrust Global Root"
+# Issuer: CN=Cybertrust Global Root,O="Cybertrust, Inc"
+# Serial Number:04:00:00:00:00:01:0f:85:aa:2d:48
+# Subject: CN=Cybertrust Global Root,O="Cybertrust, Inc"
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 72:E4:4A:87:E3:69:40:80:77:EA:BC:E3:F4:FF:F0:E1
+# Fingerprint (SHA1): 5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Cybertrust Global Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\137\103\345\261\277\370\170\214\254\034\307\312\112\232\306\042
+\053\314\064\306
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\162\344\112\207\343\151\100\200\167\352\274\343\364\377\360\341
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\073\061\030\060\026\006\003\125\004\012\023\017\103\171\142
+\145\162\164\162\165\163\164\054\040\111\156\143\061\037\060\035
+\006\003\125\004\003\023\026\103\171\142\145\162\164\162\165\163
+\164\040\107\154\157\142\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\017\205\252\055\110
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ePKI Root Certification Authority"
+#
+# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
+# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d
+# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
+# Not Valid Before: Mon Dec 20 02:31:27 2004
+# Not Valid After : Wed Dec 20 02:31:27 2034
+# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3
+# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ePKI Root Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150
+\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040
+\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145
+\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150
+\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040
+\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145
+\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322
+\274\235
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\260\060\202\003\230\240\003\002\001\002\002\020\025
+\310\275\145\107\134\257\270\227\000\136\344\006\322\274\235\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\136
+\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060
+\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141
+\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164
+\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113
+\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036
+\027\015\060\064\061\062\062\060\060\062\063\061\062\067\132\027
+\015\063\064\061\062\062\060\060\062\063\061\062\067\132\060\136
+\061\013\060\011\006\003\125\004\006\023\002\124\127\061\043\060
+\041\006\003\125\004\012\014\032\103\150\165\156\147\150\167\141
+\040\124\145\154\145\143\157\155\040\103\157\056\054\040\114\164
+\144\056\061\052\060\050\006\003\125\004\013\014\041\145\120\113
+\111\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\341
+\045\017\356\215\333\210\063\165\147\315\255\037\175\072\116\155
+\235\323\057\024\363\143\164\313\001\041\152\067\352\204\120\007
+\113\046\133\011\103\154\041\236\152\310\325\003\365\140\151\217
+\314\360\042\344\037\347\367\152\042\061\267\054\025\362\340\376
+\000\152\103\377\207\145\306\265\032\301\247\114\155\042\160\041
+\212\061\362\227\164\211\011\022\046\034\236\312\331\022\242\225
+\074\332\351\147\277\010\240\144\343\326\102\267\105\357\227\364
+\366\365\327\265\112\025\002\130\175\230\130\113\140\274\315\327
+\015\232\023\063\123\321\141\371\172\325\327\170\263\232\063\367
+\000\206\316\035\115\224\070\257\250\354\170\121\160\212\134\020
+\203\121\041\367\021\075\064\206\136\345\110\315\227\201\202\065
+\114\031\354\145\366\153\305\005\241\356\107\023\326\263\041\047
+\224\020\012\331\044\073\272\276\104\023\106\060\077\227\074\330
+\327\327\152\356\073\070\343\053\324\227\016\271\033\347\007\111
+\177\067\052\371\167\170\317\124\355\133\106\235\243\200\016\221
+\103\301\326\133\137\024\272\237\246\215\044\107\100\131\277\162
+\070\262\066\154\067\377\231\321\135\016\131\012\253\151\367\300
+\262\004\105\172\124\000\256\276\123\366\265\347\341\370\074\243
+\061\322\251\376\041\122\144\305\246\147\360\165\007\006\224\024
+\201\125\306\047\344\001\217\027\301\152\161\327\276\113\373\224
+\130\175\176\021\063\261\102\367\142\154\030\326\317\011\150\076
+\177\154\366\036\217\142\255\245\143\333\011\247\037\042\102\101
+\036\157\231\212\076\327\371\077\100\172\171\260\245\001\222\322
+\235\075\010\025\245\020\001\055\263\062\166\250\225\015\263\172
+\232\373\007\020\170\021\157\341\217\307\272\017\045\032\164\052
+\345\034\230\101\231\337\041\207\350\225\006\152\012\263\152\107
+\166\145\366\072\317\217\142\027\031\173\012\050\315\032\322\203
+\036\041\307\054\277\276\377\141\150\267\147\033\273\170\115\215
+\316\147\345\344\301\216\267\043\146\342\235\220\165\064\230\251
+\066\053\212\232\224\271\235\354\314\212\261\370\045\211\134\132
+\266\057\214\037\155\171\044\247\122\150\303\204\065\342\146\215
+\143\016\045\115\325\031\262\346\171\067\247\042\235\124\061\002
+\003\001\000\001\243\152\060\150\060\035\006\003\125\035\016\004
+\026\004\024\036\014\367\266\147\362\341\222\046\011\105\300\125
+\071\056\167\077\102\112\242\060\014\006\003\125\035\023\004\005
+\060\003\001\001\377\060\071\006\004\147\052\007\000\004\061\060
+\057\060\055\002\001\000\060\011\006\005\053\016\003\002\032\005
+\000\060\007\006\005\147\052\003\000\000\004\024\105\260\302\307
+\012\126\174\356\133\170\014\225\371\030\123\301\246\034\330\020
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\002\001\000\011\263\203\123\131\001\076\225\111\271\361\201
+\272\371\166\040\043\265\047\140\164\324\152\231\064\136\154\000
+\123\331\237\362\246\261\044\007\104\152\052\306\245\216\170\022
+\350\107\331\130\033\023\052\136\171\233\237\012\052\147\246\045
+\077\006\151\126\163\303\212\146\110\373\051\201\127\164\006\312
+\234\352\050\350\070\147\046\053\361\325\265\077\145\223\370\066
+\135\216\215\215\100\040\207\031\352\357\047\300\075\264\071\017
+\045\173\150\120\164\125\234\014\131\175\132\075\101\224\045\122
+\010\340\107\054\025\061\031\325\277\007\125\306\273\022\265\227
+\364\137\203\205\272\161\301\331\154\201\021\166\012\012\260\277
+\202\227\367\352\075\372\372\354\055\251\050\224\073\126\335\322
+\121\056\256\300\275\010\025\214\167\122\064\226\326\233\254\323
+\035\216\141\017\065\173\233\256\071\151\013\142\140\100\040\066
+\217\257\373\066\356\055\010\112\035\270\277\233\134\370\352\245
+\033\240\163\246\330\370\156\340\063\004\137\150\252\047\207\355
+\331\301\220\234\355\275\343\152\065\257\143\337\253\030\331\272
+\346\351\112\352\120\212\017\141\223\036\342\055\031\342\060\224
+\065\222\135\016\266\007\257\031\200\217\107\220\121\113\056\115
+\335\205\342\322\012\122\012\027\232\374\032\260\120\002\345\001
+\243\143\067\041\114\104\304\233\121\231\021\016\163\234\006\217
+\124\056\247\050\136\104\071\207\126\055\067\275\205\104\224\341
+\014\113\054\234\303\222\205\064\141\313\017\270\233\112\103\122
+\376\064\072\175\270\351\051\334\166\251\310\060\370\024\161\200
+\306\036\066\110\164\042\101\134\207\202\350\030\161\213\101\211
+\104\347\176\130\133\250\270\215\023\351\247\154\303\107\355\263
+\032\235\142\256\215\202\352\224\236\335\131\020\303\255\335\342
+\115\343\061\325\307\354\350\362\260\376\222\036\026\012\032\374
+\331\363\370\047\266\311\276\035\264\154\144\220\177\364\344\304
+\133\327\067\256\102\016\335\244\032\157\174\210\124\305\026\156
+\341\172\150\056\370\072\277\015\244\074\211\073\170\247\116\143
+\203\004\041\010\147\215\362\202\111\320\133\375\261\315\017\203
+\204\324\076\040\205\367\112\075\053\234\375\052\012\011\115\352
+\201\370\021\234
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "ePKI Root Certification Authority"
+# Issuer: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
+# Serial Number:15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d
+# Subject: OU=ePKI Root Certification Authority,O="Chunghwa Telecom Co., Ltd.",C=TW
+# Not Valid Before: Mon Dec 20 02:31:27 2004
+# Not Valid After : Wed Dec 20 02:31:27 2034
+# Fingerprint (MD5): 1B:2E:00:CA:26:06:90:3D:AD:FE:6F:15:68:D3:6B:B3
+# Fingerprint (SHA1): 67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ePKI Root Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\147\145\015\361\176\216\176\133\202\100\244\364\126\113\317\342
+\075\151\306\360
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\033\056\000\312\046\006\220\075\255\376\157\025\150\323\153\263
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\136\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\043\060\041\006\003\125\004\012\014\032\103\150\165\156\147\150
+\167\141\040\124\145\154\145\143\157\155\040\103\157\056\054\040
+\114\164\144\056\061\052\060\050\006\003\125\004\013\014\041\145
+\120\113\111\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\025\310\275\145\107\134\257\270\227\000\136\344\006\322
+\274\235
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
+#
+# Issuer: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Serial Number: 17 (0x11)
+# Subject: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Not Valid Before: Fri Aug 24 11:37:07 2007
+# Not Valid After : Mon Aug 21 11:37:07 2017
+# Fingerprint (MD5): ED:41:F5:8C:50:C5:2B:9C:73:E6:EE:6C:EB:C2:A8:26
+# Fingerprint (SHA1): 1B:4B:39:61:26:27:6B:64:91:A2:68:6D:D7:02:43:21:2D:1F:1D:96
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172
+\145\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006
+\003\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102
+\151\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157
+\154\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155
+\141\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304
+\260\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125
+\154\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153
+\040\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101
+\162\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151
+\164\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043
+\060\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145
+\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+\145\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303
+\234\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303
+\266\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\040\055\040\123\303\274\162\303\274\155\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172
+\145\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006
+\003\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102
+\151\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157
+\154\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155
+\141\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304
+\260\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125
+\154\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153
+\040\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101
+\162\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151
+\164\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043
+\060\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145
+\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+\145\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303
+\234\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303
+\266\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\040\055\040\123\303\274\162\303\274\155\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\021
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\027\060\202\003\377\240\003\002\001\002\002\001\021
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172\145
+\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006\003
+\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102\151
+\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154
+\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155\141
+\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304\260
+\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125\154
+\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153\040
+\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101\162
+\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151\164
+\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043\060
+\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145\162
+\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145
+\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303\234
+\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303\266
+\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155
+\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163
+\304\261\040\055\040\123\303\274\162\303\274\155\040\063\060\036
+\027\015\060\067\060\070\062\064\061\061\063\067\060\067\132\027
+\015\061\067\060\070\062\061\061\061\063\067\060\067\132\060\202
+\001\053\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\030\060\026\006\003\125\004\007\014\017\107\145\142\172\145\040
+\055\040\113\157\143\141\145\154\151\061\107\060\105\006\003\125
+\004\012\014\076\124\303\274\162\153\151\171\145\040\102\151\154
+\151\155\163\145\154\040\166\145\040\124\145\153\156\157\154\157
+\152\151\153\040\101\162\141\305\237\164\304\261\162\155\141\040
+\113\165\162\165\155\165\040\055\040\124\303\234\102\304\260\124
+\101\113\061\110\060\106\006\003\125\004\013\014\077\125\154\165
+\163\141\154\040\105\154\145\153\164\162\157\156\151\153\040\166
+\145\040\113\162\151\160\164\157\154\157\152\151\040\101\162\141
+\305\237\164\304\261\162\155\141\040\105\156\163\164\151\164\303
+\274\163\303\274\040\055\040\125\105\113\101\105\061\043\060\041
+\006\003\125\004\013\014\032\113\141\155\165\040\123\145\162\164
+\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172
+\151\061\112\060\110\006\003\125\004\003\014\101\124\303\234\102
+\304\260\124\101\113\040\125\105\113\101\105\040\113\303\266\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\055\040\123\303\274\162\303\274\155\040\063\060\202\001
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\001\017\000\060\202\001\012\002\202\001\001\000\212\155
+\113\377\020\210\072\303\366\176\224\350\352\040\144\160\256\041
+\201\276\072\173\074\333\361\035\122\177\131\372\363\042\114\225
+\240\220\274\110\116\021\253\373\267\265\215\172\203\050\214\046
+\106\330\116\225\100\207\141\237\305\236\155\201\207\127\154\212
+\073\264\146\352\314\100\374\343\252\154\262\313\001\333\062\277
+\322\353\205\317\241\015\125\303\133\070\127\160\270\165\306\171
+\321\024\060\355\033\130\133\153\357\065\362\241\041\116\305\316
+\174\231\137\154\271\270\042\223\120\247\315\114\160\152\276\152
+\005\177\023\234\053\036\352\376\107\316\004\245\157\254\223\056
+\174\053\237\236\171\023\221\350\352\236\312\070\165\216\142\260
+\225\223\052\345\337\351\136\227\156\040\137\137\204\172\104\071
+\031\100\034\272\125\053\373\060\262\201\357\204\343\334\354\230
+\070\071\003\205\010\251\124\003\005\051\360\311\217\213\352\013
+\206\145\031\021\323\351\011\043\336\150\223\003\311\066\034\041
+\156\316\214\146\361\231\060\330\327\263\303\035\370\201\056\250
+\275\202\013\146\376\202\313\341\340\032\202\303\100\201\002\003
+\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026
+\004\024\275\210\207\311\217\366\244\012\013\252\353\305\376\221
+\043\235\253\112\212\062\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\003\202\001\001\000\035\174\372\111\217
+\064\351\267\046\222\026\232\005\164\347\113\320\155\071\154\303
+\046\366\316\270\061\274\304\337\274\052\370\067\221\030\334\004
+\310\144\231\053\030\155\200\003\131\311\256\370\130\320\076\355
+\303\043\237\151\074\206\070\034\236\357\332\047\170\321\204\067
+\161\212\074\113\071\317\176\105\006\326\055\330\212\115\170\022
+\326\255\302\323\313\322\320\101\363\046\066\112\233\225\154\014
+\356\345\321\103\047\146\301\210\367\172\263\040\154\352\260\151
+\053\307\040\350\014\003\304\101\005\231\342\077\344\153\370\240
+\206\201\307\204\306\037\325\113\201\022\262\026\041\054\023\241
+\200\262\136\014\112\023\236\040\330\142\100\253\220\352\144\112
+\057\254\015\001\022\171\105\250\057\207\031\150\310\342\205\307
+\060\262\165\371\070\077\262\300\223\264\153\342\003\104\316\147
+\240\337\211\326\255\214\166\243\023\303\224\141\053\153\331\154
+\301\007\012\042\007\205\154\205\044\106\251\276\077\213\170\204
+\202\176\044\014\235\375\201\067\343\045\250\355\066\116\225\054
+\311\234\220\332\354\251\102\074\255\266\002
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
+# Issuer: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Serial Number: 17 (0x11)
+# Subject: CN=T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...,OU=Kamu Sertifikasyon Merkezi,OU=Ulusal Elektronik ve Kriptoloji Ara..t..rma Enstit..s.. - UEKAE,O=T..rkiye Bilimsel ve Teknolojik Ara..t..rma Kurumu - T..B..TAK,L=Gebze - Kocaeli,C=TR
+# Not Valid Before: Fri Aug 24 11:37:07 2007
+# Not Valid After : Mon Aug 21 11:37:07 2017
+# Fingerprint (MD5): ED:41:F5:8C:50:C5:2B:9C:73:E6:EE:6C:EB:C2:A8:26
+# Fingerprint (SHA1): 1B:4B:39:61:26:27:6B:64:91:A2:68:6D:D7:02:43:21:2D:1F:1D:96
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\033\113\071\141\046\047\153\144\221\242\150\155\327\002\103\041
+\055\037\035\226
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\355\101\365\214\120\305\053\234\163\346\356\154\353\302\250\046
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\053\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\030\060\026\006\003\125\004\007\014\017\107\145\142\172
+\145\040\055\040\113\157\143\141\145\154\151\061\107\060\105\006
+\003\125\004\012\014\076\124\303\274\162\153\151\171\145\040\102
+\151\154\151\155\163\145\154\040\166\145\040\124\145\153\156\157
+\154\157\152\151\153\040\101\162\141\305\237\164\304\261\162\155
+\141\040\113\165\162\165\155\165\040\055\040\124\303\234\102\304
+\260\124\101\113\061\110\060\106\006\003\125\004\013\014\077\125
+\154\165\163\141\154\040\105\154\145\153\164\162\157\156\151\153
+\040\166\145\040\113\162\151\160\164\157\154\157\152\151\040\101
+\162\141\305\237\164\304\261\162\155\141\040\105\156\163\164\151
+\164\303\274\163\303\274\040\055\040\125\105\113\101\105\061\043
+\060\041\006\003\125\004\013\014\032\113\141\155\165\040\123\145
+\162\164\151\146\151\153\141\163\171\157\156\040\115\145\162\153
+\145\172\151\061\112\060\110\006\003\125\004\003\014\101\124\303
+\234\102\304\260\124\101\113\040\125\105\113\101\105\040\113\303
+\266\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\040\055\040\123\303\274\162\303\274\155\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\021
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "certSIGN ROOT CA"
+#
+# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
+# Serial Number:20:06:05:16:70:02
+# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO
+# Not Valid Before: Tue Jul 04 17:20:04 2006
+# Not Valid After : Fri Jul 04 17:20:04 2031
+# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17
+# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "certSIGN ROOT CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061
+\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111
+\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162
+\164\123\111\107\116\040\122\117\117\124\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061
+\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111
+\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162
+\164\123\111\107\116\040\122\117\117\124\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\040\006\005\026\160\002
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\070\060\202\002\040\240\003\002\001\002\002\006\040
+\006\005\026\160\002\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\073\061\013\060\011\006\003\125\004\006\023
+\002\122\117\061\021\060\017\006\003\125\004\012\023\010\143\145
+\162\164\123\111\107\116\061\031\060\027\006\003\125\004\013\023
+\020\143\145\162\164\123\111\107\116\040\122\117\117\124\040\103
+\101\060\036\027\015\060\066\060\067\060\064\061\067\062\060\060
+\064\132\027\015\063\061\060\067\060\064\061\067\062\060\060\064
+\132\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117
+\061\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123
+\111\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145
+\162\164\123\111\107\116\040\122\117\117\124\040\103\101\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\267
+\063\271\176\310\045\112\216\265\333\264\050\033\252\127\220\350
+\321\042\323\144\272\323\223\350\324\254\206\141\100\152\140\127
+\150\124\204\115\274\152\124\002\005\377\337\233\232\052\256\135
+\007\217\112\303\050\177\357\373\053\372\171\361\307\255\360\020
+\123\044\220\213\146\311\250\210\253\257\132\243\000\351\276\272
+\106\356\133\163\173\054\027\202\201\136\142\054\241\002\145\263
+\275\305\053\000\176\304\374\003\063\127\015\355\342\372\316\135
+\105\326\070\315\065\266\262\301\320\234\201\112\252\344\262\001
+\134\035\217\137\231\304\261\255\333\210\041\353\220\010\202\200
+\363\060\243\103\346\220\202\256\125\050\111\355\133\327\251\020
+\070\016\376\217\114\133\233\106\352\101\365\260\010\164\303\320
+\210\063\266\174\327\164\337\334\204\321\103\016\165\071\241\045
+\100\050\352\170\313\016\054\056\071\235\214\213\156\026\034\057
+\046\202\020\342\343\145\224\012\004\300\136\367\135\133\370\020
+\342\320\272\172\113\373\336\067\000\000\032\133\050\343\322\234
+\163\076\062\207\230\241\311\121\057\327\336\254\063\263\117\002
+\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\306\060\035\006\003\125\035\016
+\004\026\004\024\340\214\233\333\045\111\263\361\174\206\326\262
+\102\207\013\320\153\240\331\344\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\076\322\034\211
+\056\065\374\370\165\335\346\177\145\210\364\162\114\311\054\327
+\062\116\363\335\031\171\107\275\216\073\133\223\017\120\111\044
+\023\153\024\006\162\357\011\323\241\241\343\100\204\311\347\030
+\062\164\074\110\156\017\237\113\324\367\036\323\223\206\144\124
+\227\143\162\120\325\125\317\372\040\223\002\242\233\303\043\223
+\116\026\125\166\240\160\171\155\315\041\037\317\057\055\274\031
+\343\210\061\370\131\032\201\011\310\227\246\164\307\140\304\133
+\314\127\216\262\165\375\033\002\011\333\131\157\162\223\151\367
+\061\101\326\210\070\277\207\262\275\026\171\371\252\344\276\210
+\045\335\141\047\043\034\265\061\007\004\066\264\032\220\275\240
+\164\161\120\211\155\274\024\343\017\206\256\361\253\076\307\240
+\011\314\243\110\321\340\333\144\347\222\265\317\257\162\103\160
+\213\371\303\204\074\023\252\176\222\233\127\123\223\372\160\302
+\221\016\061\371\233\147\135\351\226\070\136\137\263\163\116\210
+\025\147\336\236\166\020\142\040\276\125\151\225\103\000\071\115
+\366\356\260\132\116\111\104\124\130\137\102\203
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "certSIGN ROOT CA"
+# Issuer: OU=certSIGN ROOT CA,O=certSIGN,C=RO
+# Serial Number:20:06:05:16:70:02
+# Subject: OU=certSIGN ROOT CA,O=certSIGN,C=RO
+# Not Valid Before: Tue Jul 04 17:20:04 2006
+# Not Valid After : Fri Jul 04 17:20:04 2031
+# Fingerprint (MD5): 18:98:C0:D6:E9:3A:FC:F9:B0:F5:0C:F7:4B:01:44:17
+# Fingerprint (SHA1): FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "certSIGN ROOT CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\372\267\356\066\227\046\142\373\055\260\052\366\277\003\375\350
+\174\113\057\233
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\030\230\300\326\351\072\374\371\260\365\014\367\113\001\104\027
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\073\061\013\060\011\006\003\125\004\006\023\002\122\117\061
+\021\060\017\006\003\125\004\012\023\010\143\145\162\164\123\111
+\107\116\061\031\060\027\006\003\125\004\013\023\020\143\145\162
+\164\123\111\107\116\040\122\117\117\124\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\040\006\005\026\160\002
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CNNIC ROOT"
+#
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079105 (0x49330001)
+# Subject: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Not Valid Before: Mon Apr 16 07:09:14 2007
+# Not Valid After : Fri Apr 16 07:09:14 2027
+# Fingerprint (MD5): 21:BC:82:AB:49:C4:13:3B:4B:B2:2B:5C:6B:90:9C:19
+# Fingerprint (SHA1): 8B:AF:4C:9B:1D:F0:2A:92:F7:DA:12:8E:B9:1B:AC:F4:98:60:4B:6F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CNNIC ROOT"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\125\060\202\002\075\240\003\002\001\002\002\004\111
+\063\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\062\061\013\060\011\006\003\125\004\006\023\002\103
+\116\061\016\060\014\006\003\125\004\012\023\005\103\116\116\111
+\103\061\023\060\021\006\003\125\004\003\023\012\103\116\116\111
+\103\040\122\117\117\124\060\036\027\015\060\067\060\064\061\066
+\060\067\060\071\061\064\132\027\015\062\067\060\064\061\066\060
+\067\060\071\061\064\132\060\062\061\013\060\011\006\003\125\004
+\006\023\002\103\116\061\016\060\014\006\003\125\004\012\023\005
+\103\116\116\111\103\061\023\060\021\006\003\125\004\003\023\012
+\103\116\116\111\103\040\122\117\117\124\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\323\065\367\077\163
+\167\255\350\133\163\027\302\321\157\355\125\274\156\352\350\244
+\171\262\154\303\243\357\341\237\261\073\110\205\365\232\134\041
+\042\020\054\305\202\316\332\343\232\156\067\341\207\054\334\271
+\014\132\272\210\125\337\375\252\333\037\061\352\001\361\337\071
+\001\301\023\375\110\122\041\304\125\337\332\330\263\124\166\272
+\164\261\267\175\327\300\350\366\131\305\115\310\275\255\037\024
+\332\337\130\104\045\062\031\052\307\176\176\216\256\070\260\060
+\173\107\162\011\061\360\060\333\303\033\166\051\273\151\166\116
+\127\371\033\144\242\223\126\267\157\231\156\333\012\004\234\021
+\343\200\037\313\143\224\020\012\251\341\144\202\061\371\214\047
+\355\246\231\000\366\160\223\030\370\241\064\206\243\335\172\302
+\030\171\366\172\145\065\317\220\353\275\063\223\237\123\253\163
+\073\346\233\064\040\057\035\357\251\035\143\032\240\200\333\003
+\057\371\046\032\206\322\215\273\251\276\122\072\207\147\110\015
+\277\264\240\330\046\276\043\137\163\067\177\046\346\222\004\243
+\177\317\040\247\267\363\072\312\313\231\313\002\003\001\000\001
+\243\163\060\161\060\021\006\011\140\206\110\001\206\370\102\001
+\001\004\004\003\002\000\007\060\037\006\003\125\035\043\004\030
+\060\026\200\024\145\362\061\255\052\367\367\335\122\226\012\307
+\002\301\016\357\246\325\073\021\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\013\006\003\125\035\017
+\004\004\003\002\001\376\060\035\006\003\125\035\016\004\026\004
+\024\145\362\061\255\052\367\367\335\122\226\012\307\002\301\016
+\357\246\325\073\021\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\001\001\000\113\065\356\314\344\256\277
+\303\156\255\237\225\073\113\077\133\036\337\127\051\242\131\312
+\070\342\271\032\377\236\346\156\062\335\036\256\352\065\267\365
+\223\221\116\332\102\341\303\027\140\120\362\321\134\046\271\202
+\267\352\155\344\234\204\347\003\171\027\257\230\075\224\333\307
+\272\000\347\270\277\001\127\301\167\105\062\014\073\361\264\034
+\010\260\375\121\240\241\335\232\035\023\066\232\155\267\307\074
+\271\341\305\331\027\372\203\325\075\025\240\074\273\036\013\342
+\310\220\077\250\206\014\374\371\213\136\205\313\117\133\113\142
+\021\107\305\105\174\005\057\101\261\236\020\151\033\231\226\340
+\125\171\373\116\206\231\270\224\332\206\070\152\223\243\347\313
+\156\345\337\352\041\125\211\234\175\175\177\230\365\000\211\356
+\343\204\300\134\226\265\305\106\352\106\340\205\125\266\033\311
+\022\326\301\315\315\200\363\002\001\074\310\151\313\105\110\143
+\330\224\320\354\205\016\073\116\021\145\364\202\214\246\075\256
+\056\042\224\011\310\134\352\074\201\135\026\052\003\227\026\125
+\011\333\212\101\202\236\146\233\021
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "CNNIC ROOT"
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079105 (0x49330001)
+# Subject: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Not Valid Before: Mon Apr 16 07:09:14 2007
+# Not Valid After : Fri Apr 16 07:09:14 2027
+# Fingerprint (MD5): 21:BC:82:AB:49:C4:13:3B:4B:B2:2B:5C:6B:90:9C:19
+# Fingerprint (SHA1): 8B:AF:4C:9B:1D:F0:2A:92:F7:DA:12:8E:B9:1B:AC:F4:98:60:4B:6F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CNNIC ROOT"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\213\257\114\233\035\360\052\222\367\332\022\216\271\033\254\364
+\230\140\113\157
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\041\274\202\253\111\304\023\073\113\262\053\134\153\220\234\031
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ApplicationCA - Japanese Government"
+#
+# Issuer: OU=ApplicationCA,O=Japanese Government,C=JP
+# Serial Number: 49 (0x31)
+# Subject: OU=ApplicationCA,O=Japanese Government,C=JP
+# Not Valid Before: Wed Dec 12 15:00:00 2007
+# Not Valid After : Tue Dec 12 15:00:00 2017
+# Fingerprint (MD5): 7E:23:4E:5B:A7:A5:B4:25:E9:00:07:74:11:62:AE:D6
+# Fingerprint (SHA1): 7F:8A:B0:CF:D0:51:87:6A:66:F3:36:0F:47:C8:8D:8C:D3:35:FC:74
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ApplicationCA - Japanese Government"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\103\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\034\060\032\006\003\125\004\012\023\023\112\141\160\141\156\145
+\163\145\040\107\157\166\145\162\156\155\145\156\164\061\026\060
+\024\006\003\125\004\013\023\015\101\160\160\154\151\143\141\164
+\151\157\156\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\103\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\034\060\032\006\003\125\004\012\023\023\112\141\160\141\156\145
+\163\145\040\107\157\166\145\162\156\155\145\156\164\061\026\060
+\024\006\003\125\004\013\023\015\101\160\160\154\151\143\141\164
+\151\157\156\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\061
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\240\060\202\002\210\240\003\002\001\002\002\001\061
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\103\061\013\060\011\006\003\125\004\006\023\002\112\120\061\034
+\060\032\006\003\125\004\012\023\023\112\141\160\141\156\145\163
+\145\040\107\157\166\145\162\156\155\145\156\164\061\026\060\024
+\006\003\125\004\013\023\015\101\160\160\154\151\143\141\164\151
+\157\156\103\101\060\036\027\015\060\067\061\062\061\062\061\065
+\060\060\060\060\132\027\015\061\067\061\062\061\062\061\065\060
+\060\060\060\132\060\103\061\013\060\011\006\003\125\004\006\023
+\002\112\120\061\034\060\032\006\003\125\004\012\023\023\112\141
+\160\141\156\145\163\145\040\107\157\166\145\162\156\155\145\156
+\164\061\026\060\024\006\003\125\004\013\023\015\101\160\160\154
+\151\143\141\164\151\157\156\103\101\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\247\155\340\164\116\207
+\217\245\006\336\150\242\333\206\231\113\144\015\161\360\012\005
+\233\216\252\341\314\056\322\152\073\301\172\264\227\141\215\212
+\276\306\232\234\006\264\206\121\344\067\016\164\170\176\137\212
+\177\224\244\327\107\010\375\120\132\126\344\150\254\050\163\240
+\173\351\177\030\222\100\117\055\235\365\256\104\110\163\066\006
+\236\144\054\073\064\043\333\134\046\344\161\171\217\324\156\171
+\042\271\223\301\312\315\301\126\355\210\152\327\240\071\041\004
+\127\054\242\365\274\107\101\117\136\064\042\225\265\037\051\155
+\136\112\363\115\162\276\101\126\040\207\374\351\120\107\327\060
+\024\356\134\214\125\272\131\215\207\374\043\336\223\320\004\214
+\375\357\155\275\320\172\311\245\072\152\162\063\306\112\015\005
+\027\052\055\173\261\247\330\326\360\276\364\077\352\016\050\155
+\101\141\043\166\170\303\270\145\244\363\132\256\314\302\252\331
+\347\130\336\266\176\235\205\156\237\052\012\157\237\003\051\060
+\227\050\035\274\267\317\124\051\116\121\061\371\047\266\050\046
+\376\242\143\346\101\026\360\063\230\107\002\003\001\000\001\243
+\201\236\060\201\233\060\035\006\003\125\035\016\004\026\004\024
+\124\132\313\046\077\161\314\224\106\015\226\123\352\153\110\320
+\223\376\102\165\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\131\006\003\125\035\021\004\122\060\120\244
+\116\060\114\061\013\060\011\006\003\125\004\006\023\002\112\120
+\061\030\060\026\006\003\125\004\012\014\017\346\227\245\346\234
+\254\345\233\275\346\224\277\345\272\234\061\043\060\041\006\003
+\125\004\013\014\032\343\202\242\343\203\227\343\203\252\343\202
+\261\343\203\274\343\202\267\343\203\247\343\203\263\103\101\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\071\152\104\166\167\070\072\354\243\147\106\017
+\371\213\006\250\373\152\220\061\316\176\354\332\321\211\174\172
+\353\056\014\275\231\062\347\260\044\326\303\377\365\262\210\011
+\207\054\343\124\341\243\246\262\010\013\300\205\250\310\322\234
+\161\366\035\237\140\374\070\063\023\341\236\334\013\137\332\026
+\120\051\173\057\160\221\017\231\272\064\064\215\225\164\305\176
+\170\251\146\135\275\312\041\167\102\020\254\146\046\075\336\221
+\253\375\025\360\157\355\154\137\020\370\363\026\366\003\212\217
+\247\022\021\014\313\375\077\171\301\234\375\142\356\243\317\124
+\014\321\053\137\027\076\343\076\277\300\053\076\011\233\376\210
+\246\176\264\222\027\374\043\224\201\275\156\247\305\214\302\353
+\021\105\333\370\101\311\226\166\352\160\137\171\022\153\344\243
+\007\132\005\357\047\111\317\041\237\212\114\011\160\146\251\046
+\301\053\021\116\063\322\016\374\326\154\322\016\062\144\150\377
+\255\005\170\137\003\035\250\343\220\254\044\340\017\100\247\113
+\256\213\050\267\202\312\030\007\346\267\133\164\351\040\031\177
+\262\033\211\124
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "ApplicationCA - Japanese Government"
+# Issuer: OU=ApplicationCA,O=Japanese Government,C=JP
+# Serial Number: 49 (0x31)
+# Subject: OU=ApplicationCA,O=Japanese Government,C=JP
+# Not Valid Before: Wed Dec 12 15:00:00 2007
+# Not Valid After : Tue Dec 12 15:00:00 2017
+# Fingerprint (MD5): 7E:23:4E:5B:A7:A5:B4:25:E9:00:07:74:11:62:AE:D6
+# Fingerprint (SHA1): 7F:8A:B0:CF:D0:51:87:6A:66:F3:36:0F:47:C8:8D:8C:D3:35:FC:74
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ApplicationCA - Japanese Government"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\177\212\260\317\320\121\207\152\146\363\066\017\107\310\215\214
+\323\065\374\164
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\176\043\116\133\247\245\264\045\351\000\007\164\021\142\256\326
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\103\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\034\060\032\006\003\125\004\012\023\023\112\141\160\141\156\145
+\163\145\040\107\157\166\145\162\156\155\145\156\164\061\026\060
+\024\006\003\125\004\013\023\015\101\160\160\154\151\143\141\164
+\151\157\156\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\061
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GeoTrust Primary Certification Authority - G3"
+#
+# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
+# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Not Valid Before: Wed Apr 02 00:00:00 2008
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05
+# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
+\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124
+\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
+\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
+\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
+\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
+\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124
+\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
+\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
+\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
+\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030
+\017\037
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\376\060\202\002\346\240\003\002\001\002\002\020\025
+\254\156\224\031\262\171\113\101\366\047\251\303\030\017\037\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
+\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026
+\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163
+\164\040\111\156\143\056\061\071\060\067\006\003\125\004\013\023
+\060\050\143\051\040\062\060\060\070\040\107\145\157\124\162\165
+\163\164\040\111\156\143\056\040\055\040\106\157\162\040\141\165
+\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
+\171\061\066\060\064\006\003\125\004\003\023\055\107\145\157\124
+\162\165\163\164\040\120\162\151\155\141\162\171\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\055\040\107\063\060\036\027\015\060\070\060
+\064\060\062\060\060\060\060\060\060\132\027\015\063\067\061\062
+\060\061\062\063\065\071\065\071\132\060\201\230\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125
+\004\012\023\015\107\145\157\124\162\165\163\164\040\111\156\143
+\056\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040
+\062\060\060\070\040\107\145\157\124\162\165\163\164\040\111\156
+\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151
+\172\145\144\040\165\163\145\040\157\156\154\171\061\066\060\064
+\006\003\125\004\003\023\055\107\145\157\124\162\165\163\164\040
+\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040
+\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\334\342\136\142\130\035\063\127\071\062\063
+\372\353\313\207\214\247\324\112\335\006\210\352\144\216\061\230
+\245\070\220\036\230\317\056\143\053\360\106\274\104\262\211\241
+\300\050\014\111\160\041\225\237\144\300\246\223\022\002\145\046
+\206\306\245\211\360\372\327\204\240\160\257\117\032\227\077\006
+\104\325\311\353\162\020\175\344\061\050\373\034\141\346\050\007
+\104\163\222\042\151\247\003\210\154\235\143\310\122\332\230\047
+\347\010\114\160\076\264\311\022\301\305\147\203\135\063\363\003
+\021\354\152\320\123\342\321\272\066\140\224\200\273\141\143\154
+\133\027\176\337\100\224\036\253\015\302\041\050\160\210\377\326
+\046\154\154\140\004\045\116\125\176\175\357\277\224\110\336\267
+\035\335\160\215\005\137\210\245\233\362\302\356\352\321\100\101
+\155\142\070\035\126\006\305\003\107\121\040\031\374\173\020\013
+\016\142\256\166\125\277\137\167\276\076\111\001\123\075\230\045
+\003\166\044\132\035\264\333\211\352\171\345\266\263\073\077\272
+\114\050\101\177\006\254\152\216\301\320\366\005\035\175\346\102
+\206\343\245\325\107\002\003\001\000\001\243\102\060\100\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
+\035\006\003\125\035\016\004\026\004\024\304\171\312\216\241\116
+\003\035\034\334\153\333\061\133\224\076\077\060\177\055\060\015
+\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001
+\001\000\055\305\023\317\126\200\173\172\170\275\237\256\054\231
+\347\357\332\337\224\136\011\151\247\347\156\150\214\275\162\276
+\107\251\016\227\022\270\112\361\144\323\071\337\045\064\324\301
+\315\116\201\360\017\004\304\044\263\064\226\306\246\252\060\337
+\150\141\163\327\371\216\205\211\357\016\136\225\050\112\052\047
+\217\020\216\056\174\206\304\002\236\332\014\167\145\016\104\015
+\222\375\375\263\026\066\372\021\015\035\214\016\007\211\152\051
+\126\367\162\364\335\025\234\167\065\146\127\253\023\123\330\216
+\301\100\305\327\023\026\132\162\307\267\151\001\304\172\261\203
+\001\150\175\215\101\241\224\030\301\045\134\374\360\376\203\002
+\207\174\015\015\317\056\010\134\112\100\015\076\354\201\141\346
+\044\333\312\340\016\055\007\262\076\126\334\215\365\101\205\007
+\110\233\014\013\313\111\077\175\354\267\375\313\215\147\211\032
+\253\355\273\036\243\000\010\010\027\052\202\134\061\135\106\212
+\055\017\206\233\164\331\105\373\324\100\261\172\252\150\055\206
+\262\231\042\341\301\053\307\234\370\363\137\250\202\022\353\031
+\021\055
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GeoTrust Primary Certification Authority - G3"
+# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
+# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Not Valid Before: Wed Apr 02 00:00:00 2008
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (MD5): B5:E8:34:36:C9:10:44:58:48:70:6D:2E:83:D4:B8:05
+# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\003\236\355\270\013\347\240\074\151\123\211\073\040\322\331\062
+\072\114\052\375
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\265\350\064\066\311\020\104\130\110\160\155\056\203\324\270\005
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
+\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124
+\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
+\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
+\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
+\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030
+\017\037
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "thawte Primary Root CA - G2"
+#
+# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
+# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56
+# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
+# Not Valid Before: Mon Nov 05 00:00:00 2007
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F
+# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "thawte Primary Root CA - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013
+\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164
+\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
+\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
+\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167
+\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040
+\103\101\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013
+\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164
+\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
+\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
+\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167
+\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040
+\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256
+\327\126
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\210\060\202\002\015\240\003\002\001\002\002\020\065
+\374\046\134\331\204\117\311\075\046\075\127\233\256\327\126\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\204\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006
+\003\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156
+\143\056\061\070\060\066\006\003\125\004\013\023\057\050\143\051
+\040\062\060\060\067\040\164\150\141\167\164\145\054\040\111\156
+\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151
+\172\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042
+\006\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162
+\151\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040
+\107\062\060\036\027\015\060\067\061\061\060\065\060\060\060\060
+\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065
+\071\132\060\201\204\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\025\060\023\006\003\125\004\012\023\014\164\150\141
+\167\164\145\054\040\111\156\143\056\061\070\060\066\006\003\125
+\004\013\023\057\050\143\051\040\062\060\060\067\040\164\150\141
+\167\164\145\054\040\111\156\143\056\040\055\040\106\157\162\040
+\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
+\156\154\171\061\044\060\042\006\003\125\004\003\023\033\164\150
+\141\167\164\145\040\120\162\151\155\141\162\171\040\122\157\157
+\164\040\103\101\040\055\040\107\062\060\166\060\020\006\007\052
+\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
+\004\242\325\234\202\173\225\235\361\122\170\207\376\212\026\277
+\005\346\337\243\002\117\015\007\306\000\121\272\014\002\122\055
+\042\244\102\071\304\376\217\352\311\301\276\324\115\377\237\172
+\236\342\261\174\232\255\247\206\011\163\207\321\347\232\343\172
+\245\252\156\373\272\263\160\300\147\210\242\065\324\243\232\261
+\375\255\302\357\061\372\250\271\363\373\010\306\221\321\373\051
+\225\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004
+\024\232\330\000\060\000\347\153\177\205\030\356\213\266\316\212
+\014\370\021\341\273\060\012\006\010\052\206\110\316\075\004\003
+\003\003\151\000\060\146\002\061\000\335\370\340\127\107\133\247
+\346\012\303\275\365\200\212\227\065\015\033\211\074\124\206\167
+\050\312\241\364\171\336\265\346\070\260\360\145\160\214\177\002
+\124\302\277\377\330\241\076\331\317\002\061\000\304\215\224\374
+\334\123\322\334\235\170\026\037\025\063\043\123\122\343\132\061
+\135\235\312\256\275\023\051\104\015\047\133\250\347\150\234\022
+\367\130\077\056\162\002\127\243\217\241\024\056
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "thawte Primary Root CA - G2"
+# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
+# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56
+# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
+# Not Valid Before: Mon Nov 05 00:00:00 2007
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 74:9D:EA:60:24:C4:FD:22:53:3E:CC:3A:72:D9:29:4F
+# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "thawte Primary Root CA - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\252\333\274\042\043\217\304\001\241\047\273\070\335\364\035\333
+\010\236\360\022
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\164\235\352\140\044\304\375\042\123\076\314\072\162\331\051\117
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013
+\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164
+\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
+\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
+\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167
+\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040
+\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256
+\327\126
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "thawte Primary Root CA - G3"
+#
+# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
+# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Wed Apr 02 00:00:00 2008
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31
+# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "thawte Primary Root CA - G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
+\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
+\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143
+\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
+\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006
+\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151
+\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107
+\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
+\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
+\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143
+\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
+\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006
+\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151
+\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107
+\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367
+\220\373
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\052\060\202\003\022\240\003\002\001\002\002\020\140
+\001\227\267\106\247\352\264\264\232\326\113\057\367\220\373\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
+\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025
+\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054
+\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145
+\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061
+\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060
+\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056\040
+\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144
+\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003\125
+\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155\141
+\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063\060
+\036\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132
+\027\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060
+\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145
+\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023
+\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123
+\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156
+\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062
+\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056
+\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145
+\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003
+\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155
+\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\262\277\047\054\373\333\330\133\335\170\173\033\236\167\146
+\201\313\076\274\174\256\363\246\047\232\064\243\150\061\161\070
+\063\142\344\363\161\146\171\261\251\145\243\245\213\325\217\140
+\055\077\102\314\252\153\062\300\043\313\054\101\335\344\337\374
+\141\234\342\163\262\042\225\021\103\030\137\304\266\037\127\154
+\012\005\130\042\310\066\114\072\174\245\321\317\206\257\210\247
+\104\002\023\164\161\163\012\102\131\002\370\033\024\153\102\337
+\157\137\272\153\202\242\235\133\347\112\275\036\001\162\333\113
+\164\350\073\177\177\175\037\004\264\046\233\340\264\132\254\107
+\075\125\270\327\260\046\122\050\001\061\100\146\330\331\044\275
+\366\052\330\354\041\111\134\233\366\172\351\177\125\065\176\226
+\153\215\223\223\047\313\222\273\352\254\100\300\237\302\370\200
+\317\135\364\132\334\316\164\206\246\076\154\013\123\312\275\222
+\316\031\006\162\346\014\134\070\151\307\004\326\274\154\316\133
+\366\367\150\234\334\045\025\110\210\241\351\251\370\230\234\340
+\363\325\061\050\141\021\154\147\226\215\071\231\313\302\105\044
+\071\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
+\035\016\004\026\004\024\255\154\252\224\140\234\355\344\377\372
+\076\012\164\053\143\003\367\266\131\277\060\015\006\011\052\206
+\110\206\367\015\001\001\013\005\000\003\202\001\001\000\032\100
+\330\225\145\254\011\222\211\306\071\364\020\345\251\016\146\123
+\135\170\336\372\044\221\273\347\104\121\337\306\026\064\012\357
+\152\104\121\352\053\007\212\003\172\303\353\077\012\054\122\026
+\240\053\103\271\045\220\077\160\251\063\045\155\105\032\050\073
+\047\317\252\303\051\102\033\337\073\114\300\063\064\133\101\210
+\277\153\053\145\257\050\357\262\365\303\252\146\316\173\126\356
+\267\310\313\147\301\311\234\032\030\270\304\303\111\003\361\140
+\016\120\315\106\305\363\167\171\367\266\025\340\070\333\307\057
+\050\240\014\077\167\046\164\331\045\022\332\061\332\032\036\334
+\051\101\221\042\074\151\247\273\002\362\266\134\047\003\211\364
+\006\352\233\344\162\202\343\241\011\301\351\000\031\323\076\324
+\160\153\272\161\246\252\130\256\364\273\351\154\266\357\207\314
+\233\273\377\071\346\126\141\323\012\247\304\134\114\140\173\005
+\167\046\172\277\330\007\122\054\142\367\160\143\331\071\274\157
+\034\302\171\334\166\051\257\316\305\054\144\004\136\210\066\156
+\061\324\100\032\142\064\066\077\065\001\256\254\143\240
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "thawte Primary Root CA - G3"
+# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
+# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Wed Apr 02 00:00:00 2008
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (MD5): FB:1B:5D:43:8A:94:CD:44:C6:76:F2:43:4B:47:E7:31
+# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "thawte Primary Root CA - G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\361\213\123\215\033\351\003\266\246\360\126\103\133\027\025\211
+\312\363\153\362
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\373\033\135\103\212\224\315\104\306\166\362\103\113\107\347\061
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
+\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
+\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
+\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
+\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143
+\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
+\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006
+\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151
+\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107
+\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367
+\220\373
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GeoTrust Primary Certification Authority - G2"
+#
+# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b
+# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 05 00:00:00 2007
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A
+# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
+\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124
+\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
+\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
+\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
+\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
+\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124
+\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
+\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
+\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
+\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076
+\303\153
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\256\060\202\002\065\240\003\002\001\002\002\020\074
+\262\364\110\012\000\342\376\353\044\073\136\140\076\303\153\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\230\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006
+\003\125\004\012\023\015\107\145\157\124\162\165\163\164\040\111
+\156\143\056\061\071\060\067\006\003\125\004\013\023\060\050\143
+\051\040\062\060\060\067\040\107\145\157\124\162\165\163\164\040
+\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157
+\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\066
+\060\064\006\003\125\004\003\023\055\107\145\157\124\162\165\163
+\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\040\055\040\107\062\060\036\027\015\060\067\061\061\060\065
+\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062
+\063\065\071\065\071\132\060\201\230\061\013\060\011\006\003\125
+\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023
+\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061\071
+\060\067\006\003\125\004\013\023\060\050\143\051\040\062\060\060
+\067\040\107\145\157\124\162\165\163\164\040\111\156\143\056\040
+\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144
+\040\165\163\145\040\157\156\154\171\061\066\060\064\006\003\125
+\004\003\023\055\107\145\157\124\162\165\163\164\040\120\162\151
+\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
+\053\201\004\000\042\003\142\000\004\025\261\350\375\003\025\103
+\345\254\353\207\067\021\142\357\322\203\066\122\175\105\127\013
+\112\215\173\124\073\072\156\137\025\002\300\120\246\317\045\057
+\175\312\110\270\307\120\143\034\052\041\010\174\232\066\330\013
+\376\321\046\305\130\061\060\050\045\363\135\135\243\270\266\245
+\264\222\355\154\054\237\353\335\103\211\242\074\113\110\221\035
+\120\354\046\337\326\140\056\275\041\243\102\060\100\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035
+\006\003\125\035\016\004\026\004\024\025\137\065\127\121\125\373
+\045\262\255\003\151\374\001\243\372\276\021\125\325\060\012\006
+\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060
+\144\226\131\246\350\011\336\213\272\372\132\210\210\360\037\221
+\323\106\250\362\112\114\002\143\373\154\137\070\333\056\101\223
+\251\016\346\235\334\061\034\262\240\247\030\034\171\341\307\066
+\002\060\072\126\257\232\164\154\366\373\203\340\063\323\010\137
+\241\234\302\133\237\106\326\266\313\221\006\143\242\006\347\063
+\254\076\250\201\022\320\313\272\320\222\013\266\236\226\252\004
+\017\212
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GeoTrust Primary Certification Authority - G2"
+# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b
+# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 05 00:00:00 2007
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 01:5E:D8:6B:BD:6F:3D:8E:A1:31:F8:12:E0:98:73:6A
+# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\215\027\204\325\067\363\003\175\354\160\376\127\213\121\232\231
+\346\020\327\260
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\001\136\330\153\275\157\075\216\241\061\370\022\340\230\163\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
+\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
+\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124
+\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
+\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
+\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
+\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076
+\303\153
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "VeriSign Universal Root Certification Authority"
+#
+# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d
+# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Apr 02 00:00:00 2008
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19
+# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023
+\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162
+\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023
+\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162
+\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032
+\305\035
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\271\060\202\003\241\240\003\002\001\002\002\020\100
+\032\304\144\041\263\023\041\003\016\273\344\022\032\305\035\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
+\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027
+\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147
+\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013
+\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164
+\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004
+\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151
+\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162
+\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040
+\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126
+\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141
+\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036
+\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132\027
+\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060\201
+\275\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027
+\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147
+\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013
+\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164
+\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004
+\013\023\061\050\143\051\040\062\060\060\070\040\126\145\162\151
+\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162
+\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040
+\157\156\154\171\061\070\060\066\006\003\125\004\003\023\057\126
+\145\162\151\123\151\147\156\040\125\156\151\166\145\162\163\141
+\154\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\307
+\141\067\136\261\001\064\333\142\327\025\233\377\130\132\214\043
+\043\326\140\216\221\327\220\230\203\172\346\130\031\070\214\305
+\366\345\144\205\264\242\161\373\355\275\271\332\315\115\000\264
+\310\055\163\245\307\151\161\225\037\071\074\262\104\007\234\350
+\016\372\115\112\304\041\337\051\141\217\062\042\141\202\305\207
+\037\156\214\174\137\026\040\121\104\321\160\117\127\352\343\034
+\343\314\171\356\130\330\016\302\263\105\223\300\054\347\232\027
+\053\173\000\067\172\101\063\170\341\063\342\363\020\032\177\207
+\054\276\366\365\367\102\342\345\277\207\142\211\137\000\113\337
+\305\335\344\165\104\062\101\072\036\161\156\151\313\013\165\106
+\010\321\312\322\053\225\320\317\373\271\100\153\144\214\127\115
+\374\023\021\171\204\355\136\124\366\064\237\010\001\363\020\045
+\006\027\112\332\361\035\172\146\153\230\140\146\244\331\357\322
+\056\202\361\360\357\011\352\104\311\025\152\342\003\156\063\323
+\254\237\125\000\307\366\010\152\224\271\137\334\340\063\361\204
+\140\371\133\047\021\264\374\026\362\273\126\152\200\045\215\002
+\003\001\000\001\243\201\262\060\201\257\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\155\006\010\053
+\006\001\005\005\007\001\014\004\141\060\137\241\135\240\133\060
+\131\060\127\060\125\026\011\151\155\141\147\145\057\147\151\146
+\060\041\060\037\060\007\006\005\053\016\003\002\032\004\024\217
+\345\323\032\206\254\215\216\153\303\317\200\152\324\110\030\054
+\173\031\056\060\045\026\043\150\164\164\160\072\057\057\154\157
+\147\157\056\166\145\162\151\163\151\147\156\056\143\157\155\057
+\166\163\154\157\147\157\056\147\151\146\060\035\006\003\125\035
+\016\004\026\004\024\266\167\372\151\110\107\237\123\022\325\302
+\352\007\062\166\007\321\227\007\031\060\015\006\011\052\206\110
+\206\367\015\001\001\013\005\000\003\202\001\001\000\112\370\370
+\260\003\346\054\147\173\344\224\167\143\314\156\114\371\175\016
+\015\334\310\271\065\271\160\117\143\372\044\372\154\203\214\107
+\235\073\143\363\232\371\166\062\225\221\261\167\274\254\232\276
+\261\344\061\041\306\201\225\126\132\016\261\302\324\261\246\131
+\254\361\143\313\270\114\035\131\220\112\357\220\026\050\037\132
+\256\020\373\201\120\070\014\154\314\361\075\303\365\143\343\263
+\343\041\311\044\071\351\375\025\146\106\364\033\021\320\115\163
+\243\175\106\371\075\355\250\137\142\324\361\077\370\340\164\127
+\053\030\235\201\264\304\050\332\224\227\245\160\353\254\035\276
+\007\021\360\325\333\335\345\214\360\325\062\260\203\346\127\342
+\217\277\276\241\252\277\075\035\265\324\070\352\327\260\134\072
+\117\152\077\217\300\146\154\143\252\351\331\244\026\364\201\321
+\225\024\016\175\315\225\064\331\322\217\160\163\201\173\234\176
+\275\230\141\330\105\207\230\220\305\353\206\060\306\065\277\360
+\377\303\125\210\203\113\357\005\222\006\161\362\270\230\223\267
+\354\315\202\141\361\070\346\117\227\230\052\132\215
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "VeriSign Universal Root Certification Authority"
+# Issuer: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d
+# Subject: CN=VeriSign Universal Root Certification Authority,OU="(c) 2008 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Apr 02 00:00:00 2008
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (MD5): 8E:AD:B5:01:AA:4D:81:E4:8C:1D:D1:E1:14:00:95:19
+# Fingerprint (SHA1): 36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign Universal Root Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\066\171\312\065\146\207\162\060\115\060\245\373\207\073\017\247
+\173\267\015\124
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\216\255\265\001\252\115\201\344\214\035\321\341\024\000\225\031
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\275\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\070\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\070\060\066\006\003\125\004\003\023
+\057\126\145\162\151\123\151\147\156\040\125\156\151\166\145\162
+\163\141\154\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\100\032\304\144\041\263\023\041\003\016\273\344\022\032
+\305\035
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
+#
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon Nov 05 00:00:00 2007
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41
+# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207
+\254\263
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\204\060\202\003\012\240\003\002\001\002\002\020\057
+\200\376\043\214\016\042\017\110\147\022\050\221\207\254\263\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\312\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006
+\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040
+\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126
+\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145
+\164\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061
+\050\143\051\040\062\060\060\067\040\126\145\162\151\123\151\147
+\156\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
+\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
+\171\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151
+\123\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142
+\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\040\055\040\107\064\060\036\027\015\060\067\061\061
+\060\065\060\060\060\060\060\060\132\027\015\063\070\060\061\061
+\070\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004
+\012\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143
+\056\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151
+\123\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157
+\162\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051
+\040\062\060\060\067\040\126\145\162\151\123\151\147\156\054\040
+\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157
+\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105
+\060\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147
+\156\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143
+\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\055\040\107\064\060\166\060\020\006\007\052\206\110\316\075
+\002\001\006\005\053\201\004\000\042\003\142\000\004\247\126\172
+\174\122\332\144\233\016\055\134\330\136\254\222\075\376\001\346
+\031\112\075\024\003\113\372\140\047\040\331\203\211\151\372\124
+\306\232\030\136\125\052\144\336\006\366\215\112\073\255\020\074
+\145\075\220\210\004\211\340\060\141\263\256\135\001\247\173\336
+\174\262\276\312\145\141\000\206\256\332\217\173\320\211\255\115
+\035\131\232\101\261\274\107\200\334\236\142\303\371\243\201\262
+\060\201\257\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\155\006\010\053\006\001\005\005\007\001\014
+\004\141\060\137\241\135\240\133\060\131\060\127\060\125\026\011
+\151\155\141\147\145\057\147\151\146\060\041\060\037\060\007\006
+\005\053\016\003\002\032\004\024\217\345\323\032\206\254\215\216
+\153\303\317\200\152\324\110\030\054\173\031\056\060\045\026\043
+\150\164\164\160\072\057\057\154\157\147\157\056\166\145\162\151
+\163\151\147\156\056\143\157\155\057\166\163\154\157\147\157\056
+\147\151\146\060\035\006\003\125\035\016\004\026\004\024\263\026
+\221\375\356\246\156\344\265\056\111\217\207\170\201\200\354\345
+\261\265\060\012\006\010\052\206\110\316\075\004\003\003\003\150
+\000\060\145\002\060\146\041\014\030\046\140\132\070\173\126\102
+\340\247\374\066\204\121\221\040\054\166\115\103\075\304\035\204
+\043\320\254\326\174\065\006\316\315\151\275\220\015\333\154\110
+\102\035\016\252\102\002\061\000\234\075\110\071\043\071\130\032
+\025\022\131\152\236\357\325\131\262\035\122\054\231\161\315\307
+\051\337\033\052\141\173\161\321\336\363\300\345\015\072\112\252
+\055\247\330\206\052\335\056\020
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4,OU="(c) 2007 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon Nov 05 00:00:00 2007
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 3A:52:E1:E7:FD:6F:3A:E3:6F:F3:6F:99:1B:F9:22:41
+# Fingerprint (SHA1): 22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\042\325\330\337\217\002\061\321\215\367\235\267\317\212\055\144
+\311\077\154\072
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\072\122\341\347\375\157\072\343\157\363\157\231\033\371\042\101
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\067\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\057\200\376\043\214\016\042\017\110\147\022\050\221\207
+\254\263
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "NetLock Arany (Class Gold) Főtanúsítvány"
+#
+# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU
+# Serial Number:49:41:2c:e4:00:10
+# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Dec 11 15:08:21 2008
+# Not Valid After : Wed Dec 06 15:08:21 2028
+# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88
+# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "NetLock Arany (Class Gold) Főtanúsítvány"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125
+\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160
+\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145
+\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003
+\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303
+\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143
+\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145
+\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141
+\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303
+\272\163\303\255\164\166\303\241\156\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125
+\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160
+\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145
+\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003
+\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303
+\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143
+\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145
+\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141
+\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303
+\272\163\303\255\164\166\303\241\156\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\111\101\054\344\000\020
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\025\060\202\002\375\240\003\002\001\002\002\006\111
+\101\054\344\000\020\060\015\006\011\052\206\110\206\367\015\001
+\001\013\005\000\060\201\247\061\013\060\011\006\003\125\004\006
+\023\002\110\125\061\021\060\017\006\003\125\004\007\014\010\102
+\165\144\141\160\145\163\164\061\025\060\023\006\003\125\004\012
+\014\014\116\145\164\114\157\143\153\040\113\146\164\056\061\067
+\060\065\006\003\125\004\013\014\056\124\141\156\303\272\163\303
+\255\164\166\303\241\156\171\153\151\141\144\303\263\153\040\050
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145
+\162\166\151\143\145\163\051\061\065\060\063\006\003\125\004\003
+\014\054\116\145\164\114\157\143\153\040\101\162\141\156\171\040
+\050\103\154\141\163\163\040\107\157\154\144\051\040\106\305\221
+\164\141\156\303\272\163\303\255\164\166\303\241\156\171\060\036
+\027\015\060\070\061\062\061\061\061\065\060\070\062\061\132\027
+\015\062\070\061\062\060\066\061\065\060\070\062\061\132\060\201
+\247\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021
+\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145\163
+\164\061\025\060\023\006\003\125\004\012\014\014\116\145\164\114
+\157\143\153\040\113\146\164\056\061\067\060\065\006\003\125\004
+\013\014\056\124\141\156\303\272\163\303\255\164\166\303\241\156
+\171\153\151\141\144\303\263\153\040\050\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163
+\051\061\065\060\063\006\003\125\004\003\014\054\116\145\164\114
+\157\143\153\040\101\162\141\156\171\040\050\103\154\141\163\163
+\040\107\157\154\144\051\040\106\305\221\164\141\156\303\272\163
+\303\255\164\166\303\241\156\171\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\304\044\136\163\276\113\155
+\024\303\241\364\343\227\220\156\322\060\105\036\074\356\147\331
+\144\340\032\212\177\312\060\312\203\343\040\301\343\364\072\323
+\224\137\032\174\133\155\277\060\117\204\047\366\237\037\111\274
+\306\231\012\220\362\017\365\177\103\204\067\143\121\213\172\245
+\160\374\172\130\315\216\233\355\303\106\154\204\160\135\332\363
+\001\220\043\374\116\060\251\176\341\047\143\347\355\144\074\240
+\270\311\063\143\376\026\220\377\260\270\375\327\250\300\300\224
+\103\013\266\325\131\246\236\126\320\044\037\160\171\257\333\071
+\124\015\145\165\331\025\101\224\001\257\136\354\366\215\361\377
+\255\144\376\040\232\327\134\353\376\246\037\010\144\243\213\166
+\125\255\036\073\050\140\056\207\045\350\252\257\037\306\144\106
+\040\267\160\177\074\336\110\333\226\123\267\071\167\344\032\342
+\307\026\204\166\227\133\057\273\031\025\205\370\151\205\365\231
+\247\251\362\064\247\251\266\246\003\374\157\206\075\124\174\166
+\004\233\153\371\100\135\000\064\307\056\231\165\235\345\210\003
+\252\115\370\003\322\102\166\300\033\002\003\000\250\213\243\105
+\060\103\060\022\006\003\125\035\023\001\001\377\004\010\060\006
+\001\001\377\002\001\004\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004
+\024\314\372\147\223\360\266\270\320\245\300\036\363\123\375\214
+\123\337\203\327\226\060\015\006\011\052\206\110\206\367\015\001
+\001\013\005\000\003\202\001\001\000\253\177\356\034\026\251\234
+\074\121\000\240\300\021\010\005\247\231\346\157\001\210\124\141
+\156\361\271\030\255\112\255\376\201\100\043\224\057\373\165\174
+\057\050\113\142\044\201\202\013\365\141\361\034\156\270\141\070
+\353\201\372\142\241\073\132\142\323\224\145\304\341\346\155\202
+\370\057\045\160\262\041\046\301\162\121\037\214\054\303\204\220
+\303\132\217\272\317\364\247\145\245\353\230\321\373\005\262\106
+\165\025\043\152\157\205\143\060\200\360\325\236\037\051\034\302
+\154\260\120\131\135\220\133\073\250\015\060\317\277\175\177\316
+\361\235\203\275\311\106\156\040\246\371\141\121\272\041\057\173
+\276\245\025\143\241\324\225\207\361\236\271\363\211\363\075\205
+\270\270\333\276\265\271\051\371\332\067\005\000\111\224\003\204
+\104\347\277\103\061\317\165\213\045\321\364\246\144\365\222\366
+\253\005\353\075\351\245\013\066\142\332\314\006\137\066\213\266
+\136\061\270\052\373\136\366\161\337\104\046\236\304\346\015\221
+\264\056\165\225\200\121\152\113\060\246\260\142\241\223\361\233
+\330\316\304\143\165\077\131\107\261
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "NetLock Arany (Class Gold) Főtanúsítvány"
+# Issuer: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU
+# Serial Number:49:41:2c:e4:00:10
+# Subject: CN=NetLock Arany (Class Gold) F..tan..s..tv..ny,OU=Tan..s..tv..nykiad..k (Certification Services),O=NetLock Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Dec 11 15:08:21 2008
+# Not Valid After : Wed Dec 06 15:08:21 2028
+# Fingerprint (MD5): C5:A1:B7:FF:73:DD:D6:D7:34:32:18:DF:FC:3C:AD:88
+# Fingerprint (SHA1): 06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "NetLock Arany (Class Gold) Főtanúsítvány"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\006\010\077\131\077\025\241\004\240\151\244\153\251\003\320\006
+\267\227\011\221
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\305\241\267\377\163\335\326\327\064\062\030\337\374\074\255\210
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\247\061\013\060\011\006\003\125\004\006\023\002\110\125
+\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160
+\145\163\164\061\025\060\023\006\003\125\004\012\014\014\116\145
+\164\114\157\143\153\040\113\146\164\056\061\067\060\065\006\003
+\125\004\013\014\056\124\141\156\303\272\163\303\255\164\166\303
+\241\156\171\153\151\141\144\303\263\153\040\050\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143
+\145\163\051\061\065\060\063\006\003\125\004\003\014\054\116\145
+\164\114\157\143\153\040\101\162\141\156\171\040\050\103\154\141
+\163\163\040\107\157\154\144\051\040\106\305\221\164\141\156\303
+\272\163\303\255\164\166\303\241\156\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\111\101\054\344\000\020
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Staat der Nederlanden Root CA - G2"
+#
+# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000012 (0x98968c)
+# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Wed Mar 26 11:18:17 2008
+# Not Valid After : Wed Mar 25 11:03:10 2020
+# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A
+# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\122\157\157\164\040\103\101\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\122\157\157\164\040\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\000\230\226\214
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\312\060\202\003\262\240\003\002\001\002\002\004\000
+\230\226\214\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141
+\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
+\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141
+\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
+\156\040\122\157\157\164\040\103\101\040\055\040\107\062\060\036
+\027\015\060\070\060\063\062\066\061\061\061\070\061\067\132\027
+\015\062\060\060\063\062\065\061\061\060\063\061\060\132\060\132
+\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060
+\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145
+\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060
+\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145
+\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157
+\157\164\040\103\101\040\055\040\107\062\060\202\002\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
+\017\000\060\202\002\012\002\202\002\001\000\305\131\347\157\165
+\252\076\113\234\265\270\254\236\013\344\371\331\312\253\135\217
+\265\071\020\202\327\257\121\340\073\341\000\110\152\317\332\341
+\006\103\021\231\252\024\045\022\255\042\350\000\155\103\304\251
+\270\345\037\211\113\147\275\141\110\357\375\322\340\140\210\345
+\271\030\140\050\303\167\053\255\260\067\252\067\336\144\131\052
+\106\127\344\113\271\370\067\174\325\066\347\200\301\266\363\324
+\147\233\226\350\316\327\306\012\123\320\153\111\226\363\243\013
+\005\167\110\367\045\345\160\254\060\024\040\045\343\177\165\132
+\345\110\370\116\173\003\007\004\372\202\141\207\156\360\073\304
+\244\307\320\365\164\076\245\135\032\010\362\233\045\322\366\254
+\004\046\076\125\072\142\050\245\173\262\060\257\370\067\302\321
+\272\326\070\375\364\357\111\060\067\231\046\041\110\205\001\251
+\345\026\347\334\220\125\337\017\350\070\315\231\067\041\117\135
+\365\042\157\152\305\022\026\140\027\125\362\145\146\246\247\060
+\221\070\301\070\035\206\004\204\272\032\045\170\136\235\257\314
+\120\140\326\023\207\122\355\143\037\155\145\175\302\025\030\164
+\312\341\176\144\051\214\162\330\026\023\175\013\111\112\361\050
+\033\040\164\153\305\075\335\260\252\110\011\075\056\202\224\315
+\032\145\331\053\210\232\231\274\030\176\237\356\175\146\174\076
+\275\224\270\201\316\315\230\060\170\301\157\147\320\276\137\340
+\150\355\336\342\261\311\054\131\170\222\252\337\053\140\143\362
+\345\136\271\343\312\372\177\120\206\076\242\064\030\014\011\150
+\050\021\034\344\341\271\134\076\107\272\062\077\030\314\133\204
+\365\363\153\164\304\162\164\341\343\213\240\112\275\215\146\057
+\352\255\065\332\040\323\210\202\141\360\022\042\266\274\320\325
+\244\354\257\124\210\045\044\074\247\155\261\162\051\077\076\127
+\246\177\125\257\156\046\306\376\347\314\100\134\121\104\201\012
+\170\336\112\316\125\277\035\325\331\267\126\357\360\166\377\013
+\171\265\257\275\373\251\151\221\106\227\150\200\024\066\035\263
+\177\273\051\230\066\245\040\372\202\140\142\063\244\354\326\272
+\007\247\156\305\317\024\246\347\326\222\064\330\201\365\374\035
+\135\252\134\036\366\243\115\073\270\367\071\002\003\001\000\001
+\243\201\227\060\201\224\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\122\006\003\125\035\040\004\113
+\060\111\060\107\006\004\125\035\040\000\060\077\060\075\006\010
+\053\006\001\005\005\007\002\001\026\061\150\164\164\160\072\057
+\057\167\167\167\056\160\153\151\157\166\145\162\150\145\151\144
+\056\156\154\057\160\157\154\151\143\151\145\163\057\162\157\157
+\164\055\160\157\154\151\143\171\055\107\062\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
+\035\016\004\026\004\024\221\150\062\207\025\035\211\342\265\361
+\254\066\050\064\215\013\174\142\210\353\060\015\006\011\052\206
+\110\206\367\015\001\001\013\005\000\003\202\002\001\000\250\101
+\112\147\052\222\201\202\120\156\341\327\330\263\071\073\363\002
+\025\011\120\121\357\055\275\044\173\210\206\073\371\264\274\222
+\011\226\271\366\300\253\043\140\006\171\214\021\116\121\322\171
+\200\063\373\235\110\276\354\101\103\201\037\176\107\100\034\345
+\172\010\312\252\213\165\255\024\304\302\350\146\074\202\007\247
+\346\047\202\133\030\346\017\156\331\120\076\212\102\030\051\306
+\264\126\374\126\020\240\005\027\275\014\043\177\364\223\355\234
+\032\121\276\335\105\101\277\221\044\264\037\214\351\137\317\173
+\041\231\237\225\237\071\072\106\034\154\371\315\173\234\220\315
+\050\251\307\251\125\273\254\142\064\142\065\023\113\024\072\125
+\203\271\206\215\222\246\306\364\007\045\124\314\026\127\022\112
+\202\170\310\024\331\027\202\046\055\135\040\037\171\256\376\324
+\160\026\026\225\203\330\065\071\377\122\135\165\034\026\305\023
+\125\317\107\314\165\145\122\112\336\360\260\247\344\012\226\013
+\373\255\302\342\045\204\262\335\344\275\176\131\154\233\360\360
+\330\347\312\362\351\227\070\176\211\276\314\373\071\027\141\077
+\162\333\072\221\330\145\001\031\035\255\120\244\127\012\174\113
+\274\234\161\163\052\105\121\031\205\314\216\375\107\247\164\225
+\035\250\321\257\116\027\261\151\046\302\252\170\127\133\305\115
+\247\345\236\005\027\224\312\262\137\240\111\030\215\064\351\046
+\154\110\036\252\150\222\005\341\202\163\132\233\334\007\133\010
+\155\175\235\327\215\041\331\374\024\040\252\302\105\337\077\347
+\000\262\121\344\302\370\005\271\171\032\214\064\363\236\133\344
+\067\133\153\112\337\054\127\212\100\132\066\272\335\165\104\010
+\067\102\160\014\376\334\136\041\240\243\212\300\220\234\150\332
+\120\346\105\020\107\170\266\116\322\145\311\303\067\337\341\102
+\143\260\127\067\105\055\173\212\234\277\005\352\145\125\063\367
+\071\020\305\050\052\041\172\033\212\304\044\371\077\025\310\232
+\025\040\365\125\142\226\355\155\223\120\274\344\252\170\255\331
+\313\012\145\207\246\146\301\304\201\243\167\072\130\036\013\356
+\203\213\235\036\322\122\244\314\035\157\260\230\155\224\061\265
+\370\161\012\334\271\374\175\062\140\346\353\257\212\001
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Staat der Nederlanden Root CA - G2"
+# Issuer: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000012 (0x98968c)
+# Subject: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Wed Mar 26 11:18:17 2008
+# Not Valid After : Wed Mar 25 11:03:10 2020
+# Fingerprint (MD5): 7C:A5:0F:F8:5B:9A:7D:6D:30:AE:54:5A:E3:42:A2:8A
+# Fingerprint (SHA1): 59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\131\257\202\171\221\206\307\264\165\007\313\317\003\127\106\353
+\004\335\267\026
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\174\245\017\370\133\232\175\155\060\256\124\132\343\102\242\212
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\122\157\157\164\040\103\101\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\000\230\226\214
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Hongkong Post Root CA 1"
+#
+# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
+# Serial Number: 1000 (0x3e8)
+# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
+# Not Valid Before: Thu May 15 05:13:14 2003
+# Not Valid After : Mon May 15 04:52:29 2023
+# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA
+# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hongkong Post Root CA 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
+\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
+\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
+\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
+\122\157\157\164\040\103\101\040\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
+\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
+\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
+\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
+\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\003\350
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\060\060\202\002\030\240\003\002\001\002\002\002\003
+\350\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
+\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
+\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
+\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
+\122\157\157\164\040\103\101\040\061\060\036\027\015\060\063\060
+\065\061\065\060\065\061\063\061\064\132\027\015\062\063\060\065
+\061\065\060\064\065\062\062\071\132\060\107\061\013\060\011\006
+\003\125\004\006\023\002\110\113\061\026\060\024\006\003\125\004
+\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164
+\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153
+\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101
+\040\061\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\254\377\070\266\351\146\002\111\343\242\264\341\220
+\371\100\217\171\371\342\275\171\376\002\275\356\044\222\035\042
+\366\332\205\162\151\376\327\077\011\324\335\221\265\002\234\320
+\215\132\341\125\303\120\206\271\051\046\302\343\331\240\361\151
+\003\050\040\200\105\042\055\126\247\073\124\225\126\042\131\037
+\050\337\037\040\075\155\242\066\276\043\240\261\156\265\261\047
+\077\071\123\011\352\253\152\350\164\262\302\145\134\216\277\174
+\303\170\204\315\236\026\374\365\056\117\040\052\010\237\167\363
+\305\036\304\232\122\146\036\110\136\343\020\006\217\042\230\341
+\145\216\033\135\043\146\073\270\245\062\121\310\206\252\241\251
+\236\177\166\224\302\246\154\267\101\360\325\310\006\070\346\324
+\014\342\363\073\114\155\120\214\304\203\047\301\023\204\131\075
+\236\165\164\266\330\002\136\072\220\172\300\102\066\162\354\152
+\115\334\357\304\000\337\023\030\127\137\046\170\310\326\012\171
+\167\277\367\257\267\166\271\245\013\204\027\135\020\352\157\341
+\253\225\021\137\155\074\243\134\115\203\133\362\263\031\212\200
+\213\013\207\002\003\001\000\001\243\046\060\044\060\022\006\003
+\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\003
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\306
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\016\106\325\074\256\342\207\331\136\201\213\002
+\230\101\010\214\114\274\332\333\356\047\033\202\347\152\105\354
+\026\213\117\205\240\363\262\160\275\132\226\272\312\156\155\356
+\106\213\156\347\052\056\226\263\031\063\353\264\237\250\262\067
+\356\230\250\227\266\056\266\147\047\324\246\111\375\034\223\145
+\166\236\102\057\334\042\154\232\117\362\132\025\071\261\161\327
+\053\121\350\155\034\230\300\331\052\364\241\202\173\325\311\101
+\242\043\001\164\070\125\213\017\271\056\147\242\040\004\067\332
+\234\013\323\027\041\340\217\227\171\064\157\204\110\002\040\063
+\033\346\064\104\237\221\160\364\200\136\204\103\302\051\322\154
+\022\024\344\141\215\254\020\220\236\204\120\273\360\226\157\105
+\237\212\363\312\154\117\372\021\072\025\025\106\303\315\037\203
+\133\055\101\022\355\120\147\101\023\075\041\253\224\212\252\116
+\174\301\261\373\247\326\265\047\057\227\253\156\340\035\342\321
+\034\054\037\104\342\374\276\221\241\234\373\326\051\123\163\206
+\237\123\330\103\016\135\326\143\202\161\035\200\164\312\366\342
+\002\153\331\132
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Hongkong Post Root CA 1"
+# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
+# Serial Number: 1000 (0x3e8)
+# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
+# Not Valid Before: Thu May 15 05:13:14 2003
+# Not Valid After : Mon May 15 04:52:29 2023
+# Fingerprint (MD5): A8:0D:6F:39:78:B9:43:6D:77:42:6D:98:5A:CC:23:CA
+# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hongkong Post Root CA 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\326\332\250\040\215\011\322\025\115\044\265\057\313\064\156\262
+\130\262\212\130
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\250\015\157\071\170\271\103\155\167\102\155\230\132\314\043\312
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
+\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
+\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
+\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
+\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\003\350
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "SecureSign RootCA11"
+#
+# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP
+# Serial Number: 1 (0x1)
+# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP
+# Not Valid Before: Wed Apr 08 04:56:47 2009
+# Not Valid After : Sun Apr 08 04:56:47 2029
+# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26
+# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SecureSign RootCA11"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145
+\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032
+\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147
+\156\040\122\157\157\164\103\101\061\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145
+\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032
+\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147
+\156\040\122\157\157\164\103\101\061\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\155\060\202\002\125\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061\053
+\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162
+\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032\006
+\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147\156
+\040\122\157\157\164\103\101\061\061\060\036\027\015\060\071\060
+\064\060\070\060\064\065\066\064\067\132\027\015\062\071\060\064
+\060\070\060\064\065\066\064\067\132\060\130\061\013\060\011\006
+\003\125\004\006\023\002\112\120\061\053\060\051\006\003\125\004
+\012\023\042\112\141\160\141\156\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\123\145\162\166\151\143\145\163\054
+\040\111\156\143\056\061\034\060\032\006\003\125\004\003\023\023
+\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164\103
+\101\061\061\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\375\167\252\245\034\220\005\073\313\114\233\063
+\213\132\024\105\244\347\220\026\321\337\127\322\041\020\244\027
+\375\337\254\326\037\247\344\333\174\367\354\337\270\003\332\224
+\130\375\135\162\174\214\077\137\001\147\164\025\226\343\002\074
+\207\333\256\313\001\216\302\363\146\306\205\105\364\002\306\072
+\265\142\262\257\372\234\277\244\346\324\200\060\230\363\015\266
+\223\217\251\324\330\066\362\260\374\212\312\054\241\025\063\225
+\061\332\300\033\362\356\142\231\206\143\077\277\335\223\052\203
+\250\166\271\023\037\267\316\116\102\205\217\042\347\056\032\362
+\225\011\262\005\265\104\116\167\241\040\275\251\362\116\012\175
+\120\255\365\005\015\105\117\106\161\375\050\076\123\373\004\330
+\055\327\145\035\112\033\372\317\073\260\061\232\065\156\310\213
+\006\323\000\221\362\224\010\145\114\261\064\006\000\172\211\342
+\360\307\003\131\317\325\326\350\247\062\263\346\230\100\206\305
+\315\047\022\213\314\173\316\267\021\074\142\140\007\043\076\053
+\100\156\224\200\011\155\266\263\157\167\157\065\010\120\373\002
+\207\305\076\211\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\133\370\115\117\262\245\206\324
+\072\322\361\143\232\240\276\011\366\127\267\336\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\240\241\070\026\146\056\247\126\037\041\234\006\372\035\355
+\271\042\305\070\046\330\116\117\354\243\177\171\336\106\041\241
+\207\167\217\007\010\232\262\244\305\257\017\062\230\013\174\146
+\051\266\233\175\045\122\111\103\253\114\056\053\156\172\160\257
+\026\016\343\002\154\373\102\346\030\235\105\330\125\310\350\073
+\335\347\341\364\056\013\034\064\134\154\130\112\373\214\210\120
+\137\225\034\277\355\253\042\265\145\263\205\272\236\017\270\255
+\345\172\033\212\120\072\035\275\015\274\173\124\120\013\271\102
+\257\125\240\030\201\255\145\231\357\276\344\234\277\304\205\253
+\101\262\124\157\334\045\315\355\170\342\216\014\215\011\111\335
+\143\173\132\151\226\002\041\250\275\122\131\351\175\065\313\310
+\122\312\177\201\376\331\153\323\367\021\355\045\337\370\347\371
+\244\372\162\227\204\123\015\245\320\062\030\121\166\131\024\154
+\017\353\354\137\200\214\165\103\203\303\205\230\377\114\236\055
+\015\344\167\203\223\116\265\226\007\213\050\023\233\214\031\215
+\101\047\111\100\356\336\346\043\104\071\334\241\042\326\272\003
+\362
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "SecureSign RootCA11"
+# Issuer: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP
+# Serial Number: 1 (0x1)
+# Subject: CN=SecureSign RootCA11,O="Japan Certification Services, Inc.",C=JP
+# Not Valid Before: Wed Apr 08 04:56:47 2009
+# Not Valid After : Sun Apr 08 04:56:47 2029
+# Fingerprint (MD5): B7:52:74:E2:92:B4:80:93:F2:75:E4:CC:D7:F2:EA:26
+# Fingerprint (SHA1): 3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SecureSign RootCA11"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\073\304\237\110\370\363\163\240\234\036\275\370\133\261\303\145
+\307\330\021\263
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\267\122\164\342\222\264\200\223\362\165\344\314\327\362\352\046
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\053\060\051\006\003\125\004\012\023\042\112\141\160\141\156\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145
+\162\166\151\143\145\163\054\040\111\156\143\056\061\034\060\032
+\006\003\125\004\003\023\023\123\145\143\165\162\145\123\151\147
+\156\040\122\157\157\164\103\101\061\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ACEDICOM Root"
+#
+# Issuer: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Serial Number:61:8d:c7:86:3b:01:82:05
+# Subject: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Not Valid Before: Fri Apr 18 16:24:22 2008
+# Not Valid After : Thu Apr 13 16:24:22 2028
+# Fingerprint (MD5): 42:81:A0:E2:1C:E3:55:10:DE:55:89:42:65:96:22:E6
+# Fingerprint (SHA1): E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ACEDICOM Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105
+\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003
+\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004
+\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125
+\004\006\023\002\105\123
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105
+\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003
+\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004
+\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125
+\004\006\023\002\105\123
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\141\215\307\206\073\001\202\005
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\265\060\202\003\235\240\003\002\001\002\002\010\141
+\215\307\206\073\001\202\005\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\060\104\061\026\060\024\006\003\125\004
+\003\014\015\101\103\105\104\111\103\117\115\040\122\157\157\164
+\061\014\060\012\006\003\125\004\013\014\003\120\113\111\061\017
+\060\015\006\003\125\004\012\014\006\105\104\111\103\117\115\061
+\013\060\011\006\003\125\004\006\023\002\105\123\060\036\027\015
+\060\070\060\064\061\070\061\066\062\064\062\062\132\027\015\062
+\070\060\064\061\063\061\066\062\064\062\062\132\060\104\061\026
+\060\024\006\003\125\004\003\014\015\101\103\105\104\111\103\117
+\115\040\122\157\157\164\061\014\060\012\006\003\125\004\013\014
+\003\120\113\111\061\017\060\015\006\003\125\004\012\014\006\105
+\104\111\103\117\115\061\013\060\011\006\003\125\004\006\023\002
+\105\123\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\377\222\225\341\150\006\166\264\054\310\130\110\312
+\375\200\124\051\125\143\044\377\220\145\233\020\165\173\303\152
+\333\142\002\001\362\030\206\265\174\132\070\261\344\130\271\373
+\323\330\055\237\275\062\067\277\054\025\155\276\265\364\041\322
+\023\221\331\007\255\001\005\326\363\275\167\316\137\102\201\012
+\371\152\343\203\000\250\053\056\125\023\143\201\312\107\034\173
+\134\026\127\172\033\203\140\004\072\076\145\303\315\001\336\336
+\244\326\014\272\216\336\331\004\356\027\126\042\233\217\143\375
+\115\026\013\267\173\167\214\371\045\265\321\155\231\022\056\117
+\032\270\346\352\004\222\256\075\021\271\121\102\075\207\260\061
+\205\257\171\132\234\376\347\116\136\222\117\103\374\253\072\255
+\245\022\046\146\271\342\014\327\230\316\324\130\245\225\100\012
+\267\104\235\023\164\053\302\245\353\042\025\230\020\330\213\305
+\004\237\035\217\140\345\006\033\233\317\271\171\240\075\242\043
+\077\102\077\153\372\034\003\173\060\215\316\154\300\277\346\033
+\137\277\147\270\204\031\325\025\357\173\313\220\066\061\142\311
+\274\002\253\106\137\233\376\032\150\224\064\075\220\216\255\366
+\344\035\011\177\112\210\070\077\276\147\375\064\226\365\035\274
+\060\164\313\070\356\325\154\253\324\374\364\000\267\000\133\205
+\062\026\166\063\351\330\243\231\235\005\000\252\026\346\363\201
+\175\157\175\252\206\155\255\025\164\323\304\242\161\252\364\024
+\175\347\062\270\037\274\325\361\116\275\157\027\002\071\327\016
+\225\102\072\307\000\076\351\046\143\021\352\013\321\112\377\030
+\235\262\327\173\057\072\331\226\373\350\036\222\256\023\125\310
+\331\047\366\334\110\033\260\044\301\205\343\167\235\232\244\363
+\014\021\035\015\310\264\024\356\265\202\127\011\277\040\130\177
+\057\042\043\330\160\313\171\154\311\113\362\251\052\310\374\207
+\053\327\032\120\370\047\350\057\103\343\072\275\330\127\161\375
+\316\246\122\133\371\335\115\355\345\366\157\211\355\273\223\234
+\166\041\165\360\222\114\051\367\057\234\001\056\376\120\106\236
+\144\014\024\263\007\133\305\302\163\154\361\007\134\105\044\024
+\065\256\203\361\152\115\211\172\372\263\330\055\146\360\066\207
+\365\053\123\002\003\001\000\001\243\201\252\060\201\247\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\037\006\003\125\035\043\004\030\060\026\200\024\246\263\341\053
+\053\111\266\327\163\241\252\224\365\001\347\163\145\114\254\120
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206
+\060\035\006\003\125\035\016\004\026\004\024\246\263\341\053\053
+\111\266\327\163\241\252\224\365\001\347\163\145\114\254\120\060
+\104\006\003\125\035\040\004\075\060\073\060\071\006\004\125\035
+\040\000\060\061\060\057\006\010\053\006\001\005\005\007\002\001
+\026\043\150\164\164\160\072\057\057\141\143\145\144\151\143\157
+\155\056\145\144\151\143\157\155\147\162\157\165\160\056\143\157
+\155\057\144\157\143\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\003\202\002\001\000\316\054\013\122\121\142\046
+\175\014\047\203\217\305\366\332\240\150\173\117\222\136\352\244
+\163\062\021\123\104\262\104\313\235\354\017\171\102\263\020\246
+\307\015\235\313\266\372\077\072\174\352\277\210\123\033\074\367
+\202\372\005\065\063\341\065\250\127\300\347\375\215\117\077\223
+\062\117\170\146\003\167\007\130\351\225\310\176\076\320\171\000
+\214\362\033\121\063\233\274\224\351\072\173\156\122\055\062\236
+\043\244\105\373\266\056\023\260\213\030\261\335\316\325\035\247
+\102\177\125\276\373\133\273\107\324\374\044\315\004\256\226\005
+\025\326\254\316\060\363\312\013\305\272\342\042\340\246\255\042
+\344\002\356\164\021\177\114\377\170\035\065\332\346\002\064\353
+\030\022\141\167\006\011\026\143\352\030\255\242\207\037\362\307
+\200\011\011\165\116\020\250\217\075\206\270\165\021\300\044\142
+\212\226\173\112\105\351\354\131\305\276\153\203\346\341\350\254
+\265\060\036\376\005\007\200\371\341\043\015\120\217\005\230\377
+\054\137\350\073\266\255\317\201\265\041\207\312\010\052\043\047
+\060\040\053\317\355\224\133\254\262\172\322\307\050\241\212\013
+\233\115\112\054\155\205\077\011\162\074\147\342\331\334\007\272
+\353\145\173\132\001\143\326\220\133\117\027\146\075\177\013\031
+\243\223\143\020\122\052\237\024\026\130\342\334\245\364\241\026
+\213\016\221\213\201\312\233\131\372\330\153\221\007\145\125\137
+\122\037\257\072\373\220\335\151\245\133\234\155\016\054\266\372
+\316\254\245\174\062\112\147\100\334\060\064\043\335\327\004\043
+\146\360\374\125\200\247\373\146\031\202\065\147\142\160\071\136
+\157\307\352\220\100\104\010\036\270\262\326\333\356\131\247\015
+\030\171\064\274\124\030\136\123\312\064\121\355\105\012\346\216
+\307\202\066\076\247\070\143\251\060\054\027\020\140\222\237\125
+\207\022\131\020\302\017\147\151\021\314\116\036\176\112\232\255
+\257\100\250\165\254\126\220\164\270\240\234\245\171\157\334\351
+\032\310\151\005\351\272\372\003\263\174\344\340\116\302\316\235
+\350\266\106\015\156\176\127\072\147\224\302\313\037\234\167\112
+\147\116\151\206\103\223\070\373\266\333\117\203\221\324\140\176
+\113\076\053\070\007\125\230\136\244
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "ACEDICOM Root"
+# Issuer: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Serial Number:61:8d:c7:86:3b:01:82:05
+# Subject: C=ES,O=EDICOM,OU=PKI,CN=ACEDICOM Root
+# Not Valid Before: Fri Apr 18 16:24:22 2008
+# Not Valid After : Thu Apr 13 16:24:22 2028
+# Fingerprint (MD5): 42:81:A0:E2:1C:E3:55:10:DE:55:89:42:65:96:22:E6
+# Fingerprint (SHA1): E0:B4:32:2E:B2:F6:A5:68:B6:54:53:84:48:18:4A:50:36:87:43:84
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ACEDICOM Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\340\264\062\056\262\366\245\150\266\124\123\204\110\030\112\120
+\066\207\103\204
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\102\201\240\342\034\343\125\020\336\125\211\102\145\226\042\346
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\026\060\024\006\003\125\004\003\014\015\101\103\105
+\104\111\103\117\115\040\122\157\157\164\061\014\060\012\006\003
+\125\004\013\014\003\120\113\111\061\017\060\015\006\003\125\004
+\012\014\006\105\104\111\103\117\115\061\013\060\011\006\003\125
+\004\006\023\002\105\123
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\141\215\307\206\073\001\202\005
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
+# Certificate "Microsec e-Szigno Root CA 2009"
+#
+# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:c2:7e:43:04:4e:47:3f:19
+# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Tue Jun 16 11:30:18 2009
+# Not Valid After : Sun Dec 30 11:30:18 2029
+# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
+# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125
+\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160
+\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151
+\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006
+\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145
+\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040
+\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015
+\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147
+\156\157\056\150\165
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125
+\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160
+\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151
+\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006
+\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145
+\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040
+\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015
+\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147
+\156\157\056\150\165
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\302\176\103\004\116\107\077\031
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\012\060\202\002\362\240\003\002\001\002\002\011\000
+\302\176\103\004\116\107\077\031\060\015\006\011\052\206\110\206
+\367\015\001\001\013\005\000\060\201\202\061\013\060\011\006\003
+\125\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007
+\014\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003
+\125\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164
+\144\056\061\047\060\045\006\003\125\004\003\014\036\115\151\143
+\162\157\163\145\143\040\145\055\123\172\151\147\156\157\040\122
+\157\157\164\040\103\101\040\062\060\060\071\061\037\060\035\006
+\011\052\206\110\206\367\015\001\011\001\026\020\151\156\146\157
+\100\145\055\163\172\151\147\156\157\056\150\165\060\036\027\015
+\060\071\060\066\061\066\061\061\063\060\061\070\132\027\015\062
+\071\061\062\063\060\061\061\063\060\061\070\132\060\201\202\061
+\013\060\011\006\003\125\004\006\023\002\110\125\061\021\060\017
+\006\003\125\004\007\014\010\102\165\144\141\160\145\163\164\061
+\026\060\024\006\003\125\004\012\014\015\115\151\143\162\157\163
+\145\143\040\114\164\144\056\061\047\060\045\006\003\125\004\003
+\014\036\115\151\143\162\157\163\145\143\040\145\055\123\172\151
+\147\156\157\040\122\157\157\164\040\103\101\040\062\060\060\071
+\061\037\060\035\006\011\052\206\110\206\367\015\001\011\001\026
+\020\151\156\146\157\100\145\055\163\172\151\147\156\157\056\150
+\165\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\351\370\217\363\143\255\332\206\330\247\340\102\373\317
+\221\336\246\046\370\231\245\143\160\255\233\256\312\063\100\175
+\155\226\156\241\016\104\356\341\023\235\224\102\122\232\275\165
+\205\164\054\250\016\035\223\266\030\267\214\054\250\317\373\134
+\161\271\332\354\376\350\176\217\344\057\035\262\250\165\207\330
+\267\241\345\073\317\231\112\106\320\203\031\175\300\241\022\034
+\225\155\112\364\330\307\245\115\063\056\205\071\100\165\176\024
+\174\200\022\230\120\307\101\147\270\240\200\141\124\246\154\116
+\037\340\235\016\007\351\311\272\063\347\376\300\125\050\054\002
+\200\247\031\365\236\334\125\123\003\227\173\007\110\377\231\373
+\067\212\044\304\131\314\120\020\143\216\252\251\032\260\204\032
+\206\371\137\273\261\120\156\244\321\012\314\325\161\176\037\247
+\033\174\365\123\156\042\137\313\053\346\324\174\135\256\326\302
+\306\114\345\005\001\331\355\127\374\301\043\171\374\372\310\044
+\203\225\363\265\152\121\001\320\167\326\351\022\241\371\032\203
+\373\202\033\271\260\227\364\166\006\063\103\111\240\377\013\265
+\372\265\002\003\001\000\001\243\201\200\060\176\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\313\017\306\337\102\103\314\075
+\313\265\110\043\241\032\172\246\052\273\064\150\060\037\006\003
+\125\035\043\004\030\060\026\200\024\313\017\306\337\102\103\314
+\075\313\265\110\043\241\032\172\246\052\273\064\150\060\033\006
+\003\125\035\021\004\024\060\022\201\020\151\156\146\157\100\145
+\055\163\172\151\147\156\157\056\150\165\060\015\006\011\052\206
+\110\206\367\015\001\001\013\005\000\003\202\001\001\000\311\321
+\016\136\056\325\314\263\174\076\313\374\075\377\015\050\225\223
+\004\310\277\332\315\171\270\103\220\360\244\276\357\362\357\041
+\230\274\324\324\135\006\366\356\102\354\060\154\240\252\251\312
+\361\257\212\372\077\013\163\152\076\352\056\100\176\037\256\124
+\141\171\353\056\010\067\327\043\363\214\237\276\035\261\341\244
+\165\333\240\342\124\024\261\272\034\051\244\030\366\022\272\242
+\024\024\343\061\065\310\100\377\267\340\005\166\127\301\034\131
+\362\370\277\344\355\045\142\134\204\360\176\176\037\263\276\371
+\267\041\021\314\003\001\126\160\247\020\222\036\033\064\201\036
+\255\234\032\303\004\074\355\002\141\326\036\006\363\137\072\207
+\362\053\361\105\207\345\075\254\321\307\127\204\275\153\256\334
+\330\371\266\033\142\160\013\075\066\311\102\362\062\327\172\141
+\346\322\333\075\317\310\251\311\233\334\333\130\104\327\157\070
+\257\177\170\323\243\255\032\165\272\034\301\066\174\217\036\155
+\034\303\165\106\256\065\005\246\366\134\075\041\356\126\360\311
+\202\042\055\172\124\253\160\303\175\042\145\202\160\226
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Microsec e-Szigno Root CA 2009"
+# Issuer: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:c2:7e:43:04:4e:47:3f:19
+# Subject: E=info@e-szigno.hu,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Tue Jun 16 11:30:18 2009
+# Not Valid After : Sun Dec 30 11:30:18 2029
+# Fingerprint (MD5): F8:49:F4:03:BC:44:2D:83:BE:48:69:7D:29:64:FC:B1
+# Fingerprint (SHA1): 89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Microsec e-Szigno Root CA 2009"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\211\337\164\376\134\364\017\112\200\371\343\067\175\124\332\221
+\341\001\061\216
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\370\111\364\003\274\104\055\203\276\110\151\175\051\144\374\261
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\110\125
+\061\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160
+\145\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151
+\143\162\157\163\145\143\040\114\164\144\056\061\047\060\045\006
+\003\125\004\003\014\036\115\151\143\162\157\163\145\143\040\145
+\055\123\172\151\147\156\157\040\122\157\157\164\040\103\101\040
+\062\060\060\071\061\037\060\035\006\011\052\206\110\206\367\015
+\001\011\001\026\020\151\156\146\157\100\145\055\163\172\151\147
+\156\157\056\150\165
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\302\176\103\004\116\107\077\031
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GlobalSign Root CA - R3"
+#
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
+# Serial Number:04:00:00:00:00:01:21:58:53:08:a2
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
+# Not Valid Before: Wed Mar 18 10:00:00 2009
+# Not Valid After : Sun Mar 18 10:00:00 2029
+# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28
+# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign Root CA - R3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
+\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040
+\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
+\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040
+\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\041\130\123\010\242
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\137\060\202\002\107\240\003\002\001\002\002\013\004
+\000\000\000\000\001\041\130\123\010\242\060\015\006\011\052\206
+\110\206\367\015\001\001\013\005\000\060\114\061\040\060\036\006
+\003\125\004\013\023\027\107\154\157\142\141\154\123\151\147\156
+\040\122\157\157\164\040\103\101\040\055\040\122\063\061\023\060
+\021\006\003\125\004\012\023\012\107\154\157\142\141\154\123\151
+\147\156\061\023\060\021\006\003\125\004\003\023\012\107\154\157
+\142\141\154\123\151\147\156\060\036\027\015\060\071\060\063\061
+\070\061\060\060\060\060\060\132\027\015\062\071\060\063\061\070
+\061\060\060\060\060\060\132\060\114\061\040\060\036\006\003\125
+\004\013\023\027\107\154\157\142\141\154\123\151\147\156\040\122
+\157\157\164\040\103\101\040\055\040\122\063\061\023\060\021\006
+\003\125\004\012\023\012\107\154\157\142\141\154\123\151\147\156
+\061\023\060\021\006\003\125\004\003\023\012\107\154\157\142\141
+\154\123\151\147\156\060\202\001\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+\012\002\202\001\001\000\314\045\166\220\171\006\170\042\026\365
+\300\203\266\204\312\050\236\375\005\166\021\305\255\210\162\374
+\106\002\103\307\262\212\235\004\137\044\313\056\113\341\140\202
+\106\341\122\253\014\201\107\160\154\335\144\321\353\365\054\243
+\017\202\075\014\053\256\227\327\266\024\206\020\171\273\073\023
+\200\167\214\010\341\111\322\152\142\057\037\136\372\226\150\337
+\211\047\225\070\237\006\327\076\311\313\046\131\015\163\336\260
+\310\351\046\016\203\025\306\357\133\213\322\004\140\312\111\246
+\050\366\151\073\366\313\310\050\221\345\235\212\141\127\067\254
+\164\024\334\164\340\072\356\162\057\056\234\373\320\273\277\365
+\075\000\341\006\063\350\202\053\256\123\246\072\026\163\214\335
+\101\016\040\072\300\264\247\241\351\262\117\220\056\062\140\351
+\127\313\271\004\222\150\150\345\070\046\140\165\262\237\167\377
+\221\024\357\256\040\111\374\255\100\025\110\321\002\061\141\031
+\136\270\227\357\255\167\267\144\232\172\277\137\301\023\357\233
+\142\373\015\154\340\124\151\026\251\003\332\156\351\203\223\161
+\166\306\151\205\202\027\002\003\001\000\001\243\102\060\100\060
+\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\035\006\003\125\035\016\004\026\004\024\217\360\113\177\250
+\056\105\044\256\115\120\372\143\232\213\336\342\335\033\274\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
+\001\001\000\113\100\333\300\120\252\376\310\014\357\367\226\124
+\105\111\273\226\000\011\101\254\263\023\206\206\050\007\063\312
+\153\346\164\271\272\000\055\256\244\012\323\365\361\361\017\212
+\277\163\147\112\203\307\104\173\170\340\257\156\154\157\003\051
+\216\063\071\105\303\216\344\271\127\154\252\374\022\226\354\123
+\306\055\344\044\154\271\224\143\373\334\123\150\147\126\076\203
+\270\317\065\041\303\311\150\376\316\332\302\123\252\314\220\212
+\351\360\135\106\214\225\335\172\130\050\032\057\035\336\315\000
+\067\101\217\355\104\155\327\123\050\227\176\363\147\004\036\025
+\327\212\226\264\323\336\114\047\244\114\033\163\163\166\364\027
+\231\302\037\172\016\343\055\010\255\012\034\054\377\074\253\125
+\016\017\221\176\066\353\303\127\111\276\341\056\055\174\140\213
+\303\101\121\023\043\235\316\367\062\153\224\001\250\231\347\054
+\063\037\072\073\045\322\206\100\316\073\054\206\170\311\141\057
+\024\272\356\333\125\157\337\204\356\005\011\115\275\050\330\162
+\316\323\142\120\145\036\353\222\227\203\061\331\263\265\312\107
+\130\077\137
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "GlobalSign Root CA - R3"
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
+# Serial Number:04:00:00:00:00:01:21:58:53:08:a2
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3
+# Not Valid Before: Wed Mar 18 10:00:00 2009
+# Not Valid After : Sun Mar 18 10:00:00 2029
+# Fingerprint (MD5): C5:DF:B8:49:CA:05:13:55:EE:2D:BA:1A:C3:3E:B0:28
+# Fingerprint (SHA1): D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign Root CA - R3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\326\233\126\021\110\360\034\167\305\105\170\301\011\046\337\133
+\205\151\166\255
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\305\337\270\111\312\005\023\125\356\055\272\032\303\076\260\050
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
+\142\141\154\123\151\147\156\040\122\157\157\164\040\103\101\040
+\055\040\122\063\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\013\004\000\000\000\000\001\041\130\123\010\242
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+#
+# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
+# Serial Number:53:ec:3b:ee:fb:b2:48:5f
+# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
+# Not Valid Before: Wed May 20 08:38:15 2009
+# Not Valid After : Tue Dec 31 08:38:15 2030
+# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3
+# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151
+\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141
+\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163
+\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064
+\060\066\070
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151
+\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141
+\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163
+\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064
+\060\066\070
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\123\354\073\356\373\262\110\137
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\024\060\202\003\374\240\003\002\001\002\002\010\123
+\354\073\356\373\262\110\137\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\060\121\061\013\060\011\006\003\125\004
+\006\023\002\105\123\061\102\060\100\006\003\125\004\003\014\071
+\101\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162
+\164\151\146\151\143\141\143\151\157\156\040\106\151\162\155\141
+\160\162\157\146\145\163\151\157\156\141\154\040\103\111\106\040
+\101\066\062\066\063\064\060\066\070\060\036\027\015\060\071\060
+\065\062\060\060\070\063\070\061\065\132\027\015\063\060\061\062
+\063\061\060\070\063\070\061\065\132\060\121\061\013\060\011\006
+\003\125\004\006\023\002\105\123\061\102\060\100\006\003\125\004
+\003\014\071\101\165\164\157\162\151\144\141\144\040\144\145\040
+\103\145\162\164\151\146\151\143\141\143\151\157\156\040\106\151
+\162\155\141\160\162\157\146\145\163\151\157\156\141\154\040\103
+\111\106\040\101\066\062\066\063\064\060\066\070\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\312\226\153
+\216\352\370\373\361\242\065\340\177\114\332\340\303\122\327\175
+\266\020\310\002\136\263\103\052\304\117\152\262\312\034\135\050
+\232\170\021\032\151\131\127\257\265\040\102\344\213\017\346\337
+\133\246\003\222\057\365\021\344\142\327\062\161\070\331\004\014
+\161\253\075\121\176\017\007\337\143\005\134\351\277\224\157\301
+\051\202\300\264\332\121\260\301\074\273\255\067\112\134\312\361
+\113\066\016\044\253\277\303\204\167\375\250\120\364\261\347\306
+\057\322\055\131\215\172\012\116\226\151\122\002\252\066\230\354
+\374\372\024\203\014\067\037\311\222\067\177\327\201\055\345\304
+\271\340\076\064\376\147\364\076\146\321\323\364\100\317\136\142
+\064\017\160\006\076\040\030\132\316\367\162\033\045\154\223\164
+\024\223\243\163\261\016\252\207\020\043\131\137\040\005\031\107
+\355\150\216\222\022\312\135\374\326\053\262\222\074\040\317\341
+\137\257\040\276\240\166\177\166\345\354\032\206\141\063\076\347
+\173\264\077\240\017\216\242\271\152\157\271\207\046\157\101\154
+\210\246\120\375\152\143\013\365\223\026\033\031\217\262\355\233
+\233\311\220\365\001\014\337\031\075\017\076\070\043\311\057\217
+\014\321\002\376\033\125\326\116\320\215\074\257\117\244\363\376
+\257\052\323\005\235\171\010\241\313\127\061\264\234\310\220\262
+\147\364\030\026\223\072\374\107\330\321\170\226\061\037\272\053
+\014\137\135\231\255\143\211\132\044\040\166\330\337\375\253\116
+\246\042\252\235\136\346\047\212\175\150\051\243\347\212\270\332
+\021\273\027\055\231\235\023\044\106\367\305\342\330\237\216\177
+\307\217\164\155\132\262\350\162\365\254\356\044\020\255\057\024
+\332\377\055\232\106\161\107\276\102\337\273\001\333\364\177\323
+\050\217\061\131\133\323\311\002\246\264\122\312\156\227\373\103
+\305\010\046\157\212\364\273\375\237\050\252\015\325\105\363\023
+\072\035\330\300\170\217\101\147\074\036\224\144\256\173\013\305
+\350\331\001\210\071\032\227\206\144\101\325\073\207\014\156\372
+\017\306\275\110\024\277\071\115\324\236\101\266\217\226\035\143
+\226\223\331\225\006\170\061\150\236\067\006\073\200\211\105\141
+\071\043\307\033\104\243\025\345\034\370\222\060\273\002\003\001
+\000\001\243\201\357\060\201\354\060\022\006\003\125\035\023\001
+\001\377\004\010\060\006\001\001\377\002\001\001\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
+\125\035\016\004\026\004\024\145\315\353\253\065\036\000\076\176
+\325\164\300\034\264\163\107\016\032\144\057\060\201\246\006\003
+\125\035\040\004\201\236\060\201\233\060\201\230\006\004\125\035
+\040\000\060\201\217\060\057\006\010\053\006\001\005\005\007\002
+\001\026\043\150\164\164\160\072\057\057\167\167\167\056\146\151
+\162\155\141\160\162\157\146\145\163\151\157\156\141\154\056\143
+\157\155\057\143\160\163\060\134\006\010\053\006\001\005\005\007
+\002\002\060\120\036\116\000\120\000\141\000\163\000\145\000\157
+\000\040\000\144\000\145\000\040\000\154\000\141\000\040\000\102
+\000\157\000\156\000\141\000\156\000\157\000\166\000\141\000\040
+\000\064\000\067\000\040\000\102\000\141\000\162\000\143\000\145
+\000\154\000\157\000\156\000\141\000\040\000\060\000\070\000\060
+\000\061\000\067\060\015\006\011\052\206\110\206\367\015\001\001
+\005\005\000\003\202\002\001\000\027\175\240\371\264\335\305\305
+\353\255\113\044\265\241\002\253\335\245\210\112\262\017\125\113
+\053\127\214\073\345\061\335\376\304\062\361\347\133\144\226\066
+\062\030\354\245\062\167\327\343\104\266\300\021\052\200\271\075
+\152\156\174\233\323\255\374\303\326\243\346\144\051\174\321\341
+\070\036\202\053\377\047\145\257\373\026\025\304\056\161\204\345
+\265\377\372\244\107\275\144\062\273\366\045\204\242\047\102\365
+\040\260\302\023\020\021\315\020\025\272\102\220\052\322\104\341
+\226\046\353\061\110\022\375\052\332\311\006\317\164\036\251\113
+\325\207\050\371\171\064\222\076\056\104\350\366\217\117\217\065
+\077\045\263\071\334\143\052\220\153\040\137\304\122\022\116\227
+\054\052\254\235\227\336\110\362\243\146\333\302\322\203\225\246
+\146\247\236\045\017\351\013\063\221\145\012\132\303\331\124\022
+\335\257\303\116\016\037\046\136\015\334\263\215\354\325\201\160
+\336\322\117\044\005\363\154\116\365\114\111\146\215\321\377\322
+\013\045\101\110\376\121\204\306\102\257\200\004\317\320\176\144
+\111\344\362\337\242\354\261\114\300\052\035\347\264\261\145\242
+\304\274\361\230\364\252\160\007\143\264\270\332\073\114\372\100
+\042\060\133\021\246\360\005\016\306\002\003\110\253\206\233\205
+\335\333\335\352\242\166\200\163\175\365\234\004\304\105\215\347
+\271\034\213\236\352\327\165\321\162\261\336\165\104\347\102\175
+\342\127\153\175\334\231\274\075\203\050\352\200\223\215\305\114
+\145\301\160\201\270\070\374\103\061\262\366\003\064\107\262\254
+\373\042\006\313\036\335\027\107\034\137\146\271\323\032\242\332
+\021\261\244\274\043\311\344\276\207\377\271\224\266\370\135\040
+\112\324\137\347\275\150\173\145\362\025\036\322\072\251\055\351
+\330\153\044\254\227\130\104\107\255\131\030\361\041\145\160\336
+\316\064\140\250\100\361\363\074\244\303\050\043\214\376\047\063
+\103\100\240\027\074\353\352\073\260\162\246\243\271\112\113\136
+\026\110\364\262\274\310\214\222\305\235\237\254\162\066\274\064
+\200\064\153\251\213\222\300\270\027\355\354\166\123\365\044\001
+\214\263\042\350\113\174\125\306\235\372\243\024\273\145\205\156
+\156\117\022\176\012\074\235\225
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
+# Serial Number:53:ec:3b:ee:fb:b2:48:5f
+# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,C=ES
+# Not Valid Before: Wed May 20 08:38:15 2009
+# Not Valid After : Tue Dec 31 08:38:15 2030
+# Fingerprint (MD5): 73:3A:74:7A:EC:BB:A3:96:A6:C2:E4:E2:C8:9B:C0:C3
+# Fingerprint (SHA1): AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\256\305\373\077\310\341\277\304\345\117\003\007\132\232\350\000
+\267\367\266\372
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\163\072\164\172\354\273\243\226\246\302\344\342\310\233\300\303
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\102\060\100\006\003\125\004\003\014\071\101\165\164\157\162\151
+\144\141\144\040\144\145\040\103\145\162\164\151\146\151\143\141
+\143\151\157\156\040\106\151\162\155\141\160\162\157\146\145\163
+\151\157\156\141\154\040\103\111\106\040\101\066\062\066\063\064
+\060\066\070
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\123\354\073\356\373\262\110\137
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Izenpe.com"
+#
+# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES
+# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d
+# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES
+# Not Valid Before: Thu Dec 13 13:08:28 2007
+# Not Valid After : Sun Dec 13 08:27:25 2037
+# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73
+# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Izenpe.com"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105
+\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012
+\111\172\145\156\160\145\056\143\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105
+\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012
+\111\172\145\156\160\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031
+\346\175
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\361\060\202\003\331\240\003\002\001\002\002\020\000
+\260\267\132\026\110\137\277\341\313\365\213\327\031\346\175\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\070
+\061\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060
+\022\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123
+\056\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172
+\145\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062
+\061\063\061\063\060\070\062\070\132\027\015\063\067\061\062\061
+\063\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003
+\125\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012
+\014\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060
+\021\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143
+\157\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152
+\261\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171
+\001\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244
+\054\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216
+\305\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231
+\025\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014
+\262\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207
+\056\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267
+\335\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301
+\106\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127
+\271\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074
+\040\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174
+\205\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003
+\310\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341
+\304\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340
+\011\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376
+\046\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204
+\203\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046
+\312\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020
+\254\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265
+\361\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251
+\157\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215
+\006\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242
+\372\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353
+\336\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013
+\206\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360
+\366\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044
+\114\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001
+\100\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114
+\212\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215
+\277\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176
+\034\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354
+\107\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201
+\260\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156
+\146\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221
+\060\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132
+\105\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040
+\101\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056
+\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040
+\124\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101
+\006\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040
+\115\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157
+\162\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061
+\060\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151
+\172\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002
+\001\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145
+\016\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154
+\005\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000
+\003\202\002\001\000\170\246\014\026\112\237\114\210\072\300\313
+\016\245\026\175\237\271\110\137\030\217\015\142\066\366\315\031
+\153\254\253\325\366\221\175\256\161\363\077\263\016\170\205\233
+\225\244\047\041\107\102\112\174\110\072\365\105\174\263\014\216
+\121\170\254\225\023\336\306\375\175\270\032\220\114\253\222\003
+\307\355\102\001\316\017\330\261\372\242\222\341\140\155\256\172
+\153\011\252\306\051\356\150\111\147\060\200\044\172\061\026\071
+\133\176\361\034\056\335\154\011\255\362\061\301\202\116\271\273
+\371\276\277\052\205\077\300\100\243\072\131\374\131\113\074\050
+\044\333\264\025\165\256\015\210\272\056\163\300\275\130\207\345
+\102\362\353\136\356\036\060\042\231\313\067\321\304\041\154\201
+\354\276\155\046\346\034\344\102\040\236\107\260\254\203\131\160
+\054\065\326\257\066\064\264\315\073\370\062\250\357\343\170\211
+\373\215\105\054\332\234\270\176\100\034\141\347\076\242\222\054
+\113\362\315\372\230\266\051\377\363\362\173\251\037\056\240\223
+\127\053\336\205\003\371\151\067\313\236\170\152\005\264\305\061
+\170\211\354\172\247\205\341\271\173\074\336\276\036\171\204\316
+\237\160\016\131\302\065\056\220\052\061\331\344\105\172\101\244
+\056\023\233\064\016\146\173\111\253\144\227\320\106\303\171\235
+\162\120\143\246\230\133\006\275\110\155\330\071\203\160\350\065
+\360\005\321\252\274\343\333\310\002\352\174\375\202\332\302\133
+\122\065\256\230\072\255\272\065\223\043\247\037\110\335\065\106
+\230\262\020\150\344\245\061\302\012\130\056\031\201\020\311\120
+\165\374\352\132\026\316\021\327\356\357\120\210\055\141\377\077
+\102\163\005\224\103\325\216\074\116\001\072\031\245\037\106\116
+\167\320\135\345\201\042\041\207\376\224\175\204\330\223\255\326
+\150\103\110\262\333\353\163\044\347\221\177\124\244\266\200\076
+\235\243\074\114\162\302\127\304\240\324\314\070\047\316\325\006
+\236\242\110\331\351\237\316\202\160\066\223\232\073\337\226\041
+\343\131\267\014\332\221\067\360\375\131\132\263\231\310\151\154
+\103\046\001\065\143\140\125\211\003\072\165\330\272\112\331\124
+\377\356\336\200\330\055\321\070\325\136\055\013\230\175\076\154
+\333\374\046\210\307
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Izenpe.com"
+# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES
+# Serial Number:00:b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d
+# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES
+# Not Valid Before: Thu Dec 13 13:08:28 2007
+# Not Valid After : Sun Dec 13 08:27:25 2037
+# Fingerprint (MD5): A6:B0:CD:85:80:DA:5C:50:34:A3:39:90:2F:55:67:73
+# Fingerprint (SHA1): 2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Izenpe.com"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\057\170\075\045\122\030\247\112\145\071\161\265\054\242\234\105
+\025\157\351\031
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\246\260\315\205\200\332\134\120\064\243\071\220\057\125\147\163
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105
+\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012
+\111\172\145\156\160\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\000\260\267\132\026\110\137\277\341\313\365\213\327\031
+\346\175
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Chambers of Commerce Root - 2008"
+#
+# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Serial Number:00:a3:da:42:7e:a4:b1:ae:da
+# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Not Valid Before: Fri Aug 01 12:29:50 2008
+# Not Valid After : Sat Jul 31 12:29:50 2038
+# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7
+# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Chambers of Commerce Root - 2008"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125
+\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151
+\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141
+\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141
+\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144
+\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011
+\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125
+\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155
+\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023
+\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155
+\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060
+\070
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125
+\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151
+\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141
+\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141
+\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144
+\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011
+\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125
+\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155
+\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023
+\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155
+\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060
+\070
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\243\332\102\176\244\261\256\332
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\117\060\202\005\067\240\003\002\001\002\002\011\000
+\243\332\102\176\244\261\256\332\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\060\201\256\061\013\060\011\006\003
+\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007
+\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165
+\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164
+\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056
+\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020
+\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067
+\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141
+\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051\060
+\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162\163
+\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157\157
+\164\040\055\040\062\060\060\070\060\036\027\015\060\070\060\070
+\060\061\061\062\062\071\065\060\132\027\015\063\070\060\067\063
+\061\061\062\062\071\065\060\132\060\201\256\061\013\060\011\006
+\003\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004
+\007\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143
+\165\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141
+\164\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141
+\056\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060
+\020\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070
+\067\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103
+\141\155\145\162\146\151\162\155\141\040\123\056\101\056\061\051
+\060\047\006\003\125\004\003\023\040\103\150\141\155\142\145\162
+\163\040\157\146\040\103\157\155\155\145\162\143\145\040\122\157
+\157\164\040\055\040\062\060\060\070\060\202\002\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017
+\000\060\202\002\012\002\202\002\001\000\257\000\313\160\067\053
+\200\132\112\072\154\170\224\175\243\177\032\037\366\065\325\275
+\333\313\015\104\162\076\046\262\220\122\272\143\073\050\130\157
+\245\263\155\224\246\363\335\144\014\125\366\366\347\362\042\042
+\200\136\341\142\306\266\051\341\201\154\362\277\345\175\062\152
+\124\240\062\031\131\376\037\213\327\075\140\206\205\044\157\343
+\021\263\167\076\040\226\065\041\153\263\010\331\160\056\144\367
+\204\222\123\326\016\260\220\212\212\343\207\215\006\323\275\220
+\016\342\231\241\033\206\016\332\232\012\273\013\141\120\006\122
+\361\236\177\166\354\313\017\320\036\015\317\231\060\075\034\304
+\105\020\130\254\326\323\350\327\345\352\305\001\007\167\326\121
+\346\003\177\212\110\245\115\150\165\271\351\274\236\116\031\161
+\365\062\113\234\155\140\031\013\373\314\235\165\334\277\046\315
+\217\223\170\071\171\163\136\045\016\312\134\353\167\022\007\313
+\144\101\107\162\223\253\120\303\353\011\166\144\064\322\071\267
+\166\021\011\015\166\105\304\251\256\075\152\257\265\175\145\057
+\224\130\020\354\134\174\257\176\342\266\030\331\320\233\116\132
+\111\337\251\146\013\314\074\306\170\174\247\234\035\343\316\216
+\123\276\005\336\140\017\153\345\032\333\077\343\341\041\311\051
+\301\361\353\007\234\122\033\001\104\121\074\173\045\327\304\345
+\122\124\135\045\007\312\026\040\270\255\344\101\356\172\010\376
+\231\157\203\246\221\002\260\154\066\125\152\347\175\365\226\346
+\312\201\326\227\361\224\203\351\355\260\261\153\022\151\036\254
+\373\135\251\305\230\351\264\133\130\172\276\075\242\104\072\143
+\131\324\013\045\336\033\117\275\345\001\236\315\322\051\325\237
+\027\031\012\157\277\014\220\323\011\137\331\343\212\065\314\171
+\132\115\031\067\222\267\304\301\255\257\364\171\044\232\262\001
+\013\261\257\134\226\363\200\062\373\134\075\230\361\240\077\112
+\336\276\257\224\056\331\125\232\027\156\140\235\143\154\270\143
+\311\256\201\134\030\065\340\220\273\276\074\117\067\042\271\176
+\353\317\236\167\041\246\075\070\201\373\110\332\061\075\053\343
+\211\365\320\265\275\176\340\120\304\022\211\263\043\232\020\061
+\205\333\256\157\357\070\063\030\166\021\002\003\001\000\001\243
+\202\001\154\060\202\001\150\060\022\006\003\125\035\023\001\001
+\377\004\010\060\006\001\001\377\002\001\014\060\035\006\003\125
+\035\016\004\026\004\024\371\044\254\017\262\265\370\171\300\372
+\140\210\033\304\331\115\002\236\027\031\060\201\343\006\003\125
+\035\043\004\201\333\060\201\330\200\024\371\044\254\017\262\265
+\370\171\300\372\140\210\033\304\331\115\002\236\027\031\241\201
+\264\244\201\261\060\201\256\061\013\060\011\006\003\125\004\006
+\023\002\105\125\061\103\060\101\006\003\125\004\007\023\072\115
+\141\144\162\151\144\040\050\163\145\145\040\143\165\162\162\145
+\156\164\040\141\144\144\162\145\163\163\040\141\164\040\167\167
+\167\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155
+\057\141\144\144\162\145\163\163\051\061\022\060\020\006\003\125
+\004\005\023\011\101\070\062\067\064\063\062\070\067\061\033\060
+\031\006\003\125\004\012\023\022\101\103\040\103\141\155\145\162
+\146\151\162\155\141\040\123\056\101\056\061\051\060\047\006\003
+\125\004\003\023\040\103\150\141\155\142\145\162\163\040\157\146
+\040\103\157\155\155\145\162\143\145\040\122\157\157\164\040\055
+\040\062\060\060\070\202\011\000\243\332\102\176\244\261\256\332
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\075\006\003\125\035\040\004\066\060\064\060\062\006\004\125
+\035\040\000\060\052\060\050\006\010\053\006\001\005\005\007\002
+\001\026\034\150\164\164\160\072\057\057\160\157\154\151\143\171
+\056\143\141\155\145\162\146\151\162\155\141\056\143\157\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\002\001\000\220\022\257\042\065\302\243\071\360\056\336\351\265
+\351\170\174\110\276\077\175\105\222\136\351\332\261\031\374\026
+\074\237\264\133\146\236\152\347\303\271\135\210\350\017\255\317
+\043\017\336\045\072\136\314\117\245\301\265\055\254\044\322\130
+\007\336\242\317\151\204\140\063\350\020\015\023\251\043\320\205
+\345\216\173\246\236\075\162\023\162\063\365\252\175\306\143\037
+\010\364\376\001\177\044\317\053\054\124\011\336\342\053\155\222
+\306\071\117\026\352\074\176\172\106\324\105\152\106\250\353\165
+\202\126\247\253\240\174\150\023\063\366\235\060\360\157\047\071
+\044\043\052\220\375\220\051\065\362\223\337\064\245\306\367\370
+\357\214\017\142\112\174\256\323\365\124\370\215\266\232\126\207
+\026\202\072\063\253\132\042\010\367\202\272\352\056\340\107\232
+\264\265\105\243\005\073\331\334\056\105\100\073\352\334\177\350
+\073\353\321\354\046\330\065\244\060\305\072\254\127\236\263\166
+\245\040\173\371\036\112\005\142\001\246\050\165\140\227\222\015
+\156\076\115\067\103\015\222\025\234\030\042\315\121\231\240\051
+\032\074\137\212\062\063\133\060\307\211\057\107\230\017\243\003
+\306\366\361\254\337\062\360\331\201\032\344\234\275\366\200\024
+\360\321\054\271\205\365\330\243\261\310\245\041\345\034\023\227
+\356\016\275\337\051\251\357\064\123\133\323\344\152\023\204\006
+\266\062\002\304\122\256\042\322\334\262\041\102\032\332\100\360
+\051\311\354\012\014\134\342\320\272\314\110\323\067\012\314\022
+\012\212\171\260\075\003\177\151\113\364\064\040\175\263\064\352
+\216\113\144\365\076\375\263\043\147\025\015\004\270\360\055\301
+\011\121\074\262\154\025\360\245\043\327\203\164\344\345\056\311
+\376\230\047\102\306\253\306\236\260\320\133\070\245\233\120\336
+\176\030\230\265\105\073\366\171\264\350\367\032\173\006\203\373
+\320\213\332\273\307\275\030\253\010\157\074\200\153\100\077\031
+\031\272\145\212\346\276\325\134\323\066\327\357\100\122\044\140
+\070\147\004\061\354\217\363\202\306\336\271\125\363\073\061\221
+\132\334\265\010\025\255\166\045\012\015\173\056\207\342\014\246
+\006\274\046\020\155\067\235\354\335\170\214\174\200\305\360\331
+\167\110\320
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Chambers of Commerce Root - 2008"
+# Issuer: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Serial Number:00:a3:da:42:7e:a4:b1:ae:da
+# Subject: CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Not Valid Before: Fri Aug 01 12:29:50 2008
+# Not Valid After : Sat Jul 31 12:29:50 2038
+# Fingerprint (MD5): 5E:80:9E:84:5A:0E:65:0B:17:02:F3:55:18:2A:3E:D7
+# Fingerprint (SHA1): 78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Chambers of Commerce Root - 2008"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\170\152\164\254\166\253\024\177\234\152\060\120\272\236\250\176
+\376\232\316\074
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\136\200\236\204\132\016\145\013\027\002\363\125\030\052\076\327
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\256\061\013\060\011\006\003\125\004\006\023\002\105\125
+\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151
+\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141
+\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141
+\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144
+\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011
+\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125
+\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155
+\141\040\123\056\101\056\061\051\060\047\006\003\125\004\003\023
+\040\103\150\141\155\142\145\162\163\040\157\146\040\103\157\155
+\155\145\162\143\145\040\122\157\157\164\040\055\040\062\060\060
+\070
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\243\332\102\176\244\261\256\332
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Global Chambersign Root - 2008"
+#
+# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce
+# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Not Valid Before: Fri Aug 01 12:31:40 2008
+# Not Valid After : Sat Jul 31 12:31:40 2038
+# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3
+# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Global Chambersign Root - 2008"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125
+\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151
+\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141
+\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141
+\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144
+\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011
+\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125
+\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155
+\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023
+\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163
+\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125
+\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151
+\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141
+\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141
+\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144
+\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011
+\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125
+\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155
+\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023
+\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163
+\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\311\315\323\351\325\175\043\316
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\111\060\202\005\061\240\003\002\001\002\002\011\000
+\311\315\323\351\325\175\043\316\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\060\201\254\061\013\060\011\006\003
+\125\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007
+\023\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165
+\162\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164
+\040\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056
+\143\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020
+\006\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067
+\061\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141
+\155\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060
+\045\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103
+\150\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040
+\055\040\062\060\060\070\060\036\027\015\060\070\060\070\060\061
+\061\062\063\061\064\060\132\027\015\063\070\060\067\063\061\061
+\062\063\061\064\060\132\060\201\254\061\013\060\011\006\003\125
+\004\006\023\002\105\125\061\103\060\101\006\003\125\004\007\023
+\072\115\141\144\162\151\144\040\050\163\145\145\040\143\165\162
+\162\145\156\164\040\141\144\144\162\145\163\163\040\141\164\040
+\167\167\167\056\143\141\155\145\162\146\151\162\155\141\056\143
+\157\155\057\141\144\144\162\145\163\163\051\061\022\060\020\006
+\003\125\004\005\023\011\101\070\062\067\064\063\062\070\067\061
+\033\060\031\006\003\125\004\012\023\022\101\103\040\103\141\155
+\145\162\146\151\162\155\141\040\123\056\101\056\061\047\060\045
+\006\003\125\004\003\023\036\107\154\157\142\141\154\040\103\150
+\141\155\142\145\162\163\151\147\156\040\122\157\157\164\040\055
+\040\062\060\060\070\060\202\002\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002
+\012\002\202\002\001\000\300\337\126\323\344\072\233\166\105\264
+\023\333\377\301\266\031\213\067\101\030\225\122\107\353\027\235
+\051\210\216\065\154\006\062\056\107\142\363\111\004\277\175\104
+\066\261\161\314\275\132\011\163\325\331\205\104\377\221\127\045
+\337\136\066\216\160\321\134\161\103\035\331\332\357\134\322\373
+\033\275\072\265\313\255\243\314\104\247\015\256\041\025\077\271
+\172\133\222\165\330\244\022\070\211\031\212\267\200\322\342\062
+\157\126\234\221\326\210\020\013\263\164\144\222\164\140\363\366
+\317\030\117\140\262\043\320\307\073\316\141\113\231\217\302\014
+\320\100\262\230\334\015\250\116\243\271\012\256\140\240\255\105
+\122\143\272\146\275\150\340\371\276\032\250\201\273\036\101\170
+\165\323\301\376\000\125\260\207\124\350\047\220\065\035\114\063
+\255\227\374\227\056\230\204\277\054\311\243\277\321\230\021\024
+\355\143\370\312\230\210\130\027\231\355\105\003\227\176\074\206
+\036\210\214\276\362\221\204\217\145\064\330\000\114\175\267\061
+\027\132\051\172\012\030\044\060\243\067\265\172\251\001\175\046
+\326\371\016\216\131\361\375\033\063\265\051\073\027\073\101\266
+\041\335\324\300\075\245\237\237\037\103\120\311\273\274\154\172
+\227\230\356\315\214\037\373\234\121\256\213\160\275\047\237\161
+\300\153\254\175\220\146\350\327\135\072\015\260\325\302\215\325
+\310\235\235\301\155\320\320\277\121\344\343\370\303\070\066\256
+\326\247\165\346\257\204\103\135\223\222\014\152\007\336\073\035
+\230\042\326\254\301\065\333\243\240\045\377\162\265\166\035\336
+\155\351\054\146\054\122\204\320\105\222\316\034\345\345\063\035
+\334\007\123\124\243\252\202\073\232\067\057\334\335\240\144\351
+\346\335\275\256\374\144\205\035\074\247\311\006\336\204\377\153
+\350\153\032\074\305\242\263\102\373\213\011\076\137\010\122\307
+\142\304\324\005\161\277\304\144\344\370\241\203\350\076\022\233
+\250\036\324\066\115\057\161\366\215\050\366\203\251\023\322\141
+\301\221\273\110\300\064\217\101\214\113\114\333\151\022\377\120
+\224\234\040\203\131\163\355\174\241\362\361\375\335\367\111\323
+\103\130\240\126\143\312\075\075\345\065\126\131\351\016\312\040
+\314\053\113\223\051\017\002\003\001\000\001\243\202\001\152\060
+\202\001\146\060\022\006\003\125\035\023\001\001\377\004\010\060
+\006\001\001\377\002\001\014\060\035\006\003\125\035\016\004\026
+\004\024\271\011\312\234\036\333\323\154\072\153\256\355\124\361
+\133\223\006\065\056\136\060\201\341\006\003\125\035\043\004\201
+\331\060\201\326\200\024\271\011\312\234\036\333\323\154\072\153
+\256\355\124\361\133\223\006\065\056\136\241\201\262\244\201\257
+\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125
+\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151
+\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141
+\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141
+\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144
+\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011
+\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125
+\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155
+\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023
+\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163
+\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070\202
+\011\000\311\315\323\351\325\175\043\316\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\075\006\003\125\035
+\040\004\066\060\064\060\062\006\004\125\035\040\000\060\052\060
+\050\006\010\053\006\001\005\005\007\002\001\026\034\150\164\164
+\160\072\057\057\160\157\154\151\143\171\056\143\141\155\145\162
+\146\151\162\155\141\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\002\001\000\200\210\177
+\160\336\222\050\331\005\224\106\377\220\127\251\361\057\337\032
+\015\153\372\174\016\034\111\044\171\047\330\106\252\157\051\131
+\122\210\160\022\352\335\075\365\233\123\124\157\341\140\242\250
+\011\271\354\353\131\174\306\065\361\334\030\351\361\147\345\257
+\272\105\340\011\336\312\104\017\302\027\016\167\221\105\172\063
+\137\137\226\054\150\213\301\107\217\230\233\075\300\354\313\365
+\325\202\222\204\065\321\276\066\070\126\162\061\133\107\055\252
+\027\244\143\121\353\012\001\255\177\354\165\236\313\241\037\361
+\177\022\261\271\344\144\177\147\326\043\052\364\270\071\135\230
+\350\041\247\341\275\075\102\032\164\232\160\257\150\154\120\135
+\111\317\377\373\016\135\346\054\107\327\201\072\131\000\265\163
+\153\143\040\366\061\105\010\071\016\364\160\176\100\160\132\077
+\320\153\102\251\164\075\050\057\002\155\165\162\225\011\215\110
+\143\306\306\043\127\222\223\136\065\301\215\371\012\367\054\235
+\142\034\366\255\174\335\246\061\036\266\261\307\176\205\046\372
+\244\152\265\332\143\060\321\357\223\067\262\146\057\175\005\367
+\347\267\113\230\224\065\300\331\072\051\301\235\262\120\063\035
+\112\251\132\246\311\003\357\355\364\347\250\156\212\264\127\204
+\353\244\077\320\356\252\252\207\133\143\350\223\342\153\250\324
+\270\162\170\153\033\355\071\344\135\313\233\252\207\325\117\116
+\000\376\331\152\237\074\061\017\050\002\001\175\230\350\247\260
+\242\144\236\171\370\110\362\025\251\314\346\310\104\353\077\170
+\231\362\173\161\076\074\361\230\247\305\030\022\077\346\273\050
+\063\102\351\105\012\174\155\362\206\171\057\305\202\031\175\011
+\211\174\262\124\166\210\256\336\301\363\314\341\156\333\061\326
+\223\256\231\240\357\045\152\163\230\211\133\072\056\023\210\036
+\277\300\222\224\064\033\343\047\267\213\036\157\102\377\347\351
+\067\233\120\035\055\242\371\002\356\313\130\130\072\161\274\150
+\343\252\301\257\034\050\037\242\334\043\145\077\201\352\256\231
+\323\330\060\317\023\015\117\025\311\204\274\247\110\055\370\060
+\043\167\330\106\113\171\155\366\214\355\072\177\140\021\170\364
+\351\233\256\325\124\300\164\200\321\013\102\237\301
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Global Chambersign Root - 2008"
+# Issuer: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Serial Number:00:c9:cd:d3:e9:d5:7d:23:ce
+# Subject: CN=Global Chambersign Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
+# Not Valid Before: Fri Aug 01 12:31:40 2008
+# Not Valid After : Sat Jul 31 12:31:40 2038
+# Fingerprint (MD5): 9E:80:FF:78:01:0C:2E:C1:36:BD:FE:96:90:6E:08:F3
+# Fingerprint (SHA1): 4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Global Chambersign Root - 2008"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\112\275\356\354\225\015\065\234\211\256\307\122\241\054\133\051
+\366\326\252\014
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\236\200\377\170\001\014\056\301\066\275\376\226\220\156\010\363
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\013\060\011\006\003\125\004\006\023\002\105\125
+\061\103\060\101\006\003\125\004\007\023\072\115\141\144\162\151
+\144\040\050\163\145\145\040\143\165\162\162\145\156\164\040\141
+\144\144\162\145\163\163\040\141\164\040\167\167\167\056\143\141
+\155\145\162\146\151\162\155\141\056\143\157\155\057\141\144\144
+\162\145\163\163\051\061\022\060\020\006\003\125\004\005\023\011
+\101\070\062\067\064\063\062\070\067\061\033\060\031\006\003\125
+\004\012\023\022\101\103\040\103\141\155\145\162\146\151\162\155
+\141\040\123\056\101\056\061\047\060\045\006\003\125\004\003\023
+\036\107\154\157\142\141\154\040\103\150\141\155\142\145\162\163
+\151\147\156\040\122\157\157\164\040\055\040\062\060\060\070
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\311\315\323\351\325\175\043\316
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Mozilla Addons"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
+# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
+# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Mozilla Addons"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\342\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\033\060\031\006\003\125\004
+\003\023\022\141\144\144\157\156\163\056\155\157\172\151\154\154
+\141\056\157\162\147
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
+\362\077\103
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\370\060\202\004\340\240\003\002\001\002\002\021\000
+\222\071\325\064\217\100\321\151\132\164\124\160\341\362\077\103
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\342\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\033\060\031\006\003\125\004\003\023\022\141\144\144\157
+\156\163\056\155\157\172\151\154\154\141\056\157\162\147\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\253
+\306\155\066\363\025\163\170\203\163\316\164\205\325\256\354\262
+\360\340\044\037\023\203\270\040\254\273\232\376\210\273\253\241
+\035\013\037\105\000\252\111\267\065\067\014\152\357\107\114\271
+\321\276\343\127\022\004\215\222\307\266\354\001\274\266\332\307
+\201\070\040\255\162\205\346\016\374\201\154\007\255\150\166\070
+\305\104\327\314\306\112\305\227\076\144\364\121\346\360\176\262
+\354\126\367\045\202\115\111\230\313\026\230\335\043\361\211\221
+\321\027\227\100\231\046\326\342\242\053\136\337\275\211\362\033
+\032\123\055\314\120\101\172\320\075\052\014\125\160\024\001\351
+\130\111\020\172\013\223\202\213\341\036\355\072\200\020\202\316
+\226\212\064\360\314\327\323\271\264\120\207\125\124\011\270\235
+\102\050\125\000\345\214\065\124\277\335\045\221\106\267\015\345
+\135\203\250\345\213\373\204\344\074\256\166\332\304\103\053\133
+\164\013\370\276\135\150\361\170\133\265\316\175\361\135\231\100
+\332\312\356\070\201\120\276\230\241\154\270\044\255\363\257\214
+\017\327\021\050\054\204\030\114\175\265\331\217\060\265\033\002
+\003\001\000\001\243\202\001\360\060\202\001\354\060\037\006\003
+\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050\230
+\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035\006
+\003\125\035\016\004\026\004\024\335\200\322\124\075\367\114\160
+\312\243\260\335\064\172\062\344\350\073\132\073\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006\003
+\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125\035
+\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001\006
+\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035\040
+\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061\001
+\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005\007
+\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143\165
+\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103\120
+\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240\066
+\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056\143
+\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116\055
+\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167\141
+\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150\164
+\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157\056
+\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060\161
+\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060\073
+\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160
+\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141\056
+\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164\123
+\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010\053
+\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057\057
+\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143\157
+\155\060\065\006\003\125\035\021\004\056\060\054\202\022\141\144
+\144\157\156\163\056\155\157\172\151\154\154\141\056\157\162\147
+\202\026\167\167\167\056\141\144\144\157\156\163\056\155\157\172
+\151\154\154\141\056\157\162\147\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\001\001\000\063\073\143\025
+\374\261\354\024\054\223\335\165\224\336\201\132\331\116\231\276
+\373\112\244\071\125\115\241\100\172\336\023\052\207\251\067\317
+\350\325\373\255\321\173\155\157\214\040\207\202\124\346\127\111
+\274\040\050\204\315\326\001\331\223\213\027\156\043\146\345\204
+\310\200\077\306\241\160\200\344\354\115\035\371\374\221\132\163
+\142\051\232\367\040\034\141\340\213\071\237\312\274\176\215\335
+\274\331\261\343\237\236\337\025\123\221\041\122\013\331\032\043
+\017\146\066\333\254\223\226\112\243\245\042\317\051\367\242\231
+\250\366\266\331\100\256\331\176\266\366\130\056\233\254\066\312
+\144\217\145\122\334\206\234\202\253\156\120\113\332\137\372\005
+\000\210\060\016\336\215\126\277\201\107\215\075\006\342\262\142
+\222\147\217\236\310\232\262\345\006\270\160\044\270\167\174\043
+\012\070\303\171\010\330\261\121\235\254\225\021\307\100\027\236
+\243\034\217\362\021\247\150\047\332\111\005\204\030\174\130\055
+\001\147\134\345\237\241\051\273\112\071\105\057\277\021\252\171
+\242\355\264\324\265\145\103\267\223\106\212\323
+END
+
+# Trust for Certificate "Bogus Mozilla Addons"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43
+# Subject: CN=addons.mozilla.org,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 84:C5:18:67:1F:2A:1A:90:BE:E2:B1:18:4F:03:00:32
+# Fingerprint (SHA1): 30:5F:8B:D1:7A:A2:CB:C4:83:A4:C4:1B:19:A3:9A:0C:75:DA:39:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Mozilla Addons"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\060\137\213\321\172\242\313\304\203\244\304\033\031\243\232\014
+\165\332\071\326
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\204\305\030\147\037\052\032\220\276\342\261\030\117\003\000\062
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\222\071\325\064\217\100\321\151\132\164\124\160\341
+\362\077\103
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Global Trustee"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
+# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
+# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Global Trustee"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\343\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\016\060\014\006\003\125\004\007\023\005\124\141\155
+\160\141\061\027\060\025\006\003\125\004\011\023\016\123\145\141
+\040\126\151\154\154\141\147\145\040\061\060\061\027\060\025\006
+\003\125\004\012\023\016\107\154\157\142\141\154\040\124\162\165
+\163\164\145\145\061\027\060\025\006\003\125\004\013\023\016\107
+\154\157\142\141\154\040\124\162\165\163\164\145\145\061\050\060
+\046\006\003\125\004\013\023\037\110\157\163\164\145\144\040\142
+\171\040\107\124\111\040\107\162\157\165\160\040\103\157\162\160
+\157\162\141\164\151\157\156\061\024\060\022\006\003\125\004\013
+\023\013\120\154\141\164\151\156\165\155\123\123\114\061\027\060
+\025\006\003\125\004\003\023\016\147\154\157\142\141\154\040\164
+\162\165\163\164\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
+\070\057\260
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\335\060\202\005\305\240\003\002\001\002\002\021\000
+\330\363\137\116\267\207\053\055\253\006\222\343\025\070\057\260
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\343\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\016\060\014\006
+\003\125\004\007\023\005\124\141\155\160\141\061\027\060\025\006
+\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141\147
+\145\040\061\060\061\027\060\025\006\003\125\004\012\023\016\107
+\154\157\142\141\154\040\124\162\165\163\164\145\145\061\027\060
+\025\006\003\125\004\013\023\016\107\154\157\142\141\154\040\124
+\162\165\163\164\145\145\061\050\060\046\006\003\125\004\013\023
+\037\110\157\163\164\145\144\040\142\171\040\107\124\111\040\107
+\162\157\165\160\040\103\157\162\160\157\162\141\164\151\157\156
+\061\024\060\022\006\003\125\004\013\023\013\120\154\141\164\151
+\156\165\155\123\123\114\061\027\060\025\006\003\125\004\003\023
+\016\147\154\157\142\141\154\040\164\162\165\163\164\145\145\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\331\164\362\252\101\035\337\365\302\026\103\111\134\051\277\266
+\211\164\051\274\234\215\014\106\117\131\176\262\101\027\146\064
+\014\145\211\341\154\045\343\206\012\236\042\105\042\214\335\235
+\346\243\225\336\334\210\002\125\134\343\133\221\165\353\046\151
+\143\271\056\306\312\056\047\337\210\272\002\040\156\376\271\013
+\051\327\247\326\327\110\032\034\316\335\037\251\047\016\142\117
+\241\226\036\335\124\072\064\143\112\166\365\167\175\131\147\330
+\020\324\265\017\072\103\042\230\333\364\011\304\012\160\316\335
+\220\324\057\357\164\023\303\315\302\211\071\142\025\235\346\164
+\250\350\233\360\143\156\234\211\266\016\255\233\367\314\202\350
+\350\055\270\013\332\042\354\111\205\007\210\231\230\077\364\164
+\251\011\367\201\174\227\013\131\231\030\162\213\333\224\202\053
+\247\350\252\153\227\277\210\176\165\260\213\105\105\014\307\250
+\011\352\033\101\130\060\073\137\170\145\025\064\322\344\074\064
+\015\035\330\144\074\212\245\126\111\231\050\055\113\362\317\315
+\331\156\111\144\233\251\171\220\167\125\251\010\033\255\032\164
+\236\340\003\223\012\011\267\255\247\264\134\357\203\154\267\232
+\264\306\150\100\200\035\102\321\156\171\233\251\031\041\232\234
+\371\206\055\000\321\064\376\340\266\371\125\266\365\046\305\225
+\026\245\174\163\237\012\051\211\254\072\230\367\233\164\147\267
+\220\267\135\011\043\152\152\355\054\020\356\123\012\020\360\026
+\037\127\263\261\015\171\221\031\260\353\315\060\077\240\024\137
+\263\306\375\134\063\247\260\377\230\260\125\214\271\245\362\157
+\107\044\111\041\151\314\102\242\121\000\100\205\214\202\202\253
+\062\245\313\232\334\320\331\030\015\337\031\364\257\203\015\301
+\076\061\333\044\110\266\165\200\241\341\311\167\144\036\247\345
+\213\177\025\115\113\247\302\320\355\171\225\136\221\061\354\030
+\377\116\237\110\024\352\165\272\041\316\051\166\351\037\116\121
+\207\056\263\314\004\140\272\043\037\037\145\262\012\270\325\156
+\217\113\102\211\107\251\201\220\133\053\262\266\256\346\240\160
+\173\170\220\012\172\305\345\347\305\373\012\366\057\151\214\214
+\037\127\340\006\231\377\021\325\122\062\040\227\047\230\356\145
+\002\003\001\000\001\243\202\001\324\060\202\001\320\060\037\006
+\003\125\035\043\004\030\060\026\200\024\241\162\137\046\033\050
+\230\103\225\135\007\067\325\205\226\235\113\322\303\105\060\035
+\006\003\125\035\016\004\026\004\024\267\303\336\032\103\355\101
+\227\251\217\051\170\234\003\271\254\100\102\000\254\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\005\240\060\014\006
+\003\125\035\023\001\001\377\004\002\060\000\060\035\006\003\125
+\035\045\004\026\060\024\006\010\053\006\001\005\005\007\003\001
+\006\010\053\006\001\005\005\007\003\002\060\106\006\003\125\035
+\040\004\077\060\075\060\073\006\014\053\006\001\004\001\262\061
+\001\002\001\003\004\060\053\060\051\006\010\053\006\001\005\005
+\007\002\001\026\035\150\164\164\160\163\072\057\057\163\145\143
+\165\162\145\056\143\157\155\157\144\157\056\143\157\155\057\103
+\120\123\060\173\006\003\125\035\037\004\164\060\162\060\070\240
+\066\240\064\206\062\150\164\164\160\072\057\057\143\162\154\056
+\143\157\155\157\144\157\143\141\056\143\157\155\057\125\124\116
+\055\125\123\105\122\106\151\162\163\164\055\110\141\162\144\167
+\141\162\145\056\143\162\154\060\066\240\064\240\062\206\060\150
+\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144\157
+\056\156\145\164\057\125\124\116\055\125\123\105\122\106\151\162
+\163\164\055\110\141\162\144\167\141\162\145\056\143\162\154\060
+\161\006\010\053\006\001\005\005\007\001\001\004\145\060\143\060
+\073\006\010\053\006\001\005\005\007\060\002\206\057\150\164\164
+\160\072\057\057\143\162\164\056\143\157\155\157\144\157\143\141
+\056\143\157\155\057\125\124\116\101\144\144\124\162\165\163\164
+\123\145\162\166\145\162\103\101\056\143\162\164\060\044\006\010
+\053\006\001\005\005\007\060\001\206\030\150\164\164\160\072\057
+\057\157\143\163\160\056\143\157\155\157\144\157\143\141\056\143
+\157\155\060\031\006\003\125\035\021\004\022\060\020\202\016\147
+\154\157\142\141\154\040\164\162\165\163\164\145\145\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\217\272\165\272\071\324\046\323\160\017\304\263\002\247\305
+\022\043\161\311\376\143\351\243\142\170\044\104\117\324\271\021
+\076\037\307\050\347\125\153\356\364\341\000\221\206\212\311\011
+\153\237\056\244\105\071\321\141\142\136\223\245\005\105\170\237
+\140\022\054\364\154\145\145\015\314\106\064\213\050\272\240\306
+\364\231\161\144\363\042\166\254\117\363\142\311\247\063\132\007
+\037\075\311\206\200\334\333\004\057\207\047\350\277\110\104\201
+\300\360\111\043\156\037\345\344\003\206\044\023\242\205\142\174
+\130\004\312\346\215\023\162\012\272\126\104\242\017\274\373\240
+\075\015\052\177\373\236\251\011\075\267\132\324\212\215\341\045
+\350\244\011\204\160\255\022\104\271\317\271\063\172\272\134\346
+\113\246\273\005\006\230\377\362\230\122\173\167\200\047\112\331
+\342\372\271\122\324\373\373\346\326\055\236\217\301\025\104\215
+\233\164\057\356\224\132\116\323\304\213\212\254\103\235\163\366
+\256\014\207\211\255\207\311\311\307\335\272\024\140\172\370\265
+\065\235\302\215\306\226\201\015\251\122\212\051\100\004\351\031
+\264
+END
+
+# Trust for Certificate "Bogus Global Trustee"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0
+# Subject: CN=global trustee,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Global Trustee,O=Global Trustee,STREET=Sea Village 10,L=Tampa,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): FE:0D:01:6E:71:CB:8C:D8:3F:0E:0C:CD:49:35:B8:57
+# Fingerprint (SHA1): 61:79:3F:CB:FA:4F:90:08:30:9B:BA:5F:F1:2D:2C:B2:9C:D4:15:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Global Trustee"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\141\171\077\313\372\117\220\010\060\233\272\137\361\055\054\262
+\234\324\025\032
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\376\015\001\156\161\313\214\330\077\016\014\315\111\065\270\127
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\330\363\137\116\267\207\053\055\253\006\222\343\025
+\070\057\260
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus GMail"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
+# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
+# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus GMail"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\155\141\151\154\056\147\157\157\147\154\145\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
+\256\036
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\356\060\202\004\326\240\003\002\001\002\002\020\004
+\176\313\351\374\245\137\173\320\236\256\066\341\014\256\036\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\155\141\151\154\056
+\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
+\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
+\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
+\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
+\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
+\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
+\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
+\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
+\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
+\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
+\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
+\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
+\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
+\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
+\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
+\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
+\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
+\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
+\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057\006
+\003\125\035\021\004\050\060\046\202\017\155\141\151\154\056\147
+\157\157\147\154\145\056\143\157\155\202\023\167\167\167\056\155
+\141\151\154\056\147\157\157\147\154\145\056\143\157\155\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
+\001\000\147\006\010\012\047\305\223\156\002\362\336\027\077\320
+\323\033\174\377\265\315\172\307\167\307\276\337\022\312\031\336
+\260\023\127\014\003\221\304\171\122\317\177\267\136\125\040\204
+\111\335\365\320\051\057\016\004\332\131\236\016\023\237\364\300
+\062\233\377\241\021\044\052\227\243\362\077\075\052\153\250\255
+\214\031\165\225\016\035\045\375\117\304\172\025\303\035\307\023
+\100\310\015\276\227\140\162\246\376\045\276\217\354\325\246\206
+\303\041\134\131\122\331\152\013\134\237\113\336\265\371\354\342
+\364\305\314\142\123\166\211\145\344\051\332\267\277\226\340\140
+\215\015\267\011\125\326\100\125\035\301\362\226\041\165\257\211
+\206\037\135\201\227\051\050\036\051\327\226\301\040\003\062\173
+\000\073\152\067\027\132\243\263\032\157\062\073\156\361\243\135
+\253\253\314\052\313\060\014\037\065\043\213\151\104\134\352\254
+\050\140\355\253\153\143\236\366\222\274\275\232\132\046\114\305
+\230\270\016\031\076\374\005\061\343\026\331\375\220\005\003\206
+\306\127\001\037\177\170\240\317\063\152\252\146\153\042\320\247
+\111\043
+END
+
+# Trust for Certificate "Bogus GMail"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1e
+# Subject: CN=mail.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4C:77:1F:EB:CA:31:C1:29:98:E9:2C:10:B3:AF:49:1C
+# Fingerprint (SHA1): 64:31:72:30:36:FD:26:DE:A5:02:79:2F:A5:95:92:24:93:03:0F:97
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus GMail"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\144\061\162\060\066\375\046\336\245\002\171\057\245\225\222\044
+\223\003\017\227
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\114\167\037\353\312\061\301\051\230\351\054\020\263\257\111\034
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\004\176\313\351\374\245\137\173\320\236\256\066\341\014
+\256\036
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Google"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
+# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
+# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Google"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
+\003\023\016\167\167\167\056\147\157\157\147\154\145\056\143\157
+\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
+\130\174\006
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\344\060\202\004\314\240\003\002\001\002\002\021\000
+\365\310\152\363\141\142\361\072\144\365\117\155\311\130\174\006
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\027\060\025\006\003\125\004\003\023\016\167\167\167\056
+\147\157\157\147\154\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\260\163\360\362\004
+\356\302\242\106\312\064\052\252\273\140\043\321\021\166\037\037
+\072\320\145\203\116\232\105\250\103\160\205\166\360\037\207\000
+\002\037\156\073\027\027\304\265\351\031\106\242\222\045\215\142
+\052\264\143\060\037\271\205\370\065\341\026\132\166\111\314\120
+\110\123\071\131\211\326\204\002\373\232\354\033\307\121\325\166
+\225\220\324\072\052\270\246\336\002\115\006\373\315\355\245\106
+\101\137\125\164\345\354\176\100\334\120\234\265\344\065\135\036
+\150\040\370\351\336\243\152\050\277\101\322\241\263\342\045\215
+\014\033\312\075\223\014\030\256\337\305\274\375\274\202\272\150
+\000\327\026\062\161\237\145\265\021\332\150\131\320\246\127\144
+\033\311\376\230\345\365\245\145\352\341\333\356\364\263\235\263
+\216\352\207\256\026\322\036\240\174\174\151\077\051\026\205\001
+\123\247\154\361\140\253\335\242\374\045\107\324\062\321\022\335
+\367\110\022\340\374\234\242\167\230\351\211\231\270\370\070\361
+\214\006\302\172\043\066\155\233\235\315\060\310\307\064\027\036
+\273\175\102\310\253\347\025\026\366\163\265\002\003\001\000\001
+\243\202\001\340\060\202\001\334\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\030\052\242\310\324\172\077\173\255\004\213\275
+\157\236\020\106\023\170\161\235\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\045\006
+\003\125\035\021\004\036\060\034\202\016\167\167\167\056\147\157
+\157\147\154\145\056\143\157\155\202\012\147\157\157\147\154\145
+\056\143\157\155\060\015\006\011\052\206\110\206\367\015\001\001
+\005\005\000\003\202\001\001\000\161\300\231\077\136\366\275\063
+\377\236\026\313\250\277\335\160\371\322\123\073\066\256\311\027
+\310\256\136\115\335\142\367\267\323\076\167\243\376\300\173\062
+\265\311\224\005\122\120\362\137\075\171\204\111\117\135\154\260
+\327\131\275\324\154\210\372\374\305\145\206\353\050\122\242\102
+\366\174\274\152\307\007\056\045\321\220\142\040\306\215\121\302
+\054\105\071\116\003\332\367\030\350\314\012\072\331\105\330\154
+\156\064\213\142\234\116\025\371\103\356\345\227\300\077\255\065
+\023\305\053\006\307\101\375\342\367\176\105\255\233\321\341\146
+\355\370\172\113\224\071\172\057\353\350\077\103\330\065\326\126
+\372\164\347\155\346\355\254\145\204\376\320\115\006\022\336\332
+\131\000\074\011\134\317\210\113\350\075\264\025\041\222\314\155
+\246\121\342\216\227\361\364\202\106\313\304\123\136\332\134\235
+\145\222\001\145\211\000\345\266\231\377\046\100\361\057\031\061
+\010\032\261\147\125\206\015\256\065\063\206\274\227\110\222\327
+\226\140\370\316\374\226\353\207\304\163\314\224\233\130\133\363
+\172\244\047\023\326\117\364\151
+END
+
+# Trust for Certificate "Bogus Google"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06
+# Subject: CN=www.google.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 01:73:A9:58:F0:BC:C9:BE:94:2B:1A:4C:98:24:E3:B8
+# Fingerprint (SHA1): 19:16:A2:AF:34:6D:39:9F:50:31:3C:39:32:00:F1:41:40:45:66:16
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Google"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\031\026\242\257\064\155\071\237\120\061\074\071\062\000\361\101
+\100\105\146\026
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\001\163\251\130\360\274\311\276\224\053\032\114\230\044\343\270
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\365\310\152\363\141\142\361\072\144\365\117\155\311
+\130\174\006
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Skype"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
+# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
+# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Skype"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\163\153\171\160\145\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
+\025\104\107
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
+\351\002\213\225\170\344\025\334\032\161\012\053\210\025\104\107
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
+\156\056\163\153\171\160\145\056\143\157\155\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\260\170\231\206
+\016\242\163\043\324\132\303\111\353\261\066\214\174\312\204\256
+\074\257\070\210\050\231\215\055\130\023\261\227\170\076\122\040
+\147\254\133\163\230\154\062\125\311\160\321\331\252\025\350\056
+\046\205\201\274\126\344\274\200\143\333\116\327\365\002\276\121
+\143\036\074\333\337\327\000\135\132\271\345\173\152\352\070\040
+\262\073\266\356\165\124\204\371\246\312\070\160\335\277\260\377
+\245\205\135\264\101\376\335\075\331\052\341\060\103\032\230\171
+\223\240\137\340\147\154\225\372\076\172\256\161\173\343\155\210
+\102\077\045\324\356\276\150\150\254\255\254\140\340\040\243\071
+\203\271\133\050\243\223\155\241\275\166\012\343\353\256\207\047
+\016\124\217\264\110\014\232\124\364\135\216\067\120\334\136\244
+\213\153\113\334\246\363\064\276\167\131\042\210\377\031\053\155
+\166\144\163\332\014\207\007\053\232\067\072\320\342\214\366\066
+\062\153\232\171\314\322\073\223\157\032\115\154\346\301\235\100
+\254\055\164\303\276\352\134\163\145\001\051\261\052\277\160\131
+\301\316\306\303\242\310\105\137\272\147\075\017\002\003\001\000
+\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
+\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
+\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
+\016\004\026\004\024\325\216\132\121\023\264\051\015\061\266\034
+\215\076\121\121\061\012\063\252\201\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
+\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
+\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
+\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
+\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
+\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
+\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
+\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
+\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
+\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
+\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
+\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
+\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
+\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
+\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
+\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
+\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
+\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
+\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
+\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
+\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
+\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
+\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
+\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
+\056\163\153\171\160\145\056\143\157\155\202\023\167\167\167\056
+\154\157\147\151\156\056\163\153\171\160\145\056\143\157\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\010\362\201\165\221\273\316\022\004\030\302\115\132
+\373\106\220\012\124\104\364\362\335\007\201\360\037\246\172\157
+\237\317\270\016\054\117\234\304\232\365\250\366\272\244\311\172
+\135\261\342\132\312\074\372\140\250\150\076\313\272\055\342\315
+\326\266\344\222\074\151\255\127\352\250\057\070\020\204\162\345
+\150\161\355\276\353\156\030\357\143\172\276\347\044\377\300\143
+\375\130\073\114\201\222\330\051\253\216\065\135\327\323\011\153
+\205\323\325\163\005\104\342\345\273\203\123\020\313\362\317\267
+\156\341\151\267\241\222\144\305\317\315\202\273\066\240\070\255
+\327\044\337\123\374\077\142\267\267\325\307\127\343\223\061\160
+\216\044\211\206\312\143\053\071\272\135\331\152\140\354\241\116
+\212\376\123\370\136\222\337\057\134\046\027\155\003\175\002\017
+\017\252\103\147\155\260\142\277\176\123\335\314\354\170\163\225
+\345\245\366\000\243\004\375\077\004\052\263\230\305\267\003\034
+\333\311\120\253\260\005\035\036\276\126\264\317\076\102\023\224
+\236\371\347\001\201\245\170\157\014\172\166\254\005\206\354\254
+\302\021\254
+END
+
+# Trust for Certificate "Bogus Skype"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47
+# Subject: CN=login.skype.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 85:A4:B4:C4:69:21:DF:A1:6A:0D:58:56:58:4B:33:44
+# Fingerprint (SHA1): 47:1C:94:9A:81:43:DB:5A:D5:CD:F1:C9:72:86:4A:25:04:FA:23:C9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Skype"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\107\034\224\232\201\103\333\132\325\315\361\311\162\206\112\045
+\004\372\043\311
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\205\244\264\304\151\041\337\241\152\015\130\126\130\113\063\104
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\351\002\213\225\170\344\025\334\032\161\012\053\210
+\025\104\107
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 1"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
+# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
+\167\051\243
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\357\060\202\004\327\240\003\002\001\002\002\021\000
+\327\125\217\332\365\361\020\133\262\023\050\053\160\167\051\243
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151
+\156\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075
+\355\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034
+\353\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243
+\011\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030
+\251\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041
+\356\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202
+\356\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161
+\204\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174
+\157\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302
+\314\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321
+\211\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337
+\312\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115
+\175\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072
+\370\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154
+\002\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245
+\231\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167
+\113\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000
+\001\243\202\001\352\060\202\001\346\060\037\006\003\125\035\043
+\004\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135
+\007\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035
+\016\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047
+\141\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023
+\001\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026
+\060\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006
+\001\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060
+\075\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003
+\004\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026
+\035\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056
+\143\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173
+\006\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206
+\062\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157
+\144\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105
+\122\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056
+\143\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072
+\057\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164
+\057\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110
+\141\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053
+\006\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053
+\006\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057
+\143\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155
+\057\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166
+\145\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005
+\005\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163
+\160\056\143\157\155\157\144\157\143\141\056\143\157\155\060\057
+\006\003\125\035\021\004\050\060\046\202\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\202\023\167\167\167\056
+\154\157\147\151\156\056\171\141\150\157\157\056\143\157\155\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
+\001\001\000\075\127\311\110\044\134\356\144\201\365\256\276\125
+\051\026\377\052\057\204\355\331\370\243\003\310\060\146\273\310
+\324\201\055\041\367\010\367\254\226\102\232\101\165\172\272\135
+\020\043\313\222\102\141\372\212\332\155\145\064\031\345\251\326
+\055\023\170\327\201\104\222\251\156\200\143\025\313\376\065\037
+\002\321\212\024\260\250\314\224\040\073\250\032\360\135\066\120
+\333\015\256\351\144\344\366\215\151\175\060\310\024\027\000\112
+\345\246\065\373\175\015\042\235\171\166\122\054\274\227\006\210
+\232\025\364\163\346\361\365\230\245\315\007\104\221\270\247\150
+\147\105\322\162\021\140\342\161\267\120\125\342\212\251\015\326
+\222\356\004\052\213\060\240\242\005\106\064\155\222\306\073\252
+\115\240\320\253\001\031\012\062\267\350\343\317\361\322\227\111
+\173\254\244\227\367\360\127\256\143\167\232\177\226\332\115\375
+\276\334\007\066\343\045\275\211\171\216\051\022\023\213\210\007
+\373\153\333\244\315\263\055\047\351\324\312\140\327\205\123\373
+\164\306\134\065\214\160\037\371\262\267\222\047\040\307\224\325
+\147\024\060
+END
+
+# Trust for Certificate "Bogus Yahoo 1"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:d7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 0C:1F:BE:D3:FC:09:6E:E6:6E:C2:66:39:75:86:6B:EB
+# Fingerprint (SHA1): 63:FE:AE:96:0B:AA:91:E3:43:CE:2B:D8:B7:17:98:C7:6B:DB:77:D0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\143\376\256\226\013\252\221\343\103\316\053\330\267\027\230\307
+\153\333\167\320
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\014\037\276\323\374\011\156\346\156\302\146\071\165\206\153\353
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\327\125\217\332\365\361\020\133\262\023\050\053\160
+\167\051\243
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 2"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
+# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
+\302\051
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\071
+\052\103\117\016\007\337\037\212\243\005\336\064\340\302\051\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
+\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
+\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
+\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
+\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
+\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
+\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
+\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
+\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
+\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
+\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
+\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
+\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
+\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
+\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
+\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
+\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
+\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
+\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
+\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
+\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\127\142\341
+\167\353\374\037\277\210\123\257\130\323\324\326\155\147\060\027
+\100\276\340\037\144\336\207\025\314\340\244\126\251\321\237\371
+\001\376\002\261\261\352\342\137\356\161\026\061\371\010\325\302
+\327\232\233\262\132\070\327\251\177\351\207\153\061\371\013\254
+\331\375\120\161\340\333\202\222\017\201\234\215\167\351\353\056
+\352\324\043\101\207\354\055\262\170\263\216\261\147\322\356\161
+\003\010\022\231\263\002\051\157\336\213\336\301\251\003\012\132
+\063\034\075\021\003\306\110\014\230\234\025\056\331\246\205\122
+\347\005\212\256\060\043\353\355\050\154\140\351\055\177\217\107
+\213\057\320\334\346\273\017\176\137\362\110\201\216\120\004\143
+\261\121\200\165\232\251\266\020\034\020\137\157\030\157\340\016
+\226\105\316\356\361\265\040\333\357\332\156\310\225\343\366\105
+\375\312\374\245\137\111\155\006\036\322\336\141\075\025\175\067
+\345\034\065\216\006\302\153\367\264\250\050\054\061\313\252\264
+\247\227\117\235\212\366\257\176\067\271\173\075\337\222\146\213
+\217\116\235\306\066\347\134\246\253\022\017\326\317
+END
+
+# Trust for Certificate "Bogus Yahoo 2"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 72:DC:C8:72:6C:53:3B:B2:FD:CC:5D:19:BD:AF:A6:31
+# Fingerprint (SHA1): D0:18:B6:2D:C5:18:90:72:47:DF:50:92:5B:B0:9A:CF:4A:5C:B3:AD
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\320\030\266\055\305\030\220\162\107\337\120\222\133\260\232\317
+\112\134\263\255
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\162\334\310\162\154\123\073\262\375\314\135\031\275\257\246\061
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\052\103\117\016\007\337\037\212\243\005\336\064\340
+\302\051
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus Yahoo 3"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
+# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\337\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\030\060\026\006\003\125\004
+\003\023\017\154\157\147\151\156\056\171\141\150\157\157\056\143
+\157\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
+\052\161
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\004\301\240\003\002\001\002\002\020\076
+\165\316\324\153\151\060\041\041\210\060\256\206\250\052\161\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061\013
+\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025\006
+\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030\150
+\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164\162
+\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004\003
+\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164\055
+\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060\063
+\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063\061
+\064\062\063\065\071\065\071\132\060\201\337\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125\004
+\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125\004
+\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006\003
+\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060\025
+\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154\141
+\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023\013
+\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021\006
+\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164\056
+\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164\145
+\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040\103
+\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006\003
+\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123\114
+\061\030\060\026\006\003\125\004\003\023\017\154\157\147\151\156
+\056\171\141\150\157\157\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\241\244\005\075\355
+\205\105\223\212\030\115\306\003\000\127\342\100\167\360\034\353
+\320\031\337\042\135\010\177\321\007\074\101\211\106\027\243\011
+\372\374\370\251\004\321\226\217\253\327\117\074\371\255\030\251
+\164\201\304\127\012\072\046\026\316\142\076\274\077\154\041\356
+\223\215\313\015\240\037\232\226\320\217\255\365\223\223\202\356
+\162\014\241\165\025\243\173\204\126\270\255\377\122\021\161\204
+\274\072\060\013\176\230\250\341\250\077\067\122\320\361\174\157
+\220\330\105\012\254\071\162\152\141\325\273\303\214\371\302\314
+\337\375\072\161\271\257\274\334\072\334\014\266\261\322\321\211
+\273\101\266\362\336\127\325\025\337\374\375\342\061\305\337\312
+\301\330\217\054\277\360\016\133\161\340\064\161\303\305\115\175
+\172\324\372\355\060\113\057\352\266\056\236\223\074\342\072\370
+\102\242\032\356\334\337\315\017\251\366\171\204\032\216\154\002
+\266\206\345\277\121\152\146\370\363\234\323\131\014\173\245\231
+\170\315\174\231\372\306\226\107\330\062\324\164\166\016\167\113
+\040\164\244\267\211\165\222\112\264\133\125\002\003\001\000\001
+\243\202\001\325\060\202\001\321\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\206\111\105\374\063\031\063\324\004\355\047\141
+\356\350\001\311\014\177\057\176\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\032\006
+\003\125\035\021\004\023\060\021\202\017\154\157\147\151\156\056
+\171\141\150\157\157\056\143\157\155\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\123\151\230
+\216\050\116\234\053\133\035\314\153\167\050\075\273\372\245\116
+\176\126\051\244\352\020\342\364\346\055\006\321\204\333\043\316
+\227\363\150\266\017\072\336\025\013\044\035\221\343\154\056\060
+\267\351\160\260\303\106\200\360\323\261\121\277\117\326\170\240
+\374\254\306\317\061\004\143\342\064\125\005\112\075\366\060\272
+\363\063\345\272\322\226\363\325\261\266\223\211\032\244\150\276
+\176\355\143\264\032\110\300\123\344\243\360\071\014\062\222\307
+\103\015\032\161\355\320\106\223\277\223\142\154\063\113\315\066
+\015\151\136\273\154\226\231\041\151\304\113\147\162\333\154\152
+\270\367\150\355\305\217\255\143\145\225\012\114\340\371\017\176
+\067\075\252\324\223\272\147\011\303\245\244\015\003\132\155\325
+\013\376\360\100\024\264\366\270\151\174\155\302\062\113\237\265
+\032\347\106\256\114\132\053\252\172\136\220\127\225\372\333\146
+\002\040\036\152\151\146\025\234\302\266\365\274\120\265\375\105
+\307\037\150\264\107\131\254\304\033\050\223\116\122\123\022\003
+\130\113\161\203\237\146\346\254\171\110\376\376\107
+END
+
+# Trust for Certificate "Bogus Yahoo 3"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:3e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71
+# Subject: CN=login.yahoo.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): 4A:DC:3C:67:ED:21:CD:5B:CE:5D:C8:11:E4:9E:CF:3D
+# Fingerprint (SHA1): 80:96:2A:E4:D6:C5:B4:42:89:4E:95:A1:3E:4A:69:9E:07:D6:94:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus Yahoo 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\200\226\052\344\326\305\264\102\211\116\225\241\076\112\151\236
+\007\326\224\317
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\112\334\074\147\355\041\315\133\316\135\310\021\344\236\317\075
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\076\165\316\324\153\151\060\041\041\210\060\256\206\250
+\052\161
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Bogus live.com"
+#
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
+# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
+# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus live.com"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\336\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\016\060\014\006\003\125\004\021\023\005\063\070\064\067\067
+\061\020\060\016\006\003\125\004\010\023\007\106\154\157\162\151
+\144\141\061\020\060\016\006\003\125\004\007\023\007\105\156\147
+\154\151\163\150\061\027\060\025\006\003\125\004\011\023\016\123
+\145\141\040\126\151\154\154\141\147\145\040\061\060\061\024\060
+\022\006\003\125\004\012\023\013\107\157\157\147\154\145\040\114
+\164\144\056\061\023\060\021\006\003\125\004\013\023\012\124\145
+\143\150\040\104\145\160\164\056\061\050\060\046\006\003\125\004
+\013\023\037\110\157\163\164\145\144\040\142\171\040\107\124\111
+\040\107\162\157\165\160\040\103\157\162\160\157\162\141\164\151
+\157\156\061\024\060\022\006\003\125\004\013\023\013\120\154\141
+\164\151\156\165\155\123\123\114\061\027\060\025\006\003\125\004
+\003\023\016\154\157\147\151\156\056\154\151\166\145\056\143\157
+\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
+\275\072\300
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\354\060\202\004\324\240\003\002\001\002\002\021\000
+\260\267\023\076\320\226\371\265\157\256\221\310\164\275\072\300
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060\025
+\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153\145
+\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025
+\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145
+\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023\030
+\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162\164
+\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125\004
+\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163\164
+\055\110\141\162\144\167\141\162\145\060\036\027\015\061\061\060
+\063\061\065\060\060\060\060\060\060\132\027\015\061\064\060\063
+\061\064\062\063\065\071\065\071\132\060\201\336\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\016\060\014\006\003\125
+\004\021\023\005\063\070\064\067\067\061\020\060\016\006\003\125
+\004\010\023\007\106\154\157\162\151\144\141\061\020\060\016\006
+\003\125\004\007\023\007\105\156\147\154\151\163\150\061\027\060
+\025\006\003\125\004\011\023\016\123\145\141\040\126\151\154\154
+\141\147\145\040\061\060\061\024\060\022\006\003\125\004\012\023
+\013\107\157\157\147\154\145\040\114\164\144\056\061\023\060\021
+\006\003\125\004\013\023\012\124\145\143\150\040\104\145\160\164
+\056\061\050\060\046\006\003\125\004\013\023\037\110\157\163\164
+\145\144\040\142\171\040\107\124\111\040\107\162\157\165\160\040
+\103\157\162\160\157\162\141\164\151\157\156\061\024\060\022\006
+\003\125\004\013\023\013\120\154\141\164\151\156\165\155\123\123
+\114\061\027\060\025\006\003\125\004\003\023\016\154\157\147\151
+\156\056\154\151\166\145\056\143\157\155\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\363\374\053\057\357
+\341\255\131\360\102\074\302\361\202\277\054\101\223\321\366\230
+\063\225\114\274\142\361\225\130\010\266\351\173\167\110\260\323
+\334\027\077\274\156\346\354\036\354\215\027\376\034\044\306\076
+\147\075\222\225\242\060\300\247\127\040\317\160\210\227\112\005
+\223\171\223\102\227\057\076\377\304\024\024\050\242\023\066\264
+\370\356\276\035\274\170\135\141\223\137\353\210\327\321\344\053
+\232\315\130\342\007\105\237\117\270\271\100\152\063\054\133\041
+\003\132\112\224\362\172\227\131\033\250\265\102\330\203\000\252
+\064\314\247\166\320\107\003\137\005\257\073\341\271\241\064\045
+\267\154\137\232\060\204\230\302\302\327\362\270\102\112\020\125
+\275\372\123\201\135\215\150\146\105\054\122\176\345\304\004\303
+\124\347\303\071\332\172\112\305\271\230\202\040\341\054\140\127
+\277\272\362\106\000\274\137\072\334\343\063\227\370\112\230\271
+\354\063\117\055\140\154\025\222\246\201\112\013\351\354\166\160
+\064\061\027\160\346\160\113\216\213\323\165\313\170\111\253\146
+\233\206\237\217\251\304\001\350\312\033\347\002\003\001\000\001
+\243\202\001\350\060\202\001\344\060\037\006\003\125\035\043\004
+\030\060\026\200\024\241\162\137\046\033\050\230\103\225\135\007
+\067\325\205\226\235\113\322\303\105\060\035\006\003\125\035\016
+\004\026\004\024\324\144\366\251\350\245\176\327\277\143\122\003
+\203\123\333\305\101\215\352\200\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\005\240\060\014\006\003\125\035\023\001
+\001\377\004\002\060\000\060\035\006\003\125\035\045\004\026\060
+\024\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\002\060\106\006\003\125\035\040\004\077\060\075
+\060\073\006\014\053\006\001\004\001\262\061\001\002\001\003\004
+\060\053\060\051\006\010\053\006\001\005\005\007\002\001\026\035
+\150\164\164\160\163\072\057\057\163\145\143\165\162\145\056\143
+\157\155\157\144\157\056\143\157\155\057\103\120\123\060\173\006
+\003\125\035\037\004\164\060\162\060\070\240\066\240\064\206\062
+\150\164\164\160\072\057\057\143\162\154\056\143\157\155\157\144
+\157\143\141\056\143\157\155\057\125\124\116\055\125\123\105\122
+\106\151\162\163\164\055\110\141\162\144\167\141\162\145\056\143
+\162\154\060\066\240\064\240\062\206\060\150\164\164\160\072\057
+\057\143\162\154\056\143\157\155\157\144\157\056\156\145\164\057
+\125\124\116\055\125\123\105\122\106\151\162\163\164\055\110\141
+\162\144\167\141\162\145\056\143\162\154\060\161\006\010\053\006
+\001\005\005\007\001\001\004\145\060\143\060\073\006\010\053\006
+\001\005\005\007\060\002\206\057\150\164\164\160\072\057\057\143
+\162\164\056\143\157\155\157\144\157\143\141\056\143\157\155\057
+\125\124\116\101\144\144\124\162\165\163\164\123\145\162\166\145
+\162\103\101\056\143\162\164\060\044\006\010\053\006\001\005\005
+\007\060\001\206\030\150\164\164\160\072\057\057\157\143\163\160
+\056\143\157\155\157\144\157\143\141\056\143\157\155\060\055\006
+\003\125\035\021\004\046\060\044\202\016\154\157\147\151\156\056
+\154\151\166\145\056\143\157\155\202\022\167\167\167\056\154\157
+\147\151\156\056\154\151\166\145\056\143\157\155\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\124\343\244\232\044\322\363\035\102\255\033\360\036\253\373\332
+\325\252\351\317\132\263\036\127\173\061\362\156\127\113\061\257
+\063\273\266\015\025\307\136\131\001\316\104\265\267\277\011\311
+\325\334\151\204\351\305\032\267\360\076\324\300\044\275\051\137
+\264\351\326\130\353\105\021\211\064\064\323\021\353\064\316\052
+\117\000\075\366\162\357\151\146\300\237\232\254\176\160\120\254
+\125\107\332\276\103\133\354\213\310\305\043\204\311\237\266\122
+\010\317\221\033\057\200\151\346\064\063\346\263\237\244\345\015
+\232\025\371\127\374\013\251\101\013\365\377\130\101\222\042\047
+\146\022\006\307\052\330\131\247\306\337\104\022\117\300\250\177
+\247\101\310\310\151\377\272\005\056\227\255\073\320\353\363\025
+\155\176\033\345\272\335\064\276\042\021\354\150\230\063\201\002
+\152\013\023\125\171\061\165\116\072\310\266\023\275\227\157\067
+\012\013\055\210\016\336\147\220\302\263\312\040\312\232\121\364
+\144\076\333\364\056\105\362\307\107\027\250\364\372\220\132\177
+\200\246\202\254\344\154\201\106\273\122\205\040\044\370\200\352
+END
+
+# Trust for Certificate "Bogus live.com"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:00:b0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0
+# Subject: CN=login.live.com,OU=PlatinumSSL,OU=Hosted by GTI Group Corporation,OU=Tech Dept.,O=Google Ltd.,STREET=Sea Village 10,L=English,ST=Florida,postalCode=38477,C=US
+# Not Valid Before: Tue Mar 15 00:00:00 2011
+# Not Valid After : Fri Mar 14 23:59:59 2014
+# Fingerprint (MD5): D0:D4:39:E3:CC:5C:52:DD:08:CD:E9:AB:E8:11:59:D4
+# Fingerprint (SHA1): CE:A5:86:B2:CE:59:3E:C7:D9:39:89:83:37:C5:78:14:70:8A:B2:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Bogus live.com"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\316\245\206\262\316\131\076\307\331\071\211\203\067\305\170\024
+\160\212\262\276
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\320\324\071\343\314\134\122\335\010\315\351\253\350\021\131\324
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060
+\025\006\003\125\004\007\023\016\123\141\154\164\040\114\141\153
+\145\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\041\060\037\006\003\125\004\013\023
+\030\150\164\164\160\072\057\057\167\167\167\056\165\163\145\162
+\164\162\165\163\164\056\143\157\155\061\037\060\035\006\003\125
+\004\003\023\026\125\124\116\055\125\123\105\122\106\151\162\163
+\164\055\110\141\162\144\167\141\162\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\260\267\023\076\320\226\371\265\157\256\221\310\164
+\275\072\300
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Go Daddy Root Certificate Authority - G2"
+#
+# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Serial Number: 0 (0x0)
+# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Not Valid Before: Tue Sep 01 00:00:00 2009
+# Not Valid After : Thu Dec 31 23:59:59 2037
+# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01
+# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012
+\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111
+\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157
+\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164
+\171\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012
+\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111
+\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157
+\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164
+\171\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\305\060\202\002\255\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156
+\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164
+\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012\023
+\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111\156
+\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157\040
+\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164\151
+\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
+\040\055\040\107\062\060\036\027\015\060\071\060\071\060\061\060
+\060\060\060\060\060\132\027\015\063\067\061\062\063\061\062\063
+\065\071\065\071\132\060\201\203\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\020\060\016\006\003\125\004\010\023\007
+\101\162\151\172\157\156\141\061\023\060\021\006\003\125\004\007
+\023\012\123\143\157\164\164\163\144\141\154\145\061\032\060\030
+\006\003\125\004\012\023\021\107\157\104\141\144\144\171\056\143
+\157\155\054\040\111\156\143\056\061\061\060\057\006\003\125\004
+\003\023\050\107\157\040\104\141\144\144\171\040\122\157\157\164
+\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\062\060\202\001\042\060
+\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202
+\001\017\000\060\202\001\012\002\202\001\001\000\277\161\142\010
+\361\372\131\064\367\033\311\030\243\367\200\111\130\351\042\203
+\023\246\305\040\103\001\073\204\361\346\205\111\237\047\352\366
+\204\033\116\240\264\333\160\230\307\062\001\261\005\076\007\116
+\356\364\372\117\057\131\060\042\347\253\031\126\153\342\200\007
+\374\363\026\165\200\071\121\173\345\371\065\266\164\116\251\215
+\202\023\344\266\077\251\003\203\372\242\276\212\025\152\177\336
+\013\303\266\031\024\005\312\352\303\250\004\224\073\106\174\062
+\015\363\000\146\042\310\215\151\155\066\214\021\030\267\323\262
+\034\140\264\070\372\002\214\316\323\335\106\007\336\012\076\353
+\135\174\310\174\373\260\053\123\244\222\142\151\121\045\005\141
+\032\104\201\214\054\251\103\226\043\337\254\072\201\232\016\051
+\305\034\251\351\135\036\266\236\236\060\012\071\316\361\210\200
+\373\113\135\314\062\354\205\142\103\045\064\002\126\047\001\221
+\264\073\160\052\077\156\261\350\234\210\001\175\237\324\371\333
+\123\155\140\235\277\054\347\130\253\270\137\106\374\316\304\033
+\003\074\011\353\111\061\134\151\106\263\340\107\002\003\001\000
+\001\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004
+\024\072\232\205\007\020\147\050\266\357\366\275\005\101\156\040
+\301\224\332\017\336\060\015\006\011\052\206\110\206\367\015\001
+\001\013\005\000\003\202\001\001\000\231\333\135\171\325\371\227
+\131\147\003\141\361\176\073\006\061\165\055\241\040\216\117\145
+\207\264\367\246\234\274\330\351\057\320\333\132\356\317\164\214
+\163\264\070\102\332\005\173\370\002\165\270\375\245\261\327\256
+\366\327\336\023\313\123\020\176\212\106\321\227\372\267\056\053
+\021\253\220\260\047\200\371\350\237\132\351\067\237\253\344\337
+\154\263\205\027\235\075\331\044\117\171\221\065\326\137\004\353
+\200\203\253\232\002\055\265\020\364\330\220\307\004\163\100\355
+\162\045\240\251\237\354\236\253\150\022\231\127\306\217\022\072
+\011\244\275\104\375\006\025\067\301\233\344\062\243\355\070\350
+\330\144\363\054\176\024\374\002\352\237\315\377\007\150\027\333
+\042\220\070\055\172\215\321\124\361\151\343\137\063\312\172\075
+\173\012\343\312\177\137\071\345\342\165\272\305\166\030\063\316
+\054\360\057\114\255\367\261\347\316\117\250\304\233\112\124\006
+\305\177\175\325\010\017\342\034\376\176\027\270\254\136\366\324
+\026\262\103\011\014\115\366\247\153\264\231\204\145\312\172\210
+\342\342\104\276\134\367\352\034\365
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Go Daddy Root Certificate Authority - G2"
+# Issuer: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Serial Number: 0 (0x0)
+# Subject: CN=Go Daddy Root Certificate Authority - G2,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Not Valid Before: Tue Sep 01 00:00:00 2009
+# Not Valid After : Thu Dec 31 23:59:59 2037
+# Fingerprint (MD5): 80:3A:BC:22:C1:E6:FB:8D:9B:3B:27:4A:32:1B:9A:01
+# Fingerprint (SHA1): 47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Go Daddy Root Certificate Authority - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\107\276\253\311\042\352\350\016\170\170\064\142\247\237\105\302
+\124\375\346\213
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\200\072\274\042\301\346\373\215\233\073\047\112\062\033\232\001
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\032\060\030\006\003\125\004\012
+\023\021\107\157\104\141\144\144\171\056\143\157\155\054\040\111
+\156\143\056\061\061\060\057\006\003\125\004\003\023\050\107\157
+\040\104\141\144\144\171\040\122\157\157\164\040\103\145\162\164
+\151\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164
+\171\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Starfield Root Certificate Authority - G2"
+#
+# Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Serial Number: 0 (0x0)
+# Subject: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Not Valid Before: Tue Sep 01 00:00:00 2009
+# Not Valid After : Thu Dec 31 23:59:59 2037
+# Fingerprint (MD5): D6:39:81:C6:52:7E:96:69:FC:FC:CA:66:ED:05:F2:96
+# Fingerprint (SHA1): B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Starfield Root Certificate Authority - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012
+\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150
+\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062
+\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145
+\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143
+\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040
+\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012
+\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150
+\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062
+\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145
+\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143
+\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040
+\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\335\060\202\002\305\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156
+\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164
+\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012\023
+\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150\156
+\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062\060
+\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145\154
+\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
+\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\062\060\036\027\015\060\071\060\071\060\061\060\060\060\060\060
+\060\132\027\015\063\067\061\062\063\061\062\063\065\071\065\071
+\132\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125
+\123\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172
+\157\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143
+\157\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004
+\012\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143
+\150\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061
+\062\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151
+\145\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055
+\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\275\355\301\003\374\366\217\374\002\261\157\133
+\237\110\331\235\171\342\242\267\003\141\126\030\303\107\266\327
+\312\075\065\056\211\103\367\241\151\233\336\212\032\375\023\040
+\234\264\111\167\062\051\126\375\271\354\214\335\042\372\162\334
+\047\141\227\356\366\132\204\354\156\031\271\211\054\334\204\133
+\325\164\373\153\137\305\211\245\020\122\211\106\125\364\270\165
+\034\346\177\344\124\256\113\370\125\162\127\002\031\370\027\161
+\131\353\036\050\007\164\305\235\110\276\154\264\364\244\260\363
+\144\067\171\222\300\354\106\136\177\341\155\123\114\142\257\315
+\037\013\143\273\072\235\373\374\171\000\230\141\164\317\046\202
+\100\143\363\262\162\152\031\015\231\312\324\016\165\314\067\373
+\213\211\301\131\361\142\177\137\263\137\145\060\370\247\267\115
+\166\132\036\166\136\064\300\350\226\126\231\212\263\360\177\244
+\315\275\334\062\061\174\221\317\340\137\021\370\153\252\111\134
+\321\231\224\321\242\343\143\133\011\166\265\126\142\341\113\164
+\035\226\324\046\324\010\004\131\320\230\016\016\346\336\374\303
+\354\037\220\361\002\003\001\000\001\243\102\060\100\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035
+\006\003\125\035\016\004\026\004\024\174\014\062\037\247\331\060
+\177\304\175\150\243\142\250\241\316\253\007\133\047\060\015\006
+\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001
+\000\021\131\372\045\117\003\157\224\231\073\232\037\202\205\071
+\324\166\005\224\136\341\050\223\155\142\135\011\302\240\250\324
+\260\165\070\361\064\152\235\344\237\212\206\046\121\346\054\321
+\306\055\156\225\040\112\222\001\354\270\212\147\173\061\342\147
+\056\214\225\003\046\056\103\235\112\061\366\016\265\014\273\267
+\342\067\177\042\272\000\243\016\173\122\373\153\273\073\304\323
+\171\121\116\315\220\364\147\007\031\310\074\106\172\015\001\175
+\305\130\347\155\346\205\060\027\232\044\304\020\340\004\367\340
+\362\177\324\252\012\377\102\035\067\355\224\345\144\131\022\040
+\167\070\323\062\076\070\201\165\226\163\372\150\217\261\313\316
+\037\305\354\372\234\176\317\176\261\361\007\055\266\374\277\312
+\244\277\320\227\005\112\274\352\030\050\002\220\275\124\170\011
+\041\161\323\321\175\035\331\026\260\251\141\075\320\012\000\042
+\374\307\173\313\011\144\105\013\073\100\201\367\175\174\062\365
+\230\312\130\216\175\052\356\220\131\163\144\371\066\164\136\045
+\241\365\146\005\056\177\071\025\251\052\373\120\213\216\205\151
+\364
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Starfield Root Certificate Authority - G2"
+# Issuer: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Serial Number: 0 (0x0)
+# Subject: CN=Starfield Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Not Valid Before: Tue Sep 01 00:00:00 2009
+# Not Valid After : Thu Dec 31 23:59:59 2037
+# Fingerprint (MD5): D6:39:81:C6:52:7E:96:69:FC:FC:CA:66:ED:05:F2:96
+# Fingerprint (SHA1): B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Starfield Root Certificate Authority - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\265\034\006\174\356\053\014\075\370\125\253\055\222\364\376\071
+\324\347\017\016
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\326\071\201\306\122\176\226\151\374\374\312\146\355\005\362\226
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\217\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012
+\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150
+\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\062
+\060\060\006\003\125\004\003\023\051\123\164\141\162\146\151\145
+\154\144\040\122\157\157\164\040\103\145\162\164\151\146\151\143
+\141\164\145\040\101\165\164\150\157\162\151\164\171\040\055\040
+\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Starfield Services Root Certificate Authority - G2"
+#
+# Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Serial Number: 0 (0x0)
+# Subject: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Not Valid Before: Tue Sep 01 00:00:00 2009
+# Not Valid After : Thu Dec 31 23:59:59 2037
+# Fingerprint (MD5): 17:35:74:AF:7B:61:1C:EB:F4:F9:3C:E2:EE:40:F9:A2
+# Fingerprint (SHA1): 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Starfield Services Root Certificate Authority - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012
+\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150
+\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073
+\060\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145
+\154\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164
+\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012
+\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150
+\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073
+\060\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145
+\154\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164
+\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\357\060\202\002\327\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157\156
+\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157\164
+\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012\023
+\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150\156
+\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073\060
+\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145\154
+\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164\040
+\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164\150
+\157\162\151\164\171\040\055\040\107\062\060\036\027\015\060\071
+\060\071\060\061\060\060\060\060\060\060\132\027\015\063\067\061
+\062\063\061\062\063\065\071\065\071\132\060\201\230\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\020\060\016\006\003
+\125\004\010\023\007\101\162\151\172\157\156\141\061\023\060\021
+\006\003\125\004\007\023\012\123\143\157\164\164\163\144\141\154
+\145\061\045\060\043\006\003\125\004\012\023\034\123\164\141\162
+\146\151\145\154\144\040\124\145\143\150\156\157\154\157\147\151
+\145\163\054\040\111\156\143\056\061\073\060\071\006\003\125\004
+\003\023\062\123\164\141\162\146\151\145\154\144\040\123\145\162
+\166\151\143\145\163\040\122\157\157\164\040\103\145\162\164\151
+\146\151\143\141\164\145\040\101\165\164\150\157\162\151\164\171
+\040\055\040\107\062\060\202\001\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+\012\002\202\001\001\000\325\014\072\304\052\371\116\342\365\276
+\031\227\137\216\210\123\261\037\077\313\317\237\040\023\155\051
+\072\310\017\175\074\367\153\166\070\143\331\066\140\250\233\136
+\134\000\200\262\057\131\177\366\207\371\045\103\206\347\151\033
+\122\232\220\341\161\343\330\055\015\116\157\366\310\111\331\266
+\363\032\126\256\053\266\164\024\353\317\373\046\343\032\272\035
+\226\056\152\073\130\224\211\107\126\377\045\240\223\160\123\203
+\332\204\164\024\303\147\236\004\150\072\337\216\100\132\035\112
+\116\317\103\221\073\347\126\326\000\160\313\122\356\173\175\256
+\072\347\274\061\371\105\366\302\140\317\023\131\002\053\200\314
+\064\107\337\271\336\220\145\155\002\317\054\221\246\246\347\336
+\205\030\111\174\146\116\243\072\155\251\265\356\064\056\272\015
+\003\270\063\337\107\353\261\153\215\045\331\233\316\201\321\105
+\106\062\226\160\207\336\002\016\111\103\205\266\154\163\273\144
+\352\141\101\254\311\324\124\337\207\057\307\042\262\046\314\237
+\131\124\150\237\374\276\052\057\304\125\034\165\100\140\027\205
+\002\125\071\213\177\005\002\003\001\000\001\243\102\060\100\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\035\006\003\125\035\016\004\026\004\024\234\137\000\337\252
+\001\327\060\053\070\210\242\270\155\112\234\362\021\221\203\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
+\001\001\000\113\066\246\204\167\151\335\073\031\237\147\043\010
+\157\016\141\311\375\204\334\137\330\066\201\315\330\033\101\055
+\237\140\335\307\032\150\331\321\156\206\341\210\043\317\023\336
+\103\317\342\064\263\004\235\037\051\325\277\370\136\310\325\301
+\275\356\222\157\062\164\362\221\202\057\275\202\102\172\255\052
+\267\040\175\115\274\172\125\022\302\025\352\275\367\152\225\056
+\154\164\237\317\034\264\362\305\001\243\205\320\162\076\255\163
+\253\013\233\165\014\155\105\267\216\224\254\226\067\265\240\320
+\217\025\107\016\343\350\203\335\217\375\357\101\001\167\314\047
+\251\142\205\063\362\067\010\357\161\317\167\006\336\310\031\035
+\210\100\317\175\106\035\377\036\307\341\316\377\043\333\306\372
+\215\125\116\251\002\347\107\021\106\076\364\375\275\173\051\046
+\273\251\141\142\067\050\266\055\052\366\020\206\144\311\160\247
+\322\255\267\051\160\171\352\074\332\143\045\237\375\150\267\060
+\354\160\373\165\212\267\155\140\147\262\036\310\271\351\330\250
+\157\002\213\147\015\115\046\127\161\332\040\374\301\112\120\215
+\261\050\272
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Starfield Services Root Certificate Authority - G2"
+# Issuer: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Serial Number: 0 (0x0)
+# Subject: CN=Starfield Services Root Certificate Authority - G2,O="Starfield Technologies, Inc.",L=Scottsdale,ST=Arizona,C=US
+# Not Valid Before: Tue Sep 01 00:00:00 2009
+# Not Valid After : Thu Dec 31 23:59:59 2037
+# Fingerprint (MD5): 17:35:74:AF:7B:61:1C:EB:F4:F9:3C:E2:EE:40:F9:A2
+# Fingerprint (SHA1): 92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Starfield Services Root Certificate Authority - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\222\132\217\215\054\155\004\340\146\137\131\152\377\042\330\143
+\350\045\157\077
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\027\065\164\257\173\141\034\353\364\371\074\342\356\100\371\242
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\020\060\016\006\003\125\004\010\023\007\101\162\151\172\157
+\156\141\061\023\060\021\006\003\125\004\007\023\012\123\143\157
+\164\164\163\144\141\154\145\061\045\060\043\006\003\125\004\012
+\023\034\123\164\141\162\146\151\145\154\144\040\124\145\143\150
+\156\157\154\157\147\151\145\163\054\040\111\156\143\056\061\073
+\060\071\006\003\125\004\003\023\062\123\164\141\162\146\151\145
+\154\144\040\123\145\162\166\151\143\145\163\040\122\157\157\164
+\040\103\145\162\164\151\146\151\143\141\164\145\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AffirmTrust Commercial"
+#
+# Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US
+# Serial Number:77:77:06:27:26:a9:b1:7c
+# Subject: CN=AffirmTrust Commercial,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:06:06 2010
+# Not Valid After : Tue Dec 31 14:06:06 2030
+# Fingerprint (MD5): 82:92:BA:5B:EF:CD:8A:6F:A6:3D:55:F9:84:F6:D6:B7
+# Fingerprint (SHA1): F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Commercial"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026
+\101\146\146\151\162\155\124\162\165\163\164\040\103\157\155\155
+\145\162\143\151\141\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026
+\101\146\146\151\162\155\124\162\165\163\164\040\103\157\155\155
+\145\162\143\151\141\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\167\167\006\047\046\251\261\174
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\114\060\202\002\064\240\003\002\001\002\002\010\167
+\167\006\047\046\251\261\174\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\060\104\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\024\060\022\006\003\125\004\012\014\013
+\101\146\146\151\162\155\124\162\165\163\164\061\037\060\035\006
+\003\125\004\003\014\026\101\146\146\151\162\155\124\162\165\163
+\164\040\103\157\155\155\145\162\143\151\141\154\060\036\027\015
+\061\060\060\061\062\071\061\064\060\066\060\066\132\027\015\063
+\060\061\062\063\061\061\064\060\066\060\066\132\060\104\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\024\060\022\006
+\003\125\004\012\014\013\101\146\146\151\162\155\124\162\165\163
+\164\061\037\060\035\006\003\125\004\003\014\026\101\146\146\151
+\162\155\124\162\165\163\164\040\103\157\155\155\145\162\143\151
+\141\154\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\366\033\117\147\007\053\241\025\365\006\042\313\037
+\001\262\343\163\105\006\104\111\054\273\111\045\024\326\316\303
+\267\253\054\117\306\101\062\224\127\372\022\247\133\016\342\217
+\037\036\206\031\247\252\265\055\271\137\015\212\302\257\205\065
+\171\062\055\273\034\142\067\362\261\133\112\075\312\315\161\137
+\351\102\276\224\350\310\336\371\042\110\144\306\345\253\306\053
+\155\255\005\360\372\325\013\317\232\345\360\120\244\213\073\107
+\245\043\133\172\172\370\063\077\270\357\231\227\343\040\301\326
+\050\211\317\224\373\271\105\355\343\100\027\021\324\164\360\013
+\061\342\053\046\152\233\114\127\256\254\040\076\272\105\172\005
+\363\275\233\151\025\256\175\116\040\143\304\065\166\072\007\002
+\311\067\375\307\107\356\350\361\166\035\163\025\362\227\244\265
+\310\172\171\331\102\252\053\177\134\376\316\046\117\243\146\201
+\065\257\104\272\124\036\034\060\062\145\235\346\074\223\136\120
+\116\172\343\072\324\156\314\032\373\371\322\067\256\044\052\253
+\127\003\042\050\015\111\165\177\267\050\332\165\277\216\343\334
+\016\171\061\002\003\001\000\001\243\102\060\100\060\035\006\003
+\125\035\016\004\026\004\024\235\223\306\123\213\136\312\257\077
+\237\036\017\345\231\225\274\044\366\224\217\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011
+\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001\000
+\130\254\364\004\016\315\300\015\377\012\375\324\272\026\137\051
+\275\173\150\231\130\111\322\264\035\067\115\177\047\175\106\006
+\135\103\306\206\056\076\163\262\046\175\117\223\251\266\304\052
+\232\253\041\227\024\261\336\214\323\253\211\025\330\153\044\324
+\361\026\256\330\244\134\324\177\121\216\355\030\001\261\223\143
+\275\274\370\141\200\232\236\261\316\102\160\342\251\175\006\045
+\175\047\241\376\157\354\263\036\044\332\343\113\125\032\000\073
+\065\264\073\331\327\135\060\375\201\023\211\362\302\006\053\355
+\147\304\216\311\103\262\134\153\025\211\002\274\142\374\116\362
+\265\063\252\262\157\323\012\242\120\343\366\073\350\056\104\302
+\333\146\070\251\063\126\110\361\155\033\063\215\015\214\077\140
+\067\235\323\312\155\176\064\176\015\237\162\166\213\033\237\162
+\375\122\065\101\105\002\226\057\034\262\232\163\111\041\261\111
+\107\105\107\264\357\152\064\021\311\115\232\314\131\267\326\002
+\236\132\116\145\265\224\256\033\337\051\260\026\361\277\000\236
+\007\072\027\144\265\004\265\043\041\231\012\225\073\227\174\357
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AffirmTrust Commercial"
+# Issuer: CN=AffirmTrust Commercial,O=AffirmTrust,C=US
+# Serial Number:77:77:06:27:26:a9:b1:7c
+# Subject: CN=AffirmTrust Commercial,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:06:06 2010
+# Not Valid After : Tue Dec 31 14:06:06 2030
+# Fingerprint (MD5): 82:92:BA:5B:EF:CD:8A:6F:A6:3D:55:F9:84:F6:D6:B7
+# Fingerprint (SHA1): F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Commercial"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\371\265\266\062\105\137\234\276\354\127\137\200\334\351\156\054
+\307\262\170\267
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\202\222\272\133\357\315\212\157\246\075\125\371\204\366\326\267
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026
+\101\146\146\151\162\155\124\162\165\163\164\040\103\157\155\155
+\145\162\143\151\141\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\167\167\006\047\046\251\261\174
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AffirmTrust Networking"
+#
+# Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US
+# Serial Number:7c:4f:04:39:1c:d4:99:2d
+# Subject: CN=AffirmTrust Networking,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:08:24 2010
+# Not Valid After : Tue Dec 31 14:08:24 2030
+# Fingerprint (MD5): 42:65:CA:BE:01:9A:9A:4C:A9:8C:41:49:CD:C0:D5:7F
+# Fingerprint (SHA1): 29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Networking"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026
+\101\146\146\151\162\155\124\162\165\163\164\040\116\145\164\167
+\157\162\153\151\156\147
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026
+\101\146\146\151\162\155\124\162\165\163\164\040\116\145\164\167
+\157\162\153\151\156\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\174\117\004\071\034\324\231\055
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\114\060\202\002\064\240\003\002\001\002\002\010\174
+\117\004\071\034\324\231\055\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\060\104\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\024\060\022\006\003\125\004\012\014\013
+\101\146\146\151\162\155\124\162\165\163\164\061\037\060\035\006
+\003\125\004\003\014\026\101\146\146\151\162\155\124\162\165\163
+\164\040\116\145\164\167\157\162\153\151\156\147\060\036\027\015
+\061\060\060\061\062\071\061\064\060\070\062\064\132\027\015\063
+\060\061\062\063\061\061\064\060\070\062\064\132\060\104\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\024\060\022\006
+\003\125\004\012\014\013\101\146\146\151\162\155\124\162\165\163
+\164\061\037\060\035\006\003\125\004\003\014\026\101\146\146\151
+\162\155\124\162\165\163\164\040\116\145\164\167\157\162\153\151
+\156\147\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\264\204\314\063\027\056\153\224\154\153\141\122\240
+\353\243\317\171\224\114\345\224\200\231\313\125\144\104\145\217
+\147\144\342\006\343\134\067\111\366\057\233\204\204\036\055\362
+\140\235\060\116\314\204\205\342\054\317\036\236\376\066\253\063
+\167\065\104\330\065\226\032\075\066\350\172\016\330\325\107\241
+\152\151\213\331\374\273\072\256\171\132\325\364\326\161\273\232
+\220\043\153\232\267\210\164\207\014\036\137\271\236\055\372\253
+\123\053\334\273\166\076\223\114\010\010\214\036\242\043\034\324
+\152\255\042\272\231\001\056\155\145\313\276\044\146\125\044\113
+\100\104\261\033\327\341\302\205\300\336\020\077\075\355\270\374
+\361\361\043\123\334\277\145\227\157\331\371\100\161\215\175\275
+\225\324\316\276\240\136\047\043\336\375\246\320\046\016\000\051
+\353\074\106\360\075\140\277\077\120\322\334\046\101\121\236\024
+\067\102\004\243\160\127\250\033\207\355\055\372\173\356\214\012
+\343\251\146\211\031\313\101\371\335\104\066\141\317\342\167\106
+\310\175\366\364\222\201\066\375\333\064\361\162\176\363\014\026
+\275\264\025\002\003\001\000\001\243\102\060\100\060\035\006\003
+\125\035\016\004\026\004\024\007\037\322\347\234\332\302\156\242
+\100\264\260\172\120\020\120\164\304\310\275\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
+\211\127\262\026\172\250\302\375\326\331\233\233\064\302\234\264
+\062\024\115\247\244\337\354\276\247\276\370\103\333\221\067\316
+\264\062\056\120\125\032\065\116\166\103\161\040\357\223\167\116
+\025\160\056\207\303\301\035\155\334\313\265\047\324\054\126\321
+\122\123\072\104\322\163\310\304\033\005\145\132\142\222\234\356
+\101\215\061\333\347\064\352\131\041\325\001\172\327\144\270\144
+\071\315\311\355\257\355\113\003\110\247\240\231\001\200\334\145
+\243\066\256\145\131\110\117\202\113\310\145\361\127\035\345\131
+\056\012\077\154\330\321\365\345\011\264\154\124\000\012\340\025
+\115\207\165\155\267\130\226\132\335\155\322\000\240\364\233\110
+\276\303\067\244\272\066\340\174\207\205\227\032\025\242\336\056
+\242\133\275\257\030\371\220\120\315\160\131\370\047\147\107\313
+\307\240\007\072\175\321\054\135\154\031\072\146\265\175\375\221
+\157\202\261\276\010\223\333\024\107\361\242\067\307\105\236\074
+\307\167\257\144\250\223\337\366\151\203\202\140\362\111\102\064
+\355\132\000\124\205\034\026\066\222\014\134\372\246\255\277\333
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AffirmTrust Networking"
+# Issuer: CN=AffirmTrust Networking,O=AffirmTrust,C=US
+# Serial Number:7c:4f:04:39:1c:d4:99:2d
+# Subject: CN=AffirmTrust Networking,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:08:24 2010
+# Not Valid After : Tue Dec 31 14:08:24 2030
+# Fingerprint (MD5): 42:65:CA:BE:01:9A:9A:4C:A9:8C:41:49:CD:C0:D5:7F
+# Fingerprint (SHA1): 29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Networking"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\051\066\041\002\213\040\355\002\365\146\305\062\321\326\355\220
+\237\105\000\057
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\102\145\312\276\001\232\232\114\251\214\101\111\315\300\325\177
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\037\060\035\006\003\125\004\003\014\026
+\101\146\146\151\162\155\124\162\165\163\164\040\116\145\164\167
+\157\162\153\151\156\147
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\174\117\004\071\034\324\231\055
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AffirmTrust Premium"
+#
+# Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US
+# Serial Number:6d:8c:14:46:b1:a6:0a:ee
+# Subject: CN=AffirmTrust Premium,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:10:36 2010
+# Not Valid After : Mon Dec 31 14:10:36 2040
+# Fingerprint (MD5): C4:5D:0E:48:B6:AC:28:30:4E:0A:BC:F9:38:16:87:57
+# Fingerprint (SHA1): D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Premium"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\101\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\034\060\032\006\003\125\004\003\014\023
+\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155
+\151\165\155
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\101\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\034\060\032\006\003\125\004\003\014\023
+\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155
+\151\165\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\155\214\024\106\261\246\012\356
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\106\060\202\003\056\240\003\002\001\002\002\010\155
+\214\024\106\261\246\012\356\060\015\006\011\052\206\110\206\367
+\015\001\001\014\005\000\060\101\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\024\060\022\006\003\125\004\012\014\013
+\101\146\146\151\162\155\124\162\165\163\164\061\034\060\032\006
+\003\125\004\003\014\023\101\146\146\151\162\155\124\162\165\163
+\164\040\120\162\145\155\151\165\155\060\036\027\015\061\060\060
+\061\062\071\061\064\061\060\063\066\132\027\015\064\060\061\062
+\063\061\061\064\061\060\063\066\132\060\101\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\024\060\022\006\003\125\004
+\012\014\013\101\146\146\151\162\155\124\162\165\163\164\061\034
+\060\032\006\003\125\004\003\014\023\101\146\146\151\162\155\124
+\162\165\163\164\040\120\162\145\155\151\165\155\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\304\022\337
+\251\137\376\101\335\335\365\237\212\343\366\254\341\074\170\232
+\274\330\360\177\172\240\063\052\334\215\040\133\256\055\157\347
+\223\331\066\160\152\150\317\216\121\243\205\133\147\004\240\020
+\044\157\135\050\202\301\227\127\330\110\051\023\266\341\276\221
+\115\337\205\014\123\030\232\036\044\242\117\217\360\242\205\013
+\313\364\051\177\322\244\130\356\046\115\311\252\250\173\232\331
+\372\070\336\104\127\025\345\370\214\310\331\110\342\015\026\047
+\035\036\310\203\205\045\267\272\252\125\101\314\003\042\113\055
+\221\215\213\346\211\257\146\307\351\377\053\351\074\254\332\322
+\263\303\341\150\234\211\370\172\000\126\336\364\125\225\154\373
+\272\144\335\142\213\337\013\167\062\353\142\314\046\232\233\273
+\252\142\203\114\264\006\172\060\310\051\277\355\006\115\227\271
+\034\304\061\053\325\137\274\123\022\027\234\231\127\051\146\167
+\141\041\061\007\056\045\111\235\030\362\356\363\053\161\214\265
+\272\071\007\111\167\374\357\056\222\220\005\215\055\057\167\173
+\357\103\277\065\273\232\330\371\163\247\054\362\320\127\356\050
+\116\046\137\217\220\150\011\057\270\370\334\006\351\056\232\076
+\121\247\321\042\304\012\247\070\110\154\263\371\377\175\253\206
+\127\343\272\326\205\170\167\272\103\352\110\177\366\330\276\043
+\155\036\277\321\066\154\130\134\361\356\244\031\124\032\365\003
+\322\166\346\341\214\275\074\263\323\110\113\342\310\370\177\222
+\250\166\106\234\102\145\076\244\036\301\007\003\132\106\055\270
+\227\363\267\325\262\125\041\357\272\334\114\000\227\373\024\225
+\047\063\277\350\103\107\106\322\010\231\026\140\073\232\176\322
+\346\355\070\352\354\001\036\074\110\126\111\011\307\114\067\000
+\236\210\016\300\163\341\157\146\351\162\107\060\076\020\345\013
+\003\311\232\102\000\154\305\224\176\141\304\212\337\177\202\032
+\013\131\304\131\062\167\263\274\140\151\126\071\375\264\006\173
+\054\326\144\066\331\275\110\355\204\037\176\245\042\217\052\270
+\102\364\202\267\324\123\220\170\116\055\032\375\201\157\104\327
+\073\001\164\226\102\340\000\342\056\153\352\305\356\162\254\273
+\277\376\352\252\250\370\334\366\262\171\212\266\147\002\003\001
+\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026\004
+\024\235\300\147\246\014\042\331\046\365\105\253\246\145\122\021
+\047\330\105\254\143\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367\015
+\001\001\014\005\000\003\202\002\001\000\263\127\115\020\142\116
+\072\344\254\352\270\034\257\062\043\310\263\111\132\121\234\166
+\050\215\171\252\127\106\027\325\365\122\366\267\104\350\010\104
+\277\030\204\322\013\200\315\305\022\375\000\125\005\141\207\101
+\334\265\044\236\074\304\330\310\373\160\236\057\170\226\203\040
+\066\336\174\017\151\023\210\245\165\066\230\010\246\306\337\254
+\316\343\130\326\267\076\336\272\363\353\064\100\330\242\201\365
+\170\077\057\325\245\374\331\242\324\136\004\016\027\255\376\101
+\360\345\262\162\372\104\202\063\102\350\055\130\367\126\214\142
+\077\272\102\260\234\014\134\176\056\145\046\134\123\117\000\262
+\170\176\241\015\231\055\215\270\035\216\242\304\260\375\140\320
+\060\244\216\310\004\142\251\304\355\065\336\172\227\355\016\070
+\136\222\057\223\160\245\251\234\157\247\175\023\035\176\306\010
+\110\261\136\147\353\121\010\045\351\346\045\153\122\051\221\234
+\322\071\163\010\127\336\231\006\264\133\235\020\006\341\302\000
+\250\270\034\112\002\012\024\320\301\101\312\373\214\065\041\175
+\202\070\362\251\124\221\031\065\223\224\155\152\072\305\262\320
+\273\211\206\223\350\233\311\017\072\247\172\270\241\360\170\106
+\372\374\067\057\345\212\204\363\337\376\004\331\241\150\240\057
+\044\342\011\225\006\325\225\312\341\044\226\353\174\366\223\005
+\273\355\163\351\055\321\165\071\327\347\044\333\330\116\137\103
+\217\236\320\024\071\277\125\160\110\231\127\061\264\234\356\112
+\230\003\226\060\037\140\006\356\033\043\376\201\140\043\032\107
+\142\205\245\314\031\064\200\157\263\254\032\343\237\360\173\110
+\255\325\001\331\147\266\251\162\223\352\055\146\265\262\270\344
+\075\074\262\357\114\214\352\353\007\277\253\065\232\125\206\274
+\030\246\265\250\136\264\203\154\153\151\100\323\237\334\361\303
+\151\153\271\341\155\011\364\361\252\120\166\012\172\175\172\027
+\241\125\226\102\231\061\011\335\140\021\215\005\060\176\346\216
+\106\321\235\024\332\307\027\344\005\226\214\304\044\265\033\317
+\024\007\262\100\370\243\236\101\206\274\004\320\153\226\310\052
+\200\064\375\277\357\006\243\335\130\305\205\075\076\217\376\236
+\051\340\266\270\011\150\031\034\030\103
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AffirmTrust Premium"
+# Issuer: CN=AffirmTrust Premium,O=AffirmTrust,C=US
+# Serial Number:6d:8c:14:46:b1:a6:0a:ee
+# Subject: CN=AffirmTrust Premium,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:10:36 2010
+# Not Valid After : Mon Dec 31 14:10:36 2040
+# Fingerprint (MD5): C4:5D:0E:48:B6:AC:28:30:4E:0A:BC:F9:38:16:87:57
+# Fingerprint (SHA1): D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Premium"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\330\246\063\054\340\003\157\261\205\366\143\117\175\152\006\145
+\046\062\050\047
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\304\135\016\110\266\254\050\060\116\012\274\371\070\026\207\127
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\101\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\034\060\032\006\003\125\004\003\014\023
+\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155
+\151\165\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\155\214\024\106\261\246\012\356
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AffirmTrust Premium ECC"
+#
+# Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
+# Serial Number:74:97:25:8a:c7:3f:7a:54
+# Subject: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:20:24 2010
+# Not Valid After : Mon Dec 31 14:20:24 2040
+# Fingerprint (MD5): 64:B0:09:55:CF:B1:D5:99:E2:BE:13:AB:A6:5D:EA:4D
+# Fingerprint (SHA1): B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Premium ECC"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\040\060\036\006\003\125\004\003\014\027
+\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155
+\151\165\155\040\105\103\103
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\040\060\036\006\003\125\004\003\014\027
+\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155
+\151\165\155\040\105\103\103
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\164\227\045\212\307\077\172\124
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\001\376\060\202\001\205\240\003\002\001\002\002\010\164
+\227\045\212\307\077\172\124\060\012\006\010\052\206\110\316\075
+\004\003\003\060\105\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\024\060\022\006\003\125\004\012\014\013\101\146\146
+\151\162\155\124\162\165\163\164\061\040\060\036\006\003\125\004
+\003\014\027\101\146\146\151\162\155\124\162\165\163\164\040\120
+\162\145\155\151\165\155\040\105\103\103\060\036\027\015\061\060
+\060\061\062\071\061\064\062\060\062\064\132\027\015\064\060\061
+\062\063\061\061\064\062\060\062\064\132\060\105\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\024\060\022\006\003\125
+\004\012\014\013\101\146\146\151\162\155\124\162\165\163\164\061
+\040\060\036\006\003\125\004\003\014\027\101\146\146\151\162\155
+\124\162\165\163\164\040\120\162\145\155\151\165\155\040\105\103
+\103\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
+\053\201\004\000\042\003\142\000\004\015\060\136\033\025\235\003
+\320\241\171\065\267\072\074\222\172\312\025\034\315\142\363\234
+\046\134\007\075\345\124\372\243\326\314\022\352\364\024\137\350
+\216\031\253\057\056\110\346\254\030\103\170\254\320\067\303\275
+\262\315\054\346\107\342\032\346\143\270\075\056\057\170\304\117
+\333\364\017\244\150\114\125\162\153\225\035\116\030\102\225\170
+\314\067\074\221\342\233\145\053\051\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\232\257\051\172\300\021\065\065
+\046\121\060\000\303\152\376\100\325\256\326\074\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\012\006
+\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060
+\027\011\363\207\210\120\132\257\310\300\102\277\107\137\365\154
+\152\206\340\304\047\164\344\070\123\327\005\177\033\064\343\306
+\057\263\312\011\074\067\235\327\347\270\106\361\375\241\342\161
+\002\060\102\131\207\103\324\121\337\272\323\011\062\132\316\210
+\176\127\075\234\137\102\153\365\007\055\265\360\202\223\371\131
+\157\256\144\372\130\345\213\036\343\143\276\265\201\315\157\002
+\214\171
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "AffirmTrust Premium ECC"
+# Issuer: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
+# Serial Number:74:97:25:8a:c7:3f:7a:54
+# Subject: CN=AffirmTrust Premium ECC,O=AffirmTrust,C=US
+# Not Valid Before: Fri Jan 29 14:20:24 2010
+# Not Valid After : Mon Dec 31 14:20:24 2040
+# Fingerprint (MD5): 64:B0:09:55:CF:B1:D5:99:E2:BE:13:AB:A6:5D:EA:4D
+# Fingerprint (SHA1): B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AffirmTrust Premium ECC"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\270\043\153\000\057\035\026\206\123\001\125\154\021\244\067\312
+\353\377\303\273
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\144\260\011\125\317\261\325\231\342\276\023\253\246\135\352\115
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\024\060\022\006\003\125\004\012\014\013\101\146\146\151\162\155
+\124\162\165\163\164\061\040\060\036\006\003\125\004\003\014\027
+\101\146\146\151\162\155\124\162\165\163\164\040\120\162\145\155
+\151\165\155\040\105\103\103
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\164\227\045\212\307\077\172\124
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certum Trusted Network CA"
+#
+# Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Serial Number: 279744 (0x444c0)
+# Subject: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Not Valid Before: Wed Oct 22 12:07:37 2008
+# Not Valid After : Mon Dec 31 12:07:37 2029
+# Fingerprint (MD5): D5:E9:81:40:C5:18:69:FC:46:2C:89:75:62:0F:AA:78
+# Fingerprint (SHA1): 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Trusted Network CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164
+\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123
+\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145
+\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060\040
+\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124\162
+\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164
+\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123
+\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145
+\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060\040
+\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124\162
+\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\004\104\300
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\273\060\202\002\243\240\003\002\001\002\002\003\004
+\104\300\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145
+\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040
+\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103
+\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060
+\040\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124
+\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103
+\101\060\036\027\015\060\070\061\060\062\062\061\062\060\067\063
+\067\132\027\015\062\071\061\062\063\061\061\062\060\067\063\067
+\132\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145
+\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040
+\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103
+\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060
+\040\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124
+\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103
+\101\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\343\373\175\243\162\272\302\360\311\024\207\365\153\001
+\116\341\156\100\007\272\155\047\135\177\367\133\055\263\132\307
+\121\137\253\244\062\246\141\207\266\156\017\206\322\060\002\227
+\370\327\151\127\241\030\071\135\152\144\171\306\001\131\254\074
+\061\112\070\174\322\004\322\113\050\350\040\137\073\007\242\314
+\115\163\333\363\256\117\307\126\325\132\247\226\211\372\363\253
+\150\324\043\206\131\047\317\011\047\274\254\156\162\203\034\060
+\162\337\340\242\351\322\341\164\165\031\275\052\236\173\025\124
+\004\033\327\103\071\255\125\050\305\342\032\273\364\300\344\256
+\070\111\063\314\166\205\237\071\105\322\244\236\362\022\214\121
+\370\174\344\055\177\365\254\137\353\026\237\261\055\321\272\314
+\221\102\167\114\045\311\220\070\157\333\360\314\373\216\036\227
+\131\076\325\140\116\346\005\050\355\111\171\023\113\272\110\333
+\057\371\162\323\071\312\376\037\330\064\162\365\264\100\317\061
+\001\303\354\336\021\055\027\135\037\270\120\321\136\031\247\151
+\336\007\063\050\312\120\225\371\247\124\313\124\206\120\105\251
+\371\111\002\003\001\000\001\243\102\060\100\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003
+\125\035\016\004\026\004\024\010\166\315\313\007\377\044\366\305
+\315\355\273\220\274\342\204\067\106\165\367\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052
+\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000\246
+\250\255\042\316\001\075\246\243\377\142\320\110\235\213\136\162
+\260\170\104\343\334\034\257\011\375\043\110\372\275\052\304\271
+\125\004\265\020\243\215\047\336\013\202\143\320\356\336\014\067
+\171\101\133\042\262\260\232\101\134\246\160\340\324\320\167\313
+\043\323\000\340\154\126\057\341\151\015\015\331\252\277\041\201
+\120\331\006\245\250\377\225\067\320\252\376\342\263\365\231\055
+\105\204\212\345\102\011\327\164\002\057\367\211\330\231\351\274
+\047\324\107\215\272\015\106\034\167\317\024\244\034\271\244\061
+\304\234\050\164\003\064\377\063\031\046\245\351\015\164\267\076
+\227\306\166\350\047\226\243\146\335\341\256\362\101\133\312\230
+\126\203\163\160\344\206\032\322\061\101\272\057\276\055\023\132
+\166\157\116\350\116\201\016\077\133\003\042\240\022\276\146\130
+\021\112\313\003\304\264\052\052\055\226\027\340\071\124\274\110
+\323\166\047\235\232\055\006\246\311\354\071\322\253\333\237\232
+\013\047\002\065\051\261\100\225\347\371\350\234\125\210\031\106
+\326\267\064\365\176\316\071\232\331\070\361\121\367\117\054
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Certum Trusted Network CA"
+# Issuer: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Serial Number: 279744 (0x444c0)
+# Subject: CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Not Valid Before: Wed Oct 22 12:07:37 2008
+# Not Valid After : Mon Dec 31 12:07:37 2029
+# Fingerprint (MD5): D5:E9:81:40:C5:18:69:FC:46:2C:89:75:62:0F:AA:78
+# Fingerprint (SHA1): 07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Trusted Network CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\007\340\062\340\040\267\054\077\031\057\006\050\242\131\072\031
+\247\017\006\236
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\325\351\201\100\305\030\151\374\106\054\211\165\142\017\252\170
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\176\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164
+\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123
+\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145
+\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\061\042\060\040
+\006\003\125\004\003\023\031\103\145\162\164\165\155\040\124\162
+\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\004\104\300
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certinomis - Autorité Racine"
+#
+# Issuer: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Serial Number: 1 (0x1)
+# Subject: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Not Valid Before: Wed Sep 17 08:28:59 2008
+# Not Valid After : Sun Sep 17 08:28:59 2028
+# Fingerprint (MD5): 7F:30:78:8C:03:E3:CA:C9:0A:E2:C9:EA:1E:AA:55:1A
+# Fingerprint (SHA1): 2E:14:DA:EC:28:F0:FA:1E:8E:38:9A:4E:AB:EB:26:C0:0A:D3:83:C3
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certinomis - Autorité Racine"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060
+\044\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155
+\151\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122
+\141\143\151\156\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060
+\044\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155
+\151\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122
+\141\143\151\156\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\234\060\202\003\204\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023
+\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157
+\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060
+\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060\044
+\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155\151
+\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122\141
+\143\151\156\145\060\036\027\015\060\070\060\071\061\067\060\070
+\062\070\065\071\132\027\015\062\070\060\071\061\067\060\070\062
+\070\065\071\132\060\143\061\013\060\011\006\003\125\004\006\023
+\002\106\122\061\023\060\021\006\003\125\004\012\023\012\103\145
+\162\164\151\156\157\155\151\163\061\027\060\025\006\003\125\004
+\013\023\016\060\060\060\062\040\064\063\063\071\071\070\071\060
+\063\061\046\060\044\006\003\125\004\003\014\035\103\145\162\164
+\151\156\157\155\151\163\040\055\040\101\165\164\157\162\151\164
+\303\251\040\122\141\143\151\156\145\060\202\002\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017
+\000\060\202\002\012\002\202\002\001\000\235\205\237\206\323\343
+\257\307\262\153\156\063\340\236\267\102\064\125\235\371\201\276
+\143\330\043\166\016\227\124\315\231\114\032\361\071\307\210\330
+\027\120\014\236\141\332\300\116\125\336\347\132\270\172\116\167
+\207\015\345\270\353\372\236\136\173\036\304\317\050\164\307\223
+\365\024\306\042\050\004\371\221\303\253\047\163\152\016\056\115
+\363\056\050\037\160\337\125\057\116\355\307\161\157\011\162\056
+\355\325\062\227\320\361\130\167\321\140\274\116\136\333\232\204
+\366\107\141\105\053\366\120\246\177\152\161\047\110\204\065\236
+\254\376\151\251\236\172\136\065\045\372\264\247\111\065\167\226
+\247\066\133\341\315\337\043\160\330\135\114\245\010\203\361\246
+\044\070\023\250\354\057\250\241\147\307\246\055\206\107\356\212
+\374\354\233\016\164\364\053\111\002\173\220\165\214\374\231\071
+\001\071\326\112\211\345\236\166\253\076\226\050\070\046\213\335
+\215\214\300\366\001\036\157\245\061\022\070\175\225\302\161\356
+\355\164\256\344\066\242\103\165\325\361\000\233\342\344\327\314
+\102\003\113\170\172\345\175\273\270\256\056\040\223\323\344\141
+\337\161\341\166\147\227\077\266\337\152\163\132\144\042\345\102
+\333\317\201\003\223\330\364\343\020\340\162\366\000\160\254\360
+\301\172\017\005\177\317\064\151\105\265\223\344\031\333\122\026
+\043\005\211\016\215\110\344\045\157\263\170\277\142\365\007\372
+\225\044\302\226\262\350\243\043\302\135\003\374\303\323\345\174
+\311\165\043\327\364\365\274\336\344\337\315\200\277\221\210\175
+\247\023\264\071\272\054\272\275\321\153\314\363\245\050\355\104
+\236\175\122\243\157\226\056\031\176\034\363\133\307\026\216\273
+\140\175\167\146\107\124\202\000\021\140\154\062\301\250\070\033
+\353\156\230\023\326\356\070\365\360\237\016\357\376\061\201\301
+\322\044\225\057\123\172\151\242\360\017\206\105\216\130\202\053
+\114\042\324\136\240\347\175\046\047\110\337\045\106\215\112\050
+\174\206\236\371\233\032\131\271\145\277\005\335\266\102\135\075
+\346\000\110\202\136\040\367\021\202\336\312\330\237\346\067\107
+\046\036\353\170\367\141\303\101\144\130\002\101\371\332\340\321
+\370\371\350\375\122\070\266\365\211\337\002\003\001\000\001\243
+\133\060\131\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\015
+\214\266\141\332\104\270\321\024\175\303\276\175\136\110\360\316
+\312\152\260\060\027\006\003\125\035\040\004\020\060\016\060\014
+\006\012\052\201\172\001\126\002\002\000\001\001\060\015\006\011
+\052\206\110\206\367\015\001\001\005\005\000\003\202\002\001\000
+\044\076\140\006\176\035\357\072\076\333\352\257\034\232\054\001
+\013\364\305\265\331\111\061\364\135\101\215\211\014\116\377\154
+\242\375\377\342\006\310\071\237\361\132\251\335\042\130\025\250
+\212\323\261\346\062\011\202\003\154\327\077\010\307\370\271\272
+\000\155\271\326\374\122\062\135\244\177\244\061\224\273\266\114
+\070\177\050\060\065\377\237\043\123\267\266\356\024\160\000\100
+\053\332\107\253\064\176\136\247\126\060\141\053\213\103\254\375
+\266\210\050\365\153\266\076\140\112\272\102\220\064\147\215\352
+\353\137\105\124\073\027\254\213\344\306\145\017\356\320\214\135
+\146\071\316\062\247\330\020\227\300\176\064\234\237\224\363\366
+\206\037\317\033\163\255\224\171\207\150\160\303\063\245\160\347
+\330\325\070\224\157\143\171\353\277\012\016\010\347\305\057\017
+\102\240\053\024\100\377\041\340\005\305\047\341\204\021\023\272
+\326\206\035\101\013\023\043\211\323\311\013\350\212\272\172\243
+\243\163\067\065\200\175\022\270\063\167\100\070\300\372\136\060
+\322\362\266\243\261\326\242\225\227\201\233\122\355\151\114\377
+\200\344\123\333\124\133\003\155\124\137\261\270\357\044\275\157
+\237\021\303\307\144\302\017\050\142\205\146\136\032\173\262\267
+\357\256\065\311\031\063\250\270\047\333\063\125\277\150\341\165
+\110\104\126\373\315\323\110\273\107\211\072\254\151\365\200\306
+\344\104\120\057\124\304\252\103\305\061\061\130\275\226\305\352
+\165\154\232\165\261\115\370\367\227\377\226\026\362\227\115\350
+\366\363\021\371\072\175\212\070\156\004\313\341\323\105\025\252
+\245\321\035\235\135\143\350\044\346\066\024\342\207\255\033\131
+\365\104\233\373\327\167\174\037\001\160\142\241\040\032\242\305
+\032\050\364\041\003\356\056\331\301\200\352\271\331\202\326\133
+\166\302\313\073\265\322\000\360\243\016\341\255\156\100\367\333
+\240\264\320\106\256\025\327\104\302\115\065\371\322\013\362\027
+\366\254\146\325\044\262\117\321\034\231\300\156\365\175\353\164
+\004\270\371\115\167\011\327\264\317\007\060\011\361\270\000\126
+\331\027\026\026\012\053\206\337\217\001\031\032\345\273\202\143
+\377\276\013\166\026\136\067\067\346\330\164\227\242\231\105\171
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Certinomis - Autorité Racine"
+# Issuer: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Serial Number: 1 (0x1)
+# Subject: CN=Certinomis - Autorit.. Racine,OU=0002 433998903,O=Certinomis,C=FR
+# Not Valid Before: Wed Sep 17 08:28:59 2008
+# Not Valid After : Sun Sep 17 08:28:59 2028
+# Fingerprint (MD5): 7F:30:78:8C:03:E3:CA:C9:0A:E2:C9:EA:1E:AA:55:1A
+# Fingerprint (SHA1): 2E:14:DA:EC:28:F0:FA:1E:8E:38:9A:4E:AB:EB:26:C0:0A:D3:83:C3
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certinomis - Autorité Racine"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\056\024\332\354\050\360\372\036\216\070\232\116\253\353\046\300
+\012\323\203\303
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\177\060\170\214\003\343\312\311\012\342\311\352\036\252\125\032
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\046\060
+\044\006\003\125\004\003\014\035\103\145\162\164\151\156\157\155
+\151\163\040\055\040\101\165\164\157\162\151\164\303\251\040\122
+\141\143\151\156\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TWCA Root Certification Authority"
+#
+# Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
+# Serial Number: 1 (0x1)
+# Subject: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
+# Not Valid Before: Thu Aug 28 07:24:33 2008
+# Not Valid After : Tue Dec 31 15:59:59 2030
+# Fingerprint (MD5): AA:08:8F:F6:F9:7B:B7:F2:B1:A7:1E:9B:EA:EA:BD:79
+# Fingerprint (SHA1): CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TWCA Root Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157
+\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041
+\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157
+\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041
+\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\173\060\202\002\143\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061\022
+\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116\055
+\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157\157
+\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041\124
+\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\036\027\015\060\070\060\070\062\070\060\067\062\064\063\063
+\132\027\015\063\060\061\062\063\061\061\065\065\071\065\071\132
+\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157
+\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041
+\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001
+\001\000\260\176\162\270\244\003\224\346\247\336\011\070\221\112
+\021\100\207\247\174\131\144\024\173\265\021\020\335\376\277\325
+\300\273\126\342\205\045\364\065\162\017\370\123\320\101\341\104
+\001\302\264\034\303\061\102\026\107\205\063\042\166\262\012\157
+\017\345\045\120\117\205\206\276\277\230\056\020\147\036\276\021
+\005\206\005\220\304\131\320\174\170\020\260\200\134\267\341\307
+\053\165\313\174\237\256\265\321\235\043\067\143\247\334\102\242
+\055\222\004\033\120\301\173\270\076\033\311\126\004\213\057\122
+\233\255\251\126\351\301\377\255\251\130\207\060\266\201\367\227
+\105\374\031\127\073\053\157\344\107\364\231\105\376\035\361\370
+\227\243\210\035\067\034\134\217\340\166\045\232\120\370\240\124
+\377\104\220\166\043\322\062\306\303\253\006\277\374\373\277\363
+\255\175\222\142\002\133\051\323\065\243\223\232\103\144\140\135
+\262\372\062\377\073\004\257\115\100\152\371\307\343\357\043\375
+\153\313\345\017\213\070\015\356\012\374\376\017\230\237\060\061
+\335\154\122\145\371\213\201\276\042\341\034\130\003\272\221\033
+\211\007\002\003\001\000\001\243\102\060\100\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003
+\125\035\016\004\026\004\024\152\070\133\046\215\336\213\132\362
+\117\172\124\203\031\030\343\010\065\246\272\060\015\006\011\052
+\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000\074
+\325\167\075\332\337\211\272\207\014\010\124\152\040\120\222\276
+\260\101\075\271\046\144\203\012\057\350\100\300\227\050\047\202
+\060\112\311\223\377\152\347\246\000\177\211\102\232\326\021\345
+\123\316\057\314\362\332\005\304\376\342\120\304\072\206\175\314
+\332\176\020\011\073\222\065\052\123\262\376\353\053\005\331\154
+\135\346\320\357\323\152\146\236\025\050\205\172\350\202\000\254
+\036\247\011\151\126\102\323\150\121\030\276\124\232\277\104\101
+\272\111\276\040\272\151\134\356\270\167\315\316\154\037\255\203
+\226\030\175\016\265\024\071\204\361\050\351\055\243\236\173\036
+\172\162\132\203\263\171\157\357\264\374\320\012\245\130\117\106
+\337\373\155\171\131\362\204\042\122\256\017\314\373\174\073\347
+\152\312\107\141\303\172\370\323\222\004\037\270\040\204\341\066
+\124\026\307\100\336\073\212\163\334\337\306\011\114\337\354\332
+\377\324\123\102\241\311\362\142\035\042\203\074\227\305\371\031
+\142\047\254\145\042\327\323\074\306\345\216\262\123\314\111\316
+\274\060\376\173\016\063\220\373\355\322\024\221\037\007\257
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "TWCA Root Certification Authority"
+# Issuer: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
+# Serial Number: 1 (0x1)
+# Subject: CN=TWCA Root Certification Authority,OU=Root CA,O=TAIWAN-CA,C=TW
+# Not Valid Before: Thu Aug 28 07:24:33 2008
+# Not Valid After : Tue Dec 31 15:59:59 2030
+# Fingerprint (MD5): AA:08:8F:F6:F9:7B:B7:F2:B1:A7:1E:9B:EA:EA:BD:79
+# Fingerprint (SHA1): CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TWCA Root Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\317\236\207\155\323\353\374\102\046\227\243\265\243\172\240\166
+\251\006\043\110
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\252\010\217\366\371\173\267\362\261\247\036\233\352\352\275\171
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\014\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\014\007\122\157
+\157\164\040\103\101\061\052\060\050\006\003\125\004\003\014\041
+\124\127\103\101\040\122\157\157\164\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Root CA"
+#
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL
+# Serial Number:0f:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff
+# Subject: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL
+# Not Valid Before: Fri Jul 27 17:19:37 2007
+# Not Valid After : Mon Mar 31 18:19:22 2025
+# Fingerprint (MD5): 0A:A4:D5:CC:BA:B4:FB:A3:59:E3:E6:01:DD:53:D9:4E
+# Fingerprint (SHA1): C1:77:CB:4B:E0:B4:26:8E:F5:C7:CF:45:99:22:B9:B0:CE:BA:21:2F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
+\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
+\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
+\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
+\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
+\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
+\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
+\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
+\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\017\377\377\377\377\377\377\377\377\377\377\377\377\377
+\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\212\060\202\003\162\240\003\002\001\002\002\020\017
+\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\137
+\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022\060
+\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164\141
+\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147\151
+\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040\060
+\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151\156
+\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154\060
+\036\027\015\060\067\060\067\062\067\061\067\061\071\063\067\132
+\027\015\062\065\060\063\063\061\061\070\061\071\062\062\132\060
+\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061\022
+\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157\164
+\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151\147
+\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061\040
+\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021\151
+\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156\154
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\254\260\130\301\000\275\330\041\010\013\053\232\376\156\126
+\060\005\237\033\167\220\020\101\134\303\015\207\021\167\216\201
+\361\312\174\351\214\152\355\070\164\065\273\332\337\371\273\300
+\011\067\264\226\163\201\175\063\032\230\071\367\223\157\225\177
+\075\271\261\165\207\272\121\110\350\213\160\076\225\004\305\330
+\266\303\026\331\210\260\261\207\035\160\332\206\264\017\024\213
+\172\317\020\321\164\066\242\022\173\167\206\112\171\346\173\337
+\002\021\150\245\116\206\256\064\130\233\044\023\170\126\042\045
+\036\001\213\113\121\161\373\202\314\131\226\151\210\132\150\123
+\305\271\015\002\067\313\113\274\146\112\220\176\052\013\005\007
+\355\026\137\125\220\165\330\106\311\033\203\342\010\276\361\043
+\314\231\035\326\052\017\203\040\025\130\047\202\056\372\342\042
+\302\111\261\271\001\201\152\235\155\235\100\167\150\166\116\041
+\052\155\204\100\205\116\166\231\174\202\363\363\267\002\131\324
+\046\001\033\216\337\255\123\006\321\256\030\335\342\262\072\313
+\327\210\070\216\254\133\051\271\031\323\230\371\030\003\317\110
+\202\206\146\013\033\151\017\311\353\070\210\172\046\032\005\114
+\222\327\044\324\226\362\254\122\055\243\107\325\122\366\077\376
+\316\204\006\160\246\252\076\242\362\266\126\064\030\127\242\344
+\201\155\347\312\360\152\323\307\221\153\002\203\101\174\025\357
+\153\232\144\136\343\320\074\345\261\353\173\135\206\373\313\346
+\167\111\315\243\145\334\367\271\234\270\344\013\137\223\317\314
+\060\032\062\034\316\034\143\225\245\371\352\341\164\213\236\351
+\053\251\060\173\240\030\037\016\030\013\345\133\251\323\321\154
+\036\007\147\217\221\113\251\212\274\322\146\252\223\001\210\262
+\221\372\061\134\325\246\301\122\010\011\315\012\143\242\323\042
+\246\350\241\331\071\006\227\365\156\215\002\220\214\024\173\077
+\200\315\033\234\272\304\130\162\043\257\266\126\237\306\172\102
+\063\051\007\077\202\311\346\037\005\015\315\114\050\066\213\323
+\310\076\034\306\210\357\136\356\211\144\351\035\353\332\211\176
+\062\246\151\321\335\314\210\237\321\320\311\146\041\334\006\147
+\305\224\172\232\155\142\114\175\314\340\144\200\262\236\107\216
+\243\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
+\035\016\004\026\004\024\210\150\277\340\216\065\304\073\070\153
+\142\367\050\073\204\201\310\014\327\115\060\015\006\011\052\206
+\110\206\367\015\001\001\005\005\000\003\202\002\001\000\073\002
+\215\313\074\060\350\156\240\255\362\163\263\137\236\045\023\004
+\005\323\366\343\213\273\013\171\316\123\336\344\226\305\321\257
+\163\274\325\303\320\100\125\174\100\177\315\033\137\011\325\362
+\174\237\150\035\273\135\316\172\071\302\214\326\230\173\305\203
+\125\250\325\175\100\312\340\036\367\211\136\143\135\241\023\302
+\135\212\266\212\174\000\363\043\303\355\205\137\161\166\360\150
+\143\252\105\041\071\110\141\170\066\334\361\103\223\324\045\307
+\362\200\145\341\123\002\165\121\374\172\072\357\067\253\204\050
+\127\014\330\324\324\231\126\154\343\242\376\131\204\264\061\350
+\063\370\144\224\224\121\227\253\071\305\113\355\332\335\200\013
+\157\174\051\015\304\216\212\162\015\347\123\024\262\140\101\075
+\204\221\061\150\075\047\104\333\345\336\364\372\143\105\310\114
+\076\230\365\077\101\272\116\313\067\015\272\146\230\361\335\313
+\237\134\367\124\066\202\153\054\274\023\141\227\102\370\170\273
+\314\310\242\237\312\360\150\275\153\035\262\337\215\157\007\235
+\332\216\147\307\107\036\312\271\277\052\102\221\267\143\123\146
+\361\102\243\341\364\132\115\130\153\265\344\244\063\255\134\160
+\035\334\340\362\353\163\024\221\232\003\301\352\000\145\274\007
+\374\317\022\021\042\054\256\240\275\072\340\242\052\330\131\351
+\051\323\030\065\244\254\021\137\031\265\265\033\377\042\112\134
+\306\172\344\027\357\040\251\247\364\077\255\212\247\232\004\045
+\235\016\312\067\346\120\375\214\102\051\004\232\354\271\317\113
+\162\275\342\010\066\257\043\057\142\345\312\001\323\160\333\174
+\202\043\054\026\061\014\306\066\007\220\172\261\037\147\130\304
+\073\130\131\211\260\214\214\120\263\330\206\313\150\243\304\012
+\347\151\113\040\316\301\036\126\113\225\251\043\150\330\060\330
+\303\353\260\125\121\315\345\375\053\270\365\273\021\237\123\124
+\366\064\031\214\171\011\066\312\141\027\045\027\013\202\230\163
+\014\167\164\303\325\015\307\250\022\114\307\247\124\161\107\056
+\054\032\175\311\343\053\073\110\336\047\204\247\143\066\263\175
+\217\240\144\071\044\015\075\173\207\257\146\134\164\033\113\163
+\262\345\214\360\206\231\270\345\305\337\204\301\267\353
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Root CA"
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL
+# Serial Number:0f:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff
+# Subject: E=info@diginotar.nl,CN=DigiNotar Root CA,O=DigiNotar,C=NL
+# Not Valid Before: Fri Jul 27 17:19:37 2007
+# Not Valid After : Mon Mar 31 18:19:22 2025
+# Fingerprint (MD5): 0A:A4:D5:CC:BA:B4:FB:A3:59:E3:E6:01:DD:53:D9:4E
+# Fingerprint (SHA1): C1:77:CB:4B:E0:B4:26:8E:F5:C7:CF:45:99:22:B9:B0:CE:BA:21:2F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\301\167\313\113\340\264\046\216\365\307\317\105\231\042\271\260
+\316\272\041\057
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\012\244\325\314\272\264\373\243\131\343\346\001\335\123\331\116
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\032\060\030\006\003\125\004\003\023\021\104\151
+\147\151\116\157\164\141\162\040\122\157\157\164\040\103\101\061
+\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026\021
+\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056\156
+\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\017\377\377\377\377\377\377\377\377\377\377\377\377\377
+\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
+#
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Not Valid Before: Thu Jul 26 15:59:01 2007
+# Not Valid After : Mon Aug 26 16:29:01 2013
+# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
+# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\161\060\202\002\332\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\150\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\043\060\041\006\003\125\004\003\023\032
+\104\151\147\151\116\157\164\141\162\040\123\145\162\166\151\143
+\145\163\040\061\060\062\064\040\103\101\061\040\060\036\006\011
+\052\206\110\206\367\015\001\011\001\026\021\151\156\146\157\100
+\144\151\147\151\156\157\164\141\162\056\156\154\060\036\027\015
+\060\067\060\067\062\066\061\065\065\071\060\061\132\027\015\061
+\063\060\070\062\066\061\066\062\071\060\061\132\060\150\061\013
+\060\011\006\003\125\004\006\023\002\116\114\061\022\060\020\006
+\003\125\004\012\023\011\104\151\147\151\116\157\164\141\162\061
+\043\060\041\006\003\125\004\003\023\032\104\151\147\151\116\157
+\164\141\162\040\123\145\162\166\151\143\145\163\040\061\060\062
+\064\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
+\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
+\164\141\162\056\156\154\060\201\237\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\201\215\000\060\201\211\002
+\201\201\000\332\233\115\135\074\371\321\342\213\306\306\010\040
+\305\331\036\110\354\146\130\147\171\142\053\101\143\364\211\215
+\150\332\257\270\224\066\213\031\044\244\240\223\322\231\017\262
+\255\055\065\115\315\057\152\341\371\233\031\053\274\004\032\176
+\055\075\122\144\315\361\076\147\017\211\056\350\362\117\256\246
+\010\241\205\376\241\251\011\346\306\253\076\103\374\257\172\003
+\221\332\246\071\246\141\356\230\117\030\250\323\263\257\146\202
+\351\237\274\335\162\371\006\004\275\022\331\030\044\347\253\223
+\123\213\131\002\003\001\000\001\243\202\001\046\060\202\001\042
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\021\006
+\003\125\035\040\004\012\060\010\060\006\006\004\125\035\040\000
+\060\063\006\010\053\006\001\005\005\007\001\001\004\047\060\045
+\060\043\006\010\053\006\001\005\005\007\060\001\206\027\150\164
+\164\160\072\057\057\157\143\163\160\056\145\156\164\162\165\163
+\164\056\156\145\164\060\063\006\003\125\035\037\004\054\060\052
+\060\050\240\046\240\044\206\042\150\164\164\160\072\057\057\143
+\162\154\056\145\156\164\162\165\163\164\056\156\145\164\057\163
+\145\162\166\145\162\061\056\143\162\154\060\035\006\003\125\035
+\016\004\026\004\024\376\334\224\111\014\157\357\134\177\306\361
+\022\231\117\026\111\255\373\202\145\060\013\006\003\125\035\017
+\004\004\003\002\001\006\060\037\006\003\125\035\043\004\030\060
+\026\200\024\360\027\142\023\125\075\263\377\012\000\153\373\120
+\204\227\363\355\142\320\032\060\031\006\011\052\206\110\206\366
+\175\007\101\000\004\014\060\012\033\004\126\067\056\061\003\002
+\000\201\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\201\201\000\143\164\152\067\251\077\226\234\146\310\130
+\254\011\311\357\365\145\224\177\243\002\304\070\061\275\135\043
+\207\354\324\126\262\311\262\156\344\005\006\374\354\365\372\210
+\160\131\324\356\346\335\265\172\240\243\140\057\002\014\253\336
+\022\135\257\360\065\113\252\212\107\221\032\365\205\054\102\307
+\035\357\225\103\263\136\270\225\223\245\332\305\050\252\255\162
+\055\061\255\231\153\154\377\214\041\047\257\255\232\221\053\307
+\335\130\303\156\007\305\237\171\322\307\214\125\277\114\307\047
+\136\121\026\053\076
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Services 1024 CA"
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Services 1024 CA,O=DigiNotar,C=NL
+# Not Valid Before: Thu Jul 26 15:59:01 2007
+# Not Valid After : Mon Aug 26 16:29:01 2013
+# Fingerprint (MD5): 2F:16:68:97:4C:68:4F:CE:52:8A:EC:53:8F:93:49:F8
+# Fingerprint (SHA1): 12:3B:EA:CA:66:67:77:61:E0:EB:68:F2:FE:ED:A2:0F:20:05:55:70
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Services 1024 CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\022\073\352\312\146\147\167\141\340\353\150\362\376\355\242\017
+\040\005\125\160
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\057\026\150\227\114\150\117\316\122\212\354\123\217\223\111\370
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\150\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\043\060\041\006\003\125\004\003\023\032\104\151
+\147\151\116\157\164\141\162\040\123\145\162\166\151\143\145\163
+\040\061\060\062\064\040\103\101\061\040\060\036\006\011\052\206
+\110\206\367\015\001\011\001\026\021\151\156\146\157\100\144\151
+\147\151\156\157\164\141\162\056\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Cyber CA"
+#
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Oct 04 10:54:12 2006
+# Not Valid After : Tue Oct 04 10:53:12 2011
+# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
+# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\105\060\202\004\256\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\140\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\061\040\060\036\006\011\052\206\110\206\367\015\001\011
+\001\026\021\151\156\146\157\100\144\151\147\151\156\157\164\141
+\162\056\156\154\060\036\027\015\060\066\061\060\060\064\061\060
+\065\064\061\062\132\027\015\061\061\061\060\060\064\061\060\065
+\063\061\062\132\060\140\061\013\060\011\006\003\125\004\006\023
+\002\116\114\061\022\060\020\006\003\125\004\012\023\011\104\151
+\147\151\116\157\164\141\162\061\033\060\031\006\003\125\004\003
+\023\022\104\151\147\151\116\157\164\141\162\040\103\171\142\145
+\162\040\103\101\061\040\060\036\006\011\052\206\110\206\367\015
+\001\011\001\026\021\151\156\146\157\100\144\151\147\151\156\157
+\164\141\162\056\156\154\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\322\316\025\012\055\250\136\204\147
+\255\375\276\357\106\307\310\271\317\163\374\364\064\271\371\054
+\103\347\140\023\075\172\343\262\317\073\147\154\220\255\300\271
+\077\204\122\360\065\102\334\164\334\050\073\275\122\264\247\254
+\162\105\027\306\360\211\353\264\252\045\362\135\113\136\321\331
+\207\272\326\175\174\365\316\062\237\020\063\305\261\112\273\136
+\221\061\302\320\351\101\302\221\144\176\011\101\073\333\213\010
+\067\152\252\312\122\336\265\071\036\300\210\003\245\077\213\231
+\023\141\103\265\233\202\263\356\040\157\317\241\104\242\352\057
+\153\100\237\217\053\127\255\241\123\302\205\042\151\235\240\077
+\121\337\013\101\221\015\245\341\250\252\134\111\010\135\275\336
+\160\101\261\017\311\143\153\323\177\064\164\002\057\064\132\170
+\165\034\150\172\201\147\212\363\332\100\360\140\143\364\222\040
+\327\003\246\075\243\036\147\304\204\033\101\245\311\214\346\275
+\352\110\266\005\026\010\263\067\022\132\367\141\074\367\070\157
+\056\227\340\157\126\070\124\323\050\265\255\024\156\056\113\144
+\265\047\145\267\165\045\011\266\007\075\225\126\002\012\202\140
+\262\163\105\340\063\046\121\164\232\271\324\120\034\366\115\133
+\133\122\122\023\132\246\177\247\016\341\350\101\124\147\230\214
+\207\325\311\323\154\313\323\124\222\006\011\064\101\367\201\157
+\077\236\311\174\165\125\260\347\301\263\167\350\303\304\000\065
+\225\100\160\020\112\005\336\045\273\237\131\245\144\274\107\140
+\277\140\343\166\213\023\125\335\341\164\172\271\317\044\246\152
+\177\336\144\042\104\130\150\202\152\020\371\075\345\076\033\271
+\275\374\042\364\140\004\211\273\125\155\050\125\372\336\216\215
+\033\041\024\327\067\213\064\173\115\366\262\262\020\317\063\261
+\175\034\142\231\110\313\053\154\166\226\125\277\031\015\035\037
+\273\145\252\033\216\231\265\306\050\220\345\202\055\170\120\040
+\232\375\171\057\044\177\360\211\051\151\364\175\315\163\276\263
+\355\116\301\321\355\122\136\217\367\270\327\215\207\255\262\331
+\033\121\022\377\126\263\341\257\064\175\134\244\170\210\020\236
+\235\003\306\245\252\242\044\121\367\111\024\305\261\356\131\103
+\225\337\253\150\050\060\077\002\003\001\000\001\243\202\001\206
+\060\202\001\202\060\022\006\003\125\035\023\001\001\377\004\010
+\060\006\001\001\377\002\001\001\060\123\006\003\125\035\040\004
+\114\060\112\060\110\006\011\053\006\001\004\001\261\076\001\000
+\060\073\060\071\006\010\053\006\001\005\005\007\002\001\026\055
+\150\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151
+\143\055\164\162\165\163\164\056\143\157\155\057\103\120\123\057
+\117\155\156\151\122\157\157\164\056\150\164\155\154\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\240
+\006\003\125\035\043\004\201\230\060\201\225\200\024\246\014\035
+\237\141\377\007\027\265\277\070\106\333\103\060\325\216\260\122
+\006\241\171\244\167\060\165\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107
+\124\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047
+\060\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142
+\145\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156
+\163\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003
+\023\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164
+\040\107\154\157\142\141\154\040\122\157\157\164\202\002\001\245
+\060\105\006\003\125\035\037\004\076\060\074\060\072\240\070\240
+\066\206\064\150\164\164\160\072\057\057\167\167\167\056\160\165
+\142\154\151\143\055\164\162\165\163\164\056\143\157\155\057\143
+\147\151\055\142\151\156\057\103\122\114\057\062\060\061\070\057
+\143\144\160\056\143\162\154\060\035\006\003\125\035\016\004\026
+\004\024\253\371\150\337\317\112\067\327\173\105\214\137\162\336
+\100\104\303\145\273\302\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\201\201\000\217\150\153\245\133\007\272
+\104\146\016\034\250\134\060\173\063\344\012\046\004\374\357\236
+\032\070\326\056\241\037\320\231\107\302\165\144\044\375\236\073
+\050\166\271\046\050\141\221\014\155\054\370\004\237\174\120\001
+\325\343\151\257\357\025\322\105\233\044\011\052\146\005\117\045
+\201\312\135\276\252\301\131\047\256\063\216\202\367\337\164\260
+\125\263\216\370\347\067\310\156\252\126\104\366\275\123\201\043
+\226\075\264\372\062\212\123\146\104\045\242\045\306\246\074\045
+\214\360\340\050\006\042\267\046\101
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA"
+# Issuer: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: E=info@diginotar.nl,CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Oct 04 10:54:12 2006
+# Not Valid After : Tue Oct 04 10:53:12 2011
+# Fingerprint (MD5): BC:BD:89:12:B4:FF:E5:F9:26:47:C8:60:36:5B:D9:54
+# Fingerprint (SHA1): A5:8E:A0:EC:F6:44:56:35:19:1D:68:5B:C7:A0:E4:1C:B0:4D:79:2E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\245\216\240\354\366\104\126\065\031\035\150\133\307\240\344\034
+\260\115\171\056
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\274\275\211\022\264\377\345\371\046\107\310\140\066\133\331\124
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\140\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+\061\040\060\036\006\011\052\206\110\206\367\015\001\011\001\026
+\021\151\156\146\157\100\144\151\147\151\156\157\164\141\162\056
+\156\154
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
+#
+# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Sep 27 10:53:53 2006
+# Not Valid After : Fri Sep 20 09:44:07 2013
+# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
+# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\001\060\202\004\152\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\076\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\060\036\027\015\060\066\060\071\062\067\061\060\065\063
+\065\063\132\027\015\061\063\060\071\062\060\060\071\064\064\060
+\067\132\060\076\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\022\060\020\006\003\125\004\012\023\011\104\151\147\151
+\116\157\164\141\162\061\033\060\031\006\003\125\004\003\023\022
+\104\151\147\151\116\157\164\141\162\040\103\171\142\145\162\040
+\103\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\322\316\025\012\055\250\136\204\147\255\375\276\357
+\106\307\310\271\317\163\374\364\064\271\371\054\103\347\140\023
+\075\172\343\262\317\073\147\154\220\255\300\271\077\204\122\360
+\065\102\334\164\334\050\073\275\122\264\247\254\162\105\027\306
+\360\211\353\264\252\045\362\135\113\136\321\331\207\272\326\175
+\174\365\316\062\237\020\063\305\261\112\273\136\221\061\302\320
+\351\101\302\221\144\176\011\101\073\333\213\010\067\152\252\312
+\122\336\265\071\036\300\210\003\245\077\213\231\023\141\103\265
+\233\202\263\356\040\157\317\241\104\242\352\057\153\100\237\217
+\053\127\255\241\123\302\205\042\151\235\240\077\121\337\013\101
+\221\015\245\341\250\252\134\111\010\135\275\336\160\101\261\017
+\311\143\153\323\177\064\164\002\057\064\132\170\165\034\150\172
+\201\147\212\363\332\100\360\140\143\364\222\040\327\003\246\075
+\243\036\147\304\204\033\101\245\311\214\346\275\352\110\266\005
+\026\010\263\067\022\132\367\141\074\367\070\157\056\227\340\157
+\126\070\124\323\050\265\255\024\156\056\113\144\265\047\145\267
+\165\045\011\266\007\075\225\126\002\012\202\140\262\163\105\340
+\063\046\121\164\232\271\324\120\034\366\115\133\133\122\122\023
+\132\246\177\247\016\341\350\101\124\147\230\214\207\325\311\323
+\154\313\323\124\222\006\011\064\101\367\201\157\077\236\311\174
+\165\125\260\347\301\263\167\350\303\304\000\065\225\100\160\020
+\112\005\336\045\273\237\131\245\144\274\107\140\277\140\343\166
+\213\023\125\335\341\164\172\271\317\044\246\152\177\336\144\042
+\104\130\150\202\152\020\371\075\345\076\033\271\275\374\042\364
+\140\004\211\273\125\155\050\125\372\336\216\215\033\041\024\327
+\067\213\064\173\115\366\262\262\020\317\063\261\175\034\142\231
+\110\313\053\154\166\226\125\277\031\015\035\037\273\145\252\033
+\216\231\265\306\050\220\345\202\055\170\120\040\232\375\171\057
+\044\177\360\211\051\151\364\175\315\163\276\263\355\116\301\321
+\355\122\136\217\367\270\327\215\207\255\262\331\033\121\022\377
+\126\263\341\257\064\175\134\244\170\210\020\236\235\003\306\245
+\252\242\044\121\367\111\024\305\261\356\131\103\225\337\253\150
+\050\060\077\002\003\001\000\001\243\202\001\206\060\202\001\202
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\001\060\123\006\003\125\035\040\004\114\060\112\060
+\110\006\011\053\006\001\004\001\261\076\001\000\060\073\060\071
+\006\010\053\006\001\005\005\007\002\001\026\055\150\164\164\160
+\072\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162
+\165\163\164\056\143\157\155\057\103\120\123\057\117\155\156\151
+\122\157\157\164\056\150\164\155\154\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\201\240\006\003\125\035
+\043\004\201\230\060\201\225\200\024\246\014\035\237\141\377\007
+\027\265\277\070\106\333\103\060\325\216\260\122\006\241\171\244
+\167\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103
+\157\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003
+\125\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162
+\165\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111
+\156\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124
+\105\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157
+\142\141\154\040\122\157\157\164\202\002\001\245\060\105\006\003
+\125\035\037\004\076\060\074\060\072\240\070\240\066\206\064\150
+\164\164\160\072\057\057\167\167\167\056\160\165\142\154\151\143
+\055\164\162\165\163\164\056\143\157\155\057\143\147\151\055\142
+\151\156\057\103\122\114\057\062\060\061\070\057\143\144\160\056
+\143\162\154\060\035\006\003\125\035\016\004\026\004\024\253\371
+\150\337\317\112\067\327\173\105\214\137\162\336\100\104\303\145
+\273\302\060\015\006\011\052\206\110\206\367\015\001\001\005\005
+\000\003\201\201\000\011\312\142\017\215\273\112\340\324\172\065
+\053\006\055\321\050\141\266\254\001\373\203\111\274\256\324\057
+\055\206\256\031\203\245\326\035\023\342\027\276\376\062\164\351
+\172\024\070\312\224\136\367\051\001\151\161\033\221\032\375\243
+\273\252\035\312\173\342\026\375\241\243\016\363\014\137\262\341
+\040\061\224\053\136\222\166\355\372\351\265\043\246\277\012\073
+\003\251\157\122\140\124\315\137\351\267\057\174\242\047\375\101
+\203\165\266\015\373\170\046\363\261\105\351\062\225\052\032\065
+\041\225\305\242\165
+END
+
+# Trust for Certificate "Explicitly Distrust DigiNotar Cyber CA 2nd"
+# Issuer: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar Cyber CA,O=DigiNotar,C=NL
+# Not Valid Before: Wed Sep 27 10:53:53 2006
+# Not Valid After : Fri Sep 20 09:44:07 2013
+# Fingerprint (MD5): F0:AE:A9:3D:F2:2C:88:DC:7C:85:1B:96:7D:5A:1C:11
+# Fingerprint (SHA1): 88:1E:45:05:0F:98:D9:59:FB:0A:35:F9:4C:0E:28:97:55:16:29:B3
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrust DigiNotar Cyber CA 2nd"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\210\036\105\005\017\230\331\131\373\012\065\371\114\016\050\227
+\125\026\051\263
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\360\256\251\075\362\054\210\334\174\205\033\226\175\132\034\021
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\022\060\020\006\003\125\004\012\023\011\104\151\147\151\116\157
+\164\141\162\061\033\060\031\006\003\125\004\003\023\022\104\151
+\147\151\116\157\164\141\162\040\103\171\142\145\162\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
+#
+# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Thu Jul 05 08:42:08 2007
+# Not Valid After : Mon Jul 27 08:39:47 2015
+# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
+# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\216\060\202\003\166\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\137\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147\151
+\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006\003
+\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040\120
+\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117\166
+\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151\152
+\166\145\156\060\036\027\015\060\067\060\067\060\065\060\070\064
+\062\060\070\132\027\015\061\065\060\067\062\067\060\070\063\071
+\064\067\132\060\137\061\013\060\011\006\003\125\004\006\023\002
+\116\114\061\027\060\025\006\003\125\004\012\023\016\104\151\147
+\151\116\157\164\141\162\040\102\056\126\056\061\067\060\065\006
+\003\125\004\003\023\056\104\151\147\151\116\157\164\141\162\040
+\120\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117
+\166\145\162\150\145\151\144\040\145\156\040\102\145\144\162\151
+\152\166\145\156\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\334\275\322\247\116\152\012\273\073\242\205
+\341\177\000\255\276\264\060\150\230\007\315\240\172\304\224\317
+\161\371\212\067\344\123\353\127\166\314\213\346\154\376\356\207
+\125\310\076\273\004\071\000\247\200\170\254\133\117\176\364\275
+\270\124\270\161\073\007\061\111\071\223\124\174\040\073\171\053
+\217\273\141\220\175\261\254\346\037\220\056\235\105\001\251\144
+\055\115\303\057\271\347\120\325\116\052\134\253\166\166\067\106
+\327\171\354\102\231\367\242\354\244\211\160\334\070\053\207\246
+\252\044\346\235\222\044\033\276\366\375\324\057\031\027\172\346
+\062\007\224\124\005\123\103\351\154\274\257\107\313\274\313\375
+\275\073\104\022\201\361\153\113\273\355\264\317\253\045\117\030
+\322\314\002\374\243\117\265\102\063\313\131\315\011\334\323\120
+\375\240\166\214\254\176\146\212\102\366\255\034\222\363\266\373
+\024\106\353\115\327\057\060\340\155\356\133\066\276\104\164\267
+\040\005\127\205\115\350\000\031\242\366\014\346\256\241\300\102
+\337\247\254\202\135\307\150\267\030\346\211\113\232\153\372\316
+\171\371\363\054\247\002\003\001\000\001\243\202\001\120\060\202
+\001\114\060\110\006\003\125\035\040\004\101\060\077\060\075\006
+\004\125\035\040\000\060\065\060\063\006\010\053\006\001\005\005
+\007\002\001\026\047\150\164\164\160\072\057\057\167\167\167\056
+\144\151\147\151\156\157\164\141\162\056\156\154\057\143\160\163
+\057\160\153\151\157\166\145\162\150\145\151\144\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\200
+\006\003\125\035\043\004\171\060\167\200\024\013\206\326\017\167
+\243\150\261\373\144\011\303\210\156\134\004\034\127\351\075\241
+\131\244\127\060\125\061\013\060\011\006\003\125\004\006\023\002
+\116\114\061\036\060\034\006\003\125\004\012\023\025\123\164\141
+\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
+\145\156\061\046\060\044\006\003\125\004\003\023\035\123\164\141
+\141\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144
+\145\156\040\122\157\157\164\040\103\101\202\004\000\230\232\171
+\060\075\006\003\125\035\037\004\066\060\064\060\062\240\060\240
+\056\206\054\150\164\164\160\072\057\057\143\162\154\056\160\153
+\151\157\166\145\162\150\145\151\144\056\156\154\057\104\157\155
+\117\166\114\141\164\145\163\164\103\122\114\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\114\010\311\215\166\361
+\230\307\076\337\074\327\057\165\015\261\166\171\227\314\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001
+\001\000\014\224\207\032\277\115\343\205\342\356\327\330\143\171
+\016\120\337\306\204\133\322\273\331\365\061\012\032\065\227\164
+\337\024\372\052\017\076\355\240\343\010\366\325\116\133\257\246
+\256\045\342\105\153\042\017\267\124\050\176\222\336\215\024\154
+\321\034\345\156\164\004\234\267\357\064\104\105\337\311\203\035
+\031\037\300\051\151\337\211\325\077\302\260\123\155\345\116\027
+\344\163\141\043\023\046\161\103\375\114\131\313\303\337\042\252
+\041\053\331\277\225\021\032\212\244\342\253\247\135\113\157\051
+\365\122\321\344\322\025\261\213\376\360\003\317\247\175\351\231
+\207\070\263\015\163\024\344\162\054\341\316\365\255\006\110\144
+\372\323\051\271\242\330\273\364\325\013\245\100\104\103\216\240
+\277\316\132\245\122\114\144\323\027\061\141\314\350\244\212\350
+\344\210\373\351\345\057\006\063\063\233\224\146\146\261\253\120
+\072\241\011\201\164\123\132\047\271\246\322\045\317\323\303\247
+\377\226\320\057\352\340\036\215\122\351\030\034\040\012\107\240
+\226\126\016\100\220\121\104\254\032\375\361\356\205\037\367\102
+\132\145
+END
+
+# Trust for Certificate "Explicitly Distrusted DigiNotar PKIoverheid"
+# Issuer: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Thu Jul 05 08:42:08 2007
+# Not Valid After : Mon Jul 27 08:39:47 2015
+# Fingerprint (MD5): A3:CF:B3:FF:F9:4F:A7:B1:EB:3A:75:58:4E:2E:9F:EA
+# Fingerprint (SHA1): A7:A8:C9:AC:F4:5F:90:92:76:86:B8:C0:A2:0E:93:58:7D:DE:30:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\247\250\311\254\364\137\220\222\166\206\270\300\242\016\223\130
+\175\336\060\344
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\243\317\263\377\371\117\247\261\353\072\165\130\116\056\237\352
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\137\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\023\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\067\060\065\006\003\125\004
+\003\023\056\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\166\145\162
+\150\145\151\144\040\145\156\040\102\145\144\162\151\152\166\145
+\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
+#
+# Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Wed May 12 08:51:39 2010
+# Not Valid After : Mon Mar 23 09:50:05 2020
+# Fingerprint (MD5): 2E:61:A2:D1:78:CE:EE:BF:59:33:B0:23:14:0F:94:1C
+# Fingerprint (SHA1): D5:F2:57:A9:BF:2D:D0:3F:8B:46:57:F9:2B:C9:A4:C6:92:E1:42:42
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004
+\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141
+\156\151\163\141\164\151\145\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004
+\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141
+\156\151\163\141\164\151\145\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\225\060\202\004\175\240\003\002\001\002\002\004\017
+\377\377\377\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\027\060\025\006\003\125\004\012\014\016\104\151\147\151
+\116\157\164\141\162\040\102\056\126\056\061\062\060\060\006\003
+\125\004\003\014\051\104\151\147\151\116\157\164\141\162\040\120
+\113\111\157\166\145\162\150\145\151\144\040\103\101\040\117\162
+\147\141\156\151\163\141\164\151\145\040\055\040\107\062\060\036
+\027\015\061\060\060\065\061\062\060\070\065\061\063\071\132\027
+\015\062\060\060\063\062\063\060\071\065\060\060\065\132\060\132
+\061\013\060\011\006\003\125\004\006\023\002\116\114\061\027\060
+\025\006\003\125\004\012\014\016\104\151\147\151\116\157\164\141
+\162\040\102\056\126\056\061\062\060\060\006\003\125\004\003\014
+\051\104\151\147\151\116\157\164\141\162\040\120\113\111\157\166
+\145\162\150\145\151\144\040\103\101\040\117\162\147\141\156\151
+\163\141\164\151\145\040\055\040\107\062\060\202\002\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
+\017\000\060\202\002\012\002\202\002\001\000\261\023\031\017\047
+\346\154\324\125\206\113\320\354\211\212\105\221\170\254\107\275
+\107\053\344\374\105\353\117\264\046\163\133\067\323\303\177\366
+\343\336\327\243\370\055\150\305\010\076\113\224\326\344\207\045
+\066\153\204\265\030\164\363\050\130\163\057\233\152\317\274\004
+\036\366\336\335\257\374\113\252\365\333\146\142\045\001\045\202
+\336\362\227\132\020\156\335\135\251\042\261\004\251\043\163\072
+\370\161\255\035\317\204\104\353\107\321\257\155\310\174\050\253
+\307\362\067\172\164\137\137\305\002\024\212\243\132\343\033\154
+\001\343\135\216\331\150\326\364\011\033\062\334\221\265\054\365
+\040\353\214\003\155\046\111\270\223\304\205\135\330\322\233\257
+\126\152\314\005\063\314\240\102\236\064\125\104\234\153\240\324
+\022\320\053\124\315\267\211\015\345\366\353\350\373\205\001\063
+\117\172\153\361\235\162\063\226\016\367\262\204\245\245\047\304
+\047\361\121\163\051\167\272\147\156\376\114\334\264\342\241\241
+\201\057\071\111\215\103\070\023\316\320\245\134\302\207\072\000
+\147\145\102\043\361\066\131\012\035\243\121\310\274\243\224\052
+\061\337\343\074\362\235\032\074\004\260\357\261\012\060\023\163
+\266\327\363\243\114\001\165\024\205\170\300\327\212\071\130\205
+\120\372\056\346\305\276\317\213\077\257\217\066\324\045\011\055
+\322\017\254\162\223\362\277\213\324\120\263\371\025\120\233\231
+\365\024\331\373\213\221\243\062\046\046\240\370\337\073\140\201
+\206\203\171\133\053\353\023\075\051\072\301\155\335\275\236\216
+\207\326\112\256\064\227\005\356\024\246\366\334\070\176\112\351
+\044\124\007\075\227\150\067\106\153\015\307\250\041\257\023\124
+\344\011\152\361\115\106\012\311\135\373\233\117\275\336\373\267
+\124\313\270\070\234\247\071\373\152\055\300\173\215\253\245\247
+\127\354\112\222\212\063\305\341\040\134\163\330\220\222\053\200
+\325\017\206\030\151\174\071\117\204\206\274\367\114\133\363\325
+\264\312\240\302\360\067\042\312\171\122\037\123\346\252\363\220
+\260\073\335\362\050\375\254\353\305\006\044\240\311\324\057\017
+\130\375\265\236\354\017\317\262\131\320\242\004\172\070\152\256
+\162\373\275\360\045\142\224\011\247\005\013\002\003\001\000\001
+\243\202\001\141\060\202\001\135\060\110\006\003\125\035\040\004
+\101\060\077\060\075\006\004\125\035\040\000\060\065\060\063\006
+\010\053\006\001\005\005\007\002\001\026\047\150\164\164\160\072
+\057\057\167\167\167\056\144\151\147\151\156\157\164\141\162\056
+\156\154\057\143\160\163\057\160\153\151\157\166\145\162\150\145
+\151\144\060\017\006\003\125\035\023\001\001\377\004\005\060\003
+\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\201\205\006\003\125\035\043\004\176\060\174\200
+\024\071\020\213\111\222\134\333\141\022\040\315\111\235\032\216
+\332\234\147\100\271\241\136\244\134\060\132\061\013\060\011\006
+\003\125\004\006\023\002\116\114\061\036\060\034\006\003\125\004
+\012\014\025\123\164\141\141\164\040\144\145\162\040\116\145\144
+\145\162\154\141\156\144\145\156\061\053\060\051\006\003\125\004
+\003\014\042\123\164\141\141\164\040\144\145\162\040\116\145\144
+\145\162\154\141\156\144\145\156\040\122\157\157\164\040\103\101
+\040\055\040\107\062\202\004\000\230\226\364\060\111\006\003\125
+\035\037\004\102\060\100\060\076\240\074\240\072\206\070\150\164
+\164\160\072\057\057\143\162\154\056\160\153\151\157\166\145\162
+\150\145\151\144\056\156\154\057\104\157\155\117\162\147\141\156
+\151\163\141\164\151\145\114\141\164\145\163\164\103\122\114\055
+\107\062\056\143\162\154\060\035\006\003\125\035\016\004\026\004
+\024\274\135\224\073\331\253\173\003\045\163\141\302\333\055\356
+\374\253\217\145\241\060\015\006\011\052\206\110\206\367\015\001
+\001\013\005\000\003\202\002\001\000\217\374\055\114\267\331\055
+\325\037\275\357\313\364\267\150\027\165\235\116\325\367\335\234
+\361\052\046\355\237\242\266\034\003\325\123\263\354\010\317\064
+\342\343\303\364\265\026\057\310\303\276\327\323\163\253\000\066
+\371\032\112\176\326\143\351\136\106\272\245\266\216\025\267\243
+\052\330\103\035\357\135\310\037\201\205\263\213\367\377\074\364
+\331\364\106\010\077\234\274\035\240\331\250\114\315\045\122\116
+\012\261\040\367\037\351\103\331\124\106\201\023\232\300\136\164
+\154\052\230\062\352\374\167\273\015\245\242\061\230\042\176\174
+\174\347\332\244\255\354\267\056\032\031\161\370\110\120\332\103
+\217\054\204\335\301\100\047\343\265\360\025\116\226\324\370\134
+\343\206\051\106\053\327\073\007\353\070\177\310\206\127\227\323
+\357\052\063\304\027\120\325\144\151\153\053\153\105\136\135\057
+\027\312\132\116\317\303\327\071\074\365\073\237\106\271\233\347
+\016\111\227\235\326\325\343\033\017\352\217\001\116\232\023\224
+\131\012\002\007\110\113\032\140\253\177\117\355\013\330\125\015
+\150\157\125\234\151\145\025\102\354\300\334\335\154\254\303\026
+\316\013\035\126\233\244\304\304\322\056\340\017\342\104\047\053
+\120\151\244\334\142\350\212\041\051\102\154\314\000\072\226\166
+\233\357\100\300\244\136\167\204\062\154\046\052\071\146\256\135
+\343\271\271\262\054\150\037\036\232\220\003\071\360\252\263\244
+\314\111\213\030\064\351\067\311\173\051\307\204\174\157\104\025
+\057\354\141\131\004\311\105\313\242\326\122\242\174\177\051\222
+\326\112\305\213\102\250\324\376\352\330\307\207\043\030\344\235
+\172\175\163\100\122\230\240\256\156\343\005\077\005\017\340\245
+\306\155\115\355\203\067\210\234\307\363\334\102\232\152\266\327
+\041\111\066\167\362\357\030\117\305\160\331\236\351\336\267\053
+\213\364\274\176\050\337\015\100\311\205\134\256\235\305\061\377
+\320\134\016\265\250\176\360\351\057\272\257\210\256\345\265\321
+\130\245\257\234\161\247\051\001\220\203\151\067\202\005\272\374
+\011\301\010\156\214\170\073\303\063\002\200\077\104\205\010\035
+\337\125\126\010\255\054\205\055\135\261\003\341\256\252\164\305
+\244\363\116\272\067\230\173\202\271
+END
+
+# Trust for Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
+# Issuer: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
+# Serial Number: 268435455 (0xfffffff)
+# Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2,O=DigiNotar B.V.,C=NL
+# Not Valid Before: Wed May 12 08:51:39 2010
+# Not Valid After : Mon Mar 23 09:50:05 2020
+# Fingerprint (MD5): 2E:61:A2:D1:78:CE:EE:BF:59:33:B0:23:14:0F:94:1C
+# Fingerprint (SHA1): D5:F2:57:A9:BF:2D:D0:3F:8B:46:57:F9:2B:C9:A4:C6:92:E1:42:42
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted DigiNotar PKIoverheid G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\325\362\127\251\277\055\320\077\213\106\127\371\053\311\244\306
+\222\341\102\102
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\056\141\242\321\170\316\356\277\131\063\260\043\024\017\224\034
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\027\060\025\006\003\125\004\012\014\016\104\151\147\151\116\157
+\164\141\162\040\102\056\126\056\061\062\060\060\006\003\125\004
+\003\014\051\104\151\147\151\116\157\164\141\162\040\120\113\111
+\157\166\145\162\150\145\151\144\040\103\101\040\117\162\147\141
+\156\151\163\141\164\151\145\040\055\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\017\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+#
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Tue Jul 17 15:17:49 2007
+# Not Valid After : Tue Jul 17 15:16:55 2012
+# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
+# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\143\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\050\105\156
+\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\315\060\202\003\066\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\165\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\030\060\026\006\003\125\004\012\023\017\107\124
+\105\040\103\157\162\160\157\162\141\164\151\157\156\061\047\060
+\045\006\003\125\004\013\023\036\107\124\105\040\103\171\142\145
+\162\124\162\165\163\164\040\123\157\154\165\164\151\157\156\163
+\054\040\111\156\143\056\061\043\060\041\006\003\125\004\003\023
+\032\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\107\154\157\142\141\154\040\122\157\157\164\060\036\027\015\060
+\067\060\067\061\067\061\065\061\067\064\071\132\027\015\061\062
+\060\067\061\067\061\065\061\066\065\065\132\060\143\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\044\060\042\006\003
+\125\004\003\023\033\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\050\105\156\162\151\143\150\051
+\060\201\237\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\201\215\000\060\201\211\002\201\201\000\255\250\144
+\113\115\207\307\204\131\271\373\220\106\240\246\211\300\361\376
+\325\332\124\202\067\015\231\053\105\046\012\350\126\260\177\312
+\250\364\216\107\204\001\202\051\343\263\152\265\221\363\373\225
+\205\274\162\250\144\350\012\100\234\305\364\161\256\173\173\152
+\007\352\220\024\117\215\211\257\224\253\262\006\324\002\152\173
+\230\037\131\271\072\315\124\372\040\337\262\052\012\351\270\335
+\151\220\300\051\323\116\320\227\355\146\314\305\031\111\006\177
+\372\136\054\174\173\205\033\062\102\337\173\225\045\002\003\001
+\000\001\243\202\001\170\060\202\001\164\060\022\006\003\125\035
+\023\001\001\377\004\010\060\006\001\001\377\002\001\000\060\134
+\006\003\125\035\040\004\125\060\123\060\110\006\011\053\006\001
+\004\001\261\076\001\000\060\073\060\071\006\010\053\006\001\005
+\005\007\002\001\026\055\150\164\164\160\072\057\057\143\171\142
+\145\162\164\162\165\163\164\056\157\155\156\151\162\157\157\164
+\056\143\157\155\057\162\145\160\157\163\151\164\157\162\171\056
+\143\146\155\060\007\006\005\140\203\112\001\001\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\346\060\201\211\006
+\003\125\035\043\004\201\201\060\177\241\171\244\167\060\165\061
+\013\060\011\006\003\125\004\006\023\002\125\123\061\030\060\026
+\006\003\125\004\012\023\017\107\124\105\040\103\157\162\160\157
+\162\141\164\151\157\156\061\047\060\045\006\003\125\004\013\023
+\036\107\124\105\040\103\171\142\145\162\124\162\165\163\164\040
+\123\157\154\165\164\151\157\156\163\054\040\111\156\143\056\061
+\043\060\041\006\003\125\004\003\023\032\107\124\105\040\103\171
+\142\145\162\124\162\165\163\164\040\107\154\157\142\141\154\040
+\122\157\157\164\202\002\001\245\060\105\006\003\125\035\037\004
+\076\060\074\060\072\240\070\240\066\206\064\150\164\164\160\072
+\057\057\167\167\167\056\160\165\142\154\151\143\055\164\162\165
+\163\164\056\143\157\155\057\143\147\151\055\142\151\156\057\103
+\122\114\057\062\060\061\070\057\143\144\160\056\143\162\154\060
+\035\006\003\125\035\016\004\026\004\024\306\026\223\116\026\027
+\354\026\256\214\224\166\363\206\155\305\164\156\204\167\060\015
+\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
+\000\166\000\173\246\170\053\146\035\216\136\066\306\244\216\005
+\362\043\222\174\223\147\323\364\300\012\175\213\055\331\352\325
+\157\032\363\341\112\051\132\042\204\115\120\057\113\014\362\377
+\205\302\173\125\324\104\202\276\155\254\147\216\274\264\037\222
+\234\121\200\032\024\366\156\253\141\210\013\255\034\177\367\113
+\120\121\326\145\033\246\107\161\025\136\260\161\363\065\024\362
+\067\275\143\310\325\360\223\132\064\137\330\075\350\135\367\305
+\036\300\345\317\037\206\044\251\074\007\146\315\301\322\066\143
+\131
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Tue Jul 17 15:17:49 2007
+# Not Valid After : Tue Jul 17 15:16:55 2012
+# Fingerprint (MD5): D2:DE:AE:50:A4:98:2D:6F:37:B7:86:52:C8:2D:4B:6A
+# Fingerprint (SHA1): 55:50:AF:EC:BF:E8:C3:AD:C4:0B:E3:AD:0C:A7:E4:15:8C:39:59:4F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (cyb)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\120\257\354\277\350\303\255\304\013\343\255\014\247\344\025
+\214\071\131\117
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\322\336\256\120\244\230\055\157\067\267\206\122\310\055\113\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\030\060\026\006\003\125\004\012\023\017\107\124\105\040\103\157
+\162\160\157\162\141\164\151\157\156\061\047\060\045\006\003\125
+\004\013\023\036\107\124\105\040\103\171\142\145\162\124\162\165
+\163\164\040\123\157\154\165\164\151\157\156\163\054\040\111\156
+\143\056\061\043\060\041\006\003\125\004\003\023\032\107\124\105
+\040\103\171\142\145\162\124\162\165\163\164\040\107\154\157\142
+\141\154\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+#
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Fri Jul 16 17:23:38 2010
+# Not Valid After : Thu Jul 16 17:53:38 2015
+# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
+# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\115\131\061
+\033\060\031\006\003\125\004\012\023\022\104\151\147\151\143\145
+\162\164\040\123\144\156\056\040\102\150\144\056\061\021\060\017
+\006\003\125\004\013\023\010\064\065\067\066\060\070\055\113\061
+\046\060\044\006\003\125\004\003\023\035\104\151\147\151\163\151
+\147\156\040\123\145\162\166\145\162\040\111\104\040\055\040\050
+\105\156\162\151\143\150\051
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\320\060\202\003\270\240\003\002\001\002\002\006\007
+\377\377\377\377\377\060\015\006\011\052\206\110\206\367\015\001
+\001\005\005\000\060\201\264\061\024\060\022\006\003\125\004\012
+\023\013\105\156\164\162\165\163\164\056\156\145\164\061\100\060
+\076\006\003\125\004\013\024\067\167\167\167\056\145\156\164\162
+\165\163\164\056\156\145\164\057\103\120\123\137\062\060\064\070
+\040\151\156\143\157\162\160\056\040\142\171\040\162\145\146\056
+\040\050\154\151\155\151\164\163\040\154\151\141\142\056\051\061
+\045\060\043\006\003\125\004\013\023\034\050\143\051\040\061\071
+\071\071\040\105\156\164\162\165\163\164\056\156\145\164\040\114
+\151\155\151\164\145\144\061\063\060\061\006\003\125\004\003\023
+\052\105\156\164\162\165\163\164\056\156\145\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\050\062\060\064\070\051\060\036\027\015\061
+\060\060\067\061\066\061\067\062\063\063\070\132\027\015\061\065
+\060\067\061\066\061\067\065\063\063\070\132\060\145\061\013\060
+\011\006\003\125\004\006\023\002\115\131\061\033\060\031\006\003
+\125\004\012\023\022\104\151\147\151\143\145\162\164\040\123\144
+\156\056\040\102\150\144\056\061\021\060\017\006\003\125\004\013
+\023\010\064\065\067\066\060\070\055\113\061\046\060\044\006\003
+\125\004\003\023\035\104\151\147\151\163\151\147\156\040\123\145
+\162\166\145\162\040\111\104\040\055\040\050\105\156\162\151\143
+\150\051\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\305\211\344\364\015\006\100\222\131\307\032\263\065
+\321\016\114\052\063\371\370\257\312\236\177\356\271\247\155\140
+\364\124\350\157\325\233\363\033\143\061\004\150\162\321\064\026
+\214\264\027\054\227\336\163\305\330\220\025\240\032\053\365\313
+\263\110\206\104\360\035\210\114\316\101\102\032\357\365\014\336
+\376\100\332\071\040\367\006\125\072\152\235\106\301\322\157\245
+\262\310\127\076\051\243\234\340\351\205\167\146\350\230\247\044
+\176\276\300\131\040\345\104\157\266\127\330\276\316\302\145\167
+\130\306\141\101\321\164\004\310\177\111\102\305\162\251\162\026
+\356\214\335\022\135\264\112\324\321\257\120\267\330\252\165\166
+\150\255\076\135\252\060\155\141\250\253\020\133\076\023\277\063
+\340\257\104\235\070\042\133\357\114\057\246\161\046\025\046\312
+\050\214\331\372\216\216\251\242\024\065\342\233\044\210\264\364
+\177\205\235\203\117\007\241\266\024\220\066\304\064\034\215\046
+\141\155\023\157\170\276\350\217\047\307\113\204\226\243\206\150
+\014\043\276\013\354\214\224\000\251\004\212\023\220\367\337\205
+\154\014\261\002\003\001\000\001\243\202\001\064\060\202\001\060
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001\001
+\377\002\001\000\060\047\006\003\125\035\045\004\040\060\036\006
+\010\053\006\001\005\005\007\003\001\006\010\053\006\001\005\005
+\007\003\002\006\010\053\006\001\005\005\007\003\004\060\063\006
+\010\053\006\001\005\005\007\001\001\004\047\060\045\060\043\006
+\010\053\006\001\005\005\007\060\001\206\027\150\164\164\160\072
+\057\057\157\143\163\160\056\145\156\164\162\165\163\164\056\156
+\145\164\060\104\006\003\125\035\040\004\075\060\073\060\071\006
+\005\140\203\112\001\001\060\060\060\056\006\010\053\006\001\005
+\005\007\002\001\026\042\150\164\164\160\072\057\057\167\167\167
+\056\144\151\147\151\143\145\162\164\056\143\157\155\056\155\171
+\057\143\160\163\056\150\164\155\060\062\006\003\125\035\037\004
+\053\060\051\060\047\240\045\240\043\206\041\150\164\164\160\072
+\057\057\143\162\154\056\145\156\164\162\165\163\164\056\156\145
+\164\057\062\060\064\070\143\141\056\143\162\154\060\021\006\003
+\125\035\016\004\012\004\010\114\116\314\045\050\003\051\201\060
+\037\006\003\125\035\043\004\030\060\026\200\024\125\344\201\321
+\021\200\276\330\211\271\010\243\061\371\241\044\011\026\271\160
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
+\202\001\001\000\227\114\357\112\072\111\254\162\374\060\040\153
+\264\051\133\247\305\225\004\220\371\062\325\302\205\152\336\003
+\241\067\371\211\000\260\132\254\125\176\333\103\065\377\311\001
+\370\121\276\314\046\312\310\152\244\304\124\076\046\036\347\014
+\243\315\227\147\224\335\246\102\353\134\315\217\071\171\153\063
+\171\041\006\171\372\202\104\025\231\314\301\267\071\323\106\142
+\174\262\160\353\157\316\040\252\076\031\267\351\164\202\234\264
+\245\113\115\141\000\067\344\207\322\362\024\072\144\174\270\251
+\173\141\340\223\042\347\325\237\076\107\346\066\166\240\123\330
+\000\003\072\017\265\063\376\226\312\323\322\202\072\056\335\327
+\110\341\344\247\151\314\034\351\231\112\347\312\160\105\327\013
+\007\016\232\165\033\320\057\222\157\366\244\007\303\275\034\113
+\246\204\266\175\250\232\251\322\247\051\361\013\127\151\036\227
+\127\046\354\053\103\254\324\105\203\005\000\351\343\360\106\100
+\007\372\352\261\121\163\223\034\245\335\123\021\067\310\052\247
+\025\047\035\264\252\314\177\252\061\060\374\270\105\237\110\011
+\355\020\342\305
+END
+
+# Trust for Certificate "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+# Issuer: CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
+# Serial Number:07:ff:ff:ff:ff:ff
+# Subject: CN=Digisign Server ID - (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY
+# Not Valid Before: Fri Jul 16 17:23:38 2010
+# Not Valid After : Thu Jul 16 17:53:38 2015
+# Fingerprint (MD5): D7:69:61:7F:35:0F:9C:46:A3:AA:EB:F8:55:FC:84:F2
+# Fingerprint (SHA1): 6B:3C:3B:80:AD:CA:A6:BA:8A:9F:54:A6:7A:ED:12:69:05:6D:31:26
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted Malaysian Digicert Sdn. Bhd. (en)"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\153\074\073\200\255\312\246\272\212\237\124\246\172\355\022\151
+\005\155\061\046
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\327\151\141\177\065\017\234\106\243\252\353\370\125\374\204\362
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156
+\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125
+\004\013\024\067\167\167\167\056\145\156\164\162\165\163\164\056
+\156\145\164\057\103\120\123\137\062\060\064\070\040\151\156\143
+\157\162\160\056\040\142\171\040\162\145\146\056\040\050\154\151
+\155\151\164\163\040\154\151\141\142\056\051\061\045\060\043\006
+\003\125\004\013\023\034\050\143\051\040\061\071\071\071\040\105
+\156\164\162\165\163\164\056\156\145\164\040\114\151\155\151\164
+\145\144\061\063\060\061\006\003\125\004\003\023\052\105\156\164
+\162\165\163\164\056\156\145\164\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\050\062\060\064\070\051
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\007\377\377\377\377\377
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
+# Certificate "Security Communication RootCA2"
+#
+# Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Fri May 29 05:00:39 2009
+# Not Valid After : Tue May 29 05:00:39 2029
+# Fingerprint (MD5): 6C:39:7D:A4:0E:55:59:B2:3F:D6:41:B1:12:50:DE:43
+# Fingerprint (SHA1): 5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication RootCA2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023
+\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023
+\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\167\060\202\002\137\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045
+\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124
+\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056
+\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036
+\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151
+\143\141\164\151\157\156\040\122\157\157\164\103\101\062\060\036
+\027\015\060\071\060\065\062\071\060\065\060\060\063\071\132\027
+\015\062\071\060\065\062\071\060\065\060\060\063\071\132\060\135
+\061\013\060\011\006\003\125\004\006\023\002\112\120\061\045\060
+\043\006\003\125\004\012\023\034\123\105\103\117\115\040\124\162
+\165\163\164\040\123\171\163\164\145\155\163\040\103\117\056\054
+\114\124\104\056\061\047\060\045\006\003\125\004\013\023\036\123
+\145\143\165\162\151\164\171\040\103\157\155\155\165\156\151\143
+\141\164\151\157\156\040\122\157\157\164\103\101\062\060\202\001
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\001\017\000\060\202\001\012\002\202\001\001\000\320\025
+\071\122\261\122\263\272\305\131\202\304\135\122\256\072\103\145
+\200\113\307\362\226\274\333\066\227\326\246\144\214\250\136\360
+\343\012\034\367\337\227\075\113\256\366\135\354\041\265\101\253
+\315\271\176\166\237\276\371\076\066\064\240\073\301\366\061\021
+\105\164\223\075\127\200\305\371\211\231\312\345\253\152\324\265
+\332\101\220\020\301\326\326\102\211\302\277\364\070\022\225\114
+\124\005\367\066\344\105\203\173\024\145\326\334\014\115\321\336
+\176\014\253\073\304\025\276\072\126\246\132\157\166\151\122\251
+\172\271\310\353\152\232\135\122\320\055\012\153\065\026\011\020
+\204\320\152\312\072\006\000\067\107\344\176\127\117\077\213\353
+\147\270\210\252\305\276\123\125\262\221\304\175\271\260\205\031
+\006\170\056\333\141\032\372\205\365\112\221\241\347\026\325\216
+\242\071\337\224\270\160\037\050\077\213\374\100\136\143\203\074
+\203\052\032\231\153\317\336\131\152\073\374\157\026\327\037\375
+\112\020\353\116\202\026\072\254\047\014\123\361\255\325\044\260
+\153\003\120\301\055\074\026\335\104\064\047\032\165\373\002\003
+\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026
+\004\024\012\205\251\167\145\005\230\174\100\201\370\017\227\054
+\070\361\012\354\074\317\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\003\202\001\001\000\114\072\243\104\254
+\271\105\261\307\223\176\310\013\012\102\337\144\352\034\356\131
+\154\010\272\211\137\152\312\112\225\236\172\217\007\305\332\105
+\162\202\161\016\072\322\314\157\247\264\241\043\273\366\044\237
+\313\027\376\214\246\316\302\322\333\314\215\374\161\374\003\051
+\301\154\135\063\137\144\266\145\073\211\157\030\166\170\365\334
+\242\110\037\031\077\216\223\353\361\372\027\356\315\116\343\004
+\022\125\326\345\344\335\373\076\005\174\342\035\136\306\247\274
+\227\117\150\072\365\351\056\012\103\266\257\127\134\142\150\174
+\267\375\243\212\204\240\254\142\276\053\011\207\064\360\152\001
+\273\233\051\126\074\376\000\067\317\043\154\361\116\252\266\164
+\106\022\154\221\356\064\325\354\232\221\347\104\276\220\061\162
+\325\111\002\366\002\345\364\037\353\174\331\226\125\251\377\354
+\212\371\231\107\377\065\132\002\252\004\313\212\133\207\161\051
+\221\275\244\264\172\015\275\232\365\127\043\000\007\041\027\077
+\112\071\321\005\111\013\247\266\067\201\245\135\214\252\063\136
+\201\050\174\247\175\047\353\000\256\215\067
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Security Communication RootCA2"
+# Issuer: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA2,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Fri May 29 05:00:39 2009
+# Not Valid After : Tue May 29 05:00:39 2029
+# Fingerprint (MD5): 6C:39:7D:A4:0E:55:59:B2:3F:D6:41:B1:12:50:DE:43
+# Fingerprint (SHA1): 5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Security Communication RootCA2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\137\073\214\362\370\020\263\175\170\264\316\354\031\031\303\163
+\064\271\307\164
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\154\071\175\244\016\125\131\262\077\326\101\261\022\120\336\103
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\135\061\013\060\011\006\003\125\004\006\023\002\112\120\061
+\045\060\043\006\003\125\004\012\023\034\123\105\103\117\115\040
+\124\162\165\163\164\040\123\171\163\164\145\155\163\040\103\117
+\056\054\114\124\104\056\061\047\060\045\006\003\125\004\013\023
+\036\123\145\143\165\162\151\164\171\040\103\157\155\155\165\156
+\151\143\141\164\151\157\156\040\122\157\157\164\103\101\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "EC-ACC"
+#
+# Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
+# Serial Number:ee:2b:3d:eb:d4:21:de:14:a8:62:ac:04:f3:dd:c4:01
+# Subject: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
+# Not Valid Before: Tue Jan 07 23:00:00 2003
+# Not Valid After : Tue Jan 07 22:59:59 2031
+# Fingerprint (MD5): EB:F5:9D:29:0D:61:F9:42:1F:7C:C2:BA:6D:E3:15:09
+# Fingerprint (SHA1): 28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EC-ACC"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123
+\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143
+\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103
+\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106
+\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060
+\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040
+\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013
+\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057
+\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057
+\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065
+\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165
+\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103
+\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141
+\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006
+\105\103\055\101\103\103
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123
+\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143
+\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103
+\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106
+\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060
+\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040
+\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013
+\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057
+\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057
+\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065
+\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165
+\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103
+\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141
+\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006
+\105\103\055\101\103\103
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335
+\304\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\126\060\202\004\076\240\003\002\001\002\002\020\356
+\053\075\353\324\041\336\024\250\142\254\004\363\335\304\001\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\363\061\013\060\011\006\003\125\004\006\023\002\105\123\061\073
+\060\071\006\003\125\004\012\023\062\101\147\145\156\143\151\141
+\040\103\141\164\141\154\141\156\141\040\144\145\040\103\145\162
+\164\151\146\151\143\141\143\151\157\040\050\116\111\106\040\121
+\055\060\070\060\061\061\067\066\055\111\051\061\050\060\046\006
+\003\125\004\013\023\037\123\145\162\166\145\151\163\040\120\165
+\142\154\151\143\163\040\144\145\040\103\145\162\164\151\146\151
+\143\141\143\151\157\061\065\060\063\006\003\125\004\013\023\054
+\126\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167
+\167\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145
+\162\141\162\162\145\154\040\050\143\051\060\063\061\065\060\063
+\006\003\125\004\013\023\054\112\145\162\141\162\161\165\151\141
+\040\105\156\164\151\164\141\164\163\040\144\145\040\103\145\162
+\164\151\146\151\143\141\143\151\157\040\103\141\164\141\154\141
+\156\145\163\061\017\060\015\006\003\125\004\003\023\006\105\103
+\055\101\103\103\060\036\027\015\060\063\060\061\060\067\062\063
+\060\060\060\060\132\027\015\063\061\060\061\060\067\062\062\065
+\071\065\071\132\060\201\363\061\013\060\011\006\003\125\004\006
+\023\002\105\123\061\073\060\071\006\003\125\004\012\023\062\101
+\147\145\156\143\151\141\040\103\141\164\141\154\141\156\141\040
+\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040
+\050\116\111\106\040\121\055\060\070\060\061\061\067\066\055\111
+\051\061\050\060\046\006\003\125\004\013\023\037\123\145\162\166
+\145\151\163\040\120\165\142\154\151\143\163\040\144\145\040\103
+\145\162\164\151\146\151\143\141\143\151\157\061\065\060\063\006
+\003\125\004\013\023\054\126\145\147\145\165\040\150\164\164\160
+\163\072\057\057\167\167\167\056\143\141\164\143\145\162\164\056
+\156\145\164\057\166\145\162\141\162\162\145\154\040\050\143\051
+\060\063\061\065\060\063\006\003\125\004\013\023\054\112\145\162
+\141\162\161\165\151\141\040\105\156\164\151\164\141\164\163\040
+\144\145\040\103\145\162\164\151\146\151\143\141\143\151\157\040
+\103\141\164\141\154\141\156\145\163\061\017\060\015\006\003\125
+\004\003\023\006\105\103\055\101\103\103\060\202\001\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
+\017\000\060\202\001\012\002\202\001\001\000\263\042\307\117\342
+\227\102\225\210\107\203\100\366\035\027\363\203\163\044\036\121
+\363\230\212\303\222\270\377\100\220\005\160\207\140\311\000\251
+\265\224\145\031\042\025\027\302\103\154\146\104\232\015\004\076
+\071\157\245\113\172\252\143\267\212\104\235\331\143\221\204\146
+\340\050\017\272\102\343\156\216\367\024\047\223\151\356\221\016
+\243\137\016\261\353\146\242\162\117\022\023\206\145\172\076\333
+\117\007\364\247\011\140\332\072\102\231\307\262\177\263\026\225
+\034\307\371\064\265\224\205\325\231\136\240\110\240\176\347\027
+\145\270\242\165\270\036\363\345\102\175\257\355\363\212\110\144
+\135\202\024\223\330\300\344\377\263\120\162\362\166\366\263\135
+\102\120\171\320\224\076\153\014\000\276\330\153\016\116\052\354
+\076\322\314\202\242\030\145\063\023\167\236\232\135\032\023\330
+\303\333\075\310\227\172\356\160\355\247\346\174\333\161\317\055
+\224\142\337\155\326\365\070\276\077\245\205\012\031\270\250\330
+\011\165\102\160\304\352\357\313\016\310\064\250\022\042\230\014
+\270\023\224\266\113\354\360\320\220\347\047\002\003\001\000\001
+\243\201\343\060\201\340\060\035\006\003\125\035\021\004\026\060
+\024\201\022\145\143\137\141\143\143\100\143\141\164\143\145\162
+\164\056\156\145\164\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004
+\024\240\303\213\104\252\067\245\105\277\227\200\132\321\361\170
+\242\233\351\135\215\060\177\006\003\125\035\040\004\170\060\166
+\060\164\006\013\053\006\001\004\001\365\170\001\003\001\012\060
+\145\060\054\006\010\053\006\001\005\005\007\002\001\026\040\150
+\164\164\160\163\072\057\057\167\167\167\056\143\141\164\143\145
+\162\164\056\156\145\164\057\166\145\162\141\162\162\145\154\060
+\065\006\010\053\006\001\005\005\007\002\002\060\051\032\047\126
+\145\147\145\165\040\150\164\164\160\163\072\057\057\167\167\167
+\056\143\141\164\143\145\162\164\056\156\145\164\057\166\145\162
+\141\162\162\145\154\040\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\001\001\000\240\110\133\202\001\366
+\115\110\270\071\125\065\234\200\172\123\231\325\132\377\261\161
+\073\314\071\011\224\136\326\332\357\276\001\133\135\323\036\330
+\375\175\117\315\240\101\340\064\223\277\313\342\206\234\067\222
+\220\126\034\334\353\051\005\345\304\236\307\065\337\212\014\315
+\305\041\103\351\252\210\345\065\300\031\102\143\132\002\136\244
+\110\030\072\205\157\334\235\274\077\235\234\301\207\270\172\141
+\010\351\167\013\177\160\253\172\335\331\227\054\144\036\205\277
+\274\164\226\241\303\172\022\354\014\032\156\203\014\074\350\162
+\106\237\373\110\325\136\227\346\261\241\370\344\357\106\045\224
+\234\211\333\151\070\276\354\134\016\126\307\145\121\345\120\210
+\210\277\102\325\053\075\345\371\272\236\056\263\312\364\163\222
+\002\013\276\114\146\353\040\376\271\313\265\231\177\346\266\023
+\372\312\113\115\331\356\123\106\006\073\306\116\255\223\132\201
+\176\154\052\113\152\005\105\214\362\041\244\061\220\207\154\145
+\234\235\245\140\225\072\122\177\365\321\253\010\156\363\356\133
+\371\210\075\176\270\157\156\003\344\102
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "EC-ACC"
+# Issuer: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
+# Serial Number:ee:2b:3d:eb:d4:21:de:14:a8:62:ac:04:f3:dd:c4:01
+# Subject: CN=EC-ACC,OU=Jerarquia Entitats de Certificacio Catalanes,OU=Vegeu https://www.catcert.net/verarrel (c)03,OU=Serveis Publics de Certificacio,O=Agencia Catalana de Certificacio (NIF Q-0801176-I),C=ES
+# Not Valid Before: Tue Jan 07 23:00:00 2003
+# Not Valid After : Tue Jan 07 22:59:59 2031
+# Fingerprint (MD5): EB:F5:9D:29:0D:61:F9:42:1F:7C:C2:BA:6D:E3:15:09
+# Fingerprint (SHA1): 28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EC-ACC"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\050\220\072\143\133\122\200\372\346\167\114\013\155\247\326\272
+\246\112\362\350
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\353\365\235\051\015\141\371\102\037\174\302\272\155\343\025\011
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\363\061\013\060\011\006\003\125\004\006\023\002\105\123
+\061\073\060\071\006\003\125\004\012\023\062\101\147\145\156\143
+\151\141\040\103\141\164\141\154\141\156\141\040\144\145\040\103
+\145\162\164\151\146\151\143\141\143\151\157\040\050\116\111\106
+\040\121\055\060\070\060\061\061\067\066\055\111\051\061\050\060
+\046\006\003\125\004\013\023\037\123\145\162\166\145\151\163\040
+\120\165\142\154\151\143\163\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\157\061\065\060\063\006\003\125\004\013
+\023\054\126\145\147\145\165\040\150\164\164\160\163\072\057\057
+\167\167\167\056\143\141\164\143\145\162\164\056\156\145\164\057
+\166\145\162\141\162\162\145\154\040\050\143\051\060\063\061\065
+\060\063\006\003\125\004\013\023\054\112\145\162\141\162\161\165
+\151\141\040\105\156\164\151\164\141\164\163\040\144\145\040\103
+\145\162\164\151\146\151\143\141\143\151\157\040\103\141\164\141
+\154\141\156\145\163\061\017\060\015\006\003\125\004\003\023\006
+\105\103\055\101\103\103
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\356\053\075\353\324\041\336\024\250\142\254\004\363\335
+\304\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Hellenic Academic and Research Institutions RootCA 2011"
+#
+# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
+# Serial Number: 0 (0x0)
+# Subject: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
+# Not Valid Before: Tue Dec 06 13:49:52 2011
+# Not Valid After : Mon Dec 01 13:49:52 2031
+# Fingerprint (MD5): 73:9F:4C:4B:73:5B:79:E9:FA:BA:1C:EF:6E:CB:D5:C9
+# Fingerprint (SHA1): FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2011"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145
+\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144
+\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164
+\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164
+\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023
+\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155
+\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040
+\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157
+\164\103\101\040\062\060\061\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145
+\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144
+\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164
+\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164
+\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023
+\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155
+\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040
+\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157
+\164\103\101\040\062\060\061\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\061\060\202\003\031\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164\150
+\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023\067
+\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155\151
+\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040\111
+\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157\164
+\103\101\040\062\060\061\061\060\036\027\015\061\061\061\062\060
+\066\061\063\064\071\065\062\132\027\015\063\061\061\062\060\061
+\061\063\064\071\065\062\132\060\201\225\061\013\060\011\006\003
+\125\004\006\023\002\107\122\061\104\060\102\006\003\125\004\012
+\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145
+\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150
+\040\111\156\163\164\151\164\165\164\151\157\156\163\040\103\145
+\162\164\056\040\101\165\164\150\157\162\151\164\171\061\100\060
+\076\006\003\125\004\003\023\067\110\145\154\154\145\156\151\143
+\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145
+\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151
+\157\156\163\040\122\157\157\164\103\101\040\062\060\061\061\060
+\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000
+\251\123\000\343\056\246\366\216\372\140\330\055\225\076\370\054
+\052\124\116\315\271\204\141\224\130\117\217\075\213\344\103\363
+\165\211\215\121\344\303\067\322\212\210\115\171\036\267\022\335
+\103\170\112\212\222\346\327\110\325\017\244\072\051\104\065\270
+\007\366\150\035\125\315\070\121\360\214\044\061\205\257\203\311
+\175\351\167\257\355\032\173\235\027\371\263\235\070\120\017\246
+\132\171\221\200\257\067\256\246\323\061\373\265\046\011\235\074
+\132\357\121\305\053\337\226\135\353\062\036\002\332\160\111\354
+\156\014\310\232\067\215\367\361\066\140\113\046\054\202\236\320
+\170\363\015\017\143\244\121\060\341\371\053\047\022\007\330\352
+\275\030\142\230\260\131\067\175\276\356\363\040\121\102\132\203
+\357\223\272\151\025\361\142\235\237\231\071\202\241\267\164\056
+\213\324\305\013\173\057\360\310\012\332\075\171\012\232\223\034
+\245\050\162\163\221\103\232\247\321\115\205\204\271\251\164\217
+\024\100\307\334\336\254\101\144\154\264\031\233\002\143\155\044
+\144\217\104\262\045\352\316\135\164\014\143\062\134\215\207\345
+\002\003\001\000\001\243\201\211\060\201\206\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016
+\004\026\004\024\246\221\102\375\023\141\112\043\236\010\244\051
+\345\330\023\004\043\356\101\045\060\107\006\003\125\035\036\004
+\100\060\076\240\074\060\005\202\003\056\147\162\060\005\202\003
+\056\145\165\060\006\202\004\056\145\144\165\060\006\202\004\056
+\157\162\147\060\005\201\003\056\147\162\060\005\201\003\056\145
+\165\060\006\201\004\056\145\144\165\060\006\201\004\056\157\162
+\147\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
+\003\202\001\001\000\037\357\171\101\341\173\156\077\262\214\206
+\067\102\112\116\034\067\036\215\146\272\044\201\311\117\022\017
+\041\300\003\227\206\045\155\135\323\042\051\250\154\242\015\251
+\353\075\006\133\231\072\307\314\303\232\064\177\253\016\310\116
+\034\341\372\344\334\315\015\276\277\044\376\154\347\153\302\015
+\310\006\236\116\215\141\050\246\152\375\345\366\142\352\030\074
+\116\240\123\235\262\072\234\353\245\234\221\026\266\115\202\340
+\014\005\110\251\154\365\314\370\313\235\111\264\360\002\245\375
+\160\003\355\212\041\245\256\023\206\111\303\063\163\276\207\073
+\164\213\027\105\046\114\026\221\203\376\147\175\315\115\143\147
+\372\363\003\022\226\170\006\215\261\147\355\216\077\276\237\117
+\002\365\263\011\057\363\114\207\337\052\313\225\174\001\314\254
+\066\172\277\242\163\172\367\217\301\265\232\241\024\262\217\063
+\237\015\357\042\334\146\173\204\275\105\027\006\075\074\312\271
+\167\064\217\312\352\317\077\061\076\343\210\343\200\111\045\310
+\227\265\235\232\231\115\260\074\370\112\000\233\144\335\237\071
+\113\321\047\327\270
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for Certificate "Hellenic Academic and Research Institutions RootCA 2011"
+# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
+# Serial Number: 0 (0x0)
+# Subject: CN=Hellenic Academic and Research Institutions RootCA 2011,O=Hellenic Academic and Research Institutions Cert. Authority,C=GR
+# Not Valid Before: Tue Dec 06 13:49:52 2011
+# Not Valid After : Mon Dec 01 13:49:52 2031
+# Fingerprint (MD5): 73:9F:4C:4B:73:5B:79:E9:FA:BA:1C:EF:6E:CB:D5:C9
+# Fingerprint (SHA1): FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2011"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\376\105\145\233\171\003\133\230\241\141\265\121\056\254\332\130
+\011\110\042\115
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\163\237\114\113\163\133\171\351\372\272\034\357\156\313\325\311
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\225\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145
+\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144
+\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164
+\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164
+\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023
+\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155
+\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040
+\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157
+\164\103\101\040\062\060\061\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "MITM subCA 1 issued by Trustwave", Bug 724929
+# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number: 1800000005 (0x6b49d205)
+# Not Before: Apr  7 15:37:15 2011 GMT
+# Not After : Apr  4 15:37:15 2021 GMT
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MITM subCA 1 issued by Trustwave"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004
+\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147
+\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156
+\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060
+\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141
+\100\164\162\165\163\164\167\141\166\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\153\111\322\005
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "MITM subCA 2 issued by Trustwave", Bug 724929
+# Issuer: E=ca@trustwave.com,CN="Trustwave Organization Issuing CA, Level 2",O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number: 1800000006 (0x6b49d206)
+# Not Before: Apr 18 21:09:30 2011 GMT
+# Not After : Apr 15 21:09:30 2021 GMT
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "MITM subCA 2 issued by Trustwave"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\253\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\063\060\061\006\003\125\004
+\003\023\052\124\162\165\163\164\167\141\166\145\040\117\162\147
+\141\156\151\172\141\164\151\157\156\040\111\163\163\165\151\156
+\147\040\103\101\054\040\114\145\166\145\154\040\062\061\037\060
+\035\006\011\052\206\110\206\367\015\001\011\001\026\020\143\141
+\100\164\162\165\163\164\167\141\166\145\056\143\157\155
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\153\111\322\006
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Actalis Authentication Root CA"
+#
+# Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
+# Serial Number:57:0a:11:97:42:c4:e3:cc
+# Subject: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
+# Not Valid Before: Thu Sep 22 11:22:02 2011
+# Not Valid After : Sun Sep 22 11:22:02 2030
+# Fingerprint (MD5): 69:C1:0D:4F:07:A3:1B:C3:FE:56:3D:04:BC:11:F6:A6
+# Fingerprint (SHA1): F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Actalis Authentication Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\153\061\013\060\011\006\003\125\004\006\023\002\111\124\061
+\016\060\014\006\003\125\004\007\014\005\115\151\154\141\156\061
+\043\060\041\006\003\125\004\012\014\032\101\143\164\141\154\151
+\163\040\123\056\160\056\101\056\057\060\063\063\065\070\065\062
+\060\071\066\067\061\047\060\045\006\003\125\004\003\014\036\101
+\143\164\141\154\151\163\040\101\165\164\150\145\156\164\151\143
+\141\164\151\157\156\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\153\061\013\060\011\006\003\125\004\006\023\002\111\124\061
+\016\060\014\006\003\125\004\007\014\005\115\151\154\141\156\061
+\043\060\041\006\003\125\004\012\014\032\101\143\164\141\154\151
+\163\040\123\056\160\056\101\056\057\060\063\063\065\070\065\062
+\060\071\066\067\061\047\060\045\006\003\125\004\003\014\036\101
+\143\164\141\154\151\163\040\101\165\164\150\145\156\164\151\143
+\141\164\151\157\156\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\127\012\021\227\102\304\343\314
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\273\060\202\003\243\240\003\002\001\002\002\010\127
+\012\021\227\102\304\343\314\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\060\153\061\013\060\011\006\003\125\004
+\006\023\002\111\124\061\016\060\014\006\003\125\004\007\014\005
+\115\151\154\141\156\061\043\060\041\006\003\125\004\012\014\032
+\101\143\164\141\154\151\163\040\123\056\160\056\101\056\057\060
+\063\063\065\070\065\062\060\071\066\067\061\047\060\045\006\003
+\125\004\003\014\036\101\143\164\141\154\151\163\040\101\165\164
+\150\145\156\164\151\143\141\164\151\157\156\040\122\157\157\164
+\040\103\101\060\036\027\015\061\061\060\071\062\062\061\061\062
+\062\060\062\132\027\015\063\060\060\071\062\062\061\061\062\062
+\060\062\132\060\153\061\013\060\011\006\003\125\004\006\023\002
+\111\124\061\016\060\014\006\003\125\004\007\014\005\115\151\154
+\141\156\061\043\060\041\006\003\125\004\012\014\032\101\143\164
+\141\154\151\163\040\123\056\160\056\101\056\057\060\063\063\065
+\070\065\062\060\071\066\067\061\047\060\045\006\003\125\004\003
+\014\036\101\143\164\141\154\151\163\040\101\165\164\150\145\156
+\164\151\143\141\164\151\157\156\040\122\157\157\164\040\103\101
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\247\306\304\245\051\244\054\357\345\030\305\260\120\243\157
+\121\073\237\012\132\311\302\110\070\012\302\034\240\030\177\221
+\265\207\271\100\077\335\035\150\037\010\203\325\055\036\210\240
+\370\217\126\217\155\231\002\222\220\026\325\137\010\154\211\327
+\341\254\274\040\302\261\340\203\121\212\151\115\000\226\132\157
+\057\300\104\176\243\016\344\221\315\130\356\334\373\307\036\105
+\107\335\047\271\010\001\237\246\041\035\365\101\055\057\114\375
+\050\255\340\212\255\042\264\126\145\216\206\124\217\223\103\051
+\336\071\106\170\243\060\043\272\315\360\175\023\127\300\135\322
+\203\153\110\114\304\253\237\200\132\133\072\275\311\247\042\077
+\200\047\063\133\016\267\212\014\135\007\067\010\313\154\322\172
+\107\042\104\065\305\314\314\056\216\335\052\355\267\175\146\015
+\137\141\121\042\125\033\343\106\343\343\075\320\065\142\232\333
+\257\024\310\133\241\314\211\033\341\060\046\374\240\233\037\201
+\247\107\037\004\353\243\071\222\006\237\231\323\277\323\352\117
+\120\234\031\376\226\207\036\074\145\366\243\030\044\203\206\020
+\347\124\076\250\072\166\044\117\201\041\305\343\017\002\370\223
+\224\107\040\273\376\324\016\323\150\271\335\304\172\204\202\343
+\123\124\171\335\333\234\322\362\007\233\056\266\274\076\355\205
+\155\357\045\021\362\227\032\102\141\367\112\227\350\213\261\020
+\007\372\145\201\262\242\071\317\367\074\377\030\373\306\361\132
+\213\131\342\002\254\173\222\320\116\024\117\131\105\366\014\136
+\050\137\260\350\077\105\317\317\257\233\157\373\204\323\167\132
+\225\157\254\224\204\236\356\274\300\112\217\112\223\370\104\041
+\342\061\105\141\120\116\020\330\343\065\174\114\031\264\336\005
+\277\243\006\237\310\265\315\344\037\327\027\006\015\172\225\164
+\125\015\150\032\374\020\033\142\144\235\155\340\225\240\303\224
+\007\127\015\024\346\275\005\373\270\237\346\337\213\342\306\347
+\176\226\366\123\305\200\064\120\050\130\360\022\120\161\027\060
+\272\346\170\143\274\364\262\255\233\053\262\376\341\071\214\136
+\272\013\040\224\336\173\203\270\377\343\126\215\267\021\351\073
+\214\362\261\301\135\235\244\013\114\053\331\262\030\365\265\237
+\113\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035
+\016\004\026\004\024\122\330\210\072\310\237\170\146\355\211\363
+\173\070\160\224\311\002\002\066\320\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035
+\043\004\030\060\026\200\024\122\330\210\072\310\237\170\146\355
+\211\363\173\070\160\224\311\002\002\066\320\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\013
+\173\162\207\300\140\246\111\114\210\130\346\035\210\367\024\144
+\110\246\330\130\012\016\117\023\065\337\065\035\324\355\006\061
+\310\201\076\152\325\335\073\032\062\356\220\075\021\322\056\364
+\216\303\143\056\043\146\260\147\276\157\266\300\023\071\140\252
+\242\064\045\223\165\122\336\247\235\255\016\207\211\122\161\152
+\026\074\031\035\203\370\232\051\145\276\364\077\232\331\360\363
+\132\207\041\161\200\115\313\340\070\233\077\273\372\340\060\115
+\317\206\323\145\020\031\030\321\227\002\261\053\162\102\150\254
+\240\275\116\132\332\030\277\153\230\201\320\375\232\276\136\025
+\110\315\021\025\271\300\051\134\264\350\210\367\076\066\256\267
+\142\375\036\142\336\160\170\020\034\110\133\332\274\244\070\272
+\147\355\125\076\136\127\337\324\003\100\114\201\244\322\117\143
+\247\011\102\011\024\374\000\251\302\200\163\117\056\300\100\331
+\021\173\110\352\172\002\300\323\353\050\001\046\130\164\301\300
+\163\042\155\223\225\375\071\175\273\052\343\366\202\343\054\227
+\137\116\037\221\224\372\376\054\243\330\166\032\270\115\262\070
+\117\233\372\035\110\140\171\046\342\363\375\251\320\232\350\160
+\217\111\172\326\345\275\012\016\333\055\363\215\277\353\343\244
+\175\313\307\225\161\350\332\243\174\305\302\370\164\222\004\033
+\206\254\244\042\123\100\266\254\376\114\166\317\373\224\062\300
+\065\237\166\077\156\345\220\156\240\246\046\242\270\054\276\321
+\053\205\375\247\150\310\272\001\053\261\154\164\035\270\163\225
+\347\356\267\307\045\360\000\114\000\262\176\266\013\213\034\363
+\300\120\236\045\271\340\010\336\066\146\377\067\245\321\273\124
+\144\054\311\047\265\113\222\176\145\377\323\055\341\271\116\274
+\177\244\101\041\220\101\167\246\071\037\352\236\343\237\320\146
+\157\005\354\252\166\176\277\153\026\240\353\265\307\374\222\124
+\057\053\021\047\045\067\170\114\121\152\260\363\314\130\135\024
+\361\152\110\025\377\302\007\266\261\215\017\216\134\120\106\263
+\075\277\001\230\117\262\131\124\107\076\064\173\170\155\126\223
+\056\163\352\146\050\170\315\035\024\277\240\217\057\056\270\056
+\216\362\024\212\314\351\265\174\373\154\235\014\245\341\226
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Actalis Authentication Root CA"
+# Issuer: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
+# Serial Number:57:0a:11:97:42:c4:e3:cc
+# Subject: CN=Actalis Authentication Root CA,O=Actalis S.p.A./03358520967,L=Milan,C=IT
+# Not Valid Before: Thu Sep 22 11:22:02 2011
+# Not Valid After : Sun Sep 22 11:22:02 2030
+# Fingerprint (MD5): 69:C1:0D:4F:07:A3:1B:C3:FE:56:3D:04:BC:11:F6:A6
+# Fingerprint (SHA1): F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Actalis Authentication Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\363\163\263\207\006\132\050\204\212\362\363\112\316\031\053\335
+\307\216\234\254
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\151\301\015\117\007\243\033\303\376\126\075\004\274\021\366\246
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\153\061\013\060\011\006\003\125\004\006\023\002\111\124\061
+\016\060\014\006\003\125\004\007\014\005\115\151\154\141\156\061
+\043\060\041\006\003\125\004\012\014\032\101\143\164\141\154\151
+\163\040\123\056\160\056\101\056\057\060\063\063\065\070\065\062
+\060\071\066\067\061\047\060\045\006\003\125\004\003\014\036\101
+\143\164\141\154\151\163\040\101\165\164\150\145\156\164\151\143
+\141\164\151\157\156\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\127\012\021\227\102\304\343\314
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Trustis FPS Root CA"
+#
+# Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB
+# Serial Number:1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59
+# Subject: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB
+# Not Valid Before: Tue Dec 23 12:14:06 2003
+# Not Valid After : Sun Jan 21 11:36:54 2024
+# Fingerprint (MD5): 30:C9:E7:1E:6B:E6:14:EB:65:B2:16:69:20:31:67:4D
+# Fingerprint (SHA1): 3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustis FPS Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\030\060\026\006\003\125\004\012\023\017\124\162\165\163\164\151
+\163\040\114\151\155\151\164\145\144\061\034\060\032\006\003\125
+\004\013\023\023\124\162\165\163\164\151\163\040\106\120\123\040
+\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\030\060\026\006\003\125\004\012\023\017\124\162\165\163\164\151
+\163\040\114\151\155\151\164\145\144\061\034\060\032\006\003\125
+\004\013\023\023\124\162\165\163\164\151\163\040\106\120\123\040
+\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\033\037\255\266\040\371\044\323\066\153\367\307\361\214
+\240\131
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\147\060\202\002\117\240\003\002\001\002\002\020\033
+\037\255\266\040\371\044\323\066\153\367\307\361\214\240\131\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\105
+\061\013\060\011\006\003\125\004\006\023\002\107\102\061\030\060
+\026\006\003\125\004\012\023\017\124\162\165\163\164\151\163\040
+\114\151\155\151\164\145\144\061\034\060\032\006\003\125\004\013
+\023\023\124\162\165\163\164\151\163\040\106\120\123\040\122\157
+\157\164\040\103\101\060\036\027\015\060\063\061\062\062\063\061
+\062\061\064\060\066\132\027\015\062\064\060\061\062\061\061\061
+\063\066\065\064\132\060\105\061\013\060\011\006\003\125\004\006
+\023\002\107\102\061\030\060\026\006\003\125\004\012\023\017\124
+\162\165\163\164\151\163\040\114\151\155\151\164\145\144\061\034
+\060\032\006\003\125\004\013\023\023\124\162\165\163\164\151\163
+\040\106\120\123\040\122\157\157\164\040\103\101\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\305\120\173
+\236\073\065\320\337\304\214\315\216\233\355\243\300\066\231\364
+\102\352\247\076\200\203\017\246\247\131\207\311\220\105\103\176
+\000\352\206\171\052\003\275\075\067\231\211\146\267\345\212\126
+\206\223\234\150\113\150\004\214\223\223\002\076\060\322\067\072
+\042\141\211\034\205\116\175\217\325\257\173\065\366\176\050\107
+\211\061\334\016\171\144\037\231\322\133\272\376\177\140\277\255
+\353\347\074\070\051\152\057\345\221\013\125\377\354\157\130\325
+\055\311\336\114\146\161\217\014\327\004\332\007\346\036\030\343
+\275\051\002\250\372\034\341\133\271\203\250\101\110\274\032\161
+\215\347\142\345\055\262\353\337\174\317\333\253\132\312\061\361
+\114\042\363\005\023\367\202\371\163\171\014\276\327\113\034\300
+\321\025\074\223\101\144\321\346\276\043\027\042\000\211\136\037
+\153\245\254\156\247\113\214\355\243\162\346\257\143\115\057\205
+\322\024\065\232\056\116\214\352\062\230\050\206\241\221\011\101
+\072\264\341\343\362\372\360\311\012\242\101\335\251\343\003\307
+\210\025\073\034\324\032\224\327\237\144\131\022\155\002\003\001
+\000\001\243\123\060\121\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\037\006\003\125\035\043\004\030
+\060\026\200\024\272\372\161\045\171\213\127\101\045\041\206\013
+\161\353\262\144\016\213\041\147\060\035\006\003\125\035\016\004
+\026\004\024\272\372\161\045\171\213\127\101\045\041\206\013\161
+\353\262\144\016\213\041\147\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\003\202\001\001\000\176\130\377\375\065
+\031\175\234\030\117\236\260\053\274\216\214\024\377\054\240\332
+\107\133\303\357\201\055\257\005\352\164\110\133\363\076\116\007
+\307\155\305\263\223\317\042\065\134\266\077\165\047\137\011\226
+\315\240\376\276\100\014\134\022\125\370\223\202\312\051\351\136
+\077\126\127\213\070\066\367\105\032\114\050\315\236\101\270\355
+\126\114\204\244\100\310\270\260\245\053\151\160\004\152\303\370
+\324\022\062\371\016\303\261\334\062\204\104\054\157\313\106\017
+\352\146\101\017\117\361\130\245\246\015\015\017\141\336\245\236
+\135\175\145\241\074\027\347\250\125\116\357\240\307\355\306\104
+\177\124\365\243\340\217\360\174\125\042\217\051\266\201\243\341
+\155\116\054\033\200\147\354\255\040\237\014\142\141\325\227\377
+\103\355\055\301\332\135\051\052\205\077\254\145\356\206\017\005
+\215\220\137\337\356\237\364\277\356\035\373\230\344\177\220\053
+\204\170\020\016\154\111\123\357\025\133\145\106\112\135\257\272
+\373\072\162\035\315\366\045\210\036\227\314\041\234\051\001\015
+\145\353\127\331\363\127\226\273\110\315\201
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Trustis FPS Root CA"
+# Issuer: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB
+# Serial Number:1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59
+# Subject: OU=Trustis FPS Root CA,O=Trustis Limited,C=GB
+# Not Valid Before: Tue Dec 23 12:14:06 2003
+# Not Valid After : Sun Jan 21 11:36:54 2024
+# Fingerprint (MD5): 30:C9:E7:1E:6B:E6:14:EB:65:B2:16:69:20:31:67:4D
+# Fingerprint (SHA1): 3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustis FPS Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\073\300\070\013\063\303\366\246\014\206\025\042\223\331\337\365
+\113\201\300\004
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\060\311\347\036\153\346\024\353\145\262\026\151\040\061\147\115
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\105\061\013\060\011\006\003\125\004\006\023\002\107\102\061
+\030\060\026\006\003\125\004\012\023\017\124\162\165\163\164\151
+\163\040\114\151\155\151\164\145\144\061\034\060\032\006\003\125
+\004\013\023\023\124\162\165\163\164\151\163\040\106\120\123\040
+\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\033\037\255\266\040\371\044\323\066\153\367\307\361\214
+\240\131
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "StartCom Certification Authority"
+#
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 45 (0x2d)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:37 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): C9:3B:0D:84:41:FC:A4:76:79:23:08:57:DE:10:19:16
+# Fingerprint (SHA1): A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\055
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\207\060\202\005\157\240\003\002\001\002\002\001\055
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026
+\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157
+\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023
+\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040
+\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156
+\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164
+\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\036
+\027\015\060\066\060\071\061\067\061\071\064\066\063\067\132\027
+\015\063\066\060\071\061\067\061\071\064\066\063\066\132\060\175
+\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026\060
+\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157\155
+\040\114\164\144\056\061\053\060\051\006\003\125\004\013\023\042
+\123\145\143\165\162\145\040\104\151\147\151\164\141\154\040\103
+\145\162\164\151\146\151\143\141\164\145\040\123\151\147\156\151
+\156\147\061\051\060\047\006\003\125\004\003\023\040\123\164\141
+\162\164\103\157\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202\002
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\002\017\000\060\202\002\012\002\202\002\001\000\301\210
+\333\011\274\154\106\174\170\237\225\173\265\063\220\362\162\142
+\326\301\066\040\042\044\136\316\351\167\362\103\012\242\006\144
+\244\314\216\066\370\070\346\043\360\156\155\261\074\335\162\243
+\205\034\241\323\075\264\063\053\323\057\257\376\352\260\101\131
+\147\266\304\006\175\012\236\164\205\326\171\114\200\067\172\337
+\071\005\122\131\367\364\033\106\103\244\322\205\205\322\303\161
+\363\165\142\064\272\054\212\177\036\217\356\355\064\320\021\307
+\226\315\122\075\272\063\326\335\115\336\013\073\112\113\237\302
+\046\057\372\265\026\034\162\065\167\312\074\135\346\312\341\046
+\213\032\066\166\134\001\333\164\024\045\376\355\265\240\210\017
+\335\170\312\055\037\007\227\060\001\055\162\171\372\106\326\023
+\052\250\271\246\253\203\111\035\345\362\357\335\344\001\216\030
+\012\217\143\123\026\205\142\251\016\031\072\314\265\146\246\302
+\153\164\007\344\053\341\166\076\264\155\330\366\104\341\163\142
+\037\073\304\276\240\123\126\045\154\121\011\367\252\253\312\277
+\166\375\155\233\363\235\333\277\075\146\274\014\126\252\257\230
+\110\225\072\113\337\247\130\120\331\070\165\251\133\352\103\014
+\002\377\231\353\350\154\115\160\133\051\145\234\335\252\135\314
+\257\001\061\354\014\353\322\215\350\352\234\173\346\156\367\047
+\146\014\032\110\327\156\102\343\077\336\041\076\173\341\015\160
+\373\143\252\250\154\032\124\264\134\045\172\311\242\311\213\026
+\246\273\054\176\027\136\005\115\130\156\022\035\001\356\022\020
+\015\306\062\177\030\377\374\364\372\315\156\221\350\066\111\276
+\032\110\151\213\302\226\115\032\022\262\151\027\301\012\220\326
+\372\171\042\110\277\272\173\151\370\160\307\372\172\067\330\330
+\015\322\166\117\127\377\220\267\343\221\322\335\357\302\140\267
+\147\072\335\376\252\234\360\324\213\177\162\042\316\306\237\227
+\266\370\257\212\240\020\250\331\373\030\306\266\265\134\122\074
+\211\266\031\052\163\001\012\017\003\263\022\140\362\172\057\201
+\333\243\156\377\046\060\227\365\213\335\211\127\266\255\075\263
+\257\053\305\267\166\002\360\245\326\053\232\206\024\052\162\366
+\343\063\214\135\011\113\023\337\273\214\164\023\122\113\002\003
+\001\000\001\243\202\002\020\060\202\002\014\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
+\125\035\016\004\026\004\024\116\013\357\032\244\100\133\245\027
+\151\207\060\312\064\150\103\320\101\256\362\060\037\006\003\125
+\035\043\004\030\060\026\200\024\116\013\357\032\244\100\133\245
+\027\151\207\060\312\064\150\103\320\101\256\362\060\202\001\132
+\006\003\125\035\040\004\202\001\121\060\202\001\115\060\202\001
+\111\006\013\053\006\001\004\001\201\265\067\001\001\001\060\202
+\001\070\060\056\006\010\053\006\001\005\005\007\002\001\026\042
+\150\164\164\160\072\057\057\167\167\167\056\163\164\141\162\164
+\163\163\154\056\143\157\155\057\160\157\154\151\143\171\056\160
+\144\146\060\064\006\010\053\006\001\005\005\007\002\001\026\050
+\150\164\164\160\072\057\057\167\167\167\056\163\164\141\162\164
+\163\163\154\056\143\157\155\057\151\156\164\145\162\155\145\144
+\151\141\164\145\056\160\144\146\060\201\317\006\010\053\006\001
+\005\005\007\002\002\060\201\302\060\047\026\040\123\164\141\162
+\164\040\103\157\155\155\145\162\143\151\141\154\040\050\123\164
+\141\162\164\103\157\155\051\040\114\164\144\056\060\003\002\001
+\001\032\201\226\114\151\155\151\164\145\144\040\114\151\141\142
+\151\154\151\164\171\054\040\162\145\141\144\040\164\150\145\040
+\163\145\143\164\151\157\156\040\052\114\145\147\141\154\040\114
+\151\155\151\164\141\164\151\157\156\163\052\040\157\146\040\164
+\150\145\040\123\164\141\162\164\103\157\155\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\040\120\157\154\151\143\171\040\141\166\141\151\154
+\141\142\154\145\040\141\164\040\150\164\164\160\072\057\057\167
+\167\167\056\163\164\141\162\164\163\163\154\056\143\157\155\057
+\160\157\154\151\143\171\056\160\144\146\060\021\006\011\140\206
+\110\001\206\370\102\001\001\004\004\003\002\000\007\060\070\006
+\011\140\206\110\001\206\370\102\001\015\004\053\026\051\123\164
+\141\162\164\103\157\155\040\106\162\145\145\040\123\123\114\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\003\202\002\001\000\216\217\347\334\224
+\171\174\361\205\177\237\111\157\153\312\135\373\214\376\004\305
+\301\142\321\175\102\212\274\123\267\224\003\146\060\077\261\347
+\012\247\120\040\125\045\177\166\172\024\015\353\004\016\100\346
+\076\330\210\253\007\047\203\251\165\246\067\163\307\375\113\322
+\115\255\027\100\310\106\276\073\177\121\374\303\266\005\061\334
+\315\205\042\116\161\267\362\161\136\260\032\306\272\223\213\170
+\222\112\205\370\170\017\203\376\057\255\054\367\344\244\273\055
+\320\347\015\072\270\076\316\366\170\366\256\107\044\312\243\065
+\066\316\307\306\207\230\332\354\373\351\262\316\047\233\210\303
+\004\241\366\013\131\150\257\311\333\020\017\115\366\144\143\134
+\245\022\157\222\262\223\224\307\210\027\016\223\266\176\142\213
+\220\177\253\116\237\374\343\165\024\117\052\062\337\133\015\340
+\365\173\223\015\253\241\317\207\341\245\004\105\350\074\022\245
+\011\305\260\321\267\123\363\140\024\272\205\151\152\041\174\037
+\165\141\027\040\027\173\154\073\101\051\134\341\254\132\321\315
+\214\233\353\140\035\031\354\367\345\260\332\371\171\030\245\105
+\077\111\103\127\322\335\044\325\054\243\375\221\215\047\265\345
+\353\024\006\232\114\173\041\273\072\255\060\006\030\300\330\301
+\153\054\177\131\134\135\221\261\160\042\127\353\212\153\110\112
+\325\017\051\354\306\100\300\057\210\114\150\001\027\167\364\044
+\031\117\275\372\341\262\040\041\113\335\032\330\051\175\252\270
+\336\124\354\041\125\200\154\036\365\060\310\243\020\345\262\346
+\052\024\061\303\205\055\214\230\261\206\132\117\211\131\055\271
+\307\367\034\310\212\177\300\235\005\112\346\102\117\142\243\155
+\051\244\037\205\253\333\345\201\310\255\052\075\114\135\133\204
+\046\161\304\205\136\161\044\312\245\033\154\330\141\323\032\340
+\124\333\316\272\251\062\265\042\366\163\101\011\135\270\027\135
+\016\017\231\220\326\107\332\157\012\072\142\050\024\147\202\331
+\361\320\200\131\233\313\061\330\233\017\214\167\116\265\150\212
+\362\154\366\044\016\055\154\160\305\163\321\336\024\320\161\217
+\266\323\173\002\366\343\270\324\011\156\153\236\165\204\071\346
+\177\045\245\362\110\000\300\244\001\332\077
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "StartCom Certification Authority"
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 45 (0x2d)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:37 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): C9:3B:0D:84:41:FC:A4:76:79:23:08:57:DE:10:19:16
+# Fingerprint (SHA1): A3:F1:33:3F:E2:42:BF:CF:C5:D1:4E:8F:39:42:98:40:68:10:D1:A0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\243\361\063\077\342\102\277\317\305\321\116\217\071\102\230\100
+\150\020\321\240
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\311\073\015\204\101\374\244\166\171\043\010\127\336\020\031\026
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\053\060\051\006\003\125\004\013
+\023\042\123\145\143\165\162\145\040\104\151\147\151\164\141\154
+\040\103\145\162\164\151\146\151\143\141\164\145\040\123\151\147
+\156\151\156\147\061\051\060\047\006\003\125\004\003\023\040\123
+\164\141\162\164\103\157\155\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\055
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "StartCom Certification Authority G2"
+#
+# Issuer: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Serial Number: 59 (0x3b)
+# Subject: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Not Valid Before: Fri Jan 01 01:00:01 2010
+# Not Valid After : Sat Dec 31 23:59:01 2039
+# Fingerprint (MD5): 78:4B:FB:9E:64:82:0A:D3:B8:4C:62:F3:64:F2:90:64
+# Fingerprint (SHA1): 31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003
+\023\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003
+\023\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\073
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\143\060\202\003\113\240\003\002\001\002\002\001\073
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061\026
+\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103\157
+\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003\023
+\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\040\107\062\060\036\027\015\061\060\060\061\060\061\060\061
+\060\060\060\061\132\027\015\063\071\061\062\063\061\062\063\065
+\071\060\061\132\060\123\061\013\060\011\006\003\125\004\006\023
+\002\111\114\061\026\060\024\006\003\125\004\012\023\015\123\164
+\141\162\164\103\157\155\040\114\164\144\056\061\054\060\052\006
+\003\125\004\003\023\043\123\164\141\162\164\103\157\155\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\107\062\060\202\002\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017
+\000\060\202\002\012\002\202\002\001\000\266\211\066\133\007\267
+\040\066\275\202\273\341\026\040\003\225\172\257\016\243\125\311
+\045\231\112\305\320\126\101\207\220\115\041\140\244\024\207\073
+\315\375\262\076\264\147\003\152\355\341\017\113\300\221\205\160
+\105\340\102\236\336\051\043\324\001\015\240\020\171\270\333\003
+\275\363\251\057\321\306\340\017\313\236\212\024\012\270\275\366
+\126\142\361\305\162\266\062\045\331\262\363\275\145\305\015\054
+\156\325\222\157\030\213\000\101\024\202\157\100\040\046\172\050
+\017\365\036\177\047\367\224\261\067\075\267\307\221\367\342\001
+\354\375\224\211\341\314\156\323\066\326\012\031\171\256\327\064
+\202\145\377\174\102\273\266\335\013\246\064\257\113\140\376\177
+\103\111\006\213\214\103\270\126\362\331\177\041\103\027\352\247
+\110\225\001\165\165\352\053\245\103\225\352\025\204\235\010\215
+\046\156\125\233\253\334\322\071\322\061\035\140\342\254\314\126
+\105\044\365\034\124\253\356\206\335\226\062\205\370\114\117\350
+\225\166\266\005\335\066\043\147\274\377\025\342\312\073\346\246
+\354\073\354\046\021\064\110\215\366\200\053\032\043\002\353\212
+\034\072\166\052\173\126\026\034\162\052\263\252\343\140\245\000
+\237\004\233\342\157\036\024\130\133\245\154\213\130\074\303\272
+\116\072\134\367\341\226\053\076\357\007\274\244\345\135\314\115
+\237\015\341\334\252\273\341\156\032\354\217\341\266\114\115\171
+\162\135\027\065\013\035\327\301\107\332\226\044\340\320\162\250
+\132\137\146\055\020\334\057\052\023\256\046\376\012\034\031\314
+\320\076\013\234\310\011\056\371\133\226\172\107\234\351\172\363
+\005\120\164\225\163\236\060\011\363\227\202\136\346\217\071\010
+\036\131\345\065\024\102\023\377\000\234\367\276\252\120\317\342
+\121\110\327\270\157\257\370\116\176\063\230\222\024\142\072\165
+\143\317\173\372\336\202\073\251\273\071\342\304\275\054\000\016
+\310\027\254\023\357\115\045\216\330\263\220\057\251\332\051\175
+\035\257\164\072\262\047\300\301\036\076\165\243\026\251\257\172
+\042\135\237\023\032\317\247\240\353\343\206\012\323\375\346\226
+\225\327\043\310\067\335\304\174\252\066\254\230\032\022\261\340
+\116\350\261\073\365\326\157\361\060\327\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\113
+\305\264\100\153\255\034\263\245\034\145\156\106\066\211\207\005
+\014\016\266\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\002\001\000\163\127\077\054\325\225\062\176\067
+\333\226\222\353\031\136\176\123\347\101\354\021\266\107\357\265
+\336\355\164\134\305\361\216\111\340\374\156\231\023\315\237\212
+\332\315\072\012\330\072\132\011\077\137\064\320\057\003\322\146
+\035\032\275\234\220\067\310\014\216\007\132\224\105\106\052\346
+\276\172\332\241\251\244\151\022\222\260\175\066\324\104\207\327
+\121\361\051\143\326\165\315\026\344\047\211\035\370\302\062\110
+\375\333\231\320\217\137\124\164\314\254\147\064\021\142\331\014
+\012\067\207\321\243\027\110\216\322\027\035\366\327\375\333\145
+\353\375\250\324\365\326\117\244\133\165\350\305\322\140\262\333
+\011\176\045\213\173\272\122\222\236\076\350\305\167\241\074\340
+\112\163\153\141\317\206\334\103\377\377\041\376\043\135\044\112
+\365\323\155\017\142\004\005\127\202\332\156\244\063\045\171\113
+\056\124\031\213\314\054\075\060\351\321\006\377\350\062\106\276
+\265\063\166\167\250\001\135\226\301\301\325\276\256\045\300\311
+\036\012\011\040\210\241\016\311\363\157\115\202\124\000\040\247
+\322\217\344\071\124\027\056\215\036\270\033\273\033\275\232\116
+\073\020\064\334\234\210\123\357\242\061\133\130\117\221\142\310
+\302\232\232\315\025\135\070\251\326\276\370\023\265\237\022\151
+\362\120\142\254\373\027\067\364\356\270\165\147\140\020\373\203
+\120\371\104\265\165\234\100\027\262\376\375\171\135\156\130\130
+\137\060\374\000\256\257\063\301\016\116\154\272\247\246\241\177
+\062\333\070\340\261\162\027\012\053\221\354\152\143\046\355\211
+\324\170\314\164\036\005\370\153\376\214\152\166\071\051\256\145
+\043\022\225\010\042\034\227\316\133\006\356\014\342\273\274\037
+\104\223\366\330\070\105\005\041\355\344\255\253\022\266\003\244
+\102\056\055\304\011\072\003\147\151\204\232\341\131\220\212\050
+\205\325\135\164\261\321\016\040\130\233\023\245\260\143\246\355
+\173\107\375\105\125\060\244\356\232\324\346\342\207\357\230\311
+\062\202\021\051\042\274\000\012\061\136\055\017\300\216\351\153
+\262\217\056\006\330\321\221\307\306\022\364\114\375\060\027\303
+\301\332\070\133\343\251\352\346\241\272\171\357\163\330\266\123
+\127\055\366\320\341\327\110
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "StartCom Certification Authority G2"
+# Issuer: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Serial Number: 59 (0x3b)
+# Subject: CN=StartCom Certification Authority G2,O=StartCom Ltd.,C=IL
+# Not Valid Before: Fri Jan 01 01:00:01 2010
+# Not Valid After : Sat Dec 31 23:59:01 2039
+# Fingerprint (MD5): 78:4B:FB:9E:64:82:0A:D3:B8:4C:62:F3:64:F2:90:64
+# Fingerprint (SHA1): 31:F1:FD:68:22:63:20:EE:C6:3B:3F:9D:EA:4A:3E:53:7C:7C:39:17
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "StartCom Certification Authority G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\061\361\375\150\042\143\040\356\306\073\077\235\352\112\076\123
+\174\174\071\027
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\170\113\373\236\144\202\012\323\270\114\142\363\144\362\220\144
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\123\061\013\060\011\006\003\125\004\006\023\002\111\114\061
+\026\060\024\006\003\125\004\012\023\015\123\164\141\162\164\103
+\157\155\040\114\164\144\056\061\054\060\052\006\003\125\004\003
+\023\043\123\164\141\162\164\103\157\155\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\073
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Buypass Class 2 Root CA"
+#
+# Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
+# Serial Number: 2 (0x2)
+# Subject: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
+# Not Valid Before: Tue Oct 26 08:38:03 2010
+# Not Valid After : Fri Oct 26 08:38:03 2040
+# Fingerprint (MD5): 46:A7:D2:FE:45:FB:64:5A:A8:59:90:9B:78:44:9B:29
+# Fingerprint (SHA1): 49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Buypass Class 2 Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061
+\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163
+\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040
+\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163
+\040\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061
+\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163
+\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040
+\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163
+\040\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\002
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\131\060\202\003\101\240\003\002\001\002\002\001\002
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035
+\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163
+\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060
+\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040
+\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101\060
+\036\027\015\061\060\061\060\062\066\060\070\063\070\060\063\132
+\027\015\064\060\061\060\062\066\060\070\063\070\060\063\132\060
+\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035
+\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163
+\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060
+\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040
+\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\327\307\136\367\301\007\324\167\373\103\041\364\364\365\151\344
+\356\062\001\333\243\206\037\344\131\015\272\347\165\203\122\353
+\352\034\141\025\110\273\035\007\312\214\256\260\334\226\235\352
+\303\140\222\206\202\050\163\234\126\006\377\113\144\360\014\052
+\067\111\265\345\317\014\174\356\361\112\273\163\060\145\363\325
+\057\203\266\176\343\347\365\236\253\140\371\323\361\235\222\164
+\212\344\034\226\254\133\200\351\265\364\061\207\243\121\374\307
+\176\241\157\216\123\167\324\227\301\125\063\222\076\030\057\165
+\324\255\206\111\313\225\257\124\006\154\330\006\023\215\133\377
+\341\046\031\131\300\044\272\201\161\171\220\104\120\150\044\224
+\137\270\263\021\361\051\101\141\243\101\313\043\066\325\301\361
+\062\120\020\116\177\364\206\223\354\204\323\216\274\113\277\134
+\001\116\007\075\334\024\212\224\012\244\352\163\373\013\121\350
+\023\007\030\372\016\361\053\321\124\025\175\074\341\367\264\031
+\102\147\142\136\167\340\242\125\354\266\331\151\027\325\072\257
+\104\355\112\305\236\344\172\047\174\345\165\327\252\313\045\347
+\337\153\012\333\017\115\223\116\250\240\315\173\056\362\131\001
+\152\267\015\270\007\201\176\213\070\033\070\346\012\127\231\075
+\356\041\350\243\365\014\026\335\213\354\064\216\234\052\034\000
+\025\027\215\150\203\322\160\237\030\010\315\021\150\325\311\153
+\122\315\304\106\217\334\265\363\330\127\163\036\351\224\071\004
+\277\323\336\070\336\264\123\354\151\034\242\176\304\217\344\033
+\160\255\362\242\371\373\367\026\144\146\151\237\111\121\242\342
+\025\030\147\006\112\177\325\154\265\115\263\063\340\141\353\135
+\276\351\230\017\062\327\035\113\074\056\132\001\122\221\011\362
+\337\352\215\330\006\100\143\252\021\344\376\303\067\236\024\122
+\077\364\342\314\362\141\223\321\375\147\153\327\122\256\277\150
+\253\100\103\240\127\065\123\170\360\123\370\141\102\007\144\306
+\327\157\233\114\070\015\143\254\142\257\066\213\242\163\012\015
+\365\041\275\164\252\115\352\162\003\111\333\307\137\035\142\143
+\307\375\335\221\354\063\356\365\155\264\156\060\150\336\310\326
+\046\260\165\136\173\264\007\040\230\241\166\062\270\115\154\117
+\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
+\016\004\026\004\024\311\200\167\340\142\222\202\365\106\234\363
+\272\367\114\303\336\270\243\255\071\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206\110
+\206\367\015\001\001\013\005\000\003\202\002\001\000\123\137\041
+\365\272\260\072\122\071\054\222\260\154\000\311\357\316\040\357
+\006\362\226\236\351\244\164\177\172\026\374\267\365\266\373\025
+\033\077\253\246\300\162\135\020\261\161\356\274\117\343\255\254
+\003\155\056\161\056\257\304\343\255\243\275\014\021\247\264\377
+\112\262\173\020\020\037\247\127\101\262\300\256\364\054\131\326
+\107\020\210\363\041\121\051\060\312\140\206\257\106\253\035\355
+\072\133\260\224\336\104\343\101\010\242\301\354\035\326\375\117
+\266\326\107\320\024\013\312\346\312\265\173\167\176\101\037\136
+\203\307\266\214\071\226\260\077\226\201\101\157\140\220\342\350
+\371\373\042\161\331\175\263\075\106\277\264\204\257\220\034\017
+\217\022\152\257\357\356\036\172\256\002\112\212\027\053\166\376
+\254\124\211\044\054\117\077\266\262\247\116\214\250\221\227\373
+\051\306\173\134\055\271\313\146\266\267\250\133\022\121\205\265
+\011\176\142\170\160\376\251\152\140\266\035\016\171\014\375\312
+\352\044\200\162\303\227\077\362\167\253\103\042\012\307\353\266
+\014\204\202\054\200\153\101\212\010\300\353\245\153\337\231\022
+\313\212\325\136\200\014\221\340\046\010\066\110\305\372\070\021
+\065\377\045\203\055\362\172\277\332\375\216\376\245\313\105\054
+\037\304\210\123\256\167\016\331\232\166\305\216\054\035\243\272
+\325\354\062\256\300\252\254\367\321\172\115\353\324\007\342\110
+\367\042\216\260\244\237\152\316\216\262\262\140\364\243\042\320
+\043\353\224\132\172\151\335\017\277\100\127\254\153\131\120\331
+\243\231\341\156\376\215\001\171\047\043\025\336\222\235\173\011
+\115\132\347\113\110\060\132\030\346\012\155\346\217\340\322\273
+\346\337\174\156\041\202\301\150\071\115\264\230\130\146\142\314
+\112\220\136\303\372\047\004\261\171\025\164\231\314\276\255\040
+\336\046\140\034\353\126\121\246\243\352\344\243\077\247\377\141
+\334\361\132\115\154\062\043\103\356\254\250\356\356\112\022\011
+\074\135\161\302\276\171\372\302\207\150\035\013\375\134\151\314
+\006\320\232\175\124\231\052\311\071\032\031\257\113\052\103\363
+\143\135\132\130\342\057\343\035\344\251\326\320\012\320\236\277
+\327\201\011\361\311\307\046\015\254\230\026\126\240
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Buypass Class 2 Root CA"
+# Issuer: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
+# Serial Number: 2 (0x2)
+# Subject: CN=Buypass Class 2 Root CA,O=Buypass AS-983163327,C=NO
+# Not Valid Before: Tue Oct 26 08:38:03 2010
+# Not Valid After : Fri Oct 26 08:38:03 2040
+# Fingerprint (MD5): 46:A7:D2:FE:45:FB:64:5A:A8:59:90:9B:78:44:9B:29
+# Fingerprint (SHA1): 49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Buypass Class 2 Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\111\012\165\164\336\207\012\107\376\130\356\366\307\153\353\306
+\013\022\100\231
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\106\247\322\376\105\373\144\132\250\131\220\233\170\104\233\051
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061
+\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163
+\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040
+\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163
+\040\103\154\141\163\163\040\062\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\002
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Buypass Class 3 Root CA"
+#
+# Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
+# Serial Number: 2 (0x2)
+# Subject: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
+# Not Valid Before: Tue Oct 26 08:28:58 2010
+# Not Valid After : Fri Oct 26 08:28:58 2040
+# Fingerprint (MD5): 3D:3B:18:9E:2C:64:5A:E8:D5:88:CE:0E:F9:37:C2:EC
+# Fingerprint (SHA1): DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Buypass Class 3 Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061
+\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163
+\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040
+\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163
+\040\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061
+\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163
+\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040
+\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163
+\040\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\002
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\131\060\202\003\101\240\003\002\001\002\002\001\002
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035
+\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163
+\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060
+\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040
+\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101\060
+\036\027\015\061\060\061\060\062\066\060\070\062\070\065\070\132
+\027\015\064\060\061\060\062\066\060\070\062\070\065\070\132\060
+\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061\035
+\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163\163
+\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040\060
+\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163\040
+\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\245\332\012\225\026\120\343\225\362\136\235\166\061\006\062\172
+\233\361\020\166\270\000\232\265\122\066\315\044\107\260\237\030
+\144\274\232\366\372\325\171\330\220\142\114\042\057\336\070\075
+\326\340\250\351\034\054\333\170\021\351\216\150\121\025\162\307
+\363\063\207\344\240\135\013\134\340\127\007\052\060\365\315\304
+\067\167\050\115\030\221\346\277\325\122\375\161\055\160\076\347
+\306\304\212\343\360\050\013\364\166\230\241\213\207\125\262\072
+\023\374\267\076\047\067\216\042\343\250\117\052\357\140\273\075
+\267\071\303\016\001\107\231\135\022\117\333\103\372\127\241\355
+\371\235\276\021\107\046\133\023\230\253\135\026\212\260\067\034
+\127\235\105\377\210\226\066\277\273\312\007\173\157\207\143\327
+\320\062\152\326\135\154\014\361\263\156\071\342\153\061\056\071
+\000\047\024\336\070\300\354\031\146\206\022\350\235\162\026\023
+\144\122\307\251\067\034\375\202\060\355\204\030\035\364\256\134
+\377\160\023\000\353\261\365\063\172\113\326\125\370\005\215\113
+\151\260\365\263\050\066\134\024\304\121\163\115\153\013\361\064
+\007\333\027\071\327\334\050\173\153\365\237\363\056\301\117\027
+\052\020\363\314\312\350\353\375\153\253\056\232\237\055\202\156
+\004\324\122\001\223\055\075\206\374\176\374\337\357\102\035\246
+\153\357\271\040\306\367\275\240\247\225\375\247\346\211\044\330
+\314\214\064\154\342\043\057\331\022\032\041\271\125\221\157\013
+\221\171\031\014\255\100\210\013\160\342\172\322\016\330\150\110
+\273\202\023\071\020\130\351\330\052\007\306\022\333\130\333\322
+\073\125\020\107\005\025\147\142\176\030\143\246\106\077\011\016
+\124\062\136\277\015\142\172\047\357\200\350\333\331\113\006\132
+\067\132\045\320\010\022\167\324\157\011\120\227\075\310\035\303
+\337\214\105\060\126\306\323\144\253\146\363\300\136\226\234\303
+\304\357\303\174\153\213\072\171\177\263\111\317\075\342\211\237
+\240\060\113\205\271\234\224\044\171\217\175\153\251\105\150\017
+\053\320\361\332\034\313\151\270\312\111\142\155\310\320\143\142
+\335\140\017\130\252\217\241\274\005\245\146\242\317\033\166\262
+\204\144\261\114\071\122\300\060\272\360\214\113\002\260\266\267
+\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
+\016\004\026\004\024\107\270\315\377\345\157\356\370\262\354\057
+\116\016\371\045\260\216\074\153\303\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206\110
+\206\367\015\001\001\013\005\000\003\202\002\001\000\000\040\043
+\101\065\004\220\302\100\142\140\357\342\065\114\327\077\254\342
+\064\220\270\241\157\166\372\026\026\244\110\067\054\351\220\302
+\362\074\370\012\237\330\201\345\273\133\332\045\054\244\247\125
+\161\044\062\366\310\013\362\274\152\370\223\254\262\007\302\137
+\237\333\314\310\212\252\276\152\157\341\111\020\314\061\327\200
+\273\273\310\330\242\016\144\127\352\242\365\302\251\061\025\322
+\040\152\354\374\042\001\050\317\206\270\200\036\251\314\021\245
+\074\362\026\263\107\235\374\322\200\041\304\313\320\107\160\101
+\241\312\203\031\010\054\155\362\135\167\234\212\024\023\324\066
+\034\222\360\345\006\067\334\246\346\220\233\070\217\134\153\033
+\106\206\103\102\137\076\001\007\123\124\135\145\175\367\212\163
+\241\232\124\132\037\051\103\024\047\302\205\017\265\210\173\032
+\073\224\267\035\140\247\265\234\347\051\151\127\132\233\223\172
+\103\060\033\003\327\142\310\100\246\252\374\144\344\112\327\221
+\123\001\250\040\210\156\234\137\104\271\313\140\201\064\354\157
+\323\175\332\110\137\353\264\220\274\055\251\034\013\254\034\325
+\242\150\040\200\004\326\374\261\217\057\273\112\061\015\112\206
+\034\353\342\066\051\046\365\332\330\304\362\165\141\317\176\256
+\166\143\112\172\100\145\223\207\370\036\200\214\206\345\206\326
+\217\016\374\123\054\140\350\026\141\032\242\076\103\173\315\071
+\140\124\152\365\362\211\046\001\150\203\110\242\063\350\311\004
+\221\262\021\064\021\076\352\320\103\031\037\003\223\220\014\377
+\121\075\127\364\101\156\341\313\240\276\353\311\143\315\155\314
+\344\370\066\252\150\235\355\275\135\227\160\104\015\266\016\065
+\334\341\014\135\273\240\121\224\313\176\026\353\021\057\243\222
+\105\310\114\161\331\274\311\231\122\127\106\057\120\317\275\065
+\151\364\075\025\316\006\245\054\017\076\366\201\272\224\273\303
+\273\277\145\170\322\206\171\377\111\073\032\203\014\360\336\170
+\354\310\362\115\114\032\336\202\051\370\301\132\332\355\356\346
+\047\136\350\105\320\235\034\121\250\150\253\104\343\320\213\152
+\343\370\073\273\334\115\327\144\362\121\276\346\252\253\132\351
+\061\356\006\274\163\277\023\142\012\237\307\271\227
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Buypass Class 3 Root CA"
+# Issuer: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
+# Serial Number: 2 (0x2)
+# Subject: CN=Buypass Class 3 Root CA,O=Buypass AS-983163327,C=NO
+# Not Valid Before: Tue Oct 26 08:28:58 2010
+# Not Valid After : Fri Oct 26 08:28:58 2040
+# Fingerprint (MD5): 3D:3B:18:9E:2C:64:5A:E8:D5:88:CE:0E:F9:37:C2:EC
+# Fingerprint (SHA1): DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Buypass Class 3 Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\332\372\367\372\146\204\354\006\217\024\120\275\307\302\201\245
+\274\251\144\127
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\075\073\030\236\054\144\132\350\325\210\316\016\371\067\302\354
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\116\061\013\060\011\006\003\125\004\006\023\002\116\117\061
+\035\060\033\006\003\125\004\012\014\024\102\165\171\160\141\163
+\163\040\101\123\055\071\070\063\061\066\063\063\062\067\061\040
+\060\036\006\003\125\004\003\014\027\102\165\171\160\141\163\163
+\040\103\154\141\163\163\040\063\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\002
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "T-TeleSec GlobalRoot Class 3"
+#
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164
+\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123
+\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
+\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060
+\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145
+\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141
+\163\163\040\063\060\036\027\015\060\070\061\060\060\061\061\060
+\062\071\065\066\132\027\015\063\063\061\060\060\061\062\063\065
+\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124
+\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162
+\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142
+\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171
+\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164
+\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124
+\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157
+\164\040\103\154\141\163\163\040\063\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\275\165\223\360\142\042
+\157\044\256\340\172\166\254\175\275\331\044\325\270\267\374\315
+\360\102\340\353\170\210\126\136\233\232\124\035\115\014\212\366
+\323\317\160\364\122\265\330\223\004\343\106\206\161\101\112\053
+\360\052\054\125\003\326\110\303\340\071\070\355\362\134\074\077
+\104\274\223\075\141\253\116\315\015\276\360\040\047\130\016\104
+\177\004\032\207\245\327\226\024\066\220\320\111\173\241\165\373
+\032\153\163\261\370\316\251\011\054\362\123\325\303\024\104\270
+\206\245\366\213\053\071\332\243\063\124\331\372\162\032\367\042
+\025\034\210\221\153\177\146\345\303\152\200\260\044\363\337\206
+\105\210\375\031\177\165\207\037\037\261\033\012\163\044\133\271
+\145\340\054\124\310\140\323\146\027\077\341\314\124\063\163\221
+\002\072\246\177\173\166\071\242\037\226\266\070\256\265\310\223
+\164\035\236\271\264\345\140\235\057\126\321\340\353\136\133\114
+\022\160\014\154\104\040\253\021\330\364\031\366\322\234\122\067
+\347\372\266\302\061\073\112\324\024\231\255\307\032\365\135\137
+\372\007\270\174\015\037\326\203\036\263\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\265
+\003\367\166\073\141\202\152\022\252\030\123\353\003\041\224\277
+\376\316\312\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\126\075\357\224\325\275\332\163\262
+\130\276\256\220\255\230\047\227\376\001\261\260\122\000\270\115
+\344\033\041\164\033\176\300\356\136\151\052\045\257\134\326\035
+\332\322\171\311\363\227\051\340\206\207\336\004\131\017\361\131
+\324\144\205\113\231\257\045\004\036\311\106\251\227\336\202\262
+\033\160\237\234\366\257\161\061\335\173\005\245\054\323\271\312
+\107\366\312\362\366\347\255\271\110\077\274\026\267\301\155\364
+\352\011\257\354\363\265\347\005\236\246\036\212\123\121\326\223
+\201\314\164\223\366\271\332\246\045\005\164\171\132\176\100\076
+\202\113\046\021\060\156\341\077\101\307\107\000\065\325\365\323
+\367\124\076\201\075\332\111\152\232\263\357\020\075\346\353\157
+\321\310\042\107\313\314\317\001\061\222\331\030\343\042\276\011
+\036\032\076\132\262\344\153\014\124\172\175\103\116\270\211\245
+\173\327\242\075\226\206\314\362\046\064\055\152\222\235\232\032
+\320\060\342\135\116\004\260\137\213\040\176\167\301\075\225\202
+\321\106\232\073\074\170\270\157\241\320\015\144\242\170\036\051
+\116\223\303\244\124\024\133
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "T-TeleSec GlobalRoot Class 3"
+# Issuer: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:29:56 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): CA:FB:40:A8:4E:39:92:8A:1D:FE:8E:2F:C4:27:EA:EF
+# Fingerprint (SHA1): 55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\125\246\162\076\313\362\354\315\303\043\164\160\031\235\052\276
+\021\343\201\321
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\312\373\100\250\116\071\222\212\035\376\216\057\304\047\352\357
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "EE Certification Centre Root CA"
+#
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124
+\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165
+\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060
+\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151
+\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165
+\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156
+\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006
+\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100
+\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063
+\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062
+\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006
+\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004
+\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145
+\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046
+\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122
+\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206
+\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145
+\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
+\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373
+\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062
+\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114
+\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303
+\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316
+\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123
+\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174
+\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060
+\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247
+\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125
+\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335
+\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176
+\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352
+\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104
+\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203
+\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241
+\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
+\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277
+\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003
+\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003
+\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
+\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006
+\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005
+\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267
+\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216
+\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225
+\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257
+\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120
+\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006
+\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274
+\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032
+\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156
+\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134
+\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072
+\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026
+\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123
+\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356
+\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357
+\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220
+\307\314\165\301\226\305\235
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "EE Certification Centre Root CA"
+# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
+# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
+# Not Valid Before: Sat Oct 30 10:10:30 2010
+# Not Valid After : Tue Dec 17 23:59:59 2030
+# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
+# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "EE Certification Centre Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303
+\173\047\314\327
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
+\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
+\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
+\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
+\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
+\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
+\151\100\163\153\056\145\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
+\346\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 1", Bug 825022
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri
+# Serial Number: 2087 (0x827)
+# Subject: CN=*.EGO.GOV.TR,OU=EGO BILGI ISLEM,O=EGO,L=ANKARA,ST=ANKARA,C=TR
+# Not Valid Before: Mon Aug 08 07:07:51 2011
+# Not Valid After : Tue Jul 06 07:07:51 2021
+# Fingerprint (MD5): F8:F5:25:FF:0C:31:CF:85:E1:0C:86:17:C1:CE:1F:8E
+# Fingerprint (SHA1): C6:9F:28:C8:25:13:9E:65:A6:46:C4:34:AC:A5:A1:D2:00:29:5D:B1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 1"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151
+\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145
+\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124
+\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164
+\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151
+\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050
+\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\010\047
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+# Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 2", Bug 825022
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri
+# Serial Number: 2148 (0x864)
+# Subject: E=ileti@kktcmerkezbankasi.org,CN=e-islem.kktcmerkezbankasi.org,O=KKTC Merkez Bankasi,L=Lefkosa,ST=Lefkosa,C=TR
+# Not Valid Before: Mon Aug 08 07:07:51 2011
+# Not Valid After : Thu Aug 05 07:07:51 2021
+# Fingerprint (MD5): BF:C3:EC:AD:0F:42:4F:B4:B5:38:DB:35:BF:AD:84:A2
+# Fingerprint (SHA1): F9:2B:E5:26:6C:C0:5D:B2:DC:0D:C3:F2:DC:74:E0:2D:EF:D9:49:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Mis-issued Intermediate CA 2"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\254\061\075\060\073\006\003\125\004\003\014\064\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\165\156\165\143\165\040\123\145\162\164\151
+\146\151\153\141\163\304\261\040\110\151\172\155\145\164\154\145
+\162\151\061\013\060\011\006\003\125\004\006\023\002\124\122\061
+\136\060\134\006\003\125\004\012\014\125\124\303\234\122\113\124
+\122\125\123\124\040\102\151\154\147\151\040\304\260\154\145\164
+\151\305\237\151\155\040\166\145\040\102\151\154\151\305\237\151
+\155\040\107\303\274\166\145\156\154\151\304\237\151\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\040\050
+\143\051\040\113\141\163\304\261\155\040\040\062\060\060\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\010\144
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TURKTRUST Certificate Services Provider Root 2007"
+#
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2007"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\075\060\202\003\045\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303\234
+\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157\156
+\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151\172
+\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304\261
+\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060\060
+\067\060\036\027\015\060\067\061\062\062\065\061\070\063\067\061
+\071\132\027\015\061\067\061\062\062\062\061\070\063\067\061\071
+\132\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124
+\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162
+\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110
+\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143
+\304\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002
+\124\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153
+\141\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303
+\234\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304
+\260\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154
+\151\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237
+\151\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305
+\236\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062
+\060\060\067\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\253\267\076\012\214\310\245\130\025\346\212\357
+\047\075\112\264\350\045\323\315\063\302\040\334\031\356\210\077
+\115\142\360\335\023\167\217\141\251\052\265\324\362\271\061\130
+\051\073\057\077\152\234\157\163\166\045\356\064\040\200\356\352
+\267\360\304\012\315\053\206\224\311\343\140\261\104\122\262\132
+\051\264\221\227\203\330\267\246\024\057\051\111\242\363\005\006
+\373\264\117\332\241\154\232\146\237\360\103\011\312\352\162\217
+\353\000\327\065\071\327\126\027\107\027\060\364\276\277\077\302
+\150\257\066\100\301\251\364\251\247\350\020\153\010\212\367\206
+\036\334\232\052\025\006\366\243\360\364\340\307\024\324\121\177
+\317\264\333\155\257\107\226\027\233\167\161\330\247\161\235\044
+\014\366\224\077\205\061\022\117\272\356\116\202\270\271\076\217
+\043\067\136\314\242\252\165\367\030\157\011\323\256\247\124\050
+\064\373\341\340\073\140\175\240\276\171\211\206\310\237\055\371
+\012\113\304\120\242\347\375\171\026\307\172\013\030\317\316\114
+\357\175\326\007\157\230\361\257\261\301\172\327\201\065\270\252
+\027\264\340\313\002\003\001\000\001\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\051\305\220\253\045\257\021\344
+\141\277\243\377\210\141\221\346\016\376\234\201\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015\006
+\011\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001
+\000\020\015\332\370\072\354\050\321\024\225\202\261\022\054\121
+\172\101\045\066\114\237\354\077\037\204\235\145\124\134\250\026
+\002\100\372\156\032\067\204\357\162\235\206\012\125\235\126\050
+\254\146\054\320\072\126\223\064\007\045\255\010\260\217\310\017
+\011\131\312\235\230\034\345\124\370\271\105\177\152\227\157\210
+\150\115\112\006\046\067\210\002\016\266\306\326\162\231\316\153
+\167\332\142\061\244\126\037\256\137\215\167\332\135\366\210\374
+\032\331\236\265\201\360\062\270\343\210\320\234\363\152\240\271
+\233\024\131\065\066\117\317\363\216\136\135\027\255\025\225\330
+\335\262\325\025\156\000\116\263\113\317\146\224\344\340\315\265
+\005\332\143\127\213\345\263\252\333\300\056\034\220\104\333\032
+\135\030\244\356\276\004\133\231\325\161\137\125\145\144\142\325
+\242\233\004\131\206\310\142\167\347\174\202\105\152\075\027\277
+\354\235\165\014\256\243\157\132\323\057\230\066\364\360\365\031
+\253\021\135\310\246\343\052\130\152\102\011\303\275\222\046\146
+\062\015\135\010\125\164\377\214\230\320\012\246\204\152\321\071
+\175
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "TURKTRUST Certificate Services Provider Root 2007"
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Tue Dec 25 18:37:19 2007
+# Not Valid After : Fri Dec 22 18:37:19 2017
+# Fingerprint (MD5): 2B:70:20:56:86:82:A0:18:C8:07:53:12:28:70:21:72
+# Fingerprint (SHA1): F1:7F:6F:B6:31:DC:99:E3:A3:C8:7F:FE:1C:F1:81:10:88:D9:60:33
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2007"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\361\177\157\266\061\334\231\343\243\310\177\376\034\361\201\020
+\210\331\140\063
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\053\160\040\126\206\202\240\030\310\007\123\022\050\160\041\162
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\077\060\075\006\003\125\004\003\014\066\124\303
+\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162\157
+\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110\151
+\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143\304
+\261\163\304\261\061\013\060\011\006\003\125\004\006\023\002\124
+\122\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141
+\162\141\061\136\060\134\006\003\125\004\012\014\125\124\303\234
+\122\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260
+\154\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151
+\305\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151
+\040\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236
+\056\040\050\143\051\040\101\162\141\154\304\261\153\040\062\060
+\060\067
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-TRUST Root Class 3 CA 2 2009"
+#
+# Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
+# Serial Number: 623603 (0x983f3)
+# Subject: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
+# Not Valid Before: Thu Nov 05 08:35:58 2009
+# Not Valid After : Mon Nov 05 08:35:58 2029
+# Fingerprint (MD5): CD:E0:25:69:8D:47:AC:9C:89:35:90:F7:FD:51:3D:2F
+# Fingerprint (SHA1): 58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 2009"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014
+\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014
+\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\011\203\363
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\063\060\202\003\033\240\003\002\001\002\002\003\011
+\203\363\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165
+\163\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003
+\014\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103
+\154\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071
+\060\036\027\015\060\071\061\061\060\065\060\070\063\065\065\070
+\132\027\015\062\071\061\061\060\065\060\070\063\065\065\070\132
+\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014
+\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071\060
+\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000
+\323\262\112\317\172\107\357\165\233\043\372\072\057\326\120\105
+\211\065\072\306\153\333\376\333\000\150\250\340\003\021\035\067
+\120\010\237\115\112\150\224\065\263\123\321\224\143\247\040\126
+\257\336\121\170\354\052\075\363\110\110\120\076\012\337\106\125
+\213\047\155\303\020\115\015\221\122\103\330\207\340\135\116\066
+\265\041\312\137\071\100\004\137\133\176\314\243\306\053\251\100
+\036\331\066\204\326\110\363\222\036\064\106\040\044\301\244\121
+\216\112\032\357\120\077\151\135\031\177\105\303\307\001\217\121
+\311\043\350\162\256\264\274\126\011\177\022\313\034\261\257\051
+\220\012\311\125\314\017\323\264\032\355\107\065\132\112\355\234
+\163\004\041\320\252\275\014\023\265\000\312\046\154\304\153\014
+\224\132\225\224\332\120\232\361\377\245\053\146\061\244\311\070
+\240\337\035\037\270\011\056\363\247\350\147\122\253\225\037\340
+\106\076\330\244\303\312\132\305\061\200\350\110\232\237\224\151
+\376\031\335\330\163\174\201\312\226\336\216\355\263\062\005\145
+\204\064\346\346\375\127\020\265\137\166\277\057\260\020\015\305
+\002\003\001\000\001\243\202\001\032\060\202\001\026\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035
+\006\003\125\035\016\004\026\004\024\375\332\024\304\237\060\336
+\041\275\036\102\071\374\253\143\043\111\340\361\204\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\201\323
+\006\003\125\035\037\004\201\313\060\201\310\060\201\200\240\176
+\240\174\206\172\154\144\141\160\072\057\057\144\151\162\145\143
+\164\157\162\171\056\144\055\164\162\165\163\164\056\156\145\164
+\057\103\116\075\104\055\124\122\125\123\124\045\062\060\122\157
+\157\164\045\062\060\103\154\141\163\163\045\062\060\063\045\062
+\060\103\101\045\062\060\062\045\062\060\062\060\060\071\054\117
+\075\104\055\124\162\165\163\164\045\062\060\107\155\142\110\054
+\103\075\104\105\077\143\145\162\164\151\146\151\143\141\164\145
+\162\145\166\157\143\141\164\151\157\156\154\151\163\164\060\103
+\240\101\240\077\206\075\150\164\164\160\072\057\057\167\167\167
+\056\144\055\164\162\165\163\164\056\156\145\164\057\143\162\154
+\057\144\055\164\162\165\163\164\137\162\157\157\164\137\143\154
+\141\163\163\137\063\137\143\141\137\062\137\062\060\060\071\056
+\143\162\154\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\177\227\333\060\310\337\244\234\175
+\041\172\200\160\316\024\022\151\210\024\225\140\104\001\254\262
+\351\060\117\233\120\302\146\330\176\215\060\265\160\061\351\342
+\151\307\363\160\333\040\025\206\320\015\360\276\254\001\165\204
+\316\176\237\115\277\267\140\073\234\363\312\035\342\136\150\330
+\243\235\227\345\100\140\322\066\041\376\320\264\270\027\332\164
+\243\177\324\337\260\230\002\254\157\153\153\054\045\044\162\241
+\145\356\045\132\345\346\062\347\362\337\253\111\372\363\220\151
+\043\333\004\331\347\134\130\374\145\324\227\276\314\374\056\012
+\314\045\052\065\004\370\140\221\025\165\075\101\377\043\037\031
+\310\154\353\202\123\004\246\344\114\042\115\215\214\272\316\133
+\163\354\144\124\120\155\321\234\125\373\151\303\066\303\214\274
+\074\205\246\153\012\046\015\340\223\230\140\256\176\306\044\227
+\212\141\137\221\216\146\222\011\207\066\315\213\233\055\076\366
+\121\324\120\324\131\050\275\203\362\314\050\173\123\206\155\330
+\046\210\160\327\352\221\315\076\271\312\300\220\156\132\306\136
+\164\145\327\134\376\243\342
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "D-TRUST Root Class 3 CA 2 2009"
+# Issuer: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
+# Serial Number: 623603 (0x983f3)
+# Subject: CN=D-TRUST Root Class 3 CA 2 2009,O=D-Trust GmbH,C=DE
+# Not Valid Before: Thu Nov 05 08:35:58 2009
+# Not Valid After : Mon Nov 05 08:35:58 2029
+# Fingerprint (MD5): CD:E0:25:69:8D:47:AC:9C:89:35:90:F7:FD:51:3D:2F
+# Fingerprint (SHA1): 58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 2009"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\130\350\253\260\066\025\063\373\200\367\233\033\155\051\323\377
+\215\137\000\360
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\315\340\045\151\215\107\254\234\211\065\220\367\375\121\075\057
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\115\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\047\060\045\006\003\125\004\003\014
+\036\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\062\060\060\071
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\011\203\363
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "D-TRUST Root Class 3 CA 2 EV 2009"
+#
+# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
+# Serial Number: 623604 (0x983f4)
+# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
+# Not Valid Before: Thu Nov 05 08:50:46 2009
+# Not Valid After : Mon Nov 05 08:50:46 2029
+# Fingerprint (MD5): AA:C6:43:2C:5E:2D:CD:C4:34:C0:50:4F:11:02:4F:B6
+# Fingerprint (SHA1): 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 EV 2009"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014
+\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060
+\060\071
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014
+\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060
+\060\071
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\011\203\364
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\103\060\202\003\053\240\003\002\001\002\002\003\011
+\203\364\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165
+\163\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003
+\014\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103
+\154\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062
+\060\060\071\060\036\027\015\060\071\061\061\060\065\060\070\065
+\060\064\066\132\027\015\062\071\061\061\060\065\060\070\065\060
+\064\066\132\060\120\061\013\060\011\006\003\125\004\006\023\002
+\104\105\061\025\060\023\006\003\125\004\012\014\014\104\055\124
+\162\165\163\164\040\107\155\142\110\061\052\060\050\006\003\125
+\004\003\014\041\104\055\124\122\125\123\124\040\122\157\157\164
+\040\103\154\141\163\163\040\063\040\103\101\040\062\040\105\126
+\040\062\060\060\071\060\202\001\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001
+\012\002\202\001\001\000\231\361\204\064\160\272\057\267\060\240
+\216\275\174\004\317\276\142\274\231\375\202\227\322\172\012\147
+\226\070\011\366\020\116\225\042\163\231\215\332\025\055\347\005
+\374\031\163\042\267\216\230\000\274\074\075\254\241\154\373\326
+\171\045\113\255\360\314\144\332\210\076\051\270\017\011\323\064
+\335\063\365\142\321\341\315\031\351\356\030\117\114\130\256\342
+\036\326\014\133\025\132\330\072\270\304\030\144\036\343\063\262
+\265\211\167\116\014\277\331\224\153\023\227\157\022\243\376\231
+\251\004\314\025\354\140\150\066\355\010\173\267\365\277\223\355
+\146\061\203\214\306\161\064\207\116\027\352\257\213\221\215\034
+\126\101\256\042\067\136\067\362\035\331\321\055\015\057\151\121
+\247\276\146\246\212\072\052\275\307\032\261\341\024\360\276\072
+\035\271\317\133\261\152\376\264\261\106\040\242\373\036\073\160
+\357\223\230\175\214\163\226\362\305\357\205\160\255\051\046\374
+\036\004\076\034\240\330\017\313\122\203\142\174\356\213\123\225
+\220\251\127\242\352\141\005\330\371\115\304\047\372\156\255\355
+\371\327\121\367\153\245\002\003\001\000\001\243\202\001\044\060
+\202\001\040\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\323
+\224\212\114\142\023\052\031\056\314\257\162\212\175\066\327\232
+\034\334\147\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\201\335\006\003\125\035\037\004\201\325\060\201
+\322\060\201\207\240\201\204\240\201\201\206\177\154\144\141\160
+\072\057\057\144\151\162\145\143\164\157\162\171\056\144\055\164
+\162\165\163\164\056\156\145\164\057\103\116\075\104\055\124\122
+\125\123\124\045\062\060\122\157\157\164\045\062\060\103\154\141
+\163\163\045\062\060\063\045\062\060\103\101\045\062\060\062\045
+\062\060\105\126\045\062\060\062\060\060\071\054\117\075\104\055
+\124\162\165\163\164\045\062\060\107\155\142\110\054\103\075\104
+\105\077\143\145\162\164\151\146\151\143\141\164\145\162\145\166
+\157\143\141\164\151\157\156\154\151\163\164\060\106\240\104\240
+\102\206\100\150\164\164\160\072\057\057\167\167\167\056\144\055
+\164\162\165\163\164\056\156\145\164\057\143\162\154\057\144\055
+\164\162\165\163\164\137\162\157\157\164\137\143\154\141\163\163
+\137\063\137\143\141\137\062\137\145\166\137\062\060\060\071\056
+\143\162\154\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\064\355\173\132\074\244\224\210\357
+\032\021\165\007\057\263\376\074\372\036\121\046\353\207\366\051
+\336\340\361\324\306\044\011\351\301\317\125\033\264\060\331\316
+\032\376\006\121\246\025\244\055\357\262\113\277\040\050\045\111
+\321\246\066\167\064\350\144\337\122\261\021\307\163\172\315\071
+\236\302\255\214\161\041\362\132\153\257\337\074\116\125\257\262
+\204\145\024\211\271\167\313\052\061\276\317\243\155\317\157\110
+\224\062\106\157\347\161\214\240\246\204\031\067\007\362\003\105
+\011\053\206\165\174\337\137\151\127\000\333\156\330\246\162\042
+\113\120\324\165\230\126\337\267\030\377\103\103\120\256\172\104
+\173\360\171\121\327\103\075\247\323\201\323\360\311\117\271\332
+\306\227\206\320\202\303\344\102\155\376\260\342\144\116\016\046
+\347\100\064\046\265\010\211\327\010\143\143\070\047\165\036\063
+\352\156\250\335\237\231\117\164\115\201\211\200\113\335\232\227
+\051\134\057\276\201\101\271\214\377\352\175\140\006\236\315\327
+\075\323\056\243\025\274\250\346\046\345\157\303\334\270\003\041
+\352\237\026\361\054\124\265
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "D-TRUST Root Class 3 CA 2 EV 2009"
+# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
+# Serial Number: 623604 (0x983f4)
+# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009,O=D-Trust GmbH,C=DE
+# Not Valid Before: Thu Nov 05 08:50:46 2009
+# Not Valid After : Mon Nov 05 08:50:46 2029
+# Fingerprint (MD5): AA:C6:43:2C:5E:2D:CD:C4:34:C0:50:4F:11:02:4F:B6
+# Fingerprint (SHA1): 96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "D-TRUST Root Class 3 CA 2 EV 2009"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\226\311\033\013\225\264\020\230\102\372\320\330\042\171\376\140
+\372\271\026\203
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\252\306\103\054\136\055\315\304\064\300\120\117\021\002\117\266
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\025\060\023\006\003\125\004\012\014\014\104\055\124\162\165\163
+\164\040\107\155\142\110\061\052\060\050\006\003\125\004\003\014
+\041\104\055\124\122\125\123\124\040\122\157\157\164\040\103\154
+\141\163\163\040\063\040\103\101\040\062\040\105\126\040\062\060
+\060\071
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\003\011\203\364
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "PSCProcert"
+#
+# Issuer: E=acraiz@suscerte.gob.ve,OU=Superintendencia de Servicios de Certificacion Electronica,O=Sistema Nacional de Certificacion Electronica,ST=Distrito Capital,L=Caracas,C=VE,CN=Autoridad de Certificacion Raiz del Estado Venezolano
+# Serial Number: 11 (0xb)
+# Subject: CN=PSCProcert,C=VE,O=Sistema Nacional de Certificacion Electronica,OU=Proveedor de Certificados PROCERT,ST=Miranda,L=Chacao,E=contacto@procert.net.ve
+# Not Valid Before: Tue Dec 28 16:51:00 2010
+# Not Valid After : Fri Dec 25 23:59:59 2020
+# Fingerprint (MD5): E6:24:E9:12:01:AE:0C:DE:8E:85:C4:CE:A3:12:DD:EC
+# Fingerprint (SHA1): 70:C1:8D:74:B4:28:81:0A:E4:FD:A5:75:D7:01:9F:99:B0:3D:50:74
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "PSCProcert"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\321\061\046\060\044\006\011\052\206\110\206\367\015\001
+\011\001\026\027\143\157\156\164\141\143\164\157\100\160\162\157
+\143\145\162\164\056\156\145\164\056\166\145\061\017\060\015\006
+\003\125\004\007\023\006\103\150\141\143\141\157\061\020\060\016
+\006\003\125\004\010\023\007\115\151\162\141\156\144\141\061\052
+\060\050\006\003\125\004\013\023\041\120\162\157\166\145\145\144
+\157\162\040\144\145\040\103\145\162\164\151\146\151\143\141\144
+\157\163\040\120\122\117\103\105\122\124\061\066\060\064\006\003
+\125\004\012\023\055\123\151\163\164\145\155\141\040\116\141\143
+\151\157\156\141\154\040\144\145\040\103\145\162\164\151\146\151
+\143\141\143\151\157\156\040\105\154\145\143\164\162\157\156\151
+\143\141\061\013\060\011\006\003\125\004\006\023\002\126\105\061
+\023\060\021\006\003\125\004\003\023\012\120\123\103\120\162\157
+\143\145\162\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\036\061\076\060\074\006\003\125\004\003\023\065\101
+\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164
+\151\146\151\143\141\143\151\157\156\040\122\141\151\172\040\144
+\145\154\040\105\163\164\141\144\157\040\126\145\156\145\172\157
+\154\141\156\157\061\013\060\011\006\003\125\004\006\023\002\126
+\105\061\020\060\016\006\003\125\004\007\023\007\103\141\162\141
+\143\141\163\061\031\060\027\006\003\125\004\010\023\020\104\151
+\163\164\162\151\164\157\040\103\141\160\151\164\141\154\061\066
+\060\064\006\003\125\004\012\023\055\123\151\163\164\145\155\141
+\040\116\141\143\151\157\156\141\154\040\144\145\040\103\145\162
+\164\151\146\151\143\141\143\151\157\156\040\105\154\145\143\164
+\162\157\156\151\143\141\061\103\060\101\006\003\125\004\013\023
+\072\123\165\160\145\162\151\156\164\145\156\144\145\156\143\151
+\141\040\144\145\040\123\145\162\166\151\143\151\157\163\040\144
+\145\040\103\145\162\164\151\146\151\143\141\143\151\157\156\040
+\105\154\145\143\164\162\157\156\151\143\141\061\045\060\043\006
+\011\052\206\110\206\367\015\001\011\001\026\026\141\143\162\141
+\151\172\100\163\165\163\143\145\162\164\145\056\147\157\142\056
+\166\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\013
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\011\206\060\202\007\156\240\003\002\001\002\002\001\013
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\202\001\036\061\076\060\074\006\003\125\004\003\023\065\101\165
+\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\157\156\040\122\141\151\172\040\144\145
+\154\040\105\163\164\141\144\157\040\126\145\156\145\172\157\154
+\141\156\157\061\013\060\011\006\003\125\004\006\023\002\126\105
+\061\020\060\016\006\003\125\004\007\023\007\103\141\162\141\143
+\141\163\061\031\060\027\006\003\125\004\010\023\020\104\151\163
+\164\162\151\164\157\040\103\141\160\151\164\141\154\061\066\060
+\064\006\003\125\004\012\023\055\123\151\163\164\145\155\141\040
+\116\141\143\151\157\156\141\154\040\144\145\040\103\145\162\164
+\151\146\151\143\141\143\151\157\156\040\105\154\145\143\164\162
+\157\156\151\143\141\061\103\060\101\006\003\125\004\013\023\072
+\123\165\160\145\162\151\156\164\145\156\144\145\156\143\151\141
+\040\144\145\040\123\145\162\166\151\143\151\157\163\040\144\145
+\040\103\145\162\164\151\146\151\143\141\143\151\157\156\040\105
+\154\145\143\164\162\157\156\151\143\141\061\045\060\043\006\011
+\052\206\110\206\367\015\001\011\001\026\026\141\143\162\141\151
+\172\100\163\165\163\143\145\162\164\145\056\147\157\142\056\166
+\145\060\036\027\015\061\060\061\062\062\070\061\066\065\061\060
+\060\132\027\015\062\060\061\062\062\065\062\063\065\071\065\071
+\132\060\201\321\061\046\060\044\006\011\052\206\110\206\367\015
+\001\011\001\026\027\143\157\156\164\141\143\164\157\100\160\162
+\157\143\145\162\164\056\156\145\164\056\166\145\061\017\060\015
+\006\003\125\004\007\023\006\103\150\141\143\141\157\061\020\060
+\016\006\003\125\004\010\023\007\115\151\162\141\156\144\141\061
+\052\060\050\006\003\125\004\013\023\041\120\162\157\166\145\145
+\144\157\162\040\144\145\040\103\145\162\164\151\146\151\143\141
+\144\157\163\040\120\122\117\103\105\122\124\061\066\060\064\006
+\003\125\004\012\023\055\123\151\163\164\145\155\141\040\116\141
+\143\151\157\156\141\154\040\144\145\040\103\145\162\164\151\146
+\151\143\141\143\151\157\156\040\105\154\145\143\164\162\157\156
+\151\143\141\061\013\060\011\006\003\125\004\006\023\002\126\105
+\061\023\060\021\006\003\125\004\003\023\012\120\123\103\120\162
+\157\143\145\162\164\060\202\002\042\060\015\006\011\052\206\110
+\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002
+\012\002\202\002\001\000\325\267\364\243\224\063\241\106\251\125
+\141\111\015\250\207\163\136\221\055\160\301\006\032\224\332\075
+\354\025\102\301\365\214\256\152\027\361\212\255\374\200\225\352
+\203\104\242\133\172\125\316\117\247\245\325\272\270\037\240\047
+\300\120\123\076\215\271\300\016\270\025\334\326\154\370\236\370
+\004\045\337\200\217\020\205\335\175\057\173\200\335\127\000\144
+\043\370\156\311\276\225\117\341\165\354\340\176\136\225\315\261
+\357\276\172\102\330\311\054\323\353\032\032\042\213\267\177\006
+\211\345\074\365\022\300\273\323\013\231\137\220\174\216\055\057
+\167\063\222\112\041\106\250\251\010\254\361\366\021\002\331\225
+\026\236\215\057\226\346\002\335\165\302\024\052\132\326\311\175
+\045\302\301\374\252\147\205\342\354\276\321\174\074\372\257\325
+\156\377\123\101\324\365\062\070\261\342\137\304\371\216\020\357
+\006\251\002\211\377\343\014\156\227\340\337\235\333\041\320\364
+\076\010\151\154\330\324\344\066\370\203\266\262\066\217\234\357
+\072\067\026\175\277\242\151\327\073\133\162\320\257\252\077\134
+\146\223\254\012\042\141\266\322\240\231\310\124\223\135\250\266
+\321\275\135\012\136\167\224\242\055\300\202\216\274\312\003\052
+\064\256\163\361\324\265\014\275\276\147\233\124\353\341\372\240
+\132\354\070\176\076\301\314\242\307\104\061\165\352\077\345\007
+\322\253\241\045\226\366\346\344\240\135\067\030\071\141\000\063
+\135\106\324\000\304\264\312\074\361\242\243\076\363\072\377\151
+\060\056\100\335\366\237\234\046\311\226\067\255\347\071\242\277
+\352\151\333\125\042\225\123\052\224\265\337\255\026\070\201\165
+\146\343\307\054\033\223\234\252\214\243\312\331\154\074\027\155
+\234\334\174\123\340\040\047\103\066\371\022\341\074\134\275\146
+\277\242\151\043\070\270\231\140\231\016\126\123\072\234\176\024
+\214\260\006\157\361\206\166\220\257\375\257\376\220\306\217\237
+\177\213\222\043\234\347\025\166\217\325\213\224\023\162\151\373
+\053\141\143\210\357\346\244\136\346\243\027\152\130\107\313\161
+\117\024\013\136\310\002\010\046\242\313\351\257\153\212\031\307
+\313\024\126\365\341\332\265\331\374\277\163\070\332\371\347\257
+\156\244\067\342\007\047\002\003\001\000\001\243\202\003\027\060
+\202\003\023\060\022\006\003\125\035\023\001\001\377\004\010\060
+\006\001\001\377\002\001\001\060\067\006\003\125\035\022\004\060
+\060\056\202\017\163\165\163\143\145\162\164\145\056\147\157\142
+\056\166\145\240\033\006\005\140\206\136\002\002\240\022\014\020
+\122\111\106\055\107\055\062\060\060\060\064\060\063\066\055\060
+\060\035\006\003\125\035\016\004\026\004\024\101\017\031\070\252
+\231\177\102\013\244\327\047\230\124\242\027\114\055\121\124\060
+\202\001\120\006\003\125\035\043\004\202\001\107\060\202\001\103
+\200\024\255\273\042\035\306\340\322\001\250\375\166\120\122\223
+\355\230\301\115\256\323\241\202\001\046\244\202\001\042\060\202
+\001\036\061\076\060\074\006\003\125\004\003\023\065\101\165\164
+\157\162\151\144\141\144\040\144\145\040\103\145\162\164\151\146
+\151\143\141\143\151\157\156\040\122\141\151\172\040\144\145\154
+\040\105\163\164\141\144\157\040\126\145\156\145\172\157\154\141
+\156\157\061\013\060\011\006\003\125\004\006\023\002\126\105\061
+\020\060\016\006\003\125\004\007\023\007\103\141\162\141\143\141
+\163\061\031\060\027\006\003\125\004\010\023\020\104\151\163\164
+\162\151\164\157\040\103\141\160\151\164\141\154\061\066\060\064
+\006\003\125\004\012\023\055\123\151\163\164\145\155\141\040\116
+\141\143\151\157\156\141\154\040\144\145\040\103\145\162\164\151
+\146\151\143\141\143\151\157\156\040\105\154\145\143\164\162\157
+\156\151\143\141\061\103\060\101\006\003\125\004\013\023\072\123
+\165\160\145\162\151\156\164\145\156\144\145\156\143\151\141\040
+\144\145\040\123\145\162\166\151\143\151\157\163\040\144\145\040
+\103\145\162\164\151\146\151\143\141\143\151\157\156\040\105\154
+\145\143\164\162\157\156\151\143\141\061\045\060\043\006\011\052
+\206\110\206\367\015\001\011\001\026\026\141\143\162\141\151\172
+\100\163\165\163\143\145\162\164\145\056\147\157\142\056\166\145
+\202\001\012\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\115\006\003\125\035\021\004\106\060\104\202\016
+\160\162\157\143\145\162\164\056\156\145\164\056\166\145\240\025
+\006\005\140\206\136\002\001\240\014\014\012\120\123\103\055\060
+\060\060\060\060\062\240\033\006\005\140\206\136\002\002\240\022
+\014\020\122\111\106\055\112\055\063\061\066\063\065\063\067\063
+\055\067\060\166\006\003\125\035\037\004\157\060\155\060\106\240
+\104\240\102\206\100\150\164\164\160\072\057\057\167\167\167\056
+\163\165\163\143\145\162\164\145\056\147\157\142\056\166\145\057
+\154\143\162\057\103\105\122\124\111\106\111\103\101\104\117\055
+\122\101\111\132\055\123\110\101\063\070\064\103\122\114\104\105
+\122\056\143\162\154\060\043\240\041\240\037\206\035\154\144\141
+\160\072\057\057\141\143\162\141\151\172\056\163\165\163\143\145
+\162\164\145\056\147\157\142\056\166\145\060\067\006\010\053\006
+\001\005\005\007\001\001\004\053\060\051\060\047\006\010\053\006
+\001\005\005\007\060\001\206\033\150\164\164\160\072\057\057\157
+\143\163\160\056\163\165\163\143\145\162\164\145\056\147\157\142
+\056\166\145\060\101\006\003\125\035\040\004\072\060\070\060\066
+\006\006\140\206\136\003\001\002\060\054\060\052\006\010\053\006
+\001\005\005\007\002\001\026\036\150\164\164\160\072\057\057\167
+\167\167\056\163\165\163\143\145\162\164\145\056\147\157\142\056
+\166\145\057\144\160\143\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\002\001\000\053\131\353\042\231\273
+\204\252\117\336\220\306\321\206\161\043\236\113\003\221\107\160
+\273\300\222\140\354\340\324\347\155\306\323\355\147\203\167\122
+\325\362\345\167\247\066\262\343\124\276\331\273\012\233\021\357
+\141\364\306\231\063\231\365\257\000\071\215\203\277\246\275\065
+\176\054\134\061\064\157\154\333\363\144\001\230\252\224\054\101
+\335\025\206\312\153\051\116\026\300\111\374\327\203\110\023\007
+\121\204\061\122\210\273\206\027\307\153\057\212\040\255\305\013
+\217\160\076\052\273\033\161\217\271\244\240\375\330\225\331\257
+\131\277\045\053\230\351\143\223\057\140\036\304\252\370\167\365
+\213\154\057\355\176\056\265\117\100\015\356\274\127\167\347\331
+\266\324\077\225\047\072\040\325\345\256\253\154\065\237\301\241
+\035\131\334\204\201\356\115\007\342\110\266\236\113\225\055\101
+\261\341\350\336\176\057\005\036\150\356\277\273\220\145\072\310
+\356\352\261\030\067\034\142\223\244\240\061\354\161\154\221\346
+\244\171\211\132\024\247\024\120\005\114\244\000\127\060\054\301
+\265\141\226\334\076\036\204\257\071\102\317\345\320\054\261\044
+\274\337\100\303\355\177\143\112\275\341\117\022\144\206\225\363
+\260\347\310\267\341\123\275\222\346\363\014\226\271\353\350\346
+\222\355\247\201\011\024\013\374\225\172\317\217\326\064\117\066
+\022\334\136\321\064\165\306\106\200\057\225\004\214\307\206\304
+\250\046\211\250\077\031\233\201\273\121\244\112\206\253\013\021
+\017\261\256\143\123\155\050\352\335\063\126\070\034\262\255\200
+\323\327\162\275\232\154\231\143\350\000\273\101\166\005\267\133
+\231\030\212\303\270\022\134\126\317\126\014\175\350\342\317\355
+\274\164\107\373\356\323\027\116\042\117\126\377\120\363\056\346
+\071\246\202\326\161\312\336\267\325\272\150\010\355\231\314\375
+\242\222\313\151\270\235\371\012\244\246\076\117\223\050\052\141
+\154\007\046\000\377\226\137\150\206\270\270\316\312\125\340\253
+\261\075\177\230\327\063\016\132\075\330\170\302\304\140\057\307
+\142\360\141\221\322\070\260\366\236\125\333\100\200\005\022\063
+\316\035\222\233\321\151\263\377\277\361\222\012\141\065\077\335
+\376\206\364\274\340\032\161\263\142\246
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "PSCProcert"
+# Issuer: E=acraiz@suscerte.gob.ve,OU=Superintendencia de Servicios de Certificacion Electronica,O=Sistema Nacional de Certificacion Electronica,ST=Distrito Capital,L=Caracas,C=VE,CN=Autoridad de Certificacion Raiz del Estado Venezolano
+# Serial Number: 11 (0xb)
+# Subject: CN=PSCProcert,C=VE,O=Sistema Nacional de Certificacion Electronica,OU=Proveedor de Certificados PROCERT,ST=Miranda,L=Chacao,E=contacto@procert.net.ve
+# Not Valid Before: Tue Dec 28 16:51:00 2010
+# Not Valid After : Fri Dec 25 23:59:59 2020
+# Fingerprint (MD5): E6:24:E9:12:01:AE:0C:DE:8E:85:C4:CE:A3:12:DD:EC
+# Fingerprint (SHA1): 70:C1:8D:74:B4:28:81:0A:E4:FD:A5:75:D7:01:9F:99:B0:3D:50:74
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "PSCProcert"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\160\301\215\164\264\050\201\012\344\375\245\165\327\001\237\231
+\260\075\120\164
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\346\044\351\022\001\256\014\336\216\205\304\316\243\022\335\354
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\202\001\036\061\076\060\074\006\003\125\004\003\023\065\101
+\165\164\157\162\151\144\141\144\040\144\145\040\103\145\162\164
+\151\146\151\143\141\143\151\157\156\040\122\141\151\172\040\144
+\145\154\040\105\163\164\141\144\157\040\126\145\156\145\172\157
+\154\141\156\157\061\013\060\011\006\003\125\004\006\023\002\126
+\105\061\020\060\016\006\003\125\004\007\023\007\103\141\162\141
+\143\141\163\061\031\060\027\006\003\125\004\010\023\020\104\151
+\163\164\162\151\164\157\040\103\141\160\151\164\141\154\061\066
+\060\064\006\003\125\004\012\023\055\123\151\163\164\145\155\141
+\040\116\141\143\151\157\156\141\154\040\144\145\040\103\145\162
+\164\151\146\151\143\141\143\151\157\156\040\105\154\145\143\164
+\162\157\156\151\143\141\061\103\060\101\006\003\125\004\013\023
+\072\123\165\160\145\162\151\156\164\145\156\144\145\156\143\151
+\141\040\144\145\040\123\145\162\166\151\143\151\157\163\040\144
+\145\040\103\145\162\164\151\146\151\143\141\143\151\157\156\040
+\105\154\145\143\164\162\157\156\151\143\141\061\045\060\043\006
+\011\052\206\110\206\367\015\001\011\001\026\026\141\143\162\141
+\151\172\100\163\165\163\143\145\162\164\145\056\147\157\142\056
+\166\145
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\013
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "China Internet Network Information Center EV Certificates Root"
+#
+# Issuer: CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN
+# Serial Number: 1218379777 (0x489f0001)
+# Subject: CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN
+# Not Valid Before: Tue Aug 31 07:11:25 2010
+# Not Valid After : Sat Aug 31 07:11:25 2030
+# Fingerprint (MD5): 55:5D:63:00:97:BD:6A:97:F5:67:AB:4B:FB:6E:63:15
+# Fingerprint (SHA1): 4F:99:AA:93:FB:2B:D1:37:26:A1:99:4A:CE:7F:F0:05:F2:93:5D:1E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "China Internet Network Information Center EV Certificates Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\116
+\061\062\060\060\006\003\125\004\012\014\051\103\150\151\156\141
+\040\111\156\164\145\162\156\145\164\040\116\145\164\167\157\162
+\153\040\111\156\146\157\162\155\141\164\151\157\156\040\103\145
+\156\164\145\162\061\107\060\105\006\003\125\004\003\014\076\103
+\150\151\156\141\040\111\156\164\145\162\156\145\164\040\116\145
+\164\167\157\162\153\040\111\156\146\157\162\155\141\164\151\157
+\156\040\103\145\156\164\145\162\040\105\126\040\103\145\162\164
+\151\146\151\143\141\164\145\163\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\116
+\061\062\060\060\006\003\125\004\012\014\051\103\150\151\156\141
+\040\111\156\164\145\162\156\145\164\040\116\145\164\167\157\162
+\153\040\111\156\146\157\162\155\141\164\151\157\156\040\103\145
+\156\164\145\162\061\107\060\105\006\003\125\004\003\014\076\103
+\150\151\156\141\040\111\156\164\145\162\156\145\164\040\116\145
+\164\167\157\162\153\040\111\156\146\157\162\155\141\164\151\157
+\156\040\103\145\156\164\145\162\040\105\126\040\103\145\162\164
+\151\146\151\143\141\164\145\163\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\110\237\000\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\367\060\202\002\337\240\003\002\001\002\002\004\110
+\237\000\001\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\060\201\212\061\013\060\011\006\003\125\004\006\023\002
+\103\116\061\062\060\060\006\003\125\004\012\014\051\103\150\151
+\156\141\040\111\156\164\145\162\156\145\164\040\116\145\164\167
+\157\162\153\040\111\156\146\157\162\155\141\164\151\157\156\040
+\103\145\156\164\145\162\061\107\060\105\006\003\125\004\003\014
+\076\103\150\151\156\141\040\111\156\164\145\162\156\145\164\040
+\116\145\164\167\157\162\153\040\111\156\146\157\162\155\141\164
+\151\157\156\040\103\145\156\164\145\162\040\105\126\040\103\145
+\162\164\151\146\151\143\141\164\145\163\040\122\157\157\164\060
+\036\027\015\061\060\060\070\063\061\060\067\061\061\062\065\132
+\027\015\063\060\060\070\063\061\060\067\061\061\062\065\132\060
+\201\212\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\062\060\060\006\003\125\004\012\014\051\103\150\151\156\141\040
+\111\156\164\145\162\156\145\164\040\116\145\164\167\157\162\153
+\040\111\156\146\157\162\155\141\164\151\157\156\040\103\145\156
+\164\145\162\061\107\060\105\006\003\125\004\003\014\076\103\150
+\151\156\141\040\111\156\164\145\162\156\145\164\040\116\145\164
+\167\157\162\153\040\111\156\146\157\162\155\141\164\151\157\156
+\040\103\145\156\164\145\162\040\105\126\040\103\145\162\164\151
+\146\151\143\141\164\145\163\040\122\157\157\164\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\233\176\163
+\356\275\073\170\252\144\103\101\365\120\337\224\362\056\262\215
+\112\216\106\124\322\041\022\310\071\062\102\006\351\203\325\237
+\122\355\345\147\003\073\124\301\214\231\231\314\351\300\017\377
+\015\331\204\021\262\270\321\313\133\334\036\371\150\061\144\341
+\233\372\164\353\150\271\040\225\367\306\017\215\107\254\132\006
+\335\141\253\342\354\330\237\027\055\234\312\074\065\227\125\161
+\315\103\205\261\107\026\365\054\123\200\166\317\323\000\144\275
+\100\231\335\314\330\333\304\237\326\023\137\101\203\213\371\015
+\207\222\126\064\154\032\020\013\027\325\132\034\227\130\204\074
+\204\032\056\134\221\064\156\031\137\177\027\151\305\145\357\153
+\041\306\325\120\072\277\141\271\005\215\357\157\064\072\262\157
+\024\143\277\026\073\233\251\052\375\267\053\070\146\006\305\054
+\342\252\147\036\105\247\215\004\146\102\366\217\053\357\210\040
+\151\217\062\214\024\163\332\053\206\221\143\042\232\362\247\333
+\316\211\213\253\135\307\024\301\133\060\152\037\261\267\236\056
+\201\001\002\355\317\226\136\143\333\250\346\070\267\002\003\001
+\000\001\243\143\060\141\060\037\006\003\125\035\043\004\030\060
+\026\200\024\174\162\113\071\307\300\333\142\245\117\233\252\030
+\064\222\242\312\203\202\131\060\017\006\003\125\035\023\001\001
+\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016\004
+\026\004\024\174\162\113\071\307\300\333\142\245\117\233\252\030
+\064\222\242\312\203\202\131\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\003\202\001\001\000\052\303\307\103\067
+\217\335\255\244\262\014\356\334\024\155\217\050\244\230\111\313
+\014\200\352\363\355\043\146\165\175\305\323\041\147\171\321\163
+\305\265\003\267\130\254\014\124\057\306\126\023\017\061\332\006
+\347\145\073\035\157\066\333\310\035\371\375\200\006\312\243\075
+\146\026\250\235\114\026\175\300\225\106\265\121\344\342\037\327
+\352\006\115\143\215\226\214\357\347\063\127\102\072\353\214\301
+\171\310\115\166\175\336\366\261\267\201\340\240\371\241\170\106
+\027\032\126\230\360\116\075\253\034\355\354\071\334\007\110\367
+\143\376\006\256\302\244\134\152\133\062\210\305\307\063\205\254
+\146\102\107\302\130\044\231\341\345\076\345\165\054\216\103\326
+\135\074\170\036\250\225\202\051\120\321\321\026\272\357\301\276
+\172\331\264\330\314\036\114\106\341\167\261\061\253\275\052\310
+\316\217\156\241\135\177\003\165\064\344\255\211\105\124\136\276
+\256\050\245\273\077\170\171\353\163\263\012\015\375\276\311\367
+\126\254\366\267\355\057\233\041\051\307\070\266\225\304\004\362
+\303\055\375\024\052\220\231\271\007\314\237
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "China Internet Network Information Center EV Certificates Root"
+# Issuer: CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN
+# Serial Number: 1218379777 (0x489f0001)
+# Subject: CN=China Internet Network Information Center EV Certificates Root,O=China Internet Network Information Center,C=CN
+# Not Valid Before: Tue Aug 31 07:11:25 2010
+# Not Valid After : Sat Aug 31 07:11:25 2030
+# Fingerprint (MD5): 55:5D:63:00:97:BD:6A:97:F5:67:AB:4B:FB:6E:63:15
+# Fingerprint (SHA1): 4F:99:AA:93:FB:2B:D1:37:26:A1:99:4A:CE:7F:F0:05:F2:93:5D:1E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "China Internet Network Information Center EV Certificates Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\117\231\252\223\373\053\321\067\046\241\231\112\316\177\360\005
+\362\223\135\036
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\125\135\143\000\227\275\152\227\365\147\253\113\373\156\143\025
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\116
+\061\062\060\060\006\003\125\004\012\014\051\103\150\151\156\141
+\040\111\156\164\145\162\156\145\164\040\116\145\164\167\157\162
+\153\040\111\156\146\157\162\155\141\164\151\157\156\040\103\145
+\156\164\145\162\061\107\060\105\006\003\125\004\003\014\076\103
+\150\151\156\141\040\111\156\164\145\162\156\145\164\040\116\145
+\164\167\157\162\153\040\111\156\146\157\162\155\141\164\151\157
+\156\040\103\145\156\164\145\162\040\105\126\040\103\145\162\164
+\151\146\151\143\141\164\145\163\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\110\237\000\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Swisscom Root CA 2"
+#
+# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
+# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Fri Jun 24 08:38:14 2011
+# Not Valid After : Wed Jun 25 07:38:14 2031
+# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
+# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Swisscom Root CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
+\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\103\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
+\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
+\147\266
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\331\060\202\003\301\240\003\002\001\002\002\020\036
+\236\050\350\110\362\345\357\303\174\112\036\132\030\147\266\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\144
+\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021\060
+\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157\155
+\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151\164
+\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040\123
+\145\162\166\151\143\145\163\061\033\060\031\006\003\125\004\003
+\023\022\123\167\151\163\163\143\157\155\040\122\157\157\164\040
+\103\101\040\062\060\036\027\015\061\061\060\066\062\064\060\070
+\063\070\061\064\132\027\015\063\061\060\066\062\065\060\067\063
+\070\061\064\132\060\144\061\013\060\011\006\003\125\004\006\023
+\002\143\150\061\021\060\017\006\003\125\004\012\023\010\123\167
+\151\163\163\143\157\155\061\045\060\043\006\003\125\004\013\023
+\034\104\151\147\151\164\141\154\040\103\145\162\164\151\146\151
+\143\141\164\145\040\123\145\162\166\151\143\145\163\061\033\060
+\031\006\003\125\004\003\023\022\123\167\151\163\163\143\157\155
+\040\122\157\157\164\040\103\101\040\062\060\202\002\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
+\017\000\060\202\002\012\002\202\002\001\000\225\102\116\204\235
+\121\346\323\011\350\162\132\043\151\333\170\160\216\026\361\053
+\217\015\003\316\223\314\056\000\010\173\253\063\214\364\351\100
+\346\027\114\253\236\270\107\024\062\167\062\335\050\014\336\030
+\113\137\166\237\370\071\073\374\116\211\330\174\305\147\357\253
+\322\271\064\137\153\072\363\144\066\316\302\260\317\023\150\312
+\310\313\353\265\342\075\056\041\337\352\054\324\340\371\160\226
+\114\377\152\130\230\267\027\344\033\122\345\176\007\000\035\137
+\332\346\076\225\004\267\151\210\071\241\101\140\045\141\113\225
+\071\150\142\034\261\013\005\211\300\066\202\024\041\077\256\333
+\241\375\274\157\034\140\206\266\123\224\111\271\053\106\305\117
+\000\053\277\241\273\313\077\340\307\127\034\127\350\326\151\370
+\301\044\122\235\210\125\335\302\207\056\164\043\320\024\375\052
+\107\132\273\246\235\375\224\344\321\212\245\137\206\143\166\205
+\313\257\377\111\050\374\200\355\114\171\322\273\344\300\357\001
+\356\120\101\010\065\043\160\053\251\026\264\214\156\205\351\266
+\021\317\061\335\123\046\033\337\055\132\112\002\100\374\304\300
+\266\351\061\032\010\050\345\140\303\037\304\220\216\020\142\140
+\104\015\354\012\276\125\030\161\054\245\364\262\274\025\142\377
+\034\343\276\035\332\036\127\263\074\176\315\202\035\221\343\113
+\353\054\122\064\260\212\375\022\116\226\260\353\160\177\236\071
+\367\146\102\261\253\254\122\332\166\100\127\173\052\275\350\156
+\003\262\013\200\205\210\235\014\307\302\167\260\232\232\127\364
+\270\372\023\134\150\223\072\147\244\227\320\033\231\267\206\062
+\113\140\330\316\357\320\014\177\225\237\157\207\117\207\212\216
+\137\010\174\252\133\374\132\276\241\221\237\125\175\116\260\013
+\151\314\260\224\250\247\207\362\323\112\120\334\137\162\260\026
+\165\036\313\264\030\142\232\260\247\071\252\233\237\146\330\215
+\246\154\226\025\343\346\362\370\361\203\142\154\273\125\351\141
+\223\243\075\365\261\127\213\117\043\260\233\345\224\152\057\337
+\214\337\225\121\051\140\241\013\051\344\134\125\130\267\250\374
+\231\356\045\115\114\016\263\323\114\217\204\350\051\017\375\020
+\124\002\205\310\371\345\303\213\317\347\017\002\003\001\000\001
+\243\201\206\060\201\203\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\206\060\035\006\003\125\035\041\004\026\060
+\024\060\022\006\007\140\205\164\001\123\002\001\006\007\140\205
+\164\001\123\002\001\060\022\006\003\125\035\023\001\001\377\004
+\010\060\006\001\001\377\002\001\007\060\035\006\003\125\035\016
+\004\026\004\024\115\046\040\042\211\113\323\325\244\012\241\157
+\336\342\022\201\305\361\074\056\060\037\006\003\125\035\043\004
+\030\060\026\200\024\115\046\040\042\211\113\323\325\244\012\241
+\157\336\342\022\201\305\361\074\056\060\015\006\011\052\206\110
+\206\367\015\001\001\013\005\000\003\202\002\001\000\062\012\262
+\244\033\313\175\276\202\127\211\271\152\177\363\364\301\056\021
+\175\270\031\076\171\267\250\250\162\067\146\233\032\355\254\023
+\073\016\277\142\360\234\337\236\173\241\123\110\016\101\172\312
+\040\247\027\033\266\170\354\100\221\363\102\255\020\303\134\357
+\377\140\131\177\315\205\243\213\075\110\034\045\002\074\147\175
+\365\062\351\057\060\345\175\245\172\070\320\363\146\052\146\036
+\215\063\203\212\157\174\156\250\132\165\232\270\327\332\130\110
+\104\107\250\114\372\114\111\012\112\302\022\067\250\100\014\303
+\310\341\320\127\015\227\062\225\307\072\237\227\323\127\370\013
+\336\345\162\363\243\333\377\265\330\131\262\163\335\115\052\161
+\262\272\111\365\313\034\325\365\171\310\231\263\374\301\114\164
+\343\264\275\051\067\025\004\050\036\336\105\106\160\354\257\272
+\170\016\212\052\316\000\171\334\300\137\031\147\054\153\113\357
+\150\150\013\103\343\254\301\142\011\357\246\335\145\141\240\257
+\204\125\110\221\122\034\306\045\221\052\320\301\042\043\141\131
+\257\105\021\205\035\001\044\064\217\317\263\377\027\162\040\023
+\302\200\252\041\054\161\071\016\320\217\134\301\323\321\216\042
+\162\106\114\035\226\256\117\161\261\341\005\051\226\131\364\273
+\236\165\075\317\015\067\015\142\333\046\214\143\251\043\337\147
+\006\074\174\072\332\064\102\341\146\264\106\004\336\306\226\230
+\017\113\110\172\044\062\165\221\237\254\367\150\351\052\271\125
+\145\316\135\141\323\047\160\330\067\376\237\271\257\240\056\126
+\267\243\145\121\355\073\253\024\277\114\121\003\350\137\212\005
+\233\356\212\156\234\357\277\150\372\310\332\013\343\102\311\320
+\027\024\234\267\112\340\257\223\047\041\125\046\265\144\057\215
+\361\377\246\100\005\205\005\134\312\007\031\134\013\023\050\114
+\130\177\302\245\357\105\332\140\323\256\145\141\235\123\203\164
+\302\256\362\134\302\026\355\222\076\204\076\163\140\210\274\166
+\364\054\317\320\175\175\323\270\136\321\221\022\020\351\315\335
+\312\045\343\325\355\231\057\276\165\201\113\044\371\105\106\224
+\311\051\041\123\234\046\105\252\023\027\344\347\315\170\342\071
+\301\053\022\236\246\236\033\305\346\016\331\061\331
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Swisscom Root CA 2"
+# Issuer: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:1e:9e:28:e8:48:f2:e5:ef:c3:7c:4a:1e:5a:18:67:b6
+# Subject: CN=Swisscom Root CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Fri Jun 24 08:38:14 2011
+# Not Valid After : Wed Jun 25 07:38:14 2031
+# Fingerprint (MD5): 5B:04:69:EC:A5:83:94:63:18:A7:86:D0:E4:F2:6E:19
+# Fingerprint (SHA1): 77:47:4F:C6:30:E4:0F:4C:47:64:3F:84:BA:B8:C6:95:4A:8A:41:EC
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Swisscom Root CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\167\107\117\306\060\344\017\114\107\144\077\204\272\270\306\225
+\112\212\101\354
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\133\004\151\354\245\203\224\143\030\247\206\320\344\362\156\031
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\033\060\031\006\003\125
+\004\003\023\022\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\036\236\050\350\110\362\345\357\303\174\112\036\132\030
+\147\266
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Swisscom Root EV CA 2"
+#
+# Issuer: CN=Swisscom Root EV CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:00:f2:fa:64:e2:74:63:d3:8d:fd:10:1d:04:1f:76:ca:58
+# Subject: CN=Swisscom Root EV CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Fri Jun 24 09:45:08 2011
+# Not Valid After : Wed Jun 25 08:45:08 2031
+# Fingerprint (MD5): 7B:30:34:9F:DD:0A:4B:6B:35:CA:31:51:28:5D:AE:EC
+# Fingerprint (SHA1): E7:A1:90:29:D3:D5:52:DC:0D:0F:C6:92:D3:EA:88:0D:15:2E:1A:6B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Swisscom Root EV CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\147\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\036\060\034\006\003\125
+\004\003\023\025\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\105\126\040\103\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\147\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\036\060\034\006\003\125
+\004\003\023\025\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\105\126\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\362\372\144\342\164\143\323\215\375\020\035\004\037
+\166\312\130
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\340\060\202\003\310\240\003\002\001\002\002\021\000
+\362\372\144\342\164\143\323\215\375\020\035\004\037\166\312\130
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\147\061\013\060\011\006\003\125\004\006\023\002\143\150\061\021
+\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143\157
+\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147\151
+\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145\040
+\123\145\162\166\151\143\145\163\061\036\060\034\006\003\125\004
+\003\023\025\123\167\151\163\163\143\157\155\040\122\157\157\164
+\040\105\126\040\103\101\040\062\060\036\027\015\061\061\060\066
+\062\064\060\071\064\065\060\070\132\027\015\063\061\060\066\062
+\065\060\070\064\065\060\070\132\060\147\061\013\060\011\006\003
+\125\004\006\023\002\143\150\061\021\060\017\006\003\125\004\012
+\023\010\123\167\151\163\163\143\157\155\061\045\060\043\006\003
+\125\004\013\023\034\104\151\147\151\164\141\154\040\103\145\162
+\164\151\146\151\143\141\164\145\040\123\145\162\166\151\143\145
+\163\061\036\060\034\006\003\125\004\003\023\025\123\167\151\163
+\163\143\157\155\040\122\157\157\164\040\105\126\040\103\101\040
+\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\304\367\035\057\127\352\127\154\367\160\135\143\260\161
+\122\011\140\104\050\063\243\172\116\012\372\330\352\154\213\121
+\026\032\125\256\124\046\304\314\105\007\101\117\020\171\177\161
+\322\172\116\077\070\116\263\000\306\225\312\133\315\301\052\203
+\327\047\037\061\016\043\026\267\045\313\034\264\271\200\062\136
+\032\235\223\361\350\074\140\054\247\136\127\031\130\121\136\274
+\054\126\013\270\330\357\213\202\264\074\270\302\044\250\023\307
+\240\041\066\033\172\127\051\050\247\056\277\161\045\220\363\104
+\203\151\120\244\344\341\033\142\031\224\011\243\363\303\274\357
+\364\275\354\333\023\235\317\235\110\011\122\147\300\067\051\021
+\036\373\322\021\247\205\030\164\171\344\117\205\024\353\122\067
+\342\261\105\330\314\015\103\177\256\023\322\153\053\077\247\302
+\342\250\155\166\133\103\237\276\264\235\263\046\206\073\037\177
+\345\362\350\146\050\026\045\320\113\227\070\247\344\317\011\321
+\066\303\013\276\332\073\104\130\215\276\361\236\011\153\076\363
+\062\307\053\207\306\354\136\234\366\207\145\255\063\051\304\057
+\211\331\271\313\311\003\235\373\154\224\121\227\020\033\206\013
+\032\033\077\366\002\176\173\324\305\121\144\050\235\365\323\254
+\203\201\210\323\164\264\131\235\301\353\141\063\132\105\321\313
+\071\320\006\152\123\140\035\257\366\373\151\274\152\334\001\317
+\275\371\217\331\275\133\301\072\137\216\332\017\113\251\233\235
+\052\050\153\032\012\174\074\253\042\013\345\167\055\161\366\202
+\065\201\256\370\173\201\346\352\376\254\364\032\233\164\134\350
+\217\044\366\135\235\106\304\054\322\036\053\041\152\203\047\147
+\125\112\244\343\310\062\227\146\220\162\332\343\324\144\056\137
+\343\241\152\366\140\324\347\065\315\312\304\150\215\327\161\310
+\323\044\063\163\261\154\371\152\341\050\333\137\306\075\350\276
+\125\346\067\033\355\044\331\017\031\217\137\143\030\130\120\201
+\121\145\157\362\237\176\152\004\347\064\044\161\272\166\113\130
+\036\031\275\025\140\105\252\014\022\100\001\235\020\342\307\070
+\007\162\012\145\300\266\273\045\051\332\026\236\213\065\213\141
+\355\345\161\127\203\265\074\161\237\343\117\277\176\036\201\237
+\101\227\002\003\001\000\001\243\201\206\060\201\203\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\206\060\035\006
+\003\125\035\041\004\026\060\024\060\022\006\007\140\205\164\001
+\123\002\002\006\007\140\205\164\001\123\002\002\060\022\006\003
+\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\003
+\060\035\006\003\125\035\016\004\026\004\024\105\331\245\201\156
+\075\210\115\215\161\322\106\301\156\105\036\363\304\200\235\060
+\037\006\003\125\035\043\004\030\060\026\200\024\105\331\245\201
+\156\075\210\115\215\161\322\106\301\156\105\036\363\304\200\235
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+\202\002\001\000\224\072\163\006\237\122\113\060\134\324\376\261
+\134\045\371\327\216\157\365\207\144\237\355\024\216\270\004\216
+\050\113\217\252\173\216\071\264\331\130\366\173\241\065\012\241
+\235\212\367\143\345\353\275\071\202\324\343\172\055\157\337\023
+\074\272\376\176\126\230\013\363\124\237\315\104\116\156\074\341
+\076\025\277\006\046\235\344\360\220\266\324\302\236\060\056\037
+\357\307\172\304\120\307\352\173\332\120\313\172\046\313\000\264
+\132\253\265\223\037\200\211\204\004\225\215\215\177\011\223\277
+\324\250\250\344\143\155\331\144\344\270\051\132\010\277\120\341
+\204\017\125\173\137\010\042\033\365\275\231\036\024\366\316\364
+\130\020\202\263\012\075\031\301\277\133\253\252\231\330\362\061
+\275\345\070\146\334\130\005\307\355\143\032\056\012\227\174\207
+\223\053\262\212\343\361\354\030\345\165\266\051\207\347\334\213
+\032\176\264\330\311\323\212\027\154\175\051\104\276\212\252\365
+\176\072\056\150\061\223\271\152\332\232\340\333\351\056\245\204
+\315\034\012\270\112\010\371\234\361\141\046\230\223\267\173\146
+\354\221\136\335\121\077\333\163\017\255\004\130\011\335\004\002
+\225\012\076\323\166\337\246\020\036\200\075\350\315\244\144\321
+\063\307\222\307\342\116\104\343\011\311\116\302\135\207\016\022
+\236\277\017\311\005\020\336\172\243\261\074\362\077\245\252\047
+\171\255\061\175\037\375\374\031\151\305\335\271\077\174\315\306
+\264\302\060\036\176\156\222\327\177\141\166\132\217\353\225\115
+\274\021\156\041\174\131\067\231\320\006\274\371\006\155\062\026
+\245\331\151\250\341\334\074\200\036\140\121\334\327\124\041\036
+\312\142\167\117\372\330\217\263\053\072\015\170\162\311\150\101
+\132\107\112\302\243\353\032\327\012\253\074\062\125\310\012\021
+\234\337\164\326\360\100\025\035\310\271\217\265\066\305\257\370
+\042\270\312\035\363\326\266\031\017\237\141\145\152\352\164\310
+\174\217\303\117\135\145\202\037\331\015\211\332\165\162\373\357
+\361\107\147\023\263\310\321\031\210\047\046\232\231\171\177\036
+\344\054\077\173\356\361\336\115\213\226\227\303\325\077\174\033
+\043\355\244\263\035\026\162\103\113\040\341\131\176\302\350\255
+\046\277\242\367
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Swisscom Root EV CA 2"
+# Issuer: CN=Swisscom Root EV CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:00:f2:fa:64:e2:74:63:d3:8d:fd:10:1d:04:1f:76:ca:58
+# Subject: CN=Swisscom Root EV CA 2,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Fri Jun 24 09:45:08 2011
+# Not Valid After : Wed Jun 25 08:45:08 2031
+# Fingerprint (MD5): 7B:30:34:9F:DD:0A:4B:6B:35:CA:31:51:28:5D:AE:EC
+# Fingerprint (SHA1): E7:A1:90:29:D3:D5:52:DC:0D:0F:C6:92:D3:EA:88:0D:15:2E:1A:6B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Swisscom Root EV CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\347\241\220\051\323\325\122\334\015\017\306\222\323\352\210\015
+\025\056\032\153
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\173\060\064\237\335\012\113\153\065\312\061\121\050\135\256\354
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\147\061\013\060\011\006\003\125\004\006\023\002\143\150\061
+\021\060\017\006\003\125\004\012\023\010\123\167\151\163\163\143
+\157\155\061\045\060\043\006\003\125\004\013\023\034\104\151\147
+\151\164\141\154\040\103\145\162\164\151\146\151\143\141\164\145
+\040\123\145\162\166\151\143\145\163\061\036\060\034\006\003\125
+\004\003\023\025\123\167\151\163\163\143\157\155\040\122\157\157
+\164\040\105\126\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\362\372\144\342\164\143\323\215\375\020\035\004\037
+\166\312\130
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CA Disig Root R1"
+#
+# Issuer: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Serial Number:00:c3:03:9a:ee:50:90:6e:28
+# Subject: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Not Valid Before: Thu Jul 19 09:06:56 2012
+# Not Valid After : Sat Jul 19 09:06:56 2042
+# Fingerprint (MD5): BE:EC:11:93:9A:F5:69:21:BC:D7:C1:C0:67:89:CC:2A
+# Fingerprint (SHA1): 8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA Disig Root R1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\303\003\232\356\120\220\156\050
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\151\060\202\003\121\240\003\002\001\002\002\011\000
+\303\003\232\356\120\220\156\050\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\060\122\061\013\060\011\006\003\125
+\004\006\023\002\123\113\061\023\060\021\006\003\125\004\007\023
+\012\102\162\141\164\151\163\154\141\166\141\061\023\060\021\006
+\003\125\004\012\023\012\104\151\163\151\147\040\141\056\163\056
+\061\031\060\027\006\003\125\004\003\023\020\103\101\040\104\151
+\163\151\147\040\122\157\157\164\040\122\061\060\036\027\015\061
+\062\060\067\061\071\060\071\060\066\065\066\132\027\015\064\062
+\060\067\061\071\060\071\060\066\065\066\132\060\122\061\013\060
+\011\006\003\125\004\006\023\002\123\113\061\023\060\021\006\003
+\125\004\007\023\012\102\162\141\164\151\163\154\141\166\141\061
+\023\060\021\006\003\125\004\012\023\012\104\151\163\151\147\040
+\141\056\163\056\061\031\060\027\006\003\125\004\003\023\020\103
+\101\040\104\151\163\151\147\040\122\157\157\164\040\122\061\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\252\303\170\367\334\230\243\247\132\136\167\030\262\335\004\144
+\017\143\375\233\226\011\200\325\350\252\245\342\234\046\224\072
+\350\231\163\214\235\337\327\337\203\363\170\117\100\341\177\322
+\247\322\345\312\023\223\347\355\306\167\137\066\265\224\257\350
+\070\216\333\233\345\174\273\314\215\353\165\163\341\044\315\346
+\247\055\031\056\330\326\212\153\024\353\010\142\012\330\334\263
+\000\115\303\043\174\137\103\010\043\062\022\334\355\014\255\300
+\175\017\245\172\102\331\132\160\331\277\247\327\001\034\366\233
+\253\216\267\112\206\170\240\036\126\061\256\357\202\012\200\101
+\367\033\311\256\253\062\046\324\054\153\355\175\153\344\342\136
+\042\012\105\313\204\061\115\254\376\333\321\107\272\371\140\227
+\071\261\145\307\336\373\231\344\012\042\261\055\115\345\110\046
+\151\253\342\252\363\373\374\222\051\062\351\263\076\115\037\047
+\241\315\216\271\027\373\045\076\311\156\363\167\332\015\022\366
+\135\307\273\066\020\325\124\326\363\340\342\107\110\346\336\024
+\332\141\122\257\046\264\365\161\117\311\327\322\006\337\143\312
+\377\041\350\131\006\340\010\325\204\025\123\367\103\345\174\305
+\240\211\230\153\163\306\150\316\145\336\275\177\005\367\261\356
+\366\127\241\140\225\305\314\352\223\072\276\231\256\233\002\243
+\255\311\026\265\316\335\136\231\170\176\032\071\176\262\300\005
+\244\300\202\245\243\107\236\214\352\134\266\274\147\333\346\052
+\115\322\004\334\243\256\105\367\274\213\234\034\247\326\325\003
+\334\010\313\056\026\312\134\100\063\350\147\303\056\347\246\104
+\352\021\105\034\065\145\055\036\105\141\044\033\202\056\245\235
+\063\135\145\370\101\371\056\313\224\077\037\243\014\061\044\104
+\355\307\136\255\120\272\306\101\233\254\360\027\145\300\370\135
+\157\133\240\012\064\074\356\327\352\210\237\230\371\257\116\044
+\372\227\262\144\166\332\253\364\355\343\303\140\357\325\371\002
+\310\055\237\203\257\147\151\006\247\061\125\325\317\113\157\377
+\004\005\307\130\254\137\026\033\345\322\243\353\061\333\037\063
+\025\115\320\362\245\123\365\313\341\075\116\150\055\330\022\335
+\252\362\346\115\233\111\345\305\050\241\272\260\132\306\240\265
+\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035
+\016\004\026\004\024\211\012\264\070\223\032\346\253\356\233\221
+\030\371\365\074\076\065\320\323\202\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\002\001\000\062\213\366
+\235\112\311\276\024\345\214\254\070\312\072\011\324\033\316\206
+\263\335\353\324\272\050\276\022\256\105\054\004\164\254\023\121
+\305\130\030\146\115\202\332\325\334\223\300\047\341\276\174\237
+\122\236\022\126\366\325\234\251\364\165\234\372\067\022\217\034
+\223\354\127\376\007\017\253\325\022\367\017\256\141\136\126\200
+\111\365\374\060\365\233\117\037\101\057\034\204\323\211\307\342
+\332\002\166\355\011\317\154\301\270\034\203\034\026\372\224\315
+\175\240\310\030\322\310\235\156\365\275\151\324\155\075\065\350
+\036\242\117\140\327\007\051\374\262\243\244\235\156\025\222\126
+\031\114\012\260\351\174\322\031\115\102\106\354\275\375\366\127
+\133\335\230\176\244\115\314\162\003\203\130\135\357\223\072\101
+\172\143\252\174\072\250\365\254\244\321\335\242\055\266\052\374
+\237\001\216\342\020\261\304\312\344\147\333\125\045\031\077\375
+\350\066\176\263\341\341\201\257\021\026\213\120\227\140\031\202
+\000\300\153\115\163\270\321\023\007\076\352\266\061\117\360\102
+\232\155\342\021\164\345\224\254\215\204\225\074\041\257\305\332
+\107\310\337\071\142\142\313\133\120\013\327\201\100\005\234\233
+\355\272\266\213\036\004\157\226\040\071\355\244\175\051\333\110
+\316\202\334\324\002\215\035\004\061\132\307\113\360\154\141\122
+\327\264\121\302\201\154\315\341\373\247\241\322\222\166\317\261
+\017\067\130\244\362\122\161\147\077\014\210\170\200\211\301\310
+\265\037\222\143\276\247\172\212\126\054\032\250\246\234\265\135
+\263\143\320\023\040\241\353\221\154\320\215\175\257\337\013\344
+\027\271\206\236\070\261\224\014\130\214\340\125\252\073\143\155
+\232\211\140\270\144\052\222\306\067\364\176\103\103\267\163\350
+\001\347\177\227\017\327\362\173\031\375\032\327\217\311\372\205
+\153\172\235\236\211\266\246\050\231\223\210\100\367\076\315\121
+\243\312\352\357\171\107\041\265\376\062\342\307\303\121\157\276
+\200\164\360\244\303\072\362\117\351\137\337\031\012\362\073\023
+\103\254\061\244\263\347\353\374\030\326\001\251\363\052\217\066
+\016\353\264\261\274\267\114\311\153\277\241\363\331\364\355\342
+\360\343\355\144\236\075\057\226\122\117\200\123\213
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "CA Disig Root R1"
+# Issuer: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Serial Number:00:c3:03:9a:ee:50:90:6e:28
+# Subject: CN=CA Disig Root R1,O=Disig a.s.,L=Bratislava,C=SK
+# Not Valid Before: Thu Jul 19 09:06:56 2012
+# Not Valid After : Sat Jul 19 09:06:56 2042
+# Fingerprint (MD5): BE:EC:11:93:9A:F5:69:21:BC:D7:C1:C0:67:89:CC:2A
+# Fingerprint (SHA1): 8E:1C:74:F8:A6:20:B9:E5:8A:F4:61:FA:EC:2B:47:56:51:1A:52:C6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA Disig Root R1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\216\034\164\370\246\040\271\345\212\364\141\372\354\053\107\126
+\121\032\122\306
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\276\354\021\223\232\365\151\041\274\327\301\300\147\211\314\052
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\303\003\232\356\120\220\156\050
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CA Disig Root R2"
+#
+# Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
+# Serial Number:00:92:b8:88:db:b0:8a:c1:63
+# Subject: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
+# Not Valid Before: Thu Jul 19 09:15:30 2012
+# Not Valid After : Sat Jul 19 09:15:30 2042
+# Fingerprint (MD5): 26:01:FB:D8:27:A7:17:9A:45:54:38:1A:43:01:3B:03
+# Fingerprint (SHA1): B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA Disig Root R2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\222\270\210\333\260\212\301\143
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\151\060\202\003\121\240\003\002\001\002\002\011\000
+\222\270\210\333\260\212\301\143\060\015\006\011\052\206\110\206
+\367\015\001\001\013\005\000\060\122\061\013\060\011\006\003\125
+\004\006\023\002\123\113\061\023\060\021\006\003\125\004\007\023
+\012\102\162\141\164\151\163\154\141\166\141\061\023\060\021\006
+\003\125\004\012\023\012\104\151\163\151\147\040\141\056\163\056
+\061\031\060\027\006\003\125\004\003\023\020\103\101\040\104\151
+\163\151\147\040\122\157\157\164\040\122\062\060\036\027\015\061
+\062\060\067\061\071\060\071\061\065\063\060\132\027\015\064\062
+\060\067\061\071\060\071\061\065\063\060\132\060\122\061\013\060
+\011\006\003\125\004\006\023\002\123\113\061\023\060\021\006\003
+\125\004\007\023\012\102\162\141\164\151\163\154\141\166\141\061
+\023\060\021\006\003\125\004\012\023\012\104\151\163\151\147\040
+\141\056\163\056\061\031\060\027\006\003\125\004\003\023\020\103
+\101\040\104\151\163\151\147\040\122\157\157\164\040\122\062\060
+\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001
+\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000
+\242\243\304\000\011\326\205\135\055\155\024\366\302\303\163\236
+\065\302\161\125\176\201\373\253\106\120\340\301\174\111\170\346
+\253\171\130\074\332\377\174\034\237\330\227\002\170\076\153\101
+\004\351\101\275\276\003\054\105\366\057\144\324\253\135\243\107
+\075\144\233\351\150\232\306\314\033\077\272\276\262\213\064\002
+\056\230\125\031\374\214\157\252\137\332\114\316\115\003\041\243
+\330\322\064\223\126\226\313\114\014\000\026\074\137\032\315\310
+\307\154\246\255\323\061\247\274\350\345\341\146\326\322\373\003
+\264\101\145\311\020\256\016\005\143\306\200\152\151\060\375\322
+\356\220\357\015\047\337\237\225\163\364\341\045\332\154\026\336
+\101\070\064\352\213\374\321\350\004\024\141\055\101\176\254\307
+\167\116\313\121\124\373\136\222\030\033\004\132\150\306\311\304
+\372\267\023\240\230\267\021\053\267\326\127\314\174\236\027\321
+\313\045\376\206\116\044\056\126\014\170\115\236\001\022\246\053
+\247\001\145\156\174\142\035\204\204\337\352\300\153\265\245\052
+\225\203\303\123\021\014\163\035\013\262\106\220\321\102\072\316
+\100\156\225\255\377\306\224\255\156\227\204\216\175\157\236\212
+\200\015\111\155\163\342\173\222\036\303\363\301\363\353\056\005
+\157\331\033\317\067\166\004\310\264\132\344\027\247\313\335\166
+\037\320\031\166\350\054\005\263\326\234\064\330\226\334\141\207
+\221\005\344\104\010\063\301\332\271\010\145\324\256\262\066\015
+\353\272\070\272\014\345\233\236\353\215\146\335\231\317\326\211
+\101\366\004\222\212\051\051\155\153\072\034\347\165\175\002\161
+\016\363\300\347\275\313\031\335\235\140\262\302\146\140\266\261
+\004\356\311\346\206\271\232\146\100\250\347\021\355\201\105\003
+\213\366\147\131\350\301\006\021\275\335\317\200\002\117\145\100
+\170\134\107\120\310\233\346\037\201\173\344\104\250\133\205\232
+\342\336\132\325\307\371\072\104\146\113\344\062\124\174\344\154
+\234\263\016\075\027\242\262\064\022\326\176\262\250\111\273\321
+\172\050\100\276\242\026\037\337\344\067\037\021\163\373\220\012
+\145\103\242\015\174\370\006\001\125\063\175\260\015\270\364\365
+\256\245\102\127\174\066\021\214\173\136\304\003\235\214\171\235
+\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035
+\016\004\026\004\024\265\231\370\257\260\224\365\343\040\326\012
+\255\316\116\126\244\056\156\102\355\060\015\006\011\052\206\110
+\206\367\015\001\001\013\005\000\003\202\002\001\000\046\006\136
+\160\347\145\063\310\202\156\331\234\027\072\033\172\146\262\001
+\366\170\073\151\136\057\352\377\116\371\050\303\230\052\141\114
+\264\044\022\212\175\155\021\024\367\234\265\312\346\274\236\047
+\216\114\031\310\251\275\172\300\327\066\016\155\205\162\156\250
+\306\242\155\366\372\163\143\177\274\156\171\010\034\235\212\237
+\032\212\123\246\330\273\331\065\125\261\021\305\251\003\263\126
+\073\271\204\223\042\136\176\301\366\022\122\213\352\054\147\274
+\376\066\114\365\270\317\321\263\111\222\073\323\051\016\231\033
+\226\367\141\270\073\304\053\266\170\154\264\043\157\360\375\323
+\262\136\165\037\231\225\250\254\366\332\341\305\061\173\373\321
+\106\263\322\274\147\264\142\124\272\011\367\143\260\223\242\232
+\371\351\122\056\213\140\022\253\374\365\140\126\357\020\134\213
+\304\032\102\334\203\133\144\016\313\265\274\326\117\301\174\074
+\156\215\023\155\373\173\353\060\320\334\115\257\305\325\266\245
+\114\133\161\311\350\061\276\350\070\006\110\241\032\342\352\322
+\336\022\071\130\032\377\200\016\202\165\346\267\311\007\154\016
+\357\377\070\361\230\161\304\267\177\016\025\320\045\151\275\042
+\235\053\355\005\366\106\107\254\355\300\360\324\073\342\354\356
+\226\133\220\023\116\036\126\072\353\260\357\226\273\226\043\021
+\272\362\103\206\164\144\225\310\050\165\337\035\065\272\322\067
+\203\070\123\070\066\073\317\154\351\371\153\016\320\373\004\350
+\117\167\327\145\001\170\206\014\172\076\041\142\361\177\143\161
+\014\311\237\104\333\250\047\242\165\276\156\201\076\327\300\353
+\033\230\017\160\134\064\262\212\314\300\205\030\353\156\172\263
+\367\132\241\007\277\251\102\222\363\140\042\227\344\024\241\007
+\233\116\166\300\216\175\375\244\045\307\107\355\377\037\163\254
+\314\303\245\351\157\012\216\233\145\302\120\205\265\243\240\123
+\022\314\125\207\141\363\201\256\020\106\141\275\104\041\270\302
+\075\164\317\176\044\065\372\034\007\016\233\075\042\312\357\061
+\057\214\254\022\275\357\100\050\374\051\147\237\262\023\117\146
+\044\304\123\031\351\036\051\025\357\346\155\260\177\055\147\375
+\363\154\033\165\106\243\345\112\027\351\244\327\013
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "CA Disig Root R2"
+# Issuer: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
+# Serial Number:00:92:b8:88:db:b0:8a:c1:63
+# Subject: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
+# Not Valid Before: Thu Jul 19 09:15:30 2012
+# Not Valid After : Sat Jul 19 09:15:30 2042
+# Fingerprint (MD5): 26:01:FB:D8:27:A7:17:9A:45:54:38:1A:43:01:3B:03
+# Fingerprint (SHA1): B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA Disig Root R2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\265\141\353\352\244\336\344\045\113\151\032\230\245\127\107\302
+\064\307\331\161
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\046\001\373\330\047\247\027\232\105\124\070\032\103\001\073\003
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\122\061\013\060\011\006\003\125\004\006\023\002\123\113\061
+\023\060\021\006\003\125\004\007\023\012\102\162\141\164\151\163
+\154\141\166\141\061\023\060\021\006\003\125\004\012\023\012\104
+\151\163\151\147\040\141\056\163\056\061\031\060\027\006\003\125
+\004\003\023\020\103\101\040\104\151\163\151\147\040\122\157\157
+\164\040\122\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\011\000\222\270\210\333\260\212\301\143
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ACCVRAIZ1"
+#
+# Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
+# Serial Number:5e:c3:b7:a6:43:7f:a4:e0
+# Subject: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
+# Not Valid Before: Thu May 05 09:37:37 2011
+# Not Valid After : Tue Dec 31 09:37:37 2030
+# Fingerprint (MD5): D0:A0:5A:EE:05:B6:09:94:21:A1:7D:F1:B2:29:82:02
+# Fingerprint (SHA1): 93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ACCVRAIZ1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\102\061\022\060\020\006\003\125\004\003\014\011\101\103\103
+\126\122\101\111\132\061\061\020\060\016\006\003\125\004\013\014
+\007\120\113\111\101\103\103\126\061\015\060\013\006\003\125\004
+\012\014\004\101\103\103\126\061\013\060\011\006\003\125\004\006
+\023\002\105\123
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\102\061\022\060\020\006\003\125\004\003\014\011\101\103\103
+\126\122\101\111\132\061\061\020\060\016\006\003\125\004\013\014
+\007\120\113\111\101\103\103\126\061\015\060\013\006\003\125\004
+\012\014\004\101\103\103\126\061\013\060\011\006\003\125\004\006
+\023\002\105\123
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\136\303\267\246\103\177\244\340
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\007\323\060\202\005\273\240\003\002\001\002\002\010\136
+\303\267\246\103\177\244\340\060\015\006\011\052\206\110\206\367
+\015\001\001\005\005\000\060\102\061\022\060\020\006\003\125\004
+\003\014\011\101\103\103\126\122\101\111\132\061\061\020\060\016
+\006\003\125\004\013\014\007\120\113\111\101\103\103\126\061\015
+\060\013\006\003\125\004\012\014\004\101\103\103\126\061\013\060
+\011\006\003\125\004\006\023\002\105\123\060\036\027\015\061\061
+\060\065\060\065\060\071\063\067\063\067\132\027\015\063\060\061
+\062\063\061\060\071\063\067\063\067\132\060\102\061\022\060\020
+\006\003\125\004\003\014\011\101\103\103\126\122\101\111\132\061
+\061\020\060\016\006\003\125\004\013\014\007\120\113\111\101\103
+\103\126\061\015\060\013\006\003\125\004\012\014\004\101\103\103
+\126\061\013\060\011\006\003\125\004\006\023\002\105\123\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\233
+\251\253\277\141\112\227\257\057\227\146\232\164\137\320\331\226
+\375\317\342\344\146\357\037\037\107\063\302\104\243\337\232\336
+\037\265\124\335\025\174\151\065\021\157\273\310\014\216\152\030
+\036\330\217\331\026\274\020\110\066\134\360\143\263\220\132\134
+\044\067\327\243\326\313\011\161\271\361\001\162\204\260\175\333
+\115\200\315\374\323\157\311\370\332\266\016\202\322\105\205\250
+\033\150\250\075\350\364\104\154\275\241\302\313\003\276\214\076
+\023\000\204\337\112\110\300\343\042\012\350\351\067\247\030\114
+\261\011\015\043\126\177\004\115\331\027\204\030\245\310\332\100
+\224\163\353\316\016\127\074\003\201\072\235\012\241\127\103\151
+\254\127\155\171\220\170\345\265\264\073\330\274\114\215\050\241
+\247\243\247\272\002\116\045\321\052\256\355\256\003\042\270\153
+\040\017\060\050\124\225\177\340\356\316\012\146\235\321\100\055
+\156\042\257\235\032\301\005\031\322\157\300\362\237\370\173\263
+\002\102\373\120\251\035\055\223\017\043\253\306\301\017\222\377
+\320\242\025\365\123\011\161\034\377\105\023\204\346\046\136\370
+\340\210\034\012\374\026\266\250\163\006\270\360\143\204\002\240
+\306\132\354\347\164\337\160\256\243\203\045\352\326\307\227\207
+\223\247\306\212\212\063\227\140\067\020\076\227\076\156\051\025
+\326\241\017\321\210\054\022\237\157\252\244\306\102\353\101\242
+\343\225\103\323\001\205\155\216\273\073\363\043\066\307\376\073
+\340\241\045\007\110\253\311\211\164\377\010\217\200\277\300\226
+\145\363\356\354\113\150\275\235\210\303\061\263\100\361\350\317
+\366\070\273\234\344\321\177\324\345\130\233\174\372\324\363\016
+\233\165\221\344\272\122\056\031\176\321\365\315\132\031\374\272
+\006\366\373\122\250\113\231\004\335\370\371\264\213\120\243\116
+\142\211\360\207\044\372\203\102\301\207\372\325\055\051\052\132
+\161\172\144\152\327\047\140\143\015\333\316\111\365\215\037\220
+\211\062\027\370\163\103\270\322\132\223\206\141\326\341\165\012
+\352\171\146\166\210\117\161\353\004\045\326\012\132\172\223\345
+\271\113\027\100\017\261\266\271\365\336\117\334\340\263\254\073
+\021\160\140\204\112\103\156\231\040\300\051\161\012\300\145\002
+\003\001\000\001\243\202\002\313\060\202\002\307\060\175\006\010
+\053\006\001\005\005\007\001\001\004\161\060\157\060\114\006\010
+\053\006\001\005\005\007\060\002\206\100\150\164\164\160\072\057
+\057\167\167\167\056\141\143\143\166\056\145\163\057\146\151\154
+\145\141\144\155\151\156\057\101\162\143\150\151\166\157\163\057
+\143\145\162\164\151\146\151\143\141\144\157\163\057\162\141\151
+\172\141\143\143\166\061\056\143\162\164\060\037\006\010\053\006
+\001\005\005\007\060\001\206\023\150\164\164\160\072\057\057\157
+\143\163\160\056\141\143\143\166\056\145\163\060\035\006\003\125
+\035\016\004\026\004\024\322\207\264\343\337\067\047\223\125\366
+\126\352\201\345\066\314\214\036\077\275\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125
+\035\043\004\030\060\026\200\024\322\207\264\343\337\067\047\223
+\125\366\126\352\201\345\066\314\214\036\077\275\060\202\001\163
+\006\003\125\035\040\004\202\001\152\060\202\001\146\060\202\001
+\142\006\004\125\035\040\000\060\202\001\130\060\202\001\042\006
+\010\053\006\001\005\005\007\002\002\060\202\001\024\036\202\001
+\020\000\101\000\165\000\164\000\157\000\162\000\151\000\144\000
+\141\000\144\000\040\000\144\000\145\000\040\000\103\000\145\000
+\162\000\164\000\151\000\146\000\151\000\143\000\141\000\143\000
+\151\000\363\000\156\000\040\000\122\000\141\000\355\000\172\000
+\040\000\144\000\145\000\040\000\154\000\141\000\040\000\101\000
+\103\000\103\000\126\000\040\000\050\000\101\000\147\000\145\000
+\156\000\143\000\151\000\141\000\040\000\144\000\145\000\040\000
+\124\000\145\000\143\000\156\000\157\000\154\000\157\000\147\000
+\355\000\141\000\040\000\171\000\040\000\103\000\145\000\162\000
+\164\000\151\000\146\000\151\000\143\000\141\000\143\000\151\000
+\363\000\156\000\040\000\105\000\154\000\145\000\143\000\164\000
+\162\000\363\000\156\000\151\000\143\000\141\000\054\000\040\000
+\103\000\111\000\106\000\040\000\121\000\064\000\066\000\060\000
+\061\000\061\000\065\000\066\000\105\000\051\000\056\000\040\000
+\103\000\120\000\123\000\040\000\145\000\156\000\040\000\150\000
+\164\000\164\000\160\000\072\000\057\000\057\000\167\000\167\000
+\167\000\056\000\141\000\143\000\143\000\166\000\056\000\145\000
+\163\060\060\006\010\053\006\001\005\005\007\002\001\026\044\150
+\164\164\160\072\057\057\167\167\167\056\141\143\143\166\056\145
+\163\057\154\145\147\151\163\154\141\143\151\157\156\137\143\056
+\150\164\155\060\125\006\003\125\035\037\004\116\060\114\060\112
+\240\110\240\106\206\104\150\164\164\160\072\057\057\167\167\167
+\056\141\143\143\166\056\145\163\057\146\151\154\145\141\144\155
+\151\156\057\101\162\143\150\151\166\157\163\057\143\145\162\164
+\151\146\151\143\141\144\157\163\057\162\141\151\172\141\143\143
+\166\061\137\144\145\162\056\143\162\154\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\027\006\003\125\035
+\021\004\020\060\016\201\014\141\143\143\166\100\141\143\143\166
+\056\145\163\060\015\006\011\052\206\110\206\367\015\001\001\005
+\005\000\003\202\002\001\000\227\061\002\237\347\375\103\147\110
+\104\024\344\051\207\355\114\050\146\320\217\065\332\115\141\267
+\112\227\115\265\333\220\340\005\056\016\306\171\320\362\227\151
+\017\275\004\107\331\276\333\265\051\332\233\331\256\251\231\325
+\323\074\060\223\365\215\241\250\374\006\215\104\364\312\026\225
+\174\063\334\142\213\250\067\370\047\330\011\055\033\357\310\024
+\047\040\251\144\104\377\056\326\165\252\154\115\140\100\031\111
+\103\124\143\332\342\314\272\146\345\117\104\172\133\331\152\201
+\053\100\325\177\371\001\047\130\054\310\355\110\221\174\077\246
+\000\317\304\051\163\021\066\336\206\031\076\235\356\031\212\033
+\325\260\355\216\075\234\052\300\015\330\075\146\343\074\015\275
+\325\224\134\342\342\247\065\033\004\000\366\077\132\215\352\103
+\275\137\211\035\251\301\260\314\231\342\115\000\012\332\311\047
+\133\347\023\220\134\344\365\063\242\125\155\334\340\011\115\057
+\261\046\133\047\165\000\011\304\142\167\051\010\137\236\131\254
+\266\176\255\237\124\060\042\003\301\036\161\144\376\371\070\012
+\226\030\335\002\024\254\043\313\006\034\036\244\175\215\015\336
+\047\101\350\255\332\025\267\260\043\335\053\250\323\332\045\207
+\355\350\125\104\115\210\364\066\176\204\232\170\254\367\016\126
+\111\016\326\063\045\326\204\120\102\154\040\022\035\052\325\276
+\274\362\160\201\244\160\140\276\005\265\233\236\004\104\276\141
+\043\254\351\245\044\214\021\200\224\132\242\242\271\111\322\301
+\334\321\247\355\061\021\054\236\031\246\356\341\125\341\300\352
+\317\015\204\344\027\267\242\174\245\336\125\045\006\356\314\300
+\207\134\100\332\314\225\077\125\340\065\307\270\204\276\264\135
+\315\172\203\001\162\356\207\346\137\035\256\265\205\306\046\337
+\346\301\232\351\036\002\107\237\052\250\155\251\133\317\354\105
+\167\177\230\047\232\062\135\052\343\204\356\305\230\146\057\226
+\040\035\335\330\303\047\327\260\371\376\331\175\315\320\237\217
+\013\024\130\121\237\057\213\303\070\055\336\350\217\326\215\207
+\244\365\126\103\026\231\054\364\244\126\264\064\270\141\067\311
+\302\130\200\033\240\227\241\374\131\215\351\021\366\321\017\113
+\125\064\106\052\213\206\073
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "ACCVRAIZ1"
+# Issuer: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
+# Serial Number:5e:c3:b7:a6:43:7f:a4:e0
+# Subject: C=ES,O=ACCV,OU=PKIACCV,CN=ACCVRAIZ1
+# Not Valid Before: Thu May 05 09:37:37 2011
+# Not Valid After : Tue Dec 31 09:37:37 2030
+# Fingerprint (MD5): D0:A0:5A:EE:05:B6:09:94:21:A1:7D:F1:B2:29:82:02
+# Fingerprint (SHA1): 93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ACCVRAIZ1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\223\005\172\210\025\306\117\316\210\057\372\221\026\122\050\170
+\274\123\144\027
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\320\240\132\356\005\266\011\224\041\241\175\361\262\051\202\002
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\102\061\022\060\020\006\003\125\004\003\014\011\101\103\103
+\126\122\101\111\132\061\061\020\060\016\006\003\125\004\013\014
+\007\120\113\111\101\103\103\126\061\015\060\013\006\003\125\004
+\012\014\004\101\103\103\126\061\013\060\011\006\003\125\004\006
+\023\002\105\123
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\136\303\267\246\103\177\244\340
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TWCA Global Root CA"
+#
+# Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW
+# Serial Number: 3262 (0xcbe)
+# Subject: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW
+# Not Valid Before: Wed Jun 27 06:28:33 2012
+# Not Valid After : Tue Dec 31 15:59:59 2030
+# Fingerprint (MD5): F9:03:7E:CF:E6:9E:3C:73:7A:2A:90:07:69:FF:2B:96
+# Fingerprint (SHA1): 9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TWCA Global Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157
+\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023
+\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164
+\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157
+\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023
+\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164
+\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\014\276
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\101\060\202\003\051\240\003\002\001\002\002\002\014
+\276\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000
+\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157
+\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023
+\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164
+\040\103\101\060\036\027\015\061\062\060\066\062\067\060\066\062
+\070\063\063\132\027\015\063\060\061\062\063\061\061\065\065\071
+\065\071\132\060\121\061\013\060\011\006\003\125\004\006\023\002
+\124\127\061\022\060\020\006\003\125\004\012\023\011\124\101\111
+\127\101\116\055\103\101\061\020\060\016\006\003\125\004\013\023
+\007\122\157\157\164\040\103\101\061\034\060\032\006\003\125\004
+\003\023\023\124\127\103\101\040\107\154\157\142\141\154\040\122
+\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\260\005\333\310\353\214\304\156\212
+\041\357\216\115\234\161\012\037\122\160\355\155\202\234\227\305
+\327\114\116\105\111\313\100\102\265\022\064\154\031\302\164\244
+\061\137\205\002\227\354\103\063\012\123\322\234\214\216\267\270
+\171\333\053\325\152\362\216\146\304\356\053\001\007\222\324\263
+\320\002\337\120\366\125\257\146\016\313\340\107\140\057\053\062
+\071\065\122\072\050\203\370\173\026\306\030\270\142\326\107\045
+\221\316\360\031\022\115\255\143\365\323\077\165\137\051\360\241
+\060\034\052\240\230\246\025\275\356\375\031\066\360\342\221\103
+\217\372\312\326\020\047\111\114\357\335\301\361\205\160\233\312
+\352\250\132\103\374\155\206\157\163\351\067\105\251\360\066\307
+\314\210\165\036\273\154\006\377\233\153\076\027\354\141\252\161
+\174\306\035\242\367\111\351\025\265\074\326\241\141\365\021\367
+\005\157\035\375\021\276\320\060\007\302\051\260\011\116\046\334
+\343\242\250\221\152\037\302\221\105\210\134\345\230\270\161\245
+\025\031\311\174\165\021\314\160\164\117\055\233\035\221\104\375
+\126\050\240\376\273\206\152\310\372\134\013\130\334\306\113\166
+\310\253\042\331\163\017\245\364\132\002\211\077\117\236\042\202
+\356\242\164\123\052\075\123\047\151\035\154\216\062\054\144\000
+\046\143\141\066\116\243\106\267\077\175\263\055\254\155\220\242
+\225\242\316\317\332\202\347\007\064\031\226\351\270\041\252\051
+\176\246\070\276\216\051\112\041\146\171\037\263\303\265\011\147
+\336\326\324\007\106\363\052\332\346\042\067\140\313\201\266\017
+\240\017\351\310\225\177\277\125\221\005\172\317\075\025\300\157
+\336\011\224\001\203\327\064\033\314\100\245\360\270\233\147\325
+\230\221\073\247\204\170\225\046\244\132\010\370\053\164\264\000
+\004\074\337\270\024\216\350\337\251\215\154\147\222\063\035\300
+\267\322\354\222\310\276\011\277\054\051\005\157\002\153\236\357
+\274\277\052\274\133\300\120\217\101\160\161\207\262\115\267\004
+\251\204\243\062\257\256\356\153\027\213\262\261\376\154\341\220
+\214\210\250\227\110\316\310\115\313\363\006\317\137\152\012\102
+\261\036\036\167\057\216\240\346\222\016\006\374\005\042\322\046
+\341\061\121\175\062\334\017\002\003\001\000\001\243\043\060\041
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000
+\003\202\002\001\000\137\064\201\166\357\226\035\325\345\265\331
+\002\143\204\026\301\256\240\160\121\247\367\114\107\065\310\013
+\327\050\075\211\161\331\252\063\101\352\024\033\154\041\000\300
+\154\102\031\176\237\151\133\040\102\337\242\322\332\304\174\227
+\113\215\260\350\254\310\356\245\151\004\231\012\222\246\253\047
+\056\032\115\201\277\204\324\160\036\255\107\376\375\112\235\063
+\340\362\271\304\105\010\041\012\332\151\151\163\162\015\276\064
+\376\224\213\255\303\036\065\327\242\203\357\345\070\307\245\205
+\037\253\317\064\354\077\050\376\014\361\127\206\116\311\125\367
+\034\324\330\245\175\006\172\157\325\337\020\337\201\116\041\145
+\261\266\341\027\171\225\105\006\316\137\314\334\106\211\143\150
+\104\215\223\364\144\160\240\075\235\050\005\303\071\160\270\142
+\173\040\375\344\333\351\010\241\270\236\075\011\307\117\373\054
+\370\223\166\101\336\122\340\341\127\322\235\003\274\167\236\376
+\236\051\136\367\301\121\140\037\336\332\013\262\055\165\267\103
+\110\223\347\366\171\306\204\135\200\131\140\224\374\170\230\217
+\074\223\121\355\100\220\007\337\144\143\044\313\116\161\005\241
+\327\224\032\210\062\361\042\164\042\256\245\246\330\022\151\114
+\140\243\002\356\053\354\324\143\222\013\136\276\057\166\153\243
+\266\046\274\217\003\330\012\362\114\144\106\275\071\142\345\226
+\353\064\143\021\050\314\225\361\255\357\357\334\200\130\110\351
+\113\270\352\145\254\351\374\200\265\265\310\105\371\254\301\237
+\331\271\352\142\210\216\304\361\113\203\022\255\346\213\204\326
+\236\302\353\203\030\237\152\273\033\044\140\063\160\314\354\367
+\062\363\134\331\171\175\357\236\244\376\311\043\303\044\356\025
+\222\261\075\221\117\046\206\275\146\163\044\023\352\244\256\143
+\301\255\175\204\003\074\020\170\206\033\171\343\304\363\362\004
+\225\040\256\043\202\304\263\072\000\142\277\346\066\044\341\127
+\272\307\036\220\165\325\137\077\225\141\053\301\073\315\345\263
+\150\141\320\106\046\251\041\122\151\055\353\056\307\353\167\316
+\246\072\265\003\063\117\166\321\347\134\124\001\135\313\170\364
+\311\014\277\317\022\216\027\055\043\150\224\347\253\376\251\262
+\053\006\320\004\315
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "TWCA Global Root CA"
+# Issuer: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW
+# Serial Number: 3262 (0xcbe)
+# Subject: CN=TWCA Global Root CA,OU=Root CA,O=TAIWAN-CA,C=TW
+# Not Valid Before: Wed Jun 27 06:28:33 2012
+# Not Valid After : Tue Dec 31 15:59:59 2030
+# Fingerprint (MD5): F9:03:7E:CF:E6:9E:3C:73:7A:2A:90:07:69:FF:2B:96
+# Fingerprint (SHA1): 9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TWCA Global Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\234\273\110\123\366\244\366\323\122\244\350\062\122\125\140\023
+\365\255\257\145
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\371\003\176\317\346\236\074\163\172\052\220\007\151\377\053\226
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\124\127\061
+\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116
+\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157
+\157\164\040\103\101\061\034\060\032\006\003\125\004\003\023\023
+\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164
+\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\002\014\276
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TeliaSonera Root CA v1"
+#
+# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96
+# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Not Valid Before: Thu Oct 18 12:00:50 2007
+# Not Valid After : Mon Oct 18 12:00:50 2032
+# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C
+# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TeliaSonera Root CA v1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154
+\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004
+\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122
+\157\157\164\040\103\101\040\166\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154
+\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004
+\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122
+\157\157\164\040\103\101\040\166\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372
+\213\315\226
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\070\060\202\003\040\240\003\002\001\002\002\021\000
+\225\276\026\240\367\056\106\361\173\071\202\162\372\213\315\226
+\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
+\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154\151
+\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004\003
+\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122\157
+\157\164\040\103\101\040\166\061\060\036\027\015\060\067\061\060
+\061\070\061\062\060\060\065\060\132\027\015\063\062\061\060\061
+\070\061\062\060\060\065\060\132\060\067\061\024\060\022\006\003
+\125\004\012\014\013\124\145\154\151\141\123\157\156\145\162\141
+\061\037\060\035\006\003\125\004\003\014\026\124\145\154\151\141
+\123\157\156\145\162\141\040\122\157\157\164\040\103\101\040\166
+\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\302\276\353\047\360\041\243\363\151\046\125\176\235\305
+\125\026\221\134\375\357\041\277\123\200\172\055\322\221\214\143
+\061\360\354\044\360\303\245\322\162\174\020\155\364\067\267\345
+\346\174\171\352\214\265\202\213\256\110\266\254\000\334\145\165
+\354\052\115\137\301\207\365\040\145\053\201\250\107\076\211\043
+\225\060\026\220\177\350\127\007\110\347\031\256\277\105\147\261
+\067\033\006\052\376\336\371\254\175\203\373\136\272\344\217\227
+\147\276\113\216\215\144\007\127\070\125\151\064\066\075\023\110
+\357\117\342\323\146\036\244\317\032\267\136\066\063\324\264\006
+\275\030\001\375\167\204\120\000\105\365\214\135\350\043\274\176
+\376\065\341\355\120\173\251\060\215\031\323\011\216\150\147\135
+\277\074\227\030\123\273\051\142\305\312\136\162\301\307\226\324
+\333\055\240\264\037\151\003\354\352\342\120\361\014\074\360\254
+\363\123\055\360\034\365\355\154\071\071\163\200\026\310\122\260
+\043\315\340\076\334\335\074\107\240\273\065\212\342\230\150\213
+\276\345\277\162\356\322\372\245\355\022\355\374\230\030\251\046
+\166\334\050\113\020\040\034\323\177\026\167\055\355\157\200\367
+\111\273\123\005\273\135\150\307\324\310\165\026\077\211\132\213
+\367\027\107\324\114\361\322\211\171\076\115\075\230\250\141\336
+\072\036\322\370\136\003\340\301\311\034\214\323\215\115\323\225
+\066\263\067\137\143\143\233\063\024\360\055\046\153\123\174\211
+\214\062\302\156\354\075\041\000\071\311\241\150\342\120\203\056
+\260\072\053\363\066\240\254\057\344\157\141\302\121\011\071\076
+\213\123\271\273\147\332\334\123\271\166\131\066\235\103\345\040
+\340\075\062\140\205\042\121\267\307\063\273\335\025\057\244\170
+\246\007\173\201\106\066\004\206\335\171\065\307\225\054\073\260
+\243\027\065\345\163\037\264\134\131\357\332\352\020\145\173\172
+\320\177\237\263\264\052\067\073\160\213\233\133\271\053\267\354
+\262\121\022\227\123\051\132\324\360\022\020\334\117\002\273\022
+\222\057\142\324\077\151\103\174\015\326\374\130\165\001\210\235
+\130\026\113\336\272\220\377\107\001\211\006\152\366\137\262\220
+\152\263\002\246\002\210\277\263\107\176\052\331\325\372\150\170
+\065\115\002\003\001\000\001\243\077\060\075\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\013\006\003
+\125\035\017\004\004\003\002\001\006\060\035\006\003\125\035\016
+\004\026\004\024\360\217\131\070\000\263\365\217\232\226\014\325
+\353\372\173\252\027\350\023\022\060\015\006\011\052\206\110\206
+\367\015\001\001\005\005\000\003\202\002\001\000\276\344\134\142
+\116\044\364\014\010\377\360\323\014\150\344\223\111\042\077\104
+\047\157\273\155\336\203\146\316\250\314\015\374\365\232\006\345
+\167\024\221\353\235\101\173\231\052\204\345\377\374\041\301\135
+\360\344\037\127\267\165\251\241\137\002\046\377\327\307\367\116
+\336\117\370\367\034\106\300\172\117\100\054\042\065\360\031\261
+\320\153\147\054\260\250\340\300\100\067\065\366\204\134\134\343
+\257\102\170\376\247\311\015\120\352\015\204\166\366\121\357\203
+\123\306\172\377\016\126\111\056\217\172\326\014\346\047\124\343
+\115\012\140\162\142\315\221\007\326\245\277\310\231\153\355\304
+\031\346\253\114\021\070\305\157\061\342\156\111\310\077\166\200
+\046\003\046\051\340\066\366\366\040\123\343\027\160\064\027\235
+\143\150\036\153\354\303\115\206\270\023\060\057\135\106\015\107
+\103\325\033\252\131\016\271\134\215\006\110\255\164\207\137\307
+\374\061\124\101\023\342\307\041\016\236\340\036\015\341\300\173
+\103\205\220\305\212\130\306\145\012\170\127\362\306\043\017\001
+\331\040\113\336\017\373\222\205\165\052\134\163\215\155\173\045
+\221\312\356\105\256\006\113\000\314\323\261\131\120\332\072\210
+\073\051\103\106\136\227\053\124\316\123\157\215\112\347\226\372
+\277\161\016\102\213\174\375\050\240\320\110\312\332\304\201\114
+\273\242\163\223\046\310\353\014\326\046\210\266\300\044\317\273
+\275\133\353\165\175\351\010\216\206\063\054\171\167\011\151\245
+\211\374\263\160\220\207\166\217\323\042\273\102\316\275\163\013
+\040\046\052\320\233\075\160\036\044\154\315\207\166\251\027\226
+\267\317\015\222\373\216\030\251\230\111\321\236\376\140\104\162
+\041\271\031\355\302\365\061\361\071\110\210\220\044\165\124\026
+\255\316\364\370\151\024\144\071\373\243\270\272\160\100\307\047
+\034\277\304\126\123\372\143\145\320\363\034\016\026\365\153\206
+\130\115\030\324\344\015\216\245\235\133\221\334\166\044\120\077
+\306\052\373\331\267\234\265\326\346\320\331\350\031\213\025\161
+\110\255\267\352\330\131\210\324\220\277\026\263\331\351\254\131
+\141\124\310\034\272\312\301\312\341\271\040\114\217\072\223\211
+\245\240\314\277\323\366\165\244\165\226\155\126
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "TeliaSonera Root CA v1"
+# Issuer: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Serial Number:00:95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96
+# Subject: CN=TeliaSonera Root CA v1,O=TeliaSonera
+# Not Valid Before: Thu Oct 18 12:00:50 2007
+# Not Valid After : Mon Oct 18 12:00:50 2032
+# Fingerprint (MD5): 37:41:49:1B:18:56:9A:26:F5:AD:C2:66:FB:40:A5:4C
+# Fingerprint (SHA1): 43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TeliaSonera Root CA v1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\103\023\273\226\361\325\206\233\301\116\152\222\366\317\366\064
+\151\207\202\067
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\067\101\111\033\030\126\232\046\365\255\302\146\373\100\245\114
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\067\061\024\060\022\006\003\125\004\012\014\013\124\145\154
+\151\141\123\157\156\145\162\141\061\037\060\035\006\003\125\004
+\003\014\026\124\145\154\151\141\123\157\156\145\162\141\040\122
+\157\157\164\040\103\101\040\166\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\225\276\026\240\367\056\106\361\173\071\202\162\372
+\213\315\226
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "E-Tugra Certification Authority"
+#
+# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:6a:68:3e:9c:51:9b:cb:53
+# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Tue Mar 05 12:09:48 2013
+# Not Valid After : Fri Mar 03 12:09:48 2023
+# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49
+# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Tugra Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
+\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
+\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
+\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
+\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
+\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
+\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
+\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
+\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
+\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
+\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
+\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
+\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
+\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
+\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\152\150\076\234\121\233\313\123
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\113\060\202\004\063\240\003\002\001\002\002\010\152
+\150\076\234\121\233\313\123\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\060\201\262\061\013\060\011\006\003\125
+\004\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014
+\006\101\156\153\141\162\141\061\100\060\076\006\003\125\004\012
+\014\067\105\055\124\165\304\237\162\141\040\105\102\107\040\102
+\151\154\151\305\237\151\155\040\124\145\153\156\157\154\157\152
+\151\154\145\162\151\040\166\145\040\110\151\172\155\145\164\154
+\145\162\151\040\101\056\305\236\056\061\046\060\044\006\003\125
+\004\013\014\035\105\055\124\165\147\162\141\040\123\145\162\164
+\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172
+\151\061\050\060\046\006\003\125\004\003\014\037\105\055\124\165
+\147\162\141\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061
+\063\060\063\060\065\061\062\060\071\064\070\132\027\015\062\063
+\060\063\060\063\061\062\060\071\064\070\132\060\201\262\061\013
+\060\011\006\003\125\004\006\023\002\124\122\061\017\060\015\006
+\003\125\004\007\014\006\101\156\153\141\162\141\061\100\060\076
+\006\003\125\004\012\014\067\105\055\124\165\304\237\162\141\040
+\105\102\107\040\102\151\154\151\305\237\151\155\040\124\145\153
+\156\157\154\157\152\151\154\145\162\151\040\166\145\040\110\151
+\172\155\145\164\154\145\162\151\040\101\056\305\236\056\061\046
+\060\044\006\003\125\004\013\014\035\105\055\124\165\147\162\141
+\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040\115
+\145\162\153\145\172\151\061\050\060\046\006\003\125\004\003\014
+\037\105\055\124\165\147\162\141\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\342\365\077\223\005\121\036\205\142\124\136\172\013\365\030
+\007\203\256\176\257\174\367\324\212\153\245\143\103\071\271\113
+\367\303\306\144\211\075\224\056\124\200\122\071\071\007\113\113
+\335\205\007\166\207\314\277\057\225\114\314\175\247\075\274\107
+\017\230\160\370\214\205\036\164\216\222\155\033\100\321\231\015
+\273\165\156\310\251\153\232\300\204\061\257\312\103\313\353\053
+\064\350\217\227\153\001\233\325\016\112\010\252\133\222\164\205
+\103\323\200\256\241\210\133\256\263\352\136\313\026\232\167\104
+\310\241\366\124\150\316\336\217\227\053\272\133\100\002\014\144
+\027\300\265\223\315\341\361\023\146\316\014\171\357\321\221\050
+\253\137\240\022\122\060\163\031\216\217\341\214\007\242\303\273
+\112\360\352\037\025\250\356\045\314\244\106\370\033\042\357\263
+\016\103\272\054\044\270\305\054\134\324\034\370\135\144\275\303
+\223\136\050\247\077\047\361\216\036\323\052\120\005\243\125\331
+\313\347\071\123\300\230\236\214\124\142\213\046\260\367\175\215
+\174\344\306\236\146\102\125\202\107\347\262\130\215\146\367\007
+\174\056\066\346\120\034\077\333\103\044\305\277\206\107\171\263
+\171\034\367\132\364\023\354\154\370\077\342\131\037\225\356\102
+\076\271\255\250\062\205\111\227\106\376\113\061\217\132\313\255
+\164\107\037\351\221\267\337\050\004\042\240\324\017\135\342\171
+\117\352\154\205\206\275\250\246\316\344\372\303\341\263\256\336
+\074\121\356\313\023\174\001\177\204\016\135\121\224\236\023\014
+\266\056\245\114\371\071\160\066\157\226\312\056\014\104\125\305
+\312\372\135\002\243\337\326\144\214\132\263\001\012\251\265\012
+\107\027\377\357\221\100\052\216\241\106\072\061\230\345\021\374
+\314\273\111\126\212\374\271\320\141\232\157\145\154\346\303\313
+\076\165\111\376\217\247\342\211\305\147\327\235\106\023\116\061
+\166\073\044\263\236\021\145\206\253\177\357\035\324\370\274\347
+\254\132\134\267\132\107\134\125\316\125\264\042\161\133\133\013
+\360\317\334\240\141\144\352\251\327\150\012\143\247\340\015\077
+\240\257\323\252\322\176\357\121\240\346\121\053\125\222\025\027
+\123\313\267\146\016\146\114\370\371\165\114\220\347\022\160\307
+\105\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035
+\016\004\026\004\024\056\343\333\262\111\320\234\124\171\134\372
+\047\052\376\314\116\322\350\116\124\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035
+\043\004\030\060\026\200\024\056\343\333\262\111\320\234\124\171
+\134\372\047\052\376\314\116\322\350\116\124\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\005
+\067\072\364\115\267\105\342\105\165\044\217\266\167\122\350\034
+\330\020\223\145\363\362\131\006\244\076\036\051\354\135\321\320
+\253\174\340\012\220\110\170\355\116\230\003\231\376\050\140\221
+\035\060\035\270\143\174\250\346\065\265\372\323\141\166\346\326
+\007\113\312\151\232\262\204\172\167\223\105\027\025\237\044\320
+\230\023\022\377\273\240\056\375\116\114\207\370\316\134\252\230
+\033\005\340\000\106\112\202\200\245\063\213\050\334\355\070\323
+\337\345\076\351\376\373\131\335\141\204\117\322\124\226\023\141
+\023\076\217\200\151\276\223\107\265\065\103\322\132\273\075\134
+\357\263\102\107\315\073\125\023\006\260\011\333\375\143\366\072
+\210\012\231\157\176\341\316\033\123\152\104\146\043\121\010\173
+\274\133\122\242\375\006\067\070\100\141\217\112\226\270\220\067
+\370\146\307\170\220\000\025\056\213\255\121\065\123\007\250\153
+\150\256\371\116\074\007\046\315\010\005\160\314\071\077\166\275
+\245\323\147\046\001\206\246\123\322\140\073\174\103\177\125\212
+\274\225\032\301\050\071\114\037\103\322\221\364\162\131\212\271
+\126\374\077\264\235\332\160\234\166\132\214\103\120\356\216\060
+\162\115\337\377\111\367\306\251\147\331\155\254\002\021\342\072
+\026\045\247\130\010\313\157\123\101\234\110\070\107\150\063\321
+\327\307\217\324\164\041\324\303\005\220\172\377\316\226\210\261
+\025\051\135\043\253\320\140\241\022\117\336\364\027\315\062\345
+\311\277\310\103\255\375\056\216\361\257\342\364\230\372\022\037
+\040\330\300\247\014\205\305\220\364\073\055\226\046\261\054\276
+\114\253\353\261\322\212\311\333\170\023\017\036\011\235\155\217
+\000\237\002\332\301\372\037\172\172\011\304\112\346\210\052\227
+\237\211\213\375\067\137\137\072\316\070\131\206\113\257\161\013
+\264\330\362\160\117\237\062\023\343\260\247\127\345\332\332\103
+\313\204\064\362\050\304\352\155\364\052\357\301\153\166\332\373
+\176\273\205\074\322\123\302\115\276\161\341\105\321\375\043\147
+\015\023\165\373\317\145\147\042\235\256\260\011\321\011\377\035
+\064\277\376\043\227\067\322\071\372\075\015\006\013\264\333\073
+\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "E-Tugra Certification Authority"
+# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:6a:68:3e:9c:51:9b:cb:53
+# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Tue Mar 05 12:09:48 2013
+# Not Valid After : Fri Mar 03 12:09:48 2023
+# Fingerprint (MD5): B8:A1:03:63:B0:BD:21:71:70:8A:6F:13:3A:BB:79:49
+# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "E-Tugra Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\121\306\347\010\111\006\156\363\222\324\134\240\015\155\243\142
+\217\303\122\071
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\270\241\003\143\260\275\041\161\160\212\157\023\072\273\171\111
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
+\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
+\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
+\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
+\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
+\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
+\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
+\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\152\150\076\234\121\233\313\123
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "T-TeleSec GlobalRoot Class 2"
+#
+# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:40:14 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
+# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\303\060\202\002\253\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105\061
+\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163\164
+\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040\123
+\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060\035
+\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155\163
+\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045\060
+\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123\145
+\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154\141
+\163\163\040\062\060\036\027\015\060\070\061\060\060\061\061\060
+\064\060\061\064\132\027\015\063\063\061\060\060\061\062\063\065
+\071\065\071\132\060\201\202\061\013\060\011\006\003\125\004\006
+\023\002\104\105\061\053\060\051\006\003\125\004\012\014\042\124
+\055\123\171\163\164\145\155\163\040\105\156\164\145\162\160\162
+\151\163\145\040\123\145\162\166\151\143\145\163\040\107\155\142
+\110\061\037\060\035\006\003\125\004\013\014\026\124\055\123\171
+\163\164\145\155\163\040\124\162\165\163\164\040\103\145\156\164
+\145\162\061\045\060\043\006\003\125\004\003\014\034\124\055\124
+\145\154\145\123\145\143\040\107\154\157\142\141\154\122\157\157
+\164\040\103\154\141\163\163\040\062\060\202\001\042\060\015\006
+\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017
+\000\060\202\001\012\002\202\001\001\000\252\137\332\033\137\350
+\163\221\345\332\134\364\242\346\107\345\363\150\125\140\005\035
+\002\244\263\233\131\363\036\212\257\064\255\374\015\302\331\110
+\031\356\151\217\311\040\374\041\252\007\031\355\260\134\254\145
+\307\137\355\002\174\173\174\055\033\326\272\271\200\302\030\202
+\026\204\372\146\260\010\306\124\043\201\344\315\271\111\077\366
+\117\156\067\110\050\070\017\305\276\347\150\160\375\071\227\115
+\322\307\230\221\120\252\304\104\263\043\175\071\107\351\122\142
+\326\022\223\136\267\061\226\102\005\373\166\247\036\243\365\302
+\374\351\172\305\154\251\161\117\352\313\170\274\140\257\307\336
+\364\331\313\276\176\063\245\156\224\203\360\064\372\041\253\352
+\216\162\240\077\244\336\060\133\357\206\115\152\225\133\103\104
+\250\020\025\034\345\001\127\305\230\361\346\006\050\221\252\040
+\305\267\123\046\121\103\262\013\021\225\130\341\300\017\166\331
+\300\215\174\201\363\162\160\236\157\376\032\216\331\137\065\306
+\262\157\064\174\276\110\117\342\132\071\327\330\235\170\236\237
+\206\076\003\136\031\213\104\242\325\307\002\003\001\000\001\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\277
+\131\040\066\000\171\240\240\042\153\214\325\362\141\322\270\054
+\313\202\112\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\001\001\000\061\003\242\141\013\037\164\350\162
+\066\306\155\371\115\236\372\042\250\341\201\126\317\315\273\237
+\352\253\221\031\070\257\252\174\025\115\363\266\243\215\245\364
+\216\366\104\251\247\350\041\225\255\076\000\142\026\210\360\002
+\272\374\141\043\346\063\233\060\172\153\066\142\173\255\004\043
+\204\130\145\342\333\053\212\347\045\123\067\142\123\137\274\332
+\001\142\051\242\246\047\161\346\072\042\176\301\157\035\225\160
+\040\112\007\064\337\352\377\025\200\345\272\327\172\330\133\165
+\174\005\172\051\107\176\100\250\061\023\167\315\100\073\264\121
+\107\172\056\021\343\107\021\336\235\146\320\213\325\124\146\372
+\203\125\352\174\302\051\211\033\351\157\263\316\342\005\204\311
+\057\076\170\205\142\156\311\137\301\170\143\164\130\300\110\030
+\014\231\071\353\244\314\032\265\171\132\215\025\234\330\024\015
+\366\172\007\127\307\042\203\005\055\074\233\045\046\075\030\263
+\251\103\174\310\310\253\144\217\016\243\277\234\033\235\060\333
+\332\320\031\056\252\074\361\373\063\200\166\344\315\255\031\117
+\005\047\216\023\241\156\302
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "T-TeleSec GlobalRoot Class 2"
+# Issuer: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Serial Number: 1 (0x1)
+# Subject: CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE
+# Not Valid Before: Wed Oct 01 10:40:14 2008
+# Not Valid After : Sat Oct 01 23:59:59 2033
+# Fingerprint (MD5): 2B:9B:9E:E4:7B:6C:1F:00:72:1A:CC:C1:77:79:DF:6A
+# Fingerprint (SHA1): 59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "T-TeleSec GlobalRoot Class 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\131\015\055\175\210\117\100\056\141\176\245\142\062\027\145\317
+\027\330\224\351
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\053\233\236\344\173\154\037\000\162\032\314\301\167\171\337\152
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\202\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\053\060\051\006\003\125\004\012\014\042\124\055\123\171\163
+\164\145\155\163\040\105\156\164\145\162\160\162\151\163\145\040
+\123\145\162\166\151\143\145\163\040\107\155\142\110\061\037\060
+\035\006\003\125\004\013\014\026\124\055\123\171\163\164\145\155
+\163\040\124\162\165\163\164\040\103\145\156\164\145\162\061\045
+\060\043\006\003\125\004\003\014\034\124\055\124\145\154\145\123
+\145\143\040\107\154\157\142\141\154\122\157\157\164\040\103\154
+\141\163\163\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Atos TrustedRoot 2011"
+#
+# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Serial Number:5c:33:cb:62:2c:5f:b3:32
+# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Not Valid Before: Thu Jul 07 14:58:30 2011
+# Not Valid After : Tue Dec 31 23:59:59 2030
+# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56
+# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Atos TrustedRoot 2011"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157
+\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060
+\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157
+\163\061\013\060\011\006\003\125\004\006\023\002\104\105
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157
+\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060
+\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157
+\163\061\013\060\011\006\003\125\004\006\023\002\104\105
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\134\063\313\142\054\137\263\062
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\167\060\202\002\137\240\003\002\001\002\002\010\134
+\063\313\142\054\137\263\062\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\060\074\061\036\060\034\006\003\125\004
+\003\014\025\101\164\157\163\040\124\162\165\163\164\145\144\122
+\157\157\164\040\062\060\061\061\061\015\060\013\006\003\125\004
+\012\014\004\101\164\157\163\061\013\060\011\006\003\125\004\006
+\023\002\104\105\060\036\027\015\061\061\060\067\060\067\061\064
+\065\070\063\060\132\027\015\063\060\061\062\063\061\062\063\065
+\071\065\071\132\060\074\061\036\060\034\006\003\125\004\003\014
+\025\101\164\157\163\040\124\162\165\163\164\145\144\122\157\157
+\164\040\062\060\061\061\061\015\060\013\006\003\125\004\012\014
+\004\101\164\157\163\061\013\060\011\006\003\125\004\006\023\002
+\104\105\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\225\205\073\227\157\052\073\056\073\317\246\363\051
+\065\276\317\030\254\076\252\331\370\115\240\076\032\107\271\274
+\232\337\362\376\314\076\107\350\172\226\302\044\216\065\364\251
+\014\374\202\375\155\301\162\142\047\275\352\153\353\347\212\314
+\124\076\220\120\317\200\324\225\373\350\265\202\324\024\305\266
+\251\125\045\127\333\261\120\366\260\140\144\131\172\151\317\003
+\267\157\015\276\312\076\157\164\162\352\252\060\052\163\142\276
+\111\221\141\310\021\376\016\003\052\367\152\040\334\002\025\015
+\136\025\152\374\343\202\301\265\305\235\144\011\154\243\131\230
+\007\047\307\033\226\053\141\164\161\154\103\361\367\065\211\020
+\340\236\354\125\241\067\042\242\207\004\005\054\107\175\264\034
+\271\142\051\146\050\312\267\341\223\365\244\224\003\231\271\160
+\205\265\346\110\352\215\120\374\331\336\314\157\007\016\335\013
+\162\235\200\060\026\007\225\077\050\016\375\305\165\117\123\326
+\164\232\264\044\056\216\002\221\317\166\305\233\036\125\164\234
+\170\041\261\360\055\361\013\237\302\325\226\030\037\360\124\042
+\172\214\007\002\003\001\000\001\243\175\060\173\060\035\006\003
+\125\035\016\004\026\004\024\247\245\006\261\054\246\011\140\356
+\321\227\351\160\256\274\073\031\154\333\041\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006\003
+\125\035\043\004\030\060\026\200\024\247\245\006\261\054\246\011
+\140\356\321\227\351\160\256\274\073\031\154\333\041\060\030\006
+\003\125\035\040\004\021\060\017\060\015\006\013\053\006\001\004
+\001\260\055\003\004\001\001\060\016\006\003\125\035\017\001\001
+\377\004\004\003\002\001\206\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\003\202\001\001\000\046\167\064\333\224
+\110\206\052\101\235\054\076\006\220\140\304\214\254\013\124\270
+\037\271\173\323\007\071\344\372\076\173\262\075\116\355\237\043
+\275\227\363\153\134\357\356\375\100\246\337\241\223\241\012\206
+\254\357\040\320\171\001\275\170\367\031\330\044\061\064\004\001
+\246\272\025\232\303\047\334\330\117\017\314\030\143\377\231\017
+\016\221\153\165\026\341\041\374\330\046\307\107\267\246\317\130
+\162\161\176\272\341\115\225\107\073\311\257\155\241\264\301\354
+\211\366\264\017\070\265\342\144\334\045\317\246\333\353\232\134
+\231\241\305\010\336\375\346\332\325\326\132\105\014\304\267\302
+\265\024\357\264\021\377\016\025\265\365\365\333\306\275\353\132
+\247\360\126\042\251\074\145\124\306\025\250\275\206\236\315\203
+\226\150\172\161\201\211\341\013\341\352\021\033\150\010\314\151
+\236\354\236\101\236\104\062\046\172\342\207\012\161\075\353\344
+\132\244\322\333\305\315\306\336\140\177\271\363\117\104\222\357
+\052\267\030\076\247\031\331\013\175\261\067\101\102\260\272\140
+\035\362\376\011\021\260\360\207\173\247\235
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Atos TrustedRoot 2011"
+# Issuer: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Serial Number:5c:33:cb:62:2c:5f:b3:32
+# Subject: C=DE,O=Atos,CN=Atos TrustedRoot 2011
+# Not Valid Before: Thu Jul 07 14:58:30 2011
+# Not Valid After : Tue Dec 31 23:59:59 2030
+# Fingerprint (MD5): AE:B9:C4:32:4B:AC:7F:5D:66:CC:77:94:BB:2A:77:56
+# Fingerprint (SHA1): 2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Atos TrustedRoot 2011"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\053\261\365\076\125\014\035\305\361\324\346\267\152\106\113\125
+\006\002\254\041
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\256\271\304\062\113\254\177\135\146\314\167\224\273\052\167\126
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\074\061\036\060\034\006\003\125\004\003\014\025\101\164\157
+\163\040\124\162\165\163\164\145\144\122\157\157\164\040\062\060
+\061\061\061\015\060\013\006\003\125\004\012\014\004\101\164\157
+\163\061\013\060\011\006\003\125\004\006\023\002\104\105
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\010\134\063\313\142\054\137\263\062
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "QuoVadis Root CA 1 G3"
+#
+# Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM
+# Serial Number:78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93
+# Subject: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Thu Jan 12 17:27:44 2012
+# Not Valid After : Sun Jan 12 17:27:44 2042
+# Fingerprint (SHA-256): 8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74
+# Fingerprint (SHA1): 1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 1 G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\061\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\061\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\170\130\137\056\255\054\031\113\343\067\007\065\064\023
+\050\265\226\324\145\223
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\140\060\202\003\110\240\003\002\001\002\002\024\170
+\130\137\056\255\054\031\113\343\067\007\065\064\023\050\265\226
+\324\145\223\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\110\061\013\060\011\006\003\125\004\006\023\002\102
+\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126
+\141\144\151\163\040\114\151\155\151\164\145\144\061\036\060\034
+\006\003\125\004\003\023\025\121\165\157\126\141\144\151\163\040
+\122\157\157\164\040\103\101\040\061\040\107\063\060\036\027\015
+\061\062\060\061\061\062\061\067\062\067\064\064\132\027\015\064
+\062\060\061\061\062\061\067\062\067\064\064\132\060\110\061\013
+\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006
+\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114
+\151\155\151\164\145\144\061\036\060\034\006\003\125\004\003\023
+\025\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103
+\101\040\061\040\107\063\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\240\276\120\020\216\351\362\154\100
+\264\004\234\205\271\061\312\334\055\344\021\251\004\074\033\125
+\301\347\130\060\035\044\264\303\357\205\336\214\054\341\301\075
+\337\202\346\117\255\107\207\154\354\133\111\301\112\325\273\217
+\354\207\254\177\202\232\206\354\075\003\231\122\001\322\065\236
+\254\332\360\123\311\146\074\324\254\002\001\332\044\323\073\250
+\002\106\257\244\034\343\370\163\130\166\267\366\016\220\015\265
+\360\317\314\372\371\306\114\345\303\206\060\012\215\027\176\065
+\353\305\337\273\016\234\300\215\207\343\210\070\205\147\372\076
+\307\253\340\023\234\005\030\230\317\223\365\261\222\264\374\043
+\323\317\325\304\047\111\340\236\074\233\010\243\213\135\052\041
+\340\374\071\252\123\332\175\176\317\032\011\123\274\135\005\004
+\317\241\112\217\213\166\202\015\241\370\322\307\024\167\133\220
+\066\007\201\233\076\006\372\122\136\143\305\246\000\376\245\351
+\122\033\122\265\222\071\162\003\011\142\275\260\140\026\156\246
+\335\045\302\003\146\335\363\004\321\100\342\116\213\206\364\157
+\345\203\240\047\204\136\004\301\365\220\275\060\075\304\357\250
+\151\274\070\233\244\244\226\321\142\332\151\300\001\226\256\313
+\304\121\064\352\014\252\377\041\216\131\217\112\134\344\141\232
+\247\322\351\052\170\215\121\075\072\025\356\242\131\216\251\134
+\336\305\371\220\042\345\210\105\161\335\221\231\154\172\237\075
+\075\230\174\136\366\276\026\150\240\136\256\013\043\374\132\017
+\252\042\166\055\311\241\020\035\344\323\104\043\220\210\237\306
+\052\346\327\365\232\263\130\036\057\060\211\010\033\124\242\265
+\230\043\354\010\167\034\225\135\141\321\313\211\234\137\242\112
+\221\232\357\041\252\111\026\010\250\275\141\050\061\311\164\255
+\205\366\331\305\261\213\321\345\020\062\115\137\213\040\072\074
+\111\037\063\205\131\015\333\313\011\165\103\151\163\373\153\161
+\175\360\337\304\114\175\306\243\056\310\225\171\313\163\242\216
+\116\115\044\373\136\344\004\276\162\033\246\047\055\111\132\231
+\172\327\134\011\040\267\177\224\271\117\361\015\034\136\210\102
+\033\021\267\347\221\333\236\154\364\152\337\214\006\230\003\255
+\314\050\357\245\107\363\123\002\003\001\000\001\243\102\060\100
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\035\006\003\125\035\016\004\026\004\024\243\227\326\363
+\136\242\020\341\253\105\237\074\027\144\074\356\001\160\234\314
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+\202\002\001\000\030\372\133\165\374\076\172\307\137\167\307\312
+\337\317\137\303\022\304\100\135\324\062\252\270\152\327\325\025
+\025\106\230\043\245\346\220\133\030\231\114\343\255\102\243\202
+\061\066\210\315\351\373\304\004\226\110\213\001\307\215\001\317
+\133\063\006\226\106\146\164\035\117\355\301\266\271\264\015\141
+\314\143\176\327\056\167\214\226\034\052\043\150\153\205\127\166
+\160\063\023\376\341\117\246\043\167\030\372\032\214\350\275\145
+\311\317\077\364\311\027\334\353\307\274\300\004\056\055\106\057
+\151\146\303\033\217\376\354\076\323\312\224\277\166\012\045\015
+\251\173\002\034\251\320\073\137\013\300\201\072\075\144\341\277
+\247\055\116\275\115\304\330\051\306\042\030\320\305\254\162\002
+\202\077\252\072\242\072\042\227\061\335\010\143\303\165\024\271
+\140\050\055\133\150\340\026\251\146\202\043\121\365\353\123\330
+\061\233\173\351\267\235\113\353\210\026\317\371\135\070\212\111
+\060\217\355\361\353\031\364\167\032\061\030\115\147\124\154\057
+\157\145\371\333\075\354\041\354\136\364\364\213\312\140\145\124
+\321\161\144\364\371\246\243\201\063\066\063\161\360\244\170\137
+\116\255\203\041\336\064\111\215\350\131\254\235\362\166\132\066
+\362\023\364\257\340\011\307\141\052\154\367\340\235\256\273\206
+\112\050\157\056\356\264\171\315\220\063\303\263\166\372\365\360
+\154\235\001\220\372\236\220\366\234\162\317\107\332\303\037\344
+\065\040\123\362\124\321\337\141\203\246\002\342\045\070\336\205
+\062\055\136\163\220\122\135\102\304\316\075\113\341\371\031\204
+\035\325\242\120\314\101\373\101\024\303\275\326\311\132\243\143
+\146\002\200\275\005\072\073\107\234\354\000\046\114\365\210\121
+\277\250\043\177\030\007\260\013\355\213\046\241\144\323\141\112
+\353\134\237\336\263\257\147\003\263\037\335\155\135\151\150\151
+\253\136\072\354\174\151\274\307\073\205\116\236\025\271\264\025
+\117\303\225\172\130\327\311\154\351\154\271\363\051\143\136\264
+\054\360\055\075\355\132\145\340\251\133\100\302\110\231\201\155
+\236\037\006\052\074\022\264\213\017\233\242\044\360\246\215\326
+\172\340\113\266\144\226\143\225\204\302\112\315\034\056\044\207
+\063\140\345\303
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "QuoVadis Root CA 1 G3"
+# Issuer: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM
+# Serial Number:78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93
+# Subject: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Thu Jan 12 17:27:44 2012
+# Not Valid After : Sun Jan 12 17:27:44 2042
+# Fingerprint (SHA-256): 8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74
+# Fingerprint (SHA1): 1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 1 G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\033\216\352\127\226\051\032\311\071\352\270\012\201\032\163\163
+\300\223\171\147
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\244\274\133\077\376\067\232\372\144\360\342\372\005\075\013\253
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\061\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\170\130\137\056\255\054\031\113\343\067\007\065\064\023
+\050\265\226\324\145\223
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "QuoVadis Root CA 2 G3"
+#
+# Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
+# Serial Number:44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28
+# Subject: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Thu Jan 12 18:59:32 2012
+# Not Valid After : Sun Jan 12 18:59:32 2042
+# Fingerprint (SHA-256): 8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40
+# Fingerprint (SHA1): 09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 2 G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\062\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\062\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\104\127\064\044\133\201\211\233\065\362\316\270\053\073
+\133\247\046\360\165\050
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\140\060\202\003\110\240\003\002\001\002\002\024\104
+\127\064\044\133\201\211\233\065\362\316\270\053\073\133\247\046
+\360\165\050\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\110\061\013\060\011\006\003\125\004\006\023\002\102
+\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126
+\141\144\151\163\040\114\151\155\151\164\145\144\061\036\060\034
+\006\003\125\004\003\023\025\121\165\157\126\141\144\151\163\040
+\122\157\157\164\040\103\101\040\062\040\107\063\060\036\027\015
+\061\062\060\061\061\062\061\070\065\071\063\062\132\027\015\064
+\062\060\061\061\062\061\070\065\071\063\062\132\060\110\061\013
+\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006
+\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114
+\151\155\151\164\145\144\061\036\060\034\006\003\125\004\003\023
+\025\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103
+\101\040\062\040\107\063\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\241\256\045\262\001\030\334\127\210
+\077\106\353\371\257\342\353\043\161\342\232\321\141\146\041\137
+\252\257\047\121\345\156\033\026\324\055\175\120\260\123\167\275
+\170\072\140\342\144\002\233\174\206\233\326\032\216\255\377\037
+\025\177\325\225\036\022\313\346\024\204\004\301\337\066\263\026
+\237\212\343\311\333\230\064\316\330\063\027\050\106\374\247\311
+\360\322\264\325\115\011\162\111\371\362\207\343\251\332\175\241
+\175\153\262\072\045\251\155\122\104\254\370\276\156\373\334\246
+\163\221\220\141\246\003\024\040\362\347\207\243\210\255\255\240
+\214\377\246\013\045\122\045\347\026\001\325\313\270\065\201\014
+\243\073\360\341\341\374\132\135\316\200\161\155\370\111\253\076
+\073\272\270\327\200\001\373\245\353\133\263\305\136\140\052\061
+\240\257\067\350\040\072\237\250\062\054\014\314\011\035\323\236
+\216\135\274\114\230\356\305\032\150\173\354\123\246\351\024\065
+\243\337\315\200\237\014\110\373\034\364\361\277\112\270\372\325
+\214\161\112\307\037\255\376\101\232\263\203\135\362\204\126\357
+\245\127\103\316\051\255\214\253\125\277\304\373\133\001\335\043
+\041\241\130\000\216\303\320\152\023\355\023\343\022\053\200\334
+\147\346\225\262\315\036\042\156\052\370\101\324\362\312\024\007
+\215\212\125\022\306\151\365\270\206\150\057\123\136\260\322\252
+\041\301\230\346\060\343\147\125\307\233\156\254\031\250\125\246
+\105\006\320\043\072\333\353\145\135\052\021\021\360\073\117\312
+\155\364\064\304\161\344\377\000\132\366\134\256\043\140\205\163
+\361\344\020\261\045\256\325\222\273\023\301\014\340\071\332\264
+\071\127\265\253\065\252\162\041\073\203\065\347\061\337\172\041
+\156\270\062\010\175\035\062\221\025\112\142\162\317\343\167\241
+\274\325\021\033\166\001\147\010\340\101\013\303\353\025\156\370
+\244\031\331\242\253\257\342\047\122\126\053\002\212\054\024\044
+\371\277\102\002\277\046\310\306\217\340\156\070\175\123\055\345
+\355\230\263\225\143\150\177\371\065\364\337\210\305\140\065\222
+\300\174\151\034\141\225\026\320\353\336\013\257\076\004\020\105
+\145\130\120\070\257\110\362\131\266\026\362\074\015\220\002\306
+\160\056\001\255\074\025\327\002\003\001\000\001\243\102\060\100
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\035\006\003\125\035\016\004\026\004\024\355\347\157\166
+\132\277\140\354\111\133\306\245\167\273\162\026\161\233\304\075
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+\202\002\001\000\221\337\200\077\103\011\176\161\302\367\353\263
+\210\217\341\121\262\274\075\165\371\050\135\310\274\231\233\173
+\135\252\345\312\341\012\367\350\262\323\237\335\147\061\176\272
+\001\252\307\152\101\073\220\324\010\134\262\140\152\220\360\310
+\316\003\142\371\213\355\373\156\052\334\006\115\074\051\017\211
+\026\212\130\114\110\017\350\204\141\352\074\162\246\167\344\102
+\256\210\243\103\130\171\176\256\312\245\123\015\251\075\160\275
+\040\031\141\244\154\070\374\103\062\341\301\107\377\370\354\361
+\021\042\062\226\234\302\366\133\151\226\173\040\014\103\101\232
+\133\366\131\031\210\336\125\210\067\121\013\170\134\012\036\243
+\102\375\307\235\210\017\300\362\170\002\044\124\223\257\211\207
+\210\311\112\200\035\352\320\156\076\141\056\066\273\065\016\047
+\226\375\146\064\073\141\162\163\361\026\134\107\006\124\111\000
+\172\130\022\260\012\357\205\375\261\270\063\165\152\223\034\022
+\346\140\136\157\035\177\311\037\043\313\204\141\237\036\202\104
+\371\137\255\142\125\044\232\122\230\355\121\347\241\176\227\072
+\346\057\037\021\332\123\200\054\205\236\253\065\020\333\042\137
+\152\305\136\227\123\362\062\002\011\060\243\130\360\015\001\325
+\162\306\261\174\151\173\303\365\066\105\314\141\156\136\114\224
+\305\136\256\350\016\136\213\277\367\315\340\355\241\016\033\063
+\356\124\030\376\017\276\357\176\204\153\103\343\160\230\333\135
+\165\262\015\131\007\205\025\043\071\326\361\337\251\046\017\326
+\110\307\263\246\042\365\063\067\132\225\107\237\173\272\030\025
+\157\377\326\024\144\203\111\322\012\147\041\333\017\065\143\140
+\050\042\343\261\225\203\315\205\246\335\057\017\347\147\122\156
+\273\057\205\174\365\112\163\347\305\076\300\275\041\022\005\077
+\374\267\003\111\002\133\310\045\346\342\124\070\365\171\207\214
+\035\123\262\116\205\173\006\070\307\054\370\370\260\162\215\045
+\345\167\122\364\003\034\110\246\120\137\210\040\060\156\362\202
+\103\253\075\227\204\347\123\373\041\301\117\017\042\232\206\270
+\131\052\366\107\075\031\210\055\350\205\341\236\354\205\010\152
+\261\154\064\311\035\354\110\053\073\170\355\146\304\216\171\151
+\203\336\177\214
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "QuoVadis Root CA 2 G3"
+# Issuer: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
+# Serial Number:44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28
+# Subject: CN=QuoVadis Root CA 2 G3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Thu Jan 12 18:59:32 2012
+# Not Valid After : Sun Jan 12 18:59:32 2042
+# Fingerprint (SHA-256): 8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40
+# Fingerprint (SHA1): 09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 2 G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\011\074\141\363\213\213\334\175\125\337\165\070\002\005\000\341
+\045\365\310\066
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\257\014\206\156\277\100\055\177\013\076\022\120\272\022\075\006
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\062\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\104\127\064\044\133\201\211\233\065\362\316\270\053\073
+\133\247\046\360\165\050
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "QuoVadis Root CA 3 G3"
+#
+# Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM
+# Serial Number:2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d
+# Subject: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Thu Jan 12 20:26:32 2012
+# Not Valid After : Sun Jan 12 20:26:32 2042
+# Fingerprint (SHA-256): 88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46
+# Fingerprint (SHA1): 48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 3 G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\063\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\063\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\056\365\233\002\050\247\333\172\377\325\243\251\356\275
+\003\240\317\022\152\035
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\140\060\202\003\110\240\003\002\001\002\002\024\056
+\365\233\002\050\247\333\172\377\325\243\251\356\275\003\240\317
+\022\152\035\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\110\061\013\060\011\006\003\125\004\006\023\002\102
+\115\061\031\060\027\006\003\125\004\012\023\020\121\165\157\126
+\141\144\151\163\040\114\151\155\151\164\145\144\061\036\060\034
+\006\003\125\004\003\023\025\121\165\157\126\141\144\151\163\040
+\122\157\157\164\040\103\101\040\063\040\107\063\060\036\027\015
+\061\062\060\061\061\062\062\060\062\066\063\062\132\027\015\064
+\062\060\061\061\062\062\060\062\066\063\062\132\060\110\061\013
+\060\011\006\003\125\004\006\023\002\102\115\061\031\060\027\006
+\003\125\004\012\023\020\121\165\157\126\141\144\151\163\040\114
+\151\155\151\164\145\144\061\036\060\034\006\003\125\004\003\023
+\025\121\165\157\126\141\144\151\163\040\122\157\157\164\040\103
+\101\040\063\040\107\063\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\263\313\016\020\147\216\352\024\227
+\247\062\052\012\126\066\177\150\114\307\263\157\072\043\024\221
+\377\031\177\245\312\254\356\263\166\235\172\351\213\033\253\153
+\061\333\372\013\123\114\257\305\245\032\171\074\212\114\377\254
+\337\045\336\116\331\202\062\013\104\336\312\333\214\254\243\156
+\026\203\073\246\144\113\062\211\373\026\026\070\176\353\103\342
+\323\164\112\302\142\012\163\012\335\111\263\127\322\260\012\205
+\235\161\074\336\243\313\300\062\363\001\071\040\103\033\065\321
+\123\263\261\356\305\223\151\202\076\026\265\050\106\241\336\352
+\211\011\355\103\270\005\106\212\206\365\131\107\276\033\157\001
+\041\020\271\375\251\322\050\312\020\071\011\312\023\066\317\234
+\255\255\100\164\171\053\002\077\064\377\372\040\151\175\323\356
+\141\365\272\263\347\060\320\067\043\206\162\141\105\051\110\131
+\150\157\167\246\056\201\276\007\115\157\257\316\304\105\023\221
+\024\160\006\217\037\237\370\207\151\261\016\357\303\211\031\353
+\352\034\141\374\172\154\212\334\326\003\013\236\046\272\022\335
+\324\124\071\253\046\243\063\352\165\201\332\055\315\017\117\344
+\003\321\357\025\227\033\153\220\305\002\220\223\146\002\041\261
+\107\336\213\232\112\200\271\125\217\265\242\057\300\326\063\147
+\332\176\304\247\264\004\104\353\107\373\346\130\271\367\014\360
+\173\053\261\300\160\051\303\100\142\055\073\110\151\334\043\074
+\110\353\173\011\171\251\155\332\250\060\230\317\200\162\003\210
+\246\133\106\256\162\171\174\010\003\041\145\256\267\341\034\245
+\261\052\242\061\336\146\004\367\300\164\350\161\336\377\075\131
+\314\226\046\022\213\205\225\127\032\253\153\165\013\104\075\021
+\050\074\173\141\267\342\217\147\117\345\354\074\114\140\200\151
+\127\070\036\001\133\215\125\350\307\337\300\314\167\043\064\111
+\165\174\366\230\021\353\055\336\355\101\056\024\005\002\177\340
+\376\040\353\065\347\021\254\042\316\127\075\336\311\060\155\020
+\003\205\315\361\377\214\026\265\301\262\076\210\154\140\177\220
+\117\225\367\366\055\255\001\071\007\004\372\165\200\175\277\111
+\120\355\357\311\304\174\034\353\200\176\333\266\320\335\023\376
+\311\323\234\327\262\227\251\002\003\001\000\001\243\102\060\100
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\035\006\003\125\035\016\004\026\004\024\306\027\320\274
+\250\352\002\103\362\033\006\231\135\053\220\040\271\327\234\344
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+\202\002\001\000\064\141\331\126\265\022\207\125\115\335\243\065
+\061\106\273\244\007\162\274\137\141\142\350\245\373\013\067\261
+\074\266\263\372\051\235\177\002\365\244\311\250\223\267\172\161
+\050\151\217\163\341\122\220\332\325\276\072\345\267\166\152\126
+\200\041\337\135\346\351\072\236\345\076\366\242\151\307\052\012
+\260\030\107\334\040\160\175\122\243\076\131\174\301\272\311\310
+\025\100\141\312\162\326\160\254\322\267\360\034\344\206\051\360
+\316\357\150\143\320\265\040\212\025\141\232\176\206\230\264\311
+\302\166\373\314\272\060\026\314\243\141\306\164\023\345\153\357
+\243\025\352\003\376\023\213\144\344\323\301\322\350\204\373\111
+\321\020\115\171\146\353\252\375\364\215\061\036\160\024\255\334
+\336\147\023\114\201\025\141\274\267\331\221\167\161\031\201\140
+\273\360\130\245\265\234\013\367\217\042\125\047\300\113\001\155
+\073\231\015\324\035\233\143\147\057\320\356\015\312\146\274\224
+\117\246\255\355\374\356\143\254\127\077\145\045\317\262\206\217
+\320\010\377\270\166\024\156\336\345\047\354\253\170\265\123\271
+\266\077\350\040\371\322\250\276\141\106\312\207\214\204\363\371
+\361\240\150\233\042\036\201\046\233\020\004\221\161\300\006\037
+\334\240\323\271\126\247\343\230\055\177\203\235\337\214\053\234
+\062\216\062\224\360\001\074\042\052\237\103\302\056\303\230\071
+\007\070\173\374\136\000\102\037\363\062\046\171\203\204\366\345
+\360\301\121\022\300\013\036\004\043\014\124\245\114\057\111\305
+\112\321\266\156\140\015\153\374\153\213\205\044\144\267\211\016
+\253\045\107\133\074\317\176\111\275\307\351\012\306\332\367\176
+\016\027\010\323\110\227\320\161\222\360\017\071\076\064\152\034
+\175\330\362\042\256\273\151\364\063\264\246\110\125\321\017\016
+\046\350\354\266\013\055\247\205\065\315\375\131\310\237\321\315
+\076\132\051\064\271\075\204\316\261\145\324\131\221\221\126\165
+\041\301\167\236\371\172\341\140\235\323\255\004\030\364\174\353
+\136\223\217\123\112\042\051\370\110\053\076\115\206\254\133\177
+\313\006\231\131\140\330\130\145\225\215\104\321\367\177\176\047
+\177\175\256\200\365\007\114\266\076\234\161\124\231\004\113\375
+\130\371\230\364
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "QuoVadis Root CA 3 G3"
+# Issuer: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM
+# Serial Number:2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d
+# Subject: CN=QuoVadis Root CA 3 G3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Thu Jan 12 20:26:32 2012
+# Not Valid After : Sun Jan 12 20:26:32 2042
+# Fingerprint (SHA-256): 88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46
+# Fingerprint (SHA1): 48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis Root CA 3 G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\110\022\275\222\074\250\304\071\006\347\060\155\047\226\346\244
+\317\042\056\175
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\337\175\271\255\124\157\150\241\337\211\127\003\227\103\260\327
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\110\061\013\060\011\006\003\125\004\006\023\002\102\115\061
+\031\060\027\006\003\125\004\012\023\020\121\165\157\126\141\144
+\151\163\040\114\151\155\151\164\145\144\061\036\060\034\006\003
+\125\004\003\023\025\121\165\157\126\141\144\151\163\040\122\157
+\157\164\040\103\101\040\063\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\056\365\233\002\050\247\333\172\377\325\243\251\356\275
+\003\240\317\022\152\035
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert Assured ID Root G2"
+#
+# Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b
+# Subject: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85
+# Fingerprint (SHA1): A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Assured ID Root G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\013\223\034\072\326\071\147\352\147\043\277\303\257\232
+\364\113
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\226\060\202\002\176\240\003\002\001\002\002\020\013
+\223\034\072\326\071\147\352\147\043\277\303\257\232\364\113\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\145
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060
+\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164
+\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167
+\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061
+\044\060\042\006\003\125\004\003\023\033\104\151\147\151\103\145
+\162\164\040\101\163\163\165\162\145\144\040\111\104\040\122\157
+\157\164\040\107\062\060\036\027\015\061\063\060\070\060\061\061
+\062\060\060\060\060\132\027\015\063\070\060\061\061\065\061\062
+\060\060\060\060\132\060\145\061\013\060\011\006\003\125\004\006
+\023\002\125\123\061\025\060\023\006\003\125\004\012\023\014\104
+\151\147\151\103\145\162\164\040\111\156\143\061\031\060\027\006
+\003\125\004\013\023\020\167\167\167\056\144\151\147\151\143\145
+\162\164\056\143\157\155\061\044\060\042\006\003\125\004\003\023
+\033\104\151\147\151\103\145\162\164\040\101\163\163\165\162\145
+\144\040\111\104\040\122\157\157\164\040\107\062\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\331\347\050
+\057\122\077\066\162\111\210\223\064\363\370\152\036\061\124\200
+\237\255\124\101\265\107\337\226\250\324\257\200\055\271\012\317
+\165\375\211\245\175\044\372\343\042\014\053\274\225\027\013\063
+\277\031\115\101\006\220\000\275\014\115\020\376\007\265\347\034
+\156\042\125\061\145\227\275\323\027\322\036\142\363\333\352\154
+\120\214\077\204\014\226\317\267\313\003\340\312\155\241\024\114
+\033\211\335\355\000\260\122\174\257\221\154\261\070\023\321\351
+\022\010\300\000\260\034\053\021\332\167\160\066\233\256\316\171
+\207\334\202\160\346\011\164\160\125\151\257\243\150\237\277\335
+\266\171\263\362\235\160\051\125\364\253\377\225\141\363\311\100
+\157\035\321\276\223\273\323\210\052\273\235\277\162\132\126\161
+\073\077\324\363\321\012\376\050\357\243\356\331\231\257\003\323
+\217\140\267\362\222\241\261\275\211\211\037\060\315\303\246\056
+\142\063\256\026\002\167\104\132\347\201\012\074\247\104\056\171
+\270\077\004\274\134\240\207\341\033\257\121\216\315\354\054\372
+\370\376\155\360\072\174\252\213\344\147\225\061\215\002\003\001
+\000\001\243\102\060\100\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001
+\377\004\004\003\002\001\206\060\035\006\003\125\035\016\004\026
+\004\024\316\303\112\271\231\125\362\270\333\140\277\251\176\275
+\126\265\227\066\247\326\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\001\001\000\312\245\125\214\343\310
+\101\156\151\047\247\165\021\357\074\206\066\157\322\235\306\170
+\070\035\151\226\242\222\151\056\070\154\233\175\004\324\211\245
+\261\061\067\212\311\041\314\253\154\315\213\034\232\326\277\110
+\322\062\146\301\212\300\363\057\072\357\300\343\324\221\206\321
+\120\343\003\333\163\167\157\112\071\123\355\336\046\307\265\175
+\257\053\102\321\165\142\343\112\053\002\307\120\113\340\151\342
+\226\154\016\104\146\020\104\217\255\005\353\370\171\254\246\033
+\350\067\064\235\123\311\141\252\242\122\257\112\160\026\206\302
+\072\310\261\023\160\066\330\317\356\364\012\064\325\133\114\375
+\007\234\242\272\331\001\162\134\363\115\301\335\016\261\034\015
+\304\143\276\255\364\024\373\211\354\242\101\016\114\314\310\127
+\100\320\156\003\252\315\014\216\211\231\231\154\360\074\060\257
+\070\337\157\274\243\276\051\040\047\253\164\377\023\042\170\336
+\227\122\125\036\203\265\124\040\003\356\256\300\117\126\336\067
+\314\303\177\252\004\047\273\323\167\270\142\333\027\174\234\050
+\042\023\163\154\317\046\365\212\051\347
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "DigiCert Assured ID Root G2"
+# Issuer: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b
+# Subject: CN=DigiCert Assured ID Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85
+# Fingerprint (SHA1): A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Assured ID Root G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\241\113\110\331\103\356\012\016\100\220\117\074\340\244\300\221
+\223\121\135\077
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\222\070\271\370\143\044\202\145\054\127\063\346\376\201\217\235
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\013\223\034\072\326\071\147\352\147\043\277\303\257\232
+\364\113
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert Assured ID Root G3"
+#
+# Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec
+# Subject: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2
+# Fingerprint (SHA1): F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Assured ID Root G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\013\241\132\372\035\337\240\265\111\104\257\315\044\240
+\154\354
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\106\060\202\001\315\240\003\002\001\002\002\020\013
+\241\132\372\035\337\240\265\111\104\257\315\044\240\154\354\060
+\012\006\010\052\206\110\316\075\004\003\003\060\145\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006\003
+\125\004\012\023\014\104\151\147\151\103\145\162\164\040\111\156
+\143\061\031\060\027\006\003\125\004\013\023\020\167\167\167\056
+\144\151\147\151\143\145\162\164\056\143\157\155\061\044\060\042
+\006\003\125\004\003\023\033\104\151\147\151\103\145\162\164\040
+\101\163\163\165\162\145\144\040\111\104\040\122\157\157\164\040
+\107\063\060\036\027\015\061\063\060\070\060\061\061\062\060\060
+\060\060\132\027\015\063\070\060\061\061\065\061\062\060\060\060
+\060\132\060\145\061\013\060\011\006\003\125\004\006\023\002\125
+\123\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151
+\103\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004
+\013\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056
+\143\157\155\061\044\060\042\006\003\125\004\003\023\033\104\151
+\147\151\103\145\162\164\040\101\163\163\165\162\145\144\040\111
+\104\040\122\157\157\164\040\107\063\060\166\060\020\006\007\052
+\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
+\004\031\347\274\254\104\145\355\315\270\077\130\373\215\261\127
+\251\104\055\005\025\362\357\013\377\020\164\237\265\142\122\137
+\146\176\037\345\334\033\105\171\013\314\306\123\012\235\215\135
+\002\331\251\131\336\002\132\366\225\052\016\215\070\112\212\111
+\306\274\306\003\070\007\137\125\332\176\011\156\342\177\136\320
+\105\040\017\131\166\020\326\240\044\360\055\336\066\362\154\051
+\071\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\206\060\035\006\003\125\035\016\004\026\004
+\024\313\320\275\251\341\230\005\121\241\115\067\242\203\171\316
+\215\035\052\344\204\060\012\006\010\052\206\110\316\075\004\003
+\003\003\147\000\060\144\002\060\045\244\201\105\002\153\022\113
+\165\164\117\310\043\343\160\362\165\162\336\174\211\360\317\221
+\162\141\236\136\020\222\131\126\271\203\307\020\347\070\351\130
+\046\066\175\325\344\064\206\071\002\060\174\066\123\360\060\345
+\142\143\072\231\342\266\243\073\233\064\372\036\332\020\222\161
+\136\221\023\247\335\244\156\222\314\062\326\365\041\146\307\057
+\352\226\143\152\145\105\222\225\001\264
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "DigiCert Assured ID Root G3"
+# Issuer: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec
+# Subject: CN=DigiCert Assured ID Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2
+# Fingerprint (SHA1): F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Assured ID Root G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\365\027\242\117\232\110\306\311\370\242\000\046\237\334\017\110
+\054\253\060\211
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\174\177\145\061\014\201\337\215\272\076\231\342\134\255\156\373
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\044\060\042\006\003\125\004\003\023\033\104\151\147\151
+\103\145\162\164\040\101\163\163\165\162\145\144\040\111\104\040
+\122\157\157\164\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\013\241\132\372\035\337\240\265\111\104\257\315\044\240
+\154\354
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert Global Root G2"
+#
+# Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
+# Subject: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F
+# Fingerprint (SHA1): DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Global Root G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\003\072\361\346\247\021\251\240\273\050\144\261\035\011
+\372\345
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\216\060\202\002\166\240\003\002\001\002\002\020\003
+\072\361\346\247\021\251\240\273\050\144\261\035\011\372\345\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\141
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060
+\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164
+\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167
+\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061
+\040\060\036\006\003\125\004\003\023\027\104\151\147\151\103\145
+\162\164\040\107\154\157\142\141\154\040\122\157\157\164\040\107
+\062\060\036\027\015\061\063\060\070\060\061\061\062\060\060\060
+\060\132\027\015\063\070\060\061\061\065\061\062\060\060\060\060
+\132\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103
+\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013
+\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143
+\157\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147
+\151\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157
+\164\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\273\067\315\064\334\173\153\311\262\150\220
+\255\112\165\377\106\272\041\012\010\215\365\031\124\311\373\210
+\333\363\256\362\072\211\221\074\172\346\253\006\032\153\317\254
+\055\350\136\011\044\104\272\142\232\176\326\243\250\176\340\124
+\165\040\005\254\120\267\234\143\032\154\060\334\332\037\031\261
+\327\036\336\375\327\340\313\224\203\067\256\354\037\103\116\335
+\173\054\322\275\056\245\057\344\251\270\255\072\324\231\244\266
+\045\351\233\153\000\140\222\140\377\117\041\111\030\367\147\220
+\253\141\006\234\217\362\272\351\264\351\222\062\153\265\363\127
+\350\135\033\315\214\035\253\225\004\225\111\363\065\055\226\343
+\111\155\335\167\343\373\111\113\264\254\125\007\251\217\225\263
+\264\043\273\114\155\105\360\366\251\262\225\060\264\375\114\125
+\214\047\112\127\024\174\202\235\315\163\222\323\026\112\006\014
+\214\120\321\217\036\011\276\027\241\346\041\312\375\203\345\020
+\274\203\245\012\304\147\050\366\163\024\024\075\106\166\303\207
+\024\211\041\064\115\257\017\105\014\246\111\241\272\273\234\305
+\261\063\203\051\205\002\003\001\000\001\243\102\060\100\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\016\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060
+\035\006\003\125\035\016\004\026\004\024\116\042\124\040\030\225
+\346\343\156\346\017\372\372\271\022\355\006\027\217\071\060\015
+\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001
+\001\000\140\147\050\224\157\016\110\143\353\061\335\352\147\030
+\325\211\175\074\305\213\112\177\351\276\333\053\027\337\260\137
+\163\167\052\062\023\071\201\147\102\204\043\362\105\147\065\354
+\210\277\370\217\260\141\014\064\244\256\040\114\204\306\333\370
+\065\341\166\331\337\246\102\273\307\104\010\206\177\066\164\044
+\132\332\154\015\024\131\065\275\362\111\335\266\037\311\263\015
+\107\052\075\231\057\273\134\273\265\324\040\341\231\137\123\106
+\025\333\150\233\360\363\060\325\076\061\342\215\204\236\343\212
+\332\332\226\076\065\023\245\137\360\371\160\120\160\107\101\021
+\127\031\116\300\217\256\006\304\225\023\027\057\033\045\237\165
+\362\261\216\231\241\157\023\261\101\161\376\210\052\310\117\020
+\040\125\327\363\024\105\345\340\104\364\352\207\225\062\223\016
+\376\123\106\372\054\235\377\213\042\271\113\331\011\105\244\336
+\244\270\232\130\335\033\175\122\237\216\131\103\210\201\244\236
+\046\325\157\255\335\015\306\067\175\355\003\222\033\345\167\137
+\166\356\074\215\304\135\126\133\242\331\146\156\263\065\067\345
+\062\266
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "DigiCert Global Root G2"
+# Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5
+# Subject: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F
+# Fingerprint (SHA1): DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Global Root G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\337\074\044\371\277\326\146\166\033\046\200\163\376\006\321\314
+\215\117\202\244
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\344\246\212\310\124\254\122\102\106\012\375\162\110\033\052\104
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\003\072\361\346\247\021\251\240\273\050\144\261\035\011
+\372\345
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert Global Root G3"
+#
+# Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72
+# Subject: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0
+# Fingerprint (SHA1): 7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Global Root G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\005\125\126\274\362\136\244\065\065\303\244\017\325\253
+\105\162
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\077\060\202\001\305\240\003\002\001\002\002\020\005
+\125\126\274\362\136\244\065\065\303\244\017\325\253\105\162\060
+\012\006\010\052\206\110\316\075\004\003\003\060\141\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006\003
+\125\004\012\023\014\104\151\147\151\103\145\162\164\040\111\156
+\143\061\031\060\027\006\003\125\004\013\023\020\167\167\167\056
+\144\151\147\151\143\145\162\164\056\143\157\155\061\040\060\036
+\006\003\125\004\003\023\027\104\151\147\151\103\145\162\164\040
+\107\154\157\142\141\154\040\122\157\157\164\040\107\063\060\036
+\027\015\061\063\060\070\060\061\061\062\060\060\060\060\132\027
+\015\063\070\060\061\061\065\061\062\060\060\060\060\132\060\141
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060
+\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164
+\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167
+\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061
+\040\060\036\006\003\125\004\003\023\027\104\151\147\151\103\145
+\162\164\040\107\154\157\142\141\154\040\122\157\157\164\040\107
+\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
+\053\201\004\000\042\003\142\000\004\335\247\331\273\212\270\013
+\373\013\177\041\322\360\276\276\163\363\063\135\032\274\064\352
+\336\306\233\274\320\225\366\360\314\320\013\272\141\133\121\106
+\176\236\055\237\356\216\143\014\027\354\007\160\365\317\204\056
+\100\203\234\350\077\101\155\073\255\323\244\024\131\066\170\235
+\003\103\356\020\023\154\162\336\256\210\247\241\153\265\103\316
+\147\334\043\377\003\034\243\342\076\243\102\060\100\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\035
+\006\003\125\035\016\004\026\004\024\263\333\110\244\371\241\305
+\330\256\066\101\314\021\143\151\142\051\274\113\306\060\012\006
+\010\052\206\110\316\075\004\003\003\003\150\000\060\145\002\061
+\000\255\274\362\154\077\022\112\321\055\071\303\012\011\227\163
+\364\210\066\214\210\047\273\346\210\215\120\205\247\143\371\236
+\062\336\146\223\017\361\314\261\011\217\335\154\253\372\153\177
+\240\002\060\071\146\133\302\144\215\270\236\120\334\250\325\111
+\242\355\307\334\321\111\177\027\001\270\310\206\217\116\214\210
+\053\250\232\251\212\305\321\000\275\370\124\342\232\345\133\174
+\263\047\027
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "DigiCert Global Root G3"
+# Issuer: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72
+# Subject: CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0
+# Fingerprint (SHA1): 7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Global Root G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\176\004\336\211\152\076\146\155\000\346\207\323\077\372\331\073
+\350\075\064\236
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\365\135\244\120\245\373\050\176\036\017\015\314\226\127\126\312
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\040\060\036\006\003\125\004\003\023\027\104\151\147\151
+\103\145\162\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\005\125\126\274\362\136\244\065\065\303\244\017\325\253
+\105\162
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "DigiCert Trusted Root G4"
+#
+# Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
+# Subject: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88
+# Fingerprint (SHA1): DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Trusted Root G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\041\060\037\006\003\125\004\003\023\030\104\151\147\151
+\103\145\162\164\040\124\162\165\163\164\145\144\040\122\157\157
+\164\040\107\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\041\060\037\006\003\125\004\003\023\030\104\151\147\151
+\103\145\162\164\040\124\162\165\163\164\145\144\040\122\157\157
+\164\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\005\233\033\127\236\216\041\062\342\071\007\275\247\167
+\165\134
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\220\060\202\003\170\240\003\002\001\002\002\020\005
+\233\033\127\236\216\041\062\342\071\007\275\247\167\165\134\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\142
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025\060
+\023\006\003\125\004\012\023\014\104\151\147\151\103\145\162\164
+\040\111\156\143\061\031\060\027\006\003\125\004\013\023\020\167
+\167\167\056\144\151\147\151\143\145\162\164\056\143\157\155\061
+\041\060\037\006\003\125\004\003\023\030\104\151\147\151\103\145
+\162\164\040\124\162\165\163\164\145\144\040\122\157\157\164\040
+\107\064\060\036\027\015\061\063\060\070\060\061\061\062\060\060
+\060\060\132\027\015\063\070\060\061\061\065\061\062\060\060\060
+\060\132\060\142\061\013\060\011\006\003\125\004\006\023\002\125
+\123\061\025\060\023\006\003\125\004\012\023\014\104\151\147\151
+\103\145\162\164\040\111\156\143\061\031\060\027\006\003\125\004
+\013\023\020\167\167\167\056\144\151\147\151\143\145\162\164\056
+\143\157\155\061\041\060\037\006\003\125\004\003\023\030\104\151
+\147\151\103\145\162\164\040\124\162\165\163\164\145\144\040\122
+\157\157\164\040\107\064\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\277\346\220\163\150\336\273\344\135
+\112\074\060\042\060\151\063\354\302\247\045\056\311\041\075\362
+\212\330\131\302\341\051\247\075\130\253\166\232\315\256\173\033
+\204\015\304\060\037\363\033\244\070\026\353\126\306\227\155\035
+\253\262\171\362\312\021\322\344\137\326\005\074\122\017\122\037
+\306\236\025\245\176\276\237\251\127\026\131\125\162\257\150\223
+\160\302\262\272\165\231\152\163\062\224\321\020\104\020\056\337
+\202\363\007\204\346\164\073\155\161\342\055\014\033\356\040\325
+\311\040\035\143\051\055\316\354\136\116\310\223\370\041\141\233
+\064\353\005\306\136\354\133\032\274\353\311\317\315\254\064\100
+\137\261\172\146\356\167\310\110\250\146\127\127\237\124\130\216
+\014\053\267\117\247\060\331\126\356\312\173\135\343\255\311\117
+\136\345\065\347\061\313\332\223\136\334\216\217\200\332\266\221
+\230\100\220\171\303\170\307\266\261\304\265\152\030\070\003\020
+\215\330\324\067\244\056\005\175\210\365\202\076\020\221\160\253
+\125\202\101\062\327\333\004\163\052\156\221\001\174\041\114\324
+\274\256\033\003\165\135\170\146\331\072\061\104\232\063\100\277
+\010\327\132\111\244\302\346\251\240\147\335\244\047\274\241\117
+\071\265\021\130\027\367\044\134\106\217\144\367\301\151\210\166
+\230\166\075\131\135\102\166\207\211\227\151\172\110\360\340\242
+\022\033\146\232\164\312\336\113\036\347\016\143\256\346\324\357
+\222\222\072\236\075\334\000\344\105\045\211\266\232\104\031\053
+\176\300\224\264\322\141\155\353\063\331\305\337\113\004\000\314
+\175\034\225\303\217\367\041\262\262\021\267\273\177\362\325\214
+\160\054\101\140\252\261\143\030\104\225\032\166\142\176\366\200
+\260\373\350\144\246\063\321\211\007\341\275\267\346\103\244\030
+\270\246\167\001\341\017\224\014\041\035\262\124\051\045\211\154
+\345\016\122\121\107\164\276\046\254\266\101\165\336\172\254\137
+\215\077\311\274\323\101\021\022\133\345\020\120\353\061\305\312
+\162\026\042\011\337\174\114\165\077\143\354\041\137\304\040\121
+\153\157\261\253\206\213\117\302\326\105\137\235\040\374\241\036
+\305\300\217\242\261\176\012\046\231\365\344\151\057\230\035\055
+\365\331\251\262\035\345\033\002\003\001\000\001\243\102\060\100
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\206\060\035\006\003\125\035\016\004\026\004\024\354\327\343\202
+\322\161\135\144\114\337\056\147\077\347\272\230\256\034\017\117
+\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000\003
+\202\002\001\000\273\141\331\175\251\154\276\027\304\221\033\303
+\241\242\000\215\343\144\150\017\126\317\167\256\160\371\375\232
+\112\231\271\311\170\134\014\014\137\344\346\024\051\126\013\066
+\111\135\104\143\340\255\234\226\030\146\033\043\015\075\171\351
+\155\153\326\124\370\322\074\301\103\100\256\035\120\365\122\374
+\220\073\273\230\231\151\153\307\301\247\250\150\244\047\334\235
+\371\047\256\060\205\271\366\147\115\072\076\217\131\071\042\123
+\104\353\310\135\003\312\355\120\172\175\142\041\012\200\310\163
+\146\321\240\005\140\137\350\245\264\247\257\250\367\155\065\234
+\174\132\212\326\242\070\231\363\170\213\364\115\322\040\013\336
+\004\356\214\233\107\201\162\015\300\024\062\357\060\131\056\256
+\340\161\362\126\344\152\227\157\222\120\155\226\215\150\172\232
+\262\066\024\172\006\362\044\271\011\021\120\327\010\261\270\211
+\172\204\043\141\102\051\345\243\315\242\040\101\327\321\234\144
+\331\352\046\241\213\024\327\114\031\262\120\101\161\075\077\115
+\160\043\206\014\112\334\201\322\314\062\224\204\015\010\011\227
+\034\117\300\356\153\040\164\060\322\340\071\064\020\205\041\025
+\001\010\350\125\062\336\161\111\331\050\027\120\115\346\276\115
+\321\165\254\320\312\373\101\270\103\245\252\323\303\005\104\117
+\054\066\233\342\372\342\105\270\043\123\154\006\157\147\125\177
+\106\265\114\077\156\050\132\171\046\322\244\250\142\227\322\036
+\342\355\112\213\274\033\375\107\112\015\337\147\146\176\262\133
+\101\320\073\344\364\073\364\004\143\351\357\302\124\000\121\240
+\212\052\311\316\170\314\325\352\207\004\030\263\316\257\111\210
+\257\363\222\231\266\263\346\141\017\322\205\000\347\120\032\344
+\033\225\235\031\241\271\234\261\233\261\000\036\357\320\017\117
+\102\154\311\012\274\356\103\372\072\161\245\310\115\046\245\065
+\375\211\135\274\205\142\035\062\322\240\053\124\355\232\127\301
+\333\372\020\317\031\267\213\112\033\217\001\266\047\225\123\350
+\266\211\155\133\274\150\324\043\350\213\121\242\126\371\360\246
+\200\240\326\036\263\274\017\017\123\165\051\252\352\023\167\344
+\336\214\201\041\255\007\020\107\021\255\207\075\007\321\165\274
+\317\363\146\176
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "DigiCert Trusted Root G4"
+# Issuer: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
+# Subject: CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Thu Aug 01 12:00:00 2013
+# Not Valid After : Fri Jan 15 12:00:00 2038
+# Fingerprint (SHA-256): 55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88
+# Fingerprint (SHA1): DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "DigiCert Trusted Root G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\335\373\026\315\111\061\311\163\242\003\175\077\310\072\115\175
+\167\135\005\344
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\170\362\374\252\140\037\057\264\353\311\067\272\123\056\165\111
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\025\060\023\006\003\125\004\012\023\014\104\151\147\151\103\145
+\162\164\040\111\156\143\061\031\060\027\006\003\125\004\013\023
+\020\167\167\167\056\144\151\147\151\143\145\162\164\056\143\157
+\155\061\041\060\037\006\003\125\004\003\023\030\104\151\147\151
+\103\145\162\164\040\124\162\165\163\164\145\144\040\122\157\157
+\164\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\005\233\033\127\236\216\041\062\342\071\007\275\247\167
+\165\134
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "WoSign"
+#
+# Issuer: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Serial Number:5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
+# Subject: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08
+# Fingerprint (SHA1): B9:42:94:BF:91:EA:8F:B6:4B:E6:10:97:C7:FB:00:13:59:B6:76:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\125\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\052\060\050\006
+\003\125\004\003\023\041\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\125\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\052\060\050\006
+\003\125\004\003\023\041\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\136\150\326\021\161\224\143\120\126\000\150\363\076\311
+\305\221
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\166\060\202\003\136\240\003\002\001\002\002\020\136
+\150\326\021\161\224\143\120\126\000\150\363\076\311\305\221\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\125
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\032\060
+\030\006\003\125\004\012\023\021\127\157\123\151\147\156\040\103
+\101\040\114\151\155\151\164\145\144\061\052\060\050\006\003\125
+\004\003\023\041\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\040\157\146\040\127
+\157\123\151\147\156\060\036\027\015\060\071\060\070\060\070\060
+\061\060\060\060\061\132\027\015\063\071\060\070\060\070\060\061
+\060\060\060\061\132\060\125\061\013\060\011\006\003\125\004\006
+\023\002\103\116\061\032\060\030\006\003\125\004\012\023\021\127
+\157\123\151\147\156\040\103\101\040\114\151\155\151\164\145\144
+\061\052\060\050\006\003\125\004\003\023\041\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\157\146\040\127\157\123\151\147\156\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\275\312\215
+\254\270\221\025\126\227\173\153\134\172\302\336\153\331\241\260
+\303\020\043\372\247\241\262\314\061\372\076\331\246\051\157\026
+\075\340\153\370\270\100\137\333\071\250\000\172\213\240\115\124
+\175\302\042\170\374\216\011\270\250\205\327\314\225\227\113\164
+\330\236\176\360\000\344\016\211\256\111\050\104\032\020\231\062
+\017\045\210\123\244\015\263\017\022\010\026\013\003\161\047\034
+\177\341\333\322\375\147\150\304\005\135\012\016\135\160\327\330
+\227\240\274\123\101\232\221\215\364\236\066\146\172\176\126\301
+\220\137\346\261\150\040\066\244\214\044\054\054\107\013\131\166
+\146\060\265\276\336\355\217\370\235\323\273\001\060\346\362\363
+\016\340\054\222\200\363\205\371\050\212\264\124\056\232\355\367
+\166\374\025\150\026\353\112\154\353\056\022\217\324\317\376\014
+\307\134\035\013\176\005\062\276\136\260\011\052\102\325\311\116
+\220\263\131\015\273\172\176\315\325\010\132\264\177\330\034\151
+\021\371\047\017\173\006\257\124\203\030\173\341\335\124\172\121
+\150\156\167\374\306\277\122\112\146\106\241\262\147\032\273\243
+\117\167\240\276\135\377\374\126\013\103\162\167\220\312\236\371
+\362\071\365\015\251\364\352\327\347\263\020\057\060\102\067\041
+\314\060\160\311\206\230\017\314\130\115\203\273\175\345\032\245
+\067\215\266\254\062\227\000\072\143\161\044\036\236\067\304\377
+\164\324\067\300\342\376\210\106\140\021\335\010\077\120\066\253
+\270\172\244\225\142\152\156\260\312\152\041\132\151\363\363\373
+\035\160\071\225\363\247\156\246\201\211\241\210\305\073\161\312
+\243\122\356\203\273\375\240\167\364\344\157\347\102\333\155\112
+\231\212\064\110\274\027\334\344\200\010\042\266\362\061\300\077
+\004\076\353\237\040\171\326\270\006\144\144\002\061\327\251\315
+\122\373\204\105\151\011\000\052\334\125\213\304\006\106\113\300
+\112\035\011\133\071\050\375\251\253\316\000\371\056\110\113\046
+\346\060\114\245\130\312\264\104\202\117\347\221\036\063\303\260
+\223\377\021\374\201\322\312\037\161\051\335\166\117\222\045\257
+\035\201\267\017\057\214\303\006\314\057\047\243\112\344\016\231
+\272\174\036\105\037\177\252\031\105\226\375\374\075\002\003\001
+\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\341\146\317\016\321\361\263\113\267\006\040\024\376\207
+\022\325\366\376\373\076\060\015\006\011\052\206\110\206\367\015
+\001\001\005\005\000\003\202\002\001\000\250\313\162\100\262\166
+\301\176\173\374\255\144\343\062\173\314\074\266\135\106\323\365
+\054\342\160\135\310\056\330\006\175\230\321\013\041\240\211\131
+\044\001\235\371\257\011\175\012\043\202\064\325\374\174\162\231
+\271\243\327\124\364\352\122\160\016\305\365\326\073\341\072\011
+\062\346\041\071\223\275\263\025\352\117\152\364\365\213\077\057
+\174\215\130\056\305\341\071\240\076\307\075\112\163\236\100\172
+\300\053\141\251\147\311\363\044\271\263\155\125\054\132\035\236
+\045\162\316\013\255\252\307\125\142\013\276\373\143\263\141\104
+\043\243\313\341\032\016\367\232\006\115\336\324\043\116\041\226
+\133\071\133\127\035\057\135\010\136\011\171\377\174\227\265\115
+\203\256\015\326\346\243\171\340\063\320\231\226\002\060\247\076
+\377\322\243\103\077\005\132\006\352\104\002\332\174\370\110\320
+\063\251\371\007\307\225\341\365\076\365\135\161\272\362\225\251
+\164\210\141\131\343\277\312\132\023\272\162\264\214\135\066\207
+\351\246\305\074\023\277\336\320\104\046\356\267\354\056\160\372
+\327\235\267\254\345\305\100\132\346\327\154\173\054\303\126\233
+\107\315\013\316\372\033\264\041\327\267\146\270\364\045\060\213
+\134\015\271\352\147\262\364\155\256\325\241\236\117\330\237\351
+\047\002\260\035\006\326\217\343\373\110\022\237\177\021\241\020
+\076\114\121\072\226\260\321\023\361\307\330\046\256\072\312\221
+\304\151\235\337\001\051\144\121\157\150\332\024\354\010\101\227
+\220\215\320\262\200\362\317\302\075\277\221\150\305\200\147\036
+\304\140\023\125\325\141\231\127\174\272\225\017\141\111\072\312
+\165\274\311\012\223\077\147\016\022\362\050\342\061\033\300\127
+\026\337\010\174\031\301\176\017\037\205\036\012\066\174\133\176
+\047\274\172\277\340\333\364\332\122\275\336\014\124\160\061\221
+\103\225\310\274\360\076\335\011\176\060\144\120\355\177\001\244
+\063\147\115\150\117\276\025\357\260\366\002\021\242\033\023\045
+\072\334\302\131\361\343\134\106\273\147\054\002\106\352\036\110
+\246\346\133\331\265\274\121\242\222\226\333\252\306\067\042\246
+\376\314\040\164\243\055\251\056\153\313\300\202\021\041\265\223
+\171\356\104\206\276\327\036\344\036\373
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "WoSign"
+# Issuer: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Serial Number:5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
+# Subject: CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08
+# Fingerprint (SHA1): B9:42:94:BF:91:EA:8F:B6:4B:E6:10:97:C7:FB:00:13:59:B6:76:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\271\102\224\277\221\352\217\266\113\346\020\227\307\373\000\023
+\131\266\166\313
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\241\362\371\265\322\310\172\164\270\363\005\361\327\341\204\215
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\125\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\052\060\050\006
+\003\125\004\003\023\041\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\136\150\326\021\161\224\143\120\126\000\150\363\076\311
+\305\221
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "WoSign China"
+#
+# Issuer: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Serial Number:50:70:6b:cd:d8:13:fc:1b:4e:3b:33:72:d2:11:48:8d
+# Subject: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54
+# Fingerprint (SHA1): 16:32:47:8D:89:F9:21:3A:92:00:85:63:F5:A4:A7:D3:12:40:8A:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign China"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\014\022\103\101\040\346\262\203\351\200\232\346
+\240\271\350\257\201\344\271\246
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\014\022\103\101\040\346\262\203\351\200\232\346
+\240\271\350\257\201\344\271\246
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\120\160\153\315\330\023\374\033\116\073\063\162\322\021
+\110\215
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\130\060\202\003\100\240\003\002\001\002\002\020\120
+\160\153\315\330\023\374\033\116\073\063\162\322\021\110\215\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\106
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\032\060
+\030\006\003\125\004\012\023\021\127\157\123\151\147\156\040\103
+\101\040\114\151\155\151\164\145\144\061\033\060\031\006\003\125
+\004\003\014\022\103\101\040\346\262\203\351\200\232\346\240\271
+\350\257\201\344\271\246\060\036\027\015\060\071\060\070\060\070
+\060\061\060\060\060\061\132\027\015\063\071\060\070\060\070\060
+\061\060\060\060\061\132\060\106\061\013\060\011\006\003\125\004
+\006\023\002\103\116\061\032\060\030\006\003\125\004\012\023\021
+\127\157\123\151\147\156\040\103\101\040\114\151\155\151\164\145
+\144\061\033\060\031\006\003\125\004\003\014\022\103\101\040\346
+\262\203\351\200\232\346\240\271\350\257\201\344\271\246\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\320
+\111\041\036\045\374\207\301\052\302\254\333\166\206\006\116\347
+\320\164\064\334\355\145\065\374\120\326\210\077\244\360\177\353
+\017\137\171\057\211\261\375\274\143\130\067\223\233\070\370\267
+\133\251\372\330\161\307\264\274\200\227\215\154\113\361\120\325
+\052\051\252\250\031\172\226\346\225\216\164\355\227\012\127\165
+\364\005\333\155\013\071\271\001\177\252\366\326\332\154\346\005
+\340\244\115\122\374\333\320\164\267\021\214\173\215\117\377\207
+\203\256\377\005\003\023\127\120\067\376\214\226\122\020\114\137
+\277\224\161\151\331\226\076\014\103\117\276\060\300\237\071\164
+\117\006\105\135\243\326\126\071\150\007\314\207\117\120\167\223
+\161\331\104\010\261\212\064\351\211\254\333\233\116\341\331\344
+\122\105\214\056\024\037\221\153\031\035\150\051\054\126\304\342
+\036\023\127\144\360\141\343\271\021\337\260\341\127\240\033\255
+\327\137\321\257\333\053\055\077\320\150\216\017\352\237\017\213
+\065\130\033\023\034\364\336\065\241\012\135\326\352\337\022\157
+\300\373\151\007\106\162\334\201\366\004\043\027\340\115\165\341
+\162\157\260\050\353\233\341\341\203\241\237\112\135\257\314\233
+\372\002\040\266\030\142\167\221\073\243\325\145\255\334\174\220
+\167\034\104\101\244\112\213\353\225\162\351\366\011\144\334\250
+\055\237\164\170\350\301\242\011\143\234\357\240\333\117\235\225
+\253\040\117\267\260\367\207\134\246\240\344\067\070\307\134\343
+\065\017\054\255\243\200\242\354\056\135\300\317\355\213\005\302
+\346\163\156\366\211\325\365\322\106\216\352\155\143\033\036\212
+\311\175\246\370\234\353\345\325\143\205\115\163\146\151\021\376
+\310\016\364\301\307\146\111\123\176\344\031\153\361\351\172\131
+\243\155\176\305\027\346\047\306\357\033\333\157\374\015\115\006
+\001\264\016\134\060\106\125\140\257\070\145\072\312\107\272\254
+\054\314\106\037\262\106\226\077\363\355\046\005\356\167\241\152
+\153\176\055\155\130\134\112\324\216\147\270\361\332\325\106\212
+\047\371\021\362\311\102\376\116\336\337\037\134\304\244\206\207
+\026\063\241\247\027\030\245\015\344\005\345\053\302\053\013\242
+\225\220\271\375\140\074\116\211\076\347\234\356\037\273\001\002
+\003\001\000\001\243\102\060\100\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016
+\004\026\004\024\340\115\277\334\233\101\135\023\350\144\360\247
+\351\025\244\341\201\301\272\061\060\015\006\011\052\206\110\206
+\367\015\001\001\013\005\000\003\202\002\001\000\152\212\160\070
+\131\266\332\213\030\310\276\052\323\266\031\325\146\051\172\135
+\315\133\057\163\034\046\116\243\175\157\253\267\051\115\246\351
+\245\021\203\247\071\163\257\020\104\222\346\045\135\117\141\372
+\310\006\276\116\113\357\376\363\061\376\306\174\160\012\101\130
+\332\350\231\113\226\311\170\274\230\174\002\051\355\011\200\346
+\012\072\202\002\052\342\311\057\310\126\031\046\356\170\034\043
+\375\367\223\145\116\347\363\230\230\257\315\335\331\236\100\210
+\061\050\072\253\056\013\260\254\014\044\372\172\046\230\363\022
+\141\020\364\135\027\367\176\342\170\227\124\342\214\350\051\272
+\214\020\062\275\335\063\153\070\206\176\071\075\016\003\162\247
+\135\171\217\105\212\131\256\133\041\156\061\106\325\131\215\317
+\025\137\335\061\045\317\333\140\326\201\104\162\051\002\127\366
+\226\324\326\377\352\051\333\071\305\270\054\212\032\215\316\313
+\347\102\061\206\005\150\016\236\024\335\000\220\272\151\105\010
+\333\156\220\201\206\247\052\005\077\346\204\071\370\267\371\127
+\137\114\244\171\132\020\014\136\325\153\377\065\137\005\121\036
+\154\243\165\251\317\120\203\323\174\364\146\367\202\215\075\014
+\175\350\337\173\250\016\033\054\234\256\100\160\207\332\355\247
+\026\202\132\276\065\154\040\116\042\141\331\274\121\172\315\172
+\141\334\113\021\371\376\147\064\317\056\004\146\141\134\127\227
+\043\214\363\206\033\110\337\052\257\247\301\377\330\216\076\003
+\273\330\052\260\372\024\045\262\121\153\206\103\205\056\007\043
+\026\200\215\114\373\264\143\073\314\303\164\355\033\243\036\376
+\065\017\137\174\035\026\206\365\016\303\225\361\057\257\135\045
+\073\121\346\327\166\101\070\321\113\003\071\050\245\036\221\162
+\324\175\253\227\063\304\323\076\340\151\266\050\171\240\011\215
+\034\321\377\101\162\110\006\374\232\056\347\040\371\233\242\336
+\211\355\256\074\011\257\312\127\263\222\211\160\100\344\057\117
+\302\160\203\100\327\044\054\153\347\011\037\323\325\307\301\010
+\364\333\016\073\034\007\013\103\021\204\041\206\351\200\324\165
+\330\253\361\002\142\301\261\176\125\141\317\023\327\046\260\327
+\234\313\051\213\070\112\013\016\220\215\272\241
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "WoSign China"
+# Issuer: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Serial Number:50:70:6b:cd:d8:13:fc:1b:4e:3b:33:72:d2:11:48:8d
+# Subject: CN=CA ...............,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Aug 08 01:00:01 2009
+# Not Valid After : Mon Aug 08 01:00:01 2039
+# Fingerprint (SHA-256): D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54
+# Fingerprint (SHA1): 16:32:47:8D:89:F9:21:3A:92:00:85:63:F5:A4:A7:D3:12:40:8A:D6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "WoSign China"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\026\062\107\215\211\371\041\072\222\000\205\143\365\244\247\323
+\022\100\212\326
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\170\203\133\122\026\166\304\044\073\203\170\350\254\332\232\223
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\014\022\103\101\040\346\262\203\351\200\232\346
+\240\271\350\257\201\344\271\246
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\120\160\153\315\330\023\374\033\116\073\063\162\322\021
+\110\215
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "COMODO RSA Certification Authority"
+#
+# Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
+# Subject: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Tue Jan 19 00:00:00 2010
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34
+# Fingerprint (SHA1): AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO RSA Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\122\123\101
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\122\123\101
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\114\252\371\312\333\143\157\340\037\367\116\330\133\003
+\206\235
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\330\060\202\003\300\240\003\002\001\002\002\020\114
+\252\371\312\333\143\157\340\037\367\116\330\133\003\206\235\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\201
+\205\061\013\060\011\006\003\125\004\006\023\002\107\102\061\033
+\060\031\006\003\125\004\010\023\022\107\162\145\141\164\145\162
+\040\115\141\156\143\150\145\163\164\145\162\061\020\060\016\006
+\003\125\004\007\023\007\123\141\154\146\157\162\144\061\032\060
+\030\006\003\125\004\012\023\021\103\117\115\117\104\117\040\103
+\101\040\114\151\155\151\164\145\144\061\053\060\051\006\003\125
+\004\003\023\042\103\117\115\117\104\117\040\122\123\101\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\060\036\027\015\061\060\060\061\061\071
+\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062
+\063\065\071\065\071\132\060\201\205\061\013\060\011\006\003\125
+\004\006\023\002\107\102\061\033\060\031\006\003\125\004\010\023
+\022\107\162\145\141\164\145\162\040\115\141\156\143\150\145\163
+\164\145\162\061\020\060\016\006\003\125\004\007\023\007\123\141
+\154\146\157\162\144\061\032\060\030\006\003\125\004\012\023\021
+\103\117\115\117\104\117\040\103\101\040\114\151\155\151\164\145
+\144\061\053\060\051\006\003\125\004\003\023\042\103\117\115\117
+\104\117\040\122\123\101\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\221
+\350\124\222\322\012\126\261\254\015\044\335\305\317\104\147\164
+\231\053\067\243\175\043\160\000\161\274\123\337\304\372\052\022
+\217\113\177\020\126\275\237\160\162\267\141\177\311\113\017\027
+\247\075\343\260\004\141\356\377\021\227\307\364\206\076\012\372
+\076\134\371\223\346\064\172\331\024\153\347\234\263\205\240\202
+\172\166\257\161\220\327\354\375\015\372\234\154\372\337\260\202
+\364\024\176\371\276\304\246\057\117\177\231\177\265\374\147\103
+\162\275\014\000\326\211\353\153\054\323\355\217\230\034\024\253
+\176\345\343\156\374\330\250\344\222\044\332\103\153\142\270\125
+\375\352\301\274\154\266\213\363\016\215\232\344\233\154\151\231
+\370\170\110\060\105\325\255\341\015\074\105\140\374\062\226\121
+\047\274\147\303\312\056\266\153\352\106\307\307\040\240\261\037
+\145\336\110\010\272\244\116\251\362\203\106\067\204\353\350\314
+\201\110\103\147\116\162\052\233\134\275\114\033\050\212\134\042
+\173\264\253\230\331\356\340\121\203\303\011\106\116\155\076\231
+\372\225\027\332\174\063\127\101\074\215\121\355\013\266\134\257
+\054\143\032\337\127\310\077\274\351\135\304\233\257\105\231\342
+\243\132\044\264\272\251\126\075\317\157\252\377\111\130\276\360
+\250\377\364\270\255\351\067\373\272\270\364\013\072\371\350\103
+\102\036\211\330\204\313\023\361\331\273\341\211\140\270\214\050
+\126\254\024\035\234\012\347\161\353\317\016\335\075\251\226\241
+\110\275\074\367\257\265\015\042\114\300\021\201\354\126\073\366
+\323\242\342\133\267\262\004\042\122\225\200\223\151\350\216\114
+\145\361\221\003\055\160\164\002\352\213\147\025\051\151\122\002
+\273\327\337\120\152\125\106\277\240\243\050\141\177\160\320\303
+\242\252\054\041\252\107\316\050\234\006\105\166\277\202\030\047
+\264\325\256\264\313\120\346\153\364\114\206\161\060\351\246\337
+\026\206\340\330\377\100\335\373\320\102\210\177\243\063\072\056
+\134\036\101\021\201\143\316\030\161\153\053\354\246\212\267\061
+\134\072\152\107\340\303\171\131\326\040\032\257\362\152\230\252
+\162\274\127\112\322\113\235\273\020\374\260\114\101\345\355\035
+\075\136\050\235\234\314\277\263\121\332\247\107\345\204\123\002
+\003\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004
+\026\004\024\273\257\176\002\075\372\246\361\074\204\216\255\356
+\070\230\354\331\062\062\324\060\016\006\003\125\035\017\001\001
+\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001
+\377\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206
+\367\015\001\001\014\005\000\003\202\002\001\000\012\361\325\106
+\204\267\256\121\273\154\262\115\101\024\000\223\114\234\313\345
+\300\124\317\240\045\216\002\371\375\260\242\015\365\040\230\074
+\023\055\254\126\242\260\326\176\021\222\351\056\272\236\056\232
+\162\261\275\031\104\154\141\065\242\232\264\026\022\151\132\214
+\341\327\076\244\032\350\057\003\364\256\141\035\020\033\052\244
+\213\172\305\376\005\246\341\300\326\310\376\236\256\217\053\272
+\075\231\370\330\163\011\130\106\156\246\234\364\327\047\323\225
+\332\067\203\162\034\323\163\340\242\107\231\003\070\135\325\111
+\171\000\051\034\307\354\233\040\034\007\044\151\127\170\262\071
+\374\072\204\240\265\234\174\215\277\056\223\142\047\267\071\332
+\027\030\256\275\074\011\150\377\204\233\074\325\326\013\003\343
+\127\236\024\367\321\353\117\310\275\207\043\267\266\111\103\171
+\205\134\272\353\222\013\241\306\350\150\250\114\026\261\032\231
+\012\350\123\054\222\273\241\011\030\165\014\145\250\173\313\043
+\267\032\302\050\205\303\033\377\320\053\142\357\244\173\011\221
+\230\147\214\024\001\315\150\006\152\143\041\165\003\200\210\212
+\156\201\306\205\362\251\244\055\347\364\245\044\020\107\203\312
+\315\364\215\171\130\261\006\233\347\032\052\331\235\001\327\224
+\175\355\003\112\312\360\333\350\251\001\076\365\126\231\311\036
+\216\111\075\273\345\011\271\340\117\111\222\075\026\202\100\314
+\314\131\306\346\072\355\022\056\151\074\154\225\261\375\252\035
+\173\177\206\276\036\016\062\106\373\373\023\217\165\177\114\213
+\113\106\143\376\000\064\100\160\301\303\271\241\335\246\160\342
+\004\263\101\274\351\200\221\352\144\234\172\341\042\003\251\234
+\156\157\016\145\117\154\207\207\136\363\156\240\371\165\245\233
+\100\350\123\262\047\235\112\271\300\167\041\215\377\207\362\336
+\274\214\357\027\337\267\111\013\321\362\156\060\013\032\016\116
+\166\355\021\374\365\351\126\262\175\277\307\155\012\223\214\245
+\320\300\266\035\276\072\116\224\242\327\156\154\013\302\212\174
+\372\040\363\304\344\345\315\015\250\313\221\222\261\174\205\354
+\265\024\151\146\016\202\347\315\316\310\055\246\121\177\041\301
+\065\123\205\006\112\135\237\255\273\033\137\164
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "COMODO RSA Certification Authority"
+# Issuer: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
+# Subject: CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Tue Jan 19 00:00:00 2010
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34
+# Fingerprint (SHA1): AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "COMODO RSA Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\257\345\322\104\250\321\031\102\060\377\107\237\342\370\227\273
+\315\172\214\264
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\033\061\260\161\100\066\314\024\066\221\255\304\076\375\354\030
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
+\061\033\060\031\006\003\125\004\010\023\022\107\162\145\141\164
+\145\162\040\115\141\156\143\150\145\163\164\145\162\061\020\060
+\016\006\003\125\004\007\023\007\123\141\154\146\157\162\144\061
+\032\060\030\006\003\125\004\012\023\021\103\117\115\117\104\117
+\040\103\101\040\114\151\155\151\164\145\144\061\053\060\051\006
+\003\125\004\003\023\042\103\117\115\117\104\117\040\122\123\101
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\114\252\371\312\333\143\157\340\037\367\116\330\133\003
+\206\235
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "USERTrust RSA Certification Authority"
+#
+# Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Serial Number:01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
+# Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Not Valid Before: Mon Feb 01 00:00:00 2010
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2
+# Fingerprint (SHA1): 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust RSA Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112
+\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013
+\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006
+\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122
+\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006
+\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040
+\122\123\101\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112
+\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013
+\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006
+\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122
+\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006
+\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040
+\122\123\101\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\001\375\155\060\374\243\312\121\250\033\274\144\016\065
+\003\055
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\336\060\202\003\306\240\003\002\001\002\002\020\001
+\375\155\060\374\243\312\121\250\033\274\144\016\065\003\055\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\201
+\210\061\013\060\011\006\003\125\004\006\023\002\125\123\061\023
+\060\021\006\003\125\004\010\023\012\116\145\167\040\112\145\162
+\163\145\171\061\024\060\022\006\003\125\004\007\023\013\112\145
+\162\163\145\171\040\103\151\164\171\061\036\060\034\006\003\125
+\004\012\023\025\124\150\145\040\125\123\105\122\124\122\125\123
+\124\040\116\145\164\167\157\162\153\061\056\060\054\006\003\125
+\004\003\023\045\125\123\105\122\124\162\165\163\164\040\122\123
+\101\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040
+\101\165\164\150\157\162\151\164\171\060\036\027\015\061\060\060
+\062\060\061\060\060\060\060\060\060\132\027\015\063\070\060\061
+\061\070\062\063\065\071\065\071\132\060\201\210\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\023\060\021\006\003\125
+\004\010\023\012\116\145\167\040\112\145\162\163\145\171\061\024
+\060\022\006\003\125\004\007\023\013\112\145\162\163\145\171\040
+\103\151\164\171\061\036\060\034\006\003\125\004\012\023\025\124
+\150\145\040\125\123\105\122\124\122\125\123\124\040\116\145\164
+\167\157\162\153\061\056\060\054\006\003\125\004\003\023\045\125
+\123\105\122\124\162\165\163\164\040\122\123\101\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\060\202\002\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
+\002\202\002\001\000\200\022\145\027\066\016\303\333\010\263\320
+\254\127\015\166\355\315\047\323\114\255\120\203\141\342\252\040
+\115\011\055\144\011\334\316\211\237\314\075\251\354\366\317\301
+\334\361\323\261\326\173\067\050\021\053\107\332\071\306\274\072
+\031\264\137\246\275\175\235\243\143\102\266\166\362\251\073\053
+\221\370\342\157\320\354\026\040\220\011\076\342\350\164\311\030
+\264\221\324\142\144\333\177\243\006\361\210\030\152\220\042\074
+\274\376\023\360\207\024\173\366\344\037\216\324\344\121\306\021
+\147\106\010\121\313\206\024\124\077\274\063\376\176\154\234\377
+\026\235\030\275\121\216\065\246\247\146\310\162\147\333\041\146
+\261\324\233\170\003\300\120\072\350\314\360\334\274\236\114\376
+\257\005\226\065\037\127\132\267\377\316\371\075\267\054\266\366
+\124\335\310\347\022\072\115\256\114\212\267\134\232\264\267\040
+\075\312\177\042\064\256\176\073\150\146\001\104\347\001\116\106
+\123\233\063\140\367\224\276\123\067\220\163\103\363\062\303\123
+\357\333\252\376\164\116\151\307\153\214\140\223\336\304\307\014
+\337\341\062\256\314\223\073\121\170\225\147\213\356\075\126\376
+\014\320\151\017\033\017\363\045\046\153\063\155\367\156\107\372
+\163\103\345\176\016\245\146\261\051\174\062\204\143\125\211\304
+\015\301\223\124\060\031\023\254\323\175\067\247\353\135\072\154
+\065\134\333\101\327\022\332\251\111\013\337\330\200\212\011\223
+\142\216\265\146\317\045\210\315\204\270\261\077\244\071\017\331
+\002\236\353\022\114\225\174\363\153\005\251\136\026\203\314\270
+\147\342\350\023\235\314\133\202\323\114\263\355\133\377\336\345
+\163\254\043\073\055\000\277\065\125\164\011\111\330\111\130\032
+\177\222\066\346\121\222\016\363\046\175\034\115\027\274\311\354
+\103\046\320\277\101\137\100\251\104\104\364\231\347\127\207\236
+\120\037\127\124\250\076\375\164\143\057\261\120\145\011\346\130
+\102\056\103\032\114\264\360\045\107\131\372\004\036\223\324\046
+\106\112\120\201\262\336\276\170\267\374\147\025\341\311\127\204
+\036\017\143\326\351\142\272\326\137\125\056\352\134\306\050\010
+\004\045\071\270\016\053\251\362\114\227\034\007\077\015\122\365
+\355\357\057\202\017\002\003\001\000\001\243\102\060\100\060\035
+\006\003\125\035\016\004\026\004\024\123\171\277\132\252\053\112
+\317\124\200\341\330\233\300\235\362\262\003\146\313\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\015
+\006\011\052\206\110\206\367\015\001\001\014\005\000\003\202\002
+\001\000\134\324\174\015\317\367\001\175\101\231\145\014\163\305
+\122\237\313\370\317\231\006\177\033\332\103\025\237\236\002\125
+\127\226\024\361\122\074\047\207\224\050\355\037\072\001\067\242
+\166\374\123\120\300\204\233\306\153\116\272\214\041\117\242\216
+\125\142\221\363\151\025\330\274\210\343\304\252\013\375\357\250
+\351\113\125\052\006\040\155\125\170\051\031\356\137\060\134\113
+\044\021\125\377\044\232\156\136\052\053\356\013\115\237\177\367
+\001\070\224\024\225\103\007\011\373\140\251\356\034\253\022\214
+\240\232\136\247\230\152\131\155\213\077\010\373\310\321\105\257
+\030\025\144\220\022\017\163\050\056\305\342\044\116\374\130\354
+\360\364\105\376\042\263\353\057\216\322\331\105\141\005\301\227
+\157\250\166\162\217\213\214\066\257\277\015\005\316\161\215\346
+\246\157\037\154\246\161\142\305\330\320\203\162\014\361\147\021
+\211\014\234\023\114\162\064\337\274\325\161\337\252\161\335\341
+\271\154\214\074\022\135\145\332\275\127\022\266\103\153\377\345
+\336\115\146\021\121\317\231\256\354\027\266\350\161\221\214\336
+\111\376\335\065\161\242\025\047\224\034\317\141\343\046\273\157
+\243\147\045\041\135\346\335\035\013\056\150\033\073\202\257\354
+\203\147\205\324\230\121\164\261\271\231\200\211\377\177\170\031
+\134\171\112\140\056\222\100\256\114\067\052\054\311\307\142\310
+\016\135\367\066\133\312\340\045\045\001\264\335\032\007\234\167
+\000\077\320\334\325\354\075\324\372\273\077\314\205\326\157\177
+\251\055\337\271\002\367\365\227\232\265\065\332\303\147\260\207
+\112\251\050\236\043\216\377\134\047\153\341\260\117\363\007\356
+\000\056\324\131\207\313\122\101\225\352\364\107\327\356\144\101
+\125\174\215\131\002\225\335\142\235\302\271\356\132\050\164\204
+\245\233\267\220\307\014\007\337\365\211\066\164\062\326\050\301
+\260\260\013\340\234\114\303\034\326\374\343\151\265\107\106\201
+\057\242\202\253\323\143\104\160\304\215\377\055\063\272\255\217
+\173\265\160\210\256\076\031\317\100\050\330\374\310\220\273\135
+\231\042\365\122\346\130\305\037\210\061\103\356\210\035\327\306
+\216\074\103\152\035\247\030\336\175\075\026\361\142\371\312\220
+\250\375
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "USERTrust RSA Certification Authority"
+# Issuer: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Serial Number:01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
+# Subject: CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Not Valid Before: Mon Feb 01 00:00:00 2010
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2
+# Fingerprint (SHA1): 2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust RSA Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\053\217\033\127\063\015\273\242\320\172\154\121\367\016\351\015
+\332\271\255\216
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\033\376\151\321\221\267\031\063\243\162\250\017\341\125\345\265
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112
+\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013
+\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006
+\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122
+\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006
+\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040
+\122\123\101\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\001\375\155\060\374\243\312\121\250\033\274\144\016\065
+\003\055
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "USERTrust ECC Certification Authority"
+#
+# Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Serial Number:5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26
+# Subject: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Not Valid Before: Mon Feb 01 00:00:00 2010
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A
+# Fingerprint (SHA1): D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust ECC Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112
+\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013
+\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006
+\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122
+\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006
+\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040
+\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112
+\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013
+\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006
+\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122
+\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006
+\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040
+\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\134\213\231\305\132\224\305\322\161\126\336\315\211\200
+\314\046
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\217\060\202\002\025\240\003\002\001\002\002\020\134
+\213\231\305\132\224\305\322\161\126\336\315\211\200\314\046\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\210\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\023\060\021\006
+\003\125\004\010\023\012\116\145\167\040\112\145\162\163\145\171
+\061\024\060\022\006\003\125\004\007\023\013\112\145\162\163\145
+\171\040\103\151\164\171\061\036\060\034\006\003\125\004\012\023
+\025\124\150\145\040\125\123\105\122\124\122\125\123\124\040\116
+\145\164\167\157\162\153\061\056\060\054\006\003\125\004\003\023
+\045\125\123\105\122\124\162\165\163\164\040\105\103\103\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\060\036\027\015\061\060\060\062\060\061
+\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062
+\063\065\071\065\071\132\060\201\210\061\013\060\011\006\003\125
+\004\006\023\002\125\123\061\023\060\021\006\003\125\004\010\023
+\012\116\145\167\040\112\145\162\163\145\171\061\024\060\022\006
+\003\125\004\007\023\013\112\145\162\163\145\171\040\103\151\164
+\171\061\036\060\034\006\003\125\004\012\023\025\124\150\145\040
+\125\123\105\122\124\122\125\123\124\040\116\145\164\167\157\162
+\153\061\056\060\054\006\003\125\004\003\023\045\125\123\105\122
+\124\162\165\163\164\040\105\103\103\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
+\053\201\004\000\042\003\142\000\004\032\254\124\132\251\371\150
+\043\347\172\325\044\157\123\306\132\330\113\253\306\325\266\321
+\346\163\161\256\335\234\326\014\141\375\333\240\211\003\270\005
+\024\354\127\316\356\135\077\342\041\263\316\367\324\212\171\340
+\243\203\176\055\227\320\141\304\361\231\334\045\221\143\253\177
+\060\243\264\160\342\307\241\063\234\363\277\056\134\123\261\137
+\263\175\062\177\212\064\343\171\171\243\102\060\100\060\035\006
+\003\125\035\016\004\026\004\024\072\341\011\206\324\317\031\302
+\226\166\164\111\166\334\340\065\306\143\143\232\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\012\006
+\010\052\206\110\316\075\004\003\003\003\150\000\060\145\002\060
+\066\147\241\026\010\334\344\227\000\101\035\116\276\341\143\001
+\317\073\252\102\021\144\240\235\224\071\002\021\171\134\173\035
+\372\144\271\356\026\102\263\277\212\302\011\304\354\344\261\115
+\002\061\000\351\052\141\107\214\122\112\113\116\030\160\366\326
+\104\326\156\365\203\272\155\130\275\044\331\126\110\352\357\304
+\242\106\201\210\152\072\106\321\251\233\115\311\141\332\321\135
+\127\152\030
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "USERTrust ECC Certification Authority"
+# Issuer: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Serial Number:5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26
+# Subject: CN=USERTrust ECC Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US
+# Not Valid Before: Mon Feb 01 00:00:00 2010
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A
+# Fingerprint (SHA1): D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "USERTrust ECC Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\321\313\312\135\262\325\052\177\151\073\147\115\345\360\132\035
+\014\225\175\360
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\372\150\274\331\265\177\255\375\311\035\006\203\050\314\044\301
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\023\060\021\006\003\125\004\010\023\012\116\145\167\040\112
+\145\162\163\145\171\061\024\060\022\006\003\125\004\007\023\013
+\112\145\162\163\145\171\040\103\151\164\171\061\036\060\034\006
+\003\125\004\012\023\025\124\150\145\040\125\123\105\122\124\122
+\125\123\124\040\116\145\164\167\157\162\153\061\056\060\054\006
+\003\125\004\003\023\045\125\123\105\122\124\162\165\163\164\040
+\105\103\103\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\134\213\231\305\132\224\305\322\161\126\336\315\211\200
+\314\046
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GlobalSign ECC Root CA - R4"
+#
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
+# Serial Number:2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
+# Not Valid Before: Tue Nov 13 00:00:00 2012
+# Not Valid After : Tue Jan 19 03:14:07 2038
+# Fingerprint (SHA-256): BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C
+# Fingerprint (SHA1): 69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign ECC Root CA - R4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157
+\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164
+\040\103\101\040\055\040\122\064\061\023\060\021\006\003\125\004
+\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060
+\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151
+\147\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157
+\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164
+\040\103\101\040\055\040\122\064\061\023\060\021\006\003\125\004
+\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060
+\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151
+\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\052\070\244\034\226\012\004\336\102\262\050\245\013\350
+\064\230\002
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\001\341\060\202\001\207\240\003\002\001\002\002\021\052
+\070\244\034\226\012\004\336\102\262\050\245\013\350\064\230\002
+\060\012\006\010\052\206\110\316\075\004\003\002\060\120\061\044
+\060\042\006\003\125\004\013\023\033\107\154\157\142\141\154\123
+\151\147\156\040\105\103\103\040\122\157\157\164\040\103\101\040
+\055\040\122\064\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156\060\036
+\027\015\061\062\061\061\061\063\060\060\060\060\060\060\132\027
+\015\063\070\060\061\061\071\060\063\061\064\060\067\132\060\120
+\061\044\060\042\006\003\125\004\013\023\033\107\154\157\142\141
+\154\123\151\147\156\040\105\103\103\040\122\157\157\164\040\103
+\101\040\055\040\122\064\061\023\060\021\006\003\125\004\012\023
+\012\107\154\157\142\141\154\123\151\147\156\061\023\060\021\006
+\003\125\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+\060\131\060\023\006\007\052\206\110\316\075\002\001\006\010\052
+\206\110\316\075\003\001\007\003\102\000\004\270\306\171\323\217
+\154\045\016\237\056\071\031\034\003\244\256\232\345\071\007\011
+\026\312\143\261\271\206\370\212\127\301\127\316\102\372\163\241
+\367\145\102\377\036\301\000\262\156\163\016\377\307\041\345\030
+\244\252\331\161\077\250\324\271\316\214\035\243\102\060\100\060
+\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
+\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377
+\060\035\006\003\125\035\016\004\026\004\024\124\260\173\255\105
+\270\342\100\177\373\012\156\373\276\063\311\074\243\204\325\060
+\012\006\010\052\206\110\316\075\004\003\002\003\110\000\060\105
+\002\041\000\334\222\241\240\023\246\317\003\260\346\304\041\227
+\220\372\024\127\055\003\354\356\074\323\156\312\250\154\166\274
+\242\336\273\002\040\047\250\205\047\065\233\126\306\243\362\107
+\322\267\156\033\002\000\027\252\147\246\025\221\336\372\224\354
+\173\013\370\237\204
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "GlobalSign ECC Root CA - R4"
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
+# Serial Number:2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R4
+# Not Valid Before: Tue Nov 13 00:00:00 2012
+# Not Valid After : Tue Jan 19 03:14:07 2038
+# Fingerprint (SHA-256): BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C
+# Fingerprint (SHA1): 69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign ECC Root CA - R4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\151\151\126\056\100\200\364\044\241\347\031\237\024\272\363\356
+\130\253\152\273
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\040\360\047\150\321\176\240\235\016\346\052\312\337\134\211\216
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157
+\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164
+\040\103\101\040\055\040\122\064\061\023\060\021\006\003\125\004
+\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060
+\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151
+\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\052\070\244\034\226\012\004\336\102\262\050\245\013\350
+\064\230\002
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GlobalSign ECC Root CA - R5"
+#
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
+# Serial Number:60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
+# Not Valid Before: Tue Nov 13 00:00:00 2012
+# Not Valid After : Tue Jan 19 03:14:07 2038
+# Fingerprint (SHA-256): 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24
+# Fingerprint (SHA1): 1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign ECC Root CA - R5"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157
+\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164
+\040\103\101\040\055\040\122\065\061\023\060\021\006\003\125\004
+\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060
+\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151
+\147\156
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157
+\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164
+\040\103\101\040\055\040\122\065\061\023\060\021\006\003\125\004
+\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060
+\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151
+\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\140\131\111\340\046\056\273\125\371\012\167\212\161\371
+\112\330\154
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\036\060\202\001\244\240\003\002\001\002\002\021\140
+\131\111\340\046\056\273\125\371\012\167\212\161\371\112\330\154
+\060\012\006\010\052\206\110\316\075\004\003\003\060\120\061\044
+\060\042\006\003\125\004\013\023\033\107\154\157\142\141\154\123
+\151\147\156\040\105\103\103\040\122\157\157\164\040\103\101\040
+\055\040\122\065\061\023\060\021\006\003\125\004\012\023\012\107
+\154\157\142\141\154\123\151\147\156\061\023\060\021\006\003\125
+\004\003\023\012\107\154\157\142\141\154\123\151\147\156\060\036
+\027\015\061\062\061\061\061\063\060\060\060\060\060\060\132\027
+\015\063\070\060\061\061\071\060\063\061\064\060\067\132\060\120
+\061\044\060\042\006\003\125\004\013\023\033\107\154\157\142\141
+\154\123\151\147\156\040\105\103\103\040\122\157\157\164\040\103
+\101\040\055\040\122\065\061\023\060\021\006\003\125\004\012\023
+\012\107\154\157\142\141\154\123\151\147\156\061\023\060\021\006
+\003\125\004\003\023\012\107\154\157\142\141\154\123\151\147\156
+\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053
+\201\004\000\042\003\142\000\004\107\105\016\226\373\175\135\277
+\351\071\321\041\370\237\013\266\325\173\036\222\072\110\131\034
+\360\142\061\055\300\172\050\376\032\247\134\263\266\314\227\347
+\105\324\130\372\321\167\155\103\242\300\207\145\064\012\037\172
+\335\353\074\063\241\305\235\115\244\157\101\225\070\177\311\036
+\204\353\321\236\111\222\207\224\207\014\072\205\112\146\237\235
+\131\223\115\227\141\006\206\112\243\102\060\100\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006
+\003\125\035\016\004\026\004\024\075\346\051\110\233\352\007\312
+\041\104\112\046\336\156\336\322\203\320\237\131\060\012\006\010
+\052\206\110\316\075\004\003\003\003\150\000\060\145\002\061\000
+\345\151\022\311\156\333\306\061\272\011\101\341\227\370\373\375
+\232\342\175\022\311\355\174\144\323\313\005\045\213\126\331\240
+\347\136\135\116\013\203\234\133\166\051\240\011\046\041\152\142
+\002\060\161\322\265\217\134\352\073\341\170\011\205\250\165\222
+\073\310\134\375\110\357\015\164\042\250\010\342\156\305\111\316
+\307\014\274\247\141\151\361\367\073\341\052\313\371\053\363\146
+\220\067
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "GlobalSign ECC Root CA - R5"
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
+# Serial Number:60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign ECC Root CA - R5
+# Not Valid Before: Tue Nov 13 00:00:00 2012
+# Not Valid After : Tue Jan 19 03:14:07 2038
+# Fingerprint (SHA-256): 17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24
+# Fingerprint (SHA1): 1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GlobalSign ECC Root CA - R5"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\037\044\306\060\315\244\030\357\040\151\377\255\117\335\137\106
+\072\033\151\252
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\237\255\073\034\002\036\212\272\027\164\070\201\014\242\274\010
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\120\061\044\060\042\006\003\125\004\013\023\033\107\154\157
+\142\141\154\123\151\147\156\040\105\103\103\040\122\157\157\164
+\040\103\101\040\055\040\122\065\061\023\060\021\006\003\125\004
+\012\023\012\107\154\157\142\141\154\123\151\147\156\061\023\060
+\021\006\003\125\004\003\023\012\107\154\157\142\141\154\123\151
+\147\156
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\140\131\111\340\046\056\273\125\371\012\167\212\161\371
+\112\330\154
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+#
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:2f:00:6e:cd:17:70:66:e7:5f:a3:82:0a:79:1f:05:ae
+# Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Thu Mar 26 00:00:00 2009
+# Not Valid After : Sun Mar 24 23:59:59 2019
+# Fingerprint (SHA-256): 0A:41:51:D5:E5:8B:84:B8:AC:E5:3A:5C:12:12:2A:C9:59:CD:69:91:FB:B3:8E:99:B5:76:C0:AB:DA:C3:58:14
+# Fingerprint (SHA1): 76:44:59:78:1B:AC:B0:47:63:A5:D0:A1:58:91:65:26:1F:29:8E:3B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\265\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\073\060\071\006\003
+\125\004\013\023\062\124\145\162\155\163\040\157\146\040\165\163
+\145\040\141\164\040\150\164\164\160\163\072\057\057\167\167\167
+\056\166\145\162\151\163\151\147\156\056\143\157\155\057\162\160
+\141\040\050\143\051\060\071\061\057\060\055\006\003\125\004\003
+\023\046\126\145\162\151\123\151\147\156\040\103\154\141\163\163
+\040\063\040\123\145\143\165\162\145\040\123\145\162\166\145\162
+\040\103\101\040\055\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\057\000\156\315\027\160\146\347\137\243\202\012\171\037
+\005\256
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\071\060\202\004\041\240\003\002\001\002\002\020\057
+\000\156\315\027\160\146\347\137\243\202\012\171\037\005\256\060
+\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\201
+\312\061\013\060\011\006\003\125\004\006\023\002\125\123\061\027
+\060\025\006\003\125\004\012\023\016\126\145\162\151\123\151\147
+\156\054\040\111\156\143\056\061\037\060\035\006\003\125\004\013
+\023\026\126\145\162\151\123\151\147\156\040\124\162\165\163\164
+\040\116\145\164\167\157\162\153\061\072\060\070\006\003\125\004
+\013\023\061\050\143\051\040\062\060\060\066\040\126\145\162\151
+\123\151\147\156\054\040\111\156\143\056\040\055\040\106\157\162
+\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040
+\157\156\154\171\061\105\060\103\006\003\125\004\003\023\074\126
+\145\162\151\123\151\147\156\040\103\154\141\163\163\040\063\040
+\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\107\065\060\036\027\015\060
+\071\060\063\062\066\060\060\060\060\060\060\132\027\015\061\071
+\060\063\062\064\062\063\065\071\065\071\132\060\201\265\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006
+\003\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040
+\111\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126
+\145\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145
+\164\167\157\162\153\061\073\060\071\006\003\125\004\013\023\062
+\124\145\162\155\163\040\157\146\040\165\163\145\040\141\164\040
+\150\164\164\160\163\072\057\057\167\167\167\056\166\145\162\151
+\163\151\147\156\056\143\157\155\057\162\160\141\040\050\143\051
+\060\071\061\057\060\055\006\003\125\004\003\023\046\126\145\162
+\151\123\151\147\156\040\103\154\141\163\163\040\063\040\123\145
+\143\165\162\145\040\123\145\162\166\145\162\040\103\101\040\055
+\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206\367
+\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002
+\202\001\001\000\324\126\217\127\073\067\050\246\100\143\322\225
+\325\005\164\332\265\031\152\226\326\161\127\057\342\300\064\214
+\240\225\263\214\341\067\044\363\056\355\103\105\005\216\211\327
+\372\332\112\265\370\076\215\116\307\371\111\120\105\067\100\237
+\164\252\240\121\125\141\361\140\204\211\245\236\200\215\057\260
+\041\252\105\202\304\317\264\024\177\107\025\040\050\202\260\150
+\022\300\256\134\007\327\366\131\314\313\142\126\134\115\111\377
+\046\210\253\124\121\072\057\112\332\016\230\342\211\162\271\374
+\367\150\074\304\037\071\172\313\027\201\363\014\255\017\334\141
+\142\033\020\013\004\036\051\030\161\136\142\313\103\336\276\061
+\272\161\002\031\116\046\251\121\332\214\144\151\003\336\234\375
+\175\375\173\141\274\374\204\174\210\134\264\303\173\355\137\053
+\106\022\361\375\000\001\232\213\133\351\243\005\056\217\056\133
+\336\363\033\170\370\146\221\010\300\136\316\325\260\066\312\324
+\250\173\240\175\371\060\172\277\370\335\031\121\053\040\272\376
+\247\317\241\116\260\147\365\200\252\053\203\056\322\216\124\211
+\216\036\051\013\002\003\001\000\001\243\202\001\054\060\202\001
+\050\060\022\006\003\125\035\023\001\001\377\004\010\060\006\001
+\001\377\002\001\000\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\051\006\003\125\035\021\004\042\060\040
+\244\036\060\034\061\032\060\030\006\003\125\004\003\023\021\103
+\154\141\163\163\063\103\101\062\060\064\070\055\061\055\065\062
+\060\035\006\003\125\035\016\004\026\004\024\245\357\013\021\316
+\300\101\003\243\112\145\220\110\262\034\340\127\055\175\107\060
+\146\006\003\125\035\040\004\137\060\135\060\133\006\013\140\206
+\110\001\206\370\105\001\007\027\003\060\114\060\043\006\010\053
+\006\001\005\005\007\002\001\026\027\150\164\164\160\163\072\057
+\057\144\056\163\171\155\143\142\056\143\157\155\057\143\160\163
+\060\045\006\010\053\006\001\005\005\007\002\002\060\031\032\027
+\150\164\164\160\163\072\057\057\144\056\163\171\155\143\142\056
+\143\157\155\057\162\160\141\060\057\006\003\125\035\037\004\050
+\060\046\060\044\240\042\240\040\206\036\150\164\164\160\072\057
+\057\163\056\163\171\155\143\142\056\143\157\155\057\160\143\141
+\063\055\147\065\056\143\162\154\060\037\006\003\125\035\043\004
+\030\060\026\200\024\177\323\145\247\302\335\354\273\360\060\011
+\363\103\071\372\002\257\063\061\063\060\015\006\011\052\206\110
+\206\367\015\001\001\005\005\000\003\202\001\001\000\053\216\024
+\314\354\206\010\140\067\213\154\145\211\045\041\336\057\122\242
+\007\236\130\323\263\026\170\001\231\121\225\264\023\167\314\167
+\335\013\134\201\067\326\276\366\142\326\004\067\013\030\163\232
+\323\366\301\242\036\155\234\273\214\021\346\076\022\136\007\137
+\013\203\134\164\002\340\120\364\261\046\033\155\306\350\351\277
+\115\271\001\025\031\354\120\232\371\021\360\201\130\103\054\115
+\021\100\263\132\106\010\246\136\163\241\210\022\065\214\377\003
+\072\275\326\235\372\347\334\226\271\032\144\076\304\375\331\012
+\266\145\236\272\245\250\130\374\073\042\360\242\127\356\212\127
+\107\234\167\307\045\341\254\064\005\115\363\202\176\101\043\272
+\264\127\363\347\306\001\145\327\115\211\231\034\151\115\136\170
+\366\353\162\161\075\262\304\225\001\237\135\014\267\057\045\246
+\134\171\101\357\236\304\147\074\241\235\177\161\072\320\225\227
+\354\170\102\164\230\156\276\076\150\114\127\074\250\223\101\207
+\013\344\271\257\221\373\120\114\014\272\300\044\047\321\025\333
+\145\110\041\012\057\327\334\176\240\314\145\176\171
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:2f:00:6e:cd:17:70:66:e7:5f:a3:82:0a:79:1f:05:ae
+# Subject: CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Thu Mar 26 00:00:00 2009
+# Not Valid After : Sun Mar 24 23:59:59 2019
+# Fingerprint (SHA-256): 0A:41:51:D5:E5:8B:84:B8:AC:E5:3A:5C:12:12:2A:C9:59:CD:69:91:FB:B3:8E:99:B5:76:C0:AB:DA:C3:58:14
+# Fingerprint (SHA1): 76:44:59:78:1B:AC:B0:47:63:A5:D0:A1:58:91:65:26:1F:29:8E:3B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\166\104\131\170\033\254\260\107\143\245\320\241\130\221\145\046
+\037\051\216\073
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\277\022\155\372\174\325\133\046\171\072\215\252\021\357\057\134
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
+\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
+\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
+\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
+\125\004\013\023\061\050\143\051\040\062\060\060\066\040\126\145
+\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
+\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
+\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
+\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
+\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
+\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
+\165\164\150\157\162\151\164\171\040\055\040\107\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\057\000\156\315\027\160\146\347\137\243\202\012\171\037
+\005\256
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Staat der Nederlanden Root CA - G3"
+#
+# Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
+# Serial Number: 10003001 (0x98a239)
+# Subject: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Thu Nov 14 11:28:42 2013
+# Not Valid After : Mon Nov 13 23:00:00 2028
+# Fingerprint (SHA-256): 3C:4F:B0:B9:5A:B8:B3:00:32:F4:32:B8:6F:53:5F:E1:72:C1:85:D0:FD:39:86:58:37:CF:36:18:7F:A6:F4:28
+# Fingerprint (SHA1): D8:EB:6B:41:51:92:59:E0:F3:E7:85:00:C0:3D:B6:88:97:C9:EE:FC
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\122\157\157\164\040\103\101\040\055\040\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\122\157\157\164\040\103\101\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\000\230\242\071
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\164\060\202\003\134\240\003\002\001\002\002\004\000
+\230\242\071\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\132\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141
+\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
+\156\061\053\060\051\006\003\125\004\003\014\042\123\164\141\141
+\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
+\156\040\122\157\157\164\040\103\101\040\055\040\107\063\060\036
+\027\015\061\063\061\061\061\064\061\061\062\070\064\062\132\027
+\015\062\070\061\061\061\063\062\063\060\060\060\060\132\060\132
+\061\013\060\011\006\003\125\004\006\023\002\116\114\061\036\060
+\034\006\003\125\004\012\014\025\123\164\141\141\164\040\144\145
+\162\040\116\145\144\145\162\154\141\156\144\145\156\061\053\060
+\051\006\003\125\004\003\014\042\123\164\141\141\164\040\144\145
+\162\040\116\145\144\145\162\154\141\156\144\145\156\040\122\157
+\157\164\040\103\101\040\055\040\107\063\060\202\002\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
+\017\000\060\202\002\012\002\202\002\001\000\276\062\242\124\017
+\160\373\054\134\131\353\154\304\244\121\350\205\052\263\314\112
+\064\362\260\137\363\016\307\034\075\123\036\210\010\150\330\157
+\075\255\302\236\314\202\147\007\047\207\150\161\072\237\165\226
+\042\106\005\260\355\255\307\133\236\052\336\234\374\072\306\225
+\247\365\027\147\030\347\057\111\010\014\134\317\346\314\064\355
+\170\373\120\261\334\153\062\360\242\376\266\074\344\354\132\227
+\307\077\036\160\010\060\240\334\305\263\155\157\320\202\162\021
+\253\322\201\150\131\202\027\267\170\222\140\372\314\336\077\204
+\353\215\070\063\220\012\162\043\372\065\314\046\161\061\321\162
+\050\222\331\133\043\155\146\265\155\007\102\353\246\063\316\222
+\333\300\366\154\143\170\315\312\116\075\265\345\122\233\361\276
+\073\346\124\140\260\146\036\011\253\007\376\124\211\021\102\321
+\367\044\272\140\170\032\230\367\311\021\375\026\301\065\032\124
+\165\357\103\323\345\256\116\316\347\173\303\306\116\141\121\113
+\253\232\105\113\241\037\101\275\110\123\025\161\144\013\206\263
+\345\056\276\316\244\033\301\051\204\242\265\313\010\043\166\103
+\042\044\037\027\004\324\156\234\306\374\177\053\146\032\354\212
+\345\326\317\115\365\143\011\267\025\071\326\173\254\353\343\174
+\351\116\374\165\102\310\355\130\225\014\006\102\242\234\367\344
+\160\263\337\162\157\132\067\100\211\330\205\244\327\361\013\336
+\103\031\324\112\130\054\214\212\071\236\277\204\207\361\026\073
+\066\014\351\323\264\312\154\031\101\122\011\241\035\260\152\277
+\202\357\160\121\041\062\334\005\166\214\313\367\144\344\003\120
+\257\214\221\147\253\305\362\356\130\330\336\276\367\347\061\317
+\154\311\073\161\301\325\210\265\145\274\300\350\027\027\007\022
+\265\134\322\253\040\223\264\346\202\203\160\066\305\315\243\215
+\255\213\354\243\301\103\207\346\103\342\064\276\225\213\065\355
+\007\071\332\250\035\172\237\066\236\022\260\014\145\022\220\025
+\140\331\046\100\104\343\126\140\245\020\324\152\074\375\101\334
+\016\132\107\266\357\227\141\165\117\331\376\307\262\035\324\355
+\135\111\263\251\152\313\146\204\023\325\134\240\334\337\156\167
+\006\321\161\165\310\127\157\257\017\167\133\002\003\001\000\001
+\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024
+\124\255\372\307\222\127\256\312\065\234\056\022\373\344\272\135
+\040\334\224\127\060\015\006\011\052\206\110\206\367\015\001\001
+\013\005\000\003\202\002\001\000\060\231\235\005\062\310\136\016
+\073\230\001\072\212\244\347\007\367\172\370\347\232\337\120\103
+\123\227\052\075\312\074\107\230\056\341\025\173\361\222\363\141
+\332\220\045\026\145\300\237\124\135\016\003\073\133\167\002\234
+\204\266\015\230\137\064\335\073\143\302\303\050\201\302\234\051
+\056\051\342\310\303\001\362\063\352\052\252\314\011\010\367\145
+\147\306\315\337\323\266\053\247\275\314\321\016\160\137\270\043
+\321\313\221\116\012\364\310\172\345\331\143\066\301\324\337\374
+\042\227\367\140\135\352\051\057\130\262\275\130\275\215\226\117
+\020\165\277\110\173\075\121\207\241\074\164\042\302\374\007\177
+\200\334\304\254\376\152\301\160\060\260\351\216\151\342\054\151
+\201\224\011\272\335\376\115\300\203\214\224\130\300\106\040\257
+\234\037\002\370\065\125\111\057\106\324\300\360\240\226\002\017
+\063\305\161\363\236\043\175\224\267\375\072\323\011\203\006\041
+\375\140\075\256\062\300\322\356\215\246\360\347\264\202\174\012
+\314\160\311\171\200\370\376\114\367\065\204\031\212\061\373\012
+\331\327\177\233\360\242\232\153\303\005\112\355\101\140\024\060
+\321\252\021\102\156\323\043\002\004\013\306\145\335\335\122\167
+\332\201\153\262\250\372\001\070\271\226\352\052\154\147\227\211
+\224\236\274\341\124\325\344\152\170\357\112\275\053\232\075\100
+\176\306\300\165\322\156\373\150\060\354\354\213\235\371\111\065
+\232\032\054\331\263\225\071\325\036\222\367\246\271\145\057\345
+\075\155\072\110\114\010\334\344\050\022\050\276\175\065\134\352
+\340\026\176\023\033\152\327\076\327\236\374\055\165\262\301\024
+\325\043\003\333\133\157\013\076\170\057\015\336\063\215\026\267
+\110\347\203\232\201\017\173\301\103\115\125\004\027\070\112\121
+\325\131\242\211\164\323\237\276\036\113\327\306\155\267\210\044
+\157\140\221\244\202\205\133\126\101\274\320\104\253\152\023\276
+\321\054\130\267\022\063\130\262\067\143\334\023\365\224\035\077
+\100\121\365\117\365\072\355\310\305\353\302\036\035\026\225\172
+\307\176\102\161\223\156\113\025\267\060\337\252\355\127\205\110
+\254\035\152\335\071\151\344\341\171\170\276\316\005\277\241\014
+\367\200\173\041\147\047\060\131
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Staat der Nederlanden Root CA - G3"
+# Issuer: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
+# Serial Number: 10003001 (0x98a239)
+# Subject: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Thu Nov 14 11:28:42 2013
+# Not Valid After : Mon Nov 13 23:00:00 2028
+# Fingerprint (SHA-256): 3C:4F:B0:B9:5A:B8:B3:00:32:F4:32:B8:6F:53:5F:E1:72:C1:85:D0:FD:39:86:58:37:CF:36:18:7F:A6:F4:28
+# Fingerprint (SHA1): D8:EB:6B:41:51:92:59:E0:F3:E7:85:00:C0:3D:B6:88:97:C9:EE:FC
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Staat der Nederlanden Root CA - G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\330\353\153\101\121\222\131\340\363\347\205\000\300\075\266\210
+\227\311\356\374
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\013\106\147\007\333\020\057\031\214\065\120\140\321\013\364\067
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\053\060\051\006\003\125\004\003\014\042\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\122\157\157\164\040\103\101\040\055\040\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\000\230\242\071
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Staat der Nederlanden EV Root CA"
+#
+# Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000013 (0x98968d)
+# Subject: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Wed Dec 08 11:19:29 2010
+# Not Valid After : Thu Dec 08 11:10:28 2022
+# Fingerprint (SHA-256): 4D:24:91:41:4C:FE:95:67:46:EC:4C:EF:A6:CF:6F:72:E2:8A:13:29:43:2F:9D:8A:90:7A:C4:CB:5D:AD:C1:5A
+# Fingerprint (SHA1): 76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Staat der Nederlanden EV Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\051\060\047\006\003\125\004\003\014\040\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\105\126\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\051\060\047\006\003\125\004\003\014\040\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\105\126\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\000\230\226\215
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\160\060\202\003\130\240\003\002\001\002\002\004\000
+\230\226\215\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\130\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\036\060\034\006\003\125\004\012\014\025\123\164\141\141
+\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
+\156\061\051\060\047\006\003\125\004\003\014\040\123\164\141\141
+\164\040\144\145\162\040\116\145\144\145\162\154\141\156\144\145
+\156\040\105\126\040\122\157\157\164\040\103\101\060\036\027\015
+\061\060\061\062\060\070\061\061\061\071\062\071\132\027\015\062
+\062\061\062\060\070\061\061\061\060\062\070\132\060\130\061\013
+\060\011\006\003\125\004\006\023\002\116\114\061\036\060\034\006
+\003\125\004\012\014\025\123\164\141\141\164\040\144\145\162\040
+\116\145\144\145\162\154\141\156\144\145\156\061\051\060\047\006
+\003\125\004\003\014\040\123\164\141\141\164\040\144\145\162\040
+\116\145\144\145\162\154\141\156\144\145\156\040\105\126\040\122
+\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\343\307\176\211\371\044\113\072\322
+\063\203\065\054\151\354\334\011\244\343\121\250\045\053\171\270
+\010\075\340\221\272\204\205\306\205\244\312\346\311\056\123\244
+\311\044\036\375\125\146\161\135\054\305\140\150\004\267\331\302
+\122\046\070\210\244\326\073\100\246\302\315\077\315\230\223\263
+\124\024\130\226\125\325\120\376\206\255\244\143\177\134\207\366
+\216\346\047\222\147\027\222\002\003\054\334\326\146\164\355\335
+\147\377\301\141\215\143\117\017\233\155\027\060\046\357\253\322
+\037\020\240\371\305\177\026\151\201\003\107\355\036\150\215\162
+\241\115\262\046\306\272\154\137\155\326\257\321\261\023\216\251
+\255\363\136\151\165\046\030\076\101\053\041\177\356\213\135\007
+\006\235\103\304\051\012\053\374\052\076\206\313\074\203\072\371
+\311\015\332\305\231\342\274\170\101\063\166\341\277\057\135\345
+\244\230\120\014\025\335\340\372\234\177\070\150\320\262\246\172
+\247\321\061\275\176\212\130\047\103\263\272\063\221\323\247\230
+\025\134\232\346\323\017\165\331\374\101\230\227\076\252\045\333
+\217\222\056\260\173\014\137\361\143\251\067\371\233\165\151\114
+\050\046\045\332\325\362\022\160\105\125\343\337\163\136\067\365
+\041\154\220\216\065\132\311\323\043\353\323\300\276\170\254\102
+\050\130\146\245\106\155\160\002\327\020\371\113\124\374\135\206
+\112\207\317\177\312\105\254\021\132\265\040\121\215\057\210\107
+\227\071\300\317\272\300\102\001\100\231\110\041\013\153\247\322
+\375\226\325\321\276\106\235\111\340\013\246\240\042\116\070\320
+\301\074\060\274\160\217\054\165\314\320\305\214\121\073\075\224
+\010\144\046\141\175\271\303\145\217\024\234\041\320\252\375\027
+\162\003\217\275\233\214\346\136\123\236\271\235\357\202\273\341
+\274\342\162\101\133\041\224\323\105\067\224\321\337\011\071\135
+\347\043\252\232\035\312\155\250\012\206\205\212\202\276\102\007
+\326\362\070\202\163\332\207\133\345\074\323\236\076\247\073\236
+\364\003\263\371\361\175\023\164\002\377\273\241\345\372\000\171
+\034\246\146\101\210\134\140\127\246\056\011\304\272\375\232\317
+\247\037\100\303\273\314\132\012\125\113\073\070\166\121\270\143
+\213\204\224\026\346\126\363\002\003\001\000\001\243\102\060\100
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\035\006\003\125\035\016\004\026\004\024\376\253\000\220
+\230\236\044\374\251\314\032\212\373\047\270\277\060\156\250\073
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+\202\002\001\000\317\167\054\156\126\276\116\263\266\204\000\224
+\253\107\311\015\322\166\307\206\237\035\007\323\266\264\273\010
+\170\257\151\322\013\111\336\063\305\254\255\302\210\002\175\006
+\267\065\002\301\140\311\277\304\350\224\336\324\323\251\023\045
+\132\376\156\242\256\175\005\334\175\363\154\360\176\246\215\356
+\331\327\316\130\027\350\251\051\256\163\110\207\347\233\312\156
+\051\241\144\137\031\023\367\256\006\020\377\121\306\233\115\125
+\045\117\223\231\020\001\123\165\361\023\316\307\246\101\101\322
+\277\210\245\177\105\374\254\270\245\265\063\014\202\304\373\007
+\366\152\345\045\204\137\006\312\301\206\071\021\333\130\315\167
+\073\054\302\114\017\136\232\343\360\253\076\141\033\120\044\302
+\300\364\361\031\360\021\051\266\245\030\002\233\327\143\114\160
+\214\107\243\003\103\134\271\135\106\240\015\157\377\131\216\276
+\335\237\162\303\133\053\337\214\133\316\345\014\106\154\222\262
+\012\243\114\124\102\030\025\022\030\275\332\374\272\164\156\377
+\301\266\240\144\330\251\137\125\256\237\134\152\166\226\330\163
+\147\207\373\115\177\134\356\151\312\163\020\373\212\251\375\236
+\275\066\070\111\111\207\364\016\024\360\351\207\270\077\247\117
+\172\132\216\171\324\223\344\273\150\122\204\254\154\351\363\230
+\160\125\162\062\371\064\253\053\111\265\315\040\142\344\072\172
+\147\143\253\226\334\155\256\227\354\374\237\166\126\210\056\146
+\317\133\266\311\244\260\327\005\272\341\047\057\223\273\046\052
+\242\223\260\033\363\216\276\035\100\243\271\066\217\076\202\032
+\032\136\210\352\120\370\131\342\203\106\051\013\343\104\134\341
+\225\266\151\220\232\024\157\227\256\201\317\150\357\231\232\276
+\265\347\341\177\370\372\023\107\026\114\314\155\010\100\347\213
+\170\157\120\202\104\120\077\146\006\212\253\103\204\126\112\017
+\040\055\206\016\365\322\333\322\172\212\113\315\245\350\116\361
+\136\046\045\001\131\043\240\176\322\366\176\041\127\327\047\274
+\025\127\114\244\106\301\340\203\036\014\114\115\037\117\006\031
+\342\371\250\364\072\202\241\262\171\103\171\326\255\157\172\047
+\220\003\244\352\044\207\077\331\275\331\351\362\137\120\111\034
+\356\354\327\056
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Staat der Nederlanden EV Root CA"
+# Issuer: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000013 (0x98968d)
+# Subject: CN=Staat der Nederlanden EV Root CA,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Wed Dec 08 11:19:29 2010
+# Not Valid After : Thu Dec 08 11:10:28 2022
+# Fingerprint (SHA-256): 4D:24:91:41:4C:FE:95:67:46:EC:4C:EF:A6:CF:6F:72:E2:8A:13:29:43:2F:9D:8A:90:7A:C4:CB:5D:AD:C1:5A
+# Fingerprint (SHA1): 76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Staat der Nederlanden EV Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\166\342\176\301\117\333\202\301\300\246\165\265\005\276\075\051
+\264\355\333\273
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\374\006\257\173\350\032\361\232\264\350\322\160\037\300\365\272
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\036\060\034\006\003\125\004\012\014\025\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\061
+\051\060\047\006\003\125\004\003\014\040\123\164\141\141\164\040
+\144\145\162\040\116\145\144\145\162\154\141\156\144\145\156\040
+\105\126\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\000\230\226\215
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "IdenTrust Commercial Root CA 1"
+#
+# Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
+# Serial Number:0a:01:42:80:00:00:01:45:23:c8:44:b5:00:00:00:02
+# Subject: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
+# Not Valid Before: Thu Jan 16 18:12:23 2014
+# Not Valid After : Mon Jan 16 18:12:23 2034
+# Fingerprint (SHA-256): 5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE
+# Fingerprint (SHA1): DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "IdenTrust Commercial Root CA 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162
+\165\163\164\061\047\060\045\006\003\125\004\003\023\036\111\144
+\145\156\124\162\165\163\164\040\103\157\155\155\145\162\143\151
+\141\154\040\122\157\157\164\040\103\101\040\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162
+\165\163\164\061\047\060\045\006\003\125\004\003\023\036\111\144
+\145\156\124\162\165\163\164\040\103\157\155\155\145\162\143\151
+\141\154\040\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\012\001\102\200\000\000\001\105\043\310\104\265\000\000
+\000\002
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\140\060\202\003\110\240\003\002\001\002\002\020\012
+\001\102\200\000\000\001\105\043\310\104\265\000\000\000\002\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\112
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022\060
+\020\006\003\125\004\012\023\011\111\144\145\156\124\162\165\163
+\164\061\047\060\045\006\003\125\004\003\023\036\111\144\145\156
+\124\162\165\163\164\040\103\157\155\155\145\162\143\151\141\154
+\040\122\157\157\164\040\103\101\040\061\060\036\027\015\061\064
+\060\061\061\066\061\070\061\062\062\063\132\027\015\063\064\060
+\061\061\066\061\070\061\062\062\063\132\060\112\061\013\060\011
+\006\003\125\004\006\023\002\125\123\061\022\060\020\006\003\125
+\004\012\023\011\111\144\145\156\124\162\165\163\164\061\047\060
+\045\006\003\125\004\003\023\036\111\144\145\156\124\162\165\163
+\164\040\103\157\155\155\145\162\143\151\141\154\040\122\157\157
+\164\040\103\101\040\061\060\202\002\042\060\015\006\011\052\206
+\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060\202
+\002\012\002\202\002\001\000\247\120\031\336\077\231\075\324\063
+\106\361\157\121\141\202\262\251\117\217\147\211\135\204\331\123
+\335\014\050\331\327\360\377\256\225\103\162\231\371\265\135\174
+\212\301\102\341\061\120\164\321\201\015\174\315\233\041\253\103
+\342\254\255\136\206\156\363\011\212\037\132\062\275\242\353\224
+\371\350\134\012\354\377\230\322\257\161\263\264\123\237\116\207
+\357\222\274\275\354\117\062\060\210\113\027\136\127\304\123\302
+\366\002\227\215\331\142\053\277\044\037\142\215\337\303\270\051
+\113\111\170\074\223\140\210\042\374\231\332\066\310\302\242\324
+\054\124\000\147\065\156\163\277\002\130\360\244\335\345\260\242
+\046\172\312\340\066\245\031\026\365\375\267\357\256\077\100\365
+\155\132\004\375\316\064\312\044\334\164\043\033\135\063\023\022
+\135\304\001\045\366\060\335\002\135\237\340\325\107\275\264\353
+\033\241\273\111\111\330\237\133\002\363\212\344\044\220\344\142
+\117\117\301\257\213\016\164\027\250\321\162\210\152\172\001\111
+\314\264\106\171\306\027\261\332\230\036\007\131\372\165\041\205
+\145\335\220\126\316\373\253\245\140\235\304\235\371\122\260\213
+\275\207\371\217\053\043\012\043\166\073\367\063\341\311\000\363
+\151\371\113\242\340\116\274\176\223\071\204\007\367\104\160\176
+\376\007\132\345\261\254\321\030\314\362\065\345\111\111\010\312
+\126\311\075\373\017\030\175\213\073\301\023\302\115\217\311\117
+\016\067\351\037\241\016\152\337\142\056\313\065\006\121\171\054
+\310\045\070\364\372\113\247\211\134\234\322\343\015\071\206\112
+\164\174\325\131\207\302\077\116\014\134\122\364\075\367\122\202
+\361\352\243\254\375\111\064\032\050\363\101\210\072\023\356\350
+\336\377\231\035\137\272\313\350\036\362\271\120\140\300\061\323
+\163\345\357\276\240\355\063\013\164\276\040\040\304\147\154\360
+\010\003\172\125\200\177\106\116\226\247\364\036\076\341\366\330
+\011\341\063\144\053\143\327\062\136\237\371\300\173\017\170\157
+\227\274\223\232\371\234\022\220\170\172\200\207\025\327\162\164
+\234\125\164\170\261\272\341\156\160\004\272\117\240\272\150\303
+\173\377\061\360\163\075\075\224\052\261\013\101\016\240\376\115
+\210\145\153\171\063\264\327\002\003\001\000\001\243\102\060\100
+\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\035\006\003\125\035\016\004\026\004\024\355\104\031\300
+\323\360\006\213\356\244\173\276\102\347\046\124\310\216\066\166
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003
+\202\002\001\000\015\256\220\062\366\246\113\174\104\166\031\141
+\036\047\050\315\136\124\357\045\274\343\010\220\371\051\327\256
+\150\010\341\224\000\130\357\056\056\176\123\122\214\266\134\007
+\352\210\272\231\213\120\224\327\202\200\337\141\011\000\223\255
+\015\024\346\316\301\362\067\224\170\260\137\234\263\242\163\270
+\217\005\223\070\315\215\076\260\270\373\300\317\261\362\354\055
+\055\033\314\354\252\232\263\252\140\202\033\055\073\303\204\075
+\127\212\226\036\234\165\270\323\060\315\140\010\203\220\323\216
+\124\361\115\146\300\135\164\003\100\243\356\205\176\302\037\167
+\234\006\350\301\247\030\135\122\225\355\311\335\045\236\155\372
+\251\355\243\072\064\320\131\173\332\355\120\363\065\277\355\353
+\024\115\061\307\140\364\332\361\207\234\342\110\342\306\305\067
+\373\006\020\372\165\131\146\061\107\051\332\166\232\034\351\202
+\256\357\232\271\121\367\210\043\232\151\225\142\074\345\125\200
+\066\327\124\002\377\361\271\135\316\324\043\157\330\105\204\112
+\133\145\357\211\014\335\024\247\040\313\030\245\045\264\015\371
+\001\360\242\322\364\000\310\164\216\241\052\110\216\145\333\023
+\304\342\045\027\175\353\276\207\133\027\040\124\121\223\112\123
+\003\013\354\135\312\063\355\142\375\105\307\057\133\334\130\240
+\200\071\346\372\327\376\023\024\246\355\075\224\112\102\164\324
+\303\167\131\163\315\217\106\276\125\070\357\372\350\221\062\352
+\227\130\004\042\336\070\303\314\274\155\311\063\072\152\012\151
+\077\240\310\352\162\217\214\143\206\043\275\155\074\226\236\225
+\340\111\114\252\242\271\052\033\234\066\201\170\355\303\350\106
+\342\046\131\104\165\036\331\165\211\121\315\020\204\235\141\140
+\313\135\371\227\042\115\216\230\346\343\177\366\133\273\256\315
+\312\112\201\153\136\013\363\121\341\164\053\351\176\047\247\331
+\231\111\116\370\245\200\333\045\017\034\143\142\212\311\063\147
+\153\074\020\203\306\255\336\250\315\026\216\215\360\007\067\161
+\237\362\253\374\101\365\301\213\354\000\067\135\011\345\116\200
+\357\372\261\134\070\006\245\033\112\341\334\070\055\074\334\253
+\037\220\032\325\112\234\356\321\160\154\314\356\364\127\370\030
+\272\204\156\207
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "IdenTrust Commercial Root CA 1"
+# Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
+# Serial Number:0a:01:42:80:00:00:01:45:23:c8:44:b5:00:00:00:02
+# Subject: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
+# Not Valid Before: Thu Jan 16 18:12:23 2014
+# Not Valid After : Mon Jan 16 18:12:23 2034
+# Fingerprint (SHA-256): 5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE
+# Fingerprint (SHA1): DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "IdenTrust Commercial Root CA 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\337\161\176\252\112\331\116\311\125\204\231\140\055\110\336\137
+\274\360\072\045
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\263\076\167\163\165\356\240\323\343\176\111\143\111\131\273\307
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162
+\165\163\164\061\047\060\045\006\003\125\004\003\023\036\111\144
+\145\156\124\162\165\163\164\040\103\157\155\155\145\162\143\151
+\141\154\040\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\012\001\102\200\000\000\001\105\043\310\104\265\000\000
+\000\002
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "IdenTrust Public Sector Root CA 1"
+#
+# Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
+# Serial Number:0a:01:42:80:00:00:01:45:23:cf:46:7c:00:00:00:02
+# Subject: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
+# Not Valid Before: Thu Jan 16 17:53:32 2014
+# Not Valid After : Mon Jan 16 17:53:32 2034
+# Fingerprint (SHA-256): 30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F
+# Fingerprint (SHA1): BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "IdenTrust Public Sector Root CA 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162
+\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144
+\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123
+\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162
+\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144
+\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123
+\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\012\001\102\200\000\000\001\105\043\317\106\174\000\000
+\000\002
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\146\060\202\003\116\240\003\002\001\002\002\020\012
+\001\102\200\000\000\001\105\043\317\106\174\000\000\000\002\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\115
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\022\060
+\020\006\003\125\004\012\023\011\111\144\145\156\124\162\165\163
+\164\061\052\060\050\006\003\125\004\003\023\041\111\144\145\156
+\124\162\165\163\164\040\120\165\142\154\151\143\040\123\145\143
+\164\157\162\040\122\157\157\164\040\103\101\040\061\060\036\027
+\015\061\064\060\061\061\066\061\067\065\063\063\062\132\027\015
+\063\064\060\061\061\066\061\067\065\063\063\062\132\060\115\061
+\013\060\011\006\003\125\004\006\023\002\125\123\061\022\060\020
+\006\003\125\004\012\023\011\111\144\145\156\124\162\165\163\164
+\061\052\060\050\006\003\125\004\003\023\041\111\144\145\156\124
+\162\165\163\164\040\120\165\142\154\151\143\040\123\145\143\164
+\157\162\040\122\157\157\164\040\103\101\040\061\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\266\042\224
+\374\244\110\257\350\107\153\012\373\047\166\344\362\077\212\073
+\172\112\054\061\052\214\215\260\251\303\061\153\250\167\166\204
+\046\266\254\201\102\015\010\353\125\130\273\172\370\274\145\175
+\362\240\155\213\250\107\351\142\166\036\021\356\010\024\321\262
+\104\026\364\352\320\372\036\057\136\333\313\163\101\256\274\000
+\260\112\053\100\262\254\341\073\113\302\055\235\344\241\233\354
+\032\072\036\360\010\263\320\344\044\065\007\237\234\264\311\122
+\155\333\007\312\217\265\133\360\203\363\117\307\055\245\310\255
+\313\225\040\244\061\050\127\130\132\344\215\033\232\253\236\015
+\014\362\012\063\071\042\071\012\227\056\363\123\167\271\104\105
+\375\204\313\066\040\201\131\055\232\157\155\110\110\141\312\114
+\337\123\321\257\122\274\104\237\253\057\153\203\162\357\165\200
+\332\006\063\033\135\310\332\143\306\115\315\254\146\061\315\321
+\336\076\207\020\066\341\271\244\172\357\140\120\262\313\312\246
+\126\340\067\257\253\064\023\071\045\350\071\146\344\230\172\252
+\022\230\234\131\146\206\076\255\361\260\312\076\006\017\173\360
+\021\113\067\240\104\155\173\313\250\214\161\364\325\265\221\066
+\314\360\025\306\053\336\121\027\261\227\114\120\075\261\225\131
+\174\005\175\055\041\325\000\277\001\147\242\136\173\246\134\362
+\367\042\361\220\015\223\333\252\104\121\146\314\175\166\003\353
+\152\250\052\070\031\227\166\015\153\212\141\371\274\366\356\166
+\375\160\053\335\051\074\370\012\036\133\102\034\213\126\057\125
+\033\034\241\056\265\307\026\346\370\252\074\222\216\151\266\001
+\301\265\206\235\211\017\013\070\224\124\350\352\334\236\075\045
+\274\123\046\355\325\253\071\252\305\100\114\124\253\262\264\331
+\331\370\327\162\333\034\274\155\275\145\137\357\210\065\052\146
+\057\356\366\263\145\360\063\215\174\230\101\151\106\017\103\034
+\151\372\233\265\320\141\152\315\312\113\331\114\220\106\253\025
+\131\241\107\124\051\056\203\050\137\034\302\242\253\162\027\000
+\006\216\105\354\213\342\063\075\177\332\031\104\344\142\162\303
+\337\042\306\362\126\324\335\137\225\162\355\155\137\367\110\003
+\133\375\305\052\240\366\163\043\204\020\033\001\347\002\003\001
+\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\343\161\340\236\330\247\102\331\333\161\221\153\224\223
+\353\303\243\321\024\243\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\002\001\000\107\372\335\012\260\021
+\221\070\255\115\135\367\345\016\227\124\031\202\110\207\124\214
+\252\144\231\330\132\376\210\001\305\130\245\231\261\043\124\043
+\267\152\035\040\127\345\001\142\101\027\323\011\333\165\313\156
+\124\220\165\376\032\237\201\012\302\335\327\367\011\320\133\162
+\025\344\036\011\152\075\063\363\041\232\346\025\176\255\121\325
+\015\020\355\175\102\300\217\356\300\232\010\325\101\326\134\016
+\041\151\156\200\141\016\025\300\270\317\305\111\022\122\314\276
+\072\314\324\056\070\005\336\065\375\037\157\270\200\150\230\075
+\115\240\312\100\145\322\163\174\365\213\331\012\225\077\330\077
+\043\155\032\321\052\044\031\331\205\263\027\357\170\156\251\130
+\321\043\323\307\023\355\162\045\177\135\261\163\160\320\177\006
+\227\011\204\051\200\141\035\372\136\377\163\254\240\343\211\270
+\034\161\025\306\336\061\177\022\334\341\155\233\257\347\350\237
+\165\170\114\253\106\073\232\316\277\005\030\135\115\025\074\026
+\232\031\120\004\232\262\232\157\145\213\122\137\074\130\004\050
+\045\300\146\141\061\176\271\340\165\271\032\250\201\326\162\027
+\263\305\003\061\065\021\170\170\242\340\351\060\214\177\200\337
+\130\337\074\272\047\226\342\200\064\155\343\230\323\144\047\254
+\110\176\050\167\134\306\045\141\045\370\205\014\145\372\304\062
+\057\245\230\005\344\370\013\147\026\026\306\202\270\062\031\371
+\371\271\171\334\037\315\353\257\253\016\335\033\333\105\344\172
+\347\002\342\225\135\374\151\360\123\151\141\225\165\171\013\136
+\125\346\070\034\224\251\131\063\236\310\161\164\171\177\121\211
+\266\310\152\270\060\310\152\070\303\156\236\341\067\026\352\005
+\142\114\133\022\107\355\247\264\263\130\126\307\111\363\177\022
+\150\011\061\161\360\155\370\116\107\373\326\205\356\305\130\100
+\031\244\035\247\371\113\103\067\334\150\132\117\317\353\302\144
+\164\336\264\025\331\364\124\124\032\057\034\327\227\161\124\220
+\216\331\040\235\123\053\177\253\217\342\352\060\274\120\067\357
+\361\107\265\175\174\054\004\354\150\235\264\111\104\020\364\162
+\113\034\144\347\374\346\153\220\335\151\175\151\375\000\126\245
+\267\254\266\255\267\312\076\001\357\234
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "IdenTrust Public Sector Root CA 1"
+# Issuer: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
+# Serial Number:0a:01:42:80:00:00:01:45:23:cf:46:7c:00:00:00:02
+# Subject: CN=IdenTrust Public Sector Root CA 1,O=IdenTrust,C=US
+# Not Valid Before: Thu Jan 16 17:53:32 2014
+# Not Valid After : Mon Jan 16 17:53:32 2034
+# Fingerprint (SHA-256): 30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F
+# Fingerprint (SHA1): BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "IdenTrust Public Sector Root CA 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\272\051\101\140\167\230\077\364\363\357\362\061\005\073\056\352
+\155\115\105\375
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\067\006\245\260\374\211\235\272\364\153\214\032\144\315\325\272
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\115\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\022\060\020\006\003\125\004\012\023\011\111\144\145\156\124\162
+\165\163\164\061\052\060\050\006\003\125\004\003\023\041\111\144
+\145\156\124\162\165\163\164\040\120\165\142\154\151\143\040\123
+\145\143\164\157\162\040\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\012\001\102\200\000\000\001\105\043\317\106\174\000\000
+\000\002
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "S-TRUST Universal Root CA"
+#
+# Issuer: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE
+# Serial Number:60:56:c5:4b:23:40:5b:64:d4:ed:25:da:d9:d6:1e:1e
+# Subject: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE
+# Not Valid Before: Tue Oct 22 00:00:00 2013
+# Not Valid After : Thu Oct 21 23:59:59 2038
+# Fingerprint (SHA-256): D8:0F:EF:91:0A:E3:F1:04:72:3B:04:5C:EC:2D:01:9F:44:1C:E6:21:3A:DF:15:67:91:E7:0C:17:90:11:0A:31
+# Fingerprint (SHA1): 1B:3D:11:14:EA:7A:0F:95:58:54:41:95:BF:6B:25:82:AB:40:CE:9A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "S-TRUST Universal Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163
+\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040
+\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006
+\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166
+\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123
+\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154
+\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163
+\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040
+\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006
+\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166
+\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123
+\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154
+\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\140\126\305\113\043\100\133\144\324\355\045\332\331\326
+\036\036
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\330\060\202\002\300\240\003\002\001\002\002\020\140
+\126\305\113\043\100\133\144\324\355\045\332\331\326\036\036\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
+\205\061\013\060\011\006\003\125\004\006\023\002\104\105\061\051
+\060\047\006\003\125\004\012\023\040\104\145\165\164\163\143\150
+\145\162\040\123\160\141\162\153\141\163\163\145\156\040\126\145
+\162\154\141\147\040\107\155\142\110\061\047\060\045\006\003\125
+\004\013\023\036\123\055\124\122\125\123\124\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\123\145\162\166\151\143
+\145\163\061\042\060\040\006\003\125\004\003\023\031\123\055\124
+\122\125\123\124\040\125\156\151\166\145\162\163\141\154\040\122
+\157\157\164\040\103\101\060\036\027\015\061\063\061\060\062\062
+\060\060\060\060\060\060\132\027\015\063\070\061\060\062\061\062
+\063\065\071\065\071\132\060\201\205\061\013\060\011\006\003\125
+\004\006\023\002\104\105\061\051\060\047\006\003\125\004\012\023
+\040\104\145\165\164\163\143\150\145\162\040\123\160\141\162\153
+\141\163\163\145\156\040\126\145\162\154\141\147\040\107\155\142
+\110\061\047\060\045\006\003\125\004\013\023\036\123\055\124\122
+\125\123\124\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\123\145\162\166\151\143\145\163\061\042\060\040\006\003
+\125\004\003\023\031\123\055\124\122\125\123\124\040\125\156\151
+\166\145\162\163\141\154\040\122\157\157\164\040\103\101\060\202
+\001\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\001\017\000\060\202\001\012\002\202\001\001\000\250
+\343\013\337\021\067\205\202\232\265\154\146\174\141\077\300\107
+\032\035\106\343\260\125\144\345\270\202\071\050\007\176\027\377
+\364\233\212\360\221\201\352\070\077\041\170\154\110\354\153\057
+\242\323\212\162\262\247\327\331\352\177\264\300\111\153\060\045
+\211\214\353\267\325\100\141\230\342\334\074\040\222\315\145\112
+\162\237\032\216\214\372\045\025\277\363\041\203\050\015\213\257
+\131\021\202\103\134\233\115\045\121\177\130\030\143\140\073\263
+\265\212\213\130\143\067\110\110\220\104\302\100\335\135\367\103
+\151\051\230\134\022\145\136\253\220\222\113\146\337\325\165\022
+\123\124\030\246\336\212\326\273\127\003\071\131\231\030\005\014
+\371\375\025\306\220\144\106\027\202\327\302\112\101\075\375\000
+\276\127\162\030\224\167\033\123\132\211\001\366\063\162\016\223
+\072\334\350\036\375\005\005\326\274\163\340\210\334\253\117\354
+\265\030\206\117\171\204\016\110\052\146\052\335\062\310\170\145
+\310\013\235\130\001\005\161\355\201\365\150\027\156\313\015\264
+\113\330\241\354\256\070\353\034\130\057\241\145\003\064\057\002
+\003\001\000\001\243\102\060\100\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016
+\004\026\004\024\232\175\327\353\353\177\124\230\105\051\264\040
+\253\155\013\226\043\031\244\302\060\015\006\011\052\206\110\206
+\367\015\001\001\013\005\000\003\202\001\001\000\116\226\022\333
+\176\167\136\222\047\236\041\027\030\202\166\330\077\274\245\011
+\004\146\210\211\255\333\125\263\063\152\306\145\304\217\115\363
+\062\066\334\171\004\226\251\167\062\321\227\365\030\153\214\272
+\355\316\021\320\104\307\222\361\264\104\216\355\210\122\110\236
+\325\375\131\370\243\036\121\373\001\122\345\137\345\172\335\252
+\044\117\042\213\335\166\106\366\245\240\017\065\330\312\017\230
+\271\060\135\040\157\302\201\036\275\275\300\376\025\323\070\052
+\011\223\230\047\033\223\173\320\053\064\136\150\245\025\117\321
+\122\303\240\312\240\203\105\035\365\365\267\131\163\135\131\001
+\217\252\302\107\057\024\161\325\051\343\020\265\107\223\045\314
+\043\051\332\267\162\330\221\324\354\033\110\212\042\344\301\052
+\367\072\150\223\237\105\031\156\103\267\314\376\270\221\232\141
+\032\066\151\143\144\222\050\363\157\141\222\205\023\237\311\007
+\054\213\127\334\353\236\171\325\302\336\010\325\124\262\127\116
+\052\062\215\241\342\072\321\020\040\042\071\175\064\105\157\161
+\073\303\035\374\377\262\117\250\342\366\060\036
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "S-TRUST Universal Root CA"
+# Issuer: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE
+# Serial Number:60:56:c5:4b:23:40:5b:64:d4:ed:25:da:d9:d6:1e:1e
+# Subject: CN=S-TRUST Universal Root CA,OU=S-TRUST Certification Services,O=Deutscher Sparkassen Verlag GmbH,C=DE
+# Not Valid Before: Tue Oct 22 00:00:00 2013
+# Not Valid After : Thu Oct 21 23:59:59 2038
+# Fingerprint (SHA-256): D8:0F:EF:91:0A:E3:F1:04:72:3B:04:5C:EC:2D:01:9F:44:1C:E6:21:3A:DF:15:67:91:E7:0C:17:90:11:0A:31
+# Fingerprint (SHA1): 1B:3D:11:14:EA:7A:0F:95:58:54:41:95:BF:6B:25:82:AB:40:CE:9A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "S-TRUST Universal Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\033\075\021\024\352\172\017\225\130\124\101\225\277\153\045\202
+\253\100\316\232
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\130\366\101\001\256\365\133\121\231\116\134\041\350\117\324\146
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\205\061\013\060\011\006\003\125\004\006\023\002\104\105
+\061\051\060\047\006\003\125\004\012\023\040\104\145\165\164\163
+\143\150\145\162\040\123\160\141\162\153\141\163\163\145\156\040
+\126\145\162\154\141\147\040\107\155\142\110\061\047\060\045\006
+\003\125\004\013\023\036\123\055\124\122\125\123\124\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\123\145\162\166
+\151\143\145\163\061\042\060\040\006\003\125\004\003\023\031\123
+\055\124\122\125\123\124\040\125\156\151\166\145\162\163\141\154
+\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\140\126\305\113\043\100\133\144\324\355\045\332\331\326
+\036\036
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Entrust Root Certification Authority - G2"
+#
+# Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number: 1246989352 (0x4a538c28)
+# Subject: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Tue Jul 07 17:25:54 2009
+# Not Valid After : Sat Dec 07 17:55:54 2030
+# Fingerprint (SHA-256): 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
+# Fingerprint (SHA1): 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\112\123\214\050
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\076\060\202\003\046\240\003\002\001\002\002\004\112
+\123\214\050\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\201\276\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\026\060\024\006\003\125\004\012\023\015\105\156\164
+\162\165\163\164\054\040\111\156\143\056\061\050\060\046\006\003
+\125\004\013\023\037\123\145\145\040\167\167\167\056\145\156\164
+\162\165\163\164\056\156\145\164\057\154\145\147\141\154\055\164
+\145\162\155\163\061\071\060\067\006\003\125\004\013\023\060\050
+\143\051\040\062\060\060\071\040\105\156\164\162\165\163\164\054
+\040\111\156\143\056\040\055\040\146\157\162\040\141\165\164\150
+\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061
+\062\060\060\006\003\125\004\003\023\051\105\156\164\162\165\163
+\164\040\122\157\157\164\040\103\145\162\164\151\146\151\143\141
+\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055
+\040\107\062\060\036\027\015\060\071\060\067\060\067\061\067\062
+\065\065\064\132\027\015\063\060\061\062\060\067\061\067\065\065
+\065\064\132\060\201\276\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\026\060\024\006\003\125\004\012\023\015\105\156
+\164\162\165\163\164\054\040\111\156\143\056\061\050\060\046\006
+\003\125\004\013\023\037\123\145\145\040\167\167\167\056\145\156
+\164\162\165\163\164\056\156\145\164\057\154\145\147\141\154\055
+\164\145\162\155\163\061\071\060\067\006\003\125\004\013\023\060
+\050\143\051\040\062\060\060\071\040\105\156\164\162\165\163\164
+\054\040\111\156\143\056\040\055\040\146\157\162\040\141\165\164
+\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171
+\061\062\060\060\006\003\125\004\003\023\051\105\156\164\162\165
+\163\164\040\122\157\157\164\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040
+\055\040\107\062\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\272\204\266\162\333\236\014\153\342\231\351
+\060\001\247\166\352\062\270\225\101\032\311\332\141\116\130\162
+\317\376\366\202\171\277\163\141\006\012\245\047\330\263\137\323
+\105\116\034\162\326\116\062\362\162\212\017\367\203\031\320\152
+\200\200\000\105\036\260\307\347\232\277\022\127\047\034\243\150
+\057\012\207\275\152\153\016\136\145\363\034\167\325\324\205\215
+\160\041\264\263\062\347\213\242\325\206\071\002\261\270\322\107
+\316\344\311\111\304\073\247\336\373\124\175\127\276\360\350\156
+\302\171\262\072\013\125\342\120\230\026\062\023\134\057\170\126
+\301\302\224\263\362\132\344\047\232\237\044\327\306\354\320\233
+\045\202\343\314\302\304\105\305\214\227\172\006\153\052\021\237
+\251\012\156\110\073\157\333\324\021\031\102\367\217\007\277\365
+\123\137\234\076\364\027\054\346\151\254\116\062\114\142\167\352
+\267\350\345\273\064\274\031\213\256\234\121\347\267\176\265\123
+\261\063\042\345\155\317\160\074\032\372\342\233\147\266\203\364
+\215\245\257\142\114\115\340\130\254\144\064\022\003\370\266\215
+\224\143\044\244\161\002\003\001\000\001\243\102\060\100\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\152\162\046\172\320\036
+\357\175\347\073\151\121\324\154\215\237\220\022\146\253\060\015
+\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001
+\001\000\171\237\035\226\306\266\171\077\042\215\207\323\207\003
+\004\140\152\153\232\056\131\211\163\021\254\103\321\365\023\377
+\215\071\053\300\362\275\117\160\214\251\057\352\027\304\013\124
+\236\324\033\226\230\063\074\250\255\142\242\000\166\253\131\151
+\156\006\035\176\304\271\104\215\230\257\022\324\141\333\012\031
+\106\107\363\353\367\143\301\100\005\100\245\322\267\364\265\232
+\066\277\251\210\166\210\004\125\004\053\234\207\177\032\067\074
+\176\055\245\032\330\324\211\136\312\275\254\075\154\330\155\257
+\325\363\166\017\315\073\210\070\042\235\154\223\232\304\075\277
+\202\033\145\077\246\017\135\252\374\345\262\025\312\265\255\306
+\274\075\320\204\350\352\006\162\260\115\071\062\170\277\076\021
+\234\013\244\235\232\041\363\360\233\013\060\170\333\301\334\207
+\103\376\274\143\232\312\305\302\034\311\307\215\377\073\022\130
+\010\346\266\075\354\172\054\116\373\203\226\316\014\074\151\207
+\124\163\244\163\302\223\377\121\020\254\025\124\001\330\374\005
+\261\211\241\177\164\203\232\111\327\334\116\173\212\110\157\213
+\105\366
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Entrust Root Certification Authority - G2"
+# Issuer: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number: 1246989352 (0x4a538c28)
+# Subject: CN=Entrust Root Certification Authority - G2,OU="(c) 2009 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Tue Jul 07 17:25:54 2009
+# Not Valid After : Sat Dec 07 17:55:54 2030
+# Fingerprint (SHA-256): 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
+# Fingerprint (SHA1): 8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\214\364\047\375\171\014\072\321\146\006\215\350\036\127\357\273
+\223\042\162\324
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\113\342\311\221\226\145\014\364\016\132\223\222\240\012\376\262
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\276\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\060\071\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\062\060
+\060\006\003\125\004\003\023\051\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
+\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\112\123\214\050
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Entrust Root Certification Authority - EC1"
+#
+# Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number:00:a6:8b:79:29:00:00:00:00:50:d0:91:f9
+# Subject: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Tue Dec 18 15:25:36 2012
+# Not Valid After : Fri Dec 18 15:55:36 2037
+# Fingerprint (SHA-256): 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
+# Fingerprint (SHA1): 20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - EC1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\277\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\062\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\063\060
+\061\006\003\125\004\003\023\052\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\105
+\103\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\062\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\063\060
+\061\006\003\125\004\003\023\052\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\105
+\103\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\015\000\246\213\171\051\000\000\000\000\120\320\221\371
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\371\060\202\002\200\240\003\002\001\002\002\015\000
+\246\213\171\051\000\000\000\000\120\320\221\371\060\012\006\010
+\052\206\110\316\075\004\003\003\060\201\277\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004
+\012\023\015\105\156\164\162\165\163\164\054\040\111\156\143\056
+\061\050\060\046\006\003\125\004\013\023\037\123\145\145\040\167
+\167\167\056\145\156\164\162\165\163\164\056\156\145\164\057\154
+\145\147\141\154\055\164\145\162\155\163\061\071\060\067\006\003
+\125\004\013\023\060\050\143\051\040\062\060\061\062\040\105\156
+\164\162\165\163\164\054\040\111\156\143\056\040\055\040\146\157
+\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163\145
+\040\157\156\154\171\061\063\060\061\006\003\125\004\003\023\052
+\105\156\164\162\165\163\164\040\122\157\157\164\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\055\040\105\103\061\060\036\027\015\061\062
+\061\062\061\070\061\065\062\065\063\066\132\027\015\063\067\061
+\062\061\070\061\065\065\065\063\066\132\060\201\277\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003
+\125\004\012\023\015\105\156\164\162\165\163\164\054\040\111\156
+\143\056\061\050\060\046\006\003\125\004\013\023\037\123\145\145
+\040\167\167\167\056\145\156\164\162\165\163\164\056\156\145\164
+\057\154\145\147\141\154\055\164\145\162\155\163\061\071\060\067
+\006\003\125\004\013\023\060\050\143\051\040\062\060\061\062\040
+\105\156\164\162\165\163\164\054\040\111\156\143\056\040\055\040
+\146\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165
+\163\145\040\157\156\154\171\061\063\060\061\006\003\125\004\003
+\023\052\105\156\164\162\165\163\164\040\122\157\157\164\040\103
+\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
+\150\157\162\151\164\171\040\055\040\105\103\061\060\166\060\020
+\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042
+\003\142\000\004\204\023\311\320\272\155\101\173\342\154\320\353
+\125\137\146\002\032\044\364\133\211\151\107\343\270\302\175\361
+\362\002\305\237\240\366\133\325\213\006\031\206\117\123\020\155
+\007\044\047\241\240\370\325\107\031\141\114\175\312\223\047\352
+\164\014\357\157\226\011\376\143\354\160\135\066\255\147\167\256
+\311\235\174\125\104\072\242\143\121\037\365\343\142\324\251\107
+\007\076\314\040\243\102\060\100\060\016\006\003\125\035\017\001
+\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016
+\004\026\004\024\267\143\347\032\335\215\351\010\246\125\203\244
+\340\152\120\101\145\021\102\111\060\012\006\010\052\206\110\316
+\075\004\003\003\003\147\000\060\144\002\060\141\171\330\345\102
+\107\337\034\256\123\231\027\266\157\034\175\341\277\021\224\321
+\003\210\165\344\215\211\244\212\167\106\336\155\141\357\002\365
+\373\265\337\314\376\116\377\376\251\346\247\002\060\133\231\327
+\205\067\006\265\173\010\375\353\047\213\112\224\371\341\372\247
+\216\046\010\350\174\222\150\155\163\330\157\046\254\041\002\270
+\231\267\046\101\133\045\140\256\320\110\032\356\006
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Entrust Root Certification Authority - EC1"
+# Issuer: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Serial Number:00:a6:8b:79:29:00:00:00:00:50:d0:91:f9
+# Subject: CN=Entrust Root Certification Authority - EC1,OU="(c) 2012 Entrust, Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="Entrust, Inc.",C=US
+# Not Valid Before: Tue Dec 18 15:25:36 2012
+# Not Valid After : Fri Dec 18 15:55:36 2037
+# Fingerprint (SHA-256): 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
+# Fingerprint (SHA1): 20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Entrust Root Certification Authority - EC1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\040\330\006\100\337\233\045\365\022\045\072\021\352\367\131\212
+\353\024\265\107
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\266\176\035\360\130\305\111\154\044\073\075\355\230\030\355\274
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\277\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\026\060\024\006\003\125\004\012\023\015\105\156\164\162\165
+\163\164\054\040\111\156\143\056\061\050\060\046\006\003\125\004
+\013\023\037\123\145\145\040\167\167\167\056\145\156\164\162\165
+\163\164\056\156\145\164\057\154\145\147\141\154\055\164\145\162
+\155\163\061\071\060\067\006\003\125\004\013\023\060\050\143\051
+\040\062\060\061\062\040\105\156\164\162\165\163\164\054\040\111
+\156\143\056\040\055\040\146\157\162\040\141\165\164\150\157\162
+\151\172\145\144\040\165\163\145\040\157\156\154\171\061\063\060
+\061\006\003\125\004\003\023\052\105\156\164\162\165\163\164\040
+\122\157\157\164\040\103\145\162\164\151\146\151\143\141\164\151
+\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\105
+\103\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\015\000\246\213\171\051\000\000\000\000\120\320\221\371
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CFCA EV ROOT"
+#
+# Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN
+# Serial Number: 407555286 (0x184accd6)
+# Subject: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN
+# Not Valid Before: Wed Aug 08 03:07:01 2012
+# Not Valid After : Mon Dec 31 03:07:01 2029
+# Fingerprint (SHA-256): 5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD
+# Fingerprint (SHA1): E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CFCA EV ROOT"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040
+\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101
+\040\105\126\040\122\117\117\124
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040
+\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101
+\040\105\126\040\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\030\112\314\326
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\215\060\202\003\165\240\003\002\001\002\002\004\030
+\112\314\326\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\126\061\013\060\011\006\003\125\004\006\023\002\103
+\116\061\060\060\056\006\003\125\004\012\014\047\103\150\151\156
+\141\040\106\151\156\141\156\143\151\141\154\040\103\145\162\164
+\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162
+\151\164\171\061\025\060\023\006\003\125\004\003\014\014\103\106
+\103\101\040\105\126\040\122\117\117\124\060\036\027\015\061\062
+\060\070\060\070\060\063\060\067\060\061\132\027\015\062\071\061
+\062\063\061\060\063\060\067\060\061\132\060\126\061\013\060\011
+\006\003\125\004\006\023\002\103\116\061\060\060\056\006\003\125
+\004\012\014\047\103\150\151\156\141\040\106\151\156\141\156\143
+\151\141\154\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\061\025\060\023\006
+\003\125\004\003\014\014\103\106\103\101\040\105\126\040\122\117
+\117\124\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\327\135\153\315\020\077\037\005\131\325\005\115\067
+\261\016\354\230\053\216\025\035\372\223\113\027\202\041\161\020
+\122\327\121\144\160\026\302\125\151\115\216\025\155\237\277\014
+\033\302\340\243\147\326\014\254\317\042\256\257\167\124\052\113
+\114\212\123\122\172\303\356\056\336\263\161\045\301\351\135\075
+\356\241\057\243\367\052\074\311\043\035\152\253\035\241\247\361
+\363\354\240\325\104\317\025\317\162\057\035\143\227\350\231\371
+\375\223\244\124\200\114\122\324\122\253\056\111\337\220\315\270
+\137\276\077\336\241\312\115\040\324\045\350\204\051\123\267\261
+\210\037\377\372\332\220\237\012\251\055\101\077\261\361\030\051
+\356\026\131\054\064\111\032\250\006\327\250\210\322\003\162\172
+\062\342\352\150\115\156\054\226\145\173\312\131\372\362\342\335
+\356\060\054\373\314\106\254\304\143\353\157\177\066\053\064\163
+\022\224\177\337\314\046\236\361\162\135\120\145\131\217\151\263
+\207\136\062\157\303\030\212\265\225\217\260\172\067\336\132\105
+\073\307\066\341\357\147\321\071\323\227\133\163\142\031\110\055
+\207\034\006\373\164\230\040\111\163\360\005\322\033\261\240\243
+\267\033\160\323\210\151\271\132\326\070\364\142\334\045\213\170
+\277\370\350\176\270\134\311\225\117\137\247\055\271\040\153\317
+\153\335\365\015\364\202\267\364\262\146\056\020\050\366\227\132
+\173\226\026\217\001\031\055\154\156\177\071\130\006\144\203\001
+\203\203\303\115\222\335\062\306\207\244\067\351\026\316\252\055
+\150\257\012\201\145\072\160\301\233\255\115\155\124\312\052\055
+\113\205\033\263\200\346\160\105\015\153\136\065\360\177\073\270
+\234\344\004\160\211\022\045\223\332\012\231\042\140\152\143\140
+\116\166\006\230\116\275\203\255\035\130\212\045\205\322\307\145
+\036\055\216\306\337\266\306\341\177\212\004\041\025\051\164\360
+\076\234\220\235\014\056\361\212\076\132\252\014\011\036\307\325
+\074\243\355\227\303\036\064\372\070\371\010\016\343\300\135\053
+\203\321\126\152\311\266\250\124\123\056\170\062\147\075\202\177
+\164\320\373\341\266\005\140\271\160\333\216\013\371\023\130\157
+\161\140\020\122\020\271\301\101\011\357\162\037\147\061\170\377
+\226\005\215\002\003\001\000\001\243\143\060\141\060\037\006\003
+\125\035\043\004\030\060\026\200\024\343\376\055\375\050\320\013
+\265\272\266\242\304\277\006\252\005\214\223\373\057\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035
+\006\003\125\035\016\004\026\004\024\343\376\055\375\050\320\013
+\265\272\266\242\304\277\006\252\005\214\223\373\057\060\015\006
+\011\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001
+\000\045\306\272\153\353\207\313\336\202\071\226\075\360\104\247
+\153\204\163\003\336\235\053\117\272\040\177\274\170\262\317\227
+\260\033\234\363\327\171\056\365\110\266\322\373\027\210\346\323
+\172\077\355\123\023\320\342\057\152\171\313\000\043\050\346\036
+\067\127\065\211\204\302\166\117\064\066\255\147\303\316\101\006
+\210\305\367\356\330\032\270\326\013\177\120\377\223\252\027\113
+\214\354\355\122\140\262\244\006\352\116\353\364\153\031\375\353
+\365\032\340\045\052\232\334\307\101\066\367\310\164\005\204\071
+\225\071\326\013\073\244\047\372\010\330\134\036\370\004\140\122
+\021\050\050\003\377\357\123\146\000\245\112\064\026\146\174\375
+\011\244\256\236\147\032\157\101\013\153\006\023\233\217\206\161
+\005\264\057\215\211\146\063\051\166\124\232\021\370\047\372\262
+\077\221\340\316\015\033\363\060\032\255\277\042\135\033\323\277
+\045\005\115\341\222\032\177\231\237\074\104\223\312\324\100\111
+\154\200\207\327\004\072\303\062\122\065\016\126\370\245\335\175
+\304\213\015\021\037\123\313\036\262\027\266\150\167\132\340\324
+\313\310\007\256\365\072\056\216\067\267\320\001\113\103\051\167
+\214\071\227\217\202\132\370\121\345\211\240\030\347\150\177\135
+\012\056\373\243\107\016\075\246\043\172\306\001\307\217\310\136
+\277\155\200\126\276\212\044\272\063\352\237\341\062\021\236\361
+\322\117\200\366\033\100\257\070\236\021\120\171\163\022\022\315
+\346\154\235\054\210\162\074\060\201\006\221\042\352\131\255\332
+\031\056\042\302\215\271\214\207\340\146\274\163\043\137\041\144
+\143\200\110\365\240\074\030\075\224\310\110\101\035\100\272\136
+\376\376\126\071\241\310\317\136\236\031\144\106\020\332\027\221
+\267\005\200\254\213\231\222\175\347\242\330\007\013\066\047\347
+\110\171\140\212\303\327\023\134\370\162\100\337\112\313\317\231
+\000\012\000\013\021\225\332\126\105\003\210\012\237\147\320\325
+\171\261\250\215\100\155\015\302\172\100\372\363\137\144\107\222
+\313\123\271\273\131\316\117\375\320\025\123\001\330\337\353\331
+\346\166\357\320\043\273\073\251\171\263\325\002\051\315\211\243
+\226\017\112\065\347\116\102\300\165\315\007\317\346\054\353\173
+\056
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "CFCA EV ROOT"
+# Issuer: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN
+# Serial Number: 407555286 (0x184accd6)
+# Subject: CN=CFCA EV ROOT,O=China Financial Certification Authority,C=CN
+# Not Valid Before: Wed Aug 08 03:07:01 2012
+# Not Valid After : Mon Dec 31 03:07:01 2029
+# Fingerprint (SHA-256): 5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD
+# Fingerprint (SHA1): E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CFCA EV ROOT"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\342\270\051\113\125\204\253\153\130\302\220\106\154\254\077\270
+\071\217\204\203
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\164\341\266\355\046\172\172\104\060\063\224\253\173\047\201\060
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\126\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\060\060\056\006\003\125\004\012\014\047\103\150\151\156\141\040
+\106\151\156\141\156\143\151\141\154\040\103\145\162\164\151\146
+\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
+\171\061\025\060\023\006\003\125\004\003\014\014\103\106\103\101
+\040\105\126\040\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\030\112\314\326
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Explicitly Distrusted MCSHOLDING CA"
+#
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079246 (0x4933008e)
+# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
+# Not Valid Before: Thu Mar 19 06:20:09 2015
+# Not Valid After : Fri Apr 03 06:20:09 2015
+# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
+# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\074\061\013\060\011\006\003\125\004\006\023\002\105\107\061
+\023\060\021\006\003\125\004\012\014\012\115\103\123\110\117\114
+\104\111\116\107\061\030\060\026\006\003\125\004\003\014\017\115
+\103\123\110\117\114\104\111\116\107\040\124\105\123\124
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\216
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\222\060\202\003\172\240\003\002\001\002\002\004\111
+\063\000\216\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\062\061\013\060\011\006\003\125\004\006\023\002\103
+\116\061\016\060\014\006\003\125\004\012\023\005\103\116\116\111
+\103\061\023\060\021\006\003\125\004\003\023\012\103\116\116\111
+\103\040\122\117\117\124\060\036\027\015\061\065\060\063\061\071
+\060\066\062\060\060\071\132\027\015\061\065\060\064\060\063\060
+\066\062\060\060\071\132\060\074\061\013\060\011\006\003\125\004
+\006\023\002\105\107\061\023\060\021\006\003\125\004\012\014\012
+\115\103\123\110\117\114\104\111\116\107\061\030\060\026\006\003
+\125\004\003\014\017\115\103\123\110\117\114\104\111\116\107\040
+\124\105\123\124\060\202\001\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
+\002\202\001\001\000\245\371\165\014\006\256\356\014\021\315\226
+\063\115\153\316\300\112\014\075\135\353\322\113\011\177\347\107
+\054\254\161\000\371\010\257\064\361\243\152\307\374\346\253\316
+\320\276\312\315\052\230\230\271\320\216\063\111\007\141\040\321
+\132\064\316\203\024\006\171\216\032\277\333\344\240\070\072\356
+\224\271\243\240\130\072\211\024\254\140\076\003\324\307\315\073
+\034\260\232\210\032\111\020\251\260\262\375\345\350\341\004\342
+\352\202\155\376\014\121\105\221\255\165\042\256\377\117\220\013
+\300\123\145\167\076\036\302\126\265\066\306\326\205\314\016\203
+\032\063\037\166\231\133\053\227\053\213\327\321\024\025\114\235
+\131\327\200\057\244\242\205\325\210\066\002\140\125\312\130\337
+\223\374\112\142\007\226\323\304\372\277\215\001\047\227\057\246
+\134\164\361\072\102\156\135\171\024\060\061\032\074\331\262\127
+\115\340\270\077\017\151\061\242\235\145\231\331\326\061\207\265
+\230\046\337\360\313\273\025\300\044\023\142\122\032\153\313\105
+\007\227\343\304\224\136\311\015\107\054\351\317\351\364\217\376
+\065\341\062\347\061\002\003\001\000\001\243\202\001\244\060\202
+\001\240\060\166\006\010\053\006\001\005\005\007\001\001\004\152
+\060\150\060\051\006\010\053\006\001\005\005\007\060\001\206\035
+\150\164\164\160\072\057\057\157\143\163\160\143\156\156\151\143
+\162\157\157\164\056\143\156\156\151\143\056\143\156\060\073\006
+\010\053\006\001\005\005\007\060\002\206\057\150\164\164\160\072
+\057\057\167\167\167\056\143\156\156\151\143\056\143\156\057\144
+\157\167\156\154\157\141\144\057\143\145\162\164\057\103\116\116
+\111\103\122\117\117\124\056\143\145\162\060\037\006\003\125\035
+\043\004\030\060\026\200\024\145\362\061\255\052\367\367\335\122
+\226\012\307\002\301\016\357\246\325\073\021\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\077\006\003
+\125\035\040\004\070\060\066\060\064\006\012\053\006\001\004\001
+\201\351\014\001\006\060\046\060\044\006\010\053\006\001\005\005
+\007\002\001\026\030\150\164\164\160\072\057\057\167\167\167\056
+\143\156\156\151\143\056\143\156\057\143\160\163\057\060\201\206
+\006\003\125\035\037\004\177\060\175\060\102\240\100\240\076\244
+\074\060\072\061\013\060\011\006\003\125\004\006\023\002\103\116
+\061\016\060\014\006\003\125\004\012\014\005\103\116\116\111\103
+\061\014\060\012\006\003\125\004\013\014\003\143\162\154\061\015
+\060\013\006\003\125\004\003\014\004\143\162\154\061\060\067\240
+\065\240\063\206\061\150\164\164\160\072\057\057\143\162\154\056
+\143\156\156\151\143\056\143\156\057\144\157\167\156\154\157\141
+\144\057\162\157\157\164\163\150\141\062\143\162\154\057\103\122
+\114\061\056\143\162\154\060\013\006\003\125\035\017\004\004\003
+\002\001\006\060\035\006\003\125\035\016\004\026\004\024\104\244
+\211\253\024\137\075\157\040\074\252\174\372\031\256\364\110\140
+\005\265\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\003\202\001\001\000\134\264\365\123\233\117\271\340\204\211
+\061\276\236\056\352\236\041\113\245\217\155\241\246\363\057\110
+\353\351\333\255\036\061\200\320\171\073\020\357\232\044\367\223
+\033\065\363\032\302\307\302\054\012\177\157\133\361\137\163\221
+\004\373\015\171\015\351\032\006\326\203\375\116\140\235\154\222
+\103\114\352\144\230\104\253\327\373\107\320\257\037\144\114\342
+\335\167\150\026\302\054\241\240\201\227\000\102\037\176\040\170
+\350\306\120\035\013\177\025\223\131\130\100\024\204\360\247\220
+\153\066\005\147\352\177\042\155\273\321\245\046\115\263\060\244
+\130\324\133\265\032\214\120\214\270\015\341\240\007\263\017\130
+\316\327\005\265\175\065\171\157\242\333\014\000\052\150\044\214
+\176\234\301\166\111\272\174\146\021\336\362\107\316\376\320\316
+\125\276\010\332\362\171\046\052\025\071\316\153\030\246\337\330
+\207\050\231\224\016\055\150\241\232\316\122\066\234\053\354\264
+\150\263\154\025\254\313\160\102\362\304\101\245\310\374\041\170
+\123\167\062\040\251\041\114\162\342\323\262\311\166\033\030\130
+\102\013\102\222\263\344
+END
+
+# Distrust "Explicitly Distrusted MCSHOLDING CA"
+# Issuer: CN=CNNIC ROOT,O=CNNIC,C=CN
+# Serial Number: 1228079246 (0x4933008e)
+# Subject: CN=MCSHOLDING TEST,O=MCSHOLDING,C=EG
+# Not Valid Before: Thu Mar 19 06:20:09 2015
+# Not Valid After : Fri Apr 03 06:20:09 2015
+# Fingerprint (SHA-256): 27:40:D9:56:B1:12:7B:79:1A:A1:B3:CC:64:4A:4D:BE:DB:A7:61:86:A2:36:38:B9:51:02:35:1A:83:4E:A8:61
+# Fingerprint (SHA1): E1:F3:59:1E:76:98:65:C4:E4:47:AC:C3:7E:AF:C9:E2:BF:E4:C5:76
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Explicitly Distrusted MCSHOLDING CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\341\363\131\036\166\230\145\304\344\107\254\303\176\257\311\342
+\277\344\305\166
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\366\212\253\024\076\326\060\045\267\111\015\167\205\160\231\313
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\062\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\016\060\014\006\003\125\004\012\023\005\103\116\116\111\103\061
+\023\060\021\006\003\125\004\003\023\012\103\116\116\111\103\040
+\122\117\117\124
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\004\111\063\000\216
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+#
+# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:00:8e:17:fe:24:20:81
+# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Tue Apr 30 08:07:01 2013
+# Not Valid After : Fri Apr 28 08:07:01 2023
+# Fingerprint (SHA-256): 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78
+# Fingerprint (SHA1): C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113
+\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\110\065
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113
+\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\110\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\007\000\216\027\376\044\040\201
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\047\060\202\003\017\240\003\002\001\002\002\007\000
+\216\027\376\044\040\201\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\060\201\261\061\013\060\011\006\003\125\004
+\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014\006
+\101\156\153\141\162\141\061\115\060\113\006\003\125\004\012\014
+\104\124\303\234\122\113\124\122\125\123\124\040\102\151\154\147
+\151\040\304\260\154\145\164\151\305\237\151\155\040\166\145\040
+\102\151\154\151\305\237\151\155\040\107\303\274\166\145\156\154
+\151\304\237\151\040\110\151\172\155\145\164\154\145\162\151\040
+\101\056\305\236\056\061\102\060\100\006\003\125\004\003\014\071
+\124\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164
+\162\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040
+\110\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261
+\143\304\261\163\304\261\040\110\065\060\036\027\015\061\063\060
+\064\063\060\060\070\060\067\060\061\132\027\015\062\063\060\064
+\062\070\060\070\060\067\060\061\132\060\201\261\061\013\060\011
+\006\003\125\004\006\023\002\124\122\061\017\060\015\006\003\125
+\004\007\014\006\101\156\153\141\162\141\061\115\060\113\006\003
+\125\004\012\014\104\124\303\234\122\113\124\122\125\123\124\040
+\102\151\154\147\151\040\304\260\154\145\164\151\305\237\151\155
+\040\166\145\040\102\151\154\151\305\237\151\155\040\107\303\274
+\166\145\156\154\151\304\237\151\040\110\151\172\155\145\164\154
+\145\162\151\040\101\056\305\236\056\061\102\060\100\006\003\125
+\004\003\014\071\124\303\234\122\113\124\122\125\123\124\040\105
+\154\145\153\164\162\157\156\151\153\040\123\145\162\164\151\146
+\151\153\141\040\110\151\172\155\145\164\040\123\141\304\237\154
+\141\171\304\261\143\304\261\163\304\261\040\110\065\060\202\001
+\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
+\003\202\001\017\000\060\202\001\012\002\202\001\001\000\244\045
+\031\341\145\236\353\110\041\120\112\010\345\021\360\132\272\046
+\377\203\131\316\104\052\057\376\341\316\140\003\374\215\003\245
+\355\377\153\250\272\314\064\006\237\131\065\366\354\054\273\235
+\373\215\122\151\343\234\047\020\123\363\244\002\305\247\371\021
+\032\151\165\156\303\035\213\321\230\215\223\207\247\161\227\015
+\041\307\231\371\122\323\054\143\135\125\274\350\037\001\110\271
+\140\376\102\112\366\310\200\256\315\146\172\236\105\212\150\167
+\342\110\150\237\242\332\361\341\301\020\237\353\074\051\201\247
+\341\062\010\324\240\005\261\214\373\215\226\000\016\076\045\337
+\123\206\042\073\374\364\275\363\011\176\167\354\206\353\017\063
+\345\103\117\364\124\165\155\051\231\056\146\132\103\337\313\134
+\312\310\345\070\361\176\073\065\235\017\364\305\132\241\314\363
+\040\200\044\323\127\354\025\272\165\045\233\350\144\113\263\064
+\204\357\004\270\366\311\154\252\002\076\266\125\342\062\067\137
+\374\146\227\137\315\326\236\307\040\277\115\306\254\077\165\137
+\034\355\062\234\174\151\000\151\221\343\043\030\123\351\002\003
+\001\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026
+\004\024\126\231\007\036\323\254\014\151\144\264\014\120\107\336
+\103\054\276\040\300\373\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367
+\015\001\001\013\005\000\003\202\001\001\000\236\105\166\173\027
+\110\062\362\070\213\051\275\356\226\112\116\201\030\261\121\107
+\040\315\320\144\261\016\311\331\001\331\011\316\310\231\334\150
+\045\023\324\134\362\243\350\004\376\162\011\307\013\252\035\045
+\125\176\226\232\127\267\272\305\021\172\031\346\247\176\075\205
+\016\365\371\056\051\057\347\371\154\130\026\127\120\045\366\076
+\056\076\252\355\167\161\252\252\231\226\106\012\256\216\354\052
+\121\026\260\136\315\352\147\004\034\130\060\365\140\212\275\246
+\275\115\345\226\264\374\102\211\001\153\366\160\310\120\071\014
+\055\325\146\331\310\322\263\062\267\033\031\155\313\063\371\337
+\245\346\025\204\067\360\302\362\145\226\222\220\167\360\255\364
+\220\351\021\170\327\223\211\300\075\013\272\051\364\350\231\235
+\162\216\355\235\057\356\222\175\241\361\377\135\272\063\140\205
+\142\376\007\002\241\204\126\106\276\226\012\232\023\327\041\114
+\267\174\007\237\116\116\077\221\164\373\047\235\021\314\335\346
+\261\312\161\115\023\027\071\046\305\051\041\053\223\051\152\226
+\372\253\101\341\113\266\065\013\300\233\025
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:00:8e:17:fe:24:20:81
+# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Tue Apr 30 08:07:01 2013
+# Not Valid After : Fri Apr 28 08:07:01 2023
+# Fingerprint (SHA-256): 49:35:1B:90:34:44:C1:85:CC:DC:5C:69:3D:24:D8:55:5C:B2:08:D6:A8:14:13:07:69:9F:4A:F0:63:19:9D:78
+# Fingerprint (SHA1): C4:18:F6:4D:46:D1:DF:00:3D:27:30:13:72:43:A9:12:11:C6:75:FB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\304\030\366\115\106\321\337\000\075\047\060\023\162\103\251\022
+\021\306\165\373
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\332\160\216\360\042\337\223\046\366\137\237\323\025\006\122\116
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113
+\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\110\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\007\000\216\027\376\044\040\201
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+#
+# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H6,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:7d:a1:f2:65:ec:8a
+# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H6,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Wed Dec 18 09:04:10 2013
+# Not Valid After : Sat Dec 16 09:04:10 2023
+# Fingerprint (SHA-256): 8D:E7:86:55:E1:BE:7F:78:47:80:0B:93:F6:94:D2:1D:36:8C:C0:6E:03:3E:7F:AB:04:BB:5E:B9:9D:A6:B7:00
+# Fingerprint (SHA1): 8A:5C:8C:EE:A5:03:E6:05:56:BA:D8:1B:D4:F6:C9:B0:ED:E5:2F:E0
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113
+\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\110\066
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113
+\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\110\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\175\241\362\145\354\212
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\004\046\060\202\003\016\240\003\002\001\002\002\006\175
+\241\362\145\354\212\060\015\006\011\052\206\110\206\367\015\001
+\001\013\005\000\060\201\261\061\013\060\011\006\003\125\004\006
+\023\002\124\122\061\017\060\015\006\003\125\004\007\014\006\101
+\156\153\141\162\141\061\115\060\113\006\003\125\004\012\014\104
+\124\303\234\122\113\124\122\125\123\124\040\102\151\154\147\151
+\040\304\260\154\145\164\151\305\237\151\155\040\166\145\040\102
+\151\154\151\305\237\151\155\040\107\303\274\166\145\156\154\151
+\304\237\151\040\110\151\172\155\145\164\154\145\162\151\040\101
+\056\305\236\056\061\102\060\100\006\003\125\004\003\014\071\124
+\303\234\122\113\124\122\125\123\124\040\105\154\145\153\164\162
+\157\156\151\153\040\123\145\162\164\151\146\151\153\141\040\110
+\151\172\155\145\164\040\123\141\304\237\154\141\171\304\261\143
+\304\261\163\304\261\040\110\066\060\036\027\015\061\063\061\062
+\061\070\060\071\060\064\061\060\132\027\015\062\063\061\062\061
+\066\060\071\060\064\061\060\132\060\201\261\061\013\060\011\006
+\003\125\004\006\023\002\124\122\061\017\060\015\006\003\125\004
+\007\014\006\101\156\153\141\162\141\061\115\060\113\006\003\125
+\004\012\014\104\124\303\234\122\113\124\122\125\123\124\040\102
+\151\154\147\151\040\304\260\154\145\164\151\305\237\151\155\040
+\166\145\040\102\151\154\151\305\237\151\155\040\107\303\274\166
+\145\156\154\151\304\237\151\040\110\151\172\155\145\164\154\145
+\162\151\040\101\056\305\236\056\061\102\060\100\006\003\125\004
+\003\014\071\124\303\234\122\113\124\122\125\123\124\040\105\154
+\145\153\164\162\157\156\151\153\040\123\145\162\164\151\146\151
+\153\141\040\110\151\172\155\145\164\040\123\141\304\237\154\141
+\171\304\261\143\304\261\163\304\261\040\110\066\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\235\260\150
+\326\350\275\024\226\243\000\012\232\361\364\307\314\221\115\161
+\170\167\271\367\041\046\025\163\121\026\224\011\107\005\342\063
+\365\150\232\065\377\334\113\057\062\307\260\355\342\202\345\157
+\332\332\352\254\306\006\317\045\015\101\201\366\301\070\042\275
+\371\261\245\246\263\001\274\077\120\027\053\366\351\146\125\324
+\063\263\134\370\103\040\170\223\125\026\160\031\062\346\211\327
+\144\353\275\110\120\375\366\320\101\003\302\164\267\375\366\200
+\317\133\305\253\244\326\225\022\233\347\227\023\062\003\351\324
+\253\103\133\026\355\063\042\144\051\266\322\223\255\057\154\330
+\075\266\366\035\016\064\356\322\175\251\125\017\040\364\375\051
+\273\221\133\034\175\306\102\070\155\102\050\155\324\001\373\315
+\210\227\111\176\270\363\203\370\265\230\057\263\047\013\110\136
+\126\347\116\243\063\263\104\326\245\362\030\224\355\034\036\251
+\225\134\142\112\370\015\147\121\251\257\041\325\370\062\235\171
+\272\032\137\345\004\125\115\023\106\377\362\317\164\307\032\143
+\155\303\037\027\022\303\036\020\076\140\010\263\061\002\003\001
+\000\001\243\102\060\100\060\035\006\003\125\035\016\004\026\004
+\024\335\125\027\023\366\254\350\110\041\312\357\265\257\321\000
+\062\355\236\214\265\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\001\001\000\157\130\015\227\103\252
+\026\124\076\277\251\337\222\105\077\205\013\273\126\323\014\122
+\314\310\277\166\147\136\346\252\263\247\357\271\254\264\020\024
+\015\164\176\075\155\255\321\175\320\232\251\245\312\030\073\002
+\100\056\052\234\120\024\213\376\127\176\127\134\021\011\113\066
+\105\122\367\075\254\024\375\104\337\213\227\043\324\303\301\356
+\324\123\225\376\054\112\376\015\160\252\273\213\057\055\313\062
+\243\202\362\124\337\330\362\335\327\110\162\356\112\243\051\226
+\303\104\316\156\265\222\207\166\244\273\364\222\154\316\054\024
+\011\146\216\215\255\026\265\307\033\011\141\073\343\040\242\003
+\200\216\255\176\121\000\116\307\226\206\373\103\230\167\175\050
+\307\217\330\052\156\347\204\157\227\101\051\000\026\136\115\342
+\023\352\131\300\143\147\072\104\373\230\374\004\323\060\162\246
+\366\207\011\127\255\166\246\035\143\232\375\327\145\310\170\203
+\053\165\073\245\133\270\015\135\177\276\043\256\126\125\224\130
+\357\037\201\214\052\262\315\346\233\143\236\030\274\345\153\006
+\264\013\230\113\050\136\257\210\130\313
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+# Issuer: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H6,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Serial Number:7d:a1:f2:65:ec:8a
+# Subject: CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H6,O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A....,L=Ankara,C=TR
+# Not Valid Before: Wed Dec 18 09:04:10 2013
+# Not Valid After : Sat Dec 16 09:04:10 2023
+# Fingerprint (SHA-256): 8D:E7:86:55:E1:BE:7F:78:47:80:0B:93:F6:94:D2:1D:36:8C:C0:6E:03:3E:7F:AB:04:BB:5E:B9:9D:A6:B7:00
+# Fingerprint (SHA1): 8A:5C:8C:EE:A5:03:E6:05:56:BA:D8:1B:D4:F6:C9:B0:ED:E5:2F:E0
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\212\134\214\356\245\003\346\005\126\272\330\033\324\366\311\260
+\355\345\057\340
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\370\305\356\052\153\276\225\215\010\367\045\112\352\161\076\106
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\261\061\013\060\011\006\003\125\004\006\023\002\124\122
+\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
+\141\061\115\060\113\006\003\125\004\012\014\104\124\303\234\122
+\113\124\122\125\123\124\040\102\151\154\147\151\040\304\260\154
+\145\164\151\305\237\151\155\040\166\145\040\102\151\154\151\305
+\237\151\155\040\107\303\274\166\145\156\154\151\304\237\151\040
+\110\151\172\155\145\164\154\145\162\151\040\101\056\305\236\056
+\061\102\060\100\006\003\125\004\003\014\071\124\303\234\122\113
+\124\122\125\123\124\040\105\154\145\153\164\162\157\156\151\153
+\040\123\145\162\164\151\146\151\153\141\040\110\151\172\155\145
+\164\040\123\141\304\237\154\141\171\304\261\143\304\261\163\304
+\261\040\110\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\006\175\241\362\145\354\212
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certinomis - Root CA"
+#
+# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
+# Serial Number: 1 (0x1)
+# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
+# Not Valid Before: Mon Oct 21 09:17:18 2013
+# Not Valid After : Fri Oct 21 09:17:18 2033
+# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58
+# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certinomis - Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060
+\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155
+\151\163\040\055\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060
+\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155
+\151\163\040\055\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\222\060\202\003\172\240\003\002\001\002\002\001\001
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\023
+\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156\157
+\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060\060
+\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060\033
+\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155\151
+\163\040\055\040\122\157\157\164\040\103\101\060\036\027\015\061
+\063\061\060\062\061\060\071\061\067\061\070\132\027\015\063\063
+\061\060\062\061\060\071\061\067\061\070\132\060\132\061\013\060
+\011\006\003\125\004\006\023\002\106\122\061\023\060\021\006\003
+\125\004\012\023\012\103\145\162\164\151\156\157\155\151\163\061
+\027\060\025\006\003\125\004\013\023\016\060\060\060\062\040\064
+\063\063\071\071\070\071\060\063\061\035\060\033\006\003\125\004
+\003\023\024\103\145\162\164\151\156\157\155\151\163\040\055\040
+\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052
+\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
+\202\002\012\002\202\002\001\000\324\314\011\012\054\077\222\366
+\177\024\236\013\234\232\152\035\100\060\144\375\252\337\016\036
+\006\133\237\120\205\352\315\215\253\103\147\336\260\372\176\200
+\226\236\204\170\222\110\326\343\071\356\316\344\131\130\227\345
+\056\047\230\352\223\250\167\233\112\360\357\164\200\055\353\060
+\037\265\331\307\200\234\142\047\221\210\360\112\211\335\334\210
+\346\024\371\325\003\057\377\225\333\275\237\354\054\372\024\025
+\131\225\012\306\107\174\151\030\271\247\003\371\312\166\251\317
+\307\157\264\136\005\376\356\301\122\262\165\062\207\354\355\051
+\146\073\363\112\026\202\366\326\232\333\162\230\351\336\360\305
+\114\245\253\265\352\001\342\214\056\144\177\144\157\375\243\045
+\223\213\310\242\016\111\215\064\360\037\354\130\105\056\064\252
+\204\120\275\347\262\112\023\270\260\017\256\070\135\260\251\033
+\346\163\311\132\241\331\146\100\252\251\115\246\064\002\255\204
+\176\262\043\301\373\052\306\147\364\064\266\260\225\152\063\117
+\161\104\265\255\300\171\063\210\340\277\355\243\240\024\264\234
+\011\260\012\343\140\276\370\370\146\210\315\133\361\167\005\340
+\265\163\156\301\175\106\056\216\113\047\246\315\065\012\375\345
+\115\175\252\052\243\051\307\132\150\004\350\345\326\223\244\142
+\302\305\346\364\117\306\371\237\032\215\202\111\031\212\312\131
+\103\072\350\015\062\301\364\114\023\003\157\156\246\077\221\163
+\313\312\163\157\022\040\213\356\300\202\170\336\113\056\302\111
+\303\035\355\026\366\044\364\047\033\134\127\061\334\125\356\250
+\036\157\154\254\342\105\314\127\127\212\165\127\031\340\265\130
+\231\111\066\061\074\063\001\155\026\112\315\270\052\203\204\206
+\233\371\140\322\037\155\221\003\323\140\246\325\075\232\335\167
+\220\075\065\244\237\017\136\365\122\104\151\271\300\272\334\317
+\175\337\174\331\304\254\206\042\062\274\173\153\221\357\172\370
+\027\150\260\342\123\125\140\055\257\076\302\203\330\331\011\053
+\360\300\144\333\207\213\221\314\221\353\004\375\166\264\225\232
+\346\024\006\033\325\064\035\276\330\377\164\034\123\205\231\340
+\131\122\112\141\355\210\236\153\111\211\106\176\040\132\331\347
+\112\345\152\356\322\145\021\103\002\003\001\000\001\243\143\060
+\141\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\006\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\035\006\003\125\035\016\004\026\004\024\357\221\114
+\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170\164
+\331\060\037\006\003\125\035\043\004\030\060\026\200\024\357\221
+\114\365\245\303\060\350\057\010\352\323\161\042\244\222\150\170
+\164\331\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\003\202\002\001\000\176\075\124\332\042\135\032\130\076\073
+\124\047\272\272\314\310\343\032\152\352\076\371\022\353\126\137
+\075\120\316\340\352\110\046\046\317\171\126\176\221\034\231\077
+\320\241\221\034\054\017\117\230\225\131\123\275\320\042\330\210
+\135\234\067\374\373\144\301\170\214\213\232\140\011\352\325\372
+\041\137\320\164\145\347\120\305\277\056\271\013\013\255\265\260
+\027\246\022\214\324\142\170\352\126\152\354\012\322\100\303\074
+\005\060\076\115\224\267\237\112\003\323\175\047\113\266\376\104
+\316\372\031\063\032\155\244\102\321\335\314\310\310\327\026\122
+\203\117\065\224\263\022\125\175\345\342\102\353\344\234\223\011
+\300\114\133\007\253\307\155\021\240\120\027\224\043\250\265\012
+\222\017\262\172\301\140\054\070\314\032\246\133\377\362\014\343
+\252\037\034\334\270\240\223\047\336\143\343\177\041\237\072\345
+\236\372\340\023\152\165\353\226\134\142\221\224\216\147\123\266
+\211\370\022\011\313\157\122\133\003\162\206\120\225\010\324\215
+\207\206\025\037\225\044\330\244\157\232\316\244\235\233\155\322
+\262\166\006\206\306\126\010\305\353\011\332\066\302\033\133\101
+\276\141\052\343\160\346\270\246\370\266\132\304\275\041\367\377
+\252\137\241\154\166\071\146\326\352\114\125\341\000\063\233\023
+\230\143\311\157\320\001\040\011\067\122\347\014\117\076\315\274
+\365\137\226\047\247\040\002\225\340\056\350\007\101\005\037\025
+\156\326\260\344\031\340\017\002\223\000\047\162\305\213\321\124
+\037\135\112\303\100\227\176\125\246\174\301\063\004\024\001\035
+\111\040\151\013\031\223\235\156\130\042\367\100\014\106\014\043
+\143\363\071\322\177\166\121\247\364\310\241\361\014\166\042\043
+\106\122\051\055\342\243\101\007\126\151\230\322\005\011\274\151
+\307\132\141\315\217\201\140\025\115\200\335\220\342\175\304\120
+\362\214\073\156\112\307\306\346\200\053\074\201\274\021\200\026
+\020\047\327\360\315\077\171\314\163\052\303\176\123\221\326\156
+\370\365\363\307\320\121\115\216\113\245\133\346\031\027\073\326
+\201\011\334\042\334\356\216\271\304\217\123\341\147\273\063\270
+\210\025\106\317\355\151\065\377\165\015\106\363\316\161\341\305
+\153\206\102\006\271\101
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Certinomis - Root CA"
+# Issuer: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
+# Serial Number: 1 (0x1)
+# Subject: CN=Certinomis - Root CA,OU=0002 433998903,O=Certinomis,C=FR
+# Not Valid Before: Mon Oct 21 09:17:18 2013
+# Not Valid After : Fri Oct 21 09:17:18 2033
+# Fingerprint (SHA-256): 2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58
+# Fingerprint (SHA1): 9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certinomis - Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\235\160\273\001\245\244\240\030\021\056\367\034\001\271\062\305
+\064\347\210\250
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\024\012\375\215\250\050\265\070\151\333\126\176\141\042\003\077
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\023\060\021\006\003\125\004\012\023\012\103\145\162\164\151\156
+\157\155\151\163\061\027\060\025\006\003\125\004\013\023\016\060
+\060\060\062\040\064\063\063\071\071\070\071\060\063\061\035\060
+\033\006\003\125\004\003\023\024\103\145\162\164\151\156\157\155
+\151\163\040\055\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\001
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "OISTE WISeKey Global Root GB CA"
+#
+# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
+# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0
+# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
+# Not Valid Before: Mon Dec 01 15:00:32 2014
+# Not Valid After : Thu Dec 01 15:10:31 2039
+# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6
+# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145
+\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124
+\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144
+\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037
+\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154
+\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145
+\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124
+\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144
+\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037
+\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154
+\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366
+\302\300
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\265\060\202\002\235\240\003\002\001\002\002\020\166
+\261\040\122\164\360\205\207\106\263\370\043\032\366\302\300\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\155
+\061\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060
+\016\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061
+\042\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040
+\106\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162
+\163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111
+\123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142
+\141\154\040\122\157\157\164\040\107\102\040\103\101\060\036\027
+\015\061\064\061\062\060\061\061\065\060\060\063\062\132\027\015
+\063\071\061\062\060\061\061\065\061\060\063\061\132\060\155\061
+\013\060\011\006\003\125\004\006\023\002\103\110\061\020\060\016
+\006\003\125\004\012\023\007\127\111\123\145\113\145\171\061\042
+\060\040\006\003\125\004\013\023\031\117\111\123\124\105\040\106
+\157\165\156\144\141\164\151\157\156\040\105\156\144\157\162\163
+\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111\123
+\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142\141
+\154\040\122\157\157\164\040\107\102\040\103\101\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\330\027\267
+\034\112\044\052\326\227\261\312\342\036\373\175\070\357\230\365
+\262\071\230\116\047\270\021\135\173\322\045\224\210\202\025\046
+\152\033\061\273\250\133\041\041\053\330\017\116\237\132\361\261
+\132\344\171\326\062\043\053\341\123\314\231\105\134\173\117\255
+\274\277\207\112\013\113\227\132\250\366\110\354\175\173\015\315
+\041\006\337\236\025\375\101\212\110\267\040\364\241\172\033\127
+\324\135\120\377\272\147\330\043\231\037\310\077\343\336\377\157
+\133\167\261\153\156\270\311\144\367\341\312\101\106\016\051\161
+\320\271\043\374\311\201\137\116\367\157\337\277\204\255\163\144
+\273\267\102\216\151\366\324\166\035\176\235\247\270\127\212\121
+\147\162\327\324\250\270\225\124\100\163\003\366\352\364\353\376
+\050\102\167\077\235\043\033\262\266\075\200\024\007\114\056\117
+\367\325\012\026\015\275\146\103\067\176\043\103\171\303\100\206
+\365\114\051\332\216\232\255\015\245\004\207\210\036\205\343\351
+\123\325\233\310\213\003\143\170\353\340\031\112\156\273\057\153
+\063\144\130\223\255\151\277\217\033\357\202\110\307\002\003\001
+\000\001\243\121\060\117\060\013\006\003\125\035\017\004\004\003
+\002\001\206\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\065
+\017\310\066\143\136\342\243\354\371\073\146\025\316\121\122\343
+\221\232\075\060\020\006\011\053\006\001\004\001\202\067\025\001
+\004\003\002\001\000\060\015\006\011\052\206\110\206\367\015\001
+\001\013\005\000\003\202\001\001\000\100\114\373\207\262\231\201
+\220\176\235\305\260\260\046\315\210\173\053\062\215\156\270\041
+\161\130\227\175\256\067\024\257\076\347\367\232\342\175\366\161
+\230\231\004\252\103\164\170\243\343\111\141\076\163\214\115\224
+\340\371\161\304\266\026\016\123\170\037\326\242\207\057\002\071
+\201\051\074\257\025\230\041\060\376\050\220\000\214\321\341\313
+\372\136\310\375\370\020\106\073\242\170\102\221\027\164\125\012
+\336\120\147\115\146\321\247\377\375\331\300\265\250\243\212\316
+\146\365\017\103\315\247\053\127\173\143\106\152\252\056\122\330
+\364\355\341\155\255\051\220\170\110\272\341\043\252\243\211\354
+\265\253\226\300\264\113\242\035\227\236\172\362\156\100\161\337
+\150\361\145\115\316\174\005\337\123\145\251\245\360\261\227\004
+\160\025\106\003\230\324\322\277\124\264\240\130\175\122\157\332
+\126\046\142\324\330\333\211\061\157\034\360\042\302\323\142\034
+\065\315\114\151\025\124\032\220\230\336\353\036\137\312\167\307
+\313\216\075\103\151\234\232\130\320\044\073\337\033\100\226\176
+\065\255\201\307\116\161\272\210\023
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "OISTE WISeKey Global Root GB CA"
+# Issuer: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
+# Serial Number:76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0
+# Subject: CN=OISTE WISeKey Global Root GB CA,OU=OISTE Foundation Endorsed,O=WISeKey,C=CH
+# Not Valid Before: Mon Dec 01 15:00:32 2014
+# Not Valid After : Thu Dec 01 15:10:31 2039
+# Fingerprint (SHA-256): 6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6
+# Fingerprint (SHA1): 0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OISTE WISeKey Global Root GB CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\017\371\100\166\030\323\327\152\113\230\360\250\065\236\014\375
+\047\254\314\355
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\244\353\271\141\050\056\267\057\230\260\065\046\220\231\121\035
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\155\061\013\060\011\006\003\125\004\006\023\002\103\110\061
+\020\060\016\006\003\125\004\012\023\007\127\111\123\145\113\145
+\171\061\042\060\040\006\003\125\004\013\023\031\117\111\123\124
+\105\040\106\157\165\156\144\141\164\151\157\156\040\105\156\144
+\157\162\163\145\144\061\050\060\046\006\003\125\004\003\023\037
+\117\111\123\124\105\040\127\111\123\145\113\145\171\040\107\154
+\157\142\141\154\040\122\157\157\164\040\107\102\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\166\261\040\122\164\360\205\207\106\263\370\043\032\366
+\302\300
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certification Authority of WoSign G2"
+#
+# Issuer: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Serial Number:6b:25:da:8a:88:9d:7c:bc:0f:05:b3:b1:7a:61:45:44
+# Subject: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16
+# Fingerprint (SHA1): FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certification Authority of WoSign G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\055\060\053\006
+\003\125\004\003\023\044\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\055\060\053\006
+\003\125\004\003\023\044\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\153\045\332\212\210\235\174\274\017\005\263\261\172\141
+\105\104
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\174\060\202\002\144\240\003\002\001\002\002\020\153
+\045\332\212\210\235\174\274\017\005\263\261\172\141\105\104\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\130
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\032\060
+\030\006\003\125\004\012\023\021\127\157\123\151\147\156\040\103
+\101\040\114\151\155\151\164\145\144\061\055\060\053\006\003\125
+\004\003\023\044\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\040\157\146\040\127
+\157\123\151\147\156\040\107\062\060\036\027\015\061\064\061\061
+\060\070\060\060\065\070\065\070\132\027\015\064\064\061\061\060
+\070\060\060\065\070\065\070\132\060\130\061\013\060\011\006\003
+\125\004\006\023\002\103\116\061\032\060\030\006\003\125\004\012
+\023\021\127\157\123\151\147\156\040\103\101\040\114\151\155\151
+\164\145\144\061\055\060\053\006\003\125\004\003\023\044\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171\040\157\146\040\127\157\123\151\147\156\040
+\107\062\060\202\001\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
+\001\001\000\276\305\304\240\042\200\111\117\277\331\207\021\306
+\123\341\273\017\275\140\177\257\366\202\016\037\334\260\216\075
+\227\340\120\074\217\072\357\146\073\105\007\233\040\370\343\327
+\045\206\065\220\026\242\135\157\060\031\010\207\013\177\006\262
+\235\142\217\336\257\222\245\140\324\053\200\232\122\077\365\232
+\203\351\064\132\313\331\325\142\134\346\016\340\337\006\230\016
+\200\174\312\264\035\023\210\153\016\250\044\167\003\320\356\133
+\363\312\151\221\065\071\126\305\155\343\367\075\117\136\223\070
+\044\312\030\351\044\313\222\003\335\314\034\075\011\160\344\040
+\344\361\256\254\273\163\151\243\143\072\017\105\017\241\112\232
+\302\321\143\254\313\020\370\075\346\116\050\267\353\304\225\261
+\254\375\136\253\372\101\313\135\235\113\334\364\174\166\357\147
+\177\000\172\215\322\240\032\134\115\042\341\265\332\335\166\263
+\324\166\337\136\270\213\230\310\024\124\314\153\027\222\267\340
+\112\277\111\224\141\013\070\220\217\135\044\154\045\173\073\171
+\331\342\176\235\255\237\230\241\006\374\170\024\140\127\370\356
+\200\167\261\002\003\001\000\001\243\102\060\100\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003
+\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006
+\003\125\035\016\004\026\004\024\372\140\251\353\145\305\335\026
+\024\010\116\014\017\215\233\340\367\144\257\147\060\015\006\011
+\052\206\110\206\367\015\001\001\013\005\000\003\202\001\001\000
+\127\303\172\066\202\234\215\230\342\253\100\252\107\217\307\247
+\133\355\174\347\075\146\132\073\061\273\337\363\026\063\221\374
+\174\173\245\302\246\146\343\252\260\267\047\230\077\111\327\140
+\147\147\077\066\117\112\313\361\024\372\132\207\050\034\355\217
+\101\062\306\225\371\175\332\275\173\133\302\260\041\343\217\106
+\334\041\070\103\164\114\373\060\370\027\162\301\062\374\310\221
+\027\304\314\130\067\116\013\314\132\367\041\065\050\203\154\140
+\055\104\353\122\214\120\075\265\154\022\327\372\011\273\154\262
+\112\261\305\211\344\374\323\122\330\141\027\376\172\224\204\217
+\171\266\063\131\272\017\304\013\342\160\240\113\170\056\372\310
+\237\375\257\221\145\012\170\070\025\345\227\027\024\335\371\340
+\054\064\370\070\320\204\042\000\300\024\121\030\053\002\334\060
+\132\360\350\001\174\065\072\043\257\010\344\257\252\216\050\102
+\111\056\360\365\231\064\276\355\017\113\030\341\322\044\074\273
+\135\107\267\041\362\215\321\012\231\216\343\156\076\255\160\340
+\217\271\312\314\156\201\061\366\173\234\172\171\344\147\161\030
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Certification Authority of WoSign G2"
+# Issuer: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Serial Number:6b:25:da:8a:88:9d:7c:bc:0f:05:b3:b1:7a:61:45:44
+# Subject: CN=Certification Authority of WoSign G2,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16
+# Fingerprint (SHA1): FB:ED:DC:90:65:B7:27:20:37:BC:55:0C:9C:56:DE:BB:F2:78:94:E1
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certification Authority of WoSign G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\373\355\334\220\145\267\047\040\067\274\125\014\234\126\336\273
+\362\170\224\341
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\310\034\175\031\252\313\161\223\362\120\370\122\250\036\272\140
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\130\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\055\060\053\006
+\003\125\004\003\023\044\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\157\146
+\040\127\157\123\151\147\156\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\153\045\332\212\210\235\174\274\017\005\263\261\172\141
+\105\104
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "CA WoSign ECC Root"
+#
+# Issuer: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Serial Number:68:4a:58:70:80:6b:f0:8f:02:fa:f6:de:e8:b0:90:90
+# Subject: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02
+# Fingerprint (SHA1): D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA WoSign ECC Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\023\022\103\101\040\127\157\123\151\147\156\040
+\105\103\103\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\023\022\103\101\040\127\157\123\151\147\156\040
+\105\103\103\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\150\112\130\160\200\153\360\217\002\372\366\336\350\260
+\220\220
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\011\060\202\001\217\240\003\002\001\002\002\020\150
+\112\130\160\200\153\360\217\002\372\366\336\350\260\220\220\060
+\012\006\010\052\206\110\316\075\004\003\003\060\106\061\013\060
+\011\006\003\125\004\006\023\002\103\116\061\032\060\030\006\003
+\125\004\012\023\021\127\157\123\151\147\156\040\103\101\040\114
+\151\155\151\164\145\144\061\033\060\031\006\003\125\004\003\023
+\022\103\101\040\127\157\123\151\147\156\040\105\103\103\040\122
+\157\157\164\060\036\027\015\061\064\061\061\060\070\060\060\065
+\070\065\070\132\027\015\064\064\061\061\060\070\060\060\065\070
+\065\070\132\060\106\061\013\060\011\006\003\125\004\006\023\002
+\103\116\061\032\060\030\006\003\125\004\012\023\021\127\157\123
+\151\147\156\040\103\101\040\114\151\155\151\164\145\144\061\033
+\060\031\006\003\125\004\003\023\022\103\101\040\127\157\123\151
+\147\156\040\105\103\103\040\122\157\157\164\060\166\060\020\006
+\007\052\206\110\316\075\002\001\006\005\053\201\004\000\042\003
+\142\000\004\341\375\216\270\103\044\253\226\173\205\302\272\013
+\255\215\340\072\343\044\271\322\261\276\210\072\312\277\112\270
+\371\357\054\057\257\121\120\074\107\165\154\370\224\267\233\374
+\050\036\305\124\314\143\235\026\113\123\301\347\040\253\315\254
+\045\322\177\217\302\301\132\202\136\060\213\172\124\316\003\265
+\221\177\252\224\320\321\212\110\314\202\005\046\241\325\121\022
+\326\173\066\243\102\060\100\060\016\006\003\125\035\017\001\001
+\377\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001
+\377\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004
+\026\004\024\252\375\325\132\243\366\207\213\062\205\375\321\062
+\133\200\105\223\363\003\270\060\012\006\010\052\206\110\316\075
+\004\003\003\003\150\000\060\145\002\061\000\344\244\204\260\201
+\325\075\260\164\254\224\244\350\016\075\000\164\114\241\227\153
+\371\015\121\074\241\331\073\364\015\253\251\237\276\116\162\312
+\205\324\331\354\265\062\105\030\157\253\255\002\060\175\307\367
+\151\143\057\241\341\230\357\023\020\321\171\077\321\376\352\073
+\177\336\126\364\220\261\025\021\330\262\042\025\320\057\303\046
+\056\153\361\221\262\220\145\364\232\346\220\356\112
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "CA WoSign ECC Root"
+# Issuer: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Serial Number:68:4a:58:70:80:6b:f0:8f:02:fa:f6:de:e8:b0:90:90
+# Subject: CN=CA WoSign ECC Root,O=WoSign CA Limited,C=CN
+# Not Valid Before: Sat Nov 08 00:58:58 2014
+# Not Valid After : Tue Nov 08 00:58:58 2044
+# Fingerprint (SHA-256): 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02
+# Fingerprint (SHA1): D2:7A:D2:BE:ED:94:C0:A1:3C:C7:25:21:EA:5D:71:BE:81:19:F3:2B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CA WoSign ECC Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\322\172\322\276\355\224\300\241\074\307\045\041\352\135\161\276
+\201\031\363\053
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\200\306\123\356\141\202\050\162\360\377\041\271\027\312\262\040
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\032\060\030\006\003\125\004\012\023\021\127\157\123\151\147\156
+\040\103\101\040\114\151\155\151\164\145\144\061\033\060\031\006
+\003\125\004\003\023\022\103\101\040\127\157\123\151\147\156\040
+\105\103\103\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\150\112\130\160\200\153\360\217\002\372\366\336\350\260
+\220\220
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "SZAFIR ROOT CA2"
+#
+# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
+# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4
+# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
+# Not Valid Before: Mon Oct 19 07:43:30 2015
+# Not Valid After : Fri Oct 19 07:43:30 2035
+# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE
+# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SZAFIR ROOT CA2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167
+\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156
+\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125
+\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040
+\103\101\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167
+\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156
+\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125
+\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040
+\103\101\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001
+\353\055\334\344\326\344
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\076
+\212\135\007\354\125\322\062\325\267\343\266\137\001\353\055\334
+\344\326\344\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\120
+\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141\152
+\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143\172
+\145\156\151\157\167\141\040\123\056\101\056\061\030\060\026\006
+\003\125\004\003\014\017\123\132\101\106\111\122\040\122\117\117
+\124\040\103\101\062\060\036\027\015\061\065\061\060\061\071\060
+\067\064\063\063\060\132\027\015\063\065\061\060\061\071\060\067
+\064\063\063\060\132\060\121\061\013\060\011\006\003\125\004\006
+\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113
+\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154
+\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\030
+\060\026\006\003\125\004\003\014\017\123\132\101\106\111\122\040
+\122\117\117\124\040\103\101\062\060\202\001\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000
+\060\202\001\012\002\202\001\001\000\267\274\076\120\250\113\315
+\100\265\316\141\347\226\312\264\241\332\014\042\260\372\265\173
+\166\000\167\214\013\317\175\250\206\314\046\121\344\040\075\205
+\014\326\130\343\347\364\052\030\235\332\321\256\046\356\353\123
+\334\364\220\326\023\112\014\220\074\303\364\332\322\216\015\222
+\072\334\261\261\377\070\336\303\272\055\137\200\271\002\275\112
+\235\033\017\264\303\302\301\147\003\335\334\033\234\075\263\260
+\336\000\036\250\064\107\273\232\353\376\013\024\275\066\204\332
+\015\040\277\372\133\313\251\026\040\255\071\140\356\057\165\266
+\347\227\234\371\076\375\176\115\157\115\057\357\210\015\152\372
+\335\361\075\156\040\245\240\022\264\115\160\271\316\327\162\073
+\211\223\247\200\204\034\047\111\162\111\265\377\073\225\236\301
+\314\310\001\354\350\016\212\012\226\347\263\246\207\345\326\371
+\005\053\015\227\100\160\074\272\254\165\132\234\325\115\235\002
+\012\322\113\233\146\113\106\007\027\145\255\237\154\210\000\334
+\042\211\340\341\144\324\147\274\061\171\141\074\273\312\101\315
+\134\152\000\310\074\070\216\130\257\002\003\001\000\001\243\102
+\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003
+\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\035\006\003\125\035\016\004\026\004\024\056\026
+\251\112\030\265\313\314\365\157\120\363\043\137\370\135\347\254
+\360\310\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\003\202\001\001\000\265\163\370\003\334\131\133\035\166\351
+\243\052\173\220\050\262\115\300\063\117\252\232\261\324\270\344
+\047\377\251\226\231\316\106\340\155\174\114\242\070\244\006\160
+\360\364\101\021\354\077\107\215\077\162\207\371\073\375\244\157
+\053\123\000\340\377\071\271\152\007\016\353\035\034\366\242\162
+\220\313\202\075\021\202\213\322\273\237\052\257\041\346\143\206
+\235\171\031\357\367\273\014\065\220\303\212\355\117\017\365\314
+\022\331\244\076\273\240\374\040\225\137\117\046\057\021\043\203
+\116\165\007\017\277\233\321\264\035\351\020\004\376\312\140\217
+\242\114\270\255\317\341\220\017\315\256\012\307\135\173\267\120
+\322\324\141\372\325\025\333\327\237\207\121\124\353\245\343\353
+\311\205\240\045\040\067\373\216\316\014\064\204\341\074\201\262
+\167\116\103\245\210\137\206\147\241\075\346\264\134\141\266\076
+\333\376\267\050\305\242\007\256\265\312\312\215\052\022\357\227
+\355\302\060\244\311\052\172\373\363\115\043\033\231\063\064\240
+\056\365\251\013\077\324\135\341\317\204\237\342\031\302\137\212
+\326\040\036\343\163\267
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "SZAFIR ROOT CA2"
+# Issuer: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
+# Serial Number:3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4
+# Subject: CN=SZAFIR ROOT CA2,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
+# Not Valid Before: Mon Oct 19 07:43:30 2015
+# Not Valid After : Fri Oct 19 07:43:30 2035
+# Fingerprint (SHA-256): A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE
+# Fingerprint (SHA1): E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "SZAFIR ROOT CA2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\342\122\372\225\077\355\333\044\140\275\156\050\363\234\314\317
+\136\263\077\336
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\021\144\301\211\260\044\261\214\261\007\176\211\236\121\236\231
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\121\061\013\060\011\006\003\125\004\006\023\002\120\114\061
+\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167
+\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156
+\151\157\167\141\040\123\056\101\056\061\030\060\026\006\003\125
+\004\003\014\017\123\132\101\106\111\122\040\122\117\117\124\040
+\103\101\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\076\212\135\007\354\125\322\062\325\267\343\266\137\001
+\353\055\334\344\326\344
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certum Trusted Network CA 2"
+#
+# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
+# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Not Valid Before: Thu Oct 06 08:39:56 2011
+# Not Valid After : Sat Oct 06 08:39:56 2046
+# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04
+# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Trusted Network CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145
+\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040
+\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103
+\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060
+\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124
+\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103
+\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145
+\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040
+\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103
+\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060
+\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124
+\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103
+\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022
+\215\351
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\322\060\202\003\272\240\003\002\001\002\002\020\041
+\326\320\112\117\045\017\311\062\067\374\252\136\022\215\351\060
+\015\006\011\052\206\110\206\367\015\001\001\015\005\000\060\201
+\200\061\013\060\011\006\003\125\004\006\023\002\120\114\061\042
+\060\040\006\003\125\004\012\023\031\125\156\151\172\145\164\157
+\040\124\145\143\150\156\157\154\157\147\151\145\163\040\123\056
+\101\056\061\047\060\045\006\003\125\004\013\023\036\103\145\162
+\164\165\155\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\061\044\060\042\006
+\003\125\004\003\023\033\103\145\162\164\165\155\040\124\162\165
+\163\164\145\144\040\116\145\164\167\157\162\153\040\103\101\040
+\062\060\042\030\017\062\060\061\061\061\060\060\066\060\070\063
+\071\065\066\132\030\017\062\060\064\066\061\060\060\066\060\070
+\063\071\065\066\132\060\201\200\061\013\060\011\006\003\125\004
+\006\023\002\120\114\061\042\060\040\006\003\125\004\012\023\031
+\125\156\151\172\145\164\157\040\124\145\143\150\156\157\154\157
+\147\151\145\163\040\123\056\101\056\061\047\060\045\006\003\125
+\004\013\023\036\103\145\162\164\165\155\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\061\044\060\042\006\003\125\004\003\023\033\103\145\162
+\164\165\155\040\124\162\165\163\164\145\144\040\116\145\164\167
+\157\162\153\040\103\101\040\062\060\202\002\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000
+\060\202\002\012\002\202\002\001\000\275\371\170\370\346\325\200
+\014\144\235\206\033\226\144\147\077\042\072\036\165\001\175\357
+\373\134\147\214\311\314\134\153\251\221\346\271\102\345\040\113
+\233\332\233\173\271\231\135\331\233\200\113\327\204\100\053\047
+\323\350\272\060\273\076\011\032\247\111\225\357\053\100\044\302
+\227\307\247\356\233\045\357\250\012\000\227\205\132\252\235\334
+\051\311\342\065\007\353\160\115\112\326\301\263\126\270\241\101
+\070\233\321\373\061\177\217\340\137\341\261\077\017\216\026\111
+\140\327\006\215\030\371\252\046\020\253\052\323\320\321\147\215
+\033\106\276\107\060\325\056\162\321\305\143\332\347\143\171\104
+\176\113\143\044\211\206\056\064\077\051\114\122\213\052\247\300
+\342\221\050\211\271\300\133\371\035\331\347\047\255\377\232\002
+\227\301\306\120\222\233\002\054\275\251\271\064\131\012\277\204
+\112\377\337\376\263\237\353\331\236\340\230\043\354\246\153\167
+\026\052\333\314\255\073\034\244\207\334\106\163\136\031\142\150
+\105\127\344\220\202\102\273\102\326\360\141\340\301\243\075\146
+\243\135\364\030\356\210\311\215\027\105\051\231\062\165\002\061
+\356\051\046\310\153\002\346\265\142\105\177\067\025\132\043\150
+\211\324\076\336\116\047\260\360\100\014\274\115\027\313\115\242
+\263\036\320\006\132\335\366\223\317\127\165\231\365\372\206\032
+\147\170\263\277\226\376\064\334\275\347\122\126\345\263\345\165
+\173\327\101\221\005\334\135\151\343\225\015\103\271\374\203\226
+\071\225\173\154\200\132\117\023\162\306\327\175\051\172\104\272
+\122\244\052\325\101\106\011\040\376\042\240\266\133\060\215\274
+\211\014\325\327\160\370\207\122\375\332\357\254\121\056\007\263
+\116\376\320\011\332\160\357\230\372\126\346\155\333\265\127\113
+\334\345\054\045\025\310\236\056\170\116\370\332\234\236\206\054
+\312\127\363\032\345\310\222\213\032\202\226\172\303\274\120\022
+\151\330\016\132\106\213\072\353\046\372\043\311\266\260\201\276
+\102\000\244\370\326\376\060\056\307\322\106\366\345\216\165\375
+\362\314\271\320\207\133\314\006\020\140\273\203\065\267\136\147
+\336\107\354\231\110\361\244\241\025\376\255\214\142\216\071\125
+\117\071\026\271\261\143\235\377\267\002\003\001\000\001\243\102
+\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003
+\001\001\377\060\035\006\003\125\035\016\004\026\004\024\266\241
+\124\071\002\303\240\077\216\212\274\372\324\370\034\246\321\072
+\016\375\060\016\006\003\125\035\017\001\001\377\004\004\003\002
+\001\006\060\015\006\011\052\206\110\206\367\015\001\001\015\005
+\000\003\202\002\001\000\161\245\016\316\344\351\277\077\070\325
+\211\132\304\002\141\373\114\305\024\027\055\213\117\123\153\020
+\027\374\145\204\307\020\111\220\336\333\307\046\223\210\046\157
+\160\326\002\136\071\240\367\217\253\226\265\245\023\134\201\024
+\155\016\201\202\021\033\212\116\306\117\245\335\142\036\104\337
+\011\131\364\133\167\013\067\351\213\040\306\370\012\116\056\130
+\034\353\063\320\317\206\140\311\332\373\200\057\236\114\140\204
+\170\075\041\144\326\373\101\037\030\017\347\311\165\161\275\275
+\134\336\064\207\076\101\260\016\366\271\326\077\011\023\226\024
+\057\336\232\035\132\271\126\316\065\072\260\137\160\115\136\343
+\051\361\043\050\162\131\266\253\302\214\146\046\034\167\054\046
+\166\065\213\050\247\151\240\371\073\365\043\335\205\020\164\311
+\220\003\126\221\347\257\272\107\324\022\227\021\042\343\242\111
+\224\154\347\267\224\113\272\055\244\332\063\213\114\246\104\377
+\132\074\306\035\144\330\265\061\344\246\074\172\250\127\013\333
+\355\141\032\313\361\316\163\167\143\244\207\157\114\121\070\326
+\344\137\307\237\266\201\052\344\205\110\171\130\136\073\370\333
+\002\202\147\301\071\333\303\164\113\075\066\036\371\051\223\210
+\150\133\250\104\031\041\360\247\350\201\015\054\350\223\066\264
+\067\262\312\260\033\046\172\232\045\037\232\232\200\236\113\052
+\077\373\243\232\376\163\062\161\302\236\306\162\341\212\150\047
+\361\344\017\264\304\114\245\141\223\370\227\020\007\052\060\045
+\251\271\310\161\270\357\150\314\055\176\365\340\176\017\202\250
+\157\266\272\154\203\103\167\315\212\222\027\241\236\133\170\026
+\075\105\342\063\162\335\341\146\312\231\323\311\305\046\375\015
+\150\004\106\256\266\331\233\214\276\031\276\261\306\362\031\343
+\134\002\312\054\330\157\112\007\331\311\065\332\100\165\362\304
+\247\031\157\236\102\020\230\165\346\225\213\140\274\355\305\022
+\327\212\316\325\230\134\126\226\003\305\356\167\006\065\377\317
+\344\356\077\023\141\356\333\332\055\205\360\315\256\235\262\030
+\011\105\303\222\241\162\027\374\107\266\240\013\054\361\304\336
+\103\150\010\152\137\073\360\166\143\373\314\006\054\246\306\342
+\016\265\271\276\044\217
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Certum Trusted Network CA 2"
+# Issuer: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Serial Number:21:d6:d0:4a:4f:25:0f:c9:32:37:fc:aa:5e:12:8d:e9
+# Subject: CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
+# Not Valid Before: Thu Oct 06 08:39:56 2011
+# Not Valid After : Sat Oct 06 08:39:56 2046
+# Fingerprint (SHA-256): B6:76:F2:ED:DA:E8:77:5C:D3:6C:B0:F6:3C:D1:D4:60:39:61:F4:9E:62:65:BA:01:3A:2F:03:07:B6:D0:B8:04
+# Fingerprint (SHA1): D3:DD:48:3E:2B:BF:4C:05:E8:AF:10:F5:FA:76:26:CF:D3:DC:30:92
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certum Trusted Network CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\323\335\110\076\053\277\114\005\350\257\020\365\372\166\046\317
+\323\334\060\222
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\155\106\236\331\045\155\010\043\133\136\164\175\036\047\333\362
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\200\061\013\060\011\006\003\125\004\006\023\002\120\114
+\061\042\060\040\006\003\125\004\012\023\031\125\156\151\172\145
+\164\157\040\124\145\143\150\156\157\154\157\147\151\145\163\040
+\123\056\101\056\061\047\060\045\006\003\125\004\013\023\036\103
+\145\162\164\165\155\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\061\044\060
+\042\006\003\125\004\003\023\033\103\145\162\164\165\155\040\124
+\162\165\163\164\145\144\040\116\145\164\167\157\162\153\040\103
+\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\041\326\320\112\117\045\017\311\062\067\374\252\136\022
+\215\351
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Hellenic Academic and Research Institutions RootCA 2015"
+#
+# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Serial Number: 0 (0x0)
+# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Not Valid Before: Tue Jul 07 10:11:21 2015
+# Not Valid After : Sat Jun 30 10:11:21 2040
+# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36
+# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156
+\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154
+\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156
+\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151
+\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165
+\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003
+\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145
+\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150
+\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157
+\157\164\103\101\040\062\060\061\065
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156
+\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154
+\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156
+\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151
+\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165
+\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003
+\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145
+\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150
+\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157
+\157\164\103\101\040\062\060\061\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\013\060\202\003\363\240\003\002\001\002\002\001\000
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156\163
+\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154\145
+\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144
+\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164
+\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165\164
+\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003\023
+\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145\155
+\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150\040
+\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157\157
+\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060\067
+\060\067\061\060\061\061\062\061\132\027\015\064\060\060\066\063
+\060\061\060\061\061\062\061\132\060\201\246\061\013\060\011\006
+\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125\004
+\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003\125
+\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143\141
+\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141\162
+\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163\040
+\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171\061
+\100\060\076\006\003\125\004\003\023\067\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\122\157\157\164\103\101\040\062\060\061
+\065\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\302\370\251\077\033\211\374\074\074\004\135\075\220\066
+\260\221\072\171\074\146\132\357\155\071\001\111\032\264\267\317
+\177\115\043\123\267\220\000\343\023\052\050\246\061\361\221\000
+\343\050\354\256\041\101\316\037\332\375\175\022\133\001\203\017
+\271\260\137\231\341\362\022\203\200\115\006\076\337\254\257\347
+\241\210\153\061\257\360\213\320\030\063\270\333\105\152\064\364
+\002\200\044\050\012\002\025\225\136\166\052\015\231\072\024\133
+\366\313\313\123\274\023\115\001\210\067\224\045\033\102\274\042
+\330\216\243\226\136\072\331\062\333\076\350\360\020\145\355\164
+\341\057\247\174\257\047\064\273\051\175\233\266\317\011\310\345
+\323\012\374\210\145\145\164\012\334\163\034\134\315\100\261\034
+\324\266\204\214\114\120\317\150\216\250\131\256\302\047\116\202
+\242\065\335\024\364\037\377\262\167\325\207\057\252\156\175\044
+\047\347\306\313\046\346\345\376\147\007\143\330\105\015\335\072
+\131\145\071\130\172\222\231\162\075\234\204\136\210\041\270\325
+\364\054\374\331\160\122\117\170\270\275\074\053\213\225\230\365
+\263\321\150\317\040\024\176\114\134\137\347\213\345\365\065\201
+\031\067\327\021\010\267\146\276\323\112\316\203\127\000\072\303
+\201\370\027\313\222\066\135\321\243\330\165\033\341\213\047\352
+\172\110\101\375\105\031\006\255\047\231\116\301\160\107\335\265
+\237\201\123\022\345\261\214\110\135\061\103\027\343\214\306\172
+\143\226\113\051\060\116\204\116\142\031\136\074\316\227\220\245
+\177\001\353\235\340\370\213\211\335\045\230\075\222\266\176\357
+\331\361\121\121\175\055\046\310\151\131\141\340\254\152\270\052
+\066\021\004\172\120\275\062\204\276\057\334\162\325\327\035\026
+\107\344\107\146\040\077\364\226\305\257\216\001\172\245\017\172
+\144\365\015\030\207\331\256\210\325\372\204\301\072\300\151\050
+\055\362\015\150\121\252\343\245\167\306\244\220\016\241\067\213
+\061\043\107\301\011\010\353\156\367\170\233\327\202\374\204\040
+\231\111\031\266\022\106\261\373\105\125\026\251\243\145\254\234
+\007\017\352\153\334\037\056\006\162\354\206\210\022\344\055\333
+\137\005\057\344\360\003\323\046\063\347\200\302\315\102\241\027
+\064\013\002\003\001\000\001\243\102\060\100\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003
+\125\035\016\004\026\004\024\161\025\147\310\310\311\275\165\135
+\162\320\070\030\152\235\363\161\044\124\013\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\165
+\273\155\124\113\252\020\130\106\064\362\142\327\026\066\135\010
+\136\325\154\310\207\275\264\056\106\362\061\370\174\352\102\265
+\223\026\125\334\241\014\022\240\332\141\176\017\130\130\163\144
+\162\307\350\105\216\334\251\362\046\077\306\171\214\261\123\010
+\063\201\260\126\023\276\346\121\134\330\233\012\117\113\234\126
+\123\002\351\117\366\015\140\352\115\102\125\350\174\033\041\041
+\323\033\072\314\167\362\270\220\361\150\307\371\132\376\372\055
+\364\277\311\365\105\033\316\070\020\052\067\212\171\243\264\343
+\011\154\205\206\223\377\211\226\047\170\201\217\147\343\106\164
+\124\216\331\015\151\342\112\364\115\164\003\377\262\167\355\225
+\147\227\344\261\305\253\277\152\043\350\324\224\342\104\050\142
+\304\113\342\360\330\342\051\153\032\160\176\044\141\223\173\117
+\003\062\045\015\105\044\053\226\264\106\152\277\112\013\367\232
+\217\301\254\032\305\147\363\157\064\322\372\163\143\214\357\026
+\260\250\244\106\052\370\353\022\354\162\264\357\370\053\176\214
+\122\300\213\204\124\371\057\076\343\125\250\334\146\261\331\341
+\137\330\263\214\131\064\131\244\253\117\154\273\037\030\333\165
+\253\330\313\222\315\224\070\141\016\007\006\037\113\106\020\361
+\025\276\215\205\134\073\112\053\201\171\017\264\151\237\111\120
+\227\115\367\016\126\135\300\225\152\302\066\303\033\150\311\365
+\052\334\107\232\276\262\316\305\045\350\372\003\271\332\371\026
+\156\221\204\365\034\050\310\374\046\314\327\034\220\126\247\137
+\157\072\004\274\315\170\211\013\216\017\057\243\252\117\242\033
+\022\075\026\010\100\017\361\106\114\327\252\173\010\301\012\365
+\155\047\336\002\217\312\303\265\053\312\351\353\310\041\123\070
+\245\314\073\330\167\067\060\242\117\331\157\321\362\100\255\101
+\172\027\305\326\112\065\211\267\101\325\174\206\177\125\115\203
+\112\245\163\040\300\072\257\220\361\232\044\216\331\216\161\312
+\173\270\206\332\262\217\231\076\035\023\015\022\021\356\324\253
+\360\351\025\166\002\344\340\337\252\040\036\133\141\205\144\100
+\251\220\227\015\255\123\322\132\035\207\152\000\227\145\142\264
+\276\157\152\247\365\054\102\355\062\255\266\041\236\276\274
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Hellenic Academic and Research Institutions RootCA 2015"
+# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Serial Number: 0 (0x0)
+# Subject: CN=Hellenic Academic and Research Institutions RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Not Valid Before: Tue Jul 07 10:11:21 2015
+# Not Valid After : Sat Jun 30 10:11:21 2040
+# Fingerprint (SHA-256): A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36
+# Fingerprint (SHA1): 01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hellenic Academic and Research Institutions RootCA 2015"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\001\014\006\225\246\230\031\024\377\277\137\306\260\266\225\352
+\051\351\022\246
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\312\377\342\333\003\331\313\113\351\017\255\204\375\173\030\316
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\246\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156
+\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154
+\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156
+\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151
+\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165
+\164\150\157\162\151\164\171\061\100\060\076\006\003\125\004\003
+\023\067\110\145\154\154\145\156\151\143\040\101\143\141\144\145
+\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150
+\040\111\156\163\164\151\164\165\164\151\157\156\163\040\122\157
+\157\164\103\101\040\062\060\061\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Hellenic Academic and Research Institutions ECC RootCA 2015"
+#
+# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Serial Number: 0 (0x0)
+# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Not Valid Before: Tue Jul 07 10:37:12 2015
+# Not Valid After : Sat Jun 30 10:37:12 2040
+# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33
+# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156
+\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154
+\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156
+\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151
+\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165
+\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003
+\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145
+\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150
+\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103
+\103\040\122\157\157\164\103\101\040\062\060\061\065
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156
+\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154
+\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156
+\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151
+\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165
+\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003
+\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145
+\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150
+\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103
+\103\040\122\157\157\164\103\101\040\062\060\061\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\303\060\202\002\112\240\003\002\001\002\002\001\000
+\060\012\006\010\052\206\110\316\075\004\003\002\060\201\252\061
+\013\060\011\006\003\125\004\006\023\002\107\122\061\017\060\015
+\006\003\125\004\007\023\006\101\164\150\145\156\163\061\104\060
+\102\006\003\125\004\012\023\073\110\145\154\154\145\156\151\143
+\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145
+\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151
+\157\156\163\040\103\145\162\164\056\040\101\165\164\150\157\162
+\151\164\171\061\104\060\102\006\003\125\004\003\023\073\110\145
+\154\154\145\156\151\143\040\101\143\141\144\145\155\151\143\040
+\141\156\144\040\122\145\163\145\141\162\143\150\040\111\156\163
+\164\151\164\165\164\151\157\156\163\040\105\103\103\040\122\157
+\157\164\103\101\040\062\060\061\065\060\036\027\015\061\065\060
+\067\060\067\061\060\063\067\061\062\132\027\015\064\060\060\066
+\063\060\061\060\063\067\061\062\132\060\201\252\061\013\060\011
+\006\003\125\004\006\023\002\107\122\061\017\060\015\006\003\125
+\004\007\023\006\101\164\150\145\156\163\061\104\060\102\006\003
+\125\004\012\023\073\110\145\154\154\145\156\151\143\040\101\143
+\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141
+\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163
+\040\103\145\162\164\056\040\101\165\164\150\157\162\151\164\171
+\061\104\060\102\006\003\125\004\003\023\073\110\145\154\154\145
+\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144
+\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164
+\165\164\151\157\156\163\040\105\103\103\040\122\157\157\164\103
+\101\040\062\060\061\065\060\166\060\020\006\007\052\206\110\316
+\075\002\001\006\005\053\201\004\000\042\003\142\000\004\222\240
+\101\350\113\202\204\134\342\370\061\021\231\206\144\116\011\045
+\057\235\101\057\012\256\065\117\164\225\262\121\144\153\215\153
+\346\077\160\225\360\005\104\107\246\162\070\120\166\225\002\132
+\216\256\050\236\371\055\116\231\357\054\110\157\114\045\051\350
+\321\161\133\337\035\301\165\067\264\327\372\173\172\102\234\152
+\012\126\132\174\151\013\252\200\011\044\154\176\301\106\243\102
+\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003
+\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\035\006\003\125\035\016\004\026\004\024\264\042
+\013\202\231\044\001\016\234\273\344\016\375\277\373\227\040\223
+\231\052\060\012\006\010\052\206\110\316\075\004\003\002\003\147
+\000\060\144\002\060\147\316\026\142\070\242\254\142\105\247\251
+\225\044\300\032\047\234\062\073\300\300\325\272\251\347\370\004
+\103\123\205\356\122\041\336\235\365\045\203\076\236\130\113\057
+\327\147\023\016\041\002\060\005\341\165\001\336\150\355\052\037
+\115\114\011\010\015\354\113\255\144\027\050\347\165\316\105\145
+\162\041\027\313\042\101\016\214\023\230\070\232\124\155\233\312
+\342\174\352\002\130\042\221
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Hellenic Academic and Research Institutions ECC RootCA 2015"
+# Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Serial Number: 0 (0x0)
+# Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015,O=Hellenic Academic and Research Institutions Cert. Authority,L=Athens,C=GR
+# Not Valid Before: Tue Jul 07 10:37:12 2015
+# Not Valid After : Sat Jun 30 10:37:12 2040
+# Fingerprint (SHA-256): 44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33
+# Fingerprint (SHA1): 9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Hellenic Academic and Research Institutions ECC RootCA 2015"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\237\361\161\215\222\325\232\363\175\164\227\264\274\157\204\150
+\013\272\266\146
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\201\345\264\027\353\302\365\341\113\015\101\173\111\222\376\357
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\252\061\013\060\011\006\003\125\004\006\023\002\107\122
+\061\017\060\015\006\003\125\004\007\023\006\101\164\150\145\156
+\163\061\104\060\102\006\003\125\004\012\023\073\110\145\154\154
+\145\156\151\143\040\101\143\141\144\145\155\151\143\040\141\156
+\144\040\122\145\163\145\141\162\143\150\040\111\156\163\164\151
+\164\165\164\151\157\156\163\040\103\145\162\164\056\040\101\165
+\164\150\157\162\151\164\171\061\104\060\102\006\003\125\004\003
+\023\073\110\145\154\154\145\156\151\143\040\101\143\141\144\145
+\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143\150
+\040\111\156\163\164\151\164\165\164\151\157\156\163\040\105\103
+\103\040\122\157\157\164\103\101\040\062\060\061\065
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\001\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certplus Root CA G1"
+#
+# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR
+# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11
+# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E
+# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certplus Root CA G1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267
+\054\334\106\021
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\153\060\202\003\123\240\003\002\001\002\002\022\021
+\040\125\203\344\055\076\124\126\205\055\203\067\267\054\334\106
+\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
+\060\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060
+\132\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\332\120\207\266\332\270\251\076\235\144\372\126\063\232\126
+\075\026\345\003\225\262\064\034\232\155\142\005\324\330\217\347
+\211\144\237\272\333\144\213\144\346\171\052\141\315\257\217\132
+\211\221\145\271\130\374\264\003\137\221\077\055\020\025\340\176
+\317\274\374\177\103\147\250\255\136\066\043\330\230\263\115\363
+\103\236\071\174\052\374\354\210\325\210\356\160\275\205\026\055
+\352\113\211\074\243\161\102\376\034\375\323\034\055\020\270\206
+\124\352\103\270\333\306\207\332\250\256\200\045\317\172\046\035
+\252\221\260\110\157\256\265\336\236\330\327\372\000\375\306\217
+\320\121\273\142\175\244\261\214\262\377\040\021\272\065\143\005
+\206\107\140\103\063\220\366\107\242\003\117\226\115\235\117\301
+\352\352\234\242\376\064\056\336\267\312\033\166\244\267\255\237
+\351\250\324\170\077\170\376\362\070\011\066\035\322\026\002\310
+\354\052\150\257\365\216\224\357\055\023\172\036\102\112\035\025
+\061\256\014\004\127\374\141\163\363\061\126\206\061\200\240\304
+\021\156\060\166\343\224\360\137\004\304\254\207\162\211\230\305
+\235\314\127\010\232\364\014\374\175\172\005\072\372\107\200\071
+\266\317\204\023\167\157\047\352\377\226\147\027\010\155\351\015
+\326\043\120\060\260\025\164\023\076\345\057\377\016\315\304\013
+\112\135\360\330\000\063\111\146\353\241\030\174\131\056\075\050
+\271\141\161\313\265\245\272\270\352\334\342\160\157\010\152\334
+\207\147\064\357\337\060\162\335\363\311\077\043\377\065\341\276
+\041\051\040\060\201\344\031\245\040\351\045\312\163\061\164\051
+\276\342\102\325\363\262\046\146\307\150\375\031\263\347\040\223
+\231\350\135\340\136\207\347\106\350\045\234\012\051\044\324\315
+\130\206\122\100\044\262\173\017\230\022\040\044\366\220\154\107
+\310\015\273\030\040\056\331\375\374\213\362\051\352\207\164\225
+\340\102\120\170\204\004\101\141\260\364\041\043\217\055\313\050
+\041\362\152\154\364\032\246\305\024\264\067\145\117\225\375\200
+\310\370\162\345\045\153\304\140\261\173\155\216\112\212\163\316
+\131\373\160\172\163\006\023\331\323\164\067\044\101\012\021\157
+\227\334\347\344\176\241\275\025\362\272\207\017\075\150\212\026
+\007\002\003\001\000\001\243\143\060\141\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
+\035\016\004\026\004\024\250\301\300\233\221\250\103\025\174\135
+\006\047\264\052\121\330\227\013\201\261\060\037\006\003\125\035
+\043\004\030\060\026\200\024\250\301\300\233\221\250\103\025\174
+\135\006\047\264\052\121\330\227\013\201\261\060\015\006\011\052
+\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000\234
+\126\157\001\176\321\275\114\365\212\306\360\046\037\344\340\070
+\030\314\062\303\051\073\235\101\051\064\141\306\327\360\000\241
+\353\244\162\217\224\027\274\023\054\165\264\127\356\012\174\011
+\172\334\325\312\241\320\064\023\370\167\253\237\345\376\330\036
+\164\212\205\007\217\177\314\171\172\312\226\315\315\375\117\373
+\375\043\015\220\365\364\136\323\306\141\175\236\021\340\002\356
+\011\004\331\007\335\246\212\267\014\203\044\273\203\120\222\376
+\140\165\021\076\330\235\260\212\172\265\340\235\233\313\220\122
+\113\260\223\052\324\076\026\063\345\236\306\145\025\076\144\073
+\004\077\333\014\217\137\134\035\151\037\257\363\351\041\214\363
+\357\227\366\232\267\031\266\204\164\234\243\124\265\160\116\143
+\330\127\135\123\041\233\100\222\103\372\326\167\125\063\117\144
+\325\373\320\054\152\216\155\045\246\357\205\350\002\304\123\076
+\271\236\207\274\314\065\032\336\241\351\212\143\207\145\036\021
+\052\333\143\167\227\024\276\232\024\231\021\262\300\356\260\117
+\370\024\041\062\103\117\237\253\242\313\250\017\252\073\006\125
+\306\022\051\127\010\324\067\327\207\047\255\111\131\247\221\253
+\104\172\136\215\160\333\227\316\110\120\261\163\223\366\360\203
+\140\371\315\361\341\061\375\133\174\161\041\143\024\024\252\257
+\305\336\223\176\150\261\354\042\242\252\220\165\236\265\103\162
+\352\144\243\204\113\375\014\250\046\153\161\227\356\126\143\146
+\350\102\124\371\307\035\337\320\217\133\337\310\060\157\210\376
+\015\304\063\034\123\250\243\375\110\020\362\344\012\116\341\025
+\127\374\156\144\060\302\125\021\334\352\251\315\112\124\254\051
+\143\104\317\112\100\240\326\150\131\033\063\371\357\072\213\333
+\040\222\334\102\204\277\001\253\207\300\325\040\202\333\306\271
+\203\205\102\134\017\103\073\152\111\065\325\230\364\025\277\372
+\141\201\014\011\040\030\322\320\027\014\313\110\000\120\351\166
+\202\214\144\327\072\240\007\125\314\036\061\300\357\072\264\145
+\373\343\277\102\153\236\017\250\275\153\230\334\330\333\313\213
+\244\335\327\131\364\156\335\376\252\303\221\320\056\102\007\300
+\014\115\123\315\044\261\114\133\036\121\364\337\351\222\372
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Certplus Root CA G1"
+# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR
+# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11
+# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E
+# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certplus Root CA G1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\042\375\320\267\375\242\116\015\254\111\054\240\254\246\173\152
+\037\343\367\146
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\177\011\234\367\331\271\134\151\151\126\325\067\076\024\015\102
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267
+\054\334\106\021
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certplus Root CA G2"
+#
+# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR
+# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55
+# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17
+# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certplus Root CA G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257
+\317\163\274\125
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\034\060\202\001\242\240\003\002\001\002\002\022\021
+\040\331\221\316\256\243\350\305\347\377\351\002\257\317\163\274
+\125\060\012\006\010\052\206\110\316\075\004\003\003\060\076\061
+\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017
+\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061
+\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154
+\165\163\040\122\157\157\164\040\103\101\040\107\062\060\036\027
+\015\061\064\060\065\062\066\060\060\060\060\060\060\132\027\015
+\063\070\060\061\061\065\060\060\060\060\060\060\132\060\076\061
+\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017
+\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061
+\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154
+\165\163\040\122\157\157\164\040\103\101\040\107\062\060\166\060
+\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000
+\042\003\142\000\004\315\017\133\126\202\337\360\105\032\326\255
+\367\171\360\035\311\254\226\326\236\116\234\037\264\102\021\312
+\206\277\155\373\205\243\305\345\031\134\327\356\246\077\151\147
+\330\170\342\246\311\304\333\055\171\056\347\213\215\002\157\061
+\042\115\006\343\140\162\105\235\016\102\167\236\316\317\345\177
+\205\233\030\344\374\314\056\162\323\026\223\116\312\231\143\134
+\241\005\052\154\006\243\143\060\141\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
+\016\004\026\004\024\332\203\143\002\171\216\332\114\306\074\043
+\024\330\217\303\040\253\050\140\131\060\037\006\003\125\035\043
+\004\030\060\026\200\024\332\203\143\002\171\216\332\114\306\074
+\043\024\330\217\303\040\253\050\140\131\060\012\006\010\052\206
+\110\316\075\004\003\003\003\150\000\060\145\002\060\160\376\260
+\013\331\367\203\227\354\363\125\035\324\334\263\006\016\376\063
+\230\235\213\071\220\153\224\041\355\266\327\135\326\114\327\041
+\247\347\277\041\017\053\315\367\052\334\205\007\235\002\061\000
+\206\024\026\345\334\260\145\302\300\216\024\237\277\044\026\150
+\345\274\371\171\151\334\255\105\053\367\266\061\163\314\006\245
+\123\223\221\032\223\256\160\152\147\272\327\236\345\141\032\137
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Certplus Root CA G2"
+# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR
+# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55
+# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17
+# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certplus Root CA G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\117\145\216\037\351\006\330\050\002\351\124\107\101\311\124\045
+\135\151\314\032
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\247\356\304\170\055\033\356\055\271\051\316\326\247\226\062\061
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
+\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
+\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257
+\317\163\274\125
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "OpenTrust Root CA G1"
+#
+# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
+# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67
+# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
+# Not Valid Before: Mon May 26 08:45:50 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4
+# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OpenTrust Root CA G1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237
+\153\143\216\147
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021
+\040\263\220\125\071\175\177\066\155\144\302\247\237\153\143\216
+\147\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\061\060\036\027\015\061\064\060\065\062\066\060\070\064\065
+\065\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060
+\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106
+\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156
+\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024
+\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103
+\101\040\107\061\060\202\002\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
+\002\202\002\001\000\370\171\106\332\226\305\060\136\212\161\003
+\055\160\244\273\260\305\010\334\315\346\065\300\200\244\021\055
+\335\346\207\256\135\075\221\322\207\154\067\267\332\142\236\233
+\302\044\327\217\361\333\246\246\337\106\157\121\246\161\313\076
+\033\061\147\142\367\021\133\064\047\325\171\116\214\233\130\275
+\042\020\015\134\047\014\335\060\345\250\323\135\041\070\164\027
+\376\343\037\266\117\073\153\055\333\175\140\037\214\175\114\005
+\302\353\001\026\025\230\024\216\321\220\167\042\077\354\302\071
+\270\171\072\360\111\044\342\225\221\334\141\064\222\214\124\164
+\357\261\175\214\001\342\070\175\301\137\152\137\044\262\216\142
+\027\255\171\040\255\253\035\267\340\264\226\110\117\146\103\020
+\006\026\044\003\341\340\234\216\306\106\117\216\032\231\341\217
+\271\216\063\154\151\336\130\255\240\016\247\144\124\021\151\104
+\146\117\114\022\247\216\054\175\304\324\133\305\000\064\060\301
+\331\231\376\062\316\007\204\264\116\315\012\377\066\115\142\361
+\247\143\127\344\333\152\247\256\277\053\271\311\346\262\047\211
+\345\176\232\034\115\150\306\301\030\336\063\053\121\106\113\034
+\216\367\075\014\371\212\064\024\304\373\063\065\043\361\314\361
+\052\307\245\273\260\242\316\376\123\153\115\101\033\146\050\262
+\226\372\247\256\012\116\271\071\063\104\234\164\301\223\034\370
+\340\236\044\045\103\361\233\043\202\252\337\054\040\260\334\066
+\116\003\263\174\002\324\346\173\032\252\207\023\277\076\241\164
+\273\233\016\341\300\223\237\327\244\146\312\273\033\073\343\060
+\364\063\131\212\007\162\003\125\347\163\152\003\061\156\157\226
+\033\343\242\237\257\222\307\355\365\102\267\045\114\073\023\004
+\317\034\226\257\034\042\243\320\253\005\262\114\022\043\122\334
+\375\031\133\047\234\036\073\172\375\102\043\333\043\200\023\360
+\274\121\025\124\224\246\167\076\320\164\121\275\121\024\010\071
+\067\313\037\064\251\060\235\122\204\056\125\220\261\272\337\125
+\000\013\330\126\055\261\111\111\162\200\251\142\327\300\366\030
+\021\004\125\315\164\173\317\141\160\171\364\173\054\134\134\222
+\374\345\270\132\253\114\223\225\241\047\356\245\276\317\161\043
+\102\272\233\166\055\002\003\001\000\001\243\143\060\141\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\227\106\041\127\041\065
+\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060\037
+\006\003\125\035\043\004\030\060\026\200\024\227\106\041\127\041
+\065\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
+\002\001\000\035\335\002\140\174\340\065\247\346\230\173\352\104
+\316\147\100\117\362\223\156\146\324\071\211\046\254\323\115\004
+\074\273\207\041\077\067\364\161\045\332\113\272\253\226\202\201
+\221\266\355\331\261\244\145\227\342\157\144\131\244\226\356\140
+\312\037\043\373\105\272\377\217\044\360\312\251\061\177\171\037
+\200\263\055\062\272\144\147\140\257\271\131\315\337\232\111\323
+\250\202\261\371\230\224\212\314\340\273\340\004\033\231\140\261
+\106\145\334\010\242\262\106\236\104\210\352\223\176\127\026\322
+\025\162\137\056\113\253\324\235\143\270\343\110\345\376\204\056
+\130\012\237\103\035\376\267\030\222\206\103\113\016\234\062\206
+\054\140\365\351\110\352\225\355\160\051\361\325\057\375\065\264
+\127\317\333\205\110\231\271\302\157\154\217\315\170\225\254\144
+\050\375\126\260\303\157\303\276\131\122\341\137\204\217\200\362
+\364\015\066\255\166\263\243\265\341\144\166\072\130\334\175\117
+\136\126\154\345\125\131\127\245\337\361\212\146\060\214\324\122
+\142\070\167\264\276\050\327\312\066\304\233\005\360\370\025\333
+\333\361\357\064\235\035\170\112\210\126\147\156\140\377\217\310
+\213\341\216\275\102\251\063\012\131\102\022\022\052\372\261\235
+\103\216\005\233\231\332\142\255\127\066\263\035\266\015\171\055
+\226\270\353\362\014\113\014\245\224\306\060\247\046\031\055\355
+\114\006\120\060\361\375\130\075\271\113\027\137\031\264\152\204
+\124\264\070\117\071\242\015\226\150\303\050\224\375\355\055\037
+\112\153\103\226\056\220\001\020\373\070\246\201\013\320\277\165
+\323\324\271\316\361\077\157\016\034\036\067\161\345\030\207\165
+\031\077\120\271\136\244\105\064\255\260\312\346\345\023\166\017
+\061\024\251\216\055\224\326\325\205\115\163\025\117\113\362\262
+\076\355\154\275\375\016\235\146\163\260\075\264\367\277\250\340
+\021\244\304\256\165\011\112\143\000\110\040\246\306\235\013\011
+\212\264\340\346\316\076\307\076\046\070\351\053\336\246\010\111
+\003\004\220\212\351\217\277\350\266\264\052\243\043\215\034\034
+\262\071\222\250\217\002\134\100\071\165\324\163\101\002\167\336
+\315\340\103\207\326\344\272\112\303\154\022\177\376\052\346\043
+\326\214\161
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "OpenTrust Root CA G1"
+# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
+# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67
+# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
+# Not Valid Before: Mon May 26 08:45:50 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4
+# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OpenTrust Root CA G1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\171\221\350\064\367\342\356\335\010\225\001\122\351\125\055\024
+\351\130\325\176
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\166\000\314\201\051\315\125\136\210\152\172\056\367\115\071\332
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237
+\153\143\216\147
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "OpenTrust Root CA G2"
+#
+# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
+# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11
+# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2
+# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OpenTrust Root CA G2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350
+\110\277\046\021
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021
+\040\241\151\033\277\275\271\275\122\226\217\043\350\110\277\046
+\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\062\060\036\027\015\061\064\060\065\062\066\060\060\060\060
+\060\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060
+\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106
+\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156
+\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024
+\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103
+\101\040\107\062\060\202\002\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
+\002\202\002\001\000\314\266\127\245\063\224\020\201\062\123\337
+\141\176\017\166\071\317\134\302\123\165\035\111\172\226\070\335
+\242\163\152\361\157\336\136\242\132\271\161\041\276\066\331\241
+\374\274\356\154\250\174\064\032\161\032\350\032\330\137\016\104
+\006\355\247\340\363\322\141\013\340\062\242\226\321\070\360\302
+\332\001\027\374\344\254\117\350\356\211\036\164\253\117\277\036
+\011\266\066\152\126\363\341\356\226\211\146\044\006\344\315\102
+\072\112\335\340\232\260\304\202\105\263\376\311\253\134\174\076
+\311\353\027\057\014\175\156\256\245\217\310\254\045\012\157\372
+\325\105\230\322\065\011\366\003\103\224\376\331\277\040\225\171
+\200\230\212\331\211\065\273\121\033\244\067\175\374\231\073\253
+\377\277\254\015\217\103\261\231\173\026\020\176\035\157\107\304
+\025\217\004\226\010\006\102\004\370\204\326\035\274\221\246\102
+\276\111\325\152\210\077\274\055\121\321\236\215\340\122\314\127
+\335\065\065\130\333\264\217\044\210\344\213\337\334\153\124\322
+\201\053\262\316\222\113\034\037\106\372\035\330\222\313\166\147
+\265\011\231\011\345\254\027\024\125\160\306\074\240\126\012\003
+\263\334\142\031\337\310\265\060\177\365\074\046\165\021\275\327
+\033\263\207\236\007\257\145\161\345\240\317\032\247\011\020\035
+\223\211\146\133\350\074\142\062\265\265\072\156\351\205\001\213
+\236\103\214\147\163\050\131\133\353\343\334\054\314\245\046\162
+\142\022\264\346\234\203\104\366\121\244\342\300\172\044\127\312
+\016\245\077\072\265\073\213\345\166\356\160\346\222\336\026\134
+\050\133\227\031\047\222\376\172\222\124\316\223\071\012\026\207
+\274\143\263\365\261\223\134\340\156\267\320\352\371\142\062\210
+\104\373\277\047\050\266\060\225\135\022\050\271\225\276\217\123
+\030\345\242\030\026\342\126\244\262\054\020\365\035\067\246\370
+\267\366\320\131\134\211\367\302\325\265\224\164\321\325\376\033
+\266\360\346\326\036\173\322\074\313\250\343\365\030\363\041\037
+\156\357\115\150\006\173\055\135\156\103\211\246\300\371\240\277
+\202\036\317\123\177\264\353\054\333\135\366\152\175\100\044\005
+\162\211\070\001\223\313\161\302\071\135\006\021\366\157\170\370
+\067\015\071\204\047\002\003\001\000\001\243\143\060\141\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\152\071\372\102\042\367
+\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060\037
+\006\003\125\035\043\004\030\060\026\200\024\152\071\372\102\042
+\367\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060
+\015\006\011\052\206\110\206\367\015\001\001\015\005\000\003\202
+\002\001\000\230\313\253\100\074\345\063\002\227\177\055\207\246
+\217\324\136\112\257\270\036\347\273\161\373\200\144\045\251\263
+\032\076\150\135\047\046\247\272\052\341\360\127\203\012\144\117
+\036\042\164\033\351\220\137\360\254\317\377\117\150\172\070\244
+\020\154\015\261\307\244\167\200\030\266\242\050\104\166\247\064
+\235\161\204\057\312\131\322\107\210\231\101\042\311\060\230\141
+\156\075\250\250\005\155\321\037\300\121\104\126\177\047\065\002
+\335\136\230\012\102\353\060\277\215\241\233\121\252\073\352\223
+\106\144\305\000\171\336\041\153\366\127\240\206\327\006\162\354
+\160\106\113\213\163\335\240\041\165\076\334\035\300\217\323\117
+\163\034\205\331\376\177\142\310\225\157\266\323\173\214\272\123
+\302\157\233\104\114\171\320\035\160\263\327\237\002\364\262\007
+\260\307\345\370\255\043\016\246\126\311\051\022\167\110\331\057
+\106\375\073\360\374\164\160\222\245\216\070\010\037\144\060\266
+\267\113\373\066\254\020\216\240\122\063\143\235\003\065\126\305
+\151\275\306\043\132\047\224\366\244\022\370\055\063\074\241\126
+\245\137\326\031\351\355\174\010\275\167\315\047\144\314\224\332
+\116\106\120\207\340\371\301\123\200\036\273\255\373\107\122\213
+\033\375\242\371\336\016\042\267\075\063\131\154\324\336\365\225
+\006\062\015\121\031\101\134\076\117\006\367\271\053\200\047\366
+\243\252\172\174\006\341\103\303\023\071\142\032\066\275\340\050
+\056\224\002\344\051\056\140\125\256\100\075\260\164\222\136\360
+\040\144\226\077\137\105\135\210\265\212\332\002\240\133\105\124
+\336\070\075\011\300\250\112\145\106\026\374\252\277\124\116\115
+\133\276\070\103\267\050\312\213\063\252\032\045\272\045\134\051
+\057\133\112\156\214\352\055\234\052\366\005\166\340\167\227\200
+\210\335\147\023\157\035\150\044\213\117\267\164\201\345\364\140
+\237\172\125\327\076\067\332\026\153\076\167\254\256\030\160\225
+\010\171\051\003\212\376\301\073\263\077\032\017\244\073\136\037
+\130\241\225\311\253\057\163\112\320\055\156\232\131\017\125\030
+\170\055\074\121\246\227\213\346\273\262\160\252\114\021\336\377
+\174\053\067\324\172\321\167\064\217\347\371\102\367\074\201\014
+\113\122\012
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "OpenTrust Root CA G2"
+# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
+# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11
+# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2
+# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OpenTrust Root CA G2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\171\137\210\140\305\253\174\075\222\346\313\364\215\341\105\315
+\021\357\140\013
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\127\044\266\131\044\153\256\310\376\034\014\040\362\300\116\353
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350
+\110\277\046\021
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "OpenTrust Root CA G3"
+#
+# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
+# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f
+# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92
+# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OpenTrust Root CA G3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203
+\033\064\140\077
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\041\060\202\001\246\240\003\002\001\002\002\022\021
+\040\346\370\114\374\044\260\276\005\100\254\332\203\033\064\140
+\077\060\012\006\010\052\206\110\316\075\004\003\003\060\100\061
+\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020
+\006\003\125\004\012\014\011\117\160\145\156\124\162\165\163\164
+\061\035\060\033\006\003\125\004\003\014\024\117\160\145\156\124
+\162\165\163\164\040\122\157\157\164\040\103\101\040\107\063\060
+\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060\132
+\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132\060
+\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022
+\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162\165
+\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160\145
+\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040\107
+\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
+\053\201\004\000\042\003\142\000\004\112\356\130\256\115\312\146
+\336\006\072\243\021\374\340\030\360\156\034\272\055\060\014\211
+\331\326\356\233\163\203\251\043\025\214\057\131\212\132\335\024
+\352\235\131\053\103\267\006\354\062\266\272\356\101\265\255\135
+\241\205\314\352\035\024\146\243\147\176\106\342\224\363\347\266
+\126\241\025\131\241\117\067\227\271\042\036\275\021\353\364\262
+\037\136\303\024\232\345\331\227\231\243\143\060\141\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035
+\006\003\125\035\016\004\026\004\024\107\167\303\024\213\142\071
+\014\311\157\341\120\115\320\020\130\334\225\210\155\060\037\006
+\003\125\035\043\004\030\060\026\200\024\107\167\303\024\213\142
+\071\014\311\157\341\120\115\320\020\130\334\225\210\155\060\012
+\006\010\052\206\110\316\075\004\003\003\003\151\000\060\146\002
+\061\000\217\250\334\235\272\014\004\027\372\025\351\075\057\051
+\001\227\277\201\026\063\100\223\154\374\371\355\200\160\157\252
+\217\333\204\302\213\365\065\312\006\334\144\157\150\026\341\217
+\221\271\002\061\000\330\113\245\313\302\320\010\154\351\030\373
+\132\335\115\137\044\013\260\000\041\045\357\217\247\004\046\161
+\342\174\151\345\135\232\370\101\037\073\071\223\223\235\125\352
+\315\215\361\373\301
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "OpenTrust Root CA G3"
+# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
+# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f
+# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
+# Not Valid Before: Mon May 26 00:00:00 2014
+# Not Valid After : Fri Jan 15 00:00:00 2038
+# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92
+# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "OpenTrust Root CA G3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\156\046\144\363\126\277\064\125\277\321\223\077\174\001\336\330
+\023\332\212\246
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\041\067\264\027\026\222\173\147\106\160\251\226\327\250\023\044
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
+\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
+\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
+\107\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203
+\033\064\140\077
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ISRG Root X1"
+#
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ISRG Root X1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143
+\202\213\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\153\060\202\003\123\240\003\002\001\002\002\021\000
+\202\020\317\260\322\100\343\131\104\143\340\273\143\202\213\000
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061\051
+\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156\145
+\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145\141
+\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003\125
+\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130\061
+\060\036\027\015\061\065\060\066\060\064\061\061\060\064\063\070
+\132\027\015\063\065\060\066\060\064\061\061\060\064\063\070\132
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\255\350\044\163\364\024\067\363\233\236\053\127\050\034
+\207\276\334\267\337\070\220\214\156\074\346\127\240\170\367\165
+\302\242\376\365\152\156\366\000\117\050\333\336\150\206\154\104
+\223\266\261\143\375\024\022\153\277\037\322\352\061\233\041\176
+\321\063\074\272\110\365\335\171\337\263\270\377\022\361\041\232
+\113\301\212\206\161\151\112\146\146\154\217\176\074\160\277\255
+\051\042\006\363\344\300\346\200\256\342\113\217\267\231\176\224
+\003\237\323\107\227\174\231\110\043\123\350\070\256\117\012\157
+\203\056\321\111\127\214\200\164\266\332\057\320\070\215\173\003
+\160\041\033\165\362\060\074\372\217\256\335\332\143\253\353\026
+\117\302\216\021\113\176\317\013\350\377\265\167\056\364\262\173
+\112\340\114\022\045\014\160\215\003\051\240\341\123\044\354\023
+\331\356\031\277\020\263\112\214\077\211\243\141\121\336\254\207
+\007\224\364\143\161\354\056\342\157\133\230\201\341\211\134\064
+\171\154\166\357\073\220\142\171\346\333\244\232\057\046\305\320
+\020\341\016\336\331\020\216\026\373\267\367\250\367\307\345\002
+\007\230\217\066\010\225\347\342\067\226\015\066\165\236\373\016
+\162\261\035\233\274\003\371\111\005\330\201\335\005\264\052\326
+\101\351\254\001\166\225\012\017\330\337\325\275\022\037\065\057
+\050\027\154\322\230\301\250\011\144\167\156\107\067\272\316\254
+\131\136\150\235\177\162\326\211\305\006\101\051\076\131\076\335
+\046\365\044\311\021\247\132\243\114\100\037\106\241\231\265\247
+\072\121\156\206\073\236\175\162\247\022\005\170\131\355\076\121
+\170\025\013\003\217\215\320\057\005\262\076\173\112\034\113\163
+\005\022\374\306\352\340\120\023\174\103\223\164\263\312\164\347
+\216\037\001\010\320\060\324\133\161\066\264\007\272\301\060\060
+\134\110\267\202\073\230\246\175\140\212\242\243\051\202\314\272
+\275\203\004\033\242\203\003\101\241\326\005\361\033\302\266\360
+\250\174\206\073\106\250\110\052\210\334\166\232\166\277\037\152
+\245\075\031\217\353\070\363\144\336\310\053\015\012\050\377\367
+\333\342\025\102\324\042\320\047\135\341\171\376\030\347\160\210
+\255\116\346\331\213\072\306\335\047\121\156\377\274\144\365\063
+\103\117\002\003\001\000\001\243\102\060\100\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003
+\125\035\016\004\026\004\024\171\264\131\346\173\266\345\344\001
+\163\200\010\210\310\032\130\366\351\233\156\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\125
+\037\130\251\274\262\250\120\320\014\261\330\032\151\040\047\051
+\010\254\141\165\134\212\156\370\202\345\151\057\325\366\126\113
+\271\270\163\020\131\323\041\227\176\347\114\161\373\262\322\140
+\255\071\250\013\352\027\041\126\205\361\120\016\131\353\316\340
+\131\351\272\311\025\357\206\235\217\204\200\366\344\351\221\220
+\334\027\233\142\033\105\360\146\225\322\174\157\302\352\073\357
+\037\317\313\326\256\047\361\251\260\310\256\375\175\176\232\372
+\042\004\353\377\331\177\352\221\053\042\261\027\016\217\362\212
+\064\133\130\330\374\001\311\124\271\270\046\314\212\210\063\211
+\114\055\204\074\202\337\356\226\127\005\272\054\273\367\304\267
+\307\116\073\202\276\061\310\042\163\163\222\321\302\200\244\071
+\071\020\063\043\202\114\074\237\206\262\125\230\035\276\051\206
+\214\042\233\236\342\153\073\127\072\202\160\115\334\011\307\211
+\313\012\007\115\154\350\135\216\311\357\316\253\307\273\265\053
+\116\105\326\112\320\046\314\345\162\312\010\152\245\225\343\025
+\241\367\244\355\311\054\137\245\373\377\254\050\002\056\276\327
+\173\273\343\161\173\220\026\323\007\136\106\123\174\067\007\102
+\214\323\304\226\234\325\231\265\052\340\225\032\200\110\256\114
+\071\007\316\314\107\244\122\225\053\272\270\373\255\322\063\123
+\175\345\035\115\155\325\241\261\307\102\157\346\100\047\065\134
+\243\050\267\007\215\347\215\063\220\347\043\237\373\120\234\171
+\154\106\325\264\025\263\226\156\176\233\014\226\072\270\122\055
+\077\326\133\341\373\010\302\204\376\044\250\243\211\332\254\152
+\341\030\052\261\250\103\141\133\323\037\334\073\215\166\362\055
+\350\215\165\337\027\063\154\075\123\373\173\313\101\137\377\334
+\242\320\141\070\341\226\270\254\135\213\067\327\165\325\063\300
+\231\021\256\235\101\301\162\165\204\276\002\101\102\137\147\044
+\110\224\321\233\047\276\007\077\271\270\117\201\164\121\341\172
+\267\355\235\043\342\276\340\325\050\004\023\074\061\003\236\335
+\172\154\217\306\007\030\306\177\336\107\216\077\050\236\004\006
+\317\245\124\064\167\275\354\211\233\351\027\103\337\133\333\137
+\376\216\036\127\242\315\100\235\176\142\042\332\336\030\047
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ISRG Root X1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\312\275\052\171\241\007\152\061\362\035\045\066\065\313\003\235
+\103\051\245\350
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\014\322\371\340\332\027\163\351\355\206\115\245\343\160\347\116
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143
+\202\213\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "AC RAIZ FNMT-RCM"
+#
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AC RAIZ FNMT-RCM"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122
+\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040
+\122\101\111\132\040\106\116\115\124\055\122\103\115
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122
+\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040
+\122\101\111\132\040\106\116\115\124\055\122\103\115
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151
+\007
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\203\060\202\003\153\240\003\002\001\002\002\017\135
+\223\215\060\147\066\310\006\035\032\307\124\204\151\007\060\015
+\006\011\052\206\110\206\367\015\001\001\013\005\000\060\073\061
+\013\060\011\006\003\125\004\006\023\002\105\123\061\021\060\017
+\006\003\125\004\012\014\010\106\116\115\124\055\122\103\115\061
+\031\060\027\006\003\125\004\013\014\020\101\103\040\122\101\111
+\132\040\106\116\115\124\055\122\103\115\060\036\027\015\060\070
+\061\060\062\071\061\065\065\071\065\066\132\027\015\063\060\060
+\061\060\061\060\060\060\060\060\060\132\060\073\061\013\060\011
+\006\003\125\004\006\023\002\105\123\061\021\060\017\006\003\125
+\004\012\014\010\106\116\115\124\055\122\103\115\061\031\060\027
+\006\003\125\004\013\014\020\101\103\040\122\101\111\132\040\106
+\116\115\124\055\122\103\115\060\202\002\042\060\015\006\011\052
+\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
+\202\002\012\002\202\002\001\000\272\161\200\172\114\206\156\177
+\310\023\155\300\306\175\034\000\227\217\054\014\043\273\020\232
+\100\251\032\267\207\210\370\233\126\152\373\346\173\216\213\222
+\216\247\045\135\131\021\333\066\056\267\121\027\037\251\010\037
+\004\027\044\130\252\067\112\030\337\345\071\324\127\375\327\301
+\054\221\001\221\342\042\324\003\300\130\374\167\107\354\217\076
+\164\103\272\254\064\215\115\070\166\147\216\260\310\157\060\063
+\130\161\134\264\365\153\156\324\001\120\270\023\176\154\112\243
+\111\321\040\031\356\274\300\051\030\145\247\336\376\357\335\012
+\220\041\347\032\147\222\102\020\230\137\117\060\274\076\034\105
+\264\020\327\150\100\024\300\100\372\347\167\027\172\346\013\217
+\145\133\074\331\232\122\333\265\275\236\106\317\075\353\221\005
+\002\300\226\262\166\114\115\020\226\073\222\372\234\177\017\231
+\337\276\043\065\105\036\002\134\376\265\250\233\231\045\332\136
+\363\042\303\071\365\344\052\056\323\306\037\304\154\252\305\034
+\152\001\005\112\057\322\305\301\250\064\046\135\146\245\322\002
+\041\371\030\267\006\365\116\231\157\250\253\114\121\350\317\120
+\030\305\167\310\071\011\054\111\222\062\231\250\273\027\027\171
+\260\132\305\346\243\304\131\145\107\065\203\136\251\350\065\013
+\231\273\344\315\040\306\233\112\006\071\265\150\374\042\272\356
+\125\214\053\116\352\363\261\343\374\266\231\232\325\102\372\161
+\115\010\317\207\036\152\161\175\371\323\264\351\245\161\201\173
+\302\116\107\226\245\366\166\205\243\050\217\351\200\156\201\123
+\245\155\137\270\110\371\302\371\066\246\056\111\377\270\226\302
+\214\007\263\233\210\130\374\353\033\034\336\055\160\342\227\222
+\060\241\211\343\274\125\250\047\326\113\355\220\255\213\372\143
+\045\131\055\250\065\335\312\227\063\274\345\315\307\235\321\354
+\357\136\016\112\220\006\046\143\255\271\331\065\055\007\272\166
+\145\054\254\127\217\175\364\007\224\327\201\002\226\135\243\007
+\111\325\172\320\127\371\033\347\123\106\165\252\260\171\102\313
+\150\161\010\351\140\275\071\151\316\364\257\303\126\100\307\255
+\122\242\011\344\157\206\107\212\037\353\050\047\135\203\040\257
+\004\311\154\126\232\213\106\365\002\003\001\000\001\243\201\203
+\060\201\200\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\367
+\175\305\375\304\350\232\033\167\144\247\365\035\240\314\277\207
+\140\232\155\060\076\006\003\125\035\040\004\067\060\065\060\063
+\006\004\125\035\040\000\060\053\060\051\006\010\053\006\001\005
+\005\007\002\001\026\035\150\164\164\160\072\057\057\167\167\167
+\056\143\145\162\164\056\146\156\155\164\056\145\163\057\144\160
+\143\163\057\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\002\001\000\007\220\112\337\363\043\116\360\303
+\234\121\145\233\234\042\242\212\014\205\363\163\051\153\115\376
+\001\342\251\014\143\001\277\004\147\245\235\230\137\375\001\023
+\372\354\232\142\351\206\376\266\142\322\156\114\224\373\300\165
+\105\174\145\014\370\262\067\317\254\017\317\215\157\371\031\367
+\217\354\036\362\160\236\360\312\270\357\267\377\166\067\166\133
+\366\156\210\363\257\142\062\042\223\015\072\152\216\024\146\014
+\055\123\164\127\145\036\325\262\335\043\201\073\245\146\043\047
+\147\011\217\341\167\252\103\315\145\121\010\355\121\130\376\346
+\071\371\313\107\204\244\025\361\166\273\244\356\244\073\304\137
+\357\262\063\226\021\030\267\311\145\276\030\341\243\244\334\372
+\030\371\323\274\023\233\071\172\064\272\323\101\373\372\062\212
+\052\267\053\206\013\151\203\070\276\315\212\056\013\160\255\215
+\046\222\356\036\365\001\053\012\331\326\227\233\156\340\250\031
+\034\072\041\213\014\036\100\255\003\347\335\146\176\365\271\040
+\015\003\350\226\371\202\105\324\071\340\240\000\135\327\230\346
+\175\236\147\163\303\232\052\367\253\213\241\072\024\357\064\274
+\122\016\211\230\232\004\100\204\035\176\105\151\223\127\316\353
+\316\370\120\174\117\034\156\004\103\233\371\326\073\043\030\351
+\352\216\321\115\106\215\361\073\344\152\312\272\373\043\267\233
+\372\231\001\051\132\130\132\055\343\371\324\155\016\046\255\301
+\156\064\274\062\370\014\005\372\145\243\333\073\067\203\042\351
+\326\334\162\063\375\135\362\040\275\166\074\043\332\050\367\371
+\033\353\131\144\325\334\137\162\176\040\374\315\211\265\220\147
+\115\142\172\077\116\255\035\303\071\376\172\364\050\026\337\101
+\366\110\200\005\327\017\121\171\254\020\253\324\354\003\146\346
+\152\260\272\061\222\102\100\152\276\072\323\162\341\152\067\125
+\274\254\035\225\267\151\141\362\103\221\164\346\240\323\012\044
+\106\241\010\257\326\332\105\031\226\324\123\035\133\204\171\360
+\300\367\107\357\213\217\305\006\256\235\114\142\235\377\106\004
+\370\323\311\266\020\045\100\165\376\026\252\311\112\140\206\057
+\272\357\060\167\344\124\342\270\204\231\130\200\252\023\213\121
+\072\117\110\366\213\266\263
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "AC RAIZ FNMT-RCM"
+# Issuer: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Serial Number:5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07
+# Subject: OU=AC RAIZ FNMT-RCM,O=FNMT-RCM,C=ES
+# Not Valid Before: Wed Oct 29 15:59:56 2008
+# Not Valid After : Tue Jan 01 00:00:00 2030
+# Fingerprint (SHA-256): EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA
+# Fingerprint (SHA1): EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "AC RAIZ FNMT-RCM"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\354\120\065\007\262\025\304\225\142\031\342\250\232\133\102\231
+\054\114\054\040
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\342\011\004\264\323\275\321\240\024\375\032\322\107\304\127\035
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\073\061\013\060\011\006\003\125\004\006\023\002\105\123\061
+\021\060\017\006\003\125\004\012\014\010\106\116\115\124\055\122
+\103\115\061\031\060\027\006\003\125\004\013\014\020\101\103\040
+\122\101\111\132\040\106\116\115\124\055\122\103\115
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\017\135\223\215\060\147\066\310\006\035\032\307\124\204\151
+\007
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Amazon Root CA 1"
+#
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103
+\346\226\066\133\312
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\101\060\202\002\051\240\003\002\001\002\002\023\006
+\154\237\317\231\277\214\012\071\342\360\170\212\103\346\226\066
+\133\312\060\015\006\011\052\206\110\206\367\015\001\001\013\005
+\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157
+\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172
+\157\156\040\122\157\157\164\040\103\101\040\061\060\036\027\015
+\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\063
+\070\060\061\061\067\060\060\060\060\060\060\132\060\071\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006
+\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027
+\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157
+\157\164\040\103\101\040\061\060\202\001\042\060\015\006\011\052
+\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060
+\202\001\012\002\202\001\001\000\262\170\200\161\312\170\325\343
+\161\257\107\200\120\164\175\156\330\327\210\166\364\231\150\367
+\130\041\140\371\164\204\001\057\254\002\055\206\323\240\103\172
+\116\262\244\320\066\272\001\276\215\333\110\310\007\027\066\114
+\364\356\210\043\307\076\353\067\365\265\031\370\111\150\260\336
+\327\271\166\070\035\141\236\244\376\202\066\245\345\112\126\344
+\105\341\371\375\264\026\372\164\332\234\233\065\071\057\372\260
+\040\120\006\154\172\320\200\262\246\371\257\354\107\031\217\120
+\070\007\334\242\207\071\130\370\272\325\251\371\110\147\060\226
+\356\224\170\136\157\211\243\121\300\060\206\146\241\105\146\272
+\124\353\243\303\221\371\110\334\377\321\350\060\055\175\055\164
+\160\065\327\210\044\367\236\304\131\156\273\163\207\027\362\062
+\106\050\270\103\372\267\035\252\312\264\362\237\044\016\055\113
+\367\161\134\136\151\377\352\225\002\313\070\212\256\120\070\157
+\333\373\055\142\033\305\307\036\124\341\167\340\147\310\017\234
+\207\043\326\077\100\040\177\040\200\304\200\114\076\073\044\046
+\216\004\256\154\232\310\252\015\002\003\001\000\001\243\102\060
+\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002
+\001\206\060\035\006\003\125\035\016\004\026\004\024\204\030\314
+\205\064\354\274\014\224\224\056\010\131\234\307\262\020\116\012
+\010\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000
+\003\202\001\001\000\230\362\067\132\101\220\241\032\305\166\121
+\050\040\066\043\016\256\346\050\273\252\370\224\256\110\244\060
+\177\033\374\044\215\113\264\310\241\227\366\266\361\172\160\310
+\123\223\314\010\050\343\230\045\317\043\244\371\336\041\323\174
+\205\011\255\116\232\165\072\302\013\152\211\170\166\104\107\030
+\145\154\215\101\216\073\177\232\313\364\265\247\120\327\005\054
+\067\350\003\113\255\351\141\240\002\156\365\362\360\305\262\355
+\133\267\334\372\224\134\167\236\023\245\177\122\255\225\362\370
+\223\073\336\213\134\133\312\132\122\133\140\257\024\367\113\357
+\243\373\237\100\225\155\061\124\374\102\323\307\106\037\043\255
+\331\017\110\160\232\331\165\170\161\321\162\103\064\165\156\127
+\131\302\002\134\046\140\051\317\043\031\026\216\210\103\245\324
+\344\313\010\373\043\021\103\350\103\051\162\142\241\251\135\136
+\010\324\220\256\270\330\316\024\302\320\125\362\206\366\304\223
+\103\167\146\141\300\271\350\101\327\227\170\140\003\156\112\162
+\256\245\321\175\272\020\236\206\154\033\212\271\131\063\370\353
+\304\220\276\361\271
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Amazon Root CA 1"
+# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US
+# Serial Number:06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+# Subject: CN=Amazon Root CA 1,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sun Jan 17 00:00:00 2038
+# Fingerprint (SHA-256): 8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E
+# Fingerprint (SHA1): 8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\215\247\371\145\354\136\374\067\221\017\034\156\131\375\301\314
+\152\156\336\026
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\103\306\277\256\354\376\255\057\030\306\210\150\060\374\310\346
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\317\231\277\214\012\071\342\360\170\212\103
+\346\226\066\133\312
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Amazon Root CA 2"
+#
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370
+\133\046\273\212\067
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\101\060\202\003\051\240\003\002\001\002\002\023\006
+\154\237\322\226\065\206\237\012\017\345\206\170\370\133\046\273
+\212\067\060\015\006\011\052\206\110\206\367\015\001\001\014\005
+\000\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157
+\156\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172
+\157\156\040\122\157\157\164\040\103\101\040\062\060\036\027\015
+\061\065\060\065\062\066\060\060\060\060\060\060\132\027\015\064
+\060\060\065\062\066\060\060\060\060\060\060\132\060\071\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\017\060\015\006
+\003\125\004\012\023\006\101\155\141\172\157\156\061\031\060\027
+\006\003\125\004\003\023\020\101\155\141\172\157\156\040\122\157
+\157\164\040\103\101\040\062\060\202\002\042\060\015\006\011\052
+\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
+\202\002\012\002\202\002\001\000\255\226\237\055\234\112\114\112
+\201\171\121\231\354\212\313\153\140\121\023\274\115\155\006\374
+\260\010\215\335\031\020\152\307\046\014\065\330\300\157\040\204
+\351\224\261\233\205\003\303\133\333\112\350\310\370\220\166\331
+\133\117\343\114\350\006\066\115\314\232\254\075\014\220\053\222
+\324\006\031\140\254\067\104\171\205\201\202\255\132\067\340\015
+\314\235\246\114\122\166\352\103\235\267\004\321\120\366\125\340
+\325\322\246\111\205\351\067\351\312\176\256\134\225\115\110\232
+\077\256\040\132\155\210\225\331\064\270\122\032\103\220\260\277
+\154\005\271\266\170\267\352\320\344\072\074\022\123\142\377\112
+\362\173\276\065\005\251\022\064\343\363\144\164\142\054\075\000
+\111\132\050\376\062\104\273\207\335\145\047\002\161\073\332\112
+\367\037\332\315\367\041\125\220\117\017\354\256\202\341\237\153
+\331\105\323\273\360\137\207\355\074\054\071\206\332\077\336\354
+\162\125\353\171\243\255\333\335\174\260\272\034\316\374\336\117
+\065\166\317\017\370\170\037\152\066\121\106\047\141\133\351\236
+\317\360\242\125\175\174\045\212\157\057\264\305\317\204\056\053
+\375\015\121\020\154\373\137\033\274\033\176\305\256\073\230\001
+\061\222\377\013\127\364\232\262\271\127\351\253\357\015\166\321
+\360\356\364\316\206\247\340\156\351\264\151\241\337\151\366\063
+\306\151\056\227\023\236\245\207\260\127\020\201\067\311\123\263
+\273\177\366\222\321\234\320\030\364\222\156\332\203\117\246\143
+\231\114\245\373\136\357\041\144\172\040\137\154\144\205\025\313
+\067\351\142\014\013\052\026\334\001\056\062\332\076\113\365\236
+\072\366\027\100\224\357\236\221\010\206\372\276\143\250\132\063
+\354\313\164\103\225\371\154\151\122\066\307\051\157\374\125\003
+\134\037\373\237\275\107\353\347\111\107\225\013\116\211\042\011
+\111\340\365\141\036\361\277\056\212\162\156\200\131\377\127\072
+\371\165\062\243\116\137\354\355\050\142\331\115\163\362\314\201
+\027\140\355\315\353\334\333\247\312\305\176\002\275\362\124\010
+\124\375\264\055\011\054\027\124\112\230\321\124\341\121\147\010
+\322\355\156\176\157\077\322\055\201\131\051\146\313\220\071\225
+\021\036\164\047\376\335\353\257\002\003\001\000\001\243\102\060
+\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002
+\001\206\060\035\006\003\125\035\016\004\026\004\024\260\014\360
+\114\060\364\005\130\002\110\375\063\345\122\257\113\204\343\146
+\122\060\015\006\011\052\206\110\206\367\015\001\001\014\005\000
+\003\202\002\001\000\252\250\200\217\016\170\243\340\242\324\315
+\346\365\230\172\073\352\000\003\260\227\016\223\274\132\250\366
+\054\214\162\207\251\261\374\177\163\375\143\161\170\245\207\131
+\317\060\341\015\020\262\023\132\155\202\365\152\346\200\237\240
+\005\013\150\344\107\153\307\152\337\266\375\167\062\162\345\030
+\372\011\364\240\223\054\135\322\214\165\205\166\145\220\014\003
+\171\267\061\043\143\255\170\203\011\206\150\204\312\377\371\317
+\046\232\222\171\347\315\113\305\347\141\247\027\313\363\251\022
+\223\223\153\247\350\057\123\222\304\140\130\260\314\002\121\030
+\133\205\215\142\131\143\266\255\264\336\232\373\046\367\000\047
+\300\135\125\067\164\231\311\120\177\343\131\056\104\343\054\045
+\356\354\114\062\167\264\237\032\351\113\135\040\305\332\375\034
+\207\026\306\103\350\324\273\046\232\105\160\136\251\013\067\123
+\342\106\173\047\375\340\106\362\211\267\314\102\266\313\050\046
+\156\331\245\311\072\310\101\023\140\367\120\214\025\256\262\155
+\032\025\032\127\170\346\222\052\331\145\220\202\077\154\002\257
+\256\022\072\047\226\066\004\327\035\242\200\143\251\233\361\345
+\272\264\174\024\260\116\311\261\037\164\137\070\366\121\352\233
+\372\054\242\021\324\251\055\047\032\105\261\257\262\116\161\015
+\300\130\106\326\151\006\313\123\313\263\376\153\101\315\101\176
+\175\114\017\174\162\171\172\131\315\136\112\016\254\233\251\230
+\163\171\174\264\364\314\271\270\007\014\262\164\134\270\307\157
+\210\241\220\247\364\252\371\277\147\072\364\032\025\142\036\267
+\237\276\075\261\051\257\147\241\022\362\130\020\031\123\003\060
+\033\270\032\211\366\234\275\227\003\216\243\011\363\035\213\041
+\361\264\337\344\034\321\237\145\002\006\352\134\326\023\263\204
+\357\242\245\134\214\167\051\247\150\300\153\256\100\322\250\264
+\352\315\360\215\113\070\234\031\232\033\050\124\270\211\220\357
+\312\165\201\076\036\362\144\044\307\030\257\116\377\107\236\007
+\366\065\145\244\323\012\126\377\365\027\144\154\357\250\042\045
+\111\223\266\337\000\027\332\130\176\135\356\305\033\260\321\321
+\137\041\020\307\371\363\272\002\012\047\007\305\361\326\307\323
+\340\373\011\140\154
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Amazon Root CA 2"
+# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US
+# Serial Number:06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+# Subject: CN=Amazon Root CA 2,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4
+# Fingerprint (SHA1): 5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\132\214\357\105\327\246\230\131\166\172\214\213\104\226\265\170
+\317\107\113\032
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\310\345\215\316\250\102\342\172\300\052\134\174\236\046\277\146
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\322\226\065\206\237\012\017\345\206\170\370
+\133\046\273\212\067
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Amazon Root CA 3"
+#
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350
+\236\166\003\362\112
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\001\266\060\202\001\133\240\003\002\001\002\002\023\006
+\154\237\325\164\227\066\146\077\073\013\232\331\350\236\166\003
+\362\112\060\012\006\010\052\206\110\316\075\004\003\002\060\071
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060
+\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031
+\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040
+\122\157\157\164\040\103\101\040\063\060\036\027\015\061\065\060
+\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065
+\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004
+\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125
+\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040
+\103\101\040\063\060\131\060\023\006\007\052\206\110\316\075\002
+\001\006\010\052\206\110\316\075\003\001\007\003\102\000\004\051
+\227\247\306\101\177\300\015\233\350\001\033\126\306\362\122\245
+\272\055\262\022\350\322\056\327\372\311\305\330\252\155\037\163
+\201\073\073\230\153\071\174\063\245\305\116\206\216\200\027\150
+\142\105\127\175\104\130\035\263\067\345\147\010\353\146\336\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\206\060\035\006\003\125\035\016\004\026\004\024\253
+\266\333\327\006\236\067\254\060\206\007\221\160\307\234\304\031
+\261\170\300\060\012\006\010\052\206\110\316\075\004\003\002\003
+\111\000\060\106\002\041\000\340\205\222\243\027\267\215\371\053
+\006\245\223\254\032\230\150\141\162\372\341\241\320\373\034\170
+\140\246\103\231\305\270\304\002\041\000\234\002\357\361\224\234
+\263\226\371\353\306\052\370\266\054\376\072\220\024\026\327\214
+\143\044\110\034\337\060\175\325\150\073
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Amazon Root CA 3"
+# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US
+# Serial Number:06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+# Subject: CN=Amazon Root CA 3,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): 18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4
+# Fingerprint (SHA1): 0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\015\104\335\214\074\214\032\032\130\165\144\201\351\017\056\052
+\377\263\322\156
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\240\324\357\013\367\265\330\111\225\052\354\365\304\374\201\207
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\325\164\227\066\146\077\073\013\232\331\350
+\236\166\003\362\112
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Amazon Root CA 4"
+#
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173
+\054\310\032\301\016
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\001\362\060\202\001\170\240\003\002\001\002\002\023\006
+\154\237\327\301\273\020\114\051\103\345\161\173\173\054\310\032
+\301\016\060\012\006\010\052\206\110\316\075\004\003\003\060\071
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\017\060
+\015\006\003\125\004\012\023\006\101\155\141\172\157\156\061\031
+\060\027\006\003\125\004\003\023\020\101\155\141\172\157\156\040
+\122\157\157\164\040\103\101\040\064\060\036\027\015\061\065\060
+\065\062\066\060\060\060\060\060\060\132\027\015\064\060\060\065
+\062\066\060\060\060\060\060\060\132\060\071\061\013\060\011\006
+\003\125\004\006\023\002\125\123\061\017\060\015\006\003\125\004
+\012\023\006\101\155\141\172\157\156\061\031\060\027\006\003\125
+\004\003\023\020\101\155\141\172\157\156\040\122\157\157\164\040
+\103\101\040\064\060\166\060\020\006\007\052\206\110\316\075\002
+\001\006\005\053\201\004\000\042\003\142\000\004\322\253\212\067
+\117\243\123\015\376\301\212\173\113\250\173\106\113\143\260\142
+\366\055\033\333\010\161\041\322\000\350\143\275\232\047\373\360
+\071\156\135\352\075\245\311\201\252\243\133\040\230\105\135\026
+\333\375\350\020\155\343\234\340\343\275\137\204\142\363\160\144
+\063\240\313\044\057\160\272\210\241\052\240\165\370\201\256\142
+\006\304\201\333\071\156\051\260\036\372\056\134\243\102\060\100
+\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
+\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
+\206\060\035\006\003\125\035\016\004\026\004\024\323\354\307\072
+\145\156\314\341\332\166\232\126\373\234\363\206\155\127\345\201
+\060\012\006\010\052\206\110\316\075\004\003\003\003\150\000\060
+\145\002\060\072\213\041\361\275\176\021\255\320\357\130\226\057
+\326\353\235\176\220\215\053\317\146\125\303\054\343\050\251\160
+\012\107\016\360\067\131\022\377\055\231\224\050\116\052\117\065
+\115\063\132\002\061\000\352\165\000\116\073\304\072\224\022\221
+\311\130\106\235\041\023\162\247\210\234\212\344\114\112\333\226
+\324\254\213\153\153\111\022\123\063\255\327\344\276\044\374\265
+\012\166\324\245\274\020
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Amazon Root CA 4"
+# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US
+# Serial Number:06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+# Subject: CN=Amazon Root CA 4,O=Amazon,C=US
+# Not Valid Before: Tue May 26 00:00:00 2015
+# Not Valid After : Sat May 26 00:00:00 2040
+# Fingerprint (SHA-256): E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92
+# Fingerprint (SHA1): F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Amazon Root CA 4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\366\020\204\007\326\370\273\147\230\014\302\342\104\302\353\256
+\034\357\143\276
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\211\274\047\325\353\027\215\006\152\151\325\375\211\107\264\315
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\071\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\017\060\015\006\003\125\004\012\023\006\101\155\141\172\157\156
+\061\031\060\027\006\003\125\004\003\023\020\101\155\141\172\157
+\156\040\122\157\157\164\040\103\101\040\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\023\006\154\237\327\301\273\020\114\051\103\345\161\173\173
+\054\310\032\301\016
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "LuxTrust Global Root 2"
+#
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "LuxTrust Global Root 2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061
+\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165
+\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003
+\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141
+\154\040\122\157\157\164\040\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061
+\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165
+\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003
+\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141
+\154\040\122\157\157\164\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270
+\025\323\026\177\273\261
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\303\060\202\003\253\240\003\002\001\002\002\024\012
+\176\246\337\113\104\236\332\152\044\205\236\346\270\025\323\026
+\177\273\261\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\106\061\013\060\011\006\003\125\004\006\023\002\114
+\125\061\026\060\024\006\003\125\004\012\014\015\114\165\170\124
+\162\165\163\164\040\123\056\101\056\061\037\060\035\006\003\125
+\004\003\014\026\114\165\170\124\162\165\163\164\040\107\154\157
+\142\141\154\040\122\157\157\164\040\062\060\036\027\015\061\065
+\060\063\060\065\061\063\062\061\065\067\132\027\015\063\065\060
+\063\060\065\061\063\062\061\065\067\132\060\106\061\013\060\011
+\006\003\125\004\006\023\002\114\125\061\026\060\024\006\003\125
+\004\012\014\015\114\165\170\124\162\165\163\164\040\123\056\101
+\056\061\037\060\035\006\003\125\004\003\014\026\114\165\170\124
+\162\165\163\164\040\107\154\157\142\141\154\040\122\157\157\164
+\040\062\060\202\002\042\060\015\006\011\052\206\110\206\367\015
+\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202
+\002\001\000\327\205\227\277\021\230\351\360\142\203\114\074\207
+\371\123\152\067\013\362\017\074\207\316\157\334\046\051\275\305
+\211\272\311\203\075\367\356\312\133\306\155\111\163\264\311\106
+\243\033\064\023\077\301\211\105\127\364\331\261\373\066\145\113
+\373\010\342\110\161\021\310\156\073\236\235\337\211\145\067\246
+\205\366\073\104\030\266\306\067\060\142\104\222\227\151\175\102
+\060\044\344\015\014\211\153\143\336\305\341\337\116\251\024\154
+\123\340\141\316\366\027\057\035\074\275\346\042\114\035\223\365
+\020\304\241\166\354\152\336\305\154\337\226\264\126\100\102\300
+\142\222\060\241\055\025\224\240\322\040\006\011\156\152\155\345
+\353\267\276\324\360\361\025\174\213\346\116\272\023\314\113\047
+\136\231\074\027\135\217\201\177\063\075\117\323\077\033\354\134
+\077\360\074\114\165\156\362\246\325\235\332\055\007\143\002\306
+\162\351\224\274\114\111\225\117\210\122\310\333\350\151\202\370
+\314\064\133\042\360\206\247\211\275\110\012\155\146\201\155\310
+\310\144\373\001\341\364\341\336\331\236\335\333\133\324\052\231
+\046\025\033\036\114\222\051\202\236\325\222\201\222\101\160\031
+\367\244\345\223\113\274\167\147\061\335\034\375\061\160\015\027
+\231\014\371\014\071\031\052\027\265\060\161\125\325\017\256\130
+\341\075\057\064\233\317\237\366\170\205\302\223\172\162\076\146
+\217\234\026\021\140\217\236\211\157\147\276\340\107\132\073\014
+\232\147\213\317\106\306\256\070\243\362\247\274\346\326\205\153
+\063\044\160\042\113\313\010\233\273\310\370\002\051\035\276\040
+\014\106\277\153\207\233\263\052\146\102\065\106\154\252\272\255
+\371\230\173\351\120\125\024\061\277\261\332\055\355\200\255\150
+\044\373\151\253\330\161\023\060\346\147\263\207\100\375\211\176
+\362\103\321\021\337\057\145\057\144\316\137\024\271\261\277\061
+\275\207\170\132\131\145\210\252\374\131\062\110\206\326\114\271
+\051\113\225\323\166\363\167\045\155\102\034\070\203\115\375\243
+\137\233\177\055\254\171\033\016\102\061\227\143\244\373\212\151
+\325\042\015\064\220\060\056\250\264\340\155\266\224\254\274\213
+\116\327\160\374\305\070\216\144\045\341\115\071\220\316\311\207
+\204\130\161\002\003\001\000\001\243\201\250\060\201\245\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\102\006\003\125\035\040\004\073\060\071\060\067\006\007\053\201
+\053\001\001\001\012\060\054\060\052\006\010\053\006\001\005\005
+\007\002\001\026\036\150\164\164\160\163\072\057\057\162\145\160
+\157\163\151\164\157\162\171\056\154\165\170\164\162\165\163\164
+\056\154\165\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\037\006\003\125\035\043\004\030\060\026\200\024
+\377\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123
+\370\113\174\263\060\035\006\003\125\035\016\004\026\004\024\377
+\030\050\166\371\110\005\054\241\256\361\053\033\053\262\123\370
+\113\174\263\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\002\001\000\152\031\024\355\156\171\301\054\207
+\324\015\160\176\327\366\170\311\013\004\116\304\261\316\223\160
+\376\260\124\300\062\315\231\060\144\027\277\017\345\342\063\375
+\007\066\100\162\016\032\266\152\131\326\000\345\150\040\335\056
+\162\015\037\152\144\061\040\204\175\111\246\132\067\353\105\311
+\205\365\324\307\027\231\007\346\233\125\344\014\350\251\264\316
+\214\133\265\021\134\317\212\016\015\326\254\167\201\376\062\234
+\044\236\162\316\124\363\320\157\242\126\326\354\303\067\054\145
+\130\276\127\000\032\362\065\372\353\173\061\135\302\301\022\075
+\226\201\210\226\211\301\131\134\172\346\177\160\064\347\203\342
+\261\341\341\270\130\357\324\225\344\140\234\360\226\227\162\214
+\353\204\002\056\145\217\244\267\322\177\147\335\310\323\236\134
+\252\251\244\240\045\024\006\233\354\117\176\055\013\177\035\165
+\361\063\330\355\316\270\165\155\076\133\271\230\035\061\015\126
+\330\103\017\060\221\262\004\153\335\126\276\225\200\125\147\276
+\330\315\203\331\030\356\056\017\206\055\222\236\160\023\354\336
+\121\311\103\170\002\245\115\310\371\137\304\221\130\106\026\167
+\132\164\252\100\274\007\237\060\271\261\367\022\027\335\343\377
+\044\100\035\172\152\321\117\030\012\252\220\035\353\100\036\337
+\241\036\104\222\020\232\362\215\341\321\113\106\236\350\105\102
+\227\352\105\231\363\354\146\325\002\372\362\246\112\044\252\336
+\316\271\312\371\077\223\157\371\243\272\352\245\076\231\255\375
+\377\173\231\365\145\356\360\131\050\147\327\220\225\244\023\204
+\251\204\301\350\316\316\165\223\143\032\274\074\352\325\144\037
+\055\052\022\071\306\303\132\062\355\107\221\026\016\274\070\301
+\120\336\217\312\052\220\064\034\356\101\224\234\136\031\056\370
+\105\111\231\164\221\260\004\157\343\004\132\261\253\052\253\376
+\307\320\226\266\332\341\112\144\006\156\140\115\275\102\116\377
+\170\332\044\312\033\264\327\226\071\154\256\361\016\252\247\175
+\110\213\040\114\317\144\326\270\227\106\260\116\321\052\126\072
+\240\223\275\257\200\044\340\012\176\347\312\325\312\350\205\125
+\334\066\052\341\224\150\223\307\146\162\104\017\200\041\062\154
+\045\307\043\200\203\012\353
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "LuxTrust Global Root 2"
+# Issuer: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Serial Number:0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1
+# Subject: CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
+# Not Valid Before: Thu Mar 05 13:21:57 2015
+# Not Valid After : Mon Mar 05 13:21:57 2035
+# Fingerprint (SHA-256): 54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5
+# Fingerprint (SHA1): 1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "LuxTrust Global Root 2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\036\016\126\031\012\321\213\045\230\262\004\104\377\146\212\004
+\027\231\137\077
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\262\341\011\000\141\257\367\361\221\157\304\255\215\136\073\174
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\106\061\013\060\011\006\003\125\004\006\023\002\114\125\061
+\026\060\024\006\003\125\004\012\014\015\114\165\170\124\162\165
+\163\164\040\123\056\101\056\061\037\060\035\006\003\125\004\003
+\014\026\114\165\170\124\162\165\163\164\040\107\154\157\142\141
+\154\040\122\157\157\164\040\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\012\176\246\337\113\104\236\332\152\044\205\236\346\270
+\025\323\026\177\273\261
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
+#
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\066
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320
+\363\230
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\044
+\062\165\362\035\057\322\011\063\367\264\152\312\320\363\230\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
+\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035
+\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145
+\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060
+\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143
+\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105
+\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145
+\143\040\103\154\141\163\163\040\061\040\120\165\142\154\151\143
+\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060
+\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063
+\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024
+\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141
+\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123
+\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145
+\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074
+\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\061
+\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\307\071\327
+\111\144\251\231\202\042\114\352\105\331\007\026\343\173\364\203
+\350\231\163\372\153\261\066\340\232\167\240\100\302\201\215\001
+\307\314\214\275\217\175\367\171\343\172\114\003\115\331\373\375
+\207\070\050\054\335\232\213\124\010\333\147\373\033\214\376\050
+\222\057\276\267\262\110\247\201\241\330\136\210\303\314\071\100
+\101\132\321\334\345\332\020\237\057\332\001\115\375\056\106\174
+\371\056\047\012\151\067\356\221\243\033\152\314\104\277\033\307
+\303\324\021\262\120\140\227\011\275\056\042\365\101\204\146\237
+\315\100\246\251\000\200\301\037\225\222\237\336\363\110\357\333
+\035\167\141\374\177\337\356\226\244\162\320\266\076\377\170\047
+\257\313\222\025\151\010\333\143\020\342\346\227\254\156\334\254
+\366\242\316\036\107\231\271\211\267\022\346\241\324\315\131\021
+\147\303\157\205\330\102\116\050\276\131\125\131\004\225\253\217
+\067\200\277\015\360\374\037\072\144\061\130\201\170\327\342\065
+\366\040\077\051\270\217\026\156\076\110\334\265\114\007\341\362
+\032\352\176\012\171\326\250\275\353\135\206\053\115\002\003\001
+\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\063\101\350\310\071\022\025\223\110\362\226\062\056\132
+\365\332\224\137\123\140\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\001\001\000\025\343\163\127\261\027
+\266\137\111\151\104\246\366\136\172\147\254\322\336\165\111\253
+\376\045\125\307\072\311\104\025\020\156\277\061\153\313\331\007
+\223\177\034\205\143\000\343\062\022\340\314\313\373\071\154\217
+\342\123\342\074\100\063\331\244\214\107\346\255\130\373\211\257
+\343\336\206\051\126\064\054\105\270\022\372\104\211\156\055\024
+\045\050\044\001\145\326\352\122\254\005\156\126\022\011\075\320
+\164\364\327\275\006\312\250\072\215\126\102\372\215\162\076\164
+\361\003\162\337\207\033\136\016\172\125\226\054\070\267\230\205
+\315\115\063\104\311\224\217\132\061\060\067\113\243\072\022\263
+\347\066\321\041\150\113\055\070\346\123\256\034\045\126\010\126
+\003\147\204\235\306\303\316\044\142\307\114\066\317\260\006\104
+\267\365\137\002\335\331\124\351\057\220\116\172\310\116\203\100
+\014\232\227\074\067\277\277\354\366\360\264\205\167\050\301\013
+\310\147\202\020\027\070\242\267\006\352\233\277\072\370\351\043
+\007\277\164\340\230\070\025\125\170\356\162\000\134\031\243\364
+\322\063\340\377\275\321\124\071\051\017
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:24:32:75:f2:1d:2f:d2:09:33:f7:b4:6a:ca:d0:f3:98
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): 9D:19:0B:2E:31:45:66:68:5B:E8:A8:89:E2:7A:A8:C7:D7:AE:1D:8A:AD:DB:A3:C1:EC:F9:D2:48:63:CD:34:B9
+# Fingerprint (SHA1): 51:7F:61:1E:29:91:6B:53:82:FB:72:E7:44:D9:8D:C3:CC:53:6D:64
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G6"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\121\177\141\036\051\221\153\123\202\373\162\347\104\331\215\303
+\314\123\155\144
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\057\250\264\332\366\144\113\036\202\371\106\075\124\032\174\260
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\044\062\165\362\035\057\322\011\063\367\264\152\312\320
+\363\230
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
+#
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\066
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261
+\377\101
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\003\366\060\202\002\336\240\003\002\001\002\002\020\144
+\202\236\374\067\036\164\135\374\227\377\227\310\261\377\101\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
+\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035
+\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145
+\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060
+\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143
+\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105
+\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145
+\143\040\103\154\141\163\163\040\062\040\120\165\142\154\151\143
+\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\040\055\040\107\066\060\036\027\015\061\061\061\060\061\070\060
+\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063
+\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024
+\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141
+\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123
+\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145
+\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074
+\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\062
+\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
+\164\150\157\162\151\164\171\040\055\040\107\066\060\202\001\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\001\017\000\060\202\001\012\002\202\001\001\000\315\314\351
+\005\310\143\205\313\077\100\143\027\275\030\372\065\346\004\147
+\127\145\230\051\244\117\311\134\217\017\064\322\370\332\250\023
+\142\252\270\036\120\147\170\260\026\114\240\071\251\025\172\256
+\355\322\242\300\360\220\067\051\030\046\134\350\015\074\266\154
+\111\077\301\340\334\331\113\266\024\031\013\246\323\226\341\326
+\011\343\031\046\034\371\037\145\113\371\032\103\034\000\203\326
+\320\252\111\242\324\333\346\142\070\272\120\024\103\155\371\061
+\370\126\026\331\070\002\221\317\353\154\335\273\071\116\231\341
+\060\147\105\361\324\360\215\303\337\376\362\070\007\041\175\000
+\136\126\104\263\344\140\275\221\053\234\253\133\004\162\017\262
+\050\331\162\253\005\040\102\045\251\133\003\152\040\020\314\061
+\360\053\332\065\054\320\373\232\227\116\360\202\113\053\330\137
+\066\243\013\055\257\143\015\035\045\177\241\156\134\142\241\215
+\050\076\241\374\034\040\370\001\057\272\125\232\021\260\031\322
+\310\120\171\153\016\152\005\327\252\004\066\262\243\362\341\137
+\167\247\167\234\345\036\334\351\337\152\301\145\135\002\003\001
+\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\207\214\040\225\310\230\112\321\326\200\006\112\220\064
+\104\337\034\115\277\260\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\001\001\000\201\216\262\245\146\226
+\267\041\245\266\357\157\043\132\137\333\201\305\102\245\170\301
+\151\375\364\074\327\371\134\153\160\162\032\374\132\227\115\000
+\200\210\210\202\212\303\161\015\216\305\211\233\054\355\215\013
+\322\162\124\365\175\324\134\103\127\351\363\256\245\002\021\366
+\166\053\201\127\335\175\332\164\060\375\124\107\366\340\026\156
+\246\264\012\110\346\347\165\007\017\051\031\071\316\171\364\266
+\154\305\137\231\325\037\113\372\337\155\054\074\015\124\200\160
+\360\210\013\200\317\306\150\242\270\035\160\331\166\214\374\356
+\245\311\317\255\035\317\231\045\127\132\142\105\313\026\153\275
+\111\315\245\243\214\151\171\045\256\270\114\154\213\100\146\113
+\026\077\317\002\032\335\341\154\153\007\141\152\166\025\051\231
+\177\033\335\210\200\301\277\265\217\163\305\246\226\043\204\246
+\050\206\044\063\152\001\056\127\163\045\266\136\277\217\346\035
+\141\250\100\051\147\035\207\233\035\177\233\237\231\315\061\326
+\124\276\142\273\071\254\150\022\110\221\040\245\313\261\335\376
+\157\374\132\344\202\125\131\257\061\251
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G6"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:64:82:9e:fc:37:1e:74:5d:fc:97:ff:97:c8:b1:ff:41
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Tue Oct 18 00:00:00 2011
+# Not Valid After : Tue Dec 01 23:59:59 2037
+# Fingerprint (SHA-256): CB:62:7D:18:B5:8A:D5:6D:DE:33:1A:30:45:6B:C6:5C:60:1A:4E:9B:18:DE:DC:EA:08:E7:DA:AA:07:81:5F:F0
+# Fingerprint (SHA1): 40:B3:31:A0:E9:BF:E8:55:BC:39:93:CA:70:4F:4E:C2:51:D4:1D:8F
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G6"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\100\263\061\240\351\277\350\125\274\071\223\312\160\117\116\302
+\121\324\035\217
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\175\013\203\345\373\174\255\007\117\040\251\265\337\143\355\171
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\066
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\144\202\236\374\067\036\164\135\374\227\377\227\310\261
+\377\101
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
+#
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074
+\304\330
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\041
+\156\063\245\313\323\210\244\157\051\007\264\047\074\304\330\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006
+\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103
+\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003
+\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162
+\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006
+\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103
+\154\141\163\163\040\061\040\120\165\142\154\151\143\040\120\162
+\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040
+\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060
+\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065
+\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155
+\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157
+\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141
+\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157
+\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155
+\141\156\164\145\143\040\103\154\141\163\163\040\061\040\120\165
+\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052
+\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
+\004\327\146\265\033\333\256\263\140\356\106\352\210\143\165\073
+\052\224\155\363\137\022\366\343\017\236\266\012\024\123\110\122
+\310\334\072\263\313\110\040\046\022\116\372\211\204\324\337\221
+\344\051\175\050\001\331\333\030\103\151\241\037\265\323\206\026
+\334\307\177\147\043\337\337\061\061\203\003\065\160\261\113\267
+\310\027\273\121\313\334\224\027\333\352\011\073\166\022\336\252
+\265\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
+\024\145\300\215\045\365\014\272\227\167\220\077\236\056\340\132
+\365\316\325\341\344\060\012\006\010\052\206\110\316\075\004\003
+\003\003\151\000\060\146\002\061\000\245\256\343\106\123\370\230
+\066\343\042\372\056\050\111\015\356\060\176\063\363\354\077\161
+\136\314\125\211\170\231\254\262\375\334\034\134\063\216\051\271
+\153\027\310\021\150\265\334\203\007\002\061\000\234\310\104\332
+\151\302\066\303\124\031\020\205\002\332\235\107\357\101\347\154
+\046\235\011\075\367\155\220\321\005\104\057\260\274\203\223\150
+\362\014\105\111\071\277\231\004\034\323\020\240
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Symantec Class 1 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:21:6e:33:a5:cb:d3:88:a4:6f:29:07:b4:27:3c:c4:d8
+# Subject: CN=Symantec Class 1 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): 36:3F:3C:84:9E:AB:03:B0:A2:A0:F6:36:D7:B8:6D:04:D3:AC:7F:CF:E2:6A:0A:91:21:AB:97:95:F6:E1:76:DF
+# Fingerprint (SHA1): 84:F2:E3:DD:83:13:3E:A9:1D:19:52:7F:02:D7:29:BF:C1:5F:E6:67
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 1 Public Primary Certification Authority - G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\204\362\343\335\203\023\076\251\035\031\122\177\002\327\051\277
+\301\137\346\147
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\004\345\200\077\125\377\131\207\244\062\322\025\245\345\252\346
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\061\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\041\156\063\245\313\323\210\244\157\051\007\264\047\074
+\304\330
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
+#
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125
+\246\036
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\250\060\202\002\055\240\003\002\001\002\002\020\064
+\027\145\022\100\073\267\126\200\055\200\313\171\125\246\036\060
+\012\006\010\052\206\110\316\075\004\003\003\060\201\224\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\035\060\033\006
+\003\125\004\012\023\024\123\171\155\141\156\164\145\143\040\103
+\157\162\160\157\162\141\164\151\157\156\061\037\060\035\006\003
+\125\004\013\023\026\123\171\155\141\156\164\145\143\040\124\162
+\165\163\164\040\116\145\164\167\157\162\153\061\105\060\103\006
+\003\125\004\003\023\074\123\171\155\141\156\164\145\143\040\103
+\154\141\163\163\040\062\040\120\165\142\154\151\143\040\120\162
+\151\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164
+\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040
+\107\064\060\036\027\015\061\061\061\060\060\065\060\060\060\060
+\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065
+\071\132\060\201\224\061\013\060\011\006\003\125\004\006\023\002
+\125\123\061\035\060\033\006\003\125\004\012\023\024\123\171\155
+\141\156\164\145\143\040\103\157\162\160\157\162\141\164\151\157
+\156\061\037\060\035\006\003\125\004\013\023\026\123\171\155\141
+\156\164\145\143\040\124\162\165\163\164\040\116\145\164\167\157
+\162\153\061\105\060\103\006\003\125\004\003\023\074\123\171\155
+\141\156\164\145\143\040\103\154\141\163\163\040\062\040\120\165
+\142\154\151\143\040\120\162\151\155\141\162\171\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171\040\055\040\107\064\060\166\060\020\006\007\052
+\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
+\004\321\331\112\216\114\015\204\112\121\272\174\357\323\314\372
+\072\232\265\247\143\023\075\001\340\111\076\372\301\107\311\222
+\263\072\327\376\157\234\367\232\072\017\365\016\012\012\303\077
+\310\347\022\024\216\325\325\155\230\054\263\161\062\012\353\052
+\275\366\327\152\040\013\147\105\234\322\262\277\123\042\146\011
+\135\333\021\363\361\005\063\130\243\342\270\317\174\315\202\233
+\275\243\102\060\100\060\016\006\003\125\035\017\001\001\377\004
+\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004
+\024\075\062\363\072\251\014\220\204\371\242\214\151\006\141\124
+\057\207\162\376\005\060\012\006\010\052\206\110\316\075\004\003
+\003\003\151\000\060\146\002\061\000\310\246\251\257\101\177\265
+\311\021\102\026\150\151\114\134\270\047\030\266\230\361\300\177
+\220\155\207\323\214\106\027\360\076\117\374\352\260\010\304\172
+\113\274\010\057\307\342\247\157\145\002\061\000\326\131\336\206
+\316\137\016\312\124\325\306\320\025\016\374\213\224\162\324\216
+\000\130\123\317\176\261\113\015\345\120\206\353\236\153\337\377
+\051\246\330\107\331\240\226\030\333\362\105\263
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Symantec Class 2 Public Primary Certification Authority - G4"
+# Issuer: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Serial Number:34:17:65:12:40:3b:b7:56:80:2d:80:cb:79:55:a6:1e
+# Subject: CN=Symantec Class 2 Public Primary Certification Authority - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
+# Not Valid Before: Wed Oct 05 00:00:00 2011
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (SHA-256): FE:86:3D:08:22:FE:7A:23:53:FA:48:4D:59:24:E8:75:65:6D:3D:C9:FB:58:77:1F:6F:61:6F:9D:57:1B:C5:92
+# Fingerprint (SHA1): 67:24:90:2E:48:01:B0:22:96:40:10:46:B4:B1:67:2C:A9:75:FD:2B
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Symantec Class 2 Public Primary Certification Authority - G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\147\044\220\056\110\001\260\042\226\100\020\106\264\261\147\054
+\251\165\375\053
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\160\325\060\361\332\224\227\324\327\164\337\276\355\150\336\226
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
+\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
+\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
+\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
+\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
+\164\145\143\040\103\154\141\163\163\040\062\040\120\165\142\154
+\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
+\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
+\164\171\040\055\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\064\027\145\022\100\073\267\126\200\055\200\313\171\125
+\246\036
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
diff --git a/nss/lib/ckfw/builtins/ckbiver.c b/nss/lib/ckfw/builtins/ckbiver.c
new file mode 100644
index 0000000..208066c
--- /dev/null
+++ b/nss/lib/ckfw/builtins/ckbiver.c
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Library identity and versioning */
+
+#include "nssckbi.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING;
diff --git a/nss/lib/ckfw/builtins/config.mk b/nss/lib/ckfw/builtins/config.mk
new file mode 100644
index 0000000..6bd62f1
--- /dev/null
+++ b/nss/lib/ckfw/builtins/config.mk
@@ -0,0 +1,38 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only shared libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(SHARED_LIBRARY)
+LIBRARY        =
+IMPORT_LIBRARY =
+PROGRAM        =
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+    SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+    RES = $(OBJDIR)/$(LIBRARY_NAME).res
+    RESNAME = $(LIBRARY_NAME).rc
+endif
+
+ifdef BUILD_IDG
+    DEFINES += -DNSSDEBUG
+endif
+
+# Needed for compilation of $(OBJDIR)/certdata.c
+INCLUDES += -I.
+
+#
+# To create a loadable module on Darwin, we must use -bundle.
+#
+ifeq ($(OS_TARGET),Darwin)
+DSO_LDOPTS = -bundle
+endif
+
+ifdef USE_GCOV
+DSO_LDOPTS += --coverage
+endif
diff --git a/nss/lib/ckfw/builtins/constants.c b/nss/lib/ckfw/builtins/constants.c
new file mode 100644
index 0000000..f5d267b
--- /dev/null
+++ b/nss/lib/ckfw/builtins/constants.c
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * builtins/constants.c
+ *
+ * Identification and other constants, all collected here in one place.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKBI_H
+#include "nssckbi.h"
+#endif /* NSSCKBI_H */
+
+const CK_VERSION
+    nss_builtins_CryptokiVersion = {
+        NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR,
+        NSS_BUILTINS_CRYPTOKI_VERSION_MINOR
+    };
+
+const CK_VERSION
+    nss_builtins_LibraryVersion = {
+        NSS_BUILTINS_LIBRARY_VERSION_MAJOR,
+        NSS_BUILTINS_LIBRARY_VERSION_MINOR
+    };
+
+const CK_VERSION
+    nss_builtins_HardwareVersion = {
+        NSS_BUILTINS_HARDWARE_VERSION_MAJOR,
+        NSS_BUILTINS_HARDWARE_VERSION_MINOR
+    };
+
+const CK_VERSION
+    nss_builtins_FirmwareVersion = {
+        NSS_BUILTINS_FIRMWARE_VERSION_MAJOR,
+        NSS_BUILTINS_FIRMWARE_VERSION_MINOR
+    };
+
+const NSSUTF8
+    nss_builtins_ManufacturerID[] = { "Mozilla Foundation" };
+
+const NSSUTF8
+    nss_builtins_LibraryDescription[] = { "NSS Builtin Object Cryptoki Module" };
+
+const NSSUTF8
+    nss_builtins_SlotDescription[] = { "NSS Builtin Objects" };
+
+const NSSUTF8
+    nss_builtins_TokenLabel[] = { "Builtin Object Token" };
+
+const NSSUTF8
+    nss_builtins_TokenModel[] = { "1" };
+
+/* should this be e.g. the certdata.txt RCS revision number? */
+const NSSUTF8
+    nss_builtins_TokenSerialNumber[] = { "1" };
diff --git a/nss/lib/ckfw/builtins/exports.gyp b/nss/lib/ckfw/builtins/exports.gyp
new file mode 100644
index 0000000..6a5c38f
--- /dev/null
+++ b/nss/lib/ckfw/builtins/exports.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_ckfw_builtins_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'nssckbi.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/ckfw/builtins/manifest.mn b/nss/lib/ckfw/builtins/manifest.mn
new file mode 100644
index 0000000..7ac64bf
--- /dev/null
+++ b/nss/lib/ckfw/builtins/manifest.mn
@@ -0,0 +1,30 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../..
+
+MODULE = nss
+MAPFILE = $(OBJDIR)/nssckbi.def
+
+EXPORTS =		\
+	nssckbi.h	\
+	$(NULL)
+
+CSRCS =			\
+	anchor.c	\
+	constants.c	\
+	bfind.c		\
+	binst.c 	\
+	bobject.c	\
+	bsession.c	\
+	bslot.c		\
+	btoken.c	\
+	certdata.c	\
+	ckbiver.c	\
+	$(NULL)
+
+REQUIRES = nspr
+
+LIBRARY_NAME = nssckbi
diff --git a/nss/lib/ckfw/builtins/nssckbi.def b/nss/lib/ckfw/builtins/nssckbi.def
new file mode 100644
index 0000000..8692d4c
--- /dev/null
+++ b/nss/lib/ckfw/builtins/nssckbi.def
@@ -0,0 +1,26 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#     line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSS_3.1 {       # NSS 3.1 release
+;+    global:
+LIBRARY nssckbi ;-
+EXPORTS ;-
+C_GetFunctionList;
+;+    local:
+;+*;
+;+};
diff --git a/nss/lib/ckfw/builtins/nssckbi.h b/nss/lib/ckfw/builtins/nssckbi.h
new file mode 100644
index 0000000..4f1e357
--- /dev/null
+++ b/nss/lib/ckfw/builtins/nssckbi.h
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSCKBI_H
+#define NSSCKBI_H
+
+/*
+ * NSS BUILTINS Version numbers.
+ *
+ * These are the version numbers for the builtins module packaged with
+ * this release on NSS. To determine the version numbers of the builtin
+ * module you are using, use the appropriate PKCS #11 calls.
+ *
+ * These version numbers detail changes to the PKCS #11 interface. They map
+ * to the PKCS #11 spec versions.
+ */
+#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
+#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
+
+/* These version numbers detail the changes
+ * to the list of trusted certificates.
+ *
+ * The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
+ * for each NSS minor release AND whenever we change the list of
+ * trusted certificates.  10 minor versions are allocated for each
+ * NSS 3.x branch as follows, allowing us to change the list of
+ * trusted certificates up to 9 times on each branch.
+ *   - NSS 3.5 branch:  3-9
+ *   - NSS 3.6 branch:  10-19
+ *   - NSS 3.7 branch:  20-29
+ *   - NSS 3.8 branch:  30-39
+ *   - NSS 3.9 branch:  40-49
+ *   - NSS 3.10 branch: 50-59
+ *   - NSS 3.11 branch: 60-69
+ *     ...
+ *   - NSS 3.12 branch: 70-89
+ *   - NSS 3.13 branch: 90-99
+ *   - NSS 3.14 branch: 100-109
+ *     ...
+ *   - NSS 3.29 branch: 250-255
+ *
+ * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
+ * whether we may use its full range (0-255) or only 0-99 because
+ * of the comment in the CK_VERSION type definition.
+ */
+#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 11
+#define NSS_BUILTINS_LIBRARY_VERSION "2.11"
+
+/* These version numbers detail the semantic changes to the ckfw engine. */
+#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
+#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
+
+/* These version numbers detail the semantic changes to ckbi itself
+ * (new PKCS #11 objects), etc. */
+#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
+#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
+
+#endif /* NSSCKBI_H */
diff --git a/nss/lib/ckfw/builtins/nssckbi.rc b/nss/lib/ckfw/builtins/nssckbi.rc
new file mode 100644
index 0000000..315149b
--- /dev/null
+++ b/nss/lib/ckfw/builtins/nssckbi.rc
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssckbi.h"
+#include <winver.h>
+
+#define MY_LIBNAME "nssckbi"
+#define MY_FILEDESCRIPTION "NSS Builtin Trusted Root CAs"
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if NSS_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION NSS_BUILTINS_LIBRARY_VERSION_MAJOR,NSS_BUILTINS_LIBRARY_VERSION_MINOR,0,0
+ PRODUCTVERSION NSS_BUILTINS_LIBRARY_VERSION_MAJOR,NSS_BUILTINS_LIBRARY_VERSION_MINOR,0,0
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", NSS_BUILTINS_LIBRARY_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", NSS_BUILTINS_LIBRARY_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/ckfw/capi/Makefile b/nss/lib/ckfw/capi/Makefile
new file mode 100644
index 0000000..81780d2
--- /dev/null
+++ b/nss/lib/ckfw/capi/Makefile
@@ -0,0 +1,75 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+	$(NULL)
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+ifdef NS_USE_GCC
+EXTRA_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	-lcrypt32 \
+	-ladvapi32 \
+	-lrpcrt4 \
+	$(NULL)
+else 
+EXTRA_SHARED_LIBS += \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+        crypt32.lib \
+	advapi32.lib \
+	rpcrt4.lib \
+        $(NULL)
+endif # NS_USE_GCC
+else
+
+EXTRA_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+endif
+
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+# Generate certdata.c.
+generate:
+	$(PERL) certdata.perl < certdata.txt
+
+# This'll need some help from a build person.
+
+
+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1)
+DSO_LDOPTS              = -bM:SRE -bh:4 -bnoentry
+EXTRA_DSO_LDOPTS        = -lc
+MKSHLIB                 = xlC $(DSO_LDOPTS)
+
+$(SHARED_LIBRARY): $(OBJS)
+	@$(MAKE_OBJDIR)
+	rm -f $@
+	$(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS)
+	chmod +x $@
+
+endif
+
+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2)
+LD      += -G
+endif 
+
+
diff --git a/nss/lib/ckfw/capi/README b/nss/lib/ckfw/capi/README
new file mode 100644
index 0000000..9fc5720
--- /dev/null
+++ b/nss/lib/ckfw/capi/README
@@ -0,0 +1,7 @@
+This Cryptoki module provides acces to certs and keys stored in
+Microsofts CAPI certificate store.
+
+It does not import or export CA Root trust from the CAPI.
+It does not import or export CRLs from the CAPI.
+It does not handle S/MIME objects (pkcs #7 in capi terms?).
+It does not yet handle it's own PIN. (CAPI does all the pin prompting).
diff --git a/nss/lib/ckfw/capi/anchor.c b/nss/lib/ckfw/capi/anchor.c
new file mode 100644
index 0000000..2d1523e
--- /dev/null
+++ b/nss/lib/ckfw/capi/anchor.c
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * capi/canchor.c
+ *
+ * This file "anchors" the actual cryptoki entry points in this module's
+ * shared library, which is required for dynamic loading.  See the
+ * comments in nssck.api for more information.
+ */
+
+#include "ckcapi.h"
+
+#define MODULE_NAME ckcapi
+#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckcapi_mdInstance
+#include "nssck.api"
diff --git a/nss/lib/ckfw/capi/cfind.c b/nss/lib/ckfw/capi/cfind.c
new file mode 100644
index 0000000..9ea7fca
--- /dev/null
+++ b/nss/lib/ckfw/capi/cfind.c
@@ -0,0 +1,562 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKCAPI_H
+#include "ckcapi.h"
+#endif /* CKCAPI_H */
+
+/*
+ * ckcapi/cfind.c
+ *
+ * This file implements the NSSCKMDFindObjects object for the
+ * "capi" cryptoki module.
+ */
+
+struct ckcapiFOStr {
+    NSSArena *arena;
+    CK_ULONG n;
+    CK_ULONG i;
+    ckcapiInternalObject **objs;
+};
+
+static void
+ckcapi_mdFindObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
+    NSSArena *arena = fo->arena;
+    PRUint32 i;
+
+    /* walk down an free the unused 'objs' */
+    for (i = fo->i; i < fo->n; i++) {
+        nss_ckcapi_DestroyInternalObject(fo->objs[i]);
+    }
+
+    nss_ZFreeIf(fo->objs);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(mdFindObjects);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+
+    return;
+}
+
+static NSSCKMDObject *
+ckcapi_mdFindObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    struct ckcapiFOStr *fo = (struct ckcapiFOStr *)mdFindObjects->etc;
+    ckcapiInternalObject *io;
+
+    if (fo->i == fo->n) {
+        *pError = CKR_OK;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    io = fo->objs[fo->i];
+    fo->i++;
+
+    return nss_ckcapi_CreateMDObject(arena, io, pError);
+}
+
+static CK_BBOOL
+ckcapi_attrmatch(
+    CK_ATTRIBUTE_PTR a,
+    ckcapiInternalObject *o)
+{
+    PRBool prb;
+    const NSSItem *b;
+
+    b = nss_ckcapi_FetchAttribute(o, a->type);
+    if (b == NULL) {
+        return CK_FALSE;
+    }
+
+    if (a->ulValueLen != b->size) {
+        /* match a decoded serial number */
+        if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+            unsigned int len;
+            unsigned char *data;
+
+            data = nss_ckcapi_DERUnwrap(b->data, b->size, &len, NULL);
+            if ((len == a->ulValueLen) &&
+                nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+                return CK_TRUE;
+            }
+        }
+        return CK_FALSE;
+    }
+
+    prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+
+    if (PR_TRUE == prb) {
+        return CK_TRUE;
+    } else {
+        return CK_FALSE;
+    }
+}
+
+static CK_BBOOL
+ckcapi_match(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject *o)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (CK_FALSE == ckcapi_attrmatch(&pTemplate[i], o)) {
+            return CK_FALSE;
+        }
+    }
+
+    /* Every attribute passed */
+    return CK_TRUE;
+}
+
+#define CKAPI_ITEM_CHUNK 20
+
+#define PUT_Object(obj, err)                                                    \
+    {                                                                           \
+        if (count >= size) {                                                    \
+            *listp = *listp ? nss_ZREALLOCARRAY(*listp, ckcapiInternalObject *, \
+                                                (size +                         \
+                                                 CKAPI_ITEM_CHUNK))             \
+                            : nss_ZNEWARRAY(NULL, ckcapiInternalObject *,       \
+                                            (size +                             \
+                                             CKAPI_ITEM_CHUNK));                \
+            if ((ckcapiInternalObject **)NULL == *listp) {                      \
+                err = CKR_HOST_MEMORY;                                          \
+                goto loser;                                                     \
+            }                                                                   \
+            size += CKAPI_ITEM_CHUNK;                                           \
+        }                                                                       \
+        (*listp)[count] = (obj);                                                \
+        count++;                                                                \
+    }
+
+/*
+ * pass parameters back through the callback.
+ */
+typedef struct BareCollectParamsStr {
+    CK_OBJECT_CLASS objClass;
+    CK_ATTRIBUTE_PTR pTemplate;
+    CK_ULONG ulAttributeCount;
+    ckcapiInternalObject ***listp;
+    PRUint32 size;
+    PRUint32 count;
+} BareCollectParams;
+
+/* collect_bare's callback. Called for each object that
+ * supposedly has a PROVINDER_INFO property */
+static BOOL WINAPI
+doBareCollect(
+    const CRYPT_HASH_BLOB *msKeyID,
+    DWORD flags,
+    void *reserved,
+    void *args,
+    DWORD cProp,
+    DWORD *propID,
+    void **propData,
+    DWORD *propSize)
+{
+    BareCollectParams *bcp = (BareCollectParams *)args;
+    PRUint32 size = bcp->size;
+    PRUint32 count = bcp->count;
+    ckcapiInternalObject ***listp = bcp->listp;
+    ckcapiInternalObject *io = NULL;
+    DWORD i;
+    CRYPT_KEY_PROV_INFO *keyProvInfo = NULL;
+    void *idData;
+    CK_RV error;
+
+    /* make sure there is a Key Provider Info property */
+    for (i = 0; i < cProp; i++) {
+        if (CERT_KEY_PROV_INFO_PROP_ID == propID[i]) {
+            keyProvInfo = (CRYPT_KEY_PROV_INFO *)propData[i];
+            break;
+        }
+    }
+    if ((CRYPT_KEY_PROV_INFO *)NULL == keyProvInfo) {
+        return 1;
+    }
+
+    /* copy the key ID */
+    idData = nss_ZNEWARRAY(NULL, char, msKeyID->cbData);
+    if ((void *)NULL == idData) {
+        goto loser;
+    }
+    nsslibc_memcpy(idData, msKeyID->pbData, msKeyID->cbData);
+
+    /* build a bare internal object */
+    io = nss_ZNEW(NULL, ckcapiInternalObject);
+    if ((ckcapiInternalObject *)NULL == io) {
+        goto loser;
+    }
+    io->type = ckcapiBareKey;
+    io->objClass = bcp->objClass;
+    io->u.key.provInfo = *keyProvInfo;
+    io->u.key.provInfo.pwszContainerName =
+        nss_ckcapi_WideDup(keyProvInfo->pwszContainerName);
+    io->u.key.provInfo.pwszProvName =
+        nss_ckcapi_WideDup(keyProvInfo->pwszProvName);
+    io->u.key.provName = nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
+    io->u.key.containerName =
+        nss_ckcapi_WideToUTF8(keyProvInfo->pwszContainerName);
+    io->u.key.hProv = 0;
+    io->idData = idData;
+    io->id.data = idData;
+    io->id.size = msKeyID->cbData;
+    idData = NULL;
+
+    /* see if it matches */
+    if (CK_FALSE == ckcapi_match(bcp->pTemplate, bcp->ulAttributeCount, io)) {
+        goto loser;
+    }
+    PUT_Object(io, error);
+    bcp->size = size;
+    bcp->count = count;
+    return 1;
+
+loser:
+    if (io) {
+        nss_ckcapi_DestroyInternalObject(io);
+    }
+    nss_ZFreeIf(idData);
+    return 1;
+}
+
+/*
+ * collect the bare keys running around
+ */
+static PRUint32
+collect_bare(
+    CK_OBJECT_CLASS objClass,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError)
+{
+    BOOL rc;
+    BareCollectParams bareCollectParams;
+
+    bareCollectParams.objClass = objClass;
+    bareCollectParams.pTemplate = pTemplate;
+    bareCollectParams.ulAttributeCount = ulAttributeCount;
+    bareCollectParams.listp = listp;
+    bareCollectParams.size = *sizep;
+    bareCollectParams.count = count;
+
+    rc = CryptEnumKeyIdentifierProperties(NULL, CERT_KEY_PROV_INFO_PROP_ID, 0,
+                                          NULL, NULL, &bareCollectParams, doBareCollect);
+
+    *sizep = bareCollectParams.size;
+    return bareCollectParams.count;
+}
+
+/* find all the certs that represent the appropriate object (cert, priv key, or
+ *  pub key) in the cert store.
+ */
+static PRUint32
+collect_class(
+    CK_OBJECT_CLASS objClass,
+    LPCSTR storeStr,
+    PRBool hasID,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError)
+{
+    PRUint32 size = *sizep;
+    ckcapiInternalObject *next = NULL;
+    HCERTSTORE hStore;
+    PCCERT_CONTEXT certContext = NULL;
+    PRBool isKey =
+        (objClass == CKO_PUBLIC_KEY) | (objClass == CKO_PRIVATE_KEY);
+
+    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
+    if (NULL == hStore) {
+        return count; /* none found does not imply an error */
+    }
+
+    /* FUTURE: use CertFindCertificateInStore to filter better -- so we don't
+   * have to enumerate all the certificates */
+    while ((PCERT_CONTEXT)NULL !=
+           (certContext = CertEnumCertificatesInStore(hStore, certContext))) {
+        /* first filter out non user certs if we are looking for keys */
+        if (isKey) {
+            /* make sure there is a Key Provider Info property */
+            CRYPT_KEY_PROV_INFO *keyProvInfo;
+            DWORD size = 0;
+            BOOL rv;
+            rv = CertGetCertificateContextProperty(certContext,
+                                                   CERT_KEY_PROV_INFO_PROP_ID, NULL, &size);
+            if (!rv) {
+                int reason = GetLastError();
+                /* we only care if it exists, we don't really need to fetch it yet */
+                if (reason == CRYPT_E_NOT_FOUND) {
+                    continue;
+                }
+            }
+            /* filter out the non-microsoft providers */
+            keyProvInfo = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+            if (keyProvInfo) {
+                rv = CertGetCertificateContextProperty(certContext,
+                                                       CERT_KEY_PROV_INFO_PROP_ID, keyProvInfo, &size);
+                if (rv) {
+                    char *provName =
+                        nss_ckcapi_WideToUTF8(keyProvInfo->pwszProvName);
+                    nss_ZFreeIf(keyProvInfo);
+
+                    if (provName &&
+                        (strncmp(provName, "Microsoft", sizeof("Microsoft") -
+                                                            1) != 0)) {
+                        continue;
+                    }
+                } else {
+                    int reason =
+                        GetLastError();
+                    /* we only care if it exists, we don't really need to fetch it yet */
+                    nss_ZFreeIf(keyProvInfo);
+                    if (reason ==
+                        CRYPT_E_NOT_FOUND) {
+                        continue;
+                    }
+                }
+            }
+        }
+
+        if ((ckcapiInternalObject *)NULL == next) {
+            next = nss_ZNEW(NULL, ckcapiInternalObject);
+            if ((ckcapiInternalObject *)NULL == next) {
+                *pError = CKR_HOST_MEMORY;
+                goto loser;
+            }
+        }
+        next->type = ckcapiCert;
+        next->objClass = objClass;
+        next->u.cert.certContext = certContext;
+        next->u.cert.hasID = hasID;
+        next->u.cert.certStore = storeStr;
+        if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, next)) {
+            /* clear cached values that may be dependent on our old certContext */
+            memset(&next->u.cert, 0, sizeof(next->u.cert));
+            /* get a 'permanent' context */
+            next->u.cert.certContext = CertDuplicateCertificateContext(certContext);
+            next->objClass = objClass;
+            next->u.cert.certContext = certContext;
+            next->u.cert.hasID = hasID;
+            next->u.cert.certStore = storeStr;
+            PUT_Object(next, *pError);
+            next = NULL; /* need to allocate a new one now */
+        } else {
+            /* don't cache the values we just loaded */
+            memset(&next->u.cert, 0, sizeof(next->u.cert));
+        }
+    }
+loser:
+    CertCloseStore(hStore, 0);
+    nss_ZFreeIf(next);
+    *sizep = size;
+    return count;
+}
+
+NSS_IMPLEMENT PRUint32
+nss_ckcapi_collect_all_certs(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError)
+{
+    count = collect_class(CKO_CERTIFICATE, "My", PR_TRUE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    /*count = collect_class(CKO_CERTIFICATE, "AddressBook", PR_FALSE, pTemplate,
+                        ulAttributeCount, listp, sizep, count, pError); */
+    count = collect_class(CKO_CERTIFICATE, "CA", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "Root", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "Trust", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "TrustedPeople", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    count = collect_class(CKO_CERTIFICATE, "AuthRoot", PR_FALSE, pTemplate,
+                          ulAttributeCount, listp, sizep, count, pError);
+    return count;
+}
+
+CK_OBJECT_CLASS
+ckcapi_GetObjectClass(CK_ATTRIBUTE_PTR pTemplate,
+                      CK_ULONG ulAttributeCount)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (pTemplate[i].type == CKA_CLASS) {
+            return *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+        }
+    }
+    /* need to return a value that says 'fetch them all' */
+    return CK_INVALID_HANDLE;
+}
+
+static PRUint32
+collect_objects(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    CK_RV *pError)
+{
+    PRUint32 i;
+    PRUint32 count = 0;
+    PRUint32 size = 0;
+    CK_OBJECT_CLASS objClass;
+
+    /*
+     * first handle the static build in objects (if any)
+     */
+    for (i = 0; i < nss_ckcapi_nObjects; i++) {
+        ckcapiInternalObject *o = (ckcapiInternalObject *)&nss_ckcapi_data[i];
+
+        if (CK_TRUE == ckcapi_match(pTemplate, ulAttributeCount, o)) {
+            PUT_Object(o, *pError);
+        }
+    }
+
+    /*
+     * now handle the various object types
+     */
+    objClass = ckcapi_GetObjectClass(pTemplate, ulAttributeCount);
+    *pError = CKR_OK;
+    switch (objClass) {
+        case CKO_CERTIFICATE:
+            count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
+                                                 &size, count, pError);
+            break;
+        case CKO_PUBLIC_KEY:
+            count = collect_class(objClass, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            break;
+        case CKO_PRIVATE_KEY:
+            count = collect_class(objClass, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(objClass, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            break;
+        /* all of them */
+        case CK_INVALID_HANDLE:
+            count = nss_ckcapi_collect_all_certs(pTemplate, ulAttributeCount, listp,
+                                                 &size, count, pError);
+            count = collect_class(CKO_PUBLIC_KEY, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(CKO_PUBLIC_KEY, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            count = collect_class(CKO_PRIVATE_KEY, "My", PR_TRUE, pTemplate,
+                                  ulAttributeCount, listp, &size, count, pError);
+            count = collect_bare(CKO_PRIVATE_KEY, pTemplate, ulAttributeCount, listp,
+                                 &size, count, pError);
+            break;
+        default:
+            goto done; /* no other object types we understand in this module */
+    }
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+done:
+    return count;
+loser:
+    nss_ZFreeIf(*listp);
+    return 0;
+}
+
+NSS_IMPLEMENT NSSCKMDFindObjects *
+nss_ckcapi_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    /* This could be made more efficient.  I'm rather rushed. */
+    NSSArena *arena;
+    NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+    struct ckcapiFOStr *fo = (struct ckcapiFOStr *)NULL;
+    ckcapiInternalObject **temp = (ckcapiInternalObject **)NULL;
+
+    arena = NSSArena_Create();
+    if ((NSSArena *)NULL == arena) {
+        goto loser;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+    if ((NSSCKMDFindObjects *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fo = nss_ZNEW(arena, struct ckcapiFOStr);
+    if ((struct ckcapiFOStr *)NULL == fo) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fo->arena = arena;
+    /* fo->n and fo->i are already zero */
+
+    rv->etc = (void *)fo;
+    rv->Final = ckcapi_mdFindObjects_Final;
+    rv->Next = ckcapi_mdFindObjects_Next;
+    rv->null = (void *)NULL;
+
+    fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
+    if (*pError != CKR_OK) {
+        goto loser;
+    }
+
+    fo->objs = nss_ZNEWARRAY(arena, ckcapiInternalObject *, fo->n);
+    if ((ckcapiInternalObject **)NULL == fo->objs) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckcapiInternalObject *) * fo->n);
+    nss_ZFreeIf(temp);
+    temp = (ckcapiInternalObject **)NULL;
+
+    return rv;
+
+loser:
+    nss_ZFreeIf(temp);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(rv);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+    return (NSSCKMDFindObjects *)NULL;
+}
diff --git a/nss/lib/ckfw/capi/cinst.c b/nss/lib/ckfw/capi/cinst.c
new file mode 100644
index 0000000..937c289
--- /dev/null
+++ b/nss/lib/ckfw/capi/cinst.c
@@ -0,0 +1,97 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckcapi.h"
+
+/*
+ * ckcapi/cinstance.c
+ *
+ * This file implements the NSSCKMDInstance object for the
+ * "capi" cryptoki module.
+ */
+
+/*
+ * NSSCKMDInstance methods
+ */
+
+static CK_ULONG
+ckcapi_mdInstance_GetNSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (CK_ULONG)1;
+}
+
+static CK_VERSION
+ckcapi_mdInstance_GetCryptokiVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckcapi_CryptokiVersion;
+}
+
+static NSSUTF8 *
+ckcapi_mdInstance_GetManufacturerID(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+}
+
+static NSSUTF8 *
+ckcapi_mdInstance_GetLibraryDescription(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_LibraryDescription;
+}
+
+static CK_VERSION
+ckcapi_mdInstance_GetLibraryVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckcapi_LibraryVersion;
+}
+
+static CK_RV
+ckcapi_mdInstance_GetSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *slots[])
+{
+    slots[0] = (NSSCKMDSlot *)&nss_ckcapi_mdSlot;
+    return CKR_OK;
+}
+
+static CK_BBOOL
+ckcapi_mdInstance_ModuleHandlesSessionObjects(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    /* we don't want to allow any session object creation, at least
+     * until we can investigate whether or not we can use those objects
+     */
+    return CK_TRUE;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDInstance
+    nss_ckcapi_mdInstance = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Finalize */
+        ckcapi_mdInstance_GetNSlots,
+        ckcapi_mdInstance_GetCryptokiVersion,
+        ckcapi_mdInstance_GetManufacturerID,
+        ckcapi_mdInstance_GetLibraryDescription,
+        ckcapi_mdInstance_GetLibraryVersion,
+        ckcapi_mdInstance_ModuleHandlesSessionObjects,
+        /*NULL, /* HandleSessionObjects */
+        ckcapi_mdInstance_GetSlots,
+        NULL,        /* WaitForSlotEvent */
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/capi/ckcapi.h b/nss/lib/ckfw/capi/ckcapi.h
new file mode 100644
index 0000000..2c4b12a
--- /dev/null
+++ b/nss/lib/ckfw/capi/ckcapi.h
@@ -0,0 +1,242 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKCAPI_H
+#define CKCAPI_H 1
+
+#include "nssckmdt.h"
+#include "nssckfw.h"
+
+/*
+ * I'm including this for access to the arena functions.
+ * Looks like we should publish that API.
+ */
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+/*
+ * This is where the Netscape extensions live, at least for now.
+ */
+#ifndef CKT_H
+#include "ckt.h"
+#endif /* CKT_H */
+
+#include "wtypes.h"
+#include "wincrypt.h"
+
+/*
+ * statically defined raw objects. Allows us to data description objects
+ * to this PKCS #11 module.
+ */
+struct ckcapiRawObjectStr {
+    CK_ULONG n;
+    const CK_ATTRIBUTE_TYPE *types;
+    const NSSItem *items;
+};
+typedef struct ckcapiRawObjectStr ckcapiRawObject;
+
+/*
+ * common values needed for both bare keys and cert referenced keys.
+ */
+struct ckcapiKeyParamsStr {
+    NSSItem modulus;
+    NSSItem exponent;
+    NSSItem privateExponent;
+    NSSItem prime1;
+    NSSItem prime2;
+    NSSItem exponent1;
+    NSSItem exponent2;
+    NSSItem coefficient;
+    unsigned char publicExponentData[sizeof(CK_ULONG)];
+    void *privateKey;
+    void *pubKey;
+};
+typedef struct ckcapiKeyParamsStr ckcapiKeyParams;
+
+/*
+ * Key objects. Handles bare keys which do not yet have certs associated
+ * with them. These are usually short lived, but may exist for several days
+ * while the CA is issuing the certificate.
+ */
+struct ckcapiKeyObjectStr {
+    CRYPT_KEY_PROV_INFO provInfo;
+    char *provName;
+    char *containerName;
+    HCRYPTPROV hProv;
+    ckcapiKeyParams key;
+};
+typedef struct ckcapiKeyObjectStr ckcapiKeyObject;
+
+/*
+ * Certificate and certificate referenced keys.
+ */
+struct ckcapiCertObjectStr {
+    PCCERT_CONTEXT certContext;
+    PRBool hasID;
+    const char *certStore;
+    NSSItem label;
+    NSSItem subject;
+    NSSItem issuer;
+    NSSItem serial;
+    NSSItem derCert;
+    ckcapiKeyParams key;
+    unsigned char *labelData;
+    /* static data: to do, make this dynamic like labelData */
+    unsigned char derSerial[128];
+};
+typedef struct ckcapiCertObjectStr ckcapiCertObject;
+
+typedef enum {
+    ckcapiRaw,
+    ckcapiCert,
+    ckcapiBareKey
+} ckcapiObjectType;
+
+/*
+ * all the various types of objects are abstracted away in cobject and
+ * cfind as ckcapiInternalObjects.
+ */
+struct ckcapiInternalObjectStr {
+    ckcapiObjectType type;
+    union {
+        ckcapiRawObject raw;
+        ckcapiCertObject cert;
+        ckcapiKeyObject key;
+    } u;
+    CK_OBJECT_CLASS objClass;
+    NSSItem hashKey;
+    NSSItem id;
+    void *idData;
+    unsigned char hashKeyData[128];
+    NSSCKMDObject mdObject;
+};
+typedef struct ckcapiInternalObjectStr ckcapiInternalObject;
+
+/* our raw object data array */
+NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[];
+NSS_EXTERN_DATA const PRUint32 nss_ckcapi_nObjects;
+
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_CryptokiVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_ManufacturerID;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_LibraryDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_LibraryVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_SlotDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_HardwareVersion;
+NSS_EXTERN_DATA const CK_VERSION nss_ckcapi_FirmwareVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenLabel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenModel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckcapi_TokenSerialNumber;
+
+NSS_EXTERN_DATA const NSSCKMDInstance nss_ckcapi_mdInstance;
+NSS_EXTERN_DATA const NSSCKMDSlot nss_ckcapi_mdSlot;
+NSS_EXTERN_DATA const NSSCKMDToken nss_ckcapi_mdToken;
+NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA;
+
+NSS_EXTERN NSSCKMDSession *
+nss_ckcapi_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDFindObjects *
+nss_ckcapi_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * Object Utilities
+ */
+NSS_EXTERN NSSCKMDObject *
+nss_ckcapi_CreateMDObject(
+    NSSArena *arena,
+    ckcapiInternalObject *io,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDObject *
+nss_ckcapi_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+NSS_EXTERN const NSSItem *
+nss_ckcapi_FetchAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type);
+
+NSS_EXTERN void
+nss_ckcapi_DestroyInternalObject(
+    ckcapiInternalObject *io);
+
+NSS_EXTERN CK_RV
+nss_ckcapi_FetchKeyContainer(
+    ckcapiInternalObject *iKey,
+    HCRYPTPROV *hProv,
+    DWORD *keySpec,
+    HCRYPTKEY *hKey);
+
+/*
+ * generic utilities
+ */
+
+/*
+ * So everyone else in the worlds stores their bignum data MSB first, but not
+ * Microsoft, we need to byte swap everything coming into and out of CAPI.
+ */
+void
+ckcapi_ReverseData(
+    NSSItem *item);
+
+/*
+ * unwrap a single DER value
+ */
+unsigned char *
+nss_ckcapi_DERUnwrap(
+    unsigned char *src,
+    unsigned int size,
+    unsigned int *outSize,
+    unsigned char **next);
+
+/*
+ * Return the size in bytes of a wide string
+ */
+int
+nss_ckcapi_WideSize(
+    LPCWSTR wide);
+
+/*
+ * Covert a Unicode wide character string to a UTF8 string
+ */
+char *
+nss_ckcapi_WideToUTF8(
+    LPCWSTR wide);
+
+/*
+ * Return a Wide String duplicated with nss allocated memory.
+ */
+LPWSTR
+nss_ckcapi_WideDup(
+    LPCWSTR wide);
+
+/*
+ * Covert a UTF8 string to Unicode wide character
+ */
+LPWSTR
+nss_ckcapi_UTF8ToWide(
+    char *buf);
+
+NSS_EXTERN PRUint32
+nss_ckcapi_collect_all_certs(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckcapiInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError);
+
+#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0])))
+
+#endif
diff --git a/nss/lib/ckfw/capi/ckcapiver.c b/nss/lib/ckfw/capi/ckcapiver.c
new file mode 100644
index 0000000..825b630
--- /dev/null
+++ b/nss/lib/ckfw/capi/ckcapiver.c
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* Library identity and versioning */
+
+#include "nsscapi.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING;
diff --git a/nss/lib/ckfw/capi/cobject.c b/nss/lib/ckfw/capi/cobject.c
new file mode 100644
index 0000000..c4b77d2
--- /dev/null
+++ b/nss/lib/ckfw/capi/cobject.c
@@ -0,0 +1,2226 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckcapi.h"
+#include "nssbase.h"
+
+/*
+ * ckcapi/cobject.c
+ *
+ * This file implements the NSSCKMDObject object for the
+ * "nss to capi objects" cryptoki module.
+ */
+
+const CK_ATTRIBUTE_TYPE certAttrs[] = {
+    CKA_CLASS,
+    CKA_TOKEN,
+    CKA_PRIVATE,
+    CKA_MODIFIABLE,
+    CKA_LABEL,
+    CKA_CERTIFICATE_TYPE,
+    CKA_SUBJECT,
+    CKA_ISSUER,
+    CKA_SERIAL_NUMBER,
+    CKA_VALUE
+};
+const PRUint32 certAttrsCount = NSS_CKCAPI_ARRAY_SIZE(certAttrs);
+
+/* private keys, for now only support RSA */
+const CK_ATTRIBUTE_TYPE privKeyAttrs[] = {
+    CKA_CLASS,
+    CKA_TOKEN,
+    CKA_PRIVATE,
+    CKA_MODIFIABLE,
+    CKA_LABEL,
+    CKA_KEY_TYPE,
+    CKA_DERIVE,
+    CKA_LOCAL,
+    CKA_SUBJECT,
+    CKA_SENSITIVE,
+    CKA_DECRYPT,
+    CKA_SIGN,
+    CKA_SIGN_RECOVER,
+    CKA_UNWRAP,
+    CKA_EXTRACTABLE,
+    CKA_ALWAYS_SENSITIVE,
+    CKA_NEVER_EXTRACTABLE,
+    CKA_MODULUS,
+    CKA_PUBLIC_EXPONENT,
+};
+const PRUint32 privKeyAttrsCount = NSS_CKCAPI_ARRAY_SIZE(privKeyAttrs);
+
+/* public keys, for now only support RSA */
+const CK_ATTRIBUTE_TYPE pubKeyAttrs[] = {
+    CKA_CLASS,
+    CKA_TOKEN,
+    CKA_PRIVATE,
+    CKA_MODIFIABLE,
+    CKA_LABEL,
+    CKA_KEY_TYPE,
+    CKA_DERIVE,
+    CKA_LOCAL,
+    CKA_SUBJECT,
+    CKA_ENCRYPT,
+    CKA_VERIFY,
+    CKA_VERIFY_RECOVER,
+    CKA_WRAP,
+    CKA_MODULUS,
+    CKA_PUBLIC_EXPONENT,
+};
+const PRUint32 pubKeyAttrsCount = NSS_CKCAPI_ARRAY_SIZE(pubKeyAttrs);
+static const CK_BBOOL ck_true = CK_TRUE;
+static const CK_BBOOL ck_false = CK_FALSE;
+static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509;
+static const CK_KEY_TYPE ckk_rsa = CKK_RSA;
+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
+static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY;
+static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY;
+static const NSSItem ckcapi_trueItem = {
+    (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckcapi_falseItem = {
+    (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckcapi_x509Item = {
+    (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE)
+};
+static const NSSItem ckcapi_rsaItem = {
+    (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE)
+};
+static const NSSItem ckcapi_certClassItem = {
+    (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckcapi_privKeyClassItem = {
+    (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckcapi_pubKeyClassItem = {
+    (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckcapi_emptyItem = {
+    (void *)&ck_true, 0
+};
+
+/*
+ * these are utilities. The chould be moved to a new utilities file.
+ */
+
+/*
+ * unwrap a single DER value
+ */
+unsigned char *
+nss_ckcapi_DERUnwrap(
+    unsigned char *src,
+    unsigned int size,
+    unsigned int *outSize,
+    unsigned char **next)
+{
+    unsigned char *start = src;
+    unsigned char *end = src + size;
+    unsigned int len = 0;
+
+    /* initialize error condition return values */
+    *outSize = 0;
+    if (next) {
+        *next = src;
+    }
+
+    if (size < 2) {
+        return start;
+    }
+    src++; /* skip the tag -- should check it against an expected value! */
+    len = (unsigned)*src++;
+    if (len & 0x80) {
+        unsigned int count = len & 0x7f;
+        len = 0;
+
+        if (count + 2 > size) {
+            return start;
+        }
+        while (count-- > 0) {
+            len = (len << 8) | (unsigned)*src++;
+        }
+    }
+    if (len + (src - start) > size) {
+        return start;
+    }
+    if (next) {
+        *next = src + len;
+    }
+    *outSize = len;
+
+    return src;
+}
+
+/*
+ * convert a PKCS #11 bytestrin into a CK_ULONG, the byte stream must be
+ * less than sizeof (CK_ULONG).
+ */
+CK_ULONG
+nss_ckcapi_DataToInt(
+    NSSItem *data,
+    CK_RV *pError)
+{
+    CK_ULONG value = 0;
+    unsigned long count = data->size;
+    unsigned char *dataPtr = data->data;
+    unsigned long size = 0;
+
+    *pError = CKR_OK;
+
+    while (count--) {
+        value = value << 8;
+        value = value + *dataPtr++;
+        if (size || value) {
+            size++;
+        }
+    }
+    if (size > sizeof(CK_ULONG)) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    return value;
+}
+
+/*
+ * convert a CK_ULONG to a bytestream. Data is stored in the buffer 'buf'
+ * and must be at least CK_ULONG. Caller must provide buf.
+ */
+CK_ULONG
+nss_ckcapi_IntToData(
+    CK_ULONG value,
+    NSSItem *data,
+    unsigned char *dataPtr,
+    CK_RV *pError)
+{
+    unsigned long count = 0;
+    unsigned long i;
+#define SHIFT ((sizeof(CK_ULONG) - 1) * 8)
+    PRBool first = 0;
+
+    *pError = CKR_OK;
+
+    data->data = dataPtr;
+    for (i = 0; i < sizeof(CK_ULONG); i++) {
+        unsigned char digit = (unsigned char)((value >> SHIFT) & 0xff);
+
+        value = value << 8;
+
+        /* drop leading zero bytes */
+        if (first && (0 == digit)) {
+            continue;
+        }
+        *dataPtr++ = digit;
+        count++;
+    }
+    data->size = count;
+    return count;
+}
+
+/*
+ * get an attribute from a template. Value is returned in NSS item.
+ * data for the item is owned by the template.
+ */
+CK_RV
+nss_ckcapi_GetAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    NSSItem *item)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < templateSize; i++) {
+        if (template[i].type == type) {
+            item->data = template[i].pValue;
+            item->size = template[i].ulValueLen;
+            return CKR_OK;
+        }
+    }
+    return CKR_TEMPLATE_INCOMPLETE;
+}
+
+/*
+ * get an attribute which is type CK_ULONG.
+ */
+CK_ULONG
+nss_ckcapi_GetULongAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
+{
+    NSSItem item;
+
+    *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+    if (item.size != sizeof(CK_ULONG)) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (CK_ULONG)0;
+    }
+    return *(CK_ULONG *)item.data;
+}
+
+/*
+ * get an attribute which is type CK_BBOOL.
+ */
+CK_BBOOL
+nss_ckcapi_GetBoolAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
+{
+    NSSItem item;
+
+    *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (CK_BBOOL)0;
+    }
+    if (item.size != sizeof(CK_BBOOL)) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (CK_BBOOL)0;
+    }
+    return *(CK_BBOOL *)item.data;
+}
+
+/*
+ * get an attribute which is type CK_BBOOL.
+ */
+char *
+nss_ckcapi_GetStringAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
+{
+    NSSItem item;
+    char *str;
+
+    /* get the attribute */
+    *pError = nss_ckcapi_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (char *)NULL;
+    }
+    /* make sure it is null terminated */
+    str = nss_ZNEWARRAY(NULL, char, item.size + 1);
+    if ((char *)NULL == str) {
+        *pError = CKR_HOST_MEMORY;
+        return (char *)NULL;
+    }
+
+    nsslibc_memcpy(str, item.data, item.size);
+    str[item.size] = 0;
+
+    return str;
+}
+
+/*
+ * Return the size in bytes of a wide string, including the terminating null
+ * character
+ */
+int
+nss_ckcapi_WideSize(
+    LPCWSTR wide)
+{
+    DWORD size;
+
+    if ((LPWSTR)NULL == wide) {
+        return 0;
+    }
+    size = wcslen(wide) + 1;
+    return size * sizeof(WCHAR);
+}
+
+/*
+ * Covert a Unicode wide character string to a UTF8 string
+ */
+char *
+nss_ckcapi_WideToUTF8(
+    LPCWSTR wide)
+{
+    DWORD size;
+    char *buf;
+
+    if ((LPWSTR)NULL == wide) {
+        return (char *)NULL;
+    }
+
+    size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, NULL, 0, NULL, 0);
+    if (size == 0) {
+        return (char *)NULL;
+    }
+    buf = nss_ZNEWARRAY(NULL, char, size);
+    size = WideCharToMultiByte(CP_UTF8, 0, wide, -1, buf, size, NULL, 0);
+    if (size == 0) {
+        nss_ZFreeIf(buf);
+        return (char *)NULL;
+    }
+    return buf;
+}
+
+/*
+ * Return a Wide String duplicated with nss allocated memory.
+ */
+LPWSTR
+nss_ckcapi_WideDup(
+    LPCWSTR wide)
+{
+    DWORD len;
+    LPWSTR buf;
+
+    if ((LPWSTR)NULL == wide) {
+        return (LPWSTR)NULL;
+    }
+
+    len = wcslen(wide) + 1;
+
+    buf = nss_ZNEWARRAY(NULL, WCHAR, len);
+    if ((LPWSTR)NULL == buf) {
+        return buf;
+    }
+    nsslibc_memcpy(buf, wide, len * sizeof(WCHAR));
+    return buf;
+}
+
+/*
+ * Covert a UTF8 string to Unicode wide character
+ */
+LPWSTR
+nss_ckcapi_UTF8ToWide(
+    char *buf)
+{
+    DWORD size;
+    LPWSTR wide;
+
+    if ((char *)NULL == buf) {
+        return (LPWSTR)NULL;
+    }
+
+    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
+    if (size == 0) {
+        return (LPWSTR)NULL;
+    }
+    wide = nss_ZNEWARRAY(NULL, WCHAR, size);
+    size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
+    if (size == 0) {
+        nss_ZFreeIf(wide);
+        return (LPWSTR)NULL;
+    }
+    return wide;
+}
+
+/*
+ * keep all the knowlege of how the internalObject is laid out in this function
+ *
+ * nss_ckcapi_FetchKeyContainer
+ *
+ * fetches the Provider container and info as well as a key handle for a
+ * private key. If something other than a private key is passed in,
+ * this function fails with CKR_KEY_TYPE_INCONSISTENT
+ */
+NSS_EXTERN CK_RV
+nss_ckcapi_FetchKeyContainer(
+    ckcapiInternalObject *iKey,
+    HCRYPTPROV *hProv,
+    DWORD *keySpec,
+    HCRYPTKEY *hKey)
+{
+    ckcapiCertObject *co;
+    ckcapiKeyObject *ko;
+    BOOL rc, dummy;
+    DWORD msError;
+
+    switch (iKey->type) {
+        default:
+        case ckcapiRaw:
+            /* can't have raw private keys */
+            return CKR_KEY_TYPE_INCONSISTENT;
+        case ckcapiCert:
+            if (iKey->objClass != CKO_PRIVATE_KEY) {
+                /* Only private keys have private key provider handles */
+                return CKR_KEY_TYPE_INCONSISTENT;
+            }
+            co = &iKey->u.cert;
+
+            /* OK, get the Provider */
+            rc = CryptAcquireCertificatePrivateKey(co->certContext,
+                                                   CRYPT_ACQUIRE_CACHE_FLAG |
+                                                       CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
+                                                   NULL, hProv,
+                                                   keySpec, &dummy);
+            if (!rc) {
+                goto loser;
+            }
+            break;
+        case ckcapiBareKey:
+            if (iKey->objClass != CKO_PRIVATE_KEY) {
+                /* Only private keys have private key provider handles */
+                return CKR_KEY_TYPE_INCONSISTENT;
+            }
+            ko = &iKey->u.key;
+
+            /* OK, get the Provider */
+            if (0 == ko->hProv) {
+                rc =
+                    CryptAcquireContext(hProv,
+                                        ko->containerName,
+                                        ko->provName,
+                                        ko->provInfo.dwProvType, 0);
+                if (!rc) {
+                    goto loser;
+                }
+            } else {
+                *hProv =
+                    ko->hProv;
+            }
+            *keySpec = ko->provInfo.dwKeySpec;
+            break;
+    }
+
+    /* and get the crypto handle */
+    rc = CryptGetUserKey(*hProv, *keySpec, hKey);
+    if (!rc) {
+        goto loser;
+    }
+    return CKR_OK;
+loser:
+    /* map the microsoft error before leaving */
+    msError = GetLastError();
+    switch (msError) {
+        case ERROR_INVALID_HANDLE:
+        case ERROR_INVALID_PARAMETER:
+        case NTE_BAD_KEY:
+        case NTE_NO_KEY:
+        case NTE_BAD_PUBLIC_KEY:
+        case NTE_BAD_KEYSET:
+        case NTE_KEYSET_NOT_DEF:
+            return CKR_KEY_TYPE_INCONSISTENT;
+        case NTE_BAD_UID:
+        case NTE_KEYSET_ENTRY_BAD:
+            return CKR_DEVICE_ERROR;
+    }
+    return CKR_GENERAL_ERROR;
+}
+
+/*
+ * take a DER PUBLIC Key block and return the modulus and exponent
+ */
+static void
+ckcapi_CertPopulateModulusExponent(
+    ckcapiInternalObject *io)
+{
+    ckcapiKeyParams *kp = &io->u.cert.key;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    unsigned char *pkData =
+        certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData;
+    unsigned int size =
+        certContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData;
+    unsigned int newSize;
+    unsigned char *ptr, *newptr;
+
+    /* find the start of the modulus -- this will not give good results if
+     * the key isn't an rsa key! */
+    ptr = nss_ckcapi_DERUnwrap(pkData, size, &newSize, NULL);
+    kp->modulus.data = nss_ckcapi_DERUnwrap(ptr, newSize,
+                                            &kp->modulus.size, &newptr);
+    /* changed from signed to unsigned int */
+    if (0 == *(char *)kp->modulus.data) {
+        kp->modulus.data = ((char *)kp->modulus.data) + 1;
+        kp->modulus.size = kp->modulus.size - 1;
+    }
+    /* changed from signed to unsigned int */
+    kp->exponent.data = nss_ckcapi_DERUnwrap(newptr, (newptr - ptr) + newSize,
+                                             &kp->exponent.size, NULL);
+    if (0 == *(char *)kp->exponent.data) {
+        kp->exponent.data = ((char *)kp->exponent.data) + 1;
+        kp->exponent.size = kp->exponent.size - 1;
+    }
+    return;
+}
+
+typedef struct _CAPI_RSA_KEY_BLOB {
+    PUBLICKEYSTRUC header;
+    RSAPUBKEY rsa;
+    char data[1];
+} CAPI_RSA_KEY_BLOB;
+
+#define CAPI_MODULUS_OFFSET(modSize) 0
+#define CAPI_PRIME_1_OFFSET(modSize) (modSize)
+#define CAPI_PRIME_2_OFFSET(modSize) ((modSize) + (modSize) / 2)
+#define CAPI_EXPONENT_1_OFFSET(modSize) ((modSize)*2)
+#define CAPI_EXPONENT_2_OFFSET(modSize) ((modSize)*2 + (modSize) / 2)
+#define CAPI_COEFFICIENT_OFFSET(modSize) ((modSize)*3)
+#define CAPI_PRIVATE_EXP_OFFSET(modSize) ((modSize)*3 + (modSize) / 2)
+
+void
+ckcapi_FetchPublicKey(
+    ckcapiInternalObject *io)
+{
+    ckcapiKeyParams *kp;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey = 0;
+    CK_RV error;
+    DWORD bufLen;
+    BOOL rc;
+    unsigned long modulus;
+    char *buf = NULL;
+    CAPI_RSA_KEY_BLOB *blob;
+
+    error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+    kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
+
+    rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    buf = nss_ZNEWARRAY(NULL, char, bufLen);
+    rc = CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    /* validate the blob */
+    blob = (CAPI_RSA_KEY_BLOB *)buf;
+    if ((PUBLICKEYBLOB != blob->header.bType) ||
+        (0x02 != blob->header.bVersion) ||
+        (0x31415352 != blob->rsa.magic)) {
+        goto loser;
+    }
+    modulus = blob->rsa.bitlen / 8;
+    kp->pubKey = buf;
+    buf = NULL;
+
+    kp->modulus.data = &blob->data[CAPI_MODULUS_OFFSET(modulus)];
+    kp->modulus.size = modulus;
+    ckcapi_ReverseData(&kp->modulus);
+    nss_ckcapi_IntToData(blob->rsa.pubexp, &kp->exponent,
+                         kp->publicExponentData, &error);
+
+loser:
+    nss_ZFreeIf(buf);
+    if (0 != hKey) {
+        CryptDestroyKey(hKey);
+    }
+    return;
+}
+
+void
+ckcapi_FetchPrivateKey(
+    ckcapiInternalObject *io)
+{
+    ckcapiKeyParams *kp;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey = 0;
+    CK_RV error;
+    DWORD bufLen;
+    BOOL rc;
+    unsigned long modulus;
+    char *buf = NULL;
+    CAPI_RSA_KEY_BLOB *blob;
+
+    error = nss_ckcapi_FetchKeyContainer(io, &hProv, &keySpec, &hKey);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+    kp = (ckcapiCert == io->type) ? &io->u.cert.key : &io->u.key.key;
+
+    rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    buf = nss_ZNEWARRAY(NULL, char, bufLen);
+    rc = CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, buf, &bufLen);
+    if (!rc) {
+        goto loser;
+    }
+    /* validate the blob */
+    blob = (CAPI_RSA_KEY_BLOB *)buf;
+    if ((PRIVATEKEYBLOB != blob->header.bType) ||
+        (0x02 != blob->header.bVersion) ||
+        (0x32415352 != blob->rsa.magic)) {
+        goto loser;
+    }
+    modulus = blob->rsa.bitlen / 8;
+    kp->privateKey = buf;
+    buf = NULL;
+
+    kp->privateExponent.data = &blob->data[CAPI_PRIVATE_EXP_OFFSET(modulus)];
+    kp->privateExponent.size = modulus;
+    ckcapi_ReverseData(&kp->privateExponent);
+    kp->prime1.data = &blob->data[CAPI_PRIME_1_OFFSET(modulus)];
+    kp->prime1.size = modulus / 2;
+    ckcapi_ReverseData(&kp->prime1);
+    kp->prime2.data = &blob->data[CAPI_PRIME_2_OFFSET(modulus)];
+    kp->prime2.size = modulus / 2;
+    ckcapi_ReverseData(&kp->prime2);
+    kp->exponent1.data = &blob->data[CAPI_EXPONENT_1_OFFSET(modulus)];
+    kp->exponent1.size = modulus / 2;
+    ckcapi_ReverseData(&kp->exponent1);
+    kp->exponent2.data = &blob->data[CAPI_EXPONENT_2_OFFSET(modulus)];
+    kp->exponent2.size = modulus / 2;
+    ckcapi_ReverseData(&kp->exponent2);
+    kp->coefficient.data = &blob->data[CAPI_COEFFICIENT_OFFSET(modulus)];
+    kp->coefficient.size = modulus / 2;
+    ckcapi_ReverseData(&kp->coefficient);
+
+loser:
+    nss_ZFreeIf(buf);
+    if (0 != hKey) {
+        CryptDestroyKey(hKey);
+    }
+    return;
+}
+
+void
+ckcapi_PopulateModulusExponent(
+    ckcapiInternalObject *io)
+{
+    if (ckcapiCert == io->type) {
+        ckcapi_CertPopulateModulusExponent(io);
+    } else {
+        ckcapi_FetchPublicKey(io);
+    }
+    return;
+}
+
+/*
+ * fetch the friendly name attribute.
+ * can only be called with ckcapiCert type objects!
+ */
+void
+ckcapi_FetchLabel(
+    ckcapiInternalObject *io)
+{
+    ckcapiCertObject *co = &io->u.cert;
+    char *label;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    char labelDataUTF16[128];
+    DWORD size = sizeof(labelDataUTF16);
+    DWORD size8 = sizeof(co->labelData);
+    BOOL rv;
+
+    rv = CertGetCertificateContextProperty(certContext,
+                                           CERT_FRIENDLY_NAME_PROP_ID, labelDataUTF16, &size);
+    if (rv) {
+        co->labelData = nss_ckcapi_WideToUTF8((LPCWSTR)labelDataUTF16);
+        if ((CHAR *)NULL == co->labelData) {
+            rv = 0;
+        } else {
+            size = strlen(co->labelData);
+        }
+    }
+    label = co->labelData;
+    /* we are presuming a user cert, make sure it has a nickname, even if
+     * Microsoft never gave it one */
+    if (!rv && co->hasID) {
+        DWORD mserror = GetLastError();
+#define DEFAULT_NICKNAME "no Microsoft nickname"
+        label = DEFAULT_NICKNAME;
+        size = sizeof(DEFAULT_NICKNAME);
+        rv = 1;
+    }
+
+    if (rv) {
+        co->label.data = label;
+        co->label.size = size;
+    }
+    return;
+}
+
+void
+ckcapi_FetchSerial(
+    ckcapiInternalObject *io)
+{
+    ckcapiCertObject *co = &io->u.cert;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    DWORD size = sizeof(co->derSerial);
+
+    BOOL rc = CryptEncodeObject(X509_ASN_ENCODING,
+                                X509_MULTI_BYTE_INTEGER,
+                                &certContext->pCertInfo->SerialNumber,
+                                co->derSerial,
+                                &size);
+    if (rc) {
+        co->serial.data = co->derSerial;
+        co->serial.size = size;
+    }
+    return;
+}
+
+/*
+ * fetch the key ID.
+ */
+void
+ckcapi_FetchID(
+    ckcapiInternalObject *io)
+{
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    DWORD size = 0;
+    BOOL rc;
+
+    rc = CertGetCertificateContextProperty(certContext,
+                                           CERT_KEY_IDENTIFIER_PROP_ID, NULL, &size);
+    if (!rc) {
+        return;
+    }
+    io->idData = nss_ZNEWARRAY(NULL, char, size);
+    if (io->idData == NULL) {
+        return;
+    }
+
+    rc = CertGetCertificateContextProperty(certContext,
+                                           CERT_KEY_IDENTIFIER_PROP_ID, io->idData, &size);
+    if (!rc) {
+        nss_ZFreeIf(io->idData);
+        io->idData = NULL;
+        return;
+    }
+    io->id.data = io->idData;
+    io->id.size = size;
+    return;
+}
+
+/*
+ * fetch the hash key.
+ */
+void
+ckcapi_CertFetchHashKey(
+    ckcapiInternalObject *io)
+{
+    ckcapiCertObject *co = &io->u.cert;
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    DWORD size = certContext->cbCertEncoded;
+    DWORD max = sizeof(io->hashKeyData) - 1;
+    DWORD offset = 0;
+
+    /* make sure we don't over flow. NOTE: cutting the top of a cert is
+     * not a big issue because the signature for will be unique for the cert */
+    if (size > max) {
+        offset = size - max;
+        size = max;
+    }
+
+    nsslibc_memcpy(io->hashKeyData, certContext->pbCertEncoded + offset, size);
+    io->hashKeyData[size] = (char)(io->objClass & 0xff);
+
+    io->hashKey.data = io->hashKeyData;
+    io->hashKey.size = size + 1;
+    return;
+}
+
+/*
+ * fetch the hash key.
+ */
+void
+ckcapi_KeyFetchHashKey(
+    ckcapiInternalObject *io)
+{
+    ckcapiKeyObject *ko = &io->u.key;
+    DWORD size;
+    DWORD max = sizeof(io->hashKeyData) - 2;
+    DWORD offset = 0;
+    DWORD provLen = strlen(ko->provName);
+    DWORD containerLen = strlen(ko->containerName);
+
+    size = provLen + containerLen;
+
+    /* make sure we don't overflow, try to keep things unique */
+    if (size > max) {
+        DWORD diff = ((size - max) + 1) / 2;
+        provLen -= diff;
+        containerLen -= diff;
+        size = provLen + containerLen;
+    }
+
+    nsslibc_memcpy(io->hashKeyData, ko->provName, provLen);
+    nsslibc_memcpy(&io->hashKeyData[provLen],
+                   ko->containerName,
+                   containerLen);
+    io->hashKeyData[size] = (char)(io->objClass & 0xff);
+    io->hashKeyData[size + 1] = (char)(ko->provInfo.dwKeySpec & 0xff);
+
+    io->hashKey.data = io->hashKeyData;
+    io->hashKey.size = size + 2;
+    return;
+}
+
+/*
+ * fetch the hash key.
+ */
+void
+ckcapi_FetchHashKey(
+    ckcapiInternalObject *io)
+{
+    if (ckcapiCert == io->type) {
+        ckcapi_CertFetchHashKey(io);
+    } else {
+        ckcapi_KeyFetchHashKey(io);
+    }
+    return;
+}
+
+const NSSItem *
+ckcapi_FetchCertAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
+{
+    PCCERT_CONTEXT certContext = io->u.cert.certContext;
+    switch (type) {
+        case CKA_CLASS:
+            return &ckcapi_certClassItem;
+        case CKA_TOKEN:
+            return &ckcapi_trueItem;
+        case CKA_MODIFIABLE:
+        case CKA_PRIVATE:
+            return &ckcapi_falseItem;
+        case CKA_CERTIFICATE_TYPE:
+            return &ckcapi_x509Item;
+        case CKA_LABEL:
+            if (0 == io->u.cert.label.size) {
+                ckcapi_FetchLabel(io);
+            }
+            return &io->u.cert.label;
+        case CKA_SUBJECT:
+            if (0 == io->u.cert.subject.size) {
+                io->u.cert.subject.data =
+                    certContext->pCertInfo->Subject.pbData;
+                io->u.cert.subject.size =
+                    certContext->pCertInfo->Subject.cbData;
+            }
+            return &io->u.cert.subject;
+        case CKA_ISSUER:
+            if (0 == io->u.cert.issuer.size) {
+                io->u.cert.issuer.data =
+                    certContext->pCertInfo->Issuer.pbData;
+                io->u.cert.issuer.size =
+                    certContext->pCertInfo->Issuer.cbData;
+            }
+            return &io->u.cert.issuer;
+        case CKA_SERIAL_NUMBER:
+            if (0 == io->u.cert.serial.size) {
+                /* not exactly right. This should be the encoded serial number, but
+                 * it's the decoded serial number! */
+                ckcapi_FetchSerial(io);
+            }
+            return &io->u.cert.serial;
+        case CKA_VALUE:
+            if (0 == io->u.cert.derCert.size) {
+                io->u.cert.derCert.data =
+                    io->u.cert.certContext->pbCertEncoded;
+                io->u.cert.derCert.size =
+                    io->u.cert.certContext->cbCertEncoded;
+            }
+            return &io->u.cert.derCert;
+        case CKA_ID:
+            if (!io->u.cert.hasID) {
+                return NULL;
+            }
+            if (0 == io->id.size) {
+                ckcapi_FetchID(io);
+            }
+            return &io->id;
+        default:
+            break;
+    }
+    return NULL;
+}
+
+const NSSItem *
+ckcapi_FetchPubKeyAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
+{
+    PRBool isCertType = (ckcapiCert == io->type);
+    ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
+
+    switch (type) {
+        case CKA_CLASS:
+            return &ckcapi_pubKeyClassItem;
+        case CKA_TOKEN:
+        case CKA_LOCAL:
+        case CKA_ENCRYPT:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+            return &ckcapi_trueItem;
+        case CKA_PRIVATE:
+        case CKA_MODIFIABLE:
+        case CKA_DERIVE:
+        case CKA_WRAP:
+            return &ckcapi_falseItem;
+        case CKA_KEY_TYPE:
+            return &ckcapi_rsaItem;
+        case CKA_LABEL:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.label.size) {
+                ckcapi_FetchLabel(io);
+            }
+            return &io->u.cert.label;
+        case CKA_SUBJECT:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.subject.size) {
+                PCCERT_CONTEXT certContext =
+                    io->u.cert.certContext;
+                io->u.cert.subject.data =
+                    certContext->pCertInfo->Subject.pbData;
+                io->u.cert.subject.size =
+                    certContext->pCertInfo->Subject.cbData;
+            }
+            return &io->u.cert.subject;
+        case CKA_MODULUS:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->modulus;
+        case CKA_PUBLIC_EXPONENT:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->exponent;
+        case CKA_ID:
+            if (0 == io->id.size) {
+                ckcapi_FetchID(io);
+            }
+            return &io->id;
+        default:
+            break;
+    }
+    return NULL;
+}
+
+const NSSItem *
+ckcapi_FetchPrivKeyAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
+{
+    PRBool isCertType = (ckcapiCert == io->type);
+    ckcapiKeyParams *kp = isCertType ? &io->u.cert.key : &io->u.key.key;
+
+    switch (type) {
+        case CKA_CLASS:
+            return &ckcapi_privKeyClassItem;
+        case CKA_TOKEN:
+        case CKA_LOCAL:
+        case CKA_SIGN:
+        case CKA_DECRYPT:
+        case CKA_SIGN_RECOVER:
+            return &ckcapi_trueItem;
+        case CKA_SENSITIVE:
+        case CKA_PRIVATE: /* should move in the future */
+        case CKA_MODIFIABLE:
+        case CKA_DERIVE:
+        case CKA_UNWRAP:
+        case CKA_EXTRACTABLE: /* will probably move in the future */
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_NEVER_EXTRACTABLE:
+            return &ckcapi_falseItem;
+        case CKA_KEY_TYPE:
+            return &ckcapi_rsaItem;
+        case CKA_LABEL:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.label.size) {
+                ckcapi_FetchLabel(io);
+            }
+            return &io->u.cert.label;
+        case CKA_SUBJECT:
+            if (!isCertType) {
+                return &ckcapi_emptyItem;
+            }
+            if (0 == io->u.cert.subject.size) {
+                PCCERT_CONTEXT certContext =
+                    io->u.cert.certContext;
+                io->u.cert.subject.data =
+                    certContext->pCertInfo->Subject.pbData;
+                io->u.cert.subject.size =
+                    certContext->pCertInfo->Subject.cbData;
+            }
+            return &io->u.cert.subject;
+        case CKA_MODULUS:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->modulus;
+        case CKA_PUBLIC_EXPONENT:
+            if (0 == kp->modulus.size) {
+                ckcapi_PopulateModulusExponent(io);
+            }
+            return &kp->exponent;
+        case CKA_PRIVATE_EXPONENT:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->privateExponent;
+        case CKA_PRIME_1:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->prime1;
+        case CKA_PRIME_2:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->prime2;
+        case CKA_EXPONENT_1:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->exponent1;
+        case CKA_EXPONENT_2:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->exponent2;
+        case CKA_COEFFICIENT:
+            if (0 == kp->privateExponent.size) {
+                ckcapi_FetchPrivateKey(io);
+            }
+            return &kp->coefficient;
+        case CKA_ID:
+            if (0 == io->id.size) {
+                ckcapi_FetchID(io);
+            }
+            return &io->id;
+        default:
+            return NULL;
+    }
+}
+
+const NSSItem *
+nss_ckcapi_FetchAttribute(
+    ckcapiInternalObject *io,
+    CK_ATTRIBUTE_TYPE type)
+{
+    CK_ULONG i;
+
+    if (io->type == ckcapiRaw) {
+        for (i = 0; i < io->u.raw.n; i++) {
+            if (type == io->u.raw.types[i]) {
+                return &io->u.raw.items[i];
+            }
+        }
+        return NULL;
+    }
+    /* deal with the common attributes */
+    switch (io->objClass) {
+        case CKO_CERTIFICATE:
+            return ckcapi_FetchCertAttribute(io, type);
+        case CKO_PRIVATE_KEY:
+            return ckcapi_FetchPrivKeyAttribute(io, type);
+        case CKO_PUBLIC_KEY:
+            return ckcapi_FetchPubKeyAttribute(io, type);
+    }
+    return NULL;
+}
+
+/*
+ * check to see if the certificate already exists
+ */
+static PRBool
+ckcapi_cert_exists(
+    NSSItem *value,
+    ckcapiInternalObject **io)
+{
+    int count, i;
+    PRUint32 size = 0;
+    ckcapiInternalObject **listp = NULL;
+    CK_ATTRIBUTE myTemplate[2];
+    CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
+    CK_ULONG templateCount = 2;
+    CK_RV error;
+    PRBool found = PR_FALSE;
+
+    myTemplate[0].type = CKA_CLASS;
+    myTemplate[0].pValue = &cert_class;
+    myTemplate[0].ulValueLen = sizeof(cert_class);
+    myTemplate[1].type = CKA_VALUE;
+    myTemplate[1].pValue = value->data;
+    myTemplate[1].ulValueLen = value->size;
+
+    count = nss_ckcapi_collect_all_certs(myTemplate, templateCount, &listp,
+                                         &size, 0, &error);
+
+    /* free them */
+    if (count > 1) {
+        *io = listp[0];
+        found = PR_TRUE;
+    }
+
+    for (i = 1; i < count; i++) {
+        nss_ckcapi_DestroyInternalObject(listp[i]);
+    }
+    nss_ZFreeIf(listp);
+    return found;
+}
+
+static PRBool
+ckcapi_cert_hasEmail(
+    PCCERT_CONTEXT certContext)
+{
+    int count;
+
+    count = CertGetNameString(certContext, CERT_NAME_EMAIL_TYPE,
+                              0, NULL, NULL, 0);
+
+    return count > 1 ? PR_TRUE : PR_FALSE;
+}
+
+static PRBool
+ckcapi_cert_isRoot(
+    PCCERT_CONTEXT certContext)
+{
+    return CertCompareCertificateName(certContext->dwCertEncodingType,
+                                      &certContext->pCertInfo->Issuer, &certContext->pCertInfo->Subject);
+}
+
+static PRBool
+ckcapi_cert_isCA(
+    PCCERT_CONTEXT certContext)
+{
+    PCERT_EXTENSION extension;
+    CERT_BASIC_CONSTRAINTS2_INFO basicInfo;
+    DWORD size = sizeof(basicInfo);
+    BOOL rc;
+
+    extension = CertFindExtension(szOID_BASIC_CONSTRAINTS,
+                                  certContext->pCertInfo->cExtension,
+                                  certContext->pCertInfo->rgExtension);
+    if ((PCERT_EXTENSION)NULL == extension) {
+        return PR_FALSE;
+    }
+    rc = CryptDecodeObject(X509_ASN_ENCODING, szOID_BASIC_CONSTRAINTS2,
+                           extension->Value.pbData, extension->Value.cbData,
+                           0, &basicInfo, &size);
+    if (!rc) {
+        return PR_FALSE;
+    }
+    return (PRBool)basicInfo.fCA;
+}
+
+static CRYPT_KEY_PROV_INFO *
+ckcapi_cert_getPrivateKeyInfo(
+    PCCERT_CONTEXT certContext,
+    NSSItem *keyID)
+{
+    BOOL rc;
+    CRYPT_HASH_BLOB msKeyID;
+    DWORD size = 0;
+    CRYPT_KEY_PROV_INFO *prov = NULL;
+
+    msKeyID.cbData = keyID->size;
+    msKeyID.pbData = keyID->data;
+
+    rc = CryptGetKeyIdentifierProperty(
+        &msKeyID,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        0, NULL, NULL, NULL, &size);
+    if (!rc) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+    if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    rc = CryptGetKeyIdentifierProperty(
+        &msKeyID,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        0, NULL, NULL, prov, &size);
+    if (!rc) {
+        nss_ZFreeIf(prov);
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+
+    return prov;
+}
+
+static CRYPT_KEY_PROV_INFO *
+ckcapi_cert_getProvInfo(
+    ckcapiInternalObject *io)
+{
+    BOOL rc;
+    DWORD size = 0;
+    CRYPT_KEY_PROV_INFO *prov = NULL;
+
+    rc = CertGetCertificateContextProperty(
+        io->u.cert.certContext,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        NULL, &size);
+    if (!rc) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    prov = (CRYPT_KEY_PROV_INFO *)nss_ZAlloc(NULL, size);
+    if ((CRYPT_KEY_PROV_INFO *)prov == NULL) {
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+    rc = CertGetCertificateContextProperty(
+        io->u.cert.certContext,
+        CERT_KEY_PROV_INFO_PROP_ID,
+        prov, &size);
+    if (!rc) {
+        nss_ZFreeIf(prov);
+        return (CRYPT_KEY_PROV_INFO *)NULL;
+    }
+
+    return prov;
+}
+
+/* forward declaration */
+static void
+ckcapi_removeObjectFromHash(
+    ckcapiInternalObject *io);
+
+/*
+ * Finalize - unneeded
+ * Destroy
+ * IsTokenObject - CK_TRUE
+ * GetAttributeCount
+ * GetAttributeTypes
+ * GetAttributeSize
+ * GetAttribute
+ * SetAttribute
+ * GetObjectSize
+ */
+
+static CK_RV
+ckcapi_mdObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    CK_OBJECT_CLASS objClass;
+    BOOL rc;
+    DWORD provType;
+    DWORD msError;
+    PRBool isCertType = (PRBool)(ckcapiCert == io->type);
+    HCERTSTORE hStore = 0;
+
+    if (ckcapiRaw == io->type) {
+        /* there is not 'object write protected' error, use the next best thing */
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    objClass = io->objClass;
+    if (CKO_CERTIFICATE == objClass) {
+        PCCERT_CONTEXT certContext;
+
+        /* get the store */
+        hStore = CertOpenSystemStore(0, io->u.cert.certStore);
+        if (0 == hStore) {
+            rc = 0;
+            goto loser;
+        }
+        certContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING, 0,
+                                                 CERT_FIND_EXISTING, io->u.cert.certContext, NULL);
+        if ((PCCERT_CONTEXT)NULL == certContext) {
+            rc = 0;
+            goto loser;
+        }
+        rc = CertDeleteCertificateFromStore(certContext);
+    } else {
+        char *provName = NULL;
+        char *containerName = NULL;
+        HCRYPTPROV hProv;
+        CRYPT_HASH_BLOB msKeyID;
+
+        if (0 == io->id.size) {
+            ckcapi_FetchID(io);
+        }
+
+        if (isCertType) {
+            CRYPT_KEY_PROV_INFO *provInfo = ckcapi_cert_getProvInfo(io);
+            provName = nss_ckcapi_WideToUTF8(provInfo->pwszProvName);
+            containerName = nss_ckcapi_WideToUTF8(provInfo->pwszContainerName);
+            provType = provInfo->dwProvType;
+            nss_ZFreeIf(provInfo);
+        } else {
+            provName = io->u.key.provName;
+            containerName = io->u.key.containerName;
+            provType = io->u.key.provInfo.dwProvType;
+            io->u.key.provName = NULL;
+            io->u.key.containerName = NULL;
+        }
+        /* first remove the key id pointer */
+        msKeyID.cbData = io->id.size;
+        msKeyID.pbData = io->id.data;
+        rc = CryptSetKeyIdentifierProperty(&msKeyID,
+                                           CERT_KEY_PROV_INFO_PROP_ID, CRYPT_KEYID_DELETE_FLAG, NULL, NULL, NULL);
+        if (rc) {
+            rc = CryptAcquireContext(&hProv, containerName, provName, provType,
+                                     CRYPT_DELETEKEYSET);
+        }
+        nss_ZFreeIf(provName);
+        nss_ZFreeIf(containerName);
+    }
+loser:
+
+    if (hStore) {
+        CertCloseStore(hStore, 0);
+    }
+    if (!rc) {
+        msError = GetLastError();
+        return CKR_GENERAL_ERROR;
+    }
+
+    /* remove it from the hash */
+    ckcapi_removeObjectFromHash(io);
+
+    /* free the puppy.. */
+    nss_ckcapi_DestroyInternalObject(io);
+    return CKR_OK;
+}
+
+static CK_BBOOL
+ckcapi_mdObject_IsTokenObject(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_TRUE;
+}
+
+static CK_ULONG
+ckcapi_mdObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+
+    if (ckcapiRaw == io->type) {
+        return io->u.raw.n;
+    }
+    switch (io->objClass) {
+        case CKO_CERTIFICATE:
+            return certAttrsCount;
+        case CKO_PUBLIC_KEY:
+            return pubKeyAttrsCount;
+        case CKO_PRIVATE_KEY:
+            return privKeyAttrsCount;
+        default:
+            break;
+    }
+    return 0;
+}
+
+static CK_RV
+ckcapi_mdObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
+{
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    CK_ULONG i;
+    CK_RV error = CKR_OK;
+    const CK_ATTRIBUTE_TYPE *attrs = NULL;
+    CK_ULONG size = ckcapi_mdObject_GetAttributeCount(
+        mdObject, fwObject, mdSession, fwSession,
+        mdToken, fwToken, mdInstance, fwInstance, &error);
+
+    if (size != ulCount) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+    if (io->type == ckcapiRaw) {
+        attrs = io->u.raw.types;
+    } else
+        switch (io->objClass) {
+            case CKO_CERTIFICATE:
+                attrs =
+                    certAttrs;
+                break;
+            case CKO_PUBLIC_KEY:
+                attrs =
+                    pubKeyAttrs;
+                break;
+            case CKO_PRIVATE_KEY:
+                attrs =
+                    privKeyAttrs;
+                break;
+            default:
+                return CKR_OK;
+        }
+
+    for (i = 0; i < size; i++) {
+        typeArray[i] = attrs[i];
+    }
+
+    return CKR_OK;
+}
+
+static CK_ULONG
+ckcapi_mdObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+
+    const NSSItem *b;
+
+    b = nss_ckcapi_FetchAttribute(io, attribute);
+
+    if ((const NSSItem *)NULL == b) {
+        *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+        return 0;
+    }
+    return b->size;
+}
+
+static CK_RV
+ckcapi_mdObject_SetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value)
+{
+    return CKR_OK;
+}
+
+static NSSCKFWItem
+ckcapi_mdObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    NSSCKFWItem mdItem;
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+
+    mdItem.needsFreeing = PR_FALSE;
+    mdItem.item = (NSSItem *)nss_ckcapi_FetchAttribute(io, attribute);
+
+    if ((NSSItem *)NULL == mdItem.item) {
+        *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    }
+
+    return mdItem;
+}
+
+static CK_ULONG
+ckcapi_mdObject_GetObjectSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    ckcapiInternalObject *io = (ckcapiInternalObject *)mdObject->etc;
+    CK_ULONG rv = 1;
+
+    /* size is irrelevant to this token */
+    return rv;
+}
+
+static const NSSCKMDObject
+    ckcapi_prototype_mdObject = {
+        (void *)NULL, /* etc */
+        NULL,         /* Finalize */
+        ckcapi_mdObject_Destroy,
+        ckcapi_mdObject_IsTokenObject,
+        ckcapi_mdObject_GetAttributeCount,
+        ckcapi_mdObject_GetAttributeTypes,
+        ckcapi_mdObject_GetAttributeSize,
+        ckcapi_mdObject_GetAttribute,
+        NULL, /* FreeAttribute */
+        ckcapi_mdObject_SetAttribute,
+        ckcapi_mdObject_GetObjectSize,
+        (void *)NULL /* null terminator */
+    };
+
+static nssHash *ckcapiInternalObjectHash = NULL;
+
+NSS_IMPLEMENT NSSCKMDObject *
+nss_ckcapi_CreateMDObject(
+    NSSArena *arena,
+    ckcapiInternalObject *io,
+    CK_RV *pError)
+{
+    if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+        ckcapiInternalObjectHash = nssHash_CreateItem(NULL, 10);
+    }
+    if (ckcapiCert == io->type) {
+        /* the hash key, not a cryptographic key */
+        NSSItem *key = &io->hashKey;
+        ckcapiInternalObject *old_o = NULL;
+
+        if (key->size == 0) {
+            ckcapi_FetchHashKey(io);
+        }
+        old_o = (ckcapiInternalObject *)
+            nssHash_Lookup(ckcapiInternalObjectHash, key);
+        if (!old_o) {
+            nssHash_Add(ckcapiInternalObjectHash, key, io);
+        } else if (old_o != io) {
+            nss_ckcapi_DestroyInternalObject(io);
+            io = old_o;
+        }
+    }
+
+    if ((void *)NULL == io->mdObject.etc) {
+        (void)nsslibc_memcpy(&io->mdObject, &ckcapi_prototype_mdObject,
+                             sizeof(ckcapi_prototype_mdObject));
+        io->mdObject.etc = (void *)io;
+    }
+    return &io->mdObject;
+}
+
+static void
+ckcapi_removeObjectFromHash(
+    ckcapiInternalObject *io)
+{
+    NSSItem *key = &io->hashKey;
+
+    if ((nssHash *)NULL == ckcapiInternalObjectHash) {
+        return;
+    }
+    if (key->size == 0) {
+        ckcapi_FetchHashKey(io);
+    }
+    nssHash_Remove(ckcapiInternalObjectHash, key);
+    return;
+}
+
+void
+nss_ckcapi_DestroyInternalObject(
+    ckcapiInternalObject *io)
+{
+    switch (io->type) {
+        case ckcapiRaw:
+            return;
+        case ckcapiCert:
+            CertFreeCertificateContext(io->u.cert.certContext);
+            nss_ZFreeIf(io->u.cert.labelData);
+            nss_ZFreeIf(io->u.cert.key.privateKey);
+            nss_ZFreeIf(io->u.cert.key.pubKey);
+            nss_ZFreeIf(io->idData);
+            break;
+        case ckcapiBareKey:
+            nss_ZFreeIf(io->u.key.provInfo.pwszContainerName);
+            nss_ZFreeIf(io->u.key.provInfo.pwszProvName);
+            nss_ZFreeIf(io->u.key.provName);
+            nss_ZFreeIf(io->u.key.containerName);
+            nss_ZFreeIf(io->u.key.key.privateKey);
+            nss_ZFreeIf(io->u.key.key.pubKey);
+            if (0 != io->u.key.hProv) {
+                CryptReleaseContext(io->u.key.hProv, 0);
+            }
+            nss_ZFreeIf(io->idData);
+            break;
+    }
+    nss_ZFreeIf(io);
+    return;
+}
+
+static ckcapiInternalObject *
+nss_ckcapi_CreateCertificate(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSItem value;
+    NSSItem keyID;
+    char *storeStr;
+    ckcapiInternalObject *io = NULL;
+    PCCERT_CONTEXT certContext = NULL;
+    PCCERT_CONTEXT storedCertContext = NULL;
+    CRYPT_KEY_PROV_INFO *prov_info = NULL;
+    char *nickname = NULL;
+    HCERTSTORE hStore = 0;
+    DWORD msError = 0;
+    PRBool hasID;
+    CK_RV dummy;
+    BOOL rc;
+
+    *pError = nss_ckcapi_GetAttribute(CKA_VALUE, pTemplate,
+                                      ulAttributeCount, &value);
+
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+
+    *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
+                                      ulAttributeCount, &keyID);
+
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+
+    if (ckcapi_cert_exists(&value, &io)) {
+        return io;
+    }
+
+    /* OK, we are creating a new one, figure out what store it belongs to..
+   * first get a certContext handle.. */
+    certContext = CertCreateCertificateContext(X509_ASN_ENCODING,
+                                               value.data, value.size);
+    if ((PCCERT_CONTEXT)NULL == certContext) {
+        msError = GetLastError();
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+
+    /* do we have a private key laying around... */
+    prov_info = ckcapi_cert_getPrivateKeyInfo(certContext, &keyID);
+    if (prov_info) {
+        CRYPT_DATA_BLOB msKeyID;
+        storeStr = "My";
+        hasID = PR_TRUE;
+        rc = CertSetCertificateContextProperty(certContext,
+                                               CERT_KEY_PROV_INFO_PROP_ID,
+                                               0, prov_info);
+        nss_ZFreeIf(prov_info);
+        if (!rc) {
+            msError = GetLastError();
+            *pError = CKR_DEVICE_ERROR;
+            goto loser;
+        }
+        msKeyID.cbData = keyID.size;
+        msKeyID.pbData = keyID.data;
+        rc = CertSetCertificateContextProperty(certContext,
+                                               CERT_KEY_IDENTIFIER_PROP_ID,
+                                               0, &msKeyID);
+        if (!rc) {
+            msError = GetLastError();
+            *pError = CKR_DEVICE_ERROR;
+            goto loser;
+        }
+
+        /* does it look like a CA */
+    } else if (ckcapi_cert_isCA(certContext)) {
+        storeStr = ckcapi_cert_isRoot(certContext) ? "CA" : "Root";
+        /* does it look like an S/MIME cert */
+    } else if (ckcapi_cert_hasEmail(certContext)) {
+        storeStr = "AddressBook";
+    } else {
+        /* just pick a store */
+        storeStr = "CA";
+    }
+
+    /* get the nickname, not an error if we can't find it */
+    nickname = nss_ckcapi_GetStringAttribute(CKA_LABEL, pTemplate,
+                                             ulAttributeCount, &dummy);
+    if (nickname) {
+        LPWSTR nicknameUTF16 = NULL;
+        CRYPT_DATA_BLOB nicknameBlob;
+
+        nicknameUTF16 = nss_ckcapi_UTF8ToWide(nickname);
+        nss_ZFreeIf(nickname);
+        nickname = NULL;
+        if ((LPWSTR)NULL == nicknameUTF16) {
+            *pError = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        nicknameBlob.cbData = nss_ckcapi_WideSize(nicknameUTF16);
+        nicknameBlob.pbData = (BYTE *)nicknameUTF16;
+        rc = CertSetCertificateContextProperty(certContext,
+                                               CERT_FRIENDLY_NAME_PROP_ID, 0, &nicknameBlob);
+        nss_ZFreeIf(nicknameUTF16);
+        if (!rc) {
+            msError = GetLastError();
+            *pError = CKR_DEVICE_ERROR;
+            goto loser;
+        }
+    }
+
+    hStore = CertOpenSystemStore((HCRYPTPROV)NULL, storeStr);
+    if (0 == hStore) {
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    rc = CertAddCertificateContextToStore(hStore, certContext,
+                                          CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES, &storedCertContext);
+    CertFreeCertificateContext(certContext);
+    certContext = NULL;
+    CertCloseStore(hStore, 0);
+    hStore = 0;
+    if (!rc) {
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    io = nss_ZNEW(NULL, ckcapiInternalObject);
+    if ((ckcapiInternalObject *)NULL == io) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    io->type = ckcapiCert;
+    io->objClass = CKO_CERTIFICATE;
+    io->u.cert.certContext = storedCertContext;
+    io->u.cert.hasID = hasID;
+    return io;
+
+loser:
+    if (certContext) {
+        CertFreeCertificateContext(certContext);
+        certContext = NULL;
+    }
+    if (storedCertContext) {
+        CertFreeCertificateContext(storedCertContext);
+        storedCertContext = NULL;
+    }
+    if (0 != hStore) {
+        CertCloseStore(hStore, 0);
+    }
+    return (ckcapiInternalObject *)NULL;
+}
+
+static char *
+ckcapi_getDefaultProvider(
+    CK_RV *pError)
+{
+    char *name = NULL;
+    BOOL rc;
+    DWORD nameLength = 0;
+
+    rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, NULL,
+                                 &nameLength);
+    if (!rc) {
+        return (char *)NULL;
+    }
+
+    name = nss_ZNEWARRAY(NULL, char, nameLength);
+    if ((char *)NULL == name) {
+        return (char *)NULL;
+    }
+    rc = CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_USER_DEFAULT, name,
+                                 &nameLength);
+    if (!rc) {
+        nss_ZFreeIf(name);
+        return (char *)NULL;
+    }
+
+    return name;
+}
+
+static char *
+ckcapi_getContainer(
+    CK_RV *pError,
+    NSSItem *id)
+{
+    RPC_STATUS rstat;
+    UUID uuid;
+    char *uuidStr;
+    char *container;
+
+    rstat = UuidCreate(&uuid);
+    rstat = UuidToString(&uuid, &uuidStr);
+
+    /* convert it from rcp memory to our own */
+    container = nssUTF8_Duplicate(uuidStr, NULL);
+    RpcStringFree(&uuidStr);
+
+    return container;
+}
+
+static CK_RV
+ckcapi_buildPrivateKeyBlob(
+    NSSItem *keyBlob,
+    NSSItem *modulus,
+    NSSItem *publicExponent,
+    NSSItem *privateExponent,
+    NSSItem *prime1,
+    NSSItem *prime2,
+    NSSItem *exponent1,
+    NSSItem *exponent2,
+    NSSItem *coefficient,
+    PRBool isKeyExchange)
+{
+    CAPI_RSA_KEY_BLOB *keyBlobData = NULL;
+    unsigned char *target;
+    unsigned long modSize = modulus->size;
+    unsigned long dataSize;
+    CK_RV error = CKR_OK;
+
+    /* validate extras */
+    if (privateExponent->size != modSize) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (prime1->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (prime2->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (exponent1->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (exponent2->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    if (coefficient->size != modSize / 2) {
+        error = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    dataSize = (modSize * 4) + (modSize / 2) + sizeof(CAPI_RSA_KEY_BLOB);
+    keyBlobData = (CAPI_RSA_KEY_BLOB *)nss_ZAlloc(NULL, dataSize);
+    if ((CAPI_RSA_KEY_BLOB *)NULL == keyBlobData) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    keyBlobData->header.bType = PRIVATEKEYBLOB;
+    keyBlobData->header.bVersion = 0x02;
+    keyBlobData->header.reserved = 0x00;
+    keyBlobData->header.aiKeyAlg = isKeyExchange ? CALG_RSA_KEYX : CALG_RSA_SIGN;
+    keyBlobData->rsa.magic = 0x32415352;
+    keyBlobData->rsa.bitlen = modSize * 8;
+    keyBlobData->rsa.pubexp = nss_ckcapi_DataToInt(publicExponent, &error);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    target = &keyBlobData->data[CAPI_MODULUS_OFFSET(modSize)];
+    nsslibc_memcpy(target, modulus->data, modulus->size);
+    modulus->data = target;
+    ckcapi_ReverseData(modulus);
+
+    target = &keyBlobData->data[CAPI_PRIVATE_EXP_OFFSET(modSize)];
+    nsslibc_memcpy(target, privateExponent->data, privateExponent->size);
+    privateExponent->data = target;
+    ckcapi_ReverseData(privateExponent);
+
+    target = &keyBlobData->data[CAPI_PRIME_1_OFFSET(modSize)];
+    nsslibc_memcpy(target, prime1->data, prime1->size);
+    prime1->data = target;
+    ckcapi_ReverseData(prime1);
+
+    target = &keyBlobData->data[CAPI_PRIME_2_OFFSET(modSize)];
+    nsslibc_memcpy(target, prime2->data, prime2->size);
+    prime2->data = target;
+    ckcapi_ReverseData(prime2);
+
+    target = &keyBlobData->data[CAPI_EXPONENT_1_OFFSET(modSize)];
+    nsslibc_memcpy(target, exponent1->data, exponent1->size);
+    exponent1->data = target;
+    ckcapi_ReverseData(exponent1);
+
+    target = &keyBlobData->data[CAPI_EXPONENT_2_OFFSET(modSize)];
+    nsslibc_memcpy(target, exponent2->data, exponent2->size);
+    exponent2->data = target;
+    ckcapi_ReverseData(exponent2);
+
+    target = &keyBlobData->data[CAPI_COEFFICIENT_OFFSET(modSize)];
+    nsslibc_memcpy(target, coefficient->data, coefficient->size);
+    coefficient->data = target;
+    ckcapi_ReverseData(coefficient);
+
+    keyBlob->data = keyBlobData;
+    keyBlob->size = dataSize;
+
+    return CKR_OK;
+
+loser:
+    nss_ZFreeIf(keyBlobData);
+    return error;
+}
+
+static ckcapiInternalObject *
+nss_ckcapi_CreatePrivateKey(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSItem modulus;
+    NSSItem publicExponent;
+    NSSItem privateExponent;
+    NSSItem exponent1;
+    NSSItem exponent2;
+    NSSItem prime1;
+    NSSItem prime2;
+    NSSItem coefficient;
+    NSSItem keyID;
+    NSSItem keyBlob;
+    ckcapiInternalObject *io = NULL;
+    char *providerName = NULL;
+    char *containerName = NULL;
+    char *idData = NULL;
+    CRYPT_KEY_PROV_INFO provInfo;
+    CRYPT_HASH_BLOB msKeyID;
+    CK_KEY_TYPE keyType;
+    HCRYPTPROV hProv = 0;
+    HCRYPTKEY hKey = 0;
+    PRBool decrypt;
+    DWORD keySpec;
+    DWORD msError;
+    BOOL rc;
+
+    keyType = nss_ckcapi_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    if (CKK_RSA != keyType) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (ckcapiInternalObject *)NULL;
+    }
+
+    decrypt = nss_ckcapi_GetBoolAttribute(CKA_DECRYPT,
+                                          pTemplate, ulAttributeCount, pError);
+    if (CKR_TEMPLATE_INCOMPLETE == *pError) {
+        decrypt = PR_TRUE; /* default to true */
+    }
+    decrypt = decrypt || nss_ckcapi_GetBoolAttribute(CKA_UNWRAP,
+                                                     pTemplate, ulAttributeCount, pError);
+    if (CKR_TEMPLATE_INCOMPLETE == *pError) {
+        decrypt = PR_TRUE; /* default to true */
+    }
+    keySpec = decrypt ? AT_KEYEXCHANGE : AT_SIGNATURE;
+
+    *pError = nss_ckcapi_GetAttribute(CKA_MODULUS, pTemplate,
+                                      ulAttributeCount, &modulus);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate,
+                                      ulAttributeCount, &publicExponent);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate,
+                                      ulAttributeCount, &privateExponent);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PRIME_1, pTemplate,
+                                      ulAttributeCount, &prime1);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_PRIME_2, pTemplate,
+                                      ulAttributeCount, &prime2);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_1, pTemplate,
+                                      ulAttributeCount, &exponent1);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_EXPONENT_2, pTemplate,
+                                      ulAttributeCount, &exponent2);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_COEFFICIENT, pTemplate,
+                                      ulAttributeCount, &coefficient);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    *pError = nss_ckcapi_GetAttribute(CKA_ID, pTemplate,
+                                      ulAttributeCount, &keyID);
+    if (CKR_OK != *pError) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    providerName = ckcapi_getDefaultProvider(pError);
+    if ((char *)NULL == providerName) {
+        return (ckcapiInternalObject *)NULL;
+    }
+    containerName = ckcapi_getContainer(pError, &keyID);
+    if ((char *)NULL == containerName) {
+        goto loser;
+    }
+    rc = CryptAcquireContext(&hProv, containerName, providerName,
+                             PROV_RSA_FULL, CRYPT_NEWKEYSET);
+    if (!rc) {
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    *pError = ckcapi_buildPrivateKeyBlob(
+        &keyBlob,
+        &modulus,
+        &publicExponent,
+        &privateExponent,
+        &prime1,
+        &prime2,
+        &exponent1,
+        &exponent2,
+        &coefficient,
+        decrypt);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    rc = CryptImportKey(hProv, keyBlob.data, keyBlob.size,
+                        0, CRYPT_EXPORTABLE, &hKey);
+    if (!rc) {
+        msError = GetLastError();
+        *pError = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    idData = nss_ZNEWARRAY(NULL, char, keyID.size);
+    if ((void *)NULL == idData) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    nsslibc_memcpy(idData, keyID.data, keyID.size);
+
+    provInfo.pwszContainerName = nss_ckcapi_UTF8ToWide(containerName);
+    provInfo.pwszProvName = nss_ckcapi_UTF8ToWide(providerName);
+    provInfo.dwProvType = PROV_RSA_FULL;
+    provInfo.dwFlags = 0;
+    provInfo.cProvParam = 0;
+    provInfo.rgProvParam = NULL;
+    provInfo.dwKeySpec = keySpec;
+
+    msKeyID.cbData = keyID.size;
+    msKeyID.pbData = keyID.data;
+
+    rc = CryptSetKeyIdentifierProperty(&msKeyID, CERT_KEY_PROV_INFO_PROP_ID,
+                                       0, NULL, NULL, &provInfo);
+    if (!rc) {
+        goto loser;
+    }
+
+    /* handle error here */
+    io = nss_ZNEW(NULL, ckcapiInternalObject);
+    if ((ckcapiInternalObject *)NULL == io) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    io->type = ckcapiBareKey;
+    io->objClass = CKO_PRIVATE_KEY;
+    io->u.key.provInfo = provInfo;
+    io->u.key.provName = providerName;
+    io->u.key.containerName = containerName;
+    io->u.key.hProv = hProv; /* save the handle */
+    io->idData = idData;
+    io->id.data = idData;
+    io->id.size = keyID.size;
+    /* done with the key handle */
+    CryptDestroyKey(hKey);
+    return io;
+
+loser:
+    nss_ZFreeIf(containerName);
+    nss_ZFreeIf(providerName);
+    nss_ZFreeIf(idData);
+    if (0 != hProv) {
+        CryptReleaseContext(hProv, 0);
+    }
+    if (0 != hKey) {
+        CryptDestroyKey(hKey);
+    }
+    return (ckcapiInternalObject *)NULL;
+}
+
+NSS_EXTERN NSSCKMDObject *
+nss_ckcapi_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    CK_OBJECT_CLASS objClass;
+    ckcapiInternalObject *io = NULL;
+    CK_BBOOL isToken;
+
+    /*
+     * only create token objects
+     */
+    isToken = nss_ckcapi_GetBoolAttribute(CKA_TOKEN, pTemplate,
+                                          ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (NSSCKMDObject *)NULL;
+    }
+    if (!isToken) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    /*
+     * only create keys and certs.
+     */
+    objClass = nss_ckcapi_GetULongAttribute(CKA_CLASS, pTemplate,
+                                            ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (NSSCKMDObject *)NULL;
+    }
+#ifdef notdef
+    if (objClass == CKO_PUBLIC_KEY) {
+        return CKR_OK; /* fake public key creation, happens as a side effect of
+                        * private key creation */
+    }
+#endif
+    if (objClass == CKO_CERTIFICATE) {
+        io = nss_ckcapi_CreateCertificate(fwSession, pTemplate,
+                                          ulAttributeCount, pError);
+    } else if (objClass == CKO_PRIVATE_KEY) {
+        io = nss_ckcapi_CreatePrivateKey(fwSession, pTemplate,
+                                         ulAttributeCount, pError);
+    } else {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    if ((ckcapiInternalObject *)NULL == io) {
+        return (NSSCKMDObject *)NULL;
+    }
+    return nss_ckcapi_CreateMDObject(NULL, io, pError);
+}
diff --git a/nss/lib/ckfw/capi/config.mk b/nss/lib/ckfw/capi/config.mk
new file mode 100644
index 0000000..ec0a862
--- /dev/null
+++ b/nss/lib/ckfw/capi/config.mk
@@ -0,0 +1,31 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only shared libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(SHARED_LIBRARY)
+LIBRARY        =
+IMPORT_LIBRARY =
+PROGRAM        =
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+    SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+    RES = $(OBJDIR)/$(LIBRARY_NAME).res
+    RESNAME = $(LIBRARY_NAME).rc
+endif
+
+ifdef BUILD_IDG
+    DEFINES += -DNSSDEBUG
+endif
+
+#
+# To create a loadable module on Darwin, we must use -bundle.
+#
+ifeq ($(OS_TARGET),Darwin)
+DSO_LDOPTS = -bundle
+endif
diff --git a/nss/lib/ckfw/capi/constants.c b/nss/lib/ckfw/capi/constants.c
new file mode 100644
index 0000000..0d4b701
--- /dev/null
+++ b/nss/lib/ckfw/capi/constants.c
@@ -0,0 +1,63 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * ckcapi/constants.c
+ *
+ * Identification and other constants, all collected here in one place.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCAPI_H
+#include "nsscapi.h"
+#endif /* NSSCAPI_H */
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckcapi_CryptokiVersion = {
+        NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR,
+        NSS_CKCAPI_CRYPTOKI_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckcapi_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation";
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckcapi_LibraryDescription = (NSSUTF8 *)"NSS Access to Microsoft Certificate Store";
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckcapi_LibraryVersion = {
+        NSS_CKCAPI_LIBRARY_VERSION_MAJOR,
+        NSS_CKCAPI_LIBRARY_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckcapi_SlotDescription = (NSSUTF8 *)"Microsoft Certificate Store";
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckcapi_HardwareVersion = {
+        NSS_CKCAPI_HARDWARE_VERSION_MAJOR,
+        NSS_CKCAPI_HARDWARE_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckcapi_FirmwareVersion = {
+        NSS_CKCAPI_FIRMWARE_VERSION_MAJOR,
+        NSS_CKCAPI_FIRMWARE_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckcapi_TokenLabel = (NSSUTF8 *)"Microsoft Certificate Store";
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckcapi_TokenModel = (NSSUTF8 *)"1";
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckcapi_TokenSerialNumber = (NSSUTF8 *)"1";
diff --git a/nss/lib/ckfw/capi/crsa.c b/nss/lib/ckfw/capi/crsa.c
new file mode 100644
index 0000000..62f90ac
--- /dev/null
+++ b/nss/lib/ckfw/capi/crsa.c
@@ -0,0 +1,687 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckcapi.h"
+#include "secdert.h"
+
+#define SSL3_SHAMD5_HASH_SIZE 36 /* LEN_MD5 (16) + LEN_SHA1 (20) */
+
+/*
+ * ckcapi/crsa.c
+ *
+ * This file implements the NSSCKMDMechnaism and NSSCKMDCryptoOperation objects
+ * for the RSA operation on the CAPI cryptoki module.
+ */
+
+/*
+ * write a Decimal value to a string
+ */
+
+static char *
+putDecimalString(char *cstr, unsigned long value)
+{
+    unsigned long tenpower;
+    int first = 1;
+
+    for (tenpower = 10000000; tenpower; tenpower /= 10) {
+        unsigned char digit = (unsigned char)(value / tenpower);
+        value = value % tenpower;
+
+        /* drop leading zeros */
+        if (first && (0 == digit)) {
+            continue;
+        }
+        first = 0;
+        *cstr++ = digit + '0';
+    }
+
+    /* if value was zero, put one of them out */
+    if (first) {
+        *cstr++ = '0';
+    }
+    return cstr;
+}
+
+/*
+ * Create a Capi OID string value from a DER OID
+ */
+static char *
+nss_ckcapi_GetOidString(
+    unsigned char *oidTag,
+    unsigned int oidTagSize,
+    CK_RV *pError)
+{
+    unsigned char *oid;
+    char *oidStr;
+    char *cstr;
+    unsigned long value;
+    unsigned int oidSize;
+
+    if (DER_OBJECT_ID != *oidTag) {
+        /* wasn't an oid */
+        *pError = CKR_DATA_INVALID;
+        return NULL;
+    }
+    oid = nss_ckcapi_DERUnwrap(oidTag, oidTagSize, &oidSize, NULL);
+
+    if (oidSize < 2) {
+        *pError = CKR_DATA_INVALID;
+        return NULL;
+    }
+
+    oidStr = nss_ZNEWARRAY(NULL, char, oidSize * 4);
+    if ((char *)NULL == oidStr) {
+        *pError = CKR_HOST_MEMORY;
+        return NULL;
+    }
+    cstr = oidStr;
+    cstr = putDecimalString(cstr, (*oid) / 40);
+    *cstr++ = '.';
+    cstr = putDecimalString(cstr, (*oid) % 40);
+    oidSize--;
+
+    value = 0;
+    while (oidSize--) {
+        oid++;
+        value = (value << 7) + (*oid & 0x7f);
+        if (0 == (*oid & 0x80)) {
+            *cstr++ = '.';
+            cstr = putDecimalString(cstr, value);
+            value = 0;
+        }
+    }
+
+    *cstr = 0; /* NULL terminate */
+
+    if (value != 0) {
+        nss_ZFreeIf(oidStr);
+        *pError = CKR_DATA_INVALID;
+        return NULL;
+    }
+    return oidStr;
+}
+
+/*
+ * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
+ * which includes the hash OID. CAPI expects to take a Hash Context. While
+ * CAPI does have the capability of setting a raw hash value, it does not
+ * have the ability to sign an arbitrary value. This function tries to
+ * reduce the passed in data into something that CAPI could actually sign.
+ */
+static CK_RV
+ckcapi_GetRawHash(
+    const NSSItem *input,
+    NSSItem *hash,
+    ALG_ID *hashAlg)
+{
+    unsigned char *current;
+    unsigned char *algid;
+    unsigned char *oid;
+    unsigned char *hashData;
+    char *oidStr;
+    CK_RV error;
+    unsigned int oidSize;
+    unsigned int size;
+    /*
+    * there are 2 types of hashes NSS typically tries to sign, regular
+    * RSA signature format (with encoded DER_OIDS), and SSL3 Signed hashes.
+    * CAPI knows not to add any oids to SSL3_Signed hashes, so if we have any
+    * random hash that is exactly the same size as an SSL3 hash, then we can
+    * just pass the data through. CAPI has know way of knowing if the value
+    * is really a combined hash or some other arbitrary data, so it's safe to
+    * handle this case first.
+    */
+    if (SSL3_SHAMD5_HASH_SIZE == input->size) {
+        hash->data = input->data;
+        hash->size = input->size;
+        *hashAlg = CALG_SSL3_SHAMD5;
+        return CKR_OK;
+    }
+
+    current = (unsigned char *)input->data;
+
+    /* make sure we have a sequence tag */
+    if ((DER_SEQUENCE | DER_CONSTRUCTED) != *current) {
+        return CKR_DATA_INVALID;
+    }
+
+    /* parse the input block to get 1) the hash oid, and 2) the raw hash value.
+     * unfortunatly CAPI doesn't have a builtin function to do this work, so
+     * we go ahead and do it by hand here.
+     *
+     * format is:
+     *  SEQUENCE {
+     *     SECQUENCE { // algid
+     *       OID {}    // oid
+     *       ANY {}    // optional params
+     *     }
+     *     OCTECT {}   // hash
+     */
+
+    /* unwrap */
+    algid = nss_ckcapi_DERUnwrap(current, input->size, &size, NULL);
+
+    if (algid + size != current + input->size) {
+        /* make sure there is not extra data at the end */
+        return CKR_DATA_INVALID;
+    }
+
+    if ((DER_SEQUENCE | DER_CONSTRUCTED) != *algid) {
+        /* wasn't an algid */
+        return CKR_DATA_INVALID;
+    }
+    oid = nss_ckcapi_DERUnwrap(algid, size, &oidSize, &hashData);
+
+    if (DER_OCTET_STRING != *hashData) {
+        /* wasn't a hash */
+        return CKR_DATA_INVALID;
+    }
+
+    /* get the real hash */
+    current = hashData;
+    size = size - (hashData - algid);
+    hash->data = nss_ckcapi_DERUnwrap(current, size, &hash->size, NULL);
+
+    /* get the real oid as a string. Again, Microsoft does not
+     * export anything that does this for us */
+    oidStr = nss_ckcapi_GetOidString(oid, oidSize, &error);
+    if ((char *)NULL == oidStr) {
+        return error;
+    }
+
+    /* look up the hash alg from the oid (fortunately CAPI does to this) */
+    *hashAlg = CertOIDToAlgId(oidStr);
+    nss_ZFreeIf(oidStr);
+    if (0 == *hashAlg) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /* hash looks reasonably consistent, we should be able to sign it now */
+    return CKR_OK;
+}
+
+/*
+ * So everyone else in the worlds stores their bignum data MSB first, but not
+ * Microsoft, we need to byte swap everything coming into and out of CAPI.
+ */
+void
+ckcapi_ReverseData(NSSItem *item)
+{
+    int end = (item->size) - 1;
+    int middle = (item->size) / 2;
+    unsigned char *buf = item->data;
+    int i;
+
+    for (i = 0; i < middle; i++) {
+        unsigned char tmp = buf[i];
+        buf[i] = buf[end - i];
+        buf[end - i] = tmp;
+    }
+    return;
+}
+
+typedef struct ckcapiInternalCryptoOperationRSAPrivStr
+    ckcapiInternalCryptoOperationRSAPriv;
+struct ckcapiInternalCryptoOperationRSAPrivStr {
+    NSSCKMDCryptoOperation mdOperation;
+    NSSCKMDMechanism *mdMechanism;
+    ckcapiInternalObject *iKey;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey;
+    NSSItem *buffer;
+};
+
+/*
+ * ckcapi_mdCryptoOperationRSAPriv_Create
+ */
+static NSSCKMDCryptoOperation *
+ckcapi_mdCryptoOperationRSAPriv_Create(
+    const NSSCKMDCryptoOperation *proto,
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKMDObject *mdKey,
+    CK_RV *pError)
+{
+    ckcapiInternalObject *iKey = (ckcapiInternalObject *)mdKey->etc;
+    const NSSItem *classItem = nss_ckcapi_FetchAttribute(iKey, CKA_CLASS);
+    const NSSItem *keyType = nss_ckcapi_FetchAttribute(iKey, CKA_KEY_TYPE);
+    ckcapiInternalCryptoOperationRSAPriv *iOperation;
+    CK_RV error;
+    HCRYPTPROV hProv;
+    DWORD keySpec;
+    HCRYPTKEY hKey;
+
+    /* make sure we have the right objects */
+    if (((const NSSItem *)NULL == classItem) ||
+        (sizeof(CK_OBJECT_CLASS) != classItem->size) ||
+        (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
+        ((const NSSItem *)NULL == keyType) ||
+        (sizeof(CK_KEY_TYPE) != keyType->size) ||
+        (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
+        *pError = CKR_KEY_TYPE_INCONSISTENT;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+
+    error = nss_ckcapi_FetchKeyContainer(iKey, &hProv, &keySpec, &hKey);
+    if (error != CKR_OK) {
+        *pError = error;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+
+    iOperation = nss_ZNEW(NULL, ckcapiInternalCryptoOperationRSAPriv);
+    if ((ckcapiInternalCryptoOperationRSAPriv *)NULL == iOperation) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+    iOperation->mdMechanism = mdMechanism;
+    iOperation->iKey = iKey;
+    iOperation->hProv = hProv;
+    iOperation->keySpec = keySpec;
+    iOperation->hKey = hKey;
+
+    nsslibc_memcpy(&iOperation->mdOperation,
+                   proto, sizeof(NSSCKMDCryptoOperation));
+    iOperation->mdOperation.etc = iOperation;
+
+    return &iOperation->mdOperation;
+}
+
+static CK_RV
+ckcapi_mdCryptoOperationRSAPriv_Destroy(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+
+    if (iOperation->hKey) {
+        CryptDestroyKey(iOperation->hKey);
+    }
+    if (iOperation->buffer) {
+        nssItem_Destroy(iOperation->buffer);
+    }
+    nss_ZFreeIf(iOperation);
+    return CKR_OK;
+}
+
+static CK_ULONG
+ckcapi_mdCryptoOperationRSA_GetFinalLength(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    const NSSItem *modulus =
+        nss_ckcapi_FetchAttribute(iOperation->iKey, CKA_MODULUS);
+
+    return modulus->size;
+}
+
+/*
+ * ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength
+ * we won't know the length until we actually decrypt the
+ * input block. Since we go to all the work to decrypt the
+ * the block, we'll save if for when the block is asked for
+ */
+static CK_ULONG
+ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    CK_RV *pError)
+{
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    BOOL rc;
+
+    /* Microsoft's Decrypt operation works in place. Since we don't want
+     * to trash our input buffer, we make a copy of it */
+    iOperation->buffer = nssItem_Duplicate((NSSItem *)input, NULL, NULL);
+    if ((NSSItem *)NULL == iOperation->buffer) {
+        *pError = CKR_HOST_MEMORY;
+        return 0;
+    }
+    /* Sigh, reverse it */
+    ckcapi_ReverseData(iOperation->buffer);
+
+    rc = CryptDecrypt(iOperation->hKey, 0, TRUE, 0,
+                      iOperation->buffer->data, &iOperation->buffer->size);
+    if (!rc) {
+        DWORD msError = GetLastError();
+        switch (msError) {
+            case NTE_BAD_DATA:
+                *pError =
+                    CKR_ENCRYPTED_DATA_INVALID;
+                break;
+            case NTE_FAIL:
+            case NTE_BAD_UID:
+                *pError =
+                    CKR_DEVICE_ERROR;
+                break;
+            default:
+                *pError =
+                    CKR_GENERAL_ERROR;
+        }
+        return 0;
+    }
+
+    return iOperation->buffer->size;
+}
+
+/*
+ * ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal
+ *
+ * NOTE: ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to
+ * have been called previously.
+ */
+static CK_RV
+ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    NSSItem *output)
+{
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    NSSItem *buffer = iOperation->buffer;
+
+    if ((NSSItem *)NULL == buffer) {
+        return CKR_GENERAL_ERROR;
+    }
+    nsslibc_memcpy(output->data, buffer->data, buffer->size);
+    output->size = buffer->size;
+    return CKR_OK;
+}
+
+/*
+ * ckcapi_mdCryptoOperationRSASign_UpdateFinal
+ *
+ */
+static CK_RV
+ckcapi_mdCryptoOperationRSASign_UpdateFinal(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    NSSItem *output)
+{
+    ckcapiInternalCryptoOperationRSAPriv *iOperation =
+        (ckcapiInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    CK_RV error = CKR_OK;
+    DWORD msError;
+    NSSItem hash;
+    HCRYPTHASH hHash = 0;
+    ALG_ID hashAlg;
+    DWORD hashSize;
+    DWORD len; /* temp length value we throw away */
+    BOOL rc;
+
+    /*
+     * PKCS #11 sign for RSA expects to take a fully DER-encoded hash value,
+     * which includes the hash OID. CAPI expects to take a Hash Context. While
+     * CAPI does have the capability of setting a raw hash value, it does not
+     * have the ability to sign an arbitrary value. This function tries to
+     * reduce the passed in data into something that CAPI could actually sign.
+     */
+    error = ckcapi_GetRawHash(input, &hash, &hashAlg);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    rc = CryptCreateHash(iOperation->hProv, hashAlg, 0, 0, &hHash);
+    if (!rc) {
+        goto loser;
+    }
+
+    /* make sure the hash lens match before we set it */
+    len = sizeof(DWORD);
+    rc = CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE *)&hashSize, &len, 0);
+    if (!rc) {
+        goto loser;
+    }
+
+    if (hash.size != hashSize) {
+        /* The input must have been bad for this to happen */
+        error = CKR_DATA_INVALID;
+        goto loser;
+    }
+
+    /* we have an explicit hash, set it, note that the length is
+     * implicit by the hashAlg used in create */
+    rc = CryptSetHashParam(hHash, HP_HASHVAL, hash.data, 0);
+    if (!rc) {
+        goto loser;
+    }
+
+    /* OK, we have the data in a hash structure, sign it! */
+    rc = CryptSignHash(hHash, iOperation->keySpec, NULL, 0,
+                       output->data, &output->size);
+    if (!rc) {
+        goto loser;
+    }
+
+    /* Don't return a signature that might have been broken because of a cosmic
+     * ray, or a broken processor, verify that it is valid... */
+    rc = CryptVerifySignature(hHash, output->data, output->size,
+                              iOperation->hKey, NULL, 0);
+    if (!rc) {
+        goto loser;
+    }
+
+    /* OK, Microsoft likes to do things completely differently than anyone
+     * else. We need to reverse the data we received here */
+    ckcapi_ReverseData(output);
+    CryptDestroyHash(hHash);
+    return CKR_OK;
+
+loser:
+    /* map the microsoft error */
+    if (CKR_OK == error) {
+        msError = GetLastError();
+        switch (msError) {
+            case ERROR_NOT_ENOUGH_MEMORY:
+                error =
+                    CKR_HOST_MEMORY;
+                break;
+            case NTE_NO_MEMORY:
+                error =
+                    CKR_DEVICE_MEMORY;
+                break;
+            case ERROR_MORE_DATA:
+                return CKR_BUFFER_TOO_SMALL;
+            case ERROR_INVALID_PARAMETER: /* these params were derived from the */
+            case ERROR_INVALID_HANDLE:    /* inputs, so if they are bad, the input */
+            case NTE_BAD_ALGID:           /* data is bad */
+            case NTE_BAD_HASH:
+                error =
+                    CKR_DATA_INVALID;
+                break;
+            case ERROR_BUSY:
+            case NTE_FAIL:
+            case NTE_BAD_UID:
+                error =
+                    CKR_DEVICE_ERROR;
+                break;
+            default:
+                error =
+                    CKR_GENERAL_ERROR;
+                break;
+        }
+    }
+    if (hHash) {
+        CryptDestroyHash(hHash);
+    }
+    return error;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
+    ckcapi_mdCryptoOperationRSADecrypt_proto = {
+        NULL, /* etc */
+        ckcapi_mdCryptoOperationRSAPriv_Destroy,
+        NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
+        ckcapi_mdCryptoOperationRSADecrypt_GetOperationLength,
+        NULL, /* Final - not needed for one shot operation */
+        NULL, /* Update - not needed for one shot operation */
+        NULL, /* DigetUpdate - not needed for one shot operation */
+        ckcapi_mdCryptoOperationRSADecrypt_UpdateFinal,
+        NULL,        /* UpdateCombo - not needed for one shot operation */
+        NULL,        /* DigetKey - not needed for one shot operation */
+        (void *)NULL /* null terminator */
+    };
+
+NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
+    ckcapi_mdCryptoOperationRSASign_proto = {
+        NULL, /* etc */
+        ckcapi_mdCryptoOperationRSAPriv_Destroy,
+        ckcapi_mdCryptoOperationRSA_GetFinalLength,
+        NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
+        NULL, /* Final - not needed for one shot operation */
+        NULL, /* Update - not needed for one shot operation */
+        NULL, /* DigetUpdate - not needed for one shot operation */
+        ckcapi_mdCryptoOperationRSASign_UpdateFinal,
+        NULL,        /* UpdateCombo - not needed for one shot operation */
+        NULL,        /* DigetKey - not needed for one shot operation */
+        (void *)NULL /* null terminator */
+    };
+
+/********** NSSCKMDMechansim functions ***********************/
+/*
+ * ckcapi_mdMechanismRSA_Destroy
+ */
+static void
+ckcapi_mdMechanismRSA_Destroy(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_ZFreeIf(fwMechanism);
+}
+
+/*
+ * ckcapi_mdMechanismRSA_GetMinKeySize
+ */
+static CK_ULONG
+ckcapi_mdMechanismRSA_GetMinKeySize(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return 384;
+}
+
+/*
+ * ckcapi_mdMechanismRSA_GetMaxKeySize
+ */
+static CK_ULONG
+ckcapi_mdMechanismRSA_GetMaxKeySize(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return 16384;
+}
+
+/*
+ * ckcapi_mdMechanismRSA_DecryptInit
+ */
+static NSSCKMDCryptoOperation *
+ckcapi_mdMechanismRSA_DecryptInit(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDObject *mdKey,
+    NSSCKFWObject *fwKey,
+    CK_RV *pError)
+{
+    return ckcapi_mdCryptoOperationRSAPriv_Create(
+        &ckcapi_mdCryptoOperationRSADecrypt_proto,
+        mdMechanism, mdKey, pError);
+}
+
+/*
+ * ckcapi_mdMechanismRSA_SignInit
+ */
+static NSSCKMDCryptoOperation *
+ckcapi_mdMechanismRSA_SignInit(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDObject *mdKey,
+    NSSCKFWObject *fwKey,
+    CK_RV *pError)
+{
+    return ckcapi_mdCryptoOperationRSAPriv_Create(
+        &ckcapi_mdCryptoOperationRSASign_proto,
+        mdMechanism, mdKey, pError);
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDMechanism
+    nss_ckcapi_mdMechanismRSA = {
+        (void *)NULL, /* etc */
+        ckcapi_mdMechanismRSA_Destroy,
+        ckcapi_mdMechanismRSA_GetMinKeySize,
+        ckcapi_mdMechanismRSA_GetMaxKeySize,
+        NULL, /* GetInHardware - default false */
+        NULL, /* EncryptInit - default errs */
+        ckcapi_mdMechanismRSA_DecryptInit,
+        NULL, /* DigestInit - default errs*/
+        ckcapi_mdMechanismRSA_SignInit,
+        NULL,                           /* VerifyInit - default errs */
+        ckcapi_mdMechanismRSA_SignInit, /* SignRecoverInit */
+        NULL,                           /* VerifyRecoverInit - default errs */
+        NULL,                           /* GenerateKey - default errs */
+        NULL,                           /* GenerateKeyPair - default errs */
+        NULL,                           /* GetWrapKeyLength - default errs */
+        NULL,                           /* WrapKey - default errs */
+        NULL,                           /* UnwrapKey - default errs */
+        NULL,                           /* DeriveKey - default errs */
+        (void *)NULL                    /* null terminator */
+    };
diff --git a/nss/lib/ckfw/capi/csession.c b/nss/lib/ckfw/capi/csession.c
new file mode 100644
index 0000000..5b268ea
--- /dev/null
+++ b/nss/lib/ckfw/capi/csession.c
@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckcapi.h"
+
+/*
+ * ckcapi/csession.c
+ *
+ * This file implements the NSSCKMDSession object for the
+ * "nss to capi" cryptoki module.
+ */
+
+static NSSCKMDFindObjects *
+ckcapi_mdSession_FindObjectsInit(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    return nss_ckcapi_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+}
+
+static NSSCKMDObject *
+ckcapi_mdSession_CreateObject(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    return nss_ckcapi_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
+}
+
+NSS_IMPLEMENT NSSCKMDSession *
+nss_ckcapi_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+    NSSArena *arena;
+    NSSCKMDSession *rv;
+
+    arena = NSSCKFWSession_GetArena(fwSession, pError);
+    if ((NSSArena *)NULL == arena) {
+        return (NSSCKMDSession *)NULL;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDSession);
+    if ((NSSCKMDSession *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSession *)NULL;
+    }
+
+    /*
+     * rv was zeroed when allocated, so we only
+     * need to set the non-zero members.
+     */
+
+    rv->etc = (void *)fwSession;
+    /* rv->Close */
+    /* rv->GetDeviceError */
+    /* rv->Login */
+    /* rv->Logout */
+    /* rv->InitPIN */
+    /* rv->SetPIN */
+    /* rv->GetOperationStateLen */
+    /* rv->GetOperationState */
+    /* rv->SetOperationState */
+    rv->CreateObject = ckcapi_mdSession_CreateObject;
+    /* rv->CopyObject */
+    rv->FindObjectsInit = ckcapi_mdSession_FindObjectsInit;
+    /* rv->SeedRandom */
+    /* rv->GetRandom */
+    /* rv->null */
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/capi/cslot.c b/nss/lib/ckfw/capi/cslot.c
new file mode 100644
index 0000000..8a39b78
--- /dev/null
+++ b/nss/lib/ckfw/capi/cslot.c
@@ -0,0 +1,81 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckcapi.h"
+
+/*
+ * ckcapi/cslot.c
+ *
+ * This file implements the NSSCKMDSlot object for the
+ * "nss to capi" cryptoki module.
+ */
+
+static NSSUTF8 *
+ckcapi_mdSlot_GetSlotDescription(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_SlotDescription;
+}
+
+static NSSUTF8 *
+ckcapi_mdSlot_GetManufacturerID(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+}
+
+static CK_VERSION
+ckcapi_mdSlot_GetHardwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckcapi_HardwareVersion;
+}
+
+static CK_VERSION
+ckcapi_mdSlot_GetFirmwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckcapi_FirmwareVersion;
+}
+
+static NSSCKMDToken *
+ckcapi_mdSlot_GetToken(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSCKMDToken *)&nss_ckcapi_mdToken;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDSlot
+    nss_ckcapi_mdSlot = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Destroy */
+        ckcapi_mdSlot_GetSlotDescription,
+        ckcapi_mdSlot_GetManufacturerID,
+        NULL, /* GetTokenPresent -- defaults to true */
+        NULL, /* GetRemovableDevice -- defaults to false */
+        NULL, /* GetHardwareSlot -- defaults to false */
+        ckcapi_mdSlot_GetHardwareVersion,
+        ckcapi_mdSlot_GetFirmwareVersion,
+        ckcapi_mdSlot_GetToken,
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/capi/ctoken.c b/nss/lib/ckfw/capi/ctoken.c
new file mode 100644
index 0000000..cc95c17
--- /dev/null
+++ b/nss/lib/ckfw/capi/ctoken.c
@@ -0,0 +1,184 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckcapi.h"
+
+/*
+ * ckcapi/ctoken.c
+ *
+ * This file implements the NSSCKMDToken object for the
+ * "nss to capi" cryptoki module.
+ */
+
+static NSSUTF8 *
+ckcapi_mdToken_GetLabel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_TokenLabel;
+}
+
+static NSSUTF8 *
+ckcapi_mdToken_GetManufacturerID(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_ManufacturerID;
+}
+
+static NSSUTF8 *
+ckcapi_mdToken_GetModel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_TokenModel;
+}
+
+static NSSUTF8 *
+ckcapi_mdToken_GetSerialNumber(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckcapi_TokenSerialNumber;
+}
+
+static CK_BBOOL
+ckcapi_mdToken_GetIsWriteProtected(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_FALSE;
+}
+
+/* fake out Mozilla so we don't try to initialize the token */
+static CK_BBOOL
+ckcapi_mdToken_GetUserPinInitialized(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_TRUE;
+}
+
+static CK_VERSION
+ckcapi_mdToken_GetHardwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckcapi_HardwareVersion;
+}
+
+static CK_VERSION
+ckcapi_mdToken_GetFirmwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckcapi_FirmwareVersion;
+}
+
+static NSSCKMDSession *
+ckcapi_mdToken_OpenSession(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_BBOOL rw,
+    CK_RV *pError)
+{
+    return nss_ckcapi_CreateSession(fwSession, pError);
+}
+
+static CK_ULONG
+ckcapi_mdToken_GetMechanismCount(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return (CK_ULONG)1;
+}
+
+static CK_RV
+ckcapi_mdToken_GetMechanismTypes(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_MECHANISM_TYPE types[])
+{
+    types[0] = CKM_RSA_PKCS;
+    return CKR_OK;
+}
+
+static NSSCKMDMechanism *
+ckcapi_mdToken_GetMechanism(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_MECHANISM_TYPE which,
+    CK_RV *pError)
+{
+    if (which != CKM_RSA_PKCS) {
+        *pError = CKR_MECHANISM_INVALID;
+        return (NSSCKMDMechanism *)NULL;
+    }
+    return (NSSCKMDMechanism *)&nss_ckcapi_mdMechanismRSA;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDToken
+    nss_ckcapi_mdToken = {
+        (void *)NULL, /* etc */
+        NULL,         /* Setup */
+        NULL,         /* Invalidate */
+        NULL,         /* InitToken -- default errs */
+        ckcapi_mdToken_GetLabel,
+        ckcapi_mdToken_GetManufacturerID,
+        ckcapi_mdToken_GetModel,
+        ckcapi_mdToken_GetSerialNumber,
+        NULL, /* GetHasRNG -- default is false */
+        ckcapi_mdToken_GetIsWriteProtected,
+        NULL, /* GetLoginRequired -- default is false */
+        ckcapi_mdToken_GetUserPinInitialized,
+        NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+        NULL, /* GetHasClockOnToken -- default is false */
+        NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+        NULL, /* GetSupportsDualCryptoOperations -- default is false */
+        NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxPinLen -- irrelevant */
+        NULL, /* GetMinPinLen -- irrelevant */
+        NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        ckcapi_mdToken_GetHardwareVersion,
+        ckcapi_mdToken_GetFirmwareVersion,
+        NULL, /* GetUTCTime -- no clock */
+        ckcapi_mdToken_OpenSession,
+        ckcapi_mdToken_GetMechanismCount,
+        ckcapi_mdToken_GetMechanismTypes,
+        ckcapi_mdToken_GetMechanism,
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/capi/manifest.mn b/nss/lib/ckfw/capi/manifest.mn
new file mode 100644
index 0000000..38effd7
--- /dev/null
+++ b/nss/lib/ckfw/capi/manifest.mn
@@ -0,0 +1,33 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../../..
+
+MODULE = nss
+MAPFILE = $(OBJDIR)/nsscapi.def
+
+EXPORTS =		\
+	nsscapi.h	\
+	$(NULL)
+
+CSRCS =			\
+	anchor.c	\
+	constants.c	\
+	cfind.c		\
+	cinst.c 	\
+	cobject.c	\
+	crsa.c		\
+	csession.c	\
+	cslot.c		\
+	ctoken.c	\
+	ckcapiver.c	\
+	staticobj.c	\
+	$(NULL)
+
+REQUIRES = nspr
+
+LIBRARY_NAME = nsscapi
+
+#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4
diff --git a/nss/lib/ckfw/capi/nsscapi.def b/nss/lib/ckfw/capi/nsscapi.def
new file mode 100644
index 0000000..d7e68c7
--- /dev/null
+++ b/nss/lib/ckfw/capi/nsscapi.def
@@ -0,0 +1,26 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#     line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSS_3.1 {       # NSS 3.1 release
+;+    global:
+LIBRARY nsscapi ;-
+EXPORTS ;-
+C_GetFunctionList;
+;+    local:
+;+*;
+;+};
diff --git a/nss/lib/ckfw/capi/nsscapi.h b/nss/lib/ckfw/capi/nsscapi.h
new file mode 100644
index 0000000..78bf38b
--- /dev/null
+++ b/nss/lib/ckfw/capi/nsscapi.h
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSCAPI_H
+#define NSSCAPI_H
+
+/*
+ * NSS CKCAPI Version numbers.
+ *
+ * These are the version numbers for the capi module packaged with
+ * this release on NSS. To determine the version numbers of the builtin
+ * module you are using, use the appropriate PKCS #11 calls.
+ *
+ * These version numbers detail changes to the PKCS #11 interface. They map
+ * to the PKCS #11 spec versions.
+ */
+#define NSS_CKCAPI_CRYPTOKI_VERSION_MAJOR 2
+#define NSS_CKCAPI_CRYPTOKI_VERSION_MINOR 20
+
+/* These version numbers detail the changes
+ * to the list of trusted certificates.
+ *
+ * NSS_CKCAPI_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
+ * whether we may use its full range (0-255) or only 0-99 because
+ * of the comment in the CK_VERSION type definition.
+ */
+#define NSS_CKCAPI_LIBRARY_VERSION_MAJOR 1
+#define NSS_CKCAPI_LIBRARY_VERSION_MINOR 1
+#define NSS_CKCAPI_LIBRARY_VERSION "1.1"
+
+/* These version numbers detail the semantic changes to the ckfw engine. */
+#define NSS_CKCAPI_HARDWARE_VERSION_MAJOR 1
+#define NSS_CKCAPI_HARDWARE_VERSION_MINOR 0
+
+/* These version numbers detail the semantic changes to ckbi itself
+ * (new PKCS #11 objects), etc. */
+#define NSS_CKCAPI_FIRMWARE_VERSION_MAJOR 1
+#define NSS_CKCAPI_FIRMWARE_VERSION_MINOR 0
+
+#endif /* NSSCKBI_H */
diff --git a/nss/lib/ckfw/capi/nsscapi.rc b/nss/lib/ckfw/capi/nsscapi.rc
new file mode 100644
index 0000000..2791200
--- /dev/null
+++ b/nss/lib/ckfw/capi/nsscapi.rc
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsscapi.h"
+#include <winver.h>
+
+#define MY_LIBNAME "nsscapi"
+#define MY_FILEDESCRIPTION "NSS Access to Microsoft CAPI"
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if NSS_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION NSS_CKCAPI_LIBRARY_VERSION_MAJOR,NSS_CKCAPI_LIBRARY_VERSION_MINOR,0,0
+ PRODUCTVERSION NSS_CKCAPI_LIBRARY_VERSION_MAJOR,NSS_CKCAPI_LIBRARY_VERSION_MINOR,0,0
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", NSS_CKCAPI_LIBRARY_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", NSS_CKCAPI_LIBRARY_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/ckfw/capi/staticobj.c b/nss/lib/ckfw/capi/staticobj.c
new file mode 100644
index 0000000..2d67a34
--- /dev/null
+++ b/nss/lib/ckfw/capi/staticobj.c
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKCAPI_H
+#include "ckcapi.h"
+#endif /* CKCAPI_H */
+
+static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
+static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
+static const CK_BBOOL ck_true = CK_TRUE;
+static const CK_OBJECT_CLASS cko_data = CKO_DATA;
+static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
+static const CK_BBOOL ck_false = CK_FALSE;
+static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+
+/* example of a static object */
+static const CK_ATTRIBUTE_TYPE nss_ckcapi_types_1[] = {
+    CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL
+};
+
+static const NSSItem nss_ckcapi_items_1[] = {
+    { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+    { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)"Mozilla CAPI Access", (PRUint32)20 }
+};
+
+ckcapiInternalObject nss_ckcapi_data[] = {
+    {
+        ckcapiRaw,
+        { 5, nss_ckcapi_types_1, nss_ckcapi_items_1 },
+    },
+
+};
+
+const PRUint32 nss_ckcapi_nObjects = 1;
diff --git a/nss/lib/ckfw/ck.api b/nss/lib/ckfw/ck.api
new file mode 100644
index 0000000..810e3db
--- /dev/null
+++ b/nss/lib/ckfw/ck.api
@@ -0,0 +1,541 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This file is in part derived from a file "pkcs11f.h" made available
+# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h
+
+# Fields
+#  FUNCTION introduces a Cryptoki function
+#  CK_type specifies and introduces an argument
+#
+
+# General-purpose
+
+# C_Initialize initializes the Cryptoki library.
+FUNCTION C_Initialize
+CK_VOID_PTR pInitArgs   # if this is not NULL_PTR, it gets
+                        # cast to CK_C_INITIALIZE_ARGS_PTR
+                        # and dereferenced
+
+# C_Finalize indicates that an application is done with the
+# Cryptoki library.
+FUNCTION C_Finalize
+CK_VOID_PTR pReserved   # reserved.  Should be NULL_PTR
+
+# C_GetInfo returns general information about Cryptoki. 
+FUNCTION C_GetInfo
+CK_INFO_PTR pInfo       # location that receives information
+
+# C_GetFunctionList returns the function list. 
+FUNCTION C_GetFunctionList
+CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function 
+                                        # list
+
+
+# Slot and token management 
+
+# C_GetSlotList obtains a list of slots in the system. 
+FUNCTION C_GetSlotList
+CK_BBOOL       tokenPresent # only slots with tokens? 
+CK_SLOT_ID_PTR pSlotList    # receives array of slot IDs 
+CK_ULONG_PTR   pulCount     # receives number of slots 
+
+# C_GetSlotInfo obtains information about a particular slot in the 
+# system.
+FUNCTION C_GetSlotInfo
+CK_SLOT_ID       slotID     # the ID of the slot 
+CK_SLOT_INFO_PTR pInfo      # receives the slot information 
+
+# C_GetTokenInfo obtains information about a particular token in the 
+# system. 
+FUNCTION C_GetTokenInfo
+CK_SLOT_ID        slotID    # ID of the token's slot 
+CK_TOKEN_INFO_PTR pInfo     # receives the token information 
+
+# C_GetMechanismList obtains a list of mechanism types supported by a 
+# token. 
+FUNCTION C_GetMechanismList
+CK_SLOT_ID            slotID            # ID of token's slot 
+CK_MECHANISM_TYPE_PTR pMechanismList    # gets mech. array 
+CK_ULONG_PTR          pulCount          # gets # of mechs. 
+
+# C_GetMechanismInfo obtains information about a particular mechanism 
+# possibly supported by a token. 
+FUNCTION C_GetMechanismInfo
+CK_SLOT_ID            slotID    # ID of the token's slot 
+CK_MECHANISM_TYPE     type      # type of mechanism 
+CK_MECHANISM_INFO_PTR pInfo     # receives mechanism info 
+
+# C_InitToken initializes a token. 
+FUNCTION C_InitToken
+CK_SLOT_ID  slotID      # ID of the token's slot 
+CK_CHAR_PTR pPin        # the SO's initial PIN 
+CK_ULONG    ulPinLen    # length in bytes of the PIN 
+CK_CHAR_PTR pLabel      # 32-byte token label (blank padded) 
+
+# C_InitPIN initializes the normal user's PIN. 
+FUNCTION C_InitPIN
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_CHAR_PTR       pPin      # the normal user's PIN 
+CK_ULONG          ulPinLen  # length in bytes of the PIN 
+
+# C_SetPIN modifies the PIN of the user who is logged in. 
+FUNCTION C_SetPIN
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_CHAR_PTR       pOldPin   # the old PIN 
+CK_ULONG          ulOldLen  # length of the old PIN 
+CK_CHAR_PTR       pNewPin   # the new PIN 
+CK_ULONG          ulNewLen  # length of the new PIN 
+
+
+# Session management 
+
+# C_OpenSession opens a session between an application and a token. 
+FUNCTION C_OpenSession
+CK_SLOT_ID            slotID        # the slot's ID 
+CK_FLAGS              flags         # from CK_SESSION_INFO 
+CK_VOID_PTR           pApplication  # passed to callback 
+CK_NOTIFY             Notify        # callback function 
+CK_SESSION_HANDLE_PTR phSession     # gets session handle 
+
+# C_CloseSession closes a session between an application and a token. 
+FUNCTION C_CloseSession
+CK_SESSION_HANDLE hSession  # the session's handle 
+
+# C_CloseAllSessions closes all sessions with a token. 
+FUNCTION C_CloseAllSessions
+CK_SLOT_ID slotID   # the token's slot 
+
+# C_GetSessionInfo obtains information about the session. 
+FUNCTION C_GetSessionInfo
+CK_SESSION_HANDLE   hSession    # the session's handle 
+CK_SESSION_INFO_PTR pInfo       # receives session info 
+
+# C_GetOperationState obtains the state of the cryptographic 
+# operation in a session. 
+FUNCTION C_GetOperationState
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pOperationState       # gets state 
+CK_ULONG_PTR      pulOperationStateLen  # gets state length 
+
+# C_SetOperationState restores the state of the cryptographic 
+# operation in a session. 
+FUNCTION C_SetOperationState
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR      pOperationState        # holds state 
+CK_ULONG         ulOperationStateLen    # holds state length 
+CK_OBJECT_HANDLE hEncryptionKey         # en/decryption key 
+CK_OBJECT_HANDLE hAuthenticationKey     # sign/verify key 
+
+# C_Login logs a user into a token. 
+FUNCTION C_Login
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_USER_TYPE      userType  # the user type 
+CK_CHAR_PTR       pPin      # the user's PIN 
+CK_ULONG          ulPinLen  # the length of the PIN 
+
+# C_Logout logs a user out from a token. 
+FUNCTION C_Logout
+CK_SESSION_HANDLE hSession  # the session's handle 
+
+
+# Object management 
+
+# C_CreateObject creates a new object. 
+FUNCTION C_CreateObject
+CK_SESSION_HANDLE    hSession   # the session's handle 
+CK_ATTRIBUTE_PTR     pTemplate  # the object's template 
+CK_ULONG             ulCount    # attributes in template 
+CK_OBJECT_HANDLE_PTR phObject   # gets new object's handle. 
+
+# C_CopyObject copies an object, creating a new object for the copy.
+FUNCTION C_CopyObject
+CK_SESSION_HANDLE    hSession       # the session's handle 
+CK_OBJECT_HANDLE     hObject        # the object's handle 
+CK_ATTRIBUTE_PTR     pTemplate      # template for new object 
+CK_ULONG             ulCount        # attributes in template 
+CK_OBJECT_HANDLE_PTR phNewObject    # receives handle of copy 
+
+# C_DestroyObject destroys an object. 
+FUNCTION C_DestroyObject
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_OBJECT_HANDLE  hObject   # the object's handle 
+
+# C_GetObjectSize gets the size of an object in bytes. 
+FUNCTION C_GetObjectSize
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_OBJECT_HANDLE  hObject   # the object's handle 
+CK_ULONG_PTR      pulSize   # receives size of object 
+
+# C_GetAttributeValue obtains the value of one or more object 
+# attributes. 
+FUNCTION C_GetAttributeValue
+CK_SESSION_HANDLE hSession    # the session's handle 
+CK_OBJECT_HANDLE  hObject     # the object's handle 
+CK_ATTRIBUTE_PTR  pTemplate   # specifies attrs; gets vals 
+CK_ULONG          ulCount     # attributes in template 
+
+# C_SetAttributeValue modifies the value of one or more object 
+# attributes 
+FUNCTION C_SetAttributeValue
+CK_SESSION_HANDLE hSession    # the session's handle 
+CK_OBJECT_HANDLE  hObject     # the object's handle 
+CK_ATTRIBUTE_PTR  pTemplate   # specifies attrs and values 
+CK_ULONG          ulCount     # attributes in template 
+
+# C_FindObjectsInit initializes a search for token and session 
+# objects that match a template. 
+FUNCTION C_FindObjectsInit
+CK_SESSION_HANDLE hSession    # the session's handle 
+CK_ATTRIBUTE_PTR  pTemplate   # attribute values to match 
+CK_ULONG          ulCount     # attrs in search template 
+
+# C_FindObjects continues a search for token and session objects that 
+# match a template, obtaining additional object handles. 
+FUNCTION C_FindObjects
+CK_SESSION_HANDLE    hSession           # session's handle 
+CK_OBJECT_HANDLE_PTR phObject           # gets obj. handles 
+CK_ULONG             ulMaxObjectCount   # max handles to get 
+CK_ULONG_PTR         pulObjectCount     # actual # returned 
+
+# C_FindObjectsFinal finishes a search for token and session objects. 
+FUNCTION C_FindObjectsFinal
+CK_SESSION_HANDLE hSession  # the session's handle 
+
+
+# Encryption and decryption 
+
+# C_EncryptInit initializes an encryption operation. 
+FUNCTION C_EncryptInit
+CK_SESSION_HANDLE hSession    # the session's handle 
+CK_MECHANISM_PTR  pMechanism  # the encryption mechanism 
+CK_OBJECT_HANDLE  hKey        # handle of encryption key 
+
+# C_Encrypt encrypts single-part data. 
+FUNCTION C_Encrypt
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pData                 # the plaintext data 
+CK_ULONG          ulDataLen             # bytes of plaintext 
+CK_BYTE_PTR       pEncryptedData        # gets ciphertext 
+CK_ULONG_PTR      pulEncryptedDataLen   # gets c-text size 
+
+# C_EncryptUpdate continues a multiple-part encryption operation. 
+FUNCTION C_EncryptUpdate
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pPart                 # the plaintext data 
+CK_ULONG          ulPartLen             # plaintext data len 
+CK_BYTE_PTR       pEncryptedPart        # gets ciphertext 
+CK_ULONG_PTR      pulEncryptedPartLen   # gets c-text size 
+
+# C_EncryptFinal finishes a multiple-part encryption operation. 
+FUNCTION C_EncryptFinal
+CK_SESSION_HANDLE hSession                  # session handle 
+CK_BYTE_PTR       pLastEncryptedPart        # last c-text 
+CK_ULONG_PTR      pulLastEncryptedPartLen   # gets last size 
+
+# C_DecryptInit initializes a decryption operation. 
+FUNCTION C_DecryptInit
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_MECHANISM_PTR  pMechanism    # the decryption mechanism 
+CK_OBJECT_HANDLE  hKey          # handle of decryption key 
+
+# C_Decrypt decrypts encrypted data in a single part. 
+FUNCTION C_Decrypt
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pEncryptedData        # ciphertext 
+CK_ULONG          ulEncryptedDataLen    # ciphertext length 
+CK_BYTE_PTR       pData                 # gets plaintext 
+CK_ULONG_PTR      pulDataLen            # gets p-text size 
+
+# C_DecryptUpdate continues a multiple-part decryption operation. 
+FUNCTION C_DecryptUpdate
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pEncryptedPart        # encrypted data 
+CK_ULONG          ulEncryptedPartLen    # input length 
+CK_BYTE_PTR       pPart                 # gets plaintext 
+CK_ULONG_PTR      pulPartLen            # p-text size 
+
+# C_DecryptFinal finishes a multiple-part decryption operation. 
+FUNCTION C_DecryptFinal
+CK_SESSION_HANDLE hSession          # the session's handle 
+CK_BYTE_PTR       pLastPart         # gets plaintext 
+CK_ULONG_PTR      pulLastPartLen    # p-text size 
+
+
+# Message digesting 
+
+# C_DigestInit initializes a message-digesting operation. 
+FUNCTION C_DigestInit
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_MECHANISM_PTR  pMechanism    # the digesting mechanism 
+
+# C_Digest digests data in a single part. 
+FUNCTION C_Digest
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_BYTE_PTR       pData         # data to be digested 
+CK_ULONG          ulDataLen     # bytes of data to digest 
+CK_BYTE_PTR       pDigest       # gets the message digest 
+CK_ULONG_PTR      pulDigestLen  # gets digest length 
+
+# C_DigestUpdate continues a multiple-part message-digesting operation.
+FUNCTION C_DigestUpdate
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_BYTE_PTR       pPart     # data to be digested 
+CK_ULONG          ulPartLen # bytes of data to be digested 
+
+# C_DigestKey continues a multi-part message-digesting operation, by 
+# digesting the value of a secret key as part of the data already 
+# digested. 
+FUNCTION C_DigestKey
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_OBJECT_HANDLE  hKey      # secret key to digest 
+
+# C_DigestFinal finishes a multiple-part message-digesting operation. 
+FUNCTION C_DigestFinal
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_BYTE_PTR       pDigest       # gets the message digest 
+CK_ULONG_PTR      pulDigestLen  # gets byte count of digest 
+
+
+# Signing and MACing 
+
+# C_SignInit initializes a signature (private key encryption) 
+# operation, where the signature is (will be) an appendix to the 
+# data, and plaintext cannot be recovered from the signature. 
+FUNCTION C_SignInit
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_MECHANISM_PTR  pMechanism    # the signature mechanism 
+CK_OBJECT_HANDLE  hKey          # handle of signature key 
+
+# C_Sign signs (encrypts with private key) data in a single part, 
+# where the signature is (will be) an appendix to the data, and 
+# plaintext cannot be recovered from the signature. 
+FUNCTION C_Sign
+CK_SESSION_HANDLE hSession          # the session's handle 
+CK_BYTE_PTR       pData             # the data to sign 
+CK_ULONG          ulDataLen         # count of bytes to sign 
+CK_BYTE_PTR       pSignature        # gets the signature 
+CK_ULONG_PTR      pulSignatureLen   # gets signature length 
+
+# C_SignUpdate continues a multiple-part signature operation, where 
+# the signature is (will be) an appendix to the data, and plaintext 
+# cannot be recovered from the signature. 
+FUNCTION C_SignUpdate
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_BYTE_PTR       pPart     # the data to sign 
+CK_ULONG          ulPartLen # count of bytes to sign 
+
+# C_SignFinal finishes a multiple-part signature operation, returning 
+# the signature. 
+FUNCTION C_SignFinal
+CK_SESSION_HANDLE hSession          # the session's handle 
+CK_BYTE_PTR       pSignature        # gets the signature 
+CK_ULONG_PTR      pulSignatureLen   # gets signature length 
+
+# C_SignRecoverInit initializes a signature operation, where the data 
+# can be recovered from the signature. 
+FUNCTION C_SignRecoverInit
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_MECHANISM_PTR  pMechanism    # the signature mechanism 
+CK_OBJECT_HANDLE  hKey          # handle of the signature key 
+
+# C_SignRecover signs data in a single operation, where the data can 
+# be recovered from the signature. 
+FUNCTION C_SignRecover
+CK_SESSION_HANDLE hSession          # the session's handle 
+CK_BYTE_PTR       pData             # the data to sign 
+CK_ULONG          ulDataLen         # count of bytes to sign 
+CK_BYTE_PTR       pSignature        # gets the signature 
+CK_ULONG_PTR      pulSignatureLen   # gets signature length 
+
+
+# Verifying signatures and MACs 
+
+# C_VerifyInit initializes a verification operation, where the 
+# signature is an appendix to the data, and plaintext cannot cannot 
+# be recovered from the signature (e.g. DSA). 
+FUNCTION C_VerifyInit
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_MECHANISM_PTR  pMechanism    # the verification mechanism 
+CK_OBJECT_HANDLE  hKey          # verification key  
+
+# C_Verify verifies a signature in a single-part operation, where the 
+# signature is an appendix to the data, and plaintext cannot be 
+# recovered from the signature. 
+FUNCTION C_Verify
+CK_SESSION_HANDLE hSession          # the session's handle 
+CK_BYTE_PTR       pData             # signed data 
+CK_ULONG          ulDataLen         # length of signed data 
+CK_BYTE_PTR       pSignature        # signature 
+CK_ULONG          ulSignatureLen    # signature length
+
+# C_VerifyUpdate continues a multiple-part verification operation, 
+# where the signature is an appendix to the data, and plaintext cannot be 
+# recovered from the signature. 
+FUNCTION C_VerifyUpdate
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_BYTE_PTR       pPart     # signed data 
+CK_ULONG          ulPartLen # length of signed data 
+
+# C_VerifyFinal finishes a multiple-part verification operation, 
+# checking the signature. 
+FUNCTION C_VerifyFinal
+CK_SESSION_HANDLE hSession          # the session's handle 
+CK_BYTE_PTR       pSignature        # signature to verify 
+CK_ULONG          ulSignatureLen    # signature length 
+
+# C_VerifyRecoverInit initializes a signature verification operation, 
+# where the data is recovered from the signature. 
+FUNCTION C_VerifyRecoverInit
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_MECHANISM_PTR  pMechanism    # the verification mechanism 
+CK_OBJECT_HANDLE  hKey          # verification key 
+
+# C_VerifyRecover verifies a signature in a single-part operation, 
+# where the data is recovered from the signature. 
+FUNCTION C_VerifyRecover
+CK_SESSION_HANDLE hSession          # the session's handle 
+CK_BYTE_PTR       pSignature        # signature to verify 
+CK_ULONG          ulSignatureLen    # signature length 
+CK_BYTE_PTR       pData             # gets signed data 
+CK_ULONG_PTR      pulDataLen        # gets signed data len 
+
+
+# Dual-function cryptographic operations 
+
+# C_DigestEncryptUpdate continues a multiple-part digesting and 
+# encryption operation. 
+FUNCTION C_DigestEncryptUpdate
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pPart                 # the plaintext data 
+CK_ULONG          ulPartLen             # plaintext length 
+CK_BYTE_PTR       pEncryptedPart        # gets ciphertext 
+CK_ULONG_PTR      pulEncryptedPartLen   # gets c-text length 
+
+# C_DecryptDigestUpdate continues a multiple-part decryption and 
+# digesting operation. 
+FUNCTION C_DecryptDigestUpdate
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pEncryptedPart        # ciphertext 
+CK_ULONG          ulEncryptedPartLen    # ciphertext length 
+CK_BYTE_PTR       pPart                 # gets plaintext 
+CK_ULONG_PTR      pulPartLen            # gets plaintext len 
+
+# C_SignEncryptUpdate continues a multiple-part signing and 
+# encryption operation. 
+FUNCTION C_SignEncryptUpdate
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pPart                 # the plaintext data 
+CK_ULONG          ulPartLen             # plaintext length 
+CK_BYTE_PTR       pEncryptedPart        # gets ciphertext 
+CK_ULONG_PTR      pulEncryptedPartLen   # gets c-text length 
+
+# C_DecryptVerifyUpdate continues a multiple-part decryption and 
+# verify operation. 
+FUNCTION C_DecryptVerifyUpdate
+CK_SESSION_HANDLE hSession              # session's handle 
+CK_BYTE_PTR       pEncryptedPart        # ciphertext 
+CK_ULONG          ulEncryptedPartLen    # ciphertext length 
+CK_BYTE_PTR       pPart                 # gets plaintext 
+CK_ULONG_PTR      pulPartLen            # gets p-text length 
+
+
+# Key management 
+
+# C_GenerateKey generates a secret key, creating a new key object. 
+FUNCTION C_GenerateKey
+CK_SESSION_HANDLE    hSession   # the session's handle 
+CK_MECHANISM_PTR     pMechanism # key generation mech. 
+CK_ATTRIBUTE_PTR     pTemplate  # template for new key 
+CK_ULONG             ulCount    # # of attrs in template 
+CK_OBJECT_HANDLE_PTR phKey      # gets handle of new key 
+
+# C_GenerateKeyPair generates a public-key/private-key pair, creating 
+# new key objects. 
+FUNCTION C_GenerateKeyPair
+CK_SESSION_HANDLE    hSession                   # session handle
+CK_MECHANISM_PTR     pMechanism                 # key-gen mech.
+CK_ATTRIBUTE_PTR     pPublicKeyTemplate         # template for pub. key
+CK_ULONG             ulPublicKeyAttributeCount  # # pub. attrs.
+CK_ATTRIBUTE_PTR     pPrivateKeyTemplate        # template for priv. key
+CK_ULONG             ulPrivateKeyAttributeCount # # priv. attrs.
+CK_OBJECT_HANDLE_PTR phPublicKey                # gets pub. key handle
+CK_OBJECT_HANDLE_PTR phPrivateKey               # gets priv. key handle
+
+# C_WrapKey wraps (i.e., encrypts) a key. 
+FUNCTION C_WrapKey
+CK_SESSION_HANDLE hSession         # the session's handle 
+CK_MECHANISM_PTR  pMechanism       # the wrapping mechanism 
+CK_OBJECT_HANDLE  hWrappingKey     # wrapping key 
+CK_OBJECT_HANDLE  hKey             # key to be wrapped 
+CK_BYTE_PTR       pWrappedKey      # gets wrapped key 
+CK_ULONG_PTR      pulWrappedKeyLen # gets wrapped key size 
+
+# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key 
+# object. 
+FUNCTION C_UnwrapKey
+CK_SESSION_HANDLE    hSession           # session's handle 
+CK_MECHANISM_PTR     pMechanism         # unwrapping mech. 
+CK_OBJECT_HANDLE     hUnwrappingKey     # unwrapping key 
+CK_BYTE_PTR          pWrappedKey        # the wrapped key 
+CK_ULONG             ulWrappedKeyLen    # wrapped key len 
+CK_ATTRIBUTE_PTR     pTemplate          # new key template 
+CK_ULONG             ulAttributeCount   # template length 
+CK_OBJECT_HANDLE_PTR phKey              # gets new handle 
+
+# C_DeriveKey derives a key from a base key, creating a new key object.
+FUNCTION C_DeriveKey
+CK_SESSION_HANDLE    hSession           # session's handle 
+CK_MECHANISM_PTR     pMechanism         # key deriv. mech. 
+CK_OBJECT_HANDLE     hBaseKey           # base key 
+CK_ATTRIBUTE_PTR     pTemplate          # new key template 
+CK_ULONG             ulAttributeCount   # template length 
+CK_OBJECT_HANDLE_PTR phKey              # gets new handle 
+
+
+# Random number generation 
+
+# C_SeedRandom mixes additional seed material into the token's random 
+# number generator. 
+FUNCTION C_SeedRandom
+CK_SESSION_HANDLE hSession  # the session's handle 
+CK_BYTE_PTR       pSeed     # the seed material 
+CK_ULONG          ulSeedLen # length of seed material 
+
+# C_GenerateRandom generates random data. 
+FUNCTION C_GenerateRandom
+CK_SESSION_HANDLE hSession      # the session's handle 
+CK_BYTE_PTR       RandomData    # receives the random data 
+CK_ULONG          ulRandomLen   # # of bytes to generate 
+
+
+# Parallel function management 
+
+# C_GetFunctionStatus is a legacy function; it obtains an updated 
+# status of a function running in parallel with an application.
+FUNCTION C_GetFunctionStatus
+CK_SESSION_HANDLE hSession  # the session's handle 
+
+# C_CancelFunction is a legacy function; it cancels a function running 
+# in parallel. 
+FUNCTION C_CancelFunction
+CK_SESSION_HANDLE hSession  # the session's handle 
+
+
+# Functions added in for Cryptoki Version 2.01 or later 
+
+# C_WaitForSlotEvent waits for a slot event (token insertion, removal, 
+# etc.) to occur. 
+FUNCTION C_WaitForSlotEvent
+CK_FLAGS       flags    # blocking/nonblocking flag 
+CK_SLOT_ID_PTR pSlot    # location that receives the slot ID 
+CK_VOID_PTR    pRserved # reserved.  Should be NULL_PTR 
+
+## C_ConfigureSlot passes an installation-specified bytestring to a 
+## slot. 
+#FUNCTION C_ConfigureSlot
+#CK_SLOT_ID slotID      # the slot to configure 
+#CK_BYTE_PTR pConfig    # the configuration string 
+#CK_ULONG ulConfigLen   # length of the config string 
diff --git a/nss/lib/ckfw/ck.h b/nss/lib/ckfw/ck.h
new file mode 100644
index 0000000..1f0237b
--- /dev/null
+++ b/nss/lib/ckfw/ck.h
@@ -0,0 +1,88 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CK_H
+#define CK_H
+
+/*
+ * ck.h
+ *
+ * This header file consolidates all header files needed by the source
+ * files implementing the NSS Cryptoki Framework.  This makes managing
+ * the source files a bit easier.
+ */
+
+/* Types */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFT_H
+#include "nssckft.h"
+#endif /* NSSCKFT_H */
+
+#ifndef NSSCKEPV_H
+#include "nssckepv.h"
+#endif /* NSSCKEPV_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+#ifndef NSSCKMDT_H
+#include "nssckmdt.h"
+#endif /* NSSCKMDT_H */
+
+#ifndef CKT_H
+#include "ckt.h"
+#endif /* CKT_H */
+
+#ifndef CKFWTM_H
+#include "ckfwtm.h"
+#endif /* CKFWTM_H */
+
+/* Prototypes */
+
+#ifndef NSSBASE_H
+#include "nssbase.h"
+#endif /* NSSBASE_H */
+
+#ifndef NSSCKG_H
+#include "nssckg.h"
+#endif /* NSSCKG_H */
+
+#ifndef NSSCKFW_H
+#include "nssckfw.h"
+#endif /* NSSCKFW_H */
+
+#ifndef NSSCKFWC_H
+#include "nssckfwc.h"
+#endif /* NSSCKFWC_H */
+
+#ifndef CKFW_H
+#include "ckfw.h"
+#endif /* CKFW_H */
+
+#ifndef CKFWM_H
+#include "ckfwm.h"
+#endif /* CKFWM_H */
+
+#ifndef CKMD_H
+#include "ckmd.h"
+#endif /* CKMD_H */
+
+/* NSS-private */
+
+/* nss_ZNEW and the like.  We might want to publish the memory APIs.. */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#endif /* CK_H */
diff --git a/nss/lib/ckfw/ckapi.perl b/nss/lib/ckfw/ckapi.perl
new file mode 100644
index 0000000..f294ba7
--- /dev/null
+++ b/nss/lib/ckfw/ckapi.perl
@@ -0,0 +1,434 @@
+#!perl
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$copyright = '/* THIS IS A GENERATED FILE */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+';
+
+$count = -1;
+$i = 0;
+
+open(INPUT, "<$ARGV[0]") || die "Can't open $ARGV[0]: $!";
+
+while(<INPUT>) {
+  s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
+  next if (/^\s*$/);
+
+#  print;
+
+  /^([\S]+)\s+([^"][\S]*|"[^"]*")/;
+  $name = $1;
+  $value = $2;
+
+  if( ($name =~ "FUNCTION") && !($name =~ "CK_FUNCTION") ) {
+    $count++;
+    $x[$count]{name} = $value;
+    $i = 0;
+  } else {
+    if( $count < 0 ) {
+      $value =~ s/"//g;
+      $g{$name} = $value;
+    } else {
+      $x[$count]{args}[$i]{type} = $name;
+      $x[$count]{args}[$i]{name} = $value;
+      $i++;
+      $x[$count]{nargs} = $i; # rewritten each time, oh well
+    }
+  }
+}
+
+close INPUT;
+
+# dodump();
+doprint();
+
+sub dodump {
+  for( $j = 0; $j <= $count; $j++ ) {
+    print "CK_RV CK_ENTRY $x[$j]{name}\n";
+    for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
+      print "  $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
+      if( $i == ($x[$j]{nargs} - 1) ) {
+        print "\n";
+      } else {
+        print ",\n";
+      }
+    }
+  }
+}
+
+sub doprint {
+open(PROTOTYPE, ">nssckg.h") || die "Can't open nssckg.h: $!";
+open(TYPEDEF, ">nssckft.h") || die "Can't open nssckft.h: $!";
+open(EPV, ">nssckepv.h") || die "Can't open nssckepv.h: $!";
+open(API, ">nssck.api") || die "Can't open nssck.api: $!";
+
+select PROTOTYPE;
+
+print $copyright;
+print <<EOD
+#ifndef NSSCKG_H
+#define NSSCKG_H
+
+/*
+ * nssckg.h
+ *
+ * This automatically-generated header file prototypes the Cryptoki
+ * functions specified by PKCS#11.
+ */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+EOD
+    ;
+
+for( $j = 0; $j <= $count; $j++ ) {
+  print "CK_RV CK_ENTRY $x[$j]{name}\n";
+  print "(\n";
+  for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
+    print "  $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
+    if( $i == ($x[$j]{nargs} - 1) ) {
+      print "\n";
+    } else {
+      print ",\n";
+    }
+  }
+  print ");\n\n";
+}
+
+print <<EOD
+#endif /* NSSCKG_H */
+EOD
+    ;
+
+select TYPEDEF;
+
+print $copyright;
+print <<EOD
+#ifndef NSSCKFT_H
+#define NSSCKFT_H
+
+/*
+ * nssckft.h
+ *
+ * The automatically-generated header file declares a typedef
+ * each of the Cryptoki functions specified by PKCS#11.
+ */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+EOD
+    ;
+
+for( $j = 0; $j <= $count; $j++ ) {
+#  print "typedef CK_RV (CK_ENTRY *CK_$x[$j]{name})(\n";
+  print "typedef CK_CALLBACK_FUNCTION(CK_RV, CK_$x[$j]{name})(\n";
+  for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
+    print "  $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
+    if( $i == ($x[$j]{nargs} - 1) ) {
+      print "\n";
+    } else {
+      print ",\n";
+    }
+  }
+  print ");\n\n";
+}
+
+print <<EOD
+#endif /* NSSCKFT_H */
+EOD
+    ;
+
+select EPV;
+
+print $copyright;
+print <<EOD
+#ifndef NSSCKEPV_H
+#define NSSCKEPV_H
+
+/*
+ * nssckepv.h
+ *
+ * This automatically-generated header file defines the type
+ * CK_FUNCTION_LIST specified by PKCS#11.
+ */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFT_H
+#include "nssckft.h"
+#endif /* NSSCKFT_H */
+
+#include "nssckp.h"
+
+struct CK_FUNCTION_LIST {
+  CK_VERSION version;
+EOD
+    ;
+
+for( $j = 0; $j <= $count; $j++ ) {
+  print "  CK_$x[$j]{name} $x[$j]{name};\n";
+}
+
+print <<EOD
+};
+
+#include "nsscku.h"
+
+#endif /* NSSCKEPV_H */
+EOD
+    ;
+
+select API;
+
+print $copyright;
+print <<EOD
+
+/*
+ * nssck.api
+ *
+ * This automatically-generated file is used to generate a set of
+ * Cryptoki entry points within the object space of a Module using
+ * the NSS Cryptoki Framework.
+ *
+ * The Module should have a .c file with the following:
+ *
+ *  #define MODULE_NAME name
+ *  #define INSTANCE_NAME instance
+ *  #include "nssck.api"
+ *
+ * where "name" is some module-specific name that can be used to
+ * disambiguate various modules.  This included file will then
+ * define the actual Cryptoki routines which pass through to the
+ * Framework calls.  All routines, except C_GetFunctionList, will
+ * be prefixed with the name; C_GetFunctionList will be generated
+ * to return an entry-point vector with these routines.  The
+ * instance specified should be the basic instance of NSSCKMDInstance.
+ *
+ * If, prior to including nssck.api, the .c file also specifies
+ *
+ *  #define DECLARE_STRICT_CRYTPOKI_NAMES
+ *
+ * Then a set of "stub" routines not prefixed with the name will
+ * be included.  This would allow the combined module and framework
+ * to be used in applications which are hard-coded to use the
+ * PKCS#11 names (instead of going through the EPV).  Please note
+ * that such applications should be careful resolving symbols when
+ * more than one PKCS#11 module is loaded.
+ */
+
+#ifndef MODULE_NAME
+#error "Error: MODULE_NAME must be defined."
+#endif /* MODULE_NAME */
+
+#ifndef INSTANCE_NAME
+#error "Error: INSTANCE_NAME must be defined."
+#endif /* INSTANCE_NAME */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+#ifndef NSSCKFWC_H
+#include "nssckfwc.h"
+#endif /* NSSCKFWC_H */
+
+#ifndef NSSCKEPV_H
+#include "nssckepv.h"
+#endif /* NSSCKEPV_H */
+
+#define ADJOIN(x,y) x##y
+
+#define __ADJOIN(x,y) ADJOIN(x,y)
+
+/*
+ * The anchor.  This object is used to store an "anchor" pointer in
+ * the Module's object space, so the wrapper functions can relate
+ * back to this instance.
+ */
+
+static NSSCKFWInstance *fwInstance = (NSSCKFWInstance *)0;
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Initialize)
+(
+  CK_VOID_PTR pInitArgs
+)
+{
+  return NSSCKFWC_Initialize(&fwInstance, INSTANCE_NAME, pInitArgs);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY 
+C_Initialize
+(
+  CK_VOID_PTR pInitArgs
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Initialize)(pInitArgs);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Finalize)
+(
+  CK_VOID_PTR pReserved
+)
+{
+  return NSSCKFWC_Finalize(&fwInstance);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Finalize
+(
+  CK_VOID_PTR pReserved
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Finalize)(pReserved);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetInfo)
+(
+  CK_INFO_PTR pInfo
+)
+{
+  return NSSCKFWC_GetInfo(fwInstance, pInfo);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetInfo
+(
+  CK_INFO_PTR pInfo
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetInfo)(pInfo);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+/*
+ * C_GetFunctionList is defined at the end.
+ */
+
+EOD
+    ;
+
+for( $j = 4; $j <= $count; $j++ ) {
+  print "static CK_RV CK_ENTRY\n";
+  print "__ADJOIN(MODULE_NAME,$x[$j]{name})\n";
+  print "(\n";
+  for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
+    print "  $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
+    if( $i == ($x[$j]{nargs} - 1) ) {
+      print "\n";
+    } else {
+      print ",\n";
+    }
+  }
+  print ")\n";
+  print "{\n";
+  print "  return NSSCKFW$x[$j]{name}(fwInstance, ";
+  for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
+    print "$x[$j]{args}[$i]{name}";
+    if( $i == ($x[$j]{nargs} - 1) ) {
+      print ");\n";
+    } else {
+      print ", ";
+    }
+  }
+  print "}\n\n";
+
+  print "#ifdef DECLARE_STRICT_CRYPTOKI_NAMES\n";
+  print "CK_RV CK_ENTRY\n";
+  print "$x[$j]{name}\n";
+  print "(\n";
+  for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
+    print "  $x[$j]{args}[$i]{type} $x[$j]{args}[$i]{name}";
+    if( $i == ($x[$j]{nargs} - 1) ) {
+      print "\n";
+    } else {
+      print ",\n";
+    }
+  }
+  print ")\n";
+  print "{\n";
+  print "  return __ADJOIN(MODULE_NAME,$x[$j]{name})(";
+  for( $i = 0; $i < $x[$j]{nargs}; $i++ ) {
+    print "$x[$j]{args}[$i]{name}";
+    if( $i == ($x[$j]{nargs} - 1) ) {
+      print ");\n";
+    } else {
+      print ", ";
+    }
+  }
+  print "}\n";
+  print "#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */\n\n";
+}
+
+print <<EOD
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetFunctionList)
+(
+  CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+);
+
+static CK_FUNCTION_LIST FunctionList = {
+  { 2, 1 },
+EOD
+    ;
+
+for( $j = 0; $j <= $count; $j++ ) {
+  print "__ADJOIN(MODULE_NAME,$x[$j]{name})";
+  if( $j < $count ) {
+    print ",\n";
+  } else {
+    print "\n};\n\n";
+  }
+}
+
+print <<EOD
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetFunctionList)
+(
+  CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+)
+{
+  *ppFunctionList = &FunctionList;
+  return CKR_OK;
+}
+
+/* This one is always present */
+CK_RV CK_ENTRY
+C_GetFunctionList
+(
+  CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
+}
+
+#undef __ADJOIN
+
+EOD
+    ;
+
+select STDOUT;
+
+}
diff --git a/nss/lib/ckfw/ckfw.gyp b/nss/lib/ckfw/ckfw.gyp
new file mode 100644
index 0000000..40da8d8
--- /dev/null
+++ b/nss/lib/ckfw/ckfw.gyp
@@ -0,0 +1,34 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nssckfw',
+      'type': 'static_library',
+      'sources': [
+        'crypto.c',
+        'find.c',
+        'hash.c',
+        'instance.c',
+        'mechanism.c',
+        'mutex.c',
+        'object.c',
+        'session.c',
+        'sessobj.c',
+        'slot.c',
+        'token.c',
+        'wrap.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/ckfw/ckfw.h b/nss/lib/ckfw/ckfw.h
new file mode 100644
index 0000000..d4a2ead
--- /dev/null
+++ b/nss/lib/ckfw/ckfw.h
@@ -0,0 +1,2049 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKFW_H
+#define CKFW_H
+
+/*
+ * ckfw.h
+ *
+ * This file prototypes the private calls of the NSS Cryptoki Framework.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+#ifndef NSSCKMDT_H
+#include "nssckmdt.h"
+#endif /* NSSCKMDT_H */
+
+/*
+ * NSSCKFWInstance
+ *
+ *  -- create/destroy --
+ *  nssCKFWInstance_Create
+ *  nssCKFWInstance_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWInstance_GetMDInstance
+ *  nssCKFWInstance_GetArena
+ *  nssCKFWInstance_MayCreatePthreads
+ *  nssCKFWInstance_CreateMutex
+ *  nssCKFWInstance_GetConfigurationData
+ *  nssCKFWInstance_GetInitArgs
+ *
+ *  -- private accessors --
+ *  nssCKFWInstance_CreateSessionHandle
+ *  nssCKFWInstance_ResolveSessionHandle
+ *  nssCKFWInstance_DestroySessionHandle
+ *  nssCKFWInstance_FindSessionHandle
+ *  nssCKFWInstance_CreateObjectHandle
+ *  nssCKFWInstance_ResolveObjectHandle
+ *  nssCKFWInstance_DestroyObjectHandle
+ *  nssCKFWInstance_FindObjectHandle
+ *
+ *  -- module fronts --
+ *  nssCKFWInstance_GetNSlots
+ *  nssCKFWInstance_GetCryptokiVersion
+ *  nssCKFWInstance_GetManufacturerID
+ *  nssCKFWInstance_GetFlags
+ *  nssCKFWInstance_GetLibraryDescription
+ *  nssCKFWInstance_GetLibraryVersion
+ *  nssCKFWInstance_GetModuleHandlesSessionObjects
+ *  nssCKFWInstance_GetSlots
+ *  nssCKFWInstance_WaitForSlotEvent
+ *
+ *  -- debugging versions only --
+ *  nssCKFWInstance_verifyPointer
+ */
+
+/*
+ * nssCKFWInstance_Create
+ *
+ */
+NSS_EXTERN NSSCKFWInstance *
+nssCKFWInstance_Create(
+    CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+    CryptokiLockingState LockingState,
+    NSSCKMDInstance *mdInstance,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_Destroy
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWInstance_Destroy(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_GetMDInstance
+ *
+ */
+NSS_EXTERN NSSCKMDInstance *
+nssCKFWInstance_GetMDInstance(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_GetArena
+ *
+ */
+NSS_EXTERN NSSArena *
+nssCKFWInstance_GetArena(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_MayCreatePthreads
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWInstance_MayCreatePthreads(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_CreateMutex
+ *
+ */
+NSS_EXTERN NSSCKFWMutex *
+nssCKFWInstance_CreateMutex(
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_GetConfigurationData
+ *
+ */
+NSS_EXTERN NSSUTF8 *
+nssCKFWInstance_GetConfigurationData(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_GetInitArgs
+ *
+ */
+NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR
+nssCKFWInstance_GetInitArgs(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_CreateSessionHandle
+ *
+ */
+NSS_EXTERN CK_SESSION_HANDLE
+nssCKFWInstance_CreateSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_ResolveSessionHandle
+ *
+ */
+NSS_EXTERN NSSCKFWSession *
+nssCKFWInstance_ResolveSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * nssCKFWInstance_DestroySessionHandle
+ *
+ */
+NSS_EXTERN void
+nssCKFWInstance_DestroySessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * nssCKFWInstance_FindSessionHandle
+ *
+ */
+NSS_EXTERN CK_SESSION_HANDLE
+nssCKFWInstance_FindSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWInstance_CreateObjectHandle
+ *
+ */
+NSS_EXTERN CK_OBJECT_HANDLE
+nssCKFWInstance_CreateObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_ResolveObjectHandle
+ *
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWInstance_ResolveObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject);
+
+/*
+ * nssCKFWInstance_ReassignObjectHandle
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWInstance_ReassignObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject,
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWInstance_DestroyObjectHandle
+ *
+ */
+NSS_EXTERN void
+nssCKFWInstance_DestroyObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject);
+
+/*
+ * nssCKFWInstance_FindObjectHandle
+ *
+ */
+NSS_EXTERN CK_OBJECT_HANDLE
+nssCKFWInstance_FindObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWInstance_GetNSlots
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWInstance_GetNSlots(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_GetCryptokiVersion
+ *
+ */
+NSS_EXTERN CK_VERSION
+nssCKFWInstance_GetCryptokiVersion(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_GetManufacturerID
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWInstance_GetManufacturerID(
+    NSSCKFWInstance *fwInstance,
+    CK_CHAR manufacturerID[32]);
+
+/*
+ * nssCKFWInstance_GetFlags
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWInstance_GetFlags(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_GetLibraryDescription
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWInstance_GetLibraryDescription(
+    NSSCKFWInstance *fwInstance,
+    CK_CHAR libraryDescription[32]);
+
+/*
+ * nssCKFWInstance_GetLibraryVersion
+ *
+ */
+NSS_EXTERN CK_VERSION
+nssCKFWInstance_GetLibraryVersion(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_GetModuleHandlesSessionObjects
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWInstance_GetModuleHandlesSessionObjects(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_GetSlots
+ *
+ */
+NSS_EXTERN NSSCKFWSlot **
+nssCKFWInstance_GetSlots(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_WaitForSlotEvent
+ *
+ */
+NSS_EXTERN NSSCKFWSlot *
+nssCKFWInstance_WaitForSlotEvent(
+    NSSCKFWInstance *fwInstance,
+    CK_BBOOL block,
+    CK_RV *pError);
+
+/*
+ * nssCKFWInstance_verifyPointer
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWInstance_verifyPointer(
+    const NSSCKFWInstance *fwInstance);
+
+/*
+ * NSSCKFWSlot
+ *
+ *  -- create/destroy --
+ *  nssCKFWSlot_Create
+ *  nssCKFWSlot_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWSlot_GetMDSlot
+ *  nssCKFWSlot_GetFWInstance
+ *  nssCKFWSlot_GetMDInstance
+ *
+ *  -- private accessors --
+ *  nssCKFWSlot_GetSlotID
+ *
+ *  -- module fronts --
+ *  nssCKFWSlot_GetSlotDescription
+ *  nssCKFWSlot_GetManufacturerID
+ *  nssCKFWSlot_GetTokenPresent
+ *  nssCKFWSlot_GetRemovableDevice
+ *  nssCKFWSlot_GetHardwareSlot
+ *  nssCKFWSlot_GetHardwareVersion
+ *  nssCKFWSlot_GetFirmwareVersion
+ *  nssCKFWSlot_GetToken
+ */
+
+/*
+ * nssCKFWSlot_Create
+ *
+ */
+NSS_EXTERN NSSCKFWSlot *
+nssCKFWSlot_Create(
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *mdSlot,
+    CK_SLOT_ID slotID,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSlot_Destroy
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSlot_Destroy(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetMDSlot
+ *
+ */
+NSS_EXTERN NSSCKMDSlot *
+nssCKFWSlot_GetMDSlot(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetFWInstance
+ *
+ */
+
+NSS_EXTERN NSSCKFWInstance *
+nssCKFWSlot_GetFWInstance(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetMDInstance
+ *
+ */
+
+NSS_EXTERN NSSCKMDInstance *
+nssCKFWSlot_GetMDInstance(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetSlotID
+ *
+ */
+NSS_EXTERN CK_SLOT_ID
+nssCKFWSlot_GetSlotID(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetSlotDescription
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSlot_GetSlotDescription(
+    NSSCKFWSlot *fwSlot,
+    CK_CHAR slotDescription[64]);
+
+/*
+ * nssCKFWSlot_GetManufacturerID
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSlot_GetManufacturerID(
+    NSSCKFWSlot *fwSlot,
+    CK_CHAR manufacturerID[32]);
+
+/*
+ * nssCKFWSlot_GetTokenPresent
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWSlot_GetTokenPresent(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetRemovableDevice
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWSlot_GetRemovableDevice(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetHardwareSlot
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWSlot_GetHardwareSlot(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetHardwareVersion
+ *
+ */
+NSS_EXTERN CK_VERSION
+nssCKFWSlot_GetHardwareVersion(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetFirmwareVersion
+ *
+ */
+NSS_EXTERN CK_VERSION
+nssCKFWSlot_GetFirmwareVersion(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * nssCKFWSlot_GetToken
+ *
+ */
+NSS_EXTERN NSSCKFWToken *
+nssCKFWSlot_GetToken(
+    NSSCKFWSlot *fwSlot,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSlot_ClearToken
+ *
+ */
+NSS_EXTERN void
+nssCKFWSlot_ClearToken(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * NSSCKFWToken
+ *
+ *  -- create/destroy --
+ *  nssCKFWToken_Create
+ *  nssCKFWToken_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWToken_GetMDToken
+ *  nssCKFWToken_GetFWSlot
+ *  nssCKFWToken_GetMDSlot
+ *  nssCKFWToken_GetSessionState
+ *
+ *  -- private accessors --
+ *  nssCKFWToken_SetSessionState
+ *  nssCKFWToken_RemoveSession
+ *  nssCKFWToken_CloseAllSessions
+ *  nssCKFWToken_GetSessionCount
+ *  nssCKFWToken_GetRwSessionCount
+ *  nssCKFWToken_GetRoSessionCount
+ *  nssCKFWToken_GetSessionObjectHash
+ *  nssCKFWToken_GetMDObjectHash
+ *  nssCKFWToken_GetObjectHandleHash
+ *
+ *  -- module fronts --
+ *  nssCKFWToken_InitToken
+ *  nssCKFWToken_GetLabel
+ *  nssCKFWToken_GetManufacturerID
+ *  nssCKFWToken_GetModel
+ *  nssCKFWToken_GetSerialNumber
+ *  nssCKFWToken_GetHasRNG
+ *  nssCKFWToken_GetIsWriteProtected
+ *  nssCKFWToken_GetLoginRequired
+ *  nssCKFWToken_GetUserPinInitialized
+ *  nssCKFWToken_GetRestoreKeyNotNeeded
+ *  nssCKFWToken_GetHasClockOnToken
+ *  nssCKFWToken_GetHasProtectedAuthenticationPath
+ *  nssCKFWToken_GetSupportsDualCryptoOperations
+ *  nssCKFWToken_GetMaxSessionCount
+ *  nssCKFWToken_GetMaxRwSessionCount
+ *  nssCKFWToken_GetMaxPinLen
+ *  nssCKFWToken_GetMinPinLen
+ *  nssCKFWToken_GetTotalPublicMemory
+ *  nssCKFWToken_GetFreePublicMemory
+ *  nssCKFWToken_GetTotalPrivateMemory
+ *  nssCKFWToken_GetFreePrivateMemory
+ *  nssCKFWToken_GetHardwareVersion
+ *  nssCKFWToken_GetFirmwareVersion
+ *  nssCKFWToken_GetUTCTime
+ *  nssCKFWToken_OpenSession
+ *  nssCKFWToken_GetMechanismCount
+ *  nssCKFWToken_GetMechanismTypes
+ *  nssCKFWToken_GetMechanism
+ */
+
+/*
+ * nssCKFWToken_Create
+ *
+ */
+NSS_EXTERN NSSCKFWToken *
+nssCKFWToken_Create(
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDToken *mdToken,
+    CK_RV *pError);
+
+/*
+ * nssCKFWToken_Destroy
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_Destroy(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMDToken
+ *
+ */
+NSS_EXTERN NSSCKMDToken *
+nssCKFWToken_GetMDToken(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetArena
+ *
+ */
+NSS_EXTERN NSSArena *
+nssCKFWToken_GetArena(
+    NSSCKFWToken *fwToken,
+    CK_RV *pError);
+
+/*
+ * nssCKFWToken_GetFWSlot
+ *
+ */
+NSS_EXTERN NSSCKFWSlot *
+nssCKFWToken_GetFWSlot(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMDSlot
+ *
+ */
+NSS_EXTERN NSSCKMDSlot *
+nssCKFWToken_GetMDSlot(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetSessionState
+ *
+ */
+NSS_EXTERN CK_STATE
+nssCKFWToken_GetSessionState(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_InitToken
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_InitToken(
+    NSSCKFWToken *fwToken,
+    NSSItem *pin,
+    NSSUTF8 *label);
+
+/*
+ * nssCKFWToken_GetLabel
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_GetLabel(
+    NSSCKFWToken *fwToken,
+    CK_CHAR label[32]);
+
+/*
+ * nssCKFWToken_GetManufacturerID
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_GetManufacturerID(
+    NSSCKFWToken *fwToken,
+    CK_CHAR manufacturerID[32]);
+
+/*
+ * nssCKFWToken_GetModel
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_GetModel(
+    NSSCKFWToken *fwToken,
+    CK_CHAR model[16]);
+
+/*
+ * nssCKFWToken_GetSerialNumber
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_GetSerialNumber(
+    NSSCKFWToken *fwToken,
+    CK_CHAR serialNumber[16]);
+
+/*
+ * nssCKFWToken_GetHasRNG
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetHasRNG(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetIsWriteProtected
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetIsWriteProtected(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetLoginRequired
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetLoginRequired(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetUserPinInitialized
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetUserPinInitialized(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetRestoreKeyNotNeeded
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetRestoreKeyNotNeeded(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetHasClockOnToken
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetHasClockOnToken(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetHasProtectedAuthenticationPath
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetHasProtectedAuthenticationPath(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetSupportsDualCryptoOperations
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWToken_GetSupportsDualCryptoOperations(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMaxSessionCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetMaxSessionCount(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMaxRwSessionCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetMaxRwSessionCount(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMaxPinLen
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetMaxPinLen(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMinPinLen
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetMinPinLen(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetTotalPublicMemory
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetTotalPublicMemory(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetFreePublicMemory
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetFreePublicMemory(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetTotalPrivateMemory
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetTotalPrivateMemory(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetFreePrivateMemory
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetFreePrivateMemory(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetHardwareVersion
+ *
+ */
+NSS_EXTERN CK_VERSION
+nssCKFWToken_GetHardwareVersion(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetFirmwareVersion
+ *
+ */
+NSS_EXTERN CK_VERSION
+nssCKFWToken_GetFirmwareVersion(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetUTCTime
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_GetUTCTime(
+    NSSCKFWToken *fwToken,
+    CK_CHAR utcTime[16]);
+
+/*
+ * nssCKFWToken_OpenSession
+ *
+ */
+NSS_EXTERN NSSCKFWSession *
+nssCKFWToken_OpenSession(
+    NSSCKFWToken *fwToken,
+    CK_BBOOL rw,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_RV *pError);
+
+/*
+ * nssCKFWToken_GetMechanismCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetMechanismCount(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMechanismTypes
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_GetMechanismTypes(
+    NSSCKFWToken *fwToken,
+    CK_MECHANISM_TYPE types[]);
+
+/*
+ * nssCKFWToken_GetMechanism
+ *
+ */
+NSS_EXTERN NSSCKFWMechanism *
+nssCKFWToken_GetMechanism(
+    NSSCKFWToken *fwToken,
+    CK_MECHANISM_TYPE which,
+    CK_RV *pError);
+
+/*
+ * nssCKFWToken_SetSessionState
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_SetSessionState(
+    NSSCKFWToken *fwToken,
+    CK_STATE newState);
+
+/*
+ * nssCKFWToken_RemoveSession
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_RemoveSession(
+    NSSCKFWToken *fwToken,
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWToken_CloseAllSessions
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWToken_CloseAllSessions(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetSessionCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetSessionCount(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetRwSessionCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetRwSessionCount(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetRoSessionCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWToken_GetRoSessionCount(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetSessionObjectHash
+ *
+ */
+NSS_EXTERN nssCKFWHash *
+nssCKFWToken_GetSessionObjectHash(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetMDObjectHash
+ *
+ */
+NSS_EXTERN nssCKFWHash *
+nssCKFWToken_GetMDObjectHash(
+    NSSCKFWToken *fwToken);
+
+/*
+ * nssCKFWToken_GetObjectHandleHash
+ *
+ */
+NSS_EXTERN nssCKFWHash *
+nssCKFWToken_GetObjectHandleHash(
+    NSSCKFWToken *fwToken);
+
+/*
+ * NSSCKFWMechanism
+ *
+ *  -- create/destroy --
+ *  nssCKFWMechanism_Create
+ *  nssCKFWMechanism_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWMechanism_GetMDMechanism
+ *
+ *  -- private accessors --
+ *
+ *  -- module fronts --
+ *  nssCKFWMechanism_GetMinKeySize
+ *  nssCKFWMechanism_GetMaxKeySize
+ *  nssCKFWMechanism_GetInHardware
+ *  nssCKFWMechanism_GetCanEncrypt
+ *  nssCKFWMechanism_GetCanDecrypt
+ *  nssCKFWMechanism_GetCanDigest
+ *  nssCKFWMechanism_GetCanSignRecover
+ *  nssCKFWMechanism_GetCanVerify
+ *  nssCKFWMechanism_GetCanVerifyRecover
+ *  nssCKFWMechanism_GetCanGenerate
+ *  nssCKFWMechanism_GetCanGenerateKeyPair
+ *  nssCKFWMechanism_GetCanWrap
+ *  nssCKFWMechanism_GetCanUnwrap
+ *  nssCKFWMechanism_GetCanDerive
+ *  nssCKFWMechanism_EncryptInit
+ *  nssCKFWMechanism_DecryptInit
+ *  nssCKFWMechanism_DigestInit
+ *  nssCKFWMechanism_SignInit
+ *  nssCKFWMechanism_SignRecoverInit
+ *  nssCKFWMechanism_VerifyInit
+ *  nssCKFWMechanism_VerifyRecoverInit
+ *  nssCKFWMechanism_GenerateKey
+ *  nssCKFWMechanism_GenerateKeyPair
+ *  nssCKFWMechanism_GetWrapKeyLength
+ *  nssCKFWMechanism_WrapKey
+ *  nssCKFWMechanism_UnwrapKey
+ *  nssCKFWMechanism_DeriveKey
+ */
+
+/*
+ * nssCKFWMechanism_Create
+ *
+ */
+NSS_EXTERN NSSCKFWMechanism *
+nssCKFWMechanism_Create(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWMechanism_Destroy
+ *
+ */
+NSS_EXTERN void
+nssCKFWMechanism_Destroy(
+    NSSCKFWMechanism *fwMechanism);
+
+/*
+ * nssCKFWMechanism_GetMDMechanism
+ *
+ */
+
+NSS_EXTERN NSSCKMDMechanism *
+nssCKFWMechanism_GetMDMechanism(
+    NSSCKFWMechanism *fwMechanism);
+
+/*
+ * nssCKFWMechanism_GetMinKeySize
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWMechanism_GetMinKeySize(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetMaxKeySize
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWMechanism_GetMaxKeySize(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetInHardware
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetInHardware(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * the following are determined automatically by which of the cryptographic
+ * functions are defined for this mechanism.
+ */
+/*
+ * nssCKFWMechanism_GetCanEncrypt
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanEncrypt(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanDecrypt
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDecrypt(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanDigest
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDigest(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanSign
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanSign(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanSignRecover
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanSignRecover(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanVerify
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanVerify(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanVerifyRecover
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanVerifyRecover(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanGenerate
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanGenerate(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanGenerateKeyPair
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanGenerateKeyPair(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanWrap
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanWrap(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanUnwrap
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanUnwrap(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GetCanDerive
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDerive(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError);
+
+/*
+ *  nssCKFWMechanism_EncryptInit
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_EncryptInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ *  nssCKFWMechanism_DecryptInit
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_DecryptInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ *  nssCKFWMechanism_DigestInit
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_DigestInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession);
+
+/*
+ *  nssCKFWMechanism_SignInit
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_SignInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ *  nssCKFWMechanism_SignRecoverInit
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_SignRecoverInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ *  nssCKFWMechanism_VerifyInit
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_VerifyInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ *  nssCKFWMechanism_VerifyRecoverInit
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_VerifyRecoverInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWMechanism_GenerateKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_GenerateKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_GenerateKeyPair
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_GenerateKeyPair(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount,
+    CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount,
+    NSSCKFWObject **fwPublicKeyObject,
+    NSSCKFWObject **fwPrivateKeyObject);
+
+/*
+ * nssCKFWMechanism_GetWrapKeyLength
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWMechanism_GetWrapKeyLength(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwWrappingKeyObject,
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_WrapKey
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_WrapKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwWrappingKeyObject,
+    NSSCKFWObject *fwObject,
+    NSSItem *wrappedKey);
+
+/*
+ * nssCKFWMechanism_UnwrapKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_UnwrapKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwWrappingKeyObject,
+    NSSItem *wrappedKey,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMechanism_DeriveKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_DeriveKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwBaseKeyObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWCryptoOperation
+ *
+ *  -- create/destroy --
+ *  nssCKFWCryptoOperation_Create
+ *  nssCKFWCryptoOperation_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWCryptoOperation_GetMDCryptoOperation
+ *  nssCKFWCryptoOperation_GetType
+ *
+ *  -- private accessors --
+ *
+ *  -- module fronts --
+ * nssCKFWCryptoOperation_GetFinalLength
+ * nssCKFWCryptoOperation_GetOperationLength
+ * nssCKFWCryptoOperation_Final
+ * nssCKFWCryptoOperation_Update
+ * nssCKFWCryptoOperation_DigestUpdate
+ * nssCKFWCryptoOperation_DigestKey
+ * nssCKFWCryptoOperation_UpdateFinal
+ */
+
+/*
+ *  nssCKFWCrytoOperation_Create
+ */
+NSS_EXTERN NSSCKFWCryptoOperation *
+nssCKFWCryptoOperation_Create(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWCryptoOperationType type,
+    CK_RV *pError);
+
+/*
+ *  nssCKFWCryptoOperation_Destroy
+ */
+NSS_EXTERN void
+nssCKFWCryptoOperation_Destroy(
+    NSSCKFWCryptoOperation *fwOperation);
+
+/*
+ *  nssCKFWCryptoOperation_GetMDCryptoOperation
+ */
+NSS_EXTERN NSSCKMDCryptoOperation *
+nssCKFWCryptoOperation_GetMDCryptoOperation(
+    NSSCKFWCryptoOperation *fwOperation);
+
+/*
+ *  nssCKFWCryptoOperation_GetType
+ */
+NSS_EXTERN NSSCKFWCryptoOperationType
+nssCKFWCryptoOperation_GetType(
+    NSSCKFWCryptoOperation *fwOperation);
+
+/*
+ * nssCKFWCryptoOperation_GetFinalLength
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWCryptoOperation_GetFinalLength(
+    NSSCKFWCryptoOperation *fwOperation,
+    CK_RV *pError);
+
+/*
+ * nssCKFWCryptoOperation_GetOperationLength
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWCryptoOperation_GetOperationLength(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer,
+    CK_RV *pError);
+
+/*
+ * nssCKFWCryptoOperation_Final
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_Final(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *outputBuffer);
+
+/*
+ * nssCKFWCryptoOperation_Update
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_Update(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer,
+    NSSItem *outputBuffer);
+
+/*
+ * nssCKFWCryptoOperation_DigestUpdate
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_DigestUpdate(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer);
+
+/*
+ * nssCKFWCryptoOperation_DigestKey
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_DigestKey(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKFWObject *fwKey);
+
+/*
+ * nssCKFWCryptoOperation_UpdateFinal
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_UpdateFinal(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer,
+    NSSItem *outputBuffer);
+
+/*
+ * nssCKFWCryptoOperation_UpdateCombo
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_UpdateCombo(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKFWCryptoOperation *fwPeerOperation,
+    NSSItem *inputBuffer,
+    NSSItem *outputBuffer);
+
+/*
+ * NSSCKFWSession
+ *
+ *  -- create/destroy --
+ *  nssCKFWSession_Create
+ *  nssCKFWSession_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWSession_GetMDSession
+ *  nssCKFWSession_GetArena
+ *  nssCKFWSession_CallNotification
+ *  nssCKFWSession_IsRWSession
+ *  nssCKFWSession_IsSO
+ *  nssCKFWSession_GetCurrentCryptoOperation
+ *
+ *  -- private accessors --
+ *  nssCKFWSession_GetFWSlot
+ *  nssCKFWSession_GetSessionState
+ *  nssCKFWSession_SetFWFindObjects
+ *  nssCKFWSession_GetFWFindObjects
+ *  nssCKFWSession_SetMDSession
+ *  nssCKFWSession_SetHandle
+ *  nssCKFWSession_GetHandle
+ *  nssCKFWSession_RegisterSessionObject
+ *  nssCKFWSession_DeregisterSessionObject
+ *  nssCKFWSession_SetCurrentCryptoOperation
+ *
+ *  -- module fronts --
+ *  nssCKFWSession_GetDeviceError
+ *  nssCKFWSession_Login
+ *  nssCKFWSession_Logout
+ *  nssCKFWSession_InitPIN
+ *  nssCKFWSession_SetPIN
+ *  nssCKFWSession_GetOperationStateLen
+ *  nssCKFWSession_GetOperationState
+ *  nssCKFWSession_SetOperationState
+ *  nssCKFWSession_CreateObject
+ *  nssCKFWSession_CopyObject
+ *  nssCKFWSession_FindObjectsInit
+ *  nssCKFWSession_SeedRandom
+ *  nssCKFWSession_GetRandom
+ *  nssCKFWSession_Final
+ *  nssCKFWSession_Update
+ *  nssCKFWSession_DigestUpdate
+ *  nssCKFWSession_DigestKey
+ *  nssCKFWSession_UpdateFinal
+ *  nssCKFWSession_UpdateCombo
+ */
+
+/*
+ * nssCKFWSession_Create
+ *
+ */
+NSS_EXTERN NSSCKFWSession *
+nssCKFWSession_Create(
+    NSSCKFWToken *fwToken,
+    CK_BBOOL rw,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSession_Destroy
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_Destroy(
+    NSSCKFWSession *fwSession,
+    CK_BBOOL removeFromTokenHash);
+
+/*
+ * nssCKFWSession_GetMDSession
+ *
+ */
+NSS_EXTERN NSSCKMDSession *
+nssCKFWSession_GetMDSession(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWSession_GetArena
+ *
+ */
+NSS_EXTERN NSSArena *
+nssCKFWSession_GetArena(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSession_CallNotification
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_CallNotification(
+    NSSCKFWSession *fwSession,
+    CK_NOTIFICATION event);
+
+/*
+ * nssCKFWSession_IsRWSession
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWSession_IsRWSession(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWSession_IsSO
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWSession_IsSO(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWSession_GetFWSlot
+ *
+ */
+NSS_EXTERN NSSCKFWSlot *
+nssCKFWSession_GetFWSlot(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCFKWSession_GetSessionState
+ *
+ */
+NSS_EXTERN CK_STATE
+nssCKFWSession_GetSessionState(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWSession_SetFWFindObjects
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_SetFWFindObjects(
+    NSSCKFWSession *fwSession,
+    NSSCKFWFindObjects *fwFindObjects);
+
+/*
+ * nssCKFWSession_GetFWFindObjects
+ *
+ */
+NSS_EXTERN NSSCKFWFindObjects *
+nssCKFWSession_GetFWFindObjects(
+    NSSCKFWSession *fwSesssion,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSession_SetMDSession
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_SetMDSession(
+    NSSCKFWSession *fwSession,
+    NSSCKMDSession *mdSession);
+
+/*
+ * nssCKFWSession_SetHandle
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_SetHandle(
+    NSSCKFWSession *fwSession,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * nssCKFWSession_GetHandle
+ *
+ */
+NSS_EXTERN CK_SESSION_HANDLE
+nssCKFWSession_GetHandle(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWSession_RegisterSessionObject
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_RegisterSessionObject(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWSession_DeregisterSessionObject
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_DeregisterSessionObject(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWSession_GetDeviceError
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWSession_GetDeviceError(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWSession_Login
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_Login(
+    NSSCKFWSession *fwSession,
+    CK_USER_TYPE userType,
+    NSSItem *pin);
+
+/*
+ * nssCKFWSession_Logout
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_Logout(
+    NSSCKFWSession *fwSession);
+
+/*
+ * nssCKFWSession_InitPIN
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_InitPIN(
+    NSSCKFWSession *fwSession,
+    NSSItem *pin);
+
+/*
+ * nssCKFWSession_SetPIN
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_SetPIN(
+    NSSCKFWSession *fwSession,
+    NSSItem *newPin,
+    NSSItem *oldPin);
+
+/*
+ * nssCKFWSession_GetOperationStateLen
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWSession_GetOperationStateLen(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSession_GetOperationState
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_GetOperationState(
+    NSSCKFWSession *fwSession,
+    NSSItem *buffer);
+
+/*
+ * nssCKFWSession_SetOperationState
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_SetOperationState(
+    NSSCKFWSession *fwSession,
+    NSSItem *state,
+    NSSCKFWObject *encryptionKey,
+    NSSCKFWObject *authenticationKey);
+
+/*
+ * nssCKFWSession_CreateObject
+ *
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWSession_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSession_CopyObject
+ *
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWSession_CopyObject(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *object,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSession_FindObjectsInit
+ *
+ */
+NSS_EXTERN NSSCKFWFindObjects *
+nssCKFWSession_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * nssCKFWSession_SetCurrentCryptoOperation
+ */
+NSS_IMPLEMENT void
+nssCKFWSession_SetCurrentCryptoOperation(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKFWCryptoOperationState state);
+
+/*
+ * nssCKFWSession_GetCurrentCryptoOperation
+ */
+NSS_IMPLEMENT NSSCKFWCryptoOperation *
+nssCKFWSession_GetCurrentCryptoOperation(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationState state);
+
+/*
+ * nssCKFWSession_Final
+ * (terminate a cryptographic operation and get the result)
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_Final(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen);
+
+/*
+ * nssCKFWSession_Update
+ * (get the next step of an encrypt/decrypt operation)
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_Update(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen);
+
+/*
+ * nssCKFWSession_DigestUpdate
+ * (do the next step of an digest/sign/verify operation)
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_DigestUpdate(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen);
+
+/*
+ * nssCKFWSession_DigestKey
+ * (do the next step of an digest/sign/verify operation)
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_DigestKey(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwKey);
+
+/*
+ * nssCKFWSession_UpdateFinal
+ * (do a single-step of a cryptographic operation and get the result)
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_UpdateFinal(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen);
+
+/*
+ * nssCKFWSession_UpdateCombo
+ * (do a combination encrypt/decrypt and sign/digest/verify operation)
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_UpdateCombo(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType encryptType,
+    NSSCKFWCryptoOperationType digestType,
+    NSSCKFWCryptoOperationState digestState,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen);
+
+/*
+ * nssCKFWSession_SeedRandom
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_SeedRandom(
+    NSSCKFWSession *fwSession,
+    NSSItem *seed);
+
+/*
+ * nssCKFWSession_GetRandom
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWSession_GetRandom(
+    NSSCKFWSession *fwSession,
+    NSSItem *buffer);
+
+/*
+ * NSSCKFWObject
+ *
+ * -- create/destroy --
+ *  nssCKFWObject_Create
+ *  nssCKFWObject_Finalize
+ *  nssCKFWObject_Destroy
+ *
+ * -- implement public accessors --
+ *  nssCKFWObject_GetMDObject
+ *  nssCKFWObject_GetArena
+ *
+ * -- private accessors --
+ *  nssCKFWObject_SetHandle
+ *  nssCKFWObject_GetHandle
+ *
+ * -- module fronts --
+ *  nssCKFWObject_IsTokenObject
+ *  nssCKFWObject_GetAttributeCount
+ *  nssCKFWObject_GetAttributeTypes
+ *  nssCKFWObject_GetAttributeSize
+ *  nssCKFWObject_GetAttribute
+ *  nssCKFWObject_SetAttribute
+ *  nssCKFWObject_GetObjectSize
+ */
+
+/*
+ * nssCKFWObject_Create
+ *
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWObject_Create(
+    NSSArena *arena,
+    NSSCKMDObject *mdObject,
+    NSSCKFWSession *fwSession,
+    NSSCKFWToken *fwToken,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
+
+/*
+ * nssCKFWObject_Finalize
+ *
+ */
+NSS_EXTERN void
+nssCKFWObject_Finalize(
+    NSSCKFWObject *fwObject,
+    PRBool removeFromHash);
+
+/*
+ * nssCKFWObject_Destroy
+ *
+ */
+NSS_EXTERN void
+nssCKFWObject_Destroy(
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWObject_GetMDObject
+ *
+ */
+NSS_EXTERN NSSCKMDObject *
+nssCKFWObject_GetMDObject(
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWObject_GetArena
+ *
+ */
+NSS_EXTERN NSSArena *
+nssCKFWObject_GetArena(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * nssCKFWObject_SetHandle
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWObject_SetHandle(
+    NSSCKFWObject *fwObject,
+    CK_OBJECT_HANDLE hObject);
+
+/*
+ * nssCKFWObject_GetHandle
+ *
+ */
+NSS_EXTERN CK_OBJECT_HANDLE
+nssCKFWObject_GetHandle(
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWObject_IsTokenObject
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWObject_IsTokenObject(
+    NSSCKFWObject *fwObject);
+
+/*
+ * nssCKFWObject_GetAttributeCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWObject_GetAttributeCount(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * nssCKFWObject_GetAttributeTypes
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWObject_GetAttributeTypes(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount);
+
+/*
+ * nssCKFWObject_GetAttributeSize
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWObject_GetAttributeSize(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError);
+
+/*
+ * nssCKFWObject_GetAttribute
+ *
+ * Usual NSS allocation rules:
+ * If itemOpt is not NULL, it will be returned; otherwise an NSSItem
+ * will be allocated.  If itemOpt is not NULL but itemOpt->data is,
+ * the buffer will be allocated; otherwise, the buffer will be used.
+ * Any allocations will come from the optional arena, if one is
+ * specified.
+ */
+NSS_EXTERN NSSItem *
+nssCKFWObject_GetAttribute(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *itemOpt,
+    NSSArena *arenaOpt,
+    CK_RV *pError);
+
+/*
+ * nssCKFWObject_SetAttribute
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWObject_SetAttribute(
+    NSSCKFWObject *fwObject,
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value);
+
+/*
+ * nssCKFWObject_GetObjectSize
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWObject_GetObjectSize(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWFindObjects
+ *
+ *  -- create/destroy --
+ *  nssCKFWFindObjects_Create
+ *  nssCKFWFindObjects_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWFindObjects_GetMDFindObjects
+ *
+ *  -- private accessors --
+ *
+ *  -- module fronts --
+ *  nssCKFWFindObjects_Next
+ */
+
+/*
+ * nssCKFWFindObjects_Create
+ *
+ */
+NSS_EXTERN NSSCKFWFindObjects *
+nssCKFWFindObjects_Create(
+    NSSCKFWSession *fwSession,
+    NSSCKFWToken *fwToken,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDFindObjects *mdFindObjects1,
+    NSSCKMDFindObjects *mdFindObjects2,
+    CK_RV *pError);
+
+/*
+ * nssCKFWFindObjects_Destroy
+ *
+ */
+NSS_EXTERN void
+nssCKFWFindObjects_Destroy(
+    NSSCKFWFindObjects *fwFindObjects);
+
+/*
+ * nssCKFWFindObjects_GetMDFindObjects
+ *
+ */
+NSS_EXTERN NSSCKMDFindObjects *
+nssCKFWFindObjects_GetMDFindObjects(
+    NSSCKFWFindObjects *fwFindObjects);
+
+/*
+ * nssCKFWFindObjects_Next
+ *
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWFindObjects_Next(
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSArena *arenaOpt,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWMutex
+ *
+ *  nssCKFWMutex_Create
+ *  nssCKFWMutex_Destroy
+ *  nssCKFWMutex_Lock
+ *  nssCKFWMutex_Unlock
+ *
+ */
+
+/*
+ * nssCKFWMutex_Create
+ *
+ */
+NSS_EXTERN NSSCKFWMutex *
+nssCKFWMutex_Create(
+    CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+    CryptokiLockingState LockingState,
+    NSSArena *arena,
+    CK_RV *pError);
+
+/*
+ * nssCKFWMutex_Destroy
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWMutex_Destroy(
+    NSSCKFWMutex *mutex);
+
+/*
+ * nssCKFWMutex_Lock
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWMutex_Lock(
+    NSSCKFWMutex *mutex);
+
+/*
+ * nssCKFWMutex_Unlock
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWMutex_Unlock(
+    NSSCKFWMutex *mutex);
+
+#endif /* CKFW_H */
diff --git a/nss/lib/ckfw/ckfwm.h b/nss/lib/ckfw/ckfwm.h
new file mode 100644
index 0000000..7b14d20
--- /dev/null
+++ b/nss/lib/ckfw/ckfwm.h
@@ -0,0 +1,112 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKFWM_H
+#define CKFWM_H
+
+/*
+ * ckfwm.h
+ *
+ * This file prototypes the module-private calls of the NSS Cryptoki Framework.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+/*
+ * nssCKFWHash
+ *
+ *  nssCKFWHash_Create
+ *  nssCKFWHash_Destroy
+ *  nssCKFWHash_Add
+ *  nssCKFWHash_Remove
+ *  nssCKFWHash_Count
+ *  nssCKFWHash_Exists
+ *  nssCKFWHash_Lookup
+ *  nssCKFWHash_Iterate
+ */
+
+/*
+ * nssCKFWHash_Create
+ *
+ */
+NSS_EXTERN nssCKFWHash *
+nssCKFWHash_Create(
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError);
+
+/*
+ * nssCKFWHash_Destroy
+ *
+ */
+NSS_EXTERN void
+nssCKFWHash_Destroy(
+    nssCKFWHash *hash);
+
+/*
+ * nssCKFWHash_Add
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWHash_Add(
+    nssCKFWHash *hash,
+    const void *key,
+    const void *value);
+
+/*
+ * nssCKFWHash_Remove
+ *
+ */
+NSS_EXTERN void
+nssCKFWHash_Remove(
+    nssCKFWHash *hash,
+    const void *it);
+
+/*
+ * nssCKFWHash_Count
+ *
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWHash_Count(
+    nssCKFWHash *hash);
+
+/*
+ * nssCKFWHash_Exists
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWHash_Exists(
+    nssCKFWHash *hash,
+    const void *it);
+
+/*
+ * nssCKFWHash_Lookup
+ *
+ */
+NSS_EXTERN void *
+nssCKFWHash_Lookup(
+    nssCKFWHash *hash,
+    const void *it);
+
+/*
+ * nssCKFWHash_Iterate
+ *
+ */
+NSS_EXTERN void
+nssCKFWHash_Iterate(
+    nssCKFWHash *hash,
+    nssCKFWHashIterator fcn,
+    void *closure);
+
+#endif /* CKFWM_H */
diff --git a/nss/lib/ckfw/ckfwtm.h b/nss/lib/ckfw/ckfwtm.h
new file mode 100644
index 0000000..6702984
--- /dev/null
+++ b/nss/lib/ckfw/ckfwtm.h
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKFWTM_H
+#define CKFWTM_H
+
+/*
+ * ckfwtm.h
+ *
+ * This file declares the module-private types of the NSS Cryptoki Framework.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+struct nssCKFWHashStr;
+typedef struct nssCKFWHashStr nssCKFWHash;
+
+typedef void(PR_CALLBACK *nssCKFWHashIterator)(const void *key, void *value, void *closure);
+
+#endif /* CKFWTM_H */
diff --git a/nss/lib/ckfw/ckmd.h b/nss/lib/ckfw/ckmd.h
new file mode 100644
index 0000000..820cf90
--- /dev/null
+++ b/nss/lib/ckfw/ckmd.h
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKMD_H
+#define CKMD_H
+
+/*
+ * ckmd.h
+ *
+ */
+
+NSS_EXTERN NSSCKMDObject *
+nssCKMDSessionObject_Create(
+    NSSCKFWToken *fwToken,
+    NSSArena *arena,
+    CK_ATTRIBUTE_PTR attributes,
+    CK_ULONG ulCount,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDFindObjects *
+nssCKMDFindSessionObjects_Create(
+    NSSCKFWToken *fwToken,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_RV *pError);
+
+#endif /* CKMD_H */
diff --git a/nss/lib/ckfw/ckt.h b/nss/lib/ckfw/ckt.h
new file mode 100644
index 0000000..05c43a5
--- /dev/null
+++ b/nss/lib/ckfw/ckt.h
@@ -0,0 +1,8 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* get back to just one set of PKCS #11 headers. Use the onese that
+ * are easiest to maintain from the RSA website */
+/* this one is the one that defines NSS specific data */
+#include "pkcs11n.h"
diff --git a/nss/lib/ckfw/config.mk b/nss/lib/ckfw/config.mk
new file mode 100644
index 0000000..a3ed5ae
--- /dev/null
+++ b/nss/lib/ckfw/config.mk
@@ -0,0 +1,25 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef BUILD_IDG
+DEFINES += -DNSSDEBUG
+endif
+
+#
+# Hack to see if everything still builds
+#
+
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
+
diff --git a/nss/lib/ckfw/crypto.c b/nss/lib/ckfw/crypto.c
new file mode 100644
index 0000000..66afb77
--- /dev/null
+++ b/nss/lib/ckfw/crypto.c
@@ -0,0 +1,318 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * crypto.c
+ *
+ * This file implements the NSSCKFWCryptoOperation type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWCryptoOperation
+ *
+ *  -- create/destroy --
+ *  nssCKFWCrytoOperation_Create
+ *  nssCKFWCryptoOperation_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWCryptoOperation_GetMDCryptoOperation
+ *  nssCKFWCryptoOperation_GetType
+ *
+ *  -- private accessors --
+ *
+ *  -- module fronts --
+ * nssCKFWCryptoOperation_GetFinalLength
+ * nssCKFWCryptoOperation_GetOperationLength
+ * nssCKFWCryptoOperation_Final
+ * nssCKFWCryptoOperation_Update
+ * nssCKFWCryptoOperation_DigestUpdate
+ * nssCKFWCryptoOperation_UpdateFinal
+ */
+
+struct NSSCKFWCryptoOperationStr {
+    /* NSSArena *arena; */
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    NSSCKFWSession *fwSession;
+    NSSCKMDToken *mdToken;
+    NSSCKFWToken *fwToken;
+    NSSCKMDInstance *mdInstance;
+    NSSCKFWInstance *fwInstance;
+    NSSCKFWCryptoOperationType type;
+};
+
+/*
+ *  nssCKFWCrytoOperation_Create
+ */
+NSS_EXTERN NSSCKFWCryptoOperation *
+nssCKFWCryptoOperation_Create(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWCryptoOperationType type,
+    CK_RV *pError)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    fwOperation = nss_ZNEW(NULL, NSSCKFWCryptoOperation);
+    if (!fwOperation) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKFWCryptoOperation *)NULL;
+    }
+    fwOperation->mdOperation = mdOperation;
+    fwOperation->mdSession = mdSession;
+    fwOperation->fwSession = fwSession;
+    fwOperation->mdToken = mdToken;
+    fwOperation->fwToken = fwToken;
+    fwOperation->mdInstance = mdInstance;
+    fwOperation->fwInstance = fwInstance;
+    fwOperation->type = type;
+    return fwOperation;
+}
+
+/*
+ *  nssCKFWCryptoOperation_Destroy
+ */
+NSS_EXTERN void
+nssCKFWCryptoOperation_Destroy(
+    NSSCKFWCryptoOperation *fwOperation)
+{
+    if ((NSSCKMDCryptoOperation *)NULL != fwOperation->mdOperation) {
+        if (fwOperation->mdOperation->Destroy) {
+            fwOperation->mdOperation->Destroy(
+                fwOperation->mdOperation,
+                fwOperation,
+                fwOperation->mdInstance,
+                fwOperation->fwInstance);
+        }
+    }
+    nss_ZFreeIf(fwOperation);
+}
+
+/*
+ *  nssCKFWCryptoOperation_GetMDCryptoOperation
+ */
+NSS_EXTERN NSSCKMDCryptoOperation *
+nssCKFWCryptoOperation_GetMDCryptoOperation(
+    NSSCKFWCryptoOperation *fwOperation)
+{
+    return fwOperation->mdOperation;
+}
+
+/*
+ *  nssCKFWCryptoOperation_GetType
+ */
+NSS_EXTERN NSSCKFWCryptoOperationType
+nssCKFWCryptoOperation_GetType(
+    NSSCKFWCryptoOperation *fwOperation)
+{
+    return fwOperation->type;
+}
+
+/*
+ * nssCKFWCryptoOperation_GetFinalLength
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWCryptoOperation_GetFinalLength(
+    NSSCKFWCryptoOperation *fwOperation,
+    CK_RV *pError)
+{
+    if (!fwOperation->mdOperation->GetFinalLength) {
+        *pError = CKR_FUNCTION_FAILED;
+        return 0;
+    }
+    return fwOperation->mdOperation->GetFinalLength(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwOperation->mdSession,
+        fwOperation->fwSession,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        pError);
+}
+
+/*
+ * nssCKFWCryptoOperation_GetOperationLength
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWCryptoOperation_GetOperationLength(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer,
+    CK_RV *pError)
+{
+    if (!fwOperation->mdOperation->GetOperationLength) {
+        *pError = CKR_FUNCTION_FAILED;
+        return 0;
+    }
+    return fwOperation->mdOperation->GetOperationLength(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwOperation->mdSession,
+        fwOperation->fwSession,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        inputBuffer,
+        pError);
+}
+
+/*
+ * nssCKFWCryptoOperation_Final
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_Final(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *outputBuffer)
+{
+    if (!fwOperation->mdOperation->Final) {
+        return CKR_FUNCTION_FAILED;
+    }
+    return fwOperation->mdOperation->Final(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwOperation->mdSession,
+        fwOperation->fwSession,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        outputBuffer);
+}
+
+/*
+ * nssCKFWCryptoOperation_Update
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_Update(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer,
+    NSSItem *outputBuffer)
+{
+    if (!fwOperation->mdOperation->Update) {
+        return CKR_FUNCTION_FAILED;
+    }
+    return fwOperation->mdOperation->Update(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwOperation->mdSession,
+        fwOperation->fwSession,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        inputBuffer,
+        outputBuffer);
+}
+
+/*
+ * nssCKFWCryptoOperation_DigestUpdate
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_DigestUpdate(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer)
+{
+    if (!fwOperation->mdOperation->DigestUpdate) {
+        return CKR_FUNCTION_FAILED;
+    }
+    return fwOperation->mdOperation->DigestUpdate(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwOperation->mdSession,
+        fwOperation->fwSession,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        inputBuffer);
+}
+
+/*
+ * nssCKFWCryptoOperation_DigestKey
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_DigestKey(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKFWObject *fwObject /* Key */
+    )
+{
+    NSSCKMDObject *mdObject;
+
+    if (!fwOperation->mdOperation->DigestKey) {
+        return CKR_FUNCTION_FAILED;
+    }
+    mdObject = nssCKFWObject_GetMDObject(fwObject);
+    return fwOperation->mdOperation->DigestKey(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        mdObject,
+        fwObject);
+}
+
+/*
+ * nssCKFWCryptoOperation_UpdateFinal
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_UpdateFinal(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSItem *inputBuffer,
+    NSSItem *outputBuffer)
+{
+    if (!fwOperation->mdOperation->UpdateFinal) {
+        return CKR_FUNCTION_FAILED;
+    }
+    return fwOperation->mdOperation->UpdateFinal(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwOperation->mdSession,
+        fwOperation->fwSession,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        inputBuffer,
+        outputBuffer);
+}
+
+/*
+ * nssCKFWCryptoOperation_UpdateCombo
+ */
+NSS_EXTERN CK_RV
+nssCKFWCryptoOperation_UpdateCombo(
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKFWCryptoOperation *fwPeerOperation,
+    NSSItem *inputBuffer,
+    NSSItem *outputBuffer)
+{
+    if (!fwOperation->mdOperation->UpdateCombo) {
+        return CKR_FUNCTION_FAILED;
+    }
+    return fwOperation->mdOperation->UpdateCombo(
+        fwOperation->mdOperation,
+        fwOperation,
+        fwPeerOperation->mdOperation,
+        fwPeerOperation,
+        fwOperation->mdSession,
+        fwOperation->fwSession,
+        fwOperation->mdToken,
+        fwOperation->fwToken,
+        fwOperation->mdInstance,
+        fwOperation->fwInstance,
+        inputBuffer,
+        outputBuffer);
+}
diff --git a/nss/lib/ckfw/dbm/Makefile b/nss/lib/ckfw/dbm/Makefile
new file mode 100644
index 0000000..07ae967
--- /dev/null
+++ b/nss/lib/ckfw/dbm/Makefile
@@ -0,0 +1,9 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include config.mk
+include $(CORE_DEPTH)/coreconf/config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/nss/lib/ckfw/dbm/anchor.c b/nss/lib/ckfw/dbm/anchor.c
new file mode 100644
index 0000000..c904d25
--- /dev/null
+++ b/nss/lib/ckfw/dbm/anchor.c
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * dbm/anchor.c
+ *
+ * This file "anchors" the actual cryptoki entry points in this module's
+ * shared library, which is required for dynamic loading.  See the
+ * comments in nssck.api for more information.
+ */
+
+#include "ckdbm.h"
+
+#define MODULE_NAME dbm
+#define INSTANCE_NAME (NSSCKMDInstance *)&nss_dbm_mdInstance
+#include "nssck.api"
diff --git a/nss/lib/ckfw/dbm/ckdbm.h b/nss/lib/ckfw/dbm/ckdbm.h
new file mode 100644
index 0000000..8c2607c
--- /dev/null
+++ b/nss/lib/ckfw/dbm/ckdbm.h
@@ -0,0 +1,210 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKDBM_H
+#define CKDBM_H
+
+#include "nssckmdt.h"
+#include "nssckfw.h"
+
+/*
+ * I'm including this for access to the arena functions.
+ * Looks like we should publish that API.
+ */
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+/*
+ * This is where the Netscape extensions live, at least for now.
+ */
+#ifndef CKT_H
+#include "ckt.h"
+#endif /* CKT_H */
+
+#include "mcom_db.h"
+
+NSS_EXTERN_DATA NSSCKMDInstance nss_dbm_mdInstance;
+
+typedef struct nss_dbm_db_struct nss_dbm_db_t;
+struct nss_dbm_db_struct {
+    DB *db;
+    NSSCKFWMutex *crustylock;
+};
+
+typedef struct nss_dbm_dbt_struct nss_dbm_dbt_t;
+struct nss_dbm_dbt_struct {
+    DBT dbt;
+    nss_dbm_db_t *my_db;
+};
+
+typedef struct nss_dbm_instance_struct nss_dbm_instance_t;
+struct nss_dbm_instance_struct {
+    NSSArena *arena;
+    CK_ULONG nSlots;
+    char **filenames;
+    int *flags; /* e.g. O_RDONLY, O_RDWR */
+};
+
+typedef struct nss_dbm_slot_struct nss_dbm_slot_t;
+struct nss_dbm_slot_struct {
+    nss_dbm_instance_t *instance;
+    char *filename;
+    int flags;
+    nss_dbm_db_t *token_db;
+};
+
+typedef struct nss_dbm_token_struct nss_dbm_token_t;
+struct nss_dbm_token_struct {
+    NSSArena *arena;
+    nss_dbm_slot_t *slot;
+    nss_dbm_db_t *session_db;
+    NSSUTF8 *label;
+};
+
+struct nss_dbm_dbt_node {
+    struct nss_dbm_dbt_node *next;
+    nss_dbm_dbt_t *dbt;
+};
+
+typedef struct nss_dbm_session_struct nss_dbm_session_t;
+struct nss_dbm_session_struct {
+    NSSArena *arena;
+    nss_dbm_token_t *token;
+    CK_ULONG deviceError;
+    struct nss_dbm_dbt_node *session_objects;
+    NSSCKFWMutex *list_lock;
+};
+
+typedef struct nss_dbm_object_struct nss_dbm_object_t;
+struct nss_dbm_object_struct {
+    NSSArena *arena; /* token or session */
+    nss_dbm_dbt_t *handle;
+};
+
+typedef struct nss_dbm_find_struct nss_dbm_find_t;
+struct nss_dbm_find_struct {
+    NSSArena *arena;
+    struct nss_dbm_dbt_node *found;
+    NSSCKFWMutex *list_lock;
+};
+
+NSS_EXTERN NSSCKMDSlot *
+nss_dbm_mdSlot_factory(
+    nss_dbm_instance_t *instance,
+    char *filename,
+    int flags,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDToken *
+nss_dbm_mdToken_factory(
+    nss_dbm_slot_t *slot,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDSession *
+nss_dbm_mdSession_factory(
+    nss_dbm_token_t *token,
+    NSSCKFWSession *fwSession,
+    NSSCKFWInstance *fwInstance,
+    CK_BBOOL rw,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDObject *
+nss_dbm_mdObject_factory(
+    nss_dbm_object_t *object,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDFindObjects *
+nss_dbm_mdFindObjects_factory(
+    nss_dbm_find_t *find,
+    CK_RV *pError);
+
+NSS_EXTERN nss_dbm_db_t *
+nss_dbm_db_open(
+    NSSArena *arena,
+    NSSCKFWInstance *fwInstance,
+    char *filename,
+    int flags,
+    CK_RV *pError);
+
+NSS_EXTERN void
+nss_dbm_db_close(
+    nss_dbm_db_t *db);
+
+NSS_EXTERN CK_VERSION
+nss_dbm_db_get_format_version(
+    nss_dbm_db_t *db);
+
+NSS_EXTERN CK_RV
+nss_dbm_db_set_label(
+    nss_dbm_db_t *db,
+    NSSUTF8 *label);
+
+NSS_EXTERN NSSUTF8 *
+nss_dbm_db_get_label(
+    nss_dbm_db_t *db,
+    NSSArena *arena,
+    CK_RV *pError);
+
+NSS_EXTERN CK_RV
+nss_dbm_db_delete_object(
+    nss_dbm_dbt_t *dbt);
+
+NSS_EXTERN nss_dbm_dbt_t *
+nss_dbm_db_create_object(
+    NSSArena *arena,
+    nss_dbm_db_t *db,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError,
+    CK_ULONG *pdbrv);
+
+NSS_EXTERN CK_RV
+nss_dbm_db_find_objects(
+    nss_dbm_find_t *find,
+    nss_dbm_db_t *db,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_ULONG *pdbrv);
+
+NSS_EXTERN CK_BBOOL
+nss_dbm_db_object_still_exists(
+    nss_dbm_dbt_t *dbt);
+
+NSS_EXTERN CK_ULONG
+nss_dbm_db_get_object_attribute_count(
+    nss_dbm_dbt_t *dbt,
+    CK_RV *pError,
+    CK_ULONG *pdbrv);
+
+NSS_EXTERN CK_RV
+nss_dbm_db_get_object_attribute_types(
+    nss_dbm_dbt_t *dbt,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount,
+    CK_ULONG *pdbrv);
+
+NSS_EXTERN CK_ULONG
+nss_dbm_db_get_object_attribute_size(
+    nss_dbm_dbt_t *dbt,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError,
+    CK_ULONG *pdbrv);
+
+NSS_EXTERN NSSItem *
+nss_dbm_db_get_object_attribute(
+    nss_dbm_dbt_t *dbt,
+    NSSArena *arena,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError,
+    CK_ULONG *pdbrv);
+
+NSS_EXTERN CK_RV
+nss_dbm_db_set_object_attribute(
+    nss_dbm_dbt_t *dbt,
+    CK_ATTRIBUTE_TYPE type,
+    NSSItem *value,
+    CK_ULONG *pdbrv);
+
+#endif /* CKDBM_H */
diff --git a/nss/lib/ckfw/dbm/config.mk b/nss/lib/ckfw/dbm/config.mk
new file mode 100644
index 0000000..a1991e5
--- /dev/null
+++ b/nss/lib/ckfw/dbm/config.mk
@@ -0,0 +1,8 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef BUILD_IDG
+DEFINES += -DNSSDEBUG
+endif
diff --git a/nss/lib/ckfw/dbm/db.c b/nss/lib/ckfw/dbm/db.c
new file mode 100644
index 0000000..bbf2b95
--- /dev/null
+++ b/nss/lib/ckfw/dbm/db.c
@@ -0,0 +1,1069 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckdbm.h"
+
+#define PREFIX_METADATA "0000"
+#define PREFIX_OBJECT "0001"
+#define PREFIX_INDEX "0002"
+
+static CK_VERSION nss_dbm_db_format_version = { 1, 0 };
+struct handle {
+    char prefix[4];
+    CK_ULONG id;
+};
+
+NSS_IMPLEMENT nss_dbm_db_t *
+nss_dbm_db_open(
+    NSSArena *arena,
+    NSSCKFWInstance *fwInstance,
+    char *filename,
+    int flags,
+    CK_RV *pError)
+{
+    nss_dbm_db_t *rv;
+    CK_VERSION db_version;
+
+    rv = nss_ZNEW(arena, nss_dbm_db_t);
+    if ((nss_dbm_db_t *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (nss_dbm_db_t *)NULL;
+    }
+
+    rv->db = dbopen(filename, flags, 0600, DB_HASH, (const void *)NULL);
+    if ((DB *)NULL == rv->db) {
+        *pError = CKR_TOKEN_NOT_PRESENT;
+        return (nss_dbm_db_t *)NULL;
+    }
+
+    rv->crustylock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError);
+    if ((NSSCKFWMutex *)NULL == rv->crustylock) {
+        return (nss_dbm_db_t *)NULL;
+    }
+
+    db_version = nss_dbm_db_get_format_version(rv);
+    if (db_version.major != nss_dbm_db_format_version.major) {
+        nss_dbm_db_close(rv);
+        *pError = CKR_TOKEN_NOT_RECOGNIZED;
+        return (nss_dbm_db_t *)NULL;
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT void
+nss_dbm_db_close(
+    nss_dbm_db_t *db)
+{
+    if ((NSSCKFWMutex *)NULL != db->crustylock) {
+        (void)NSSCKFWMutex_Destroy(db->crustylock);
+    }
+
+    if ((DB *)NULL != db->db) {
+        (void)db->db->close(db->db);
+    }
+
+    nss_ZFreeIf(db);
+}
+
+NSS_IMPLEMENT CK_VERSION
+nss_dbm_db_get_format_version(
+    nss_dbm_db_t *db)
+{
+    CK_VERSION rv;
+    DBT k, v;
+    int dbrv;
+    char buffer[64];
+
+    rv.major = rv.minor = 0;
+
+    k.data = PREFIX_METADATA "FormatVersion";
+    k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
+    (void)memset(&v, 0, sizeof(v));
+
+    /* Locked region */
+    {
+        if (CKR_OK != NSSCKFWMutex_Lock(db->crustylock)) {
+            return rv;
+        }
+
+        dbrv = db->db->get(db->db, &k, &v, 0);
+        if (dbrv == 0) {
+            CK_ULONG major = 0, minor = 0;
+            (void)PR_sscanf(v.data, "%ld.%ld", &major, &minor);
+            rv.major = major;
+            rv.minor = minor;
+        } else if (dbrv > 0) {
+            (void)PR_snprintf(buffer, sizeof(buffer), "%ld.%ld", nss_dbm_db_format_version.major,
+                              nss_dbm_db_format_version.minor);
+            v.data = buffer;
+            v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL);
+            dbrv = db->db->put(db->db, &k, &v, 0);
+            (void)db->db->sync(db->db, 0);
+            rv = nss_dbm_db_format_version;
+        } else {
+            /* No error return.. */
+            ;
+        }
+
+        (void)NSSCKFWMutex_Unlock(db->crustylock);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_RV
+nss_dbm_db_set_label(
+    nss_dbm_db_t *db,
+    NSSUTF8 *label)
+{
+    CK_RV rv;
+    DBT k, v;
+    int dbrv;
+
+    k.data = PREFIX_METADATA "Label";
+    k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
+    v.data = label;
+    v.size = nssUTF8_Size((NSSUTF8 *)v.data, (PRStatus *)NULL);
+
+    /* Locked region */
+    {
+        rv = NSSCKFWMutex_Lock(db->crustylock);
+        if (CKR_OK != rv) {
+            return rv;
+        }
+
+        dbrv = db->db->put(db->db, &k, &v, 0);
+        if (0 != dbrv) {
+            rv = CKR_DEVICE_ERROR;
+        }
+
+        dbrv = db->db->sync(db->db, 0);
+        if (0 != dbrv) {
+            rv = CKR_DEVICE_ERROR;
+        }
+
+        (void)NSSCKFWMutex_Unlock(db->crustylock);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT NSSUTF8 *
+nss_dbm_db_get_label(
+    nss_dbm_db_t *db,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    NSSUTF8 *rv = (NSSUTF8 *)NULL;
+    DBT k, v;
+    int dbrv;
+
+    k.data = PREFIX_METADATA "Label";
+    k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
+
+    /* Locked region */
+    {
+        if (CKR_OK != NSSCKFWMutex_Lock(db->crustylock)) {
+            return rv;
+        }
+
+        dbrv = db->db->get(db->db, &k, &v, 0);
+        if (0 == dbrv) {
+            rv = nssUTF8_Duplicate((NSSUTF8 *)v.data, arena);
+            if ((NSSUTF8 *)NULL == rv) {
+                *pError = CKR_HOST_MEMORY;
+            }
+        } else if (dbrv > 0) {
+            /* Just return null */
+            ;
+        } else {
+            *pError = CKR_DEVICE_ERROR;
+            ;
+        }
+
+        (void)NSSCKFWMutex_Unlock(db->crustylock);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_RV
+nss_dbm_db_delete_object(
+    nss_dbm_dbt_t *dbt)
+{
+    CK_RV rv;
+    int dbrv;
+
+    /* Locked region */
+    {
+        rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
+        if (CKR_OK != rv) {
+            return rv;
+        }
+
+        dbrv = dbt->my_db->db->del(dbt->my_db->db, &dbt->dbt, 0);
+        if (0 != dbrv) {
+            rv = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+        dbrv = dbt->my_db->db->sync(dbt->my_db->db, 0);
+        if (0 != dbrv) {
+            rv = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+    done:
+        (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
+    }
+
+    return rv;
+}
+
+static CK_ULONG
+nss_dbm_db_new_handle(
+    nss_dbm_db_t *db,
+    DBT *dbt, /* pre-allocated */
+    CK_RV *pError)
+{
+    CK_ULONG rv;
+    DBT k, v;
+    CK_ULONG align = 0, id, myid;
+    struct handle *hp;
+
+    if (sizeof(struct handle) != dbt->size) {
+        return EINVAL;
+    }
+
+    /* Locked region */
+    {
+        *pError = NSSCKFWMutex_Lock(db->crustylock);
+        if (CKR_OK != *pError) {
+            return EINVAL;
+        }
+
+        k.data = PREFIX_METADATA "LastID";
+        k.size = nssUTF8_Size((NSSUTF8 *)k.data, (PRStatus *)NULL);
+        (void)memset(&v, 0, sizeof(v));
+
+        rv = db->db->get(db->db, &k, &v, 0);
+        if (0 == rv) {
+            (void)memcpy(&align, v.data, sizeof(CK_ULONG));
+            id = ntohl(align);
+        } else if (rv > 0) {
+            id = 0;
+        } else {
+            goto done;
+        }
+
+        myid = id;
+        id++;
+        align = htonl(id);
+        v.data = &align;
+        v.size = sizeof(CK_ULONG);
+
+        rv = db->db->put(db->db, &k, &v, 0);
+        if (0 != rv) {
+            goto done;
+        }
+
+        rv = db->db->sync(db->db, 0);
+        if (0 != rv) {
+            goto done;
+        }
+
+    done:
+        (void)NSSCKFWMutex_Unlock(db->crustylock);
+    }
+
+    if (0 != rv) {
+        return rv;
+    }
+
+    hp = (struct handle *)dbt->data;
+    (void)memcpy(&hp->prefix[0], PREFIX_OBJECT, 4);
+    hp->id = myid;
+
+    return 0;
+}
+
+/*
+ * This attribute-type-dependent swapping should probably
+ * be in the Framework, because it'll be a concern of just
+ * about every Module.  Of course any Framework implementation
+ * will have to be augmentable or overridable by a Module.
+ */
+
+enum swap_type { type_byte,
+                 type_short,
+                 type_long,
+                 type_opaque };
+
+static enum swap_type
+nss_dbm_db_swap_type(
+    CK_ATTRIBUTE_TYPE type)
+{
+    switch (type) {
+        case CKA_CLASS:
+            return type_long;
+        case CKA_TOKEN:
+            return type_byte;
+        case CKA_PRIVATE:
+            return type_byte;
+        case CKA_LABEL:
+            return type_opaque;
+        case CKA_APPLICATION:
+            return type_opaque;
+        case CKA_VALUE:
+            return type_opaque;
+        case CKA_CERTIFICATE_TYPE:
+            return type_long;
+        case CKA_ISSUER:
+            return type_opaque;
+        case CKA_SERIAL_NUMBER:
+            return type_opaque;
+        case CKA_KEY_TYPE:
+            return type_long;
+        case CKA_SUBJECT:
+            return type_opaque;
+        case CKA_ID:
+            return type_opaque;
+        case CKA_SENSITIVE:
+            return type_byte;
+        case CKA_ENCRYPT:
+            return type_byte;
+        case CKA_DECRYPT:
+            return type_byte;
+        case CKA_WRAP:
+            return type_byte;
+        case CKA_UNWRAP:
+            return type_byte;
+        case CKA_SIGN:
+            return type_byte;
+        case CKA_SIGN_RECOVER:
+            return type_byte;
+        case CKA_VERIFY:
+            return type_byte;
+        case CKA_VERIFY_RECOVER:
+            return type_byte;
+        case CKA_DERIVE:
+            return type_byte;
+        case CKA_START_DATE:
+            return type_opaque;
+        case CKA_END_DATE:
+            return type_opaque;
+        case CKA_MODULUS:
+            return type_opaque;
+        case CKA_MODULUS_BITS:
+            return type_long;
+        case CKA_PUBLIC_EXPONENT:
+            return type_opaque;
+        case CKA_PRIVATE_EXPONENT:
+            return type_opaque;
+        case CKA_PRIME_1:
+            return type_opaque;
+        case CKA_PRIME_2:
+            return type_opaque;
+        case CKA_EXPONENT_1:
+            return type_opaque;
+        case CKA_EXPONENT_2:
+            return type_opaque;
+        case CKA_COEFFICIENT:
+            return type_opaque;
+        case CKA_PRIME:
+            return type_opaque;
+        case CKA_SUBPRIME:
+            return type_opaque;
+        case CKA_BASE:
+            return type_opaque;
+        case CKA_VALUE_BITS:
+            return type_long;
+        case CKA_VALUE_LEN:
+            return type_long;
+        case CKA_EXTRACTABLE:
+            return type_byte;
+        case CKA_LOCAL:
+            return type_byte;
+        case CKA_NEVER_EXTRACTABLE:
+            return type_byte;
+        case CKA_ALWAYS_SENSITIVE:
+            return type_byte;
+        case CKA_MODIFIABLE:
+            return type_byte;
+        case CKA_NETSCAPE_URL:
+            return type_opaque;
+        case CKA_NETSCAPE_EMAIL:
+            return type_opaque;
+        case CKA_NETSCAPE_SMIME_INFO:
+            return type_opaque;
+        case CKA_NETSCAPE_SMIME_TIMESTAMP:
+            return type_opaque;
+        case CKA_NETSCAPE_PKCS8_SALT:
+            return type_opaque;
+        case CKA_NETSCAPE_PASSWORD_CHECK:
+            return type_opaque;
+        case CKA_NETSCAPE_EXPIRES:
+            return type_opaque;
+        case CKA_TRUST_DIGITAL_SIGNATURE:
+            return type_long;
+        case CKA_TRUST_NON_REPUDIATION:
+            return type_long;
+        case CKA_TRUST_KEY_ENCIPHERMENT:
+            return type_long;
+        case CKA_TRUST_DATA_ENCIPHERMENT:
+            return type_long;
+        case CKA_TRUST_KEY_AGREEMENT:
+            return type_long;
+        case CKA_TRUST_KEY_CERT_SIGN:
+            return type_long;
+        case CKA_TRUST_CRL_SIGN:
+            return type_long;
+        case CKA_TRUST_SERVER_AUTH:
+            return type_long;
+        case CKA_TRUST_CLIENT_AUTH:
+            return type_long;
+        case CKA_TRUST_CODE_SIGNING:
+            return type_long;
+        case CKA_TRUST_EMAIL_PROTECTION:
+            return type_long;
+        case CKA_TRUST_IPSEC_END_SYSTEM:
+            return type_long;
+        case CKA_TRUST_IPSEC_TUNNEL:
+            return type_long;
+        case CKA_TRUST_IPSEC_USER:
+            return type_long;
+        case CKA_TRUST_TIME_STAMPING:
+            return type_long;
+        case CKA_NETSCAPE_DB:
+            return type_opaque;
+        case CKA_NETSCAPE_TRUST:
+            return type_opaque;
+        default:
+            return type_opaque;
+    }
+}
+
+static void
+nss_dbm_db_swap_copy(
+    CK_ATTRIBUTE_TYPE type,
+    void *dest,
+    void *src,
+    CK_ULONG len)
+{
+    switch (nss_dbm_db_swap_type(type)) {
+        case type_byte:
+        case type_opaque:
+            (void)memcpy(dest, src, len);
+            break;
+        case type_short: {
+            CK_USHORT s, d;
+            (void)memcpy(&s, src, sizeof(CK_USHORT));
+            d = htons(s);
+            (void)memcpy(dest, &d, sizeof(CK_USHORT));
+            break;
+        }
+        case type_long: {
+            CK_ULONG s, d;
+            (void)memcpy(&s, src, sizeof(CK_ULONG));
+            d = htonl(s);
+            (void)memcpy(dest, &d, sizeof(CK_ULONG));
+            break;
+        }
+    }
+}
+
+static CK_RV
+nss_dbm_db_wrap_object(
+    NSSArena *arena,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    DBT *object)
+{
+    CK_ULONG object_size;
+    CK_ULONG i;
+    CK_ULONG *pulData;
+    char *pcData;
+    CK_ULONG offset;
+
+    object_size = (1 + ulAttributeCount * 3) * sizeof(CK_ULONG);
+    offset = object_size;
+    for (i = 0; i < ulAttributeCount; i++) {
+        object_size += pTemplate[i].ulValueLen;
+    }
+
+    object->size = object_size;
+    object->data = nss_ZAlloc(arena, object_size);
+    if ((void *)NULL == object->data) {
+        return CKR_HOST_MEMORY;
+    }
+
+    pulData = (CK_ULONG *)object->data;
+    pcData = (char *)object->data;
+
+    pulData[0] = htonl(ulAttributeCount);
+    for (i = 0; i < ulAttributeCount; i++) {
+        CK_ULONG len = pTemplate[i].ulValueLen;
+        pulData[1 + i * 3] = htonl(pTemplate[i].type);
+        pulData[2 + i * 3] = htonl(len);
+        pulData[3 + i * 3] = htonl(offset);
+        nss_dbm_db_swap_copy(pTemplate[i].type, &pcData[offset], pTemplate[i].pValue, len);
+        offset += len;
+    }
+
+    return CKR_OK;
+}
+
+static CK_RV
+nss_dbm_db_unwrap_object(
+    NSSArena *arena,
+    DBT *object,
+    CK_ATTRIBUTE_PTR *ppTemplate,
+    CK_ULONG *pulAttributeCount)
+{
+    CK_ULONG *pulData;
+    char *pcData;
+    CK_ULONG n, i;
+    CK_ATTRIBUTE_PTR pTemplate;
+
+    pulData = (CK_ULONG *)object->data;
+    pcData = (char *)object->data;
+
+    n = ntohl(pulData[0]);
+    *pulAttributeCount = n;
+    pTemplate = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, n);
+    if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
+        return CKR_HOST_MEMORY;
+    }
+
+    for (i = 0; i < n; i++) {
+        CK_ULONG len;
+        CK_ULONG offset;
+        void *p;
+
+        pTemplate[i].type = ntohl(pulData[1 + i * 3]);
+        len = ntohl(pulData[2 + i * 3]);
+        offset = ntohl(pulData[3 + i * 3]);
+
+        p = nss_ZAlloc(arena, len);
+        if ((void *)NULL == p) {
+            return CKR_HOST_MEMORY;
+        }
+
+        nss_dbm_db_swap_copy(pTemplate[i].type, p, &pcData[offset], len);
+        pTemplate[i].ulValueLen = len;
+        pTemplate[i].pValue = p;
+    }
+
+    *ppTemplate = pTemplate;
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT nss_dbm_dbt_t *
+nss_dbm_db_create_object(
+    NSSArena *arena,
+    nss_dbm_db_t *db,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError,
+    CK_ULONG *pdbrv)
+{
+    NSSArena *tmparena = (NSSArena *)NULL;
+    nss_dbm_dbt_t *rv = (nss_dbm_dbt_t *)NULL;
+    DBT object;
+
+    rv = nss_ZNEW(arena, nss_dbm_dbt_t);
+    if ((nss_dbm_dbt_t *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (nss_dbm_dbt_t *)NULL;
+    }
+
+    rv->my_db = db;
+    rv->dbt.size = sizeof(struct handle);
+    rv->dbt.data = nss_ZAlloc(arena, rv->dbt.size);
+    if ((void *)NULL == rv->dbt.data) {
+        *pError = CKR_HOST_MEMORY;
+        return (nss_dbm_dbt_t *)NULL;
+    }
+
+    *pdbrv = nss_dbm_db_new_handle(db, &rv->dbt, pError);
+    if (0 != *pdbrv) {
+        return (nss_dbm_dbt_t *)NULL;
+    }
+
+    tmparena = NSSArena_Create();
+    if ((NSSArena *)NULL == tmparena) {
+        *pError = CKR_HOST_MEMORY;
+        return (nss_dbm_dbt_t *)NULL;
+    }
+
+    *pError = nss_dbm_db_wrap_object(tmparena, pTemplate, ulAttributeCount, &object);
+    if (CKR_OK != *pError) {
+        return (nss_dbm_dbt_t *)NULL;
+    }
+
+    /* Locked region */
+    {
+        *pError = NSSCKFWMutex_Lock(db->crustylock);
+        if (CKR_OK != *pError) {
+            goto loser;
+        }
+
+        *pdbrv = db->db->put(db->db, &rv->dbt, &object, 0);
+        if (0 != *pdbrv) {
+            *pError = CKR_DEVICE_ERROR;
+        }
+
+        (void)db->db->sync(db->db, 0);
+
+        (void)NSSCKFWMutex_Unlock(db->crustylock);
+    }
+
+loser:
+    if ((NSSArena *)NULL != tmparena) {
+        (void)NSSArena_Destroy(tmparena);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_RV
+nss_dbm_db_find_objects(
+    nss_dbm_find_t *find,
+    nss_dbm_db_t *db,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_ULONG *pdbrv)
+{
+    CK_RV rv = CKR_OK;
+
+    if ((nss_dbm_db_t *)NULL != db) {
+        DBT k, v;
+
+        rv = NSSCKFWMutex_Lock(db->crustylock);
+        if (CKR_OK != rv) {
+            return rv;
+        }
+
+        *pdbrv = db->db->seq(db->db, &k, &v, R_FIRST);
+        while (0 == *pdbrv) {
+            CK_ULONG i, j;
+            NSSArena *tmparena = (NSSArena *)NULL;
+            CK_ULONG ulac;
+            CK_ATTRIBUTE_PTR pt;
+
+            if ((k.size < 4) || (0 != memcmp(k.data, PREFIX_OBJECT, 4))) {
+                goto nomatch;
+            }
+
+            tmparena = NSSArena_Create();
+
+            rv = nss_dbm_db_unwrap_object(tmparena, &v, &pt, &ulac);
+            if (CKR_OK != rv) {
+                goto loser;
+            }
+
+            for (i = 0; i < ulAttributeCount; i++) {
+                for (j = 0; j < ulac; j++) {
+                    if (pTemplate[i].type ==
+                        pt[j].type) {
+                        if (pTemplate[i].ulValueLen !=
+                            pt[j].ulValueLen) {
+                            goto nomatch;
+                        }
+                        if (0 !=
+                            memcmp(pTemplate[i].pValue, pt[j].pValue, pt[j].ulValueLen)) {
+                            goto nomatch;
+                        }
+                        break;
+                    }
+                }
+                if (j == ulac) {
+                    goto nomatch;
+                }
+            }
+
+            /* entire template matches */
+            {
+                struct nss_dbm_dbt_node *node;
+
+                node = nss_ZNEW(find->arena, struct nss_dbm_dbt_node);
+                if ((struct nss_dbm_dbt_node *)NULL == node) {
+                    rv =
+                        CKR_HOST_MEMORY;
+                    goto loser;
+                }
+
+                node->dbt = nss_ZNEW(find->arena, nss_dbm_dbt_t);
+                if ((nss_dbm_dbt_t *)NULL == node->dbt) {
+                    rv =
+                        CKR_HOST_MEMORY;
+                    goto loser;
+                }
+
+                node->dbt->dbt.size = k.size;
+                node->dbt->dbt.data = nss_ZAlloc(find->arena, k.size);
+                if ((void *)NULL == node->dbt->dbt.data) {
+                    rv =
+                        CKR_HOST_MEMORY;
+                    goto loser;
+                }
+
+                (void)memcpy(node->dbt->dbt.data, k.data, k.size);
+
+                node->dbt->my_db = db;
+
+                node->next = find->found;
+                find->found = node;
+            }
+
+        nomatch:
+            if ((NSSArena *)NULL != tmparena) {
+                (void)NSSArena_Destroy(tmparena);
+            }
+            *pdbrv = db->db->seq(db->db, &k, &v, R_NEXT);
+        }
+
+        if (*pdbrv < 0) {
+            rv = CKR_DEVICE_ERROR;
+            goto loser;
+        }
+
+        rv = CKR_OK;
+
+    loser:
+        (void)NSSCKFWMutex_Unlock(db->crustylock);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_BBOOL
+nss_dbm_db_object_still_exists(
+    nss_dbm_dbt_t *dbt)
+{
+    CK_BBOOL rv;
+    CK_RV ckrv;
+    int dbrv;
+    DBT object;
+
+    ckrv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
+    if (CKR_OK != ckrv) {
+        return CK_FALSE;
+    }
+
+    dbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
+    if (0 == dbrv) {
+        rv = CK_TRUE;
+    } else {
+        rv = CK_FALSE;
+    }
+
+    (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_ULONG
+nss_dbm_db_get_object_attribute_count(
+    nss_dbm_dbt_t *dbt,
+    CK_RV *pError,
+    CK_ULONG *pdbrv)
+{
+    CK_ULONG rv = 0;
+    DBT object;
+    CK_ULONG *pulData;
+
+    /* Locked region */
+    {
+        *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
+        if (CKR_OK != *pError) {
+            return rv;
+        }
+
+        *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
+        if (0 == *pdbrv) {
+            ;
+        } else if (*pdbrv > 0) {
+            *pError = CKR_OBJECT_HANDLE_INVALID;
+            goto done;
+        } else {
+            *pError = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+        pulData = (CK_ULONG *)object.data;
+        rv = ntohl(pulData[0]);
+
+    done:
+        (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_RV
+nss_dbm_db_get_object_attribute_types(
+    nss_dbm_dbt_t *dbt,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount,
+    CK_ULONG *pdbrv)
+{
+    CK_RV rv = CKR_OK;
+    DBT object;
+    CK_ULONG *pulData;
+    CK_ULONG n, i;
+
+    /* Locked region */
+    {
+        rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
+        if (CKR_OK != rv) {
+            return rv;
+        }
+
+        *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
+        if (0 == *pdbrv) {
+            ;
+        } else if (*pdbrv > 0) {
+            rv = CKR_OBJECT_HANDLE_INVALID;
+            goto done;
+        } else {
+            rv = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+        pulData = (CK_ULONG *)object.data;
+        n = ntohl(pulData[0]);
+
+        if (ulCount < n) {
+            rv = CKR_BUFFER_TOO_SMALL;
+            goto done;
+        }
+
+        for (i = 0; i < n; i++) {
+            typeArray[i] = ntohl(pulData[1 + i * 3]);
+        }
+
+    done:
+        (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_ULONG
+nss_dbm_db_get_object_attribute_size(
+    nss_dbm_dbt_t *dbt,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError,
+    CK_ULONG *pdbrv)
+{
+    CK_ULONG rv = 0;
+    DBT object;
+    CK_ULONG *pulData;
+    CK_ULONG n, i;
+
+    /* Locked region */
+    {
+        *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
+        if (CKR_OK != *pError) {
+            return rv;
+        }
+
+        *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
+        if (0 == *pdbrv) {
+            ;
+        } else if (*pdbrv > 0) {
+            *pError = CKR_OBJECT_HANDLE_INVALID;
+            goto done;
+        } else {
+            *pError = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+        pulData = (CK_ULONG *)object.data;
+        n = ntohl(pulData[0]);
+
+        for (i = 0; i < n; i++) {
+            if (type == ntohl(pulData[1 + i * 3])) {
+                rv = ntohl(pulData[2 + i * 3]);
+            }
+        }
+
+        if (i == n) {
+            *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+            goto done;
+        }
+
+    done:
+        (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT NSSItem *
+nss_dbm_db_get_object_attribute(
+    nss_dbm_dbt_t *dbt,
+    NSSArena *arena,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError,
+    CK_ULONG *pdbrv)
+{
+    NSSItem *rv = (NSSItem *)NULL;
+    DBT object;
+    CK_ULONG i;
+    NSSArena *tmp = NSSArena_Create();
+    CK_ATTRIBUTE_PTR pTemplate;
+    CK_ULONG ulAttributeCount;
+
+    /* Locked region */
+    {
+        *pError = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
+        if (CKR_OK != *pError) {
+            goto loser;
+        }
+
+        *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
+        if (0 == *pdbrv) {
+            ;
+        } else if (*pdbrv > 0) {
+            *pError = CKR_OBJECT_HANDLE_INVALID;
+            goto done;
+        } else {
+            *pError = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+        *pError = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount);
+        if (CKR_OK != *pError) {
+            goto done;
+        }
+
+        for (i = 0; i < ulAttributeCount; i++) {
+            if (type == pTemplate[i].type) {
+                rv = nss_ZNEW(arena, NSSItem);
+                if ((NSSItem *)NULL == rv) {
+                    *pError =
+                        CKR_HOST_MEMORY;
+                    goto done;
+                }
+                rv->size = pTemplate[i].ulValueLen;
+                rv->data = nss_ZAlloc(arena, rv->size);
+                if ((void *)NULL == rv->data) {
+                    *pError =
+                        CKR_HOST_MEMORY;
+                    goto done;
+                }
+                (void)memcpy(rv->data, pTemplate[i].pValue, rv->size);
+                break;
+            }
+        }
+        if (ulAttributeCount == i) {
+            *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+            goto done;
+        }
+
+    done:
+        (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
+    }
+
+loser:
+    if ((NSSArena *)NULL != tmp) {
+        NSSArena_Destroy(tmp);
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT CK_RV
+nss_dbm_db_set_object_attribute(
+    nss_dbm_dbt_t *dbt,
+    CK_ATTRIBUTE_TYPE type,
+    NSSItem *value,
+    CK_ULONG *pdbrv)
+{
+    CK_RV rv = CKR_OK;
+    DBT object;
+    CK_ULONG i;
+    NSSArena *tmp = NSSArena_Create();
+    CK_ATTRIBUTE_PTR pTemplate;
+    CK_ULONG ulAttributeCount;
+
+    /* Locked region */
+    {
+        rv = NSSCKFWMutex_Lock(dbt->my_db->crustylock);
+        if (CKR_OK != rv) {
+            goto loser;
+        }
+
+        *pdbrv = dbt->my_db->db->get(dbt->my_db->db, &dbt->dbt, &object, 0);
+        if (0 == *pdbrv) {
+            ;
+        } else if (*pdbrv > 0) {
+            rv = CKR_OBJECT_HANDLE_INVALID;
+            goto done;
+        } else {
+            rv = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+        rv = nss_dbm_db_unwrap_object(tmp, &object, &pTemplate, &ulAttributeCount);
+        if (CKR_OK != rv) {
+            goto done;
+        }
+
+        for (i = 0; i < ulAttributeCount; i++) {
+            if (type == pTemplate[i].type) {
+                /* Replacing an existing attribute */
+                pTemplate[i].ulValueLen = value->size;
+                pTemplate[i].pValue = value->data;
+                break;
+            }
+        }
+
+        if (i == ulAttributeCount) {
+            /* Adding a new attribute */
+            CK_ATTRIBUTE_PTR npt = nss_ZNEWARRAY(tmp, CK_ATTRIBUTE, ulAttributeCount + 1);
+            if ((CK_ATTRIBUTE_PTR)NULL == npt) {
+                rv = CKR_DEVICE_ERROR;
+                goto done;
+            }
+
+            for (i = 0; i < ulAttributeCount; i++) {
+                npt[i] = pTemplate[i];
+            }
+
+            npt[ulAttributeCount].type = type;
+            npt[ulAttributeCount].ulValueLen = value->size;
+            npt[ulAttributeCount].pValue = value->data;
+
+            pTemplate = npt;
+            ulAttributeCount++;
+        }
+
+        rv = nss_dbm_db_wrap_object(tmp, pTemplate, ulAttributeCount, &object);
+        if (CKR_OK != rv) {
+            goto done;
+        }
+
+        *pdbrv = dbt->my_db->db->put(dbt->my_db->db, &dbt->dbt, &object, 0);
+        if (0 != *pdbrv) {
+            rv = CKR_DEVICE_ERROR;
+            goto done;
+        }
+
+        (void)dbt->my_db->db->sync(dbt->my_db->db, 0);
+
+    done:
+        (void)NSSCKFWMutex_Unlock(dbt->my_db->crustylock);
+    }
+
+loser:
+    if ((NSSArena *)NULL != tmp) {
+        NSSArena_Destroy(tmp);
+    }
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/dbm/find.c b/nss/lib/ckfw/dbm/find.c
new file mode 100644
index 0000000..8a03855
--- /dev/null
+++ b/nss/lib/ckfw/dbm/find.c
@@ -0,0 +1,126 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckdbm.h"
+
+static void
+nss_dbm_mdFindObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc;
+
+    /* Locks might have system resources associated */
+    (void)NSSCKFWMutex_Destroy(find->list_lock);
+    (void)NSSArena_Destroy(find->arena);
+}
+
+static NSSCKMDObject *
+nss_dbm_mdFindObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    nss_dbm_find_t *find = (nss_dbm_find_t *)mdFindObjects->etc;
+    struct nss_dbm_dbt_node *node;
+    nss_dbm_object_t *object;
+    NSSCKMDObject *rv;
+
+    while (1) {
+        /* Lock */
+        {
+            *pError = NSSCKFWMutex_Lock(find->list_lock);
+            if (CKR_OK != *pError) {
+                return (NSSCKMDObject *)NULL;
+            }
+
+            node = find->found;
+            if ((struct nss_dbm_dbt_node *)NULL != node) {
+                find->found = node->next;
+            }
+
+            *pError = NSSCKFWMutex_Unlock(find->list_lock);
+            if (CKR_OK != *pError) {
+                /* screwed now */
+                return (NSSCKMDObject *)NULL;
+            }
+        }
+
+        if ((struct nss_dbm_dbt_node *)NULL == node) {
+            break;
+        }
+
+        if (nss_dbm_db_object_still_exists(node->dbt)) {
+            break;
+        }
+    }
+
+    if ((struct nss_dbm_dbt_node *)NULL == node) {
+        *pError = CKR_OK;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    object = nss_ZNEW(arena, nss_dbm_object_t);
+    if ((nss_dbm_object_t *)NULL == object) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    object->arena = arena;
+    object->handle = nss_ZNEW(arena, nss_dbm_dbt_t);
+    if ((nss_dbm_dbt_t *)NULL == object->handle) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    object->handle->my_db = node->dbt->my_db;
+    object->handle->dbt.size = node->dbt->dbt.size;
+    object->handle->dbt.data = nss_ZAlloc(arena, node->dbt->dbt.size);
+    if ((void *)NULL == object->handle->dbt.data) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    (void)memcpy(object->handle->dbt.data, node->dbt->dbt.data, node->dbt->dbt.size);
+
+    rv = nss_dbm_mdObject_factory(object, pError);
+    if ((NSSCKMDObject *)NULL == rv) {
+        return (NSSCKMDObject *)NULL;
+    }
+
+    return rv;
+}
+
+NSS_IMPLEMENT NSSCKMDFindObjects *
+nss_dbm_mdFindObjects_factory(
+    nss_dbm_find_t *find,
+    CK_RV *pError)
+{
+    NSSCKMDFindObjects *rv;
+
+    rv = nss_ZNEW(find->arena, NSSCKMDFindObjects);
+    if ((NSSCKMDFindObjects *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDFindObjects *)NULL;
+    }
+
+    rv->etc = (void *)find;
+    rv->Final = nss_dbm_mdFindObjects_Final;
+    rv->Next = nss_dbm_mdFindObjects_Next;
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/dbm/instance.c b/nss/lib/ckfw/dbm/instance.c
new file mode 100644
index 0000000..fbb1172
--- /dev/null
+++ b/nss/lib/ckfw/dbm/instance.c
@@ -0,0 +1,147 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckdbm.h"
+
+static CK_RV
+nss_dbm_mdInstance_Initialize(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSUTF8 *configurationData)
+{
+    CK_RV rv = CKR_OK;
+    NSSArena *arena;
+    nss_dbm_instance_t *instance;
+
+    arena = NSSCKFWInstance_GetArena(fwInstance, &rv);
+    if (((NSSArena *)NULL == arena) && (CKR_OK != rv)) {
+        return rv;
+    }
+
+    instance = nss_ZNEW(arena, nss_dbm_instance_t);
+    if ((nss_dbm_instance_t *)NULL == instance) {
+        return CKR_HOST_MEMORY;
+    }
+
+    instance->arena = arena;
+
+    /*
+     * This should parse the configuration data for information on
+     * number and locations of databases, modes (e.g. readonly), etc.
+     * But for now, we'll have one slot with a creatable read-write
+     * database called "cert8.db."
+     */
+
+    instance->nSlots = 1;
+    instance->filenames = nss_ZNEWARRAY(arena, char *, instance->nSlots);
+    if ((char **)NULL == instance->filenames) {
+        return CKR_HOST_MEMORY;
+    }
+
+    instance->flags = nss_ZNEWARRAY(arena, int, instance->nSlots);
+    if ((int *)NULL == instance->flags) {
+        return CKR_HOST_MEMORY;
+    }
+
+    instance->filenames[0] = "cert8.db";
+    instance->flags[0] = O_RDWR | O_CREAT;
+
+    mdInstance->etc = (void *)instance;
+    return CKR_OK;
+}
+
+/* nss_dbm_mdInstance_Finalize is not required */
+
+static CK_ULONG
+nss_dbm_mdInstance_GetNSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
+    return instance->nSlots;
+}
+
+static CK_VERSION
+nss_dbm_mdInstance_GetCryptokiVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    static CK_VERSION rv = { 2, 1 };
+    return rv;
+}
+
+static NSSUTF8 *
+nss_dbm_mdInstance_GetManufacturerID(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return "Mozilla Foundation";
+}
+
+static NSSUTF8 *
+nss_dbm_mdInstance_GetLibraryDescription(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return "Berkeley Database Module";
+}
+
+static CK_VERSION
+nss_dbm_mdInstance_GetLibraryVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    static CK_VERSION rv = { 1, 0 }; /* My own version number */
+    return rv;
+}
+
+static CK_BBOOL
+nss_dbm_mdInstance_ModuleHandlesSessionObjects(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_TRUE;
+}
+
+static CK_RV
+nss_dbm_mdInstance_GetSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *slots[])
+{
+    nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
+    CK_ULONG i;
+    CK_RV rv = CKR_OK;
+
+    for (i = 0; i < instance->nSlots; i++) {
+        slots[i] = nss_dbm_mdSlot_factory(instance, instance->filenames[i],
+                                          instance->flags[i], &rv);
+        if ((NSSCKMDSlot *)NULL == slots[i]) {
+            return rv;
+        }
+    }
+
+    return rv;
+}
+
+/* nss_dbm_mdInstance_WaitForSlotEvent is not relevant */
+
+NSS_IMPLEMENT_DATA NSSCKMDInstance
+    nss_dbm_mdInstance = {
+        NULL, /* etc; filled in later */
+        nss_dbm_mdInstance_Initialize,
+        NULL, /* nss_dbm_mdInstance_Finalize */
+        nss_dbm_mdInstance_GetNSlots,
+        nss_dbm_mdInstance_GetCryptokiVersion,
+        nss_dbm_mdInstance_GetManufacturerID,
+        nss_dbm_mdInstance_GetLibraryDescription,
+        nss_dbm_mdInstance_GetLibraryVersion,
+        nss_dbm_mdInstance_ModuleHandlesSessionObjects,
+        nss_dbm_mdInstance_GetSlots,
+        NULL, /* nss_dbm_mdInstance_WaitForSlotEvent */
+        NULL  /* terminator */
+    };
diff --git a/nss/lib/ckfw/dbm/manifest.mn b/nss/lib/ckfw/dbm/manifest.mn
new file mode 100644
index 0000000..1f87f43
--- /dev/null
+++ b/nss/lib/ckfw/dbm/manifest.mn
@@ -0,0 +1,25 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../../..
+
+MODULE = nss
+
+CSRCS =		   \
+	anchor.c   \
+	instance.c \
+	slot.c	   \
+	token.c	   \
+	session.c  \
+	object.c   \
+	find.c	   \
+	db.c	   \
+	$(NULL)
+
+REQUIRES = dbm nspr
+
+LIBRARY_NAME = nssckdbm
+
+EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -ldbm -lnspr4 -lplc4 -lplds4
diff --git a/nss/lib/ckfw/dbm/object.c b/nss/lib/ckfw/dbm/object.c
new file mode 100644
index 0000000..4f6e4d4
--- /dev/null
+++ b/nss/lib/ckfw/dbm/object.c
@@ -0,0 +1,155 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckdbm.h"
+
+static void
+nss_dbm_mdObject_Finalize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    ;
+}
+
+static CK_RV
+nss_dbm_mdObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
+    return nss_dbm_db_delete_object(object->handle);
+}
+
+static CK_ULONG
+nss_dbm_mdObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    return nss_dbm_db_get_object_attribute_count(object->handle, pError,
+                                                 &session->deviceError);
+}
+
+static CK_RV
+nss_dbm_mdObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
+{
+    nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    return nss_dbm_db_get_object_attribute_types(object->handle, typeArray,
+                                                 ulCount, &session->deviceError);
+}
+
+static CK_ULONG
+nss_dbm_mdObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    return nss_dbm_db_get_object_attribute_size(object->handle, attribute, pError,
+                                                &session->deviceError);
+}
+
+static NSSItem *
+nss_dbm_mdObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    return nss_dbm_db_get_object_attribute(object->handle, object->arena, attribute,
+                                           pError, &session->deviceError);
+}
+
+static CK_RV
+nss_dbm_mdObject_SetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value)
+{
+    nss_dbm_object_t *object = (nss_dbm_object_t *)mdObject->etc;
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    return nss_dbm_db_set_object_attribute(object->handle, attribute, value,
+                                           &session->deviceError);
+}
+
+NSS_IMPLEMENT NSSCKMDObject *
+nss_dbm_mdObject_factory(
+    nss_dbm_object_t *object,
+    CK_RV *pError)
+{
+    NSSCKMDObject *rv;
+
+    rv = nss_ZNEW(object->arena, NSSCKMDObject);
+    if ((NSSCKMDObject *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    rv->etc = (void *)object;
+    rv->Finalize = nss_dbm_mdObject_Finalize;
+    rv->Destroy = nss_dbm_mdObject_Destroy;
+    /*  IsTokenObject can be deferred */
+    rv->GetAttributeCount = nss_dbm_mdObject_GetAttributeCount;
+    rv->GetAttributeTypes = nss_dbm_mdObject_GetAttributeTypes;
+    rv->GetAttributeSize = nss_dbm_mdObject_GetAttributeSize;
+    rv->GetAttribute = nss_dbm_mdObject_GetAttribute;
+    rv->SetAttribute = nss_dbm_mdObject_SetAttribute;
+    /*  GetObjectSize can be deferred */
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/dbm/session.c b/nss/lib/ckfw/dbm/session.c
new file mode 100644
index 0000000..a1c2ee5
--- /dev/null
+++ b/nss/lib/ckfw/dbm/session.c
@@ -0,0 +1,255 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckdbm.h"
+
+static void
+nss_dbm_mdSession_Close(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+
+    struct nss_dbm_dbt_node *w;
+
+    /* Lock */
+    {
+        if (CKR_OK != NSSCKFWMutex_Lock(session->list_lock)) {
+            return;
+        }
+
+        w = session->session_objects;
+        session->session_objects = (struct nss_dbm_dbt_node *)NULL; /* sanity */
+
+        (void)NSSCKFWMutex_Unlock(session->list_lock);
+    }
+
+    for (; (struct nss_dbm_dbt_node *)NULL != w; w = w->next) {
+        (void)nss_dbm_db_delete_object(w->dbt);
+    }
+}
+
+static CK_ULONG
+nss_dbm_mdSession_GetDeviceError(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    return session->deviceError;
+}
+
+/* Login isn't needed */
+/* Logout isn't needed */
+/* InitPIN is irrelevant */
+/* SetPIN is irrelevant */
+/* GetOperationStateLen is irrelevant */
+/* GetOperationState is irrelevant */
+/* SetOperationState is irrelevant */
+
+static NSSCKMDObject *
+nss_dbm_mdSession_CreateObject(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *handyArenaPointer,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+    CK_ULONG i;
+    CK_BBOOL isToken = CK_FALSE; /* defaults to false */
+    NSSCKMDObject *rv;
+    struct nss_dbm_dbt_node *node = (struct nss_dbm_dbt_node *)NULL;
+    nss_dbm_object_t *object;
+    nss_dbm_db_t *which_db;
+
+    /* This framework should really pass this to me */
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (CKA_TOKEN == pTemplate[i].type) {
+            isToken = *(CK_BBOOL *)pTemplate[i].pValue;
+            break;
+        }
+    }
+
+    object = nss_ZNEW(handyArenaPointer, nss_dbm_object_t);
+    if ((nss_dbm_object_t *)NULL == object) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    object->arena = handyArenaPointer;
+    which_db = isToken ? token->slot->token_db : token->session_db;
+
+    /* Do this before the actual database call; it's easier to recover from */
+    rv = nss_dbm_mdObject_factory(object, pError);
+    if ((NSSCKMDObject *)NULL == rv) {
+        return (NSSCKMDObject *)NULL;
+    }
+
+    if (CK_FALSE == isToken) {
+        node = nss_ZNEW(session->arena, struct nss_dbm_dbt_node);
+        if ((struct nss_dbm_dbt_node *)NULL == node) {
+            *pError = CKR_HOST_MEMORY;
+            return (NSSCKMDObject *)NULL;
+        }
+    }
+
+    object->handle = nss_dbm_db_create_object(handyArenaPointer, which_db,
+                                              pTemplate, ulAttributeCount,
+                                              pError, &session->deviceError);
+    if ((nss_dbm_dbt_t *)NULL == object->handle) {
+        return (NSSCKMDObject *)NULL;
+    }
+
+    if (CK_FALSE == isToken) {
+        node->dbt = object->handle;
+        /* Lock */
+        {
+            *pError = NSSCKFWMutex_Lock(session->list_lock);
+            if (CKR_OK != *pError) {
+                (void)nss_dbm_db_delete_object(object->handle);
+                return (NSSCKMDObject *)NULL;
+            }
+
+            node->next = session->session_objects;
+            session->session_objects = node;
+
+            *pError = NSSCKFWMutex_Unlock(session->list_lock);
+        }
+    }
+
+    return rv;
+}
+
+/* CopyObject isn't needed; the framework will use CreateObject */
+
+static NSSCKMDFindObjects *
+nss_dbm_mdSession_FindObjectsInit(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    nss_dbm_session_t *session = (nss_dbm_session_t *)mdSession->etc;
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+    NSSArena *arena;
+    nss_dbm_find_t *find;
+    NSSCKMDFindObjects *rv;
+
+    arena = NSSArena_Create();
+    if ((NSSArena *)NULL == arena) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    find = nss_ZNEW(arena, nss_dbm_find_t);
+    if ((nss_dbm_find_t *)NULL == find) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    find->arena = arena;
+    find->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError);
+    if ((NSSCKFWMutex *)NULL == find->list_lock) {
+        goto loser;
+    }
+
+    *pError = nss_dbm_db_find_objects(find, token->slot->token_db, pTemplate,
+                                      ulAttributeCount, &session->deviceError);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    *pError = nss_dbm_db_find_objects(find, token->session_db, pTemplate,
+                                      ulAttributeCount, &session->deviceError);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    rv = nss_dbm_mdFindObjects_factory(find, pError);
+    if ((NSSCKMDFindObjects *)NULL == rv) {
+        goto loser;
+    }
+
+    return rv;
+
+loser:
+    if ((NSSArena *)NULL != arena) {
+        (void)NSSArena_Destroy(arena);
+    }
+
+    return (NSSCKMDFindObjects *)NULL;
+}
+
+/* SeedRandom is irrelevant */
+/* GetRandom is irrelevant */
+
+NSS_IMPLEMENT NSSCKMDSession *
+nss_dbm_mdSession_factory(
+    nss_dbm_token_t *token,
+    NSSCKFWSession *fwSession,
+    NSSCKFWInstance *fwInstance,
+    CK_BBOOL rw,
+    CK_RV *pError)
+{
+    NSSArena *arena;
+    nss_dbm_session_t *session;
+    NSSCKMDSession *rv;
+
+    arena = NSSCKFWSession_GetArena(fwSession, pError);
+
+    session = nss_ZNEW(arena, nss_dbm_session_t);
+    if ((nss_dbm_session_t *)NULL == session) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSession *)NULL;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDSession);
+    if ((NSSCKMDSession *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSession *)NULL;
+    }
+
+    session->arena = arena;
+    session->token = token;
+    session->list_lock = NSSCKFWInstance_CreateMutex(fwInstance, arena, pError);
+    if ((NSSCKFWMutex *)NULL == session->list_lock) {
+        return (NSSCKMDSession *)NULL;
+    }
+
+    rv->etc = (void *)session;
+    rv->Close = nss_dbm_mdSession_Close;
+    rv->GetDeviceError = nss_dbm_mdSession_GetDeviceError;
+    /*  Login isn't needed */
+    /*  Logout isn't needed */
+    /*  InitPIN is irrelevant */
+    /*  SetPIN is irrelevant */
+    /*  GetOperationStateLen is irrelevant */
+    /*  GetOperationState is irrelevant */
+    /*  SetOperationState is irrelevant */
+    rv->CreateObject = nss_dbm_mdSession_CreateObject;
+    /*  CopyObject isn't needed; the framework will use CreateObject */
+    rv->FindObjectsInit = nss_dbm_mdSession_FindObjectsInit;
+    rv->null = NULL;
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/dbm/slot.c b/nss/lib/ckfw/dbm/slot.c
new file mode 100644
index 0000000..06824d5
--- /dev/null
+++ b/nss/lib/ckfw/dbm/slot.c
@@ -0,0 +1,165 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckdbm.h"
+
+static CK_RV
+nss_dbm_mdSlot_Initialize(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
+    nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
+    CK_RV rv = CKR_OK;
+
+    slot->token_db = nss_dbm_db_open(instance->arena, fwInstance, slot->filename,
+                                     slot->flags, &rv);
+    if ((nss_dbm_db_t *)NULL == slot->token_db) {
+        if (CKR_TOKEN_NOT_PRESENT == rv) {
+            /* This is not an error-- just means "the token isn't there" */
+            rv = CKR_OK;
+        }
+    }
+
+    return rv;
+}
+
+static void
+nss_dbm_mdSlot_Destroy(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
+
+    if ((nss_dbm_db_t *)NULL != slot->token_db) {
+        nss_dbm_db_close(slot->token_db);
+        slot->token_db = (nss_dbm_db_t *)NULL;
+    }
+}
+
+static NSSUTF8 *
+nss_dbm_mdSlot_GetSlotDescription(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return "Database";
+}
+
+static NSSUTF8 *
+nss_dbm_mdSlot_GetManufacturerID(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return "Berkeley";
+}
+
+static CK_BBOOL
+nss_dbm_mdSlot_GetTokenPresent(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
+
+    if ((nss_dbm_db_t *)NULL == slot->token_db) {
+        return CK_FALSE;
+    } else {
+        return CK_TRUE;
+    }
+}
+
+static CK_BBOOL
+nss_dbm_mdSlot_GetRemovableDevice(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    /*
+     * Well, this supports "tokens" (databases) that aren't there, so in
+     * that sense they're removable.  It'd be nice to handle databases
+     * that suddenly disappear (NFS-mounted home directories and network
+     * errors, for instance) but that's a harder problem.  We'll say
+     * we support removable devices, badly.
+     */
+
+    return CK_TRUE;
+}
+
+/* nss_dbm_mdSlot_GetHardwareSlot defaults to CK_FALSE */
+/*
+ * nss_dbm_mdSlot_GetHardwareVersion
+ * nss_dbm_mdSlot_GetFirmwareVersion
+ *
+ * These are kinda fuzzy concepts here.  I suppose we could return the
+ * Berkeley DB version for one of them, if we had an actual number we
+ * were confident in.  But mcom's "dbm" has been hacked enough that I
+ * don't really know from what "real" version it stems..
+ */
+
+static NSSCKMDToken *
+nss_dbm_mdSlot_GetToken(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    nss_dbm_slot_t *slot = (nss_dbm_slot_t *)mdSlot->etc;
+    return nss_dbm_mdToken_factory(slot, pError);
+}
+
+NSS_IMPLEMENT NSSCKMDSlot *
+nss_dbm_mdSlot_factory(
+    nss_dbm_instance_t *instance,
+    char *filename,
+    int flags,
+    CK_RV *pError)
+{
+    nss_dbm_slot_t *slot;
+    NSSCKMDSlot *rv;
+
+    slot = nss_ZNEW(instance->arena, nss_dbm_slot_t);
+    if ((nss_dbm_slot_t *)NULL == slot) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSlot *)NULL;
+    }
+
+    slot->instance = instance;
+    slot->filename = filename;
+    slot->flags = flags;
+    slot->token_db = (nss_dbm_db_t *)NULL;
+
+    rv = nss_ZNEW(instance->arena, NSSCKMDSlot);
+    if ((NSSCKMDSlot *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSlot *)NULL;
+    }
+
+    rv->etc = (void *)slot;
+    rv->Initialize = nss_dbm_mdSlot_Initialize;
+    rv->Destroy = nss_dbm_mdSlot_Destroy;
+    rv->GetSlotDescription = nss_dbm_mdSlot_GetSlotDescription;
+    rv->GetManufacturerID = nss_dbm_mdSlot_GetManufacturerID;
+    rv->GetTokenPresent = nss_dbm_mdSlot_GetTokenPresent;
+    rv->GetRemovableDevice = nss_dbm_mdSlot_GetRemovableDevice;
+    /*  GetHardwareSlot */
+    /*  GetHardwareVersion */
+    /*  GetFirmwareVersion */
+    rv->GetToken = nss_dbm_mdSlot_GetToken;
+    rv->null = (void *)NULL;
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/dbm/token.c b/nss/lib/ckfw/dbm/token.c
new file mode 100644
index 0000000..6873bf0
--- /dev/null
+++ b/nss/lib/ckfw/dbm/token.c
@@ -0,0 +1,260 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckdbm.h"
+
+static CK_RV
+nss_dbm_mdToken_Setup(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+    CK_RV rv = CKR_OK;
+
+    token->arena = NSSCKFWToken_GetArena(fwToken, &rv);
+    token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL,
+                                        O_RDWR | O_CREAT, &rv);
+    if ((nss_dbm_db_t *)NULL == token->session_db) {
+        return rv;
+    }
+
+    /* Add a label record if there isn't one? */
+
+    return CKR_OK;
+}
+
+static void
+nss_dbm_mdToken_Invalidate(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+
+    if ((nss_dbm_db_t *)NULL != token->session_db) {
+        nss_dbm_db_close(token->session_db);
+        token->session_db = (nss_dbm_db_t *)NULL;
+    }
+}
+
+static CK_RV
+nss_dbm_mdToken_InitToken(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSItem *pin,
+    NSSUTF8 *label)
+{
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+    nss_dbm_instance_t *instance = (nss_dbm_instance_t *)mdInstance->etc;
+    CK_RV rv;
+
+    /* Wipe the session object data */
+
+    if ((nss_dbm_db_t *)NULL != token->session_db) {
+        nss_dbm_db_close(token->session_db);
+    }
+
+    token->session_db = nss_dbm_db_open(token->arena, fwInstance, (char *)NULL,
+                                        O_RDWR | O_CREAT, &rv);
+    if ((nss_dbm_db_t *)NULL == token->session_db) {
+        return rv;
+    }
+
+    /* Wipe the token object data */
+
+    if (token->slot->flags & O_RDWR) {
+        if ((nss_dbm_db_t *)NULL != token->slot->token_db) {
+            nss_dbm_db_close(token->slot->token_db);
+        }
+
+        token->slot->token_db = nss_dbm_db_open(instance->arena, fwInstance,
+                                                token->slot->filename,
+                                                token->slot->flags | O_CREAT | O_TRUNC,
+                                                &rv);
+        if ((nss_dbm_db_t *)NULL == token->slot->token_db) {
+            return rv;
+        }
+
+        /* PIN is irrelevant */
+
+        rv = nss_dbm_db_set_label(token->slot->token_db, label);
+        if (CKR_OK != rv) {
+            return rv;
+        }
+    }
+
+    return CKR_OK;
+}
+
+static NSSUTF8 *
+nss_dbm_mdToken_GetLabel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+
+    if ((NSSUTF8 *)NULL == token->label) {
+        token->label = nss_dbm_db_get_label(token->slot->token_db, token->arena, pError);
+    }
+
+    /* If no label has been set, return *something* */
+    if ((NSSUTF8 *)NULL == token->label) {
+        return token->slot->filename;
+    }
+
+    return token->label;
+}
+
+static NSSUTF8 *
+nss_dbm_mdToken_GetManufacturerID(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return "mozilla.org NSS";
+}
+
+static NSSUTF8 *
+nss_dbm_mdToken_GetModel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return "dbm";
+}
+
+/* GetSerialNumber is irrelevant */
+/* GetHasRNG defaults to CK_FALSE */
+
+static CK_BBOOL
+nss_dbm_mdToken_GetIsWriteProtected(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+
+    if (token->slot->flags & O_RDWR) {
+        return CK_FALSE;
+    } else {
+        return CK_TRUE;
+    }
+}
+
+/* GetLoginRequired defaults to CK_FALSE */
+/* GetUserPinInitialized defaults to CK_FALSE */
+/* GetRestoreKeyNotNeeded is irrelevant */
+/* GetHasClockOnToken defaults to CK_FALSE */
+/* GetHasProtectedAuthenticationPath defaults to CK_FALSE */
+/* GetSupportsDualCryptoOperations is irrelevant */
+
+static CK_ULONG
+nss_dbm_mdToken_effectively_infinite(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_EFFECTIVELY_INFINITE;
+}
+
+static CK_VERSION
+nss_dbm_mdToken_GetHardwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+    return nss_dbm_db_get_format_version(token->slot->token_db);
+}
+
+/* GetFirmwareVersion is irrelevant */
+/* GetUTCTime is irrelevant */
+
+static NSSCKMDSession *
+nss_dbm_mdToken_OpenSession(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_BBOOL rw,
+    CK_RV *pError)
+{
+    nss_dbm_token_t *token = (nss_dbm_token_t *)mdToken->etc;
+    return nss_dbm_mdSession_factory(token, fwSession, fwInstance, rw, pError);
+}
+
+/* GetMechanismCount defaults to zero */
+/* GetMechanismTypes is irrelevant */
+/* GetMechanism is irrelevant */
+
+NSS_IMPLEMENT NSSCKMDToken *
+nss_dbm_mdToken_factory(
+    nss_dbm_slot_t *slot,
+    CK_RV *pError)
+{
+    nss_dbm_token_t *token;
+    NSSCKMDToken *rv;
+
+    token = nss_ZNEW(slot->instance->arena, nss_dbm_token_t);
+    if ((nss_dbm_token_t *)NULL == token) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDToken *)NULL;
+    }
+
+    rv = nss_ZNEW(slot->instance->arena, NSSCKMDToken);
+    if ((NSSCKMDToken *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDToken *)NULL;
+    }
+
+    token->slot = slot;
+
+    rv->etc = (void *)token;
+    rv->Setup = nss_dbm_mdToken_Setup;
+    rv->Invalidate = nss_dbm_mdToken_Invalidate;
+    rv->InitToken = nss_dbm_mdToken_InitToken;
+    rv->GetLabel = nss_dbm_mdToken_GetLabel;
+    rv->GetManufacturerID = nss_dbm_mdToken_GetManufacturerID;
+    rv->GetModel = nss_dbm_mdToken_GetModel;
+    /*  GetSerialNumber is irrelevant */
+    /*  GetHasRNG defaults to CK_FALSE */
+    rv->GetIsWriteProtected = nss_dbm_mdToken_GetIsWriteProtected;
+    /*  GetLoginRequired defaults to CK_FALSE */
+    /*  GetUserPinInitialized defaults to CK_FALSE */
+    /*  GetRestoreKeyNotNeeded is irrelevant */
+    /*  GetHasClockOnToken defaults to CK_FALSE */
+    /*  GetHasProtectedAuthenticationPath defaults to CK_FALSE */
+    /*  GetSupportsDualCryptoOperations is irrelevant */
+    rv->GetMaxSessionCount = nss_dbm_mdToken_effectively_infinite;
+    rv->GetMaxRwSessionCount = nss_dbm_mdToken_effectively_infinite;
+    /*  GetMaxPinLen is irrelevant */
+    /*  GetMinPinLen is irrelevant */
+    /*  GetTotalPublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
+    /*  GetFreePublicMemory defaults to CK_UNAVAILABLE_INFORMATION */
+    /*  GetTotalPrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
+    /*  GetFreePrivateMemory defaults to CK_UNAVAILABLE_INFORMATION */
+    rv->GetHardwareVersion = nss_dbm_mdToken_GetHardwareVersion;
+    /*  GetFirmwareVersion is irrelevant */
+    /*  GetUTCTime is irrelevant */
+    rv->OpenSession = nss_dbm_mdToken_OpenSession;
+    rv->null = NULL;
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/exports.gyp b/nss/lib/ckfw/exports.gyp
new file mode 100644
index 0000000..b986fd8
--- /dev/null
+++ b/nss/lib/ckfw/exports.gyp
@@ -0,0 +1,44 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_ckfw_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'nssck.api',
+            'nssckepv.h',
+            'nssckft.h',
+            'nssckfw.h',
+            'nssckfwc.h',
+            'nssckfwt.h',
+            'nssckg.h',
+            'nssckmdt.h',
+            'nssckt.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'ck.h',
+            'ckfw.h',
+            'ckfwm.h',
+            'ckfwtm.h',
+            'ckmd.h',
+            'ckt.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/ckfw/find.c b/nss/lib/ckfw/find.c
new file mode 100644
index 0000000..55732e6
--- /dev/null
+++ b/nss/lib/ckfw/find.c
@@ -0,0 +1,362 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * find.c
+ *
+ * This file implements the nssCKFWFindObjects type and methods.
+ */
+
+#ifndef CK_H
+#include "ck.h"
+#endif /* CK_H */
+
+/*
+ * NSSCKFWFindObjects
+ *
+ *  -- create/destroy --
+ *  nssCKFWFindObjects_Create
+ *  nssCKFWFindObjects_Destroy
+ *
+ *  -- public accessors --
+ *  NSSCKFWFindObjects_GetMDFindObjects
+ *
+ *  -- implement public accessors --
+ *  nssCKFWFindObjects_GetMDFindObjects
+ *
+ *  -- private accessors --
+ *
+ *  -- module fronts --
+ *  nssCKFWFindObjects_Next
+ */
+
+struct NSSCKFWFindObjectsStr {
+    NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
+    NSSCKMDFindObjects *mdfo1;
+    NSSCKMDFindObjects *mdfo2;
+    NSSCKFWSession *fwSession;
+    NSSCKMDSession *mdSession;
+    NSSCKFWToken *fwToken;
+    NSSCKMDToken *mdToken;
+    NSSCKFWInstance *fwInstance;
+    NSSCKMDInstance *mdInstance;
+
+    NSSCKMDFindObjects *mdFindObjects; /* varies */
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do these routines as no-ops.
+ */
+
+static CK_RV
+findObjects_add_pointer(
+    const NSSCKFWFindObjects *fwFindObjects)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+findObjects_remove_pointer(
+    const NSSCKFWFindObjects *fwFindObjects)
+{
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWFindObjects_verifyPointer(
+    const NSSCKFWFindObjects *fwFindObjects)
+{
+    return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWFindObjects_Create
+ *
+ */
+NSS_EXTERN NSSCKFWFindObjects *
+nssCKFWFindObjects_Create(
+    NSSCKFWSession *fwSession,
+    NSSCKFWToken *fwToken,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDFindObjects *mdFindObjects1,
+    NSSCKMDFindObjects *mdFindObjects2,
+    CK_RV *pError)
+{
+    NSSCKFWFindObjects *fwFindObjects = NULL;
+    NSSCKMDSession *mdSession;
+    NSSCKMDToken *mdToken;
+    NSSCKMDInstance *mdInstance;
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdToken = nssCKFWToken_GetMDToken(fwToken);
+    mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
+
+    fwFindObjects = nss_ZNEW(NULL, NSSCKFWFindObjects);
+    if (!fwFindObjects) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fwFindObjects->mdfo1 = mdFindObjects1;
+    fwFindObjects->mdfo2 = mdFindObjects2;
+    fwFindObjects->fwSession = fwSession;
+    fwFindObjects->mdSession = mdSession;
+    fwFindObjects->fwToken = fwToken;
+    fwFindObjects->mdToken = mdToken;
+    fwFindObjects->fwInstance = fwInstance;
+    fwFindObjects->mdInstance = mdInstance;
+
+    fwFindObjects->mutex = nssCKFWInstance_CreateMutex(fwInstance, NULL, pError);
+    if (!fwFindObjects->mutex) {
+        goto loser;
+    }
+
+#ifdef DEBUG
+    *pError = findObjects_add_pointer(fwFindObjects);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+#endif /* DEBUG */
+
+    return fwFindObjects;
+
+loser:
+    if (fwFindObjects) {
+        if (NULL != mdFindObjects1) {
+            if (NULL != mdFindObjects1->Final) {
+                fwFindObjects->mdFindObjects = mdFindObjects1;
+                mdFindObjects1->Final(mdFindObjects1, fwFindObjects, mdSession,
+                                      fwSession, mdToken, fwToken, mdInstance, fwInstance);
+            }
+        }
+
+        if (NULL != mdFindObjects2) {
+            if (NULL != mdFindObjects2->Final) {
+                fwFindObjects->mdFindObjects = mdFindObjects2;
+                mdFindObjects2->Final(mdFindObjects2, fwFindObjects, mdSession,
+                                      fwSession, mdToken, fwToken, mdInstance, fwInstance);
+            }
+        }
+
+        nss_ZFreeIf(fwFindObjects);
+    }
+
+    if (CKR_OK == *pError) {
+        *pError = CKR_GENERAL_ERROR;
+    }
+
+    return (NSSCKFWFindObjects *)NULL;
+}
+
+/*
+ * nssCKFWFindObjects_Destroy
+ *
+ */
+NSS_EXTERN void
+nssCKFWFindObjects_Destroy(
+    NSSCKFWFindObjects *fwFindObjects)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) {
+        return;
+    }
+#endif /* NSSDEBUG */
+
+    (void)nssCKFWMutex_Destroy(fwFindObjects->mutex);
+
+    if (fwFindObjects->mdfo1) {
+        if (fwFindObjects->mdfo1->Final) {
+            fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
+            fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
+                                        fwFindObjects->mdSession, fwFindObjects->fwSession,
+                                        fwFindObjects->mdToken, fwFindObjects->fwToken,
+                                        fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+        }
+    }
+
+    if (fwFindObjects->mdfo2) {
+        if (fwFindObjects->mdfo2->Final) {
+            fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
+            fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
+                                        fwFindObjects->mdSession, fwFindObjects->fwSession,
+                                        fwFindObjects->mdToken, fwFindObjects->fwToken,
+                                        fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+        }
+    }
+
+    nss_ZFreeIf(fwFindObjects);
+
+#ifdef DEBUG
+    (void)findObjects_remove_pointer(fwFindObjects);
+#endif /* DEBUG */
+
+    return;
+}
+
+/*
+ * nssCKFWFindObjects_GetMDFindObjects
+ *
+ */
+NSS_EXTERN NSSCKMDFindObjects *
+nssCKFWFindObjects_GetMDFindObjects(
+    NSSCKFWFindObjects *fwFindObjects)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) {
+        return (NSSCKMDFindObjects *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwFindObjects->mdFindObjects;
+}
+
+/*
+ * nssCKFWFindObjects_Next
+ *
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWFindObjects_Next(
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSArena *arenaOpt,
+    CK_RV *pError)
+{
+    NSSCKMDObject *mdObject;
+    NSSCKFWObject *fwObject = (NSSCKFWObject *)NULL;
+    NSSArena *objArena;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    *pError = nssCKFWFindObjects_verifyPointer(fwFindObjects);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = nssCKFWMutex_Lock(fwFindObjects->mutex);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    if (fwFindObjects->mdfo1) {
+        if (fwFindObjects->mdfo1->Next) {
+            fwFindObjects->mdFindObjects = fwFindObjects->mdfo1;
+            mdObject = fwFindObjects->mdfo1->Next(fwFindObjects->mdfo1,
+                                                  fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
+                                                  fwFindObjects->mdToken, fwFindObjects->fwToken,
+                                                  fwFindObjects->mdInstance, fwFindObjects->fwInstance,
+                                                  arenaOpt, pError);
+            if (!mdObject) {
+                if (CKR_OK != *pError) {
+                    goto done;
+                }
+
+                /* All done. */
+                fwFindObjects->mdfo1->Final(fwFindObjects->mdfo1, fwFindObjects,
+                                            fwFindObjects->mdSession, fwFindObjects->fwSession,
+                                            fwFindObjects->mdToken, fwFindObjects->fwToken,
+                                            fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+                fwFindObjects->mdfo1 = (NSSCKMDFindObjects *)NULL;
+            } else {
+                goto wrap;
+            }
+        }
+    }
+
+    if (fwFindObjects->mdfo2) {
+        if (fwFindObjects->mdfo2->Next) {
+            fwFindObjects->mdFindObjects = fwFindObjects->mdfo2;
+            mdObject = fwFindObjects->mdfo2->Next(fwFindObjects->mdfo2,
+                                                  fwFindObjects, fwFindObjects->mdSession, fwFindObjects->fwSession,
+                                                  fwFindObjects->mdToken, fwFindObjects->fwToken,
+                                                  fwFindObjects->mdInstance, fwFindObjects->fwInstance,
+                                                  arenaOpt, pError);
+            if (!mdObject) {
+                if (CKR_OK != *pError) {
+                    goto done;
+                }
+
+                /* All done. */
+                fwFindObjects->mdfo2->Final(fwFindObjects->mdfo2, fwFindObjects,
+                                            fwFindObjects->mdSession, fwFindObjects->fwSession,
+                                            fwFindObjects->mdToken, fwFindObjects->fwToken,
+                                            fwFindObjects->mdInstance, fwFindObjects->fwInstance);
+                fwFindObjects->mdfo2 = (NSSCKMDFindObjects *)NULL;
+            } else {
+                goto wrap;
+            }
+        }
+    }
+
+    /* No more objects */
+    *pError = CKR_OK;
+    goto done;
+
+wrap:
+    /*
+   * This seems is less than ideal-- we should determine if it's a token
+   * object or a session object, and use the appropriate arena.
+   * But that duplicates logic in nssCKFWObject_IsTokenObject.
+   * Also we should lookup the real session the object was created on
+   * if the object was a session object... however this code is actually
+   * correct because nssCKFWObject_Create will return a cached version of
+   * the object from it's hash. This is necessary because 1) we don't want
+   * to create an arena style leak (where our arena grows with every search),
+   * and 2) we want the same object to always have the same ID. This means
+   * the only case the nssCKFWObject_Create() will need the objArena and the
+   * Session is in the case of token objects (session objects should already
+   * exist in the cache from their initial creation). So this code is correct,
+   * but it depends on nssCKFWObject_Create caching all objects.
+   */
+    objArena = nssCKFWToken_GetArena(fwFindObjects->fwToken, pError);
+    if (!objArena) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_HOST_MEMORY;
+        }
+        goto done;
+    }
+
+    fwObject = nssCKFWObject_Create(objArena, mdObject,
+                                    NULL, fwFindObjects->fwToken,
+                                    fwFindObjects->fwInstance, pError);
+    if (!fwObject) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+    }
+
+done:
+    (void)nssCKFWMutex_Unlock(fwFindObjects->mutex);
+    return fwObject;
+}
+
+/*
+ * NSSCKFWFindObjects_GetMDFindObjects
+ *
+ */
+
+NSS_EXTERN NSSCKMDFindObjects *
+NSSCKFWFindObjects_GetMDFindObjects(
+    NSSCKFWFindObjects *fwFindObjects)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWFindObjects_verifyPointer(fwFindObjects)) {
+        return (NSSCKMDFindObjects *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWFindObjects_GetMDFindObjects(fwFindObjects);
+}
diff --git a/nss/lib/ckfw/hash.c b/nss/lib/ckfw/hash.c
new file mode 100644
index 0000000..50de4ce
--- /dev/null
+++ b/nss/lib/ckfw/hash.c
@@ -0,0 +1,280 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * hash.c
+ *
+ * This is merely a couple wrappers around NSPR's PLHashTable, using
+ * the identity hash and arena-aware allocators.  The reason I did
+ * this is that hash tables are used in a few places throughout the
+ * NSS Cryptoki Framework in a fairly stereotyped way, and this allows
+ * me to pull the commonalities into one place.  Should we ever want
+ * to change the implementation, it's all right here.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * nssCKFWHash
+ *
+ *  nssCKFWHash_Create
+ *  nssCKFWHash_Destroy
+ *  nssCKFWHash_Add
+ *  nssCKFWHash_Remove
+ *  nssCKFWHash_Count
+ *  nssCKFWHash_Exists
+ *  nssCKFWHash_Lookup
+ *  nssCKFWHash_Iterate
+ */
+
+struct nssCKFWHashStr {
+    NSSCKFWMutex *mutex;
+
+    /*
+     * The invariant that mutex protects is:
+     *   The count accurately reflects the hashtable state.
+     */
+
+    PLHashTable *plHashTable;
+    CK_ULONG count;
+};
+
+static PLHashNumber
+nss_ckfw_identity_hash(
+    const void *key)
+{
+    return (PLHashNumber)((char *)key - (char *)NULL);
+}
+
+/*
+ * nssCKFWHash_Create
+ *
+ */
+NSS_IMPLEMENT nssCKFWHash *
+nssCKFWHash_Create(
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    nssCKFWHash *rv;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (nssCKFWHash *)NULL;
+    }
+
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (nssCKFWHash *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    rv = nss_ZNEW(arena, nssCKFWHash);
+    if (!rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (nssCKFWHash *)NULL;
+    }
+
+    rv->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+    if (!rv->mutex) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        (void)nss_ZFreeIf(rv);
+        return (nssCKFWHash *)NULL;
+    }
+
+    rv->plHashTable = PL_NewHashTable(0, nss_ckfw_identity_hash,
+                                      PL_CompareValues, PL_CompareValues, &nssArenaHashAllocOps, arena);
+    if (!rv->plHashTable) {
+        (void)nssCKFWMutex_Destroy(rv->mutex);
+        (void)nss_ZFreeIf(rv);
+        *pError = CKR_HOST_MEMORY;
+        return (nssCKFWHash *)NULL;
+    }
+
+    rv->count = 0;
+
+    return rv;
+}
+
+/*
+ * nssCKFWHash_Destroy
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWHash_Destroy(
+    nssCKFWHash *hash)
+{
+    (void)nssCKFWMutex_Destroy(hash->mutex);
+    PL_HashTableDestroy(hash->plHashTable);
+    (void)nss_ZFreeIf(hash);
+}
+
+/*
+ * nssCKFWHash_Add
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWHash_Add(
+    nssCKFWHash *hash,
+    const void *key,
+    const void *value)
+{
+    CK_RV error = CKR_OK;
+    PLHashEntry *he;
+
+    error = nssCKFWMutex_Lock(hash->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
+    if (!he) {
+        error = CKR_HOST_MEMORY;
+    } else {
+        hash->count++;
+    }
+
+    (void)nssCKFWMutex_Unlock(hash->mutex);
+
+    return error;
+}
+
+/*
+ * nssCKFWHash_Remove
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWHash_Remove(
+    nssCKFWHash *hash,
+    const void *it)
+{
+    PRBool found;
+
+    if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+        return;
+    }
+
+    found = PL_HashTableRemove(hash->plHashTable, it);
+    if (found) {
+        hash->count--;
+    }
+
+    (void)nssCKFWMutex_Unlock(hash->mutex);
+    return;
+}
+
+/*
+ * nssCKFWHash_Count
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWHash_Count(
+    nssCKFWHash *hash)
+{
+    CK_ULONG count;
+
+    if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+        return (CK_ULONG)0;
+    }
+
+    count = hash->count;
+
+    (void)nssCKFWMutex_Unlock(hash->mutex);
+
+    return count;
+}
+
+/*
+ * nssCKFWHash_Exists
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWHash_Exists(
+    nssCKFWHash *hash,
+    const void *it)
+{
+    void *value;
+
+    if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+        return CK_FALSE;
+    }
+
+    value = PL_HashTableLookup(hash->plHashTable, it);
+
+    (void)nssCKFWMutex_Unlock(hash->mutex);
+
+    if (!value) {
+        return CK_FALSE;
+    } else {
+        return CK_TRUE;
+    }
+}
+
+/*
+ * nssCKFWHash_Lookup
+ *
+ */
+NSS_IMPLEMENT void *
+nssCKFWHash_Lookup(
+    nssCKFWHash *hash,
+    const void *it)
+{
+    void *rv;
+
+    if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+        return (void *)NULL;
+    }
+
+    rv = PL_HashTableLookup(hash->plHashTable, it);
+
+    (void)nssCKFWMutex_Unlock(hash->mutex);
+
+    return rv;
+}
+
+struct arg_str {
+    nssCKFWHashIterator fcn;
+    void *closure;
+};
+
+static PRIntn
+nss_ckfwhash_enumerator(
+    PLHashEntry *he,
+    PRIntn index,
+    void *arg)
+{
+    struct arg_str *as = (struct arg_str *)arg;
+    as->fcn(he->key, he->value, as->closure);
+    return HT_ENUMERATE_NEXT;
+}
+
+/*
+ * nssCKFWHash_Iterate
+ *
+ * NOTE that the iteration function will be called with the hashtable locked.
+ */
+NSS_IMPLEMENT void
+nssCKFWHash_Iterate(
+    nssCKFWHash *hash,
+    nssCKFWHashIterator fcn,
+    void *closure)
+{
+    struct arg_str as;
+    as.fcn = fcn;
+    as.closure = closure;
+
+    if (CKR_OK != nssCKFWMutex_Lock(hash->mutex)) {
+        return;
+    }
+
+    PL_HashTableEnumerateEntries(hash->plHashTable, nss_ckfwhash_enumerator, &as);
+
+    (void)nssCKFWMutex_Unlock(hash->mutex);
+
+    return;
+}
diff --git a/nss/lib/ckfw/instance.c b/nss/lib/ckfw/instance.c
new file mode 100644
index 0000000..cee56c9
--- /dev/null
+++ b/nss/lib/ckfw/instance.c
@@ -0,0 +1,1294 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * instance.c
+ *
+ * This file implements the NSSCKFWInstance type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWInstance
+ *
+ *  -- create/destroy --
+ *  nssCKFWInstance_Create
+ *  nssCKFWInstance_Destroy
+ *
+ *  -- public accessors --
+ *  NSSCKFWInstance_GetMDInstance
+ *  NSSCKFWInstance_GetArena
+ *  NSSCKFWInstance_MayCreatePthreads
+ *  NSSCKFWInstance_CreateMutex
+ *  NSSCKFWInstance_GetConfigurationData
+ *  NSSCKFWInstance_GetInitArgs
+ *  NSSCKFWInstance_DestroySessionHandle
+ *  NSSCKFWInstance_FindSessionHandle
+ *
+ *  -- implement public accessors --
+ *  nssCKFWInstance_GetMDInstance
+ *  nssCKFWInstance_GetArena
+ *  nssCKFWInstance_MayCreatePthreads
+ *  nssCKFWInstance_CreateMutex
+ *  nssCKFWInstance_GetConfigurationData
+ *  nssCKFWInstance_GetInitArgs
+ *  nssCKFWInstance_DestroySessionHandle
+ *  nssCKFWInstance_FindSessionHandle
+ *
+ *  -- private accessors --
+ *  nssCKFWInstance_CreateSessionHandle
+ *  nssCKFWInstance_ResolveSessionHandle
+ *  nssCKFWInstance_CreateObjectHandle
+ *  nssCKFWInstance_ResolveObjectHandle
+ *  nssCKFWInstance_DestroyObjectHandle
+ *
+ *  -- module fronts --
+ *  nssCKFWInstance_GetNSlots
+ *  nssCKFWInstance_GetCryptokiVersion
+ *  nssCKFWInstance_GetManufacturerID
+ *  nssCKFWInstance_GetFlags
+ *  nssCKFWInstance_GetLibraryDescription
+ *  nssCKFWInstance_GetLibraryVersion
+ *  nssCKFWInstance_GetModuleHandlesSessionObjects
+ *  nssCKFWInstance_GetSlots
+ *  nssCKFWInstance_WaitForSlotEvent
+ *
+ *  -- debugging versions only --
+ *  nssCKFWInstance_verifyPointer
+ */
+
+struct NSSCKFWInstanceStr {
+    NSSCKFWMutex *mutex;
+    NSSArena *arena;
+    NSSCKMDInstance *mdInstance;
+    CK_C_INITIALIZE_ARGS_PTR pInitArgs;
+    CK_C_INITIALIZE_ARGS initArgs;
+    CryptokiLockingState LockingState;
+    CK_BBOOL mayCreatePthreads;
+    NSSUTF8 *configurationData;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **fwSlotList;
+    NSSCKMDSlot **mdSlotList;
+    CK_BBOOL moduleHandlesSessionObjects;
+
+    /*
+     * Everything above is set at creation time, and then not modified.
+     * The invariants the mutex protects are:
+     *
+     *  1) Each of the cached descriptions (versions, etc.) are in an
+     *     internally consistant state.
+     *
+     *  2) The session handle hashes and count are consistant
+     *
+     *  3) The object handle hashes and count are consistant.
+     *
+     * I could use multiple locks, but let's wait to see if that's
+     * really necessary.
+     *
+     * Note that the calls accessing the cached descriptions will
+     * call the NSSCKMDInstance methods with the mutex locked.  Those
+     * methods may then call the public NSSCKFWInstance routines.
+     * Those public routines only access the constant data above, so
+     * there's no problem.  But be careful if you add to this object;
+     * mutexes are in general not reentrant, so don't create deadlock
+     * situations.
+     */
+
+    CK_VERSION cryptokiVersion;
+    NSSUTF8 *manufacturerID;
+    NSSUTF8 *libraryDescription;
+    CK_VERSION libraryVersion;
+
+    CK_ULONG lastSessionHandle;
+    nssCKFWHash *sessionHandleHash;
+
+    CK_ULONG lastObjectHandle;
+    nssCKFWHash *objectHandleHash;
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+instance_add_pointer(
+    const NSSCKFWInstance *fwInstance)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+instance_remove_pointer(
+    const NSSCKFWInstance *fwInstance)
+{
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWInstance_verifyPointer(
+    const NSSCKFWInstance *fwInstance)
+{
+    return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWInstance_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWInstance *
+nssCKFWInstance_Create(
+    CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+    CryptokiLockingState LockingState,
+    NSSCKMDInstance *mdInstance,
+    CK_RV *pError)
+{
+    NSSCKFWInstance *fwInstance;
+    NSSArena *arena = (NSSArena *)NULL;
+    CK_ULONG i;
+    CK_BBOOL called_Initialize = CK_FALSE;
+
+#ifdef NSSDEBUG
+    if ((CK_RV)NULL == pError) {
+        return (NSSCKFWInstance *)NULL;
+    }
+
+    if (!mdInstance) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSCKFWInstance *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    arena = NSSArena_Create();
+    if (!arena) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKFWInstance *)NULL;
+    }
+
+    fwInstance = nss_ZNEW(arena, NSSCKFWInstance);
+    if (!fwInstance) {
+        goto nomem;
+    }
+
+    fwInstance->arena = arena;
+    fwInstance->mdInstance = mdInstance;
+
+    fwInstance->LockingState = LockingState;
+    if ((CK_C_INITIALIZE_ARGS_PTR)NULL != pInitArgs) {
+        fwInstance->initArgs = *pInitArgs;
+        fwInstance->pInitArgs = &fwInstance->initArgs;
+        if (pInitArgs->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS) {
+            fwInstance->mayCreatePthreads = CK_FALSE;
+        } else {
+            fwInstance->mayCreatePthreads = CK_TRUE;
+        }
+        fwInstance->configurationData = (NSSUTF8 *)(pInitArgs->pReserved);
+    } else {
+        fwInstance->mayCreatePthreads = CK_TRUE;
+    }
+
+    fwInstance->mutex = nssCKFWMutex_Create(pInitArgs, LockingState, arena,
+                                            pError);
+    if (!fwInstance->mutex) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto loser;
+    }
+
+    if (mdInstance->Initialize) {
+        *pError = mdInstance->Initialize(mdInstance, fwInstance, fwInstance->configurationData);
+        if (CKR_OK != *pError) {
+            goto loser;
+        }
+
+        called_Initialize = CK_TRUE;
+    }
+
+    if (mdInstance->ModuleHandlesSessionObjects) {
+        fwInstance->moduleHandlesSessionObjects =
+            mdInstance->ModuleHandlesSessionObjects(mdInstance, fwInstance);
+    } else {
+        fwInstance->moduleHandlesSessionObjects = CK_FALSE;
+    }
+
+    if (!mdInstance->GetNSlots) {
+        /* That routine is required */
+        *pError = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    fwInstance->nSlots = mdInstance->GetNSlots(mdInstance, fwInstance, pError);
+    if ((CK_ULONG)0 == fwInstance->nSlots) {
+        if (CKR_OK == *pError) {
+            /* Zero is not a legitimate answer */
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto loser;
+    }
+
+    fwInstance->fwSlotList = nss_ZNEWARRAY(arena, NSSCKFWSlot *, fwInstance->nSlots);
+    if ((NSSCKFWSlot **)NULL == fwInstance->fwSlotList) {
+        goto nomem;
+    }
+
+    fwInstance->mdSlotList = nss_ZNEWARRAY(arena, NSSCKMDSlot *, fwInstance->nSlots);
+    if ((NSSCKMDSlot **)NULL == fwInstance->mdSlotList) {
+        goto nomem;
+    }
+
+    fwInstance->sessionHandleHash = nssCKFWHash_Create(fwInstance,
+                                                       fwInstance->arena, pError);
+    if (!fwInstance->sessionHandleHash) {
+        goto loser;
+    }
+
+    fwInstance->objectHandleHash = nssCKFWHash_Create(fwInstance,
+                                                      fwInstance->arena, pError);
+    if (!fwInstance->objectHandleHash) {
+        goto loser;
+    }
+
+    if (!mdInstance->GetSlots) {
+        /* That routine is required */
+        *pError = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    *pError = mdInstance->GetSlots(mdInstance, fwInstance, fwInstance->mdSlotList);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    for (i = 0; i < fwInstance->nSlots; i++) {
+        NSSCKMDSlot *mdSlot = fwInstance->mdSlotList[i];
+
+        if (!mdSlot) {
+            *pError = CKR_GENERAL_ERROR;
+            goto loser;
+        }
+
+        fwInstance->fwSlotList[i] = nssCKFWSlot_Create(fwInstance, mdSlot, i, pError);
+        if (CKR_OK != *pError) {
+            CK_ULONG j;
+
+            for (j = 0; j < i; j++) {
+                (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[j]);
+            }
+
+            for (j = i; j < fwInstance->nSlots; j++) {
+                NSSCKMDSlot *mds = fwInstance->mdSlotList[j];
+                if (mds->Destroy) {
+                    mds->Destroy(mds, (NSSCKFWSlot *)NULL, mdInstance, fwInstance);
+                }
+            }
+
+            goto loser;
+        }
+    }
+
+#ifdef DEBUG
+    *pError = instance_add_pointer(fwInstance);
+    if (CKR_OK != *pError) {
+        for (i = 0; i < fwInstance->nSlots; i++) {
+            (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
+        }
+
+        goto loser;
+    }
+#endif /* DEBUG */
+
+    *pError = CKR_OK;
+    return fwInstance;
+
+nomem:
+    *pError = CKR_HOST_MEMORY;
+/*FALLTHROUGH*/
+loser:
+
+    if (CK_TRUE == called_Initialize) {
+        if (mdInstance->Finalize) {
+            mdInstance->Finalize(mdInstance, fwInstance);
+        }
+    }
+
+    if (fwInstance && fwInstance->mutex) {
+        nssCKFWMutex_Destroy(fwInstance->mutex);
+    }
+
+    if (arena) {
+        (void)NSSArena_Destroy(arena);
+    }
+    return (NSSCKFWInstance *)NULL;
+}
+
+/*
+ * nssCKFWInstance_Destroy
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWInstance_Destroy(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+#endif /* NSSDEBUG */
+    CK_ULONG i;
+
+#ifdef NSSDEBUG
+    error = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    nssCKFWMutex_Destroy(fwInstance->mutex);
+
+    for (i = 0; i < fwInstance->nSlots; i++) {
+        (void)nssCKFWSlot_Destroy(fwInstance->fwSlotList[i]);
+    }
+
+    if (fwInstance->mdInstance->Finalize) {
+        fwInstance->mdInstance->Finalize(fwInstance->mdInstance, fwInstance);
+    }
+
+    if (fwInstance->sessionHandleHash) {
+        nssCKFWHash_Destroy(fwInstance->sessionHandleHash);
+    }
+
+    if (fwInstance->objectHandleHash) {
+        nssCKFWHash_Destroy(fwInstance->objectHandleHash);
+    }
+
+#ifdef DEBUG
+    (void)instance_remove_pointer(fwInstance);
+#endif /* DEBUG */
+
+    (void)NSSArena_Destroy(fwInstance->arena);
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWInstance_GetMDInstance
+ *
+ */
+NSS_IMPLEMENT NSSCKMDInstance *
+nssCKFWInstance_GetMDInstance(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (NSSCKMDInstance *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwInstance->mdInstance;
+}
+
+/*
+ * nssCKFWInstance_GetArena
+ *
+ */
+NSS_IMPLEMENT NSSArena *
+nssCKFWInstance_GetArena(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (NSSArena *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = CKR_OK;
+    return fwInstance->arena;
+}
+
+/*
+ * nssCKFWInstance_MayCreatePthreads
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWInstance_MayCreatePthreads(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    return fwInstance->mayCreatePthreads;
+}
+
+/*
+ * nssCKFWInstance_CreateMutex
+ *
+ */
+NSS_IMPLEMENT NSSCKFWMutex *
+nssCKFWInstance_CreateMutex(
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    NSSCKFWMutex *mutex;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWMutex *)NULL;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWMutex *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    mutex = nssCKFWMutex_Create(fwInstance->pInitArgs, fwInstance->LockingState,
+                                arena, pError);
+    if (!mutex) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+
+        return (NSSCKFWMutex *)NULL;
+    }
+
+    return mutex;
+}
+
+/*
+ * nssCKFWInstance_GetConfigurationData
+ *
+ */
+NSS_IMPLEMENT NSSUTF8 *
+nssCKFWInstance_GetConfigurationData(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (NSSUTF8 *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwInstance->configurationData;
+}
+
+/*
+ * nssCKFWInstance_GetInitArgs
+ *
+ */
+CK_C_INITIALIZE_ARGS_PTR
+nssCKFWInstance_GetInitArgs(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (CK_C_INITIALIZE_ARGS_PTR)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwInstance->pInitArgs;
+}
+
+/*
+ * nssCKFWInstance_CreateSessionHandle
+ *
+ */
+NSS_IMPLEMENT CK_SESSION_HANDLE
+nssCKFWInstance_CreateSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+    CK_SESSION_HANDLE hSession;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (CK_SESSION_HANDLE)0;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (CK_SESSION_HANDLE)0;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = nssCKFWMutex_Lock(fwInstance->mutex);
+    if (CKR_OK != *pError) {
+        return (CK_SESSION_HANDLE)0;
+    }
+
+    hSession = ++(fwInstance->lastSessionHandle);
+
+    /* Alan would say I should unlock for this call. */
+
+    *pError = nssCKFWSession_SetHandle(fwSession, hSession);
+    if (CKR_OK != *pError) {
+        goto done;
+    }
+
+    *pError = nssCKFWHash_Add(fwInstance->sessionHandleHash,
+                              (const void *)hSession, (const void *)fwSession);
+    if (CKR_OK != *pError) {
+        hSession = (CK_SESSION_HANDLE)0;
+        goto done;
+    }
+
+done:
+    nssCKFWMutex_Unlock(fwInstance->mutex);
+    return hSession;
+}
+
+/*
+ * nssCKFWInstance_ResolveSessionHandle
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSession *
+nssCKFWInstance_ResolveSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    NSSCKFWSession *fwSession;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (NSSCKFWSession *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+        return (NSSCKFWSession *)NULL;
+    }
+
+    fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
+        fwInstance->sessionHandleHash, (const void *)hSession);
+
+    /* Assert(hSession == nssCKFWSession_GetHandle(fwSession)) */
+
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+
+    return fwSession;
+}
+
+/*
+ * nssCKFWInstance_DestroySessionHandle
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWInstance_DestroySessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    NSSCKFWSession *fwSession;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+        return;
+    }
+
+    fwSession = (NSSCKFWSession *)nssCKFWHash_Lookup(
+        fwInstance->sessionHandleHash, (const void *)hSession);
+    if (fwSession) {
+        nssCKFWHash_Remove(fwInstance->sessionHandleHash, (const void *)hSession);
+        nssCKFWSession_SetHandle(fwSession, (CK_SESSION_HANDLE)0);
+    }
+
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+
+    return;
+}
+
+/*
+ * nssCKFWInstance_FindSessionHandle
+ *
+ */
+NSS_IMPLEMENT CK_SESSION_HANDLE
+nssCKFWInstance_FindSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (CK_SESSION_HANDLE)0;
+    }
+
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return (CK_SESSION_HANDLE)0;
+    }
+#endif /* NSSDEBUG */
+
+    return nssCKFWSession_GetHandle(fwSession);
+    /* look it up and assert? */
+}
+
+/*
+ * nssCKFWInstance_CreateObjectHandle
+ *
+ */
+NSS_IMPLEMENT CK_OBJECT_HANDLE
+nssCKFWInstance_CreateObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWObject *fwObject,
+    CK_RV *pError)
+{
+    CK_OBJECT_HANDLE hObject;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (CK_OBJECT_HANDLE)0;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (CK_OBJECT_HANDLE)0;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = nssCKFWMutex_Lock(fwInstance->mutex);
+    if (CKR_OK != *pError) {
+        return (CK_OBJECT_HANDLE)0;
+    }
+
+    hObject = ++(fwInstance->lastObjectHandle);
+
+    *pError = nssCKFWObject_SetHandle(fwObject, hObject);
+    if (CKR_OK != *pError) {
+        hObject = (CK_OBJECT_HANDLE)0;
+        goto done;
+    }
+
+    *pError = nssCKFWHash_Add(fwInstance->objectHandleHash,
+                              (const void *)hObject, (const void *)fwObject);
+    if (CKR_OK != *pError) {
+        hObject = (CK_OBJECT_HANDLE)0;
+        goto done;
+    }
+
+done:
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return hObject;
+}
+
+/*
+ * nssCKFWInstance_ResolveObjectHandle
+ *
+ */
+NSS_IMPLEMENT NSSCKFWObject *
+nssCKFWInstance_ResolveObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject)
+{
+    NSSCKFWObject *fwObject;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (NSSCKFWObject *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
+        fwInstance->objectHandleHash, (const void *)hObject);
+
+    /* Assert(hObject == nssCKFWObject_GetHandle(fwObject)) */
+
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return fwObject;
+}
+
+/*
+ * nssCKFWInstance_ReassignObjectHandle
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWInstance_ReassignObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject,
+    NSSCKFWObject *fwObject)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWObject *oldObject;
+
+#ifdef NSSDEBUG
+    error = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwInstance->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    oldObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
+        fwInstance->objectHandleHash, (const void *)hObject);
+    if (oldObject) {
+        /* Assert(hObject == nssCKFWObject_GetHandle(oldObject) */
+        (void)nssCKFWObject_SetHandle(oldObject, (CK_SESSION_HANDLE)0);
+        nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
+    }
+
+    error = nssCKFWObject_SetHandle(fwObject, hObject);
+    if (CKR_OK != error) {
+        goto done;
+    }
+    error = nssCKFWHash_Add(fwInstance->objectHandleHash,
+                            (const void *)hObject, (const void *)fwObject);
+
+done:
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWInstance_DestroyObjectHandle
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWInstance_DestroyObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_OBJECT_HANDLE hObject)
+{
+    NSSCKFWObject *fwObject;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+        return;
+    }
+
+    fwObject = (NSSCKFWObject *)nssCKFWHash_Lookup(
+        fwInstance->objectHandleHash, (const void *)hObject);
+    if (fwObject) {
+        /* Assert(hObject = nssCKFWObject_GetHandle(fwObject)) */
+        nssCKFWHash_Remove(fwInstance->objectHandleHash, (const void *)hObject);
+        (void)nssCKFWObject_SetHandle(fwObject, (CK_SESSION_HANDLE)0);
+    }
+
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return;
+}
+
+/*
+ * nssCKFWInstance_FindObjectHandle
+ *
+ */
+NSS_IMPLEMENT CK_OBJECT_HANDLE
+nssCKFWInstance_FindObjectHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWObject *fwObject)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (CK_OBJECT_HANDLE)0;
+    }
+
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return (CK_OBJECT_HANDLE)0;
+    }
+#endif /* NSSDEBUG */
+
+    return nssCKFWObject_GetHandle(fwObject);
+}
+
+/*
+ * nssCKFWInstance_GetNSlots
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWInstance_GetNSlots(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = CKR_OK;
+    return fwInstance->nSlots;
+}
+
+/*
+ * nssCKFWInstance_GetCryptokiVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWInstance_GetCryptokiVersion(
+    NSSCKFWInstance *fwInstance)
+{
+    CK_VERSION rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+
+    if ((0 != fwInstance->cryptokiVersion.major) ||
+        (0 != fwInstance->cryptokiVersion.minor)) {
+        rv = fwInstance->cryptokiVersion;
+        goto done;
+    }
+
+    if (fwInstance->mdInstance->GetCryptokiVersion) {
+        fwInstance->cryptokiVersion = fwInstance->mdInstance->GetCryptokiVersion(
+            fwInstance->mdInstance, fwInstance);
+    } else {
+        fwInstance->cryptokiVersion.major = 2;
+        fwInstance->cryptokiVersion.minor = 1;
+    }
+
+    rv = fwInstance->cryptokiVersion;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWInstance_GetManufacturerID
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWInstance_GetManufacturerID(
+    NSSCKFWInstance *fwInstance,
+    CK_CHAR manufacturerID[32])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == manufacturerID) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwInstance->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwInstance->manufacturerID) {
+        if (fwInstance->mdInstance->GetManufacturerID) {
+            fwInstance->manufacturerID = fwInstance->mdInstance->GetManufacturerID(
+                fwInstance->mdInstance, fwInstance, &error);
+            if ((!fwInstance->manufacturerID) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwInstance->manufacturerID = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->manufacturerID, (char *)manufacturerID, 32, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWInstance_GetFlags
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWInstance_GetFlags(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    /* No "instance flags" are yet defined by Cryptoki. */
+    return (CK_ULONG)0;
+}
+
+/*
+ * nssCKFWInstance_GetLibraryDescription
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWInstance_GetLibraryDescription(
+    NSSCKFWInstance *fwInstance,
+    CK_CHAR libraryDescription[32])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == libraryDescription) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwInstance->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwInstance->libraryDescription) {
+        if (fwInstance->mdInstance->GetLibraryDescription) {
+            fwInstance->libraryDescription = fwInstance->mdInstance->GetLibraryDescription(
+                fwInstance->mdInstance, fwInstance, &error);
+            if ((!fwInstance->libraryDescription) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwInstance->libraryDescription = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwInstance->libraryDescription, (char *)libraryDescription, 32, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWInstance_GetLibraryVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWInstance_GetLibraryVersion(
+    NSSCKFWInstance *fwInstance)
+{
+    CK_VERSION rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwInstance->mutex)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+
+    if ((0 != fwInstance->libraryVersion.major) ||
+        (0 != fwInstance->libraryVersion.minor)) {
+        rv = fwInstance->libraryVersion;
+        goto done;
+    }
+
+    if (fwInstance->mdInstance->GetLibraryVersion) {
+        fwInstance->libraryVersion = fwInstance->mdInstance->GetLibraryVersion(
+            fwInstance->mdInstance, fwInstance);
+    } else {
+        fwInstance->libraryVersion.major = 0;
+        fwInstance->libraryVersion.minor = 3;
+    }
+
+    rv = fwInstance->libraryVersion;
+done:
+    (void)nssCKFWMutex_Unlock(fwInstance->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWInstance_GetModuleHandlesSessionObjects
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWInstance_GetModuleHandlesSessionObjects(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    return fwInstance->moduleHandlesSessionObjects;
+}
+
+/*
+ * nssCKFWInstance_GetSlots
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSlot **
+nssCKFWInstance_GetSlots(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWSlot **)NULL;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWSlot **)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwInstance->fwSlotList;
+}
+
+/*
+ * nssCKFWInstance_WaitForSlotEvent
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSlot *
+nssCKFWInstance_WaitForSlotEvent(
+    NSSCKFWInstance *fwInstance,
+    CK_BBOOL block,
+    CK_RV *pError)
+{
+    NSSCKFWSlot *fwSlot = (NSSCKFWSlot *)NULL;
+    NSSCKMDSlot *mdSlot;
+    CK_ULONG i, n;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    switch (block) {
+        case CK_TRUE:
+        case CK_FALSE:
+            break;
+        default:
+            *pError = CKR_ARGUMENTS_BAD;
+            return (NSSCKFWSlot *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwInstance->mdInstance->WaitForSlotEvent) {
+        *pError = CKR_NO_EVENT;
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    mdSlot = fwInstance->mdInstance->WaitForSlotEvent(
+        fwInstance->mdInstance,
+        fwInstance,
+        block,
+        pError);
+
+    if (!mdSlot) {
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    n = nssCKFWInstance_GetNSlots(fwInstance, pError);
+    if (((CK_ULONG)0 == n) && (CKR_OK != *pError)) {
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    for (i = 0; i < n; i++) {
+        if (fwInstance->mdSlotList[i] == mdSlot) {
+            fwSlot = fwInstance->fwSlotList[i];
+            break;
+        }
+    }
+
+    if (!fwSlot) {
+        /* Internal error */
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    return fwSlot;
+}
+
+/*
+ * NSSCKFWInstance_GetMDInstance
+ *
+ */
+NSS_IMPLEMENT NSSCKMDInstance *
+NSSCKFWInstance_GetMDInstance(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (NSSCKMDInstance *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWInstance_GetMDInstance(fwInstance);
+}
+
+/*
+ * NSSCKFWInstance_GetArena
+ *
+ */
+NSS_IMPLEMENT NSSArena *
+NSSCKFWInstance_GetArena(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (NSSArena *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWInstance_GetArena(fwInstance, pError);
+}
+
+/*
+ * NSSCKFWInstance_MayCreatePthreads
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+NSSCKFWInstance_MayCreatePthreads(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return CK_FALSE;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWInstance_MayCreatePthreads(fwInstance);
+}
+
+/*
+ * NSSCKFWInstance_CreateMutex
+ *
+ */
+NSS_IMPLEMENT NSSCKFWMutex *
+NSSCKFWInstance_CreateMutex(
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (NSSCKFWMutex *)NULL;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWMutex *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+}
+
+/*
+ * NSSCKFWInstance_GetConfigurationData
+ *
+ */
+NSS_IMPLEMENT NSSUTF8 *
+NSSCKFWInstance_GetConfigurationData(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (NSSUTF8 *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWInstance_GetConfigurationData(fwInstance);
+}
+
+/*
+ * NSSCKFWInstance_GetInitArgs
+ *
+ */
+NSS_IMPLEMENT CK_C_INITIALIZE_ARGS_PTR
+NSSCKFWInstance_GetInitArgs(
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWInstance_verifyPointer(fwInstance)) {
+        return (CK_C_INITIALIZE_ARGS_PTR)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWInstance_GetInitArgs(fwInstance);
+}
+
+/*
+ * nssCKFWInstance_DestroySessionHandle
+ *
+ */
+NSS_IMPLEMENT void
+NSSCKFWInstance_DestroySessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
+}
+
+/*
+ * nssCKFWInstance_FindSessionHandle
+ *
+ */
+NSS_IMPLEMENT CK_SESSION_HANDLE
+NSSCKFWInstance_FindSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession)
+{
+    return nssCKFWInstance_FindSessionHandle(fwInstance, fwSession);
+}
diff --git a/nss/lib/ckfw/manifest.mn b/nss/lib/ckfw/manifest.mn
new file mode 100644
index 0000000..20bebeb
--- /dev/null
+++ b/nss/lib/ckfw/manifest.mn
@@ -0,0 +1,53 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+DIRS = builtins 
+
+PRIVATE_EXPORTS = \
+	ck.h		  \
+	ckfw.h		  \
+	ckfwm.h		  \
+	ckfwtm.h	  \
+	ckmd.h		  \
+	ckt.h		  \
+	$(NULL)
+
+EXPORTS =	   \
+	nssck.api  \
+	nssckepv.h \
+	nssckft.h  \
+	nssckfw.h  \
+	nssckfwc.h \
+	nssckfwt.h \
+	nssckg.h   \
+	nssckmdt.h \
+	nssckt.h   \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS =		   \
+	crypto.c   \
+	find.c	   \
+	hash.c	   \
+	instance.c \
+	mutex.c	   \
+	object.c   \
+	session.c  \
+	sessobj.c  \
+	slot.c	   \
+	token.c	   \
+	wrap.c	   \
+	mechanism.c \
+	$(NULL)
+
+REQUIRES = nspr
+
+LIBRARY_NAME = nssckfw
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/ckfw/mechanism.c b/nss/lib/ckfw/mechanism.c
new file mode 100644
index 0000000..fe20aa9
--- /dev/null
+++ b/nss/lib/ckfw/mechanism.c
@@ -0,0 +1,1102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * mechanism.c
+ *
+ * This file implements the NSSCKFWMechanism type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWMechanism
+ *
+ *  -- create/destroy --
+ *  nssCKFWMechanism_Create
+ *  nssCKFWMechanism_Destroy
+ *
+ *  -- implement public accessors --
+ *  nssCKFWMechanism_GetMDMechanism
+ *  nssCKFWMechanism_GetParameter
+ *
+ *  -- private accessors --
+ *
+ *  -- module fronts --
+ *  nssCKFWMechanism_GetMinKeySize
+ *  nssCKFWMechanism_GetMaxKeySize
+ *  nssCKFWMechanism_GetInHardware
+ *  nssCKFWMechanism_GetCanEncrypt
+ *  nssCKFWMechanism_GetCanDecrypt
+ *  nssCKFWMechanism_GetCanDigest
+ *  nssCKFWMechanism_GetCanSign
+ *  nssCKFWMechanism_GetCanSignRecover
+ *  nssCKFWMechanism_GetCanVerify
+ *  nssCKFWMechanism_GetCanGenerate
+ *  nssCKFWMechanism_GetCanGenerateKeyPair
+ *  nssCKFWMechanism_GetCanUnwrap
+ *  nssCKFWMechanism_GetCanWrap
+ *  nssCKFWMechanism_GetCanDerive
+ *  nssCKFWMechanism_EncryptInit
+ *  nssCKFWMechanism_DecryptInit
+ *  nssCKFWMechanism_DigestInit
+ *  nssCKFWMechanism_SignInit
+ *  nssCKFWMechanism_VerifyInit
+ *  nssCKFWMechanism_SignRecoverInit
+ *  nssCKFWMechanism_VerifyRecoverInit
+ *  nssCKFWMechanism_GenerateKey
+ *  nssCKFWMechanism_GenerateKeyPair
+ *  nssCKFWMechanism_GetWrapKeyLength
+ *  nssCKFWMechanism_WrapKey
+ *  nssCKFWMechanism_UnwrapKey
+ *  nssCKFWMechanism_DeriveKey
+ */
+
+struct NSSCKFWMechanismStr {
+    NSSCKMDMechanism *mdMechanism;
+    NSSCKMDToken *mdToken;
+    NSSCKFWToken *fwToken;
+    NSSCKMDInstance *mdInstance;
+    NSSCKFWInstance *fwInstance;
+};
+
+/*
+ * nssCKFWMechanism_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWMechanism *
+nssCKFWMechanism_Create(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    NSSCKFWMechanism *fwMechanism;
+
+    fwMechanism = nss_ZNEW(NULL, NSSCKFWMechanism);
+    if (!fwMechanism) {
+        return (NSSCKFWMechanism *)NULL;
+    }
+    fwMechanism->mdMechanism = mdMechanism;
+    fwMechanism->mdToken = mdToken;
+    fwMechanism->fwToken = fwToken;
+    fwMechanism->mdInstance = mdInstance;
+    fwMechanism->fwInstance = fwInstance;
+    return fwMechanism;
+}
+
+/*
+ * nssCKFWMechanism_Destroy
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWMechanism_Destroy(
+    NSSCKFWMechanism *fwMechanism)
+{
+    /* destroy any fw resources held by nssCKFWMechanism (currently none) */
+
+    if (fwMechanism->mdMechanism->Destroy) {
+        /* destroys it's parent as well */
+        fwMechanism->mdMechanism->Destroy(
+            fwMechanism->mdMechanism,
+            fwMechanism,
+            fwMechanism->mdInstance,
+            fwMechanism->fwInstance);
+    }
+    /* if the Destroy function wasn't supplied, then the mechanism is 'static',
+     * and there is nothing to destroy */
+    return;
+}
+
+/*
+ * nssCKFWMechanism_GetMDMechanism
+ *
+ */
+NSS_IMPLEMENT NSSCKMDMechanism *
+nssCKFWMechanism_GetMDMechanism(
+    NSSCKFWMechanism *fwMechanism)
+{
+    return fwMechanism->mdMechanism;
+}
+
+/*
+ * nssCKFWMechanism_GetMinKeySize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWMechanism_GetMinKeySize(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->GetMinKeySize) {
+        return 0;
+    }
+
+    return fwMechanism->mdMechanism->GetMinKeySize(fwMechanism->mdMechanism,
+                                                   fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                   fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+}
+
+/*
+ * nssCKFWMechanism_GetMaxKeySize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWMechanism_GetMaxKeySize(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->GetMaxKeySize) {
+        return 0;
+    }
+
+    return fwMechanism->mdMechanism->GetMaxKeySize(fwMechanism->mdMechanism,
+                                                   fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                   fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+}
+
+/*
+ * nssCKFWMechanism_GetInHardware
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWMechanism_GetInHardware(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->GetInHardware) {
+        return CK_FALSE;
+    }
+
+    return fwMechanism->mdMechanism->GetInHardware(fwMechanism->mdMechanism,
+                                                   fwMechanism, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                   fwMechanism->mdInstance, fwMechanism->fwInstance, pError);
+}
+
+/*
+ * the following are determined automatically by which of the cryptographic
+ * functions are defined for this mechanism.
+ */
+/*
+ * nssCKFWMechanism_GetCanEncrypt
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanEncrypt(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->EncryptInit) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanDecrypt
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDecrypt(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->DecryptInit) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanDigest
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDigest(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->DigestInit) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanSign
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanSign(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->SignInit) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanSignRecover
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanSignRecover(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->SignRecoverInit) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanVerify
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanVerify(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->VerifyInit) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanVerifyRecover
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanVerifyRecover(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanGenerate
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanGenerate(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->GenerateKey) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanGenerateKeyPair
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanGenerateKeyPair(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->GenerateKeyPair) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanUnwrap
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanUnwrap(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->UnwrapKey) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanWrap
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanWrap(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->WrapKey) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * nssCKFWMechanism_GetCanDerive
+ *
+ */
+NSS_EXTERN CK_BBOOL
+nssCKFWMechanism_GetCanDerive(
+    NSSCKFWMechanism *fwMechanism,
+    CK_RV *pError)
+{
+    if (!fwMechanism->mdMechanism->DeriveKey) {
+        return CK_FALSE;
+    }
+    return CK_TRUE;
+}
+
+/*
+ * These are the actual crypto operations
+ */
+
+/*
+ * nssCKFWMechanism_EncryptInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_EncryptInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    CK_RV error = CKR_OK;
+
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_EncryptDecrypt);
+    if (fwOperation) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    if (!fwMechanism->mdMechanism->EncryptInit) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdObject = nssCKFWObject_GetMDObject(fwObject);
+    mdOperation = fwMechanism->mdMechanism->EncryptInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error);
+    if (!mdOperation) {
+        goto loser;
+    }
+
+    fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+                                                mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                fwMechanism->mdInstance, fwMechanism->fwInstance,
+                                                NSSCKFWCryptoOperationType_Encrypt, &error);
+    if (fwOperation) {
+        nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                                                 NSSCKFWCryptoOperationState_EncryptDecrypt);
+    }
+
+loser:
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_DecryptInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_DecryptInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    CK_RV error = CKR_OK;
+
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_EncryptDecrypt);
+    if (fwOperation) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    if (!fwMechanism->mdMechanism->DecryptInit) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdObject = nssCKFWObject_GetMDObject(fwObject);
+    mdOperation = fwMechanism->mdMechanism->DecryptInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error);
+    if (!mdOperation) {
+        goto loser;
+    }
+
+    fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+                                                mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                fwMechanism->mdInstance, fwMechanism->fwInstance,
+                                                NSSCKFWCryptoOperationType_Decrypt, &error);
+    if (fwOperation) {
+        nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                                                 NSSCKFWCryptoOperationState_EncryptDecrypt);
+    }
+
+loser:
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_DigestInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_DigestInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    CK_RV error = CKR_OK;
+
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_Digest);
+    if (fwOperation) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    if (!fwMechanism->mdMechanism->DigestInit) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdOperation = fwMechanism->mdMechanism->DigestInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        &error);
+    if (!mdOperation) {
+        goto loser;
+    }
+
+    fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+                                                mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                fwMechanism->mdInstance, fwMechanism->fwInstance,
+                                                NSSCKFWCryptoOperationType_Digest, &error);
+    if (fwOperation) {
+        nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                                                 NSSCKFWCryptoOperationState_Digest);
+    }
+
+loser:
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_SignInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_SignInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    CK_RV error = CKR_OK;
+
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_SignVerify);
+    if (fwOperation) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    if (!fwMechanism->mdMechanism->SignInit) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdObject = nssCKFWObject_GetMDObject(fwObject);
+    mdOperation = fwMechanism->mdMechanism->SignInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error);
+    if (!mdOperation) {
+        goto loser;
+    }
+
+    fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+                                                mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                fwMechanism->mdInstance, fwMechanism->fwInstance,
+                                                NSSCKFWCryptoOperationType_Sign, &error);
+    if (fwOperation) {
+        nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                                                 NSSCKFWCryptoOperationState_SignVerify);
+    }
+
+loser:
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_VerifyInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_VerifyInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    CK_RV error = CKR_OK;
+
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_SignVerify);
+    if (fwOperation) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    if (!fwMechanism->mdMechanism->VerifyInit) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdObject = nssCKFWObject_GetMDObject(fwObject);
+    mdOperation = fwMechanism->mdMechanism->VerifyInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error);
+    if (!mdOperation) {
+        goto loser;
+    }
+
+    fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+                                                mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                fwMechanism->mdInstance, fwMechanism->fwInstance,
+                                                NSSCKFWCryptoOperationType_Verify, &error);
+    if (fwOperation) {
+        nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                                                 NSSCKFWCryptoOperationState_SignVerify);
+    }
+
+loser:
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_SignRecoverInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_SignRecoverInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    CK_RV error = CKR_OK;
+
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_SignVerify);
+    if (fwOperation) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    if (!fwMechanism->mdMechanism->SignRecoverInit) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdObject = nssCKFWObject_GetMDObject(fwObject);
+    mdOperation = fwMechanism->mdMechanism->SignRecoverInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error);
+    if (!mdOperation) {
+        goto loser;
+    }
+
+    fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+                                                mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                fwMechanism->mdInstance, fwMechanism->fwInstance,
+                                                NSSCKFWCryptoOperationType_SignRecover, &error);
+    if (fwOperation) {
+        nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                                                 NSSCKFWCryptoOperationState_SignVerify);
+    }
+
+loser:
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_VerifyRecoverInit
+ *  Start an encryption session.
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_VerifyRecoverInit(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKMDCryptoOperation *mdOperation;
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    CK_RV error = CKR_OK;
+
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_SignVerify);
+    if (fwOperation) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    if (!fwMechanism->mdMechanism->VerifyRecoverInit) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdObject = nssCKFWObject_GetMDObject(fwObject);
+    mdOperation = fwMechanism->mdMechanism->VerifyRecoverInit(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdObject,
+        fwObject,
+        &error);
+    if (!mdOperation) {
+        goto loser;
+    }
+
+    fwOperation = nssCKFWCryptoOperation_Create(mdOperation,
+                                                mdSession, fwSession, fwMechanism->mdToken, fwMechanism->fwToken,
+                                                fwMechanism->mdInstance, fwMechanism->fwInstance,
+                                                NSSCKFWCryptoOperationType_VerifyRecover, &error);
+    if (fwOperation) {
+        nssCKFWSession_SetCurrentCryptoOperation(fwSession, fwOperation,
+                                                 NSSCKFWCryptoOperationState_SignVerify);
+    }
+
+loser:
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_GenerateKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_GenerateKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    NSSCKFWObject *fwObject = NULL;
+    NSSArena *arena;
+
+    if (!fwMechanism->mdMechanism->GenerateKey) {
+        *pError = CKR_FUNCTION_FAILED;
+        return (NSSCKFWObject *)NULL;
+    }
+
+    arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+    if (!arena) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        return (NSSCKFWObject *)NULL;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdObject = fwMechanism->mdMechanism->GenerateKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        pTemplate,
+        ulAttributeCount,
+        pError);
+
+    if (!mdObject) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    fwObject = nssCKFWObject_Create(arena, mdObject,
+                                    fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+
+    return fwObject;
+}
+
+/*
+ * nssCKFWMechanism_GenerateKeyPair
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_GenerateKeyPair(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount,
+    CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount,
+    NSSCKFWObject **fwPublicKeyObject,
+    NSSCKFWObject **fwPrivateKeyObject)
+{
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdPublicKeyObject;
+    NSSCKMDObject *mdPrivateKeyObject;
+    NSSArena *arena;
+    CK_RV error = CKR_OK;
+
+    if (!fwMechanism->mdMechanism->GenerateKeyPair) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    arena = nssCKFWToken_GetArena(fwMechanism->fwToken, &error);
+    if (!arena) {
+        if (CKR_OK == error) {
+            error = CKR_GENERAL_ERROR;
+        }
+        return error;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    error = fwMechanism->mdMechanism->GenerateKeyPair(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        pPublicKeyTemplate,
+        ulPublicKeyAttributeCount,
+        pPrivateKeyTemplate,
+        ulPrivateKeyAttributeCount,
+        &mdPublicKeyObject,
+        &mdPrivateKeyObject);
+
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    *fwPublicKeyObject = nssCKFWObject_Create(arena, mdPublicKeyObject,
+                                              fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
+    if (!*fwPublicKeyObject) {
+        return error;
+    }
+    *fwPrivateKeyObject = nssCKFWObject_Create(arena, mdPrivateKeyObject,
+                                               fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, &error);
+
+    return error;
+}
+
+/*
+ * nssCKFWMechanism_GetWrapKeyLength
+ */
+NSS_EXTERN CK_ULONG
+nssCKFWMechanism_GetWrapKeyLength(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwWrappingKeyObject,
+    NSSCKFWObject *fwKeyObject,
+    CK_RV *pError)
+{
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdWrappingKeyObject;
+    NSSCKMDObject *mdKeyObject;
+
+    if (!fwMechanism->mdMechanism->WrapKey) {
+        *pError = CKR_FUNCTION_FAILED;
+        return (CK_ULONG)0;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+    mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
+    return fwMechanism->mdMechanism->GetWrapKeyLength(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdWrappingKeyObject,
+        fwWrappingKeyObject,
+        mdKeyObject,
+        fwKeyObject,
+        pError);
+}
+
+/*
+ * nssCKFWMechanism_WrapKey
+ */
+NSS_EXTERN CK_RV
+nssCKFWMechanism_WrapKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwWrappingKeyObject,
+    NSSCKFWObject *fwKeyObject,
+    NSSItem *wrappedKey)
+{
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdWrappingKeyObject;
+    NSSCKMDObject *mdKeyObject;
+
+    if (!fwMechanism->mdMechanism->WrapKey) {
+        return CKR_FUNCTION_FAILED;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+    mdKeyObject = nssCKFWObject_GetMDObject(fwKeyObject);
+    return fwMechanism->mdMechanism->WrapKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdWrappingKeyObject,
+        fwWrappingKeyObject,
+        mdKeyObject,
+        fwKeyObject,
+        wrappedKey);
+}
+
+/*
+ * nssCKFWMechanism_UnwrapKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_UnwrapKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwWrappingKeyObject,
+    NSSItem *wrappedKey,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    NSSCKMDObject *mdWrappingKeyObject;
+    NSSCKFWObject *fwObject = NULL;
+    NSSArena *arena;
+
+    if (!fwMechanism->mdMechanism->UnwrapKey) {
+        /* we could simulate UnwrapKey using Decrypt and Create object, but
+     * 1) it's not clear that would work well, and 2) the low level token
+     * may want to restrict unwrap key for a reason, so just fail it it
+     * can't be done */
+        *pError = CKR_FUNCTION_FAILED;
+        return (NSSCKFWObject *)NULL;
+    }
+
+    arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+    if (!arena) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        return (NSSCKFWObject *)NULL;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdWrappingKeyObject = nssCKFWObject_GetMDObject(fwWrappingKeyObject);
+    mdObject = fwMechanism->mdMechanism->UnwrapKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdWrappingKeyObject,
+        fwWrappingKeyObject,
+        wrappedKey,
+        pTemplate,
+        ulAttributeCount,
+        pError);
+
+    if (!mdObject) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    fwObject = nssCKFWObject_Create(arena, mdObject,
+                                    fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+
+    return fwObject;
+}
+
+/*
+ * nssCKFWMechanism_DeriveKey
+ */
+NSS_EXTERN NSSCKFWObject *
+nssCKFWMechanism_DeriveKey(
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM_PTR pMechanism,
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwBaseKeyObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSCKMDSession *mdSession;
+    NSSCKMDObject *mdObject;
+    NSSCKMDObject *mdBaseKeyObject;
+    NSSCKFWObject *fwObject = NULL;
+    NSSArena *arena;
+
+    if (!fwMechanism->mdMechanism->DeriveKey) {
+        *pError = CKR_FUNCTION_FAILED;
+        return (NSSCKFWObject *)NULL;
+    }
+
+    arena = nssCKFWToken_GetArena(fwMechanism->fwToken, pError);
+    if (!arena) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        return (NSSCKFWObject *)NULL;
+    }
+
+    mdSession = nssCKFWSession_GetMDSession(fwSession);
+    mdBaseKeyObject = nssCKFWObject_GetMDObject(fwBaseKeyObject);
+    mdObject = fwMechanism->mdMechanism->DeriveKey(
+        fwMechanism->mdMechanism,
+        fwMechanism,
+        pMechanism,
+        mdSession,
+        fwSession,
+        fwMechanism->mdToken,
+        fwMechanism->fwToken,
+        fwMechanism->mdInstance,
+        fwMechanism->fwInstance,
+        mdBaseKeyObject,
+        fwBaseKeyObject,
+        pTemplate,
+        ulAttributeCount,
+        pError);
+
+    if (!mdObject) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    fwObject = nssCKFWObject_Create(arena, mdObject,
+                                    fwSession, fwMechanism->fwToken, fwMechanism->fwInstance, pError);
+
+    return fwObject;
+}
diff --git a/nss/lib/ckfw/mutex.c b/nss/lib/ckfw/mutex.c
new file mode 100644
index 0000000..be569e1
--- /dev/null
+++ b/nss/lib/ckfw/mutex.c
@@ -0,0 +1,248 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * mutex.c
+ *
+ * This file implements a mutual-exclusion locking facility for Modules
+ * using the NSS Cryptoki Framework.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWMutex
+ *
+ *  NSSCKFWMutex_Destroy
+ *  NSSCKFWMutex_Lock
+ *  NSSCKFWMutex_Unlock
+ *
+ *  nssCKFWMutex_Create
+ *  nssCKFWMutex_Destroy
+ *  nssCKFWMutex_Lock
+ *  nssCKFWMutex_Unlock
+ *
+ *  -- debugging versions only --
+ *  nssCKFWMutex_verifyPointer
+ *
+ */
+
+struct NSSCKFWMutexStr {
+    PRLock *lock;
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+mutex_add_pointer(
+    const NSSCKFWMutex *fwMutex)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+mutex_remove_pointer(
+    const NSSCKFWMutex *fwMutex)
+{
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWMutex_verifyPointer(
+    const NSSCKFWMutex *fwMutex)
+{
+    return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWMutex_Create
+ *
+ */
+NSS_EXTERN NSSCKFWMutex *
+nssCKFWMutex_Create(
+    CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+    CryptokiLockingState LockingState,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    NSSCKFWMutex *mutex;
+
+    mutex = nss_ZNEW(arena, NSSCKFWMutex);
+    if (!mutex) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKFWMutex *)NULL;
+    }
+    *pError = CKR_OK;
+    mutex->lock = NULL;
+    if (LockingState == MultiThreaded) {
+        mutex->lock = PR_NewLock();
+        if (!mutex->lock) {
+            *pError = CKR_HOST_MEMORY; /* we couldn't get the resource */
+        }
+    }
+
+    if (CKR_OK != *pError) {
+        (void)nss_ZFreeIf(mutex);
+        return (NSSCKFWMutex *)NULL;
+    }
+
+#ifdef DEBUG
+    *pError = mutex_add_pointer(mutex);
+    if (CKR_OK != *pError) {
+        if (mutex->lock) {
+            PR_DestroyLock(mutex->lock);
+        }
+        (void)nss_ZFreeIf(mutex);
+        return (NSSCKFWMutex *)NULL;
+    }
+#endif /* DEBUG */
+
+    return mutex;
+}
+
+/*
+ * nssCKFWMutex_Destroy
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWMutex_Destroy(
+    NSSCKFWMutex *mutex)
+{
+    CK_RV rv = CKR_OK;
+
+#ifdef NSSDEBUG
+    rv = nssCKFWMutex_verifyPointer(mutex);
+    if (CKR_OK != rv) {
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (mutex->lock) {
+        PR_DestroyLock(mutex->lock);
+    }
+
+#ifdef DEBUG
+    (void)mutex_remove_pointer(mutex);
+#endif /* DEBUG */
+
+    (void)nss_ZFreeIf(mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWMutex_Lock
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWMutex_Lock(
+    NSSCKFWMutex *mutex)
+{
+#ifdef NSSDEBUG
+    CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+    if (CKR_OK != rv) {
+        return rv;
+    }
+#endif /* NSSDEBUG */
+    if (mutex->lock) {
+        PR_Lock(mutex->lock);
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWMutex_Unlock
+ *
+ */
+NSS_EXTERN CK_RV
+nssCKFWMutex_Unlock(
+    NSSCKFWMutex *mutex)
+{
+    PRStatus nrv;
+#ifdef NSSDEBUG
+    CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+
+    if (CKR_OK != rv) {
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (!mutex->lock)
+        return CKR_OK;
+
+    nrv = PR_Unlock(mutex->lock);
+
+    /* if unlock fails, either we have a programming error, or we have
+     * some sort of hardware failure... in either case return CKR_DEVICE_ERROR.
+     */
+    return nrv == PR_SUCCESS ? CKR_OK : CKR_DEVICE_ERROR;
+}
+
+/*
+ * NSSCKFWMutex_Destroy
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWMutex_Destroy(
+    NSSCKFWMutex *mutex)
+{
+#ifdef DEBUG
+    CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+    if (CKR_OK != rv) {
+        return rv;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWMutex_Destroy(mutex);
+}
+
+/*
+ * NSSCKFWMutex_Lock
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWMutex_Lock(
+    NSSCKFWMutex *mutex)
+{
+#ifdef DEBUG
+    CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+    if (CKR_OK != rv) {
+        return rv;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWMutex_Lock(mutex);
+}
+
+/*
+ * NSSCKFWMutex_Unlock
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWMutex_Unlock(
+    NSSCKFWMutex *mutex)
+{
+#ifdef DEBUG
+    CK_RV rv = nssCKFWMutex_verifyPointer(mutex);
+    if (CKR_OK != rv) {
+        return rv;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWMutex_Unlock(mutex);
+}
diff --git a/nss/lib/ckfw/nssck.api b/nss/lib/ckfw/nssck.api
new file mode 100644
index 0000000..55b4351
--- /dev/null
+++ b/nss/lib/ckfw/nssck.api
@@ -0,0 +1,1854 @@
+/* THIS IS A GENERATED FILE */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * nssck.api
+ *
+ * This automatically-generated file is used to generate a set of
+ * Cryptoki entry points within the object space of a Module using
+ * the NSS Cryptoki Framework.
+ *
+ * The Module should have a .c file with the following:
+ *
+ *  #define MODULE_NAME name
+ *  #define INSTANCE_NAME instance
+ *  #include "nssck.api"
+ *
+ * where "name" is some module-specific name that can be used to
+ * disambiguate various modules.  This included file will then
+ * define the actual Cryptoki routines which pass through to the
+ * Framework calls.  All routines, except C_GetFunctionList, will
+ * be prefixed with the name; C_GetFunctionList will be generated
+ * to return an entry-point vector with these routines.  The
+ * instance specified should be the basic instance of NSSCKMDInstance.
+ *
+ * If, prior to including nssck.api, the .c file also specifies
+ *
+ *  #define DECLARE_STRICT_CRYTPOKI_NAMES
+ *
+ * Then a set of "stub" routines not prefixed with the name will
+ * be included.  This would allow the combined module and framework
+ * to be used in applications which are hard-coded to use the
+ * PKCS#11 names (instead of going through the EPV).  Please note
+ * that such applications should be careful resolving symbols when
+ * more than one PKCS#11 module is loaded.
+ */
+
+#ifndef MODULE_NAME
+#error "Error: MODULE_NAME must be defined."
+#endif /* MODULE_NAME */
+
+#ifndef INSTANCE_NAME
+#error "Error: INSTANCE_NAME must be defined."
+#endif /* INSTANCE_NAME */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+#ifndef NSSCKFWC_H
+#include "nssckfwc.h"
+#endif /* NSSCKFWC_H */
+
+#ifndef NSSCKEPV_H
+#include "nssckepv.h"
+#endif /* NSSCKEPV_H */
+
+#define ADJOIN(x,y) x##y
+
+#define __ADJOIN(x,y) ADJOIN(x,y)
+
+/*
+ * The anchor.  This object is used to store an "anchor" pointer in
+ * the Module's object space, so the wrapper functions can relate
+ * back to this instance.
+ */
+
+static NSSCKFWInstance *fwInstance = (NSSCKFWInstance *)0;
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Initialize)
+(
+  CK_VOID_PTR pInitArgs
+)
+{
+  return NSSCKFWC_Initialize(&fwInstance, INSTANCE_NAME, pInitArgs);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY 
+C_Initialize
+(
+  CK_VOID_PTR pInitArgs
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Initialize)(pInitArgs);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Finalize)
+(
+  CK_VOID_PTR pReserved
+)
+{
+  return NSSCKFWC_Finalize(&fwInstance);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Finalize
+(
+  CK_VOID_PTR pReserved
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Finalize)(pReserved);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetInfo)
+(
+  CK_INFO_PTR pInfo
+)
+{
+  return NSSCKFWC_GetInfo(fwInstance, pInfo);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetInfo
+(
+  CK_INFO_PTR pInfo
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetInfo)(pInfo);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+/*
+ * C_GetFunctionList is defined at the end.
+ */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetSlotList)
+(
+  CK_BBOOL tokenPresent,
+  CK_SLOT_ID_PTR pSlotList,
+  CK_ULONG_PTR pulCount
+)
+{
+  return NSSCKFWC_GetSlotList(fwInstance, tokenPresent, pSlotList, pulCount);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetSlotList
+(
+  CK_BBOOL tokenPresent,
+  CK_SLOT_ID_PTR pSlotList,
+  CK_ULONG_PTR pulCount
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetSlotList)(tokenPresent, pSlotList, pulCount);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetSlotInfo)
+(
+  CK_SLOT_ID slotID,
+  CK_SLOT_INFO_PTR pInfo
+)
+{
+  return NSSCKFWC_GetSlotInfo(fwInstance, slotID, pInfo);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetSlotInfo
+(
+  CK_SLOT_ID slotID,
+  CK_SLOT_INFO_PTR pInfo
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetSlotInfo)(slotID, pInfo);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetTokenInfo)
+(
+  CK_SLOT_ID slotID,
+  CK_TOKEN_INFO_PTR pInfo
+)
+{
+  return NSSCKFWC_GetTokenInfo(fwInstance, slotID, pInfo);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetTokenInfo
+(
+  CK_SLOT_ID slotID,
+  CK_TOKEN_INFO_PTR pInfo
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetTokenInfo)(slotID, pInfo);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetMechanismList)
+(
+  CK_SLOT_ID slotID,
+  CK_MECHANISM_TYPE_PTR pMechanismList,
+  CK_ULONG_PTR pulCount
+)
+{
+  return NSSCKFWC_GetMechanismList(fwInstance, slotID, pMechanismList, pulCount);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetMechanismList
+(
+  CK_SLOT_ID slotID,
+  CK_MECHANISM_TYPE_PTR pMechanismList,
+  CK_ULONG_PTR pulCount
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetMechanismList)(slotID, pMechanismList, pulCount);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetMechanismInfo)
+(
+  CK_SLOT_ID slotID,
+  CK_MECHANISM_TYPE type,
+  CK_MECHANISM_INFO_PTR pInfo
+)
+{
+  return NSSCKFWC_GetMechanismInfo(fwInstance, slotID, type, pInfo);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetMechanismInfo
+(
+  CK_SLOT_ID slotID,
+  CK_MECHANISM_TYPE type,
+  CK_MECHANISM_INFO_PTR pInfo
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetMechanismInfo)(slotID, type, pInfo);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_InitToken)
+(
+  CK_SLOT_ID slotID,
+  CK_CHAR_PTR pPin,
+  CK_ULONG ulPinLen,
+  CK_CHAR_PTR pLabel
+)
+{
+  return NSSCKFWC_InitToken(fwInstance, slotID, pPin, ulPinLen, pLabel);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_InitToken
+(
+  CK_SLOT_ID slotID,
+  CK_CHAR_PTR pPin,
+  CK_ULONG ulPinLen,
+  CK_CHAR_PTR pLabel
+)
+{
+  return __ADJOIN(MODULE_NAME,C_InitToken)(slotID, pPin, ulPinLen, pLabel);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_InitPIN)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_CHAR_PTR pPin,
+  CK_ULONG ulPinLen
+)
+{
+  return NSSCKFWC_InitPIN(fwInstance, hSession, pPin, ulPinLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_InitPIN
+(
+  CK_SESSION_HANDLE hSession,
+  CK_CHAR_PTR pPin,
+  CK_ULONG ulPinLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_InitPIN)(hSession, pPin, ulPinLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SetPIN)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_CHAR_PTR pOldPin,
+  CK_ULONG ulOldLen,
+  CK_CHAR_PTR pNewPin,
+  CK_ULONG ulNewLen
+)
+{
+  return NSSCKFWC_SetPIN(fwInstance, hSession, pOldPin, ulOldLen, pNewPin, ulNewLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SetPIN
+(
+  CK_SESSION_HANDLE hSession,
+  CK_CHAR_PTR pOldPin,
+  CK_ULONG ulOldLen,
+  CK_CHAR_PTR pNewPin,
+  CK_ULONG ulNewLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SetPIN)(hSession, pOldPin, ulOldLen, pNewPin, ulNewLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_OpenSession)
+(
+  CK_SLOT_ID slotID,
+  CK_FLAGS flags,
+  CK_VOID_PTR pApplication,
+  CK_NOTIFY Notify,
+  CK_SESSION_HANDLE_PTR phSession
+)
+{
+  return NSSCKFWC_OpenSession(fwInstance, slotID, flags, pApplication, Notify, phSession);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_OpenSession
+(
+  CK_SLOT_ID slotID,
+  CK_FLAGS flags,
+  CK_VOID_PTR pApplication,
+  CK_NOTIFY Notify,
+  CK_SESSION_HANDLE_PTR phSession
+)
+{
+  return __ADJOIN(MODULE_NAME,C_OpenSession)(slotID, flags, pApplication, Notify, phSession);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_CloseSession)
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return NSSCKFWC_CloseSession(fwInstance, hSession);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_CloseSession
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return __ADJOIN(MODULE_NAME,C_CloseSession)(hSession);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_CloseAllSessions)
+(
+  CK_SLOT_ID slotID
+)
+{
+  return NSSCKFWC_CloseAllSessions(fwInstance, slotID);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_CloseAllSessions
+(
+  CK_SLOT_ID slotID
+)
+{
+  return __ADJOIN(MODULE_NAME,C_CloseAllSessions)(slotID);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetSessionInfo)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_SESSION_INFO_PTR pInfo
+)
+{
+  return NSSCKFWC_GetSessionInfo(fwInstance, hSession, pInfo);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetSessionInfo
+(
+  CK_SESSION_HANDLE hSession,
+  CK_SESSION_INFO_PTR pInfo
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetSessionInfo)(hSession, pInfo);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetOperationState)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pOperationState,
+  CK_ULONG_PTR pulOperationStateLen
+)
+{
+  return NSSCKFWC_GetOperationState(fwInstance, hSession, pOperationState, pulOperationStateLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetOperationState
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pOperationState,
+  CK_ULONG_PTR pulOperationStateLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetOperationState)(hSession, pOperationState, pulOperationStateLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SetOperationState)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pOperationState,
+  CK_ULONG ulOperationStateLen,
+  CK_OBJECT_HANDLE hEncryptionKey,
+  CK_OBJECT_HANDLE hAuthenticationKey
+)
+{
+  return NSSCKFWC_SetOperationState(fwInstance, hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SetOperationState
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pOperationState,
+  CK_ULONG ulOperationStateLen,
+  CK_OBJECT_HANDLE hEncryptionKey,
+  CK_OBJECT_HANDLE hAuthenticationKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SetOperationState)(hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Login)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_USER_TYPE userType,
+  CK_CHAR_PTR pPin,
+  CK_ULONG ulPinLen
+)
+{
+  return NSSCKFWC_Login(fwInstance, hSession, userType, pPin, ulPinLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Login
+(
+  CK_SESSION_HANDLE hSession,
+  CK_USER_TYPE userType,
+  CK_CHAR_PTR pPin,
+  CK_ULONG ulPinLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Login)(hSession, userType, pPin, ulPinLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Logout)
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return NSSCKFWC_Logout(fwInstance, hSession);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Logout
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Logout)(hSession);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_CreateObject)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount,
+  CK_OBJECT_HANDLE_PTR phObject
+)
+{
+  return NSSCKFWC_CreateObject(fwInstance, hSession, pTemplate, ulCount, phObject);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_CreateObject
+(
+  CK_SESSION_HANDLE hSession,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount,
+  CK_OBJECT_HANDLE_PTR phObject
+)
+{
+  return __ADJOIN(MODULE_NAME,C_CreateObject)(hSession, pTemplate, ulCount, phObject);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_CopyObject)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount,
+  CK_OBJECT_HANDLE_PTR phNewObject
+)
+{
+  return NSSCKFWC_CopyObject(fwInstance, hSession, hObject, pTemplate, ulCount, phNewObject);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_CopyObject
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount,
+  CK_OBJECT_HANDLE_PTR phNewObject
+)
+{
+  return __ADJOIN(MODULE_NAME,C_CopyObject)(hSession, hObject, pTemplate, ulCount, phNewObject);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DestroyObject)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject
+)
+{
+  return NSSCKFWC_DestroyObject(fwInstance, hSession, hObject);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DestroyObject
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DestroyObject)(hSession, hObject);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetObjectSize)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ULONG_PTR pulSize
+)
+{
+  return NSSCKFWC_GetObjectSize(fwInstance, hSession, hObject, pulSize);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetObjectSize
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ULONG_PTR pulSize
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetObjectSize)(hSession, hObject, pulSize);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetAttributeValue)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount
+)
+{
+  return NSSCKFWC_GetAttributeValue(fwInstance, hSession, hObject, pTemplate, ulCount);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetAttributeValue
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetAttributeValue)(hSession, hObject, pTemplate, ulCount);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SetAttributeValue)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount
+)
+{
+  return NSSCKFWC_SetAttributeValue(fwInstance, hSession, hObject, pTemplate, ulCount);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SetAttributeValue
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hObject,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SetAttributeValue)(hSession, hObject, pTemplate, ulCount);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_FindObjectsInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount
+)
+{
+  return NSSCKFWC_FindObjectsInit(fwInstance, hSession, pTemplate, ulCount);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_FindObjectsInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount
+)
+{
+  return __ADJOIN(MODULE_NAME,C_FindObjectsInit)(hSession, pTemplate, ulCount);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_FindObjects)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE_PTR phObject,
+  CK_ULONG ulMaxObjectCount,
+  CK_ULONG_PTR pulObjectCount
+)
+{
+  return NSSCKFWC_FindObjects(fwInstance, hSession, phObject, ulMaxObjectCount, pulObjectCount);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_FindObjects
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE_PTR phObject,
+  CK_ULONG ulMaxObjectCount,
+  CK_ULONG_PTR pulObjectCount
+)
+{
+  return __ADJOIN(MODULE_NAME,C_FindObjects)(hSession, phObject, ulMaxObjectCount, pulObjectCount);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_FindObjectsFinal)
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return NSSCKFWC_FindObjectsFinal(fwInstance, hSession);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_FindObjectsFinal
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return __ADJOIN(MODULE_NAME,C_FindObjectsFinal)(hSession);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_EncryptInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return NSSCKFWC_EncryptInit(fwInstance, hSession, pMechanism, hKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_EncryptInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_EncryptInit)(hSession, pMechanism, hKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Encrypt)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pEncryptedData,
+  CK_ULONG_PTR pulEncryptedDataLen
+)
+{
+  return NSSCKFWC_Encrypt(fwInstance, hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Encrypt
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pEncryptedData,
+  CK_ULONG_PTR pulEncryptedDataLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Encrypt)(hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_EncryptUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG_PTR pulEncryptedPartLen
+)
+{
+  return NSSCKFWC_EncryptUpdate(fwInstance, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_EncryptUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG_PTR pulEncryptedPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_EncryptUpdate)(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_EncryptFinal)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pLastEncryptedPart,
+  CK_ULONG_PTR pulLastEncryptedPartLen
+)
+{
+  return NSSCKFWC_EncryptFinal(fwInstance, hSession, pLastEncryptedPart, pulLastEncryptedPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_EncryptFinal
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pLastEncryptedPart,
+  CK_ULONG_PTR pulLastEncryptedPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_EncryptFinal)(hSession, pLastEncryptedPart, pulLastEncryptedPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DecryptInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return NSSCKFWC_DecryptInit(fwInstance, hSession, pMechanism, hKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DecryptInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DecryptInit)(hSession, pMechanism, hKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Decrypt)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedData,
+  CK_ULONG ulEncryptedDataLen,
+  CK_BYTE_PTR pData,
+  CK_ULONG_PTR pulDataLen
+)
+{
+  return NSSCKFWC_Decrypt(fwInstance, hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Decrypt
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedData,
+  CK_ULONG ulEncryptedDataLen,
+  CK_BYTE_PTR pData,
+  CK_ULONG_PTR pulDataLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Decrypt)(hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DecryptUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG ulEncryptedPartLen,
+  CK_BYTE_PTR pPart,
+  CK_ULONG_PTR pulPartLen
+)
+{
+  return NSSCKFWC_DecryptUpdate(fwInstance, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DecryptUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG ulEncryptedPartLen,
+  CK_BYTE_PTR pPart,
+  CK_ULONG_PTR pulPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DecryptUpdate)(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DecryptFinal)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pLastPart,
+  CK_ULONG_PTR pulLastPartLen
+)
+{
+  return NSSCKFWC_DecryptFinal(fwInstance, hSession, pLastPart, pulLastPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DecryptFinal
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pLastPart,
+  CK_ULONG_PTR pulLastPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DecryptFinal)(hSession, pLastPart, pulLastPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DigestInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism
+)
+{
+  return NSSCKFWC_DigestInit(fwInstance, hSession, pMechanism);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DigestInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DigestInit)(hSession, pMechanism);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Digest)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pDigest,
+  CK_ULONG_PTR pulDigestLen
+)
+{
+  return NSSCKFWC_Digest(fwInstance, hSession, pData, ulDataLen, pDigest, pulDigestLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Digest
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pDigest,
+  CK_ULONG_PTR pulDigestLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Digest)(hSession, pData, ulDataLen, pDigest, pulDigestLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DigestUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen
+)
+{
+  return NSSCKFWC_DigestUpdate(fwInstance, hSession, pPart, ulPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DigestUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DigestUpdate)(hSession, pPart, ulPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DigestKey)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return NSSCKFWC_DigestKey(fwInstance, hSession, hKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DigestKey
+(
+  CK_SESSION_HANDLE hSession,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DigestKey)(hSession, hKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DigestFinal)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pDigest,
+  CK_ULONG_PTR pulDigestLen
+)
+{
+  return NSSCKFWC_DigestFinal(fwInstance, hSession, pDigest, pulDigestLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DigestFinal
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pDigest,
+  CK_ULONG_PTR pulDigestLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DigestFinal)(hSession, pDigest, pulDigestLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SignInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return NSSCKFWC_SignInit(fwInstance, hSession, pMechanism, hKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SignInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SignInit)(hSession, pMechanism, hKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Sign)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG_PTR pulSignatureLen
+)
+{
+  return NSSCKFWC_Sign(fwInstance, hSession, pData, ulDataLen, pSignature, pulSignatureLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Sign
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG_PTR pulSignatureLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Sign)(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SignUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen
+)
+{
+  return NSSCKFWC_SignUpdate(fwInstance, hSession, pPart, ulPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SignUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SignUpdate)(hSession, pPart, ulPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SignFinal)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG_PTR pulSignatureLen
+)
+{
+  return NSSCKFWC_SignFinal(fwInstance, hSession, pSignature, pulSignatureLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SignFinal
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG_PTR pulSignatureLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SignFinal)(hSession, pSignature, pulSignatureLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SignRecoverInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return NSSCKFWC_SignRecoverInit(fwInstance, hSession, pMechanism, hKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SignRecoverInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SignRecoverInit)(hSession, pMechanism, hKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SignRecover)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG_PTR pulSignatureLen
+)
+{
+  return NSSCKFWC_SignRecover(fwInstance, hSession, pData, ulDataLen, pSignature, pulSignatureLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SignRecover
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG_PTR pulSignatureLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SignRecover)(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_VerifyInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return NSSCKFWC_VerifyInit(fwInstance, hSession, pMechanism, hKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_VerifyInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_VerifyInit)(hSession, pMechanism, hKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_Verify)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG ulSignatureLen
+)
+{
+  return NSSCKFWC_Verify(fwInstance, hSession, pData, ulDataLen, pSignature, ulSignatureLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_Verify
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pData,
+  CK_ULONG ulDataLen,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG ulSignatureLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_Verify)(hSession, pData, ulDataLen, pSignature, ulSignatureLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_VerifyUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen
+)
+{
+  return NSSCKFWC_VerifyUpdate(fwInstance, hSession, pPart, ulPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_VerifyUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_VerifyUpdate)(hSession, pPart, ulPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_VerifyFinal)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG ulSignatureLen
+)
+{
+  return NSSCKFWC_VerifyFinal(fwInstance, hSession, pSignature, ulSignatureLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_VerifyFinal
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG ulSignatureLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_VerifyFinal)(hSession, pSignature, ulSignatureLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_VerifyRecoverInit)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return NSSCKFWC_VerifyRecoverInit(fwInstance, hSession, pMechanism, hKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_VerifyRecoverInit
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_VerifyRecoverInit)(hSession, pMechanism, hKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_VerifyRecover)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG ulSignatureLen,
+  CK_BYTE_PTR pData,
+  CK_ULONG_PTR pulDataLen
+)
+{
+  return NSSCKFWC_VerifyRecover(fwInstance, hSession, pSignature, ulSignatureLen, pData, pulDataLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_VerifyRecover
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSignature,
+  CK_ULONG ulSignatureLen,
+  CK_BYTE_PTR pData,
+  CK_ULONG_PTR pulDataLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_VerifyRecover)(hSession, pSignature, ulSignatureLen, pData, pulDataLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DigestEncryptUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG_PTR pulEncryptedPartLen
+)
+{
+  return NSSCKFWC_DigestEncryptUpdate(fwInstance, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DigestEncryptUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG_PTR pulEncryptedPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DigestEncryptUpdate)(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DecryptDigestUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG ulEncryptedPartLen,
+  CK_BYTE_PTR pPart,
+  CK_ULONG_PTR pulPartLen
+)
+{
+  return NSSCKFWC_DecryptDigestUpdate(fwInstance, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DecryptDigestUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG ulEncryptedPartLen,
+  CK_BYTE_PTR pPart,
+  CK_ULONG_PTR pulPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DecryptDigestUpdate)(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SignEncryptUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG_PTR pulEncryptedPartLen
+)
+{
+  return NSSCKFWC_SignEncryptUpdate(fwInstance, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SignEncryptUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pPart,
+  CK_ULONG ulPartLen,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG_PTR pulEncryptedPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SignEncryptUpdate)(hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DecryptVerifyUpdate)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG ulEncryptedPartLen,
+  CK_BYTE_PTR pPart,
+  CK_ULONG_PTR pulPartLen
+)
+{
+  return NSSCKFWC_DecryptVerifyUpdate(fwInstance, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DecryptVerifyUpdate
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pEncryptedPart,
+  CK_ULONG ulEncryptedPartLen,
+  CK_BYTE_PTR pPart,
+  CK_ULONG_PTR pulPartLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DecryptVerifyUpdate)(hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GenerateKey)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount,
+  CK_OBJECT_HANDLE_PTR phKey
+)
+{
+  return NSSCKFWC_GenerateKey(fwInstance, hSession, pMechanism, pTemplate, ulCount, phKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GenerateKey
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulCount,
+  CK_OBJECT_HANDLE_PTR phKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GenerateKey)(hSession, pMechanism, pTemplate, ulCount, phKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GenerateKeyPair)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+  CK_ULONG ulPublicKeyAttributeCount,
+  CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+  CK_ULONG ulPrivateKeyAttributeCount,
+  CK_OBJECT_HANDLE_PTR phPublicKey,
+  CK_OBJECT_HANDLE_PTR phPrivateKey
+)
+{
+  return NSSCKFWC_GenerateKeyPair(fwInstance, hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GenerateKeyPair
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+  CK_ULONG ulPublicKeyAttributeCount,
+  CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+  CK_ULONG ulPrivateKeyAttributeCount,
+  CK_OBJECT_HANDLE_PTR phPublicKey,
+  CK_OBJECT_HANDLE_PTR phPrivateKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GenerateKeyPair)(hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount, pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_WrapKey)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hWrappingKey,
+  CK_OBJECT_HANDLE hKey,
+  CK_BYTE_PTR pWrappedKey,
+  CK_ULONG_PTR pulWrappedKeyLen
+)
+{
+  return NSSCKFWC_WrapKey(fwInstance, hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_WrapKey
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hWrappingKey,
+  CK_OBJECT_HANDLE hKey,
+  CK_BYTE_PTR pWrappedKey,
+  CK_ULONG_PTR pulWrappedKeyLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_WrapKey)(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_UnwrapKey)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hUnwrappingKey,
+  CK_BYTE_PTR pWrappedKey,
+  CK_ULONG ulWrappedKeyLen,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulAttributeCount,
+  CK_OBJECT_HANDLE_PTR phKey
+)
+{
+  return NSSCKFWC_UnwrapKey(fwInstance, hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_UnwrapKey
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hUnwrappingKey,
+  CK_BYTE_PTR pWrappedKey,
+  CK_ULONG ulWrappedKeyLen,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulAttributeCount,
+  CK_OBJECT_HANDLE_PTR phKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_UnwrapKey)(hSession, pMechanism, hUnwrappingKey, pWrappedKey, ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_DeriveKey)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hBaseKey,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulAttributeCount,
+  CK_OBJECT_HANDLE_PTR phKey
+)
+{
+  return NSSCKFWC_DeriveKey(fwInstance, hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_DeriveKey
+(
+  CK_SESSION_HANDLE hSession,
+  CK_MECHANISM_PTR pMechanism,
+  CK_OBJECT_HANDLE hBaseKey,
+  CK_ATTRIBUTE_PTR pTemplate,
+  CK_ULONG ulAttributeCount,
+  CK_OBJECT_HANDLE_PTR phKey
+)
+{
+  return __ADJOIN(MODULE_NAME,C_DeriveKey)(hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phKey);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_SeedRandom)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSeed,
+  CK_ULONG ulSeedLen
+)
+{
+  return NSSCKFWC_SeedRandom(fwInstance, hSession, pSeed, ulSeedLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_SeedRandom
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR pSeed,
+  CK_ULONG ulSeedLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_SeedRandom)(hSession, pSeed, ulSeedLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GenerateRandom)
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR RandomData,
+  CK_ULONG ulRandomLen
+)
+{
+  return NSSCKFWC_GenerateRandom(fwInstance, hSession, RandomData, ulRandomLen);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GenerateRandom
+(
+  CK_SESSION_HANDLE hSession,
+  CK_BYTE_PTR RandomData,
+  CK_ULONG ulRandomLen
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GenerateRandom)(hSession, RandomData, ulRandomLen);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetFunctionStatus)
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return NSSCKFWC_GetFunctionStatus(fwInstance, hSession);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_GetFunctionStatus
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetFunctionStatus)(hSession);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_CancelFunction)
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return NSSCKFWC_CancelFunction(fwInstance, hSession);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_CancelFunction
+(
+  CK_SESSION_HANDLE hSession
+)
+{
+  return __ADJOIN(MODULE_NAME,C_CancelFunction)(hSession);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
+(
+  CK_FLAGS flags,
+  CK_SLOT_ID_PTR pSlot,
+  CK_VOID_PTR pRserved
+)
+{
+  return NSSCKFWC_WaitForSlotEvent(fwInstance, flags, pSlot, pRserved);
+}
+
+#ifdef DECLARE_STRICT_CRYPTOKI_NAMES
+CK_RV CK_ENTRY
+C_WaitForSlotEvent
+(
+  CK_FLAGS flags,
+  CK_SLOT_ID_PTR pSlot,
+  CK_VOID_PTR pRserved
+)
+{
+  return __ADJOIN(MODULE_NAME,C_WaitForSlotEvent)(flags, pSlot, pRserved);
+}
+#endif /* DECLARE_STRICT_CRYPTOKI_NAMES */
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetFunctionList)
+(
+  CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+);
+
+static CK_FUNCTION_LIST FunctionList = {
+  { 2, 1 },
+__ADJOIN(MODULE_NAME,C_Initialize),
+__ADJOIN(MODULE_NAME,C_Finalize),
+__ADJOIN(MODULE_NAME,C_GetInfo),
+__ADJOIN(MODULE_NAME,C_GetFunctionList),
+__ADJOIN(MODULE_NAME,C_GetSlotList),
+__ADJOIN(MODULE_NAME,C_GetSlotInfo),
+__ADJOIN(MODULE_NAME,C_GetTokenInfo),
+__ADJOIN(MODULE_NAME,C_GetMechanismList),
+__ADJOIN(MODULE_NAME,C_GetMechanismInfo),
+__ADJOIN(MODULE_NAME,C_InitToken),
+__ADJOIN(MODULE_NAME,C_InitPIN),
+__ADJOIN(MODULE_NAME,C_SetPIN),
+__ADJOIN(MODULE_NAME,C_OpenSession),
+__ADJOIN(MODULE_NAME,C_CloseSession),
+__ADJOIN(MODULE_NAME,C_CloseAllSessions),
+__ADJOIN(MODULE_NAME,C_GetSessionInfo),
+__ADJOIN(MODULE_NAME,C_GetOperationState),
+__ADJOIN(MODULE_NAME,C_SetOperationState),
+__ADJOIN(MODULE_NAME,C_Login),
+__ADJOIN(MODULE_NAME,C_Logout),
+__ADJOIN(MODULE_NAME,C_CreateObject),
+__ADJOIN(MODULE_NAME,C_CopyObject),
+__ADJOIN(MODULE_NAME,C_DestroyObject),
+__ADJOIN(MODULE_NAME,C_GetObjectSize),
+__ADJOIN(MODULE_NAME,C_GetAttributeValue),
+__ADJOIN(MODULE_NAME,C_SetAttributeValue),
+__ADJOIN(MODULE_NAME,C_FindObjectsInit),
+__ADJOIN(MODULE_NAME,C_FindObjects),
+__ADJOIN(MODULE_NAME,C_FindObjectsFinal),
+__ADJOIN(MODULE_NAME,C_EncryptInit),
+__ADJOIN(MODULE_NAME,C_Encrypt),
+__ADJOIN(MODULE_NAME,C_EncryptUpdate),
+__ADJOIN(MODULE_NAME,C_EncryptFinal),
+__ADJOIN(MODULE_NAME,C_DecryptInit),
+__ADJOIN(MODULE_NAME,C_Decrypt),
+__ADJOIN(MODULE_NAME,C_DecryptUpdate),
+__ADJOIN(MODULE_NAME,C_DecryptFinal),
+__ADJOIN(MODULE_NAME,C_DigestInit),
+__ADJOIN(MODULE_NAME,C_Digest),
+__ADJOIN(MODULE_NAME,C_DigestUpdate),
+__ADJOIN(MODULE_NAME,C_DigestKey),
+__ADJOIN(MODULE_NAME,C_DigestFinal),
+__ADJOIN(MODULE_NAME,C_SignInit),
+__ADJOIN(MODULE_NAME,C_Sign),
+__ADJOIN(MODULE_NAME,C_SignUpdate),
+__ADJOIN(MODULE_NAME,C_SignFinal),
+__ADJOIN(MODULE_NAME,C_SignRecoverInit),
+__ADJOIN(MODULE_NAME,C_SignRecover),
+__ADJOIN(MODULE_NAME,C_VerifyInit),
+__ADJOIN(MODULE_NAME,C_Verify),
+__ADJOIN(MODULE_NAME,C_VerifyUpdate),
+__ADJOIN(MODULE_NAME,C_VerifyFinal),
+__ADJOIN(MODULE_NAME,C_VerifyRecoverInit),
+__ADJOIN(MODULE_NAME,C_VerifyRecover),
+__ADJOIN(MODULE_NAME,C_DigestEncryptUpdate),
+__ADJOIN(MODULE_NAME,C_DecryptDigestUpdate),
+__ADJOIN(MODULE_NAME,C_SignEncryptUpdate),
+__ADJOIN(MODULE_NAME,C_DecryptVerifyUpdate),
+__ADJOIN(MODULE_NAME,C_GenerateKey),
+__ADJOIN(MODULE_NAME,C_GenerateKeyPair),
+__ADJOIN(MODULE_NAME,C_WrapKey),
+__ADJOIN(MODULE_NAME,C_UnwrapKey),
+__ADJOIN(MODULE_NAME,C_DeriveKey),
+__ADJOIN(MODULE_NAME,C_SeedRandom),
+__ADJOIN(MODULE_NAME,C_GenerateRandom),
+__ADJOIN(MODULE_NAME,C_GetFunctionStatus),
+__ADJOIN(MODULE_NAME,C_CancelFunction),
+__ADJOIN(MODULE_NAME,C_WaitForSlotEvent)
+};
+
+static CK_RV CK_ENTRY
+__ADJOIN(MODULE_NAME,C_GetFunctionList)
+(
+  CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+)
+{
+  *ppFunctionList = &FunctionList;
+  return CKR_OK;
+}
+
+/* This one is always present */
+CK_RV CK_ENTRY
+C_GetFunctionList
+(
+  CK_FUNCTION_LIST_PTR_PTR ppFunctionList
+)
+{
+  return __ADJOIN(MODULE_NAME,C_GetFunctionList)(ppFunctionList);
+}
+
+#undef __ADJOIN
+
diff --git a/nss/lib/ckfw/nssckepv.h b/nss/lib/ckfw/nssckepv.h
new file mode 100644
index 0000000..042845d
--- /dev/null
+++ b/nss/lib/ckfw/nssckepv.h
@@ -0,0 +1,10 @@
+/* THIS IS A GENERATED FILE */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef NSSCKEPV_H
+#define NSSCKEPV_H
+
+#include "pkcs11.h"
+
+#endif /* NSSCKEPV_H */
diff --git a/nss/lib/ckfw/nssckft.h b/nss/lib/ckfw/nssckft.h
new file mode 100644
index 0000000..80ee292
--- /dev/null
+++ b/nss/lib/ckfw/nssckft.h
@@ -0,0 +1,11 @@
+/* THIS IS A GENERATED FILE */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSSCKFT_H_
+#define _NSSCKFT_H_ 1
+
+#include "pkcs11t.h"
+
+#endif /* _NSSCKFT_H_ */
diff --git a/nss/lib/ckfw/nssckfw.h b/nss/lib/ckfw/nssckfw.h
new file mode 100644
index 0000000..0f93eaa
--- /dev/null
+++ b/nss/lib/ckfw/nssckfw.h
@@ -0,0 +1,462 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSCKFW_H
+#define NSSCKFW_H
+
+/*
+ * nssckfw.h
+ *
+ * This file prototypes the publicly available calls of the
+ * NSS Cryptoki Framework.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+/*
+ * NSSCKFWInstance
+ *
+ *  NSSCKFWInstance_GetMDInstance
+ *  NSSCKFWInstance_GetArena
+ *  NSSCKFWInstance_MayCreatePthreads
+ *  NSSCKFWInstance_CreateMutex
+ *  NSSCKFWInstance_GetConfigurationData
+ *  NSSCKFWInstance_GetInitArgs
+ *  NSSCKFWInstance_DestroySessionHandle
+ *  NSSCKFWInstance_FindSessionHandle
+ */
+
+/*
+ * NSSCKFWInstance_GetMDInstance
+ *
+ */
+
+NSS_EXTERN NSSCKMDInstance *
+NSSCKFWInstance_GetMDInstance(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * NSSCKFWInstance_GetArena
+ *
+ */
+
+NSS_EXTERN NSSArena *
+NSSCKFWInstance_GetArena(
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWInstance_MayCreatePthreads
+ *
+ */
+
+NSS_EXTERN CK_BBOOL
+NSSCKFWInstance_MayCreatePthreads(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * NSSCKFWInstance_CreateMutex
+ *
+ */
+
+NSS_EXTERN NSSCKFWMutex *
+NSSCKFWInstance_CreateMutex(
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWInstance_GetConfigurationData
+ *
+ */
+
+NSS_EXTERN NSSUTF8 *
+NSSCKFWInstance_GetConfigurationData(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * NSSCKFWInstance_GetInitArgs
+ *
+ */
+
+NSS_EXTERN CK_C_INITIALIZE_ARGS_PTR
+NSSCKFWInstance_GetInitArgs(
+    NSSCKFWInstance *fwInstance);
+
+/*
+ * nssCKFWInstance_DestroySessionHandle
+ *
+ */
+NSS_EXTERN void
+NSSCKFWInstance_DestroySessionHandle(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * nssCKFWInstance_FindSessionHandle
+ *
+ */
+NSS_EXTERN CK_SESSION_HANDLE
+NSSCKFWInstance_FindSessionHandle(
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession);
+
+/*
+ * NSSCKFWSlot
+ *
+ *  NSSCKFWSlot_GetMDSlot
+ *  NSSCKFWSlot_GetFWInstance
+ *  NSSCKFWSlot_GetMDInstance
+ *  NSSCKFWSlot_GetSlotID
+ *
+ */
+
+/*
+ * NSSCKFWSlot_GetMDSlot
+ *
+ */
+
+NSS_EXTERN NSSCKMDSlot *
+NSSCKFWSlot_GetMDSlot(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * NSSCKFWSlot_GetFWInstance
+ *
+ */
+
+NSS_EXTERN NSSCKFWInstance *
+NSSCKFWSlot_GetFWInstance(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * NSSCKFWSlot_GetMDInstance
+ *
+ */
+
+NSS_EXTERN NSSCKMDInstance *
+NSSCKFWSlot_GetMDInstance(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * NSSCKFWSlot_GetSlotID
+ *
+ */
+
+NSS_EXTERN CK_SLOT_ID
+NSSCKFWSlot_GetSlotID(
+    NSSCKFWSlot *fwSlot);
+
+/*
+ * NSSCKFWToken
+ *
+ *  NSSCKFWToken_GetMDToken
+ *  NSSCKFWToken_GetFWSlot
+ *  NSSCKFWToken_GetMDSlot
+ *  NSSCKFWToken_GetSessionState
+ *
+ */
+
+/*
+ * NSSCKFWToken_GetMDToken
+ *
+ */
+
+NSS_EXTERN NSSCKMDToken *
+NSSCKFWToken_GetMDToken(
+    NSSCKFWToken *fwToken);
+
+/*
+ * NSSCKFWToken_GetArena
+ *
+ */
+
+NSS_EXTERN NSSArena *
+NSSCKFWToken_GetArena(
+    NSSCKFWToken *fwToken,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWToken_GetFWSlot
+ *
+ */
+
+NSS_EXTERN NSSCKFWSlot *
+NSSCKFWToken_GetFWSlot(
+    NSSCKFWToken *fwToken);
+
+/*
+ * NSSCKFWToken_GetMDSlot
+ *
+ */
+
+NSS_EXTERN NSSCKMDSlot *
+NSSCKFWToken_GetMDSlot(
+    NSSCKFWToken *fwToken);
+
+/*
+ * NSSCKFWToken_GetSessionState
+ *
+ */
+
+NSS_EXTERN CK_STATE
+NSSCKFWToken_GetSessionState(
+    NSSCKFWToken *fwToken);
+
+/*
+ * NSSCKFWMechanism
+ *
+ *  NSSKCFWMechanism_GetMDMechanism
+ *  NSSCKFWMechanism_GetParameter
+ *
+ */
+
+/*
+ * NSSKCFWMechanism_GetMDMechanism
+ *
+ */
+
+NSS_EXTERN NSSCKMDMechanism *
+NSSCKFWMechanism_GetMDMechanism(
+    NSSCKFWMechanism *fwMechanism);
+
+/*
+ * NSSCKFWMechanism_GetParameter
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCKFWMechanism_GetParameter(
+    NSSCKFWMechanism *fwMechanism);
+
+/*
+ * NSSCKFWSession
+ *
+ *  NSSCKFWSession_GetMDSession
+ *  NSSCKFWSession_GetArena
+ *  NSSCKFWSession_CallNotification
+ *  NSSCKFWSession_IsRWSession
+ *  NSSCKFWSession_IsSO
+ *  NSSCKFWSession_GetCurrentCryptoOperation
+ *  NSSCKFWSession_GetFWSlot
+ *
+ */
+
+/*
+ * NSSCKFWSession_GetMDSession
+ *
+ */
+
+NSS_EXTERN NSSCKMDSession *
+NSSCKFWSession_GetMDSession(
+    NSSCKFWSession *fwSession);
+
+/*
+ * NSSCKFWSession_GetArena
+ *
+ */
+
+NSS_EXTERN NSSArena *
+NSSCKFWSession_GetArena(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWSession_CallNotification
+ *
+ */
+
+NSS_EXTERN CK_RV
+NSSCKFWSession_CallNotification(
+    NSSCKFWSession *fwSession,
+    CK_NOTIFICATION event);
+
+/*
+ * NSSCKFWSession_IsRWSession
+ *
+ */
+
+NSS_EXTERN CK_BBOOL
+NSSCKFWSession_IsRWSession(
+    NSSCKFWSession *fwSession);
+
+/*
+ * NSSCKFWSession_IsSO
+ *
+ */
+
+NSS_EXTERN CK_BBOOL
+NSSCKFWSession_IsSO(
+    NSSCKFWSession *fwSession);
+
+/*
+ * NSSCKFWSession_GetCurrentCryptoOperation
+ *
+ */
+
+NSS_EXTERN NSSCKFWCryptoOperation *
+NSSCKFWSession_GetCurrentCryptoOperation(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationState state);
+
+/*
+ * NSSCKFWSession_GetFWSlot
+ *
+ */
+
+NSS_EXTERN NSSCKFWSlot *
+NSSCKFWSession_GetFWSlot(
+    NSSCKFWSession *fwSession);
+
+/*
+ * NSSCKFWObject
+ *
+ *  NSSCKFWObject_GetMDObject
+ *  NSSCKFWObject_GetArena
+ *  NSSCKFWObject_IsTokenObject
+ *  NSSCKFWObject_GetAttributeCount
+ *  NSSCKFWObject_GetAttributeTypes
+ *  NSSCKFWObject_GetAttributeSize
+ *  NSSCKFWObject_GetAttribute
+ *  NSSCKFWObject_GetObjectSize
+ */
+
+/*
+ * NSSCKFWObject_GetMDObject
+ *
+ */
+NSS_EXTERN NSSCKMDObject *
+NSSCKFWObject_GetMDObject(
+    NSSCKFWObject *fwObject);
+
+/*
+ * NSSCKFWObject_GetArena
+ *
+ */
+NSS_EXTERN NSSArena *
+NSSCKFWObject_GetArena(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWObject_IsTokenObject
+ *
+ */
+NSS_EXTERN CK_BBOOL
+NSSCKFWObject_IsTokenObject(
+    NSSCKFWObject *fwObject);
+
+/*
+ * NSSCKFWObject_GetAttributeCount
+ *
+ */
+NSS_EXTERN CK_ULONG
+NSSCKFWObject_GetAttributeCount(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWObject_GetAttributeTypes
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWObject_GetAttributeTypes(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount);
+
+/*
+ * NSSCKFWObject_GetAttributeSize
+ *
+ */
+NSS_EXTERN CK_ULONG
+NSSCKFWObject_GetAttributeSize(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWObject_GetAttribute
+ *
+ */
+NSS_EXTERN NSSItem *
+NSSCKFWObject_GetAttribute(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *itemOpt,
+    NSSArena *arenaOpt,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWObject_GetObjectSize
+ *
+ */
+NSS_EXTERN CK_ULONG
+NSSCKFWObject_GetObjectSize(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError);
+
+/*
+ * NSSCKFWFindObjects
+ *
+ *  NSSCKFWFindObjects_GetMDFindObjects
+ *
+ */
+
+/*
+ * NSSCKFWFindObjects_GetMDFindObjects
+ *
+ */
+
+NSS_EXTERN NSSCKMDFindObjects *
+NSSCKFWFindObjects_GetMDFindObjects(
+    NSSCKFWFindObjects *);
+
+/*
+ * NSSCKFWMutex
+ *
+ *  NSSCKFWMutex_Destroy
+ *  NSSCKFWMutex_Lock
+ *  NSSCKFWMutex_Unlock
+ *
+ */
+
+/*
+ * NSSCKFWMutex_Destroy
+ *
+ */
+
+NSS_EXTERN CK_RV
+NSSCKFWMutex_Destroy(
+    NSSCKFWMutex *mutex);
+
+/*
+ * NSSCKFWMutex_Lock
+ *
+ */
+
+NSS_EXTERN CK_RV
+NSSCKFWMutex_Lock(
+    NSSCKFWMutex *mutex);
+
+/*
+ * NSSCKFWMutex_Unlock
+ *
+ */
+
+NSS_EXTERN CK_RV
+NSSCKFWMutex_Unlock(
+    NSSCKFWMutex *mutex);
+
+#endif /* NSSCKFW_H */
diff --git a/nss/lib/ckfw/nssckfwc.h b/nss/lib/ckfw/nssckfwc.h
new file mode 100644
index 0000000..734a67c
--- /dev/null
+++ b/nss/lib/ckfw/nssckfwc.h
@@ -0,0 +1,879 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSCKFWC_H
+#define NSSCKFWC_H
+
+/*
+ * nssckfwc.h
+ *
+ * This file prototypes all of the NSS Cryptoki Framework "wrapper"
+ * which implement the PKCS#11 API.  Technically, these are public
+ * routines (with capital "NSS" prefixes), since they are called
+ * from (generated) code within a Module using the Framework.
+ * However, they should not be called except from those generated
+ * calls.  Hence, the prototypes have been split out into this file.
+ */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+#ifndef NSSCKMDT_H
+#include "nssckmdt.h"
+#endif /* NSSCKMDT_H */
+
+/*
+ * NSSCKFWC_Initialize
+ * NSSCKFWC_Finalize
+ * NSSCKFWC_GetInfo
+ * -- NSSCKFWC_GetFunctionList -- see the API insert file
+ * NSSCKFWC_GetSlotList
+ * NSSCKFWC_GetSlotInfo
+ * NSSCKFWC_GetTokenInfo
+ * NSSCKFWC_WaitForSlotEvent
+ * NSSCKFWC_GetMechanismList
+ * NSSCKFWC_GetMechanismInfo
+ * NSSCKFWC_InitToken
+ * NSSCKFWC_InitPIN
+ * NSSCKFWC_SetPIN
+ * NSSCKFWC_OpenSession
+ * NSSCKFWC_CloseSession
+ * NSSCKFWC_CloseAllSessions
+ * NSSCKFWC_GetSessionInfo
+ * NSSCKFWC_GetOperationState
+ * NSSCKFWC_SetOperationState
+ * NSSCKFWC_Login
+ * NSSCKFWC_Logout
+ * NSSCKFWC_CreateObject
+ * NSSCKFWC_CopyObject
+ * NSSCKFWC_DestroyObject
+ * NSSCKFWC_GetObjectSize
+ * NSSCKFWC_GetAttributeValue
+ * NSSCKFWC_SetAttributeValue
+ * NSSCKFWC_FindObjectsInit
+ * NSSCKFWC_FindObjects
+ * NSSCKFWC_FindObjectsFinal
+ * NSSCKFWC_EncryptInit
+ * NSSCKFWC_Encrypt
+ * NSSCKFWC_EncryptUpdate
+ * NSSCKFWC_EncryptFinal
+ * NSSCKFWC_DecryptInit
+ * NSSCKFWC_Decrypt
+ * NSSCKFWC_DecryptUpdate
+ * NSSCKFWC_DecryptFinal
+ * NSSCKFWC_DigestInit
+ * NSSCKFWC_Digest
+ * NSSCKFWC_DigestUpdate
+ * NSSCKFWC_DigestKey
+ * NSSCKFWC_DigestFinal
+ * NSSCKFWC_SignInit
+ * NSSCKFWC_Sign
+ * NSSCKFWC_SignUpdate
+ * NSSCKFWC_SignFinal
+ * NSSCKFWC_SignRecoverInit
+ * NSSCKFWC_SignRecover
+ * NSSCKFWC_VerifyInit
+ * NSSCKFWC_Verify
+ * NSSCKFWC_VerifyUpdate
+ * NSSCKFWC_VerifyFinal
+ * NSSCKFWC_VerifyRecoverInit
+ * NSSCKFWC_VerifyRecover
+ * NSSCKFWC_DigestEncryptUpdate
+ * NSSCKFWC_DecryptDigestUpdate
+ * NSSCKFWC_SignEncryptUpdate
+ * NSSCKFWC_DecryptVerifyUpdate
+ * NSSCKFWC_GenerateKey
+ * NSSCKFWC_GenerateKeyPair
+ * NSSCKFWC_WrapKey
+ * NSSCKFWC_UnwrapKey
+ * NSSCKFWC_DeriveKey
+ * NSSCKFWC_SeedRandom
+ * NSSCKFWC_GenerateRandom
+ * NSSCKFWC_GetFunctionStatus
+ * NSSCKFWC_CancelFunction
+ */
+
+/*
+ * NSSCKFWC_Initialize
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Initialize(
+    NSSCKFWInstance **pFwInstance,
+    NSSCKMDInstance *mdInstance,
+    CK_VOID_PTR pInitArgs);
+
+/*
+ * NSSCKFWC_Finalize
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Finalize(
+    NSSCKFWInstance **pFwInstance);
+
+/*
+ * NSSCKFWC_GetInfo
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_INFO_PTR pInfo);
+
+/*
+ * C_GetFunctionList is implemented entirely in the Module's file which
+ * includes the Framework API insert file.  It requires no "actual"
+ * NSSCKFW routine.
+ */
+
+/*
+ * NSSCKFWC_GetSlotList
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetSlotList(
+    NSSCKFWInstance *fwInstance,
+    CK_BBOOL tokenPresent,
+    CK_SLOT_ID_PTR pSlotList,
+    CK_ULONG_PTR pulCount);
+
+/*
+ * NSSCKFWC_GetSlotInfo
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetSlotInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_SLOT_INFO_PTR pInfo);
+
+/*
+ * NSSCKFWC_GetTokenInfo
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetTokenInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_TOKEN_INFO_PTR pInfo);
+
+/*
+ * NSSCKFWC_WaitForSlotEvent
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_WaitForSlotEvent(
+    NSSCKFWInstance *fwInstance,
+    CK_FLAGS flags,
+    CK_SLOT_ID_PTR pSlot,
+    CK_VOID_PTR pReserved);
+
+/*
+ * NSSCKFWC_GetMechanismList
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetMechanismList(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE_PTR pMechanismList,
+    CK_ULONG_PTR pulCount);
+
+/*
+ * NSSCKFWC_GetMechanismInfo
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetMechanismInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE type,
+    CK_MECHANISM_INFO_PTR pInfo);
+
+/*
+ * NSSCKFWC_InitToken
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_InitToken(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen,
+    CK_CHAR_PTR pLabel);
+
+/*
+ * NSSCKFWC_InitPIN
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_InitPIN(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen);
+
+/*
+ * NSSCKFWC_SetPIN
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SetPIN(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pOldPin,
+    CK_ULONG ulOldLen,
+    CK_CHAR_PTR pNewPin,
+    CK_ULONG ulNewLen);
+
+/*
+ * NSSCKFWC_OpenSession
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_OpenSession(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_FLAGS flags,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_SESSION_HANDLE_PTR phSession);
+
+/*
+ * NSSCKFWC_CloseSession
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_CloseSession(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * NSSCKFWC_CloseAllSessions
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_CloseAllSessions(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID);
+
+/*
+ * NSSCKFWC_GetSessionInfo
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetSessionInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_SESSION_INFO_PTR pInfo);
+
+/*
+ * NSSCKFWC_GetOperationState
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetOperationState(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG_PTR pulOperationStateLen);
+
+/*
+ * NSSCKFWC_SetOperationState
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SetOperationState(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG ulOperationStateLen,
+    CK_OBJECT_HANDLE hEncryptionKey,
+    CK_OBJECT_HANDLE hAuthenticationKey);
+
+/*
+ * NSSCKFWC_Login
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Login(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_USER_TYPE userType,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen);
+
+/*
+ * NSSCKFWC_Logout
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Logout(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * NSSCKFWC_CreateObject
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_CreateObject(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phObject);
+
+/*
+ * NSSCKFWC_CopyObject
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_CopyObject(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phNewObject);
+
+/*
+ * NSSCKFWC_DestroyObject
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DestroyObject(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject);
+
+/*
+ * NSSCKFWC_GetObjectSize
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetObjectSize(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ULONG_PTR pulSize);
+
+/*
+ * NSSCKFWC_GetAttributeValue
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetAttributeValue(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount);
+
+/*
+ * NSSCKFWC_SetAttributeValue
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SetAttributeValue(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount);
+
+/*
+ * NSSCKFWC_FindObjectsInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_FindObjectsInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount);
+
+/*
+ * NSSCKFWC_FindObjects
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_FindObjects(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE_PTR phObject,
+    CK_ULONG ulMaxObjectCount,
+    CK_ULONG_PTR pulObjectCount);
+
+/*
+ * NSSCKFWC_FindObjectsFinal
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_FindObjectsFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * NSSCKFWC_EncryptInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_EncryptInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey);
+
+/*
+ * NSSCKFWC_Encrypt
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Encrypt(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG_PTR pulEncryptedDataLen);
+
+/*
+ * NSSCKFWC_EncryptUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_EncryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen);
+
+/*
+ * NSSCKFWC_EncryptFinal
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_EncryptFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastEncryptedPart,
+    CK_ULONG_PTR pulLastEncryptedPartLen);
+
+/*
+ * NSSCKFWC_DecryptInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DecryptInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey);
+
+/*
+ * NSSCKFWC_Decrypt
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Decrypt(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG ulEncryptedDataLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen);
+
+/*
+ * NSSCKFWC_DecryptUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DecryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen);
+
+/*
+ * NSSCKFWC_DecryptFinal
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DecryptFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastPart,
+    CK_ULONG_PTR pulLastPartLen);
+
+/*
+ * NSSCKFWC_DigestInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DigestInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism);
+
+/*
+ * NSSCKFWC_Digest
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Digest(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen);
+
+/*
+ * NSSCKFWC_DigestUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DigestUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen);
+
+/*
+ * NSSCKFWC_DigestKey
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DigestKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hKey);
+
+/*
+ * NSSCKFWC_DigestFinal
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DigestFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen);
+
+/*
+ * NSSCKFWC_SignInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SignInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey);
+
+/*
+ * NSSCKFWC_Sign
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Sign(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen);
+
+/*
+ * NSSCKFWC_SignUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SignUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen);
+
+/*
+ * NSSCKFWC_SignFinal
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SignFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen);
+
+/*
+ * NSSCKFWC_SignRecoverInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SignRecoverInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey);
+
+/*
+ * NSSCKFWC_SignRecover
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SignRecover(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen);
+
+/*
+ * NSSCKFWC_VerifyInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_VerifyInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey);
+
+/*
+ * NSSCKFWC_Verify
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_Verify(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen);
+
+/*
+ * NSSCKFWC_VerifyUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_VerifyUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen);
+
+/*
+ * NSSCKFWC_VerifyFinal
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_VerifyFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen);
+
+/*
+ * NSSCKFWC_VerifyRecoverInit
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_VerifyRecoverInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey);
+
+/*
+ * NSSCKFWC_VerifyRecover
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_VerifyRecover(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen);
+
+/*
+ * NSSCKFWC_DigestEncryptUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DigestEncryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen);
+
+/*
+ * NSSCKFWC_DecryptDigestUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DecryptDigestUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen);
+
+/*
+ * NSSCKFWC_SignEncryptUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SignEncryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen);
+
+/*
+ * NSSCKFWC_DecryptVerifyUpdate
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DecryptVerifyUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen);
+
+/*
+ * NSSCKFWC_GenerateKey
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GenerateKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phKey);
+
+/*
+ * NSSCKFWC_GenerateKeyPair
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GenerateKeyPair(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount,
+    CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount,
+    CK_OBJECT_HANDLE_PTR phPublicKey,
+    CK_OBJECT_HANDLE_PTR phPrivateKey);
+
+/*
+ * NSSCKFWC_WrapKey
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_WrapKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hWrappingKey,
+    CK_OBJECT_HANDLE hKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG_PTR pulWrappedKeyLen);
+
+/*
+ * NSSCKFWC_UnwrapKey
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_UnwrapKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hUnwrappingKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG ulWrappedKeyLen,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey);
+
+/*
+ * NSSCKFWC_DeriveKey
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_DeriveKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hBaseKey,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey);
+
+/*
+ * NSSCKFWC_SeedRandom
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_SeedRandom(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSeed,
+    CK_ULONG ulSeedLen);
+
+/*
+ * NSSCKFWC_GenerateRandom
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GenerateRandom(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pRandomData,
+    CK_ULONG ulRandomLen);
+
+/*
+ * NSSCKFWC_GetFunctionStatus
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_GetFunctionStatus(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+/*
+ * NSSCKFWC_CancelFunction
+ *
+ */
+NSS_EXTERN CK_RV
+NSSCKFWC_CancelFunction(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession);
+
+#endif /* NSSCKFWC_H */
diff --git a/nss/lib/ckfw/nssckfwt.h b/nss/lib/ckfw/nssckfwt.h
new file mode 100644
index 0000000..cd015d5
--- /dev/null
+++ b/nss/lib/ckfw/nssckfwt.h
@@ -0,0 +1,109 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSCKFWT_H
+#define NSSCKFWT_H
+
+/*
+ * nssckfwt.h
+ *
+ * This file declares the public types used by the NSS Cryptoki Framework.
+ */
+
+/*
+ * NSSCKFWInstance
+ *
+ */
+
+struct NSSCKFWInstanceStr;
+typedef struct NSSCKFWInstanceStr NSSCKFWInstance;
+
+/*
+ * NSSCKFWSlot
+ *
+ */
+
+struct NSSCKFWSlotStr;
+typedef struct NSSCKFWSlotStr NSSCKFWSlot;
+
+/*
+ * NSSCKFWToken
+ *
+ */
+
+struct NSSCKFWTokenStr;
+typedef struct NSSCKFWTokenStr NSSCKFWToken;
+
+/*
+ * NSSCKFWMechanism
+ *
+ */
+
+struct NSSCKFWMechanismStr;
+typedef struct NSSCKFWMechanismStr NSSCKFWMechanism;
+
+/*
+ * NSSCKFWCryptoOperation
+ *
+ */
+
+struct NSSCKFWCryptoOperationStr;
+typedef struct NSSCKFWCryptoOperationStr NSSCKFWCryptoOperation;
+
+/*
+ * NSSCKFWSession
+ *
+ */
+
+struct NSSCKFWSessionStr;
+typedef struct NSSCKFWSessionStr NSSCKFWSession;
+
+/*
+ * NSSCKFWObject
+ *
+ */
+
+struct NSSCKFWObjectStr;
+typedef struct NSSCKFWObjectStr NSSCKFWObject;
+
+/*
+ * NSSCKFWFindObjects
+ *
+ */
+
+struct NSSCKFWFindObjectsStr;
+typedef struct NSSCKFWFindObjectsStr NSSCKFWFindObjects;
+
+/*
+ * NSSCKFWMutex
+ *
+ */
+
+struct NSSCKFWMutexStr;
+typedef struct NSSCKFWMutexStr NSSCKFWMutex;
+
+typedef enum {
+    SingleThreaded,
+    MultiThreaded
+} CryptokiLockingState;
+
+/* used as an index into an array, make sure it starts at '0' */
+typedef enum {
+    NSSCKFWCryptoOperationState_EncryptDecrypt = 0,
+    NSSCKFWCryptoOperationState_SignVerify,
+    NSSCKFWCryptoOperationState_Digest,
+    NSSCKFWCryptoOperationState_Max
+} NSSCKFWCryptoOperationState;
+
+typedef enum {
+    NSSCKFWCryptoOperationType_Encrypt,
+    NSSCKFWCryptoOperationType_Decrypt,
+    NSSCKFWCryptoOperationType_Digest,
+    NSSCKFWCryptoOperationType_Sign,
+    NSSCKFWCryptoOperationType_Verify,
+    NSSCKFWCryptoOperationType_SignRecover,
+    NSSCKFWCryptoOperationType_VerifyRecover
+} NSSCKFWCryptoOperationType;
+
+#endif /* NSSCKFWT_H */
diff --git a/nss/lib/ckfw/nssckg.h b/nss/lib/ckfw/nssckg.h
new file mode 100644
index 0000000..bf0d43f
--- /dev/null
+++ b/nss/lib/ckfw/nssckg.h
@@ -0,0 +1,10 @@
+/* THIS IS A GENERATED FILE */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef NSSCKG_H
+#define NSSCKG_H
+
+#include "pkcs11.h"
+
+#endif /* NSSCKG_H */
diff --git a/nss/lib/ckfw/nssckmdt.h b/nss/lib/ckfw/nssckmdt.h
new file mode 100644
index 0000000..d98f9b0
--- /dev/null
+++ b/nss/lib/ckfw/nssckmdt.h
@@ -0,0 +1,1904 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSCKMDT_H
+#define NSSCKMDT_H
+
+/*
+ * nssckmdt.h
+ *
+ * This file specifies the basic types that must be implemented by
+ * any Module using the NSS Cryptoki Framework.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#ifndef NSSCKFWT_H
+#include "nssckfwt.h"
+#endif /* NSSCKFWT_H */
+
+typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
+typedef struct NSSCKMDSlotStr NSSCKMDSlot;
+typedef struct NSSCKMDTokenStr NSSCKMDToken;
+typedef struct NSSCKMDSessionStr NSSCKMDSession;
+typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation;
+typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
+typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
+typedef struct NSSCKMDObjectStr NSSCKMDObject;
+
+/*
+ * NSSCKFWItem
+ *
+ * This is a structure used by modules to return object attributes.
+ * The needsFreeing bit indicates whether the object needs to be freed.
+ * If so, the framework will call the FreeAttribute function on the item
+ * after it is done using it.
+ *
+ */
+
+typedef struct {
+    PRBool needsFreeing;
+    NSSItem *item;
+} NSSCKFWItem;
+
+/*
+ * NSSCKMDInstance
+ *
+ * This is the basic handle for an instance of a PKCS#11 Module.
+ * It is returned by the Module's CreateInstance routine, and
+ * may be obtained from the corresponding NSSCKFWInstance object.
+ * It contains a pointer for use by the Module, to store any
+ * instance-related data, and it contains the EPV for a set of
+ * routines which the Module may implement for use by the Framework.
+ * Some of these routines are optional; others are mandatory.
+ */
+
+struct NSSCKMDInstanceStr {
+    /*
+     * The Module may use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This routine is called by the Framework to initialize
+     * the Module.  This routine is optional; if unimplemented,
+     * it won't be called.  If this routine returns an error,
+     * then the initialization will fail.
+     */
+    CK_RV(PR_CALLBACK *Initialize)
+    (
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSUTF8 *configurationData);
+
+    /*
+     * This routine is called when the Framework is finalizing
+     * the PKCS#11 Module.  It is the last thing called before
+     * the NSSCKFWInstance's NSSArena is destroyed.  This routine
+     * is optional; if unimplemented, it merely won't be called.
+     */
+    void(PR_CALLBACK *Finalize)(
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+   * This routine gets the number of slots.  This value must
+   * never change, once the instance is initialized.  This
+   * routine must be implemented.  It may return zero on error.
+   */
+    CK_ULONG(PR_CALLBACK *GetNSlots)
+    (
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns the version of the Cryptoki standard
+     * to which this Module conforms.  This routine is optional;
+     * if unimplemented, the Framework uses the version to which
+     * ~it~ was implemented.
+     */
+    CK_VERSION(PR_CALLBACK *GetCryptokiVersion)
+    (
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing the manufacturer ID for this Module.  Only
+     * the characters completely encoded in the first thirty-
+     * two bytes are significant.  This routine is optional.
+     * The string returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing a description of this Module library.  Only
+     * the characters completely encoded in the first thirty-
+     * two bytes are significant.  This routine is optional.
+     * The string returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns the version of this Module library.
+     * This routine is optional; if unimplemented, the Framework
+     * will assume a Module library version of 0.1.
+     */
+    CK_VERSION(PR_CALLBACK *GetLibraryVersion)
+    (
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if the Module wishes to
+     * handle session objects.  This routine is optional.
+     * If this routine is NULL, or if it exists but returns
+     * CK_FALSE, the Framework will assume responsibility
+     * for managing session objects.
+     */
+    CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects)
+    (
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine stuffs pointers to NSSCKMDSlot objects into
+     * the specified array; one for each slot supported by this
+     * instance.  The Framework will determine the size needed
+     * for the array by calling GetNSlots.  This routine is
+     * required.
+     */
+    CK_RV(PR_CALLBACK *GetSlots)
+    (
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDSlot *slots[]);
+
+    /*
+     * This call returns a pointer to the slot in which an event
+     * has occurred.  If the block argument is CK_TRUE, the call
+     * should block until a slot event occurs; if CK_FALSE, it
+     * should check to see if an event has occurred, occurred,
+     * but return NULL (and set *pError to CK_NO_EVENT) if one
+     * hasn't.  This routine is optional; if unimplemented, the
+     * Framework will assume that no event has happened.  This
+     * routine may return NULL upon error.
+     */
+    NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_BBOOL block,
+        CK_RV *pError);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+/*
+ * NSSCKMDSlot
+ *
+ * This is the basic handle for a PKCS#11 Module Slot.  It is
+ * created by the NSSCKMDInstance->GetSlots call, and may be
+ * obtained from the Framework's corresponding NSSCKFWSlot
+ * object.  It contains a pointer for use by the Module, to
+ * store any slot-related data, and it contains the EPV for
+ * a set of routines which the Module may implement for use
+ * by the Framework.  Some of these routines are optional.
+ */
+
+struct NSSCKMDSlotStr {
+    /*
+     * The Module may use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This routine is called during the Framework initialization
+     * step, after the Framework Instance has obtained the list
+     * of slots (by calling NSSCKMDInstance->GetSlots).  Any slot-
+     * specific initialization can be done here.  This routine is
+     * optional; if unimplemented, it won't be called.  Note that
+     * if this routine returns an error, the entire Framework
+     * initialization for this Module will fail.
+     */
+    CK_RV(PR_CALLBACK *Initialize)
+    (
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine is called when the Framework is finalizing
+     * the PKCS#11 Module.  This call (for each of the slots)
+     * is the last thing called before NSSCKMDInstance->Finalize.
+     * This routine is optional; if unimplemented, it merely
+     * won't be called.  Note: In the rare circumstance that
+     * the Framework initialization cannot complete (due to,
+     * for example, memory limitations), this can be called with
+     * a NULL value for fwSlot.
+     */
+    void(PR_CALLBACK *Destroy)(
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing a description of this slot.  Only the characters
+     * completely encoded in the first sixty-four bytes are
+     * significant.  This routine is optional.  The string
+     * returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing a description of the manufacturer of this slot.
+     * Only the characters completely encoded in the first thirty-
+     * two bytes are significant.  This routine is optional.
+     * The string  returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns CK_TRUE if a token is present in this
+     * slot.  This routine is optional; if unimplemented, CK_TRUE
+     * is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetTokenPresent)
+    (
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if the slot supports removable
+     * tokens.  This routine is optional; if unimplemented, CK_FALSE
+     * is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetRemovableDevice)
+    (
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if this slot is a hardware
+     * device, or CK_FALSE if this slot is a software device.  This
+     * routine is optional; if unimplemented, CK_FALSE is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetHardwareSlot)
+    (
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the version of this slot's hardware.
+     * This routine is optional; if unimplemented, the Framework
+     * will assume a hardware version of 0.1.
+     */
+    CK_VERSION(PR_CALLBACK *GetHardwareVersion)
+    (
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the version of this slot's firmware.
+     * This routine is optional; if unimplemented, the Framework
+     * will assume a hardware version of 0.1.
+     */
+    CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
+    (
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine should return a pointer to an NSSCKMDToken
+     * object corresponding to the token in the specified slot.
+     * The NSSCKFWToken object passed in has an NSSArena
+     * available which is dedicated for this token.  This routine
+     * must be implemented.  This routine may return NULL upon
+     * error.
+     */
+    NSSCKMDToken *(PR_CALLBACK *GetToken)(
+        NSSCKMDSlot *mdSlot,
+        NSSCKFWSlot *fwSlot,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+/*
+ * NSSCKMDToken
+ *
+ * This is the basic handle for a PKCS#11 Token.  It is created by
+ * the NSSCKMDSlot->GetToken call, and may be obtained from the
+ * Framework's corresponding NSSCKFWToken object.  It contains a
+ * pointer for use by the Module, to store any token-related
+ * data, and it contains the EPV for a set of routines which the
+ * Module may implement for use by the Framework.  Some of these
+ * routines are optional.
+ */
+
+struct NSSCKMDTokenStr {
+    /*
+     * The Module may use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This routine is used to prepare a Module token object for
+     * use.  It is called after the NSSCKMDToken object is obtained
+     * from NSSCKMDSlot->GetToken.  It is named "Setup" here because
+     * Cryptoki already defines "InitToken" to do the process of
+     * wiping out any existing state on a token and preparing it for
+     * a new use.  This routine is optional; if unimplemented, it
+     * merely won't be called.
+     */
+    CK_RV(PR_CALLBACK *Setup)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine is called by the Framework whenever it notices
+     * that the token object is invalid.  (Typically this is when a
+     * routine indicates an error such as CKR_DEVICE_REMOVED).  This
+     * call is the last thing called before the NSSArena in the
+     * corresponding NSSCKFWToken is destroyed.  This routine is
+     * optional; if unimplemented, it merely won't be called.
+     */
+    void(PR_CALLBACK *Invalidate)(
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine initialises the token in the specified slot.
+     * This routine is optional; if unimplemented, the Framework
+     * will fail this operation with an error of CKR_DEVICE_ERROR.
+     */
+
+    CK_RV(PR_CALLBACK *InitToken)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *pin,
+        NSSUTF8 *label);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing this token's label.  Only the characters
+     * completely encoded in the first thirty-two bytes are
+     * significant.  This routine is optional.  The string
+     * returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetLabel)(
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing this token's manufacturer ID.  Only the characters
+     * completely encoded in the first thirty-two bytes are
+     * significant.  This routine is optional.  The string
+     * returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing this token's model name.  Only the characters
+     * completely encoded in the first thirty-two bytes are
+     * significant.  This routine is optional.  The string
+     * returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetModel)(
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns a pointer to a UTF8-encoded string
+     * containing this token's serial number.  Only the characters
+     * completely encoded in the first thirty-two bytes are
+     * significant.  This routine is optional.  The string
+     * returned is never freed; if dynamically generated,
+     * the space for it should be allocated from the NSSArena
+     * that may be obtained from the NSSCKFWInstance.  This
+     * routine may return NULL upon error; however if *pError
+     * is CKR_OK, the NULL will be considered the valid response.
+     */
+    NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns CK_TRUE if the token has its own
+     * random number generator.  This routine is optional; if
+     * unimplemented, CK_FALSE is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetHasRNG)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if this token is write-protected.
+     * This routine is optional; if unimplemented, CK_FALSE is
+     * assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetIsWriteProtected)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if this token requires a login.
+     * This routine is optional; if unimplemented, CK_FALSE is
+     * assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetLoginRequired)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if the normal user's PIN on this
+     * token has been initialised.  This routine is optional; if
+     * unimplemented, CK_FALSE is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetUserPinInitialized)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if a successful save of a
+     * session's cryptographic operations state ~always~ contains
+     * all keys needed to restore the state of the session.  This
+     * routine is optional; if unimplemented, CK_FALSE is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if the token has its own
+     * hardware clock.  This routine is optional; if unimplemented,
+     * CK_FALSE is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetHasClockOnToken)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if the token has a protected
+     * authentication path.  This routine is optional; if
+     * unimplemented, CK_FALSE is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns CK_TRUE if the token supports dual
+     * cryptographic operations within a single session.  This
+     * routine is optional; if unimplemented, CK_FALSE is assumed.
+     */
+    CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * XXX fgmr-- should we have a call to return all the flags
+     * at once, for folks who already know about Cryptoki?
+     */
+
+    /*
+     * This routine returns the maximum number of sessions that
+     * may be opened on this token.  This routine is optional;
+     * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
+     * is assumed.  XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
+     */
+    CK_ULONG(PR_CALLBACK *GetMaxSessionCount)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the maximum number of read/write
+     * sesisons that may be opened on this token.  This routine
+     * is optional; if unimplemented, the special value
+     * CK_UNAVAILABLE_INFORMATION is assumed.  XXX fgmr-- or
+     * CK_EFFECTIVELY_INFINITE?
+     */
+    CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the maximum PIN code length that is
+     * supported on this token.  This routine is optional;
+     * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
+     * is assumed.
+     */
+    CK_ULONG(PR_CALLBACK *GetMaxPinLen)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the minimum PIN code length that is
+     * supported on this token.  This routine is optional; if
+     * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
+     *  is assumed.  XXX fgmr-- or 0?
+     */
+    CK_ULONG(PR_CALLBACK *GetMinPinLen)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the total amount of memory on the token
+     * in which public objects may be stored.  This routine is
+     * optional; if unimplemented, the special value
+     * CK_UNAVAILABLE_INFORMATION is assumed.
+     */
+    CK_ULONG(PR_CALLBACK *GetTotalPublicMemory)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the amount of unused memory on the
+     * token in which public objects may be stored.  This routine
+     * is optional; if unimplemented, the special value
+     * CK_UNAVAILABLE_INFORMATION is assumed.
+     */
+    CK_ULONG(PR_CALLBACK *GetFreePublicMemory)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the total amount of memory on the token
+     * in which private objects may be stored.  This routine is
+     * optional; if unimplemented, the special value
+     * CK_UNAVAILABLE_INFORMATION is assumed.
+     */
+    CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the amount of unused memory on the
+     * token in which private objects may be stored.  This routine
+     * is optional; if unimplemented, the special value
+     * CK_UNAVAILABLE_INFORMATION is assumed.
+     */
+    CK_ULONG(PR_CALLBACK *GetFreePrivateMemory)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the version number of this token's
+     * hardware.  This routine is optional; if unimplemented,
+     * the value 0.1 is assumed.
+     */
+    CK_VERSION(PR_CALLBACK *GetHardwareVersion)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the version number of this token's
+     * firmware.  This routine is optional; if unimplemented,
+     * the value 0.1 is assumed.
+     */
+    CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine stuffs the current UTC time, as obtained from
+     * the token, into the sixteen-byte buffer in the form
+     * YYYYMMDDhhmmss00.  This routine need only be implemented
+     * by token which indicate that they have a real-time clock.
+     * XXX fgmr-- think about time formats.
+     */
+    CK_RV(PR_CALLBACK *GetUTCTime)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_CHAR utcTime[16]);
+
+    /*
+     * This routine creates a session on the token, and returns
+     * the corresponding NSSCKMDSession object.  The value of
+     * rw will be CK_TRUE if the session is to be a read/write
+     * session, or CK_FALSE otherwise.  An NSSArena dedicated to
+     * the new session is available from the specified NSSCKFWSession.
+     * This routine may return NULL upon error.
+     */
+    NSSCKMDSession *(PR_CALLBACK *OpenSession)(
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKFWSession *fwSession,
+        CK_BBOOL rw,
+        CK_RV *pError);
+
+    /*
+     * This routine returns the number of PKCS#11 Mechanisms
+     * supported by this token.  This routine is optional; if
+     * unimplemented, zero is assumed.
+     */
+    CK_ULONG(PR_CALLBACK *GetMechanismCount)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine stuffs into the specified array the types
+     * of the mechanisms supported by this token.  The Framework
+     * determines the size of the array by calling GetMechanismCount.
+     */
+    CK_RV(PR_CALLBACK *GetMechanismTypes)
+    (
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_MECHANISM_TYPE types[]);
+
+    /*
+     * This routine returns a pointer to a Module mechanism
+     * object corresponding to a specified type.  This routine
+     * need only exist for tokens implementing at least one
+     * mechanism.
+     */
+    NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_MECHANISM_TYPE which,
+        CK_RV *pError);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+/*
+ * NSSCKMDSession
+ *
+ * This is the basic handle for a session on a PKCS#11 Token.  It
+ * is created by NSSCKMDToken->OpenSession, and may be obtained
+ * from the Framework's corresponding NSSCKFWSession object.  It
+ * contains a pointer for use by the Module, to store any session-
+ * realted data, and it contains the EPV for a set of routines
+ * which the Module may implement for use by the Framework.  Some
+ * of these routines are optional.
+ */
+
+struct NSSCKMDSessionStr {
+    /*
+     * The Module may use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This routine is called by the Framework when a session is
+     * closed.  This call is the last thing called before the
+     * NSSArena in the correspoinding NSSCKFWSession is destroyed.
+     * This routine is optional; if unimplemented, it merely won't
+     * be called.
+     */
+    void(PR_CALLBACK *Close)(
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine is used to get any device-specific error.
+     * This routine is optional.
+     */
+    CK_ULONG(PR_CALLBACK *GetDeviceError)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine is used to log in a user to the token.  This
+     * routine is optional, since the Framework's NSSCKFWSession
+     * object keeps track of the login state.
+     */
+    CK_RV(PR_CALLBACK *Login)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_USER_TYPE userType,
+        NSSItem *pin,
+        CK_STATE oldState,
+        CK_STATE newState);
+
+    /*
+     * This routine is used to log out a user from the token.  This
+     * routine is optional, since the Framework's NSSCKFWSession
+     * object keeps track of the login state.
+     */
+    CK_RV(PR_CALLBACK *Logout)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_STATE oldState,
+        CK_STATE newState);
+
+    /*
+     * This routine is used to initialize the normal user's PIN or
+     * password.  This will only be called in the "read/write
+     * security officer functions" state.  If this token has a
+     * protected authentication path, then the pin argument will
+     * be NULL.  This routine is optional; if unimplemented, the
+     * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
+     */
+    CK_RV(PR_CALLBACK *InitPIN)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *pin);
+
+    /*
+     * This routine is used to modify a user's PIN or password.  This
+     * routine will only be called in the "read/write security officer
+     * functions" or "read/write user functions" state.  If this token
+     * has a protected authentication path, then the pin arguments
+     * will be NULL.  This routine is optional; if unimplemented, the
+     * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
+     */
+    CK_RV(PR_CALLBACK *SetPIN)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *oldPin,
+        NSSItem *newPin);
+
+    /*
+     * This routine is used to find out how much space would be required
+     * to save the current operational state.  This routine is optional;
+     * if unimplemented, the Framework will reject any attempts to save
+     * the operational state with the error CKR_STATE_UNSAVEABLE.  This
+     * routine may return zero on error.
+     */
+    CK_ULONG(PR_CALLBACK *GetOperationStateLen)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine is used to store the current operational state.  This
+     * routine is only required if GetOperationStateLen is implemented
+     * and can return a nonzero value.  The buffer in the specified item
+     * will be pre-allocated, and the length will specify the amount of
+     * space available (which may be more than GetOperationStateLen
+     * asked for, but which will not be smaller).
+     */
+    CK_RV(PR_CALLBACK *GetOperationState)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *buffer);
+
+    /*
+     * This routine is used to restore an operational state previously
+     * obtained with GetOperationState.  The Framework will take pains
+     * to be sure that the state is (or was at one point) valid; if the
+     * Module notices that the state is invalid, it should return an
+     * error, but it is not required to be paranoid about the issue.
+     * [XXX fgmr-- should (can?) the framework verify the keys match up?]
+     * This routine is required only if GetOperationState is implemented.
+     */
+    CK_RV(PR_CALLBACK *SetOperationState)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *state,
+        NSSCKMDObject *mdEncryptionKey,
+        NSSCKFWObject *fwEncryptionKey,
+        NSSCKMDObject *mdAuthenticationKey,
+        NSSCKFWObject *fwAuthenticationKey);
+
+    /*
+     * This routine is used to create an object.  The specified template
+     * will only specify a session object if the Module has indicated
+     * that it wishes to handle its own session objects.  This routine
+     * is optional; if unimplemented, the Framework will reject the
+     * operation with the error CKR_TOKEN_WRITE_PROTECTED.  Space for
+     * token objects should come from the NSSArena available from the
+     * NSSCKFWToken object; space for session objects (if supported)
+     * should come from the NSSArena available from the NSSCKFWSession
+     * object.  The appropriate NSSArena pointer will, as a convenience,
+     * be passed as the handyArenaPointer argument.  This routine may
+     * return NULL upon error.
+     */
+    NSSCKMDObject *(PR_CALLBACK *CreateObject)(
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSArena *handyArenaPointer,
+        CK_ATTRIBUTE_PTR pTemplate,
+        CK_ULONG ulAttributeCount,
+        CK_RV *pError);
+
+    /*
+     * This routine is used to make a copy of an object.  It is entirely
+     * optional; if unimplemented, the Framework will try to use
+     * CreateObject instead.  If the Module has indicated that it does
+     * not wish to handle session objects, then this routine will only
+     * be called to copy a token object to another token object.
+     * Otherwise, either the original object or the new may be of
+     * either the token or session variety.  As with CreateObject, the
+     * handyArenaPointer will point to the appropriate arena for the
+     * new object.  This routine may return NULL upon error.
+     */
+    NSSCKMDObject *(PR_CALLBACK *CopyObject)(
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdOldObject,
+        NSSCKFWObject *fwOldObject,
+        NSSArena *handyArenaPointer,
+        CK_ATTRIBUTE_PTR pTemplate,
+        CK_ULONG ulAttributeCount,
+        CK_RV *pError);
+
+    /*
+     * This routine is used to begin an object search.  This routine may
+     * be unimplemented only if the Module does not handle session
+     * objects, and if none of its tokens have token objects.  The
+     * NSSCKFWFindObjects pointer has an NSSArena that may be used for
+     * storage for the life of this "find" operation.  This routine may
+     * return NULL upon error.  If the Module can determine immediately
+     * that the search will not find any matching objects, it may return
+     * NULL, and specify CKR_OK as the error.
+     */
+    NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_ATTRIBUTE_PTR pTemplate,
+        CK_ULONG ulAttributeCount,
+        CK_RV *pError);
+
+    /*
+     * This routine seeds the random-number generator.  It is
+     * optional, even if GetRandom is implemented.  If unimplemented,
+     * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
+     */
+    CK_RV(PR_CALLBACK *SeedRandom)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *seed);
+
+    /*
+     * This routine gets random data.  It is optional.  If unimplemented,
+     * the Framework will issue the error CKR_RANDOM_NO_RNG.
+     */
+    CK_RV(PR_CALLBACK *GetRandom)
+    (
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *buffer);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+/*
+ * NSSCKMDFindObjects
+ *
+ * This is the basic handle for an object search.  It is
+ * created by NSSCKMDSession->FindObjectsInit, and may be
+ * obtained from the Framework's corresponding object.
+ * It contains a pointer for use by the Module, to store
+ * any search-related data, and it contains the EPV for a
+ * set of routines which the Module may implement for use
+ * by the Framework.  Some of these routines are optional.
+ */
+
+struct NSSCKMDFindObjectsStr {
+    /*
+     * The Module may use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This routine is called by the Framework to finish a
+     * search operation.  Note that the Framework may finish
+     * a search before it has completed.  This routine is
+     * optional; if unimplemented, it merely won't be called.
+     */
+    void(PR_CALLBACK *Final)(
+        NSSCKMDFindObjects *mdFindObjects,
+        NSSCKFWFindObjects *fwFindObjects,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine is used to obtain another pointer to an
+     * object matching the search criteria.  This routine is
+     * required.  If no (more) objects match the search, it
+     * should return NULL and set the error to CKR_OK.
+     */
+    NSSCKMDObject *(PR_CALLBACK *Next)(
+        NSSCKMDFindObjects *mdFindObjects,
+        NSSCKFWFindObjects *fwFindObjects,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSArena *arena,
+        CK_RV *pError);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+/*
+ * NSSCKMDCryptoOperaion
+ *
+ * This is the basic handle for an encryption, decryption,
+ * sign, verify, or hash opertion.
+ * created by NSSCKMDMechanism->XXXXInit, and may be
+ * obtained from the Framework's corresponding object.
+ * It contains a pointer for use by the Module, to store
+ * any intermediate data, and it contains the EPV for a
+ * set of routines which the Module may implement for use
+ * by the Framework.  Some of these routines are optional.
+ */
+
+struct NSSCKMDCryptoOperationStr {
+    /*
+     * The Module may use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This routine is called by the Framework clean up the mdCryptoOperation
+     * structure.
+     * This routine is optional; if unimplemented, it will be ignored.
+     */
+    void(PR_CALLBACK *Destroy)(
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * how many bytes do we need to finish this buffer?
+     * must be implemented if Final is implemented.
+     */
+    CK_ULONG(PR_CALLBACK *GetFinalLength)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * how many bytes do we need to complete the next operation.
+     * used in both Update and UpdateFinal.
+     */
+    CK_ULONG(PR_CALLBACK *GetOperationLength)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        const NSSItem *inputBuffer,
+        CK_RV *pError);
+
+    /*
+     * This routine is called by the Framework to finish a
+     * search operation.  Note that the Framework may finish
+     * a search before it has completed.  This routine is
+     * optional; if unimplemented, it merely won't be called.
+     * The respective final call with fail with CKR_FUNCTION_FAILED
+     * Final should not free the mdCryptoOperation.
+     */
+    CK_RV(PR_CALLBACK *Final)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSItem *outputBuffer);
+
+    /*
+     * This routine is called by the Framework to complete the
+     * next step in an encryption/decryption operation.
+     * This routine is optional; if unimplemented, the respective
+     * update call with fail with CKR_FUNCTION_FAILED.
+     * Update should not be implemented for signing/verification/digest
+     * mechanisms.
+     */
+    CK_RV(PR_CALLBACK *Update)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        const NSSItem *inputBuffer,
+        NSSItem *outputBuffer);
+
+    /*
+     * This routine is called by the Framework to complete the
+     * next step in a signing/verification/digest operation.
+     * This routine is optional; if unimplemented, the respective
+     * update call with fail with CKR_FUNCTION_FAILED
+     * Update should not be implemented for encryption/decryption
+     * mechanisms.
+     */
+    CK_RV(PR_CALLBACK *DigestUpdate)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        const NSSItem *inputBuffer);
+
+    /*
+     * This routine is called by the Framework to complete a
+     * single step operation. This routine is optional; if unimplemented,
+     * the framework will use the Update and Final functions to complete
+     * the operation.
+     */
+    CK_RV(PR_CALLBACK *UpdateFinal)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        const NSSItem *inputBuffer,
+        NSSItem *outputBuffer);
+
+    /*
+     * This routine is called by the Framework to complete next
+     * step in a combined operation. The Decrypt/Encrypt mechanism
+     * should define and drive the combo step.
+     * This routine is optional; if unimplemented,
+     * the framework will use the appropriate Update functions to complete
+     * the operation.
+     */
+    CK_RV(PR_CALLBACK *UpdateCombo)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDCryptoOperation *mdPeerCryptoOperation,
+        NSSCKFWCryptoOperation *fwPeerCryptoOperation,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        const NSSItem *inputBuffer,
+        NSSItem *outputBuffer);
+
+    /*
+     * Hash a key directly into the digest
+     */
+    CK_RV(PR_CALLBACK *DigestKey)
+    (
+        NSSCKMDCryptoOperation *mdCryptoOperation,
+        NSSCKFWCryptoOperation *fwCryptoOperation,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdKey,
+        NSSCKFWObject *fwKey);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+/*
+ * NSSCKMDMechanism
+ *
+ */
+
+struct NSSCKMDMechanismStr {
+    /*
+     * The Module may use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This also frees the fwMechanism if appropriate.
+     * If it is not supplied, the Framework will assume that the Token
+     * Manages a static list of mechanisms and the function will not be called.
+     */
+    void(PR_CALLBACK *Destroy)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the minimum key size allowed for
+     * this mechanism.  This routine is optional; if unimplemented,
+     * zero will be assumed.  This routine may return zero on
+     * error; if the error is CKR_OK, zero will be accepted as
+     * a valid response.
+     */
+    CK_ULONG(PR_CALLBACK *GetMinKeySize)
+    (
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine returns the maximum key size allowed for
+     * this mechanism.  This routine is optional; if unimplemented,
+     * zero will be assumed.  This routine may return zero on
+     * error; if the error is CKR_OK, zero will be accepted as
+     * a valid response.
+     */
+    CK_ULONG(PR_CALLBACK *GetMaxKeySize)
+    (
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine is called to determine if the mechanism is
+     * implemented in hardware or software.  It returns CK_TRUE
+     * if it is done in hardware.
+     */
+    CK_BBOOL(PR_CALLBACK *GetInHardware)
+    (
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * The crypto routines themselves.  Most crypto operations may
+     * be performed in two ways, streaming and single-part.  The
+     * streaming operations involve the use of (typically) three
+     * calls-- an Init method to set up the operation, an Update
+     * method to feed data to the operation, and a Final method to
+     * obtain the final result.  Single-part operations involve
+     * one method, to perform the crypto operation all at once.
+     *
+     * The NSS Cryptoki Framework can implement the single-part
+     * operations in terms of the streaming operations on behalf
+     * of the Module.  There are a few variances.
+     *
+     * Only the Init Functions are defined by the mechanism. Each
+     * init function will return a NSSCKFWCryptoOperation which
+     * can supply update, final, the single part updateFinal, and
+     * the combo updateCombo functions.
+     *
+     * For simplicity, the routines are listed in summary here:
+     *
+     *  EncryptInit,
+     *  DecryptInit,
+     *  DigestInit,
+     *  SignInit,
+     *  SignRecoverInit;
+     *  VerifyInit,
+     *  VerifyRecoverInit;
+     *
+     * The key-management routines are
+     *
+     *  GenerateKey
+     *  GenerateKeyPair
+     *  WrapKey
+     *  UnwrapKey
+     *  DeriveKey
+     *
+     * All of these routines based on the Cryptoki API;
+     * see PKCS#11 for further information.
+     */
+
+    /*
+     */
+    NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdKey,
+        NSSCKFWObject *fwKey,
+        CK_RV *pError);
+
+    /*
+     */
+    NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdKey,
+        NSSCKFWObject *fwKey,
+        CK_RV *pError);
+
+    /*
+     */
+    NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     */
+    NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdKey,
+        NSSCKFWObject *fwKey,
+        CK_RV *pError);
+
+    /*
+     */
+    NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdKey,
+        NSSCKFWObject *fwKey,
+        CK_RV *pError);
+
+    /*
+     */
+    NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdKey,
+        NSSCKFWObject *fwKey,
+        CK_RV *pError);
+
+    /*
+     */
+    NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdKey,
+        NSSCKFWObject *fwKey,
+        CK_RV *pError);
+
+    /*
+     * Key management operations.
+     */
+
+    /*
+     * This routine generates a key.  This routine may return NULL
+     * upon error.
+     */
+    NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_ATTRIBUTE_PTR pTemplate,
+        CK_ULONG ulAttributeCount,
+        CK_RV *pError);
+
+    /*
+     * This routine generates a key pair.
+     */
+    CK_RV(PR_CALLBACK *GenerateKeyPair)
+    (
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+        CK_ULONG ulPublicKeyAttributeCount,
+        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+        CK_ULONG ulPrivateKeyAttributeCount,
+        NSSCKMDObject **pPublicKey,
+        NSSCKMDObject **pPrivateKey);
+
+    /*
+     * This routine wraps a key.
+     */
+    CK_ULONG(PR_CALLBACK *GetWrapKeyLength)
+    (
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdWrappingKey,
+        NSSCKFWObject *fwWrappingKey,
+        NSSCKMDObject *mdWrappedKey,
+        NSSCKFWObject *fwWrappedKey,
+        CK_RV *pError);
+
+    /*
+     * This routine wraps a key.
+     */
+    CK_RV(PR_CALLBACK *WrapKey)
+    (
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdWrappingKey,
+        NSSCKFWObject *fwWrappingKey,
+        NSSCKMDObject *mdKeyObject,
+        NSSCKFWObject *fwKeyObject,
+        NSSItem *wrappedKey);
+
+    /*
+     * This routine unwraps a key.  This routine may return NULL
+     * upon error.
+     */
+    NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdWrappingKey,
+        NSSCKFWObject *fwWrappingKey,
+        NSSItem *wrappedKey,
+        CK_ATTRIBUTE_PTR pTemplate,
+        CK_ULONG ulAttributeCount,
+        CK_RV *pError);
+
+    /*
+     * This routine derives a key.  This routine may return NULL
+     * upon error.
+     */
+    NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
+        NSSCKMDMechanism *mdMechanism,
+        NSSCKFWMechanism *fwMechanism,
+        CK_MECHANISM_PTR pMechanism,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        NSSCKMDObject *mdBaseKey,
+        NSSCKFWObject *fwBaseKey,
+        CK_ATTRIBUTE_PTR pTemplate,
+        CK_ULONG ulAttributeCount,
+        CK_RV *pError);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+/*
+ * NSSCKMDObject
+ *
+ * This is the basic handle for any object used by a PKCS#11 Module.
+ * Modules must implement it if they support their own objects, and
+ * the Framework supports it for Modules that do not handle session
+ * objects.  This type contains a pointer for use by the implementor,
+ * to store any object-specific data, and it contains an EPV for a
+ * set of routines used to access the object.
+ */
+
+struct NSSCKMDObjectStr {
+    /*
+     * The implementation my use this pointer for its own purposes.
+     */
+    void *etc;
+
+    /*
+     * This routine is called by the Framework when it is letting
+     * go of an object handle.  It can be used by the Module to
+     * free any resources tied up by an object "in use."  It is
+     * optional.
+     */
+    void(PR_CALLBACK *Finalize)(
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine is used to completely destroy an object.
+     * It is optional.  The parameter fwObject might be NULL
+     * if the framework runs out of memory at the wrong moment.
+     */
+    CK_RV(PR_CALLBACK *Destroy)
+    (
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This helper routine is used by the Framework, and is especially
+     * useful when it is managing session objects on behalf of the
+     * Module.  This routine is optional; if unimplemented, the
+     * Framework will actually look up the CKA_TOKEN attribute.  In the
+     * event of an error, just make something up-- the Framework will
+     * find out soon enough anyway.
+     */
+    CK_BBOOL(PR_CALLBACK *IsTokenObject)
+    (
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance);
+
+    /*
+     * This routine returns the number of attributes of which this
+     * object consists.  It is mandatory.  It can return zero on
+     * error.
+     */
+    CK_ULONG(PR_CALLBACK *GetAttributeCount)
+    (
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This routine stuffs the attribute types into the provided array.
+     * The array size (as obtained from GetAttributeCount) is passed in
+     * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
+     * (either too big or too small).
+     */
+    CK_RV(PR_CALLBACK *GetAttributeTypes)
+    (
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_ATTRIBUTE_TYPE_PTR typeArray,
+        CK_ULONG ulCount);
+
+    /*
+     * This routine returns the size (in bytes) of the specified
+     * attribute.  It can return zero on error.
+     */
+    CK_ULONG(PR_CALLBACK *GetAttributeSize)
+    (
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_ATTRIBUTE_TYPE attribute,
+        CK_RV *pError);
+
+    /*
+     * This routine returns an NSSCKFWItem structure.
+     * The item pointer points to an NSSItem containing the attribute value.
+     * The needsFreeing bit tells the framework whether to call the
+     * FreeAttribute function . Upon error, an NSSCKFWItem structure
+     * with a NULL NSSItem item pointer will be returned
+     */
+    NSSCKFWItem(PR_CALLBACK *GetAttribute)(
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_ATTRIBUTE_TYPE attribute,
+        CK_RV *pError);
+
+    /*
+     * This routine returns CKR_OK if the attribute could be freed.
+     */
+    CK_RV(PR_CALLBACK *FreeAttribute)
+    (
+        NSSCKFWItem *item);
+
+    /*
+     * This routine changes the specified attribute.  If unimplemented,
+     * the object will be considered read-only.
+     */
+    CK_RV(PR_CALLBACK *SetAttribute)
+    (
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_ATTRIBUTE_TYPE attribute,
+        NSSItem *value);
+
+    /*
+     * This routine returns the storage requirements of this object,
+     * in bytes.  Cryptoki doesn't strictly define the definition,
+     * but it should relate to the values returned by the "Get Memory"
+     * routines of the NSSCKMDToken.  This routine is optional; if
+     * unimplemented, the Framework will consider this information
+     * sensitive.  This routine may return zero on error.  If the
+     * specified error is CKR_OK, zero will be accepted as a valid
+     * response.
+     */
+    CK_ULONG(PR_CALLBACK *GetObjectSize)
+    (
+        NSSCKMDObject *mdObject,
+        NSSCKFWObject *fwObject,
+        NSSCKMDSession *mdSession,
+        NSSCKFWSession *fwSession,
+        NSSCKMDToken *mdToken,
+        NSSCKFWToken *fwToken,
+        NSSCKMDInstance *mdInstance,
+        NSSCKFWInstance *fwInstance,
+        CK_RV *pError);
+
+    /*
+     * This object may be extended in future versions of the
+     * NSS Cryptoki Framework.  To allow for some flexibility
+     * in the area of binary compatibility, this field should
+     * be NULL.
+     */
+    void *null;
+};
+
+#endif /* NSSCKMDT_H */
diff --git a/nss/lib/ckfw/nssckt.h b/nss/lib/ckfw/nssckt.h
new file mode 100644
index 0000000..b50a88f
--- /dev/null
+++ b/nss/lib/ckfw/nssckt.h
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _NSSCKT_H_
+#define _NSSCKT_H_ 1
+
+#include "pkcs11t.h"
+
+typedef CK_ATTRIBUTE_TYPE CK_PTR CK_ATTRIBUTE_TYPE_PTR;
+#define CK_ENTRY
+
+#endif /* _NSSCKT_H_ */
diff --git a/nss/lib/ckfw/nssmkey/Makefile b/nss/lib/ckfw/nssmkey/Makefile
new file mode 100644
index 0000000..e630e84
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/Makefile
@@ -0,0 +1,72 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+
+EXTRA_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)nssckfw.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)secutil.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+	$(NULL)
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+ifdef NS_USE_GCC
+EXTRA_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+else 
+EXTRA_SHARED_LIBS += \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+        $(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+        $(NULL)
+endif # NS_USE_GCC
+else
+
+EXTRA_LIBS += \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	-framework Security \
+	-framework CoreServices \
+	$(NULL)
+endif
+
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+# Generate certdata.c.
+generate:
+	perl certdata.perl < certdata.txt
+
+# This'll need some help from a build person.
+
+
+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.1)
+DSO_LDOPTS              = -bM:SRE -bh:4 -bnoentry
+EXTRA_DSO_LDOPTS        = -lc
+MKSHLIB                 = xlC $(DSO_LDOPTS)
+
+$(SHARED_LIBRARY): $(OBJS)
+	@$(MAKE_OBJDIR)
+	rm -f $@
+	$(MKSHLIB) -o $@ $(OBJS) $(EXTRA_LIBS) $(EXTRA_DSO_LDOPTS)
+	chmod +x $@
+
+endif
+
+ifeq ($(OS_TARGET)$(OS_RELEASE), AIX4.2)
+LD      += -G
+endif 
+
+
diff --git a/nss/lib/ckfw/nssmkey/README b/nss/lib/ckfw/nssmkey/README
new file mode 100644
index 0000000..c060d9c
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/README
@@ -0,0 +1,21 @@
+This Cryptoki module provides acces to certs and keys stored in
+Macintosh key Ring.
+
+- It does not yet export PKCS #12 keys. To get this to work should be 
+  implemented using exporting the key object in PKCS #8 wrapped format.
+  PSM work needs to happen before this can be completed.
+- It does not import or export CA Root trust from the mac keychain.
+- It does not handle S/MIME objects (pkcs #7 in mac keychain terms?).
+- The AuthRoots don't show up on the default list.
+- Only RSA keys are supported currently.
+
+There are a number of things that have not been tested that other PKCS #11
+apps may need:
+- reading Modulus and Public Exponents from private keys and public keys.
+- storing public keys.
+- setting attributes other than CKA_ID and CKA_LABEL.
+
+Other TODOs:
+- Check for and plug memory leaks.
+- Need to map mac errors into something more intellegible than 
+  CKR_GENERAL_ERROR.
diff --git a/nss/lib/ckfw/nssmkey/ckmk.h b/nss/lib/ckfw/nssmkey/ckmk.h
new file mode 100644
index 0000000..4f3ab82
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/ckmk.h
@@ -0,0 +1,182 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKMK_H
+#define CKMK_H 1
+
+#include <Security/SecKeychainSearch.h>
+#include <Security/SecKeychainItem.h>
+#include <Security/SecKeychain.h>
+#include <Security/cssmtype.h>
+#include <Security/cssmapi.h>
+#include <Security/SecKey.h>
+#include <Security/SecCertificate.h>
+
+#define NTO
+
+#include "nssckmdt.h"
+#include "nssckfw.h"
+/*
+ * I'm including this for access to the arena functions.
+ * Looks like we should publish that API.
+ */
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+/*
+ * This is where the Netscape extensions live, at least for now.
+ */
+#ifndef CKT_H
+#include "ckt.h"
+#endif /* CKT_H */
+
+/*
+ * statically defined raw objects. Allows us to data description objects
+ * to this PKCS #11 module.
+ */
+struct ckmkRawObjectStr {
+    CK_ULONG n;
+    const CK_ATTRIBUTE_TYPE *types;
+    const NSSItem *items;
+};
+typedef struct ckmkRawObjectStr ckmkRawObject;
+
+/*
+ * Key/Cert Items
+ */
+struct ckmkItemObjectStr {
+    SecKeychainItemRef itemRef;
+    SecItemClass itemClass;
+    PRBool hasID;
+    NSSItem modify;
+    NSSItem private;
+    NSSItem encrypt;
+    NSSItem decrypt;
+    NSSItem derive;
+    NSSItem sign;
+    NSSItem signRecover;
+    NSSItem verify;
+    NSSItem verifyRecover;
+    NSSItem wrap;
+    NSSItem unwrap;
+    NSSItem label;
+    NSSItem subject;
+    NSSItem issuer;
+    NSSItem serial;
+    NSSItem derCert;
+    NSSItem id;
+    NSSItem modulus;
+    NSSItem exponent;
+    NSSItem privateExponent;
+    NSSItem prime1;
+    NSSItem prime2;
+    NSSItem exponent1;
+    NSSItem exponent2;
+    NSSItem coefficient;
+};
+typedef struct ckmkItemObjectStr ckmkItemObject;
+
+typedef enum {
+    ckmkRaw,
+    ckmkItem,
+} ckmkObjectType;
+
+/*
+ * all the various types of objects are abstracted away in cobject and
+ * cfind as ckmkInternalObjects.
+ */
+struct ckmkInternalObjectStr {
+    ckmkObjectType type;
+    union {
+        ckmkRawObject raw;
+        ckmkItemObject item;
+    } u;
+    CK_OBJECT_CLASS objClass;
+    NSSItem hashKey;
+    unsigned char hashKeyData[128];
+    NSSCKMDObject mdObject;
+};
+typedef struct ckmkInternalObjectStr ckmkInternalObject;
+
+/* our raw object data array */
+NSS_EXTERN_DATA ckmkInternalObject nss_ckmk_data[];
+NSS_EXTERN_DATA const PRUint32 nss_ckmk_nObjects;
+
+NSS_EXTERN_DATA const CK_VERSION nss_ckmk_CryptokiVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_ManufacturerID;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_LibraryDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckmk_LibraryVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_SlotDescription;
+NSS_EXTERN_DATA const CK_VERSION nss_ckmk_HardwareVersion;
+NSS_EXTERN_DATA const CK_VERSION nss_ckmk_FirmwareVersion;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenLabel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenModel;
+NSS_EXTERN_DATA const NSSUTF8 *nss_ckmk_TokenSerialNumber;
+
+NSS_EXTERN_DATA const NSSCKMDInstance nss_ckmk_mdInstance;
+NSS_EXTERN_DATA const NSSCKMDSlot nss_ckmk_mdSlot;
+NSS_EXTERN_DATA const NSSCKMDToken nss_ckmk_mdToken;
+NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckmk_mdMechanismRSA;
+
+NSS_EXTERN NSSCKMDSession *
+nss_ckmk_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDFindObjects *
+nss_ckmk_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+/*
+ * Object Utilities
+ */
+NSS_EXTERN NSSCKMDObject *
+nss_ckmk_CreateMDObject(
+    NSSArena *arena,
+    ckmkInternalObject *io,
+    CK_RV *pError);
+
+NSS_EXTERN NSSCKMDObject *
+nss_ckmk_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError);
+
+NSS_EXTERN const NSSItem *
+nss_ckmk_FetchAttribute(
+    ckmkInternalObject *io,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError);
+
+NSS_EXTERN void
+nss_ckmk_DestroyInternalObject(
+    ckmkInternalObject *io);
+
+unsigned char *
+nss_ckmk_DERUnwrap(
+    unsigned char *src,
+    int size,
+    int *outSize,
+    unsigned char **next);
+
+CK_ULONG
+nss_ckmk_GetULongAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError);
+
+#define NSS_CKMK_ARRAY_SIZE(x) ((sizeof(x)) / (sizeof((x)[0])))
+
+#ifdef DEBUG
+#define CKMK_MACERR(str, err) cssmPerror(str, err)
+#else
+#define CKMK_MACERR(str, err)
+#endif
+
+#endif
diff --git a/nss/lib/ckfw/nssmkey/ckmkver.c b/nss/lib/ckfw/nssmkey/ckmkver.c
new file mode 100644
index 0000000..2b99f1e
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/ckmkver.c
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* Library identity and versioning */
+
+#include "nssmkey.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING;
diff --git a/nss/lib/ckfw/nssmkey/config.mk b/nss/lib/ckfw/nssmkey/config.mk
new file mode 100644
index 0000000..7096910
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/config.mk
@@ -0,0 +1,24 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef BUILD_IDG
+DEFINES += -DNSSDEBUG
+endif
+
+ifdef NS_USE_CKFW_TRACE
+DEFINES += -DTRACE
+endif
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
+
diff --git a/nss/lib/ckfw/nssmkey/manchor.c b/nss/lib/ckfw/nssmkey/manchor.c
new file mode 100644
index 0000000..3b8bc2d
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/manchor.c
@@ -0,0 +1,17 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * nssmkey/manchor.c
+ *
+ * This file "anchors" the actual cryptoki entry points in this module's
+ * shared library, which is required for dynamic loading.  See the
+ * comments in nssck.api for more information.
+ */
+
+#include "ckmk.h"
+
+#define MODULE_NAME ckmk
+#define INSTANCE_NAME (NSSCKMDInstance *)&nss_ckmk_mdInstance
+#include "nssck.api"
diff --git a/nss/lib/ckfw/nssmkey/manifest.mn b/nss/lib/ckfw/nssmkey/manifest.mn
new file mode 100644
index 0000000..036d9bc
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/manifest.mn
@@ -0,0 +1,33 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../../..
+
+MODULE = nss
+MAPFILE = $(OBJDIR)/nssmkey.def
+
+EXPORTS =		\
+	nssmkey.h	\
+	$(NULL)
+
+CSRCS =			\
+	manchor.c	\
+	mconstants.c	\
+	mfind.c		\
+	minst.c 	\
+	mobject.c	\
+	mrsa.c		\
+	msession.c	\
+	mslot.c		\
+	mtoken.c	\
+	ckmkver.c	\
+	staticobj.c	\
+	$(NULL)
+
+REQUIRES = nspr
+
+LIBRARY_NAME = nssmkey
+
+#EXTRA_SHARED_LIBS = -L$(DIST)/lib -lnssckfw -lnssb -lplc4 -lplds4
diff --git a/nss/lib/ckfw/nssmkey/mconstants.c b/nss/lib/ckfw/nssmkey/mconstants.c
new file mode 100644
index 0000000..c26298a
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/mconstants.c
@@ -0,0 +1,61 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * nssmkey/constants.c
+ *
+ * Identification and other constants, all collected here in one place.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSCKT_H
+#include "nssckt.h"
+#endif /* NSSCKT_H */
+
+#include "nssmkey.h"
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckmk_CryptokiVersion = {
+        NSS_CKMK_CRYPTOKI_VERSION_MAJOR,
+        NSS_CKMK_CRYPTOKI_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckmk_ManufacturerID = (NSSUTF8 *)"Mozilla Foundation";
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckmk_LibraryDescription = (NSSUTF8 *)"NSS Access to Mac OS X Key Ring";
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckmk_LibraryVersion = {
+        NSS_CKMK_LIBRARY_VERSION_MAJOR,
+        NSS_CKMK_LIBRARY_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckmk_SlotDescription = (NSSUTF8 *)"Mac OS X Key Ring";
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckmk_HardwareVersion = {
+        NSS_CKMK_HARDWARE_VERSION_MAJOR,
+        NSS_CKMK_HARDWARE_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const CK_VERSION
+    nss_ckmk_FirmwareVersion = {
+        NSS_CKMK_FIRMWARE_VERSION_MAJOR,
+        NSS_CKMK_FIRMWARE_VERSION_MINOR
+    };
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckmk_TokenLabel = (NSSUTF8 *)"Mac OS X Key Ring";
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckmk_TokenModel = (NSSUTF8 *)"1";
+
+NSS_IMPLEMENT_DATA const NSSUTF8 *
+    nss_ckmk_TokenSerialNumber = (NSSUTF8 *)"1";
diff --git a/nss/lib/ckfw/nssmkey/mfind.c b/nss/lib/ckfw/nssmkey/mfind.c
new file mode 100644
index 0000000..d193a8d
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/mfind.c
@@ -0,0 +1,352 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKMK_H
+#include "ckmk.h"
+#endif /* CKMK_H */
+
+/*
+ * nssmkey/mfind.c
+ *
+ * This file implements the NSSCKMDFindObjects object for the
+ * "nssmkey" cryptoki module.
+ */
+
+struct ckmkFOStr {
+    NSSArena *arena;
+    CK_ULONG n;
+    CK_ULONG i;
+    ckmkInternalObject **objs;
+};
+
+static void
+ckmk_mdFindObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
+    NSSArena *arena = fo->arena;
+    PRUint32 i;
+
+    /* walk down an free the unused 'objs' */
+    for (i = fo->i; i < fo->n; i++) {
+        nss_ckmk_DestroyInternalObject(fo->objs[i]);
+    }
+
+    nss_ZFreeIf(fo->objs);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(mdFindObjects);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+
+    return;
+}
+
+static NSSCKMDObject *
+ckmk_mdFindObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    struct ckmkFOStr *fo = (struct ckmkFOStr *)mdFindObjects->etc;
+    ckmkInternalObject *io;
+
+    if (fo->i == fo->n) {
+        *pError = CKR_OK;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    io = fo->objs[fo->i];
+    fo->i++;
+
+    return nss_ckmk_CreateMDObject(arena, io, pError);
+}
+
+static CK_BBOOL
+ckmk_attrmatch(
+    CK_ATTRIBUTE_PTR a,
+    ckmkInternalObject *o)
+{
+    PRBool prb;
+    const NSSItem *b;
+    CK_RV error;
+
+    b = nss_ckmk_FetchAttribute(o, a->type, &error);
+    if (b == NULL) {
+        return CK_FALSE;
+    }
+
+    if (a->ulValueLen != b->size) {
+        /* match a decoded serial number */
+        if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
+            int len;
+            unsigned char *data;
+
+            data = nss_ckmk_DERUnwrap(b->data, b->size, &len, NULL);
+            if ((len == a->ulValueLen) &&
+                nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+                return CK_TRUE;
+            }
+        }
+        return CK_FALSE;
+    }
+
+    prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
+
+    if (PR_TRUE == prb) {
+        return CK_TRUE;
+    } else {
+        return CK_FALSE;
+    }
+}
+
+static CK_BBOOL
+ckmk_match(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckmkInternalObject *o)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (CK_FALSE == ckmk_attrmatch(&pTemplate[i], o)) {
+            return CK_FALSE;
+        }
+    }
+
+    /* Every attribute passed */
+    return CK_TRUE;
+}
+
+#define CKMK_ITEM_CHUNK 20
+
+#define PUT_OBJECT(obj, err, size, count, list)                             \
+    {                                                                       \
+        if (count >= size) {                                                \
+            (list) = (list) ? nss_ZREALLOCARRAY(list, ckmkInternalObject *, \
+                                                ((size) +                   \
+                                                 CKMK_ITEM_CHUNK))          \
+                            : nss_ZNEWARRAY(NULL, ckmkInternalObject *,     \
+                                            ((size) +                       \
+                                             CKMK_ITEM_CHUNK));             \
+            if ((ckmkInternalObject **)NULL == list) {                      \
+                err = CKR_HOST_MEMORY;                                      \
+                goto loser;                                                 \
+            }                                                               \
+            (size) += CKMK_ITEM_CHUNK;                                      \
+        }                                                                   \
+        (list)[count] = (obj);                                              \
+        count++;                                                            \
+    }
+
+/* find all the certs that represent the appropriate object (cert, priv key, or
+ *  pub key) in the cert store.
+ */
+static PRUint32
+collect_class(
+    CK_OBJECT_CLASS objClass,
+    SecItemClass itemClass,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckmkInternalObject ***listp,
+    PRUint32 *sizep,
+    PRUint32 count,
+    CK_RV *pError)
+{
+    ckmkInternalObject *next = NULL;
+    SecKeychainSearchRef searchRef = 0;
+    SecKeychainItemRef itemRef = 0;
+    OSStatus error;
+
+    /* future, build the attribute list based on the template
+     * so we can refine the search */
+    error = SecKeychainSearchCreateFromAttributes(
+        NULL, itemClass, NULL, &searchRef);
+
+    while (noErr == SecKeychainSearchCopyNext(searchRef, &itemRef)) {
+        /* if we don't have an internal object structure, get one */
+        if ((ckmkInternalObject *)NULL == next) {
+            next = nss_ZNEW(NULL, ckmkInternalObject);
+            if ((ckmkInternalObject *)NULL == next) {
+                *pError = CKR_HOST_MEMORY;
+                goto loser;
+            }
+        }
+        /* fill in the relevant object data */
+        next->type = ckmkItem;
+        next->objClass = objClass;
+        next->u.item.itemRef = itemRef;
+        next->u.item.itemClass = itemClass;
+
+        /* see if this is one of the objects we are looking for */
+        if (CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, next)) {
+            /* yes, put it on the list */
+            PUT_OBJECT(next, *pError, *sizep, count, *listp);
+            next = NULL; /* this one is on the list, need to allocate a new one now */
+        } else {
+            /* no , release the current item and clear out the structure for reuse */
+            CFRelease(itemRef);
+            /* don't cache the values we just loaded */
+            nsslibc_memset(next, 0, sizeof(*next));
+        }
+    }
+loser:
+    if (searchRef) {
+        CFRelease(searchRef);
+    }
+    nss_ZFreeIf(next);
+    return count;
+}
+
+static PRUint32
+collect_objects(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    ckmkInternalObject ***listp,
+    CK_RV *pError)
+{
+    PRUint32 i;
+    PRUint32 count = 0;
+    PRUint32 size = 0;
+    CK_OBJECT_CLASS objClass;
+
+    /*
+     * first handle the static build in objects (if any)
+     */
+    for (i = 0; i < nss_ckmk_nObjects; i++) {
+        ckmkInternalObject *o = (ckmkInternalObject *)&nss_ckmk_data[i];
+
+        if (CK_TRUE == ckmk_match(pTemplate, ulAttributeCount, o)) {
+            PUT_OBJECT(o, *pError, size, count, *listp);
+        }
+    }
+
+    /*
+     * now handle the various object types
+     */
+    objClass = nss_ckmk_GetULongAttribute(CKA_CLASS,
+                                          pTemplate, ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        objClass = CK_INVALID_HANDLE;
+    }
+    *pError = CKR_OK;
+    switch (objClass) {
+        case CKO_CERTIFICATE:
+            count = collect_class(objClass, kSecCertificateItemClass,
+                                  pTemplate, ulAttributeCount, listp,
+                                  &size, count, pError);
+            break;
+        case CKO_PUBLIC_KEY:
+            count = collect_class(objClass, CSSM_DL_DB_RECORD_PUBLIC_KEY,
+                                  pTemplate, ulAttributeCount, listp,
+                                  &size, count, pError);
+            break;
+        case CKO_PRIVATE_KEY:
+            count = collect_class(objClass, CSSM_DL_DB_RECORD_PRIVATE_KEY,
+                                  pTemplate, ulAttributeCount, listp,
+                                  &size, count, pError);
+            break;
+        /* all of them */
+        case CK_INVALID_HANDLE:
+            count = collect_class(CKO_CERTIFICATE, kSecCertificateItemClass,
+                                  pTemplate, ulAttributeCount, listp,
+                                  &size, count, pError);
+            count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PUBLIC_KEY,
+                                  pTemplate, ulAttributeCount, listp,
+                                  &size, count, pError);
+            count = collect_class(CKO_PUBLIC_KEY, CSSM_DL_DB_RECORD_PRIVATE_KEY,
+                                  pTemplate, ulAttributeCount, listp,
+                                  &size, count, pError);
+            break;
+        default:
+            break;
+    }
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    return count;
+loser:
+    nss_ZFreeIf(*listp);
+    return 0;
+}
+
+NSS_IMPLEMENT NSSCKMDFindObjects *
+nss_ckmk_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    /* This could be made more efficient.  I'm rather rushed. */
+    NSSArena *arena;
+    NSSCKMDFindObjects *rv = (NSSCKMDFindObjects *)NULL;
+    struct ckmkFOStr *fo = (struct ckmkFOStr *)NULL;
+    ckmkInternalObject **temp = (ckmkInternalObject **)NULL;
+
+    arena = NSSArena_Create();
+    if ((NSSArena *)NULL == arena) {
+        goto loser;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+    if ((NSSCKMDFindObjects *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fo = nss_ZNEW(arena, struct ckmkFOStr);
+    if ((struct ckmkFOStr *)NULL == fo) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fo->arena = arena;
+    /* fo->n and fo->i are already zero */
+
+    rv->etc = (void *)fo;
+    rv->Final = ckmk_mdFindObjects_Final;
+    rv->Next = ckmk_mdFindObjects_Next;
+    rv->null = (void *)NULL;
+
+    fo->n = collect_objects(pTemplate, ulAttributeCount, &temp, pError);
+    if (*pError != CKR_OK) {
+        goto loser;
+    }
+
+    fo->objs = nss_ZNEWARRAY(arena, ckmkInternalObject *, fo->n);
+    if ((ckmkInternalObject **)NULL == fo->objs) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    (void)nsslibc_memcpy(fo->objs, temp, sizeof(ckmkInternalObject *) * fo->n);
+    nss_ZFreeIf(temp);
+    temp = (ckmkInternalObject **)NULL;
+
+    return rv;
+
+loser:
+    nss_ZFreeIf(temp);
+    nss_ZFreeIf(fo);
+    nss_ZFreeIf(rv);
+    if ((NSSArena *)NULL != arena) {
+        NSSArena_Destroy(arena);
+    }
+    return (NSSCKMDFindObjects *)NULL;
+}
diff --git a/nss/lib/ckfw/nssmkey/minst.c b/nss/lib/ckfw/nssmkey/minst.c
new file mode 100644
index 0000000..fcb96c6
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/minst.c
@@ -0,0 +1,97 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckmk.h"
+
+/*
+ * nssmkey/minstance.c
+ *
+ * This file implements the NSSCKMDInstance object for the
+ * "nssmkey" cryptoki module.
+ */
+
+/*
+ * NSSCKMDInstance methods
+ */
+
+static CK_ULONG
+ckmk_mdInstance_GetNSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (CK_ULONG)1;
+}
+
+static CK_VERSION
+ckmk_mdInstance_GetCryptokiVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckmk_CryptokiVersion;
+}
+
+static NSSUTF8 *
+ckmk_mdInstance_GetManufacturerID(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_ManufacturerID;
+}
+
+static NSSUTF8 *
+ckmk_mdInstance_GetLibraryDescription(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_LibraryDescription;
+}
+
+static CK_VERSION
+ckmk_mdInstance_GetLibraryVersion(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckmk_LibraryVersion;
+}
+
+static CK_RV
+ckmk_mdInstance_GetSlots(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *slots[])
+{
+    slots[0] = (NSSCKMDSlot *)&nss_ckmk_mdSlot;
+    return CKR_OK;
+}
+
+static CK_BBOOL
+ckmk_mdInstance_ModuleHandlesSessionObjects(
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    /* we don't want to allow any session object creation, at least
+     * until we can investigate whether or not we can use those objects
+     */
+    return CK_TRUE;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDInstance
+    nss_ckmk_mdInstance = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Finalize */
+        ckmk_mdInstance_GetNSlots,
+        ckmk_mdInstance_GetCryptokiVersion,
+        ckmk_mdInstance_GetManufacturerID,
+        ckmk_mdInstance_GetLibraryDescription,
+        ckmk_mdInstance_GetLibraryVersion,
+        ckmk_mdInstance_ModuleHandlesSessionObjects,
+        /*NULL, /* HandleSessionObjects */
+        ckmk_mdInstance_GetSlots,
+        NULL,        /* WaitForSlotEvent */
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/nssmkey/mobject.c b/nss/lib/ckfw/nssmkey/mobject.c
new file mode 100644
index 0000000..b19a8fd
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/mobject.c
@@ -0,0 +1,1861 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckmk.h"
+#include "nssbase.h"
+
+#include "secdert.h" /* for DER_INTEGER */
+#include "string.h"
+
+/* asn1 encoder (to build pkcs#8 blobs) */
+#include <seccomon.h>
+#include <secitem.h>
+#include <blapit.h>
+#include <secoid.h>
+#include <secasn1.h>
+
+/* for importing the keys */
+#include <CoreFoundation/CoreFoundation.h>
+#include <security/SecImportExport.h>
+
+/*
+ * nssmkey/mobject.c
+ *
+ * This file implements the NSSCKMDObject object for the
+ * "nssmkey" cryptoki module.
+ */
+
+const CK_ATTRIBUTE_TYPE certAttrs[] = {
+    CKA_CLASS,
+    CKA_TOKEN,
+    CKA_PRIVATE,
+    CKA_MODIFIABLE,
+    CKA_LABEL,
+    CKA_CERTIFICATE_TYPE,
+    CKA_SUBJECT,
+    CKA_ISSUER,
+    CKA_SERIAL_NUMBER,
+    CKA_VALUE
+};
+const PRUint32 certAttrsCount = NSS_CKMK_ARRAY_SIZE(certAttrs);
+
+/* private keys, for now only support RSA */
+const CK_ATTRIBUTE_TYPE privKeyAttrs[] = {
+    CKA_CLASS,
+    CKA_TOKEN,
+    CKA_PRIVATE,
+    CKA_MODIFIABLE,
+    CKA_LABEL,
+    CKA_KEY_TYPE,
+    CKA_DERIVE,
+    CKA_LOCAL,
+    CKA_SUBJECT,
+    CKA_SENSITIVE,
+    CKA_DECRYPT,
+    CKA_SIGN,
+    CKA_SIGN_RECOVER,
+    CKA_UNWRAP,
+    CKA_EXTRACTABLE,
+    CKA_ALWAYS_SENSITIVE,
+    CKA_NEVER_EXTRACTABLE,
+    CKA_MODULUS,
+    CKA_PUBLIC_EXPONENT,
+};
+const PRUint32 privKeyAttrsCount = NSS_CKMK_ARRAY_SIZE(privKeyAttrs);
+
+/* public keys, for now only support RSA */
+const CK_ATTRIBUTE_TYPE pubKeyAttrs[] = {
+    CKA_CLASS,
+    CKA_TOKEN,
+    CKA_PRIVATE,
+    CKA_MODIFIABLE,
+    CKA_LABEL,
+    CKA_KEY_TYPE,
+    CKA_DERIVE,
+    CKA_LOCAL,
+    CKA_SUBJECT,
+    CKA_ENCRYPT,
+    CKA_VERIFY,
+    CKA_VERIFY_RECOVER,
+    CKA_WRAP,
+    CKA_MODULUS,
+    CKA_PUBLIC_EXPONENT,
+};
+const PRUint32 pubKeyAttrsCount = NSS_CKMK_ARRAY_SIZE(pubKeyAttrs);
+static const CK_BBOOL ck_true = CK_TRUE;
+static const CK_BBOOL ck_false = CK_FALSE;
+static const CK_CERTIFICATE_TYPE ckc_x509 = CKC_X_509;
+static const CK_KEY_TYPE ckk_rsa = CKK_RSA;
+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
+static const CK_OBJECT_CLASS cko_private_key = CKO_PRIVATE_KEY;
+static const CK_OBJECT_CLASS cko_public_key = CKO_PUBLIC_KEY;
+static const NSSItem ckmk_trueItem = {
+    (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckmk_falseItem = {
+    (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL)
+};
+static const NSSItem ckmk_x509Item = {
+    (void *)&ckc_x509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE)
+};
+static const NSSItem ckmk_rsaItem = {
+    (void *)&ckk_rsa, (PRUint32)sizeof(CK_KEY_TYPE)
+};
+static const NSSItem ckmk_certClassItem = {
+    (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckmk_privKeyClassItem = {
+    (void *)&cko_private_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckmk_pubKeyClassItem = {
+    (void *)&cko_public_key, (PRUint32)sizeof(CK_OBJECT_CLASS)
+};
+static const NSSItem ckmk_emptyItem = {
+    (void *)&ck_true, 0
+};
+
+/*
+ * these are utilities. The chould be moved to a new utilities file.
+ */
+#ifdef DEBUG
+static void
+itemdump(char *str, void *data, int size, CK_RV error)
+{
+    unsigned char *ptr = (unsigned char *)data;
+    int i;
+    fprintf(stderr, str);
+    for (i = 0; i < size; i++) {
+        fprintf(stderr, "%02x ", (unsigned int)ptr[i]);
+    }
+    fprintf(stderr, " (error = %d)\n", (int)error);
+}
+#endif
+
+/*
+ * unwrap a single DER value
+ * now that we have util linked in, we should probably use
+ * the ANS1_Decoder for this work...
+ */
+unsigned char *
+nss_ckmk_DERUnwrap(
+    unsigned char *src,
+    int size,
+    int *outSize,
+    unsigned char **next)
+{
+    unsigned char *start = src;
+    unsigned int len = 0;
+
+    /* initialize error condition return values */
+    *outSize = 0;
+    if (next) {
+        *next = src;
+    }
+
+    if (size < 2) {
+        return start;
+    }
+    src++; /* skip the tag -- should check it against an expected value! */
+    len = (unsigned)*src++;
+    if (len & 0x80) {
+        int count = len & 0x7f;
+        len = 0;
+
+        if (count + 2 > size) {
+            return start;
+        }
+        while (count-- > 0) {
+            len = (len << 8) | (unsigned)*src++;
+        }
+    }
+    if (len + (src - start) > (unsigned int)size) {
+        return start;
+    }
+    if (next) {
+        *next = src + len;
+    }
+    *outSize = len;
+
+    return src;
+}
+
+/*
+ * get an attribute from a template. Value is returned in NSS item.
+ * data for the item is owned by the template.
+ */
+CK_RV
+nss_ckmk_GetAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    NSSItem *item)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < templateSize; i++) {
+        if (template[i].type == type) {
+            item->data = template[i].pValue;
+            item->size = template[i].ulValueLen;
+            return CKR_OK;
+        }
+    }
+    return CKR_TEMPLATE_INCOMPLETE;
+}
+
+/*
+ * get an attribute which is type CK_ULONG.
+ */
+CK_ULONG
+nss_ckmk_GetULongAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
+{
+    NSSItem item;
+
+    *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+    if (item.size != sizeof(CK_ULONG)) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (CK_ULONG)0;
+    }
+    return *(CK_ULONG *)item.data;
+}
+
+/*
+ * get an attribute which is type CK_BBOOL.
+ */
+CK_BBOOL
+nss_ckmk_GetBoolAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_BBOOL defaultBool)
+{
+    NSSItem item;
+    CK_RV error;
+
+    error = nss_ckmk_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != error) {
+        return defaultBool;
+    }
+    if (item.size != sizeof(CK_BBOOL)) {
+        return defaultBool;
+    }
+    return *(CK_BBOOL *)item.data;
+}
+
+/*
+ * get an attribute as a NULL terminated string. Caller is responsible to
+ * free the string.
+ */
+char *
+nss_ckmk_GetStringAttribute(
+    CK_ATTRIBUTE_TYPE type,
+    CK_ATTRIBUTE *template,
+    CK_ULONG templateSize,
+    CK_RV *pError)
+{
+    NSSItem item;
+    char *str;
+
+    /* get the attribute */
+    *pError = nss_ckmk_GetAttribute(type, template, templateSize, &item);
+    if (CKR_OK != *pError) {
+        return (char *)NULL;
+    }
+    /* make sure it is null terminated */
+    str = nss_ZNEWARRAY(NULL, char, item.size + 1);
+    if ((char *)NULL == str) {
+        *pError = CKR_HOST_MEMORY;
+        return (char *)NULL;
+    }
+
+    nsslibc_memcpy(str, item.data, item.size);
+    str[item.size] = 0;
+
+    return str;
+}
+
+/*
+ * Apple doesn't seem to have a public interface to the DER encoder,
+ * wip out a quick one for integers only (anything more complicated,
+ * we should use one of the 3 in lib/util). -- especially since we
+ * now link with it.
+ */
+static CK_RV
+ckmk_encodeInt(NSSItem *dest, void *src, int srcLen)
+{
+    int dataLen = srcLen;
+    int lenLen = 1;
+    int encLen;
+    int isSigned = 0;
+    int offset = 0;
+    unsigned char *data = NULL;
+    int i;
+
+    if (*(unsigned char *)src & 0x80) {
+        dataLen++;
+        isSigned = 1;
+    }
+
+    /* calculate the length of the length specifier */
+    /* (NOTE: destroys dataLen value) */
+    if (dataLen > 0x7f) {
+        do {
+            lenLen++;
+            dataLen >>= 8;
+        } while (dataLen);
+    }
+
+    /* calculate our total length */
+    dataLen = isSigned + srcLen;
+    encLen = 1 + lenLen + dataLen;
+    data = nss_ZNEWARRAY(NULL, unsigned char, encLen);
+    if ((unsigned char *)NULL == data) {
+        return CKR_HOST_MEMORY;
+    }
+    data[0] = DER_INTEGER;
+    if (1 == lenLen) {
+        data[1] = dataLen;
+    } else {
+        data[1] = 0x80 + lenLen;
+        for (i = 0; i < lenLen; i++) {
+            data[i + 1] = ((dataLen >> ((lenLen -
+                                         i - 1) *
+                                        8)) &
+                           0xff);
+        }
+    }
+    offset = lenLen + 1;
+
+    if (isSigned) {
+        data[offset++] = 0;
+    }
+    nsslibc_memcpy(&data[offset], src, srcLen);
+    dest->data = data;
+    dest->size = encLen;
+    return CKR_OK;
+}
+
+/*
+ * Get a Keyring attribute. If content is set to true, then we get the
+ * content, not the attribute.
+ */
+static CK_RV
+ckmk_GetCommonAttribute(
+    ckmkInternalObject *io,
+    SecItemAttr itemAttr,
+    PRBool content,
+    NSSItem *item,
+    char *dbString)
+{
+    SecKeychainAttributeList *attrList = NULL;
+    SecKeychainAttributeInfo attrInfo;
+    PRUint32 len = 0;
+    PRUint32 dataLen = 0;
+    PRUint32 attrFormat = 0;
+    void *dataVal = 0;
+    void *out = NULL;
+    CK_RV error = CKR_OK;
+    OSStatus macErr;
+
+    attrInfo.count = 1;
+    attrInfo.tag = &itemAttr;
+    attrInfo.format = &attrFormat;
+
+    macErr = SecKeychainItemCopyAttributesAndData(io->u.item.itemRef,
+                                                  &attrInfo, NULL, &attrList, &len, &out);
+    if (noErr != macErr) {
+        CKMK_MACERR(dbString, macErr);
+        return CKR_ATTRIBUTE_TYPE_INVALID;
+    }
+    dataLen = content ? len : attrList->attr->length;
+    dataVal = content ? out : attrList->attr->data;
+
+    /* Apple's documentation says this value is DER Encoded, but it clearly isn't
+     * der encode it before we ship it back off to NSS
+     */
+    if (kSecSerialNumberItemAttr == itemAttr) {
+        error = ckmk_encodeInt(item, dataVal, dataLen);
+        goto loser; /* logically 'done' if error == CKR_OK */
+    }
+    item->data = nss_ZNEWARRAY(NULL, char, dataLen);
+    if (NULL == item->data) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    nsslibc_memcpy(item->data, dataVal, dataLen);
+    item->size = dataLen;
+
+loser:
+    SecKeychainItemFreeAttributesAndData(attrList, out);
+    return error;
+}
+
+/*
+ * change an attribute (does not operate on the content).
+ */
+static CK_RV
+ckmk_updateAttribute(
+    SecKeychainItemRef itemRef,
+    SecItemAttr itemAttr,
+    void *data,
+    PRUint32 len,
+    char *dbString)
+{
+    SecKeychainAttributeList attrList;
+    SecKeychainAttribute attrAttr;
+    OSStatus macErr;
+    CK_RV error = CKR_OK;
+
+    attrList.count = 1;
+    attrList.attr = &attrAttr;
+    attrAttr.tag = itemAttr;
+    attrAttr.data = data;
+    attrAttr.length = len;
+    macErr = SecKeychainItemModifyAttributesAndData(itemRef, &attrList, 0, NULL);
+    if (noErr != macErr) {
+        CKMK_MACERR(dbString, macErr);
+        error = CKR_ATTRIBUTE_TYPE_INVALID;
+    }
+    return error;
+}
+
+/*
+ * get an attribute (does not operate on the content)
+ */
+static CK_RV
+ckmk_GetDataAttribute(
+    ckmkInternalObject *io,
+    SecItemAttr itemAttr,
+    NSSItem *item,
+    char *dbString)
+{
+    return ckmk_GetCommonAttribute(io, itemAttr, PR_FALSE, item, dbString);
+}
+
+/*
+ * get an attribute we know is a BOOL.
+ */
+static CK_RV
+ckmk_GetBoolAttribute(
+    ckmkInternalObject *io,
+    SecItemAttr itemAttr,
+    NSSItem *item,
+    char *dbString)
+{
+    SecKeychainAttribute attr;
+    SecKeychainAttributeList attrList;
+    CK_BBOOL *boolp = NULL;
+    PRUint32 len = 0;
+    ;
+    void *out = NULL;
+    CK_RV error = CKR_OK;
+    OSStatus macErr;
+
+    attr.tag = itemAttr;
+    attr.length = 0;
+    attr.data = NULL;
+    attrList.count = 1;
+    attrList.attr = &attr;
+
+    boolp = nss_ZNEW(NULL, CK_BBOOL);
+    if ((CK_BBOOL *)NULL == boolp) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    macErr = SecKeychainItemCopyContent(io->u.item.itemRef, NULL,
+                                        &attrList, &len, &out);
+    if (noErr != macErr) {
+        CKMK_MACERR(dbString, macErr);
+        error = CKR_ATTRIBUTE_TYPE_INVALID;
+        goto loser;
+    }
+    if (sizeof(PRUint32) != attr.length) {
+        error = CKR_ATTRIBUTE_TYPE_INVALID;
+        goto loser;
+    }
+    *boolp = *(PRUint32 *)attr.data ? 1 : 0;
+    item->data = boolp;
+    boolp = NULL;
+    item->size = sizeof(CK_BBOOL);
+
+loser:
+    nss_ZFreeIf(boolp);
+    SecKeychainItemFreeContent(&attrList, out);
+    return error;
+}
+
+/*
+ * macros for fetching attributes into a cache and returning the
+ * appropriate value. These operate inside switch statements
+ */
+#define CKMK_HANDLE_ITEM(func, io, type, loc, item, error, str) \
+    if (0 == (item)->loc.size) {                                \
+        error = func(io, type, &(item)->loc, str);              \
+    }                                                           \
+    return (CKR_OK == (error)) ? &(item)->loc : NULL;
+
+#define CKMK_HANDLE_OPT_ITEM(func, io, type, loc, item, error, str) \
+    if (0 == (item)->loc.size) {                                    \
+        (void)func(io, type, &(item)->loc, str);                    \
+    }                                                               \
+    return &(item)->loc;
+
+#define CKMK_HANDLE_BOOL_ITEM(io, type, loc, item, error, str) \
+    CKMK_HANDLE_ITEM(ckmk_GetBoolAttribute, io, type, loc, item, error, str)
+#define CKMK_HANDLE_DATA_ITEM(io, type, loc, item, error, str) \
+    CKMK_HANDLE_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str)
+#define CKMK_HANDLE_OPT_DATA_ITEM(io, type, loc, item, error, str) \
+    CKMK_HANDLE_OPT_ITEM(ckmk_GetDataAttribute, io, type, loc, item, error, str)
+
+/*
+ * fetch the unique identifier for each object type.
+ */
+static void
+ckmk_FetchHashKey(
+    ckmkInternalObject *io)
+{
+    NSSItem *key = &io->hashKey;
+
+    if (io->objClass == CKO_CERTIFICATE) {
+        ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr,
+                                PR_TRUE, key, "Fetching HashKey (cert)");
+    } else {
+        ckmk_GetCommonAttribute(io, kSecKeyLabel,
+                                PR_FALSE, key, "Fetching HashKey (key)");
+    }
+}
+
+/*
+ * Apple mucks with the actual subject and issuer, so go fetch
+ * the real ones ourselves.
+ */
+static void
+ckmk_fetchCert(
+    ckmkInternalObject *io)
+{
+    CK_RV error;
+    unsigned char *cert, *next;
+    int certSize, thisEntrySize;
+
+    error = ckmk_GetCommonAttribute(io, kSecCertEncodingItemAttr, PR_TRUE,
+                                    &io->u.item.derCert, "Fetching Value (cert)");
+    if (CKR_OK != error) {
+        return;
+    }
+    /* unwrap the cert bundle */
+    cert = nss_ckmk_DERUnwrap((unsigned char *)io->u.item.derCert.data,
+                              io->u.item.derCert.size,
+                              &certSize, NULL);
+    /* unwrap the cert itself */
+    /* cert == certdata */
+    cert = nss_ckmk_DERUnwrap(cert, certSize, &certSize, NULL);
+
+    /* skip the optional version */
+    if ((cert[0] & 0xa0) == 0xa0) {
+        nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next);
+        certSize -= next - cert;
+        cert = next;
+    }
+    /* skip the serial number */
+    nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next);
+    certSize -= next - cert;
+    cert = next;
+
+    /* skip the OID */
+    nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next);
+    certSize -= next - cert;
+    cert = next;
+
+    /* save the (wrapped) issuer */
+    io->u.item.issuer.data = cert;
+    nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next);
+    io->u.item.issuer.size = next - cert;
+    certSize -= io->u.item.issuer.size;
+    cert = next;
+
+    /* skip the OID */
+    nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next);
+    certSize -= next - cert;
+    cert = next;
+
+    /* save the (wrapped) subject */
+    io->u.item.subject.data = cert;
+    nss_ckmk_DERUnwrap(cert, certSize, &thisEntrySize, &next);
+    io->u.item.subject.size = next - cert;
+    certSize -= io->u.item.subject.size;
+    cert = next;
+}
+
+static void
+ckmk_fetchModulus(
+    ckmkInternalObject *io)
+{
+    NSSItem item;
+    PRInt32 modLen;
+    CK_RV error;
+
+    /* we can't reliably get the modulus for private keys through CSSM (sigh).
+     * For NSS this is OK because we really only use this to get the modulus
+     * length (unless we are trying to get a public key from a private keys,
+     * something CSSM ALSO does not do!).
+     */
+    error = ckmk_GetDataAttribute(io, kSecKeyKeySizeInBits, &item,
+                                  "Key Fetch Modulus");
+    if (CKR_OK != error) {
+        return;
+    }
+
+    modLen = *(PRInt32 *)item.data;
+    modLen = modLen / 8; /* convert from bits to bytes */
+
+    nss_ZFreeIf(item.data);
+    io->u.item.modulus.data = nss_ZNEWARRAY(NULL, char, modLen);
+    if (NULL == io->u.item.modulus.data) {
+        return;
+    }
+    *(char *)io->u.item.modulus.data = 0x80; /* fake NSS out or it will
+                                              * drop the first byte */
+    io->u.item.modulus.size = modLen;
+    return;
+}
+
+const NSSItem *
+ckmk_FetchCertAttribute(
+    ckmkInternalObject *io,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError)
+{
+    ckmkItemObject *item = &io->u.item;
+    *pError = CKR_OK;
+    switch (type) {
+        case CKA_CLASS:
+            return &ckmk_certClassItem;
+        case CKA_TOKEN:
+        case CKA_MODIFIABLE:
+            return &ckmk_trueItem;
+        case CKA_PRIVATE:
+            return &ckmk_falseItem;
+        case CKA_CERTIFICATE_TYPE:
+            return &ckmk_x509Item;
+        case CKA_LABEL:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecLabelItemAttr, label, item, *pError,
+                                      "Cert:Label attr")
+        case CKA_SUBJECT:
+            /* OK, well apple does provide an subject and issuer attribute, but they
+             * decided to cannonicalize that value. Probably a good move for them,
+             * but makes it useless for most users of PKCS #11.. Get the real subject
+             * from the certificate */
+            if (0 == item->derCert.size) {
+                ckmk_fetchCert(io);
+            }
+            return &item->subject;
+        case CKA_ISSUER:
+            if (0 == item->derCert.size) {
+                ckmk_fetchCert(io);
+            }
+            return &item->issuer;
+        case CKA_SERIAL_NUMBER:
+            CKMK_HANDLE_DATA_ITEM(io, kSecSerialNumberItemAttr, serial, item, *pError,
+                                  "Cert:Serial Number attr")
+        case CKA_VALUE:
+            if (0 == item->derCert.size) {
+                ckmk_fetchCert(io);
+            }
+            return &item->derCert;
+        case CKA_ID:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecPublicKeyHashItemAttr, id, item, *pError,
+                                      "Cert:ID attr")
+        default:
+            *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+            break;
+    }
+    return NULL;
+}
+
+const NSSItem *
+ckmk_FetchPubKeyAttribute(
+    ckmkInternalObject *io,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError)
+{
+    ckmkItemObject *item = &io->u.item;
+    *pError = CKR_OK;
+
+    switch (type) {
+        case CKA_CLASS:
+            return &ckmk_pubKeyClassItem;
+        case CKA_TOKEN:
+        case CKA_LOCAL:
+            return &ckmk_trueItem;
+        case CKA_KEY_TYPE:
+            return &ckmk_rsaItem;
+        case CKA_LABEL:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError,
+                                      "PubKey:Label attr")
+        case CKA_ENCRYPT:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyEncrypt, encrypt, item, *pError,
+                                  "PubKey:Encrypt attr")
+        case CKA_VERIFY:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerify, verify, item, *pError,
+                                  "PubKey:Verify attr")
+        case CKA_VERIFY_RECOVER:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyVerifyRecover, verifyRecover,
+                                  item, *pError, "PubKey:VerifyRecover attr")
+        case CKA_PRIVATE:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError,
+                                  "PubKey:Private attr")
+        case CKA_MODIFIABLE:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError,
+                                  "PubKey:Modify attr")
+        case CKA_DERIVE:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError,
+                                  "PubKey:Derive attr")
+        case CKA_WRAP:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyWrap, wrap, item, *pError,
+                                  "PubKey:Wrap attr")
+        case CKA_SUBJECT:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError,
+                                      "PubKey:Subect attr")
+        case CKA_MODULUS:
+            return &ckmk_emptyItem;
+        case CKA_PUBLIC_EXPONENT:
+            return &ckmk_emptyItem;
+        case CKA_ID:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError,
+                                      "PubKey:ID attr")
+        default:
+            *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+            break;
+    }
+    return NULL;
+}
+
+const NSSItem *
+ckmk_FetchPrivKeyAttribute(
+    ckmkInternalObject *io,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError)
+{
+    ckmkItemObject *item = &io->u.item;
+    *pError = CKR_OK;
+
+    switch (type) {
+        case CKA_CLASS:
+            return &ckmk_privKeyClassItem;
+        case CKA_TOKEN:
+        case CKA_LOCAL:
+            return &ckmk_trueItem;
+        case CKA_SENSITIVE:
+        case CKA_EXTRACTABLE: /* will probably move in the future */
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_NEVER_EXTRACTABLE:
+            return &ckmk_falseItem;
+        case CKA_KEY_TYPE:
+            return &ckmk_rsaItem;
+        case CKA_LABEL:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyPrintName, label, item, *pError,
+                                      "PrivateKey:Label attr")
+        case CKA_DECRYPT:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDecrypt, decrypt, item, *pError,
+                                  "PrivateKey:Decrypt attr")
+        case CKA_SIGN:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeySign, sign, item, *pError,
+                                  "PrivateKey:Sign attr")
+        case CKA_SIGN_RECOVER:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeySignRecover, signRecover, item, *pError,
+                                  "PrivateKey:Sign Recover attr")
+        case CKA_PRIVATE:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyPrivate, private, item, *pError,
+                                  "PrivateKey:Private attr")
+        case CKA_MODIFIABLE:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyModifiable, modify, item, *pError,
+                                  "PrivateKey:Modify attr")
+        case CKA_DERIVE:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyDerive, derive, item, *pError,
+                                  "PrivateKey:Derive attr")
+        case CKA_UNWRAP:
+            CKMK_HANDLE_BOOL_ITEM(io, kSecKeyUnwrap, unwrap, item, *pError,
+                                  "PrivateKey:Unwrap attr")
+        case CKA_SUBJECT:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecSubjectItemAttr, subject, item, *pError,
+                                      "PrivateKey:Subject attr")
+        case CKA_MODULUS:
+            if (0 == item->modulus.size) {
+                ckmk_fetchModulus(io);
+            }
+            return &item->modulus;
+        case CKA_PUBLIC_EXPONENT:
+            return &ckmk_emptyItem;
+#ifdef notdef
+        /* the following are sensitive attributes. We could implement them for
+         * sensitive keys using the key export function, but it's better to
+         * just support wrap through this token. That will more reliably allow us
+         * to export any private key that is truly exportable.
+         */
+        case CKA_PRIVATE_EXPONENT:
+            CKMK_HANDLE_DATA_ITEM(io, kSecPrivateExponentItemAttr, privateExponent,
+                                  item, *pError)
+        case CKA_PRIME_1:
+            CKMK_HANDLE_DATA_ITEM(io, kSecPrime1ItemAttr, prime1, item, *pError)
+        case CKA_PRIME_2:
+            CKMK_HANDLE_DATA_ITEM(io, kSecPrime2ItemAttr, prime2, item, *pError)
+        case CKA_EXPONENT_1:
+            CKMK_HANDLE_DATA_ITEM(io, kSecExponent1ItemAttr, exponent1, item, *pError)
+        case CKA_EXPONENT_2:
+            CKMK_HANDLE_DATA_ITEM(io, kSecExponent2ItemAttr, exponent2, item, *pError)
+        case CKA_COEFFICIENT:
+            CKMK_HANDLE_DATA_ITEM(io, kSecCoefficientItemAttr, coefficient,
+                                  item, *pError)
+#endif
+        case CKA_ID:
+            CKMK_HANDLE_OPT_DATA_ITEM(io, kSecKeyLabel, id, item, *pError,
+                                      "PrivateKey:ID attr")
+        default:
+            *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+            return NULL;
+    }
+}
+
+const NSSItem *
+nss_ckmk_FetchAttribute(
+    ckmkInternalObject *io,
+    CK_ATTRIBUTE_TYPE type,
+    CK_RV *pError)
+{
+    CK_ULONG i;
+    const NSSItem *value = NULL;
+
+    if (io->type == ckmkRaw) {
+        for (i = 0; i < io->u.raw.n; i++) {
+            if (type == io->u.raw.types[i]) {
+                return &io->u.raw.items[i];
+            }
+        }
+        *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+        return NULL;
+    }
+    /* deal with the common attributes */
+    switch (io->objClass) {
+        case CKO_CERTIFICATE:
+            value = ckmk_FetchCertAttribute(io, type, pError);
+            break;
+        case CKO_PRIVATE_KEY:
+            value = ckmk_FetchPrivKeyAttribute(io, type, pError);
+            break;
+        case CKO_PUBLIC_KEY:
+            value = ckmk_FetchPubKeyAttribute(io, type, pError);
+            break;
+        default:
+            *pError = CKR_OBJECT_HANDLE_INVALID;
+            return NULL;
+    }
+
+#ifdef DEBUG
+    if (CKA_ID == type) {
+        itemdump("id: ", value->data, value->size, *pError);
+    }
+#endif
+    return value;
+}
+
+static void
+ckmk_removeObjectFromHash(
+    ckmkInternalObject *io);
+
+/*
+ *
+ * These are the MSObject functions we need to implement
+ *
+ * Finalize - unneeded (actually we should clean up the hashtables)
+ * Destroy
+ * IsTokenObject - CK_TRUE
+ * GetAttributeCount
+ * GetAttributeTypes
+ * GetAttributeSize
+ * GetAttribute
+ * SetAttribute
+ * GetObjectSize
+ */
+
+static CK_RV
+ckmk_mdObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc;
+    OSStatus macErr;
+
+    if (ckmkRaw == io->type) {
+        /* there is not 'object write protected' error, use the next best thing */
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    /* This API is done well. The following 4 lines are the complete apple
+     * specific part of this implementation */
+    macErr = SecKeychainItemDelete(io->u.item.itemRef);
+    if (noErr != macErr) {
+        CKMK_MACERR("Delete object", macErr);
+    }
+
+    /* remove it from the hash */
+    ckmk_removeObjectFromHash(io);
+
+    /* free the puppy.. */
+    nss_ckmk_DestroyInternalObject(io);
+
+    return CKR_OK;
+}
+
+static CK_BBOOL
+ckmk_mdObject_IsTokenObject(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_TRUE;
+}
+
+static CK_ULONG
+ckmk_mdObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc;
+
+    if (ckmkRaw == io->type) {
+        return io->u.raw.n;
+    }
+    switch (io->objClass) {
+        case CKO_CERTIFICATE:
+            return certAttrsCount;
+        case CKO_PUBLIC_KEY:
+            return pubKeyAttrsCount;
+        case CKO_PRIVATE_KEY:
+            return privKeyAttrsCount;
+        default:
+            break;
+    }
+    return 0;
+}
+
+static CK_RV
+ckmk_mdObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
+{
+    ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc;
+    CK_ULONG i;
+    CK_RV error = CKR_OK;
+    const CK_ATTRIBUTE_TYPE *attrs = NULL;
+    CK_ULONG size = ckmk_mdObject_GetAttributeCount(
+        mdObject, fwObject, mdSession, fwSession,
+        mdToken, fwToken, mdInstance, fwInstance, &error);
+
+    if (size != ulCount) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+    if (io->type == ckmkRaw) {
+        attrs = io->u.raw.types;
+    } else
+        switch (io->objClass) {
+            case CKO_CERTIFICATE:
+                attrs =
+                    certAttrs;
+                break;
+            case CKO_PUBLIC_KEY:
+                attrs =
+                    pubKeyAttrs;
+                break;
+            case CKO_PRIVATE_KEY:
+                attrs =
+                    privKeyAttrs;
+                break;
+            default:
+                return CKR_OK;
+        }
+
+    for (i = 0; i < size; i++) {
+        typeArray[i] = attrs[i];
+    }
+
+    return CKR_OK;
+}
+
+static CK_ULONG
+ckmk_mdObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc;
+
+    const NSSItem *b;
+
+    b = nss_ckmk_FetchAttribute(io, attribute, pError);
+
+    if ((const NSSItem *)NULL == b) {
+        return 0;
+    }
+    return b->size;
+}
+
+static CK_RV
+ckmk_mdObject_SetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value)
+{
+    ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc;
+    SecKeychainItemRef itemRef;
+
+    if (io->type == ckmkRaw) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+    itemRef = io->u.item.itemRef;
+
+    switch (io->objClass) {
+        case CKO_PRIVATE_KEY:
+        case CKO_PUBLIC_KEY:
+            switch (attribute) {
+                case CKA_ID:
+                    ckmk_updateAttribute(itemRef, kSecKeyLabel,
+                                         value->data, value->size, "Set Attr Key ID");
+#ifdef DEBUG
+                    itemdump("key id: ", value->data, value->size, CKR_OK);
+#endif
+                    break;
+                case CKA_LABEL:
+                    ckmk_updateAttribute(itemRef, kSecKeyPrintName, value->data,
+                                         value->size, "Set Attr Key Label");
+                    break;
+                default:
+                    break;
+            }
+            break;
+
+        case CKO_CERTIFICATE:
+            switch (attribute) {
+                case CKA_ID:
+                    ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr,
+                                         value->data, value->size, "Set Attr Cert ID");
+                    break;
+                case CKA_LABEL:
+                    ckmk_updateAttribute(itemRef, kSecLabelItemAttr, value->data,
+                                         value->size, "Set Attr Cert Label");
+                    break;
+                default:
+                    break;
+            }
+            break;
+
+        default:
+            break;
+    }
+    return CKR_OK;
+}
+
+static NSSCKFWItem
+ckmk_mdObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    NSSCKFWItem mdItem;
+    ckmkInternalObject *io = (ckmkInternalObject *)mdObject->etc;
+
+    mdItem.needsFreeing = PR_FALSE;
+    mdItem.item = (NSSItem *)nss_ckmk_FetchAttribute(io, attribute, pError);
+
+    return mdItem;
+}
+
+static CK_ULONG
+ckmk_mdObject_GetObjectSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    CK_ULONG rv = 1;
+
+    /* size is irrelevant to this token */
+    return rv;
+}
+
+static const NSSCKMDObject
+    ckmk_prototype_mdObject = {
+        (void *)NULL, /* etc */
+        NULL,         /* Finalize */
+        ckmk_mdObject_Destroy,
+        ckmk_mdObject_IsTokenObject,
+        ckmk_mdObject_GetAttributeCount,
+        ckmk_mdObject_GetAttributeTypes,
+        ckmk_mdObject_GetAttributeSize,
+        ckmk_mdObject_GetAttribute,
+        NULL, /* FreeAttribute */
+        ckmk_mdObject_SetAttribute,
+        ckmk_mdObject_GetObjectSize,
+        (void *)NULL /* null terminator */
+    };
+
+static nssHash *ckmkInternalObjectHash = NULL;
+
+NSS_IMPLEMENT NSSCKMDObject *
+nss_ckmk_CreateMDObject(
+    NSSArena *arena,
+    ckmkInternalObject *io,
+    CK_RV *pError)
+{
+    if ((nssHash *)NULL == ckmkInternalObjectHash) {
+        ckmkInternalObjectHash = nssHash_CreateItem(NULL, 10);
+    }
+    if (ckmkItem == io->type) {
+        /* the hash key, not a cryptographic key */
+        NSSItem *key = &io->hashKey;
+        ckmkInternalObject *old_o = NULL;
+
+        if (key->size == 0) {
+            ckmk_FetchHashKey(io);
+        }
+        old_o = (ckmkInternalObject *)
+            nssHash_Lookup(ckmkInternalObjectHash, key);
+        if (!old_o) {
+            nssHash_Add(ckmkInternalObjectHash, key, io);
+        } else if (old_o != io) {
+            nss_ckmk_DestroyInternalObject(io);
+            io = old_o;
+        }
+    }
+
+    if ((void *)NULL == io->mdObject.etc) {
+        (void)nsslibc_memcpy(&io->mdObject, &ckmk_prototype_mdObject,
+                             sizeof(ckmk_prototype_mdObject));
+        io->mdObject.etc = (void *)io;
+    }
+    return &io->mdObject;
+}
+
+static void
+ckmk_removeObjectFromHash(
+    ckmkInternalObject *io)
+{
+    NSSItem *key = &io->hashKey;
+
+    if ((nssHash *)NULL == ckmkInternalObjectHash) {
+        return;
+    }
+    if (key->size == 0) {
+        ckmk_FetchHashKey(io);
+    }
+    nssHash_Remove(ckmkInternalObjectHash, key);
+    return;
+}
+
+void
+nss_ckmk_DestroyInternalObject(
+    ckmkInternalObject *io)
+{
+    switch (io->type) {
+        case ckmkRaw:
+            return;
+        case ckmkItem:
+            nss_ZFreeIf(io->u.item.modify.data);
+            nss_ZFreeIf(io->u.item.private.data);
+            nss_ZFreeIf(io->u.item.encrypt.data);
+            nss_ZFreeIf(io->u.item.decrypt.data);
+            nss_ZFreeIf(io->u.item.derive.data);
+            nss_ZFreeIf(io->u.item.sign.data);
+            nss_ZFreeIf(io->u.item.signRecover.data);
+            nss_ZFreeIf(io->u.item.verify.data);
+            nss_ZFreeIf(io->u.item.verifyRecover.data);
+            nss_ZFreeIf(io->u.item.wrap.data);
+            nss_ZFreeIf(io->u.item.unwrap.data);
+            nss_ZFreeIf(io->u.item.label.data);
+            /*nss_ZFreeIf(io->u.item.subject.data); */
+            /*nss_ZFreeIf(io->u.item.issuer.data); */
+            nss_ZFreeIf(io->u.item.serial.data);
+            nss_ZFreeIf(io->u.item.modulus.data);
+            nss_ZFreeIf(io->u.item.exponent.data);
+            nss_ZFreeIf(io->u.item.privateExponent.data);
+            nss_ZFreeIf(io->u.item.prime1.data);
+            nss_ZFreeIf(io->u.item.prime2.data);
+            nss_ZFreeIf(io->u.item.exponent1.data);
+            nss_ZFreeIf(io->u.item.exponent2.data);
+            nss_ZFreeIf(io->u.item.coefficient.data);
+            break;
+    }
+    nss_ZFreeIf(io);
+    return;
+}
+
+static ckmkInternalObject *
+nss_ckmk_NewInternalObject(
+    CK_OBJECT_CLASS objClass,
+    SecKeychainItemRef itemRef,
+    SecItemClass itemClass,
+    CK_RV *pError)
+{
+    ckmkInternalObject *io = nss_ZNEW(NULL, ckmkInternalObject);
+
+    if ((ckmkInternalObject *)NULL == io) {
+        *pError = CKR_HOST_MEMORY;
+        return io;
+    }
+    io->type = ckmkItem;
+    io->objClass = objClass;
+    io->u.item.itemRef = itemRef;
+    io->u.item.itemClass = itemClass;
+    return io;
+}
+
+/*
+ * Apple doesn't alway have a default keyChain set by the OS, use the
+ * SearchList to try to find one.
+ */
+static CK_RV
+ckmk_GetSafeDefaultKeychain(
+    SecKeychainRef *keychainRef)
+{
+    OSStatus macErr;
+    CFArrayRef searchList = 0;
+    CK_RV error = CKR_OK;
+
+    macErr = SecKeychainCopyDefault(keychainRef);
+    if (noErr != macErr) {
+        int searchCount = 0;
+        if (errSecNoDefaultKeychain != macErr) {
+            CKMK_MACERR("Getting default key chain", macErr);
+            error = CKR_GENERAL_ERROR;
+            goto loser;
+        }
+        /* ok, we don't have a default key chain, find one */
+        macErr = SecKeychainCopySearchList(&searchList);
+        if (noErr != macErr) {
+            CKMK_MACERR("failed to find a keyring searchList", macErr);
+            error = CKR_DEVICE_REMOVED;
+            goto loser;
+        }
+        searchCount = CFArrayGetCount(searchList);
+        if (searchCount < 1) {
+            error = CKR_DEVICE_REMOVED;
+            goto loser;
+        }
+        *keychainRef =
+            (SecKeychainRef)CFRetain(CFArrayGetValueAtIndex(searchList, 0));
+        if (0 == *keychainRef) {
+            error = CKR_DEVICE_REMOVED;
+            goto loser;
+        }
+        /* should we set it as default? */
+    }
+loser:
+    if (0 != searchList) {
+        CFRelease(searchList);
+    }
+    return error;
+}
+static ckmkInternalObject *
+nss_ckmk_CreateCertificate(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSItem value;
+    ckmkInternalObject *io = NULL;
+    OSStatus macErr;
+    SecCertificateRef certRef;
+    SecKeychainItemRef itemRef;
+    SecKeychainRef keychainRef;
+    CSSM_DATA certData;
+
+    *pError = nss_ckmk_GetAttribute(CKA_VALUE, pTemplate,
+                                    ulAttributeCount, &value);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    certData.Data = value.data;
+    certData.Length = value.size;
+    macErr = SecCertificateCreateFromData(&certData, CSSM_CERT_X_509v3,
+                                          CSSM_CERT_ENCODING_BER, &certRef);
+    if (noErr != macErr) {
+        CKMK_MACERR("Create cert from data Failed", macErr);
+        *pError = CKR_GENERAL_ERROR; /* need to map macErr */
+        goto loser;
+    }
+
+    *pError = ckmk_GetSafeDefaultKeychain(&keychainRef);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    macErr = SecCertificateAddToKeychain(certRef, keychainRef);
+    itemRef = (SecKeychainItemRef)certRef;
+    if (errSecDuplicateItem != macErr) {
+        NSSItem keyID = { NULL, 0 };
+        char *nickname = NULL;
+        CK_RV dummy;
+
+        if (noErr != macErr) {
+            CKMK_MACERR("Add cert to keychain Failed", macErr);
+            *pError = CKR_GENERAL_ERROR; /* need to map macErr */
+            goto loser;
+        }
+        /* these two are optional */
+        nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate,
+                                               ulAttributeCount, &dummy);
+        /* we've added a new one, update the attributes in the key ring */
+        if (nickname) {
+            ckmk_updateAttribute(itemRef, kSecLabelItemAttr, nickname,
+                                 strlen(nickname) + 1, "Modify Cert Label");
+            nss_ZFreeIf(nickname);
+        }
+        dummy = nss_ckmk_GetAttribute(CKA_ID, pTemplate,
+                                      ulAttributeCount, &keyID);
+        if (CKR_OK == dummy) {
+            dummy = ckmk_updateAttribute(itemRef, kSecPublicKeyHashItemAttr,
+                                         keyID.data, keyID.size, "Modify Cert ID");
+        }
+    }
+
+    io = nss_ckmk_NewInternalObject(CKO_CERTIFICATE, itemRef,
+                                    kSecCertificateItemClass, pError);
+    if ((ckmkInternalObject *)NULL != io) {
+        itemRef = 0;
+    }
+
+loser:
+    if (0 != itemRef) {
+        CFRelease(itemRef);
+    }
+    if (0 != keychainRef) {
+        CFRelease(keychainRef);
+    }
+
+    return io;
+}
+
+/*
+ * PKCS #8 attributes
+ */
+struct ckmk_AttributeStr {
+    SECItem attrType;
+    SECItem *attrValue;
+};
+typedef struct ckmk_AttributeStr ckmk_Attribute;
+
+/*
+ ** A PKCS#8 private key info object
+ */
+struct PrivateKeyInfoStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECAlgorithmID algorithm;
+    SECItem privateKey;
+    ckmk_Attribute **attributes;
+};
+typedef struct PrivateKeyInfoStr PrivateKeyInfo;
+
+const SEC_ASN1Template ckmk_RSAPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, version) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, modulus) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, publicExponent) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, privateExponent) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime1) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime2) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent1) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent2) },
+    { SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, coefficient) },
+    { 0 }
+};
+
+const SEC_ASN1Template ckmk_AttributeTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(ckmk_Attribute) },
+    { SEC_ASN1_OBJECT_ID, offsetof(ckmk_Attribute, attrType) },
+    { SEC_ASN1_SET_OF, offsetof(ckmk_Attribute, attrValue),
+      SEC_AnyTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template ckmk_SetOfAttributeTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, ckmk_AttributeTemplate },
+};
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+/* ASN1 Templates for new decoder/encoder */
+const SEC_ASN1Template ckmk_PrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PrivateKeyInfo) },
+    { SEC_ASN1_INTEGER, offsetof(PrivateKeyInfo, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(PrivateKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING, offsetof(PrivateKeyInfo, privateKey) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(PrivateKeyInfo, attributes), ckmk_SetOfAttributeTemplate },
+    { 0 }
+};
+
+#define CKMK_PRIVATE_KEY_INFO_VERSION 0
+static CK_RV
+ckmk_CreateRSAKeyBlob(
+    RSAPrivateKey *lk,
+    NSSItem *keyBlob)
+{
+    PrivateKeyInfo *pki = NULL;
+    PLArenaPool *arena = NULL;
+    SECOidTag algorithm = SEC_OID_UNKNOWN;
+    void *dummy;
+    SECStatus rv;
+    SECItem *encodedKey = NULL;
+    CK_RV error = CKR_OK;
+
+    arena = PORT_NewArena(2048); /* XXX different size? */
+    if (!arena) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    pki = (PrivateKeyInfo *)PORT_ArenaZAlloc(arena, sizeof(PrivateKeyInfo));
+    if (!pki) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    pki->arena = arena;
+
+    dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
+                               ckmk_RSAPrivateKeyTemplate);
+    algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
+
+    if (!dummy) {
+        error = CKR_DEVICE_ERROR; /* should map NSS SECError */
+        goto loser;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm,
+                               (SECItem *)NULL);
+    if (rv != SECSuccess) {
+        error = CKR_DEVICE_ERROR; /* should map NSS SECError */
+        goto loser;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(arena, &pki->version,
+                                  CKMK_PRIVATE_KEY_INFO_VERSION);
+    if (!dummy) {
+        error = CKR_DEVICE_ERROR; /* should map NSS SECError */
+        goto loser;
+    }
+
+    encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki,
+                                    ckmk_PrivateKeyInfoTemplate);
+    if (!encodedKey) {
+        error = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    keyBlob->data = nss_ZNEWARRAY(NULL, char, encodedKey->len);
+    if (NULL == keyBlob->data) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    nsslibc_memcpy(keyBlob->data, encodedKey->data, encodedKey->len);
+    keyBlob->size = encodedKey->len;
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    if (encodedKey) {
+        SECITEM_FreeItem(encodedKey, PR_TRUE);
+    }
+
+    return error;
+}
+/*
+ * There MUST be a better way to do this. For now, find the key based on the
+ * default name Apple gives it once we import.
+ */
+#define IMPORTED_NAME "Imported Private Key"
+static CK_RV
+ckmk_FindImportedKey(
+    SecKeychainRef keychainRef,
+    SecItemClass itemClass,
+    SecKeychainItemRef *outItemRef)
+{
+    OSStatus macErr;
+    SecKeychainSearchRef searchRef = 0;
+    SecKeychainItemRef newItemRef;
+
+    macErr = SecKeychainSearchCreateFromAttributes(keychainRef, itemClass,
+                                                   NULL, &searchRef);
+    if (noErr != macErr) {
+        CKMK_MACERR("Can't search for Key", macErr);
+        return CKR_GENERAL_ERROR;
+    }
+    while (noErr == SecKeychainSearchCopyNext(searchRef, &newItemRef)) {
+        SecKeychainAttributeList *attrList = NULL;
+        SecKeychainAttributeInfo attrInfo;
+        SecItemAttr itemAttr = kSecKeyPrintName;
+        PRUint32 attrFormat = 0;
+        OSStatus macErr;
+
+        attrInfo.count = 1;
+        attrInfo.tag = &itemAttr;
+        attrInfo.format = &attrFormat;
+
+        macErr = SecKeychainItemCopyAttributesAndData(newItemRef,
+                                                      &attrInfo, NULL, &attrList, NULL, NULL);
+        if (noErr == macErr) {
+            if (nsslibc_memcmp(attrList->attr->data, IMPORTED_NAME,
+                               attrList->attr->length, NULL) == 0) {
+                *outItemRef = newItemRef;
+                CFRelease(searchRef);
+                SecKeychainItemFreeAttributesAndData(attrList, NULL);
+                return CKR_OK;
+            }
+            SecKeychainItemFreeAttributesAndData(attrList, NULL);
+        }
+        CFRelease(newItemRef);
+    }
+    CFRelease(searchRef);
+    return CKR_GENERAL_ERROR; /* we can come up with something better! */
+}
+
+static ckmkInternalObject *
+nss_ckmk_CreatePrivateKey(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSItem attribute;
+    RSAPrivateKey lk;
+    NSSItem keyID;
+    char *nickname = NULL;
+    ckmkInternalObject *io = NULL;
+    CK_KEY_TYPE keyType;
+    OSStatus macErr;
+    SecKeychainItemRef itemRef = 0;
+    NSSItem keyBlob = { NULL, 0 };
+    CFDataRef dataRef = 0;
+    SecExternalFormat inputFormat = kSecFormatBSAFE;
+    /*SecExternalFormat inputFormat = kSecFormatOpenSSL;  */
+    SecExternalItemType itemType = kSecItemTypePrivateKey;
+    SecKeyImportExportParameters keyParams;
+    SecKeychainRef targetKeychain = 0;
+    unsigned char zero = 0;
+    CK_RV error;
+
+    keyParams.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
+    keyParams.flags = 0;
+    keyParams.passphrase = 0;
+    keyParams.alertTitle = 0;
+    keyParams.alertPrompt = 0;
+    keyParams.accessRef = 0;                          /* default */
+    keyParams.keyUsage = 0;                           /* will get filled in */
+    keyParams.keyAttributes = CSSM_KEYATTR_PERMANENT; /* will get filled in */
+    keyType = nss_ckmk_GetULongAttribute(CKA_KEY_TYPE, pTemplate, ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    if (CKK_RSA != keyType) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (ckmkInternalObject *)NULL;
+    }
+    if (nss_ckmk_GetBoolAttribute(CKA_DECRYPT,
+                                  pTemplate, ulAttributeCount, CK_TRUE)) {
+        keyParams.keyUsage |= CSSM_KEYUSE_DECRYPT;
+    }
+    if (nss_ckmk_GetBoolAttribute(CKA_UNWRAP,
+                                  pTemplate, ulAttributeCount, CK_TRUE)) {
+        keyParams.keyUsage |= CSSM_KEYUSE_UNWRAP;
+    }
+    if (nss_ckmk_GetBoolAttribute(CKA_SIGN,
+                                  pTemplate, ulAttributeCount, CK_TRUE)) {
+        keyParams.keyUsage |= CSSM_KEYUSE_SIGN;
+    }
+    if (nss_ckmk_GetBoolAttribute(CKA_DERIVE,
+                                  pTemplate, ulAttributeCount, CK_FALSE)) {
+        keyParams.keyUsage |= CSSM_KEYUSE_DERIVE;
+    }
+    if (nss_ckmk_GetBoolAttribute(CKA_SENSITIVE,
+                                  pTemplate, ulAttributeCount, CK_TRUE)) {
+        keyParams.keyAttributes |= CSSM_KEYATTR_SENSITIVE;
+    }
+    if (nss_ckmk_GetBoolAttribute(CKA_EXTRACTABLE,
+                                  pTemplate, ulAttributeCount, CK_TRUE)) {
+        keyParams.keyAttributes |= CSSM_KEYATTR_EXTRACTABLE;
+    }
+
+    lk.version.type = siUnsignedInteger;
+    lk.version.data = &zero;
+    lk.version.len = 1;
+
+    *pError = nss_ckmk_GetAttribute(CKA_MODULUS, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.modulus.type = siUnsignedInteger;
+    lk.modulus.data = attribute.data;
+    lk.modulus.len = attribute.size;
+
+    *pError = nss_ckmk_GetAttribute(CKA_PUBLIC_EXPONENT, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.publicExponent.type = siUnsignedInteger;
+    lk.publicExponent.data = attribute.data;
+    lk.publicExponent.len = attribute.size;
+
+    *pError = nss_ckmk_GetAttribute(CKA_PRIVATE_EXPONENT, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.privateExponent.type = siUnsignedInteger;
+    lk.privateExponent.data = attribute.data;
+    lk.privateExponent.len = attribute.size;
+
+    *pError = nss_ckmk_GetAttribute(CKA_PRIME_1, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.prime1.type = siUnsignedInteger;
+    lk.prime1.data = attribute.data;
+    lk.prime1.len = attribute.size;
+
+    *pError = nss_ckmk_GetAttribute(CKA_PRIME_2, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.prime2.type = siUnsignedInteger;
+    lk.prime2.data = attribute.data;
+    lk.prime2.len = attribute.size;
+
+    *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_1, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.exponent1.type = siUnsignedInteger;
+    lk.exponent1.data = attribute.data;
+    lk.exponent1.len = attribute.size;
+
+    *pError = nss_ckmk_GetAttribute(CKA_EXPONENT_2, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.exponent2.type = siUnsignedInteger;
+    lk.exponent2.data = attribute.data;
+    lk.exponent2.len = attribute.size;
+
+    *pError = nss_ckmk_GetAttribute(CKA_COEFFICIENT, pTemplate,
+                                    ulAttributeCount, &attribute);
+    if (CKR_OK != *pError) {
+        return (ckmkInternalObject *)NULL;
+    }
+    lk.coefficient.type = siUnsignedInteger;
+    lk.coefficient.data = attribute.data;
+    lk.coefficient.len = attribute.size;
+
+    /* ASN1 Encode the pkcs8 structure... look at softoken to see how this
+     * is done... */
+    error = ckmk_CreateRSAKeyBlob(&lk, &keyBlob);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    dataRef = CFDataCreate(NULL, (UInt8 *)keyBlob.data, keyBlob.size);
+    if (0 == dataRef) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    *pError == ckmk_GetSafeDefaultKeychain(&targetKeychain);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+    /* the itemArray that is returned is useless. the item does not
+     * is 'not on the key chain' so none of the modify calls work on it.
+     * It also has a key that isn't the same key as the one in the actual
+     * key chain. In short it isn't the item we want, and it gives us zero
+     * information about the item we want, so don't even bother with it...
+     */
+    macErr = SecKeychainItemImport(dataRef, NULL, &inputFormat, &itemType, 0,
+                                   &keyParams, targetKeychain, NULL);
+    if (noErr != macErr) {
+        CKMK_MACERR("Import Private Key", macErr);
+        *pError = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    *pError = ckmk_FindImportedKey(targetKeychain,
+                                   CSSM_DL_DB_RECORD_PRIVATE_KEY,
+                                   &itemRef);
+    if (CKR_OK != *pError) {
+#ifdef DEBUG
+        fprintf(stderr, "couldn't find key in keychain \n");
+#endif
+        goto loser;
+    }
+
+    /* set the CKA_ID and  the CKA_LABEL */
+    error = nss_ckmk_GetAttribute(CKA_ID, pTemplate,
+                                  ulAttributeCount, &keyID);
+    if (CKR_OK == error) {
+        error = ckmk_updateAttribute(itemRef, kSecKeyLabel,
+                                     keyID.data, keyID.size, "Modify Key ID");
+#ifdef DEBUG
+        itemdump("key id: ", keyID.data, keyID.size, error);
+#endif
+    }
+    nickname = nss_ckmk_GetStringAttribute(CKA_LABEL, pTemplate,
+                                           ulAttributeCount, &error);
+    if (nickname) {
+        ckmk_updateAttribute(itemRef, kSecKeyPrintName, nickname,
+                             strlen(nickname) + 1, "Modify Key Label");
+    } else {
+#define DEFAULT_NICKNAME "NSS Imported Key"
+        ckmk_updateAttribute(itemRef, kSecKeyPrintName, DEFAULT_NICKNAME,
+                             sizeof(DEFAULT_NICKNAME), "Modify Key Label");
+    }
+
+    io = nss_ckmk_NewInternalObject(CKO_PRIVATE_KEY, itemRef,
+                                    CSSM_DL_DB_RECORD_PRIVATE_KEY, pError);
+    if ((ckmkInternalObject *)NULL == io) {
+        CFRelease(itemRef);
+    }
+
+    return io;
+
+loser:
+    /* free the key blob */
+    if (keyBlob.data) {
+        nss_ZFreeIf(keyBlob.data);
+    }
+    if (0 != targetKeychain) {
+        CFRelease(targetKeychain);
+    }
+    if (0 != dataRef) {
+        CFRelease(dataRef);
+    }
+    return io;
+}
+
+NSS_EXTERN NSSCKMDObject *
+nss_ckmk_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    CK_OBJECT_CLASS objClass;
+    ckmkInternalObject *io = NULL;
+    CK_BBOOL isToken;
+
+    /*
+     * only create token objects
+     */
+    isToken = nss_ckmk_GetBoolAttribute(CKA_TOKEN, pTemplate,
+                                        ulAttributeCount, CK_FALSE);
+    if (!isToken) {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+        return (NSSCKMDObject *)NULL;
+    }
+
+    /*
+     * only create keys and certs.
+     */
+    objClass = nss_ckmk_GetULongAttribute(CKA_CLASS, pTemplate,
+                                          ulAttributeCount, pError);
+    if (CKR_OK != *pError) {
+        return (NSSCKMDObject *)NULL;
+    }
+#ifdef notdef
+    if (objClass == CKO_PUBLIC_KEY) {
+        return CKR_OK; /* fake public key creation, happens as a side effect of
+                        * private key creation */
+    }
+#endif
+    if (objClass == CKO_CERTIFICATE) {
+        io = nss_ckmk_CreateCertificate(fwSession, pTemplate,
+                                        ulAttributeCount, pError);
+    } else if (objClass == CKO_PRIVATE_KEY) {
+        io = nss_ckmk_CreatePrivateKey(fwSession, pTemplate,
+                                       ulAttributeCount, pError);
+    } else {
+        *pError = CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    if ((ckmkInternalObject *)NULL == io) {
+        return (NSSCKMDObject *)NULL;
+    }
+    return nss_ckmk_CreateMDObject(NULL, io, pError);
+}
diff --git a/nss/lib/ckfw/nssmkey/mrsa.c b/nss/lib/ckfw/nssmkey/mrsa.c
new file mode 100644
index 0000000..00175b4
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/mrsa.c
@@ -0,0 +1,479 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckmk.h"
+
+/* Sigh, For all the talk about 'ease of use', apple has hidden the interfaces
+ * needed to be able to truly use CSSM. These came from their modification
+ * to NSS's S/MIME code. The following two functions currently are not
+ * part of the SecKey.h interface.
+ */
+OSStatus
+SecKeyGetCredentials(
+    SecKeyRef keyRef,
+    CSSM_ACL_AUTHORIZATION_TAG authTag,
+    int type,
+    const CSSM_ACCESS_CREDENTIALS **creds);
+
+/* this function could be implemented using 'SecKeychainItemCopyKeychain' and
+ * 'SecKeychainGetCSPHandle' */
+OSStatus
+SecKeyGetCSPHandle(
+    SecKeyRef keyRef,
+    CSSM_CSP_HANDLE *cspHandle);
+
+typedef struct ckmkInternalCryptoOperationRSAPrivStr
+    ckmkInternalCryptoOperationRSAPriv;
+struct ckmkInternalCryptoOperationRSAPrivStr {
+    NSSCKMDCryptoOperation mdOperation;
+    NSSCKMDMechanism *mdMechanism;
+    ckmkInternalObject *iKey;
+    NSSItem *buffer;
+    CSSM_CC_HANDLE cssmContext;
+};
+
+typedef enum {
+    CKMK_DECRYPT,
+    CKMK_SIGN
+} ckmkRSAOpType;
+
+/*
+ * ckmk_mdCryptoOperationRSAPriv_Create
+ */
+static NSSCKMDCryptoOperation *
+ckmk_mdCryptoOperationRSAPriv_Create(
+    const NSSCKMDCryptoOperation *proto,
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKMDObject *mdKey,
+    ckmkRSAOpType type,
+    CK_RV *pError)
+{
+    ckmkInternalObject *iKey = (ckmkInternalObject *)mdKey->etc;
+    const NSSItem *classItem = nss_ckmk_FetchAttribute(iKey, CKA_CLASS, pError);
+    const NSSItem *keyType = nss_ckmk_FetchAttribute(iKey, CKA_KEY_TYPE, pError);
+    ckmkInternalCryptoOperationRSAPriv *iOperation;
+    SecKeyRef privateKey;
+    OSStatus macErr;
+    CSSM_RETURN cssmErr;
+    const CSSM_KEY *cssmKey;
+    CSSM_CSP_HANDLE cspHandle;
+    const CSSM_ACCESS_CREDENTIALS *creds = NULL;
+    CSSM_CC_HANDLE cssmContext;
+    CSSM_ACL_AUTHORIZATION_TAG authType;
+
+    /* make sure we have the right objects */
+    if (((const NSSItem *)NULL == classItem) ||
+        (sizeof(CK_OBJECT_CLASS) != classItem->size) ||
+        (CKO_PRIVATE_KEY != *(CK_OBJECT_CLASS *)classItem->data) ||
+        ((const NSSItem *)NULL == keyType) ||
+        (sizeof(CK_KEY_TYPE) != keyType->size) ||
+        (CKK_RSA != *(CK_KEY_TYPE *)keyType->data)) {
+        *pError = CKR_KEY_TYPE_INCONSISTENT;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+
+    privateKey = (SecKeyRef)iKey->u.item.itemRef;
+    macErr = SecKeyGetCSSMKey(privateKey, &cssmKey);
+    if (noErr != macErr) {
+        CKMK_MACERR("Getting CSSM Key", macErr);
+        *pError = CKR_KEY_HANDLE_INVALID;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+    macErr = SecKeyGetCSPHandle(privateKey, &cspHandle);
+    if (noErr != macErr) {
+        CKMK_MACERR("Getting CSP for Key", macErr);
+        *pError = CKR_KEY_HANDLE_INVALID;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+    switch (type) {
+        case CKMK_DECRYPT:
+            authType = CSSM_ACL_AUTHORIZATION_DECRYPT;
+            break;
+        case CKMK_SIGN:
+            authType = CSSM_ACL_AUTHORIZATION_SIGN;
+            break;
+        default:
+            *pError = CKR_GENERAL_ERROR;
+#ifdef DEBUG
+            fprintf(stderr, "RSAPriv_Create: bad type = %d\n", type);
+#endif
+            return (NSSCKMDCryptoOperation *)NULL;
+    }
+
+    macErr = SecKeyGetCredentials(privateKey, authType, 0, &creds);
+    if (noErr != macErr) {
+        CKMK_MACERR("Getting Credentials for Key", macErr);
+        *pError = CKR_KEY_HANDLE_INVALID;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+
+    switch (type) {
+        case CKMK_DECRYPT:
+            cssmErr = CSSM_CSP_CreateAsymmetricContext(cspHandle, CSSM_ALGID_RSA,
+                                                       creds, cssmKey, CSSM_PADDING_PKCS1, &cssmContext);
+            break;
+        case CKMK_SIGN:
+            cssmErr = CSSM_CSP_CreateSignatureContext(cspHandle, CSSM_ALGID_RSA,
+                                                      creds, cssmKey, &cssmContext);
+            break;
+        default:
+            *pError = CKR_GENERAL_ERROR;
+#ifdef DEBUG
+            fprintf(stderr, "RSAPriv_Create: bad type = %d\n", type);
+#endif
+            return (NSSCKMDCryptoOperation *)NULL;
+    }
+    if (noErr != cssmErr) {
+        CKMK_MACERR("Getting Context for Key", cssmErr);
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+
+    iOperation = nss_ZNEW(NULL, ckmkInternalCryptoOperationRSAPriv);
+    if ((ckmkInternalCryptoOperationRSAPriv *)NULL == iOperation) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDCryptoOperation *)NULL;
+    }
+    iOperation->mdMechanism = mdMechanism;
+    iOperation->iKey = iKey;
+    iOperation->cssmContext = cssmContext;
+
+    nsslibc_memcpy(&iOperation->mdOperation,
+                   proto, sizeof(NSSCKMDCryptoOperation));
+    iOperation->mdOperation.etc = iOperation;
+
+    return &iOperation->mdOperation;
+}
+
+static void
+ckmk_mdCryptoOperationRSAPriv_Destroy(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    ckmkInternalCryptoOperationRSAPriv *iOperation =
+        (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
+
+    if (iOperation->buffer) {
+        nssItem_Destroy(iOperation->buffer);
+    }
+    if (iOperation->cssmContext) {
+        CSSM_DeleteContext(iOperation->cssmContext);
+    }
+    nss_ZFreeIf(iOperation);
+    return;
+}
+
+static CK_ULONG
+ckmk_mdCryptoOperationRSA_GetFinalLength(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    ckmkInternalCryptoOperationRSAPriv *iOperation =
+        (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    const NSSItem *modulus =
+        nss_ckmk_FetchAttribute(iOperation->iKey, CKA_MODULUS, pError);
+
+    return modulus->size;
+}
+
+/*
+ * ckmk_mdCryptoOperationRSADecrypt_GetOperationLength
+ * we won't know the length until we actually decrypt the
+ * input block. Since we go to all the work to decrypt the
+ * the block, we'll save if for when the block is asked for
+ */
+static CK_ULONG
+ckmk_mdCryptoOperationRSADecrypt_GetOperationLength(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    CK_RV *pError)
+{
+    ckmkInternalCryptoOperationRSAPriv *iOperation =
+        (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    CSSM_DATA cssmInput;
+    CSSM_DATA cssmOutput = { 0, NULL };
+    PRUint32 bytesDecrypted;
+    CSSM_DATA remainder = { 0, NULL };
+    NSSItem output;
+    CSSM_RETURN cssmErr;
+
+    if (iOperation->buffer) {
+        return iOperation->buffer->size;
+    }
+
+    cssmInput.Data = input->data;
+    cssmInput.Length = input->size;
+
+    cssmErr = CSSM_DecryptData(iOperation->cssmContext,
+                               &cssmInput, 1, &cssmOutput, 1,
+                               &bytesDecrypted, &remainder);
+    if (CSSM_OK != cssmErr) {
+        CKMK_MACERR("Decrypt Failed", cssmErr);
+        *pError = CKR_DATA_INVALID;
+        return 0;
+    }
+    /* we didn't suppy any buffers, so it should all be in remainder */
+    output.data = nss_ZNEWARRAY(NULL, char, bytesDecrypted + remainder.Length);
+    if (NULL == output.data) {
+        free(cssmOutput.Data);
+        free(remainder.Data);
+        *pError = CKR_HOST_MEMORY;
+        return 0;
+    }
+    output.size = bytesDecrypted + remainder.Length;
+
+    if (0 != bytesDecrypted) {
+        nsslibc_memcpy(output.data, cssmOutput.Data, bytesDecrypted);
+        free(cssmOutput.Data);
+    }
+    if (0 != remainder.Length) {
+        nsslibc_memcpy(((char *)output.data) + bytesDecrypted,
+                       remainder.Data, remainder.Length);
+        free(remainder.Data);
+    }
+
+    iOperation->buffer = nssItem_Duplicate(&output, NULL, NULL);
+    nss_ZFreeIf(output.data);
+    if ((NSSItem *)NULL == iOperation->buffer) {
+        *pError = CKR_HOST_MEMORY;
+        return 0;
+    }
+
+    return iOperation->buffer->size;
+}
+
+/*
+ * ckmk_mdCryptoOperationRSADecrypt_UpdateFinal
+ *
+ * NOTE: ckmk_mdCryptoOperationRSADecrypt_GetOperationLength is presumed to
+ * have been called previously.
+ */
+static CK_RV
+ckmk_mdCryptoOperationRSADecrypt_UpdateFinal(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    NSSItem *output)
+{
+    ckmkInternalCryptoOperationRSAPriv *iOperation =
+        (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    NSSItem *buffer = iOperation->buffer;
+
+    if ((NSSItem *)NULL == buffer) {
+        return CKR_GENERAL_ERROR;
+    }
+    nsslibc_memcpy(output->data, buffer->data, buffer->size);
+    output->size = buffer->size;
+    return CKR_OK;
+}
+
+/*
+ * ckmk_mdCryptoOperationRSASign_UpdateFinal
+ *
+ */
+static CK_RV
+ckmk_mdCryptoOperationRSASign_UpdateFinal(
+    NSSCKMDCryptoOperation *mdOperation,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    const NSSItem *input,
+    NSSItem *output)
+{
+    ckmkInternalCryptoOperationRSAPriv *iOperation =
+        (ckmkInternalCryptoOperationRSAPriv *)mdOperation->etc;
+    CSSM_DATA cssmInput;
+    CSSM_DATA cssmOutput = { 0, NULL };
+    CSSM_RETURN cssmErr;
+
+    cssmInput.Data = input->data;
+    cssmInput.Length = input->size;
+
+    cssmErr = CSSM_SignData(iOperation->cssmContext, &cssmInput, 1,
+                            CSSM_ALGID_NONE, &cssmOutput);
+    if (CSSM_OK != cssmErr) {
+        CKMK_MACERR("Signed Failed", cssmErr);
+        return CKR_FUNCTION_FAILED;
+    }
+    if (cssmOutput.Length > output->size) {
+        free(cssmOutput.Data);
+        return CKR_BUFFER_TOO_SMALL;
+    }
+    nsslibc_memcpy(output->data, cssmOutput.Data, cssmOutput.Length);
+    free(cssmOutput.Data);
+    output->size = cssmOutput.Length;
+
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
+    ckmk_mdCryptoOperationRSADecrypt_proto = {
+        NULL, /* etc */
+        ckmk_mdCryptoOperationRSAPriv_Destroy,
+        NULL, /* GetFinalLengh - not needed for one shot Decrypt/Encrypt */
+        ckmk_mdCryptoOperationRSADecrypt_GetOperationLength,
+        NULL, /* Final - not needed for one shot operation */
+        NULL, /* Update - not needed for one shot operation */
+        NULL, /* DigetUpdate - not needed for one shot operation */
+        ckmk_mdCryptoOperationRSADecrypt_UpdateFinal,
+        NULL,        /* UpdateCombo - not needed for one shot operation */
+        NULL,        /* DigetKey - not needed for one shot operation */
+        (void *)NULL /* null terminator */
+    };
+
+NSS_IMPLEMENT_DATA const NSSCKMDCryptoOperation
+    ckmk_mdCryptoOperationRSASign_proto = {
+        NULL, /* etc */
+        ckmk_mdCryptoOperationRSAPriv_Destroy,
+        ckmk_mdCryptoOperationRSA_GetFinalLength,
+        NULL, /* GetOperationLengh - not needed for one shot Sign/Verify */
+        NULL, /* Final - not needed for one shot operation */
+        NULL, /* Update - not needed for one shot operation */
+        NULL, /* DigetUpdate - not needed for one shot operation */
+        ckmk_mdCryptoOperationRSASign_UpdateFinal,
+        NULL,        /* UpdateCombo - not needed for one shot operation */
+        NULL,        /* DigetKey - not needed for one shot operation */
+        (void *)NULL /* null terminator */
+    };
+
+/********** NSSCKMDMechansim functions ***********************/
+/*
+ * ckmk_mdMechanismRSA_Destroy
+ */
+static void
+ckmk_mdMechanismRSA_Destroy(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nss_ZFreeIf(fwMechanism);
+}
+
+/*
+ * ckmk_mdMechanismRSA_GetMinKeySize
+ */
+static CK_ULONG
+ckmk_mdMechanismRSA_GetMinKeySize(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return 384;
+}
+
+/*
+ * ckmk_mdMechanismRSA_GetMaxKeySize
+ */
+static CK_ULONG
+ckmk_mdMechanismRSA_GetMaxKeySize(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return 16384;
+}
+
+/*
+ * ckmk_mdMechanismRSA_DecryptInit
+ */
+static NSSCKMDCryptoOperation *
+ckmk_mdMechanismRSA_DecryptInit(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDObject *mdKey,
+    NSSCKFWObject *fwKey,
+    CK_RV *pError)
+{
+    return ckmk_mdCryptoOperationRSAPriv_Create(
+        &ckmk_mdCryptoOperationRSADecrypt_proto,
+        mdMechanism, mdKey, CKMK_DECRYPT, pError);
+}
+
+/*
+ * ckmk_mdMechanismRSA_SignInit
+ */
+static NSSCKMDCryptoOperation *
+ckmk_mdMechanismRSA_SignInit(
+    NSSCKMDMechanism *mdMechanism,
+    NSSCKFWMechanism *fwMechanism,
+    CK_MECHANISM *pMechanism,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDObject *mdKey,
+    NSSCKFWObject *fwKey,
+    CK_RV *pError)
+{
+    return ckmk_mdCryptoOperationRSAPriv_Create(
+        &ckmk_mdCryptoOperationRSASign_proto,
+        mdMechanism, mdKey, CKMK_SIGN, pError);
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDMechanism
+    nss_ckmk_mdMechanismRSA = {
+        (void *)NULL, /* etc */
+        ckmk_mdMechanismRSA_Destroy,
+        ckmk_mdMechanismRSA_GetMinKeySize,
+        ckmk_mdMechanismRSA_GetMaxKeySize,
+        NULL, /* GetInHardware - default false */
+        NULL, /* EncryptInit - default errs */
+        ckmk_mdMechanismRSA_DecryptInit,
+        NULL, /* DigestInit - default errs*/
+        ckmk_mdMechanismRSA_SignInit,
+        NULL,                         /* VerifyInit - default errs */
+        ckmk_mdMechanismRSA_SignInit, /* SignRecoverInit */
+        NULL,                         /* VerifyRecoverInit - default errs */
+        NULL,                         /* GenerateKey - default errs */
+        NULL,                         /* GenerateKeyPair - default errs */
+        NULL,                         /* GetWrapKeyLength - default errs */
+        NULL,                         /* WrapKey - default errs */
+        NULL,                         /* UnwrapKey - default errs */
+        NULL,                         /* DeriveKey - default errs */
+        (void *)NULL                  /* null terminator */
+    };
diff --git a/nss/lib/ckfw/nssmkey/msession.c b/nss/lib/ckfw/nssmkey/msession.c
new file mode 100644
index 0000000..e6a2924
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/msession.c
@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckmk.h"
+
+/*
+ * nssmkey/msession.c
+ *
+ * This file implements the NSSCKMDSession object for the
+ * "nssmkey" cryptoki module.
+ */
+
+static NSSCKMDFindObjects *
+ckmk_mdSession_FindObjectsInit(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    return nss_ckmk_FindObjectsInit(fwSession, pTemplate, ulAttributeCount, pError);
+}
+
+static NSSCKMDObject *
+ckmk_mdSession_CreateObject(
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    return nss_ckmk_CreateObject(fwSession, pTemplate, ulAttributeCount, pError);
+}
+
+NSS_IMPLEMENT NSSCKMDSession *
+nss_ckmk_CreateSession(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+    NSSArena *arena;
+    NSSCKMDSession *rv;
+
+    arena = NSSCKFWSession_GetArena(fwSession, pError);
+    if ((NSSArena *)NULL == arena) {
+        return (NSSCKMDSession *)NULL;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDSession);
+    if ((NSSCKMDSession *)NULL == rv) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDSession *)NULL;
+    }
+
+    /*
+     * rv was zeroed when allocated, so we only
+     * need to set the non-zero members.
+     */
+
+    rv->etc = (void *)fwSession;
+    /* rv->Close */
+    /* rv->GetDeviceError */
+    /* rv->Login */
+    /* rv->Logout */
+    /* rv->InitPIN */
+    /* rv->SetPIN */
+    /* rv->GetOperationStateLen */
+    /* rv->GetOperationState */
+    /* rv->SetOperationState */
+    rv->CreateObject = ckmk_mdSession_CreateObject;
+    /* rv->CopyObject */
+    rv->FindObjectsInit = ckmk_mdSession_FindObjectsInit;
+    /* rv->SeedRandom */
+    /* rv->GetRandom */
+    /* rv->null */
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/nssmkey/mslot.c b/nss/lib/ckfw/nssmkey/mslot.c
new file mode 100644
index 0000000..b2747ff
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/mslot.c
@@ -0,0 +1,81 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckmk.h"
+
+/*
+ * nssmkey/mslot.c
+ *
+ * This file implements the NSSCKMDSlot object for the
+ * "nssmkey" cryptoki module.
+ */
+
+static NSSUTF8 *
+ckmk_mdSlot_GetSlotDescription(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_SlotDescription;
+}
+
+static NSSUTF8 *
+ckmk_mdSlot_GetManufacturerID(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_ManufacturerID;
+}
+
+static CK_VERSION
+ckmk_mdSlot_GetHardwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckmk_HardwareVersion;
+}
+
+static CK_VERSION
+ckmk_mdSlot_GetFirmwareVersion(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckmk_FirmwareVersion;
+}
+
+static NSSCKMDToken *
+ckmk_mdSlot_GetToken(
+    NSSCKMDSlot *mdSlot,
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSCKMDToken *)&nss_ckmk_mdToken;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDSlot
+    nss_ckmk_mdSlot = {
+        (void *)NULL, /* etc */
+        NULL,         /* Initialize */
+        NULL,         /* Destroy */
+        ckmk_mdSlot_GetSlotDescription,
+        ckmk_mdSlot_GetManufacturerID,
+        NULL, /* GetTokenPresent -- defaults to true */
+        NULL, /* GetRemovableDevice -- defaults to false */
+        NULL, /* GetHardwareSlot -- defaults to false */
+        ckmk_mdSlot_GetHardwareVersion,
+        ckmk_mdSlot_GetFirmwareVersion,
+        ckmk_mdSlot_GetToken,
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/nssmkey/mtoken.c b/nss/lib/ckfw/nssmkey/mtoken.c
new file mode 100644
index 0000000..e18d612
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/mtoken.c
@@ -0,0 +1,184 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ckmk.h"
+
+/*
+ * nssmkey/mtoken.c
+ *
+ * This file implements the NSSCKMDToken object for the
+ * "nssmkey" cryptoki module.
+ */
+
+static NSSUTF8 *
+ckmk_mdToken_GetLabel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_TokenLabel;
+}
+
+static NSSUTF8 *
+ckmk_mdToken_GetManufacturerID(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_ManufacturerID;
+}
+
+static NSSUTF8 *
+ckmk_mdToken_GetModel(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_TokenModel;
+}
+
+static NSSUTF8 *
+ckmk_mdToken_GetSerialNumber(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    return (NSSUTF8 *)nss_ckmk_TokenSerialNumber;
+}
+
+static CK_BBOOL
+ckmk_mdToken_GetIsWriteProtected(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_FALSE;
+}
+
+/* fake out Mozilla so we don't try to initialize the token */
+static CK_BBOOL
+ckmk_mdToken_GetUserPinInitialized(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return CK_TRUE;
+}
+
+static CK_VERSION
+ckmk_mdToken_GetHardwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckmk_HardwareVersion;
+}
+
+static CK_VERSION
+ckmk_mdToken_GetFirmwareVersion(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return nss_ckmk_FirmwareVersion;
+}
+
+static NSSCKMDSession *
+ckmk_mdToken_OpenSession(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSCKFWSession *fwSession,
+    CK_BBOOL rw,
+    CK_RV *pError)
+{
+    return nss_ckmk_CreateSession(fwSession, pError);
+}
+
+static CK_ULONG
+ckmk_mdToken_GetMechanismCount(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    return (CK_ULONG)1;
+}
+
+static CK_RV
+ckmk_mdToken_GetMechanismTypes(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_MECHANISM_TYPE types[])
+{
+    types[0] = CKM_RSA_PKCS;
+    return CKR_OK;
+}
+
+static NSSCKMDMechanism *
+ckmk_mdToken_GetMechanism(
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_MECHANISM_TYPE which,
+    CK_RV *pError)
+{
+    if (which != CKM_RSA_PKCS) {
+        *pError = CKR_MECHANISM_INVALID;
+        return (NSSCKMDMechanism *)NULL;
+    }
+    return (NSSCKMDMechanism *)&nss_ckmk_mdMechanismRSA;
+}
+
+NSS_IMPLEMENT_DATA const NSSCKMDToken
+    nss_ckmk_mdToken = {
+        (void *)NULL, /* etc */
+        NULL,         /* Setup */
+        NULL,         /* Invalidate */
+        NULL,         /* InitToken -- default errs */
+        ckmk_mdToken_GetLabel,
+        ckmk_mdToken_GetManufacturerID,
+        ckmk_mdToken_GetModel,
+        ckmk_mdToken_GetSerialNumber,
+        NULL, /* GetHasRNG -- default is false */
+        ckmk_mdToken_GetIsWriteProtected,
+        NULL, /* GetLoginRequired -- default is false */
+        ckmk_mdToken_GetUserPinInitialized,
+        NULL, /* GetRestoreKeyNotNeeded -- irrelevant */
+        NULL, /* GetHasClockOnToken -- default is false */
+        NULL, /* GetHasProtectedAuthenticationPath -- default is false */
+        NULL, /* GetSupportsDualCryptoOperations -- default is false */
+        NULL, /* GetMaxSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxRwSessionCount -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetMaxPinLen -- irrelevant */
+        NULL, /* GetMinPinLen -- irrelevant */
+        NULL, /* GetTotalPublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePublicMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetTotalPrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        NULL, /* GetFreePrivateMemory -- default is CK_UNAVAILABLE_INFORMATION */
+        ckmk_mdToken_GetHardwareVersion,
+        ckmk_mdToken_GetFirmwareVersion,
+        NULL, /* GetUTCTime -- no clock */
+        ckmk_mdToken_OpenSession,
+        ckmk_mdToken_GetMechanismCount,
+        ckmk_mdToken_GetMechanismTypes,
+        ckmk_mdToken_GetMechanism,
+        (void *)NULL /* null terminator */
+    };
diff --git a/nss/lib/ckfw/nssmkey/nssmkey.def b/nss/lib/ckfw/nssmkey/nssmkey.def
new file mode 100644
index 0000000..45d307f
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/nssmkey.def
@@ -0,0 +1,26 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#     line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSSMKEY_3.0 {       # First release of nssmkey
+;+    global:
+LIBRARY nssmkey ;-
+EXPORTS ;-
+C_GetFunctionList;
+;+    local:
+;+*;
+;+};
diff --git a/nss/lib/ckfw/nssmkey/nssmkey.h b/nss/lib/ckfw/nssmkey/nssmkey.h
new file mode 100644
index 0000000..ba58233
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/nssmkey.h
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSMKEY_H
+#define NSSMKEY_H
+
+/*
+ * NSS CKMK Version numbers.
+ *
+ * These are the version numbers for the nssmkey module packaged with
+ * this release on NSS. To determine the version numbers of the builtin
+ * module you are using, use the appropriate PKCS #11 calls.
+ *
+ * These version numbers detail changes to the PKCS #11 interface. They map
+ * to the PKCS #11 spec versions.
+ */
+#define NSS_CKMK_CRYPTOKI_VERSION_MAJOR 2
+#define NSS_CKMK_CRYPTOKI_VERSION_MINOR 20
+
+/* These version numbers detail the changes
+ * to the list of trusted certificates.
+ *
+ * NSS_CKMK_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
+ * whether we may use its full range (0-255) or only 0-99 because
+ * of the comment in the CK_VERSION type definition.
+ */
+#define NSS_CKMK_LIBRARY_VERSION_MAJOR 1
+#define NSS_CKMK_LIBRARY_VERSION_MINOR 1
+#define NSS_CKMK_LIBRARY_VERSION "1.1"
+
+/* These version numbers detail the semantic changes to the ckfw engine. */
+#define NSS_CKMK_HARDWARE_VERSION_MAJOR 1
+#define NSS_CKMK_HARDWARE_VERSION_MINOR 0
+
+/* These version numbers detail the semantic changes to ckbi itself
+ * (new PKCS #11 objects), etc. */
+#define NSS_CKMK_FIRMWARE_VERSION_MAJOR 1
+#define NSS_CKMK_FIRMWARE_VERSION_MINOR 0
+
+#endif /* NSSMKEY_H */
diff --git a/nss/lib/ckfw/nssmkey/staticobj.c b/nss/lib/ckfw/nssmkey/staticobj.c
new file mode 100644
index 0000000..5f3bb7c
--- /dev/null
+++ b/nss/lib/ckfw/nssmkey/staticobj.c
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CKMK_H
+#include "ckmk.h"
+#endif /* CKMK_H */
+
+static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
+static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
+static const CK_BBOOL ck_true = CK_TRUE;
+static const CK_OBJECT_CLASS cko_data = CKO_DATA;
+static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
+static const CK_BBOOL ck_false = CK_FALSE;
+static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+
+/* example of a static object */
+static const CK_ATTRIBUTE_TYPE nss_ckmk_types_1[] = {
+    CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_LABEL
+};
+
+static const NSSItem nss_ckmk_items_1[] = {
+    { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
+    { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
+    { (void *)"Mozilla Mac Key Ring Access", (PRUint32)28 }
+};
+
+ckmkInternalObject nss_ckmk_data[] = {
+    { ckmkRaw, { { 5, nss_ckmk_types_1, nss_ckmk_items_1 } }, CKO_DATA, { NULL } },
+};
+
+const PRUint32 nss_ckmk_nObjects = 1;
diff --git a/nss/lib/ckfw/object.c b/nss/lib/ckfw/object.c
new file mode 100644
index 0000000..ff0542e
--- /dev/null
+++ b/nss/lib/ckfw/object.c
@@ -0,0 +1,973 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * object.c
+ *
+ * This file implements the NSSCKFWObject type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWObject
+ *
+ * -- create/destroy --
+ *  nssCKFWObject_Create
+ *  nssCKFWObject_Finalize
+ *  nssCKFWObject_Destroy
+ *
+ * -- public accessors --
+ *  NSSCKFWObject_GetMDObject
+ *  NSSCKFWObject_GetArena
+ *  NSSCKFWObject_IsTokenObject
+ *  NSSCKFWObject_GetAttributeCount
+ *  NSSCKFWObject_GetAttributeTypes
+ *  NSSCKFWObject_GetAttributeSize
+ *  NSSCKFWObject_GetAttribute
+ *  NSSCKFWObject_SetAttribute
+ *  NSSCKFWObject_GetObjectSize
+ *
+ * -- implement public accessors --
+ *  nssCKFWObject_GetMDObject
+ *  nssCKFWObject_GetArena
+ *
+ * -- private accessors --
+ *  nssCKFWObject_SetHandle
+ *  nssCKFWObject_GetHandle
+ *
+ * -- module fronts --
+ *  nssCKFWObject_IsTokenObject
+ *  nssCKFWObject_GetAttributeCount
+ *  nssCKFWObject_GetAttributeTypes
+ *  nssCKFWObject_GetAttributeSize
+ *  nssCKFWObject_GetAttribute
+ *  nssCKFWObject_SetAttribute
+ *  nssCKFWObject_GetObjectSize
+ */
+
+struct NSSCKFWObjectStr {
+    NSSCKFWMutex *mutex; /* merely to serialise the MDObject calls */
+    NSSArena *arena;
+    NSSCKMDObject *mdObject;
+    NSSCKMDSession *mdSession;
+    NSSCKFWSession *fwSession;
+    NSSCKMDToken *mdToken;
+    NSSCKFWToken *fwToken;
+    NSSCKMDInstance *mdInstance;
+    NSSCKFWInstance *fwInstance;
+    CK_OBJECT_HANDLE hObject;
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+object_add_pointer(
+    const NSSCKFWObject *fwObject)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+object_remove_pointer(
+    const NSSCKFWObject *fwObject)
+{
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWObject_verifyPointer(
+    const NSSCKFWObject *fwObject)
+{
+    return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWObject_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWObject *
+nssCKFWObject_Create(
+    NSSArena *arena,
+    NSSCKMDObject *mdObject,
+    NSSCKFWSession *fwSession,
+    NSSCKFWToken *fwToken,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    NSSCKFWObject *fwObject;
+    nssCKFWHash *mdObjectHash;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSCKFWObject *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSCKFWObject *)NULL;
+    }
+    mdObjectHash = nssCKFWToken_GetMDObjectHash(fwToken);
+    if (!mdObjectHash) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKFWObject *)NULL;
+    }
+
+    if (nssCKFWHash_Exists(mdObjectHash, mdObject)) {
+        fwObject = nssCKFWHash_Lookup(mdObjectHash, mdObject);
+        return fwObject;
+    }
+
+    fwObject = nss_ZNEW(arena, NSSCKFWObject);
+    if (!fwObject) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKFWObject *)NULL;
+    }
+
+    fwObject->arena = arena;
+    fwObject->mdObject = mdObject;
+    fwObject->fwSession = fwSession;
+
+    if (fwSession) {
+        fwObject->mdSession = nssCKFWSession_GetMDSession(fwSession);
+    }
+
+    fwObject->fwToken = fwToken;
+    fwObject->mdToken = nssCKFWToken_GetMDToken(fwToken);
+    fwObject->fwInstance = fwInstance;
+    fwObject->mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
+    fwObject->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+    if (!fwObject->mutex) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        nss_ZFreeIf(fwObject);
+        return (NSSCKFWObject *)NULL;
+    }
+
+    *pError = nssCKFWHash_Add(mdObjectHash, mdObject, fwObject);
+    if (CKR_OK != *pError) {
+        nss_ZFreeIf(fwObject);
+        return (NSSCKFWObject *)NULL;
+    }
+
+#ifdef DEBUG
+    *pError = object_add_pointer(fwObject);
+    if (CKR_OK != *pError) {
+        nssCKFWHash_Remove(mdObjectHash, mdObject);
+        nss_ZFreeIf(fwObject);
+        return (NSSCKFWObject *)NULL;
+    }
+#endif /* DEBUG */
+
+    *pError = CKR_OK;
+    return fwObject;
+}
+
+/*
+ * nssCKFWObject_Finalize
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWObject_Finalize(
+    NSSCKFWObject *fwObject,
+    PRBool removeFromHash)
+{
+    nssCKFWHash *mdObjectHash;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return;
+    }
+#endif /* NSSDEBUG */
+
+    (void)nssCKFWMutex_Destroy(fwObject->mutex);
+
+    if (fwObject->mdObject->Finalize) {
+        fwObject->mdObject->Finalize(fwObject->mdObject, fwObject,
+                                     fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                     fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
+    }
+
+    if (removeFromHash) {
+        mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
+        if (mdObjectHash) {
+            nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
+        }
+    }
+
+    if (fwObject->fwSession) {
+        nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
+    }
+    nss_ZFreeIf(fwObject);
+
+#ifdef DEBUG
+    (void)object_remove_pointer(fwObject);
+#endif /* DEBUG */
+
+    return;
+}
+
+/*
+ * nssCKFWObject_Destroy
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWObject_Destroy(
+    NSSCKFWObject *fwObject)
+{
+    nssCKFWHash *mdObjectHash;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return;
+    }
+#endif /* NSSDEBUG */
+
+    (void)nssCKFWMutex_Destroy(fwObject->mutex);
+
+    if (fwObject->mdObject->Destroy) {
+        fwObject->mdObject->Destroy(fwObject->mdObject, fwObject,
+                                    fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                    fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
+    }
+
+    mdObjectHash = nssCKFWToken_GetMDObjectHash(fwObject->fwToken);
+    if (mdObjectHash) {
+        nssCKFWHash_Remove(mdObjectHash, fwObject->mdObject);
+    }
+
+    if (fwObject->fwSession) {
+        nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
+    }
+    nss_ZFreeIf(fwObject);
+
+#ifdef DEBUG
+    (void)object_remove_pointer(fwObject);
+#endif /* DEBUG */
+
+    return;
+}
+
+/*
+ * nssCKFWObject_GetMDObject
+ *
+ */
+NSS_IMPLEMENT NSSCKMDObject *
+nssCKFWObject_GetMDObject(
+    NSSCKFWObject *fwObject)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return (NSSCKMDObject *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwObject->mdObject;
+}
+
+/*
+ * nssCKFWObject_GetArena
+ *
+ */
+NSS_IMPLEMENT NSSArena *
+nssCKFWObject_GetArena(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError)
+{
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (NSSArena *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwObject->arena;
+}
+
+/*
+ * nssCKFWObject_SetHandle
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWObject_SetHandle(
+    NSSCKFWObject *fwObject,
+    CK_OBJECT_HANDLE hObject)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+#endif /* NSSDEBUG */
+
+#ifdef NSSDEBUG
+    error = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    if ((CK_OBJECT_HANDLE)0 != fwObject->hObject) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    fwObject->hObject = hObject;
+
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWObject_GetHandle
+ *
+ */
+NSS_IMPLEMENT CK_OBJECT_HANDLE
+nssCKFWObject_GetHandle(
+    NSSCKFWObject *fwObject)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return (CK_OBJECT_HANDLE)0;
+    }
+#endif /* NSSDEBUG */
+
+    return fwObject->hObject;
+}
+
+/*
+ * nssCKFWObject_IsTokenObject
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWObject_IsTokenObject(
+    NSSCKFWObject *fwObject)
+{
+    CK_BBOOL b = CK_FALSE;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwObject->mdObject->IsTokenObject) {
+        NSSItem item;
+        NSSItem *pItem;
+        CK_RV rv = CKR_OK;
+
+        item.data = (void *)&b;
+        item.size = sizeof(b);
+
+        pItem = nssCKFWObject_GetAttribute(fwObject, CKA_TOKEN, &item,
+                                           (NSSArena *)NULL, &rv);
+        if (!pItem) {
+            /* Error of some type */
+            b = CK_FALSE;
+            goto done;
+        }
+
+        goto done;
+    }
+
+    b = fwObject->mdObject->IsTokenObject(fwObject->mdObject, fwObject,
+                                          fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                          fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance);
+
+done:
+    return b;
+}
+
+/*
+ * nssCKFWObject_GetAttributeCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWObject_GetAttributeCount(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError)
+{
+    CK_ULONG rv;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwObject->mdObject->GetAttributeCount) {
+        *pError = CKR_GENERAL_ERROR;
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWMutex_Lock(fwObject->mutex);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+
+    rv = fwObject->mdObject->GetAttributeCount(fwObject->mdObject, fwObject,
+                                               fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                               fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+                                               pError);
+
+    (void)nssCKFWMutex_Unlock(fwObject->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWObject_GetAttributeTypes
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWObject_GetAttributeTypes(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) {
+        return CKR_ARGUMENTS_BAD;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwObject->mdObject->GetAttributeTypes) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    error = nssCKFWMutex_Lock(fwObject->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    error = fwObject->mdObject->GetAttributeTypes(fwObject->mdObject, fwObject,
+                                                  fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                                  fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+                                                  typeArray, ulCount);
+
+    (void)nssCKFWMutex_Unlock(fwObject->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWObject_GetAttributeSize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWObject_GetAttributeSize(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    CK_ULONG rv;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwObject->mdObject->GetAttributeSize) {
+        *pError = CKR_GENERAL_ERROR;
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWMutex_Lock(fwObject->mutex);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+
+    rv = fwObject->mdObject->GetAttributeSize(fwObject->mdObject, fwObject,
+                                              fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                              fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+                                              attribute, pError);
+
+    (void)nssCKFWMutex_Unlock(fwObject->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWObject_GetAttribute
+ *
+ * Usual NSS allocation rules:
+ * If itemOpt is not NULL, it will be returned; otherwise an NSSItem
+ * will be allocated.  If itemOpt is not NULL but itemOpt->data is,
+ * the buffer will be allocated; otherwise, the buffer will be used.
+ * Any allocations will come from the optional arena, if one is
+ * specified.
+ */
+NSS_IMPLEMENT NSSItem *
+nssCKFWObject_GetAttribute(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *itemOpt,
+    NSSArena *arenaOpt,
+    CK_RV *pError)
+{
+    NSSItem *rv = (NSSItem *)NULL;
+    NSSCKFWItem mdItem;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSItem *)NULL;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (NSSItem *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwObject->mdObject->GetAttribute) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSItem *)NULL;
+    }
+
+    *pError = nssCKFWMutex_Lock(fwObject->mutex);
+    if (CKR_OK != *pError) {
+        return (NSSItem *)NULL;
+    }
+
+    mdItem = fwObject->mdObject->GetAttribute(fwObject->mdObject, fwObject,
+                                              fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                              fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+                                              attribute, pError);
+
+    if (!mdItem.item) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+
+        goto done;
+    }
+
+    if (!itemOpt) {
+        rv = nss_ZNEW(arenaOpt, NSSItem);
+        if (!rv) {
+            *pError = CKR_HOST_MEMORY;
+            goto done;
+        }
+    } else {
+        rv = itemOpt;
+    }
+
+    if (!rv->data) {
+        rv->size = mdItem.item->size;
+        rv->data = nss_ZAlloc(arenaOpt, rv->size);
+        if (!rv->data) {
+            *pError = CKR_HOST_MEMORY;
+            if (!itemOpt) {
+                nss_ZFreeIf(rv);
+            }
+            rv = (NSSItem *)NULL;
+            goto done;
+        }
+    } else {
+        if (rv->size >= mdItem.item->size) {
+            rv->size = mdItem.item->size;
+        } else {
+            *pError = CKR_BUFFER_TOO_SMALL;
+            /* Should we set rv->size to mdItem->size? */
+            /* rv can't have been allocated */
+            rv = (NSSItem *)NULL;
+            goto done;
+        }
+    }
+
+    (void)nsslibc_memcpy(rv->data, mdItem.item->data, rv->size);
+
+    if (PR_TRUE == mdItem.needsFreeing) {
+        PR_ASSERT(fwObject->mdObject->FreeAttribute);
+        if (fwObject->mdObject->FreeAttribute) {
+            *pError = fwObject->mdObject->FreeAttribute(&mdItem);
+        }
+    }
+
+done:
+    (void)nssCKFWMutex_Unlock(fwObject->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWObject_SetAttribute
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWObject_SetAttribute(
+    NSSCKFWObject *fwObject,
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKA_TOKEN == attribute) {
+        /*
+         * We're changing from a session object to a token object or
+         * vice-versa.
+         */
+
+        CK_ATTRIBUTE a;
+        NSSCKFWObject *newFwObject;
+        NSSCKFWObject swab;
+
+        a.type = CKA_TOKEN;
+        a.pValue = value->data;
+        a.ulValueLen = value->size;
+
+        newFwObject = nssCKFWSession_CopyObject(fwSession, fwObject,
+                                                &a, 1, &error);
+        if (!newFwObject) {
+            if (CKR_OK == error) {
+                error = CKR_GENERAL_ERROR;
+            }
+            return error;
+        }
+
+        /*
+         * Actually, I bet the locking is worse than this.. this part of
+         * the code could probably use some scrutiny and reworking.
+         */
+        error = nssCKFWMutex_Lock(fwObject->mutex);
+        if (CKR_OK != error) {
+            nssCKFWObject_Destroy(newFwObject);
+            return error;
+        }
+
+        error = nssCKFWMutex_Lock(newFwObject->mutex);
+        if (CKR_OK != error) {
+            nssCKFWMutex_Unlock(fwObject->mutex);
+            nssCKFWObject_Destroy(newFwObject);
+            return error;
+        }
+
+        /*
+         * Now, we have our new object, but it has a new fwObject pointer,
+         * while we have to keep the existing one.  So quick swap the contents.
+         */
+        swab = *fwObject;
+        *fwObject = *newFwObject;
+        *newFwObject = swab;
+
+        /* But keep the mutexes the same */
+        swab.mutex = fwObject->mutex;
+        fwObject->mutex = newFwObject->mutex;
+        newFwObject->mutex = swab.mutex;
+
+        (void)nssCKFWMutex_Unlock(newFwObject->mutex);
+        (void)nssCKFWMutex_Unlock(fwObject->mutex);
+
+        /*
+         * Either remove or add this to the list of session objects
+         */
+
+        if (CK_FALSE == *(CK_BBOOL *)value->data) {
+            /*
+             * New one is a session object, except since we "stole" the fwObject, it's
+             * not in the list.  Add it.
+             */
+            nssCKFWSession_RegisterSessionObject(fwSession, fwObject);
+        } else {
+            /*
+             * New one is a token object, except since we "stole" the fwObject, it's
+             * in the list.  Remove it.
+             */
+            if (fwObject->fwSession) {
+                nssCKFWSession_DeregisterSessionObject(fwObject->fwSession, fwObject);
+            }
+        }
+
+        /*
+         * Now delete the old object.  Remember the names have changed.
+         */
+        nssCKFWObject_Destroy(newFwObject);
+
+        return CKR_OK;
+    } else {
+        /*
+         * An "ordinary" change.
+         */
+        if (!fwObject->mdObject->SetAttribute) {
+            /* We could fake it with copying, like above.. later */
+            return CKR_ATTRIBUTE_READ_ONLY;
+        }
+
+        error = nssCKFWMutex_Lock(fwObject->mutex);
+        if (CKR_OK != error) {
+            return error;
+        }
+
+        error = fwObject->mdObject->SetAttribute(fwObject->mdObject, fwObject,
+                                                 fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                                 fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+                                                 attribute, value);
+
+        (void)nssCKFWMutex_Unlock(fwObject->mutex);
+
+        return error;
+    }
+}
+
+/*
+ * nssCKFWObject_GetObjectSize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWObject_GetObjectSize(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError)
+{
+    CK_ULONG rv;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwObject->mdObject->GetObjectSize) {
+        *pError = CKR_INFORMATION_SENSITIVE;
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWMutex_Lock(fwObject->mutex);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+
+    rv = fwObject->mdObject->GetObjectSize(fwObject->mdObject, fwObject,
+                                           fwObject->mdSession, fwObject->fwSession, fwObject->mdToken,
+                                           fwObject->fwToken, fwObject->mdInstance, fwObject->fwInstance,
+                                           pError);
+
+    (void)nssCKFWMutex_Unlock(fwObject->mutex);
+    return rv;
+}
+
+/*
+ * NSSCKFWObject_GetMDObject
+ *
+ */
+NSS_IMPLEMENT NSSCKMDObject *
+NSSCKFWObject_GetMDObject(
+    NSSCKFWObject *fwObject)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return (NSSCKMDObject *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_GetMDObject(fwObject);
+}
+
+/*
+ * NSSCKFWObject_GetArena
+ *
+ */
+NSS_IMPLEMENT NSSArena *
+NSSCKFWObject_GetArena(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (NSSArena *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_GetArena(fwObject, pError);
+}
+
+/*
+ * NSSCKFWObject_IsTokenObject
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+NSSCKFWObject_IsTokenObject(
+    NSSCKFWObject *fwObject)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWObject_verifyPointer(fwObject)) {
+        return CK_FALSE;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_IsTokenObject(fwObject);
+}
+
+/*
+ * NSSCKFWObject_GetAttributeCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+NSSCKFWObject_GetAttributeCount(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_GetAttributeCount(fwObject, pError);
+}
+
+/*
+ * NSSCKFWObject_GetAttributeTypes
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWObject_GetAttributeTypes(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
+{
+#ifdef DEBUG
+    CK_RV error = CKR_OK;
+
+    error = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if ((CK_ATTRIBUTE_TYPE_PTR)NULL == typeArray) {
+        return CKR_ARGUMENTS_BAD;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_GetAttributeTypes(fwObject, typeArray, ulCount);
+}
+
+/*
+ * NSSCKFWObject_GetAttributeSize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+NSSCKFWObject_GetAttributeSize(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_GetAttributeSize(fwObject, attribute, pError);
+}
+
+/*
+ * NSSCKFWObject_GetAttribute
+ *
+ */
+NSS_IMPLEMENT NSSItem *
+NSSCKFWObject_GetAttribute(
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *itemOpt,
+    NSSArena *arenaOpt,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (NSSItem *)NULL;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (NSSItem *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_GetAttribute(fwObject, attribute, itemOpt, arenaOpt, pError);
+}
+
+/*
+ * NSSCKFWObject_GetObjectSize
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+NSSCKFWObject_GetObjectSize(
+    NSSCKFWObject *fwObject,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWObject_GetObjectSize(fwObject, pError);
+}
diff --git a/nss/lib/ckfw/session.c b/nss/lib/ckfw/session.c
new file mode 100644
index 0000000..a311934
--- /dev/null
+++ b/nss/lib/ckfw/session.c
@@ -0,0 +1,2390 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * session.c
+ *
+ * This file implements the NSSCKFWSession type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWSession
+ *
+ *  -- create/destroy --
+ *  nssCKFWSession_Create
+ *  nssCKFWSession_Destroy
+ *
+ *  -- public accessors --
+ *  NSSCKFWSession_GetMDSession
+ *  NSSCKFWSession_GetArena
+ *  NSSCKFWSession_CallNotification
+ *  NSSCKFWSession_IsRWSession
+ *  NSSCKFWSession_IsSO
+ *  NSSCKFWSession_GetFWSlot
+ *
+ *  -- implement public accessors --
+ *  nssCKFWSession_GetMDSession
+ *  nssCKFWSession_GetArena
+ *  nssCKFWSession_CallNotification
+ *  nssCKFWSession_IsRWSession
+ *  nssCKFWSession_IsSO
+ *  nssCKFWSession_GetFWSlot
+ *
+ *  -- private accessors --
+ *  nssCKFWSession_GetSessionState
+ *  nssCKFWSession_SetFWFindObjects
+ *  nssCKFWSession_GetFWFindObjects
+ *  nssCKFWSession_SetMDSession
+ *  nssCKFWSession_SetHandle
+ *  nssCKFWSession_GetHandle
+ *  nssCKFWSession_RegisterSessionObject
+ *  nssCKFWSession_DeegisterSessionObject
+ *
+ *  -- module fronts --
+ *  nssCKFWSession_GetDeviceError
+ *  nssCKFWSession_Login
+ *  nssCKFWSession_Logout
+ *  nssCKFWSession_InitPIN
+ *  nssCKFWSession_SetPIN
+ *  nssCKFWSession_GetOperationStateLen
+ *  nssCKFWSession_GetOperationState
+ *  nssCKFWSession_SetOperationState
+ *  nssCKFWSession_CreateObject
+ *  nssCKFWSession_CopyObject
+ *  nssCKFWSession_FindObjectsInit
+ *  nssCKFWSession_SeedRandom
+ *  nssCKFWSession_GetRandom
+ */
+
+struct NSSCKFWSessionStr {
+    NSSArena *arena;
+    NSSCKMDSession *mdSession;
+    NSSCKFWToken *fwToken;
+    NSSCKMDToken *mdToken;
+    NSSCKFWInstance *fwInstance;
+    NSSCKMDInstance *mdInstance;
+    CK_VOID_PTR pApplication;
+    CK_NOTIFY Notify;
+
+    /*
+     * Everything above is set at creation time, and then not modified.
+     * The items below are atomic.  No locking required.  If we fear
+     * about pointer-copies being nonatomic, we'll lock fwFindObjects.
+     */
+
+    CK_BBOOL rw;
+    NSSCKFWFindObjects *fwFindObjects;
+    NSSCKFWCryptoOperation *fwOperationArray[NSSCKFWCryptoOperationState_Max];
+    nssCKFWHash *sessionObjectHash;
+    CK_SESSION_HANDLE hSession;
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+session_add_pointer(
+    const NSSCKFWSession *fwSession)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+session_remove_pointer(
+    const NSSCKFWSession *fwSession)
+{
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_verifyPointer(
+    const NSSCKFWSession *fwSession)
+{
+    return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWSession_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSession *
+nssCKFWSession_Create(
+    NSSCKFWToken *fwToken,
+    CK_BBOOL rw,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_RV *pError)
+{
+    NSSArena *arena = (NSSArena *)NULL;
+    NSSCKFWSession *fwSession;
+    NSSCKFWSlot *fwSlot;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWSession *)NULL;
+    }
+
+    *pError = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWSession *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    arena = NSSArena_Create();
+    if (!arena) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKFWSession *)NULL;
+    }
+
+    fwSession = nss_ZNEW(arena, NSSCKFWSession);
+    if (!fwSession) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fwSession->arena = arena;
+    fwSession->mdSession = (NSSCKMDSession *)NULL; /* set later */
+    fwSession->fwToken = fwToken;
+    fwSession->mdToken = nssCKFWToken_GetMDToken(fwToken);
+
+    fwSlot = nssCKFWToken_GetFWSlot(fwToken);
+    fwSession->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
+    fwSession->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
+
+    fwSession->rw = rw;
+    fwSession->pApplication = pApplication;
+    fwSession->Notify = Notify;
+
+    fwSession->fwFindObjects = (NSSCKFWFindObjects *)NULL;
+
+    fwSession->sessionObjectHash = nssCKFWHash_Create(fwSession->fwInstance, arena, pError);
+    if (!fwSession->sessionObjectHash) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto loser;
+    }
+
+#ifdef DEBUG
+    *pError = session_add_pointer(fwSession);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+#endif /* DEBUG */
+
+    return fwSession;
+
+loser:
+    if (arena) {
+        if (fwSession && fwSession->sessionObjectHash) {
+            (void)nssCKFWHash_Destroy(fwSession->sessionObjectHash);
+        }
+        NSSArena_Destroy(arena);
+    }
+
+    return (NSSCKFWSession *)NULL;
+}
+
+static void
+nss_ckfw_session_object_destroy_iterator(
+    const void *key,
+    void *value,
+    void *closure)
+{
+    NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
+    nssCKFWObject_Finalize(fwObject, PR_TRUE);
+}
+
+/*
+ * nssCKFWSession_Destroy
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_Destroy(
+    NSSCKFWSession *fwSession,
+    CK_BBOOL removeFromTokenHash)
+{
+    CK_RV error = CKR_OK;
+    nssCKFWHash *sessionObjectHash;
+    NSSCKFWCryptoOperationState i;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    if (removeFromTokenHash) {
+        error = nssCKFWToken_RemoveSession(fwSession->fwToken, fwSession);
+    }
+
+    /*
+     * Invalidate session objects
+     */
+
+    sessionObjectHash = fwSession->sessionObjectHash;
+    fwSession->sessionObjectHash = (nssCKFWHash *)NULL;
+
+    nssCKFWHash_Iterate(sessionObjectHash,
+                        nss_ckfw_session_object_destroy_iterator,
+                        (void *)NULL);
+
+    for (i = 0; i < NSSCKFWCryptoOperationState_Max; i++) {
+        if (fwSession->fwOperationArray[i]) {
+            nssCKFWCryptoOperation_Destroy(fwSession->fwOperationArray[i]);
+        }
+    }
+
+#ifdef DEBUG
+    (void)session_remove_pointer(fwSession);
+#endif /* DEBUG */
+    (void)nssCKFWHash_Destroy(sessionObjectHash);
+    NSSArena_Destroy(fwSession->arena);
+
+    return error;
+}
+
+/*
+ * nssCKFWSession_GetMDSession
+ *
+ */
+NSS_IMPLEMENT NSSCKMDSession *
+nssCKFWSession_GetMDSession(
+    NSSCKFWSession *fwSession)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return (NSSCKMDSession *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSession->mdSession;
+}
+
+/*
+ * nssCKFWSession_GetArena
+ *
+ */
+NSS_IMPLEMENT NSSArena *
+nssCKFWSession_GetArena(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    *pError = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != *pError) {
+        return (NSSArena *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSession->arena;
+}
+
+/*
+ * nssCKFWSession_CallNotification
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_CallNotification(
+    NSSCKFWSession *fwSession,
+    CK_NOTIFICATION event)
+{
+    CK_RV error = CKR_OK;
+    CK_SESSION_HANDLE handle;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    if ((CK_NOTIFY)NULL == fwSession->Notify) {
+        return CKR_OK;
+    }
+
+    handle = nssCKFWInstance_FindSessionHandle(fwSession->fwInstance, fwSession);
+    if ((CK_SESSION_HANDLE)0 == handle) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    error = fwSession->Notify(handle, event, fwSession->pApplication);
+
+    return error;
+}
+
+/*
+ * nssCKFWSession_IsRWSession
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWSession_IsRWSession(
+    NSSCKFWSession *fwSession)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSession->rw;
+}
+
+/*
+ * nssCKFWSession_IsSO
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWSession_IsSO(
+    NSSCKFWSession *fwSession)
+{
+    CK_STATE state;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    state = nssCKFWToken_GetSessionState(fwSession->fwToken);
+    switch (state) {
+        case CKS_RO_PUBLIC_SESSION:
+        case CKS_RO_USER_FUNCTIONS:
+        case CKS_RW_PUBLIC_SESSION:
+        case CKS_RW_USER_FUNCTIONS:
+            return CK_FALSE;
+        case CKS_RW_SO_FUNCTIONS:
+            return CK_TRUE;
+        default:
+            return CK_FALSE;
+    }
+}
+
+/*
+ * nssCKFWSession_GetFWSlot
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSlot *
+nssCKFWSession_GetFWSlot(
+    NSSCKFWSession *fwSession)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return (NSSCKFWSlot *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return nssCKFWToken_GetFWSlot(fwSession->fwToken);
+}
+
+/*
+ * nssCFKWSession_GetSessionState
+ *
+ */
+NSS_IMPLEMENT CK_STATE
+nssCKFWSession_GetSessionState(
+    NSSCKFWSession *fwSession)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return CKS_RO_PUBLIC_SESSION; /* whatever */
+    }
+#endif /* NSSDEBUG */
+
+    return nssCKFWToken_GetSessionState(fwSession->fwToken);
+}
+
+/*
+ * nssCKFWSession_SetFWFindObjects
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_SetFWFindObjects(
+    NSSCKFWSession *fwSession,
+    NSSCKFWFindObjects *fwFindObjects)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+#endif /* NSSDEBUG */
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+/* fwFindObjects may be null */
+#endif /* NSSDEBUG */
+
+    if ((fwSession->fwFindObjects) &&
+        (fwFindObjects)) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    fwSession->fwFindObjects = fwFindObjects;
+
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWSession_GetFWFindObjects
+ *
+ */
+NSS_IMPLEMENT NSSCKFWFindObjects *
+nssCKFWSession_GetFWFindObjects(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWFindObjects *)NULL;
+    }
+
+    *pError = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWFindObjects *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSession->fwFindObjects) {
+        *pError = CKR_OPERATION_NOT_INITIALIZED;
+        return (NSSCKFWFindObjects *)NULL;
+    }
+
+    return fwSession->fwFindObjects;
+}
+
+/*
+ * nssCKFWSession_SetMDSession
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_SetMDSession(
+    NSSCKFWSession *fwSession,
+    NSSCKMDSession *mdSession)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+#endif /* NSSDEBUG */
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!mdSession) {
+        return CKR_ARGUMENTS_BAD;
+    }
+#endif /* NSSDEBUG */
+
+    if (fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    fwSession->mdSession = mdSession;
+
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWSession_SetHandle
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_SetHandle(
+    NSSCKFWSession *fwSession,
+    CK_SESSION_HANDLE hSession)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+#endif /* NSSDEBUG */
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    if ((CK_SESSION_HANDLE)0 != fwSession->hSession) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    fwSession->hSession = hSession;
+
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWSession_GetHandle
+ *
+ */
+NSS_IMPLEMENT CK_SESSION_HANDLE
+nssCKFWSession_GetHandle(
+    NSSCKFWSession *fwSession)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSession->hSession;
+}
+
+/*
+ * nssCKFWSession_RegisterSessionObject
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_RegisterSessionObject(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+    CK_RV rv = CKR_OK;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    if (fwSession->sessionObjectHash) {
+        rv = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
+    }
+
+    return rv;
+}
+
+/*
+ * nssCKFWSession_DeregisterSessionObject
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_DeregisterSessionObject(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    if (fwSession->sessionObjectHash) {
+        nssCKFWHash_Remove(fwSession->sessionObjectHash, fwObject);
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWSession_GetDeviceError
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWSession_GetDeviceError(
+    NSSCKFWSession *fwSession)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return (CK_ULONG)0;
+    }
+
+    if (!fwSession->mdSession) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSession->mdSession->GetDeviceError) {
+        return (CK_ULONG)0;
+    }
+
+    return fwSession->mdSession->GetDeviceError(fwSession->mdSession,
+                                                fwSession, fwSession->mdToken, fwSession->fwToken,
+                                                fwSession->mdInstance, fwSession->fwInstance);
+}
+
+/*
+ * nssCKFWSession_Login
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_Login(
+    NSSCKFWSession *fwSession,
+    CK_USER_TYPE userType,
+    NSSItem *pin)
+{
+    CK_RV error = CKR_OK;
+    CK_STATE oldState;
+    CK_STATE newState;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    switch (userType) {
+        case CKU_SO:
+        case CKU_USER:
+            break;
+        default:
+            return CKR_USER_TYPE_INVALID;
+    }
+
+    if (!pin) {
+        if (CK_TRUE != nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken)) {
+            return CKR_ARGUMENTS_BAD;
+        }
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
+
+    /*
+     * It's not clear what happens when you're already logged in.
+     * I'll just fail; but if we decide to change, the logic is
+     * all right here.
+     */
+
+    if (CKU_SO == userType) {
+        switch (oldState) {
+            case CKS_RO_PUBLIC_SESSION:
+                /*
+                 * There's no such thing as a read-only security officer
+                 * session, so fail.  The error should be CKR_SESSION_READ_ONLY,
+                 * except that C_Login isn't defined to return that.  So we'll
+                 * do CKR_SESSION_READ_ONLY_EXISTS, which is what is documented.
+                 */
+                return CKR_SESSION_READ_ONLY_EXISTS;
+            case CKS_RO_USER_FUNCTIONS:
+                return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+            case CKS_RW_PUBLIC_SESSION:
+                newState =
+                    CKS_RW_SO_FUNCTIONS;
+                break;
+            case CKS_RW_USER_FUNCTIONS:
+                return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+            case CKS_RW_SO_FUNCTIONS:
+                return CKR_USER_ALREADY_LOGGED_IN;
+            default:
+                return CKR_GENERAL_ERROR;
+        }
+    } else /* CKU_USER == userType */ {
+        switch (oldState) {
+            case CKS_RO_PUBLIC_SESSION:
+                newState =
+                    CKS_RO_USER_FUNCTIONS;
+                break;
+            case CKS_RO_USER_FUNCTIONS:
+                return CKR_USER_ALREADY_LOGGED_IN;
+            case CKS_RW_PUBLIC_SESSION:
+                newState =
+                    CKS_RW_USER_FUNCTIONS;
+                break;
+            case CKS_RW_USER_FUNCTIONS:
+                return CKR_USER_ALREADY_LOGGED_IN;
+            case CKS_RW_SO_FUNCTIONS:
+                return CKR_USER_ANOTHER_ALREADY_LOGGED_IN;
+            default:
+                return CKR_GENERAL_ERROR;
+        }
+    }
+
+    /*
+     * So now we're in one of three cases:
+     *
+     * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_SO_FUNCTIONS;
+     * Old == CKS_RW_PUBLIC_SESSION, New == CKS_RW_USER_FUNCTIONS;
+     * Old == CKS_RO_PUBLIC_SESSION, New == CKS_RO_USER_FUNCTIONS;
+     */
+
+    if (!fwSession->mdSession->Login) {
+        /*
+         * The Module doesn't want to be informed (or check the pin)
+         * it'll just rely on the Framework as needed.
+         */
+        ;
+    } else {
+        error = fwSession->mdSession->Login(fwSession->mdSession, fwSession,
+                                            fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                            fwSession->fwInstance, userType, pin, oldState, newState);
+        if (CKR_OK != error) {
+            return error;
+        }
+    }
+
+    (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWSession_Logout
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_Logout(
+    NSSCKFWSession *fwSession)
+{
+    CK_RV error = CKR_OK;
+    CK_STATE oldState;
+    CK_STATE newState;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    oldState = nssCKFWToken_GetSessionState(fwSession->fwToken);
+
+    switch (oldState) {
+        case CKS_RO_PUBLIC_SESSION:
+            return CKR_USER_NOT_LOGGED_IN;
+        case CKS_RO_USER_FUNCTIONS:
+            newState = CKS_RO_PUBLIC_SESSION;
+            break;
+        case CKS_RW_PUBLIC_SESSION:
+            return CKR_USER_NOT_LOGGED_IN;
+        case CKS_RW_USER_FUNCTIONS:
+            newState = CKS_RW_PUBLIC_SESSION;
+            break;
+        case CKS_RW_SO_FUNCTIONS:
+            newState = CKS_RW_PUBLIC_SESSION;
+            break;
+        default:
+            return CKR_GENERAL_ERROR;
+    }
+
+    /*
+     * So now we're in one of three cases:
+     *
+     * Old == CKS_RW_SO_FUNCTIONS,   New == CKS_RW_PUBLIC_SESSION;
+     * Old == CKS_RW_USER_FUNCTIONS, New == CKS_RW_PUBLIC_SESSION;
+     * Old == CKS_RO_USER_FUNCTIONS, New == CKS_RO_PUBLIC_SESSION;
+     */
+
+    if (!fwSession->mdSession->Logout) {
+        /*
+         * The Module doesn't want to be informed.  Okay.
+         */
+        ;
+    } else {
+        error = fwSession->mdSession->Logout(fwSession->mdSession, fwSession,
+                                             fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                             fwSession->fwInstance, oldState, newState);
+        if (CKR_OK != error) {
+            /*
+             * Now what?!  A failure really should end up with the Framework
+             * considering it logged out, right?
+             */
+            ;
+        }
+    }
+
+    (void)nssCKFWToken_SetSessionState(fwSession->fwToken, newState);
+    return error;
+}
+
+/*
+ * nssCKFWSession_InitPIN
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_InitPIN(
+    NSSCKFWSession *fwSession,
+    NSSItem *pin)
+{
+    CK_RV error = CKR_OK;
+    CK_STATE state;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    state = nssCKFWToken_GetSessionState(fwSession->fwToken);
+    if (CKS_RW_SO_FUNCTIONS != state) {
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+
+    if (!pin) {
+        CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
+        if (CK_TRUE != has) {
+            return CKR_ARGUMENTS_BAD;
+        }
+    }
+
+    if (!fwSession->mdSession->InitPIN) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    error = fwSession->mdSession->InitPIN(fwSession->mdSession, fwSession,
+                                          fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                          fwSession->fwInstance, pin);
+
+    return error;
+}
+
+/*
+ * nssCKFWSession_SetPIN
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_SetPIN(
+    NSSCKFWSession *fwSession,
+    NSSItem *oldPin,
+    NSSItem *newPin)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    if (!newPin) {
+        CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
+        if (CK_TRUE != has) {
+            return CKR_ARGUMENTS_BAD;
+        }
+    }
+
+    if (!oldPin) {
+        CK_BBOOL has = nssCKFWToken_GetHasProtectedAuthenticationPath(fwSession->fwToken);
+        if (CK_TRUE != has) {
+            return CKR_ARGUMENTS_BAD;
+        }
+    }
+
+    if (!fwSession->mdSession->SetPIN) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    error = fwSession->mdSession->SetPIN(fwSession->mdSession, fwSession,
+                                         fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                         fwSession->fwInstance, oldPin, newPin);
+
+    return error;
+}
+
+/*
+ * nssCKFWSession_GetOperationStateLen
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWSession_GetOperationStateLen(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+    CK_ULONG mdAmt;
+    CK_ULONG fwAmt;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (CK_ULONG)0;
+    }
+
+    *pError = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != *pError) {
+        return (CK_ULONG)0;
+    }
+
+    if (!fwSession->mdSession) {
+        *pError = CKR_GENERAL_ERROR;
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSession->mdSession->GetOperationStateLen) {
+        *pError = CKR_STATE_UNSAVEABLE;
+        return (CK_ULONG)0;
+    }
+
+    /*
+     * We could check that the session is actually in some state..
+     */
+
+    mdAmt = fwSession->mdSession->GetOperationStateLen(fwSession->mdSession,
+                                                       fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                                       fwSession->fwInstance, pError);
+
+    if (((CK_ULONG)0 == mdAmt) && (CKR_OK != *pError)) {
+        return (CK_ULONG)0;
+    }
+
+    /*
+     * Add a bit of sanity-checking
+     */
+    fwAmt = mdAmt + 2 * sizeof(CK_ULONG);
+
+    return fwAmt;
+}
+
+/*
+ * nssCKFWSession_GetOperationState
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_GetOperationState(
+    NSSCKFWSession *fwSession,
+    NSSItem *buffer)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG fwAmt;
+    CK_ULONG *ulBuffer;
+    NSSItem i2;
+    CK_ULONG n, i;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!buffer) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!buffer->data) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSession->mdSession->GetOperationState) {
+        return CKR_STATE_UNSAVEABLE;
+    }
+
+    /*
+     * Sanity-check the caller's buffer.
+     */
+
+    error = CKR_OK;
+    fwAmt = nssCKFWSession_GetOperationStateLen(fwSession, &error);
+    if (((CK_ULONG)0 == fwAmt) && (CKR_OK != error)) {
+        return error;
+    }
+
+    if (buffer->size < fwAmt) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+
+    ulBuffer = (CK_ULONG *)buffer->data;
+
+    i2.size = buffer->size - 2 * sizeof(CK_ULONG);
+    i2.data = (void *)&ulBuffer[2];
+
+    error = fwSession->mdSession->GetOperationState(fwSession->mdSession,
+                                                    fwSession, fwSession->mdToken, fwSession->fwToken,
+                                                    fwSession->mdInstance, fwSession->fwInstance, &i2);
+
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    /*
+     * Add a little integrety/identity check.
+     * NOTE: right now, it's pretty stupid.
+     * A CRC or something would be better.
+     */
+
+    ulBuffer[0] = 0x434b4657; /* CKFW */
+    ulBuffer[1] = 0;
+    n = i2.size / sizeof(CK_ULONG);
+    for (i = 0; i < n; i++) {
+        ulBuffer[1] ^= ulBuffer[2 + i];
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWSession_SetOperationState
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_SetOperationState(
+    NSSCKFWSession *fwSession,
+    NSSItem *state,
+    NSSCKFWObject *encryptionKey,
+    NSSCKFWObject *authenticationKey)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG *ulBuffer;
+    CK_ULONG n, i;
+    CK_ULONG x;
+    NSSItem s;
+    NSSCKMDObject *mdek;
+    NSSCKMDObject *mdak;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!state) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!state->data) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (encryptionKey) {
+        error = nssCKFWObject_verifyPointer(encryptionKey);
+        if (CKR_OK != error) {
+            return error;
+        }
+    }
+
+    if (authenticationKey) {
+        error = nssCKFWObject_verifyPointer(authenticationKey);
+        if (CKR_OK != error) {
+            return error;
+        }
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    ulBuffer = (CK_ULONG *)state->data;
+    if (0x43b4657 != ulBuffer[0]) {
+        return CKR_SAVED_STATE_INVALID;
+    }
+    n = (state->size / sizeof(CK_ULONG)) - 2;
+    x = (CK_ULONG)0;
+    for (i = 0; i < n; i++) {
+        x ^= ulBuffer[2 + i];
+    }
+
+    if (x != ulBuffer[1]) {
+        return CKR_SAVED_STATE_INVALID;
+    }
+
+    if (!fwSession->mdSession->SetOperationState) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    s.size = state->size - 2 * sizeof(CK_ULONG);
+    s.data = (void *)&ulBuffer[2];
+
+    if (encryptionKey) {
+        mdek = nssCKFWObject_GetMDObject(encryptionKey);
+    } else {
+        mdek = (NSSCKMDObject *)NULL;
+    }
+
+    if (authenticationKey) {
+        mdak = nssCKFWObject_GetMDObject(authenticationKey);
+    } else {
+        mdak = (NSSCKMDObject *)NULL;
+    }
+
+    error = fwSession->mdSession->SetOperationState(fwSession->mdSession,
+                                                    fwSession, fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                                    fwSession->fwInstance, &s, mdek, encryptionKey, mdak, authenticationKey);
+
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    /*
+     * Here'd we restore any session data
+     */
+
+    return CKR_OK;
+}
+
+static CK_BBOOL
+nss_attributes_form_token_object(
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount)
+{
+    CK_ULONG i;
+    CK_BBOOL rv;
+
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (CKA_TOKEN == pTemplate[i].type) {
+            /* If we sanity-check, we can remove this sizeof check */
+            if (sizeof(CK_BBOOL) == pTemplate[i].ulValueLen) {
+                (void)nsslibc_memcpy(&rv, pTemplate[i].pValue, sizeof(CK_BBOOL));
+                return rv;
+            } else {
+                return CK_FALSE;
+            }
+        }
+    }
+
+    return CK_FALSE;
+}
+
+/*
+ * nssCKFWSession_CreateObject
+ *
+ */
+NSS_IMPLEMENT NSSCKFWObject *
+nssCKFWSession_CreateObject(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSArena *arena;
+    NSSCKMDObject *mdObject;
+    NSSCKFWObject *fwObject;
+    CK_BBOOL isTokenObject;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    *pError = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSCKFWObject *)NULL;
+    }
+
+    if (!fwSession->mdSession) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKFWObject *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    /*
+     * Here would be an excellent place to sanity-check the object.
+     */
+
+    isTokenObject = nss_attributes_form_token_object(pTemplate, ulAttributeCount);
+    if (CK_TRUE == isTokenObject) {
+        /* === TOKEN OBJECT === */
+
+        if (!fwSession->mdSession->CreateObject) {
+            *pError = CKR_TOKEN_WRITE_PROTECTED;
+            return (NSSCKFWObject *)NULL;
+        }
+
+        arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
+        if (!arena) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            return (NSSCKFWObject *)NULL;
+        }
+
+        goto callmdcreateobject;
+    } else {
+        /* === SESSION OBJECT === */
+
+        arena = nssCKFWSession_GetArena(fwSession, pError);
+        if (!arena) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            return (NSSCKFWObject *)NULL;
+        }
+
+        if (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
+                           fwSession->fwInstance)) {
+            /* --- module handles the session object -- */
+
+            if (!fwSession->mdSession->CreateObject) {
+                *pError = CKR_GENERAL_ERROR;
+                return (NSSCKFWObject *)NULL;
+            }
+
+            goto callmdcreateobject;
+        } else {
+            /* --- framework handles the session object -- */
+            mdObject = nssCKMDSessionObject_Create(fwSession->fwToken,
+                                                   arena, pTemplate, ulAttributeCount, pError);
+            goto gotmdobject;
+        }
+    }
+
+callmdcreateobject:
+    mdObject = fwSession->mdSession->CreateObject(fwSession->mdSession,
+                                                  fwSession, fwSession->mdToken, fwSession->fwToken,
+                                                  fwSession->mdInstance, fwSession->fwInstance, arena, pTemplate,
+                                                  ulAttributeCount, pError);
+
+gotmdobject:
+    if (!mdObject) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        return (NSSCKFWObject *)NULL;
+    }
+
+    fwObject = nssCKFWObject_Create(arena, mdObject,
+                                    isTokenObject ? NULL
+                                                  : fwSession,
+                                    fwSession->fwToken, fwSession->fwInstance, pError);
+    if (!fwObject) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+
+        if (mdObject->Destroy) {
+            (void)mdObject->Destroy(mdObject, (NSSCKFWObject *)NULL,
+                                    fwSession->mdSession, fwSession, fwSession->mdToken,
+                                    fwSession->fwToken, fwSession->mdInstance, fwSession->fwInstance);
+        }
+
+        return (NSSCKFWObject *)NULL;
+    }
+
+    if (CK_FALSE == isTokenObject) {
+        if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, fwObject)) {
+            *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, fwObject, fwObject);
+            if (CKR_OK != *pError) {
+                nssCKFWObject_Finalize(fwObject, PR_TRUE);
+                return (NSSCKFWObject *)NULL;
+            }
+        }
+    }
+
+    return fwObject;
+}
+
+/*
+ * nssCKFWSession_CopyObject
+ *
+ */
+NSS_IMPLEMENT NSSCKFWObject *
+nssCKFWSession_CopyObject(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    CK_BBOOL oldIsToken;
+    CK_BBOOL newIsToken;
+    CK_ULONG i;
+    NSSCKFWObject *rv;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    *pError = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    *pError = nssCKFWObject_verifyPointer(fwObject);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWObject *)NULL;
+    }
+
+    if (!fwSession->mdSession) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKFWObject *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    /*
+     * Sanity-check object
+     */
+
+    if (!fwObject) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSCKFWObject *)NULL;
+    }
+
+    oldIsToken = nssCKFWObject_IsTokenObject(fwObject);
+
+    newIsToken = oldIsToken;
+    for (i = 0; i < ulAttributeCount; i++) {
+        if (CKA_TOKEN == pTemplate[i].type) {
+            /* Since we sanity-checked the object, we know this is the right size. */
+            (void)nsslibc_memcpy(&newIsToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
+            break;
+        }
+    }
+
+    /*
+     * If the Module handles its session objects, or if both the new
+     * and old object are token objects, use CopyObject if it exists.
+     */
+
+    if ((fwSession->mdSession->CopyObject) &&
+        (((CK_TRUE == oldIsToken) && (CK_TRUE == newIsToken)) ||
+         (CK_TRUE == nssCKFWInstance_GetModuleHandlesSessionObjects(
+                         fwSession->fwInstance)))) {
+        /* use copy object */
+        NSSArena *arena;
+        NSSCKMDObject *mdOldObject;
+        NSSCKMDObject *mdObject;
+
+        mdOldObject = nssCKFWObject_GetMDObject(fwObject);
+
+        if (CK_TRUE == newIsToken) {
+            arena = nssCKFWToken_GetArena(fwSession->fwToken, pError);
+        } else {
+            arena = nssCKFWSession_GetArena(fwSession, pError);
+        }
+        if (!arena) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            return (NSSCKFWObject *)NULL;
+        }
+
+        mdObject = fwSession->mdSession->CopyObject(fwSession->mdSession,
+                                                    fwSession, fwSession->mdToken, fwSession->fwToken,
+                                                    fwSession->mdInstance, fwSession->fwInstance, mdOldObject,
+                                                    fwObject, arena, pTemplate, ulAttributeCount, pError);
+        if (!mdObject) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            return (NSSCKFWObject *)NULL;
+        }
+
+        rv = nssCKFWObject_Create(arena, mdObject,
+                                  newIsToken ? NULL
+                                             : fwSession,
+                                  fwSession->fwToken, fwSession->fwInstance, pError);
+
+        if (CK_FALSE == newIsToken) {
+            if (CK_FALSE == nssCKFWHash_Exists(fwSession->sessionObjectHash, rv)) {
+                *pError = nssCKFWHash_Add(fwSession->sessionObjectHash, rv, rv);
+                if (CKR_OK != *pError) {
+                    nssCKFWObject_Finalize(rv, PR_TRUE);
+                    return (NSSCKFWObject *)NULL;
+                }
+            }
+        }
+
+        return rv;
+    } else {
+        /* use create object */
+        NSSArena *tmpArena;
+        CK_ATTRIBUTE_PTR newTemplate;
+        CK_ULONG i, j, n, newLength, k;
+        CK_ATTRIBUTE_TYPE_PTR oldTypes;
+        NSSCKFWObject *rv;
+
+        n = nssCKFWObject_GetAttributeCount(fwObject, pError);
+        if ((0 == n) && (CKR_OK != *pError)) {
+            return (NSSCKFWObject *)NULL;
+        }
+
+        tmpArena = NSSArena_Create();
+        if (!tmpArena) {
+            *pError = CKR_HOST_MEMORY;
+            return (NSSCKFWObject *)NULL;
+        }
+
+        oldTypes = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE_TYPE, n);
+        if ((CK_ATTRIBUTE_TYPE_PTR)NULL == oldTypes) {
+            NSSArena_Destroy(tmpArena);
+            *pError = CKR_HOST_MEMORY;
+            return (NSSCKFWObject *)NULL;
+        }
+
+        *pError = nssCKFWObject_GetAttributeTypes(fwObject, oldTypes, n);
+        if (CKR_OK != *pError) {
+            NSSArena_Destroy(tmpArena);
+            return (NSSCKFWObject *)NULL;
+        }
+
+        newLength = n;
+        for (i = 0; i < ulAttributeCount; i++) {
+            for (j = 0; j < n; j++) {
+                if (oldTypes[j] == pTemplate[i].type) {
+                    if ((CK_VOID_PTR)NULL ==
+                        pTemplate[i].pValue) {
+                        /* Removing the attribute */
+                        newLength--;
+                    }
+                    break;
+                }
+            }
+            if (j == n) {
+                /* Not found */
+                newLength++;
+            }
+        }
+
+        newTemplate = nss_ZNEWARRAY(tmpArena, CK_ATTRIBUTE, newLength);
+        if ((CK_ATTRIBUTE_PTR)NULL == newTemplate) {
+            NSSArena_Destroy(tmpArena);
+            *pError = CKR_HOST_MEMORY;
+            return (NSSCKFWObject *)NULL;
+        }
+
+        k = 0;
+        for (j = 0; j < n; j++) {
+            for (i = 0; i < ulAttributeCount; i++) {
+                if (oldTypes[j] == pTemplate[i].type) {
+                    if ((CK_VOID_PTR)NULL ==
+                        pTemplate[i].pValue) {
+                        /* This attribute is being deleted */
+                        ;
+                    } else {
+                        /* This attribute is being replaced */
+                        newTemplate[k].type =
+                            pTemplate[i].type;
+                        newTemplate[k].pValue =
+                            pTemplate[i].pValue;
+                        newTemplate[k].ulValueLen =
+                            pTemplate[i].ulValueLen;
+                        k++;
+                    }
+                    break;
+                }
+            }
+            if (i == ulAttributeCount) {
+                /* This attribute is being copied over from the old object */
+                NSSItem item, *it;
+                item.size = 0;
+                item.data = (void *)NULL;
+                it = nssCKFWObject_GetAttribute(fwObject, oldTypes[j],
+                                                &item, tmpArena, pError);
+                if (!it) {
+                    if (CKR_OK ==
+                        *pError) {
+                        *pError =
+                            CKR_GENERAL_ERROR;
+                    }
+                    NSSArena_Destroy(tmpArena);
+                    return (NSSCKFWObject *)NULL;
+                }
+                newTemplate[k].type = oldTypes[j];
+                newTemplate[k].pValue = it->data;
+                newTemplate[k].ulValueLen = it->size;
+                k++;
+            }
+        }
+        /* assert that k == newLength */
+
+        rv = nssCKFWSession_CreateObject(fwSession, newTemplate, newLength, pError);
+        if (!rv) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            NSSArena_Destroy(tmpArena);
+            return (NSSCKFWObject *)NULL;
+        }
+
+        NSSArena_Destroy(tmpArena);
+        return rv;
+    }
+}
+
+/*
+ * nssCKFWSession_FindObjectsInit
+ *
+ */
+NSS_IMPLEMENT NSSCKFWFindObjects *
+nssCKFWSession_FindObjectsInit(
+    NSSCKFWSession *fwSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_RV *pError)
+{
+    NSSCKMDFindObjects *mdfo1 = (NSSCKMDFindObjects *)NULL;
+    NSSCKMDFindObjects *mdfo2 = (NSSCKMDFindObjects *)NULL;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWFindObjects *)NULL;
+    }
+
+    *pError = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWFindObjects *)NULL;
+    }
+
+    if (((CK_ATTRIBUTE_PTR)NULL == pTemplate) && (ulAttributeCount != 0)) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSCKFWFindObjects *)NULL;
+    }
+
+    if (!fwSession->mdSession) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKFWFindObjects *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
+                       fwSession->fwInstance)) {
+        CK_ULONG i;
+
+        /*
+         * Does the search criteria restrict us to token or session
+         * objects?
+         */
+
+        for (i = 0; i < ulAttributeCount; i++) {
+            if (CKA_TOKEN == pTemplate[i].type) {
+                /* Yes, it does. */
+                CK_BBOOL isToken;
+                if (sizeof(CK_BBOOL) != pTemplate[i].ulValueLen) {
+                    *pError =
+                        CKR_ATTRIBUTE_VALUE_INVALID;
+                    return (NSSCKFWFindObjects *)NULL;
+                }
+                (void)nsslibc_memcpy(&isToken, pTemplate[i].pValue, sizeof(CK_BBOOL));
+
+                if (CK_TRUE == isToken) {
+                    /* Pass it on to the module's search routine */
+                    if (!fwSession->mdSession->FindObjectsInit) {
+                        goto wrap;
+                    }
+
+                    mdfo1 =
+                        fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
+                                                              fwSession, fwSession->mdToken, fwSession->fwToken,
+                                                              fwSession->mdInstance, fwSession->fwInstance,
+                                                              pTemplate, ulAttributeCount, pError);
+                } else {
+                    /* Do the search ourselves */
+                    mdfo1 =
+                        nssCKMDFindSessionObjects_Create(fwSession->fwToken,
+                                                         pTemplate, ulAttributeCount, pError);
+                }
+
+                if (!mdfo1) {
+                    if (CKR_OK ==
+                        *pError) {
+                        *pError =
+                            CKR_GENERAL_ERROR;
+                    }
+                    return (NSSCKFWFindObjects *)NULL;
+                }
+
+                goto wrap;
+            }
+        }
+
+        if (i == ulAttributeCount) {
+            /* No, it doesn't.  Do a hybrid search. */
+            mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
+                                                          fwSession, fwSession->mdToken, fwSession->fwToken,
+                                                          fwSession->mdInstance, fwSession->fwInstance,
+                                                          pTemplate, ulAttributeCount, pError);
+
+            if (!mdfo1) {
+                if (CKR_OK == *pError) {
+                    *pError =
+                        CKR_GENERAL_ERROR;
+                }
+                return (NSSCKFWFindObjects *)NULL;
+            }
+
+            mdfo2 = nssCKMDFindSessionObjects_Create(fwSession->fwToken,
+                                                     pTemplate, ulAttributeCount, pError);
+            if (!mdfo2) {
+                if (CKR_OK == *pError) {
+                    *pError =
+                        CKR_GENERAL_ERROR;
+                }
+                if (mdfo1->Final) {
+                    mdfo1->Final(mdfo1, (NSSCKFWFindObjects *)NULL, fwSession->mdSession,
+                                 fwSession, fwSession->mdToken, fwSession->fwToken,
+                                 fwSession->mdInstance, fwSession->fwInstance);
+                }
+                return (NSSCKFWFindObjects *)NULL;
+            }
+
+            goto wrap;
+        }
+        /*NOTREACHED*/
+    } else {
+        /* Module handles all its own objects.  Pass on to module's search */
+        mdfo1 = fwSession->mdSession->FindObjectsInit(fwSession->mdSession,
+                                                      fwSession, fwSession->mdToken, fwSession->fwToken,
+                                                      fwSession->mdInstance, fwSession->fwInstance,
+                                                      pTemplate, ulAttributeCount, pError);
+
+        if (!mdfo1) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            return (NSSCKFWFindObjects *)NULL;
+        }
+
+        goto wrap;
+    }
+
+wrap:
+    return nssCKFWFindObjects_Create(fwSession, fwSession->fwToken,
+                                     fwSession->fwInstance, mdfo1, mdfo2, pError);
+}
+
+/*
+ * nssCKFWSession_SeedRandom
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_SeedRandom(
+    NSSCKFWSession *fwSession,
+    NSSItem *seed)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!seed) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!seed->data) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (0 == seed->size) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSession->mdSession->SeedRandom) {
+        return CKR_RANDOM_SEED_NOT_SUPPORTED;
+    }
+
+    error = fwSession->mdSession->SeedRandom(fwSession->mdSession, fwSession,
+                                             fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                             fwSession->fwInstance, seed);
+
+    return error;
+}
+
+/*
+ * nssCKFWSession_GetRandom
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_GetRandom(
+    NSSCKFWSession *fwSession,
+    NSSItem *buffer)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!buffer) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!buffer->data) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSession->mdSession->GetRandom) {
+        if (CK_TRUE == nssCKFWToken_GetHasRNG(fwSession->fwToken)) {
+            return CKR_GENERAL_ERROR;
+        } else {
+            return CKR_RANDOM_NO_RNG;
+        }
+    }
+
+    if (0 == buffer->size) {
+        return CKR_OK;
+    }
+
+    error = fwSession->mdSession->GetRandom(fwSession->mdSession, fwSession,
+                                            fwSession->mdToken, fwSession->fwToken, fwSession->mdInstance,
+                                            fwSession->fwInstance, buffer);
+
+    return error;
+}
+
+/*
+ * nssCKFWSession_SetCurrentCryptoOperation
+ */
+NSS_IMPLEMENT void
+nssCKFWSession_SetCurrentCryptoOperation(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperation *fwOperation,
+    NSSCKFWCryptoOperationState state)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return;
+    }
+
+    if (state >= NSSCKFWCryptoOperationState_Max) {
+        return;
+    }
+
+    if (!fwSession->mdSession) {
+        return;
+    }
+#endif /* NSSDEBUG */
+    fwSession->fwOperationArray[state] = fwOperation;
+    return;
+}
+
+/*
+ * nssCKFWSession_GetCurrentCryptoOperation
+ */
+NSS_IMPLEMENT NSSCKFWCryptoOperation *
+nssCKFWSession_GetCurrentCryptoOperation(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationState state)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return (NSSCKFWCryptoOperation *)NULL;
+    }
+
+    if (state >= NSSCKFWCryptoOperationState_Max) {
+        return (NSSCKFWCryptoOperation *)NULL;
+    }
+
+    if (!fwSession->mdSession) {
+        return (NSSCKFWCryptoOperation *)NULL;
+    }
+#endif /* NSSDEBUG */
+    return fwSession->fwOperationArray[state];
+}
+
+/*
+ * nssCKFWSession_Final
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_Final(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSItem outputBuffer;
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    /* make sure we have a valid operation initialized */
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+    if (!fwOperation) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* make sure it's the correct type */
+    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* handle buffer issues, note for Verify, the type is an input buffer. */
+    if (NSSCKFWCryptoOperationType_Verify == type) {
+        if ((CK_BYTE_PTR)NULL == outBuf) {
+            error = CKR_ARGUMENTS_BAD;
+            goto done;
+        }
+    } else {
+        CK_ULONG len = nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
+        CK_ULONG maxBufLen = *outBufLen;
+
+        if (CKR_OK != error) {
+            goto done;
+        }
+        *outBufLen = len;
+        if ((CK_BYTE_PTR)NULL == outBuf) {
+            return CKR_OK;
+        }
+
+        if (len > maxBufLen) {
+            return CKR_BUFFER_TOO_SMALL;
+        }
+    }
+    outputBuffer.data = outBuf;
+    outputBuffer.size = *outBufLen;
+
+    error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
+done:
+    if (CKR_BUFFER_TOO_SMALL == error) {
+        return error;
+    }
+    /* clean up our state */
+    nssCKFWCryptoOperation_Destroy(fwOperation);
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
+    return error;
+}
+
+/*
+ * nssCKFWSession_Update
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_Update(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSItem inputBuffer;
+    NSSItem outputBuffer;
+    CK_ULONG len;
+    CK_ULONG maxBufLen;
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    /* make sure we have a valid operation initialized */
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+    if (!fwOperation) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* make sure it's the correct type */
+    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    inputBuffer.data = inBuf;
+    inputBuffer.size = inBufLen;
+
+    /* handle buffer issues, note for Verify, the type is an input buffer. */
+    len = nssCKFWCryptoOperation_GetOperationLength(fwOperation, &inputBuffer,
+                                                    &error);
+    if (CKR_OK != error) {
+        return error;
+    }
+    maxBufLen = *outBufLen;
+
+    *outBufLen = len;
+    if ((CK_BYTE_PTR)NULL == outBuf) {
+        return CKR_OK;
+    }
+
+    if (len > maxBufLen) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+    outputBuffer.data = outBuf;
+    outputBuffer.size = *outBufLen;
+
+    return nssCKFWCryptoOperation_Update(fwOperation,
+                                         &inputBuffer, &outputBuffer);
+}
+
+/*
+ * nssCKFWSession_DigestUpdate
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_DigestUpdate(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSItem inputBuffer;
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    /* make sure we have a valid operation initialized */
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+    if (!fwOperation) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* make sure it's the correct type */
+    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    inputBuffer.data = inBuf;
+    inputBuffer.size = inBufLen;
+
+    error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
+    return error;
+}
+
+/*
+ * nssCKFWSession_DigestUpdate
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_DigestKey(
+    NSSCKFWSession *fwSession,
+    NSSCKFWObject *fwKey)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSItem *inputBuffer;
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    /* make sure we have a valid operation initialized */
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_Digest);
+    if (!fwOperation) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* make sure it's the correct type */
+    if (NSSCKFWCryptoOperationType_Digest !=
+        nssCKFWCryptoOperation_GetType(fwOperation)) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    error = nssCKFWCryptoOperation_DigestKey(fwOperation, fwKey);
+    if (CKR_FUNCTION_FAILED != error) {
+        return error;
+    }
+
+    /* no machine depended way for this to happen, do it by hand */
+    inputBuffer = nssCKFWObject_GetAttribute(fwKey, CKA_VALUE, NULL, NULL, &error);
+    if (!inputBuffer) {
+        /* couldn't get the value, just fail then */
+        return error;
+    }
+    error = nssCKFWCryptoOperation_DigestUpdate(fwOperation, inputBuffer);
+    nssItem_Destroy(inputBuffer);
+    return error;
+}
+
+/*
+ * nssCKFWSession_UpdateFinal
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_UpdateFinal(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType type,
+    NSSCKFWCryptoOperationState state,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSItem inputBuffer;
+    NSSItem outputBuffer;
+    PRBool isEncryptDecrypt;
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    /* make sure we have a valid operation initialized */
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+    if (!fwOperation) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* make sure it's the correct type */
+    if (type != nssCKFWCryptoOperation_GetType(fwOperation)) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    inputBuffer.data = inBuf;
+    inputBuffer.size = inBufLen;
+    isEncryptDecrypt = (PRBool)((NSSCKFWCryptoOperationType_Encrypt == type) ||
+                                (NSSCKFWCryptoOperationType_Decrypt == type));
+
+    /* handle buffer issues, note for Verify, the type is an input buffer. */
+    if (NSSCKFWCryptoOperationType_Verify == type) {
+        if ((CK_BYTE_PTR)NULL == outBuf) {
+            error = CKR_ARGUMENTS_BAD;
+            goto done;
+        }
+    } else {
+        CK_ULONG maxBufLen = *outBufLen;
+        CK_ULONG len;
+
+        len = (isEncryptDecrypt) ? nssCKFWCryptoOperation_GetOperationLength(fwOperation,
+                                                                             &inputBuffer, &error)
+                                 : nssCKFWCryptoOperation_GetFinalLength(fwOperation, &error);
+
+        if (CKR_OK != error) {
+            goto done;
+        }
+
+        *outBufLen = len;
+        if ((CK_BYTE_PTR)NULL == outBuf) {
+            return CKR_OK;
+        }
+
+        if (len > maxBufLen) {
+            return CKR_BUFFER_TOO_SMALL;
+        }
+    }
+    outputBuffer.data = outBuf;
+    outputBuffer.size = *outBufLen;
+
+    error = nssCKFWCryptoOperation_UpdateFinal(fwOperation,
+                                               &inputBuffer, &outputBuffer);
+
+    /* UpdateFinal isn't support, manually use Update and Final */
+    if (CKR_FUNCTION_FAILED == error) {
+        error = isEncryptDecrypt ? nssCKFWCryptoOperation_Update(fwOperation, &inputBuffer, &outputBuffer)
+                                 : nssCKFWCryptoOperation_DigestUpdate(fwOperation, &inputBuffer);
+
+        if (CKR_OK == error) {
+            error = nssCKFWCryptoOperation_Final(fwOperation, &outputBuffer);
+        }
+    }
+
+done:
+    if (CKR_BUFFER_TOO_SMALL == error) {
+        /* if we return CKR_BUFFER_TOO_SMALL, we the caller is not expecting.
+         * the crypto state to be freed */
+        return error;
+    }
+
+    /* clean up our state */
+    nssCKFWCryptoOperation_Destroy(fwOperation);
+    nssCKFWSession_SetCurrentCryptoOperation(fwSession, NULL, state);
+    return error;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWSession_UpdateCombo(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationType encryptType,
+    NSSCKFWCryptoOperationType digestType,
+    NSSCKFWCryptoOperationState digestState,
+    CK_BYTE_PTR inBuf,
+    CK_ULONG inBufLen,
+    CK_BYTE_PTR outBuf,
+    CK_ULONG_PTR outBufLen)
+{
+    NSSCKFWCryptoOperation *fwOperation;
+    NSSCKFWCryptoOperation *fwPeerOperation;
+    NSSItem inputBuffer;
+    NSSItem outputBuffer;
+    CK_ULONG maxBufLen = *outBufLen;
+    CK_ULONG len;
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSession->mdSession) {
+        return CKR_GENERAL_ERROR;
+    }
+#endif /* NSSDEBUG */
+
+    /* make sure we have a valid operation initialized */
+    fwOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                           NSSCKFWCryptoOperationState_EncryptDecrypt);
+    if (!fwOperation) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* make sure it's the correct type */
+    if (encryptType != nssCKFWCryptoOperation_GetType(fwOperation)) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+    /* make sure we have a valid operation initialized */
+    fwPeerOperation = nssCKFWSession_GetCurrentCryptoOperation(fwSession,
+                                                               digestState);
+    if (!fwPeerOperation) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    /* make sure it's the correct type */
+    if (digestType != nssCKFWCryptoOperation_GetType(fwOperation)) {
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+
+    inputBuffer.data = inBuf;
+    inputBuffer.size = inBufLen;
+    len = nssCKFWCryptoOperation_GetOperationLength(fwOperation,
+                                                    &inputBuffer, &error);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    *outBufLen = len;
+    if ((CK_BYTE_PTR)NULL == outBuf) {
+        return CKR_OK;
+    }
+
+    if (len > maxBufLen) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+
+    outputBuffer.data = outBuf;
+    outputBuffer.size = *outBufLen;
+
+    error = nssCKFWCryptoOperation_UpdateCombo(fwOperation, fwPeerOperation,
+                                               &inputBuffer, &outputBuffer);
+    if (CKR_FUNCTION_FAILED == error) {
+        PRBool isEncrypt =
+            (PRBool)(NSSCKFWCryptoOperationType_Encrypt == encryptType);
+
+        if (isEncrypt) {
+            error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
+                                                        &inputBuffer);
+            if (CKR_OK != error) {
+                return error;
+            }
+        }
+        error = nssCKFWCryptoOperation_Update(fwOperation,
+                                              &inputBuffer, &outputBuffer);
+        if (CKR_OK != error) {
+            return error;
+        }
+        if (!isEncrypt) {
+            error = nssCKFWCryptoOperation_DigestUpdate(fwPeerOperation,
+                                                        &outputBuffer);
+        }
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWSession_GetMDSession
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDSession *
+NSSCKFWSession_GetMDSession(
+    NSSCKFWSession *fwSession)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return (NSSCKMDSession *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSession_GetMDSession(fwSession);
+}
+
+/*
+ * NSSCKFWSession_GetArena
+ *
+ */
+
+NSS_IMPLEMENT NSSArena *
+NSSCKFWSession_GetArena(
+    NSSCKFWSession *fwSession,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    *pError = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != *pError) {
+        return (NSSArena *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSession_GetArena(fwSession, pError);
+}
+
+/*
+ * NSSCKFWSession_CallNotification
+ *
+ */
+
+NSS_IMPLEMENT CK_RV
+NSSCKFWSession_CallNotification(
+    NSSCKFWSession *fwSession,
+    CK_NOTIFICATION event)
+{
+#ifdef DEBUG
+    CK_RV error = CKR_OK;
+
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSession_CallNotification(fwSession, event);
+}
+
+/*
+ * NSSCKFWSession_IsRWSession
+ *
+ */
+
+NSS_IMPLEMENT CK_BBOOL
+NSSCKFWSession_IsRWSession(
+    NSSCKFWSession *fwSession)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return CK_FALSE;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSession_IsRWSession(fwSession);
+}
+
+/*
+ * NSSCKFWSession_IsSO
+ *
+ */
+
+NSS_IMPLEMENT CK_BBOOL
+NSSCKFWSession_IsSO(
+    NSSCKFWSession *fwSession)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWSession_verifyPointer(fwSession)) {
+        return CK_FALSE;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSession_IsSO(fwSession);
+}
+
+NSS_IMPLEMENT NSSCKFWCryptoOperation *
+NSSCKFWSession_GetCurrentCryptoOperation(
+    NSSCKFWSession *fwSession,
+    NSSCKFWCryptoOperationState state)
+{
+#ifdef DEBUG
+    CK_RV error = CKR_OK;
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return (NSSCKFWCryptoOperation *)NULL;
+    }
+
+    if (state >= NSSCKFWCryptoOperationState_Max) {
+        return (NSSCKFWCryptoOperation *)NULL;
+    }
+#endif /* DEBUG */
+    return nssCKFWSession_GetCurrentCryptoOperation(fwSession, state);
+}
+
+/*
+ * NSSCKFWSession_GetFWSlot
+ *
+ */
+
+NSS_IMPLEMENT NSSCKFWSlot *
+NSSCKFWSession_GetFWSlot(
+    NSSCKFWSession *fwSession)
+{
+    return nssCKFWSession_GetFWSlot(fwSession);
+}
diff --git a/nss/lib/ckfw/sessobj.c b/nss/lib/ckfw/sessobj.c
new file mode 100644
index 0000000..11721b8
--- /dev/null
+++ b/nss/lib/ckfw/sessobj.c
@@ -0,0 +1,1012 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * sessobj.c
+ *
+ * This file contains an NSSCKMDObject implementation for session
+ * objects.  The framework uses this implementation to manage
+ * session objects when a Module doesn't wish to be bothered.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * nssCKMDSessionObject
+ *
+ *  -- create --
+ *  nssCKMDSessionObject_Create
+ *
+ *  -- EPV calls --
+ *  nss_ckmdSessionObject_Finalize
+ *  nss_ckmdSessionObject_IsTokenObject
+ *  nss_ckmdSessionObject_GetAttributeCount
+ *  nss_ckmdSessionObject_GetAttributeTypes
+ *  nss_ckmdSessionObject_GetAttributeSize
+ *  nss_ckmdSessionObject_GetAttribute
+ *  nss_ckmdSessionObject_SetAttribute
+ *  nss_ckmdSessionObject_GetObjectSize
+ */
+
+struct nssCKMDSessionObjectStr {
+    CK_ULONG n;
+    NSSArena *arena;
+    NSSItem *attributes;
+    CK_ATTRIBUTE_TYPE_PTR types;
+    nssCKFWHash *hash;
+};
+typedef struct nssCKMDSessionObjectStr nssCKMDSessionObject;
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+nss_ckmdSessionObject_add_pointer(
+    const NSSCKMDObject *mdObject)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+nss_ckmdSessionObject_remove_pointer(
+    const NSSCKMDObject *mdObject)
+{
+    return CKR_OK;
+}
+
+#ifdef NSS_DEBUG
+static CK_RV
+nss_ckmdSessionObject_verifyPointer(
+    const NSSCKMDObject *mdObject)
+{
+    return CKR_OK;
+}
+#endif
+
+#endif /* DEBUG */
+
+/*
+ * We must forward-declare these routines
+ */
+static void
+nss_ckmdSessionObject_Finalize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance);
+
+static CK_RV
+nss_ckmdSessionObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance);
+
+static CK_BBOOL
+nss_ckmdSessionObject_IsTokenObject(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance);
+
+static CK_ULONG
+nss_ckmdSessionObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
+
+static CK_RV
+nss_ckmdSessionObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount);
+
+static CK_ULONG
+nss_ckmdSessionObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError);
+
+static NSSCKFWItem
+nss_ckmdSessionObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError);
+
+static CK_RV
+nss_ckmdSessionObject_SetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value);
+
+static CK_ULONG
+nss_ckmdSessionObject_GetObjectSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError);
+
+/*
+ * nssCKMDSessionObject_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKMDObject *
+nssCKMDSessionObject_Create(
+    NSSCKFWToken *fwToken,
+    NSSArena *arena,
+    CK_ATTRIBUTE_PTR attributes,
+    CK_ULONG ulCount,
+    CK_RV *pError)
+{
+    NSSCKMDObject *mdObject = (NSSCKMDObject *)NULL;
+    nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)NULL;
+    CK_ULONG i;
+    nssCKFWHash *hash;
+
+    *pError = CKR_OK;
+
+    mdso = nss_ZNEW(arena, nssCKMDSessionObject);
+    if (!mdso) {
+        goto loser;
+    }
+
+    mdso->arena = arena;
+    mdso->n = ulCount;
+    mdso->attributes = nss_ZNEWARRAY(arena, NSSItem, ulCount);
+    if (!mdso->attributes) {
+        goto loser;
+    }
+
+    mdso->types = nss_ZNEWARRAY(arena, CK_ATTRIBUTE_TYPE, ulCount);
+    if (!mdso->types) {
+        goto loser;
+    }
+    for (i = 0; i < ulCount; i++) {
+        mdso->types[i] = attributes[i].type;
+        mdso->attributes[i].size = attributes[i].ulValueLen;
+        mdso->attributes[i].data = nss_ZAlloc(arena, attributes[i].ulValueLen);
+        if (!mdso->attributes[i].data) {
+            goto loser;
+        }
+        (void)nsslibc_memcpy(mdso->attributes[i].data, attributes[i].pValue,
+                             attributes[i].ulValueLen);
+    }
+
+    mdObject = nss_ZNEW(arena, NSSCKMDObject);
+    if (!mdObject) {
+        goto loser;
+    }
+
+    mdObject->etc = (void *)mdso;
+    mdObject->Finalize = nss_ckmdSessionObject_Finalize;
+    mdObject->Destroy = nss_ckmdSessionObject_Destroy;
+    mdObject->IsTokenObject = nss_ckmdSessionObject_IsTokenObject;
+    mdObject->GetAttributeCount = nss_ckmdSessionObject_GetAttributeCount;
+    mdObject->GetAttributeTypes = nss_ckmdSessionObject_GetAttributeTypes;
+    mdObject->GetAttributeSize = nss_ckmdSessionObject_GetAttributeSize;
+    mdObject->GetAttribute = nss_ckmdSessionObject_GetAttribute;
+    mdObject->SetAttribute = nss_ckmdSessionObject_SetAttribute;
+    mdObject->GetObjectSize = nss_ckmdSessionObject_GetObjectSize;
+
+    hash = nssCKFWToken_GetSessionObjectHash(fwToken);
+    if (!hash) {
+        *pError = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    mdso->hash = hash;
+
+    *pError = nssCKFWHash_Add(hash, mdObject, mdObject);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+
+#ifdef DEBUG
+    if ((*pError = nss_ckmdSessionObject_add_pointer(mdObject)) != CKR_OK) {
+        goto loser;
+    }
+#endif /* DEBUG */
+
+    return mdObject;
+
+loser:
+    if (mdso) {
+        if (mdso->attributes) {
+            for (i = 0; i < ulCount; i++) {
+                nss_ZFreeIf(mdso->attributes[i].data);
+            }
+            nss_ZFreeIf(mdso->attributes);
+        }
+        nss_ZFreeIf(mdso->types);
+        nss_ZFreeIf(mdso);
+    }
+
+    nss_ZFreeIf(mdObject);
+    if (*pError == CKR_OK) {
+        *pError = CKR_HOST_MEMORY;
+    }
+    return (NSSCKMDObject *)NULL;
+}
+
+/*
+ * nss_ckmdSessionObject_Finalize
+ *
+ */
+static void
+nss_ckmdSessionObject_Finalize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    /* This shouldn't ever be called */
+    return;
+}
+
+/*
+ * nss_ckmdSessionObject_Destroy
+ *
+ */
+
+static CK_RV
+nss_ckmdSessionObject_Destroy(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+#endif /* NSSDEBUG */
+    nssCKMDSessionObject *mdso;
+    CK_ULONG i;
+
+#ifdef NSSDEBUG
+    error = nss_ckmdSessionObject_verifyPointer(mdObject);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    mdso = (nssCKMDSessionObject *)mdObject->etc;
+
+    nssCKFWHash_Remove(mdso->hash, mdObject);
+
+    for (i = 0; i < mdso->n; i++) {
+        nss_ZFreeIf(mdso->attributes[i].data);
+    }
+    nss_ZFreeIf(mdso->attributes);
+    nss_ZFreeIf(mdso->types);
+    nss_ZFreeIf(mdso);
+    nss_ZFreeIf(mdObject);
+
+#ifdef DEBUG
+    (void)nss_ckmdSessionObject_remove_pointer(mdObject);
+#endif /* DEBUG */
+
+    return CKR_OK;
+}
+
+/*
+ * nss_ckmdSessionObject_IsTokenObject
+ *
+ */
+
+static CK_BBOOL
+nss_ckmdSessionObject_IsTokenObject(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nss_ckmdSessionObject_verifyPointer(mdObject)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    /*
+     * This implementation is only ever used for session objects.
+     */
+    return CK_FALSE;
+}
+
+/*
+ * nss_ckmdSessionObject_GetAttributeCount
+ *
+ */
+static CK_ULONG
+nss_ckmdSessionObject_GetAttributeCount(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    nssCKMDSessionObject *obj;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return 0;
+    }
+
+    *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+    if (CKR_OK != *pError) {
+        return 0;
+    }
+
+/* We could even check all the other arguments, for sanity. */
+#endif /* NSSDEBUG */
+
+    obj = (nssCKMDSessionObject *)mdObject->etc;
+
+    return obj->n;
+}
+
+/*
+ * nss_ckmdSessionObject_GetAttributeTypes
+ *
+ */
+static CK_RV
+nss_ckmdSessionObject_GetAttributeTypes(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE_PTR typeArray,
+    CK_ULONG ulCount)
+{
+#ifdef NSSDEBUG
+    CK_RV error = CKR_OK;
+#endif /* NSSDEBUG */
+    nssCKMDSessionObject *obj;
+
+#ifdef NSSDEBUG
+    error = nss_ckmdSessionObject_verifyPointer(mdObject);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+/* We could even check all the other arguments, for sanity. */
+#endif /* NSSDEBUG */
+
+    obj = (nssCKMDSessionObject *)mdObject->etc;
+
+    if (ulCount < obj->n) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+
+    (void)nsslibc_memcpy(typeArray, obj->types,
+                         sizeof(CK_ATTRIBUTE_TYPE) *
+                             obj->n);
+
+    return CKR_OK;
+}
+
+/*
+ * nss_ckmdSessionObject_GetAttributeSize
+ *
+ */
+static CK_ULONG
+nss_ckmdSessionObject_GetAttributeSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    nssCKMDSessionObject *obj;
+    CK_ULONG i;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return 0;
+    }
+
+    *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+    if (CKR_OK != *pError) {
+        return 0;
+    }
+
+/* We could even check all the other arguments, for sanity. */
+#endif /* NSSDEBUG */
+
+    obj = (nssCKMDSessionObject *)mdObject->etc;
+
+    for (i = 0; i < obj->n; i++) {
+        if (attribute == obj->types[i]) {
+            return (CK_ULONG)(obj->attributes[i].size);
+        }
+    }
+
+    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    return 0;
+}
+
+/*
+ * nss_ckmdSessionObject_GetAttribute
+ *
+ */
+static NSSCKFWItem
+nss_ckmdSessionObject_GetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    CK_RV *pError)
+{
+    NSSCKFWItem item;
+    nssCKMDSessionObject *obj;
+    CK_ULONG i;
+
+    item.needsFreeing = PR_FALSE;
+    item.item = NULL;
+#ifdef NSSDEBUG
+    if (!pError) {
+        return item;
+    }
+
+    *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+    if (CKR_OK != *pError) {
+        return item;
+    }
+
+/* We could even check all the other arguments, for sanity. */
+#endif /* NSSDEBUG */
+
+    obj = (nssCKMDSessionObject *)mdObject->etc;
+
+    for (i = 0; i < obj->n; i++) {
+        if (attribute == obj->types[i]) {
+            item.item = &obj->attributes[i];
+            return item;
+        }
+    }
+
+    *pError = CKR_ATTRIBUTE_TYPE_INVALID;
+    return item;
+}
+
+/*
+ * nss_ckmdSessionObject_SetAttribute
+ *
+ */
+
+/*
+ * Okay, so this implementation sucks.  It doesn't support removing
+ * an attribute (if value == NULL), and could be more graceful about
+ * memory.  It should allow "blank" slots in the arrays, with some
+ * invalid attribute type, and then it could support removal much
+ * more easily.  Do this later.
+ */
+static CK_RV
+nss_ckmdSessionObject_SetAttribute(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSItem *value)
+{
+    nssCKMDSessionObject *obj;
+    CK_ULONG i;
+    NSSItem n;
+    NSSItem *ra;
+    CK_ATTRIBUTE_TYPE_PTR rt;
+#ifdef NSSDEBUG
+    CK_RV error;
+#endif /* NSSDEBUG */
+
+#ifdef NSSDEBUG
+    error = nss_ckmdSessionObject_verifyPointer(mdObject);
+    if (CKR_OK != error) {
+        return 0;
+    }
+
+/* We could even check all the other arguments, for sanity. */
+#endif /* NSSDEBUG */
+
+    obj = (nssCKMDSessionObject *)mdObject->etc;
+
+    n.size = value->size;
+    n.data = nss_ZAlloc(obj->arena, n.size);
+    if (!n.data) {
+        return CKR_HOST_MEMORY;
+    }
+    (void)nsslibc_memcpy(n.data, value->data, n.size);
+
+    for (i = 0; i < obj->n; i++) {
+        if (attribute == obj->types[i]) {
+            nss_ZFreeIf(obj->attributes[i].data);
+            obj->attributes[i] = n;
+            return CKR_OK;
+        }
+    }
+
+    /*
+     * It's new.
+     */
+
+    ra = (NSSItem *)nss_ZRealloc(obj->attributes, sizeof(NSSItem) * (obj->n + 1));
+    if (!ra) {
+        nss_ZFreeIf(n.data);
+        return CKR_HOST_MEMORY;
+    }
+    obj->attributes = ra;
+
+    rt = (CK_ATTRIBUTE_TYPE_PTR)nss_ZRealloc(obj->types,
+                                             sizeof(CK_ATTRIBUTE_TYPE) * (obj->n + 1));
+    if (!rt) {
+        nss_ZFreeIf(n.data);
+        return CKR_HOST_MEMORY;
+    }
+
+    obj->types = rt;
+    obj->attributes[obj->n] = n;
+    obj->types[obj->n] = attribute;
+    obj->n++;
+
+    return CKR_OK;
+}
+
+/*
+ * nss_ckmdSessionObject_GetObjectSize
+ *
+ */
+static CK_ULONG
+nss_ckmdSessionObject_GetObjectSize(
+    NSSCKMDObject *mdObject,
+    NSSCKFWObject *fwObject,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    CK_RV *pError)
+{
+    nssCKMDSessionObject *obj;
+    CK_ULONG i;
+    CK_ULONG rv = (CK_ULONG)0;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return 0;
+    }
+
+    *pError = nss_ckmdSessionObject_verifyPointer(mdObject);
+    if (CKR_OK != *pError) {
+        return 0;
+    }
+
+/* We could even check all the other arguments, for sanity. */
+#endif /* NSSDEBUG */
+
+    obj = (nssCKMDSessionObject *)mdObject->etc;
+
+    for (i = 0; i < obj->n; i++) {
+        rv += obj->attributes[i].size;
+    }
+
+    rv += sizeof(NSSItem) * obj->n;
+    rv += sizeof(CK_ATTRIBUTE_TYPE) * obj->n;
+    rv += sizeof(nssCKMDSessionObject);
+
+    return rv;
+}
+
+/*
+ * nssCKMDFindSessionObjects
+ *
+ *  -- create --
+ *  nssCKMDFindSessionObjects_Create
+ *
+ *  -- EPV calls --
+ *  nss_ckmdFindSessionObjects_Final
+ *  nss_ckmdFindSessionObjects_Next
+ */
+
+struct nodeStr {
+    struct nodeStr *next;
+    NSSCKMDObject *mdObject;
+};
+
+struct nssCKMDFindSessionObjectsStr {
+    NSSArena *arena;
+    CK_RV error;
+    CK_ATTRIBUTE_PTR pTemplate;
+    CK_ULONG ulCount;
+    struct nodeStr *list;
+    nssCKFWHash *hash;
+};
+typedef struct nssCKMDFindSessionObjectsStr nssCKMDFindSessionObjects;
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+nss_ckmdFindSessionObjects_add_pointer(
+    const NSSCKMDFindObjects *mdFindObjects)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+nss_ckmdFindSessionObjects_remove_pointer(
+    const NSSCKMDFindObjects *mdFindObjects)
+{
+    return CKR_OK;
+}
+
+#ifdef NSS_DEBUG
+static CK_RV
+nss_ckmdFindSessionObjects_verifyPointer(
+    const NSSCKMDFindObjects *mdFindObjects)
+{
+    return CKR_OK;
+}
+#endif
+
+#endif /* DEBUG */
+
+/*
+ * We must forward-declare these routines.
+ */
+static void
+nss_ckmdFindSessionObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance);
+
+static NSSCKMDObject *
+nss_ckmdFindSessionObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError);
+
+static CK_BBOOL
+items_match(
+    NSSItem *a,
+    CK_VOID_PTR pValue,
+    CK_ULONG ulValueLen)
+{
+    if (a->size != ulValueLen) {
+        return CK_FALSE;
+    }
+
+    if (PR_TRUE == nsslibc_memequal(a->data, pValue, ulValueLen, (PRStatus *)NULL)) {
+        return CK_TRUE;
+    } else {
+        return CK_FALSE;
+    }
+}
+
+/*
+ * Our hashtable iterator
+ */
+static void
+findfcn(
+    const void *key,
+    void *value,
+    void *closure)
+{
+    NSSCKMDObject *mdObject = (NSSCKMDObject *)value;
+    nssCKMDSessionObject *mdso = (nssCKMDSessionObject *)mdObject->etc;
+    nssCKMDFindSessionObjects *mdfso = (nssCKMDFindSessionObjects *)closure;
+    CK_ULONG i, j;
+    struct nodeStr *node;
+
+    if (CKR_OK != mdfso->error) {
+        return;
+    }
+
+    for (i = 0; i < mdfso->ulCount; i++) {
+        CK_ATTRIBUTE_PTR p = &mdfso->pTemplate[i];
+
+        for (j = 0; j < mdso->n; j++) {
+            if (mdso->types[j] == p->type) {
+                if (!items_match(&mdso->attributes[j], p->pValue, p->ulValueLen)) {
+                    return;
+                } else {
+                    break;
+                }
+            }
+        }
+
+        if (j == mdso->n) {
+            /* Attribute not found */
+            return;
+        }
+    }
+
+    /* Matches */
+    node = nss_ZNEW(mdfso->arena, struct nodeStr);
+    if ((struct nodeStr *)NULL == node) {
+        mdfso->error = CKR_HOST_MEMORY;
+        return;
+    }
+
+    node->mdObject = mdObject;
+    node->next = mdfso->list;
+    mdfso->list = node;
+
+    return;
+}
+
+/*
+ * nssCKMDFindSessionObjects_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKMDFindObjects *
+nssCKMDFindSessionObjects_Create(
+    NSSCKFWToken *fwToken,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_RV *pError)
+{
+    NSSArena *arena;
+    nssCKMDFindSessionObjects *mdfso;
+    nssCKFWHash *hash;
+    NSSCKMDFindObjects *rv;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKMDFindObjects *)NULL;
+    }
+
+    *pError = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != *pError) {
+        return (NSSCKMDFindObjects *)NULL;
+    }
+
+    if ((CK_ATTRIBUTE_PTR)NULL == pTemplate) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSCKMDFindObjects *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = CKR_OK;
+
+    hash = nssCKFWToken_GetSessionObjectHash(fwToken);
+    if (!hash) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKMDFindObjects *)NULL;
+    }
+
+    arena = NSSArena_Create();
+    if (!arena) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKMDFindObjects *)NULL;
+    }
+
+    mdfso = nss_ZNEW(arena, nssCKMDFindSessionObjects);
+    if (!mdfso) {
+        goto loser;
+    }
+
+    rv = nss_ZNEW(arena, NSSCKMDFindObjects);
+    if (rv == NULL) {
+        goto loser;
+    }
+
+    mdfso->error = CKR_OK;
+    mdfso->pTemplate = pTemplate;
+    mdfso->ulCount = ulCount;
+    mdfso->hash = hash;
+
+    nssCKFWHash_Iterate(hash, findfcn, mdfso);
+
+    if (CKR_OK != mdfso->error) {
+        goto loser;
+    }
+
+    rv->etc = (void *)mdfso;
+    rv->Final = nss_ckmdFindSessionObjects_Final;
+    rv->Next = nss_ckmdFindSessionObjects_Next;
+
+#ifdef DEBUG
+    if ((*pError = nss_ckmdFindSessionObjects_add_pointer(rv)) != CKR_OK) {
+        goto loser;
+    }
+#endif /* DEBUG */
+    mdfso->arena = arena;
+
+    return rv;
+
+loser:
+    if (arena) {
+        NSSArena_Destroy(arena);
+    }
+    if (*pError == CKR_OK) {
+        *pError = CKR_HOST_MEMORY;
+    }
+    return NULL;
+}
+
+static void
+nss_ckmdFindSessionObjects_Final(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance)
+{
+    nssCKMDFindSessionObjects *mdfso;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) {
+        return;
+    }
+#endif /* NSSDEBUG */
+
+    mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
+    if (mdfso->arena)
+        NSSArena_Destroy(mdfso->arena);
+
+#ifdef DEBUG
+    (void)nss_ckmdFindSessionObjects_remove_pointer(mdFindObjects);
+#endif /* DEBUG */
+
+    return;
+}
+
+static NSSCKMDObject *
+nss_ckmdFindSessionObjects_Next(
+    NSSCKMDFindObjects *mdFindObjects,
+    NSSCKFWFindObjects *fwFindObjects,
+    NSSCKMDSession *mdSession,
+    NSSCKFWSession *fwSession,
+    NSSCKMDToken *mdToken,
+    NSSCKFWToken *fwToken,
+    NSSCKMDInstance *mdInstance,
+    NSSCKFWInstance *fwInstance,
+    NSSArena *arena,
+    CK_RV *pError)
+{
+    nssCKMDFindSessionObjects *mdfso;
+    NSSCKMDObject *rv = (NSSCKMDObject *)NULL;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nss_ckmdFindSessionObjects_verifyPointer(mdFindObjects)) {
+        return (NSSCKMDObject *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    mdfso = (nssCKMDFindSessionObjects *)mdFindObjects->etc;
+
+    while (!rv) {
+        if ((struct nodeStr *)NULL == mdfso->list) {
+            *pError = CKR_OK;
+            return (NSSCKMDObject *)NULL;
+        }
+
+        if (nssCKFWHash_Exists(mdfso->hash, mdfso->list->mdObject)) {
+            rv = mdfso->list->mdObject;
+        }
+
+        mdfso->list = mdfso->list->next;
+    }
+
+    return rv;
+}
diff --git a/nss/lib/ckfw/slot.c b/nss/lib/ckfw/slot.c
new file mode 100644
index 0000000..43d4f0d
--- /dev/null
+++ b/nss/lib/ckfw/slot.c
@@ -0,0 +1,694 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * slot.c
+ *
+ * This file implements the NSSCKFWSlot type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWSlot
+ *
+ *  -- create/destroy --
+ *  nssCKFWSlot_Create
+ *  nssCKFWSlot_Destroy
+ *
+ *  -- public accessors --
+ *  NSSCKFWSlot_GetMDSlot
+ *  NSSCKFWSlot_GetFWInstance
+ *  NSSCKFWSlot_GetMDInstance
+ *  NSSCKFWSlot_GetSlotID
+ *
+ *  -- implement public accessors --
+ *  nssCKFWSlot_GetMDSlot
+ *  nssCKFWSlot_GetFWInstance
+ *  nssCKFWSlot_GetMDInstance
+ *  nssCKFWSlot_GetSlotID
+ *
+ *  -- private accessors --
+ *  nssCKFWSlot_ClearToken
+ *
+ *  -- module fronts --
+ *  nssCKFWSlot_GetSlotDescription
+ *  nssCKFWSlot_GetManufacturerID
+ *  nssCKFWSlot_GetTokenPresent
+ *  nssCKFWSlot_GetRemovableDevice
+ *  nssCKFWSlot_GetHardwareSlot
+ *  nssCKFWSlot_GetHardwareVersion
+ *  nssCKFWSlot_GetFirmwareVersion
+ *  nssCKFWSlot_InitToken
+ *  nssCKFWSlot_GetToken
+ */
+
+struct NSSCKFWSlotStr {
+    NSSCKFWMutex *mutex;
+    NSSCKMDSlot *mdSlot;
+    NSSCKFWInstance *fwInstance;
+    NSSCKMDInstance *mdInstance;
+    CK_SLOT_ID slotID;
+
+    /*
+     * Everything above is set at creation time, and then not modified.
+     * The invariants the mutex protects are:
+     *
+     * 1) Each of the cached descriptions (versions, etc.) are in an
+     *    internally consistant state.
+     *
+     * 2) The fwToken points to the token currently in the slot, and
+     *    it is in a consistant state.
+     *
+     * Note that the calls accessing the cached descriptions will
+     * call the NSSCKMDSlot methods with the mutex locked.  Those
+     * methods may then call the public NSSCKFWSlot routines.  Those
+     * public routines only access the constant data above, so there's
+     * no problem.  But be careful if you add to this object; mutexes
+     * are in general not reentrant, so don't create deadlock situations.
+     */
+
+    NSSUTF8 *slotDescription;
+    NSSUTF8 *manufacturerID;
+    CK_VERSION hardwareVersion;
+    CK_VERSION firmwareVersion;
+    NSSCKFWToken *fwToken;
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+slot_add_pointer(
+    const NSSCKFWSlot *fwSlot)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+slot_remove_pointer(
+    const NSSCKFWSlot *fwSlot)
+{
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWSlot_verifyPointer(
+    const NSSCKFWSlot *fwSlot)
+{
+    return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWSlot_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSlot *
+nssCKFWSlot_Create(
+    NSSCKFWInstance *fwInstance,
+    NSSCKMDSlot *mdSlot,
+    CK_SLOT_ID slotID,
+    CK_RV *pError)
+{
+    NSSCKFWSlot *fwSlot;
+    NSSCKMDInstance *mdInstance;
+    NSSArena *arena;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    *pError = nssCKFWInstance_verifyPointer(fwInstance);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWSlot *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    mdInstance = nssCKFWInstance_GetMDInstance(fwInstance);
+    if (!mdInstance) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    arena = nssCKFWInstance_GetArena(fwInstance, pError);
+    if (!arena) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+    }
+
+    fwSlot = nss_ZNEW(arena, NSSCKFWSlot);
+    if (!fwSlot) {
+        *pError = CKR_HOST_MEMORY;
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    fwSlot->mdSlot = mdSlot;
+    fwSlot->fwInstance = fwInstance;
+    fwSlot->mdInstance = mdInstance;
+    fwSlot->slotID = slotID;
+
+    fwSlot->mutex = nssCKFWInstance_CreateMutex(fwInstance, arena, pError);
+    if (!fwSlot->mutex) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        (void)nss_ZFreeIf(fwSlot);
+        return (NSSCKFWSlot *)NULL;
+    }
+
+    if (mdSlot->Initialize) {
+        *pError = CKR_OK;
+        *pError = mdSlot->Initialize(mdSlot, fwSlot, mdInstance, fwInstance);
+        if (CKR_OK != *pError) {
+            (void)nssCKFWMutex_Destroy(fwSlot->mutex);
+            (void)nss_ZFreeIf(fwSlot);
+            return (NSSCKFWSlot *)NULL;
+        }
+    }
+
+#ifdef DEBUG
+    *pError = slot_add_pointer(fwSlot);
+    if (CKR_OK != *pError) {
+        if (mdSlot->Destroy) {
+            mdSlot->Destroy(mdSlot, fwSlot, mdInstance, fwInstance);
+        }
+
+        (void)nssCKFWMutex_Destroy(fwSlot->mutex);
+        (void)nss_ZFreeIf(fwSlot);
+        return (NSSCKFWSlot *)NULL;
+    }
+#endif /* DEBUG */
+
+    return fwSlot;
+}
+
+/*
+ * nssCKFWSlot_Destroy
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSlot_Destroy(
+    NSSCKFWSlot *fwSlot)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWSlot_verifyPointer(fwSlot);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+    if (fwSlot->fwToken) {
+        nssCKFWToken_Destroy(fwSlot->fwToken);
+    }
+
+    (void)nssCKFWMutex_Destroy(fwSlot->mutex);
+
+    if (fwSlot->mdSlot->Destroy) {
+        fwSlot->mdSlot->Destroy(fwSlot->mdSlot, fwSlot,
+                                fwSlot->mdInstance, fwSlot->fwInstance);
+    }
+
+#ifdef DEBUG
+    error = slot_remove_pointer(fwSlot);
+#endif /* DEBUG */
+    (void)nss_ZFreeIf(fwSlot);
+    return error;
+}
+
+/*
+ * nssCKFWSlot_GetMDSlot
+ *
+ */
+NSS_IMPLEMENT NSSCKMDSlot *
+nssCKFWSlot_GetMDSlot(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return (NSSCKMDSlot *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSlot->mdSlot;
+}
+
+/*
+ * nssCKFWSlot_GetFWInstance
+ *
+ */
+
+NSS_IMPLEMENT NSSCKFWInstance *
+nssCKFWSlot_GetFWInstance(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return (NSSCKFWInstance *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSlot->fwInstance;
+}
+
+/*
+ * nssCKFWSlot_GetMDInstance
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDInstance *
+nssCKFWSlot_GetMDInstance(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return (NSSCKMDInstance *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSlot->mdInstance;
+}
+
+/*
+ * nssCKFWSlot_GetSlotID
+ *
+ */
+NSS_IMPLEMENT CK_SLOT_ID
+nssCKFWSlot_GetSlotID(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return (CK_SLOT_ID)0;
+    }
+#endif /* NSSDEBUG */
+
+    return fwSlot->slotID;
+}
+
+/*
+ * nssCKFWSlot_GetSlotDescription
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSlot_GetSlotDescription(
+    NSSCKFWSlot *fwSlot,
+    CK_CHAR slotDescription[64])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == slotDescription) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWSlot_verifyPointer(fwSlot);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwSlot->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSlot->slotDescription) {
+        if (fwSlot->mdSlot->GetSlotDescription) {
+            fwSlot->slotDescription = fwSlot->mdSlot->GetSlotDescription(
+                fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
+                fwSlot->fwInstance, &error);
+            if ((!fwSlot->slotDescription) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwSlot->slotDescription = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->slotDescription, (char *)slotDescription, 64, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWSlot_GetManufacturerID
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWSlot_GetManufacturerID(
+    NSSCKFWSlot *fwSlot,
+    CK_CHAR manufacturerID[32])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == manufacturerID) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWSlot_verifyPointer(fwSlot);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwSlot->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwSlot->manufacturerID) {
+        if (fwSlot->mdSlot->GetManufacturerID) {
+            fwSlot->manufacturerID = fwSlot->mdSlot->GetManufacturerID(
+                fwSlot->mdSlot, fwSlot, fwSlot->mdInstance,
+                fwSlot->fwInstance, &error);
+            if ((!fwSlot->manufacturerID) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwSlot->manufacturerID = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwSlot->manufacturerID, (char *)manufacturerID, 32, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWSlot_GetTokenPresent
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWSlot_GetTokenPresent(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSlot->mdSlot->GetTokenPresent) {
+        return CK_TRUE;
+    }
+
+    return fwSlot->mdSlot->GetTokenPresent(fwSlot->mdSlot, fwSlot,
+                                           fwSlot->mdInstance, fwSlot->fwInstance);
+}
+
+/*
+ * nssCKFWSlot_GetRemovableDevice
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWSlot_GetRemovableDevice(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSlot->mdSlot->GetRemovableDevice) {
+        return CK_FALSE;
+    }
+
+    return fwSlot->mdSlot->GetRemovableDevice(fwSlot->mdSlot, fwSlot,
+                                              fwSlot->mdInstance, fwSlot->fwInstance);
+}
+
+/*
+ * nssCKFWSlot_GetHardwareSlot
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWSlot_GetHardwareSlot(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwSlot->mdSlot->GetHardwareSlot) {
+        return CK_FALSE;
+    }
+
+    return fwSlot->mdSlot->GetHardwareSlot(fwSlot->mdSlot, fwSlot,
+                                           fwSlot->mdInstance, fwSlot->fwInstance);
+}
+
+/*
+ * nssCKFWSlot_GetHardwareVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWSlot_GetHardwareVersion(
+    NSSCKFWSlot *fwSlot)
+{
+    CK_VERSION rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+
+    if ((0 != fwSlot->hardwareVersion.major) ||
+        (0 != fwSlot->hardwareVersion.minor)) {
+        rv = fwSlot->hardwareVersion;
+        goto done;
+    }
+
+    if (fwSlot->mdSlot->GetHardwareVersion) {
+        fwSlot->hardwareVersion = fwSlot->mdSlot->GetHardwareVersion(
+            fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
+    } else {
+        fwSlot->hardwareVersion.major = 0;
+        fwSlot->hardwareVersion.minor = 1;
+    }
+
+    rv = fwSlot->hardwareVersion;
+done:
+    (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWSlot_GetFirmwareVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWSlot_GetFirmwareVersion(
+    NSSCKFWSlot *fwSlot)
+{
+    CK_VERSION rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+
+    if ((0 != fwSlot->firmwareVersion.major) ||
+        (0 != fwSlot->firmwareVersion.minor)) {
+        rv = fwSlot->firmwareVersion;
+        goto done;
+    }
+
+    if (fwSlot->mdSlot->GetFirmwareVersion) {
+        fwSlot->firmwareVersion = fwSlot->mdSlot->GetFirmwareVersion(
+            fwSlot->mdSlot, fwSlot, fwSlot->mdInstance, fwSlot->fwInstance);
+    } else {
+        fwSlot->firmwareVersion.major = 0;
+        fwSlot->firmwareVersion.minor = 1;
+    }
+
+    rv = fwSlot->firmwareVersion;
+done:
+    (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWSlot_GetToken
+ *
+ */
+NSS_IMPLEMENT NSSCKFWToken *
+nssCKFWSlot_GetToken(
+    NSSCKFWSlot *fwSlot,
+    CK_RV *pError)
+{
+    NSSCKMDToken *mdToken;
+    NSSCKFWToken *fwToken;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWToken *)NULL;
+    }
+
+    *pError = nssCKFWSlot_verifyPointer(fwSlot);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWToken *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = nssCKFWMutex_Lock(fwSlot->mutex);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWToken *)NULL;
+    }
+
+    if (!fwSlot->fwToken) {
+        if (!fwSlot->mdSlot->GetToken) {
+            *pError = CKR_GENERAL_ERROR;
+            fwToken = (NSSCKFWToken *)NULL;
+            goto done;
+        }
+
+        mdToken = fwSlot->mdSlot->GetToken(fwSlot->mdSlot, fwSlot,
+                                           fwSlot->mdInstance, fwSlot->fwInstance, pError);
+        if (!mdToken) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            return (NSSCKFWToken *)NULL;
+        }
+
+        fwToken = nssCKFWToken_Create(fwSlot, mdToken, pError);
+        fwSlot->fwToken = fwToken;
+    } else {
+        fwToken = fwSlot->fwToken;
+    }
+
+done:
+    (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+    return fwToken;
+}
+
+/*
+ * nssCKFWSlot_ClearToken
+ *
+ */
+NSS_IMPLEMENT void
+nssCKFWSlot_ClearToken(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwSlot->mutex)) {
+        /* Now what? */
+        return;
+    }
+
+    fwSlot->fwToken = (NSSCKFWToken *)NULL;
+    (void)nssCKFWMutex_Unlock(fwSlot->mutex);
+    return;
+}
+
+/*
+ * NSSCKFWSlot_GetMDSlot
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDSlot *
+NSSCKFWSlot_GetMDSlot(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return (NSSCKMDSlot *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSlot_GetMDSlot(fwSlot);
+}
+
+/*
+ * NSSCKFWSlot_GetFWInstance
+ *
+ */
+
+NSS_IMPLEMENT NSSCKFWInstance *
+NSSCKFWSlot_GetFWInstance(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return (NSSCKFWInstance *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSlot_GetFWInstance(fwSlot);
+}
+
+/*
+ * NSSCKFWSlot_GetMDInstance
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDInstance *
+NSSCKFWSlot_GetMDInstance(
+    NSSCKFWSlot *fwSlot)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWSlot_verifyPointer(fwSlot)) {
+        return (NSSCKMDInstance *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWSlot_GetMDInstance(fwSlot);
+}
+
+/*
+ * NSSCKFWSlot_GetSlotID
+ *
+ */
+
+NSS_IMPLEMENT CK_SLOT_ID
+NSSCKFWSlot_GetSlotID(
+    NSSCKFWSlot *fwSlot)
+{
+    return nssCKFWSlot_GetSlotID(fwSlot);
+}
diff --git a/nss/lib/ckfw/token.c b/nss/lib/ckfw/token.c
new file mode 100644
index 0000000..4483bb5
--- /dev/null
+++ b/nss/lib/ckfw/token.c
@@ -0,0 +1,1791 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * token.c
+ *
+ * This file implements the NSSCKFWToken type and methods.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWToken
+ *
+ *  -- create/destroy --
+ *  nssCKFWToken_Create
+ *  nssCKFWToken_Destroy
+ *
+ *  -- public accessors --
+ *  NSSCKFWToken_GetMDToken
+ *  NSSCKFWToken_GetFWSlot
+ *  NSSCKFWToken_GetMDSlot
+ *  NSSCKFWToken_GetSessionState
+ *
+ *  -- implement public accessors --
+ *  nssCKFWToken_GetMDToken
+ *  nssCKFWToken_GetFWSlot
+ *  nssCKFWToken_GetMDSlot
+ *  nssCKFWToken_GetSessionState
+ *  nssCKFWToken_SetSessionState
+ *
+ *  -- private accessors --
+ *  nssCKFWToken_SetSessionState
+ *  nssCKFWToken_RemoveSession
+ *  nssCKFWToken_CloseAllSessions
+ *  nssCKFWToken_GetSessionCount
+ *  nssCKFWToken_GetRwSessionCount
+ *  nssCKFWToken_GetRoSessionCount
+ *  nssCKFWToken_GetSessionObjectHash
+ *  nssCKFWToken_GetMDObjectHash
+ *  nssCKFWToken_GetObjectHandleHash
+ *
+ *  -- module fronts --
+ *  nssCKFWToken_InitToken
+ *  nssCKFWToken_GetLabel
+ *  nssCKFWToken_GetManufacturerID
+ *  nssCKFWToken_GetModel
+ *  nssCKFWToken_GetSerialNumber
+ *  nssCKFWToken_GetHasRNG
+ *  nssCKFWToken_GetIsWriteProtected
+ *  nssCKFWToken_GetLoginRequired
+ *  nssCKFWToken_GetUserPinInitialized
+ *  nssCKFWToken_GetRestoreKeyNotNeeded
+ *  nssCKFWToken_GetHasClockOnToken
+ *  nssCKFWToken_GetHasProtectedAuthenticationPath
+ *  nssCKFWToken_GetSupportsDualCryptoOperations
+ *  nssCKFWToken_GetMaxSessionCount
+ *  nssCKFWToken_GetMaxRwSessionCount
+ *  nssCKFWToken_GetMaxPinLen
+ *  nssCKFWToken_GetMinPinLen
+ *  nssCKFWToken_GetTotalPublicMemory
+ *  nssCKFWToken_GetFreePublicMemory
+ *  nssCKFWToken_GetTotalPrivateMemory
+ *  nssCKFWToken_GetFreePrivateMemory
+ *  nssCKFWToken_GetHardwareVersion
+ *  nssCKFWToken_GetFirmwareVersion
+ *  nssCKFWToken_GetUTCTime
+ *  nssCKFWToken_OpenSession
+ *  nssCKFWToken_GetMechanismCount
+ *  nssCKFWToken_GetMechanismTypes
+ *  nssCKFWToken_GetMechanism
+ */
+
+struct NSSCKFWTokenStr {
+    NSSCKFWMutex *mutex;
+    NSSArena *arena;
+    NSSCKMDToken *mdToken;
+    NSSCKFWSlot *fwSlot;
+    NSSCKMDSlot *mdSlot;
+    NSSCKFWInstance *fwInstance;
+    NSSCKMDInstance *mdInstance;
+
+    /*
+     * Everything above is set at creation time, and then not modified.
+     * The invariants the mutex protects are:
+     *
+     * 1) Each of the cached descriptions (versions, etc.) are in an
+     *    internally consistant state.
+     *
+     * 2) The session counts and hashes are consistant.
+     *
+     * 3) The object hashes are consistant.
+     *
+     * Note that the calls accessing the cached descriptions will call
+     * the NSSCKMDToken methods with the mutex locked.  Those methods
+     * may then call the public NSSCKFWToken routines.  Those public
+     * routines only access the constant data above and the atomic
+     * CK_STATE session state variable below, so there's no problem.
+     * But be careful if you add to this object; mutexes are in
+     * general not reentrant, so don't create deadlock situations.
+     */
+
+    NSSUTF8 *label;
+    NSSUTF8 *manufacturerID;
+    NSSUTF8 *model;
+    NSSUTF8 *serialNumber;
+    CK_VERSION hardwareVersion;
+    CK_VERSION firmwareVersion;
+
+    CK_ULONG sessionCount;
+    CK_ULONG rwSessionCount;
+    nssCKFWHash *sessions;
+    nssCKFWHash *sessionObjectHash;
+    nssCKFWHash *mdObjectHash;
+    nssCKFWHash *mdMechanismHash;
+
+    CK_STATE state;
+};
+
+#ifdef DEBUG
+/*
+ * But first, the pointer-tracking stuff.
+ *
+ * NOTE: the pointer-tracking support in NSS/base currently relies
+ * upon NSPR's CallOnce support.  That, however, relies upon NSPR's
+ * locking, which is tied into the runtime.  We need a pointer-tracker
+ * implementation that uses the locks supplied through C_Initialize.
+ * That support, however, can be filled in later.  So for now, I'll
+ * just do this routines as no-ops.
+ */
+
+static CK_RV
+token_add_pointer(
+    const NSSCKFWToken *fwToken)
+{
+    return CKR_OK;
+}
+
+static CK_RV
+token_remove_pointer(
+    const NSSCKFWToken *fwToken)
+{
+    return CKR_OK;
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_verifyPointer(
+    const NSSCKFWToken *fwToken)
+{
+    return CKR_OK;
+}
+
+#endif /* DEBUG */
+
+/*
+ * nssCKFWToken_Create
+ *
+ */
+NSS_IMPLEMENT NSSCKFWToken *
+nssCKFWToken_Create(
+    NSSCKFWSlot *fwSlot,
+    NSSCKMDToken *mdToken,
+    CK_RV *pError)
+{
+    NSSArena *arena = (NSSArena *)NULL;
+    NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+    CK_BBOOL called_setup = CK_FALSE;
+
+    /*
+     * We have already verified the arguments in nssCKFWSlot_GetToken.
+     */
+
+    arena = NSSArena_Create();
+    if (!arena) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fwToken = nss_ZNEW(arena, NSSCKFWToken);
+    if (!fwToken) {
+        *pError = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    fwToken->arena = arena;
+    fwToken->mdToken = mdToken;
+    fwToken->fwSlot = fwSlot;
+    fwToken->fwInstance = nssCKFWSlot_GetFWInstance(fwSlot);
+    fwToken->mdInstance = nssCKFWSlot_GetMDInstance(fwSlot);
+    fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+    fwToken->sessionCount = 0;
+    fwToken->rwSessionCount = 0;
+
+    fwToken->mutex = nssCKFWInstance_CreateMutex(fwToken->fwInstance, arena, pError);
+    if (!fwToken->mutex) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto loser;
+    }
+
+    fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, arena, pError);
+    if (!fwToken->sessions) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWInstance_GetModuleHandlesSessionObjects(
+                       fwToken->fwInstance)) {
+        fwToken->sessionObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
+                                                        arena, pError);
+        if (!fwToken->sessionObjectHash) {
+            if (CKR_OK == *pError) {
+                *pError = CKR_GENERAL_ERROR;
+            }
+            goto loser;
+        }
+    }
+
+    fwToken->mdObjectHash = nssCKFWHash_Create(fwToken->fwInstance,
+                                               arena, pError);
+    if (!fwToken->mdObjectHash) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto loser;
+    }
+
+    fwToken->mdMechanismHash = nssCKFWHash_Create(fwToken->fwInstance,
+                                                  arena, pError);
+    if (!fwToken->mdMechanismHash) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto loser;
+    }
+
+    /* More here */
+
+    if (mdToken->Setup) {
+        *pError = mdToken->Setup(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+        if (CKR_OK != *pError) {
+            goto loser;
+        }
+    }
+
+    called_setup = CK_TRUE;
+
+#ifdef DEBUG
+    *pError = token_add_pointer(fwToken);
+    if (CKR_OK != *pError) {
+        goto loser;
+    }
+#endif /* DEBUG */
+
+    *pError = CKR_OK;
+    return fwToken;
+
+loser:
+
+    if (CK_TRUE == called_setup) {
+        if (mdToken->Invalidate) {
+            mdToken->Invalidate(mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+        }
+    }
+
+    if (arena) {
+        (void)NSSArena_Destroy(arena);
+    }
+
+    return (NSSCKFWToken *)NULL;
+}
+
+static void
+nss_ckfwtoken_session_iterator(
+    const void *key,
+    void *value,
+    void *closure)
+{
+    /*
+     * Remember that the fwToken->mutex is locked
+     */
+    NSSCKFWSession *fwSession = (NSSCKFWSession *)value;
+    (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+    return;
+}
+
+static void
+nss_ckfwtoken_object_iterator(
+    const void *key,
+    void *value,
+    void *closure)
+{
+    /*
+     * Remember that the fwToken->mutex is locked
+     */
+    NSSCKFWObject *fwObject = (NSSCKFWObject *)value;
+    (void)nssCKFWObject_Finalize(fwObject, CK_FALSE);
+    return;
+}
+
+/*
+ * nssCKFWToken_Destroy
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_Destroy(
+    NSSCKFWToken *fwToken)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    (void)nssCKFWMutex_Destroy(fwToken->mutex);
+
+    if (fwToken->mdToken->Invalidate) {
+        fwToken->mdToken->Invalidate(fwToken->mdToken, fwToken,
+                                     fwToken->mdInstance, fwToken->fwInstance);
+    }
+    /* we can destroy the list without locking now because no one else is
+     * referencing us (or _Destroy was invalidly called!)
+     */
+    nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator,
+                        (void *)NULL);
+    nssCKFWHash_Destroy(fwToken->sessions);
+
+    /* session objects go away when their sessions are removed */
+    if (fwToken->sessionObjectHash) {
+        nssCKFWHash_Destroy(fwToken->sessionObjectHash);
+    }
+
+    /* free up the token objects */
+    if (fwToken->mdObjectHash) {
+        nssCKFWHash_Iterate(fwToken->mdObjectHash, nss_ckfwtoken_object_iterator,
+                            (void *)NULL);
+        nssCKFWHash_Destroy(fwToken->mdObjectHash);
+    }
+    if (fwToken->mdMechanismHash) {
+        nssCKFWHash_Destroy(fwToken->mdMechanismHash);
+    }
+
+    nssCKFWSlot_ClearToken(fwToken->fwSlot);
+
+#ifdef DEBUG
+    error = token_remove_pointer(fwToken);
+#endif /* DEBUG */
+
+    (void)NSSArena_Destroy(fwToken->arena);
+    return error;
+}
+
+/*
+ * nssCKFWToken_GetMDToken
+ *
+ */
+NSS_IMPLEMENT NSSCKMDToken *
+nssCKFWToken_GetMDToken(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (NSSCKMDToken *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwToken->mdToken;
+}
+
+/*
+ * nssCKFWToken_GetArena
+ *
+ */
+NSS_IMPLEMENT NSSArena *
+nssCKFWToken_GetArena(
+    NSSCKFWToken *fwToken,
+    CK_RV *pError)
+{
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    *pError = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != *pError) {
+        return (NSSArena *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwToken->arena;
+}
+
+/*
+ * nssCKFWToken_GetFWSlot
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSlot *
+nssCKFWToken_GetFWSlot(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (NSSCKFWSlot *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwToken->fwSlot;
+}
+
+/*
+ * nssCKFWToken_GetMDSlot
+ *
+ */
+NSS_IMPLEMENT NSSCKMDSlot *
+nssCKFWToken_GetMDSlot(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (NSSCKMDSlot *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwToken->mdSlot;
+}
+
+/*
+ * nssCKFWToken_GetSessionState
+ *
+ */
+NSS_IMPLEMENT CK_STATE
+nssCKFWToken_GetSessionState(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CKS_RO_PUBLIC_SESSION; /* whatever */
+    }
+#endif /* NSSDEBUG */
+
+    /*
+     * BTW, do not lock the token in this method.
+     */
+
+    /*
+     * Theoretically, there is no state if there aren't any
+     * sessions open.  But then we'd need to worry about
+     * reporting an error, etc.  What the heck-- let's just
+     * revert to CKR_RO_PUBLIC_SESSION as the "default."
+     */
+
+    return fwToken->state;
+}
+
+/*
+ * nssCKFWToken_InitToken
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_InitToken(
+    NSSCKFWToken *fwToken,
+    NSSItem *pin,
+    NSSUTF8 *label)
+{
+    CK_RV error;
+
+#ifdef NSSDEBUG
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return CKR_ARGUMENTS_BAD;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (fwToken->sessionCount > 0) {
+        error = CKR_SESSION_EXISTS;
+        goto done;
+    }
+
+    if (!fwToken->mdToken->InitToken) {
+        error = CKR_DEVICE_ERROR;
+        goto done;
+    }
+
+    if (!pin) {
+        if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) {
+            ; /* okay */
+        } else {
+            error = CKR_PIN_INCORRECT;
+            goto done;
+        }
+    }
+
+    if (!label) {
+        label = (NSSUTF8 *)"";
+    }
+
+    error = fwToken->mdToken->InitToken(fwToken->mdToken, fwToken,
+                                        fwToken->mdInstance, fwToken->fwInstance, pin, label);
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWToken_GetLabel
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetLabel(
+    NSSCKFWToken *fwToken,
+    CK_CHAR label[32])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == label) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwToken->label) {
+        if (fwToken->mdToken->GetLabel) {
+            fwToken->label = fwToken->mdToken->GetLabel(fwToken->mdToken, fwToken,
+                                                        fwToken->mdInstance, fwToken->fwInstance, &error);
+            if ((!fwToken->label) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwToken->label = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwToken->label, (char *)label, 32, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWToken_GetManufacturerID
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetManufacturerID(
+    NSSCKFWToken *fwToken,
+    CK_CHAR manufacturerID[32])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == manufacturerID) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwToken->manufacturerID) {
+        if (fwToken->mdToken->GetManufacturerID) {
+            fwToken->manufacturerID = fwToken->mdToken->GetManufacturerID(fwToken->mdToken,
+                                                                          fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
+            if ((!fwToken->manufacturerID) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwToken->manufacturerID = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwToken->manufacturerID, (char *)manufacturerID, 32, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWToken_GetModel
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetModel(
+    NSSCKFWToken *fwToken,
+    CK_CHAR model[16])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == model) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwToken->model) {
+        if (fwToken->mdToken->GetModel) {
+            fwToken->model = fwToken->mdToken->GetModel(fwToken->mdToken, fwToken,
+                                                        fwToken->mdInstance, fwToken->fwInstance, &error);
+            if ((!fwToken->model) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwToken->model = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwToken->model, (char *)model, 16, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWToken_GetSerialNumber
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetSerialNumber(
+    NSSCKFWToken *fwToken,
+    CK_CHAR serialNumber[16])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    if ((CK_CHAR_PTR)NULL == serialNumber) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (!fwToken->serialNumber) {
+        if (fwToken->mdToken->GetSerialNumber) {
+            fwToken->serialNumber = fwToken->mdToken->GetSerialNumber(fwToken->mdToken,
+                                                                      fwToken, fwToken->mdInstance, fwToken->fwInstance, &error);
+            if ((!fwToken->serialNumber) && (CKR_OK != error)) {
+                goto done;
+            }
+        } else {
+            fwToken->serialNumber = (NSSUTF8 *)"";
+        }
+    }
+
+    (void)nssUTF8_CopyIntoFixedBuffer(fwToken->serialNumber, (char *)serialNumber, 16, ' ');
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWToken_GetHasRNG
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetHasRNG(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetHasRNG) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetHasRNG(fwToken->mdToken, fwToken,
+                                       fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetIsWriteProtected
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetIsWriteProtected(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetIsWriteProtected) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetIsWriteProtected(fwToken->mdToken, fwToken,
+                                                 fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetLoginRequired
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetLoginRequired(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetLoginRequired) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetLoginRequired(fwToken->mdToken, fwToken,
+                                              fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetUserPinInitialized
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetUserPinInitialized(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetUserPinInitialized) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetUserPinInitialized(fwToken->mdToken, fwToken,
+                                                   fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetRestoreKeyNotNeeded
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetRestoreKeyNotNeeded(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetRestoreKeyNotNeeded) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetRestoreKeyNotNeeded(fwToken->mdToken, fwToken,
+                                                    fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetHasClockOnToken
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetHasClockOnToken(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetHasClockOnToken) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetHasClockOnToken(fwToken->mdToken, fwToken,
+                                                fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetHasProtectedAuthenticationPath
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetHasProtectedAuthenticationPath(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetHasProtectedAuthenticationPath) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetHasProtectedAuthenticationPath(fwToken->mdToken,
+                                                               fwToken, fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetSupportsDualCryptoOperations
+ *
+ */
+NSS_IMPLEMENT CK_BBOOL
+nssCKFWToken_GetSupportsDualCryptoOperations(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_FALSE;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetSupportsDualCryptoOperations) {
+        return CK_FALSE;
+    }
+
+    return fwToken->mdToken->GetSupportsDualCryptoOperations(fwToken->mdToken,
+                                                             fwToken, fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMaxSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMaxSessionCount(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetMaxSessionCount) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetMaxSessionCount(fwToken->mdToken, fwToken,
+                                                fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMaxRwSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMaxRwSessionCount(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetMaxRwSessionCount) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetMaxRwSessionCount(fwToken->mdToken, fwToken,
+                                                  fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMaxPinLen
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMaxPinLen(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetMaxPinLen) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetMaxPinLen(fwToken->mdToken, fwToken,
+                                          fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMinPinLen
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMinPinLen(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetMinPinLen) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetMinPinLen(fwToken->mdToken, fwToken,
+                                          fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetTotalPublicMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetTotalPublicMemory(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetTotalPublicMemory) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetTotalPublicMemory(fwToken->mdToken, fwToken,
+                                                  fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetFreePublicMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetFreePublicMemory(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetFreePublicMemory) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetFreePublicMemory(fwToken->mdToken, fwToken,
+                                                 fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetTotalPrivateMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetTotalPrivateMemory(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetTotalPrivateMemory) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetTotalPrivateMemory(fwToken->mdToken, fwToken,
+                                                   fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetFreePrivateMemory
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetFreePrivateMemory(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetFreePrivateMemory) {
+        return CK_UNAVAILABLE_INFORMATION;
+    }
+
+    return fwToken->mdToken->GetFreePrivateMemory(fwToken->mdToken, fwToken,
+                                                  fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetHardwareVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWToken_GetHardwareVersion(
+    NSSCKFWToken *fwToken)
+{
+    CK_VERSION rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+
+    if ((0 != fwToken->hardwareVersion.major) ||
+        (0 != fwToken->hardwareVersion.minor)) {
+        rv = fwToken->hardwareVersion;
+        goto done;
+    }
+
+    if (fwToken->mdToken->GetHardwareVersion) {
+        fwToken->hardwareVersion = fwToken->mdToken->GetHardwareVersion(
+            fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+    } else {
+        fwToken->hardwareVersion.major = 0;
+        fwToken->hardwareVersion.minor = 1;
+    }
+
+    rv = fwToken->hardwareVersion;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWToken_GetFirmwareVersion
+ *
+ */
+NSS_IMPLEMENT CK_VERSION
+nssCKFWToken_GetFirmwareVersion(
+    NSSCKFWToken *fwToken)
+{
+    CK_VERSION rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+        rv.major = rv.minor = 0;
+        return rv;
+    }
+
+    if ((0 != fwToken->firmwareVersion.major) ||
+        (0 != fwToken->firmwareVersion.minor)) {
+        rv = fwToken->firmwareVersion;
+        goto done;
+    }
+
+    if (fwToken->mdToken->GetFirmwareVersion) {
+        fwToken->firmwareVersion = fwToken->mdToken->GetFirmwareVersion(
+            fwToken->mdToken, fwToken, fwToken->mdInstance, fwToken->fwInstance);
+    } else {
+        fwToken->firmwareVersion.major = 0;
+        fwToken->firmwareVersion.minor = 1;
+    }
+
+    rv = fwToken->firmwareVersion;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWToken_GetUTCTime
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetUTCTime(
+    NSSCKFWToken *fwToken,
+    CK_CHAR utcTime[16])
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if ((CK_CHAR_PTR)NULL == utcTime) {
+        return CKR_ARGUMENTS_BAD;
+    }
+#endif /* DEBUG */
+
+    if (CK_TRUE != nssCKFWToken_GetHasClockOnToken(fwToken)) {
+        /* return CKR_DEVICE_ERROR; */
+        (void)nssUTF8_CopyIntoFixedBuffer((NSSUTF8 *)NULL, (char *)utcTime, 16, ' ');
+        return CKR_OK;
+    }
+
+    if (!fwToken->mdToken->GetUTCTime) {
+        /* It said it had one! */
+        return CKR_GENERAL_ERROR;
+    }
+
+    error = fwToken->mdToken->GetUTCTime(fwToken->mdToken, fwToken,
+                                         fwToken->mdInstance, fwToken->fwInstance, utcTime);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    /* Sanity-check the data */
+    {
+        /* Format is YYYYMMDDhhmmss00 */
+        int i;
+        int Y, M, D, h, m, s;
+        static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+
+        for (i = 0; i < 16; i++) {
+            if ((utcTime[i] < '0') || (utcTime[i] > '9')) {
+                goto badtime;
+            }
+        }
+
+        Y = ((utcTime[0] - '0') * 1000) + ((utcTime[1] - '0') * 100) +
+            ((utcTime[2] - '0') * 10) + (utcTime[3] - '0');
+        M = ((utcTime[4] - '0') * 10) + (utcTime[5] - '0');
+        D = ((utcTime[6] - '0') * 10) + (utcTime[7] - '0');
+        h = ((utcTime[8] - '0') * 10) + (utcTime[9] - '0');
+        m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
+        s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
+
+        if ((Y < 1990) || (Y > 3000))
+            goto badtime; /* Y3K problem.  heh heh heh */
+        if ((M < 1) || (M > 12))
+            goto badtime;
+        if ((D < 1) || (D > 31))
+            goto badtime;
+
+        if (D > dims[M - 1])
+            goto badtime; /* per-month check */
+        if ((2 == M) && (((Y % 4) || !(Y % 100)) &&
+                         (Y % 400)) &&
+            (D > 28))
+            goto badtime; /* leap years */
+
+        if ((h < 0) || (h > 23))
+            goto badtime;
+        if ((m < 0) || (m > 60))
+            goto badtime;
+        if ((s < 0) || (s > 61))
+            goto badtime;
+
+        /* 60m and 60 or 61s is only allowed for leap seconds. */
+        if ((60 == m) || (s >= 60)) {
+            if ((23 != h) || (60 != m) || (s < 60))
+                goto badtime;
+            /* leap seconds can only happen on June 30 or Dec 31.. I think */
+            /* if( ((6 != M) || (30 != D)) && ((12 != M) || (31 != D)) ) goto badtime; */
+        }
+    }
+
+    return CKR_OK;
+
+badtime:
+    return CKR_GENERAL_ERROR;
+}
+
+/*
+ * nssCKFWToken_OpenSession
+ *
+ */
+NSS_IMPLEMENT NSSCKFWSession *
+nssCKFWToken_OpenSession(
+    NSSCKFWToken *fwToken,
+    CK_BBOOL rw,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_RV *pError)
+{
+    NSSCKFWSession *fwSession = (NSSCKFWSession *)NULL;
+    NSSCKMDSession *mdSession;
+
+#ifdef NSSDEBUG
+    if (!pError) {
+        return (NSSCKFWSession *)NULL;
+    }
+
+    *pError = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWSession *)NULL;
+    }
+
+    switch (rw) {
+        case CK_TRUE:
+        case CK_FALSE:
+            break;
+        default:
+            *pError = CKR_ARGUMENTS_BAD;
+            return (NSSCKFWSession *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    *pError = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != *pError) {
+        return (NSSCKFWSession *)NULL;
+    }
+
+    if (CK_TRUE == rw) {
+        /* Read-write session desired */
+        if (CK_TRUE == nssCKFWToken_GetIsWriteProtected(fwToken)) {
+            *pError = CKR_TOKEN_WRITE_PROTECTED;
+            goto done;
+        }
+    } else {
+        /* Read-only session desired */
+        if (CKS_RW_SO_FUNCTIONS == nssCKFWToken_GetSessionState(fwToken)) {
+            *pError = CKR_SESSION_READ_WRITE_SO_EXISTS;
+            goto done;
+        }
+    }
+
+    /* We could compare sesion counts to any limits we know of, I guess.. */
+
+    if (!fwToken->mdToken->OpenSession) {
+        /*
+         * I'm not sure that the Module actually needs to implement
+         * mdSessions -- the Framework can keep track of everything
+         * needed, really.  But I'll sort out that detail later..
+         */
+        *pError = CKR_GENERAL_ERROR;
+        goto done;
+    }
+
+    fwSession = nssCKFWSession_Create(fwToken, rw, pApplication, Notify, pError);
+    if (!fwSession) {
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto done;
+    }
+
+    mdSession = fwToken->mdToken->OpenSession(fwToken->mdToken, fwToken,
+                                              fwToken->mdInstance, fwToken->fwInstance, fwSession,
+                                              rw, pError);
+    if (!mdSession) {
+        (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+        if (CKR_OK == *pError) {
+            *pError = CKR_GENERAL_ERROR;
+        }
+        goto done;
+    }
+
+    *pError = nssCKFWSession_SetMDSession(fwSession, mdSession);
+    if (CKR_OK != *pError) {
+        if (mdSession->Close) {
+            mdSession->Close(mdSession, fwSession, fwToken->mdToken, fwToken,
+                             fwToken->mdInstance, fwToken->fwInstance);
+        }
+        (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+        goto done;
+    }
+
+    *pError = nssCKFWHash_Add(fwToken->sessions, fwSession, fwSession);
+    if (CKR_OK != *pError) {
+        (void)nssCKFWSession_Destroy(fwSession, CK_FALSE);
+        fwSession = (NSSCKFWSession *)NULL;
+        goto done;
+    }
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return fwSession;
+}
+
+/*
+ * nssCKFWToken_GetMechanismCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetMechanismCount(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return 0;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetMechanismCount) {
+        return 0;
+    }
+
+    return fwToken->mdToken->GetMechanismCount(fwToken->mdToken, fwToken,
+                                               fwToken->mdInstance, fwToken->fwInstance);
+}
+
+/*
+ * nssCKFWToken_GetMechanismTypes
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_GetMechanismTypes(
+    NSSCKFWToken *fwToken,
+    CK_MECHANISM_TYPE types[])
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CKR_ARGUMENTS_BAD;
+    }
+
+    if (!types) {
+        return CKR_ARGUMENTS_BAD;
+    }
+#endif /* NSSDEBUG */
+
+    if (!fwToken->mdToken->GetMechanismTypes) {
+        /*
+         * This should only be called with a sufficiently-large
+         * "types" array, which can only be done if GetMechanismCount
+         * is implemented.  If that's implemented (and returns nonzero),
+         * then this should be too.  So return an error.
+         */
+        return CKR_GENERAL_ERROR;
+    }
+
+    return fwToken->mdToken->GetMechanismTypes(fwToken->mdToken, fwToken,
+                                               fwToken->mdInstance, fwToken->fwInstance, types);
+}
+
+/*
+ * nssCKFWToken_GetMechanism
+ *
+ */
+NSS_IMPLEMENT NSSCKFWMechanism *
+nssCKFWToken_GetMechanism(
+    NSSCKFWToken *fwToken,
+    CK_MECHANISM_TYPE which,
+    CK_RV *pError)
+{
+    NSSCKMDMechanism *mdMechanism;
+    if (!fwToken->mdMechanismHash) {
+        *pError = CKR_GENERAL_ERROR;
+        return (NSSCKFWMechanism *)NULL;
+    }
+
+    if (!fwToken->mdToken->GetMechanism) {
+        /*
+         * If we don't implement any GetMechanism function, then we must
+         * not support any.
+         */
+        *pError = CKR_MECHANISM_INVALID;
+        return (NSSCKFWMechanism *)NULL;
+    }
+
+    /* lookup in hash table */
+    mdMechanism = fwToken->mdToken->GetMechanism(fwToken->mdToken, fwToken,
+                                                 fwToken->mdInstance, fwToken->fwInstance, which, pError);
+    if (!mdMechanism) {
+        return (NSSCKFWMechanism *)NULL;
+    }
+    /* store in hash table */
+    return nssCKFWMechanism_Create(mdMechanism, fwToken->mdToken, fwToken,
+                                   fwToken->mdInstance, fwToken->fwInstance);
+}
+
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_SetSessionState(
+    NSSCKFWToken *fwToken,
+    CK_STATE newState)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    switch (newState) {
+        case CKS_RO_PUBLIC_SESSION:
+        case CKS_RO_USER_FUNCTIONS:
+        case CKS_RW_PUBLIC_SESSION:
+        case CKS_RW_USER_FUNCTIONS:
+        case CKS_RW_SO_FUNCTIONS:
+            break;
+        default:
+            return CKR_ARGUMENTS_BAD;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    fwToken->state = newState;
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return CKR_OK;
+}
+
+/*
+ * nssCKFWToken_RemoveSession
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_RemoveSession(
+    NSSCKFWToken *fwToken,
+    NSSCKFWSession *fwSession)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    error = nssCKFWSession_verifyPointer(fwSession);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    if (CK_TRUE != nssCKFWHash_Exists(fwToken->sessions, fwSession)) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto done;
+    }
+
+    nssCKFWHash_Remove(fwToken->sessions, fwSession);
+    fwToken->sessionCount--;
+
+    if (nssCKFWSession_IsRWSession(fwSession)) {
+        fwToken->rwSessionCount--;
+    }
+
+    if (0 == fwToken->sessionCount) {
+        fwToken->rwSessionCount = 0;            /* sanity */
+        fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+    }
+
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWToken_CloseAllSessions
+ *
+ */
+NSS_IMPLEMENT CK_RV
+nssCKFWToken_CloseAllSessions(
+    NSSCKFWToken *fwToken)
+{
+    CK_RV error = CKR_OK;
+
+#ifdef NSSDEBUG
+    error = nssCKFWToken_verifyPointer(fwToken);
+    if (CKR_OK != error) {
+        return error;
+    }
+#endif /* NSSDEBUG */
+
+    error = nssCKFWMutex_Lock(fwToken->mutex);
+    if (CKR_OK != error) {
+        return error;
+    }
+
+    nssCKFWHash_Iterate(fwToken->sessions, nss_ckfwtoken_session_iterator, (void *)NULL);
+
+    nssCKFWHash_Destroy(fwToken->sessions);
+
+    fwToken->sessions = nssCKFWHash_Create(fwToken->fwInstance, fwToken->arena, &error);
+    if (!fwToken->sessions) {
+        if (CKR_OK == error) {
+            error = CKR_GENERAL_ERROR;
+        }
+        goto done;
+    }
+
+    fwToken->state = CKS_RO_PUBLIC_SESSION; /* some default */
+    fwToken->sessionCount = 0;
+    fwToken->rwSessionCount = 0;
+
+    error = CKR_OK;
+
+done:
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return error;
+}
+
+/*
+ * nssCKFWToken_GetSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetSessionCount(
+    NSSCKFWToken *fwToken)
+{
+    CK_ULONG rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+        return (CK_ULONG)0;
+    }
+
+    rv = fwToken->sessionCount;
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWToken_GetRwSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetRwSessionCount(
+    NSSCKFWToken *fwToken)
+{
+    CK_ULONG rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+        return (CK_ULONG)0;
+    }
+
+    rv = fwToken->rwSessionCount;
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWToken_GetRoSessionCount
+ *
+ */
+NSS_IMPLEMENT CK_ULONG
+nssCKFWToken_GetRoSessionCount(
+    NSSCKFWToken *fwToken)
+{
+    CK_ULONG rv;
+
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (CK_ULONG)0;
+    }
+#endif /* NSSDEBUG */
+
+    if (CKR_OK != nssCKFWMutex_Lock(fwToken->mutex)) {
+        return (CK_ULONG)0;
+    }
+
+    rv = fwToken->sessionCount - fwToken->rwSessionCount;
+    (void)nssCKFWMutex_Unlock(fwToken->mutex);
+    return rv;
+}
+
+/*
+ * nssCKFWToken_GetSessionObjectHash
+ *
+ */
+NSS_IMPLEMENT nssCKFWHash *
+nssCKFWToken_GetSessionObjectHash(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (nssCKFWHash *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwToken->sessionObjectHash;
+}
+
+/*
+ * nssCKFWToken_GetMDObjectHash
+ *
+ */
+NSS_IMPLEMENT nssCKFWHash *
+nssCKFWToken_GetMDObjectHash(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (nssCKFWHash *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwToken->mdObjectHash;
+}
+
+/*
+ * nssCKFWToken_GetObjectHandleHash
+ *
+ */
+NSS_IMPLEMENT nssCKFWHash *
+nssCKFWToken_GetObjectHandleHash(
+    NSSCKFWToken *fwToken)
+{
+#ifdef NSSDEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (nssCKFWHash *)NULL;
+    }
+#endif /* NSSDEBUG */
+
+    return fwToken->mdObjectHash;
+}
+
+/*
+ * NSSCKFWToken_GetMDToken
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDToken *
+NSSCKFWToken_GetMDToken(
+    NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (NSSCKMDToken *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWToken_GetMDToken(fwToken);
+}
+
+/*
+ * NSSCKFWToken_GetArena
+ *
+ */
+
+NSS_IMPLEMENT NSSArena *
+NSSCKFWToken_GetArena(
+    NSSCKFWToken *fwToken,
+    CK_RV *pError)
+{
+#ifdef DEBUG
+    if (!pError) {
+        return (NSSArena *)NULL;
+    }
+
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        *pError = CKR_ARGUMENTS_BAD;
+        return (NSSArena *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWToken_GetArena(fwToken, pError);
+}
+
+/*
+ * NSSCKFWToken_GetFWSlot
+ *
+ */
+
+NSS_IMPLEMENT NSSCKFWSlot *
+NSSCKFWToken_GetFWSlot(
+    NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (NSSCKFWSlot *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWToken_GetFWSlot(fwToken);
+}
+
+/*
+ * NSSCKFWToken_GetMDSlot
+ *
+ */
+
+NSS_IMPLEMENT NSSCKMDSlot *
+NSSCKFWToken_GetMDSlot(
+    NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return (NSSCKMDSlot *)NULL;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWToken_GetMDSlot(fwToken);
+}
+
+/*
+ * NSSCKFWToken_GetSessionState
+ *
+ */
+
+NSS_IMPLEMENT CK_STATE
+NSSCKFWSession_GetSessionState(
+    NSSCKFWToken *fwToken)
+{
+#ifdef DEBUG
+    if (CKR_OK != nssCKFWToken_verifyPointer(fwToken)) {
+        return CKS_RO_PUBLIC_SESSION;
+    }
+#endif /* DEBUG */
+
+    return nssCKFWToken_GetSessionState(fwToken);
+}
diff --git a/nss/lib/ckfw/wrap.c b/nss/lib/ckfw/wrap.c
new file mode 100644
index 0000000..44c2e8e
--- /dev/null
+++ b/nss/lib/ckfw/wrap.c
@@ -0,0 +1,5550 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * wrap.c
+ *
+ * This file contains the routines that actually implement the cryptoki
+ * API, using the internal APIs of the NSS Cryptoki Framework.  There is
+ * one routine here for every cryptoki routine.  For linking reasons
+ * the actual entry points passed back with C_GetFunctionList have to
+ * exist in one of the Module's source files; however, those are merely
+ * simple wrappers that call these routines.  The intelligence of the
+ * implementations is here.
+ */
+
+#ifndef CK_T
+#include "ck.h"
+#endif /* CK_T */
+
+/*
+ * NSSCKFWC_Initialize
+ * NSSCKFWC_Finalize
+ * NSSCKFWC_GetInfo
+ * -- NSSCKFWC_GetFunctionList -- see the API insert file
+ * NSSCKFWC_GetSlotList
+ * NSSCKFWC_GetSlotInfo
+ * NSSCKFWC_GetTokenInfo
+ * NSSCKFWC_WaitForSlotEvent
+ * NSSCKFWC_GetMechanismList
+ * NSSCKFWC_GetMechanismInfo
+ * NSSCKFWC_InitToken
+ * NSSCKFWC_InitPIN
+ * NSSCKFWC_SetPIN
+ * NSSCKFWC_OpenSession
+ * NSSCKFWC_CloseSession
+ * NSSCKFWC_CloseAllSessions
+ * NSSCKFWC_GetSessionInfo
+ * NSSCKFWC_GetOperationState
+ * NSSCKFWC_SetOperationState
+ * NSSCKFWC_Login
+ * NSSCKFWC_Logout
+ * NSSCKFWC_CreateObject
+ * NSSCKFWC_CopyObject
+ * NSSCKFWC_DestroyObject
+ * NSSCKFWC_GetObjectSize
+ * NSSCKFWC_GetAttributeValue
+ * NSSCKFWC_SetAttributeValue
+ * NSSCKFWC_FindObjectsInit
+ * NSSCKFWC_FindObjects
+ * NSSCKFWC_FindObjectsFinal
+ * NSSCKFWC_EncryptInit
+ * NSSCKFWC_Encrypt
+ * NSSCKFWC_EncryptUpdate
+ * NSSCKFWC_EncryptFinal
+ * NSSCKFWC_DecryptInit
+ * NSSCKFWC_Decrypt
+ * NSSCKFWC_DecryptUpdate
+ * NSSCKFWC_DecryptFinal
+ * NSSCKFWC_DigestInit
+ * NSSCKFWC_Digest
+ * NSSCKFWC_DigestUpdate
+ * NSSCKFWC_DigestKey
+ * NSSCKFWC_DigestFinal
+ * NSSCKFWC_SignInit
+ * NSSCKFWC_Sign
+ * NSSCKFWC_SignUpdate
+ * NSSCKFWC_SignFinal
+ * NSSCKFWC_SignRecoverInit
+ * NSSCKFWC_SignRecover
+ * NSSCKFWC_VerifyInit
+ * NSSCKFWC_Verify
+ * NSSCKFWC_VerifyUpdate
+ * NSSCKFWC_VerifyFinal
+ * NSSCKFWC_VerifyRecoverInit
+ * NSSCKFWC_VerifyRecover
+ * NSSCKFWC_DigestEncryptUpdate
+ * NSSCKFWC_DecryptDigestUpdate
+ * NSSCKFWC_SignEncryptUpdate
+ * NSSCKFWC_DecryptVerifyUpdate
+ * NSSCKFWC_GenerateKey
+ * NSSCKFWC_GenerateKeyPair
+ * NSSCKFWC_WrapKey
+ * NSSCKFWC_UnwrapKey
+ * NSSCKFWC_DeriveKey
+ * NSSCKFWC_SeedRandom
+ * NSSCKFWC_GenerateRandom
+ * NSSCKFWC_GetFunctionStatus
+ * NSSCKFWC_CancelFunction
+ */
+
+/* figure out out locking semantics */
+static CK_RV
+nssCKFW_GetThreadSafeState(CK_C_INITIALIZE_ARGS_PTR pInitArgs,
+                           CryptokiLockingState *pLocking_state)
+{
+    int functionCount = 0;
+
+    /* parsed according to (PKCS #11 Section 11.4) */
+    /* no args, the degenerate version of case 1 */
+    if (!pInitArgs) {
+        *pLocking_state = SingleThreaded;
+        return CKR_OK;
+    }
+
+    /* CKF_OS_LOCKING_OK set, Cases 2 and 4 */
+    if (pInitArgs->flags & CKF_OS_LOCKING_OK) {
+        *pLocking_state = MultiThreaded;
+        return CKR_OK;
+    }
+    if ((CK_CREATEMUTEX)NULL != pInitArgs->CreateMutex)
+        functionCount++;
+    if ((CK_DESTROYMUTEX)NULL != pInitArgs->DestroyMutex)
+        functionCount++;
+    if ((CK_LOCKMUTEX)NULL != pInitArgs->LockMutex)
+        functionCount++;
+    if ((CK_UNLOCKMUTEX)NULL != pInitArgs->UnlockMutex)
+        functionCount++;
+
+    /* CKF_OS_LOCKING_OK is not set, and not functions supplied,
+     * explicit case 1 */
+    if (0 == functionCount) {
+        *pLocking_state = SingleThreaded;
+        return CKR_OK;
+    }
+
+    /* OS_LOCKING_OK is not set and functions have been supplied. Since
+     * ckfw uses nssbase library which explicitly calls NSPR, and since
+     * there is no way to reliably override these explicit calls to NSPR,
+     * therefore we can't support applications which have their own threading
+     * module.  Return CKR_CANT_LOCK if they supplied the correct number of
+     * arguments, or CKR_ARGUMENTS_BAD if they did not in either case we will
+     * fail the initialize */
+    return (4 == functionCount) ? CKR_CANT_LOCK : CKR_ARGUMENTS_BAD;
+}
+
+static PRInt32 liveInstances;
+
+/*
+ * NSSCKFWC_Initialize
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Initialize(
+    NSSCKFWInstance **pFwInstance,
+    NSSCKMDInstance *mdInstance,
+    CK_VOID_PTR pInitArgs)
+{
+    CK_RV error = CKR_OK;
+    CryptokiLockingState locking_state;
+
+    if ((NSSCKFWInstance **)NULL == pFwInstance) {
+        error = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    if (*pFwInstance) {
+        error = CKR_CRYPTOKI_ALREADY_INITIALIZED;
+        goto loser;
+    }
+
+    if (!mdInstance) {
+        error = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    error = nssCKFW_GetThreadSafeState(pInitArgs, &locking_state);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    *pFwInstance = nssCKFWInstance_Create(pInitArgs, locking_state, mdInstance, &error);
+    if (!*pFwInstance) {
+        goto loser;
+    }
+    PR_ATOMIC_INCREMENT(&liveInstances);
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CANT_LOCK:
+        case CKR_CRYPTOKI_ALREADY_INITIALIZED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_NEED_TO_CREATE_THREADS:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_Finalize
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Finalize(
+    NSSCKFWInstance **pFwInstance)
+{
+    CK_RV error = CKR_OK;
+
+    if ((NSSCKFWInstance **)NULL == pFwInstance) {
+        error = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    if (!*pFwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    error = nssCKFWInstance_Destroy(*pFwInstance);
+
+    /* In any case */
+    *pFwInstance = (NSSCKFWInstance *)NULL;
+
+loser:
+    switch (error) {
+        PRInt32 remainingInstances;
+        case CKR_OK:
+            remainingInstances = PR_ATOMIC_DECREMENT(&liveInstances);
+            if (!remainingInstances) {
+                nssArena_Shutdown();
+            }
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+            break;
+        default:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    /*
+     * A thread's error stack is automatically destroyed when the thread
+     * terminates or, for the primordial thread, by PR_Cleanup.  On
+     * Windows with MinGW, the thread private data destructor PR_Free
+     * registered by this module is actually a thunk for PR_Free defined
+     * in this module.  When the thread that unloads this module terminates
+     * or calls PR_Cleanup, the thunk for PR_Free is already gone with the
+     * module.  Therefore we need to destroy the error stack before the
+     * module is unloaded.
+     */
+    nss_DestroyErrorStack();
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetInfo
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_INFO_PTR pInfo)
+{
+    CK_RV error = CKR_OK;
+
+    if ((CK_INFO_PTR)CK_NULL_PTR == pInfo) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here means a caller error
+     */
+    (void)nsslibc_memset(pInfo, 0, sizeof(CK_INFO));
+
+    pInfo->cryptokiVersion = nssCKFWInstance_GetCryptokiVersion(fwInstance);
+
+    error = nssCKFWInstance_GetManufacturerID(fwInstance, pInfo->manufacturerID);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    pInfo->flags = nssCKFWInstance_GetFlags(fwInstance);
+
+    error = nssCKFWInstance_GetLibraryDescription(fwInstance, pInfo->libraryDescription);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    pInfo->libraryVersion = nssCKFWInstance_GetLibraryVersion(fwInstance);
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+            break;
+        default:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * C_GetFunctionList is implemented entirely in the Module's file which
+ * includes the Framework API insert file.  It requires no "actual"
+ * NSSCKFW routine.
+ */
+
+/*
+ * NSSCKFWC_GetSlotList
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetSlotList(
+    NSSCKFWInstance *fwInstance,
+    CK_BBOOL tokenPresent,
+    CK_SLOT_ID_PTR pSlotList,
+    CK_ULONG_PTR pulCount)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    switch (tokenPresent) {
+        case CK_TRUE:
+        case CK_FALSE:
+            break;
+        default:
+            error = CKR_ARGUMENTS_BAD;
+            goto loser;
+    }
+
+    if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlotList) {
+        *pulCount = nSlots;
+        return CKR_OK;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    (void)nsslibc_memset(pSlotList, 0, *pulCount * sizeof(CK_SLOT_ID));
+
+    if (*pulCount < nSlots) {
+        *pulCount = nSlots;
+        error = CKR_BUFFER_TOO_SMALL;
+        goto loser;
+    } else {
+        CK_ULONG i;
+        *pulCount = nSlots;
+
+        /*
+         * Our secret "mapping": CK_SLOT_IDs are integers [1,N], and we
+         * just index one when we need it.
+         */
+
+        for (i = 0; i < nSlots; i++) {
+            pSlotList[i] = i + 1;
+        }
+
+        return CKR_OK;
+    }
+
+loser:
+    switch (error) {
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetSlotInfo
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetSlotInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_SLOT_INFO_PTR pInfo)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((slotID < 1) || (slotID > nSlots)) {
+        error = CKR_SLOT_ID_INVALID;
+        goto loser;
+    }
+
+    if ((CK_SLOT_INFO_PTR)CK_NULL_PTR == pInfo) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    (void)nsslibc_memset(pInfo, 0, sizeof(CK_SLOT_INFO));
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = slots[slotID - 1];
+
+    error = nssCKFWSlot_GetSlotDescription(fwSlot, pInfo->slotDescription);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    error = nssCKFWSlot_GetManufacturerID(fwSlot, pInfo->manufacturerID);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    if (nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        pInfo->flags |= CKF_TOKEN_PRESENT;
+    }
+
+    if (nssCKFWSlot_GetRemovableDevice(fwSlot)) {
+        pInfo->flags |= CKF_REMOVABLE_DEVICE;
+    }
+
+    if (nssCKFWSlot_GetHardwareSlot(fwSlot)) {
+        pInfo->flags |= CKF_HW_SLOT;
+    }
+
+    pInfo->hardwareVersion = nssCKFWSlot_GetHardwareVersion(fwSlot);
+    pInfo->firmwareVersion = nssCKFWSlot_GetFirmwareVersion(fwSlot);
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SLOT_ID_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetTokenInfo
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetTokenInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_TOKEN_INFO_PTR pInfo)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((slotID < 1) || (slotID > nSlots)) {
+        error = CKR_SLOT_ID_INVALID;
+        goto loser;
+    }
+
+    if ((CK_TOKEN_INFO_PTR)CK_NULL_PTR == pInfo) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    (void)nsslibc_memset(pInfo, 0, sizeof(CK_TOKEN_INFO));
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = slots[slotID - 1];
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    error = nssCKFWToken_GetLabel(fwToken, pInfo->label);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    error = nssCKFWToken_GetManufacturerID(fwToken, pInfo->manufacturerID);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    error = nssCKFWToken_GetModel(fwToken, pInfo->model);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    error = nssCKFWToken_GetSerialNumber(fwToken, pInfo->serialNumber);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    if (nssCKFWToken_GetHasRNG(fwToken)) {
+        pInfo->flags |= CKF_RNG;
+    }
+
+    if (nssCKFWToken_GetIsWriteProtected(fwToken)) {
+        pInfo->flags |= CKF_WRITE_PROTECTED;
+    }
+
+    if (nssCKFWToken_GetLoginRequired(fwToken)) {
+        pInfo->flags |= CKF_LOGIN_REQUIRED;
+    }
+
+    if (nssCKFWToken_GetUserPinInitialized(fwToken)) {
+        pInfo->flags |= CKF_USER_PIN_INITIALIZED;
+    }
+
+    if (nssCKFWToken_GetRestoreKeyNotNeeded(fwToken)) {
+        pInfo->flags |= CKF_RESTORE_KEY_NOT_NEEDED;
+    }
+
+    if (nssCKFWToken_GetHasClockOnToken(fwToken)) {
+        pInfo->flags |= CKF_CLOCK_ON_TOKEN;
+    }
+
+    if (nssCKFWToken_GetHasProtectedAuthenticationPath(fwToken)) {
+        pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
+    }
+
+    if (nssCKFWToken_GetSupportsDualCryptoOperations(fwToken)) {
+        pInfo->flags |= CKF_DUAL_CRYPTO_OPERATIONS;
+    }
+
+    pInfo->ulMaxSessionCount = nssCKFWToken_GetMaxSessionCount(fwToken);
+    pInfo->ulSessionCount = nssCKFWToken_GetSessionCount(fwToken);
+    pInfo->ulMaxRwSessionCount = nssCKFWToken_GetMaxRwSessionCount(fwToken);
+    pInfo->ulRwSessionCount = nssCKFWToken_GetRwSessionCount(fwToken);
+    pInfo->ulMaxPinLen = nssCKFWToken_GetMaxPinLen(fwToken);
+    pInfo->ulMinPinLen = nssCKFWToken_GetMinPinLen(fwToken);
+    pInfo->ulTotalPublicMemory = nssCKFWToken_GetTotalPublicMemory(fwToken);
+    pInfo->ulFreePublicMemory = nssCKFWToken_GetFreePublicMemory(fwToken);
+    pInfo->ulTotalPrivateMemory = nssCKFWToken_GetTotalPrivateMemory(fwToken);
+    pInfo->ulFreePrivateMemory = nssCKFWToken_GetFreePrivateMemory(fwToken);
+    pInfo->hardwareVersion = nssCKFWToken_GetHardwareVersion(fwToken);
+    pInfo->firmwareVersion = nssCKFWToken_GetFirmwareVersion(fwToken);
+
+    error = nssCKFWToken_GetUTCTime(fwToken, pInfo->utcTime);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_DEVICE_REMOVED:
+        case CKR_TOKEN_NOT_PRESENT:
+            if (fwToken)
+                nssCKFWToken_Destroy(fwToken);
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SLOT_ID_INVALID:
+        case CKR_TOKEN_NOT_RECOGNIZED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_WaitForSlotEvent
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_WaitForSlotEvent(
+    NSSCKFWInstance *fwInstance,
+    CK_FLAGS flags,
+    CK_SLOT_ID_PTR pSlot,
+    CK_VOID_PTR pReserved)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    CK_BBOOL block;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+    CK_ULONG i;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    if (flags & ~CKF_DONT_BLOCK) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    block = (flags & CKF_DONT_BLOCK) ? CK_TRUE : CK_FALSE;
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((CK_SLOT_ID_PTR)CK_NULL_PTR == pSlot) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    if ((CK_VOID_PTR)CK_NULL_PTR != pReserved) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = nssCKFWInstance_WaitForSlotEvent(fwInstance, block, &error);
+    if (!fwSlot) {
+        goto loser;
+    }
+
+    for (i = 0; i < nSlots; i++) {
+        if (fwSlot == slots[i]) {
+            *pSlot = (CK_SLOT_ID)(CK_ULONG)(i + 1);
+            return CKR_OK;
+        }
+    }
+
+    error = CKR_GENERAL_ERROR; /* returned something not in the slot list */
+
+loser:
+    switch (error) {
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_NO_EVENT:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetMechanismList
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetMechanismList(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE_PTR pMechanismList,
+    CK_ULONG_PTR pulCount)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+    CK_ULONG count;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((slotID < 1) || (slotID > nSlots)) {
+        error = CKR_SLOT_ID_INVALID;
+        goto loser;
+    }
+
+    if ((CK_ULONG_PTR)CK_NULL_PTR == pulCount) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = slots[slotID - 1];
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    count = nssCKFWToken_GetMechanismCount(fwToken);
+
+    if ((CK_MECHANISM_TYPE_PTR)CK_NULL_PTR == pMechanismList) {
+        *pulCount = count;
+        return CKR_OK;
+    }
+
+    if (*pulCount < count) {
+        *pulCount = count;
+        error = CKR_BUFFER_TOO_SMALL;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    (void)nsslibc_memset(pMechanismList, 0, *pulCount * sizeof(CK_MECHANISM_TYPE));
+
+    *pulCount = count;
+
+    if (0 != count) {
+        error = nssCKFWToken_GetMechanismTypes(fwToken, pMechanismList);
+    } else {
+        error = CKR_OK;
+    }
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    switch (error) {
+        case CKR_DEVICE_REMOVED:
+        case CKR_TOKEN_NOT_PRESENT:
+            if (fwToken)
+                nssCKFWToken_Destroy(fwToken);
+            break;
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SLOT_ID_INVALID:
+        case CKR_TOKEN_NOT_RECOGNIZED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetMechanismInfo
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetMechanismInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE type,
+    CK_MECHANISM_INFO_PTR pInfo)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((slotID < 1) || (slotID > nSlots)) {
+        error = CKR_SLOT_ID_INVALID;
+        goto loser;
+    }
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = slots[slotID - 1];
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    if ((CK_MECHANISM_INFO_PTR)CK_NULL_PTR == pInfo) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    (void)nsslibc_memset(pInfo, 0, sizeof(CK_MECHANISM_INFO));
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, type, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    pInfo->ulMinKeySize = nssCKFWMechanism_GetMinKeySize(fwMechanism, &error);
+    pInfo->ulMaxKeySize = nssCKFWMechanism_GetMaxKeySize(fwMechanism, &error);
+
+    if (nssCKFWMechanism_GetInHardware(fwMechanism, &error)) {
+        pInfo->flags |= CKF_HW;
+    }
+    if (nssCKFWMechanism_GetCanEncrypt(fwMechanism, &error)) {
+        pInfo->flags |= CKF_ENCRYPT;
+    }
+    if (nssCKFWMechanism_GetCanDecrypt(fwMechanism, &error)) {
+        pInfo->flags |= CKF_DECRYPT;
+    }
+    if (nssCKFWMechanism_GetCanDigest(fwMechanism, &error)) {
+        pInfo->flags |= CKF_DIGEST;
+    }
+    if (nssCKFWMechanism_GetCanSign(fwMechanism, &error)) {
+        pInfo->flags |= CKF_SIGN;
+    }
+    if (nssCKFWMechanism_GetCanSignRecover(fwMechanism, &error)) {
+        pInfo->flags |= CKF_SIGN_RECOVER;
+    }
+    if (nssCKFWMechanism_GetCanVerify(fwMechanism, &error)) {
+        pInfo->flags |= CKF_VERIFY;
+    }
+    if (nssCKFWMechanism_GetCanVerifyRecover(fwMechanism, &error)) {
+        pInfo->flags |= CKF_VERIFY_RECOVER;
+    }
+    if (nssCKFWMechanism_GetCanGenerate(fwMechanism, &error)) {
+        pInfo->flags |= CKF_GENERATE;
+    }
+    if (nssCKFWMechanism_GetCanGenerateKeyPair(fwMechanism, &error)) {
+        pInfo->flags |= CKF_GENERATE_KEY_PAIR;
+    }
+    if (nssCKFWMechanism_GetCanWrap(fwMechanism, &error)) {
+        pInfo->flags |= CKF_WRAP;
+    }
+    if (nssCKFWMechanism_GetCanUnwrap(fwMechanism, &error)) {
+        pInfo->flags |= CKF_UNWRAP;
+    }
+    if (nssCKFWMechanism_GetCanDerive(fwMechanism, &error)) {
+        pInfo->flags |= CKF_DERIVE;
+    }
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    return error;
+
+loser:
+    switch (error) {
+        case CKR_DEVICE_REMOVED:
+        case CKR_TOKEN_NOT_PRESENT:
+            if (fwToken)
+                nssCKFWToken_Destroy(fwToken);
+            break;
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_MECHANISM_INVALID:
+        case CKR_SLOT_ID_INVALID:
+        case CKR_TOKEN_NOT_RECOGNIZED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_InitToken
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_InitToken(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen,
+    CK_CHAR_PTR pLabel)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+    NSSItem pin;
+    NSSUTF8 *label;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((slotID < 1) || (slotID > nSlots)) {
+        error = CKR_SLOT_ID_INVALID;
+        goto loser;
+    }
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = slots[slotID - 1];
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    pin.size = (PRUint32)ulPinLen;
+    pin.data = (void *)pPin;
+    label = (NSSUTF8 *)pLabel; /* identity conversion */
+
+    error = nssCKFWToken_InitToken(fwToken, &pin, label);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_DEVICE_REMOVED:
+        case CKR_TOKEN_NOT_PRESENT:
+            if (fwToken)
+                nssCKFWToken_Destroy(fwToken);
+            break;
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_PIN_INCORRECT:
+        case CKR_PIN_LOCKED:
+        case CKR_SESSION_EXISTS:
+        case CKR_SLOT_ID_INVALID:
+        case CKR_TOKEN_NOT_RECOGNIZED:
+        case CKR_TOKEN_WRITE_PROTECTED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_InitPIN
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_InitPIN(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSItem pin, *arg;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
+        arg = (NSSItem *)NULL;
+    } else {
+        arg = &pin;
+        pin.size = (PRUint32)ulPinLen;
+        pin.data = (void *)pPin;
+    }
+
+    error = nssCKFWSession_InitPIN(fwSession, arg);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_PIN_INVALID:
+        case CKR_PIN_LEN_RANGE:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_TOKEN_WRITE_PROTECTED:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_SetPIN
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SetPIN(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pOldPin,
+    CK_ULONG ulOldLen,
+    CK_CHAR_PTR pNewPin,
+    CK_ULONG ulNewLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSItem oldPin, newPin, *oldArg, *newArg;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_CHAR_PTR)CK_NULL_PTR == pOldPin) {
+        oldArg = (NSSItem *)NULL;
+    } else {
+        oldArg = &oldPin;
+        oldPin.size = (PRUint32)ulOldLen;
+        oldPin.data = (void *)pOldPin;
+    }
+
+    if ((CK_CHAR_PTR)CK_NULL_PTR == pNewPin) {
+        newArg = (NSSItem *)NULL;
+    } else {
+        newArg = &newPin;
+        newPin.size = (PRUint32)ulNewLen;
+        newPin.data = (void *)pNewPin;
+    }
+
+    error = nssCKFWSession_SetPIN(fwSession, oldArg, newArg);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_PIN_INCORRECT:
+        case CKR_PIN_INVALID:
+        case CKR_PIN_LEN_RANGE:
+        case CKR_PIN_LOCKED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TOKEN_WRITE_PROTECTED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_OpenSession
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_OpenSession(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID,
+    CK_FLAGS flags,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_SESSION_HANDLE_PTR phSession)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+    NSSCKFWSession *fwSession;
+    CK_BBOOL rw;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((slotID < 1) || (slotID > nSlots)) {
+        error = CKR_SLOT_ID_INVALID;
+        goto loser;
+    }
+
+    if (flags & CKF_RW_SESSION) {
+        rw = CK_TRUE;
+    } else {
+        rw = CK_FALSE;
+    }
+
+    if (flags & CKF_SERIAL_SESSION) {
+        ;
+    } else {
+        error = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
+        goto loser;
+    }
+
+    if (flags & ~(CKF_RW_SESSION | CKF_SERIAL_SESSION)) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    if ((CK_SESSION_HANDLE_PTR)CK_NULL_PTR == phSession) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    *phSession = (CK_SESSION_HANDLE)0;
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = slots[slotID - 1];
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwSession = nssCKFWToken_OpenSession(fwToken, rw, pApplication,
+                                         Notify, &error);
+    if (!fwSession) {
+        goto loser;
+    }
+
+    *phSession = nssCKFWInstance_CreateSessionHandle(fwInstance,
+                                                     fwSession, &error);
+    if ((CK_SESSION_HANDLE)0 == *phSession) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SESSION_COUNT:
+        case CKR_SESSION_EXISTS:
+        case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+        case CKR_SESSION_READ_WRITE_SO_EXISTS:
+        case CKR_SLOT_ID_INVALID:
+        case CKR_TOKEN_NOT_PRESENT:
+        case CKR_TOKEN_NOT_RECOGNIZED:
+        case CKR_TOKEN_WRITE_PROTECTED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_CloseSession
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_CloseSession(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    nssCKFWInstance_DestroySessionHandle(fwInstance, hSession);
+    error = nssCKFWSession_Destroy(fwSession, CK_TRUE);
+
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_CloseAllSessions
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_CloseAllSessions(
+    NSSCKFWInstance *fwInstance,
+    CK_SLOT_ID slotID)
+{
+    CK_RV error = CKR_OK;
+    CK_ULONG nSlots;
+    NSSCKFWSlot **slots;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken = (NSSCKFWToken *)NULL;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nSlots = nssCKFWInstance_GetNSlots(fwInstance, &error);
+    if ((CK_ULONG)0 == nSlots) {
+        goto loser;
+    }
+
+    if ((slotID < 1) || (slotID > nSlots)) {
+        error = CKR_SLOT_ID_INVALID;
+        goto loser;
+    }
+
+    slots = nssCKFWInstance_GetSlots(fwInstance, &error);
+    if ((NSSCKFWSlot **)NULL == slots) {
+        goto loser;
+    }
+
+    fwSlot = slots[slotID - 1];
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    error = nssCKFWToken_CloseAllSessions(fwToken);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SLOT_ID_INVALID:
+        case CKR_TOKEN_NOT_PRESENT:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetSessionInfo
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetSessionInfo(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_SESSION_INFO_PTR pInfo)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWSlot *fwSlot;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_SESSION_INFO_PTR)CK_NULL_PTR == pInfo) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    (void)nsslibc_memset(pInfo, 0, sizeof(CK_SESSION_INFO));
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR;
+        goto loser;
+    }
+
+    pInfo->slotID = nssCKFWSlot_GetSlotID(fwSlot);
+    pInfo->state = nssCKFWSession_GetSessionState(fwSession);
+
+    if (CK_TRUE == nssCKFWSession_IsRWSession(fwSession)) {
+        pInfo->flags |= CKF_RW_SESSION;
+    }
+
+    pInfo->flags |= CKF_SERIAL_SESSION; /* Always true */
+
+    pInfo->ulDeviceError = nssCKFWSession_GetDeviceError(fwSession);
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetOperationState
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetOperationState(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG_PTR pulOperationStateLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    CK_ULONG len;
+    NSSItem buf;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_ULONG_PTR)CK_NULL_PTR == pulOperationStateLen) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    len = nssCKFWSession_GetOperationStateLen(fwSession, &error);
+    if (((CK_ULONG)0 == len) && (CKR_OK != error)) {
+        goto loser;
+    }
+
+    if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) {
+        *pulOperationStateLen = len;
+        return CKR_OK;
+    }
+
+    if (*pulOperationStateLen < len) {
+        *pulOperationStateLen = len;
+        error = CKR_BUFFER_TOO_SMALL;
+        goto loser;
+    }
+
+    buf.size = (PRUint32)*pulOperationStateLen;
+    buf.data = (void *)pOperationState;
+    *pulOperationStateLen = len;
+    error = nssCKFWSession_GetOperationState(fwSession, &buf);
+
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_STATE_UNSAVEABLE:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_SetOperationState
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SetOperationState(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG ulOperationStateLen,
+    CK_OBJECT_HANDLE hEncryptionKey,
+    CK_OBJECT_HANDLE hAuthenticationKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *eKey;
+    NSSCKFWObject *aKey;
+    NSSItem state;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    if ((CK_BYTE_PTR)CK_NULL_PTR == pOperationState) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * We could loop through the buffer, to catch any purify errors
+     * in a place with a "user error" note.
+     */
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_OBJECT_HANDLE)0 == hEncryptionKey) {
+        eKey = (NSSCKFWObject *)NULL;
+    } else {
+        eKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hEncryptionKey);
+        if (!eKey) {
+            error = CKR_KEY_HANDLE_INVALID;
+            goto loser;
+        }
+    }
+
+    if ((CK_OBJECT_HANDLE)0 == hAuthenticationKey) {
+        aKey = (NSSCKFWObject *)NULL;
+    } else {
+        aKey = nssCKFWInstance_ResolveObjectHandle(fwInstance, hAuthenticationKey);
+        if (!aKey) {
+            error = CKR_KEY_HANDLE_INVALID;
+            goto loser;
+        }
+    }
+
+    state.data = pOperationState;
+    state.size = ulOperationStateLen;
+
+    error = nssCKFWSession_SetOperationState(fwSession, &state, eKey, aKey);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_CHANGED:
+        case CKR_KEY_NEEDED:
+        case CKR_KEY_NOT_NEEDED:
+        case CKR_SAVED_STATE_INVALID:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_Login
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Login(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_USER_TYPE userType,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSItem pin, *arg;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_CHAR_PTR)CK_NULL_PTR == pPin) {
+        arg = (NSSItem *)NULL;
+    } else {
+        arg = &pin;
+        pin.size = (PRUint32)ulPinLen;
+        pin.data = (void *)pPin;
+    }
+
+    error = nssCKFWSession_Login(fwSession, userType, arg);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_PIN_EXPIRED:
+        case CKR_PIN_INCORRECT:
+        case CKR_PIN_LOCKED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY_EXISTS:
+        case CKR_USER_ALREADY_LOGGED_IN:
+        case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+        case CKR_USER_PIN_NOT_INITIALIZED:
+        case CKR_USER_TOO_MANY_TYPES:
+        case CKR_USER_TYPE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_Logout
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Logout(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Logout(fwSession);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_CreateObject
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_CreateObject(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phObject)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    *phObject = (CK_OBJECT_HANDLE)0;
+
+    fwObject = nssCKFWSession_CreateObject(fwSession, pTemplate,
+                                           ulCount, &error);
+    if (!fwObject) {
+        goto loser;
+    }
+
+    *phObject = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
+    if ((CK_OBJECT_HANDLE)0 == *phObject) {
+        nssCKFWObject_Destroy(fwObject);
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ATTRIBUTE_READ_ONLY:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TEMPLATE_INCOMPLETE:
+        case CKR_TEMPLATE_INCONSISTENT:
+        case CKR_TOKEN_WRITE_PROTECTED:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_CopyObject
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_CopyObject(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phNewObject)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWObject *fwNewObject;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phNewObject) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    *phNewObject = (CK_OBJECT_HANDLE)0;
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+    if (!fwObject) {
+        error = CKR_OBJECT_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwNewObject = nssCKFWSession_CopyObject(fwSession, fwObject,
+                                            pTemplate, ulCount, &error);
+    if (!fwNewObject) {
+        goto loser;
+    }
+
+    *phNewObject = nssCKFWInstance_CreateObjectHandle(fwInstance,
+                                                      fwNewObject, &error);
+    if ((CK_OBJECT_HANDLE)0 == *phNewObject) {
+        nssCKFWObject_Destroy(fwNewObject);
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ATTRIBUTE_READ_ONLY:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OBJECT_HANDLE_INVALID:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TEMPLATE_INCONSISTENT:
+        case CKR_TOKEN_WRITE_PROTECTED:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_DestroyObject
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DestroyObject(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+    if (!fwObject) {
+        error = CKR_OBJECT_HANDLE_INVALID;
+        goto loser;
+    }
+
+    nssCKFWInstance_DestroyObjectHandle(fwInstance, hObject);
+    nssCKFWObject_Destroy(fwObject);
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OBJECT_HANDLE_INVALID:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TOKEN_WRITE_PROTECTED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetObjectSize
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetObjectSize(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ULONG_PTR pulSize)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+    if (!fwObject) {
+        error = CKR_OBJECT_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_ULONG_PTR)CK_NULL_PTR == pulSize) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    *pulSize = (CK_ULONG)0;
+
+    *pulSize = nssCKFWObject_GetObjectSize(fwObject, &error);
+    if (((CK_ULONG)0 == *pulSize) && (CKR_OK != error)) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_INFORMATION_SENSITIVE:
+        case CKR_OBJECT_HANDLE_INVALID:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetAttributeValue
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetAttributeValue(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    CK_BBOOL sensitive = CK_FALSE;
+    CK_BBOOL invalid = CK_FALSE;
+    CK_BBOOL tooSmall = CK_FALSE;
+    CK_ULONG i;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+    if (!fwObject) {
+        error = CKR_OBJECT_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    for (i = 0; i < ulCount; i++) {
+        CK_ULONG size = nssCKFWObject_GetAttributeSize(fwObject,
+                                                       pTemplate[i].type, &error);
+        if ((CK_ULONG)0 == size) {
+            switch (error) {
+                case CKR_ATTRIBUTE_SENSITIVE:
+                case CKR_INFORMATION_SENSITIVE:
+                    sensitive =
+                        CK_TRUE;
+                    pTemplate[i].ulValueLen =
+                        (CK_ULONG)(-1);
+                    continue;
+                case CKR_ATTRIBUTE_TYPE_INVALID:
+                    invalid =
+                        CK_TRUE;
+                    pTemplate[i].ulValueLen =
+                        (CK_ULONG)(-1);
+                    continue;
+                case CKR_OK:
+                    break;
+                default:
+                    goto loser;
+            }
+        }
+
+        if ((CK_VOID_PTR)CK_NULL_PTR == pTemplate[i].pValue) {
+            pTemplate[i].ulValueLen = size;
+        } else {
+            NSSItem it, *p;
+
+            if (pTemplate[i].ulValueLen < size) {
+                tooSmall = CK_TRUE;
+                continue;
+            }
+
+            it.size = (PRUint32)pTemplate[i].ulValueLen;
+            it.data = (void *)pTemplate[i].pValue;
+            p = nssCKFWObject_GetAttribute(fwObject, pTemplate[i].type, &it,
+                                           (NSSArena *)NULL, &error);
+            if (!p) {
+                switch (error) {
+                    case CKR_ATTRIBUTE_SENSITIVE:
+                    case CKR_INFORMATION_SENSITIVE:
+                        sensitive =
+                            CK_TRUE;
+                        pTemplate[i].ulValueLen =
+                            (CK_ULONG)(-1);
+                        continue;
+                    case CKR_ATTRIBUTE_TYPE_INVALID:
+                        invalid =
+                            CK_TRUE;
+                        pTemplate[i].ulValueLen =
+                            (CK_ULONG)(-1);
+                        continue;
+                    default:
+                        goto loser;
+                }
+            }
+
+            pTemplate[i].ulValueLen = size;
+        }
+    }
+
+    if (sensitive) {
+        error = CKR_ATTRIBUTE_SENSITIVE;
+        goto loser;
+    } else if (invalid) {
+        error = CKR_ATTRIBUTE_TYPE_INVALID;
+        goto loser;
+    } else if (tooSmall) {
+        error = CKR_BUFFER_TOO_SMALL;
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ATTRIBUTE_SENSITIVE:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OBJECT_HANDLE_INVALID:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_SetAttributeValue
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SetAttributeValue(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    CK_ULONG i;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hObject);
+    if (!fwObject) {
+        error = CKR_OBJECT_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    for (i = 0; i < ulCount; i++) {
+        NSSItem value;
+
+        value.data = pTemplate[i].pValue;
+        value.size = pTemplate[i].ulValueLen;
+
+        error = nssCKFWObject_SetAttribute(fwObject, fwSession,
+                                           pTemplate[i].type, &value);
+
+        if (CKR_OK != error) {
+            goto loser;
+        }
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ATTRIBUTE_READ_ONLY:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OBJECT_HANDLE_INVALID:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TEMPLATE_INCONSISTENT:
+        case CKR_TOKEN_WRITE_PROTECTED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_FindObjectsInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_FindObjectsInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWFindObjects *fwFindObjects;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if (((CK_ATTRIBUTE_PTR)CK_NULL_PTR == pTemplate) && (ulCount != 0)) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
+    if (fwFindObjects) {
+        error = CKR_OPERATION_ACTIVE;
+        goto loser;
+    }
+
+    if (CKR_OPERATION_NOT_INITIALIZED != error) {
+        goto loser;
+    }
+
+    fwFindObjects = nssCKFWSession_FindObjectsInit(fwSession,
+                                                   pTemplate, ulCount, &error);
+    if (!fwFindObjects) {
+        goto loser;
+    }
+
+    error = nssCKFWSession_SetFWFindObjects(fwSession, fwFindObjects);
+
+    if (CKR_OK != error) {
+        nssCKFWFindObjects_Destroy(fwFindObjects);
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_FindObjects
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_FindObjects(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE_PTR phObject,
+    CK_ULONG ulMaxObjectCount,
+    CK_ULONG_PTR pulObjectCount)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWFindObjects *fwFindObjects;
+    CK_ULONG i;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_OBJECT_HANDLE_PTR)CK_NULL_PTR == phObject) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+     * A purify error here indicates caller error.
+     */
+    (void)nsslibc_memset(phObject, 0, sizeof(CK_OBJECT_HANDLE) * ulMaxObjectCount);
+    *pulObjectCount = (CK_ULONG)0;
+
+    fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
+    if (!fwFindObjects) {
+        goto loser;
+    }
+
+    for (i = 0; i < ulMaxObjectCount; i++) {
+        NSSCKFWObject *fwObject = nssCKFWFindObjects_Next(fwFindObjects,
+                                                          NULL, &error);
+        if (!fwObject) {
+            break;
+        }
+
+        phObject[i] = nssCKFWInstance_FindObjectHandle(fwInstance, fwObject);
+        if ((CK_OBJECT_HANDLE)0 == phObject[i]) {
+            phObject[i] = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
+        }
+        if ((CK_OBJECT_HANDLE)0 == phObject[i]) {
+            /* This isn't right either, is it? */
+            nssCKFWObject_Destroy(fwObject);
+            goto loser;
+        }
+    }
+
+    *pulObjectCount = i;
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_FindObjectsFinal
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_FindObjectsFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWFindObjects *fwFindObjects;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwFindObjects = nssCKFWSession_GetFWFindObjects(fwSession, &error);
+    if (!fwFindObjects) {
+        error = CKR_OPERATION_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    nssCKFWFindObjects_Destroy(fwFindObjects);
+    error = nssCKFWSession_SetFWFindObjects(fwSession,
+                                            (NSSCKFWFindObjects *)NULL);
+
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_EncryptInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_EncryptInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_EncryptInit(fwMechanism, pMechanism,
+                                         fwSession, fwObject);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_FUNCTION_NOT_PERMITTED:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_TYPE_INCONSISTENT:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_Encrypt
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Encrypt(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG_PTR pulEncryptedDataLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateFinal(fwSession,
+                                       NSSCKFWCryptoOperationType_Encrypt,
+                                       NSSCKFWCryptoOperationState_EncryptDecrypt,
+                                       pData, ulDataLen, pEncryptedData, pulEncryptedDataLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_INVALID:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_CLOSED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_EncryptUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_EncryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Update(fwSession,
+                                  NSSCKFWCryptoOperationType_Encrypt,
+                                  NSSCKFWCryptoOperationState_EncryptDecrypt,
+                                  pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_EncryptFinal
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_EncryptFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastEncryptedPart,
+    CK_ULONG_PTR pulLastEncryptedPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Final(fwSession,
+                                 NSSCKFWCryptoOperationType_Encrypt,
+                                 NSSCKFWCryptoOperationState_EncryptDecrypt,
+                                 pLastEncryptedPart, pulLastEncryptedPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DecryptInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DecryptInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_DecryptInit(fwMechanism, pMechanism,
+                                         fwSession, fwObject);
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_FUNCTION_NOT_PERMITTED:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_TYPE_INCONSISTENT:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_Decrypt
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Decrypt(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG ulEncryptedDataLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateFinal(fwSession,
+                                       NSSCKFWCryptoOperationType_Decrypt,
+                                       NSSCKFWCryptoOperationState_EncryptDecrypt,
+                                       pEncryptedData, ulEncryptedDataLen, pData, pulDataLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_ENCRYPTED_DATA_INVALID:
+        case CKR_ENCRYPTED_DATA_LEN_RANGE:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        case CKR_DATA_LEN_RANGE:
+            error = CKR_ENCRYPTED_DATA_LEN_RANGE;
+            break;
+        case CKR_DATA_INVALID:
+            error = CKR_ENCRYPTED_DATA_INVALID;
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DecryptUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DecryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Update(fwSession,
+                                  NSSCKFWCryptoOperationType_Decrypt,
+                                  NSSCKFWCryptoOperationState_EncryptDecrypt,
+                                  pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_ENCRYPTED_DATA_INVALID:
+        case CKR_ENCRYPTED_DATA_LEN_RANGE:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        case CKR_DATA_LEN_RANGE:
+            error = CKR_ENCRYPTED_DATA_LEN_RANGE;
+            break;
+        case CKR_DATA_INVALID:
+            error = CKR_ENCRYPTED_DATA_INVALID;
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DecryptFinal
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DecryptFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastPart,
+    CK_ULONG_PTR pulLastPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Final(fwSession,
+                                 NSSCKFWCryptoOperationType_Decrypt,
+                                 NSSCKFWCryptoOperationState_EncryptDecrypt,
+                                 pLastPart, pulLastPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_ENCRYPTED_DATA_INVALID:
+        case CKR_ENCRYPTED_DATA_LEN_RANGE:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        case CKR_DATA_LEN_RANGE:
+            error = CKR_ENCRYPTED_DATA_LEN_RANGE;
+            break;
+        case CKR_DATA_INVALID:
+            error = CKR_ENCRYPTED_DATA_INVALID;
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DigestInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DigestInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_DigestInit(fwMechanism, pMechanism, fwSession);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_Digest
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Digest(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateFinal(fwSession,
+                                       NSSCKFWCryptoOperationType_Digest,
+                                       NSSCKFWCryptoOperationState_Digest,
+                                       pData, ulDataLen, pDigest, pulDigestLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DigestUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DigestUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_DigestUpdate(fwSession,
+                                        NSSCKFWCryptoOperationType_Digest,
+                                        NSSCKFWCryptoOperationState_Digest,
+                                        pData, ulDataLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DigestKey
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DigestKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_DigestKey(fwSession, fwObject);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_INDIGESTIBLE:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DigestFinal
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DigestFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Final(fwSession,
+                                 NSSCKFWCryptoOperationType_Digest,
+                                 NSSCKFWCryptoOperationState_Digest,
+                                 pDigest, pulDigestLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_SignInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SignInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_SignInit(fwMechanism, pMechanism, fwSession,
+                                      fwObject);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_FUNCTION_NOT_PERMITTED:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_TYPE_INCONSISTENT:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_Sign
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Sign(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateFinal(fwSession,
+                                       NSSCKFWCryptoOperationType_Sign,
+                                       NSSCKFWCryptoOperationState_SignVerify,
+                                       pData, ulDataLen, pSignature, pulSignatureLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_INVALID:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+        case CKR_FUNCTION_REJECTED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_SignUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SignUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_DigestUpdate(fwSession,
+                                        NSSCKFWCryptoOperationType_Sign,
+                                        NSSCKFWCryptoOperationState_SignVerify,
+                                        pPart, ulPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_SignFinal
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SignFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Final(fwSession,
+                                 NSSCKFWCryptoOperationType_Sign,
+                                 NSSCKFWCryptoOperationState_SignVerify,
+                                 pSignature, pulSignatureLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+        case CKR_FUNCTION_REJECTED:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_SignRecoverInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SignRecoverInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_SignRecoverInit(fwMechanism, pMechanism, fwSession,
+                                             fwObject);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_FUNCTION_NOT_PERMITTED:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_TYPE_INCONSISTENT:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_SignRecover
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SignRecover(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateFinal(fwSession,
+                                       NSSCKFWCryptoOperationType_SignRecover,
+                                       NSSCKFWCryptoOperationState_SignVerify,
+                                       pData, ulDataLen, pSignature, pulSignatureLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_INVALID:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_VerifyInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_VerifyInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_VerifyInit(fwMechanism, pMechanism, fwSession,
+                                        fwObject);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_FUNCTION_NOT_PERMITTED:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_TYPE_INCONSISTENT:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_Verify
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_Verify(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateFinal(fwSession,
+                                       NSSCKFWCryptoOperationType_Verify,
+                                       NSSCKFWCryptoOperationState_SignVerify,
+                                       pData, ulDataLen, pSignature, &ulSignatureLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_INVALID:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SIGNATURE_INVALID:
+        case CKR_SIGNATURE_LEN_RANGE:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_VerifyUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_VerifyUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_DigestUpdate(fwSession,
+                                        NSSCKFWCryptoOperationType_Verify,
+                                        NSSCKFWCryptoOperationState_SignVerify,
+                                        pPart, ulPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_VerifyFinal
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_VerifyFinal(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_Final(fwSession,
+                                 NSSCKFWCryptoOperationType_Verify,
+                                 NSSCKFWCryptoOperationState_SignVerify,
+                                 pSignature, &ulSignatureLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SIGNATURE_INVALID:
+        case CKR_SIGNATURE_LEN_RANGE:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_VerifyRecoverInit
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_VerifyRecoverInit(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_VerifyRecoverInit(fwMechanism, pMechanism,
+                                               fwSession, fwObject);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_FUNCTION_NOT_PERMITTED:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_TYPE_INCONSISTENT:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_CLOSED:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_VerifyRecover
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_VerifyRecover(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateFinal(fwSession,
+                                       NSSCKFWCryptoOperationType_VerifyRecover,
+                                       NSSCKFWCryptoOperationState_SignVerify,
+                                       pSignature, ulSignatureLen, pData, pulDataLen);
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_INVALID:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SIGNATURE_INVALID:
+        case CKR_SIGNATURE_LEN_RANGE:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DigestEncryptUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DigestEncryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateCombo(fwSession,
+                                       NSSCKFWCryptoOperationType_Encrypt,
+                                       NSSCKFWCryptoOperationType_Digest,
+                                       NSSCKFWCryptoOperationState_Digest,
+                                       pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DecryptDigestUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DecryptDigestUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateCombo(fwSession,
+                                       NSSCKFWCryptoOperationType_Decrypt,
+                                       NSSCKFWCryptoOperationType_Digest,
+                                       NSSCKFWCryptoOperationState_Digest,
+                                       pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_ENCRYPTED_DATA_INVALID:
+        case CKR_ENCRYPTED_DATA_LEN_RANGE:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        case CKR_DATA_INVALID:
+            error = CKR_ENCRYPTED_DATA_INVALID;
+            break;
+        case CKR_DATA_LEN_RANGE:
+            error = CKR_ENCRYPTED_DATA_LEN_RANGE;
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_SignEncryptUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SignEncryptUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateCombo(fwSession,
+                                       NSSCKFWCryptoOperationType_Encrypt,
+                                       NSSCKFWCryptoOperationType_Sign,
+                                       NSSCKFWCryptoOperationState_SignVerify,
+                                       pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DecryptVerifyUpdate
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DecryptVerifyUpdate(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    error = nssCKFWSession_UpdateCombo(fwSession,
+                                       NSSCKFWCryptoOperationType_Decrypt,
+                                       NSSCKFWCryptoOperationType_Verify,
+                                       NSSCKFWCryptoOperationState_SignVerify,
+                                       pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DATA_LEN_RANGE:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_ENCRYPTED_DATA_INVALID:
+        case CKR_ENCRYPTED_DATA_LEN_RANGE:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_NOT_INITIALIZED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+            break;
+        case CKR_DATA_INVALID:
+            error = CKR_ENCRYPTED_DATA_INVALID;
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_GenerateKey
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GenerateKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    fwObject = nssCKFWMechanism_GenerateKey(
+        fwMechanism,
+        pMechanism,
+        fwSession,
+        pTemplate,
+        ulCount,
+        &error);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+    if (!fwObject) {
+        goto loser;
+    }
+    *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_ATTRIBUTE_READ_ONLY:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TEMPLATE_INCOMPLETE:
+        case CKR_TEMPLATE_INCONSISTENT:
+        case CKR_TOKEN_WRITE_PROTECTED:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_GenerateKeyPair
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GenerateKeyPair(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount,
+    CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount,
+    CK_OBJECT_HANDLE_PTR phPublicKey,
+    CK_OBJECT_HANDLE_PTR phPrivateKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwPrivateKeyObject;
+    NSSCKFWObject *fwPublicKeyObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    error = nssCKFWMechanism_GenerateKeyPair(
+        fwMechanism,
+        pMechanism,
+        fwSession,
+        pPublicKeyTemplate,
+        ulPublicKeyAttributeCount,
+        pPublicKeyTemplate,
+        ulPublicKeyAttributeCount,
+        &fwPublicKeyObject,
+        &fwPrivateKeyObject);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+    *phPublicKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
+                                                      fwPublicKeyObject,
+                                                      &error);
+    if (CKR_OK != error) {
+        goto loser;
+    }
+    *phPrivateKey = nssCKFWInstance_CreateObjectHandle(fwInstance,
+                                                       fwPrivateKeyObject,
+                                                       &error);
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_ATTRIBUTE_READ_ONLY:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_DOMAIN_PARAMS_INVALID:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TEMPLATE_INCOMPLETE:
+        case CKR_TEMPLATE_INCONSISTENT:
+        case CKR_TOKEN_WRITE_PROTECTED:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_WrapKey
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_WrapKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hWrappingKey,
+    CK_OBJECT_HANDLE hKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG_PTR pulWrappedKeyLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwKeyObject;
+    NSSCKFWObject *fwWrappingKeyObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+    NSSItem wrappedKey;
+    CK_ULONG wrappedKeyLength = 0;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
+                                                              hWrappingKey);
+    if (!fwWrappingKeyObject) {
+        error = CKR_WRAPPING_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hKey);
+    if (!fwKeyObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    /*
+   * first get the length...
+   */
+    wrappedKeyLength = nssCKFWMechanism_GetWrapKeyLength(
+        fwMechanism,
+        pMechanism,
+        fwSession,
+        fwWrappingKeyObject,
+        fwKeyObject,
+        &error);
+    if ((CK_ULONG)0 == wrappedKeyLength) {
+        nssCKFWMechanism_Destroy(fwMechanism);
+        goto loser;
+    }
+    if ((CK_BYTE_PTR)NULL == pWrappedKey) {
+        *pulWrappedKeyLen = wrappedKeyLength;
+        nssCKFWMechanism_Destroy(fwMechanism);
+        return CKR_OK;
+    }
+    if (wrappedKeyLength > *pulWrappedKeyLen) {
+        *pulWrappedKeyLen = wrappedKeyLength;
+        nssCKFWMechanism_Destroy(fwMechanism);
+        error = CKR_BUFFER_TOO_SMALL;
+        goto loser;
+    }
+
+    wrappedKey.data = pWrappedKey;
+    wrappedKey.size = wrappedKeyLength;
+
+    error = nssCKFWMechanism_WrapKey(
+        fwMechanism,
+        pMechanism,
+        fwSession,
+        fwWrappingKeyObject,
+        fwKeyObject,
+        &wrappedKey);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+    *pulWrappedKeyLen = wrappedKey.size;
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_NOT_WRAPPABLE:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_UNEXTRACTABLE:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_WRAPPING_KEY_HANDLE_INVALID:
+        case CKR_WRAPPING_KEY_SIZE_RANGE:
+        case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
+            break;
+        case CKR_KEY_TYPE_INCONSISTENT:
+            error = CKR_WRAPPING_KEY_TYPE_INCONSISTENT;
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_UnwrapKey
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_UnwrapKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hUnwrappingKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG ulWrappedKeyLen,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWObject *fwWrappingKeyObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+    NSSItem wrappedKey;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwWrappingKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance,
+                                                              hUnwrappingKey);
+    if (!fwWrappingKeyObject) {
+        error = CKR_WRAPPING_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    wrappedKey.data = pWrappedKey;
+    wrappedKey.size = ulWrappedKeyLen;
+
+    fwObject = nssCKFWMechanism_UnwrapKey(
+        fwMechanism,
+        pMechanism,
+        fwSession,
+        fwWrappingKeyObject,
+        &wrappedKey,
+        pTemplate,
+        ulAttributeCount,
+        &error);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+    if (!fwObject) {
+        goto loser;
+    }
+    *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_ATTRIBUTE_READ_ONLY:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_BUFFER_TOO_SMALL:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_DOMAIN_PARAMS_INVALID:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TEMPLATE_INCOMPLETE:
+        case CKR_TEMPLATE_INCONSISTENT:
+        case CKR_TOKEN_WRITE_PROTECTED:
+        case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
+        case CKR_UNWRAPPING_KEY_SIZE_RANGE:
+        case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
+        case CKR_USER_NOT_LOGGED_IN:
+        case CKR_WRAPPED_KEY_INVALID:
+        case CKR_WRAPPED_KEY_LEN_RANGE:
+            break;
+        case CKR_KEY_HANDLE_INVALID:
+            error = CKR_UNWRAPPING_KEY_HANDLE_INVALID;
+            break;
+        case CKR_KEY_SIZE_RANGE:
+            error = CKR_UNWRAPPING_KEY_SIZE_RANGE;
+            break;
+        case CKR_KEY_TYPE_INCONSISTENT:
+            error = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT;
+            break;
+        case CKR_ENCRYPTED_DATA_INVALID:
+            error = CKR_WRAPPED_KEY_INVALID;
+            break;
+        case CKR_ENCRYPTED_DATA_LEN_RANGE:
+            error = CKR_WRAPPED_KEY_LEN_RANGE;
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_DeriveKey
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_DeriveKey(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hBaseKey,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSCKFWObject *fwObject;
+    NSSCKFWObject *fwBaseKeyObject;
+    NSSCKFWSlot *fwSlot;
+    NSSCKFWToken *fwToken;
+    NSSCKFWMechanism *fwMechanism;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwBaseKeyObject = nssCKFWInstance_ResolveObjectHandle(fwInstance, hBaseKey);
+    if (!fwBaseKeyObject) {
+        error = CKR_KEY_HANDLE_INVALID;
+        goto loser;
+    }
+
+    fwSlot = nssCKFWSession_GetFWSlot(fwSession);
+    if (!fwSlot) {
+        error = CKR_GENERAL_ERROR; /* should never happen! */
+        goto loser;
+    }
+
+    if (CK_TRUE != nssCKFWSlot_GetTokenPresent(fwSlot)) {
+        error = CKR_TOKEN_NOT_PRESENT;
+        goto loser;
+    }
+
+    fwToken = nssCKFWSlot_GetToken(fwSlot, &error);
+    if (!fwToken) {
+        goto loser;
+    }
+
+    fwMechanism = nssCKFWToken_GetMechanism(fwToken, pMechanism->mechanism, &error);
+    if (!fwMechanism) {
+        goto loser;
+    }
+
+    fwObject = nssCKFWMechanism_DeriveKey(
+        fwMechanism,
+        pMechanism,
+        fwSession,
+        fwBaseKeyObject,
+        pTemplate,
+        ulAttributeCount,
+        &error);
+
+    nssCKFWMechanism_Destroy(fwMechanism);
+    if (!fwObject) {
+        goto loser;
+    }
+    *phKey = nssCKFWInstance_CreateObjectHandle(fwInstance, fwObject, &error);
+
+    if (CKR_OK == error) {
+        return CKR_OK;
+    }
+
+loser:
+    /* verify error */
+    switch (error) {
+        case CKR_ARGUMENTS_BAD:
+        case CKR_ATTRIBUTE_READ_ONLY:
+        case CKR_ATTRIBUTE_TYPE_INVALID:
+        case CKR_ATTRIBUTE_VALUE_INVALID:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_DEVICE_REMOVED:
+        case CKR_DOMAIN_PARAMS_INVALID:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_KEY_HANDLE_INVALID:
+        case CKR_KEY_SIZE_RANGE:
+        case CKR_KEY_TYPE_INCONSISTENT:
+        case CKR_MECHANISM_INVALID:
+        case CKR_MECHANISM_PARAM_INVALID:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_PIN_EXPIRED:
+        case CKR_SESSION_CLOSED:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_SESSION_READ_ONLY:
+        case CKR_TEMPLATE_INCOMPLETE:
+        case CKR_TEMPLATE_INCONSISTENT:
+        case CKR_TOKEN_WRITE_PROTECTED:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+    return error;
+}
+
+/*
+ * NSSCKFWC_SeedRandom
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_SeedRandom(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSeed,
+    CK_ULONG ulSeedLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSItem seed;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_BYTE_PTR)CK_NULL_PTR == pSeed) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /* We could read through the buffer in a Purify trap */
+
+    seed.size = (PRUint32)ulSeedLen;
+    seed.data = (void *)pSeed;
+
+    error = nssCKFWSession_SeedRandom(fwSession, &seed);
+
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_RANDOM_SEED_NOT_SUPPORTED:
+        case CKR_RANDOM_NO_RNG:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GenerateRandom
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GenerateRandom(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pRandomData,
+    CK_ULONG ulRandomLen)
+{
+    CK_RV error = CKR_OK;
+    NSSCKFWSession *fwSession;
+    NSSItem buffer;
+
+    if (!fwInstance) {
+        error = CKR_CRYPTOKI_NOT_INITIALIZED;
+        goto loser;
+    }
+
+    fwSession = nssCKFWInstance_ResolveSessionHandle(fwInstance, hSession);
+    if (!fwSession) {
+        error = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    if ((CK_BYTE_PTR)CK_NULL_PTR == pRandomData) {
+        error = CKR_ARGUMENTS_BAD;
+        goto loser;
+    }
+
+    /*
+   * A purify error here indicates caller error.
+   */
+    (void)nsslibc_memset(pRandomData, 0, ulRandomLen);
+
+    buffer.size = (PRUint32)ulRandomLen;
+    buffer.data = (void *)pRandomData;
+
+    error = nssCKFWSession_GetRandom(fwSession, &buffer);
+
+    if (CKR_OK != error) {
+        goto loser;
+    }
+
+    return CKR_OK;
+
+loser:
+    switch (error) {
+        case CKR_SESSION_CLOSED:
+            /* destroy session? */
+            break;
+        case CKR_DEVICE_REMOVED:
+            /* (void)nssCKFWToken_Destroy(fwToken); */
+            break;
+        case CKR_ARGUMENTS_BAD:
+        case CKR_CRYPTOKI_NOT_INITIALIZED:
+        case CKR_DEVICE_ERROR:
+        case CKR_DEVICE_MEMORY:
+        case CKR_FUNCTION_CANCELED:
+        case CKR_FUNCTION_FAILED:
+        case CKR_GENERAL_ERROR:
+        case CKR_HOST_MEMORY:
+        case CKR_OPERATION_ACTIVE:
+        case CKR_RANDOM_NO_RNG:
+        case CKR_SESSION_HANDLE_INVALID:
+        case CKR_USER_NOT_LOGGED_IN:
+            break;
+        default:
+        case CKR_OK:
+            error = CKR_GENERAL_ERROR;
+            break;
+    }
+
+    return error;
+}
+
+/*
+ * NSSCKFWC_GetFunctionStatus
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_GetFunctionStatus(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+/*
+ * NSSCKFWC_CancelFunction
+ *
+ */
+NSS_IMPLEMENT CK_RV
+NSSCKFWC_CancelFunction(
+    NSSCKFWInstance *fwInstance,
+    CK_SESSION_HANDLE hSession)
+{
+    return CKR_FUNCTION_NOT_PARALLEL;
+}
diff --git a/nss/lib/crmf/Makefile b/nss/lib/crmf/Makefile
new file mode 100644
index 0000000..a774a95
--- /dev/null
+++ b/nss/lib/crmf/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+export:: private_export
diff --git a/nss/lib/crmf/asn1cmn.c b/nss/lib/crmf/asn1cmn.c
new file mode 100644
index 0000000..6cf469f
--- /dev/null
+++ b/nss/lib/crmf/asn1cmn.c
@@ -0,0 +1,216 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate)
+
+static const SEC_ASN1Template CMMFCertResponseTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertResponse) },
+    { SEC_ASN1_INTEGER, offsetof(CMMFCertResponse, certReqId) },
+    { SEC_ASN1_INLINE, offsetof(CMMFCertResponse, status),
+      CMMFPKIStatusInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER,
+      offsetof(CMMFCertResponse, certifiedKeyPair),
+      CMMFCertifiedKeyPairTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template CMMFCertOrEncCertTemplate[] = {
+    { SEC_ASN1_ANY, offsetof(CMMFCertOrEncCert, derValue), NULL,
+      sizeof(CMMFCertOrEncCert) },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertifiedKeyPair) },
+    { SEC_ASN1_INLINE, offsetof(CMMFCertifiedKeyPair, certOrEncCert),
+      CMMFCertOrEncCertTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 0,
+      offsetof(CMMFCertifiedKeyPair, privateKey),
+      CRMFEncryptedValueTemplate },
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(CMMFCertifiedKeyPair, derPublicationInfo),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFPKIStatusInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFPKIStatusInfo) },
+    { SEC_ASN1_INTEGER, offsetof(CMMFPKIStatusInfo, status) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_UTF8_STRING,
+      offsetof(CMMFPKIStatusInfo, statusString) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
+      offsetof(CMMFPKIStatusInfo, failInfo) },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFSequenceOfCertsTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0,
+      SEC_ASN1_SUB(SEC_SignedCertificateTemplate) }
+};
+
+const SEC_ASN1Template CMMFRandTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFRand) },
+    { SEC_ASN1_INTEGER, offsetof(CMMFRand, integer) },
+    { SEC_ASN1_OCTET_STRING, offsetof(CMMFRand, senderHash) },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN,
+      offsetof(CMMFPOPODecKeyRespContent, responses),
+      SEC_ASN1_SUB(SEC_IntegerTemplate),
+      sizeof(CMMFPOPODecKeyRespContent) },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      0,
+      CRMFEncryptedValueTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      0,
+      SEC_ASN1_SUB(SEC_SignedCertificateTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFCertRepContentTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFCertRepContent) },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
+          SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(CMMFCertRepContent, caPubs),
+      CMMFSequenceOfCertsTemplate },
+    { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFCertRepContent, response),
+      CMMFCertResponseTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template CMMFChallengeTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFChallenge) },
+    { SEC_ASN1_POINTER | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN,
+      offsetof(CMMFChallenge, owf),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, witness) },
+    { SEC_ASN1_ANY, offsetof(CMMFChallenge, senderDER) },
+    { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, key) },
+    { SEC_ASN1_OCTET_STRING, offsetof(CMMFChallenge, challenge) },
+    { 0 }
+};
+
+const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, offsetof(CMMFPOPODecKeyChallContent, challenges),
+      CMMFChallengeTemplate, sizeof(CMMFPOPODecKeyChallContent) },
+    { 0 }
+};
+
+SECStatus
+cmmf_decode_process_cert_response(PLArenaPool *poolp,
+                                  CERTCertDBHandle *db,
+                                  CMMFCertResponse *inCertResp)
+{
+    SECStatus rv = SECSuccess;
+
+    if (inCertResp->certifiedKeyPair != NULL) {
+        rv = cmmf_decode_process_certified_key_pair(poolp,
+                                                    db,
+                                                    inCertResp->certifiedKeyPair);
+    }
+    return rv;
+}
+
+static CERTCertificate *
+cmmf_DecodeDERCertificate(CERTCertDBHandle *db, SECItem *derCert)
+{
+    CERTCertificate *newCert;
+
+    newCert = CERT_NewTempCertificate(db, derCert, NULL, PR_FALSE, PR_TRUE);
+    return newCert;
+}
+
+static CMMFCertOrEncCertChoice
+cmmf_get_certorenccertchoice_from_der(SECItem *der)
+{
+    CMMFCertOrEncCertChoice retChoice;
+
+    switch (der->data[0] & 0x0f) {
+        case 0:
+            retChoice = cmmfCertificate;
+            break;
+        case 1:
+            retChoice = cmmfEncryptedCert;
+            break;
+        default:
+            retChoice = cmmfNoCertOrEncCert;
+            break;
+    }
+    return retChoice;
+}
+
+static SECStatus
+cmmf_decode_process_certorenccert(PLArenaPool *poolp,
+                                  CERTCertDBHandle *db,
+                                  CMMFCertOrEncCert *inCertOrEncCert)
+{
+    SECStatus rv = SECSuccess;
+
+    inCertOrEncCert->choice =
+        cmmf_get_certorenccertchoice_from_der(&inCertOrEncCert->derValue);
+
+    switch (inCertOrEncCert->choice) {
+        case cmmfCertificate: {
+            /* The DER has implicit tagging, so we gotta switch it to
+             * un-tagged in order for the ASN1 parser to understand it.
+             * Saving the bits that were changed.
+             */
+            inCertOrEncCert->derValue.data[0] = 0x30;
+            inCertOrEncCert->cert.certificate =
+                cmmf_DecodeDERCertificate(db, &inCertOrEncCert->derValue);
+            if (inCertOrEncCert->cert.certificate == NULL) {
+                rv = SECFailure;
+            }
+
+        } break;
+        case cmmfEncryptedCert:
+            PORT_Assert(poolp);
+            if (!poolp) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+                break;
+            }
+            inCertOrEncCert->cert.encryptedCert =
+                PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+            if (inCertOrEncCert->cert.encryptedCert == NULL) {
+                rv = SECFailure;
+                break;
+            }
+            rv = SEC_ASN1Decode(poolp, inCertOrEncCert->cert.encryptedCert,
+                                CMMFCertOrEncCertEncryptedCertTemplate,
+                                (const char *)inCertOrEncCert->derValue.data,
+                                inCertOrEncCert->derValue.len);
+            break;
+        default:
+            rv = SECFailure;
+    }
+    return rv;
+}
+
+SECStatus
+cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
+                                       CERTCertDBHandle *db,
+                                       CMMFCertifiedKeyPair *inCertKeyPair)
+{
+    return cmmf_decode_process_certorenccert(poolp,
+                                             db,
+                                             &inCertKeyPair->certOrEncCert);
+}
diff --git a/nss/lib/crmf/challcli.c b/nss/lib/crmf/challcli.c
new file mode 100644
index 0000000..a928438
--- /dev/null
+++ b/nss/lib/crmf/challcli.c
@@ -0,0 +1,238 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "secitem.h"
+#include "pk11func.h"
+#include "secder.h"
+#include "sechash.h"
+
+CMMFPOPODecKeyChallContent *
+CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len)
+{
+    PLArenaPool *poolp;
+    CMMFPOPODecKeyChallContent *challContent;
+    SECStatus rv;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
+    if (challContent == NULL) {
+        goto loser;
+    }
+    challContent->poolp = poolp;
+    rv = SEC_ASN1Decode(poolp, challContent,
+                        CMMFPOPODecKeyChallContentTemplate, buf, len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (challContent->challenges) {
+        while (challContent->challenges[challContent->numChallenges] != NULL) {
+            challContent->numChallenges++;
+        }
+        challContent->numAllocated = challContent->numChallenges;
+    }
+    return challContent;
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
+
+int
+CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont)
+{
+    PORT_Assert(inKeyChallCont != NULL);
+    if (inKeyChallCont == NULL) {
+        return 0;
+    }
+    return inKeyChallCont->numChallenges;
+}
+
+SECItem *
+CMMF_POPODecKeyChallContentGetPublicValue(CMMFPOPODecKeyChallContent *inKeyChallCont,
+                                          int inIndex)
+{
+    PORT_Assert(inKeyChallCont != NULL);
+    if (inKeyChallCont == NULL || (inIndex > inKeyChallCont->numChallenges - 1) ||
+        inIndex < 0) {
+        return NULL;
+    }
+    return SECITEM_DupItem(&inKeyChallCont->challenges[inIndex]->key);
+}
+
+static SECAlgorithmID *
+cmmf_get_owf(CMMFPOPODecKeyChallContent *inChalCont,
+             int inIndex)
+{
+    int i;
+
+    for (i = inIndex; i >= 0; i--) {
+        if (inChalCont->challenges[i]->owf != NULL) {
+            return inChalCont->challenges[i]->owf;
+        }
+    }
+    return NULL;
+}
+
+SECStatus
+CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
+                                         int inIndex,
+                                         SECKEYPrivateKey *inPrivKey)
+{
+    CMMFChallenge *challenge;
+    SECItem *decryptedRand = NULL;
+    PLArenaPool *poolp = NULL;
+    SECAlgorithmID *owf;
+    SECStatus rv = SECFailure;
+    SECOidTag tag;
+    CMMFRand randStr;
+    SECItem hashItem;
+    unsigned char hash[HASH_LENGTH_MAX];
+
+    PORT_Assert(inChalCont != NULL && inPrivKey != NULL);
+    if (inChalCont == NULL || inIndex < 0 || inIndex > inChalCont->numChallenges ||
+        inPrivKey == NULL) {
+        return SECFailure;
+    }
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        goto loser;
+    }
+
+    challenge = inChalCont->challenges[inIndex];
+    decryptedRand = SECITEM_AllocItem(poolp, NULL, challenge->challenge.len);
+    if (decryptedRand == NULL) {
+        goto loser;
+    }
+    rv = PK11_PrivDecryptPKCS1(inPrivKey, decryptedRand->data,
+                               &decryptedRand->len, decryptedRand->len,
+                               challenge->challenge.data, challenge->challenge.len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SEC_ASN1DecodeItem(poolp, &randStr, CMMFRandTemplate,
+                            decryptedRand);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECFailure; /* Just so that when we do go to loser,
+                      * I won't have to set it again.
+                      */
+    owf = cmmf_get_owf(inChalCont, inIndex);
+    if (owf == NULL) {
+        /* No hashing algorithm came with the challenges.  Can't verify */
+        goto loser;
+    }
+    /* Verify the hashes in the challenge */
+    tag = SECOID_FindOIDTag(&owf->algorithm);
+    hashItem.len = HASH_ResultLenByOidTag(tag);
+    if (!hashItem.len)
+        goto loser; /* error code has been set */
+
+    rv = PK11_HashBuf(tag, hash, randStr.integer.data, randStr.integer.len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    hashItem.data = hash;
+    if (SECITEM_CompareItem(&hashItem, &challenge->witness) != SECEqual) {
+        /* The hash for the data we decrypted doesn't match the hash provided
+         * in the challenge.  Bail out.
+         */
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        rv = SECFailure;
+        goto loser;
+    }
+    rv = PK11_HashBuf(tag, hash, challenge->senderDER.data,
+                      challenge->senderDER.len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (SECITEM_CompareItem(&hashItem, &randStr.senderHash) != SECEqual) {
+        /* The hash for the data we decrypted doesn't match the hash provided
+         * in the challenge.  Bail out.
+         */
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        rv = SECFailure;
+        goto loser;
+    }
+    /* All of the hashes have verified, so we can now store the integer away.*/
+    rv = SECITEM_CopyItem(inChalCont->poolp, &challenge->randomNumber,
+                          &randStr.integer);
+loser:
+    if (poolp) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return rv;
+}
+
+SECStatus
+CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChallCont,
+                                           int inIndex,
+                                           long *inDest)
+{
+    CMMFChallenge *challenge;
+
+    PORT_Assert(inKeyChallCont != NULL);
+    if (inKeyChallCont == NULL || inIndex > 0 || inIndex >= inKeyChallCont->numChallenges) {
+        return SECFailure;
+    }
+    challenge = inKeyChallCont->challenges[inIndex];
+    if (challenge->randomNumber.data == NULL) {
+        /* There is no random number here, nothing to see. */
+        return SECFailure;
+    }
+    *inDest = DER_GetInteger(&challenge->randomNumber);
+    return (*inDest == -1) ? SECFailure : SECSuccess;
+}
+
+SECStatus
+CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
+                                 int inNumRand,
+                                 CRMFEncoderOutputCallback inCallback,
+                                 void *inArg)
+{
+    PLArenaPool *poolp;
+    CMMFPOPODecKeyRespContent *response;
+    SECItem *currItem;
+    SECStatus rv = SECFailure;
+    int i;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return SECFailure;
+    }
+    response = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent);
+    if (response == NULL) {
+        goto loser;
+    }
+    response->responses = PORT_ArenaZNewArray(poolp, SECItem *, inNumRand + 1);
+    if (response->responses == NULL) {
+        goto loser;
+    }
+    for (i = 0; i < inNumRand; i++) {
+        currItem = response->responses[i] = PORT_ArenaZNew(poolp, SECItem);
+        if (currItem == NULL) {
+            goto loser;
+        }
+        currItem = SEC_ASN1EncodeInteger(poolp, currItem, inDecodedRand[i]);
+        if (currItem == NULL) {
+            goto loser;
+        }
+    }
+    rv = cmmf_user_encode(response, inCallback, inArg,
+                          CMMFPOPODecKeyRespContentTemplate);
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return rv;
+}
diff --git a/nss/lib/crmf/cmmf.h b/nss/lib/crmf/cmmf.h
new file mode 100644
index 0000000..1e39a8d
--- /dev/null
+++ b/nss/lib/crmf/cmmf.h
@@ -0,0 +1,1082 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CMMF_H_
+#define _CMMF_H_
+/*
+ * These are the functions exported by the security library for
+ * implementing Certificate Management Message Formats (CMMF).
+ *
+ * This API is designed against July 1998 CMMF draft.  Please read this
+ * draft before trying to use this API in an application that use CMMF.
+ */
+#include "seccomon.h"
+#include "cmmft.h"
+#include "crmf.h"
+
+SEC_BEGIN_PROTOS
+
+/******************* Creation Functions *************************/
+
+/*
+ * FUNCTION: CMMF_CreateCertRepContent
+ * INPUTS:
+ *    NONE
+ * NOTES:
+ *    This function will create an empty CMMFCertRepContent Structure.
+ *    The client of the library must set the CMMFCertResponses.
+ *    Call CMMF_CertRepContentSetCertResponse to accomplish this task.
+ *    If the client of the library also wants to include the chain of
+ *    CA certs required to make the certificates in CMMFCertResponse valid,
+ *    then the user must also set the caPubs field of CMMFCertRepContent.
+ *    Call CMMF_CertRepContentSetCAPubs to accomplish this.  After setting
+ *    the desired fields, the user can then call CMMF_EncodeCertRepContent
+ *    to DER-encode the CertRepContent.
+ * RETURN:
+ *    A pointer to the CMMFCertRepContent.  A NULL return value indicates
+ *    an error in allocating memory or failure to initialize the structure.
+ */
+extern CMMFCertRepContent *CMMF_CreateCertRepContent(void);
+
+/*
+ * FUNCTION: CMMF_CreateCertRepContentFromDER
+ * INPUTS
+ *    db
+ *        The certificate database where the certificates will be placed.
+ *        The certificates will be placed in the temporary database associated
+ *        with the handle.
+ *    buf
+ *        A buffer to the DER-encoded CMMFCertRepContent
+ *    len
+ *        The length in bytes of the buffer 'buf'
+ * NOTES:
+ *    This function passes the buffer to the ASN1 decoder and creates a
+ *    CMMFCertRepContent structure.  The user must call
+ *    CMMF_DestroyCertRepContent after the return value is no longer needed.
+ *
+ * RETURN:
+ *    A pointer to the CMMFCertRepContent structure.  A NULL return
+ *    value indicates the library was unable to parse the DER.
+ */
+extern CMMFCertRepContent *
+CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db,
+                                 const char *buf,
+                                 long len);
+
+/*
+ * FUNCTION: CMMF_CreateCertResponse
+ * INPUTS:
+ *    inCertReqId
+ *        The Certificate Request Id this response is for.
+ * NOTES:
+ *    This creates a CMMFCertResponse.  This response should correspond
+ *    to a request that was received via CRMF.  From the CRMF message you
+ *    can get the Request Id to pass in as inCertReqId, in essence binding
+ *    a CMRFCertRequest message to the CMMFCertResponse created by this
+ *    function.  If no requuest id is associated with the response to create
+ *    then the user should pass in -1 for 'inCertReqId'.
+ *
+ * RETURN:
+ *    A pointer to the new CMMFCertResponse corresponding to the request id
+ *    passed in.  A NULL return value indicates an error while trying to
+ *    create the CMMFCertResponse.
+ */
+extern CMMFCertResponse *CMMF_CreateCertResponse(long inCertReqId);
+
+/*
+ * FUNCTION: CMMF_CreateKeyRecRepContent
+ * INPUTS:
+ *    NONE
+ * NOTES:
+ *    This function creates a new empty CMMFKeyRecRepContent structure.
+ *    At the very minimum, the user  must call
+ *    CMMF_KeyRecRepContentSetPKIStatusInfoStatus field to have an
+ *    encodable structure.  Depending on what the response is, the user may
+ *    have to set other fields as well to properly build up the structure so
+ *    that it can be encoded.  Refer to the CMMF draft for how to properly
+ *    set up a CMMFKeyRecRepContent. This is the structure that an RA returns
+ *    to an end entity when doing key recovery.
+
+ *    The user must call CMMF_DestroyKeyRecRepContent when the return value
+ *    is no longer needed.
+ * RETURN:
+ *    A pointer to the empty CMMFKeyRecRepContent.  A return value of NULL
+ *    indicates an error in allocating memory or initializing the structure.
+ */
+extern CMMFKeyRecRepContent *CMMF_CreateKeyRecRepContent(void);
+
+/*
+ * FUNCTION: CMMF_CreateKeyRecRepContentFromDER
+ * INPUTS:
+ *    db
+ *        The handle for the certificate database where the decoded
+ *        certificates will be placed.  The decoded certificates will
+ *        be placed in the temporary database associated with the
+ *        handle.
+ *    buf
+ *        A buffer contatining the DER-encoded CMMFKeyRecRepContent
+ *    len
+ *        The length in bytes of the buffer 'buf'
+ * NOTES
+ *    This function passes the buffer to the ASN1 decoder and creates a
+ *    CMMFKeyRecRepContent structure.
+ *
+ * RETURN:
+ *    A pointer to the CMMFKeyRecRepContent structure.  A NULL return
+ *    value indicates the library was unable to parse the DER.
+ */
+extern CMMFKeyRecRepContent *
+CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db,
+                                   const char *buf,
+                                   long len);
+
+/*
+ * FUNCTION: CMMF_CreatePOPODecKeyChallContent
+ * INPUTS:
+ *    NONE
+ * NOTES:
+ *    This function creates an empty CMMFPOPODecKeyChallContent.  The user
+ *    must add the challenges individually specifying the random number to
+ *    be used and the public key to be used when creating each individual
+ *    challenge.  User can accomplish this by calling the function
+ *    CMMF_POPODecKeyChallContentSetNextChallenge.
+ * RETURN:
+ *    A pointer to a CMMFPOPODecKeyChallContent structure.  Ther user can
+ *    then call CMMF_EncodePOPODecKeyChallContent passing in the return
+ *    value from this function after setting all of the challenges.  A
+ *    return value of NULL indicates an error while creating the
+ *    CMMFPOPODecKeyChallContent structure.
+ */
+extern CMMFPOPODecKeyChallContent *
+CMMF_CreatePOPODecKeyChallContent(void);
+
+/*
+ * FUNCTION: CMMF_CreatePOPODecKeyChallContentFromDER
+ * INPUTS
+ *    buf
+ *        A buffer containing the DER-encoded CMMFPOPODecKeyChallContent
+ *    len
+ *        The length in bytes of the buffer 'buf'
+ * NOTES:
+ *    This function passes the buffer to the ASN1 decoder and creates a
+ *    CMMFPOPODecKeyChallContent structure.
+ *
+ * RETURN:
+ *    A pointer to the CMMFPOPODecKeyChallContent structure.  A NULL return
+ *    value indicates the library was unable to parse the DER.
+ */
+extern CMMFPOPODecKeyChallContent *
+CMMF_CreatePOPODecKeyChallContentFromDER(const char *buf, long len);
+
+/*
+ * FUNCTION: CMMF_CreatePOPODecKeyRespContentFromDER
+ * INPUTS:
+ *    buf
+ *        A buffer contatining the DER-encoded CMMFPOPODecKeyRespContent
+ *    len
+ *        The length in bytes of the buffer 'buf'
+ * NOTES
+ *    This function passes the buffer to the ASN1 decoder and creates a
+ *    CMMFPOPODecKeyRespContent structure.
+ *
+ * RETURN:
+ *    A pointer to the CMMFPOPODecKeyRespContent structure.  A NULL return
+ *    value indicates the library was unable to parse the DER.
+ */
+extern CMMFPOPODecKeyRespContent *
+CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len);
+
+/************************** Set Functions *************************/
+
+/*
+ * FUNCTION: CMMF_CertRepContentSetCertResponses
+ * INPUTS:
+ *    inCertRepContent
+ *        The CMMFCertRepContent to operate on.
+ *    inCertResponses
+ *        An array of pointers to CMMFCertResponse structures to
+ *        add to the CMMFCertRepContent structure.
+ *    inNumResponses
+ *        The length of the array 'inCertResponses'
+ * NOTES:
+ *    This function will add the CMMFCertResponse structure to the
+ *    CMMFCertRepContent passed in.  The CMMFCertResponse field of
+ *    CMMFCertRepContent is required, so the client must call this function
+ *    before calling CMMF_EncodeCertRepContent.  If the user calls
+ *    CMMF_EncodeCertRepContent before calling this function,
+ *    CMMF_EncodeCertRepContent will fail.
+ *
+ * RETURN:
+ *    SECSuccess if adding the CMMFCertResponses to the CMMFCertRepContent
+ *    structure was successful.  Any other return value indicates an error
+ *    while trying to add the CMMFCertResponses.
+ */
+extern SECStatus
+CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
+                                    CMMFCertResponse **inCertResponses,
+                                    int inNumResponses);
+
+/*
+ * FUNCTION: CMMF_CertRepContentSetCAPubs
+ * INPUTS:
+ *    inCertRepContent
+ *        The CMMFCertRepContent to operate on.
+ *    inCAPubs
+ *        The certificate list which makes up the chain of CA certificates
+ *        required to make the issued cert valid.
+ * NOTES:
+ *    This function will set the the certificates in the CA chain as part
+ *    of the CMMFCertRepContent.  This field is an optional member of the
+ *    CMMFCertRepContent structure, so the client is not required to call
+ *    this function before calling CMMF_EncodeCertRepContent.
+ *
+ * RETURN:
+ *    SECSuccess if adding the 'inCAPubs' to the CERTRepContent was successful.
+ *    Any other return value indicates an error while adding 'inCAPubs' to the
+ *    CMMFCertRepContent structure.
+ *
+ */
+extern SECStatus
+CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
+                             CERTCertList *inCAPubs);
+
+/*
+ * FUNCTION: CMMF_CertResponseSetPKIStatusInfoStatus
+ * INPUTS:
+ *    inCertResp
+ *        The CMMFCertResponse to operate on.
+ *     inPKIStatus
+ *        The value to set for the PKIStatusInfo.status field.
+ * NOTES:
+ *    This function will set the CertResponse.status.status field of
+ *    the CMMFCertResponse structure.  (View the definition of CertResponse
+ *    in the CMMF draft to see exactly which value this talks about.)  This
+ *    field is a required member of the structure, so the user must call this
+ *    function in order to have a CMMFCertResponse that can be encoded.
+ *
+ * RETURN:
+ *    SECSuccess if setting the field with the passed in value was successful.
+ *    Any other return value indicates an error while trying to set the field.
+ */
+extern SECStatus
+CMMF_CertResponseSetPKIStatusInfoStatus(CMMFCertResponse *inCertResp,
+                                        CMMFPKIStatus inPKIStatus);
+
+/*
+ * FUNCTION: CMMF_CertResponseSetCertificate
+ * INPUTS:
+ *    inCertResp
+ *        The CMMFCertResponse to operate on.
+ *    inCertificate
+ *        The certificate to add to the
+ *        CertResponse.CertifiedKeyPair.certOrEncCert.certificate field.
+ * NOTES:
+ *    This function will take the certificate and make it a member of the
+ *    CMMFCertResponse.  The certificate should be the actual certificate
+ *    being issued via the response.
+ *
+ * RETURN:
+ *    SECSuccess if adding the certificate to the response was successful.
+ *    Any other return value indicates an error in adding the certificate to
+ *    the CertResponse.
+ */
+extern SECStatus
+CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp,
+                                CERTCertificate *inCertificate);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentSetPKIStatusInfoStatus
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to operate on.
+ *    inPKIStatus
+ *        The value to set the PKIStatusInfo.status field to.
+ * NOTES:
+ *    This function sets the only required field for the KeyRecRepContent.
+ *    In most cases, the user will set this field and other fields of the
+ *    structure to properly create the CMMFKeyRecRepContent structure.
+ *    Refer to the CMMF draft to see which fields need to be set in order
+ *    to create the desired CMMFKeyRecRepContent.
+ *
+ * RETURN:
+ *    SECSuccess if setting the PKIStatusInfo.status field was successful.
+ *    Any other return value indicates an error in setting the field.
+ */
+extern SECStatus
+CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
+                                            CMMFPKIStatus inPKIStatus);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentSetNewSignCert
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to operate on.
+ *    inNewSignCert
+ *        The new signing cert to add to the CMMFKeyRecRepContent structure.
+ * NOTES:
+ *    This function sets the new signeing cert in the CMMFKeyRecRepContent
+ *    structure.
+ *
+ * RETURN:
+ *    SECSuccess if setting the new signing cert was successful.  Any other
+ *    return value indicates an error occurred while trying to add the
+ *    new signing certificate.
+ */
+extern SECStatus
+CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
+                                    CERTCertificate *inNewSignCert);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentSetCACerts
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to operate on.
+ *    inCACerts
+ *        The list of CA certificates required to construct a valid
+ *        certificate chain with the certificates that will be returned
+ *        to the end user via this KeyRecRepContent.
+ * NOTES:
+ *    This function sets the caCerts that are required to form a chain with the
+ *    end entity certificates that are being re-issued in this
+ *    CMMFKeyRecRepContent structure.
+ *
+ * RETURN:
+ *    SECSuccess if adding the caCerts was successful.  Any other return value
+ *    indicates an error while tring to add the caCerts.
+ */
+extern SECStatus
+CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
+                                CERTCertList *inCACerts);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentSetCertifiedKeyPair
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to operate on.
+ *    inCert
+ *        The certificate to add to the CMMFKeyRecRepContent structure.
+ *    inPrivKey
+ *        The private key associated with the certificate above passed in.
+ *    inPubKey
+ *        The public key to use for wrapping the private key.
+ * NOTES:
+ *    This function adds another certificate-key pair to the
+ *    CMMFKeyRecRepcontent structure.  There may be more than one
+ *    certificate-key pair in the structure, so the user must call this
+ *    function multiple times to add more than one cert-key pair.
+ *
+ * RETURN:
+ *    SECSuccess if adding the certified key pair was successful.  Any other
+ *    return value indicates an error in adding certified key pair to
+ *    CMMFKeyRecRepContent structure.
+ */
+extern SECStatus
+CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
+                                         CERTCertificate *inCert,
+                                         SECKEYPrivateKey *inPrivKey,
+                                         SECKEYPublicKey *inPubKey);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge
+ * INPUTS:
+ *    inDecKeyChall
+ *        The CMMFPOPODecKeyChallContent to operate on.
+ *    inRandom
+ *        The random number to use when generating the challenge,
+ *    inSender
+ *        The GeneralName representation of the sender of the challenge.
+ *    inPubKey
+ *        The public key to use when encrypting the challenge.
+ *    passwdArg
+ *        This value will be passed to the function used for getting a
+ *        password.  The password for getting a password should be registered
+ *        by calling PK11_SetPasswordFunc before this function is called.
+ *        If no password callback is registered and the library needs to
+ *        authenticate to the slot for any reason, this function will fail.
+ * NOTES:
+ *    This function adds a challenge to the end of the list of challenges
+ *    contained by 'inDecKeyChall'.  Refer to the CMMF draft on how the
+ *    the random number passed in and the sender's GeneralName are used
+ *    to generate the challenge and witness fields of the challenge.  This
+ *    library will use SHA1 as the one-way function for generating the
+ *    witess field of the challenge.
+ *
+ * RETURN:
+ *    SECSuccess if generating the challenge and adding to the end of list
+ *    of challenges was successful.  Any other return value indicates an error
+ *    while trying to generate the challenge.
+ */
+extern SECStatus
+CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall,
+                                            long inRandom,
+                                            CERTGeneralName *inSender,
+                                            SECKEYPublicKey *inPubKey,
+                                            void *passwdArg);
+
+/************************** Encoding Functions *************************/
+
+/*
+ * FUNCTION: CMMF_EncodeCertRepContent
+ * INPUTS:
+ *    inCertRepContent
+ *        The CMMFCertRepContent to DER-encode.
+ *    inCallback
+ *        A callback function that the ASN1 encoder will call whenever it
+ *        wants to write out DER-encoded bytes.  Look at the defintion of
+ *        CRMFEncoderOutputCallback in crmft.h for a description of the
+ *        parameters to the function.
+ *    inArg
+ *        An opaque pointer to a user-supplied argument that will be passed
+ *        to the callback funtion whenever the function is called.
+ * NOTES:
+ *    The CMMF library will use the same DER-encoding scheme as the CRMF
+ *    library.  In other words, when reading CRMF comments that pertain to
+ *    encoding, those comments apply to the CMMF libray as well.
+ *    The callback function will be called multiple times, each time supplying
+ *    the next chunk of DER-encoded bytes.  The user must concatenate the
+ *    output of each successive call to the callback in order to get the
+ *    entire DER-encoded CMMFCertRepContent structure.
+ *
+ * RETURN:
+ *    SECSuccess if encoding the CMMFCertRepContent was successful.  Any
+ *    other return value indicates an error while decoding the structure.
+ */
+extern SECStatus
+CMMF_EncodeCertRepContent(CMMFCertRepContent *inCertRepContent,
+                          CRMFEncoderOutputCallback inCallback,
+                          void *inArg);
+
+/*
+ * FUNCTION: CMMF_EncodeKeyRecRepContent
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRepContent to DER-encode.
+ *    inCallback
+ *        A callback function that the ASN1 encoder will call whenever it
+ *        wants to write out DER-encoded bytes.  Look at the defintion of
+ *        CRMFEncoderOutputCallback in crmft.h for a description of the
+ *        parameters to the function.
+ *    inArg
+ *        An opaque pointer to a user-supplied argument that will be passed
+ *        to the callback funtion whenever the function is called.
+ * NOTES:
+ *    The CMMF library will use the same DER-encoding scheme as the CRMF
+ *    library.  In other words, when reading CRMF comments that pertain to
+ *    encoding, those comments apply to the CMMF libray as well.
+ *    The callback function will be called multiple times, each time supplying
+ *    the next chunk of DER-encoded bytes.  The user must concatenate the
+ *    output of each successive call to the callback in order to get the
+ *    entire DER-encoded CMMFCertRepContent structure.
+ *
+ * RETURN:
+ *    SECSuccess if encoding the CMMFKeyRecRepContent was successful.  Any
+ *    other return value indicates an error while decoding the structure.
+ */
+extern SECStatus
+CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
+                            CRMFEncoderOutputCallback inCallback,
+                            void *inArg);
+
+/*
+ * FUNCTION: CMMF_EncodePOPODecKeyChallContent
+ * INPUTS:
+ *    inDecKeyChall
+ *        The CMMFDecKeyChallContent to operate on.
+ *    inCallback
+ *        A callback function that the ASN1 encoder will call whenever it
+ *        wants to write out DER-encoded bytes.  Look at the defintion of
+ *        CRMFEncoderOutputCallback in crmft.h for a description of the
+ *        parameters to the function.
+ *    inArg
+ *        An opaque pointer to a user-supplied argument that will be passed
+ *        to the callback function whenever the function is called.
+ * NOTES:
+ *    The CMMF library will use the same DER-encoding scheme as the CRMF
+ *    library.  In other words, when reading CRMF comments that pertain to
+ *    encoding, those comments apply to the CMMF libray as well.
+ *    The callback function will be called multiple times, each time supplying
+ *    the next chunk of DER-encoded bytes.  The user must concatenate the
+ *    output of each successive call to the callback in order to get the
+ *    entire DER-encoded CMMFCertRepContent structure.
+ *    The DER will be an encoding of the type POPODecKeyChallContents, which
+ *    is just a sequence of challenges.
+ *
+ * RETURN:
+ *    SECSuccess if encoding was successful.  Any other return value indicates
+ *    an error in trying to encode the Challenges.
+ */
+extern SECStatus
+CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
+                                  CRMFEncoderOutputCallback inCallback,
+                                  void *inArg);
+
+/*
+ * FUNCTION: CMMF_EncodePOPODecKeyRespContent
+ * INPUTS:
+ *    inDecodedRand
+ *        An array of integers to encode as the responses to
+ *        CMMFPOPODecKeyChallContent.  The integers must be in the same order
+ *        as the challenges extracted from CMMFPOPODecKeyChallContent.
+ *    inNumRand
+ *        The number of random integers contained in the array 'inDecodedRand'
+ *    inCallback
+ *        A callback function that the ASN1 encoder will call whenever it
+ *        wants to write out DER-encoded bytes.  Look at the defintion of
+ *        CRMFEncoderOutputCallback in crmft.h for a description of the
+ *        parameters to the function.
+ *    inArg
+ *        An opaque pointer to a user-supplied argument that will be passed
+ *        to the callback funtion whenever the function is called.
+ * NOTES:
+ *    The CMMF library will use the same DER-encoding scheme as the CRMF
+ *    library.  In other words, when reading CRMF comments that pertain to
+ *    encoding, those comments apply to the CMMF libray as well.
+ *    The callback function will be called multiple times, each time supplying
+ *    the next chunk of DER-encoded bytes.  The user must concatenate the
+ *    output of each successive call to the callback in order to get the
+ *    entire DER-encoded  POPODecKeyRespContent.
+ *
+ * RETURN:
+ *    SECSuccess if encoding was successful.  Any other return value indicates
+ *    an error in trying to encode the Challenges.
+ */
+extern SECStatus
+CMMF_EncodePOPODecKeyRespContent(long *inDecodedRand,
+                                 int inNumRand,
+                                 CRMFEncoderOutputCallback inCallback,
+                                 void *inArg);
+
+/***************  Accessor function  ***********************************/
+
+/*
+ * FUNCTION: CMMF_CertRepContentGetCAPubs
+ * INPUTS:
+ *    inCertRepContent
+ *        The CMMFCertRepContent to extract the caPubs from.
+ * NOTES:
+ *    This function will return a copy of the list of certificates that
+ *    make up the chain of CA's required to make the cert issued valid.
+ *    The user must call CERT_DestroyCertList on the return value when
+ *    done using the return value.
+ *
+ *    Only call this function on a CertRepContent that has been decoded.
+ *    The client must call CERT_DestroyCertList when the certificate list
+ *    is no longer needed.
+ *
+ *    The certs in the list will not be in the temporary database.  In order
+ *    to make these certificates a part of the permanent CA internal database,
+ *    the user must collect the der for all of these certs and call
+ *    CERT_ImportCAChain.  Afterwards the certs will be part of the permanent
+ *    database.
+ *
+ * RETURN:
+ *    A pointer to the CERTCertList representing the CA chain associated
+ *    with the issued cert.  A NULL return value indicates  that no CA Pubs
+ *    were available in the CMMFCertRepContent structure.
+ */
+extern CERTCertList *
+CMMF_CertRepContentGetCAPubs(CMMFCertRepContent *inCertRepContent);
+
+/*
+ * FUNCTION: CMMF_CertRepContentGetNumResponses
+ * INPUTS:
+ *    inCertRepContent
+ *        The CMMFCertRepContent to operate on.
+ * NOTES:
+ *    This function will return the number of CertResponses that are contained
+ *    by the CMMFCertRepContent passed in.
+ *
+ * RETURN:
+ *    The number of CMMFCertResponses contained in the structure passed in.
+ */
+extern int
+CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent);
+
+/*
+ * FUNCTION: CMMF_CertRepContentGetResponseAtIndex
+ * INPUTS:
+ *    inCertRepContent
+ *        The CMMFCertRepContent to operate on.
+ *    inIndex
+ *        The index of the CMMFCertResponse the user wants a copy of.
+ * NOTES:
+ *    This function creates a copy of the CMMFCertResponse at the index
+ *    corresponding to the parameter 'inIndex'.  Indexing is done like a
+ *    traditional C array, ie the valid indexes are (0...numResponses-1).
+ *    The user must call CMMF_DestroyCertResponse after the return value is
+ *    no longer needed.
+ *
+ * RETURN:
+ *    A pointer to the CMMFCertResponse at the index corresponding to
+ *    'inIndex'.  A return value of NULL indicates an error in copying
+ *    the CMMFCertResponse.
+ */
+extern CMMFCertResponse *
+CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent,
+                                      int inIndex);
+
+/*
+ * FUNCTION: CMMF_CertResponseGetCertReqId
+ * INPUTS:
+ *    inCertResp
+ *        The CMMFCertResponse to operate on.
+ * NOTES:
+ *    This function returns the CertResponse.certReqId from the
+ *    CMMFCertResponse structure passed in.  If the return value is -1, that
+ *    means there is no associated certificate request with the CertResponse.
+ * RETURN:
+ *    A long representing the id of the certificate request this
+ *    CMMFCertResponse corresponds to.  A return value of -1 indicates an
+ *    error in extracting the value of the integer.
+ */
+extern long CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp);
+
+/*
+ * FUNCTION: CMMF_CertResponseGetPKIStatusInfoStatus
+ * INPUTS:
+ *    inCertResp
+ *        The CMMFCertResponse to operate on.
+ * NOTES:
+ *    This function returns the CertResponse.status.status field of the
+ *    CMMFCertResponse structure.
+ *
+ * RETURN:
+ *    The enumerated value corresponding to the PKIStatus defined in the CMMF
+ *    draft.  See the CMMF draft for the definition of PKIStatus.  See crmft.h
+ *    for the definition of CMMFPKIStatus.
+ */
+extern CMMFPKIStatus
+CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp);
+
+/*
+ * FUNCTION: CMMF_CertResponseGetCertificate
+ * INPUTS:
+ *    inCertResp
+ *        The Certificate Response to operate on.
+ *    inCertdb
+ *        This is the certificate database where the function will place the
+ *        newly issued certificate.
+ * NOTES:
+ *    This function retrieves the CertResponse.certifiedKeyPair.certificate
+ *    from the CMMFCertResponse.  The user will get a copy of that certificate
+ *    so  the user must call CERT_DestroyCertificate when the return value is
+ *    no longer needed.  The certificate returned will be in the temporary
+ *    certificate database.
+ *
+ * RETURN:
+ *    A pointer to a copy of the certificate contained within the
+ *    CMMFCertResponse.  A return value of NULL indicates an error while trying
+ *    to make a copy of the certificate.
+ */
+extern CERTCertificate *
+CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
+                                CERTCertDBHandle *inCertdb);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentGetPKIStatusInfoStatus
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent structure to operate on.
+ * NOTES:
+ *    This function retrieves the KeyRecRepContent.status.status field of
+ *    the CMMFKeyRecRepContent structure.
+ * RETURN:
+ *    The CMMFPKIStatus corresponding to the value held in the
+ *    CMMFKeyRecRepContent structure.
+ */
+extern CMMFPKIStatus
+CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentGetNewSignCert
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to operate on.
+ * NOTES:
+ *    This function retrieves the KeyRecRepContent.newSignCert field of the
+ *    CMMFKeyRecRepContent structure.  The user must call
+ *    CERT_DestroyCertificate when the return value is no longer needed. The
+ *    returned certificate will be in the temporary database.  The user
+ *    must then place the certificate permanently in whatever token the
+ *    user determines is the proper destination.  A return value of NULL
+ *    indicates the newSigCert field was not present.
+ */
+extern CERTCertificate *
+CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentGetCACerts
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to operate on.
+ * NOTES:
+ *    This function returns a CERTCertList which contains all of the
+ *    certficates that are in the sequence KeyRecRepContent.caCerts
+ *    User must call CERT_DestroyCertList when the return value is no longer
+ *    needed.  All of these certificates will be placed in the tempoaray
+ *    database.
+ *
+ * RETURN:
+ *    A pointer to the list of caCerts contained in the CMMFKeyRecRepContent
+ *    structure.  A return value of NULL indicates the library was not able to
+ *    make a copy of the certifcates.  This may be because there are no caCerts
+ *    included in the CMMFKeyRecRepContent strucure or an internal error.  Call
+ *    CMMF_KeyRecRepContentHasCACerts to find out if there are any caCerts
+ *    included in 'inKeyRecRep'.
+ */
+extern CERTCertList *
+CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentGetNumKeyPairs
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to operate on.
+ * RETURN:
+ *    This function returns the number of CMMFCertifiedKeyPair structures that
+ *    that are stored in the KeyRecRepContent structure.
+ */
+extern int
+CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentGetCertKeyAtIndex
+ * INPUTS:
+ *    inKeyRecRepContent
+ *        The CMMFKeyRecRepContent to operate on.
+ *    inIndex
+ *        The index of the desired CMMFCertifiedKeyPair
+ * NOTES:
+ *    This function retrieves the CMMFCertifiedKeyPair structure at the index
+ *    'inIndex'.  Valid indexes are 0...(numKeyPairs-1)  The user must call
+ *    CMMF_DestroyCertifiedKeyPair when the return value is no longer needed.
+ *
+ * RETURN:
+ *    A pointer to the Certified Key Pair at the desired index.  A return value
+ *    of NULL indicates an error in extracting the Certified Key Pair at the
+ *    desired index.
+ */
+extern CMMFCertifiedKeyPair *
+CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
+                                       int inIndex);
+
+/*
+ * FUNCTION: CMMF_CertifiedKeyPairGetCertificate
+ * INPUTS:
+ *    inCertKeyPair
+ *        The CMMFCertifiedKeyPair to operate on.
+ *    inCertdb
+ *        The database handle for the database you want this certificate
+ *        to wind up in.
+ * NOTES:
+ *    This function retrieves the certificate at
+ *    CertifiedKeyPair.certOrEncCert.certificate
+ *    The user must call CERT_DestroyCertificate when the return value is no
+ *    longer needed.  The user must import this certificate as a token object
+ *    onto PKCS#11 slot in order to make it a permanent object.  The returned
+ *    certificate will be in the temporary database.
+ *
+ * RETURN:
+ *    A pointer to the certificate contained within the certified key pair.
+ *    A return value of NULL indicates an error in creating the copy of the
+ *    certificate.
+ */
+extern CERTCertificate *
+CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
+                                    CERTCertDBHandle *inCertdb);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
+ * INPUTS:
+ *    inKeyChallCont
+ *        The CMMFPOPODecKeyChallContent to operate on.
+ * RETURN:
+ *    This function returns the number of CMMFChallenges are contained in
+ *    the CMMFPOPODecKeyChallContent structure.
+ */
+extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyChallContentGetPublicValue
+ * ---------------------------------------------------
+ * INPUTS:
+ *    inKeyChallCont
+ *        The CMMFPOPODecKeyChallContent to operate on.
+ *    inIndex
+ *        The index of the Challenge within inKeyChallCont to operate on.
+ *        Indexes start from 0, ie the Nth Challenge corresponds to index
+ *        N-1.
+ * NOTES:
+ * This function retrieves the public value stored away in the Challenge at
+ * index inIndex of inKeyChallCont.
+ * RETURN:
+ * A pointer to a SECItem containing the public value.  User must call
+ * SECITEM_FreeItem on the return value when the value is no longer necessary.
+ * A return value of NULL indicates an error while retrieving the public value.
+ */
+extern SECItem *CMMF_POPODecKeyChallContentGetPublicValue(CMMFPOPODecKeyChallContent *inKeyChallCont,
+                                                          int inIndex);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyChallContentGetRandomNumber
+ * INPUTS:
+ *    inChallContent
+ *        The CMMFPOPODecKeyChallContent to operate on.
+ *    inIndex
+ *        The index of the challenge to look at.  Valid indexes are 0 through
+ *        (CMMF_POPODecKeyChallContentGetNumChallenges(inChallContent) - 1).
+ *    inDest
+ *        A pointer to a user supplied buffer where the library
+ *        can place a copy of the random integer contatained in the
+ *        challenge.
+ * NOTES:
+ *    This function returns the value held in the decrypted Rand structure
+ *    corresponding to the random integer.  The user must call
+ *    CMMF_POPODecKeyChallContentDecryptChallenge before calling this function.  Call
+ *    CMMF_ChallengeIsDecrypted to find out if the challenge has been
+ *    decrypted.
+ *
+ * RETURN:
+ *    SECSuccess indicates the witness field has been previously decrypted
+ *    and the value for the random integer was successfully placed at *inDest.
+ *    Any other return value indicates an error and that the value at *inDest
+ *    is not a valid value.
+ */
+extern SECStatus CMMF_POPODecKeyChallContentGetRandomNumber(CMMFPOPODecKeyChallContent *inKeyChallCont,
+                                                            int inIndex,
+                                                            long *inDest);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyRespContentGetNumResponses
+ * INPUTS:
+ *    inRespCont
+ *        The POPODecKeyRespContent to operate on.
+ * RETURN:
+ * This function returns the number of responses contained in inRespContent.
+ */
+extern int
+CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyRespContentGetResponse
+ * INPUTS:
+ *    inRespCont
+ *        The POPODecKeyRespContent to operate on.
+ *    inIndex
+ *        The index of the response to retrieve.
+ *        The Nth response is at index N-1, ie the 1st response is at index 0,
+ *        the 2nd response is at index 1, and so on.
+ *    inDest
+ *        A pointer to a pre-allocated buffer where the library can put the
+ *        value of the response located at inIndex.
+ * NOTES:
+ * The function returns the response contained at index inIndex.
+ * CMMFPOPODecKeyRespContent is a structure that the server will generally
+ * get in response to a CMMFPOPODecKeyChallContent.  The server will expect
+ * to see the responses in the same order as it constructed them in
+ * the CMMFPOPODecKeyChallContent structure.
+ * RETURN:
+ * SECSuccess if getting the response at the desired index was successful.  Any
+ * other return value indicates an errror.
+ */
+extern SECStatus
+CMMF_POPODecKeyRespContentGetResponse(CMMFPOPODecKeyRespContent *inRespCont,
+                                      int inIndex,
+                                      long *inDest);
+
+/************************* Destructor Functions ******************************/
+
+/*
+ * FUNCTION: CMMF_DestroyCertResponse
+ * INPUTS:
+ *    inCertResp
+ *        The CMMFCertResponse to destroy.
+ * NOTES:
+ *    This function frees all the memory associated with the CMMFCertResponse
+ *    passed in.
+ * RETURN:
+ *    SECSuccess if freeing the memory was successful.  Any other return value
+ *    indicates an error while freeing the memory.
+ */
+extern SECStatus CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp);
+
+/*
+ * FUNCTION: CMMF_DestroyCertRepContent
+ * INPUTS:
+ *    inCertRepContent
+ *        The CMMFCertRepContent to destroy
+ * NOTES:
+ *    This function frees the memory associated with the CMMFCertRepContent
+ *    passed in.
+ * RETURN:
+ *    SECSuccess if freeing all the memory associated with the
+ *    CMMFCertRepContent passed in is successful.  Any other return value
+ *    indicates an error while freeing the memory.
+ */
+extern SECStatus
+CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent);
+
+/*
+ * FUNCTION: CMMF_DestroyKeyRecRepContent
+ * INPUTS:
+ *    inKeyRecRep
+ *        The CMMFKeyRecRepContent to destroy.
+ * NOTES:
+ *    This function destroys all the memory associated with the
+ *    CMMFKeyRecRepContent passed in.
+ *
+ * RETURN:
+ *    SECSuccess if freeing all the memory is successful.  Any other return
+ *    value indicates an error in freeing the memory.
+ */
+extern SECStatus
+CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep);
+
+/*
+ * FUNCTION: CMMF_DestroyCertifiedKeyPair
+ * INPUTS:
+ *    inCertKeyPair
+ *        The CMMFCertifiedKeyPair to operate on.
+ * NOTES:
+ *    This function frees up all the memory associated with 'inCertKeyPair'
+ *
+ * RETURN:
+ *    SECSuccess if freeing all the memory associated with 'inCertKeyPair'
+ *    is successful.  Any other return value indicates an error while trying
+ *    to free the memory.
+ */
+extern SECStatus
+CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair);
+
+/*
+ * FUNCTION: CMMF_DestroyPOPODecKeyRespContent
+ * INPUTS:
+ *    inDecKeyResp
+ *        The CMMFPOPODecKeyRespContent structure to free.
+ * NOTES:
+ *    This function frees up all the memory associate with the
+ *    CMMFPOPODecKeyRespContent.
+ *
+ * RETURN:
+ *    SECSuccess if freeing up all the memory associated with the
+ *    CMMFPOPODecKeyRespContent structure is successful.  Any other
+ *    return value indicates an error while freeing the memory.
+ */
+extern SECStatus
+CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
+
+/************************** Miscellaneous Functions *************************/
+
+/*
+ * FUNCTION: CMMF_CertifiedKeyPairUnwrapPrivKey
+ * INPUTS:
+ *    inCertKeyPair
+ *        The CMMFCertifiedKeyPair to operate on.
+ *    inPrivKey
+ *        The private key to use to un-wrap the private key
+ *    inNickName
+ *        This is the nickname that will be associated with the private key
+ *        to be unwrapped.
+ *    inSlot
+ *        The PKCS11 slot where the unwrapped private key should end up.
+ *    inCertdb
+ *        The Certificate database with which the new key will be associated.
+ *    destPrivKey
+ *        A pointer to memory where the library can place a pointer to the
+ *        private key after importing the key onto the specified slot.
+ *    wincx
+ *        An opaque pointer that the library will use in a callback function
+ *        to get the password if necessary.
+ *
+ * NOTES:
+ *    This function uses the private key passed in to unwrap the private key
+ *    contained within the CMMFCertifiedKeyPair structure. After this
+ *    function successfully returns, the private key has been unwrapped and
+ *    placed in the specified slot.
+ *
+ * RETURN:
+ *    SECSuccess if unwrapping the private key was successful.  Any other
+ *    return value indicates an error while trying to un-wrap the private key.
+ */
+extern SECStatus
+CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
+                                   SECKEYPrivateKey *inPrivKey,
+                                   SECItem *inNickName,
+                                   PK11SlotInfo *inSlot,
+                                   CERTCertDBHandle *inCertdb,
+                                   SECKEYPrivateKey **destPrivKey,
+                                   void *wincx);
+
+/*
+ * FUNCTION: CMMF_KeyRecRepContentHasCACerts
+ * INPUTS:
+ *    inKeyRecRecp
+ *        The CMMFKeyRecRepContent to operate on.
+ * RETURN:
+ *    This function returns PR_TRUE if there are one or more certificates in
+ *    the sequence KeyRecRepContent.caCerts within the CMMFKeyRecRepContent
+ *    structure.  The function will return PR_FALSE if there are 0 certificate
+ *    in the above mentioned sequence.
+ */
+extern PRBool
+CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyChallContDecryptChallenge
+ * INPUTS:
+ *    inChalCont
+ *        The CMMFPOPODecKeyChallContent to operate on.
+ *    inIndex
+ *        The index of the Challenge to operate on.  The 1st Challenge is
+ *        at index 0, the second at index 1 and so forth.
+ *    inPrivKey
+ *        The private key to use to decrypt the witness field.
+ * NOTES:
+ *    This function uses the private key to decrypt the challenge field
+ *    contained in the appropriate challenge.  Make sure the private key matches
+ *    the public key that was used to encrypt the witness.  Use
+ *    CMMF_POPODecKeyChallContentGetPublicValue to get the public value of
+ *    the key used to encrypt the witness and then use that to determine the
+ *    appropriate private key.  This can be done by calling PK11_MakeIDFromPubKey
+ *    and then passing that return value to PK11_FindKeyByKeyID.  The creator of
+ *    the challenge will most likely be an RA that has the public key
+ *    from a Cert request.  So the private key should be the private key
+ *    associated with public key in that request.  This function will also
+ *    verify the witness field of the challenge.  This function also verifies
+ *    that the sender and witness hashes match within the challenge.
+ *
+ * RETURN:
+ *    SECSuccess if decrypting the witness field was successful.  This does
+ *    not indicate that the decrypted data is valid, since the private key
+ *    passed in may not be the actual key needed to properly decrypt the
+ *    witness field.  Meaning that there is a decrypted structure now, but
+ *    may be garbage because the private key was incorrect.
+ *    Any other return value indicates the function could not complete the
+ *    decryption process.
+ */
+extern SECStatus
+CMMF_POPODecKeyChallContDecryptChallenge(CMMFPOPODecKeyChallContent *inChalCont,
+                                         int inIndex,
+                                         SECKEYPrivateKey *inPrivKey);
+
+/*
+ * FUNCTION: CMMF_DestroyPOPODecKeyChallContent
+ * INPUTS:
+ *    inDecKeyCont
+ *        The CMMFPOPODecKeyChallContent to free
+ * NOTES:
+ *    This function frees up all the memory associated with the
+ *    CMMFPOPODecKeyChallContent
+ * RETURN:
+ *    SECSuccess if freeing up all the memory associatd with the
+ *    CMMFPOPODecKeyChallContent is successful.  Any other return value
+ *    indicates an error while freeing the memory.
+ *
+ */
+extern SECStatus
+CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont);
+
+SEC_END_PROTOS
+#endif /* _CMMF_H_ */
diff --git a/nss/lib/crmf/cmmfasn1.c b/nss/lib/crmf/cmmfasn1.c
new file mode 100644
index 0000000..64915b3
--- /dev/null
+++ b/nss/lib/crmf/cmmfasn1.c
@@ -0,0 +1,131 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "secasn1.h"
+#include "secitem.h"
+
+SEC_ASN1_MKSUB(SEC_SignedCertificateTemplate)
+
+static const SEC_ASN1Template CMMFSequenceOfCertifiedKeyPairsTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, CMMFCertifiedKeyPairTemplate }
+};
+
+static const SEC_ASN1Template CMMFKeyRecRepContentTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CMMFKeyRecRepContent) },
+    { SEC_ASN1_INLINE, offsetof(CMMFKeyRecRepContent, status),
+      CMMFPKIStatusInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+          SEC_ASN1_XTRN | 0,
+      offsetof(CMMFKeyRecRepContent, newSigCert),
+      SEC_ASN1_SUB(SEC_SignedCertificateTemplate) },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(CMMFKeyRecRepContent, caCerts),
+      CMMFSequenceOfCertsTemplate },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+      offsetof(CMMFKeyRecRepContent, keyPairHist),
+      CMMFSequenceOfCertifiedKeyPairsTemplate },
+    { 0 }
+};
+
+SECStatus
+CMMF_EncodeCertRepContent(CMMFCertRepContent *inCertRepContent,
+                          CRMFEncoderOutputCallback inCallback,
+                          void *inArg)
+{
+    return cmmf_user_encode(inCertRepContent, inCallback, inArg,
+                            CMMFCertRepContentTemplate);
+}
+
+SECStatus
+CMMF_EncodePOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyChall,
+                                  CRMFEncoderOutputCallback inCallback,
+                                  void *inArg)
+{
+    return cmmf_user_encode(inDecKeyChall, inCallback, inArg,
+                            CMMFPOPODecKeyChallContentTemplate);
+}
+
+CMMFPOPODecKeyRespContent *
+CMMF_CreatePOPODecKeyRespContentFromDER(const char *buf, long len)
+{
+    PLArenaPool *poolp;
+    CMMFPOPODecKeyRespContent *decKeyResp;
+    SECStatus rv;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    decKeyResp = PORT_ArenaZNew(poolp, CMMFPOPODecKeyRespContent);
+    if (decKeyResp == NULL) {
+        goto loser;
+    }
+    decKeyResp->poolp = poolp;
+    rv = SEC_ASN1Decode(poolp, decKeyResp, CMMFPOPODecKeyRespContentTemplate,
+                        buf, len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return decKeyResp;
+
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
+
+SECStatus
+CMMF_EncodeKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep,
+                            CRMFEncoderOutputCallback inCallback,
+                            void *inArg)
+{
+    return cmmf_user_encode(inKeyRecRep, inCallback, inArg,
+                            CMMFKeyRecRepContentTemplate);
+}
+
+CMMFKeyRecRepContent *
+CMMF_CreateKeyRecRepContentFromDER(CERTCertDBHandle *db, const char *buf,
+                                   long len)
+{
+    PLArenaPool *poolp;
+    CMMFKeyRecRepContent *keyRecContent;
+    SECStatus rv;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
+    if (keyRecContent == NULL) {
+        goto loser;
+    }
+    keyRecContent->poolp = poolp;
+    rv = SEC_ASN1Decode(poolp, keyRecContent, CMMFKeyRecRepContentTemplate,
+                        buf, len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (keyRecContent->keyPairHist != NULL) {
+        while (keyRecContent->keyPairHist[keyRecContent->numKeyPairs] != NULL) {
+            rv = cmmf_decode_process_certified_key_pair(poolp, db,
+                                                        keyRecContent->keyPairHist[keyRecContent->numKeyPairs]);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            keyRecContent->numKeyPairs++;
+        }
+        keyRecContent->allocKeyPairs = keyRecContent->numKeyPairs;
+    }
+    keyRecContent->isDecoded = PR_TRUE;
+    return keyRecContent;
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
diff --git a/nss/lib/crmf/cmmfchal.c b/nss/lib/crmf/cmmfchal.c
new file mode 100644
index 0000000..2fee983
--- /dev/null
+++ b/nss/lib/crmf/cmmfchal.c
@@ -0,0 +1,289 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "sechash.h"
+#include "genname.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "secitem.h"
+#include "secmod.h"
+#include "keyhi.h"
+
+static int
+cmmf_create_witness_and_challenge(PLArenaPool *poolp,
+                                  CMMFChallenge *challenge,
+                                  long inRandom,
+                                  SECItem *senderDER,
+                                  SECKEYPublicKey *inPubKey,
+                                  void *passwdArg)
+{
+    SECItem *encodedRandNum;
+    SECItem encodedRandStr = { siBuffer, NULL, 0 };
+    SECItem *dummy;
+    unsigned char *randHash, *senderHash, *encChal = NULL;
+    unsigned modulusLen = 0;
+    SECStatus rv = SECFailure;
+    CMMFRand randStr = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } };
+    PK11SlotInfo *slot;
+    PK11SymKey *symKey = NULL;
+    CERTSubjectPublicKeyInfo *spki = NULL;
+
+    encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber,
+                                           inRandom);
+    if (!encodedRandNum) {
+        goto loser;
+    }
+    randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
+    senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
+    if (randHash == NULL) {
+        goto loser;
+    }
+    rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data,
+                      (PRUint32)encodedRandNum->len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = PK11_HashBuf(SEC_OID_SHA1, senderHash, senderDER->data,
+                      (PRUint32)senderDER->len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    challenge->witness.data = randHash;
+    challenge->witness.len = SHA1_LENGTH;
+
+    randStr.integer = *encodedRandNum;
+    randStr.senderHash.data = senderHash;
+    randStr.senderHash.len = SHA1_LENGTH;
+    dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr,
+                               CMMFRandTemplate);
+    if (dummy != &encodedRandStr) {
+        rv = SECFailure;
+        goto loser;
+    }
+    /* XXXX Now I have to encrypt encodedRandStr and stash it away. */
+    modulusLen = SECKEY_PublicKeyStrength(inPubKey);
+    encChal = PORT_ArenaNewArray(poolp, unsigned char, modulusLen);
+    if (encChal == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    slot = PK11_GetBestSlotWithAttributes(CKM_RSA_PKCS, CKF_WRAP, 0, passwdArg);
+    if (slot == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE);
+    /* In order to properly encrypt the data, we import as a symmetric
+     * key, and then wrap that key.  That in essence encrypts the data.
+     * This is the method recommended in the PK11 world in order
+     * to prevent threading issues as well as breaking any other semantics
+     * the PK11 libraries depend on.
+     */
+    symKey = PK11_ImportSymKey(slot, CKM_RSA_PKCS, PK11_OriginGenerated,
+                               CKA_VALUE, &encodedRandStr, passwdArg);
+    if (symKey == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    challenge->challenge.data = encChal;
+    challenge->challenge.len = modulusLen;
+    rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey,
+                            &challenge->challenge);
+    PK11_FreeSlot(slot);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(poolp, &challenge->senderDER, senderDER);
+    crmf_get_public_value(inPubKey, &challenge->key);
+/* Fall through */
+loser:
+    if (spki != NULL) {
+        SECKEY_DestroySubjectPublicKeyInfo(spki);
+    }
+    if (encodedRandStr.data != NULL) {
+        PORT_Free(encodedRandStr.data);
+    }
+    if (encodedRandNum != NULL) {
+        SECITEM_FreeItem(encodedRandNum, PR_TRUE);
+    }
+    if (symKey != NULL) {
+        PK11_FreeSymKey(symKey);
+    }
+    return rv;
+}
+
+static SECStatus
+cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent,
+                            long inRandom,
+                            SECItem *senderDER,
+                            SECKEYPublicKey *inPubKey,
+                            void *passwdArg)
+{
+    SECOidData *oidData;
+    CMMFChallenge *challenge;
+    SECAlgorithmID *algId;
+    PLArenaPool *poolp;
+    SECStatus rv;
+
+    oidData = SECOID_FindOIDByTag(SEC_OID_SHA1);
+    if (oidData == NULL) {
+        return SECFailure;
+    }
+    poolp = challContent->poolp;
+    challenge = PORT_ArenaZNew(poolp, CMMFChallenge);
+    if (challenge == NULL) {
+        return SECFailure;
+    }
+    algId = challenge->owf = PORT_ArenaZNew(poolp, SECAlgorithmID);
+    if (algId == NULL) {
+        return SECFailure;
+    }
+    rv = SECITEM_CopyItem(poolp, &algId->algorithm, &oidData->oid);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom,
+                                           senderDER, inPubKey, passwdArg);
+    challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL;
+    challContent->numChallenges++;
+    return rv;
+}
+
+CMMFPOPODecKeyChallContent *
+CMMF_CreatePOPODecKeyChallContent(void)
+{
+    PLArenaPool *poolp;
+    CMMFPOPODecKeyChallContent *challContent;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
+    if (challContent == NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+    challContent->poolp = poolp;
+    return challContent;
+}
+
+SECStatus
+CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall,
+                                            long inRandom,
+                                            CERTGeneralName *inSender,
+                                            SECKEYPublicKey *inPubKey,
+                                            void *passwdArg)
+{
+    CMMFChallenge *curChallenge;
+    PLArenaPool *genNamePool = NULL, *poolp;
+    SECStatus rv;
+    SECItem *genNameDER;
+    void *mark;
+
+    PORT_Assert(inDecKeyChall != NULL &&
+                inSender != NULL &&
+                inPubKey != NULL);
+
+    if (inDecKeyChall == NULL ||
+        inSender == NULL || inPubKey == NULL) {
+        return SECFailure;
+    }
+    poolp = inDecKeyChall->poolp;
+    mark = PORT_ArenaMark(poolp);
+
+    genNamePool = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    genNameDER = CERT_EncodeGeneralName(inSender, NULL, genNamePool);
+    if (genNameDER == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    if (inDecKeyChall->challenges == NULL) {
+        inDecKeyChall->challenges =
+            PORT_ArenaZNewArray(poolp, CMMFChallenge *, (CMMF_MAX_CHALLENGES + 1));
+        inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES;
+    }
+
+    if (inDecKeyChall->numChallenges >= inDecKeyChall->numAllocated) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    if (inDecKeyChall->numChallenges == 0) {
+        rv = cmmf_create_first_challenge(inDecKeyChall, inRandom,
+                                         genNameDER, inPubKey, passwdArg);
+    } else {
+        curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge);
+        if (curChallenge == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
+        rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom,
+                                               genNameDER, inPubKey,
+                                               passwdArg);
+        if (rv == SECSuccess) {
+            inDecKeyChall->challenges[inDecKeyChall->numChallenges] =
+                curChallenge;
+            inDecKeyChall->numChallenges++;
+        }
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    PORT_FreeArena(genNamePool, PR_FALSE);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    if (genNamePool != NULL) {
+        PORT_FreeArena(genNamePool, PR_FALSE);
+    }
+    PORT_Assert(rv != SECSuccess);
+    return rv;
+}
+
+SECStatus
+CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp)
+{
+    PORT_Assert(inDecKeyResp != NULL);
+    if (inDecKeyResp != NULL && inDecKeyResp->poolp != NULL) {
+        PORT_FreeArena(inDecKeyResp->poolp, PR_FALSE);
+    }
+    return SECSuccess;
+}
+
+int
+CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont)
+{
+    int numResponses = 0;
+
+    PORT_Assert(inRespCont != NULL);
+    if (inRespCont == NULL) {
+        return 0;
+    }
+
+    while (inRespCont->responses[numResponses] != NULL) {
+        numResponses++;
+    }
+    return numResponses;
+}
+
+SECStatus
+CMMF_POPODecKeyRespContentGetResponse(CMMFPOPODecKeyRespContent *inRespCont,
+                                      int inIndex,
+                                      long *inDest)
+{
+    PORT_Assert(inRespCont != NULL);
+
+    if (inRespCont == NULL || inIndex < 0 ||
+        inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) {
+        return SECFailure;
+    }
+    *inDest = DER_GetInteger(inRespCont->responses[inIndex]);
+    return (*inDest == -1) ? SECFailure : SECSuccess;
+}
diff --git a/nss/lib/crmf/cmmfi.h b/nss/lib/crmf/cmmfi.h
new file mode 100644
index 0000000..9336ccf
--- /dev/null
+++ b/nss/lib/crmf/cmmfi.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * These are the definitions needed by the library internally to implement
+ * CMMF.  Most of these will be helper utilities for manipulating internal
+ * data strucures.
+ */
+#ifndef _CMMFI_H_
+#define _CMMFI_H_
+#include "cmmfit.h"
+#include "crmfi.h"
+
+#define CMMF_MAX_CHALLENGES 10
+#define CMMF_MAX_KEY_PAIRS 50
+
+/*
+ * Some templates that the code will need to implement CMMF.
+ */
+extern const SEC_ASN1Template CMMFCertOrEncCertCertificateTemplate[];
+extern const SEC_ASN1Template CMMFCertOrEncCertEncryptedCertTemplate[];
+extern const SEC_ASN1Template CMMFPOPODecKeyRespContentTemplate[];
+extern const SEC_ASN1Template CMMFRandTemplate[];
+extern const SEC_ASN1Template CMMFSequenceOfCertsTemplate[];
+extern const SEC_ASN1Template CMMFPKIStatusInfoTemplate[];
+extern const SEC_ASN1Template CMMFCertifiedKeyPairTemplate[];
+
+/*
+ * Some utility functions that are shared by multiple files in this
+ * implementation.
+ */
+
+extern SECStatus cmmf_CopyCertResponse(PLArenaPool *poolp,
+                                       CMMFCertResponse *dest,
+                                       CMMFCertResponse *src);
+
+extern SECStatus cmmf_CopyPKIStatusInfo(PLArenaPool *poolp,
+                                        CMMFPKIStatusInfo *dest,
+                                        CMMFPKIStatusInfo *src);
+
+extern SECStatus cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp,
+                                           CMMFCertifiedKeyPair *dest,
+                                           CMMFCertifiedKeyPair *src);
+
+extern SECStatus cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info,
+                                           PRBool freeit);
+
+extern SECStatus cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert,
+                                           PRBool freeit);
+
+extern SECStatus cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
+                                             PLArenaPool *poolp,
+                                             CMMFPKIStatus inStatus);
+
+extern SECStatus cmmf_ExtractCertsFromList(CERTCertList *inCertList,
+                                           PLArenaPool *poolp,
+                                           CERTCertificate ***certArray);
+
+extern SECStatus
+cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
+                                 PLArenaPool *poolp,
+                                 CERTCertificate *inCert);
+
+extern CMMFPKIStatus
+cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus);
+
+extern CERTCertList *
+cmmf_MakeCertList(CERTCertificate **inCerts);
+
+extern CERTCertificate *
+cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
+                                 CERTCertDBHandle *certdb);
+
+extern SECStatus
+cmmf_decode_process_cert_response(PLArenaPool *poolp,
+                                  CERTCertDBHandle *db,
+                                  CMMFCertResponse *inCertResp);
+
+extern SECStatus
+cmmf_decode_process_certified_key_pair(PLArenaPool *poolp,
+                                       CERTCertDBHandle *db,
+                                       CMMFCertifiedKeyPair *inCertKeyPair);
+
+extern SECStatus
+cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
+                 const SEC_ASN1Template *inTemplate);
+
+extern SECStatus
+cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src);
+#endif /*_CMMFI_H_*/
diff --git a/nss/lib/crmf/cmmfit.h b/nss/lib/crmf/cmmfit.h
new file mode 100644
index 0000000..014413f
--- /dev/null
+++ b/nss/lib/crmf/cmmfit.h
@@ -0,0 +1,115 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CMMFIT_H_
+#define _CMMFIT_H_
+
+/*
+ * All fields marked by a PKIStausInfo in comments is an integer
+ * with the following possible values.
+ *
+ *  Integer Value          Meaning
+ *  -------------          -------
+ *         0               granted- got exactly what you asked for.
+ *
+ *         1               grantedWithMods-got something like what you asked
+ *                          for;requester is responsible for ascertainging the
+ *                          differences.
+ *
+ *         2               rejection-you don't get what you asked for; more
+ *                          information elsewhere in the message
+ *
+ *         3               waiting-the request body part has not yet been
+ *                          processed, expect to hear more later.
+ *
+ *         4               revocationWarning-this message contains a warning
+ *                          that a revocation is imminent.
+ *
+ *         5               revocationNotification-notification that a
+ *                          revocation has occurred.
+ *
+ *         6               keyUpdateWarning-update already done for the
+ *                          oldCertId specified in FullCertTemplate.
+ */
+
+struct CMMFPKIStatusInfoStr {
+    SECItem status;
+    SECItem statusString;
+    SECItem failInfo;
+};
+
+struct CMMFCertOrEncCertStr {
+    union {
+        CERTCertificate *certificate;
+        CRMFEncryptedValue *encryptedCert;
+    } cert;
+    CMMFCertOrEncCertChoice choice;
+    SECItem derValue;
+};
+
+struct CMMFCertifiedKeyPairStr {
+    CMMFCertOrEncCert certOrEncCert;
+    CRMFEncryptedValue *privateKey;
+    SECItem derPublicationInfo; /* We aren't creating
+                                 * PKIPublicationInfo's, so
+                                 * we'll store away the der
+                                 * here if we decode one that
+                                 * does have pubInfo.
+                                 */
+    SECItem unwrappedPrivKey;
+};
+
+struct CMMFCertResponseStr {
+    SECItem certReqId;
+    CMMFPKIStatusInfo status; /*PKIStatusInfo*/
+    CMMFCertifiedKeyPair *certifiedKeyPair;
+};
+
+struct CMMFCertRepContentStr {
+    CERTCertificate **caPubs;
+    CMMFCertResponse **response;
+    PLArenaPool *poolp;
+    PRBool isDecoded;
+};
+
+struct CMMFChallengeStr {
+    SECAlgorithmID *owf;
+    SECItem witness;
+    SECItem senderDER;
+    SECItem key;
+    SECItem challenge;
+    SECItem randomNumber;
+};
+
+struct CMMFRandStr {
+    SECItem integer;
+    SECItem senderHash;
+    CERTGeneralName *sender;
+};
+
+struct CMMFPOPODecKeyChallContentStr {
+    CMMFChallenge **challenges;
+    PLArenaPool *poolp;
+    int numChallenges;
+    int numAllocated;
+};
+
+struct CMMFPOPODecKeyRespContentStr {
+    SECItem **responses;
+    PLArenaPool *poolp;
+};
+
+struct CMMFKeyRecRepContentStr {
+    CMMFPKIStatusInfo status; /* PKIStatusInfo */
+    CERTCertificate *newSigCert;
+    CERTCertificate **caCerts;
+    CMMFCertifiedKeyPair **keyPairHist;
+    PLArenaPool *poolp;
+    int numKeyPairs;
+    int allocKeyPairs;
+    PRBool isDecoded;
+};
+
+#endif /* _CMMFIT_H_ */
diff --git a/nss/lib/crmf/cmmfrec.c b/nss/lib/crmf/cmmfrec.c
new file mode 100644
index 0000000..5dfe1fc
--- /dev/null
+++ b/nss/lib/crmf/cmmfrec.c
@@ -0,0 +1,316 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This file will implement the functions related to key recovery in
+ * CMMF
+ */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "secitem.h"
+#include "keyhi.h"
+
+CMMFKeyRecRepContent *
+CMMF_CreateKeyRecRepContent(void)
+{
+    PLArenaPool *poolp;
+    CMMFKeyRecRepContent *keyRecContent;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
+    if (keyRecContent == NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+    keyRecContent->poolp = poolp;
+    return keyRecContent;
+}
+
+SECStatus
+CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep)
+{
+    PORT_Assert(inKeyRecRep != NULL);
+    if (inKeyRecRep != NULL && inKeyRecRep->poolp != NULL) {
+        int i;
+
+        if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert != NULL) {
+            CERT_DestroyCertificate(inKeyRecRep->newSigCert);
+        }
+        if (inKeyRecRep->caCerts != NULL) {
+            for (i = 0; inKeyRecRep->caCerts[i] != NULL; i++) {
+                CERT_DestroyCertificate(inKeyRecRep->caCerts[i]);
+            }
+        }
+        if (inKeyRecRep->keyPairHist != NULL) {
+            for (i = 0; inKeyRecRep->keyPairHist[i] != NULL; i++) {
+                if (inKeyRecRep->keyPairHist[i]->certOrEncCert.choice ==
+                    cmmfCertificate) {
+                    CERT_DestroyCertificate(inKeyRecRep->keyPairHist[i]->certOrEncCert.cert.certificate);
+                }
+            }
+        }
+        PORT_FreeArena(inKeyRecRep->poolp, PR_TRUE);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
+                                            CMMFPKIStatus inPKIStatus)
+{
+    PORT_Assert(inKeyRecRep != NULL && inPKIStatus >= cmmfGranted &&
+                inPKIStatus < cmmfNumPKIStatus);
+    if (inKeyRecRep == NULL) {
+        return SECFailure;
+    }
+
+    return cmmf_PKIStatusInfoSetStatus(&inKeyRecRep->status,
+                                       inKeyRecRep->poolp,
+                                       inPKIStatus);
+}
+
+SECStatus
+CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
+                                    CERTCertificate *inNewSignCert)
+{
+    PORT_Assert(inKeyRecRep != NULL && inNewSignCert != NULL);
+    if (inKeyRecRep == NULL || inNewSignCert == NULL) {
+        return SECFailure;
+    }
+    if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert) {
+        CERT_DestroyCertificate(inKeyRecRep->newSigCert);
+    }
+    inKeyRecRep->isDecoded = PR_FALSE;
+    inKeyRecRep->newSigCert = CERT_DupCertificate(inNewSignCert);
+    return (inKeyRecRep->newSigCert == NULL) ? SECFailure : SECSuccess;
+}
+
+SECStatus
+CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
+                                CERTCertList *inCACerts)
+{
+    SECStatus rv;
+    void *mark;
+
+    PORT_Assert(inKeyRecRep != NULL && inCACerts != NULL);
+    if (inKeyRecRep == NULL || inCACerts == NULL) {
+        return SECFailure;
+    }
+    mark = PORT_ArenaMark(inKeyRecRep->poolp);
+    rv = cmmf_ExtractCertsFromList(inCACerts, inKeyRecRep->poolp,
+                                   &inKeyRecRep->caCerts);
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(inKeyRecRep->poolp, mark);
+    } else {
+        PORT_ArenaUnmark(inKeyRecRep->poolp, mark);
+    }
+    return rv;
+}
+
+SECStatus
+CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
+                                         CERTCertificate *inCert,
+                                         SECKEYPrivateKey *inPrivKey,
+                                         SECKEYPublicKey *inPubKey)
+{
+    CMMFCertifiedKeyPair *keyPair;
+    CRMFEncryptedValue *dummy;
+    PLArenaPool *poolp;
+    void *mark;
+    SECStatus rv;
+
+    PORT_Assert(inKeyRecRep != NULL &&
+                inCert != NULL &&
+                inPrivKey != NULL &&
+                inPubKey != NULL);
+    if (inKeyRecRep == NULL ||
+        inCert == NULL ||
+        inPrivKey == NULL ||
+        inPubKey == NULL) {
+        return SECFailure;
+    }
+    poolp = inKeyRecRep->poolp;
+    mark = PORT_ArenaMark(poolp);
+    if (inKeyRecRep->keyPairHist == NULL) {
+        inKeyRecRep->keyPairHist = PORT_ArenaNewArray(poolp,
+                                                      CMMFCertifiedKeyPair *,
+                                                      (CMMF_MAX_KEY_PAIRS + 1));
+        if (inKeyRecRep->keyPairHist == NULL) {
+            goto loser;
+        }
+        inKeyRecRep->allocKeyPairs = CMMF_MAX_KEY_PAIRS;
+        inKeyRecRep->numKeyPairs = 0;
+    }
+
+    if (inKeyRecRep->allocKeyPairs == inKeyRecRep->numKeyPairs) {
+        goto loser;
+    }
+
+    keyPair = PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
+    if (keyPair == NULL) {
+        goto loser;
+    }
+    rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert,
+                                          poolp, inCert);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    keyPair->privateKey = PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+    if (keyPair->privateKey == NULL) {
+        goto loser;
+    }
+    dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, inPubKey,
+                                                        keyPair->privateKey);
+    PORT_Assert(dummy == keyPair->privateKey);
+    if (dummy != keyPair->privateKey) {
+        crmf_destroy_encrypted_value(dummy, PR_TRUE);
+        goto loser;
+    }
+    inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = keyPair;
+    inKeyRecRep->numKeyPairs++;
+    inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = NULL;
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+CMMFPKIStatus
+CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep)
+{
+    PORT_Assert(inKeyRecRep != NULL);
+    if (inKeyRecRep == NULL) {
+        return cmmfNoPKIStatus;
+    }
+    return cmmf_PKIStatusInfoGetStatus(&inKeyRecRep->status);
+}
+
+CERTCertificate *
+CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep)
+{
+    PORT_Assert(inKeyRecRep != NULL);
+    if (inKeyRecRep == NULL ||
+        inKeyRecRep->newSigCert == NULL) {
+        return NULL;
+    }
+    /* newSigCert may not be a real certificate, it may be a hand decoded
+     * cert structure. This code makes sure we hand off a real, fully formed
+     * CERTCertificate to the caller. TODO: This should move into the decode
+     * portion so that we never wind up with a half formed CERTCertificate
+     * here. In this case the call would be to CERT_DupCertificate.
+     */
+    return CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                   &inKeyRecRep->newSigCert->signatureWrap.data,
+                                   NULL, PR_FALSE, PR_TRUE);
+}
+
+CERTCertList *
+CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep)
+{
+    PORT_Assert(inKeyRecRep != NULL);
+    if (inKeyRecRep == NULL || inKeyRecRep->caCerts == NULL) {
+        return NULL;
+    }
+    return cmmf_MakeCertList(inKeyRecRep->caCerts);
+}
+
+int
+CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep)
+{
+    PORT_Assert(inKeyRecRep != NULL);
+    return (inKeyRecRep == NULL) ? 0 : inKeyRecRep->numKeyPairs;
+}
+
+PRBool
+cmmf_KeyRecRepContentIsValidIndex(CMMFKeyRecRepContent *inKeyRecRep,
+                                  int inIndex)
+{
+    int numKeyPairs = CMMF_KeyRecRepContentGetNumKeyPairs(inKeyRecRep);
+
+    return (PRBool)(inIndex >= 0 && inIndex < numKeyPairs);
+}
+
+CMMFCertifiedKeyPair *
+CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
+                                       int inIndex)
+{
+    CMMFCertifiedKeyPair *newKeyPair;
+    SECStatus rv;
+
+    PORT_Assert(inKeyRecRep != NULL &&
+                cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex));
+    if (inKeyRecRep == NULL ||
+        !cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)) {
+        return NULL;
+    }
+    newKeyPair = PORT_ZNew(CMMFCertifiedKeyPair);
+    if (newKeyPair == NULL) {
+        return NULL;
+    }
+    rv = cmmf_CopyCertifiedKeyPair(NULL, newKeyPair,
+                                   inKeyRecRep->keyPairHist[inIndex]);
+    if (rv != SECSuccess) {
+        CMMF_DestroyCertifiedKeyPair(newKeyPair);
+        newKeyPair = NULL;
+    }
+    return newKeyPair;
+}
+
+SECStatus
+CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
+                                   SECKEYPrivateKey *inPrivKey,
+                                   SECItem *inNickName,
+                                   PK11SlotInfo *inSlot,
+                                   CERTCertDBHandle *inCertdb,
+                                   SECKEYPrivateKey **destPrivKey,
+                                   void *wincx)
+{
+    CERTCertificate *cert;
+    SECItem keyUsageValue = { siBuffer, NULL, 0 };
+    unsigned char keyUsage = 0x0;
+    SECKEYPublicKey *pubKey;
+    SECStatus rv;
+
+    PORT_Assert(inKeyPair != NULL &&
+                inPrivKey != NULL && inCertdb != NULL);
+    if (inKeyPair == NULL ||
+        inPrivKey == NULL ||
+        inKeyPair->privateKey == NULL ||
+        inCertdb == NULL) {
+        return SECFailure;
+    }
+
+    cert = CMMF_CertifiedKeyPairGetCertificate(inKeyPair, inCertdb);
+    CERT_FindKeyUsageExtension(cert, &keyUsageValue);
+    if (keyUsageValue.data != NULL) {
+        keyUsage = keyUsageValue.data[3];
+        PORT_Free(keyUsageValue.data);
+    }
+    pubKey = CERT_ExtractPublicKey(cert);
+    rv = crmf_encrypted_value_unwrap_priv_key(NULL, inKeyPair->privateKey,
+                                              inPrivKey, pubKey,
+                                              inNickName, inSlot, keyUsage,
+                                              destPrivKey, wincx);
+    SECKEY_DestroyPublicKey(pubKey);
+    CERT_DestroyCertificate(cert);
+    return rv;
+}
+
+PRBool
+CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep)
+{
+    PORT_Assert(inKeyRecRep != NULL);
+    if (inKeyRecRep == NULL) {
+        return PR_FALSE;
+    }
+    return (PRBool)(inKeyRecRep->caCerts != NULL &&
+                    inKeyRecRep->caCerts[0] != NULL);
+}
diff --git a/nss/lib/crmf/cmmfresp.c b/nss/lib/crmf/cmmfresp.c
new file mode 100644
index 0000000..c4b59b8
--- /dev/null
+++ b/nss/lib/crmf/cmmfresp.c
@@ -0,0 +1,280 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This file will contain all routines dealing with creating a
+ * CMMFCertRepContent structure through Create/Set functions.
+ */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "crmf.h"
+#include "crmfi.h"
+#include "secitem.h"
+#include "secder.h"
+
+CMMFCertRepContent *
+CMMF_CreateCertRepContent(void)
+{
+    CMMFCertRepContent *retCertRep;
+    PLArenaPool *poolp;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        goto loser;
+    }
+    retCertRep = PORT_ArenaZNew(poolp, CMMFCertRepContent);
+    if (retCertRep == NULL) {
+        goto loser;
+    }
+    retCertRep->poolp = poolp;
+    return retCertRep;
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
+
+SECStatus
+cmmf_CertOrEncCertSetCertificate(CMMFCertOrEncCert *certOrEncCert,
+                                 PLArenaPool *poolp,
+                                 CERTCertificate *inCert)
+{
+    SECItem *derDest = NULL;
+    SECStatus rv = SECFailure;
+
+    if (inCert->derCert.data == NULL) {
+        derDest = SEC_ASN1EncodeItem(NULL, NULL, inCert,
+                                     CMMFCertOrEncCertCertificateTemplate);
+        if (derDest == NULL) {
+            goto loser;
+        }
+    } else {
+        derDest = SECITEM_DupItem(&inCert->derCert);
+        if (derDest == NULL) {
+            goto loser;
+        }
+    }
+    PORT_Assert(certOrEncCert->cert.certificate == NULL);
+    certOrEncCert->cert.certificate = CERT_DupCertificate(inCert);
+    certOrEncCert->choice = cmmfCertificate;
+    if (poolp != NULL) {
+        rv = SECITEM_CopyItem(poolp, &certOrEncCert->derValue, derDest);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        certOrEncCert->derValue = *derDest;
+    }
+    PORT_Free(derDest);
+    return SECSuccess;
+loser:
+    if (derDest != NULL) {
+        SECITEM_FreeItem(derDest, PR_TRUE);
+    }
+    return rv;
+}
+
+SECStatus
+cmmf_ExtractCertsFromList(CERTCertList *inCertList,
+                          PLArenaPool *poolp,
+                          CERTCertificate ***certArray)
+{
+    CERTCertificate **arrayLocalCopy;
+    CERTCertListNode *node;
+    int numNodes = 0, i;
+
+    for (node = CERT_LIST_HEAD(inCertList); !CERT_LIST_END(node, inCertList);
+         node = CERT_LIST_NEXT(node)) {
+        numNodes++;
+    }
+
+    arrayLocalCopy = *certArray = (poolp == NULL) ? PORT_NewArray(CERTCertificate *, (numNodes + 1)) : PORT_ArenaNewArray(poolp, CERTCertificate *, (numNodes + 1));
+    if (arrayLocalCopy == NULL) {
+        return SECFailure;
+    }
+    for (node = CERT_LIST_HEAD(inCertList), i = 0;
+         !CERT_LIST_END(node, inCertList);
+         node = CERT_LIST_NEXT(node), i++) {
+        arrayLocalCopy[i] = CERT_DupCertificate(node->cert);
+        if (arrayLocalCopy[i] == NULL) {
+            int j;
+
+            for (j = 0; j < i; j++) {
+                CERT_DestroyCertificate(arrayLocalCopy[j]);
+            }
+            if (poolp == NULL) {
+                PORT_Free(arrayLocalCopy);
+            }
+            *certArray = NULL;
+            return SECFailure;
+        }
+    }
+    arrayLocalCopy[numNodes] = NULL;
+    return SECSuccess;
+}
+
+SECStatus
+CMMF_CertRepContentSetCertResponses(CMMFCertRepContent *inCertRepContent,
+                                    CMMFCertResponse **inCertResponses,
+                                    int inNumResponses)
+{
+    PLArenaPool *poolp;
+    CMMFCertResponse **respArr, *newResp;
+    void *mark;
+    SECStatus rv;
+    int i;
+
+    PORT_Assert(inCertRepContent != NULL &&
+                inCertResponses != NULL &&
+                inNumResponses > 0);
+    if (inCertRepContent == NULL ||
+        inCertResponses == NULL ||
+        inCertRepContent->response != NULL) {
+        return SECFailure;
+    }
+    poolp = inCertRepContent->poolp;
+    mark = PORT_ArenaMark(poolp);
+    respArr = inCertRepContent->response =
+        PORT_ArenaZNewArray(poolp, CMMFCertResponse *, (inNumResponses + 1));
+    if (respArr == NULL) {
+        goto loser;
+    }
+    for (i = 0; i < inNumResponses; i++) {
+        newResp = PORT_ArenaZNew(poolp, CMMFCertResponse);
+        if (newResp == NULL) {
+            goto loser;
+        }
+        rv = cmmf_CopyCertResponse(poolp, newResp, inCertResponses[i]);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        respArr[i] = newResp;
+    }
+    respArr[inNumResponses] = NULL;
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+CMMFCertResponse *
+CMMF_CreateCertResponse(long inCertReqId)
+{
+    SECItem *dummy;
+    CMMFCertResponse *newResp;
+
+    newResp = PORT_ZNew(CMMFCertResponse);
+    if (newResp == NULL) {
+        goto loser;
+    }
+    dummy = SEC_ASN1EncodeInteger(NULL, &newResp->certReqId, inCertReqId);
+    if (dummy != &newResp->certReqId) {
+        goto loser;
+    }
+    return newResp;
+
+loser:
+    if (newResp != NULL) {
+        CMMF_DestroyCertResponse(newResp);
+    }
+    return NULL;
+}
+
+SECStatus
+CMMF_CertResponseSetPKIStatusInfoStatus(CMMFCertResponse *inCertResp,
+                                        CMMFPKIStatus inPKIStatus)
+{
+    PORT_Assert(inCertResp != NULL && inPKIStatus >= cmmfGranted &&
+                inPKIStatus < cmmfNumPKIStatus);
+
+    if (inCertResp == NULL) {
+        return SECFailure;
+    }
+    return cmmf_PKIStatusInfoSetStatus(&inCertResp->status, NULL,
+                                       inPKIStatus);
+}
+
+SECStatus
+CMMF_CertResponseSetCertificate(CMMFCertResponse *inCertResp,
+                                CERTCertificate *inCertificate)
+{
+    CMMFCertifiedKeyPair *keyPair = NULL;
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(inCertResp != NULL && inCertificate != NULL);
+    if (inCertResp == NULL || inCertificate == NULL) {
+        return SECFailure;
+    }
+    if (inCertResp->certifiedKeyPair == NULL) {
+        keyPair = inCertResp->certifiedKeyPair =
+            PORT_ZNew(CMMFCertifiedKeyPair);
+    } else {
+        keyPair = inCertResp->certifiedKeyPair;
+    }
+    if (keyPair == NULL) {
+        goto loser;
+    }
+    rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert, NULL,
+                                          inCertificate);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return SECSuccess;
+loser:
+    if (keyPair) {
+        if (keyPair->certOrEncCert.derValue.data) {
+            PORT_Free(keyPair->certOrEncCert.derValue.data);
+        }
+        PORT_Free(keyPair);
+    }
+    return rv;
+}
+
+SECStatus
+CMMF_CertRepContentSetCAPubs(CMMFCertRepContent *inCertRepContent,
+                             CERTCertList *inCAPubs)
+{
+    PLArenaPool *poolp;
+    void *mark;
+    SECStatus rv;
+
+    PORT_Assert(inCertRepContent != NULL &&
+                inCAPubs != NULL &&
+                inCertRepContent->caPubs == NULL);
+
+    if (inCertRepContent == NULL ||
+        inCAPubs == NULL || inCertRepContent == NULL) {
+        return SECFailure;
+    }
+
+    poolp = inCertRepContent->poolp;
+    mark = PORT_ArenaMark(poolp);
+
+    rv = cmmf_ExtractCertsFromList(inCAPubs, poolp,
+                                   &inCertRepContent->caPubs);
+
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(poolp, mark);
+    } else {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+    return rv;
+}
+
+CERTCertificate *
+CMMF_CertifiedKeyPairGetCertificate(CMMFCertifiedKeyPair *inCertKeyPair,
+                                    CERTCertDBHandle *inCertdb)
+{
+    PORT_Assert(inCertKeyPair != NULL);
+    if (inCertKeyPair == NULL) {
+        return NULL;
+    }
+    return cmmf_CertOrEncCertGetCertificate(&inCertKeyPair->certOrEncCert,
+                                            inCertdb);
+}
diff --git a/nss/lib/crmf/cmmft.h b/nss/lib/crmf/cmmft.h
new file mode 100644
index 0000000..e39f19e
--- /dev/null
+++ b/nss/lib/crmf/cmmft.h
@@ -0,0 +1,73 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CMMFT_H_
+#define _CMMFT_H_
+
+#include "secasn1.h"
+
+/*
+ * These are the enumerations used to distinguish between the different
+ * choices available for the CMMFCertOrEncCert structure.
+ */
+typedef enum {
+    cmmfNoCertOrEncCert = 0,
+    cmmfCertificate = 1,
+    cmmfEncryptedCert = 2
+} CMMFCertOrEncCertChoice;
+
+/*
+ * This is the enumeration and the corresponding values used to
+ * represent the CMMF type PKIStatus
+ */
+typedef enum {
+    cmmfNoPKIStatus = -1,
+    cmmfGranted = 0,
+    cmmfGrantedWithMods = 1,
+    cmmfRejection = 2,
+    cmmfWaiting = 3,
+    cmmfRevocationWarning = 4,
+    cmmfRevocationNotification = 5,
+    cmmfKeyUpdateWarning = 6,
+    cmmfNumPKIStatus
+} CMMFPKIStatus;
+
+/*
+ * These enumerations are used to represent the corresponding values
+ * in PKIFailureInfo defined in CMMF.
+ */
+typedef enum {
+    cmmfBadAlg = 0,
+    cmmfBadMessageCheck = 1,
+    cmmfBadRequest = 2,
+    cmmfBadTime = 3,
+    cmmfBadCertId = 4,
+    cmmfBadDataFormat = 5,
+    cmmfWrongAuthority = 6,
+    cmmfIncorrectData = 7,
+    cmmfMissingTimeStamp = 8,
+    cmmfNoFailureInfo = 9
+} CMMFPKIFailureInfo;
+
+typedef struct CMMFPKIStatusInfoStr CMMFPKIStatusInfo;
+typedef struct CMMFCertOrEncCertStr CMMFCertOrEncCert;
+typedef struct CMMFCertifiedKeyPairStr CMMFCertifiedKeyPair;
+typedef struct CMMFCertResponseStr CMMFCertResponse;
+typedef struct CMMFCertResponseSeqStr CMMFCertResponseSeq;
+typedef struct CMMFPOPODecKeyChallContentStr CMMFPOPODecKeyChallContent;
+typedef struct CMMFChallengeStr CMMFChallenge;
+typedef struct CMMFRandStr CMMFRand;
+typedef struct CMMFPOPODecKeyRespContentStr CMMFPOPODecKeyRespContent;
+typedef struct CMMFKeyRecRepContentStr CMMFKeyRecRepContent;
+typedef struct CMMFCertRepContentStr CMMFCertRepContent;
+
+/* Export this so people can call SEC_ASN1EncodeItem instead of having to
+ * write callbacks that are passed in to the high level encode function
+ * for CMMFCertRepContent.
+ */
+extern const SEC_ASN1Template CMMFCertRepContentTemplate[];
+extern const SEC_ASN1Template CMMFPOPODecKeyChallContentTemplate[];
+
+#endif /*_CMMFT_H_*/
diff --git a/nss/lib/crmf/config.mk b/nss/lib/crmf/config.mk
new file mode 100644
index 0000000..dc39ee4
--- /dev/null
+++ b/nss/lib/crmf/config.mk
@@ -0,0 +1,16 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/crmf/crmf.gyp b/nss/lib/crmf/crmf.gyp
new file mode 100644
index 0000000..f8fa8a4
--- /dev/null
+++ b/nss/lib/crmf/crmf.gyp
@@ -0,0 +1,43 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'crmf',
+      'type': 'static_library',
+      'sources': [
+        'asn1cmn.c',
+        'challcli.c',
+        'cmmfasn1.c',
+        'cmmfchal.c',
+        'cmmfrec.c',
+        'cmmfresp.c',
+        'crmfcont.c',
+        'crmfdec.c',
+        'crmfenc.c',
+        'crmfget.c',
+        'crmfpop.c',
+        'crmfreq.c',
+        'crmftmpl.c',
+        'encutil.c',
+        'respcli.c',
+        'respcmn.c',
+        'servget.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ],
+      'variables': {
+        # This is purely for the use of the Mozilla build system.
+        'no_expand_libs': 1,
+      },
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/crmf/crmf.h b/nss/lib/crmf/crmf.h
new file mode 100644
index 0000000..c56e289
--- /dev/null
+++ b/nss/lib/crmf/crmf.h
@@ -0,0 +1,1741 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CRMF_H_
+#define _CRMF_H_
+
+#include "seccomon.h"
+#include "cert.h"
+#include "crmft.h"
+#include "secoid.h"
+#include "secpkcs7.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * FUNCTION: CRMF_EncodeCertReqMsg
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message to be encoded.
+ *    fn
+ *        A Callback function that the ASN1 encoder calls whenever
+ *        the encoder wants to write out some DER encoded bytes.
+ *    arg
+ *        An opaque pointer that gets passed to the function fn
+ * OUTPUT:
+ *    The function fn will be called multiple times.  Look at the
+ *    comments in crmft.h where the CRMFEncoderOutputCallback type is
+ *    defined for information on proper behavior of the function fn.
+ * RETURN:
+ *    SECSuccess if encoding was successful.  Any other return value
+ *    indicates an error occurred during encoding.
+ */
+extern SECStatus
+CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg,
+                      CRMFEncoderOutputCallback fn,
+                      void *arg);
+
+/*
+ * FUNCTION: CRMF_EncoderCertRequest
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to be encoded.
+ *    fn
+ *        A Callback function that the ASN1 encoder calls whenever
+ *        the encoder wants to write out some DER encoded bytes.
+ *    arg
+ *        An opaque pointer that gets passed to the function fn.
+ * OUTPUT:
+ *    The function fn will be called, probably multiple times whenever
+ *    the ASN1 encoder wants to write out DER-encoded bytes.  Look at the
+ *    comments in crmft.h where the CRMFEncoderOutputCallback type is
+ *    defined for information on proper behavior of the function fn.
+ * RETURN:
+ *    SECSuccess if encoding was successful.  Any other return value
+ *    indicates an error occurred during encoding.
+ */
+extern SECStatus CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq,
+                                        CRMFEncoderOutputCallback fn,
+                                        void *arg);
+/*
+ * FUNCTION: CRMF_EncodeCertReqMessages
+ * INPUTS:
+ *    inCertReqMsgs
+ *        An array of pointers to the Certificate Request Messages
+ *        to encode.  The user must place a NULL pointer in the index
+ *        after the last message to be encoded.  When the library runs
+ *        into the NULL pointer, the library assumes there are no more
+ *        messages to encode.
+ *    fn
+ *        A Callback function that the ASN1 encoder calls whenever
+ *        the encoder wants to write out some DER encoded byts.
+ *    arg
+ *        An opaque pointer that gets passed to the function fn.
+ *
+ * NOTES:
+ *    The parameter inCertReqMsgs needs to be an array with a NULL pointer
+ *    to signal the end of messages.  An array in the form of
+ *    {m1, m2, m3, NULL, m4, ...} will only encode the messages m1, m2, and
+ *    m3.  All messages from m4 on will not be looked at by the library.
+ *
+ * OUTPUT:
+ *    The function fn will be called, probably multiple times.  Look at the
+ *    comments in crmft.h where the CRMFEncoderOutputCallback type is
+ *    defined for information on proper behavior of the function fn.
+ *
+ * RETURN:
+ * SECSuccess if encoding the Certificate Request Messages was successful.
+ * Any other return value indicates an error occurred while encoding the
+ * certificate request messages.
+ */
+extern SECStatus
+CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
+                           CRMFEncoderOutputCallback fn,
+                           void *arg);
+
+/*
+ * FUNCTION: CRMF_CreateCertReqMsg
+ * INPUTS:
+ *    NONE
+ * OUTPUT:
+ *    An empty CRMF Certificate Request Message.
+ *    Before encoding this message, the user must set
+ *    the ProofOfPossession field and the certificate
+ *    request which are necessary for the full message.
+ *    After the user no longer needs this CertReqMsg,
+ *    the user must call CRMF_DestroyCertReqMsg to free
+ *    all memory associated with the Certificate Request
+ *    Message.
+ * RETURN:
+ *    A pointer to a Certificate Request Message.  The user
+ *    must pass the return value of this function to
+ *    CRMF_DestroyCertReqMsg after the Certificate Request
+ *    Message is no longer necessary.
+ */
+extern CRMFCertReqMsg *CRMF_CreateCertReqMsg(void);
+
+/*
+ * FUNCTION: CRMF_DestroyCertReqMsg
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message to destroy.
+ *  NOTES:
+ *    This function frees all the memory used for the Certificate
+ *    Request Message and all the memory used in making copies of
+ *    fields of elelments of the message, eg. the Proof Of Possession
+ *    filed and the Cetificate Request.
+ * RETURN:
+ *    SECSuccess if destruction was successful.  Any other return value
+ *    indicates an error while trying to free the memory associated
+ *    with inCertReqMsg.
+ *
+ */
+extern SECStatus CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgSetCertRequest
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message that the function will set
+ *        the certificate request for.
+ *    inCertReq
+ *        The Certificate Request that will be added to the Certificate
+ *        Request Message.
+ * NOTES:
+ *    This function will make a copy of the Certificate Request passed in
+ *    and store it as part of the Certificate Request Message.  Therefore,
+ *    the user must not call this function until the Certificate Request
+ *    has been fully built and is ready to be encoded.
+ * RETURN:
+ *    SECSuccess
+ *        If copying the Certificate as a member of the Certificate
+ *        request message was successful.
+ *    Any other return value indicates a failure to copy the Certificate
+ *    Request and make it a part of the Certificate Request Message.
+ */
+extern SECStatus CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
+                                               CRMFCertRequest *inCertReq);
+
+/*
+ * FUNCTION: CRMF_CreateCertRequest
+ * INPUTS:
+ *    inRequestID
+ *        The ID that will be associated with this certificate request.
+ * OUTPUTS:
+ *    A certificate request which only has the requestID set.
+ * NOTES:
+ *    The user must call the function CRMF_DestroyCertRequest when
+ *    the returned value is no longer needed.  This is usually the
+ *    case after fully constructing the Certificate Request and then
+ *    calling the function CRMF_CertReqMsgSetCertRequest.
+ * RETURN:
+ *    A pointer to the new Certificate Request.  A NULL return value
+ *    indicates an error in creating the Certificate Request.
+ */
+extern CRMFCertRequest *CRMF_CreateCertRequest(PRUint32 inRequestID);
+
+/*
+ * FUNCTION: CRMF_DestroyCertRequest
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request that will be destroyed.
+ * RETURN:
+ *    SECSuccess
+ *        If freeing the memory associated with the certificate request
+ *        was successful.
+ *    Any other return value indicates an error while trying to free the
+ *    memory.
+ */
+extern SECStatus CRMF_DestroyCertRequest(CRMFCertRequest *inCertReq);
+
+/*
+ * FUNCTION: CRMF_CreateCertExtension
+ * INPUTS:
+ *    id
+ *        The SECOidTag to associate with this CertExtension.  This must
+ *        correspond to a valid Certificate Extension, if not the function
+ *        will fail.
+ *    isCritical
+ *        A boolean value stating if the extension value is crtical.  PR_TRUE
+ *        means the value is crtical.  PR_FALSE indicates the value is not
+ *        critical.
+ *    data
+ *        This is the data associated with the extension.  The user of the
+ *        library is responsible for making sure the value passed in is a
+ *        valid interpretation of the certificate extension.
+ * NOTES:
+ * Use this function to create CRMFCertExtension Structures which will
+ * then be passed to CRMF_AddFieldToCertTemplate as part of the
+ * CRMFCertCreationInfo.extensions  The user must call
+ * CRMF_DestroyCertExtension after the extension has been added to a certifcate
+ * and the extension is no longer needed.
+ *
+ * RETURN:
+ * A pointer to a newly created CertExtension.  A return value of NULL
+ * indicates the id passed in was an invalid certificate extension.
+ */
+extern CRMFCertExtension *CRMF_CreateCertExtension(SECOidTag id,
+                                                   PRBool isCritical,
+                                                   SECItem *data);
+
+/*
+ * FUNCTION: CMRF_DestroyCertExtension
+ * INPUTS:
+ *    inExtension
+ *        The Cert Extension to destroy
+ * NOTES:
+ * Destroy a structure allocated by CRMF_CreateCertExtension.
+ *
+ * RETURN:
+ * SECSuccess if freeing the memory associated with the certificate extension
+ * was successful.  Any other error indicates an error while freeing the
+ * memory.
+ */
+extern SECStatus CRMF_DestroyCertExtension(CRMFCertExtension *inExtension);
+
+/*
+ * FUNCTION: CRMF_CertRequestSetTemplateField
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    inTemplateField
+ *        An enumeration that indicates which field of the Certificate
+ *        template to add.
+ *    data
+ *        A generic pointer that will be type cast according to the
+ *        table under NOTES and used as the key for adding to the
+ *        certificate template;
+ * NOTES:
+ *
+ * Below is a table that tells what type to pass in as data
+ * depending on the template field one wants to set.
+ *
+ * Look in crmft.h for the definition of CRMFCertTemplateField.
+ *
+ * In all cases, the library makes copies of the data passed in.
+ *
+ *   CRMFCertTemplateField    Type of data    What data means
+ *   ---------------------    ------------    ---------------
+ *   crmfVersion              long *          The version of
+ *                                            the certificate
+ *                                            to be created.
+ *
+ *   crmfSerialNumber         long *          The serial number
+ *                                            for the cert to be
+ *                                            created.
+ *
+ *   crmfSigningAlg           SECAlgorithm *  The ASN.1 object ID for
+ *                                            the algorithm used in encoding
+ *                                            the certificate.
+ *
+ *   crmfIssuer               CERTName *      Certificate Library
+ *                                            representation of the ASN1 type
+ *                                            Name from X.509
+ *
+ *   crmfValidity     CRMFValidityCreationInfo *  At least one of the two
+ *                                                fields in the structure must
+ *                                                be present.  A NULL pointer
+ *                                                in the structure indicates
+ *                                                that member should not be
+ *                                                added.
+ *
+ *   crmfSubject              CERTName *      Certificate Library
+ *                                            representation of the ASN1 type
+ *                                            Name from X.509
+ *
+ *   crmfPublicKey    CERTSubjectPublicKeyInfo *  The public key info for the
+ *                                                certificate being requested.
+ *
+ *   crmfIssuerUID            SECItem *           A bit string representation
+ *                                                of the issuer UID. NOTE: The
+ *                                                length is the number of bits
+ *                                                and not the number of bytes.
+ *
+ *   crmfSubjectUID           SECItem*            A bit string representation
+ *                                                of the subject UID. NOTE: The
+ *                                                length is the number of bits
+ *                                                and not the number of bytes.
+ *
+ *   crmfExtension   CRMFCertExtCreationInfo *     A pointer to the structure
+ *                                                 populated with an array of
+ *                                                 of certificate extensions
+ *                                                 and an integer that tells
+ *                                                 how many elements are in the
+ *                                                 array. Look in crmft.h for
+ *                                                 the definition of
+ *                                                 CRMFCertExtCreationInfo
+ * RETURN:
+ *    SECSuccess if adding the desired field to the template was successful.
+ *    Any other return value indicates failure when trying to add the field
+ *    to the template.
+ *
+ */
+extern SECStatus
+CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
+                                 CRMFCertTemplateField inTemplateField,
+                                 void *data);
+
+/*
+ * FUNCTION: CRMF_CertRequestIsFieldPresent
+ * INPUTS:
+ *    inCertReq
+ *        The certificate request to operate on.
+ *    inTemplateField
+ *        The enumeration for the template field the user wants to query
+ *        about.
+ * NOTES:
+ * This function checks to see if the the field associated with inTemplateField
+ * enumeration is already present in the certificate request passed in.
+ *
+ * RETURN:
+ * The function returns PR_TRUE if the field associated with inTemplateField
+ * is already present in the certificate request.  If the field is not present
+ * the function returns PR_FALSE.
+ */
+extern PRBool
+CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
+                               CRMFCertTemplateField inTemplateField);
+
+/*
+ * FUNCTION: CRMF_CertRequestIsControlPresent
+ * INPUTS:
+ *    inCertReq
+ *        The certificate request to operate on.
+ *    inControlType
+ *        The type of control to look for.
+ * NOTES:
+ * This function looks at the control present in the certificate request
+ * and returns PR_TRUE iff a control of type inControlType already exists.
+ * The CRMF draft does not explicitly state that two controls of the same
+ * type can not exist within the same request.  So the library will not
+ * cause an error if you try to add a control and one of the same type
+ * already exists.  It is up to the application to ensure that multiple
+ * controls of the same type do not exist, if that is the desired behavior
+ * by the application.
+ *
+ * RETURN:
+ * The function returns PR_TRUE if a control of type inControlType already
+ * exists in the certificate request.  If a control of type inControlType
+ * does not exist, the function will return PR_FALSE.
+ */
+extern PRBool
+CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
+                                 CRMFControlType inControlType);
+
+/*
+ * FUNCTION: CRMF_CertRequestSetRegTokenControl
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    value
+ *        The UTF8 value which will be the Registration Token Control
+ *        for this Certificate Request.
+ * NOTES:
+ *    The library does no verification that the value passed in is
+ *    a valid UTF8 value.  The caller must make sure of this in order
+ *    to get an encoding that is valid.  The library will ultimately
+ *    encode this value as it was passed in.
+ * RETURN:
+ *    SECSucces on successful addition of the Registration Token Control.
+ *    Any other return value indicates an unsuccessful attempt to add the
+ *    control.
+ *
+ */
+extern SECStatus CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq,
+                                                    SECItem *value);
+
+/*
+ * FUNCTION: CRMF_CertRequestSetAuthenticatorControl
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    value
+ *        The UTF8 value that will become the Authenticator Control
+ *        for the passed in Certificate Request.
+ * NOTES:
+ *    The library does no verification that the value passed in is
+ *    a valid UTF8 value.  The caller must make sure of this in order
+ *    to get an encoding that is valid.  The library will ultimately
+ *    encode this value as it was passed in.
+ * RETURN:
+ *    SECSucces on successful addition of the Authenticator Control.
+ *    Any other return value indicates an unsuccessful attempt to add the
+ *    control.
+ */
+extern SECStatus
+CRMF_CertRequestSetAuthenticatorControl(CRMFCertRequest *inCertReq,
+                                        SECItem *value);
+
+/*
+ * FUNCTION: CRMF_CreateEncryptedKeyWithencryptedValue
+ * INPUTS:
+ *    inPrivKey
+ *        This is the private key associated with a certificate that is
+ *        being requested.  This structure will eventually wind up as
+ *        a part of the PKIArchiveOptions Control.
+ *    inCACert
+ *        This is the certificate for the CA that will be receiving the
+ *        certificate request for the private key passed in.
+ * OUTPUT:
+ *    A CRMFEncryptedKey that can ultimately be used as part of the
+ *    PKIArchiveOptions Control.
+ *
+ * RETURN:
+ *    A pointer to a CRMFEncyptedKey.  A NULL return value indicates an erro
+ *    during the creation of the encrypted key.
+ */
+extern CRMFEncryptedKey *
+CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
+                                          CERTCertificate *inCACert);
+
+/*
+ * FUNCTION: CRMF_DestroyEncryptedKey
+ * INPUTS:
+ *    inEncrKey
+ *        The CRMFEncryptedKey to be destroyed.
+ * NOTES:
+ *    Frees all memory associated with the CRMFEncryptedKey passed in.
+ * RETURN:
+ *    SECSuccess if freeing the memory was successful.  Any other return
+ *    value indicates an error while freeig the memroy.
+ */
+extern SECStatus CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey);
+
+/*
+ * FUNCTION: CRMF_CreatePKIArchiveOptions
+ * INPUTS:
+ *    inType
+ *        An enumeration value indicating which option for
+ *        PKIArchiveOptions to use.
+ *    data
+ *        A pointer that will be type-cast and de-referenced according
+ *        to the table under NOTES.
+ * NOTES:
+ * A table listing what should be passed in as data
+ * ------------------------------------------------
+ *
+ * inType                            data
+ * ------                            ----
+ * crmfEncryptedPrivateKey           CRMFEncryptedKey*
+ * crmfKeyGenParameters              SECItem*(This needs to be an octet string)
+ * crmfArchiveRemGenPrivKey          PRBool*
+ *
+ * RETURN:
+ *    A pointer the a CRMFPKIArchiveOptions that can be added to a Certificate
+ *    Request.  A NULL pointer indicates an error occurred while creating
+ *    the CRMFPKIArchiveOptions Structure.
+ */
+extern CRMFPKIArchiveOptions *
+CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType,
+                             void *data);
+/*
+ * FUNCTION: CRMF_DestroyPKIArchiveOptions
+ * INPUTS:
+ *    inArchOpt
+ *        A pointer to the CRMFPKIArchiveOptions structure to free.
+ * NOTES:
+ *    Will free all memory associated with 'inArchOpt'.
+ * RETURN:
+ *    SECSuccess if successful in freeing the memory used by 'inArchOpt'
+ *    Any other return value indicates an error while freeing the memory.
+ */
+extern SECStatus
+CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOpt);
+
+/*
+ * FUNCTION: CRMF_CertRequestSetPKIArchiveOptions
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to add the the options to.
+ *    inOptions
+ *        The Archive Options to add to the Certificate Request.
+ * NOTES:
+ *    Adds the PKIArchiveOption to the Certificate Request.  This is what
+ *    enables Key Escrow to take place through CRMF.  The library makes
+ *    its own copy of the information.
+ * RETURN:
+ *    SECSuccess if successful in adding the ArchiveOptions to the Certificate
+ *    request.  Any other return value indicates an error when trying to add
+ *    the Archive Options  to the Certificate Request.
+ */
+extern SECStatus
+CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
+                                     CRMFPKIArchiveOptions *inOptions);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgGetPOPType
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message to operate on.
+ * NOTES:
+ *    Returns an enumeration value indicating the method of Proof
+ *    of Possession that was used for the passed in Certificate Request
+ *    Message.
+ * RETURN:
+ *    An enumeration indicating what method for Proof Of Possession is
+ *    being used in this Certificate Request Message.  Look in the file
+ *    crmft.h for the definition of CRMFPOPChoice for the possible return
+ *    values.
+ */
+extern CRMFPOPChoice CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgSetRAVerifiedPOP
+ * INPUT:
+ *    InCertReqMsg
+ *        The Certificate Request Message to operate on.
+ * NOTES:
+ *    This function will set the method of Proof Of Possession to
+ *    crmfRAVerified which means the RA has already verified the
+ *    requester does possess the private key.
+ * RETURN:
+ *    SECSuccess if adding RAVerified to the message is successful.
+ *    Any other message indicates an error while trying to add RAVerified
+ *    as the Proof of Possession.
+ */
+extern SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgSetSignaturePOP
+ * INPUT:
+ *    inCertReqMsg
+ *        The Certificate Request Message to add the SignaturePOP to.
+ *    inPrivKey
+ *        The Private Key which corresponds to the the Certificate Request
+ *        Message.
+ *    inPubKey
+ *        The Public Key which corresponds to the Private Key passed in.
+ *    inCertForInput
+ *        A Certificate that in the future may be used to create
+ *        POPOSigningKeyInput.
+ *    fn
+ *        A callback for retrieving a password which may be used in the
+ *       future to generate POPOSigningKeyInput.
+ *    arg
+ *        An opaque pointer that would be passed to fn whenever it is
+ *        called.
+ * NOTES:
+ * Adds Proof Of Possession to the CertRequest using the signature field
+ * of the ProofOfPossession field.  NOTE: In order to use this option,
+ * the certificate template must contain the publicKey at the very minimum.
+ *
+ * If you don't want the function to generate POPOSigningKeyInput, then
+ * make sure the cert template already contains the subject and public key
+ * values.  Currently creating POPOSigningKeyInput is not supported, so
+ * a Message passed to this function must have the publicKey and the subject
+ * as part of the template
+ *
+ * This will take care of creating the entire POPOSigningKey structure
+ * that will become part of the message.
+ *
+ * inPrivKey is the key to be used in the signing operation when creating
+ * POPOSigningKey structure.  This should be the key corresponding to
+ * the certificate being requested.
+ *
+ * inCertForInput will be used if POPOSigningKeyInput needs to be generated.
+ * It will be used in generating the authInfo.sender field.  If the parameter
+ * is not passed in then authInfo.publicKeyMAC will be generated instead.
+ * If passed in, this certificate needs to be a valid certificate.
+ *
+ * The last 3 arguments are for future compatibility in case we ever want to
+ * support generating POPOSigningKeyInput.  Pass in NULL for all 3 if you
+ * definitely don't want the function to even try to generate
+ * POPOSigningKeyInput.  If you try to use POPOSigningKeyInput, the function
+ * will fail.
+ *
+ * RETURN:
+ *    SECSuccess if adding the Signature Proof Of Possession worked.
+ *    Any other return value indicates an error in trying to add
+ *    the Signature Proof Of Possession.
+ */
+extern SECStatus
+CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
+                               SECKEYPrivateKey *inPrivKey,
+                               SECKEYPublicKey *inPubKey,
+                               CERTCertificate *inCertForInput,
+                               CRMFMACPasswordCallback fn,
+                               void *arg);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgSetKeyEnciphermentPOP
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message to operate on.
+ *    inKeyChoice
+ *        An enumeration indicating which POPOPrivKey Choice to use
+ *        in constructing the KeyEnciphermentPOP.
+ *    subseqMess
+ *        This parameter must be provided iff inKeyChoice is
+ *        crmfSubsequentMessage.  This details how the RA is to respond
+ *        in order to perform Proof Of Possession.  Look in crmft.h under
+ *        the definition of CRMFSubseqMessOptions for possible values.
+ *    encPrivKey
+ *        This parameter only needs to be provided if inKeyChoice is
+ *        crmfThisMessage.  The item should contain the encrypted private
+ *        key.
+ *
+ * NOTES:
+ * Adds Proof Of Possession using the keyEncipherment field of
+ * ProofOfPossession.
+ *
+ * The function looks at the the inKeyChoice parameter and interprets it in
+ * in the following manner.
+ *
+ * If a parameter is not mentioned under interpretation, the function will not
+ * look at its value when implementing that case.
+ *
+ * inKeyChoice          Interpretation
+ * -----------          --------------
+ * crmfThisMessage      This options requires that the encrypted private key
+ *                      be included in the thisMessage field of POPOPrivKey.
+ *                      We don't support this yet, so any clients who want
+ *                      to use this feature have to implement a wrapping
+ *                      function and agree with the server on how to properly
+ *                      wrap the key.  That encrypted key must be passed in
+ *                      as the encPrivKey parameter.
+ *
+ * crmfSubequentMessage Must pass in a value for subseqMess.  The value must
+ *                      be either CRMFEncrCert or CRMFChallengeResp.  The
+ *                      parameter encPrivKey will not be looked at in this
+ *                      case.
+ *
+ * crmfDHMAC            This is not a valid option for this function.  Passing
+ *                      in this value will result in the function returning
+ *                      SECFailure.
+ * RETURN:
+ *    SECSuccess if adding KeyEnciphermentPOP was successful.  Any other return
+ *    value indicates an error in adding KeyEnciphermentPOP.
+ */
+extern SECStatus
+CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
+                                     CRMFPOPOPrivKeyChoice inKeyChoice,
+                                     CRMFSubseqMessOptions subseqMess,
+                                     SECItem *encPrivKey);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgSetKeyAgreementPOP
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message to operate on.
+ *    inKeyChoice
+ *        An enumeration indicating which POPOPrivKey Choice to use
+ *        in constructing the KeyAgreementPOP.
+ *    subseqMess
+ *        This parameter must be provided iff inKeyChoice is
+ *        crmfSubsequentMessage.  This details how the RA is to respond
+ *        in order to perform Proof Of Possession.  Look in crmft.h under
+ *        the definition of CRMFSubseqMessOptions for possible values.
+ *    encPrivKey
+ *        This parameter only needs to be provided if inKeyChoice is
+ *        crmfThisMessage.  The item should contain the encrypted private
+ *        key.
+ * Adds Proof Of Possession using the keyAgreement field of
+ * ProofOfPossession.
+ *
+ * The function looks at the the inKeyChoice parameter and interprets it in
+ * in the following manner.
+ *
+ * If a parameter is not mentioned under interpretation, the function will not
+ * look at its value when implementing that case.
+ *
+ * inKeyChoice          Interpretation
+ * -----------          --------------
+ * crmfThisMessage      This options requires that the encrypted private key
+ *                      be included in the thisMessage field of POPOPrivKey.
+ *                      We don't support this yet, so any clients who want
+ *                      to use this feature have to implement a wrapping
+ *                      function and agree with the server on how to properly
+ *                      wrap the key.  That encrypted key must be passed in
+ *                      as the encPrivKey parameter.
+ *
+ * crmfSubequentMessage Must pass in a value for subseqMess.  The value must
+ *                      be either crmfEncrCert or crmfChallengeResp.  The
+ *                      parameter encPrivKey will not be looked at in this
+ *                      case.
+ *
+ * crmfDHMAC            This option is not supported.
+ */
+extern SECStatus
+CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
+                                  CRMFPOPOPrivKeyChoice inKeyChoice,
+                                  CRMFSubseqMessOptions subseqMess,
+                                  SECItem *encPrivKey);
+
+/*
+ * FUNCTION: CRMF_CreateCertReqMsgFromDER
+ * INPUTS:
+ *    buf
+ *        A buffer to the DER-encoded Certificate Request Message.
+ *    len
+ *        The length in bytes of the buffer 'buf'
+ * NOTES:
+ * This function passes the buffer to the ASN1 decoder and creates a
+ * CRMFCertReqMsg structure.  Do not try adding any fields to a message
+ * returned from this function.  Specifically adding more Controls or
+ * Extensions may cause your program to crash.
+ *
+ * RETURN:
+ *    A pointer to the Certificate Request Message structure.  A NULL return
+ *    value indicates the library was unable to parse the DER.
+ */
+extern CRMFCertReqMsg *CRMF_CreateCertReqMsgFromDER(const char *buf, long len);
+
+/*
+ * FUNCTION: CRMF_CreateCertReqMessagesFromDER
+ * INPUTS:
+ *    buf
+ *        A buffer to the DER-encoded Certificate Request Messages.
+ *    len
+ *        The length in bytes of buf
+ * NOTES:
+ * This function passes the buffer to the ASN1 decoder and creates a
+ * CRMFCertReqMessages structure.  Do not try adding any fields to a message
+ * derived from this function.  Specifically adding more Controls or
+ * Extensions may cause your program to crash.
+ * The user must call CRMF_DestroyCertReqMessages after the return value is
+ * no longer needed, ie when all individual messages have been extracted.
+ *
+ * RETURN:
+ *    A pointer to the Certificate Request Messages structure.  A NULL return
+ *    value indicates the library was unable to parse the DER.
+ */
+extern CRMFCertReqMessages *
+CRMF_CreateCertReqMessagesFromDER(const char *buf, long len);
+
+/*
+ * FUNCTION: CRMF_DestroyCertReqMessages
+ * INPUTS
+ *    inCertReqMsgs
+ *        The Messages to destroy.
+ * RETURN:
+ *    SECSuccess if freeing the memory was done successfully.  Any other
+ *    return value indicates an error in freeing up memory.
+ */
+extern SECStatus
+CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs);
+
+/*
+ * FUNCTION: CRMF_CertReqMessagesGetNumMessages
+ * INPUTS:
+ *    inCertReqMsgs
+ *        The Request Messages to operate on.
+ * RETURN:
+ *    The number of messages contained in the in the Request Messages
+ *    strucure.
+ */
+extern int
+CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs);
+
+/*
+ * FUNCTION: CRMF_CertReqMessagesGetCertReqMsgAtIndex
+ * INPUTS:
+ *    inReqMsgs
+ *        The Certificate Request Messages to operate on.
+ *    index
+ *        The index of the single message the user wants a copy of.
+ * NOTES:
+ * This function returns a copy of the request messages stored at the
+ * index corresponding to the parameter 'index'.  Indexing of the messages
+ * is done in the same manner as a C array.  Meaning the valid index are
+ * 0...numMessages-1.  User must call CRMF_DestroyCertReqMsg when done using
+ * the return value of this function.
+ *
+ * RETURN:
+ * SECSuccess if copying the message at the requested index was successful.
+ * Any other return value indicates an invalid index or error while copying
+ * the single request message.
+ */
+extern CRMFCertReqMsg *
+CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
+                                         int index);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgGetID
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message to get the ID from.
+ *    destID
+ *        A pointer to where the library can place the ID of the Message.
+ * RETURN:
+ *    SECSuccess if the function was able to retrieve the ID and place it
+ *    at *destID.  Any other return value indicates an error meaning the value
+ *    in *destId is un-reliable and should not be used by the caller of this
+ *    function.
+ *
+ */
+extern SECStatus CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg,
+                                      long *destID);
+
+/*
+ * FUNCTION: CRMF_DoesRequestHaveField
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    inField
+ *        An enumeration indicating which filed of the certificate template
+ *        to look for.
+ * NOTES:
+ * All the fields in a certificate template are optional.  This function
+ * checks to see if the requested field is present.  Look in crmft.h at the
+ * definition of CRMFCertTemplateField for possible values for possible
+ * querying.
+ *
+ * RETURN:
+ * PR_TRUE iff the field corresponding to 'inField' has been specified as part
+ *         of 'inCertReq'
+ * PR_FALSE iff the field corresponding to 'inField' has not been speicified
+ *          as part of 'inCertReq'
+ *
+ */
+extern PRBool CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
+                                        CRMFCertTemplateField inField);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgGetCertRequest
+ * INPUTS:
+ *    inCertReqMsg
+ *        The Certificate Request Message to operate on.
+ * NOTES:
+ *    This function returns a copy of the Certificate Request to the user.
+ *    The user can keep adding to this request and then making it a part
+ *    of another message.  After the user no longer wants to use the
+ *    returned request, the user must call CRMF_DestroyCertRequest and
+ *    pass it the request returned by this function.
+ * RETURN:
+ *    A pointer to a copy of the certificate request contained by the message.
+ *    A NULL return value indicates an error occurred while copying the
+ *   certificate request.
+ */
+extern CRMFCertRequest *
+CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateVersion
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    version
+ *        A pointer to where the library can store the version contatined
+ *        in the certificate template within the certifcate request.
+ * RETURN:
+ *    SECSuccess if the Certificate template contains the version field.  In
+ *    this case, *version will hold the value of the certificate template
+ *    version.
+ *    SECFailure indicates that version field was not present as part of
+ *    of the certificate template.
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
+                                       long *version);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateSerialNumber
+ * INPUTS:
+ *    inCertReq
+ *        The certificate request to operate on.
+ *    serialNumber
+ *        A pointer where the library can put the serial number contained
+ *        in the certificate request's certificate template.
+ * RETURN:
+ * If a serial number exists in the CertTemplate of the request, the function
+ * returns SECSuccess and the value at *serialNumber contains the serial
+ * number.
+ * If no serial number is present, then the function returns SECFailure and
+ * the value at *serialNumber is un-changed.
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
+                                            long *serialNumber);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateSigningAlg
+ * INPUT:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    destAlg
+ *        A Pointer to where the library can place a copy of the signing alg
+ *        used in the cert request's cert template.
+ * RETURN:
+ * If the signingAlg is present in the CertRequest's CertTemplate, then
+ * the function returns SECSuccess and places a copy of sigingAlg in
+ * *destAlg.
+ * If no signingAlg is present, then the function returns SECFailure and
+ * the value at *destAlg is un-changed
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
+                                          SECAlgorithmID *destAlg);
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateIssuer
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    destIssuer
+ *        A pointer to where the library can place a copy of the cert
+ *        request's cert template issuer field.
+ * RETURN:
+ * If the issuer is present in the cert request cert template, the function
+ * returns SECSuccess and places a  copy of the issuer in *destIssuer.
+ * If there is no issuer present, the function returns SECFailure and the
+ * value at *destIssuer is unchanged.
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
+                                      CERTName *destIssuer);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateValidity
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    destValdity
+ *        A pointer to where the library can place a copy of the validity
+ *        info in the cert request cert template.
+ * NOTES:
+ * Pass the pointer to
+ * RETURN:
+ * If there is an OptionalValidity field, the function will return SECSuccess
+ * and place the appropriate values in *destValidity->notBefore and
+ * *destValidity->notAfter. (Each field is optional, but at least one will
+ * be present if the function returns SECSuccess)
+ *
+ * If there is no OptionalValidity field, the function will return SECFailure
+ * and the values at *destValidity will be un-changed.
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
+                                        CRMFGetValidity *destValidity);
+/*
+ * FUNCTION: CRMF_DestroyGetValidity
+ * INPUTS:
+ *    inValidity
+ *        A pointer to the memroy to be freed.
+ * NOTES:
+ * The function will free the memory allocated by the function
+ * CRMF_CertRequestGetCertTemplateValidity.  That means only memory pointed
+ * to within the CRMFGetValidity structure.  Since
+ * CRMF_CertRequestGetCertTemplateValidity does not allocate memory for the
+ * structure passed into it, it will not free it.  Meaning this function will
+ * free the memory at inValidity->notBefore and inValidity->notAfter, but not
+ * the memory directly at inValdity.
+ *
+ * RETURN:
+ * SECSuccess if freeing the memory was successful.  Any other return value
+ * indicates an error while freeing the memory.
+ */
+extern SECStatus
+CRMF_DestroyGetValidity(CRMFGetValidity *inValidity);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateSubject
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ *    destSubject
+ *        A pointer to where the library can place a copy of the subject
+ *        contained in the request's cert template.
+ * RETURN:
+ * If there is a subject in the CertTemplate, then the function returns
+ * SECSuccess and a copy of the subject is placed in *destSubject.
+ *
+ * If there is no subject, the function returns SECFailure and the values at
+ * *destSubject is unchanged.
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
+                                       CERTName *destSubject);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplatePublicKey
+ * INPUTS:
+ *    inCertReq
+ *        The Cert request to operate on.
+ *    destPublicKey
+ *        A pointer to where the library can place a copy of the request's
+ *        cert template public key.
+ * RETURN:
+ * If there is a publicKey parameter in the CertRequest, the function returns
+ * SECSuccess, and places a copy of the publicKey in *destPublicKey.
+ *
+ * If there is no publicKey, the function returns SECFailure and the value
+ * at *destPublicKey is un-changed.
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
+                                         CERTSubjectPublicKeyInfo *destPublicKey);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateIssuerUID
+ * INPUTS:
+ *    inCertReq
+ *        The Cert request to operate on.
+ *    destIssuerUID
+ *        A pointer to where the library can store a copy of the request's
+ *        cert template destIssuerUID.
+ *
+ * NOTES:
+ * destIssuerUID is a bit string and will be returned in a SECItem as
+ * a bit string.  Meaning the len field contains the number of valid bits as
+ * opposed to the number of bytes allocated.
+ *
+ * RETURN:
+ * If the CertTemplate has an issuerUID, the function returns SECSuccess and
+ * places a copy of the issuerUID in *destIssuerUID.
+ *
+ * If there is no issuerUID, the function returns SECFailure and the value
+ * *destIssuerUID is unchanged.
+ */
+extern SECStatus
+CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
+                                         SECItem *destIssuerUID);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetCertTemplateSubjectUID
+ *    inCertReq
+ *        The Cert request to operate on.
+ *    destSubjectUID
+ *        A pointer to where the library can store a copy of the request's
+ *        cert template destIssuerUID.
+ *
+ * NOTES:
+ * destSubjectUID is a bit string and will be returned in a SECItem as
+ * a bit string.  Meaning the len field contains the number of valid bits as
+ * opposed to the number of bytes allocated.
+ *
+ * RETURN:
+ * If the CertTemplate has an issuerUID, the function returns SECSuccess and
+ * places a copy of the issuerUID in *destIssuerUID.
+ *
+ * If there is no issuerUID, the function returns SECSuccess and the value
+ * *destIssuerUID is unchanged.
+ */
+extern SECStatus CRMF_GetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
+                                                SECItem *destSubjectUID);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetNumberOfExtensions
+ * INPUTS:
+ *    inCertReq
+ *        The cert request to operate on.
+ * RETURN:
+ *    Returns the number of extensions contained by the Cert Request.
+ */
+extern int CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetExtensionAtIndex
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate request to operate on.
+ *    index
+ *        The index of the extension array whihc the user wants to access.
+ * NOTES:
+ * This function retrieves the extension at the index corresponding to the
+ * parameter "index" indicates.  Indexing is done like a C array.
+ * (0 ... numElements-1)
+ *
+ * Call CRMF_DestroyCertExtension when done using the return value.
+ *
+ * RETURN:
+ *    A pointer to a copy of the extension at the desired index.  A NULL
+ *    return value indicates an invalid index or an error while copying
+ *    the extension.
+ */
+extern CRMFCertExtension *
+CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
+                                    int index);
+/*
+ * FUNCTION: CRMF_CertExtensionGetOidTag
+ * INPUTS:
+ *    inExtension
+
+ *        The extension to operate on.
+ * RETURN:
+ *    Returns the SECOidTag associated with the cert extension passed in.
+ */
+extern SECOidTag CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension);
+
+/*
+ * FUNCTION: CRMF_CertExtensionGetIsCritical
+ * INPUT:
+ *    inExt
+ *        The cert extension to operate on.
+ *
+ * RETURN:
+ * PR_TRUE if the extension is critical.
+ * PR_FALSE if the extension is not critical.
+ */
+extern PRBool CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt);
+
+/*
+ * FUNCTION: CRMF_CertExtensionGetValue
+ * INPUT:
+ *    inExtension
+ *        The extension to operate on.
+ * NOTES:
+ * Caller is responsible for freeing the memory associated with the return
+ * value.  Call SECITEM_FreeItem(retVal, PR_TRUE) when done using the return
+ * value.
+ *
+ * RETURN:
+ * A pointer to an item containig the value for the certificate extension.
+ * A NULL return value indicates an error in copying the information.
+ */
+extern SECItem *CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgGetPOPOSigningKey
+ * INPUTS:
+ *    inCertReqMsg
+ *        The certificate request message to operate on.
+ *    destKey
+ *        A pointer to where the library can place a pointer to
+ *        a copy of the Proof Of Possession Signing Key used
+ *        by the message.
+ *
+ * RETURN:
+ * Get the POPOSigningKey associated with this CRMFCertReqMsg.
+ * If the CertReqMsg does not have a pop, the function returns
+ * SECFailure and the value at *destKey is un-changed..
+ *
+ * If the CertReqMsg does have a pop, then the CertReqMsg's
+ * POPOSigningKey will be placed at *destKey.
+ */
+extern SECStatus
+CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
+                                 CRMFPOPOSigningKey **destKey);
+
+/*
+ * FUNCTION: CRMF_DestroyPOPOSigningKey
+ * INPUTS:
+ *    inKey
+ *        The signing key to free.
+ *
+ * RETURN:
+ * SECSuccess if freeing the memory was successful.  Any other return value
+ * indicates an error while freeing memory.
+ */
+extern SECStatus CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey);
+
+/*
+ * FUNCTION: CRMF_POPOSigningKeyGetAlgID
+ * INPUTS:
+ *    inSignKey
+ *        The Signing Key to operate on.
+ * RETURN:
+ * Return the algorithmID used by the CRMFPOPOSigningKey.  User must
+ * call SECOID_DestroyAlgorithmID(destID, PR_TRUE) when done using the
+ * return value.
+ */
+extern SECAlgorithmID *
+CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey);
+
+/*
+ * FUNCTION: CRMF_POPOSigningKeyGetSignature
+ * INPUTS:
+ *    inSignKey
+ *        The Signing Key to operate on.
+ *
+ * RETURN:
+ * Get the actual signature stored away in the CRMFPOPOSigningKey.  SECItem
+ * returned is a BIT STRING, so the len field is the number of bits as opposed
+ * to the total number of bytes allocatd.  User must call
+ * SECITEM_FreeItem(retVal,PR_TRUE) when done using the return value.
+ */
+extern SECItem *CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey);
+
+/*
+ * FUNCTION: CRMF_POPOSigningKeyGetInput
+ * INPUTS:
+ *    inSignKey
+ *        The Signing Key to operate on.
+ * NOTES:
+ * This function will return the der encoded input that was read in while
+ * decoding.  The API does not support this option when creating, so you
+ * cannot add this field.
+ *
+ * RETURN:
+ * Get the poposkInput that is part of the of the POPOSigningKey. If the
+ * optional field is not part of the POPOSigningKey, the function returns
+ * NULL.
+ *
+ * If the optional field is part of the POPOSingingKey, the function will
+ * return a copy of the der encoded poposkInput.
+ */
+extern SECItem *CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgGetPOPKeyEncipherment
+ * INPUTS:
+ *    inCertReqMsg
+ *        The certificate request message to operate on.
+ *    destKey
+ *        A pointer to where the library can place a pointer to a
+ *        copy of the POPOPrivKey representing Key Encipherment
+ *        Proof of Possession.
+ *NOTES:
+ * This function gets the POPOPrivKey associated with this CRMFCertReqMsg
+ * for Key Encipherment.
+ *
+ * RETURN:
+ * If the CertReqMsg did not use Key Encipherment for Proof Of Possession, the
+ * function returns SECFailure and the value at *destKey is un-changed.
+ *
+ * If the CertReqMsg did use Key Encipherment for ProofOfPossession, the
+ * function returns SECSuccess and places the POPOPrivKey representing the
+ * Key Encipherment Proof Of Possessin at *destKey.
+ */
+extern SECStatus
+CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
+                                     CRMFPOPOPrivKey **destKey);
+
+/*
+ * FUNCTION: CRMF_CertReqMsgGetPOPKeyAgreement
+ * INPUTS:
+ *    inCertReqMsg
+ *        The certificate request message to operate on.
+ *    destKey
+ *        A pointer to where the library can place a pointer to a
+ *        copy of the POPOPrivKey representing Key Agreement
+ *        Proof of Possession.
+ * NOTES:
+ * This function gets the POPOPrivKey associated with this CRMFCertReqMsg for
+ * Key Agreement.
+ *
+ * RETURN:
+ * If the CertReqMsg used Key Agreement for Proof Of Possession, the
+ * function returns SECSuccess and the POPOPrivKey for Key Agreement
+ * is placed at *destKey.
+ *
+ * If the CertReqMsg did not use Key Agreement for Proof Of Possession, the
+ * function return SECFailure and the value at *destKey is unchanged.
+ */
+extern SECStatus
+CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
+                                  CRMFPOPOPrivKey **destKey);
+
+/*
+ * FUNCTION: CRMF_DestroyPOPOPrivKey
+ * INPUTS:
+ *    inPrivKey
+ *        The POPOPrivKey to destroy.
+ * NOTES:
+ * Destroy a structure allocated by CRMF_GetPOPKeyEncipherment or
+ * CRMF_GetPOPKeyAgreement.
+ *
+ * RETURN:
+ * SECSuccess on successful destruction of the POPOPrivKey.
+ * Any other return value indicates an error in freeing the
+ * memory.
+ */
+extern SECStatus CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey);
+
+/*
+ * FUNCTION: CRMF_POPOPrivKeyGetChoice
+ * INPUT:
+ *    inKey
+ *        The POPOPrivKey to operate on.
+ * RETURN:
+ * Returns which choice was used in constructing the POPPOPrivKey. Look at
+ * the definition of CRMFPOPOPrivKeyChoice in crmft.h for the possible return
+ * values.
+ */
+extern CRMFPOPOPrivKeyChoice CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inKey);
+
+/*
+ * FUNCTION: CRMF_POPOPrivKeyGetThisMessage
+ * INPUTS:
+ *    inKey
+ *        The POPOPrivKey to operate on.
+ *    destString
+ *        A pointer to where the library can place a copy of the This Message
+ *        field stored in the POPOPrivKey
+ *
+ * RETURN:
+ * Returns the field thisMessage from the POPOPrivKey.
+ * If the POPOPrivKey did not use the field thisMessage, the function
+ * returns SECFailure and the value at *destString is unchanged.
+ *
+ * If the POPOPrivKey did use the field thisMessage, the function returns
+ * SECSuccess and the BIT STRING representing thisMessage is placed
+ * at *destString. BIT STRING representation means the len field is the
+ * number of valid bits as opposed to the total number of bytes.
+ */
+extern SECStatus CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
+                                                SECItem *destString);
+
+/*
+ * FUNCTION: CRMF_POPOPrivKeyGetSubseqMess
+ * INPUTS:
+ *    inKey
+ *        The POPOPrivKey to operate on.
+ *    destOpt
+ *        A pointer to where the library can place the value of the
+ *        Subsequent Message option used by POPOPrivKey.
+ *
+ * RETURN:
+ * Retrieves the field subsequentMessage from the POPOPrivKey.
+ * If the POPOPrivKey used the subsequentMessage option, the function
+ * returns SECSuccess and places the appropriate enumerated value at
+ * *destMessageOption.
+ *
+ * If the POPOPrivKey did not use the subsequenMessage option, the function
+ * returns SECFailure and the value at *destOpt is un-changed.
+ */
+extern SECStatus CRMF_POPOPrivKeyGetSubseqMess(CRMFPOPOPrivKey *inKey,
+                                               CRMFSubseqMessOptions *destOpt);
+
+/*
+ * FUNCTION: CRMF_POPOPrivKeyGetDHMAC
+ * INPUTS:
+ *    inKey
+ *        The POPOPrivKey to operate on.
+ *    destMAC
+ *        A pointer to where the library can place a copy of the dhMAC
+ *        field of the POPOPrivKey.
+ *
+ * NOTES:
+ * Returns the field dhMAC from the POPOPrivKey.  The populated SECItem
+ * is in BIT STRING format.
+ *
+ * RETURN:
+ * If the POPOPrivKey used the dhMAC option, the function returns SECSuccess
+ * and the BIT STRING for dhMAC will be placed at *destMAC.  The len field in
+ * destMAC (ie destMAC->len) will be the valid number of bits as opposed to
+ * the number of allocated bytes.
+ *
+ * If the POPOPrivKey did not use the dhMAC option, the function returns
+ * SECFailure and the value at *destMAC is unchanged.
+ *
+ */
+extern SECStatus CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey,
+                                          SECItem *destMAC);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetNumControls
+ * INPUTS:
+ *    inCertReq
+ *        The Certificate Request to operate on.
+ * RETURN:
+ * Returns the number of Controls registered with this CertRequest.
+ */
+extern int CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq);
+
+/*
+ * FUNCTION: CRMF_CertRequestGetControlAtIndex
+ * INPUTS:
+ *    inCertReq
+ *        The certificate request to operate on.
+ *    index
+ *        The index of the control the user wants a copy of.
+ * NOTES:
+ * Function retrieves the Control at located at index.  The Controls
+ * are numbered like a traditional C array (0 ... numElements-1)
+ *
+ * RETURN:
+ * Returns a copy of the control at the index specified.  This is a copy
+ * so the user must call CRMF_DestroyControl after the return value is no
+ * longer needed.  A return value of NULL indicates an error while copying
+ * the control or that the index was invalid.
+ */
+extern CRMFControl *
+CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq,
+                                  int index);
+
+/*
+ * FUNCTION: CRMF_DestroyControl
+ * INPUTS:
+ *    inControl
+ *        The Control to destroy.
+ * NOTES:
+ * Destroy a CRMFControl allocated by CRMF_GetControlAtIndex.
+ *
+ * RETURN:
+ * SECSuccess if freeing the memory was successful.  Any other return
+ * value indicates an error while freeing the memory.
+ */
+extern SECStatus CRMF_DestroyControl(CRMFControl *inControl);
+
+/*
+ * FUNCTION: CRMF_ControlGetControlType
+ * INPUTS:
+ *    inControl
+ *        The control to operate on.
+ * NOTES:
+ * The function returns an enumertion which indicates the type of control
+ * 'inControl'.
+ *
+ * RETURN:
+ * Look in crmft.h at the definition of the enumerated type CRMFControlType
+ * for the possible return values.
+ */
+extern CRMFControlType CRMF_ControlGetControlType(CRMFControl *inControl);
+
+/*
+ * FUNCTION: CRMF_ControlGetRegTokenControlValue
+ * INPUTS:
+ *    inControl
+ *        The Control to operate on.
+ * NOTES:
+ * The user must call SECITEM_FreeItem passing in the return value
+ * after the returnvalue is no longer needed.
+
+ * RETURN:
+ * Return the value for a Registration Token Control.
+ * The SECItem returned should be in UTF8 format.  A NULL
+ * return value indicates there was no Registration Control associated
+ * with the Control.
+ * (This library will not verify format.  It assumes the client properly
+ * formatted the strings when adding it or the message decoded was properly
+ * formatted.  The library will just give back the bytes it was given.)
+ */
+extern SECItem *CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl);
+
+/*
+ * FUNCTION: CRMF_ControlGetAuthenticatorControlValue
+ * INPUTS:
+ *    inControl
+ *        The Control to operate on.
+ * NOTES:
+ * The user must call SECITEM_FreeItem passing in the return value
+ * after the returnvalue is no longer needed.
+ *
+ * RETURN:
+ * Return the value for the Authenticator Control.
+ * The SECItem returned should be in UTF8 format.  A NULL
+ * return value indicates there was no Authenticator Control associated
+ * with the CRMFControl..
+ * (This library will not verify format.  It assumes the client properly
+ * formatted the strings when adding it or the message decoded was properly
+ * formatted.  The library will just give back the bytes it was given.)
+ */
+extern SECItem *CRMF_ControlGetAuthicatorControlValue(CRMFControl *inControl);
+
+/*
+ * FUNCTION: CRMF_ControlGetPKIArchiveOptions
+ * INPUTS:inControl
+ *    The Control tooperate on.
+ * NOTES:
+ * This function returns a copy of the PKIArchiveOptions.  The user must call
+ * the function CRMF_DestroyPKIArchiveOptions when the return value is no
+ * longer needed.
+ *
+ * RETURN:
+ * Get the PKIArchiveOptions associated with the Control.  A return
+ * value of NULL indicates the Control was not a PKIArchiveOptions
+ * Control.
+ */
+extern CRMFPKIArchiveOptions *
+CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl);
+
+/*
+ * FUNCTION: CMRF_DestroyPKIArchiveOptions
+ * INPUTS:
+ *    inOptions
+ *        The ArchiveOptions to destroy.
+ * NOTE:
+ * Destroy the CRMFPKIArchiveOptions structure.
+ *
+ * RETURN:
+ * SECSuccess if successful in freeing all the memory associated with
+ * the PKIArchiveOptions.  Any other return value indicates an error while
+ * freeing the PKIArchiveOptions.
+ */
+extern SECStatus
+CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inOptions);
+
+/*
+ * FUNCTION: CRMF_PKIArchiveOptionsGetOptionType
+ * INPUTS:
+ *    inOptions
+ *        The PKIArchiveOptions to operate on.
+ * RETURN:
+ * Returns the choice used for the PKIArchiveOptions.  Look at the definition
+ * of CRMFPKIArchiveOptionsType in crmft.h for possible return values.
+ */
+extern CRMFPKIArchiveOptionsType
+CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions);
+
+/*
+ * FUNCTION: CRMF_PKIArchiveOptionsGetEncryptedPrivKey
+ * INPUTS:
+ *    inOpts
+ *        The PKIArchiveOptions to operate on.
+ *
+ * NOTES:
+ * The user must call CRMF_DestroyEncryptedKey when done using this return
+ * value.
+ *
+ * RETURN:
+ * Get the encryptedPrivKey field of the PKIArchiveOptions structure.
+ * A return value of NULL indicates that encryptedPrivKey was not used as
+ * the choice for this PKIArchiveOptions.
+ */
+extern CRMFEncryptedKey *
+CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts);
+
+/*
+ * FUNCTION: CRMF_EncryptedKeyGetChoice
+ * INPUTS:
+ *    inEncrKey
+ *        The EncryptedKey to operate on.
+ *
+ * NOTES:
+ * Get the choice used for representing the EncryptedKey.
+ *
+ * RETURN:
+ * Returns the Choice used in representing the EncryptedKey.  Look in
+ * crmft.h at the definition of CRMFEncryptedKeyChoice for possible return
+ * values.
+ */
+extern CRMFEncryptedKeyChoice
+CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey);
+
+/*
+ * FUNCTION: CRMF_EncryptedKeyGetEncryptedValue
+ * INPUTS:
+ *    inKey
+ *        The EncryptedKey to operate on.
+ *
+ * NOTES:
+ * The user must call CRMF_DestroyEncryptedValue passing in
+ * CRMF_GetEncryptedValue's return value.
+ *
+ * RETURN:
+ * A pointer to a copy of the EncryptedValue contained as a member of
+ * the EncryptedKey.
+ */
+extern CRMFEncryptedValue *
+CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inKey);
+
+/*
+ * FUNCTION: CRMF_DestroyEncryptedValue
+ * INPUTS:
+ *    inEncrValue
+ *        The EncryptedValue to destroy.
+ *
+ * NOTES:
+ * Free up all memory associated with 'inEncrValue'.
+ *
+ * RETURN:
+ * SECSuccess if freeing up the memory associated with the EncryptedValue
+ * is successful. Any other return value indicates an error while freeing the
+ * memory.
+ */
+extern SECStatus CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue);
+
+/*
+ * FUNCTION: CRMF_EncryptedValueGetEncValue
+ * INPUTS:
+ *    inEncValue
+ *        The EncryptedValue to operate on.
+ * NOTES:
+ * Function retrieves the encValue from an EncryptedValue structure.
+ *
+ * RETURN:
+ * A poiner to a SECItem containing the encValue of the EncryptedValue
+ * structure.  The return value is in BIT STRING format, meaning the
+ * len field of the return structure represents the number of valid bits
+ * as opposed to the allocated number of bytes.
+ * ANULL return value indicates an error in copying the encValue field.
+ */
+extern SECItem *CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncValue);
+
+/*
+ * FUNCTION: CRMF_EncryptedValueGetIntendedAlg
+ * INPUTS
+ *    inEncValue
+ *        The EncryptedValue to operate on.
+ * NOTES:
+ * Retrieve the IntendedAlg field from the EncryptedValue structure.
+ * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
+ * the return value.  When present, this alogorithm is the alogrithm for
+ * which the private key will be used.
+ *
+ * RETURN:
+ * A Copy of the intendedAlg field.  A NULL return value indicates the
+ * optional field was not present in the structure.
+ */
+extern SECAlgorithmID *
+CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue);
+
+/*
+ * FUNCTION: CRMF_EncryptedValueGetSymmAlg
+ * INPUTS
+ *    inEncValue
+ *        The EncryptedValue to operate on.
+ * NOTES:
+ * Retrieve the symmAlg field from the EncryptedValue structure.
+ * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
+ * the return value.  When present, this is algorithm used to
+ * encrypt the encValue of the EncryptedValue.
+ *
+ * RETURN:
+ * A Copy of the symmAlg field.  A NULL return value indicates the
+ * optional field was not present in the structure.
+ */
+extern SECAlgorithmID *
+CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue);
+
+/*
+ * FUNCTION: CRMF_EncryptedValueGetKeyAlg
+ * INPUTS
+ *    inEncValue
+ *        The EncryptedValue to operate on.
+ * NOTES:
+ * Retrieve the keyAlg field from the EncryptedValue structure.
+ * Call SECOID_DestroyAlgorithmID (destAlgID, PR_TRUE) after done using
+ * the return value.  When present, this is the algorithm used to encrypt
+ * the symmetric key in the encSymmKey field of the EncryptedValue structure.
+ *
+ * RETURN:
+ * A Copy of the keyAlg field.  A NULL return value indicates the
+ * optional field was not present in the structure.
+ */
+extern SECAlgorithmID *
+CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue);
+
+/*
+ * FUNCTION: CRMF_EncryptedValueGetValueHint
+ * INPUTS:
+ *    inEncValue
+ *        The EncryptedValue to operate on.
+ *
+ * NOTES:
+ * Return a copy of the der-encoded value hint.
+ * User must call SECITEM_FreeItem(retVal, PR_TRUE) when done using the
+ * return value.  When, present, this is a value that the client which
+ * originally issued a certificate request can use to reproduce any data
+ * it wants.  The RA does not know how to interpret this data.
+ *
+ * RETURN:
+ * A copy of the valueHint field of the EncryptedValue.  A NULL return
+ * value indicates the optional valueHint field is not present in the
+ * EncryptedValue.
+ */
+extern SECItem *
+CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue);
+
+/*
+ * FUNCTION: CRMF_EncrypteValueGetEncSymmKey
+ * INPUTS:
+ *    inEncValue
+ *        The EncryptedValue to operate on.
+ *
+ * NOTES:
+ * Return a copy of the encSymmKey field. This field is the encrypted
+ * symmetric key that the client uses in doing Public Key wrap of a private
+ * key.  When present, this is the symmetric key that was used to wrap the
+ * private key.  (The encrypted private key will be stored in encValue
+ * of the same EncryptedValue structure.)  The user must call
+ * SECITEM_FreeItem(retVal, PR_TRUE) when the return value is no longer
+ * needed.
+ *
+ * RETURN:
+ * A copy of the optional encSymmKey field of the EncryptedValue structure.
+ * The return value will be in BIT STRING format, meaning the len field will
+ * be the number of valid bits as opposed to the number of bytes. A return
+ * value of NULL means the optional encSymmKey field was not present in
+ * the EncryptedValue structure.
+ */
+extern SECItem *
+CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue);
+
+/*
+ * FUNCTION: CRMF_PKIArchiveOptionsGetKeyGenParameters
+ * INPUTS:
+ *    inOptions
+ *        The PKiArchiveOptions to operate on.
+ *
+ * NOTES:
+ * User must call SECITEM_FreeItem(retVal, PR_TRUE) after the return
+ * value is no longer needed.
+ *
+ * RETURN:
+ * Get the keyGenParameters field of the PKIArchiveOptions.
+ * A NULL return value indicates that keyGenParameters was not
+ * used as the choice for this PKIArchiveOptions.
+ *
+ * The SECItem returned is in BIT STRING format (ie, the len field indicates
+ * number of valid bits as opposed to allocated number of bytes.)
+ */
+extern SECItem *
+CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions);
+
+/*
+ * FUNCTION: CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey
+ * INPUTS:
+ *    inOpt
+ *        The PKIArchiveOptions to operate on.
+ *    destVal
+ *        A pointer to where the library can place the value for
+ *        arciveRemGenPrivKey
+ * RETURN:
+ * If the PKIArchiveOptions used the archiveRemGenPrivKey field, the
+ * function returns SECSuccess and fills the value at *destValue with either
+ * PR_TRUE or PR_FALSE, depending on what the PKIArchiveOptions has as a
+ * value.
+ *
+ * If the PKIArchiveOptions does not use the archiveRemGenPrivKey field, the
+ * function returns SECFailure and the value at *destValue is unchanged.
+ */
+extern SECStatus
+CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
+                                              PRBool *destVal);
+
+/* Helper functions that can be used by other libraries. */
+/*
+ * A quick helper function to get the best wrap mechanism.
+ */
+extern CK_MECHANISM_TYPE CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot);
+
+/*
+ * A helper function to get a randomly generated IV from a mechanism
+ * type.
+ */
+extern SECItem *CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType);
+
+SEC_END_PROTOS
+#endif /*_CRMF_H_*/
diff --git a/nss/lib/crmf/crmfcont.c b/nss/lib/crmf/crmfcont.c
new file mode 100644
index 0000000..5df2bd8
--- /dev/null
+++ b/nss/lib/crmf/crmfcont.c
@@ -0,0 +1,1161 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "crmf.h"
+#include "crmfi.h"
+#include "pk11func.h"
+#include "keyhi.h"
+#include "secoid.h"
+
+static SECStatus
+crmf_modify_control_array(CRMFCertRequest *inCertReq, int count)
+{
+    if (count > 0) {
+        void *dummy = PORT_Realloc(inCertReq->controls,
+                                   sizeof(CRMFControl *) * (count + 2));
+        if (dummy == NULL) {
+            return SECFailure;
+        }
+        inCertReq->controls = dummy;
+    } else {
+        inCertReq->controls = PORT_ZNewArray(CRMFControl *, 2);
+    }
+    return (inCertReq->controls == NULL) ? SECFailure : SECSuccess;
+}
+
+static SECStatus
+crmf_add_new_control(CRMFCertRequest *inCertReq, SECOidTag inTag,
+                     CRMFControl **destControl)
+{
+    SECOidData *oidData;
+    SECStatus rv;
+    PLArenaPool *poolp;
+    int numControls = 0;
+    CRMFControl *newControl;
+    CRMFControl **controls;
+    void *mark;
+
+    poolp = inCertReq->poolp;
+    if (poolp == NULL) {
+        return SECFailure;
+    }
+    mark = PORT_ArenaMark(poolp);
+    if (inCertReq->controls != NULL) {
+        while (inCertReq->controls[numControls] != NULL)
+            numControls++;
+    }
+    rv = crmf_modify_control_array(inCertReq, numControls);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    controls = inCertReq->controls;
+    oidData = SECOID_FindOIDByTag(inTag);
+    newControl = *destControl = PORT_ArenaZNew(poolp, CRMFControl);
+    if (newControl == NULL) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(poolp, &newControl->derTag, &oidData->oid);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    newControl->tag = inTag;
+    controls[numControls] = newControl;
+    controls[numControls + 1] = NULL;
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    *destControl = NULL;
+    return SECFailure;
+}
+
+static SECStatus
+crmf_add_secitem_control(CRMFCertRequest *inCertReq, SECItem *value,
+                         SECOidTag inTag)
+{
+    SECStatus rv;
+    CRMFControl *newControl;
+    void *mark;
+
+    rv = crmf_add_new_control(inCertReq, inTag, &newControl);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    mark = PORT_ArenaMark(inCertReq->poolp);
+    rv = SECITEM_CopyItem(inCertReq->poolp, &newControl->derValue, value);
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(inCertReq->poolp, mark);
+        return rv;
+    }
+    PORT_ArenaUnmark(inCertReq->poolp, mark);
+    return SECSuccess;
+}
+
+SECStatus
+CRMF_CertRequestSetRegTokenControl(CRMFCertRequest *inCertReq, SECItem *value)
+{
+    return crmf_add_secitem_control(inCertReq, value,
+                                    SEC_OID_PKIX_REGCTRL_REGTOKEN);
+}
+
+SECStatus
+CRMF_CertRequestSetAuthenticatorControl(CRMFCertRequest *inCertReq,
+                                        SECItem *value)
+{
+    return crmf_add_secitem_control(inCertReq, value,
+                                    SEC_OID_PKIX_REGCTRL_AUTHENTICATOR);
+}
+
+SECStatus
+crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue, PRBool freeit)
+{
+    if (inEncrValue != NULL) {
+        if (inEncrValue->intendedAlg) {
+            SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE);
+            inEncrValue->intendedAlg = NULL;
+        }
+        if (inEncrValue->symmAlg) {
+            SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE);
+            inEncrValue->symmAlg = NULL;
+        }
+        if (inEncrValue->encSymmKey.data) {
+            PORT_Free(inEncrValue->encSymmKey.data);
+            inEncrValue->encSymmKey.data = NULL;
+        }
+        if (inEncrValue->keyAlg) {
+            SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE);
+            inEncrValue->keyAlg = NULL;
+        }
+        if (inEncrValue->valueHint.data) {
+            PORT_Free(inEncrValue->valueHint.data);
+            inEncrValue->valueHint.data = NULL;
+        }
+        if (inEncrValue->encValue.data) {
+            PORT_Free(inEncrValue->encValue.data);
+            inEncrValue->encValue.data = NULL;
+        }
+        if (freeit) {
+            PORT_Free(inEncrValue);
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CRMF_DestroyEncryptedValue(CRMFEncryptedValue *inEncrValue)
+{
+    return crmf_destroy_encrypted_value(inEncrValue, PR_TRUE);
+}
+
+SECStatus
+crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
+                                SECAlgorithmID *srcAlgId,
+                                SECAlgorithmID **destAlgId)
+{
+    SECAlgorithmID *newAlgId;
+    SECStatus rv;
+
+    newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) : PORT_ZNew(SECAlgorithmID);
+    if (newAlgId == NULL) {
+        return SECFailure;
+    }
+
+    rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
+    if (rv != SECSuccess) {
+        if (!poolp) {
+            SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
+        }
+        return rv;
+    }
+    *destAlgId = newAlgId;
+
+    return rv;
+}
+
+SECStatus
+crmf_copy_encryptedvalue(PLArenaPool *poolp,
+                         CRMFEncryptedValue *srcValue,
+                         CRMFEncryptedValue *destValue)
+{
+    SECStatus rv;
+
+    if (srcValue->intendedAlg != NULL) {
+        rv = crmf_copy_encryptedvalue_secalg(poolp,
+                                             srcValue->intendedAlg,
+                                             &destValue->intendedAlg);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcValue->symmAlg != NULL) {
+        rv = crmf_copy_encryptedvalue_secalg(poolp,
+                                             srcValue->symmAlg,
+                                             &destValue->symmAlg);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcValue->encSymmKey.data != NULL) {
+        rv = crmf_make_bitstring_copy(poolp,
+                                      &destValue->encSymmKey,
+                                      &srcValue->encSymmKey);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcValue->keyAlg != NULL) {
+        rv = crmf_copy_encryptedvalue_secalg(poolp,
+                                             srcValue->keyAlg,
+                                             &destValue->keyAlg);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcValue->valueHint.data != NULL) {
+        rv = SECITEM_CopyItem(poolp,
+                              &destValue->valueHint,
+                              &srcValue->valueHint);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcValue->encValue.data != NULL) {
+        rv = crmf_make_bitstring_copy(poolp,
+                                      &destValue->encValue,
+                                      &srcValue->encValue);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    return SECSuccess;
+loser:
+    if (poolp == NULL && destValue != NULL) {
+        crmf_destroy_encrypted_value(destValue, PR_FALSE);
+    }
+    return SECFailure;
+}
+
+SECStatus
+crmf_copy_encryptedkey(PLArenaPool *poolp,
+                       CRMFEncryptedKey *srcEncrKey,
+                       CRMFEncryptedKey *destEncrKey)
+{
+    SECStatus rv;
+    void *mark = NULL;
+
+    if (poolp != NULL) {
+        mark = PORT_ArenaMark(poolp);
+    }
+
+    switch (srcEncrKey->encKeyChoice) {
+        case crmfEncryptedValueChoice:
+            rv = crmf_copy_encryptedvalue(poolp,
+                                          &srcEncrKey->value.encryptedValue,
+                                          &destEncrKey->value.encryptedValue);
+            break;
+        case crmfEnvelopedDataChoice:
+            destEncrKey->value.envelopedData =
+                SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData);
+            rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess : SECFailure;
+            break;
+        default:
+            rv = SECFailure;
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    destEncrKey->encKeyChoice = srcEncrKey->encKeyChoice;
+    if (mark) {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+    return SECSuccess;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(poolp, mark);
+    }
+    return SECFailure;
+}
+
+static CRMFPKIArchiveOptions *
+crmf_create_encr_pivkey_option(CRMFEncryptedKey *inEncryptedKey)
+{
+    CRMFPKIArchiveOptions *newArchOpt;
+    SECStatus rv;
+
+    newArchOpt = PORT_ZNew(CRMFPKIArchiveOptions);
+    if (newArchOpt == NULL) {
+        goto loser;
+    }
+
+    rv = crmf_copy_encryptedkey(NULL, inEncryptedKey,
+                                &newArchOpt->option.encryptedKey);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    newArchOpt->archOption = crmfEncryptedPrivateKey;
+    return newArchOpt;
+loser:
+    if (newArchOpt != NULL) {
+        CRMF_DestroyPKIArchiveOptions(newArchOpt);
+    }
+    return NULL;
+}
+
+static CRMFPKIArchiveOptions *
+crmf_create_keygen_param_option(SECItem *inKeyGenParams)
+{
+    CRMFPKIArchiveOptions *newArchOptions;
+    SECStatus rv;
+
+    newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
+    if (newArchOptions == NULL) {
+        goto loser;
+    }
+    newArchOptions->archOption = crmfKeyGenParameters;
+    rv = SECITEM_CopyItem(NULL, &newArchOptions->option.keyGenParameters,
+                          inKeyGenParams);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newArchOptions;
+loser:
+    if (newArchOptions != NULL) {
+        CRMF_DestroyPKIArchiveOptions(newArchOptions);
+    }
+    return NULL;
+}
+
+static CRMFPKIArchiveOptions *
+crmf_create_arch_rem_gen_privkey(PRBool archiveRemGenPrivKey)
+{
+    unsigned char value;
+    SECItem *dummy;
+    CRMFPKIArchiveOptions *newArchOptions;
+
+    value = (archiveRemGenPrivKey) ? hexTrue : hexFalse;
+    newArchOptions = PORT_ZNew(CRMFPKIArchiveOptions);
+    if (newArchOptions == NULL) {
+        goto loser;
+    }
+    dummy = SEC_ASN1EncodeItem(NULL,
+                               &newArchOptions->option.archiveRemGenPrivKey,
+                               &value, SEC_ASN1_GET(SEC_BooleanTemplate));
+    PORT_Assert(dummy == &newArchOptions->option.archiveRemGenPrivKey);
+    if (dummy != &newArchOptions->option.archiveRemGenPrivKey) {
+        SECITEM_FreeItem(dummy, PR_TRUE);
+        goto loser;
+    }
+    newArchOptions->archOption = crmfArchiveRemGenPrivKey;
+    return newArchOptions;
+loser:
+    if (newArchOptions != NULL) {
+        CRMF_DestroyPKIArchiveOptions(newArchOptions);
+    }
+    return NULL;
+}
+
+CRMFPKIArchiveOptions *
+CRMF_CreatePKIArchiveOptions(CRMFPKIArchiveOptionsType inType, void *data)
+{
+    CRMFPKIArchiveOptions *retOptions;
+
+    PORT_Assert(data != NULL);
+    if (data == NULL) {
+        return NULL;
+    }
+    switch (inType) {
+        case crmfEncryptedPrivateKey:
+            retOptions = crmf_create_encr_pivkey_option((CRMFEncryptedKey *)data);
+            break;
+        case crmfKeyGenParameters:
+            retOptions = crmf_create_keygen_param_option((SECItem *)data);
+            break;
+        case crmfArchiveRemGenPrivKey:
+            retOptions = crmf_create_arch_rem_gen_privkey(*(PRBool *)data);
+            break;
+        default:
+            retOptions = NULL;
+    }
+    return retOptions;
+}
+
+static SECStatus
+crmf_destroy_encrypted_key(CRMFEncryptedKey *inEncrKey, PRBool freeit)
+{
+    PORT_Assert(inEncrKey != NULL);
+    if (inEncrKey != NULL) {
+        switch (inEncrKey->encKeyChoice) {
+            case crmfEncryptedValueChoice:
+                crmf_destroy_encrypted_value(&inEncrKey->value.encryptedValue,
+                                             PR_FALSE);
+                break;
+            case crmfEnvelopedDataChoice:
+                SEC_PKCS7DestroyContentInfo(inEncrKey->value.envelopedData);
+                break;
+            default:
+                break;
+        }
+        if (freeit) {
+            PORT_Free(inEncrKey);
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
+                               PRBool freeit)
+{
+    PORT_Assert(inArchOptions != NULL);
+    if (inArchOptions != NULL) {
+        switch (inArchOptions->archOption) {
+            case crmfEncryptedPrivateKey:
+                crmf_destroy_encrypted_key(&inArchOptions->option.encryptedKey,
+                                           PR_FALSE);
+                break;
+            case crmfKeyGenParameters:
+            case crmfArchiveRemGenPrivKey:
+                /* This is a union, so having a pointer to one is like
+                 * having a pointer to both.
+                 */
+                SECITEM_FreeItem(&inArchOptions->option.keyGenParameters,
+                                 PR_FALSE);
+                break;
+            case crmfNoArchiveOptions:
+                break;
+        }
+        if (freeit) {
+            PORT_Free(inArchOptions);
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CRMF_DestroyPKIArchiveOptions(CRMFPKIArchiveOptions *inArchOptions)
+{
+    return crmf_destroy_pkiarchiveoptions(inArchOptions, PR_TRUE);
+}
+
+static CK_MECHANISM_TYPE
+crmf_get_non_pad_mechanism(CK_MECHANISM_TYPE type)
+{
+    switch (type) {
+        case CKM_DES3_CBC_PAD:
+            return CKM_DES3_CBC;
+        case CKM_CAST5_CBC_PAD:
+            return CKM_CAST5_CBC;
+        case CKM_DES_CBC_PAD:
+            return CKM_DES_CBC;
+        case CKM_IDEA_CBC_PAD:
+            return CKM_IDEA_CBC;
+        case CKM_CAST3_CBC_PAD:
+            return CKM_CAST3_CBC;
+        case CKM_CAST_CBC_PAD:
+            return CKM_CAST_CBC;
+        case CKM_RC5_CBC_PAD:
+            return CKM_RC5_CBC;
+        case CKM_RC2_CBC_PAD:
+            return CKM_RC2_CBC;
+        case CKM_CDMF_CBC_PAD:
+            return CKM_CDMF_CBC;
+    }
+    return type;
+}
+
+static CK_MECHANISM_TYPE
+crmf_get_pad_mech_from_tag(SECOidTag oidTag)
+{
+    CK_MECHANISM_TYPE mechType;
+    SECOidData *oidData;
+
+    oidData = SECOID_FindOIDByTag(oidTag);
+    mechType = (CK_MECHANISM_TYPE)oidData->mechanism;
+    return PK11_GetPadMechanism(mechType);
+}
+
+static CK_MECHANISM_TYPE
+crmf_get_best_privkey_wrap_mechanism(PK11SlotInfo *slot)
+{
+    CK_MECHANISM_TYPE privKeyPadMechs[] = { CKM_DES3_CBC_PAD,
+                                            CKM_CAST5_CBC_PAD,
+                                            CKM_DES_CBC_PAD,
+                                            CKM_IDEA_CBC_PAD,
+                                            CKM_CAST3_CBC_PAD,
+                                            CKM_CAST_CBC_PAD,
+                                            CKM_RC5_CBC_PAD,
+                                            CKM_RC2_CBC_PAD,
+                                            CKM_CDMF_CBC_PAD };
+    int mechCount = sizeof(privKeyPadMechs) / sizeof(privKeyPadMechs[0]);
+    int i;
+
+    for (i = 0; i < mechCount; i++) {
+        if (PK11_DoesMechanism(slot, privKeyPadMechs[i])) {
+            return privKeyPadMechs[i];
+        }
+    }
+    return CKM_INVALID_MECHANISM;
+}
+
+CK_MECHANISM_TYPE
+CRMF_GetBestWrapPadMechanism(PK11SlotInfo *slot)
+{
+    return crmf_get_best_privkey_wrap_mechanism(slot);
+}
+
+static SECItem *
+crmf_get_iv(CK_MECHANISM_TYPE mechType)
+{
+    int iv_size = PK11_GetIVLength(mechType);
+    SECItem *iv;
+    SECStatus rv;
+
+    iv = PORT_ZNew(SECItem);
+    if (iv == NULL) {
+        return NULL;
+    }
+    if (iv_size == 0) {
+        iv->data = NULL;
+        iv->len = 0;
+        return iv;
+    }
+    iv->data = PORT_NewArray(unsigned char, iv_size);
+    if (iv->data == NULL) {
+        iv->len = 0;
+        return iv;
+    }
+    iv->len = iv_size;
+    rv = PK11_GenerateRandom(iv->data, iv->len);
+    if (rv != SECSuccess) {
+        PORT_Free(iv->data);
+        iv->data = NULL;
+        iv->len = 0;
+    }
+    return iv;
+}
+
+SECItem *
+CRMF_GetIVFromMechanism(CK_MECHANISM_TYPE mechType)
+{
+    return crmf_get_iv(mechType);
+}
+
+CK_MECHANISM_TYPE
+crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey)
+{
+    CERTSubjectPublicKeyInfo *spki = NULL;
+    SECOidTag tag;
+
+    spki = SECKEY_CreateSubjectPublicKeyInfo(inPubKey);
+    if (spki == NULL) {
+        return CKM_INVALID_MECHANISM;
+    }
+    tag = SECOID_FindOIDTag(&spki->algorithm.algorithm);
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+    spki = NULL;
+    return PK11_AlgtagToMechanism(tag);
+}
+
+SECItem *
+crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest)
+{
+    SECItem *src;
+
+    switch (pubKey->keyType) {
+        case dsaKey:
+            src = &pubKey->u.dsa.publicValue;
+            break;
+        case rsaKey:
+            src = &pubKey->u.rsa.modulus;
+            break;
+        case dhKey:
+            src = &pubKey->u.dh.publicValue;
+            break;
+        default:
+            src = NULL;
+            break;
+    }
+    if (!src) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (dest != NULL) {
+        SECStatus rv = SECITEM_CopyItem(NULL, dest, src);
+        if (rv != SECSuccess) {
+            dest = NULL;
+        }
+    } else {
+        dest = SECITEM_ArenaDupItem(NULL, src);
+    }
+    return dest;
+}
+
+static SECItem *
+crmf_decode_params(SECItem *inParams)
+{
+    SECItem *params;
+    SECStatus rv = SECFailure;
+    PLArenaPool *poolp;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+
+    params = PORT_ArenaZNew(poolp, SECItem);
+    if (params) {
+        rv = SEC_ASN1DecodeItem(poolp, params,
+                                SEC_ASN1_GET(SEC_OctetStringTemplate),
+                                inParams);
+    }
+    params = (rv == SECSuccess) ? SECITEM_ArenaDupItem(NULL, params) : NULL;
+    PORT_FreeArena(poolp, PR_FALSE);
+    return params;
+}
+
+static int
+crmf_get_key_size_from_mech(CK_MECHANISM_TYPE mechType)
+{
+    CK_MECHANISM_TYPE keyGen = PK11_GetKeyGen(mechType);
+
+    switch (keyGen) {
+        case CKM_CDMF_KEY_GEN:
+        case CKM_DES_KEY_GEN:
+            return 8;
+        case CKM_DES2_KEY_GEN:
+            return 16;
+        case CKM_DES3_KEY_GEN:
+            return 24;
+    }
+    return 0;
+}
+
+SECStatus
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
+                                     CRMFEncryptedValue *encValue,
+                                     SECKEYPrivateKey *privKey,
+                                     SECKEYPublicKey *newPubKey,
+                                     SECItem *nickname,
+                                     PK11SlotInfo *slot,
+                                     unsigned char keyUsage,
+                                     SECKEYPrivateKey **unWrappedKey,
+                                     void *wincx)
+{
+    PK11SymKey *wrappingKey = NULL;
+    CK_MECHANISM_TYPE wrapMechType;
+    SECOidTag oidTag;
+    SECItem *params = NULL, *publicValue = NULL;
+    int keySize, origLen;
+    CK_KEY_TYPE keyType;
+    CK_ATTRIBUTE_TYPE *usage = NULL;
+    CK_ATTRIBUTE_TYPE rsaUsage[] = {
+        CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER
+    };
+    CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN };
+    CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE };
+    int usageCount = 0;
+
+    oidTag = SECOID_GetAlgorithmTag(encValue->symmAlg);
+    wrapMechType = crmf_get_pad_mech_from_tag(oidTag);
+    keySize = crmf_get_key_size_from_mech(wrapMechType);
+    wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey,
+                                       wrapMechType, CKA_UNWRAP, keySize);
+    if (wrappingKey == NULL) {
+        goto loser;
+    } /* Make the length a byte length instead of bit length*/
+    params = (encValue->symmAlg != NULL) ? crmf_decode_params(&encValue->symmAlg->parameters)
+                                         : NULL;
+    origLen = encValue->encValue.len;
+    encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen);
+    publicValue = crmf_get_public_value(newPubKey, NULL);
+    switch (newPubKey->keyType) {
+        default:
+        case rsaKey:
+            keyType = CKK_RSA;
+            switch (keyUsage & (KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE)) {
+                case KU_KEY_ENCIPHERMENT:
+                    usage = rsaUsage;
+                    usageCount = 2;
+                    break;
+                case KU_DIGITAL_SIGNATURE:
+                    usage = &rsaUsage[2];
+                    usageCount = 2;
+                    break;
+                case KU_KEY_ENCIPHERMENT |
+                    KU_DIGITAL_SIGNATURE:
+                case 0: /* default to everything */
+                    usage = rsaUsage;
+                    usageCount = 4;
+                    break;
+            }
+            break;
+        case dhKey:
+            keyType = CKK_DH;
+            usage = dhUsage;
+            usageCount = sizeof(dhUsage) / sizeof(dhUsage[0]);
+            break;
+        case dsaKey:
+            keyType = CKK_DSA;
+            usage = dsaUsage;
+            usageCount = sizeof(dsaUsage) / sizeof(dsaUsage[0]);
+            break;
+    }
+    PORT_Assert(usage != NULL);
+    PORT_Assert(usageCount != 0);
+    *unWrappedKey = PK11_UnwrapPrivKey(slot, wrappingKey, wrapMechType, params,
+                                       &encValue->encValue, nickname,
+                                       publicValue, PR_TRUE, PR_TRUE,
+                                       keyType, usage, usageCount, wincx);
+    encValue->encValue.len = origLen;
+    if (*unWrappedKey == NULL) {
+        goto loser;
+    }
+    SECITEM_FreeItem(publicValue, PR_TRUE);
+    if (params != NULL) {
+        SECITEM_FreeItem(params, PR_TRUE);
+    }
+    PK11_FreeSymKey(wrappingKey);
+    return SECSuccess;
+loser:
+    *unWrappedKey = NULL;
+    return SECFailure;
+}
+
+CRMFEncryptedValue *
+crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
+                                            SECKEYPublicKey *inCAKey,
+                                            CRMFEncryptedValue *destValue)
+{
+    SECItem wrappedPrivKey, wrappedSymKey;
+    SECItem encodedParam, *dummy;
+    SECStatus rv;
+    CK_MECHANISM_TYPE pubMechType, symKeyType;
+    unsigned char *wrappedSymKeyBits;
+    unsigned char *wrappedPrivKeyBits;
+    SECItem *iv = NULL;
+    SECOidTag tag;
+    PK11SymKey *symKey;
+    PK11SlotInfo *slot;
+    SECAlgorithmID *symmAlg;
+    CRMFEncryptedValue *myEncrValue = NULL;
+
+    encodedParam.data = NULL;
+    wrappedSymKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
+    wrappedPrivKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
+    if (wrappedSymKeyBits == NULL || wrappedPrivKeyBits == NULL) {
+        goto loser;
+    }
+    if (destValue == NULL) {
+        myEncrValue = destValue = PORT_ZNew(CRMFEncryptedValue);
+        if (destValue == NULL) {
+            goto loser;
+        }
+    }
+
+    pubMechType = crmf_get_mechanism_from_public_key(inCAKey);
+    if (pubMechType == CKM_INVALID_MECHANISM) {
+        /* XXX I should probably do something here for non-RSA
+         *     keys that are in certs. (ie DSA)
+         * XXX or at least SET AN ERROR CODE.
+         */
+        goto loser;
+    }
+    slot = inPrivKey->pkcs11Slot;
+    PORT_Assert(slot != NULL);
+    symKeyType = crmf_get_best_privkey_wrap_mechanism(slot);
+    symKey = PK11_KeyGen(slot, symKeyType, NULL, 0, NULL);
+    if (symKey == NULL) {
+        goto loser;
+    }
+
+    wrappedSymKey.data = wrappedSymKeyBits;
+    wrappedSymKey.len = MAX_WRAPPED_KEY_LEN;
+    rv = PK11_PubWrapSymKey(pubMechType, inCAKey, symKey, &wrappedSymKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* Make the length of the result a Bit String length. */
+    wrappedSymKey.len <<= 3;
+
+    wrappedPrivKey.data = wrappedPrivKeyBits;
+    wrappedPrivKey.len = MAX_WRAPPED_KEY_LEN;
+    iv = crmf_get_iv(symKeyType);
+    rv = PK11_WrapPrivKey(slot, symKey, inPrivKey, symKeyType, iv,
+                          &wrappedPrivKey, NULL);
+    PK11_FreeSymKey(symKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* Make the length of the result a Bit String length. */
+    wrappedPrivKey.len <<= 3;
+    rv = crmf_make_bitstring_copy(NULL,
+                                  &destValue->encValue,
+                                  &wrappedPrivKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = crmf_make_bitstring_copy(NULL,
+                                  &destValue->encSymmKey,
+                                  &wrappedSymKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    destValue->symmAlg = symmAlg = PORT_ZNew(SECAlgorithmID);
+    if (symmAlg == NULL) {
+        goto loser;
+    }
+
+    dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv,
+                               SEC_ASN1_GET(SEC_OctetStringTemplate));
+    if (dummy != &encodedParam) {
+        SECITEM_FreeItem(dummy, PR_TRUE);
+        goto loser;
+    }
+
+    symKeyType = crmf_get_non_pad_mechanism(symKeyType);
+    tag = PK11_MechanismToAlgtag(symKeyType);
+    rv = SECOID_SetAlgorithmID(NULL, symmAlg, tag, &encodedParam);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    SECITEM_FreeItem(&encodedParam, PR_FALSE);
+    PORT_Free(wrappedPrivKeyBits);
+    PORT_Free(wrappedSymKeyBits);
+    SECITEM_FreeItem(iv, PR_TRUE);
+    return destValue;
+loser:
+    if (iv != NULL) {
+        SECITEM_FreeItem(iv, PR_TRUE);
+    }
+    if (myEncrValue != NULL) {
+        crmf_destroy_encrypted_value(myEncrValue, PR_TRUE);
+    }
+    if (wrappedSymKeyBits != NULL) {
+        PORT_Free(wrappedSymKeyBits);
+    }
+    if (wrappedPrivKeyBits != NULL) {
+        PORT_Free(wrappedPrivKeyBits);
+    }
+    if (encodedParam.data != NULL) {
+        SECITEM_FreeItem(&encodedParam, PR_FALSE);
+    }
+    return NULL;
+}
+
+CRMFEncryptedKey *
+CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
+                                          CERTCertificate *inCACert)
+{
+    SECKEYPublicKey *caPubKey = NULL;
+    CRMFEncryptedKey *encKey = NULL;
+
+    PORT_Assert(inPrivKey != NULL && inCACert != NULL);
+    if (inPrivKey == NULL || inCACert == NULL) {
+        return NULL;
+    }
+
+    caPubKey = CERT_ExtractPublicKey(inCACert);
+    if (caPubKey == NULL) {
+        goto loser;
+    }
+
+    encKey = PORT_ZNew(CRMFEncryptedKey);
+    if (encKey == NULL) {
+        goto loser;
+    }
+#ifdef DEBUG
+    {
+        CRMFEncryptedValue *dummy =
+            crmf_create_encrypted_value_wrapped_privkey(
+                inPrivKey, caPubKey, &encKey->value.encryptedValue);
+        PORT_Assert(dummy == &encKey->value.encryptedValue);
+    }
+#else
+    crmf_create_encrypted_value_wrapped_privkey(
+        inPrivKey, caPubKey, &encKey->value.encryptedValue);
+#endif
+    /* We won't add the der value here, but rather when it
+     * becomes part of a certificate request.
+     */
+    SECKEY_DestroyPublicKey(caPubKey);
+    encKey->encKeyChoice = crmfEncryptedValueChoice;
+    return encKey;
+loser:
+    if (encKey != NULL) {
+        CRMF_DestroyEncryptedKey(encKey);
+    }
+    if (caPubKey != NULL) {
+        SECKEY_DestroyPublicKey(caPubKey);
+    }
+    return NULL;
+}
+
+SECStatus
+CRMF_DestroyEncryptedKey(CRMFEncryptedKey *inEncrKey)
+{
+    return crmf_destroy_encrypted_key(inEncrKey, PR_TRUE);
+}
+
+SECStatus
+crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
+                            CRMFPKIArchiveOptions *destOpt,
+                            CRMFPKIArchiveOptions *srcOpt)
+{
+    SECStatus rv;
+    destOpt->archOption = srcOpt->archOption;
+    switch (srcOpt->archOption) {
+        case crmfEncryptedPrivateKey:
+            rv = crmf_copy_encryptedkey(poolp,
+                                        &srcOpt->option.encryptedKey,
+                                        &destOpt->option.encryptedKey);
+            break;
+        case crmfKeyGenParameters:
+        case crmfArchiveRemGenPrivKey:
+            /* We've got a union, so having a pointer to one is just
+             * like having a pointer to the other one.
+             */
+            rv = SECITEM_CopyItem(poolp,
+                                  &destOpt->option.keyGenParameters,
+                                  &srcOpt->option.keyGenParameters);
+            break;
+        default:
+            rv = SECFailure;
+    }
+    return rv;
+}
+
+static SECStatus
+crmf_check_and_adjust_archoption(CRMFControl *inControl)
+{
+    CRMFPKIArchiveOptions *options;
+
+    options = &inControl->value.archiveOptions;
+    if (options->archOption == crmfNoArchiveOptions) {
+        /* It hasn't been set, so figure it out from the
+         * der.
+         */
+        switch (inControl->derValue.data[0] & 0x0f) {
+            case 0:
+                options->archOption = crmfEncryptedPrivateKey;
+                break;
+            case 1:
+                options->archOption = crmfKeyGenParameters;
+                break;
+            case 2:
+                options->archOption = crmfArchiveRemGenPrivKey;
+                break;
+            default:
+                /* We've got bad DER.  Return an error. */
+                return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+static const SEC_ASN1Template *
+crmf_get_pkiarchive_subtemplate(CRMFControl *inControl)
+{
+    const SEC_ASN1Template *retTemplate;
+    SECStatus rv;
+    /*
+     * We could be in the process of decoding, in which case the
+     * archOption field will not be set.  Let's check it and set
+     * it accordingly.
+     */
+
+    rv = crmf_check_and_adjust_archoption(inControl);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    switch (inControl->value.archiveOptions.archOption) {
+        case crmfEncryptedPrivateKey:
+            retTemplate = CRMFEncryptedKeyWithEncryptedValueTemplate;
+            inControl->value.archiveOptions.option.encryptedKey.encKeyChoice =
+                crmfEncryptedValueChoice;
+            break;
+        default:
+            retTemplate = NULL;
+    }
+    return retTemplate;
+}
+
+const SEC_ASN1Template *
+crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl)
+{
+    const SEC_ASN1Template *retTemplate;
+
+    switch (inControl->tag) {
+        case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+        case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+            retTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
+            break;
+        case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+            retTemplate = crmf_get_pkiarchive_subtemplate(inControl);
+            break;
+        case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+        case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+        case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+            /* We don't support these controls, so we fail for now.*/
+            retTemplate = NULL;
+            break;
+        default:
+            retTemplate = NULL;
+    }
+    return retTemplate;
+}
+
+static SECStatus
+crmf_encode_pkiarchiveoptions(PLArenaPool *poolp, CRMFControl *inControl)
+{
+    const SEC_ASN1Template *asn1Template;
+
+    asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
+    /* We've got a union, so passing a pointer to one element of the
+     * union, is the same as passing a pointer to any of the other
+     * members of the union.
+     */
+    SEC_ASN1EncodeItem(poolp, &inControl->derValue,
+                       &inControl->value.archiveOptions, asn1Template);
+
+    if (inControl->derValue.data == NULL) {
+        goto loser;
+    }
+    return SECSuccess;
+loser:
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestSetPKIArchiveOptions(CRMFCertRequest *inCertReq,
+                                     CRMFPKIArchiveOptions *inOptions)
+{
+    CRMFControl *newControl;
+    PLArenaPool *poolp;
+    SECStatus rv;
+    void *mark;
+
+    PORT_Assert(inCertReq != NULL && inOptions != NULL);
+    if (inCertReq == NULL || inOptions == NULL) {
+        return SECFailure;
+    }
+    poolp = inCertReq->poolp;
+    mark = PORT_ArenaMark(poolp);
+    rv = crmf_add_new_control(inCertReq,
+                              SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
+                              &newControl);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = crmf_copy_pkiarchiveoptions(poolp,
+                                     &newControl->value.archiveOptions,
+                                     inOptions);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = crmf_encode_pkiarchiveoptions(poolp, newControl);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+static SECStatus
+crmf_destroy_control(CRMFControl *inControl, PRBool freeit)
+{
+    PORT_Assert(inControl != NULL);
+    if (inControl != NULL) {
+        SECITEM_FreeItem(&inControl->derTag, PR_FALSE);
+        SECITEM_FreeItem(&inControl->derValue, PR_FALSE);
+        /* None of the other tags require special processing at
+         * the moment when freeing because they are not supported,
+         * but if/when they are, add the necessary routines here.
+         * If all controls are supported, then every member of the
+         * union inControl->value will have a case that deals with
+         * it in the following switch statement.
+         */
+        switch (inControl->tag) {
+            case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+                crmf_destroy_pkiarchiveoptions(&inControl->value.archiveOptions,
+                                               PR_FALSE);
+                break;
+            default:
+                /* Put this here to get rid of all those annoying warnings.*/
+                break;
+        }
+        if (freeit) {
+            PORT_Free(inControl);
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CRMF_DestroyControl(CRMFControl *inControl)
+{
+    return crmf_destroy_control(inControl, PR_TRUE);
+}
+
+static SECOidTag
+crmf_controltype_to_tag(CRMFControlType inControlType)
+{
+    SECOidTag retVal;
+
+    switch (inControlType) {
+        case crmfRegTokenControl:
+            retVal = SEC_OID_PKIX_REGCTRL_REGTOKEN;
+            break;
+        case crmfAuthenticatorControl:
+            retVal = SEC_OID_PKIX_REGCTRL_AUTHENTICATOR;
+            break;
+        case crmfPKIPublicationInfoControl:
+            retVal = SEC_OID_PKIX_REGCTRL_PKIPUBINFO;
+            break;
+        case crmfPKIArchiveOptionsControl:
+            retVal = SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS;
+            break;
+        case crmfOldCertIDControl:
+            retVal = SEC_OID_PKIX_REGCTRL_OLD_CERT_ID;
+            break;
+        case crmfProtocolEncrKeyControl:
+            retVal = SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY;
+            break;
+        default:
+            retVal = SEC_OID_UNKNOWN;
+            break;
+    }
+    return retVal;
+}
+
+PRBool
+CRMF_CertRequestIsControlPresent(CRMFCertRequest *inCertReq,
+                                 CRMFControlType inControlType)
+{
+    SECOidTag controlTag;
+    int i;
+
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL || inCertReq->controls == NULL) {
+        return PR_FALSE;
+    }
+    controlTag = crmf_controltype_to_tag(inControlType);
+    for (i = 0; inCertReq->controls[i] != NULL; i++) {
+        if (inCertReq->controls[i]->tag == controlTag) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
diff --git a/nss/lib/crmf/crmfdec.c b/nss/lib/crmf/crmfdec.c
new file mode 100644
index 0000000..ac6e872
--- /dev/null
+++ b/nss/lib/crmf/crmfdec.c
@@ -0,0 +1,360 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "crmf.h"
+#include "crmfi.h"
+#include "secitem.h"
+
+static CRMFPOPChoice
+crmf_get_popchoice_from_der(SECItem *derPOP)
+{
+    CRMFPOPChoice retChoice;
+
+    switch (derPOP->data[0] & 0x0f) {
+        case 0:
+            retChoice = crmfRAVerified;
+            break;
+        case 1:
+            retChoice = crmfSignature;
+            break;
+        case 2:
+            retChoice = crmfKeyEncipherment;
+            break;
+        case 3:
+            retChoice = crmfKeyAgreement;
+            break;
+        default:
+            retChoice = crmfNoPOPChoice;
+            break;
+    }
+    return retChoice;
+}
+
+static SECStatus
+crmf_decode_process_raverified(CRMFCertReqMsg *inCertReqMsg)
+{
+    CRMFProofOfPossession *pop;
+    /* Just set up the structure so that the message structure
+     * looks like one that was created using the API
+     */
+    pop = inCertReqMsg->pop;
+    pop->popChoice.raVerified.data = NULL;
+    pop->popChoice.raVerified.len = 0;
+    return SECSuccess;
+}
+
+static SECStatus
+crmf_decode_process_signature(CRMFCertReqMsg *inCertReqMsg)
+{
+    PORT_Assert(inCertReqMsg->poolp);
+    if (!inCertReqMsg->poolp) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    return SEC_ASN1Decode(inCertReqMsg->poolp,
+                          &inCertReqMsg->pop->popChoice.signature,
+                          CRMFPOPOSigningKeyTemplate,
+                          (const char *)inCertReqMsg->derPOP.data,
+                          inCertReqMsg->derPOP.len);
+}
+
+static CRMFPOPOPrivKeyChoice
+crmf_get_messagechoice_from_der(SECItem *derPOP)
+{
+    CRMFPOPOPrivKeyChoice retChoice;
+
+    switch (derPOP->data[2] & 0x0f) {
+        case 0:
+            retChoice = crmfThisMessage;
+            break;
+        case 1:
+            retChoice = crmfSubsequentMessage;
+            break;
+        case 2:
+            retChoice = crmfDHMAC;
+            break;
+        default:
+            retChoice = crmfNoMessage;
+    }
+    return retChoice;
+}
+
+static SECStatus
+crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg)
+{
+    /* We've got a union, so a pointer to one POPOPrivKey
+     * struct is the same as having a pointer to the other
+     * one.
+     */
+    CRMFPOPOPrivKey *popoPrivKey =
+        &inCertReqMsg->pop->popChoice.keyEncipherment;
+    SECItem *derPOP, privKeyDer;
+    SECStatus rv;
+
+    derPOP = &inCertReqMsg->derPOP;
+    popoPrivKey->messageChoice = crmf_get_messagechoice_from_der(derPOP);
+    if (popoPrivKey->messageChoice == crmfNoMessage) {
+        return SECFailure;
+    }
+    /* If we ever encounter BER encodings of this, we'll get in trouble*/
+    switch (popoPrivKey->messageChoice) {
+        case crmfThisMessage:
+        case crmfDHMAC:
+            privKeyDer.type = derPOP->type;
+            privKeyDer.data = &derPOP->data[5];
+            privKeyDer.len = derPOP->len - 5;
+            break;
+        case crmfSubsequentMessage:
+            privKeyDer.type = derPOP->type;
+            privKeyDer.data = &derPOP->data[4];
+            privKeyDer.len = derPOP->len - 4;
+            break;
+        default:
+            return SECFailure;
+    }
+
+    rv = SECITEM_CopyItem(inCertReqMsg->poolp,
+                          &popoPrivKey->message.subsequentMessage,
+                          &privKeyDer);
+
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    if (popoPrivKey->messageChoice == crmfThisMessage ||
+        popoPrivKey->messageChoice == crmfDHMAC) {
+
+        popoPrivKey->message.thisMessage.len =
+            CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4];
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+crmf_decode_process_keyagreement(CRMFCertReqMsg *inCertReqMsg)
+{
+    return crmf_decode_process_popoprivkey(inCertReqMsg);
+}
+
+static SECStatus
+crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg)
+{
+    SECStatus rv;
+
+    rv = crmf_decode_process_popoprivkey(inCertReqMsg);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice ==
+        crmfDHMAC) {
+        /* Key Encipherment can not use the dhMAC option for
+         * POPOPrivKey.
+         */
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+crmf_decode_process_pop(CRMFCertReqMsg *inCertReqMsg)
+{
+    SECItem *derPOP;
+    PLArenaPool *poolp;
+    CRMFProofOfPossession *pop;
+    void *mark;
+    SECStatus rv;
+
+    derPOP = &inCertReqMsg->derPOP;
+    poolp = inCertReqMsg->poolp;
+    if (derPOP->data == NULL) {
+        /* There is no Proof of Possession field in this message. */
+        return SECSuccess;
+    }
+    mark = PORT_ArenaMark(poolp);
+    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (pop == NULL) {
+        goto loser;
+    }
+    pop->popUsed = crmf_get_popchoice_from_der(derPOP);
+    if (pop->popUsed == crmfNoPOPChoice) {
+        /* A bad encoding of CRMF.  Not a valid tag was given to the
+         * Proof Of Possession field.
+         */
+        goto loser;
+    }
+    inCertReqMsg->pop = pop;
+    switch (pop->popUsed) {
+        case crmfRAVerified:
+            rv = crmf_decode_process_raverified(inCertReqMsg);
+            break;
+        case crmfSignature:
+            rv = crmf_decode_process_signature(inCertReqMsg);
+            break;
+        case crmfKeyEncipherment:
+            rv = crmf_decode_process_keyencipherment(inCertReqMsg);
+            break;
+        case crmfKeyAgreement:
+            rv = crmf_decode_process_keyagreement(inCertReqMsg);
+            break;
+        default:
+            rv = SECFailure;
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    inCertReqMsg->pop = NULL;
+    return SECFailure;
+}
+
+static SECStatus
+crmf_decode_process_single_control(PLArenaPool *poolp,
+                                   CRMFControl *inControl)
+{
+    const SEC_ASN1Template *asn1Template = NULL;
+
+    inControl->tag = SECOID_FindOIDTag(&inControl->derTag);
+    asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl);
+
+    PORT_Assert(asn1Template != NULL);
+    PORT_Assert(poolp != NULL);
+    if (!asn1Template || !poolp) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* We've got a union, so passing a pointer to one element of the
+     * union is the same as passing a pointer to any of the other
+     * members of the union.
+     */
+    return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions,
+                          asn1Template, (const char *)inControl->derValue.data,
+                          inControl->derValue.len);
+}
+
+static SECStatus
+crmf_decode_process_controls(CRMFCertReqMsg *inCertReqMsg)
+{
+    int i, numControls;
+    SECStatus rv;
+    PLArenaPool *poolp;
+    CRMFControl **controls;
+
+    numControls = CRMF_CertRequestGetNumControls(inCertReqMsg->certReq);
+    controls = inCertReqMsg->certReq->controls;
+    poolp = inCertReqMsg->poolp;
+    for (i = 0; i < numControls; i++) {
+        rv = crmf_decode_process_single_control(poolp, controls[i]);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+crmf_decode_process_single_reqmsg(CRMFCertReqMsg *inCertReqMsg)
+{
+    SECStatus rv;
+
+    rv = crmf_decode_process_pop(inCertReqMsg);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = crmf_decode_process_controls(inCertReqMsg);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    inCertReqMsg->certReq->certTemplate.numExtensions =
+        CRMF_CertRequestGetNumberOfExtensions(inCertReqMsg->certReq);
+    inCertReqMsg->isDecoded = PR_TRUE;
+    rv = SECSuccess;
+loser:
+    return rv;
+}
+
+CRMFCertReqMsg *
+CRMF_CreateCertReqMsgFromDER(const char *buf, long len)
+{
+    PLArenaPool *poolp;
+    CRMFCertReqMsg *certReqMsg;
+    SECStatus rv;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        goto loser;
+    }
+    certReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
+    if (certReqMsg == NULL) {
+        goto loser;
+    }
+    certReqMsg->poolp = poolp;
+    rv = SEC_ASN1Decode(poolp, certReqMsg, CRMFCertReqMsgTemplate, buf, len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = crmf_decode_process_single_reqmsg(certReqMsg);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return certReqMsg;
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
+
+CRMFCertReqMessages *
+CRMF_CreateCertReqMessagesFromDER(const char *buf, long len)
+{
+    long arenaSize;
+    int i;
+    SECStatus rv;
+    PLArenaPool *poolp;
+    CRMFCertReqMessages *certReqMsgs;
+
+    PORT_Assert(buf != NULL);
+    /* Wanna make sure the arena is big enough to store all of the requests
+     * coming in.  We'll guestimate according to the length of the buffer.
+     */
+    arenaSize = len + len / 2;
+    poolp = PORT_NewArena(arenaSize);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    certReqMsgs = PORT_ArenaZNew(poolp, CRMFCertReqMessages);
+    if (certReqMsgs == NULL) {
+        goto loser;
+    }
+    certReqMsgs->poolp = poolp;
+    rv = SEC_ASN1Decode(poolp, certReqMsgs, CRMFCertReqMessagesTemplate,
+                        buf, len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    for (i = 0; certReqMsgs->messages[i] != NULL; i++) {
+        /* The sub-routines expect the individual messages to have
+         * an arena.  We'll give them one temporarily.
+         */
+        certReqMsgs->messages[i]->poolp = poolp;
+        rv = crmf_decode_process_single_reqmsg(certReqMsgs->messages[i]);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        certReqMsgs->messages[i]->poolp = NULL;
+    }
+    return certReqMsgs;
+
+loser:
+    PORT_FreeArena(poolp, PR_FALSE);
+    return NULL;
+}
diff --git a/nss/lib/crmf/crmfenc.c b/nss/lib/crmf/crmfenc.c
new file mode 100644
index 0000000..6d01a45
--- /dev/null
+++ b/nss/lib/crmf/crmfenc.c
@@ -0,0 +1,48 @@
+/* -*- Mode: C; tab-width: 8 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "crmf.h"
+#include "crmfi.h"
+
+SECStatus
+CRMF_EncodeCertReqMsg(CRMFCertReqMsg *inCertReqMsg,
+                      CRMFEncoderOutputCallback fn,
+                      void *arg)
+{
+    struct crmfEncoderOutput output;
+
+    output.fn = fn;
+    output.outputArg = arg;
+    return SEC_ASN1Encode(inCertReqMsg, CRMFCertReqMsgTemplate,
+                          crmf_encoder_out, &output);
+}
+
+SECStatus
+CRMF_EncodeCertRequest(CRMFCertRequest *inCertReq,
+                       CRMFEncoderOutputCallback fn,
+                       void *arg)
+{
+    struct crmfEncoderOutput output;
+
+    output.fn = fn;
+    output.outputArg = arg;
+    return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
+                          crmf_encoder_out, &output);
+}
+
+SECStatus
+CRMF_EncodeCertReqMessages(CRMFCertReqMsg **inCertReqMsgs,
+                           CRMFEncoderOutputCallback fn,
+                           void *arg)
+{
+    struct crmfEncoderOutput output;
+    CRMFCertReqMessages msgs;
+
+    output.fn = fn;
+    output.outputArg = arg;
+    msgs.messages = inCertReqMsgs;
+    return SEC_ASN1Encode(&msgs, CRMFCertReqMessagesTemplate,
+                          crmf_encoder_out, &output);
+}
diff --git a/nss/lib/crmf/crmffut.h b/nss/lib/crmf/crmffut.h
new file mode 100644
index 0000000..d6f9374
--- /dev/null
+++ b/nss/lib/crmf/crmffut.h
@@ -0,0 +1,357 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * These functions to be implemented in the future if the features
+ * which these functions would implement wind up being needed.
+ */
+
+/*
+ * Use this function to create the CRMFSinglePubInfo* variables that will
+ * populate the inPubInfoArray parameter for the function
+ * CRMF_CreatePKIPublicationInfo.
+ *
+ * "inPubMethod" specifies which publication method will be used
+ * "pubLocation" is a representation of the location where
+ */
+extern CRMFSinglePubInfo *
+CRMF_CreateSinglePubInfo(CRMFPublicationMethod inPubMethod,
+                         CRMFGeneralName *pubLocation);
+
+/*
+ * Create a PKIPublicationInfo that can later be passed to the function
+ * CRMFAddPubInfoControl.
+ */
+extern CRMFPKIPublicationInfo *
+CRMF_CreatePKIPublicationInfo(CRMFPublicationAction inAction,
+                              CRMFSinglePubInfo **inPubInfoArray,
+                              int numPubInfo);
+
+/*
+ * Only call this function on a CRMFPublicationInfo that was created by
+ * CRMF_CreatePKIPublicationInfo that was passed in NULL for arena.
+ */
+
+extern SECStatus
+CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
+
+extern SECStatus CRMF_AddPubInfoControl(CRMFCertRequest *inCertReq,
+                                        CRMFPKIPublicationInfo *inPubInfo);
+
+/*
+ * This is to create a Cert ID Control which can later be added to
+ * a certificate request.
+ */
+extern CRMFCertID *CRMF_CreateCertID(CRMFGeneralName *issuer,
+                                     long serialNumber);
+
+extern SECStatus CRMF_DestroyCertID(CRMFCertID *certID);
+
+extern SECStatus CRMF_AddCertIDControl(CRMFCertRequest *inCertReq,
+                                       CRMFCertID *certID);
+
+extern SECStatus
+CRMF_AddProtocolEncryptioKeyControl(CRMFCertRequest *inCertReq,
+                                    CERTSubjectPublicKeyInfo *spki);
+
+/*
+ * Add the ASCII Pairs Registration Info to the Certificate Request.
+ * The SECItem must be an OCTET string representation.
+ */
+extern SECStatus
+CRMF_AddUTF8PairsRegInfo(CRMFCertRequest *inCertReq,
+                         SECItem *asciiPairs);
+
+/*
+ * This takes a CertRequest and adds it to another CertRequest.
+ */
+extern SECStatus
+CRMF_AddCertReqToRegInfo(CRMFCertRequest *certReqToAddTo,
+                         CRMFCertRequest *certReqBeingAdded);
+
+/*
+ * Returns which option was used for the authInfo field of POPOSigningKeyInput
+ */
+extern CRMFPOPOSkiInputAuthChoice
+CRMF_GetSignKeyInputAuthChoice(CRMFPOPOSigningKeyInput *inKeyInput);
+
+/*
+ * Gets the PKMACValue associated with the POPOSigningKeyInput.
+ * If the POPOSigningKeyInput did not use authInfo.publicKeyMAC
+ * the function returns SECFailure and the value at *destValue is unchanged.
+ *
+ * If the POPOSigningKeyInput did use authInfo.publicKeyMAC, the function
+ * returns SECSuccess and places the PKMACValue at *destValue.
+ */
+extern SECStatus
+CRMF_GetSignKeyInputPKMACValue(CRMFPOPOSigningKeyInput *inKeyInput,
+                               CRMFPKMACValue **destValue);
+/*
+ * Gets the SubjectPublicKeyInfo from the POPOSigningKeyInput
+ */
+extern CERTSubjectPublicKeyInfo *
+CRMF_GetSignKeyInputPublicKey(CRMFPOPOSigningKeyInput *inKeyInput);
+
+/*
+ * Return the value for the PKIPublicationInfo Control.
+ * A return value of NULL indicates that the Control was
+ * not a PKIPublicationInfo Control.  Call
+ * CRMF_DestroyPKIPublicationInfo on the return value when done
+ * using the pointer.
+ */
+extern CRMFPKIPublicationInfo *CRMF_GetPKIPubInfo(CRMFControl *inControl);
+
+/*
+ * Free up a CRMFPKIPublicationInfo structure.
+ */
+extern SECStatus
+CRMF_DestroyPKIPublicationInfo(CRMFPKIPublicationInfo *inPubInfo);
+
+/*
+ * Get the choice used for action in this PKIPublicationInfo.
+ */
+extern CRMFPublicationAction
+CRMF_GetPublicationAction(CRMFPKIPublicationInfo *inPubInfo);
+
+/*
+ * Get the number of pubInfos are stored in the PKIPubicationInfo.
+ */
+extern int CRMF_GetNumPubInfos(CRMFPKIPublicationInfo *inPubInfo);
+
+/*
+ * Get the pubInfo at index for the given PKIPubicationInfo.
+ * Indexing is done like a traditional C Array. (0 .. numElements-1)
+ */
+extern CRMFSinglePubInfo *
+CRMF_GetPubInfoAtIndex(CRMFPKIPublicationInfo *inPubInfo,
+                       int index);
+
+/*
+ * Destroy the CRMFSinglePubInfo.
+ */
+extern SECStatus CRMF_DestroySinglePubInfo(CRMFSinglePubInfo *inPubInfo);
+
+/*
+ * Get the pubMethod used by the SinglePubInfo.
+ */
+extern CRMFPublicationMethod
+CRMF_GetPublicationMethod(CRMFSinglePubInfo *inPubInfo);
+
+/*
+ * Get the pubLocation associated with the SinglePubInfo.
+ * A NULL return value indicates there was no pubLocation associated
+ * with the SinglePuInfo.
+ */
+extern CRMFGeneralName *CRMF_GetPubLocation(CRMFSinglePubInfo *inPubInfo);
+
+/*
+ * Get the authInfo.sender field out of the POPOSigningKeyInput.
+ * If the POPOSigningKeyInput did not use the authInfo the function
+ * returns SECFailure and the value at *destName is unchanged.
+ *
+ * If the POPOSigningKeyInput did use authInfo.sender, the function returns
+ * SECSuccess and puts the authInfo.sender at *destName/
+ */
+extern SECStatus CRMF_GetSignKeyInputSender(CRMFPOPOSigningKeyInput *keyInput,
+                                            CRMFGeneralName **destName);
+
+/**************** CMMF Functions that need to be added. **********************/
+
+/*
+ * FUNCTION: CMMF_POPODecKeyChallContentSetNextChallenge
+ * INPUTS:
+ *    inDecKeyChall
+ *        The CMMFPOPODecKeyChallContent to operate on.
+ *    inRandom
+ *        The random number to use when generating the challenge,
+ *    inSender
+ *        The GeneralName representation of the sender of the challenge.
+ *    inPubKey
+ *        The public key to use when encrypting the challenge.
+ * NOTES:
+ *    This function adds a challenge to the end of the list of challenges
+ *    contained by 'inDecKeyChall'.  Refer to the CMMF draft on how the
+ *    the random number passed in and the sender's GeneralName are used
+ *    to generate the challenge and witness fields of the challenge.  This
+ *    library will use SHA1 as the one-way function for generating the
+ *    witess field of the challenge.
+ *
+ * RETURN:
+ *    SECSuccess if generating the challenge and adding to the end of list
+ *    of challenges was successful.  Any other return value indicates an error
+ *    while trying to generate the challenge.
+ */
+extern SECStatus
+CMMF_POPODecKeyChallContentSetNextChallenge(CMMFPOPODecKeyChallContent *inDecKeyChall,
+                                            long inRandom,
+                                            CERTGeneralName *inSender,
+                                            SECKEYPublicKey *inPubKey);
+
+/*
+ * FUNCTION: CMMF_POPODecKeyChallContentGetNumChallenges
+ * INPUTS:
+ *    inKeyChallCont
+ *        The CMMFPOPODecKeyChallContent to operate on.
+ * RETURN:
+ *    This function returns the number of CMMFChallenges are contained in
+ *    the CMMFPOPODecKeyChallContent structure.
+ */
+extern int CMMF_POPODecKeyChallContentGetNumChallenges(CMMFPOPODecKeyChallContent *inKeyChallCont);
+
+/*
+ * FUNCTION: CMMF_ChallengeGetRandomNumber
+ * INPUTS:
+ *    inChallenge
+ *        The CMMFChallenge to operate on.
+ *    inDest
+ *        A pointer to a user supplied buffer where the library
+ *        can place a copy of the random integer contatained in the
+ *        challenge.
+ * NOTES:
+ *    This function returns the value held in the decrypted Rand structure
+ *    corresponding to the random integer.  The user must call
+ *    CMMF_ChallengeDecryptWitness before calling this function.  Call
+ *    CMMF_ChallengeIsDecrypted to find out if the challenge has been
+ *    decrypted.
+ *
+ * RETURN:
+ *    SECSuccess indicates the witness field has been previously decrypted
+ *    and the value for the random integer was successfully placed at *inDest.
+ *    Any other return value indicates an error and that the value at *inDest
+ *    is not a valid value.
+ */
+extern SECStatus CMMF_ChallengeGetRandomNumber(CMMFChallenge *inChallenge,
+                                               long *inDest);
+
+/*
+ * FUNCTION: CMMF_ChallengeGetSender
+ * INPUTS:
+ *    inChallenge
+ *        the CMMFChallenge to operate on.
+ * NOTES:
+ *    This function returns the value held in the decrypted Rand structure
+ *    corresponding to the sender.  The user must call
+ *    CMMF_ChallengeDecryptWitness before calling this function.  Call
+ *    CMMF_ChallengeIsDecrypted to find out if the witness field has been
+ *    decrypted.  The user must call CERT_DestroyGeneralName after the return
+ *    value is no longer needed.
+ *
+ * RETURN:
+ *    A pointer to a copy of the sender CERTGeneralName.  A return value of
+ *    NULL indicates an error in trying to copy the information or that the
+ *    witness field has not been decrypted.
+ */
+extern CERTGeneralName *CMMF_ChallengeGetSender(CMMFChallenge *inChallenge);
+
+/*
+ * FUNCTION: CMMF_ChallengeGetAlgId
+ * INPUTS:
+ *    inChallenge
+ *        The CMMFChallenge to operate on.
+ *    inDestAlgId
+ *        A pointer to memory where a pointer to a copy of the algorithm
+ *        id can be placed.
+ * NOTES:
+ *    This function retrieves the one way function algorithm identifier
+ *    contained within the CMMFChallenge if the optional field is present.
+ *
+ * RETURN:
+ *    SECSucces indicates the function was able to place a pointer to a copy of
+ *    the alogrithm id at *inAlgId.  If the value at *inDestAlgId is NULL,
+ *    that means there was no algorithm identifier present in the
+ *    CMMFChallenge.  Any other return value indicates the function was not
+ *    able to make a copy of the algorithm identifier.  In this case the value
+ *    at *inDestAlgId is not valid.
+ */
+extern SECStatus CMMF_ChallengeGetAlgId(CMMFChallenge *inChallenge,
+                                        SECAlgorithmID *inAlgId);
+
+/*
+ * FUNCTION: CMMF_DestroyChallenge
+ * INPUTS:
+ *    inChallenge
+ *        The CMMFChallenge to free up.
+ * NOTES:
+ *    This function frees up all the memory associated with the CMMFChallenge
+ *    passed in.
+ * RETURN:
+ *    SECSuccess if freeing all the memory associated with the CMMFChallenge
+ *    passed in is successful.  Any other return value indicates an error
+ *    while freeing the memory.
+ */
+extern SECStatus CMMF_DestroyChallenge(CMMFChallenge *inChallenge);
+
+/*
+ * FUNCTION: CMMF_DestroyPOPODecKeyRespContent
+ * INPUTS:
+ *    inDecKeyResp
+ *        The CMMFPOPODecKeyRespContent structure to free.
+ * NOTES:
+ *    This function frees up all the memory associate with the
+ *    CMMFPOPODecKeyRespContent.
+ *
+ * RETURN:
+ *    SECSuccess if freeint up all the memory associated with the
+ *    CMMFPOPODecKeyRespContent structure is successful.  Any other
+ *    return value indicates an error while freeing the memory.
+ */
+extern SECStatus
+CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp);
+
+/*
+ * FUNCTION: CMMF_ChallengeDecryptWitness
+ * INPUTS:
+ *    inChallenge
+ *        The CMMFChallenge to operate on.
+ *    inPrivKey
+ *        The private key to use to decrypt the witness field.
+ * NOTES:
+ *    This function uses the private key to decrypt the challenge field
+ *    contained in the CMMFChallenge.  Make sure the private key matches the
+ *    public key that was used to encrypt the witness.  The creator of
+ *    the challenge will most likely be an RA that has the public key
+ *    from a Cert request.  So the private key should be the private key
+ *    associated with public key in that request.  This function will also
+ *    verify the witness field of the challenge.
+ *
+ * RETURN:
+ *    SECSuccess if decrypting the witness field was successful.  This does
+ *    not indicate that the decrypted data is valid, since the private key
+ *    passed in may not be the actual key needed to properly decrypt the
+ *    witness field.  Meaning that there is a decrypted structure now, but
+ *    may be garbage because the private key was incorrect.
+ *    Any other return value indicates the function could not complete the
+ *    decryption process.
+ */
+extern SECStatus CMMF_ChallengeDecryptWitness(CMMFChallenge *inChallenge,
+                                              SECKEYPrivateKey *inPrivKey);
+
+/*
+ * FUNCTION: CMMF_ChallengeIsDecrypted
+ * INPUTS:
+ *    inChallenge
+ *        The CMMFChallenge to operate on.
+ * RETURN:
+ *    This is a predicate function that returns PR_TRUE if the decryption
+ *    process has already been performed.  The function return PR_FALSE if
+ *    the decryption process has not been performed yet.
+ */
+extern PRBool CMMF_ChallengeIsDecrypted(CMMFChallenge *inChallenge);
+
+/*
+ * FUNCTION: CMMF_DestroyPOPODecKeyChallContent
+ * INPUTS:
+ *    inDecKeyCont
+ *        The CMMFPOPODecKeyChallContent to free
+ * NOTES:
+ *    This function frees up all the memory associated with the
+ *    CMMFPOPODecKeyChallContent
+ * RETURN:
+ *    SECSuccess if freeing up all the memory associatd with the
+ *    CMMFPOPODecKeyChallContent is successful.  Any other return value
+ *    indicates an error while freeing the memory.
+ *
+ */
+extern SECStatus
+CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont);
diff --git a/nss/lib/crmf/crmfget.c b/nss/lib/crmf/crmfget.c
new file mode 100644
index 0000000..5c1d2aa
--- /dev/null
+++ b/nss/lib/crmf/crmfget.c
@@ -0,0 +1,443 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "crmf.h"
+#include "crmfi.h"
+#include "keyhi.h"
+#include "secder.h"
+
+CRMFPOPChoice
+CRMF_CertReqMsgGetPOPType(CRMFCertReqMsg *inCertReqMsg)
+{
+    PORT_Assert(inCertReqMsg != NULL);
+    if (inCertReqMsg != NULL && inCertReqMsg->pop != NULL) {
+        return inCertReqMsg->pop->popUsed;
+    }
+    return crmfNoPOPChoice;
+}
+
+static SECStatus
+crmf_destroy_validity(CRMFOptionalValidity *inValidity, PRBool freeit)
+{
+    if (inValidity != NULL) {
+        if (inValidity->notBefore.data != NULL) {
+            PORT_Free(inValidity->notBefore.data);
+        }
+        if (inValidity->notAfter.data != NULL) {
+            PORT_Free(inValidity->notAfter.data);
+        }
+        if (freeit) {
+            PORT_Free(inValidity);
+        }
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+crmf_copy_cert_request_validity(PLArenaPool *poolp,
+                                CRMFOptionalValidity **destValidity,
+                                CRMFOptionalValidity *srcValidity)
+{
+    CRMFOptionalValidity *myValidity = NULL;
+    SECStatus rv;
+
+    *destValidity = myValidity = (poolp == NULL) ? PORT_ZNew(CRMFOptionalValidity)
+                                                 : PORT_ArenaZNew(poolp, CRMFOptionalValidity);
+    if (myValidity == NULL) {
+        goto loser;
+    }
+    if (srcValidity->notBefore.data != NULL) {
+        rv = SECITEM_CopyItem(poolp, &myValidity->notBefore,
+                              &srcValidity->notBefore);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcValidity->notAfter.data != NULL) {
+        rv = SECITEM_CopyItem(poolp, &myValidity->notAfter,
+                              &srcValidity->notAfter);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    return SECSuccess;
+loser:
+    if (myValidity != NULL && poolp == NULL) {
+        crmf_destroy_validity(myValidity, PR_TRUE);
+    }
+    return SECFailure;
+}
+
+static SECStatus
+crmf_copy_extensions(PLArenaPool *poolp,
+                     CRMFCertTemplate *destTemplate,
+                     CRMFCertExtension **srcExt)
+{
+    int numExt = 0, i;
+    CRMFCertExtension **myExtArray = NULL;
+
+    while (srcExt[numExt] != NULL) {
+        numExt++;
+    }
+    if (numExt == 0) {
+        /*No extensions to copy.*/
+        destTemplate->extensions = NULL;
+        destTemplate->numExtensions = 0;
+        return SECSuccess;
+    }
+    destTemplate->extensions = myExtArray =
+        PORT_NewArray(CRMFCertExtension *, numExt + 1);
+    if (myExtArray == NULL) {
+        goto loser;
+    }
+
+    for (i = 0; i < numExt; i++) {
+        myExtArray[i] = crmf_copy_cert_extension(poolp, srcExt[i]);
+        if (myExtArray[i] == NULL) {
+            goto loser;
+        }
+    }
+    destTemplate->numExtensions = numExt;
+    myExtArray[numExt] = NULL;
+    return SECSuccess;
+loser:
+    if (myExtArray != NULL) {
+        if (poolp == NULL) {
+            for (i = 0; myExtArray[i] != NULL; i++) {
+                CRMF_DestroyCertExtension(myExtArray[i]);
+            }
+        }
+        PORT_Free(myExtArray);
+    }
+    destTemplate->extensions = NULL;
+    destTemplate->numExtensions = 0;
+    return SECFailure;
+}
+
+static SECStatus
+crmf_copy_cert_request_template(PLArenaPool *poolp,
+                                CRMFCertTemplate *destTemplate,
+                                CRMFCertTemplate *srcTemplate)
+{
+    SECStatus rv;
+
+    if (srcTemplate->version.data != NULL) {
+        rv = SECITEM_CopyItem(poolp, &destTemplate->version,
+                              &srcTemplate->version);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->serialNumber.data != NULL) {
+        rv = SECITEM_CopyItem(poolp, &destTemplate->serialNumber,
+                              &srcTemplate->serialNumber);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->signingAlg != NULL) {
+        rv = crmf_template_copy_secalg(poolp, &destTemplate->signingAlg,
+                                       srcTemplate->signingAlg);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->issuer != NULL) {
+        rv = crmf_copy_cert_name(poolp, &destTemplate->issuer,
+                                 srcTemplate->issuer);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->validity != NULL) {
+        rv = crmf_copy_cert_request_validity(poolp, &destTemplate->validity,
+                                             srcTemplate->validity);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->subject != NULL) {
+        rv = crmf_copy_cert_name(poolp, &destTemplate->subject,
+                                 srcTemplate->subject);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->publicKey != NULL) {
+        rv = crmf_template_add_public_key(poolp, &destTemplate->publicKey,
+                                          srcTemplate->publicKey);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->issuerUID.data != NULL) {
+        rv = crmf_make_bitstring_copy(poolp, &destTemplate->issuerUID,
+                                      &srcTemplate->issuerUID);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->subjectUID.data != NULL) {
+        rv = crmf_make_bitstring_copy(poolp, &destTemplate->subjectUID,
+                                      &srcTemplate->subjectUID);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (srcTemplate->extensions != NULL) {
+        rv = crmf_copy_extensions(poolp, destTemplate,
+                                  srcTemplate->extensions);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    return SECSuccess;
+loser:
+    return SECFailure;
+}
+
+static CRMFControl *
+crmf_copy_control(PLArenaPool *poolp, CRMFControl *srcControl)
+{
+    CRMFControl *newControl;
+    SECStatus rv;
+
+    newControl = (poolp == NULL) ? PORT_ZNew(CRMFControl) : PORT_ArenaZNew(poolp, CRMFControl);
+    if (newControl == NULL) {
+        goto loser;
+    }
+    newControl->tag = srcControl->tag;
+    rv = SECITEM_CopyItem(poolp, &newControl->derTag, &srcControl->derTag);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(poolp, &newControl->derValue, &srcControl->derValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* We only handle PKIArchiveOptions Control right now.  But if in
+     * the future, more controls that are part of the union are added,
+     * then they need to be handled here as well.
+     */
+    switch (newControl->tag) {
+        case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+            rv = crmf_copy_pkiarchiveoptions(poolp,
+                                             &newControl->value.archiveOptions,
+                                             &srcControl->value.archiveOptions);
+            break;
+        default:
+            rv = SECSuccess;
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newControl;
+
+loser:
+    if (poolp == NULL && newControl != NULL) {
+        CRMF_DestroyControl(newControl);
+    }
+    return NULL;
+}
+
+static SECStatus
+crmf_copy_cert_request_controls(PLArenaPool *poolp,
+                                CRMFCertRequest *destReq,
+                                CRMFCertRequest *srcReq)
+{
+    int numControls, i;
+    CRMFControl **myControls = NULL;
+
+    numControls = CRMF_CertRequestGetNumControls(srcReq);
+    if (numControls == 0) {
+        /* No Controls To Copy*/
+        return SECSuccess;
+    }
+    myControls = destReq->controls = PORT_NewArray(CRMFControl *,
+                                                   numControls + 1);
+    if (myControls == NULL) {
+        goto loser;
+    }
+    for (i = 0; i < numControls; i++) {
+        myControls[i] = crmf_copy_control(poolp, srcReq->controls[i]);
+        if (myControls[i] == NULL) {
+            goto loser;
+        }
+    }
+    myControls[numControls] = NULL;
+    return SECSuccess;
+loser:
+    if (myControls != NULL) {
+        if (poolp == NULL) {
+            for (i = 0; myControls[i] != NULL; i++) {
+                CRMF_DestroyControl(myControls[i]);
+            }
+        }
+        PORT_Free(myControls);
+    }
+    return SECFailure;
+}
+
+CRMFCertRequest *
+crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq)
+{
+    CRMFCertRequest *newReq = NULL;
+    SECStatus rv;
+
+    if (srcReq == NULL) {
+        return NULL;
+    }
+    newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) : PORT_ArenaZNew(poolp, CRMFCertRequest);
+    if (newReq == NULL) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(poolp, &newReq->certReqId, &srcReq->certReqId);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate,
+                                         &srcReq->certTemplate);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = crmf_copy_cert_request_controls(poolp, newReq, srcReq);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newReq;
+loser:
+    if (newReq != NULL && poolp == NULL) {
+        CRMF_DestroyCertRequest(newReq);
+        PORT_Free(newReq);
+    }
+    return NULL;
+}
+
+SECStatus
+CRMF_DestroyGetValidity(CRMFGetValidity *inValidity)
+{
+    PORT_Assert(inValidity != NULL);
+    if (inValidity != NULL) {
+        if (inValidity->notAfter) {
+            PORT_Free(inValidity->notAfter);
+            inValidity->notAfter = NULL;
+        }
+        if (inValidity->notBefore) {
+            PORT_Free(inValidity->notBefore);
+            inValidity->notBefore = NULL;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest, SECItem *src)
+{
+    int origLenBits;
+    int bytesToCopy;
+    SECStatus rv;
+
+    origLenBits = src->len;
+    bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
+    src->len = bytesToCopy;
+    rv = SECITEM_CopyItem(arena, dest, src);
+    src->len = origLenBits;
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    dest->len = origLenBits;
+    return SECSuccess;
+}
+
+int
+CRMF_CertRequestGetNumberOfExtensions(CRMFCertRequest *inCertReq)
+{
+    CRMFCertTemplate *certTemplate;
+    int count = 0;
+
+    certTemplate = &inCertReq->certTemplate;
+    if (certTemplate->extensions) {
+        while (certTemplate->extensions[count] != NULL)
+            count++;
+    }
+    return count;
+}
+
+SECOidTag
+CRMF_CertExtensionGetOidTag(CRMFCertExtension *inExtension)
+{
+    PORT_Assert(inExtension != NULL);
+    if (inExtension == NULL) {
+        return SEC_OID_UNKNOWN;
+    }
+    return SECOID_FindOIDTag(&inExtension->id);
+}
+
+PRBool
+CRMF_CertExtensionGetIsCritical(CRMFCertExtension *inExt)
+{
+    PORT_Assert(inExt != NULL);
+    if (inExt == NULL) {
+        return PR_FALSE;
+    }
+    return inExt->critical.data != NULL;
+}
+
+SECItem *
+CRMF_CertExtensionGetValue(CRMFCertExtension *inExtension)
+{
+    PORT_Assert(inExtension != NULL);
+    if (inExtension == NULL) {
+        return NULL;
+    }
+
+    return SECITEM_DupItem(&inExtension->value);
+}
+
+SECStatus
+CRMF_DestroyPOPOSigningKey(CRMFPOPOSigningKey *inKey)
+{
+    PORT_Assert(inKey != NULL);
+    if (inKey != NULL) {
+        if (inKey->derInput.data != NULL) {
+            SECITEM_FreeItem(&inKey->derInput, PR_FALSE);
+        }
+        if (inKey->algorithmIdentifier != NULL) {
+            SECOID_DestroyAlgorithmID(inKey->algorithmIdentifier, PR_TRUE);
+        }
+        if (inKey->signature.data != NULL) {
+            SECITEM_FreeItem(&inKey->signature, PR_FALSE);
+        }
+        PORT_Free(inKey);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CRMF_DestroyPOPOPrivKey(CRMFPOPOPrivKey *inPrivKey)
+{
+    PORT_Assert(inPrivKey != NULL);
+    if (inPrivKey != NULL) {
+        SECITEM_FreeItem(&inPrivKey->message.thisMessage, PR_FALSE);
+        PORT_Free(inPrivKey);
+    }
+    return SECSuccess;
+}
+
+int
+CRMF_CertRequestGetNumControls(CRMFCertRequest *inCertReq)
+{
+    int count = 0;
+
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return 0;
+    }
+    if (inCertReq->controls) {
+        while (inCertReq->controls[count] != NULL)
+            count++;
+    }
+    return count;
+}
diff --git a/nss/lib/crmf/crmfi.h b/nss/lib/crmf/crmfi.h
new file mode 100644
index 0000000..badfd2b
--- /dev/null
+++ b/nss/lib/crmf/crmfi.h
@@ -0,0 +1,185 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CRMFI_H_
+#define _CRMFI_H_
+/* This file will contain all declarations common to both
+ * encoding and decoding of CRMF Cert Requests.  This header
+ * file should only be included internally by CRMF implementation
+ * files.
+ */
+#include "secasn1.h"
+#include "crmfit.h"
+#include "secerr.h"
+#include "blapit.h"
+
+#define CRMF_DEFAULT_ARENA_SIZE 1024
+
+/*
+ * Explanation for the definition of MAX_WRAPPED_KEY_LEN:
+ *
+ * It's used for internal buffers to transport a wrapped private key.
+ * The value is in BYTES.
+ * We want to define a reasonable upper bound for this value.
+ * Ideally this could be calculated, but in order to simplify the code
+ * we want to estimate the maximum requires size.
+ * See also bug 655850 for the full explanation.
+ *
+ * We know the largest wrapped keys are RSA keys.
+ * We'll estimate the maximum size needed for wrapped RSA keys,
+ * and assume it's sufficient for wrapped keys of any type we support.
+ *
+ * The maximum size of RSA keys in bits is defined elsewhere as
+ *   RSA_MAX_MODULUS_BITS
+ *
+ * The idea is to define MAX_WRAPPED_KEY_LEN based on the above.
+ *
+ * A wrapped RSA key requires about
+ *   ( ( RSA_MAX_MODULUS_BITS / 8 ) * 5.5) + 65
+ * bytes.
+ *
+ * Therefore, a safe upper bound is:
+ *   ( ( RSA_MAX_MODULUS_BITS / 8 ) *8 ) = RSA_MAX_MODULUS_BITS
+ *
+ */
+#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
+
+#define CRMF_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
+#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
+
+struct crmfEncoderArg {
+    SECItem *buffer;
+    unsigned long allocatedLen;
+};
+
+struct crmfEncoderOutput {
+    CRMFEncoderOutputCallback fn;
+    void *outputArg;
+};
+
+/*
+ * This function is used by the API for encoding functions that are
+ * exposed through the API, ie all of the CMMF_Encode* and CRMF_Encode*
+ * functions.
+ */
+extern void
+crmf_encoder_out(void *arg, const char *buf, unsigned long len,
+                 int depth, SEC_ASN1EncodingPart data_kind);
+
+/*
+ * This function is used when we want to encode something locally within
+ * the library, ie the CertRequest so that we can produce its signature.
+ */
+extern SECStatus
+crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
+                               SECItem *derDest);
+
+/*
+ * This is the callback function we feed to the ASN1 encoder when doing
+ * internal DER-encodings.  ie, encoding the cert request so we can
+ * produce a signature.
+ */
+extern void
+crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
+                              int depth, SEC_ASN1EncodingPart data_kind);
+
+/* The ASN1 templates that need to be seen by internal files
+ * in order to implement CRMF.
+ */
+extern const SEC_ASN1Template CRMFCertReqMsgTemplate[];
+extern const SEC_ASN1Template CRMFRAVerifiedTemplate[];
+extern const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[];
+extern const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[];
+extern const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[];
+extern const SEC_ASN1Template CRMFThisMessageTemplate[];
+extern const SEC_ASN1Template CRMFSubsequentMessageTemplate[];
+extern const SEC_ASN1Template CRMFDHMACTemplate[];
+extern const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[];
+extern const SEC_ASN1Template CRMFEncryptedValueTemplate[];
+
+/*
+ * Use these two values for encoding Boolean values.
+ */
+extern const unsigned char hexTrue;
+extern const unsigned char hexFalse;
+/*
+ * Prototypes for helper routines used internally by multiple files.
+ */
+extern SECStatus crmf_encode_integer(PLArenaPool *poolp, SECItem *dest,
+                                     long value);
+extern SECStatus crmf_make_bitstring_copy(PLArenaPool *arena, SECItem *dest,
+                                          SECItem *src);
+
+extern SECStatus crmf_copy_pkiarchiveoptions(PLArenaPool *poolp,
+                                             CRMFPKIArchiveOptions *destOpt,
+                                             CRMFPKIArchiveOptions *srcOpt);
+extern SECStatus
+crmf_destroy_pkiarchiveoptions(CRMFPKIArchiveOptions *inArchOptions,
+                               PRBool freeit);
+extern const SEC_ASN1Template *
+crmf_get_pkiarchiveoptions_subtemplate(CRMFControl *inControl);
+
+extern SECStatus crmf_copy_encryptedkey(PLArenaPool *poolp,
+                                        CRMFEncryptedKey *srcEncrKey,
+                                        CRMFEncryptedKey *destEncrKey);
+extern SECStatus
+crmf_copy_encryptedvalue(PLArenaPool *poolp,
+                         CRMFEncryptedValue *srcValue,
+                         CRMFEncryptedValue *destValue);
+
+extern SECStatus
+crmf_copy_encryptedvalue_secalg(PLArenaPool *poolp,
+                                SECAlgorithmID *srcAlgId,
+                                SECAlgorithmID **destAlgId);
+
+extern SECStatus crmf_template_copy_secalg(PLArenaPool *poolp,
+                                           SECAlgorithmID **dest,
+                                           SECAlgorithmID *src);
+
+extern SECStatus crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
+                                     CERTName *src);
+
+extern SECStatus crmf_template_add_public_key(PLArenaPool *poolp,
+                                              CERTSubjectPublicKeyInfo **dest,
+                                              CERTSubjectPublicKeyInfo *pubKey);
+
+extern CRMFCertExtension *crmf_create_cert_extension(PLArenaPool *poolp,
+                                                     SECOidTag tag,
+                                                     PRBool isCritical,
+                                                     SECItem *data);
+extern CRMFCertRequest *
+crmf_copy_cert_request(PLArenaPool *poolp, CRMFCertRequest *srcReq);
+
+extern SECStatus crmf_destroy_encrypted_value(CRMFEncryptedValue *inEncrValue,
+                                              PRBool freeit);
+
+extern CRMFEncryptedValue *
+crmf_create_encrypted_value_wrapped_privkey(SECKEYPrivateKey *inPrivKey,
+                                            SECKEYPublicKey *inPubKey,
+                                            CRMFEncryptedValue *destValue);
+
+extern CK_MECHANISM_TYPE
+crmf_get_mechanism_from_public_key(SECKEYPublicKey *inPubKey);
+
+extern SECStatus
+crmf_encrypted_value_unwrap_priv_key(PLArenaPool *poolp,
+                                     CRMFEncryptedValue *encValue,
+                                     SECKEYPrivateKey *privKey,
+                                     SECKEYPublicKey *newPubKey,
+                                     SECItem *nickname,
+                                     PK11SlotInfo *slot,
+                                     unsigned char keyUsage,
+                                     SECKEYPrivateKey **unWrappedKey,
+                                     void *wincx);
+
+extern SECItem *
+crmf_get_public_value(SECKEYPublicKey *pubKey, SECItem *dest);
+
+extern CRMFCertExtension *
+crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension);
+
+extern SECStatus
+crmf_create_prtime(SECItem *src, PRTime **dest);
+#endif /*_CRMFI_H_*/
diff --git a/nss/lib/crmf/crmfit.h b/nss/lib/crmf/crmfit.h
new file mode 100644
index 0000000..c5c4b96
--- /dev/null
+++ b/nss/lib/crmf/crmfit.h
@@ -0,0 +1,185 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CRMFIT_H_
+#define _CRMFIT_H_
+
+struct CRMFCertReqMessagesStr {
+    CRMFCertReqMsg **messages;
+    PLArenaPool *poolp;
+};
+
+struct CRMFCertExtensionStr {
+    SECItem id;
+    SECItem critical;
+    SECItem value;
+};
+
+struct CRMFOptionalValidityStr {
+    SECItem notBefore;
+    SECItem notAfter;
+};
+
+struct CRMFCertTemplateStr {
+    SECItem version;
+    SECItem serialNumber;
+    SECAlgorithmID *signingAlg;
+    CERTName *issuer;
+    CRMFOptionalValidity *validity;
+    CERTName *subject;
+    CERTSubjectPublicKeyInfo *publicKey;
+    SECItem issuerUID;
+    SECItem subjectUID;
+    CRMFCertExtension **extensions;
+    int numExtensions;
+};
+
+struct CRMFCertIDStr {
+    SECItem issuer;       /* General Name */
+    SECItem serialNumber; /*INTEGER*/
+};
+
+struct CRMFEncryptedValueStr {
+    SECAlgorithmID *intendedAlg;
+    SECAlgorithmID *symmAlg;
+    SECItem encSymmKey; /*BIT STRING   */
+    SECAlgorithmID *keyAlg;
+    SECItem valueHint; /*OCTET STRING */
+    SECItem encValue;  /*BIT STRING   */
+};
+
+/*
+ * The field derValue will contain the actual der
+ * to include in the encoding or that was read in
+ * from a der blob.
+ */
+struct CRMFEncryptedKeyStr {
+    union {
+        SEC_PKCS7ContentInfo *envelopedData;
+        CRMFEncryptedValue encryptedValue;
+    } value;
+    CRMFEncryptedKeyChoice encKeyChoice;
+    SECItem derValue;
+};
+
+/* ASN1 must only have one of the following 3 options. */
+struct CRMFPKIArchiveOptionsStr {
+    union {
+        CRMFEncryptedKey encryptedKey;
+        SECItem keyGenParameters;
+        SECItem archiveRemGenPrivKey; /* BOOLEAN */
+    } option;
+    CRMFPKIArchiveOptionsType archOption;
+};
+
+struct CRMFPKIPublicationInfoStr {
+    SECItem action; /* Possible values                    */
+                    /* dontPublish (0), pleasePublish (1) */
+    CRMFSinglePubInfo **pubInfos;
+};
+
+struct CRMFControlStr {
+    SECOidTag tag;
+    SECItem derTag;
+    SECItem derValue;
+    /* These will be C structures used to represent the various
+     * options.  Values that can't be stored as der right away.
+     * After creating these structures, we'll place their der
+     * encoding in derValue so the encoder knows how to get to
+     * it.
+     */
+    union {
+        CRMFCertID oldCertId;
+        CRMFPKIArchiveOptions archiveOptions;
+        CRMFPKIPublicationInfo pubInfo;
+        CRMFProtocolEncrKey protEncrKey;
+    } value;
+};
+
+struct CRMFCertRequestStr {
+    SECItem certReqId;
+    CRMFCertTemplate certTemplate;
+    CRMFControl **controls;
+    /* The following members are used by the internal implementation, but
+     * are not part of the encoding.
+     */
+    PLArenaPool *poolp;
+    PRUint32 requestID; /* This is the value that will be encoded into
+                         * the certReqId field.
+                         */
+};
+
+struct CRMFAttributeStr {
+    SECItem derTag;
+    SECItem derValue;
+};
+
+struct CRMFCertReqMsgStr {
+    CRMFCertRequest *certReq;
+    CRMFProofOfPossession *pop;
+    CRMFAttribute **regInfo;
+    SECItem derPOP;
+    /* This arena will be used for allocating memory when decoding.
+     */
+    PLArenaPool *poolp;
+    PRBool isDecoded;
+};
+
+struct CRMFPOPOSigningKeyInputStr {
+    /* ASN1 must have only one of the next 2 options */
+    union {
+        SECItem sender; /*General Name*/
+        CRMFPKMACValue *publicKeyMAC;
+    } authInfo;
+    CERTSubjectPublicKeyInfo publicKey;
+};
+
+struct CRMFPOPOSigningKeyStr {
+    SECItem derInput; /*If in the future we support
+                       *POPOSigningKeyInput, this will
+                       *a C structure representation
+                       *instead.
+                       */
+    SECAlgorithmID *algorithmIdentifier;
+    SECItem signature; /* This is a BIT STRING. Remember */
+};                     /* that when interpreting.        */
+
+/* ASN1 must only choose one of these members */
+struct CRMFPOPOPrivKeyStr {
+    union {
+        SECItem thisMessage;       /* BIT STRING */
+        SECItem subsequentMessage; /*INTEGER*/
+        SECItem dhMAC;             /*BIT STRING*/
+    } message;
+    CRMFPOPOPrivKeyChoice messageChoice;
+};
+
+/* ASN1 must only have one of these options. */
+struct CRMFProofOfPossessionStr {
+    union {
+        SECItem raVerified;
+        CRMFPOPOSigningKey signature;
+        CRMFPOPOPrivKey keyEncipherment;
+        CRMFPOPOPrivKey keyAgreement;
+    } popChoice;
+    CRMFPOPChoice popUsed; /*Not part of encoding*/
+};
+
+struct CRMFPKMACValueStr {
+    SECAlgorithmID algID;
+    SECItem value; /*BIT STRING*/
+};
+
+struct CRMFSinglePubInfoStr {
+    SECItem pubMethod;            /* Possible Values:
+                                   *   dontCare (0)
+                                   *   x500     (1)
+                                   *   web      (2)
+                                   *   ldap     (3)
+                                   */
+    CERTGeneralName *pubLocation; /* General Name */
+};
+
+#endif /* _CRMFIT_H_ */
diff --git a/nss/lib/crmf/crmfpop.c b/nss/lib/crmf/crmfpop.c
new file mode 100644
index 0000000..725f8c7
--- /dev/null
+++ b/nss/lib/crmf/crmfpop.c
@@ -0,0 +1,598 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "crmf.h"
+#include "crmfi.h"
+#include "secasn1.h"
+#include "keyhi.h"
+#include "cryptohi.h"
+
+#define CRMF_DEFAULT_ALLOC_SIZE 1024U
+
+SECStatus
+crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
+                               SECItem *derDest)
+{
+    derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
+    if (derDest->data == NULL) {
+        return SECFailure;
+    }
+    derDest->len = 0;
+    encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
+    encoderArg->buffer = derDest;
+    return SECSuccess;
+}
+
+/* Caller should release or unmark the pool, instead of doing it here.
+** But there are NO callers of this function at present...
+*/
+SECStatus
+CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
+{
+    CRMFProofOfPossession *pop;
+    PLArenaPool *poolp;
+    void *mark;
+
+    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
+    poolp = inCertReqMsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+    if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
+        return SECFailure;
+    }
+    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (pop == NULL) {
+        goto loser;
+    }
+    pop->popUsed = crmfRAVerified;
+    pop->popChoice.raVerified.data = NULL;
+    pop->popChoice.raVerified.len = 0;
+    inCertReqMsg->pop = pop;
+    (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
+                             &(pop->popChoice.raVerified),
+                             CRMFRAVerifiedTemplate);
+    return SECSuccess;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+static SECOidTag
+crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey)
+{
+    /* maintain backward compatibility with older
+     * implementations */
+    if (inPubKey->keyType == rsaKey) {
+        return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+    }
+    return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
+}
+
+static SECAlgorithmID *
+crmf_create_poposignkey_algid(PLArenaPool *poolp,
+                              SECKEYPublicKey *inPubKey)
+{
+    SECAlgorithmID *algID;
+    SECOidTag tag;
+    SECStatus rv;
+    void *mark;
+
+    mark = PORT_ArenaMark(poolp);
+    algID = PORT_ArenaZNew(poolp, SECAlgorithmID);
+    if (algID == NULL) {
+        goto loser;
+    }
+    tag = crmf_get_key_sign_tag(inPubKey);
+    if (tag == SEC_OID_UNKNOWN) {
+        goto loser;
+    }
+    rv = SECOID_SetAlgorithmID(poolp, algID, tag, NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return algID;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+static CRMFPOPOSigningKeyInput *
+crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert,
+                                CRMFMACPasswordCallback fn, void *arg)
+{
+    /* PSM isn't going to do this, so we'll fail here for now.*/
+    return NULL;
+}
+
+void
+crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len,
+                              int depth, SEC_ASN1EncodingPart data_kind)
+{
+    struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg *)arg;
+    unsigned char *cursor;
+
+    if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
+        int newSize = encoderArg->buffer->len + CRMF_DEFAULT_ALLOC_SIZE;
+        void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
+        if (dummy == NULL) {
+            /* I really want to return an error code here */
+            PORT_Assert(0);
+            return;
+        }
+        encoderArg->buffer->data = dummy;
+        encoderArg->allocatedLen = newSize;
+    }
+    cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
+    if (len) {
+        PORT_Memcpy(cursor, buf, len);
+    }
+    encoderArg->buffer->len += len;
+}
+
+static SECStatus
+crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest)
+{
+    struct crmfEncoderArg encoderArg;
+    SECStatus rv;
+
+    rv = crmf_init_encoder_callback_arg(&encoderArg, derDest);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
+                          crmf_generic_encoder_callback, &encoderArg);
+}
+
+static SECStatus
+crmf_sign_certreq(PLArenaPool *poolp,
+                  CRMFPOPOSigningKey *crmfSignKey,
+                  CRMFCertRequest *certReq,
+                  SECKEYPrivateKey *inKey,
+                  SECAlgorithmID *inAlgId)
+{
+    SECItem derCertReq = { siBuffer, NULL, 0 };
+    SECItem certReqSig = { siBuffer, NULL, 0 };
+    SECStatus rv = SECSuccess;
+
+    rv = crmf_encode_certreq(certReq, &derCertReq);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len,
+                      inKey, SECOID_GetAlgorithmTag(inAlgId));
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* Now make it a part of the POPOSigningKey */
+    rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig);
+    /* Convert this length to number of bits */
+    crmfSignKey->signature.len <<= 3;
+
+loser:
+    if (derCertReq.data != NULL) {
+        PORT_Free(derCertReq.data);
+    }
+    if (certReqSig.data != NULL) {
+        PORT_Free(certReqSig.data);
+    }
+    return rv;
+}
+
+static SECStatus
+crmf_create_poposignkey(PLArenaPool *poolp,
+                        CRMFCertReqMsg *inCertReqMsg,
+                        CRMFPOPOSigningKeyInput *signKeyInput,
+                        SECKEYPrivateKey *inPrivKey,
+                        SECAlgorithmID *inAlgID,
+                        CRMFPOPOSigningKey *signKey)
+{
+    CRMFCertRequest *certReq;
+    void *mark;
+    PRBool useSignKeyInput;
+    SECStatus rv;
+
+    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL);
+    mark = PORT_ArenaMark(poolp);
+    if (signKey == NULL) {
+        goto loser;
+    }
+    certReq = inCertReqMsg->certReq;
+    useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq, crmfSubject) &&
+                        CRMF_DoesRequestHaveField(certReq, crmfPublicKey));
+
+    if (useSignKeyInput) {
+        goto loser;
+    } else {
+        rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
+                               SECKEYPrivateKey *inPrivKey,
+                               SECKEYPublicKey *inPubKey,
+                               CERTCertificate *inCertForInput,
+                               CRMFMACPasswordCallback fn,
+                               void *arg)
+{
+    SECAlgorithmID *algID;
+    PLArenaPool *poolp;
+    SECItem derTemp = { siBuffer, NULL, 0 };
+    void *mark;
+    SECStatus rv;
+    CRMFPOPOSigningKeyInput *signKeyInput = NULL;
+    CRMFCertRequest *certReq;
+    CRMFProofOfPossession *pop;
+    struct crmfEncoderArg encoderArg;
+
+    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL &&
+                inCertReqMsg->pop == NULL);
+    certReq = inCertReqMsg->certReq;
+    if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
+        !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
+        return SECFailure;
+    }
+    poolp = inCertReqMsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+    algID = crmf_create_poposignkey_algid(poolp, inPubKey);
+
+    if (!CRMF_DoesRequestHaveField(certReq, crmfSubject)) {
+        signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput,
+                                                       fn, arg);
+        if (signKeyInput == NULL) {
+            goto loser;
+        }
+    }
+
+    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (pop == NULL) {
+        goto loser;
+    }
+
+    rv = crmf_create_poposignkey(poolp, inCertReqMsg,
+                                 signKeyInput, inPrivKey, algID,
+                                 &(pop->popChoice.signature));
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    pop->popUsed = crmfSignature;
+    pop->popChoice.signature.algorithmIdentifier = algID;
+    inCertReqMsg->pop = pop;
+
+    rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SEC_ASN1Encode(&pop->popChoice.signature,
+                        CRMFPOPOSigningKeyTemplate,
+                        crmf_generic_encoder_callback, &encoderArg);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(poolp, &(inCertReqMsg->derPOP), &derTemp);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_Free(derTemp.data);
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    if (derTemp.data != NULL) {
+        PORT_Free(derTemp.data);
+    }
+    return SECFailure;
+}
+
+static const SEC_ASN1Template *
+crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
+{
+    const SEC_ASN1Template *retTemplate = NULL;
+
+    switch (inPrivKey->messageChoice) {
+        case crmfThisMessage:
+            retTemplate = CRMFThisMessageTemplate;
+            break;
+        case crmfSubsequentMessage:
+            retTemplate = CRMFSubsequentMessageTemplate;
+            break;
+        case crmfDHMAC:
+            retTemplate = CRMFDHMACTemplate;
+            break;
+        default:
+            retTemplate = NULL;
+    }
+    return retTemplate;
+}
+
+static SECStatus
+crmf_encode_popoprivkey(PLArenaPool *poolp,
+                        CRMFCertReqMsg *inCertReqMsg,
+                        CRMFPOPOPrivKey *popoPrivKey,
+                        const SEC_ASN1Template *privKeyTemplate)
+{
+    struct crmfEncoderArg encoderArg;
+    SECItem derTemp = { siBuffer, NULL, 0 };
+    SECStatus rv;
+    void *mark;
+    const SEC_ASN1Template *subDerTemplate;
+
+    mark = PORT_ArenaMark(poolp);
+    rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey);
+    /* We've got a union, so a pointer to one item is a pointer to
+     * all the items in the union.
+     */
+    rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
+                        subDerTemplate,
+                        crmf_generic_encoder_callback, &encoderArg);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (encoderArg.allocatedLen > derTemp.len + 2) {
+        void *dummy = PORT_Realloc(derTemp.data, derTemp.len + 2);
+        if (dummy == NULL) {
+            goto loser;
+        }
+        derTemp.data = dummy;
+    }
+    PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len);
+    /* I couldn't figure out how to get the ASN1 encoder to implicitly
+     * tag an implicitly tagged der blob.  So I'm putting in the outter-
+     * most tag myself. -javi
+     */
+    derTemp.data[0] = (unsigned char)privKeyTemplate->kind;
+    derTemp.data[1] = (unsigned char)derTemp.len;
+    derTemp.len += 2;
+    rv = SECITEM_CopyItem(poolp, &inCertReqMsg->derPOP, &derTemp);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_Free(derTemp.data);
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    if (derTemp.data) {
+        PORT_Free(derTemp.data);
+    }
+    return SECFailure;
+}
+
+static const SEC_ASN1Template *
+crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
+{
+    switch (inChoice) {
+        case crmfKeyAgreement:
+            return CRMFPOPOKeyAgreementTemplate;
+        case crmfKeyEncipherment:
+            return CRMFPOPOKeyEnciphermentTemplate;
+        default:
+            break;
+    }
+    return NULL;
+}
+
+static SECStatus
+crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
+                             CRMFPOPChoice inChoice)
+{
+    PLArenaPool *poolp;
+    void *mark;
+    CRMFPOPOPrivKey *popoPrivKey;
+    CRMFProofOfPossession *pop;
+    SECStatus rv;
+
+    PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
+    poolp = inCertReqMsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (pop == NULL) {
+        goto loser;
+    }
+    pop->popUsed = inChoice;
+    /* popChoice is a union, so getting a pointer to one
+     * field gives me a pointer to the other fields as
+     * well.  This in essence points to both
+     * pop->popChoice.keyEncipherment and
+     * pop->popChoice.keyAgreement
+     */
+    popoPrivKey = &pop->popChoice.keyEncipherment;
+
+    rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage),
+                          encPrivKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    popoPrivKey->message.thisMessage.len <<= 3;
+    popoPrivKey->messageChoice = crmfThisMessage;
+    inCertReqMsg->pop = pop;
+    rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
+                                 crmf_get_template_for_privkey(inChoice));
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+static SECStatus
+crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
+                       CRMFPOPChoice inChoice)
+{
+    PLArenaPool *poolp;
+    void *mark;
+    CRMFPOPOPrivKey *popoPrivKey;
+    CRMFProofOfPossession *pop;
+    SECStatus rv;
+
+    PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
+    poolp = inCertReqMsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (pop == NULL) {
+        goto loser;
+    }
+    pop->popUsed = inChoice;
+    popoPrivKey = &pop->popChoice.keyAgreement;
+
+    rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.dhMAC),
+                          dhmac);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    popoPrivKey->message.dhMAC.len <<= 3;
+    popoPrivKey->messageChoice = crmfDHMAC;
+    inCertReqMsg->pop = pop;
+    rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
+                                 crmf_get_template_for_privkey(inChoice));
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+static SECStatus
+crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
+                               CRMFSubseqMessOptions subsequentMessage,
+                               CRMFPOPChoice inChoice)
+{
+    void *mark;
+    PLArenaPool *poolp;
+    CRMFProofOfPossession *pop;
+    CRMFPOPOPrivKey *popoPrivKey;
+    SECStatus rv;
+    const SEC_ASN1Template *privKeyTemplate;
+
+    if (subsequentMessage == crmfNoSubseqMess) {
+        return SECFailure;
+    }
+    poolp = inCertReqMsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (pop == NULL) {
+        goto loser;
+    }
+
+    pop->popUsed = inChoice;
+    /*
+     * We have a union, so a pointer to one member of the union
+     * is also a member to another member of that same union.
+     */
+    popoPrivKey = &pop->popChoice.keyEncipherment;
+
+    switch (subsequentMessage) {
+        case crmfEncrCert:
+            rv = crmf_encode_integer(poolp,
+                                     &(popoPrivKey->message.subsequentMessage),
+                                     0);
+            break;
+        case crmfChallengeResp:
+            rv = crmf_encode_integer(poolp,
+                                     &(popoPrivKey->message.subsequentMessage),
+                                     1);
+            break;
+        default:
+            goto loser;
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    popoPrivKey->messageChoice = crmfSubsequentMessage;
+    privKeyTemplate = crmf_get_template_for_privkey(inChoice);
+    inCertReqMsg->pop = pop;
+    rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
+                                 privKeyTemplate);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
+                                     CRMFPOPOPrivKeyChoice inKeyChoice,
+                                     CRMFSubseqMessOptions subseqMess,
+                                     SECItem *encPrivKey)
+{
+    SECStatus rv;
+
+    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
+    if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
+        return SECFailure;
+    }
+    switch (inKeyChoice) {
+        case crmfThisMessage:
+            rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+                                              crmfKeyEncipherment);
+            break;
+        case crmfSubsequentMessage:
+            rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+                                                crmfKeyEncipherment);
+            break;
+        case crmfDHMAC:
+        default:
+            rv = SECFailure;
+    }
+    return rv;
+}
+
+SECStatus
+CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
+                                  CRMFPOPOPrivKeyChoice inKeyChoice,
+                                  CRMFSubseqMessOptions subseqMess,
+                                  SECItem *encPrivKey)
+{
+    SECStatus rv;
+
+    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
+    switch (inKeyChoice) {
+        case crmfThisMessage:
+            rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+                                              crmfKeyAgreement);
+            break;
+        case crmfSubsequentMessage:
+            rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+                                                crmfKeyAgreement);
+            break;
+        case crmfDHMAC:
+            /* In this case encPrivKey should be the calculated dhMac
+             * as specified in RFC 2511 */
+            rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
+                                        crmfKeyAgreement);
+            break;
+        default:
+            rv = SECFailure;
+    }
+    return rv;
+}
diff --git a/nss/lib/crmf/crmfreq.c b/nss/lib/crmf/crmfreq.c
new file mode 100644
index 0000000..e89f182
--- /dev/null
+++ b/nss/lib/crmf/crmfreq.c
@@ -0,0 +1,663 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "crmf.h"
+#include "crmfi.h"
+#include "keyhi.h"
+#include "secder.h"
+
+/*
+ * Macro that returns PR_TRUE if the pointer is not NULL.
+ * If the pointer is NULL, then the macro will return PR_FALSE.
+ */
+#define IS_NOT_NULL(ptr) ((ptr) == NULL) ? PR_FALSE : PR_TRUE
+
+const unsigned char hexTrue = 0xff;
+const unsigned char hexFalse = 0x00;
+
+SECStatus
+crmf_encode_integer(PLArenaPool *poolp, SECItem *dest, long value)
+{
+    SECItem *dummy;
+
+    dummy = SEC_ASN1EncodeInteger(poolp, dest, value);
+    PORT_Assert(dummy == dest);
+    if (dummy == NULL) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+crmf_encode_unsigned_integer(PLArenaPool *poolp, SECItem *dest,
+                             unsigned long value)
+{
+    SECItem *dummy;
+
+    dummy = SEC_ASN1EncodeUnsignedInteger(poolp, dest, value);
+    PORT_Assert(dummy == dest);
+    if (dummy != dest) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+crmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
+{
+    return SECITEM_CopyItem(poolp, dest, src);
+}
+
+PRBool
+CRMF_DoesRequestHaveField(CRMFCertRequest *inCertReq,
+                          CRMFCertTemplateField inField)
+{
+
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return PR_FALSE;
+    }
+    switch (inField) {
+        case crmfVersion:
+            return inCertReq->certTemplate.version.data != NULL;
+        case crmfSerialNumber:
+            return inCertReq->certTemplate.serialNumber.data != NULL;
+        case crmfSigningAlg:
+            return inCertReq->certTemplate.signingAlg != NULL;
+        case crmfIssuer:
+            return inCertReq->certTemplate.issuer != NULL;
+        case crmfValidity:
+            return inCertReq->certTemplate.validity != NULL;
+        case crmfSubject:
+            return inCertReq->certTemplate.subject != NULL;
+        case crmfPublicKey:
+            return inCertReq->certTemplate.publicKey != NULL;
+        case crmfIssuerUID:
+            return inCertReq->certTemplate.issuerUID.data != NULL;
+        case crmfSubjectUID:
+            return inCertReq->certTemplate.subjectUID.data != NULL;
+        case crmfExtension:
+            return CRMF_CertRequestGetNumberOfExtensions(inCertReq) != 0;
+    }
+    return PR_FALSE;
+}
+
+CRMFCertRequest *
+CRMF_CreateCertRequest(PRUint32 inRequestID)
+{
+    PLArenaPool *poolp;
+    CRMFCertRequest *certReq;
+    SECStatus rv;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        goto loser;
+    }
+
+    certReq = PORT_ArenaZNew(poolp, CRMFCertRequest);
+    if (certReq == NULL) {
+        goto loser;
+    }
+
+    certReq->poolp = poolp;
+    certReq->requestID = inRequestID;
+
+    rv = crmf_encode_unsigned_integer(poolp, &(certReq->certReqId),
+                                      inRequestID);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return certReq;
+loser:
+    if (poolp) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
+
+SECStatus
+CRMF_DestroyCertRequest(CRMFCertRequest *inCertReq)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq != NULL) {
+        if (inCertReq->certTemplate.extensions) {
+            PORT_Free(inCertReq->certTemplate.extensions);
+        }
+        if (inCertReq->controls) {
+            /* Right now we don't support EnveloppedData option,
+             * so we won't go through and delete each occurrence of
+             * an EnveloppedData in the control.
+             */
+            PORT_Free(inCertReq->controls);
+        }
+        if (inCertReq->poolp) {
+            PORT_FreeArena(inCertReq->poolp, PR_TRUE);
+        }
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+crmf_template_add_version(PLArenaPool *poolp, SECItem *dest, long version)
+{
+    return (crmf_encode_integer(poolp, dest, version));
+}
+
+static SECStatus
+crmf_template_add_serialnumber(PLArenaPool *poolp, SECItem *dest, long serial)
+{
+    return (crmf_encode_integer(poolp, dest, serial));
+}
+
+SECStatus
+crmf_template_copy_secalg(PLArenaPool *poolp, SECAlgorithmID **dest,
+                          SECAlgorithmID *src)
+{
+    SECStatus rv;
+    void *mark = NULL;
+    SECAlgorithmID *mySecAlg;
+
+    if (!poolp) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(poolp);
+    *dest = mySecAlg = PORT_ArenaZNew(poolp, SECAlgorithmID);
+    if (mySecAlg == NULL) {
+        goto loser;
+    }
+    rv = SECOID_CopyAlgorithmID(poolp, mySecAlg, src);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (mark) {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+    return SECSuccess;
+
+loser:
+    *dest = NULL;
+    if (mark) {
+        PORT_ArenaRelease(poolp, mark);
+    }
+    return SECFailure;
+}
+
+SECStatus
+crmf_copy_cert_name(PLArenaPool *poolp, CERTName **dest,
+                    CERTName *src)
+{
+    CERTName *newName;
+    SECStatus rv;
+    void *mark;
+
+    mark = PORT_ArenaMark(poolp);
+    *dest = newName = PORT_ArenaZNew(poolp, CERTName);
+    if (newName == NULL) {
+        goto loser;
+    }
+
+    rv = CERT_CopyName(poolp, newName, src);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    *dest = NULL;
+    return SECFailure;
+}
+
+static SECStatus
+crmf_template_add_issuer(PLArenaPool *poolp, CERTName **dest,
+                         CERTName *issuerName)
+{
+    return crmf_copy_cert_name(poolp, dest, issuerName);
+}
+
+static SECStatus
+crmf_template_add_validity(PLArenaPool *poolp, CRMFOptionalValidity **dest,
+                           CRMFValidityCreationInfo *info)
+{
+    SECStatus rv;
+    void *mark;
+    CRMFOptionalValidity *myValidity;
+
+    /*First off, let's make sure at least one of the two fields is present*/
+    if (!info || (!info->notBefore && !info->notAfter)) {
+        return SECFailure;
+    }
+    mark = PORT_ArenaMark(poolp);
+    *dest = myValidity = PORT_ArenaZNew(poolp, CRMFOptionalValidity);
+    if (myValidity == NULL) {
+        goto loser;
+    }
+
+    if (info->notBefore) {
+        rv = DER_EncodeTimeChoice(poolp, &myValidity->notBefore,
+                                  *info->notBefore);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    if (info->notAfter) {
+        rv = DER_EncodeTimeChoice(poolp, &myValidity->notAfter,
+                                  *info->notAfter);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    *dest = NULL;
+    return SECFailure;
+}
+
+static SECStatus
+crmf_template_add_subject(PLArenaPool *poolp, CERTName **dest,
+                          CERTName *subject)
+{
+    return crmf_copy_cert_name(poolp, dest, subject);
+}
+
+SECStatus
+crmf_template_add_public_key(PLArenaPool *poolp,
+                             CERTSubjectPublicKeyInfo **dest,
+                             CERTSubjectPublicKeyInfo *pubKey)
+{
+    CERTSubjectPublicKeyInfo *spki;
+    SECStatus rv;
+
+    *dest = spki = (poolp == NULL) ? PORT_ZNew(CERTSubjectPublicKeyInfo) : PORT_ArenaZNew(poolp, CERTSubjectPublicKeyInfo);
+    if (spki == NULL) {
+        goto loser;
+    }
+    rv = SECKEY_CopySubjectPublicKeyInfo(poolp, spki, pubKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return SECSuccess;
+loser:
+    if (poolp == NULL && spki != NULL) {
+        SECKEY_DestroySubjectPublicKeyInfo(spki);
+    }
+    *dest = NULL;
+    return SECFailure;
+}
+
+static SECStatus
+crmf_copy_bitstring(PLArenaPool *poolp, SECItem *dest, const SECItem *src)
+{
+    SECStatus rv;
+    SECItem byteSrc;
+
+    byteSrc = *src;
+    byteSrc.len = CRMF_BITS_TO_BYTES(byteSrc.len);
+    rv = crmf_copy_secitem(poolp, dest, &byteSrc);
+    dest->len = src->len;
+    return rv;
+}
+
+static SECStatus
+crmf_template_add_issuer_uid(PLArenaPool *poolp, SECItem *dest,
+                             const SECItem *issuerUID)
+{
+    return crmf_copy_bitstring(poolp, dest, issuerUID);
+}
+
+static SECStatus
+crmf_template_add_subject_uid(PLArenaPool *poolp, SECItem *dest,
+                              const SECItem *subjectUID)
+{
+    return crmf_copy_bitstring(poolp, dest, subjectUID);
+}
+
+static void
+crmf_zeroize_new_extensions(CRMFCertExtension **extensions,
+                            int numToZeroize)
+{
+    PORT_Memset((void *)extensions, 0, sizeof(CERTCertExtension *) * numToZeroize);
+}
+
+/*
+ * The strategy for adding templates will differ from all the other
+ * attributes in the template.  First, we want to allow the client
+ * of this API to set extensions more than just once.  So we will
+ * need the ability grow the array of extensions.  Since arenas don't
+ * give us the realloc function, we'll use the generic PORT_* functions
+ * to allocate the array of pointers *ONLY*.  Then we will allocate each
+ * individual extension from the arena that comes along with the certReq
+ * structure that owns this template.
+ */
+static SECStatus
+crmf_template_add_extensions(PLArenaPool *poolp, CRMFCertTemplate *inTemplate,
+                             CRMFCertExtCreationInfo *extensions)
+{
+    void *mark;
+    int newSize, oldSize, i;
+    SECStatus rv;
+    CRMFCertExtension **extArray;
+    CRMFCertExtension *newExt, *currExt;
+
+    mark = PORT_ArenaMark(poolp);
+    if (inTemplate->extensions == NULL) {
+        newSize = extensions->numExtensions;
+        extArray = PORT_ZNewArray(CRMFCertExtension *, newSize + 1);
+    } else {
+        newSize = inTemplate->numExtensions + extensions->numExtensions;
+        extArray = PORT_Realloc(inTemplate->extensions,
+                                sizeof(CRMFCertExtension *) * (newSize + 1));
+    }
+    if (extArray == NULL) {
+        goto loser;
+    }
+    oldSize = inTemplate->numExtensions;
+    inTemplate->extensions = extArray;
+    inTemplate->numExtensions = newSize;
+    for (i = oldSize; i < newSize; i++) {
+        newExt = PORT_ArenaZNew(poolp, CRMFCertExtension);
+        if (newExt == NULL) {
+            goto loser2;
+        }
+        currExt = extensions->extensions[i - oldSize];
+        rv = crmf_copy_secitem(poolp, &(newExt->id), &(currExt->id));
+        if (rv != SECSuccess) {
+            goto loser2;
+        }
+        rv = crmf_copy_secitem(poolp, &(newExt->critical),
+                               &(currExt->critical));
+        if (rv != SECSuccess) {
+            goto loser2;
+        }
+        rv = crmf_copy_secitem(poolp, &(newExt->value), &(currExt->value));
+        if (rv != SECSuccess) {
+            goto loser2;
+        }
+        extArray[i] = newExt;
+    }
+    extArray[newSize] = NULL;
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+loser2:
+    crmf_zeroize_new_extensions(&(inTemplate->extensions[oldSize]),
+                                extensions->numExtensions);
+    inTemplate->numExtensions = oldSize;
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestSetTemplateField(CRMFCertRequest *inCertReq,
+                                 CRMFCertTemplateField inTemplateField,
+                                 void *data)
+{
+    CRMFCertTemplate *certTemplate;
+    PLArenaPool *poolp;
+    SECStatus rv = SECFailure;
+    void *mark;
+
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+
+    certTemplate = &(inCertReq->certTemplate);
+
+    poolp = inCertReq->poolp;
+    mark = PORT_ArenaMark(poolp);
+    switch (inTemplateField) {
+        case crmfVersion:
+            rv = crmf_template_add_version(poolp, &(certTemplate->version),
+                                           *(long *)data);
+            break;
+        case crmfSerialNumber:
+            rv = crmf_template_add_serialnumber(poolp,
+                                                &(certTemplate->serialNumber),
+                                                *(long *)data);
+            break;
+        case crmfSigningAlg:
+            rv = crmf_template_copy_secalg(poolp, &(certTemplate->signingAlg),
+                                           (SECAlgorithmID *)data);
+            break;
+        case crmfIssuer:
+            rv = crmf_template_add_issuer(poolp, &(certTemplate->issuer),
+                                          (CERTName *)data);
+            break;
+        case crmfValidity:
+            rv = crmf_template_add_validity(poolp, &(certTemplate->validity),
+                                            (CRMFValidityCreationInfo *)data);
+            break;
+        case crmfSubject:
+            rv = crmf_template_add_subject(poolp, &(certTemplate->subject),
+                                           (CERTName *)data);
+            break;
+        case crmfPublicKey:
+            rv = crmf_template_add_public_key(poolp, &(certTemplate->publicKey),
+                                              (CERTSubjectPublicKeyInfo *)data);
+            break;
+        case crmfIssuerUID:
+            rv = crmf_template_add_issuer_uid(poolp, &(certTemplate->issuerUID),
+                                              (SECItem *)data);
+            break;
+        case crmfSubjectUID:
+            rv = crmf_template_add_subject_uid(poolp, &(certTemplate->subjectUID),
+                                               (SECItem *)data);
+            break;
+        case crmfExtension:
+            rv = crmf_template_add_extensions(poolp, certTemplate,
+                                              (CRMFCertExtCreationInfo *)data);
+            break;
+    }
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(poolp, mark);
+    } else {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+    return rv;
+}
+
+SECStatus
+CRMF_CertReqMsgSetCertRequest(CRMFCertReqMsg *inCertReqMsg,
+                              CRMFCertRequest *inCertReq)
+{
+    PORT_Assert(inCertReqMsg != NULL && inCertReq != NULL);
+    if (inCertReqMsg == NULL || inCertReq == NULL) {
+        return SECFailure;
+    }
+    inCertReqMsg->certReq = crmf_copy_cert_request(inCertReqMsg->poolp,
+                                                   inCertReq);
+    return (inCertReqMsg->certReq == NULL) ? SECFailure : SECSuccess;
+}
+
+CRMFCertReqMsg *
+CRMF_CreateCertReqMsg(void)
+{
+    PLArenaPool *poolp;
+    CRMFCertReqMsg *reqMsg;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        goto loser;
+    }
+    reqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
+    if (reqMsg == NULL) {
+        goto loser;
+    }
+    reqMsg->poolp = poolp;
+    return reqMsg;
+
+loser:
+    if (poolp) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
+
+SECStatus
+CRMF_DestroyCertReqMsg(CRMFCertReqMsg *inCertReqMsg)
+{
+    PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->poolp != NULL);
+    if (!inCertReqMsg->isDecoded) {
+        if (inCertReqMsg->certReq->certTemplate.extensions != NULL) {
+            PORT_Free(inCertReqMsg->certReq->certTemplate.extensions);
+        }
+        if (inCertReqMsg->certReq->controls != NULL) {
+            PORT_Free(inCertReqMsg->certReq->controls);
+        }
+    }
+    PORT_FreeArena(inCertReqMsg->poolp, PR_TRUE);
+    return SECSuccess;
+}
+
+CRMFCertExtension *
+crmf_create_cert_extension(PLArenaPool *poolp,
+                           SECOidTag id,
+                           PRBool isCritical,
+                           SECItem *data)
+{
+    CRMFCertExtension *newExt;
+    SECOidData *oidData;
+    SECStatus rv;
+
+    newExt = (poolp == NULL) ? PORT_ZNew(CRMFCertExtension) : PORT_ArenaZNew(poolp, CRMFCertExtension);
+    if (newExt == NULL) {
+        goto loser;
+    }
+    oidData = SECOID_FindOIDByTag(id);
+    if (oidData == NULL ||
+        oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) {
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(poolp, &(newExt->id), &(oidData->oid));
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(poolp, &(newExt->value), data);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (isCritical) {
+        newExt->critical.data = (poolp == NULL) ? PORT_New(unsigned char)
+                                                : PORT_ArenaNew(poolp, unsigned char);
+        if (newExt->critical.data == NULL) {
+            goto loser;
+        }
+        newExt->critical.data[0] = hexTrue;
+        newExt->critical.len = 1;
+    }
+    return newExt;
+loser:
+    if (newExt != NULL && poolp == NULL) {
+        CRMF_DestroyCertExtension(newExt);
+    }
+    return NULL;
+}
+
+CRMFCertExtension *
+CRMF_CreateCertExtension(SECOidTag id,
+                         PRBool isCritical,
+                         SECItem *data)
+{
+    return crmf_create_cert_extension(NULL, id, isCritical, data);
+}
+
+static SECStatus
+crmf_destroy_cert_extension(CRMFCertExtension *inExtension, PRBool freeit)
+{
+    if (inExtension != NULL) {
+        SECITEM_FreeItem(&(inExtension->id), PR_FALSE);
+        SECITEM_FreeItem(&(inExtension->value), PR_FALSE);
+        SECITEM_FreeItem(&(inExtension->critical), PR_FALSE);
+        if (freeit) {
+            PORT_Free(inExtension);
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CRMF_DestroyCertExtension(CRMFCertExtension *inExtension)
+{
+    return crmf_destroy_cert_extension(inExtension, PR_TRUE);
+}
+
+SECStatus
+CRMF_DestroyCertReqMessages(CRMFCertReqMessages *inCertReqMsgs)
+{
+    PORT_Assert(inCertReqMsgs != NULL);
+    if (inCertReqMsgs != NULL) {
+        PORT_FreeArena(inCertReqMsgs->poolp, PR_TRUE);
+    }
+    return SECSuccess;
+}
+
+static PRBool
+crmf_item_has_data(SECItem *item)
+{
+    if (item != NULL && item->data != NULL) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+PRBool
+CRMF_CertRequestIsFieldPresent(CRMFCertRequest *inCertReq,
+                               CRMFCertTemplateField inTemplateField)
+{
+    PRBool retVal;
+    CRMFCertTemplate *certTemplate;
+
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        /* This is probably some kind of error, but this is
+         * the safest return value for this function.
+         */
+        return PR_FALSE;
+    }
+    certTemplate = &inCertReq->certTemplate;
+    switch (inTemplateField) {
+        case crmfVersion:
+            retVal = crmf_item_has_data(&certTemplate->version);
+            break;
+        case crmfSerialNumber:
+            retVal = crmf_item_has_data(&certTemplate->serialNumber);
+            break;
+        case crmfSigningAlg:
+            retVal = IS_NOT_NULL(certTemplate->signingAlg);
+            break;
+        case crmfIssuer:
+            retVal = IS_NOT_NULL(certTemplate->issuer);
+            break;
+        case crmfValidity:
+            retVal = IS_NOT_NULL(certTemplate->validity);
+            break;
+        case crmfSubject:
+            retVal = IS_NOT_NULL(certTemplate->subject);
+            break;
+        case crmfPublicKey:
+            retVal = IS_NOT_NULL(certTemplate->publicKey);
+            break;
+        case crmfIssuerUID:
+            retVal = crmf_item_has_data(&certTemplate->issuerUID);
+            break;
+        case crmfSubjectUID:
+            retVal = crmf_item_has_data(&certTemplate->subjectUID);
+            break;
+        case crmfExtension:
+            retVal = IS_NOT_NULL(certTemplate->extensions);
+            break;
+        default:
+            retVal = PR_FALSE;
+    }
+    return retVal;
+}
diff --git a/nss/lib/crmf/crmft.h b/nss/lib/crmf/crmft.h
new file mode 100644
index 0000000..8d83cf1
--- /dev/null
+++ b/nss/lib/crmf/crmft.h
@@ -0,0 +1,186 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Header file with all of the structures and types that will be exported
+ * by the security library for implementation of CRMF.
+ */
+
+#ifndef _CRMFT_H_
+#define _CRMFT_H_
+
+/* Use these enumerated values for adding fields to the certificate request */
+typedef enum {
+    crmfVersion = 0,
+    crmfSerialNumber = 1,
+    crmfSigningAlg = 2,
+    crmfIssuer = 3,
+    crmfValidity = 4,
+    crmfSubject = 5,
+    crmfPublicKey = 6,
+    crmfIssuerUID = 7,
+    crmfSubjectUID = 8,
+    crmfExtension = 9
+} CRMFCertTemplateField;
+
+/*
+ * An enumeration for the different types of controls.
+ */
+typedef enum {
+    crmfNoControl = 0,
+    crmfRegTokenControl = 1,
+    crmfAuthenticatorControl = 2,
+    crmfPKIPublicationInfoControl = 3,
+    crmfPKIArchiveOptionsControl = 4,
+    crmfOldCertIDControl = 5,
+    crmfProtocolEncrKeyControl = 6
+} CRMFControlType;
+
+/*
+ * The possible values that are passed into CRMF_CreatePKIPublicationInfo
+ */
+typedef enum {
+    crmfDontPublish = 0,
+    crmfPleasePublish = 1
+} CRMFPublicationAction;
+
+/*
+ * An enumeration for the possible for pubMethod which is a part of
+ * the SinglePubInfo ASN1 type.
+ */
+typedef enum {
+    crmfDontCare = 0,
+    crmfX500 = 1,
+    crmfWeb = 2,
+    crmfLdap = 3
+} CRMFPublicationMethod;
+
+/*
+ * An enumeration for the different options for PKIArchiveOptions type.
+ */
+typedef enum {
+    crmfNoArchiveOptions = 0,
+    crmfEncryptedPrivateKey = 1,
+    crmfKeyGenParameters = 2,
+    crmfArchiveRemGenPrivKey = 3
+} CRMFPKIArchiveOptionsType;
+
+/*
+ * An enumeration for the different options for ProofOfPossession
+ */
+typedef enum {
+    crmfNoPOPChoice = 0,
+    crmfRAVerified = 1,
+    crmfSignature = 2,
+    crmfKeyEncipherment = 3,
+    crmfKeyAgreement = 4
+} CRMFPOPChoice;
+
+/*
+ * An enumertion type for options for the authInfo field of the
+ * CRMFPOPOSigningKeyInput structure.
+ */
+typedef enum {
+    crmfSender = 0,
+    crmfPublicKeyMAC = 1
+} CRMFPOPOSkiInputAuthChoice;
+
+/*
+ * An enumeration for the SubsequentMessage Options.
+ */
+typedef enum {
+    crmfNoSubseqMess = 0,
+    crmfEncrCert = 1,
+    crmfChallengeResp = 2
+} CRMFSubseqMessOptions;
+
+/*
+ * An enumeration for the choice used by POPOPrivKey.
+ */
+typedef enum {
+    crmfNoMessage = 0,
+    crmfThisMessage = 1,
+    crmfSubsequentMessage = 2,
+    crmfDHMAC = 3
+} CRMFPOPOPrivKeyChoice;
+
+/*
+ * An enumeration for the choices for the EncryptedKey type.
+ */
+typedef enum {
+    crmfNoEncryptedKeyChoice = 0,
+    crmfEncryptedValueChoice = 1,
+    crmfEnvelopedDataChoice = 2
+} CRMFEncryptedKeyChoice;
+
+/*
+ * TYPE: CRMFEncoderOutputCallback
+ *     This function type defines a prototype for a function that the CRMF
+ *     library expects when encoding is performed.
+ *
+ * ARGUMENTS:
+ *     arg
+ *         This will be a pointer the user passed into an encoding function.
+ *         The user of the library is free to use this pointer in any way.
+ *         The most common use is to keep around a buffer for writing out
+ *         the DER encoded bytes.
+ *     buf
+ *         The DER encoded bytes that should be written out.
+ *     len
+ *         The number of DER encoded bytes to write out.
+ *
+ */
+typedef void (*CRMFEncoderOutputCallback)(void *arg,
+                                          const char *buf,
+                                          unsigned long len);
+
+/*
+ * Type for the function that gets a password.  Just in case we ever
+ * need to support publicKeyMAC for POPOSigningKeyInput
+ */
+typedef SECItem *(*CRMFMACPasswordCallback)(void *arg);
+
+typedef struct CRMFOptionalValidityStr CRMFOptionalValidity;
+typedef struct CRMFValidityCreationInfoStr CRMFGetValidity;
+typedef struct CRMFCertTemplateStr CRMFCertTemplate;
+typedef struct CRMFCertRequestStr CRMFCertRequest;
+typedef struct CRMFCertReqMsgStr CRMFCertReqMsg;
+typedef struct CRMFCertReqMessagesStr CRMFCertReqMessages;
+typedef struct CRMFProofOfPossessionStr CRMFProofOfPossession;
+typedef struct CRMFPOPOSigningKeyStr CRMFPOPOSigningKey;
+typedef struct CRMFPOPOSigningKeyInputStr CRMFPOPOSigningKeyInput;
+typedef struct CRMFPOPOPrivKeyStr CRMFPOPOPrivKey;
+typedef struct CRMFPKIPublicationInfoStr CRMFPKIPublicationInfo;
+typedef struct CRMFSinglePubInfoStr CRMFSinglePubInfo;
+typedef struct CRMFPKIArchiveOptionsStr CRMFPKIArchiveOptions;
+typedef struct CRMFEncryptedKeyStr CRMFEncryptedKey;
+typedef struct CRMFEncryptedValueStr CRMFEncryptedValue;
+typedef struct CRMFCertIDStr CRMFCertID;
+typedef struct CRMFCertIDStr CRMFOldCertID;
+typedef CERTSubjectPublicKeyInfo CRMFProtocolEncrKey;
+typedef struct CRMFValidityCreationInfoStr CRMFValidityCreationInfo;
+typedef struct CRMFCertExtCreationInfoStr CRMFCertExtCreationInfo;
+typedef struct CRMFPKMACValueStr CRMFPKMACValue;
+typedef struct CRMFAttributeStr CRMFAttribute;
+typedef struct CRMFControlStr CRMFControl;
+typedef CERTGeneralName CRMFGeneralName;
+typedef struct CRMFCertExtensionStr CRMFCertExtension;
+
+struct CRMFValidityCreationInfoStr {
+    PRTime *notBefore;
+    PRTime *notAfter;
+};
+
+struct CRMFCertExtCreationInfoStr {
+    CRMFCertExtension **extensions;
+    int numExtensions;
+};
+
+/*
+ * Some ASN1 Templates that may be needed.
+ */
+extern const SEC_ASN1Template CRMFCertReqMessagesTemplate[];
+extern const SEC_ASN1Template CRMFCertRequestTemplate[];
+
+#endif /*_CRMFT_H_*/
diff --git a/nss/lib/crmf/crmftmpl.c b/nss/lib/crmf/crmftmpl.c
new file mode 100644
index 0000000..265a15d
--- /dev/null
+++ b/nss/lib/crmf/crmftmpl.c
@@ -0,0 +1,240 @@
+/* -*- Mode: C; tab-width: 8 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "crmf.h"
+#include "crmfi.h"
+#include "secoid.h"
+#include "secasn1.h"
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_NullTemplate)
+SEC_ASN1_MKSUB(SEC_BitStringTemplate)
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+SEC_ASN1_MKSUB(CERT_TimeChoiceTemplate)
+SEC_ASN1_MKSUB(CERT_SubjectPublicKeyInfoTemplate)
+SEC_ASN1_MKSUB(CERT_NameTemplate)
+
+/*
+ * It's all implicit tagging.
+ */
+
+const SEC_ASN1Template CRMFControlTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFControl) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CRMFControl, derTag) },
+    { SEC_ASN1_ANY, offsetof(CRMFControl, derValue) },
+    { 0 }
+};
+
+static const SEC_ASN1Template CRMFCertExtensionTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CRMFCertExtension) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(CRMFCertExtension, id) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
+      offsetof(CRMFCertExtension, critical) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(CRMFCertExtension, value) },
+    { 0 }
+};
+
+static const SEC_ASN1Template CRMFSequenceOfCertExtensionTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, CRMFCertExtensionTemplate }
+};
+
+static const SEC_ASN1Template CRMFOptionalValidityTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFOptionalValidity) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 0,
+      offsetof(CRMFOptionalValidity, notBefore),
+      SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_NO_STREAM |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
+      offsetof(CRMFOptionalValidity, notAfter),
+      SEC_ASN1_SUB(CERT_TimeChoiceTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template crmfPointerToNameTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(CERT_NameTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template CRMFCertTemplateTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(CRMFCertTemplate, version),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL | SEC_ASN1_XTRN | 1,
+      offsetof(CRMFCertTemplate, serialNumber),
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+          SEC_ASN1_XTRN | 2,
+      offsetof(CRMFCertTemplate, signingAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 3,
+      offsetof(CRMFCertTemplate, issuer), crmfPointerToNameTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER | 4,
+      offsetof(CRMFCertTemplate, validity),
+      CRMFOptionalValidityTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | 5,
+      offsetof(CRMFCertTemplate, subject), crmfPointerToNameTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+          SEC_ASN1_XTRN | 6,
+      offsetof(CRMFCertTemplate, publicKey),
+      SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) },
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+          SEC_ASN1_XTRN | 7,
+      offsetof(CRMFCertTemplate, issuerUID),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+          SEC_ASN1_XTRN | 8,
+      offsetof(CRMFCertTemplate, subjectUID),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_OPTIONAL |
+          SEC_ASN1_CONTEXT_SPECIFIC | 9,
+      offsetof(CRMFCertTemplate, extensions),
+      CRMFSequenceOfCertExtensionTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template CRMFAttributeTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFAttribute) },
+    { SEC_ASN1_OBJECT_ID, offsetof(CRMFAttribute, derTag) },
+    { SEC_ASN1_ANY, offsetof(CRMFAttribute, derValue) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFCertRequestTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertRequest) },
+    { SEC_ASN1_INTEGER, offsetof(CRMFCertRequest, certReqId) },
+    { SEC_ASN1_INLINE, offsetof(CRMFCertRequest, certTemplate),
+      CRMFCertTemplateTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
+      offsetof(CRMFCertRequest, controls),
+      CRMFControlTemplate }, /* SEQUENCE SIZE (1...MAX)*/
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFCertReqMsgTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFCertReqMsg) },
+    { SEC_ASN1_POINTER, offsetof(CRMFCertReqMsg, certReq),
+      CRMFCertRequestTemplate },
+    { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
+      offsetof(CRMFCertReqMsg, derPOP) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_SEQUENCE_OF,
+      offsetof(CRMFCertReqMsg, regInfo),
+      CRMFAttributeTemplate }, /* SEQUENCE SIZE (1...MAX)*/
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages),
+      CRMFCertReqMsgTemplate, sizeof(CRMFCertReqMessages) }
+};
+
+const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN,
+      0,
+      SEC_ASN1_SUB(SEC_NullTemplate) },
+    { 0 }
+};
+
+/* This template will need to add POPOSigningKeyInput eventually, maybe*/
+static const SEC_ASN1Template crmfPOPOSigningKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPOPOSigningKey) },
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(CRMFPOPOSigningKey, derInput),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(CRMFPOPOSigningKey, algorithmIdentifier),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING | SEC_ASN1_XTRN,
+      offsetof(CRMFPOPOSigningKey, signature),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFPOPOSigningKeyTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      0,
+      crmfPOPOSigningKeyTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFThisMessageTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      0,
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFSubsequentMessageTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      0,
+      SEC_ASN1_SUB(SEC_IntegerTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFDHMACTemplate[] = {
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+      0,
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate[] = {
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+      0,
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate[] = {
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 3,
+      0,
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFEncryptedValueTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFEncryptedValue) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+          SEC_ASN1_XTRN | 0,
+      offsetof(CRMFEncryptedValue, intendedAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+          SEC_ASN1_XTRN | 1,
+      offsetof(CRMFEncryptedValue, symmAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_OPTIONAL |
+          SEC_ASN1_XTRN | 2,
+      offsetof(CRMFEncryptedValue, encSymmKey),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_POINTER |
+          SEC_ASN1_XTRN | 3,
+      offsetof(CRMFEncryptedValue, keyAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_NO_STREAM | SEC_ASN1_OPTIONAL | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 4,
+      offsetof(CRMFEncryptedValue, valueHint),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate) },
+    { SEC_ASN1_BIT_STRING, offsetof(CRMFEncryptedValue, encValue) },
+    { 0 }
+};
+
+const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate[] = {
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      0,
+      CRMFEncryptedValueTemplate },
+    { 0 }
+};
diff --git a/nss/lib/crmf/encutil.c b/nss/lib/crmf/encutil.c
new file mode 100644
index 0000000..8ca7007
--- /dev/null
+++ b/nss/lib/crmf/encutil.c
@@ -0,0 +1,33 @@
+/* -*- Mode: C; tab-width: 8 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secasn1.h"
+#include "crmf.h"
+#include "crmfi.h"
+
+void
+crmf_encoder_out(void *arg, const char *buf, unsigned long len,
+                 int depth, SEC_ASN1EncodingPart data_kind)
+{
+    struct crmfEncoderOutput *output;
+
+    output = (struct crmfEncoderOutput *)arg;
+    output->fn(output->outputArg, buf, len);
+}
+
+SECStatus
+cmmf_user_encode(void *src, CRMFEncoderOutputCallback inCallback, void *inArg,
+                 const SEC_ASN1Template *inTemplate)
+{
+    struct crmfEncoderOutput output;
+
+    PORT_Assert(src != NULL);
+    if (src == NULL) {
+        return SECFailure;
+    }
+    output.fn = inCallback;
+    output.outputArg = inArg;
+    return SEC_ASN1Encode(src, inTemplate, crmf_encoder_out, &output);
+}
diff --git a/nss/lib/crmf/exports.gyp b/nss/lib/crmf/exports.gyp
new file mode 100644
index 0000000..fca0097
--- /dev/null
+++ b/nss/lib/crmf/exports.gyp
@@ -0,0 +1,37 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_crmf_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'cmmf.h',
+            'cmmft.h',
+            'crmf.h',
+            'crmft.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'cmmfi.h',
+            'cmmfit.h',
+            'crmfi.h',
+            'crmfit.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/crmf/manifest.mn b/nss/lib/crmf/manifest.mn
new file mode 100644
index 0000000..9f177b9
--- /dev/null
+++ b/nss/lib/crmf/manifest.mn
@@ -0,0 +1,46 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+EXPORTS = \
+	crmf.h	\
+	crmft.h	\
+	cmmf.h  \
+	cmmft.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	crmfi.h   \
+	crmfit.h  \
+	cmmfi.h   \
+	cmmfit.h  \
+	$(NULL)
+
+CSRCS = crmfenc.c	\
+	crmftmpl.c	\
+	crmfreq.c	\
+	crmfpop.c	\
+	crmfdec.c	\
+	crmfget.c	\
+	crmfcont.c	\
+	cmmfasn1.c	\
+	cmmfresp.c	\
+	cmmfrec.c	\
+	cmmfchal.c	\
+	servget.c	\
+	encutil.c	\
+	respcli.c	\
+	respcmn.c	\
+	challcli.c	\
+	asn1cmn.c	\
+	$(NULL)
+
+LIBRARY_NAME = crmf
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/crmf/respcli.c b/nss/lib/crmf/respcli.c
new file mode 100644
index 0000000..aaec013
--- /dev/null
+++ b/nss/lib/crmf/respcli.c
@@ -0,0 +1,136 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This file will contain all routines needed by a client that has
+ * to parse a CMMFCertRepContent structure and retirieve the appropriate
+ * data.
+ */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "crmf.h"
+#include "crmfi.h"
+#include "secitem.h"
+#include "secder.h"
+#include "secasn1.h"
+
+CMMFCertRepContent *
+CMMF_CreateCertRepContentFromDER(CERTCertDBHandle *db, const char *buf,
+                                 long len)
+{
+    PLArenaPool *poolp;
+    CMMFCertRepContent *certRepContent;
+    SECStatus rv;
+    int i;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    certRepContent = PORT_ArenaZNew(poolp, CMMFCertRepContent);
+    if (certRepContent == NULL) {
+        goto loser;
+    }
+    certRepContent->poolp = poolp;
+    rv = SEC_ASN1Decode(poolp, certRepContent, CMMFCertRepContentTemplate,
+                        buf, len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (certRepContent->response != NULL) {
+        for (i = 0; certRepContent->response[i] != NULL; i++) {
+            rv = cmmf_decode_process_cert_response(poolp, db,
+                                                   certRepContent->response[i]);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+        }
+    }
+    certRepContent->isDecoded = PR_TRUE;
+    return certRepContent;
+loser:
+    PORT_FreeArena(poolp, PR_FALSE);
+    return NULL;
+}
+
+long
+CMMF_CertResponseGetCertReqId(CMMFCertResponse *inCertResp)
+{
+    PORT_Assert(inCertResp != NULL);
+    if (inCertResp == NULL) {
+        return -1;
+    }
+    return DER_GetInteger(&inCertResp->certReqId);
+}
+
+PRBool
+cmmf_CertRepContentIsIndexValid(CMMFCertRepContent *inCertRepContent,
+                                int inIndex)
+{
+    int numResponses;
+
+    PORT_Assert(inCertRepContent != NULL);
+    numResponses = CMMF_CertRepContentGetNumResponses(inCertRepContent);
+    return (PRBool)(inIndex >= 0 && inIndex < numResponses);
+}
+
+CMMFCertResponse *
+CMMF_CertRepContentGetResponseAtIndex(CMMFCertRepContent *inCertRepContent,
+                                      int inIndex)
+{
+    CMMFCertResponse *certResponse;
+    SECStatus rv;
+
+    PORT_Assert(inCertRepContent != NULL &&
+                cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex));
+    if (inCertRepContent == NULL ||
+        !cmmf_CertRepContentIsIndexValid(inCertRepContent, inIndex)) {
+        return NULL;
+    }
+    certResponse = PORT_ZNew(CMMFCertResponse);
+    if (certResponse) {
+        rv = cmmf_CopyCertResponse(NULL, certResponse,
+                                   inCertRepContent->response[inIndex]);
+        if (rv != SECSuccess) {
+            CMMF_DestroyCertResponse(certResponse);
+            certResponse = NULL;
+        }
+    }
+    return certResponse;
+}
+
+CMMFPKIStatus
+CMMF_CertResponseGetPKIStatusInfoStatus(CMMFCertResponse *inCertResp)
+{
+    PORT_Assert(inCertResp != NULL);
+    if (inCertResp == NULL) {
+        return cmmfNoPKIStatus;
+    }
+    return cmmf_PKIStatusInfoGetStatus(&inCertResp->status);
+}
+
+CERTCertificate *
+CMMF_CertResponseGetCertificate(CMMFCertResponse *inCertResp,
+                                CERTCertDBHandle *inCertdb)
+{
+    PORT_Assert(inCertResp != NULL);
+    if (inCertResp == NULL || inCertResp->certifiedKeyPair == NULL) {
+        return NULL;
+    }
+
+    return cmmf_CertOrEncCertGetCertificate(
+        &inCertResp->certifiedKeyPair->certOrEncCert, inCertdb);
+}
+
+CERTCertList *
+CMMF_CertRepContentGetCAPubs(CMMFCertRepContent *inCertRepContent)
+{
+    PORT_Assert(inCertRepContent != NULL);
+    if (inCertRepContent == NULL || inCertRepContent->caPubs == NULL) {
+        return NULL;
+    }
+    return cmmf_MakeCertList(inCertRepContent->caPubs);
+}
diff --git a/nss/lib/crmf/respcmn.c b/nss/lib/crmf/respcmn.c
new file mode 100644
index 0000000..f9e4155
--- /dev/null
+++ b/nss/lib/crmf/respcmn.c
@@ -0,0 +1,399 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "secitem.h"
+#include "secder.h"
+
+SECStatus
+cmmf_DestroyPKIStatusInfo(CMMFPKIStatusInfo *info, PRBool freeit)
+{
+    if (info->status.data != NULL) {
+        PORT_Free(info->status.data);
+        info->status.data = NULL;
+    }
+    if (info->statusString.data != NULL) {
+        PORT_Free(info->statusString.data);
+        info->statusString.data = NULL;
+    }
+    if (info->failInfo.data != NULL) {
+        PORT_Free(info->failInfo.data);
+        info->failInfo.data = NULL;
+    }
+    if (freeit) {
+        PORT_Free(info);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CMMF_DestroyCertResponse(CMMFCertResponse *inCertResp)
+{
+    PORT_Assert(inCertResp != NULL);
+    if (inCertResp != NULL) {
+        if (inCertResp->certReqId.data != NULL) {
+            PORT_Free(inCertResp->certReqId.data);
+        }
+        cmmf_DestroyPKIStatusInfo(&inCertResp->status, PR_FALSE);
+        if (inCertResp->certifiedKeyPair != NULL) {
+            CMMF_DestroyCertifiedKeyPair(inCertResp->certifiedKeyPair);
+        }
+        PORT_Free(inCertResp);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent)
+{
+    PORT_Assert(inCertRepContent != NULL);
+    if (inCertRepContent != NULL) {
+        CMMFCertResponse **pResponse = inCertRepContent->response;
+        if (pResponse != NULL) {
+            for (; *pResponse != NULL; pResponse++) {
+                CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair;
+                /* XXX Why not call CMMF_DestroyCertifiedKeyPair or
+                 ** XXX cmmf_DestroyCertOrEncCert ?
+                 */
+                if (certKeyPair != NULL &&
+                    certKeyPair->certOrEncCert.choice == cmmfCertificate &&
+                    certKeyPair->certOrEncCert.cert.certificate != NULL) {
+                    CERT_DestroyCertificate(certKeyPair->certOrEncCert.cert.certificate);
+                    certKeyPair->certOrEncCert.cert.certificate = NULL;
+                }
+            }
+        }
+        if (inCertRepContent->caPubs) {
+            CERTCertificate **caPubs = inCertRepContent->caPubs;
+            for (; *caPubs; ++caPubs) {
+                CERT_DestroyCertificate(*caPubs);
+                *caPubs = NULL;
+            }
+        }
+        if (inCertRepContent->poolp != NULL) {
+            PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CMMF_DestroyPOPODecKeyChallContent(CMMFPOPODecKeyChallContent *inDecKeyCont)
+{
+    PORT_Assert(inDecKeyCont != NULL);
+    if (inDecKeyCont != NULL && inDecKeyCont->poolp) {
+        PORT_FreeArena(inDecKeyCont->poolp, PR_FALSE);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+crmf_create_prtime(SECItem *src, PRTime **dest)
+{
+    *dest = PORT_ZNew(PRTime);
+    return DER_DecodeTimeChoice(*dest, src);
+}
+
+CRMFCertExtension *
+crmf_copy_cert_extension(PLArenaPool *poolp, CRMFCertExtension *inExtension)
+{
+    PRBool isCritical;
+    SECOidTag id;
+    SECItem *data;
+    CRMFCertExtension *newExt;
+
+    PORT_Assert(inExtension != NULL);
+    if (inExtension == NULL) {
+        return NULL;
+    }
+    id = CRMF_CertExtensionGetOidTag(inExtension);
+    isCritical = CRMF_CertExtensionGetIsCritical(inExtension);
+    data = CRMF_CertExtensionGetValue(inExtension);
+    newExt = crmf_create_cert_extension(poolp, id,
+                                        isCritical,
+                                        data);
+    SECITEM_FreeItem(data, PR_TRUE);
+    return newExt;
+}
+
+static SECItem *
+cmmf_encode_certificate(CERTCertificate *inCert)
+{
+    return SEC_ASN1EncodeItem(NULL, NULL, inCert,
+                              SEC_ASN1_GET(SEC_SignedCertificateTemplate));
+}
+
+CERTCertList *
+cmmf_MakeCertList(CERTCertificate **inCerts)
+{
+    CERTCertList *certList;
+    CERTCertificate *currCert;
+    SECItem *derCert, *freeCert = NULL;
+    SECStatus rv;
+    int i;
+
+    certList = CERT_NewCertList();
+    if (certList == NULL) {
+        return NULL;
+    }
+    for (i = 0; inCerts[i] != NULL; i++) {
+        derCert = &inCerts[i]->derCert;
+        if (derCert->data == NULL) {
+            derCert = freeCert = cmmf_encode_certificate(inCerts[i]);
+        }
+        currCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                           derCert, NULL, PR_FALSE, PR_TRUE);
+        if (freeCert != NULL) {
+            SECITEM_FreeItem(freeCert, PR_TRUE);
+            freeCert = NULL;
+        }
+        if (currCert == NULL) {
+            goto loser;
+        }
+        rv = CERT_AddCertToListTail(certList, currCert);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    return certList;
+loser:
+    CERT_DestroyCertList(certList);
+    return NULL;
+}
+
+CMMFPKIStatus
+cmmf_PKIStatusInfoGetStatus(CMMFPKIStatusInfo *inStatus)
+{
+    long derVal;
+
+    derVal = DER_GetInteger(&inStatus->status);
+    if (derVal == -1 || derVal < cmmfGranted || derVal >= cmmfNumPKIStatus) {
+        return cmmfNoPKIStatus;
+    }
+    return (CMMFPKIStatus)derVal;
+}
+
+int
+CMMF_CertRepContentGetNumResponses(CMMFCertRepContent *inCertRepContent)
+{
+    int numResponses = 0;
+    PORT_Assert(inCertRepContent != NULL);
+    if (inCertRepContent != NULL && inCertRepContent->response != NULL) {
+        while (inCertRepContent->response[numResponses] != NULL) {
+            numResponses++;
+        }
+    }
+    return numResponses;
+}
+
+SECStatus
+cmmf_DestroyCertOrEncCert(CMMFCertOrEncCert *certOrEncCert, PRBool freeit)
+{
+    switch (certOrEncCert->choice) {
+        case cmmfCertificate:
+            CERT_DestroyCertificate(certOrEncCert->cert.certificate);
+            certOrEncCert->cert.certificate = NULL;
+            break;
+        case cmmfEncryptedCert:
+            crmf_destroy_encrypted_value(certOrEncCert->cert.encryptedCert,
+                                         PR_TRUE);
+            certOrEncCert->cert.encryptedCert = NULL;
+            break;
+        default:
+            break;
+    }
+    if (freeit) {
+        PORT_Free(certOrEncCert);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+cmmf_copy_secitem(PLArenaPool *poolp, SECItem *dest, SECItem *src)
+{
+    SECStatus rv;
+
+    if (src->data != NULL) {
+        rv = SECITEM_CopyItem(poolp, dest, src);
+    } else {
+        dest->data = NULL;
+        dest->len = 0;
+        rv = SECSuccess;
+    }
+    return rv;
+}
+
+SECStatus
+CMMF_DestroyCertifiedKeyPair(CMMFCertifiedKeyPair *inCertKeyPair)
+{
+    PORT_Assert(inCertKeyPair != NULL);
+    if (inCertKeyPair != NULL) {
+        cmmf_DestroyCertOrEncCert(&inCertKeyPair->certOrEncCert, PR_FALSE);
+        if (inCertKeyPair->privateKey) {
+            crmf_destroy_encrypted_value(inCertKeyPair->privateKey, PR_TRUE);
+        }
+        if (inCertKeyPair->derPublicationInfo.data) {
+            PORT_Free(inCertKeyPair->derPublicationInfo.data);
+        }
+        PORT_Free(inCertKeyPair);
+    }
+    return SECSuccess;
+}
+
+SECStatus
+cmmf_CopyCertResponse(PLArenaPool *poolp,
+                      CMMFCertResponse *dest,
+                      CMMFCertResponse *src)
+{
+    SECStatus rv;
+
+    if (src->certReqId.data != NULL) {
+        rv = SECITEM_CopyItem(poolp, &dest->certReqId, &src->certReqId);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+    rv = cmmf_CopyPKIStatusInfo(poolp, &dest->status, &src->status);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    if (src->certifiedKeyPair != NULL) {
+        CMMFCertifiedKeyPair *destKeyPair;
+
+        destKeyPair = (poolp == NULL) ? PORT_ZNew(CMMFCertifiedKeyPair) : PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
+        if (!destKeyPair) {
+            return SECFailure;
+        }
+        rv = cmmf_CopyCertifiedKeyPair(poolp, destKeyPair,
+                                       src->certifiedKeyPair);
+        if (rv != SECSuccess) {
+            if (!poolp) {
+                CMMF_DestroyCertifiedKeyPair(destKeyPair);
+            }
+            return rv;
+        }
+        dest->certifiedKeyPair = destKeyPair;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+cmmf_CopyCertOrEncCert(PLArenaPool *poolp, CMMFCertOrEncCert *dest,
+                       CMMFCertOrEncCert *src)
+{
+    SECStatus rv = SECSuccess;
+    CRMFEncryptedValue *encVal;
+
+    dest->choice = src->choice;
+    rv = cmmf_copy_secitem(poolp, &dest->derValue, &src->derValue);
+    switch (src->choice) {
+        case cmmfCertificate:
+            dest->cert.certificate = CERT_DupCertificate(src->cert.certificate);
+            break;
+        case cmmfEncryptedCert:
+            encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+            if (encVal == NULL) {
+                return SECFailure;
+            }
+            rv = crmf_copy_encryptedvalue(poolp, src->cert.encryptedCert, encVal);
+            if (rv != SECSuccess) {
+                if (!poolp) {
+                    crmf_destroy_encrypted_value(encVal, PR_TRUE);
+                }
+                return rv;
+            }
+            dest->cert.encryptedCert = encVal;
+            break;
+        default:
+            rv = SECFailure;
+    }
+    return rv;
+}
+
+SECStatus
+cmmf_CopyCertifiedKeyPair(PLArenaPool *poolp, CMMFCertifiedKeyPair *dest,
+                          CMMFCertifiedKeyPair *src)
+{
+    SECStatus rv;
+
+    rv = cmmf_CopyCertOrEncCert(poolp, &dest->certOrEncCert,
+                                &src->certOrEncCert);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    if (src->privateKey != NULL) {
+        CRMFEncryptedValue *encVal;
+
+        encVal = (poolp == NULL) ? PORT_ZNew(CRMFEncryptedValue) : PORT_ArenaZNew(poolp, CRMFEncryptedValue);
+        if (encVal == NULL) {
+            return SECFailure;
+        }
+        rv = crmf_copy_encryptedvalue(poolp, src->privateKey,
+                                      encVal);
+        if (rv != SECSuccess) {
+            if (!poolp) {
+                crmf_destroy_encrypted_value(encVal, PR_TRUE);
+            }
+            return rv;
+        }
+        dest->privateKey = encVal;
+    }
+    rv = cmmf_copy_secitem(poolp, &dest->derPublicationInfo,
+                           &src->derPublicationInfo);
+    return rv;
+}
+
+SECStatus
+cmmf_CopyPKIStatusInfo(PLArenaPool *poolp, CMMFPKIStatusInfo *dest,
+                       CMMFPKIStatusInfo *src)
+{
+    SECStatus rv;
+
+    rv = cmmf_copy_secitem(poolp, &dest->status, &src->status);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    rv = cmmf_copy_secitem(poolp, &dest->statusString, &src->statusString);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    rv = cmmf_copy_secitem(poolp, &dest->failInfo, &src->failInfo);
+    return rv;
+}
+
+CERTCertificate *
+cmmf_CertOrEncCertGetCertificate(CMMFCertOrEncCert *certOrEncCert,
+                                 CERTCertDBHandle *certdb)
+{
+    if (certOrEncCert->choice != cmmfCertificate ||
+        certOrEncCert->cert.certificate == NULL) {
+        return NULL;
+    }
+    return CERT_NewTempCertificate(certdb,
+                                   &certOrEncCert->cert.certificate->derCert,
+                                   NULL, PR_FALSE, PR_TRUE);
+}
+
+SECStatus
+cmmf_PKIStatusInfoSetStatus(CMMFPKIStatusInfo *statusInfo,
+                            PLArenaPool *poolp,
+                            CMMFPKIStatus inStatus)
+{
+    SECItem *dummy;
+
+    if (inStatus < cmmfGranted || inStatus >= cmmfNumPKIStatus) {
+        return SECFailure;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(poolp, &statusInfo->status, inStatus);
+    PORT_Assert(dummy == &statusInfo->status);
+    if (dummy != &statusInfo->status) {
+        SECITEM_FreeItem(dummy, PR_TRUE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
diff --git a/nss/lib/crmf/servget.c b/nss/lib/crmf/servget.c
new file mode 100644
index 0000000..6d576f8
--- /dev/null
+++ b/nss/lib/crmf/servget.c
@@ -0,0 +1,974 @@
+/* -*- Mode: C; tab-width: 8 -*-*/
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cmmf.h"
+#include "cmmfi.h"
+#include "secitem.h"
+#include "keyhi.h"
+#include "secder.h"
+
+CRMFEncryptedKeyChoice
+CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey)
+{
+    PORT_Assert(inEncrKey != NULL);
+    if (inEncrKey == NULL) {
+        return crmfNoEncryptedKeyChoice;
+    }
+    return inEncrKey->encKeyChoice;
+}
+
+CRMFEncryptedValue *
+CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
+{
+    CRMFEncryptedValue *newEncrValue = NULL;
+    SECStatus rv;
+
+    PORT_Assert(inEncrKey != NULL);
+    if (inEncrKey == NULL ||
+        CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
+        goto loser;
+    }
+    newEncrValue = PORT_ZNew(CRMFEncryptedValue);
+    if (newEncrValue == NULL) {
+        goto loser;
+    }
+    rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
+                                  newEncrValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newEncrValue;
+loser:
+    if (newEncrValue != NULL) {
+        CRMF_DestroyEncryptedValue(newEncrValue);
+    }
+    return NULL;
+}
+
+static SECItem *
+crmf_get_encvalue_bitstring(SECItem *srcItem)
+{
+    SECItem *newItem = NULL;
+    SECStatus rv;
+
+    if (srcItem->data == NULL) {
+        return NULL;
+    }
+    newItem = PORT_ZNew(SECItem);
+    if (newItem == NULL) {
+        goto loser;
+    }
+    rv = crmf_make_bitstring_copy(NULL, newItem, srcItem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newItem;
+loser:
+    if (newItem != NULL) {
+        SECITEM_FreeItem(newItem, PR_TRUE);
+    }
+    return NULL;
+}
+
+SECItem *
+CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
+{
+    if (inEncValue == NULL) {
+        return NULL;
+    }
+    return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey);
+}
+
+SECItem *
+CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
+{
+    if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) {
+        return NULL;
+    }
+    return crmf_get_encvalue_bitstring(&inEncrValue->encValue);
+}
+
+static SECAlgorithmID *
+crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
+{
+    SECStatus rv;
+    SECAlgorithmID *newAlgID;
+
+    if (srcAlg == NULL) {
+        return NULL;
+    }
+    rv = crmf_copy_encryptedvalue_secalg(NULL, srcAlg, &newAlgID);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+    return newAlgID;
+}
+
+SECAlgorithmID *
+CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
+{
+    if (inEncValue == NULL) {
+        return NULL;
+    }
+    return crmf_get_encvalue_algid(inEncValue->intendedAlg);
+}
+
+SECAlgorithmID *
+CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
+{
+    if (inEncValue == NULL) {
+        return NULL;
+    }
+    return crmf_get_encvalue_algid(inEncValue->keyAlg);
+}
+
+SECAlgorithmID *
+CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
+{
+    if (inEncValue == NULL) {
+        return NULL;
+    }
+    return crmf_get_encvalue_algid(inEncValue->symmAlg);
+}
+
+SECItem *
+CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
+{
+    if (inEncValue == NULL || inEncValue->valueHint.data == NULL) {
+        return NULL;
+    }
+    return SECITEM_DupItem(&inEncValue->valueHint);
+}
+
+SECStatus
+CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
+                                              PRBool *destVal)
+{
+    if (inOpt == NULL || destVal == NULL ||
+        CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey) {
+        return SECFailure;
+    }
+    *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
+                   ? PR_FALSE
+                   : PR_TRUE;
+    return SECSuccess;
+}
+
+CRMFEncryptedKey *
+CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
+{
+    CRMFEncryptedKey *newEncrKey = NULL;
+    SECStatus rv;
+
+    PORT_Assert(inOpts != NULL);
+    if (inOpts == NULL ||
+        CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey) {
+        return NULL;
+    }
+    newEncrKey = PORT_ZNew(CRMFEncryptedKey);
+    if (newEncrKey == NULL) {
+        goto loser;
+    }
+    rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
+                                newEncrKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newEncrKey;
+loser:
+    if (newEncrKey != NULL) {
+        CRMF_DestroyEncryptedKey(newEncrKey);
+    }
+    return NULL;
+}
+
+SECItem *
+CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
+{
+    if (inOptions == NULL ||
+        CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
+        inOptions->option.keyGenParameters.data == NULL) {
+        return NULL;
+    }
+    return SECITEM_DupItem(&inOptions->option.keyGenParameters);
+}
+
+CRMFPKIArchiveOptionsType
+CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions)
+{
+    PORT_Assert(inOptions != NULL);
+    if (inOptions == NULL) {
+        return crmfNoArchiveOptions;
+    }
+    return inOptions->archOption;
+}
+
+static SECStatus
+crmf_extract_long_from_item(SECItem *intItem, long *destLong)
+{
+    *destLong = DER_GetInteger(intItem);
+    return (*destLong == -1) ? SECFailure : SECSuccess;
+}
+
+SECStatus
+CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
+                              CRMFSubseqMessOptions *destOpt)
+{
+    long value;
+    SECStatus rv;
+
+    PORT_Assert(inKey != NULL);
+    if (inKey == NULL ||
+        inKey->messageChoice != crmfSubsequentMessage) {
+        return SECFailure;
+    }
+    rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage, &value);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    switch (value) {
+        case 0:
+            *destOpt = crmfEncrCert;
+            break;
+        case 1:
+            *destOpt = crmfChallengeResp;
+            break;
+        default:
+            rv = SECFailure;
+    }
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    return SECSuccess;
+}
+
+CRMFPOPOPrivKeyChoice
+CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inPrivKey)
+{
+    PORT_Assert(inPrivKey != NULL);
+    if (inPrivKey != NULL) {
+        return inPrivKey->messageChoice;
+    }
+    return crmfNoMessage;
+}
+
+SECStatus
+CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC)
+{
+    PORT_Assert(inKey != NULL);
+    if (inKey == NULL || inKey->message.dhMAC.data == NULL) {
+        return SECFailure;
+    }
+    return crmf_make_bitstring_copy(NULL, destMAC, &inKey->message.dhMAC);
+}
+
+SECStatus
+CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
+                               SECItem *destString)
+{
+    PORT_Assert(inKey != NULL);
+    if (inKey == NULL ||
+        inKey->messageChoice != crmfThisMessage) {
+        return SECFailure;
+    }
+
+    return crmf_make_bitstring_copy(NULL, destString,
+                                    &inKey->message.thisMessage);
+}
+
+SECAlgorithmID *
+CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
+{
+    SECAlgorithmID *newAlgId = NULL;
+    SECStatus rv;
+
+    PORT_Assert(inSignKey != NULL);
+    if (inSignKey == NULL) {
+        return NULL;
+    }
+    newAlgId = PORT_ZNew(SECAlgorithmID);
+    if (newAlgId == NULL) {
+        goto loser;
+    }
+    rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
+                                inSignKey->algorithmIdentifier);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newAlgId;
+
+loser:
+    if (newAlgId != NULL) {
+        SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
+    }
+    return NULL;
+}
+
+SECItem *
+CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
+{
+    PORT_Assert(inSignKey != NULL);
+    if (inSignKey == NULL || inSignKey->derInput.data == NULL) {
+        return NULL;
+    }
+    return SECITEM_DupItem(&inSignKey->derInput);
+}
+
+SECItem *
+CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
+{
+    SECItem *newSig = NULL;
+    SECStatus rv;
+
+    PORT_Assert(inSignKey != NULL);
+    if (inSignKey == NULL) {
+        return NULL;
+    }
+    newSig = PORT_ZNew(SECItem);
+    if (newSig == NULL) {
+        goto loser;
+    }
+    rv = crmf_make_bitstring_copy(NULL, newSig, &inSignKey->signature);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newSig;
+loser:
+    if (newSig != NULL) {
+        SECITEM_FreeItem(newSig, PR_TRUE);
+    }
+    return NULL;
+}
+
+static SECStatus
+crmf_copy_poposigningkey(PLArenaPool *poolp,
+                         CRMFPOPOSigningKey *inPopoSignKey,
+                         CRMFPOPOSigningKey *destPopoSignKey)
+{
+    SECStatus rv;
+
+    /* We don't support use of the POPOSigningKeyInput, so we'll only
+     * store away the DER encoding.
+     */
+    if (inPopoSignKey->derInput.data != NULL) {
+        rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
+                              &inPopoSignKey->derInput);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    destPopoSignKey->algorithmIdentifier = (poolp == NULL) ? PORT_ZNew(SECAlgorithmID)
+                                                           : PORT_ArenaZNew(poolp, SECAlgorithmID);
+
+    if (destPopoSignKey->algorithmIdentifier == NULL) {
+        goto loser;
+    }
+    rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
+                                inPopoSignKey->algorithmIdentifier);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
+                                  &inPopoSignKey->signature);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return SECSuccess;
+loser:
+    if (poolp == NULL) {
+        CRMF_DestroyPOPOSigningKey(destPopoSignKey);
+    }
+    return SECFailure;
+}
+
+static SECStatus
+crmf_copy_popoprivkey(PLArenaPool *poolp,
+                      CRMFPOPOPrivKey *srcPrivKey,
+                      CRMFPOPOPrivKey *destPrivKey)
+{
+    SECStatus rv;
+
+    destPrivKey->messageChoice = srcPrivKey->messageChoice;
+    switch (destPrivKey->messageChoice) {
+        case crmfThisMessage:
+        case crmfDHMAC:
+            /* I've got a union, so taking the address of one, will also give
+             * me a pointer to the other (eg, message.dhMAC)
+             */
+            rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
+                                          &srcPrivKey->message.thisMessage);
+            break;
+        case crmfSubsequentMessage:
+            rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
+                                  &srcPrivKey->message.subsequentMessage);
+            break;
+        default:
+            rv = SECFailure;
+    }
+
+    if (rv != SECSuccess && poolp == NULL) {
+        CRMF_DestroyPOPOPrivKey(destPrivKey);
+    }
+    return rv;
+}
+
+static CRMFProofOfPossession *
+crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
+{
+    CRMFProofOfPossession *newPOP;
+    SECStatus rv;
+
+    /*
+     * Proof Of Possession structures are always part of the Request
+     * message, so there will always be an arena for allocating memory.
+     */
+    if (poolp == NULL) {
+        return NULL;
+    }
+    newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (newPOP == NULL) {
+        return NULL;
+    }
+    switch (srcPOP->popUsed) {
+        case crmfRAVerified:
+            newPOP->popChoice.raVerified.data = NULL;
+            newPOP->popChoice.raVerified.len = 0;
+            break;
+        case crmfSignature:
+            rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
+                                          &newPOP->popChoice.signature);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            break;
+        case crmfKeyEncipherment:
+        case crmfKeyAgreement:
+            /* We've got a union, so a pointer to one, is a pointer to the
+             * other one.
+             */
+            rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
+                                       &newPOP->popChoice.keyEncipherment);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            break;
+        default:
+            goto loser;
+    }
+    newPOP->popUsed = srcPOP->popUsed;
+    return newPOP;
+
+loser:
+    return NULL;
+}
+
+static CRMFCertReqMsg *
+crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
+{
+    CRMFCertReqMsg *newReqMsg;
+    PLArenaPool *poolp;
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        return NULL;
+    }
+    newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
+    if (newReqMsg == NULL) {
+        PORT_FreeArena(poolp, PR_TRUE);
+        return NULL;
+    }
+
+    newReqMsg->poolp = poolp;
+    newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
+    if (newReqMsg->certReq == NULL) {
+        goto loser;
+    }
+    newReqMsg->pop = crmf_copy_pop(poolp, srcReqMsg->pop);
+    if (newReqMsg->pop == NULL) {
+        goto loser;
+    }
+    /* None of my set/get routines operate on the regInfo field, so
+     * for now, that won't get copied over.
+     */
+    return newReqMsg;
+
+loser:
+    CRMF_DestroyCertReqMsg(newReqMsg);
+    return NULL;
+}
+
+CRMFCertReqMsg *
+CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
+                                         int index)
+{
+    int numMsgs;
+
+    PORT_Assert(inReqMsgs != NULL && index >= 0);
+    if (inReqMsgs == NULL) {
+        return NULL;
+    }
+    numMsgs = CRMF_CertReqMessagesGetNumMessages(inReqMsgs);
+    if (index < 0 || index >= numMsgs) {
+        return NULL;
+    }
+    return crmf_copy_cert_req_msg(inReqMsgs->messages[index]);
+}
+
+int
+CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
+{
+    int numMessages = 0;
+
+    PORT_Assert(inCertReqMsgs != NULL);
+    if (inCertReqMsgs == NULL) {
+        return 0;
+    }
+    while (inCertReqMsgs->messages[numMessages] != NULL) {
+        numMessages++;
+    }
+    return numMessages;
+}
+
+CRMFCertRequest *
+CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
+{
+    PLArenaPool *poolp = NULL;
+    CRMFCertRequest *newCertReq = NULL;
+
+    PORT_Assert(inCertReqMsg != NULL);
+
+    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        goto loser;
+    }
+    newCertReq = crmf_copy_cert_request(poolp, inCertReqMsg->certReq);
+    if (newCertReq == NULL) {
+        goto loser;
+    }
+    newCertReq->poolp = poolp;
+    return newCertReq;
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+    }
+    return NULL;
+}
+
+SECStatus
+CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
+{
+    PORT_Assert(inCertReqMsg != NULL && destID != NULL);
+    if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
+        return SECFailure;
+    }
+    return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
+                                       destID);
+}
+
+SECStatus
+CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
+                                  CRMFPOPOPrivKey **destKey)
+{
+    PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
+    if (inCertReqMsg == NULL || destKey == NULL ||
+        CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
+        return SECFailure;
+    }
+    *destKey = PORT_ZNew(CRMFPOPOPrivKey);
+    if (*destKey == NULL) {
+        return SECFailure;
+    }
+    return crmf_copy_popoprivkey(NULL,
+                                 &inCertReqMsg->pop->popChoice.keyAgreement,
+                                 *destKey);
+}
+
+SECStatus
+CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
+                                     CRMFPOPOPrivKey **destKey)
+{
+    PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
+    if (inCertReqMsg == NULL || destKey == NULL ||
+        CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
+        return SECFailure;
+    }
+    *destKey = PORT_ZNew(CRMFPOPOPrivKey);
+    if (*destKey == NULL) {
+        return SECFailure;
+    }
+    return crmf_copy_popoprivkey(NULL,
+                                 &inCertReqMsg->pop->popChoice.keyEncipherment,
+                                 *destKey);
+}
+
+SECStatus
+CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
+                                 CRMFPOPOSigningKey **destKey)
+{
+    CRMFProofOfPossession *pop;
+    PORT_Assert(inCertReqMsg != NULL);
+    if (inCertReqMsg == NULL) {
+        return SECFailure;
+    }
+    pop = inCertReqMsg->pop;
+    ;
+    if (pop->popUsed != crmfSignature) {
+        return SECFailure;
+    }
+    *destKey = PORT_ZNew(CRMFPOPOSigningKey);
+    if (*destKey == NULL) {
+        return SECFailure;
+    }
+    return crmf_copy_poposigningkey(NULL, &pop->popChoice.signature, *destKey);
+}
+
+static SECStatus
+crmf_copy_name(CERTName *destName, CERTName *srcName)
+{
+    PLArenaPool *poolp = NULL;
+    SECStatus rv;
+
+    if (destName->arena != NULL) {
+        poolp = destName->arena;
+    } else {
+        poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
+    }
+    if (poolp == NULL) {
+        return SECFailure;
+    }
+    /* Need to do this so that CERT_CopyName doesn't free out
+     * the arena from underneath us.
+     */
+    destName->arena = NULL;
+    rv = CERT_CopyName(poolp, destName, srcName);
+    destName->arena = poolp;
+    return rv;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
+                                      CERTName *destIssuer)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
+        return crmf_copy_name(destIssuer,
+                              inCertReq->certTemplate.issuer);
+    }
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
+                                         SECItem *destIssuerUID)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
+        return crmf_make_bitstring_copy(NULL, destIssuerUID,
+                                        &inCertReq->certTemplate.issuerUID);
+    }
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
+                                         CERTSubjectPublicKeyInfo *destPublicKey)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
+        return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
+                                               inCertReq->certTemplate.publicKey);
+    }
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
+                                            long *serialNumber)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
+        return crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
+                                           serialNumber);
+    }
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
+                                          SECAlgorithmID *destAlg)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
+        return SECOID_CopyAlgorithmID(NULL, destAlg,
+                                      inCertReq->certTemplate.signingAlg);
+    }
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
+                                       CERTName *destSubject)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
+        return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
+    }
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
+                                          SECItem *destSubjectUID)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
+        return crmf_make_bitstring_copy(NULL, destSubjectUID,
+                                        &inCertReq->certTemplate.subjectUID);
+    }
+    return SECFailure;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
+                                       long *version)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
+        return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
+                                           version);
+    }
+    return SECFailure;
+}
+
+static SECStatus
+crmf_copy_validity(CRMFGetValidity *destValidity,
+                   CRMFOptionalValidity *src)
+{
+    SECStatus rv;
+
+    destValidity->notBefore = destValidity->notAfter = NULL;
+    if (src->notBefore.data != NULL) {
+        rv = crmf_create_prtime(&src->notBefore,
+                                &destValidity->notBefore);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+    if (src->notAfter.data != NULL) {
+        rv = crmf_create_prtime(&src->notAfter,
+                                &destValidity->notAfter);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
+                                        CRMFGetValidity *destValidity)
+{
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return SECFailure;
+    }
+    if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
+        return crmf_copy_validity(destValidity,
+                                  inCertReq->certTemplate.validity);
+    }
+    return SECFailure;
+}
+
+CRMFControl *
+CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
+{
+    CRMFControl *newControl, *srcControl;
+    int numControls;
+    SECStatus rv;
+
+    PORT_Assert(inCertReq != NULL);
+    if (inCertReq == NULL) {
+        return NULL;
+    }
+    numControls = CRMF_CertRequestGetNumControls(inCertReq);
+    if (index >= numControls || index < 0) {
+        return NULL;
+    }
+    newControl = PORT_ZNew(CRMFControl);
+    if (newControl == NULL) {
+        return NULL;
+    }
+    srcControl = inCertReq->controls[index];
+    newControl->tag = srcControl->tag;
+    rv = SECITEM_CopyItem(NULL, &newControl->derTag, &srcControl->derTag);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(NULL, &newControl->derValue,
+                          &srcControl->derValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* Copy over the PKIArchiveOptions stuff */
+    switch (srcControl->tag) {
+        case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+        case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+            /* No further processing necessary for these types. */
+            rv = SECSuccess;
+            break;
+        case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+        case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+        case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+            /* These aren't supported yet, so no post-processing will
+             * be done at this time.  But we don't want to fail in case
+             * we read in DER that has one of these options.
+             */
+            rv = SECSuccess;
+            break;
+        case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+            rv = crmf_copy_pkiarchiveoptions(NULL,
+                                             &newControl->value.archiveOptions,
+                                             &srcControl->value.archiveOptions);
+            break;
+        default:
+            rv = SECFailure;
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return newControl;
+loser:
+    CRMF_DestroyControl(newControl);
+    return NULL;
+}
+
+static SECItem *
+crmf_copy_control_value(CRMFControl *inControl)
+{
+    return SECITEM_DupItem(&inControl->derValue);
+}
+
+SECItem *
+CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
+{
+    PORT_Assert(inControl != NULL);
+    if (inControl == NULL ||
+        CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
+        return NULL;
+    }
+    return crmf_copy_control_value(inControl);
+}
+
+CRMFControlType
+CRMF_ControlGetControlType(CRMFControl *inControl)
+{
+    CRMFControlType retType;
+
+    PORT_Assert(inControl != NULL);
+    switch (inControl->tag) {
+        case SEC_OID_PKIX_REGCTRL_REGTOKEN:
+            retType = crmfRegTokenControl;
+            break;
+        case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
+            retType = crmfAuthenticatorControl;
+            break;
+        case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
+            retType = crmfPKIPublicationInfoControl;
+            break;
+        case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
+            retType = crmfPKIArchiveOptionsControl;
+            break;
+        case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
+            retType = crmfOldCertIDControl;
+            break;
+        case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
+            retType = crmfProtocolEncrKeyControl;
+            break;
+        default:
+            retType = crmfNoControl;
+    }
+    return retType;
+}
+
+CRMFPKIArchiveOptions *
+CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
+{
+    CRMFPKIArchiveOptions *newOpt = NULL;
+    SECStatus rv;
+
+    PORT_Assert(inControl != NULL);
+    if (inControl == NULL ||
+        CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl) {
+        goto loser;
+    }
+    newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
+    if (newOpt == NULL) {
+        goto loser;
+    }
+    rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
+                                     &inControl->value.archiveOptions);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+loser:
+    if (newOpt != NULL) {
+        CRMF_DestroyPKIArchiveOptions(newOpt);
+    }
+    return NULL;
+}
+
+SECItem *
+CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
+{
+    PORT_Assert(inControl != NULL);
+    if (inControl == NULL ||
+        CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
+        return NULL;
+    }
+    return crmf_copy_control_value(inControl);
+    ;
+}
+
+CRMFCertExtension *
+CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
+                                    int index)
+{
+    int numExtensions;
+
+    PORT_Assert(inCertReq != NULL);
+    numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReq);
+    if (index >= numExtensions || index < 0) {
+        return NULL;
+    }
+    return crmf_copy_cert_extension(NULL,
+                                    inCertReq->certTemplate.extensions[index]);
+}
diff --git a/nss/lib/cryptohi/Makefile b/nss/lib/cryptohi/Makefile
new file mode 100644
index 0000000..71ae761
--- /dev/null
+++ b/nss/lib/cryptohi/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+-include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+export:: private_export
+
diff --git a/nss/lib/cryptohi/config.mk b/nss/lib/cryptohi/config.mk
new file mode 100644
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/cryptohi/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/cryptohi/cryptohi.gyp b/nss/lib/cryptohi/cryptohi.gyp
new file mode 100644
index 0000000..ef9e63f
--- /dev/null
+++ b/nss/lib/cryptohi/cryptohi.gyp
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'cryptohi',
+      'type': 'static_library',
+      'sources': [
+        'dsautil.c',
+        'sechash.c',
+        'seckey.c',
+        'secsign.c',
+        'secvfy.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/cryptohi/cryptohi.h b/nss/lib/cryptohi/cryptohi.h
new file mode 100644
index 0000000..f658daa
--- /dev/null
+++ b/nss/lib/cryptohi/cryptohi.h
@@ -0,0 +1,364 @@
+/*
+ * cryptohi.h - public prototypes for the crypto library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CRYPTOHI_H_
+#define _CRYPTOHI_H_
+
+#include "blapit.h"
+
+#include "seccomon.h"
+#include "secoidt.h"
+#include "secdert.h"
+#include "cryptoht.h"
+#include "keyt.h"
+#include "certt.h"
+
+SEC_BEGIN_PROTOS
+
+/****************************************/
+/*
+** DER encode/decode (EC)DSA signatures
+*/
+
+/* ANSI X9.57 defines DSA signatures as DER encoded data.  Our DSA1 code (and
+ * most of the rest of the world) just generates 40 bytes of raw data.  These
+ * functions convert between formats.
+ */
+extern SECStatus DSAU_EncodeDerSig(SECItem *dest, SECItem *src);
+extern SECItem *DSAU_DecodeDerSig(const SECItem *item);
+
+/*
+ * Unlike DSA1, raw DSA2 and ECDSA signatures do not have a fixed length.
+ * Rather they contain two integers r and s whose length depends
+ * on the size of q or the EC key used for signing.
+ *
+ * We can reuse the DSAU_EncodeDerSig interface to DER encode
+ * raw ECDSA signature keeping in mind that the length of r
+ * is the same as that of s and exactly half of src->len.
+ *
+ * For decoding, we need to pass the length of the desired
+ * raw signature (twice the key size) explicitly.
+ */
+extern SECStatus DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src,
+                                          unsigned int len);
+extern SECItem *DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len);
+
+/****************************************/
+/*
+** Signature creation operations
+*/
+
+/*
+** Create a new signature context used for signing a data stream.
+**      "alg" the signature algorithm to use (e.g. SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION)
+**	"privKey" the private key to use
+*/
+extern SGNContext *SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *privKey);
+
+/*
+** Destroy a signature-context object
+**	"cx" the object
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void SGN_DestroyContext(SGNContext *cx, PRBool freeit);
+
+/*
+** Reset the signing context "cx" to its initial state, preparing it for
+** another stream of data.
+*/
+extern SECStatus SGN_Begin(SGNContext *cx);
+
+/*
+** Update the signing context with more data to sign.
+**	"cx" the context
+**	"input" the input data to sign
+**	"inputLen" the length of the input data
+*/
+extern SECStatus SGN_Update(SGNContext *cx, const unsigned char *input,
+                            unsigned int inputLen);
+
+/*
+** Finish the signature process. Use either k0 or k1 to sign the data
+** stream that was input using SGN_Update. The resulting signature is
+** formatted using PKCS#1 and then encrypted using RSA private or public
+** encryption.
+**	"cx" the context
+**	"result" the final signature data (memory is allocated)
+*/
+extern SECStatus SGN_End(SGNContext *cx, SECItem *result);
+
+/*
+** Sign a single block of data using private key encryption and given
+** signature/hash algorithm.
+**	"result" the final signature data (memory is allocated)
+**	"buf" the input data to sign
+**	"len" the amount of data to sign
+**	"pk" the private key to encrypt with
+**	"algid" the signature/hash algorithm to sign with
+**		(must be compatible with the key type).
+*/
+extern SECStatus SEC_SignData(SECItem *result,
+                              const unsigned char *buf, int len,
+                              SECKEYPrivateKey *pk, SECOidTag algid);
+
+/*
+** Sign a pre-digested block of data using private key encryption, encoding
+**  The given signature/hash algorithm.
+**	"result" the final signature data (memory is allocated)
+**	"digest" the digest to sign
+**	"privKey" the private key to encrypt with
+**	"algtag" The algorithm tag to encode (need for RSA only)
+*/
+extern SECStatus SGN_Digest(SECKEYPrivateKey *privKey,
+                            SECOidTag algtag, SECItem *result, SECItem *digest);
+
+/*
+** DER sign a single block of data using private key encryption and the
+** MD5 hashing algorithm. This routine first computes a digital signature
+** using SEC_SignData, then wraps it with an CERTSignedData and then der
+** encodes the result.
+**	"arena" is the memory arena to use to allocate data from
+** 	"result" the final der encoded data (memory is allocated)
+** 	"buf" the input data to sign
+** 	"len" the amount of data to sign
+** 	"pk" the private key to encrypt with
+*/
+extern SECStatus SEC_DerSignData(PLArenaPool *arena, SECItem *result,
+                                 const unsigned char *buf, int len,
+                                 SECKEYPrivateKey *pk, SECOidTag algid);
+
+/*
+** Destroy a signed-data object.
+**	"sd" the object
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void SEC_DestroySignedData(CERTSignedData *sd, PRBool freeit);
+
+/*
+** Get the signature algorithm tag number for the given key type and hash
+** algorithm tag. Returns SEC_OID_UNKNOWN if key type and hash algorithm
+** do not match or are not supported.
+*/
+extern SECOidTag SEC_GetSignatureAlgorithmOidTag(KeyType keyType,
+                                                 SECOidTag hashAlgTag);
+
+/****************************************/
+/*
+** Signature verification operations
+*/
+
+/*
+** Create a signature verification context. This version is deprecated,
+**  This function is deprecated. Use VFY_CreateContextDirect or
+**  VFY_CreateContextWithAlgorithmID instead.
+**	"key" the public key to verify with
+**	"sig" the encrypted signature data if sig is NULL then
+**	   VFY_EndWithSignature must be called with the correct signature at
+**	   the end of the processing.
+**	"sigAlg" specifies the signing algorithm to use (including the
+**         hash algorthim).  This must match the key type.
+**	"wincx" void pointer to the window context
+*/
+extern VFYContext *VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig,
+                                     SECOidTag sigAlg, void *wincx);
+/*
+** Create a signature verification context.
+**	"key" the public key to verify with
+**	"sig" the encrypted signature data if sig is NULL then
+**	   VFY_EndWithSignature must be called with the correct signature at
+**	   the end of the processing.
+**	"pubkAlg" specifies the cryptographic signing algorithm to use (the
+**         raw algorithm without any hash specified.  This must match the key
+**         type.
+**	"hashAlg" specifies the hashing algorithm used. If the key is an
+**	   RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
+**	   the hash is selected from data in the sig.
+**	"hash" optional pointer to return the actual hash algorithm used.
+**	   in practice this should always match the passed in hashAlg (the
+**	   exception is the case where hashAlg is SEC_OID_UNKNOWN above).
+**         If this value is NULL no, hash oid is returned.
+**	"wincx" void pointer to the window context
+*/
+extern VFYContext *VFY_CreateContextDirect(const SECKEYPublicKey *key,
+                                           const SECItem *sig,
+                                           SECOidTag pubkAlg,
+                                           SECOidTag hashAlg,
+                                           SECOidTag *hash, void *wincx);
+/*
+** Create a signature verification context from a algorithm ID.
+**	"key" the public key to verify with
+**	"sig" the encrypted signature data if sig is NULL then
+**	   VFY_EndWithSignature must be called with the correct signature at
+**	   the end of the processing.
+**	"algid" specifies the signing algorithm and parameters to use.
+**         This must match the key type.
+**      "hash" optional pointer to return the oid of the actual hash used in
+**         the signature. If this value is NULL no, hash oid is returned.
+**	"wincx" void pointer to the window context
+*/
+extern VFYContext *VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key,
+                                                    const SECItem *sig,
+                                                    const SECAlgorithmID *algid,
+                                                    SECOidTag *hash,
+                                                    void *wincx);
+
+/*
+** Destroy a verification-context object.
+**	"cx" the context to destroy
+**	"freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void VFY_DestroyContext(VFYContext *cx, PRBool freeit);
+
+extern SECStatus VFY_Begin(VFYContext *cx);
+
+/*
+** Update a verification context with more input data. The input data
+** is fed to a secure hash function (depending on what was in the
+** encrypted signature data).
+**	"cx" the context
+**	"input" the input data
+**	"inputLen" the amount of input data
+*/
+extern SECStatus VFY_Update(VFYContext *cx, const unsigned char *input,
+                            unsigned int inputLen);
+
+/*
+** Finish the verification process. The return value is a status which
+** indicates success or failure. On success, the SECSuccess value is
+** returned. Otherwise, SECFailure is returned and the error code found
+** using PORT_GetError() indicates what failure occurred.
+** 	"cx" the context
+*/
+extern SECStatus VFY_End(VFYContext *cx);
+
+/*
+** Finish the verification process. The return value is a status which
+** indicates success or failure. On success, the SECSuccess value is
+** returned. Otherwise, SECFailure is returned and the error code found
+** using PORT_GetError() indicates what failure occurred. If signature is
+** supplied the verification uses this signature to verify, otherwise the
+** signature passed in VFY_CreateContext() is used.
+** VFY_EndWithSignature(cx,NULL); is identical to VFY_End(cx);.
+** 	"cx" the context
+** 	"sig" the encrypted signature data
+*/
+extern SECStatus VFY_EndWithSignature(VFYContext *cx, SECItem *sig);
+
+/*
+** Verify the signature on a block of data for which we already have
+** the digest. The signature data is an RSA private key encrypted
+** block of data formatted according to PKCS#1.
+**  This function is deprecated. Use VFY_VerifyDigestDirect or
+**  VFY_VerifyDigestWithAlgorithmID instead.
+** 	"dig" the digest
+** 	"key" the public key to check the signature with
+** 	"sig" the encrypted signature data
+**	"sigAlg" specifies the signing algorithm to use.  This must match
+**	    the key type.
+**	"wincx" void pointer to the window context
+**/
+extern SECStatus VFY_VerifyDigest(SECItem *dig, SECKEYPublicKey *key,
+                                  SECItem *sig, SECOidTag sigAlg, void *wincx);
+/*
+** Verify the signature on a block of data for which we already have
+** the digest. The signature data is an RSA private key encrypted
+** block of data formatted according to PKCS#1.
+** 	"dig" the digest
+** 	"key" the public key to check the signature with
+** 	"sig" the encrypted signature data
+**	"pubkAlg" specifies the cryptographic signing algorithm to use (the
+**         raw algorithm without any hash specified.  This must match the key
+**         type.
+**	"hashAlg" specifies the hashing algorithm used.
+**	"wincx" void pointer to the window context
+**/
+extern SECStatus VFY_VerifyDigestDirect(const SECItem *dig,
+                                        const SECKEYPublicKey *key,
+                                        const SECItem *sig, SECOidTag pubkAlg,
+                                        SECOidTag hashAlg, void *wincx);
+/*
+** Verify the signature on a block of data for which we already have
+** the digest. The signature data is an RSA private key encrypted
+** block of data formatted according to PKCS#1.
+**	"key" the public key to verify with
+**	"sig" the encrypted signature data if sig is NULL then
+**	   VFY_EndWithSignature must be called with the correct signature at
+**	   the end of the processing.
+**	"algid" specifies the signing algorithm and parameters to use.
+**         This must match the key type.
+**      "hash" oid of the actual hash used to create digest. If this  value is
+**         not set to SEC_OID_UNKNOWN, it must match the hash of the signature.
+**	"wincx" void pointer to the window context
+*/
+extern SECStatus VFY_VerifyDigestWithAlgorithmID(const SECItem *dig,
+                                                 const SECKEYPublicKey *key, const SECItem *sig,
+                                                 const SECAlgorithmID *algid, SECOidTag hash,
+                                                 void *wincx);
+
+/*
+** Verify the signature on a block of data. The signature data is an RSA
+** private key encrypted block of data formatted according to PKCS#1.
+**   This function is deprecated. Use VFY_VerifyDataDirect or
+**   VFY_VerifyDataWithAlgorithmID instead.
+** 	"buf" the input data
+** 	"len" the length of the input data
+** 	"key" the public key to check the signature with
+** 	"sig" the encrypted signature data
+**	"sigAlg" specifies the signing algorithm to use.  This must match
+**	    the key type.
+**	"wincx" void pointer to the window context
+*/
+extern SECStatus VFY_VerifyData(const unsigned char *buf, int len,
+                                const SECKEYPublicKey *key, const SECItem *sig,
+                                SECOidTag sigAlg, void *wincx);
+/*
+** Verify the signature on a block of data. The signature data is an RSA
+** private key encrypted block of data formatted according to PKCS#1.
+** 	"buf" the input data
+** 	"len" the length of the input data
+** 	"key" the public key to check the signature with
+** 	"sig" the encrypted signature data
+**	"pubkAlg" specifies the cryptographic signing algorithm to use (the
+**         raw algorithm without any hash specified.  This must match the key
+**         type.
+**	"hashAlg" specifies the hashing algorithm used. If the key is an
+**	   RSA key, and sig is not NULL, then hashAlg can be SEC_OID_UNKNOWN.
+**	   the hash is selected from data in the sig.
+**	"hash" optional pointer to return the actual hash algorithm used.
+**	   in practice this should always match the passed in hashAlg (the
+**	   exception is the case where hashAlg is SEC_OID_UNKNOWN above).
+**         If this value is NULL no, hash oid is returned.
+**	"wincx" void pointer to the window context
+*/
+extern SECStatus VFY_VerifyDataDirect(const unsigned char *buf, int len,
+                                      const SECKEYPublicKey *key,
+                                      const SECItem *sig,
+                                      SECOidTag pubkAlg, SECOidTag hashAlg,
+                                      SECOidTag *hash, void *wincx);
+
+/*
+** Verify the signature on a block of data. The signature data is an RSA
+** private key encrypted block of data formatted according to PKCS#1.
+** 	"buf" the input data
+** 	"len" the length of the input data
+** 	"key" the public key to check the signature with
+** 	"sig" the encrypted signature data
+**	"algid" specifies the signing algorithm and parameters to use.
+**         This must match the key type.
+**      "hash" optional pointer to return the oid of the actual hash used in
+**         the signature. If this value is NULL no, hash oid is returned.
+**	"wincx" void pointer to the window context
+*/
+extern SECStatus VFY_VerifyDataWithAlgorithmID(const unsigned char *buf,
+                                               int len, const SECKEYPublicKey *key,
+                                               const SECItem *sig,
+                                               const SECAlgorithmID *algid, SECOidTag *hash,
+                                               void *wincx);
+
+SEC_END_PROTOS
+
+#endif /* _CRYPTOHI_H_ */
diff --git a/nss/lib/cryptohi/cryptoht.h b/nss/lib/cryptohi/cryptoht.h
new file mode 100644
index 0000000..5780bf4
--- /dev/null
+++ b/nss/lib/cryptohi/cryptoht.h
@@ -0,0 +1,14 @@
+/*
+ * cryptoht.h - public data structures for the crypto library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CRYPTOHT_H_
+#define _CRYPTOHT_H_
+
+typedef struct SGNContextStr SGNContext;
+typedef struct VFYContextStr VFYContext;
+
+#endif /* _CRYPTOHT_H_ */
diff --git a/nss/lib/cryptohi/dsautil.c b/nss/lib/cryptohi/dsautil.c
new file mode 100644
index 0000000..df4d9a9
--- /dev/null
+++ b/nss/lib/cryptohi/dsautil.c
@@ -0,0 +1,272 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "cryptohi.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "prerr.h"
+
+#ifndef DSA1_SUBPRIME_LEN
+#define DSA1_SUBPRIME_LEN 20 /* bytes */
+#endif
+
+typedef struct {
+    SECItem r;
+    SECItem s;
+} DSA_ASN1Signature;
+
+const SEC_ASN1Template DSA_SignatureTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(DSA_ASN1Signature) },
+      { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature, r) },
+      { SEC_ASN1_INTEGER, offsetof(DSA_ASN1Signature, s) },
+      { 0 }
+    };
+
+/* Input is variable length multi-byte integer, MSB first (big endian).
+** Most signficant bit of first byte is NOT treated as a sign bit.
+** May be one or more leading bytes of zeros.
+** Output is variable length multi-byte integer, MSB first (big endian).
+** Most significant bit of first byte will be zero (positive sign bit)
+** No more than one leading zero byte.
+** Caller supplies dest buffer, and assures that it is long enough,
+** e.g. at least one byte longer that src's buffer.
+*/
+void
+DSAU_ConvertUnsignedToSigned(SECItem *dest, SECItem *src)
+{
+    unsigned char *pSrc = src->data;
+    unsigned char *pDst = dest->data;
+    unsigned int cntSrc = src->len;
+
+    /* skip any leading zeros. */
+    while (cntSrc && !(*pSrc)) {
+        pSrc++;
+        cntSrc--;
+    }
+    if (!cntSrc) {
+        *pDst = 0;
+        dest->len = 1;
+        return;
+    }
+
+    if (*pSrc & 0x80)
+        *pDst++ = 0;
+
+    PORT_Memcpy(pDst, pSrc, cntSrc);
+    dest->len = (pDst - dest->data) + cntSrc;
+}
+
+/*
+** src is a buffer holding a signed variable length integer.
+** dest is a buffer which will be filled with an unsigned integer,
+** MSB first (big endian) with leading zeros, so that the last byte
+** of src will be the LSB of the integer.  The result will be exactly
+** the length specified by the caller in dest->len.
+** src can be shorter than dest.  src can be longer than dst, but only
+** if the extra leading bytes are zeros.
+*/
+SECStatus
+DSAU_ConvertSignedToFixedUnsigned(SECItem *dest, SECItem *src)
+{
+    unsigned char *pSrc = src->data;
+    unsigned char *pDst = dest->data;
+    unsigned int cntSrc = src->len;
+    unsigned int cntDst = dest->len;
+    int zCount = cntDst - cntSrc;
+
+    if (zCount > 0) {
+        PORT_Memset(pDst, 0, zCount);
+        PORT_Memcpy(pDst + zCount, pSrc, cntSrc);
+        return SECSuccess;
+    }
+    if (zCount <= 0) {
+        /* Source is longer than destination.  Check for leading zeros. */
+        while (zCount++ < 0) {
+            if (*pSrc++ != 0)
+                goto loser;
+        }
+    }
+    PORT_Memcpy(pDst, pSrc, cntDst);
+    return SECSuccess;
+
+loser:
+    PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+    return SECFailure;
+}
+
+/* src is a "raw" ECDSA or DSA signature, the first half contains r
+ * and the second half contains s. dest is the DER encoded signature.
+*/
+static SECStatus
+common_EncodeDerSig(SECItem *dest, SECItem *src)
+{
+    SECItem *item;
+    SECItem srcItem;
+    DSA_ASN1Signature sig;
+    unsigned char *signedR;
+    unsigned char *signedS;
+    unsigned int len;
+
+    /* Allocate memory with room for an extra byte that
+     * may be required if the top bit in the first byte
+     * is already set.
+     */
+    len = src->len / 2;
+    signedR = (unsigned char *)PORT_Alloc(len + 1);
+    if (!signedR)
+        return SECFailure;
+    signedS = (unsigned char *)PORT_ZAlloc(len + 1);
+    if (!signedS) {
+        if (signedR)
+            PORT_Free(signedR);
+        return SECFailure;
+    }
+
+    PORT_Memset(&sig, 0, sizeof(sig));
+
+    /* Must convert r and s from "unsigned" integers to "signed" integers.
+    ** If the high order bit of the first byte (MSB) is 1, then must
+    ** prepend with leading zero.
+    ** Must remove all but one leading zero byte from numbers.
+    */
+    sig.r.type = siUnsignedInteger;
+    sig.r.data = signedR;
+    sig.r.len = sizeof signedR;
+    sig.s.type = siUnsignedInteger;
+    sig.s.data = signedS;
+    sig.s.len = sizeof signedR;
+
+    srcItem.data = src->data;
+    srcItem.len = len;
+
+    DSAU_ConvertUnsignedToSigned(&sig.r, &srcItem);
+    srcItem.data += len;
+    DSAU_ConvertUnsignedToSigned(&sig.s, &srcItem);
+
+    item = SEC_ASN1EncodeItem(NULL, dest, &sig, DSA_SignatureTemplate);
+    if (signedR)
+        PORT_Free(signedR);
+    if (signedS)
+        PORT_Free(signedS);
+    if (item == NULL)
+        return SECFailure;
+
+    /* XXX leak item? */
+    return SECSuccess;
+}
+
+/* src is a DER-encoded ECDSA or DSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" signature, which is len bytes of r,
+** followed by len bytes of s. For DSA, len is the length of q.
+** For ECDSA, len depends on the key size used to create the signature.
+*/
+static SECItem *
+common_DecodeDerSig(const SECItem *item, unsigned int len)
+{
+    SECItem *result = NULL;
+    PORTCheapArenaPool arena;
+    SECStatus status;
+    DSA_ASN1Signature sig;
+    SECItem dst;
+
+    PORT_Memset(&sig, 0, sizeof(sig));
+
+    /* Make enough room for r + s. */
+    PORT_InitCheapArena(&arena, PR_MAX(2 * MAX_ECKEY_LEN, DSA_MAX_SIGNATURE_LEN));
+
+    result = PORT_ZNew(SECItem);
+    if (result == NULL)
+        goto loser;
+
+    result->len = 2 * len;
+    result->data = (unsigned char *)PORT_Alloc(2 * len);
+    if (result->data == NULL)
+        goto loser;
+
+    sig.r.type = siUnsignedInteger;
+    sig.s.type = siUnsignedInteger;
+    status = SEC_QuickDERDecodeItem(&arena.arena, &sig, DSA_SignatureTemplate, item);
+    if (status != SECSuccess)
+        goto loser;
+
+    /* Convert sig.r and sig.s from variable  length signed integers to
+    ** fixed length unsigned integers.
+    */
+    dst.data = result->data;
+    dst.len = len;
+    status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.r);
+    if (status != SECSuccess)
+        goto loser;
+
+    dst.data += len;
+    status = DSAU_ConvertSignedToFixedUnsigned(&dst, &sig.s);
+    if (status != SECSuccess)
+        goto loser;
+
+done:
+    PORT_DestroyCheapArena(&arena);
+
+    return result;
+
+loser:
+    if (result != NULL) {
+        SECITEM_FreeItem(result, PR_TRUE);
+        result = NULL;
+    }
+    goto done;
+}
+
+/* src is a "raw" DSA1 signature, 20 bytes of r followed by 20 bytes of s.
+** dest is the signature DER encoded. ?
+*/
+SECStatus
+DSAU_EncodeDerSig(SECItem *dest, SECItem *src)
+{
+    PORT_Assert(src->len == 2 * DSA1_SUBPRIME_LEN);
+    if (src->len != 2 * DSA1_SUBPRIME_LEN) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    return common_EncodeDerSig(dest, src);
+}
+
+/* src is a "raw" DSA signature of length len (len/2 bytes of r followed
+** by len/2 bytes of s). dest is the signature DER encoded.
+*/
+SECStatus
+DSAU_EncodeDerSigWithLen(SECItem *dest, SECItem *src, unsigned int len)
+{
+
+    PORT_Assert((src->len == len) && (len % 2 == 0));
+    if ((src->len != len) || (src->len % 2 != 0)) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    return common_EncodeDerSig(dest, src);
+}
+
+/* src is a DER-encoded DSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" DSA1 signature, which is 20 bytes of r,
+** followed by 20 bytes of s.
+*/
+SECItem *
+DSAU_DecodeDerSig(const SECItem *item)
+{
+    return common_DecodeDerSig(item, DSA1_SUBPRIME_LEN);
+}
+
+/* src is a DER-encoded ECDSA signature.
+** Returns a newly-allocated SECItem structure, pointing at a newly allocated
+** buffer containing the "raw" ECDSA signature of length len containing
+** r followed by s (both padded to take up exactly len/2 bytes).
+*/
+SECItem *
+DSAU_DecodeDerSigToLen(const SECItem *item, unsigned int len)
+{
+    return common_DecodeDerSig(item, len / 2);
+}
diff --git a/nss/lib/cryptohi/exports.gyp b/nss/lib/cryptohi/exports.gyp
new file mode 100644
index 0000000..bb91059
--- /dev/null
+++ b/nss/lib/cryptohi/exports.gyp
@@ -0,0 +1,37 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'variables': {
+    'module': 'nss'
+  },
+  'targets': [
+    {
+      'target_name': 'lib_cryptohi_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'cryptohi.h',
+            'cryptoht.h',
+            'key.h',
+            'keyhi.h',
+            'keyt.h',
+            'keythi.h',
+            'sechash.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'keyi.h',
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+}
diff --git a/nss/lib/cryptohi/key.h b/nss/lib/cryptohi/key.h
new file mode 100644
index 0000000..3e89b74
--- /dev/null
+++ b/nss/lib/cryptohi/key.h
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This header is deprecated.  Please include keyhi.h instead. */
+
+#ifndef _KEY_H_
+#define _KEY_H_
+
+#include "keyhi.h"
+
+#endif /* _KEY_H_ */
diff --git a/nss/lib/cryptohi/keyhi.h b/nss/lib/cryptohi/keyhi.h
new file mode 100644
index 0000000..1809900
--- /dev/null
+++ b/nss/lib/cryptohi/keyhi.h
@@ -0,0 +1,271 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _KEYHI_H_
+#define _KEYHI_H_
+
+#include "plarena.h"
+
+#include "seccomon.h"
+#include "secoidt.h"
+#include "secdert.h"
+#include "keythi.h"
+#include "certt.h"
+/*#include "secpkcs5.h" */
+
+SEC_BEGIN_PROTOS
+
+/*
+** Destroy a subject-public-key-info object.
+*/
+extern void SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki);
+
+/*
+** Copy subject-public-key-info "src" to "dst". "dst" is filled in
+** appropriately (memory is allocated for each of the sub objects).
+*/
+extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
+                                                 CERTSubjectPublicKeyInfo *dst,
+                                                 CERTSubjectPublicKeyInfo *src);
+
+/*
+** Update the PQG parameters for a cert's public key.
+** Only done for DSA certs
+*/
+extern SECStatus
+SECKEY_UpdateCertPQG(CERTCertificate *subjectCert);
+
+/*
+** Return the number of bits in the provided big integer.  This assumes that the
+** SECItem contains a big-endian number and counts from the first non-zero bit.
+*/
+extern unsigned SECKEY_BigIntegerBitLength(const SECItem *number);
+
+/*
+** Return the strength of the public key in bytes
+*/
+extern unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk);
+
+/*
+** Return the strength of the public key in bits
+*/
+extern unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk);
+
+/*
+** Return the length of the signature in bytes
+*/
+extern unsigned SECKEY_SignatureLen(const SECKEYPublicKey *pubk);
+
+/*
+** Make a copy of the private key "privKey"
+*/
+extern SECKEYPrivateKey *SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privKey);
+
+/*
+** Make a copy of the public key "pubKey"
+*/
+extern SECKEYPublicKey *SECKEY_CopyPublicKey(const SECKEYPublicKey *pubKey);
+
+/*
+** Convert a private key "privateKey" into a public key
+*/
+extern SECKEYPublicKey *SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privateKey);
+
+/*
+ * create a new RSA key pair. The private Key is returned...
+ */
+SECKEYPrivateKey *SECKEY_CreateRSAPrivateKey(int keySizeInBits,
+                                             SECKEYPublicKey **pubk, void *cx);
+
+/*
+ * create a new DH key pair. The private Key is returned...
+ */
+SECKEYPrivateKey *SECKEY_CreateDHPrivateKey(SECKEYDHParams *param,
+                                            SECKEYPublicKey **pubk, void *cx);
+
+/*
+ * create a new EC key pair. The private Key is returned...
+ */
+SECKEYPrivateKey *SECKEY_CreateECPrivateKey(SECKEYECParams *param,
+                                            SECKEYPublicKey **pubk, void *cx);
+
+/*
+** Create a subject-public-key-info based on a public key.
+*/
+extern CERTSubjectPublicKeyInfo *
+SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *k);
+
+/*
+** Convert a base64 ascii encoded DER public key and challenge to spki,
+** and verify the signature and challenge data are correct
+*/
+extern CERTSubjectPublicKeyInfo *
+SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
+                                             void *cx);
+
+/*
+** Encode a  CERTSubjectPublicKeyInfo structure. into a
+** DER encoded subject public key info.
+*/
+SECItem *
+SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk);
+
+/*
+** Decode a DER encoded subject public key info into a
+** CERTSubjectPublicKeyInfo structure.
+*/
+extern CERTSubjectPublicKeyInfo *
+SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider);
+
+/*
+** Convert a base64 ascii encoded DER subject public key info to our
+** internal format.
+*/
+extern CERTSubjectPublicKeyInfo *
+SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr);
+
+/*
+ * extract the public key from a subject Public Key info structure.
+ * (used by JSS).
+ */
+extern SECKEYPublicKey *
+SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *);
+
+/*
+** Destroy a private key object.
+**	"key" the object
+*/
+extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);
+
+/*
+** Destroy a public key object.
+**	"key" the object
+*/
+extern void SECKEY_DestroyPublicKey(SECKEYPublicKey *key);
+
+/* Destroy and zero out a private key info structure.  for now this
+ * function zero's out memory allocated in an arena for the key
+ * since PORT_FreeArena does not currently do this.
+ *
+ * NOTE -- If a private key info is allocated in an arena, one should
+ * not call this function with freeit = PR_FALSE.  The function should
+ * destroy the arena.
+ */
+extern void
+SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, PRBool freeit);
+
+/* Destroy and zero out an encrypted private key info.
+ *
+ * NOTE -- If a encrypted private key info is allocated in an arena, one should
+ * not call this function with freeit = PR_FALSE.  The function should
+ * destroy the arena.
+ */
+extern void
+SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
+                                      PRBool freeit);
+
+/* Copy private key info structure.
+ *  poolp is the arena into which the contents of from is to be copied.
+ *	NULL is a valid entry.
+ *  to is the destination private key info
+ *  from is the source private key info
+ * if either from or to is NULL or an error occurs, SECFailure is
+ * returned.  otherwise, SECSuccess is returned.
+ */
+extern SECStatus
+SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
+                          SECKEYPrivateKeyInfo *to,
+                          const SECKEYPrivateKeyInfo *from);
+
+extern SECStatus
+SECKEY_CacheStaticFlags(SECKEYPrivateKey *key);
+
+/* Copy encrypted private key info structure.
+ *  poolp is the arena into which the contents of from is to be copied.
+ *	NULL is a valid entry.
+ *  to is the destination encrypted private key info
+ *  from is the source encrypted private key info
+ * if either from or to is NULL or an error occurs, SECFailure is
+ * returned.  otherwise, SECSuccess is returned.
+ */
+extern SECStatus
+SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
+                                   SECKEYEncryptedPrivateKeyInfo *to,
+                                   const SECKEYEncryptedPrivateKeyInfo *from);
+/*
+ * Accessor functions for key type of public and private keys.
+ */
+KeyType SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey);
+KeyType SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey);
+
+/*
+ * Creates a PublicKey from its DER encoding.
+ * Currently only supports RSA, DSA, and DH keys.
+ */
+SECKEYPublicKey *
+SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type);
+
+SECKEYPrivateKeyList *
+SECKEY_NewPrivateKeyList(void);
+
+void
+SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys);
+
+void
+SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node);
+
+SECStatus
+SECKEY_AddPrivateKeyToListTail(SECKEYPrivateKeyList *list,
+                               SECKEYPrivateKey *key);
+
+#define PRIVKEY_LIST_HEAD(l) ((SECKEYPrivateKeyListNode *)PR_LIST_HEAD(&l->list))
+#define PRIVKEY_LIST_NEXT(n) ((SECKEYPrivateKeyListNode *)n->links.next)
+#define PRIVKEY_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
+
+SECKEYPublicKeyList *
+SECKEY_NewPublicKeyList(void);
+
+void
+SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys);
+
+void
+SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node);
+
+SECStatus
+SECKEY_AddPublicKeyToListTail(SECKEYPublicKeyList *list,
+                              SECKEYPublicKey *key);
+
+#define PUBKEY_LIST_HEAD(l) ((SECKEYPublicKeyListNode *)PR_LIST_HEAD(&l->list))
+#define PUBKEY_LIST_NEXT(n) ((SECKEYPublicKeyListNode *)n->links.next)
+#define PUBKEY_LIST_END(n, l) (((void *)n) == ((void *)&l->list))
+
+/*
+ * Length in bits of the EC's field size.  This is also the length of
+ * the x and y coordinates of EC points, such as EC public keys and
+ * base points.
+ *
+ * Return 0 on failure (unknown EC domain parameters).
+ */
+extern int SECKEY_ECParamsToKeySize(const SECItem *params);
+
+/*
+ * Length in bits of the EC base point order, usually denoted n.  This
+ * is also the length of EC private keys and ECDSA signature components
+ * r and s.
+ *
+ * Return 0 on failure (unknown EC domain parameters).
+ */
+extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params);
+
+/*
+ * Returns the object identifier of the curve, of the provided
+ * elliptic curve parameters structures.
+ *
+ * Return 0 on failure (unknown EC domain parameters).
+ */
+SECOidTag SECKEY_GetECCOid(const SECKEYECParams *params);
+
+SEC_END_PROTOS
+
+#endif /* _KEYHI_H_ */
diff --git a/nss/lib/cryptohi/keyi.h b/nss/lib/cryptohi/keyi.h
new file mode 100644
index 0000000..f8f5f7f
--- /dev/null
+++ b/nss/lib/cryptohi/keyi.h
@@ -0,0 +1,22 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _KEYI_H_
+#define _KEYI_H_
+
+SEC_BEGIN_PROTOS
+/* NSS private functions */
+/* map an oid to a keytype... actually this function and it's converse
+ *  are good candidates for public functions..  */
+KeyType seckey_GetKeyType(SECOidTag pubKeyOid);
+
+/* extract the 'encryption' (could be signing) and hash oids from and
+ * algorithm, key and parameters (parameters is the parameters field
+ * of a algorithm ID structure (SECAlgorithmID)*/
+SECStatus sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+                           const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg);
+
+SEC_END_PROTOS
+
+#endif /* _KEYHI_H_ */
diff --git a/nss/lib/cryptohi/keyt.h b/nss/lib/cryptohi/keyt.h
new file mode 100644
index 0000000..99da312
--- /dev/null
+++ b/nss/lib/cryptohi/keyt.h
@@ -0,0 +1,10 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _KEYT_H_
+#define _KEYT_H_
+
+#include "keythi.h"
+
+#endif /* _KEYT_H_ */
diff --git a/nss/lib/cryptohi/keythi.h b/nss/lib/cryptohi/keythi.h
new file mode 100644
index 0000000..f6170bb
--- /dev/null
+++ b/nss/lib/cryptohi/keythi.h
@@ -0,0 +1,247 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _KEYTHI_H_
+#define _KEYTHI_H_ 1
+
+#include "eccutil.h"
+#include "plarena.h"
+#include "pkcs11t.h"
+#include "secmodt.h"
+#include "prclist.h"
+
+/*
+** RFC 4055 Section 1.2 specifies three different RSA key types.
+**
+** rsaKey maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and can be used for
+** both encryption and signatures with old (PKCS #1 v1.5) and new (PKCS #1
+** v2.1) padding schemes.
+**
+** rsaPssKey maps to keys with SEC_OID_PKCS1_RSA_PSS_SIGNATURE and may only
+** be used for signatures with PSS padding (PKCS #1 v2.1).
+**
+** rsaOaepKey maps to keys with SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION and may only
+** be used for encryption with OAEP padding (PKCS #1 v2.1).
+*/
+
+typedef enum {
+    nullKey = 0,
+    rsaKey = 1,
+    dsaKey = 2,
+    fortezzaKey = 3, /* deprecated */
+    dhKey = 4,
+    keaKey = 5, /* deprecated */
+    ecKey = 6,
+    rsaPssKey = 7,
+    rsaOaepKey = 8
+} KeyType;
+
+/*
+** Template Definitions
+**/
+
+SEC_BEGIN_PROTOS
+extern const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[];
+extern const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_DHParamKeyTemplate[];
+extern const SEC_ASN1Template SECKEY_PQGParamsTemplate[];
+extern const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[];
+
+/* Windows DLL accessor functions */
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_DSAPublicKeyTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPublicKeyTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_RSAPSSParamsTemplate)
+SEC_END_PROTOS
+
+/*
+** RSA Public Key structures
+** member names from PKCS#1, section 7.1
+*/
+
+struct SECKEYRSAPublicKeyStr {
+    PLArenaPool *arena;
+    SECItem modulus;
+    SECItem publicExponent;
+};
+typedef struct SECKEYRSAPublicKeyStr SECKEYRSAPublicKey;
+
+/*
+** RSA-PSS parameters
+*/
+struct SECKEYRSAPSSParamsStr {
+    SECAlgorithmID *hashAlg;
+    SECAlgorithmID *maskAlg;
+    SECItem saltLength;
+    SECItem trailerField;
+};
+typedef struct SECKEYRSAPSSParamsStr SECKEYRSAPSSParams;
+
+/*
+** DSA Public Key and related structures
+*/
+
+struct SECKEYPQGParamsStr {
+    PLArenaPool *arena;
+    SECItem prime;    /* p */
+    SECItem subPrime; /* q */
+    SECItem base;     /* g */
+    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
+};
+typedef struct SECKEYPQGParamsStr SECKEYPQGParams;
+
+struct SECKEYDSAPublicKeyStr {
+    SECKEYPQGParams params;
+    SECItem publicValue;
+};
+typedef struct SECKEYDSAPublicKeyStr SECKEYDSAPublicKey;
+
+/*
+** Diffie-Hellman Public Key structure
+** Structure member names suggested by PKCS#3.
+*/
+struct SECKEYDHParamsStr {
+    PLArenaPool *arena;
+    SECItem prime; /* p */
+    SECItem base;  /* g */
+};
+typedef struct SECKEYDHParamsStr SECKEYDHParams;
+
+struct SECKEYDHPublicKeyStr {
+    PLArenaPool *arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+};
+typedef struct SECKEYDHPublicKeyStr SECKEYDHPublicKey;
+
+/*
+** Elliptic curve Public Key structure
+** The PKCS#11 layer needs DER encoding of ANSI X9.62
+** parameters value
+*/
+typedef SECItem SECKEYECParams;
+
+struct SECKEYECPublicKeyStr {
+    SECKEYECParams DEREncodedParams;
+    int size;                 /* size in bits */
+    SECItem publicValue;      /* encoded point */
+    ECPointEncoding encoding; /* deprecated, ignored */
+};
+typedef struct SECKEYECPublicKeyStr SECKEYECPublicKey;
+
+/*
+** FORTEZZA Public Key structures
+*/
+struct SECKEYFortezzaPublicKeyStr {
+    int KEAversion;
+    int DSSversion;
+    unsigned char KMID[8];
+    SECItem clearance;
+    SECItem KEApriviledge;
+    SECItem DSSpriviledge;
+    SECItem KEAKey;
+    SECItem DSSKey;
+    SECKEYPQGParams params;
+    SECKEYPQGParams keaParams;
+};
+typedef struct SECKEYFortezzaPublicKeyStr SECKEYFortezzaPublicKey;
+#define KEAprivilege KEApriviledge /* corrected spelling */
+#define DSSprivilege DSSpriviledge /* corrected spelling */
+
+struct SECKEYDiffPQGParamsStr {
+    SECKEYPQGParams DiffKEAParams;
+    SECKEYPQGParams DiffDSAParams;
+};
+typedef struct SECKEYDiffPQGParamsStr SECKEYDiffPQGParams;
+
+struct SECKEYPQGDualParamsStr {
+    SECKEYPQGParams CommParams;
+    SECKEYDiffPQGParams DiffParams;
+};
+typedef struct SECKEYPQGDualParamsStr SECKEYPQGDualParams;
+
+struct SECKEYKEAParamsStr {
+    PLArenaPool *arena;
+    SECItem hash;
+};
+typedef struct SECKEYKEAParamsStr SECKEYKEAParams;
+
+struct SECKEYKEAPublicKeyStr {
+    SECKEYKEAParams params;
+    SECItem publicValue;
+};
+typedef struct SECKEYKEAPublicKeyStr SECKEYKEAPublicKey;
+
+/*
+** A Generic  public key object.
+*/
+struct SECKEYPublicKeyStr {
+    PLArenaPool *arena;
+    KeyType keyType;
+    PK11SlotInfo *pkcs11Slot;
+    CK_OBJECT_HANDLE pkcs11ID;
+    union {
+        SECKEYRSAPublicKey rsa;
+        SECKEYDSAPublicKey dsa;
+        SECKEYDHPublicKey dh;
+        SECKEYKEAPublicKey kea;
+        SECKEYFortezzaPublicKey fortezza;
+        SECKEYECPublicKey ec;
+    } u;
+};
+typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
+
+/* bit flag definitions for staticflags */
+#define SECKEY_Attributes_Cached 0x1 /* bit 0 states \
+                                        whether attributes are cached */
+#define SECKEY_CKA_PRIVATE (1U << 1) /* bit 1 is the value of CKA_PRIVATE */
+#define SECKEY_CKA_ALWAYS_AUTHENTICATE (1U << 2)
+
+#define SECKEY_ATTRIBUTES_CACHED(key) \
+    (0 != (key->staticflags & SECKEY_Attributes_Cached))
+
+#define SECKEY_ATTRIBUTE_VALUE(key, attribute) \
+    (0 != (key->staticflags & SECKEY_##attribute))
+
+#define SECKEY_HAS_ATTRIBUTE_SET(key, attribute) \
+    (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)
+
+#define SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, attribute, haslock) \
+    (0 != (key->staticflags & SECKEY_Attributes_Cached)) ? (0 != (key->staticflags & SECKEY_##attribute)) : pk11_HasAttributeSet_Lock(key->pkcs11Slot, key->pkcs11ID, attribute, haslock)
+
+/*
+** A generic key structure
+*/
+struct SECKEYPrivateKeyStr {
+    PLArenaPool *arena;
+    KeyType keyType;
+    PK11SlotInfo *pkcs11Slot;  /* pkcs11 slot this key lives in */
+    CK_OBJECT_HANDLE pkcs11ID; /* ID of pkcs11 object */
+    PRBool pkcs11IsTemp;       /* temp pkcs11 object, delete it when done */
+    void *wincx;               /* context for errors and pw prompts */
+    PRUint32 staticflags;      /* bit flag of cached PKCS#11 attributes */
+};
+typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
+
+typedef struct {
+    PRCList links;
+    SECKEYPrivateKey *key;
+} SECKEYPrivateKeyListNode;
+
+typedef struct {
+    PRCList list;
+    PLArenaPool *arena;
+} SECKEYPrivateKeyList;
+
+typedef struct {
+    PRCList links;
+    SECKEYPublicKey *key;
+} SECKEYPublicKeyListNode;
+
+typedef struct {
+    PRCList list;
+    PLArenaPool *arena;
+} SECKEYPublicKeyList;
+#endif /* _KEYTHI_H_ */
diff --git a/nss/lib/cryptohi/manifest.mn b/nss/lib/cryptohi/manifest.mn
new file mode 100644
index 0000000..896c7ad
--- /dev/null
+++ b/nss/lib/cryptohi/manifest.mn
@@ -0,0 +1,36 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+REQUIRES = nssutil
+
+LIBRARY_NAME = cryptohi
+
+EXPORTS = \
+	cryptohi.h \
+	cryptoht.h \
+	key.h     \
+	keyhi.h   \
+	keyt.h    \
+	keythi.h  \
+	sechash.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	keyi.h    \
+	$(NULL)
+
+CSRCS = \
+	sechash.c \
+	seckey.c  \
+	secsign.c \
+	secvfy.c  \
+	dsautil.c \
+	$(NULL)
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/cryptohi/sechash.c b/nss/lib/cryptohi/sechash.c
new file mode 100644
index 0000000..b126211
--- /dev/null
+++ b/nss/lib/cryptohi/sechash.c
@@ -0,0 +1,438 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "sechash.h"
+#include "secoidt.h"
+#include "secerr.h"
+#include "blapi.h"
+#include "pk11func.h" /* for the PK11_ calls below. */
+
+static void *
+null_hash_new_context(void)
+{
+    return NULL;
+}
+
+static void *
+null_hash_clone_context(void *v)
+{
+    PORT_Assert(v == NULL);
+    return NULL;
+}
+
+static void
+null_hash_begin(void *v)
+{
+}
+
+static void
+null_hash_update(void *v, const unsigned char *input, unsigned int length)
+{
+}
+
+static void
+null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
+              unsigned int maxOut)
+{
+    *outLen = 0;
+}
+
+static void
+null_hash_destroy_context(void *v, PRBool b)
+{
+    PORT_Assert(v == NULL);
+}
+
+static void *
+md2_NewContext(void)
+{
+    return (void *)PK11_CreateDigestContext(SEC_OID_MD2);
+}
+
+static void *
+md5_NewContext(void)
+{
+    return (void *)PK11_CreateDigestContext(SEC_OID_MD5);
+}
+
+static void *
+sha1_NewContext(void)
+{
+    return (void *)PK11_CreateDigestContext(SEC_OID_SHA1);
+}
+
+static void *
+sha224_NewContext(void)
+{
+    return (void *)PK11_CreateDigestContext(SEC_OID_SHA224);
+}
+
+static void *
+sha256_NewContext(void)
+{
+    return (void *)PK11_CreateDigestContext(SEC_OID_SHA256);
+}
+
+static void *
+sha384_NewContext(void)
+{
+    return (void *)PK11_CreateDigestContext(SEC_OID_SHA384);
+}
+
+static void *
+sha512_NewContext(void)
+{
+    return (void *)PK11_CreateDigestContext(SEC_OID_SHA512);
+}
+
+const SECHashObject SECHashObjects[] = {
+    { 0,
+      (void *(*)(void))null_hash_new_context,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))null_hash_destroy_context,
+      (void (*)(void *))null_hash_begin,
+      (void (*)(void *, const unsigned char *, unsigned int))null_hash_update,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))null_hash_end,
+      0,
+      HASH_AlgNULL },
+    { MD2_LENGTH,
+      (void *(*)(void))md2_NewContext,
+      (void *(*)(void *))PK11_CloneContext,
+      (void (*)(void *, PRBool))PK11_DestroyContext,
+      (void (*)(void *))PK11_DigestBegin,
+      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          PK11_DigestFinal,
+      MD2_BLOCK_LENGTH,
+      HASH_AlgMD2 },
+    { MD5_LENGTH,
+      (void *(*)(void))md5_NewContext,
+      (void *(*)(void *))PK11_CloneContext,
+      (void (*)(void *, PRBool))PK11_DestroyContext,
+      (void (*)(void *))PK11_DigestBegin,
+      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          PK11_DigestFinal,
+      MD5_BLOCK_LENGTH,
+      HASH_AlgMD5 },
+    { SHA1_LENGTH,
+      (void *(*)(void))sha1_NewContext,
+      (void *(*)(void *))PK11_CloneContext,
+      (void (*)(void *, PRBool))PK11_DestroyContext,
+      (void (*)(void *))PK11_DigestBegin,
+      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          PK11_DigestFinal,
+      SHA1_BLOCK_LENGTH,
+      HASH_AlgSHA1 },
+    { SHA256_LENGTH,
+      (void *(*)(void))sha256_NewContext,
+      (void *(*)(void *))PK11_CloneContext,
+      (void (*)(void *, PRBool))PK11_DestroyContext,
+      (void (*)(void *))PK11_DigestBegin,
+      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          PK11_DigestFinal,
+      SHA256_BLOCK_LENGTH,
+      HASH_AlgSHA256 },
+    { SHA384_LENGTH,
+      (void *(*)(void))sha384_NewContext,
+      (void *(*)(void *))PK11_CloneContext,
+      (void (*)(void *, PRBool))PK11_DestroyContext,
+      (void (*)(void *))PK11_DigestBegin,
+      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          PK11_DigestFinal,
+      SHA384_BLOCK_LENGTH,
+      HASH_AlgSHA384 },
+    { SHA512_LENGTH,
+      (void *(*)(void))sha512_NewContext,
+      (void *(*)(void *))PK11_CloneContext,
+      (void (*)(void *, PRBool))PK11_DestroyContext,
+      (void (*)(void *))PK11_DigestBegin,
+      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          PK11_DigestFinal,
+      SHA512_BLOCK_LENGTH,
+      HASH_AlgSHA512 },
+    { SHA224_LENGTH,
+      (void *(*)(void))sha224_NewContext,
+      (void *(*)(void *))PK11_CloneContext,
+      (void (*)(void *, PRBool))PK11_DestroyContext,
+      (void (*)(void *))PK11_DigestBegin,
+      (void (*)(void *, const unsigned char *, unsigned int))PK11_DigestOp,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          PK11_DigestFinal,
+      SHA224_BLOCK_LENGTH,
+      HASH_AlgSHA224 },
+};
+
+const SECHashObject *
+HASH_GetHashObject(HASH_HashType type)
+{
+    return &SECHashObjects[type];
+}
+
+HASH_HashType
+HASH_GetHashTypeByOidTag(SECOidTag hashOid)
+{
+    HASH_HashType ht = HASH_AlgNULL;
+
+    switch (hashOid) {
+        case SEC_OID_MD2:
+            ht = HASH_AlgMD2;
+            break;
+        case SEC_OID_MD5:
+            ht = HASH_AlgMD5;
+            break;
+        case SEC_OID_SHA1:
+            ht = HASH_AlgSHA1;
+            break;
+        case SEC_OID_SHA224:
+            ht = HASH_AlgSHA224;
+            break;
+        case SEC_OID_SHA256:
+            ht = HASH_AlgSHA256;
+            break;
+        case SEC_OID_SHA384:
+            ht = HASH_AlgSHA384;
+            break;
+        case SEC_OID_SHA512:
+            ht = HASH_AlgSHA512;
+            break;
+        default:
+            ht = HASH_AlgNULL;
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            break;
+    }
+    return ht;
+}
+
+SECOidTag
+HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid)
+{
+    SECOidTag hashOid = SEC_OID_UNKNOWN;
+
+    switch (hmacOid) {
+        /* no oid exists for HMAC_MD2 */
+        /* NSS does not define a oid for HMAC_MD4 */
+        case SEC_OID_HMAC_SHA1:
+            hashOid = SEC_OID_SHA1;
+            break;
+        case SEC_OID_HMAC_SHA224:
+            hashOid = SEC_OID_SHA224;
+            break;
+        case SEC_OID_HMAC_SHA256:
+            hashOid = SEC_OID_SHA256;
+            break;
+        case SEC_OID_HMAC_SHA384:
+            hashOid = SEC_OID_SHA384;
+            break;
+        case SEC_OID_HMAC_SHA512:
+            hashOid = SEC_OID_SHA512;
+            break;
+        default:
+            hashOid = SEC_OID_UNKNOWN;
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            break;
+    }
+    return hashOid;
+}
+
+SECOidTag
+HASH_GetHMACOidTagByHashOidTag(SECOidTag hashOid)
+{
+    SECOidTag hmacOid = SEC_OID_UNKNOWN;
+
+    switch (hashOid) {
+        /* no oid exists for HMAC_MD2 */
+        /* NSS does not define a oid for HMAC_MD4 */
+        case SEC_OID_SHA1:
+            hmacOid = SEC_OID_HMAC_SHA1;
+            break;
+        case SEC_OID_SHA224:
+            hmacOid = SEC_OID_HMAC_SHA224;
+            break;
+        case SEC_OID_SHA256:
+            hmacOid = SEC_OID_HMAC_SHA256;
+            break;
+        case SEC_OID_SHA384:
+            hmacOid = SEC_OID_HMAC_SHA384;
+            break;
+        case SEC_OID_SHA512:
+            hmacOid = SEC_OID_HMAC_SHA512;
+            break;
+        default:
+            hmacOid = SEC_OID_UNKNOWN;
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            break;
+    }
+    return hmacOid;
+}
+
+const SECHashObject *
+HASH_GetHashObjectByOidTag(SECOidTag hashOid)
+{
+    HASH_HashType ht = HASH_GetHashTypeByOidTag(hashOid);
+
+    return (ht == HASH_AlgNULL) ? NULL : &SECHashObjects[ht];
+}
+
+/* returns zero for unknown hash OID */
+unsigned int
+HASH_ResultLenByOidTag(SECOidTag hashOid)
+{
+    const SECHashObject *hashObject = HASH_GetHashObjectByOidTag(hashOid);
+    unsigned int resultLen = 0;
+
+    if (hashObject)
+        resultLen = hashObject->length;
+    return resultLen;
+}
+
+/* returns zero if hash type invalid. */
+unsigned int
+HASH_ResultLen(HASH_HashType type)
+{
+    if ((type < HASH_AlgNULL) || (type >= HASH_AlgTOTAL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return (0);
+    }
+
+    return (SECHashObjects[type].length);
+}
+
+unsigned int
+HASH_ResultLenContext(HASHContext *context)
+{
+    return (context->hashobj->length);
+}
+
+SECStatus
+HASH_HashBuf(HASH_HashType type,
+             unsigned char *dest,
+             const unsigned char *src,
+             PRUint32 src_len)
+{
+    HASHContext *cx;
+    unsigned int part;
+
+    if ((type < HASH_AlgNULL) || (type >= HASH_AlgTOTAL)) {
+        return (SECFailure);
+    }
+
+    cx = HASH_Create(type);
+    if (cx == NULL) {
+        return (SECFailure);
+    }
+    HASH_Begin(cx);
+    HASH_Update(cx, src, src_len);
+    HASH_End(cx, dest, &part, HASH_ResultLenContext(cx));
+    HASH_Destroy(cx);
+
+    return (SECSuccess);
+}
+
+HASHContext *
+HASH_Create(HASH_HashType type)
+{
+    void *hash_context = NULL;
+    HASHContext *ret = NULL;
+
+    if ((type < HASH_AlgNULL) || (type >= HASH_AlgTOTAL)) {
+        return (NULL);
+    }
+
+    hash_context = (*SECHashObjects[type].create)();
+    if (hash_context == NULL) {
+        goto loser;
+    }
+
+    ret = (HASHContext *)PORT_Alloc(sizeof(HASHContext));
+    if (ret == NULL) {
+        goto loser;
+    }
+
+    ret->hash_context = hash_context;
+    ret->hashobj = &SECHashObjects[type];
+
+    return (ret);
+
+loser:
+    if (hash_context != NULL) {
+        (*SECHashObjects[type].destroy)(hash_context, PR_TRUE);
+    }
+
+    return (NULL);
+}
+
+HASHContext *
+HASH_Clone(HASHContext *context)
+{
+    void *hash_context = NULL;
+    HASHContext *ret = NULL;
+
+    hash_context = (*context->hashobj->clone)(context->hash_context);
+    if (hash_context == NULL) {
+        goto loser;
+    }
+
+    ret = (HASHContext *)PORT_Alloc(sizeof(HASHContext));
+    if (ret == NULL) {
+        goto loser;
+    }
+
+    ret->hash_context = hash_context;
+    ret->hashobj = context->hashobj;
+
+    return (ret);
+
+loser:
+    if (hash_context != NULL) {
+        (*context->hashobj->destroy)(hash_context, PR_TRUE);
+    }
+
+    return (NULL);
+}
+
+void
+HASH_Destroy(HASHContext *context)
+{
+    (*context->hashobj->destroy)(context->hash_context, PR_TRUE);
+    PORT_Free(context);
+    return;
+}
+
+void
+HASH_Begin(HASHContext *context)
+{
+    (*context->hashobj->begin)(context->hash_context);
+    return;
+}
+
+void
+HASH_Update(HASHContext *context,
+            const unsigned char *src,
+            unsigned int len)
+{
+    (*context->hashobj->update)(context->hash_context, src, len);
+    return;
+}
+
+void
+HASH_End(HASHContext *context,
+         unsigned char *result,
+         unsigned int *result_len,
+         unsigned int max_result_len)
+{
+    (*context->hashobj->end)(context->hash_context, result, result_len,
+                             max_result_len);
+    return;
+}
+
+HASH_HashType
+HASH_GetType(HASHContext *context)
+{
+    return (context->hashobj->type);
+}
diff --git a/nss/lib/cryptohi/sechash.h b/nss/lib/cryptohi/sechash.h
new file mode 100644
index 0000000..94ff7ed
--- /dev/null
+++ b/nss/lib/cryptohi/sechash.h
@@ -0,0 +1,58 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _HASH_H_
+#define _HASH_H_
+
+#include "seccomon.h"
+#include "hasht.h"
+#include "secoidt.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+** Generic hash api.
+*/
+
+extern unsigned int HASH_ResultLen(HASH_HashType type);
+
+extern unsigned int HASH_ResultLenContext(HASHContext *context);
+
+extern unsigned int HASH_ResultLenByOidTag(SECOidTag hashOid);
+
+extern SECStatus HASH_HashBuf(HASH_HashType type,
+                              unsigned char *dest,
+                              const unsigned char *src,
+                              PRUint32 src_len);
+
+extern HASHContext *HASH_Create(HASH_HashType type);
+
+extern HASHContext *HASH_Clone(HASHContext *context);
+
+extern void HASH_Destroy(HASHContext *context);
+
+extern void HASH_Begin(HASHContext *context);
+
+extern void HASH_Update(HASHContext *context,
+                        const unsigned char *src,
+                        unsigned int len);
+
+extern void HASH_End(HASHContext *context,
+                     unsigned char *result,
+                     unsigned int *result_len,
+                     unsigned int max_result_len);
+
+extern HASH_HashType HASH_GetType(HASHContext *context);
+
+extern const SECHashObject *HASH_GetHashObject(HASH_HashType type);
+
+extern const SECHashObject *HASH_GetHashObjectByOidTag(SECOidTag hashOid);
+
+extern HASH_HashType HASH_GetHashTypeByOidTag(SECOidTag hashOid);
+extern SECOidTag HASH_GetHashOidTagByHMACOidTag(SECOidTag hmacOid);
+extern SECOidTag HASH_GetHMACOidTagByHashOidTag(SECOidTag hashOid);
+
+SEC_END_PROTOS
+
+#endif /* _HASH_H_ */
diff --git a/nss/lib/cryptohi/seckey.c b/nss/lib/cryptohi/seckey.c
new file mode 100644
index 0000000..9ea48b7
--- /dev/null
+++ b/nss/lib/cryptohi/seckey.c
@@ -0,0 +1,1976 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secder.h"
+#include "base64.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "secdig.h"
+#include "prtime.h"
+#include "keyi.h"
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_IntegerTemplate)
+
+const SEC_ASN1Template CERT_SubjectPublicKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(CERTSubjectPublicKeyInfo) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(CERTSubjectPublicKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING,
+      offsetof(CERTSubjectPublicKeyInfo, subjectPublicKey) },
+    { 0 }
+};
+
+const SEC_ASN1Template CERT_PublicKeyAndChallengeTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CERTPublicKeyAndChallenge) },
+      { SEC_ASN1_ANY, offsetof(CERTPublicKeyAndChallenge, spki) },
+      { SEC_ASN1_IA5_STRING, offsetof(CERTPublicKeyAndChallenge, challenge) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SECKEY_RSAPublicKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.rsa.modulus) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.rsa.publicExponent) },
+    { 0 }
+};
+
+static const SEC_ASN1Template seckey_PointerToAlgorithmIDTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN, 0,
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }
+};
+
+/* Parameters for SEC_OID_PKCS1_RSA_PSS_SIGNATURE */
+const SEC_ASN1Template SECKEY_RSAPSSParamsTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRSAPSSParams) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+            SEC_ASN1_CONTEXT_SPECIFIC | 0,
+        offsetof(SECKEYRSAPSSParams, hashAlg),
+        seckey_PointerToAlgorithmIDTemplate },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+            SEC_ASN1_CONTEXT_SPECIFIC | 1,
+        offsetof(SECKEYRSAPSSParams, maskAlg),
+        seckey_PointerToAlgorithmIDTemplate },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+            SEC_ASN1_XTRN | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+        offsetof(SECKEYRSAPSSParams, saltLength),
+        SEC_ASN1_SUB(SEC_IntegerTemplate) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+            SEC_ASN1_XTRN | SEC_ASN1_CONTEXT_SPECIFIC | 3,
+        offsetof(SECKEYRSAPSSParams, trailerField),
+        SEC_ASN1_SUB(SEC_IntegerTemplate) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SECKEY_DSAPublicKeyTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dsa.publicValue) },
+    { 0 }
+};
+
+const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
+    { 0 }
+};
+
+const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dh.publicValue) },
+    { 0 }
+};
+
+const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dh.prime) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey, u.dh.base) },
+    /* XXX chrisk: this needs to be expanded for decoding of j and validationParms (RFC2459 7.3.2) */
+    { SEC_ASN1_SKIP_REST },
+    { 0 }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_DSAPublicKeyTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_RSAPublicKeyTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_RSAPSSParamsTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SubjectPublicKeyInfoTemplate)
+
+/*
+ * See bugzilla bug 125359
+ * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
+ * all of the templates above that en/decode into integers must be converted
+ * from ASN.1's signed integer type.  This is done by marking either the
+ * source or destination (encoding or decoding, respectively) type as
+ * siUnsignedInteger.
+ */
+static void
+prepare_rsa_pub_key_for_asn1(SECKEYPublicKey *pubk)
+{
+    pubk->u.rsa.modulus.type = siUnsignedInteger;
+    pubk->u.rsa.publicExponent.type = siUnsignedInteger;
+}
+
+static void
+prepare_dsa_pub_key_for_asn1(SECKEYPublicKey *pubk)
+{
+    pubk->u.dsa.publicValue.type = siUnsignedInteger;
+}
+
+static void
+prepare_pqg_params_for_asn1(SECKEYPQGParams *params)
+{
+    params->prime.type = siUnsignedInteger;
+    params->subPrime.type = siUnsignedInteger;
+    params->base.type = siUnsignedInteger;
+}
+
+static void
+prepare_dh_pub_key_for_asn1(SECKEYPublicKey *pubk)
+{
+    pubk->u.dh.prime.type = siUnsignedInteger;
+    pubk->u.dh.base.type = siUnsignedInteger;
+    pubk->u.dh.publicValue.type = siUnsignedInteger;
+}
+
+/* Create an RSA key pair is any slot able to do so.
+** The created keys are "session" (temporary), not "token" (permanent),
+** and they are "sensitive", which makes them costly to move to another token.
+*/
+SECKEYPrivateKey *
+SECKEY_CreateRSAPrivateKey(int keySizeInBits, SECKEYPublicKey **pubk, void *cx)
+{
+    SECKEYPrivateKey *privk;
+    PK11RSAGenParams param;
+    PK11SlotInfo *slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, cx);
+    if (!slot) {
+        return NULL;
+    }
+
+    param.keySizeInBits = keySizeInBits;
+    param.pe = 65537L;
+
+    privk = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &param, pubk,
+                                 PR_FALSE, PR_TRUE, cx);
+    PK11_FreeSlot(slot);
+    return (privk);
+}
+
+/* Create a DH key pair in any slot able to do so,
+** This is a "session" (temporary), not "token" (permanent) key.
+** Because of the high probability that this key will need to be moved to
+** another token, and the high cost of moving "sensitive" keys, we attempt
+** to create this key pair without the "sensitive" attribute, but revert to
+** creating a "sensitive" key if necessary.
+*/
+SECKEYPrivateKey *
+SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *cx)
+{
+    SECKEYPrivateKey *privk;
+    PK11SlotInfo *slot;
+
+    if (!param || !param->base.data || !param->prime.data ||
+        SECKEY_BigIntegerBitLength(&param->prime) < DH_MIN_P_BITS ||
+        param->base.len == 0 || param->base.len > param->prime.len + 1 ||
+        (param->base.len == 1 && param->base.data[0] == 0)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    slot = PK11_GetBestSlot(CKM_DH_PKCS_KEY_PAIR_GEN, cx);
+    if (!slot) {
+        return NULL;
+    }
+
+    privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
+                                 pubk, PR_FALSE, PR_FALSE, cx);
+    if (!privk)
+        privk = PK11_GenerateKeyPair(slot, CKM_DH_PKCS_KEY_PAIR_GEN, param,
+                                     pubk, PR_FALSE, PR_TRUE, cx);
+
+    PK11_FreeSlot(slot);
+    return (privk);
+}
+
+/* Create an EC key pair in any slot able to do so,
+** This is a "session" (temporary), not "token" (permanent) key.
+** Because of the high probability that this key will need to be moved to
+** another token, and the high cost of moving "sensitive" keys, we attempt
+** to create this key pair without the "sensitive" attribute, but revert to
+** creating a "sensitive" key if necessary.
+*/
+SECKEYPrivateKey *
+SECKEY_CreateECPrivateKey(SECKEYECParams *param, SECKEYPublicKey **pubk, void *cx)
+{
+    SECKEYPrivateKey *privk;
+    PK11SlotInfo *slot = PK11_GetBestSlot(CKM_EC_KEY_PAIR_GEN, cx);
+    if (!slot) {
+        return NULL;
+    }
+
+    privk = PK11_GenerateKeyPairWithOpFlags(slot, CKM_EC_KEY_PAIR_GEN,
+                                            param, pubk,
+                                            PK11_ATTR_SESSION |
+                                                PK11_ATTR_INSENSITIVE |
+                                                PK11_ATTR_PUBLIC,
+                                            CKF_DERIVE, CKF_DERIVE |
+                                                            CKF_SIGN,
+                                            cx);
+    if (!privk)
+        privk = PK11_GenerateKeyPairWithOpFlags(slot, CKM_EC_KEY_PAIR_GEN,
+                                                param, pubk,
+                                                PK11_ATTR_SESSION |
+                                                    PK11_ATTR_SENSITIVE |
+                                                    PK11_ATTR_PRIVATE,
+                                                CKF_DERIVE, CKF_DERIVE |
+                                                                CKF_SIGN,
+                                                cx);
+
+    PK11_FreeSlot(slot);
+    return (privk);
+}
+
+void
+SECKEY_DestroyPrivateKey(SECKEYPrivateKey *privk)
+{
+    if (privk) {
+        if (privk->pkcs11Slot) {
+            if (privk->pkcs11IsTemp) {
+                PK11_DestroyObject(privk->pkcs11Slot, privk->pkcs11ID);
+            }
+            PK11_FreeSlot(privk->pkcs11Slot);
+        }
+        if (privk->arena) {
+            PORT_FreeArena(privk->arena, PR_TRUE);
+        }
+    }
+}
+
+void
+SECKEY_DestroyPublicKey(SECKEYPublicKey *pubk)
+{
+    if (pubk) {
+        if (pubk->pkcs11Slot) {
+            if (!PK11_IsPermObject(pubk->pkcs11Slot, pubk->pkcs11ID)) {
+                PK11_DestroyObject(pubk->pkcs11Slot, pubk->pkcs11ID);
+            }
+            PK11_FreeSlot(pubk->pkcs11Slot);
+        }
+        if (pubk->arena) {
+            PORT_FreeArena(pubk->arena, PR_FALSE);
+        }
+    }
+}
+
+SECStatus
+SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena,
+                                CERTSubjectPublicKeyInfo *to,
+                                CERTSubjectPublicKeyInfo *from)
+{
+    SECStatus rv;
+    SECItem spk;
+
+    rv = SECOID_CopyAlgorithmID(arena, &to->algorithm, &from->algorithm);
+    if (rv == SECSuccess) {
+        /*
+         * subjectPublicKey is a bit string, whose length is in bits.
+         * Convert the length from bits to bytes for SECITEM_CopyItem.
+         */
+        spk = from->subjectPublicKey;
+        DER_ConvertBitString(&spk);
+        rv = SECITEM_CopyItem(arena, &to->subjectPublicKey, &spk);
+        /* Set the length back to bits. */
+        if (rv == SECSuccess) {
+            to->subjectPublicKey.len = from->subjectPublicKey.len;
+        }
+    }
+
+    return rv;
+}
+
+/* Procedure to update the pqg parameters for a cert's public key.
+ * pqg parameters only need to be updated for DSA certificates.
+ * The procedure uses calls to itself recursively to update a certificate
+ * issuer's pqg parameters.  Some important rules are:
+ *    - Do nothing if the cert already has PQG parameters.
+ *    - If the cert does not have PQG parameters, obtain them from the issuer.
+ *    - A valid cert chain cannot have a DSA cert without
+ *      pqg parameters that has a parent that is not a DSA cert.  */
+
+static SECStatus
+seckey_UpdateCertPQGChain(CERTCertificate *subjectCert, int count)
+{
+    SECStatus rv;
+    SECOidData *oid = NULL;
+    int tag;
+    CERTSubjectPublicKeyInfo *subjectSpki = NULL;
+    CERTSubjectPublicKeyInfo *issuerSpki = NULL;
+    CERTCertificate *issuerCert = NULL;
+
+    /* increment cert chain length counter*/
+    count++;
+
+    /* check if cert chain length exceeds the maximum length*/
+    if (count > CERT_MAX_CERT_CHAIN) {
+        return SECFailure;
+    }
+
+    oid = SECOID_FindOID(&subjectCert->subjectPublicKeyInfo.algorithm.algorithm);
+    if (oid != NULL) {
+        tag = oid->offset;
+
+        /* Check if cert has a DSA or EC public key. If not, return
+         * success since no PQG params need to be updated.
+         *
+         * Question: do we really need to do this for EC keys. They don't have
+         * PQG parameters, but they do have parameters. The question is does
+         * the child cert inherit thost parameters for EC from the parent, or
+         * do we always include those parameters in each cert.
+         */
+
+        if ((tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+            (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+            (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
+            (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
+            (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+            (tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
+            (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+
+            return SECSuccess;
+        }
+    } else {
+        return SECFailure; /* return failure if oid is NULL */
+    }
+
+    /* if cert has PQG parameters, return success */
+
+    subjectSpki = &subjectCert->subjectPublicKeyInfo;
+
+    if (subjectSpki->algorithm.parameters.len != 0) {
+        return SECSuccess;
+    }
+
+    /* check if the cert is self-signed */
+    if (subjectCert->isRoot) {
+        /* fail since cert is self-signed and has no pqg params. */
+        return SECFailure;
+    }
+
+    /* get issuer cert */
+    issuerCert = CERT_FindCertIssuer(subjectCert, PR_Now(), certUsageAnyCA);
+    if (!issuerCert) {
+        return SECFailure;
+    }
+
+    /* if parent is not DSA, return failure since
+       we don't allow this case. */
+
+    oid = SECOID_FindOID(&issuerCert->subjectPublicKeyInfo.algorithm.algorithm);
+    if (oid != NULL) {
+        tag = oid->offset;
+
+        /* Check if issuer cert has a DSA public key. If not,
+         * return failure.   */
+
+        if ((tag != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+            (tag != SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+            (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST) &&
+            (tag != SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST) &&
+            (tag != SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST) &&
+            (tag != SEC_OID_SDN702_DSA_SIGNATURE) &&
+            (tag != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+            rv = SECFailure;
+            goto loser;
+        }
+    } else {
+        rv = SECFailure; /* return failure if oid is NULL */
+        goto loser;
+    }
+
+    /* at this point the subject cert has no pqg parameters and the
+     * issuer cert has a DSA public key.  Update the issuer's
+     * pqg parameters with a recursive call to this same function. */
+
+    rv = seckey_UpdateCertPQGChain(issuerCert, count);
+    if (rv != SECSuccess) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* ensure issuer has pqg parameters */
+
+    issuerSpki = &issuerCert->subjectPublicKeyInfo;
+    if (issuerSpki->algorithm.parameters.len == 0) {
+        rv = SECFailure;
+    }
+
+    /* if update was successful and pqg params present, then copy the
+     * parameters to the subject cert's key. */
+
+    if (rv == SECSuccess) {
+        rv = SECITEM_CopyItem(subjectCert->arena,
+                              &subjectSpki->algorithm.parameters,
+                              &issuerSpki->algorithm.parameters);
+    }
+
+loser:
+    if (issuerCert) {
+        CERT_DestroyCertificate(issuerCert);
+    }
+    return rv;
+}
+
+SECStatus
+SECKEY_UpdateCertPQG(CERTCertificate *subjectCert)
+{
+    if (!subjectCert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    return seckey_UpdateCertPQGChain(subjectCert, 0);
+}
+
+/* Decode the DSA PQG parameters.  The params could be stored in two
+ * possible formats, the old fortezza-only wrapped format or
+ * the normal standard format.  Store the decoded parameters in
+ * a V3 certificate data structure.  */
+
+static SECStatus
+seckey_DSADecodePQG(PLArenaPool *arena, SECKEYPublicKey *pubk,
+                    const SECItem *params)
+{
+    SECStatus rv;
+    SECItem newparams;
+
+    if (params == NULL)
+        return SECFailure;
+
+    if (params->data == NULL)
+        return SECFailure;
+
+    PORT_Assert(arena);
+
+    /* make a copy of the data into the arena so QuickDER output is valid */
+    rv = SECITEM_CopyItem(arena, &newparams, params);
+
+    /* Check if params use the standard format.
+     * The value 0xa1 will appear in the first byte of the parameter data
+     * if the PQG parameters are not using the standard format.  This
+     * code should be changed to use a better method to detect non-standard
+     * parameters.    */
+
+    if ((newparams.data[0] != 0xa1) &&
+        (newparams.data[0] != 0xa0)) {
+
+        if (SECSuccess == rv) {
+            /* PQG params are in the standard format */
+            prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
+            rv = SEC_QuickDERDecodeItem(arena, &pubk->u.dsa.params,
+                                        SECKEY_PQGParamsTemplate,
+                                        &newparams);
+        }
+    } else {
+
+        if (SECSuccess == rv) {
+            /* else the old fortezza-only wrapped format is used. */
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            rv = SECFailure;
+        }
+    }
+    return rv;
+}
+
+/* Function used to make an oid tag to a key type */
+KeyType
+seckey_GetKeyType(SECOidTag tag)
+{
+    KeyType keyType;
+
+    switch (tag) {
+        case SEC_OID_X500_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            keyType = rsaKey;
+            break;
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+            keyType = rsaPssKey;
+            break;
+        case SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION:
+            keyType = rsaOaepKey;
+            break;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            keyType = dsaKey;
+            break;
+        case SEC_OID_MISSI_KEA_DSS_OLD:
+        case SEC_OID_MISSI_KEA_DSS:
+        case SEC_OID_MISSI_DSS_OLD:
+        case SEC_OID_MISSI_DSS:
+            keyType = fortezzaKey;
+            break;
+        case SEC_OID_MISSI_KEA:
+        case SEC_OID_MISSI_ALT_KEA:
+            keyType = keaKey;
+            break;
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+            keyType = dhKey;
+            break;
+        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+            keyType = ecKey;
+            break;
+        /* accommodate applications that hand us a signature type when they
+         * should be handing us a cipher type */
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+            keyType = rsaKey;
+            break;
+        default:
+            keyType = nullKey;
+    }
+    return keyType;
+}
+
+/* Function used to determine what kind of cert we are dealing with. */
+KeyType
+CERT_GetCertKeyType(const CERTSubjectPublicKeyInfo *spki)
+{
+    return seckey_GetKeyType(SECOID_GetAlgorithmTag(&spki->algorithm));
+}
+
+/* Ensure pubKey contains an OID */
+static SECStatus
+seckey_HasCurveOID(const SECKEYPublicKey *pubKey)
+{
+    SECItem oid;
+    SECStatus rv;
+    PORTCheapArenaPool tmpArena;
+
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+    /* If we can decode it, an OID is available. */
+    rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &oid,
+                                SEC_ASN1_GET(SEC_ObjectIDTemplate),
+                                &pubKey->u.ec.DEREncodedParams);
+    PORT_DestroyCheapArena(&tmpArena);
+    return rv;
+}
+
+static SECKEYPublicKey *
+seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
+{
+    SECKEYPublicKey *pubk;
+    SECItem os, newOs, newParms;
+    SECStatus rv;
+    PLArenaPool *arena;
+    SECOidTag tag;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+
+    pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+    if (pubk == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    pubk->arena = arena;
+    pubk->pkcs11Slot = 0;
+    pubk->pkcs11ID = CK_INVALID_HANDLE;
+
+    /* Convert bit string length from bits to bytes */
+    os = spki->subjectPublicKey;
+    DER_ConvertBitString(&os);
+
+    tag = SECOID_GetAlgorithmTag(&spki->algorithm);
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newOs, &os);
+    if (rv == SECSuccess)
+        switch (tag) {
+            case SEC_OID_X500_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+                pubk->keyType = rsaKey;
+                prepare_rsa_pub_key_for_asn1(pubk);
+                rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_RSAPublicKeyTemplate, &newOs);
+                if (rv == SECSuccess)
+                    return pubk;
+                break;
+            case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            case SEC_OID_SDN702_DSA_SIGNATURE:
+                pubk->keyType = dsaKey;
+                prepare_dsa_pub_key_for_asn1(pubk);
+                rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DSAPublicKeyTemplate, &newOs);
+                if (rv != SECSuccess)
+                    break;
+
+                rv = seckey_DSADecodePQG(arena, pubk,
+                                         &spki->algorithm.parameters);
+
+                if (rv == SECSuccess)
+                    return pubk;
+                break;
+            case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+                pubk->keyType = dhKey;
+                prepare_dh_pub_key_for_asn1(pubk);
+                rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DHPublicKeyTemplate, &newOs);
+                if (rv != SECSuccess)
+                    break;
+
+                /* copy the DER into the arena, since Quick DER returns data that points
+                   into the DER input, which may get freed by the caller */
+                rv = SECITEM_CopyItem(arena, &newParms, &spki->algorithm.parameters);
+                if (rv != SECSuccess)
+                    break;
+
+                rv = SEC_QuickDERDecodeItem(arena, pubk, SECKEY_DHParamKeyTemplate,
+                                            &newParms);
+
+                if (rv == SECSuccess)
+                    return pubk;
+                break;
+            case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+                pubk->keyType = ecKey;
+                pubk->u.ec.size = 0;
+
+                /* Since PKCS#11 directly takes the DER encoding of EC params
+                 * and public value, we don't need any decoding here.
+                 */
+                rv = SECITEM_CopyItem(arena, &pubk->u.ec.DEREncodedParams,
+                                      &spki->algorithm.parameters);
+                if (rv != SECSuccess) {
+                    break;
+                }
+                rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &newOs);
+                if (rv != SECSuccess) {
+                    break;
+                }
+                pubk->u.ec.encoding = ECPoint_Undefined;
+                rv = seckey_HasCurveOID(pubk);
+                if (rv == SECSuccess) {
+                    return pubk;
+                }
+                break;
+
+            default:
+                PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+                break;
+        }
+
+    SECKEY_DestroyPublicKey(pubk);
+    return NULL;
+}
+
+/* required for JSS */
+SECKEYPublicKey *
+SECKEY_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
+{
+    return seckey_ExtractPublicKey(spki);
+}
+
+SECKEYPublicKey *
+CERT_ExtractPublicKey(CERTCertificate *cert)
+{
+    return seckey_ExtractPublicKey(&cert->subjectPublicKeyInfo);
+}
+
+int
+SECKEY_ECParamsToKeySize(const SECItem *encodedParams)
+{
+    SECOidTag tag;
+    SECItem oid = { siBuffer, NULL, 0 };
+
+    /* The encodedParams data contains 0x06 (SEC_ASN1_OBJECT_ID),
+     * followed by the length of the curve oid and the curve oid.
+     */
+    oid.len = encodedParams->data[1];
+    oid.data = encodedParams->data + 2;
+    if ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)
+        return 0;
+
+    switch (tag) {
+        case SEC_OID_SECG_EC_SECP112R1:
+        case SEC_OID_SECG_EC_SECP112R2:
+            return 112;
+
+        case SEC_OID_SECG_EC_SECT113R1:
+        case SEC_OID_SECG_EC_SECT113R2:
+            return 113;
+
+        case SEC_OID_SECG_EC_SECP128R1:
+        case SEC_OID_SECG_EC_SECP128R2:
+            return 128;
+
+        case SEC_OID_SECG_EC_SECT131R1:
+        case SEC_OID_SECG_EC_SECT131R2:
+            return 131;
+
+        case SEC_OID_SECG_EC_SECP160K1:
+        case SEC_OID_SECG_EC_SECP160R1:
+        case SEC_OID_SECG_EC_SECP160R2:
+            return 160;
+
+        case SEC_OID_SECG_EC_SECT163K1:
+        case SEC_OID_SECG_EC_SECT163R1:
+        case SEC_OID_SECG_EC_SECT163R2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V1:
+        case SEC_OID_ANSIX962_EC_C2PNB163V2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V3:
+            return 163;
+
+        case SEC_OID_ANSIX962_EC_C2PNB176V1:
+            return 176;
+
+        case SEC_OID_ANSIX962_EC_C2TNB191V1:
+        case SEC_OID_ANSIX962_EC_C2TNB191V2:
+        case SEC_OID_ANSIX962_EC_C2TNB191V3:
+        case SEC_OID_ANSIX962_EC_C2ONB191V4:
+        case SEC_OID_ANSIX962_EC_C2ONB191V5:
+            return 191;
+
+        case SEC_OID_SECG_EC_SECP192K1:
+        case SEC_OID_ANSIX962_EC_PRIME192V1:
+        case SEC_OID_ANSIX962_EC_PRIME192V2:
+        case SEC_OID_ANSIX962_EC_PRIME192V3:
+            return 192;
+
+        case SEC_OID_SECG_EC_SECT193R1:
+        case SEC_OID_SECG_EC_SECT193R2:
+            return 193;
+
+        case SEC_OID_ANSIX962_EC_C2PNB208W1:
+            return 208;
+
+        case SEC_OID_SECG_EC_SECP224K1:
+        case SEC_OID_SECG_EC_SECP224R1:
+            return 224;
+
+        case SEC_OID_SECG_EC_SECT233K1:
+        case SEC_OID_SECG_EC_SECT233R1:
+            return 233;
+
+        case SEC_OID_SECG_EC_SECT239K1:
+        case SEC_OID_ANSIX962_EC_C2TNB239V1:
+        case SEC_OID_ANSIX962_EC_C2TNB239V2:
+        case SEC_OID_ANSIX962_EC_C2TNB239V3:
+        case SEC_OID_ANSIX962_EC_C2ONB239V4:
+        case SEC_OID_ANSIX962_EC_C2ONB239V5:
+        case SEC_OID_ANSIX962_EC_PRIME239V1:
+        case SEC_OID_ANSIX962_EC_PRIME239V2:
+        case SEC_OID_ANSIX962_EC_PRIME239V3:
+            return 239;
+
+        case SEC_OID_SECG_EC_SECP256K1:
+        case SEC_OID_ANSIX962_EC_PRIME256V1:
+            return 256;
+
+        case SEC_OID_ANSIX962_EC_C2PNB272W1:
+            return 272;
+
+        case SEC_OID_SECG_EC_SECT283K1:
+        case SEC_OID_SECG_EC_SECT283R1:
+            return 283;
+
+        case SEC_OID_ANSIX962_EC_C2PNB304W1:
+            return 304;
+
+        case SEC_OID_ANSIX962_EC_C2TNB359V1:
+            return 359;
+
+        case SEC_OID_ANSIX962_EC_C2PNB368W1:
+            return 368;
+
+        case SEC_OID_SECG_EC_SECP384R1:
+            return 384;
+
+        case SEC_OID_SECG_EC_SECT409K1:
+        case SEC_OID_SECG_EC_SECT409R1:
+            return 409;
+
+        case SEC_OID_ANSIX962_EC_C2TNB431R1:
+            return 431;
+
+        case SEC_OID_SECG_EC_SECP521R1:
+            return 521;
+
+        case SEC_OID_SECG_EC_SECT571K1:
+        case SEC_OID_SECG_EC_SECT571R1:
+            return 571;
+
+        case SEC_OID_CURVE25519:
+            return 255;
+
+        default:
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+            return 0;
+    }
+}
+
+int
+SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams)
+{
+    SECOidTag tag;
+    SECItem oid = { siBuffer, NULL, 0 };
+
+    /* The encodedParams data contains 0x06 (SEC_ASN1_OBJECT_ID),
+     * followed by the length of the curve oid and the curve oid.
+     */
+    oid.len = encodedParams->data[1];
+    oid.data = encodedParams->data + 2;
+    if ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)
+        return 0;
+
+    switch (tag) {
+        case SEC_OID_SECG_EC_SECP112R1:
+            return 112;
+        case SEC_OID_SECG_EC_SECP112R2:
+            return 110;
+
+        case SEC_OID_SECG_EC_SECT113R1:
+        case SEC_OID_SECG_EC_SECT113R2:
+            return 113;
+
+        case SEC_OID_SECG_EC_SECP128R1:
+            return 128;
+        case SEC_OID_SECG_EC_SECP128R2:
+            return 126;
+
+        case SEC_OID_SECG_EC_SECT131R1:
+        case SEC_OID_SECG_EC_SECT131R2:
+            return 131;
+
+        case SEC_OID_SECG_EC_SECP160K1:
+        case SEC_OID_SECG_EC_SECP160R1:
+        case SEC_OID_SECG_EC_SECP160R2:
+            return 161;
+
+        case SEC_OID_SECG_EC_SECT163K1:
+            return 163;
+        case SEC_OID_SECG_EC_SECT163R1:
+            return 162;
+        case SEC_OID_SECG_EC_SECT163R2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V1:
+            return 163;
+        case SEC_OID_ANSIX962_EC_C2PNB163V2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V3:
+            return 162;
+
+        case SEC_OID_ANSIX962_EC_C2PNB176V1:
+            return 161;
+
+        case SEC_OID_ANSIX962_EC_C2TNB191V1:
+            return 191;
+        case SEC_OID_ANSIX962_EC_C2TNB191V2:
+            return 190;
+        case SEC_OID_ANSIX962_EC_C2TNB191V3:
+            return 189;
+        case SEC_OID_ANSIX962_EC_C2ONB191V4:
+            return 191;
+        case SEC_OID_ANSIX962_EC_C2ONB191V5:
+            return 188;
+
+        case SEC_OID_SECG_EC_SECP192K1:
+        case SEC_OID_ANSIX962_EC_PRIME192V1:
+        case SEC_OID_ANSIX962_EC_PRIME192V2:
+        case SEC_OID_ANSIX962_EC_PRIME192V3:
+            return 192;
+
+        case SEC_OID_SECG_EC_SECT193R1:
+        case SEC_OID_SECG_EC_SECT193R2:
+            return 193;
+
+        case SEC_OID_ANSIX962_EC_C2PNB208W1:
+            return 193;
+
+        case SEC_OID_SECG_EC_SECP224K1:
+            return 225;
+        case SEC_OID_SECG_EC_SECP224R1:
+            return 224;
+
+        case SEC_OID_SECG_EC_SECT233K1:
+            return 232;
+        case SEC_OID_SECG_EC_SECT233R1:
+            return 233;
+
+        case SEC_OID_SECG_EC_SECT239K1:
+        case SEC_OID_ANSIX962_EC_C2TNB239V1:
+            return 238;
+        case SEC_OID_ANSIX962_EC_C2TNB239V2:
+            return 237;
+        case SEC_OID_ANSIX962_EC_C2TNB239V3:
+            return 236;
+        case SEC_OID_ANSIX962_EC_C2ONB239V4:
+            return 238;
+        case SEC_OID_ANSIX962_EC_C2ONB239V5:
+            return 237;
+        case SEC_OID_ANSIX962_EC_PRIME239V1:
+        case SEC_OID_ANSIX962_EC_PRIME239V2:
+        case SEC_OID_ANSIX962_EC_PRIME239V3:
+            return 239;
+
+        case SEC_OID_SECG_EC_SECP256K1:
+        case SEC_OID_ANSIX962_EC_PRIME256V1:
+            return 256;
+
+        case SEC_OID_ANSIX962_EC_C2PNB272W1:
+            return 257;
+
+        case SEC_OID_SECG_EC_SECT283K1:
+            return 281;
+        case SEC_OID_SECG_EC_SECT283R1:
+            return 282;
+
+        case SEC_OID_ANSIX962_EC_C2PNB304W1:
+            return 289;
+
+        case SEC_OID_ANSIX962_EC_C2TNB359V1:
+            return 353;
+
+        case SEC_OID_ANSIX962_EC_C2PNB368W1:
+            return 353;
+
+        case SEC_OID_SECG_EC_SECP384R1:
+            return 384;
+
+        case SEC_OID_SECG_EC_SECT409K1:
+            return 407;
+        case SEC_OID_SECG_EC_SECT409R1:
+            return 409;
+
+        case SEC_OID_ANSIX962_EC_C2TNB431R1:
+            return 418;
+
+        case SEC_OID_SECG_EC_SECP521R1:
+            return 521;
+
+        case SEC_OID_SECG_EC_SECT571K1:
+        case SEC_OID_SECG_EC_SECT571R1:
+            return 570;
+
+        case SEC_OID_CURVE25519:
+            return 255;
+
+        default:
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+            return 0;
+    }
+}
+
+/* The number of bits in the number from the first non-zero bit onward. */
+unsigned
+SECKEY_BigIntegerBitLength(const SECItem *number)
+{
+    const unsigned char *p;
+    unsigned octets;
+    unsigned bits;
+
+    if (!number || !number->data) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return 0;
+    }
+
+    p = number->data;
+    octets = number->len;
+    while (octets > 0 && !*p) {
+        ++p;
+        --octets;
+    }
+    if (octets == 0) {
+        return 0;
+    }
+    /* bits = 7..1 because we know at least one bit is set already */
+    /* Note: This could do a binary search, but this is faster for keys if we
+     * assume that good keys will have the MSB set. */
+    for (bits = 7; bits > 0; --bits) {
+        if (*p & (1 << bits)) {
+            break;
+        }
+    }
+    return octets * 8 + bits - 7;
+}
+
+/* returns key strength in bytes (not bits) */
+unsigned
+SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk)
+{
+    return (SECKEY_PublicKeyStrengthInBits(pubk) + 7) / 8;
+}
+
+/* returns key strength in bits */
+unsigned
+SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk)
+{
+    unsigned bitSize = 0;
+
+    if (!pubk) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return 0;
+    }
+
+    /* interpret modulus length as key strength */
+    switch (pubk->keyType) {
+        case rsaKey:
+            bitSize = SECKEY_BigIntegerBitLength(&pubk->u.rsa.modulus);
+            break;
+        case dsaKey:
+            bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.params.prime);
+            break;
+        case dhKey:
+            bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.prime);
+            break;
+        case ecKey:
+            bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams);
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_KEY);
+            break;
+    }
+    return bitSize;
+}
+
+/* returns signature length in bytes (not bits) */
+unsigned
+SECKEY_SignatureLen(const SECKEYPublicKey *pubk)
+{
+    unsigned char b0;
+    unsigned size;
+
+    switch (pubk->keyType) {
+        case rsaKey:
+            b0 = pubk->u.rsa.modulus.data[0];
+            return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
+        case dsaKey:
+            return pubk->u.dsa.params.subPrime.len * 2;
+        case ecKey:
+            /* Get the base point order length in bits and adjust */
+            size = SECKEY_ECParamsToBasePointOrderLen(
+                &pubk->u.ec.DEREncodedParams);
+            return ((size + 7) / 8) * 2;
+        default:
+            break;
+    }
+    PORT_SetError(SEC_ERROR_INVALID_KEY);
+    return 0;
+}
+
+SECKEYPrivateKey *
+SECKEY_CopyPrivateKey(const SECKEYPrivateKey *privk)
+{
+    SECKEYPrivateKey *copyk;
+    PLArenaPool *arena;
+
+    if (!privk || !privk->pkcs11Slot) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    copyk = (SECKEYPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey));
+    if (copyk) {
+        copyk->arena = arena;
+        copyk->keyType = privk->keyType;
+
+        /* copy the PKCS #11 parameters */
+        copyk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot);
+        /* if the key we're referencing was a temparary key we have just
+         * created, that we want to go away when we're through, we need
+         * to make a copy of it */
+        if (privk->pkcs11IsTemp) {
+            copyk->pkcs11ID =
+                PK11_CopyKey(privk->pkcs11Slot, privk->pkcs11ID);
+            if (copyk->pkcs11ID == CK_INVALID_HANDLE)
+                goto fail;
+        } else {
+            copyk->pkcs11ID = privk->pkcs11ID;
+        }
+        copyk->pkcs11IsTemp = privk->pkcs11IsTemp;
+        copyk->wincx = privk->wincx;
+        copyk->staticflags = privk->staticflags;
+        return copyk;
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+fail:
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+SECKEYPublicKey *
+SECKEY_CopyPublicKey(const SECKEYPublicKey *pubk)
+{
+    SECKEYPublicKey *copyk;
+    PLArenaPool *arena;
+    SECStatus rv = SECSuccess;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    copyk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+    if (!copyk) {
+        PORT_FreeArena(arena, PR_FALSE);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    copyk->arena = arena;
+    copyk->keyType = pubk->keyType;
+    if (pubk->pkcs11Slot &&
+        PK11_IsPermObject(pubk->pkcs11Slot, pubk->pkcs11ID)) {
+        copyk->pkcs11Slot = PK11_ReferenceSlot(pubk->pkcs11Slot);
+        copyk->pkcs11ID = pubk->pkcs11ID;
+    } else {
+        copyk->pkcs11Slot = NULL; /* go get own reference */
+        copyk->pkcs11ID = CK_INVALID_HANDLE;
+    }
+    switch (pubk->keyType) {
+        case rsaKey:
+            rv = SECITEM_CopyItem(arena, &copyk->u.rsa.modulus,
+                                  &pubk->u.rsa.modulus);
+            if (rv == SECSuccess) {
+                rv = SECITEM_CopyItem(arena, &copyk->u.rsa.publicExponent,
+                                      &pubk->u.rsa.publicExponent);
+                if (rv == SECSuccess)
+                    return copyk;
+            }
+            break;
+        case dsaKey:
+            rv = SECITEM_CopyItem(arena, &copyk->u.dsa.publicValue,
+                                  &pubk->u.dsa.publicValue);
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.prime,
+                                  &pubk->u.dsa.params.prime);
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.subPrime,
+                                  &pubk->u.dsa.params.subPrime);
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(arena, &copyk->u.dsa.params.base,
+                                  &pubk->u.dsa.params.base);
+            break;
+        case dhKey:
+            rv = SECITEM_CopyItem(arena, &copyk->u.dh.prime, &pubk->u.dh.prime);
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(arena, &copyk->u.dh.base, &pubk->u.dh.base);
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(arena, &copyk->u.dh.publicValue,
+                                  &pubk->u.dh.publicValue);
+            break;
+        case ecKey:
+            copyk->u.ec.size = pubk->u.ec.size;
+            rv = seckey_HasCurveOID(pubk);
+            if (rv != SECSuccess) {
+                break;
+            }
+            rv = SECITEM_CopyItem(arena, &copyk->u.ec.DEREncodedParams,
+                                  &pubk->u.ec.DEREncodedParams);
+            if (rv != SECSuccess) {
+                break;
+            }
+            copyk->u.ec.encoding = ECPoint_Undefined;
+            rv = SECITEM_CopyItem(arena, &copyk->u.ec.publicValue,
+                                  &pubk->u.ec.publicValue);
+            break;
+        case nullKey:
+            return copyk;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_KEY);
+            rv = SECFailure;
+            break;
+    }
+    if (rv == SECSuccess)
+        return copyk;
+
+    SECKEY_DestroyPublicKey(copyk);
+    return NULL;
+}
+
+SECKEYPublicKey *
+SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk)
+{
+    SECKEYPublicKey *pubk;
+    PLArenaPool *arena;
+    CERTCertificate *cert;
+    SECStatus rv;
+
+    /*
+     * First try to look up the cert.
+     */
+    cert = PK11_GetCertFromPrivateKey(privk);
+    if (cert) {
+        pubk = CERT_ExtractPublicKey(cert);
+        CERT_DestroyCertificate(cert);
+        return pubk;
+    }
+
+    /* couldn't find the cert, build pub key by hand */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                               sizeof(SECKEYPublicKey));
+    if (pubk == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    pubk->keyType = privk->keyType;
+    pubk->pkcs11Slot = NULL;
+    pubk->pkcs11ID = CK_INVALID_HANDLE;
+    pubk->arena = arena;
+
+    switch (privk->keyType) {
+        case nullKey:
+        case dhKey:
+        case dsaKey:
+            /* Nothing to query, if the cert isn't there, we're done -- no way
+             * to get the public key */
+            break;
+        case rsaKey:
+            rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+                                    CKA_MODULUS, arena, &pubk->u.rsa.modulus);
+            if (rv != SECSuccess)
+                break;
+            rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+                                    CKA_PUBLIC_EXPONENT, arena, &pubk->u.rsa.publicExponent);
+            if (rv != SECSuccess)
+                break;
+            return pubk;
+            break;
+        case ecKey:
+            rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+                                    CKA_EC_PARAMS, arena, &pubk->u.ec.DEREncodedParams);
+            if (rv != SECSuccess) {
+                break;
+            }
+            rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID,
+                                    CKA_EC_POINT, arena, &pubk->u.ec.publicValue);
+            if (rv != SECSuccess || pubk->u.ec.publicValue.len == 0) {
+                break;
+            }
+            pubk->u.ec.encoding = ECPoint_Undefined;
+            return pubk;
+        default:
+            break;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+static CERTSubjectPublicKeyInfo *
+seckey_CreateSubjectPublicKeyInfo_helper(SECKEYPublicKey *pubk)
+{
+    CERTSubjectPublicKeyInfo *spki;
+    PLArenaPool *arena;
+    SECItem params = { siBuffer, NULL, 0 };
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    spki = (CERTSubjectPublicKeyInfo *)PORT_ArenaZAlloc(arena, sizeof(*spki));
+    if (spki != NULL) {
+        SECStatus rv;
+        SECItem *rv_item;
+
+        spki->arena = arena;
+        switch (pubk->keyType) {
+            case rsaKey:
+                rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+                                           SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
+                if (rv == SECSuccess) {
+                    /*
+                     * DER encode the public key into the subjectPublicKeyInfo.
+                     */
+                    prepare_rsa_pub_key_for_asn1(pubk);
+                    rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
+                                                 pubk, SECKEY_RSAPublicKeyTemplate);
+                    if (rv_item != NULL) {
+                        /*
+                         * The stored value is supposed to be a BIT_STRING,
+                         * so convert the length.
+                         */
+                        spki->subjectPublicKey.len <<= 3;
+                        /*
+                         * We got a good one; return it.
+                         */
+                        return spki;
+                    }
+                }
+                break;
+            case dsaKey:
+                /* DER encode the params. */
+                prepare_pqg_params_for_asn1(&pubk->u.dsa.params);
+                rv_item = SEC_ASN1EncodeItem(arena, &params, &pubk->u.dsa.params,
+                                             SECKEY_PQGParamsTemplate);
+                if (rv_item != NULL) {
+                    rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+                                               SEC_OID_ANSIX9_DSA_SIGNATURE,
+                                               &params);
+                    if (rv == SECSuccess) {
+                        /*
+                         * DER encode the public key into the subjectPublicKeyInfo.
+                         */
+                        prepare_dsa_pub_key_for_asn1(pubk);
+                        rv_item = SEC_ASN1EncodeItem(arena, &spki->subjectPublicKey,
+                                                     pubk,
+                                                     SECKEY_DSAPublicKeyTemplate);
+                        if (rv_item != NULL) {
+                            /*
+                             * The stored value is supposed to be a BIT_STRING,
+                             * so convert the length.
+                             */
+                            spki->subjectPublicKey.len <<= 3;
+                            /*
+                             * We got a good one; return it.
+                             */
+                            return spki;
+                        }
+                    }
+                }
+                SECITEM_FreeItem(&params, PR_FALSE);
+                break;
+            case ecKey:
+                rv = SECITEM_CopyItem(arena, &params,
+                                      &pubk->u.ec.DEREncodedParams);
+                if (rv != SECSuccess)
+                    break;
+
+                rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
+                                           SEC_OID_ANSIX962_EC_PUBLIC_KEY,
+                                           &params);
+                if (rv != SECSuccess)
+                    break;
+
+                rv = SECITEM_CopyItem(arena, &spki->subjectPublicKey,
+                                      &pubk->u.ec.publicValue);
+
+                if (rv == SECSuccess) {
+                    /*
+                     * The stored value is supposed to be a BIT_STRING,
+                     * so convert the length.
+                     */
+                    spki->subjectPublicKey.len <<= 3;
+                    /*
+                     * We got a good one; return it.
+                     */
+                    return spki;
+                }
+                break;
+            case dhKey: /* later... */
+
+                break;
+            default:
+                break;
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+CERTSubjectPublicKeyInfo *
+SECKEY_CreateSubjectPublicKeyInfo(const SECKEYPublicKey *pubk)
+{
+    CERTSubjectPublicKeyInfo *spki;
+    SECKEYPublicKey *tempKey;
+
+    if (!pubk) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    tempKey = SECKEY_CopyPublicKey(pubk);
+    if (!tempKey) {
+        return NULL;
+    }
+    spki = seckey_CreateSubjectPublicKeyInfo_helper(tempKey);
+    SECKEY_DestroyPublicKey(tempKey);
+    return spki;
+}
+
+void
+SECKEY_DestroySubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki)
+{
+    if (spki && spki->arena) {
+        PORT_FreeArena(spki->arena, PR_FALSE);
+    }
+}
+
+SECItem *
+SECKEY_EncodeDERSubjectPublicKeyInfo(const SECKEYPublicKey *pubk)
+{
+    CERTSubjectPublicKeyInfo *spki = NULL;
+    SECItem *spkiDER = NULL;
+
+    /* get the subjectpublickeyinfo */
+    spki = SECKEY_CreateSubjectPublicKeyInfo(pubk);
+    if (spki == NULL) {
+        goto finish;
+    }
+
+    /* DER-encode the subjectpublickeyinfo */
+    spkiDER = SEC_ASN1EncodeItem(NULL /*arena*/, NULL /*dest*/, spki,
+                                 CERT_SubjectPublicKeyInfoTemplate);
+
+    SECKEY_DestroySubjectPublicKeyInfo(spki);
+
+finish:
+    return spkiDER;
+}
+
+CERTSubjectPublicKeyInfo *
+SECKEY_DecodeDERSubjectPublicKeyInfo(const SECItem *spkider)
+{
+    PLArenaPool *arena;
+    CERTSubjectPublicKeyInfo *spki;
+    SECStatus rv;
+    SECItem newSpkider;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    spki = (CERTSubjectPublicKeyInfo *)
+        PORT_ArenaZAlloc(arena, sizeof(CERTSubjectPublicKeyInfo));
+    if (spki != NULL) {
+        spki->arena = arena;
+
+        /* copy the DER into the arena, since Quick DER returns data that points
+           into the DER input, which may get freed by the caller */
+        rv = SECITEM_CopyItem(arena, &newSpkider, spkider);
+        if (rv == SECSuccess) {
+            rv = SEC_QuickDERDecodeItem(arena, spki,
+                                        CERT_SubjectPublicKeyInfoTemplate, &newSpkider);
+        }
+        if (rv == SECSuccess)
+            return spki;
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+/*
+ * Decode a base64 ascii encoded DER encoded subject public key info.
+ */
+CERTSubjectPublicKeyInfo *
+SECKEY_ConvertAndDecodeSubjectPublicKeyInfo(const char *spkistr)
+{
+    CERTSubjectPublicKeyInfo *spki;
+    SECStatus rv;
+    SECItem der;
+
+    rv = ATOB_ConvertAsciiToItem(&der, spkistr);
+    if (rv != SECSuccess)
+        return NULL;
+
+    spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
+
+    PORT_Free(der.data);
+    return spki;
+}
+
+/*
+ * Decode a base64 ascii encoded DER encoded public key and challenge
+ * Verify digital signature and make sure challenge matches
+ */
+CERTSubjectPublicKeyInfo *
+SECKEY_ConvertAndDecodePublicKeyAndChallenge(char *pkacstr, char *challenge,
+                                             void *wincx)
+{
+    CERTSubjectPublicKeyInfo *spki = NULL;
+    CERTPublicKeyAndChallenge pkac;
+    SECStatus rv;
+    SECItem signedItem;
+    PLArenaPool *arena = NULL;
+    CERTSignedData sd;
+    SECItem sig;
+    SECKEYPublicKey *pubKey = NULL;
+    unsigned int len;
+
+    signedItem.data = NULL;
+
+    /* convert the base64 encoded data to binary */
+    rv = ATOB_ConvertAsciiToItem(&signedItem, pkacstr);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* create an arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    /* decode the outer wrapping of signed data */
+    PORT_Memset(&sd, 0, sizeof(CERTSignedData));
+    rv = SEC_QuickDERDecodeItem(arena, &sd, CERT_SignedDataTemplate, &signedItem);
+    if (rv) {
+        goto loser;
+    }
+
+    /* decode the public key and challenge wrapper */
+    PORT_Memset(&pkac, 0, sizeof(CERTPublicKeyAndChallenge));
+    rv = SEC_QuickDERDecodeItem(arena, &pkac, CERT_PublicKeyAndChallengeTemplate,
+                                &sd.data);
+    if (rv) {
+        goto loser;
+    }
+
+    /* decode the subject public key info */
+    spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&pkac.spki);
+    if (spki == NULL) {
+        goto loser;
+    }
+
+    /* get the public key */
+    pubKey = seckey_ExtractPublicKey(spki);
+    if (pubKey == NULL) {
+        goto loser;
+    }
+
+    /* check the signature */
+    sig = sd.signature;
+    DER_ConvertBitString(&sig);
+    rv = VFY_VerifyDataWithAlgorithmID(sd.data.data, sd.data.len, pubKey, &sig,
+                                       &(sd.signatureAlgorithm), NULL, wincx);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* check the challenge */
+    if (challenge) {
+        len = PORT_Strlen(challenge);
+        /* length is right */
+        if (len != pkac.challenge.len) {
+            goto loser;
+        }
+        /* actual data is right */
+        if (PORT_Memcmp(challenge, pkac.challenge.data, len) != 0) {
+            goto loser;
+        }
+    }
+    goto done;
+
+loser:
+    /* make sure that we return null if we got an error */
+    if (spki) {
+        SECKEY_DestroySubjectPublicKeyInfo(spki);
+    }
+    spki = NULL;
+
+done:
+    if (signedItem.data) {
+        PORT_Free(signedItem.data);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    if (pubKey) {
+        SECKEY_DestroyPublicKey(pubKey);
+    }
+
+    return spki;
+}
+
+void
+SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk,
+                             PRBool freeit)
+{
+    PLArenaPool *poolp;
+
+    if (pvk != NULL) {
+        if (pvk->arena) {
+            poolp = pvk->arena;
+            /* zero structure since PORT_FreeArena does not support
+             * this yet.
+             */
+            PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len);
+            PORT_Memset(pvk, 0, sizeof(*pvk));
+            if (freeit == PR_TRUE) {
+                PORT_FreeArena(poolp, PR_TRUE);
+            } else {
+                pvk->arena = poolp;
+            }
+        } else {
+            SECITEM_ZfreeItem(&pvk->version, PR_FALSE);
+            SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE);
+            SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE);
+            PORT_Memset(pvk, 0, sizeof(*pvk));
+            if (freeit == PR_TRUE) {
+                PORT_Free(pvk);
+            }
+        }
+    }
+}
+
+void
+SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki,
+                                      PRBool freeit)
+{
+    PLArenaPool *poolp;
+
+    if (epki != NULL) {
+        if (epki->arena) {
+            poolp = epki->arena;
+            /* zero structure since PORT_FreeArena does not support
+             * this yet.
+             */
+            PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len);
+            PORT_Memset(epki, 0, sizeof(*epki));
+            if (freeit == PR_TRUE) {
+                PORT_FreeArena(poolp, PR_TRUE);
+            } else {
+                epki->arena = poolp;
+            }
+        } else {
+            SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE);
+            SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE);
+            PORT_Memset(epki, 0, sizeof(*epki));
+            if (freeit == PR_TRUE) {
+                PORT_Free(epki);
+            }
+        }
+    }
+}
+
+SECStatus
+SECKEY_CopyPrivateKeyInfo(PLArenaPool *poolp,
+                          SECKEYPrivateKeyInfo *to,
+                          const SECKEYPrivateKeyInfo *from)
+{
+    SECStatus rv = SECFailure;
+
+    if ((to == NULL) || (from == NULL)) {
+        return SECFailure;
+    }
+
+    rv = SECOID_CopyAlgorithmID(poolp, &to->algorithm, &from->algorithm);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = SECITEM_CopyItem(poolp, &to->privateKey, &from->privateKey);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = SECITEM_CopyItem(poolp, &to->version, &from->version);
+
+    return rv;
+}
+
+SECStatus
+SECKEY_CopyEncryptedPrivateKeyInfo(PLArenaPool *poolp,
+                                   SECKEYEncryptedPrivateKeyInfo *to,
+                                   const SECKEYEncryptedPrivateKeyInfo *from)
+{
+    SECStatus rv = SECFailure;
+
+    if ((to == NULL) || (from == NULL)) {
+        return SECFailure;
+    }
+
+    rv = SECOID_CopyAlgorithmID(poolp, &to->algorithm, &from->algorithm);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = SECITEM_CopyItem(poolp, &to->encryptedData, &from->encryptedData);
+
+    return rv;
+}
+
+KeyType
+SECKEY_GetPrivateKeyType(const SECKEYPrivateKey *privKey)
+{
+    return privKey->keyType;
+}
+
+KeyType
+SECKEY_GetPublicKeyType(const SECKEYPublicKey *pubKey)
+{
+    return pubKey->keyType;
+}
+
+SECKEYPublicKey *
+SECKEY_ImportDERPublicKey(const SECItem *derKey, CK_KEY_TYPE type)
+{
+    SECKEYPublicKey *pubk = NULL;
+    SECStatus rv = SECFailure;
+    SECItem newDerKey;
+    PLArenaPool *arena = NULL;
+
+    if (!derKey) {
+        return NULL;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto finish;
+    }
+
+    pubk = PORT_ArenaZNew(arena, SECKEYPublicKey);
+    if (pubk == NULL) {
+        goto finish;
+    }
+    pubk->arena = arena;
+
+    rv = SECITEM_CopyItem(pubk->arena, &newDerKey, derKey);
+    if (SECSuccess != rv) {
+        goto finish;
+    }
+
+    pubk->pkcs11Slot = NULL;
+    pubk->pkcs11ID = CK_INVALID_HANDLE;
+
+    switch (type) {
+        case CKK_RSA:
+            prepare_rsa_pub_key_for_asn1(pubk);
+            rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_RSAPublicKeyTemplate, &newDerKey);
+            pubk->keyType = rsaKey;
+            break;
+        case CKK_DSA:
+            prepare_dsa_pub_key_for_asn1(pubk);
+            rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_DSAPublicKeyTemplate, &newDerKey);
+            pubk->keyType = dsaKey;
+            break;
+        case CKK_DH:
+            prepare_dh_pub_key_for_asn1(pubk);
+            rv = SEC_QuickDERDecodeItem(pubk->arena, pubk, SECKEY_DHPublicKeyTemplate, &newDerKey);
+            pubk->keyType = dhKey;
+            break;
+        default:
+            rv = SECFailure;
+            break;
+    }
+
+finish:
+    if (rv != SECSuccess) {
+        if (arena != NULL) {
+            PORT_FreeArena(arena, PR_FALSE);
+        }
+        pubk = NULL;
+    }
+    return pubk;
+}
+
+SECKEYPrivateKeyList *
+SECKEY_NewPrivateKeyList(void)
+{
+    PLArenaPool *arena = NULL;
+    SECKEYPrivateKeyList *ret = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    ret = (SECKEYPrivateKeyList *)PORT_ArenaZAlloc(arena,
+                                                   sizeof(SECKEYPrivateKeyList));
+    if (ret == NULL) {
+        goto loser;
+    }
+
+    ret->arena = arena;
+
+    PR_INIT_CLIST(&ret->list);
+
+    return (ret);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+void
+SECKEY_DestroyPrivateKeyList(SECKEYPrivateKeyList *keys)
+{
+    while (!PR_CLIST_IS_EMPTY(&keys->list)) {
+        SECKEY_RemovePrivateKeyListNode(
+            (SECKEYPrivateKeyListNode *)(PR_LIST_HEAD(&keys->list)));
+    }
+
+    PORT_FreeArena(keys->arena, PR_FALSE);
+
+    return;
+}
+
+void
+SECKEY_RemovePrivateKeyListNode(SECKEYPrivateKeyListNode *node)
+{
+    PR_ASSERT(node->key);
+    SECKEY_DestroyPrivateKey(node->key);
+    node->key = NULL;
+    PR_REMOVE_LINK(&node->links);
+    return;
+}
+
+SECStatus
+SECKEY_AddPrivateKeyToListTail(SECKEYPrivateKeyList *list,
+                               SECKEYPrivateKey *key)
+{
+    SECKEYPrivateKeyListNode *node;
+
+    node = (SECKEYPrivateKeyListNode *)PORT_ArenaZAlloc(list->arena,
+                                                        sizeof(SECKEYPrivateKeyListNode));
+    if (node == NULL) {
+        goto loser;
+    }
+
+    PR_INSERT_BEFORE(&node->links, &list->list);
+    node->key = key;
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+SECKEYPublicKeyList *
+SECKEY_NewPublicKeyList(void)
+{
+    PLArenaPool *arena = NULL;
+    SECKEYPublicKeyList *ret = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    ret = (SECKEYPublicKeyList *)PORT_ArenaZAlloc(arena,
+                                                  sizeof(SECKEYPublicKeyList));
+    if (ret == NULL) {
+        goto loser;
+    }
+
+    ret->arena = arena;
+
+    PR_INIT_CLIST(&ret->list);
+
+    return (ret);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+void
+SECKEY_DestroyPublicKeyList(SECKEYPublicKeyList *keys)
+{
+    while (!PR_CLIST_IS_EMPTY(&keys->list)) {
+        SECKEY_RemovePublicKeyListNode(
+            (SECKEYPublicKeyListNode *)(PR_LIST_HEAD(&keys->list)));
+    }
+
+    PORT_FreeArena(keys->arena, PR_FALSE);
+
+    return;
+}
+
+void
+SECKEY_RemovePublicKeyListNode(SECKEYPublicKeyListNode *node)
+{
+    PR_ASSERT(node->key);
+    SECKEY_DestroyPublicKey(node->key);
+    node->key = NULL;
+    PR_REMOVE_LINK(&node->links);
+    return;
+}
+
+SECStatus
+SECKEY_AddPublicKeyToListTail(SECKEYPublicKeyList *list,
+                              SECKEYPublicKey *key)
+{
+    SECKEYPublicKeyListNode *node;
+
+    node = (SECKEYPublicKeyListNode *)PORT_ArenaZAlloc(list->arena,
+                                                       sizeof(SECKEYPublicKeyListNode));
+    if (node == NULL) {
+        goto loser;
+    }
+
+    PR_INSERT_BEFORE(&node->links, &list->list);
+    node->key = key;
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+#define SECKEY_CacheAttribute(key, attribute)                                                   \
+    if (CK_TRUE == PK11_HasAttributeSet(key->pkcs11Slot, key->pkcs11ID, attribute, PR_FALSE)) { \
+        key->staticflags |= SECKEY_##attribute;                                                 \
+    } else {                                                                                    \
+        key->staticflags &= (~SECKEY_##attribute);                                              \
+    }
+
+SECStatus
+SECKEY_CacheStaticFlags(SECKEYPrivateKey *key)
+{
+    SECStatus rv = SECFailure;
+    if (key && key->pkcs11Slot && key->pkcs11ID) {
+        key->staticflags |= SECKEY_Attributes_Cached;
+        SECKEY_CacheAttribute(key, CKA_PRIVATE);
+        SECKEY_CacheAttribute(key, CKA_ALWAYS_AUTHENTICATE);
+        rv = SECSuccess;
+    }
+    return rv;
+}
+
+SECOidTag
+SECKEY_GetECCOid(const SECKEYECParams *params)
+{
+    SECItem oid = { siBuffer, NULL, 0 };
+    SECOidData *oidData = NULL;
+
+    /*
+     * params->data needs to contain the ASN encoding of an object ID (OID)
+     * representing a named curve. Here, we strip away everything
+     * before the actual OID and use the OID to look up a named curve.
+     */
+    if (params->data[0] != SEC_ASN1_OBJECT_ID)
+        return 0;
+    oid.len = params->len - 2;
+    oid.data = params->data + 2;
+    if ((oidData = SECOID_FindOID(&oid)) == NULL)
+        return 0;
+
+    return oidData->offset;
+}
diff --git a/nss/lib/cryptohi/secsign.c b/nss/lib/cryptohi/secsign.c
new file mode 100644
index 0000000..1bbdd53
--- /dev/null
+++ b/nss/lib/cryptohi/secsign.c
@@ -0,0 +1,510 @@
+/*
+ * Signature stuff.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include "cryptohi.h"
+#include "sechash.h"
+#include "secder.h"
+#include "keyhi.h"
+#include "secoid.h"
+#include "secdig.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "keyi.h"
+
+struct SGNContextStr {
+    SECOidTag signalg;
+    SECOidTag hashalg;
+    void *hashcx;
+    const SECHashObject *hashobj;
+    SECKEYPrivateKey *key;
+};
+
+SGNContext *
+SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
+{
+    SGNContext *cx;
+    SECOidTag hashalg, signalg;
+    KeyType keyType;
+    SECStatus rv;
+
+    /* OK, map a PKCS #7 hash and encrypt algorithm into
+     * a standard hashing algorithm. Why did we pass in the whole
+     * PKCS #7 algTag if we were just going to change here you might
+     * ask. Well the answer is for some cards we may have to do the
+     * hashing on card. It may not support CKM_RSA_PKCS sign algorithm,
+     * it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS.
+     */
+    /* we have a private key, not a public key, so don't pass it in */
+    rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return 0;
+    }
+    keyType = seckey_GetKeyType(signalg);
+
+    /* verify our key type */
+    if (key->keyType != keyType &&
+        !((key->keyType == dsaKey) && (keyType == fortezzaKey))) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return 0;
+    }
+
+    cx = (SGNContext *)PORT_ZAlloc(sizeof(SGNContext));
+    if (cx) {
+        cx->hashalg = hashalg;
+        cx->signalg = signalg;
+        cx->key = key;
+    }
+    return cx;
+}
+
+void
+SGN_DestroyContext(SGNContext *cx, PRBool freeit)
+{
+    if (cx) {
+        if (cx->hashcx != NULL) {
+            (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+            cx->hashcx = NULL;
+        }
+        if (freeit) {
+            PORT_ZFree(cx, sizeof(SGNContext));
+        }
+    }
+}
+
+SECStatus
+SGN_Begin(SGNContext *cx)
+{
+    if (cx->hashcx != NULL) {
+        (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+        cx->hashcx = NULL;
+    }
+
+    cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashalg);
+    if (!cx->hashobj)
+        return SECFailure; /* error code is already set */
+
+    cx->hashcx = (*cx->hashobj->create)();
+    if (cx->hashcx == NULL)
+        return SECFailure;
+
+    (*cx->hashobj->begin)(cx->hashcx);
+    return SECSuccess;
+}
+
+SECStatus
+SGN_Update(SGNContext *cx, const unsigned char *input, unsigned int inputLen)
+{
+    if (cx->hashcx == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    (*cx->hashobj->update)(cx->hashcx, input, inputLen);
+    return SECSuccess;
+}
+
+/* XXX Old template; want to expunge it eventually. */
+static DERTemplate SECAlgorithmIDTemplate[] = {
+    { DER_SEQUENCE,
+      0, NULL, sizeof(SECAlgorithmID) },
+    { DER_OBJECT_ID,
+      offsetof(SECAlgorithmID, algorithm) },
+    { DER_OPTIONAL | DER_ANY,
+      offsetof(SECAlgorithmID, parameters) },
+    { 0 }
+};
+
+/*
+ * XXX OLD Template.  Once all uses have been switched over to new one,
+ * remove this.
+ */
+static DERTemplate SGNDigestInfoTemplate[] = {
+    { DER_SEQUENCE,
+      0, NULL, sizeof(SGNDigestInfo) },
+    { DER_INLINE,
+      offsetof(SGNDigestInfo, digestAlgorithm),
+      SECAlgorithmIDTemplate },
+    { DER_OCTET_STRING,
+      offsetof(SGNDigestInfo, digest) },
+    { 0 }
+};
+
+SECStatus
+SGN_End(SGNContext *cx, SECItem *result)
+{
+    unsigned char digest[HASH_LENGTH_MAX];
+    unsigned part1;
+    int signatureLen;
+    SECStatus rv;
+    SECItem digder, sigitem;
+    PLArenaPool *arena = 0;
+    SECKEYPrivateKey *privKey = cx->key;
+    SGNDigestInfo *di = 0;
+
+    result->data = 0;
+    digder.data = 0;
+
+    /* Finish up digest function */
+    if (cx->hashcx == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    (*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest));
+
+    if (privKey->keyType == rsaKey) {
+
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* Construct digest info */
+        di = SGN_CreateDigestInfo(cx->hashalg, digest, part1);
+        if (!di) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* Der encode the digest as a DigestInfo */
+        rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate,
+                        di);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        digder.data = digest;
+        digder.len = part1;
+    }
+
+    /*
+    ** Encrypt signature after constructing appropriate PKCS#1 signature
+    ** block
+    */
+    signatureLen = PK11_SignatureLen(privKey);
+    if (signatureLen <= 0) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        rv = SECFailure;
+        goto loser;
+    }
+    sigitem.len = signatureLen;
+    sigitem.data = (unsigned char *)PORT_Alloc(signatureLen);
+
+    if (sigitem.data == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = PK11_Sign(privKey, &sigitem, &digder);
+    if (rv != SECSuccess) {
+        PORT_Free(sigitem.data);
+        sigitem.data = NULL;
+        goto loser;
+    }
+
+    if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
+        (cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+        /* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */
+        rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
+        PORT_Free(sigitem.data);
+        if (rv != SECSuccess)
+            goto loser;
+    } else {
+        result->len = sigitem.len;
+        result->data = sigitem.data;
+    }
+
+loser:
+    SGN_DestroyDigestInfo(di);
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/************************************************************************/
+
+/*
+** Sign a block of data returning in result a bunch of bytes that are the
+** signature. Returns zero on success, an error code on failure.
+*/
+SECStatus
+SEC_SignData(SECItem *res, const unsigned char *buf, int len,
+             SECKEYPrivateKey *pk, SECOidTag algid)
+{
+    SECStatus rv;
+    SGNContext *sgn;
+
+    sgn = SGN_NewContext(algid, pk);
+
+    if (sgn == NULL)
+        return SECFailure;
+
+    rv = SGN_Begin(sgn);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = SGN_Update(sgn, buf, len);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = SGN_End(sgn, res);
+
+loser:
+    SGN_DestroyContext(sgn, PR_TRUE);
+    return rv;
+}
+
+/************************************************************************/
+
+DERTemplate CERTSignedDataTemplate[] =
+    {
+      { DER_SEQUENCE,
+        0, NULL, sizeof(CERTSignedData) },
+      { DER_ANY,
+        offsetof(CERTSignedData, data) },
+      { DER_INLINE,
+        offsetof(CERTSignedData, signatureAlgorithm),
+        SECAlgorithmIDTemplate },
+      { DER_BIT_STRING,
+        offsetof(CERTSignedData, signature) },
+      { 0 }
+    };
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+const SEC_ASN1Template CERT_SignedDataTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE,
+        0, NULL, sizeof(CERTSignedData) },
+      { SEC_ASN1_ANY,
+        offsetof(CERTSignedData, data) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(CERTSignedData, signatureAlgorithm),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { SEC_ASN1_BIT_STRING,
+        offsetof(CERTSignedData, signature) },
+      { 0 }
+    };
+
+SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate)
+
+SECStatus
+SEC_DerSignData(PLArenaPool *arena, SECItem *result,
+                const unsigned char *buf, int len, SECKEYPrivateKey *pk,
+                SECOidTag algID)
+{
+    SECItem it;
+    CERTSignedData sd;
+    SECStatus rv;
+
+    it.data = 0;
+
+    /* XXX We should probably have some asserts here to make sure the key type
+     * and algID match
+     */
+
+    if (algID == SEC_OID_UNKNOWN) {
+        switch (pk->keyType) {
+            case rsaKey:
+                algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+                break;
+            case dsaKey:
+                /* get Signature length (= q_len*2) and work from there */
+                switch (PK11_SignatureLen(pk)) {
+                    case 448:
+                        algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
+                        break;
+                    case 512:
+                        algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
+                        break;
+                    default:
+                        algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+                        break;
+                }
+                break;
+            case ecKey:
+                algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_INVALID_KEY);
+                return SECFailure;
+        }
+    }
+
+    /* Sign input buffer */
+    rv = SEC_SignData(&it, buf, len, pk, algID);
+    if (rv)
+        goto loser;
+
+    /* Fill out SignedData object */
+    PORT_Memset(&sd, 0, sizeof(sd));
+    sd.data.data = (unsigned char *)buf;
+    sd.data.len = len;
+    sd.signature.data = it.data;
+    sd.signature.len = it.len << 3; /* convert to bit string */
+    rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
+    if (rv)
+        goto loser;
+
+    /* DER encode the signed data object */
+    rv = DER_Encode(arena, result, CERTSignedDataTemplate, &sd);
+/* FALL THROUGH */
+
+loser:
+    PORT_Free(it.data);
+    return rv;
+}
+
+SECStatus
+SGN_Digest(SECKEYPrivateKey *privKey,
+           SECOidTag algtag, SECItem *result, SECItem *digest)
+{
+    int modulusLen;
+    SECStatus rv;
+    SECItem digder;
+    PLArenaPool *arena = 0;
+    SGNDigestInfo *di = 0;
+
+    result->data = 0;
+
+    if (privKey->keyType == rsaKey) {
+
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* Construct digest info */
+        di = SGN_CreateDigestInfo(algtag, digest->data, digest->len);
+        if (!di) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* Der encode the digest as a DigestInfo */
+        rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate,
+                        di);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        digder.data = digest->data;
+        digder.len = digest->len;
+    }
+
+    /*
+    ** Encrypt signature after constructing appropriate PKCS#1 signature
+    ** block
+    */
+    modulusLen = PK11_SignatureLen(privKey);
+    if (modulusLen <= 0) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        rv = SECFailure;
+        goto loser;
+    }
+    result->len = modulusLen;
+    result->data = (unsigned char *)PORT_Alloc(modulusLen);
+    result->type = siBuffer;
+
+    if (result->data == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = PK11_Sign(privKey, result, &digder);
+    if (rv != SECSuccess) {
+        PORT_Free(result->data);
+        result->data = NULL;
+    }
+
+loser:
+    SGN_DestroyDigestInfo(di);
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+SECOidTag
+SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
+{
+    SECOidTag sigTag = SEC_OID_UNKNOWN;
+
+    switch (keyType) {
+        case rsaKey:
+            switch (hashAlgTag) {
+                case SEC_OID_MD2:
+                    sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
+                    break;
+                case SEC_OID_MD5:
+                    sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
+                    break;
+                case SEC_OID_SHA1:
+                    sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+                    break;
+                case SEC_OID_SHA224:
+                    sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION;
+                    break;
+                case SEC_OID_UNKNOWN: /* default for RSA if not specified */
+                case SEC_OID_SHA256:
+                    sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+                    break;
+                case SEC_OID_SHA384:
+                    sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
+                    break;
+                case SEC_OID_SHA512:
+                    sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
+                    break;
+                default:
+                    break;
+            }
+            break;
+        case dsaKey:
+            switch (hashAlgTag) {
+                case SEC_OID_UNKNOWN: /* default for DSA if not specified */
+                case SEC_OID_SHA1:
+                    sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+                    break;
+                case SEC_OID_SHA224:
+                    sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
+                    break;
+                case SEC_OID_SHA256:
+                    sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
+                    break;
+                default:
+                    break;
+            }
+            break;
+        case ecKey:
+            switch (hashAlgTag) {
+                case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
+                case SEC_OID_SHA1:
+                    sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
+                    break;
+                case SEC_OID_SHA224:
+                    sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE;
+                    break;
+                case SEC_OID_SHA256:
+                    sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
+                    break;
+                case SEC_OID_SHA384:
+                    sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
+                    break;
+                case SEC_OID_SHA512:
+                    sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE;
+                    break;
+                default:
+                    break;
+            }
+        default:
+            break;
+    }
+    return sigTag;
+}
diff --git a/nss/lib/cryptohi/secvfy.c b/nss/lib/cryptohi/secvfy.c
new file mode 100644
index 0000000..2ac21ab
--- /dev/null
+++ b/nss/lib/cryptohi/secvfy.c
@@ -0,0 +1,781 @@
+/*
+ * Verification stuff.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include "cryptohi.h"
+#include "sechash.h"
+#include "keyhi.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "pkcs1sig.h"
+#include "secdig.h"
+#include "secerr.h"
+#include "keyi.h"
+
+/*
+** Recover the DigestInfo from an RSA PKCS#1 signature.
+**
+** If givenDigestAlg != SEC_OID_UNKNOWN, copy givenDigestAlg to digestAlgOut.
+** Otherwise, parse the DigestInfo structure and store the decoded digest
+** algorithm into digestAlgOut.
+**
+** Store the encoded DigestInfo into digestInfo.
+** Store the DigestInfo length into digestInfoLen.
+**
+** This function does *not* verify that the AlgorithmIdentifier in the
+** DigestInfo identifies givenDigestAlg or that the DigestInfo is encoded
+** correctly; verifyPKCS1DigestInfo does that.
+**
+** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION
+*/
+static SECStatus
+recoverPKCS1DigestInfo(SECOidTag givenDigestAlg,
+                       /*out*/ SECOidTag *digestAlgOut,
+                       /*out*/ unsigned char **digestInfo,
+                       /*out*/ unsigned int *digestInfoLen,
+                       SECKEYPublicKey *key,
+                       const SECItem *sig, void *wincx)
+{
+    SGNDigestInfo *di = NULL;
+    SECItem it;
+    PRBool rv = SECSuccess;
+
+    PORT_Assert(digestAlgOut);
+    PORT_Assert(digestInfo);
+    PORT_Assert(digestInfoLen);
+    PORT_Assert(key);
+    PORT_Assert(key->keyType == rsaKey);
+    PORT_Assert(sig);
+
+    it.data = NULL;
+    it.len = SECKEY_PublicKeyStrength(key);
+    if (it.len != 0) {
+        it.data = (unsigned char *)PORT_Alloc(it.len);
+    }
+    if (it.len == 0 || it.data == NULL) {
+        rv = SECFailure;
+    }
+
+    if (rv == SECSuccess) {
+        /* decrypt the block */
+        rv = PK11_VerifyRecover(key, sig, &it, wincx);
+    }
+
+    if (rv == SECSuccess) {
+        if (givenDigestAlg != SEC_OID_UNKNOWN) {
+            /* We don't need to parse the DigestInfo if the caller gave us the
+             * digest algorithm to use. Later verifyPKCS1DigestInfo will verify
+             * that the DigestInfo identifies the given digest algorithm and
+             * that the DigestInfo is encoded absolutely correctly.
+             */
+            *digestInfoLen = it.len;
+            *digestInfo = (unsigned char *)it.data;
+            *digestAlgOut = givenDigestAlg;
+            return SECSuccess;
+        }
+    }
+
+    if (rv == SECSuccess) {
+        /* The caller didn't specify a digest algorithm to use, so choose the
+         * digest algorithm by parsing the AlgorithmIdentifier within the
+         * DigestInfo.
+         */
+        di = SGN_DecodeDigestInfo(&it);
+        if (!di) {
+            rv = SECFailure;
+        }
+    }
+
+    if (rv == SECSuccess) {
+        *digestAlgOut = SECOID_GetAlgorithmTag(&di->digestAlgorithm);
+        if (*digestAlgOut == SEC_OID_UNKNOWN) {
+            rv = SECFailure;
+        }
+    }
+
+    if (di) {
+        SGN_DestroyDigestInfo(di);
+    }
+
+    if (rv == SECSuccess) {
+        *digestInfoLen = it.len;
+        *digestInfo = (unsigned char *)it.data;
+    } else {
+        if (it.data) {
+            PORT_Free(it.data);
+        }
+        *digestInfo = NULL;
+        *digestInfoLen = 0;
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+    }
+
+    return rv;
+}
+
+struct VFYContextStr {
+    SECOidTag hashAlg; /* the hash algorithm */
+    SECKEYPublicKey *key;
+    /*
+     * This buffer holds either the digest or the full signature
+     * depending on the type of the signature (key->keyType).  It is
+     * defined as a union to make sure it always has enough space.
+     *
+     * Use the "buffer" union member to reference the buffer.
+     * Note: do not take the size of the "buffer" union member.  Take
+     * the size of the union or some other union member instead.
+     */
+    union {
+        unsigned char buffer[1];
+
+        /* the full DSA signature... 40 bytes */
+        unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];
+        /* the full ECDSA signature */
+        unsigned char ecdsasig[2 * MAX_ECKEY_LEN];
+    } u;
+    unsigned int pkcs1RSADigestInfoLen;
+    /* the encoded DigestInfo from a RSA PKCS#1 signature */
+    unsigned char *pkcs1RSADigestInfo;
+    void *wincx;
+    void *hashcx;
+    const SECHashObject *hashobj;
+    SECOidTag encAlg;    /* enc alg */
+    PRBool hasSignature; /* true if the signature was provided in the
+                          * VFY_CreateContext call.  If false, the
+                          * signature must be provided with a
+                          * VFY_EndWithSignature call. */
+};
+
+static SECStatus
+verifyPKCS1DigestInfo(const VFYContext *cx, const SECItem *digest)
+{
+    SECItem pkcs1DigestInfo;
+    pkcs1DigestInfo.data = cx->pkcs1RSADigestInfo;
+    pkcs1DigestInfo.len = cx->pkcs1RSADigestInfoLen;
+    return _SGN_VerifyPKCS1DigestInfo(
+        cx->hashAlg, digest, &pkcs1DigestInfo,
+        PR_TRUE /*XXX: unsafeAllowMissingParameters*/);
+}
+
+/*
+ * decode the ECDSA or DSA signature from it's DER wrapping.
+ * The unwrapped/raw signature is placed in the buffer pointed
+ * to by dsig and has enough room for len bytes.
+ */
+static SECStatus
+decodeECorDSASignature(SECOidTag algid, const SECItem *sig, unsigned char *dsig,
+                       unsigned int len)
+{
+    SECItem *dsasig = NULL; /* also used for ECDSA */
+    SECStatus rv = SECSuccess;
+
+    if ((algid != SEC_OID_ANSIX9_DSA_SIGNATURE) &&
+        (algid != SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
+        if (sig->len != len) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            return SECFailure;
+        }
+
+        PORT_Memcpy(dsig, sig->data, sig->len);
+        return SECSuccess;
+    }
+
+    if (algid == SEC_OID_ANSIX962_EC_PUBLIC_KEY) {
+        if (len > MAX_ECKEY_LEN * 2) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            return SECFailure;
+        }
+    }
+    dsasig = DSAU_DecodeDerSigToLen((SECItem *)sig, len);
+
+    if ((dsasig == NULL) || (dsasig->len != len)) {
+        rv = SECFailure;
+    } else {
+        PORT_Memcpy(dsig, dsasig->data, dsasig->len);
+    }
+
+    if (dsasig != NULL)
+        SECITEM_FreeItem(dsasig, PR_TRUE);
+    if (rv == SECFailure)
+        PORT_SetError(SEC_ERROR_BAD_DER);
+    return rv;
+}
+
+const SEC_ASN1Template hashParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECItem) },
+      { SEC_ASN1_OBJECT_ID, 0 },
+      { SEC_ASN1_SKIP_REST },
+      { 0 }
+    };
+
+/*
+ * Pulls the hash algorithm, signing algorithm, and key type out of a
+ * composite algorithm.
+ *
+ * sigAlg: the composite algorithm to dissect.
+ * hashalg: address of a SECOidTag which will be set with the hash algorithm.
+ * encalg: address of a SECOidTag which will be set with the signing alg.
+ *
+ * Returns: SECSuccess if the algorithm was acceptable, SECFailure if the
+ *	algorithm was not found or was not a signing algorithm.
+ */
+SECStatus
+sec_DecodeSigAlg(const SECKEYPublicKey *key, SECOidTag sigAlg,
+                 const SECItem *param, SECOidTag *encalg, SECOidTag *hashalg)
+{
+    int len;
+    PLArenaPool *arena;
+    SECStatus rv;
+    SECItem oid;
+
+    PR_ASSERT(hashalg != NULL);
+    PR_ASSERT(encalg != NULL);
+
+    switch (sigAlg) {
+        /* We probably shouldn't be generating MD2 signatures either */
+        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+            *hashalg = SEC_OID_MD2;
+            break;
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+            *hashalg = SEC_OID_MD5;
+            break;
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+        case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
+            *hashalg = SEC_OID_SHA1;
+            break;
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+            *hashalg = SEC_OID_UNKNOWN; /* get it from the RSA signature */
+            break;
+
+        case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+        case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+            *hashalg = SEC_OID_SHA224;
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+            *hashalg = SEC_OID_SHA256;
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+            *hashalg = SEC_OID_SHA384;
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+            *hashalg = SEC_OID_SHA512;
+            break;
+
+        /* what about normal DSA? */
+        case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+        case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+            *hashalg = SEC_OID_SHA1;
+            break;
+        case SEC_OID_MISSI_DSS:
+        case SEC_OID_MISSI_KEA_DSS:
+        case SEC_OID_MISSI_KEA_DSS_OLD:
+        case SEC_OID_MISSI_DSS_OLD:
+            *hashalg = SEC_OID_SHA1;
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+            /* This is an EC algorithm. Recommended means the largest
+             * hash algorithm that is not reduced by the keysize of
+             * the EC algorithm. Note that key strength is in bytes and
+             * algorithms are specified in bits. Never use an algorithm
+             * weaker than sha1. */
+            len = SECKEY_PublicKeyStrength(key);
+            if (len < 28) { /* 28 bytes == 224 bits */
+                *hashalg = SEC_OID_SHA1;
+            } else if (len < 32) { /* 32 bytes == 256 bits */
+                *hashalg = SEC_OID_SHA224;
+            } else if (len < 48) { /* 48 bytes == 384 bits */
+                *hashalg = SEC_OID_SHA256;
+            } else if (len < 64) { /* 48 bytes == 512 bits */
+                *hashalg = SEC_OID_SHA384;
+            } else {
+                /* use the largest in this case */
+                *hashalg = SEC_OID_SHA512;
+            }
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+            if (param == NULL) {
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                return SECFailure;
+            }
+            arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+            if (arena == NULL) {
+                return SECFailure;
+            }
+            rv = SEC_QuickDERDecodeItem(arena, &oid, hashParameterTemplate, param);
+            if (rv == SECSuccess) {
+                *hashalg = SECOID_FindOIDTag(&oid);
+            }
+            PORT_FreeArena(arena, PR_FALSE);
+            if (rv != SECSuccess) {
+                return rv;
+            }
+            /* only accept hash algorithms */
+            if (HASH_GetHashTypeByOidTag(*hashalg) == HASH_AlgNULL) {
+                /* error set by HASH_GetHashTypeByOidTag */
+                return SECFailure;
+            }
+            break;
+        /* we don't implement MD4 hashes */
+        case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            return SECFailure;
+    }
+    /* get the "encryption" algorithm */
+    switch (sigAlg) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE:
+        case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+            *encalg = SEC_OID_PKCS1_RSA_ENCRYPTION;
+            break;
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+            *encalg = SEC_OID_PKCS1_RSA_PSS_SIGNATURE;
+            break;
+
+        /* what about normal DSA? */
+        case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+        case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+        case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST:
+        case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST:
+            *encalg = SEC_OID_ANSIX9_DSA_SIGNATURE;
+            break;
+        case SEC_OID_MISSI_DSS:
+        case SEC_OID_MISSI_KEA_DSS:
+        case SEC_OID_MISSI_KEA_DSS_OLD:
+        case SEC_OID_MISSI_DSS_OLD:
+            *encalg = SEC_OID_MISSI_DSS;
+            break;
+        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+            *encalg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+            break;
+        /* we don't implement MD4 hashes */
+        case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * we can verify signatures that come from 2 different sources:
+ *  one in with the signature contains a signature oid, and the other
+ *  in which the signature is managed by a Public key (encAlg) oid
+ *  and a hash oid. The latter is the more basic, so that's what
+ *  our base vfyCreate function takes.
+ *
+ * There is one noteworthy corner case, if we are using an RSA key, and the
+ * signature block is provided, then the hashAlg can be specified as
+ * SEC_OID_UNKNOWN. In this case, verify will use the hash oid supplied
+ * in the RSA signature block.
+ */
+static VFYContext *
+vfy_CreateContext(const SECKEYPublicKey *key, const SECItem *sig,
+                  SECOidTag encAlg, SECOidTag hashAlg, SECOidTag *hash, void *wincx)
+{
+    VFYContext *cx;
+    SECStatus rv;
+    unsigned int sigLen;
+    KeyType type;
+
+    /* make sure the encryption algorithm matches the key type */
+    /* RSA-PSS algorithm can be used with both rsaKey and rsaPssKey */
+    type = seckey_GetKeyType(encAlg);
+    if ((key->keyType != type) &&
+        ((key->keyType != rsaKey) || (type != rsaPssKey))) {
+        PORT_SetError(SEC_ERROR_PKCS7_KEYALG_MISMATCH);
+        return NULL;
+    }
+
+    cx = (VFYContext *)PORT_ZAlloc(sizeof(VFYContext));
+    if (cx == NULL) {
+        goto loser;
+    }
+
+    cx->wincx = wincx;
+    cx->hasSignature = (sig != NULL);
+    cx->encAlg = encAlg;
+    cx->hashAlg = hashAlg;
+    cx->key = SECKEY_CopyPublicKey(key);
+    cx->pkcs1RSADigestInfo = NULL;
+    rv = SECSuccess;
+    if (sig) {
+        switch (type) {
+            case rsaKey:
+                rv = recoverPKCS1DigestInfo(hashAlg, &cx->hashAlg,
+                                            &cx->pkcs1RSADigestInfo,
+                                            &cx->pkcs1RSADigestInfoLen,
+                                            cx->key,
+                                            sig, wincx);
+                break;
+            case dsaKey:
+            case ecKey:
+                sigLen = SECKEY_SignatureLen(key);
+                if (sigLen == 0) {
+                    /* error set by SECKEY_SignatureLen */
+                    rv = SECFailure;
+                    break;
+                }
+                rv = decodeECorDSASignature(encAlg, sig, cx->u.buffer, sigLen);
+                break;
+            default:
+                rv = SECFailure;
+                PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+                break;
+        }
+    }
+
+    if (rv)
+        goto loser;
+
+    /* check hash alg again, RSA may have changed it.*/
+    if (HASH_GetHashTypeByOidTag(cx->hashAlg) == HASH_AlgNULL) {
+        /* error set by HASH_GetHashTypeByOidTag */
+        goto loser;
+    }
+
+    if (hash) {
+        *hash = cx->hashAlg;
+    }
+    return cx;
+
+loser:
+    if (cx) {
+        VFY_DestroyContext(cx, PR_TRUE);
+    }
+    return 0;
+}
+
+VFYContext *
+VFY_CreateContext(SECKEYPublicKey *key, SECItem *sig, SECOidTag sigAlg,
+                  void *wincx)
+{
+    SECOidTag encAlg, hashAlg;
+    SECStatus rv = sec_DecodeSigAlg(key, sigAlg, NULL, &encAlg, &hashAlg);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+    return vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+}
+
+VFYContext *
+VFY_CreateContextDirect(const SECKEYPublicKey *key, const SECItem *sig,
+                        SECOidTag encAlg, SECOidTag hashAlg,
+                        SECOidTag *hash, void *wincx)
+{
+    return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
+}
+
+VFYContext *
+VFY_CreateContextWithAlgorithmID(const SECKEYPublicKey *key, const SECItem *sig,
+                                 const SECAlgorithmID *sigAlgorithm, SECOidTag *hash, void *wincx)
+{
+    SECOidTag encAlg, hashAlg;
+    SECStatus rv = sec_DecodeSigAlg(key,
+                                    SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
+                                    &sigAlgorithm->parameters, &encAlg, &hashAlg);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+    return vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
+}
+
+void
+VFY_DestroyContext(VFYContext *cx, PRBool freeit)
+{
+    if (cx) {
+        if (cx->hashcx != NULL) {
+            (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+            cx->hashcx = NULL;
+        }
+        if (cx->key) {
+            SECKEY_DestroyPublicKey(cx->key);
+        }
+        if (cx->pkcs1RSADigestInfo) {
+            PORT_Free(cx->pkcs1RSADigestInfo);
+        }
+        if (freeit) {
+            PORT_ZFree(cx, sizeof(VFYContext));
+        }
+    }
+}
+
+SECStatus
+VFY_Begin(VFYContext *cx)
+{
+    if (cx->hashcx != NULL) {
+        (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+        cx->hashcx = NULL;
+    }
+
+    cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashAlg);
+    if (!cx->hashobj)
+        return SECFailure; /* error code is set */
+
+    cx->hashcx = (*cx->hashobj->create)();
+    if (cx->hashcx == NULL)
+        return SECFailure;
+
+    (*cx->hashobj->begin)(cx->hashcx);
+    return SECSuccess;
+}
+
+SECStatus
+VFY_Update(VFYContext *cx, const unsigned char *input, unsigned inputLen)
+{
+    if (cx->hashcx == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    (*cx->hashobj->update)(cx->hashcx, input, inputLen);
+    return SECSuccess;
+}
+
+SECStatus
+VFY_EndWithSignature(VFYContext *cx, SECItem *sig)
+{
+    unsigned char final[HASH_LENGTH_MAX];
+    unsigned part;
+    SECItem hash, dsasig; /* dsasig is also used for ECDSA */
+    SECStatus rv;
+
+    if ((cx->hasSignature == PR_FALSE) && (sig == NULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (cx->hashcx == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    (*cx->hashobj->end)(cx->hashcx, final, &part, sizeof(final));
+    switch (cx->key->keyType) {
+        case ecKey:
+        case dsaKey:
+            dsasig.data = cx->u.buffer;
+            dsasig.len = SECKEY_SignatureLen(cx->key);
+            if (dsasig.len == 0) {
+                return SECFailure;
+            }
+            if (sig) {
+                rv = decodeECorDSASignature(cx->encAlg, sig, dsasig.data,
+                                            dsasig.len);
+                if (rv != SECSuccess) {
+                    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                    return SECFailure;
+                }
+            }
+            hash.data = final;
+            hash.len = part;
+            if (PK11_Verify(cx->key, &dsasig, &hash, cx->wincx) != SECSuccess) {
+                PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                return SECFailure;
+            }
+            break;
+        case rsaKey: {
+            SECItem digest;
+            digest.data = final;
+            digest.len = part;
+            if (sig) {
+                SECOidTag hashid;
+                PORT_Assert(cx->hashAlg != SEC_OID_UNKNOWN);
+                rv = recoverPKCS1DigestInfo(cx->hashAlg, &hashid,
+                                            &cx->pkcs1RSADigestInfo,
+                                            &cx->pkcs1RSADigestInfoLen,
+                                            cx->key,
+                                            sig, cx->wincx);
+                PORT_Assert(cx->hashAlg == hashid);
+                if (rv != SECSuccess) {
+                    return SECFailure;
+                }
+            }
+            return verifyPKCS1DigestInfo(cx, &digest);
+        }
+        default:
+            PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+            return SECFailure; /* shouldn't happen */
+    }
+    return SECSuccess;
+}
+
+SECStatus
+VFY_End(VFYContext *cx)
+{
+    return VFY_EndWithSignature(cx, NULL);
+}
+
+/************************************************************************/
+/*
+ * Verify that a previously-computed digest matches a signature.
+ */
+static SECStatus
+vfy_VerifyDigest(const SECItem *digest, const SECKEYPublicKey *key,
+                 const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
+                 void *wincx)
+{
+    SECStatus rv;
+    VFYContext *cx;
+    SECItem dsasig; /* also used for ECDSA */
+
+    rv = SECFailure;
+
+    cx = vfy_CreateContext(key, sig, encAlg, hashAlg, NULL, wincx);
+    if (cx != NULL) {
+        switch (key->keyType) {
+            case rsaKey:
+                rv = verifyPKCS1DigestInfo(cx, digest);
+                break;
+            case dsaKey:
+            case ecKey:
+                dsasig.data = cx->u.buffer;
+                dsasig.len = SECKEY_SignatureLen(cx->key);
+                if (dsasig.len == 0) {
+                    break;
+                }
+                if (PK11_Verify(cx->key, &dsasig, (SECItem *)digest, cx->wincx) !=
+                    SECSuccess) {
+                    PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                } else {
+                    rv = SECSuccess;
+                }
+                break;
+            default:
+                break;
+        }
+        VFY_DestroyContext(cx, PR_TRUE);
+    }
+    return rv;
+}
+
+SECStatus
+VFY_VerifyDigestDirect(const SECItem *digest, const SECKEYPublicKey *key,
+                       const SECItem *sig, SECOidTag encAlg,
+                       SECOidTag hashAlg, void *wincx)
+{
+    return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx);
+}
+
+SECStatus
+VFY_VerifyDigest(SECItem *digest, SECKEYPublicKey *key, SECItem *sig,
+                 SECOidTag algid, void *wincx)
+{
+    SECOidTag encAlg, hashAlg;
+    SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx);
+}
+
+/*
+ * this function takes an optional hash oid, which the digest function
+ * will be compared with our target hash value.
+ */
+SECStatus
+VFY_VerifyDigestWithAlgorithmID(const SECItem *digest,
+                                const SECKEYPublicKey *key, const SECItem *sig,
+                                const SECAlgorithmID *sigAlgorithm,
+                                SECOidTag hashCmp, void *wincx)
+{
+    SECOidTag encAlg, hashAlg;
+    SECStatus rv = sec_DecodeSigAlg(key,
+                                    SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm),
+                                    &sigAlgorithm->parameters, &encAlg, &hashAlg);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    if (hashCmp != SEC_OID_UNKNOWN &&
+        hashAlg != SEC_OID_UNKNOWN &&
+        hashCmp != hashAlg) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        return SECFailure;
+    }
+    return vfy_VerifyDigest(digest, key, sig, encAlg, hashAlg, wincx);
+}
+
+static SECStatus
+vfy_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
+               const SECItem *sig, SECOidTag encAlg, SECOidTag hashAlg,
+               SECOidTag *hash, void *wincx)
+{
+    SECStatus rv;
+    VFYContext *cx;
+
+    cx = vfy_CreateContext(key, sig, encAlg, hashAlg, hash, wincx);
+    if (cx == NULL)
+        return SECFailure;
+
+    rv = VFY_Begin(cx);
+    if (rv == SECSuccess) {
+        rv = VFY_Update(cx, (unsigned char *)buf, len);
+        if (rv == SECSuccess)
+            rv = VFY_End(cx);
+    }
+
+    VFY_DestroyContext(cx, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+VFY_VerifyDataDirect(const unsigned char *buf, int len,
+                     const SECKEYPublicKey *key, const SECItem *sig,
+                     SECOidTag encAlg, SECOidTag hashAlg,
+                     SECOidTag *hash, void *wincx)
+{
+    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
+}
+
+SECStatus
+VFY_VerifyData(const unsigned char *buf, int len, const SECKEYPublicKey *key,
+               const SECItem *sig, SECOidTag algid, void *wincx)
+{
+    SECOidTag encAlg, hashAlg;
+    SECStatus rv = sec_DecodeSigAlg(key, algid, NULL, &encAlg, &hashAlg);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, NULL, wincx);
+}
+
+SECStatus
+VFY_VerifyDataWithAlgorithmID(const unsigned char *buf, int len,
+                              const SECKEYPublicKey *key,
+                              const SECItem *sig,
+                              const SECAlgorithmID *sigAlgorithm,
+                              SECOidTag *hash, void *wincx)
+{
+    SECOidTag encAlg, hashAlg;
+    SECOidTag sigAlg = SECOID_GetAlgorithmTag((SECAlgorithmID *)sigAlgorithm);
+    SECStatus rv = sec_DecodeSigAlg(key, sigAlg,
+                                    &sigAlgorithm->parameters, &encAlg, &hashAlg);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    return vfy_VerifyData(buf, len, key, sig, encAlg, hashAlg, hash, wincx);
+}
diff --git a/nss/lib/dbm/Makefile b/nss/lib/dbm/Makefile
new file mode 100644
index 0000000..a4df914
--- /dev/null
+++ b/nss/lib/dbm/Makefile
@@ -0,0 +1,52 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+coreconf_hack:
+	cd ../coreconf; gmake
+	gmake import
+
+RelEng_bld: coreconf_hack
+	gmake
diff --git a/nss/lib/dbm/config/config.mk b/nss/lib/dbm/config/config.mk
new file mode 100644
index 0000000..9ad98af
--- /dev/null
+++ b/nss/lib/dbm/config/config.mk
@@ -0,0 +1,35 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# These macros are defined by mozilla's configure script.
+# We define them manually here.
+#
+
+DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR
+
+#
+# Most platforms have snprintf, so it's simpler to list the exceptions.
+#
+HAVE_SNPRINTF = 1
+#
+# OSF1 V4.0D doesn't have snprintf but V5.0A does.
+#
+ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D)
+HAVE_SNPRINTF =
+endif
+ifdef HAVE_SNPRINTF
+DEFINES += -DHAVE_SNPRINTF
+endif
+
+ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET)))
+DEFINES += -DHAVE_SYS_BYTEORDER_H
+endif
+
+#
+# None of the platforms that we are interested in need to
+# define HAVE_MEMORY_H.
+#
diff --git a/nss/lib/dbm/include/Makefile b/nss/lib/dbm/include/Makefile
new file mode 100644
index 0000000..4c9e4e9
--- /dev/null
+++ b/nss/lib/dbm/include/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
diff --git a/nss/lib/dbm/include/exports.gyp b/nss/lib/dbm/include/exports.gyp
new file mode 100644
index 0000000..e80d769
--- /dev/null
+++ b/nss/lib/dbm/include/exports.gyp
@@ -0,0 +1,38 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_dbm_include_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'mcom_db.h',
+            'ncompat.h',
+            'winfile.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'extern.h',
+            'hash.h',
+            'hsearch.h',
+            'page.h',
+            'queue.h',
+            'search.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'dbm'
+  }
+}
diff --git a/nss/lib/dbm/include/extern.h b/nss/lib/dbm/include/extern.h
new file mode 100644
index 0000000..897369f
--- /dev/null
+++ b/nss/lib/dbm/include/extern.h
@@ -0,0 +1,63 @@
+/*-
+ * Copyright (c) 1991, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)extern.h    8.4 (Berkeley) 6/16/94
+ */
+
+BUFHEAD *__add_ovflpage(HTAB *, BUFHEAD *);
+int __addel(HTAB *, BUFHEAD *, const DBT *, const DBT *);
+int __big_delete(HTAB *, BUFHEAD *);
+int __big_insert(HTAB *, BUFHEAD *, const DBT *, const DBT *);
+int __big_keydata(HTAB *, BUFHEAD *, DBT *, DBT *, int);
+int __big_return(HTAB *, BUFHEAD *, int, DBT *, int);
+int __big_split(HTAB *, BUFHEAD *, BUFHEAD *, BUFHEAD *,
+                uint32, uint32, SPLIT_RETURN *);
+int __buf_free(HTAB *, int, int);
+void __buf_init(HTAB *, int);
+uint32 __call_hash(HTAB *, char *, size_t);
+int __delpair(HTAB *, BUFHEAD *, int);
+int __expand_table(HTAB *);
+int __find_bigpair(HTAB *, BUFHEAD *, int, char *, int);
+uint16 __find_last_page(HTAB *, BUFHEAD **);
+void __free_ovflpage(HTAB *, BUFHEAD *);
+BUFHEAD *__get_buf(HTAB *, uint32, BUFHEAD *, int);
+int __get_page(HTAB *, char *, uint32, int, int, int);
+int __ibitmap(HTAB *, int, int, int);
+uint32 __log2(uint32);
+int __put_page(HTAB *, char *, uint32, int, int);
+void __reclaim_buf(HTAB *, BUFHEAD *);
+int __split_page(HTAB *, uint32, uint32);
+
+/* Default hash routine. */
+extern uint32 (*__default_hash)(const void *, size_t);
+
+#ifdef HASH_STATISTICS
+extern int hash_accesses, hash_collisions, hash_expansions, hash_overflows;
+#endif
diff --git a/nss/lib/dbm/include/hash.h b/nss/lib/dbm/include/hash.h
new file mode 100644
index 0000000..7da51dc
--- /dev/null
+++ b/nss/lib/dbm/include/hash.h
@@ -0,0 +1,341 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)hash.h  8.3 (Berkeley) 5/31/94
+ */
+
+/* Operations */
+
+#include <stdio.h>
+#include "mcom_db.h"
+typedef enum {
+    HASH_GET,
+    HASH_PUT,
+    HASH_PUTNEW,
+    HASH_DELETE,
+    HASH_FIRST,
+    HASH_NEXT
+} ACTION;
+
+/* Buffer Management structures */
+typedef struct _bufhead BUFHEAD;
+
+struct _bufhead {
+    BUFHEAD *prev; /* LRU links */
+    BUFHEAD *next; /* LRU links */
+    BUFHEAD *ovfl; /* Overflow page buffer header */
+    uint32 addr;   /* Address of this page */
+    char *page;    /* Actual page data */
+    char is_disk;
+    char flags;
+#define BUF_MOD 0x0001
+#define BUF_DISK 0x0002
+#define BUF_BUCKET 0x0004
+#define BUF_PIN 0x0008
+};
+
+#define IS_BUCKET(X) ((X)&BUF_BUCKET)
+
+typedef BUFHEAD **SEGMENT;
+
+typedef int DBFILE_PTR;
+#define NO_FILE -1
+#ifdef macintosh
+#define DBFILE_OPEN(path, flag, mode) open((path), flag)
+#define EXISTS(path)
+#else
+#define DBFILE_OPEN(path, flag, mode) open((path), (flag), (mode))
+#endif
+/* Hash Table Information */
+typedef struct hashhdr {     /* Disk resident portion */
+    int32 magic;             /* Magic NO for hash tables */
+    int32 version;           /* Version ID */
+    uint32 lorder;           /* Byte Order */
+    int32 bsize;             /* Bucket/Page Size */
+    int32 bshift;            /* Bucket shift */
+    int32 dsize;             /* Directory Size */
+    int32 ssize;             /* Segment Size */
+    int32 sshift;            /* Segment shift */
+    int32 ovfl_point;        /* Where overflow pages are being
+                              * allocated */
+    int32 last_freed;        /* Last overflow page freed */
+    int32 max_bucket;        /* ID of Maximum bucket in use */
+    int32 high_mask;         /* Mask to modulo into entire table */
+    int32 low_mask;          /* Mask to modulo into lower half of
+                              * table */
+    int32 ffactor;           /* Fill factor */
+    int32 nkeys;             /* Number of keys in hash table */
+    int32 hdrpages;          /* Size of table header */
+    uint32 h_charkey;        /* value of hash(CHARKEY) */
+#define NCACHED 32           /* number of bit maps and spare \
+                              * points */
+    int32 spares[NCACHED];   /* spare pages for overflow */
+    uint16 bitmaps[NCACHED]; /* address of overflow page
+                              * bitmaps */
+} HASHHDR;
+
+typedef struct htab { /* Memory resident data structure */
+    HASHHDR hdr;      /* Header */
+    int nsegs;        /* Number of allocated segments */
+    int exsegs;       /* Number of extra allocated
+                       * segments */
+    uint32            /* Hash function */
+        (*hash)(const void *, size_t);
+    int flags;     /* Flag values */
+    DBFILE_PTR fp; /* File pointer */
+    char *filename;
+    char *tmp_buf;         /* Temporary Buffer for BIG data */
+    char *tmp_key;         /* Temporary Buffer for BIG keys */
+    BUFHEAD *cpage;        /* Current page */
+    int cbucket;           /* Current bucket */
+    int cndx;              /* Index of next item on cpage */
+    int dbmerrno;          /* Error Number -- for DBM
+                            * compatability */
+    int new_file;          /* Indicates if fd is backing store
+                            * or no */
+    int save_file;         /* Indicates whether we need to flush
+                            * file at
+                            * exit */
+    uint32 *mapp[NCACHED]; /* Pointers to page maps */
+    int nmaps;             /* Initial number of bitmaps */
+    int nbufs;             /* Number of buffers left to
+                            * allocate */
+    BUFHEAD bufhead;       /* Header of buffer lru list */
+    SEGMENT *dir;          /* Hash Bucket directory */
+    off_t file_size;       /* in bytes */
+    char is_temp;          /* unlink file on close */
+    char updateEOF;        /* force EOF update on flush */
+} HTAB;
+
+/*
+ * Constants
+ */
+#define DATABASE_CORRUPTED_ERROR -999 /* big ugly abort, delete database */
+#define OLD_MAX_BSIZE 65536           /* 2^16 */
+#define MAX_BSIZE 32l * 1024l         /* 2^15 */
+#define MIN_BUFFERS 6
+#define MINHDRSIZE 512
+#define DEF_BUFSIZE 65536l /* 64 K */
+#define DEF_BUCKET_SIZE 4096
+#define DEF_BUCKET_SHIFT 12 /* log2(BUCKET) */
+#define DEF_SEGSIZE 256
+#define DEF_SEGSIZE_SHIFT 8 /* log2(SEGSIZE)     */
+#define DEF_DIRSIZE 256
+#define DEF_FFACTOR 65536l
+#define MIN_FFACTOR 4
+#define SPLTMAX 8
+#define CHARKEY "%$sniglet^&"
+#define NUMKEY 1038583l
+#define BYTE_SHIFT 3
+#define INT_TO_BYTE 2
+#define INT_BYTE_SHIFT 5
+#define ALL_SET ((uint32)0xFFFFFFFF)
+#define ALL_CLEAR 0
+
+#define PTROF(X) ((ptrdiff_t)(X) == BUF_DISK ? 0 : (X))
+#define ISDISK(X) ((X) ? ((ptrdiff_t)(X) == BUF_DISK ? BUF_DISK      \
+                                                     : (X)->is_disk) \
+                       : 0)
+
+#define BITS_PER_MAP 32
+
+/* Given the address of the beginning of a big map, clear/set the nth bit */
+#define CLRBIT(A, N) ((A)[(N) / BITS_PER_MAP] &= ~(1 << ((N) % BITS_PER_MAP)))
+#define SETBIT(A, N) ((A)[(N) / BITS_PER_MAP] |= (1 << ((N) % BITS_PER_MAP)))
+#define ISSET(A, N) ((A)[(N) / BITS_PER_MAP] & (1 << ((N) % BITS_PER_MAP)))
+
+/* Overflow management */
+/*
+ * Overflow page numbers are allocated per split point.  At each doubling of
+ * the table, we can allocate extra pages.  So, an overflow page number has
+ * the top 5 bits indicate which split point and the lower 11 bits indicate
+ * which page at that split point is indicated (pages within split points are
+ * numberered starting with 1).
+ */
+
+#define SPLITSHIFT 11
+#define SPLITMASK 0x7FF
+#define SPLITNUM(N) (((uint32)(N)) >> SPLITSHIFT)
+#define OPAGENUM(N) ((N)&SPLITMASK)
+#define OADDR_OF(S, O) ((uint32)((uint32)(S) << SPLITSHIFT) + (O))
+
+#define BUCKET_TO_PAGE(B) \
+    (B) + hashp->HDRPAGES + ((B) ? hashp->SPARES[__log2((uint32)((B) + 1)) - 1] : 0)
+#define OADDR_TO_PAGE(B) \
+    BUCKET_TO_PAGE((1 << SPLITNUM((B))) - 1) + OPAGENUM((B));
+
+/*
+ * page.h contains a detailed description of the page format.
+ *
+ * Normally, keys and data are accessed from offset tables in the top of
+ * each page which point to the beginning of the key and data.  There are
+ * four flag values which may be stored in these offset tables which indicate
+ * the following:
+ *
+ *
+ * OVFLPAGE Rather than a key data pair, this pair contains
+ *      the address of an overflow page.  The format of
+ *      the pair is:
+ *          OVERFLOW_PAGE_NUMBER OVFLPAGE
+ *
+ * PARTIAL_KEY  This must be the first key/data pair on a page
+ *      and implies that page contains only a partial key.
+ *      That is, the key is too big to fit on a single page
+ *      so it starts on this page and continues on the next.
+ *      The format of the page is:
+ *          KEY_OFF PARTIAL_KEY OVFL_PAGENO OVFLPAGE
+ *
+ *          KEY_OFF -- offset of the beginning of the key
+ *          PARTIAL_KEY -- 1
+ *          OVFL_PAGENO - page number of the next overflow page
+ *          OVFLPAGE -- 0
+ *
+ * FULL_KEY This must be the first key/data pair on the page.  It
+ *      is used in two cases.
+ *
+ *      Case 1:
+ *          There is a complete key on the page but no data
+ *          (because it wouldn't fit).  The next page contains
+ *          the data.
+ *
+ *          Page format it:
+ *          KEY_OFF FULL_KEY OVFL_PAGENO OVFL_PAGE
+ *
+ *          KEY_OFF -- offset of the beginning of the key
+ *          FULL_KEY -- 2
+ *          OVFL_PAGENO - page number of the next overflow page
+ *          OVFLPAGE -- 0
+ *
+ *      Case 2:
+ *          This page contains no key, but part of a large
+ *          data field, which is continued on the next page.
+ *
+ *          Page format it:
+ *          DATA_OFF FULL_KEY OVFL_PAGENO OVFL_PAGE
+ *
+ *          KEY_OFF -- offset of the beginning of the data on
+ *              this page
+ *          FULL_KEY -- 2
+ *          OVFL_PAGENO - page number of the next overflow page
+ *          OVFLPAGE -- 0
+ *
+ * FULL_KEY_DATA
+ *      This must be the first key/data pair on the page.
+ *      There are two cases:
+ *
+ *      Case 1:
+ *          This page contains a key and the beginning of the
+ *          data field, but the data field is continued on the
+ *          next page.
+ *
+ *          Page format is:
+ *          KEY_OFF FULL_KEY_DATA OVFL_PAGENO DATA_OFF
+ *
+ *          KEY_OFF -- offset of the beginning of the key
+ *          FULL_KEY_DATA -- 3
+ *          OVFL_PAGENO - page number of the next overflow page
+ *          DATA_OFF -- offset of the beginning of the data
+ *
+ *      Case 2:
+ *          This page contains the last page of a big data pair.
+ *          There is no key, only the  tail end of the data
+ *          on this page.
+ *
+ *          Page format is:
+ *          DATA_OFF FULL_KEY_DATA <OVFL_PAGENO> <OVFLPAGE>
+ *
+ *          DATA_OFF -- offset of the beginning of the data on
+ *              this page
+ *          FULL_KEY_DATA -- 3
+ *          OVFL_PAGENO - page number of the next overflow page
+ *          OVFLPAGE -- 0
+ *
+ *          OVFL_PAGENO and OVFLPAGE are optional (they are
+ *          not present if there is no next page).
+ */
+
+#define OVFLPAGE 0
+#define PARTIAL_KEY 1
+#define FULL_KEY 2
+#define FULL_KEY_DATA 3
+#define REAL_KEY 4
+
+/* Short hands for accessing structure */
+#undef BSIZE
+#define BSIZE hdr.bsize
+#undef BSHIFT
+#define BSHIFT hdr.bshift
+#define DSIZE hdr.dsize
+#define SGSIZE hdr.ssize
+#define SSHIFT hdr.sshift
+#define LORDER hdr.lorder
+#define OVFL_POINT hdr.ovfl_point
+#define LAST_FREED hdr.last_freed
+#define MAX_BUCKET hdr.max_bucket
+#define FFACTOR hdr.ffactor
+#define HIGH_MASK hdr.high_mask
+#define LOW_MASK hdr.low_mask
+#define NKEYS hdr.nkeys
+#define HDRPAGES hdr.hdrpages
+#define SPARES hdr.spares
+#define BITMAPS hdr.bitmaps
+#define VERSION hdr.version
+#define MAGIC hdr.magic
+#define NEXT_FREE hdr.next_free
+#define H_CHARKEY hdr.h_charkey
+
+extern uint32 (*__default_hash)(const void *, size_t);
+void __buf_init(HTAB *hashp, int32 nbytes);
+int __big_delete(HTAB *hashp, BUFHEAD *bufp);
+BUFHEAD *__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage);
+uint32 __call_hash(HTAB *hashp, char *k, size_t len);
+#include "page.h"
+extern int __big_split(HTAB *hashp, BUFHEAD *op, BUFHEAD *np,
+                       BUFHEAD *big_keyp, uint32 addr, uint32 obucket, SPLIT_RETURN *ret);
+void __free_ovflpage(HTAB *hashp, BUFHEAD *obufp);
+BUFHEAD *__add_ovflpage(HTAB *hashp, BUFHEAD *bufp);
+int __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val);
+int __expand_table(HTAB *hashp);
+uint32 __log2(uint32 num);
+void __reclaim_buf(HTAB *hashp, BUFHEAD *bp);
+int __get_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_disk, int is_bitmap);
+int __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap);
+int __ibitmap(HTAB *hashp, int pnum, int nbits, int ndx);
+int __buf_free(HTAB *hashp, int do_free, int to_disk);
+int __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size);
+uint16 __find_last_page(HTAB *hashp, BUFHEAD **bpp);
+int __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val);
+int __big_return(HTAB *hashp, BUFHEAD *bufp, int ndx, DBT *val, int set_current);
+int __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx);
+int __big_keydata(HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, int set);
+int __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket);
diff --git a/nss/lib/dbm/include/hsearch.h b/nss/lib/dbm/include/hsearch.h
new file mode 100644
index 0000000..d6fe0d9
--- /dev/null
+++ b/nss/lib/dbm/include/hsearch.h
@@ -0,0 +1,50 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)search.h    8.1 (Berkeley) 6/4/93
+ */
+
+/* Backward compatibility to hsearch interface. */
+typedef struct entry {
+    char *key;
+    char *data;
+} ENTRY;
+
+typedef enum {
+    FIND,
+    ENTER
+} ACTION;
+
+int hcreate(unsigned int);
+void hdestroy(void);
+ENTRY *hsearch(ENTRY, ACTION);
diff --git a/nss/lib/dbm/include/include.gyp b/nss/lib/dbm/include/include.gyp
new file mode 100644
index 0000000..69f9c88
--- /dev/null
+++ b/nss/lib/dbm/include/include.gyp
@@ -0,0 +1,12 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [],
+  'variables': {
+    'module': 'dbm'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/dbm/include/manifest.mn b/nss/lib/dbm/include/manifest.mn
new file mode 100644
index 0000000..64b6fda
--- /dev/null
+++ b/nss/lib/dbm/include/manifest.mn
@@ -0,0 +1,23 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../..
+
+MODULE = dbm
+
+EXPORTS =	mcom_db.h \
+		ncompat.h \
+		winfile.h \
+		$(NULL)
+
+PRIVATE_EXPORTS =	hsearch.h \
+			page.h    \
+			extern.h  \
+			queue.h   \
+			hash.h    \
+			search.h  \
+			$(NULL)
+
diff --git a/nss/lib/dbm/include/mcom_db.h b/nss/lib/dbm/include/mcom_db.h
new file mode 100644
index 0000000..0a4f6dc
--- /dev/null
+++ b/nss/lib/dbm/include/mcom_db.h
@@ -0,0 +1,423 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)db.h    8.7 (Berkeley) 6/16/94
+ */
+
+#ifndef _DB_H_
+#define _DB_H_
+
+#ifndef macintosh
+#include <sys/types.h>
+#endif
+#include "prtypes.h"
+
+#if !defined(XP_BEOS) && !defined(XP_OS2) && !defined(XP_UNIX) || defined(NTO)
+typedef PRUintn uint;
+#endif
+typedef PRUint8 uint8;
+typedef PRUint16 uint16;
+/* On AIX 5.2, sys/inttypes.h (which is included by sys/types.h)
+ * defines the types int8, int16, int32, and int64. */
+#if !defined(AIX)
+typedef PRInt32 int32;
+#endif
+typedef PRUint32 uint32;
+
+#include <limits.h>
+
+#ifdef __DBINTERFACE_PRIVATE
+
+#ifdef HAVE_SYS_BYTEORDER_H
+#include <sys/byteorder.h>
+#endif
+
+#if defined(__linux) || defined(__BEOS__)
+#include <endian.h>
+#ifndef BYTE_ORDER
+#define BYTE_ORDER __BYTE_ORDER
+#define BIG_ENDIAN __BIG_ENDIAN
+#define LITTLE_ENDIAN __LITTLE_ENDIAN
+#endif
+#endif /* __linux */
+
+#ifdef __sgi
+#define BYTE_ORDER BIG_ENDIAN
+#define BIG_ENDIAN 4321
+#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
+#endif
+
+#ifdef __sun
+#define BIG_ENDIAN 4321
+#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
+
+#ifndef __SVR4
+/* compat.h is only in 4.1.3 machines. - dp */
+#include <compat.h>
+#endif
+
+/* XXX - dp
+ * Need to find a general way of defining endian-ness in SunOS 5.3
+ * SunOS 5.4 defines _BIG_ENDIAN and _LITTLE_ENDIAN
+ * SunOS 5.3 does nothing like this.
+ */
+
+#ifndef BYTE_ORDER
+
+#if defined(_BIG_ENDIAN)
+#define BYTE_ORDER BIG_ENDIAN
+#elif defined(_LITTLE_ENDIAN)
+#define BYTE_ORDER LITTLE_ENDIAN
+#elif !defined(__SVR4)
+/* 4.1.3 is always BIG_ENDIAN as it was released only on sparc platforms. */
+#define BYTE_ORDER BIG_ENDIAN
+#elif !defined(vax) && !defined(ntohl) && !defined(lint) && !defined(i386)
+/* 5.3 big endian. Copied this above line from sys/byteorder.h */
+/* Now we are in a 5.3 SunOS rather non 5.4 or above SunOS  */
+#define BYTE_ORDER BIG_ENDIAN
+#else
+#define BYTE_ORDER LITTLE_ENDIAN
+#endif
+
+#endif /* !BYTE_ORDER */
+#endif /* __sun */
+
+#if defined(__hpux) || defined(__hppa)
+#define BYTE_ORDER BIG_ENDIAN
+#define BIG_ENDIAN 4321
+#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
+#endif
+
+#if defined(AIXV3) || defined(AIX)
+/* BYTE_ORDER, LITTLE_ENDIAN, BIG_ENDIAN are all defined here */
+#include <sys/machine.h>
+#endif
+
+/* Digital Unix */
+#ifdef __osf__
+#include <machine/endian.h>
+#endif
+
+#ifdef __alpha
+#ifndef WIN32
+#else
+/* Alpha NT */
+#define BYTE_ORDER LITTLE_ENDIAN
+#define BIG_ENDIAN 4321
+#define LITTLE_ENDIAN 1234
+#endif
+#endif
+
+#ifdef NCR
+#include <sys/endian.h>
+#endif
+
+#ifdef __QNX__
+#ifdef __QNXNTO__
+#include <sys/param.h>
+#else
+#define LITTLE_ENDIAN 1234
+#define BIG_ENDIAN 4321
+#define BYTE_ORDER LITTLE_ENDIAN
+#endif
+#endif
+
+#ifdef SNI
+/* #include <sys/hetero.h> */
+#define BYTE_ORDER BIG_ENDIAN
+#define BIG_ENDIAN 4321
+#define LITTLE_ENDIAN 1234
+#endif
+
+#ifdef _WINDOWS
+#ifdef BYTE_ORDER
+#undef BYTE_ORDER
+#endif
+
+#define BYTE_ORDER LITTLE_ENDIAN
+#define LITTLE_ENDIAN 1234 /* LSB first: i386, vax, all NT risc */
+#define BIG_ENDIAN 4321
+#endif
+
+#ifdef macintosh
+#define BIG_ENDIAN 4321
+#define LITTLE_ENDIAN 1234
+#define BYTE_ORDER BIG_ENDIAN
+#endif
+
+#endif /* __DBINTERFACE_PRIVATE */
+
+#ifdef SCO
+#define MAXPATHLEN 1024
+#endif
+
+#include <fcntl.h>
+
+#if defined(_WINDOWS) || defined(XP_OS2)
+#include <stdio.h>
+#include <io.h>
+
+#ifndef XP_OS2
+#define MAXPATHLEN 1024
+#endif
+
+#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */
+
+#ifndef STDERR_FILENO
+#define STDIN_FILENO 0 /* ANSI C #defines */
+#define STDOUT_FILENO 1
+#define STDERR_FILENO 2
+#endif
+
+#ifndef O_ACCMODE /* POSIX 1003.1 access mode mask. */
+#define O_ACCMODE (O_RDONLY | O_WRONLY | O_RDWR)
+#endif
+#endif
+
+#ifdef macintosh
+#include <stdio.h>
+#include "xp_mcom.h"
+#define O_ACCMODE 3 /* Mask for file access modes */
+#define EFTYPE 2000
+PR_BEGIN_EXTERN_C
+int mkstemp(const char *path);
+PR_END_EXTERN_C
+#endif /* MACINTOSH */
+
+#if !defined(_WINDOWS) && !defined(macintosh)
+#include <sys/stat.h>
+#include <errno.h>
+#endif
+
+/* define EFTYPE since most don't */
+#ifndef EFTYPE
+#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */
+#endif
+
+#define RET_ERROR -1 /* Return values. */
+#define RET_SUCCESS 0
+#define RET_SPECIAL 1
+
+#define MAX_PAGE_NUMBER 0xffffffff /* >= # of pages in a file */
+
+#ifndef __sgi
+typedef uint32 pgno_t;
+#endif
+
+#define MAX_PAGE_OFFSET 65535 /* >= # of bytes in a page */
+typedef uint16 indx_t;
+#define MAX_REC_NUMBER 0xffffffff /* >= # of records in a tree */
+typedef uint32 recno_t;
+
+/* Key/data structure -- a Data-Base Thang. */
+typedef struct {
+    void *data;  /* data */
+    size_t size; /* data length */
+} DBT;
+
+/* Routine flags. */
+#define R_CURSOR 1      /* del, put, seq */
+#define __R_UNUSED 2    /* UNUSED */
+#define R_FIRST 3       /* seq */
+#define R_IAFTER 4      /* put (RECNO) */
+#define R_IBEFORE 5     /* put (RECNO) */
+#define R_LAST 6        /* seq (BTREE, RECNO) */
+#define R_NEXT 7        /* seq */
+#define R_NOOVERWRITE 8 /* put */
+#define R_PREV 9        /* seq (BTREE, RECNO) */
+#define R_SETCURSOR 10  /* put (RECNO) */
+#define R_RECNOSYNC 11  /* sync (RECNO) */
+
+typedef enum { DB_BTREE,
+               DB_HASH,
+               DB_RECNO } DBTYPE;
+
+typedef enum { LockOutDatabase,
+               UnlockDatabase } DBLockFlagEnum;
+
+/*
+ * !!!
+ * The following flags are included in the dbopen(3) call as part of the
+ * open(2) flags.  In order to avoid conflicts with the open flags, start
+ * at the top of the 16 or 32-bit number space and work our way down.  If
+ * the open flags were significantly expanded in the future, it could be
+ * a problem.  Wish I'd left another flags word in the dbopen call.
+ *
+ * !!!
+ * None of this stuff is implemented yet.  The only reason that it's here
+ * is so that the access methods can skip copying the key/data pair when
+ * the DB_LOCK flag isn't set.
+ */
+#if UINT_MAX > 65535
+#define DB_LOCK 0x20000000  /* Do locking. */
+#define DB_SHMEM 0x40000000 /* Use shared memory. */
+#define DB_TXN 0x80000000   /* Do transactions. */
+#else
+#define DB_LOCK 0x2000  /* Do locking. */
+#define DB_SHMEM 0x4000 /* Use shared memory. */
+#define DB_TXN 0x8000   /* Do transactions. */
+#endif
+
+/* Access method description structure. */
+typedef struct __db {
+    DBTYPE type; /* Underlying db type. */
+    int (*close)(struct __db *);
+    int (*del)(const struct __db *, const DBT *, uint);
+    int (*get)(const struct __db *, const DBT *, DBT *, uint);
+    int (*put)(const struct __db *, DBT *, const DBT *, uint);
+    int (*seq)(const struct __db *, DBT *, DBT *, uint);
+    int (*sync)(const struct __db *, uint);
+    void *internal; /* Access method private. */
+    int (*fd)(const struct __db *);
+} DB;
+
+#define BTREEMAGIC 0x053162
+#define BTREEVERSION 3
+
+/* Structure used to pass parameters to the btree routines. */
+typedef struct {
+#define R_DUP 0x01 /* duplicate keys */
+    uint32 flags;
+    uint cachesize; /* bytes to cache */
+    int maxkeypage; /* maximum keys per page */
+    int minkeypage; /* minimum keys per page */
+    uint psize;     /* page size */
+    int(*compare)   /* comparison function */
+        (const DBT *, const DBT *);
+    size_t(*prefix) /* prefix function */
+        (const DBT *, const DBT *);
+    int lorder; /* byte order */
+} BTREEINFO;
+
+#define HASHMAGIC 0x061561
+#define HASHVERSION 2
+
+/* Structure used to pass parameters to the hashing routines. */
+typedef struct {
+    uint bsize;     /* bucket size */
+    uint ffactor;   /* fill factor */
+    uint nelem;     /* number of elements */
+    uint cachesize; /* bytes to cache */
+    uint32          /* hash function */
+        (*hash)(const void *, size_t);
+    int lorder; /* byte order */
+} HASHINFO;
+
+/* Structure used to pass parameters to the record routines. */
+typedef struct {
+#define R_FIXEDLEN 0x01 /* fixed-length records */
+#define R_NOKEY 0x02    /* key not required */
+#define R_SNAPSHOT 0x04 /* snapshot the input */
+    uint32 flags;
+    uint cachesize; /* bytes to cache */
+    uint psize;     /* page size */
+    int lorder;     /* byte order */
+    size_t reclen;  /* record length (fixed-length records) */
+    uint8 bval;     /* delimiting byte (variable-length records */
+    char *bfname;   /* btree file name */
+} RECNOINFO;
+
+#ifdef __DBINTERFACE_PRIVATE
+/*
+ * Little endian <==> big endian 32-bit swap macros.
+ *  M_32_SWAP   swap a memory location
+ *  P_32_SWAP   swap a referenced memory location
+ *  P_32_COPY   swap from one location to another
+ */
+#define M_32_SWAP(a)                          \
+    {                                         \
+        uint32 _tmp = a;                      \
+        ((char *)&a)[0] = ((char *)&_tmp)[3]; \
+        ((char *)&a)[1] = ((char *)&_tmp)[2]; \
+        ((char *)&a)[2] = ((char *)&_tmp)[1]; \
+        ((char *)&a)[3] = ((char *)&_tmp)[0]; \
+    }
+#define P_32_SWAP(a)                         \
+    {                                        \
+        uint32 _tmp = *(uint32 *)a;          \
+        ((char *)a)[0] = ((char *)&_tmp)[3]; \
+        ((char *)a)[1] = ((char *)&_tmp)[2]; \
+        ((char *)a)[2] = ((char *)&_tmp)[1]; \
+        ((char *)a)[3] = ((char *)&_tmp)[0]; \
+    }
+#define P_32_COPY(a, b)                        \
+    {                                          \
+        ((char *)&(b))[0] = ((char *)&(a))[3]; \
+        ((char *)&(b))[1] = ((char *)&(a))[2]; \
+        ((char *)&(b))[2] = ((char *)&(a))[1]; \
+        ((char *)&(b))[3] = ((char *)&(a))[0]; \
+    }
+
+/*
+ * Little endian <==> big endian 16-bit swap macros.
+ *  M_16_SWAP   swap a memory location
+ *  P_16_SWAP   swap a referenced memory location
+ *  P_16_COPY   swap from one location to another
+ */
+#define M_16_SWAP(a)                          \
+    {                                         \
+        uint16 _tmp = a;                      \
+        ((char *)&a)[0] = ((char *)&_tmp)[1]; \
+        ((char *)&a)[1] = ((char *)&_tmp)[0]; \
+    }
+#define P_16_SWAP(a)                         \
+    {                                        \
+        uint16 _tmp = *(uint16 *)a;          \
+        ((char *)a)[0] = ((char *)&_tmp)[1]; \
+        ((char *)a)[1] = ((char *)&_tmp)[0]; \
+    }
+#define P_16_COPY(a, b)                        \
+    {                                          \
+        ((char *)&(b))[0] = ((char *)&(a))[1]; \
+        ((char *)&(b))[1] = ((char *)&(a))[0]; \
+    }
+#endif
+
+PR_BEGIN_EXTERN_C
+
+extern DB *
+dbopen(const char *, int, int, DBTYPE, const void *);
+
+/* set or unset a global lock flag to disable the
+ * opening of any DBM file
+ */
+void dbSetOrClearDBLock(DBLockFlagEnum type);
+
+#ifdef __DBINTERFACE_PRIVATE
+DB *__bt_open(const char *, int, int, const BTREEINFO *, int);
+DB *__hash_open(const char *, int, int, const HASHINFO *, int);
+DB *__rec_open(const char *, int, int, const RECNOINFO *, int);
+void __dbpanic(DB *dbp);
+#endif
+
+PR_END_EXTERN_C
+
+#endif /* !_DB_H_ */
diff --git a/nss/lib/dbm/include/ncompat.h b/nss/lib/dbm/include/ncompat.h
new file mode 100644
index 0000000..9fd4347
--- /dev/null
+++ b/nss/lib/dbm/include/ncompat.h
@@ -0,0 +1,224 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)compat.h  8.13 (Berkeley) 2/21/94
+ */
+
+#ifndef _COMPAT_H_
+#define _COMPAT_H_
+
+#include <sys/types.h>
+
+/*
+ * If your system doesn't typedef u_long, u_short, or u_char, change
+ * the 0 to a 1.
+ */
+#if 0
+typedef unsigned char u_char;   /* 4.[34]BSD names. */
+typedef unsigned int  u_int;
+typedef unsigned long u_long;
+typedef unsigned short  u_short;
+#endif
+
+/* If your system doesn't typedef size_t, change the 0 to a 1. */
+#if 0
+typedef unsigned int  size_t;   /* POSIX, 4.[34]BSD names. */
+#endif
+
+/* If your system doesn't typedef ssize_t, change the 0 to a 1. */
+#if 0
+typedef int   ssize_t;  /* POSIX names. */
+#endif
+
+/*
+ * If your system doesn't have the POSIX type for a signal mask,
+ * change the 0 to a 1.
+ */
+#if 0 /* POSIX 1003.1 signal mask type. */
+typedef unsigned int  sigset_t;
+#endif
+
+/*
+ * If your system's vsprintf returns a char *, not an int,
+ * change the 0 to a 1.
+ */
+#if defined(__sun) && !defined(__SVR4) /* SUNOS */
+#define VSPRINTF_CHARSTAR
+#endif
+/*
+ * If you don't have POSIX 1003.1 signals, the signal code surrounding the
+ * temporary file creation is intended to block all of the possible signals
+ * long enough to create the file and unlink it.  All of this stuff is
+ * intended to use old-style BSD calls to fake POSIX 1003.1 calls.
+ */
+#ifdef NO_POSIX_SIGNALS
+#define sigemptyset(set) (*(set) = 0)
+#define sigfillset(set) (*(set) = ~(sigset_t)0, 0)
+#define sigaddset(set, signo) (*(set) |= sigmask(signo), 0)
+#define sigdelset(set, signo) (*(set) &= ~sigmask(signo), 0)
+#define sigismember(set, signo) ((*(set)&sigmask(signo)) != 0)
+
+#define SIG_BLOCK 1
+#define SIG_UNBLOCK 2
+#define SIG_SETMASK 3
+
+static int __sigtemp; /* For the use of sigprocmask */
+
+/* Repeated test of oset != NULL is to avoid "*0". */
+#define sigprocmask(how, set, oset)                                                                                                                            \
+    ((__sigtemp =                                                                                                                                              \
+          (((how) == SIG_BLOCK) ? sigblock(0) | *(set) : (((how) == SIG_UNBLOCK) ? sigblock(0) & ~(*(set)) : ((how) == SIG_SETMASK ? *(set) : sigblock(0))))), \
+     ((oset) ? (*(oset ? oset : set) = sigsetmask(__sigtemp)) : sigsetmask(__sigtemp)), 0)
+#endif
+
+/*
+ * If your system doesn't have an include file with the appropriate
+ * byte order set, make sure you specify the correct one.
+ */
+#ifndef BYTE_ORDER
+#define LITTLE_ENDIAN 1234    /* LSB first: i386, vax */
+#define BIG_ENDIAN 4321       /* MSB first: 68000, ibm, net */
+#define BYTE_ORDER BIG_ENDIAN /* Set for your system. */
+#endif
+
+#if defined(SYSV) || defined(SYSTEM5) || defined(__sun)
+#define index(a, b) strchr(a, b)
+#define rindex(a, b) strrchr(a, b)
+#define bzero(a, b) memset(a, 0, b)
+#define bcmp(a, b, n) memcmp(a, b, n)
+#define bcopy(a, b, n) memmove(b, a, n)
+#endif
+
+#if defined(BSD) || defined(BSD4_3)
+#define strchr(a, b) index(a, b)
+#define strrchr(a, b) rindex(a, b)
+#define memcmp(a, b, n) bcmp(a, b, n)
+#define memmove(a, b, n) bcopy(b, a, n)
+#endif
+
+/*
+ * 32-bit machine.  The db routines are theoretically independent of
+ * the size of u_shorts and u_longs, but I don't know that anyone has
+ * ever actually tried it.  At a minimum, change the following #define's
+ * if you are trying to compile on a different type of system.
+ */
+#ifndef USHRT_MAX
+#define USHRT_MAX 0xFFFF
+#define ULONG_MAX 0xFFFFFFFF
+#endif
+
+#ifndef O_ACCMODE /* POSIX 1003.1 access mode mask. */
+#define O_ACCMODE (O_RDONLY | O_WRONLY | O_RDWR)
+#endif
+
+#ifndef _POSIX2_RE_DUP_MAX /* POSIX 1003.2 RE limit. */
+#define _POSIX2_RE_DUP_MAX 255
+#endif
+
+/*
+ * If you can't provide lock values in the open(2) call.  Note, this
+ * allows races to happen.
+ */
+#ifndef O_EXLOCK /* 4.4BSD extension. */
+#define O_EXLOCK 0
+#endif
+
+#ifndef O_SHLOCK /* 4.4BSD extension. */
+#define O_SHLOCK 0
+#endif
+
+#ifndef EFTYPE
+#define EFTYPE EINVAL /* POSIX 1003.1 format errno. */
+#endif
+
+#ifndef WCOREDUMP /* 4.4BSD extension */
+#define WCOREDUMP(a) 0
+#endif
+
+#ifndef STDERR_FILENO
+#define STDIN_FILENO 0 /* ANSI C #defines */
+#define STDOUT_FILENO 1
+#define STDERR_FILENO 2
+#endif
+
+#ifndef SEEK_END
+#define SEEK_SET 0 /* POSIX 1003.1 seek values */
+#define SEEK_CUR 1
+#define SEEK_END 2
+#endif
+
+#ifndef _POSIX_VDISABLE   /* POSIX 1003.1 disabling char. */
+#define _POSIX_VDISABLE 0 /* Some systems used 0. */
+#endif
+
+#ifndef TCSASOFT /* 4.4BSD extension. */
+#define TCSASOFT 0
+#endif
+
+#ifndef _POSIX2_RE_DUP_MAX /* POSIX 1003.2 values. */
+#define _POSIX2_RE_DUP_MAX 255
+#endif
+
+#ifndef NULL /* ANSI C #defines NULL everywhere. */
+#define NULL 0
+#endif
+
+#ifndef MAX /* Usually found in <sys/param.h>. */
+#define MAX(_a, _b) ((_a) < (_b) ? (_b) : (_a))
+#endif
+#ifndef MIN /* Usually found in <sys/param.h>. */
+#define MIN(_a, _b) ((_a) < (_b) ? (_a) : (_b))
+#endif
+
+/* Default file permissions. */
+#ifndef DEFFILEMODE /* 4.4BSD extension. */
+#define DEFFILEMODE (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)
+#endif
+
+#ifndef __sun
+#ifndef S_ISDIR                                /* POSIX 1003.1 file type tests. */
+#define S_ISDIR(m) ((m & 0170000) == 0040000)  /* directory */
+#define S_ISCHR(m) ((m & 0170000) == 0020000)  /* char special */
+#define S_ISBLK(m) ((m & 0170000) == 0060000)  /* block special */
+#define S_ISREG(m) ((m & 0170000) == 0100000)  /* regular file */
+#define S_ISFIFO(m) ((m & 0170000) == 0010000) /* fifo */
+#endif
+#ifndef S_ISLNK                                /* BSD POSIX 1003.1 extensions */
+#define S_ISLNK(m) ((m & 0170000) == 0120000)  /* symbolic link */
+#define S_ISSOCK(m) ((m & 0170000) == 0140000) /* socket */
+#endif
+#endif /* __sun */
+
+/* The type of a va_list. */
+#ifndef _BSD_VA_LIST_ /* 4.4BSD #define. */
+#define _BSD_VA_LIST_ char*
+#endif
+
+#endif /* !_COMPAT_H_ */
diff --git a/nss/lib/dbm/include/page.h b/nss/lib/dbm/include/page.h
new file mode 100644
index 0000000..1ece42b
--- /dev/null
+++ b/nss/lib/dbm/include/page.h
@@ -0,0 +1,93 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)page.h  8.2 (Berkeley) 5/31/94
+ */
+
+/*
+ * Definitions for hashing page file format.
+ */
+
+/*
+ * routines dealing with a data page
+ *
+ * page format:
+ *  +------------------------------+
+ * p    | n | keyoff | datoff | keyoff |
+ *  +------------+--------+--------+
+ *  | datoff | free  |  ptr  | --> |
+ *  +--------+---------------------+
+ *  |    F R E E A R E A           |
+ *  +--------------+---------------+
+ *  |  <---- - - - | data          |
+ *  +--------+-----+----+----------+
+ *  |  key   | data     | key      |
+ *  +--------+----------+----------+
+ *
+ * Pointer to the free space is always:  p[p[0] + 2]
+ * Amount of free space on the page is:  p[p[0] + 1]
+ */
+
+/*
+ * How many bytes required for this pair?
+ *  2 shorts in the table at the top of the page + room for the
+ *  key and room for the data
+ *
+ * We prohibit entering a pair on a page unless there is also room to append
+ * an overflow page. The reason for this it that you can get in a situation
+ * where a single key/data pair fits on a page, but you can't append an
+ * overflow page and later you'd have to split the key/data and handle like
+ * a big pair.
+ * You might as well do this up front.
+ */
+#ifndef PAGE_H
+#define PAGE_H
+
+#define PAIRSIZE(K, D) (2 * sizeof(uint16) + (K)->size + (D)->size)
+#define BIGOVERHEAD (4 * sizeof(uint16))
+#define KEYSIZE(K) (4 * sizeof(uint16) + (K)->size);
+#define OVFLSIZE (2 * sizeof(uint16))
+#define FREESPACE(P) ((P)[(P)[0] + 1])
+#define OFFSET(P) ((P)[(P)[0] + 2])
+#define PAIRFITS(P, K, D)    \
+    (((P)[2] >= REAL_KEY) && \
+     (PAIRSIZE((K), (D)) + OVFLSIZE) <= FREESPACE((P)))
+#define PAGE_META(N) (((N) + 3) * sizeof(uint16))
+
+typedef struct {
+    BUFHEAD *newp;
+    BUFHEAD *oldp;
+    BUFHEAD *nextp;
+    uint16 next_addr;
+} SPLIT_RETURN;
+#endif
diff --git a/nss/lib/dbm/include/queue.h b/nss/lib/dbm/include/queue.h
new file mode 100644
index 0000000..adc2c52
--- /dev/null
+++ b/nss/lib/dbm/include/queue.h
@@ -0,0 +1,258 @@
+/*
+ * Copyright (c) 1991, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)queue.h 8.3 (Berkeley) 12/13/93
+ */
+
+#ifndef _QUEUE_H_
+#define _QUEUE_H_
+
+/*
+ * This file defines three types of data structures: lists, tail queues,
+ * and circular queues.
+ *
+ * A list is headed by a single forward pointer (or an array of forward
+ * pointers for a hash table header). The elements are doubly linked
+ * so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list after
+ * an existing element or at the head of the list. A list may only be
+ * traversed in the forward direction.
+ *
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list after
+ * an existing element, at the head of the list, or at the end of the
+ * list. A tail queue may only be traversed in the forward direction.
+ *
+ * A circle queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or after
+ * an existing element, at the head of the list, or at the end of the list.
+ * A circle queue may be traversed in either direction, but has a more
+ * complex end of list detection.
+ *
+ * For details on the use of these macros, see the queue(3) manual page.
+ */
+
+/*
+ * List definitions.
+ */
+#define LIST_HEAD(name, type)                      \
+    struct name {                                  \
+        struct type *lh_first; /* first element */ \
+    }
+
+#define LIST_ENTRY(type)                                              \
+    struct {                                                          \
+        struct type *le_next;  /* next element */                     \
+        struct type **le_prev; /* address of previous next element */ \
+    }
+
+/*
+ * List functions.
+ */
+#define LIST_INIT(head)          \
+    {                            \
+        (head)->lh_first = NULL; \
+    }
+
+#define LIST_INSERT_AFTER(listelm, elm, field)                         \
+    {                                                                  \
+        if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \
+            (listelm)->field.le_next->field.le_prev =                  \
+                &(elm)->field.le_next;                                 \
+        (listelm)->field.le_next = (elm);                              \
+        (elm)->field.le_prev = &(listelm)->field.le_next;              \
+    }
+
+#define LIST_INSERT_HEAD(head, elm, field)                           \
+    {                                                                \
+        if (((elm)->field.le_next = (head)->lh_first) != NULL)       \
+            (head)->lh_first->field.le_prev = &(elm)->field.le_next; \
+        (head)->lh_first = (elm);                                    \
+        (elm)->field.le_prev = &(head)->lh_first;                    \
+    }
+
+#define LIST_REMOVE(elm, field)                       \
+    {                                                 \
+        if ((elm)->field.le_next != NULL)             \
+            (elm)->field.le_next->field.le_prev =     \
+                (elm)->field.le_prev;                 \
+        *(elm)->field.le_prev = (elm)->field.le_next; \
+    }
+
+/*
+ * Tail queue definitions.
+ */
+#define TAILQ_HEAD(name, type)                                  \
+    struct name {                                               \
+        struct type *tqh_first; /* first element */             \
+        struct type **tqh_last; /* addr of last next element */ \
+    }
+
+#define TAILQ_ENTRY(type)                                              \
+    struct {                                                           \
+        struct type *tqe_next;  /* next element */                     \
+        struct type **tqe_prev; /* address of previous next element */ \
+    }
+
+/*
+ * Tail queue functions.
+ */
+#define TAILQ_INIT(head)                       \
+    {                                          \
+        (head)->tqh_first = NULL;              \
+        (head)->tqh_last = &(head)->tqh_first; \
+    }
+
+#define TAILQ_INSERT_HEAD(head, elm, field)                      \
+    {                                                            \
+        if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \
+            (elm)->field.tqe_next->field.tqe_prev =              \
+                &(elm)->field.tqe_next;                          \
+        else                                                     \
+            (head)->tqh_last = &(elm)->field.tqe_next;           \
+        (head)->tqh_first = (elm);                               \
+        (elm)->field.tqe_prev = &(head)->tqh_first;              \
+    }
+
+#define TAILQ_INSERT_TAIL(head, elm, field)        \
+    {                                              \
+        (elm)->field.tqe_next = NULL;              \
+        (elm)->field.tqe_prev = (head)->tqh_last;  \
+        *(head)->tqh_last = (elm);                 \
+        (head)->tqh_last = &(elm)->field.tqe_next; \
+    }
+
+#define TAILQ_INSERT_AFTER(head, listelm, elm, field)                    \
+    {                                                                    \
+        if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL) \
+            (elm)->field.tqe_next->field.tqe_prev =                      \
+                &(elm)->field.tqe_next;                                  \
+        else                                                             \
+            (head)->tqh_last = &(elm)->field.tqe_next;                   \
+        (listelm)->field.tqe_next = (elm);                               \
+        (elm)->field.tqe_prev = &(listelm)->field.tqe_next;              \
+    }
+
+#define TAILQ_REMOVE(head, elm, field)                  \
+    {                                                   \
+        if (((elm)->field.tqe_next) != NULL)            \
+            (elm)->field.tqe_next->field.tqe_prev =     \
+                (elm)->field.tqe_prev;                  \
+        else                                            \
+            (head)->tqh_last = (elm)->field.tqe_prev;   \
+        *(elm)->field.tqe_prev = (elm)->field.tqe_next; \
+    }
+
+/*
+ * Circular queue definitions.
+ */
+#define CIRCLEQ_HEAD(name, type)                    \
+    struct name {                                   \
+        struct type *cqh_first; /* first element */ \
+        struct type *cqh_last;  /* last element */  \
+    }
+
+#define CIRCLEQ_ENTRY(type)                           \
+    struct {                                          \
+        struct type *cqe_next; /* next element */     \
+        struct type *cqe_prev; /* previous element */ \
+    }
+
+/*
+ * Circular queue functions.
+ */
+#define CIRCLEQ_INIT(head)                  \
+    {                                       \
+        (head)->cqh_first = (void *)(head); \
+        (head)->cqh_last = (void *)(head);  \
+    }
+
+#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field)        \
+    {                                                          \
+        (elm)->field.cqe_next = (listelm)->field.cqe_next;     \
+        (elm)->field.cqe_prev = (listelm);                     \
+        if ((listelm)->field.cqe_next == (void *)(head))       \
+            (head)->cqh_last = (elm);                          \
+        else                                                   \
+            (listelm)->field.cqe_next->field.cqe_prev = (elm); \
+        (listelm)->field.cqe_next = (elm);                     \
+    }
+
+#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field)       \
+    {                                                          \
+        (elm)->field.cqe_next = (listelm);                     \
+        (elm)->field.cqe_prev = (listelm)->field.cqe_prev;     \
+        if ((listelm)->field.cqe_prev == (void *)(head))       \
+            (head)->cqh_first = (elm);                         \
+        else                                                   \
+            (listelm)->field.cqe_prev->field.cqe_next = (elm); \
+        (listelm)->field.cqe_prev = (elm);                     \
+    }
+
+#define CIRCLEQ_INSERT_HEAD(head, elm, field)          \
+    {                                                  \
+        (elm)->field.cqe_next = (head)->cqh_first;     \
+        (elm)->field.cqe_prev = (void *)(head);        \
+        if ((head)->cqh_last == (void *)(head))        \
+            (head)->cqh_last = (elm);                  \
+        else                                           \
+            (head)->cqh_first->field.cqe_prev = (elm); \
+        (head)->cqh_first = (elm);                     \
+    }
+
+#define CIRCLEQ_INSERT_TAIL(head, elm, field)         \
+    {                                                 \
+        (elm)->field.cqe_next = (void *)(head);       \
+        (elm)->field.cqe_prev = (head)->cqh_last;     \
+        if ((head)->cqh_first == (void *)(head))      \
+            (head)->cqh_first = (elm);                \
+        else                                          \
+            (head)->cqh_last->field.cqe_next = (elm); \
+        (head)->cqh_last = (elm);                     \
+    }
+
+#define CIRCLEQ_REMOVE(head, elm, field)               \
+    {                                                  \
+        if ((elm)->field.cqe_next == (void *)(head))   \
+            (head)->cqh_last = (elm)->field.cqe_prev;  \
+        else                                           \
+            (elm)->field.cqe_next->field.cqe_prev =    \
+                (elm)->field.cqe_prev;                 \
+        if ((elm)->field.cqe_prev == (void *)(head))   \
+            (head)->cqh_first = (elm)->field.cqe_next; \
+        else                                           \
+            (elm)->field.cqe_prev->field.cqe_next =    \
+                (elm)->field.cqe_next;                 \
+    }
+#endif /* !_QUEUE_H_ */
diff --git a/nss/lib/dbm/include/search.h b/nss/lib/dbm/include/search.h
new file mode 100644
index 0000000..d6fe0d9
--- /dev/null
+++ b/nss/lib/dbm/include/search.h
@@ -0,0 +1,50 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)search.h    8.1 (Berkeley) 6/4/93
+ */
+
+/* Backward compatibility to hsearch interface. */
+typedef struct entry {
+    char *key;
+    char *data;
+} ENTRY;
+
+typedef enum {
+    FIND,
+    ENTER
+} ACTION;
+
+int hcreate(unsigned int);
+void hdestroy(void);
+ENTRY *hsearch(ENTRY, ACTION);
diff --git a/nss/lib/dbm/include/winfile.h b/nss/lib/dbm/include/winfile.h
new file mode 100644
index 0000000..da93ec7
--- /dev/null
+++ b/nss/lib/dbm/include/winfile.h
@@ -0,0 +1,103 @@
+
+/* ---------------------------------------------------------------------------
+    Stuff to fake unix file I/O on windows boxes
+    ------------------------------------------------------------------------*/
+
+#ifndef WINFILE_H
+#define WINFILE_H
+
+#ifdef _WINDOWS
+/* hacked out of <dirent.h> on an SGI */
+#if defined(XP_WIN32) || defined(_WIN32)
+/* 32-bit stuff here */
+#include <windows.h>
+#include <stdlib.h>
+#ifdef __MINGW32__
+#include <sys/types.h>
+#include <sys/stat.h>
+#else
+#include <sys\types.h>
+#include <sys\stat.h>
+#endif
+
+typedef struct DIR_Struct {
+    void* directoryPtr;
+    WIN32_FIND_DATA data;
+} DIR;
+
+#define _ST_FSTYPSZ 16
+
+#if !defined(__BORLANDC__) && !defined(__GNUC__)
+typedef unsigned long mode_t;
+typedef long uid_t;
+typedef long gid_t;
+typedef long off_t;
+typedef unsigned long nlink_t;
+#endif
+
+typedef struct timestruc {
+    time_t tv_sec; /* seconds */
+    long tv_nsec;  /* and nanoseconds */
+} timestruc_t;
+
+struct dirent {              /* data from readdir() */
+    ino_t d_ino;             /* inode number of entry */
+    off_t d_off;             /* offset of disk direntory entry */
+    unsigned short d_reclen; /* length of this record */
+    char d_name[_MAX_FNAME]; /* name of file */
+};
+
+#if !defined(__BORLANDC__) && !defined(__GNUC__)
+#define S_ISDIR(s) ((s)&_S_IFDIR)
+#endif
+
+#else /* _WIN32 */
+/* 16-bit windows stuff */
+
+#include <sys\types.h>
+#include <sys\stat.h>
+#include <dos.h>
+
+/*	Getting cocky to support multiple file systems */
+typedef struct dirStruct_tag {
+    struct _find_t file_data;
+    char c_checkdrive;
+} dirStruct;
+
+typedef struct DIR_Struct {
+    void* directoryPtr;
+    dirStruct data;
+} DIR;
+
+#define _ST_FSTYPSZ 16
+typedef unsigned long mode_t;
+typedef long uid_t;
+typedef long gid_t;
+typedef long off_t;
+typedef unsigned long nlink_t;
+
+typedef struct timestruc {
+    time_t tv_sec; /* seconds */
+    long tv_nsec;  /* and nanoseconds */
+} timestruc_t;
+
+struct dirent {              /* data from readdir() */
+    ino_t d_ino;             /* inode number of entry */
+    off_t d_off;             /* offset of disk direntory entry */
+    unsigned short d_reclen; /* length of this record */
+#ifdef XP_WIN32
+    char d_name[_MAX_FNAME]; /* name of file */
+#else
+    char d_name[20]; /* name of file */
+#endif
+};
+
+#define S_ISDIR(s) ((s)&_S_IFDIR)
+
+#endif /* 16-bit windows */
+
+#define CONST const
+
+#endif /* _WINDOWS */
+
+#endif /* WINFILE_H */
diff --git a/nss/lib/dbm/manifest.mn b/nss/lib/dbm/manifest.mn
new file mode 100644
index 0000000..7a3bcf4
--- /dev/null
+++ b/nss/lib/dbm/manifest.mn
@@ -0,0 +1,17 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = dbm
+
+IMPORTS = nspr20/v4.4.1
+
+RELEASE = dbm
+
+DIRS =  include \
+        src     \
+	$(NULL)
diff --git a/nss/lib/dbm/src/Makefile b/nss/lib/dbm/src/Makefile
new file mode 100644
index 0000000..8625443
--- /dev/null
+++ b/nss/lib/dbm/src/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+include $(CORE_DEPTH)/lib/dbm/config/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/nss/lib/dbm/src/config.mk b/nss/lib/dbm/src/config.mk
new file mode 100644
index 0000000..eab1805
--- /dev/null
+++ b/nss/lib/dbm/src/config.mk
@@ -0,0 +1,33 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE
+
+#
+#  Currently, override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PURE_LIBRARY   =
+PROGRAM        =
+
+ifdef SHARED_LIBRARY
+	ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+		DLLBASE=/BASE:0x30000000
+		RES=$(OBJDIR)/dbm.res
+		RESNAME=../include/dbm.rc
+	endif
+	ifeq ($(DLL_SUFFIX),dll)
+		DEFINES += -D_DLL
+	endif
+endif
+
+ifeq ($(OS_TARGET),AIX)
+	OS_LIBS += -lc_r
+endif
diff --git a/nss/lib/dbm/src/db.c b/nss/lib/dbm/src/db.c
new file mode 100644
index 0000000..5c35bbd
--- /dev/null
+++ b/nss/lib/dbm/src/db.c
@@ -0,0 +1,134 @@
+/*-
+ * Copyright (c) 1991, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)db.c    8.4 (Berkeley) 2/21/94";
+#endif /* LIBC_SCCS and not lint */
+
+#ifndef __DBINTERFACE_PRIVATE
+#define __DBINTERFACE_PRIVATE
+#endif
+#ifdef macintosh
+#include <unix.h>
+#else
+#include <sys/types.h>
+#endif
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#include "mcom_db.h"
+
+/* a global flag that locks closed all databases */
+int all_databases_locked_closed = 0;
+
+/* set or unset a global lock flag to disable the
+ * opening of any DBM file
+ */
+void
+dbSetOrClearDBLock(DBLockFlagEnum type)
+{
+    if (type == LockOutDatabase)
+        all_databases_locked_closed = 1;
+    else
+        all_databases_locked_closed = 0;
+}
+
+DB *
+dbopen(const char *fname, int flags, int mode, DBTYPE type, const void *openinfo)
+{
+
+    /* lock out all file databases.  Let in-memory databases through
+     */
+    if (all_databases_locked_closed && fname) {
+        errno = EINVAL;
+        return (NULL);
+    }
+
+#define DB_FLAGS (DB_LOCK | DB_SHMEM | DB_TXN)
+
+#if 0 /* most systems don't have EXLOCK and SHLOCK */
+#define USE_OPEN_FLAGS                                     \
+    (O_CREAT | O_EXCL | O_EXLOCK | O_NONBLOCK | O_RDONLY | \
+     O_RDWR | O_SHLOCK | O_TRUNC)
+#else
+#define USE_OPEN_FLAGS             \
+    (O_CREAT | O_EXCL | O_RDONLY | \
+     O_RDWR | O_TRUNC)
+#endif
+
+    if ((flags & ~(USE_OPEN_FLAGS | DB_FLAGS)) == 0)
+        switch (type) {
+/* we don't need btree and recno right now */
+#if 0
+            case DB_BTREE:
+                return (__bt_open(fname, flags & USE_OPEN_FLAGS,
+                    mode, openinfo, flags & DB_FLAGS));
+            case DB_RECNO:
+                return (__rec_open(fname, flags & USE_OPEN_FLAGS,
+                    mode, openinfo, flags & DB_FLAGS));
+#endif
+
+            case DB_HASH:
+                return (__hash_open(fname, flags & USE_OPEN_FLAGS,
+                                    mode, (const HASHINFO *)openinfo, flags & DB_FLAGS));
+            default:
+                break;
+        }
+    errno = EINVAL;
+    return (NULL);
+}
+
+static int
+__dberr()
+{
+    return (RET_ERROR);
+}
+
+/*
+ * __DBPANIC -- Stop.
+ *
+ * Parameters:
+ *  dbp:    pointer to the DB structure.
+ */
+void
+__dbpanic(DB *dbp)
+{
+    /* The only thing that can succeed is a close. */
+    dbp->del = (int (*)(const struct __db *, const DBT *, uint))__dberr;
+    dbp->fd = (int (*)(const struct __db *))__dberr;
+    dbp->get = (int (*)(const struct __db *, const DBT *, DBT *, uint))__dberr;
+    dbp->put = (int (*)(const struct __db *, DBT *, const DBT *, uint))__dberr;
+    dbp->seq = (int (*)(const struct __db *, DBT *, DBT *, uint))__dberr;
+    dbp->sync = (int (*)(const struct __db *, uint))__dberr;
+}
diff --git a/nss/lib/dbm/src/dirent.c b/nss/lib/dbm/src/dirent.c
new file mode 100644
index 0000000..da3e83e
--- /dev/null
+++ b/nss/lib/dbm/src/dirent.c
@@ -0,0 +1,344 @@
+#ifdef OS2
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <dirent.h>
+#include <errno.h>
+
+/*#ifndef __EMX__
+#include <libx.h>
+#endif */
+
+#define INCL_DOSFILEMGR
+#define INCL_DOSERRORS
+#include <os2.h>
+
+#if OS2 >= 2
+#define FFBUF FILEFINDBUF3
+#define Word ULONG
+/*
+   * LS20 recommends a request count of 100, but according to the
+   * APAR text it does not lead to missing files, just to funny
+   * numbers of returned entries.
+   *
+   * LS30 HPFS386 requires a count greater than 2, or some files
+   * are missing (those starting with a character less that '.').
+   *
+   * Novell loses entries which overflow the buffer. In previous
+   * versions of dirent2, this could have lead to missing files
+   * when the average length of 100 directory entries was 40 bytes
+   * or more (quite unlikely for files on a Novell server).
+   *
+   * Conclusion: Make sure that the entries all fit into the buffer
+   * and that the buffer is large enough for more than 2 entries
+   * (each entry is at most 300 bytes long). And ignore the LS20
+   * effect.
+   */
+#define Count 25
+#define BufSz (25 * (sizeof(FILEFINDBUF3) + 1))
+#else
+#define FFBUF FILEFINDBUF
+#define Word USHORT
+#define BufSz 1024
+#define Count 3
+#endif
+
+#if defined(__IBMC__) || defined(__IBMCPP__)
+#define error(rc) _doserrno = rc, errno = EOS2ERR
+#elif defined(MICROSOFT)
+#define error(rc) _doserrno = rc, errno = 255
+#else
+#define error(rc) errno = 255
+#endif
+
+struct _dirdescr {
+    HDIR handle;               /* DosFindFirst handle */
+    char fstype;               /* filesystem type */
+    Word count;                /* valid entries in <ffbuf> */
+    long number;               /* absolute number of next entry */
+    int index;                 /* relative number of next entry */
+    FFBUF *next;               /* pointer to next entry */
+    char name[MAXPATHLEN + 3]; /* directory name */
+    unsigned attrmask;         /* attribute mask for seekdir */
+    struct dirent entry;       /* buffer for directory entry */
+    BYTE ffbuf[BufSz];
+};
+
+/*
+ * Return first char of filesystem type, or 0 if unknown.
+ */
+static char
+getFSType(const char *path)
+{
+    static char cache[1 + 26];
+    char drive[3], info[512];
+    Word unit, infolen;
+    char r;
+
+    if (isalpha(path[0]) && path[1] == ':') {
+        unit = toupper(path[0]) - '@';
+        path += 2;
+    } else {
+        ULONG driveMap;
+#if OS2 >= 2
+        if (DosQueryCurrentDisk(&unit, &driveMap))
+#else
+        if (DosQCurDisk(&unit, &driveMap))
+#endif
+            return 0;
+    }
+
+    if ((path[0] == '\\' || path[0] == '/') &&
+        (path[1] == '\\' || path[1] == '/'))
+        return 0;
+
+    if (cache[unit])
+        return cache[unit];
+
+    drive[0] = '@' + unit;
+    drive[1] = ':';
+    drive[2] = '\0';
+    infolen = sizeof info;
+#if OS2 >= 2
+    if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen))
+        return 0;
+    if (infolen >= sizeof(FSQBUFFER2)) {
+        FSQBUFFER2 *p = (FSQBUFFER2 *)info;
+        r = p->szFSDName[p->cbName];
+    } else
+#else
+    if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0))
+        return 0;
+    if (infolen >= 9) {
+        char *p = info + sizeof(USHORT);
+        p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT);
+        r = *p;
+    } else
+#endif
+        r = 0;
+    return cache[unit] = r;
+}
+
+char *
+abs_path(const char *name, char *buffer, int len)
+{
+    char buf[4];
+    if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') {
+        buf[0] = name[0];
+        buf[1] = name[1];
+        buf[2] = '.';
+        buf[3] = '\0';
+        name = buf;
+    }
+#if OS2 >= 2
+    if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len))
+#else
+    if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L))
+#endif
+        return NULL;
+    return buffer;
+}
+
+DIR *
+openxdir(const char *path, unsigned att_mask)
+{
+    DIR *dir;
+    char name[MAXPATHLEN + 3];
+    Word rc;
+
+    dir = malloc(sizeof(DIR));
+    if (dir == NULL) {
+        errno = ENOMEM;
+        return NULL;
+    }
+
+    strncpy(name, path, MAXPATHLEN);
+    name[MAXPATHLEN] = '\0';
+    switch (name[strlen(name) - 1]) {
+        default:
+            strcat(name, "\\");
+        case '\\':
+        case '/':
+        case ':':;
+    }
+    strcat(name, ".");
+    if (!abs_path(name, dir->name, MAXPATHLEN + 1))
+        strcpy(dir->name, name);
+    if (dir->name[strlen(dir->name) - 1] == '\\')
+        strcat(dir->name, "*");
+    else
+        strcat(dir->name, "\\*");
+
+    dir->fstype = getFSType(dir->name);
+    dir->attrmask = att_mask | A_DIR;
+
+    dir->handle = HDIR_CREATE;
+    dir->count = 100;
+#if OS2 >= 2
+    rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask,
+                      dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
+#else
+    rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask,
+                      (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
+#endif
+    switch (rc) {
+        default:
+            free(dir);
+            error(rc);
+            return NULL;
+        case NO_ERROR:
+        case ERROR_NO_MORE_FILES:;
+    }
+
+    dir->number = 0;
+    dir->index = 0;
+    dir->next = (FFBUF *)dir->ffbuf;
+
+    return (DIR *)dir;
+}
+
+DIR *
+opendir(const char *pathname)
+{
+    return openxdir(pathname, 0);
+}
+
+struct dirent *
+readdir(DIR *dir)
+{
+    static int dummy_ino = 2;
+
+    if (dir->index == dir->count) {
+        Word rc;
+        dir->count = 100;
+#if OS2 >= 2
+        rc = DosFindNext(dir->handle, dir->ffbuf,
+                         sizeof dir->ffbuf, &dir->count);
+#else
+        rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf,
+                         sizeof dir->ffbuf, &dir->count);
+#endif
+        if (rc) {
+            error(rc);
+            return NULL;
+        }
+
+        dir->index = 0;
+        dir->next = (FFBUF *)dir->ffbuf;
+    }
+
+    if (dir->index == dir->count)
+        return NULL;
+
+    memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName);
+    dir->entry.d_name[dir->next->cchName] = '\0';
+    dir->entry.d_ino = dummy_ino++;
+    dir->entry.d_reclen = dir->next->cchName;
+    dir->entry.d_namlen = dir->next->cchName;
+    dir->entry.d_size = dir->next->cbFile;
+    dir->entry.d_attribute = dir->next->attrFile;
+    dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite;
+    dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite;
+
+    switch (dir->fstype) {
+        case 'F': /* FAT */
+        case 'C': /* CDFS */
+            if (dir->next->attrFile & FILE_DIRECTORY)
+                strupr(dir->entry.d_name);
+            else
+                strlwr(dir->entry.d_name);
+    }
+
+#if OS2 >= 2
+    dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset);
+#else
+    dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1);
+#endif
+    ++dir->number;
+    ++dir->index;
+
+    return &dir->entry;
+}
+
+long
+telldir(DIR *dir)
+{
+    return dir->number;
+}
+
+void
+seekdir(DIR *dir, long off)
+{
+    if (dir->number > off) {
+        char name[MAXPATHLEN + 2];
+        Word rc;
+
+        DosFindClose(dir->handle);
+
+        strcpy(name, dir->name);
+        strcat(name, "*");
+
+        dir->handle = HDIR_CREATE;
+        dir->count = 32767;
+#if OS2 >= 2
+        rc = DosFindFirst(name, &dir->handle, dir->attrmask,
+                          dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD);
+#else
+        rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask,
+                          (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0);
+#endif
+        switch (rc) {
+            default:
+                error(rc);
+                return;
+            case NO_ERROR:
+            case ERROR_NO_MORE_FILES:;
+        }
+
+        dir->number = 0;
+        dir->index = 0;
+        dir->next = (FFBUF *)dir->ffbuf;
+    }
+
+    while (dir->number < off && readdir(dir))
+        ;
+}
+
+void
+closedir(DIR *dir)
+{
+    DosFindClose(dir->handle);
+    free(dir);
+}
+
+/*****************************************************************************/
+
+#ifdef TEST
+
+main(int argc, char **argv)
+{
+    int i;
+    DIR *dir;
+    struct dirent *ep;
+
+    for (i = 1; i < argc; ++i) {
+        dir = opendir(argv[i]);
+        if (!dir)
+            continue;
+        while (ep = readdir(dir))
+            if (strchr("\\/:", argv[i][strlen(argv[i]) - 1]))
+                printf("%s%s\n", argv[i], ep->d_name);
+            else
+                printf("%s/%s\n", argv[i], ep->d_name);
+        closedir(dir);
+    }
+
+    return 0;
+}
+
+#endif
+
+#endif /* OS2 */
diff --git a/nss/lib/dbm/src/dirent.h b/nss/lib/dbm/src/dirent.h
new file mode 100644
index 0000000..0b4ae5d
--- /dev/null
+++ b/nss/lib/dbm/src/dirent.h
@@ -0,0 +1,97 @@
+#ifndef __DIRENT_H__
+#define __DIRENT_H__
+/*
+ * @(#)msd_dir.h 1.4 87/11/06   Public Domain.
+ *
+ *  A public domain implementation of BSD directory routines for
+ *  MS-DOS.  Written by Michael Rendell ({uunet,utai}michael@garfield),
+ *  August 1897
+ *
+ *  Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks
+ *  and returns 2 more pieces of information - file size & attribute.
+ *  Plus a little reshuffling of some #define's positions    December 1987
+ *
+ *  Some modifications by Martin Junius                      02-14-89
+ *
+ *  AK900712
+ *  AK910410    abs_path - make absolute path
+ *
+ */
+
+#ifdef __EMX__
+#include <sys/param.h>
+#else
+#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC)
+#include <stdio.h>
+#ifdef MAXPATHLEN
+#undef MAXPATHLEN
+#endif
+#define MAXPATHLEN (FILENAME_MAX * 4)
+#define MAXNAMLEN FILENAME_MAX
+
+#else
+#include <param.h>
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* attribute stuff */
+#ifndef A_RONLY
+#define A_RONLY 0x01
+#define A_HIDDEN 0x02
+#define A_SYSTEM 0x04
+#define A_LABEL 0x08
+#define A_DIR 0x10
+#define A_ARCHIVE 0x20
+#endif
+
+struct dirent {
+#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */
+    int d_ino;                     /* Dummy */
+    int d_reclen;                  /* Dummy, same as d_namlen */
+    int d_namlen;                  /* length of name */
+    char d_name[MAXNAMLEN + 1];
+    unsigned long d_size;
+    unsigned short d_attribute; /* attributes (see above) */
+    unsigned short d_time;      /* modification time */
+    unsigned short d_date;      /* modification date */
+#else
+    char d_name[MAXNAMLEN + 1]; /* garentee null termination */
+    char d_attribute;           /* .. extension .. */
+    unsigned long d_size; /* .. extension .. */
+#endif
+};
+
+typedef struct _dirdescr DIR;
+/* the structs do not have to be defined here */
+
+extern DIR *opendir(const char *);
+extern DIR *openxdir(const char *, unsigned);
+extern struct dirent *readdir(DIR *);
+extern void seekdir(DIR *, long);
+extern long telldir(DIR *);
+extern void closedir(DIR *);
+#define rewinddir(dirp) seekdir(dirp, 0L)
+
+extern char *abs_path(const char *name, char *buffer, int len);
+
+#ifndef S_IFMT
+#define S_IFMT (S_IFDIR | S_IFREG)
+#endif
+
+#ifndef S_ISDIR
+#define S_ISDIR(m) (((m)&S_IFMT) == S_IFDIR)
+#endif
+
+#ifndef S_ISREG
+#define S_ISREG(m) (((m)&S_IFMT) == S_IFREG)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/nss/lib/dbm/src/h_bigkey.c b/nss/lib/dbm/src/h_bigkey.c
new file mode 100644
index 0000000..6edfe7f
--- /dev/null
+++ b/nss/lib/dbm/src/h_bigkey.c
@@ -0,0 +1,707 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_bigkey.c   8.3 (Berkeley) 5/31/94";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * PACKAGE: hash
+ * DESCRIPTION:
+ *  Big key/data handling for the hashing package.
+ *
+ * ROUTINES:
+ * External
+ *  __big_keydata
+ *  __big_split
+ *  __big_insert
+ *  __big_return
+ *  __big_delete
+ *  __find_last_page
+ * Internal
+ *  collect_key
+ *  collect_data
+ */
+
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+#include <sys/param.h>
+#endif
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef DEBUG
+#include <assert.h>
+#endif
+
+#include "mcom_db.h"
+#include "hash.h"
+#include "page.h"
+/* #include "extern.h" */
+
+static int collect_key(HTAB *, BUFHEAD *, int, DBT *, int);
+static int collect_data(HTAB *, BUFHEAD *, int, int);
+
+/*
+ * Big_insert
+ *
+ * You need to do an insert and the key/data pair is too big
+ *
+ * Returns:
+ * 0 ==> OK
+ *-1 ==> ERROR
+ */
+extern int
+__big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
+{
+    register uint16 *p;
+    uint key_size, n, val_size;
+    uint16 space, move_bytes, off;
+    char *cp, *key_data, *val_data;
+
+    cp = bufp->page; /* Character pointer of p. */
+    p = (uint16 *)cp;
+
+    key_data = (char *)key->data;
+    key_size = key->size;
+    val_data = (char *)val->data;
+    val_size = val->size;
+
+    /* First move the Key */
+    for (space = FREESPACE(p) - BIGOVERHEAD; key_size;
+         space = FREESPACE(p) - BIGOVERHEAD) {
+        move_bytes = PR_MIN(space, key_size);
+        off = OFFSET(p) - move_bytes;
+        memmove(cp + off, key_data, move_bytes);
+        key_size -= move_bytes;
+        key_data += move_bytes;
+        n = p[0];
+        p[++n] = off;
+        p[0] = ++n;
+        FREESPACE(p) = off - PAGE_META(n);
+        OFFSET(p) = off;
+        p[n] = PARTIAL_KEY;
+        bufp = __add_ovflpage(hashp, bufp);
+        if (!bufp)
+            return (-1);
+        n = p[0];
+        if (!key_size) {
+            if (FREESPACE(p)) {
+                move_bytes = PR_MIN(FREESPACE(p), val_size);
+                off = OFFSET(p) - move_bytes;
+                p[n] = off;
+                memmove(cp + off, val_data, move_bytes);
+                val_data += move_bytes;
+                val_size -= move_bytes;
+                p[n - 2] = FULL_KEY_DATA;
+                FREESPACE(p) = FREESPACE(p) - move_bytes;
+                OFFSET(p) = off;
+            } else
+                p[n - 2] = FULL_KEY;
+        }
+        p = (uint16 *)bufp->page;
+        cp = bufp->page;
+        bufp->flags |= BUF_MOD;
+    }
+
+    /* Now move the data */
+    for (space = FREESPACE(p) - BIGOVERHEAD; val_size;
+         space = FREESPACE(p) - BIGOVERHEAD) {
+        move_bytes = PR_MIN(space, val_size);
+        /*
+         * Here's the hack to make sure that if the data ends on the
+         * same page as the key ends, FREESPACE is at least one.
+         */
+        if (space == val_size && val_size == val->size)
+            move_bytes--;
+        off = OFFSET(p) - move_bytes;
+        memmove(cp + off, val_data, move_bytes);
+        val_size -= move_bytes;
+        val_data += move_bytes;
+        n = p[0];
+        p[++n] = off;
+        p[0] = ++n;
+        FREESPACE(p) = off - PAGE_META(n);
+        OFFSET(p) = off;
+        if (val_size) {
+            p[n] = FULL_KEY;
+            bufp = __add_ovflpage(hashp, bufp);
+            if (!bufp)
+                return (-1);
+            cp = bufp->page;
+            p = (uint16 *)cp;
+        } else
+            p[n] = FULL_KEY_DATA;
+        bufp->flags |= BUF_MOD;
+    }
+    return (0);
+}
+
+/*
+ * Called when bufp's page  contains a partial key (index should be 1)
+ *
+ * All pages in the big key/data pair except bufp are freed.  We cannot
+ * free bufp because the page pointing to it is lost and we can't get rid
+ * of its pointer.
+ *
+ * Returns:
+ * 0 => OK
+ *-1 => ERROR
+ */
+extern int
+__big_delete(HTAB *hashp, BUFHEAD *bufp)
+{
+    register BUFHEAD *last_bfp, *rbufp;
+    uint16 *bp, pageno;
+    int key_done, n;
+
+    rbufp = bufp;
+    last_bfp = NULL;
+    bp = (uint16 *)bufp->page;
+    pageno = 0;
+    key_done = 0;
+
+    while (!key_done || (bp[2] != FULL_KEY_DATA)) {
+        if (bp[2] == FULL_KEY || bp[2] == FULL_KEY_DATA)
+            key_done = 1;
+
+        /*
+         * If there is freespace left on a FULL_KEY_DATA page, then
+         * the data is short and fits entirely on this page, and this
+         * is the last page.
+         */
+        if (bp[2] == FULL_KEY_DATA && FREESPACE(bp))
+            break;
+        pageno = bp[bp[0] - 1];
+        rbufp->flags |= BUF_MOD;
+        rbufp = __get_buf(hashp, pageno, rbufp, 0);
+        if (last_bfp)
+            __free_ovflpage(hashp, last_bfp);
+        last_bfp = rbufp;
+        if (!rbufp)
+            return (-1); /* Error. */
+        bp = (uint16 *)rbufp->page;
+    }
+
+    /*
+     * If we get here then rbufp points to the last page of the big
+     * key/data pair.  Bufp points to the first one -- it should now be
+     * empty pointing to the next page after this pair.  Can't free it
+     * because we don't have the page pointing to it.
+     */
+
+    /* This is information from the last page of the pair. */
+    n = bp[0];
+    pageno = bp[n - 1];
+
+    /* Now, bp is the first page of the pair. */
+    bp = (uint16 *)bufp->page;
+    if (n > 2) {
+        /* There is an overflow page. */
+        bp[1] = pageno;
+        bp[2] = OVFLPAGE;
+        bufp->ovfl = rbufp->ovfl;
+    } else
+        /* This is the last page. */
+        bufp->ovfl = NULL;
+    n -= 2;
+    bp[0] = n;
+    FREESPACE(bp) = hashp->BSIZE - PAGE_META(n);
+    OFFSET(bp) = hashp->BSIZE - 1;
+
+    bufp->flags |= BUF_MOD;
+    if (rbufp)
+        __free_ovflpage(hashp, rbufp);
+    if (last_bfp != rbufp)
+        __free_ovflpage(hashp, last_bfp);
+
+    hashp->NKEYS--;
+    return (0);
+}
+/*
+ * Returns:
+ *  0 = key not found
+ * -1 = get next overflow page
+ * -2 means key not found and this is big key/data
+ * -3 error
+ */
+extern int
+__find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size)
+{
+    register uint16 *bp;
+    register char *p;
+    int ksize;
+    uint16 bytes;
+    char *kkey;
+
+    bp = (uint16 *)bufp->page;
+    p = bufp->page;
+    ksize = size;
+    kkey = key;
+
+    for (bytes = hashp->BSIZE - bp[ndx];
+         bytes <= size && bp[ndx + 1] == PARTIAL_KEY;
+         bytes = hashp->BSIZE - bp[ndx]) {
+        if (memcmp(p + bp[ndx], kkey, bytes))
+            return (-2);
+        kkey += bytes;
+        ksize -= bytes;
+        bufp = __get_buf(hashp, bp[ndx + 2], bufp, 0);
+        if (!bufp)
+            return (-3);
+        p = bufp->page;
+        bp = (uint16 *)p;
+        ndx = 1;
+    }
+
+    if (bytes != ksize || memcmp(p + bp[ndx], kkey, bytes)) {
+#ifdef HASH_STATISTICS
+        ++hash_collisions;
+#endif
+        return (-2);
+    } else
+        return (ndx);
+}
+
+/*
+ * Given the buffer pointer of the first overflow page of a big pair,
+ * find the end of the big pair
+ *
+ * This will set bpp to the buffer header of the last page of the big pair.
+ * It will return the pageno of the overflow page following the last page
+ * of the pair; 0 if there isn't any (i.e. big pair is the last key in the
+ * bucket)
+ */
+extern uint16
+__find_last_page(HTAB *hashp, BUFHEAD **bpp)
+{
+    BUFHEAD *bufp;
+    uint16 *bp, pageno;
+    uint n;
+
+    bufp = *bpp;
+    bp = (uint16 *)bufp->page;
+    for (;;) {
+        n = bp[0];
+
+        /*
+         * This is the last page if: the tag is FULL_KEY_DATA and
+         * either only 2 entries OVFLPAGE marker is explicit there
+         * is freespace on the page.
+         */
+        if (bp[2] == FULL_KEY_DATA &&
+            ((n == 2) || (bp[n] == OVFLPAGE) || (FREESPACE(bp))))
+            break;
+
+        /* LJM bound the size of n to reasonable limits
+         */
+        if (n > hashp->BSIZE / sizeof(uint16))
+            return (0);
+
+        pageno = bp[n - 1];
+        bufp = __get_buf(hashp, pageno, bufp, 0);
+        if (!bufp)
+            return (0); /* Need to indicate an error! */
+        bp = (uint16 *)bufp->page;
+    }
+
+    *bpp = bufp;
+    if (bp[0] > 2)
+        return (bp[3]);
+    else
+        return (0);
+}
+
+/*
+ * Return the data for the key/data pair that begins on this page at this
+ * index (index should always be 1).
+ */
+extern int
+__big_return(
+    HTAB *hashp,
+    BUFHEAD *bufp,
+    int ndx,
+    DBT *val,
+    int set_current)
+{
+    BUFHEAD *save_p;
+    uint16 *bp, len, off, save_addr;
+    char *tp;
+    int save_flags;
+
+    bp = (uint16 *)bufp->page;
+    while (bp[ndx + 1] == PARTIAL_KEY) {
+        bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+        if (!bufp)
+            return (-1);
+        bp = (uint16 *)bufp->page;
+        ndx = 1;
+    }
+
+    if (bp[ndx + 1] == FULL_KEY) {
+        bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+        if (!bufp)
+            return (-1);
+        bp = (uint16 *)bufp->page;
+        save_p = bufp;
+        save_addr = save_p->addr;
+        off = bp[1];
+        len = 0;
+    } else if (!FREESPACE(bp)) {
+        /*
+             * This is a hack.  We can't distinguish between
+             * FULL_KEY_DATA that contains complete data or
+             * incomplete data, so we require that if the data
+             * is complete, there is at least 1 byte of free
+             * space left.
+             */
+        off = bp[bp[0]];
+        len = bp[1] - off;
+        save_p = bufp;
+        save_addr = bufp->addr;
+        bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+        if (!bufp)
+            return (-1);
+        bp = (uint16 *)bufp->page;
+    } else {
+        /* The data is all on one page. */
+        tp = (char *)bp;
+        off = bp[bp[0]];
+        val->data = (uint8 *)tp + off;
+        val->size = bp[1] - off;
+        if (set_current) {
+            if (bp[0] == 2) { /* No more buckets in
+                             * chain */
+                hashp->cpage = NULL;
+                hashp->cbucket++;
+                hashp->cndx = 1;
+            } else {
+                hashp->cpage = __get_buf(hashp,
+                                         bp[bp[0] - 1], bufp, 0);
+                if (!hashp->cpage)
+                    return (-1);
+                hashp->cndx = 1;
+                if (!((uint16 *)
+                          hashp->cpage->page)[0]) {
+                    hashp->cbucket++;
+                    hashp->cpage = NULL;
+                }
+            }
+        }
+        return (0);
+    }
+
+    /* pin our saved buf so that we don't lose if
+     * we run out of buffers */
+    save_flags = save_p->flags;
+    save_p->flags |= BUF_PIN;
+    val->size = collect_data(hashp, bufp, (int)len, set_current);
+    save_p->flags = save_flags;
+    if (val->size == (size_t)-1)
+        return (-1);
+    if (save_p->addr != save_addr) {
+        /* We are pretty short on buffers. */
+        errno = EINVAL; /* OUT OF BUFFERS */
+        return (-1);
+    }
+    memmove(hashp->tmp_buf, (save_p->page) + off, len);
+    val->data = (uint8 *)hashp->tmp_buf;
+    return (0);
+}
+
+/*
+ * Count how big the total datasize is by looping through the pages.  Then
+ * allocate a buffer and copy the data in the second loop. NOTE: Our caller
+ * may already have a bp which it is holding onto. The caller is
+ * responsible for copying that bp into our temp buffer. 'len' is how much
+ * space to reserve for that buffer.
+ */
+static int
+collect_data(
+    HTAB *hashp,
+    BUFHEAD *bufp,
+    int len, int set)
+{
+    register uint16 *bp;
+    BUFHEAD *save_bufp;
+    int save_flags;
+    int mylen, totlen;
+
+    /*
+     * save the input buf head because we need to walk the list twice.
+     * pin it to make sure it doesn't leave the buffer pool.
+     * This has the effect of growing the buffer pool if necessary.
+     */
+    save_bufp = bufp;
+    save_flags = save_bufp->flags;
+    save_bufp->flags |= BUF_PIN;
+
+    /* read the length of the buffer */
+    for (totlen = len; bufp; bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0)) {
+        bp = (uint16 *)bufp->page;
+        mylen = hashp->BSIZE - bp[1];
+
+        /* if mylen ever goes negative it means that the
+         * page is screwed up.
+         */
+        if (mylen < 0) {
+            save_bufp->flags = save_flags;
+            return (-1);
+        }
+        totlen += mylen;
+        if (bp[2] == FULL_KEY_DATA) { /* End of Data */
+            break;
+        }
+    }
+
+    if (!bufp) {
+        save_bufp->flags = save_flags;
+        return (-1);
+    }
+
+    /* allocate a temp buf */
+    if (hashp->tmp_buf)
+        free(hashp->tmp_buf);
+    if ((hashp->tmp_buf = (char *)malloc((size_t)totlen)) == NULL) {
+        save_bufp->flags = save_flags;
+        return (-1);
+    }
+
+    /* copy the buffers back into temp buf */
+    for (bufp = save_bufp; bufp;
+         bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0)) {
+        bp = (uint16 *)bufp->page;
+        mylen = hashp->BSIZE - bp[1];
+        memmove(&hashp->tmp_buf[len], (bufp->page) + bp[1], (size_t)mylen);
+        len += mylen;
+        if (bp[2] == FULL_KEY_DATA) {
+            break;
+        }
+    }
+
+    /* 'clear' the pin flags */
+    save_bufp->flags = save_flags;
+
+    /* update the database cursor */
+    if (set) {
+        hashp->cndx = 1;
+        if (bp[0] == 2) { /* No more buckets in chain */
+            hashp->cpage = NULL;
+            hashp->cbucket++;
+        } else {
+            hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+            if (!hashp->cpage)
+                return (-1);
+            else if (!((uint16 *)hashp->cpage->page)[0]) {
+                hashp->cbucket++;
+                hashp->cpage = NULL;
+            }
+        }
+    }
+    return (totlen);
+}
+
+/*
+ * Fill in the key and data for this big pair.
+ */
+extern int
+__big_keydata(
+    HTAB *hashp,
+    BUFHEAD *bufp,
+    DBT *key, DBT *val,
+    int set)
+{
+    key->size = collect_key(hashp, bufp, 0, val, set);
+    if (key->size == (size_t)-1)
+        return (-1);
+    key->data = (uint8 *)hashp->tmp_key;
+    return (0);
+}
+
+/*
+ * Count how big the total key size is by recursing through the pages.  Then
+ * collect the data, allocate a buffer and copy the key as you recurse up.
+ */
+static int
+collect_key(
+    HTAB *hashp,
+    BUFHEAD *bufp,
+    int len,
+    DBT *val,
+    int set)
+{
+    BUFHEAD *xbp;
+    char *p;
+    int mylen, totlen;
+    uint16 *bp, save_addr;
+
+    p = bufp->page;
+    bp = (uint16 *)p;
+    mylen = hashp->BSIZE - bp[1];
+
+    save_addr = bufp->addr;
+    totlen = len + mylen;
+    if (bp[2] == FULL_KEY || bp[2] == FULL_KEY_DATA) { /* End of Key. */
+        if (hashp->tmp_key != NULL)
+            free(hashp->tmp_key);
+        if ((hashp->tmp_key = (char *)malloc((size_t)totlen)) == NULL)
+            return (-1);
+        if (__big_return(hashp, bufp, 1, val, set))
+            return (-1);
+    } else {
+        xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+        if (!xbp || ((totlen =
+                          collect_key(hashp, xbp, totlen, val, set)) < 1))
+            return (-1);
+    }
+    if (bufp->addr != save_addr) {
+        errno = EINVAL; /* MIS -- OUT OF BUFFERS */
+        return (-1);
+    }
+    memmove(&hashp->tmp_key[len], (bufp->page) + bp[1], (size_t)mylen);
+    return (totlen);
+}
+
+/*
+ * Returns:
+ *  0 => OK
+ * -1 => error
+ */
+extern int
+__big_split(
+    HTAB *hashp,
+    BUFHEAD *op, /* Pointer to where to put keys that go in old bucket */
+    BUFHEAD *np, /* Pointer to new bucket page */
+                 /* Pointer to first page containing the big key/data */
+    BUFHEAD *big_keyp,
+    uint32 addr,    /* Address of big_keyp */
+    uint32 obucket, /* Old Bucket */
+    SPLIT_RETURN *ret)
+{
+    register BUFHEAD *tmpp;
+    register uint16 *tp;
+    BUFHEAD *bp;
+    DBT key, val;
+    uint32 change;
+    uint16 free_space, n, off;
+
+    bp = big_keyp;
+
+    /* Now figure out where the big key/data goes */
+    if (__big_keydata(hashp, big_keyp, &key, &val, 0))
+        return (-1);
+    change = (__call_hash(hashp, (char *)key.data, key.size) != obucket);
+
+    if ((ret->next_addr = __find_last_page(hashp, &big_keyp))) {
+        if (!(ret->nextp =
+                  __get_buf(hashp, ret->next_addr, big_keyp, 0)))
+            return (-1);
+        ;
+    } else
+        ret->nextp = NULL;
+
+/* Now make one of np/op point to the big key/data pair */
+#ifdef DEBUG
+    assert(np->ovfl == NULL);
+#endif
+    if (change)
+        tmpp = np;
+    else
+        tmpp = op;
+
+    tmpp->flags |= BUF_MOD;
+#ifdef DEBUG1
+    (void)fprintf(stderr,
+                  "BIG_SPLIT: %d->ovfl was %d is now %d\n", tmpp->addr,
+                  (tmpp->ovfl ? tmpp->ovfl->addr : 0), (bp ? bp->addr : 0));
+#endif
+    tmpp->ovfl = bp; /* one of op/np point to big_keyp */
+    tp = (uint16 *)tmpp->page;
+
+#if 0 /* this get's tripped on database corrupted error */
+    assert(FREESPACE(tp) >= OVFLSIZE);
+#endif
+    if (FREESPACE(tp) < OVFLSIZE)
+        return (DATABASE_CORRUPTED_ERROR);
+
+    n = tp[0];
+    off = OFFSET(tp);
+    free_space = FREESPACE(tp);
+    tp[++n] = (uint16)addr;
+    tp[++n] = OVFLPAGE;
+    tp[0] = n;
+    OFFSET(tp) = off;
+    FREESPACE(tp) = free_space - OVFLSIZE;
+
+    /*
+     * Finally, set the new and old return values. BIG_KEYP contains a
+     * pointer to the last page of the big key_data pair. Make sure that
+     * big_keyp has no following page (2 elements) or create an empty
+     * following page.
+     */
+
+    ret->newp = np;
+    ret->oldp = op;
+
+    tp = (uint16 *)big_keyp->page;
+    big_keyp->flags |= BUF_MOD;
+    if (tp[0] > 2) {
+        /*
+         * There may be either one or two offsets on this page.  If
+         * there is one, then the overflow page is linked on normally
+         * and tp[4] is OVFLPAGE.  If there are two, tp[4] contains
+         * the second offset and needs to get stuffed in after the
+         * next overflow page is added.
+         */
+        n = tp[4];
+        free_space = FREESPACE(tp);
+        off = OFFSET(tp);
+        tp[0] -= 2;
+        FREESPACE(tp) = free_space + OVFLSIZE;
+        OFFSET(tp) = off;
+        tmpp = __add_ovflpage(hashp, big_keyp);
+        if (!tmpp)
+            return (-1);
+        tp[4] = n;
+    } else
+        tmpp = big_keyp;
+
+    if (change)
+        ret->newp = tmpp;
+    else
+        ret->oldp = tmpp;
+    return (0);
+}
diff --git a/nss/lib/dbm/src/h_func.c b/nss/lib/dbm/src/h_func.c
new file mode 100644
index 0000000..0d8734e
--- /dev/null
+++ b/nss/lib/dbm/src/h_func.c
@@ -0,0 +1,207 @@
+/*-
+ * Copyright (c) 1990, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_func.c 8.2 (Berkeley) 2/21/94";
+#endif /* LIBC_SCCS and not lint */
+
+#ifndef macintosh
+#include <sys/types.h>
+#endif
+#include "mcom_db.h"
+#include "hash.h"
+#include "page.h"
+/* #include "extern.h" */
+
+#if 0
+static uint32 hash1(const void *, size_t);
+static uint32 hash2(const void *, size_t);
+static uint32 hash3(const void *, size_t);
+#endif
+static uint32 hash4(const void *, size_t);
+
+/* Global default hash function */
+uint32 (*__default_hash)(const void *, size_t) = hash4;
+
+/*
+ * HASH FUNCTIONS
+ *
+ * Assume that we've already split the bucket to which this key hashes,
+ * calculate that bucket, and check that in fact we did already split it.
+ *
+ * This came from ejb's hsearch.
+ */
+
+#define PRIME1 37
+#define PRIME2 1048583
+
+#if 0
+static uint32
+hash1(const void *keyarg, register size_t len)
+{
+    register const uint8 *key;
+    register uint32 h;
+
+    /* Convert string to integer */
+    for (key = (const uint8 *)keyarg, h = 0; len--;)
+        h = h * PRIME1 ^ (*key++ - ' ');
+    h %= PRIME2;
+    return (h);
+}
+
+/*
+ * Phong's linear congruential hash
+ */
+#define dcharhash(h, c) ((h) = 0x63c63cd9 * (h) + 0x9c39c33d + (c))
+
+static uint32
+hash2(const void *keyarg, size_t len)
+{
+    register const uint8 *e, *key;
+    register uint32 h;
+    register uint8 c;
+
+    key = (const uint8 *)keyarg;
+    e = key + len;
+    for (h = 0; key != e;) {
+        c = *key++;
+        if (!c && key > e)
+            break;
+        dcharhash(h, c);
+    }
+    return (h);
+}
+
+/*
+ * This is INCREDIBLY ugly, but fast.  We break the string up into 8 byte
+ * units.  On the first time through the loop we get the "leftover bytes"
+ * (strlen % 8).  On every other iteration, we perform 8 HASHC's so we handle
+ * all 8 bytes.  Essentially, this saves us 7 cmp & branch instructions.  If
+ * this routine is heavily used enough, it's worth the ugly coding.
+ *
+ * OZ's original sdbm hash
+ */
+static uint32
+hash3(const void *keyarg, register size_t len)
+{
+    register const uint8 *key;
+    register size_t loop;
+    register uint32 h;
+
+#define HASHC h = *key++ + 65599 * h
+
+    h = 0;
+    key = (const uint8 *)keyarg;
+    if (len > 0) {
+        loop = (len + 8 - 1) >> 3;
+
+        switch (len & (8 - 1)) {
+        case 0:
+            do {
+                HASHC;
+                /* FALLTHROUGH */
+        case 7:
+                HASHC;
+                /* FALLTHROUGH */
+        case 6:
+                HASHC;
+                /* FALLTHROUGH */
+        case 5:
+                HASHC;
+                /* FALLTHROUGH */
+        case 4:
+                HASHC;
+                /* FALLTHROUGH */
+        case 3:
+                HASHC;
+                /* FALLTHROUGH */
+        case 2:
+                HASHC;
+                /* FALLTHROUGH */
+        case 1:
+                HASHC;
+            } while (--loop);
+        }
+    }
+    return (h);
+}
+#endif /* 0 */
+
+/* Hash function from Chris Torek. */
+static uint32
+hash4(const void *keyarg, register size_t len)
+{
+    register const uint8 *key;
+    register size_t loop;
+    register uint32 h;
+
+#define HASH4a h = (h << 5) - h + *key++;
+#define HASH4b h = (h << 5) + h + *key++;
+#define HASH4 HASH4b
+
+    h = 0;
+    key = (const uint8 *)keyarg;
+    if (len > 0) {
+        loop = (len + 8 - 1) >> 3;
+
+        switch (len & (8 - 1)) {
+            case 0:
+                do {
+                    HASH4;
+                    /* FALLTHROUGH */
+                    case 7:
+                        HASH4;
+                    /* FALLTHROUGH */
+                    case 6:
+                        HASH4;
+                    /* FALLTHROUGH */
+                    case 5:
+                        HASH4;
+                    /* FALLTHROUGH */
+                    case 4:
+                        HASH4;
+                    /* FALLTHROUGH */
+                    case 3:
+                        HASH4;
+                    /* FALLTHROUGH */
+                    case 2:
+                        HASH4;
+                    /* FALLTHROUGH */
+                    case 1:
+                        HASH4;
+                } while (--loop);
+        }
+    }
+    return (h);
+}
diff --git a/nss/lib/dbm/src/h_log2.c b/nss/lib/dbm/src/h_log2.c
new file mode 100644
index 0000000..a42b51a
--- /dev/null
+++ b/nss/lib/dbm/src/h_log2.c
@@ -0,0 +1,54 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_log2.c 8.2 (Berkeley) 5/31/94";
+#endif /* LIBC_SCCS and not lint */
+
+#include <stdio.h>
+#ifndef macintosh
+#include <sys/types.h>
+#endif
+#include "mcom_db.h"
+
+uint32
+__log2(uint32 num)
+{
+    register uint32 i, limit;
+
+    limit = 1;
+    for (i = 0; limit < num; limit = limit << 1, i++) {
+    }
+    return (i);
+}
diff --git a/nss/lib/dbm/src/h_page.c b/nss/lib/dbm/src/h_page.c
new file mode 100644
index 0000000..bf1252a
--- /dev/null
+++ b/nss/lib/dbm/src/h_page.c
@@ -0,0 +1,1252 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(unix)
+#define MY_LSEEK lseek
+#else
+#define MY_LSEEK new_lseek
+extern long new_lseek(int fd, long pos, int start);
+#endif
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * PACKAGE:  hashing
+ *
+ * DESCRIPTION:
+ *  Page manipulation for hashing package.
+ *
+ * ROUTINES:
+ *
+ * External
+ *  __get_page
+ *  __add_ovflpage
+ * Internal
+ *  overflow_page
+ *  open_temp
+ */
+#ifndef macintosh
+#include <sys/types.h>
+#endif
+
+#if defined(macintosh)
+#include <unistd.h>
+#endif
+
+#include <errno.h>
+#include <fcntl.h>
+#if defined(_WIN32) || defined(_WINDOWS)
+#include <io.h>
+#endif
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+#include <unistd.h>
+#endif
+
+#include <assert.h>
+
+#include "mcom_db.h"
+#include "hash.h"
+#include "page.h"
+/* #include "extern.h" */
+
+extern int mkstempflags(char *path, int extraFlags);
+
+static uint32 *fetch_bitmap(HTAB *, uint32);
+static uint32 first_free(uint32);
+static int open_temp(HTAB *);
+static uint16 overflow_page(HTAB *);
+static void squeeze_key(uint16 *, const DBT *, const DBT *);
+static int ugly_split(HTAB *, uint32, BUFHEAD *, BUFHEAD *, int, int);
+
+#define PAGE_INIT(P)                                            \
+    {                                                           \
+        ((uint16 *)(P))[0] = 0;                                 \
+        ((uint16 *)(P))[1] = hashp->BSIZE - 3 * sizeof(uint16); \
+        ((uint16 *)(P))[2] = hashp->BSIZE;                      \
+    }
+
+/* implement a new lseek using lseek that
+ * writes zero's when extending a file
+ * beyond the end.
+ */
+long
+new_lseek(int fd, long offset, int origin)
+{
+    long cur_pos = 0;
+    long end_pos = 0;
+    long seek_pos = 0;
+
+    if (origin == SEEK_CUR) {
+        if (offset < 1)
+            return (lseek(fd, offset, SEEK_CUR));
+
+        cur_pos = lseek(fd, 0, SEEK_CUR);
+
+        if (cur_pos < 0)
+            return (cur_pos);
+    }
+
+    end_pos = lseek(fd, 0, SEEK_END);
+    if (end_pos < 0)
+        return (end_pos);
+
+    if (origin == SEEK_SET)
+        seek_pos = offset;
+    else if (origin == SEEK_CUR)
+        seek_pos = cur_pos + offset;
+    else if (origin == SEEK_END)
+        seek_pos = end_pos + offset;
+    else {
+        assert(0);
+        return (-1);
+    }
+
+    /* the seek position desired is before the
+     * end of the file.  We don't need
+     * to do anything special except the seek.
+     */
+    if (seek_pos <= end_pos)
+        return (lseek(fd, seek_pos, SEEK_SET));
+
+    /* the seek position is beyond the end of the
+     * file.  Write zero's to the end.
+     *
+     * we are already at the end of the file so
+     * we just need to "write()" zeros for the
+     * difference between seek_pos-end_pos and
+     * then seek to the position to finish
+     * the call
+     */
+    {
+        char buffer[1024];
+        long len = seek_pos - end_pos;
+        memset(buffer, 0, 1024);
+        while (len > 0) {
+            if (write(fd, buffer, (size_t)(1024 > len ? len : 1024)) < 0)
+                return (-1);
+            len -= 1024;
+        }
+        return (lseek(fd, seek_pos, SEEK_SET));
+    }
+}
+
+/*
+ * This is called AFTER we have verified that there is room on the page for
+ * the pair (PAIRFITS has returned true) so we go right ahead and start moving
+ * stuff on.
+ */
+static void
+putpair(char *p, const DBT *key, DBT *val)
+{
+    register uint16 *bp, n, off;
+
+    bp = (uint16 *)p;
+
+    /* Enter the key first. */
+    n = bp[0];
+
+    off = OFFSET(bp) - key->size;
+    memmove(p + off, key->data, key->size);
+    bp[++n] = off;
+
+    /* Now the data. */
+    off -= val->size;
+    memmove(p + off, val->data, val->size);
+    bp[++n] = off;
+
+    /* Adjust page info. */
+    bp[0] = n;
+    bp[n + 1] = off - ((n + 3) * sizeof(uint16));
+    bp[n + 2] = off;
+}
+
+/*
+ * Returns:
+ *   0 OK
+ *  -1 error
+ */
+extern int
+__delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
+{
+    register uint16 *bp, newoff;
+    register int n;
+    uint16 pairlen;
+
+    bp = (uint16 *)bufp->page;
+    n = bp[0];
+
+    if (bp[ndx + 1] < REAL_KEY)
+        return (__big_delete(hashp, bufp));
+    if (ndx != 1)
+        newoff = bp[ndx - 1];
+    else
+        newoff = hashp->BSIZE;
+    pairlen = newoff - bp[ndx + 1];
+
+    if (ndx != (n - 1)) {
+        /* Hard Case -- need to shuffle keys */
+        register int i;
+        register char *src = bufp->page + (int)OFFSET(bp);
+        uint32 dst_offset = (uint32)OFFSET(bp) + (uint32)pairlen;
+        register char *dst = bufp->page + dst_offset;
+        uint32 length = bp[ndx + 1] - OFFSET(bp);
+
+        /*
+         * +-----------+XXX+---------+XXX+---------+---------> +infinity
+         * |           |             |             |
+         * 0           src_offset    dst_offset    BSIZE
+         *
+         * Dst_offset is > src_offset, so if src_offset were bad, dst_offset
+         * would be too, therefore we check only dst_offset.
+         *
+         * If dst_offset is >= BSIZE, either OFFSET(bp), or pairlen, or both
+         * is corrupted.
+         *
+         * Once we know dst_offset is < BSIZE, we can subtract it from BSIZE
+         * to get an upper bound on length.
+         */
+        if (dst_offset > (uint32)hashp->BSIZE)
+            return (DATABASE_CORRUPTED_ERROR);
+
+        if (length > (uint32)(hashp->BSIZE - dst_offset))
+            return (DATABASE_CORRUPTED_ERROR);
+
+        memmove(dst, src, length);
+
+        /* Now adjust the pointers */
+        for (i = ndx + 2; i <= n; i += 2) {
+            if (bp[i + 1] == OVFLPAGE) {
+                bp[i - 2] = bp[i];
+                bp[i - 1] = bp[i + 1];
+            } else {
+                bp[i - 2] = bp[i] + pairlen;
+                bp[i - 1] = bp[i + 1] + pairlen;
+            }
+        }
+    }
+    /* Finally adjust the page data */
+    bp[n] = OFFSET(bp) + pairlen;
+    bp[n - 1] = bp[n + 1] + pairlen + 2 * sizeof(uint16);
+    bp[0] = n - 2;
+    hashp->NKEYS--;
+
+    bufp->flags |= BUF_MOD;
+    return (0);
+}
+/*
+ * Returns:
+ *   0 ==> OK
+ *  -1 ==> Error
+ */
+extern int
+__split_page(HTAB *hashp, uint32 obucket, uint32 nbucket)
+{
+    register BUFHEAD *new_bufp, *old_bufp;
+    register uint16 *ino;
+    register uint16 *tmp_uint16_array;
+    register char *np;
+    DBT key, val;
+    uint16 n, ndx;
+    int retval;
+    uint16 copyto, diff, moved;
+    size_t off;
+    char *op;
+
+    copyto = (uint16)hashp->BSIZE;
+    off = (uint16)hashp->BSIZE;
+    old_bufp = __get_buf(hashp, obucket, NULL, 0);
+    if (old_bufp == NULL)
+        return (-1);
+    new_bufp = __get_buf(hashp, nbucket, NULL, 0);
+    if (new_bufp == NULL)
+        return (-1);
+
+    old_bufp->flags |= (BUF_MOD | BUF_PIN);
+    new_bufp->flags |= (BUF_MOD | BUF_PIN);
+
+    ino = (uint16 *)(op = old_bufp->page);
+    np = new_bufp->page;
+
+    moved = 0;
+
+    for (n = 1, ndx = 1; n < ino[0]; n += 2) {
+        if (ino[n + 1] < REAL_KEY) {
+            retval = ugly_split(hashp, obucket, old_bufp, new_bufp,
+                                (int)copyto, (int)moved);
+            old_bufp->flags &= ~BUF_PIN;
+            new_bufp->flags &= ~BUF_PIN;
+            return (retval);
+        }
+        key.data = (uint8 *)op + ino[n];
+
+        /* check here for ino[n] being greater than
+         * off.  If it is then the database has
+         * been corrupted.
+         */
+        if (ino[n] > off)
+            return (DATABASE_CORRUPTED_ERROR);
+
+        key.size = off - ino[n];
+
+#ifdef DEBUG
+        /* make sure the size is positive */
+        assert(((int)key.size) > -1);
+#endif
+
+        if (__call_hash(hashp, (char *)key.data, key.size) == obucket) {
+            /* Don't switch page */
+            diff = copyto - off;
+            if (diff) {
+                copyto = ino[n + 1] + diff;
+                memmove(op + copyto, op + ino[n + 1],
+                        off - ino[n + 1]);
+                ino[ndx] = copyto + ino[n] - ino[n + 1];
+                ino[ndx + 1] = copyto;
+            } else
+                copyto = ino[n + 1];
+            ndx += 2;
+        } else {
+            /* Switch page */
+            val.data = (uint8 *)op + ino[n + 1];
+            val.size = ino[n] - ino[n + 1];
+
+            /* if the pair doesn't fit something is horribly
+             * wrong.  LJM
+             */
+            tmp_uint16_array = (uint16 *)np;
+            if (!PAIRFITS(tmp_uint16_array, &key, &val))
+                return (DATABASE_CORRUPTED_ERROR);
+
+            putpair(np, &key, &val);
+            moved += 2;
+        }
+
+        off = ino[n + 1];
+    }
+
+    /* Now clean up the page */
+    ino[0] -= moved;
+    FREESPACE(ino) = copyto - sizeof(uint16) * (ino[0] + 3);
+    OFFSET(ino) = copyto;
+
+#ifdef DEBUG3
+    (void)fprintf(stderr, "split %d/%d\n",
+                  ((uint16 *)np)[0] / 2,
+                  ((uint16 *)op)[0] / 2);
+#endif
+    /* unpin both pages */
+    old_bufp->flags &= ~BUF_PIN;
+    new_bufp->flags &= ~BUF_PIN;
+    return (0);
+}
+
+/*
+ * Called when we encounter an overflow or big key/data page during split
+ * handling.  This is special cased since we have to begin checking whether
+ * the key/data pairs fit on their respective pages and because we may need
+ * overflow pages for both the old and new pages.
+ *
+ * The first page might be a page with regular key/data pairs in which case
+ * we have a regular overflow condition and just need to go on to the next
+ * page or it might be a big key/data pair in which case we need to fix the
+ * big key/data pair.
+ *
+ * Returns:
+ *   0 ==> success
+ *  -1 ==> failure
+ */
+
+/* the maximum number of loops we will allow UGLY split to chew
+ * on before we assume the database is corrupted and throw it
+ * away.
+ */
+#define MAX_UGLY_SPLIT_LOOPS 10000
+
+static int
+ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
+           BUFHEAD *new_bufp, /* Same as __split_page. */ int copyto, int moved)
+/* int copyto;   First byte on page which contains key/data values. */
+/* int moved;    Number of pairs moved to new page. */
+{
+    register BUFHEAD *bufp; /* Buffer header for ino */
+    register uint16 *ino;   /* Page keys come off of */
+    register uint16 *np;    /* New page */
+    register uint16 *op;    /* Page keys go on to if they aren't moving */
+    uint32 loop_detection = 0;
+
+    BUFHEAD *last_bfp; /* Last buf header OVFL needing to be freed */
+    DBT key, val;
+    SPLIT_RETURN ret;
+    uint16 n, off, ov_addr, scopyto;
+    char *cino; /* Character value of ino */
+    int status;
+
+    bufp = old_bufp;
+    ino = (uint16 *)old_bufp->page;
+    np = (uint16 *)new_bufp->page;
+    op = (uint16 *)old_bufp->page;
+    last_bfp = NULL;
+    scopyto = (uint16)copyto; /* ANSI */
+
+    n = ino[0] - 1;
+    while (n < ino[0]) {
+
+        /* this function goes nuts sometimes and never returns.
+         * I havent found the problem yet but I need a solution
+         * so if we loop too often we assume a database curruption error
+         * :LJM
+         */
+        loop_detection++;
+
+        if (loop_detection > MAX_UGLY_SPLIT_LOOPS)
+            return DATABASE_CORRUPTED_ERROR;
+
+        if (ino[2] < REAL_KEY && ino[2] != OVFLPAGE) {
+            if ((status = __big_split(hashp, old_bufp,
+                                      new_bufp, bufp, bufp->addr, obucket, &ret)))
+                return (status);
+            old_bufp = ret.oldp;
+            if (!old_bufp)
+                return (-1);
+            op = (uint16 *)old_bufp->page;
+            new_bufp = ret.newp;
+            if (!new_bufp)
+                return (-1);
+            np = (uint16 *)new_bufp->page;
+            bufp = ret.nextp;
+            if (!bufp)
+                return (0);
+            cino = (char *)bufp->page;
+            ino = (uint16 *)cino;
+            last_bfp = ret.nextp;
+        } else if (ino[n + 1] == OVFLPAGE) {
+            ov_addr = ino[n];
+            /*
+             * Fix up the old page -- the extra 2 are the fields
+             * which contained the overflow information.
+             */
+            ino[0] -= (moved + 2);
+            FREESPACE(ino) =
+                scopyto - sizeof(uint16) * (ino[0] + 3);
+            OFFSET(ino) = scopyto;
+
+            bufp = __get_buf(hashp, ov_addr, bufp, 0);
+            if (!bufp)
+                return (-1);
+
+            ino = (uint16 *)bufp->page;
+            n = 1;
+            scopyto = hashp->BSIZE;
+            moved = 0;
+
+            if (last_bfp)
+                __free_ovflpage(hashp, last_bfp);
+            last_bfp = bufp;
+        }
+        /* Move regular sized pairs of there are any */
+        off = hashp->BSIZE;
+        for (n = 1; (n < ino[0]) && (ino[n + 1] >= REAL_KEY); n += 2) {
+            cino = (char *)ino;
+            key.data = (uint8 *)cino + ino[n];
+            key.size = off - ino[n];
+            val.data = (uint8 *)cino + ino[n + 1];
+            val.size = ino[n] - ino[n + 1];
+            off = ino[n + 1];
+
+            if (__call_hash(hashp, (char *)key.data, key.size) == obucket) {
+                /* Keep on old page */
+                if (PAIRFITS(op, (&key), (&val)))
+                    putpair((char *)op, &key, &val);
+                else {
+                    old_bufp =
+                        __add_ovflpage(hashp, old_bufp);
+                    if (!old_bufp)
+                        return (-1);
+                    op = (uint16 *)old_bufp->page;
+                    putpair((char *)op, &key, &val);
+                }
+                old_bufp->flags |= BUF_MOD;
+            } else {
+                /* Move to new page */
+                if (PAIRFITS(np, (&key), (&val)))
+                    putpair((char *)np, &key, &val);
+                else {
+                    new_bufp =
+                        __add_ovflpage(hashp, new_bufp);
+                    if (!new_bufp)
+                        return (-1);
+                    np = (uint16 *)new_bufp->page;
+                    putpair((char *)np, &key, &val);
+                }
+                new_bufp->flags |= BUF_MOD;
+            }
+        }
+    }
+    if (last_bfp)
+        __free_ovflpage(hashp, last_bfp);
+    return (0);
+}
+
+/*
+ * Add the given pair to the page
+ *
+ * Returns:
+ *  0 ==> OK
+ *  1 ==> failure
+ */
+extern int
+__addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
+{
+    register uint16 *bp, *sop;
+    int do_expand;
+
+    bp = (uint16 *)bufp->page;
+    do_expand = 0;
+    while (bp[0] && (bp[2] < REAL_KEY || bp[bp[0]] < REAL_KEY))
+        /* Exception case */
+        if (bp[2] == FULL_KEY_DATA && bp[0] == 2)
+            /* This is the last page of a big key/data pair
+               and we need to add another page */
+            break;
+        else if (bp[2] < REAL_KEY && bp[bp[0]] != OVFLPAGE) {
+            bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+            if (!bufp) {
+#ifdef DEBUG
+                assert(0);
+#endif
+                return (-1);
+            }
+            bp = (uint16 *)bufp->page;
+        } else
+            /* Try to squeeze key on this page */
+            if (FREESPACE(bp) > PAIRSIZE(key, val)) {
+            {
+                squeeze_key(bp, key, val);
+
+                /* LJM: I added this because I think it was
+                 * left out on accident.
+                 * if this isn't incremented nkeys will not
+                 * be the actual number of keys in the db.
+                 */
+                hashp->NKEYS++;
+                return (0);
+            }
+        } else {
+            bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+            if (!bufp) {
+#ifdef DEBUG
+                assert(0);
+#endif
+                return (-1);
+            }
+            bp = (uint16 *)bufp->page;
+        }
+
+    if (PAIRFITS(bp, key, val))
+        putpair(bufp->page, key, (DBT *)val);
+    else {
+        do_expand = 1;
+        bufp = __add_ovflpage(hashp, bufp);
+        if (!bufp) {
+#ifdef DEBUG
+            assert(0);
+#endif
+            return (-1);
+        }
+        sop = (uint16 *)bufp->page;
+
+        if (PAIRFITS(sop, key, val))
+            putpair((char *)sop, key, (DBT *)val);
+        else if (__big_insert(hashp, bufp, key, val)) {
+#ifdef DEBUG
+            assert(0);
+#endif
+            return (-1);
+        }
+    }
+    bufp->flags |= BUF_MOD;
+    /*
+     * If the average number of keys per bucket exceeds the fill factor,
+     * expand the table.
+     */
+    hashp->NKEYS++;
+    if (do_expand ||
+        (hashp->NKEYS / (hashp->MAX_BUCKET + 1) > hashp->FFACTOR))
+        return (__expand_table(hashp));
+    return (0);
+}
+
+/*
+ *
+ * Returns:
+ *  pointer on success
+ *  NULL on error
+ */
+extern BUFHEAD *
+__add_ovflpage(HTAB *hashp, BUFHEAD *bufp)
+{
+    register uint16 *sp;
+    uint16 ndx, ovfl_num;
+#ifdef DEBUG1
+    int tmp1, tmp2;
+#endif
+    sp = (uint16 *)bufp->page;
+
+    /* Check if we are dynamically determining the fill factor */
+    if (hashp->FFACTOR == DEF_FFACTOR) {
+        hashp->FFACTOR = sp[0] >> 1;
+        if (hashp->FFACTOR < MIN_FFACTOR)
+            hashp->FFACTOR = MIN_FFACTOR;
+    }
+    bufp->flags |= BUF_MOD;
+    ovfl_num = overflow_page(hashp);
+#ifdef DEBUG1
+    tmp1 = bufp->addr;
+    tmp2 = bufp->ovfl ? bufp->ovfl->addr : 0;
+#endif
+    if (!ovfl_num || !(bufp->ovfl = __get_buf(hashp, ovfl_num, bufp, 1)))
+        return (NULL);
+    bufp->ovfl->flags |= BUF_MOD;
+#ifdef DEBUG1
+    (void)fprintf(stderr, "ADDOVFLPAGE: %d->ovfl was %d is now %d\n",
+                  tmp1, tmp2, bufp->ovfl->addr);
+#endif
+    ndx = sp[0];
+    /*
+     * Since a pair is allocated on a page only if there's room to add
+     * an overflow page, we know that the OVFL information will fit on
+     * the page.
+     */
+    sp[ndx + 4] = OFFSET(sp);
+    sp[ndx + 3] = FREESPACE(sp) - OVFLSIZE;
+    sp[ndx + 1] = ovfl_num;
+    sp[ndx + 2] = OVFLPAGE;
+    sp[0] = ndx + 2;
+#ifdef HASH_STATISTICS
+    hash_overflows++;
+#endif
+    return (bufp->ovfl);
+}
+
+/*
+ * Returns:
+ *   0 indicates SUCCESS
+ *  -1 indicates FAILURE
+ */
+extern int
+__get_page(HTAB *hashp,
+           char *p,
+           uint32 bucket,
+           int is_bucket,
+           int is_disk,
+           int is_bitmap)
+{
+    register int fd, page;
+    size_t size;
+    int rsize;
+    uint16 *bp;
+
+    fd = hashp->fp;
+    size = hashp->BSIZE;
+
+    if ((fd == -1) || !is_disk) {
+        PAGE_INIT(p);
+        return (0);
+    }
+    if (is_bucket)
+        page = BUCKET_TO_PAGE(bucket);
+    else
+        page = OADDR_TO_PAGE(bucket);
+    if ((MY_LSEEK(fd, (off_t)page << hashp->BSHIFT, SEEK_SET) == -1) ||
+        ((rsize = read(fd, p, size)) == -1))
+        return (-1);
+
+    bp = (uint16 *)p;
+    if (!rsize)
+        bp[0] = 0; /* We hit the EOF, so initialize a new page */
+    else if ((unsigned)rsize != size) {
+        errno = EFTYPE;
+        return (-1);
+    }
+
+    if (!is_bitmap && !bp[0]) {
+        PAGE_INIT(p);
+    } else {
+
+        if (hashp->LORDER != BYTE_ORDER) {
+            register int i, max;
+
+            if (is_bitmap) {
+                max = hashp->BSIZE >> 2; /* divide by 4 */
+                for (i = 0; i < max; i++)
+                    M_32_SWAP(((int *)p)[i]);
+            } else {
+                M_16_SWAP(bp[0]);
+                max = bp[0] + 2;
+
+                /* bound the size of max by
+                 * the maximum number of entries
+                 * in the array
+                 */
+                if ((unsigned)max > (size / sizeof(uint16)))
+                    return (DATABASE_CORRUPTED_ERROR);
+
+                /* do the byte order swap
+                 */
+                for (i = 1; i <= max; i++)
+                    M_16_SWAP(bp[i]);
+            }
+        }
+
+        /* check the validity of the page here
+         * (after doing byte order swaping if necessary)
+         */
+        if (!is_bitmap && bp[0] != 0) {
+            uint16 num_keys = bp[0];
+            uint16 offset;
+            uint16 i;
+
+            /* bp[0] is supposed to be the number of
+             * entries currently in the page.  If
+             * bp[0] is too large (larger than the whole
+             * page) then the page is corrupted
+             */
+            if (bp[0] > (size / sizeof(uint16)))
+                return (DATABASE_CORRUPTED_ERROR);
+
+            /* bound free space */
+            if (FREESPACE(bp) > size)
+                return (DATABASE_CORRUPTED_ERROR);
+
+            /* check each key and data offset to make
+             * sure they are all within bounds they
+             * should all be less than the previous
+             * offset as well.
+             */
+            offset = size;
+            for (i = 1; i <= num_keys; i += 2) {
+                /* ignore overflow pages etc. */
+                if (bp[i + 1] >= REAL_KEY) {
+
+                    if (bp[i] > offset || bp[i + 1] > bp[i])
+                        return (DATABASE_CORRUPTED_ERROR);
+
+                    offset = bp[i + 1];
+                } else {
+                    /* there are no other valid keys after
+                     * seeing a non REAL_KEY
+                     */
+                    break;
+                }
+            }
+        }
+    }
+    return (0);
+}
+
+/*
+ * Write page p to disk
+ *
+ * Returns:
+ *   0 ==> OK
+ *  -1 ==>failure
+ */
+extern int
+__put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
+{
+    register int fd, page;
+    size_t size;
+    int wsize;
+    off_t offset;
+
+    size = hashp->BSIZE;
+    if ((hashp->fp == -1) && open_temp(hashp))
+        return (-1);
+    fd = hashp->fp;
+
+    if (hashp->LORDER != BYTE_ORDER) {
+        register int i;
+        register int max;
+
+        if (is_bitmap) {
+            max = hashp->BSIZE >> 2; /* divide by 4 */
+            for (i = 0; i < max; i++)
+                M_32_SWAP(((int *)p)[i]);
+        } else {
+            max = ((uint16 *)p)[0] + 2;
+
+            /* bound the size of max by
+             * the maximum number of entries
+             * in the array
+             */
+            if ((unsigned)max > (size / sizeof(uint16)))
+                return (DATABASE_CORRUPTED_ERROR);
+
+            for (i = 0; i <= max; i++)
+                M_16_SWAP(((uint16 *)p)[i]);
+        }
+    }
+
+    if (is_bucket)
+        page = BUCKET_TO_PAGE(bucket);
+    else
+        page = OADDR_TO_PAGE(bucket);
+    offset = (off_t)page << hashp->BSHIFT;
+    if ((MY_LSEEK(fd, offset, SEEK_SET) == -1) ||
+        ((wsize = write(fd, p, size)) == -1))
+        /* Errno is set */
+        return (-1);
+    if ((unsigned)wsize != size) {
+        errno = EFTYPE;
+        return (-1);
+    }
+#if defined(_WIN32) || defined(_WINDOWS)
+    if (offset + size > hashp->file_size) {
+        hashp->updateEOF = 1;
+    }
+#endif
+    /* put the page back the way it was so that it isn't byteswapped
+     * if it remains in memory - LJM
+     */
+    if (hashp->LORDER != BYTE_ORDER) {
+        register int i;
+        register int max;
+
+        if (is_bitmap) {
+            max = hashp->BSIZE >> 2; /* divide by 4 */
+            for (i = 0; i < max; i++)
+                M_32_SWAP(((int *)p)[i]);
+        } else {
+            uint16 *bp = (uint16 *)p;
+
+            M_16_SWAP(bp[0]);
+            max = bp[0] + 2;
+
+            /* no need to bound the size if max again
+             * since it was done already above
+             */
+
+            /* do the byte order re-swap
+             */
+            for (i = 1; i <= max; i++)
+                M_16_SWAP(bp[i]);
+        }
+    }
+
+    return (0);
+}
+
+#define BYTE_MASK ((1 << INT_BYTE_SHIFT) - 1)
+/*
+ * Initialize a new bitmap page.  Bitmap pages are left in memory
+ * once they are read in.
+ */
+extern int
+__ibitmap(HTAB *hashp, int pnum, int nbits, int ndx)
+{
+    uint32 *ip;
+    size_t clearbytes, clearints;
+
+    if ((ip = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL)
+        return (1);
+    hashp->nmaps++;
+    clearints = ((nbits - 1) >> INT_BYTE_SHIFT) + 1;
+    clearbytes = clearints << INT_TO_BYTE;
+    (void)memset((char *)ip, 0, clearbytes);
+    (void)memset(((char *)ip) + clearbytes, 0xFF,
+                 hashp->BSIZE - clearbytes);
+    ip[clearints - 1] = ALL_SET << (nbits & BYTE_MASK);
+    SETBIT(ip, 0);
+    hashp->BITMAPS[ndx] = (uint16)pnum;
+    hashp->mapp[ndx] = ip;
+    return (0);
+}
+
+static uint32
+first_free(uint32 map)
+{
+    register uint32 i, mask;
+
+    mask = 0x1;
+    for (i = 0; i < BITS_PER_MAP; i++) {
+        if (!(mask & map))
+            return (i);
+        mask = mask << 1;
+    }
+    return (i);
+}
+
+static uint16
+overflow_page(HTAB *hashp)
+{
+    register uint32 *freep = NULL;
+    register int max_free, offset, splitnum;
+    uint16 addr;
+    uint32 i;
+    int bit, first_page, free_bit, free_page, in_use_bits, j;
+#ifdef DEBUG2
+    int tmp1, tmp2;
+#endif
+    splitnum = hashp->OVFL_POINT;
+    max_free = hashp->SPARES[splitnum];
+
+    free_page = (max_free - 1) >> (hashp->BSHIFT + BYTE_SHIFT);
+    free_bit = (max_free - 1) & ((hashp->BSIZE << BYTE_SHIFT) - 1);
+
+    /* Look through all the free maps to find the first free block */
+    first_page = hashp->LAST_FREED >> (hashp->BSHIFT + BYTE_SHIFT);
+    for (i = first_page; i <= (unsigned)free_page; i++) {
+        if (!(freep = (uint32 *)hashp->mapp[i]) &&
+            !(freep = fetch_bitmap(hashp, i)))
+            return (0);
+        if (i == (unsigned)free_page)
+            in_use_bits = free_bit;
+        else
+            in_use_bits = (hashp->BSIZE << BYTE_SHIFT) - 1;
+
+        if (i == (unsigned)first_page) {
+            bit = hashp->LAST_FREED &
+                  ((hashp->BSIZE << BYTE_SHIFT) - 1);
+            j = bit / BITS_PER_MAP;
+            bit = bit & ~(BITS_PER_MAP - 1);
+        } else {
+            bit = 0;
+            j = 0;
+        }
+        for (; bit <= in_use_bits; j++, bit += BITS_PER_MAP)
+            if (freep[j] != ALL_SET)
+                goto found;
+    }
+
+    /* No Free Page Found */
+    hashp->LAST_FREED = hashp->SPARES[splitnum];
+    hashp->SPARES[splitnum]++;
+    offset = hashp->SPARES[splitnum] -
+             (splitnum ? hashp->SPARES[splitnum - 1] : 0);
+
+#define OVMSG "HASH: Out of overflow pages.  Increase page size\n"
+    if (offset > SPLITMASK) {
+        if (++splitnum >= NCACHED) {
+#ifndef macintosh
+            (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);
+#endif
+            return (0);
+        }
+        hashp->OVFL_POINT = splitnum;
+        hashp->SPARES[splitnum] = hashp->SPARES[splitnum - 1];
+        hashp->SPARES[splitnum - 1]--;
+        offset = 1;
+    }
+
+    /* Check if we need to allocate a new bitmap page */
+    if (free_bit == (hashp->BSIZE << BYTE_SHIFT) - 1) {
+        free_page++;
+        if (free_page >= NCACHED) {
+#ifndef macintosh
+            (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);
+#endif
+            return (0);
+        }
+        /*
+         * This is tricky.  The 1 indicates that you want the new page
+         * allocated with 1 clear bit.  Actually, you are going to
+         * allocate 2 pages from this map.  The first is going to be
+         * the map page, the second is the overflow page we were
+         * looking for.  The init_bitmap routine automatically, sets
+         * the first bit of itself to indicate that the bitmap itself
+         * is in use.  We would explicitly set the second bit, but
+         * don't have to if we tell init_bitmap not to leave it clear
+         * in the first place.
+         */
+        if (__ibitmap(hashp,
+                      (int)OADDR_OF(splitnum, offset), 1, free_page))
+            return (0);
+        hashp->SPARES[splitnum]++;
+#ifdef DEBUG2
+        free_bit = 2;
+#endif
+        offset++;
+        if (offset > SPLITMASK) {
+            if (++splitnum >= NCACHED) {
+#ifndef macintosh
+                (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr);
+#endif
+                return (0);
+            }
+            hashp->OVFL_POINT = splitnum;
+            hashp->SPARES[splitnum] = hashp->SPARES[splitnum - 1];
+            hashp->SPARES[splitnum - 1]--;
+            offset = 0;
+        }
+    } else {
+        /*
+         * Free_bit addresses the last used bit.  Bump it to address
+         * the first available bit.
+         */
+        free_bit++;
+        SETBIT(freep, free_bit);
+    }
+
+    /* Calculate address of the new overflow page */
+    addr = OADDR_OF(splitnum, offset);
+#ifdef DEBUG2
+    (void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n",
+                  addr, free_bit, free_page);
+#endif
+    return (addr);
+
+found:
+    bit = bit + first_free(freep[j]);
+    SETBIT(freep, bit);
+#ifdef DEBUG2
+    tmp1 = bit;
+    tmp2 = i;
+#endif
+    /*
+     * Bits are addressed starting with 0, but overflow pages are addressed
+     * beginning at 1. Bit is a bit addressnumber, so we need to increment
+     * it to convert it to a page number.
+     */
+    bit = 1 + bit + (i * (hashp->BSIZE << BYTE_SHIFT));
+    if (bit >= hashp->LAST_FREED)
+        hashp->LAST_FREED = bit - 1;
+
+    /* Calculate the split number for this page */
+    for (i = 0; (i < (unsigned)splitnum) && (bit > hashp->SPARES[i]); i++) {
+    }
+    offset = (i ? bit - hashp->SPARES[i - 1] : bit);
+    if (offset >= SPLITMASK)
+        return (0); /* Out of overflow pages */
+    addr = OADDR_OF(i, offset);
+#ifdef DEBUG2
+    (void)fprintf(stderr, "OVERFLOW_PAGE: ADDR: %d BIT: %d PAGE %d\n",
+                  addr, tmp1, tmp2);
+#endif
+
+    /* Allocate and return the overflow page */
+    return (addr);
+}
+
+/*
+ * Mark this overflow page as free.
+ */
+extern void
+__free_ovflpage(HTAB *hashp, BUFHEAD *obufp)
+{
+    uint16 addr;
+    uint32 *freep;
+    uint32 bit_address, free_page, free_bit;
+    uint16 ndx;
+
+    if (!obufp || !obufp->addr)
+        return;
+
+    addr = obufp->addr;
+#ifdef DEBUG1
+    (void)fprintf(stderr, "Freeing %d\n", addr);
+#endif
+    ndx = (((uint16)addr) >> SPLITSHIFT);
+    bit_address =
+        (ndx ? hashp->SPARES[ndx - 1] : 0) + (addr & SPLITMASK) - 1;
+    if (bit_address < (uint32)hashp->LAST_FREED)
+        hashp->LAST_FREED = bit_address;
+    free_page = (bit_address >> (hashp->BSHIFT + BYTE_SHIFT));
+    free_bit = bit_address & ((hashp->BSIZE << BYTE_SHIFT) - 1);
+
+    if (!(freep = hashp->mapp[free_page]))
+        freep = fetch_bitmap(hashp, free_page);
+
+#ifdef DEBUG
+    /*
+     * This had better never happen.  It means we tried to read a bitmap
+     * that has already had overflow pages allocated off it, and we
+     * failed to read it from the file.
+     */
+    if (!freep) {
+        assert(0);
+        return;
+    }
+#endif
+    CLRBIT(freep, free_bit);
+#ifdef DEBUG2
+    (void)fprintf(stderr, "FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n",
+                  obufp->addr, free_bit, free_page);
+#endif
+    __reclaim_buf(hashp, obufp);
+}
+
+/*
+ * Returns:
+ *   0 success
+ *  -1 failure
+ */
+static int
+open_temp(HTAB *hashp)
+{
+#ifdef XP_OS2
+    hashp->fp = mkstemp(NULL);
+#else
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+    sigset_t set, oset;
+#endif
+#if !defined(macintosh)
+    char *tmpdir;
+    size_t len;
+    char last;
+#endif
+    static const char namestr[] = "/_hashXXXXXX";
+    char filename[1024];
+
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+    /* Block signals; make sure file goes away at process exit. */
+    (void)sigfillset(&set);
+    (void)sigprocmask(SIG_BLOCK, &set, &oset);
+#endif
+
+    filename[0] = 0;
+#if defined(macintosh)
+    strcat(filename, namestr + 1);
+#else
+    tmpdir = getenv("TMP");
+    if (!tmpdir)
+        tmpdir = getenv("TMPDIR");
+    if (!tmpdir)
+        tmpdir = getenv("TEMP");
+    if (!tmpdir)
+        tmpdir = ".";
+    len = strlen(tmpdir);
+    if (len && len < (sizeof filename - sizeof namestr)) {
+        strcpy(filename, tmpdir);
+    }
+    len = strlen(filename);
+    last = tmpdir[len - 1];
+    strcat(filename, (last == '/' || last == '\\') ? namestr + 1 : namestr);
+#endif
+
+#if defined(_WIN32) || defined(_WINDOWS)
+    if ((hashp->fp = mkstempflags(filename, _O_BINARY | _O_TEMPORARY)) != -1) {
+        if (hashp->filename) {
+            free(hashp->filename);
+        }
+        hashp->filename = strdup(filename);
+        hashp->is_temp = 1;
+    }
+#else
+    if ((hashp->fp = mkstemp(filename)) != -1) {
+        (void)unlink(filename);
+#if !defined(macintosh)
+        (void)fcntl(hashp->fp, F_SETFD, 1);
+#endif
+    }
+#endif
+
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+    (void)sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL);
+#endif
+#endif /* !OS2 */
+    return (hashp->fp != -1 ? 0 : -1);
+}
+
+/*
+ * We have to know that the key will fit, but the last entry on the page is
+ * an overflow pair, so we need to shift things.
+ */
+static void
+squeeze_key(uint16 *sp, const DBT *key, const DBT *val)
+{
+    register char *p;
+    uint16 free_space, n, off, pageno;
+
+    p = (char *)sp;
+    n = sp[0];
+    free_space = FREESPACE(sp);
+    off = OFFSET(sp);
+
+    pageno = sp[n - 1];
+    off -= key->size;
+    sp[n - 1] = off;
+    memmove(p + off, key->data, key->size);
+    off -= val->size;
+    sp[n] = off;
+    memmove(p + off, val->data, val->size);
+    sp[0] = n + 2;
+    sp[n + 1] = pageno;
+    sp[n + 2] = OVFLPAGE;
+    FREESPACE(sp) = free_space - PAIRSIZE(key, val);
+    OFFSET(sp) = off;
+}
+
+static uint32 *
+fetch_bitmap(HTAB *hashp, uint32 ndx)
+{
+    if (ndx >= (unsigned)hashp->nmaps)
+        return (NULL);
+    if ((hashp->mapp[ndx] = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL)
+        return (NULL);
+    if (__get_page(hashp,
+                   (char *)hashp->mapp[ndx], hashp->BITMAPS[ndx], 0, 1, 1)) {
+        free(hashp->mapp[ndx]);
+        hashp->mapp[ndx] = NULL; /* NEW: 9-11-95 */
+        return (NULL);
+    }
+    return (hashp->mapp[ndx]);
+}
+
+#ifdef DEBUG4
+int
+print_chain(int addr)
+{
+    BUFHEAD *bufp;
+    short *bp, oaddr;
+
+    (void)fprintf(stderr, "%d ", addr);
+    bufp = __get_buf(hashp, addr, NULL, 0);
+    bp = (short *)bufp->page;
+    while (bp[0] && ((bp[bp[0]] == OVFLPAGE) ||
+                     ((bp[0] > 2) && bp[2] < REAL_KEY))) {
+        oaddr = bp[bp[0] - 1];
+        (void)fprintf(stderr, "%d ", (int)oaddr);
+        bufp = __get_buf(hashp, (int)oaddr, bufp, 0);
+        bp = (short *)bufp->page;
+    }
+    (void)fprintf(stderr, "\n");
+}
+#endif
diff --git a/nss/lib/dbm/src/hash.c b/nss/lib/dbm/src/hash.c
new file mode 100644
index 0000000..b80aad4
--- /dev/null
+++ b/nss/lib/dbm/src/hash.c
@@ -0,0 +1,1172 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash.c  8.9 (Berkeley) 6/16/94";
+#endif /* LIBC_SCCS and not lint */
+
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+#include <sys/param.h>
+#endif
+
+#if !defined(macintosh)
+#ifdef XP_OS2
+#include <sys/types.h>
+#endif
+#include <sys/stat.h>
+#endif
+
+#if defined(macintosh)
+#include <unix.h>
+#include <unistd.h>
+#endif
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+#include <unistd.h>
+#endif
+#if defined(_WIN32) || defined(_WINDOWS)
+#include <windows.h>
+#endif
+
+#include <assert.h>
+
+#include "mcom_db.h"
+#include "hash.h"
+#include "page.h"
+
+/*
+#include "extern.h"
+*/
+static int alloc_segs(HTAB *, int);
+static int flush_meta(HTAB *);
+static int hash_access(HTAB *, ACTION, DBT *, DBT *);
+static int hash_close(DB *);
+static int hash_delete(const DB *, const DBT *, uint);
+static int hash_fd(const DB *);
+static int hash_get(const DB *, const DBT *, DBT *, uint);
+static int hash_put(const DB *, DBT *, const DBT *, uint);
+static void *hash_realloc(SEGMENT **, size_t, size_t);
+static int hash_seq(const DB *, DBT *, DBT *, uint);
+static int hash_sync(const DB *, uint);
+static int hdestroy(HTAB *);
+static HTAB *init_hash(HTAB *, const char *, HASHINFO *);
+static int init_htab(HTAB *, int);
+#if BYTE_ORDER == LITTLE_ENDIAN
+static void swap_header(HTAB *);
+static void swap_header_copy(HASHHDR *, HASHHDR *);
+#endif
+
+/* Fast arithmetic, relying on powers of 2, */
+#define MOD(x, y) ((x) & ((y)-1))
+
+#define RETURN_ERROR(ERR, LOC) \
+    {                          \
+        save_errno = ERR;      \
+        goto LOC;              \
+    }
+
+/* Return values */
+#define SUCCESS (0)
+#define DBM_ERROR (-1)
+#define ABNORMAL (1)
+
+#ifdef HASH_STATISTICS
+int hash_accesses, hash_collisions, hash_expansions, hash_overflows;
+#endif
+
+/* A new Lou (montulli@mozilla.com) routine.
+ *
+ * The database is screwed.
+ *
+ * This closes the file, flushing buffers as appropriate.
+ */
+static void
+__remove_database(DB *dbp)
+{
+    HTAB *hashp = (HTAB *)dbp->internal;
+
+    assert(0);
+
+    if (!hashp)
+        return;
+    hdestroy(hashp);
+    dbp->internal = NULL;
+}
+
+/************************** INTERFACE ROUTINES ***************************/
+/* OPEN/CLOSE */
+
+extern DB *
+__hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dflags)
+{
+    HTAB *hashp = NULL;
+    struct stat statbuf;
+    DB *dbp;
+    int bpages, hdrsize, new_table, nsegs, save_errno;
+
+    if ((flags & O_ACCMODE) == O_WRONLY) {
+        errno = EINVAL;
+        return NULL;
+    }
+
+    /* zero the statbuffer so that
+     * we can check it for a non-zero
+     * date to see if stat succeeded
+     */
+    memset(&statbuf, 0, sizeof(struct stat));
+
+    if (!(hashp = (HTAB *)calloc(1, sizeof(HTAB)))) {
+        errno = ENOMEM;
+        return NULL;
+    }
+    hashp->fp = NO_FILE;
+    if (file)
+        hashp->filename = strdup(file);
+
+    /*
+     * Even if user wants write only, we need to be able to read
+     * the actual file, so we need to open it read/write. But, the
+     * field in the hashp structure needs to be accurate so that
+     * we can check accesses.
+     */
+    hashp->flags = flags;
+
+    new_table = 0;
+    if (!file || (flags & O_TRUNC) || (stat(file, &statbuf) && (errno == ENOENT))) {
+        if (errno == ENOENT)
+            errno = 0; /* Just in case someone looks at errno */
+        new_table = 1;
+    } else if (statbuf.st_mtime && statbuf.st_size == 0) {
+        /* check for a zero length file and delete it
+         * if it exists
+         */
+        new_table = 1;
+    }
+    hashp->file_size = statbuf.st_size;
+
+    if (file) {
+#if defined(_WIN32) || defined(_WINDOWS) || defined(macintosh) || defined(XP_OS2)
+        if ((hashp->fp = DBFILE_OPEN(file, flags | O_BINARY, mode)) == -1)
+            RETURN_ERROR(errno, error1);
+#else
+        if ((hashp->fp = open(file, flags, mode)) == -1)
+            RETURN_ERROR(errno, error1);
+        (void)fcntl(hashp->fp, F_SETFD, 1);
+#endif
+    }
+    if (new_table) {
+        if (!init_hash(hashp, file, (HASHINFO *)info))
+            RETURN_ERROR(errno, error1);
+    } else {
+        /* Table already exists */
+        if (info && info->hash)
+            hashp->hash = info->hash;
+        else
+            hashp->hash = __default_hash;
+
+        hdrsize = read(hashp->fp, (char *)&hashp->hdr, sizeof(HASHHDR));
+        if (hdrsize == -1)
+            RETURN_ERROR(errno, error1);
+        if (hdrsize != sizeof(HASHHDR))
+            RETURN_ERROR(EFTYPE, error1);
+#if BYTE_ORDER == LITTLE_ENDIAN
+        swap_header(hashp);
+#endif
+        /* Verify file type, versions and hash function */
+        if (hashp->MAGIC != HASHMAGIC)
+            RETURN_ERROR(EFTYPE, error1);
+#define OLDHASHVERSION 1
+        if (hashp->VERSION != HASHVERSION &&
+            hashp->VERSION != OLDHASHVERSION)
+            RETURN_ERROR(EFTYPE, error1);
+        if (hashp->hash(CHARKEY, sizeof(CHARKEY)) != hashp->H_CHARKEY)
+            RETURN_ERROR(EFTYPE, error1);
+        if (hashp->NKEYS < 0) /* Old bad database. */
+            RETURN_ERROR(EFTYPE, error1);
+
+        /*
+         * Figure out how many segments we need.  Max_Bucket is the
+         * maximum bucket number, so the number of buckets is
+         * max_bucket + 1.
+         */
+        nsegs = (hashp->MAX_BUCKET + 1 + hashp->SGSIZE - 1) /
+                hashp->SGSIZE;
+        hashp->nsegs = 0;
+        if (alloc_segs(hashp, nsegs))
+            /* If alloc_segs fails, errno will have been set.  */
+            RETURN_ERROR(errno, error1);
+        /* Read in bitmaps */
+        bpages = (hashp->SPARES[hashp->OVFL_POINT] +
+                  (hashp->BSIZE << BYTE_SHIFT) - 1) >>
+                 (hashp->BSHIFT + BYTE_SHIFT);
+
+        hashp->nmaps = bpages;
+        (void)memset(&hashp->mapp[0], 0, bpages * sizeof(uint32 *));
+    }
+
+    /* Initialize Buffer Manager */
+    if (info && info->cachesize)
+        __buf_init(hashp, (int32)info->cachesize);
+    else
+        __buf_init(hashp, DEF_BUFSIZE);
+
+    hashp->new_file = new_table;
+#ifdef macintosh
+    hashp->save_file = file && !(hashp->flags & O_RDONLY);
+#else
+    hashp->save_file = file && (hashp->flags & O_RDWR);
+#endif
+    hashp->cbucket = -1;
+    if (!(dbp = (DB *)malloc(sizeof(DB)))) {
+        RETURN_ERROR(ENOMEM, error1);
+    }
+    dbp->internal = hashp;
+    dbp->close = hash_close;
+    dbp->del = hash_delete;
+    dbp->fd = hash_fd;
+    dbp->get = hash_get;
+    dbp->put = hash_put;
+    dbp->seq = hash_seq;
+    dbp->sync = hash_sync;
+    dbp->type = DB_HASH;
+
+#ifdef HASH_STATISTICS
+    hash_overflows = hash_accesses = hash_collisions = hash_expansions = 0;
+#endif
+    return (dbp);
+
+error1:
+    hdestroy(hashp);
+    errno = save_errno;
+    return (NULL);
+}
+
+static int
+hash_close(DB *dbp)
+{
+    HTAB *hashp;
+    int retval;
+
+    if (!dbp)
+        return (DBM_ERROR);
+
+    hashp = (HTAB *)dbp->internal;
+    if (!hashp)
+        return (DBM_ERROR);
+
+    retval = hdestroy(hashp);
+    free(dbp);
+    return (retval);
+}
+
+static int
+hash_fd(const DB *dbp)
+{
+    HTAB *hashp;
+
+    if (!dbp)
+        return (DBM_ERROR);
+
+    hashp = (HTAB *)dbp->internal;
+    if (!hashp)
+        return (DBM_ERROR);
+
+    if (hashp->fp == -1) {
+        errno = ENOENT;
+        return (-1);
+    }
+    return (hashp->fp);
+}
+
+/************************** LOCAL CREATION ROUTINES **********************/
+static HTAB *
+init_hash(HTAB *hashp, const char *file, HASHINFO *info)
+{
+    struct stat statbuf;
+    int nelem;
+
+    nelem = 1;
+    hashp->NKEYS = 0;
+    hashp->LORDER = BYTE_ORDER;
+    hashp->BSIZE = DEF_BUCKET_SIZE;
+    hashp->BSHIFT = DEF_BUCKET_SHIFT;
+    hashp->SGSIZE = DEF_SEGSIZE;
+    hashp->SSHIFT = DEF_SEGSIZE_SHIFT;
+    hashp->DSIZE = DEF_DIRSIZE;
+    hashp->FFACTOR = DEF_FFACTOR;
+    hashp->hash = __default_hash;
+    memset(hashp->SPARES, 0, sizeof(hashp->SPARES));
+    memset(hashp->BITMAPS, 0, sizeof(hashp->BITMAPS));
+
+    /* Fix bucket size to be optimal for file system */
+    if (file != NULL) {
+        if (stat(file, &statbuf))
+            return (NULL);
+
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh) && !defined(XP_OS2)
+#if defined(__QNX__) && !defined(__QNXNTO__)
+        hashp->BSIZE = 512; /* preferred blk size on qnx4 */
+#else
+        hashp->BSIZE = statbuf.st_blksize;
+#endif
+
+        /* new code added by Lou to reduce block
+         * size down below MAX_BSIZE
+         */
+        if (hashp->BSIZE > MAX_BSIZE)
+            hashp->BSIZE = MAX_BSIZE;
+#endif
+        hashp->BSHIFT = __log2((uint32)hashp->BSIZE);
+    }
+
+    if (info) {
+        if (info->bsize) {
+            /* Round pagesize up to power of 2 */
+            hashp->BSHIFT = __log2(info->bsize);
+            hashp->BSIZE = 1 << hashp->BSHIFT;
+            if (hashp->BSIZE > MAX_BSIZE) {
+                errno = EINVAL;
+                return (NULL);
+            }
+        }
+        if (info->ffactor)
+            hashp->FFACTOR = info->ffactor;
+        if (info->hash)
+            hashp->hash = info->hash;
+        if (info->nelem)
+            nelem = info->nelem;
+        if (info->lorder) {
+            if (info->lorder != BIG_ENDIAN &&
+                info->lorder != LITTLE_ENDIAN) {
+                errno = EINVAL;
+                return (NULL);
+            }
+            hashp->LORDER = info->lorder;
+        }
+    }
+    /* init_htab sets errno if it fails */
+    if (init_htab(hashp, nelem))
+        return (NULL);
+    else
+        return (hashp);
+}
+/*
+ * This calls alloc_segs which may run out of memory.  Alloc_segs will
+ * set errno, so we just pass the error information along.
+ *
+ * Returns 0 on No Error
+ */
+static int
+init_htab(HTAB *hashp, int nelem)
+{
+    register int nbuckets, nsegs;
+    int l2;
+
+    /*
+     * Divide number of elements by the fill factor and determine a
+     * desired number of buckets.  Allocate space for the next greater
+     * power of two number of buckets.
+     */
+    nelem = (nelem - 1) / hashp->FFACTOR + 1;
+
+    l2 = __log2((uint32)PR_MAX(nelem, 2));
+    nbuckets = 1 << l2;
+
+    hashp->SPARES[l2] = l2 + 1;
+    hashp->SPARES[l2 + 1] = l2 + 1;
+    hashp->OVFL_POINT = l2;
+    hashp->LAST_FREED = 2;
+
+    /* First bitmap page is at: splitpoint l2 page offset 1 */
+    if (__ibitmap(hashp, (int)OADDR_OF(l2, 1), l2 + 1, 0))
+        return (-1);
+
+    hashp->MAX_BUCKET = hashp->LOW_MASK = nbuckets - 1;
+    hashp->HIGH_MASK = (nbuckets << 1) - 1;
+    hashp->HDRPAGES = ((PR_MAX(sizeof(HASHHDR), MINHDRSIZE) - 1) >>
+                       hashp->BSHIFT) +
+                      1;
+
+    nsegs = (nbuckets - 1) / hashp->SGSIZE + 1;
+    nsegs = 1 << __log2((uint32)nsegs);
+
+    if (nsegs > hashp->DSIZE)
+        hashp->DSIZE = nsegs;
+    return (alloc_segs(hashp, nsegs));
+}
+
+/********************** DESTROY/CLOSE ROUTINES ************************/
+
+/*
+ * Flushes any changes to the file if necessary and destroys the hashp
+ * structure, freeing all allocated space.
+ */
+static int
+hdestroy(HTAB *hashp)
+{
+    int i, save_errno;
+
+    save_errno = 0;
+
+#ifdef HASH_STATISTICS
+    (void)fprintf(stderr, "hdestroy: accesses %ld collisions %ld\n",
+                  hash_accesses, hash_collisions);
+    (void)fprintf(stderr, "hdestroy: expansions %ld\n",
+                  hash_expansions);
+    (void)fprintf(stderr, "hdestroy: overflows %ld\n",
+                  hash_overflows);
+    (void)fprintf(stderr, "keys %ld maxp %d segmentcount %d\n",
+                  hashp->NKEYS, hashp->MAX_BUCKET, hashp->nsegs);
+
+    for (i = 0; i < NCACHED; i++)
+        (void)fprintf(stderr,
+                      "spares[%d] = %d\n", i, hashp->SPARES[i]);
+#endif
+    /*
+     * Call on buffer manager to free buffers, and if required,
+     * write them to disk.
+     */
+    if (__buf_free(hashp, 1, hashp->save_file))
+        save_errno = errno;
+    if (hashp->dir) {
+        free(*hashp->dir); /* Free initial segments */
+        /* Free extra segments */
+        while (hashp->exsegs--)
+            free(hashp->dir[--hashp->nsegs]);
+        free(hashp->dir);
+    }
+    if (flush_meta(hashp) && !save_errno)
+        save_errno = errno;
+    /* Free Bigmaps */
+    for (i = 0; i < hashp->nmaps; i++)
+        if (hashp->mapp[i])
+            free(hashp->mapp[i]);
+
+    if (hashp->fp != -1)
+        (void)close(hashp->fp);
+
+    if (hashp->filename) {
+#if defined(_WIN32) || defined(_WINDOWS) || defined(XP_OS2)
+        if (hashp->is_temp)
+            (void)unlink(hashp->filename);
+#endif
+        free(hashp->filename);
+    }
+    if (hashp->tmp_buf)
+        free(hashp->tmp_buf);
+    if (hashp->tmp_key)
+        free(hashp->tmp_key);
+    free(hashp);
+    if (save_errno) {
+        errno = save_errno;
+        return (DBM_ERROR);
+    }
+    return (SUCCESS);
+}
+
+#if defined(_WIN32) || defined(_WINDOWS)
+/*
+ * Close and reopen file to force file length update on windows.
+ *
+ * Returns:
+ *   0 == OK
+ *  -1 DBM_ERROR
+ */
+static int
+update_EOF(HTAB *hashp)
+{
+#if defined(DBM_REOPEN_ON_FLUSH)
+    char *file = hashp->filename;
+    off_t file_size;
+    int flags;
+    int mode = -1;
+    struct stat statbuf;
+
+    memset(&statbuf, 0, sizeof statbuf);
+
+    /* make sure we won't lose the file by closing it. */
+    if (!file || (stat(file, &statbuf) && (errno == ENOENT))) {
+        /* pretend we did it. */
+        return 0;
+    }
+
+    (void)close(hashp->fp);
+
+    flags = hashp->flags & ~(O_TRUNC | O_CREAT | O_EXCL);
+
+    if ((hashp->fp = DBFILE_OPEN(file, flags | O_BINARY, mode)) == -1)
+        return -1;
+    file_size = lseek(hashp->fp, (off_t)0, SEEK_END);
+    if (file_size == -1)
+        return -1;
+    hashp->file_size = file_size;
+    return 0;
+#else
+    int fd = hashp->fp;
+    off_t file_size = lseek(fd, (off_t)0, SEEK_END);
+    HANDLE handle = (HANDLE)_get_osfhandle(fd);
+    BOOL cool = FlushFileBuffers(handle);
+#ifdef DEBUG3
+    if (!cool) {
+        DWORD err = GetLastError();
+        (void)fprintf(stderr,
+                      "FlushFileBuffers failed, last error = %d, 0x%08x\n",
+                      err, err);
+    }
+#endif
+    if (file_size == -1)
+        return -1;
+    hashp->file_size = file_size;
+    return cool ? 0 : -1;
+#endif
+}
+#endif
+
+/*
+ * Write modified pages to disk
+ *
+ * Returns:
+ *   0 == OK
+ *  -1 DBM_ERROR
+ */
+static int
+hash_sync(const DB *dbp, uint flags)
+{
+    HTAB *hashp;
+
+    if (flags != 0) {
+        errno = EINVAL;
+        return (DBM_ERROR);
+    }
+
+    if (!dbp)
+        return (DBM_ERROR);
+
+    hashp = (HTAB *)dbp->internal;
+    if (!hashp)
+        return (DBM_ERROR);
+
+    if (!hashp->save_file)
+        return (0);
+    if (__buf_free(hashp, 0, 1) || flush_meta(hashp))
+        return (DBM_ERROR);
+#if defined(_WIN32) || defined(_WINDOWS)
+    if (hashp->updateEOF && hashp->filename && !hashp->is_temp) {
+        int status = update_EOF(hashp);
+        hashp->updateEOF = 0;
+        if (status)
+            return status;
+    }
+#endif
+    hashp->new_file = 0;
+    return (0);
+}
+
+/*
+ * Returns:
+ *   0 == OK
+ *  -1 indicates that errno should be set
+ */
+static int
+flush_meta(HTAB *hashp)
+{
+    HASHHDR *whdrp;
+#if BYTE_ORDER == LITTLE_ENDIAN
+    HASHHDR whdr;
+#endif
+    int fp, i, wsize;
+
+    if (!hashp->save_file)
+        return (0);
+    hashp->MAGIC = HASHMAGIC;
+    hashp->VERSION = HASHVERSION;
+    hashp->H_CHARKEY = hashp->hash(CHARKEY, sizeof(CHARKEY));
+
+    fp = hashp->fp;
+    whdrp = &hashp->hdr;
+#if BYTE_ORDER == LITTLE_ENDIAN
+    whdrp = &whdr;
+    swap_header_copy(&hashp->hdr, whdrp);
+#endif
+    if ((lseek(fp, (off_t)0, SEEK_SET) == -1) ||
+        ((wsize = write(fp, (char *)whdrp, sizeof(HASHHDR))) == -1))
+        return (-1);
+    else if (wsize != sizeof(HASHHDR)) {
+        errno = EFTYPE;
+        hashp->dbmerrno = errno;
+        return (-1);
+    }
+    for (i = 0; i < NCACHED; i++)
+        if (hashp->mapp[i])
+            if (__put_page(hashp, (char *)hashp->mapp[i],
+                           hashp->BITMAPS[i], 0, 1))
+                return (-1);
+    return (0);
+}
+
+/*******************************SEARCH ROUTINES *****************************/
+/*
+ * All the access routines return
+ *
+ * Returns:
+ *   0 on SUCCESS
+ *   1 to indicate an external DBM_ERROR (i.e. key not found, etc)
+ *  -1 to indicate an internal DBM_ERROR (i.e. out of memory, etc)
+ */
+static int
+hash_get(
+    const DB *dbp,
+    const DBT *key,
+    DBT *data,
+    uint flag)
+{
+    HTAB *hashp;
+    int rv;
+
+    hashp = (HTAB *)dbp->internal;
+    if (!hashp)
+        return (DBM_ERROR);
+
+    if (flag) {
+        hashp->dbmerrno = errno = EINVAL;
+        return (DBM_ERROR);
+    }
+
+    rv = hash_access(hashp, HASH_GET, (DBT *)key, data);
+
+    if (rv == DATABASE_CORRUPTED_ERROR) {
+#if defined(unix) && defined(DEBUG)
+        printf("\n\nDBM Database has been corrupted, tell Lou...\n\n");
+#endif
+        __remove_database((DB *)dbp);
+    }
+
+    return (rv);
+}
+
+static int
+hash_put(
+    const DB *dbp,
+    DBT *key,
+    const DBT *data,
+    uint flag)
+{
+    HTAB *hashp;
+    int rv;
+
+    hashp = (HTAB *)dbp->internal;
+    if (!hashp)
+        return (DBM_ERROR);
+
+    if (flag && flag != R_NOOVERWRITE) {
+        hashp->dbmerrno = errno = EINVAL;
+        return (DBM_ERROR);
+    }
+    if ((hashp->flags & O_ACCMODE) == O_RDONLY) {
+        hashp->dbmerrno = errno = EPERM;
+        return (DBM_ERROR);
+    }
+
+    rv = hash_access(hashp, flag == R_NOOVERWRITE ? HASH_PUTNEW
+                                                  : HASH_PUT,
+                     (DBT *)key, (DBT *)data);
+
+    if (rv == DATABASE_CORRUPTED_ERROR) {
+#if defined(unix) && defined(DEBUG)
+        printf("\n\nDBM Database has been corrupted, tell Lou...\n\n");
+#endif
+        __remove_database((DB *)dbp);
+    }
+
+    return (rv);
+}
+
+static int
+hash_delete(
+    const DB *dbp,
+    const DBT *key,
+    uint flag) /* Ignored */
+{
+    HTAB *hashp;
+    int rv;
+
+    hashp = (HTAB *)dbp->internal;
+    if (!hashp)
+        return (DBM_ERROR);
+
+    if (flag && flag != R_CURSOR) {
+        hashp->dbmerrno = errno = EINVAL;
+        return (DBM_ERROR);
+    }
+    if ((hashp->flags & O_ACCMODE) == O_RDONLY) {
+        hashp->dbmerrno = errno = EPERM;
+        return (DBM_ERROR);
+    }
+    rv = hash_access(hashp, HASH_DELETE, (DBT *)key, NULL);
+
+    if (rv == DATABASE_CORRUPTED_ERROR) {
+#if defined(unix) && defined(DEBUG)
+        printf("\n\nDBM Database has been corrupted, tell Lou...\n\n");
+#endif
+        __remove_database((DB *)dbp);
+    }
+
+    return (rv);
+}
+
+#define MAX_OVERFLOW_HASH_ACCESS_LOOPS 2000
+/*
+ * Assume that hashp has been set in wrapper routine.
+ */
+static int
+hash_access(
+    HTAB *hashp,
+    ACTION action,
+    DBT *key, DBT *val)
+{
+    register BUFHEAD *rbufp;
+    BUFHEAD *bufp, *save_bufp;
+    register uint16 *bp;
+    register long n, ndx, off;
+    register size_t size;
+    register char *kp;
+    uint16 pageno;
+    uint32 ovfl_loop_count = 0;
+    int32 last_overflow_page_no = -1;
+
+#ifdef HASH_STATISTICS
+    hash_accesses++;
+#endif
+
+    off = hashp->BSIZE;
+    size = key->size;
+    kp = (char *)key->data;
+    rbufp = __get_buf(hashp, __call_hash(hashp, kp, size), NULL, 0);
+    if (!rbufp)
+        return (DATABASE_CORRUPTED_ERROR);
+    save_bufp = rbufp;
+
+    /* Pin the bucket chain */
+    rbufp->flags |= BUF_PIN;
+    for (bp = (uint16 *)rbufp->page, n = *bp++, ndx = 1; ndx < n;) {
+
+        if (bp[1] >= REAL_KEY) {
+            /* Real key/data pair */
+            if (size == (unsigned long)(off - *bp) &&
+                memcmp(kp, rbufp->page + *bp, size) == 0)
+                goto found;
+            off = bp[1];
+#ifdef HASH_STATISTICS
+            hash_collisions++;
+#endif
+            bp += 2;
+            ndx += 2;
+        } else if (bp[1] == OVFLPAGE) {
+
+            /* database corruption: overflow loop detection */
+            if (last_overflow_page_no == (int32)*bp)
+                return (DATABASE_CORRUPTED_ERROR);
+
+            last_overflow_page_no = *bp;
+
+            rbufp = __get_buf(hashp, *bp, rbufp, 0);
+            if (!rbufp) {
+                save_bufp->flags &= ~BUF_PIN;
+                return (DBM_ERROR);
+            }
+
+            ovfl_loop_count++;
+            if (ovfl_loop_count > MAX_OVERFLOW_HASH_ACCESS_LOOPS)
+                return (DATABASE_CORRUPTED_ERROR);
+
+            /* FOR LOOP INIT */
+            bp = (uint16 *)rbufp->page;
+            n = *bp++;
+            ndx = 1;
+            off = hashp->BSIZE;
+        } else if (bp[1] < REAL_KEY) {
+            if ((ndx =
+                     __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
+                goto found;
+            if (ndx == -2) {
+                bufp = rbufp;
+                if (!(pageno =
+                          __find_last_page(hashp, &bufp))) {
+                    ndx = 0;
+                    rbufp = bufp;
+                    break; /* FOR */
+                }
+                rbufp = __get_buf(hashp, pageno, bufp, 0);
+                if (!rbufp) {
+                    save_bufp->flags &= ~BUF_PIN;
+                    return (DBM_ERROR);
+                }
+                /* FOR LOOP INIT */
+                bp = (uint16 *)rbufp->page;
+                n = *bp++;
+                ndx = 1;
+                off = hashp->BSIZE;
+            } else {
+                save_bufp->flags &= ~BUF_PIN;
+                return (DBM_ERROR);
+            }
+        }
+    }
+
+    /* Not found */
+    switch (action) {
+        case HASH_PUT:
+        case HASH_PUTNEW:
+            if (__addel(hashp, rbufp, key, val)) {
+                save_bufp->flags &= ~BUF_PIN;
+                return (DBM_ERROR);
+            } else {
+                save_bufp->flags &= ~BUF_PIN;
+                return (SUCCESS);
+            }
+        case HASH_GET:
+        case HASH_DELETE:
+        default:
+            save_bufp->flags &= ~BUF_PIN;
+            return (ABNORMAL);
+    }
+
+found:
+    switch (action) {
+        case HASH_PUTNEW:
+            save_bufp->flags &= ~BUF_PIN;
+            return (ABNORMAL);
+        case HASH_GET:
+            bp = (uint16 *)rbufp->page;
+            if (bp[ndx + 1] < REAL_KEY) {
+                if (__big_return(hashp, rbufp, ndx, val, 0))
+                    return (DBM_ERROR);
+            } else {
+                val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1];
+                val->size = bp[ndx] - bp[ndx + 1];
+            }
+            break;
+        case HASH_PUT:
+            if ((__delpair(hashp, rbufp, ndx)) ||
+                (__addel(hashp, rbufp, key, val))) {
+                save_bufp->flags &= ~BUF_PIN;
+                return (DBM_ERROR);
+            }
+            break;
+        case HASH_DELETE:
+            if (__delpair(hashp, rbufp, ndx))
+                return (DBM_ERROR);
+            break;
+        default:
+            abort();
+    }
+    save_bufp->flags &= ~BUF_PIN;
+    return (SUCCESS);
+}
+
+static int
+hash_seq(
+    const DB *dbp,
+    DBT *key, DBT *data,
+    uint flag)
+{
+    register uint32 bucket;
+    register BUFHEAD *bufp = NULL;
+    HTAB *hashp;
+    uint16 *bp, ndx;
+
+    hashp = (HTAB *)dbp->internal;
+    if (!hashp)
+        return (DBM_ERROR);
+
+    if (flag && flag != R_FIRST && flag != R_NEXT) {
+        hashp->dbmerrno = errno = EINVAL;
+        return (DBM_ERROR);
+    }
+#ifdef HASH_STATISTICS
+    hash_accesses++;
+#endif
+    if ((hashp->cbucket < 0) || (flag == R_FIRST)) {
+        hashp->cbucket = 0;
+        hashp->cndx = 1;
+        hashp->cpage = NULL;
+    }
+
+    for (bp = NULL; !bp || !bp[0];) {
+        if (!(bufp = hashp->cpage)) {
+            for (bucket = hashp->cbucket;
+                 bucket <= (uint32)hashp->MAX_BUCKET;
+                 bucket++, hashp->cndx = 1) {
+                bufp = __get_buf(hashp, bucket, NULL, 0);
+                if (!bufp)
+                    return (DBM_ERROR);
+                hashp->cpage = bufp;
+                bp = (uint16 *)bufp->page;
+                if (bp[0])
+                    break;
+            }
+            hashp->cbucket = bucket;
+            if (hashp->cbucket > hashp->MAX_BUCKET) {
+                hashp->cbucket = -1;
+                return (ABNORMAL);
+            }
+        } else
+            bp = (uint16 *)hashp->cpage->page;
+
+#ifdef DEBUG
+        assert(bp);
+        assert(bufp);
+#endif
+        while (bp[hashp->cndx + 1] == OVFLPAGE) {
+            bufp = hashp->cpage =
+                __get_buf(hashp, bp[hashp->cndx], bufp, 0);
+            if (!bufp)
+                return (DBM_ERROR);
+            bp = (uint16 *)(bufp->page);
+            hashp->cndx = 1;
+        }
+        if (!bp[0]) {
+            hashp->cpage = NULL;
+            ++hashp->cbucket;
+        }
+    }
+    ndx = hashp->cndx;
+    if (bp[ndx + 1] < REAL_KEY) {
+        if (__big_keydata(hashp, bufp, key, data, 1))
+            return (DBM_ERROR);
+    } else {
+        key->data = (uint8 *)hashp->cpage->page + bp[ndx];
+        key->size = (ndx > 1 ? bp[ndx - 1] : hashp->BSIZE) - bp[ndx];
+        data->data = (uint8 *)hashp->cpage->page + bp[ndx + 1];
+        data->size = bp[ndx] - bp[ndx + 1];
+        ndx += 2;
+        if (ndx > bp[0]) {
+            hashp->cpage = NULL;
+            hashp->cbucket++;
+            hashp->cndx = 1;
+        } else
+            hashp->cndx = ndx;
+    }
+    return (SUCCESS);
+}
+
+/********************************* UTILITIES ************************/
+
+/*
+ * Returns:
+ *   0 ==> OK
+ *  -1 ==> Error
+ */
+extern int
+__expand_table(HTAB *hashp)
+{
+    uint32 old_bucket, new_bucket;
+    int new_segnum, spare_ndx;
+    size_t dirsize;
+
+#ifdef HASH_STATISTICS
+    hash_expansions++;
+#endif
+    new_bucket = ++hashp->MAX_BUCKET;
+    old_bucket = (hashp->MAX_BUCKET & hashp->LOW_MASK);
+
+    new_segnum = new_bucket >> hashp->SSHIFT;
+
+    /* Check if we need a new segment */
+    if (new_segnum >= hashp->nsegs) {
+        /* Check if we need to expand directory */
+        if (new_segnum >= hashp->DSIZE) {
+            /* Reallocate directory */
+            dirsize = hashp->DSIZE * sizeof(SEGMENT *);
+            if (!hash_realloc(&hashp->dir, dirsize, dirsize << 1))
+                return (-1);
+            hashp->DSIZE = dirsize << 1;
+        }
+        if ((hashp->dir[new_segnum] =
+                 (SEGMENT)calloc((size_t)hashp->SGSIZE, sizeof(BUFHEAD *))) == NULL)
+            return (-1);
+        hashp->exsegs++;
+        hashp->nsegs++;
+    }
+    /*
+     * If the split point is increasing (MAX_BUCKET's log base 2
+     * * increases), we need to copy the current contents of the spare
+     * split bucket to the next bucket.
+     */
+    spare_ndx = __log2((uint32)(hashp->MAX_BUCKET + 1));
+    if (spare_ndx > hashp->OVFL_POINT) {
+        hashp->SPARES[spare_ndx] = hashp->SPARES[hashp->OVFL_POINT];
+        hashp->OVFL_POINT = spare_ndx;
+    }
+
+    if (new_bucket > (uint32)hashp->HIGH_MASK) {
+        /* Starting a new doubling */
+        hashp->LOW_MASK = hashp->HIGH_MASK;
+        hashp->HIGH_MASK = new_bucket | hashp->LOW_MASK;
+    }
+    /* Relocate records to the new bucket */
+    return (__split_page(hashp, old_bucket, new_bucket));
+}
+
+/*
+ * If realloc guarantees that the pointer is not destroyed if the realloc
+ * fails, then this routine can go away.
+ */
+static void *
+hash_realloc(
+    SEGMENT **p_ptr,
+    size_t oldsize, size_t newsize)
+{
+    register void *p;
+
+    if ((p = malloc(newsize))) {
+        memmove(p, *p_ptr, oldsize);
+        memset((char *)p + oldsize, 0, newsize - oldsize);
+        free(*p_ptr);
+        *p_ptr = (SEGMENT *)p;
+    }
+    return (p);
+}
+
+extern uint32
+__call_hash(HTAB *hashp, char *k, size_t len)
+{
+    uint32 n, bucket;
+
+    n = hashp->hash(k, len);
+    bucket = n & hashp->HIGH_MASK;
+    if (bucket > (uint32)hashp->MAX_BUCKET)
+        bucket = bucket & hashp->LOW_MASK;
+    return (bucket);
+}
+
+/*
+ * Allocate segment table.  On error, set errno.
+ *
+ * Returns 0 on success
+ */
+static int
+alloc_segs(
+    HTAB *hashp,
+    int nsegs)
+{
+    register int i;
+    register SEGMENT store;
+
+    if ((hashp->dir =
+             (SEGMENT *)calloc((size_t)hashp->DSIZE, sizeof(SEGMENT))) == NULL) {
+        errno = ENOMEM;
+        return (-1);
+    }
+    /* Allocate segments */
+    if ((store =
+             (SEGMENT)calloc((size_t)nsegs << hashp->SSHIFT, sizeof(BUFHEAD *))) == NULL) {
+        errno = ENOMEM;
+        return (-1);
+    }
+    for (i = 0; i < nsegs; i++, hashp->nsegs++)
+        hashp->dir[i] = &store[i << hashp->SSHIFT];
+    return (0);
+}
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+/*
+ * Hashp->hdr needs to be byteswapped.
+ */
+static void
+swap_header_copy(
+    HASHHDR *srcp, HASHHDR *destp)
+{
+    int i;
+
+    P_32_COPY(srcp->magic, destp->magic);
+    P_32_COPY(srcp->version, destp->version);
+    P_32_COPY(srcp->lorder, destp->lorder);
+    P_32_COPY(srcp->bsize, destp->bsize);
+    P_32_COPY(srcp->bshift, destp->bshift);
+    P_32_COPY(srcp->dsize, destp->dsize);
+    P_32_COPY(srcp->ssize, destp->ssize);
+    P_32_COPY(srcp->sshift, destp->sshift);
+    P_32_COPY(srcp->ovfl_point, destp->ovfl_point);
+    P_32_COPY(srcp->last_freed, destp->last_freed);
+    P_32_COPY(srcp->max_bucket, destp->max_bucket);
+    P_32_COPY(srcp->high_mask, destp->high_mask);
+    P_32_COPY(srcp->low_mask, destp->low_mask);
+    P_32_COPY(srcp->ffactor, destp->ffactor);
+    P_32_COPY(srcp->nkeys, destp->nkeys);
+    P_32_COPY(srcp->hdrpages, destp->hdrpages);
+    P_32_COPY(srcp->h_charkey, destp->h_charkey);
+    for (i = 0; i < NCACHED; i++) {
+        P_32_COPY(srcp->spares[i], destp->spares[i]);
+        P_16_COPY(srcp->bitmaps[i], destp->bitmaps[i]);
+    }
+}
+
+static void
+swap_header(HTAB *hashp)
+{
+    HASHHDR *hdrp;
+    int i;
+
+    hdrp = &hashp->hdr;
+
+    M_32_SWAP(hdrp->magic);
+    M_32_SWAP(hdrp->version);
+    M_32_SWAP(hdrp->lorder);
+    M_32_SWAP(hdrp->bsize);
+    M_32_SWAP(hdrp->bshift);
+    M_32_SWAP(hdrp->dsize);
+    M_32_SWAP(hdrp->ssize);
+    M_32_SWAP(hdrp->sshift);
+    M_32_SWAP(hdrp->ovfl_point);
+    M_32_SWAP(hdrp->last_freed);
+    M_32_SWAP(hdrp->max_bucket);
+    M_32_SWAP(hdrp->high_mask);
+    M_32_SWAP(hdrp->low_mask);
+    M_32_SWAP(hdrp->ffactor);
+    M_32_SWAP(hdrp->nkeys);
+    M_32_SWAP(hdrp->hdrpages);
+    M_32_SWAP(hdrp->h_charkey);
+    for (i = 0; i < NCACHED; i++) {
+        M_32_SWAP(hdrp->spares[i]);
+        M_16_SWAP(hdrp->bitmaps[i]);
+    }
+}
+#endif
diff --git a/nss/lib/dbm/src/hash_buf.c b/nss/lib/dbm/src/hash_buf.c
new file mode 100644
index 0000000..a7cd2d0
--- /dev/null
+++ b/nss/lib/dbm/src/hash_buf.c
@@ -0,0 +1,407 @@
+/*-
+ * Copyright (c) 1990, 1993, 1994
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Margo Seltzer.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)hash_buf.c  8.5 (Berkeley) 7/15/94";
+#endif /* LIBC_SCCS and not lint */
+
+/*
+ * PACKAGE: hash
+ *
+ * DESCRIPTION:
+ *  Contains buffer management
+ *
+ * ROUTINES:
+ * External
+ *  __buf_init
+ *  __get_buf
+ *  __buf_free
+ *  __reclaim_buf
+ * Internal
+ *  newbuf
+ */
+#if !defined(_WIN32) && !defined(_WINDOWS) && !defined(macintosh)
+#include <sys/param.h>
+#endif
+
+#include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef DEBUG
+#include <assert.h>
+#endif
+
+#include "mcom_db.h"
+#include "hash.h"
+#include "page.h"
+/* #include "extern.h" */
+
+static BUFHEAD *newbuf(HTAB *, uint32, BUFHEAD *);
+
+/* Unlink B from its place in the lru */
+#define BUF_REMOVE(B)                \
+    {                                \
+        (B)->prev->next = (B)->next; \
+        (B)->next->prev = (B)->prev; \
+    }
+
+/* Insert B after P */
+#define BUF_INSERT(B, P)       \
+    {                          \
+        (B)->next = (P)->next; \
+        (B)->prev = (P);       \
+        (P)->next = (B);       \
+        (B)->next->prev = (B); \
+    }
+
+#define MRU hashp->bufhead.next
+#define LRU hashp->bufhead.prev
+
+#define MRU_INSERT(B) BUF_INSERT((B), &hashp->bufhead)
+#define LRU_INSERT(B) BUF_INSERT((B), LRU)
+
+/*
+ * We are looking for a buffer with address "addr".  If prev_bp is NULL, then
+ * address is a bucket index.  If prev_bp is not NULL, then it points to the
+ * page previous to an overflow page that we are trying to find.
+ *
+ * CAVEAT:  The buffer header accessed via prev_bp's ovfl field may no longer
+ * be valid.  Therefore, you must always verify that its address matches the
+ * address you are seeking.
+ */
+extern BUFHEAD *
+__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
+/* If prev_bp set, indicates a new overflow page. */
+{
+    register BUFHEAD *bp;
+    register uint32 is_disk_mask;
+    register int is_disk, segment_ndx = 0;
+    SEGMENT segp = 0;
+
+    is_disk = 0;
+    is_disk_mask = 0;
+    if (prev_bp) {
+        bp = prev_bp->ovfl;
+        if (!bp || (bp->addr != addr))
+            bp = NULL;
+        if (!newpage)
+            is_disk = BUF_DISK;
+    } else {
+        /* Grab buffer out of directory */
+        segment_ndx = addr & (hashp->SGSIZE - 1);
+
+        /* valid segment ensured by __call_hash() */
+        segp = hashp->dir[addr >> hashp->SSHIFT];
+#ifdef DEBUG
+        assert(segp != NULL);
+#endif
+
+        bp = PTROF(segp[segment_ndx]);
+
+        is_disk_mask = ISDISK(segp[segment_ndx]);
+        is_disk = is_disk_mask || !hashp->new_file;
+    }
+
+    if (!bp) {
+        bp = newbuf(hashp, addr, prev_bp);
+        if (!bp)
+            return (NULL);
+        if (__get_page(hashp, bp->page, addr, !prev_bp, is_disk, 0)) {
+            /* free bp and its page */
+            if (prev_bp) {
+                /* if prev_bp is set then the new page that
+                 * failed is hooked onto prev_bp as an overflow page.
+                 * if we don't remove the pointer to the bad page
+                 * we may try and access it later and we will die
+                 * horribly because it will have already been
+                 * free'd and overwritten with bogus data.
+                 */
+                prev_bp->ovfl = NULL;
+            }
+            BUF_REMOVE(bp);
+            free(bp->page);
+            free(bp);
+            return (NULL);
+        }
+
+        if (!prev_bp) {
+#if 0
+            /* 16 bit windows and mac can't handle the
+             * oring of the is disk flag.
+             */
+            segp[segment_ndx] =
+                (BUFHEAD *)((ptrdiff_t)bp | is_disk_mask);
+#else
+            /* set the is_disk thing inside the structure
+             */
+            bp->is_disk = is_disk_mask;
+            segp[segment_ndx] = bp;
+#endif
+        }
+    } else {
+        BUF_REMOVE(bp);
+        MRU_INSERT(bp);
+    }
+    return (bp);
+}
+
+/*
+ * We need a buffer for this page. Either allocate one, or evict a resident
+ * one (if we have as many buffers as we're allowed) and put this one in.
+ *
+ * If newbuf finds an error (returning NULL), it also sets errno.
+ */
+static BUFHEAD *
+newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
+{
+    register BUFHEAD *bp;  /* The buffer we're going to use */
+    register BUFHEAD *xbp; /* Temp pointer */
+    register BUFHEAD *next_xbp;
+    SEGMENT segp;
+    int segment_ndx;
+    uint16 oaddr, *shortp;
+
+    oaddr = 0;
+    bp = LRU;
+    /*
+     * If LRU buffer is pinned, the buffer pool is too small. We need to
+     * allocate more buffers.
+     */
+    if (hashp->nbufs || (bp->flags & BUF_PIN)) {
+        /* Allocate a new one */
+        if ((bp = (BUFHEAD *)malloc(sizeof(BUFHEAD))) == NULL)
+            return (NULL);
+
+        /* this memset is supposedly unnecessary but lets add
+         * it anyways.
+         */
+        memset(bp, 0xff, sizeof(BUFHEAD));
+
+        if ((bp->page = (char *)malloc((size_t)hashp->BSIZE)) == NULL) {
+            free(bp);
+            return (NULL);
+        }
+
+        /* this memset is supposedly unnecessary but lets add
+         * it anyways.
+         */
+        memset(bp->page, 0xff, (size_t)hashp->BSIZE);
+
+        if (hashp->nbufs)
+            hashp->nbufs--;
+    } else {
+        /* Kick someone out */
+        BUF_REMOVE(bp);
+        /*
+         * If this is an overflow page with addr 0, it's already been
+         * flushed back in an overflow chain and initialized.
+         */
+        if ((bp->addr != 0) || (bp->flags & BUF_BUCKET)) {
+            /*
+             * Set oaddr before __put_page so that you get it
+             * before bytes are swapped.
+             */
+            shortp = (uint16 *)bp->page;
+            if (shortp[0]) {
+                if (shortp[0] > (hashp->BSIZE / sizeof(uint16))) {
+                    return (NULL);
+                }
+                oaddr = shortp[shortp[0] - 1];
+            }
+            if ((bp->flags & BUF_MOD) && __put_page(hashp, bp->page,
+                                                    bp->addr, (int)IS_BUCKET(bp->flags), 0))
+                return (NULL);
+            /*
+             * Update the pointer to this page (i.e. invalidate it).
+             *
+             * If this is a new file (i.e. we created it at open
+             * time), make sure that we mark pages which have been
+             * written to disk so we retrieve them from disk later,
+             * rather than allocating new pages.
+             */
+            if (IS_BUCKET(bp->flags)) {
+                segment_ndx = bp->addr & (hashp->SGSIZE - 1);
+                segp = hashp->dir[bp->addr >> hashp->SSHIFT];
+#ifdef DEBUG
+                assert(segp != NULL);
+#endif
+
+                if (hashp->new_file &&
+                    ((bp->flags & BUF_MOD) ||
+                     ISDISK(segp[segment_ndx])))
+                    segp[segment_ndx] = (BUFHEAD *)BUF_DISK;
+                else
+                    segp[segment_ndx] = NULL;
+            }
+            /*
+             * Since overflow pages can only be access by means of
+             * their bucket, free overflow pages associated with
+             * this bucket.
+             */
+            for (xbp = bp; xbp->ovfl;) {
+                next_xbp = xbp->ovfl;
+                xbp->ovfl = 0;
+                xbp = next_xbp;
+
+                /* leave pinned pages alone, we are still using
+                 * them. */
+                if (xbp->flags & BUF_PIN) {
+                    continue;
+                }
+
+                /* Check that ovfl pointer is up date. */
+                if (IS_BUCKET(xbp->flags) ||
+                    (oaddr != xbp->addr))
+                    break;
+
+                shortp = (uint16 *)xbp->page;
+                if (shortp[0]) {
+                    /* LJM is the number of reported
+                     * pages way too much?
+                     */
+                    if (shortp[0] > hashp->BSIZE / sizeof(uint16))
+                        return NULL;
+                    /* set before __put_page */
+                    oaddr = shortp[shortp[0] - 1];
+                }
+                if ((xbp->flags & BUF_MOD) && __put_page(hashp,
+                                                         xbp->page, xbp->addr, 0, 0))
+                    return (NULL);
+                xbp->addr = 0;
+                xbp->flags = 0;
+                BUF_REMOVE(xbp);
+                LRU_INSERT(xbp);
+            }
+        }
+    }
+
+    /* Now assign this buffer */
+    bp->addr = addr;
+#ifdef DEBUG1
+    (void)fprintf(stderr, "NEWBUF1: %d->ovfl was %d is now %d\n",
+                  bp->addr, (bp->ovfl ? bp->ovfl->addr : 0), 0);
+#endif
+    bp->ovfl = NULL;
+    if (prev_bp) {
+/*
+         * If prev_bp is set, this is an overflow page, hook it in to
+         * the buffer overflow links.
+         */
+#ifdef DEBUG1
+        (void)fprintf(stderr, "NEWBUF2: %d->ovfl was %d is now %d\n",
+                      prev_bp->addr, (prev_bp->ovfl ? bp->ovfl->addr : 0),
+                      (bp ? bp->addr : 0));
+#endif
+        prev_bp->ovfl = bp;
+        bp->flags = 0;
+    } else
+        bp->flags = BUF_BUCKET;
+    MRU_INSERT(bp);
+    return (bp);
+}
+
+extern void
+__buf_init(HTAB *hashp, int32 nbytes)
+{
+    BUFHEAD *bfp;
+    int npages;
+
+    bfp = &(hashp->bufhead);
+    npages = (nbytes + hashp->BSIZE - 1) >> hashp->BSHIFT;
+    npages = PR_MAX(npages, MIN_BUFFERS);
+
+    hashp->nbufs = npages;
+    bfp->next = bfp;
+    bfp->prev = bfp;
+    /*
+     * This space is calloc'd so these are already null.
+     *
+     * bfp->ovfl = NULL;
+     * bfp->flags = 0;
+     * bfp->page = NULL;
+     * bfp->addr = 0;
+     */
+}
+
+extern int
+__buf_free(HTAB *hashp, int do_free, int to_disk)
+{
+    BUFHEAD *bp;
+    int status = -1;
+
+    /* Need to make sure that buffer manager has been initialized */
+    if (!LRU)
+        return (0);
+    for (bp = LRU; bp != &hashp->bufhead;) {
+        /* Check that the buffer is valid */
+        if (bp->addr || IS_BUCKET(bp->flags)) {
+            if (to_disk && (bp->flags & BUF_MOD) &&
+                (status = __put_page(hashp, bp->page,
+                                     bp->addr, IS_BUCKET(bp->flags), 0))) {
+
+                if (do_free) {
+                    if (bp->page)
+                        free(bp->page);
+                    BUF_REMOVE(bp);
+                    free(bp);
+                }
+
+                return (status);
+            }
+        }
+        /* Check if we are freeing stuff */
+        if (do_free) {
+            if (bp->page)
+                free(bp->page);
+            BUF_REMOVE(bp);
+            free(bp);
+            bp = LRU;
+        } else
+            bp = bp->prev;
+    }
+    return (0);
+}
+
+extern void
+__reclaim_buf(HTAB *hashp, BUFHEAD *bp)
+{
+    bp->ovfl = 0;
+    bp->addr = 0;
+    bp->flags = 0;
+    BUF_REMOVE(bp);
+    LRU_INSERT(bp);
+}
diff --git a/nss/lib/dbm/src/manifest.mn b/nss/lib/dbm/src/manifest.mn
new file mode 100644
index 0000000..1190444
--- /dev/null
+++ b/nss/lib/dbm/src/manifest.mn
@@ -0,0 +1,28 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../../..
+
+MODULE = dbm
+
+#
+# memmove.c, snprintf.c, and strerror.c are not in CSRCS because
+# the Standard C Library has memmove and strerror and DBM is not
+# using snprintf.
+#
+
+CSRCS = db.c	   \
+	h_bigkey.c \
+	h_func.c   \
+	h_log2.c   \
+	h_page.c   \
+	hash.c	   \
+	hash_buf.c \
+	mktemp.c   \
+	dirent.c   \
+	$(NULL)
+
+LIBRARY_NAME = dbm
diff --git a/nss/lib/dbm/src/memmove.c b/nss/lib/dbm/src/memmove.c
new file mode 100644
index 0000000..135185b
--- /dev/null
+++ b/nss/lib/dbm/src/memmove.c
@@ -0,0 +1,146 @@
+#if defined(__sun) && !defined(__SVR4)
+/*-
+ * Copyright (c) 1990, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * This code is derived from software contributed to Berkeley by
+ * Chris Torek.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)bcopy.c 8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#include <string.h>
+
+/*
+ * sizeof(word) MUST BE A POWER OF TWO
+ * SO THAT wmask BELOW IS ALL ONES
+ */
+typedef int word; /* "word" used for optimal copy speed */
+
+#define wsize sizeof(word)
+#define wmask (wsize - 1)
+
+/*
+ * Copy a block of memory, handling overlap.
+ * This is the routine that actually implements
+ * (the portable versions of) bcopy, memcpy, and memmove.
+ */
+#ifdef MEMCOPY
+void *
+    memcpy(dst0, src0, length)
+#else
+#ifdef MEMMOVE
+void *
+    memmove(dst0, src0, length)
+#else
+void
+    bcopy(src0, dst0, length)
+#endif
+#endif
+        void *dst0;
+const void *src0;
+register size_t length;
+{
+    register char *dst = dst0;
+    register const char *src = src0;
+    register size_t t;
+
+    if (length == 0 || dst == src) /* nothing to do */
+        goto done;
+
+/*
+     * Macros: loop-t-times; and loop-t-times, t>0
+     */
+#define TLOOP(s) \
+    if (t)       \
+    TLOOP1(s)
+#define TLOOP1(s) \
+    do {          \
+        s;        \
+    } while (--t)
+
+    if ((unsigned long)dst < (unsigned long)src) {
+        /*
+         * Copy forward.
+         */
+        t = (int)src; /* only need low bits */
+        if ((t | (int)dst) & wmask) {
+            /*
+             * Try to align operands.  This cannot be done
+             * unless the low bits match.
+             */
+            if ((t ^ (int)dst) & wmask || length < wsize)
+                t = length;
+            else
+                t = wsize - (t & wmask);
+            length -= t;
+            TLOOP1(*dst++ = *src++);
+        }
+        /*
+         * Copy whole words, then mop up any trailing bytes.
+         */
+        t = length / wsize;
+        TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize);
+        t = length & wmask;
+        TLOOP(*dst++ = *src++);
+    } else {
+        /*
+         * Copy backwards.  Otherwise essentially the same.
+         * Alignment works as before, except that it takes
+         * (t&wmask) bytes to align, not wsize-(t&wmask).
+         */
+        src += length;
+        dst += length;
+        t = (int)src;
+        if ((t | (int)dst) & wmask) {
+            if ((t ^ (int)dst) & wmask || length <= wsize)
+                t = length;
+            else
+                t &= wmask;
+            length -= t;
+            TLOOP1(*--dst = *--src);
+        }
+        t = length / wsize;
+        TLOOP(src -= wsize; dst -= wsize; *(word *)dst = *(word *)src);
+        t = length & wmask;
+        TLOOP(*--dst = *--src);
+    }
+done:
+#if defined(MEMCOPY) || defined(MEMMOVE)
+    return (dst0);
+#else
+    return;
+#endif
+}
+#endif /* no __sgi */
+
+/* Some compilers don't like an empty source file. */
+static int dummy = 0;
diff --git a/nss/lib/dbm/src/mktemp.c b/nss/lib/dbm/src/mktemp.c
new file mode 100644
index 0000000..b668ece
--- /dev/null
+++ b/nss/lib/dbm/src/mktemp.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright (c) 1987, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)mktemp.c    8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#ifdef macintosh
+#include <unix.h>
+#else
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#include "mcom_db.h"
+
+#ifndef _WINDOWS
+#include <unistd.h>
+#endif
+
+#ifdef _WINDOWS
+#include <process.h>
+#include "winfile.h"
+#endif
+
+static int _gettemp(char *path, register int *doopen, int extraFlags);
+
+int
+mkstemp(char *path)
+{
+#ifdef XP_OS2
+    FILE *temp = tmpfile();
+
+    return (temp ? fileno(temp) : -1);
+#else
+    int fd;
+
+    return (_gettemp(path, &fd, 0) ? fd : -1);
+#endif
+}
+
+int
+mkstempflags(char *path, int extraFlags)
+{
+    int fd;
+
+    return (_gettemp(path, &fd, extraFlags) ? fd : -1);
+}
+
+/* NB: This routine modifies its input string, and does not always restore it.
+** returns 1 on success, 0 on failure.
+*/
+static int
+_gettemp(char *path, register int *doopen, int extraFlags)
+{
+    register char *start, *trv;
+    struct stat sbuf;
+    unsigned int pid;
+
+    pid = getpid();
+    for (trv = path; *trv; ++trv)
+        ; /* extra X's get set to 0's */
+    while (*--trv == 'X') {
+        *trv = (pid % 10) + '0';
+        pid /= 10;
+    }
+
+    /*
+     * check the target directory; if you have six X's and it
+     * doesn't exist this runs for a *very* long time.
+     */
+    for (start = trv + 1;; --trv) {
+        char saved;
+        if (trv <= path)
+            break;
+        saved = *trv;
+        if (saved == '/' || saved == '\\') {
+            int rv;
+            *trv = '\0';
+            rv = stat(path, &sbuf);
+            *trv = saved;
+            if (rv)
+                return (0);
+            if (!S_ISDIR(sbuf.st_mode)) {
+                errno = ENOTDIR;
+                return (0);
+            }
+            break;
+        }
+    }
+
+    for (;;) {
+        if (doopen) {
+            if ((*doopen =
+                     open(path, O_CREAT | O_EXCL | O_RDWR | extraFlags, 0600)) >= 0)
+                return (1);
+            if (errno != EEXIST)
+                return (0);
+        } else if (stat(path, &sbuf))
+            return (errno == ENOENT ? 1 : 0);
+
+        /* tricky little algorithm for backward compatibility */
+        for (trv = start;;) {
+            if (!*trv)
+                return (0);
+            if (*trv == 'z')
+                *trv++ = 'a';
+            else {
+                if (isdigit(*trv))
+                    *trv = 'a';
+                else
+                    ++*trv;
+                break;
+            }
+        }
+    }
+    /*NOTREACHED*/
+}
diff --git a/nss/lib/dbm/src/snprintf.c b/nss/lib/dbm/src/snprintf.c
new file mode 100644
index 0000000..3cafacf
--- /dev/null
+++ b/nss/lib/dbm/src/snprintf.c
@@ -0,0 +1,50 @@
+#ifndef HAVE_SNPRINTF
+
+#include <sys/types.h>
+#include <stddef.h>
+#include <stdio.h>
+
+#include "prtypes.h"
+
+#include <ncompat.h>
+
+#include <stdarg.h>
+
+int
+snprintf(char *str, size_t n, const char *fmt, ...)
+{
+    va_list ap;
+#ifdef VSPRINTF_CHARSTAR
+    char *rp;
+#else
+    int rval;
+#endif
+    va_start(ap, fmt);
+#ifdef VSPRINTF_CHARSTAR
+    rp = vsprintf(str, fmt, ap);
+    va_end(ap);
+    return (strlen(rp));
+#else
+    rval = vsprintf(str, fmt, ap);
+    va_end(ap);
+    return (rval);
+#endif
+}
+
+int
+    vsnprintf(str, n, fmt, ap) char *str;
+size_t n;
+const char *fmt;
+va_list ap;
+{
+#ifdef VSPRINTF_CHARSTAR
+    return (strlen(vsprintf(str, fmt, ap)));
+#else
+    return (vsprintf(str, fmt, ap));
+#endif
+}
+
+#endif /* HAVE_SNPRINTF */
+
+/* Some compilers don't like an empty source file. */
+static int dummy = 0;
diff --git a/nss/lib/dbm/src/src.gyp b/nss/lib/dbm/src/src.gyp
new file mode 100644
index 0000000..a84755e
--- /dev/null
+++ b/nss/lib/dbm/src/src.gyp
@@ -0,0 +1,40 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'dbm',
+      'type': 'static_library',
+      'sources': [
+        'db.c',
+        'dirent.c',
+        'h_bigkey.c',
+        'h_func.c',
+        'h_log2.c',
+        'h_page.c',
+        'hash.c',
+        'hash_buf.c',
+        'mktemp.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'STDC_HEADERS',
+      'HAVE_STRERROR',
+      'HAVE_SNPRINTF',
+      'MEMMOVE',
+      '__DBINTERFACE_PRIVATE'
+    ]
+  },
+  'variables': {
+    'module': 'dbm'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/dbm/src/strerror.c b/nss/lib/dbm/src/strerror.c
new file mode 100644
index 0000000..d64918b
--- /dev/null
+++ b/nss/lib/dbm/src/strerror.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 1988, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. ***REMOVED*** - see
+ *    ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char sccsid[] = "@(#)strerror.c  8.1 (Berkeley) 6/4/93";
+#endif /* LIBC_SCCS and not lint */
+
+#include <string.h>
+
+#ifdef _DLL
+#define sys_nerr (*_sys_nerr_dll)
+#endif
+
+#ifndef HAVE_STRERROR
+#ifndef _AFXDLL
+char *
+    strerror(num) int num;
+{
+    extern int sys_nerr;
+    extern char *sys_errlist[];
+#define UPREFIX "Unknown error: "
+    static char ebuf[40] = UPREFIX; /* 64-bit number + slop */
+    register unsigned int errnum;
+    register char *p, *t;
+    char tmp[40];
+
+    errnum = num; /* convert to unsigned */
+    if (errnum < sys_nerr)
+        return (sys_errlist[errnum]);
+
+    /* Do this by hand, so we don't include stdio(3). */
+    t = tmp;
+    do {
+        *t++ = "0123456789"[errnum % 10];
+    } while (errnum /= 10);
+    for (p = ebuf + sizeof(UPREFIX) - 1;;) {
+        *p++ = *--t;
+        if (t <= tmp)
+            break;
+    }
+    return (ebuf);
+}
+
+#endif
+#endif /* !HAVE_STRERROR */
diff --git a/nss/lib/dbm/tests/Makefile b/nss/lib/dbm/tests/Makefile
new file mode 100644
index 0000000..3ecabe2
--- /dev/null
+++ b/nss/lib/dbm/tests/Makefile
@@ -0,0 +1,41 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+DEPTH		= ../../..
+CORE_DEPTH	= ../../..
+
+VPATH		= $(CORE_DEPTH)/../dbm/tests
+
+MODULE		= dbm
+
+CSRCS		= lots.c
+
+PROGRAM		= lots
+
+include $(DEPTH)/coreconf/config.mk
+
+include $(DEPTH)/dbm/config/config.mk
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET))) 
+LIBDBM		= ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX)
+else
+LIBDBM		= ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX)
+endif
+
+INCLUDES	+= -I$(CORE_DEPTH)/../dbm/include
+
+LDFLAGS		= $(LDOPTS) $(LIBDBM)
+
+include $(DEPTH)/coreconf/rules.mk
+
+lots.pure: lots
+	purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS)
+
+crash: crash.o $(MYLIBS)
+	$(CC) -o crash $(CFLAGS) $^
+
+crash.pure: crash.o $(MYLIBS)
+	purify $(CC) -o crash.pure $(CFLAGS) $^
+
diff --git a/nss/lib/dbm/tests/dbmtest.pkg b/nss/lib/dbm/tests/dbmtest.pkg
new file mode 100644
index 0000000..abd564b
--- /dev/null
+++ b/nss/lib/dbm/tests/dbmtest.pkg
@@ -0,0 +1,2 @@
+[gecko-tests]
+dist/bin/lots@BINS@
diff --git a/nss/lib/dbm/tests/lots.c b/nss/lib/dbm/tests/lots.c
new file mode 100644
index 0000000..91bba49
--- /dev/null
+++ b/nss/lib/dbm/tests/lots.c
@@ -0,0 +1,553 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* use sequental numbers printed to strings
+ * to store lots and lots of entries in the
+ * database.
+ *
+ * Start with 100 entries, put them and then
+ * read them out.  Then delete the first
+ * half and verify that all of the first half
+ * is gone and then verify that the second
+ * half is still there.
+ * Then add the first half back and verify
+ * again.  Then delete the middle third
+ * and verify again.
+ * Then increase the size by 1000 and do
+ * the whole add delete thing again.
+ *
+ * The data for each object is the number string translated
+ * to hex and replicated a random number of times.  The
+ * number of times that the data is replicated is the first
+ * int32 in the data.
+ */
+
+#include <stdio.h>
+
+#include <stdlib.h>
+#ifdef STDC_HEADERS
+#include <stdarg.h>
+#else
+#include <varargs.h>
+#endif
+
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include <string.h>
+#include <assert.h>
+#include "mcom_db.h"
+
+DB *database = 0;
+int MsgPriority = 5;
+
+#if defined(_WINDOWS) && !defined(WIN32)
+#define int32 long
+#define uint32 unsigned long
+#else
+#define int32 int
+#define uint32 unsigned int
+#endif
+
+typedef enum {
+    USE_LARGE_KEY,
+    USE_SMALL_KEY
+} key_type_enum;
+
+#define TraceMe(priority, msg)         \
+    do {                               \
+        if (priority <= MsgPriority) { \
+            ReportStatus msg;          \
+        }                              \
+    } while (0)
+
+int
+ReportStatus(char *string, ...)
+{
+    va_list args;
+
+#ifdef STDC_HEADERS
+    va_start(args, string);
+#else
+    va_start(args);
+#endif
+    vfprintf(stderr, string, args);
+    va_end(args);
+
+    fprintf(stderr, "\n");
+
+    return (0);
+}
+
+int
+ReportError(char *string, ...)
+{
+    va_list args;
+
+#ifdef STDC_HEADERS
+    va_start(args, string);
+#else
+    va_start(args);
+#endif
+    fprintf(stderr, "\n	");
+    vfprintf(stderr, string, args);
+    fprintf(stderr, "\n");
+    va_end(args);
+
+    return (0);
+}
+
+DBT *
+MakeLargeKey(int32 num)
+{
+    int32 low_bits;
+    static DBT rv;
+    static char *string_rv = 0;
+    int rep_char;
+    size_t size;
+
+    if (string_rv)
+        free(string_rv);
+
+    /* generate a really large text key derived from
+	 * an int32
+	 */
+    low_bits = (num % 10000) + 1;
+
+    /* get the repeat char from the low 26 */
+    rep_char = (char)((low_bits % 26) + 'a');
+
+    /* malloc a string low_bits wide */
+    size = low_bits * sizeof(char);
+    string_rv = (char *)malloc(size);
+
+    memset(string_rv, rep_char, size);
+
+    rv.data = string_rv;
+    rv.size = size;
+
+    return (&rv);
+}
+
+DBT *
+MakeSmallKey(int32 num)
+{
+    static DBT rv;
+    static char data_string[64];
+
+    rv.data = data_string;
+
+    sprintf(data_string, "%ld", (long)num);
+    rv.size = strlen(data_string);
+
+    return (&rv);
+}
+
+DBT *
+GenKey(int32 num, key_type_enum key_type)
+{
+    DBT *key;
+
+    switch (key_type) {
+        case USE_LARGE_KEY:
+            key = MakeLargeKey(num);
+            break;
+        case USE_SMALL_KEY:
+            key = MakeSmallKey(num);
+            break;
+        default:
+            abort();
+            break;
+    }
+
+    return (key);
+}
+
+int
+SeqDatabase()
+{
+    int status;
+    DBT key, data;
+
+    ReportStatus("SEQuencing through database...");
+
+    /* seq through the whole database */
+    if (!(status = (*database->seq)(database, &key, &data, R_FIRST))) {
+        while (!(status = (database->seq)(database, &key, &data, R_NEXT)))
+            ; /* null body */
+    }
+
+    if (status < 0)
+        ReportError("Error seq'ing database");
+
+    return (status);
+}
+
+int
+VerifyData(DBT *data, int32 num, key_type_enum key_type)
+{
+    int32 count, compare_num;
+    size_t size;
+    int32 *int32_array;
+
+    /* The first int32 is count 
+	 * The other n entries should
+	 * all equal num
+	 */
+    if (data->size < sizeof(int32)) {
+        ReportError("Data size corrupted");
+        return -1;
+    }
+
+    memcpy(&count, data->data, sizeof(int32));
+
+    size = sizeof(int32) * (count + 1);
+
+    if (size != data->size) {
+        ReportError("Data size corrupted");
+        return -1;
+    }
+
+    int32_array = (int32 *)data->data;
+
+    for (; count > 0; count--) {
+        memcpy(&compare_num, &int32_array[count], sizeof(int32));
+
+        if (compare_num != num) {
+            ReportError("Data corrupted");
+            return -1;
+        }
+    }
+
+    return (0);
+}
+
+/* verify that a range of number strings exist
+ * or don't exist. And that the data is valid
+ */
+#define SHOULD_EXIST 1
+#define SHOULD_NOT_EXIST 0
+int
+VerifyRange(int32 low, int32 high, int32 should_exist, key_type_enum key_type)
+{
+    DBT *key, data;
+    int32 num;
+    int status;
+
+    TraceMe(1, ("Verifying: %ld to %ld, using %s keys",
+                low, high, key_type == USE_SMALL_KEY ? "SMALL" : "LARGE"));
+
+    for (num = low; num <= high; num++) {
+
+        key = GenKey(num, key_type);
+
+        status = (*database->get)(database, key, &data, 0);
+
+        if (status == 0) {
+            /* got the item */
+            if (!should_exist) {
+                ReportError("Item exists but shouldn't: %ld", num);
+            } else {
+                /* else verify the data */
+                VerifyData(&data, num, key_type);
+            }
+        } else if (status > 0) {
+            /* item not found */
+            if (should_exist) {
+                ReportError("Item not found but should be: %ld", num);
+            }
+        } else {
+            /* database error */
+            ReportError("Database error");
+            return (-1);
+        }
+    }
+
+    TraceMe(1, ("Correctly verified: %ld to %ld", low, high));
+
+    return (0);
+}
+
+DBT *
+GenData(int32 num)
+{
+    int32 n;
+    static DBT *data = 0;
+    int32 *int32_array;
+    size_t size;
+
+    if (!data) {
+        data = (DBT *)malloc(sizeof(DBT));
+        data->size = 0;
+        data->data = 0;
+    } else if (data->data) {
+        free(data->data);
+    }
+
+    n = rand();
+
+    n = n % 512; /* bound to a 2K size */
+
+    size = sizeof(int32) * (n + 1);
+    int32_array = (int32 *)malloc(size);
+
+    memcpy(&int32_array[0], &n, sizeof(int32));
+
+    for (; n > 0; n--) {
+        memcpy(&int32_array[n], &num, sizeof(int32));
+    }
+
+    data->data = (void *)int32_array;
+    data->size = size;
+
+    return (data);
+}
+
+#define ADD_RANGE 1
+#define DELETE_RANGE 2
+
+int
+AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type)
+{
+    DBT *key, *data;
+#if 0 /* only do this if your really analy checking the puts */
+	DBT tmp_data;
+#endif
+    int32 num;
+    int status;
+
+    if (action != ADD_RANGE && action != DELETE_RANGE)
+        assert(0);
+
+    if (action == ADD_RANGE) {
+        TraceMe(1, ("Adding: %ld to %ld: %s keys", low, high,
+                    key_type == USE_SMALL_KEY ? "SMALL" : "LARGE"));
+    } else {
+        TraceMe(1, ("Deleting: %ld to %ld: %s keys", low, high,
+                    key_type == USE_SMALL_KEY ? "SMALL" : "LARGE"));
+    }
+
+    for (num = low; num <= high; num++) {
+
+        key = GenKey(num, key_type);
+
+        if (action == ADD_RANGE) {
+            data = GenData(num);
+            status = (*database->put)(database, key, data, 0);
+        } else {
+            status = (*database->del)(database, key, 0);
+        }
+
+        if (status < 0) {
+            ReportError("Database error %s item: %ld",
+                        action == ADD_RANGE ? "ADDING" : "DELETING",
+                        num);
+        } else if (status > 0) {
+            ReportError("Could not %s item: %ld",
+                        action == ADD_RANGE ? "ADD" : "DELETE",
+                        num);
+        } else if (action == ADD_RANGE) {
+#define SYNC_EVERY_TIME
+#ifdef SYNC_EVERY_TIME
+            status = (*database->sync)(database, 0);
+            if (status != 0)
+                ReportError("Database error syncing after add");
+#endif
+
+#if 0 /* only do this if your really analy checking the puts */
+	 
+			/* make sure we can still get it
+			 */
+			status = (*database->get)(database, key, &tmp_data, 0);
+
+			if(status != 0)
+			  {
+				ReportError("Database error checking item just added: %d",
+							num);
+			  }
+			else
+			  {
+				/* now verify that none of the ones we already
+				 * put in have disappeared
+				 */
+				VerifyRange(low, num, SHOULD_EXIST, key_type);
+			  }
+#endif
+        }
+    }
+
+    if (action == ADD_RANGE) {
+        TraceMe(1, ("Successfully added: %ld to %ld", low, high));
+    } else {
+        TraceMe(1, ("Successfully deleted: %ld to %ld", low, high));
+    }
+
+    return (0);
+}
+
+int
+TestRange(int32 low, int32 range, key_type_enum key_type)
+{
+    int status;
+    int32 low_of_range1, high_of_range1;
+    int32 low_of_range2, high_of_range2;
+    int32 low_of_range3, high_of_range3;
+
+    status = AddOrDelRange(low, low + range, ADD_RANGE, key_type);
+    status = VerifyRange(low, low + range, SHOULD_EXIST, key_type);
+
+    TraceMe(1, ("Finished with sub test 1"));
+
+    SeqDatabase();
+
+    low_of_range1 = low;
+    high_of_range1 = low + (range / 2);
+    low_of_range2 = high_of_range1 + 1;
+    high_of_range2 = low + range;
+    status = AddOrDelRange(low_of_range1, high_of_range1, DELETE_RANGE, key_type);
+    status = VerifyRange(low_of_range1, high_of_range1, SHOULD_NOT_EXIST, key_type);
+    status = VerifyRange(low_of_range2, low_of_range2, SHOULD_EXIST, key_type);
+
+    TraceMe(1, ("Finished with sub test 2"));
+
+    SeqDatabase();
+
+    status = AddOrDelRange(low_of_range1, high_of_range1, ADD_RANGE, key_type);
+    /* the whole thing should exist now */
+    status = VerifyRange(low, low + range, SHOULD_EXIST, key_type);
+
+    TraceMe(1, ("Finished with sub test 3"));
+
+    SeqDatabase();
+
+    status = AddOrDelRange(low_of_range2, high_of_range2, DELETE_RANGE, key_type);
+    status = VerifyRange(low_of_range1, high_of_range1, SHOULD_EXIST, key_type);
+    status = VerifyRange(low_of_range2, high_of_range2, SHOULD_NOT_EXIST, key_type);
+
+    TraceMe(1, ("Finished with sub test 4"));
+
+    SeqDatabase();
+
+    status = AddOrDelRange(low_of_range2, high_of_range2, ADD_RANGE, key_type);
+    /* the whole thing should exist now */
+    status = VerifyRange(low, low + range, SHOULD_EXIST, key_type);
+
+    TraceMe(1, ("Finished with sub test 5"));
+
+    SeqDatabase();
+
+    low_of_range1 = low;
+    high_of_range1 = low + (range / 3);
+    low_of_range2 = high_of_range1 + 1;
+    high_of_range2 = high_of_range1 + (range / 3);
+    low_of_range3 = high_of_range2 + 1;
+    high_of_range3 = low + range;
+    /* delete range 2 */
+    status = AddOrDelRange(low_of_range2, high_of_range2, DELETE_RANGE, key_type);
+    status = VerifyRange(low_of_range1, high_of_range1, SHOULD_EXIST, key_type);
+    status = VerifyRange(low_of_range2, low_of_range2, SHOULD_NOT_EXIST, key_type);
+    status = VerifyRange(low_of_range3, low_of_range2, SHOULD_EXIST, key_type);
+
+    TraceMe(1, ("Finished with sub test 6"));
+
+    SeqDatabase();
+
+    status = AddOrDelRange(low_of_range2, high_of_range2, ADD_RANGE, key_type);
+    /* the whole thing should exist now */
+    status = VerifyRange(low, low + range, SHOULD_EXIST, key_type);
+
+    TraceMe(1, ("Finished with sub test 7"));
+
+    return (0);
+}
+
+#define START_RANGE 109876
+int
+main(int argc, char **argv)
+{
+    int32 i, j = 0;
+    int quick_exit = 0;
+    int large_keys = 0;
+    HASHINFO hash_info = {
+        16 * 1024,
+        0,
+        0,
+        0,
+        0,
+        0
+    };
+
+    if (argc > 1) {
+        while (argc > 1) {
+            if (!strcmp(argv[argc - 1], "-quick"))
+                quick_exit = 1;
+            else if (!strcmp(argv[argc - 1], "-large")) {
+                large_keys = 1;
+            }
+            argc--;
+        }
+    }
+
+    database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, &hash_info);
+
+    if (!database) {
+        ReportError("Could not open database");
+#ifdef unix
+        perror("");
+#endif
+        exit(1);
+    }
+
+    if (quick_exit) {
+        if (large_keys)
+            TestRange(START_RANGE, 200, USE_LARGE_KEY);
+        else
+            TestRange(START_RANGE, 200, USE_SMALL_KEY);
+
+        (*database->sync)(database, 0);
+        (*database->close)(database);
+        exit(0);
+    }
+
+    for (i = 100; i < 10000000; i += 200) {
+        if (1 || j) {
+            TestRange(START_RANGE, i, USE_LARGE_KEY);
+            j = 0;
+        } else {
+            TestRange(START_RANGE, i, USE_SMALL_KEY);
+            j = 1;
+        }
+
+        if (1 == rand() % 3) {
+            (*database->sync)(database, 0);
+        }
+
+        if (1 == rand() % 3) {
+            /* close and reopen */
+            (*database->close)(database);
+            database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0);
+            if (!database) {
+                ReportError("Could not reopen database");
+#ifdef unix
+                perror("");
+#endif
+                exit(1);
+            }
+        } else {
+            /* reopen database without closeing the other */
+            database = dbopen("test.db", O_RDWR | O_CREAT, 0644, DB_HASH, 0);
+            if (!database) {
+                ReportError("Could not reopen database "
+                            "after not closing the other");
+#ifdef unix
+                perror("");
+#endif
+                exit(1);
+            }
+        }
+    }
+
+    return (0);
+}
diff --git a/nss/lib/dev/Makefile b/nss/lib/dev/Makefile
new file mode 100644
index 0000000..d88eb28
--- /dev/null
+++ b/nss/lib/dev/Makefile
@@ -0,0 +1,24 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
+# ckhelper.c in 64-bit mode for unknown reasons.  A workaround is
+# to compile it with optimizations turned on.  (Bugzilla bug #63815)
+ifeq ($(OS_TARGET)$(OS_RELEASE),AIX4.3)
+ifeq ($(USE_64),1)
+ifndef BUILD_OPT
+$(OBJDIR)/ckhelper.o: ckhelper.c
+	@$(MAKE_OBJDIR)
+	$(CC) -o $@ -c -O2 $(CFLAGS) $<
+endif
+endif
+endif
+
+export:: private_export
diff --git a/nss/lib/dev/ckhelper.c b/nss/lib/dev/ckhelper.c
new file mode 100644
index 0000000..4f39726
--- /dev/null
+++ b/nss/lib/dev/ckhelper.c
@@ -0,0 +1,592 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+#ifndef DEVM_H
+#include "devm.h"
+#endif /* DEVM_H */
+
+#ifndef CKHELPER_H
+#include "ckhelper.h"
+#endif /* CKHELPER_H */
+
+extern const NSSError NSS_ERROR_DEVICE_ERROR;
+
+static const CK_BBOOL s_true = CK_TRUE;
+NSS_IMPLEMENT_DATA const NSSItem
+    g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) };
+
+static const CK_BBOOL s_false = CK_FALSE;
+NSS_IMPLEMENT_DATA const NSSItem
+    g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) };
+
+static const CK_OBJECT_CLASS s_class_cert = CKO_CERTIFICATE;
+NSS_IMPLEMENT_DATA const NSSItem
+    g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) };
+
+static const CK_OBJECT_CLASS s_class_pubkey = CKO_PUBLIC_KEY;
+NSS_IMPLEMENT_DATA const NSSItem
+    g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) };
+
+static const CK_OBJECT_CLASS s_class_privkey = CKO_PRIVATE_KEY;
+NSS_IMPLEMENT_DATA const NSSItem
+    g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) };
+
+static PRBool
+is_string_attribute(
+    CK_ATTRIBUTE_TYPE aType)
+{
+    PRBool isString;
+    switch (aType) {
+        case CKA_LABEL:
+        case CKA_NSS_EMAIL:
+            isString = PR_TRUE;
+            break;
+        default:
+            isString = PR_FALSE;
+            break;
+    }
+    return isString;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCKObject_GetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot)
+{
+    nssArenaMark *mark = NULL;
+    CK_SESSION_HANDLE hSession;
+    CK_ULONG i = 0;
+    CK_RV ckrv;
+    PRStatus nssrv;
+    PRBool alloced = PR_FALSE;
+    void *epv = nssSlot_GetCryptokiEPV(slot);
+    hSession = session->handle;
+    if (arenaOpt) {
+        mark = nssArena_Mark(arenaOpt);
+        if (!mark) {
+            goto loser;
+        }
+    }
+    nssSession_EnterMonitor(session);
+    /* XXX kinda hacky, if the storage size is already in the first template
+     * item, then skip the alloc portion
+     */
+    if (obj_template[0].ulValueLen == 0) {
+        /* Get the storage size needed for each attribute */
+        ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
+                                               object, obj_template, count);
+        if (ckrv != CKR_OK &&
+            ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
+            ckrv != CKR_ATTRIBUTE_SENSITIVE) {
+            nssSession_ExitMonitor(session);
+            nss_SetError(NSS_ERROR_DEVICE_ERROR);
+            goto loser;
+        }
+        /* Allocate memory for each attribute. */
+        for (i = 0; i < count; i++) {
+            CK_ULONG ulValueLen = obj_template[i].ulValueLen;
+            if (ulValueLen == 0 || ulValueLen == (CK_ULONG)-1) {
+                obj_template[i].pValue = NULL;
+                obj_template[i].ulValueLen = 0;
+                continue;
+            }
+            if (is_string_attribute(obj_template[i].type)) {
+                ulValueLen++;
+            }
+            obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen);
+            if (!obj_template[i].pValue) {
+                nssSession_ExitMonitor(session);
+                goto loser;
+            }
+        }
+        alloced = PR_TRUE;
+    }
+    /* Obtain the actual attribute values. */
+    ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
+                                           object, obj_template, count);
+    nssSession_ExitMonitor(session);
+    if (ckrv != CKR_OK &&
+        ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
+        ckrv != CKR_ATTRIBUTE_SENSITIVE) {
+        nss_SetError(NSS_ERROR_DEVICE_ERROR);
+        goto loser;
+    }
+    if (alloced && arenaOpt) {
+        nssrv = nssArena_Unmark(arenaOpt, mark);
+        if (nssrv != PR_SUCCESS) {
+            goto loser;
+        }
+    }
+
+    if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
+                      (ckrv == CKR_ATTRIBUTE_SENSITIVE))) {
+        /* old tokens would keep the length of '0' and not deal with any
+         * of the attributes we passed. For those tokens read them one at
+         * a time */
+        for (i = 0; i < count; i++) {
+            if ((obj_template[i].ulValueLen == 0) ||
+                (obj_template[i].ulValueLen == -1)) {
+                obj_template[i].ulValueLen = 0;
+                (void)nssCKObject_GetAttributes(object, &obj_template[i], 1,
+                                                arenaOpt, session, slot);
+            }
+        }
+    }
+    return PR_SUCCESS;
+loser:
+    if (alloced) {
+        if (arenaOpt) {
+            /* release all arena memory allocated before the failure. */
+            (void)nssArena_Release(arenaOpt, mark);
+        } else {
+            CK_ULONG j;
+            /* free each heap object that was allocated before the failure. */
+            for (j = 0; j < i; j++) {
+                nss_ZFreeIf(obj_template[j].pValue);
+            }
+        }
+    }
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCKObject_GetAttributeItem(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot,
+    NSSItem *rvItem)
+{
+    CK_ATTRIBUTE attr = { 0, NULL, 0 };
+    PRStatus nssrv;
+    attr.type = attribute;
+    nssrv = nssCKObject_GetAttributes(object, &attr, 1,
+                                      arenaOpt, session, slot);
+    if (nssrv != PR_SUCCESS) {
+        return nssrv;
+    }
+    rvItem->data = (void *)attr.pValue;
+    rvItem->size = (PRUint32)attr.ulValueLen;
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRBool
+nssCKObject_IsAttributeTrue(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    nssSession *session,
+    NSSSlot *slot,
+    PRStatus *rvStatus)
+{
+    CK_BBOOL bool;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE atemplate = { 0, NULL, 0 };
+    CK_RV ckrv;
+    void *epv = nssSlot_GetCryptokiEPV(slot);
+    attr = &atemplate;
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, attribute, bool);
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object,
+                                           &atemplate, 1);
+    nssSession_ExitMonitor(session);
+    if (ckrv != CKR_OK) {
+        *rvStatus = PR_FAILURE;
+        return PR_FALSE;
+    }
+    *rvStatus = PR_SUCCESS;
+    return (PRBool)(bool == CK_TRUE);
+}
+
+NSS_IMPLEMENT PRStatus
+nssCKObject_SetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    nssSession *session,
+    NSSSlot *slot)
+{
+    CK_RV ckrv;
+    void *epv = nssSlot_GetCryptokiEPV(slot);
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object,
+                                           obj_template, count);
+    nssSession_ExitMonitor(session);
+    if (ckrv == CKR_OK) {
+        return PR_SUCCESS;
+    } else {
+        return PR_FAILURE;
+    }
+}
+
+NSS_IMPLEMENT PRBool
+nssCKObject_IsTokenObjectTemplate(
+    CK_ATTRIBUTE_PTR objectTemplate,
+    CK_ULONG otsize)
+{
+    CK_ULONG ul;
+    for (ul = 0; ul < otsize; ul++) {
+        if (objectTemplate[ul].type == CKA_TOKEN) {
+            return (*((CK_BBOOL *)objectTemplate[ul].pValue) == CK_TRUE);
+        }
+    }
+    return PR_FALSE;
+}
+
+static NSSCertificateType
+nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib)
+{
+    CK_CERTIFICATE_TYPE ckCertType;
+    if (!attrib->pValue) {
+        /* default to PKIX */
+        return NSSCertificateType_PKIX;
+    }
+    ckCertType = *((CK_ULONG *)attrib->pValue);
+    switch (ckCertType) {
+        case CKC_X_509:
+            return NSSCertificateType_PKIX;
+        default:
+            break;
+    }
+    return NSSCertificateType_Unknown;
+}
+
+/* incoming pointers must be valid */
+NSS_IMPLEMENT PRStatus
+nssCryptokiCertificate_GetAttributes(
+    nssCryptokiObject *certObject,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSCertificateType *certTypeOpt,
+    NSSItem *idOpt,
+    NSSDER *encodingOpt,
+    NSSDER *issuerOpt,
+    NSSDER *serialOpt,
+    NSSDER *subjectOpt)
+{
+    PRStatus status;
+    PRUint32 i;
+    nssSession *session;
+    NSSSlot *slot;
+    CK_ULONG template_size;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE cert_template[6];
+    /* Set up a template of all options chosen by caller */
+    NSS_CK_TEMPLATE_START(cert_template, attr, template_size);
+    if (certTypeOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE);
+    }
+    if (idOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
+    }
+    if (encodingOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+    }
+    if (issuerOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER);
+    }
+    if (serialOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER);
+    }
+    if (subjectOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
+    }
+    NSS_CK_TEMPLATE_FINISH(cert_template, attr, template_size);
+    if (template_size == 0) {
+        /* caller didn't want anything */
+        return PR_SUCCESS;
+    }
+
+    status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt,
+                                                certObject, CKO_CERTIFICATE,
+                                                cert_template, template_size);
+    if (status != PR_SUCCESS) {
+
+        session = sessionOpt ? sessionOpt
+                             : nssToken_GetDefaultSession(certObject->token);
+        if (!session) {
+            nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+            return PR_FAILURE;
+        }
+
+        slot = nssToken_GetSlot(certObject->token);
+        status = nssCKObject_GetAttributes(certObject->handle,
+                                           cert_template, template_size,
+                                           arenaOpt, session, slot);
+        nssSlot_Destroy(slot);
+        if (status != PR_SUCCESS) {
+            return status;
+        }
+    }
+
+    i = 0;
+    if (certTypeOpt) {
+        *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]);
+        i++;
+    }
+    if (idOpt) {
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt);
+        i++;
+    }
+    if (encodingOpt) {
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt);
+        i++;
+    }
+    if (issuerOpt) {
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt);
+        i++;
+    }
+    if (serialOpt) {
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt);
+        i++;
+    }
+    if (subjectOpt) {
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt);
+        i++;
+    }
+    return PR_SUCCESS;
+}
+
+static nssTrustLevel
+get_nss_trust(
+    CK_TRUST ckt)
+{
+    nssTrustLevel t;
+    switch (ckt) {
+        case CKT_NSS_NOT_TRUSTED:
+            t = nssTrustLevel_NotTrusted;
+            break;
+        case CKT_NSS_TRUSTED_DELEGATOR:
+            t = nssTrustLevel_TrustedDelegator;
+            break;
+        case CKT_NSS_VALID_DELEGATOR:
+            t = nssTrustLevel_ValidDelegator;
+            break;
+        case CKT_NSS_TRUSTED:
+            t = nssTrustLevel_Trusted;
+            break;
+        case CKT_NSS_MUST_VERIFY_TRUST:
+            t = nssTrustLevel_MustVerify;
+            break;
+        case CKT_NSS_TRUST_UNKNOWN:
+        default:
+            t = nssTrustLevel_Unknown;
+            break;
+    }
+    return t;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCryptokiTrust_GetAttributes(
+    nssCryptokiObject *trustObject,
+    nssSession *sessionOpt,
+    NSSItem *sha1_hash,
+    nssTrustLevel *serverAuth,
+    nssTrustLevel *clientAuth,
+    nssTrustLevel *codeSigning,
+    nssTrustLevel *emailProtection,
+    PRBool *stepUpApproved)
+{
+    PRStatus status;
+    NSSSlot *slot;
+    nssSession *session;
+    CK_BBOOL isToken = PR_FALSE;
+    CK_BBOOL stepUp = PR_FALSE;
+    CK_TRUST saTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_TRUST caTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_TRUST epTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_TRUST csTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE trust_template[7];
+    CK_ATTRIBUTE_PTR sha1_hash_attr;
+    CK_ULONG trust_size;
+
+    /* Use the trust object to find the trust settings */
+    NSS_CK_TEMPLATE_START(trust_template, attr, trust_size);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp);
+    sha1_hash_attr = attr;
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash);
+    NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size);
+
+    status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL,
+                                                trustObject,
+                                                CKO_NSS_TRUST,
+                                                trust_template, trust_size);
+    if (status != PR_SUCCESS) {
+        session = sessionOpt ? sessionOpt
+                             : nssToken_GetDefaultSession(trustObject->token);
+        if (!session) {
+            nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+            return PR_FAILURE;
+        }
+
+        slot = nssToken_GetSlot(trustObject->token);
+        status = nssCKObject_GetAttributes(trustObject->handle,
+                                           trust_template, trust_size,
+                                           NULL, session, slot);
+        nssSlot_Destroy(slot);
+        if (status != PR_SUCCESS) {
+            return status;
+        }
+    }
+
+    if (sha1_hash_attr->ulValueLen == -1) {
+        /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */
+        sha1_hash_attr->ulValueLen = 0;
+    }
+    sha1_hash->size = sha1_hash_attr->ulValueLen;
+    *serverAuth = get_nss_trust(saTrust);
+    *clientAuth = get_nss_trust(caTrust);
+    *emailProtection = get_nss_trust(epTrust);
+    *codeSigning = get_nss_trust(csTrust);
+    *stepUpApproved = stepUp;
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCryptokiCRL_GetAttributes(
+    nssCryptokiObject *crlObject,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSItem *encodingOpt,
+    NSSItem *subjectOpt,
+    CK_ULONG *crl_class,
+    NSSUTF8 **urlOpt,
+    PRBool *isKRLOpt)
+{
+    PRStatus status;
+    NSSSlot *slot;
+    nssSession *session;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE crl_template[7];
+    CK_ULONG crl_size;
+    PRUint32 i;
+
+    NSS_CK_TEMPLATE_START(crl_template, attr, crl_size);
+    if (crl_class) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CLASS);
+    }
+    if (encodingOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+    }
+    if (urlOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL);
+    }
+    if (isKRLOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL);
+    }
+    if (subjectOpt) {
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
+    }
+    NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size);
+
+    status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL,
+                                                crlObject,
+                                                CKO_NSS_CRL,
+                                                crl_template, crl_size);
+    if (status != PR_SUCCESS) {
+        session = sessionOpt ? sessionOpt
+                             : nssToken_GetDefaultSession(crlObject->token);
+        if (session == NULL) {
+            nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+            return PR_FAILURE;
+        }
+
+        slot = nssToken_GetSlot(crlObject->token);
+        status = nssCKObject_GetAttributes(crlObject->handle,
+                                           crl_template, crl_size,
+                                           arenaOpt, session, slot);
+        nssSlot_Destroy(slot);
+        if (status != PR_SUCCESS) {
+            return status;
+        }
+    }
+
+    i = 0;
+    if (crl_class) {
+        NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class);
+        i++;
+    }
+    if (encodingOpt) {
+        NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt);
+        i++;
+    }
+    if (urlOpt) {
+        NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt);
+        i++;
+    }
+    if (isKRLOpt) {
+        NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt);
+        i++;
+    }
+    if (subjectOpt) {
+        NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt);
+        i++;
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCryptokiPrivateKey_SetCertificate(
+    nssCryptokiObject *keyObject,
+    nssSession *sessionOpt,
+    const NSSUTF8 *nickname,
+    NSSItem *id,
+    NSSDER *subject)
+{
+    CK_RV ckrv;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE key_template[3];
+    CK_ULONG key_size;
+    void *epv = nssToken_GetCryptokiEPV(keyObject->token);
+    nssSession *session;
+    NSSToken *token = keyObject->token;
+    nssSession *defaultSession = nssToken_GetDefaultSession(token);
+    PRBool createdSession = PR_FALSE;
+
+    NSS_CK_TEMPLATE_START(key_template, attr, key_size);
+    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+    NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size);
+
+    if (sessionOpt) {
+        if (!nssSession_IsReadWrite(sessionOpt)) {
+            return PR_FAILURE;
+        }
+        session = sessionOpt;
+    } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
+        session = defaultSession;
+    } else {
+        NSSSlot *slot = nssToken_GetSlot(token);
+        session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
+        nssSlot_Destroy(slot);
+        if (!session) {
+            return PR_FAILURE;
+        }
+        createdSession = PR_TRUE;
+    }
+
+    ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle,
+                                           keyObject->handle,
+                                           key_template,
+                                           key_size);
+
+    if (createdSession) {
+        nssSession_Destroy(session);
+    }
+
+    return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
+}
diff --git a/nss/lib/dev/ckhelper.h b/nss/lib/dev/ckhelper.h
new file mode 100644
index 0000000..169fc20
--- /dev/null
+++ b/nss/lib/dev/ckhelper.h
@@ -0,0 +1,148 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * ckhelper.h
+ *
+ * This file contains some helper utilities for interaction with cryptoki.
+ */
+
+#ifndef CKHELPER_H
+#define CKHELPER_H
+
+PR_BEGIN_EXTERN_C
+
+/* Some globals to keep from constantly redeclaring common cryptoki
+ * attribute types on the stack.
+ */
+
+/* Boolean values */
+NSS_EXTERN_DATA const NSSItem g_ck_true;
+NSS_EXTERN_DATA const NSSItem g_ck_false;
+
+/* Object classes */
+NSS_EXTERN_DATA const NSSItem g_ck_class_cert;
+NSS_EXTERN_DATA const NSSItem g_ck_class_pubkey;
+NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
+
+#define NSS_CK_TEMPLATE_START(_template, attr, size) \
+    attr = _template;                                \
+    size = 0;
+
+#define NSS_CK_SET_ATTRIBUTE_ITEM(pattr, kind, item) \
+    (pattr)->type = kind;                            \
+    (pattr)->pValue = (CK_VOID_PTR)(item)->data;     \
+    (pattr)->ulValueLen = (CK_ULONG)(item)->size;    \
+    (pattr)++;
+
+#define NSS_CK_SET_ATTRIBUTE_UTF8(pattr, kind, utf8)          \
+    (pattr)->type = kind;                                     \
+    (pattr)->pValue = (CK_VOID_PTR)utf8;                      \
+    (pattr)->ulValueLen = (CK_ULONG)nssUTF8_Size(utf8, NULL); \
+    if ((pattr)->ulValueLen)                                  \
+        ((pattr)->ulValueLen)--;                              \
+    (pattr)++;
+
+#define NSS_CK_SET_ATTRIBUTE_VAR(pattr, kind, var) \
+    (pattr)->type = kind;                          \
+    (pattr)->pValue = (CK_VOID_PTR)&var;           \
+    (pattr)->ulValueLen = (CK_ULONG)sizeof(var);   \
+    (pattr)++;
+
+#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind) \
+    (pattr)->type = kind;                      \
+    (pattr)->pValue = (CK_VOID_PTR)NULL;       \
+    (pattr)->ulValueLen = 0;                   \
+    (pattr)++;
+
+#define NSS_CK_TEMPLATE_FINISH(_template, attr, size) \
+    size = (attr) - (_template);                      \
+    PR_ASSERT(size <= sizeof(_template) / sizeof(_template[0]));
+
+/* NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item)
+ *
+ * Convert a CK_ATTRIBUTE to an NSSItem.
+ */
+#define NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item)         \
+    if ((CK_LONG)(attrib)->ulValueLen > 0) {           \
+        (item)->data = (void *)(attrib)->pValue;       \
+        (item)->size = (PRUint32)(attrib)->ulValueLen; \
+    } else {                                           \
+        (item)->data = 0;                              \
+        (item)->size = 0;                              \
+    }
+
+#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar)         \
+    if ((attrib)->ulValueLen > 0) {                       \
+        if (*((CK_BBOOL *)(attrib)->pValue) == CK_TRUE) { \
+            boolvar = PR_TRUE;                            \
+        } else {                                          \
+            boolvar = PR_FALSE;                           \
+        }                                                 \
+    }
+
+#define NSS_CK_ATTRIBUTE_TO_ULONG(attrib, ulongvar) \
+    if ((attrib)->ulValueLen > 0) {                 \
+        ulongvar = *((CK_ULONG *)(attrib)->pValue); \
+    }
+
+/* NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str)
+ *
+ * Convert a CK_ATTRIBUTE to a string.
+ */
+#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) \
+    str = (NSSUTF8 *)((attrib)->pValue);
+
+/* NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)
+ *
+ * Convert an NSSItem to a  CK_ATTRIBUTE.
+ */
+#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)    \
+    (attrib)->pValue = (CK_VOID_PTR)(item)->data; \
+    (attrib)->ulValueLen = (CK_ULONG)(item)->size;
+
+/* Get an array of attributes from an object. */
+NSS_EXTERN PRStatus
+nssCKObject_GetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot);
+
+/* Get a single attribute as an item. */
+NSS_EXTERN PRStatus
+nssCKObject_GetAttributeItem(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot,
+    NSSItem *rvItem);
+
+NSS_EXTERN PRBool
+nssCKObject_IsAttributeTrue(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    nssSession *session,
+    NSSSlot *slot,
+    PRStatus *rvStatus);
+
+NSS_EXTERN PRStatus
+nssCKObject_SetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    nssSession *session,
+    NSSSlot *slot);
+
+NSS_EXTERN PRBool
+nssCKObject_IsTokenObjectTemplate(
+    CK_ATTRIBUTE_PTR objectTemplate,
+    CK_ULONG otsize);
+
+PR_END_EXTERN_C
+
+#endif /* CKHELPER_H */
diff --git a/nss/lib/dev/config.mk b/nss/lib/dev/config.mk
new file mode 100644
index 0000000..2676cd5
--- /dev/null
+++ b/nss/lib/dev/config.mk
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef BUILD_IDG
+DEFINES += -DNSSDEBUG
+endif
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/dev/dev.gyp b/nss/lib/dev/dev.gyp
new file mode 100644
index 0000000..dfa8f7e
--- /dev/null
+++ b/nss/lib/dev/dev.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nssdev',
+      'type': 'static_library',
+      'sources': [
+        'ckhelper.c',
+        'devslot.c',
+        'devtoken.c',
+        'devutil.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/dev/dev.h b/nss/lib/dev/dev.h
new file mode 100644
index 0000000..7e64e76
--- /dev/null
+++ b/nss/lib/dev/dev.h
@@ -0,0 +1,747 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEV_H
+#define DEV_H
+
+/*
+ * dev.h
+ *
+ * Low-level methods for interaction with cryptoki devices
+ */
+
+#ifndef NSSDEV_H
+#include "nssdev.h"
+#endif /* NSSDEV_H */
+
+#ifndef DEVT_H
+#include "devt.h"
+#endif /* DEVT_H */
+
+PR_BEGIN_EXTERN_C
+
+/* the global module list
+ *
+ * These functions are for managing the global set of modules.  Trust Domains,
+ * etc., will draw from this set.  These functions are completely internal
+ * and only invoked when there are changes to the global module state
+ * (load or unload).
+ *
+ * nss_InitializeGlobalModuleList
+ * nss_DestroyGlobalModuleList
+ * nss_GetLoadedModules
+ *
+ * nssGlobalModuleList_Add
+ * nssGlobalModuleList_Remove
+ * nssGlobalModuleList_FindModuleByName
+ * nssGlobalModuleList_FindSlotByName
+ * nssGlobalModuleList_FindTokenByName
+ */
+
+NSS_EXTERN PRStatus
+nss_InitializeGlobalModuleList(
+    void);
+
+NSS_EXTERN PRStatus
+nss_DestroyGlobalModuleList(
+    void);
+
+NSS_EXTERN NSSModule **
+nss_GetLoadedModules(
+    void);
+
+NSS_EXTERN PRStatus
+nssGlobalModuleList_Add(
+    NSSModule *module);
+
+NSS_EXTERN PRStatus
+nssGlobalModuleList_Remove(
+    NSSModule *module);
+
+NSS_EXTERN NSSModule *
+nssGlobalModuleList_FindModuleByName(
+    NSSUTF8 *moduleName);
+
+NSS_EXTERN NSSSlot *
+nssGlobalModuleList_FindSlotByName(
+    NSSUTF8 *slotName);
+
+NSS_EXTERN NSSToken *
+nssGlobalModuleList_FindTokenByName(
+    NSSUTF8 *tokenName);
+
+NSS_EXTERN NSSToken *
+nss_GetDefaultCryptoToken(
+    void);
+
+NSS_EXTERN NSSToken *
+nss_GetDefaultDatabaseToken(
+    void);
+
+/*
+ *  |-----------|<---> NSSSlot <--> NSSToken
+ *  | NSSModule |<---> NSSSlot <--> NSSToken
+ *  |-----------|<---> NSSSlot <--> NSSToken
+ */
+
+/* NSSModule
+ *
+ * nssModule_Create
+ * nssModule_CreateFromSpec
+ * nssModule_AddRef
+ * nssModule_GetName
+ * nssModule_GetSlots
+ * nssModule_FindSlotByName
+ * nssModule_FindTokenByName
+ * nssModule_GetCertOrder
+ */
+
+NSS_EXTERN NSSModule *
+nssModule_Create(
+    NSSUTF8 *moduleOpt,
+    NSSUTF8 *uriOpt,
+    NSSUTF8 *opaqueOpt,
+    void *reserved);
+
+/* This is to use the new loading mechanism. */
+NSS_EXTERN NSSModule *
+nssModule_CreateFromSpec(
+    NSSUTF8 *moduleSpec,
+    NSSModule *parent,
+    PRBool loadSubModules);
+
+NSS_EXTERN PRStatus
+nssModule_Destroy(
+    NSSModule *mod);
+
+NSS_EXTERN NSSModule *
+nssModule_AddRef(
+    NSSModule *mod);
+
+NSS_EXTERN NSSUTF8 *
+nssModule_GetName(
+    NSSModule *mod);
+
+NSS_EXTERN NSSSlot **
+nssModule_GetSlots(
+    NSSModule *mod);
+
+NSS_EXTERN NSSSlot *
+nssModule_FindSlotByName(
+    NSSModule *mod,
+    NSSUTF8 *slotName);
+
+NSS_EXTERN NSSToken *
+nssModule_FindTokenByName(
+    NSSModule *mod,
+    NSSUTF8 *tokenName);
+
+NSS_EXTERN PRInt32
+nssModule_GetCertOrder(
+    NSSModule *module);
+
+/* NSSSlot
+ *
+ * nssSlot_Destroy
+ * nssSlot_AddRef
+ * nssSlot_GetName
+ * nssSlot_GetTokenName
+ * nssSlot_IsTokenPresent
+ * nssSlot_IsPermanent
+ * nssSlot_IsFriendly
+ * nssSlot_IsHardware
+ * nssSlot_Refresh
+ * nssSlot_GetModule
+ * nssSlot_GetToken
+ * nssSlot_Login
+ * nssSlot_Logout
+ * nssSlot_SetPassword
+ * nssSlot_CreateSession
+ */
+
+NSS_EXTERN PRStatus
+nssSlot_Destroy(
+    NSSSlot *slot);
+
+NSS_EXTERN NSSSlot *
+nssSlot_AddRef(
+    NSSSlot *slot);
+
+NSS_EXTERN void
+nssSlot_ResetDelay(
+    NSSSlot *slot);
+
+NSS_EXTERN NSSUTF8 *
+nssSlot_GetName(
+    NSSSlot *slot);
+
+NSS_EXTERN NSSUTF8 *
+nssSlot_GetTokenName(
+    NSSSlot *slot);
+
+NSS_EXTERN NSSModule *
+nssSlot_GetModule(
+    NSSSlot *slot);
+
+NSS_EXTERN NSSToken *
+nssSlot_GetToken(
+    NSSSlot *slot);
+
+NSS_EXTERN PRBool
+nssSlot_IsTokenPresent(
+    NSSSlot *slot);
+
+NSS_EXTERN PRBool
+nssSlot_IsPermanent(
+    NSSSlot *slot);
+
+NSS_EXTERN PRBool
+nssSlot_IsFriendly(
+    NSSSlot *slot);
+
+NSS_EXTERN PRBool
+nssSlot_IsHardware(
+    NSSSlot *slot);
+
+NSS_EXTERN PRBool
+nssSlot_IsLoggedIn(
+    NSSSlot *slot);
+
+NSS_EXTERN PRStatus
+nssSlot_Refresh(
+    NSSSlot *slot);
+
+NSS_EXTERN PRStatus
+nssSlot_Login(
+    NSSSlot *slot,
+    NSSCallback *pwcb);
+extern const NSSError NSS_ERROR_INVALID_PASSWORD;
+extern const NSSError NSS_ERROR_USER_CANCELED;
+
+NSS_EXTERN PRStatus
+nssSlot_Logout(
+    NSSSlot *slot,
+    nssSession *sessionOpt);
+
+NSS_EXTERN void
+nssSlot_EnterMonitor(
+    NSSSlot *slot);
+
+NSS_EXTERN void
+nssSlot_ExitMonitor(
+    NSSSlot *slot);
+
+#define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1
+#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0
+NSS_EXTERN void
+nssSlot_SetPasswordDefaults(
+    NSSSlot *slot,
+    PRInt32 askPasswordTimeout);
+
+NSS_EXTERN PRStatus
+nssSlot_SetPassword(
+    NSSSlot *slot,
+    NSSUTF8 *oldPasswordOpt,
+    NSSUTF8 *newPassword);
+extern const NSSError NSS_ERROR_INVALID_PASSWORD;
+extern const NSSError NSS_ERROR_USER_CANCELED;
+
+/*
+ * nssSlot_IsLoggedIn
+ */
+
+NSS_EXTERN nssSession *
+nssSlot_CreateSession(
+    NSSSlot *slot,
+    NSSArena *arenaOpt,
+    PRBool readWrite /* so far, this is the only flag used */
+    );
+
+/* NSSToken
+ *
+ * nssToken_Destroy
+ * nssToken_AddRef
+ * nssToken_GetName
+ * nssToken_GetModule
+ * nssToken_GetSlot
+ * nssToken_NeedsPINInitialization
+ * nssToken_ImportCertificate
+ * nssToken_ImportTrust
+ * nssToken_ImportCRL
+ * nssToken_GenerateKeyPair
+ * nssToken_GenerateSymmetricKey
+ * nssToken_DeleteStoredObject
+ * nssToken_FindObjects
+ * nssToken_FindCertificatesBySubject
+ * nssToken_FindCertificatesByNickname
+ * nssToken_FindCertificatesByEmail
+ * nssToken_FindCertificateByIssuerAndSerialNumber
+ * nssToken_FindCertificateByEncodedCertificate
+ * nssToken_FindTrustForCertificate
+ * nssToken_FindCRLsBySubject
+ * nssToken_FindPrivateKeys
+ * nssToken_FindPrivateKeyByID
+ * nssToken_Digest
+ * nssToken_BeginDigest
+ * nssToken_ContinueDigest
+ * nssToken_FinishDigest
+ */
+
+NSS_EXTERN PRStatus
+nssToken_Destroy(
+    NSSToken *tok);
+
+NSS_EXTERN NSSToken *
+nssToken_AddRef(
+    NSSToken *tok);
+
+NSS_EXTERN NSSUTF8 *
+nssToken_GetName(
+    NSSToken *tok);
+
+NSS_EXTERN NSSModule *
+nssToken_GetModule(
+    NSSToken *token);
+
+NSS_EXTERN NSSSlot *
+nssToken_GetSlot(
+    NSSToken *tok);
+
+NSS_EXTERN PRBool
+nssToken_NeedsPINInitialization(
+    NSSToken *token);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_ImportCertificate(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSCertificateType certType,
+    NSSItem *id,
+    const NSSUTF8 *nickname,
+    NSSDER *encoding,
+    NSSDER *issuer,
+    NSSDER *subject,
+    NSSDER *serial,
+    NSSASCII7 *emailAddr,
+    PRBool asTokenObject);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_ImportTrust(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTrustLevel serverAuth,
+    nssTrustLevel clientAuth,
+    nssTrustLevel codeSigning,
+    nssTrustLevel emailProtection,
+    PRBool stepUpApproved,
+    PRBool asTokenObject);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_ImportCRL(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    NSSDER *encoding,
+    PRBool isKRL,
+    NSSUTF8 *url,
+    PRBool asTokenObject);
+
+/* Permanently remove an object from the token. */
+NSS_EXTERN PRStatus
+nssToken_DeleteStoredObject(
+    nssCryptokiObject *instance);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindObjects(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    CK_OBJECT_CLASS objclass,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindCertificatesBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindCertificatesByNickname(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    const NSSUTF8 *name,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindCertificatesByEmail(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSASCII7 *email,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindCertificatesByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *id,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_FindCertificateByIssuerAndSerialNumber(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *issuer,
+    NSSDER *serial,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_FindCertificateByEncodedCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSBER *encodedCertificate,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_FindTrustForCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTokenSearchType searchType);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindCRLsBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindPrivateKeys(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_FindPrivateKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_FindPublicKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID);
+
+NSS_EXTERN NSSItem *
+nssToken_Digest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN PRStatus
+nssToken_BeginDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap);
+
+NSS_EXTERN PRStatus
+nssToken_ContinueDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *item);
+
+NSS_EXTERN NSSItem *
+nssToken_FinishDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/* nssSession
+ *
+ * nssSession_Destroy
+ * nssSession_EnterMonitor
+ * nssSession_ExitMonitor
+ * nssSession_IsReadWrite
+ */
+
+NSS_EXTERN PRStatus
+nssSession_Destroy(
+    nssSession *s);
+
+/* would like to inline */
+NSS_EXTERN PRStatus
+nssSession_EnterMonitor(
+    nssSession *s);
+
+/* would like to inline */
+NSS_EXTERN PRStatus
+nssSession_ExitMonitor(
+    nssSession *s);
+
+/* would like to inline */
+NSS_EXTERN PRBool
+nssSession_IsReadWrite(
+    nssSession *s);
+
+/* nssCryptokiObject
+ *
+ * An object living on a cryptoki token.
+ * Not really proper to mix up the object types just because
+ * nssCryptokiObject itself is generic, but doing so anyway.
+ *
+ * nssCryptokiObject_Destroy
+ * nssCryptokiObject_Equal
+ * nssCryptokiObject_Clone
+ * nssCryptokiCertificate_GetAttributes
+ * nssCryptokiPrivateKey_GetAttributes
+ * nssCryptokiPublicKey_GetAttributes
+ * nssCryptokiTrust_GetAttributes
+ * nssCryptokiCRL_GetAttributes
+ */
+
+NSS_EXTERN void
+nssCryptokiObject_Destroy(
+    nssCryptokiObject *object);
+
+NSS_EXTERN PRBool
+nssCryptokiObject_Equal(
+    nssCryptokiObject *object1,
+    nssCryptokiObject *object2);
+
+NSS_EXTERN nssCryptokiObject *
+nssCryptokiObject_Clone(
+    nssCryptokiObject *object);
+
+NSS_EXTERN PRStatus
+nssCryptokiCertificate_GetAttributes(
+    nssCryptokiObject *object,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSCertificateType *certTypeOpt,
+    NSSItem *idOpt,
+    NSSDER *encodingOpt,
+    NSSDER *issuerOpt,
+    NSSDER *serialOpt,
+    NSSDER *subjectOpt);
+
+NSS_EXTERN PRStatus
+nssCryptokiTrust_GetAttributes(
+    nssCryptokiObject *trustObject,
+    nssSession *sessionOpt,
+    NSSItem *sha1_hash,
+    nssTrustLevel *serverAuth,
+    nssTrustLevel *clientAuth,
+    nssTrustLevel *codeSigning,
+    nssTrustLevel *emailProtection,
+    PRBool *stepUpApproved);
+
+NSS_EXTERN PRStatus
+nssCryptokiCRL_GetAttributes(
+    nssCryptokiObject *crlObject,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSItem *encodingOpt,
+    NSSItem *subjectOpt,
+    CK_ULONG *crl_class,
+    NSSUTF8 **urlOpt,
+    PRBool *isKRLOpt);
+
+/* I'm including this to handle import of certificates in NSS 3.5.  This
+ * function will set the cert-related attributes of a key, in order to
+ * associate it with a cert.  Does it stay like this for 4.0?
+ */
+NSS_EXTERN PRStatus
+nssCryptokiPrivateKey_SetCertificate(
+    nssCryptokiObject *keyObject,
+    nssSession *sessionOpt,
+    const NSSUTF8 *nickname,
+    NSSItem *id,
+    NSSDER *subject);
+
+NSS_EXTERN void
+nssModuleArray_Destroy(
+    NSSModule **modules);
+
+/* nssSlotArray
+ *
+ * nssSlotArray_Destroy
+ */
+
+NSS_EXTERN void
+nssSlotArray_Destroy(
+    NSSSlot **slots);
+
+/* nssTokenArray
+ *
+ * nssTokenArray_Destroy
+ */
+
+NSS_EXTERN void
+nssTokenArray_Destroy(
+    NSSToken **tokens);
+
+/* nssCryptokiObjectArray
+ *
+ * nssCryptokiObjectArray_Destroy
+ */
+NSS_EXTERN void
+nssCryptokiObjectArray_Destroy(
+    nssCryptokiObject **object);
+
+/* nssSlotList
+ *
+ * An ordered list of slots.  The order can be anything, it is set in the
+ * Add methods.  Perhaps it should be CreateInCertOrder, ...?
+ *
+ * nssSlotList_Create
+ * nssSlotList_Destroy
+ * nssSlotList_Add
+ * nssSlotList_AddModuleSlots
+ * nssSlotList_GetSlots
+ * nssSlotList_FindSlotByName
+ * nssSlotList_FindTokenByName
+ * nssSlotList_GetBestSlot
+ * nssSlotList_GetBestSlotForAlgorithmAndParameters
+ * nssSlotList_GetBestSlotForAlgorithmsAndParameters
+ */
+
+/* nssSlotList_Create
+ */
+NSS_EXTERN nssSlotList *
+nssSlotList_Create(
+    NSSArena *arenaOpt);
+
+/* nssSlotList_Destroy
+ */
+NSS_EXTERN void
+nssSlotList_Destroy(
+    nssSlotList *slotList);
+
+/* nssSlotList_Add
+ *
+ * Add the given slot in the given order.
+ */
+NSS_EXTERN PRStatus
+nssSlotList_Add(
+    nssSlotList *slotList,
+    NSSSlot *slot,
+    PRUint32 order);
+
+/* nssSlotList_AddModuleSlots
+ *
+ * Add all slots in the module, in the given order (the slots will have
+ * equal weight).
+ */
+NSS_EXTERN PRStatus
+nssSlotList_AddModuleSlots(
+    nssSlotList *slotList,
+    NSSModule *module,
+    PRUint32 order);
+
+/* nssSlotList_GetSlots
+ */
+NSS_EXTERN NSSSlot **
+nssSlotList_GetSlots(
+    nssSlotList *slotList);
+
+/* nssSlotList_FindSlotByName
+ */
+NSS_EXTERN NSSSlot *
+nssSlotList_FindSlotByName(
+    nssSlotList *slotList,
+    NSSUTF8 *slotName);
+
+/* nssSlotList_FindTokenByName
+ */
+NSS_EXTERN NSSToken *
+nssSlotList_FindTokenByName(
+    nssSlotList *slotList,
+    NSSUTF8 *tokenName);
+
+/* nssSlotList_GetBestSlot
+ *
+ * The best slot is the highest ranking in order, i.e., the first in the
+ * list.
+ */
+NSS_EXTERN NSSSlot *
+nssSlotList_GetBestSlot(
+    nssSlotList *slotList);
+
+/* nssSlotList_GetBestSlotForAlgorithmAndParameters
+ *
+ * Highest-ranking slot than can handle algorithm/parameters.
+ */
+NSS_EXTERN NSSSlot *
+nssSlotList_GetBestSlotForAlgorithmAndParameters(
+    nssSlotList *slotList,
+    NSSAlgorithmAndParameters *ap);
+
+/* nssSlotList_GetBestSlotForAlgorithmsAndParameters
+ *
+ * Highest-ranking slot than can handle all algorithms/parameters.
+ */
+NSS_EXTERN NSSSlot *
+nssSlotList_GetBestSlotForAlgorithmsAndParameters(
+    nssSlotList *slotList,
+    NSSAlgorithmAndParameters **ap);
+
+NSS_EXTERN PRBool
+nssToken_IsPresent(
+    NSSToken *token);
+
+NSS_EXTERN nssSession *
+nssToken_GetDefaultSession(
+    NSSToken *token);
+
+NSS_EXTERN PRStatus
+nssToken_GetTrustOrder(
+    NSSToken *tok);
+
+NSS_EXTERN PRStatus
+nssToken_NotifyCertsNotVisible(
+    NSSToken *tok);
+
+NSS_EXTERN PRStatus
+nssToken_TraverseCertificates(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRStatus (*callback)(nssCryptokiObject *instance, void *arg),
+    void *arg);
+
+NSS_EXTERN PRBool
+nssToken_IsPrivateKeyAvailable(
+    NSSToken *token,
+    NSSCertificate *c,
+    nssCryptokiObject *instance);
+
+PR_END_EXTERN_C
+
+#endif /* DEV_H */
diff --git a/nss/lib/dev/devm.h b/nss/lib/dev/devm.h
new file mode 100644
index 0000000..16acf64
--- /dev/null
+++ b/nss/lib/dev/devm.h
@@ -0,0 +1,157 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEVM_H
+#define DEVM_H
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#ifndef DEV_H
+#include "dev.h"
+#endif /* DEV_H */
+
+#ifndef DEVTM_H
+#include "devtm.h"
+#endif /* DEVTM_H */
+
+PR_BEGIN_EXTERN_C
+
+/* Shortcut to cryptoki API functions. */
+#define CKAPI(epv) \
+    ((CK_FUNCTION_LIST_PTR)(epv))
+
+NSS_EXTERN void
+nssDevice_AddRef(
+    struct nssDeviceBaseStr *device);
+
+NSS_EXTERN PRBool
+nssDevice_Destroy(
+    struct nssDeviceBaseStr *device);
+
+NSS_EXTERN PRBool
+nssModule_IsThreadSafe(
+    NSSModule *module);
+
+NSS_EXTERN PRBool
+nssModule_IsInternal(
+    NSSModule *mod);
+
+NSS_EXTERN PRBool
+nssModule_IsModuleDBOnly(
+    NSSModule *mod);
+
+NSS_EXTERN void *
+nssModule_GetCryptokiEPV(
+    NSSModule *mod);
+
+NSS_EXTERN NSSSlot *
+nssSlot_Create(
+    CK_SLOT_ID slotId,
+    NSSModule *parent);
+
+NSS_EXTERN void *
+nssSlot_GetCryptokiEPV(
+    NSSSlot *slot);
+
+NSS_EXTERN NSSToken *
+nssToken_Create(
+    CK_SLOT_ID slotID,
+    NSSSlot *peer);
+
+NSS_EXTERN void *
+nssToken_GetCryptokiEPV(
+    NSSToken *token);
+
+NSS_EXTERN nssSession *
+nssToken_GetDefaultSession(
+    NSSToken *token);
+
+NSS_EXTERN PRBool
+nssToken_IsLoginRequired(
+    NSSToken *token);
+
+NSS_EXTERN void
+nssToken_Remove(
+    NSSToken *token);
+
+NSS_EXTERN nssCryptokiObject *
+nssCryptokiObject_Create(
+    NSSToken *t,
+    nssSession *session,
+    CK_OBJECT_HANDLE h);
+
+NSS_EXTERN nssTokenObjectCache *
+nssTokenObjectCache_Create(
+    NSSToken *token,
+    PRBool cacheCerts,
+    PRBool cacheTrust,
+    PRBool cacheCRLs);
+
+NSS_EXTERN void
+nssTokenObjectCache_Destroy(
+    nssTokenObjectCache *cache);
+
+NSS_EXTERN void
+nssTokenObjectCache_Clear(
+    nssTokenObjectCache *cache);
+
+NSS_EXTERN PRBool
+nssTokenObjectCache_HaveObjectClass(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass);
+
+NSS_EXTERN nssCryptokiObject **
+nssTokenObjectCache_FindObjectsByTemplate(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR otemplate,
+    CK_ULONG otlen,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN PRStatus
+nssTokenObjectCache_GetObjectAttributes(
+    nssTokenObjectCache *cache,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen);
+
+NSS_EXTERN PRStatus
+nssTokenObjectCache_ImportObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR ot,
+    CK_ULONG otlen);
+
+NSS_EXTERN void
+nssTokenObjectCache_RemoveObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object);
+
+/* XXX allows peek back into token */
+NSS_EXTERN PRStatus
+nssToken_GetCachedObjectAttributes(
+    NSSToken *token,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen);
+
+/* PKCS#11 stores strings in a fixed-length buffer padded with spaces.  This
+ * function gets the length of the actual string.
+ */
+NSS_EXTERN PRUint32
+nssPKCS11String_Length(
+    CK_CHAR *pkcs11str,
+    PRUint32 bufLen);
+
+PR_END_EXTERN_C
+
+#endif /* DEV_H */
diff --git a/nss/lib/dev/devslot.c b/nss/lib/dev/devslot.c
new file mode 100644
index 0000000..c3c05be
--- /dev/null
+++ b/nss/lib/dev/devslot.c
@@ -0,0 +1,254 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+#ifndef DEVM_H
+#include "devm.h"
+#endif /* DEVM_H */
+
+#ifndef CKHELPER_H
+#include "ckhelper.h"
+#endif /* CKHELPER_H */
+
+#include "pk11pub.h"
+
+/* measured in seconds */
+#define NSSSLOT_TOKEN_DELAY_TIME 1
+
+/* this should track global and per-transaction login information */
+
+#define NSSSLOT_IS_FRIENDLY(slot) \
+    (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
+
+/* measured as interval */
+static PRIntervalTime s_token_delay_time = 0;
+
+NSS_IMPLEMENT PRStatus
+nssSlot_Destroy(
+    NSSSlot *slot)
+{
+    if (slot) {
+        if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) {
+            PZ_DestroyLock(slot->base.lock);
+            return nssArena_Destroy(slot->base.arena);
+        }
+    }
+    return PR_SUCCESS;
+}
+
+void
+nssSlot_EnterMonitor(NSSSlot *slot)
+{
+    if (slot->lock) {
+        PZ_Lock(slot->lock);
+    }
+}
+
+void
+nssSlot_ExitMonitor(NSSSlot *slot)
+{
+    if (slot->lock) {
+        PZ_Unlock(slot->lock);
+    }
+}
+
+NSS_IMPLEMENT void
+NSSSlot_Destroy(
+    NSSSlot *slot)
+{
+    (void)nssSlot_Destroy(slot);
+}
+
+NSS_IMPLEMENT NSSSlot *
+nssSlot_AddRef(
+    NSSSlot *slot)
+{
+    PR_ATOMIC_INCREMENT(&slot->base.refCount);
+    return slot;
+}
+
+NSS_IMPLEMENT NSSUTF8 *
+nssSlot_GetName(
+    NSSSlot *slot)
+{
+    return slot->base.name;
+}
+
+NSS_IMPLEMENT NSSUTF8 *
+nssSlot_GetTokenName(
+    NSSSlot *slot)
+{
+    return nssToken_GetName(slot->token);
+}
+
+NSS_IMPLEMENT void
+nssSlot_ResetDelay(
+    NSSSlot *slot)
+{
+    slot->lastTokenPing = 0;
+}
+
+static PRBool
+within_token_delay_period(const NSSSlot *slot)
+{
+    PRIntervalTime time, lastTime;
+    /* Set the delay time for checking the token presence */
+    if (s_token_delay_time == 0) {
+        s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
+    }
+    time = PR_IntervalNow();
+    lastTime = slot->lastTokenPing;
+    if ((lastTime) && ((time - lastTime) < s_token_delay_time)) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+NSS_IMPLEMENT PRBool
+nssSlot_IsTokenPresent(
+    NSSSlot *slot)
+{
+    CK_RV ckrv;
+    PRStatus nssrv;
+    /* XXX */
+    nssSession *session;
+    CK_SLOT_INFO slotInfo;
+    void *epv;
+    /* permanent slots are always present unless they're disabled */
+    if (nssSlot_IsPermanent(slot)) {
+        return !PK11_IsDisabled(slot->pk11slot);
+    }
+    /* avoid repeated calls to check token status within set interval */
+    if (within_token_delay_period(slot)) {
+        return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
+    }
+
+    /* First obtain the slot info */
+    epv = slot->epv;
+    if (!epv) {
+        return PR_FALSE;
+    }
+    nssSlot_EnterMonitor(slot);
+    ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
+    nssSlot_ExitMonitor(slot);
+    if (ckrv != CKR_OK) {
+        slot->token->base.name[0] = 0; /* XXX */
+        slot->lastTokenPing = PR_IntervalNow();
+        return PR_FALSE;
+    }
+    slot->ckFlags = slotInfo.flags;
+    /* check for the presence of the token */
+    if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
+        if (!slot->token) {
+            /* token was never present */
+            slot->lastTokenPing = PR_IntervalNow();
+            return PR_FALSE;
+        }
+        session = nssToken_GetDefaultSession(slot->token);
+        if (session) {
+            nssSession_EnterMonitor(session);
+            /* token is not present */
+            if (session->handle != CK_INVALID_SESSION) {
+                /* session is valid, close and invalidate it */
+                CKAPI(epv)
+                    ->C_CloseSession(session->handle);
+                session->handle = CK_INVALID_SESSION;
+            }
+            nssSession_ExitMonitor(session);
+        }
+        if (slot->token->base.name[0] != 0) {
+            /* notify the high-level cache that the token is removed */
+            slot->token->base.name[0] = 0; /* XXX */
+            nssToken_NotifyCertsNotVisible(slot->token);
+        }
+        slot->token->base.name[0] = 0; /* XXX */
+        /* clear the token cache */
+        nssToken_Remove(slot->token);
+        slot->lastTokenPing = PR_IntervalNow();
+        return PR_FALSE;
+    }
+    /* token is present, use the session info to determine if the card
+     * has been removed and reinserted.
+     */
+    session = nssToken_GetDefaultSession(slot->token);
+    if (session) {
+        PRBool isPresent = PR_FALSE;
+        nssSession_EnterMonitor(session);
+        if (session->handle != CK_INVALID_SESSION) {
+            CK_SESSION_INFO sessionInfo;
+            ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
+            if (ckrv != CKR_OK) {
+                /* session is screwy, close and invalidate it */
+                CKAPI(epv)
+                    ->C_CloseSession(session->handle);
+                session->handle = CK_INVALID_SESSION;
+            }
+        }
+        isPresent = session->handle != CK_INVALID_SESSION;
+        nssSession_ExitMonitor(session);
+        /* token not removed, finished */
+        if (isPresent) {
+            slot->lastTokenPing = PR_IntervalNow();
+            return PR_TRUE;
+        }
+    }
+    /* the token has been removed, and reinserted, or the slot contains
+     * a token it doesn't recognize. invalidate all the old
+     * information we had on this token, if we can't refresh, clear
+     * the present flag */
+    nssToken_NotifyCertsNotVisible(slot->token);
+    nssToken_Remove(slot->token);
+    /* token has been removed, need to refresh with new session */
+    nssrv = nssSlot_Refresh(slot);
+    if (nssrv != PR_SUCCESS) {
+        slot->token->base.name[0] = 0; /* XXX */
+        slot->ckFlags &= ~CKF_TOKEN_PRESENT;
+        /* TODO: insert a barrier here to avoid reordering of the assingments */
+        slot->lastTokenPing = PR_IntervalNow();
+        return PR_FALSE;
+    }
+    slot->lastTokenPing = PR_IntervalNow();
+    return PR_TRUE;
+}
+
+NSS_IMPLEMENT void *
+nssSlot_GetCryptokiEPV(
+    NSSSlot *slot)
+{
+    return slot->epv;
+}
+
+NSS_IMPLEMENT NSSToken *
+nssSlot_GetToken(
+    NSSSlot *slot)
+{
+    if (nssSlot_IsTokenPresent(slot)) {
+        return nssToken_AddRef(slot->token);
+    }
+    return (NSSToken *)NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+nssSession_EnterMonitor(
+    nssSession *s)
+{
+    if (s->lock)
+        PZ_Lock(s->lock);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssSession_ExitMonitor(
+    nssSession *s)
+{
+    return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS;
+}
+
+NSS_EXTERN PRBool
+nssSession_IsReadWrite(
+    nssSession *s)
+{
+    return s->isRW;
+}
diff --git a/nss/lib/dev/devt.h b/nss/lib/dev/devt.h
new file mode 100644
index 0000000..db93deb
--- /dev/null
+++ b/nss/lib/dev/devt.h
@@ -0,0 +1,147 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEVT_H
+#define DEVT_H
+
+/*
+ * devt.h
+ *
+ * This file contains definitions for the low-level cryptoki devices.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSPKIT_H
+#include "nsspkit.h"
+#endif /* NSSPKIT_H */
+
+#ifndef NSSDEVT_H
+#include "nssdevt.h"
+#endif /* NSSDEVT_H */
+
+#ifndef BASET_H
+#include "baset.h"
+#endif /* BASET_H */
+
+#include "secmodt.h"
+
+PR_BEGIN_EXTERN_C
+
+typedef struct nssSessionStr nssSession;
+
+/* XXX until NSSTokenStr is moved */
+struct nssDeviceBaseStr {
+    NSSArena *arena;
+    PZLock *lock;
+    PRInt32 refCount;
+    NSSUTF8 *name;
+    PRUint32 flags;
+};
+
+typedef struct nssTokenObjectCacheStr nssTokenObjectCache;
+
+/* XXX until devobject.c goes away */
+struct NSSTokenStr {
+    struct nssDeviceBaseStr base;
+    NSSSlot *slot;    /* Parent (or peer, if you will) */
+    CK_FLAGS ckFlags; /* from CK_TOKEN_INFO.flags */
+    PRUint32 flags;
+    void *epv;
+    nssSession *defaultSession;
+    NSSTrustDomain *trustDomain;
+    PRIntervalTime lastTime;
+    nssTokenObjectCache *cache;
+    PK11SlotInfo *pk11slot;
+};
+
+typedef enum {
+    nssSlotAskPasswordTimes_FirstTime = 0,
+    nssSlotAskPasswordTimes_EveryTime = 1,
+    nssSlotAskPasswordTimes_Timeout = 2
+} nssSlotAskPasswordTimes;
+
+struct nssSlotAuthInfoStr {
+    PRTime lastLogin;
+    nssSlotAskPasswordTimes askTimes;
+    PRIntervalTime askPasswordTimeout;
+};
+
+struct NSSSlotStr {
+    struct nssDeviceBaseStr base;
+    NSSModule *module; /* Parent */
+    NSSToken *token;   /* Peer */
+    CK_SLOT_ID slotID;
+    CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
+    struct nssSlotAuthInfoStr authInfo;
+    PRIntervalTime lastTokenPing;
+    PZLock *lock;
+    void *epv;
+    PK11SlotInfo *pk11slot;
+};
+
+struct nssSessionStr {
+    PZLock *lock;
+    CK_SESSION_HANDLE handle;
+    NSSSlot *slot;
+    PRBool isRW;
+    PRBool ownLock;
+};
+
+typedef enum {
+    NSSCertificateType_Unknown = 0,
+    NSSCertificateType_PKIX = 1
+} NSSCertificateType;
+
+typedef enum {
+    nssTrustLevel_Unknown = 0,
+    nssTrustLevel_NotTrusted = 1,
+    nssTrustLevel_Trusted = 2,
+    nssTrustLevel_TrustedDelegator = 3,
+    nssTrustLevel_MustVerify = 4,
+    nssTrustLevel_ValidDelegator = 5
+} nssTrustLevel;
+
+typedef struct nssCryptokiInstanceStr nssCryptokiInstance;
+
+struct nssCryptokiInstanceStr {
+    CK_OBJECT_HANDLE handle;
+    NSSToken *token;
+    PRBool isTokenObject;
+    NSSUTF8 *label;
+};
+
+typedef struct nssCryptokiInstanceStr nssCryptokiObject;
+
+typedef struct nssTokenCertSearchStr nssTokenCertSearch;
+
+typedef enum {
+    nssTokenSearchType_AllObjects = 0,
+    nssTokenSearchType_SessionOnly = 1,
+    nssTokenSearchType_TokenOnly = 2,
+    nssTokenSearchType_TokenForced = 3
+} nssTokenSearchType;
+
+struct nssTokenCertSearchStr {
+    nssTokenSearchType searchType;
+    PRStatus (*callback)(NSSCertificate *c, void *arg);
+    void *cbarg;
+    nssList *cached;
+    /* TODO: add a cache query callback if the list would be large
+     *       (traversal)
+     */
+};
+
+struct nssSlotListStr;
+typedef struct nssSlotListStr nssSlotList;
+
+struct NSSAlgorithmAndParametersStr {
+    CK_MECHANISM mechanism;
+};
+
+PR_END_EXTERN_C
+
+#endif /* DEVT_H */
diff --git a/nss/lib/dev/devtm.h b/nss/lib/dev/devtm.h
new file mode 100644
index 0000000..ef3c4c0
--- /dev/null
+++ b/nss/lib/dev/devtm.h
@@ -0,0 +1,25 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEVTM_H
+#define DEVTM_H
+
+/*
+ * devtm.h
+ *
+ * This file contains module-private definitions for the low-level
+ * cryptoki devices.
+ */
+
+#ifndef DEVT_H
+#include "devt.h"
+#endif /* DEVT_H */
+
+PR_BEGIN_EXTERN_C
+
+#define MAX_LOCAL_CACHE_OBJECTS 10
+
+PR_END_EXTERN_C
+
+#endif /* DEVTM_H */
diff --git a/nss/lib/dev/devtoken.c b/nss/lib/dev/devtoken.c
new file mode 100644
index 0000000..0adbca8
--- /dev/null
+++ b/nss/lib/dev/devtoken.c
@@ -0,0 +1,1558 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11.h"
+
+#ifndef DEVM_H
+#include "devm.h"
+#endif /* DEVM_H */
+
+#ifndef CKHELPER_H
+#include "ckhelper.h"
+#endif /* CKHELPER_H */
+
+#include "pk11func.h"
+#include "dev3hack.h"
+#include "secerr.h"
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
+extern const NSSError NSS_ERROR_PKCS11;
+
+/* The number of object handles to grab during each call to C_FindObjects */
+#define OBJECT_STACK_SIZE 16
+
+NSS_IMPLEMENT PRStatus
+nssToken_Destroy(
+    NSSToken *tok)
+{
+    if (tok) {
+        if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) {
+            PZ_DestroyLock(tok->base.lock);
+            nssTokenObjectCache_Destroy(tok->cache);
+            /* The token holds the first/last reference to the slot.
+             * When the token is actually destroyed, that ref must go too.
+             */
+            (void)nssSlot_Destroy(tok->slot);
+            return nssArena_Destroy(tok->base.arena);
+        }
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT void
+nssToken_Remove(
+    NSSToken *tok)
+{
+    nssTokenObjectCache_Clear(tok->cache);
+}
+
+NSS_IMPLEMENT void
+NSSToken_Destroy(
+    NSSToken *tok)
+{
+    (void)nssToken_Destroy(tok);
+}
+
+NSS_IMPLEMENT NSSToken *
+nssToken_AddRef(
+    NSSToken *tok)
+{
+    PR_ATOMIC_INCREMENT(&tok->base.refCount);
+    return tok;
+}
+
+NSS_IMPLEMENT NSSSlot *
+nssToken_GetSlot(
+    NSSToken *tok)
+{
+    return nssSlot_AddRef(tok->slot);
+}
+
+NSS_IMPLEMENT void *
+nssToken_GetCryptokiEPV(
+    NSSToken *token)
+{
+    return nssSlot_GetCryptokiEPV(token->slot);
+}
+
+NSS_IMPLEMENT nssSession *
+nssToken_GetDefaultSession(
+    NSSToken *token)
+{
+    return token->defaultSession;
+}
+
+NSS_IMPLEMENT NSSUTF8 *
+nssToken_GetName(
+    NSSToken *tok)
+{
+    if (tok == NULL) {
+        return "";
+    }
+    if (tok->base.name[0] == 0) {
+        (void)nssSlot_IsTokenPresent(tok->slot);
+    }
+    return tok->base.name;
+}
+
+NSS_IMPLEMENT NSSUTF8 *
+NSSToken_GetName(
+    NSSToken *token)
+{
+    return nssToken_GetName(token);
+}
+
+NSS_IMPLEMENT PRBool
+nssToken_IsLoginRequired(
+    NSSToken *token)
+{
+    return (token->ckFlags & CKF_LOGIN_REQUIRED);
+}
+
+NSS_IMPLEMENT PRBool
+nssToken_NeedsPINInitialization(
+    NSSToken *token)
+{
+    return (!(token->ckFlags & CKF_USER_PIN_INITIALIZED));
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_DeleteStoredObject(
+    nssCryptokiObject *instance)
+{
+    CK_RV ckrv;
+    PRStatus status;
+    PRBool createdSession = PR_FALSE;
+    NSSToken *token = instance->token;
+    nssSession *session = NULL;
+    void *epv = nssToken_GetCryptokiEPV(instance->token);
+    if (token->cache) {
+        nssTokenObjectCache_RemoveObject(token->cache, instance);
+    }
+    if (instance->isTokenObject) {
+        if (token->defaultSession &&
+            nssSession_IsReadWrite(token->defaultSession)) {
+            session = token->defaultSession;
+        } else {
+            session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
+            createdSession = PR_TRUE;
+        }
+    }
+    if (session == NULL) {
+        return PR_FAILURE;
+    }
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle);
+    nssSession_ExitMonitor(session);
+    if (createdSession) {
+        nssSession_Destroy(session);
+    }
+    status = PR_SUCCESS;
+    if (ckrv != CKR_OK) {
+        status = PR_FAILURE;
+        /* use the error stack to pass the PKCS #11 error out  */
+        nss_SetError(ckrv);
+        nss_SetError(NSS_ERROR_PKCS11);
+    }
+    return status;
+}
+
+static nssCryptokiObject *
+import_object(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    CK_ATTRIBUTE_PTR objectTemplate,
+    CK_ULONG otsize)
+{
+    nssSession *session = NULL;
+    PRBool createdSession = PR_FALSE;
+    nssCryptokiObject *object = NULL;
+    CK_OBJECT_HANDLE handle;
+    CK_RV ckrv;
+    void *epv = nssToken_GetCryptokiEPV(tok);
+    if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) {
+        if (sessionOpt) {
+            if (!nssSession_IsReadWrite(sessionOpt)) {
+                nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+                return NULL;
+            }
+            session = sessionOpt;
+        } else if (tok->defaultSession &&
+                   nssSession_IsReadWrite(tok->defaultSession)) {
+            session = tok->defaultSession;
+        } else {
+            session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
+            createdSession = PR_TRUE;
+        }
+    } else {
+        session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+    }
+    if (session == NULL) {
+        nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+        return NULL;
+    }
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_CreateObject(session->handle,
+                                      objectTemplate, otsize,
+                                      &handle);
+    nssSession_ExitMonitor(session);
+    if (ckrv == CKR_OK) {
+        object = nssCryptokiObject_Create(tok, session, handle);
+    } else {
+        nss_SetError(ckrv);
+        nss_SetError(NSS_ERROR_PKCS11);
+    }
+    if (createdSession) {
+        nssSession_Destroy(session);
+    }
+    return object;
+}
+
+static nssCryptokiObject **
+create_objects_from_handles(
+    NSSToken *tok,
+    nssSession *session,
+    CK_OBJECT_HANDLE *handles,
+    PRUint32 numH)
+{
+    nssCryptokiObject **objects;
+    objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numH + 1);
+    if (objects) {
+        PRInt32 i;
+        for (i = 0; i < (PRInt32)numH; i++) {
+            objects[i] = nssCryptokiObject_Create(tok, session, handles[i]);
+            if (!objects[i]) {
+                for (--i; i > 0; --i) {
+                    nssCryptokiObject_Destroy(objects[i]);
+                }
+                nss_ZFreeIf(objects);
+                objects = NULL;
+                break;
+            }
+        }
+    }
+    return objects;
+}
+
+static nssCryptokiObject **
+find_objects(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG otsize,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_RV ckrv = CKR_OK;
+    CK_ULONG count;
+    CK_OBJECT_HANDLE *objectHandles = NULL;
+    CK_OBJECT_HANDLE staticObjects[OBJECT_STACK_SIZE];
+    PRUint32 arraySize, numHandles;
+    void *epv = nssToken_GetCryptokiEPV(tok);
+    nssCryptokiObject **objects;
+    nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        ckrv = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    /* the arena is only for the array of object handles */
+    if (maximumOpt > 0) {
+        arraySize = maximumOpt;
+    } else {
+        arraySize = OBJECT_STACK_SIZE;
+    }
+    numHandles = 0;
+    if (arraySize <= OBJECT_STACK_SIZE) {
+        objectHandles = staticObjects;
+    } else {
+        objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
+    }
+    if (!objectHandles) {
+        ckrv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    nssSession_EnterMonitor(session); /* ==== session lock === */
+    /* Initialize the find with the template */
+    ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
+                                         obj_template, otsize);
+    if (ckrv != CKR_OK) {
+        nssSession_ExitMonitor(session);
+        goto loser;
+    }
+    while (PR_TRUE) {
+        /* Issue the find for up to arraySize - numHandles objects */
+        ckrv = CKAPI(epv)->C_FindObjects(session->handle,
+                                         objectHandles + numHandles,
+                                         arraySize - numHandles,
+                                         &count);
+        if (ckrv != CKR_OK) {
+            nssSession_ExitMonitor(session);
+            goto loser;
+        }
+        /* bump the number of found objects */
+        numHandles += count;
+        if (maximumOpt > 0 || numHandles < arraySize) {
+            /* When a maximum is provided, the search is done all at once,
+             * so the search is finished.  If the number returned was less
+             * than the number sought, the search is finished.
+             */
+            break;
+        }
+        /* the array is filled, double it and continue */
+        arraySize *= 2;
+        if (objectHandles == staticObjects) {
+            objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
+            if (objectHandles) {
+                PORT_Memcpy(objectHandles, staticObjects,
+                            OBJECT_STACK_SIZE * sizeof(objectHandles[1]));
+            }
+        } else {
+            objectHandles = nss_ZREALLOCARRAY(objectHandles,
+                                              CK_OBJECT_HANDLE,
+                                              arraySize);
+        }
+        if (!objectHandles) {
+            nssSession_ExitMonitor(session);
+            ckrv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+    }
+    ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
+    nssSession_ExitMonitor(session); /* ==== end session lock === */
+    if (ckrv != CKR_OK) {
+        goto loser;
+    }
+    if (numHandles > 0) {
+        objects = create_objects_from_handles(tok, session,
+                                              objectHandles, numHandles);
+    } else {
+        nss_SetError(NSS_ERROR_NOT_FOUND);
+        objects = NULL;
+    }
+    if (objectHandles && objectHandles != staticObjects) {
+        nss_ZFreeIf(objectHandles);
+    }
+    if (statusOpt)
+        *statusOpt = PR_SUCCESS;
+    return objects;
+loser:
+    if (objectHandles && objectHandles != staticObjects) {
+        nss_ZFreeIf(objectHandles);
+    }
+    /*
+     * These errors should be treated the same as if the objects just weren't
+     * found..
+     */
+    if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
+        (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) ||
+        (ckrv == CKR_DATA_INVALID) ||
+        (ckrv == CKR_DATA_LEN_RANGE) ||
+        (ckrv == CKR_FUNCTION_NOT_SUPPORTED) ||
+        (ckrv == CKR_TEMPLATE_INCOMPLETE) ||
+        (ckrv == CKR_TEMPLATE_INCONSISTENT)) {
+
+        nss_SetError(NSS_ERROR_NOT_FOUND);
+        if (statusOpt)
+            *statusOpt = PR_SUCCESS;
+    } else {
+        nss_SetError(ckrv);
+        nss_SetError(NSS_ERROR_PKCS11);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
+    }
+    return (nssCryptokiObject **)NULL;
+}
+
+static nssCryptokiObject **
+find_objects_by_template(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG otsize,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_OBJECT_CLASS objclass = (CK_OBJECT_CLASS)-1;
+    nssCryptokiObject **objects = NULL;
+    PRUint32 i;
+
+    if (!token) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
+        return NULL;
+    }
+    for (i = 0; i < otsize; i++) {
+        if (obj_template[i].type == CKA_CLASS) {
+            objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue;
+            break;
+        }
+    }
+    PR_ASSERT(i < otsize);
+    if (i == otsize) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
+        return NULL;
+    }
+    /* If these objects are being cached, try looking there first */
+    if (token->cache &&
+        nssTokenObjectCache_HaveObjectClass(token->cache, objclass)) {
+        PRStatus status;
+        objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache,
+                                                            objclass,
+                                                            obj_template,
+                                                            otsize,
+                                                            maximumOpt,
+                                                            &status);
+        if (status == PR_SUCCESS) {
+            if (statusOpt)
+                *statusOpt = status;
+            return objects;
+        }
+    }
+    /* Either they are not cached, or cache failed; look on token. */
+    objects = find_objects(token, sessionOpt,
+                           obj_template, otsize,
+                           maximumOpt, statusOpt);
+    return objects;
+}
+
+extern const NSSError NSS_ERROR_INVALID_CERTIFICATE;
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_ImportCertificate(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSCertificateType certType,
+    NSSItem *id,
+    const NSSUTF8 *nickname,
+    NSSDER *encoding,
+    NSSDER *issuer,
+    NSSDER *subject,
+    NSSDER *serial,
+    NSSASCII7 *email,
+    PRBool asTokenObject)
+{
+    PRStatus status;
+    CK_CERTIFICATE_TYPE cert_type;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE cert_tmpl[10];
+    CK_ULONG ctsize;
+    nssTokenSearchType searchType;
+    nssCryptokiObject *rvObject = NULL;
+
+    if (!tok) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
+    }
+    if (certType == NSSCertificateType_PKIX) {
+        cert_type = CKC_X_509;
+    } else {
+        return (nssCryptokiObject *)NULL;
+    }
+    NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+    if (asTokenObject) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        searchType = nssTokenSearchType_TokenOnly;
+    } else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+        searchType = nssTokenSearchType_SessionOnly;
+    }
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CERTIFICATE_TYPE, cert_type);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
+    if (email) {
+        NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email);
+    }
+    NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+    /* see if the cert is already there */
+    rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok,
+                                                               sessionOpt,
+                                                               issuer,
+                                                               serial,
+                                                               searchType,
+                                                               NULL);
+    if (rvObject) {
+        NSSItem existingDER;
+        NSSSlot *slot = nssToken_GetSlot(tok);
+        nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE);
+        if (!session) {
+            nssCryptokiObject_Destroy(rvObject);
+            nssSlot_Destroy(slot);
+            return (nssCryptokiObject *)NULL;
+        }
+        /* Reject any attempt to import a new cert that has the same
+         * issuer/serial as an existing cert, but does not have the
+         * same encoding
+         */
+        NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+        NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+        status = nssCKObject_GetAttributes(rvObject->handle,
+                                           cert_tmpl, ctsize, NULL,
+                                           session, slot);
+        NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER);
+        if (status == PR_SUCCESS) {
+            if (!nssItem_Equal(encoding, &existingDER, NULL)) {
+                nss_SetError(NSS_ERROR_INVALID_CERTIFICATE);
+                status = PR_FAILURE;
+            }
+            nss_ZFreeIf(existingDER.data);
+        }
+        if (status == PR_FAILURE) {
+            nssCryptokiObject_Destroy(rvObject);
+            nssSession_Destroy(session);
+            nssSlot_Destroy(slot);
+            return (nssCryptokiObject *)NULL;
+        }
+        /* according to PKCS#11, label, ID, issuer, and serial number
+         * may change after the object has been created.  For PKIX, the
+         * last two attributes can't change, so for now we'll only worry
+         * about the first two.
+         */
+        NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+        NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+        NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+        /* reset the mutable attributes on the token */
+        nssCKObject_SetAttributes(rvObject->handle,
+                                  cert_tmpl, ctsize,
+                                  session, slot);
+        if (!rvObject->label && nickname) {
+            rvObject->label = nssUTF8_Duplicate(nickname, NULL);
+        }
+        nssSession_Destroy(session);
+        nssSlot_Destroy(slot);
+    } else {
+        /* Import the certificate onto the token */
+        rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
+    }
+    if (rvObject && tok->cache) {
+        /* The cache will overwrite the attributes if the object already
+         * exists.
+         */
+        nssTokenObjectCache_ImportObject(tok->cache, rvObject,
+                                         CKO_CERTIFICATE,
+                                         cert_tmpl, ctsize);
+    }
+    return rvObject;
+}
+
+/* traverse all objects of the given class - this should only happen
+ * if the token has been marked as "traversable"
+ */
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindObjects(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    CK_OBJECT_CLASS objclass,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE obj_template[2];
+    CK_ULONG obj_size;
+    nssCryptokiObject **objects;
+    NSS_CK_TEMPLATE_START(obj_template, attr, obj_size);
+    /* Set the search to token/session only if provided */
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly ||
+               searchType == nssTokenSearchType_TokenForced) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, objclass);
+    NSS_CK_TEMPLATE_FINISH(obj_template, attr, obj_size);
+
+    if (searchType == nssTokenSearchType_TokenForced) {
+        objects = find_objects(token, sessionOpt,
+                               obj_template, obj_size,
+                               maximumOpt, statusOpt);
+    } else {
+        objects = find_objects_by_template(token, sessionOpt,
+                                           obj_template, obj_size,
+                                           maximumOpt, statusOpt);
+    }
+    return objects;
+}
+
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindCertificatesBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE subj_template[3];
+    CK_ULONG stsize;
+    nssCryptokiObject **objects;
+    NSS_CK_TEMPLATE_START(subj_template, attr, stsize);
+    /* Set the search to token/session only if provided */
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+    NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize);
+    /* now locate the token certs matching this template */
+    objects = find_objects_by_template(token, sessionOpt,
+                                       subj_template, stsize,
+                                       maximumOpt, statusOpt);
+    return objects;
+}
+
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindCertificatesByNickname(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    const NSSUTF8 *name,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE nick_template[3];
+    CK_ULONG ntsize;
+    nssCryptokiObject **objects;
+    NSS_CK_TEMPLATE_START(nick_template, attr, ntsize);
+    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name);
+    /* Set the search to token/session only if provided */
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize);
+    /* now locate the token certs matching this template */
+    objects = find_objects_by_template(token, sessionOpt,
+                                       nick_template, ntsize,
+                                       maximumOpt, statusOpt);
+    if (!objects) {
+        /* This is to workaround the fact that PKCS#11 doesn't specify
+         * whether the '\0' should be included.  XXX Is that still true?
+         * im - this is not needed by the current softoken.  However, I'm
+         * leaving it in until I have surveyed more tokens to see if it needed.
+         * well, its needed by the builtin token...
+         */
+        nick_template[0].ulValueLen++;
+        objects = find_objects_by_template(token, sessionOpt,
+                                           nick_template, ntsize,
+                                           maximumOpt, statusOpt);
+    }
+    return objects;
+}
+
+/* XXX
+ * This function *does not* use the token object cache, because not even
+ * the softoken will return a value for CKA_NSS_EMAIL from a call
+ * to GetAttributes.  The softoken does allow searches with that attribute,
+ * it just won't return a value for it.
+ */
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindCertificatesByEmail(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSASCII7 *email,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE email_template[3];
+    CK_ULONG etsize;
+    nssCryptokiObject **objects;
+    NSS_CK_TEMPLATE_START(email_template, attr, etsize);
+    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email);
+    /* Set the search to token/session only if provided */
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize);
+    /* now locate the token certs matching this template */
+    objects = find_objects(token, sessionOpt,
+                           email_template, etsize,
+                           maximumOpt, statusOpt);
+    if (!objects) {
+        /* This is to workaround the fact that PKCS#11 doesn't specify
+         * whether the '\0' should be included.  XXX Is that still true?
+         * im - this is not needed by the current softoken.  However, I'm
+         * leaving it in until I have surveyed more tokens to see if it needed.
+         * well, its needed by the builtin token...
+         */
+        email_template[0].ulValueLen++;
+        objects = find_objects(token, sessionOpt,
+                               email_template, etsize,
+                               maximumOpt, statusOpt);
+    }
+    return objects;
+}
+
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindCertificatesByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *id,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE id_template[3];
+    CK_ULONG idtsize;
+    nssCryptokiObject **objects;
+    NSS_CK_TEMPLATE_START(id_template, attr, idtsize);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+    /* Set the search to token/session only if provided */
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_TEMPLATE_FINISH(id_template, attr, idtsize);
+    /* now locate the token certs matching this template */
+    objects = find_objects_by_template(token, sessionOpt,
+                                       id_template, idtsize,
+                                       maximumOpt, statusOpt);
+    return objects;
+}
+
+/*
+ * decode the serial item and return our result.
+ * NOTE serialDecode's data is really stored in serial. Don't free it.
+ */
+static PRStatus
+nssToken_decodeSerialItem(NSSItem *serial, NSSItem *serialDecode)
+{
+    unsigned char *data = (unsigned char *)serial->data;
+    int data_left, data_len, index;
+
+    if ((serial->size >= 3) && (data[0] == 0x2)) {
+        /* remove the der encoding of the serial number before generating the
+         * key.. */
+        data_left = serial->size - 2;
+        data_len = data[1];
+        index = 2;
+
+        /* extended length ? (not very likely for a serial number) */
+        if (data_len & 0x80) {
+            int len_count = data_len & 0x7f;
+
+            data_len = 0;
+            data_left -= len_count;
+            if (data_left > 0) {
+                while (len_count--) {
+                    data_len = (data_len << 8) | data[index++];
+                }
+            }
+        }
+        /* XXX leaving any leading zeros on the serial number for backwards
+         * compatibility
+         */
+        /* not a valid der, must be just an unlucky serial number value */
+        if (data_len == data_left) {
+            serialDecode->size = data_len;
+            serialDecode->data = &data[index];
+            return PR_SUCCESS;
+        }
+    }
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_FindCertificateByIssuerAndSerialNumber(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *issuer,
+    NSSDER *serial,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE_PTR serialAttr;
+    CK_ATTRIBUTE cert_template[4];
+    CK_ULONG ctsize;
+    nssCryptokiObject **objects;
+    nssCryptokiObject *rvObject = NULL;
+    NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
+
+    if (!token) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
+        return NULL;
+    }
+    /* Set the search to token/session only if provided */
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if ((searchType == nssTokenSearchType_TokenOnly) ||
+               (searchType == nssTokenSearchType_TokenForced)) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    /* Set the unique id */
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
+    serialAttr = attr;
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
+    NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
+    /* get the object handle */
+    if (searchType == nssTokenSearchType_TokenForced) {
+        objects = find_objects(token, sessionOpt,
+                               cert_template, ctsize,
+                               1, statusOpt);
+    } else {
+        objects = find_objects_by_template(token, sessionOpt,
+                                           cert_template, ctsize,
+                                           1, statusOpt);
+    }
+    if (objects) {
+        rvObject = objects[0];
+        nss_ZFreeIf(objects);
+    }
+
+    /*
+     * NSS used to incorrectly store serial numbers in their decoded form.
+     * because of this old tokens have decoded serial numbers.
+     */
+    if (!objects) {
+        NSSItem serialDecode;
+        PRStatus status;
+
+        status = nssToken_decodeSerialItem(serial, &serialDecode);
+        if (status != PR_SUCCESS) {
+            return NULL;
+        }
+        NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr, CKA_SERIAL_NUMBER, &serialDecode);
+        if (searchType == nssTokenSearchType_TokenForced) {
+            objects = find_objects(token, sessionOpt,
+                                   cert_template, ctsize,
+                                   1, statusOpt);
+        } else {
+            objects = find_objects_by_template(token, sessionOpt,
+                                               cert_template, ctsize,
+                                               1, statusOpt);
+        }
+        if (objects) {
+            rvObject = objects[0];
+            nss_ZFreeIf(objects);
+        }
+    }
+    return rvObject;
+}
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_FindCertificateByEncodedCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSBER *encodedCertificate,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE cert_template[3];
+    CK_ULONG ctsize;
+    nssCryptokiObject **objects;
+    nssCryptokiObject *rvObject = NULL;
+    NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
+    /* Set the search to token/session only if provided */
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate);
+    NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
+    /* get the object handle */
+    objects = find_objects_by_template(token, sessionOpt,
+                                       cert_template, ctsize,
+                                       1, statusOpt);
+    if (objects) {
+        rvObject = objects[0];
+        nss_ZFreeIf(objects);
+    }
+    return rvObject;
+}
+
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindPrivateKeys(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE key_template[2];
+    CK_ULONG ktsize;
+    nssCryptokiObject **objects;
+
+    NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
+
+    objects = find_objects_by_template(token, sessionOpt,
+                                       key_template, ktsize,
+                                       maximumOpt, statusOpt);
+    return objects;
+}
+
+/* XXX ?there are no session cert objects, so only search token objects */
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_FindPrivateKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE key_template[3];
+    CK_ULONG ktsize;
+    nssCryptokiObject **objects;
+    nssCryptokiObject *rvKey = NULL;
+
+    NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
+    NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
+
+    objects = find_objects_by_template(token, sessionOpt,
+                                       key_template, ktsize,
+                                       1, NULL);
+    if (objects) {
+        rvKey = objects[0];
+        nss_ZFreeIf(objects);
+    }
+    return rvKey;
+}
+
+/* XXX ?there are no session cert objects, so only search token objects */
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_FindPublicKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID)
+{
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE key_template[3];
+    CK_ULONG ktsize;
+    nssCryptokiObject **objects;
+    nssCryptokiObject *rvKey = NULL;
+
+    NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_pubkey);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
+    NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
+
+    objects = find_objects_by_template(token, sessionOpt,
+                                       key_template, ktsize,
+                                       1, NULL);
+    if (objects) {
+        rvKey = objects[0];
+        nss_ZFreeIf(objects);
+    }
+    return rvKey;
+}
+
+static void
+sha1_hash(NSSItem *input, NSSItem *output)
+{
+    NSSAlgorithmAndParameters *ap;
+    PK11SlotInfo *internal = PK11_GetInternalSlot();
+    NSSToken *token = PK11Slot_GetNSSToken(internal);
+    ap = NSSAlgorithmAndParameters_CreateSHA1Digest(NULL);
+    (void)nssToken_Digest(token, NULL, ap, input, output, NULL);
+    PK11_FreeSlot(token->pk11slot);
+    nss_ZFreeIf(ap);
+}
+
+static void
+md5_hash(NSSItem *input, NSSItem *output)
+{
+    NSSAlgorithmAndParameters *ap;
+    PK11SlotInfo *internal = PK11_GetInternalSlot();
+    NSSToken *token = PK11Slot_GetNSSToken(internal);
+    ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL);
+    (void)nssToken_Digest(token, NULL, ap, input, output, NULL);
+    PK11_FreeSlot(token->pk11slot);
+    nss_ZFreeIf(ap);
+}
+
+static CK_TRUST
+get_ck_trust(
+    nssTrustLevel nssTrust)
+{
+    CK_TRUST t;
+    switch (nssTrust) {
+        case nssTrustLevel_NotTrusted:
+            t = CKT_NSS_NOT_TRUSTED;
+            break;
+        case nssTrustLevel_TrustedDelegator:
+            t = CKT_NSS_TRUSTED_DELEGATOR;
+            break;
+        case nssTrustLevel_ValidDelegator:
+            t = CKT_NSS_VALID_DELEGATOR;
+            break;
+        case nssTrustLevel_Trusted:
+            t = CKT_NSS_TRUSTED;
+            break;
+        case nssTrustLevel_MustVerify:
+            t = CKT_NSS_MUST_VERIFY_TRUST;
+            break;
+        case nssTrustLevel_Unknown:
+        default:
+            t = CKT_NSS_TRUST_UNKNOWN;
+            break;
+    }
+    return t;
+}
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_ImportTrust(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTrustLevel serverAuth,
+    nssTrustLevel clientAuth,
+    nssTrustLevel codeSigning,
+    nssTrustLevel emailProtection,
+    PRBool stepUpApproved,
+    PRBool asTokenObject)
+{
+    nssCryptokiObject *object;
+    CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST;
+    CK_TRUST ckSA, ckCA, ckCS, ckEP;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE trust_tmpl[11];
+    CK_ULONG tsize;
+    PRUint8 sha1[20]; /* this is cheating... */
+    PRUint8 md5[16];
+    NSSItem sha1_result, md5_result;
+    sha1_result.data = sha1;
+    sha1_result.size = sizeof sha1;
+    md5_result.data = md5;
+    md5_result.size = sizeof md5;
+    sha1_hash(certEncoding, &sha1_result);
+    md5_hash(certEncoding, &md5_result);
+    ckSA = get_ck_trust(serverAuth);
+    ckCA = get_ck_trust(clientAuth);
+    ckCS = get_ck_trust(codeSigning);
+    ckEP = get_ck_trust(emailProtection);
+    NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize);
+    if (asTokenObject) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    } else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result);
+    /* now set the trust values */
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, ckSA);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP);
+    if (stepUpApproved) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
+                                  &g_ck_true);
+    } else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
+                                  &g_ck_false);
+    }
+    NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize);
+    /* import the trust object onto the token */
+    object = import_object(tok, sessionOpt, trust_tmpl, tsize);
+    if (object && tok->cache) {
+        nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
+                                         trust_tmpl, tsize);
+    }
+    return object;
+}
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_FindTrustForCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTokenSearchType searchType)
+{
+    CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE tobj_template[5];
+    CK_ULONG tobj_size;
+    nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
+    nssCryptokiObject *object = NULL, **objects;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return object;
+    }
+
+    NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
+    if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
+    NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
+    objects = find_objects_by_template(token, session,
+                                       tobj_template, tobj_size,
+                                       1, NULL);
+    if (objects) {
+        object = objects[0];
+        nss_ZFreeIf(objects);
+    }
+    return object;
+}
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssToken_ImportCRL(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    NSSDER *encoding,
+    PRBool isKRL,
+    NSSUTF8 *url,
+    PRBool asTokenObject)
+{
+    nssCryptokiObject *object;
+    CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE crl_tmpl[6];
+    CK_ULONG crlsize;
+
+    NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize);
+    if (asTokenObject) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    } else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
+    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_URL, url);
+    if (isKRL) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true);
+    } else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false);
+    }
+    NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize);
+
+    /* import the crl object onto the token */
+    object = import_object(token, sessionOpt, crl_tmpl, crlsize);
+    if (object && token->cache) {
+        nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
+                                         crl_tmpl, crlsize);
+    }
+    return object;
+}
+
+NSS_IMPLEMENT nssCryptokiObject **
+nssToken_FindCRLsBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE crlobj_template[3];
+    CK_ULONG crlobj_size;
+    nssCryptokiObject **objects = NULL;
+    nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return objects;
+    }
+
+    NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly ||
+               searchType == nssTokenSearchType_TokenForced) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+    NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size);
+
+    objects = find_objects_by_template(token, session,
+                                       crlobj_template, crlobj_size,
+                                       maximumOpt, statusOpt);
+    return objects;
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_GetCachedObjectAttributes(
+    NSSToken *token,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen)
+{
+    if (!token->cache) {
+        return PR_FAILURE;
+    }
+    return nssTokenObjectCache_GetObjectAttributes(token->cache, arenaOpt,
+                                                   object, objclass,
+                                                   atemplate, atlen);
+}
+
+NSS_IMPLEMENT NSSItem *
+nssToken_Digest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    CK_RV ckrv;
+    CK_ULONG digestLen;
+    CK_BYTE_PTR digest;
+    NSSItem *rvItem = NULL;
+    void *epv = nssToken_GetCryptokiEPV(tok);
+    nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return rvItem;
+    }
+
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
+    if (ckrv != CKR_OK) {
+        nssSession_ExitMonitor(session);
+        return NULL;
+    }
+#if 0
+    /* XXX the standard says this should work, but it doesn't */
+    ckrv = CKAPI(epv)->C_Digest(session->handle, NULL, 0, NULL, &digestLen);
+    if (ckrv != CKR_OK) {
+	nssSession_ExitMonitor(session);
+	return NULL;
+    }
+#endif
+    digestLen = 0; /* XXX for now */
+    digest = NULL;
+    if (rvOpt) {
+        if (rvOpt->size > 0 && rvOpt->size < digestLen) {
+            nssSession_ExitMonitor(session);
+            /* the error should be bad args */
+            return NULL;
+        }
+        if (rvOpt->data) {
+            digest = rvOpt->data;
+        }
+        digestLen = rvOpt->size;
+    }
+    if (!digest) {
+        digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
+        if (!digest) {
+            nssSession_ExitMonitor(session);
+            return NULL;
+        }
+    }
+    ckrv = CKAPI(epv)->C_Digest(session->handle,
+                                (CK_BYTE_PTR)data->data,
+                                (CK_ULONG)data->size,
+                                (CK_BYTE_PTR)digest,
+                                &digestLen);
+    nssSession_ExitMonitor(session);
+    if (ckrv != CKR_OK) {
+        nss_ZFreeIf(digest);
+        return NULL;
+    }
+    if (!rvOpt) {
+        rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
+    }
+    return rvItem;
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_BeginDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap)
+{
+    CK_RV ckrv;
+    void *epv = nssToken_GetCryptokiEPV(tok);
+    nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return PR_FAILURE;
+    }
+
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
+    nssSession_ExitMonitor(session);
+    return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_ContinueDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *item)
+{
+    CK_RV ckrv;
+    void *epv = nssToken_GetCryptokiEPV(tok);
+    nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return PR_FAILURE;
+    }
+
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_DigestUpdate(session->handle,
+                                      (CK_BYTE_PTR)item->data,
+                                      (CK_ULONG)item->size);
+    nssSession_ExitMonitor(session);
+    return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+nssToken_FinishDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    CK_RV ckrv;
+    CK_ULONG digestLen;
+    CK_BYTE_PTR digest;
+    NSSItem *rvItem = NULL;
+    void *epv = nssToken_GetCryptokiEPV(tok);
+    nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
+    }
+
+    nssSession_EnterMonitor(session);
+    ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen);
+    if (ckrv != CKR_OK || digestLen == 0) {
+        nssSession_ExitMonitor(session);
+        return NULL;
+    }
+    digest = NULL;
+    if (rvOpt) {
+        if (rvOpt->size > 0 && rvOpt->size < digestLen) {
+            nssSession_ExitMonitor(session);
+            /* the error should be bad args */
+            return NULL;
+        }
+        if (rvOpt->data) {
+            digest = rvOpt->data;
+        }
+        digestLen = rvOpt->size;
+    }
+    if (!digest) {
+        digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
+        if (!digest) {
+            nssSession_ExitMonitor(session);
+            return NULL;
+        }
+    }
+    ckrv = CKAPI(epv)->C_DigestFinal(session->handle, digest, &digestLen);
+    nssSession_ExitMonitor(session);
+    if (ckrv != CKR_OK) {
+        nss_ZFreeIf(digest);
+        return NULL;
+    }
+    if (!rvOpt) {
+        rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
+    }
+    return rvItem;
+}
+
+NSS_IMPLEMENT PRBool
+nssToken_IsPresent(
+    NSSToken *token)
+{
+    return nssSlot_IsTokenPresent(token->slot);
+}
+
+/* Sigh.  The methods to find objects declared above cause problems with
+ * the low-level object cache in the softoken -- the objects are found in
+ * toto, then one wave of GetAttributes is done, then another.  Having a
+ * large number of objects causes the cache to be thrashed, as the objects
+ * are gone before there's any chance to ask for their attributes.
+ * So, for now, bringing back traversal methods for certs.  This way all of
+ * the cert's attributes can be grabbed immediately after finding it,
+ * increasing the likelihood that the cache takes care of it.
+ */
+NSS_IMPLEMENT PRStatus
+nssToken_TraverseCertificates(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRStatus (*callback)(nssCryptokiObject *instance, void *arg),
+    void *arg)
+{
+    CK_RV ckrv;
+    CK_ULONG count;
+    CK_OBJECT_HANDLE *objectHandles;
+    CK_ATTRIBUTE_PTR attr;
+    CK_ATTRIBUTE cert_template[2];
+    CK_ULONG ctsize;
+    NSSArena *arena;
+    PRUint32 arraySize, numHandles;
+    nssCryptokiObject **objects;
+    void *epv = nssToken_GetCryptokiEPV(token);
+    nssSession *session = (sessionOpt) ? sessionOpt : token->defaultSession;
+
+    /* Don't ask the module to use an invalid session handle. */
+    if (!session || session->handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return PR_FAILURE;
+    }
+
+    /* template for all certs */
+    NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
+    if (searchType == nssTokenSearchType_SessionOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    } else if (searchType == nssTokenSearchType_TokenOnly ||
+               searchType == nssTokenSearchType_TokenForced) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
+
+    /* the arena is only for the array of object handles */
+    arena = nssArena_Create();
+    if (!arena) {
+        return PR_FAILURE;
+    }
+    arraySize = OBJECT_STACK_SIZE;
+    numHandles = 0;
+    objectHandles = nss_ZNEWARRAY(arena, CK_OBJECT_HANDLE, arraySize);
+    if (!objectHandles) {
+        goto loser;
+    }
+    nssSession_EnterMonitor(session); /* ==== session lock === */
+    /* Initialize the find with the template */
+    ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
+                                         cert_template, ctsize);
+    if (ckrv != CKR_OK) {
+        nssSession_ExitMonitor(session);
+        goto loser;
+    }
+    while (PR_TRUE) {
+        /* Issue the find for up to arraySize - numHandles objects */
+        ckrv = CKAPI(epv)->C_FindObjects(session->handle,
+                                         objectHandles + numHandles,
+                                         arraySize - numHandles,
+                                         &count);
+        if (ckrv != CKR_OK) {
+            nssSession_ExitMonitor(session);
+            goto loser;
+        }
+        /* bump the number of found objects */
+        numHandles += count;
+        if (numHandles < arraySize) {
+            break;
+        }
+        /* the array is filled, double it and continue */
+        arraySize *= 2;
+        objectHandles = nss_ZREALLOCARRAY(objectHandles,
+                                          CK_OBJECT_HANDLE,
+                                          arraySize);
+        if (!objectHandles) {
+            nssSession_ExitMonitor(session);
+            goto loser;
+        }
+    }
+    ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
+    nssSession_ExitMonitor(session); /* ==== end session lock === */
+    if (ckrv != CKR_OK) {
+        goto loser;
+    }
+    if (numHandles > 0) {
+        objects = create_objects_from_handles(token, session,
+                                              objectHandles, numHandles);
+        if (objects) {
+            nssCryptokiObject **op;
+            for (op = objects; *op; op++) {
+                (void)(*callback)(*op, arg);
+            }
+            nss_ZFreeIf(objects);
+        }
+    }
+    nssArena_Destroy(arena);
+    return PR_SUCCESS;
+loser:
+    nssArena_Destroy(arena);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRBool
+nssToken_IsPrivateKeyAvailable(
+    NSSToken *token,
+    NSSCertificate *c,
+    nssCryptokiObject *instance)
+{
+    CK_OBJECT_CLASS theClass;
+
+    if (token == NULL)
+        return PR_FALSE;
+    if (c == NULL)
+        return PR_FALSE;
+
+    theClass = CKO_PRIVATE_KEY;
+    if (!nssSlot_IsLoggedIn(token->slot)) {
+        theClass = CKO_PUBLIC_KEY;
+    }
+    if (PK11_MatchItem(token->pk11slot, instance->handle, theClass) !=
+        CK_INVALID_HANDLE) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
diff --git a/nss/lib/dev/devutil.c b/nss/lib/dev/devutil.c
new file mode 100644
index 0000000..b8f82c8
--- /dev/null
+++ b/nss/lib/dev/devutil.c
@@ -0,0 +1,998 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEVM_H
+#include "devm.h"
+#endif /* DEVM_H */
+
+#ifndef CKHELPER_H
+#include "ckhelper.h"
+#endif /* CKHELPER_H */
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssCryptokiObject_Create(
+    NSSToken *t,
+    nssSession *session,
+    CK_OBJECT_HANDLE h)
+{
+    PRStatus status;
+    NSSSlot *slot;
+    nssCryptokiObject *object;
+    CK_BBOOL *isTokenObject;
+    CK_ATTRIBUTE cert_template[] = {
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_LABEL, NULL, 0 }
+    };
+    slot = nssToken_GetSlot(t);
+    status = nssCKObject_GetAttributes(h, cert_template, 2,
+                                       NULL, session, slot);
+    nssSlot_Destroy(slot);
+    if (status != PR_SUCCESS) {
+        /* a failure here indicates a device error */
+        return (nssCryptokiObject *)NULL;
+    }
+    object = nss_ZNEW(NULL, nssCryptokiObject);
+    if (!object) {
+        return (nssCryptokiObject *)NULL;
+    }
+    object->handle = h;
+    object->token = nssToken_AddRef(t);
+    isTokenObject = (CK_BBOOL *)cert_template[0].pValue;
+    object->isTokenObject = *isTokenObject;
+    nss_ZFreeIf(isTokenObject);
+    NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label);
+    return object;
+}
+
+NSS_IMPLEMENT void
+nssCryptokiObject_Destroy(
+    nssCryptokiObject *object)
+{
+    if (object) {
+        nssToken_Destroy(object->token);
+        nss_ZFreeIf(object->label);
+        nss_ZFreeIf(object);
+    }
+}
+
+NSS_IMPLEMENT nssCryptokiObject *
+nssCryptokiObject_Clone(
+    nssCryptokiObject *object)
+{
+    nssCryptokiObject *rvObject;
+    rvObject = nss_ZNEW(NULL, nssCryptokiObject);
+    if (rvObject) {
+        rvObject->handle = object->handle;
+        rvObject->token = nssToken_AddRef(object->token);
+        rvObject->isTokenObject = object->isTokenObject;
+        if (object->label) {
+            rvObject->label = nssUTF8_Duplicate(object->label, NULL);
+        }
+    }
+    return rvObject;
+}
+
+NSS_EXTERN PRBool
+nssCryptokiObject_Equal(
+    nssCryptokiObject *o1,
+    nssCryptokiObject *o2)
+{
+    return (o1->token == o2->token && o1->handle == o2->handle);
+}
+
+NSS_IMPLEMENT PRUint32
+nssPKCS11String_Length(CK_CHAR *pkcs11Str, PRUint32 bufLen)
+{
+    PRInt32 i;
+    for (i = bufLen - 1; i >= 0;) {
+        if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0')
+            break;
+        --i;
+    }
+    return (PRUint32)(i + 1);
+}
+
+/*
+ * Slot arrays
+ */
+
+NSS_IMPLEMENT NSSSlot **
+nssSlotArray_Clone(
+    NSSSlot **slots)
+{
+    NSSSlot **rvSlots = NULL;
+    NSSSlot **sp = slots;
+    PRUint32 count = 0;
+    while (sp && *sp)
+        count++;
+    if (count > 0) {
+        rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
+        if (rvSlots) {
+            for (sp = slots, count = 0; *sp; sp++) {
+                rvSlots[count++] = nssSlot_AddRef(*sp);
+            }
+        }
+    }
+    return rvSlots;
+}
+
+NSS_IMPLEMENT void
+nssSlotArray_Destroy(
+    NSSSlot **slots)
+{
+    if (slots) {
+        NSSSlot **slotp;
+        for (slotp = slots; *slotp; slotp++) {
+            nssSlot_Destroy(*slotp);
+        }
+        nss_ZFreeIf(slots);
+    }
+}
+
+NSS_IMPLEMENT void
+NSSSlotArray_Destroy(
+    NSSSlot **slots)
+{
+    nssSlotArray_Destroy(slots);
+}
+
+NSS_IMPLEMENT void
+nssTokenArray_Destroy(
+    NSSToken **tokens)
+{
+    if (tokens) {
+        NSSToken **tokenp;
+        for (tokenp = tokens; *tokenp; tokenp++) {
+            nssToken_Destroy(*tokenp);
+        }
+        nss_ZFreeIf(tokens);
+    }
+}
+
+NSS_IMPLEMENT void
+NSSTokenArray_Destroy(
+    NSSToken **tokens)
+{
+    nssTokenArray_Destroy(tokens);
+}
+
+NSS_IMPLEMENT void
+nssCryptokiObjectArray_Destroy(
+    nssCryptokiObject **objects)
+{
+    if (objects) {
+        nssCryptokiObject **op;
+        for (op = objects; *op; op++) {
+            nssCryptokiObject_Destroy(*op);
+        }
+        nss_ZFreeIf(objects);
+    }
+}
+
+/* object cache for token */
+
+typedef struct
+{
+    NSSArena *arena;
+    nssCryptokiObject *object;
+    CK_ATTRIBUTE_PTR attributes;
+    CK_ULONG numAttributes;
+} nssCryptokiObjectAndAttributes;
+
+enum {
+    cachedCerts = 0,
+    cachedTrust = 1,
+    cachedCRLs = 2
+} cachedObjectType;
+
+struct nssTokenObjectCacheStr {
+    NSSToken *token;
+    PZLock *lock;
+    PRBool loggedIn;
+    PRBool doObjectType[3];
+    PRBool searchedObjectType[3];
+    nssCryptokiObjectAndAttributes **objects[3];
+};
+
+NSS_IMPLEMENT nssTokenObjectCache *
+nssTokenObjectCache_Create(
+    NSSToken *token,
+    PRBool cacheCerts,
+    PRBool cacheTrust,
+    PRBool cacheCRLs)
+{
+    nssTokenObjectCache *rvCache;
+    rvCache = nss_ZNEW(NULL, nssTokenObjectCache);
+    if (!rvCache) {
+        goto loser;
+    }
+    rvCache->lock = PZ_NewLock(nssILockOther); /* XXX */
+    if (!rvCache->lock) {
+        goto loser;
+    }
+    rvCache->doObjectType[cachedCerts] = cacheCerts;
+    rvCache->doObjectType[cachedTrust] = cacheTrust;
+    rvCache->doObjectType[cachedCRLs] = cacheCRLs;
+    rvCache->token = token; /* cache goes away with token */
+    return rvCache;
+loser:
+    nssTokenObjectCache_Destroy(rvCache);
+    return (nssTokenObjectCache *)NULL;
+}
+
+static void
+clear_cache(
+    nssTokenObjectCache *cache)
+{
+    nssCryptokiObjectAndAttributes **oa;
+    PRUint32 objectType;
+    for (objectType = cachedCerts; objectType <= cachedCRLs; objectType++) {
+        cache->searchedObjectType[objectType] = PR_FALSE;
+        if (!cache->objects[objectType]) {
+            continue;
+        }
+        for (oa = cache->objects[objectType]; *oa; oa++) {
+            /* prevent the token from being destroyed */
+            (*oa)->object->token = NULL;
+            nssCryptokiObject_Destroy((*oa)->object);
+            nssArena_Destroy((*oa)->arena);
+        }
+        nss_ZFreeIf(cache->objects[objectType]);
+        cache->objects[objectType] = NULL;
+    }
+}
+
+NSS_IMPLEMENT void
+nssTokenObjectCache_Clear(
+    nssTokenObjectCache *cache)
+{
+    if (cache) {
+        PZ_Lock(cache->lock);
+        clear_cache(cache);
+        PZ_Unlock(cache->lock);
+    }
+}
+
+NSS_IMPLEMENT void
+nssTokenObjectCache_Destroy(
+    nssTokenObjectCache *cache)
+{
+    if (cache) {
+        clear_cache(cache);
+        if (cache->lock) {
+            PZ_DestroyLock(cache->lock);
+        }
+        nss_ZFreeIf(cache);
+    }
+}
+
+NSS_IMPLEMENT PRBool
+nssTokenObjectCache_HaveObjectClass(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass)
+{
+    PRBool haveIt;
+    PZ_Lock(cache->lock);
+    switch (objclass) {
+        case CKO_CERTIFICATE:
+            haveIt = cache->doObjectType[cachedCerts];
+            break;
+        case CKO_NETSCAPE_TRUST:
+            haveIt = cache->doObjectType[cachedTrust];
+            break;
+        case CKO_NETSCAPE_CRL:
+            haveIt = cache->doObjectType[cachedCRLs];
+            break;
+        default:
+            haveIt = PR_FALSE;
+    }
+    PZ_Unlock(cache->lock);
+    return haveIt;
+}
+
+static nssCryptokiObjectAndAttributes **
+create_object_array(
+    nssCryptokiObject **objects,
+    PRBool *doObjects,
+    PRUint32 *numObjects,
+    PRStatus *status)
+{
+    nssCryptokiObjectAndAttributes **rvOandA = NULL;
+    *numObjects = 0;
+    /* There are no objects for this type */
+    if (!objects || !*objects) {
+        *status = PR_SUCCESS;
+        return rvOandA;
+    }
+    while (*objects++)
+        (*numObjects)++;
+    if (*numObjects >= MAX_LOCAL_CACHE_OBJECTS) {
+        /* Hit the maximum allowed, so don't use a cache (there are
+         * too many objects to make caching worthwhile, presumably, if
+         * the token can handle that many objects, it can handle searching.
+         */
+        *doObjects = PR_FALSE;
+        *status = PR_FAILURE;
+        *numObjects = 0;
+    } else {
+        rvOandA = nss_ZNEWARRAY(NULL,
+                                nssCryptokiObjectAndAttributes *,
+                                *numObjects + 1);
+        *status = rvOandA ? PR_SUCCESS : PR_FAILURE;
+    }
+    return rvOandA;
+}
+
+static nssCryptokiObjectAndAttributes *
+create_object(
+    nssCryptokiObject *object,
+    const CK_ATTRIBUTE_TYPE *types,
+    PRUint32 numTypes,
+    PRStatus *status)
+{
+    PRUint32 j;
+    NSSArena *arena = NULL;
+    NSSSlot *slot = NULL;
+    nssSession *session = NULL;
+    nssCryptokiObjectAndAttributes *rvCachedObject = NULL;
+
+    slot = nssToken_GetSlot(object->token);
+    if (!slot) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        goto loser;
+    }
+    session = nssToken_GetDefaultSession(object->token);
+    if (!session) {
+        nss_SetError(NSS_ERROR_INVALID_POINTER);
+        goto loser;
+    }
+    arena = nssArena_Create();
+    if (!arena) {
+        goto loser;
+    }
+    rvCachedObject = nss_ZNEW(arena, nssCryptokiObjectAndAttributes);
+    if (!rvCachedObject) {
+        goto loser;
+    }
+    rvCachedObject->arena = arena;
+    /* The cache is tied to the token, and therefore the objects
+     * in it should not hold references to the token.
+     */
+    nssToken_Destroy(object->token);
+    rvCachedObject->object = object;
+    rvCachedObject->attributes = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, numTypes);
+    if (!rvCachedObject->attributes) {
+        goto loser;
+    }
+    for (j = 0; j < numTypes; j++) {
+        rvCachedObject->attributes[j].type = types[j];
+    }
+    *status = nssCKObject_GetAttributes(object->handle,
+                                        rvCachedObject->attributes,
+                                        numTypes,
+                                        arena,
+                                        session,
+                                        slot);
+    if (*status != PR_SUCCESS) {
+        goto loser;
+    }
+    rvCachedObject->numAttributes = numTypes;
+    *status = PR_SUCCESS;
+    nssSlot_Destroy(slot);
+
+    return rvCachedObject;
+loser:
+    *status = PR_FAILURE;
+    if (slot) {
+        nssSlot_Destroy(slot);
+    }
+    if (arena)
+        nssArena_Destroy(arena);
+    return (nssCryptokiObjectAndAttributes *)NULL;
+}
+
+/*
+ *
+ * State diagram for cache:
+ *
+ *            token !present            token removed
+ *        +-------------------------+<----------------------+
+ *        |                         ^                       |
+ *        v                         |                       |
+ *  +----------+   slot friendly    |  token present   +----------+
+ *  |   cache  | -----------------> % ---------------> |   cache  |
+ *  | unloaded |                                       |  loaded  |
+ *  +----------+                                       +----------+
+ *    ^   |                                                 ^   |
+ *    |   |   slot !friendly           slot logged in       |   |
+ *    |   +-----------------------> % ----------------------+   |
+ *    |                             |                           |
+ *    | slot logged out             v  slot !friendly           |
+ *    +-----------------------------+<--------------------------+
+ *
+ */
+
+/* This function must not be called with cache->lock locked. */
+static PRBool
+token_is_present(
+    nssTokenObjectCache *cache)
+{
+    NSSSlot *slot = nssToken_GetSlot(cache->token);
+    PRBool tokenPresent = nssSlot_IsTokenPresent(slot);
+    nssSlot_Destroy(slot);
+    return tokenPresent;
+}
+
+static PRBool
+search_for_objects(
+    nssTokenObjectCache *cache)
+{
+    PRBool doSearch = PR_FALSE;
+    NSSSlot *slot = nssToken_GetSlot(cache->token);
+    /* Handle non-friendly slots (slots which require login for objects) */
+    if (!nssSlot_IsFriendly(slot)) {
+        if (nssSlot_IsLoggedIn(slot)) {
+            /* Either no state change, or went from !logged in -> logged in */
+            cache->loggedIn = PR_TRUE;
+            doSearch = PR_TRUE;
+        } else {
+            if (cache->loggedIn) {
+                /* went from logged in -> !logged in, destroy cached objects */
+                clear_cache(cache);
+                cache->loggedIn = PR_FALSE;
+            } /* else no state change, still not logged in, so exit */
+        }
+    } else {
+        /* slot is friendly, thus always available for search */
+        doSearch = PR_TRUE;
+    }
+    nssSlot_Destroy(slot);
+    return doSearch;
+}
+
+static nssCryptokiObjectAndAttributes *
+create_cert(
+    nssCryptokiObject *object,
+    PRStatus *status)
+{
+    static const CK_ATTRIBUTE_TYPE certAttr[] = {
+        CKA_CLASS,
+        CKA_TOKEN,
+        CKA_LABEL,
+        CKA_CERTIFICATE_TYPE,
+        CKA_ID,
+        CKA_VALUE,
+        CKA_ISSUER,
+        CKA_SERIAL_NUMBER,
+        CKA_SUBJECT,
+        CKA_NETSCAPE_EMAIL
+    };
+    static const PRUint32 numCertAttr = sizeof(certAttr) / sizeof(certAttr[0]);
+    return create_object(object, certAttr, numCertAttr, status);
+}
+
+static nssCryptokiObjectAndAttributes *
+create_trust(
+    nssCryptokiObject *object,
+    PRStatus *status)
+{
+    static const CK_ATTRIBUTE_TYPE trustAttr[] = {
+        CKA_CLASS,
+        CKA_TOKEN,
+        CKA_LABEL,
+        CKA_CERT_SHA1_HASH,
+        CKA_CERT_MD5_HASH,
+        CKA_ISSUER,
+        CKA_SUBJECT,
+        CKA_TRUST_SERVER_AUTH,
+        CKA_TRUST_CLIENT_AUTH,
+        CKA_TRUST_EMAIL_PROTECTION,
+        CKA_TRUST_CODE_SIGNING
+    };
+    static const PRUint32 numTrustAttr = sizeof(trustAttr) / sizeof(trustAttr[0]);
+    return create_object(object, trustAttr, numTrustAttr, status);
+}
+
+static nssCryptokiObjectAndAttributes *
+create_crl(
+    nssCryptokiObject *object,
+    PRStatus *status)
+{
+    static const CK_ATTRIBUTE_TYPE crlAttr[] = {
+        CKA_CLASS,
+        CKA_TOKEN,
+        CKA_LABEL,
+        CKA_VALUE,
+        CKA_SUBJECT,
+        CKA_NETSCAPE_KRL,
+        CKA_NETSCAPE_URL
+    };
+    static const PRUint32 numCRLAttr = sizeof(crlAttr) / sizeof(crlAttr[0]);
+    return create_object(object, crlAttr, numCRLAttr, status);
+}
+
+/* Dispatch to the create function for the object type */
+static nssCryptokiObjectAndAttributes *
+create_object_of_type(
+    nssCryptokiObject *object,
+    PRUint32 objectType,
+    PRStatus *status)
+{
+    if (objectType == cachedCerts) {
+        return create_cert(object, status);
+    }
+    if (objectType == cachedTrust) {
+        return create_trust(object, status);
+    }
+    if (objectType == cachedCRLs) {
+        return create_crl(object, status);
+    }
+    return (nssCryptokiObjectAndAttributes *)NULL;
+}
+
+static PRStatus
+get_token_objects_for_cache(
+    nssTokenObjectCache *cache,
+    PRUint32 objectType,
+    CK_OBJECT_CLASS objclass)
+{
+    PRStatus status;
+    nssCryptokiObject **objects;
+    PRBool *doIt = &cache->doObjectType[objectType];
+    PRUint32 i, numObjects;
+
+    if (!search_for_objects(cache) ||
+        cache->searchedObjectType[objectType] ||
+        !cache->doObjectType[objectType]) {
+        /* Either there was a state change that prevents a search
+         * (token logged out), or the search was already done,
+         * or objects of this type are not being cached.
+         */
+        return PR_SUCCESS;
+    }
+    objects = nssToken_FindObjects(cache->token, NULL, objclass,
+                                   nssTokenSearchType_TokenForced,
+                                   MAX_LOCAL_CACHE_OBJECTS, &status);
+    if (status != PR_SUCCESS) {
+        return status;
+    }
+    cache->objects[objectType] = create_object_array(objects,
+                                                     doIt,
+                                                     &numObjects,
+                                                     &status);
+    if (status != PR_SUCCESS) {
+        nss_ZFreeIf(objects);
+        return status;
+    }
+    for (i = 0; i < numObjects; i++) {
+        cache->objects[objectType][i] = create_object_of_type(objects[i],
+                                                              objectType,
+                                                              &status);
+        if (status != PR_SUCCESS) {
+            break;
+        }
+    }
+    if (status == PR_SUCCESS) {
+        nss_ZFreeIf(objects);
+    } else {
+        PRUint32 j;
+        for (j = 0; j < i; j++) {
+            /* sigh */
+            nssToken_AddRef(cache->objects[objectType][j]->object->token);
+            nssArena_Destroy(cache->objects[objectType][j]->arena);
+        }
+        nss_ZFreeIf(cache->objects[objectType]);
+        cache->objects[objectType] = NULL;
+        nssCryptokiObjectArray_Destroy(objects);
+    }
+    cache->searchedObjectType[objectType] = PR_TRUE;
+    return status;
+}
+
+static CK_ATTRIBUTE_PTR
+find_attribute_in_object(
+    nssCryptokiObjectAndAttributes *obj,
+    CK_ATTRIBUTE_TYPE attrType)
+{
+    PRUint32 j;
+    for (j = 0; j < obj->numAttributes; j++) {
+        if (attrType == obj->attributes[j].type) {
+            return &obj->attributes[j];
+        }
+    }
+    return (CK_ATTRIBUTE_PTR)NULL;
+}
+
+/* Find all objects in the array that match the supplied template */
+static nssCryptokiObject **
+find_objects_in_array(
+    nssCryptokiObjectAndAttributes **objArray,
+    CK_ATTRIBUTE_PTR ot,
+    CK_ULONG otlen,
+    PRUint32 maximumOpt)
+{
+    PRIntn oi = 0;
+    PRUint32 i;
+    NSSArena *arena;
+    PRUint32 size = 8;
+    PRUint32 numMatches = 0;
+    nssCryptokiObject **objects = NULL;
+    nssCryptokiObjectAndAttributes **matches = NULL;
+    CK_ATTRIBUTE_PTR attr;
+
+    if (!objArray) {
+        return (nssCryptokiObject **)NULL;
+    }
+    arena = nssArena_Create();
+    if (!arena) {
+        return (nssCryptokiObject **)NULL;
+    }
+    matches = nss_ZNEWARRAY(arena, nssCryptokiObjectAndAttributes *, size);
+    if (!matches) {
+        goto loser;
+    }
+    if (maximumOpt == 0)
+        maximumOpt = ~0;
+    /* loop over the cached objects */
+    for (; *objArray && numMatches < maximumOpt; objArray++) {
+        nssCryptokiObjectAndAttributes *obj = *objArray;
+        /* loop over the test template */
+        for (i = 0; i < otlen; i++) {
+            /* see if the object has the attribute */
+            attr = find_attribute_in_object(obj, ot[i].type);
+            if (!attr) {
+                /* nope, match failed */
+                break;
+            }
+            /* compare the attribute against the test value */
+            if (ot[i].ulValueLen != attr->ulValueLen ||
+                !nsslibc_memequal(ot[i].pValue,
+                                  attr->pValue,
+                                  attr->ulValueLen, NULL)) {
+                /* nope, match failed */
+                break;
+            }
+        }
+        if (i == otlen) {
+            /* all of the attributes in the test template were found
+             * in the object's template, and they all matched
+             */
+            matches[numMatches++] = obj;
+            if (numMatches == size) {
+                size *= 2;
+                matches = nss_ZREALLOCARRAY(matches,
+                                            nssCryptokiObjectAndAttributes *,
+                                            size);
+                if (!matches) {
+                    goto loser;
+                }
+            }
+        }
+    }
+    if (numMatches > 0) {
+        objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1);
+        if (!objects) {
+            goto loser;
+        }
+        for (oi = 0; oi < (PRIntn)numMatches; oi++) {
+            objects[oi] = nssCryptokiObject_Clone(matches[oi]->object);
+            if (!objects[oi]) {
+                goto loser;
+            }
+        }
+    }
+    nssArena_Destroy(arena);
+    return objects;
+loser:
+    nssCryptokiObjectArray_Destroy(objects);
+    nssArena_Destroy(arena);
+    return (nssCryptokiObject **)NULL;
+}
+
+NSS_IMPLEMENT nssCryptokiObject **
+nssTokenObjectCache_FindObjectsByTemplate(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR otemplate,
+    CK_ULONG otlen,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
+{
+    PRStatus status = PR_FAILURE;
+    nssCryptokiObject **rvObjects = NULL;
+    PRUint32 objectType;
+    if (!token_is_present(cache)) {
+        status = PR_SUCCESS;
+        goto finish;
+    }
+    switch (objclass) {
+        case CKO_CERTIFICATE:
+            objectType = cachedCerts;
+            break;
+        case CKO_NETSCAPE_TRUST:
+            objectType = cachedTrust;
+            break;
+        case CKO_NETSCAPE_CRL:
+            objectType = cachedCRLs;
+            break;
+        default:
+            goto finish;
+    }
+    PZ_Lock(cache->lock);
+    if (cache->doObjectType[objectType]) {
+        status = get_token_objects_for_cache(cache, objectType, objclass);
+        if (status == PR_SUCCESS) {
+            rvObjects = find_objects_in_array(cache->objects[objectType],
+                                              otemplate, otlen, maximumOpt);
+        }
+    }
+    PZ_Unlock(cache->lock);
+finish:
+    if (statusOpt) {
+        *statusOpt = status;
+    }
+    return rvObjects;
+}
+
+static PRBool
+cache_available_for_object_type(
+    nssTokenObjectCache *cache,
+    PRUint32 objectType)
+{
+    if (!cache->doObjectType[objectType]) {
+        /* not caching this object kind */
+        return PR_FALSE;
+    }
+    if (!cache->searchedObjectType[objectType]) {
+        /* objects are not cached yet */
+        return PR_FALSE;
+    }
+    if (!search_for_objects(cache)) {
+        /* not logged in */
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+NSS_IMPLEMENT PRStatus
+nssTokenObjectCache_GetObjectAttributes(
+    nssTokenObjectCache *cache,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen)
+{
+    PRUint32 i, j;
+    NSSArena *arena = NULL;
+    nssArenaMark *mark = NULL;
+    nssCryptokiObjectAndAttributes *cachedOA = NULL;
+    nssCryptokiObjectAndAttributes **oa = NULL;
+    PRUint32 objectType;
+    if (!token_is_present(cache)) {
+        return PR_FAILURE;
+    }
+    PZ_Lock(cache->lock);
+    switch (objclass) {
+        case CKO_CERTIFICATE:
+            objectType = cachedCerts;
+            break;
+        case CKO_NETSCAPE_TRUST:
+            objectType = cachedTrust;
+            break;
+        case CKO_NETSCAPE_CRL:
+            objectType = cachedCRLs;
+            break;
+        default:
+            goto loser;
+    }
+    if (!cache_available_for_object_type(cache, objectType)) {
+        goto loser;
+    }
+    oa = cache->objects[objectType];
+    if (!oa) {
+        goto loser;
+    }
+    for (; *oa; oa++) {
+        if (nssCryptokiObject_Equal((*oa)->object, object)) {
+            cachedOA = *oa;
+            break;
+        }
+    }
+    if (!cachedOA) {
+        goto loser; /* don't have this object */
+    }
+    if (arenaOpt) {
+        arena = arenaOpt;
+        mark = nssArena_Mark(arena);
+    }
+    for (i = 0; i < atlen; i++) {
+        for (j = 0; j < cachedOA->numAttributes; j++) {
+            if (atemplate[i].type == cachedOA->attributes[j].type) {
+                CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j];
+                if (cachedOA->attributes[j].ulValueLen == 0 ||
+                    cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1) {
+                    break; /* invalid attribute */
+                }
+                if (atemplate[i].ulValueLen > 0) {
+                    if (atemplate[i].pValue == NULL ||
+                        atemplate[i].ulValueLen < attr->ulValueLen) {
+                        goto loser;
+                    }
+                } else {
+                    atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
+                    if (!atemplate[i].pValue) {
+                        goto loser;
+                    }
+                }
+                nsslibc_memcpy(atemplate[i].pValue,
+                               attr->pValue, attr->ulValueLen);
+                atemplate[i].ulValueLen = attr->ulValueLen;
+                break;
+            }
+        }
+        if (j == cachedOA->numAttributes) {
+            atemplate[i].ulValueLen = (CK_ULONG)-1;
+        }
+    }
+    PZ_Unlock(cache->lock);
+    if (mark) {
+        nssArena_Unmark(arena, mark);
+    }
+    return PR_SUCCESS;
+loser:
+    PZ_Unlock(cache->lock);
+    if (mark) {
+        nssArena_Release(arena, mark);
+    }
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+nssTokenObjectCache_ImportObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR ot,
+    CK_ULONG otlen)
+{
+    PRStatus status = PR_SUCCESS;
+    PRUint32 count;
+    nssCryptokiObjectAndAttributes **oa, ***otype;
+    PRUint32 objectType;
+    PRBool haveIt = PR_FALSE;
+
+    if (!token_is_present(cache)) {
+        return PR_SUCCESS; /* cache not active, ignored */
+    }
+    PZ_Lock(cache->lock);
+    switch (objclass) {
+        case CKO_CERTIFICATE:
+            objectType = cachedCerts;
+            break;
+        case CKO_NETSCAPE_TRUST:
+            objectType = cachedTrust;
+            break;
+        case CKO_NETSCAPE_CRL:
+            objectType = cachedCRLs;
+            break;
+        default:
+            PZ_Unlock(cache->lock);
+            return PR_SUCCESS; /* don't need to import it here */
+    }
+    if (!cache_available_for_object_type(cache, objectType)) {
+        PZ_Unlock(cache->lock);
+        return PR_SUCCESS; /* cache not active, ignored */
+    }
+    count = 0;
+    otype = &cache->objects[objectType]; /* index into array of types */
+    oa = *otype;                         /* the array of objects for this type */
+    while (oa && *oa) {
+        if (nssCryptokiObject_Equal((*oa)->object, object)) {
+            haveIt = PR_TRUE;
+            break;
+        }
+        count++;
+        oa++;
+    }
+    if (haveIt) {
+        /* Destroy the old entry */
+        (*oa)->object->token = NULL;
+        nssCryptokiObject_Destroy((*oa)->object);
+        nssArena_Destroy((*oa)->arena);
+    } else {
+        /* Create space for a new entry */
+        if (count > 0) {
+            *otype = nss_ZREALLOCARRAY(*otype,
+                                       nssCryptokiObjectAndAttributes *,
+                                       count + 2);
+        } else {
+            *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
+        }
+    }
+    if (*otype) {
+        nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
+        (*otype)[count] = create_object_of_type(copyObject, objectType,
+                                                &status);
+    } else {
+        status = PR_FAILURE;
+    }
+    PZ_Unlock(cache->lock);
+    return status;
+}
+
+NSS_IMPLEMENT void
+nssTokenObjectCache_RemoveObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object)
+{
+    PRUint32 oType;
+    nssCryptokiObjectAndAttributes **oa, **swp = NULL;
+    if (!token_is_present(cache)) {
+        return;
+    }
+    PZ_Lock(cache->lock);
+    for (oType = 0; oType < 3; oType++) {
+        if (!cache_available_for_object_type(cache, oType) ||
+            !cache->objects[oType]) {
+            continue;
+        }
+        for (oa = cache->objects[oType]; *oa; oa++) {
+            if (nssCryptokiObject_Equal((*oa)->object, object)) {
+                swp = oa; /* the entry to remove */
+                while (oa[1])
+                    oa++; /* go to the tail */
+                (*swp)->object->token = NULL;
+                nssCryptokiObject_Destroy((*swp)->object);
+                nssArena_Destroy((*swp)->arena); /* destroy it */
+                *swp = *oa;                      /* swap the last with the removed */
+                *oa = NULL;                      /* null-terminate the array */
+                break;
+            }
+        }
+        if (swp) {
+            break;
+        }
+    }
+    if ((oType < 3) &&
+        cache->objects[oType] && cache->objects[oType][0] == NULL) {
+        nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */
+        cache->objects[oType] = NULL;
+    }
+    PZ_Unlock(cache->lock);
+}
+
+/* These two hash algorithms are presently sufficient.
+** They are used for fingerprints of certs which are stored as the
+** CKA_CERT_SHA1_HASH and CKA_CERT_MD5_HASH attributes.
+** We don't need to add SHAxxx to these now.
+*/
+/* XXX of course this doesn't belong here */
+NSS_IMPLEMENT NSSAlgorithmAndParameters *
+NSSAlgorithmAndParameters_CreateSHA1Digest(
+    NSSArena *arenaOpt)
+{
+    NSSAlgorithmAndParameters *rvAP = NULL;
+    rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
+    if (rvAP) {
+        rvAP->mechanism.mechanism = CKM_SHA_1;
+        rvAP->mechanism.pParameter = NULL;
+        rvAP->mechanism.ulParameterLen = 0;
+    }
+    return rvAP;
+}
+
+NSS_IMPLEMENT NSSAlgorithmAndParameters *
+NSSAlgorithmAndParameters_CreateMD5Digest(
+    NSSArena *arenaOpt)
+{
+    NSSAlgorithmAndParameters *rvAP = NULL;
+    rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
+    if (rvAP) {
+        rvAP->mechanism.mechanism = CKM_MD5;
+        rvAP->mechanism.pParameter = NULL;
+        rvAP->mechanism.ulParameterLen = 0;
+    }
+    return rvAP;
+}
diff --git a/nss/lib/dev/exports.gyp b/nss/lib/dev/exports.gyp
new file mode 100644
index 0000000..92cf756
--- /dev/null
+++ b/nss/lib/dev/exports.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_dev_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'ckhelper.h',
+            'dev.h',
+            'devm.h',
+            'devt.h',
+            'devtm.h',
+            'nssdev.h',
+            'nssdevt.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/dev/manifest.mn b/nss/lib/dev/manifest.mn
new file mode 100644
index 0000000..45c7509
--- /dev/null
+++ b/nss/lib/dev/manifest.mn
@@ -0,0 +1,35 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+PRIVATE_EXPORTS = \
+	ckhelper.h \
+	devm.h     \
+	devtm.h    \
+	devt.h     \
+	dev.h      \
+	nssdevt.h  \
+	nssdev.h   \
+	$(NULL)
+
+EXPORTS =	   \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS =		        \
+	devslot.c       \
+	devtoken.c      \
+	devutil.c       \
+	ckhelper.c      \
+	$(NULL)
+
+REQUIRES = nspr
+
+LIBRARY_NAME = nssdev
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/dev/nssdev.h b/nss/lib/dev/nssdev.h
new file mode 100644
index 0000000..1066ec6
--- /dev/null
+++ b/nss/lib/dev/nssdev.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSDEV_H
+#define NSSDEV_H
+
+/*
+ * nssdev.h
+ *
+ * High-level methods for interaction with cryptoki devices
+ */
+
+#ifndef NSSDEVT_H
+#include "nssdevt.h"
+#endif /* NSSDEVT_H */
+
+PR_BEGIN_EXTERN_C
+
+/* NSSAlgorithmAndParameters
+ *
+ * NSSAlgorithmAndParameters_CreateSHA1Digest
+ * NSSAlgorithmAndParameters_CreateMD5Digest
+ */
+
+NSS_EXTERN NSSAlgorithmAndParameters *
+NSSAlgorithmAndParameters_CreateSHA1Digest(
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSAlgorithmAndParameters *
+NSSAlgorithmAndParameters_CreateMD5Digest(
+    NSSArena *arenaOpt);
+
+PR_END_EXTERN_C
+
+#endif /* DEV_H */
diff --git a/nss/lib/dev/nssdevt.h b/nss/lib/dev/nssdevt.h
new file mode 100644
index 0000000..b7b7b1e
--- /dev/null
+++ b/nss/lib/dev/nssdevt.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSDEVT_H
+#define NSSDEVT_H
+
+/*
+ * nssdevt.h
+ *
+ * This file contains definitions for the low-level cryptoki devices.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef NSSPKIT_H
+#include "nsspkit.h"
+#endif /* NSSPKIT_H */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * NSSModule and NSSSlot -- placeholders for the PKCS#11 types
+ */
+
+typedef struct NSSModuleStr NSSModule;
+
+typedef struct NSSSlotStr NSSSlot;
+
+typedef struct NSSTokenStr NSSToken;
+
+PR_END_EXTERN_C
+
+#endif /* NSSDEVT_H */
diff --git a/nss/lib/freebl/Makefile b/nss/lib/freebl/Makefile
new file mode 100644
index 0000000..aa02f4b
--- /dev/null
+++ b/nss/lib/freebl/Makefile
@@ -0,0 +1,751 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+# default for all platforms
+# unset this on those that have multiple freebl libraries
+FREEBL_BUILD_SINGLE_SHLIB = 1
+
+ifdef USE_64
+	DEFINES += -DNSS_USE_64
+endif
+
+ifdef USE_ABI32_FPU
+	DEFINES += -DNSS_USE_ABI32_FPU
+endif
+
+ifeq ($(FREEBL_NO_DEPEND),1)
+	DEFINES += -DFREEBL_NO_DEPEND
+	STUBS_SRCS = stubs.c
+endif
+
+ifeq ($(FREEBL_LOWHASH),1)
+	DEFINES += -DFREEBL_LOWHASH
+	LOWHASH_SRCS = nsslowhash.c
+	LOWHASH_EXPORTS = nsslowhash.h
+	MAPFILE_SOURCE = freebl_hash_vector.def
+	NEED_STUB_BUILD = 1
+else
+	MAPFILE_SOURCE = freebl.def
+endif
+
+ifdef USE_STUB_BUILD
+	CSRCS           = lowhash_vector.c
+	SIMPLE_OBJS     = $(CSRCS:.c=$(OBJ_SUFFIX))
+	OBJS            = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
+	ALL_TRASH :=    $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
+                $(NOSUCHFILE) so_locations
+	MAPFILE_SOURCE = freebl_hash.def
+endif
+
+# FREEBL_USE_PRELINK
+#
+# Most modern version of Linux support a speed optimization scheme where an
+# application called prelink modifies programs and shared libraries to quickly
+# load if they fit into an already designed address space. In short, prelink
+# scans the list of programs and libraries on your system, assigns them a
+# predefined space in the the address space, then provides the fixups to the
+# library.
+#
+# The modification of the shared library is correctly detected by the freebl
+# FIPS checksum scheme where we check a signed hash of the library against the
+# library itself.
+#
+# The prelink command itself can reverse the process of modification and output
+# the prestine shared library as it was before prelink made it's changes.
+# This option tells Freebl could use prelink to output the original copy of
+# the shared library before prelink modified it.
+#
+# FREEBL_PRELINK_COMMAND
+#
+# This is an optional environment variable which can override the default
+# prelink command. It could be used on systems that did something similiar to 
+# prelink but used a different command and syntax. The only requirement is the 
+# program must take the library as the last argument, the program must output 
+# the original library to standard out, and the program does not need to take 
+# any quoted or imbedded spaces in its arguments (except the path to the 
+# library itself, which can have imbedded spaces or special characters).
+#
+ifdef FREEBL_USE_PRELINK
+	DEFINES += -DFREEBL_USE_PRELINK
+ifdef LINUX
+	DEFINES += -D__GNU_SOURCE=1
+endif
+endif
+ifdef NSS_NO_INIT_SUPPORT
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif
+
+ifdef FREEBL_PRELINK_COMMAND
+	DEFINES +=-DFREEBL_PRELINK_COMMAND=\"$(FREEBL_PRELINK_COMMAND)\"
+endif
+# NSS_X86 means the target is a 32-bits x86 CPU architecture
+# NSS_X64 means the target is a 64-bits 64 CPU architecture
+# NSS_X86_OR_X64 means the target is either x86 or x64
+ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
+        DEFINES += -DNSS_X86_OR_X64
+ifneq (,$(USE_64)$(USE_X32))
+        DEFINES += -DNSS_X64
+else
+        DEFINES += -DNSS_X86
+endif
+endif
+
+ifeq ($(OS_TARGET),OSF1)
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_NO_MP_WORD
+    MPI_SRCS += mpvalpha.c
+endif
+
+ifeq (OS2,$(OS_TARGET))
+    ASFILES  = mpi_x86_os2.s
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+    DEFINES += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+endif
+
+ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
+ifndef USE_64
+# 32-bit Windows
+ifdef NS_USE_GCC
+# Ideally, we want to use assembler
+#     ASFILES  = mpi_x86.s
+#     DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE \
+#                -DMP_ASSEMBLY_DIV_2DX1D
+# but we haven't figured out how to make it work, so we are not
+# using assembler right now.
+    ASFILES  =
+    DEFINES += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT
+else
+# MSVC
+    MPI_SRCS += mpi_x86_asm.c
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    ifdef BUILD_OPT
+	OPTIMIZER += -Ox  # maximum optimization for freebl
+    endif
+    # The Intel AES assembly code requires Visual C++ 2010.
+    # if $(_MSC_VER) >= 1600 (Visual C++ 2010)
+    ifeq ($(firstword $(sort $(_MSC_VER) 1600)),1600)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x86-masm.asm intel-gcm-x86-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+	ifeq ($(CLANG_CL),1)
+	    INTEL_GCM_CLANG_CL = 1
+	endif
+    endif
+endif
+else
+    # -DMP_NO_MP_WORD
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+ifdef NS_USE_GCC
+# Ideally, we should use amd64 assembly code, but it's not yet mingw-w64
+# compatible.
+else
+# MSVC
+    ifdef BUILD_OPT
+	OPTIMIZER += -Ox  # maximum optimization for freebl
+    endif
+    ASFILES  = arcfour-amd64-masm.asm mpi_amd64_masm.asm mp_comba_amd64_masm.asm
+    DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+    DEFINES += -DNSS_USE_COMBA
+    # The Intel AES assembly code requires Visual C++ 2010 (10.0). The _xgetbv
+    # compiler intrinsic function requires Visual C++ 2010 (10.0) SP1.
+    ifeq ($(_MSC_VER_GE_10SP1),1)
+	DEFINES += -DUSE_HW_AES -DINTEL_GCM
+	ASFILES += intel-aes-x64-masm.asm intel-gcm-x64-masm.asm
+	EXTRA_SRCS += intel-gcm-wrap.c
+	ifeq ($(CLANG_CL),1)
+	    INTEL_GCM_CLANG_CL = 1
+	endif
+    endif
+    MPI_SRCS += mpi_amd64.c
+endif
+endif
+endif
+
+ifeq ($(OS_TARGET),IRIX)
+ifeq ($(USE_N32),1)
+    ASFILES  = mpi_mips.s
+    ifeq ($(NS_USE_GCC),1)
+	ASFLAGS = -Wp,-P -Wp,-traditional -O -mips3
+    else
+	ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 
+    endif
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_USE_UINT_DIGIT
+endif
+endif
+
+ifeq ($(OS_TARGET),Darwin)
+ifeq ($(CPU_ARCH),x86)
+    ASFILES  = mpi_sse2.s
+    DEFINES += -DMP_USE_UINT_DIGIT
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+endif
+endif # Darwin
+
+ifeq ($(OS_TARGET),Linux)
+ifeq ($(CPU_ARCH),x86_64)
+    ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
+    ASFLAGS += -fPIC -Wa,--noexecstack
+    DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+    DEFINES += -DNSS_USE_COMBA
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+#   DEFINES += -DMPI_AMD64_ADD
+    # comment the next four lines to turn off Intel HW acceleration.
+    DEFINES += -DUSE_HW_AES -DINTEL_GCM
+    ASFILES += intel-aes.s intel-gcm.s
+    EXTRA_SRCS += intel-gcm-wrap.c
+    INTEL_GCM = 1
+    MPI_SRCS += mpi_amd64.c mp_comba.c
+endif
+ifeq ($(CPU_ARCH),x86)
+    ASFILES  = mpi_x86.s
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+    DEFINES += -DMP_ASSEMBLY_DIV_2DX1D -DMP_USE_UINT_DIGIT
+    DEFINES += -DMP_IS_LITTLE_ENDIAN
+endif
+ifeq ($(CPU_ARCH),arm)
+    DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+    DEFINES += -DMP_USE_UINT_DIGIT
+    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
+    MPI_SRCS += mpi_arm.c
+endif
+ifeq ($(CPU_ARCH),ppc)
+ifdef USE_64
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif # USE_64
+endif # ppc
+endif # Linux
+
+ifeq ($(OS_TARGET),AIX)
+    DEFINES += -DMP_USE_UINT_DIGIT
+    ifndef USE_64
+	DEFINES += -DMP_NO_DIV_WORD -DMP_NO_ADD_WORD -DMP_NO_SUB_WORD
+    endif
+endif # AIX
+
+ifeq ($(OS_TARGET), HP-UX)
+ifneq ($(OS_TEST), ia64)
+# PA-RISC
+ASFILES += ret_cr16.s
+ifndef USE_64
+    FREEBL_BUILD_SINGLE_SHLIB = 
+    HAVE_ABI32_INT32 = 1
+    HAVE_ABI32_FPU = 1
+endif
+ifdef FREEBL_CHILD_BUILD
+ifdef USE_ABI32_INT32
+# build for DA1.1 (HP PA 1.1) 32-bit ABI build with 32-bit arithmetic
+    DEFINES  += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+    DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
+else
+ifdef USE_64
+# this builds for DA2.0W (HP PA 2.0 Wide), the LP64 ABI, using 64-bit digits 
+    MPI_SRCS += mpi_hp.c 
+    ASFILES  += hpma512.s hppa20.s 
+    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+else
+# this builds for DA2.0 (HP PA 2.0 Narrow) ABI32_FPU model 
+# (the 32-bit ABI with 64-bit registers) using 64-bit digits
+    MPI_SRCS += mpi_hp.c 
+    ASFILES  += hpma512.s hppa20.s 
+    DEFINES  += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+ifndef NS_USE_GCC
+    ARCHFLAG = -Aa +e +DA2.0 +DS2.0
+endif
+endif
+endif
+endif
+endif
+endif
+
+# The blapi functions are defined not only in the freebl shared
+# libraries but also in the shared libraries linked with loader.c
+# (libsoftokn3.so and libssl3.so).  We need to use GNU ld's
+# -Bsymbolic option or the equivalent option for other linkers
+# to bind the blapi function references in FREEBLVector vector
+# (ldvector.c) to the blapi functions defined in the freebl
+# shared libraries.
+ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET)))
+    MKSHLIB += -Wl,-Bsymbolic
+endif
+
+ifeq ($(OS_TARGET),SunOS)
+
+ifdef NS_USE_GCC
+    ifdef GCC_USE_GNU_LD
+	MKSHLIB += -Wl,-Bsymbolic,-z,now,-z,text
+    else
+	MKSHLIB += -Wl,-B,symbolic,-z,now,-z,text
+    endif # GCC_USE_GNU_LD
+else
+    MKSHLIB += -B symbolic -z now -z text
+endif # NS_USE_GCC
+
+# Sun's WorkShop defines v8, v8plus and v9 architectures.
+# gcc on Solaris defines v8 and v9 "cpus".  
+# gcc's v9 is equivalent to Workshop's v8plus.
+# gcc's -m64 is equivalent to Workshop's v9
+# We always use Sun's assembler, which uses Sun's naming convention.
+ifeq ($(CPU_ARCH),sparc)
+    FREEBL_BUILD_SINGLE_SHLIB=
+    ifdef USE_64
+        HAVE_ABI64_INT = 1
+        HAVE_ABI64_FPU = 1
+    else
+        HAVE_ABI32_FPU = 1
+        HAVE_ABI32_INT64 = 1
+    endif
+    SYSV_SPARC = 1
+    SOLARIS_AS = /usr/ccs/bin/as
+    #### set arch, asm, c flags
+    ifdef NS_USE_GCC
+	ifdef USE_ABI32_INT64
+	    ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plus
+	    SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC
+	endif
+	ifdef USE_ABI32_FPU
+	    ARCHFLAG=-mcpu=v9 -Wa,-xarch=v8plusa
+	    SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC
+	endif # USE_ABI32_FPU
+	ifdef USE_ABI64_INT
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9
+	    SOLARIS_AS_FLAGS = -xarch=v9 -K PIC
+	endif
+	ifdef USE_ABI64_FPU
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    # It uses floating point, and 32-bit word size
+	    ARCHFLAG += -mcpu=v9 -Wa,-xarch=v9a
+	    SOLARIS_AS_FLAGS = -xarch=v9a -K PIC
+	endif
+    else # NS_USE_GCC
+	# FPU_TARGET_OPTIMIZER specifies the target processor and cache
+	# properties of the ABI32_FPU and ABI64_FPU architectures for use
+	# by the optimizer.
+	ifeq (,$(findstring Sun WorkShop 6,$(shell $(CC) -V 2>&1)))
+	    # if the compiler is not Forte 6
+	    FPU_TARGET_OPTIMIZER = -xcache=64/32/4:1024/64/4 -xchip=ultra3
+	else
+	    # Forte 6 C compiler generates incorrect code for rijndael.c
+	    # if -xchip=ultra3 is used (Bugzilla bug 333925).  So we revert
+	    # to what we used in NSS 3.10.
+	    FPU_TARGET_OPTIMIZER = -xchip=ultra2
+	endif
+	ifdef USE_ABI32_INT64
+	    # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	    # 32-bit ABI, it uses 64-bit words, integer arithmetic,
+	    # no FPU (non-VIS cpus).
+	    # These flags were suggested by the compiler group for building
+	    # with SunStudio 10.
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -xO4
+	    endif
+ 	    SOL_CFLAGS += -xtarget=generic
+	    ARCHFLAG = -xarch=v8plus
+	    SOLARIS_AS_FLAGS = -xarch=v8plus -K PIC
+	endif
+	ifdef USE_ABI32_FPU
+	    # this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	    # 32-bit ABI, it uses FPU code, and 32-bit word size.
+	    # these flags were determined by running cc -### -fast and copying
+	    # the generated flag settings
+	    SOL_CFLAGS += -fsingle -xmemalign=8s
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1
+                SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all
+                SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend
+                SOL_CFLAGS += -xlibmil -xO5
+	    endif
+	    ARCHFLAG = -xarch=v8plusa
+	    SOLARIS_AS_FLAGS = -xarch=v8plusa -K PIC
+	endif
+	ifdef USE_ABI64_INT
+	    # this builds for Sparc v9a pure 64-bit architecture,
+	    # no FPU (non-VIS cpus). For building with SunStudio 10.
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -xO4
+	    endif
+ 	    SOL_CFLAGS += -xtarget=generic
+	    ARCHFLAG = -xarch=v9
+	    SOLARIS_AS_FLAGS = -xarch=v9 -K PIC
+	endif
+	ifdef USE_ABI64_FPU
+	    # this builds for Sparc v9a pure 64-bit architecture
+	    # It uses floating point, and 32-bit word size.
+	    # See comment for USE_ABI32_FPU.
+	    SOL_CFLAGS += -fsingle -xmemalign=8s
+	    ifdef BUILD_OPT
+                SOL_CFLAGS += -D__MATHERR_ERRNO_DONTCARE -fsimple=1
+                SOL_CFLAGS += -xalias_level=basic -xbuiltin=%all
+                SOL_CFLAGS += $(FPU_TARGET_OPTIMIZER) -xdepend
+                SOL_CFLAGS += -xlibmil -xO5
+	    endif
+	    ARCHFLAG = -xarch=v9a
+	    SOLARIS_AS_FLAGS = -xarch=v9a -K PIC
+	endif
+    endif # NS_USE_GCC
+
+    ### set flags for both GCC and Sun cc
+    ifdef USE_ABI32_INT64
+	# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	# 32-bit ABI, it uses 64-bit words, integer arithmetic, no FPU
+	# best times are with no MP_ flags specified
+    endif
+    ifdef USE_ABI32_FPU
+	# this builds for Sparc v8+a ABI32_FPU architecture, 64-bit registers, 
+	# 32-bit ABI, it uses FPU code, and 32-bit word size
+	MPI_SRCS += mpi_sparc.c
+	ASFILES  = mpv_sparcv8.s montmulfv8.s
+	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
+	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
+    endif
+    ifdef USE_ABI64_INT
+	# this builds for Sparc v9a pure 64-bit architecture
+	# best times are with no MP_ flags specified
+    endif
+    ifdef USE_ABI64_FPU
+	# this builds for Sparc v9a pure 64-bit architecture
+	# It uses floating point, and 32-bit word size
+	MPI_SRCS += mpi_sparc.c
+	ASFILES   = mpv_sparcv9.s montmulfv9.s
+	DEFINES  += -DMP_NO_MP_WORD -DMP_USE_UINT_DIGIT -DMP_ASSEMBLY_MULTIPLY
+	DEFINES  += -DMP_USING_MONT_MULF -DMP_MONT_USE_MP_MUL
+    endif
+
+else
+    # Solaris for non-sparc family CPUs
+    ifdef NS_USE_GCC
+	LD = gcc
+	AS = gcc
+	ASFLAGS = -x assembler-with-cpp
+    endif
+    ifeq ($(USE_64),1)
+	# Solaris for AMD64
+	ifdef NS_USE_GCC
+	    ASFILES  = arcfour-amd64-gas.s mpi_amd64_gas.s
+	    ASFLAGS += -march=opteron -m64 -fPIC
+	    MPI_SRCS += mp_comba.c
+	    # comment the next four lines to turn off Intel HW acceleration
+	    ASFILES += intel-gcm.s
+	    EXTRA_SRCS += intel-gcm-wrap.c
+	    INTEL_GCM = 1
+	    DEFINES += -DINTEL_GCM
+	else
+	    ASFILES  = arcfour-amd64-sun.s mpi_amd64_sun.s sha-fast-amd64-sun.s
+ 	    ASFILES += mp_comba_amd64_sun.s mpcpucache_amd64.s
+	    ASFLAGS += -xarch=generic64 -K PIC
+            SOL_CFLAGS += -xprefetch=no
+	    SHA_SRCS =
+ 	    MPCPU_SRCS =
+	    # Intel acceleration for GCM does not build currently with Studio
+	endif
+	DEFINES += -DNSS_BEVAND_ARCFOUR -DMPI_AMD64 -DMP_ASSEMBLY_MULTIPLY
+	DEFINES += -DNSS_USE_COMBA -DMP_IS_LITTLE_ENDIAN
+	# comment the next two lines to turn off Intel HW acceleration
+	DEFINES += -DUSE_HW_AES
+	ASFILES += intel-aes.s
+	MPI_SRCS += mpi_amd64.c
+    else
+	# Solaris x86
+	DEFINES += -DMP_USE_UINT_DIGIT
+	DEFINES += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE 
+	DEFINES += -DMP_ASSEMBLY_DIV_2DX1D
+	ASFILES  = mpi_i86pc.s
+ 	ifndef NS_USE_GCC
+ 	   MPCPU_SRCS =
+ 	   ASFILES += mpcpucache_x86.s
+ 	endif
+    endif
+endif # Solaris for non-sparc family CPUs
+endif # target == SunO
+
+# poly1305-donna-x64-sse2-incremental-source.c requires __int128 support
+# in GCC 4.6.0.
+ifdef USE_64
+    ifdef CC_IS_CLANG
+            HAVE_INT128_SUPPORT = 1
+            DEFINES += -DHAVE_INT128_SUPPORT
+    else ifeq (1,$(CC_IS_GCC))
+        ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+            HAVE_INT128_SUPPORT = 1
+            DEFINES += -DHAVE_INT128_SUPPORT
+        endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            HAVE_INT128_SUPPORT = 1
+            DEFINES += -DHAVE_INT128_SUPPORT
+        endif
+    endif
+endif
+
+ifndef NSS_DISABLE_CHACHAPOLY
+    ifeq ($(CPU_ARCH),x86_64)
+        ifdef HAVE_INT128_SUPPORT
+            EXTRA_SRCS += poly1305-donna-x64-sse2-incremental-source.c
+        else
+            EXTRA_SRCS += poly1305.c
+        endif
+
+        ifneq (1,$(CC_IS_GCC))
+            EXTRA_SRCS += chacha20.c
+        else
+            EXTRA_SRCS += chacha20_vec.c
+        endif
+    else
+        EXTRA_SRCS += poly1305.c
+        EXTRA_SRCS += chacha20.c
+    endif # x86_64
+endif # NSS_DISABLE_CHACHAPOLY
+
+ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
+    # All intel architectures get the 64 bit version
+    # With custom uint128 if necessary (faster than generic 32 bit version).
+    ECL_SRCS += curve25519_64.c
+else
+    # All non intel architectures get the generic 32 bit implementation (slow!)
+    ECL_SRCS += curve25519_32.c
+endif
+
+ifndef HAVE_INT128_SUPPORT
+    ECL_SRCS += uint128.c
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+rijndael_tables:
+	$(CC) -o $(OBJDIR)/make_rijndael_tab rijndael_tables.c \
+	         $(DEFINES) $(INCLUDES) $(OBJDIR)/libfreebl.a
+	$(OBJDIR)/make_rijndael_tab
+
+vpath %.h mpi ecl
+vpath %.c mpi ecl
+vpath %.S mpi ecl
+vpath %.s mpi ecl
+vpath %.asm mpi ecl
+INCLUDES += -Impi -Iecl
+
+
+DEFINES += -DMP_API_COMPATIBLE
+
+MPI_USERS = dh.c pqg.c dsa.c rsa.c ec.c
+
+MPI_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_SRCS:.c=$(OBJ_SUFFIX)))
+MPI_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(MPI_USERS:.c=$(OBJ_SUFFIX)))
+
+$(MPI_OBJS): $(MPI_HDRS)
+
+ECL_USERS = ec.c
+
+ECL_OBJS = $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_SRCS:.c=$(OBJ_SUFFIX)) $(ECL_ASM_SRCS:$(ASM_SUFFIX)=$(OBJ_SUFFIX)))
+ECL_OBJS += $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(ECL_USERS:.c=$(OBJ_SUFFIX)))
+
+$(ECL_OBJS): $(ECL_HDRS)
+
+
+
+$(OBJDIR)/sysrand$(OBJ_SUFFIX): sysrand.c unix_rand.c win_rand.c
+
+$(OBJDIR)/$(PROG_PREFIX)mpprime$(OBJ_SUFFIX): primes.c
+
+$(OBJDIR)/ldvector$(OBJ_SUFFIX) $(OBJDIR)/loader$(OBJ_SUFFIX) : loader.h
+
+ifeq ($(SYSV_SPARC),1)
+
+$(OBJDIR)/mpv_sparcv8.o $(OBJDIR)/mpv_sparcv8x.o $(OBJDIR)/montmulfv8.o : $(OBJDIR)/%.o : %.s
+	@$(MAKE_OBJDIR)
+	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
+
+$(OBJDIR)/mpv_sparcv9.o $(OBJDIR)/montmulfv9.o : $(OBJDIR)/%.o : %.s
+	@$(MAKE_OBJDIR)
+	$(SOLARIS_AS) -o $@ $(SOLARIS_AS_FLAGS) $<
+
+$(OBJDIR)/mpmontg.o: mpmontg.c montmulf.h
+
+endif
+
+ifndef FREEBL_CHILD_BUILD
+
+# Parent build. This is where we decide which shared libraries to build
+
+ifdef FREEBL_BUILD_SINGLE_SHLIB
+
+################### Single shared lib stuff #########################
+SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB
+ALL_TRASH += $(SINGLE_SHLIB_DIR) 
+
+$(SINGLE_SHLIB_DIR):
+	-mkdir -p $(SINGLE_SHLIB_DIR)
+
+release_md libs:: $(SINGLE_SHLIB_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 \
+ OBJDIR=$(SINGLE_SHLIB_DIR) $@
+######################## common stuff #########################
+
+endif
+
+ifdef NEED_STUB_BUILD
+SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB
+ALL_TRASH += $(SINGLE_SHLIB_DIR) 
+$(SINGLE_SHLIB_DIR):
+	-mkdir $(SINGLE_SHLIB_DIR)
+
+release_md libs:: $(SINGLE_SHLIB_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_STUB_BUILD=1 \
+ OBJDIR=$(SINGLE_SHLIB_DIR) $@
+endif
+
+# multiple shared libraries
+
+######################## ABI32_FPU stuff #########################
+ifdef HAVE_ABI32_FPU
+ABI32_FPU_DIR = $(OBJDIR)/$(OS_TARGET)_ABI32_FPU
+ALL_TRASH += $(ABI32_FPU_DIR) 
+
+$(ABI32_FPU_DIR):
+	-mkdir $(ABI32_FPU_DIR)
+
+release_md libs:: $(ABI32_FPU_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI32_FPU=1 \
+ OBJDIR=$(ABI32_FPU_DIR) $@
+endif
+
+######################## ABI32_INT32 stuff #########################
+ifdef HAVE_ABI32_INT32
+ABI32_INT32_DIR = $(OBJDIR)/$(OS_TARGET)_ABI32_INT32
+ALL_TRASH += $(ABI32_INT32_DIR) 
+
+$(ABI32_INT32_DIR):
+	-mkdir $(ABI32_INT32_DIR)
+
+release_md libs:: $(ABI32_INT32_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI32_INT32=1 \
+ OBJDIR=$(ABI32_INT32_DIR) $@
+endif
+
+######################## ABI32_INT64 stuff #########################
+ifdef HAVE_ABI32_INT64
+ABI32_INT64_DIR = $(OBJDIR)/$(OS_TARGET)_ABI32_INT64
+ALL_TRASH += $(ABI32_INT64_DIR) 
+
+$(ABI32_INT64_DIR):
+	-mkdir $(ABI32_INT64_DIR)
+
+release_md libs:: $(ABI32_INT64_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI32_INT64=1\
+ OBJDIR=$(ABI32_INT64_DIR) $@
+endif
+
+######################## END of 32-bit stuff #########################
+
+# above is 32-bit builds, below is 64-bit builds
+
+######################## ABI64_FPU stuff #########################
+ifdef HAVE_ABI64_FPU
+ABI64_FPU_DIR = $(OBJDIR)/$(OS_TARGET)_ABI64_FPU
+ALL_TRASH += $(ABI64_FPU_DIR) 
+
+$(ABI64_FPU_DIR):
+	-mkdir $(ABI64_FPU_DIR)
+
+release_md libs:: $(ABI64_FPU_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI64_FPU=1 \
+ OBJDIR=$(ABI64_FPU_DIR) $@
+endif
+
+######################## ABI64_INT stuff #########################
+ifdef HAVE_ABI64_INT
+ABI64_INT_DIR = $(OBJDIR)/$(OS_TARGET)_ABI64_INT
+ALL_TRASH += $(ABI64_INT_DIR) 
+
+$(ABI64_INT_DIR):
+	-mkdir $(ABI64_INT_DIR)
+
+release_md libs:: $(ABI64_INT_DIR)
+	$(MAKE) FREEBL_CHILD_BUILD=1 USE_ABI64_INT=1 \
+ OBJDIR=$(ABI64_INT_DIR) $@
+endif
+
+endif  # FREEBL_CHILD_BUILD
+
+
+# Bugzilla Bug 333917: the non-x86 code in desblapi.c seems to violate
+# ANSI C's strict aliasing rules.
+ifeq ($(OS_TARGET),Linux)
+ifneq ($(CPU_ARCH),x86)
+$(OBJDIR)/$(PROG_PREFIX)desblapi$(OBJ_SUFFIX): desblapi.c
+	@$(MAKE_OBJDIR)
+ifdef NEED_ABSOLUTE_PATH
+	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $(call core_abspath,$<)
+else
+	$(CC) -o $@ -c $(CFLAGS) -fno-strict-aliasing $<
+endif
+endif
+endif
+
+ifdef INTEL_GCM
+#
+# GCM binary needs -mssse3
+#
+$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
+
+# The integrated assembler in Clang 3.2 does not support % in the
+# expression of a .set directive. intel-gcm.s uses .set to give
+# symbolic names to registers, for example,
+#     .set  Htbl, %rdi
+# So we can't use Clang's integrated assembler with intel-gcm.s.
+ifdef CC_IS_CLANG
+$(OBJDIR)/$(PROG_PREFIX)intel-gcm$(OBJ_SUFFIX): CFLAGS += -no-integrated-as
+endif
+endif
+
+ifdef INTEL_GCM_CLANG_CL
+#
+# clang-cl needs -mssse3
+#
+$(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
+endif
diff --git a/nss/lib/freebl/aeskeywrap.c b/nss/lib/freebl/aeskeywrap.c
new file mode 100644
index 0000000..79ff8a8
--- /dev/null
+++ b/nss/lib/freebl/aeskeywrap.c
@@ -0,0 +1,389 @@
+/*
+ * aeskeywrap.c - implement AES Key Wrap algorithm from RFC 3394
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prcpucfg.h"
+#if defined(IS_LITTLE_ENDIAN) || defined(SHA_NO_LONG_LONG)
+#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 0
+#else
+#define BIG_ENDIAN_WITH_64_BIT_REGISTERS 1
+#endif
+#include "prtypes.h" /* for PRUintXX */
+#include "secport.h" /* for PORT_XXX */
+#include "secerr.h"
+#include "blapi.h" /* for AES_ functions */
+#include "rijndael.h"
+
+struct AESKeyWrapContextStr {
+    unsigned char iv[AES_KEY_WRAP_IV_BYTES];
+    AESContext aescx;
+};
+
+/******************************************/
+/*
+** AES key wrap algorithm, RFC 3394
+*/
+
+AESKeyWrapContext *
+AESKeyWrap_AllocateContext(void)
+{
+    AESKeyWrapContext *cx = PORT_New(AESKeyWrapContext);
+    return cx;
+}
+
+SECStatus
+AESKeyWrap_InitContext(AESKeyWrapContext *cx,
+                       const unsigned char *key,
+                       unsigned int keylen,
+                       const unsigned char *iv,
+                       int x1,
+                       unsigned int encrypt,
+                       unsigned int x2)
+{
+    SECStatus rv = SECFailure;
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (iv) {
+        memcpy(cx->iv, iv, sizeof cx->iv);
+    } else {
+        memset(cx->iv, 0xA6, sizeof cx->iv);
+    }
+    rv = AES_InitContext(&cx->aescx, key, keylen, NULL, NSS_AES, encrypt,
+                         AES_BLOCK_SIZE);
+    return rv;
+}
+
+/*
+** Create a new AES context suitable for AES encryption/decryption.
+**  "key" raw key data
+**  "keylen" the number of bytes of key data (16, 24, or 32)
+*/
+extern AESKeyWrapContext *
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
+                         int encrypt, unsigned int keylen)
+{
+    SECStatus rv;
+    AESKeyWrapContext *cx = AESKeyWrap_AllocateContext();
+    if (!cx)
+        return NULL; /* error is already set */
+    rv = AESKeyWrap_InitContext(cx, key, keylen, iv, 0, encrypt, 0);
+    if (rv != SECSuccess) {
+        PORT_Free(cx);
+        cx = NULL; /* error should already be set */
+    }
+    return cx;
+}
+
+/*
+** Destroy a AES KeyWrap context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void
+AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
+{
+    if (cx) {
+        AES_DestroyContext(&cx->aescx, PR_FALSE);
+        /*  memset(cx, 0, sizeof *cx); */
+        if (freeit)
+            PORT_Free(cx);
+    }
+}
+
+#if !BIG_ENDIAN_WITH_64_BIT_REGISTERS
+
+/* The AES Key Wrap algorithm has 64-bit values that are ALWAYS big-endian
+** (Most significant byte first) in memory.  The only ALU operations done
+** on them are increment, decrement, and XOR.  So, on little-endian CPUs,
+** and on CPUs that lack 64-bit registers, these big-endian 64-bit operations
+** are simulated in the following code.  This is thought to be faster and
+** simpler than trying to convert the data to little-endian and back.
+*/
+
+/* A and T point to two 64-bit values stored most signficant byte first
+** (big endian).  This function increments the 64-bit value T, and then
+** XORs it with A, changing A.
+*/
+static void
+increment_and_xor(unsigned char *A, unsigned char *T)
+{
+    if (!++T[7])
+        if (!++T[6])
+            if (!++T[5])
+                if (!++T[4])
+                    if (!++T[3])
+                        if (!++T[2])
+                            if (!++T[1])
+                                ++T[0];
+
+    A[0] ^= T[0];
+    A[1] ^= T[1];
+    A[2] ^= T[2];
+    A[3] ^= T[3];
+    A[4] ^= T[4];
+    A[5] ^= T[5];
+    A[6] ^= T[6];
+    A[7] ^= T[7];
+}
+
+/* A and T point to two 64-bit values stored most signficant byte first
+** (big endian).  This function XORs T with A, giving a new A, then
+** decrements the 64-bit value T.
+*/
+static void
+xor_and_decrement(PRUint64 *A, PRUint64 *T)
+{
+    unsigned char *TP = (unsigned char *)T;
+    const PRUint64 mask = 0xFF;
+    *A = ((*A & mask << 56) ^ (*T & mask << 56)) |
+         ((*A & mask << 48) ^ (*T & mask << 48)) |
+         ((*A & mask << 40) ^ (*T & mask << 40)) |
+         ((*A & mask << 32) ^ (*T & mask << 32)) |
+         ((*A & mask << 24) ^ (*T & mask << 23)) |
+         ((*A & mask << 16) ^ (*T & mask << 16)) |
+         ((*A & mask << 8) ^ (*T & mask << 8)) |
+         ((*A & mask) ^ (*T & mask));
+
+    if (!TP[7]--)
+        if (!TP[6]--)
+            if (!TP[5]--)
+                if (!TP[4]--)
+                    if (!TP[3]--)
+                        if (!TP[2]--)
+                            if (!TP[1]--)
+                                TP[0]--;
+}
+
+/* Given an unsigned long t (in host byte order), store this value as a
+** 64-bit big-endian value (MSB first) in *pt.
+*/
+static void
+set_t(unsigned char *pt, unsigned long t)
+{
+    pt[7] = (unsigned char)t;
+    t >>= 8;
+    pt[6] = (unsigned char)t;
+    t >>= 8;
+    pt[5] = (unsigned char)t;
+    t >>= 8;
+    pt[4] = (unsigned char)t;
+    t >>= 8;
+    pt[3] = (unsigned char)t;
+    t >>= 8;
+    pt[2] = (unsigned char)t;
+    t >>= 8;
+    pt[1] = (unsigned char)t;
+    t >>= 8;
+    pt[0] = (unsigned char)t;
+}
+
+#endif
+
+/*
+** Perform AES key wrap.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
+                   unsigned int *pOutputLen, unsigned int maxOutputLen,
+                   const unsigned char *input, unsigned int inputLen)
+{
+    PRUint64 *R = NULL;
+    unsigned int nBlocks;
+    unsigned int i, j;
+    unsigned int aesLen = AES_BLOCK_SIZE;
+    unsigned int outLen = inputLen + AES_KEY_WRAP_BLOCK_SIZE;
+    SECStatus s = SECFailure;
+    /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
+    PRUint64 t;
+    PRUint64 B[2];
+
+#define A B[0]
+
+    /* Check args */
+    if (!inputLen || 0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return s;
+    }
+#ifdef maybe
+    if (!output && pOutputLen) { /* caller is asking for output size */
+        *pOutputLen = outLen;
+        return SECSuccess;
+    }
+#endif
+    if (maxOutputLen < outLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return s;
+    }
+    if (cx == NULL || output == NULL || input == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return s;
+    }
+    nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
+    R = PORT_NewArray(PRUint64, nBlocks + 1);
+    if (!R)
+        return s; /* error is already set. */
+    /*
+    ** 1) Initialize variables.
+    */
+    memcpy(&A, cx->iv, AES_KEY_WRAP_IV_BYTES);
+    memcpy(&R[1], input, inputLen);
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+    t = 0;
+#else
+    memset(&t, 0, sizeof t);
+#endif
+    /*
+    ** 2) Calculate intermediate values.
+    */
+    for (j = 0; j < 6; ++j) {
+        for (i = 1; i <= nBlocks; ++i) {
+            B[1] = R[i];
+            s = AES_Encrypt(&cx->aescx, (unsigned char *)B, &aesLen,
+                            sizeof B, (unsigned char *)B, sizeof B);
+            if (s != SECSuccess)
+                break;
+            R[i] = B[1];
+/* here, increment t and XOR A with t (in big endian order); */
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+            A ^= ++t;
+#else
+            increment_and_xor((unsigned char *)&A, (unsigned char *)&t);
+#endif
+        }
+    }
+    /*
+    ** 3) Output the results.
+    */
+    if (s == SECSuccess) {
+        R[0] = A;
+        memcpy(output, &R[0], outLen);
+        if (pOutputLen)
+            *pOutputLen = outLen;
+    } else if (pOutputLen) {
+        *pOutputLen = 0;
+    }
+    PORT_ZFree(R, outLen);
+    return s;
+}
+#undef A
+
+/*
+** Perform AES key unwrap.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
+                   unsigned int *pOutputLen, unsigned int maxOutputLen,
+                   const unsigned char *input, unsigned int inputLen)
+{
+    PRUint64 *R = NULL;
+    unsigned int nBlocks;
+    unsigned int i, j;
+    unsigned int aesLen = AES_BLOCK_SIZE;
+    unsigned int outLen;
+    SECStatus s = SECFailure;
+    /* These PRUint64s are ALWAYS big endian, regardless of CPU orientation. */
+    PRUint64 t;
+    PRUint64 B[2];
+
+    /* Check args */
+    if (inputLen < 3 * AES_KEY_WRAP_BLOCK_SIZE ||
+        0 != inputLen % AES_KEY_WRAP_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return s;
+    }
+    outLen = inputLen - AES_KEY_WRAP_BLOCK_SIZE;
+#ifdef maybe
+    if (!output && pOutputLen) { /* caller is asking for output size */
+        *pOutputLen = outLen;
+        return SECSuccess;
+    }
+#endif
+    if (maxOutputLen < outLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return s;
+    }
+    if (cx == NULL || output == NULL || input == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return s;
+    }
+    nBlocks = inputLen / AES_KEY_WRAP_BLOCK_SIZE;
+    R = PORT_NewArray(PRUint64, nBlocks);
+    if (!R)
+        return s; /* error is already set. */
+    nBlocks--;
+    /*
+    ** 1) Initialize variables.
+    */
+    memcpy(&R[0], input, inputLen);
+    B[0] = R[0];
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+    t = 6UL * nBlocks;
+#else
+    set_t((unsigned char *)&t, 6UL * nBlocks);
+#endif
+    /*
+    ** 2) Calculate intermediate values.
+    */
+    for (j = 0; j < 6; ++j) {
+        for (i = nBlocks; i; --i) {
+/* here, XOR A with t (in big endian order) and decrement t; */
+#if BIG_ENDIAN_WITH_64_BIT_REGISTERS
+            B[0] ^= t--;
+#else
+            xor_and_decrement(&B[0], &t);
+#endif
+            B[1] = R[i];
+            s = AES_Decrypt(&cx->aescx, (unsigned char *)B, &aesLen,
+                            sizeof B, (unsigned char *)B, sizeof B);
+            if (s != SECSuccess)
+                break;
+            R[i] = B[1];
+        }
+    }
+    /*
+    ** 3) Output the results.
+    */
+    if (s == SECSuccess) {
+        int bad = memcmp(&B[0], cx->iv, AES_KEY_WRAP_IV_BYTES);
+        if (!bad) {
+            memcpy(output, &R[1], outLen);
+            if (pOutputLen)
+                *pOutputLen = outLen;
+        } else {
+            s = SECFailure;
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            if (pOutputLen)
+                *pOutputLen = 0;
+        }
+    } else if (pOutputLen) {
+        *pOutputLen = 0;
+    }
+    PORT_ZFree(R, inputLen);
+    return s;
+}
+#undef A
diff --git a/nss/lib/freebl/alg2268.c b/nss/lib/freebl/alg2268.c
new file mode 100644
index 0000000..54c6f4d
--- /dev/null
+++ b/nss/lib/freebl/alg2268.c
@@ -0,0 +1,509 @@
+/*
+ * alg2268.c - implementation of the algorithm in RFC 2268
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "blapii.h"
+#include "secerr.h"
+#ifdef XP_UNIX_XXX
+#include <stddef.h> /* for ptrdiff_t */
+#endif
+
+/*
+** RC2 symmetric block cypher
+*/
+
+typedef SECStatus(rc2Func)(RC2Context *cx, unsigned char *output,
+                           const unsigned char *input, unsigned int inputLen);
+
+/* forward declarations */
+static rc2Func rc2_EncryptECB;
+static rc2Func rc2_DecryptECB;
+static rc2Func rc2_EncryptCBC;
+static rc2Func rc2_DecryptCBC;
+
+typedef union {
+    PRUint32 l[2];
+    PRUint16 s[4];
+    PRUint8 b[8];
+} RC2Block;
+
+struct RC2ContextStr {
+    union {
+        PRUint8 Kb[128];
+        PRUint16 Kw[64];
+    } u;
+    RC2Block iv;
+    rc2Func *enc;
+    rc2Func *dec;
+};
+
+#define B u.Kb
+#define K u.Kw
+#define BYTESWAP(x) ((x) << 8 | (x) >> 8)
+#define SWAPK(i) cx->K[i] = (tmpS = cx->K[i], BYTESWAP(tmpS))
+#define RC2_BLOCK_SIZE 8
+
+#define LOAD_HARD(R)                           \
+    R[0] = (PRUint16)input[1] << 8 | input[0]; \
+    R[1] = (PRUint16)input[3] << 8 | input[2]; \
+    R[2] = (PRUint16)input[5] << 8 | input[4]; \
+    R[3] = (PRUint16)input[7] << 8 | input[6];
+#define LOAD_EASY(R)               \
+    R[0] = ((PRUint16 *)input)[0]; \
+    R[1] = ((PRUint16 *)input)[1]; \
+    R[2] = ((PRUint16 *)input)[2]; \
+    R[3] = ((PRUint16 *)input)[3];
+#define STORE_HARD(R)                 \
+    output[0] = (PRUint8)(R[0]);      \
+    output[1] = (PRUint8)(R[0] >> 8); \
+    output[2] = (PRUint8)(R[1]);      \
+    output[3] = (PRUint8)(R[1] >> 8); \
+    output[4] = (PRUint8)(R[2]);      \
+    output[5] = (PRUint8)(R[2] >> 8); \
+    output[6] = (PRUint8)(R[3]);      \
+    output[7] = (PRUint8)(R[3] >> 8);
+#define STORE_EASY(R)               \
+    ((PRUint16 *)output)[0] = R[0]; \
+    ((PRUint16 *)output)[1] = R[1]; \
+    ((PRUint16 *)output)[2] = R[2]; \
+    ((PRUint16 *)output)[3] = R[3];
+
+#if defined(NSS_X86_OR_X64)
+#define LOAD(R) LOAD_EASY(R)
+#define STORE(R) STORE_EASY(R)
+#elif !defined(IS_LITTLE_ENDIAN)
+#define LOAD(R) LOAD_HARD(R)
+#define STORE(R) STORE_HARD(R)
+#else
+#define LOAD(R)                 \
+    if ((ptrdiff_t)input & 1) { \
+        LOAD_HARD(R)            \
+    } else {                    \
+        LOAD_EASY(R)            \
+    }
+#define STORE(R)                \
+    if ((ptrdiff_t)input & 1) { \
+        STORE_HARD(R)           \
+    } else {                    \
+        STORE_EASY(R)           \
+    }
+#endif
+
+static const PRUint8 S[256] = {
+    0331, 0170, 0371, 0304, 0031, 0335, 0265, 0355, 0050, 0351, 0375, 0171, 0112, 0240, 0330, 0235,
+    0306, 0176, 0067, 0203, 0053, 0166, 0123, 0216, 0142, 0114, 0144, 0210, 0104, 0213, 0373, 0242,
+    0027, 0232, 0131, 0365, 0207, 0263, 0117, 0023, 0141, 0105, 0155, 0215, 0011, 0201, 0175, 0062,
+    0275, 0217, 0100, 0353, 0206, 0267, 0173, 0013, 0360, 0225, 0041, 0042, 0134, 0153, 0116, 0202,
+    0124, 0326, 0145, 0223, 0316, 0140, 0262, 0034, 0163, 0126, 0300, 0024, 0247, 0214, 0361, 0334,
+    0022, 0165, 0312, 0037, 0073, 0276, 0344, 0321, 0102, 0075, 0324, 0060, 0243, 0074, 0266, 0046,
+    0157, 0277, 0016, 0332, 0106, 0151, 0007, 0127, 0047, 0362, 0035, 0233, 0274, 0224, 0103, 0003,
+    0370, 0021, 0307, 0366, 0220, 0357, 0076, 0347, 0006, 0303, 0325, 0057, 0310, 0146, 0036, 0327,
+    0010, 0350, 0352, 0336, 0200, 0122, 0356, 0367, 0204, 0252, 0162, 0254, 0065, 0115, 0152, 0052,
+    0226, 0032, 0322, 0161, 0132, 0025, 0111, 0164, 0113, 0237, 0320, 0136, 0004, 0030, 0244, 0354,
+    0302, 0340, 0101, 0156, 0017, 0121, 0313, 0314, 0044, 0221, 0257, 0120, 0241, 0364, 0160, 0071,
+    0231, 0174, 0072, 0205, 0043, 0270, 0264, 0172, 0374, 0002, 0066, 0133, 0045, 0125, 0227, 0061,
+    0055, 0135, 0372, 0230, 0343, 0212, 0222, 0256, 0005, 0337, 0051, 0020, 0147, 0154, 0272, 0311,
+    0323, 0000, 0346, 0317, 0341, 0236, 0250, 0054, 0143, 0026, 0001, 0077, 0130, 0342, 0211, 0251,
+    0015, 0070, 0064, 0033, 0253, 0063, 0377, 0260, 0273, 0110, 0014, 0137, 0271, 0261, 0315, 0056,
+    0305, 0363, 0333, 0107, 0345, 0245, 0234, 0167, 0012, 0246, 0040, 0150, 0376, 0177, 0301, 0255
+};
+
+RC2Context *
+RC2_AllocateContext(void)
+{
+    return PORT_ZNew(RC2Context);
+}
+SECStatus
+RC2_InitContext(RC2Context *cx, const unsigned char *key, unsigned int len,
+                const unsigned char *input, int mode, unsigned int efLen8,
+                unsigned int unused)
+{
+    PRUint8 *L, *L2;
+    int i;
+#if !defined(IS_LITTLE_ENDIAN)
+    PRUint16 tmpS;
+#endif
+    PRUint8 tmpB;
+
+    if (!key || !cx || !len || len > (sizeof cx->B) ||
+        efLen8 > (sizeof cx->B)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (mode == NSS_RC2) {
+        /* groovy */
+    } else if (mode == NSS_RC2_CBC) {
+        if (!input) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (mode == NSS_RC2_CBC) {
+        cx->enc = &rc2_EncryptCBC;
+        cx->dec = &rc2_DecryptCBC;
+        LOAD(cx->iv.s);
+    } else {
+        cx->enc = &rc2_EncryptECB;
+        cx->dec = &rc2_DecryptECB;
+    }
+
+    /* Step 0. Copy key into table. */
+    memcpy(cx->B, key, len);
+
+    /* Step 1. Compute all values to the right of the key. */
+    L2 = cx->B;
+    L = L2 + len;
+    tmpB = L[-1];
+    for (i = (sizeof cx->B) - len; i > 0; --i) {
+        *L++ = tmpB = S[(PRUint8)(tmpB + *L2++)];
+    }
+
+    /* step 2. Adjust left most byte of effective key. */
+    i = (sizeof cx->B) - efLen8;
+    L = cx->B + i;
+    *L = tmpB = S[*L]; /* mask is always 0xff */
+
+    /* step 3. Recompute all values to the left of effective key. */
+    L2 = --L + efLen8;
+    while (L >= cx->B) {
+        *L-- = tmpB = S[tmpB ^ *L2--];
+    }
+
+#if !defined(IS_LITTLE_ENDIAN)
+    for (i = 63; i >= 0; --i) {
+        SWAPK(i); /* candidate for unrolling */
+    }
+#endif
+    return SECSuccess;
+}
+
+/*
+** Create a new RC2 context suitable for RC2 encryption/decryption.
+**  "key" raw key data
+**  "len" the number of bytes of key data
+**  "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
+**  "mode" one of NSS_RC2 or NSS_RC2_CBC
+**  "effectiveKeyLen" in bytes, not bits.
+**
+** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
+** chaining" mode.
+*/
+RC2Context *
+RC2_CreateContext(const unsigned char *key, unsigned int len,
+                  const unsigned char *iv, int mode, unsigned efLen8)
+{
+    RC2Context *cx = PORT_ZNew(RC2Context);
+    if (cx) {
+        SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0);
+        if (rv != SECSuccess) {
+            RC2_DestroyContext(cx, PR_TRUE);
+            cx = NULL;
+        }
+    }
+    return cx;
+}
+
+/*
+** Destroy an RC2 encryption/decryption context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+void
+RC2_DestroyContext(RC2Context *cx, PRBool freeit)
+{
+    if (cx) {
+        memset(cx, 0, sizeof *cx);
+        if (freeit) {
+            PORT_Free(cx);
+        }
+    }
+}
+
+#define ROL(x, k) (x << k | x >> (16 - k))
+#define MIX(j)                                           \
+    R0 = R0 + cx->K[4 * j + 0] + (R3 & R2) + (~R3 & R1); \
+    R0 = ROL(R0, 1);                                     \
+    R1 = R1 + cx->K[4 * j + 1] + (R0 & R3) + (~R0 & R2); \
+    R1 = ROL(R1, 2);                                     \
+    R2 = R2 + cx->K[4 * j + 2] + (R1 & R0) + (~R1 & R3); \
+    R2 = ROL(R2, 3);                                     \
+    R3 = R3 + cx->K[4 * j + 3] + (R2 & R1) + (~R2 & R0); \
+    R3 = ROL(R3, 5)
+#define MASH                  \
+    R0 = R0 + cx->K[R3 & 63]; \
+    R1 = R1 + cx->K[R0 & 63]; \
+    R2 = R2 + cx->K[R1 & 63]; \
+    R3 = R3 + cx->K[R2 & 63]
+
+/* Encrypt one block */
+static void
+rc2_Encrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
+{
+    register PRUint16 R0, R1, R2, R3;
+
+    /* step 1. Initialize input. */
+    R0 = input->s[0];
+    R1 = input->s[1];
+    R2 = input->s[2];
+    R3 = input->s[3];
+
+    /* step 2.  Expand Key (already done, in context) */
+    /* step 3.  j = 0 */
+    /* step 4.  Perform 5 mixing rounds. */
+
+    MIX(0);
+    MIX(1);
+    MIX(2);
+    MIX(3);
+    MIX(4);
+
+    /* step 5. Perform 1 mashing round. */
+    MASH;
+
+    /* step 6. Perform 6 mixing rounds. */
+
+    MIX(5);
+    MIX(6);
+    MIX(7);
+    MIX(8);
+    MIX(9);
+    MIX(10);
+
+    /* step 7. Perform 1 mashing round. */
+    MASH;
+
+    /* step 8. Perform 5 mixing rounds. */
+
+    MIX(11);
+    MIX(12);
+    MIX(13);
+    MIX(14);
+    MIX(15);
+
+    /* output results */
+    output->s[0] = R0;
+    output->s[1] = R1;
+    output->s[2] = R2;
+    output->s[3] = R3;
+}
+
+#define ROR(x, k) (x >> k | x << (16 - k))
+#define R_MIX(j)                                         \
+    R3 = ROR(R3, 5);                                     \
+    R3 = R3 - cx->K[4 * j + 3] - (R2 & R1) - (~R2 & R0); \
+    R2 = ROR(R2, 3);                                     \
+    R2 = R2 - cx->K[4 * j + 2] - (R1 & R0) - (~R1 & R3); \
+    R1 = ROR(R1, 2);                                     \
+    R1 = R1 - cx->K[4 * j + 1] - (R0 & R3) - (~R0 & R2); \
+    R0 = ROR(R0, 1);                                     \
+    R0 = R0 - cx->K[4 * j + 0] - (R3 & R2) - (~R3 & R1)
+#define R_MASH                \
+    R3 = R3 - cx->K[R2 & 63]; \
+    R2 = R2 - cx->K[R1 & 63]; \
+    R1 = R1 - cx->K[R0 & 63]; \
+    R0 = R0 - cx->K[R3 & 63]
+
+/* Encrypt one block */
+static void
+rc2_Decrypt1Block(RC2Context *cx, RC2Block *output, RC2Block *input)
+{
+    register PRUint16 R0, R1, R2, R3;
+
+    /* step 1. Initialize input. */
+    R0 = input->s[0];
+    R1 = input->s[1];
+    R2 = input->s[2];
+    R3 = input->s[3];
+
+    /* step 2.  Expand Key (already done, in context) */
+    /* step 3.  j = 63 */
+    /* step 4.  Perform 5 r_mixing rounds. */
+    R_MIX(15);
+    R_MIX(14);
+    R_MIX(13);
+    R_MIX(12);
+    R_MIX(11);
+
+    /* step 5.  Perform 1 r_mashing round. */
+    R_MASH;
+
+    /* step 6.  Perform 6 r_mixing rounds. */
+    R_MIX(10);
+    R_MIX(9);
+    R_MIX(8);
+    R_MIX(7);
+    R_MIX(6);
+    R_MIX(5);
+
+    /* step 7.  Perform 1 r_mashing round. */
+    R_MASH;
+
+    /* step 8.  Perform 5 r_mixing rounds. */
+    R_MIX(4);
+    R_MIX(3);
+    R_MIX(2);
+    R_MIX(1);
+    R_MIX(0);
+
+    /* output results */
+    output->s[0] = R0;
+    output->s[1] = R1;
+    output->s[2] = R2;
+    output->s[3] = R3;
+}
+
+static SECStatus NO_SANITIZE_ALIGNMENT
+rc2_EncryptECB(RC2Context *cx, unsigned char *output,
+               const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block iBlock;
+
+    while (inputLen > 0) {
+        LOAD(iBlock.s)
+        rc2_Encrypt1Block(cx, &iBlock, &iBlock);
+        STORE(iBlock.s)
+        output += RC2_BLOCK_SIZE;
+        input += RC2_BLOCK_SIZE;
+        inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+static SECStatus NO_SANITIZE_ALIGNMENT
+rc2_DecryptECB(RC2Context *cx, unsigned char *output,
+               const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block iBlock;
+
+    while (inputLen > 0) {
+        LOAD(iBlock.s)
+        rc2_Decrypt1Block(cx, &iBlock, &iBlock);
+        STORE(iBlock.s)
+        output += RC2_BLOCK_SIZE;
+        input += RC2_BLOCK_SIZE;
+        inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+static SECStatus NO_SANITIZE_ALIGNMENT
+rc2_EncryptCBC(RC2Context *cx, unsigned char *output,
+               const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block iBlock;
+
+    while (inputLen > 0) {
+
+        LOAD(iBlock.s)
+        iBlock.l[0] ^= cx->iv.l[0];
+        iBlock.l[1] ^= cx->iv.l[1];
+        rc2_Encrypt1Block(cx, &iBlock, &iBlock);
+        cx->iv = iBlock;
+        STORE(iBlock.s)
+        output += RC2_BLOCK_SIZE;
+        input += RC2_BLOCK_SIZE;
+        inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+static SECStatus NO_SANITIZE_ALIGNMENT
+rc2_DecryptCBC(RC2Context *cx, unsigned char *output,
+               const unsigned char *input, unsigned int inputLen)
+{
+    RC2Block iBlock;
+    RC2Block oBlock;
+
+    while (inputLen > 0) {
+        LOAD(iBlock.s)
+        rc2_Decrypt1Block(cx, &oBlock, &iBlock);
+        oBlock.l[0] ^= cx->iv.l[0];
+        oBlock.l[1] ^= cx->iv.l[1];
+        cx->iv = iBlock;
+        STORE(oBlock.s)
+        output += RC2_BLOCK_SIZE;
+        input += RC2_BLOCK_SIZE;
+        inputLen -= RC2_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+/*
+** Perform RC2 encryption.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+SECStatus
+RC2_Encrypt(RC2Context *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECSuccess;
+    if (inputLen) {
+        if (inputLen % RC2_BLOCK_SIZE) {
+            PORT_SetError(SEC_ERROR_INPUT_LEN);
+            return SECFailure;
+        }
+        if (maxOutputLen < inputLen) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            return SECFailure;
+        }
+        rv = (*cx->enc)(cx, output, input, inputLen);
+    }
+    if (rv == SECSuccess) {
+        *outputLen = inputLen;
+    }
+    return rv;
+}
+
+/*
+** Perform RC2 decryption.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+SECStatus
+RC2_Decrypt(RC2Context *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECSuccess;
+    if (inputLen) {
+        if (inputLen % RC2_BLOCK_SIZE) {
+            PORT_SetError(SEC_ERROR_INPUT_LEN);
+            return SECFailure;
+        }
+        if (maxOutputLen < inputLen) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            return SECFailure;
+        }
+        rv = (*cx->dec)(cx, output, input, inputLen);
+    }
+    if (rv == SECSuccess) {
+        *outputLen = inputLen;
+    }
+    return rv;
+}
diff --git a/nss/lib/freebl/alghmac.c b/nss/lib/freebl/alghmac.c
new file mode 100644
index 0000000..be276f3
--- /dev/null
+++ b/nss/lib/freebl/alghmac.c
@@ -0,0 +1,166 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "secport.h"
+#include "hasht.h"
+#include "blapit.h"
+#include "alghmac.h"
+#include "secerr.h"
+
+#define HMAC_PAD_SIZE HASH_BLOCK_LENGTH_MAX
+
+struct HMACContextStr {
+    void *hash;
+    const SECHashObject *hashobj;
+    PRBool wasAllocated;
+    unsigned char ipad[HMAC_PAD_SIZE];
+    unsigned char opad[HMAC_PAD_SIZE];
+};
+
+void
+HMAC_Destroy(HMACContext *cx, PRBool freeit)
+{
+    if (cx == NULL)
+        return;
+
+    PORT_Assert(!freeit == !cx->wasAllocated);
+    if (cx->hash != NULL) {
+        cx->hashobj->destroy(cx->hash, PR_TRUE);
+        PORT_Memset(cx, 0, sizeof *cx);
+    }
+    if (freeit)
+        PORT_Free(cx);
+}
+
+SECStatus
+HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
+          const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+{
+    unsigned int i;
+    unsigned char hashed_secret[HASH_LENGTH_MAX];
+
+    /* required by FIPS 198 Section 3 */
+    if (isFIPS && secret_len < hash_obj->length / 2) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (cx == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    cx->wasAllocated = PR_FALSE;
+    cx->hashobj = hash_obj;
+    if (cx->hash == NULL)
+		cx->hash = cx->hashobj->create();
+    if (cx->hash == NULL)
+        goto loser;
+
+    if (secret_len > cx->hashobj->blocklength) {
+        cx->hashobj->begin(cx->hash);
+        cx->hashobj->update(cx->hash, secret, secret_len);
+        PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
+        cx->hashobj->end(cx->hash, hashed_secret, &secret_len,
+                         sizeof hashed_secret);
+        if (secret_len != cx->hashobj->length) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            goto loser;
+        }
+        secret = (const unsigned char *)&hashed_secret[0];
+    }
+
+    PORT_Memset(cx->ipad, 0x36, cx->hashobj->blocklength);
+    PORT_Memset(cx->opad, 0x5c, cx->hashobj->blocklength);
+
+    /* fold secret into padding */
+    for (i = 0; i < secret_len; i++) {
+        cx->ipad[i] ^= secret[i];
+        cx->opad[i] ^= secret[i];
+    }
+    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
+    return SECSuccess;
+
+loser:
+    PORT_Memset(hashed_secret, 0, sizeof hashed_secret);
+    if (cx->hash != NULL)
+        cx->hashobj->destroy(cx->hash, PR_TRUE);
+    return SECFailure;
+}
+
+HMACContext *
+HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
+            unsigned int secret_len, PRBool isFIPS)
+{
+    SECStatus rv;
+    HMACContext *cx = PORT_ZNew(HMACContext);
+    if (cx == NULL)
+        return NULL;
+    rv = HMAC_Init(cx, hash_obj, secret, secret_len, isFIPS);
+    cx->wasAllocated = PR_TRUE;
+    if (rv != SECSuccess) {
+        PORT_Free(cx); /* contains no secret info */
+        cx = NULL;
+    }
+    return cx;
+}
+
+void
+HMAC_Begin(HMACContext *cx)
+{
+    /* start inner hash */
+    cx->hashobj->begin(cx->hash);
+    cx->hashobj->update(cx->hash, cx->ipad, cx->hashobj->blocklength);
+}
+
+void
+HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
+{
+    cx->hashobj->update(cx->hash, data, data_len);
+}
+
+SECStatus
+HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
+            unsigned int max_result_len)
+{
+    if (max_result_len < cx->hashobj->length) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
+    if (*result_len != cx->hashobj->length)
+        return SECFailure;
+
+    cx->hashobj->begin(cx->hash);
+    cx->hashobj->update(cx->hash, cx->opad, cx->hashobj->blocklength);
+    cx->hashobj->update(cx->hash, result, *result_len);
+    cx->hashobj->end(cx->hash, result, result_len, max_result_len);
+    return SECSuccess;
+}
+
+HMACContext *
+HMAC_Clone(HMACContext *cx)
+{
+    HMACContext *newcx;
+
+    newcx = (HMACContext *)PORT_ZAlloc(sizeof(HMACContext));
+    if (newcx == NULL)
+        goto loser;
+
+    newcx->wasAllocated = PR_TRUE;
+    newcx->hashobj = cx->hashobj;
+    newcx->hash = cx->hashobj->clone(cx->hash);
+    if (newcx->hash == NULL)
+        goto loser;
+    PORT_Memcpy(newcx->ipad, cx->ipad, cx->hashobj->blocklength);
+    PORT_Memcpy(newcx->opad, cx->opad, cx->hashobj->blocklength);
+    return newcx;
+
+loser:
+    HMAC_Destroy(newcx, PR_TRUE);
+    return NULL;
+}
diff --git a/nss/lib/freebl/alghmac.h b/nss/lib/freebl/alghmac.h
new file mode 100644
index 0000000..462526a
--- /dev/null
+++ b/nss/lib/freebl/alghmac.h
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _ALGHMAC_H_
+#define _ALGHMAC_H_
+
+typedef struct HMACContextStr HMACContext;
+
+SEC_BEGIN_PROTOS
+
+/* destroy HMAC context */
+extern void
+HMAC_Destroy(HMACContext *cx, PRBool freeit);
+
+/* create HMAC context
+ *  hash_obj    hash object from SECRawHashObjects[]
+ *  secret      the secret with which the HMAC is performed.
+ *  secret_len  the length of the secret.
+ *  isFIPS      true if conforming to FIPS 198.
+ *
+ * NULL is returned if an error occurs.
+ */
+extern HMACContext *
+HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret,
+            unsigned int secret_len, PRBool isFIPS);
+
+/* like HMAC_Create, except caller allocates HMACContext. */
+SECStatus
+HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj,
+          const unsigned char *secret, unsigned int secret_len, PRBool isFIPS);
+
+/* reset HMAC for a fresh round */
+extern void
+HMAC_Begin(HMACContext *cx);
+
+/* update HMAC
+ *  cx          HMAC Context
+ *  data        the data to perform HMAC on
+ *  data_len    the length of the data to process
+ */
+extern void
+HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len);
+
+/* Finish HMAC -- place the results within result
+ *  cx          HMAC context
+ *  result      buffer for resulting hmac'd data
+ *  result_len  where the resultant hmac length is stored
+ *  max_result_len  maximum possible length that can be stored in result
+ */
+extern SECStatus
+HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
+            unsigned int max_result_len);
+
+/* clone a copy of the HMAC state.  this is usefult when you would
+ * need to keep a running hmac but also need to extract portions
+ * partway through the process.
+ */
+extern HMACContext *
+HMAC_Clone(HMACContext *cx);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/freebl/arcfive.c b/nss/lib/freebl/arcfive.c
new file mode 100644
index 0000000..dda7771
--- /dev/null
+++ b/nss/lib/freebl/arcfive.c
@@ -0,0 +1,87 @@
+/*
+ * arcfive.c - stubs for RC5 - NOT a working implementation!
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "prerror.h"
+
+/******************************************/
+/*
+** RC5 symmetric block cypher -- 64-bit block size
+*/
+
+/*
+** Create a new RC5 context suitable for RC5 encryption/decryption.
+**      "key" raw key data
+**      "len" the number of bytes of key data
+**      "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
+**      "mode" one of NSS_RC5 or NSS_RC5_CBC
+**
+** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
+** chaining" mode.
+*/
+RC5Context *
+RC5_CreateContext(const SECItem *key, unsigned int rounds,
+                  unsigned int wordSize, const unsigned char *iv, int mode)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+}
+
+/*
+** Destroy an RC5 encryption/decryption context.
+**      "cx" the context
+**      "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+void
+RC5_DestroyContext(RC5Context *cx, PRBool freeit)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+}
+
+/*
+** Perform RC5 encryption.
+**      "cx" the context
+**      "output" the output buffer to store the encrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+SECStatus
+RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+/*
+** Perform RC5 decryption.
+**      "cx" the context
+**      "output" the output buffer to store the decrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+SECStatus
+RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
diff --git a/nss/lib/freebl/arcfour-amd64-gas.s b/nss/lib/freebl/arcfour-amd64-gas.s
new file mode 100644
index 0000000..7c4f535
--- /dev/null
+++ b/nss/lib/freebl/arcfour-amd64-gas.s
@@ -0,0 +1,88 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# ** ARCFOUR implementation optimized for AMD64.
+# **
+# ** The throughput achieved by this code is about 320 MBytes/sec, on
+# ** a 1.8 GHz AMD Opteron (rev C0) processor.
+
+.text
+.align 16
+.globl ARCFOUR
+.type ARCFOUR,@function
+ARCFOUR:
+	pushq	%rbp
+	pushq	%rbx
+	movq	%rdi,		%rbp	# key = ARG(key)
+	movq	%rsi,		%rbx	# rbx = ARG(len)
+	movq	%rdx,		%rsi	# in = ARG(in)
+	movq	%rcx,		%rdi	# out = ARG(out)
+	movq	(%rbp),		%rcx	# x = key->x
+	movq	8(%rbp),	%rdx	# y = key->y
+	addq	$16,		%rbp	# d = key->data
+	incq	%rcx			# x++
+	andq	$255,		%rcx	# x &= 0xff
+	leaq	-8(%rbx,%rsi),	%rbx	# rbx = in+len-8
+	movq	%rbx,		%r9	# tmp = in+len-8
+	movq	0(%rbp,%rcx,8),	%rax	# tx = d[x]
+	cmpq	%rsi,		%rbx	# cmp in with in+len-8
+	jl	.Lend			# jump if (in+len-8 < in)
+
+.Lstart:
+	addq	$8,		%rsi		# increment in
+	addq	$8,		%rdi		# increment out
+
+	# generate the next 8 bytes of the rc4 stream into %r8
+	movq	$8,		%r11		# byte counter
+1:	addb	%al,		%dl		# y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		# ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	# d[x] = ty
+	addb	%al,		%bl		# val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	# d[y] = tx
+	incb	%cl				# x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		# tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		# val = d[val]
+	decb	%r11b
+	rorq	$8,		%r8		# (ror does not change ZF)
+	jnz 	1b
+
+	# xor 8 bytes
+	xorq	-8(%rsi),	%r8
+	cmpq	%r9,		%rsi		# cmp in+len-8 with in
+	movq	%r8,		-8(%rdi)
+	jle	.Lstart				# jump if (in <= in+len-8)
+
+.Lend:
+	addq	$8,		%r9		# tmp = in+len
+
+	# handle the last bytes, one by one
+1:	cmpq	%rsi,		%r9		# cmp in with in+len
+	jle	.Lfinished			# jump if (in+len <= in)
+	addb	%al,		%dl		# y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		# ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	# d[x] = ty
+	addb	%al,		%bl		# val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	# d[y] = tx
+	incb	%cl				# x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		# tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		# val = d[val]
+	xorb	(%rsi),		%r8b		# xor 1 byte
+	movb	%r8b,		(%rdi)
+	incq	%rsi				# in++
+	incq	%rdi				# out++
+	jmp 1b
+
+.Lfinished:
+	decq	%rcx				# x--
+	movb	%dl,		-8(%rbp)	# key->y = y
+	movb	%cl,		-16(%rbp)	# key->x = x
+	popq	%rbx
+	popq	%rbp
+	ret
+.L_ARCFOUR_end:
+.size ARCFOUR,.L_ARCFOUR_end-ARCFOUR
+
+# Magic indicating no need for an executable stack
+.section .note.GNU-stack,"",@progbits
+.previous
diff --git a/nss/lib/freebl/arcfour-amd64-masm.asm b/nss/lib/freebl/arcfour-amd64-masm.asm
new file mode 100644
index 0000000..1601c4f
--- /dev/null
+++ b/nss/lib/freebl/arcfour-amd64-masm.asm
@@ -0,0 +1,107 @@
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+; ** ARCFOUR implementation optimized for AMD64.
+; **
+; ** The throughput achieved by this code is about 320 MBytes/sec, on
+; ** a 1.8 GHz AMD Opteron (rev C0) processor.
+
+.CODE
+
+; extern void ARCFOUR(RC4Context *cx, unsigned long long inputLen, 
+;                     const unsigned char *input, unsigned char *output);
+
+
+ARCFOUR PROC
+
+        push    rbp
+        push    rbx
+        push    rsi
+        push    rdi
+
+        mov     rbp, rcx                        ; key = ARG(key)
+        mov     rbx, rdx                        ; rbx = ARG(len)
+        mov     rsi, r8                         ; in = ARG(in)
+        mov     rdi, r9                         ; out = ARG(out)
+        mov     rcx, [rbp]                      ; x = key->x
+        mov     rdx, [rbp+8]                    ; y = key->y
+        add     rbp, 16                         ; d = key->data
+        inc     rcx                             ; x++
+        and     rcx, 0ffh                       ; x &= 0xff
+        lea     rbx, [rbx+rsi-8]                ; rbx = in+len-8
+        mov     r9, rbx                         ; tmp = in+len-8
+        mov     rax, [rbp+rcx*8]                ; tx = d[x]
+        cmp     rbx, rsi                        ; cmp in with in+len-8
+        jl      Lend                            ; jump if (in+len-8 < in)
+
+Lstart:
+        add     rsi, 8                          ; increment in
+        add     rdi, 8                          ; increment out
+
+        ;
+        ; generate the next 8 bytes of the rc4 stream into r8
+        ;
+
+        mov     r11, 8                          ; byte counter
+
+@@:
+        add     dl, al                          ; y += tx
+        mov     ebx, [rbp+rdx*8]                ; ty = d[y]
+        mov     [rbp+rcx*8], ebx                ; d[x] = ty
+        add     bl, al                          ; val = ty + tx
+        mov     [rbp+rdx*8], eax                ; d[y] = tx
+        inc     cl                              ; x++ (NEXT ROUND)
+        mov     eax, [rbp+rcx*8]                ; tx = d[x] (NEXT ROUND)
+        mov     r8b, [rbp+rbx*8]                ; val = d[val]
+        dec     r11b
+        ror     r8, 8                           ; (ror does not change ZF)
+        jnz     @b
+
+        ;
+        ; xor 8 bytes
+        ;
+
+        xor     r8, [rsi-8]
+        cmp     rsi, r9                         ; cmp in+len-8 with in
+        mov     [rdi-8], r8
+        jle     Lstart
+
+Lend:
+        add     r9, 8                           ; tmp = in+len
+
+        ;
+        ; handle the last bytes, one by one
+        ;
+
+@@:
+        cmp     r9, rsi                         ; cmp in with in+len
+        jle     Lfinished                       ; jump if (in+len <= in)
+        add     dl, al                          ; y += tx
+        mov     ebx, [rbp+rdx*8]                ; ty = d[y]
+        mov     [rbp+rcx*8], ebx                ; d[x] = ty
+        add     bl, al                          ; val = ty + tx
+        mov     [rbp+rdx*8], eax                ; d[y] = tx
+        inc     cl                              ; x++ (NEXT ROUND)
+        mov     eax, [rbp+rcx*8]                ; tx = d[x] (NEXT ROUND)
+        mov     r8b, [rbp+rbx*8]                ; val = d[val]
+        xor     r8b, [rsi]                      ; xor 1 byte
+        mov     [rdi], r8b
+        inc     rsi                             ; in++
+        inc     rdi
+        jmp     @b
+
+Lfinished:
+        dec     rcx                             ; x--
+        mov     [rbp-8], dl                     ; key->y = y
+        mov     [rbp-16], cl                    ; key->x = x
+
+        pop     rdi
+        pop     rsi
+        pop     rbx
+        pop     rbp
+        ret
+
+ARCFOUR ENDP
+
+END
diff --git a/nss/lib/freebl/arcfour-amd64-sun.s b/nss/lib/freebl/arcfour-amd64-sun.s
new file mode 100644
index 0000000..8b649f9
--- /dev/null
+++ b/nss/lib/freebl/arcfour-amd64-sun.s
@@ -0,0 +1,84 @@
+/ This Source Code Form is subject to the terms of the Mozilla Public
+/ License, v. 2.0. If a copy of the MPL was not distributed with this
+/ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+/ ** ARCFOUR implementation optimized for AMD64.
+/ **
+/ ** The throughput achieved by this code is about 320 MBytes/sec, on
+/ ** a 1.8 GHz AMD Opteron (rev C0) processor.
+
+.text
+.align 16
+.globl ARCFOUR
+.type ARCFOUR,@function
+ARCFOUR:
+	pushq	%rbp
+	pushq	%rbx
+	movq	%rdi,		%rbp	/ key = ARG(key)
+	movq	%rsi,		%rbx	/ rbx = ARG(len)
+	movq	%rdx,		%rsi	/ in = ARG(in)
+	movq	%rcx,		%rdi	/ out = ARG(out)
+	movq	(%rbp),		%rcx	/ x = key->x
+	movq	8(%rbp),	%rdx	/ y = key->y
+	addq	$16,		%rbp	/ d = key->data
+	incq	%rcx			/ x++
+	andq	$255,		%rcx	/ x &= 0xff
+	leaq	-8(%rbx,%rsi),	%rbx	/ rbx = in+len-8
+	movq	%rbx,		%r9	/ tmp = in+len-8
+	movq	0(%rbp,%rcx,8),	%rax	/ tx = d[x]
+	cmpq	%rsi,		%rbx	/ cmp in with in+len-8
+	jl	.Lend			/ jump if (in+len-8 < in)
+
+.Lstart:
+	addq	$8,		%rsi		/ increment in
+	addq	$8,		%rdi		/ increment out
+
+	/ generate the next 8 bytes of the rc4 stream into %r8
+	movq	$8,		%r11		/ byte counter
+1:	addb	%al,		%dl		/ y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		/ ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	/ d[x] = ty
+	addb	%al,		%bl		/ val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	/ d[y] = tx
+	incb	%cl				/ x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		/ tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		/ val = d[val]
+	decb	%r11b
+	rorq	$8,		%r8		/ (ror does not change ZF)
+	jnz 	1b
+
+	/ xor 8 bytes
+	xorq	-8(%rsi),	%r8
+	cmpq	%r9,		%rsi		/ cmp in+len-8 with in
+	movq	%r8,		-8(%rdi)
+	jle	.Lstart				/ jump if (in <= in+len-8)
+
+.Lend:
+	addq	$8,		%r9		/ tmp = in+len
+
+	/ handle the last bytes, one by one
+1:	cmpq	%rsi,		%r9		/ cmp in with in+len
+	jle	.Lfinished			/ jump if (in+len <= in)
+	addb	%al,		%dl		/ y += tx
+	movl	0(%rbp,%rdx,8),	%ebx		/ ty = d[y]
+	movl	%ebx,		0(%rbp,%rcx,8)	/ d[x] = ty
+	addb	%al,		%bl		/ val = ty + tx
+	movl	%eax,		0(%rbp,%rdx,8)	/ d[y] = tx
+	incb	%cl				/ x++		(NEXT ROUND)
+	movl	0(%rbp,%rcx,8),	%eax		/ tx = d[x]	(NEXT ROUND)
+	movb	0(%rbp,%rbx,8),	%r8b		/ val = d[val]
+	xorb	(%rsi),		%r8b		/ xor 1 byte
+	movb	%r8b,		(%rdi)
+	incq	%rsi				/ in++
+	incq	%rdi				/ out++
+	jmp 1b
+
+.Lfinished:
+	decq	%rcx				/ x--
+	movb	%dl,		-8(%rbp)	/ key->y = y
+	movb	%cl,		-16(%rbp)	/ key->x = x
+	popq	%rbx
+	popq	%rbp
+	ret
+.L_ARCFOUR_end:
+.size ARCFOUR,.L_ARCFOUR_end-ARCFOUR
diff --git a/nss/lib/freebl/arcfour.c b/nss/lib/freebl/arcfour.c
new file mode 100644
index 0000000..e37b458
--- /dev/null
+++ b/nss/lib/freebl/arcfour.c
@@ -0,0 +1,594 @@
+/* arcfour.c - the arc four algorithm.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+
+/* Architecture-dependent defines */
+
+#if defined(SOLARIS) || defined(HPUX) || defined(NSS_X86) || \
+    defined(_WIN64)
+/* Convert the byte-stream to a word-stream */
+#define CONVERT_TO_WORDS
+#endif
+
+#if defined(AIX) || defined(OSF1) || defined(NSS_BEVAND_ARCFOUR)
+/* Treat array variables as words, not bytes, on CPUs that take
+ * much longer to write bytes than to write words, or when using
+ * assembler code that required it.
+ */
+#define USE_WORD
+#endif
+
+#if defined(IS_64) || defined(NSS_BEVAND_ARCFOUR)
+typedef PRUint64 WORD;
+#else
+typedef PRUint32 WORD;
+#endif
+#define WORDSIZE sizeof(WORD)
+
+#if defined(USE_WORD)
+typedef WORD Stype;
+#else
+typedef PRUint8 Stype;
+#endif
+
+#define ARCFOUR_STATE_SIZE 256
+
+#define MASK1BYTE (WORD)(0xff)
+
+#define SWAP(a, b) \
+    tmp = a;       \
+    a = b;         \
+    b = tmp;
+
+/*
+ * State information for stream cipher.
+ */
+struct RC4ContextStr {
+#if defined(NSS_ARCFOUR_IJ_B4_S) || defined(NSS_BEVAND_ARCFOUR)
+    Stype i;
+    Stype j;
+    Stype S[ARCFOUR_STATE_SIZE];
+#else
+    Stype S[ARCFOUR_STATE_SIZE];
+    Stype i;
+    Stype j;
+#endif
+};
+
+/*
+ * array indices [0..255] to initialize cx->S array (faster than loop).
+ */
+static const Stype Kinit[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+RC4Context *
+RC4_AllocateContext(void)
+{
+    return PORT_ZNew(RC4Context);
+}
+
+SECStatus
+RC4_InitContext(RC4Context *cx, const unsigned char *key, unsigned int len,
+                const unsigned char *unused1, int unused2,
+                unsigned int unused3, unsigned int unused4)
+{
+    unsigned int i;
+    PRUint8 j, tmp;
+    PRUint8 K[256];
+    PRUint8 *L;
+
+    /* verify the key length. */
+    PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
+    if (len == 0 || len >= ARCFOUR_STATE_SIZE) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+    if (cx == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* Initialize the state using array indices. */
+    memcpy(cx->S, Kinit, sizeof cx->S);
+    /* Fill in K repeatedly with values from key. */
+    L = K;
+    for (i = sizeof K; i > len; i -= len) {
+        memcpy(L, key, len);
+        L += len;
+    }
+    memcpy(L, key, i);
+    /* Stir the state of the generator.  At this point it is assumed
+     * that the key is the size of the state buffer.  If this is not
+     * the case, the key bytes are repeated to fill the buffer.
+     */
+    j = 0;
+#define ARCFOUR_STATE_STIR(ii) \
+    j = j + cx->S[ii] + K[ii]; \
+    SWAP(cx->S[ii], cx->S[j]);
+    for (i = 0; i < ARCFOUR_STATE_SIZE; i++) {
+        ARCFOUR_STATE_STIR(i);
+    }
+    cx->i = 0;
+    cx->j = 0;
+    return SECSuccess;
+}
+
+/*
+ * Initialize a new generator.
+ */
+RC4Context *
+RC4_CreateContext(const unsigned char *key, int len)
+{
+    RC4Context *cx = RC4_AllocateContext();
+    if (cx) {
+        SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
+        if (rv != SECSuccess) {
+            PORT_ZFree(cx, sizeof(*cx));
+            cx = NULL;
+        }
+    }
+    return cx;
+}
+
+void
+RC4_DestroyContext(RC4Context *cx, PRBool freeit)
+{
+    if (freeit)
+        PORT_ZFree(cx, sizeof(*cx));
+}
+
+#if defined(NSS_BEVAND_ARCFOUR)
+extern void ARCFOUR(RC4Context *cx, WORD inputLen,
+                    const unsigned char *input, unsigned char *output);
+#else
+/*
+ * Generate the next byte in the stream.
+ */
+#define ARCFOUR_NEXT_BYTE() \
+    tmpSi = cx->S[++tmpi];  \
+    tmpj += tmpSi;          \
+    tmpSj = cx->S[tmpj];    \
+    cx->S[tmpi] = tmpSj;    \
+    cx->S[tmpj] = tmpSi;    \
+    t = tmpSi + tmpSj;
+
+#ifdef CONVERT_TO_WORDS
+/*
+ * Straight ARCFOUR op.  No optimization.
+ */
+static SECStatus
+rc4_no_opt(RC4Context *cx, unsigned char *output,
+           unsigned int *outputLen, unsigned int maxOutputLen,
+           const unsigned char *input, unsigned int inputLen)
+{
+    PRUint8 t;
+    Stype tmpSi, tmpSj;
+    register PRUint8 tmpi = cx->i;
+    register PRUint8 tmpj = cx->j;
+    unsigned int index;
+    PORT_Assert(maxOutputLen >= inputLen);
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    for (index = 0; index < inputLen; index++) {
+        /* Generate next byte from stream. */
+        ARCFOUR_NEXT_BYTE();
+        /* output = next stream byte XOR next input byte */
+        output[index] = cx->S[t] ^ input[index];
+    }
+    *outputLen = inputLen;
+    cx->i = tmpi;
+    cx->j = tmpj;
+    return SECSuccess;
+}
+
+#else
+/* !CONVERT_TO_WORDS */
+
+/*
+ * Byte-at-a-time ARCFOUR, unrolling the loop into 8 pieces.
+ */
+static SECStatus
+rc4_unrolled(RC4Context *cx, unsigned char *output,
+             unsigned int *outputLen, unsigned int maxOutputLen,
+             const unsigned char *input, unsigned int inputLen)
+{
+    PRUint8 t;
+    Stype tmpSi, tmpSj;
+    register PRUint8 tmpi = cx->i;
+    register PRUint8 tmpj = cx->j;
+    int index;
+    PORT_Assert(maxOutputLen >= inputLen);
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    for (index = inputLen / 8; index-- > 0; input += 8, output += 8) {
+        ARCFOUR_NEXT_BYTE();
+        output[0] = cx->S[t] ^ input[0];
+        ARCFOUR_NEXT_BYTE();
+        output[1] = cx->S[t] ^ input[1];
+        ARCFOUR_NEXT_BYTE();
+        output[2] = cx->S[t] ^ input[2];
+        ARCFOUR_NEXT_BYTE();
+        output[3] = cx->S[t] ^ input[3];
+        ARCFOUR_NEXT_BYTE();
+        output[4] = cx->S[t] ^ input[4];
+        ARCFOUR_NEXT_BYTE();
+        output[5] = cx->S[t] ^ input[5];
+        ARCFOUR_NEXT_BYTE();
+        output[6] = cx->S[t] ^ input[6];
+        ARCFOUR_NEXT_BYTE();
+        output[7] = cx->S[t] ^ input[7];
+    }
+    index = inputLen % 8;
+    if (index) {
+        input += index;
+        output += index;
+        switch (index) {
+            case 7:
+                ARCFOUR_NEXT_BYTE();
+                output[-7] = cx->S[t] ^ input[-7]; /* FALLTHRU */
+            case 6:
+                ARCFOUR_NEXT_BYTE();
+                output[-6] = cx->S[t] ^ input[-6]; /* FALLTHRU */
+            case 5:
+                ARCFOUR_NEXT_BYTE();
+                output[-5] = cx->S[t] ^ input[-5]; /* FALLTHRU */
+            case 4:
+                ARCFOUR_NEXT_BYTE();
+                output[-4] = cx->S[t] ^ input[-4]; /* FALLTHRU */
+            case 3:
+                ARCFOUR_NEXT_BYTE();
+                output[-3] = cx->S[t] ^ input[-3]; /* FALLTHRU */
+            case 2:
+                ARCFOUR_NEXT_BYTE();
+                output[-2] = cx->S[t] ^ input[-2]; /* FALLTHRU */
+            case 1:
+                ARCFOUR_NEXT_BYTE();
+                output[-1] = cx->S[t] ^ input[-1]; /* FALLTHRU */
+            default:
+                /* FALLTHRU */
+                ; /* hp-ux build breaks without this */
+        }
+    }
+    cx->i = tmpi;
+    cx->j = tmpj;
+    *outputLen = inputLen;
+    return SECSuccess;
+}
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+#define ARCFOUR_NEXT4BYTES_L(n)               \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n);      \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n + 8);  \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n + 16); \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n + 24);
+#else
+#define ARCFOUR_NEXT4BYTES_B(n)               \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n + 24); \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n + 16); \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n + 8);  \
+    ARCFOUR_NEXT_BYTE();                      \
+    streamWord |= (WORD)cx->S[t] << (n);
+#endif
+
+#if (defined(IS_64) && !defined(__sparc)) || defined(NSS_USE_64)
+/* 64-bit wordsize */
+#ifdef IS_LITTLE_ENDIAN
+#define ARCFOUR_NEXT_WORD()       \
+    {                             \
+        streamWord = 0;           \
+        ARCFOUR_NEXT4BYTES_L(0);  \
+        ARCFOUR_NEXT4BYTES_L(32); \
+    }
+#else
+#define ARCFOUR_NEXT_WORD()       \
+    {                             \
+        streamWord = 0;           \
+        ARCFOUR_NEXT4BYTES_B(32); \
+        ARCFOUR_NEXT4BYTES_B(0);  \
+    }
+#endif
+#else
+/* 32-bit wordsize */
+#ifdef IS_LITTLE_ENDIAN
+#define ARCFOUR_NEXT_WORD()      \
+    {                            \
+        streamWord = 0;          \
+        ARCFOUR_NEXT4BYTES_L(0); \
+    }
+#else
+#define ARCFOUR_NEXT_WORD()      \
+    {                            \
+        streamWord = 0;          \
+        ARCFOUR_NEXT4BYTES_B(0); \
+    }
+#endif
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+#define RSH <<
+#define LSH >>
+#else
+#define RSH >>
+#define LSH <<
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+#define LEFTMOST_BYTE_SHIFT 0
+#define NEXT_BYTE_SHIFT(shift) shift + 8
+#else
+#define LEFTMOST_BYTE_SHIFT 8 * (WORDSIZE - 1)
+#define NEXT_BYTE_SHIFT(shift) shift - 8
+#endif
+
+#ifdef CONVERT_TO_WORDS
+static SECStatus
+rc4_wordconv(RC4Context *cx, unsigned char *output,
+             unsigned int *outputLen, unsigned int maxOutputLen,
+             const unsigned char *input, unsigned int inputLen)
+{
+    PR_STATIC_ASSERT(sizeof(PRUword) == sizeof(ptrdiff_t));
+    unsigned int inOffset = (PRUword)input % WORDSIZE;
+    unsigned int outOffset = (PRUword)output % WORDSIZE;
+    register WORD streamWord;
+    register const WORD *pInWord;
+    register WORD *pOutWord;
+    register WORD inWord, nextInWord;
+    PRUint8 t;
+    register Stype tmpSi, tmpSj;
+    register PRUint8 tmpi = cx->i;
+    register PRUint8 tmpj = cx->j;
+    unsigned int bufShift, invBufShift;
+    unsigned int i;
+    const unsigned char *finalIn;
+    unsigned char *finalOut;
+
+    PORT_Assert(maxOutputLen >= inputLen);
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    if (inputLen < 2 * WORDSIZE) {
+        /* Ignore word conversion, do byte-at-a-time */
+        return rc4_no_opt(cx, output, outputLen, maxOutputLen, input, inputLen);
+    }
+    *outputLen = inputLen;
+    pInWord = (const WORD *)(input - inOffset);
+    pOutWord = (WORD *)(output - outOffset);
+    if (inOffset <= outOffset) {
+        bufShift = 8 * (outOffset - inOffset);
+        invBufShift = 8 * WORDSIZE - bufShift;
+    } else {
+        invBufShift = 8 * (inOffset - outOffset);
+        bufShift = 8 * WORDSIZE - invBufShift;
+    }
+    /*****************************************************************/
+    /* Step 1:                                                       */
+    /* If the first output word is partial, consume the bytes in the */
+    /* first partial output word by loading one or two words of      */
+    /* input and shifting them accordingly.  Otherwise, just load    */
+    /* in the first word of input.  At the end of this block, at     */
+    /* least one partial word of input should ALWAYS be loaded.      */
+    /*****************************************************************/
+    if (outOffset) {
+        unsigned int byteCount = WORDSIZE - outOffset;
+        for (i = 0; i < byteCount; i++) {
+            ARCFOUR_NEXT_BYTE();
+            output[i] = cx->S[t] ^ input[i];
+        }
+        /* Consumed byteCount bytes of input */
+        inputLen -= byteCount;
+        pInWord++;
+
+        /* move to next word of output */
+        pOutWord++;
+
+        /* If buffers are relatively misaligned, shift the bytes in inWord
+         * to be aligned to the output buffer.
+         */
+        if (inOffset < outOffset) {
+            /* The first input word (which may be partial) has more bytes
+             * than needed.  Copy the remainder to inWord.
+             */
+            unsigned int shift = LEFTMOST_BYTE_SHIFT;
+            inWord = 0;
+            for (i = 0; i < outOffset - inOffset; i++) {
+                inWord |= (WORD)input[byteCount + i] << shift;
+                shift = NEXT_BYTE_SHIFT(shift);
+            }
+        } else if (inOffset > outOffset) {
+            /* Consumed some bytes in the second input word.  Copy the
+             * remainder to inWord.
+             */
+            inWord = *pInWord++;
+            inWord = inWord LSH invBufShift;
+        } else {
+            inWord = 0;
+        }
+    } else {
+        /* output is word-aligned */
+        if (inOffset) {
+            /* Input is not word-aligned.  The first word load of input
+             * will not produce a full word of input bytes, so one word
+             * must be pre-loaded.  The main loop below will load in the
+             * next input word and shift some of its bytes into inWord
+             * in order to create a full input word.  Note that the main
+             * loop must execute at least once because the input must
+             * be at least two words.
+             */
+            unsigned int shift = LEFTMOST_BYTE_SHIFT;
+            inWord = 0;
+            for (i = 0; i < WORDSIZE - inOffset; i++) {
+                inWord |= (WORD)input[i] << shift;
+                shift = NEXT_BYTE_SHIFT(shift);
+            }
+            pInWord++;
+        } else {
+            /* Input is word-aligned.  The first word load of input
+             * will produce a full word of input bytes, so nothing
+             * needs to be loaded here.
+             */
+            inWord = 0;
+        }
+    }
+    /*****************************************************************/
+    /* Step 2: main loop                                             */
+    /* At this point the output buffer is word-aligned.  Any unused  */
+    /* bytes from above will be in inWord (shifted correctly).  If   */
+    /* the input buffer is unaligned relative to the output buffer,  */
+    /* shifting has to be done.                                      */
+    /*****************************************************************/
+    if (bufShift) {
+        /* preloadedByteCount is the number of input bytes pre-loaded
+         * in inWord.
+         */
+        unsigned int preloadedByteCount = bufShift / 8;
+        for (; inputLen >= preloadedByteCount + WORDSIZE;
+             inputLen -= WORDSIZE) {
+            nextInWord = *pInWord++;
+            inWord |= nextInWord RSH bufShift;
+            nextInWord = nextInWord LSH invBufShift;
+            ARCFOUR_NEXT_WORD();
+            *pOutWord++ = inWord ^ streamWord;
+            inWord = nextInWord;
+        }
+        if (inputLen == 0) {
+            /* Nothing left to do. */
+            cx->i = tmpi;
+            cx->j = tmpj;
+            return SECSuccess;
+        }
+        finalIn = (const unsigned char *)pInWord - preloadedByteCount;
+    } else {
+        for (; inputLen >= WORDSIZE; inputLen -= WORDSIZE) {
+            inWord = *pInWord++;
+            ARCFOUR_NEXT_WORD();
+            *pOutWord++ = inWord ^ streamWord;
+        }
+        if (inputLen == 0) {
+            /* Nothing left to do. */
+            cx->i = tmpi;
+            cx->j = tmpj;
+            return SECSuccess;
+        }
+        finalIn = (const unsigned char *)pInWord;
+    }
+    /*****************************************************************/
+    /* Step 3:                                                       */
+    /* Do the remaining partial word of input one byte at a time.    */
+    /*****************************************************************/
+    finalOut = (unsigned char *)pOutWord;
+    for (i = 0; i < inputLen; i++) {
+        ARCFOUR_NEXT_BYTE();
+        finalOut[i] = cx->S[t] ^ finalIn[i];
+    }
+    cx->i = tmpi;
+    cx->j = tmpj;
+    return SECSuccess;
+}
+#endif
+#endif /* NSS_BEVAND_ARCFOUR */
+
+SECStatus
+RC4_Encrypt(RC4Context *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    PORT_Assert(maxOutputLen >= inputLen);
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+#if defined(NSS_BEVAND_ARCFOUR)
+    ARCFOUR(cx, inputLen, input, output);
+    *outputLen = inputLen;
+    return SECSuccess;
+#elif defined(CONVERT_TO_WORDS)
+    /* Convert the byte-stream to a word-stream */
+    return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
+#else
+    /* Operate on bytes, but unroll the main loop */
+    return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
+#endif
+}
+
+SECStatus
+RC4_Decrypt(RC4Context *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    PORT_Assert(maxOutputLen >= inputLen);
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+/* decrypt and encrypt are same operation. */
+#if defined(NSS_BEVAND_ARCFOUR)
+    ARCFOUR(cx, inputLen, input, output);
+    *outputLen = inputLen;
+    return SECSuccess;
+#elif defined(CONVERT_TO_WORDS)
+    /* Convert the byte-stream to a word-stream */
+    return rc4_wordconv(cx, output, outputLen, maxOutputLen, input, inputLen);
+#else
+    /* Operate on bytes, but unroll the main loop */
+    return rc4_unrolled(cx, output, outputLen, maxOutputLen, input, inputLen);
+#endif
+}
+
+#undef CONVERT_TO_WORDS
+#undef USE_WORD
diff --git a/nss/lib/freebl/blapi.h b/nss/lib/freebl/blapi.h
new file mode 100644
index 0000000..e5a6cf3
--- /dev/null
+++ b/nss/lib/freebl/blapi.h
@@ -0,0 +1,1625 @@
+/*
+ * blapi.h - public prototypes for the freebl library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _BLAPI_H_
+#define _BLAPI_H_
+
+#include "blapit.h"
+#include "hasht.h"
+#include "alghmac.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+** RSA encryption/decryption. When encrypting/decrypting the output
+** buffer must be at least the size of the public key modulus.
+*/
+
+extern SECStatus BL_Init(void);
+
+/*
+** Generate and return a new RSA public and private key.
+**  Both keys are encoded in a single RSAPrivateKey structure.
+**  "cx" is the random number generator context
+**  "keySizeInBits" is the size of the key to be generated, in bits.
+**     512, 1024, etc.
+**  "publicExponent" when not NULL is a pointer to some data that
+**     represents the public exponent to use. The data is a byte
+**     encoded integer, in "big endian" order.
+*/
+extern RSAPrivateKey *RSA_NewKey(int keySizeInBits,
+                                 SECItem *publicExponent);
+
+/*
+** Perform a raw public-key operation
+**  Length of input and output buffers are equal to key's modulus len.
+*/
+extern SECStatus RSA_PublicKeyOp(RSAPublicKey *key,
+                                 unsigned char *output,
+                                 const unsigned char *input);
+
+/*
+** Perform a raw private-key operation
+**  Length of input and output buffers are equal to key's modulus len.
+*/
+extern SECStatus RSA_PrivateKeyOp(RSAPrivateKey *key,
+                                  unsigned char *output,
+                                  const unsigned char *input);
+
+/*
+** Perform a raw private-key operation, and check the parameters used in
+** the operation for validity by performing a test operation first.
+**  Length of input and output buffers are equal to key's modulus len.
+*/
+extern SECStatus RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+                                               unsigned char *output,
+                                               const unsigned char *input);
+
+/*
+** Perform a check of private key parameters for consistency.
+*/
+extern SECStatus RSA_PrivateKeyCheck(const RSAPrivateKey *key);
+
+/*
+** Given only minimal private key parameters, fill in the rest of the
+** parameters.
+**
+**
+** All the entries, including those supplied by the caller, will be
+** overwritten with data alocated out of the arena.
+**
+** If no arena is supplied, one will be created.
+**
+** The following fields must be supplied in order for this function
+** to succeed:
+**   one of either publicExponent or privateExponent
+**   two more of the following 5 parameters (not counting the above).
+**      modulus (n)
+**      prime1  (p)
+**      prime2  (q)
+**      publicExponent (e)
+**      privateExponent (d)
+**
+** NOTE: if only the publicExponent, privateExponent, and one prime is given,
+** then there may be more than one RSA key that matches that combination. If
+** we find 2 possible valid keys that meet this criteria, we return an error.
+** If we return the wrong key, and the original modulus is compared to the
+** new modulus, both can be factored by calculateing gcd(n_old,n_new) to get
+** the common prime.
+**
+** NOTE: in some cases the publicExponent must be less than 2^23 for this
+** function to work correctly. (The case where we have only one of: modulus
+** prime1 and prime2).
+**
+** All parameters will be replaced in the key structure with new parameters
+** allocated out of the arena. There is no attempt to free the old structures.
+** prime1 will always be greater than prime2 (even if the caller supplies the
+** smaller prime as prime1 or the larger prime as prime2). The parameters are
+** not overwritten on failure.
+**
+** While the remaining Chinese remainder theorem parameters (dp,dp, and qinv)
+** can also be used in reconstructing the private key, they are currently
+** ignored in this implementation.
+*/
+extern SECStatus RSA_PopulatePrivateKey(RSAPrivateKey *key);
+
+/********************************************************************
+** RSA algorithm
+*/
+
+/********************************************************************
+** Raw signing/encryption/decryption operations.
+**
+** No padding or formatting will be applied.
+** inputLen MUST be equivalent to the modulus size (in bytes).
+*/
+extern SECStatus
+RSA_SignRaw(RSAPrivateKey *key,
+            unsigned char *output,
+            unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *input,
+            unsigned int inputLen);
+
+extern SECStatus
+RSA_CheckSignRaw(RSAPublicKey *key,
+                 const unsigned char *sig,
+                 unsigned int sigLen,
+                 const unsigned char *hash,
+                 unsigned int hashLen);
+
+extern SECStatus
+RSA_CheckSignRecoverRaw(RSAPublicKey *key,
+                        unsigned char *data,
+                        unsigned int *dataLen,
+                        unsigned int maxDataLen,
+                        const unsigned char *sig,
+                        unsigned int sigLen);
+
+extern SECStatus
+RSA_EncryptRaw(RSAPublicKey *key,
+               unsigned char *output,
+               unsigned int *outputLen,
+               unsigned int maxOutputLen,
+               const unsigned char *input,
+               unsigned int inputLen);
+
+extern SECStatus
+RSA_DecryptRaw(RSAPrivateKey *key,
+               unsigned char *output,
+               unsigned int *outputLen,
+               unsigned int maxOutputLen,
+               const unsigned char *input,
+               unsigned int inputLen);
+
+/********************************************************************
+** RSAES-OAEP encryption/decryption, as defined in RFC 3447, Section 7.1.
+**
+** Note: Only MGF1 is supported as the mask generation function. It will be
+** used with maskHashAlg as the inner hash function.
+**
+** Unless performing Known Answer Tests, "seed" should be NULL, indicating that
+** freebl should generate a random value. Otherwise, it should be an octet
+** string of seedLen bytes, which should be the same size as the output of
+** hashAlg.
+*/
+extern SECStatus
+RSA_EncryptOAEP(RSAPublicKey *key,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen,
+                const unsigned char *seed,
+                unsigned int seedLen,
+                unsigned char *output,
+                unsigned int *outputLen,
+                unsigned int maxOutputLen,
+                const unsigned char *input,
+                unsigned int inputLen);
+
+extern SECStatus
+RSA_DecryptOAEP(RSAPrivateKey *key,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen,
+                unsigned char *output,
+                unsigned int *outputLen,
+                unsigned int maxOutputLen,
+                const unsigned char *input,
+                unsigned int inputLen);
+
+/********************************************************************
+** RSAES-PKCS1-v1_5 encryption/decryption, as defined in RFC 3447, Section 7.2.
+*/
+extern SECStatus
+RSA_EncryptBlock(RSAPublicKey *key,
+                 unsigned char *output,
+                 unsigned int *outputLen,
+                 unsigned int maxOutputLen,
+                 const unsigned char *input,
+                 unsigned int inputLen);
+
+extern SECStatus
+RSA_DecryptBlock(RSAPrivateKey *key,
+                 unsigned char *output,
+                 unsigned int *outputLen,
+                 unsigned int maxOutputLen,
+                 const unsigned char *input,
+                 unsigned int inputLen);
+
+/********************************************************************
+** RSASSA-PSS signing/verifying, as defined in RFC 3447, Section 8.1.
+**
+** Note: Only MGF1 is supported as the mask generation function. It will be
+** used with maskHashAlg as the inner hash function.
+**
+** Unless performing Known Answer Tests, "salt" should be NULL, indicating that
+** freebl should generate a random value.
+*/
+extern SECStatus
+RSA_SignPSS(RSAPrivateKey *key,
+            HASH_HashType hashAlg,
+            HASH_HashType maskHashAlg,
+            const unsigned char *salt,
+            unsigned int saltLen,
+            unsigned char *output,
+            unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *input,
+            unsigned int inputLen);
+
+extern SECStatus
+RSA_CheckSignPSS(RSAPublicKey *key,
+                 HASH_HashType hashAlg,
+                 HASH_HashType maskHashAlg,
+                 unsigned int saltLen,
+                 const unsigned char *sig,
+                 unsigned int sigLen,
+                 const unsigned char *hash,
+                 unsigned int hashLen);
+
+/********************************************************************
+** RSASSA-PKCS1-v1_5 signing/verifying, as defined in RFC 3447, Section 8.2.
+**
+** These functions expect as input to be the raw value to be signed. For most
+** cases using PKCS1-v1_5, this should be the value of T, the DER-encoded
+** DigestInfo structure defined in Section 9.2, Step 2.
+** Note: This can also be used for signatures that use PKCS1-v1_5 padding, such
+** as the signatures used in SSL/TLS, which sign a raw hash.
+*/
+extern SECStatus
+RSA_Sign(RSAPrivateKey *key,
+         unsigned char *output,
+         unsigned int *outputLen,
+         unsigned int maxOutputLen,
+         const unsigned char *data,
+         unsigned int dataLen);
+
+extern SECStatus
+RSA_CheckSign(RSAPublicKey *key,
+              const unsigned char *sig,
+              unsigned int sigLen,
+              const unsigned char *data,
+              unsigned int dataLen);
+
+extern SECStatus
+RSA_CheckSignRecover(RSAPublicKey *key,
+                     unsigned char *output,
+                     unsigned int *outputLen,
+                     unsigned int maxOutputLen,
+                     const unsigned char *sig,
+                     unsigned int sigLen);
+
+/********************************************************************
+** DSA signing algorithm
+*/
+
+/* Generate a new random value within the interval [2, q-1].
+*/
+extern SECStatus DSA_NewRandom(PLArenaPool *arena, const SECItem *q,
+                               SECItem *random);
+
+/*
+** Generate and return a new DSA public and private key pair,
+**  both of which are encoded into a single DSAPrivateKey struct.
+**  "params" is a pointer to the PQG parameters for the domain
+**  Uses a random seed.
+*/
+extern SECStatus DSA_NewKey(const PQGParams *params,
+                            DSAPrivateKey **privKey);
+
+/* signature is caller-supplied buffer of at least 20 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+** On output, signature->len == size of signature in buffer.
+** Uses a random seed.
+*/
+extern SECStatus DSA_SignDigest(DSAPrivateKey *key,
+                                SECItem *signature,
+                                const SECItem *digest);
+
+/* signature is caller-supplied buffer of at least 20 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+*/
+extern SECStatus DSA_VerifyDigest(DSAPublicKey *key,
+                                  const SECItem *signature,
+                                  const SECItem *digest);
+
+/* For FIPS compliance testing. Seed must be exactly 20 bytes long */
+extern SECStatus DSA_NewKeyFromSeed(const PQGParams *params,
+                                    const unsigned char *seed,
+                                    DSAPrivateKey **privKey);
+
+/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
+extern SECStatus DSA_SignDigestWithSeed(DSAPrivateKey *key,
+                                        SECItem *signature,
+                                        const SECItem *digest,
+                                        const unsigned char *seed);
+
+/******************************************************
+** Diffie Helman key exchange algorithm
+*/
+
+/* Generates parameters for Diffie-Helman key generation.
+**  primeLen is the length in bytes of prime P to be generated.
+*/
+extern SECStatus DH_GenParam(int primeLen, DHParams **params);
+
+/* Generates a public and private key, both of which are encoded in a single
+**  DHPrivateKey struct. Params is input, privKey are output.
+**  This is Phase 1 of Diffie Hellman.
+*/
+extern SECStatus DH_NewKey(DHParams *params,
+                           DHPrivateKey **privKey);
+
+/*
+** DH_Derive does the Diffie-Hellman phase 2 calculation, using the
+** other party's publicValue, and the prime and our privateValue.
+** maxOutBytes is the requested length of the generated secret in bytes.
+** A zero value means produce a value of any length up to the size of
+** the prime.   If successful, derivedSecret->data is set
+** to the address of the newly allocated buffer containing the derived
+** secret, and derivedSecret->len is the size of the secret produced.
+** The size of the secret produced will depend on the value of outBytes.
+** If outBytes is 0, the key length will be all the significant bytes of
+** the derived secret (leading zeros are dropped). This length could be less
+** than the length of the prime. If outBytes is nonzero, the length of the
+** produced key will be outBytes long. If the key is truncated, the most
+** significant bytes are truncated. If it is expanded, zero bytes are added
+** at the beginning.
+** It is the caller's responsibility to free the allocated buffer
+** containing the derived secret.
+*/
+extern SECStatus DH_Derive(SECItem *publicValue,
+                           SECItem *prime,
+                           SECItem *privateValue,
+                           SECItem *derivedSecret,
+                           unsigned int outBytes);
+
+/*
+** KEA_CalcKey returns octet string with the private key for a dual
+** Diffie-Helman  key generation as specified for government key exchange.
+*/
+extern SECStatus KEA_Derive(SECItem *prime,
+                            SECItem *public1,
+                            SECItem *public2,
+                            SECItem *private1,
+                            SECItem *private2,
+                            SECItem *derivedSecret);
+
+/*
+ * verify that a KEA or DSA public key is a valid key for this prime and
+ * subprime domain.
+ */
+extern PRBool KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime);
+
+/****************************************
+ * J-PAKE key transport
+ */
+
+/* Given gx == g^x, create a Schnorr zero-knowledge proof for the value x
+ * using the specified hash algorithm and signer ID. The signature is
+ * returned in the values gv and r. testRandom must be NULL for a PRNG
+ * generated random committment to be used in the sigature. When testRandom
+ * is non-NULL, that value must contain a value in the subgroup q; that
+ * value will be used instead of a PRNG-generated committment in order to
+ * facilitate known-answer tests.
+ *
+ * If gxIn is non-NULL then it must contain a pre-computed value of g^x that
+ * will be used by the function; in this case, the gxOut parameter must be NULL.
+ * If the gxIn parameter is NULL then gxOut must be non-NULL; in this case
+ * gxOut will contain the value g^x on output.
+ *
+ * gx (if not supplied by the caller), gv, and r will be allocated in the arena.
+ * The arena is *not* optional so do not pass NULL for the arena parameter.
+ * The arena should be zeroed when it is freed.
+ */
+SECStatus
+JPAKE_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+           const SECItem *signerID, const SECItem *x,
+           const SECItem *testRandom, const SECItem *gxIn, SECItem *gxOut,
+           SECItem *gv, SECItem *r);
+
+/* Given gx == g^x, verify the Schnorr zero-knowledge proof (gv, r) for the
+ * value x using the specified hash algorithm and signer ID.
+ *
+ * The arena is *not* optional so do not pass NULL for the arena parameter.
+ */
+SECStatus
+JPAKE_Verify(PLArenaPool *arena, const PQGParams *pqg,
+             HASH_HashType hashType, const SECItem *signerID,
+             const SECItem *peerID, const SECItem *gx,
+             const SECItem *gv, const SECItem *r);
+
+/* Call before round 2 with x2, s, and x2s all non-NULL. This will calculate
+ * base = g^(x1+x3+x4) (mod p) and x2s = x2*s (mod q). The values to send in
+ * round 2 (A and the proof of knowledge of x2s) can then be calculated with
+ * JPAKE_Sign using pqg->base = base and x = x2s.
+ *
+ * Call after round 2 with x2, s, and x2s all NULL, and passing (gx1, gx2, gx3)
+ * instead of (gx1, gx3, gx4). This will calculate base = g^(x1+x2+x3). Then call
+ * JPAKE_Verify with pqg->base = base and then JPAKE_Final.
+ *
+ * base and x2s will be allocated in the arena. The arena is *not* optional so
+ * do not pass NULL for the arena parameter. The arena should be zeroed when it
+ * is freed.
+*/
+SECStatus
+JPAKE_Round2(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+             const SECItem *gx1, const SECItem *gx3, const SECItem *gx4,
+             SECItem *base, const SECItem *x2, const SECItem *s, SECItem *x2s);
+
+/* K = (B/g^(x2*x4*s))^x2 (mod p)
+ *
+ * K will be allocated in the arena. The arena is *not* optional so do not pass
+ * NULL for the arena parameter. The arena should be zeroed when it is freed.
+ */
+SECStatus
+JPAKE_Final(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+            const SECItem *x2, const SECItem *gx4, const SECItem *x2s,
+            const SECItem *B, SECItem *K);
+
+/******************************************************
+** Elliptic Curve algorithms
+*/
+
+/* Generates a public and private key, both of which are encoded
+** in a single ECPrivateKey struct. Params is input, privKey are
+** output.
+*/
+extern SECStatus EC_NewKey(ECParams *params,
+                           ECPrivateKey **privKey);
+
+extern SECStatus EC_NewKeyFromSeed(ECParams *params,
+                                   ECPrivateKey **privKey,
+                                   const unsigned char *seed,
+                                   int seedlen);
+
+/* Validates an EC public key as described in Section 5.2.2 of
+ * X9.62. Such validation prevents against small subgroup attacks
+ * when the ECDH primitive is used with the cofactor.
+ */
+extern SECStatus EC_ValidatePublicKey(ECParams *params,
+                                      SECItem *publicValue);
+
+/*
+** ECDH_Derive performs a scalar point multiplication of a point
+** representing a (peer's) public key and a large integer representing
+** a private key (its own). Both keys must use the same elliptic curve
+** parameters. If the withCofactor parameter is true, the
+** multiplication also uses the cofactor associated with the curve
+** parameters.  The output of this scheme is the x-coordinate of the
+** resulting point. If successful, derivedSecret->data is set to the
+** address of the newly allocated buffer containing the derived
+** secret, and derivedSecret->len is the size of the secret
+** produced. It is the caller's responsibility to free the allocated
+** buffer containing the derived secret.
+*/
+extern SECStatus ECDH_Derive(SECItem *publicValue,
+                             ECParams *params,
+                             SECItem *privateValue,
+                             PRBool withCofactor,
+                             SECItem *derivedSecret);
+
+/* On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+** On output, signature->len == size of signature in buffer.
+** Uses a random seed.
+*/
+extern SECStatus ECDSA_SignDigest(ECPrivateKey *key,
+                                  SECItem *signature,
+                                  const SECItem *digest);
+
+/* On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+*/
+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *key,
+                                    const SECItem *signature,
+                                    const SECItem *digest);
+
+/* Uses the provided seed. */
+extern SECStatus ECDSA_SignDigestWithSeed(ECPrivateKey *key,
+                                          SECItem *signature,
+                                          const SECItem *digest,
+                                          const unsigned char *seed,
+                                          const int seedlen);
+
+/******************************************/
+/*
+** RC4 symmetric stream cypher
+*/
+
+/*
+** Create a new RC4 context suitable for RC4 encryption/decryption.
+**  "key" raw key data
+**  "len" the number of bytes of key data
+*/
+extern RC4Context *RC4_CreateContext(const unsigned char *key, int len);
+
+extern RC4Context *RC4_AllocateContext(void);
+extern SECStatus RC4_InitContext(RC4Context *cx,
+                                 const unsigned char *key,
+                                 unsigned int keylen,
+                                 const unsigned char *,
+                                 int,
+                                 unsigned int,
+                                 unsigned int);
+
+/*
+** Destroy an RC4 encryption/decryption context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void RC4_DestroyContext(RC4Context *cx, PRBool freeit);
+
+/*
+** Perform RC4 encryption.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus RC4_Encrypt(RC4Context *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform RC4 decryption.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus RC4_Decrypt(RC4Context *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** RC2 symmetric block cypher
+*/
+
+/*
+** Create a new RC2 context suitable for RC2 encryption/decryption.
+**  "key" raw key data
+**  "len" the number of bytes of key data
+**  "iv" is the CBC initialization vector (if mode is NSS_RC2_CBC)
+**  "mode" one of NSS_RC2 or NSS_RC2_CBC
+**  "effectiveKeyLen" is the effective key length (as specified in
+**      RFC 2268) in bytes (not bits).
+**
+** When mode is set to NSS_RC2_CBC the RC2 cipher is run in "cipher block
+** chaining" mode.
+*/
+extern RC2Context *RC2_CreateContext(const unsigned char *key, unsigned int len,
+                                     const unsigned char *iv, int mode,
+                                     unsigned effectiveKeyLen);
+extern RC2Context *RC2_AllocateContext(void);
+extern SECStatus RC2_InitContext(RC2Context *cx,
+                                 const unsigned char *key,
+                                 unsigned int keylen,
+                                 const unsigned char *iv,
+                                 int mode,
+                                 unsigned int effectiveKeyLen,
+                                 unsigned int);
+
+/*
+** Destroy an RC2 encryption/decryption context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void RC2_DestroyContext(RC2Context *cx, PRBool freeit);
+
+/*
+** Perform RC2 encryption.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus RC2_Encrypt(RC2Context *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform RC2 decryption.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus RC2_Decrypt(RC2Context *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** RC5 symmetric block cypher -- 64-bit block size
+*/
+
+/*
+** Create a new RC5 context suitable for RC5 encryption/decryption.
+**      "key" raw key data
+**      "len" the number of bytes of key data
+**      "iv" is the CBC initialization vector (if mode is NSS_RC5_CBC)
+**      "mode" one of NSS_RC5 or NSS_RC5_CBC
+**
+** When mode is set to NSS_RC5_CBC the RC5 cipher is run in "cipher block
+** chaining" mode.
+*/
+extern RC5Context *RC5_CreateContext(const SECItem *key, unsigned int rounds,
+                                     unsigned int wordSize, const unsigned char *iv, int mode);
+extern RC5Context *RC5_AllocateContext(void);
+extern SECStatus RC5_InitContext(RC5Context *cx,
+                                 const unsigned char *key,
+                                 unsigned int keylen,
+                                 const unsigned char *iv,
+                                 int mode,
+                                 unsigned int rounds,
+                                 unsigned int wordSize);
+
+/*
+** Destroy an RC5 encryption/decryption context.
+**      "cx" the context
+**      "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void RC5_DestroyContext(RC5Context *cx, PRBool freeit);
+
+/*
+** Perform RC5 encryption.
+**      "cx" the context
+**      "output" the output buffer to store the encrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+extern SECStatus RC5_Encrypt(RC5Context *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform RC5 decryption.
+**      "cx" the context
+**      "output" the output buffer to store the decrypted data.
+**      "outputLen" how much data is stored in "output". Set by the routine
+**         after some data is stored in output.
+**      "maxOutputLen" the maximum amount of data that can ever be
+**         stored in "output"
+**      "input" the input data
+**      "inputLen" the amount of input data
+*/
+
+extern SECStatus RC5_Decrypt(RC5Context *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** DES symmetric block cypher
+*/
+
+/*
+** Create a new DES context suitable for DES encryption/decryption.
+**  "key" raw key data
+**  "len" the number of bytes of key data
+**  "iv" is the CBC initialization vector (if mode is NSS_DES_CBC or
+**     mode is DES_EDE3_CBC)
+**  "mode" one of NSS_DES, NSS_DES_CBC, NSS_DES_EDE3 or NSS_DES_EDE3_CBC
+**  "encrypt" is PR_TRUE if the context will be used for encryption
+**
+** When mode is set to NSS_DES_CBC or NSS_DES_EDE3_CBC then the DES
+** cipher is run in "cipher block chaining" mode.
+*/
+extern DESContext *DES_CreateContext(const unsigned char *key,
+                                     const unsigned char *iv,
+                                     int mode, PRBool encrypt);
+extern DESContext *DES_AllocateContext(void);
+extern SECStatus DES_InitContext(DESContext *cx,
+                                 const unsigned char *key,
+                                 unsigned int keylen,
+                                 const unsigned char *iv,
+                                 int mode,
+                                 unsigned int encrypt,
+                                 unsigned int);
+
+/*
+** Destroy an DES encryption/decryption context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void DES_DestroyContext(DESContext *cx, PRBool freeit);
+
+/*
+** Perform DES encryption.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+**
+** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
+*/
+extern SECStatus DES_Encrypt(DESContext *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform DES decryption.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+**
+** NOTE: the inputLen must be a multiple of DES_KEY_LENGTH
+*/
+extern SECStatus DES_Decrypt(DESContext *cx, unsigned char *output,
+                             unsigned int *outputLen, unsigned int maxOutputLen,
+                             const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** SEED symmetric block cypher
+*/
+extern SEEDContext *
+SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
+                   int mode, PRBool encrypt);
+extern SEEDContext *SEED_AllocateContext(void);
+extern SECStatus SEED_InitContext(SEEDContext *cx,
+                                  const unsigned char *key,
+                                  unsigned int keylen,
+                                  const unsigned char *iv,
+                                  int mode, unsigned int encrypt,
+                                  unsigned int);
+extern void SEED_DestroyContext(SEEDContext *cx, PRBool freeit);
+extern SECStatus
+SEED_Encrypt(SEEDContext *cx, unsigned char *output,
+             unsigned int *outputLen, unsigned int maxOutputLen,
+             const unsigned char *input, unsigned int inputLen);
+extern SECStatus
+SEED_Decrypt(SEEDContext *cx, unsigned char *output,
+             unsigned int *outputLen, unsigned int maxOutputLen,
+             const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** AES symmetric block cypher (Rijndael)
+*/
+
+/*
+** Create a new AES context suitable for AES encryption/decryption.
+**  "key" raw key data
+**  "keylen" the number of bytes of key data (16, 24, or 32)
+**      "blocklen" is the blocksize to use (16, 24, or 32)
+**                        XXX currently only blocksize==16 has been tested!
+*/
+extern AESContext *
+AES_CreateContext(const unsigned char *key, const unsigned char *iv,
+                  int mode, int encrypt,
+                  unsigned int keylen, unsigned int blocklen);
+extern AESContext *AES_AllocateContext(void);
+extern SECStatus AES_InitContext(AESContext *cx,
+                                 const unsigned char *key,
+                                 unsigned int keylen,
+                                 const unsigned char *iv,
+                                 int mode,
+                                 unsigned int encrypt,
+                                 unsigned int blocklen);
+
+/*
+** Destroy a AES encryption/decryption context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void
+AES_DestroyContext(AESContext *cx, PRBool freeit);
+
+/*
+** Perform AES encryption.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+AES_Encrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform AES decryption.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+AES_Decrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** AES key wrap algorithm, RFC 3394
+*/
+
+/*
+** Create a new AES context suitable for AES encryption/decryption.
+**  "key" raw key data
+**      "iv"  The 8 byte "initial value"
+**      "encrypt", a boolean, true for key wrapping, false for unwrapping.
+**  "keylen" the number of bytes of key data (16, 24, or 32)
+*/
+extern AESKeyWrapContext *
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
+                         int encrypt, unsigned int keylen);
+extern AESKeyWrapContext *AESKeyWrap_AllocateContext(void);
+extern SECStatus
+AESKeyWrap_InitContext(AESKeyWrapContext *cx,
+                       const unsigned char *key,
+                       unsigned int keylen,
+                       const unsigned char *iv,
+                       int,
+                       unsigned int encrypt,
+                       unsigned int);
+
+/*
+** Destroy a AES KeyWrap context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void
+AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit);
+
+/*
+** Perform AES key wrap.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
+                   unsigned int *outputLen, unsigned int maxOutputLen,
+                   const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform AES key unwrap.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
+                   unsigned int *outputLen, unsigned int maxOutputLen,
+                   const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** Camellia symmetric block cypher
+*/
+
+/*
+** Create a new Camellia context suitable for Camellia encryption/decryption.
+**  "key" raw key data
+**  "keylen" the number of bytes of key data (16, 24, or 32)
+*/
+extern CamelliaContext *
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
+                       int mode, int encrypt, unsigned int keylen);
+
+extern CamelliaContext *Camellia_AllocateContext(void);
+extern SECStatus Camellia_InitContext(CamelliaContext *cx,
+                                      const unsigned char *key,
+                                      unsigned int keylen,
+                                      const unsigned char *iv,
+                                      int mode,
+                                      unsigned int encrypt,
+                                      unsigned int unused);
+/*
+** Destroy a Camellia encryption/decryption context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void
+Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit);
+
+/*
+** Perform Camellia encryption.
+**  "cx" the context
+**  "output" the output buffer to store the encrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen);
+
+/*
+** Perform Camellia decryption.
+**  "cx" the context
+**  "output" the output buffer to store the decrypted data.
+**  "outputLen" how much data is stored in "output". Set by the routine
+**     after some data is stored in output.
+**  "maxOutputLen" the maximum amount of data that can ever be
+**     stored in "output"
+**  "input" the input data
+**  "inputLen" the amount of input data
+*/
+extern SECStatus
+Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen);
+
+/******************************************/
+/*
+** ChaCha20+Poly1305 AEAD
+*/
+
+extern SECStatus ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
+                                              const unsigned char *key,
+                                              unsigned int keyLen,
+                                              unsigned int tagLen);
+
+extern ChaCha20Poly1305Context *ChaCha20Poly1305_CreateContext(
+    const unsigned char *key, unsigned int keyLen, unsigned int tagLen);
+
+extern void ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx,
+                                            PRBool freeit);
+
+extern SECStatus ChaCha20Poly1305_Seal(
+    const ChaCha20Poly1305Context *ctx, unsigned char *output,
+    unsigned int *outputLen, unsigned int maxOutputLen,
+    const unsigned char *input, unsigned int inputLen,
+    const unsigned char *nonce, unsigned int nonceLen,
+    const unsigned char *ad, unsigned int adLen);
+
+extern SECStatus ChaCha20Poly1305_Open(
+    const ChaCha20Poly1305Context *ctx, unsigned char *output,
+    unsigned int *outputLen, unsigned int maxOutputLen,
+    const unsigned char *input, unsigned int inputLen,
+    const unsigned char *nonce, unsigned int nonceLen,
+    const unsigned char *ad, unsigned int adLen);
+
+/******************************************/
+/*
+** MD5 secure hash function
+*/
+
+/*
+** Hash a null terminated string "src" into "dest" using MD5
+*/
+extern SECStatus MD5_Hash(unsigned char *dest, const char *src);
+
+/*
+** Hash a non-null terminated string "src" into "dest" using MD5
+*/
+extern SECStatus MD5_HashBuf(unsigned char *dest, const unsigned char *src,
+                             PRUint32 src_length);
+
+/*
+** Create a new MD5 context
+*/
+extern MD5Context *MD5_NewContext(void);
+
+/*
+** Destroy an MD5 secure hash context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void MD5_DestroyContext(MD5Context *cx, PRBool freeit);
+
+/*
+** Reset an MD5 context, preparing it for a fresh round of hashing
+*/
+extern void MD5_Begin(MD5Context *cx);
+
+/*
+** Update the MD5 hash function with more data.
+**  "cx" the context
+**  "input" the data to hash
+**  "inputLen" the amount of data to hash
+*/
+extern void MD5_Update(MD5Context *cx,
+                       const unsigned char *input, unsigned int inputLen);
+
+/*
+** Finish the MD5 hash function. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 16 bytes of digest data are stored
+**  "digestLen" where the digest length (16) is stored
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void MD5_End(MD5Context *cx, unsigned char *digest,
+                    unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+** Export the current state of the MD5 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 16 bytes of digest data are stored
+**  "digestLen" where the digest length (16) is stored (optional)
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void MD5_EndRaw(MD5Context *cx, unsigned char *digest,
+                       unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+ * Return the the size of a buffer needed to flatten the MD5 Context into
+ *    "cx" the context
+ *  returns size;
+ */
+extern unsigned int MD5_FlattenSize(MD5Context *cx);
+
+/*
+ * Flatten the MD5 Context into a buffer:
+ *    "cx" the context
+ *    "space" the buffer to flatten to
+ *  returns status;
+ */
+extern SECStatus MD5_Flatten(MD5Context *cx, unsigned char *space);
+
+/*
+ * Resurrect a flattened context into a MD5 Context
+ *    "space" the buffer of the flattend buffer
+ *    "arg" ptr to void used by cryptographic resurrect
+ *  returns resurected context;
+ */
+extern MD5Context *MD5_Resurrect(unsigned char *space, void *arg);
+extern void MD5_Clone(MD5Context *dest, MD5Context *src);
+
+/*
+** trace the intermediate state info of the MD5 hash.
+*/
+extern void MD5_TraceState(MD5Context *cx);
+
+/******************************************/
+/*
+** MD2 secure hash function
+*/
+
+/*
+** Hash a null terminated string "src" into "dest" using MD2
+*/
+extern SECStatus MD2_Hash(unsigned char *dest, const char *src);
+
+/*
+** Create a new MD2 context
+*/
+extern MD2Context *MD2_NewContext(void);
+
+/*
+** Destroy an MD2 secure hash context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void MD2_DestroyContext(MD2Context *cx, PRBool freeit);
+
+/*
+** Reset an MD2 context, preparing it for a fresh round of hashing
+*/
+extern void MD2_Begin(MD2Context *cx);
+
+/*
+** Update the MD2 hash function with more data.
+**  "cx" the context
+**  "input" the data to hash
+**  "inputLen" the amount of data to hash
+*/
+extern void MD2_Update(MD2Context *cx,
+                       const unsigned char *input, unsigned int inputLen);
+
+/*
+** Finish the MD2 hash function. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 16 bytes of digest data are stored
+**  "digestLen" where the digest length (16) is stored
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void MD2_End(MD2Context *cx, unsigned char *digest,
+                    unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+ * Return the the size of a buffer needed to flatten the MD2 Context into
+ *    "cx" the context
+ *  returns size;
+ */
+extern unsigned int MD2_FlattenSize(MD2Context *cx);
+
+/*
+ * Flatten the MD2 Context into a buffer:
+ *    "cx" the context
+ *    "space" the buffer to flatten to
+ *  returns status;
+ */
+extern SECStatus MD2_Flatten(MD2Context *cx, unsigned char *space);
+
+/*
+ * Resurrect a flattened context into a MD2 Context
+ *    "space" the buffer of the flattend buffer
+ *    "arg" ptr to void used by cryptographic resurrect
+ *  returns resurected context;
+ */
+extern MD2Context *MD2_Resurrect(unsigned char *space, void *arg);
+extern void MD2_Clone(MD2Context *dest, MD2Context *src);
+
+/******************************************/
+/*
+** SHA-1 secure hash function
+*/
+
+/*
+** Hash a null terminated string "src" into "dest" using SHA-1
+*/
+extern SECStatus SHA1_Hash(unsigned char *dest, const char *src);
+
+/*
+** Hash a non-null terminated string "src" into "dest" using SHA-1
+*/
+extern SECStatus SHA1_HashBuf(unsigned char *dest, const unsigned char *src,
+                              PRUint32 src_length);
+
+/*
+** Create a new SHA-1 context
+*/
+extern SHA1Context *SHA1_NewContext(void);
+
+/*
+** Destroy a SHA-1 secure hash context.
+**  "cx" the context
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void SHA1_DestroyContext(SHA1Context *cx, PRBool freeit);
+
+/*
+** Reset a SHA-1 context, preparing it for a fresh round of hashing
+*/
+extern void SHA1_Begin(SHA1Context *cx);
+
+/*
+** Update the SHA-1 hash function with more data.
+**  "cx" the context
+**  "input" the data to hash
+**  "inputLen" the amount of data to hash
+*/
+extern void SHA1_Update(SHA1Context *cx, const unsigned char *input,
+                        unsigned int inputLen);
+
+/*
+** Finish the SHA-1 hash function. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 16 bytes of digest data are stored
+**  "digestLen" where the digest length (20) is stored
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void SHA1_End(SHA1Context *cx, unsigned char *digest,
+                     unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+** Export the current state of the SHA-1 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 20 bytes of digest data are stored
+**  "digestLen" where the digest length (20) is stored (optional)
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void SHA1_EndRaw(SHA1Context *cx, unsigned char *digest,
+                        unsigned int *digestLen, unsigned int maxDigestLen);
+
+/*
+** trace the intermediate state info of the SHA1 hash.
+*/
+extern void SHA1_TraceState(SHA1Context *cx);
+
+/*
+ * Return the the size of a buffer needed to flatten the SHA-1 Context into
+ *    "cx" the context
+ *  returns size;
+ */
+extern unsigned int SHA1_FlattenSize(SHA1Context *cx);
+
+/*
+ * Flatten the SHA-1 Context into a buffer:
+ *    "cx" the context
+ *    "space" the buffer to flatten to
+ *  returns status;
+ */
+extern SECStatus SHA1_Flatten(SHA1Context *cx, unsigned char *space);
+
+/*
+ * Resurrect a flattened context into a SHA-1 Context
+ *    "space" the buffer of the flattend buffer
+ *    "arg" ptr to void used by cryptographic resurrect
+ *  returns resurected context;
+ */
+extern SHA1Context *SHA1_Resurrect(unsigned char *space, void *arg);
+extern void SHA1_Clone(SHA1Context *dest, SHA1Context *src);
+
+/******************************************/
+
+extern SHA224Context *SHA224_NewContext(void);
+extern void SHA224_DestroyContext(SHA224Context *cx, PRBool freeit);
+extern void SHA224_Begin(SHA224Context *cx);
+extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
+                          unsigned int inputLen);
+extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
+                       unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-224 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 28 bytes of digest data are stored
+**  "digestLen" where the digest length (28) is stored (optional)
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
+                          unsigned int *digestLen, unsigned int maxDigestLen);
+extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
+                                PRUint32 src_length);
+extern SECStatus SHA224_Hash(unsigned char *dest, const char *src);
+extern void SHA224_TraceState(SHA224Context *cx);
+extern unsigned int SHA224_FlattenSize(SHA224Context *cx);
+extern SECStatus SHA224_Flatten(SHA224Context *cx, unsigned char *space);
+extern SHA224Context *SHA224_Resurrect(unsigned char *space, void *arg);
+extern void SHA224_Clone(SHA224Context *dest, SHA224Context *src);
+
+/******************************************/
+
+extern SHA256Context *SHA256_NewContext(void);
+extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
+extern void SHA256_Begin(SHA256Context *cx);
+extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
+                          unsigned int inputLen);
+extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
+                       unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-256 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 32 bytes of digest data are stored
+**  "digestLen" where the digest length (32) is stored (optional)
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
+                          unsigned int *digestLen, unsigned int maxDigestLen);
+extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
+                                PRUint32 src_length);
+extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
+extern void SHA256_TraceState(SHA256Context *cx);
+extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
+extern SECStatus SHA256_Flatten(SHA256Context *cx, unsigned char *space);
+extern SHA256Context *SHA256_Resurrect(unsigned char *space, void *arg);
+extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
+
+/******************************************/
+
+extern SHA512Context *SHA512_NewContext(void);
+extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
+extern void SHA512_Begin(SHA512Context *cx);
+extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
+                          unsigned int inputLen);
+/*
+** Export the current state of the SHA-512 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 64 bytes of digest data are stored
+**  "digestLen" where the digest length (64) is stored (optional)
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
+                          unsigned int *digestLen, unsigned int maxDigestLen);
+extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
+                       unsigned int *digestLen, unsigned int maxDigestLen);
+extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
+                                PRUint32 src_length);
+extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
+extern void SHA512_TraceState(SHA512Context *cx);
+extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
+extern SECStatus SHA512_Flatten(SHA512Context *cx, unsigned char *space);
+extern SHA512Context *SHA512_Resurrect(unsigned char *space, void *arg);
+extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
+
+/******************************************/
+
+extern SHA384Context *SHA384_NewContext(void);
+extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
+extern void SHA384_Begin(SHA384Context *cx);
+extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
+                          unsigned int inputLen);
+extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
+                       unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-384 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**  "cx" the context
+**  "digest" where the 48 bytes of digest data are stored
+**  "digestLen" where the digest length (48) is stored (optional)
+**  "maxDigestLen" the maximum amount of data that can ever be
+**     stored in "digest"
+*/
+extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
+                          unsigned int *digestLen, unsigned int maxDigestLen);
+extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
+                                PRUint32 src_length);
+extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
+extern void SHA384_TraceState(SHA384Context *cx);
+extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
+extern SECStatus SHA384_Flatten(SHA384Context *cx, unsigned char *space);
+extern SHA384Context *SHA384_Resurrect(unsigned char *space, void *arg);
+extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
+
+/****************************************
+ * implement TLS 1.0 Pseudo Random Function (PRF) and TLS P_hash function
+ */
+
+extern SECStatus
+TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
+        SECItem *result, PRBool isFIPS);
+
+extern SECStatus
+TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
+           SECItem *seed, SECItem *result, PRBool isFIPS);
+
+/******************************************/
+/*
+** Pseudo Random Number Generation.  FIPS compliance desirable.
+*/
+
+/*
+** Initialize the global RNG context and give it some seed input taken
+** from the system.  This function is thread-safe and will only allow
+** the global context to be initialized once.  The seed input is likely
+** small, so it is imperative that RNG_RandomUpdate() be called with
+** additional seed data before the generator is used.  A good way to
+** provide the generator with additional entropy is to call
+** RNG_SystemInfoForRNG().  Note that NSS_Init() does exactly that.
+*/
+extern SECStatus RNG_RNGInit(void);
+
+/*
+** Update the global random number generator with more seeding
+** material
+*/
+extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.
+*/
+extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
+
+extern SECStatus RNG_ResetForFuzzing(void);
+
+/* Destroy the global RNG context.  After a call to RNG_RNGShutdown()
+** a call to RNG_RNGInit() is required in order to use the generator again,
+** along with seed data (see the comment above RNG_RNGInit()).
+*/
+extern void RNG_RNGShutdown(void);
+
+extern void RNG_SystemInfoForRNG(void);
+
+/*
+ * FIPS 186-2 Change Notice 1 RNG Algorithm 1, used both to
+ * generate the DSA X parameter and as a generic purpose RNG.
+ *
+ * The following two FIPS186Change functions are needed for
+ * NIST RNG Validation System.
+ */
+
+/*
+ * FIPS186Change_GenerateX is now deprecated. It will return SECFailure with
+ * the error set to PR_NOT_IMPLEMENTED_ERROR.
+ */
+extern SECStatus
+FIPS186Change_GenerateX(unsigned char *XKEY,
+                        const unsigned char *XSEEDj,
+                        unsigned char *x_j);
+
+/*
+ * When generating the DSA X parameter, we generate 2*GSIZE bytes
+ * of random output and reduce it mod q.
+ *
+ * Input: w, 2*GSIZE bytes
+ *        q, DSA_SUBPRIME_LEN bytes
+ * Output: xj, DSA_SUBPRIME_LEN bytes
+ */
+extern SECStatus
+FIPS186Change_ReduceModQForDSA(const unsigned char *w,
+                               const unsigned char *q,
+                               unsigned char *xj);
+
+/* To allow NIST KAT tests */
+extern SECStatus
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
+                         const PRUint8 *nonce, unsigned int nonce_len,
+                         const PRUint8 *personal_string, unsigned int ps_len);
+
+/*
+ * The following functions are for FIPS poweron self test and FIPS algorithm
+ * testing.
+ */
+extern SECStatus
+PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
+                     const PRUint8 *nonce, unsigned int nonce_len,
+                     const PRUint8 *personal_string, unsigned int ps_len);
+
+extern SECStatus
+PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
+                const PRUint8 *additional, unsigned int additional_len);
+
+extern SECStatus
+PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
+                  const PRUint8 *additional, unsigned int additional_len);
+
+extern SECStatus
+PRNGTEST_Uninstantiate(void);
+
+extern SECStatus
+PRNGTEST_RunHealthTests(void);
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of seed and length of h both equal length of P.
+ * All lengths are specified by "j", according to the table above.
+ *
+ * The verify parameters will conform to FIPS186-1.
+ */
+extern SECStatus
+PQG_ParamGen(unsigned int j,      /* input : determines length of P. */
+             PQGParams **pParams, /* output: P Q and G returned here */
+             PQGVerify **pVfy);   /* output: counter and seed. */
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by j.  Length of h will match length of P.
+ * Length of SEED in bytes specified in seedBytes.
+ * seedBbytes must be in the range [20..255] or an error will result.
+ *
+ * The verify parameters will conform to FIPS186-1.
+ */
+extern SECStatus
+PQG_ParamGenSeedLen(
+    unsigned int j,         /* input : determines length of P. */
+    unsigned int seedBytes, /* input : length of seed in bytes.*/
+    PQGParams **pParams,    /* output: P Q and G returned here */
+    PQGVerify **pVfy);      /* output: counter and seed. */
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by L in bits.
+ * Length of Q specified by N in bits.
+ * Length of SEED in bytes specified in seedBytes.
+ * seedBbytes must be in the range [N..L*2] or an error will result.
+ *
+ * Not that J uses the above table, L is the length exact. L and N must
+ * match the table below or an error will result:
+ *
+ *  L            N
+ * 1024         160
+ * 2048         224
+ * 2048         256
+ * 3072         256
+ *
+ * If N or seedBytes are set to zero, then PQG_ParamGenSeedLen will
+ * pick a default value (typically the smallest secure value for these
+ * variables).
+ *
+ * The verify parameters will conform to FIPS186-3 using the smallest
+ * permissible hash for the key strength.
+ */
+extern SECStatus
+PQG_ParamGenV2(
+    unsigned int L,         /* input : determines length of P. */
+    unsigned int N,         /* input : determines length of Q. */
+    unsigned int seedBytes, /* input : length of seed in bytes.*/
+    PQGParams **pParams,    /* output: P Q and G returned here */
+    PQGVerify **pVfy);      /* output: counter and seed. */
+
+/*  Test PQGParams for validity as DSS PQG values.
+ *  If vfy is non-NULL, test PQGParams to make sure they were generated
+ *       using the specified seed, counter, and h values.
+ *
+ *  Return value indicates whether Verification operation ran successfully
+ *  to completion, but does not indicate if PQGParams are valid or not.
+ *  If return value is SECSuccess, then *pResult has these meanings:
+ *       SECSuccess: PQGParams are valid.
+ *       SECFailure: PQGParams are invalid.
+ *
+ * Verify the PQG againts the counter, SEED and h.
+ * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
+ * PQG_VerifyParams will automatically choose the appropriate test.
+ */
+
+extern SECStatus PQG_VerifyParams(const PQGParams *params,
+                                  const PQGVerify *vfy, SECStatus *result);
+
+extern void PQG_DestroyParams(PQGParams *params);
+
+extern void PQG_DestroyVerify(PQGVerify *vfy);
+
+/*
+ * clean-up any global tables freebl may have allocated after it starts up.
+ * This function is not thread safe and should be called only after the
+ * library has been quiessed.
+ */
+extern void BL_Cleanup(void);
+
+/* unload freebl shared library from memory */
+extern void BL_Unload(void);
+
+/**************************************************************************
+ *  Verify a given Shared library signature                               *
+ **************************************************************************/
+PRBool BLAPI_SHVerify(const char *name, PRFuncPtr addr);
+
+/**************************************************************************
+ *  Verify a given filename's signature                               *
+ **************************************************************************/
+PRBool BLAPI_SHVerifyFile(const char *shName);
+
+/**************************************************************************
+ *  Verify Are Own Shared library signature                               *
+ **************************************************************************/
+PRBool BLAPI_VerifySelf(const char *name);
+
+/*********************************************************************/
+extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
+
+extern void BL_SetForkState(PRBool forked);
+
+/*
+** pepare an ECParam structure from DEREncoded params
+ */
+extern SECStatus EC_FillParams(PLArenaPool *arena,
+                               const SECItem *encodedParams, ECParams *params);
+extern SECStatus EC_DecodeParams(const SECItem *encodedParams,
+                                 ECParams **ecparams);
+extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                               const ECParams *srcParams);
+
+/*
+ * use the internal table to get the size in bytes of a single EC point
+ */
+extern int EC_GetPointSize(const ECParams *params);
+
+SEC_END_PROTOS
+
+#endif /* _BLAPI_H_ */
diff --git a/nss/lib/freebl/blapii.h b/nss/lib/freebl/blapii.h
new file mode 100644
index 0000000..6ad2e28
--- /dev/null
+++ b/nss/lib/freebl/blapii.h
@@ -0,0 +1,61 @@
+/*
+ * blapii.h - private data structures and prototypes for the freebl library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _BLAPII_H_
+#define _BLAPII_H_
+
+#include "blapit.h"
+
+/* max block size of supported block ciphers */
+#define MAX_BLOCK_SIZE 16
+
+typedef SECStatus (*freeblCipherFunc)(void *cx, unsigned char *output,
+                                      unsigned int *outputLen, unsigned int maxOutputLen,
+                                      const unsigned char *input, unsigned int inputLen,
+                                      unsigned int blocksize);
+typedef void (*freeblDestroyFunc)(void *cx, PRBool freeit);
+
+SEC_BEGIN_PROTOS
+
+SECStatus BL_FIPSEntryOK(PRBool freeblOnly);
+PRBool BL_POSTRan(PRBool freeblOnly);
+
+#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
+
+extern PRBool bl_parentForkedAfterC_Initialize;
+
+#define SKIP_AFTER_FORK(x)                 \
+    if (!bl_parentForkedAfterC_Initialize) \
+    x
+
+#else
+
+#define SKIP_AFTER_FORK(x) x
+
+#endif
+
+SEC_END_PROTOS
+
+#if defined(NSS_X86_OR_X64)
+#define HAVE_UNALIGNED_ACCESS 1
+#endif
+
+#if defined(__clang__)
+#define HAVE_NO_SANITIZE_ATTR __has_attribute(no_sanitize)
+#else
+#define HAVE_NO_SANITIZE_ATTR 0
+#endif
+
+#if defined(HAVE_UNALIGNED_ACCESS) && HAVE_NO_SANITIZE_ATTR
+#define NO_SANITIZE_ALIGNMENT __attribute__((no_sanitize("alignment")))
+#else
+#define NO_SANITIZE_ALIGNMENT
+#endif
+
+#undef HAVE_NO_SANITIZE_ATTR
+
+#endif /* _BLAPII_H_ */
diff --git a/nss/lib/freebl/blapit.h b/nss/lib/freebl/blapit.h
new file mode 100644
index 0000000..2a17b5f
--- /dev/null
+++ b/nss/lib/freebl/blapit.h
@@ -0,0 +1,414 @@
+/*
+ * blapit.h - public data structures for the freebl library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _BLAPIT_H_
+#define _BLAPIT_H_
+
+#include "seccomon.h"
+#include "prlink.h"
+#include "plarena.h"
+#include "ecl-exp.h"
+
+/* RC2 operation modes */
+#define NSS_RC2 0
+#define NSS_RC2_CBC 1
+
+/* RC5 operation modes */
+#define NSS_RC5 0
+#define NSS_RC5_CBC 1
+
+/* DES operation modes */
+#define NSS_DES 0
+#define NSS_DES_CBC 1
+#define NSS_DES_EDE3 2
+#define NSS_DES_EDE3_CBC 3
+
+#define DES_KEY_LENGTH 8 /* Bytes */
+
+/* AES operation modes */
+#define NSS_AES 0
+#define NSS_AES_CBC 1
+#define NSS_AES_CTS 2
+#define NSS_AES_CTR 3
+#define NSS_AES_GCM 4
+
+/* Camellia operation modes */
+#define NSS_CAMELLIA 0
+#define NSS_CAMELLIA_CBC 1
+
+/* SEED operation modes */
+#define NSS_SEED 0
+#define NSS_SEED_CBC 1
+
+#define DSA1_SUBPRIME_LEN 20                             /* Bytes */
+#define DSA1_SIGNATURE_LEN (DSA1_SUBPRIME_LEN * 2)       /* Bytes */
+#define DSA_MAX_SUBPRIME_LEN 32                          /* Bytes */
+#define DSA_MAX_SIGNATURE_LEN (DSA_MAX_SUBPRIME_LEN * 2) /* Bytes */
+
+/*
+ * Mark the old defines as deprecated. This will warn code that expected
+ * DSA1 only that they need to change if the are to support DSA2.
+ */
+#if defined(__GNUC__) && (__GNUC__ > 3)
+/* make GCC warn when we use these #defines */
+typedef int __BLAPI_DEPRECATED __attribute__((deprecated));
+#define DSA_SUBPRIME_LEN ((__BLAPI_DEPRECATED)DSA1_SUBPRIME_LEN)
+#define DSA_SIGNATURE_LEN ((__BLAPI_DEPRECATED)DSA1_SIGNATURE_LEN)
+#define DSA_Q_BITS ((__BLAPI_DEPRECATED)(DSA1_SUBPRIME_LEN * 8))
+#else
+#ifdef _WIN32
+/* This magic gets the windows compiler to give us a deprecation
+ * warning */
+#pragma deprecated(DSA_SUBPRIME_LEN, DSA_SIGNATURE_LEN, DSA_QBITS)
+#endif
+#define DSA_SUBPRIME_LEN DSA1_SUBPRIME_LEN
+#define DSA_SIGNATURE_LEN DSA1_SIGNATURE_LEN
+#define DSA_Q_BITS (DSA1_SUBPRIME_LEN * 8)
+#endif
+
+/* XXX We shouldn't have to hard code this limit. For
+ * now, this is the quickest way to support ECDSA signature
+ * processing (ECDSA signature lengths depend on curve
+ * size). This limit is sufficient for curves upto
+ * 576 bits.
+ */
+#define MAX_ECKEY_LEN 72 /* Bytes */
+
+#define EC_MAX_KEY_BITS 521 /* in bits */
+#define EC_MIN_KEY_BITS 256 /* in bits */
+
+/* EC point compression format */
+#define EC_POINT_FORM_COMPRESSED_Y0 0x02
+#define EC_POINT_FORM_COMPRESSED_Y1 0x03
+#define EC_POINT_FORM_UNCOMPRESSED 0x04
+#define EC_POINT_FORM_HYBRID_Y0 0x06
+#define EC_POINT_FORM_HYBRID_Y1 0x07
+
+/*
+ * Number of bytes each hash algorithm produces
+ */
+#define MD2_LENGTH 16    /* Bytes */
+#define MD5_LENGTH 16    /* Bytes */
+#define SHA1_LENGTH 20   /* Bytes */
+#define SHA256_LENGTH 32 /* bytes */
+#define SHA384_LENGTH 48 /* bytes */
+#define SHA512_LENGTH 64 /* bytes */
+#define HASH_LENGTH_MAX SHA512_LENGTH
+
+/*
+ * Input block size for each hash algorithm.
+ */
+
+#define MD2_BLOCK_LENGTH 64     /* bytes */
+#define MD5_BLOCK_LENGTH 64     /* bytes */
+#define SHA1_BLOCK_LENGTH 64    /* bytes */
+#define SHA224_BLOCK_LENGTH 64  /* bytes */
+#define SHA256_BLOCK_LENGTH 64  /* bytes */
+#define SHA384_BLOCK_LENGTH 128 /* bytes */
+#define SHA512_BLOCK_LENGTH 128 /* bytes */
+#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
+
+#define AES_KEY_WRAP_IV_BYTES 8
+#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */
+#define AES_BLOCK_SIZE 16         /* bytes */
+
+#define AES_128_KEY_LENGTH 16 /* bytes */
+#define AES_192_KEY_LENGTH 24 /* bytes */
+#define AES_256_KEY_LENGTH 32 /* bytes */
+
+#define CAMELLIA_BLOCK_SIZE 16 /* bytes */
+
+#define SEED_BLOCK_SIZE 16 /* bytes */
+#define SEED_KEY_LENGTH 16 /* bytes */
+
+#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
+
+/*
+ * These values come from the initial key size limits from the PKCS #11
+ * module. They may be arbitrarily adjusted to any value freebl supports.
+ */
+#define RSA_MIN_MODULUS_BITS 128
+#define RSA_MAX_MODULUS_BITS 16384
+#define RSA_MAX_EXPONENT_BITS 64
+#define DH_MIN_P_BITS 128
+#define DH_MAX_P_BITS 16384
+
+/*
+ * The FIPS 186-1 algorithm for generating primes P and Q allows only 9
+ * distinct values for the length of P, and only one value for the
+ * length of Q.
+ * The algorithm uses a variable j to indicate which of the 9 lengths
+ * of P is to be used.
+ * The following table relates j to the lengths of P and Q in bits.
+ *
+ *  j   bits in P   bits in Q
+ *  _   _________   _________
+ *  0    512        160
+ *  1    576        160
+ *  2    640        160
+ *  3    704        160
+ *  4    768        160
+ *  5    832        160
+ *  6    896        160
+ *  7    960        160
+ *  8   1024        160
+ *
+ * The FIPS-186-1 compliant PQG generator takes j as an input parameter.
+ *
+ * FIPS 186-3 algorithm specifies 4 distinct P and Q sizes:
+ *
+ *     bits in P       bits in Q
+ *     _________       _________
+ *      1024           160
+ *      2048           224
+ *      2048           256
+ *      3072           256
+ *
+ * The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q
+ * lengths as input and returns an error if they aren't in this list.
+ */
+
+#define DSA1_Q_BITS 160
+#define DSA_MAX_P_BITS 3072
+#define DSA_MIN_P_BITS 512
+#define DSA_MAX_Q_BITS 256
+#define DSA_MIN_Q_BITS 160
+
+#if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN * 8
+#error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
+#endif
+
+/*
+ * function takes desired number of bits in P,
+ * returns index (0..8) or -1 if number of bits is invalid.
+ */
+#define PQG_PBITS_TO_INDEX(bits) \
+    (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? -1 : (int)((bits)-512) / 64)
+
+/*
+ * function takes index (0-8)
+ * returns number of bits in P for that index, or -1 if index is invalid.
+ */
+#define PQG_INDEX_TO_PBITS(j) (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
+
+/***************************************************************************
+** Opaque objects
+*/
+
+struct DESContextStr;
+struct RC2ContextStr;
+struct RC4ContextStr;
+struct RC5ContextStr;
+struct AESContextStr;
+struct CamelliaContextStr;
+struct MD2ContextStr;
+struct MD5ContextStr;
+struct SHA1ContextStr;
+struct SHA256ContextStr;
+struct SHA512ContextStr;
+struct AESKeyWrapContextStr;
+struct SEEDContextStr;
+struct ChaCha20Poly1305ContextStr;
+
+typedef struct DESContextStr DESContext;
+typedef struct RC2ContextStr RC2Context;
+typedef struct RC4ContextStr RC4Context;
+typedef struct RC5ContextStr RC5Context;
+typedef struct AESContextStr AESContext;
+typedef struct CamelliaContextStr CamelliaContext;
+typedef struct MD2ContextStr MD2Context;
+typedef struct MD5ContextStr MD5Context;
+typedef struct SHA1ContextStr SHA1Context;
+typedef struct SHA256ContextStr SHA256Context;
+/* SHA224Context is really a SHA256ContextStr.  This is not a mistake. */
+typedef struct SHA256ContextStr SHA224Context;
+typedef struct SHA512ContextStr SHA512Context;
+/* SHA384Context is really a SHA512ContextStr.  This is not a mistake. */
+typedef struct SHA512ContextStr SHA384Context;
+typedef struct AESKeyWrapContextStr AESKeyWrapContext;
+typedef struct SEEDContextStr SEEDContext;
+typedef struct ChaCha20Poly1305ContextStr ChaCha20Poly1305Context;
+
+/***************************************************************************
+** RSA Public and Private Key structures
+*/
+
+/* member names from PKCS#1, section 7.1 */
+struct RSAPublicKeyStr {
+    PLArenaPool *arena;
+    SECItem modulus;
+    SECItem publicExponent;
+};
+typedef struct RSAPublicKeyStr RSAPublicKey;
+
+/* member names from PKCS#1, section 7.2 */
+struct RSAPrivateKeyStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECItem modulus;
+    SECItem publicExponent;
+    SECItem privateExponent;
+    SECItem prime1;
+    SECItem prime2;
+    SECItem exponent1;
+    SECItem exponent2;
+    SECItem coefficient;
+};
+typedef struct RSAPrivateKeyStr RSAPrivateKey;
+
+/***************************************************************************
+** DSA Public and Private Key and related structures
+*/
+
+struct PQGParamsStr {
+    PLArenaPool *arena;
+    SECItem prime;    /* p */
+    SECItem subPrime; /* q */
+    SECItem base;     /* g */
+    /* XXX chrisk: this needs to be expanded to hold j and validationParms (RFC2459 7.3.2) */
+};
+typedef struct PQGParamsStr PQGParams;
+
+struct PQGVerifyStr {
+    PLArenaPool *arena; /* includes this struct, seed, & h. */
+    unsigned int counter;
+    SECItem seed;
+    SECItem h;
+};
+typedef struct PQGVerifyStr PQGVerify;
+
+struct DSAPublicKeyStr {
+    PQGParams params;
+    SECItem publicValue;
+};
+typedef struct DSAPublicKeyStr DSAPublicKey;
+
+struct DSAPrivateKeyStr {
+    PQGParams params;
+    SECItem publicValue;
+    SECItem privateValue;
+};
+typedef struct DSAPrivateKeyStr DSAPrivateKey;
+
+/***************************************************************************
+** Diffie-Hellman Public and Private Key and related structures
+** Structure member names suggested by PKCS#3.
+*/
+
+struct DHParamsStr {
+    PLArenaPool *arena;
+    SECItem prime; /* p */
+    SECItem base;  /* g */
+};
+typedef struct DHParamsStr DHParams;
+
+struct DHPublicKeyStr {
+    PLArenaPool *arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+};
+typedef struct DHPublicKeyStr DHPublicKey;
+
+struct DHPrivateKeyStr {
+    PLArenaPool *arena;
+    SECItem prime;
+    SECItem base;
+    SECItem publicValue;
+    SECItem privateValue;
+};
+typedef struct DHPrivateKeyStr DHPrivateKey;
+
+/***************************************************************************
+** Data structures used for elliptic curve parameters and
+** public and private keys.
+*/
+
+/*
+** The ECParams data structures can encode elliptic curve
+** parameters for both GFp and GF2m curves.
+*/
+
+typedef enum { ec_params_explicit,
+               ec_params_named
+} ECParamsType;
+
+typedef enum { ec_field_GFp = 1,
+               ec_field_GF2m,
+               ec_field_plain
+} ECFieldType;
+
+struct ECFieldIDStr {
+    int size; /* field size in bits */
+    ECFieldType type;
+    union {
+        SECItem prime; /* prime p for (GFp) */
+        SECItem poly;  /* irreducible binary polynomial for (GF2m) */
+    } u;
+    int k1; /* first coefficient of pentanomial or
+                         * the only coefficient of trinomial
+                         */
+    int k2; /* two remaining coefficients of pentanomial */
+    int k3;
+};
+typedef struct ECFieldIDStr ECFieldID;
+
+struct ECCurveStr {
+    SECItem a; /* contains octet stream encoding of
+                         * field element (X9.62 section 4.3.3)
+             */
+    SECItem b;
+    SECItem seed;
+};
+typedef struct ECCurveStr ECCurve;
+
+struct ECParamsStr {
+    PLArenaPool *arena;
+    ECParamsType type;
+    ECFieldID fieldID;
+    ECCurve curve;
+    SECItem base;
+    SECItem order;
+    int cofactor;
+    SECItem DEREncoding;
+    ECCurveName name;
+    SECItem curveOID;
+};
+typedef struct ECParamsStr ECParams;
+
+struct ECPublicKeyStr {
+    ECParams ecParams;
+    SECItem publicValue; /* elliptic curve point encoded as
+                * octet stream.
+                */
+};
+typedef struct ECPublicKeyStr ECPublicKey;
+
+struct ECPrivateKeyStr {
+    ECParams ecParams;
+    SECItem publicValue;  /* encoded ec point */
+    SECItem privateValue; /* private big integer */
+    SECItem version;      /* As per SEC 1, Appendix C, Section C.4 */
+};
+typedef struct ECPrivateKeyStr ECPrivateKey;
+
+typedef void *(*BLapiAllocateFunc)(void);
+typedef void (*BLapiDestroyContextFunc)(void *cx, PRBool freeit);
+typedef SECStatus (*BLapiInitContextFunc)(void *cx,
+                                          const unsigned char *key,
+                                          unsigned int keylen,
+                                          const unsigned char *,
+                                          int,
+                                          unsigned int,
+                                          unsigned int);
+typedef SECStatus (*BLapiEncrypt)(void *cx, unsigned char *output,
+                                  unsigned int *outputLen,
+                                  unsigned int maxOutputLen,
+                                  const unsigned char *input,
+                                  unsigned int inputLen);
+
+#endif /* _BLAPIT_H_ */
diff --git a/nss/lib/freebl/blname.c b/nss/lib/freebl/blname.c
new file mode 100644
index 0000000..4bad74a
--- /dev/null
+++ b/nss/lib/freebl/blname.c
@@ -0,0 +1,100 @@
+/*
+ *  blname.c - determine the freebl library name.
+ *  This Source Code Form is subject to the terms of the Mozilla Public
+ *  License, v. 2.0. If a copy of the MPL was not distributed with this
+ *  file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#if defined(FREEBL_LOWHASH)
+static const char* default_name =
+    SHLIB_PREFIX "freeblpriv" SHLIB_VERSION "." SHLIB_SUFFIX;
+#else
+static const char* default_name =
+    SHLIB_PREFIX "freebl" SHLIB_VERSION "." SHLIB_SUFFIX;
+#endif
+
+/* getLibName() returns the name of the library to load. */
+
+#if defined(SOLARIS) && defined(__sparc)
+#include <stddef.h>
+#include <strings.h>
+#include <sys/systeminfo.h>
+
+#if defined(NSS_USE_64)
+
+const static char fpu_hybrid_shared_lib[] = "libfreebl_64fpu_3.so";
+const static char int_hybrid_shared_lib[] = "libfreebl_64int_3.so";
+const static char non_hybrid_shared_lib[] = "libfreebl_64fpu_3.so";
+
+const static char int_hybrid_isa[] = "sparcv9";
+const static char fpu_hybrid_isa[] = "sparcv9+vis";
+
+#else
+
+const static char fpu_hybrid_shared_lib[] = "libfreebl_32fpu_3.so";
+const static char int_hybrid_shared_lib[] = "libfreebl_32int64_3.so";
+/* This was for SPARC V8, now obsolete. */
+const static char* const non_hybrid_shared_lib = NULL;
+
+const static char int_hybrid_isa[] = "sparcv8plus";
+const static char fpu_hybrid_isa[] = "sparcv8plus+vis";
+
+#endif
+
+static const char*
+getLibName(void)
+{
+    char* found_int_hybrid;
+    char* found_fpu_hybrid;
+    long buflen;
+    char buf[256];
+
+    buflen = sysinfo(SI_ISALIST, buf, sizeof buf);
+    if (buflen <= 0)
+        return NULL;
+    /* sysinfo output is always supposed to be NUL terminated, but ... */
+    if (buflen < sizeof buf)
+        buf[buflen] = '\0';
+    else
+        buf[(sizeof buf) - 1] = '\0';
+    /* The ISA list is a space separated string of names of ISAs and
+     * ISA extensions, in order of decreasing performance.
+     * There are two different ISAs with which NSS's crypto code can be
+     * accelerated. If both are in the list, we take the first one.
+     * If one is in the list, we use it, and if neither then we use
+     * the base unaccelerated code.
+     */
+    found_int_hybrid = strstr(buf, int_hybrid_isa);
+    found_fpu_hybrid = strstr(buf, fpu_hybrid_isa);
+    if (found_fpu_hybrid &&
+        (!found_int_hybrid ||
+         (found_int_hybrid - found_fpu_hybrid) >= 0)) {
+        return fpu_hybrid_shared_lib;
+    }
+    if (found_int_hybrid) {
+        return int_hybrid_shared_lib;
+    }
+    return non_hybrid_shared_lib;
+}
+
+#elif defined(HPUX) && !defined(NSS_USE_64) && !defined(__ia64)
+#include <unistd.h>
+
+/* This code tests to see if we're running on a PA2.x CPU.
+** It returns true (1) if so, and false (0) otherwise.
+*/
+static const char*
+getLibName(void)
+{
+    long cpu = sysconf(_SC_CPU_VERSION);
+    return (cpu == CPU_PA_RISC2_0)
+               ? "libfreebl_32fpu_3.sl"
+               : "libfreebl_32int_3.sl";
+}
+#else
+/* default case, for platforms/ABIs that have only one freebl shared lib. */
+static const char*
+getLibName(void)
+{
+    return default_name;
+}
+#endif
diff --git a/nss/lib/freebl/camellia.c b/nss/lib/freebl/camellia.c
new file mode 100644
index 0000000..8a7bcb0
--- /dev/null
+++ b/nss/lib/freebl/camellia.c
@@ -0,0 +1,1896 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prinit.h"
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+#include "camellia.h"
+#include "sha_fast.h" /* for SHA_HTONL and related configuration macros */
+
+/* key constants */
+
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ *  macros
+ */
+
+#if defined(HAVE_UNALIGNED_ACCESS)
+
+/* require a CPU that allows unaligned access */
+
+#if defined(SHA_NEED_TMP_VARIABLE)
+#define CAMELLIA_NEED_TMP_VARIABLE 1
+#endif
+
+#define GETU32(p) SHA_HTONL(*((PRUint32 *)(p)))
+#define PUTU32(ct, st)                       \
+    {                                        \
+        *((PRUint32 *)(ct)) = SHA_HTONL(st); \
+    }
+
+#else /* no unaligned access */
+
+#define GETU32(pt) \
+    (((PRUint32)(pt)[0] << 24) ^ ((PRUint32)(pt)[1] << 16) ^ ((PRUint32)(pt)[2] << 8) ^ ((PRUint32)(pt)[3]))
+
+#define PUTU32(ct, st)                   \
+    {                                    \
+        (ct)[0] = (PRUint8)((st) >> 24); \
+        (ct)[1] = (PRUint8)((st) >> 16); \
+        (ct)[2] = (PRUint8)((st) >> 8);  \
+        (ct)[3] = (PRUint8)(st);         \
+    }
+
+#endif
+
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
+    do {                                             \
+        w0 = ll;                                     \
+        ll = (ll << bits) + (lr >> (32 - bits));     \
+        lr = (lr << bits) + (rl >> (32 - bits));     \
+        rl = (rl << bits) + (rr >> (32 - bits));     \
+        rr = (rr << bits) + (w0 >> (32 - bits));     \
+    } while (0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
+    do {                                                \
+        w0 = ll;                                        \
+        w1 = lr;                                        \
+        ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+        lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+        rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+        rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+    } while (0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+    do {                                                   \
+        il = xl ^ kl;                                      \
+        ir = xr ^ kr;                                      \
+        t0 = il >> 16;                                     \
+        t1 = ir >> 16;                                     \
+        yl = CAMELLIA_SP1110(ir & 0xff) ^                  \
+             CAMELLIA_SP0222((t1 >> 8) & 0xff) ^           \
+             CAMELLIA_SP3033(t1 & 0xff) ^                  \
+             CAMELLIA_SP4404((ir >> 8) & 0xff);            \
+        yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) ^           \
+             CAMELLIA_SP0222(t0 & 0xff) ^                  \
+             CAMELLIA_SP3033((il >> 8) & 0xff) ^           \
+             CAMELLIA_SP4404(il & 0xff);                   \
+        yl ^= yr;                                          \
+        yr = CAMELLIA_RR8(yr);                             \
+        yr ^= yl;                                          \
+    } while (0)
+
+/*
+ * for speed up
+ *
+ */
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+    do {                                                                 \
+        t0 = kll;                                                        \
+        t0 &= ll;                                                        \
+        lr ^= CAMELLIA_RL1(t0);                                          \
+        t1 = klr;                                                        \
+        t1 |= lr;                                                        \
+        ll ^= t1;                                                        \
+                                                                         \
+        t2 = krr;                                                        \
+        t2 |= rr;                                                        \
+        rl ^= t2;                                                        \
+        t3 = krl;                                                        \
+        t3 &= rl;                                                        \
+        rr ^= CAMELLIA_RL1(t3);                                          \
+    } while (0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+    do {                                                         \
+        ir = CAMELLIA_SP1110(xr & 0xff) ^                        \
+             CAMELLIA_SP0222((xr >> 24) & 0xff) ^                \
+             CAMELLIA_SP3033((xr >> 16) & 0xff) ^                \
+             CAMELLIA_SP4404((xr >> 8) & 0xff);                  \
+        il = CAMELLIA_SP1110((xl >> 24) & 0xff) ^                \
+             CAMELLIA_SP0222((xl >> 16) & 0xff) ^                \
+             CAMELLIA_SP3033((xl >> 8) & 0xff) ^                 \
+             CAMELLIA_SP4404(xl & 0xff);                         \
+        il ^= kl;                                                \
+        ir ^= kr;                                                \
+        ir ^= il;                                                \
+        il = CAMELLIA_RR8(il);                                   \
+        il ^= ir;                                                \
+        yl ^= ir;                                                \
+        yr ^= il;                                                \
+    } while (0)
+
+static const PRUint32 camellia_sp1110[256] = {
+    0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
+    0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
+    0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
+    0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
+    0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
+    0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
+    0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
+    0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
+    0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
+    0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
+    0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
+    0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
+    0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
+    0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
+    0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
+    0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
+    0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
+    0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
+    0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
+    0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
+    0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
+    0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
+    0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
+    0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
+    0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
+    0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
+    0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
+    0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
+    0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
+    0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
+    0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
+    0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
+    0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
+    0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
+    0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
+    0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
+    0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
+    0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
+    0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
+    0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
+    0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
+    0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
+    0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
+    0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
+    0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
+    0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
+    0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
+    0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
+    0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
+    0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
+    0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
+    0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
+    0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
+    0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
+    0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
+    0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
+    0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
+    0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
+    0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
+    0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
+    0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
+    0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
+    0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
+    0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
+};
+
+static const PRUint32 camellia_sp0222[256] = {
+    0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
+    0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
+    0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
+    0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
+    0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
+    0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
+    0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
+    0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
+    0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
+    0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
+    0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
+    0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
+    0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
+    0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
+    0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
+    0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
+    0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
+    0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
+    0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
+    0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
+    0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
+    0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
+    0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
+    0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
+    0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
+    0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
+    0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
+    0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
+    0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
+    0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
+    0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
+    0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
+    0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
+    0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
+    0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
+    0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
+    0x00202020, 0x00898989, 0x00000000, 0x00909090,
+    0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
+    0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
+    0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
+    0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
+    0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
+    0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
+    0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
+    0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
+    0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
+    0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
+    0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
+    0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
+    0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
+    0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
+    0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
+    0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
+    0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
+    0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
+    0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
+    0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
+    0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
+    0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
+    0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
+    0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
+    0x00777777, 0x00939393, 0x00868686, 0x00838383,
+    0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
+    0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
+};
+
+static const PRUint32 camellia_sp3033[256] = {
+    0x38003838, 0x41004141, 0x16001616, 0x76007676,
+    0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
+    0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
+    0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
+    0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
+    0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
+    0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
+    0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
+    0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
+    0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
+    0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
+    0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
+    0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
+    0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
+    0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
+    0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
+    0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
+    0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
+    0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
+    0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
+    0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
+    0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
+    0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
+    0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
+    0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
+    0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
+    0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
+    0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
+    0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
+    0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
+    0x12001212, 0x04000404, 0x74007474, 0x54005454,
+    0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
+    0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
+    0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
+    0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
+    0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
+    0x08000808, 0x62006262, 0x00000000, 0x24002424,
+    0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
+    0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
+    0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
+    0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
+    0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
+    0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
+    0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
+    0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
+    0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
+    0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
+    0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
+    0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
+    0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
+    0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
+    0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
+    0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
+    0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
+    0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
+    0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
+    0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
+    0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
+    0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
+    0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
+    0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
+    0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
+    0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
+    0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
+};
+
+static const PRUint32 camellia_sp4404[256] = {
+    0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
+    0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
+    0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
+    0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
+    0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
+    0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
+    0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
+    0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
+    0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
+    0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
+    0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
+    0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
+    0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
+    0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
+    0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
+    0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
+    0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
+    0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
+    0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
+    0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
+    0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
+    0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
+    0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
+    0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
+    0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
+    0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
+    0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
+    0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
+    0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
+    0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
+    0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
+    0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
+    0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
+    0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
+    0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
+    0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
+    0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
+    0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
+    0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
+    0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
+    0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
+    0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
+    0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
+    0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
+    0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
+    0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
+    0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
+    0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
+    0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
+    0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
+    0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
+    0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
+    0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
+    0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
+    0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
+    0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
+    0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
+    0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
+    0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
+    0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
+    0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
+    0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
+    0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
+    0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
+};
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void
+camellia_setup128(const unsigned char *key, PRUint32 *subkey)
+{
+    PRUint32 kll, klr, krl, krr;
+    PRUint32 il, ir, t0, t1, w0, w1;
+    PRUint32 kw4l, kw4r, dw, tl, tr;
+    PRUint32 subL[26];
+    PRUint32 subR[26];
+#if defined(CAMELLIA_NEED_TMP_VARIABLE)
+    PRUint32 tmp;
+#endif
+
+    /**
+     *  k == kll || klr || krl || krr (|| is concatination)
+     */
+    kll = GETU32(key);
+    klr = GETU32(key + 4);
+    krl = GETU32(key + 8);
+    krr = GETU32(key + 12);
+    /**
+     * generate KL dependent subkeys
+     */
+    subl(0) = kll;
+    subr(0) = klr;
+    subl(1) = krl;
+    subr(1) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(4) = kll;
+    subr(4) = klr;
+    subl(5) = krl;
+    subr(5) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(10) = kll;
+    subr(10) = klr;
+    subl(11) = krl;
+    subr(11) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(13) = krl;
+    subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(16) = kll;
+    subr(16) = klr;
+    subl(17) = krl;
+    subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(18) = kll;
+    subr(18) = klr;
+    subl(19) = krl;
+    subr(19) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll;
+    subr(22) = klr;
+    subl(23) = krl;
+    subr(23) = krr;
+
+    /* generate KA */
+    kll = subl(0);
+    klr = subr(0);
+    krl = subl(1);
+    krr = subr(1);
+    CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+               w0, w1, il, ir, t0, t1);
+    krl ^= w0;
+    krr ^= w1;
+    CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+               kll, klr, il, ir, t0, t1);
+    CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+               krl, krr, il, ir, t0, t1);
+    krl ^= w0;
+    krr ^= w1;
+    CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+               w0, w1, il, ir, t0, t1);
+    kll ^= w0;
+    klr ^= w1;
+
+    /* generate KA dependent subkeys */
+    subl(2) = kll;
+    subr(2) = klr;
+    subl(3) = krl;
+    subr(3) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll;
+    subr(6) = klr;
+    subl(7) = krl;
+    subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(8) = kll;
+    subr(8) = klr;
+    subl(9) = krl;
+    subr(9) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(12) = kll;
+    subr(12) = klr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(14) = kll;
+    subr(14) = klr;
+    subl(15) = krl;
+    subr(15) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(20) = kll;
+    subr(20) = klr;
+    subl(21) = krl;
+    subr(21) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(24) = kll;
+    subr(24) = klr;
+    subl(25) = krl;
+    subr(25) = krr;
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1);
+    subr(3) ^= subr(1);
+    subl(5) ^= subl(1);
+    subr(5) ^= subr(1);
+    subl(7) ^= subl(1);
+    subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1);
+    subr(11) ^= subr(1);
+    subl(13) ^= subl(1);
+    subr(13) ^= subr(1);
+    subl(15) ^= subl(1);
+    subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1);
+    subr(19) ^= subr(1);
+    subl(21) ^= subl(1);
+    subr(21) ^= subr(1);
+    subl(23) ^= subl(1);
+    subr(23) ^= subr(1);
+    subl(24) ^= subl(1);
+    subr(24) ^= subr(1);
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(25);
+    kw4r = subr(25);
+    subl(22) ^= kw4l;
+    subr(22) ^= kw4r;
+    subl(20) ^= kw4l;
+    subr(20) ^= kw4r;
+    subl(18) ^= kw4l;
+    subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l;
+    subr(14) ^= kw4r;
+    subl(12) ^= kw4l;
+    subr(12) ^= kw4r;
+    subl(10) ^= kw4l;
+    subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l;
+    subr(6) ^= kw4r;
+    subl(4) ^= kw4l;
+    subr(4) ^= kw4r;
+    subl(2) ^= kw4l;
+    subr(2) ^= kw4r;
+    subl(0) ^= kw4l;
+    subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+    CamelliaSubkeyL(2) = subl(3);
+    CamelliaSubkeyR(2) = subr(3);
+    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(7) = subl(6) ^ tl;
+    CamelliaSubkeyR(7) = subr(6) ^ tr;
+    CamelliaSubkeyL(8) = subl(8);
+    CamelliaSubkeyR(8) = subr(8);
+    CamelliaSubkeyL(9) = subl(9);
+    CamelliaSubkeyR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(10) = tl ^ subl(11);
+    CamelliaSubkeyR(10) = tr ^ subr(11);
+    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(15) = subl(14) ^ tl;
+    CamelliaSubkeyR(15) = subr(14) ^ tr;
+    CamelliaSubkeyL(16) = subl(16);
+    CamelliaSubkeyR(16) = subr(16);
+    CamelliaSubkeyL(17) = subl(17);
+    CamelliaSubkeyR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(18) = tl ^ subl(19);
+    CamelliaSubkeyR(18) = tr ^ subr(19);
+    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+    CamelliaSubkeyL(23) = subl(22);
+    CamelliaSubkeyR(23) = subr(22);
+    CamelliaSubkeyL(24) = subl(24) ^ subl(23);
+    CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+    /* apply the inverse of the last half of P-function */
+    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+
+    return;
+}
+
+void
+camellia_setup256(const unsigned char *key, PRUint32 *subkey)
+{
+    PRUint32 kll, klr, krl, krr;     /* left half of key */
+    PRUint32 krll, krlr, krrl, krrr; /* right half of key */
+    PRUint32 il, ir, t0, t1, w0, w1; /* temporary variables */
+    PRUint32 kw4l, kw4r, dw, tl, tr;
+    PRUint32 subL[34];
+    PRUint32 subR[34];
+#if defined(CAMELLIA_NEED_TMP_VARIABLE)
+    PRUint32 tmp;
+#endif
+
+    /**
+     *  key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+     *  (|| is concatination)
+     */
+
+    kll = GETU32(key);
+    klr = GETU32(key + 4);
+    krl = GETU32(key + 8);
+    krr = GETU32(key + 12);
+    krll = GETU32(key + 16);
+    krlr = GETU32(key + 20);
+    krrl = GETU32(key + 24);
+    krrr = GETU32(key + 28);
+
+    /* generate KL dependent subkeys */
+    subl(0) = kll;
+    subr(0) = klr;
+    subl(1) = krl;
+    subr(1) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+    subl(12) = kll;
+    subr(12) = klr;
+    subl(13) = krl;
+    subr(13) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(16) = kll;
+    subr(16) = klr;
+    subl(17) = krl;
+    subr(17) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+    subl(22) = kll;
+    subr(22) = klr;
+    subl(23) = krl;
+    subr(23) = krr;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+    subl(30) = kll;
+    subr(30) = klr;
+    subl(31) = krl;
+    subr(31) = krr;
+
+    /* generate KR dependent subkeys */
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(4) = krll;
+    subr(4) = krlr;
+    subl(5) = krrl;
+    subr(5) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+    subl(8) = krll;
+    subr(8) = krlr;
+    subl(9) = krrl;
+    subr(9) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(18) = krll;
+    subr(18) = krlr;
+    subl(19) = krrl;
+    subr(19) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+    subl(26) = krll;
+    subr(26) = krlr;
+    subl(27) = krrl;
+    subr(27) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+    /* generate KA */
+    kll = subl(0) ^ krll;
+    klr = subr(0) ^ krlr;
+    krl = subl(1) ^ krrl;
+    krr = subr(1) ^ krrr;
+    CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+               w0, w1, il, ir, t0, t1);
+    krl ^= w0;
+    krr ^= w1;
+    CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+               kll, klr, il, ir, t0, t1);
+    kll ^= krll;
+    klr ^= krlr;
+    CAMELLIA_F(kll, klr,
+               CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+               krl, krr, il, ir, t0, t1);
+    krl ^= w0 ^ krrl;
+    krr ^= w1 ^ krrr;
+    CAMELLIA_F(krl, krr,
+               CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+               w0, w1, il, ir, t0, t1);
+    kll ^= w0;
+    klr ^= w1;
+
+    /* generate KB */
+    krll ^= kll;
+    krlr ^= klr;
+    krrl ^= krl;
+    krrr ^= krr;
+    CAMELLIA_F(krll, krlr,
+               CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+               w0, w1, il, ir, t0, t1);
+    krrl ^= w0;
+    krrr ^= w1;
+    CAMELLIA_F(krrl, krrr,
+               CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+               w0, w1, il, ir, t0, t1);
+    krll ^= w0;
+    krlr ^= w1;
+
+    /* generate KA dependent subkeys */
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+    subl(6) = kll;
+    subr(6) = klr;
+    subl(7) = krl;
+    subr(7) = krr;
+    CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+    subl(14) = kll;
+    subr(14) = klr;
+    subl(15) = krl;
+    subr(15) = krr;
+    subl(24) = klr;
+    subr(24) = krl;
+    subl(25) = krr;
+    subr(25) = kll;
+    CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+    subl(28) = kll;
+    subr(28) = klr;
+    subl(29) = krl;
+    subr(29) = krr;
+
+    /* generate KB dependent subkeys */
+    subl(2) = krll;
+    subr(2) = krlr;
+    subl(3) = krrl;
+    subr(3) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(10) = krll;
+    subr(10) = krlr;
+    subl(11) = krrl;
+    subr(11) = krrr;
+    CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+    subl(20) = krll;
+    subr(20) = krlr;
+    subl(21) = krrl;
+    subr(21) = krrr;
+    CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+    subl(32) = krll;
+    subr(32) = krlr;
+    subl(33) = krrl;
+    subr(33) = krrr;
+
+    /* absorb kw2 to other subkeys */
+    subl(3) ^= subl(1);
+    subr(3) ^= subr(1);
+    subl(5) ^= subl(1);
+    subr(5) ^= subr(1);
+    subl(7) ^= subl(1);
+    subr(7) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(9);
+    dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(11) ^= subl(1);
+    subr(11) ^= subr(1);
+    subl(13) ^= subl(1);
+    subr(13) ^= subr(1);
+    subl(15) ^= subl(1);
+    subr(15) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(17);
+    dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(19) ^= subl(1);
+    subr(19) ^= subr(1);
+    subl(21) ^= subl(1);
+    subr(21) ^= subr(1);
+    subl(23) ^= subl(1);
+    subr(23) ^= subr(1);
+    subl(1) ^= subr(1) & ~subr(25);
+    dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
+    subl(27) ^= subl(1);
+    subr(27) ^= subr(1);
+    subl(29) ^= subl(1);
+    subr(29) ^= subr(1);
+    subl(31) ^= subl(1);
+    subr(31) ^= subr(1);
+    subl(32) ^= subl(1);
+    subr(32) ^= subr(1);
+
+    /* absorb kw4 to other subkeys */
+    kw4l = subl(33);
+    kw4r = subr(33);
+    subl(30) ^= kw4l;
+    subr(30) ^= kw4r;
+    subl(28) ^= kw4l;
+    subr(28) ^= kw4r;
+    subl(26) ^= kw4l;
+    subr(26) ^= kw4r;
+    kw4l ^= kw4r & ~subr(24);
+    dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
+    subl(22) ^= kw4l;
+    subr(22) ^= kw4r;
+    subl(20) ^= kw4l;
+    subr(20) ^= kw4r;
+    subl(18) ^= kw4l;
+    subr(18) ^= kw4r;
+    kw4l ^= kw4r & ~subr(16);
+    dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+    subl(14) ^= kw4l;
+    subr(14) ^= kw4r;
+    subl(12) ^= kw4l;
+    subr(12) ^= kw4r;
+    subl(10) ^= kw4l;
+    subr(10) ^= kw4r;
+    kw4l ^= kw4r & ~subr(8);
+    dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+    subl(6) ^= kw4l;
+    subr(6) ^= kw4r;
+    subl(4) ^= kw4l;
+    subr(4) ^= kw4r;
+    subl(2) ^= kw4l;
+    subr(2) ^= kw4r;
+    subl(0) ^= kw4l;
+    subr(0) ^= kw4r;
+
+    /* key XOR is end of F-function */
+    CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+    CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+    CamelliaSubkeyL(2) = subl(3);
+    CamelliaSubkeyR(2) = subr(3);
+    CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+    CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+    CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+    CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+    CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+    CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+    CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+    CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+    tl = subl(10) ^ (subr(10) & ~subr(8));
+    dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(7) = subl(6) ^ tl;
+    CamelliaSubkeyR(7) = subr(6) ^ tr;
+    CamelliaSubkeyL(8) = subl(8);
+    CamelliaSubkeyR(8) = subr(8);
+    CamelliaSubkeyL(9) = subl(9);
+    CamelliaSubkeyR(9) = subr(9);
+    tl = subl(7) ^ (subr(7) & ~subr(9));
+    dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(10) = tl ^ subl(11);
+    CamelliaSubkeyR(10) = tr ^ subr(11);
+    CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+    CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+    CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+    CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+    CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+    CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+    CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+    CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+    tl = subl(18) ^ (subr(18) & ~subr(16));
+    dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(15) = subl(14) ^ tl;
+    CamelliaSubkeyR(15) = subr(14) ^ tr;
+    CamelliaSubkeyL(16) = subl(16);
+    CamelliaSubkeyR(16) = subr(16);
+    CamelliaSubkeyL(17) = subl(17);
+    CamelliaSubkeyR(17) = subr(17);
+    tl = subl(15) ^ (subr(15) & ~subr(17));
+    dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(18) = tl ^ subl(19);
+    CamelliaSubkeyR(18) = tr ^ subr(19);
+    CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+    CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+    CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+    CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+    CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+    CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+    CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+    CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+    tl = subl(26) ^ (subr(26) & ~subr(24));
+    dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(23) = subl(22) ^ tl;
+    CamelliaSubkeyR(23) = subr(22) ^ tr;
+    CamelliaSubkeyL(24) = subl(24);
+    CamelliaSubkeyR(24) = subr(24);
+    CamelliaSubkeyL(25) = subl(25);
+    CamelliaSubkeyR(25) = subr(25);
+    tl = subl(23) ^ (subr(23) & ~subr(25));
+    dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
+    CamelliaSubkeyL(26) = tl ^ subl(27);
+    CamelliaSubkeyR(26) = tr ^ subr(27);
+    CamelliaSubkeyL(27) = subl(26) ^ subl(28);
+    CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+    CamelliaSubkeyL(28) = subl(27) ^ subl(29);
+    CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+    CamelliaSubkeyL(29) = subl(28) ^ subl(30);
+    CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+    CamelliaSubkeyL(30) = subl(29) ^ subl(31);
+    CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+    CamelliaSubkeyL(31) = subl(30);
+    CamelliaSubkeyR(31) = subr(30);
+    CamelliaSubkeyL(32) = subl(32) ^ subl(31);
+    CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+    /* apply the inverse of the last half of P-function */
+    dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+    dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+    dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+    dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+    dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+    dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+    dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+    dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+    dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+    dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+    dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+    dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+    dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+    dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+    dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+    dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+    dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+    dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+    dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
+    dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
+    dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
+    dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
+    dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
+    dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
+    CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, CamelliaSubkeyL(31) = dw;
+
+    return;
+}
+
+void
+camellia_setup192(const unsigned char *key, PRUint32 *subkey)
+{
+    unsigned char kk[32];
+    PRUint32 krll, krlr, krrl, krrr;
+
+    memcpy(kk, key, 24);
+    memcpy((unsigned char *)&krll, key + 16, 4);
+    memcpy((unsigned char *)&krlr, key + 20, 4);
+    krrl = ~krll;
+    krrr = ~krlr;
+    memcpy(kk + 24, (unsigned char *)&krrl, 4);
+    memcpy(kk + 28, (unsigned char *)&krrr, 4);
+    camellia_setup256(kk, subkey);
+    return;
+}
+
+/**
+ * Stuff related to camellia encryption/decryption
+ *
+ */
+SECStatus NO_SANITIZE_ALIGNMENT
+camellia_encrypt128(const PRUint32 *subkey,
+                    unsigned char *output,
+                    const unsigned char *input)
+{
+    PRUint32 il, ir, t0, t1;
+    PRUint32 io[4];
+#if defined(CAMELLIA_NEED_TMP_VARIABLE)
+    PRUint32 tmp;
+#endif
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input + 4);
+    io[2] = GETU32(input + 8);
+    io[3] = GETU32(input + 12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(0);
+    io[1] ^= CamelliaSubkeyR(0);
+    /* main iteration */
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+                 CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+                 CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+                     io[0], io[1], il, ir, t0, t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(24);
+    io[3] ^= CamelliaSubkeyR(24);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output + 4, io[1]);
+    PUTU32(output + 8, io[2]);
+    PUTU32(output + 12, io[3]);
+
+    return SECSuccess;
+}
+
+SECStatus NO_SANITIZE_ALIGNMENT
+camellia_decrypt128(const PRUint32 *subkey,
+                    unsigned char *output,
+                    const unsigned char *input)
+{
+    PRUint32 il, ir, t0, t1; /* temporary valiables */
+    PRUint32 io[4];
+#if defined(CAMELLIA_NEED_TMP_VARIABLE)
+    PRUint32 tmp;
+#endif
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input + 4);
+    io[2] = GETU32(input + 8);
+    io[3] = GETU32(input + 12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(24);
+    io[1] ^= CamelliaSubkeyR(24);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+                 CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+                 CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+                     io[0], io[1], il, ir, t0, t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(0);
+    io[3] ^= CamelliaSubkeyR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output + 4, io[1]);
+    PUTU32(output + 8, io[2]);
+    PUTU32(output + 12, io[3]);
+
+    return SECSuccess;
+}
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+SECStatus NO_SANITIZE_ALIGNMENT
+camellia_encrypt256(const PRUint32 *subkey,
+                    unsigned char *output,
+                    const unsigned char *input)
+{
+    PRUint32 il, ir, t0, t1; /* temporary valiables */
+    PRUint32 io[4];
+#if defined(CAMELLIA_NEED_TMP_VARIABLE)
+    PRUint32 tmp;
+#endif
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input + 4);
+    io[2] = GETU32(input + 8);
+    io[3] = GETU32(input + 12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(0);
+    io[1] ^= CamelliaSubkeyR(0);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+                 CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+                 CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(24), CamelliaSubkeyR(24),
+                 CamelliaSubkeyL(25), CamelliaSubkeyR(25),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(26), CamelliaSubkeyR(26),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(27), CamelliaSubkeyR(27),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(28), CamelliaSubkeyR(28),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(29), CamelliaSubkeyR(29),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(30), CamelliaSubkeyR(30),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(31), CamelliaSubkeyR(31),
+                     io[0], io[1], il, ir, t0, t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(32);
+    io[3] ^= CamelliaSubkeyR(32);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output + 4, io[1]);
+    PUTU32(output + 8, io[2]);
+    PUTU32(output + 12, io[3]);
+
+    return SECSuccess;
+}
+
+SECStatus NO_SANITIZE_ALIGNMENT
+camellia_decrypt256(const PRUint32 *subkey,
+                    unsigned char *output,
+                    const unsigned char *input)
+{
+    PRUint32 il, ir, t0, t1; /* temporary valiables */
+    PRUint32 io[4];
+#if defined(CAMELLIA_NEED_TMP_VARIABLE)
+    PRUint32 tmp;
+#endif
+
+    io[0] = GETU32(input);
+    io[1] = GETU32(input + 4);
+    io[2] = GETU32(input + 8);
+    io[3] = GETU32(input + 12);
+
+    /* pre whitening but absorb kw2*/
+    io[0] ^= CamelliaSubkeyL(32);
+    io[1] ^= CamelliaSubkeyR(32);
+
+    /* main iteration */
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(31), CamelliaSubkeyR(31),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(30), CamelliaSubkeyR(30),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(29), CamelliaSubkeyR(29),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(28), CamelliaSubkeyR(28),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(27), CamelliaSubkeyR(27),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(26), CamelliaSubkeyR(26),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(25), CamelliaSubkeyR(25),
+                 CamelliaSubkeyL(24), CamelliaSubkeyR(24),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+                 CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+                     io[0], io[1], il, ir, t0, t1);
+
+    CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+                 CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+                 CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+                 t0, t1, il, ir);
+
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+                     io[0], io[1], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[0], io[1],
+                     CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+                     io[2], io[3], il, ir, t0, t1);
+    CAMELLIA_ROUNDSM(io[2], io[3],
+                     CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+                     io[0], io[1], il, ir, t0, t1);
+
+    /* post whitening but kw4 */
+    io[2] ^= CamelliaSubkeyL(0);
+    io[3] ^= CamelliaSubkeyR(0);
+
+    t0 = io[0];
+    t1 = io[1];
+    io[0] = io[2];
+    io[1] = io[3];
+    io[2] = t0;
+    io[3] = t1;
+
+    PUTU32(output, io[0]);
+    PUTU32(output + 4, io[1]);
+    PUTU32(output + 8, io[2]);
+    PUTU32(output + 12, io[3]);
+
+    return SECSuccess;
+}
+
+/**************************************************************************
+ *
+ * Stuff related to the Camellia key schedule
+ *
+ *************************************************************************/
+
+SECStatus
+camellia_key_expansion(CamelliaContext *cx,
+                       const unsigned char *key,
+                       const unsigned int keysize)
+{
+    cx->keysize = keysize;
+
+    switch (keysize) {
+        case 16:
+            camellia_setup128(key, cx->expandedKey);
+            break;
+        case 24:
+            camellia_setup192(key, cx->expandedKey);
+            break;
+        case 32:
+            camellia_setup256(key, cx->expandedKey);
+            break;
+        default:
+            break;
+    }
+    return SECSuccess;
+}
+
+/**************************************************************************
+ *
+ *  Camellia modes of operation (ECB and CBC)
+ *
+ *************************************************************************/
+
+SECStatus
+camellia_encryptECB(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    CamelliaBlockFunc *encryptor;
+
+    encryptor = (cx->keysize == 16)
+                    ? &camellia_encrypt128
+                    : &camellia_encrypt256;
+
+    while (inputLen > 0) {
+        (*encryptor)(cx->expandedKey, output, input);
+
+        output += CAMELLIA_BLOCK_SIZE;
+        input += CAMELLIA_BLOCK_SIZE;
+        inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+camellia_encryptCBC(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    unsigned int j;
+    unsigned char *lastblock;
+    unsigned char inblock[CAMELLIA_BLOCK_SIZE];
+    CamelliaBlockFunc *encryptor;
+
+    if (!inputLen)
+        return SECSuccess;
+    lastblock = cx->iv;
+
+    encryptor = (cx->keysize == 16)
+                    ? &camellia_encrypt128
+                    : &camellia_encrypt256;
+
+    while (inputLen > 0) {
+        /* XOR with the last block (IV if first block) */
+        for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j)
+            inblock[j] = input[j] ^ lastblock[j];
+        /* encrypt */
+        (*encryptor)(cx->expandedKey, output, inblock);
+
+        /* move to the next block */
+        lastblock = output;
+        output += CAMELLIA_BLOCK_SIZE;
+        input += CAMELLIA_BLOCK_SIZE;
+        inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    memcpy(cx->iv, lastblock, CAMELLIA_BLOCK_SIZE);
+    return SECSuccess;
+}
+
+SECStatus
+camellia_decryptECB(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    CamelliaBlockFunc *decryptor;
+
+    decryptor = (cx->keysize == 16)
+                    ? &camellia_decrypt128
+                    : &camellia_decrypt256;
+
+    while (inputLen > 0) {
+
+        (*decryptor)(cx->expandedKey, output, input);
+
+        output += CAMELLIA_BLOCK_SIZE;
+        input += CAMELLIA_BLOCK_SIZE;
+        inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+camellia_decryptCBC(CamelliaContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    const unsigned char *in;
+    unsigned char *out;
+    unsigned int j;
+    unsigned char newIV[CAMELLIA_BLOCK_SIZE];
+    CamelliaBlockFunc *decryptor;
+
+    if (!inputLen)
+        return SECSuccess;
+
+    PORT_Assert(output - input >= 0 || input - output >= (int)inputLen);
+
+    in = input + (inputLen - CAMELLIA_BLOCK_SIZE);
+    memcpy(newIV, in, CAMELLIA_BLOCK_SIZE);
+    out = output + (inputLen - CAMELLIA_BLOCK_SIZE);
+
+    decryptor = (cx->keysize == 16)
+                    ? &camellia_decrypt128
+                    : &camellia_decrypt256;
+
+    while (inputLen > CAMELLIA_BLOCK_SIZE) {
+        (*decryptor)(cx->expandedKey, out, in);
+
+        for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j)
+            out[j] ^= in[(int)(j - CAMELLIA_BLOCK_SIZE)];
+
+        out -= CAMELLIA_BLOCK_SIZE;
+        in -= CAMELLIA_BLOCK_SIZE;
+        inputLen -= CAMELLIA_BLOCK_SIZE;
+    }
+    if (in == input) {
+        (*decryptor)(cx->expandedKey, out, in);
+
+        for (j = 0; j < CAMELLIA_BLOCK_SIZE; ++j)
+            out[j] ^= cx->iv[j];
+    }
+    memcpy(cx->iv, newIV, CAMELLIA_BLOCK_SIZE);
+    return SECSuccess;
+}
+
+/**************************************************************************
+ *
+ * BLAPI Interface functions
+ *
+ *************************************************************************/
+
+CamelliaContext *
+Camellia_AllocateContext(void)
+{
+    return PORT_ZNew(CamelliaContext);
+}
+
+SECStatus
+Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
+                     unsigned int keysize,
+                     const unsigned char *iv, int mode, unsigned int encrypt,
+                     unsigned int unused)
+{
+    if (key == NULL ||
+        (keysize != 16 && keysize != 24 && keysize != 32)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (mode == NSS_CAMELLIA_CBC) {
+        memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
+        cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
+    } else {
+        cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
+    }
+
+    /* Generate expanded key */
+    if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
+        goto cleanup;
+
+    return SECSuccess;
+cleanup:
+    return SECFailure;
+}
+
+/*
+ * Camellia_CreateContext
+ * create a new context for Camellia operations
+ */
+
+CamelliaContext *
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
+                       int mode, int encrypt,
+                       unsigned int keysize)
+{
+    CamelliaContext *cx;
+
+    if (key == NULL ||
+        (keysize != 16 && keysize != 24 && keysize != 32)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    if (mode != NSS_CAMELLIA && mode != NSS_CAMELLIA_CBC) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    if (mode == NSS_CAMELLIA_CBC && iv == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    cx = PORT_ZNew(CamelliaContext);
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    /* copy in the iv, if neccessary */
+    if (mode == NSS_CAMELLIA_CBC) {
+        memcpy(cx->iv, iv, CAMELLIA_BLOCK_SIZE);
+        cx->worker = (encrypt) ? &camellia_encryptCBC : &camellia_decryptCBC;
+    } else {
+        cx->worker = (encrypt) ? &camellia_encryptECB : &camellia_decryptECB;
+    }
+    /* copy keysize */
+    cx->keysize = keysize;
+
+    /* Generate expanded key */
+    if (camellia_key_expansion(cx, key, keysize) != SECSuccess)
+        goto cleanup;
+
+    return cx;
+cleanup:
+    PORT_ZFree(cx, sizeof *cx);
+    return NULL;
+}
+
+/*
+ * Camellia_DestroyContext
+ *
+ * Zero an Camellia cipher context.  If freeit is true, also free the pointer
+ * to the context.
+ */
+void
+Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
+{
+    if (cx)
+        memset(cx, 0, sizeof *cx);
+    if (freeit)
+        PORT_Free(cx);
+}
+
+/*
+ * Camellia_Encrypt
+ *
+ * Encrypt an arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus
+Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen)
+{
+
+    /* Check args */
+    if (cx == NULL || output == NULL || input == NULL ||
+        outputLen == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    *outputLen = inputLen;
+
+    return (*cx->worker)(cx, output, outputLen, maxOutputLen,
+                         input, inputLen);
+}
+
+/*
+ * Camellia_Decrypt
+ *
+ * Decrypt and arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus
+Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen)
+{
+
+    /* Check args */
+    if (cx == NULL || output == NULL || input == NULL || outputLen == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (inputLen % CAMELLIA_BLOCK_SIZE != 0) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    *outputLen = inputLen;
+
+    return (*cx->worker)(cx, output, outputLen, maxOutputLen,
+                         input, inputLen);
+}
diff --git a/nss/lib/freebl/camellia.h b/nss/lib/freebl/camellia.h
new file mode 100644
index 0000000..15114db
--- /dev/null
+++ b/nss/lib/freebl/camellia.h
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CAMELLIA_H_
+#define _CAMELLIA_H_ 1
+
+#define CAMELLIA_BLOCK_SIZE 16  /* bytes */
+#define CAMELLIA_MIN_KEYSIZE 16 /* bytes */
+#define CAMELLIA_MAX_KEYSIZE 32 /* bytes */
+
+#define CAMELLIA_MAX_EXPANDEDKEY (34 * 2) /* 32bit unit */
+
+typedef PRUint32 KEY_TABLE_TYPE[CAMELLIA_MAX_EXPANDEDKEY];
+
+typedef SECStatus CamelliaFunc(CamelliaContext *cx, unsigned char *output,
+                               unsigned int *outputLen,
+                               unsigned int maxOutputLen,
+                               const unsigned char *input,
+                               unsigned int inputLen);
+
+typedef SECStatus CamelliaBlockFunc(const PRUint32 *subkey,
+                                    unsigned char *output,
+                                    const unsigned char *input);
+
+/* CamelliaContextStr
+ *
+ * Values which maintain the state for Camellia encryption/decryption.
+ *
+ * keysize     - the number of key bits
+ * worker      - the encryption/decryption function to use with this context
+ * iv          - initialization vector for CBC mode
+ * expandedKey - the round keys in 4-byte words
+ */
+struct CamelliaContextStr {
+    PRUint32 keysize; /* bytes */
+    CamelliaFunc *worker;
+    PRUint32 expandedKey[CAMELLIA_MAX_EXPANDEDKEY];
+    PRUint8 iv[CAMELLIA_BLOCK_SIZE];
+};
+
+#endif /* _CAMELLIA_H_ */
diff --git a/nss/lib/freebl/chacha20.c b/nss/lib/freebl/chacha20.c
new file mode 100644
index 0000000..f55d1e6
--- /dev/null
+++ b/nss/lib/freebl/chacha20.c
@@ -0,0 +1,119 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Adopted from the public domain code in NaCl by djb. */
+
+#include <string.h>
+#include <stdio.h>
+
+#include "prtypes.h"
+#include "secport.h"
+#include "chacha20.h"
+
+#if defined(_MSC_VER)
+#pragma intrinsic(_lrotl)
+#define ROTL32(x, n) _lrotl(x, n)
+#else
+#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n)))
+#endif
+
+#define ROTATE(v, c) ROTL32((v), (c))
+
+#define U32TO8_LITTLE(p, v)          \
+    {                                \
+        (p)[0] = ((v)) & 0xff;       \
+        (p)[1] = ((v) >> 8) & 0xff;  \
+        (p)[2] = ((v) >> 16) & 0xff; \
+        (p)[3] = ((v) >> 24) & 0xff; \
+    }
+#define U8TO32_LITTLE(p)                                \
+    (((PRUint32)((p)[0])) | ((PRUint32)((p)[1]) << 8) | \
+     ((PRUint32)((p)[2]) << 16) | ((PRUint32)((p)[3]) << 24))
+
+#define QUARTERROUND(x, a, b, c, d) \
+    x[a] = x[a] + x[b];             \
+    x[d] = ROTATE(x[d] ^ x[a], 16); \
+    x[c] = x[c] + x[d];             \
+    x[b] = ROTATE(x[b] ^ x[c], 12); \
+    x[a] = x[a] + x[b];             \
+    x[d] = ROTATE(x[d] ^ x[a], 8);  \
+    x[c] = x[c] + x[d];             \
+    x[b] = ROTATE(x[b] ^ x[c], 7);
+
+static void
+ChaChaCore(unsigned char output[64], const PRUint32 input[16], int num_rounds)
+{
+    PRUint32 x[16];
+    int i;
+
+    PORT_Memcpy(x, input, sizeof(PRUint32) * 16);
+    for (i = num_rounds; i > 0; i -= 2) {
+        QUARTERROUND(x, 0, 4, 8, 12)
+        QUARTERROUND(x, 1, 5, 9, 13)
+        QUARTERROUND(x, 2, 6, 10, 14)
+        QUARTERROUND(x, 3, 7, 11, 15)
+        QUARTERROUND(x, 0, 5, 10, 15)
+        QUARTERROUND(x, 1, 6, 11, 12)
+        QUARTERROUND(x, 2, 7, 8, 13)
+        QUARTERROUND(x, 3, 4, 9, 14)
+    }
+
+    for (i = 0; i < 16; ++i) {
+        x[i] = x[i] + input[i];
+    }
+    for (i = 0; i < 16; ++i) {
+        U32TO8_LITTLE(output + 4 * i, x[i]);
+    }
+}
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+void
+ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inLen,
+            const unsigned char key[32], const unsigned char nonce[12],
+            uint32_t counter)
+{
+    unsigned char block[64];
+    PRUint32 input[16];
+    unsigned int i;
+
+    input[4] = U8TO32_LITTLE(key + 0);
+    input[5] = U8TO32_LITTLE(key + 4);
+    input[6] = U8TO32_LITTLE(key + 8);
+    input[7] = U8TO32_LITTLE(key + 12);
+
+    input[8] = U8TO32_LITTLE(key + 16);
+    input[9] = U8TO32_LITTLE(key + 20);
+    input[10] = U8TO32_LITTLE(key + 24);
+    input[11] = U8TO32_LITTLE(key + 28);
+
+    input[0] = U8TO32_LITTLE(sigma + 0);
+    input[1] = U8TO32_LITTLE(sigma + 4);
+    input[2] = U8TO32_LITTLE(sigma + 8);
+    input[3] = U8TO32_LITTLE(sigma + 12);
+
+    input[12] = counter;
+    input[13] = U8TO32_LITTLE(nonce + 0);
+    input[14] = U8TO32_LITTLE(nonce + 4);
+    input[15] = U8TO32_LITTLE(nonce + 8);
+
+    while (inLen >= 64) {
+        ChaChaCore(block, input, 20);
+        for (i = 0; i < 64; i++) {
+            out[i] = in[i] ^ block[i];
+        }
+
+        input[12]++;
+        inLen -= 64;
+        in += 64;
+        out += 64;
+    }
+
+    if (inLen > 0) {
+        ChaChaCore(block, input, 20);
+        for (i = 0; i < inLen; i++) {
+            out[i] = in[i] ^ block[i];
+        }
+    }
+}
diff --git a/nss/lib/freebl/chacha20.h b/nss/lib/freebl/chacha20.h
new file mode 100644
index 0000000..7e396fa
--- /dev/null
+++ b/nss/lib/freebl/chacha20.h
@@ -0,0 +1,26 @@
+/*
+ * chacha20.h - header file for ChaCha20 implementation.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef FREEBL_CHACHA20_H_
+#define FREEBL_CHACHA20_H_
+
+#if defined(_MSC_VER) && _MSC_VER < 1600
+#include "prtypes.h"
+typedef PRUint32 uint32_t;
+typedef PRUint64 uint64_t;
+#else
+#include <stdint.h>
+#endif
+
+/* ChaCha20XOR encrypts |inLen| bytes from |in| with the given key and
+ * nonce and writes the result to |out|, which may be equal to |in|. The
+ * initial block counter is specified by |counter|. */
+extern void ChaCha20XOR(unsigned char *out, const unsigned char *in,
+                        unsigned int inLen, const unsigned char key[32],
+                        const unsigned char nonce[12], uint32_t counter);
+
+#endif /* FREEBL_CHACHA20_H_ */
diff --git a/nss/lib/freebl/chacha20_vec.c b/nss/lib/freebl/chacha20_vec.c
new file mode 100644
index 0000000..12f94d8
--- /dev/null
+++ b/nss/lib/freebl/chacha20_vec.c
@@ -0,0 +1,327 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This implementation is by Ted Krovetz and was submitted to SUPERCOP and
+ * marked as public domain. It was been altered to allow for non-aligned inputs
+ * and to allow the block counter to be passed in specifically. */
+
+#include <string.h>
+
+#include "chacha20.h"
+#include "blapii.h"
+
+#ifndef CHACHA_RNDS
+#define CHACHA_RNDS 20 /* 8 (high speed), 20 (conservative), 12 (middle) */
+#endif
+
+/* Architecture-neutral way to specify 16-byte vector of ints              */
+typedef unsigned vec __attribute__((vector_size(16)));
+
+/* This implementation is designed for Neon, SSE and AltiVec machines. The
+ * following specify how to do certain vector operations efficiently on
+ * each architecture, using intrinsics.
+ * This implementation supports parallel processing of multiple blocks,
+ * including potentially using general-purpose registers.
+ */
+#if __ARM_NEON__
+#include <arm_neon.h>
+#define GPR_TOO 1
+#define VBPI 2
+#define ONE (vec) vsetq_lane_u32(1, vdupq_n_u32(0), 0)
+#define LOAD(m) (vec)(*((vec *)(m)))
+#define STORE(m, r) (*((vec *)(m))) = (r)
+#define ROTV1(x) (vec) vextq_u32((uint32x4_t)x, (uint32x4_t)x, 1)
+#define ROTV2(x) (vec) vextq_u32((uint32x4_t)x, (uint32x4_t)x, 2)
+#define ROTV3(x) (vec) vextq_u32((uint32x4_t)x, (uint32x4_t)x, 3)
+#define ROTW16(x) (vec) vrev32q_u16((uint16x8_t)x)
+#if __clang__
+#define ROTW7(x) (x << ((vec){ 7, 7, 7, 7 })) ^ (x >> ((vec){ 25, 25, 25, 25 }))
+#define ROTW8(x) (x << ((vec){ 8, 8, 8, 8 })) ^ (x >> ((vec){ 24, 24, 24, 24 }))
+#define ROTW12(x) (x << ((vec){ 12, 12, 12, 12 })) ^ (x >> ((vec){ 20, 20, 20, 20 }))
+#else
+#define ROTW7(x) (vec) vsriq_n_u32(vshlq_n_u32((uint32x4_t)x, 7), (uint32x4_t)x, 25)
+#define ROTW8(x) (vec) vsriq_n_u32(vshlq_n_u32((uint32x4_t)x, 8), (uint32x4_t)x, 24)
+#define ROTW12(x) (vec) vsriq_n_u32(vshlq_n_u32((uint32x4_t)x, 12), (uint32x4_t)x, 20)
+#endif
+#elif __SSE2__
+#include <emmintrin.h>
+#define GPR_TOO 0
+#if __clang__
+#define VBPI 4
+#else
+#define VBPI 3
+#endif
+#define ONE (vec) _mm_set_epi32(0, 0, 0, 1)
+#define LOAD(m) (vec) _mm_loadu_si128((__m128i *)(m))
+#define STORE(m, r) _mm_storeu_si128((__m128i *)(m), (__m128i)(r))
+#define ROTV1(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(0, 3, 2, 1))
+#define ROTV2(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(1, 0, 3, 2))
+#define ROTV3(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(2, 1, 0, 3))
+#define ROTW7(x) (vec)(_mm_slli_epi32((__m128i)x, 7) ^ _mm_srli_epi32((__m128i)x, 25))
+#define ROTW12(x) (vec)(_mm_slli_epi32((__m128i)x, 12) ^ _mm_srli_epi32((__m128i)x, 20))
+#if __SSSE3__
+#include <tmmintrin.h>
+#define ROTW8(x) (vec) _mm_shuffle_epi8((__m128i)x, _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3))
+#define ROTW16(x) (vec) _mm_shuffle_epi8((__m128i)x, _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2))
+#else
+#define ROTW8(x) (vec)(_mm_slli_epi32((__m128i)x, 8) ^ _mm_srli_epi32((__m128i)x, 24))
+#define ROTW16(x) (vec)(_mm_slli_epi32((__m128i)x, 16) ^ _mm_srli_epi32((__m128i)x, 16))
+#endif
+#else
+#error-- Implementation supports only machines with neon or SSE2
+#endif
+
+#ifndef REVV_BE
+#define REVV_BE(x) (x)
+#endif
+
+#ifndef REVW_BE
+#define REVW_BE(x) (x)
+#endif
+
+#define BPI (VBPI + GPR_TOO) /* Blocks computed per loop iteration   */
+
+#define DQROUND_VECTORS(a, b, c, d) \
+    a += b;                         \
+    d ^= a;                         \
+    d = ROTW16(d);                  \
+    c += d;                         \
+    b ^= c;                         \
+    b = ROTW12(b);                  \
+    a += b;                         \
+    d ^= a;                         \
+    d = ROTW8(d);                   \
+    c += d;                         \
+    b ^= c;                         \
+    b = ROTW7(b);                   \
+    b = ROTV1(b);                   \
+    c = ROTV2(c);                   \
+    d = ROTV3(d);                   \
+    a += b;                         \
+    d ^= a;                         \
+    d = ROTW16(d);                  \
+    c += d;                         \
+    b ^= c;                         \
+    b = ROTW12(b);                  \
+    a += b;                         \
+    d ^= a;                         \
+    d = ROTW8(d);                   \
+    c += d;                         \
+    b ^= c;                         \
+    b = ROTW7(b);                   \
+    b = ROTV3(b);                   \
+    c = ROTV2(c);                   \
+    d = ROTV1(d);
+
+#define QROUND_WORDS(a, b, c, d) \
+    a = a + b;                   \
+    d ^= a;                      \
+    d = d << 16 | d >> 16;       \
+    c = c + d;                   \
+    b ^= c;                      \
+    b = b << 12 | b >> 20;       \
+    a = a + b;                   \
+    d ^= a;                      \
+    d = d << 8 | d >> 24;        \
+    c = c + d;                   \
+    b ^= c;                      \
+    b = b << 7 | b >> 25;
+
+#define WRITE_XOR(in, op, d, v0, v1, v2, v3)           \
+    STORE(op + d + 0, LOAD(in + d + 0) ^ REVV_BE(v0)); \
+    STORE(op + d + 4, LOAD(in + d + 4) ^ REVV_BE(v1)); \
+    STORE(op + d + 8, LOAD(in + d + 8) ^ REVV_BE(v2)); \
+    STORE(op + d + 12, LOAD(in + d + 12) ^ REVV_BE(v3));
+
+void NO_SANITIZE_ALIGNMENT
+ChaCha20XOR(unsigned char *out, const unsigned char *in, unsigned int inlen,
+            const unsigned char key[32], const unsigned char nonce[12],
+            uint32_t counter)
+{
+    unsigned iters, i, *op = (unsigned *)out, *ip = (unsigned *)in, *kp;
+#if defined(__ARM_NEON__)
+    unsigned *np;
+#endif
+    vec s0, s1, s2, s3;
+#if !defined(__ARM_NEON__) && !defined(__SSE2__)
+    __attribute__((aligned(16))) unsigned key[8], nonce[4];
+#endif
+    __attribute__((aligned(16))) unsigned chacha_const[] =
+        { 0x61707865, 0x3320646E, 0x79622D32, 0x6B206574 };
+#if defined(__ARM_NEON__) || defined(__SSE2__)
+    kp = (unsigned *)key;
+#else
+    ((vec *)key)[0] = REVV_BE(((vec *)key)[0]);
+    ((vec *)key)[1] = REVV_BE(((vec *)key)[1]);
+    ((unsigned *)nonce)[0] = REVW_BE(((unsigned *)nonce)[0]);
+    ((unsigned *)nonce)[1] = REVW_BE(((unsigned *)nonce)[1]);
+    ((unsigned *)nonce)[2] = REVW_BE(((unsigned *)nonce)[2]);
+    ((unsigned *)nonce)[3] = REVW_BE(((unsigned *)nonce)[3]);
+    kp = (unsigned *)key;
+    np = (unsigned *)nonce;
+#endif
+#if defined(__ARM_NEON__)
+    np = (unsigned *)nonce;
+#endif
+    s0 = LOAD(chacha_const);
+    s1 = LOAD(&((vec *)kp)[0]);
+    s2 = LOAD(&((vec *)kp)[1]);
+    s3 = (vec){
+        counter,
+        ((uint32_t *)nonce)[0],
+        ((uint32_t *)nonce)[1],
+        ((uint32_t *)nonce)[2]
+    };
+
+    for (iters = 0; iters < inlen / (BPI * 64); iters++) {
+#if GPR_TOO
+        register unsigned x0, x1, x2, x3, x4, x5, x6, x7, x8,
+            x9, x10, x11, x12, x13, x14, x15;
+#endif
+#if VBPI > 2
+        vec v8, v9, v10, v11;
+#endif
+#if VBPI > 3
+        vec v12, v13, v14, v15;
+#endif
+
+        vec v0, v1, v2, v3, v4, v5, v6, v7;
+        v4 = v0 = s0;
+        v5 = v1 = s1;
+        v6 = v2 = s2;
+        v3 = s3;
+        v7 = v3 + ONE;
+#if VBPI > 2
+        v8 = v4;
+        v9 = v5;
+        v10 = v6;
+        v11 = v7 + ONE;
+#endif
+#if VBPI > 3
+        v12 = v8;
+        v13 = v9;
+        v14 = v10;
+        v15 = v11 + ONE;
+#endif
+#if GPR_TOO
+        x0 = chacha_const[0];
+        x1 = chacha_const[1];
+        x2 = chacha_const[2];
+        x3 = chacha_const[3];
+        x4 = kp[0];
+        x5 = kp[1];
+        x6 = kp[2];
+        x7 = kp[3];
+        x8 = kp[4];
+        x9 = kp[5];
+        x10 = kp[6];
+        x11 = kp[7];
+        x12 = counter + BPI * iters + (BPI - 1);
+        x13 = np[0];
+        x14 = np[1];
+        x15 = np[2];
+#endif
+        for (i = CHACHA_RNDS / 2; i; i--) {
+            DQROUND_VECTORS(v0, v1, v2, v3)
+            DQROUND_VECTORS(v4, v5, v6, v7)
+#if VBPI > 2
+            DQROUND_VECTORS(v8, v9, v10, v11)
+#endif
+#if VBPI > 3
+            DQROUND_VECTORS(v12, v13, v14, v15)
+#endif
+#if GPR_TOO
+            QROUND_WORDS(x0, x4, x8, x12)
+            QROUND_WORDS(x1, x5, x9, x13)
+            QROUND_WORDS(x2, x6, x10, x14)
+            QROUND_WORDS(x3, x7, x11, x15)
+            QROUND_WORDS(x0, x5, x10, x15)
+            QROUND_WORDS(x1, x6, x11, x12)
+            QROUND_WORDS(x2, x7, x8, x13)
+            QROUND_WORDS(x3, x4, x9, x14)
+#endif
+        }
+
+        WRITE_XOR(ip, op, 0, v0 + s0, v1 + s1, v2 + s2, v3 + s3)
+        s3 += ONE;
+        WRITE_XOR(ip, op, 16, v4 + s0, v5 + s1, v6 + s2, v7 + s3)
+        s3 += ONE;
+#if VBPI > 2
+        WRITE_XOR(ip, op, 32, v8 + s0, v9 + s1, v10 + s2, v11 + s3)
+        s3 += ONE;
+#endif
+#if VBPI > 3
+        WRITE_XOR(ip, op, 48, v12 + s0, v13 + s1, v14 + s2, v15 + s3)
+        s3 += ONE;
+#endif
+        ip += VBPI * 16;
+        op += VBPI * 16;
+#if GPR_TOO
+        op[0] = REVW_BE(REVW_BE(ip[0]) ^ (x0 + chacha_const[0]));
+        op[1] = REVW_BE(REVW_BE(ip[1]) ^ (x1 + chacha_const[1]));
+        op[2] = REVW_BE(REVW_BE(ip[2]) ^ (x2 + chacha_const[2]));
+        op[3] = REVW_BE(REVW_BE(ip[3]) ^ (x3 + chacha_const[3]));
+        op[4] = REVW_BE(REVW_BE(ip[4]) ^ (x4 + kp[0]));
+        op[5] = REVW_BE(REVW_BE(ip[5]) ^ (x5 + kp[1]));
+        op[6] = REVW_BE(REVW_BE(ip[6]) ^ (x6 + kp[2]));
+        op[7] = REVW_BE(REVW_BE(ip[7]) ^ (x7 + kp[3]));
+        op[8] = REVW_BE(REVW_BE(ip[8]) ^ (x8 + kp[4]));
+        op[9] = REVW_BE(REVW_BE(ip[9]) ^ (x9 + kp[5]));
+        op[10] = REVW_BE(REVW_BE(ip[10]) ^ (x10 + kp[6]));
+        op[11] = REVW_BE(REVW_BE(ip[11]) ^ (x11 + kp[7]));
+        op[12] = REVW_BE(REVW_BE(ip[12]) ^ (x12 + counter + BPI * iters + (BPI - 1)));
+        op[13] = REVW_BE(REVW_BE(ip[13]) ^ (x13 + np[0]));
+        op[14] = REVW_BE(REVW_BE(ip[14]) ^ (x14 + np[1]));
+        op[15] = REVW_BE(REVW_BE(ip[15]) ^ (x15 + np[2]));
+        s3 += ONE;
+        ip += 16;
+        op += 16;
+#endif
+    }
+
+    for (iters = inlen % (BPI * 64) / 64; iters != 0; iters--) {
+        vec v0 = s0, v1 = s1, v2 = s2, v3 = s3;
+        for (i = CHACHA_RNDS / 2; i; i--) {
+            DQROUND_VECTORS(v0, v1, v2, v3);
+        }
+        WRITE_XOR(ip, op, 0, v0 + s0, v1 + s1, v2 + s2, v3 + s3)
+        s3 += ONE;
+        ip += 16;
+        op += 16;
+    }
+
+    inlen = inlen % 64;
+    if (inlen) {
+        __attribute__((aligned(16))) vec buf[4];
+        vec v0, v1, v2, v3;
+        v0 = s0;
+        v1 = s1;
+        v2 = s2;
+        v3 = s3;
+        for (i = CHACHA_RNDS / 2; i; i--) {
+            DQROUND_VECTORS(v0, v1, v2, v3);
+        }
+
+        if (inlen >= 16) {
+            STORE(op + 0, LOAD(ip + 0) ^ REVV_BE(v0 + s0));
+            if (inlen >= 32) {
+                STORE(op + 4, LOAD(ip + 4) ^ REVV_BE(v1 + s1));
+                if (inlen >= 48) {
+                    STORE(op + 8, LOAD(ip + 8) ^ REVV_BE(v2 + s2));
+                    buf[3] = REVV_BE(v3 + s3);
+                } else {
+                    buf[2] = REVV_BE(v2 + s2);
+                }
+            } else {
+                buf[1] = REVV_BE(v1 + s1);
+            }
+        } else {
+            buf[0] = REVV_BE(v0 + s0);
+        }
+
+        for (i = inlen & ~15; i < inlen; i++) {
+            ((char *)op)[i] = ((char *)ip)[i] ^ ((char *)buf)[i];
+        }
+    }
+}
diff --git a/nss/lib/freebl/chacha20poly1305.c b/nss/lib/freebl/chacha20poly1305.c
new file mode 100644
index 0000000..cd265e1
--- /dev/null
+++ b/nss/lib/freebl/chacha20poly1305.c
@@ -0,0 +1,198 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include <string.h>
+#include <stdio.h>
+
+#include "seccomon.h"
+#include "secerr.h"
+#include "blapit.h"
+
+#ifndef NSS_DISABLE_CHACHAPOLY
+#include "poly1305.h"
+#include "chacha20.h"
+#include "chacha20poly1305.h"
+#endif
+
+/* Poly1305Do writes the Poly1305 authenticator of the given additional data
+ * and ciphertext to |out|. */
+#ifndef NSS_DISABLE_CHACHAPOLY
+static void
+Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen,
+           const unsigned char *ciphertext, unsigned int ciphertextLen,
+           const unsigned char key[32])
+{
+    poly1305_state state;
+    unsigned int j;
+    unsigned char lengthBytes[8];
+    static const unsigned char zeros[15];
+    unsigned int i;
+
+    Poly1305Init(&state, key);
+    Poly1305Update(&state, ad, adLen);
+    if (adLen % 16 > 0) {
+        Poly1305Update(&state, zeros, 16 - adLen % 16);
+    }
+    Poly1305Update(&state, ciphertext, ciphertextLen);
+    if (ciphertextLen % 16 > 0) {
+        Poly1305Update(&state, zeros, 16 - ciphertextLen % 16);
+    }
+    j = adLen;
+    for (i = 0; i < sizeof(lengthBytes); i++) {
+        lengthBytes[i] = j;
+        j >>= 8;
+    }
+    Poly1305Update(&state, lengthBytes, sizeof(lengthBytes));
+    j = ciphertextLen;
+    for (i = 0; i < sizeof(lengthBytes); i++) {
+        lengthBytes[i] = j;
+        j >>= 8;
+    }
+    Poly1305Update(&state, lengthBytes, sizeof(lengthBytes));
+    Poly1305Finish(&state, out);
+}
+#endif
+
+SECStatus
+ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
+                             const unsigned char *key, unsigned int keyLen,
+                             unsigned int tagLen)
+{
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return SECFailure;
+#else
+    if (keyLen != 32) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+    if (tagLen == 0 || tagLen > 16) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    PORT_Memcpy(ctx->key, key, sizeof(ctx->key));
+    ctx->tagLen = tagLen;
+
+    return SECSuccess;
+#endif
+}
+
+ChaCha20Poly1305Context *
+ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen,
+                               unsigned int tagLen)
+{
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return NULL;
+#else
+    ChaCha20Poly1305Context *ctx;
+
+    ctx = PORT_New(ChaCha20Poly1305Context);
+    if (ctx == NULL) {
+        return NULL;
+    }
+
+    if (ChaCha20Poly1305_InitContext(ctx, key, keyLen, tagLen) != SECSuccess) {
+        PORT_Free(ctx);
+        ctx = NULL;
+    }
+
+    return ctx;
+#endif
+}
+
+void
+ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit)
+{
+#ifndef NSS_DISABLE_CHACHAPOLY
+    PORT_Memset(ctx, 0, sizeof(*ctx));
+    if (freeit) {
+        PORT_Free(ctx);
+    }
+#endif
+}
+
+SECStatus
+ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx, unsigned char *output,
+                      unsigned int *outputLen, unsigned int maxOutputLen,
+                      const unsigned char *input, unsigned int inputLen,
+                      const unsigned char *nonce, unsigned int nonceLen,
+                      const unsigned char *ad, unsigned int adLen)
+{
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return SECFailure;
+#else
+    unsigned char block[64];
+    unsigned char tag[16];
+
+    if (nonceLen != 12) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    *outputLen = inputLen + ctx->tagLen;
+    if (maxOutputLen < *outputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    PORT_Memset(block, 0, sizeof(block));
+    // Generate a block of keystream. The first 32 bytes will be the poly1305
+    // key. The remainder of the block is discarded.
+    ChaCha20XOR(block, block, sizeof(block), ctx->key, nonce, 0);
+    ChaCha20XOR(output, input, inputLen, ctx->key, nonce, 1);
+
+    Poly1305Do(tag, ad, adLen, output, inputLen, block);
+    PORT_Memcpy(output + inputLen, tag, ctx->tagLen);
+
+    return SECSuccess;
+#endif
+}
+
+SECStatus
+ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output,
+                      unsigned int *outputLen, unsigned int maxOutputLen,
+                      const unsigned char *input, unsigned int inputLen,
+                      const unsigned char *nonce, unsigned int nonceLen,
+                      const unsigned char *ad, unsigned int adLen)
+{
+#ifdef NSS_DISABLE_CHACHAPOLY
+    return SECFailure;
+#else
+    unsigned char block[64];
+    unsigned char tag[16];
+    unsigned int ciphertextLen;
+
+    if (nonceLen != 12) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    if (inputLen < ctx->tagLen) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    ciphertextLen = inputLen - ctx->tagLen;
+    *outputLen = ciphertextLen;
+    if (maxOutputLen < *outputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    PORT_Memset(block, 0, sizeof(block));
+    // Generate a block of keystream. The first 32 bytes will be the poly1305
+    // key. The remainder of the block is discarded.
+    ChaCha20XOR(block, block, sizeof(block), ctx->key, nonce, 0);
+    Poly1305Do(tag, ad, adLen, input, ciphertextLen, block);
+    if (NSS_SecureMemcmp(tag, &input[ciphertextLen], ctx->tagLen) != 0) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+
+    ChaCha20XOR(output, input, ciphertextLen, ctx->key, nonce, 1);
+
+    return SECSuccess;
+#endif
+}
diff --git a/nss/lib/freebl/chacha20poly1305.h b/nss/lib/freebl/chacha20poly1305.h
new file mode 100644
index 0000000..c77632a
--- /dev/null
+++ b/nss/lib/freebl/chacha20poly1305.h
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CHACHA20_POLY1305_H_
+#define _CHACHA20_POLY1305_H_ 1
+
+/* ChaCha20Poly1305ContextStr saves the key and tag length for a
+ * ChaCha20+Poly1305 AEAD operation. */
+struct ChaCha20Poly1305ContextStr {
+    unsigned char key[32];
+    unsigned char tagLen;
+};
+
+#endif /* _CHACHA20_POLY1305_H_ */
diff --git a/nss/lib/freebl/config.mk b/nss/lib/freebl/config.mk
new file mode 100644
index 0000000..918a663
--- /dev/null
+++ b/nss/lib/freebl/config.mk
@@ -0,0 +1,97 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# only do this in the outermost freebl build.
+ifndef FREEBL_CHILD_BUILD
+
+# We're going to change this build so that it builds libfreebl.a with
+# just loader.c.  Then we have to build this directory twice again to 
+# build the two DSOs.
+# To build libfreebl.a with just loader.c, we must now override many
+# of the make variables setup by the prior inclusion of CORECONF's config.mk
+
+CSRCS		= loader.c 
+SIMPLE_OBJS 	= $(CSRCS:.c=$(OBJ_SUFFIX))
+OBJS 		= $(addprefix $(OBJDIR)/$(PROG_PREFIX), $(SIMPLE_OBJS))
+ALL_TRASH :=    $(TARGETS) $(OBJS) $(OBJDIR) LOGS TAGS $(GARBAGE) \
+                $(NOSUCHFILE) so_locations 
+
+# this is not a recursive child make.  We make a static lib. (archive)
+
+# Override the values defined in coreconf's ruleset.mk.
+#
+# - (1) LIBRARY: a static (archival) library
+# - (2) SHARED_LIBRARY: a shared (dynamic link) library
+# - (3) IMPORT_LIBRARY: an import library, used only on Windows
+# - (4) PROGRAM: an executable binary
+#
+# override these variables to prevent building a DSO/DLL.
+  TARGETS        = $(LIBRARY)
+  SHARED_LIBRARY =
+  IMPORT_LIBRARY =
+  PROGRAM        =
+
+else
+
+# This is a recursive child make. We build the shared lib.
+
+TARGETS      = $(SHARED_LIBRARY)
+LIBRARY      =
+IMPORT_LIBRARY =
+PROGRAM      =
+
+ifeq ($(OS_TARGET), SunOS)
+OS_LIBS += -lkstat
+endif
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+
+RES     = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = freebl.rc
+
+ifdef NS_USE_GCC
+OS_LIBS += -ladvapi32
+else
+OS_LIBS += advapi32.lib
+endif
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lnspr4 \
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(DIST)/lib/nssutil3.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+ifeq ($(FREEBL_NO_DEPEND),1)
+#drop pthreads as well
+OS_PTHREAD=
+else
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lnspr4 \
+	$(NULL)
+endif
+endif
+
+ifeq ($(OS_ARCH), Darwin)
+EXTRA_SHARED_LIBS += -dylib_file @executable_path/libplc4.dylib:$(DIST)/lib/libplc4.dylib -dylib_file @executable_path/libplds4.dylib:$(DIST)/lib/libplds4.dylib
+endif
+
+endif
diff --git a/nss/lib/freebl/ctr.c b/nss/lib/freebl/ctr.c
new file mode 100644
index 0000000..d5715a5
--- /dev/null
+++ b/nss/lib/freebl/ctr.c
@@ -0,0 +1,246 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+#include "prtypes.h"
+#include "blapit.h"
+#include "blapii.h"
+#include "ctr.h"
+#include "pkcs11t.h"
+#include "secerr.h"
+
+#ifdef USE_HW_AES
+#include "intel-aes.h"
+#include "rijndael.h"
+#endif
+
+SECStatus
+CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher,
+                const unsigned char *param, unsigned int blocksize)
+{
+    const CK_AES_CTR_PARAMS *ctrParams = (const CK_AES_CTR_PARAMS *)param;
+
+    if (ctrParams->ulCounterBits == 0 ||
+        ctrParams->ulCounterBits > blocksize * PR_BITS_PER_BYTE) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* Invariant: 0 < ctr->bufPtr <= blocksize */
+    ctr->checkWrap = PR_FALSE;
+    ctr->bufPtr = blocksize; /* no unused data in the buffer */
+    ctr->cipher = cipher;
+    ctr->context = context;
+    ctr->counterBits = ctrParams->ulCounterBits;
+    if (blocksize > sizeof(ctr->counter) ||
+        blocksize > sizeof(ctrParams->cb)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    PORT_Memcpy(ctr->counter, ctrParams->cb, blocksize);
+    if (ctr->counterBits < 64) {
+        PORT_Memcpy(ctr->counterFirst, ctr->counter, blocksize);
+        ctr->checkWrap = PR_TRUE;
+    }
+    return SECSuccess;
+}
+
+CTRContext *
+CTR_CreateContext(void *context, freeblCipherFunc cipher,
+                  const unsigned char *param, unsigned int blocksize)
+{
+    CTRContext *ctr;
+    SECStatus rv;
+
+    /* first fill in the Counter context */
+    ctr = PORT_ZNew(CTRContext);
+    if (ctr == NULL) {
+        return NULL;
+    }
+    rv = CTR_InitContext(ctr, context, cipher, param, blocksize);
+    if (rv != SECSuccess) {
+        CTR_DestroyContext(ctr, PR_TRUE);
+        ctr = NULL;
+    }
+    return ctr;
+}
+
+void
+CTR_DestroyContext(CTRContext *ctr, PRBool freeit)
+{
+    PORT_Memset(ctr, 0, sizeof(CTRContext));
+    if (freeit) {
+        PORT_Free(ctr);
+    }
+}
+
+/*
+ * Used by counter mode. Increment the counter block. Not all bits in the
+ * counter block are part of the counter, counterBits tells how many bits
+ * are part of the counter. The counter block is blocksize long. It's a
+ * big endian value.
+ *
+ * XXX Does not handle counter rollover.
+ */
+static void
+ctr_GetNextCtr(unsigned char *counter, unsigned int counterBits,
+               unsigned int blocksize)
+{
+    unsigned char *counterPtr = counter + blocksize - 1;
+    unsigned char mask, count;
+
+    PORT_Assert(counterBits <= blocksize * PR_BITS_PER_BYTE);
+    while (counterBits >= PR_BITS_PER_BYTE) {
+        if (++(*(counterPtr--))) {
+            return;
+        }
+        counterBits -= PR_BITS_PER_BYTE;
+    }
+    if (counterBits == 0) {
+        return;
+    }
+    /* increment the final partial byte */
+    mask = (1 << counterBits) - 1;
+    count = ++(*counterPtr) & mask;
+    *counterPtr = ((*counterPtr) & ~mask) | count;
+    return;
+}
+
+static void
+ctr_xor(unsigned char *target, const unsigned char *x,
+        const unsigned char *y, unsigned int count)
+{
+    unsigned int i;
+    for (i = 0; i < count; i++) {
+        *target++ = *x++ ^ *y++;
+    }
+}
+
+SECStatus
+CTR_Update(CTRContext *ctr, unsigned char *outbuf,
+           unsigned int *outlen, unsigned int maxout,
+           const unsigned char *inbuf, unsigned int inlen,
+           unsigned int blocksize)
+{
+    unsigned int tmp;
+    SECStatus rv;
+
+    if (maxout < inlen) {
+        *outlen = inlen;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    *outlen = 0;
+    if (ctr->bufPtr != blocksize) {
+        unsigned int needed = PR_MIN(blocksize - ctr->bufPtr, inlen);
+        ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
+        ctr->bufPtr += needed;
+        outbuf += needed;
+        inbuf += needed;
+        *outlen += needed;
+        inlen -= needed;
+        if (inlen == 0) {
+            return SECSuccess;
+        }
+        PORT_Assert(ctr->bufPtr == blocksize);
+    }
+
+    while (inlen >= blocksize) {
+        rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
+                            ctr->counter, blocksize, blocksize);
+        ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
+        if (ctr->checkWrap) {
+            if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+        }
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+        ctr_xor(outbuf, inbuf, ctr->buffer, blocksize);
+        outbuf += blocksize;
+        inbuf += blocksize;
+        *outlen += blocksize;
+        inlen -= blocksize;
+    }
+    if (inlen == 0) {
+        return SECSuccess;
+    }
+    rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
+                        ctr->counter, blocksize, blocksize);
+    ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
+    if (ctr->checkWrap) {
+        if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+    }
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    ctr_xor(outbuf, inbuf, ctr->buffer, inlen);
+    ctr->bufPtr = inlen;
+    *outlen += inlen;
+    return SECSuccess;
+}
+
+#if defined(USE_HW_AES) && defined(_MSC_VER)
+SECStatus
+CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
+                  unsigned int *outlen, unsigned int maxout,
+                  const unsigned char *inbuf, unsigned int inlen,
+                  unsigned int blocksize)
+{
+    unsigned int fullblocks;
+    unsigned int tmp;
+    SECStatus rv;
+
+    if (maxout < inlen) {
+        *outlen = inlen;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    *outlen = 0;
+    if (ctr->bufPtr != blocksize) {
+        unsigned int needed = PR_MIN(blocksize - ctr->bufPtr, inlen);
+        ctr_xor(outbuf, inbuf, ctr->buffer + ctr->bufPtr, needed);
+        ctr->bufPtr += needed;
+        outbuf += needed;
+        inbuf += needed;
+        *outlen += needed;
+        inlen -= needed;
+        if (inlen == 0) {
+            return SECSuccess;
+        }
+        PORT_Assert(ctr->bufPtr == blocksize);
+    }
+
+    intel_aes_ctr_worker(((AESContext *)(ctr->context))->Nr)(
+        ctr, outbuf, outlen, maxout, inbuf, inlen, blocksize);
+    /* XXX intel_aes_ctr_worker should set *outlen. */
+    PORT_Assert(*outlen == 0);
+    fullblocks = (inlen / blocksize) * blocksize;
+    *outlen += fullblocks;
+    outbuf += fullblocks;
+    inbuf += fullblocks;
+    inlen -= fullblocks;
+
+    if (inlen == 0) {
+        return SECSuccess;
+    }
+    rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize,
+                        ctr->counter, blocksize, blocksize);
+    ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    ctr_xor(outbuf, inbuf, ctr->buffer, inlen);
+    ctr->bufPtr = inlen;
+    *outlen += inlen;
+    return SECSuccess;
+}
+#endif
diff --git a/nss/lib/freebl/ctr.h b/nss/lib/freebl/ctr.h
new file mode 100644
index 0000000..a97da14
--- /dev/null
+++ b/nss/lib/freebl/ctr.h
@@ -0,0 +1,53 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CTR_H
+#define CTR_H 1
+
+#include "blapii.h"
+
+/* This structure is defined in this header because both ctr.c and gcm.c
+ * need it. */
+struct CTRContextStr {
+    freeblCipherFunc cipher;
+    void *context;
+    unsigned char counter[MAX_BLOCK_SIZE];
+    unsigned char buffer[MAX_BLOCK_SIZE];
+    unsigned char counterFirst[MAX_BLOCK_SIZE]; /* counter overlfow value */
+    PRBool checkWrap;                           /*check for counter overflow*/
+    unsigned long counterBits;
+    unsigned int bufPtr;
+};
+
+typedef struct CTRContextStr CTRContext;
+
+SECStatus CTR_InitContext(CTRContext *ctr, void *context,
+                          freeblCipherFunc cipher, const unsigned char *param,
+                          unsigned int blocksize);
+
+/*
+ * The context argument is the inner cipher context to use with cipher. The
+ * CTRContext does not own context. context needs to remain valid for as long
+ * as the CTRContext is valid.
+ *
+ * The cipher argument is a block cipher in the ECB encrypt mode.
+ */
+CTRContext *CTR_CreateContext(void *context, freeblCipherFunc cipher,
+                              const unsigned char *param, unsigned int blocksize);
+
+void CTR_DestroyContext(CTRContext *ctr, PRBool freeit);
+
+SECStatus CTR_Update(CTRContext *ctr, unsigned char *outbuf,
+                     unsigned int *outlen, unsigned int maxout,
+                     const unsigned char *inbuf, unsigned int inlen,
+                     unsigned int blocksize);
+
+#ifdef USE_HW_AES
+SECStatus CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
+                            unsigned int *outlen, unsigned int maxout,
+                            const unsigned char *inbuf, unsigned int inlen,
+                            unsigned int blocksize);
+#endif
+
+#endif
diff --git a/nss/lib/freebl/cts.c b/nss/lib/freebl/cts.c
new file mode 100644
index 0000000..99ccebb
--- /dev/null
+++ b/nss/lib/freebl/cts.c
@@ -0,0 +1,307 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+#include "blapit.h"
+#include "blapii.h"
+#include "cts.h"
+#include "secerr.h"
+
+struct CTSContextStr {
+    freeblCipherFunc cipher;
+    void *context;
+    /* iv stores the last ciphertext block of the previous message.
+     * Only used by decrypt. */
+    unsigned char iv[MAX_BLOCK_SIZE];
+};
+
+CTSContext *
+CTS_CreateContext(void *context, freeblCipherFunc cipher,
+                  const unsigned char *iv, unsigned int blocksize)
+{
+    CTSContext *cts;
+
+    if (blocksize > MAX_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+    cts = PORT_ZNew(CTSContext);
+    if (cts == NULL) {
+        return NULL;
+    }
+    PORT_Memcpy(cts->iv, iv, blocksize);
+    cts->cipher = cipher;
+    cts->context = context;
+    return cts;
+}
+
+void
+CTS_DestroyContext(CTSContext *cts, PRBool freeit)
+{
+    if (freeit) {
+        PORT_Free(cts);
+    }
+}
+
+/*
+ * See addemdum to NIST SP 800-38A
+ * Generically handle cipher text stealing. Basically this is doing CBC
+ * operations except someone can pass us a partial block.
+ *
+ *  Output Order:
+ *  CS-1:  C1||C2||C3..Cn-1(could be partial)||Cn   (NIST)
+ *  CS-2: pad == 0 C1||C2||C3...Cn-1(is full)||Cn   (Schneier)
+ *  CS-2: pad != 0 C1||C2||C3...Cn||Cn-1(is partial)(Schneier)
+ *  CS-3: C1||C2||C3...Cn||Cn-1(could be partial)   (Kerberos)
+ *
+ * The characteristics of these three options:
+ *  - NIST & Schneier (CS-1 & CS-2) are identical to CBC if there are no
+ * partial blocks on input.
+ *  - Scheier and Kerberos (CS-2 and CS-3) have no embedded partial blocks,
+ * which make decoding easier.
+ *  - NIST & Kerberos (CS-1 and CS-3) have consistent block order independent
+ * of padding.
+ *
+ * PKCS #11 did not specify which version to implement, but points to the NIST
+ * spec, so this code implements CTS-CS-1 from NIST.
+ *
+ * To convert the returned buffer to:
+ *   CS-2 (Schneier): do
+ *       unsigned char tmp[MAX_BLOCK_SIZE];
+ *       pad = *outlen % blocksize;
+ *       if (pad) {
+ *          memcpy(tmp, outbuf+*outlen-blocksize, blocksize);
+ *          memcpy(outbuf+*outlen-pad,outbuf+*outlen-blocksize-pad, pad);
+ *      memcpy(outbuf+*outlen-blocksize-pad, tmp, blocksize);
+ *       }
+ *   CS-3 (Kerberos): do
+ *       unsigned char tmp[MAX_BLOCK_SIZE];
+ *       pad = *outlen % blocksize;
+ *       if (pad == 0) {
+ *           pad = blocksize;
+ *       }
+ *       memcpy(tmp, outbuf+*outlen-blocksize, blocksize);
+ *       memcpy(outbuf+*outlen-pad,outbuf+*outlen-blocksize-pad, pad);
+ *   memcpy(outbuf+*outlen-blocksize-pad, tmp, blocksize);
+ */
+SECStatus
+CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
+                  unsigned int *outlen, unsigned int maxout,
+                  const unsigned char *inbuf, unsigned int inlen,
+                  unsigned int blocksize)
+{
+    unsigned char lastBlock[MAX_BLOCK_SIZE];
+    unsigned int tmp;
+    int fullblocks;
+    int written;
+    unsigned char *saveout = outbuf;
+    SECStatus rv;
+
+    if (inlen < blocksize) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    if (maxout < inlen) {
+        *outlen = inlen;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    fullblocks = (inlen / blocksize) * blocksize;
+    rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
+                        fullblocks, blocksize);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
+    inbuf += fullblocks;
+    inlen -= fullblocks;
+    if (inlen == 0) {
+        return SECSuccess;
+    }
+    written = *outlen - (blocksize - inlen);
+    outbuf += written;
+    maxout -= written;
+
+    /*
+     * here's the CTS magic, we pad our final block with zeros,
+     * then do a CBC encrypt. CBC will xor our plain text with
+     * the previous block (Cn-1), capturing part of that block (Cn-1**) as it
+     * xors with the zero pad. We then write this full block, overwritting
+     * (Cn-1**) in our buffer. This allows us to have input data == output
+     * data since Cn contains enough information to reconver Cn-1** when
+     * we decrypt (at the cost of some complexity as you can see in decrypt
+     * below */
+    PORT_Memcpy(lastBlock, inbuf, inlen);
+    PORT_Memset(lastBlock + inlen, 0, blocksize - inlen);
+    rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock,
+                        blocksize, blocksize);
+    PORT_Memset(lastBlock, 0, blocksize);
+    if (rv == SECSuccess) {
+        *outlen = written + blocksize;
+    } else {
+        PORT_Memset(saveout, 0, written + blocksize);
+    }
+    return rv;
+}
+
+#define XOR_BLOCK(x, y, count)  \
+    for (i = 0; i < count; i++) \
+    x[i] = x[i] ^ y[i]
+
+/*
+ * See addemdum to NIST SP 800-38A
+ * Decrypt, Expect CS-1: input. See the comment on the encrypt side
+ * to understand what CS-2 and CS-3 mean.
+ *
+ * To convert the input buffer to CS-1 from ...
+ *   CS-2 (Schneier): do
+ *       unsigned char tmp[MAX_BLOCK_SIZE];
+ *       pad = inlen % blocksize;
+ *       if (pad) {
+ *          memcpy(tmp, inbuf+inlen-blocksize-pad, blocksize);
+ *          memcpy(inbuf+inlen-blocksize-pad,inbuf+inlen-pad, pad);
+ *      memcpy(inbuf+inlen-blocksize, tmp, blocksize);
+ *       }
+ *   CS-3 (Kerberos): do
+ *       unsigned char tmp[MAX_BLOCK_SIZE];
+ *       pad = inlen % blocksize;
+ *       if (pad == 0) {
+ *           pad = blocksize;
+ *       }
+ *       memcpy(tmp, inbuf+inlen-blocksize-pad, blocksize);
+ *       memcpy(inbuf+inlen-blocksize-pad,inbuf+inlen-pad, pad);
+ *   memcpy(inbuf+inlen-blocksize, tmp, blocksize);
+ */
+SECStatus
+CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
+                  unsigned int *outlen, unsigned int maxout,
+                  const unsigned char *inbuf, unsigned int inlen,
+                  unsigned int blocksize)
+{
+    unsigned char *Pn;
+    unsigned char Cn_2[MAX_BLOCK_SIZE]; /* block Cn-2 */
+    unsigned char Cn_1[MAX_BLOCK_SIZE]; /* block Cn-1 */
+    unsigned char Cn[MAX_BLOCK_SIZE];   /* block Cn   */
+    unsigned char lastBlock[MAX_BLOCK_SIZE];
+    const unsigned char *tmp;
+    unsigned char *saveout = outbuf;
+    unsigned int tmpLen;
+    unsigned int fullblocks, pad;
+    unsigned int i;
+    SECStatus rv;
+
+    if (inlen < blocksize) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    if (maxout < inlen) {
+        *outlen = inlen;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    fullblocks = (inlen / blocksize) * blocksize;
+
+    /* even though we expect the input to be CS-1, CS-2 is easier to parse,
+     * so convert to CS-2 immediately. NOTE: this is the same code as in
+     * the comment for encrypt. NOTE2: since we can't modify inbuf unless
+     * inbuf and outbuf overlap, just copy inbuf to outbuf and modify it there
+     */
+    pad = inlen - fullblocks;
+    if (pad != 0) {
+        if (inbuf != outbuf) {
+            memcpy(outbuf, inbuf, inlen);
+            /* keep the names so we logically know how we are using the
+         * buffers */
+            inbuf = outbuf;
+        }
+        memcpy(lastBlock, inbuf + inlen - blocksize, blocksize);
+        /* we know inbuf == outbuf now, inbuf is declared const and can't
+     * be the target, so use outbuf for the target here */
+        memcpy(outbuf + inlen - pad, inbuf + inlen - blocksize - pad, pad);
+        memcpy(outbuf + inlen - blocksize - pad, lastBlock, blocksize);
+    }
+    /* save the previous to last block so we can undo the misordered
+     * chaining */
+    tmp = (fullblocks < blocksize * 2) ? cts->iv : inbuf + fullblocks - blocksize * 2;
+    PORT_Memcpy(Cn_2, tmp, blocksize);
+    PORT_Memcpy(Cn, inbuf + fullblocks - blocksize, blocksize);
+    rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
+                        fullblocks, blocksize);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    *outlen = fullblocks; /* AES low level doesn't set outlen */
+    inbuf += fullblocks;
+    inlen -= fullblocks;
+    if (inlen == 0) {
+        return SECSuccess;
+    }
+    outbuf += fullblocks;
+
+    /* recover the stolen text */
+    PORT_Memset(lastBlock, 0, blocksize);
+    PORT_Memcpy(lastBlock, inbuf, inlen);
+    PORT_Memcpy(Cn_1, inbuf, inlen);
+    Pn = outbuf - blocksize;
+    /* inbuf points to Cn-1* in the input buffer */
+    /* NOTE: below there are 2 sections marked "make up for the out of order
+     * cbc decryption". You may ask, what is going on here.
+     *   Short answer: CBC automatically xors the plain text with the previous
+     * encrypted block. We are decrypting the last 2 blocks out of order, so
+     * we have to 'back out' the decrypt xor and 'add back' the encrypt xor.
+     *   Long answer: When we encrypted, we encrypted as follows:
+     *       Pn-2, Pn-1, (Pn || 0), but on decryption we can't
+     *  decrypt Cn-1 until we decrypt Cn because part of Cn-1 is stored in
+     *  Cn (see below).  So above we decrypted all the full blocks:
+     *       Cn-2, Cn,
+     *  to get:
+     *       Pn-2, Pn, Except that Pn is not yet corect. On encrypt, we
+     *  xor'd Pn || 0  with Cn-1, but on decrypt we xor'd it with Cn-2
+     *  To recover Pn, we xor the block with Cn-1* || 0 (in last block) and
+     *  Cn-2 to get Pn || Cn-1**. Pn can then be written to the output buffer
+     *  and we can now reunite Cn-1. With the full Cn-1 we can decrypt it,
+     *  but now decrypt is going to xor the decrypted data with Cn instead of
+     *  Cn-2. xoring Cn and Cn-2 restores the original Pn-1 and we can now
+     *  write that oout to the buffer */
+
+    /* make up for the out of order CBC decryption */
+    XOR_BLOCK(lastBlock, Cn_2, blocksize);
+    XOR_BLOCK(lastBlock, Pn, blocksize);
+    /* last buf now has Pn || Cn-1**, copy out Pn */
+    PORT_Memcpy(outbuf, lastBlock, inlen);
+    *outlen += inlen;
+    /* copy Cn-1* into last buf to recover Cn-1 */
+    PORT_Memcpy(lastBlock, Cn_1, inlen);
+    /* note: because Cn and Cn-1 were out of order, our pointer to Pn also
+     * points to where Pn-1 needs to reside. From here on out read Pn in
+     * the code as really Pn-1. */
+    rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock,
+                        blocksize, blocksize);
+    if (rv != SECSuccess) {
+        PORT_Memset(lastBlock, 0, blocksize);
+        PORT_Memset(saveout, 0, *outlen);
+        return SECFailure;
+    }
+    /* make up for the out of order CBC decryption */
+    XOR_BLOCK(Pn, Cn_2, blocksize);
+    XOR_BLOCK(Pn, Cn, blocksize);
+    /* reset iv to Cn  */
+    PORT_Memcpy(cts->iv, Cn, blocksize);
+    /* This makes Cn the last block for the next decrypt operation, which
+     * matches the encrypt. We don't care about the contexts of last block,
+     * only the side effect of setting the internal IV */
+    (void)(*cts->cipher)(cts->context, lastBlock, &tmpLen, blocksize, Cn,
+                         blocksize, blocksize);
+    /* clear last block. At this point last block contains Pn xor Cn_1 xor
+     * Cn_2, both of with an attacker would know, so we need to clear this
+     * buffer out */
+    PORT_Memset(lastBlock, 0, blocksize);
+    /* Cn, Cn_1, and Cn_2 have encrypted data, so no need to clear them */
+    return SECSuccess;
+}
diff --git a/nss/lib/freebl/cts.h b/nss/lib/freebl/cts.h
new file mode 100644
index 0000000..a3ec180
--- /dev/null
+++ b/nss/lib/freebl/cts.h
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CTS_H
+#define CTS_H 1
+
+#include "blapii.h"
+
+typedef struct CTSContextStr CTSContext;
+
+/*
+ * The context argument is the inner cipher context to use with cipher. The
+ * CTSContext does not own context. context needs to remain valid for as long
+ * as the CTSContext is valid.
+ *
+ * The cipher argument is a block cipher in the CBC mode.
+ */
+CTSContext *CTS_CreateContext(void *context, freeblCipherFunc cipher,
+                              const unsigned char *iv, unsigned int blocksize);
+
+void CTS_DestroyContext(CTSContext *cts, PRBool freeit);
+
+SECStatus CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf,
+                            unsigned int *outlen, unsigned int maxout,
+                            const unsigned char *inbuf, unsigned int inlen,
+                            unsigned int blocksize);
+SECStatus CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
+                            unsigned int *outlen, unsigned int maxout,
+                            const unsigned char *inbuf, unsigned int inlen,
+                            unsigned int blocksize);
+
+#endif
diff --git a/nss/lib/freebl/des.c b/nss/lib/freebl/des.c
new file mode 100644
index 0000000..fd433bb
--- /dev/null
+++ b/nss/lib/freebl/des.c
@@ -0,0 +1,676 @@
+/*
+ *  des.c
+ *
+ *  core source file for DES-150 library
+ *  Make key schedule from DES key.
+ *  Encrypt/Decrypt one 8-byte block.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "des.h"
+#include "blapii.h"
+#include <stddef.h> /* for ptrdiff_t */
+/* #define USE_INDEXING 1 */
+
+/*
+ * The tables below are the 8 sbox functions, with the 6-bit input permutation
+ * and the 32-bit output permutation pre-computed.
+ * They are shifted circularly to the left 3 bits, which removes 2 shifts
+ * and an or from each round by reducing the number of sboxes whose
+ * indices cross word broundaries from 2 to 1.
+ */
+
+static const HALF SP[8][64] = {
+    /* Box S1 */
+    { 0x04041000, 0x00000000, 0x00040000, 0x04041010,
+      0x04040010, 0x00041010, 0x00000010, 0x00040000,
+      0x00001000, 0x04041000, 0x04041010, 0x00001000,
+      0x04001010, 0x04040010, 0x04000000, 0x00000010,
+      0x00001010, 0x04001000, 0x04001000, 0x00041000,
+      0x00041000, 0x04040000, 0x04040000, 0x04001010,
+      0x00040010, 0x04000010, 0x04000010, 0x00040010,
+      0x00000000, 0x00001010, 0x00041010, 0x04000000,
+      0x00040000, 0x04041010, 0x00000010, 0x04040000,
+      0x04041000, 0x04000000, 0x04000000, 0x00001000,
+      0x04040010, 0x00040000, 0x00041000, 0x04000010,
+      0x00001000, 0x00000010, 0x04001010, 0x00041010,
+      0x04041010, 0x00040010, 0x04040000, 0x04001010,
+      0x04000010, 0x00001010, 0x00041010, 0x04041000,
+      0x00001010, 0x04001000, 0x04001000, 0x00000000,
+      0x00040010, 0x00041000, 0x00000000, 0x04040010 },
+    /* Box S2 */
+    { 0x00420082, 0x00020002, 0x00020000, 0x00420080,
+      0x00400000, 0x00000080, 0x00400082, 0x00020082,
+      0x00000082, 0x00420082, 0x00420002, 0x00000002,
+      0x00020002, 0x00400000, 0x00000080, 0x00400082,
+      0x00420000, 0x00400080, 0x00020082, 0x00000000,
+      0x00000002, 0x00020000, 0x00420080, 0x00400002,
+      0x00400080, 0x00000082, 0x00000000, 0x00420000,
+      0x00020080, 0x00420002, 0x00400002, 0x00020080,
+      0x00000000, 0x00420080, 0x00400082, 0x00400000,
+      0x00020082, 0x00400002, 0x00420002, 0x00020000,
+      0x00400002, 0x00020002, 0x00000080, 0x00420082,
+      0x00420080, 0x00000080, 0x00020000, 0x00000002,
+      0x00020080, 0x00420002, 0x00400000, 0x00000082,
+      0x00400080, 0x00020082, 0x00000082, 0x00400080,
+      0x00420000, 0x00000000, 0x00020002, 0x00020080,
+      0x00000002, 0x00400082, 0x00420082, 0x00420000 },
+    /* Box S3 */
+    { 0x00000820, 0x20080800, 0x00000000, 0x20080020,
+      0x20000800, 0x00000000, 0x00080820, 0x20000800,
+      0x00080020, 0x20000020, 0x20000020, 0x00080000,
+      0x20080820, 0x00080020, 0x20080000, 0x00000820,
+      0x20000000, 0x00000020, 0x20080800, 0x00000800,
+      0x00080800, 0x20080000, 0x20080020, 0x00080820,
+      0x20000820, 0x00080800, 0x00080000, 0x20000820,
+      0x00000020, 0x20080820, 0x00000800, 0x20000000,
+      0x20080800, 0x20000000, 0x00080020, 0x00000820,
+      0x00080000, 0x20080800, 0x20000800, 0x00000000,
+      0x00000800, 0x00080020, 0x20080820, 0x20000800,
+      0x20000020, 0x00000800, 0x00000000, 0x20080020,
+      0x20000820, 0x00080000, 0x20000000, 0x20080820,
+      0x00000020, 0x00080820, 0x00080800, 0x20000020,
+      0x20080000, 0x20000820, 0x00000820, 0x20080000,
+      0x00080820, 0x00000020, 0x20080020, 0x00080800 },
+    /* Box S4 */
+    { 0x02008004, 0x00008204, 0x00008204, 0x00000200,
+      0x02008200, 0x02000204, 0x02000004, 0x00008004,
+      0x00000000, 0x02008000, 0x02008000, 0x02008204,
+      0x00000204, 0x00000000, 0x02000200, 0x02000004,
+      0x00000004, 0x00008000, 0x02000000, 0x02008004,
+      0x00000200, 0x02000000, 0x00008004, 0x00008200,
+      0x02000204, 0x00000004, 0x00008200, 0x02000200,
+      0x00008000, 0x02008200, 0x02008204, 0x00000204,
+      0x02000200, 0x02000004, 0x02008000, 0x02008204,
+      0x00000204, 0x00000000, 0x00000000, 0x02008000,
+      0x00008200, 0x02000200, 0x02000204, 0x00000004,
+      0x02008004, 0x00008204, 0x00008204, 0x00000200,
+      0x02008204, 0x00000204, 0x00000004, 0x00008000,
+      0x02000004, 0x00008004, 0x02008200, 0x02000204,
+      0x00008004, 0x00008200, 0x02000000, 0x02008004,
+      0x00000200, 0x02000000, 0x00008000, 0x02008200 },
+    /* Box S5 */
+    { 0x00000400, 0x08200400, 0x08200000, 0x08000401,
+      0x00200000, 0x00000400, 0x00000001, 0x08200000,
+      0x00200401, 0x00200000, 0x08000400, 0x00200401,
+      0x08000401, 0x08200001, 0x00200400, 0x00000001,
+      0x08000000, 0x00200001, 0x00200001, 0x00000000,
+      0x00000401, 0x08200401, 0x08200401, 0x08000400,
+      0x08200001, 0x00000401, 0x00000000, 0x08000001,
+      0x08200400, 0x08000000, 0x08000001, 0x00200400,
+      0x00200000, 0x08000401, 0x00000400, 0x08000000,
+      0x00000001, 0x08200000, 0x08000401, 0x00200401,
+      0x08000400, 0x00000001, 0x08200001, 0x08200400,
+      0x00200401, 0x00000400, 0x08000000, 0x08200001,
+      0x08200401, 0x00200400, 0x08000001, 0x08200401,
+      0x08200000, 0x00000000, 0x00200001, 0x08000001,
+      0x00200400, 0x08000400, 0x00000401, 0x00200000,
+      0x00000000, 0x00200001, 0x08200400, 0x00000401 },
+    /* Box S6 */
+    { 0x80000040, 0x81000000, 0x00010000, 0x81010040,
+      0x81000000, 0x00000040, 0x81010040, 0x01000000,
+      0x80010000, 0x01010040, 0x01000000, 0x80000040,
+      0x01000040, 0x80010000, 0x80000000, 0x00010040,
+      0x00000000, 0x01000040, 0x80010040, 0x00010000,
+      0x01010000, 0x80010040, 0x00000040, 0x81000040,
+      0x81000040, 0x00000000, 0x01010040, 0x81010000,
+      0x00010040, 0x01010000, 0x81010000, 0x80000000,
+      0x80010000, 0x00000040, 0x81000040, 0x01010000,
+      0x81010040, 0x01000000, 0x00010040, 0x80000040,
+      0x01000000, 0x80010000, 0x80000000, 0x00010040,
+      0x80000040, 0x81010040, 0x01010000, 0x81000000,
+      0x01010040, 0x81010000, 0x00000000, 0x81000040,
+      0x00000040, 0x00010000, 0x81000000, 0x01010040,
+      0x00010000, 0x01000040, 0x80010040, 0x00000000,
+      0x81010000, 0x80000000, 0x01000040, 0x80010040 },
+    /* Box S7 */
+    { 0x00800000, 0x10800008, 0x10002008, 0x00000000,
+      0x00002000, 0x10002008, 0x00802008, 0x10802000,
+      0x10802008, 0x00800000, 0x00000000, 0x10000008,
+      0x00000008, 0x10000000, 0x10800008, 0x00002008,
+      0x10002000, 0x00802008, 0x00800008, 0x10002000,
+      0x10000008, 0x10800000, 0x10802000, 0x00800008,
+      0x10800000, 0x00002000, 0x00002008, 0x10802008,
+      0x00802000, 0x00000008, 0x10000000, 0x00802000,
+      0x10000000, 0x00802000, 0x00800000, 0x10002008,
+      0x10002008, 0x10800008, 0x10800008, 0x00000008,
+      0x00800008, 0x10000000, 0x10002000, 0x00800000,
+      0x10802000, 0x00002008, 0x00802008, 0x10802000,
+      0x00002008, 0x10000008, 0x10802008, 0x10800000,
+      0x00802000, 0x00000000, 0x00000008, 0x10802008,
+      0x00000000, 0x00802008, 0x10800000, 0x00002000,
+      0x10000008, 0x10002000, 0x00002000, 0x00800008 },
+    /* Box S8 */
+    { 0x40004100, 0x00004000, 0x00100000, 0x40104100,
+      0x40000000, 0x40004100, 0x00000100, 0x40000000,
+      0x00100100, 0x40100000, 0x40104100, 0x00104000,
+      0x40104000, 0x00104100, 0x00004000, 0x00000100,
+      0x40100000, 0x40000100, 0x40004000, 0x00004100,
+      0x00104000, 0x00100100, 0x40100100, 0x40104000,
+      0x00004100, 0x00000000, 0x00000000, 0x40100100,
+      0x40000100, 0x40004000, 0x00104100, 0x00100000,
+      0x00104100, 0x00100000, 0x40104000, 0x00004000,
+      0x00000100, 0x40100100, 0x00004000, 0x00104100,
+      0x40004000, 0x00000100, 0x40000100, 0x40100000,
+      0x40100100, 0x40000000, 0x00100000, 0x40004100,
+      0x00000000, 0x40104100, 0x00100100, 0x40000100,
+      0x40100000, 0x40004000, 0x40004100, 0x00000000,
+      0x40104100, 0x00104000, 0x00104000, 0x00004100,
+      0x00004100, 0x00100100, 0x40000000, 0x40104000 }
+};
+
+static const HALF PC2[8][64] = {
+    /* table 0 */
+    { 0x00000000, 0x00001000, 0x04000000, 0x04001000,
+      0x00100000, 0x00101000, 0x04100000, 0x04101000,
+      0x00008000, 0x00009000, 0x04008000, 0x04009000,
+      0x00108000, 0x00109000, 0x04108000, 0x04109000,
+      0x00000004, 0x00001004, 0x04000004, 0x04001004,
+      0x00100004, 0x00101004, 0x04100004, 0x04101004,
+      0x00008004, 0x00009004, 0x04008004, 0x04009004,
+      0x00108004, 0x00109004, 0x04108004, 0x04109004,
+      0x08000000, 0x08001000, 0x0c000000, 0x0c001000,
+      0x08100000, 0x08101000, 0x0c100000, 0x0c101000,
+      0x08008000, 0x08009000, 0x0c008000, 0x0c009000,
+      0x08108000, 0x08109000, 0x0c108000, 0x0c109000,
+      0x08000004, 0x08001004, 0x0c000004, 0x0c001004,
+      0x08100004, 0x08101004, 0x0c100004, 0x0c101004,
+      0x08008004, 0x08009004, 0x0c008004, 0x0c009004,
+      0x08108004, 0x08109004, 0x0c108004, 0x0c109004 },
+    /* table 1 */
+    { 0x00000000, 0x00002000, 0x80000000, 0x80002000,
+      0x00000008, 0x00002008, 0x80000008, 0x80002008,
+      0x00200000, 0x00202000, 0x80200000, 0x80202000,
+      0x00200008, 0x00202008, 0x80200008, 0x80202008,
+      0x20000000, 0x20002000, 0xa0000000, 0xa0002000,
+      0x20000008, 0x20002008, 0xa0000008, 0xa0002008,
+      0x20200000, 0x20202000, 0xa0200000, 0xa0202000,
+      0x20200008, 0x20202008, 0xa0200008, 0xa0202008,
+      0x00000400, 0x00002400, 0x80000400, 0x80002400,
+      0x00000408, 0x00002408, 0x80000408, 0x80002408,
+      0x00200400, 0x00202400, 0x80200400, 0x80202400,
+      0x00200408, 0x00202408, 0x80200408, 0x80202408,
+      0x20000400, 0x20002400, 0xa0000400, 0xa0002400,
+      0x20000408, 0x20002408, 0xa0000408, 0xa0002408,
+      0x20200400, 0x20202400, 0xa0200400, 0xa0202400,
+      0x20200408, 0x20202408, 0xa0200408, 0xa0202408 },
+    /* table 2 */
+    { 0x00000000, 0x00004000, 0x00000020, 0x00004020,
+      0x00080000, 0x00084000, 0x00080020, 0x00084020,
+      0x00000800, 0x00004800, 0x00000820, 0x00004820,
+      0x00080800, 0x00084800, 0x00080820, 0x00084820,
+      0x00000010, 0x00004010, 0x00000030, 0x00004030,
+      0x00080010, 0x00084010, 0x00080030, 0x00084030,
+      0x00000810, 0x00004810, 0x00000830, 0x00004830,
+      0x00080810, 0x00084810, 0x00080830, 0x00084830,
+      0x00400000, 0x00404000, 0x00400020, 0x00404020,
+      0x00480000, 0x00484000, 0x00480020, 0x00484020,
+      0x00400800, 0x00404800, 0x00400820, 0x00404820,
+      0x00480800, 0x00484800, 0x00480820, 0x00484820,
+      0x00400010, 0x00404010, 0x00400030, 0x00404030,
+      0x00480010, 0x00484010, 0x00480030, 0x00484030,
+      0x00400810, 0x00404810, 0x00400830, 0x00404830,
+      0x00480810, 0x00484810, 0x00480830, 0x00484830 },
+    /* table 3 */
+    { 0x00000000, 0x40000000, 0x00000080, 0x40000080,
+      0x00040000, 0x40040000, 0x00040080, 0x40040080,
+      0x00000040, 0x40000040, 0x000000c0, 0x400000c0,
+      0x00040040, 0x40040040, 0x000400c0, 0x400400c0,
+      0x10000000, 0x50000000, 0x10000080, 0x50000080,
+      0x10040000, 0x50040000, 0x10040080, 0x50040080,
+      0x10000040, 0x50000040, 0x100000c0, 0x500000c0,
+      0x10040040, 0x50040040, 0x100400c0, 0x500400c0,
+      0x00800000, 0x40800000, 0x00800080, 0x40800080,
+      0x00840000, 0x40840000, 0x00840080, 0x40840080,
+      0x00800040, 0x40800040, 0x008000c0, 0x408000c0,
+      0x00840040, 0x40840040, 0x008400c0, 0x408400c0,
+      0x10800000, 0x50800000, 0x10800080, 0x50800080,
+      0x10840000, 0x50840000, 0x10840080, 0x50840080,
+      0x10800040, 0x50800040, 0x108000c0, 0x508000c0,
+      0x10840040, 0x50840040, 0x108400c0, 0x508400c0 },
+    /* table 4 */
+    { 0x00000000, 0x00000008, 0x08000000, 0x08000008,
+      0x00040000, 0x00040008, 0x08040000, 0x08040008,
+      0x00002000, 0x00002008, 0x08002000, 0x08002008,
+      0x00042000, 0x00042008, 0x08042000, 0x08042008,
+      0x80000000, 0x80000008, 0x88000000, 0x88000008,
+      0x80040000, 0x80040008, 0x88040000, 0x88040008,
+      0x80002000, 0x80002008, 0x88002000, 0x88002008,
+      0x80042000, 0x80042008, 0x88042000, 0x88042008,
+      0x00080000, 0x00080008, 0x08080000, 0x08080008,
+      0x000c0000, 0x000c0008, 0x080c0000, 0x080c0008,
+      0x00082000, 0x00082008, 0x08082000, 0x08082008,
+      0x000c2000, 0x000c2008, 0x080c2000, 0x080c2008,
+      0x80080000, 0x80080008, 0x88080000, 0x88080008,
+      0x800c0000, 0x800c0008, 0x880c0000, 0x880c0008,
+      0x80082000, 0x80082008, 0x88082000, 0x88082008,
+      0x800c2000, 0x800c2008, 0x880c2000, 0x880c2008 },
+    /* table 5 */
+    { 0x00000000, 0x00400000, 0x00008000, 0x00408000,
+      0x40000000, 0x40400000, 0x40008000, 0x40408000,
+      0x00000020, 0x00400020, 0x00008020, 0x00408020,
+      0x40000020, 0x40400020, 0x40008020, 0x40408020,
+      0x00001000, 0x00401000, 0x00009000, 0x00409000,
+      0x40001000, 0x40401000, 0x40009000, 0x40409000,
+      0x00001020, 0x00401020, 0x00009020, 0x00409020,
+      0x40001020, 0x40401020, 0x40009020, 0x40409020,
+      0x00100000, 0x00500000, 0x00108000, 0x00508000,
+      0x40100000, 0x40500000, 0x40108000, 0x40508000,
+      0x00100020, 0x00500020, 0x00108020, 0x00508020,
+      0x40100020, 0x40500020, 0x40108020, 0x40508020,
+      0x00101000, 0x00501000, 0x00109000, 0x00509000,
+      0x40101000, 0x40501000, 0x40109000, 0x40509000,
+      0x00101020, 0x00501020, 0x00109020, 0x00509020,
+      0x40101020, 0x40501020, 0x40109020, 0x40509020 },
+    /* table 6 */
+    { 0x00000000, 0x00000040, 0x04000000, 0x04000040,
+      0x00000800, 0x00000840, 0x04000800, 0x04000840,
+      0x00800000, 0x00800040, 0x04800000, 0x04800040,
+      0x00800800, 0x00800840, 0x04800800, 0x04800840,
+      0x10000000, 0x10000040, 0x14000000, 0x14000040,
+      0x10000800, 0x10000840, 0x14000800, 0x14000840,
+      0x10800000, 0x10800040, 0x14800000, 0x14800040,
+      0x10800800, 0x10800840, 0x14800800, 0x14800840,
+      0x00000080, 0x000000c0, 0x04000080, 0x040000c0,
+      0x00000880, 0x000008c0, 0x04000880, 0x040008c0,
+      0x00800080, 0x008000c0, 0x04800080, 0x048000c0,
+      0x00800880, 0x008008c0, 0x04800880, 0x048008c0,
+      0x10000080, 0x100000c0, 0x14000080, 0x140000c0,
+      0x10000880, 0x100008c0, 0x14000880, 0x140008c0,
+      0x10800080, 0x108000c0, 0x14800080, 0x148000c0,
+      0x10800880, 0x108008c0, 0x14800880, 0x148008c0 },
+    /* table 7 */
+    { 0x00000000, 0x00000010, 0x00000400, 0x00000410,
+      0x00000004, 0x00000014, 0x00000404, 0x00000414,
+      0x00004000, 0x00004010, 0x00004400, 0x00004410,
+      0x00004004, 0x00004014, 0x00004404, 0x00004414,
+      0x20000000, 0x20000010, 0x20000400, 0x20000410,
+      0x20000004, 0x20000014, 0x20000404, 0x20000414,
+      0x20004000, 0x20004010, 0x20004400, 0x20004410,
+      0x20004004, 0x20004014, 0x20004404, 0x20004414,
+      0x00200000, 0x00200010, 0x00200400, 0x00200410,
+      0x00200004, 0x00200014, 0x00200404, 0x00200414,
+      0x00204000, 0x00204010, 0x00204400, 0x00204410,
+      0x00204004, 0x00204014, 0x00204404, 0x00204414,
+      0x20200000, 0x20200010, 0x20200400, 0x20200410,
+      0x20200004, 0x20200014, 0x20200404, 0x20200414,
+      0x20204000, 0x20204010, 0x20204400, 0x20204410,
+      0x20204004, 0x20204014, 0x20204404, 0x20204414 }
+};
+
+/*
+ * The PC-1 Permutation
+ * If we number the bits of the 8 bytes of key input like this (in octal):
+ *     00 01 02 03 04 05 06 07
+ *     10 11 12 13 14 15 16 17
+ *     20 21 22 23 24 25 26 27
+ *     30 31 32 33 34 35 36 37
+ *     40 41 42 43 44 45 46 47
+ *     50 51 52 53 54 55 56 57
+ *     60 61 62 63 64 65 66 67
+ *     70 71 72 73 74 75 76 77
+ * then after the PC-1 permutation,
+ * C0 is
+ *     70 60 50 40 30 20 10 00
+ *     71 61 51 41 31 21 11 01
+ *     72 62 52 42 32 22 12 02
+ *     73 63 53 43
+ * D0 is
+ *     76 66 56 46 36 26 16 06
+ *     75 65 55 45 35 25 15 05
+ *     74 64 54 44 34 24 14 04
+ *                 33 23 13 03
+ * and these parity bits have been discarded:
+ *     77 67 57 47 37 27 17 07
+ *
+ * We achieve this by flipping the input matrix about the diagonal from 70-07,
+ * getting left =
+ *     77 67 57 47 37 27 17 07  (these are the parity bits)
+ *     76 66 56 46 36 26 16 06
+ *     75 65 55 45 35 25 15 05
+ *     74 64 54 44 34 24 14 04
+ * right =
+ *     73 63 53 43 33 23 13 03
+ *     72 62 52 42 32 22 12 02
+ *     71 61 51 41 31 21 11 01
+ *     70 60 50 40 30 20 10 00
+ * then byte swap right, ala htonl() on a little endian machine.
+ * right =
+ *     70 60 50 40 30 20 10 00
+ *     71 67 57 47 37 27 11 07
+ *     72 62 52 42 32 22 12 02
+ *     73 63 53 43 33 23 13 03
+ * then
+ *     c0 = right >> 4;
+ *     d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
+*/
+
+#define FLIP_RIGHT_DIAGONAL(word, temp)        \
+    temp = (word ^ (word >> 18)) & 0x00003333; \
+    word ^= temp | (temp << 18);               \
+    temp = (word ^ (word >> 9)) & 0x00550055;  \
+    word ^= temp | (temp << 9);
+
+#if defined(__GNUC__) && defined(NSS_X86_OR_X64)
+#define BYTESWAP(word, temp) \
+    __asm("bswap  %0"        \
+          : "+r"(word));
+#elif (_MSC_VER >= 1300) && defined(NSS_X86_OR_X64)
+#include <stdlib.h>
+#pragma intrinsic(_byteswap_ulong)
+#define BYTESWAP(word, temp) \
+    word = _byteswap_ulong(word);
+#elif defined(__GNUC__) && (defined(__thumb2__) ||         \
+                            (!defined(__thumb__) &&        \
+                             (defined(__ARM_ARCH_6__) ||   \
+                              defined(__ARM_ARCH_6J__) ||  \
+                              defined(__ARM_ARCH_6K__) ||  \
+                              defined(__ARM_ARCH_6Z__) ||  \
+                              defined(__ARM_ARCH_6ZK__) || \
+                              defined(__ARM_ARCH_6T2__) || \
+                              defined(__ARM_ARCH_7__) ||   \
+                              defined(__ARM_ARCH_7A__) ||  \
+                              defined(__ARM_ARCH_7R__))))
+#define BYTESWAP(word, temp) \
+    __asm("rev %0, %0"       \
+          : "+r"(word));
+#else
+#define BYTESWAP(word, temp)            \
+    word = (word >> 16) | (word << 16); \
+    temp = 0x00ff00ff;                  \
+    word = ((word & temp) << 8) | ((word >> 8) & temp);
+#endif
+
+#define PC1(left, right, c0, d0, temp)                  \
+    right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f; \
+    left ^= temp << 4;                                  \
+    FLIP_RIGHT_DIAGONAL(left, temp);                    \
+    FLIP_RIGHT_DIAGONAL(right, temp);                   \
+    BYTESWAP(right, temp);                              \
+    c0 = right >> 4;                                    \
+    d0 = ((left & 0x00ffffff) << 4) | (right & 0xf);
+
+#define LEFT_SHIFT_1(reg) (((reg << 1) | (reg >> 27)) & 0x0FFFFFFF)
+#define LEFT_SHIFT_2(reg) (((reg << 2) | (reg >> 26)) & 0x0FFFFFFF)
+
+/*
+ *   setup key schedules from key
+ */
+
+void
+DES_MakeSchedule(HALF *ks, const BYTE *key, DESDirection direction)
+{
+    register HALF left, right;
+    register HALF c0, d0;
+    register HALF temp;
+    int delta;
+    unsigned int ls;
+
+#if defined(HAVE_UNALIGNED_ACCESS)
+    left = HALFPTR(key)[0];
+    right = HALFPTR(key)[1];
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP(left, temp);
+    BYTESWAP(right, temp);
+#endif
+#else
+    if (((ptrdiff_t)key & 0x03) == 0) {
+        left = HALFPTR(key)[0];
+        right = HALFPTR(key)[1];
+#if defined(IS_LITTLE_ENDIAN)
+        BYTESWAP(left, temp);
+        BYTESWAP(right, temp);
+#endif
+    } else {
+        left = ((HALF)key[0] << 24) | ((HALF)key[1] << 16) |
+               ((HALF)key[2] << 8) | key[3];
+        right = ((HALF)key[4] << 24) | ((HALF)key[5] << 16) |
+                ((HALF)key[6] << 8) | key[7];
+    }
+#endif
+
+    PC1(left, right, c0, d0, temp);
+
+    if (direction == DES_ENCRYPT) {
+        delta = 2 * (int)sizeof(HALF);
+    } else {
+        ks += 30;
+        delta = (-2) * (int)sizeof(HALF);
+    }
+
+    for (ls = 0x8103; ls; ls >>= 1) {
+        if (ls & 1) {
+            c0 = LEFT_SHIFT_1(c0);
+            d0 = LEFT_SHIFT_1(d0);
+        } else {
+            c0 = LEFT_SHIFT_2(c0);
+            d0 = LEFT_SHIFT_2(d0);
+        }
+
+#ifdef USE_INDEXING
+#define PC2LOOKUP(b, c) PC2[b][c]
+
+        left = PC2LOOKUP(0, ((c0 >> 22) & 0x3F));
+        left |= PC2LOOKUP(1, ((c0 >> 13) & 0x3F));
+        left |= PC2LOOKUP(2, ((c0 >> 4) & 0x38) | (c0 & 0x7));
+        left |= PC2LOOKUP(3, ((c0 >> 18) & 0xC) | ((c0 >> 11) & 0x3) | (c0 & 0x30));
+
+        right = PC2LOOKUP(4, ((d0 >> 22) & 0x3F));
+        right |= PC2LOOKUP(5, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf));
+        right |= PC2LOOKUP(6, ((d0 >> 7) & 0x3F));
+        right |= PC2LOOKUP(7, ((d0 >> 1) & 0x3C) | (d0 & 0x3));
+#else
+#define PC2LOOKUP(b, c) *(HALF *)((BYTE *)&PC2[b][0] + (c))
+
+        left = PC2LOOKUP(0, ((c0 >> 20) & 0xFC));
+        left |= PC2LOOKUP(1, ((c0 >> 11) & 0xFC));
+        left |= PC2LOOKUP(2, ((c0 >> 2) & 0xE0) | ((c0 << 2) & 0x1C));
+        left |= PC2LOOKUP(3, ((c0 >> 16) & 0x30) | ((c0 >> 9) & 0xC) | ((c0 << 2) & 0xC0));
+
+        right = PC2LOOKUP(4, ((d0 >> 20) & 0xFC));
+        right |= PC2LOOKUP(5, ((d0 >> 13) & 0xC0) | ((d0 >> 12) & 0x3C));
+        right |= PC2LOOKUP(6, ((d0 >> 5) & 0xFC));
+        right |= PC2LOOKUP(7, ((d0 << 1) & 0xF0) | ((d0 << 2) & 0x0C));
+#endif
+        /* left  contains key bits for S1 S3 S2 S4 */
+        /* right contains key bits for S6 S8 S5 S7 */
+        temp = (left << 16)     /* S2 S4 XX XX */
+               | (right >> 16); /* XX XX S6 S8 */
+        ks[0] = temp;
+
+        temp = (left & 0xffff0000)     /* S1 S3 XX XX */
+               | (right & 0x0000ffff); /* XX XX S5 S7 */
+        ks[1] = temp;
+
+        ks = (HALF *)((BYTE *)ks + delta);
+    }
+}
+
+/*
+ * The DES Initial Permutation
+ * if we number the bits of the 8 bytes of input like this (in octal):
+ *     00 01 02 03 04 05 06 07
+ *     10 11 12 13 14 15 16 17
+ *     20 21 22 23 24 25 26 27
+ *     30 31 32 33 34 35 36 37
+ *     40 41 42 43 44 45 46 47
+ *     50 51 52 53 54 55 56 57
+ *     60 61 62 63 64 65 66 67
+ *     70 71 72 73 74 75 76 77
+ * then after the initial permutation, they will be in this order.
+ *     71 61 51 41 31 21 11 01
+ *     73 63 53 43 33 23 13 03
+ *     75 65 55 45 35 25 15 05
+ *     77 67 57 47 37 27 17 07
+ *     70 60 50 40 30 20 10 00
+ *     72 62 52 42 32 22 12 02
+ *     74 64 54 44 34 24 14 04
+ *     76 66 56 46 36 26 16 06
+ *
+ * One way to do this is in two steps:
+ * 1. Flip this matrix about the diagonal from 70-07 as done for PC1.
+ * 2. Rearrange the bytes (rows in the matrix above) with the following code.
+ *
+ * #define swapHiLo(word, temp) \
+ *   temp  = (word ^ (word >> 24)) & 0x000000ff; \
+ *   word ^=  temp | (temp << 24);
+ *
+ *   right ^= temp = ((left << 8) ^ right) & 0xff00ff00;
+ *   left  ^= temp >> 8;
+ *   swapHiLo(left, temp);
+ *   swapHiLo(right,temp);
+ *
+ * However, the two steps can be combined, so that the rows are rearranged
+ * while the matrix is being flipped, reducing the number of bit exchange
+ * operations from 8 ot 5.
+ *
+ * Initial Permutation */
+#define IP(left, right, temp)                            \
+    right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f;  \
+    left ^= temp << 4;                                   \
+    right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
+    left ^= temp << 16;                                  \
+    right ^= temp = ((left << 2) ^ right) & 0xcccccccc;  \
+    left ^= temp >> 2;                                   \
+    right ^= temp = ((left << 8) ^ right) & 0xff00ff00;  \
+    left ^= temp >> 8;                                   \
+    right ^= temp = ((left >> 1) ^ right) & 0x55555555;  \
+    left ^= temp << 1;
+
+/* The Final (Inverse Initial) permutation is done by reversing the
+** steps of the Initital Permutation
+*/
+
+#define FP(left, right, temp)                            \
+    right ^= temp = ((left >> 1) ^ right) & 0x55555555;  \
+    left ^= temp << 1;                                   \
+    right ^= temp = ((left << 8) ^ right) & 0xff00ff00;  \
+    left ^= temp >> 8;                                   \
+    right ^= temp = ((left << 2) ^ right) & 0xcccccccc;  \
+    left ^= temp >> 2;                                   \
+    right ^= temp = ((left >> 16) ^ right) & 0x0000ffff; \
+    left ^= temp << 16;                                  \
+    right ^= temp = ((left >> 4) ^ right) & 0x0f0f0f0f;  \
+    left ^= temp << 4;
+
+void NO_SANITIZE_ALIGNMENT
+DES_Do1Block(HALF *ks, const BYTE *inbuf, BYTE *outbuf)
+{
+    register HALF left, right;
+    register HALF temp;
+
+#if defined(HAVE_UNALIGNED_ACCESS)
+    left = HALFPTR(inbuf)[0];
+    right = HALFPTR(inbuf)[1];
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP(left, temp);
+    BYTESWAP(right, temp);
+#endif
+#else
+    if (((ptrdiff_t)inbuf & 0x03) == 0) {
+        left = HALFPTR(inbuf)[0];
+        right = HALFPTR(inbuf)[1];
+#if defined(IS_LITTLE_ENDIAN)
+        BYTESWAP(left, temp);
+        BYTESWAP(right, temp);
+#endif
+    } else {
+        left = ((HALF)inbuf[0] << 24) | ((HALF)inbuf[1] << 16) |
+               ((HALF)inbuf[2] << 8) | inbuf[3];
+        right = ((HALF)inbuf[4] << 24) | ((HALF)inbuf[5] << 16) |
+                ((HALF)inbuf[6] << 8) | inbuf[7];
+    }
+#endif
+
+    IP(left, right, temp);
+
+    /* shift the values left circularly 3 bits. */
+    left = (left << 3) | (left >> 29);
+    right = (right << 3) | (right >> 29);
+
+#ifdef USE_INDEXING
+#define KSLOOKUP(s, b) SP[s][((temp >> (b + 2)) & 0x3f)]
+#else
+#define KSLOOKUP(s, b) *(HALF *)((BYTE *)&SP[s][0] + ((temp >> b) & 0xFC))
+#endif
+#define ROUND(out, in, r)                            \
+    temp = in ^ ks[2 * r];                           \
+    out ^= KSLOOKUP(1, 24);                          \
+    out ^= KSLOOKUP(3, 16);                          \
+    out ^= KSLOOKUP(5, 8);                           \
+    out ^= KSLOOKUP(7, 0);                           \
+    temp = ((in >> 4) | (in << 28)) ^ ks[2 * r + 1]; \
+    out ^= KSLOOKUP(0, 24);                          \
+    out ^= KSLOOKUP(2, 16);                          \
+    out ^= KSLOOKUP(4, 8);                           \
+    out ^= KSLOOKUP(6, 0);
+
+    /* Do the 16 Feistel rounds */
+    ROUND(left, right, 0)
+    ROUND(right, left, 1)
+    ROUND(left, right, 2)
+    ROUND(right, left, 3)
+    ROUND(left, right, 4)
+    ROUND(right, left, 5)
+    ROUND(left, right, 6)
+    ROUND(right, left, 7)
+    ROUND(left, right, 8)
+    ROUND(right, left, 9)
+    ROUND(left, right, 10)
+    ROUND(right, left, 11)
+    ROUND(left, right, 12)
+    ROUND(right, left, 13)
+    ROUND(left, right, 14)
+    ROUND(right, left, 15)
+
+    /* now shift circularly right 3 bits to undo the shifting done
+    ** above.  switch left and right here.
+    */
+    temp = (left >> 3) | (left << 29);
+    left = (right >> 3) | (right << 29);
+    right = temp;
+
+    FP(left, right, temp);
+
+#if defined(HAVE_UNALIGNED_ACCESS)
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP(left, temp);
+    BYTESWAP(right, temp);
+#endif
+    HALFPTR(outbuf)
+    [0] = left;
+    HALFPTR(outbuf)
+    [1] = right;
+#else
+    if (((ptrdiff_t)outbuf & 0x03) == 0) {
+#if defined(IS_LITTLE_ENDIAN)
+        BYTESWAP(left, temp);
+        BYTESWAP(right, temp);
+#endif
+        HALFPTR(outbuf)
+        [0] = left;
+        HALFPTR(outbuf)
+        [1] = right;
+    } else {
+        outbuf[0] = (BYTE)(left >> 24);
+        outbuf[1] = (BYTE)(left >> 16);
+        outbuf[2] = (BYTE)(left >> 8);
+        outbuf[3] = (BYTE)(left);
+
+        outbuf[4] = (BYTE)(right >> 24);
+        outbuf[5] = (BYTE)(right >> 16);
+        outbuf[6] = (BYTE)(right >> 8);
+        outbuf[7] = (BYTE)(right);
+    }
+#endif
+}
+
+/* Ackowledgements:
+** Two ideas used in this implementation were shown to me by Dennis Ferguson
+** in 1990.  He credits them to Richard Outerbridge and Dan Hoey.  They were:
+** 1. The method of computing the Initial and Final permutations.
+** 2. Circularly rotating the SP tables and the initial values of left and
+**  right to reduce the number of shifts required during the 16 rounds.
+*/
diff --git a/nss/lib/freebl/des.h b/nss/lib/freebl/des.h
new file mode 100644
index 0000000..70a17e5
--- /dev/null
+++ b/nss/lib/freebl/des.h
@@ -0,0 +1,43 @@
+/*
+ *  des.h
+ *
+ *  header file for DES-150 library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _DES_H_
+#define _DES_H_ 1
+
+#include "blapi.h"
+
+typedef unsigned char BYTE;
+typedef unsigned int HALF;
+
+#define HALFPTR(x) ((HALF *)(x))
+#define SHORTPTR(x) ((unsigned short *)(x))
+#define BYTEPTR(x) ((BYTE *)(x))
+
+typedef enum {
+    DES_ENCRYPT = 0x5555,
+    DES_DECRYPT = 0xAAAA
+} DESDirection;
+
+typedef void DESFunc(struct DESContextStr *cx, BYTE *out, const BYTE *in,
+                     unsigned int len);
+
+struct DESContextStr {
+    /* key schedule, 16 internal keys, each with 8 6-bit parts */
+    HALF ks0[32];
+    HALF ks1[32];
+    HALF ks2[32];
+    HALF iv[2];
+    DESDirection direction;
+    DESFunc *worker;
+};
+
+void DES_MakeSchedule(HALF *ks, const BYTE *key, DESDirection direction);
+void DES_Do1Block(HALF *ks, const BYTE *inbuf, BYTE *outbuf);
+
+#endif
diff --git a/nss/lib/freebl/desblapi.c b/nss/lib/freebl/desblapi.c
new file mode 100644
index 0000000..c03ab27
--- /dev/null
+++ b/nss/lib/freebl/desblapi.c
@@ -0,0 +1,256 @@
+/*
+ *  desblapi.c
+ *
+ *  core source file for DES-150 library
+ *  Implement DES Modes of Operation and Triple-DES.
+ *  Adapt DES-150 to blapi API.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "des.h"
+#include "blapii.h"
+#include <stddef.h>
+#include "secerr.h"
+
+#if defined(NSS_X86_OR_X64)
+/* Intel X86 CPUs do unaligned loads and stores without complaint. */
+#define COPY8B(to, from, ptr) \
+    HALFPTR(to)               \
+    [0] = HALFPTR(from)[0];   \
+    HALFPTR(to)               \
+    [1] = HALFPTR(from)[1];
+#else
+#define COPY8B(to, from, ptr) memcpy(to, from, 8)
+#endif
+#define COPY8BTOHALF(to, from) COPY8B(to, from, from)
+#define COPY8BFROMHALF(to, from) COPY8B(to, from, to)
+
+static void
+DES_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    while (len) {
+        DES_Do1Block(cx->ks0, in, out);
+        len -= 8;
+        in += 8;
+        out += 8;
+    }
+}
+
+static void
+DES_EDE3_ECB(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    while (len) {
+        DES_Do1Block(cx->ks0, in, out);
+        len -= 8;
+        in += 8;
+        DES_Do1Block(cx->ks1, out, out);
+        DES_Do1Block(cx->ks2, out, out);
+        out += 8;
+    }
+}
+
+static void NO_SANITIZE_ALIGNMENT
+DES_CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE *bufend = in + len;
+    HALF vec[2];
+
+    while (in != bufend) {
+        COPY8BTOHALF(vec, in);
+        in += 8;
+        vec[0] ^= cx->iv[0];
+        vec[1] ^= cx->iv[1];
+        DES_Do1Block(cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
+        COPY8BFROMHALF(out, cx->iv);
+        out += 8;
+    }
+}
+
+static void NO_SANITIZE_ALIGNMENT
+DES_CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE *bufend;
+    HALF oldciphertext[2];
+    HALF plaintext[2];
+
+    for (bufend = in + len; in != bufend;) {
+        oldciphertext[0] = cx->iv[0];
+        oldciphertext[1] = cx->iv[1];
+        COPY8BTOHALF(cx->iv, in);
+        in += 8;
+        DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
+        plaintext[0] ^= oldciphertext[0];
+        plaintext[1] ^= oldciphertext[1];
+        COPY8BFROMHALF(out, plaintext);
+        out += 8;
+    }
+}
+
+static void NO_SANITIZE_ALIGNMENT
+DES_EDE3CBCEn(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE *bufend = in + len;
+    HALF vec[2];
+
+    while (in != bufend) {
+        COPY8BTOHALF(vec, in);
+        in += 8;
+        vec[0] ^= cx->iv[0];
+        vec[1] ^= cx->iv[1];
+        DES_Do1Block(cx->ks0, (BYTE *)vec, (BYTE *)cx->iv);
+        DES_Do1Block(cx->ks1, (BYTE *)cx->iv, (BYTE *)cx->iv);
+        DES_Do1Block(cx->ks2, (BYTE *)cx->iv, (BYTE *)cx->iv);
+        COPY8BFROMHALF(out, cx->iv);
+        out += 8;
+    }
+}
+
+static void NO_SANITIZE_ALIGNMENT
+DES_EDE3CBCDe(DESContext *cx, BYTE *out, const BYTE *in, unsigned int len)
+{
+    const BYTE *bufend;
+    HALF oldciphertext[2];
+    HALF plaintext[2];
+
+    for (bufend = in + len; in != bufend;) {
+        oldciphertext[0] = cx->iv[0];
+        oldciphertext[1] = cx->iv[1];
+        COPY8BTOHALF(cx->iv, in);
+        in += 8;
+        DES_Do1Block(cx->ks0, (BYTE *)cx->iv, (BYTE *)plaintext);
+        DES_Do1Block(cx->ks1, (BYTE *)plaintext, (BYTE *)plaintext);
+        DES_Do1Block(cx->ks2, (BYTE *)plaintext, (BYTE *)plaintext);
+        plaintext[0] ^= oldciphertext[0];
+        plaintext[1] ^= oldciphertext[1];
+        COPY8BFROMHALF(out, plaintext);
+        out += 8;
+    }
+}
+
+DESContext *
+DES_AllocateContext(void)
+{
+    return PORT_ZNew(DESContext);
+}
+
+SECStatus
+DES_InitContext(DESContext *cx, const unsigned char *key, unsigned int keylen,
+                const unsigned char *iv, int mode, unsigned int encrypt,
+                unsigned int unused)
+{
+    DESDirection opposite;
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    cx->direction = encrypt ? DES_ENCRYPT : DES_DECRYPT;
+    opposite = encrypt ? DES_DECRYPT : DES_ENCRYPT;
+    switch (mode) {
+        case NSS_DES: /* DES ECB */
+            DES_MakeSchedule(cx->ks0, key, cx->direction);
+            cx->worker = &DES_ECB;
+            break;
+
+        case NSS_DES_EDE3: /* DES EDE ECB */
+            cx->worker = &DES_EDE3_ECB;
+            if (encrypt) {
+                DES_MakeSchedule(cx->ks0, key, cx->direction);
+                DES_MakeSchedule(cx->ks1, key + 8, opposite);
+                DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
+            } else {
+                DES_MakeSchedule(cx->ks2, key, cx->direction);
+                DES_MakeSchedule(cx->ks1, key + 8, opposite);
+                DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
+            }
+            break;
+
+        case NSS_DES_CBC: /* DES CBC */
+            COPY8BTOHALF(cx->iv, iv);
+            cx->worker = encrypt ? &DES_CBCEn : &DES_CBCDe;
+            DES_MakeSchedule(cx->ks0, key, cx->direction);
+            break;
+
+        case NSS_DES_EDE3_CBC: /* DES EDE CBC */
+            COPY8BTOHALF(cx->iv, iv);
+            if (encrypt) {
+                cx->worker = &DES_EDE3CBCEn;
+                DES_MakeSchedule(cx->ks0, key, cx->direction);
+                DES_MakeSchedule(cx->ks1, key + 8, opposite);
+                DES_MakeSchedule(cx->ks2, key + 16, cx->direction);
+            } else {
+                cx->worker = &DES_EDE3CBCDe;
+                DES_MakeSchedule(cx->ks2, key, cx->direction);
+                DES_MakeSchedule(cx->ks1, key + 8, opposite);
+                DES_MakeSchedule(cx->ks0, key + 16, cx->direction);
+            }
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+DESContext *
+DES_CreateContext(const BYTE *key, const BYTE *iv, int mode, PRBool encrypt)
+{
+    DESContext *cx = PORT_ZNew(DESContext);
+    SECStatus rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
+
+    if (rv != SECSuccess) {
+        PORT_ZFree(cx, sizeof *cx);
+        cx = NULL;
+    }
+    return cx;
+}
+
+void
+DES_DestroyContext(DESContext *cx, PRBool freeit)
+{
+    if (cx) {
+        memset(cx, 0, sizeof *cx);
+        if (freeit)
+            PORT_Free(cx);
+    }
+}
+
+SECStatus
+DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
+            unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
+{
+
+    if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
+        cx->direction != DES_ENCRYPT) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    cx->worker(cx, out, in, inLen);
+    if (outLen)
+        *outLen = inLen;
+    return SECSuccess;
+}
+
+SECStatus
+DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
+            unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
+{
+
+    if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
+        cx->direction != DES_DECRYPT) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    cx->worker(cx, out, in, inLen);
+    if (outLen)
+        *outLen = inLen;
+    return SECSuccess;
+}
diff --git a/nss/lib/freebl/det_rng.c b/nss/lib/freebl/det_rng.c
new file mode 100644
index 0000000..fcbf9b3
--- /dev/null
+++ b/nss/lib/freebl/det_rng.c
@@ -0,0 +1,67 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "blapi.h"
+#include "blapit.h"
+#include "chacha20.h"
+#include "nssilock.h"
+#include "seccomon.h"
+#include "secerr.h"
+
+static unsigned long globalNumCalls = 0;
+
+SECStatus
+prng_ResetForFuzzing(PZLock *rng_lock)
+{
+    /* Check for a valid RNG lock. */
+    PORT_Assert(rng_lock != NULL);
+    if (rng_lock == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* --- LOCKED --- */
+    PZ_Lock(rng_lock);
+    globalNumCalls = 0;
+    PZ_Unlock(rng_lock);
+    /* --- UNLOCKED --- */
+
+    return SECSuccess;
+}
+
+SECStatus
+prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest, size_t len)
+{
+    static const uint8_t key[32];
+    uint8_t nonce[12] = { 0 };
+
+    /* Check for a valid RNG lock. */
+    PORT_Assert(rng_lock != NULL);
+    if (rng_lock == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* --- LOCKED --- */
+    PZ_Lock(rng_lock);
+
+    memcpy(nonce, &globalNumCalls, sizeof(globalNumCalls));
+    globalNumCalls++;
+
+    ChaCha20Poly1305Context *cx =
+        ChaCha20Poly1305_CreateContext(key, sizeof(key), 16);
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PZ_Unlock(rng_lock);
+        return SECFailure;
+    }
+
+    memset(dest, 0, len);
+    ChaCha20XOR(dest, dest, len, key, nonce, 0);
+    ChaCha20Poly1305_DestroyContext(cx, PR_TRUE);
+
+    PZ_Unlock(rng_lock);
+    /* --- UNLOCKED --- */
+    return SECSuccess;
+}
diff --git a/nss/lib/freebl/det_rng.h b/nss/lib/freebl/det_rng.h
new file mode 100644
index 0000000..599d726
--- /dev/null
+++ b/nss/lib/freebl/det_rng.h
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __det_rng_h_
+#define __det_rng_h_
+
+SECStatus prng_ResetForFuzzing(PZLock *rng_lock);
+SECStatus prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest,
+                                                size_t len);
+
+#endif /* __det_rng_h_ */
diff --git a/nss/lib/freebl/dh.c b/nss/lib/freebl/dh.c
new file mode 100644
index 0000000..97025c7
--- /dev/null
+++ b/nss/lib/freebl/dh.c
@@ -0,0 +1,452 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Diffie-Hellman parameter generation, key generation, and secret derivation.
+ * KEA secret generation and verification.
+ */
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "blapi.h"
+#include "secitem.h"
+#include "mpi.h"
+#include "mpprime.h"
+#include "secmpi.h"
+
+#define KEA_DERIVED_SECRET_LEN 128
+
+/* Lengths are in bytes. */
+static unsigned int
+dh_GetSecretKeyLen(unsigned int primeLen)
+{
+    /* Based on Table 2 in NIST SP 800-57. */
+    if (primeLen >= 1920) { /* 15360 bits */
+        return 64;          /* 512 bits */
+    }
+    if (primeLen >= 960) { /* 7680 bits */
+        return 48;         /* 384 bits */
+    }
+    if (primeLen >= 384) { /* 3072 bits */
+        return 32;         /* 256 bits */
+    }
+    if (primeLen >= 256) { /* 2048 bits */
+        return 28;         /* 224 bits */
+    }
+    return 20; /* 160 bits */
+}
+
+SECStatus
+DH_GenParam(int primeLen, DHParams **params)
+{
+    PLArenaPool *arena;
+    DHParams *dhparams;
+    unsigned char *pb = NULL;
+    unsigned char *ab = NULL;
+    unsigned long counter = 0;
+    mp_int p, q, a, h, psub1, test;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    if (!params || primeLen < 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    dhparams = (DHParams *)PORT_ArenaZAlloc(arena, sizeof(DHParams));
+    if (!dhparams) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    }
+    dhparams->arena = arena;
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&a) = 0;
+    MP_DIGITS(&h) = 0;
+    MP_DIGITS(&psub1) = 0;
+    MP_DIGITS(&test) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&a));
+    CHECK_MPI_OK(mp_init(&h));
+    CHECK_MPI_OK(mp_init(&psub1));
+    CHECK_MPI_OK(mp_init(&test));
+    /* generate prime with MPI, uses Miller-Rabin to generate strong prime. */
+    pb = PORT_Alloc(primeLen);
+    CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(pb, primeLen));
+    pb[0] |= 0x80;            /* set high-order bit */
+    pb[primeLen - 1] |= 0x01; /* set low-order bit  */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&p, pb, primeLen));
+    CHECK_MPI_OK(mpp_make_prime(&p, primeLen * 8, PR_TRUE, &counter));
+    /* construct Sophie-Germain prime q = (p-1)/2. */
+    CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
+    CHECK_MPI_OK(mp_div_2(&psub1, &q));
+    /* construct a generator from the prime. */
+    ab = PORT_Alloc(primeLen);
+    /* generate a candidate number a in p's field */
+    CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(ab, primeLen));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&a, ab, primeLen));
+    /* force a < p (note that quot(a/p) <= 1) */
+    if (mp_cmp(&a, &p) > 0)
+        CHECK_MPI_OK(mp_sub(&a, &p, &a));
+    do {
+        /* check that a is in the range [2..p-1] */
+        if (mp_cmp_d(&a, 2) < 0 || mp_cmp(&a, &psub1) >= 0) {
+            /* a is outside of the allowed range.  Set a=3 and keep going. */
+            mp_set(&a, 3);
+        }
+        /* if a**q mod p != 1 then a is a generator */
+        CHECK_MPI_OK(mp_exptmod(&a, &q, &p, &test));
+        if (mp_cmp_d(&test, 1) != 0)
+            break;
+        /* increment the candidate and try again. */
+        CHECK_MPI_OK(mp_add_d(&a, 1, &a));
+    } while (PR_TRUE);
+    MPINT_TO_SECITEM(&p, &dhparams->prime, arena);
+    MPINT_TO_SECITEM(&a, &dhparams->base, arena);
+    *params = dhparams;
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&a);
+    mp_clear(&h);
+    mp_clear(&psub1);
+    mp_clear(&test);
+    if (pb)
+        PORT_ZFree(pb, primeLen);
+    if (ab)
+        PORT_ZFree(ab, primeLen);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv)
+        PORT_FreeArena(arena, PR_TRUE);
+    return rv;
+}
+
+SECStatus
+DH_NewKey(DHParams *params, DHPrivateKey **privKey)
+{
+    PLArenaPool *arena;
+    DHPrivateKey *key;
+    mp_int g, xa, p, Ya;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    if (!params || !privKey) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    key = (DHPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DHPrivateKey));
+    if (!key) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    }
+    key->arena = arena;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&xa) = 0;
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&Ya) = 0;
+    CHECK_MPI_OK(mp_init(&g));
+    CHECK_MPI_OK(mp_init(&xa));
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&Ya));
+    /* Set private key's p */
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->prime, &params->prime));
+    SECITEM_TO_MPINT(key->prime, &p);
+    /* Set private key's g */
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->base, &params->base));
+    SECITEM_TO_MPINT(key->base, &g);
+    /* Generate private key xa */
+    SECITEM_AllocItem(arena, &key->privateValue,
+                      dh_GetSecretKeyLen(params->prime.len));
+    CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(key->privateValue.data,
+                                               key->privateValue.len));
+    SECITEM_TO_MPINT(key->privateValue, &xa);
+    /* xa < p */
+    CHECK_MPI_OK(mp_mod(&xa, &p, &xa));
+    /* Compute public key Ya = g ** xa mod p */
+    CHECK_MPI_OK(mp_exptmod(&g, &xa, &p, &Ya));
+    MPINT_TO_SECITEM(&Ya, &key->publicValue, key->arena);
+    *privKey = key;
+cleanup:
+    mp_clear(&g);
+    mp_clear(&xa);
+    mp_clear(&p);
+    mp_clear(&Ya);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv) {
+        *privKey = NULL;
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    return rv;
+}
+
+SECStatus
+DH_Derive(SECItem *publicValue,
+          SECItem *prime,
+          SECItem *privateValue,
+          SECItem *derivedSecret,
+          unsigned int outBytes)
+{
+    mp_int p, Xa, Yb, ZZ, psub1;
+    mp_err err = MP_OKAY;
+    unsigned int len = 0;
+    unsigned int nb;
+    unsigned char *secret = NULL;
+    if (!publicValue || !prime || !privateValue || !derivedSecret) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    memset(derivedSecret, 0, sizeof *derivedSecret);
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&Xa) = 0;
+    MP_DIGITS(&Yb) = 0;
+    MP_DIGITS(&ZZ) = 0;
+    MP_DIGITS(&psub1) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&Xa));
+    CHECK_MPI_OK(mp_init(&Yb));
+    CHECK_MPI_OK(mp_init(&ZZ));
+    CHECK_MPI_OK(mp_init(&psub1));
+    SECITEM_TO_MPINT(*publicValue, &Yb);
+    SECITEM_TO_MPINT(*privateValue, &Xa);
+    SECITEM_TO_MPINT(*prime, &p);
+    CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
+
+    /* We assume that the modulus, p, is a safe prime. That is, p = 2q+1 where
+     * q is also a prime. Thus the orders of the subgroups are factors of 2q:
+     * namely 1, 2, q and 2q.
+     *
+     * We check that the peer's public value isn't zero (which isn't in the
+     * group), one (subgroup of order one) or p-1 (subgroup of order 2). We
+     * also check that the public value is less than p, to avoid being fooled
+     * by values like p+1 or 2*p-1.
+     *
+     * Thus we must be operating in the subgroup of size q or 2q. */
+    if (mp_cmp_d(&Yb, 1) <= 0 ||
+        mp_cmp(&Yb, &psub1) >= 0) {
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
+    /* ZZ = (Yb)**Xa mod p */
+    CHECK_MPI_OK(mp_exptmod(&Yb, &Xa, &p, &ZZ));
+    /* number of bytes in the derived secret */
+    len = mp_unsigned_octet_size(&ZZ);
+    if (len <= 0) {
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
+    /*
+     * We check to make sure that ZZ is not equal to 1 or -1 mod p.
+     * This helps guard against small subgroup attacks, since an attacker
+     * using a subgroup of size N will produce 1 or -1 with probability 1/N.
+     * When the protocol is executed within a properly large subgroup, the
+     * probability of this result will be negligibly small.  For example,
+     * with a strong prime of the form 2p+1, the probability will be 1/p.
+     *
+     * We return MP_BADARG because this is probably the result of a bad
+     * public value or a bad prime having been provided.
+     */
+    if (mp_cmp_d(&ZZ, 1) == 0 ||
+        mp_cmp(&ZZ, &psub1) == 0) {
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
+    /* allocate a buffer which can hold the entire derived secret. */
+    secret = PORT_Alloc(len);
+    if (secret == NULL) {
+        err = MP_MEM;
+        goto cleanup;
+    }
+    /* grab the derived secret */
+    err = mp_to_unsigned_octets(&ZZ, secret, len);
+    if (err >= 0)
+        err = MP_OKAY;
+    /*
+    ** if outBytes is 0 take all of the bytes from the derived secret.
+    ** if outBytes is not 0 take exactly outBytes from the derived secret, zero
+    ** pad at the beginning if necessary, and truncate beginning bytes
+    ** if necessary.
+    */
+    if (outBytes > 0)
+        nb = outBytes;
+    else
+        nb = len;
+    if (SECITEM_AllocItem(NULL, derivedSecret, nb) == NULL) {
+        err = MP_MEM;
+        goto cleanup;
+    }
+    if (len < nb) {
+        unsigned int offset = nb - len;
+        memset(derivedSecret->data, 0, offset);
+        memcpy(derivedSecret->data + offset, secret, len);
+    } else {
+        memcpy(derivedSecret->data, secret + len - nb, nb);
+    }
+cleanup:
+    mp_clear(&p);
+    mp_clear(&Xa);
+    mp_clear(&Yb);
+    mp_clear(&ZZ);
+    mp_clear(&psub1);
+    if (secret) {
+        /* free the buffer allocated for the full secret. */
+        PORT_ZFree(secret, len);
+    }
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        if (derivedSecret->data)
+            PORT_ZFree(derivedSecret->data, derivedSecret->len);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+KEA_Derive(SECItem *prime,
+           SECItem *public1,
+           SECItem *public2,
+           SECItem *private1,
+           SECItem *private2,
+           SECItem *derivedSecret)
+{
+    mp_int p, Y, R, r, x, t, u, w;
+    mp_err err;
+    unsigned char *secret = NULL;
+    unsigned int len = 0, offset;
+    if (!prime || !public1 || !public2 || !private1 || !private2 ||
+        !derivedSecret) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    memset(derivedSecret, 0, sizeof *derivedSecret);
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&Y) = 0;
+    MP_DIGITS(&R) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&t) = 0;
+    MP_DIGITS(&u) = 0;
+    MP_DIGITS(&w) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&Y));
+    CHECK_MPI_OK(mp_init(&R));
+    CHECK_MPI_OK(mp_init(&r));
+    CHECK_MPI_OK(mp_init(&x));
+    CHECK_MPI_OK(mp_init(&t));
+    CHECK_MPI_OK(mp_init(&u));
+    CHECK_MPI_OK(mp_init(&w));
+    SECITEM_TO_MPINT(*prime, &p);
+    SECITEM_TO_MPINT(*public1, &Y);
+    SECITEM_TO_MPINT(*public2, &R);
+    SECITEM_TO_MPINT(*private1, &r);
+    SECITEM_TO_MPINT(*private2, &x);
+    /* t = DH(Y, r, p) = Y ** r mod p */
+    CHECK_MPI_OK(mp_exptmod(&Y, &r, &p, &t));
+    /* u = DH(R, x, p) = R ** x mod p */
+    CHECK_MPI_OK(mp_exptmod(&R, &x, &p, &u));
+    /* w = (t + u) mod p */
+    CHECK_MPI_OK(mp_addmod(&t, &u, &p, &w));
+    /* allocate a buffer for the full derived secret */
+    len = mp_unsigned_octet_size(&w);
+    secret = PORT_Alloc(len);
+    if (secret == NULL) {
+        err = MP_MEM;
+        goto cleanup;
+    }
+    /* grab the secret */
+    err = mp_to_unsigned_octets(&w, secret, len);
+    if (err > 0)
+        err = MP_OKAY;
+    /* allocate output buffer */
+    if (SECITEM_AllocItem(NULL, derivedSecret, KEA_DERIVED_SECRET_LEN) == NULL) {
+        err = MP_MEM;
+        goto cleanup;
+    }
+    memset(derivedSecret->data, 0, derivedSecret->len);
+    /* copy in the 128 lsb of the secret */
+    if (len >= KEA_DERIVED_SECRET_LEN) {
+        memcpy(derivedSecret->data, secret + (len - KEA_DERIVED_SECRET_LEN),
+               KEA_DERIVED_SECRET_LEN);
+    } else {
+        offset = KEA_DERIVED_SECRET_LEN - len;
+        memcpy(derivedSecret->data + offset, secret, len);
+    }
+cleanup:
+    mp_clear(&p);
+    mp_clear(&Y);
+    mp_clear(&R);
+    mp_clear(&r);
+    mp_clear(&x);
+    mp_clear(&t);
+    mp_clear(&u);
+    mp_clear(&w);
+    if (secret)
+        PORT_ZFree(secret, len);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        if (derivedSecret->data)
+            PORT_ZFree(derivedSecret->data, derivedSecret->len);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+PRBool
+KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
+{
+    mp_int p, q, y, r;
+    mp_err err;
+    int cmp = 1; /* default is false */
+    if (!Y || !prime || !subPrime) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&y) = 0;
+    MP_DIGITS(&r) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&y));
+    CHECK_MPI_OK(mp_init(&r));
+    SECITEM_TO_MPINT(*prime, &p);
+    SECITEM_TO_MPINT(*subPrime, &q);
+    SECITEM_TO_MPINT(*Y, &y);
+    /* compute r = y**q mod p */
+    CHECK_MPI_OK(mp_exptmod(&y, &q, &p, &r));
+    /* compare to 1 */
+    cmp = mp_cmp_d(&r, 1);
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&y);
+    mp_clear(&r);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        return PR_FALSE;
+    }
+    return (cmp == 0) ? PR_TRUE : PR_FALSE;
+}
diff --git a/nss/lib/freebl/drbg.c b/nss/lib/freebl/drbg.c
new file mode 100644
index 0000000..0f88199
--- /dev/null
+++ b/nss/lib/freebl/drbg.c
@@ -0,0 +1,972 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prerror.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "prinit.h"
+#include "blapi.h"
+#include "blapii.h"
+#include "nssilock.h"
+#include "secitem.h"
+#include "sha_fast.h"
+#include "sha256.h"
+#include "secrng.h" /* for RNG_SystemRNG() */
+#include "secmpi.h"
+
+#ifdef UNSAFE_FUZZER_MODE
+#include "det_rng.h"
+#endif
+
+/* PRNG_SEEDLEN defined in NIST SP 800-90 section 10.1
+ * for SHA-1, SHA-224, and SHA-256 it's 440 bits.
+ * for SHA-384 and SHA-512 it's 888 bits */
+#define PRNG_SEEDLEN (440 / PR_BITS_PER_BYTE)
+#define PRNG_MAX_ADDITIONAL_BYTES PR_INT64(0x100000000)
+/* 2^35 bits or 2^32 bytes */
+#define PRNG_MAX_REQUEST_SIZE 0x10000             /* 2^19 bits or 2^16 bytes */
+#define PRNG_ADDITONAL_DATA_CACHE_SIZE (8 * 1024) /* must be less than          \
+                                                   *  PRNG_MAX_ADDITIONAL_BYTES \
+                                                   */
+
+/* RESEED_COUNT is how many calls to the prng before we need to reseed
+ * under normal NIST rules, you must return an error. In the NSS case, we
+ * self-reseed with RNG_SystemRNG(). Count can be a large number. For code
+ * simplicity, we specify count with 2 components: RESEED_BYTE (which is
+ * the same as LOG256(RESEED_COUNT)) and RESEED_VALUE (which is the same as
+ * RESEED_COUNT / (256 ^ RESEED_BYTE)). Another way to look at this is
+ * RESEED_COUNT = RESEED_VALUE * (256 ^ RESEED_BYTE). For Hash based DRBG
+ * we use the maximum count value, 2^48, or RESEED_BYTE=6 and RESEED_VALUE=1
+ */
+#define RESEED_BYTE 6
+#define RESEED_VALUE 1
+
+#define PRNG_RESET_RESEED_COUNT(rng)                                    \
+    PORT_Memset((rng)->reseed_counter, 0, sizeof(rng)->reseed_counter); \
+    (rng)->reseed_counter[RESEED_BYTE] = 1;
+
+/*
+ * The actual values of this enum are specified in SP 800-90, 10.1.1.*
+ * The spec does not name the types, it only uses bare values
+ */
+typedef enum {
+    prngCGenerateType = 0,      /* used when creating a new 'C' */
+    prngReseedType = 1,         /* used in reseeding */
+    prngAdditionalDataType = 2, /* used in mixing additional data */
+    prngGenerateByteType = 3    /* used when mixing internal state while
+                 * generating bytes */
+} prngVTypes;
+
+/*
+ * Global RNG context
+ */
+struct RNGContextStr {
+    PZLock *lock; /* Lock to serialize access to global rng */
+    /*
+     * NOTE, a number of steps in the drbg algorithm need to hash
+     * V_type || V. The code, therefore, depends on the V array following
+     * immediately after V_type to avoid extra copies. To accomplish this
+     * in a way that compiliers can't perturb, we declare V_type and V
+     * as a V_Data array and reference them by macros */
+    PRUint8 V_Data[PRNG_SEEDLEN + 1]; /* internal state variables */
+#define V_type V_Data[0]
+#define V(rng) (((rng)->V_Data) + 1)
+#define VSize(rng) ((sizeof(rng)->V_Data) - 1)
+    PRUint8 C[PRNG_SEEDLEN];           /* internal state variables */
+    PRUint8 lastOutput[SHA256_LENGTH]; /* for continuous rng checking */
+    /* If we get calls for the PRNG to return less than the length of our
+     * hash, we extend the request for a full hash (since we'll be doing
+     * the full hash anyway). Future requests for random numbers are fulfilled
+     * from the remainder of the bytes we generated. Requests for bytes longer
+     * than the hash size are fulfilled directly from the HashGen function
+     * of the random number generator. */
+    PRUint8 reseed_counter[RESEED_BYTE + 1]; /* number of requests since the
+                                              * last reseed. Need only be
+                                              * big enough to hold the whole
+                                              * reseed count */
+    PRUint8 data[SHA256_LENGTH];             /* when we request less than a block
+                                              * save the rest of the rng output for
+                                              * another partial block */
+    PRUint8 dataAvail;                       /* # bytes of output available in our cache,
+                                              * [0...SHA256_LENGTH] */
+    /* store additional data that has been shovelled off to us by
+     * RNG_RandomUpdate. */
+    PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE];
+    PRUint32 additionalAvail;
+    PRBool isValid;   /* false if RNG reaches an invalid state */
+    PRBool isKatTest; /* true if running NIST PRNG KAT tests */
+};
+
+typedef struct RNGContextStr RNGContext;
+static RNGContext *globalrng = NULL;
+static RNGContext theGlobalRng;
+
+/*
+ * The next several functions are derived from the NIST SP 800-90
+ * spec. In these functions, an attempt was made to use names consistent
+ * with the names in the spec, even if they differ from normal NSS usage.
+ */
+
+/*
+ * Hash Derive function defined in NISP SP 800-90 Section 10.4.1.
+ * This function is used in the Instantiate and Reseed functions.
+ *
+ * NOTE: requested_bytes cannot overlap with input_string_1 or input_string_2.
+ * input_string_1 and input_string_2 are logically concatentated.
+ * input_string_1 must be supplied.
+ * if input_string_2 is not supplied, NULL should be passed for this parameter.
+ */
+static SECStatus
+prng_Hash_df(PRUint8 *requested_bytes, unsigned int no_of_bytes_to_return,
+             const PRUint8 *input_string_1, unsigned int input_string_1_len,
+             const PRUint8 *input_string_2, unsigned int input_string_2_len)
+{
+    SHA256Context ctx;
+    PRUint32 tmp;
+    PRUint8 counter;
+
+    tmp = SHA_HTONL(no_of_bytes_to_return * 8);
+
+    for (counter = 1; no_of_bytes_to_return > 0; counter++) {
+        unsigned int hash_return_len;
+        SHA256_Begin(&ctx);
+        SHA256_Update(&ctx, &counter, 1);
+        SHA256_Update(&ctx, (unsigned char *)&tmp, sizeof tmp);
+        SHA256_Update(&ctx, input_string_1, input_string_1_len);
+        if (input_string_2) {
+            SHA256_Update(&ctx, input_string_2, input_string_2_len);
+        }
+        SHA256_End(&ctx, requested_bytes, &hash_return_len,
+                   no_of_bytes_to_return);
+        requested_bytes += hash_return_len;
+        no_of_bytes_to_return -= hash_return_len;
+    }
+    return SECSuccess;
+}
+
+/*
+ * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2
+ *
+ * NOTE: bytes & len are entropy || nonce || personalization_string. In
+ * normal operation, NSS calculates them all together in a single call.
+ */
+static SECStatus
+prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len)
+{
+    if (!rng->isKatTest && len < PRNG_SEEDLEN) {
+        /* If the seedlen is too small, it's probably because we failed to get
+         * enough random data.
+         * This is stricter than NIST SP800-90A requires. Don't enforce it for
+         * tests. */
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        return SECFailure;
+    }
+    prng_Hash_df(V(rng), VSize(rng), bytes, len, NULL, 0);
+    rng->V_type = prngCGenerateType;
+    prng_Hash_df(rng->C, sizeof rng->C, rng->V_Data, sizeof rng->V_Data, NULL, 0);
+    PRNG_RESET_RESEED_COUNT(rng)
+    return SECSuccess;
+}
+
+/*
+ * Update the global random number generator with more seeding
+ * material. Use the Hash_DRBG reseed algorithm from NIST SP-800-90
+ * section 10.1.1.3
+ *
+ * If entropy is NULL, it is fetched from the noise generator.
+ */
+static SECStatus
+prng_reseed(RNGContext *rng, const PRUint8 *entropy, unsigned int entropy_len,
+            const PRUint8 *additional_input, unsigned int additional_input_len)
+{
+    PRUint8 noiseData[(sizeof rng->V_Data) + PRNG_SEEDLEN];
+    PRUint8 *noise = &noiseData[0];
+
+    /* if entropy wasn't supplied, fetch it. (normal operation case) */
+    if (entropy == NULL) {
+        entropy_len = (unsigned int)RNG_SystemRNG(
+            &noiseData[sizeof rng->V_Data], PRNG_SEEDLEN);
+    } else {
+        /* NOTE: this code is only available for testing, not to applications */
+        /* if entropy was too big for the stack variable, get it from malloc */
+        if (entropy_len > PRNG_SEEDLEN) {
+            noise = PORT_Alloc(entropy_len + (sizeof rng->V_Data));
+            if (noise == NULL) {
+                return SECFailure;
+            }
+        }
+        PORT_Memcpy(&noise[sizeof rng->V_Data], entropy, entropy_len);
+    }
+
+    if (entropy_len < 256 / PR_BITS_PER_BYTE) {
+        /* noise == &noiseData[0] at this point, so nothing to free */
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        return SECFailure;
+    }
+
+    rng->V_type = prngReseedType;
+    PORT_Memcpy(noise, rng->V_Data, sizeof rng->V_Data);
+    prng_Hash_df(V(rng), VSize(rng), noise, (sizeof rng->V_Data) + entropy_len,
+                 additional_input, additional_input_len);
+    /* clear potential CSP */
+    PORT_Memset(noise, 0, (sizeof rng->V_Data) + entropy_len);
+    rng->V_type = prngCGenerateType;
+    prng_Hash_df(rng->C, sizeof rng->C, rng->V_Data, sizeof rng->V_Data, NULL, 0);
+    PRNG_RESET_RESEED_COUNT(rng)
+
+    if (noise != &noiseData[0]) {
+        PORT_Free(noise);
+    }
+    return SECSuccess;
+}
+
+/*
+ * SP 800-90 requires we rerun our health tests on reseed
+ */
+static SECStatus
+prng_reseed_test(RNGContext *rng, const PRUint8 *entropy,
+                 unsigned int entropy_len, const PRUint8 *additional_input,
+                 unsigned int additional_input_len)
+{
+    SECStatus rv;
+
+    /* do health checks in FIPS mode */
+    rv = PRNGTEST_RunHealthTests();
+    if (rv != SECSuccess) {
+        /* error set by PRNGTEST_RunHealTests() */
+        rng->isValid = PR_FALSE;
+        return SECFailure;
+    }
+    return prng_reseed(rng, entropy, entropy_len,
+                       additional_input, additional_input_len);
+}
+
+/*
+ * build some fast inline functions for adding.
+ */
+#define PRNG_ADD_CARRY_ONLY(dest, start, carry)    \
+    {                                              \
+        int k1;                                    \
+        for (k1 = start; carry && k1 >= 0; k1--) { \
+            carry = !(++dest[k1]);                 \
+        }                                          \
+    }
+
+/*
+ * NOTE: dest must be an array for the following to work.
+ */
+#define PRNG_ADD_BITS(dest, dest_len, add, len, carry)               \
+    carry = 0;                                                       \
+    PORT_Assert((dest_len) >= (len));                                \
+    {                                                                \
+        int k1, k2;                                                  \
+        for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \
+            carry += dest[k1] + add[k2];                             \
+            dest[k1] = (PRUint8)carry;                               \
+            carry >>= 8;                                             \
+        }                                                            \
+    }
+
+#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
+    PRNG_ADD_BITS(dest, dest_len, add, len, carry)               \
+    PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry)
+
+/*
+ * This function expands the internal state of the prng to fulfill any number
+ * of bytes we need for this request. We only use this call if we need more
+ * than can be supplied by a single call to SHA256_HashBuf.
+ *
+ * This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen
+ */
+static void
+prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes,
+             unsigned int no_of_returned_bytes)
+{
+    PRUint8 data[VSize(rng)];
+    PRUint8 thisHash[SHA256_LENGTH];
+    PRUint8 *lastHash = rng->lastOutput;
+
+    PORT_Memcpy(data, V(rng), VSize(rng));
+    while (no_of_returned_bytes) {
+        SHA256Context ctx;
+        unsigned int len;
+        unsigned int carry;
+
+        SHA256_Begin(&ctx);
+        SHA256_Update(&ctx, data, sizeof data);
+        SHA256_End(&ctx, thisHash, &len, SHA256_LENGTH);
+        if (PORT_Memcmp(lastHash, thisHash, len) == 0) {
+            rng->isValid = PR_FALSE;
+            break;
+        }
+        if (no_of_returned_bytes < SHA256_LENGTH) {
+            len = no_of_returned_bytes;
+        }
+        PORT_Memcpy(returned_bytes, thisHash, len);
+        lastHash = returned_bytes;
+        returned_bytes += len;
+        no_of_returned_bytes -= len;
+        /* The carry parameter is a bool (increment or not).
+     * This increments data if no_of_returned_bytes is not zero */
+        carry = no_of_returned_bytes;
+        PRNG_ADD_CARRY_ONLY(data, (sizeof data) - 1, carry);
+    }
+    PORT_Memcpy(rng->lastOutput, thisHash, SHA256_LENGTH);
+    PORT_Memset(data, 0, sizeof data);
+    PORT_Memset(thisHash, 0, sizeof thisHash);
+}
+
+/*
+ * Generates new random bytes and advances the internal prng state.
+ * additional bytes are only used in algorithm testing.
+ *
+ * This function is specified in NIST SP 800-90 section 10.1.1.4
+ */
+static SECStatus
+prng_generateNewBytes(RNGContext *rng,
+                      PRUint8 *returned_bytes, unsigned int no_of_returned_bytes,
+                      const PRUint8 *additional_input,
+                      unsigned int additional_input_len)
+{
+    PRUint8 H[SHA256_LENGTH]; /* both H and w since they
+                   * aren't used concurrently */
+    unsigned int carry;
+
+    if (!rng->isValid) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* This code only triggers during tests, normal
+     * prng operation does not use additional_input */
+    if (additional_input) {
+        SHA256Context ctx;
+/* NIST SP 800-90 defines two temporaries in their calculations,
+     * w and H. These temporaries are the same lengths, and used
+     * at different times, so we use the following macro to collapse
+     * them to the same variable, but keeping their unique names for
+     * easy comparison to the spec */
+#define w H
+        rng->V_type = prngAdditionalDataType;
+        SHA256_Begin(&ctx);
+        SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data);
+        SHA256_Update(&ctx, additional_input, additional_input_len);
+        SHA256_End(&ctx, w, NULL, sizeof w);
+        PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry)
+        PORT_Memset(w, 0, sizeof w);
+#undef w
+    }
+
+    if (no_of_returned_bytes == SHA256_LENGTH) {
+        /* short_cut to hashbuf and a couple of copies and clears */
+        SHA256_HashBuf(returned_bytes, V(rng), VSize(rng));
+        /* continuous rng check */
+        if (memcmp(rng->lastOutput, returned_bytes, SHA256_LENGTH) == 0) {
+            rng->isValid = PR_FALSE;
+        }
+        PORT_Memcpy(rng->lastOutput, returned_bytes, sizeof rng->lastOutput);
+    } else {
+        prng_Hashgen(rng, returned_bytes, no_of_returned_bytes);
+    }
+    /* advance our internal state... */
+    rng->V_type = prngGenerateByteType;
+    SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data);
+    PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry)
+    PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry);
+    PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter,
+                            sizeof rng->reseed_counter, carry)
+    carry = 1;
+    PRNG_ADD_CARRY_ONLY(rng->reseed_counter, (sizeof rng->reseed_counter) - 1, carry);
+
+    /* if the prng failed, don't return any output, signal softoken */
+    if (!rng->isValid) {
+        PORT_Memset(returned_bytes, 0, no_of_returned_bytes);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Use NSPR to prevent RNG_RNGInit from being called from separate
+ * threads, creating a race condition.
+ */
+static const PRCallOnceType pristineCallOnce;
+static PRCallOnceType coRNGInit;
+static PRStatus
+rng_init(void)
+{
+    PRUint8 bytes[PRNG_SEEDLEN * 2]; /* entropy + nonce */
+#ifndef UNSAFE_RNG_NO_URANDOM_SEED
+    unsigned int numBytes;
+    SECStatus rv = SECSuccess;
+#endif
+
+    if (globalrng == NULL) {
+        /* bytes needs to have enough space to hold
+     * a SHA256 hash value. Blow up at compile time if this isn't true */
+        PR_STATIC_ASSERT(sizeof(bytes) >= SHA256_LENGTH);
+        /* create a new global RNG context */
+        globalrng = &theGlobalRng;
+        PORT_Assert(NULL == globalrng->lock);
+        /* create a lock for it */
+        globalrng->lock = PZ_NewLock(nssILockOther);
+        if (globalrng->lock == NULL) {
+            globalrng = NULL;
+            PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+            return PR_FAILURE;
+        }
+
+#ifndef UNSAFE_RNG_NO_URANDOM_SEED
+        /* Try to get some seed data for the RNG */
+        numBytes = (unsigned int)RNG_SystemRNG(bytes, sizeof bytes);
+        PORT_Assert(numBytes == 0 || numBytes == sizeof bytes);
+        if (numBytes != 0) {
+            /* if this is our first call,  instantiate, otherwise reseed
+             * prng_instantiate gets a new clean state, we want to mix
+             * any previous entropy we may have collected */
+            if (V(globalrng)[0] == 0) {
+                rv = prng_instantiate(globalrng, bytes, numBytes);
+            } else {
+                rv = prng_reseed_test(globalrng, bytes, numBytes, NULL, 0);
+            }
+            memset(bytes, 0, numBytes);
+        } else {
+            PZ_DestroyLock(globalrng->lock);
+            globalrng->lock = NULL;
+            globalrng = NULL;
+            return PR_FAILURE;
+        }
+        if (rv != SECSuccess) {
+            return PR_FAILURE;
+        }
+#endif
+
+        /* the RNG is in a valid state */
+        globalrng->isValid = PR_TRUE;
+        globalrng->isKatTest = PR_FALSE;
+
+        /* fetch one random value so that we can populate rng->oldV for our
+         * continous random number test. */
+        prng_generateNewBytes(globalrng, bytes, SHA256_LENGTH, NULL, 0);
+
+        /* Fetch more entropy into the PRNG */
+        RNG_SystemInfoForRNG();
+    }
+    return PR_SUCCESS;
+}
+
+/*
+ * Clean up the global RNG context
+ */
+static void
+prng_freeRNGContext(RNGContext *rng)
+{
+    PRUint8 inputhash[VSize(rng) + (sizeof rng->C)];
+
+    /* destroy context lock */
+    SKIP_AFTER_FORK(PZ_DestroyLock(globalrng->lock));
+
+    /* zero global RNG context except for C & V to preserve entropy */
+    prng_Hash_df(inputhash, sizeof rng->C, rng->C, sizeof rng->C, NULL, 0);
+    prng_Hash_df(&inputhash[sizeof rng->C], VSize(rng), V(rng), VSize(rng),
+                 NULL, 0);
+    memset(rng, 0, sizeof *rng);
+    memcpy(rng->C, inputhash, sizeof rng->C);
+    memcpy(V(rng), &inputhash[sizeof rng->C], VSize(rng));
+
+    memset(inputhash, 0, sizeof inputhash);
+}
+
+/*
+ * Public functions
+ */
+
+/*
+ * Initialize the global RNG context and give it some seed input taken
+ * from the system.  This function is thread-safe and will only allow
+ * the global context to be initialized once.  The seed input is likely
+ * small, so it is imperative that RNG_RandomUpdate() be called with
+ * additional seed data before the generator is used.  A good way to
+ * provide the generator with additional entropy is to call
+ * RNG_SystemInfoForRNG().  Note that C_Initialize() does exactly that.
+ */
+SECStatus
+RNG_RNGInit(void)
+{
+    /* Allow only one call to initialize the context */
+    PR_CallOnce(&coRNGInit, rng_init);
+    /* Make sure there is a context */
+    return (globalrng != NULL) ? SECSuccess : SECFailure;
+}
+
+/*
+** Update the global random number generator with more seeding
+** material.
+*/
+SECStatus
+RNG_RandomUpdate(const void *data, size_t bytes)
+{
+    SECStatus rv;
+
+    /* Make sure our assumption that size_t is unsigned is true */
+    PR_STATIC_ASSERT(((size_t)-1) > (size_t)1);
+
+#if defined(NS_PTR_GT_32) || (defined(NSS_USE_64) && !defined(NS_PTR_LE_32))
+    /*
+     * NIST 800-90 requires us to verify our inputs. This value can
+     * come from the application, so we need to make sure it's within the
+     * spec. The spec says it must be less than 2^32 bytes (2^35 bits).
+     * This can only happen if size_t is greater than 32 bits (i.e. on
+     * most 64 bit platforms). The 90% case (perhaps 100% case), size_t
+     * is less than or equal to 32 bits if the platform is not 64 bits, and
+     * greater than 32 bits if it is a 64 bit platform. The corner
+     * cases are handled with explicit defines NS_PTR_GT_32 and NS_PTR_LE_32.
+     *
+     * In general, neither NS_PTR_GT_32 nor NS_PTR_LE_32 will need to be
+     * defined. If you trip over the next two size ASSERTS at compile time,
+     * you will need to define them for your platform.
+     *
+     * if 'sizeof(size_t) > 4' is triggered it means that we were expecting
+     *   sizeof(size_t) to be greater than 4, but it wasn't. Setting
+     *   NS_PTR_LE_32 will correct that mistake.
+     *
+     * if 'sizeof(size_t) <= 4' is triggered, it means that we were expecting
+     *   sizeof(size_t) to be less than or equal to 4, but it wasn't. Setting
+     *   NS_PTR_GT_32 will correct that mistake.
+     */
+
+    PR_STATIC_ASSERT(sizeof(size_t) > 4);
+
+    if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) {
+        bytes = PRNG_MAX_ADDITIONAL_BYTES;
+    }
+#else
+    PR_STATIC_ASSERT(sizeof(size_t) <= 4);
+#endif
+
+    PZ_Lock(globalrng->lock);
+    /* if we're passed more than our additionalDataCache, simply
+     * call reseed with that data */
+    if (bytes > sizeof(globalrng->additionalDataCache)) {
+        rv = prng_reseed_test(globalrng, NULL, 0, data, (unsigned int)bytes);
+        /* if we aren't going to fill or overflow the buffer, just cache it */
+    } else if (bytes < ((sizeof globalrng->additionalDataCache) - globalrng->additionalAvail)) {
+        PORT_Memcpy(globalrng->additionalDataCache + globalrng->additionalAvail,
+                    data, bytes);
+        globalrng->additionalAvail += (PRUint32)bytes;
+        rv = SECSuccess;
+    } else {
+        /* we are going to fill or overflow the buffer. In this case we will
+         * fill the entropy buffer, reseed with it, start a new buffer with the
+         * remainder. We know the remainder will fit in the buffer because
+         * we already handled the case where bytes > the size of the buffer.
+         */
+        size_t bufRemain = (sizeof globalrng->additionalDataCache) - globalrng->additionalAvail;
+        /* fill the rest of the buffer */
+        if (bufRemain) {
+            PORT_Memcpy(globalrng->additionalDataCache + globalrng->additionalAvail,
+                        data, bufRemain);
+            data = ((unsigned char *)data) + bufRemain;
+            bytes -= bufRemain;
+        }
+        /* reseed from buffer */
+        rv = prng_reseed_test(globalrng, NULL, 0,
+                              globalrng->additionalDataCache,
+                              sizeof globalrng->additionalDataCache);
+
+        /* copy the rest into the cache */
+        PORT_Memcpy(globalrng->additionalDataCache, data, bytes);
+        globalrng->additionalAvail = (PRUint32)bytes;
+    }
+
+    PZ_Unlock(globalrng->lock);
+    return rv;
+}
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.
+*/
+static SECStatus
+prng_GenerateGlobalRandomBytes(RNGContext *rng,
+                               void *dest, size_t len)
+{
+    SECStatus rv = SECSuccess;
+    PRUint8 *output = dest;
+    /* check for a valid global RNG context */
+    PORT_Assert(rng != NULL);
+    if (rng == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* FIPS limits the amount of entropy available in a single request */
+    if (len > PRNG_MAX_REQUEST_SIZE) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* --- LOCKED --- */
+    PZ_Lock(rng->lock);
+    /* Check the amount of seed data in the generator.  If not enough,
+     * don't produce any data.
+     */
+    if (rng->reseed_counter[0] >= RESEED_VALUE) {
+        rv = prng_reseed_test(rng, NULL, 0, NULL, 0);
+        PZ_Unlock(rng->lock);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+        RNG_SystemInfoForRNG();
+        PZ_Lock(rng->lock);
+    }
+    /*
+     * see if we have enough bytes to fulfill the request.
+     */
+    if (len <= rng->dataAvail) {
+        memcpy(output, rng->data + ((sizeof rng->data) - rng->dataAvail), len);
+        memset(rng->data + ((sizeof rng->data) - rng->dataAvail), 0, len);
+        rng->dataAvail -= len;
+        rv = SECSuccess;
+        /* if we are asking for a small number of bytes, cache the rest of
+     * the bytes */
+    } else if (len < sizeof rng->data) {
+        rv = prng_generateNewBytes(rng, rng->data, sizeof rng->data,
+                                   rng->additionalAvail ? rng->additionalDataCache : NULL,
+                                   rng->additionalAvail);
+        rng->additionalAvail = 0;
+        if (rv == SECSuccess) {
+            memcpy(output, rng->data, len);
+            memset(rng->data, 0, len);
+            rng->dataAvail = (sizeof rng->data) - len;
+        }
+        /* we are asking for lots of bytes, just ask the generator to pass them */
+    } else {
+        rv = prng_generateNewBytes(rng, output, len,
+                                   rng->additionalAvail ? rng->additionalDataCache : NULL,
+                                   rng->additionalAvail);
+        rng->additionalAvail = 0;
+    }
+    PZ_Unlock(rng->lock);
+    /* --- UNLOCKED --- */
+    return rv;
+}
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.
+*/
+SECStatus
+RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
+{
+#ifdef UNSAFE_FUZZER_MODE
+    return prng_GenerateDeterministicRandomBytes(globalrng->lock, dest, len);
+#else
+    return prng_GenerateGlobalRandomBytes(globalrng, dest, len);
+#endif
+}
+
+SECStatus
+RNG_ResetForFuzzing(void)
+{
+#ifdef UNSAFE_FUZZER_MODE
+    return prng_ResetForFuzzing(globalrng->lock);
+#else
+    return SECFailure;
+#endif
+}
+
+void
+RNG_RNGShutdown(void)
+{
+    /* check for a valid global RNG context */
+    PORT_Assert(globalrng != NULL);
+    if (globalrng == NULL) {
+        /* Should set a "not initialized" error code. */
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return;
+    }
+    /* clear */
+    prng_freeRNGContext(globalrng);
+    globalrng = NULL;
+    /* reset the callonce struct to allow a new call to RNG_RNGInit() */
+    coRNGInit = pristineCallOnce;
+}
+
+/*
+ * Test case interface. used by fips testing and power on self test
+ */
+/* make sure the test context is separate from the global context, This
+  * allows us to test the internal random number generator without losing
+  * entropy we may have previously collected. */
+RNGContext testContext;
+
+SECStatus
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
+                         const PRUint8 *nonce, unsigned int nonce_len,
+                         const PRUint8 *personal_string, unsigned int ps_len)
+{
+    testContext.isKatTest = PR_TRUE;
+    return PRNGTEST_Instantiate(entropy, entropy_len,
+                                nonce, nonce_len,
+                                personal_string, ps_len);
+}
+
+/*
+ * Test vector API. Use NIST SP 800-90 general interface so one of the
+ * other NIST SP 800-90 algorithms may be used in the future.
+ */
+SECStatus
+PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
+                     const PRUint8 *nonce, unsigned int nonce_len,
+                     const PRUint8 *personal_string, unsigned int ps_len)
+{
+    int bytes_len = entropy_len + nonce_len + ps_len;
+    PRUint8 *bytes = NULL;
+    SECStatus rv;
+
+    if (entropy_len < 256 / PR_BITS_PER_BYTE) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        return SECFailure;
+    }
+
+    bytes = PORT_Alloc(bytes_len);
+    if (bytes == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    /* concatenate the various inputs, internally NSS only instantiates with
+    * a single long string */
+    PORT_Memcpy(bytes, entropy, entropy_len);
+    if (nonce) {
+        PORT_Memcpy(&bytes[entropy_len], nonce, nonce_len);
+    } else {
+        PORT_Assert(nonce_len == 0);
+    }
+    if (personal_string) {
+        PORT_Memcpy(&bytes[entropy_len + nonce_len], personal_string, ps_len);
+    } else {
+        PORT_Assert(ps_len == 0);
+    }
+    rv = prng_instantiate(&testContext, bytes, bytes_len);
+    PORT_ZFree(bytes, bytes_len);
+    if (rv == SECFailure) {
+        return SECFailure;
+    }
+    testContext.isValid = PR_TRUE;
+    return SECSuccess;
+}
+
+SECStatus
+PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
+                const PRUint8 *additional, unsigned int additional_len)
+{
+    if (!testContext.isValid) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* This magic input tells us to set the reseed count to it's max count,
+     * so we can simulate PRNGTEST_Generate reaching max reseed count */
+    if ((entropy == NULL) && (entropy_len == 0) &&
+        (additional == NULL) && (additional_len == 0)) {
+        testContext.reseed_counter[0] = RESEED_VALUE;
+        return SECSuccess;
+    }
+    return prng_reseed(&testContext, entropy, entropy_len, additional,
+                       additional_len);
+}
+
+SECStatus
+PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
+                  const PRUint8 *additional, unsigned int additional_len)
+{
+    SECStatus rv;
+    if (!testContext.isValid) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* replicate reseed test from prng_GenerateGlobalRandomBytes */
+    if (testContext.reseed_counter[0] >= RESEED_VALUE) {
+        rv = prng_reseed(&testContext, NULL, 0, NULL, 0);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+    return prng_generateNewBytes(&testContext, bytes, bytes_len,
+                                 additional, additional_len);
+}
+
+SECStatus
+PRNGTEST_Uninstantiate()
+{
+    if (!testContext.isValid) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    PORT_Memset(&testContext, 0, sizeof testContext);
+    return SECSuccess;
+}
+
+SECStatus
+PRNGTEST_RunHealthTests()
+{
+    static const PRUint8 entropy[] = {
+        0x8e, 0x9c, 0x0d, 0x25, 0x75, 0x22, 0x04, 0xf9,
+        0xc5, 0x79, 0x10, 0x8b, 0x23, 0x79, 0x37, 0x14,
+        0x9f, 0x2c, 0xc7, 0x0b, 0x39, 0xf8, 0xee, 0xef,
+        0x95, 0x0c, 0x97, 0x59, 0xfc, 0x0a, 0x85, 0x41,
+        0x76, 0x9d, 0x6d, 0x67, 0x00, 0x4e, 0x19, 0x12,
+        0x02, 0x16, 0x53, 0xea, 0xf2, 0x73, 0xd7, 0xd6,
+        0x7f, 0x7e, 0xc8, 0xae, 0x9c, 0x09, 0x99, 0x7d,
+        0xbb, 0x9e, 0x48, 0x7f, 0xbb, 0x96, 0x46, 0xb3,
+        0x03, 0x75, 0xf8, 0xc8, 0x69, 0x45, 0x3f, 0x97,
+        0x5e, 0x2e, 0x48, 0xe1, 0x5d, 0x58, 0x97, 0x4c
+    };
+    static const PRUint8 rng_known_result[] = {
+        0x16, 0xe1, 0x8c, 0x57, 0x21, 0xd8, 0xf1, 0x7e,
+        0x5a, 0xa0, 0x16, 0x0b, 0x7e, 0xa6, 0x25, 0xb4,
+        0x24, 0x19, 0xdb, 0x54, 0xfa, 0x35, 0x13, 0x66,
+        0xbb, 0xaa, 0x2a, 0x1b, 0x22, 0x33, 0x2e, 0x4a,
+        0x14, 0x07, 0x9d, 0x52, 0xfc, 0x73, 0x61, 0x48,
+        0xac, 0xc1, 0x22, 0xfc, 0xa4, 0xfc, 0xac, 0xa4,
+        0xdb, 0xda, 0x5b, 0x27, 0x33, 0xc4, 0xb3
+    };
+    static const PRUint8 reseed_entropy[] = {
+        0xc6, 0x0b, 0x0a, 0x30, 0x67, 0x07, 0xf4, 0xe2,
+        0x24, 0xa7, 0x51, 0x6f, 0x5f, 0x85, 0x3e, 0x5d,
+        0x67, 0x97, 0xb8, 0x3b, 0x30, 0x9c, 0x7a, 0xb1,
+        0x52, 0xc6, 0x1b, 0xc9, 0x46, 0xa8, 0x62, 0x79
+    };
+    static const PRUint8 additional_input[] = {
+        0x86, 0x82, 0x28, 0x98, 0xe7, 0xcb, 0x01, 0x14,
+        0xae, 0x87, 0x4b, 0x1d, 0x99, 0x1b, 0xc7, 0x41,
+        0x33, 0xff, 0x33, 0x66, 0x40, 0x95, 0x54, 0xc6,
+        0x67, 0x4d, 0x40, 0x2a, 0x1f, 0xf9, 0xeb, 0x65
+    };
+    static const PRUint8 rng_reseed_result[] = {
+        0x02, 0x0c, 0xc6, 0x17, 0x86, 0x49, 0xba, 0xc4,
+        0x7b, 0x71, 0x35, 0x05, 0xf0, 0xdb, 0x4a, 0xc2,
+        0x2c, 0x38, 0xc1, 0xa4, 0x42, 0xe5, 0x46, 0x4a,
+        0x7d, 0xf0, 0xbe, 0x47, 0x88, 0xb8, 0x0e, 0xc6,
+        0x25, 0x2b, 0x1d, 0x13, 0xef, 0xa6, 0x87, 0x96,
+        0xa3, 0x7d, 0x5b, 0x80, 0xc2, 0x38, 0x76, 0x61,
+        0xc7, 0x80, 0x5d, 0x0f, 0x05, 0x76, 0x85
+    };
+    static const PRUint8 rng_no_reseed_result[] = {
+        0xc4, 0x40, 0x41, 0x8c, 0xbf, 0x2f, 0x70, 0x23,
+        0x88, 0xf2, 0x7b, 0x30, 0xc3, 0xca, 0x1e, 0xf3,
+        0xef, 0x53, 0x81, 0x5d, 0x30, 0xed, 0x4c, 0xf1,
+        0xff, 0x89, 0xa5, 0xee, 0x92, 0xf8, 0xc0, 0x0f,
+        0x88, 0x53, 0xdf, 0xb6, 0x76, 0xf0, 0xaa, 0xd3,
+        0x2e, 0x1d, 0x64, 0x37, 0x3e, 0xe8, 0x4a, 0x02,
+        0xff, 0x0a, 0x7f, 0xe5, 0xe9, 0x2b, 0x6d
+    };
+
+    SECStatus rng_status = SECSuccess;
+    PR_STATIC_ASSERT(sizeof(rng_known_result) >= sizeof(rng_reseed_result));
+    PRUint8 result[sizeof(rng_known_result)];
+
+    /********************************************/
+    /*   First test instantiate error path.     */
+    /*   In this case we supply enough entropy, */
+    /*   but not enough seed. This will trigger */
+    /*   the code that checks for a entropy     */
+    /*   source failure.                        */
+    /********************************************/
+    rng_status = PRNGTEST_Instantiate(entropy, 256 / PR_BITS_PER_BYTE,
+                                      NULL, 0, NULL, 0);
+    if (rng_status == SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* we failed with the proper error code, we can continue */
+
+    /********************************************/
+    /* Generate random bytes with a known seed. */
+    /********************************************/
+    rng_status = PRNGTEST_Instantiate(entropy, sizeof entropy,
+                                      NULL, 0, NULL, 0);
+    if (rng_status != SECSuccess) {
+        /* Error set by PRNGTEST_Instantiate */
+        return SECFailure;
+    }
+    rng_status = PRNGTEST_Generate(result, sizeof rng_known_result, NULL, 0);
+    if ((rng_status != SECSuccess) ||
+        (PORT_Memcmp(result, rng_known_result,
+                     sizeof rng_known_result) != 0)) {
+        PRNGTEST_Uninstantiate();
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    rng_status = PRNGTEST_Reseed(reseed_entropy, sizeof reseed_entropy,
+                                 additional_input, sizeof additional_input);
+    if (rng_status != SECSuccess) {
+        /* Error set by PRNG_Reseed */
+        PRNGTEST_Uninstantiate();
+        return SECFailure;
+    }
+    rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
+    if ((rng_status != SECSuccess) ||
+        (PORT_Memcmp(result, rng_reseed_result,
+                     sizeof rng_reseed_result) != 0)) {
+        PRNGTEST_Uninstantiate();
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* This magic forces the reseed count to it's max count, so we can see if
+     * PRNGTEST_Generate will actually when it reaches it's count */
+    rng_status = PRNGTEST_Reseed(NULL, 0, NULL, 0);
+    if (rng_status != SECSuccess) {
+        PRNGTEST_Uninstantiate();
+        /* Error set by PRNG_Reseed */
+        return SECFailure;
+    }
+    /* This generate should now reseed */
+    rng_status = PRNGTEST_Generate(result, sizeof rng_reseed_result, NULL, 0);
+    if ((rng_status != SECSuccess) ||
+        /* NOTE we fail if the result is equal to the no_reseed_result.
+         * no_reseed_result is the value we would have gotten if we didn't
+         * do an automatic reseed in PRNGTEST_Generate */
+        (PORT_Memcmp(result, rng_no_reseed_result,
+                     sizeof rng_no_reseed_result) == 0)) {
+        PRNGTEST_Uninstantiate();
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* make sure reseed fails when we don't supply enough entropy */
+    rng_status = PRNGTEST_Reseed(reseed_entropy, 4, NULL, 0);
+    if (rng_status == SECSuccess) {
+        PRNGTEST_Uninstantiate();
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (PORT_GetError() != SEC_ERROR_NEED_RANDOM) {
+        PRNGTEST_Uninstantiate();
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    rng_status = PRNGTEST_Uninstantiate();
+    if (rng_status != SECSuccess) {
+        /* Error set by PRNG_Uninstantiate */
+        return rng_status;
+    }
+    /* make sure uninstantiate fails if the contest is not initiated (also tests
+     * if the context was cleared in the previous Uninstantiate) */
+    rng_status = PRNGTEST_Uninstantiate();
+    if (rng_status == SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (PORT_GetError() != SEC_ERROR_LIBRARY_FAILURE) {
+        return rng_status;
+    }
+
+    return SECSuccess;
+}
diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c
new file mode 100644
index 0000000..9324d30
--- /dev/null
+++ b/nss/lib/freebl/dsa.c
@@ -0,0 +1,647 @@
+/*
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prerror.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "prinit.h"
+#include "blapi.h"
+#include "nssilock.h"
+#include "secitem.h"
+#include "blapi.h"
+#include "mpi.h"
+#include "secmpi.h"
+#include "pqg.h"
+
+/* XXX to be replaced by define in blapit.h */
+#define NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE 2048
+
+/*
+ * FIPS 186-2 requires result from random output to be reduced mod q when
+ * generating random numbers for DSA.
+ *
+ * Input: w, 2*qLen bytes
+ *        q, qLen bytes
+ * Output: xj, qLen bytes
+ */
+static SECStatus
+fips186Change_ReduceModQForDSA(const PRUint8 *w, const PRUint8 *q,
+                               unsigned int qLen, PRUint8 *xj)
+{
+    mp_int W, Q, Xj;
+    mp_err err;
+    SECStatus rv = SECSuccess;
+
+    /* Initialize MPI integers. */
+    MP_DIGITS(&W) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&Xj) = 0;
+    CHECK_MPI_OK(mp_init(&W));
+    CHECK_MPI_OK(mp_init(&Q));
+    CHECK_MPI_OK(mp_init(&Xj));
+    /*
+     * Convert input arguments into MPI integers.
+     */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&W, w, 2 * qLen));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&Q, q, qLen));
+
+    /*
+     * Algorithm 1 of FIPS 186-2 Change Notice 1, Step 3.3
+     *
+     * xj = (w0 || w1) mod q
+     */
+    CHECK_MPI_OK(mp_mod(&W, &Q, &Xj));
+    CHECK_MPI_OK(mp_to_fixlen_octets(&Xj, xj, qLen));
+cleanup:
+    mp_clear(&W);
+    mp_clear(&Q);
+    mp_clear(&Xj);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+ * FIPS 186-2 requires result from random output to be reduced mod q when
+ * generating random numbers for DSA.
+ */
+SECStatus
+FIPS186Change_ReduceModQForDSA(const unsigned char *w,
+                               const unsigned char *q,
+                               unsigned char *xj)
+{
+    return fips186Change_ReduceModQForDSA(w, q, DSA1_SUBPRIME_LEN, xj);
+}
+
+/*
+ * The core of Algorithm 1 of FIPS 186-2 Change Notice 1.
+ *
+ * We no longer support FIPS 186-2 RNG. This function was exported
+ * for power-up self tests and FIPS tests. Keep this stub, which fails,
+ * to prevent crashes, but also to signal to test code that FIPS 186-2
+ * RNG is no longer supported.
+ */
+SECStatus
+FIPS186Change_GenerateX(PRUint8 *XKEY, const PRUint8 *XSEEDj,
+                        PRUint8 *x_j)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+/*
+ * Specialized RNG for DSA
+ *
+ * As per Algorithm 1 of FIPS 186-2 Change Notice 1, in step 3.3 the value
+ * Xj should be reduced mod q, a 160-bit prime number.  Since this parameter
+ * is only meaningful in the context of DSA, the above RNG functions
+ * were implemented without it.  They are re-implemented below for use
+ * with DSA.
+ */
+
+/*
+** Generate some random bytes, using the global random number generator
+** object.  In DSA mode, so there is a q.
+*/
+static SECStatus
+dsa_GenerateGlobalRandomBytes(const SECItem *qItem, PRUint8 *dest,
+                              unsigned int *destLen, unsigned int maxDestLen)
+{
+    SECStatus rv;
+    SECItem w;
+    const PRUint8 *q = qItem->data;
+    unsigned int qLen = qItem->len;
+
+    if (*q == 0) {
+        ++q;
+        --qLen;
+    }
+    if (maxDestLen < qLen) {
+        /* This condition can occur when DSA_SignDigest is passed a group
+           with a subprime that is larger than DSA_MAX_SUBPRIME_LEN. */
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    w.data = NULL; /* otherwise SECITEM_AllocItem asserts */
+    if (!SECITEM_AllocItem(NULL, &w, 2 * qLen)) {
+        return SECFailure;
+    }
+    *destLen = qLen;
+
+    rv = RNG_GenerateGlobalRandomBytes(w.data, w.len);
+    if (rv == SECSuccess) {
+        rv = fips186Change_ReduceModQForDSA(w.data, q, qLen, dest);
+    }
+
+    SECITEM_FreeItem(&w, PR_FALSE);
+    return rv;
+}
+
+static void
+translate_mpi_error(mp_err err)
+{
+    MP_TO_SEC_ERROR(err);
+}
+
+static SECStatus
+dsa_NewKeyExtended(const PQGParams *params, const SECItem *seed,
+                   DSAPrivateKey **privKey)
+{
+    mp_int p, g;
+    mp_int x, y;
+    mp_err err;
+    PLArenaPool *arena;
+    DSAPrivateKey *key;
+    /* Check args. */
+    if (!params || !privKey || !seed || !seed->data) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* Initialize an arena for the DSA key. */
+    arena = PORT_NewArena(NSS_FREEBL_DSA_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    key = (DSAPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(DSAPrivateKey));
+    if (!key) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    }
+    key->params.arena = arena;
+    /* Initialize MPI integers. */
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&y) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&g));
+    CHECK_MPI_OK(mp_init(&x));
+    CHECK_MPI_OK(mp_init(&y));
+    /* Copy over the PQG params */
+    CHECK_MPI_OK(SECITEM_CopyItem(arena, &key->params.prime,
+                                  &params->prime));
+    CHECK_MPI_OK(SECITEM_CopyItem(arena, &key->params.subPrime,
+                                  &params->subPrime));
+    CHECK_MPI_OK(SECITEM_CopyItem(arena, &key->params.base, &params->base));
+    /* Convert stored p, g, and received x into MPI integers. */
+    SECITEM_TO_MPINT(params->prime, &p);
+    SECITEM_TO_MPINT(params->base, &g);
+    OCTETS_TO_MPINT(seed->data, &x, seed->len);
+    /* Store x in private key */
+    SECITEM_AllocItem(arena, &key->privateValue, seed->len);
+    PORT_Memcpy(key->privateValue.data, seed->data, seed->len);
+    /* Compute public key y = g**x mod p */
+    CHECK_MPI_OK(mp_exptmod(&g, &x, &p, &y));
+    /* Store y in public key */
+    MPINT_TO_SECITEM(&y, &key->publicValue, arena);
+    *privKey = key;
+    key = NULL;
+cleanup:
+    mp_clear(&p);
+    mp_clear(&g);
+    mp_clear(&x);
+    mp_clear(&y);
+    if (key)
+        PORT_FreeArena(key->params.arena, PR_TRUE);
+    if (err) {
+        translate_mpi_error(err);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+DSA_NewRandom(PLArenaPool *arena, const SECItem *q, SECItem *seed)
+{
+    int retries = 10;
+    unsigned int i;
+    PRBool good;
+
+    if (q == NULL || q->data == NULL || q->len == 0 ||
+        (q->data[0] == 0 && q->len == 1)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!SECITEM_AllocItem(arena, seed, q->len)) {
+        return SECFailure;
+    }
+
+    do {
+        /* Generate seed bytes for x according to FIPS 186-1 appendix 3 */
+        if (dsa_GenerateGlobalRandomBytes(q, seed->data, &seed->len,
+                                          seed->len)) {
+            goto loser;
+        }
+        /* Disallow values of 0 and 1 for x. */
+        good = PR_FALSE;
+        for (i = 0; i < seed->len - 1; i++) {
+            if (seed->data[i] != 0) {
+                good = PR_TRUE;
+                break;
+            }
+        }
+        if (!good && seed->data[i] > 1) {
+            good = PR_TRUE;
+        }
+    } while (!good && --retries > 0);
+
+    if (!good) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+    loser:
+        if (arena != NULL) {
+            SECITEM_FreeItem(seed, PR_FALSE);
+        }
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/*
+** Generate and return a new DSA public and private key pair,
+**  both of which are encoded into a single DSAPrivateKey struct.
+**  "params" is a pointer to the PQG parameters for the domain
+**  Uses a random seed.
+*/
+SECStatus
+DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
+{
+    SECItem seed;
+    SECStatus rv;
+
+    rv = PQG_Check(params);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    seed.data = NULL;
+
+    rv = DSA_NewRandom(NULL, &params->subPrime, &seed);
+    if (rv == SECSuccess) {
+        if (seed.len != PQG_GetLength(&params->subPrime)) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        } else {
+            rv = dsa_NewKeyExtended(params, &seed, privKey);
+        }
+    }
+    SECITEM_FreeItem(&seed, PR_FALSE);
+    return rv;
+}
+
+/* For FIPS compliance testing. Seed must be exactly the size of subPrime  */
+SECStatus
+DSA_NewKeyFromSeed(const PQGParams *params,
+                   const unsigned char *seed,
+                   DSAPrivateKey **privKey)
+{
+    SECItem seedItem;
+    seedItem.data = (unsigned char *)seed;
+    seedItem.len = PQG_GetLength(&params->subPrime);
+    return dsa_NewKeyExtended(params, &seedItem, privKey);
+}
+
+static SECStatus
+dsa_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest,
+               const unsigned char *kb)
+{
+    mp_int p, q, g; /* PQG parameters */
+    mp_int x, k;    /* private key & pseudo-random integer */
+    mp_int r, s;    /* tuple (r, s) is signature) */
+    mp_int t;       /* holding tmp values */
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    unsigned int dsa_subprime_len, dsa_signature_len, offset;
+    SECItem localDigest;
+    unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN];
+    SECItem t2 = { siBuffer, NULL, 0 };
+
+    /* FIPS-compliance dictates that digest is a SHA hash. */
+    /* Check args. */
+    if (!key || !signature || !digest) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    dsa_subprime_len = PQG_GetLength(&key->params.subPrime);
+    dsa_signature_len = dsa_subprime_len * 2;
+    if ((signature->len < dsa_signature_len) ||
+        (digest->len > HASH_LENGTH_MAX) ||
+        (digest->len < SHA1_LENGTH)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* DSA accepts digests not equal to dsa_subprime_len, if the
+     * digests are greater, then they are truncated to the size of
+     * dsa_subprime_len, using the left most bits. If they are less
+     * then they are padded on the left.*/
+    PORT_Memset(localDigestData, 0, dsa_subprime_len);
+    offset = (digest->len < dsa_subprime_len) ? (dsa_subprime_len - digest->len) : 0;
+    PORT_Memcpy(localDigestData + offset, digest->data,
+                dsa_subprime_len - offset);
+    localDigest.data = localDigestData;
+    localDigest.len = dsa_subprime_len;
+
+    /* Initialize MPI integers. */
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&k) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&s) = 0;
+    MP_DIGITS(&t) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&g));
+    CHECK_MPI_OK(mp_init(&x));
+    CHECK_MPI_OK(mp_init(&k));
+    CHECK_MPI_OK(mp_init(&r));
+    CHECK_MPI_OK(mp_init(&s));
+    CHECK_MPI_OK(mp_init(&t));
+    /*
+    ** Convert stored PQG and private key into MPI integers.
+    */
+    SECITEM_TO_MPINT(key->params.prime, &p);
+    SECITEM_TO_MPINT(key->params.subPrime, &q);
+    SECITEM_TO_MPINT(key->params.base, &g);
+    SECITEM_TO_MPINT(key->privateValue, &x);
+    OCTETS_TO_MPINT(kb, &k, dsa_subprime_len);
+    /*
+    ** FIPS 186-1, Section 5, Step 1
+    **
+    ** r = (g**k mod p) mod q
+    */
+    CHECK_MPI_OK(mp_exptmod(&g, &k, &p, &r)); /* r = g**k mod p */
+    CHECK_MPI_OK(mp_mod(&r, &q, &r));         /* r = r mod q    */
+    /*
+    ** FIPS 186-1, Section 5, Step 2
+    **
+    ** s = (k**-1 * (HASH(M) + x*r)) mod q
+    */
+    if (DSA_NewRandom(NULL, &key->params.subPrime, &t2) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    SECITEM_TO_MPINT(t2, &t);                /* t <-$ Zq */
+    CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+    CHECK_MPI_OK(mp_invmod(&k, &q, &k));     /* k = k**-1 mod q */
+    CHECK_MPI_OK(mp_mulmod(&k, &t, &q, &k)); /* k = k * t mod q */
+    SECITEM_TO_MPINT(localDigest, &s);       /* s = HASH(M)     */
+    CHECK_MPI_OK(mp_mulmod(&x, &r, &q, &x)); /* x = x * r mod q */
+    CHECK_MPI_OK(mp_addmod(&s, &x, &q, &s)); /* s = s + x mod q */
+    CHECK_MPI_OK(mp_mulmod(&s, &k, &q, &s)); /* s = s * k mod q */
+    /*
+    ** verify r != 0 and s != 0
+    ** mentioned as optional in FIPS 186-1.
+    */
+    if (mp_cmp_z(&r) == 0 || mp_cmp_z(&s) == 0) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    /*
+    ** Step 4
+    **
+    ** Signature is tuple (r, s)
+    */
+    err = mp_to_fixlen_octets(&r, signature->data, dsa_subprime_len);
+    if (err < 0)
+        goto cleanup;
+    err = mp_to_fixlen_octets(&s, signature->data + dsa_subprime_len,
+                              dsa_subprime_len);
+    if (err < 0)
+        goto cleanup;
+    err = MP_OKAY;
+    signature->len = dsa_signature_len;
+cleanup:
+    PORT_Memset(localDigestData, 0, DSA_MAX_SUBPRIME_LEN);
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&g);
+    mp_clear(&x);
+    mp_clear(&k);
+    mp_clear(&r);
+    mp_clear(&s);
+    mp_clear(&t);
+    SECITEM_FreeItem(&t2, PR_FALSE);
+    if (err) {
+        translate_mpi_error(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/* signature is caller-supplied buffer of at least 40 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+** On output, signature->len == size of signature in buffer.
+** Uses a random seed.
+*/
+SECStatus
+DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest)
+{
+    SECStatus rv;
+    int retries = 10;
+    unsigned char kSeed[DSA_MAX_SUBPRIME_LEN];
+    unsigned int kSeedLen = 0;
+    unsigned int i;
+    unsigned int dsa_subprime_len = PQG_GetLength(&key->params.subPrime);
+    PRBool good;
+
+    PORT_SetError(0);
+    do {
+        rv = dsa_GenerateGlobalRandomBytes(&key->params.subPrime,
+                                           kSeed, &kSeedLen, sizeof kSeed);
+        if (rv != SECSuccess)
+            break;
+        if (kSeedLen != dsa_subprime_len) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+            break;
+        }
+        /* Disallow a value of 0 for k. */
+        good = PR_FALSE;
+        for (i = 0; i < kSeedLen; i++) {
+            if (kSeed[i] != 0) {
+                good = PR_TRUE;
+                break;
+            }
+        }
+        if (!good) {
+            PORT_SetError(SEC_ERROR_NEED_RANDOM);
+            rv = SECFailure;
+            continue;
+        }
+        rv = dsa_SignDigest(key, signature, digest, kSeed);
+    } while (rv != SECSuccess && PORT_GetError() == SEC_ERROR_NEED_RANDOM &&
+             --retries > 0);
+    return rv;
+}
+
+/* For FIPS compliance testing. Seed must be exactly 20 bytes. */
+SECStatus
+DSA_SignDigestWithSeed(DSAPrivateKey *key,
+                       SECItem *signature,
+                       const SECItem *digest,
+                       const unsigned char *seed)
+{
+    SECStatus rv;
+    rv = dsa_SignDigest(key, signature, digest, seed);
+    return rv;
+}
+
+/* signature is caller-supplied buffer of at least 20 bytes.
+** On input,  signature->len == size of buffer to hold signature.
+**            digest->len    == size of digest.
+*/
+SECStatus
+DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
+                 const SECItem *digest)
+{
+    /* FIPS-compliance dictates that digest is a SHA hash. */
+    mp_int p, q, g;      /* PQG parameters */
+    mp_int r_, s_;       /* tuple (r', s') is received signature) */
+    mp_int u1, u2, v, w; /* intermediate values used in verification */
+    mp_int y;            /* public key */
+    mp_err err;
+    unsigned int dsa_subprime_len, dsa_signature_len, offset;
+    SECItem localDigest;
+    unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN];
+    SECStatus verified = SECFailure;
+
+    /* Check args. */
+    if (!key || !signature || !digest) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    dsa_subprime_len = PQG_GetLength(&key->params.subPrime);
+    dsa_signature_len = dsa_subprime_len * 2;
+    if ((signature->len != dsa_signature_len) ||
+        (digest->len > HASH_LENGTH_MAX) ||
+        (digest->len < SHA1_LENGTH)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* DSA accepts digests not equal to dsa_subprime_len, if the
+     * digests are greater, than they are truncated to the size of
+     * dsa_subprime_len, using the left most bits. If they are less
+     * then they are padded on the left.*/
+    PORT_Memset(localDigestData, 0, dsa_subprime_len);
+    offset = (digest->len < dsa_subprime_len) ? (dsa_subprime_len - digest->len) : 0;
+    PORT_Memcpy(localDigestData + offset, digest->data,
+                dsa_subprime_len - offset);
+    localDigest.data = localDigestData;
+    localDigest.len = dsa_subprime_len;
+
+    /* Initialize MPI integers. */
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&y) = 0;
+    MP_DIGITS(&r_) = 0;
+    MP_DIGITS(&s_) = 0;
+    MP_DIGITS(&u1) = 0;
+    MP_DIGITS(&u2) = 0;
+    MP_DIGITS(&v) = 0;
+    MP_DIGITS(&w) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&g));
+    CHECK_MPI_OK(mp_init(&y));
+    CHECK_MPI_OK(mp_init(&r_));
+    CHECK_MPI_OK(mp_init(&s_));
+    CHECK_MPI_OK(mp_init(&u1));
+    CHECK_MPI_OK(mp_init(&u2));
+    CHECK_MPI_OK(mp_init(&v));
+    CHECK_MPI_OK(mp_init(&w));
+    /*
+    ** Convert stored PQG and public key into MPI integers.
+    */
+    SECITEM_TO_MPINT(key->params.prime, &p);
+    SECITEM_TO_MPINT(key->params.subPrime, &q);
+    SECITEM_TO_MPINT(key->params.base, &g);
+    SECITEM_TO_MPINT(key->publicValue, &y);
+    /*
+    ** Convert received signature (r', s') into MPI integers.
+    */
+    OCTETS_TO_MPINT(signature->data, &r_, dsa_subprime_len);
+    OCTETS_TO_MPINT(signature->data + dsa_subprime_len, &s_, dsa_subprime_len);
+    /*
+    ** Verify that 0 < r' < q and 0 < s' < q
+    */
+    if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
+        mp_cmp(&r_, &q) >= 0 || mp_cmp(&s_, &q) >= 0) {
+        /* err is zero here. */
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        goto cleanup; /* will return verified == SECFailure */
+    }
+    /*
+    ** FIPS 186-1, Section 6, Step 1
+    **
+    ** w = (s')**-1 mod q
+    */
+    CHECK_MPI_OK(mp_invmod(&s_, &q, &w)); /* w = (s')**-1 mod q */
+    /*
+    ** FIPS 186-1, Section 6, Step 2
+    **
+    ** u1 = ((Hash(M')) * w) mod q
+    */
+    SECITEM_TO_MPINT(localDigest, &u1);        /* u1 = HASH(M')     */
+    CHECK_MPI_OK(mp_mulmod(&u1, &w, &q, &u1)); /* u1 = u1 * w mod q */
+    /*
+    ** FIPS 186-1, Section 6, Step 3
+    **
+    ** u2 = ((r') * w) mod q
+    */
+    CHECK_MPI_OK(mp_mulmod(&r_, &w, &q, &u2));
+    /*
+    ** FIPS 186-1, Section 6, Step 4
+    **
+    ** v = ((g**u1 * y**u2) mod p) mod q
+    */
+    CHECK_MPI_OK(mp_exptmod(&g, &u1, &p, &g)); /* g = g**u1 mod p */
+    CHECK_MPI_OK(mp_exptmod(&y, &u2, &p, &y)); /* y = y**u2 mod p */
+    CHECK_MPI_OK(mp_mulmod(&g, &y, &p, &v));   /* v = g * y mod p */
+    CHECK_MPI_OK(mp_mod(&v, &q, &v));          /* v = v mod q     */
+    /*
+    ** Verification:  v == r'
+    */
+    if (mp_cmp(&v, &r_)) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        verified = SECFailure; /* Signature failed to verify. */
+    } else {
+        verified = SECSuccess; /* Signature verified. */
+    }
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&g);
+    mp_clear(&y);
+    mp_clear(&r_);
+    mp_clear(&s_);
+    mp_clear(&u1);
+    mp_clear(&u2);
+    mp_clear(&v);
+    mp_clear(&w);
+    if (err) {
+        translate_mpi_error(err);
+    }
+    return verified;
+}
diff --git a/nss/lib/freebl/ec.c b/nss/lib/freebl/ec.c
new file mode 100644
index 0000000..669c9b1
--- /dev/null
+++ b/nss/lib/freebl/ec.c
@@ -0,0 +1,1169 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "prerr.h"
+#include "secerr.h"
+#include "secmpi.h"
+#include "secitem.h"
+#include "mplogic.h"
+#include "ec.h"
+#include "ecl.h"
+
+#ifndef NSS_DISABLE_ECC
+
+static const ECMethod kMethods[] = {
+    { ECCurve25519,
+      ec_Curve25519_pt_mul,
+      ec_Curve25519_pt_validate }
+};
+
+static const ECMethod *
+ec_get_method_from_name(ECCurveName name)
+{
+    int i;
+    for (i = 0; i < sizeof(kMethods) / sizeof(kMethods[0]); ++i) {
+        if (kMethods[i].name == name) {
+            return &kMethods[i];
+        }
+    }
+    return NULL;
+}
+
+/*
+ * Returns true if pointP is the point at infinity, false otherwise
+ */
+PRBool
+ec_point_at_infinity(SECItem *pointP)
+{
+    unsigned int i;
+
+    for (i = 1; i < pointP->len; i++) {
+        if (pointP->data[i] != 0x00)
+            return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+/*
+ * Computes scalar point multiplication pointQ = k1 * G + k2 * pointP for
+ * the curve whose parameters are encoded in params with base point G.
+ */
+SECStatus
+ec_points_mul(const ECParams *params, const mp_int *k1, const mp_int *k2,
+              const SECItem *pointP, SECItem *pointQ)
+{
+    mp_int Px, Py, Qx, Qy;
+    mp_int Gx, Gy, order, irreducible, a, b;
+    ECGroup *group = NULL;
+    SECStatus rv = SECFailure;
+    mp_err err = MP_OKAY;
+    int len;
+
+#if EC_DEBUG
+    int i;
+    char mpstr[256];
+
+    printf("ec_points_mul: params [len=%d]:", params->DEREncoding.len);
+    for (i = 0; i < params->DEREncoding.len; i++)
+        printf("%02x:", params->DEREncoding.data[i]);
+    printf("\n");
+
+    if (k1 != NULL) {
+        mp_tohex((mp_int *)k1, mpstr);
+        printf("ec_points_mul: scalar k1: %s\n", mpstr);
+        mp_todecimal((mp_int *)k1, mpstr);
+        printf("ec_points_mul: scalar k1: %s (dec)\n", mpstr);
+    }
+
+    if (k2 != NULL) {
+        mp_tohex((mp_int *)k2, mpstr);
+        printf("ec_points_mul: scalar k2: %s\n", mpstr);
+        mp_todecimal((mp_int *)k2, mpstr);
+        printf("ec_points_mul: scalar k2: %s (dec)\n", mpstr);
+    }
+
+    if (pointP != NULL) {
+        printf("ec_points_mul: pointP [len=%d]:", pointP->len);
+        for (i = 0; i < pointP->len; i++)
+            printf("%02x:", pointP->data[i]);
+        printf("\n");
+    }
+#endif
+
+    /* NOTE: We only support uncompressed points for now */
+    len = (params->fieldID.size + 7) >> 3;
+    if (pointP != NULL) {
+        if ((pointP->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
+            (pointP->len != (2 * len + 1))) {
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
+            return SECFailure;
+        };
+    }
+
+    MP_DIGITS(&Px) = 0;
+    MP_DIGITS(&Py) = 0;
+    MP_DIGITS(&Qx) = 0;
+    MP_DIGITS(&Qy) = 0;
+    MP_DIGITS(&Gx) = 0;
+    MP_DIGITS(&Gy) = 0;
+    MP_DIGITS(&order) = 0;
+    MP_DIGITS(&irreducible) = 0;
+    MP_DIGITS(&a) = 0;
+    MP_DIGITS(&b) = 0;
+    CHECK_MPI_OK(mp_init(&Px));
+    CHECK_MPI_OK(mp_init(&Py));
+    CHECK_MPI_OK(mp_init(&Qx));
+    CHECK_MPI_OK(mp_init(&Qy));
+    CHECK_MPI_OK(mp_init(&Gx));
+    CHECK_MPI_OK(mp_init(&Gy));
+    CHECK_MPI_OK(mp_init(&order));
+    CHECK_MPI_OK(mp_init(&irreducible));
+    CHECK_MPI_OK(mp_init(&a));
+    CHECK_MPI_OK(mp_init(&b));
+
+    if ((k2 != NULL) && (pointP != NULL)) {
+        /* Initialize Px and Py */
+        CHECK_MPI_OK(mp_read_unsigned_octets(&Px, pointP->data + 1, (mp_size)len));
+        CHECK_MPI_OK(mp_read_unsigned_octets(&Py, pointP->data + 1 + len, (mp_size)len));
+    }
+
+    /* construct from named params, if possible */
+    if (params->name != ECCurve_noName) {
+        group = ECGroup_fromName(params->name);
+    }
+
+    if (group == NULL)
+        goto cleanup;
+
+    if ((k2 != NULL) && (pointP != NULL)) {
+        CHECK_MPI_OK(ECPoints_mul(group, k1, k2, &Px, &Py, &Qx, &Qy));
+    } else {
+        CHECK_MPI_OK(ECPoints_mul(group, k1, NULL, NULL, NULL, &Qx, &Qy));
+    }
+
+    /* Construct the SECItem representation of point Q */
+    pointQ->data[0] = EC_POINT_FORM_UNCOMPRESSED;
+    CHECK_MPI_OK(mp_to_fixlen_octets(&Qx, pointQ->data + 1,
+                                     (mp_size)len));
+    CHECK_MPI_OK(mp_to_fixlen_octets(&Qy, pointQ->data + 1 + len,
+                                     (mp_size)len));
+
+    rv = SECSuccess;
+
+#if EC_DEBUG
+    printf("ec_points_mul: pointQ [len=%d]:", pointQ->len);
+    for (i = 0; i < pointQ->len; i++)
+        printf("%02x:", pointQ->data[i]);
+    printf("\n");
+#endif
+
+cleanup:
+    ECGroup_free(group);
+    mp_clear(&Px);
+    mp_clear(&Py);
+    mp_clear(&Qx);
+    mp_clear(&Qy);
+    mp_clear(&Gx);
+    mp_clear(&Gy);
+    mp_clear(&order);
+    mp_clear(&irreducible);
+    mp_clear(&a);
+    mp_clear(&b);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+
+    return rv;
+}
+#endif /* NSS_DISABLE_ECC */
+
+/* Generates a new EC key pair. The private key is a supplied
+ * value and the public key is the result of performing a scalar
+ * point multiplication of that value with the curve's base point.
+ */
+SECStatus
+ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
+          const unsigned char *privKeyBytes, int privKeyLen)
+{
+    SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
+    PLArenaPool *arena;
+    ECPrivateKey *key;
+    mp_int k;
+    mp_err err = MP_OKAY;
+    int len;
+
+#if EC_DEBUG
+    printf("ec_NewKey called\n");
+#endif
+    MP_DIGITS(&k) = 0;
+
+    if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0) ||
+        !ecParams->name) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* Initialize an arena for the EC key. */
+    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
+        return SECFailure;
+
+    key = (ECPrivateKey *)PORT_ArenaZAlloc(arena, sizeof(ECPrivateKey));
+    if (!key) {
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    }
+
+    /* Set the version number (SEC 1 section C.4 says it should be 1) */
+    SECITEM_AllocItem(arena, &key->version, 1);
+    key->version.data[0] = 1;
+
+    /* Copy all of the fields from the ECParams argument to the
+     * ECParams structure within the private key.
+     */
+    key->ecParams.arena = arena;
+    key->ecParams.type = ecParams->type;
+    key->ecParams.fieldID.size = ecParams->fieldID.size;
+    key->ecParams.fieldID.type = ecParams->fieldID.type;
+    if (ecParams->fieldID.type == ec_field_GFp ||
+        ecParams->fieldID.type == ec_field_plain) {
+        CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.prime,
+                                      &ecParams->fieldID.u.prime));
+    } else {
+        CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.fieldID.u.poly,
+                                      &ecParams->fieldID.u.poly));
+    }
+    key->ecParams.fieldID.k1 = ecParams->fieldID.k1;
+    key->ecParams.fieldID.k2 = ecParams->fieldID.k2;
+    key->ecParams.fieldID.k3 = ecParams->fieldID.k3;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.a,
+                                  &ecParams->curve.a));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.b,
+                                  &ecParams->curve.b));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curve.seed,
+                                  &ecParams->curve.seed));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.base,
+                                  &ecParams->base));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.order,
+                                  &ecParams->order));
+    key->ecParams.cofactor = ecParams->cofactor;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.DEREncoding,
+                                  &ecParams->DEREncoding));
+    key->ecParams.name = ecParams->name;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &key->ecParams.curveOID,
+                                  &ecParams->curveOID));
+
+    SECITEM_AllocItem(arena, &key->publicValue, EC_GetPointSize(ecParams));
+    len = ecParams->order.len;
+    SECITEM_AllocItem(arena, &key->privateValue, len);
+
+    /* Copy private key */
+    if (privKeyLen >= len) {
+        memcpy(key->privateValue.data, privKeyBytes, len);
+    } else {
+        memset(key->privateValue.data, 0, (len - privKeyLen));
+        memcpy(key->privateValue.data + (len - privKeyLen), privKeyBytes, privKeyLen);
+    }
+
+    /* Compute corresponding public key */
+
+    /* Use curve specific code for point multiplication */
+    if (ecParams->fieldID.type == ec_field_plain) {
+        const ECMethod *method = ec_get_method_from_name(ecParams->name);
+        if (method == NULL || method->mul == NULL) {
+            /* unknown curve */
+            rv = SECFailure;
+            goto cleanup;
+        }
+        rv = method->mul(&key->publicValue, &key->privateValue, NULL);
+        goto done;
+    }
+
+    CHECK_MPI_OK(mp_init(&k));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&k, key->privateValue.data,
+                                         (mp_size)len));
+
+    rv = ec_points_mul(ecParams, &k, NULL, NULL, &(key->publicValue));
+    if (rv != SECSuccess) {
+        goto cleanup;
+    }
+
+done:
+    *privKey = key;
+
+cleanup:
+    mp_clear(&k);
+    if (rv) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+
+#if EC_DEBUG
+    printf("ec_NewKey returning %s\n",
+           (rv == SECSuccess) ? "success" : "failure");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
+
+    return rv;
+}
+
+/* Generates a new EC key pair. The private key is a supplied
+ * random value (in seed) and the public key is the result of
+ * performing a scalar point multiplication of that value with
+ * the curve's base point.
+ */
+SECStatus
+EC_NewKeyFromSeed(ECParams *ecParams, ECPrivateKey **privKey,
+                  const unsigned char *seed, int seedlen)
+{
+    SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
+    rv = ec_NewKey(ecParams, privKey, seed, seedlen);
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
+    return rv;
+}
+
+#ifndef NSS_DISABLE_ECC
+/* Generate a random private key using the algorithm A.4.1 of ANSI X9.62,
+ * modified a la FIPS 186-2 Change Notice 1 to eliminate the bias in the
+ * random number generator.
+ *
+ * Parameters
+ * - order: a buffer that holds the curve's group order
+ * - len: the length in octets of the order buffer
+ *
+ * Return Value
+ * Returns a buffer of len octets that holds the private key. The caller
+ * is responsible for freeing the buffer with PORT_ZFree.
+ */
+static unsigned char *
+ec_GenerateRandomPrivateKey(const unsigned char *order, int len)
+{
+    SECStatus rv = SECSuccess;
+    mp_err err;
+    unsigned char *privKeyBytes = NULL;
+    mp_int privKeyVal, order_1, one;
+
+    MP_DIGITS(&privKeyVal) = 0;
+    MP_DIGITS(&order_1) = 0;
+    MP_DIGITS(&one) = 0;
+    CHECK_MPI_OK(mp_init(&privKeyVal));
+    CHECK_MPI_OK(mp_init(&order_1));
+    CHECK_MPI_OK(mp_init(&one));
+
+    /* Generates 2*len random bytes using the global random bit generator
+     * (which implements Algorithm 1 of FIPS 186-2 Change Notice 1) then
+     * reduces modulo the group order.
+     */
+    if ((privKeyBytes = PORT_Alloc(2 * len)) == NULL)
+        goto cleanup;
+    CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(privKeyBytes, 2 * len));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&privKeyVal, privKeyBytes, 2 * len));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&order_1, order, len));
+    CHECK_MPI_OK(mp_set_int(&one, 1));
+    CHECK_MPI_OK(mp_sub(&order_1, &one, &order_1));
+    CHECK_MPI_OK(mp_mod(&privKeyVal, &order_1, &privKeyVal));
+    CHECK_MPI_OK(mp_add(&privKeyVal, &one, &privKeyVal));
+    CHECK_MPI_OK(mp_to_fixlen_octets(&privKeyVal, privKeyBytes, len));
+    memset(privKeyBytes + len, 0, len);
+cleanup:
+    mp_clear(&privKeyVal);
+    mp_clear(&order_1);
+    mp_clear(&one);
+    if (err < MP_OKAY) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv != SECSuccess && privKeyBytes) {
+        PORT_ZFree(privKeyBytes, 2 * len);
+        privKeyBytes = NULL;
+    }
+    return privKeyBytes;
+}
+#endif /* NSS_DISABLE_ECC */
+
+/* Generates a new EC key pair. The private key is a random value and
+ * the public key is the result of performing a scalar point multiplication
+ * of that value with the curve's base point.
+ */
+SECStatus
+EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
+{
+    SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
+    int len;
+    unsigned char *privKeyBytes = NULL;
+
+    if (!ecParams) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    len = ecParams->order.len;
+    privKeyBytes = ec_GenerateRandomPrivateKey(ecParams->order.data, len);
+    if (privKeyBytes == NULL)
+        goto cleanup;
+    /* generate public key */
+    CHECK_SEC_OK(ec_NewKey(ecParams, privKey, privKeyBytes, len));
+
+cleanup:
+    if (privKeyBytes) {
+        PORT_ZFree(privKeyBytes, len);
+    }
+#if EC_DEBUG
+    printf("EC_NewKey returning %s\n",
+           (rv == SECSuccess) ? "success" : "failure");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
+
+    return rv;
+}
+
+/* Validates an EC public key as described in Section 5.2.2 of
+ * X9.62. The ECDH primitive when used without the cofactor does
+ * not address small subgroup attacks, which may occur when the
+ * public key is not valid. These attacks can be prevented by
+ * validating the public key before using ECDH.
+ */
+SECStatus
+EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
+{
+#ifndef NSS_DISABLE_ECC
+    mp_int Px, Py;
+    ECGroup *group = NULL;
+    SECStatus rv = SECFailure;
+    mp_err err = MP_OKAY;
+    int len;
+
+    if (!ecParams || !publicValue || !ecParams->name) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* Uses curve specific code for point validation. */
+    if (ecParams->fieldID.type == ec_field_plain) {
+        const ECMethod *method = ec_get_method_from_name(ecParams->name);
+        if (method == NULL || method->validate == NULL) {
+            /* unknown curve */
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        return method->validate(publicValue);
+    }
+
+    /* NOTE: We only support uncompressed points for now */
+    len = (ecParams->fieldID.size + 7) >> 3;
+    if (publicValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
+        return SECFailure;
+    } else if (publicValue->len != (2 * len + 1)) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    MP_DIGITS(&Px) = 0;
+    MP_DIGITS(&Py) = 0;
+    CHECK_MPI_OK(mp_init(&Px));
+    CHECK_MPI_OK(mp_init(&Py));
+
+    /* Initialize Px and Py */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&Px, publicValue->data + 1, (mp_size)len));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&Py, publicValue->data + 1 + len, (mp_size)len));
+
+    /* construct from named params */
+    group = ECGroup_fromName(ecParams->name);
+    if (group == NULL) {
+        /*
+         * ECGroup_fromName fails if ecParams->name is not a valid
+         * ECCurveName value, or if we run out of memory, or perhaps
+         * for other reasons.  Unfortunately if ecParams->name is a
+         * valid ECCurveName value, we don't know what the right error
+         * code should be because ECGroup_fromName doesn't return an
+         * error code to the caller.  Set err to MP_UNDEF because
+         * that's what ECGroup_fromName uses internally.
+         */
+        if ((ecParams->name <= ECCurve_noName) ||
+            (ecParams->name >= ECCurve_pastLastCurve)) {
+            err = MP_BADARG;
+        } else {
+            err = MP_UNDEF;
+        }
+        goto cleanup;
+    }
+
+    /* validate public point */
+    if ((err = ECPoint_validate(group, &Px, &Py)) < MP_YES) {
+        if (err == MP_NO) {
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            rv = SECFailure;
+            err = MP_OKAY; /* don't change the error code */
+        }
+        goto cleanup;
+    }
+
+    rv = SECSuccess;
+
+cleanup:
+    ECGroup_free(group);
+    mp_clear(&Px);
+    mp_clear(&Py);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+    return SECFailure;
+#endif /* NSS_DISABLE_ECC */
+}
+
+/*
+** Performs an ECDH key derivation by computing the scalar point
+** multiplication of privateValue and publicValue (with or without the
+** cofactor) and returns the x-coordinate of the resulting elliptic
+** curve point in derived secret.  If successful, derivedSecret->data
+** is set to the address of the newly allocated buffer containing the
+** derived secret, and derivedSecret->len is the size of the secret
+** produced. It is the caller's responsibility to free the allocated
+** buffer containing the derived secret.
+*/
+SECStatus
+ECDH_Derive(SECItem *publicValue,
+            ECParams *ecParams,
+            SECItem *privateValue,
+            PRBool withCofactor,
+            SECItem *derivedSecret)
+{
+    SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
+    unsigned int len = 0;
+    SECItem pointQ = { siBuffer, NULL, 0 };
+    mp_int k; /* to hold the private value */
+    mp_int cofactor;
+    mp_err err = MP_OKAY;
+#if EC_DEBUG
+    int i;
+#endif
+
+    if (!publicValue || !ecParams || !privateValue || !derivedSecret ||
+        !ecParams->name) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /*
+     * Make sure the point is on the requested curve to avoid
+     * certain small subgroup attacks.
+     */
+    if (EC_ValidatePublicKey(ecParams, publicValue) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    /* Perform curve specific multiplication using ECMethod */
+    if (ecParams->fieldID.type == ec_field_plain) {
+        const ECMethod *method;
+        memset(derivedSecret, 0, sizeof(*derivedSecret));
+        derivedSecret = SECITEM_AllocItem(NULL, derivedSecret, EC_GetPointSize(ecParams));
+        if (derivedSecret == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return SECFailure;
+        }
+        method = ec_get_method_from_name(ecParams->name);
+        if (method == NULL || method->validate == NULL ||
+            method->mul == NULL) {
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+            return SECFailure;
+        }
+        return method->mul(derivedSecret, privateValue, publicValue);
+    }
+
+    /*
+     * We fail if the public value is the point at infinity, since
+     * this produces predictable results.
+     */
+    if (ec_point_at_infinity(publicValue)) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    MP_DIGITS(&k) = 0;
+    memset(derivedSecret, 0, sizeof *derivedSecret);
+    len = (ecParams->fieldID.size + 7) >> 3;
+    pointQ.len = EC_GetPointSize(ecParams);
+    if ((pointQ.data = PORT_Alloc(pointQ.len)) == NULL)
+        goto cleanup;
+
+    CHECK_MPI_OK(mp_init(&k));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&k, privateValue->data,
+                                         (mp_size)privateValue->len));
+
+    if (withCofactor && (ecParams->cofactor != 1)) {
+        /* multiply k with the cofactor */
+        MP_DIGITS(&cofactor) = 0;
+        CHECK_MPI_OK(mp_init(&cofactor));
+        mp_set(&cofactor, ecParams->cofactor);
+        CHECK_MPI_OK(mp_mul(&k, &cofactor, &k));
+    }
+
+    /* Multiply our private key and peer's public point */
+    if (ec_points_mul(ecParams, NULL, &k, publicValue, &pointQ) != SECSuccess) {
+        goto cleanup;
+    }
+    if (ec_point_at_infinity(&pointQ)) {
+        PORT_SetError(SEC_ERROR_BAD_KEY); /* XXX better error code? */
+        goto cleanup;
+    }
+
+    /* Allocate memory for the derived secret and copy
+     * the x co-ordinate of pointQ into it.
+     */
+    SECITEM_AllocItem(NULL, derivedSecret, len);
+    memcpy(derivedSecret->data, pointQ.data + 1, len);
+
+    rv = SECSuccess;
+
+#if EC_DEBUG
+    printf("derived_secret:\n");
+    for (i = 0; i < derivedSecret->len; i++)
+        printf("%02x:", derivedSecret->data[i]);
+    printf("\n");
+#endif
+
+cleanup:
+    mp_clear(&k);
+
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+    }
+
+    if (pointQ.data) {
+        PORT_ZFree(pointQ.data, pointQ.len);
+    }
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
+
+    return rv;
+}
+
+/* Computes the ECDSA signature (a concatenation of two values r and s)
+ * on the digest using the given key and the random value kb (used in
+ * computing s).
+ */
+SECStatus
+ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
+                         const SECItem *digest, const unsigned char *kb, const int kblen)
+{
+    SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
+    mp_int x1;
+    mp_int d, k; /* private key, random integer */
+    mp_int r, s; /* tuple (r, s) is the signature */
+    mp_int t;    /* holding tmp values */
+    mp_int n;
+    mp_err err = MP_OKAY;
+    ECParams *ecParams = NULL;
+    SECItem kGpoint = { siBuffer, NULL, 0 };
+    int flen = 0;   /* length in bytes of the field size */
+    unsigned olen;  /* length in bytes of the base point order */
+    unsigned obits; /* length in bits  of the base point order */
+    unsigned char *t2 = NULL;
+
+#if EC_DEBUG
+    char mpstr[256];
+#endif
+
+    /* Initialize MPI integers. */
+    /* must happen before the first potential call to cleanup */
+    MP_DIGITS(&x1) = 0;
+    MP_DIGITS(&d) = 0;
+    MP_DIGITS(&k) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&s) = 0;
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&t) = 0;
+
+    /* Check args */
+    if (!key || !signature || !digest || !kb || (kblen < 0)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto cleanup;
+    }
+
+    ecParams = &(key->ecParams);
+    flen = (ecParams->fieldID.size + 7) >> 3;
+    olen = ecParams->order.len;
+    if (signature->data == NULL) {
+        /* a call to get the signature length only */
+        goto finish;
+    }
+    if (signature->len < 2 * olen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        goto cleanup;
+    }
+
+    CHECK_MPI_OK(mp_init(&x1));
+    CHECK_MPI_OK(mp_init(&d));
+    CHECK_MPI_OK(mp_init(&k));
+    CHECK_MPI_OK(mp_init(&r));
+    CHECK_MPI_OK(mp_init(&s));
+    CHECK_MPI_OK(mp_init(&n));
+    CHECK_MPI_OK(mp_init(&t));
+
+    SECITEM_TO_MPINT(ecParams->order, &n);
+    SECITEM_TO_MPINT(key->privateValue, &d);
+
+    CHECK_MPI_OK(mp_read_unsigned_octets(&k, kb, kblen));
+    /* Make sure k is in the interval [1, n-1] */
+    if ((mp_cmp_z(&k) <= 0) || (mp_cmp(&k, &n) >= 0)) {
+#if EC_DEBUG
+        printf("k is outside [1, n-1]\n");
+        mp_tohex(&k, mpstr);
+        printf("k : %s \n", mpstr);
+        mp_tohex(&n, mpstr);
+        printf("n : %s \n", mpstr);
+#endif
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        goto cleanup;
+    }
+
+    /*
+    ** We do not want timing information to leak the length of k,
+    ** so we compute k*G using an equivalent scalar of fixed
+    ** bit-length.
+    ** Fix based on patch for ECDSA timing attack in the paper
+    ** by Billy Bob Brumley and Nicola Tuveri at
+    **   http://eprint.iacr.org/2011/232
+    **
+    ** How do we convert k to a value of a fixed bit-length?
+    ** k starts off as an integer satisfying 0 <= k < n.  Hence,
+    ** n <= k+n < 2n, which means k+n has either the same number
+    ** of bits as n or one more bit than n.  If k+n has the same
+    ** number of bits as n, the second addition ensures that the
+    ** final value has exactly one more bit than n.  Thus, we
+    ** always end up with a value that exactly one more bit than n.
+    */
+    CHECK_MPI_OK(mp_add(&k, &n, &k));
+    if (mpl_significant_bits(&k) <= mpl_significant_bits(&n)) {
+        CHECK_MPI_OK(mp_add(&k, &n, &k));
+    }
+
+    /*
+    ** ANSI X9.62, Section 5.3.2, Step 2
+    **
+    ** Compute kG
+    */
+    kGpoint.len = EC_GetPointSize(ecParams);
+    kGpoint.data = PORT_Alloc(kGpoint.len);
+    if ((kGpoint.data == NULL) ||
+        (ec_points_mul(ecParams, &k, NULL, NULL, &kGpoint) != SECSuccess))
+        goto cleanup;
+
+    /*
+    ** ANSI X9.62, Section 5.3.3, Step 1
+    **
+    ** Extract the x co-ordinate of kG into x1
+    */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&x1, kGpoint.data + 1,
+                                         (mp_size)flen));
+
+    /*
+    ** ANSI X9.62, Section 5.3.3, Step 2
+    **
+    ** r = x1 mod n  NOTE: n is the order of the curve
+    */
+    CHECK_MPI_OK(mp_mod(&x1, &n, &r));
+
+    /*
+    ** ANSI X9.62, Section 5.3.3, Step 3
+    **
+    ** verify r != 0
+    */
+    if (mp_cmp_z(&r) == 0) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        goto cleanup;
+    }
+
+    /*
+    ** ANSI X9.62, Section 5.3.3, Step 4
+    **
+    ** s = (k**-1 * (HASH(M) + d*r)) mod n
+    */
+    SECITEM_TO_MPINT(*digest, &s); /* s = HASH(M)     */
+
+    /* In the definition of EC signing, digests are truncated
+     * to the length of n in bits.
+     * (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
+    CHECK_MPI_OK((obits = mpl_significant_bits(&n)));
+    if (digest->len * 8 > obits) {
+        mpl_rsh(&s, &s, digest->len * 8 - obits);
+    }
+
+#if EC_DEBUG
+    mp_todecimal(&n, mpstr);
+    printf("n : %s (dec)\n", mpstr);
+    mp_todecimal(&d, mpstr);
+    printf("d : %s (dec)\n", mpstr);
+    mp_tohex(&x1, mpstr);
+    printf("x1: %s\n", mpstr);
+    mp_todecimal(&s, mpstr);
+    printf("digest: %s (decimal)\n", mpstr);
+    mp_todecimal(&r, mpstr);
+    printf("r : %s (dec)\n", mpstr);
+    mp_tohex(&r, mpstr);
+    printf("r : %s\n", mpstr);
+#endif
+
+    if ((t2 = PORT_Alloc(2 * ecParams->order.len)) == NULL) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+    if (RNG_GenerateGlobalRandomBytes(t2, 2 * ecParams->order.len) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    CHECK_MPI_OK(mp_read_unsigned_octets(&t, t2, 2 * ecParams->order.len)); /* t <-$ Zn */
+    CHECK_MPI_OK(mp_mulmod(&k, &t, &n, &k));                                /* k = k * t mod n */
+    CHECK_MPI_OK(mp_invmod(&k, &n, &k));                                    /* k = k**-1 mod n */
+    CHECK_MPI_OK(mp_mulmod(&k, &t, &n, &k));                                /* k = k * t mod n */
+    CHECK_MPI_OK(mp_mulmod(&d, &r, &n, &d));                                /* d = d * r mod n */
+    CHECK_MPI_OK(mp_addmod(&s, &d, &n, &s));                                /* s = s + d mod n */
+    CHECK_MPI_OK(mp_mulmod(&s, &k, &n, &s));                                /* s = s * k mod n */
+
+#if EC_DEBUG
+    mp_todecimal(&s, mpstr);
+    printf("s : %s (dec)\n", mpstr);
+    mp_tohex(&s, mpstr);
+    printf("s : %s\n", mpstr);
+#endif
+
+    /*
+    ** ANSI X9.62, Section 5.3.3, Step 5
+    **
+    ** verify s != 0
+    */
+    if (mp_cmp_z(&s) == 0) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        goto cleanup;
+    }
+
+    /*
+    **
+    ** Signature is tuple (r, s)
+    */
+    CHECK_MPI_OK(mp_to_fixlen_octets(&r, signature->data, olen));
+    CHECK_MPI_OK(mp_to_fixlen_octets(&s, signature->data + olen, olen));
+finish:
+    signature->len = 2 * olen;
+
+    rv = SECSuccess;
+    err = MP_OKAY;
+cleanup:
+    mp_clear(&x1);
+    mp_clear(&d);
+    mp_clear(&k);
+    mp_clear(&r);
+    mp_clear(&s);
+    mp_clear(&n);
+    mp_clear(&t);
+
+    if (t2) {
+        PORT_Free(t2);
+    }
+
+    if (kGpoint.data) {
+        PORT_ZFree(kGpoint.data, kGpoint.len);
+    }
+
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+
+#if EC_DEBUG
+    printf("ECDSA signing with seed %s\n",
+           (rv == SECSuccess) ? "succeeded" : "failed");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
+
+    return rv;
+}
+
+/*
+** Computes the ECDSA signature on the digest using the given key
+** and a random seed.
+*/
+SECStatus
+ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature, const SECItem *digest)
+{
+    SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
+    int len;
+    unsigned char *kBytes = NULL;
+
+    if (!key) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* Generate random value k */
+    len = key->ecParams.order.len;
+    kBytes = ec_GenerateRandomPrivateKey(key->ecParams.order.data, len);
+    if (kBytes == NULL)
+        goto cleanup;
+
+    /* Generate ECDSA signature with the specified k value */
+    rv = ECDSA_SignDigestWithSeed(key, signature, digest, kBytes, len);
+
+cleanup:
+    if (kBytes) {
+        PORT_ZFree(kBytes, len);
+    }
+
+#if EC_DEBUG
+    printf("ECDSA signing %s\n",
+           (rv == SECSuccess) ? "succeeded" : "failed");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
+
+    return rv;
+}
+
+/*
+** Checks the signature on the given digest using the key provided.
+**
+** The key argument must represent a valid EC public key (a point on
+** the relevant curve).  If it is not a valid point, then the behavior
+** of this function is undefined.  In cases where a public key might
+** not be valid, use EC_ValidatePublicKey to check.
+*/
+SECStatus
+ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
+                   const SECItem *digest)
+{
+    SECStatus rv = SECFailure;
+#ifndef NSS_DISABLE_ECC
+    mp_int r_, s_;       /* tuple (r', s') is received signature) */
+    mp_int c, u1, u2, v; /* intermediate values used in verification */
+    mp_int x1;
+    mp_int n;
+    mp_err err = MP_OKAY;
+    ECParams *ecParams = NULL;
+    SECItem pointC = { siBuffer, NULL, 0 };
+    int slen;       /* length in bytes of a half signature (r or s) */
+    int flen;       /* length in bytes of the field size */
+    unsigned olen;  /* length in bytes of the base point order */
+    unsigned obits; /* length in bits  of the base point order */
+
+#if EC_DEBUG
+    char mpstr[256];
+    printf("ECDSA verification called\n");
+#endif
+
+    /* Initialize MPI integers. */
+    /* must happen before the first potential call to cleanup */
+    MP_DIGITS(&r_) = 0;
+    MP_DIGITS(&s_) = 0;
+    MP_DIGITS(&c) = 0;
+    MP_DIGITS(&u1) = 0;
+    MP_DIGITS(&u2) = 0;
+    MP_DIGITS(&x1) = 0;
+    MP_DIGITS(&v) = 0;
+    MP_DIGITS(&n) = 0;
+
+    /* Check args */
+    if (!key || !signature || !digest) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto cleanup;
+    }
+
+    ecParams = &(key->ecParams);
+    flen = (ecParams->fieldID.size + 7) >> 3;
+    olen = ecParams->order.len;
+    if (signature->len == 0 || signature->len % 2 != 0 ||
+        signature->len > 2 * olen) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        goto cleanup;
+    }
+    slen = signature->len / 2;
+
+    /*
+     * The incoming point has been verified in sftk_handlePublicKeyObject.
+     */
+
+    SECITEM_AllocItem(NULL, &pointC, EC_GetPointSize(ecParams));
+    if (pointC.data == NULL) {
+        goto cleanup;
+    }
+
+    CHECK_MPI_OK(mp_init(&r_));
+    CHECK_MPI_OK(mp_init(&s_));
+    CHECK_MPI_OK(mp_init(&c));
+    CHECK_MPI_OK(mp_init(&u1));
+    CHECK_MPI_OK(mp_init(&u2));
+    CHECK_MPI_OK(mp_init(&x1));
+    CHECK_MPI_OK(mp_init(&v));
+    CHECK_MPI_OK(mp_init(&n));
+
+    /*
+    ** Convert received signature (r', s') into MPI integers.
+    */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&r_, signature->data, slen));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&s_, signature->data + slen, slen));
+
+    /*
+    ** ANSI X9.62, Section 5.4.2, Steps 1 and 2
+    **
+    ** Verify that 0 < r' < n and 0 < s' < n
+    */
+    SECITEM_TO_MPINT(ecParams->order, &n);
+    if (mp_cmp_z(&r_) <= 0 || mp_cmp_z(&s_) <= 0 ||
+        mp_cmp(&r_, &n) >= 0 || mp_cmp(&s_, &n) >= 0) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        goto cleanup; /* will return rv == SECFailure */
+    }
+
+    /*
+    ** ANSI X9.62, Section 5.4.2, Step 3
+    **
+    ** c = (s')**-1 mod n
+    */
+    CHECK_MPI_OK(mp_invmod(&s_, &n, &c)); /* c = (s')**-1 mod n */
+
+    /*
+    ** ANSI X9.62, Section 5.4.2, Step 4
+    **
+    ** u1 = ((HASH(M')) * c) mod n
+    */
+    SECITEM_TO_MPINT(*digest, &u1); /* u1 = HASH(M)     */
+
+    /* In the definition of EC signing, digests are truncated
+     * to the length of n in bits.
+     * (see SEC 1 "Elliptic Curve Digit Signature Algorithm" section 4.1.*/
+    CHECK_MPI_OK((obits = mpl_significant_bits(&n)));
+    if (digest->len * 8 > obits) { /* u1 = HASH(M')     */
+        mpl_rsh(&u1, &u1, digest->len * 8 - obits);
+    }
+
+#if EC_DEBUG
+    mp_todecimal(&r_, mpstr);
+    printf("r_: %s (dec)\n", mpstr);
+    mp_todecimal(&s_, mpstr);
+    printf("s_: %s (dec)\n", mpstr);
+    mp_todecimal(&c, mpstr);
+    printf("c : %s (dec)\n", mpstr);
+    mp_todecimal(&u1, mpstr);
+    printf("digest: %s (dec)\n", mpstr);
+#endif
+
+    CHECK_MPI_OK(mp_mulmod(&u1, &c, &n, &u1)); /* u1 = u1 * c mod n */
+
+    /*
+    ** ANSI X9.62, Section 5.4.2, Step 4
+    **
+    ** u2 = ((r') * c) mod n
+    */
+    CHECK_MPI_OK(mp_mulmod(&r_, &c, &n, &u2));
+
+    /*
+    ** ANSI X9.62, Section 5.4.3, Step 1
+    **
+    ** Compute u1*G + u2*Q
+    ** Here, A = u1.G     B = u2.Q    and   C = A + B
+    ** If the result, C, is the point at infinity, reject the signature
+    */
+    if (ec_points_mul(ecParams, &u1, &u2, &key->publicValue, &pointC) != SECSuccess) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+    if (ec_point_at_infinity(&pointC)) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        rv = SECFailure;
+        goto cleanup;
+    }
+
+    CHECK_MPI_OK(mp_read_unsigned_octets(&x1, pointC.data + 1, flen));
+
+    /*
+    ** ANSI X9.62, Section 5.4.4, Step 2
+    **
+    ** v = x1 mod n
+    */
+    CHECK_MPI_OK(mp_mod(&x1, &n, &v));
+
+#if EC_DEBUG
+    mp_todecimal(&r_, mpstr);
+    printf("r_: %s (dec)\n", mpstr);
+    mp_todecimal(&v, mpstr);
+    printf("v : %s (dec)\n", mpstr);
+#endif
+
+    /*
+    ** ANSI X9.62, Section 5.4.4, Step 3
+    **
+    ** Verification:  v == r'
+    */
+    if (mp_cmp(&v, &r_)) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        rv = SECFailure; /* Signature failed to verify. */
+    } else {
+        rv = SECSuccess; /* Signature verified. */
+    }
+
+#if EC_DEBUG
+    mp_todecimal(&u1, mpstr);
+    printf("u1: %s (dec)\n", mpstr);
+    mp_todecimal(&u2, mpstr);
+    printf("u2: %s (dec)\n", mpstr);
+    mp_tohex(&x1, mpstr);
+    printf("x1: %s\n", mpstr);
+    mp_todecimal(&v, mpstr);
+    printf("v : %s (dec)\n", mpstr);
+#endif
+
+cleanup:
+    mp_clear(&r_);
+    mp_clear(&s_);
+    mp_clear(&c);
+    mp_clear(&u1);
+    mp_clear(&u2);
+    mp_clear(&x1);
+    mp_clear(&v);
+    mp_clear(&n);
+
+    if (pointC.data)
+        SECITEM_ZfreeItem(&pointC, PR_FALSE);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+
+#if EC_DEBUG
+    printf("ECDSA verification %s\n",
+           (rv == SECSuccess) ? "succeeded" : "failed");
+#endif
+#else
+    PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+#endif /* NSS_DISABLE_ECC */
+
+    return rv;
+}
diff --git a/nss/lib/freebl/ec.h b/nss/lib/freebl/ec.h
new file mode 100644
index 0000000..bb65e82
--- /dev/null
+++ b/nss/lib/freebl/ec.h
@@ -0,0 +1,21 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ec_h_
+#define __ec_h_
+
+#define EC_DEBUG 0
+
+#define ANSI_X962_CURVE_OID_TOTAL_LEN 10
+#define SECG_CURVE_OID_TOTAL_LEN 7
+#define PKIX_NEWCURVES_OID_TOTAL_LEN 11
+
+struct ECMethodStr {
+    ECCurveName name;
+    SECStatus (*mul)(SECItem *result, SECItem *scalar, SECItem *point);
+    SECStatus (*validate)(const SECItem *point);
+};
+typedef struct ECMethodStr ECMethod;
+
+#endif /* __ec_h_ */
diff --git a/nss/lib/freebl/ecdecode.c b/nss/lib/freebl/ecdecode.c
new file mode 100644
index 0000000..e1f1eb8
--- /dev/null
+++ b/nss/lib/freebl/ecdecode.c
@@ -0,0 +1,311 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSS_DISABLE_ECC
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secerr.h"
+#include "ec.h"
+#include "ecl-curve.h"
+
+#define CHECK_OK(func) \
+    if (func == NULL)  \
+    goto cleanup
+#define CHECK_SEC_OK(func)         \
+    if (SECSuccess != (rv = func)) \
+    goto cleanup
+
+/*
+ * Initializes a SECItem from a hexadecimal string
+ *
+ * Warning: This function ignores leading 00's, so any leading 00's
+ * in the hexadecimal string must be optional.
+ */
+static SECItem *
+hexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
+{
+    int i = 0;
+    int byteval = 0;
+    int tmp = PORT_Strlen(str);
+
+    PORT_Assert(arena);
+    PORT_Assert(item);
+
+    if ((tmp % 2) != 0)
+        return NULL;
+
+    /* skip leading 00's unless the hex string is "00" */
+    while ((tmp > 2) && (str[0] == '0') && (str[1] == '0')) {
+        str += 2;
+        tmp -= 2;
+    }
+
+    item->data = (unsigned char *)PORT_ArenaAlloc(arena, tmp / 2);
+    if (item->data == NULL)
+        return NULL;
+    item->len = tmp / 2;
+
+    while (str[i]) {
+        if ((str[i] >= '0') && (str[i] <= '9'))
+            tmp = str[i] - '0';
+        else if ((str[i] >= 'a') && (str[i] <= 'f'))
+            tmp = str[i] - 'a' + 10;
+        else if ((str[i] >= 'A') && (str[i] <= 'F'))
+            tmp = str[i] - 'A' + 10;
+        else
+            return NULL;
+
+        byteval = byteval * 16 + tmp;
+        if ((i % 2) != 0) {
+            item->data[i / 2] = byteval;
+            byteval = 0;
+        }
+        i++;
+    }
+
+    return item;
+}
+
+/* Copy all of the fields from srcParams into dstParams
+ */
+SECStatus
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+              const ECParams *srcParams)
+{
+    SECStatus rv = SECFailure;
+
+    dstParams->arena = arena;
+    dstParams->type = srcParams->type;
+    dstParams->fieldID.size = srcParams->fieldID.size;
+    dstParams->fieldID.type = srcParams->fieldID.type;
+    if (srcParams->fieldID.type == ec_field_GFp ||
+        srcParams->fieldID.type == ec_field_plain) {
+        CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.prime,
+                                      &srcParams->fieldID.u.prime));
+    } else {
+        CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->fieldID.u.poly,
+                                      &srcParams->fieldID.u.poly));
+    }
+    dstParams->fieldID.k1 = srcParams->fieldID.k1;
+    dstParams->fieldID.k2 = srcParams->fieldID.k2;
+    dstParams->fieldID.k3 = srcParams->fieldID.k3;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.a,
+                                  &srcParams->curve.a));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.b,
+                                  &srcParams->curve.b));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curve.seed,
+                                  &srcParams->curve.seed));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->base,
+                                  &srcParams->base));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->order,
+                                  &srcParams->order));
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->DEREncoding,
+                                  &srcParams->DEREncoding));
+    dstParams->name = srcParams->name;
+    CHECK_SEC_OK(SECITEM_CopyItem(arena, &dstParams->curveOID,
+                                  &srcParams->curveOID));
+    dstParams->cofactor = srcParams->cofactor;
+
+    return SECSuccess;
+
+cleanup:
+    return SECFailure;
+}
+
+static SECStatus
+gf_populate_params(ECCurveName name, ECFieldType field_type, ECParams *params)
+{
+    SECStatus rv = SECFailure;
+    const ECCurveParams *curveParams;
+    /* 2 ['0'+'4'] + MAX_ECKEY_LEN * 2 [x,y] * 2 [hex string] + 1 ['\0'] */
+    char genenc[3 + 2 * 2 * MAX_ECKEY_LEN];
+
+    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve))
+        goto cleanup;
+    params->name = name;
+    curveParams = ecCurve_map[params->name];
+    CHECK_OK(curveParams);
+    params->fieldID.size = curveParams->size;
+    params->fieldID.type = field_type;
+    if (field_type == ec_field_GFp ||
+        field_type == ec_field_plain) {
+        CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.prime,
+                                   curveParams->irr));
+    } else {
+        CHECK_OK(hexString2SECItem(params->arena, &params->fieldID.u.poly,
+                                   curveParams->irr));
+    }
+    CHECK_OK(hexString2SECItem(params->arena, &params->curve.a,
+                               curveParams->curvea));
+    CHECK_OK(hexString2SECItem(params->arena, &params->curve.b,
+                               curveParams->curveb));
+    genenc[0] = '0';
+    genenc[1] = '4';
+    genenc[2] = '\0';
+    strcat(genenc, curveParams->genx);
+    strcat(genenc, curveParams->geny);
+    CHECK_OK(hexString2SECItem(params->arena, &params->base, genenc));
+    CHECK_OK(hexString2SECItem(params->arena, &params->order,
+                               curveParams->order));
+    params->cofactor = curveParams->cofactor;
+
+    rv = SECSuccess;
+
+cleanup:
+    return rv;
+}
+
+SECStatus
+EC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
+              ECParams *params)
+{
+    SECStatus rv = SECFailure;
+    SECOidTag tag;
+    SECItem oid = { siBuffer, NULL, 0 };
+
+#if EC_DEBUG
+    int i;
+
+    printf("Encoded params in EC_DecodeParams: ");
+    for (i = 0; i < encodedParams->len; i++) {
+        printf("%02x:", encodedParams->data[i]);
+    }
+    printf("\n");
+#endif
+
+    if ((encodedParams->len != ANSI_X962_CURVE_OID_TOTAL_LEN) &&
+        (encodedParams->len != SECG_CURVE_OID_TOTAL_LEN) &&
+        (encodedParams->len != PKIX_NEWCURVES_OID_TOTAL_LEN)) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+        return SECFailure;
+    };
+
+    oid.len = encodedParams->len - 2;
+    oid.data = encodedParams->data + 2;
+    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
+        ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+        return SECFailure;
+    }
+
+    params->arena = arena;
+    params->cofactor = 0;
+    params->type = ec_params_named;
+    params->name = ECCurve_noName;
+
+    /* Fill out curveOID */
+    params->curveOID.len = oid.len;
+    params->curveOID.data = (unsigned char *)PORT_ArenaAlloc(arena, oid.len);
+    if (params->curveOID.data == NULL)
+        goto cleanup;
+    memcpy(params->curveOID.data, oid.data, oid.len);
+
+#if EC_DEBUG
+    printf("Curve: %s\n", SECOID_FindOIDTagDescription(tag));
+#endif
+
+    switch (tag) {
+        case SEC_OID_ANSIX962_EC_PRIME256V1:
+            /* Populate params for prime256v1 aka secp256r1
+             * (the NIST P-256 curve)
+             */
+            CHECK_SEC_OK(gf_populate_params(ECCurve_X9_62_PRIME_256V1, ec_field_GFp,
+                                            params));
+            break;
+
+        case SEC_OID_SECG_EC_SECP384R1:
+            /* Populate params for secp384r1
+             * (the NIST P-384 curve)
+             */
+            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_384R1, ec_field_GFp,
+                                            params));
+            break;
+
+        case SEC_OID_SECG_EC_SECP521R1:
+            /* Populate params for secp521r1
+             * (the NIST P-521 curve)
+             */
+            CHECK_SEC_OK(gf_populate_params(ECCurve_SECG_PRIME_521R1, ec_field_GFp,
+                                            params));
+            break;
+
+        case SEC_OID_CURVE25519:
+            /* Populate params for Curve25519 */
+            CHECK_SEC_OK(gf_populate_params(ECCurve25519, ec_field_plain, params));
+            break;
+
+        default:
+            break;
+    };
+
+cleanup:
+    if (!params->cofactor) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+#if EC_DEBUG
+        printf("Unrecognized curve, returning NULL params\n");
+#endif
+    }
+
+    return rv;
+}
+
+SECStatus
+EC_DecodeParams(const SECItem *encodedParams, ECParams **ecparams)
+{
+    PLArenaPool *arena;
+    ECParams *params;
+    SECStatus rv = SECFailure;
+
+    /* Initialize an arena for the ECParams structure */
+    if (!(arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE)))
+        return SECFailure;
+
+    params = (ECParams *)PORT_ArenaZAlloc(arena, sizeof(ECParams));
+    if (!params) {
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    }
+
+    /* Copy the encoded params */
+    SECITEM_AllocItem(arena, &(params->DEREncoding),
+                      encodedParams->len);
+    memcpy(params->DEREncoding.data, encodedParams->data, encodedParams->len);
+
+    /* Fill out the rest of the ECParams structure based on
+     * the encoded params
+     */
+    rv = EC_FillParams(arena, encodedParams, params);
+    if (rv == SECFailure) {
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    } else {
+        *ecparams = params;
+        ;
+        return SECSuccess;
+    }
+}
+
+int
+EC_GetPointSize(const ECParams *params)
+{
+    ECCurveName name = params->name;
+    const ECCurveParams *curveParams;
+
+    if ((name < ECCurve_noName) || (name > ECCurve_pastLastCurve) ||
+        ((curveParams = ecCurve_map[name]) == NULL)) {
+        /* unknown curve, calculate point size from params. assume standard curves with 2 points 
+         * and a point compression indicator byte */
+        int sizeInBytes = (params->fieldID.size + 7) / 8;
+        return sizeInBytes * 2 + 1;
+    }
+    return curveParams->pointSize;
+}
+
+#endif /* NSS_DISABLE_ECC */
diff --git a/nss/lib/freebl/ecl/README b/nss/lib/freebl/ecl/README
new file mode 100644
index 0000000..2996822
--- /dev/null
+++ b/nss/lib/freebl/ecl/README
@@ -0,0 +1,163 @@
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ 
+The ECL exposes routines for constructing and converting curve
+parameters for internal use.
+
+
+HEADER FILES
+============
+
+ecl-exp.h - Exports data structures and curve names. For use by code
+that does not have access to mp_ints.
+
+ecl-curve.h - Provides hex encodings (in the form of ECCurveParams
+structs) of standardizes elliptic curve domain parameters and mappings
+from ECCurveName to ECCurveParams. For use by code that does not have
+access to mp_ints.
+
+ecl.h - Interface to constructors for curve parameters and group object,
+and point multiplication operations. Used by higher level algorithms
+(like ECDH and ECDSA) to actually perform elliptic curve cryptography.
+
+ecl-priv.h - Data structures and functions for internal use within the
+library.
+
+ecp.h - Internal header file that contains all functions for point
+arithmetic over prime fields.
+
+DATA STRUCTURES AND TYPES
+=========================
+
+ECCurveName (from ecl-exp.h) - Opaque name for standardized elliptic
+curve domain parameters.
+
+ECCurveParams (from ecl-exp.h) - Provides hexadecimal encoding
+of elliptic curve domain parameters. Can be generated by a user
+and passed to ECGroup_fromHex or can be generated from a name by
+EC_GetNamedCurveParams. ecl-curve.h contains ECCurveParams structs for
+the standardized curves defined by ECCurveName.
+
+ECGroup (from ecl.h and ecl-priv.h) - Opaque data structure that
+represents a group of elliptic curve points for a particular set of
+elliptic curve domain parameters. Contains all domain parameters (curve
+a and b, field, base point) as well as pointers to the functions that
+should be used for point arithmetic and the underlying field GFMethod.
+Generated by either ECGroup_fromHex or ECGroup_fromName.
+
+GFMethod (from ecl-priv.h) - Represents a field underlying a set of
+elliptic curve domain parameters. Contains the irreducible that defines
+the field (either the prime or the binary polynomial) as well as
+pointers to the functions that should be used for field arithmetic.
+
+ARITHMETIC FUNCTIONS
+====================
+
+Higher-level algorithms (like ECDH and ECDSA) should call ECPoint_mul
+or ECPoints_mul (from ecl.h) to do point arithmetic. These functions
+will choose which underlying algorithms to use, based on the ECGroup
+structure.
+
+Point Multiplication
+--------------------
+
+ecl_mult.c provides the ECPoints_mul and ECPoint_mul wrappers.
+It also provides two implementations for the pts_mul operation -
+ec_pts_mul_basic (which computes kP, lQ, and then adds kP + lQ) and
+ec_pts_mul_simul_w2 (which does a simultaneous point multiplication
+using a table with window size 2*2).
+
+ec_naf.c provides an implementation of an algorithm to calculate a
+non-adjacent form of a scalar, minimizing the number of point
+additions that need to be done in a point multiplication.
+
+Point Arithmetic over Prime Fields
+----------------------------------
+
+ecp_aff.c provides point arithmetic using affine coordinates.
+
+ecp_jac.c provides point arithmetic using Jacobian projective
+coordinates and mixed Jacobian-affine coordinates. (Jacobian projective
+coordinates represent a point (x, y) as (X, Y, Z), where x=X/Z^2,
+y=Y/Z^3).
+
+ecp_jm.c provides point arithmetic using Modified Jacobian
+coordinates and mixed Modified_Jacobian-affine coordinates.
+(Modified Jacobian coordinates represent a point (x, y)
+as (X, Y, Z, a*Z^4), where x=X/Z^2, y=Y/Z^3, and a is
+the linear coefficient in the curve defining equation).
+
+ecp_192.c and ecp_224.c provide optimized field arithmetic.
+
+Field Arithmetic
+----------------
+
+ecl_gf.c provides constructors for field objects (GFMethod) with the
+functions GFMethod_cons*. It also provides wrappers around the basic
+field operations.
+
+Prime Field Arithmetic
+----------------------
+
+The mpi library provides the basic prime field arithmetic.
+
+ecp_mont.c provides wrappers around the Montgomery multiplication
+functions from the mpi library and adds encoding and decoding functions.
+It also provides the function to construct a GFMethod object using
+Montgomery multiplication.
+
+ecp_192.c and ecp_224.c provide optimized modular reduction for the
+fields defined by nistp192 and nistp224 primes.
+
+ecl_gf.c provides wrappers around the basic field operations.
+
+Field Encoding
+--------------
+
+By default, field elements are encoded in their basic form. It is
+possible to use an alternative encoding, however. For example, it is
+possible to Montgomery representation of prime field elements and
+take advantage of the fast modular multiplication that Montgomery
+representation provides. The process of converting from basic form to
+Montgomery representation is called field encoding, and the opposite
+process would be field decoding. All internal point operations assume
+that the operands are field encoded as appropriate. By rewiring the
+underlying field arithmetic to perform operations on these encoded
+values, the same overlying point arithmetic operations can be used
+regardless of field representation.
+
+ALGORITHM WIRING
+================
+
+The EC library allows point and field arithmetic algorithms to be
+substituted ("wired-in") on a fine-grained basis. This allows for
+generic algorithms and algorithms that are optimized for a particular
+curve, field, or architecture, to coexist and to be automatically
+selected at runtime.
+
+Wiring Mechanism
+----------------
+
+The ECGroup and GFMethod structure contain pointers to the point and
+field arithmetic functions, respectively, that are to be used in
+operations.
+
+The selection of algorithms to use is handled in the function
+ecgroup_fromNameAndHex in ecl.c.
+
+Default Wiring
+--------------
+
+Curves over prime fields by default use montgomery field arithmetic,
+point multiplication using 5-bit window non-adjacent-form with 
+Modified Jacobian coordinates, and 2*2-bit simultaneous point 
+multiplication using Jacobian coordinates.
+(Wiring in function ECGroup_consGFp_mont in ecl.c.)
+
+Curves over prime fields that have optimized modular reduction (i.e.,
+secp160r1, nistp192, and nistp224) do not use Montgomery field
+arithmetic. Instead, they use basic field arithmetic with their
+optimized reduction (as in ecp_192.c and ecp_224.c). They
+use the same point multiplication and simultaneous point multiplication
+algorithms as other curves over prime fields.
diff --git a/nss/lib/freebl/ecl/README.FP b/nss/lib/freebl/ecl/README.FP
new file mode 100644
index 0000000..833f42e
--- /dev/null
+++ b/nss/lib/freebl/ecl/README.FP
@@ -0,0 +1,284 @@
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+The ECL exposes routines for constructing and converting curve
+parameters for internal use.
+
+The floating point code of the ECL provides algorithms for performing
+elliptic-curve point multiplications in floating point.
+
+The point multiplication algorithms perform calculations almost
+exclusively in floating point for efficiency, but have the same
+(integer) interface as the ECL for compatibility and to be easily
+wired-in to the ECL.  Please see README file (not this README.FP file)
+for information on wiring-in.
+
+This has been implemented for 3 curves as specified in [1]:
+	secp160r1
+	secp192r1
+	secp224r1
+
+RATIONALE
+=========
+Calculations are done in the  floating-point unit (FPU) since it
+gives better performance on the UltraSPARC III chips.  This is
+because the FPU allows for faster multiplication than the integer unit.
+The integer unit has a longer multiplication instruction latency, and
+does not allow full pipelining, as described in [2].
+Since performance is an important selling feature of Elliptic Curve
+Cryptography (ECC), this implementation was created.
+
+DATA REPRESENTATION
+===================
+Data is primarily represented in an array of double-precision floating
+point numbers.  Generally, each array element has 24 bits of precision
+(i.e. be x * 2^y, where x is an integer of at most 24 bits, y some positive
+integer), although the actual implementation details are more complicated.
+
+e.g. a way to store an 80 bit number might be:
+double p[4] = { 632613 * 2^0, 329841 * 2^24, 9961 * 2^48, 51 * 2^64 };
+See section ARITHMETIC OPERATIONS for more details.
+
+This implementation assumes that the floating-point unit rounding mode 
+is round-to-even as specified in IEEE 754
+(as opposed to chopping, rounding up, or rounding down).
+When subtracting integers represented as arrays of floating point 
+numbers, some coefficients (array elements) may become negative.
+This effectively gives an extra bit of precision that is important
+for correctness in some cases.
+
+The described number presentation limits the size of integers to 1023 bits.
+This is due to an upper bound of 1024 for the exponent of a double precision
+floating point number as specified in IEEE-754.
+However, this is acceptable for ECC key sizes of the foreseeable future.
+
+DATA STRUCTURES
+===============
+For more information on coordinate representations, see [3].
+
+ecfp_aff_pt
+-----------
+Affine EC Point Representation.  This is the basic 
+representation (x, y) of an elliptic curve point.
+
+ecfp_jac_pt
+-----------
+Jacobian EC Point.  This stores a point as (X, Y, Z), where
+the affine point corresponds to (X/Z^2, Y/Z^3).  This allows
+for fewer inversions in calculations.
+
+ecfp_chud_pt
+------------
+Chudnovsky Jacobian Point.  This representation stores a point
+as (X, Y, Z, Z^2, Z^3), the same as a Jacobian representation
+but also storing Z^2 and Z^3 for faster point additions.
+
+ecfp_jm_pt
+----------
+Modified Jacobian Point.  This representation stores a point
+as (X, Y, Z, a*Z^4), the same as Jacobian representation but
+also storing a*Z^4 for faster point doublings.  Here "a" represents
+the linear coefficient of x defining the curve.
+
+EC_group_fp
+-----------
+Stores information on the elliptic curve group for floating
+point calculations.  Contains curve specific information, as
+well as function pointers to routines, allowing different
+optimizations to be easily wired in.
+This should be made accessible from an ECGroup for the floating
+point implementations of point multiplication.
+
+POINT MULTIPLICATION ALGORITHMS
+===============================
+Elliptic Curve Point multiplication can be done at a higher level orthogonal
+to the implementation of point additions and point doublings.  There
+are a variety of algorithms that can be used.
+
+The following algorithms have been implemented:
+
+4-bit Window (Jacobian Coordinates)
+Double & Add (Jacobian & Affine Coordinates)
+5-bit Non-Adjacent Form (Modified Jacobian & Chudnovsky Jacobian)
+
+Currently, the fastest algorithm for multiplying a generic point
+is the 5-bit Non-Adjacent Form.
+
+See comments in ecp_fp.c for more details and references.
+
+SOURCE / HEADER FILES
+=====================
+
+ecp_fp.c
+--------
+Main source file for floating point calculations.  Contains routines
+to convert from floating-point to integer (mp_int format), point
+multiplication algorithms, and several other routines.
+
+ecp_fp.h
+--------
+Main header file.  Contains most constants used and function prototypes.
+
+ecp_fp[160, 192, 224].c
+-----------------------
+Source files for specific curves.  Contains curve specific code such
+as specialized reduction based on the field defining prime.  Contains
+code wiring-in different algorithms and optimizations.
+
+ecp_fpinc.c
+-----------
+Source file that is included by ecp_fp[160, 192, 224].c.  This generates
+functions with different preprocessor-defined names and loop iterations,
+allowing for static linking and strong compiler optimizations without
+code duplication.
+
+TESTING
+=======
+The test suite can be found in ecl/tests/ecp_fpt.  This tests and gets
+timings of the different algorithms for the curves implemented.
+
+ARITHMETIC OPERATIONS
+---------------------
+The primary operations in ECC over the prime fields are modular arithmetic:
+i.e. n * m (mod p) and n + m (mod p).  In this implementation, multiplication,
+addition, and reduction are implemented as separate functions.  This
+enables computation of formulae with fewer reductions, e.g.
+(a * b) + (c * d) (mod p) rather than:
+((a * b) (mod p)) + ((c * d) (mod p)) (mod p)
+This takes advantage of the fact that the double precision mantissa in
+floating point can hold numbers up to 2^53, i.e. it has some leeway to
+store larger intermediate numbers.  See further detail in the section on 
+FLOATING POINT PRECISION.
+
+Multiplication
+--------------
+Multiplication is implemented in a standard polynomial multiplication
+fashion.  The terms in opposite factors are pairwise multiplied and
+added together appropriately.  Note that the result requires twice 
+as many doubles for storage, as the bit size of the product is twice
+that of the multiplicands.
+e.g. suppose we have double n[3], m[3], r[6], and want to calculate r = n * m
+r[0] = n[0] * m[0]
+r[1] = n[0] * m[1] + n[1] * m[0]
+r[2] = n[0] * m[2] + n[1] * m[1] + n[2] * m[0]
+r[3] = n[1] * m[2] + n[2] * m[1]
+r[4] = n[2] * m[2]
+r[5] = 0 (This is used later to hold spillover from r[4], see tidying in
+the reduction section.)
+
+Addition
+--------
+Addition is done term by term.  The only caveat is to be careful with
+the number of terms that need to be added.  When adding results of
+multiplication (before reduction), twice as many terms need to be added
+together.  This is done in the addLong function.
+e.g. for double n[4], m[4], r[4]:  r = n + m
+r[0] = n[0] + m[0]
+r[1] = n[1] + m[1]
+r[2] = n[2] + m[2]
+r[3] = n[3] + m[3]
+
+Modular Reduction
+-----------------
+For the curves implemented, reduction is possible by fast reduction
+for Generalized Mersenne Primes, as described in [4].  For the 
+floating point implementation, a significant step of the reduction 
+process is tidying:  that is, the propagation of carry bits from 
+low-order to high-order coefficients to reduce the precision of each 
+coefficient to 24 bits.
+This is done by adding and then subtracting
+ecfp_alpha, a large floating point number that induces precision roundoff.
+See [5] for more details on tidying using floating point arithmetic.
+e.g. suppose we have r = 961838 * 2^24 + 519308
+then if we set alpha = 3 * 2^51 * 2^24,
+FP(FP(r + alpha) - alpha) = 961838 * 2^24, because the precision for
+the intermediate results is limited.  Our values of alpha are chosen
+to truncate to a desired number of bits.
+
+The reduction is then performed as in [4], adding multiples of prime p.
+e.g. suppose we are working over a polynomial of 10^2.  Take the number
+2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95, stored in 5 elements
+for coefficients of 10^0, 10^2, ..., 10^8.
+We wish to reduce modulo p = 10^6 - 2 * 10^4 + 1
+We can subtract off from the higher terms
+(2 * 10^8 + 11 * 10^6 + 53 * 10^4 + 23 * 10^2 + 95) - (2 * 10^2) * (10^6 - 2 * 10^4 + 1)
+= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95
+= 15 * 10^6 + 53 * 10^4 + 21 * 10^2 + 95 - (15) * (10^6 - 2 * 10^4 + 1)
+= 83 * 10^4 + 21 * 10^2 + 80
+
+Integrated Example
+------------------
+This example shows how multiplication, addition, tidying, and reduction
+work together in our modular arithmetic.  This is simplified from the
+actual implementation, but should convey the main concepts.  
+Working over polynomials of 10^2 and with p as in the prior example,
+Let a = 16 * 10^4 + 53 * 10^2 + 33
+let b = 81 * 10^4 + 31 * 10^2 + 49
+let c = 22 * 10^4 +  0 * 10^2 + 95
+And suppose we want to compute a * b + c mod p.  
+We first do a multiplication:  then a * b =
+0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5100 * 10^4 + 3620 * 10^2 + 1617
+Then we add in c before doing reduction, allowing us to get a * b + c =
+0 * 10^10 + 1296 * 10^8 + 4789 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712
+We then perform a tidying on the upper half of the terms:
+0 * 10^10 + 1296 * 10^8 + 4789 * 10^6
+0 * 10^10 + (1296 + 47) * 10^8 + 89 * 10^6
+0 * 10^10 + 1343 * 10^8 + 89 * 10^6
+13 * 10^10 + 43 * 10^8 + 89 * 10^6
+which then gives us
+13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712
+we then reduce modulo p similar to the reduction example above:
+13 * 10^10 + 43 * 10^8 + 89 * 10^6 + 5122 * 10^4 + 3620 * 10^2 + 1712 
+	- (13 * 10^4 * p)
+69 * 10^8 + 89 * 10^6 + 5109 * 10^4 + 3620 * 10^2 + 1712
+	- (69 * 10^2 * p)
+227 * 10^6 + 5109 * 10^4 + 3551 * 10^2 + 1712
+	- (227 * p)
+5563 * 10^4 + 3551 * 10^2 + 1485
+finally, we do tidying to get the precision of each term down to 2 digits
+5563 * 10^4 + 3565 * 10^2 + 85
+5598 * 10^4 + 65 * 10^2 + 85
+55 * 10^6 + 98 * 10^4 + 65 * 10^2 + 85
+and perform another reduction step
+	- (55 * p)
+208 * 10^4 + 65 * 10^2 + 30
+There may be a small number of further reductions that could be done at
+this point, but this is typically done only at the end when converting
+from floating point  to an integer unit representation.
+
+FLOATING POINT PRECISION
+========================
+This section discusses the precision of floating point numbers, which
+one writing new formulae or a larger bit size should be aware of.  The
+danger is that an intermediate result may be required to store a
+mantissa larger than 53 bits, which would cause error by rounding off.
+
+Note that the tidying with IEEE rounding mode set to round-to-even
+allows negative numbers, which actually reduces the size of the double
+mantissa to 23 bits - since it rounds the mantissa to the nearest number 
+modulo 2^24, i.e. roughly between -2^23 and 2^23.
+A multiplication increases the bit size to 2^46 * n, where n is the number
+of doubles to store a number.  For the 224 bit curve, n = 10.  This gives 
+doubles of size 5 * 2^47.  Adding two of these doubles gives a result
+of size 5 * 2^48, which is less than 2^53, so this is safe.  
+Similar analysis can be done for other formulae to ensure numbers remain
+below 2^53.
+
+Extended-Precision Floating Point
+---------------------------------
+Some platforms, notably x86 Linux, may use an extended-precision floating
+point representation that has a 64-bit mantissa.  [6]  Although this
+implementation is optimized for the IEEE standard 53-bit mantissa,
+it should work with the 64-bit mantissa.  A check is done at run-time
+in the function ec_set_fp_precision that detects if the precision is
+greater than 53 bits, and runs code for the 64-bit mantissa accordingly.
+
+REFERENCES
+==========
+[1] Certicom Corp., "SEC 2: Recommended Elliptic Curve Domain Parameters", Sept. 20, 2000.  www.secg.org
+[2] Sun Microsystems Inc.  UltraSPARC III Cu User's Manual, Version 1.0, May 2002, Table 4.4
+[3] H. Cohen, A. Miyaji, and T. Ono, "Efficient Elliptic Curve Exponentiation Using Mixed Coordinates".
+[4] Henk C.A. van Tilborg, Generalized Mersenne Prime.  http://www.win.tue.nl/~henkvt/GenMersenne.pdf
+[5] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2.
+[6] Daniel J. Bernstein, Floating-Point Arithmetic and Message Authentication, Journal of Cryptology, March 2000, Section 2 Notes.
diff --git a/nss/lib/freebl/ecl/curve25519_32.c b/nss/lib/freebl/ecl/curve25519_32.c
new file mode 100644
index 0000000..0122961
--- /dev/null
+++ b/nss/lib/freebl/ecl/curve25519_32.c
@@ -0,0 +1,390 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Derived from public domain code by Matthew Dempsky and D. J. Bernstein.
+ */
+
+#include "ecl-priv.h"
+#include "mpi.h"
+
+#include <stdint.h>
+#include <stdio.h>
+
+typedef uint32_t elem[32];
+
+/*
+ * Add two field elements.
+ * out = a + b
+ */
+static void
+add(elem out, const elem a, const elem b)
+{
+    uint32_t j;
+    uint32_t u = 0;
+    for (j = 0; j < 31; ++j) {
+        u += a[j] + b[j];
+        out[j] = u & 0xFF;
+        u >>= 8;
+    }
+    u += a[31] + b[31];
+    out[31] = u;
+}
+
+/*
+ * Subtract two field elements.
+ * out = a - b
+ */
+static void
+sub(elem out, const elem a, const elem b)
+{
+    uint32_t j;
+    uint32_t u;
+    u = 218;
+    for (j = 0; j < 31; ++j) {
+        u += a[j] + 0xFF00 - b[j];
+        out[j] = u & 0xFF;
+        u >>= 8;
+    }
+    u += a[31] - b[31];
+    out[31] = u;
+}
+
+/*
+ * "Squeeze" an element after multiplication (and square).
+ */
+static void
+squeeze(elem a)
+{
+    uint32_t j;
+    uint32_t u;
+    u = 0;
+    for (j = 0; j < 31; ++j) {
+        u += a[j];
+        a[j] = u & 0xFF;
+        u >>= 8;
+    }
+    u += a[31];
+    a[31] = u & 0x7F;
+    u = 19 * (u >> 7);
+    for (j = 0; j < 31; ++j) {
+        u += a[j];
+        a[j] = u & 0xFF;
+        u >>= 8;
+    }
+    a[31] += u;
+}
+
+static const elem minusp = { 19, 0, 0, 0, 0, 0, 0, 0,
+                             0, 0, 0, 0, 0, 0, 0, 0,
+                             0, 0, 0, 0, 0, 0, 0, 0,
+                             0, 0, 0, 0, 0, 0, 0, 128 };
+
+/*
+ * Reduce point a by 2^255-19
+ */
+static void
+reduce(elem a)
+{
+    elem aorig;
+    uint32_t j;
+    uint32_t negative;
+
+    for (j = 0; j < 32; ++j) {
+        aorig[j] = a[j];
+    }
+    add(a, a, minusp);
+    negative = 1 + ~((a[31] >> 7) & 1);
+    for (j = 0; j < 32; ++j) {
+        a[j] ^= negative & (aorig[j] ^ a[j]);
+    }
+}
+
+/*
+ * Multiplication and squeeze
+ * out = a * b
+ */
+static void
+mult(elem out, const elem a, const elem b)
+{
+    uint32_t i;
+    uint32_t j;
+    uint32_t u;
+
+    for (i = 0; i < 32; ++i) {
+        u = 0;
+        for (j = 0; j <= i; ++j) {
+            u += a[j] * b[i - j];
+        }
+        for (j = i + 1; j < 32; ++j) {
+            u += 38 * a[j] * b[i + 32 - j];
+        }
+        out[i] = u;
+    }
+    squeeze(out);
+}
+
+/*
+ * Multiplication
+ * out = 121665 * a
+ */
+static void
+mult121665(elem out, const elem a)
+{
+    uint32_t j;
+    uint32_t u;
+
+    u = 0;
+    for (j = 0; j < 31; ++j) {
+        u += 121665 * a[j];
+        out[j] = u & 0xFF;
+        u >>= 8;
+    }
+    u += 121665 * a[31];
+    out[31] = u & 0x7F;
+    u = 19 * (u >> 7);
+    for (j = 0; j < 31; ++j) {
+        u += out[j];
+        out[j] = u & 0xFF;
+        u >>= 8;
+    }
+    u += out[j];
+    out[j] = u;
+}
+
+/*
+ * Square a and squeeze the result.
+ * out = a * a
+ */
+static void
+square(elem out, const elem a)
+{
+    uint32_t i;
+    uint32_t j;
+    uint32_t u;
+
+    for (i = 0; i < 32; ++i) {
+        u = 0;
+        for (j = 0; j < i - j; ++j) {
+            u += a[j] * a[i - j];
+        }
+        for (j = i + 1; j < i + 32 - j; ++j) {
+            u += 38 * a[j] * a[i + 32 - j];
+        }
+        u *= 2;
+        if ((i & 1) == 0) {
+            u += a[i / 2] * a[i / 2];
+            u += 38 * a[i / 2 + 16] * a[i / 2 + 16];
+        }
+        out[i] = u;
+    }
+    squeeze(out);
+}
+
+/*
+ * Constant time swap between r and s depending on b
+ */
+static void
+cswap(uint32_t p[64], uint32_t q[64], uint32_t b)
+{
+    uint32_t j;
+    uint32_t swap = 1 + ~b;
+
+    for (j = 0; j < 64; ++j) {
+        const uint32_t t = swap & (p[j] ^ q[j]);
+        p[j] ^= t;
+        q[j] ^= t;
+    }
+}
+
+/*
+ * Montgomery ladder
+ */
+static void
+monty(elem x_2_out, elem z_2_out,
+      const elem point, const elem scalar)
+{
+    uint32_t x_3[64] = { 0 };
+    uint32_t x_2[64] = { 0 };
+    uint32_t a0[64];
+    uint32_t a1[64];
+    uint32_t b0[64];
+    uint32_t b1[64];
+    uint32_t c1[64];
+    uint32_t r[32];
+    uint32_t s[32];
+    uint32_t t[32];
+    uint32_t u[32];
+    uint32_t swap = 0;
+    uint32_t k_t = 0;
+    int j;
+
+    for (j = 0; j < 32; ++j) {
+        x_3[j] = point[j];
+    }
+    x_3[32] = 1;
+    x_2[0] = 1;
+
+    for (j = 254; j >= 0; --j) {
+        k_t = (scalar[j >> 3] >> (j & 7)) & 1;
+        swap ^= k_t;
+        cswap(x_2, x_3, swap);
+        swap = k_t;
+        add(a0, x_2, x_2 + 32);
+        sub(a0 + 32, x_2, x_2 + 32);
+        add(a1, x_3, x_3 + 32);
+        sub(a1 + 32, x_3, x_3 + 32);
+        square(b0, a0);
+        square(b0 + 32, a0 + 32);
+        mult(b1, a1, a0 + 32);
+        mult(b1 + 32, a1 + 32, a0);
+        add(c1, b1, b1 + 32);
+        sub(c1 + 32, b1, b1 + 32);
+        square(r, c1 + 32);
+        sub(s, b0, b0 + 32);
+        mult121665(t, s);
+        add(u, t, b0);
+        mult(x_2, b0, b0 + 32);
+        mult(x_2 + 32, s, u);
+        square(x_3, c1);
+        mult(x_3 + 32, r, point);
+    }
+
+    cswap(x_2, x_3, swap);
+    for (j = 0; j < 32; ++j) {
+        x_2_out[j] = x_2[j];
+    }
+    for (j = 0; j < 32; ++j) {
+        z_2_out[j] = x_2[j + 32];
+    }
+}
+
+static void
+recip(elem out, const elem z)
+{
+    elem z2;
+    elem z9;
+    elem z11;
+    elem z2_5_0;
+    elem z2_10_0;
+    elem z2_20_0;
+    elem z2_50_0;
+    elem z2_100_0;
+    elem t0;
+    elem t1;
+    int i;
+
+    /* 2 */ square(z2, z);
+    /* 4 */ square(t1, z2);
+    /* 8 */ square(t0, t1);
+    /* 9 */ mult(z9, t0, z);
+    /* 11 */ mult(z11, z9, z2);
+    /* 22 */ square(t0, z11);
+    /* 2^5 - 2^0 = 31 */ mult(z2_5_0, t0, z9);
+
+    /* 2^6 - 2^1 */ square(t0, z2_5_0);
+    /* 2^7 - 2^2 */ square(t1, t0);
+    /* 2^8 - 2^3 */ square(t0, t1);
+    /* 2^9 - 2^4 */ square(t1, t0);
+    /* 2^10 - 2^5 */ square(t0, t1);
+    /* 2^10 - 2^0 */ mult(z2_10_0, t0, z2_5_0);
+
+    /* 2^11 - 2^1 */ square(t0, z2_10_0);
+    /* 2^12 - 2^2 */ square(t1, t0);
+    /* 2^20 - 2^10 */
+    for (i = 2; i < 10; i += 2) {
+        square(t0, t1);
+        square(t1, t0);
+    }
+    /* 2^20 - 2^0 */ mult(z2_20_0, t1, z2_10_0);
+
+    /* 2^21 - 2^1 */ square(t0, z2_20_0);
+    /* 2^22 - 2^2 */ square(t1, t0);
+    /* 2^40 - 2^20 */
+    for (i = 2; i < 20; i += 2) {
+        square(t0, t1);
+        square(t1, t0);
+    }
+    /* 2^40 - 2^0 */ mult(t0, t1, z2_20_0);
+
+    /* 2^41 - 2^1 */ square(t1, t0);
+    /* 2^42 - 2^2 */ square(t0, t1);
+    /* 2^50 - 2^10 */
+    for (i = 2; i < 10; i += 2) {
+        square(t1, t0);
+        square(t0, t1);
+    }
+    /* 2^50 - 2^0 */ mult(z2_50_0, t0, z2_10_0);
+
+    /* 2^51 - 2^1 */ square(t0, z2_50_0);
+    /* 2^52 - 2^2 */ square(t1, t0);
+    /* 2^100 - 2^50 */
+    for (i = 2; i < 50; i += 2) {
+        square(t0, t1);
+        square(t1, t0);
+    }
+    /* 2^100 - 2^0 */ mult(z2_100_0, t1, z2_50_0);
+
+    /* 2^101 - 2^1 */ square(t1, z2_100_0);
+    /* 2^102 - 2^2 */ square(t0, t1);
+    /* 2^200 - 2^100 */
+    for (i = 2; i < 100; i += 2) {
+        square(t1, t0);
+        square(t0, t1);
+    }
+    /* 2^200 - 2^0 */ mult(t1, t0, z2_100_0);
+
+    /* 2^201 - 2^1 */ square(t0, t1);
+    /* 2^202 - 2^2 */ square(t1, t0);
+    /* 2^250 - 2^50 */
+    for (i = 2; i < 50; i += 2) {
+        square(t0, t1);
+        square(t1, t0);
+    }
+    /* 2^250 - 2^0 */ mult(t0, t1, z2_50_0);
+
+    /* 2^251 - 2^1 */ square(t1, t0);
+    /* 2^252 - 2^2 */ square(t0, t1);
+    /* 2^253 - 2^3 */ square(t1, t0);
+    /* 2^254 - 2^4 */ square(t0, t1);
+    /* 2^255 - 2^5 */ square(t1, t0);
+    /* 2^255 - 21 */ mult(out, t1, z11);
+}
+
+/*
+ * Computes q = Curve25519(p, s)
+ */
+SECStatus
+ec_Curve25519_mul(PRUint8 *q, const PRUint8 *s, const PRUint8 *p)
+{
+    elem point = { 0 };
+    elem x_2 = { 0 };
+    elem z_2 = { 0 };
+    elem X = { 0 };
+    elem scalar = { 0 };
+    uint32_t i;
+
+    /* read and mask scalar */
+    for (i = 0; i < 32; ++i) {
+        scalar[i] = s[i];
+    }
+    scalar[0] &= 0xF8;
+    scalar[31] &= 0x7F;
+    scalar[31] |= 64;
+
+    /* read and mask point */
+    for (i = 0; i < 32; ++i) {
+        point[i] = p[i];
+    }
+    point[31] &= 0x7F;
+
+    monty(x_2, z_2, point, scalar);
+    recip(z_2, z_2);
+    mult(X, x_2, z_2);
+    reduce(X);
+    for (i = 0; i < 32; ++i) {
+        q[i] = X[i];
+    }
+    return 0;
+}
diff --git a/nss/lib/freebl/ecl/curve25519_64.c b/nss/lib/freebl/ecl/curve25519_64.c
new file mode 100644
index 0000000..89327ad
--- /dev/null
+++ b/nss/lib/freebl/ecl/curve25519_64.c
@@ -0,0 +1,514 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Derived from public domain C code by Adan Langley and Daniel J. Bernstein
+ */
+
+#include "uint128.h"
+
+#include "ecl-priv.h"
+#include "mpi.h"
+
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+typedef uint8_t u8;
+typedef uint64_t felem;
+
+/* Sum two numbers: output += in */
+static void
+fsum(felem *output, const felem *in)
+{
+    unsigned i;
+    for (i = 0; i < 5; ++i) {
+        output[i] += in[i];
+    }
+}
+
+/* Find the difference of two numbers: output = in - output
+ * (note the order of the arguments!)
+ */
+static void
+fdifference_backwards(felem *ioutput, const felem *iin)
+{
+    static const int64_t twotothe51 = ((int64_t)1l << 51);
+    const int64_t *in = (const int64_t *)iin;
+    int64_t *out = (int64_t *)ioutput;
+
+    out[0] = in[0] - out[0];
+    out[1] = in[1] - out[1];
+    out[2] = in[2] - out[2];
+    out[3] = in[3] - out[3];
+    out[4] = in[4] - out[4];
+
+    // An arithmetic shift right of 63 places turns a positive number to 0 and a
+    // negative number to all 1's. This gives us a bitmask that lets us avoid
+    // side-channel prone branches.
+    int64_t t;
+
+#define NEGCHAIN(a, b)        \
+    t = out[a] >> 63;         \
+    out[a] += twotothe51 & t; \
+    out[b] -= 1 & t;
+
+#define NEGCHAIN19(a, b)      \
+    t = out[a] >> 63;         \
+    out[a] += twotothe51 & t; \
+    out[b] -= 19 & t;
+
+    NEGCHAIN(0, 1);
+    NEGCHAIN(1, 2);
+    NEGCHAIN(2, 3);
+    NEGCHAIN(3, 4);
+    NEGCHAIN19(4, 0);
+    NEGCHAIN(0, 1);
+    NEGCHAIN(1, 2);
+    NEGCHAIN(2, 3);
+    NEGCHAIN(3, 4);
+}
+
+/* Multiply a number by a scalar: output = in * scalar */
+static void
+fscalar_product(felem *output, const felem *in,
+                const felem scalar)
+{
+    uint128_t tmp, tmp2;
+
+    tmp = mul6464(in[0], scalar);
+    output[0] = mask51(tmp);
+
+    tmp2 = mul6464(in[1], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[1] = mask51(tmp);
+
+    tmp2 = mul6464(in[2], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[2] = mask51(tmp);
+
+    tmp2 = mul6464(in[3], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[3] = mask51(tmp);
+
+    tmp2 = mul6464(in[4], scalar);
+    tmp = add128(tmp2, rshift128(tmp, 51));
+    output[4] = mask51(tmp);
+
+    output[0] += mask_lower(rshift128(tmp, 51)) * 19;
+}
+
+/* Multiply two numbers: output = in2 * in
+ *
+ * output must be distinct to both inputs. The inputs are reduced coefficient
+ * form, the output is not.
+ */
+static void
+fmul(felem *output, const felem *in2, const felem *in)
+{
+    uint128_t t0, t1, t2, t3, t4, t5, t6, t7, t8;
+
+    t0 = mul6464(in[0], in2[0]);
+    t1 = add128(mul6464(in[1], in2[0]), mul6464(in[0], in2[1]));
+    t2 = add128(add128(mul6464(in[0], in2[2]),
+                       mul6464(in[2], in2[0])),
+                mul6464(in[1], in2[1]));
+    t3 = add128(add128(add128(mul6464(in[0], in2[3]),
+                              mul6464(in[3], in2[0])),
+                       mul6464(in[1], in2[2])),
+                mul6464(in[2], in2[1]));
+    t4 = add128(add128(add128(add128(mul6464(in[0], in2[4]),
+                                     mul6464(in[4], in2[0])),
+                              mul6464(in[3], in2[1])),
+                       mul6464(in[1], in2[3])),
+                mul6464(in[2], in2[2]));
+    t5 = add128(add128(add128(mul6464(in[4], in2[1]),
+                              mul6464(in[1], in2[4])),
+                       mul6464(in[2], in2[3])),
+                mul6464(in[3], in2[2]));
+    t6 = add128(add128(mul6464(in[4], in2[2]),
+                       mul6464(in[2], in2[4])),
+                mul6464(in[3], in2[3]));
+    t7 = add128(mul6464(in[3], in2[4]), mul6464(in[4], in2[3]));
+    t8 = mul6464(in[4], in2[4]);
+
+    t0 = add128(t0, mul12819(t5));
+    t1 = add128(t1, mul12819(t6));
+    t2 = add128(t2, mul12819(t7));
+    t3 = add128(t3, mul12819(t8));
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t4 = add128(t4, rshift128(t3, 51));
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t1 = add128(t1, rshift128(t0, 51));
+    t2 = mask51full(t2);
+    t2 = add128(t2, rshift128(t1, 51));
+
+    output[0] = mask51(t0);
+    output[1] = mask51(t1);
+    output[2] = mask_lower(t2);
+    output[3] = mask51(t3);
+    output[4] = mask51(t4);
+}
+
+static void
+fsquare(felem *output, const felem *in)
+{
+    uint128_t t0, t1, t2, t3, t4, t5, t6, t7, t8;
+
+    t0 = mul6464(in[0], in[0]);
+    t1 = lshift128(mul6464(in[0], in[1]), 1);
+    t2 = add128(lshift128(mul6464(in[0], in[2]), 1),
+                mul6464(in[1], in[1]));
+    t3 = add128(lshift128(mul6464(in[0], in[3]), 1),
+                lshift128(mul6464(in[1], in[2]), 1));
+    t4 = add128(add128(lshift128(mul6464(in[0], in[4]), 1),
+                       lshift128(mul6464(in[3], in[1]), 1)),
+                mul6464(in[2], in[2]));
+    t5 = add128(lshift128(mul6464(in[4], in[1]), 1),
+                lshift128(mul6464(in[2], in[3]), 1));
+    t6 = add128(lshift128(mul6464(in[4], in[2]), 1),
+                mul6464(in[3], in[3]));
+    t7 = lshift128(mul6464(in[3], in[4]), 1);
+    t8 = mul6464(in[4], in[4]);
+
+    t0 = add128(t0, mul12819(t5));
+    t1 = add128(t1, mul12819(t6));
+    t2 = add128(t2, mul12819(t7));
+    t3 = add128(t3, mul12819(t8));
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t4 = add128(t4, rshift128(t3, 51));
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t1 = add128(t1, rshift128(t0, 51));
+
+    output[0] = mask51(t0);
+    output[1] = mask_lower(t1);
+    output[2] = mask51(t2);
+    output[3] = mask51(t3);
+    output[4] = mask51(t4);
+}
+
+/* Take a 32-byte number and expand it into polynomial form */
+static void NO_SANITIZE_ALIGNMENT
+fexpand(felem *output, const u8 *in)
+{
+    output[0] = *((const uint64_t *)(in)) & MASK51;
+    output[1] = (*((const uint64_t *)(in + 6)) >> 3) & MASK51;
+    output[2] = (*((const uint64_t *)(in + 12)) >> 6) & MASK51;
+    output[3] = (*((const uint64_t *)(in + 19)) >> 1) & MASK51;
+    output[4] = (*((const uint64_t *)(in + 25)) >> 4) & MASK51;
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * 32-byte array
+ */
+static void
+fcontract(u8 *output, const felem *input)
+{
+    uint128_t t0 = init128x(input[0]);
+    uint128_t t1 = init128x(input[1]);
+    uint128_t t2 = init128x(input[2]);
+    uint128_t t3 = init128x(input[3]);
+    uint128_t t4 = init128x(input[4]);
+    uint128_t tmp = init128x(19);
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t4 = mask51full(t4);
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t4 = mask51full(t4);
+
+    /* now t is between 0 and 2^255-1, properly carried. */
+    /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+
+    t0 = add128(t0, tmp);
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t0 = add128(t0, mul12819(rshift128(t4, 51)));
+    t4 = mask51full(t4);
+
+    /* now between 19 and 2^255-1 in both cases, and offset by 19. */
+
+    t0 = add128(t0, init128x(0x8000000000000 - 19));
+    tmp = init128x(0x8000000000000 - 1);
+    t1 = add128(t1, tmp);
+    t2 = add128(t2, tmp);
+    t3 = add128(t3, tmp);
+    t4 = add128(t4, tmp);
+
+    /* now between 2^255 and 2^256-20, and offset by 2^255. */
+
+    t1 = add128(t1, rshift128(t0, 51));
+    t0 = mask51full(t0);
+    t2 = add128(t2, rshift128(t1, 51));
+    t1 = mask51full(t1);
+    t3 = add128(t3, rshift128(t2, 51));
+    t2 = mask51full(t2);
+    t4 = add128(t4, rshift128(t3, 51));
+    t3 = mask51full(t3);
+    t4 = mask51full(t4);
+
+    *((uint64_t *)(output)) = mask_lower(t0) | mask_lower(t1) << 51;
+    *((uint64_t *)(output + 8)) = (mask_lower(t1) >> 13) | (mask_lower(t2) << 38);
+    *((uint64_t *)(output + 16)) = (mask_lower(t2) >> 26) | (mask_lower(t3) << 25);
+    *((uint64_t *)(output + 24)) = (mask_lower(t3) >> 39) | (mask_lower(t4) << 12);
+}
+
+/* Input: Q, Q', Q-Q'
+ * Output: 2Q, Q+Q'
+ *
+ *   x2 z3: long form
+ *   x3 z3: long form
+ *   x z: short form, destroyed
+ *   xprime zprime: short form, destroyed
+ *   qmqp: short form, preserved
+ */
+static void
+fmonty(felem *x2, felem *z2,         /* output 2Q */
+       felem *x3, felem *z3,         /* output Q + Q' */
+       felem *x, felem *z,           /* input Q */
+       felem *xprime, felem *zprime, /* input Q' */
+       const felem *qmqp /* input Q - Q' */)
+{
+    felem origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5], zzprime[5],
+        zzzprime[5];
+
+    memcpy(origx, x, 5 * sizeof(felem));
+    fsum(x, z);
+    fdifference_backwards(z, origx); // does x - z
+
+    memcpy(origxprime, xprime, sizeof(felem) * 5);
+    fsum(xprime, zprime);
+    fdifference_backwards(zprime, origxprime);
+    fmul(xxprime, xprime, z);
+    fmul(zzprime, x, zprime);
+    memcpy(origxprime, xxprime, sizeof(felem) * 5);
+    fsum(xxprime, zzprime);
+    fdifference_backwards(zzprime, origxprime);
+    fsquare(x3, xxprime);
+    fsquare(zzzprime, zzprime);
+    fmul(z3, zzzprime, qmqp);
+
+    fsquare(xx, x);
+    fsquare(zz, z);
+    fmul(x2, xx, zz);
+    fdifference_backwards(zz, xx); // does zz = xx - zz
+    fscalar_product(zzz, zz, 121665);
+    fsum(zzz, xx);
+    fmul(z2, zz, zzz);
+}
+
+// -----------------------------------------------------------------------------
+// Maybe swap the contents of two felem arrays (@a and @b), each @len elements
+// long. Perform the swap iff @swap is non-zero.
+//
+// This function performs the swap without leaking any side-channel
+// information.
+// -----------------------------------------------------------------------------
+static void
+swap_conditional(felem *a, felem *b, unsigned len, felem iswap)
+{
+    unsigned i;
+    const felem swap = 1 + ~iswap;
+
+    for (i = 0; i < len; ++i) {
+        const felem x = swap & (a[i] ^ b[i]);
+        a[i] ^= x;
+        b[i] ^= x;
+    }
+}
+
+/* Calculates nQ where Q is the x-coordinate of a point on the curve
+ *
+ *   resultx/resultz: the x coordinate of the resulting curve point (short form)
+ *   n: a 32-byte number
+ *   q: a point of the curve (short form)
+ */
+static void
+cmult(felem *resultx, felem *resultz, const u8 *n, const felem *q)
+{
+    felem a[5] = { 0 }, b[5] = { 1 }, c[5] = { 1 }, d[5] = { 0 };
+    felem *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
+    felem e[5] = { 0 }, f[5] = { 1 }, g[5] = { 0 }, h[5] = { 1 };
+    felem *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
+
+    unsigned i, j;
+
+    memcpy(nqpqx, q, sizeof(felem) * 5);
+
+    for (i = 0; i < 32; ++i) {
+        u8 byte = n[31 - i];
+        for (j = 0; j < 8; ++j) {
+            const felem bit = byte >> 7;
+
+            swap_conditional(nqx, nqpqx, 5, bit);
+            swap_conditional(nqz, nqpqz, 5, bit);
+            fmonty(nqx2, nqz2, nqpqx2, nqpqz2, nqx, nqz, nqpqx, nqpqz, q);
+            swap_conditional(nqx2, nqpqx2, 5, bit);
+            swap_conditional(nqz2, nqpqz2, 5, bit);
+
+            t = nqx;
+            nqx = nqx2;
+            nqx2 = t;
+            t = nqz;
+            nqz = nqz2;
+            nqz2 = t;
+            t = nqpqx;
+            nqpqx = nqpqx2;
+            nqpqx2 = t;
+            t = nqpqz;
+            nqpqz = nqpqz2;
+            nqpqz2 = t;
+
+            byte <<= 1;
+        }
+    }
+
+    memcpy(resultx, nqx, sizeof(felem) * 5);
+    memcpy(resultz, nqz, sizeof(felem) * 5);
+}
+
+// -----------------------------------------------------------------------------
+// Shamelessly copied from djb's code
+// -----------------------------------------------------------------------------
+static void
+crecip(felem *out, const felem *z)
+{
+    felem z2[5];
+    felem z9[5];
+    felem z11[5];
+    felem z2_5_0[5];
+    felem z2_10_0[5];
+    felem z2_20_0[5];
+    felem z2_50_0[5];
+    felem z2_100_0[5];
+    felem t0[5];
+    felem t1[5];
+    int i;
+
+    /* 2 */ fsquare(z2, z);
+    /* 4 */ fsquare(t1, z2);
+    /* 8 */ fsquare(t0, t1);
+    /* 9 */ fmul(z9, t0, z);
+    /* 11 */ fmul(z11, z9, z2);
+    /* 22 */ fsquare(t0, z11);
+    /* 2^5 - 2^0 = 31 */ fmul(z2_5_0, t0, z9);
+
+    /* 2^6 - 2^1 */ fsquare(t0, z2_5_0);
+    /* 2^7 - 2^2 */ fsquare(t1, t0);
+    /* 2^8 - 2^3 */ fsquare(t0, t1);
+    /* 2^9 - 2^4 */ fsquare(t1, t0);
+    /* 2^10 - 2^5 */ fsquare(t0, t1);
+    /* 2^10 - 2^0 */ fmul(z2_10_0, t0, z2_5_0);
+
+    /* 2^11 - 2^1 */ fsquare(t0, z2_10_0);
+    /* 2^12 - 2^2 */ fsquare(t1, t0);
+    /* 2^20 - 2^10 */ for (i = 2; i < 10; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^20 - 2^0 */ fmul(z2_20_0, t1, z2_10_0);
+
+    /* 2^21 - 2^1 */ fsquare(t0, z2_20_0);
+    /* 2^22 - 2^2 */ fsquare(t1, t0);
+    /* 2^40 - 2^20 */ for (i = 2; i < 20; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^40 - 2^0 */ fmul(t0, t1, z2_20_0);
+
+    /* 2^41 - 2^1 */ fsquare(t1, t0);
+    /* 2^42 - 2^2 */ fsquare(t0, t1);
+    /* 2^50 - 2^10 */ for (i = 2; i < 10; i += 2) {
+        fsquare(t1, t0);
+        fsquare(t0, t1);
+    }
+    /* 2^50 - 2^0 */ fmul(z2_50_0, t0, z2_10_0);
+
+    /* 2^51 - 2^1 */ fsquare(t0, z2_50_0);
+    /* 2^52 - 2^2 */ fsquare(t1, t0);
+    /* 2^100 - 2^50 */ for (i = 2; i < 50; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^100 - 2^0 */ fmul(z2_100_0, t1, z2_50_0);
+
+    /* 2^101 - 2^1 */ fsquare(t1, z2_100_0);
+    /* 2^102 - 2^2 */ fsquare(t0, t1);
+    /* 2^200 - 2^100 */ for (i = 2; i < 100; i += 2) {
+        fsquare(t1, t0);
+        fsquare(t0, t1);
+    }
+    /* 2^200 - 2^0 */ fmul(t1, t0, z2_100_0);
+
+    /* 2^201 - 2^1 */ fsquare(t0, t1);
+    /* 2^202 - 2^2 */ fsquare(t1, t0);
+    /* 2^250 - 2^50 */ for (i = 2; i < 50; i += 2) {
+        fsquare(t0, t1);
+        fsquare(t1, t0);
+    }
+    /* 2^250 - 2^0 */ fmul(t0, t1, z2_50_0);
+
+    /* 2^251 - 2^1 */ fsquare(t1, t0);
+    /* 2^252 - 2^2 */ fsquare(t0, t1);
+    /* 2^253 - 2^3 */ fsquare(t1, t0);
+    /* 2^254 - 2^4 */ fsquare(t0, t1);
+    /* 2^255 - 2^5 */ fsquare(t1, t0);
+    /* 2^255 - 21 */ fmul(out, t1, z11);
+}
+
+SECStatus
+ec_Curve25519_mul(uint8_t *mypublic, const uint8_t *secret,
+                  const uint8_t *basepoint)
+{
+    felem bp[5], x[5], z[5], zmone[5];
+    uint8_t e[32];
+    int i;
+
+    for (i = 0; i < 32; ++i) {
+        e[i] = secret[i];
+    }
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+    fexpand(bp, basepoint);
+    cmult(x, z, e, bp);
+    crecip(zmone, z);
+    fmul(z, x, zmone);
+    fcontract(mypublic, z);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/ecl/ec2.h b/nss/lib/freebl/ecl/ec2.h
new file mode 100644
index 0000000..c98057f
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec2.h
@@ -0,0 +1,92 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ec2_h_
+#define __ec2_h_
+
+#include "ecl-priv.h"
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py);
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py);
+
+/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx,
+ * qy). Uses affine coordinates. */
+mp_err ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py,
+                          const mp_int *qx, const mp_int *qy, mp_int *rx,
+                          mp_int *ry, const ECGroup *group);
+
+/* Computes R = P - Q.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py,
+                          const mp_int *qx, const mp_int *qy, mp_int *rx,
+                          mp_int *ry, const ECGroup *group);
+
+/* Computes R = 2P.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+                          mp_int *ry, const ECGroup *group);
+
+/* Validates a point on a GF2m curve. */
+mp_err ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group);
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the irreducible that
+ * determines the field GF2m.  Uses affine coordinates. */
+mp_err ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px,
+                          const mp_int *py, mp_int *rx, mp_int *ry,
+                          const ECGroup *group);
+#endif
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the irreducible that
+ * determines the field GF2m.  Uses Montgomery projective coordinates. */
+mp_err ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px,
+                           const mp_int *py, mp_int *rx, mp_int *ry,
+                           const ECGroup *group);
+
+#ifdef ECL_ENABLE_GF2M_PROJ
+/* Converts a point P(px, py) from affine coordinates to projective
+ * coordinates R(rx, ry, rz). */
+mp_err ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
+                           mp_int *ry, mp_int *rz, const ECGroup *group);
+
+/* Converts a point P(px, py, pz) from projective coordinates to affine
+ * coordinates R(rx, ry). */
+mp_err ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py,
+                           const mp_int *pz, mp_int *rx, mp_int *ry,
+                           const ECGroup *group);
+
+/* Checks if point P(px, py, pz) is at infinity.  Uses projective
+ * coordinates. */
+mp_err ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
+                              const mp_int *pz);
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses projective
+ * coordinates. */
+mp_err ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz);
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, qz).  Uses projective coordinates. */
+mp_err ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py,
+                           const mp_int *pz, const mp_int *qx,
+                           const mp_int *qy, mp_int *rx, mp_int *ry,
+                           mp_int *rz, const ECGroup *group);
+
+/* Computes R = 2P.  Uses projective coordinates. */
+mp_err ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py,
+                           const mp_int *pz, mp_int *rx, mp_int *ry,
+                           mp_int *rz, const ECGroup *group);
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GF2m.  Uses projective coordinates. */
+mp_err ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px,
+                           const mp_int *py, mp_int *rx, mp_int *ry,
+                           const ECGroup *group);
+#endif
+
+#endif /* __ec2_h_ */
diff --git a/nss/lib/freebl/ecl/ec2_163.c b/nss/lib/freebl/ecl/ec2_163.c
new file mode 100644
index 0000000..da1a36b
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec2_163.c
@@ -0,0 +1,223 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ec2.h"
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast reduction for polynomials over a 163-bit curve. Assumes reduction
+ * polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit *u, z;
+
+    if (a != r) {
+        MP_CHECKOK(mp_copy(a, r));
+    }
+#ifdef ECL_SIXTY_FOUR_BIT
+    if (MP_USED(r) < 6) {
+        MP_CHECKOK(s_mp_pad(r, 6));
+    }
+    u = MP_DIGITS(r);
+    MP_USED(r) = 6;
+
+    /* u[5] only has 6 significant bits */
+    z = u[5];
+    u[2] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+    z = u[4];
+    u[2] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+    u[1] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+    z = u[3];
+    u[1] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+    u[0] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+    z = u[2] >> 35; /* z only has 29 significant bits */
+    u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+    /* clear bits above 163 */
+    u[5] = u[4] = u[3] = 0;
+    u[2] ^= z << 35;
+#else
+    if (MP_USED(r) < 11) {
+        MP_CHECKOK(s_mp_pad(r, 11));
+    }
+    u = MP_DIGITS(r);
+    MP_USED(r) = 11;
+
+    /* u[11] only has 6 significant bits */
+    z = u[10];
+    u[5] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+    u[4] ^= (z << 29);
+    z = u[9];
+    u[5] ^= (z >> 28) ^ (z >> 29);
+    u[4] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+    u[3] ^= (z << 29);
+    z = u[8];
+    u[4] ^= (z >> 28) ^ (z >> 29);
+    u[3] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+    u[2] ^= (z << 29);
+    z = u[7];
+    u[3] ^= (z >> 28) ^ (z >> 29);
+    u[2] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+    u[1] ^= (z << 29);
+    z = u[6];
+    u[2] ^= (z >> 28) ^ (z >> 29);
+    u[1] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+    u[0] ^= (z << 29);
+    z = u[5] >> 3; /* z only has 29 significant bits */
+    u[1] ^= (z >> 25) ^ (z >> 26);
+    u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+    /* clear bits above 163 */
+    u[11] = u[10] = u[9] = u[8] = u[7] = u[6] = 0;
+    u[5] ^= z << 3;
+#endif
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* Fast squaring for polynomials over a 163-bit curve. Assumes reduction
+ * polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit *u, *v;
+
+    v = MP_DIGITS(a);
+
+#ifdef ECL_SIXTY_FOUR_BIT
+    if (MP_USED(a) < 3) {
+        return mp_bsqrmod(a, meth->irr_arr, r);
+    }
+    if (MP_USED(r) < 6) {
+        MP_CHECKOK(s_mp_pad(r, 6));
+    }
+    MP_USED(r) = 6;
+#else
+    if (MP_USED(a) < 6) {
+        return mp_bsqrmod(a, meth->irr_arr, r);
+    }
+    if (MP_USED(r) < 12) {
+        MP_CHECKOK(s_mp_pad(r, 12));
+    }
+    MP_USED(r) = 12;
+#endif
+    u = MP_DIGITS(r);
+
+#ifdef ECL_THIRTY_TWO_BIT
+    u[11] = gf2m_SQR1(v[5]);
+    u[10] = gf2m_SQR0(v[5]);
+    u[9] = gf2m_SQR1(v[4]);
+    u[8] = gf2m_SQR0(v[4]);
+    u[7] = gf2m_SQR1(v[3]);
+    u[6] = gf2m_SQR0(v[3]);
+#endif
+    u[5] = gf2m_SQR1(v[2]);
+    u[4] = gf2m_SQR0(v[2]);
+    u[3] = gf2m_SQR1(v[1]);
+    u[2] = gf2m_SQR0(v[1]);
+    u[1] = gf2m_SQR1(v[0]);
+    u[0] = gf2m_SQR0(v[0]);
+    return ec_GF2m_163_mod(r, r, meth);
+
+CLEANUP:
+    return res;
+}
+
+/* Fast multiplication for polynomials over a 163-bit curve. Assumes
+ * reduction polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a2 = 0, a1 = 0, a0, b2 = 0, b1 = 0, b0;
+
+#ifdef ECL_THIRTY_TWO_BIT
+    mp_digit a5 = 0, a4 = 0, a3 = 0, b5 = 0, b4 = 0, b3 = 0;
+    mp_digit rm[6];
+#endif
+
+    if (a == b) {
+        return ec_GF2m_163_sqr(a, r, meth);
+    } else {
+        switch (MP_USED(a)) {
+#ifdef ECL_THIRTY_TWO_BIT
+            case 6:
+                a5 = MP_DIGIT(a, 5);
+            case 5:
+                a4 = MP_DIGIT(a, 4);
+            case 4:
+                a3 = MP_DIGIT(a, 3);
+#endif
+            case 3:
+                a2 = MP_DIGIT(a, 2);
+            case 2:
+                a1 = MP_DIGIT(a, 1);
+            default:
+                a0 = MP_DIGIT(a, 0);
+        }
+        switch (MP_USED(b)) {
+#ifdef ECL_THIRTY_TWO_BIT
+            case 6:
+                b5 = MP_DIGIT(b, 5);
+            case 5:
+                b4 = MP_DIGIT(b, 4);
+            case 4:
+                b3 = MP_DIGIT(b, 3);
+#endif
+            case 3:
+                b2 = MP_DIGIT(b, 2);
+            case 2:
+                b1 = MP_DIGIT(b, 1);
+            default:
+                b0 = MP_DIGIT(b, 0);
+        }
+#ifdef ECL_SIXTY_FOUR_BIT
+        MP_CHECKOK(s_mp_pad(r, 6));
+        s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+        MP_USED(r) = 6;
+        s_mp_clamp(r);
+#else
+        MP_CHECKOK(s_mp_pad(r, 12));
+        s_bmul_3x3(MP_DIGITS(r) + 6, a5, a4, a3, b5, b4, b3);
+        s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+        s_bmul_3x3(rm, a5 ^ a2, a4 ^ a1, a3 ^ a0, b5 ^ b2, b4 ^ b1,
+                   b3 ^ b0);
+        rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 11);
+        rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 10);
+        rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 9);
+        rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 8);
+        rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 7);
+        rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 6);
+        MP_DIGIT(r, 8) ^= rm[5];
+        MP_DIGIT(r, 7) ^= rm[4];
+        MP_DIGIT(r, 6) ^= rm[3];
+        MP_DIGIT(r, 5) ^= rm[2];
+        MP_DIGIT(r, 4) ^= rm[1];
+        MP_DIGIT(r, 3) ^= rm[0];
+        MP_USED(r) = 12;
+        s_mp_clamp(r);
+#endif
+        return ec_GF2m_163_mod(r, r, meth);
+    }
+
+CLEANUP:
+    return res;
+}
+
+/* Wire in fast field arithmetic for 163-bit curves. */
+mp_err
+ec_group_set_gf2m163(ECGroup *group, ECCurveName name)
+{
+    group->meth->field_mod = &ec_GF2m_163_mod;
+    group->meth->field_mul = &ec_GF2m_163_mul;
+    group->meth->field_sqr = &ec_GF2m_163_sqr;
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ec2_193.c b/nss/lib/freebl/ecl/ec2_193.c
new file mode 100644
index 0000000..cd9bb0f
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec2_193.c
@@ -0,0 +1,240 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ec2.h"
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast reduction for polynomials over a 193-bit curve. Assumes reduction
+ * polynomial with terms {193, 15, 0}. */
+mp_err
+ec_GF2m_193_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit *u, z;
+
+    if (a != r) {
+        MP_CHECKOK(mp_copy(a, r));
+    }
+#ifdef ECL_SIXTY_FOUR_BIT
+    if (MP_USED(r) < 7) {
+        MP_CHECKOK(s_mp_pad(r, 7));
+    }
+    u = MP_DIGITS(r);
+    MP_USED(r) = 7;
+
+    /* u[6] only has 2 significant bits */
+    z = u[6];
+    u[3] ^= (z << 14) ^ (z >> 1);
+    u[2] ^= (z << 63);
+    z = u[5];
+    u[3] ^= (z >> 50);
+    u[2] ^= (z << 14) ^ (z >> 1);
+    u[1] ^= (z << 63);
+    z = u[4];
+    u[2] ^= (z >> 50);
+    u[1] ^= (z << 14) ^ (z >> 1);
+    u[0] ^= (z << 63);
+    z = u[3] >> 1; /* z only has 63 significant bits */
+    u[1] ^= (z >> 49);
+    u[0] ^= (z << 15) ^ z;
+    /* clear bits above 193 */
+    u[6] = u[5] = u[4] = 0;
+    u[3] ^= z << 1;
+#else
+    if (MP_USED(r) < 13) {
+        MP_CHECKOK(s_mp_pad(r, 13));
+    }
+    u = MP_DIGITS(r);
+    MP_USED(r) = 13;
+
+    /* u[12] only has 2 significant bits */
+    z = u[12];
+    u[6] ^= (z << 14) ^ (z >> 1);
+    u[5] ^= (z << 31);
+    z = u[11];
+    u[6] ^= (z >> 18);
+    u[5] ^= (z << 14) ^ (z >> 1);
+    u[4] ^= (z << 31);
+    z = u[10];
+    u[5] ^= (z >> 18);
+    u[4] ^= (z << 14) ^ (z >> 1);
+    u[3] ^= (z << 31);
+    z = u[9];
+    u[4] ^= (z >> 18);
+    u[3] ^= (z << 14) ^ (z >> 1);
+    u[2] ^= (z << 31);
+    z = u[8];
+    u[3] ^= (z >> 18);
+    u[2] ^= (z << 14) ^ (z >> 1);
+    u[1] ^= (z << 31);
+    z = u[7];
+    u[2] ^= (z >> 18);
+    u[1] ^= (z << 14) ^ (z >> 1);
+    u[0] ^= (z << 31);
+    z = u[6] >> 1; /* z only has 31 significant bits */
+    u[1] ^= (z >> 17);
+    u[0] ^= (z << 15) ^ z;
+    /* clear bits above 193 */
+    u[12] = u[11] = u[10] = u[9] = u[8] = u[7] = 0;
+    u[6] ^= z << 1;
+#endif
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* Fast squaring for polynomials over a 193-bit curve. Assumes reduction
+ * polynomial with terms {193, 15, 0}. */
+mp_err
+ec_GF2m_193_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit *u, *v;
+
+    v = MP_DIGITS(a);
+
+#ifdef ECL_SIXTY_FOUR_BIT
+    if (MP_USED(a) < 4) {
+        return mp_bsqrmod(a, meth->irr_arr, r);
+    }
+    if (MP_USED(r) < 7) {
+        MP_CHECKOK(s_mp_pad(r, 7));
+    }
+    MP_USED(r) = 7;
+#else
+    if (MP_USED(a) < 7) {
+        return mp_bsqrmod(a, meth->irr_arr, r);
+    }
+    if (MP_USED(r) < 13) {
+        MP_CHECKOK(s_mp_pad(r, 13));
+    }
+    MP_USED(r) = 13;
+#endif
+    u = MP_DIGITS(r);
+
+#ifdef ECL_THIRTY_TWO_BIT
+    u[12] = gf2m_SQR0(v[6]);
+    u[11] = gf2m_SQR1(v[5]);
+    u[10] = gf2m_SQR0(v[5]);
+    u[9] = gf2m_SQR1(v[4]);
+    u[8] = gf2m_SQR0(v[4]);
+    u[7] = gf2m_SQR1(v[3]);
+#endif
+    u[6] = gf2m_SQR0(v[3]);
+    u[5] = gf2m_SQR1(v[2]);
+    u[4] = gf2m_SQR0(v[2]);
+    u[3] = gf2m_SQR1(v[1]);
+    u[2] = gf2m_SQR0(v[1]);
+    u[1] = gf2m_SQR1(v[0]);
+    u[0] = gf2m_SQR0(v[0]);
+    return ec_GF2m_193_mod(r, r, meth);
+
+CLEANUP:
+    return res;
+}
+
+/* Fast multiplication for polynomials over a 193-bit curve. Assumes
+ * reduction polynomial with terms {193, 15, 0}. */
+mp_err
+ec_GF2m_193_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
+
+#ifdef ECL_THIRTY_TWO_BIT
+    mp_digit a6 = 0, a5 = 0, a4 = 0, b6 = 0, b5 = 0, b4 = 0;
+    mp_digit rm[8];
+#endif
+
+    if (a == b) {
+        return ec_GF2m_193_sqr(a, r, meth);
+    } else {
+        switch (MP_USED(a)) {
+#ifdef ECL_THIRTY_TWO_BIT
+            case 7:
+                a6 = MP_DIGIT(a, 6);
+            case 6:
+                a5 = MP_DIGIT(a, 5);
+            case 5:
+                a4 = MP_DIGIT(a, 4);
+#endif
+            case 4:
+                a3 = MP_DIGIT(a, 3);
+            case 3:
+                a2 = MP_DIGIT(a, 2);
+            case 2:
+                a1 = MP_DIGIT(a, 1);
+            default:
+                a0 = MP_DIGIT(a, 0);
+        }
+        switch (MP_USED(b)) {
+#ifdef ECL_THIRTY_TWO_BIT
+            case 7:
+                b6 = MP_DIGIT(b, 6);
+            case 6:
+                b5 = MP_DIGIT(b, 5);
+            case 5:
+                b4 = MP_DIGIT(b, 4);
+#endif
+            case 4:
+                b3 = MP_DIGIT(b, 3);
+            case 3:
+                b2 = MP_DIGIT(b, 2);
+            case 2:
+                b1 = MP_DIGIT(b, 1);
+            default:
+                b0 = MP_DIGIT(b, 0);
+        }
+#ifdef ECL_SIXTY_FOUR_BIT
+        MP_CHECKOK(s_mp_pad(r, 8));
+        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+        MP_USED(r) = 8;
+        s_mp_clamp(r);
+#else
+        MP_CHECKOK(s_mp_pad(r, 14));
+        s_bmul_3x3(MP_DIGITS(r) + 8, a6, a5, a4, b6, b5, b4);
+        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+        s_bmul_4x4(rm, a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b3, b6 ^ b2, b5 ^ b1,
+                   b4 ^ b0);
+        rm[7] ^= MP_DIGIT(r, 7);
+        rm[6] ^= MP_DIGIT(r, 6);
+        rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
+        rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
+        rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
+        rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
+        rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
+        rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
+        MP_DIGIT(r, 11) ^= rm[7];
+        MP_DIGIT(r, 10) ^= rm[6];
+        MP_DIGIT(r, 9) ^= rm[5];
+        MP_DIGIT(r, 8) ^= rm[4];
+        MP_DIGIT(r, 7) ^= rm[3];
+        MP_DIGIT(r, 6) ^= rm[2];
+        MP_DIGIT(r, 5) ^= rm[1];
+        MP_DIGIT(r, 4) ^= rm[0];
+        MP_USED(r) = 14;
+        s_mp_clamp(r);
+#endif
+        return ec_GF2m_193_mod(r, r, meth);
+    }
+
+CLEANUP:
+    return res;
+}
+
+/* Wire in fast field arithmetic for 193-bit curves. */
+mp_err
+ec_group_set_gf2m193(ECGroup *group, ECCurveName name)
+{
+    group->meth->field_mod = &ec_GF2m_193_mod;
+    group->meth->field_mul = &ec_GF2m_193_mul;
+    group->meth->field_sqr = &ec_GF2m_193_sqr;
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ec2_233.c b/nss/lib/freebl/ecl/ec2_233.c
new file mode 100644
index 0000000..c670f2f
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec2_233.c
@@ -0,0 +1,263 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ec2.h"
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Fast reduction for polynomials over a 233-bit curve. Assumes reduction
+ * polynomial with terms {233, 74, 0}. */
+mp_err
+ec_GF2m_233_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit *u, z;
+
+    if (a != r) {
+        MP_CHECKOK(mp_copy(a, r));
+    }
+#ifdef ECL_SIXTY_FOUR_BIT
+    if (MP_USED(r) < 8) {
+        MP_CHECKOK(s_mp_pad(r, 8));
+    }
+    u = MP_DIGITS(r);
+    MP_USED(r) = 8;
+
+    /* u[7] only has 18 significant bits */
+    z = u[7];
+    u[4] ^= (z << 33) ^ (z >> 41);
+    u[3] ^= (z << 23);
+    z = u[6];
+    u[4] ^= (z >> 31);
+    u[3] ^= (z << 33) ^ (z >> 41);
+    u[2] ^= (z << 23);
+    z = u[5];
+    u[3] ^= (z >> 31);
+    u[2] ^= (z << 33) ^ (z >> 41);
+    u[1] ^= (z << 23);
+    z = u[4];
+    u[2] ^= (z >> 31);
+    u[1] ^= (z << 33) ^ (z >> 41);
+    u[0] ^= (z << 23);
+    z = u[3] >> 41; /* z only has 23 significant bits */
+    u[1] ^= (z << 10);
+    u[0] ^= z;
+    /* clear bits above 233 */
+    u[7] = u[6] = u[5] = u[4] = 0;
+    u[3] ^= z << 41;
+#else
+    if (MP_USED(r) < 15) {
+        MP_CHECKOK(s_mp_pad(r, 15));
+    }
+    u = MP_DIGITS(r);
+    MP_USED(r) = 15;
+
+    /* u[14] only has 18 significant bits */
+    z = u[14];
+    u[9] ^= (z << 1);
+    u[7] ^= (z >> 9);
+    u[6] ^= (z << 23);
+    z = u[13];
+    u[9] ^= (z >> 31);
+    u[8] ^= (z << 1);
+    u[6] ^= (z >> 9);
+    u[5] ^= (z << 23);
+    z = u[12];
+    u[8] ^= (z >> 31);
+    u[7] ^= (z << 1);
+    u[5] ^= (z >> 9);
+    u[4] ^= (z << 23);
+    z = u[11];
+    u[7] ^= (z >> 31);
+    u[6] ^= (z << 1);
+    u[4] ^= (z >> 9);
+    u[3] ^= (z << 23);
+    z = u[10];
+    u[6] ^= (z >> 31);
+    u[5] ^= (z << 1);
+    u[3] ^= (z >> 9);
+    u[2] ^= (z << 23);
+    z = u[9];
+    u[5] ^= (z >> 31);
+    u[4] ^= (z << 1);
+    u[2] ^= (z >> 9);
+    u[1] ^= (z << 23);
+    z = u[8];
+    u[4] ^= (z >> 31);
+    u[3] ^= (z << 1);
+    u[1] ^= (z >> 9);
+    u[0] ^= (z << 23);
+    z = u[7] >> 9; /* z only has 23 significant bits */
+    u[3] ^= (z >> 22);
+    u[2] ^= (z << 10);
+    u[0] ^= z;
+    /* clear bits above 233 */
+    u[14] = u[13] = u[12] = u[11] = u[10] = u[9] = u[8] = 0;
+    u[7] ^= z << 9;
+#endif
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* Fast squaring for polynomials over a 233-bit curve. Assumes reduction
+ * polynomial with terms {233, 74, 0}. */
+mp_err
+ec_GF2m_233_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit *u, *v;
+
+    v = MP_DIGITS(a);
+
+#ifdef ECL_SIXTY_FOUR_BIT
+    if (MP_USED(a) < 4) {
+        return mp_bsqrmod(a, meth->irr_arr, r);
+    }
+    if (MP_USED(r) < 8) {
+        MP_CHECKOK(s_mp_pad(r, 8));
+    }
+    MP_USED(r) = 8;
+#else
+    if (MP_USED(a) < 8) {
+        return mp_bsqrmod(a, meth->irr_arr, r);
+    }
+    if (MP_USED(r) < 15) {
+        MP_CHECKOK(s_mp_pad(r, 15));
+    }
+    MP_USED(r) = 15;
+#endif
+    u = MP_DIGITS(r);
+
+#ifdef ECL_THIRTY_TWO_BIT
+    u[14] = gf2m_SQR0(v[7]);
+    u[13] = gf2m_SQR1(v[6]);
+    u[12] = gf2m_SQR0(v[6]);
+    u[11] = gf2m_SQR1(v[5]);
+    u[10] = gf2m_SQR0(v[5]);
+    u[9] = gf2m_SQR1(v[4]);
+    u[8] = gf2m_SQR0(v[4]);
+#endif
+    u[7] = gf2m_SQR1(v[3]);
+    u[6] = gf2m_SQR0(v[3]);
+    u[5] = gf2m_SQR1(v[2]);
+    u[4] = gf2m_SQR0(v[2]);
+    u[3] = gf2m_SQR1(v[1]);
+    u[2] = gf2m_SQR0(v[1]);
+    u[1] = gf2m_SQR1(v[0]);
+    u[0] = gf2m_SQR0(v[0]);
+    return ec_GF2m_233_mod(r, r, meth);
+
+CLEANUP:
+    return res;
+}
+
+/* Fast multiplication for polynomials over a 233-bit curve. Assumes
+ * reduction polynomial with terms {233, 74, 0}. */
+mp_err
+ec_GF2m_233_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a3 = 0, a2 = 0, a1 = 0, a0, b3 = 0, b2 = 0, b1 = 0, b0;
+
+#ifdef ECL_THIRTY_TWO_BIT
+    mp_digit a7 = 0, a6 = 0, a5 = 0, a4 = 0, b7 = 0, b6 = 0, b5 = 0, b4 =
+                                                                         0;
+    mp_digit rm[8];
+#endif
+
+    if (a == b) {
+        return ec_GF2m_233_sqr(a, r, meth);
+    } else {
+        switch (MP_USED(a)) {
+#ifdef ECL_THIRTY_TWO_BIT
+            case 8:
+                a7 = MP_DIGIT(a, 7);
+            case 7:
+                a6 = MP_DIGIT(a, 6);
+            case 6:
+                a5 = MP_DIGIT(a, 5);
+            case 5:
+                a4 = MP_DIGIT(a, 4);
+#endif
+            case 4:
+                a3 = MP_DIGIT(a, 3);
+            case 3:
+                a2 = MP_DIGIT(a, 2);
+            case 2:
+                a1 = MP_DIGIT(a, 1);
+            default:
+                a0 = MP_DIGIT(a, 0);
+        }
+        switch (MP_USED(b)) {
+#ifdef ECL_THIRTY_TWO_BIT
+            case 8:
+                b7 = MP_DIGIT(b, 7);
+            case 7:
+                b6 = MP_DIGIT(b, 6);
+            case 6:
+                b5 = MP_DIGIT(b, 5);
+            case 5:
+                b4 = MP_DIGIT(b, 4);
+#endif
+            case 4:
+                b3 = MP_DIGIT(b, 3);
+            case 3:
+                b2 = MP_DIGIT(b, 2);
+            case 2:
+                b1 = MP_DIGIT(b, 1);
+            default:
+                b0 = MP_DIGIT(b, 0);
+        }
+#ifdef ECL_SIXTY_FOUR_BIT
+        MP_CHECKOK(s_mp_pad(r, 8));
+        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+        MP_USED(r) = 8;
+        s_mp_clamp(r);
+#else
+        MP_CHECKOK(s_mp_pad(r, 16));
+        s_bmul_4x4(MP_DIGITS(r) + 8, a7, a6, a5, a4, b7, b6, b5, b4);
+        s_bmul_4x4(MP_DIGITS(r), a3, a2, a1, a0, b3, b2, b1, b0);
+        s_bmul_4x4(rm, a7 ^ a3, a6 ^ a2, a5 ^ a1, a4 ^ a0, b7 ^ b3,
+                   b6 ^ b2, b5 ^ b1, b4 ^ b0);
+        rm[7] ^= MP_DIGIT(r, 7) ^ MP_DIGIT(r, 15);
+        rm[6] ^= MP_DIGIT(r, 6) ^ MP_DIGIT(r, 14);
+        rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 13);
+        rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 12);
+        rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 11);
+        rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 10);
+        rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 9);
+        rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 8);
+        MP_DIGIT(r, 11) ^= rm[7];
+        MP_DIGIT(r, 10) ^= rm[6];
+        MP_DIGIT(r, 9) ^= rm[5];
+        MP_DIGIT(r, 8) ^= rm[4];
+        MP_DIGIT(r, 7) ^= rm[3];
+        MP_DIGIT(r, 6) ^= rm[2];
+        MP_DIGIT(r, 5) ^= rm[1];
+        MP_DIGIT(r, 4) ^= rm[0];
+        MP_USED(r) = 16;
+        s_mp_clamp(r);
+#endif
+        return ec_GF2m_233_mod(r, r, meth);
+    }
+
+CLEANUP:
+    return res;
+}
+
+/* Wire in fast field arithmetic for 233-bit curves. */
+mp_err
+ec_group_set_gf2m233(ECGroup *group, ECCurveName name)
+{
+    group->meth->field_mod = &ec_GF2m_233_mod;
+    group->meth->field_mul = &ec_GF2m_233_mul;
+    group->meth->field_sqr = &ec_GF2m_233_sqr;
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ec2_aff.c b/nss/lib/freebl/ecl/ec2_aff.c
new file mode 100644
index 0000000..e65098b
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec2_aff.c
@@ -0,0 +1,298 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ec2.h"
+#include "mplogic.h"
+#include "mp_gf2m.h"
+#include <stdlib.h>
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_is_inf_aff(const mp_int *px, const mp_int *py)
+{
+
+    if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
+        return MP_YES;
+    } else {
+        return MP_NO;
+    }
+}
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_set_inf_aff(mp_int *px, mp_int *py)
+{
+    mp_zero(px);
+    mp_zero(py);
+    return MP_OKAY;
+}
+
+/* Computes R = P + Q based on IEEE P1363 A.10.2. Elliptic curve points P,
+ * Q, and R can all be identical. Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+                   const mp_int *qy, mp_int *rx, mp_int *ry,
+                   const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int lambda, tempx, tempy;
+
+    MP_DIGITS(&lambda) = 0;
+    MP_DIGITS(&tempx) = 0;
+    MP_DIGITS(&tempy) = 0;
+    MP_CHECKOK(mp_init(&lambda));
+    MP_CHECKOK(mp_init(&tempx));
+    MP_CHECKOK(mp_init(&tempy));
+    /* if P = inf, then R = Q */
+    if (ec_GF2m_pt_is_inf_aff(px, py) == 0) {
+        MP_CHECKOK(mp_copy(qx, rx));
+        MP_CHECKOK(mp_copy(qy, ry));
+        res = MP_OKAY;
+        goto CLEANUP;
+    }
+    /* if Q = inf, then R = P */
+    if (ec_GF2m_pt_is_inf_aff(qx, qy) == 0) {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+        res = MP_OKAY;
+        goto CLEANUP;
+    }
+    /* if px != qx, then lambda = (py+qy) / (px+qx), tempx = a + lambda^2
+     * + lambda + px + qx */
+    if (mp_cmp(px, qx) != 0) {
+        MP_CHECKOK(group->meth->field_add(py, qy, &tempy, group->meth));
+        MP_CHECKOK(group->meth->field_add(px, qx, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_div(&tempy, &tempx, &lambda, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_add(&tempx, &lambda, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_add(&tempx, px, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_add(&tempx, qx, &tempx, group->meth));
+    } else {
+        /* if py != qy or qx = 0, then R = inf */
+        if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qx) == 0)) {
+            mp_zero(rx);
+            mp_zero(ry);
+            res = MP_OKAY;
+            goto CLEANUP;
+        }
+        /* lambda = qx + qy / qx */
+        MP_CHECKOK(group->meth->field_div(qy, qx, &lambda, group->meth));
+        MP_CHECKOK(group->meth->field_add(&lambda, qx, &lambda, group->meth));
+        /* tempx = a + lambda^2 + lambda */
+        MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_add(&tempx, &lambda, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
+    }
+    /* ry = (qx + tempx) * lambda + tempx + qy */
+    MP_CHECKOK(group->meth->field_add(qx, &tempx, &tempy, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&tempy, &lambda, &tempy, group->meth));
+    MP_CHECKOK(group->meth->field_add(&tempy, &tempx, &tempy, group->meth));
+    MP_CHECKOK(group->meth->field_add(&tempy, qy, ry, group->meth));
+    /* rx = tempx */
+    MP_CHECKOK(mp_copy(&tempx, rx));
+
+CLEANUP:
+    mp_clear(&lambda);
+    mp_clear(&tempx);
+    mp_clear(&tempy);
+    return res;
+}
+
+/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be
+ * identical. Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+                   const mp_int *qy, mp_int *rx, mp_int *ry,
+                   const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int nqy;
+
+    MP_DIGITS(&nqy) = 0;
+    MP_CHECKOK(mp_init(&nqy));
+    /* nqy = qx+qy */
+    MP_CHECKOK(group->meth->field_add(qx, qy, &nqy, group->meth));
+    MP_CHECKOK(group->point_add(px, py, qx, &nqy, rx, ry, group));
+CLEANUP:
+    mp_clear(&nqy);
+    return res;
+}
+
+/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
+ * affine coordinates. */
+mp_err
+ec_GF2m_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+                   mp_int *ry, const ECGroup *group)
+{
+    return group->point_add(px, py, px, py, rx, ry, group);
+}
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and
+ * R can be identical. Uses affine coordinates. */
+mp_err
+ec_GF2m_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py,
+                   mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int k, k3, qx, qy, sx, sy;
+    int b1, b3, i, l;
+
+    MP_DIGITS(&k) = 0;
+    MP_DIGITS(&k3) = 0;
+    MP_DIGITS(&qx) = 0;
+    MP_DIGITS(&qy) = 0;
+    MP_DIGITS(&sx) = 0;
+    MP_DIGITS(&sy) = 0;
+    MP_CHECKOK(mp_init(&k));
+    MP_CHECKOK(mp_init(&k3));
+    MP_CHECKOK(mp_init(&qx));
+    MP_CHECKOK(mp_init(&qy));
+    MP_CHECKOK(mp_init(&sx));
+    MP_CHECKOK(mp_init(&sy));
+
+    /* if n = 0 then r = inf */
+    if (mp_cmp_z(n) == 0) {
+        mp_zero(rx);
+        mp_zero(ry);
+        res = MP_OKAY;
+        goto CLEANUP;
+    }
+    /* Q = P, k = n */
+    MP_CHECKOK(mp_copy(px, &qx));
+    MP_CHECKOK(mp_copy(py, &qy));
+    MP_CHECKOK(mp_copy(n, &k));
+    /* if n < 0 then Q = -Q, k = -k */
+    if (mp_cmp_z(n) < 0) {
+        MP_CHECKOK(group->meth->field_add(&qx, &qy, &qy, group->meth));
+        MP_CHECKOK(mp_neg(&k, &k));
+    }
+#ifdef ECL_DEBUG /* basic double and add method */
+    l = mpl_significant_bits(&k) - 1;
+    MP_CHECKOK(mp_copy(&qx, &sx));
+    MP_CHECKOK(mp_copy(&qy, &sy));
+    for (i = l - 1; i >= 0; i--) {
+        /* S = 2S */
+        MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+        /* if k_i = 1, then S = S + Q */
+        if (mpl_get_bit(&k, i) != 0) {
+            MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+        }
+    }
+#else /* double and add/subtract method from \
+               * standard */
+    /* k3 = 3 * k */
+    MP_CHECKOK(mp_set_int(&k3, 3));
+    MP_CHECKOK(mp_mul(&k, &k3, &k3));
+    /* S = Q */
+    MP_CHECKOK(mp_copy(&qx, &sx));
+    MP_CHECKOK(mp_copy(&qy, &sy));
+    /* l = index of high order bit in binary representation of 3*k */
+    l = mpl_significant_bits(&k3) - 1;
+    /* for i = l-1 downto 1 */
+    for (i = l - 1; i >= 1; i--) {
+        /* S = 2S */
+        MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+        b3 = MP_GET_BIT(&k3, i);
+        b1 = MP_GET_BIT(&k, i);
+        /* if k3_i = 1 and k_i = 0, then S = S + Q */
+        if ((b3 == 1) && (b1 == 0)) {
+            MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+            /* if k3_i = 0 and k_i = 1, then S = S - Q */
+        } else if ((b3 == 0) && (b1 == 1)) {
+            MP_CHECKOK(group->point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
+        }
+    }
+#endif
+    /* output S */
+    MP_CHECKOK(mp_copy(&sx, rx));
+    MP_CHECKOK(mp_copy(&sy, ry));
+
+CLEANUP:
+    mp_clear(&k);
+    mp_clear(&k3);
+    mp_clear(&qx);
+    mp_clear(&qy);
+    mp_clear(&sx);
+    mp_clear(&sy);
+    return res;
+}
+#endif
+
+/* Validates a point on a GF2m curve. */
+mp_err
+ec_GF2m_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
+{
+    mp_err res = MP_NO;
+    mp_int accl, accr, tmp, pxt, pyt;
+
+    MP_DIGITS(&accl) = 0;
+    MP_DIGITS(&accr) = 0;
+    MP_DIGITS(&tmp) = 0;
+    MP_DIGITS(&pxt) = 0;
+    MP_DIGITS(&pyt) = 0;
+    MP_CHECKOK(mp_init(&accl));
+    MP_CHECKOK(mp_init(&accr));
+    MP_CHECKOK(mp_init(&tmp));
+    MP_CHECKOK(mp_init(&pxt));
+    MP_CHECKOK(mp_init(&pyt));
+
+    /* 1: Verify that publicValue is not the point at infinity */
+    if (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    /* 2: Verify that the coordinates of publicValue are elements
+     *    of the field.
+     */
+    if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) ||
+        (MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    /* 3: Verify that publicValue is on the curve. */
+    if (group->meth->field_enc) {
+        group->meth->field_enc(px, &pxt, group->meth);
+        group->meth->field_enc(py, &pyt, group->meth);
+    } else {
+        mp_copy(px, &pxt);
+        mp_copy(py, &pyt);
+    }
+    /* left-hand side: y^2 + x*y  */
+    MP_CHECKOK(group->meth->field_sqr(&pyt, &accl, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&pxt, &pyt, &tmp, group->meth));
+    MP_CHECKOK(group->meth->field_add(&accl, &tmp, &accl, group->meth));
+    /* right-hand side: x^3 + a*x^2 + b */
+    MP_CHECKOK(group->meth->field_sqr(&pxt, &tmp, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&pxt, &tmp, &accr, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&group->curvea, &tmp, &tmp, group->meth));
+    MP_CHECKOK(group->meth->field_add(&tmp, &accr, &accr, group->meth));
+    MP_CHECKOK(group->meth->field_add(&accr, &group->curveb, &accr, group->meth));
+    /* check LHS - RHS == 0 */
+    MP_CHECKOK(group->meth->field_add(&accl, &accr, &accr, group->meth));
+    if (mp_cmp_z(&accr) != 0) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    /* 4: Verify that the order of the curve times the publicValue
+     *    is the point at infinity.
+     */
+    MP_CHECKOK(ECPoint_mul(group, &group->order, px, py, &pxt, &pyt));
+    if (ec_GF2m_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    res = MP_YES;
+
+CLEANUP:
+    mp_clear(&accl);
+    mp_clear(&accr);
+    mp_clear(&tmp);
+    mp_clear(&pxt);
+    mp_clear(&pyt);
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/ec2_mont.c b/nss/lib/freebl/ecl/ec2_mont.c
new file mode 100644
index 0000000..c5b9635
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec2_mont.c
@@ -0,0 +1,230 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ec2.h"
+#include "mplogic.h"
+#include "mp_gf2m.h"
+#include <stdlib.h>
+
+/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery
+ * projective coordinates. Uses algorithm Mdouble in appendix of Lopez, J.
+ * and Dahab, R.  "Fast multiplication on elliptic curves over GF(2^m)
+ * without precomputation". modified to not require precomputation of
+ * c=b^{2^{m-1}}. */
+static mp_err
+gf2m_Mdouble(mp_int *x, mp_int *z, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int t1;
+
+    MP_DIGITS(&t1) = 0;
+    MP_CHECKOK(mp_init(&t1));
+
+    MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(z, &t1, group->meth));
+    MP_CHECKOK(group->meth->field_mul(x, &t1, z, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(x, x, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&group->curveb, &t1, &t1, group->meth));
+    MP_CHECKOK(group->meth->field_add(x, &t1, x, group->meth));
+
+CLEANUP:
+    mp_clear(&t1);
+    return res;
+}
+
+/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in
+ * Montgomery projective coordinates. Uses algorithm Madd in appendix of
+ * Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation". */
+static mp_err
+gf2m_Madd(const mp_int *x, mp_int *x1, mp_int *z1, mp_int *x2, mp_int *z2,
+          const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int t1, t2;
+
+    MP_DIGITS(&t1) = 0;
+    MP_DIGITS(&t2) = 0;
+    MP_CHECKOK(mp_init(&t1));
+    MP_CHECKOK(mp_init(&t2));
+
+    MP_CHECKOK(mp_copy(x, &t1));
+    MP_CHECKOK(group->meth->field_mul(x1, z2, x1, group->meth));
+    MP_CHECKOK(group->meth->field_mul(z1, x2, z1, group->meth));
+    MP_CHECKOK(group->meth->field_mul(x1, z1, &t2, group->meth));
+    MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(z1, z1, group->meth));
+    MP_CHECKOK(group->meth->field_mul(z1, &t1, x1, group->meth));
+    MP_CHECKOK(group->meth->field_add(x1, &t2, x1, group->meth));
+
+CLEANUP:
+    mp_clear(&t1);
+    mp_clear(&t2);
+    return res;
+}
+
+/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
+ * using Montgomery point multiplication algorithm Mxy() in appendix of
+ * Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation". Returns: 0 on error 1 if return value
+ * should be the point at infinity 2 otherwise */
+static int
+gf2m_Mxy(const mp_int *x, const mp_int *y, mp_int *x1, mp_int *z1,
+         mp_int *x2, mp_int *z2, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    int ret = 0;
+    mp_int t3, t4, t5;
+
+    MP_DIGITS(&t3) = 0;
+    MP_DIGITS(&t4) = 0;
+    MP_DIGITS(&t5) = 0;
+    MP_CHECKOK(mp_init(&t3));
+    MP_CHECKOK(mp_init(&t4));
+    MP_CHECKOK(mp_init(&t5));
+
+    if (mp_cmp_z(z1) == 0) {
+        mp_zero(x2);
+        mp_zero(z2);
+        ret = 1;
+        goto CLEANUP;
+    }
+
+    if (mp_cmp_z(z2) == 0) {
+        MP_CHECKOK(mp_copy(x, x2));
+        MP_CHECKOK(group->meth->field_add(x, y, z2, group->meth));
+        ret = 2;
+        goto CLEANUP;
+    }
+
+    MP_CHECKOK(mp_set_int(&t5, 1));
+    if (group->meth->field_enc) {
+        MP_CHECKOK(group->meth->field_enc(&t5, &t5, group->meth));
+    }
+
+    MP_CHECKOK(group->meth->field_mul(z1, z2, &t3, group->meth));
+
+    MP_CHECKOK(group->meth->field_mul(z1, x, z1, group->meth));
+    MP_CHECKOK(group->meth->field_add(z1, x1, z1, group->meth));
+    MP_CHECKOK(group->meth->field_mul(z2, x, z2, group->meth));
+    MP_CHECKOK(group->meth->field_mul(z2, x1, x1, group->meth));
+    MP_CHECKOK(group->meth->field_add(z2, x2, z2, group->meth));
+
+    MP_CHECKOK(group->meth->field_mul(z2, z1, z2, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(x, &t4, group->meth));
+    MP_CHECKOK(group->meth->field_add(&t4, y, &t4, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&t4, &t3, &t4, group->meth));
+    MP_CHECKOK(group->meth->field_add(&t4, z2, &t4, group->meth));
+
+    MP_CHECKOK(group->meth->field_mul(&t3, x, &t3, group->meth));
+    MP_CHECKOK(group->meth->field_div(&t5, &t3, &t3, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&t3, &t4, &t4, group->meth));
+    MP_CHECKOK(group->meth->field_mul(x1, &t3, x2, group->meth));
+    MP_CHECKOK(group->meth->field_add(x2, x, z2, group->meth));
+
+    MP_CHECKOK(group->meth->field_mul(z2, &t4, z2, group->meth));
+    MP_CHECKOK(group->meth->field_add(z2, y, z2, group->meth));
+
+    ret = 2;
+
+CLEANUP:
+    mp_clear(&t3);
+    mp_clear(&t4);
+    mp_clear(&t5);
+    if (res == MP_OKAY) {
+        return ret;
+    } else {
+        return 0;
+    }
+}
+
+/* Computes R = nP based on algorithm 2P of Lopex, J. and Dahab, R.  "Fast
+ * multiplication on elliptic curves over GF(2^m) without
+ * precomputation". Elliptic curve points P and R can be identical. Uses
+ * Montgomery projective coordinates. */
+mp_err
+ec_GF2m_pt_mul_mont(const mp_int *n, const mp_int *px, const mp_int *py,
+                    mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int x1, x2, z1, z2;
+    int i, j;
+    mp_digit top_bit, mask;
+
+    MP_DIGITS(&x1) = 0;
+    MP_DIGITS(&x2) = 0;
+    MP_DIGITS(&z1) = 0;
+    MP_DIGITS(&z2) = 0;
+    MP_CHECKOK(mp_init(&x1));
+    MP_CHECKOK(mp_init(&x2));
+    MP_CHECKOK(mp_init(&z1));
+    MP_CHECKOK(mp_init(&z2));
+
+    /* if result should be point at infinity */
+    if ((mp_cmp_z(n) == 0) || (ec_GF2m_pt_is_inf_aff(px, py) == MP_YES)) {
+        MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+        goto CLEANUP;
+    }
+
+    MP_CHECKOK(mp_copy(px, &x1));                              /* x1 = px */
+    MP_CHECKOK(mp_set_int(&z1, 1));                            /* z1 = 1 */
+    MP_CHECKOK(group->meth->field_sqr(&x1, &z2, group->meth)); /* z2 = x1^2 = px^2 */
+    MP_CHECKOK(group->meth->field_sqr(&z2, &x2, group->meth));
+    MP_CHECKOK(group->meth->field_add(&x2, &group->curveb, &x2, group->meth)); /* x2 = px^4 + b */
+
+    /* find top-most bit and go one past it */
+    i = MP_USED(n) - 1;
+    j = MP_DIGIT_BIT - 1;
+    top_bit = 1;
+    top_bit <<= MP_DIGIT_BIT - 1;
+    mask = top_bit;
+    while (!(MP_DIGITS(n)[i] & mask)) {
+        mask >>= 1;
+        j--;
+    }
+    mask >>= 1;
+    j--;
+
+    /* if top most bit was at word break, go to next word */
+    if (!mask) {
+        i--;
+        j = MP_DIGIT_BIT - 1;
+        mask = top_bit;
+    }
+
+    for (; i >= 0; i--) {
+        for (; j >= 0; j--) {
+            if (MP_DIGITS(n)[i] & mask) {
+                MP_CHECKOK(gf2m_Madd(px, &x1, &z1, &x2, &z2, group));
+                MP_CHECKOK(gf2m_Mdouble(&x2, &z2, group));
+            } else {
+                MP_CHECKOK(gf2m_Madd(px, &x2, &z2, &x1, &z1, group));
+                MP_CHECKOK(gf2m_Mdouble(&x1, &z1, group));
+            }
+            mask >>= 1;
+        }
+        j = MP_DIGIT_BIT - 1;
+        mask = top_bit;
+    }
+
+    /* convert out of "projective" coordinates */
+    i = gf2m_Mxy(px, py, &x1, &z1, &x2, &z2, group);
+    if (i == 0) {
+        res = MP_BADARG;
+        goto CLEANUP;
+    } else if (i == 1) {
+        MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+    } else {
+        MP_CHECKOK(mp_copy(&x2, rx));
+        MP_CHECKOK(mp_copy(&z2, ry));
+    }
+
+CLEANUP:
+    mp_clear(&x1);
+    mp_clear(&x2);
+    mp_clear(&z1);
+    mp_clear(&z2);
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/ec2_proj.c b/nss/lib/freebl/ecl/ec2_proj.c
new file mode 100644
index 0000000..3edf7a3
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec2_proj.c
@@ -0,0 +1,328 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ec2.h"
+#include "mplogic.h"
+#include "mp_gf2m.h"
+#include <stdlib.h>
+#ifdef ECL_DEBUG
+#include <assert.h>
+#endif
+
+/* by default, these routines are unused and thus don't need to be compiled */
+#ifdef ECL_ENABLE_GF2M_PROJ
+/* Converts a point P(px, py) from affine coordinates to projective
+ * coordinates R(rx, ry, rz). Assumes input is already field-encoded using
+ * field_enc, and returns output that is still field-encoded. */
+mp_err
+ec_GF2m_pt_aff2proj(const mp_int *px, const mp_int *py, mp_int *rx,
+                    mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_copy(px, rx));
+    MP_CHECKOK(mp_copy(py, ry));
+    MP_CHECKOK(mp_set_int(rz, 1));
+    if (group->meth->field_enc) {
+        MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
+    }
+CLEANUP:
+    return res;
+}
+
+/* Converts a point P(px, py, pz) from projective coordinates to affine
+ * coordinates R(rx, ry).  P and R can share x and y coordinates. Assumes
+ * input is already field-encoded using field_enc, and returns output that
+ * is still field-encoded. */
+mp_err
+ec_GF2m_pt_proj2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+                    mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int z1, z2;
+
+    MP_DIGITS(&z1) = 0;
+    MP_DIGITS(&z2) = 0;
+    MP_CHECKOK(mp_init(&z1));
+    MP_CHECKOK(mp_init(&z2));
+
+    /* if point at infinity, then set point at infinity and exit */
+    if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+        MP_CHECKOK(ec_GF2m_pt_set_inf_aff(rx, ry));
+        goto CLEANUP;
+    }
+
+    /* transform (px, py, pz) into (px / pz, py / pz^2) */
+    if (mp_cmp_d(pz, 1) == 0) {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+    } else {
+        MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
+        MP_CHECKOK(group->meth->field_mul(px, &z1, rx, group->meth));
+        MP_CHECKOK(group->meth->field_mul(py, &z2, ry, group->meth));
+    }
+
+CLEANUP:
+    mp_clear(&z1);
+    mp_clear(&z2);
+    return res;
+}
+
+/* Checks if point P(px, py, pz) is at infinity. Uses projective
+ * coordinates. */
+mp_err
+ec_GF2m_pt_is_inf_proj(const mp_int *px, const mp_int *py,
+                       const mp_int *pz)
+{
+    return mp_cmp_z(pz);
+}
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses projective
+ * coordinates. */
+mp_err
+ec_GF2m_pt_set_inf_proj(mp_int *px, mp_int *py, mp_int *pz)
+{
+    mp_zero(pz);
+    return MP_OKAY;
+}
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, 1).  Elliptic curve points P, Q, and R can all be identical.
+ * Uses mixed projective-affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. Uses equation (3) from Hankerson, Hernandez, Menezes.
+ * Software Implementation of Elliptic Curve Cryptography Over Binary
+ * Fields. */
+mp_err
+ec_GF2m_pt_add_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
+                    const mp_int *qx, const mp_int *qy, mp_int *rx,
+                    mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int A, B, C, D, E, F, G;
+
+    /* If either P or Q is the point at infinity, then return the other
+     * point */
+    if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+        return ec_GF2m_pt_aff2proj(qx, qy, rx, ry, rz, group);
+    }
+    if (ec_GF2m_pt_is_inf_aff(qx, qy) == MP_YES) {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+        return mp_copy(pz, rz);
+    }
+
+    MP_DIGITS(&A) = 0;
+    MP_DIGITS(&B) = 0;
+    MP_DIGITS(&C) = 0;
+    MP_DIGITS(&D) = 0;
+    MP_DIGITS(&E) = 0;
+    MP_DIGITS(&F) = 0;
+    MP_DIGITS(&G) = 0;
+    MP_CHECKOK(mp_init(&A));
+    MP_CHECKOK(mp_init(&B));
+    MP_CHECKOK(mp_init(&C));
+    MP_CHECKOK(mp_init(&D));
+    MP_CHECKOK(mp_init(&E));
+    MP_CHECKOK(mp_init(&F));
+    MP_CHECKOK(mp_init(&G));
+
+    /* D = pz^2 */
+    MP_CHECKOK(group->meth->field_sqr(pz, &D, group->meth));
+
+    /* A = qy * pz^2 + py */
+    MP_CHECKOK(group->meth->field_mul(qy, &D, &A, group->meth));
+    MP_CHECKOK(group->meth->field_add(&A, py, &A, group->meth));
+
+    /* B = qx * pz + px */
+    MP_CHECKOK(group->meth->field_mul(qx, pz, &B, group->meth));
+    MP_CHECKOK(group->meth->field_add(&B, px, &B, group->meth));
+
+    /* C = pz * B */
+    MP_CHECKOK(group->meth->field_mul(pz, &B, &C, group->meth));
+
+    /* D = B^2 * (C + a * pz^2) (using E as a temporary variable) */
+    MP_CHECKOK(group->meth->field_mul(&group->curvea, &D, &D, group->meth));
+    MP_CHECKOK(group->meth->field_add(&C, &D, &D, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(&B, &E, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&E, &D, &D, group->meth));
+
+    /* rz = C^2 */
+    MP_CHECKOK(group->meth->field_sqr(&C, rz, group->meth));
+
+    /* E = A * C */
+    MP_CHECKOK(group->meth->field_mul(&A, &C, &E, group->meth));
+
+    /* rx = A^2 + D + E */
+    MP_CHECKOK(group->meth->field_sqr(&A, rx, group->meth));
+    MP_CHECKOK(group->meth->field_add(rx, &D, rx, group->meth));
+    MP_CHECKOK(group->meth->field_add(rx, &E, rx, group->meth));
+
+    /* F = rx + qx * rz */
+    MP_CHECKOK(group->meth->field_mul(qx, rz, &F, group->meth));
+    MP_CHECKOK(group->meth->field_add(rx, &F, &F, group->meth));
+
+    /* G = rx + qy * rz */
+    MP_CHECKOK(group->meth->field_mul(qy, rz, &G, group->meth));
+    MP_CHECKOK(group->meth->field_add(rx, &G, &G, group->meth));
+
+    /* ry = E * F + rz * G (using G as a temporary variable) */
+    MP_CHECKOK(group->meth->field_mul(rz, &G, &G, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&E, &F, ry, group->meth));
+    MP_CHECKOK(group->meth->field_add(ry, &G, ry, group->meth));
+
+CLEANUP:
+    mp_clear(&A);
+    mp_clear(&B);
+    mp_clear(&C);
+    mp_clear(&D);
+    mp_clear(&E);
+    mp_clear(&F);
+    mp_clear(&G);
+    return res;
+}
+
+/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses
+ * projective coordinates.
+ *
+ * Assumes input is already field-encoded using field_enc, and returns
+ * output that is still field-encoded.
+ *
+ * Uses equation (3) from Hankerson, Hernandez, Menezes. Software
+ * Implementation of Elliptic Curve Cryptography Over Binary Fields.
+ */
+mp_err
+ec_GF2m_pt_dbl_proj(const mp_int *px, const mp_int *py, const mp_int *pz,
+                    mp_int *rx, mp_int *ry, mp_int *rz,
+                    const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int t0, t1;
+
+    if (ec_GF2m_pt_is_inf_proj(px, py, pz) == MP_YES) {
+        return ec_GF2m_pt_set_inf_proj(rx, ry, rz);
+    }
+
+    MP_DIGITS(&t0) = 0;
+    MP_DIGITS(&t1) = 0;
+    MP_CHECKOK(mp_init(&t0));
+    MP_CHECKOK(mp_init(&t1));
+
+    /* t0 = px^2 */
+    /* t1 = pz^2 */
+    MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(pz, &t1, group->meth));
+
+    /* rz = px^2 * pz^2 */
+    MP_CHECKOK(group->meth->field_mul(&t0, &t1, rz, group->meth));
+
+    /* t0 = px^4 */
+    /* t1 = b * pz^4 */
+    MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(&t1, &t1, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&group->curveb, &t1, &t1, group->meth));
+
+    /* rx = px^4 + b * pz^4 */
+    MP_CHECKOK(group->meth->field_add(&t0, &t1, rx, group->meth));
+
+    /* ry = b * pz^4 * rz + rx * (a * rz + py^2 + b * pz^4) */
+    MP_CHECKOK(group->meth->field_sqr(py, ry, group->meth));
+    MP_CHECKOK(group->meth->field_add(ry, &t1, ry, group->meth));
+    /* t0 = a * rz */
+    MP_CHECKOK(group->meth->field_mul(&group->curvea, rz, &t0, group->meth));
+    MP_CHECKOK(group->meth->field_add(&t0, ry, ry, group->meth));
+    MP_CHECKOK(group->meth->field_mul(rx, ry, ry, group->meth));
+    /* t1 = b * pz^4 * rz */
+    MP_CHECKOK(group->meth->field_mul(&t1, rz, &t1, group->meth));
+    MP_CHECKOK(group->meth->field_add(&t1, ry, ry, group->meth));
+
+CLEANUP:
+    mp_clear(&t0);
+    mp_clear(&t1);
+    return res;
+}
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GF2m.  Elliptic curve points P and R can be
+ * identical.  Uses mixed projective-affine coordinates. Assumes input is
+ * already field-encoded using field_enc, and returns output that is still
+ * field-encoded. Uses 4-bit window method. */
+mp_err
+ec_GF2m_pt_mul_proj(const mp_int *n, const mp_int *px, const mp_int *py,
+                    mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int precomp[16][2], rz;
+    mp_digit precomp_arr[ECL_MAX_FIELD_SIZE_DIGITS * 16 * 2], *t;
+    int i, ni, d;
+
+    ARGCHK(group != NULL, MP_BADARG);
+    ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+    /* initialize precomputation table */
+    t = precomp_arr;
+    for (i = 0; i < 16; i++) {
+        /* x co-ord */
+        MP_SIGN(&precomp[i][0]) = MP_ZPOS;
+        MP_ALLOC(&precomp[i][0]) = ECL_MAX_FIELD_SIZE_DIGITS;
+        MP_USED(&precomp[i][0]) = 1;
+        *t = 0;
+        MP_DIGITS(&precomp[i][0]) = t;
+        t += ECL_MAX_FIELD_SIZE_DIGITS;
+        /* y co-ord */
+        MP_SIGN(&precomp[i][1]) = MP_ZPOS;
+        MP_ALLOC(&precomp[i][1]) = ECL_MAX_FIELD_SIZE_DIGITS;
+        MP_USED(&precomp[i][1]) = 1;
+        *t = 0;
+        MP_DIGITS(&precomp[i][1]) = t;
+        t += ECL_MAX_FIELD_SIZE_DIGITS;
+    }
+
+    /* fill precomputation table */
+    mp_zero(&precomp[0][0]);
+    mp_zero(&precomp[0][1]);
+    MP_CHECKOK(mp_copy(px, &precomp[1][0]));
+    MP_CHECKOK(mp_copy(py, &precomp[1][1]));
+    for (i = 2; i < 16; i++) {
+        MP_CHECKOK(group->point_add(&precomp[1][0], &precomp[1][1],
+                                    &precomp[i - 1][0], &precomp[i - 1][1],
+                                    &precomp[i][0], &precomp[i][1], group));
+    }
+
+    d = (mpl_significant_bits(n) + 3) / 4;
+
+    /* R = inf */
+    MP_DIGITS(&rz) = 0;
+    MP_CHECKOK(mp_init(&rz));
+    MP_CHECKOK(ec_GF2m_pt_set_inf_proj(rx, ry, &rz));
+
+    for (i = d - 1; i >= 0; i--) {
+        /* compute window ni */
+        ni = MP_GET_BIT(n, 4 * i + 3);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i + 2);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i + 1);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i);
+        /* R = 2^4 * R */
+        MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+        MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+        MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+        MP_CHECKOK(ec_GF2m_pt_dbl_proj(rx, ry, &rz, rx, ry, &rz, group));
+        /* R = R + (ni * P) */
+        MP_CHECKOK(ec_GF2m_pt_add_proj(rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
+                                       &rz, group));
+    }
+
+    /* convert result S to affine coordinates */
+    MP_CHECKOK(ec_GF2m_pt_proj2aff(rx, ry, &rz, rx, ry, group));
+
+CLEANUP:
+    mp_clear(&rz);
+    return res;
+}
+#endif
diff --git a/nss/lib/freebl/ecl/ec_naf.c b/nss/lib/freebl/ecl/ec_naf.c
new file mode 100644
index 0000000..cad08cb
--- /dev/null
+++ b/nss/lib/freebl/ecl/ec_naf.c
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecl-priv.h"
+
+/* Returns 2^e as an integer. This is meant to be used for small powers of
+ * two. */
+int
+ec_twoTo(int e)
+{
+    int a = 1;
+    int i;
+
+    for (i = 0; i < e; i++) {
+        a *= 2;
+    }
+    return a;
+}
+
+/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
+ * be an array of signed char's to output to, bitsize should be the number
+ * of bits of out, in is the original scalar, and w is the window size.
+ * NAF is discussed in the paper: D. Hankerson, J. Hernandez and A.
+ * Menezes, "Software implementation of elliptic curve cryptography over
+ * binary fields", Proc. CHES 2000. */
+mp_err
+ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in, int w)
+{
+    mp_int k;
+    mp_err res = MP_OKAY;
+    int i, twowm1, mask;
+
+    twowm1 = ec_twoTo(w - 1);
+    mask = 2 * twowm1 - 1;
+
+    MP_DIGITS(&k) = 0;
+    MP_CHECKOK(mp_init_copy(&k, in));
+
+    i = 0;
+    /* Compute wNAF form */
+    while (mp_cmp_z(&k) > 0) {
+        if (mp_isodd(&k)) {
+            out[i] = MP_DIGIT(&k, 0) & mask;
+            if (out[i] >= twowm1)
+                out[i] -= 2 * twowm1;
+
+            /* Subtract off out[i].  Note mp_sub_d only works with
+             * unsigned digits */
+            if (out[i] >= 0) {
+                MP_CHECKOK(mp_sub_d(&k, out[i], &k));
+            } else {
+                MP_CHECKOK(mp_add_d(&k, -(out[i]), &k));
+            }
+        } else {
+            out[i] = 0;
+        }
+        MP_CHECKOK(mp_div_2(&k, &k));
+        i++;
+    }
+    /* Zero out the remaining elements of the out array. */
+    for (; i < bitsize + 1; i++) {
+        out[i] = 0;
+    }
+CLEANUP:
+    mp_clear(&k);
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/ecl-curve.h b/nss/lib/freebl/ecl/ecl-curve.h
new file mode 100644
index 0000000..df06139
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl-curve.h
@@ -0,0 +1,123 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecl-exp.h"
+#include <stdlib.h>
+
+#ifndef __ecl_curve_h_
+#define __ecl_curve_h_
+
+/* copied from certt.h */
+#define KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
+#define KU_KEY_AGREEMENT (0x08)     /* bit 4 */
+
+static const ECCurveParams ecCurve_NIST_P256 = {
+    "NIST-P256", ECField_GFp, 256,
+    "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+    "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+    "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+    "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+    "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
+    "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+    1, 128, 65, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT
+};
+
+static const ECCurveParams ecCurve_NIST_P384 = {
+    "NIST-P384", ECField_GFp, 384,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
+    "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+    "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+    "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+    1, 192, 97, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT
+};
+
+static const ECCurveParams ecCurve_NIST_P521 = {
+    "NIST-P521", ECField_GFp, 521,
+    "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+    "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+    "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+    "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+    "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
+    "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+    1, 256, 133, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT
+};
+
+static const ECCurveParams ecCurve25519 = {
+    "Curve25519", ECField_GFp, 255,
+    "7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed",
+    "076D06",
+    "00",
+    "0900000000000000000000000000000000000000000000000000000000000000",
+    "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9",
+    "1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed",
+    8, 128, 32, KU_KEY_AGREEMENT
+};
+
+/* mapping between ECCurveName enum and pointers to ECCurveParams */
+static const ECCurveParams *ecCurve_map[] = {
+    NULL,               /* ECCurve_noName */
+    NULL,               /* ECCurve_NIST_P192 */
+    NULL,               /* ECCurve_NIST_P224 */
+    &ecCurve_NIST_P256, /* ECCurve_NIST_P256 */
+    &ecCurve_NIST_P384, /* ECCurve_NIST_P384 */
+    &ecCurve_NIST_P521, /* ECCurve_NIST_P521 */
+    NULL,               /* ECCurve_NIST_K163 */
+    NULL,               /* ECCurve_NIST_B163 */
+    NULL,               /* ECCurve_NIST_K233 */
+    NULL,               /* ECCurve_NIST_B233 */
+    NULL,               /* ECCurve_NIST_K283 */
+    NULL,               /* ECCurve_NIST_B283 */
+    NULL,               /* ECCurve_NIST_K409 */
+    NULL,               /* ECCurve_NIST_B409 */
+    NULL,               /* ECCurve_NIST_K571 */
+    NULL,               /* ECCurve_NIST_B571 */
+    NULL,               /* ECCurve_X9_62_PRIME_192V2 */
+    NULL,               /* ECCurve_X9_62_PRIME_192V3 */
+    NULL,               /* ECCurve_X9_62_PRIME_239V1 */
+    NULL,               /* ECCurve_X9_62_PRIME_239V2 */
+    NULL,               /* ECCurve_X9_62_PRIME_239V3 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB163V1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB163V2 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB163V3 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB176V1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB191V1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB191V2 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB191V3 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB208W1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB239V1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB239V2 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB239V3 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB272W1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB304W1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB359V1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_PNB368W1 */
+    NULL,               /* ECCurve_X9_62_CHAR2_TNB431R1 */
+    NULL,               /* ECCurve_SECG_PRIME_112R1 */
+    NULL,               /* ECCurve_SECG_PRIME_112R2 */
+    NULL,               /* ECCurve_SECG_PRIME_128R1 */
+    NULL,               /* ECCurve_SECG_PRIME_128R2 */
+    NULL,               /* ECCurve_SECG_PRIME_160K1 */
+    NULL,               /* ECCurve_SECG_PRIME_160R1 */
+    NULL,               /* ECCurve_SECG_PRIME_160R2 */
+    NULL,               /* ECCurve_SECG_PRIME_192K1 */
+    NULL,               /* ECCurve_SECG_PRIME_224K1 */
+    NULL,               /* ECCurve_SECG_PRIME_256K1 */
+    NULL,               /* ECCurve_SECG_CHAR2_113R1 */
+    NULL,               /* ECCurve_SECG_CHAR2_113R2 */
+    NULL,               /* ECCurve_SECG_CHAR2_131R1 */
+    NULL,               /* ECCurve_SECG_CHAR2_131R2 */
+    NULL,               /* ECCurve_SECG_CHAR2_163R1 */
+    NULL,               /* ECCurve_SECG_CHAR2_193R1 */
+    NULL,               /* ECCurve_SECG_CHAR2_193R2 */
+    NULL,               /* ECCurve_SECG_CHAR2_239K1 */
+    NULL,               /* ECCurve_WTLS_1 */
+    NULL,               /* ECCurve_WTLS_8 */
+    NULL,               /* ECCurve_WTLS_9 */
+    &ecCurve25519,      /* ECCurve25519 */
+    NULL                /* ECCurve_pastLastCurve */
+};
+
+#endif
diff --git a/nss/lib/freebl/ecl/ecl-exp.h b/nss/lib/freebl/ecl/ecl-exp.h
new file mode 100644
index 0000000..44adb8a
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl-exp.h
@@ -0,0 +1,167 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ecl_exp_h_
+#define __ecl_exp_h_
+
+/* Curve field type */
+typedef enum {
+    ECField_GFp,
+    ECField_GF2m
+} ECField;
+
+/* Hexadecimal encoding of curve parameters */
+struct ECCurveParamsStr {
+    char *text;
+    ECField field;
+    unsigned int size;
+    char *irr;
+    char *curvea;
+    char *curveb;
+    char *genx;
+    char *geny;
+    char *order;
+    int cofactor;
+    int security;
+    int pointSize;
+    unsigned int usage;
+};
+typedef struct ECCurveParamsStr ECCurveParams;
+
+/* Named curve parameters */
+typedef enum {
+
+    ECCurve_noName = 0,
+
+    /* NIST prime curves */
+    ECCurve_NIST_P192, /* not supported */
+    ECCurve_NIST_P224, /* not supported */
+    ECCurve_NIST_P256,
+    ECCurve_NIST_P384,
+    ECCurve_NIST_P521,
+
+    /* NIST binary curves */
+    ECCurve_NIST_K163, /* not supported */
+    ECCurve_NIST_B163, /* not supported */
+    ECCurve_NIST_K233, /* not supported */
+    ECCurve_NIST_B233, /* not supported */
+    ECCurve_NIST_K283, /* not supported */
+    ECCurve_NIST_B283, /* not supported */
+    ECCurve_NIST_K409, /* not supported */
+    ECCurve_NIST_B409, /* not supported */
+    ECCurve_NIST_K571, /* not supported */
+    ECCurve_NIST_B571, /* not supported */
+
+    /* ANSI X9.62 prime curves */
+    /* ECCurve_X9_62_PRIME_192V1 == ECCurve_NIST_P192 */
+    ECCurve_X9_62_PRIME_192V2, /* not supported */
+    ECCurve_X9_62_PRIME_192V3, /* not supported */
+    ECCurve_X9_62_PRIME_239V1, /* not supported */
+    ECCurve_X9_62_PRIME_239V2, /* not supported */
+    ECCurve_X9_62_PRIME_239V3, /* not supported */
+    /* ECCurve_X9_62_PRIME_256V1 == ECCurve_NIST_P256 */
+
+    /* ANSI X9.62 binary curves */
+    ECCurve_X9_62_CHAR2_PNB163V1, /* not supported */
+    ECCurve_X9_62_CHAR2_PNB163V2, /* not supported */
+    ECCurve_X9_62_CHAR2_PNB163V3, /* not supported */
+    ECCurve_X9_62_CHAR2_PNB176V1, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB191V1, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB191V2, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB191V3, /* not supported */
+    ECCurve_X9_62_CHAR2_PNB208W1, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB239V1, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB239V2, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB239V3, /* not supported */
+    ECCurve_X9_62_CHAR2_PNB272W1, /* not supported */
+    ECCurve_X9_62_CHAR2_PNB304W1, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB359V1, /* not supported */
+    ECCurve_X9_62_CHAR2_PNB368W1, /* not supported */
+    ECCurve_X9_62_CHAR2_TNB431R1, /* not supported */
+
+    /* SEC2 prime curves */
+    ECCurve_SECG_PRIME_112R1, /* not supported */
+    ECCurve_SECG_PRIME_112R2, /* not supported */
+    ECCurve_SECG_PRIME_128R1, /* not supported */
+    ECCurve_SECG_PRIME_128R2, /* not supported */
+    ECCurve_SECG_PRIME_160K1, /* not supported */
+    ECCurve_SECG_PRIME_160R1, /* not supported */
+    ECCurve_SECG_PRIME_160R2, /* not supported */
+    ECCurve_SECG_PRIME_192K1, /* not supported */
+    /* ECCurve_SECG_PRIME_192R1 == ECCurve_NIST_P192 */
+    ECCurve_SECG_PRIME_224K1, /* not supported */
+    /* ECCurve_SECG_PRIME_224R1 == ECCurve_NIST_P224 */
+    ECCurve_SECG_PRIME_256K1, /* not supported */
+    /* ECCurve_SECG_PRIME_256R1 == ECCurve_NIST_P256 */
+    /* ECCurve_SECG_PRIME_384R1 == ECCurve_NIST_P384 */
+    /* ECCurve_SECG_PRIME_521R1 == ECCurve_NIST_P521 */
+
+    /* SEC2 binary curves */
+    ECCurve_SECG_CHAR2_113R1, /* not supported */
+    ECCurve_SECG_CHAR2_113R2, /* not supported */
+    ECCurve_SECG_CHAR2_131R1, /* not supported */
+    ECCurve_SECG_CHAR2_131R2, /* not supported */
+    /* ECCurve_SECG_CHAR2_163K1 == ECCurve_NIST_K163 */
+    ECCurve_SECG_CHAR2_163R1, /* not supported */
+    /* ECCurve_SECG_CHAR2_163R2 == ECCurve_NIST_B163 */
+    ECCurve_SECG_CHAR2_193R1, /* not supported */
+    ECCurve_SECG_CHAR2_193R2, /* not supported */
+    /* ECCurve_SECG_CHAR2_233K1 == ECCurve_NIST_K233 */
+    /* ECCurve_SECG_CHAR2_233R1 == ECCurve_NIST_B233 */
+    ECCurve_SECG_CHAR2_239K1, /* not supported */
+    /* ECCurve_SECG_CHAR2_283K1 == ECCurve_NIST_K283 */
+    /* ECCurve_SECG_CHAR2_283R1 == ECCurve_NIST_B283 */
+    /* ECCurve_SECG_CHAR2_409K1 == ECCurve_NIST_K409 */
+    /* ECCurve_SECG_CHAR2_409R1 == ECCurve_NIST_B409 */
+    /* ECCurve_SECG_CHAR2_571K1 == ECCurve_NIST_K571 */
+    /* ECCurve_SECG_CHAR2_571R1 == ECCurve_NIST_B571 */
+
+    /* WTLS curves */
+    ECCurve_WTLS_1, /* not supported */
+    /* there is no WTLS 2 curve */
+    /* ECCurve_WTLS_3 == ECCurve_NIST_K163 */
+    /* ECCurve_WTLS_4 == ECCurve_SECG_CHAR2_113R1 */
+    /* ECCurve_WTLS_5 == ECCurve_X9_62_CHAR2_PNB163V1 */
+    /* ECCurve_WTLS_6 == ECCurve_SECG_PRIME_112R1 */
+    /* ECCurve_WTLS_7 == ECCurve_SECG_PRIME_160R1 */
+    ECCurve_WTLS_8, /* not supported */
+    ECCurve_WTLS_9, /* not supported */
+    /* ECCurve_WTLS_10 == ECCurve_NIST_K233 */
+    /* ECCurve_WTLS_11 == ECCurve_NIST_B233 */
+    /* ECCurve_WTLS_12 == ECCurve_NIST_P224 */
+
+    ECCurve25519,
+
+    ECCurve_pastLastCurve
+} ECCurveName;
+
+/* Aliased named curves */
+
+#define ECCurve_X9_62_PRIME_192V1 ECCurve_NIST_P192 /* not supported */
+#define ECCurve_X9_62_PRIME_256V1 ECCurve_NIST_P256
+#define ECCurve_SECG_PRIME_192R1 ECCurve_NIST_P192 /* not supported */
+#define ECCurve_SECG_PRIME_224R1 ECCurve_NIST_P224 /* not supported */
+#define ECCurve_SECG_PRIME_256R1 ECCurve_NIST_P256
+#define ECCurve_SECG_PRIME_384R1 ECCurve_NIST_P384
+#define ECCurve_SECG_PRIME_521R1 ECCurve_NIST_P521
+#define ECCurve_SECG_CHAR2_163K1 ECCurve_NIST_K163  /* not supported */
+#define ECCurve_SECG_CHAR2_163R2 ECCurve_NIST_B163  /* not supported */
+#define ECCurve_SECG_CHAR2_233K1 ECCurve_NIST_K233  /* not supported */
+#define ECCurve_SECG_CHAR2_233R1 ECCurve_NIST_B233  /* not supported */
+#define ECCurve_SECG_CHAR2_283K1 ECCurve_NIST_K283  /* not supported */
+#define ECCurve_SECG_CHAR2_283R1 ECCurve_NIST_B283  /* not supported */
+#define ECCurve_SECG_CHAR2_409K1 ECCurve_NIST_K409  /* not supported */
+#define ECCurve_SECG_CHAR2_409R1 ECCurve_NIST_B409  /* not supported */
+#define ECCurve_SECG_CHAR2_571K1 ECCurve_NIST_K571  /* not supported */
+#define ECCurve_SECG_CHAR2_571R1 ECCurve_NIST_B571  /* not supported */
+#define ECCurve_WTLS_3 ECCurve_NIST_K163            /* not supported */
+#define ECCurve_WTLS_4 ECCurve_SECG_CHAR2_113R1     /* not supported */
+#define ECCurve_WTLS_5 ECCurve_X9_62_CHAR2_PNB163V1 /* not supported */
+#define ECCurve_WTLS_6 ECCurve_SECG_PRIME_112R1     /* not supported */
+#define ECCurve_WTLS_7 ECCurve_SECG_PRIME_160R1     /* not supported */
+#define ECCurve_WTLS_10 ECCurve_NIST_K233           /* not supported */
+#define ECCurve_WTLS_11 ECCurve_NIST_B233           /* not supported */
+#define ECCurve_WTLS_12 ECCurve_NIST_P224           /* not supported */
+
+#endif /* __ecl_exp_h_ */
diff --git a/nss/lib/freebl/ecl/ecl-priv.h b/nss/lib/freebl/ecl/ecl-priv.h
new file mode 100644
index 0000000..f43f193
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl-priv.h
@@ -0,0 +1,257 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ecl_priv_h_
+#define __ecl_priv_h_
+
+#include "ecl.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "../blapii.h"
+
+/* MAX_FIELD_SIZE_DIGITS is the maximum size of field element supported */
+/* the following needs to go away... */
+#if defined(MP_USE_LONG_LONG_DIGIT) || defined(MP_USE_LONG_DIGIT)
+#define ECL_SIXTY_FOUR_BIT
+#else
+#define ECL_THIRTY_TWO_BIT
+#endif
+
+#define ECL_CURVE_DIGITS(curve_size_in_bits) \
+    (((curve_size_in_bits) + (sizeof(mp_digit) * 8 - 1)) / (sizeof(mp_digit) * 8))
+#define ECL_BITS (sizeof(mp_digit) * 8)
+#define ECL_MAX_FIELD_SIZE_DIGITS (80 / sizeof(mp_digit))
+
+/* Gets the i'th bit in the binary representation of a. If i >= length(a),
+ * then return 0. (The above behaviour differs from mpl_get_bit, which
+ * causes an error if i >= length(a).) */
+#define MP_GET_BIT(a, i) \
+    ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
+
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+#define MP_ADD_CARRY(a1, a2, s, carry)      \
+    {                                       \
+        mp_word w;                          \
+        w = ((mp_word)carry) + (a1) + (a2); \
+        s = ACCUM(w);                       \
+        carry = CARRYOUT(w);                \
+    }
+
+#define MP_SUB_BORROW(a1, a2, s, borrow)   \
+    {                                      \
+        mp_word w;                         \
+        w = ((mp_word)(a1)) - (a2)-borrow; \
+        s = ACCUM(w);                      \
+        borrow = (w >> MP_DIGIT_BIT) & 1;  \
+    }
+
+#else
+/* NOTE,
+ * carry and borrow are both read and written.
+ * a1 or a2 and s could be the same variable.
+ * don't trash those outputs until their respective inputs have
+ * been read. */
+#define MP_ADD_CARRY(a1, a2, s, carry)           \
+    {                                            \
+        mp_digit tmp, sum;                       \
+        tmp = (a1);                              \
+        sum = tmp + (a2);                        \
+        tmp = (sum < tmp); /* detect overflow */ \
+        s = sum += carry;                        \
+        carry = tmp + (sum < carry);             \
+    }
+
+#define MP_SUB_BORROW(a1, a2, s, borrow)     \
+    {                                        \
+        mp_digit tmp;                        \
+        tmp = (a1);                          \
+        s = tmp - (a2);                      \
+        tmp = (s > tmp); /* detect borrow */ \
+        if (borrow && !s--)                  \
+            tmp++;                           \
+        borrow = tmp;                        \
+    }
+#endif
+
+struct GFMethodStr;
+typedef struct GFMethodStr GFMethod;
+struct GFMethodStr {
+    /* Indicates whether the structure was constructed from dynamic memory
+     * or statically created. */
+    int constructed;
+    /* Irreducible that defines the field. For prime fields, this is the
+     * prime p. For binary polynomial fields, this is the bitstring
+     * representation of the irreducible polynomial. */
+    mp_int irr;
+    /* For prime fields, the value irr_arr[0] is the number of bits in the
+     * field. For binary polynomial fields, the irreducible polynomial
+     * f(t) is represented as an array of unsigned int[], where f(t) is
+     * of the form: f(t) = t^p[0] + t^p[1] + ... + t^p[4] where m = p[0]
+     * > p[1] > ... > p[4] = 0. */
+    unsigned int irr_arr[5];
+    /* Field arithmetic methods. All methods (except field_enc and
+     * field_dec) are assumed to take field-encoded parameters and return
+     * field-encoded values. All methods (except field_enc and field_dec)
+     * are required to be implemented. */
+    mp_err (*field_add)(const mp_int *a, const mp_int *b, mp_int *r,
+                        const GFMethod *meth);
+    mp_err (*field_neg)(const mp_int *a, mp_int *r, const GFMethod *meth);
+    mp_err (*field_sub)(const mp_int *a, const mp_int *b, mp_int *r,
+                        const GFMethod *meth);
+    mp_err (*field_mod)(const mp_int *a, mp_int *r, const GFMethod *meth);
+    mp_err (*field_mul)(const mp_int *a, const mp_int *b, mp_int *r,
+                        const GFMethod *meth);
+    mp_err (*field_sqr)(const mp_int *a, mp_int *r, const GFMethod *meth);
+    mp_err (*field_div)(const mp_int *a, const mp_int *b, mp_int *r,
+                        const GFMethod *meth);
+    mp_err (*field_enc)(const mp_int *a, mp_int *r, const GFMethod *meth);
+    mp_err (*field_dec)(const mp_int *a, mp_int *r, const GFMethod *meth);
+    /* Extra storage for implementation-specific data.  Any memory
+     * allocated to these extra fields will be cleared by extra_free. */
+    void *extra1;
+    void *extra2;
+    void (*extra_free)(GFMethod *meth);
+};
+
+/* Construct generic GFMethods. */
+GFMethod *GFMethod_consGFp(const mp_int *irr);
+GFMethod *GFMethod_consGFp_mont(const mp_int *irr);
+
+/* Free the memory allocated (if any) to a GFMethod object. */
+void GFMethod_free(GFMethod *meth);
+
+struct ECGroupStr {
+    /* Indicates whether the structure was constructed from dynamic memory
+     * or statically created. */
+    int constructed;
+    /* Field definition and arithmetic. */
+    GFMethod *meth;
+    /* Textual representation of curve name, if any. */
+    char *text;
+    /* Curve parameters, field-encoded. */
+    mp_int curvea, curveb;
+    /* x and y coordinates of the base point, field-encoded. */
+    mp_int genx, geny;
+    /* Order and cofactor of the base point. */
+    mp_int order;
+    int cofactor;
+    /* Point arithmetic methods. All methods are assumed to take
+     * field-encoded parameters and return field-encoded values. All
+     * methods (except base_point_mul and points_mul) are required to be
+     * implemented. */
+    mp_err (*point_add)(const mp_int *px, const mp_int *py,
+                        const mp_int *qx, const mp_int *qy, mp_int *rx,
+                        mp_int *ry, const ECGroup *group);
+    mp_err (*point_sub)(const mp_int *px, const mp_int *py,
+                        const mp_int *qx, const mp_int *qy, mp_int *rx,
+                        mp_int *ry, const ECGroup *group);
+    mp_err (*point_dbl)(const mp_int *px, const mp_int *py, mp_int *rx,
+                        mp_int *ry, const ECGroup *group);
+    mp_err (*point_mul)(const mp_int *n, const mp_int *px,
+                        const mp_int *py, mp_int *rx, mp_int *ry,
+                        const ECGroup *group);
+    mp_err (*base_point_mul)(const mp_int *n, mp_int *rx, mp_int *ry,
+                             const ECGroup *group);
+    mp_err (*points_mul)(const mp_int *k1, const mp_int *k2,
+                         const mp_int *px, const mp_int *py, mp_int *rx,
+                         mp_int *ry, const ECGroup *group);
+    mp_err (*validate_point)(const mp_int *px, const mp_int *py, const ECGroup *group);
+    /* Extra storage for implementation-specific data.  Any memory
+     * allocated to these extra fields will be cleared by extra_free. */
+    void *extra1;
+    void *extra2;
+    void (*extra_free)(ECGroup *group);
+};
+
+/* Wrapper functions for generic prime field arithmetic. */
+mp_err ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r,
+                  const GFMethod *meth);
+mp_err ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r,
+                  const GFMethod *meth);
+
+/* fixed length in-line adds. Count is in words */
+mp_err ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+mp_err ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+mp_err ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+mp_err ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+mp_err ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+mp_err ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+mp_err ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+mp_err ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth);
+
+mp_err ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                  const GFMethod *meth);
+mp_err ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r,
+                  const GFMethod *meth);
+/* Wrapper functions for generic binary polynomial field arithmetic. */
+mp_err ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r,
+                   const GFMethod *meth);
+mp_err ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                   const GFMethod *meth);
+mp_err ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r,
+                   const GFMethod *meth);
+
+/* Montgomery prime field arithmetic. */
+mp_err ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r,
+                       const GFMethod *meth);
+mp_err ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r,
+                       const GFMethod *meth);
+mp_err ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
+mp_err ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth);
+void ec_GFp_extra_free_mont(GFMethod *meth);
+
+/* point multiplication */
+mp_err ec_pts_mul_basic(const mp_int *k1, const mp_int *k2,
+                        const mp_int *px, const mp_int *py, mp_int *rx,
+                        mp_int *ry, const ECGroup *group);
+mp_err ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2,
+                           const mp_int *px, const mp_int *py, mp_int *rx,
+                           mp_int *ry, const ECGroup *group);
+
+/* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
+ * be an array of signed char's to output to, bitsize should be the number
+ * of bits of out, in is the original scalar, and w is the window size.
+ * NAF is discussed in the paper: D. Hankerson, J. Hernandez and A.
+ * Menezes, "Software implementation of elliptic curve cryptography over
+ * binary fields", Proc. CHES 2000. */
+mp_err ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in,
+                       int w);
+
+/* Optimized field arithmetic */
+mp_err ec_group_set_gfp192(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp224(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp256(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp384(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gfp521(ECGroup *group, ECCurveName);
+mp_err ec_group_set_gf2m163(ECGroup *group, ECCurveName name);
+mp_err ec_group_set_gf2m193(ECGroup *group, ECCurveName name);
+mp_err ec_group_set_gf2m233(ECGroup *group, ECCurveName name);
+
+/* Optimized point multiplication */
+mp_err ec_group_set_gfp256_32(ECGroup *group, ECCurveName name);
+
+/* Optimized floating-point arithmetic */
+#ifdef ECL_USE_FP
+mp_err ec_group_set_secp160r1_fp(ECGroup *group);
+mp_err ec_group_set_nistp192_fp(ECGroup *group);
+mp_err ec_group_set_nistp224_fp(ECGroup *group);
+#endif
+
+SECStatus ec_Curve25519_mul(PRUint8 *q, const PRUint8 *s, const PRUint8 *p);
+#endif /* __ecl_priv_h_ */
diff --git a/nss/lib/freebl/ecl/ecl.c b/nss/lib/freebl/ecl/ecl.c
new file mode 100644
index 0000000..3540af7
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl.c
@@ -0,0 +1,301 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "ecl.h"
+#include "ecl-priv.h"
+#include "ecp.h"
+#include <stdlib.h>
+#include <string.h>
+
+/* Allocate memory for a new ECGroup object. */
+ECGroup *
+ECGroup_new()
+{
+    mp_err res = MP_OKAY;
+    ECGroup *group;
+    group = (ECGroup *)malloc(sizeof(ECGroup));
+    if (group == NULL)
+        return NULL;
+    group->constructed = MP_YES;
+    group->meth = NULL;
+    group->text = NULL;
+    MP_DIGITS(&group->curvea) = 0;
+    MP_DIGITS(&group->curveb) = 0;
+    MP_DIGITS(&group->genx) = 0;
+    MP_DIGITS(&group->geny) = 0;
+    MP_DIGITS(&group->order) = 0;
+    group->base_point_mul = NULL;
+    group->points_mul = NULL;
+    group->validate_point = NULL;
+    group->extra1 = NULL;
+    group->extra2 = NULL;
+    group->extra_free = NULL;
+    MP_CHECKOK(mp_init(&group->curvea));
+    MP_CHECKOK(mp_init(&group->curveb));
+    MP_CHECKOK(mp_init(&group->genx));
+    MP_CHECKOK(mp_init(&group->geny));
+    MP_CHECKOK(mp_init(&group->order));
+
+CLEANUP:
+    if (res != MP_OKAY) {
+        ECGroup_free(group);
+        return NULL;
+    }
+    return group;
+}
+
+/* Construct a generic ECGroup for elliptic curves over prime fields. */
+ECGroup *
+ECGroup_consGFp(const mp_int *irr, const mp_int *curvea,
+                const mp_int *curveb, const mp_int *genx,
+                const mp_int *geny, const mp_int *order, int cofactor)
+{
+    mp_err res = MP_OKAY;
+    ECGroup *group = NULL;
+
+    group = ECGroup_new();
+    if (group == NULL)
+        return NULL;
+
+    group->meth = GFMethod_consGFp(irr);
+    if (group->meth == NULL) {
+        res = MP_MEM;
+        goto CLEANUP;
+    }
+    MP_CHECKOK(mp_copy(curvea, &group->curvea));
+    MP_CHECKOK(mp_copy(curveb, &group->curveb));
+    MP_CHECKOK(mp_copy(genx, &group->genx));
+    MP_CHECKOK(mp_copy(geny, &group->geny));
+    MP_CHECKOK(mp_copy(order, &group->order));
+    group->cofactor = cofactor;
+    group->point_add = &ec_GFp_pt_add_aff;
+    group->point_sub = &ec_GFp_pt_sub_aff;
+    group->point_dbl = &ec_GFp_pt_dbl_aff;
+    group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
+    group->base_point_mul = NULL;
+    group->points_mul = &ec_GFp_pts_mul_jac;
+    group->validate_point = &ec_GFp_validate_point;
+
+CLEANUP:
+    if (res != MP_OKAY) {
+        ECGroup_free(group);
+        return NULL;
+    }
+    return group;
+}
+
+/* Construct a generic ECGroup for elliptic curves over prime fields with
+ * field arithmetic implemented in Montgomery coordinates. */
+ECGroup *
+ECGroup_consGFp_mont(const mp_int *irr, const mp_int *curvea,
+                     const mp_int *curveb, const mp_int *genx,
+                     const mp_int *geny, const mp_int *order, int cofactor)
+{
+    mp_err res = MP_OKAY;
+    ECGroup *group = NULL;
+
+    group = ECGroup_new();
+    if (group == NULL)
+        return NULL;
+
+    group->meth = GFMethod_consGFp_mont(irr);
+    if (group->meth == NULL) {
+        res = MP_MEM;
+        goto CLEANUP;
+    }
+    MP_CHECKOK(group->meth->field_enc(curvea, &group->curvea, group->meth));
+    MP_CHECKOK(group->meth->field_enc(curveb, &group->curveb, group->meth));
+    MP_CHECKOK(group->meth->field_enc(genx, &group->genx, group->meth));
+    MP_CHECKOK(group->meth->field_enc(geny, &group->geny, group->meth));
+    MP_CHECKOK(mp_copy(order, &group->order));
+    group->cofactor = cofactor;
+    group->point_add = &ec_GFp_pt_add_aff;
+    group->point_sub = &ec_GFp_pt_sub_aff;
+    group->point_dbl = &ec_GFp_pt_dbl_aff;
+    group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
+    group->base_point_mul = NULL;
+    group->points_mul = &ec_GFp_pts_mul_jac;
+    group->validate_point = &ec_GFp_validate_point;
+
+CLEANUP:
+    if (res != MP_OKAY) {
+        ECGroup_free(group);
+        return NULL;
+    }
+    return group;
+}
+
+/* Construct ECGroup from hex parameters and name, if any. Called by
+ * ECGroup_fromHex and ECGroup_fromName. */
+ECGroup *
+ecgroup_fromNameAndHex(const ECCurveName name,
+                       const ECCurveParams *params)
+{
+    mp_int irr, curvea, curveb, genx, geny, order;
+    int bits;
+    ECGroup *group = NULL;
+    mp_err res = MP_OKAY;
+
+    /* initialize values */
+    MP_DIGITS(&irr) = 0;
+    MP_DIGITS(&curvea) = 0;
+    MP_DIGITS(&curveb) = 0;
+    MP_DIGITS(&genx) = 0;
+    MP_DIGITS(&geny) = 0;
+    MP_DIGITS(&order) = 0;
+    MP_CHECKOK(mp_init(&irr));
+    MP_CHECKOK(mp_init(&curvea));
+    MP_CHECKOK(mp_init(&curveb));
+    MP_CHECKOK(mp_init(&genx));
+    MP_CHECKOK(mp_init(&geny));
+    MP_CHECKOK(mp_init(&order));
+    MP_CHECKOK(mp_read_radix(&irr, params->irr, 16));
+    MP_CHECKOK(mp_read_radix(&curvea, params->curvea, 16));
+    MP_CHECKOK(mp_read_radix(&curveb, params->curveb, 16));
+    MP_CHECKOK(mp_read_radix(&genx, params->genx, 16));
+    MP_CHECKOK(mp_read_radix(&geny, params->geny, 16));
+    MP_CHECKOK(mp_read_radix(&order, params->order, 16));
+
+    /* determine number of bits */
+    bits = mpl_significant_bits(&irr) - 1;
+    if (bits < MP_OKAY) {
+        res = bits;
+        goto CLEANUP;
+    }
+
+    /* determine which optimizations (if any) to use */
+    if (params->field == ECField_GFp) {
+        switch (name) {
+            case ECCurve_SECG_PRIME_256R1:
+                group =
+                    ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+                                    &order, params->cofactor);
+                if (group == NULL) {
+                    res = MP_UNDEF;
+                    goto CLEANUP;
+                }
+                MP_CHECKOK(ec_group_set_gfp256(group, name));
+                MP_CHECKOK(ec_group_set_gfp256_32(group, name));
+                break;
+            case ECCurve_SECG_PRIME_521R1:
+                group =
+                    ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
+                                    &order, params->cofactor);
+                if (group == NULL) {
+                    res = MP_UNDEF;
+                    goto CLEANUP;
+                }
+                MP_CHECKOK(ec_group_set_gfp521(group, name));
+                break;
+            default:
+                /* use generic arithmetic */
+                group =
+                    ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
+                                         &order, params->cofactor);
+                if (group == NULL) {
+                    res = MP_UNDEF;
+                    goto CLEANUP;
+                }
+        }
+    } else {
+        res = MP_UNDEF;
+        goto CLEANUP;
+    }
+
+    /* set name, if any */
+    if ((group != NULL) && (params->text != NULL)) {
+        group->text = strdup(params->text);
+        if (group->text == NULL) {
+            res = MP_MEM;
+        }
+    }
+
+CLEANUP:
+    mp_clear(&irr);
+    mp_clear(&curvea);
+    mp_clear(&curveb);
+    mp_clear(&genx);
+    mp_clear(&geny);
+    mp_clear(&order);
+    if (res != MP_OKAY) {
+        ECGroup_free(group);
+        return NULL;
+    }
+    return group;
+}
+
+/* Construct ECGroup from hexadecimal representations of parameters. */
+ECGroup *
+ECGroup_fromHex(const ECCurveParams *params)
+{
+    return ecgroup_fromNameAndHex(ECCurve_noName, params);
+}
+
+/* Construct ECGroup from named parameters. */
+ECGroup *
+ECGroup_fromName(const ECCurveName name)
+{
+    ECGroup *group = NULL;
+    ECCurveParams *params = NULL;
+    mp_err res = MP_OKAY;
+
+    params = EC_GetNamedCurveParams(name);
+    if (params == NULL) {
+        res = MP_UNDEF;
+        goto CLEANUP;
+    }
+
+    /* construct actual group */
+    group = ecgroup_fromNameAndHex(name, params);
+    if (group == NULL) {
+        res = MP_UNDEF;
+        goto CLEANUP;
+    }
+
+CLEANUP:
+    EC_FreeCurveParams(params);
+    if (res != MP_OKAY) {
+        ECGroup_free(group);
+        return NULL;
+    }
+    return group;
+}
+
+/* Validates an EC public key as described in Section 5.2.2 of X9.62. */
+mp_err
+ECPoint_validate(const ECGroup *group, const mp_int *px, const mp_int *py)
+{
+    /* 1: Verify that publicValue is not the point at infinity */
+    /* 2: Verify that the coordinates of publicValue are elements
+     *    of the field.
+     */
+    /* 3: Verify that publicValue is on the curve. */
+    /* 4: Verify that the order of the curve times the publicValue
+     *    is the point at infinity.
+     */
+    return group->validate_point(px, py, group);
+}
+
+/* Free the memory allocated (if any) to an ECGroup object. */
+void
+ECGroup_free(ECGroup *group)
+{
+    if (group == NULL)
+        return;
+    GFMethod_free(group->meth);
+    if (group->constructed == MP_NO)
+        return;
+    mp_clear(&group->curvea);
+    mp_clear(&group->curveb);
+    mp_clear(&group->genx);
+    mp_clear(&group->geny);
+    mp_clear(&group->order);
+    if (group->text != NULL)
+        free(group->text);
+    if (group->extra_free != NULL)
+        group->extra_free(group);
+    free(group);
+}
diff --git a/nss/lib/freebl/ecl/ecl.h b/nss/lib/freebl/ecl/ecl.h
new file mode 100644
index 0000000..ddcbb1f
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl.h
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Although this is not an exported header file, code which uses elliptic
+ * curve point operations will need to include it. */
+
+#ifndef __ecl_h_
+#define __ecl_h_
+
+#include "blapi.h"
+#include "ecl-exp.h"
+#include "mpi.h"
+
+struct ECGroupStr;
+typedef struct ECGroupStr ECGroup;
+
+/* Construct ECGroup from hexadecimal representations of parameters. */
+ECGroup *ECGroup_fromHex(const ECCurveParams *params);
+
+/* Construct ECGroup from named parameters. */
+ECGroup *ECGroup_fromName(const ECCurveName name);
+
+/* Free an allocated ECGroup. */
+void ECGroup_free(ECGroup *group);
+
+/* Construct ECCurveParams from an ECCurveName */
+ECCurveParams *EC_GetNamedCurveParams(const ECCurveName name);
+
+/* Duplicates an ECCurveParams */
+ECCurveParams *ECCurveParams_dup(const ECCurveParams *params);
+
+/* Free an allocated ECCurveParams */
+void EC_FreeCurveParams(ECCurveParams *params);
+
+/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k * P(x,
+ * y).  If x, y = NULL, then P is assumed to be the generator (base point)
+ * of the group of points on the elliptic curve. Input and output values
+ * are assumed to be NOT field-encoded. */
+mp_err ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
+                   const mp_int *py, mp_int *qx, mp_int *qy);
+
+/* Elliptic curve scalar-point multiplication. Computes Q(x, y) = k1 * G +
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Input and output values are assumed to
+ * be NOT field-encoded. */
+mp_err ECPoints_mul(const ECGroup *group, const mp_int *k1,
+                    const mp_int *k2, const mp_int *px, const mp_int *py,
+                    mp_int *qx, mp_int *qy);
+
+/* Validates an EC public key as described in Section 5.2.2 of X9.62.
+ * Returns MP_YES if the public key is valid, MP_NO if the public key
+ * is invalid, or an error code if the validation could not be
+ * performed. */
+mp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const mp_int *py);
+
+SECStatus ec_Curve25519_pt_mul(SECItem *X, SECItem *k, SECItem *P);
+SECStatus ec_Curve25519_pt_validate(const SECItem *px);
+
+#endif /* __ecl_h_ */
diff --git a/nss/lib/freebl/ecl/ecl_curve.c b/nss/lib/freebl/ecl/ecl_curve.c
new file mode 100644
index 0000000..cf090cf
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl_curve.c
@@ -0,0 +1,93 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecl.h"
+#include "ecl-curve.h"
+#include "ecl-priv.h"
+#include <stdlib.h>
+#include <string.h>
+
+#define CHECK(func)       \
+    if ((func) == NULL) { \
+        res = 0;          \
+        goto CLEANUP;     \
+    }
+
+/* Duplicates an ECCurveParams */
+ECCurveParams *
+ECCurveParams_dup(const ECCurveParams *params)
+{
+    int res = 1;
+    ECCurveParams *ret = NULL;
+
+    CHECK(ret = (ECCurveParams *)calloc(1, sizeof(ECCurveParams)));
+    if (params->text != NULL) {
+        CHECK(ret->text = strdup(params->text));
+    }
+    ret->field = params->field;
+    ret->size = params->size;
+    if (params->irr != NULL) {
+        CHECK(ret->irr = strdup(params->irr));
+    }
+    if (params->curvea != NULL) {
+        CHECK(ret->curvea = strdup(params->curvea));
+    }
+    if (params->curveb != NULL) {
+        CHECK(ret->curveb = strdup(params->curveb));
+    }
+    if (params->genx != NULL) {
+        CHECK(ret->genx = strdup(params->genx));
+    }
+    if (params->geny != NULL) {
+        CHECK(ret->geny = strdup(params->geny));
+    }
+    if (params->order != NULL) {
+        CHECK(ret->order = strdup(params->order));
+    }
+    ret->cofactor = params->cofactor;
+
+CLEANUP:
+    if (res != 1) {
+        EC_FreeCurveParams(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+#undef CHECK
+
+/* Construct ECCurveParams from an ECCurveName */
+ECCurveParams *
+EC_GetNamedCurveParams(const ECCurveName name)
+{
+    if ((name <= ECCurve_noName) || (ECCurve_pastLastCurve <= name) ||
+        (ecCurve_map[name] == NULL)) {
+        return NULL;
+    } else {
+        return ECCurveParams_dup(ecCurve_map[name]);
+    }
+}
+
+/* Free the memory allocated (if any) to an ECCurveParams object. */
+void
+EC_FreeCurveParams(ECCurveParams *params)
+{
+    if (params == NULL)
+        return;
+    if (params->text != NULL)
+        free(params->text);
+    if (params->irr != NULL)
+        free(params->irr);
+    if (params->curvea != NULL)
+        free(params->curvea);
+    if (params->curveb != NULL)
+        free(params->curveb);
+    if (params->genx != NULL)
+        free(params->genx);
+    if (params->geny != NULL)
+        free(params->geny);
+    if (params->order != NULL)
+        free(params->order);
+    free(params);
+}
diff --git a/nss/lib/freebl/ecl/ecl_gf.c b/nss/lib/freebl/ecl/ecl_gf.c
new file mode 100644
index 0000000..81b0077
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl_gf.c
@@ -0,0 +1,958 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+#include "mp_gf2m.h"
+#include "ecl-priv.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+
+/* Allocate memory for a new GFMethod object. */
+GFMethod *
+GFMethod_new()
+{
+    mp_err res = MP_OKAY;
+    GFMethod *meth;
+    meth = (GFMethod *)malloc(sizeof(GFMethod));
+    if (meth == NULL)
+        return NULL;
+    meth->constructed = MP_YES;
+    MP_DIGITS(&meth->irr) = 0;
+    meth->extra_free = NULL;
+    MP_CHECKOK(mp_init(&meth->irr));
+
+CLEANUP:
+    if (res != MP_OKAY) {
+        GFMethod_free(meth);
+        return NULL;
+    }
+    return meth;
+}
+
+/* Construct a generic GFMethod for arithmetic over prime fields with
+ * irreducible irr. */
+GFMethod *
+GFMethod_consGFp(const mp_int *irr)
+{
+    mp_err res = MP_OKAY;
+    GFMethod *meth = NULL;
+
+    meth = GFMethod_new();
+    if (meth == NULL)
+        return NULL;
+
+    MP_CHECKOK(mp_copy(irr, &meth->irr));
+    meth->irr_arr[0] = mpl_significant_bits(irr);
+    meth->irr_arr[1] = meth->irr_arr[2] = meth->irr_arr[3] =
+        meth->irr_arr[4] = 0;
+    switch (MP_USED(&meth->irr)) {
+        /* maybe we need 1 and 2 words here as well?*/
+        case 3:
+            meth->field_add = &ec_GFp_add_3;
+            meth->field_sub = &ec_GFp_sub_3;
+            break;
+        case 4:
+            meth->field_add = &ec_GFp_add_4;
+            meth->field_sub = &ec_GFp_sub_4;
+            break;
+        case 5:
+            meth->field_add = &ec_GFp_add_5;
+            meth->field_sub = &ec_GFp_sub_5;
+            break;
+        case 6:
+            meth->field_add = &ec_GFp_add_6;
+            meth->field_sub = &ec_GFp_sub_6;
+            break;
+        default:
+            meth->field_add = &ec_GFp_add;
+            meth->field_sub = &ec_GFp_sub;
+    }
+    meth->field_neg = &ec_GFp_neg;
+    meth->field_mod = &ec_GFp_mod;
+    meth->field_mul = &ec_GFp_mul;
+    meth->field_sqr = &ec_GFp_sqr;
+    meth->field_div = &ec_GFp_div;
+    meth->field_enc = NULL;
+    meth->field_dec = NULL;
+    meth->extra1 = NULL;
+    meth->extra2 = NULL;
+    meth->extra_free = NULL;
+
+CLEANUP:
+    if (res != MP_OKAY) {
+        GFMethod_free(meth);
+        return NULL;
+    }
+    return meth;
+}
+
+/* Free the memory allocated (if any) to a GFMethod object. */
+void
+GFMethod_free(GFMethod *meth)
+{
+    if (meth == NULL)
+        return;
+    if (meth->constructed == MP_NO)
+        return;
+    mp_clear(&meth->irr);
+    if (meth->extra_free != NULL)
+        meth->extra_free(meth);
+    free(meth);
+}
+
+/* Wrapper functions for generic prime field arithmetic. */
+
+/* Add two field elements.  Assumes that 0 <= a, b < meth->irr */
+mp_err
+ec_GFp_add(const mp_int *a, const mp_int *b, mp_int *r,
+           const GFMethod *meth)
+{
+    /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a + b (mod p) */
+    mp_err res;
+
+    if ((res = mp_add(a, b, r)) != MP_OKAY) {
+        return res;
+    }
+    if (mp_cmp(r, &meth->irr) >= 0) {
+        return mp_sub(r, &meth->irr, r);
+    }
+    return res;
+}
+
+/* Negates a field element.  Assumes that 0 <= a < meth->irr */
+mp_err
+ec_GFp_neg(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    /* PRE: 0 <= a < p = meth->irr POST: 0 <= r < p, r = -a (mod p) */
+
+    if (mp_cmp_z(a) == 0) {
+        mp_zero(r);
+        return MP_OKAY;
+    }
+    return mp_sub(&meth->irr, a, r);
+}
+
+/* Subtracts two field elements.  Assumes that 0 <= a, b < meth->irr */
+mp_err
+ec_GFp_sub(const mp_int *a, const mp_int *b, mp_int *r,
+           const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a - b (mod p) */
+    res = mp_sub(a, b, r);
+    if (res == MP_RANGE) {
+        MP_CHECKOK(mp_sub(b, a, r));
+        if (mp_cmp_z(r) < 0) {
+            MP_CHECKOK(mp_add(r, &meth->irr, r));
+        }
+        MP_CHECKOK(ec_GFp_neg(r, r, meth));
+    }
+    if (mp_cmp_z(r) < 0) {
+        MP_CHECKOK(mp_add(r, &meth->irr, r));
+    }
+CLEANUP:
+    return res;
+}
+/*
+ * Inline adds for small curve lengths.
+ */
+/* 3 words */
+mp_err
+ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a0 = 0, a1 = 0, a2 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0;
+    mp_digit carry;
+
+    switch (MP_USED(a)) {
+        case 3:
+            a2 = MP_DIGIT(a, 2);
+        case 2:
+            a1 = MP_DIGIT(a, 1);
+        case 1:
+            a0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 3:
+            r2 = MP_DIGIT(b, 2);
+        case 2:
+            r1 = MP_DIGIT(b, 1);
+        case 1:
+            r0 = MP_DIGIT(b, 0);
+    }
+
+#ifndef MPI_AMD64_ADD
+    carry = 0;
+    MP_ADD_CARRY(a0, r0, r0, carry);
+    MP_ADD_CARRY(a1, r1, r1, carry);
+    MP_ADD_CARRY(a2, r2, r2, carry);
+#else
+    __asm__(
+        "xorq   %3,%3           \n\t"
+        "addq   %4,%0           \n\t"
+        "adcq   %5,%1           \n\t"
+        "adcq   %6,%2           \n\t"
+        "adcq   $0,%3           \n\t"
+        : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
+        : "r"(a0), "r"(a1), "r"(a2),
+          "0"(r0), "1"(r1), "2"(r2)
+        : "%cc");
+#endif
+
+    MP_CHECKOK(s_mp_pad(r, 3));
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 3;
+
+    /* Do quick 'subract' if we've gone over
+     * (add the 2's complement of the curve field) */
+    a2 = MP_DIGIT(&meth->irr, 2);
+    if (carry || r2 > a2 ||
+        ((r2 == a2) && mp_cmp(r, &meth->irr) != MP_LT)) {
+        a1 = MP_DIGIT(&meth->irr, 1);
+        a0 = MP_DIGIT(&meth->irr, 0);
+#ifndef MPI_AMD64_ADD
+        carry = 0;
+        MP_SUB_BORROW(r0, a0, r0, carry);
+        MP_SUB_BORROW(r1, a1, r1, carry);
+        MP_SUB_BORROW(r2, a2, r2, carry);
+#else
+        __asm__(
+            "subq   %3,%0           \n\t"
+            "sbbq   %4,%1           \n\t"
+            "sbbq   %5,%2           \n\t"
+            : "=r"(r0), "=r"(r1), "=r"(r2)
+            : "r"(a0), "r"(a1), "r"(a2),
+              "0"(r0), "1"(r1), "2"(r2)
+            : "%cc");
+#endif
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+    }
+
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* 4 words */
+mp_err
+ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
+    mp_digit carry;
+
+    switch (MP_USED(a)) {
+        case 4:
+            a3 = MP_DIGIT(a, 3);
+        case 3:
+            a2 = MP_DIGIT(a, 2);
+        case 2:
+            a1 = MP_DIGIT(a, 1);
+        case 1:
+            a0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 4:
+            r3 = MP_DIGIT(b, 3);
+        case 3:
+            r2 = MP_DIGIT(b, 2);
+        case 2:
+            r1 = MP_DIGIT(b, 1);
+        case 1:
+            r0 = MP_DIGIT(b, 0);
+    }
+
+#ifndef MPI_AMD64_ADD
+    carry = 0;
+    MP_ADD_CARRY(a0, r0, r0, carry);
+    MP_ADD_CARRY(a1, r1, r1, carry);
+    MP_ADD_CARRY(a2, r2, r2, carry);
+    MP_ADD_CARRY(a3, r3, r3, carry);
+#else
+    __asm__(
+        "xorq   %4,%4           \n\t"
+        "addq   %5,%0           \n\t"
+        "adcq   %6,%1           \n\t"
+        "adcq   %7,%2           \n\t"
+        "adcq   %8,%3           \n\t"
+        "adcq   $0,%4           \n\t"
+        : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(carry)
+        : "r"(a0), "r"(a1), "r"(a2), "r"(a3),
+          "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+        : "%cc");
+#endif
+
+    MP_CHECKOK(s_mp_pad(r, 4));
+    MP_DIGIT(r, 3) = r3;
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 4;
+
+    /* Do quick 'subract' if we've gone over
+     * (add the 2's complement of the curve field) */
+    a3 = MP_DIGIT(&meth->irr, 3);
+    if (carry || r3 > a3 ||
+        ((r3 == a3) && mp_cmp(r, &meth->irr) != MP_LT)) {
+        a2 = MP_DIGIT(&meth->irr, 2);
+        a1 = MP_DIGIT(&meth->irr, 1);
+        a0 = MP_DIGIT(&meth->irr, 0);
+#ifndef MPI_AMD64_ADD
+        carry = 0;
+        MP_SUB_BORROW(r0, a0, r0, carry);
+        MP_SUB_BORROW(r1, a1, r1, carry);
+        MP_SUB_BORROW(r2, a2, r2, carry);
+        MP_SUB_BORROW(r3, a3, r3, carry);
+#else
+        __asm__(
+            "subq   %4,%0           \n\t"
+            "sbbq   %5,%1           \n\t"
+            "sbbq   %6,%2           \n\t"
+            "sbbq   %7,%3           \n\t"
+            : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
+            : "r"(a0), "r"(a1), "r"(a2), "r"(a3),
+              "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+            : "%cc");
+#endif
+        MP_DIGIT(r, 3) = r3;
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+    }
+
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* 5 words */
+mp_err
+ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
+    mp_digit carry;
+
+    switch (MP_USED(a)) {
+        case 5:
+            a4 = MP_DIGIT(a, 4);
+        case 4:
+            a3 = MP_DIGIT(a, 3);
+        case 3:
+            a2 = MP_DIGIT(a, 2);
+        case 2:
+            a1 = MP_DIGIT(a, 1);
+        case 1:
+            a0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 5:
+            r4 = MP_DIGIT(b, 4);
+        case 4:
+            r3 = MP_DIGIT(b, 3);
+        case 3:
+            r2 = MP_DIGIT(b, 2);
+        case 2:
+            r1 = MP_DIGIT(b, 1);
+        case 1:
+            r0 = MP_DIGIT(b, 0);
+    }
+
+    carry = 0;
+    MP_ADD_CARRY(a0, r0, r0, carry);
+    MP_ADD_CARRY(a1, r1, r1, carry);
+    MP_ADD_CARRY(a2, r2, r2, carry);
+    MP_ADD_CARRY(a3, r3, r3, carry);
+    MP_ADD_CARRY(a4, r4, r4, carry);
+
+    MP_CHECKOK(s_mp_pad(r, 5));
+    MP_DIGIT(r, 4) = r4;
+    MP_DIGIT(r, 3) = r3;
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 5;
+
+    /* Do quick 'subract' if we've gone over
+     * (add the 2's complement of the curve field) */
+    a4 = MP_DIGIT(&meth->irr, 4);
+    if (carry || r4 > a4 ||
+        ((r4 == a4) && mp_cmp(r, &meth->irr) != MP_LT)) {
+        a3 = MP_DIGIT(&meth->irr, 3);
+        a2 = MP_DIGIT(&meth->irr, 2);
+        a1 = MP_DIGIT(&meth->irr, 1);
+        a0 = MP_DIGIT(&meth->irr, 0);
+        carry = 0;
+        MP_SUB_BORROW(r0, a0, r0, carry);
+        MP_SUB_BORROW(r1, a1, r1, carry);
+        MP_SUB_BORROW(r2, a2, r2, carry);
+        MP_SUB_BORROW(r3, a3, r3, carry);
+        MP_SUB_BORROW(r4, a4, r4, carry);
+        MP_DIGIT(r, 4) = r4;
+        MP_DIGIT(r, 3) = r3;
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+    }
+
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* 6 words */
+mp_err
+ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0, a5 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
+    mp_digit carry;
+
+    switch (MP_USED(a)) {
+        case 6:
+            a5 = MP_DIGIT(a, 5);
+        case 5:
+            a4 = MP_DIGIT(a, 4);
+        case 4:
+            a3 = MP_DIGIT(a, 3);
+        case 3:
+            a2 = MP_DIGIT(a, 2);
+        case 2:
+            a1 = MP_DIGIT(a, 1);
+        case 1:
+            a0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 6:
+            r5 = MP_DIGIT(b, 5);
+        case 5:
+            r4 = MP_DIGIT(b, 4);
+        case 4:
+            r3 = MP_DIGIT(b, 3);
+        case 3:
+            r2 = MP_DIGIT(b, 2);
+        case 2:
+            r1 = MP_DIGIT(b, 1);
+        case 1:
+            r0 = MP_DIGIT(b, 0);
+    }
+
+    carry = 0;
+    MP_ADD_CARRY(a0, r0, r0, carry);
+    MP_ADD_CARRY(a1, r1, r1, carry);
+    MP_ADD_CARRY(a2, r2, r2, carry);
+    MP_ADD_CARRY(a3, r3, r3, carry);
+    MP_ADD_CARRY(a4, r4, r4, carry);
+    MP_ADD_CARRY(a5, r5, r5, carry);
+
+    MP_CHECKOK(s_mp_pad(r, 6));
+    MP_DIGIT(r, 5) = r5;
+    MP_DIGIT(r, 4) = r4;
+    MP_DIGIT(r, 3) = r3;
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 6;
+
+    /* Do quick 'subract' if we've gone over
+     * (add the 2's complement of the curve field) */
+    a5 = MP_DIGIT(&meth->irr, 5);
+    if (carry || r5 > a5 ||
+        ((r5 == a5) && mp_cmp(r, &meth->irr) != MP_LT)) {
+        a4 = MP_DIGIT(&meth->irr, 4);
+        a3 = MP_DIGIT(&meth->irr, 3);
+        a2 = MP_DIGIT(&meth->irr, 2);
+        a1 = MP_DIGIT(&meth->irr, 1);
+        a0 = MP_DIGIT(&meth->irr, 0);
+        carry = 0;
+        MP_SUB_BORROW(r0, a0, r0, carry);
+        MP_SUB_BORROW(r1, a1, r1, carry);
+        MP_SUB_BORROW(r2, a2, r2, carry);
+        MP_SUB_BORROW(r3, a3, r3, carry);
+        MP_SUB_BORROW(r4, a4, r4, carry);
+        MP_SUB_BORROW(r5, a5, r5, carry);
+        MP_DIGIT(r, 5) = r5;
+        MP_DIGIT(r, 4) = r4;
+        MP_DIGIT(r, 3) = r3;
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+    }
+
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/*
+ * The following subraction functions do in-line subractions based
+ * on our curve size.
+ *
+ * ... 3 words
+ */
+mp_err
+ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit b0 = 0, b1 = 0, b2 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0;
+    mp_digit borrow;
+
+    switch (MP_USED(a)) {
+        case 3:
+            r2 = MP_DIGIT(a, 2);
+        case 2:
+            r1 = MP_DIGIT(a, 1);
+        case 1:
+            r0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 3:
+            b2 = MP_DIGIT(b, 2);
+        case 2:
+            b1 = MP_DIGIT(b, 1);
+        case 1:
+            b0 = MP_DIGIT(b, 0);
+    }
+
+#ifndef MPI_AMD64_ADD
+    borrow = 0;
+    MP_SUB_BORROW(r0, b0, r0, borrow);
+    MP_SUB_BORROW(r1, b1, r1, borrow);
+    MP_SUB_BORROW(r2, b2, r2, borrow);
+#else
+    __asm__(
+        "xorq   %3,%3           \n\t"
+        "subq   %4,%0           \n\t"
+        "sbbq   %5,%1           \n\t"
+        "sbbq   %6,%2           \n\t"
+        "adcq   $0,%3           \n\t"
+        : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(borrow)
+        : "r"(b0), "r"(b1), "r"(b2),
+          "0"(r0), "1"(r1), "2"(r2)
+        : "%cc");
+#endif
+
+    /* Do quick 'add' if we've gone under 0
+     * (subtract the 2's complement of the curve field) */
+    if (borrow) {
+        b2 = MP_DIGIT(&meth->irr, 2);
+        b1 = MP_DIGIT(&meth->irr, 1);
+        b0 = MP_DIGIT(&meth->irr, 0);
+#ifndef MPI_AMD64_ADD
+        borrow = 0;
+        MP_ADD_CARRY(b0, r0, r0, borrow);
+        MP_ADD_CARRY(b1, r1, r1, borrow);
+        MP_ADD_CARRY(b2, r2, r2, borrow);
+#else
+        __asm__(
+            "addq   %3,%0           \n\t"
+            "adcq   %4,%1           \n\t"
+            "adcq   %5,%2           \n\t"
+            : "=r"(r0), "=r"(r1), "=r"(r2)
+            : "r"(b0), "r"(b1), "r"(b2),
+              "0"(r0), "1"(r1), "2"(r2)
+            : "%cc");
+#endif
+    }
+
+#ifdef MPI_AMD64_ADD
+    /* compiler fakeout? */
+    if ((r2 == b0) && (r1 == b0) && (r0 == b0)) {
+        MP_CHECKOK(s_mp_pad(r, 4));
+    }
+#endif
+    MP_CHECKOK(s_mp_pad(r, 3));
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 3;
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* 4 words */
+mp_err
+ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
+    mp_digit borrow;
+
+    switch (MP_USED(a)) {
+        case 4:
+            r3 = MP_DIGIT(a, 3);
+        case 3:
+            r2 = MP_DIGIT(a, 2);
+        case 2:
+            r1 = MP_DIGIT(a, 1);
+        case 1:
+            r0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 4:
+            b3 = MP_DIGIT(b, 3);
+        case 3:
+            b2 = MP_DIGIT(b, 2);
+        case 2:
+            b1 = MP_DIGIT(b, 1);
+        case 1:
+            b0 = MP_DIGIT(b, 0);
+    }
+
+#ifndef MPI_AMD64_ADD
+    borrow = 0;
+    MP_SUB_BORROW(r0, b0, r0, borrow);
+    MP_SUB_BORROW(r1, b1, r1, borrow);
+    MP_SUB_BORROW(r2, b2, r2, borrow);
+    MP_SUB_BORROW(r3, b3, r3, borrow);
+#else
+    __asm__(
+        "xorq   %4,%4           \n\t"
+        "subq   %5,%0           \n\t"
+        "sbbq   %6,%1           \n\t"
+        "sbbq   %7,%2           \n\t"
+        "sbbq   %8,%3           \n\t"
+        "adcq   $0,%4           \n\t"
+        : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(borrow)
+        : "r"(b0), "r"(b1), "r"(b2), "r"(b3),
+          "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+        : "%cc");
+#endif
+
+    /* Do quick 'add' if we've gone under 0
+     * (subtract the 2's complement of the curve field) */
+    if (borrow) {
+        b3 = MP_DIGIT(&meth->irr, 3);
+        b2 = MP_DIGIT(&meth->irr, 2);
+        b1 = MP_DIGIT(&meth->irr, 1);
+        b0 = MP_DIGIT(&meth->irr, 0);
+#ifndef MPI_AMD64_ADD
+        borrow = 0;
+        MP_ADD_CARRY(b0, r0, r0, borrow);
+        MP_ADD_CARRY(b1, r1, r1, borrow);
+        MP_ADD_CARRY(b2, r2, r2, borrow);
+        MP_ADD_CARRY(b3, r3, r3, borrow);
+#else
+        __asm__(
+            "addq   %4,%0           \n\t"
+            "adcq   %5,%1           \n\t"
+            "adcq   %6,%2           \n\t"
+            "adcq   %7,%3           \n\t"
+            : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
+            : "r"(b0), "r"(b1), "r"(b2), "r"(b3),
+              "0"(r0), "1"(r1), "2"(r2), "3"(r3)
+            : "%cc");
+#endif
+    }
+#ifdef MPI_AMD64_ADD
+    /* compiler fakeout? */
+    if ((r3 == b0) && (r1 == b0) && (r0 == b0)) {
+        MP_CHECKOK(s_mp_pad(r, 4));
+    }
+#endif
+    MP_CHECKOK(s_mp_pad(r, 4));
+    MP_DIGIT(r, 3) = r3;
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 4;
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* 5 words */
+mp_err
+ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
+    mp_digit borrow;
+
+    switch (MP_USED(a)) {
+        case 5:
+            r4 = MP_DIGIT(a, 4);
+        case 4:
+            r3 = MP_DIGIT(a, 3);
+        case 3:
+            r2 = MP_DIGIT(a, 2);
+        case 2:
+            r1 = MP_DIGIT(a, 1);
+        case 1:
+            r0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 5:
+            b4 = MP_DIGIT(b, 4);
+        case 4:
+            b3 = MP_DIGIT(b, 3);
+        case 3:
+            b2 = MP_DIGIT(b, 2);
+        case 2:
+            b1 = MP_DIGIT(b, 1);
+        case 1:
+            b0 = MP_DIGIT(b, 0);
+    }
+
+    borrow = 0;
+    MP_SUB_BORROW(r0, b0, r0, borrow);
+    MP_SUB_BORROW(r1, b1, r1, borrow);
+    MP_SUB_BORROW(r2, b2, r2, borrow);
+    MP_SUB_BORROW(r3, b3, r3, borrow);
+    MP_SUB_BORROW(r4, b4, r4, borrow);
+
+    /* Do quick 'add' if we've gone under 0
+     * (subtract the 2's complement of the curve field) */
+    if (borrow) {
+        b4 = MP_DIGIT(&meth->irr, 4);
+        b3 = MP_DIGIT(&meth->irr, 3);
+        b2 = MP_DIGIT(&meth->irr, 2);
+        b1 = MP_DIGIT(&meth->irr, 1);
+        b0 = MP_DIGIT(&meth->irr, 0);
+        borrow = 0;
+        MP_ADD_CARRY(b0, r0, r0, borrow);
+        MP_ADD_CARRY(b1, r1, r1, borrow);
+        MP_ADD_CARRY(b2, r2, r2, borrow);
+        MP_ADD_CARRY(b3, r3, r3, borrow);
+        MP_ADD_CARRY(b4, r4, r4, borrow);
+    }
+    MP_CHECKOK(s_mp_pad(r, 5));
+    MP_DIGIT(r, 4) = r4;
+    MP_DIGIT(r, 3) = r3;
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 5;
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* 6 words */
+mp_err
+ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
+             const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0, b5 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
+    mp_digit borrow;
+
+    switch (MP_USED(a)) {
+        case 6:
+            r5 = MP_DIGIT(a, 5);
+        case 5:
+            r4 = MP_DIGIT(a, 4);
+        case 4:
+            r3 = MP_DIGIT(a, 3);
+        case 3:
+            r2 = MP_DIGIT(a, 2);
+        case 2:
+            r1 = MP_DIGIT(a, 1);
+        case 1:
+            r0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 6:
+            b5 = MP_DIGIT(b, 5);
+        case 5:
+            b4 = MP_DIGIT(b, 4);
+        case 4:
+            b3 = MP_DIGIT(b, 3);
+        case 3:
+            b2 = MP_DIGIT(b, 2);
+        case 2:
+            b1 = MP_DIGIT(b, 1);
+        case 1:
+            b0 = MP_DIGIT(b, 0);
+    }
+
+    borrow = 0;
+    MP_SUB_BORROW(r0, b0, r0, borrow);
+    MP_SUB_BORROW(r1, b1, r1, borrow);
+    MP_SUB_BORROW(r2, b2, r2, borrow);
+    MP_SUB_BORROW(r3, b3, r3, borrow);
+    MP_SUB_BORROW(r4, b4, r4, borrow);
+    MP_SUB_BORROW(r5, b5, r5, borrow);
+
+    /* Do quick 'add' if we've gone under 0
+     * (subtract the 2's complement of the curve field) */
+    if (borrow) {
+        b5 = MP_DIGIT(&meth->irr, 5);
+        b4 = MP_DIGIT(&meth->irr, 4);
+        b3 = MP_DIGIT(&meth->irr, 3);
+        b2 = MP_DIGIT(&meth->irr, 2);
+        b1 = MP_DIGIT(&meth->irr, 1);
+        b0 = MP_DIGIT(&meth->irr, 0);
+        borrow = 0;
+        MP_ADD_CARRY(b0, r0, r0, borrow);
+        MP_ADD_CARRY(b1, r1, r1, borrow);
+        MP_ADD_CARRY(b2, r2, r2, borrow);
+        MP_ADD_CARRY(b3, r3, r3, borrow);
+        MP_ADD_CARRY(b4, r4, r4, borrow);
+        MP_ADD_CARRY(b5, r5, r5, borrow);
+    }
+
+    MP_CHECKOK(s_mp_pad(r, 6));
+    MP_DIGIT(r, 5) = r5;
+    MP_DIGIT(r, 4) = r4;
+    MP_DIGIT(r, 3) = r3;
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 6;
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* Reduces an integer to a field element. */
+mp_err
+ec_GFp_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    return mp_mod(a, &meth->irr, r);
+}
+
+/* Multiplies two field elements. */
+mp_err
+ec_GFp_mul(const mp_int *a, const mp_int *b, mp_int *r,
+           const GFMethod *meth)
+{
+    return mp_mulmod(a, b, &meth->irr, r);
+}
+
+/* Squares a field element. */
+mp_err
+ec_GFp_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    return mp_sqrmod(a, &meth->irr, r);
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+mp_err
+ec_GFp_div(const mp_int *a, const mp_int *b, mp_int *r,
+           const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_int t;
+
+    /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+    if (a == NULL) {
+        return mp_invmod(b, &meth->irr, r);
+    } else {
+        /* MPI doesn't support divmod, so we implement it using invmod and
+         * mulmod. */
+        MP_CHECKOK(mp_init(&t));
+        MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+        MP_CHECKOK(mp_mulmod(a, &t, &meth->irr, r));
+    CLEANUP:
+        mp_clear(&t);
+        return res;
+    }
+}
+
+/* Wrapper functions for generic binary polynomial field arithmetic. */
+
+/* Adds two field elements. */
+mp_err
+ec_GF2m_add(const mp_int *a, const mp_int *b, mp_int *r,
+            const GFMethod *meth)
+{
+    return mp_badd(a, b, r);
+}
+
+/* Negates a field element. Note that for binary polynomial fields, the
+ * negation of a field element is the field element itself. */
+mp_err
+ec_GF2m_neg(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    if (a == r) {
+        return MP_OKAY;
+    } else {
+        return mp_copy(a, r);
+    }
+}
+
+/* Reduces a binary polynomial to a field element. */
+mp_err
+ec_GF2m_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    return mp_bmod(a, meth->irr_arr, r);
+}
+
+/* Multiplies two field elements. */
+mp_err
+ec_GF2m_mul(const mp_int *a, const mp_int *b, mp_int *r,
+            const GFMethod *meth)
+{
+    return mp_bmulmod(a, b, meth->irr_arr, r);
+}
+
+/* Squares a field element. */
+mp_err
+ec_GF2m_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    return mp_bsqrmod(a, meth->irr_arr, r);
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+mp_err
+ec_GF2m_div(const mp_int *a, const mp_int *b, mp_int *r,
+            const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_int t;
+
+    /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+    if (a == NULL) {
+        /* The GF(2^m) portion of MPI doesn't support invmod, so we
+         * compute 1/b. */
+        MP_CHECKOK(mp_init(&t));
+        MP_CHECKOK(mp_set_int(&t, 1));
+        MP_CHECKOK(mp_bdivmod(&t, b, &meth->irr, meth->irr_arr, r));
+    CLEANUP:
+        mp_clear(&t);
+        return res;
+    } else {
+        return mp_bdivmod(a, b, &meth->irr, meth->irr_arr, r);
+    }
+}
diff --git a/nss/lib/freebl/ecl/ecl_mult.c b/nss/lib/freebl/ecl/ecl_mult.c
new file mode 100644
index 0000000..ffbcbf1
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecl_mult.c
@@ -0,0 +1,305 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "ecl.h"
+#include "ecl-priv.h"
+#include <stdlib.h>
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k * P(x,
+ * y).  If x, y = NULL, then P is assumed to be the generator (base point)
+ * of the group of points on the elliptic curve. Input and output values
+ * are assumed to be NOT field-encoded. */
+mp_err
+ECPoint_mul(const ECGroup *group, const mp_int *k, const mp_int *px,
+            const mp_int *py, mp_int *rx, mp_int *ry)
+{
+    mp_err res = MP_OKAY;
+    mp_int kt;
+
+    ARGCHK((k != NULL) && (group != NULL), MP_BADARG);
+    MP_DIGITS(&kt) = 0;
+
+    /* want scalar to be less than or equal to group order */
+    if (mp_cmp(k, &group->order) > 0) {
+        MP_CHECKOK(mp_init(&kt));
+        MP_CHECKOK(mp_mod(k, &group->order, &kt));
+    } else {
+        MP_SIGN(&kt) = MP_ZPOS;
+        MP_USED(&kt) = MP_USED(k);
+        MP_ALLOC(&kt) = MP_ALLOC(k);
+        MP_DIGITS(&kt) = MP_DIGITS(k);
+    }
+
+    if ((px == NULL) || (py == NULL)) {
+        if (group->base_point_mul) {
+            MP_CHECKOK(group->base_point_mul(&kt, rx, ry, group));
+        } else {
+            MP_CHECKOK(group->point_mul(&kt, &group->genx, &group->geny, rx, ry,
+                                        group));
+        }
+    } else {
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(px, rx, group->meth));
+            MP_CHECKOK(group->meth->field_enc(py, ry, group->meth));
+            MP_CHECKOK(group->point_mul(&kt, rx, ry, rx, ry, group));
+        } else {
+            MP_CHECKOK(group->point_mul(&kt, px, py, rx, ry, group));
+        }
+    }
+    if (group->meth->field_dec) {
+        MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+        MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+    }
+
+CLEANUP:
+    if (MP_DIGITS(&kt) != MP_DIGITS(k)) {
+        mp_clear(&kt);
+    }
+    return res;
+}
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Input and output values are assumed to be NOT field-encoded. */
+mp_err
+ec_pts_mul_basic(const mp_int *k1, const mp_int *k2, const mp_int *px,
+                 const mp_int *py, mp_int *rx, mp_int *ry,
+                 const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int sx, sy;
+
+    ARGCHK(group != NULL, MP_BADARG);
+    ARGCHK(!((k1 == NULL) && ((k2 == NULL) || (px == NULL) || (py == NULL))), MP_BADARG);
+
+    /* if some arguments are not defined used ECPoint_mul */
+    if (k1 == NULL) {
+        return ECPoint_mul(group, k2, px, py, rx, ry);
+    } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+        return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+    }
+
+    MP_DIGITS(&sx) = 0;
+    MP_DIGITS(&sy) = 0;
+    MP_CHECKOK(mp_init(&sx));
+    MP_CHECKOK(mp_init(&sy));
+
+    MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
+    MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));
+
+    if (group->meth->field_enc) {
+        MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
+        MP_CHECKOK(group->meth->field_enc(&sy, &sy, group->meth));
+        MP_CHECKOK(group->meth->field_enc(rx, rx, group->meth));
+        MP_CHECKOK(group->meth->field_enc(ry, ry, group->meth));
+    }
+
+    MP_CHECKOK(group->point_add(&sx, &sy, rx, ry, rx, ry, group));
+
+    if (group->meth->field_dec) {
+        MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+        MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+    }
+
+CLEANUP:
+    mp_clear(&sx);
+    mp_clear(&sy);
+    return res;
+}
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Input and output values are assumed to be NOT field-encoded. Uses
+ * algorithm 15 (simultaneous multiple point multiplication) from Brown,
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST
+ * Elliptic Curves over Prime Fields. */
+mp_err
+ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
+                    const mp_int *py, mp_int *rx, mp_int *ry,
+                    const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int precomp[4][4][2];
+    const mp_int *a, *b;
+    unsigned int i, j;
+    int ai, bi, d;
+
+    ARGCHK(group != NULL, MP_BADARG);
+    ARGCHK(!((k1 == NULL) && ((k2 == NULL) || (px == NULL) || (py == NULL))), MP_BADARG);
+
+    /* if some arguments are not defined used ECPoint_mul */
+    if (k1 == NULL) {
+        return ECPoint_mul(group, k2, px, py, rx, ry);
+    } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+        return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+    }
+
+    /* initialize precomputation table */
+    for (i = 0; i < 4; i++) {
+        for (j = 0; j < 4; j++) {
+            MP_DIGITS(&precomp[i][j][0]) = 0;
+            MP_DIGITS(&precomp[i][j][1]) = 0;
+        }
+    }
+    for (i = 0; i < 4; i++) {
+        for (j = 0; j < 4; j++) {
+            MP_CHECKOK(mp_init_size(&precomp[i][j][0],
+                                    ECL_MAX_FIELD_SIZE_DIGITS));
+            MP_CHECKOK(mp_init_size(&precomp[i][j][1],
+                                    ECL_MAX_FIELD_SIZE_DIGITS));
+        }
+    }
+
+    /* fill precomputation table */
+    /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
+    if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
+        a = k2;
+        b = k1;
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(px, &precomp[1][0][0], group->meth));
+            MP_CHECKOK(group->meth->field_enc(py, &precomp[1][0][1], group->meth));
+        } else {
+            MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
+            MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
+        }
+        MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
+        MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
+    } else {
+        a = k1;
+        b = k2;
+        MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
+        MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(px, &precomp[0][1][0], group->meth));
+            MP_CHECKOK(group->meth->field_enc(py, &precomp[0][1][1], group->meth));
+        } else {
+            MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
+            MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
+        }
+    }
+    /* precompute [*][0][*] */
+    mp_zero(&precomp[0][0][0]);
+    mp_zero(&precomp[0][0][1]);
+    MP_CHECKOK(group->point_dbl(&precomp[1][0][0], &precomp[1][0][1],
+                                &precomp[2][0][0], &precomp[2][0][1], group));
+    MP_CHECKOK(group->point_add(&precomp[1][0][0], &precomp[1][0][1],
+                                &precomp[2][0][0], &precomp[2][0][1],
+                                &precomp[3][0][0], &precomp[3][0][1], group));
+    /* precompute [*][1][*] */
+    for (i = 1; i < 4; i++) {
+        MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+                                    &precomp[i][0][0], &precomp[i][0][1],
+                                    &precomp[i][1][0], &precomp[i][1][1], group));
+    }
+    /* precompute [*][2][*] */
+    MP_CHECKOK(group->point_dbl(&precomp[0][1][0], &precomp[0][1][1],
+                                &precomp[0][2][0], &precomp[0][2][1], group));
+    for (i = 1; i < 4; i++) {
+        MP_CHECKOK(group->point_add(&precomp[0][2][0], &precomp[0][2][1],
+                                    &precomp[i][0][0], &precomp[i][0][1],
+                                    &precomp[i][2][0], &precomp[i][2][1], group));
+    }
+    /* precompute [*][3][*] */
+    MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+                                &precomp[0][2][0], &precomp[0][2][1],
+                                &precomp[0][3][0], &precomp[0][3][1], group));
+    for (i = 1; i < 4; i++) {
+        MP_CHECKOK(group->point_add(&precomp[0][3][0], &precomp[0][3][1],
+                                    &precomp[i][0][0], &precomp[i][0][1],
+                                    &precomp[i][3][0], &precomp[i][3][1], group));
+    }
+
+    d = (mpl_significant_bits(a) + 1) / 2;
+
+    /* R = inf */
+    mp_zero(rx);
+    mp_zero(ry);
+
+    for (i = d; i-- > 0;) {
+        ai = MP_GET_BIT(a, 2 * i + 1);
+        ai <<= 1;
+        ai |= MP_GET_BIT(a, 2 * i);
+        bi = MP_GET_BIT(b, 2 * i + 1);
+        bi <<= 1;
+        bi |= MP_GET_BIT(b, 2 * i);
+        /* R = 2^2 * R */
+        MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
+        MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
+        /* R = R + (ai * A + bi * B) */
+        MP_CHECKOK(group->point_add(rx, ry, &precomp[ai][bi][0],
+                                    &precomp[ai][bi][1], rx, ry, group));
+    }
+
+    if (group->meth->field_dec) {
+        MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+        MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+    }
+
+CLEANUP:
+    for (i = 0; i < 4; i++) {
+        for (j = 0; j < 4; j++) {
+            mp_clear(&precomp[i][j][0]);
+            mp_clear(&precomp[i][j][1]);
+        }
+    }
+    return res;
+}
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Input and output values are assumed to be NOT field-encoded. */
+mp_err
+ECPoints_mul(const ECGroup *group, const mp_int *k1, const mp_int *k2,
+             const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry)
+{
+    mp_err res = MP_OKAY;
+    mp_int k1t, k2t;
+    const mp_int *k1p, *k2p;
+
+    MP_DIGITS(&k1t) = 0;
+    MP_DIGITS(&k2t) = 0;
+
+    ARGCHK(group != NULL, MP_BADARG);
+
+    /* want scalar to be less than or equal to group order */
+    if (k1 != NULL) {
+        if (mp_cmp(k1, &group->order) >= 0) {
+            MP_CHECKOK(mp_init(&k1t));
+            MP_CHECKOK(mp_mod(k1, &group->order, &k1t));
+            k1p = &k1t;
+        } else {
+            k1p = k1;
+        }
+    } else {
+        k1p = k1;
+    }
+    if (k2 != NULL) {
+        if (mp_cmp(k2, &group->order) >= 0) {
+            MP_CHECKOK(mp_init(&k2t));
+            MP_CHECKOK(mp_mod(k2, &group->order, &k2t));
+            k2p = &k2t;
+        } else {
+            k2p = k2;
+        }
+    } else {
+        k2p = k2;
+    }
+
+    /* if points_mul is defined, then use it */
+    if (group->points_mul) {
+        res = group->points_mul(k1p, k2p, px, py, rx, ry, group);
+    } else {
+        res = ec_pts_mul_simul_w2(k1p, k2p, px, py, rx, ry, group);
+    }
+
+CLEANUP:
+    mp_clear(&k1t);
+    mp_clear(&k2t);
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/ecp.h b/nss/lib/freebl/ecl/ecp.h
new file mode 100644
index 0000000..7e54e4e
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp.h
@@ -0,0 +1,106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ecp_h_
+#define __ecp_h_
+
+#include "ecl-priv.h"
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err ec_GFp_pt_is_inf_aff(const mp_int *px, const mp_int *py);
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py);
+
+/* Computes R = P + Q where R is (rx, ry), P is (px, py) and Q is (qx,
+ * qy). Uses affine coordinates. */
+mp_err ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py,
+                         const mp_int *qx, const mp_int *qy, mp_int *rx,
+                         mp_int *ry, const ECGroup *group);
+
+/* Computes R = P - Q.  Uses affine coordinates. */
+mp_err ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py,
+                         const mp_int *qx, const mp_int *qy, mp_int *rx,
+                         mp_int *ry, const ECGroup *group);
+
+/* Computes R = 2P.  Uses affine coordinates. */
+mp_err ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+                         mp_int *ry, const ECGroup *group);
+
+/* Validates a point on a GFp curve. */
+mp_err ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group);
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Uses affine coordinates. */
+mp_err ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px,
+                         const mp_int *py, mp_int *rx, mp_int *ry,
+                         const ECGroup *group);
+#endif
+
+/* Converts a point P(px, py) from affine coordinates to Jacobian
+ * projective coordinates R(rx, ry, rz). */
+mp_err ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx,
+                         mp_int *ry, mp_int *rz, const ECGroup *group);
+
+/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
+ * affine coordinates R(rx, ry). */
+mp_err ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py,
+                         const mp_int *pz, mp_int *rx, mp_int *ry,
+                         const ECGroup *group);
+
+/* Checks if point P(px, py, pz) is at infinity.  Uses Jacobian
+ * coordinates. */
+mp_err ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py,
+                            const mp_int *pz);
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses Jacobian
+ * coordinates. */
+mp_err ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz);
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, qz).  Uses Jacobian coordinates. */
+mp_err ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py,
+                             const mp_int *pz, const mp_int *qx,
+                             const mp_int *qy, mp_int *rx, mp_int *ry,
+                             mp_int *rz, const ECGroup *group);
+
+/* Computes R = 2P.  Uses Jacobian coordinates. */
+mp_err ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py,
+                         const mp_int *pz, mp_int *rx, mp_int *ry,
+                         mp_int *rz, const ECGroup *group);
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Uses Jacobian coordinates. */
+mp_err ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px,
+                         const mp_int *py, mp_int *rx, mp_int *ry,
+                         const ECGroup *group);
+#endif
+
+/* Computes R(x, y) = k1 * G + k2 * P(x, y), where G is the generator
+ * (base point) of the group of points on the elliptic curve. Allows k1 =
+ * NULL or { k2, P } = NULL.  Implemented using mixed Jacobian-affine
+ * coordinates. Input and output values are assumed to be NOT
+ * field-encoded and are in affine form. */
+mp_err
+ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
+                   const mp_int *py, mp_int *rx, mp_int *ry,
+                   const ECGroup *group);
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
+ * curve points P and R can be identical. Uses mixed Modified-Jacobian
+ * co-ordinates for doubling and Chudnovsky Jacobian coordinates for
+ * additions. Assumes input is already field-encoded using field_enc, and
+ * returns output that is still field-encoded. Uses 5-bit window NAF
+ * method (algorithm 11) for scalar-point multiplication from Brown,
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
+ * Curves Over Prime Fields. */
+mp_err
+ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
+                      mp_int *rx, mp_int *ry, const ECGroup *group);
+
+#endif /* __ecp_h_ */
diff --git a/nss/lib/freebl/ecl/ecp_192.c b/nss/lib/freebl/ecl/ecp_192.c
new file mode 100644
index 0000000..f6d45b4
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_192.c
@@ -0,0 +1,493 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+
+#define ECP192_DIGITS ECL_CURVE_DIGITS(192)
+
+/* Fast modular reduction for p192 = 2^192 - 2^64 - 1.  a can be r. Uses
+ * algorithm 7 from Brown, Hankerson, Lopez, Menezes. Software
+ * Implementation of the NIST Elliptic Curves over Prime Fields. */
+static mp_err
+ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_size a_used = MP_USED(a);
+    mp_digit r3;
+#ifndef MPI_AMD64_ADD
+    mp_digit carry;
+#endif
+#ifdef ECL_THIRTY_TWO_BIT
+    mp_digit a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0;
+    mp_digit r0a, r0b, r1a, r1b, r2a, r2b;
+#else
+    mp_digit a5 = 0, a4 = 0, a3 = 0;
+    mp_digit r0, r1, r2;
+#endif
+
+    /* reduction not needed if a is not larger than field size */
+    if (a_used < ECP192_DIGITS) {
+        if (a == r) {
+            return MP_OKAY;
+        }
+        return mp_copy(a, r);
+    }
+
+    /* for polynomials larger than twice the field size, use regular
+     * reduction */
+    if (a_used > ECP192_DIGITS * 2) {
+        MP_CHECKOK(mp_mod(a, &meth->irr, r));
+    } else {
+/* copy out upper words of a */
+
+#ifdef ECL_THIRTY_TWO_BIT
+
+        /* in all the math below,
+         * nXb is most signifiant, nXa is least significant */
+        switch (a_used) {
+            case 12:
+                a5b = MP_DIGIT(a, 11);
+            case 11:
+                a5a = MP_DIGIT(a, 10);
+            case 10:
+                a4b = MP_DIGIT(a, 9);
+            case 9:
+                a4a = MP_DIGIT(a, 8);
+            case 8:
+                a3b = MP_DIGIT(a, 7);
+            case 7:
+                a3a = MP_DIGIT(a, 6);
+        }
+
+        r2b = MP_DIGIT(a, 5);
+        r2a = MP_DIGIT(a, 4);
+        r1b = MP_DIGIT(a, 3);
+        r1a = MP_DIGIT(a, 2);
+        r0b = MP_DIGIT(a, 1);
+        r0a = MP_DIGIT(a, 0);
+
+        /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
+        carry = 0;
+        MP_ADD_CARRY(r0a, a3a, r0a, carry);
+        MP_ADD_CARRY(r0b, a3b, r0b, carry);
+        MP_ADD_CARRY(r1a, a3a, r1a, carry);
+        MP_ADD_CARRY(r1b, a3b, r1b, carry);
+        MP_ADD_CARRY(r2a, a4a, r2a, carry);
+        MP_ADD_CARRY(r2b, a4b, r2b, carry);
+        r3 = carry;
+        carry = 0;
+        MP_ADD_CARRY(r0a, a5a, r0a, carry);
+        MP_ADD_CARRY(r0b, a5b, r0b, carry);
+        MP_ADD_CARRY(r1a, a5a, r1a, carry);
+        MP_ADD_CARRY(r1b, a5b, r1b, carry);
+        MP_ADD_CARRY(r2a, a5a, r2a, carry);
+        MP_ADD_CARRY(r2b, a5b, r2b, carry);
+        r3 += carry;
+        carry = 0;
+        MP_ADD_CARRY(r1a, a4a, r1a, carry);
+        MP_ADD_CARRY(r1b, a4b, r1b, carry);
+        MP_ADD_CARRY(r2a, 0, r2a, carry);
+        MP_ADD_CARRY(r2b, 0, r2b, carry);
+        r3 += carry;
+
+        /* reduce out the carry */
+        while (r3) {
+            carry = 0;
+            MP_ADD_CARRY(r0a, r3, r0a, carry);
+            MP_ADD_CARRY(r0b, 0, r0b, carry);
+            MP_ADD_CARRY(r1a, r3, r1a, carry);
+            MP_ADD_CARRY(r1b, 0, r1b, carry);
+            MP_ADD_CARRY(r2a, 0, r2a, carry);
+            MP_ADD_CARRY(r2b, 0, r2b, carry);
+            r3 = carry;
+        }
+
+        /* check for final reduction */
+        /*
+         * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
+         * 0xffffffffffffffff. That means we can only be over and need
+         * one more reduction
+         *  if r2 == 0xffffffffffffffffff (same as r2+1 == 0)
+         *     and
+         *     r1 == 0xffffffffffffffffff   or
+         *     r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
+         * In all cases, we subtract the field (or add the 2's
+         * complement value (1,1,0)).  (r0, r1, r2)
+         */
+        if (((r2b == 0xffffffff) && (r2a == 0xffffffff) && (r1b == 0xffffffff)) &&
+            ((r1a == 0xffffffff) ||
+             ((r1a == 0xfffffffe) && (r0a == 0xffffffff) &&
+              (r0b == 0xffffffff)))) {
+            /* do a quick subtract */
+            carry = 0;
+            MP_ADD_CARRY(r0a, 1, r0a, carry);
+            MP_ADD_CARRY(r0b, carry, r0a, carry);
+            r1a += 1 + carry;
+            r1b = r2a = r2b = 0;
+        }
+
+        /* set the lower words of r */
+        if (a != r) {
+            MP_CHECKOK(s_mp_pad(r, 6));
+        }
+        MP_DIGIT(r, 5) = r2b;
+        MP_DIGIT(r, 4) = r2a;
+        MP_DIGIT(r, 3) = r1b;
+        MP_DIGIT(r, 2) = r1a;
+        MP_DIGIT(r, 1) = r0b;
+        MP_DIGIT(r, 0) = r0a;
+        MP_USED(r) = 6;
+#else
+        switch (a_used) {
+            case 6:
+                a5 = MP_DIGIT(a, 5);
+            case 5:
+                a4 = MP_DIGIT(a, 4);
+            case 4:
+                a3 = MP_DIGIT(a, 3);
+        }
+
+        r2 = MP_DIGIT(a, 2);
+        r1 = MP_DIGIT(a, 1);
+        r0 = MP_DIGIT(a, 0);
+
+/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
+#ifndef MPI_AMD64_ADD
+        carry = 0;
+        MP_ADD_CARRY(r0, a3, r0, carry);
+        MP_ADD_CARRY(r1, a3, r1, carry);
+        MP_ADD_CARRY(r2, a4, r2, carry);
+        r3 = carry;
+        carry = 0;
+        MP_ADD_CARRY(r0, a5, r0, carry);
+        MP_ADD_CARRY(r1, a5, r1, carry);
+        MP_ADD_CARRY(r2, a5, r2, carry);
+        r3 += carry;
+        carry = 0;
+        MP_ADD_CARRY(r1, a4, r1, carry);
+        MP_ADD_CARRY(r2, 0, r2, carry);
+        r3 += carry;
+
+#else
+        r2 = MP_DIGIT(a, 2);
+        r1 = MP_DIGIT(a, 1);
+        r0 = MP_DIGIT(a, 0);
+
+        /* set the lower words of r */
+        __asm__(
+            "xorq   %3,%3           \n\t"
+            "addq   %4,%0           \n\t"
+            "adcq   %4,%1           \n\t"
+            "adcq   %5,%2           \n\t"
+            "adcq   $0,%3           \n\t"
+            "addq   %6,%0           \n\t"
+            "adcq   %6,%1           \n\t"
+            "adcq   %6,%2           \n\t"
+            "adcq   $0,%3           \n\t"
+            "addq   %5,%1           \n\t"
+            "adcq   $0,%2           \n\t"
+            "adcq   $0,%3           \n\t"
+            : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3),
+              "=r"(a4), "=r"(a5)
+            : "0"(r0), "1"(r1), "2"(r2), "3"(r3),
+              "4"(a3), "5"(a4), "6"(a5)
+            : "%cc");
+#endif
+
+        /* reduce out the carry */
+        while (r3) {
+#ifndef MPI_AMD64_ADD
+            carry = 0;
+            MP_ADD_CARRY(r0, r3, r0, carry);
+            MP_ADD_CARRY(r1, r3, r1, carry);
+            MP_ADD_CARRY(r2, 0, r2, carry);
+            r3 = carry;
+#else
+            a3 = r3;
+            __asm__(
+                "xorq   %3,%3           \n\t"
+                "addq   %4,%0           \n\t"
+                "adcq   %4,%1           \n\t"
+                "adcq   $0,%2           \n\t"
+                "adcq   $0,%3           \n\t"
+                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(a3)
+                : "0"(r0), "1"(r1), "2"(r2), "3"(r3), "4"(a3)
+                : "%cc");
+#endif
+        }
+
+        /* check for final reduction */
+        /*
+         * our field is 0xffffffffffffffff, 0xfffffffffffffffe,
+         * 0xffffffffffffffff. That means we can only be over and need
+         * one more reduction
+         *  if r2 == 0xffffffffffffffffff (same as r2+1 == 0)
+         *     and
+         *     r1 == 0xffffffffffffffffff   or
+         *     r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
+         * In all cases, we subtract the field (or add the 2's
+         * complement value (1,1,0)).  (r0, r1, r2)
+         */
+        if (r3 || ((r2 == MP_DIGIT_MAX) &&
+                   ((r1 == MP_DIGIT_MAX) ||
+                    ((r1 == (MP_DIGIT_MAX - 1)) && (r0 == MP_DIGIT_MAX))))) {
+            /* do a quick subtract */
+            carry = 0;
+            MP_ADD_CARRY(r0, 1, r0, carry);
+            r1 += 1 + carry;
+            r2 = 0;
+        }
+        /* set the lower words of r */
+        if (a != r) {
+            MP_CHECKOK(s_mp_pad(r, 3));
+        }
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+        MP_USED(r) = 3;
+#endif
+    }
+    s_mp_clamp(r);
+CLEANUP:
+    return res;
+}
+
+#ifndef ECL_THIRTY_TWO_BIT
+/* Compute the sum of 192 bit curves. Do the work in-line since the
+ * number of words are so small, we don't want to overhead of mp function
+ * calls.  Uses optimized modular reduction for p192.
+ */
+static mp_err
+ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit a0 = 0, a1 = 0, a2 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0;
+    mp_digit carry;
+
+    switch (MP_USED(a)) {
+        case 3:
+            a2 = MP_DIGIT(a, 2);
+        case 2:
+            a1 = MP_DIGIT(a, 1);
+        case 1:
+            a0 = MP_DIGIT(a, 0);
+    }
+    switch (MP_USED(b)) {
+        case 3:
+            r2 = MP_DIGIT(b, 2);
+        case 2:
+            r1 = MP_DIGIT(b, 1);
+        case 1:
+            r0 = MP_DIGIT(b, 0);
+    }
+
+#ifndef MPI_AMD64_ADD
+    carry = 0;
+    MP_ADD_CARRY(a0, r0, r0, carry);
+    MP_ADD_CARRY(a1, r1, r1, carry);
+    MP_ADD_CARRY(a2, r2, r2, carry);
+#else
+    __asm__(
+        "xorq   %3,%3           \n\t"
+        "addq   %4,%0           \n\t"
+        "adcq   %5,%1           \n\t"
+        "adcq   %6,%2           \n\t"
+        "adcq   $0,%3           \n\t"
+        : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
+        : "r"(a0), "r"(a1), "r"(a2), "0"(r0),
+          "1"(r1), "2"(r2)
+        : "%cc");
+#endif
+
+    /* Do quick 'subract' if we've gone over
+     * (add the 2's complement of the curve field) */
+    if (carry || ((r2 == MP_DIGIT_MAX) &&
+                  ((r1 == MP_DIGIT_MAX) ||
+                   ((r1 == (MP_DIGIT_MAX - 1)) && (r0 == MP_DIGIT_MAX))))) {
+#ifndef MPI_AMD64_ADD
+        carry = 0;
+        MP_ADD_CARRY(r0, 1, r0, carry);
+        MP_ADD_CARRY(r1, 1, r1, carry);
+        MP_ADD_CARRY(r2, 0, r2, carry);
+#else
+        __asm__(
+            "addq   $1,%0           \n\t"
+            "adcq   $1,%1           \n\t"
+            "adcq   $0,%2           \n\t"
+            : "=r"(r0), "=r"(r1), "=r"(r2)
+            : "0"(r0), "1"(r1), "2"(r2)
+            : "%cc");
+#endif
+    }
+
+    MP_CHECKOK(s_mp_pad(r, 3));
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 3;
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* Compute the diff of 192 bit curves. Do the work in-line since the
+ * number of words are so small, we don't want to overhead of mp function
+ * calls.  Uses optimized modular reduction for p192.
+ */
+static mp_err
+ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_digit b0 = 0, b1 = 0, b2 = 0;
+    mp_digit r0 = 0, r1 = 0, r2 = 0;
+    mp_digit borrow;
+
+    switch (MP_USED(a)) {
+        case 3:
+            r2 = MP_DIGIT(a, 2);
+        case 2:
+            r1 = MP_DIGIT(a, 1);
+        case 1:
+            r0 = MP_DIGIT(a, 0);
+    }
+
+    switch (MP_USED(b)) {
+        case 3:
+            b2 = MP_DIGIT(b, 2);
+        case 2:
+            b1 = MP_DIGIT(b, 1);
+        case 1:
+            b0 = MP_DIGIT(b, 0);
+    }
+
+#ifndef MPI_AMD64_ADD
+    borrow = 0;
+    MP_SUB_BORROW(r0, b0, r0, borrow);
+    MP_SUB_BORROW(r1, b1, r1, borrow);
+    MP_SUB_BORROW(r2, b2, r2, borrow);
+#else
+    __asm__(
+        "xorq   %3,%3           \n\t"
+        "subq   %4,%0           \n\t"
+        "sbbq   %5,%1           \n\t"
+        "sbbq   %6,%2           \n\t"
+        "adcq   $0,%3           \n\t"
+        : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(borrow)
+        : "r"(b0), "r"(b1), "r"(b2), "0"(r0),
+          "1"(r1), "2"(r2)
+        : "%cc");
+#endif
+
+    /* Do quick 'add' if we've gone under 0
+     * (subtract the 2's complement of the curve field) */
+    if (borrow) {
+#ifndef MPI_AMD64_ADD
+        borrow = 0;
+        MP_SUB_BORROW(r0, 1, r0, borrow);
+        MP_SUB_BORROW(r1, 1, r1, borrow);
+        MP_SUB_BORROW(r2, 0, r2, borrow);
+#else
+        __asm__(
+            "subq   $1,%0           \n\t"
+            "sbbq   $1,%1           \n\t"
+            "sbbq   $0,%2           \n\t"
+            : "=r"(r0), "=r"(r1), "=r"(r2)
+            : "0"(r0), "1"(r1), "2"(r2)
+            : "%cc");
+#endif
+    }
+
+    MP_CHECKOK(s_mp_pad(r, 3));
+    MP_DIGIT(r, 2) = r2;
+    MP_DIGIT(r, 1) = r1;
+    MP_DIGIT(r, 0) = r0;
+    MP_SIGN(r) = MP_ZPOS;
+    MP_USED(r) = 3;
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+#endif
+
+/* Compute the square of polynomial a, reduce modulo p192. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p192.
+ */
+static mp_err
+ec_GFp_nistp192_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_sqr(a, r));
+    MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p192.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p192. */
+static mp_err
+ec_GFp_nistp192_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_mul(a, b, r));
+    MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+static mp_err
+ec_GFp_nistp192_div(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_int t;
+
+    /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+    if (a == NULL) {
+        return mp_invmod(b, &meth->irr, r);
+    } else {
+        /* MPI doesn't support divmod, so we implement it using invmod and
+         * mulmod. */
+        MP_CHECKOK(mp_init(&t));
+        MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+        MP_CHECKOK(mp_mul(a, &t, r));
+        MP_CHECKOK(ec_GFp_nistp192_mod(r, r, meth));
+    CLEANUP:
+        mp_clear(&t);
+        return res;
+    }
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp192(ECGroup *group, ECCurveName name)
+{
+    if (name == ECCurve_NIST_P192) {
+        group->meth->field_mod = &ec_GFp_nistp192_mod;
+        group->meth->field_mul = &ec_GFp_nistp192_mul;
+        group->meth->field_sqr = &ec_GFp_nistp192_sqr;
+        group->meth->field_div = &ec_GFp_nistp192_div;
+#ifndef ECL_THIRTY_TWO_BIT
+        group->meth->field_add = &ec_GFp_nistp192_add;
+        group->meth->field_sub = &ec_GFp_nistp192_sub;
+#endif
+    }
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_224.c b/nss/lib/freebl/ecl/ecp_224.c
new file mode 100644
index 0000000..bd6e14b
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_224.c
@@ -0,0 +1,351 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+
+#define ECP224_DIGITS ECL_CURVE_DIGITS(224)
+
+/* Fast modular reduction for p224 = 2^224 - 2^96 + 1.  a can be r. Uses
+ * algorithm 7 from Brown, Hankerson, Lopez, Menezes. Software
+ * Implementation of the NIST Elliptic Curves over Prime Fields. */
+static mp_err
+ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_size a_used = MP_USED(a);
+
+    int r3b;
+    mp_digit carry;
+#ifdef ECL_THIRTY_TWO_BIT
+    mp_digit a6a = 0, a6b = 0,
+             a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3b = 0;
+    mp_digit r0a, r0b, r1a, r1b, r2a, r2b, r3a;
+#else
+    mp_digit a6 = 0, a5 = 0, a4 = 0, a3b = 0, a5a = 0;
+    mp_digit a6b = 0, a6a_a5b = 0, a5b = 0, a5a_a4b = 0, a4a_a3b = 0;
+    mp_digit r0, r1, r2, r3;
+#endif
+
+    /* reduction not needed if a is not larger than field size */
+    if (a_used < ECP224_DIGITS) {
+        if (a == r)
+            return MP_OKAY;
+        return mp_copy(a, r);
+    }
+    /* for polynomials larger than twice the field size, use regular
+     * reduction */
+    if (a_used > ECL_CURVE_DIGITS(224 * 2)) {
+        MP_CHECKOK(mp_mod(a, &meth->irr, r));
+    } else {
+#ifdef ECL_THIRTY_TWO_BIT
+        /* copy out upper words of a */
+        switch (a_used) {
+            case 14:
+                a6b = MP_DIGIT(a, 13);
+            case 13:
+                a6a = MP_DIGIT(a, 12);
+            case 12:
+                a5b = MP_DIGIT(a, 11);
+            case 11:
+                a5a = MP_DIGIT(a, 10);
+            case 10:
+                a4b = MP_DIGIT(a, 9);
+            case 9:
+                a4a = MP_DIGIT(a, 8);
+            case 8:
+                a3b = MP_DIGIT(a, 7);
+        }
+        r3a = MP_DIGIT(a, 6);
+        r2b = MP_DIGIT(a, 5);
+        r2a = MP_DIGIT(a, 4);
+        r1b = MP_DIGIT(a, 3);
+        r1a = MP_DIGIT(a, 2);
+        r0b = MP_DIGIT(a, 1);
+        r0a = MP_DIGIT(a, 0);
+
+        /* implement r = (a3a,a2,a1,a0)
+            +(a5a, a4,a3b,  0)
+            +(  0, a6,a5b,  0)
+            -(  0    0,    0|a6b, a6a|a5b )
+            -(  a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
+        carry = 0;
+        MP_ADD_CARRY(r1b, a3b, r1b, carry);
+        MP_ADD_CARRY(r2a, a4a, r2a, carry);
+        MP_ADD_CARRY(r2b, a4b, r2b, carry);
+        MP_ADD_CARRY(r3a, a5a, r3a, carry);
+        r3b = carry;
+        carry = 0;
+        MP_ADD_CARRY(r1b, a5b, r1b, carry);
+        MP_ADD_CARRY(r2a, a6a, r2a, carry);
+        MP_ADD_CARRY(r2b, a6b, r2b, carry);
+        MP_ADD_CARRY(r3a, 0, r3a, carry);
+        r3b += carry;
+        carry = 0;
+        MP_SUB_BORROW(r0a, a3b, r0a, carry);
+        MP_SUB_BORROW(r0b, a4a, r0b, carry);
+        MP_SUB_BORROW(r1a, a4b, r1a, carry);
+        MP_SUB_BORROW(r1b, a5a, r1b, carry);
+        MP_SUB_BORROW(r2a, a5b, r2a, carry);
+        MP_SUB_BORROW(r2b, a6a, r2b, carry);
+        MP_SUB_BORROW(r3a, a6b, r3a, carry);
+        r3b -= carry;
+        carry = 0;
+        MP_SUB_BORROW(r0a, a5b, r0a, carry);
+        MP_SUB_BORROW(r0b, a6a, r0b, carry);
+        MP_SUB_BORROW(r1a, a6b, r1a, carry);
+        if (carry) {
+            MP_SUB_BORROW(r1b, 0, r1b, carry);
+            MP_SUB_BORROW(r2a, 0, r2a, carry);
+            MP_SUB_BORROW(r2b, 0, r2b, carry);
+            MP_SUB_BORROW(r3a, 0, r3a, carry);
+            r3b -= carry;
+        }
+
+        while (r3b > 0) {
+            int tmp;
+            carry = 0;
+            MP_ADD_CARRY(r1b, r3b, r1b, carry);
+            if (carry) {
+                MP_ADD_CARRY(r2a, 0, r2a, carry);
+                MP_ADD_CARRY(r2b, 0, r2b, carry);
+                MP_ADD_CARRY(r3a, 0, r3a, carry);
+            }
+            tmp = carry;
+            carry = 0;
+            MP_SUB_BORROW(r0a, r3b, r0a, carry);
+            if (carry) {
+                MP_SUB_BORROW(r0b, 0, r0b, carry);
+                MP_SUB_BORROW(r1a, 0, r1a, carry);
+                MP_SUB_BORROW(r1b, 0, r1b, carry);
+                MP_SUB_BORROW(r2a, 0, r2a, carry);
+                MP_SUB_BORROW(r2b, 0, r2b, carry);
+                MP_SUB_BORROW(r3a, 0, r3a, carry);
+                tmp -= carry;
+            }
+            r3b = tmp;
+        }
+
+        while (r3b < 0) {
+            mp_digit maxInt = MP_DIGIT_MAX;
+            carry = 0;
+            MP_ADD_CARRY(r0a, 1, r0a, carry);
+            MP_ADD_CARRY(r0b, 0, r0b, carry);
+            MP_ADD_CARRY(r1a, 0, r1a, carry);
+            MP_ADD_CARRY(r1b, maxInt, r1b, carry);
+            MP_ADD_CARRY(r2a, maxInt, r2a, carry);
+            MP_ADD_CARRY(r2b, maxInt, r2b, carry);
+            MP_ADD_CARRY(r3a, maxInt, r3a, carry);
+            r3b += carry;
+        }
+        /* check for final reduction */
+        /* now the only way we are over is if the top 4 words are all ones */
+        if ((r3a == MP_DIGIT_MAX) && (r2b == MP_DIGIT_MAX) && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) &&
+            ((r1a != 0) || (r0b != 0) || (r0a != 0))) {
+            /* one last subraction */
+            carry = 0;
+            MP_SUB_BORROW(r0a, 1, r0a, carry);
+            MP_SUB_BORROW(r0b, 0, r0b, carry);
+            MP_SUB_BORROW(r1a, 0, r1a, carry);
+            r1b = r2a = r2b = r3a = 0;
+        }
+
+        if (a != r) {
+            MP_CHECKOK(s_mp_pad(r, 7));
+        }
+        /* set the lower words of r */
+        MP_SIGN(r) = MP_ZPOS;
+        MP_USED(r) = 7;
+        MP_DIGIT(r, 6) = r3a;
+        MP_DIGIT(r, 5) = r2b;
+        MP_DIGIT(r, 4) = r2a;
+        MP_DIGIT(r, 3) = r1b;
+        MP_DIGIT(r, 2) = r1a;
+        MP_DIGIT(r, 1) = r0b;
+        MP_DIGIT(r, 0) = r0a;
+#else
+        /* copy out upper words of a */
+        switch (a_used) {
+            case 7:
+                a6 = MP_DIGIT(a, 6);
+                a6b = a6 >> 32;
+                a6a_a5b = a6 << 32;
+            case 6:
+                a5 = MP_DIGIT(a, 5);
+                a5b = a5 >> 32;
+                a6a_a5b |= a5b;
+                a5b = a5b << 32;
+                a5a_a4b = a5 << 32;
+                a5a = a5 & 0xffffffff;
+            case 5:
+                a4 = MP_DIGIT(a, 4);
+                a5a_a4b |= a4 >> 32;
+                a4a_a3b = a4 << 32;
+            case 4:
+                a3b = MP_DIGIT(a, 3) >> 32;
+                a4a_a3b |= a3b;
+                a3b = a3b << 32;
+        }
+
+        r3 = MP_DIGIT(a, 3) & 0xffffffff;
+        r2 = MP_DIGIT(a, 2);
+        r1 = MP_DIGIT(a, 1);
+        r0 = MP_DIGIT(a, 0);
+
+        /* implement r = (a3a,a2,a1,a0)
+            +(a5a, a4,a3b,  0)
+            +(  0, a6,a5b,  0)
+            -(  0    0,    0|a6b, a6a|a5b )
+            -(  a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
+        carry = 0;
+        MP_ADD_CARRY(r1, a3b, r1, carry);
+        MP_ADD_CARRY(r2, a4, r2, carry);
+        MP_ADD_CARRY(r3, a5a, r3, carry);
+        carry = 0;
+        MP_ADD_CARRY(r1, a5b, r1, carry);
+        MP_ADD_CARRY(r2, a6, r2, carry);
+        MP_ADD_CARRY(r3, 0, r3, carry);
+
+        carry = 0;
+        MP_SUB_BORROW(r0, a4a_a3b, r0, carry);
+        MP_SUB_BORROW(r1, a5a_a4b, r1, carry);
+        MP_SUB_BORROW(r2, a6a_a5b, r2, carry);
+        MP_SUB_BORROW(r3, a6b, r3, carry);
+        carry = 0;
+        MP_SUB_BORROW(r0, a6a_a5b, r0, carry);
+        MP_SUB_BORROW(r1, a6b, r1, carry);
+        if (carry) {
+            MP_SUB_BORROW(r2, 0, r2, carry);
+            MP_SUB_BORROW(r3, 0, r3, carry);
+        }
+
+        /* if the value is negative, r3 has a 2's complement
+         * high value */
+        r3b = (int)(r3 >> 32);
+        while (r3b > 0) {
+            r3 &= 0xffffffff;
+            carry = 0;
+            MP_ADD_CARRY(r1, ((mp_digit)r3b) << 32, r1, carry);
+            if (carry) {
+                MP_ADD_CARRY(r2, 0, r2, carry);
+                MP_ADD_CARRY(r3, 0, r3, carry);
+            }
+            carry = 0;
+            MP_SUB_BORROW(r0, r3b, r0, carry);
+            if (carry) {
+                MP_SUB_BORROW(r1, 0, r1, carry);
+                MP_SUB_BORROW(r2, 0, r2, carry);
+                MP_SUB_BORROW(r3, 0, r3, carry);
+            }
+            r3b = (int)(r3 >> 32);
+        }
+
+        while (r3b < 0) {
+            carry = 0;
+            MP_ADD_CARRY(r0, 1, r0, carry);
+            MP_ADD_CARRY(r1, MP_DIGIT_MAX << 32, r1, carry);
+            MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry);
+            MP_ADD_CARRY(r3, MP_DIGIT_MAX >> 32, r3, carry);
+            r3b = (int)(r3 >> 32);
+        }
+        /* check for final reduction */
+        /* now the only way we are over is if the top 4 words are
+         * all ones. Subtract the curve. (curve is 2^224 - 2^96 +1)
+         */
+        if ((r3 == (MP_DIGIT_MAX >> 32)) && (r2 == MP_DIGIT_MAX) && ((r1 & MP_DIGIT_MAX << 32) == MP_DIGIT_MAX << 32) &&
+            ((r1 != MP_DIGIT_MAX << 32) || (r0 != 0))) {
+            /* one last subraction */
+            carry = 0;
+            MP_SUB_BORROW(r0, 1, r0, carry);
+            MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry);
+            r2 = r3 = 0;
+        }
+
+        if (a != r) {
+            MP_CHECKOK(s_mp_pad(r, 4));
+        }
+        /* set the lower words of r */
+        MP_SIGN(r) = MP_ZPOS;
+        MP_USED(r) = 4;
+        MP_DIGIT(r, 3) = r3;
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+#endif
+    }
+    s_mp_clamp(r);
+
+CLEANUP:
+    return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p224. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p224.
+ */
+static mp_err
+ec_GFp_nistp224_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_sqr(a, r));
+    MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p224.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p224. */
+static mp_err
+ec_GFp_nistp224_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_mul(a, b, r));
+    MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+static mp_err
+ec_GFp_nistp224_div(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_int t;
+
+    /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+    if (a == NULL) {
+        return mp_invmod(b, &meth->irr, r);
+    } else {
+        /* MPI doesn't support divmod, so we implement it using invmod and
+         * mulmod. */
+        MP_CHECKOK(mp_init(&t));
+        MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+        MP_CHECKOK(mp_mul(a, &t, r));
+        MP_CHECKOK(ec_GFp_nistp224_mod(r, r, meth));
+    CLEANUP:
+        mp_clear(&t);
+        return res;
+    }
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp224(ECGroup *group, ECCurveName name)
+{
+    if (name == ECCurve_NIST_P224) {
+        group->meth->field_mod = &ec_GFp_nistp224_mod;
+        group->meth->field_mul = &ec_GFp_nistp224_mul;
+        group->meth->field_sqr = &ec_GFp_nistp224_sqr;
+        group->meth->field_div = &ec_GFp_nistp224_div;
+    }
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_25519.c b/nss/lib/freebl/ecl/ecp_25519.c
new file mode 100644
index 0000000..1e7875f
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_25519.c
@@ -0,0 +1,119 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* curve 25519 https://www.rfc-editor.org/rfc/rfc7748.txt */
+
+#ifdef FREEBL_NO_DEPEND
+#include "../stubs.h"
+#endif
+
+#include "ecl-priv.h"
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include "secmpi.h"
+#include "secitem.h"
+#include "secport.h"
+#include <stdlib.h>
+#include <stdio.h>
+
+/*
+ * point validation is not necessary in general. But this checks a point (px)
+ * against some known bad values.
+ */
+SECStatus
+ec_Curve25519_pt_validate(const SECItem *px)
+{
+    PRUint8 *p;
+    int i;
+    PRUint8 forbiddenValues[12][32] = {
+        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+        { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+        { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae,
+          0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a,
+          0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd,
+          0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 },
+        { 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24,
+          0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b,
+          0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86,
+          0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 },
+        { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
+        { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
+        { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
+        { 0xcd, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae,
+          0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a,
+          0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd,
+          0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80 },
+        { 0x4c, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24,
+          0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b,
+          0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86,
+          0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7 },
+        { 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
+        { 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
+        { 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+          0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
+    };
+
+    if (px->len == 32) {
+        p = px->data;
+    } else {
+        return SECFailure;
+    }
+
+    for (i = 0; i < PR_ARRAY_SIZE(forbiddenValues); ++i) {
+        if (NSS_SecureMemcmp(p, forbiddenValues[i], px->len) == 0) {
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Scalar multiplication for Curve25519.
+ * If P == NULL, the base point is used.
+ * Returns X = k*P
+ */
+SECStatus
+ec_Curve25519_pt_mul(SECItem *X, SECItem *k, SECItem *P)
+{
+    PRUint8 *px;
+    PRUint8 basePoint[32] = { 9 };
+
+    if (!P) {
+        px = basePoint;
+    } else {
+        PORT_Assert(P->len == 32);
+        if (P->len != 32) {
+            return SECFailure;
+        }
+        px = P->data;
+    }
+
+    return ec_Curve25519_mul(X->data, k->data, px);
+}
diff --git a/nss/lib/freebl/ecl/ecp_256.c b/nss/lib/freebl/ecl/ecp_256.c
new file mode 100644
index 0000000..ad4e630
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_256.c
@@ -0,0 +1,401 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+
+/* Fast modular reduction for p256 = 2^256 - 2^224 + 2^192+ 2^96 - 1.  a can be r.
+ * Uses algorithm 2.29 from Hankerson, Menezes, Vanstone. Guide to
+ * Elliptic Curve Cryptography. */
+static mp_err
+ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_size a_used = MP_USED(a);
+    int a_bits = mpl_significant_bits(a);
+    mp_digit carry;
+
+#ifdef ECL_THIRTY_TWO_BIT
+    mp_digit a8 = 0, a9 = 0, a10 = 0, a11 = 0, a12 = 0, a13 = 0, a14 = 0, a15 = 0;
+    mp_digit r0, r1, r2, r3, r4, r5, r6, r7;
+    int r8; /* must be a signed value ! */
+#else
+    mp_digit a4 = 0, a5 = 0, a6 = 0, a7 = 0;
+    mp_digit a4h, a4l, a5h, a5l, a6h, a6l, a7h, a7l;
+    mp_digit r0, r1, r2, r3;
+    int r4; /* must be a signed value ! */
+#endif
+    /* for polynomials larger than twice the field size
+     * use regular reduction */
+    if (a_bits < 256) {
+        if (a == r)
+            return MP_OKAY;
+        return mp_copy(a, r);
+    }
+    if (a_bits > 512) {
+        MP_CHECKOK(mp_mod(a, &meth->irr, r));
+    } else {
+
+#ifdef ECL_THIRTY_TWO_BIT
+        switch (a_used) {
+            case 16:
+                a15 = MP_DIGIT(a, 15);
+            case 15:
+                a14 = MP_DIGIT(a, 14);
+            case 14:
+                a13 = MP_DIGIT(a, 13);
+            case 13:
+                a12 = MP_DIGIT(a, 12);
+            case 12:
+                a11 = MP_DIGIT(a, 11);
+            case 11:
+                a10 = MP_DIGIT(a, 10);
+            case 10:
+                a9 = MP_DIGIT(a, 9);
+            case 9:
+                a8 = MP_DIGIT(a, 8);
+        }
+
+        r0 = MP_DIGIT(a, 0);
+        r1 = MP_DIGIT(a, 1);
+        r2 = MP_DIGIT(a, 2);
+        r3 = MP_DIGIT(a, 3);
+        r4 = MP_DIGIT(a, 4);
+        r5 = MP_DIGIT(a, 5);
+        r6 = MP_DIGIT(a, 6);
+        r7 = MP_DIGIT(a, 7);
+
+        /* sum 1 */
+        carry = 0;
+        MP_ADD_CARRY(r3, a11, r3, carry);
+        MP_ADD_CARRY(r4, a12, r4, carry);
+        MP_ADD_CARRY(r5, a13, r5, carry);
+        MP_ADD_CARRY(r6, a14, r6, carry);
+        MP_ADD_CARRY(r7, a15, r7, carry);
+        r8 = carry;
+        carry = 0;
+        MP_ADD_CARRY(r3, a11, r3, carry);
+        MP_ADD_CARRY(r4, a12, r4, carry);
+        MP_ADD_CARRY(r5, a13, r5, carry);
+        MP_ADD_CARRY(r6, a14, r6, carry);
+        MP_ADD_CARRY(r7, a15, r7, carry);
+        r8 += carry;
+        carry = 0;
+        /* sum 2 */
+        MP_ADD_CARRY(r3, a12, r3, carry);
+        MP_ADD_CARRY(r4, a13, r4, carry);
+        MP_ADD_CARRY(r5, a14, r5, carry);
+        MP_ADD_CARRY(r6, a15, r6, carry);
+        MP_ADD_CARRY(r7, 0, r7, carry);
+        r8 += carry;
+        carry = 0;
+        /* combine last bottom of sum 3 with second sum 2 */
+        MP_ADD_CARRY(r0, a8, r0, carry);
+        MP_ADD_CARRY(r1, a9, r1, carry);
+        MP_ADD_CARRY(r2, a10, r2, carry);
+        MP_ADD_CARRY(r3, a12, r3, carry);
+        MP_ADD_CARRY(r4, a13, r4, carry);
+        MP_ADD_CARRY(r5, a14, r5, carry);
+        MP_ADD_CARRY(r6, a15, r6, carry);
+        MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */
+        r8 += carry;
+        carry = 0;
+        /* sum 3 (rest of it)*/
+        MP_ADD_CARRY(r6, a14, r6, carry);
+        MP_ADD_CARRY(r7, 0, r7, carry);
+        r8 += carry;
+        carry = 0;
+        /* sum 4 (rest of it)*/
+        MP_ADD_CARRY(r0, a9, r0, carry);
+        MP_ADD_CARRY(r1, a10, r1, carry);
+        MP_ADD_CARRY(r2, a11, r2, carry);
+        MP_ADD_CARRY(r3, a13, r3, carry);
+        MP_ADD_CARRY(r4, a14, r4, carry);
+        MP_ADD_CARRY(r5, a15, r5, carry);
+        MP_ADD_CARRY(r6, a13, r6, carry);
+        MP_ADD_CARRY(r7, a8, r7, carry);
+        r8 += carry;
+        carry = 0;
+        /* diff 5 */
+        MP_SUB_BORROW(r0, a11, r0, carry);
+        MP_SUB_BORROW(r1, a12, r1, carry);
+        MP_SUB_BORROW(r2, a13, r2, carry);
+        MP_SUB_BORROW(r3, 0, r3, carry);
+        MP_SUB_BORROW(r4, 0, r4, carry);
+        MP_SUB_BORROW(r5, 0, r5, carry);
+        MP_SUB_BORROW(r6, a8, r6, carry);
+        MP_SUB_BORROW(r7, a10, r7, carry);
+        r8 -= carry;
+        carry = 0;
+        /* diff 6 */
+        MP_SUB_BORROW(r0, a12, r0, carry);
+        MP_SUB_BORROW(r1, a13, r1, carry);
+        MP_SUB_BORROW(r2, a14, r2, carry);
+        MP_SUB_BORROW(r3, a15, r3, carry);
+        MP_SUB_BORROW(r4, 0, r4, carry);
+        MP_SUB_BORROW(r5, 0, r5, carry);
+        MP_SUB_BORROW(r6, a9, r6, carry);
+        MP_SUB_BORROW(r7, a11, r7, carry);
+        r8 -= carry;
+        carry = 0;
+        /* diff 7 */
+        MP_SUB_BORROW(r0, a13, r0, carry);
+        MP_SUB_BORROW(r1, a14, r1, carry);
+        MP_SUB_BORROW(r2, a15, r2, carry);
+        MP_SUB_BORROW(r3, a8, r3, carry);
+        MP_SUB_BORROW(r4, a9, r4, carry);
+        MP_SUB_BORROW(r5, a10, r5, carry);
+        MP_SUB_BORROW(r6, 0, r6, carry);
+        MP_SUB_BORROW(r7, a12, r7, carry);
+        r8 -= carry;
+        carry = 0;
+        /* diff 8 */
+        MP_SUB_BORROW(r0, a14, r0, carry);
+        MP_SUB_BORROW(r1, a15, r1, carry);
+        MP_SUB_BORROW(r2, 0, r2, carry);
+        MP_SUB_BORROW(r3, a9, r3, carry);
+        MP_SUB_BORROW(r4, a10, r4, carry);
+        MP_SUB_BORROW(r5, a11, r5, carry);
+        MP_SUB_BORROW(r6, 0, r6, carry);
+        MP_SUB_BORROW(r7, a13, r7, carry);
+        r8 -= carry;
+
+        /* reduce the overflows */
+        while (r8 > 0) {
+            mp_digit r8_d = r8;
+            carry = 0;
+            MP_ADD_CARRY(r0, r8_d, r0, carry);
+            MP_ADD_CARRY(r1, 0, r1, carry);
+            MP_ADD_CARRY(r2, 0, r2, carry);
+            MP_ADD_CARRY(r3, 0 - r8_d, r3, carry);
+            MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry);
+            MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry);
+            MP_ADD_CARRY(r6, 0 - (r8_d + 1), r6, carry);
+            MP_ADD_CARRY(r7, (r8_d - 1), r7, carry);
+            r8 = carry;
+        }
+
+        /* reduce the underflows */
+        while (r8 < 0) {
+            mp_digit r8_d = -r8;
+            carry = 0;
+            MP_SUB_BORROW(r0, r8_d, r0, carry);
+            MP_SUB_BORROW(r1, 0, r1, carry);
+            MP_SUB_BORROW(r2, 0, r2, carry);
+            MP_SUB_BORROW(r3, 0 - r8_d, r3, carry);
+            MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry);
+            MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry);
+            MP_SUB_BORROW(r6, 0 - (r8_d + 1), r6, carry);
+            MP_SUB_BORROW(r7, (r8_d - 1), r7, carry);
+            r8 = 0 - carry;
+        }
+        if (a != r) {
+            MP_CHECKOK(s_mp_pad(r, 8));
+        }
+        MP_SIGN(r) = MP_ZPOS;
+        MP_USED(r) = 8;
+
+        MP_DIGIT(r, 7) = r7;
+        MP_DIGIT(r, 6) = r6;
+        MP_DIGIT(r, 5) = r5;
+        MP_DIGIT(r, 4) = r4;
+        MP_DIGIT(r, 3) = r3;
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+
+        /* final reduction if necessary */
+        if ((r7 == MP_DIGIT_MAX) &&
+            ((r6 > 1) || ((r6 == 1) &&
+                          (r5 || r4 || r3 ||
+                           ((r2 == MP_DIGIT_MAX) && (r1 == MP_DIGIT_MAX) && (r0 == MP_DIGIT_MAX)))))) {
+            MP_CHECKOK(mp_sub(r, &meth->irr, r));
+        }
+
+        s_mp_clamp(r);
+#else
+        switch (a_used) {
+            case 8:
+                a7 = MP_DIGIT(a, 7);
+            case 7:
+                a6 = MP_DIGIT(a, 6);
+            case 6:
+                a5 = MP_DIGIT(a, 5);
+            case 5:
+                a4 = MP_DIGIT(a, 4);
+        }
+        a7l = a7 << 32;
+        a7h = a7 >> 32;
+        a6l = a6 << 32;
+        a6h = a6 >> 32;
+        a5l = a5 << 32;
+        a5h = a5 >> 32;
+        a4l = a4 << 32;
+        a4h = a4 >> 32;
+        r3 = MP_DIGIT(a, 3);
+        r2 = MP_DIGIT(a, 2);
+        r1 = MP_DIGIT(a, 1);
+        r0 = MP_DIGIT(a, 0);
+
+        /* sum 1 */
+        carry = 0;
+        MP_ADD_CARRY(r1, a5h << 32, r1, carry);
+        MP_ADD_CARRY(r2, a6, r2, carry);
+        MP_ADD_CARRY(r3, a7, r3, carry);
+        r4 = carry;
+        carry = 0;
+        MP_ADD_CARRY(r1, a5h << 32, r1, carry);
+        MP_ADD_CARRY(r2, a6, r2, carry);
+        MP_ADD_CARRY(r3, a7, r3, carry);
+        r4 += carry;
+        /* sum 2 */
+        carry = 0;
+        MP_ADD_CARRY(r1, a6l, r1, carry);
+        MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
+        MP_ADD_CARRY(r3, a7h, r3, carry);
+        r4 += carry;
+        carry = 0;
+        MP_ADD_CARRY(r1, a6l, r1, carry);
+        MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
+        MP_ADD_CARRY(r3, a7h, r3, carry);
+        r4 += carry;
+
+        /* sum 3 */
+        carry = 0;
+        MP_ADD_CARRY(r0, a4, r0, carry);
+        MP_ADD_CARRY(r1, a5l >> 32, r1, carry);
+        MP_ADD_CARRY(r2, 0, r2, carry);
+        MP_ADD_CARRY(r3, a7, r3, carry);
+        r4 += carry;
+        /* sum 4 */
+        carry = 0;
+        MP_ADD_CARRY(r0, a4h | a5l, r0, carry);
+        MP_ADD_CARRY(r1, a5h | (a6h << 32), r1, carry);
+        MP_ADD_CARRY(r2, a7, r2, carry);
+        MP_ADD_CARRY(r3, a6h | a4l, r3, carry);
+        r4 += carry;
+        /* diff 5 */
+        carry = 0;
+        MP_SUB_BORROW(r0, a5h | a6l, r0, carry);
+        MP_SUB_BORROW(r1, a6h, r1, carry);
+        MP_SUB_BORROW(r2, 0, r2, carry);
+        MP_SUB_BORROW(r3, (a4l >> 32) | a5l, r3, carry);
+        r4 -= carry;
+        /* diff 6 */
+        carry = 0;
+        MP_SUB_BORROW(r0, a6, r0, carry);
+        MP_SUB_BORROW(r1, a7, r1, carry);
+        MP_SUB_BORROW(r2, 0, r2, carry);
+        MP_SUB_BORROW(r3, a4h | (a5h << 32), r3, carry);
+        r4 -= carry;
+        /* diff 7 */
+        carry = 0;
+        MP_SUB_BORROW(r0, a6h | a7l, r0, carry);
+        MP_SUB_BORROW(r1, a7h | a4l, r1, carry);
+        MP_SUB_BORROW(r2, a4h | a5l, r2, carry);
+        MP_SUB_BORROW(r3, a6l, r3, carry);
+        r4 -= carry;
+        /* diff 8 */
+        carry = 0;
+        MP_SUB_BORROW(r0, a7, r0, carry);
+        MP_SUB_BORROW(r1, a4h << 32, r1, carry);
+        MP_SUB_BORROW(r2, a5, r2, carry);
+        MP_SUB_BORROW(r3, a6h << 32, r3, carry);
+        r4 -= carry;
+
+        /* reduce the overflows */
+        while (r4 > 0) {
+            mp_digit r4_long = r4;
+            mp_digit r4l = (r4_long << 32);
+            carry = 0;
+            MP_ADD_CARRY(r0, r4_long, r0, carry);
+            MP_ADD_CARRY(r1, 0 - r4l, r1, carry);
+            MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry);
+            MP_ADD_CARRY(r3, r4l - r4_long - 1, r3, carry);
+            r4 = carry;
+        }
+
+        /* reduce the underflows */
+        while (r4 < 0) {
+            mp_digit r4_long = -r4;
+            mp_digit r4l = (r4_long << 32);
+            carry = 0;
+            MP_SUB_BORROW(r0, r4_long, r0, carry);
+            MP_SUB_BORROW(r1, 0 - r4l, r1, carry);
+            MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry);
+            MP_SUB_BORROW(r3, r4l - r4_long - 1, r3, carry);
+            r4 = 0 - carry;
+        }
+
+        if (a != r) {
+            MP_CHECKOK(s_mp_pad(r, 4));
+        }
+        MP_SIGN(r) = MP_ZPOS;
+        MP_USED(r) = 4;
+
+        MP_DIGIT(r, 3) = r3;
+        MP_DIGIT(r, 2) = r2;
+        MP_DIGIT(r, 1) = r1;
+        MP_DIGIT(r, 0) = r0;
+
+        /* final reduction if necessary */
+        if ((r3 > 0xFFFFFFFF00000001ULL) ||
+            ((r3 == 0xFFFFFFFF00000001ULL) &&
+             (r2 || (r1 >> 32) ||
+              (r1 == 0xFFFFFFFFULL && r0 == MP_DIGIT_MAX)))) {
+            /* very rare, just use mp_sub */
+            MP_CHECKOK(mp_sub(r, &meth->irr, r));
+        }
+
+        s_mp_clamp(r);
+#endif
+    }
+
+CLEANUP:
+    return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p256. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p256.
+ */
+static mp_err
+ec_GFp_nistp256_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_sqr(a, r));
+    MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p256.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p256. */
+static mp_err
+ec_GFp_nistp256_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_mul(a, b, r));
+    MP_CHECKOK(ec_GFp_nistp256_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp256(ECGroup *group, ECCurveName name)
+{
+    if (name == ECCurve_NIST_P256) {
+        group->meth->field_mod = &ec_GFp_nistp256_mod;
+        group->meth->field_mul = &ec_GFp_nistp256_mul;
+        group->meth->field_sqr = &ec_GFp_nistp256_sqr;
+    }
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_256_32.c b/nss/lib/freebl/ecl/ecp_256_32.c
new file mode 100644
index 0000000..515f6f7
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_256_32.c
@@ -0,0 +1,1535 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* A 32-bit implementation of the NIST P-256 elliptic curve. */
+
+#include <string.h>
+
+#include "prtypes.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include "ecp.h"
+
+typedef PRUint8 u8;
+typedef PRUint32 u32;
+typedef PRUint64 u64;
+
+/* Our field elements are represented as nine, unsigned 32-bit words. Freebl's
+ * MPI library calls them digits, but here they are called limbs, which is
+ * GMP's terminology.
+ *
+ * The value of an felem (field element) is:
+ *   x[0] + (x[1] * 2**29) + (x[2] * 2**57) + ... + (x[8] * 2**228)
+ *
+ * That is, each limb is alternately 29 or 28-bits wide in little-endian
+ * order.
+ *
+ * This means that an felem hits 2**257, rather than 2**256 as we would like. A
+ * 28, 29, ... pattern would cause us to hit 2**256, but that causes problems
+ * when multiplying as terms end up one bit short of a limb which would require
+ * much bit-shifting to correct.
+ *
+ * Finally, the values stored in an felem are in Montgomery form. So the value
+ * |y| is stored as (y*R) mod p, where p is the P-256 prime and R is 2**257.
+ */
+typedef u32 limb;
+#define NLIMBS 9
+typedef limb felem[NLIMBS];
+
+static const limb kBottom28Bits = 0xfffffff;
+static const limb kBottom29Bits = 0x1fffffff;
+
+/* kOne is the number 1 as an felem. It's 2**257 mod p split up into 29 and
+ * 28-bit words.
+ */
+static const felem kOne = {
+    2, 0, 0, 0xffff800,
+    0x1fffffff, 0xfffffff, 0x1fbfffff, 0x1ffffff,
+    0
+};
+static const felem kZero = { 0 };
+static const felem kP = {
+    0x1fffffff, 0xfffffff, 0x1fffffff, 0x3ff,
+    0, 0, 0x200000, 0xf000000,
+    0xfffffff
+};
+static const felem k2P = {
+    0x1ffffffe, 0xfffffff, 0x1fffffff, 0x7ff,
+    0, 0, 0x400000, 0xe000000,
+    0x1fffffff
+};
+
+/* kPrecomputed contains precomputed values to aid the calculation of scalar
+ * multiples of the base point, G. It's actually two, equal length, tables
+ * concatenated.
+ *
+ * The first table contains (x,y) felem pairs for 16 multiples of the base
+ * point, G.
+ *
+ *   Index  |  Index (binary) | Value
+ *       0  |           0000  | 0G (all zeros, omitted)
+ *       1  |           0001  | G
+ *       2  |           0010  | 2**64G
+ *       3  |           0011  | 2**64G + G
+ *       4  |           0100  | 2**128G
+ *       5  |           0101  | 2**128G + G
+ *       6  |           0110  | 2**128G + 2**64G
+ *       7  |           0111  | 2**128G + 2**64G + G
+ *       8  |           1000  | 2**192G
+ *       9  |           1001  | 2**192G + G
+ *      10  |           1010  | 2**192G + 2**64G
+ *      11  |           1011  | 2**192G + 2**64G + G
+ *      12  |           1100  | 2**192G + 2**128G
+ *      13  |           1101  | 2**192G + 2**128G + G
+ *      14  |           1110  | 2**192G + 2**128G + 2**64G
+ *      15  |           1111  | 2**192G + 2**128G + 2**64G + G
+ *
+ * The second table follows the same style, but the terms are 2**32G,
+ * 2**96G, 2**160G, 2**224G.
+ *
+ * This is ~2KB of data.
+ */
+static const limb kPrecomputed[NLIMBS * 2 * 15 * 2] = {
+    0x11522878, 0xe730d41, 0xdb60179, 0x4afe2ff, 0x12883add, 0xcaddd88, 0x119e7edc, 0xd4a6eab, 0x3120bee,
+    0x1d2aac15, 0xf25357c, 0x19e45cdd, 0x5c721d0, 0x1992c5a5, 0xa237487, 0x154ba21, 0x14b10bb, 0xae3fe3,
+    0xd41a576, 0x922fc51, 0x234994f, 0x60b60d3, 0x164586ae, 0xce95f18, 0x1fe49073, 0x3fa36cc, 0x5ebcd2c,
+    0xb402f2f, 0x15c70bf, 0x1561925c, 0x5a26704, 0xda91e90, 0xcdc1c7f, 0x1ea12446, 0xe1ade1e, 0xec91f22,
+    0x26f7778, 0x566847e, 0xa0bec9e, 0x234f453, 0x1a31f21a, 0xd85e75c, 0x56c7109, 0xa267a00, 0xb57c050,
+    0x98fb57, 0xaa837cc, 0x60c0792, 0xcfa5e19, 0x61bab9e, 0x589e39b, 0xa324c5, 0x7d6dee7, 0x2976e4b,
+    0x1fc4124a, 0xa8c244b, 0x1ce86762, 0xcd61c7e, 0x1831c8e0, 0x75774e1, 0x1d96a5a9, 0x843a649, 0xc3ab0fa,
+    0x6e2e7d5, 0x7673a2a, 0x178b65e8, 0x4003e9b, 0x1a1f11c2, 0x7816ea, 0xf643e11, 0x58c43df, 0xf423fc2,
+    0x19633ffa, 0x891f2b2, 0x123c231c, 0x46add8c, 0x54700dd, 0x59e2b17, 0x172db40f, 0x83e277d, 0xb0dd609,
+    0xfd1da12, 0x35c6e52, 0x19ede20c, 0xd19e0c0, 0x97d0f40, 0xb015b19, 0x449e3f5, 0xe10c9e, 0x33ab581,
+    0x56a67ab, 0x577734d, 0x1dddc062, 0xc57b10d, 0x149b39d, 0x26a9e7b, 0xc35df9f, 0x48764cd, 0x76dbcca,
+    0xca4b366, 0xe9303ab, 0x1a7480e7, 0x57e9e81, 0x1e13eb50, 0xf466cf3, 0x6f16b20, 0x4ba3173, 0xc168c33,
+    0x15cb5439, 0x6a38e11, 0x73658bd, 0xb29564f, 0x3f6dc5b, 0x53b97e, 0x1322c4c0, 0x65dd7ff, 0x3a1e4f6,
+    0x14e614aa, 0x9246317, 0x1bc83aca, 0xad97eed, 0xd38ce4a, 0xf82b006, 0x341f077, 0xa6add89, 0x4894acd,
+    0x9f162d5, 0xf8410ef, 0x1b266a56, 0xd7f223, 0x3e0cb92, 0xe39b672, 0x6a2901a, 0x69a8556, 0x7e7c0,
+    0x9b7d8d3, 0x309a80, 0x1ad05f7f, 0xc2fb5dd, 0xcbfd41d, 0x9ceb638, 0x1051825c, 0xda0cf5b, 0x812e881,
+    0x6f35669, 0x6a56f2c, 0x1df8d184, 0x345820, 0x1477d477, 0x1645db1, 0xbe80c51, 0xc22be3e, 0xe35e65a,
+    0x1aeb7aa0, 0xc375315, 0xf67bc99, 0x7fdd7b9, 0x191fc1be, 0x61235d, 0x2c184e9, 0x1c5a839, 0x47a1e26,
+    0xb7cb456, 0x93e225d, 0x14f3c6ed, 0xccc1ac9, 0x17fe37f3, 0x4988989, 0x1a90c502, 0x2f32042, 0xa17769b,
+    0xafd8c7c, 0x8191c6e, 0x1dcdb237, 0x16200c0, 0x107b32a1, 0x66c08db, 0x10d06a02, 0x3fc93, 0x5620023,
+    0x16722b27, 0x68b5c59, 0x270fcfc, 0xfad0ecc, 0xe5de1c2, 0xeab466b, 0x2fc513c, 0x407f75c, 0xbaab133,
+    0x9705fe9, 0xb88b8e7, 0x734c993, 0x1e1ff8f, 0x19156970, 0xabd0f00, 0x10469ea7, 0x3293ac0, 0xcdc98aa,
+    0x1d843fd, 0xe14bfe8, 0x15be825f, 0x8b5212, 0xeb3fb67, 0x81cbd29, 0xbc62f16, 0x2b6fcc7, 0xf5a4e29,
+    0x13560b66, 0xc0b6ac2, 0x51ae690, 0xd41e271, 0xf3e9bd4, 0x1d70aab, 0x1029f72, 0x73e1c35, 0xee70fbc,
+    0xad81baf, 0x9ecc49a, 0x86c741e, 0xfe6be30, 0x176752e7, 0x23d416, 0x1f83de85, 0x27de188, 0x66f70b8,
+    0x181cd51f, 0x96b6e4c, 0x188f2335, 0xa5df759, 0x17a77eb6, 0xfeb0e73, 0x154ae914, 0x2f3ec51, 0x3826b59,
+    0xb91f17d, 0x1c72949, 0x1362bf0a, 0xe23fddf, 0xa5614b0, 0xf7d8f, 0x79061, 0x823d9d2, 0x8213f39,
+    0x1128ae0b, 0xd095d05, 0xb85c0c2, 0x1ecb2ef, 0x24ddc84, 0xe35e901, 0x18411a4a, 0xf5ddc3d, 0x3786689,
+    0x52260e8, 0x5ae3564, 0x542b10d, 0x8d93a45, 0x19952aa4, 0x996cc41, 0x1051a729, 0x4be3499, 0x52b23aa,
+    0x109f307e, 0x6f5b6bb, 0x1f84e1e7, 0x77a0cfa, 0x10c4df3f, 0x25a02ea, 0xb048035, 0xe31de66, 0xc6ecaa3,
+    0x28ea335, 0x2886024, 0x1372f020, 0xf55d35, 0x15e4684c, 0xf2a9e17, 0x1a4a7529, 0xcb7beb1, 0xb2a78a1,
+    0x1ab21f1f, 0x6361ccf, 0x6c9179d, 0xb135627, 0x1267b974, 0x4408bad, 0x1cbff658, 0xe3d6511, 0xc7d76f,
+    0x1cc7a69, 0xe7ee31b, 0x54fab4f, 0x2b914f, 0x1ad27a30, 0xcd3579e, 0xc50124c, 0x50daa90, 0xb13f72,
+    0xb06aa75, 0x70f5cc6, 0x1649e5aa, 0x84a5312, 0x329043c, 0x41c4011, 0x13d32411, 0xb04a838, 0xd760d2d,
+    0x1713b532, 0xbaa0c03, 0x84022ab, 0x6bcf5c1, 0x2f45379, 0x18ae070, 0x18c9e11e, 0x20bca9a, 0x66f496b,
+    0x3eef294, 0x67500d2, 0xd7f613c, 0x2dbbeb, 0xb741038, 0xe04133f, 0x1582968d, 0xbe985f7, 0x1acbc1a,
+    0x1a6a939f, 0x33e50f6, 0xd665ed4, 0xb4b7bd6, 0x1e5a3799, 0x6b33847, 0x17fa56ff, 0x65ef930, 0x21dc4a,
+    0x2b37659, 0x450fe17, 0xb357b65, 0xdf5efac, 0x15397bef, 0x9d35a7f, 0x112ac15f, 0x624e62e, 0xa90ae2f,
+    0x107eecd2, 0x1f69bbe, 0x77d6bce, 0x5741394, 0x13c684fc, 0x950c910, 0x725522b, 0xdc78583, 0x40eeabb,
+    0x1fde328a, 0xbd61d96, 0xd28c387, 0x9e77d89, 0x12550c40, 0x759cb7d, 0x367ef34, 0xae2a960, 0x91b8bdc,
+    0x93462a9, 0xf469ef, 0xb2e9aef, 0xd2ca771, 0x54e1f42, 0x7aaa49, 0x6316abb, 0x2413c8e, 0x5425bf9,
+    0x1bed3e3a, 0xf272274, 0x1f5e7326, 0x6416517, 0xea27072, 0x9cedea7, 0x6e7633, 0x7c91952, 0xd806dce,
+    0x8e2a7e1, 0xe421e1a, 0x418c9e1, 0x1dbc890, 0x1b395c36, 0xa1dc175, 0x1dc4ef73, 0x8956f34, 0xe4b5cf2,
+    0x1b0d3a18, 0x3194a36, 0x6c2641f, 0xe44124c, 0xa2f4eaa, 0xa8c25ba, 0xf927ed7, 0x627b614, 0x7371cca,
+    0xba16694, 0x417bc03, 0x7c0a7e3, 0x9c35c19, 0x1168a205, 0x8b6b00d, 0x10e3edc9, 0x9c19bf2, 0x5882229,
+    0x1b2b4162, 0xa5cef1a, 0x1543622b, 0x9bd433e, 0x364e04d, 0x7480792, 0x5c9b5b3, 0xe85ff25, 0x408ef57,
+    0x1814cfa4, 0x121b41b, 0xd248a0f, 0x3b05222, 0x39bb16a, 0xc75966d, 0xa038113, 0xa4a1769, 0x11fbc6c,
+    0x917e50e, 0xeec3da8, 0x169d6eac, 0x10c1699, 0xa416153, 0xf724912, 0x15cd60b7, 0x4acbad9, 0x5efc5fa,
+    0xf150ed7, 0x122b51, 0x1104b40a, 0xcb7f442, 0xfbb28ff, 0x6ac53ca, 0x196142cc, 0x7bf0fa9, 0x957651,
+    0x4e0f215, 0xed439f8, 0x3f46bd5, 0x5ace82f, 0x110916b6, 0x6db078, 0xffd7d57, 0xf2ecaac, 0xca86dec,
+    0x15d6b2da, 0x965ecc9, 0x1c92b4c2, 0x1f3811, 0x1cb080f5, 0x2d8b804, 0x19d1c12d, 0xf20bd46, 0x1951fa7,
+    0xa3656c3, 0x523a425, 0xfcd0692, 0xd44ddc8, 0x131f0f5b, 0xaf80e4a, 0xcd9fc74, 0x99bb618, 0x2db944c,
+    0xa673090, 0x1c210e1, 0x178c8d23, 0x1474383, 0x10b8743d, 0x985a55b, 0x2e74779, 0x576138, 0x9587927,
+    0x133130fa, 0xbe05516, 0x9f4d619, 0xbb62570, 0x99ec591, 0xd9468fe, 0x1d07782d, 0xfc72e0b, 0x701b298,
+    0x1863863b, 0x85954b8, 0x121a0c36, 0x9e7fedf, 0xf64b429, 0x9b9d71e, 0x14e2f5d8, 0xf858d3a, 0x942eea8,
+    0xda5b765, 0x6edafff, 0xa9d18cc, 0xc65e4ba, 0x1c747e86, 0xe4ea915, 0x1981d7a1, 0x8395659, 0x52ed4e2,
+    0x87d43b7, 0x37ab11b, 0x19d292ce, 0xf8d4692, 0x18c3053f, 0x8863e13, 0x4c146c0, 0x6bdf55a, 0x4e4457d,
+    0x16152289, 0xac78ec2, 0x1a59c5a2, 0x2028b97, 0x71c2d01, 0x295851f, 0x404747b, 0x878558d, 0x7d29aa4,
+    0x13d8341f, 0x8daefd7, 0x139c972d, 0x6b7ea75, 0xd4a9dde, 0xff163d8, 0x81d55d7, 0xa5bef68, 0xb7b30d8,
+    0xbe73d6f, 0xaa88141, 0xd976c81, 0x7e7a9cc, 0x18beb771, 0xd773cbd, 0x13f51951, 0x9d0c177, 0x1c49a78,
+};
+
+/* Field element operations:
+ */
+
+/* NON_ZERO_TO_ALL_ONES returns:
+ *   0xffffffff for 0 < x <= 2**31
+ *   0 for x == 0 or x > 2**31.
+ *
+ * x must be a u32 or an equivalent type such as limb.
+ */
+#define NON_ZERO_TO_ALL_ONES(x) ((((u32)(x)-1) >> 31) - 1)
+
+/* felem_reduce_carry adds a multiple of p in order to cancel |carry|,
+ * which is a term at 2**257.
+ *
+ * On entry: carry < 2**3, inout[0,2,...] < 2**29, inout[1,3,...] < 2**28.
+ * On exit: inout[0,2,..] < 2**30, inout[1,3,...] < 2**29.
+ */
+static void
+felem_reduce_carry(felem inout, limb carry)
+{
+    const u32 carry_mask = NON_ZERO_TO_ALL_ONES(carry);
+
+    inout[0] += carry << 1;
+    inout[3] += 0x10000000 & carry_mask;
+    /* carry < 2**3 thus (carry << 11) < 2**14 and we added 2**28 in the
+     * previous line therefore this doesn't underflow.
+     */
+    inout[3] -= carry << 11;
+    inout[4] += (0x20000000 - 1) & carry_mask;
+    inout[5] += (0x10000000 - 1) & carry_mask;
+    inout[6] += (0x20000000 - 1) & carry_mask;
+    inout[6] -= carry << 22;
+    /* This may underflow if carry is non-zero but, if so, we'll fix it in the
+     * next line.
+     */
+    inout[7] -= 1 & carry_mask;
+    inout[7] += carry << 25;
+}
+
+/* felem_sum sets out = in+in2.
+ *
+ * On entry, in[i]+in2[i] must not overflow a 32-bit word.
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29
+ */
+static void
+felem_sum(felem out, const felem in, const felem in2)
+{
+    limb carry = 0;
+    unsigned int i;
+    for (i = 0;; i++) {
+        out[i] = in[i] + in2[i];
+        out[i] += carry;
+        carry = out[i] >> 29;
+        out[i] &= kBottom29Bits;
+
+        i++;
+        if (i == NLIMBS)
+            break;
+
+        out[i] = in[i] + in2[i];
+        out[i] += carry;
+        carry = out[i] >> 28;
+        out[i] &= kBottom28Bits;
+    }
+
+    felem_reduce_carry(out, carry);
+}
+
+#define two31m3 (((limb)1) << 31) - (((limb)1) << 3)
+#define two30m2 (((limb)1) << 30) - (((limb)1) << 2)
+#define two30p13m2 (((limb)1) << 30) + (((limb)1) << 13) - (((limb)1) << 2)
+#define two31m2 (((limb)1) << 31) - (((limb)1) << 2)
+#define two31p24m2 (((limb)1) << 31) + (((limb)1) << 24) - (((limb)1) << 2)
+#define two30m27m2 (((limb)1) << 30) - (((limb)1) << 27) - (((limb)1) << 2)
+
+/* zero31 is 0 mod p.
+ */
+static const felem zero31 = {
+    two31m3, two30m2, two31m2, two30p13m2,
+    two31m2, two30m2, two31p24m2, two30m27m2,
+    two31m2
+};
+
+/* felem_diff sets out = in-in2.
+ *
+ * On entry: in[0,2,...] < 2**30, in[1,3,...] < 2**29 and
+ *           in2[0,2,...] < 2**30, in2[1,3,...] < 2**29.
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ */
+static void
+felem_diff(felem out, const felem in, const felem in2)
+{
+    limb carry = 0;
+    unsigned int i;
+
+    for (i = 0;; i++) {
+        out[i] = in[i] - in2[i];
+        out[i] += zero31[i];
+        out[i] += carry;
+        carry = out[i] >> 29;
+        out[i] &= kBottom29Bits;
+
+        i++;
+        if (i == NLIMBS)
+            break;
+
+        out[i] = in[i] - in2[i];
+        out[i] += zero31[i];
+        out[i] += carry;
+        carry = out[i] >> 28;
+        out[i] &= kBottom28Bits;
+    }
+
+    felem_reduce_carry(out, carry);
+}
+
+/* felem_reduce_degree sets out = tmp/R mod p where tmp contains 64-bit words
+ * with the same 29,28,... bit positions as an felem.
+ *
+ * The values in felems are in Montgomery form: x*R mod p where R = 2**257.
+ * Since we just multiplied two Montgomery values together, the result is
+ * x*y*R*R mod p. We wish to divide by R in order for the result also to be
+ * in Montgomery form.
+ *
+ * On entry: tmp[i] < 2**64
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29
+ */
+static void
+felem_reduce_degree(felem out, u64 tmp[17])
+{
+    /* The following table may be helpful when reading this code:
+     *
+     * Limb number:   0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10...
+     * Width (bits):  29| 28| 29| 28| 29| 28| 29| 28| 29| 28| 29
+     * Start bit:     0 | 29| 57| 86|114|143|171|200|228|257|285
+     *   (odd phase): 0 | 28| 57| 85|114|142|171|199|228|256|285
+     */
+    limb tmp2[18], carry, x, xMask;
+    unsigned int i;
+
+    /* tmp contains 64-bit words with the same 29,28,29-bit positions as an
+     * felem. So the top of an element of tmp might overlap with another
+     * element two positions down. The following loop eliminates this
+     * overlap.
+     */
+    tmp2[0] = tmp[0] & kBottom29Bits;
+
+    /* In the following we use "(limb) tmp[x]" and "(limb) (tmp[x]>>32)" to try
+     * and hint to the compiler that it can do a single-word shift by selecting
+     * the right register rather than doing a double-word shift and truncating
+     * afterwards.
+     */
+    tmp2[1] = ((limb)tmp[0]) >> 29;
+    tmp2[1] |= (((limb)(tmp[0] >> 32)) << 3) & kBottom28Bits;
+    tmp2[1] += ((limb)tmp[1]) & kBottom28Bits;
+    carry = tmp2[1] >> 28;
+    tmp2[1] &= kBottom28Bits;
+
+    for (i = 2; i < 17; i++) {
+        tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25;
+        tmp2[i] += ((limb)(tmp[i - 1])) >> 28;
+        tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 4) & kBottom29Bits;
+        tmp2[i] += ((limb)tmp[i]) & kBottom29Bits;
+        tmp2[i] += carry;
+        carry = tmp2[i] >> 29;
+        tmp2[i] &= kBottom29Bits;
+
+        i++;
+        if (i == 17)
+            break;
+        tmp2[i] = ((limb)(tmp[i - 2] >> 32)) >> 25;
+        tmp2[i] += ((limb)(tmp[i - 1])) >> 29;
+        tmp2[i] += (((limb)(tmp[i - 1] >> 32)) << 3) & kBottom28Bits;
+        tmp2[i] += ((limb)tmp[i]) & kBottom28Bits;
+        tmp2[i] += carry;
+        carry = tmp2[i] >> 28;
+        tmp2[i] &= kBottom28Bits;
+    }
+
+    tmp2[17] = ((limb)(tmp[15] >> 32)) >> 25;
+    tmp2[17] += ((limb)(tmp[16])) >> 29;
+    tmp2[17] += (((limb)(tmp[16] >> 32)) << 3);
+    tmp2[17] += carry;
+
+    /* Montgomery elimination of terms:
+     *
+     * Since R is 2**257, we can divide by R with a bitwise shift if we can
+     * ensure that the right-most 257 bits are all zero. We can make that true
+     * by adding multiplies of p without affecting the value.
+     *
+     * So we eliminate limbs from right to left. Since the bottom 29 bits of p
+     * are all ones, then by adding tmp2[0]*p to tmp2 we'll make tmp2[0] == 0.
+     * We can do that for 8 further limbs and then right shift to eliminate the
+     * extra factor of R.
+     */
+    for (i = 0;; i += 2) {
+        tmp2[i + 1] += tmp2[i] >> 29;
+        x = tmp2[i] & kBottom29Bits;
+        xMask = NON_ZERO_TO_ALL_ONES(x);
+        tmp2[i] = 0;
+
+        /* The bounds calculations for this loop are tricky. Each iteration of
+         * the loop eliminates two words by adding values to words to their
+         * right.
+         *
+         * The following table contains the amounts added to each word (as an
+         * offset from the value of i at the top of the loop). The amounts are
+         * accounted for from the first and second half of the loop separately
+         * and are written as, for example, 28 to mean a value <2**28.
+         *
+         * Word:                   3   4   5   6   7   8   9   10
+         * Added in top half:     28  11      29  21  29  28
+         *                                        28  29
+         *                                            29
+         * Added in bottom half:      29  10      28  21  28   28
+         *                                            29
+         *
+         * The value that is currently offset 7 will be offset 5 for the next
+         * iteration and then offset 3 for the iteration after that. Therefore
+         * the total value added will be the values added at 7, 5 and 3.
+         *
+         * The following table accumulates these values. The sums at the bottom
+         * are written as, for example, 29+28, to mean a value < 2**29+2**28.
+         *
+         * Word:                   3   4   5   6   7   8   9  10  11  12  13
+         *                        28  11  10  29  21  29  28  28  28  28  28
+         *                            29  28  11  28  29  28  29  28  29  28
+         *                                    29  28  21  21  29  21  29  21
+         *                                        10  29  28  21  28  21  28
+         *                                        28  29  28  29  28  29  28
+         *                                            11  10  29  10  29  10
+         *                                            29  28  11  28  11
+         *                                                    29      29
+         *                        --------------------------------------------
+         *                                                30+ 31+ 30+ 31+ 30+
+         *                                                28+ 29+ 28+ 29+ 21+
+         *                                                21+ 28+ 21+ 28+ 10
+         *                                                10  21+ 10  21+
+         *                                                    11      11
+         *
+         * So the greatest amount is added to tmp2[10] and tmp2[12]. If
+         * tmp2[10/12] has an initial value of <2**29, then the maximum value
+         * will be < 2**31 + 2**30 + 2**28 + 2**21 + 2**11, which is < 2**32,
+         * as required.
+         */
+        tmp2[i + 3] += (x << 10) & kBottom28Bits;
+        tmp2[i + 4] += (x >> 18);
+
+        tmp2[i + 6] += (x << 21) & kBottom29Bits;
+        tmp2[i + 7] += x >> 8;
+
+        /* At position 200, which is the starting bit position for word 7, we
+         * have a factor of 0xf000000 = 2**28 - 2**24.
+         */
+        tmp2[i + 7] += 0x10000000 & xMask;
+        /* Word 7 is 28 bits wide, so the 2**28 term exactly hits word 8. */
+        tmp2[i + 8] += (x - 1) & xMask;
+        tmp2[i + 7] -= (x << 24) & kBottom28Bits;
+        tmp2[i + 8] -= x >> 4;
+
+        tmp2[i + 8] += 0x20000000 & xMask;
+        tmp2[i + 8] -= x;
+        tmp2[i + 8] += (x << 28) & kBottom29Bits;
+        tmp2[i + 9] += ((x >> 1) - 1) & xMask;
+
+        if (i + 1 == NLIMBS)
+            break;
+        tmp2[i + 2] += tmp2[i + 1] >> 28;
+        x = tmp2[i + 1] & kBottom28Bits;
+        xMask = NON_ZERO_TO_ALL_ONES(x);
+        tmp2[i + 1] = 0;
+
+        tmp2[i + 4] += (x << 11) & kBottom29Bits;
+        tmp2[i + 5] += (x >> 18);
+
+        tmp2[i + 7] += (x << 21) & kBottom28Bits;
+        tmp2[i + 8] += x >> 7;
+
+        /* At position 199, which is the starting bit of the 8th word when
+         * dealing with a context starting on an odd word, we have a factor of
+         * 0x1e000000 = 2**29 - 2**25. Since we have not updated i, the 8th
+         * word from i+1 is i+8.
+         */
+        tmp2[i + 8] += 0x20000000 & xMask;
+        tmp2[i + 9] += (x - 1) & xMask;
+        tmp2[i + 8] -= (x << 25) & kBottom29Bits;
+        tmp2[i + 9] -= x >> 4;
+
+        tmp2[i + 9] += 0x10000000 & xMask;
+        tmp2[i + 9] -= x;
+        tmp2[i + 10] += (x - 1) & xMask;
+    }
+
+    /* We merge the right shift with a carry chain. The words above 2**257 have
+     * widths of 28,29,... which we need to correct when copying them down.
+     */
+    carry = 0;
+    for (i = 0; i < 8; i++) {
+        /* The maximum value of tmp2[i + 9] occurs on the first iteration and
+         * is < 2**30+2**29+2**28. Adding 2**29 (from tmp2[i + 10]) is
+         * therefore safe.
+         */
+        out[i] = tmp2[i + 9];
+        out[i] += carry;
+        out[i] += (tmp2[i + 10] << 28) & kBottom29Bits;
+        carry = out[i] >> 29;
+        out[i] &= kBottom29Bits;
+
+        i++;
+        out[i] = tmp2[i + 9] >> 1;
+        out[i] += carry;
+        carry = out[i] >> 28;
+        out[i] &= kBottom28Bits;
+    }
+
+    out[8] = tmp2[17];
+    out[8] += carry;
+    carry = out[8] >> 29;
+    out[8] &= kBottom29Bits;
+
+    felem_reduce_carry(out, carry);
+}
+
+/* felem_square sets out=in*in.
+ *
+ * On entry: in[0,2,...] < 2**30, in[1,3,...] < 2**29.
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ */
+static void
+felem_square(felem out, const felem in)
+{
+    u64 tmp[17];
+
+    tmp[0] = ((u64)in[0]) * in[0];
+    tmp[1] = ((u64)in[0]) * (in[1] << 1);
+    tmp[2] = ((u64)in[0]) * (in[2] << 1) +
+             ((u64)in[1]) * (in[1] << 1);
+    tmp[3] = ((u64)in[0]) * (in[3] << 1) +
+             ((u64)in[1]) * (in[2] << 1);
+    tmp[4] = ((u64)in[0]) * (in[4] << 1) +
+             ((u64)in[1]) * (in[3] << 2) +
+             ((u64)in[2]) * in[2];
+    tmp[5] = ((u64)in[0]) * (in[5] << 1) +
+             ((u64)in[1]) * (in[4] << 1) +
+             ((u64)in[2]) * (in[3] << 1);
+    tmp[6] = ((u64)in[0]) * (in[6] << 1) +
+             ((u64)in[1]) * (in[5] << 2) +
+             ((u64)in[2]) * (in[4] << 1) +
+             ((u64)in[3]) * (in[3] << 1);
+    tmp[7] = ((u64)in[0]) * (in[7] << 1) +
+             ((u64)in[1]) * (in[6] << 1) +
+             ((u64)in[2]) * (in[5] << 1) +
+             ((u64)in[3]) * (in[4] << 1);
+    /* tmp[8] has the greatest value of 2**61 + 2**60 + 2**61 + 2**60 + 2**60,
+     * which is < 2**64 as required.
+     */
+    tmp[8] = ((u64)in[0]) * (in[8] << 1) +
+             ((u64)in[1]) * (in[7] << 2) +
+             ((u64)in[2]) * (in[6] << 1) +
+             ((u64)in[3]) * (in[5] << 2) +
+             ((u64)in[4]) * in[4];
+    tmp[9] = ((u64)in[1]) * (in[8] << 1) +
+             ((u64)in[2]) * (in[7] << 1) +
+             ((u64)in[3]) * (in[6] << 1) +
+             ((u64)in[4]) * (in[5] << 1);
+    tmp[10] = ((u64)in[2]) * (in[8] << 1) +
+              ((u64)in[3]) * (in[7] << 2) +
+              ((u64)in[4]) * (in[6] << 1) +
+              ((u64)in[5]) * (in[5] << 1);
+    tmp[11] = ((u64)in[3]) * (in[8] << 1) +
+              ((u64)in[4]) * (in[7] << 1) +
+              ((u64)in[5]) * (in[6] << 1);
+    tmp[12] = ((u64)in[4]) * (in[8] << 1) +
+              ((u64)in[5]) * (in[7] << 2) +
+              ((u64)in[6]) * in[6];
+    tmp[13] = ((u64)in[5]) * (in[8] << 1) +
+              ((u64)in[6]) * (in[7] << 1);
+    tmp[14] = ((u64)in[6]) * (in[8] << 1) +
+              ((u64)in[7]) * (in[7] << 1);
+    tmp[15] = ((u64)in[7]) * (in[8] << 1);
+    tmp[16] = ((u64)in[8]) * in[8];
+
+    felem_reduce_degree(out, tmp);
+}
+
+/* felem_mul sets out=in*in2.
+ *
+ * On entry: in[0,2,...] < 2**30, in[1,3,...] < 2**29 and
+ *           in2[0,2,...] < 2**30, in2[1,3,...] < 2**29.
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ */
+static void
+felem_mul(felem out, const felem in, const felem in2)
+{
+    u64 tmp[17];
+
+    tmp[0] = ((u64)in[0]) * in2[0];
+    tmp[1] = ((u64)in[0]) * (in2[1] << 0) +
+             ((u64)in[1]) * (in2[0] << 0);
+    tmp[2] = ((u64)in[0]) * (in2[2] << 0) +
+             ((u64)in[1]) * (in2[1] << 1) +
+             ((u64)in[2]) * (in2[0] << 0);
+    tmp[3] = ((u64)in[0]) * (in2[3] << 0) +
+             ((u64)in[1]) * (in2[2] << 0) +
+             ((u64)in[2]) * (in2[1] << 0) +
+             ((u64)in[3]) * (in2[0] << 0);
+    tmp[4] = ((u64)in[0]) * (in2[4] << 0) +
+             ((u64)in[1]) * (in2[3] << 1) +
+             ((u64)in[2]) * (in2[2] << 0) +
+             ((u64)in[3]) * (in2[1] << 1) +
+             ((u64)in[4]) * (in2[0] << 0);
+    tmp[5] = ((u64)in[0]) * (in2[5] << 0) +
+             ((u64)in[1]) * (in2[4] << 0) +
+             ((u64)in[2]) * (in2[3] << 0) +
+             ((u64)in[3]) * (in2[2] << 0) +
+             ((u64)in[4]) * (in2[1] << 0) +
+             ((u64)in[5]) * (in2[0] << 0);
+    tmp[6] = ((u64)in[0]) * (in2[6] << 0) +
+             ((u64)in[1]) * (in2[5] << 1) +
+             ((u64)in[2]) * (in2[4] << 0) +
+             ((u64)in[3]) * (in2[3] << 1) +
+             ((u64)in[4]) * (in2[2] << 0) +
+             ((u64)in[5]) * (in2[1] << 1) +
+             ((u64)in[6]) * (in2[0] << 0);
+    tmp[7] = ((u64)in[0]) * (in2[7] << 0) +
+             ((u64)in[1]) * (in2[6] << 0) +
+             ((u64)in[2]) * (in2[5] << 0) +
+             ((u64)in[3]) * (in2[4] << 0) +
+             ((u64)in[4]) * (in2[3] << 0) +
+             ((u64)in[5]) * (in2[2] << 0) +
+             ((u64)in[6]) * (in2[1] << 0) +
+             ((u64)in[7]) * (in2[0] << 0);
+    /* tmp[8] has the greatest value but doesn't overflow. See logic in
+     * felem_square.
+     */
+    tmp[8] = ((u64)in[0]) * (in2[8] << 0) +
+             ((u64)in[1]) * (in2[7] << 1) +
+             ((u64)in[2]) * (in2[6] << 0) +
+             ((u64)in[3]) * (in2[5] << 1) +
+             ((u64)in[4]) * (in2[4] << 0) +
+             ((u64)in[5]) * (in2[3] << 1) +
+             ((u64)in[6]) * (in2[2] << 0) +
+             ((u64)in[7]) * (in2[1] << 1) +
+             ((u64)in[8]) * (in2[0] << 0);
+    tmp[9] = ((u64)in[1]) * (in2[8] << 0) +
+             ((u64)in[2]) * (in2[7] << 0) +
+             ((u64)in[3]) * (in2[6] << 0) +
+             ((u64)in[4]) * (in2[5] << 0) +
+             ((u64)in[5]) * (in2[4] << 0) +
+             ((u64)in[6]) * (in2[3] << 0) +
+             ((u64)in[7]) * (in2[2] << 0) +
+             ((u64)in[8]) * (in2[1] << 0);
+    tmp[10] = ((u64)in[2]) * (in2[8] << 0) +
+              ((u64)in[3]) * (in2[7] << 1) +
+              ((u64)in[4]) * (in2[6] << 0) +
+              ((u64)in[5]) * (in2[5] << 1) +
+              ((u64)in[6]) * (in2[4] << 0) +
+              ((u64)in[7]) * (in2[3] << 1) +
+              ((u64)in[8]) * (in2[2] << 0);
+    tmp[11] = ((u64)in[3]) * (in2[8] << 0) +
+              ((u64)in[4]) * (in2[7] << 0) +
+              ((u64)in[5]) * (in2[6] << 0) +
+              ((u64)in[6]) * (in2[5] << 0) +
+              ((u64)in[7]) * (in2[4] << 0) +
+              ((u64)in[8]) * (in2[3] << 0);
+    tmp[12] = ((u64)in[4]) * (in2[8] << 0) +
+              ((u64)in[5]) * (in2[7] << 1) +
+              ((u64)in[6]) * (in2[6] << 0) +
+              ((u64)in[7]) * (in2[5] << 1) +
+              ((u64)in[8]) * (in2[4] << 0);
+    tmp[13] = ((u64)in[5]) * (in2[8] << 0) +
+              ((u64)in[6]) * (in2[7] << 0) +
+              ((u64)in[7]) * (in2[6] << 0) +
+              ((u64)in[8]) * (in2[5] << 0);
+    tmp[14] = ((u64)in[6]) * (in2[8] << 0) +
+              ((u64)in[7]) * (in2[7] << 1) +
+              ((u64)in[8]) * (in2[6] << 0);
+    tmp[15] = ((u64)in[7]) * (in2[8] << 0) +
+              ((u64)in[8]) * (in2[7] << 0);
+    tmp[16] = ((u64)in[8]) * (in2[8] << 0);
+
+    felem_reduce_degree(out, tmp);
+}
+
+static void
+felem_assign(felem out, const felem in)
+{
+    memcpy(out, in, sizeof(felem));
+}
+
+/* felem_inv calculates |out| = |in|^{-1}
+ *
+ * Based on Fermat's Little Theorem:
+ *   a^p = a (mod p)
+ *   a^{p-1} = 1 (mod p)
+ *   a^{p-2} = a^{-1} (mod p)
+ */
+static void
+felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2;
+    /* each e_I will hold |in|^{2^I - 1} */
+    felem e2, e4, e8, e16, e32, e64;
+    unsigned int i;
+
+    felem_square(ftmp, in);    /* 2^1 */
+    felem_mul(ftmp, in, ftmp); /* 2^2 - 2^0 */
+    felem_assign(e2, ftmp);
+    felem_square(ftmp, ftmp);  /* 2^3 - 2^1 */
+    felem_square(ftmp, ftmp);  /* 2^4 - 2^2 */
+    felem_mul(ftmp, ftmp, e2); /* 2^4 - 2^0 */
+    felem_assign(e4, ftmp);
+    felem_square(ftmp, ftmp);  /* 2^5 - 2^1 */
+    felem_square(ftmp, ftmp);  /* 2^6 - 2^2 */
+    felem_square(ftmp, ftmp);  /* 2^7 - 2^3 */
+    felem_square(ftmp, ftmp);  /* 2^8 - 2^4 */
+    felem_mul(ftmp, ftmp, e4); /* 2^8 - 2^0 */
+    felem_assign(e8, ftmp);
+    for (i = 0; i < 8; i++) {
+        felem_square(ftmp, ftmp);
+    }                          /* 2^16 - 2^8 */
+    felem_mul(ftmp, ftmp, e8); /* 2^16 - 2^0 */
+    felem_assign(e16, ftmp);
+    for (i = 0; i < 16; i++) {
+        felem_square(ftmp, ftmp);
+    }                           /* 2^32 - 2^16 */
+    felem_mul(ftmp, ftmp, e16); /* 2^32 - 2^0 */
+    felem_assign(e32, ftmp);
+    for (i = 0; i < 32; i++) {
+        felem_square(ftmp, ftmp);
+    } /* 2^64 - 2^32 */
+    felem_assign(e64, ftmp);
+    felem_mul(ftmp, ftmp, in); /* 2^64 - 2^32 + 2^0 */
+    for (i = 0; i < 192; i++) {
+        felem_square(ftmp, ftmp);
+    } /* 2^256 - 2^224 + 2^192 */
+
+    felem_mul(ftmp2, e64, e32); /* 2^64 - 2^0 */
+    for (i = 0; i < 16; i++) {
+        felem_square(ftmp2, ftmp2);
+    }                             /* 2^80 - 2^16 */
+    felem_mul(ftmp2, ftmp2, e16); /* 2^80 - 2^0 */
+    for (i = 0; i < 8; i++) {
+        felem_square(ftmp2, ftmp2);
+    }                            /* 2^88 - 2^8 */
+    felem_mul(ftmp2, ftmp2, e8); /* 2^88 - 2^0 */
+    for (i = 0; i < 4; i++) {
+        felem_square(ftmp2, ftmp2);
+    }                            /* 2^92 - 2^4 */
+    felem_mul(ftmp2, ftmp2, e4); /* 2^92 - 2^0 */
+    felem_square(ftmp2, ftmp2);  /* 2^93 - 2^1 */
+    felem_square(ftmp2, ftmp2);  /* 2^94 - 2^2 */
+    felem_mul(ftmp2, ftmp2, e2); /* 2^94 - 2^0 */
+    felem_square(ftmp2, ftmp2);  /* 2^95 - 2^1 */
+    felem_square(ftmp2, ftmp2);  /* 2^96 - 2^2 */
+    felem_mul(ftmp2, ftmp2, in); /* 2^96 - 3 */
+
+    felem_mul(out, ftmp2, ftmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
+}
+
+/* felem_scalar_3 sets out=3*out.
+ *
+ * On entry: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ */
+static void
+felem_scalar_3(felem out)
+{
+    limb carry = 0;
+    unsigned int i;
+
+    for (i = 0;; i++) {
+        out[i] *= 3;
+        out[i] += carry;
+        carry = out[i] >> 29;
+        out[i] &= kBottom29Bits;
+
+        i++;
+        if (i == NLIMBS)
+            break;
+
+        out[i] *= 3;
+        out[i] += carry;
+        carry = out[i] >> 28;
+        out[i] &= kBottom28Bits;
+    }
+
+    felem_reduce_carry(out, carry);
+}
+
+/* felem_scalar_4 sets out=4*out.
+ *
+ * On entry: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ */
+static void
+felem_scalar_4(felem out)
+{
+    limb carry = 0, next_carry;
+    unsigned int i;
+
+    for (i = 0;; i++) {
+        next_carry = out[i] >> 27;
+        out[i] <<= 2;
+        out[i] &= kBottom29Bits;
+        out[i] += carry;
+        carry = next_carry + (out[i] >> 29);
+        out[i] &= kBottom29Bits;
+
+        i++;
+        if (i == NLIMBS)
+            break;
+        next_carry = out[i] >> 26;
+        out[i] <<= 2;
+        out[i] &= kBottom28Bits;
+        out[i] += carry;
+        carry = next_carry + (out[i] >> 28);
+        out[i] &= kBottom28Bits;
+    }
+
+    felem_reduce_carry(out, carry);
+}
+
+/* felem_scalar_8 sets out=8*out.
+ *
+ * On entry: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ * On exit: out[0,2,...] < 2**30, out[1,3,...] < 2**29.
+ */
+static void
+felem_scalar_8(felem out)
+{
+    limb carry = 0, next_carry;
+    unsigned int i;
+
+    for (i = 0;; i++) {
+        next_carry = out[i] >> 26;
+        out[i] <<= 3;
+        out[i] &= kBottom29Bits;
+        out[i] += carry;
+        carry = next_carry + (out[i] >> 29);
+        out[i] &= kBottom29Bits;
+
+        i++;
+        if (i == NLIMBS)
+            break;
+        next_carry = out[i] >> 25;
+        out[i] <<= 3;
+        out[i] &= kBottom28Bits;
+        out[i] += carry;
+        carry = next_carry + (out[i] >> 28);
+        out[i] &= kBottom28Bits;
+    }
+
+    felem_reduce_carry(out, carry);
+}
+
+/* felem_is_zero_vartime returns 1 iff |in| == 0. It takes a variable amount of
+ * time depending on the value of |in|.
+ */
+static char
+felem_is_zero_vartime(const felem in)
+{
+    limb carry;
+    int i;
+    limb tmp[NLIMBS];
+    felem_assign(tmp, in);
+
+    /* First, reduce tmp to a minimal form.
+     */
+    do {
+        carry = 0;
+        for (i = 0;; i++) {
+            tmp[i] += carry;
+            carry = tmp[i] >> 29;
+            tmp[i] &= kBottom29Bits;
+
+            i++;
+            if (i == NLIMBS)
+                break;
+
+            tmp[i] += carry;
+            carry = tmp[i] >> 28;
+            tmp[i] &= kBottom28Bits;
+        }
+
+        felem_reduce_carry(tmp, carry);
+    } while (carry);
+
+    /* tmp < 2**257, so the only possible zero values are 0, p and 2p.
+     */
+    return memcmp(tmp, kZero, sizeof(tmp)) == 0 ||
+           memcmp(tmp, kP, sizeof(tmp)) == 0 ||
+           memcmp(tmp, k2P, sizeof(tmp)) == 0;
+}
+
+/* Group operations:
+ *
+ * Elements of the elliptic curve group are represented in Jacobian
+ * coordinates: (x, y, z). An affine point (x', y') is x'=x/z**2, y'=y/z**3 in
+ * Jacobian form.
+ */
+
+/* point_double sets {x_out,y_out,z_out} = 2*{x,y,z}.
+ *
+ * See http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
+ */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x, const felem y, const felem z)
+{
+    felem delta, gamma, alpha, beta, tmp, tmp2;
+
+    felem_square(delta, z);
+    felem_square(gamma, y);
+    felem_mul(beta, x, gamma);
+
+    felem_sum(tmp, x, delta);
+    felem_diff(tmp2, x, delta);
+    felem_mul(alpha, tmp, tmp2);
+    felem_scalar_3(alpha);
+
+    felem_sum(tmp, y, z);
+    felem_square(tmp, tmp);
+    felem_diff(tmp, tmp, gamma);
+    felem_diff(z_out, tmp, delta);
+
+    felem_scalar_4(beta);
+    felem_square(x_out, alpha);
+    felem_diff(x_out, x_out, beta);
+    felem_diff(x_out, x_out, beta);
+
+    felem_diff(tmp, beta, x_out);
+    felem_mul(tmp, alpha, tmp);
+    felem_square(tmp2, gamma);
+    felem_scalar_8(tmp2);
+    felem_diff(y_out, tmp, tmp2);
+}
+
+/* point_add_mixed sets {x_out,y_out,z_out} = {x1,y1,z1} + {x2,y2,1}.
+ * (i.e. the second point is affine.)
+ *
+ * See http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
+ *
+ * Note that this function does not handle P+P, infinity+P nor P+infinity
+ * correctly.
+ */
+static void
+point_add_mixed(felem x_out, felem y_out, felem z_out,
+                const felem x1, const felem y1, const felem z1,
+                const felem x2, const felem y2)
+{
+    felem z1z1, z1z1z1, s2, u2, h, i, j, r, rr, v, tmp;
+
+    felem_square(z1z1, z1);
+    felem_sum(tmp, z1, z1);
+
+    felem_mul(u2, x2, z1z1);
+    felem_mul(z1z1z1, z1, z1z1);
+    felem_mul(s2, y2, z1z1z1);
+    felem_diff(h, u2, x1);
+    felem_sum(i, h, h);
+    felem_square(i, i);
+    felem_mul(j, h, i);
+    felem_diff(r, s2, y1);
+    felem_sum(r, r, r);
+    felem_mul(v, x1, i);
+
+    felem_mul(z_out, tmp, h);
+    felem_square(rr, r);
+    felem_diff(x_out, rr, j);
+    felem_diff(x_out, x_out, v);
+    felem_diff(x_out, x_out, v);
+
+    felem_diff(tmp, v, x_out);
+    felem_mul(y_out, tmp, r);
+    felem_mul(tmp, y1, j);
+    felem_diff(y_out, y_out, tmp);
+    felem_diff(y_out, y_out, tmp);
+}
+
+/* point_add sets {x_out,y_out,z_out} = {x1,y1,z1} + {x2,y2,z2}.
+ *
+ * See http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
+ *
+ * Note that this function does not handle P+P, infinity+P nor P+infinity
+ * correctly.
+ */
+static void
+point_add(felem x_out, felem y_out, felem z_out,
+          const felem x1, const felem y1, const felem z1,
+          const felem x2, const felem y2, const felem z2)
+{
+    felem z1z1, z1z1z1, z2z2, z2z2z2, s1, s2, u1, u2, h, i, j, r, rr, v, tmp;
+
+    felem_square(z1z1, z1);
+    felem_square(z2z2, z2);
+    felem_mul(u1, x1, z2z2);
+
+    felem_sum(tmp, z1, z2);
+    felem_square(tmp, tmp);
+    felem_diff(tmp, tmp, z1z1);
+    felem_diff(tmp, tmp, z2z2);
+
+    felem_mul(z2z2z2, z2, z2z2);
+    felem_mul(s1, y1, z2z2z2);
+
+    felem_mul(u2, x2, z1z1);
+    felem_mul(z1z1z1, z1, z1z1);
+    felem_mul(s2, y2, z1z1z1);
+    felem_diff(h, u2, u1);
+    felem_sum(i, h, h);
+    felem_square(i, i);
+    felem_mul(j, h, i);
+    felem_diff(r, s2, s1);
+    felem_sum(r, r, r);
+    felem_mul(v, u1, i);
+
+    felem_mul(z_out, tmp, h);
+    felem_square(rr, r);
+    felem_diff(x_out, rr, j);
+    felem_diff(x_out, x_out, v);
+    felem_diff(x_out, x_out, v);
+
+    felem_diff(tmp, v, x_out);
+    felem_mul(y_out, tmp, r);
+    felem_mul(tmp, s1, j);
+    felem_diff(y_out, y_out, tmp);
+    felem_diff(y_out, y_out, tmp);
+}
+
+/* point_add_or_double_vartime sets {x_out,y_out,z_out} = {x1,y1,z1} +
+ *                                                        {x2,y2,z2}.
+ *
+ * See http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
+ *
+ * This function handles the case where {x1,y1,z1}={x2,y2,z2}.
+ */
+static void
+point_add_or_double_vartime(
+    felem x_out, felem y_out, felem z_out,
+    const felem x1, const felem y1, const felem z1,
+    const felem x2, const felem y2, const felem z2)
+{
+    felem z1z1, z1z1z1, z2z2, z2z2z2, s1, s2, u1, u2, h, i, j, r, rr, v, tmp;
+    char x_equal, y_equal;
+
+    felem_square(z1z1, z1);
+    felem_square(z2z2, z2);
+    felem_mul(u1, x1, z2z2);
+
+    felem_sum(tmp, z1, z2);
+    felem_square(tmp, tmp);
+    felem_diff(tmp, tmp, z1z1);
+    felem_diff(tmp, tmp, z2z2);
+
+    felem_mul(z2z2z2, z2, z2z2);
+    felem_mul(s1, y1, z2z2z2);
+
+    felem_mul(u2, x2, z1z1);
+    felem_mul(z1z1z1, z1, z1z1);
+    felem_mul(s2, y2, z1z1z1);
+    felem_diff(h, u2, u1);
+    x_equal = felem_is_zero_vartime(h);
+    felem_sum(i, h, h);
+    felem_square(i, i);
+    felem_mul(j, h, i);
+    felem_diff(r, s2, s1);
+    y_equal = felem_is_zero_vartime(r);
+    if (x_equal && y_equal) {
+        point_double(x_out, y_out, z_out, x1, y1, z1);
+        return;
+    }
+    felem_sum(r, r, r);
+    felem_mul(v, u1, i);
+
+    felem_mul(z_out, tmp, h);
+    felem_square(rr, r);
+    felem_diff(x_out, rr, j);
+    felem_diff(x_out, x_out, v);
+    felem_diff(x_out, x_out, v);
+
+    felem_diff(tmp, v, x_out);
+    felem_mul(y_out, tmp, r);
+    felem_mul(tmp, s1, j);
+    felem_diff(y_out, y_out, tmp);
+    felem_diff(y_out, y_out, tmp);
+}
+
+/* copy_conditional sets out=in if mask = 0xffffffff in constant time.
+ *
+ * On entry: mask is either 0 or 0xffffffff.
+ */
+static void
+copy_conditional(felem out, const felem in, limb mask)
+{
+    int i;
+
+    for (i = 0; i < NLIMBS; i++) {
+        const limb tmp = mask & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/* select_affine_point sets {out_x,out_y} to the index'th entry of table.
+ * On entry: index < 16, table[0] must be zero.
+ */
+static void
+select_affine_point(felem out_x, felem out_y,
+                    const limb *table, limb index)
+{
+    limb i, j;
+
+    memset(out_x, 0, sizeof(felem));
+    memset(out_y, 0, sizeof(felem));
+
+    for (i = 1; i < 16; i++) {
+        limb mask = i ^ index;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS; j++, table++) {
+            out_x[j] |= *table & mask;
+        }
+        for (j = 0; j < NLIMBS; j++, table++) {
+            out_y[j] |= *table & mask;
+        }
+    }
+}
+
+/* select_jacobian_point sets {out_x,out_y,out_z} to the index'th entry of
+ * table.  On entry: index < 16, table[0] must be zero.
+ */
+static void
+select_jacobian_point(felem out_x, felem out_y, felem out_z,
+                      const limb *table, limb index)
+{
+    limb i, j;
+
+    memset(out_x, 0, sizeof(felem));
+    memset(out_y, 0, sizeof(felem));
+    memset(out_z, 0, sizeof(felem));
+
+    /* The implicit value at index 0 is all zero. We don't need to perform that
+     * iteration of the loop because we already set out_* to zero.
+     */
+    table += 3 * NLIMBS;
+
+    for (i = 1; i < 16; i++) {
+        limb mask = i ^ index;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS; j++, table++) {
+            out_x[j] |= *table & mask;
+        }
+        for (j = 0; j < NLIMBS; j++, table++) {
+            out_y[j] |= *table & mask;
+        }
+        for (j = 0; j < NLIMBS; j++, table++) {
+            out_z[j] |= *table & mask;
+        }
+    }
+}
+
+/* get_bit returns the bit'th bit of scalar. */
+static char
+get_bit(const u8 scalar[32], int bit)
+{
+    return ((scalar[bit >> 3]) >> (bit & 7)) & 1;
+}
+
+/* scalar_base_mult sets {nx,ny,nz} = scalar*G where scalar is a little-endian
+ * number. Note that the value of scalar must be less than the order of the
+ * group.
+ */
+static void
+scalar_base_mult(felem nx, felem ny, felem nz, const u8 scalar[32])
+{
+    int i, j;
+    limb n_is_infinity_mask = -1, p_is_noninfinite_mask, mask;
+    u32 table_offset;
+
+    felem px, py;
+    felem tx, ty, tz;
+
+    memset(nx, 0, sizeof(felem));
+    memset(ny, 0, sizeof(felem));
+    memset(nz, 0, sizeof(felem));
+
+    /* The loop adds bits at positions 0, 64, 128 and 192, followed by
+     * positions 32,96,160 and 224 and does this 32 times.
+     */
+    for (i = 0; i < 32; i++) {
+        if (i) {
+            point_double(nx, ny, nz, nx, ny, nz);
+        }
+        table_offset = 0;
+        for (j = 0; j <= 32; j += 32) {
+            char bit0 = get_bit(scalar, 31 - i + j);
+            char bit1 = get_bit(scalar, 95 - i + j);
+            char bit2 = get_bit(scalar, 159 - i + j);
+            char bit3 = get_bit(scalar, 223 - i + j);
+            limb index = bit0 | (bit1 << 1) | (bit2 << 2) | (bit3 << 3);
+
+            select_affine_point(px, py, kPrecomputed + table_offset, index);
+            table_offset += 30 * NLIMBS;
+
+            /* Since scalar is less than the order of the group, we know that
+             * {nx,ny,nz} != {px,py,1}, unless both are zero, which we handle
+             * below.
+             */
+            point_add_mixed(tx, ty, tz, nx, ny, nz, px, py);
+            /* The result of point_add_mixed is incorrect if {nx,ny,nz} is zero
+             * (a.k.a.  the point at infinity). We handle that situation by
+             * copying the point from the table.
+             */
+            copy_conditional(nx, px, n_is_infinity_mask);
+            copy_conditional(ny, py, n_is_infinity_mask);
+            copy_conditional(nz, kOne, n_is_infinity_mask);
+
+            /* Equally, the result is also wrong if the point from the table is
+             * zero, which happens when the index is zero. We handle that by
+             * only copying from {tx,ty,tz} to {nx,ny,nz} if index != 0.
+             */
+            p_is_noninfinite_mask = NON_ZERO_TO_ALL_ONES(index);
+            mask = p_is_noninfinite_mask & ~n_is_infinity_mask;
+            copy_conditional(nx, tx, mask);
+            copy_conditional(ny, ty, mask);
+            copy_conditional(nz, tz, mask);
+            /* If p was not zero, then n is now non-zero. */
+            n_is_infinity_mask &= ~p_is_noninfinite_mask;
+        }
+    }
+}
+
+/* point_to_affine converts a Jacobian point to an affine point. If the input
+ * is the point at infinity then it returns (0, 0) in constant time.
+ */
+static void
+point_to_affine(felem x_out, felem y_out,
+                const felem nx, const felem ny, const felem nz)
+{
+    felem z_inv, z_inv_sq;
+    felem_inv(z_inv, nz);
+    felem_square(z_inv_sq, z_inv);
+    felem_mul(x_out, nx, z_inv_sq);
+    felem_mul(z_inv, z_inv, z_inv_sq);
+    felem_mul(y_out, ny, z_inv);
+}
+
+/* scalar_mult sets {nx,ny,nz} = scalar*{x,y}. */
+static void
+scalar_mult(felem nx, felem ny, felem nz,
+            const felem x, const felem y, const u8 scalar[32])
+{
+    int i;
+    felem px, py, pz, tx, ty, tz;
+    felem precomp[16][3];
+    limb n_is_infinity_mask, index, p_is_noninfinite_mask, mask;
+
+    /* We precompute 0,1,2,... times {x,y}. */
+    memset(precomp, 0, sizeof(felem) * 3);
+    memcpy(&precomp[1][0], x, sizeof(felem));
+    memcpy(&precomp[1][1], y, sizeof(felem));
+    memcpy(&precomp[1][2], kOne, sizeof(felem));
+
+    for (i = 2; i < 16; i += 2) {
+        point_double(precomp[i][0], precomp[i][1], precomp[i][2],
+                     precomp[i / 2][0], precomp[i / 2][1], precomp[i / 2][2]);
+
+        point_add_mixed(precomp[i + 1][0], precomp[i + 1][1], precomp[i + 1][2],
+                        precomp[i][0], precomp[i][1], precomp[i][2], x, y);
+    }
+
+    memset(nx, 0, sizeof(felem));
+    memset(ny, 0, sizeof(felem));
+    memset(nz, 0, sizeof(felem));
+    n_is_infinity_mask = -1;
+
+    /* We add in a window of four bits each iteration and do this 64 times. */
+    for (i = 0; i < 64; i++) {
+        if (i) {
+            point_double(nx, ny, nz, nx, ny, nz);
+            point_double(nx, ny, nz, nx, ny, nz);
+            point_double(nx, ny, nz, nx, ny, nz);
+            point_double(nx, ny, nz, nx, ny, nz);
+        }
+
+        index = scalar[31 - i / 2];
+        if ((i & 1) == 1) {
+            index &= 15;
+        } else {
+            index >>= 4;
+        }
+
+        /* See the comments in scalar_base_mult about handling infinities. */
+        select_jacobian_point(px, py, pz, precomp[0][0], index);
+        point_add(tx, ty, tz, nx, ny, nz, px, py, pz);
+        copy_conditional(nx, px, n_is_infinity_mask);
+        copy_conditional(ny, py, n_is_infinity_mask);
+        copy_conditional(nz, pz, n_is_infinity_mask);
+
+        p_is_noninfinite_mask = NON_ZERO_TO_ALL_ONES(index);
+        mask = p_is_noninfinite_mask & ~n_is_infinity_mask;
+        copy_conditional(nx, tx, mask);
+        copy_conditional(ny, ty, mask);
+        copy_conditional(nz, tz, mask);
+        n_is_infinity_mask &= ~p_is_noninfinite_mask;
+    }
+}
+
+/* Interface with Freebl: */
+
+/* BYTESWAP_MP_DIGIT_TO_LE swaps the bytes of a mp_digit to
+ * little-endian order.
+ */
+#ifdef IS_BIG_ENDIAN
+#ifdef __APPLE__
+#include <libkern/OSByteOrder.h>
+#define BYTESWAP32(x) OSSwapInt32(x)
+#define BYTESWAP64(x) OSSwapInt64(x)
+#else
+#define BYTESWAP32(x) \
+    (((x) >> 24) | (((x) >> 8) & 0xff00) | (((x)&0xff00) << 8) | ((x) << 24))
+#define BYTESWAP64(x)                                       \
+    (((x) >> 56) | (((x) >> 40) & 0xff00) |                 \
+     (((x) >> 24) & 0xff0000) | (((x) >> 8) & 0xff000000) | \
+     (((x)&0xff000000) << 8) | (((x)&0xff0000) << 24) |     \
+     (((x)&0xff00) << 40) | ((x) << 56))
+#endif
+
+#ifdef MP_USE_UINT_DIGIT
+#define BYTESWAP_MP_DIGIT_TO_LE(x) BYTESWAP32(x)
+#else
+#define BYTESWAP_MP_DIGIT_TO_LE(x) BYTESWAP64(x)
+#endif
+#endif /* IS_BIG_ENDIAN */
+
+#ifdef MP_USE_UINT_DIGIT
+static const mp_digit kRInvDigits[8] = {
+    0x80000000, 1, 0xffffffff, 0,
+    0x80000001, 0xfffffffe, 1, 0x7fffffff
+};
+#else
+static const mp_digit kRInvDigits[4] = {
+    PR_UINT64(0x180000000), 0xffffffff,
+    PR_UINT64(0xfffffffe80000001), PR_UINT64(0x7fffffff00000001)
+};
+#endif
+#define MP_DIGITS_IN_256_BITS (32 / sizeof(mp_digit))
+static const mp_int kRInv = {
+    MP_ZPOS,
+    MP_DIGITS_IN_256_BITS,
+    MP_DIGITS_IN_256_BITS,
+    (mp_digit *)kRInvDigits
+};
+
+static const limb kTwo28 = 0x10000000;
+static const limb kTwo29 = 0x20000000;
+
+/* to_montgomery sets out = R*in. */
+static mp_err
+to_montgomery(felem out, const mp_int *in, const ECGroup *group)
+{
+    /* There are no MPI functions for bitshift operations and we wish to shift
+     * in 257 bits left so we move the digits 256-bits left and then multiply
+     * by two.
+     */
+    mp_int in_shifted;
+    int i;
+    mp_err res;
+
+    MP_CHECKOK(mp_init(&in_shifted));
+    MP_CHECKOK(s_mp_pad(&in_shifted, MP_USED(in) + MP_DIGITS_IN_256_BITS));
+    memcpy(&MP_DIGIT(&in_shifted, MP_DIGITS_IN_256_BITS),
+           MP_DIGITS(in),
+           MP_USED(in) * sizeof(mp_digit));
+    MP_CHECKOK(mp_mul_2(&in_shifted, &in_shifted));
+    MP_CHECKOK(group->meth->field_mod(&in_shifted, &in_shifted, group->meth));
+
+    for (i = 0;; i++) {
+        out[i] = MP_DIGIT(&in_shifted, 0) & kBottom29Bits;
+        MP_CHECKOK(mp_div_d(&in_shifted, kTwo29, &in_shifted, NULL));
+
+        i++;
+        if (i == NLIMBS)
+            break;
+        out[i] = MP_DIGIT(&in_shifted, 0) & kBottom28Bits;
+        MP_CHECKOK(mp_div_d(&in_shifted, kTwo28, &in_shifted, NULL));
+    }
+
+CLEANUP:
+    mp_clear(&in_shifted);
+    return res;
+}
+
+/* from_montgomery sets out=in/R. */
+static mp_err
+from_montgomery(mp_int *out, const felem in,
+                const ECGroup *group)
+{
+    mp_int result, tmp;
+    mp_err res;
+    int i;
+
+    MP_CHECKOK(mp_init(&result));
+    MP_CHECKOK(mp_init(&tmp));
+
+    MP_CHECKOK(mp_add_d(&tmp, in[NLIMBS - 1], &result));
+    for (i = NLIMBS - 2; i >= 0; i--) {
+        if ((i & 1) == 0) {
+            MP_CHECKOK(mp_mul_d(&result, kTwo29, &tmp));
+        } else {
+            MP_CHECKOK(mp_mul_d(&result, kTwo28, &tmp));
+        }
+        MP_CHECKOK(mp_add_d(&tmp, in[i], &result));
+    }
+
+    MP_CHECKOK(mp_mul(&result, &kRInv, out));
+    MP_CHECKOK(group->meth->field_mod(out, out, group->meth));
+
+CLEANUP:
+    mp_clear(&result);
+    mp_clear(&tmp);
+    return res;
+}
+
+/* scalar_from_mp_int sets out_scalar=n, where n < the group order. */
+static void
+scalar_from_mp_int(u8 out_scalar[32], const mp_int *n)
+{
+    /* We require that |n| is less than the order of the group and therefore it
+     * will fit into |out_scalar|. However, these is a timing side-channel here
+     * that we cannot avoid: if |n| is sufficiently small it may be one or more
+     * words too short and we'll copy less data.
+     */
+    memset(out_scalar, 0, 32);
+#ifdef IS_LITTLE_ENDIAN
+    memcpy(out_scalar, MP_DIGITS(n), MP_USED(n) * sizeof(mp_digit));
+#else
+    {
+        mp_size i;
+        mp_digit swapped[MP_DIGITS_IN_256_BITS];
+        for (i = 0; i < MP_USED(n); i++) {
+            swapped[i] = BYTESWAP_MP_DIGIT_TO_LE(MP_DIGIT(n, i));
+        }
+        memcpy(out_scalar, swapped, MP_USED(n) * sizeof(mp_digit));
+    }
+#endif
+}
+
+/* ec_GFp_nistp256_base_point_mul sets {out_x,out_y} = nG, where n is < the
+ * order of the group.
+ */
+static mp_err
+ec_GFp_nistp256_base_point_mul(const mp_int *n,
+                               mp_int *out_x, mp_int *out_y,
+                               const ECGroup *group)
+{
+    u8 scalar[32];
+    felem x, y, z, x_affine, y_affine;
+    mp_err res;
+
+    /* FIXME(agl): test that n < order. */
+
+    scalar_from_mp_int(scalar, n);
+    scalar_base_mult(x, y, z, scalar);
+    point_to_affine(x_affine, y_affine, x, y, z);
+    MP_CHECKOK(from_montgomery(out_x, x_affine, group));
+    MP_CHECKOK(from_montgomery(out_y, y_affine, group));
+
+CLEANUP:
+    return res;
+}
+
+/* ec_GFp_nistp256_point_mul sets {out_x,out_y} = n*{in_x,in_y}, where n is <
+ * the order of the group.
+ */
+static mp_err
+ec_GFp_nistp256_point_mul(const mp_int *n,
+                          const mp_int *in_x, const mp_int *in_y,
+                          mp_int *out_x, mp_int *out_y,
+                          const ECGroup *group)
+{
+    u8 scalar[32];
+    felem x, y, z, x_affine, y_affine, px, py;
+    mp_err res;
+
+    scalar_from_mp_int(scalar, n);
+
+    MP_CHECKOK(to_montgomery(px, in_x, group));
+    MP_CHECKOK(to_montgomery(py, in_y, group));
+
+    scalar_mult(x, y, z, px, py, scalar);
+    point_to_affine(x_affine, y_affine, x, y, z);
+    MP_CHECKOK(from_montgomery(out_x, x_affine, group));
+    MP_CHECKOK(from_montgomery(out_y, y_affine, group));
+
+CLEANUP:
+    return res;
+}
+
+/* ec_GFp_nistp256_point_mul_vartime sets {out_x,out_y} = n1*G +
+ * n2*{in_x,in_y}, where n1 and n2 are < the order of the group.
+ *
+ * As indicated by the name, this function operates in variable time. This
+ * is safe because it's used for signature validation which doesn't deal
+ * with secrets.
+ */
+static mp_err
+ec_GFp_nistp256_points_mul_vartime(
+    const mp_int *n1, const mp_int *n2,
+    const mp_int *in_x, const mp_int *in_y,
+    mp_int *out_x, mp_int *out_y,
+    const ECGroup *group)
+{
+    u8 scalar1[32], scalar2[32];
+    felem x1, y1, z1, x2, y2, z2, x_affine, y_affine, px, py;
+    mp_err res = MP_OKAY;
+
+    /* If n2 == NULL, this is just a base-point multiplication. */
+    if (n2 == NULL) {
+        return ec_GFp_nistp256_base_point_mul(n1, out_x, out_y, group);
+    }
+
+    /* If n1 == nULL, this is just an arbitary-point multiplication. */
+    if (n1 == NULL) {
+        return ec_GFp_nistp256_point_mul(n2, in_x, in_y, out_x, out_y, group);
+    }
+
+    /* If both scalars are zero, then the result is the point at infinity. */
+    if (mp_cmp_z(n1) == 0 && mp_cmp_z(n2) == 0) {
+        mp_zero(out_x);
+        mp_zero(out_y);
+        return res;
+    }
+
+    scalar_from_mp_int(scalar1, n1);
+    scalar_from_mp_int(scalar2, n2);
+
+    MP_CHECKOK(to_montgomery(px, in_x, group));
+    MP_CHECKOK(to_montgomery(py, in_y, group));
+    scalar_base_mult(x1, y1, z1, scalar1);
+    scalar_mult(x2, y2, z2, px, py, scalar2);
+
+    if (mp_cmp_z(n2) == 0) {
+        /* If n2 == 0, then {x2,y2,z2} is zero and the result is just
+     * {x1,y1,z1}. */
+    } else if (mp_cmp_z(n1) == 0) {
+        /* If n1 == 0, then {x1,y1,z1} is zero and the result is just
+     * {x2,y2,z2}. */
+        memcpy(x1, x2, sizeof(x2));
+        memcpy(y1, y2, sizeof(y2));
+        memcpy(z1, z2, sizeof(z2));
+    } else {
+        /* This function handles the case where {x1,y1,z1} == {x2,y2,z2}. */
+        point_add_or_double_vartime(x1, y1, z1, x1, y1, z1, x2, y2, z2);
+    }
+
+    point_to_affine(x_affine, y_affine, x1, y1, z1);
+    MP_CHECKOK(from_montgomery(out_x, x_affine, group));
+    MP_CHECKOK(from_montgomery(out_y, y_affine, group));
+
+CLEANUP:
+    return res;
+}
+
+/* Wire in fast point multiplication for named curves. */
+mp_err
+ec_group_set_gfp256_32(ECGroup *group, ECCurveName name)
+{
+    if (name == ECCurve_NIST_P256) {
+        group->base_point_mul = &ec_GFp_nistp256_base_point_mul;
+        group->point_mul = &ec_GFp_nistp256_point_mul;
+        group->points_mul = &ec_GFp_nistp256_points_mul_vartime;
+    }
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_384.c b/nss/lib/freebl/ecl/ecp_384.c
new file mode 100644
index 0000000..702fd97
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_384.c
@@ -0,0 +1,258 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+
+/* Fast modular reduction for p384 = 2^384 - 2^128 - 2^96 + 2^32 - 1.  a can be r.
+ * Uses algorithm 2.30 from Hankerson, Menezes, Vanstone. Guide to
+ * Elliptic Curve Cryptography. */
+static mp_err
+ec_GFp_nistp384_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    int a_bits = mpl_significant_bits(a);
+    int i;
+
+    /* m1, m2 are statically-allocated mp_int of exactly the size we need */
+    mp_int m[10];
+
+#ifdef ECL_THIRTY_TWO_BIT
+    mp_digit s[10][12];
+    for (i = 0; i < 10; i++) {
+        MP_SIGN(&m[i]) = MP_ZPOS;
+        MP_ALLOC(&m[i]) = 12;
+        MP_USED(&m[i]) = 12;
+        MP_DIGITS(&m[i]) = s[i];
+    }
+#else
+    mp_digit s[10][6];
+    for (i = 0; i < 10; i++) {
+        MP_SIGN(&m[i]) = MP_ZPOS;
+        MP_ALLOC(&m[i]) = 6;
+        MP_USED(&m[i]) = 6;
+        MP_DIGITS(&m[i]) = s[i];
+    }
+#endif
+
+#ifdef ECL_THIRTY_TWO_BIT
+    /* for polynomials larger than twice the field size or polynomials
+     * not using all words, use regular reduction */
+    if ((a_bits > 768) || (a_bits <= 736)) {
+        MP_CHECKOK(mp_mod(a, &meth->irr, r));
+    } else {
+        for (i = 0; i < 12; i++) {
+            s[0][i] = MP_DIGIT(a, i);
+        }
+        s[1][0] = 0;
+        s[1][1] = 0;
+        s[1][2] = 0;
+        s[1][3] = 0;
+        s[1][4] = MP_DIGIT(a, 21);
+        s[1][5] = MP_DIGIT(a, 22);
+        s[1][6] = MP_DIGIT(a, 23);
+        s[1][7] = 0;
+        s[1][8] = 0;
+        s[1][9] = 0;
+        s[1][10] = 0;
+        s[1][11] = 0;
+        for (i = 0; i < 12; i++) {
+            s[2][i] = MP_DIGIT(a, i + 12);
+        }
+        s[3][0] = MP_DIGIT(a, 21);
+        s[3][1] = MP_DIGIT(a, 22);
+        s[3][2] = MP_DIGIT(a, 23);
+        for (i = 3; i < 12; i++) {
+            s[3][i] = MP_DIGIT(a, i + 9);
+        }
+        s[4][0] = 0;
+        s[4][1] = MP_DIGIT(a, 23);
+        s[4][2] = 0;
+        s[4][3] = MP_DIGIT(a, 20);
+        for (i = 4; i < 12; i++) {
+            s[4][i] = MP_DIGIT(a, i + 8);
+        }
+        s[5][0] = 0;
+        s[5][1] = 0;
+        s[5][2] = 0;
+        s[5][3] = 0;
+        s[5][4] = MP_DIGIT(a, 20);
+        s[5][5] = MP_DIGIT(a, 21);
+        s[5][6] = MP_DIGIT(a, 22);
+        s[5][7] = MP_DIGIT(a, 23);
+        s[5][8] = 0;
+        s[5][9] = 0;
+        s[5][10] = 0;
+        s[5][11] = 0;
+        s[6][0] = MP_DIGIT(a, 20);
+        s[6][1] = 0;
+        s[6][2] = 0;
+        s[6][3] = MP_DIGIT(a, 21);
+        s[6][4] = MP_DIGIT(a, 22);
+        s[6][5] = MP_DIGIT(a, 23);
+        s[6][6] = 0;
+        s[6][7] = 0;
+        s[6][8] = 0;
+        s[6][9] = 0;
+        s[6][10] = 0;
+        s[6][11] = 0;
+        s[7][0] = MP_DIGIT(a, 23);
+        for (i = 1; i < 12; i++) {
+            s[7][i] = MP_DIGIT(a, i + 11);
+        }
+        s[8][0] = 0;
+        s[8][1] = MP_DIGIT(a, 20);
+        s[8][2] = MP_DIGIT(a, 21);
+        s[8][3] = MP_DIGIT(a, 22);
+        s[8][4] = MP_DIGIT(a, 23);
+        s[8][5] = 0;
+        s[8][6] = 0;
+        s[8][7] = 0;
+        s[8][8] = 0;
+        s[8][9] = 0;
+        s[8][10] = 0;
+        s[8][11] = 0;
+        s[9][0] = 0;
+        s[9][1] = 0;
+        s[9][2] = 0;
+        s[9][3] = MP_DIGIT(a, 23);
+        s[9][4] = MP_DIGIT(a, 23);
+        s[9][5] = 0;
+        s[9][6] = 0;
+        s[9][7] = 0;
+        s[9][8] = 0;
+        s[9][9] = 0;
+        s[9][10] = 0;
+        s[9][11] = 0;
+
+        MP_CHECKOK(mp_add(&m[0], &m[1], r));
+        MP_CHECKOK(mp_add(r, &m[1], r));
+        MP_CHECKOK(mp_add(r, &m[2], r));
+        MP_CHECKOK(mp_add(r, &m[3], r));
+        MP_CHECKOK(mp_add(r, &m[4], r));
+        MP_CHECKOK(mp_add(r, &m[5], r));
+        MP_CHECKOK(mp_add(r, &m[6], r));
+        MP_CHECKOK(mp_sub(r, &m[7], r));
+        MP_CHECKOK(mp_sub(r, &m[8], r));
+        MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
+        s_mp_clamp(r);
+    }
+#else
+    /* for polynomials larger than twice the field size or polynomials
+     * not using all words, use regular reduction */
+    if ((a_bits > 768) || (a_bits <= 736)) {
+        MP_CHECKOK(mp_mod(a, &meth->irr, r));
+    } else {
+        for (i = 0; i < 6; i++) {
+            s[0][i] = MP_DIGIT(a, i);
+        }
+        s[1][0] = 0;
+        s[1][1] = 0;
+        s[1][2] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+        s[1][3] = MP_DIGIT(a, 11) >> 32;
+        s[1][4] = 0;
+        s[1][5] = 0;
+        for (i = 0; i < 6; i++) {
+            s[2][i] = MP_DIGIT(a, i + 6);
+        }
+        s[3][0] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+        s[3][1] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
+        for (i = 2; i < 6; i++) {
+            s[3][i] = (MP_DIGIT(a, i + 4) >> 32) | (MP_DIGIT(a, i + 5) << 32);
+        }
+        s[4][0] = (MP_DIGIT(a, 11) >> 32) << 32;
+        s[4][1] = MP_DIGIT(a, 10) << 32;
+        for (i = 2; i < 6; i++) {
+            s[4][i] = MP_DIGIT(a, i + 4);
+        }
+        s[5][0] = 0;
+        s[5][1] = 0;
+        s[5][2] = MP_DIGIT(a, 10);
+        s[5][3] = MP_DIGIT(a, 11);
+        s[5][4] = 0;
+        s[5][5] = 0;
+        s[6][0] = (MP_DIGIT(a, 10) << 32) >> 32;
+        s[6][1] = (MP_DIGIT(a, 10) >> 32) << 32;
+        s[6][2] = MP_DIGIT(a, 11);
+        s[6][3] = 0;
+        s[6][4] = 0;
+        s[6][5] = 0;
+        s[7][0] = (MP_DIGIT(a, 11) >> 32) | (MP_DIGIT(a, 6) << 32);
+        for (i = 1; i < 6; i++) {
+            s[7][i] = (MP_DIGIT(a, i + 5) >> 32) | (MP_DIGIT(a, i + 6) << 32);
+        }
+        s[8][0] = MP_DIGIT(a, 10) << 32;
+        s[8][1] = (MP_DIGIT(a, 10) >> 32) | (MP_DIGIT(a, 11) << 32);
+        s[8][2] = MP_DIGIT(a, 11) >> 32;
+        s[8][3] = 0;
+        s[8][4] = 0;
+        s[8][5] = 0;
+        s[9][0] = 0;
+        s[9][1] = (MP_DIGIT(a, 11) >> 32) << 32;
+        s[9][2] = MP_DIGIT(a, 11) >> 32;
+        s[9][3] = 0;
+        s[9][4] = 0;
+        s[9][5] = 0;
+
+        MP_CHECKOK(mp_add(&m[0], &m[1], r));
+        MP_CHECKOK(mp_add(r, &m[1], r));
+        MP_CHECKOK(mp_add(r, &m[2], r));
+        MP_CHECKOK(mp_add(r, &m[3], r));
+        MP_CHECKOK(mp_add(r, &m[4], r));
+        MP_CHECKOK(mp_add(r, &m[5], r));
+        MP_CHECKOK(mp_add(r, &m[6], r));
+        MP_CHECKOK(mp_sub(r, &m[7], r));
+        MP_CHECKOK(mp_sub(r, &m[8], r));
+        MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));
+        s_mp_clamp(r);
+    }
+#endif
+
+CLEANUP:
+    return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p384. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p384.
+ */
+static mp_err
+ec_GFp_nistp384_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_sqr(a, r));
+    MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p384.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p384. */
+static mp_err
+ec_GFp_nistp384_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_mul(a, b, r));
+    MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp384(ECGroup *group, ECCurveName name)
+{
+    if (name == ECCurve_NIST_P384) {
+        group->meth->field_mod = &ec_GFp_nistp384_mod;
+        group->meth->field_mul = &ec_GFp_nistp384_mul;
+        group->meth->field_sqr = &ec_GFp_nistp384_sqr;
+    }
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_521.c b/nss/lib/freebl/ecl/ecp_521.c
new file mode 100644
index 0000000..6ca0dbb
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_521.c
@@ -0,0 +1,137 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+
+#define ECP521_DIGITS ECL_CURVE_DIGITS(521)
+
+/* Fast modular reduction for p521 = 2^521 - 1.  a can be r. Uses
+ * algorithm 2.31 from Hankerson, Menezes, Vanstone. Guide to
+ * Elliptic Curve Cryptography. */
+static mp_err
+ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    int a_bits = mpl_significant_bits(a);
+    unsigned int i;
+
+    /* m1, m2 are statically-allocated mp_int of exactly the size we need */
+    mp_int m1;
+
+    mp_digit s1[ECP521_DIGITS] = { 0 };
+
+    MP_SIGN(&m1) = MP_ZPOS;
+    MP_ALLOC(&m1) = ECP521_DIGITS;
+    MP_USED(&m1) = ECP521_DIGITS;
+    MP_DIGITS(&m1) = s1;
+
+    if (a_bits < 521) {
+        if (a == r)
+            return MP_OKAY;
+        return mp_copy(a, r);
+    }
+    /* for polynomials larger than twice the field size or polynomials
+     * not using all words, use regular reduction */
+    if (a_bits > (521 * 2)) {
+        MP_CHECKOK(mp_mod(a, &meth->irr, r));
+    } else {
+#define FIRST_DIGIT (ECP521_DIGITS - 1)
+        for (i = FIRST_DIGIT; i < MP_USED(a) - 1; i++) {
+            s1[i - FIRST_DIGIT] = (MP_DIGIT(a, i) >> 9) | (MP_DIGIT(a, 1 + i) << (MP_DIGIT_BIT - 9));
+        }
+        s1[i - FIRST_DIGIT] = MP_DIGIT(a, i) >> 9;
+
+        if (a != r) {
+            MP_CHECKOK(s_mp_pad(r, ECP521_DIGITS));
+            for (i = 0; i < ECP521_DIGITS; i++) {
+                MP_DIGIT(r, i) = MP_DIGIT(a, i);
+            }
+        }
+        MP_USED(r) = ECP521_DIGITS;
+        MP_DIGIT(r, FIRST_DIGIT) &= 0x1FF;
+
+        MP_CHECKOK(s_mp_add(r, &m1));
+        if (MP_DIGIT(r, FIRST_DIGIT) & 0x200) {
+            MP_CHECKOK(s_mp_add_d(r, 1));
+            MP_DIGIT(r, FIRST_DIGIT) &= 0x1FF;
+        } else if (s_mp_cmp(r, &meth->irr) == 0) {
+            mp_zero(r);
+        }
+        s_mp_clamp(r);
+    }
+
+CLEANUP:
+    return res;
+}
+
+/* Compute the square of polynomial a, reduce modulo p521. Store the
+ * result in r.  r could be a.  Uses optimized modular reduction for p521.
+ */
+static mp_err
+ec_GFp_nistp521_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_sqr(a, r));
+    MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p521.
+ * Store the result in r.  r could be a or b; a could be b.  Uses
+ * optimized modular reduction for p521. */
+static mp_err
+ec_GFp_nistp521_mul(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    MP_CHECKOK(mp_mul(a, b, r));
+    MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+CLEANUP:
+    return res;
+}
+
+/* Divides two field elements. If a is NULL, then returns the inverse of
+ * b. */
+static mp_err
+ec_GFp_nistp521_div(const mp_int *a, const mp_int *b, mp_int *r,
+                    const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+    mp_int t;
+
+    /* If a is NULL, then return the inverse of b, otherwise return a/b. */
+    if (a == NULL) {
+        return mp_invmod(b, &meth->irr, r);
+    } else {
+        /* MPI doesn't support divmod, so we implement it using invmod and
+         * mulmod. */
+        MP_CHECKOK(mp_init(&t));
+        MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
+        MP_CHECKOK(mp_mul(a, &t, r));
+        MP_CHECKOK(ec_GFp_nistp521_mod(r, r, meth));
+    CLEANUP:
+        mp_clear(&t);
+        return res;
+    }
+}
+
+/* Wire in fast field arithmetic and precomputation of base point for
+ * named curves. */
+mp_err
+ec_group_set_gfp521(ECGroup *group, ECCurveName name)
+{
+    if (name == ECCurve_NIST_P521) {
+        group->meth->field_mod = &ec_GFp_nistp521_mod;
+        group->meth->field_mul = &ec_GFp_nistp521_mul;
+        group->meth->field_sqr = &ec_GFp_nistp521_sqr;
+        group->meth->field_div = &ec_GFp_nistp521_div;
+    }
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_aff.c b/nss/lib/freebl/ecl/ecp_aff.c
new file mode 100644
index 0000000..47fb273
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_aff.c
@@ -0,0 +1,308 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "mplogic.h"
+#include <stdlib.h>
+
+/* Checks if point P(px, py) is at infinity.  Uses affine coordinates. */
+mp_err
+ec_GFp_pt_is_inf_aff(const mp_int *px, const mp_int *py)
+{
+
+    if ((mp_cmp_z(px) == 0) && (mp_cmp_z(py) == 0)) {
+        return MP_YES;
+    } else {
+        return MP_NO;
+    }
+}
+
+/* Sets P(px, py) to be the point at infinity.  Uses affine coordinates. */
+mp_err
+ec_GFp_pt_set_inf_aff(mp_int *px, mp_int *py)
+{
+    mp_zero(px);
+    mp_zero(py);
+    return MP_OKAY;
+}
+
+/* Computes R = P + Q based on IEEE P1363 A.10.1. Elliptic curve points P,
+ * Q, and R can all be identical. Uses affine coordinates. Assumes input
+ * is already field-encoded using field_enc, and returns output that is
+ * still field-encoded. */
+mp_err
+ec_GFp_pt_add_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+                  const mp_int *qy, mp_int *rx, mp_int *ry,
+                  const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int lambda, temp, tempx, tempy;
+
+    MP_DIGITS(&lambda) = 0;
+    MP_DIGITS(&temp) = 0;
+    MP_DIGITS(&tempx) = 0;
+    MP_DIGITS(&tempy) = 0;
+    MP_CHECKOK(mp_init(&lambda));
+    MP_CHECKOK(mp_init(&temp));
+    MP_CHECKOK(mp_init(&tempx));
+    MP_CHECKOK(mp_init(&tempy));
+    /* if P = inf, then R = Q */
+    if (ec_GFp_pt_is_inf_aff(px, py) == 0) {
+        MP_CHECKOK(mp_copy(qx, rx));
+        MP_CHECKOK(mp_copy(qy, ry));
+        res = MP_OKAY;
+        goto CLEANUP;
+    }
+    /* if Q = inf, then R = P */
+    if (ec_GFp_pt_is_inf_aff(qx, qy) == 0) {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+        res = MP_OKAY;
+        goto CLEANUP;
+    }
+    /* if px != qx, then lambda = (py-qy) / (px-qx) */
+    if (mp_cmp(px, qx) != 0) {
+        MP_CHECKOK(group->meth->field_sub(py, qy, &tempy, group->meth));
+        MP_CHECKOK(group->meth->field_sub(px, qx, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_div(&tempy, &tempx, &lambda, group->meth));
+    } else {
+        /* if py != qy or qy = 0, then R = inf */
+        if (((mp_cmp(py, qy) != 0)) || (mp_cmp_z(qy) == 0)) {
+            mp_zero(rx);
+            mp_zero(ry);
+            res = MP_OKAY;
+            goto CLEANUP;
+        }
+        /* lambda = (3qx^2+a) / (2qy) */
+        MP_CHECKOK(group->meth->field_sqr(qx, &tempx, group->meth));
+        MP_CHECKOK(mp_set_int(&temp, 3));
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
+        }
+        MP_CHECKOK(group->meth->field_mul(&tempx, &temp, &tempx, group->meth));
+        MP_CHECKOK(group->meth->field_add(&tempx, &group->curvea, &tempx, group->meth));
+        MP_CHECKOK(mp_set_int(&temp, 2));
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(&temp, &temp, group->meth));
+        }
+        MP_CHECKOK(group->meth->field_mul(qy, &temp, &tempy, group->meth));
+        MP_CHECKOK(group->meth->field_div(&tempx, &tempy, &lambda, group->meth));
+    }
+    /* rx = lambda^2 - px - qx */
+    MP_CHECKOK(group->meth->field_sqr(&lambda, &tempx, group->meth));
+    MP_CHECKOK(group->meth->field_sub(&tempx, px, &tempx, group->meth));
+    MP_CHECKOK(group->meth->field_sub(&tempx, qx, &tempx, group->meth));
+    /* ry = (x1-x2) * lambda - y1 */
+    MP_CHECKOK(group->meth->field_sub(qx, &tempx, &tempy, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&tempy, &lambda, &tempy, group->meth));
+    MP_CHECKOK(group->meth->field_sub(&tempy, qy, &tempy, group->meth));
+    MP_CHECKOK(mp_copy(&tempx, rx));
+    MP_CHECKOK(mp_copy(&tempy, ry));
+
+CLEANUP:
+    mp_clear(&lambda);
+    mp_clear(&temp);
+    mp_clear(&tempx);
+    mp_clear(&tempy);
+    return res;
+}
+
+/* Computes R = P - Q. Elliptic curve points P, Q, and R can all be
+ * identical. Uses affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+mp_err
+ec_GFp_pt_sub_aff(const mp_int *px, const mp_int *py, const mp_int *qx,
+                  const mp_int *qy, mp_int *rx, mp_int *ry,
+                  const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int nqy;
+
+    MP_DIGITS(&nqy) = 0;
+    MP_CHECKOK(mp_init(&nqy));
+    /* nqy = -qy */
+    MP_CHECKOK(group->meth->field_neg(qy, &nqy, group->meth));
+    res = group->point_add(px, py, qx, &nqy, rx, ry, group);
+CLEANUP:
+    mp_clear(&nqy);
+    return res;
+}
+
+/* Computes R = 2P. Elliptic curve points P and R can be identical. Uses
+ * affine coordinates. Assumes input is already field-encoded using
+ * field_enc, and returns output that is still field-encoded. */
+mp_err
+ec_GFp_pt_dbl_aff(const mp_int *px, const mp_int *py, mp_int *rx,
+                  mp_int *ry, const ECGroup *group)
+{
+    return ec_GFp_pt_add_aff(px, py, px, py, rx, ry, group);
+}
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+/* Computes R = nP based on IEEE P1363 A.10.3. Elliptic curve points P and
+ * R can be identical. Uses affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+mp_err
+ec_GFp_pt_mul_aff(const mp_int *n, const mp_int *px, const mp_int *py,
+                  mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int k, k3, qx, qy, sx, sy;
+    int b1, b3, i, l;
+
+    MP_DIGITS(&k) = 0;
+    MP_DIGITS(&k3) = 0;
+    MP_DIGITS(&qx) = 0;
+    MP_DIGITS(&qy) = 0;
+    MP_DIGITS(&sx) = 0;
+    MP_DIGITS(&sy) = 0;
+    MP_CHECKOK(mp_init(&k));
+    MP_CHECKOK(mp_init(&k3));
+    MP_CHECKOK(mp_init(&qx));
+    MP_CHECKOK(mp_init(&qy));
+    MP_CHECKOK(mp_init(&sx));
+    MP_CHECKOK(mp_init(&sy));
+
+    /* if n = 0 then r = inf */
+    if (mp_cmp_z(n) == 0) {
+        mp_zero(rx);
+        mp_zero(ry);
+        res = MP_OKAY;
+        goto CLEANUP;
+    }
+    /* Q = P, k = n */
+    MP_CHECKOK(mp_copy(px, &qx));
+    MP_CHECKOK(mp_copy(py, &qy));
+    MP_CHECKOK(mp_copy(n, &k));
+    /* if n < 0 then Q = -Q, k = -k */
+    if (mp_cmp_z(n) < 0) {
+        MP_CHECKOK(group->meth->field_neg(&qy, &qy, group->meth));
+        MP_CHECKOK(mp_neg(&k, &k));
+    }
+#ifdef ECL_DEBUG /* basic double and add method */
+    l = mpl_significant_bits(&k) - 1;
+    MP_CHECKOK(mp_copy(&qx, &sx));
+    MP_CHECKOK(mp_copy(&qy, &sy));
+    for (i = l - 1; i >= 0; i--) {
+        /* S = 2S */
+        MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+        /* if k_i = 1, then S = S + Q */
+        if (mpl_get_bit(&k, i) != 0) {
+            MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+        }
+    }
+#else /* double and add/subtract method from \
+               * standard */
+    /* k3 = 3 * k */
+    MP_CHECKOK(mp_set_int(&k3, 3));
+    MP_CHECKOK(mp_mul(&k, &k3, &k3));
+    /* S = Q */
+    MP_CHECKOK(mp_copy(&qx, &sx));
+    MP_CHECKOK(mp_copy(&qy, &sy));
+    /* l = index of high order bit in binary representation of 3*k */
+    l = mpl_significant_bits(&k3) - 1;
+    /* for i = l-1 downto 1 */
+    for (i = l - 1; i >= 1; i--) {
+        /* S = 2S */
+        MP_CHECKOK(group->point_dbl(&sx, &sy, &sx, &sy, group));
+        b3 = MP_GET_BIT(&k3, i);
+        b1 = MP_GET_BIT(&k, i);
+        /* if k3_i = 1 and k_i = 0, then S = S + Q */
+        if ((b3 == 1) && (b1 == 0)) {
+            MP_CHECKOK(group->point_add(&sx, &sy, &qx, &qy, &sx, &sy, group));
+            /* if k3_i = 0 and k_i = 1, then S = S - Q */
+        } else if ((b3 == 0) && (b1 == 1)) {
+            MP_CHECKOK(group->point_sub(&sx, &sy, &qx, &qy, &sx, &sy, group));
+        }
+    }
+#endif
+    /* output S */
+    MP_CHECKOK(mp_copy(&sx, rx));
+    MP_CHECKOK(mp_copy(&sy, ry));
+
+CLEANUP:
+    mp_clear(&k);
+    mp_clear(&k3);
+    mp_clear(&qx);
+    mp_clear(&qy);
+    mp_clear(&sx);
+    mp_clear(&sy);
+    return res;
+}
+#endif
+
+/* Validates a point on a GFp curve. */
+mp_err
+ec_GFp_validate_point(const mp_int *px, const mp_int *py, const ECGroup *group)
+{
+    mp_err res = MP_NO;
+    mp_int accl, accr, tmp, pxt, pyt;
+
+    MP_DIGITS(&accl) = 0;
+    MP_DIGITS(&accr) = 0;
+    MP_DIGITS(&tmp) = 0;
+    MP_DIGITS(&pxt) = 0;
+    MP_DIGITS(&pyt) = 0;
+    MP_CHECKOK(mp_init(&accl));
+    MP_CHECKOK(mp_init(&accr));
+    MP_CHECKOK(mp_init(&tmp));
+    MP_CHECKOK(mp_init(&pxt));
+    MP_CHECKOK(mp_init(&pyt));
+
+    /* 1: Verify that publicValue is not the point at infinity */
+    if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    /* 2: Verify that the coordinates of publicValue are elements
+     *    of the field.
+     */
+    if ((MP_SIGN(px) == MP_NEG) || (mp_cmp(px, &group->meth->irr) >= 0) ||
+        (MP_SIGN(py) == MP_NEG) || (mp_cmp(py, &group->meth->irr) >= 0)) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    /* 3: Verify that publicValue is on the curve. */
+    if (group->meth->field_enc) {
+        group->meth->field_enc(px, &pxt, group->meth);
+        group->meth->field_enc(py, &pyt, group->meth);
+    } else {
+        MP_CHECKOK(mp_copy(px, &pxt));
+        MP_CHECKOK(mp_copy(py, &pyt));
+    }
+    /* left-hand side: y^2  */
+    MP_CHECKOK(group->meth->field_sqr(&pyt, &accl, group->meth));
+    /* right-hand side: x^3 + a*x + b = (x^2 + a)*x + b by Horner's rule */
+    MP_CHECKOK(group->meth->field_sqr(&pxt, &tmp, group->meth));
+    MP_CHECKOK(group->meth->field_add(&tmp, &group->curvea, &tmp, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&tmp, &pxt, &accr, group->meth));
+    MP_CHECKOK(group->meth->field_add(&accr, &group->curveb, &accr, group->meth));
+    /* check LHS - RHS == 0 */
+    MP_CHECKOK(group->meth->field_sub(&accl, &accr, &accr, group->meth));
+    if (mp_cmp_z(&accr) != 0) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    /* 4: Verify that the order of the curve times the publicValue
+     *    is the point at infinity.
+     */
+    MP_CHECKOK(ECPoint_mul(group, &group->order, px, py, &pxt, &pyt));
+    if (ec_GFp_pt_is_inf_aff(&pxt, &pyt) != MP_YES) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    res = MP_YES;
+
+CLEANUP:
+    mp_clear(&accl);
+    mp_clear(&accr);
+    mp_clear(&tmp);
+    mp_clear(&pxt);
+    mp_clear(&pyt);
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/ecp_fp.c b/nss/lib/freebl/ecl/ecp_fp.c
new file mode 100644
index 0000000..2adffb3
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_fp.c
@@ -0,0 +1,531 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp_fp.h"
+#include "ecl-priv.h"
+#include <stdlib.h>
+
+/* Performs tidying on a short multi-precision floating point integer (the
+ * lower group->numDoubles floats). */
+void
+ecfp_tidyShort(double *t, const EC_group_fp *group)
+{
+    group->ecfp_tidy(t, group->alpha, group);
+}
+
+/* Performs tidying on only the upper float digits of a multi-precision
+ * floating point integer, i.e. the digits beyond the regular length which
+ * are removed in the reduction step. */
+void
+ecfp_tidyUpper(double *t, const EC_group_fp *group)
+{
+    group->ecfp_tidy(t + group->numDoubles,
+                     group->alpha + group->numDoubles, group);
+}
+
+/* Performs a "tidy" operation, which performs carrying, moving excess
+ * bits from one double to the next double, so that the precision of the
+ * doubles is reduced to the regular precision group->doubleBitSize. This
+ * might result in some float digits being negative. Alternative C version
+ * for portability. */
+void
+ecfp_tidy(double *t, const double *alpha, const EC_group_fp *group)
+{
+    double q;
+    int i;
+
+    /* Do carrying */
+    for (i = 0; i < group->numDoubles - 1; i++) {
+        q = t[i] + alpha[i + 1];
+        q -= alpha[i + 1];
+        t[i] -= q;
+        t[i + 1] += q;
+
+        /* If we don't assume that truncation rounding is used, then q
+         * might be 2^n bigger than expected (if it rounds up), then t[0]
+         * could be negative and t[1] 2^n larger than expected. */
+    }
+}
+
+/* Performs a more mathematically precise "tidying" so that each term is
+ * positive.  This is slower than the regular tidying, and is used for
+ * conversion from floating point to integer. */
+void
+ecfp_positiveTidy(double *t, const EC_group_fp *group)
+{
+    double q;
+    int i;
+
+    /* Do carrying */
+    for (i = 0; i < group->numDoubles - 1; i++) {
+        /* Subtract beta to force rounding down */
+        q = t[i] - ecfp_beta[i + 1];
+        q += group->alpha[i + 1];
+        q -= group->alpha[i + 1];
+        t[i] -= q;
+        t[i + 1] += q;
+
+        /* Due to subtracting ecfp_beta, we should have each term a
+         * non-negative int */
+        ECFP_ASSERT(t[i] / ecfp_exp[i] ==
+                    (unsigned long long)(t[i] / ecfp_exp[i]));
+        ECFP_ASSERT(t[i] >= 0);
+    }
+}
+
+/* Converts from a floating point representation into an mp_int. Expects
+ * that d is already reduced. */
+void
+ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup)
+{
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+    unsigned short i16[(group->primeBitSize + 15) / 16];
+    double q = 1;
+
+#ifdef ECL_THIRTY_TWO_BIT
+    /* TEST uint32_t z = 0; */
+    unsigned int z = 0;
+#else
+    uint64_t z = 0;
+#endif
+    int zBits = 0;
+    int copiedBits = 0;
+    int i = 0;
+    int j = 0;
+
+    mp_digit *out;
+
+    /* Result should always be >= 0, so set sign accordingly */
+    MP_SIGN(mpout) = MP_ZPOS;
+
+    /* Tidy up so we're just dealing with positive numbers */
+    ecfp_positiveTidy(d, group);
+
+    /* We might need to do this reduction step more than once if the
+     * reduction adds smaller terms which carry-over to cause another
+     * reduction. However, this should happen very rarely, if ever,
+     * depending on the elliptic curve. */
+    do {
+        /* Init loop data */
+        z = 0;
+        zBits = 0;
+        q = 1;
+        i = 0;
+        j = 0;
+        copiedBits = 0;
+
+        /* Might have to do a bit more reduction */
+        group->ecfp_singleReduce(d, group);
+
+        /* Grow the size of the mpint if it's too small */
+        s_mp_grow(mpout, group->numInts);
+        MP_USED(mpout) = group->numInts;
+        out = MP_DIGITS(mpout);
+
+        /* Convert double to 16 bit integers */
+        while (copiedBits < group->primeBitSize) {
+            if (zBits < 16) {
+                z += d[i] * q;
+                i++;
+                ECFP_ASSERT(i < (group->primeBitSize + 15) / 16);
+                zBits += group->doubleBitSize;
+            }
+            i16[j] = z;
+            j++;
+            z >>= 16;
+            zBits -= 16;
+            q *= ecfp_twom16;
+            copiedBits += 16;
+        }
+    } while (z != 0);
+
+/* Convert 16 bit integers to mp_digit */
+#ifdef ECL_THIRTY_TWO_BIT
+    for (i = 0; i < (group->primeBitSize + 15) / 16; i += 2) {
+        *out = 0;
+        if (i + 1 < (group->primeBitSize + 15) / 16) {
+            *out = i16[i + 1];
+            *out <<= 16;
+        }
+        *out++ += i16[i];
+    }
+#else /* 64 bit */
+    for (i = 0; i < (group->primeBitSize + 15) / 16; i += 4) {
+        *out = 0;
+        if (i + 3 < (group->primeBitSize + 15) / 16) {
+            *out = i16[i + 3];
+            *out <<= 16;
+        }
+        if (i + 2 < (group->primeBitSize + 15) / 16) {
+            *out += i16[i + 2];
+            *out <<= 16;
+        }
+        if (i + 1 < (group->primeBitSize + 15) / 16) {
+            *out += i16[i + 1];
+            *out <<= 16;
+        }
+        *out++ += i16[i];
+    }
+#endif
+
+    /* Perform final reduction.  mpout should already be the same number
+     * of bits as p, but might not be less than p.  Make it so. Since
+     * mpout has the same number of bits as p, and 2p has a larger bit
+     * size, then mpout < 2p, so a single subtraction of p will suffice. */
+    if (mp_cmp(mpout, &ecgroup->meth->irr) >= 0) {
+        mp_sub(mpout, &ecgroup->meth->irr, mpout);
+    }
+
+    /* Shrink the size of the mp_int to the actual used size (required for
+     * mp_cmp_z == 0) */
+    out = MP_DIGITS(mpout);
+    for (i = group->numInts - 1; i > 0; i--) {
+        if (out[i] != 0)
+            break;
+    }
+    MP_USED(mpout) = i + 1;
+
+    /* Should be between 0 and p-1 */
+    ECFP_ASSERT(mp_cmp(mpout, &ecgroup->meth->irr) < 0);
+    ECFP_ASSERT(mp_cmp_z(mpout) >= 0);
+}
+
+/* Converts from an mpint into a floating point representation. */
+void
+ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup)
+{
+    int i;
+    int j = 0;
+    int size;
+    double shift = 1;
+    mp_digit *in;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+#ifdef ECL_DEBUG
+    /* if debug mode, convert result back using ecfp_fp2i into cmp, then
+     * compare to x. */
+    mp_int cmp;
+
+    MP_DIGITS(&cmp) = NULL;
+    mp_init(&cmp);
+#endif
+
+    ECFP_ASSERT(group != NULL);
+
+    /* init output to 0 (since we skip over some terms) */
+    for (i = 0; i < group->numDoubles; i++)
+        out[i] = 0;
+    i = 0;
+
+    size = MP_USED(x);
+    in = MP_DIGITS(x);
+
+/* Copy from int into doubles */
+#ifdef ECL_THIRTY_TWO_BIT
+    while (j < size) {
+        while (group->doubleBitSize * (i + 1) <= 32 * j) {
+            i++;
+        }
+        ECFP_ASSERT(group->doubleBitSize * i <= 32 * j);
+        out[i] = in[j];
+        out[i] *= shift;
+        shift *= ecfp_two32;
+        j++;
+    }
+#else
+    while (j < size) {
+        while (group->doubleBitSize * (i + 1) <= 64 * j) {
+            i++;
+        }
+        ECFP_ASSERT(group->doubleBitSize * i <= 64 * j);
+        out[i] = (in[j] & 0x00000000FFFFFFFF) * shift;
+
+        while (group->doubleBitSize * (i + 1) <= 64 * j + 32) {
+            i++;
+        }
+        ECFP_ASSERT(24 * i <= 64 * j + 32);
+        out[i] = (in[j] & 0xFFFFFFFF00000000) * shift;
+
+        shift *= ecfp_two64;
+        j++;
+    }
+#endif
+    /* Realign bits to match double boundaries */
+    ecfp_tidyShort(out, group);
+
+#ifdef ECL_DEBUG
+    /* Convert result back to mp_int, compare to original */
+    ecfp_fp2i(&cmp, out, ecgroup);
+    ECFP_ASSERT(mp_cmp(&cmp, x) == 0);
+    mp_clear(&cmp);
+#endif
+}
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses Jacobian coordinates. Uses 4-bit window method. */
+mp_err
+ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
+                           const mp_int *py, mp_int *rx, mp_int *ry,
+                           const ECGroup *ecgroup)
+{
+    mp_err res = MP_OKAY;
+    ecfp_jac_pt precomp[16], r;
+    ecfp_aff_pt p;
+    EC_group_fp *group;
+
+    mp_int rz;
+    int i, ni, d;
+
+    ARGCHK(ecgroup != NULL, MP_BADARG);
+    ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+    group = (EC_group_fp *)ecgroup->extra1;
+    MP_DIGITS(&rz) = 0;
+    MP_CHECKOK(mp_init(&rz));
+
+    /* init p, da */
+    ecfp_i2fp(p.x, px, ecgroup);
+    ecfp_i2fp(p.y, py, ecgroup);
+    ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+    /* Do precomputation */
+    group->precompute_jac(precomp, &p, group);
+
+    /* Do main body of calculations */
+    d = (mpl_significant_bits(n) + 3) / 4;
+
+    /* R = inf */
+    for (i = 0; i < group->numDoubles; i++) {
+        r.z[i] = 0;
+    }
+
+    for (i = d - 1; i >= 0; i--) {
+        /* compute window ni */
+        ni = MP_GET_BIT(n, 4 * i + 3);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i + 2);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i + 1);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i);
+
+        /* R = 2^4 * R */
+        group->pt_dbl_jac(&r, &r, group);
+        group->pt_dbl_jac(&r, &r, group);
+        group->pt_dbl_jac(&r, &r, group);
+        group->pt_dbl_jac(&r, &r, group);
+
+        /* R = R + (ni * P) */
+        group->pt_add_jac(&r, &precomp[ni], &r, group);
+    }
+
+    /* Convert back to integer */
+    ecfp_fp2i(rx, r.x, ecgroup);
+    ecfp_fp2i(ry, r.y, ecgroup);
+    ecfp_fp2i(&rz, r.z, ecgroup);
+
+    /* convert result S to affine coordinates */
+    MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, ecgroup));
+
+CLEANUP:
+    mp_clear(&rz);
+    return res;
+}
+
+/* Uses mixed Jacobian-affine coordinates to perform a point
+ * multiplication: R = n * P, n scalar. Uses mixed Jacobian-affine
+ * coordinates (Jacobian coordinates for doubles and affine coordinates
+ * for additions; based on recommendation from Brown et al.). Not very
+ * time efficient but quite space efficient, no precomputation needed.
+ * group contains the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical. Performs calculations in floating point number format, since
+ * this is faster than the integer operations on the ULTRASPARC III.
+ * Uses left-to-right binary method (double & add) (algorithm 9) for
+ * scalar-point multiplication from Brown, Hankerson, Lopez, Menezes.
+ * Software Implementation of the NIST Elliptic Curves Over Prime Fields. */
+mp_err
+ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py,
+                     mp_int *rx, mp_int *ry, const ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int sx, sy, sz;
+
+    ecfp_aff_pt p;
+    ecfp_jac_pt r;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    int i, l;
+
+    MP_DIGITS(&sx) = 0;
+    MP_DIGITS(&sy) = 0;
+    MP_DIGITS(&sz) = 0;
+    MP_CHECKOK(mp_init(&sx));
+    MP_CHECKOK(mp_init(&sy));
+    MP_CHECKOK(mp_init(&sz));
+
+    /* if n = 0 then r = inf */
+    if (mp_cmp_z(n) == 0) {
+        mp_zero(rx);
+        mp_zero(ry);
+        res = MP_OKAY;
+        goto CLEANUP;
+        /* if n < 0 then out of range error */
+    } else if (mp_cmp_z(n) < 0) {
+        res = MP_RANGE;
+        goto CLEANUP;
+    }
+
+    /* Convert from integer to floating point */
+    ecfp_i2fp(p.x, px, ecgroup);
+    ecfp_i2fp(p.y, py, ecgroup);
+    ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+    /* Init r to point at infinity */
+    for (i = 0; i < group->numDoubles; i++) {
+        r.z[i] = 0;
+    }
+
+    /* double and add method */
+    l = mpl_significant_bits(n) - 1;
+
+    for (i = l; i >= 0; i--) {
+        /* R = 2R */
+        group->pt_dbl_jac(&r, &r, group);
+
+        /* if n_i = 1, then R = R + Q */
+        if (MP_GET_BIT(n, i) != 0) {
+            group->pt_add_jac_aff(&r, &p, &r, group);
+        }
+    }
+
+    /* Convert from floating point to integer */
+    ecfp_fp2i(&sx, r.x, ecgroup);
+    ecfp_fp2i(&sy, r.y, ecgroup);
+    ecfp_fp2i(&sz, r.z, ecgroup);
+
+    /* convert result R to affine coordinates */
+    MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
+
+CLEANUP:
+    mp_clear(&sx);
+    mp_clear(&sy);
+    mp_clear(&sz);
+    return res;
+}
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
+ * curve points P and R can be identical. Uses mixed Modified-Jacobian
+ * co-ordinates for doubling and Chudnovsky Jacobian coordinates for
+ * additions. Uses 5-bit window NAF method (algorithm 11) for scalar-point
+ * multiplication from Brown, Hankerson, Lopez, Menezes. Software
+ * Implementation of the NIST Elliptic Curves Over Prime Fields. */
+mp_err
+ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px,
+                         const mp_int *py, mp_int *rx, mp_int *ry,
+                         const ECGroup *ecgroup)
+{
+    mp_err res = MP_OKAY;
+    mp_int sx, sy, sz;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+    ecfp_chud_pt precomp[16];
+
+    ecfp_aff_pt p;
+    ecfp_jm_pt r;
+
+    signed char naf[group->orderBitSize + 1];
+    int i;
+
+    MP_DIGITS(&sx) = 0;
+    MP_DIGITS(&sy) = 0;
+    MP_DIGITS(&sz) = 0;
+    MP_CHECKOK(mp_init(&sx));
+    MP_CHECKOK(mp_init(&sy));
+    MP_CHECKOK(mp_init(&sz));
+
+    /* if n = 0 then r = inf */
+    if (mp_cmp_z(n) == 0) {
+        mp_zero(rx);
+        mp_zero(ry);
+        res = MP_OKAY;
+        goto CLEANUP;
+        /* if n < 0 then out of range error */
+    } else if (mp_cmp_z(n) < 0) {
+        res = MP_RANGE;
+        goto CLEANUP;
+    }
+
+    /* Convert from integer to floating point */
+    ecfp_i2fp(p.x, px, ecgroup);
+    ecfp_i2fp(p.y, py, ecgroup);
+    ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+    /* Perform precomputation */
+    group->precompute_chud(precomp, &p, group);
+
+    /* Compute 5NAF */
+    ec_compute_wNAF(naf, group->orderBitSize, n, 5);
+
+    /* Init R = pt at infinity */
+    for (i = 0; i < group->numDoubles; i++) {
+        r.z[i] = 0;
+    }
+
+    /* wNAF method */
+    for (i = group->orderBitSize; i >= 0; i--) {
+        /* R = 2R */
+        group->pt_dbl_jm(&r, &r, group);
+
+        if (naf[i] != 0) {
+            group->pt_add_jm_chud(&r, &precomp[(naf[i] + 15) / 2], &r,
+                                  group);
+        }
+    }
+
+    /* Convert from floating point to integer */
+    ecfp_fp2i(&sx, r.x, ecgroup);
+    ecfp_fp2i(&sy, r.y, ecgroup);
+    ecfp_fp2i(&sz, r.z, ecgroup);
+
+    /* convert result R to affine coordinates */
+    MP_CHECKOK(ec_GFp_pt_jac2aff(&sx, &sy, &sz, rx, ry, ecgroup));
+
+CLEANUP:
+    mp_clear(&sx);
+    mp_clear(&sy);
+    mp_clear(&sz);
+    return res;
+}
+
+/* Cleans up extra memory allocated in ECGroup for this implementation. */
+void
+ec_GFp_extra_free_fp(ECGroup *group)
+{
+    if (group->extra1 != NULL) {
+        free(group->extra1);
+        group->extra1 = NULL;
+    }
+}
+
+/* Tests what precision floating point arithmetic is set to. This should
+ * be either a 53-bit mantissa (IEEE standard) or a 64-bit mantissa
+ * (extended precision on x86) and sets it into the EC_group_fp. Returns
+ * either 53 or 64 accordingly. */
+int
+ec_set_fp_precision(EC_group_fp *group)
+{
+    double a = 9007199254740992.0; /* 2^53 */
+    double b = a + 1;
+
+    if (a == b) {
+        group->fpPrecision = 53;
+        group->alpha = ecfp_alpha_53;
+        return 53;
+    }
+    group->fpPrecision = 64;
+    group->alpha = ecfp_alpha_64;
+    return 64;
+}
diff --git a/nss/lib/freebl/ecl/ecp_fp.h b/nss/lib/freebl/ecl/ecp_fp.h
new file mode 100644
index 0000000..6fff063
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_fp.h
@@ -0,0 +1,371 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ecp_fp_h_
+#define __ecp_fp_h_
+
+#include "mpi.h"
+#include "ecl.h"
+#include "ecp.h"
+
+#include <sys/types.h>
+#include "mpi-priv.h"
+
+#ifdef ECL_DEBUG
+#include <assert.h>
+#endif
+
+/* Largest number of doubles to store one reduced number in floating
+ * point. Used for memory allocation on the stack. */
+#define ECFP_MAXDOUBLES 10
+
+/* For debugging purposes */
+#ifndef ECL_DEBUG
+#define ECFP_ASSERT(x)
+#else
+#define ECFP_ASSERT(x) assert(x)
+#endif
+
+/* ECFP_Ti = 2^(i*24) Define as preprocessor constants so we can use in
+ * multiple static constants */
+#define ECFP_T0 1.0
+#define ECFP_T1 16777216.0
+#define ECFP_T2 281474976710656.0
+#define ECFP_T3 4722366482869645213696.0
+#define ECFP_T4 79228162514264337593543950336.0
+#define ECFP_T5 1329227995784915872903807060280344576.0
+#define ECFP_T6 22300745198530623141535718272648361505980416.0
+#define ECFP_T7 374144419156711147060143317175368453031918731001856.0
+#define ECFP_T8 6277101735386680763835789423207666416102355444464034512896.0
+#define ECFP_T9 105312291668557186697918027683670432318895095400549111254310977536.0
+#define ECFP_T10 1766847064778384329583297500742918515827483896875618958121606201292619776.0
+#define ECFP_T11 29642774844752946028434172162224104410437116074403984394101141506025761187823616.0
+#define ECFP_T12 497323236409786642155382248146820840100456150797347717440463976893159497012533375533056.0
+#define ECFP_T13 8343699359066055009355553539724812947666814540455674882605631280555545803830627148527195652096.0
+#define ECFP_T14 139984046386112763159840142535527767382602843577165595931249318810236991948760059086304843329475444736.0
+#define ECFP_T15 2348542582773833227889480596789337027375682548908319870707290971532209025114608443463698998384768703031934976.0
+#define ECFP_T16 39402006196394479212279040100143613805079739270465446667948293404245\
+721771497210611414266254884915640806627990306816.0
+#define ECFP_T17 66105596879024859895191530803277103982840468296428121928464879527440\
+5791236311345825189210439715284847591212025023358304256.0
+#define ECFP_T18 11090678776483259438313656736572334813745748301503266300681918322458\
+485231222502492159897624416558312389564843845614287315896631296.0
+#define ECFP_T19 18607071341967536398062689481932916079453218833595342343206149099024\
+36577570298683715049089827234727835552055312041415509848580169253519\
+36.0
+
+#define ECFP_TWO160 1461501637330902918203684832716283019655932542976.0
+#define ECFP_TWO192 6277101735386680763835789423207666416102355444464034512896.0
+#define ECFP_TWO224 26959946667150639794667015087019630673637144422540572481103610249216.0
+
+/* Multiplicative constants */
+static const double ecfp_two32 = 4294967296.0;
+static const double ecfp_two64 = 18446744073709551616.0;
+static const double ecfp_twom16 = .0000152587890625;
+static const double ecfp_twom128 =
+    .00000000000000000000000000000000000000293873587705571876992184134305561419454666389193021880377187926569604314863681793212890625;
+static const double ecfp_twom129 =
+    .000000000000000000000000000000000000001469367938527859384960920671527807097273331945965109401885939632848021574318408966064453125;
+static const double ecfp_twom160 =
+    .0000000000000000000000000000000000000000000000006842277657836020854119773355907793609766904013068924666782559979930620520927053718196475529111921787261962890625;
+static const double ecfp_twom192 =
+    .000000000000000000000000000000000000000000000000000000000159309191113245227702888039776771180559110455519261878607388585338616290151305816094308987472018268594098344692611135542392730712890625;
+static const double ecfp_twom224 =
+    .00000000000000000000000000000000000000000000000000000000000000000003709206150687421385731735261547639513367564778757791002453039058917581340095629358997312082723208437536338919136001159027049567384892725385725498199462890625;
+
+/* ecfp_exp[i] = 2^(i*ECFP_DSIZE) */
+static const double ecfp_exp[2 * ECFP_MAXDOUBLES] = {
+    ECFP_T0, ECFP_T1, ECFP_T2, ECFP_T3, ECFP_T4, ECFP_T5,
+    ECFP_T6, ECFP_T7, ECFP_T8, ECFP_T9, ECFP_T10, ECFP_T11,
+    ECFP_T12, ECFP_T13, ECFP_T14, ECFP_T15, ECFP_T16, ECFP_T17, ECFP_T18,
+    ECFP_T19
+};
+
+/* 1.1 * 2^52 Uses 2^52 to truncate, the .1 is an extra 2^51 to protect
+ * the 2^52 bit, so that adding alphas to a negative number won't borrow
+ * and empty the important 2^52 bit */
+#define ECFP_ALPHABASE_53 6755399441055744.0
+/* Special case: On some platforms, notably x86 Linux, there is an
+ * extended-precision floating point representation with 64-bits of
+ * precision in the mantissa.  These extra bits of precision require a
+ * larger value of alpha to truncate, i.e. 1.1 * 2^63. */
+#define ECFP_ALPHABASE_64 13835058055282163712.0
+
+/*
+ * ecfp_alpha[i] = 1.5 * 2^(52 + i*ECFP_DSIZE) we add and subtract alpha
+ * to truncate floating point numbers to a certain number of bits for
+ * tidying */
+static const double ecfp_alpha_53[2 * ECFP_MAXDOUBLES] = {
+    ECFP_ALPHABASE_53 * ECFP_T0,
+    ECFP_ALPHABASE_53 *ECFP_T1,
+    ECFP_ALPHABASE_53 *ECFP_T2,
+    ECFP_ALPHABASE_53 *ECFP_T3,
+    ECFP_ALPHABASE_53 *ECFP_T4,
+    ECFP_ALPHABASE_53 *ECFP_T5,
+    ECFP_ALPHABASE_53 *ECFP_T6,
+    ECFP_ALPHABASE_53 *ECFP_T7,
+    ECFP_ALPHABASE_53 *ECFP_T8,
+    ECFP_ALPHABASE_53 *ECFP_T9,
+    ECFP_ALPHABASE_53 *ECFP_T10,
+    ECFP_ALPHABASE_53 *ECFP_T11,
+    ECFP_ALPHABASE_53 *ECFP_T12,
+    ECFP_ALPHABASE_53 *ECFP_T13,
+    ECFP_ALPHABASE_53 *ECFP_T14,
+    ECFP_ALPHABASE_53 *ECFP_T15,
+    ECFP_ALPHABASE_53 *ECFP_T16,
+    ECFP_ALPHABASE_53 *ECFP_T17,
+    ECFP_ALPHABASE_53 *ECFP_T18,
+    ECFP_ALPHABASE_53 *ECFP_T19
+};
+
+/*
+ * ecfp_alpha[i] = 1.5 * 2^(63 + i*ECFP_DSIZE) we add and subtract alpha
+ * to truncate floating point numbers to a certain number of bits for
+ * tidying */
+static const double ecfp_alpha_64[2 * ECFP_MAXDOUBLES] = {
+    ECFP_ALPHABASE_64 * ECFP_T0,
+    ECFP_ALPHABASE_64 *ECFP_T1,
+    ECFP_ALPHABASE_64 *ECFP_T2,
+    ECFP_ALPHABASE_64 *ECFP_T3,
+    ECFP_ALPHABASE_64 *ECFP_T4,
+    ECFP_ALPHABASE_64 *ECFP_T5,
+    ECFP_ALPHABASE_64 *ECFP_T6,
+    ECFP_ALPHABASE_64 *ECFP_T7,
+    ECFP_ALPHABASE_64 *ECFP_T8,
+    ECFP_ALPHABASE_64 *ECFP_T9,
+    ECFP_ALPHABASE_64 *ECFP_T10,
+    ECFP_ALPHABASE_64 *ECFP_T11,
+    ECFP_ALPHABASE_64 *ECFP_T12,
+    ECFP_ALPHABASE_64 *ECFP_T13,
+    ECFP_ALPHABASE_64 *ECFP_T14,
+    ECFP_ALPHABASE_64 *ECFP_T15,
+    ECFP_ALPHABASE_64 *ECFP_T16,
+    ECFP_ALPHABASE_64 *ECFP_T17,
+    ECFP_ALPHABASE_64 *ECFP_T18,
+    ECFP_ALPHABASE_64 *ECFP_T19
+};
+
+/* 0.011111111111111111111111 (binary) = 0.5 - 2^25 (24 ones) */
+#define ECFP_BETABASE 0.4999999701976776123046875
+
+/*
+ * We subtract beta prior to using alpha to simulate rounding down. We
+ * make this close to 0.5 to round almost everything down, but exactly 0.5
+ * would cause some incorrect rounding. */
+static const double ecfp_beta[2 * ECFP_MAXDOUBLES] = {
+    ECFP_BETABASE * ECFP_T0,
+    ECFP_BETABASE *ECFP_T1,
+    ECFP_BETABASE *ECFP_T2,
+    ECFP_BETABASE *ECFP_T3,
+    ECFP_BETABASE *ECFP_T4,
+    ECFP_BETABASE *ECFP_T5,
+    ECFP_BETABASE *ECFP_T6,
+    ECFP_BETABASE *ECFP_T7,
+    ECFP_BETABASE *ECFP_T8,
+    ECFP_BETABASE *ECFP_T9,
+    ECFP_BETABASE *ECFP_T10,
+    ECFP_BETABASE *ECFP_T11,
+    ECFP_BETABASE *ECFP_T12,
+    ECFP_BETABASE *ECFP_T13,
+    ECFP_BETABASE *ECFP_T14,
+    ECFP_BETABASE *ECFP_T15,
+    ECFP_BETABASE *ECFP_T16,
+    ECFP_BETABASE *ECFP_T17,
+    ECFP_BETABASE *ECFP_T18,
+    ECFP_BETABASE *ECFP_T19
+};
+
+static const double ecfp_beta_160 = ECFP_BETABASE * ECFP_TWO160;
+static const double ecfp_beta_192 = ECFP_BETABASE * ECFP_TWO192;
+static const double ecfp_beta_224 = ECFP_BETABASE * ECFP_TWO224;
+
+/* Affine EC Point. This is the basic representation (x, y) of an elliptic
+ * curve point. */
+typedef struct {
+    double x[ECFP_MAXDOUBLES];
+    double y[ECFP_MAXDOUBLES];
+} ecfp_aff_pt;
+
+/* Jacobian EC Point. This coordinate system uses X = x/z^2, Y = y/z^3,
+ * which enables calculations with fewer inversions than affine
+ * coordinates. */
+typedef struct {
+    double x[ECFP_MAXDOUBLES];
+    double y[ECFP_MAXDOUBLES];
+    double z[ECFP_MAXDOUBLES];
+} ecfp_jac_pt;
+
+/* Chudnovsky Jacobian EC Point. This coordinate system is the same as
+ * Jacobian, except it keeps z^2, z^3 for faster additions. */
+typedef struct {
+    double x[ECFP_MAXDOUBLES];
+    double y[ECFP_MAXDOUBLES];
+    double z[ECFP_MAXDOUBLES];
+    double z2[ECFP_MAXDOUBLES];
+    double z3[ECFP_MAXDOUBLES];
+} ecfp_chud_pt;
+
+/* Modified Jacobian EC Point. This coordinate system is the same as
+ * Jacobian, except it keeps a*z^4 for faster doublings. */
+typedef struct {
+    double x[ECFP_MAXDOUBLES];
+    double y[ECFP_MAXDOUBLES];
+    double z[ECFP_MAXDOUBLES];
+    double az4[ECFP_MAXDOUBLES];
+} ecfp_jm_pt;
+
+struct EC_group_fp_str;
+
+typedef struct EC_group_fp_str EC_group_fp;
+struct EC_group_fp_str {
+    int fpPrecision; /* Set to number of bits in mantissa, 53
+                                 * or 64 */
+    int numDoubles;
+    int primeBitSize;
+    int orderBitSize;
+    int doubleBitSize;
+    int numInts;
+    int aIsM3; /* True if curvea == -3 (mod p), then we
+                                 * can optimize doubling */
+    double curvea[ECFP_MAXDOUBLES];
+    /* Used to truncate a double to the number of bits in the curve */
+    double bitSize_alpha;
+    /* Pointer to either ecfp_alpha_53 or ecfp_alpha_64 */
+    const double *alpha;
+
+    void (*ecfp_singleReduce)(double *r, const EC_group_fp *group);
+    void (*ecfp_reduce)(double *r, double *x, const EC_group_fp *group);
+    /* Performs a "tidy" operation, which performs carrying, moving excess
+     * bits from one double to the next double, so that the precision of
+     * the doubles is reduced to the regular precision ECFP_DSIZE. This
+     * might result in some float digits being negative. */
+    void (*ecfp_tidy)(double *t, const double *alpha,
+                      const EC_group_fp *group);
+    /* Perform a point addition using coordinate system Jacobian + Affine
+     * -> Jacobian. Input and output should be multi-precision floating
+     * point integers. */
+    void (*pt_add_jac_aff)(const ecfp_jac_pt *p, const ecfp_aff_pt *q,
+                           ecfp_jac_pt *r, const EC_group_fp *group);
+    /* Perform a point doubling in Jacobian coordinates. Input and output
+     * should be multi-precision floating point integers. */
+    void (*pt_dbl_jac)(const ecfp_jac_pt *dp, ecfp_jac_pt *dr,
+                       const EC_group_fp *group);
+    /* Perform a point addition using Jacobian coordinate system. Input
+     * and output should be multi-precision floating point integers. */
+    void (*pt_add_jac)(const ecfp_jac_pt *p, const ecfp_jac_pt *q,
+                       ecfp_jac_pt *r, const EC_group_fp *group);
+    /* Perform a point doubling in Modified Jacobian coordinates. Input
+     * and output should be multi-precision floating point integers. */
+    void (*pt_dbl_jm)(const ecfp_jm_pt *p, ecfp_jm_pt *r,
+                      const EC_group_fp *group);
+    /* Perform a point doubling using coordinates Affine -> Chudnovsky
+     * Jacobian. Input and output should be multi-precision floating point
+     * integers. */
+    void (*pt_dbl_aff2chud)(const ecfp_aff_pt *p, ecfp_chud_pt *r,
+                            const EC_group_fp *group);
+    /* Perform a point addition using coordinates: Modified Jacobian +
+     * Chudnovsky Jacobian -> Modified Jacobian. Input and output should
+     * be multi-precision floating point integers. */
+    void (*pt_add_jm_chud)(ecfp_jm_pt *p, ecfp_chud_pt *q,
+                           ecfp_jm_pt *r, const EC_group_fp *group);
+    /* Perform a point addition using Chudnovsky Jacobian coordinates.
+     * Input and output should be multi-precision floating point integers.
+     */
+    void (*pt_add_chud)(const ecfp_chud_pt *p, const ecfp_chud_pt *q,
+                        ecfp_chud_pt *r, const EC_group_fp *group);
+    /* Expects out to be an array of size 16 of Chudnovsky Jacobian
+     * points. Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for
+     * -15P, -13P, -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P,
+     * 13P, 15P */
+    void (*precompute_chud)(ecfp_chud_pt *out, const ecfp_aff_pt *p,
+                            const EC_group_fp *group);
+    /* Expects out to be an array of size 16 of Jacobian points. Fills in
+     * Chudnovsky Jacobian form (x, y, z), for O, P, 2P, ... 15P */
+    void (*precompute_jac)(ecfp_jac_pt *out, const ecfp_aff_pt *p,
+                           const EC_group_fp *group);
+};
+
+/* Computes r = x*y.
+ * r must be different (point to different memory) than x and y.
+ * Does not tidy or reduce. */
+void ecfp_multiply(double *r, const double *x, const double *y);
+
+/* Performs a "tidy" operation, which performs carrying, moving excess
+ * bits from one double to the next double, so that the precision of the
+ * doubles is reduced to the regular precision group->doubleBitSize. This
+ * might result in some float digits being negative. */
+void ecfp_tidy(double *t, const double *alpha, const EC_group_fp *group);
+
+/* Performs tidying on only the upper float digits of a multi-precision
+ * floating point integer, i.e. the digits beyond the regular length which
+ * are removed in the reduction step. */
+void ecfp_tidyUpper(double *t, const EC_group_fp *group);
+
+/* Performs tidying on a short multi-precision floating point integer (the
+ * lower group->numDoubles floats). */
+void ecfp_tidyShort(double *t, const EC_group_fp *group);
+
+/* Performs a more mathematically precise "tidying" so that each term is
+ * positive.  This is slower than the regular tidying, and is used for
+ * conversion from floating point to integer. */
+void ecfp_positiveTidy(double *t, const EC_group_fp *group);
+
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses mixed Jacobian-affine coordinates. Uses 4-bit window
+ * method. */
+mp_err
+ec_GFp_point_mul_jac_4w_fp(const mp_int *n, const mp_int *px,
+                           const mp_int *py, mp_int *rx, mp_int *ry,
+                           const ECGroup *ecgroup);
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. The
+ * parameters a, b and p are the elliptic curve coefficients and the prime
+ * that determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses mixed Jacobian-affine coordinates (Jacobian
+ * coordinates for doubles and affine coordinates for additions; based on
+ * recommendation from Brown et al.). Uses window NAF method (algorithm
+ * 11) for scalar-point multiplication from Brown, Hankerson, Lopez,
+ * Menezes. Software Implementation of the NIST Elliptic Curves Over Prime
+ * Fields. */
+mp_err ec_GFp_point_mul_wNAF_fp(const mp_int *n, const mp_int *px,
+                                const mp_int *py, mp_int *rx, mp_int *ry,
+                                const ECGroup *ecgroup);
+
+/* Uses mixed Jacobian-affine coordinates to perform a point
+ * multiplication: R = n * P, n scalar. Uses mixed Jacobian-affine
+ * coordinates (Jacobian coordinates for doubles and affine coordinates
+ * for additions; based on recommendation from Brown et al.). Not very
+ * time efficient but quite space efficient, no precomputation needed.
+ * group contains the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical. Performs calculations in floating point number format, since
+ * this is faster than the integer operations on the ULTRASPARC III.
+ * Uses left-to-right binary method (double & add) (algorithm 9) for
+ * scalar-point multiplication from Brown, Hankerson, Lopez, Menezes.
+ * Software Implementation of the NIST Elliptic Curves Over Prime Fields. */
+mp_err
+ec_GFp_pt_mul_jac_fp(const mp_int *n, const mp_int *px, const mp_int *py,
+                     mp_int *rx, mp_int *ry, const ECGroup *ecgroup);
+
+/* Cleans up extra memory allocated in ECGroup for this implementation. */
+void ec_GFp_extra_free_fp(ECGroup *group);
+
+/* Converts from a floating point representation into an mp_int. Expects
+ * that d is already reduced. */
+void
+ecfp_fp2i(mp_int *mpout, double *d, const ECGroup *ecgroup);
+
+/* Converts from an mpint into a floating point representation. */
+void
+ecfp_i2fp(double *out, const mp_int *x, const ECGroup *ecgroup);
+
+/* Tests what precision floating point arithmetic is set to. This should
+ * be either a 53-bit mantissa (IEEE standard) or a 64-bit mantissa
+ * (extended precision on x86) and sets it into the EC_group_fp. Returns
+ * either 53 or 64 accordingly. */
+int ec_set_fp_precision(EC_group_fp *group);
+
+#endif
diff --git a/nss/lib/freebl/ecl/ecp_fp160.c b/nss/lib/freebl/ecl/ecp_fp160.c
new file mode 100644
index 0000000..f3de30c
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_fp160.c
@@ -0,0 +1,145 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp_fp.h"
+#include <stdlib.h>
+
+#define ECFP_BSIZE 160
+#define ECFP_NUMDOUBLES 7
+
+#include "ecp_fpinc.c"
+
+/* Performs a single step of reduction, just on the uppermost float
+ * (assumes already tidied), and then retidies. Note, this does not
+ * guarantee that the result will be less than p, but truncates the number
+ * of bits. */
+void
+ecfp160_singleReduce(double *d, const EC_group_fp *group)
+{
+    double q;
+
+    ECFP_ASSERT(group->doubleBitSize == 24);
+    ECFP_ASSERT(group->primeBitSize == 160);
+    ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
+
+    q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
+    q += group->bitSize_alpha;
+    q -= group->bitSize_alpha;
+
+    d[ECFP_NUMDOUBLES - 1] -= q;
+    d[0] += q * ecfp_twom160;
+    d[1] += q * ecfp_twom129;
+    ecfp_positiveTidy(d, group);
+
+    /* Assertions for the highest order term */
+    ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] / ecfp_exp[ECFP_NUMDOUBLES - 1] ==
+                (unsigned long long)(d[ECFP_NUMDOUBLES - 1] /
+                                     ecfp_exp[ECFP_NUMDOUBLES - 1]));
+    ECFP_ASSERT(d[ECFP_NUMDOUBLES - 1] >= 0);
+}
+
+/* Performs imperfect reduction.  This might leave some negative terms,
+ * and one more reduction might be required for the result to be between 0
+ * and p-1. x should not already be reduced, i.e. should have
+ * 2*ECFP_NUMDOUBLES significant terms. x and r can be the same, but then
+ * the upper parts of r are not zeroed */
+void
+ecfp160_reduce(double *r, double *x, const EC_group_fp *group)
+{
+
+    double x7, x8, q;
+
+    ECFP_ASSERT(group->doubleBitSize == 24);
+    ECFP_ASSERT(group->primeBitSize == 160);
+    ECFP_ASSERT(ECFP_NUMDOUBLES == 7);
+
+    /* Tidy just the upper bits, the lower bits can wait. */
+    ecfp_tidyUpper(x, group);
+
+    /* Assume that this is already tidied so that we have enough extra
+     * bits */
+    x7 = x[7] + x[13] * ecfp_twom129; /* adds bits 15-39 */
+
+    /* Tidy x7, or we won't have enough bits later to add it in */
+    q = x7 + group->alpha[8];
+    q -= group->alpha[8];
+    x7 -= q;       /* holds bits 0-24 */
+    x8 = x[8] + q; /* holds bits 0-25 */
+
+    r[6] = x[6] + x[13] * ecfp_twom160 + x[12] * ecfp_twom129; /* adds
+                                                                 * bits
+                                                                 * 8-39 */
+    r[5] = x[5] + x[12] * ecfp_twom160 + x[11] * ecfp_twom129;
+    r[4] = x[4] + x[11] * ecfp_twom160 + x[10] * ecfp_twom129;
+    r[3] = x[3] + x[10] * ecfp_twom160 + x[9] * ecfp_twom129;
+    r[2] = x[2] + x[9] * ecfp_twom160 + x8 * ecfp_twom129; /* adds bits
+                                                             * 8-40 */
+    r[1] = x[1] + x8 * ecfp_twom160 + x7 * ecfp_twom129;   /* adds bits
+                                                             * 8-39 */
+    r[0] = x[0] + x7 * ecfp_twom160;
+
+    /* Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
+     * is accurate plus or minus one.  (Rather than tidy all to make it
+     * totally accurate, which is more costly.) */
+    q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+    q -= group->alpha[ECFP_NUMDOUBLES - 1];
+    r[ECFP_NUMDOUBLES - 2] -= q;
+    r[ECFP_NUMDOUBLES - 1] += q;
+
+    /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
+    /* Use ecfp_beta so we get a positive result */
+    q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_160;
+    q += group->bitSize_alpha;
+    q -= group->bitSize_alpha;
+
+    r[ECFP_NUMDOUBLES - 1] -= q;
+    r[0] += q * ecfp_twom160;
+    r[1] += q * ecfp_twom129;
+
+    /* Tidy the result */
+    ecfp_tidyShort(r, group);
+}
+
+/* Sets group to use optimized calculations in this file */
+mp_err
+ec_group_set_secp160r1_fp(ECGroup *group)
+{
+
+    EC_group_fp *fpg = NULL;
+
+    /* Allocate memory for floating point group data */
+    fpg = (EC_group_fp *)malloc(sizeof(EC_group_fp));
+    if (fpg == NULL) {
+        return MP_MEM;
+    }
+
+    fpg->numDoubles = ECFP_NUMDOUBLES;
+    fpg->primeBitSize = ECFP_BSIZE;
+    fpg->orderBitSize = 161;
+    fpg->doubleBitSize = 24;
+    fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+    fpg->aIsM3 = 1;
+    fpg->ecfp_singleReduce = &ecfp160_singleReduce;
+    fpg->ecfp_reduce = &ecfp160_reduce;
+    fpg->ecfp_tidy = &ecfp_tidy;
+
+    fpg->pt_add_jac_aff = &ecfp160_pt_add_jac_aff;
+    fpg->pt_add_jac = &ecfp160_pt_add_jac;
+    fpg->pt_add_jm_chud = &ecfp160_pt_add_jm_chud;
+    fpg->pt_add_chud = &ecfp160_pt_add_chud;
+    fpg->pt_dbl_jac = &ecfp160_pt_dbl_jac;
+    fpg->pt_dbl_jm = &ecfp160_pt_dbl_jm;
+    fpg->pt_dbl_aff2chud = &ecfp160_pt_dbl_aff2chud;
+    fpg->precompute_chud = &ecfp160_precompute_chud;
+    fpg->precompute_jac = &ecfp160_precompute_jac;
+
+    group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+    group->points_mul = &ec_pts_mul_basic;
+    group->extra1 = fpg;
+    group->extra_free = &ec_GFp_extra_free_fp;
+
+    ec_set_fp_precision(fpg);
+    fpg->bitSize_alpha = ECFP_TWO160 * fpg->alpha[0];
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_fp192.c b/nss/lib/freebl/ecl/ecp_fp192.c
new file mode 100644
index 0000000..52e5f77
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_fp192.c
@@ -0,0 +1,143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp_fp.h"
+#include <stdlib.h>
+
+#define ECFP_BSIZE 192
+#define ECFP_NUMDOUBLES 8
+
+#include "ecp_fpinc.c"
+
+/* Performs a single step of reduction, just on the uppermost float
+ * (assumes already tidied), and then retidies. Note, this does not
+ * guarantee that the result will be less than p. */
+void
+ecfp192_singleReduce(double *d, const EC_group_fp *group)
+{
+    double q;
+
+    ECFP_ASSERT(group->doubleBitSize == 24);
+    ECFP_ASSERT(group->primeBitSize == 192);
+    ECFP_ASSERT(group->numDoubles == 8);
+
+    q = d[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
+    q += group->bitSize_alpha;
+    q -= group->bitSize_alpha;
+
+    d[ECFP_NUMDOUBLES - 1] -= q;
+    d[0] += q * ecfp_twom192;
+    d[2] += q * ecfp_twom128;
+    ecfp_positiveTidy(d, group);
+}
+
+/*
+ * Performs imperfect reduction.  This might leave some negative terms,
+ * and one more reduction might be required for the result to be between 0
+ * and p-1. x should be be an array of at least 16, and r at least 8 x and
+ * r can be the same, but then the upper parts of r are not zeroed */
+void
+ecfp_reduce_192(double *r, double *x, const EC_group_fp *group)
+{
+    double x8, x9, x10, q;
+
+    ECFP_ASSERT(group->doubleBitSize == 24);
+    ECFP_ASSERT(group->primeBitSize == 192);
+    ECFP_ASSERT(group->numDoubles == 8);
+
+    /* Tidy just the upper portion, the lower part can wait */
+    ecfp_tidyUpper(x, group);
+
+    x8 = x[8] + x[14] * ecfp_twom128; /* adds bits 16-40 */
+    x9 = x[9] + x[15] * ecfp_twom128; /* adds bits 16-40 */
+
+    /* Tidy up, or we won't have enough bits later to add it in */
+
+    q = x8 + group->alpha[9];
+    q -= group->alpha[9];
+    x8 -= q;
+    x9 += q;
+
+    q = x9 + group->alpha[10];
+    q -= group->alpha[10];
+    x9 -= q;
+    x10 = x[10] + q;
+
+    r[7] = x[7] + x[15] * ecfp_twom192 + x[13] * ecfp_twom128; /* adds
+                                                                 * bits
+                                                                 * 0-40 */
+    r[6] = x[6] + x[14] * ecfp_twom192 + x[12] * ecfp_twom128;
+    r[5] = x[5] + x[13] * ecfp_twom192 + x[11] * ecfp_twom128;
+    r[4] = x[4] + x[12] * ecfp_twom192 + x10 * ecfp_twom128;
+    r[3] = x[3] + x[11] * ecfp_twom192 + x9 * ecfp_twom128; /* adds bits
+                                                             * 0-40 */
+    r[2] = x[2] + x10 * ecfp_twom192 + x8 * ecfp_twom128;
+    r[1] = x[1] + x9 * ecfp_twom192; /* adds bits 16-40 */
+    r[0] = x[0] + x8 * ecfp_twom192;
+
+    /*
+     * Tidy up just r[group->numDoubles-2] so that the number of
+     * reductions is accurate plus or minus one.  (Rather than tidy all to
+     * make it totally accurate) */
+    q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+    q -= group->alpha[ECFP_NUMDOUBLES - 1];
+    r[ECFP_NUMDOUBLES - 2] -= q;
+    r[ECFP_NUMDOUBLES - 1] += q;
+
+    /* Tidy up the excess bits on r[group->numDoubles-1] using reduction */
+    /* Use ecfp_beta so we get a positive res */
+    q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_192;
+    q += group->bitSize_alpha;
+    q -= group->bitSize_alpha;
+
+    r[ECFP_NUMDOUBLES - 1] -= q;
+    r[0] += q * ecfp_twom192;
+    r[2] += q * ecfp_twom128;
+
+    /* Tidy the result */
+    ecfp_tidyShort(r, group);
+}
+
+/* Sets group to use optimized calculations in this file */
+mp_err
+ec_group_set_nistp192_fp(ECGroup *group)
+{
+    EC_group_fp *fpg;
+
+    /* Allocate memory for floating point group data */
+    fpg = (EC_group_fp *)malloc(sizeof(EC_group_fp));
+    if (fpg == NULL) {
+        return MP_MEM;
+    }
+
+    fpg->numDoubles = ECFP_NUMDOUBLES;
+    fpg->primeBitSize = ECFP_BSIZE;
+    fpg->orderBitSize = 192;
+    fpg->doubleBitSize = 24;
+    fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+    fpg->aIsM3 = 1;
+    fpg->ecfp_singleReduce = &ecfp192_singleReduce;
+    fpg->ecfp_reduce = &ecfp_reduce_192;
+    fpg->ecfp_tidy = &ecfp_tidy;
+
+    fpg->pt_add_jac_aff = &ecfp192_pt_add_jac_aff;
+    fpg->pt_add_jac = &ecfp192_pt_add_jac;
+    fpg->pt_add_jm_chud = &ecfp192_pt_add_jm_chud;
+    fpg->pt_add_chud = &ecfp192_pt_add_chud;
+    fpg->pt_dbl_jac = &ecfp192_pt_dbl_jac;
+    fpg->pt_dbl_jm = &ecfp192_pt_dbl_jm;
+    fpg->pt_dbl_aff2chud = &ecfp192_pt_dbl_aff2chud;
+    fpg->precompute_chud = &ecfp192_precompute_chud;
+    fpg->precompute_jac = &ecfp192_precompute_jac;
+
+    group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+    group->points_mul = &ec_pts_mul_basic;
+    group->extra1 = fpg;
+    group->extra_free = &ec_GFp_extra_free_fp;
+
+    ec_set_fp_precision(fpg);
+    fpg->bitSize_alpha = ECFP_TWO192 * fpg->alpha[0];
+
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_fp224.c b/nss/lib/freebl/ecl/ecp_fp224.c
new file mode 100644
index 0000000..07f770d
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_fp224.c
@@ -0,0 +1,156 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp_fp.h"
+#include <stdlib.h>
+
+#define ECFP_BSIZE 224
+#define ECFP_NUMDOUBLES 10
+
+#include "ecp_fpinc.c"
+
+/* Performs a single step of reduction, just on the uppermost float
+ * (assumes already tidied), and then retidies. Note, this does not
+ * guarantee that the result will be less than p. */
+void
+ecfp224_singleReduce(double *r, const EC_group_fp *group)
+{
+    double q;
+
+    ECFP_ASSERT(group->doubleBitSize == 24);
+    ECFP_ASSERT(group->primeBitSize == 224);
+    ECFP_ASSERT(group->numDoubles == 10);
+
+    q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
+    q += group->bitSize_alpha;
+    q -= group->bitSize_alpha;
+
+    r[ECFP_NUMDOUBLES - 1] -= q;
+    r[0] -= q * ecfp_twom224;
+    r[4] += q * ecfp_twom128;
+
+    ecfp_positiveTidy(r, group);
+}
+
+/*
+ * Performs imperfect reduction.  This might leave some negative terms,
+ * and one more reduction might be required for the result to be between 0
+ * and p-1. x should be be an array of at least 20, and r at least 10 x
+ * and r can be the same, but then the upper parts of r are not zeroed */
+void
+ecfp224_reduce(double *r, double *x, const EC_group_fp *group)
+{
+
+    double x10, x11, x12, x13, x14, q;
+
+    ECFP_ASSERT(group->doubleBitSize == 24);
+    ECFP_ASSERT(group->primeBitSize == 224);
+    ECFP_ASSERT(group->numDoubles == 10);
+
+    /* Tidy just the upper bits of x.  Don't need to tidy the lower ones
+     * yet. */
+    ecfp_tidyUpper(x, group);
+
+    x10 = x[10] + x[16] * ecfp_twom128;
+    x11 = x[11] + x[17] * ecfp_twom128;
+    x12 = x[12] + x[18] * ecfp_twom128;
+    x13 = x[13] + x[19] * ecfp_twom128;
+
+    /* Tidy up, or we won't have enough bits later to add it in */
+    q = x10 + group->alpha[11];
+    q -= group->alpha[11];
+    x10 -= q;
+    x11 = x11 + q;
+
+    q = x11 + group->alpha[12];
+    q -= group->alpha[12];
+    x11 -= q;
+    x12 = x12 + q;
+
+    q = x12 + group->alpha[13];
+    q -= group->alpha[13];
+    x12 -= q;
+    x13 = x13 + q;
+
+    q = x13 + group->alpha[14];
+    q -= group->alpha[14];
+    x13 -= q;
+    x14 = x[14] + q;
+
+    r[9] = x[9] + x[15] * ecfp_twom128 - x[19] * ecfp_twom224;
+    r[8] = x[8] + x14 * ecfp_twom128 - x[18] * ecfp_twom224;
+    r[7] = x[7] + x13 * ecfp_twom128 - x[17] * ecfp_twom224;
+    r[6] = x[6] + x12 * ecfp_twom128 - x[16] * ecfp_twom224;
+    r[5] = x[5] + x11 * ecfp_twom128 - x[15] * ecfp_twom224;
+    r[4] = x[4] + x10 * ecfp_twom128 - x14 * ecfp_twom224;
+    r[3] = x[3] - x13 * ecfp_twom224;
+    r[2] = x[2] - x12 * ecfp_twom224;
+    r[1] = x[1] - x11 * ecfp_twom224;
+    r[0] = x[0] - x10 * ecfp_twom224;
+
+    /*
+     * Tidy up just r[ECFP_NUMDOUBLES-2] so that the number of reductions
+     * is accurate plus or minus one.  (Rather than tidy all to make it
+     * totally accurate) */
+    q = r[ECFP_NUMDOUBLES - 2] + group->alpha[ECFP_NUMDOUBLES - 1];
+    q -= group->alpha[ECFP_NUMDOUBLES - 1];
+    r[ECFP_NUMDOUBLES - 2] -= q;
+    r[ECFP_NUMDOUBLES - 1] += q;
+
+    /* Tidy up the excess bits on r[ECFP_NUMDOUBLES-1] using reduction */
+    /* Use ecfp_beta so we get a positive res */
+    q = r[ECFP_NUMDOUBLES - 1] - ecfp_beta_224;
+    q += group->bitSize_alpha;
+    q -= group->bitSize_alpha;
+
+    r[ECFP_NUMDOUBLES - 1] -= q;
+    r[0] -= q * ecfp_twom224;
+    r[4] += q * ecfp_twom128;
+
+    ecfp_tidyShort(r, group);
+}
+
+/* Sets group to use optimized calculations in this file */
+mp_err
+ec_group_set_nistp224_fp(ECGroup *group)
+{
+
+    EC_group_fp *fpg;
+
+    /* Allocate memory for floating point group data */
+    fpg = (EC_group_fp *)malloc(sizeof(EC_group_fp));
+    if (fpg == NULL) {
+        return MP_MEM;
+    }
+
+    fpg->numDoubles = ECFP_NUMDOUBLES;
+    fpg->primeBitSize = ECFP_BSIZE;
+    fpg->orderBitSize = 224;
+    fpg->doubleBitSize = 24;
+    fpg->numInts = (ECFP_BSIZE + ECL_BITS - 1) / ECL_BITS;
+    fpg->aIsM3 = 1;
+    fpg->ecfp_singleReduce = &ecfp224_singleReduce;
+    fpg->ecfp_reduce = &ecfp224_reduce;
+    fpg->ecfp_tidy = &ecfp_tidy;
+
+    fpg->pt_add_jac_aff = &ecfp224_pt_add_jac_aff;
+    fpg->pt_add_jac = &ecfp224_pt_add_jac;
+    fpg->pt_add_jm_chud = &ecfp224_pt_add_jm_chud;
+    fpg->pt_add_chud = &ecfp224_pt_add_chud;
+    fpg->pt_dbl_jac = &ecfp224_pt_dbl_jac;
+    fpg->pt_dbl_jm = &ecfp224_pt_dbl_jm;
+    fpg->pt_dbl_aff2chud = &ecfp224_pt_dbl_aff2chud;
+    fpg->precompute_chud = &ecfp224_precompute_chud;
+    fpg->precompute_jac = &ecfp224_precompute_jac;
+
+    group->point_mul = &ec_GFp_point_mul_wNAF_fp;
+    group->points_mul = &ec_pts_mul_basic;
+    group->extra1 = fpg;
+    group->extra_free = &ec_GFp_extra_free_fp;
+
+    ec_set_fp_precision(fpg);
+    fpg->bitSize_alpha = ECFP_TWO224 * fpg->alpha[0];
+
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/ecp_fpinc.c b/nss/lib/freebl/ecl/ecp_fpinc.c
new file mode 100644
index 0000000..79df347
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_fpinc.c
@@ -0,0 +1,1077 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This source file is meant to be included by other source files
+ * (ecp_fp###.c, where ### is one of 160, 192, 224) and should not
+ * constitute an independent compilation unit. It requires the following
+ * preprocessor definitions be made:
+ * ECFP_BSIZE - the number of bits in the field's prime
+ * ECFP_NUMDOUBLES - the number of doubles to store one
+ * multi-precision integer in floating point */
+
+/* Adds a prefix to a given token to give a unique token name. Prefixes
+ * with "ecfp" + ECFP_BSIZE + "_". e.g. if ECFP_BSIZE = 160, then
+ * PREFIX(hello) = ecfp160_hello This optimization allows static function
+ * linking and compiler loop unrolling without code duplication. */
+#ifndef PREFIX
+#define PREFIX(b) PREFIX1(ECFP_BSIZE, b)
+#define PREFIX1(bsize, b) PREFIX2(bsize, b)
+#define PREFIX2(bsize, b) ecfp##bsize##_##b
+#endif
+
+/* Returns true iff every double in d is 0. (If d == 0 and it is tidied,
+ * this will be true.) */
+mp_err PREFIX(isZero)(const double *d)
+{
+    int i;
+
+    for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+        if (d[i] != 0)
+            return MP_NO;
+    }
+    return MP_YES;
+}
+
+/* Sets the multi-precision floating point number at t = 0 */
+void PREFIX(zero)(double *t)
+{
+    int i;
+
+    for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+        t[i] = 0;
+    }
+}
+
+/* Sets the multi-precision floating point number at t = 1 */
+void PREFIX(one)(double *t)
+{
+    int i;
+
+    t[0] = 1;
+    for (i = 1; i < ECFP_NUMDOUBLES; i++) {
+        t[i] = 0;
+    }
+}
+
+/* Checks if point P(x, y, z) is at infinity. Uses Jacobian coordinates. */
+mp_err PREFIX(pt_is_inf_jac)(const ecfp_jac_pt *p)
+{
+    return PREFIX(isZero)(p->z);
+}
+
+/* Sets the Jacobian point P to be at infinity. */
+void PREFIX(set_pt_inf_jac)(ecfp_jac_pt *p)
+{
+    PREFIX(zero)
+    (p->z);
+}
+
+/* Checks if point P(x, y) is at infinity. Uses Affine coordinates. */
+mp_err PREFIX(pt_is_inf_aff)(const ecfp_aff_pt *p)
+{
+    if (PREFIX(isZero)(p->x) == MP_YES && PREFIX(isZero)(p->y) == MP_YES)
+        return MP_YES;
+    return MP_NO;
+}
+
+/* Sets the affine point P to be at infinity. */
+void PREFIX(set_pt_inf_aff)(ecfp_aff_pt *p)
+{
+    PREFIX(zero)
+    (p->x);
+    PREFIX(zero)
+    (p->y);
+}
+
+/* Checks if point P(x, y, z, a*z^4) is at infinity. Uses Modified
+ * Jacobian coordinates. */
+mp_err PREFIX(pt_is_inf_jm)(const ecfp_jm_pt *p)
+{
+    return PREFIX(isZero)(p->z);
+}
+
+/* Sets the Modified Jacobian point P to be at infinity. */
+void PREFIX(set_pt_inf_jm)(ecfp_jm_pt *p)
+{
+    PREFIX(zero)
+    (p->z);
+}
+
+/* Checks if point P(x, y, z, z^2, z^3) is at infinity. Uses Chudnovsky
+ * Jacobian coordinates */
+mp_err PREFIX(pt_is_inf_chud)(const ecfp_chud_pt *p)
+{
+    return PREFIX(isZero)(p->z);
+}
+
+/* Sets the Chudnovsky Jacobian point P to be at infinity. */
+void PREFIX(set_pt_inf_chud)(ecfp_chud_pt *p)
+{
+    PREFIX(zero)
+    (p->z);
+}
+
+/* Copies a multi-precision floating point number, Setting dest = src */
+void PREFIX(copy)(double *dest, const double *src)
+{
+    int i;
+
+    for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+        dest[i] = src[i];
+    }
+}
+
+/* Sets dest = -src */
+void PREFIX(negLong)(double *dest, const double *src)
+{
+    int i;
+
+    for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+        dest[i] = -src[i];
+    }
+}
+
+/* Sets r = -p p = (x, y, z, z2, z3) r = (x, -y, z, z2, z3) Uses
+ * Chudnovsky Jacobian coordinates. */
+/* TODO reverse order */
+void PREFIX(pt_neg_chud)(const ecfp_chud_pt *p, ecfp_chud_pt *r)
+{
+    int i;
+
+    PREFIX(copy)
+    (r->x, p->x);
+    PREFIX(copy)
+    (r->z, p->z);
+    PREFIX(copy)
+    (r->z2, p->z2);
+    PREFIX(copy)
+    (r->z3, p->z3);
+    for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+        r->y[i] = -p->y[i];
+    }
+}
+
+/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise adds first ECFP_NUMDOUBLES
+ * doubles of x and y and stores the result in r. */
+void PREFIX(addShort)(double *r, const double *x, const double *y)
+{
+    int i;
+
+    for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+        *r++ = *x++ + *y++;
+    }
+}
+
+/* Computes r = x + y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise adds first
+ * 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
+void PREFIX(addLong)(double *r, const double *x, const double *y)
+{
+    int i;
+
+    for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+        *r++ = *x++ + *y++;
+    }
+}
+
+/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise subtracts first
+ * ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
+void PREFIX(subtractShort)(double *r, const double *x, const double *y)
+{
+    int i;
+
+    for (i = 0; i < ECFP_NUMDOUBLES; i++) {
+        *r++ = *x++ - *y++;
+    }
+}
+
+/* Computes r = x - y. Does not tidy or reduce. Any combinations of r, x,
+ * y can point to the same data. Componentwise subtracts first
+ * 2*ECFP_NUMDOUBLES doubles of x and y and stores the result in r. */
+void PREFIX(subtractLong)(double *r, const double *x, const double *y)
+{
+    int i;
+
+    for (i = 0; i < 2 * ECFP_NUMDOUBLES; i++) {
+        *r++ = *x++ - *y++;
+    }
+}
+
+/* Computes r = x*y.  Both x and y should be tidied and reduced,
+ * r must be different (point to different memory) than x and y.
+ * Does not tidy or reduce. */
+void PREFIX(multiply)(double *r, const double *x, const double *y)
+{
+    int i, j;
+
+    for (j = 0; j < ECFP_NUMDOUBLES - 1; j++) {
+        r[j] = x[0] * y[j];
+        r[j + (ECFP_NUMDOUBLES - 1)] = x[ECFP_NUMDOUBLES - 1] * y[j];
+    }
+    r[ECFP_NUMDOUBLES - 1] = x[0] * y[ECFP_NUMDOUBLES - 1];
+    r[ECFP_NUMDOUBLES - 1] += x[ECFP_NUMDOUBLES - 1] * y[0];
+    r[2 * ECFP_NUMDOUBLES - 2] = x[ECFP_NUMDOUBLES - 1] * y[ECFP_NUMDOUBLES - 1];
+    r[2 * ECFP_NUMDOUBLES - 1] = 0;
+
+    for (i = 1; i < ECFP_NUMDOUBLES - 1; i++) {
+        for (j = 0; j < ECFP_NUMDOUBLES; j++) {
+            r[i + j] += (x[i] * y[j]);
+        }
+    }
+}
+
+/* Computes the square of x and stores the result in r.  x should be
+ * tidied & reduced, r will be neither tidied nor reduced.
+ * r should point to different memory than x */
+void PREFIX(square)(double *r, const double *x)
+{
+    PREFIX(multiply)
+    (r, x, x);
+}
+
+/* Perform a point doubling in Jacobian coordinates. Input and output
+ * should be multi-precision floating point integers. */
+void PREFIX(pt_dbl_jac)(const ecfp_jac_pt *dp, ecfp_jac_pt *dr,
+                        const EC_group_fp *group)
+{
+    double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+        M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES];
+
+    /* Check for point at infinity */
+    if (PREFIX(pt_is_inf_jac)(dp) == MP_YES) {
+        /* Set r = pt at infinity */
+        PREFIX(set_pt_inf_jac)
+        (dr);
+        goto CLEANUP;
+    }
+
+    /* Perform typical point doubling operations */
+
+    /* TODO? is it worthwhile to do optimizations for when pz = 1? */
+
+    if (group->aIsM3) {
+        /* When a = -3, M = 3(px - pz^2)(px + pz^2) */
+        PREFIX(square)
+        (t1, dp->z);
+        group->ecfp_reduce(t1, t1, group); /* 2^23 since the negative
+                                             * rounding buys another bit */
+        PREFIX(addShort)
+        (t0, dp->x, t1); /* 2*2^23 */
+        PREFIX(subtractShort)
+        (t1, dp->x, t1); /* 2 * 2^23 */
+        PREFIX(multiply)
+        (M, t0, t1); /* 40 * 2^46 */
+        PREFIX(addLong)
+        (t0, M, M); /* 80 * 2^46 */
+        PREFIX(addLong)
+        (M, t0, M); /* 120 * 2^46 < 2^53 */
+        group->ecfp_reduce(M, M, group);
+    } else {
+        /* Generic case */
+        /* M = 3 (px^2) + a*(pz^4) */
+        PREFIX(square)
+        (t0, dp->x);
+        PREFIX(addLong)
+        (M, t0, t0);
+        PREFIX(addLong)
+        (t0, t0, M); /* t0 = 3(px^2) */
+        PREFIX(square)
+        (M, dp->z);
+        group->ecfp_reduce(M, M, group);
+        PREFIX(square)
+        (t1, M);
+        group->ecfp_reduce(t1, t1, group);
+        PREFIX(multiply)
+        (M, t1, group->curvea); /* M = a(pz^4) */
+        PREFIX(addLong)
+        (M, M, t0);
+        group->ecfp_reduce(M, M, group);
+    }
+
+    /* rz = 2 * py * pz */
+    PREFIX(multiply)
+    (t1, dp->y, dp->z);
+    PREFIX(addLong)
+    (t1, t1, t1);
+    group->ecfp_reduce(dr->z, t1, group);
+
+    /* t0 = 2y^2 */
+    PREFIX(square)
+    (t0, dp->y);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(addShort)
+    (t0, t0, t0);
+
+    /* S = 4 * px * py^2 = 2 * px * t0 */
+    PREFIX(multiply)
+    (S, dp->x, t0);
+    PREFIX(addLong)
+    (S, S, S);
+    group->ecfp_reduce(S, S, group);
+
+    /* rx = M^2 - 2 * S */
+    PREFIX(square)
+    (t1, M);
+    PREFIX(subtractShort)
+    (t1, t1, S);
+    PREFIX(subtractShort)
+    (t1, t1, S);
+    group->ecfp_reduce(dr->x, t1, group);
+
+    /* ry = M * (S - rx) - 8 * py^4 */
+    PREFIX(square)
+    (t1, t0); /* t1 = 4y^4 */
+    PREFIX(subtractShort)
+    (S, S, dr->x);
+    PREFIX(multiply)
+    (t0, M, S);
+    PREFIX(subtractLong)
+    (t0, t0, t1);
+    PREFIX(subtractLong)
+    (t0, t0, t1);
+    group->ecfp_reduce(dr->y, t0, group);
+
+CLEANUP:
+    return;
+}
+
+/* Perform a point addition using coordinate system Jacobian + Affine ->
+ * Jacobian. Input and output should be multi-precision floating point
+ * integers. */
+void PREFIX(pt_add_jac_aff)(const ecfp_jac_pt *p, const ecfp_aff_pt *q,
+                            ecfp_jac_pt *r, const EC_group_fp *group)
+{
+    /* Temporary storage */
+    double A[2 * ECFP_NUMDOUBLES], B[2 * ECFP_NUMDOUBLES],
+        C[2 * ECFP_NUMDOUBLES], C2[2 * ECFP_NUMDOUBLES],
+        D[2 * ECFP_NUMDOUBLES], C3[2 * ECFP_NUMDOUBLES];
+
+    /* Check for point at infinity for p or q */
+    if (PREFIX(pt_is_inf_aff)(q) == MP_YES) {
+        PREFIX(copy)
+        (r->x, p->x);
+        PREFIX(copy)
+        (r->y, p->y);
+        PREFIX(copy)
+        (r->z, p->z);
+        goto CLEANUP;
+    } else if (PREFIX(pt_is_inf_jac)(p) == MP_YES) {
+        PREFIX(copy)
+        (r->x, q->x);
+        PREFIX(copy)
+        (r->y, q->y);
+        /* Since the affine point is not infinity, we can set r->z = 1 */
+        PREFIX(one)
+        (r->z);
+        goto CLEANUP;
+    }
+
+    /* Calculates c = qx * pz^2 - px d = (qy * b - py) rx = d^2 - c^3 + 2
+     * (px * c^2) ry = d * (c-rx) - py*c^3 rz = c * pz */
+
+    /* A = pz^2, B = pz^3 */
+    PREFIX(square)
+    (A, p->z);
+    group->ecfp_reduce(A, A, group);
+    PREFIX(multiply)
+    (B, A, p->z);
+    group->ecfp_reduce(B, B, group);
+
+    /* C = qx * A - px */
+    PREFIX(multiply)
+    (C, q->x, A);
+    PREFIX(subtractShort)
+    (C, C, p->x);
+    group->ecfp_reduce(C, C, group);
+
+    /* D = qy * B - py */
+    PREFIX(multiply)
+    (D, q->y, B);
+    PREFIX(subtractShort)
+    (D, D, p->y);
+    group->ecfp_reduce(D, D, group);
+
+    /* C2 = C^2, C3 = C^3 */
+    PREFIX(square)
+    (C2, C);
+    group->ecfp_reduce(C2, C2, group);
+    PREFIX(multiply)
+    (C3, C2, C);
+    group->ecfp_reduce(C3, C3, group);
+
+    /* rz = A = pz * C */
+    PREFIX(multiply)
+    (A, p->z, C);
+    group->ecfp_reduce(r->z, A, group);
+
+    /* C = px * C^2, untidied, unreduced */
+    PREFIX(multiply)
+    (C, p->x, C2);
+
+    /* A = D^2, untidied, unreduced */
+    PREFIX(square)
+    (A, D);
+
+    /* rx = B = A - C3 - C - C = D^2 - (C^3 + 2 * (px * C^2) */
+    PREFIX(subtractShort)
+    (A, A, C3);
+    PREFIX(subtractLong)
+    (A, A, C);
+    PREFIX(subtractLong)
+    (A, A, C);
+    group->ecfp_reduce(r->x, A, group);
+
+    /* B = py * C3, untidied, unreduced */
+    PREFIX(multiply)
+    (B, p->y, C3);
+
+    /* C = px * C^2 - rx */
+    PREFIX(subtractShort)
+    (C, C, r->x);
+    group->ecfp_reduce(C, C, group);
+
+    /* ry = A = D * C - py * C^3 */
+    PREFIX(multiply)
+    (A, D, C);
+    PREFIX(subtractLong)
+    (A, A, B);
+    group->ecfp_reduce(r->y, A, group);
+
+CLEANUP:
+    return;
+}
+
+/* Perform a point addition using Jacobian coordinate system. Input and
+ * output should be multi-precision floating point integers. */
+void PREFIX(pt_add_jac)(const ecfp_jac_pt *p, const ecfp_jac_pt *q,
+                        ecfp_jac_pt *r, const EC_group_fp *group)
+{
+
+    /* Temporary Storage */
+    double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+        U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+        S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+        H3[2 * ECFP_NUMDOUBLES];
+
+    /* Check for point at infinity for p, if so set r = q */
+    if (PREFIX(pt_is_inf_jac)(p) == MP_YES) {
+        PREFIX(copy)
+        (r->x, q->x);
+        PREFIX(copy)
+        (r->y, q->y);
+        PREFIX(copy)
+        (r->z, q->z);
+        goto CLEANUP;
+    }
+
+    /* Check for point at infinity for p, if so set r = q */
+    if (PREFIX(pt_is_inf_jac)(q) == MP_YES) {
+        PREFIX(copy)
+        (r->x, p->x);
+        PREFIX(copy)
+        (r->y, p->y);
+        PREFIX(copy)
+        (r->z, p->z);
+        goto CLEANUP;
+    }
+
+    /* U = px * qz^2 , S = py * qz^3 */
+    PREFIX(square)
+    (t0, q->z);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (U, p->x, t0);
+    group->ecfp_reduce(U, U, group);
+    PREFIX(multiply)
+    (t1, t0, q->z);
+    group->ecfp_reduce(t1, t1, group);
+    PREFIX(multiply)
+    (t0, p->y, t1);
+    group->ecfp_reduce(S, t0, group);
+
+    /* H = qx*(pz)^2 - U , R = (qy * pz^3 - S) */
+    PREFIX(square)
+    (t0, p->z);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (H, q->x, t0);
+    PREFIX(subtractShort)
+    (H, H, U);
+    group->ecfp_reduce(H, H, group);
+    PREFIX(multiply)
+    (t1, t0, p->z); /* t1 = pz^3 */
+    group->ecfp_reduce(t1, t1, group);
+    PREFIX(multiply)
+    (t0, t1, q->y); /* t0 = qy * pz^3 */
+    PREFIX(subtractShort)
+    (t0, t0, S);
+    group->ecfp_reduce(R, t0, group);
+
+    /* U = U*H^2, H3 = H^3 */
+    PREFIX(square)
+    (t0, H);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (t1, U, t0);
+    group->ecfp_reduce(U, t1, group);
+    PREFIX(multiply)
+    (H3, t0, H);
+    group->ecfp_reduce(H3, H3, group);
+
+    /* rz = pz * qz * H */
+    PREFIX(multiply)
+    (t0, q->z, H);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (t1, t0, p->z);
+    group->ecfp_reduce(r->z, t1, group);
+
+    /* rx = R^2 - H^3 - 2 * U */
+    PREFIX(square)
+    (t0, R);
+    PREFIX(subtractShort)
+    (t0, t0, H3);
+    PREFIX(subtractShort)
+    (t0, t0, U);
+    PREFIX(subtractShort)
+    (t0, t0, U);
+    group->ecfp_reduce(r->x, t0, group);
+
+    /* ry = R(U - rx) - S*H3 */
+    PREFIX(subtractShort)
+    (t1, U, r->x);
+    PREFIX(multiply)
+    (t0, t1, R);
+    PREFIX(multiply)
+    (t1, S, H3);
+    PREFIX(subtractLong)
+    (t1, t0, t1);
+    group->ecfp_reduce(r->y, t1, group);
+
+CLEANUP:
+    return;
+}
+
+/* Perform a point doubling in Modified Jacobian coordinates. Input and
+ * output should be multi-precision floating point integers. */
+void PREFIX(pt_dbl_jm)(const ecfp_jm_pt *p, ecfp_jm_pt *r,
+                       const EC_group_fp *group)
+{
+
+    /* Temporary storage */
+    double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+        M[2 * ECFP_NUMDOUBLES], S[2 * ECFP_NUMDOUBLES],
+        U[2 * ECFP_NUMDOUBLES], T[2 * ECFP_NUMDOUBLES];
+
+    /* Check for point at infinity */
+    if (PREFIX(pt_is_inf_jm)(p) == MP_YES) {
+        /* Set r = pt at infinity by setting rz = 0 */
+        PREFIX(set_pt_inf_jm)
+        (r);
+        goto CLEANUP;
+    }
+
+    /* M = 3 (px^2) + a*(pz^4) */
+    PREFIX(square)
+    (t0, p->x);
+    PREFIX(addLong)
+    (M, t0, t0);
+    PREFIX(addLong)
+    (t0, t0, M); /* t0 = 3(px^2) */
+    PREFIX(addShort)
+    (t0, t0, p->az4);
+    group->ecfp_reduce(M, t0, group);
+
+    /* rz = 2 * py * pz */
+    PREFIX(multiply)
+    (t1, p->y, p->z);
+    PREFIX(addLong)
+    (t1, t1, t1);
+    group->ecfp_reduce(r->z, t1, group);
+
+    /* t0 = 2y^2, U = 8y^4 */
+    PREFIX(square)
+    (t0, p->y);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(addShort)
+    (t0, t0, t0);
+    PREFIX(square)
+    (U, t0);
+    group->ecfp_reduce(U, U, group);
+    PREFIX(addShort)
+    (U, U, U);
+
+    /* S = 4 * px * py^2 = 2 * px * t0 */
+    PREFIX(multiply)
+    (S, p->x, t0);
+    group->ecfp_reduce(S, S, group);
+    PREFIX(addShort)
+    (S, S, S);
+
+    /* rx = M^2 - 2S */
+    PREFIX(square)
+    (T, M);
+    PREFIX(subtractShort)
+    (T, T, S);
+    PREFIX(subtractShort)
+    (T, T, S);
+    group->ecfp_reduce(r->x, T, group);
+
+    /* ry = M * (S - rx) - U */
+    PREFIX(subtractShort)
+    (S, S, r->x);
+    PREFIX(multiply)
+    (t0, M, S);
+    PREFIX(subtractShort)
+    (t0, t0, U);
+    group->ecfp_reduce(r->y, t0, group);
+
+    /* ra*z^4 = 2*U*(apz4) */
+    PREFIX(multiply)
+    (t1, U, p->az4);
+    PREFIX(addLong)
+    (t1, t1, t1);
+    group->ecfp_reduce(r->az4, t1, group);
+
+CLEANUP:
+    return;
+}
+
+/* Perform a point doubling using coordinates Affine -> Chudnovsky
+ * Jacobian. Input and output should be multi-precision floating point
+ * integers. */
+void PREFIX(pt_dbl_aff2chud)(const ecfp_aff_pt *p, ecfp_chud_pt *r,
+                             const EC_group_fp *group)
+{
+    double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+        M[2 * ECFP_NUMDOUBLES], twoY2[2 * ECFP_NUMDOUBLES],
+        S[2 * ECFP_NUMDOUBLES];
+
+    /* Check for point at infinity for p, if so set r = O */
+    if (PREFIX(pt_is_inf_aff)(p) == MP_YES) {
+        PREFIX(set_pt_inf_chud)
+        (r);
+        goto CLEANUP;
+    }
+
+    /* M = 3(px)^2 + a */
+    PREFIX(square)
+    (t0, p->x);
+    PREFIX(addLong)
+    (t1, t0, t0);
+    PREFIX(addLong)
+    (t1, t1, t0);
+    PREFIX(addShort)
+    (t1, t1, group->curvea);
+    group->ecfp_reduce(M, t1, group);
+
+    /* twoY2 = 2*(py)^2, S = 4(px)(py)^2 */
+    PREFIX(square)
+    (twoY2, p->y);
+    PREFIX(addLong)
+    (twoY2, twoY2, twoY2);
+    group->ecfp_reduce(twoY2, twoY2, group);
+    PREFIX(multiply)
+    (S, p->x, twoY2);
+    PREFIX(addLong)
+    (S, S, S);
+    group->ecfp_reduce(S, S, group);
+
+    /* rx = M^2 - 2S */
+    PREFIX(square)
+    (t0, M);
+    PREFIX(subtractShort)
+    (t0, t0, S);
+    PREFIX(subtractShort)
+    (t0, t0, S);
+    group->ecfp_reduce(r->x, t0, group);
+
+    /* ry = M(S-rx) - 8y^4 */
+    PREFIX(subtractShort)
+    (t0, S, r->x);
+    PREFIX(multiply)
+    (t1, t0, M);
+    PREFIX(square)
+    (t0, twoY2);
+    PREFIX(subtractLong)
+    (t1, t1, t0);
+    PREFIX(subtractLong)
+    (t1, t1, t0);
+    group->ecfp_reduce(r->y, t1, group);
+
+    /* rz = 2py */
+    PREFIX(addShort)
+    (r->z, p->y, p->y);
+
+    /* rz2 = rz^2 */
+    PREFIX(square)
+    (t0, r->z);
+    group->ecfp_reduce(r->z2, t0, group);
+
+    /* rz3 = rz^3 */
+    PREFIX(multiply)
+    (t0, r->z, r->z2);
+    group->ecfp_reduce(r->z3, t0, group);
+
+CLEANUP:
+    return;
+}
+
+/* Perform a point addition using coordinates: Modified Jacobian +
+ * Chudnovsky Jacobian -> Modified Jacobian. Input and output should be
+ * multi-precision floating point integers. */
+void PREFIX(pt_add_jm_chud)(ecfp_jm_pt *p, ecfp_chud_pt *q,
+                            ecfp_jm_pt *r, const EC_group_fp *group)
+{
+
+    double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+        U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+        S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+        H3[2 * ECFP_NUMDOUBLES], pz2[2 * ECFP_NUMDOUBLES];
+
+    /* Check for point at infinity for p, if so set r = q need to convert
+     * from Chudnovsky form to Modified Jacobian form */
+    if (PREFIX(pt_is_inf_jm)(p) == MP_YES) {
+        PREFIX(copy)
+        (r->x, q->x);
+        PREFIX(copy)
+        (r->y, q->y);
+        PREFIX(copy)
+        (r->z, q->z);
+        PREFIX(square)
+        (t0, q->z2);
+        group->ecfp_reduce(t0, t0, group);
+        PREFIX(multiply)
+        (t1, t0, group->curvea);
+        group->ecfp_reduce(r->az4, t1, group);
+        goto CLEANUP;
+    }
+    /* Check for point at infinity for q, if so set r = p */
+    if (PREFIX(pt_is_inf_chud)(q) == MP_YES) {
+        PREFIX(copy)
+        (r->x, p->x);
+        PREFIX(copy)
+        (r->y, p->y);
+        PREFIX(copy)
+        (r->z, p->z);
+        PREFIX(copy)
+        (r->az4, p->az4);
+        goto CLEANUP;
+    }
+
+    /* U = px * qz^2 */
+    PREFIX(multiply)
+    (U, p->x, q->z2);
+    group->ecfp_reduce(U, U, group);
+
+    /* H = qx*(pz)^2 - U */
+    PREFIX(square)
+    (t0, p->z);
+    group->ecfp_reduce(pz2, t0, group);
+    PREFIX(multiply)
+    (H, pz2, q->x);
+    group->ecfp_reduce(H, H, group);
+    PREFIX(subtractShort)
+    (H, H, U);
+
+    /* U = U*H^2, H3 = H^3 */
+    PREFIX(square)
+    (t0, H);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (t1, U, t0);
+    group->ecfp_reduce(U, t1, group);
+    PREFIX(multiply)
+    (H3, t0, H);
+    group->ecfp_reduce(H3, H3, group);
+
+    /* S = py * qz^3 */
+    PREFIX(multiply)
+    (S, p->y, q->z3);
+    group->ecfp_reduce(S, S, group);
+
+    /* R = (qy * z1^3 - s) */
+    PREFIX(multiply)
+    (t0, pz2, p->z);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (R, t0, q->y);
+    PREFIX(subtractShort)
+    (R, R, S);
+    group->ecfp_reduce(R, R, group);
+
+    /* rz = pz * qz * H */
+    PREFIX(multiply)
+    (t1, q->z, H);
+    group->ecfp_reduce(t1, t1, group);
+    PREFIX(multiply)
+    (t0, p->z, t1);
+    group->ecfp_reduce(r->z, t0, group);
+
+    /* rx = R^2 - H^3 - 2 * U */
+    PREFIX(square)
+    (t0, R);
+    PREFIX(subtractShort)
+    (t0, t0, H3);
+    PREFIX(subtractShort)
+    (t0, t0, U);
+    PREFIX(subtractShort)
+    (t0, t0, U);
+    group->ecfp_reduce(r->x, t0, group);
+
+    /* ry = R(U - rx) - S*H3 */
+    PREFIX(subtractShort)
+    (t1, U, r->x);
+    PREFIX(multiply)
+    (t0, t1, R);
+    PREFIX(multiply)
+    (t1, S, H3);
+    PREFIX(subtractLong)
+    (t1, t0, t1);
+    group->ecfp_reduce(r->y, t1, group);
+
+    if (group->aIsM3) { /* a == -3 */
+        /* a(rz^4) = -3 * ((rz^2)^2) */
+        PREFIX(square)
+        (t0, r->z);
+        group->ecfp_reduce(t0, t0, group);
+        PREFIX(square)
+        (t1, t0);
+        PREFIX(addLong)
+        (t0, t1, t1);
+        PREFIX(addLong)
+        (t0, t0, t1);
+        PREFIX(negLong)
+        (t0, t0);
+        group->ecfp_reduce(r->az4, t0, group);
+    } else { /* Generic case */
+        /* a(rz^4) = a * ((rz^2)^2) */
+        PREFIX(square)
+        (t0, r->z);
+        group->ecfp_reduce(t0, t0, group);
+        PREFIX(square)
+        (t1, t0);
+        group->ecfp_reduce(t1, t1, group);
+        PREFIX(multiply)
+        (t0, group->curvea, t1);
+        group->ecfp_reduce(r->az4, t0, group);
+    }
+CLEANUP:
+    return;
+}
+
+/* Perform a point addition using Chudnovsky Jacobian coordinates. Input
+ * and output should be multi-precision floating point integers. */
+void PREFIX(pt_add_chud)(const ecfp_chud_pt *p, const ecfp_chud_pt *q,
+                         ecfp_chud_pt *r, const EC_group_fp *group)
+{
+
+    /* Temporary Storage */
+    double t0[2 * ECFP_NUMDOUBLES], t1[2 * ECFP_NUMDOUBLES],
+        U[2 * ECFP_NUMDOUBLES], R[2 * ECFP_NUMDOUBLES],
+        S[2 * ECFP_NUMDOUBLES], H[2 * ECFP_NUMDOUBLES],
+        H3[2 * ECFP_NUMDOUBLES];
+
+    /* Check for point at infinity for p, if so set r = q */
+    if (PREFIX(pt_is_inf_chud)(p) == MP_YES) {
+        PREFIX(copy)
+        (r->x, q->x);
+        PREFIX(copy)
+        (r->y, q->y);
+        PREFIX(copy)
+        (r->z, q->z);
+        PREFIX(copy)
+        (r->z2, q->z2);
+        PREFIX(copy)
+        (r->z3, q->z3);
+        goto CLEANUP;
+    }
+
+    /* Check for point at infinity for p, if so set r = q */
+    if (PREFIX(pt_is_inf_chud)(q) == MP_YES) {
+        PREFIX(copy)
+        (r->x, p->x);
+        PREFIX(copy)
+        (r->y, p->y);
+        PREFIX(copy)
+        (r->z, p->z);
+        PREFIX(copy)
+        (r->z2, p->z2);
+        PREFIX(copy)
+        (r->z3, p->z3);
+        goto CLEANUP;
+    }
+
+    /* U = px * qz^2 */
+    PREFIX(multiply)
+    (U, p->x, q->z2);
+    group->ecfp_reduce(U, U, group);
+
+    /* H = qx*(pz)^2 - U */
+    PREFIX(multiply)
+    (H, q->x, p->z2);
+    PREFIX(subtractShort)
+    (H, H, U);
+    group->ecfp_reduce(H, H, group);
+
+    /* U = U*H^2, H3 = H^3 */
+    PREFIX(square)
+    (t0, H);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (t1, U, t0);
+    group->ecfp_reduce(U, t1, group);
+    PREFIX(multiply)
+    (H3, t0, H);
+    group->ecfp_reduce(H3, H3, group);
+
+    /* S = py * qz^3 */
+    PREFIX(multiply)
+    (S, p->y, q->z3);
+    group->ecfp_reduce(S, S, group);
+
+    /* rz = pz * qz * H */
+    PREFIX(multiply)
+    (t0, q->z, H);
+    group->ecfp_reduce(t0, t0, group);
+    PREFIX(multiply)
+    (t1, t0, p->z);
+    group->ecfp_reduce(r->z, t1, group);
+
+    /* R = (qy * z1^3 - s) */
+    PREFIX(multiply)
+    (t0, q->y, p->z3);
+    PREFIX(subtractShort)
+    (t0, t0, S);
+    group->ecfp_reduce(R, t0, group);
+
+    /* rx = R^2 - H^3 - 2 * U */
+    PREFIX(square)
+    (t0, R);
+    PREFIX(subtractShort)
+    (t0, t0, H3);
+    PREFIX(subtractShort)
+    (t0, t0, U);
+    PREFIX(subtractShort)
+    (t0, t0, U);
+    group->ecfp_reduce(r->x, t0, group);
+
+    /* ry = R(U - rx) - S*H3 */
+    PREFIX(subtractShort)
+    (t1, U, r->x);
+    PREFIX(multiply)
+    (t0, t1, R);
+    PREFIX(multiply)
+    (t1, S, H3);
+    PREFIX(subtractLong)
+    (t1, t0, t1);
+    group->ecfp_reduce(r->y, t1, group);
+
+    /* rz2 = rz^2 */
+    PREFIX(square)
+    (t0, r->z);
+    group->ecfp_reduce(r->z2, t0, group);
+
+    /* rz3 = rz^3 */
+    PREFIX(multiply)
+    (t0, r->z, r->z2);
+    group->ecfp_reduce(r->z3, t0, group);
+
+CLEANUP:
+    return;
+}
+
+/* Expects out to be an array of size 16 of Chudnovsky Jacobian points.
+ * Fills in Chudnovsky Jacobian form (x, y, z, z^2, z^3), for -15P, -13P,
+ * -11P, -9P, -7P, -5P, -3P, -P, P, 3P, 5P, 7P, 9P, 11P, 13P, 15P */
+void PREFIX(precompute_chud)(ecfp_chud_pt *out, const ecfp_aff_pt *p,
+                             const EC_group_fp *group)
+{
+
+    ecfp_chud_pt p2;
+
+    /* Set out[8] = P */
+    PREFIX(copy)
+    (out[8].x, p->x);
+    PREFIX(copy)
+    (out[8].y, p->y);
+    PREFIX(one)
+    (out[8].z);
+    PREFIX(one)
+    (out[8].z2);
+    PREFIX(one)
+    (out[8].z3);
+
+    /* Set p2 = 2P */
+    PREFIX(pt_dbl_aff2chud)
+    (p, &p2, group);
+
+    /* Set 3P, 5P, ..., 15P */
+    PREFIX(pt_add_chud)
+    (&out[8], &p2, &out[9], group);
+    PREFIX(pt_add_chud)
+    (&out[9], &p2, &out[10], group);
+    PREFIX(pt_add_chud)
+    (&out[10], &p2, &out[11], group);
+    PREFIX(pt_add_chud)
+    (&out[11], &p2, &out[12], group);
+    PREFIX(pt_add_chud)
+    (&out[12], &p2, &out[13], group);
+    PREFIX(pt_add_chud)
+    (&out[13], &p2, &out[14], group);
+    PREFIX(pt_add_chud)
+    (&out[14], &p2, &out[15], group);
+
+    /* Set -15P, -13P, ..., -P */
+    PREFIX(pt_neg_chud)
+    (&out[8], &out[7]);
+    PREFIX(pt_neg_chud)
+    (&out[9], &out[6]);
+    PREFIX(pt_neg_chud)
+    (&out[10], &out[5]);
+    PREFIX(pt_neg_chud)
+    (&out[11], &out[4]);
+    PREFIX(pt_neg_chud)
+    (&out[12], &out[3]);
+    PREFIX(pt_neg_chud)
+    (&out[13], &out[2]);
+    PREFIX(pt_neg_chud)
+    (&out[14], &out[1]);
+    PREFIX(pt_neg_chud)
+    (&out[15], &out[0]);
+}
+
+/* Expects out to be an array of size 16 of Jacobian points. Fills in
+ * Jacobian form (x, y, z), for O, P, 2P, ... 15P */
+void PREFIX(precompute_jac)(ecfp_jac_pt *precomp, const ecfp_aff_pt *p,
+                            const EC_group_fp *group)
+{
+    int i;
+
+    /* fill precomputation table */
+    /* set precomp[0] */
+    PREFIX(set_pt_inf_jac)
+    (&precomp[0]);
+    /* set precomp[1] */
+    PREFIX(copy)
+    (precomp[1].x, p->x);
+    PREFIX(copy)
+    (precomp[1].y, p->y);
+    if (PREFIX(pt_is_inf_aff)(p) == MP_YES) {
+        PREFIX(zero)
+        (precomp[1].z);
+    } else {
+        PREFIX(one)
+        (precomp[1].z);
+    }
+    /* set precomp[2] */
+    group->pt_dbl_jac(&precomp[1], &precomp[2], group);
+
+    /* set rest of precomp */
+    for (i = 3; i < 16; i++) {
+        group->pt_add_jac_aff(&precomp[i - 1], p, &precomp[i], group);
+    }
+}
diff --git a/nss/lib/freebl/ecl/ecp_jac.c b/nss/lib/freebl/ecl/ecp_jac.c
new file mode 100644
index 0000000..535e759
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_jac.c
@@ -0,0 +1,513 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "mplogic.h"
+#include <stdlib.h>
+#ifdef ECL_DEBUG
+#include <assert.h>
+#endif
+
+/* Converts a point P(px, py) from affine coordinates to Jacobian
+ * projective coordinates R(rx, ry, rz). Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+mp_err
+ec_GFp_pt_aff2jac(const mp_int *px, const mp_int *py, mp_int *rx,
+                  mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+
+    if (ec_GFp_pt_is_inf_aff(px, py) == MP_YES) {
+        MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+    } else {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+        MP_CHECKOK(mp_set_int(rz, 1));
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(rz, rz, group->meth));
+        }
+    }
+CLEANUP:
+    return res;
+}
+
+/* Converts a point P(px, py, pz) from Jacobian projective coordinates to
+ * affine coordinates R(rx, ry).  P and R can share x and y coordinates.
+ * Assumes input is already field-encoded using field_enc, and returns
+ * output that is still field-encoded. */
+mp_err
+ec_GFp_pt_jac2aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+                  mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int z1, z2, z3;
+
+    MP_DIGITS(&z1) = 0;
+    MP_DIGITS(&z2) = 0;
+    MP_DIGITS(&z3) = 0;
+    MP_CHECKOK(mp_init(&z1));
+    MP_CHECKOK(mp_init(&z2));
+    MP_CHECKOK(mp_init(&z3));
+
+    /* if point at infinity, then set point at infinity and exit */
+    if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+        MP_CHECKOK(ec_GFp_pt_set_inf_aff(rx, ry));
+        goto CLEANUP;
+    }
+
+    /* transform (px, py, pz) into (px / pz^2, py / pz^3) */
+    if (mp_cmp_d(pz, 1) == 0) {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+    } else {
+        MP_CHECKOK(group->meth->field_div(NULL, pz, &z1, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(&z1, &z2, group->meth));
+        MP_CHECKOK(group->meth->field_mul(&z1, &z2, &z3, group->meth));
+        MP_CHECKOK(group->meth->field_mul(px, &z2, rx, group->meth));
+        MP_CHECKOK(group->meth->field_mul(py, &z3, ry, group->meth));
+    }
+
+CLEANUP:
+    mp_clear(&z1);
+    mp_clear(&z2);
+    mp_clear(&z3);
+    return res;
+}
+
+/* Checks if point P(px, py, pz) is at infinity. Uses Jacobian
+ * coordinates. */
+mp_err
+ec_GFp_pt_is_inf_jac(const mp_int *px, const mp_int *py, const mp_int *pz)
+{
+    return mp_cmp_z(pz);
+}
+
+/* Sets P(px, py, pz) to be the point at infinity.  Uses Jacobian
+ * coordinates. */
+mp_err
+ec_GFp_pt_set_inf_jac(mp_int *px, mp_int *py, mp_int *pz)
+{
+    mp_zero(pz);
+    return MP_OKAY;
+}
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, 1).  Elliptic curve points P, Q, and R can all be identical.
+ * Uses mixed Jacobian-affine coordinates. Assumes input is already
+ * field-encoded using field_enc, and returns output that is still
+ * field-encoded. Uses equation (2) from Brown, Hankerson, Lopez, and
+ * Menezes. Software Implementation of the NIST Elliptic Curves Over Prime
+ * Fields. */
+mp_err
+ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+                      const mp_int *qx, const mp_int *qy, mp_int *rx,
+                      mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int A, B, C, D, C2, C3;
+
+    MP_DIGITS(&A) = 0;
+    MP_DIGITS(&B) = 0;
+    MP_DIGITS(&C) = 0;
+    MP_DIGITS(&D) = 0;
+    MP_DIGITS(&C2) = 0;
+    MP_DIGITS(&C3) = 0;
+    MP_CHECKOK(mp_init(&A));
+    MP_CHECKOK(mp_init(&B));
+    MP_CHECKOK(mp_init(&C));
+    MP_CHECKOK(mp_init(&D));
+    MP_CHECKOK(mp_init(&C2));
+    MP_CHECKOK(mp_init(&C3));
+
+    /* If either P or Q is the point at infinity, then return the other
+     * point */
+    if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+        MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
+        goto CLEANUP;
+    }
+    if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+        MP_CHECKOK(mp_copy(pz, rz));
+        goto CLEANUP;
+    }
+
+    /* A = qx * pz^2, B = qy * pz^3 */
+    MP_CHECKOK(group->meth->field_sqr(pz, &A, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&A, pz, &B, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&A, qx, &A, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&B, qy, &B, group->meth));
+
+    /* C = A - px, D = B - py */
+    MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth));
+    MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth));
+
+    if (mp_cmp_z(&C) == 0) {
+        /* P == Q or P == -Q */
+        if (mp_cmp_z(&D) == 0) {
+            /* P == Q */
+            /* It is cheaper to double (qx, qy, 1) than (px, py, pz). */
+            MP_DIGIT(&D, 0) = 1; /* Set D to 1. */
+            MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group));
+        } else {
+            /* P == -Q */
+            MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+        }
+        goto CLEANUP;
+    }
+
+    /* C2 = C^2, C3 = C^3 */
+    MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth));
+
+    /* rz = pz * C */
+    MP_CHECKOK(group->meth->field_mul(pz, &C, rz, group->meth));
+
+    /* C = px * C^2 */
+    MP_CHECKOK(group->meth->field_mul(px, &C2, &C, group->meth));
+    /* A = D^2 */
+    MP_CHECKOK(group->meth->field_sqr(&D, &A, group->meth));
+
+    /* rx = D^2 - (C^3 + 2 * (px * C^2)) */
+    MP_CHECKOK(group->meth->field_add(&C, &C, rx, group->meth));
+    MP_CHECKOK(group->meth->field_add(&C3, rx, rx, group->meth));
+    MP_CHECKOK(group->meth->field_sub(&A, rx, rx, group->meth));
+
+    /* C3 = py * C^3 */
+    MP_CHECKOK(group->meth->field_mul(py, &C3, &C3, group->meth));
+
+    /* ry = D * (px * C^2 - rx) - py * C^3 */
+    MP_CHECKOK(group->meth->field_sub(&C, rx, ry, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&D, ry, ry, group->meth));
+    MP_CHECKOK(group->meth->field_sub(ry, &C3, ry, group->meth));
+
+CLEANUP:
+    mp_clear(&A);
+    mp_clear(&B);
+    mp_clear(&C);
+    mp_clear(&D);
+    mp_clear(&C2);
+    mp_clear(&C3);
+    return res;
+}
+
+/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses
+ * Jacobian coordinates.
+ *
+ * Assumes input is already field-encoded using field_enc, and returns
+ * output that is still field-encoded.
+ *
+ * This routine implements Point Doubling in the Jacobian Projective
+ * space as described in the paper "Efficient elliptic curve exponentiation
+ * using mixed coordinates", by H. Cohen, A Miyaji, T. Ono.
+ */
+mp_err
+ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz,
+                  mp_int *rx, mp_int *ry, mp_int *rz, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int t0, t1, M, S;
+
+    MP_DIGITS(&t0) = 0;
+    MP_DIGITS(&t1) = 0;
+    MP_DIGITS(&M) = 0;
+    MP_DIGITS(&S) = 0;
+    MP_CHECKOK(mp_init(&t0));
+    MP_CHECKOK(mp_init(&t1));
+    MP_CHECKOK(mp_init(&M));
+    MP_CHECKOK(mp_init(&S));
+
+    /* P == inf or P == -P */
+    if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) {
+        MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+        goto CLEANUP;
+    }
+
+    if (mp_cmp_d(pz, 1) == 0) {
+        /* M = 3 * px^2 + a */
+        MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+        MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
+        MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
+        MP_CHECKOK(group->meth->field_add(&t0, &group->curvea, &M, group->meth));
+    } else if (MP_SIGN(&group->curvea) == MP_NEG &&
+               MP_USED(&group->curvea) == 1 &&
+               MP_DIGIT(&group->curvea, 0) == 3) {
+        /* M = 3 * (px + pz^2) * (px - pz^2) */
+        MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
+        MP_CHECKOK(group->meth->field_add(px, &M, &t0, group->meth));
+        MP_CHECKOK(group->meth->field_sub(px, &M, &t1, group->meth));
+        MP_CHECKOK(group->meth->field_mul(&t0, &t1, &M, group->meth));
+        MP_CHECKOK(group->meth->field_add(&M, &M, &t0, group->meth));
+        MP_CHECKOK(group->meth->field_add(&t0, &M, &M, group->meth));
+    } else {
+        /* M = 3 * (px^2) + a * (pz^4) */
+        MP_CHECKOK(group->meth->field_sqr(px, &t0, group->meth));
+        MP_CHECKOK(group->meth->field_add(&t0, &t0, &M, group->meth));
+        MP_CHECKOK(group->meth->field_add(&t0, &M, &t0, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(pz, &M, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(&M, &M, group->meth));
+        MP_CHECKOK(group->meth->field_mul(&M, &group->curvea, &M, group->meth));
+        MP_CHECKOK(group->meth->field_add(&M, &t0, &M, group->meth));
+    }
+
+    /* rz = 2 * py * pz */
+    /* t0 = 4 * py^2 */
+    if (mp_cmp_d(pz, 1) == 0) {
+        MP_CHECKOK(group->meth->field_add(py, py, rz, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(rz, &t0, group->meth));
+    } else {
+        MP_CHECKOK(group->meth->field_add(py, py, &t0, group->meth));
+        MP_CHECKOK(group->meth->field_mul(&t0, pz, rz, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(&t0, &t0, group->meth));
+    }
+
+    /* S = 4 * px * py^2 = px * (2 * py)^2 */
+    MP_CHECKOK(group->meth->field_mul(px, &t0, &S, group->meth));
+
+    /* rx = M^2 - 2 * S */
+    MP_CHECKOK(group->meth->field_add(&S, &S, &t1, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(&M, rx, group->meth));
+    MP_CHECKOK(group->meth->field_sub(rx, &t1, rx, group->meth));
+
+    /* ry = M * (S - rx) - 8 * py^4 */
+    MP_CHECKOK(group->meth->field_sqr(&t0, &t1, group->meth));
+    if (mp_isodd(&t1)) {
+        MP_CHECKOK(mp_add(&t1, &group->meth->irr, &t1));
+    }
+    MP_CHECKOK(mp_div_2(&t1, &t1));
+    MP_CHECKOK(group->meth->field_sub(&S, rx, &S, group->meth));
+    MP_CHECKOK(group->meth->field_mul(&M, &S, &M, group->meth));
+    MP_CHECKOK(group->meth->field_sub(&M, &t1, ry, group->meth));
+
+CLEANUP:
+    mp_clear(&t0);
+    mp_clear(&t1);
+    mp_clear(&M);
+    mp_clear(&S);
+    return res;
+}
+
+/* by default, this routine is unused and thus doesn't need to be compiled */
+#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
+/* Computes R = nP where R is (rx, ry) and P is (px, py). The parameters
+ * a, b and p are the elliptic curve coefficients and the prime that
+ * determines the field GFp.  Elliptic curve points P and R can be
+ * identical.  Uses mixed Jacobian-affine coordinates. Assumes input is
+ * already field-encoded using field_enc, and returns output that is still
+ * field-encoded. Uses 4-bit window method. */
+mp_err
+ec_GFp_pt_mul_jac(const mp_int *n, const mp_int *px, const mp_int *py,
+                  mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int precomp[16][2], rz;
+    int i, ni, d;
+
+    MP_DIGITS(&rz) = 0;
+    for (i = 0; i < 16; i++) {
+        MP_DIGITS(&precomp[i][0]) = 0;
+        MP_DIGITS(&precomp[i][1]) = 0;
+    }
+
+    ARGCHK(group != NULL, MP_BADARG);
+    ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+    /* initialize precomputation table */
+    for (i = 0; i < 16; i++) {
+        MP_CHECKOK(mp_init(&precomp[i][0]));
+        MP_CHECKOK(mp_init(&precomp[i][1]));
+    }
+
+    /* fill precomputation table */
+    mp_zero(&precomp[0][0]);
+    mp_zero(&precomp[0][1]);
+    MP_CHECKOK(mp_copy(px, &precomp[1][0]));
+    MP_CHECKOK(mp_copy(py, &precomp[1][1]));
+    for (i = 2; i < 16; i++) {
+        MP_CHECKOK(group->point_add(&precomp[1][0], &precomp[1][1],
+                                    &precomp[i - 1][0], &precomp[i - 1][1],
+                                    &precomp[i][0], &precomp[i][1], group));
+    }
+
+    d = (mpl_significant_bits(n) + 3) / 4;
+
+    /* R = inf */
+    MP_CHECKOK(mp_init(&rz));
+    MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+    for (i = d - 1; i >= 0; i--) {
+        /* compute window ni */
+        ni = MP_GET_BIT(n, 4 * i + 3);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i + 2);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i + 1);
+        ni <<= 1;
+        ni |= MP_GET_BIT(n, 4 * i);
+        /* R = 2^4 * R */
+        MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+        MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+        MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+        MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+        /* R = R + (ni * P) */
+        MP_CHECKOK(ec_GFp_pt_add_jac_aff(rx, ry, &rz, &precomp[ni][0], &precomp[ni][1], rx, ry,
+                                         &rz, group));
+    }
+
+    /* convert result S to affine coordinates */
+    MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+CLEANUP:
+    mp_clear(&rz);
+    for (i = 0; i < 16; i++) {
+        mp_clear(&precomp[i][0]);
+        mp_clear(&precomp[i][1]);
+    }
+    return res;
+}
+#endif
+
+/* Elliptic curve scalar-point multiplication. Computes R(x, y) = k1 * G +
+ * k2 * P(x, y), where G is the generator (base point) of the group of
+ * points on the elliptic curve. Allows k1 = NULL or { k2, P } = NULL.
+ * Uses mixed Jacobian-affine coordinates. Input and output values are
+ * assumed to be NOT field-encoded. Uses algorithm 15 (simultaneous
+ * multiple point multiplication) from Brown, Hankerson, Lopez, Menezes.
+ * Software Implementation of the NIST Elliptic Curves over Prime Fields. */
+mp_err
+ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
+                   const mp_int *py, mp_int *rx, mp_int *ry,
+                   const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int precomp[4][4][2];
+    mp_int rz;
+    const mp_int *a, *b;
+    unsigned int i, j;
+    int ai, bi, d;
+
+    for (i = 0; i < 4; i++) {
+        for (j = 0; j < 4; j++) {
+            MP_DIGITS(&precomp[i][j][0]) = 0;
+            MP_DIGITS(&precomp[i][j][1]) = 0;
+        }
+    }
+    MP_DIGITS(&rz) = 0;
+
+    ARGCHK(group != NULL, MP_BADARG);
+    ARGCHK(!((k1 == NULL) && ((k2 == NULL) || (px == NULL) || (py == NULL))), MP_BADARG);
+
+    /* if some arguments are not defined used ECPoint_mul */
+    if (k1 == NULL) {
+        return ECPoint_mul(group, k2, px, py, rx, ry);
+    } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
+        return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
+    }
+
+    /* initialize precomputation table */
+    for (i = 0; i < 4; i++) {
+        for (j = 0; j < 4; j++) {
+            MP_CHECKOK(mp_init(&precomp[i][j][0]));
+            MP_CHECKOK(mp_init(&precomp[i][j][1]));
+        }
+    }
+
+    /* fill precomputation table */
+    /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
+    if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
+        a = k2;
+        b = k1;
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(px, &precomp[1][0][0], group->meth));
+            MP_CHECKOK(group->meth->field_enc(py, &precomp[1][0][1], group->meth));
+        } else {
+            MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
+            MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
+        }
+        MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
+        MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
+    } else {
+        a = k1;
+        b = k2;
+        MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
+        MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
+        if (group->meth->field_enc) {
+            MP_CHECKOK(group->meth->field_enc(px, &precomp[0][1][0], group->meth));
+            MP_CHECKOK(group->meth->field_enc(py, &precomp[0][1][1], group->meth));
+        } else {
+            MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
+            MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
+        }
+    }
+    /* precompute [*][0][*] */
+    mp_zero(&precomp[0][0][0]);
+    mp_zero(&precomp[0][0][1]);
+    MP_CHECKOK(group->point_dbl(&precomp[1][0][0], &precomp[1][0][1],
+                                &precomp[2][0][0], &precomp[2][0][1], group));
+    MP_CHECKOK(group->point_add(&precomp[1][0][0], &precomp[1][0][1],
+                                &precomp[2][0][0], &precomp[2][0][1],
+                                &precomp[3][0][0], &precomp[3][0][1], group));
+    /* precompute [*][1][*] */
+    for (i = 1; i < 4; i++) {
+        MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+                                    &precomp[i][0][0], &precomp[i][0][1],
+                                    &precomp[i][1][0], &precomp[i][1][1], group));
+    }
+    /* precompute [*][2][*] */
+    MP_CHECKOK(group->point_dbl(&precomp[0][1][0], &precomp[0][1][1],
+                                &precomp[0][2][0], &precomp[0][2][1], group));
+    for (i = 1; i < 4; i++) {
+        MP_CHECKOK(group->point_add(&precomp[0][2][0], &precomp[0][2][1],
+                                    &precomp[i][0][0], &precomp[i][0][1],
+                                    &precomp[i][2][0], &precomp[i][2][1], group));
+    }
+    /* precompute [*][3][*] */
+    MP_CHECKOK(group->point_add(&precomp[0][1][0], &precomp[0][1][1],
+                                &precomp[0][2][0], &precomp[0][2][1],
+                                &precomp[0][3][0], &precomp[0][3][1], group));
+    for (i = 1; i < 4; i++) {
+        MP_CHECKOK(group->point_add(&precomp[0][3][0], &precomp[0][3][1],
+                                    &precomp[i][0][0], &precomp[i][0][1],
+                                    &precomp[i][3][0], &precomp[i][3][1], group));
+    }
+
+    d = (mpl_significant_bits(a) + 1) / 2;
+
+    /* R = inf */
+    MP_CHECKOK(mp_init(&rz));
+    MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+    for (i = d; i-- > 0;) {
+        ai = MP_GET_BIT(a, 2 * i + 1);
+        ai <<= 1;
+        ai |= MP_GET_BIT(a, 2 * i);
+        bi = MP_GET_BIT(b, 2 * i + 1);
+        bi <<= 1;
+        bi |= MP_GET_BIT(b, 2 * i);
+        /* R = 2^2 * R */
+        MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+        MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
+        /* R = R + (ai * A + bi * B) */
+        MP_CHECKOK(ec_GFp_pt_add_jac_aff(rx, ry, &rz, &precomp[ai][bi][0], &precomp[ai][bi][1],
+                                         rx, ry, &rz, group));
+    }
+
+    MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+    if (group->meth->field_dec) {
+        MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
+        MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
+    }
+
+CLEANUP:
+    mp_clear(&rz);
+    for (i = 0; i < 4; i++) {
+        for (j = 0; j < 4; j++) {
+            mp_clear(&precomp[i][j][0]);
+            mp_clear(&precomp[i][j][1]);
+        }
+    }
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/ecp_jm.c b/nss/lib/freebl/ecl/ecp_jm.c
new file mode 100644
index 0000000..a1106ce
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_jm.c
@@ -0,0 +1,283 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp.h"
+#include "ecl-priv.h"
+#include "mplogic.h"
+#include <stdlib.h>
+
+#define MAX_SCRATCH 6
+
+/* Computes R = 2P.  Elliptic curve points P and R can be identical.  Uses
+ * Modified Jacobian coordinates.
+ *
+ * Assumes input is already field-encoded using field_enc, and returns
+ * output that is still field-encoded.
+ *
+ */
+static mp_err
+ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz,
+                 const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz,
+                 mp_int *raz4, mp_int scratch[], const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int *t0, *t1, *M, *S;
+
+    t0 = &scratch[0];
+    t1 = &scratch[1];
+    M = &scratch[2];
+    S = &scratch[3];
+
+#if MAX_SCRATCH < 4
+#error "Scratch array defined too small "
+#endif
+
+    /* Check for point at infinity */
+    if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+        /* Set r = pt at infinity by setting rz = 0 */
+
+        MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz));
+        goto CLEANUP;
+    }
+
+    /* M = 3 (px^2) + a*(pz^4) */
+    MP_CHECKOK(group->meth->field_sqr(px, t0, group->meth));
+    MP_CHECKOK(group->meth->field_add(t0, t0, M, group->meth));
+    MP_CHECKOK(group->meth->field_add(t0, M, t0, group->meth));
+    MP_CHECKOK(group->meth->field_add(t0, paz4, M, group->meth));
+
+    /* rz = 2 * py * pz */
+    MP_CHECKOK(group->meth->field_mul(py, pz, S, group->meth));
+    MP_CHECKOK(group->meth->field_add(S, S, rz, group->meth));
+
+    /* t0 = 2y^2 , t1 = 8y^4 */
+    MP_CHECKOK(group->meth->field_sqr(py, t0, group->meth));
+    MP_CHECKOK(group->meth->field_add(t0, t0, t0, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(t0, t1, group->meth));
+    MP_CHECKOK(group->meth->field_add(t1, t1, t1, group->meth));
+
+    /* S = 4 * px * py^2 = 2 * px * t0 */
+    MP_CHECKOK(group->meth->field_mul(px, t0, S, group->meth));
+    MP_CHECKOK(group->meth->field_add(S, S, S, group->meth));
+
+    /* rx = M^2 - 2S */
+    MP_CHECKOK(group->meth->field_sqr(M, rx, group->meth));
+    MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
+    MP_CHECKOK(group->meth->field_sub(rx, S, rx, group->meth));
+
+    /* ry = M * (S - rx) - t1 */
+    MP_CHECKOK(group->meth->field_sub(S, rx, S, group->meth));
+    MP_CHECKOK(group->meth->field_mul(S, M, ry, group->meth));
+    MP_CHECKOK(group->meth->field_sub(ry, t1, ry, group->meth));
+
+    /* ra*z^4 = 2*t1*(apz4) */
+    MP_CHECKOK(group->meth->field_mul(paz4, t1, raz4, group->meth));
+    MP_CHECKOK(group->meth->field_add(raz4, raz4, raz4, group->meth));
+
+CLEANUP:
+    return res;
+}
+
+/* Computes R = P + Q where R is (rx, ry, rz), P is (px, py, pz) and Q is
+ * (qx, qy, 1).  Elliptic curve points P, Q, and R can all be identical.
+ * Uses mixed Modified_Jacobian-affine coordinates. Assumes input is
+ * already field-encoded using field_enc, and returns output that is still
+ * field-encoded. */
+static mp_err
+ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz,
+                     const mp_int *paz4, const mp_int *qx,
+                     const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz,
+                     mp_int *raz4, mp_int scratch[], const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int *A, *B, *C, *D, *C2, *C3;
+
+    A = &scratch[0];
+    B = &scratch[1];
+    C = &scratch[2];
+    D = &scratch[3];
+    C2 = &scratch[4];
+    C3 = &scratch[5];
+
+#if MAX_SCRATCH < 6
+#error "Scratch array defined too small "
+#endif
+
+    /* If either P or Q is the point at infinity, then return the other
+     * point */
+    if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) {
+        MP_CHECKOK(ec_GFp_pt_aff2jac(qx, qy, rx, ry, rz, group));
+        MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
+        MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
+        MP_CHECKOK(group->meth->field_mul(raz4, &group->curvea, raz4, group->meth));
+        goto CLEANUP;
+    }
+    if (ec_GFp_pt_is_inf_aff(qx, qy) == MP_YES) {
+        MP_CHECKOK(mp_copy(px, rx));
+        MP_CHECKOK(mp_copy(py, ry));
+        MP_CHECKOK(mp_copy(pz, rz));
+        MP_CHECKOK(mp_copy(paz4, raz4));
+        goto CLEANUP;
+    }
+
+    /* A = qx * pz^2, B = qy * pz^3 */
+    MP_CHECKOK(group->meth->field_sqr(pz, A, group->meth));
+    MP_CHECKOK(group->meth->field_mul(A, pz, B, group->meth));
+    MP_CHECKOK(group->meth->field_mul(A, qx, A, group->meth));
+    MP_CHECKOK(group->meth->field_mul(B, qy, B, group->meth));
+
+    /* C = A - px, D = B - py */
+    MP_CHECKOK(group->meth->field_sub(A, px, C, group->meth));
+    MP_CHECKOK(group->meth->field_sub(B, py, D, group->meth));
+
+    /* C2 = C^2, C3 = C^3 */
+    MP_CHECKOK(group->meth->field_sqr(C, C2, group->meth));
+    MP_CHECKOK(group->meth->field_mul(C, C2, C3, group->meth));
+
+    /* rz = pz * C */
+    MP_CHECKOK(group->meth->field_mul(pz, C, rz, group->meth));
+
+    /* C = px * C^2 */
+    MP_CHECKOK(group->meth->field_mul(px, C2, C, group->meth));
+    /* A = D^2 */
+    MP_CHECKOK(group->meth->field_sqr(D, A, group->meth));
+
+    /* rx = D^2 - (C^3 + 2 * (px * C^2)) */
+    MP_CHECKOK(group->meth->field_add(C, C, rx, group->meth));
+    MP_CHECKOK(group->meth->field_add(C3, rx, rx, group->meth));
+    MP_CHECKOK(group->meth->field_sub(A, rx, rx, group->meth));
+
+    /* C3 = py * C^3 */
+    MP_CHECKOK(group->meth->field_mul(py, C3, C3, group->meth));
+
+    /* ry = D * (px * C^2 - rx) - py * C^3 */
+    MP_CHECKOK(group->meth->field_sub(C, rx, ry, group->meth));
+    MP_CHECKOK(group->meth->field_mul(D, ry, ry, group->meth));
+    MP_CHECKOK(group->meth->field_sub(ry, C3, ry, group->meth));
+
+    /* raz4 = a * rz^4 */
+    MP_CHECKOK(group->meth->field_sqr(rz, raz4, group->meth));
+    MP_CHECKOK(group->meth->field_sqr(raz4, raz4, group->meth));
+    MP_CHECKOK(group->meth->field_mul(raz4, &group->curvea, raz4, group->meth));
+CLEANUP:
+    return res;
+}
+
+/* Computes R = nP where R is (rx, ry) and P is the base point. Elliptic
+ * curve points P and R can be identical. Uses mixed Modified-Jacobian
+ * co-ordinates for doubling and Chudnovsky Jacobian coordinates for
+ * additions. Assumes input is already field-encoded using field_enc, and
+ * returns output that is still field-encoded. Uses 5-bit window NAF
+ * method (algorithm 11) for scalar-point multiplication from Brown,
+ * Hankerson, Lopez, Menezes. Software Implementation of the NIST Elliptic
+ * Curves Over Prime Fields. */
+mp_err
+ec_GFp_pt_mul_jm_wNAF(const mp_int *n, const mp_int *px, const mp_int *py,
+                      mp_int *rx, mp_int *ry, const ECGroup *group)
+{
+    mp_err res = MP_OKAY;
+    mp_int precomp[16][2], rz, tpx, tpy;
+    mp_int raz4;
+    mp_int scratch[MAX_SCRATCH];
+    signed char *naf = NULL;
+    int i, orderBitSize;
+
+    MP_DIGITS(&rz) = 0;
+    MP_DIGITS(&raz4) = 0;
+    MP_DIGITS(&tpx) = 0;
+    MP_DIGITS(&tpy) = 0;
+    for (i = 0; i < 16; i++) {
+        MP_DIGITS(&precomp[i][0]) = 0;
+        MP_DIGITS(&precomp[i][1]) = 0;
+    }
+    for (i = 0; i < MAX_SCRATCH; i++) {
+        MP_DIGITS(&scratch[i]) = 0;
+    }
+
+    ARGCHK(group != NULL, MP_BADARG);
+    ARGCHK((n != NULL) && (px != NULL) && (py != NULL), MP_BADARG);
+
+    /* initialize precomputation table */
+    MP_CHECKOK(mp_init(&tpx));
+    MP_CHECKOK(mp_init(&tpy));
+    ;
+    MP_CHECKOK(mp_init(&rz));
+    MP_CHECKOK(mp_init(&raz4));
+
+    for (i = 0; i < 16; i++) {
+        MP_CHECKOK(mp_init(&precomp[i][0]));
+        MP_CHECKOK(mp_init(&precomp[i][1]));
+    }
+    for (i = 0; i < MAX_SCRATCH; i++) {
+        MP_CHECKOK(mp_init(&scratch[i]));
+    }
+
+    /* Set out[8] = P */
+    MP_CHECKOK(mp_copy(px, &precomp[8][0]));
+    MP_CHECKOK(mp_copy(py, &precomp[8][1]));
+
+    /* Set (tpx, tpy) = 2P */
+    MP_CHECKOK(group->point_dbl(&precomp[8][0], &precomp[8][1], &tpx, &tpy,
+                                group));
+
+    /* Set 3P, 5P, ..., 15P */
+    for (i = 8; i < 15; i++) {
+        MP_CHECKOK(group->point_add(&precomp[i][0], &precomp[i][1], &tpx, &tpy,
+                                    &precomp[i + 1][0], &precomp[i + 1][1],
+                                    group));
+    }
+
+    /* Set -15P, -13P, ..., -P */
+    for (i = 0; i < 8; i++) {
+        MP_CHECKOK(mp_copy(&precomp[15 - i][0], &precomp[i][0]));
+        MP_CHECKOK(group->meth->field_neg(&precomp[15 - i][1], &precomp[i][1],
+                                          group->meth));
+    }
+
+    /* R = inf */
+    MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
+
+    orderBitSize = mpl_significant_bits(&group->order);
+
+    /* Allocate memory for NAF */
+    naf = (signed char *)malloc(sizeof(signed char) * (orderBitSize + 1));
+    if (naf == NULL) {
+        res = MP_MEM;
+        goto CLEANUP;
+    }
+
+    /* Compute 5NAF */
+    ec_compute_wNAF(naf, orderBitSize, n, 5);
+
+    /* wNAF method */
+    for (i = orderBitSize; i >= 0; i--) {
+        /* R = 2R */
+        ec_GFp_pt_dbl_jm(rx, ry, &rz, &raz4, rx, ry, &rz,
+                         &raz4, scratch, group);
+        if (naf[i] != 0) {
+            ec_GFp_pt_add_jm_aff(rx, ry, &rz, &raz4,
+                                 &precomp[(naf[i] + 15) / 2][0],
+                                 &precomp[(naf[i] + 15) / 2][1], rx, ry,
+                                 &rz, &raz4, scratch, group);
+        }
+    }
+
+    /* convert result S to affine coordinates */
+    MP_CHECKOK(ec_GFp_pt_jac2aff(rx, ry, &rz, rx, ry, group));
+
+CLEANUP:
+    for (i = 0; i < MAX_SCRATCH; i++) {
+        mp_clear(&scratch[i]);
+    }
+    for (i = 0; i < 16; i++) {
+        mp_clear(&precomp[i][0]);
+        mp_clear(&precomp[i][1]);
+    }
+    mp_clear(&tpx);
+    mp_clear(&tpy);
+    mp_clear(&rz);
+    mp_clear(&raz4);
+    free(naf);
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/ecp_mont.c b/nss/lib/freebl/ecl/ecp_mont.c
new file mode 100644
index 0000000..779685b
--- /dev/null
+++ b/nss/lib/freebl/ecl/ecp_mont.c
@@ -0,0 +1,154 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Uses Montgomery reduction for field arithmetic.  See mpi/mpmontg.c for
+ * code implementation. */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+#include "ecl-priv.h"
+#include "ecp.h"
+#include <stdlib.h>
+#include <stdio.h>
+
+/* Construct a generic GFMethod for arithmetic over prime fields with
+ * irreducible irr. */
+GFMethod *
+GFMethod_consGFp_mont(const mp_int *irr)
+{
+    mp_err res = MP_OKAY;
+    GFMethod *meth = NULL;
+    mp_mont_modulus *mmm;
+
+    meth = GFMethod_consGFp(irr);
+    if (meth == NULL)
+        return NULL;
+
+    mmm = (mp_mont_modulus *)malloc(sizeof(mp_mont_modulus));
+    if (mmm == NULL) {
+        res = MP_MEM;
+        goto CLEANUP;
+    }
+
+    meth->field_mul = &ec_GFp_mul_mont;
+    meth->field_sqr = &ec_GFp_sqr_mont;
+    meth->field_div = &ec_GFp_div_mont;
+    meth->field_enc = &ec_GFp_enc_mont;
+    meth->field_dec = &ec_GFp_dec_mont;
+    meth->extra1 = mmm;
+    meth->extra2 = NULL;
+    meth->extra_free = &ec_GFp_extra_free_mont;
+
+    mmm->N = meth->irr;
+    mmm->n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(&meth->irr, 0));
+
+CLEANUP:
+    if (res != MP_OKAY) {
+        GFMethod_free(meth);
+        return NULL;
+    }
+    return meth;
+}
+
+/* Wrapper functions for generic prime field arithmetic. */
+
+/* Field multiplication using Montgomery reduction. */
+mp_err
+ec_GFp_mul_mont(const mp_int *a, const mp_int *b, mp_int *r,
+                const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+#ifdef MP_MONT_USE_MP_MUL
+    /* if MP_MONT_USE_MP_MUL is defined, then the function s_mp_mul_mont
+     * is not implemented and we have to use mp_mul and s_mp_redc directly
+     */
+    MP_CHECKOK(mp_mul(a, b, r));
+    MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *)meth->extra1));
+#else
+    mp_int s;
+
+    MP_DIGITS(&s) = 0;
+    /* s_mp_mul_mont doesn't allow source and destination to be the same */
+    if ((a == r) || (b == r)) {
+        MP_CHECKOK(mp_init(&s));
+        MP_CHECKOK(s_mp_mul_mont(a, b, &s, (mp_mont_modulus *)meth->extra1));
+        MP_CHECKOK(mp_copy(&s, r));
+        mp_clear(&s);
+    } else {
+        return s_mp_mul_mont(a, b, r, (mp_mont_modulus *)meth->extra1);
+    }
+#endif
+CLEANUP:
+    return res;
+}
+
+/* Field squaring using Montgomery reduction. */
+mp_err
+ec_GFp_sqr_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    return ec_GFp_mul_mont(a, a, r, meth);
+}
+
+/* Field division using Montgomery reduction. */
+mp_err
+ec_GFp_div_mont(const mp_int *a, const mp_int *b, mp_int *r,
+                const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    /* if A=aZ represents a encoded in montgomery coordinates with Z and #
+     * and \ respectively represent multiplication and division in
+     * montgomery coordinates, then A\B = (a/b)Z = (A/B)Z and Binv =
+     * (1/b)Z = (1/B)(Z^2) where B # Binv = Z */
+    MP_CHECKOK(ec_GFp_div(a, b, r, meth));
+    MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
+    if (a == NULL) {
+        MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
+    }
+CLEANUP:
+    return res;
+}
+
+/* Encode a field element in Montgomery form. See s_mp_to_mont in
+ * mpi/mpmontg.c */
+mp_err
+ec_GFp_enc_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_mont_modulus *mmm;
+    mp_err res = MP_OKAY;
+
+    mmm = (mp_mont_modulus *)meth->extra1;
+    MP_CHECKOK(mp_copy(a, r));
+    MP_CHECKOK(s_mp_lshd(r, MP_USED(&mmm->N)));
+    MP_CHECKOK(mp_mod(r, &mmm->N, r));
+CLEANUP:
+    return res;
+}
+
+/* Decode a field element from Montgomery form. */
+mp_err
+ec_GFp_dec_mont(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+    mp_err res = MP_OKAY;
+
+    if (a != r) {
+        MP_CHECKOK(mp_copy(a, r));
+    }
+    MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *)meth->extra1));
+CLEANUP:
+    return res;
+}
+
+/* Free the memory allocated to the extra fields of Montgomery GFMethod
+ * object. */
+void
+ec_GFp_extra_free_mont(GFMethod *meth)
+{
+    if (meth->extra1 != NULL) {
+        free(meth->extra1);
+        meth->extra1 = NULL;
+    }
+}
diff --git a/nss/lib/freebl/ecl/tests/ec2_test.c b/nss/lib/freebl/ecl/tests/ec2_test.c
new file mode 100644
index 0000000..df01709
--- /dev/null
+++ b/nss/lib/freebl/ecl/tests/ec2_test.c
@@ -0,0 +1,461 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpprime.h"
+#include "mp_gf2m.h"
+#include "ecl.h"
+#include "ecl-curve.h"
+#include "ec2.h"
+#include <stdio.h>
+#include <strings.h>
+#include <assert.h>
+
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k)                                                        \
+    {                                                                                 \
+        double dStart, dNow, dUserTime;                                               \
+        struct rusage ru;                                                             \
+        int i;                                                                        \
+        getrusage(RUSAGE_SELF, &ru);                                                  \
+        dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+        for (i = 0; i < k; i++) {                                                     \
+            {                                                                         \
+                op;                                                                   \
+            }                                                                         \
+        };                                                                            \
+        getrusage(RUSAGE_SELF, &ru);                                                  \
+        dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001;   \
+        dUserTime = dNow - dStart;                                                    \
+        if (dUserTime)                                                                \
+            printf("    %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime);            \
+    }
+
+/* Test curve using generic field arithmetic. */
+#define ECTEST_GENERIC_GF2M(name_c, name)                             \
+    printf("Testing %s using generic implementation...\n", name_c);   \
+    params = EC_GetNamedCurveParams(name);                            \
+    if (params == NULL) {                                             \
+        printf("  Error: could not construct params.\n");             \
+        res = MP_NO;                                                  \
+        goto CLEANUP;                                                 \
+    }                                                                 \
+    ECGroup_free(group);                                              \
+    group = ECGroup_fromHex(params);                                  \
+    if (group == NULL) {                                              \
+        printf("  Error: could not construct group.\n");              \
+        res = MP_NO;                                                  \
+        goto CLEANUP;                                                 \
+    }                                                                 \
+    MP_CHECKOK(ectest_curve_GF2m(group, ectestPrint, ectestTime, 1)); \
+    printf("... okay.\n");
+
+/* Test curve using specific field arithmetic. */
+#define ECTEST_NAMED_GF2M(name_c, name)                                   \
+    printf("Testing %s using specific implementation...\n", name_c);      \
+    ECGroup_free(group);                                                  \
+    group = ECGroup_fromName(name);                                       \
+    if (group == NULL) {                                                  \
+        printf("  Warning: could not construct group.\n");                \
+        printf("... failed; continuing with remaining tests.\n");         \
+    } else {                                                              \
+        MP_CHECKOK(ectest_curve_GF2m(group, ectestPrint, ectestTime, 0)); \
+        printf("... okay.\n");                                            \
+    }
+
+/* Performs basic tests of elliptic curve cryptography over binary
+ * polynomial fields. If tests fail, then it prints an error message,
+ * aborts, and returns an error code. Otherwise, returns 0. */
+int
+ectest_curve_GF2m(ECGroup *group, int ectestPrint, int ectestTime,
+                  int generic)
+{
+
+    mp_int one, order_1, gx, gy, rx, ry, n;
+    int size;
+    mp_err res;
+    char s[1000];
+
+    /* initialize values */
+    MP_CHECKOK(mp_init(&one));
+    MP_CHECKOK(mp_init(&order_1));
+    MP_CHECKOK(mp_init(&gx));
+    MP_CHECKOK(mp_init(&gy));
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&n));
+
+    MP_CHECKOK(mp_set_int(&one, 1));
+    MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
+
+    /* encode base point */
+    if (group->meth->field_dec) {
+        MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
+        MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
+    } else {
+        MP_CHECKOK(mp_copy(&group->genx, &gx));
+        MP_CHECKOK(mp_copy(&group->geny, &gy));
+    }
+
+    if (ectestPrint) {
+        /* output base point */
+        printf("  base point P:\n");
+        MP_CHECKOK(mp_toradix(&gx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&gy, s, 16));
+        printf("    %s\n", s);
+        if (group->meth->field_enc) {
+            printf("  base point P (encoded):\n");
+            MP_CHECKOK(mp_toradix(&group->genx, s, 16));
+            printf("    %s\n", s);
+            MP_CHECKOK(mp_toradix(&group->geny, s, 16));
+            printf("    %s\n", s);
+        }
+    }
+
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+    /* multiply base point by order - 1 and check for negative of base
+	 * point */
+    MP_CHECKOK(ec_GF2m_pt_mul_aff(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+    if (ectestPrint) {
+        printf("  (order-1)*P (affine):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+    if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+    /* multiply base point by order - 1 and check for negative of base
+	 * point */
+    MP_CHECKOK(ec_GF2m_pt_mul_mont(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+    if (ectestPrint) {
+        printf("  (order-1)*P (montgomery):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+    if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+#ifdef ECL_ENABLE_GF2M_PROJ
+    /* multiply base point by order - 1 and check for negative of base
+	 * point */
+    MP_CHECKOK(ec_GF2m_pt_mul_proj(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+    if (ectestPrint) {
+        printf("  (order-1)*P (projective):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(group->meth->field_add(&ry, &rx, &ry, group->meth));
+    if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+    /* multiply base point by order - 1 and check for negative of base
+	 * point */
+    MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order-1)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+    if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* multiply base point by order - 1 and check for negative of base
+	 * point */
+    MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order-1)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+    if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ec_GF2m_pt_mul_aff(&group->order, &group->genx, &group->geny, &rx, &ry,
+                                  group));
+    if (ectestPrint) {
+        printf("  (order)*P (affine):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ec_GF2m_pt_mul_mont(&group->order, &group->genx, &group->geny, &rx, &ry,
+                                   group));
+    if (ectestPrint) {
+        printf("  (order)*P (montgomery):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+#ifdef ECL_ENABLE_GF2M_PROJ
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ec_GF2m_pt_mul_proj(&group->order, &group->genx, &group->geny, &rx, &ry,
+                                   group));
+    if (ectestPrint) {
+        printf("  (order)*P (projective):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GF2m_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* check that (order-1)P + (order-1)P + P == (order-1)P */
+    MP_CHECKOK(ECPoints_mul(group, &order_1, &order_1, &gx, &gy, &rx, &ry));
+    MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(ec_GF2m_add(&ry, &rx, &ry, group->meth));
+    if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* test validate_point function */
+    if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
+        printf("  Error: validate point on base point failed.\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    MP_CHECKOK(mp_add_d(&gy, 1, &ry));
+    if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
+        printf("  Error: validate point on invalid point passed.\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    if (ectestTime) {
+        /* compute random scalar */
+        size = mpl_significant_bits(&group->meth->irr);
+        if (size < MP_OKAY) {
+            goto CLEANUP;
+        }
+        MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+        MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
+        /* timed test */
+        if (generic) {
+#ifdef ECL_ENABLE_GF2M_PT_MUL_AFF
+            M_TimeOperation(MP_CHECKOK(ec_GF2m_pt_mul_aff(&n, &group->genx, &group->geny, &rx, &ry,
+                                                          group)),
+                            100);
+#endif
+            M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+                            100);
+            M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+        } else {
+            M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+                            100);
+            M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
+                            100);
+            M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+        }
+    }
+
+CLEANUP:
+    mp_clear(&one);
+    mp_clear(&order_1);
+    mp_clear(&gx);
+    mp_clear(&gy);
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&n);
+    if (res != MP_OKAY) {
+        printf("  Error: exiting with error value %i\n", res);
+    }
+    return res;
+}
+
+/* Prints help information. */
+void
+printUsage()
+{
+    printf("Usage: ecp_test [--print] [--time]\n");
+    printf("	--print     Print out results of each point arithmetic test.\n");
+    printf("	--time      Benchmark point operations and print results.\n");
+}
+
+/* Performs tests of elliptic curve cryptography over binary polynomial
+ * fields. If tests fail, then it prints an error message, aborts, and
+ * returns an error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+
+    int ectestTime = 0;
+    int ectestPrint = 0;
+    int i;
+    ECGroup *group = NULL;
+    ECCurveParams *params = NULL;
+    mp_err res;
+
+    /* read command-line arguments */
+    for (i = 1; i < argv; i++) {
+        if ((strcasecmp(argc[i], "time") == 0) || (strcasecmp(argc[i], "-time") == 0) || (strcasecmp(argc[i], "--time") == 0)) {
+            ectestTime = 1;
+        } else if ((strcasecmp(argc[i], "print") == 0) || (strcasecmp(argc[i], "-print") == 0) || (strcasecmp(argc[i], "--print") == 0)) {
+            ectestPrint = 1;
+        } else {
+            printUsage();
+            return 0;
+        }
+    }
+
+    /* generic arithmetic tests */
+    ECTEST_GENERIC_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
+
+    /* specific arithmetic tests */
+    ECTEST_NAMED_GF2M("NIST-K163", ECCurve_NIST_K163);
+    ECTEST_NAMED_GF2M("NIST-B163", ECCurve_NIST_B163);
+    ECTEST_NAMED_GF2M("NIST-K233", ECCurve_NIST_K233);
+    ECTEST_NAMED_GF2M("NIST-B233", ECCurve_NIST_B233);
+    ECTEST_NAMED_GF2M("NIST-K283", ECCurve_NIST_K283);
+    ECTEST_NAMED_GF2M("NIST-B283", ECCurve_NIST_B283);
+    ECTEST_NAMED_GF2M("NIST-K409", ECCurve_NIST_K409);
+    ECTEST_NAMED_GF2M("NIST-B409", ECCurve_NIST_B409);
+    ECTEST_NAMED_GF2M("NIST-K571", ECCurve_NIST_K571);
+    ECTEST_NAMED_GF2M("NIST-B571", ECCurve_NIST_B571);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V1", ECCurve_X9_62_CHAR2_PNB163V1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V2", ECCurve_X9_62_CHAR2_PNB163V2);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V3", ECCurve_X9_62_CHAR2_PNB163V3);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB176V1", ECCurve_X9_62_CHAR2_PNB176V1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V1", ECCurve_X9_62_CHAR2_TNB191V1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V2", ECCurve_X9_62_CHAR2_TNB191V2);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V3", ECCurve_X9_62_CHAR2_TNB191V3);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB208W1", ECCurve_X9_62_CHAR2_PNB208W1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V1", ECCurve_X9_62_CHAR2_TNB239V1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V2", ECCurve_X9_62_CHAR2_TNB239V2);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V3", ECCurve_X9_62_CHAR2_TNB239V3);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB272W1", ECCurve_X9_62_CHAR2_PNB272W1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB304W1", ECCurve_X9_62_CHAR2_PNB304W1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB359V1", ECCurve_X9_62_CHAR2_TNB359V1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB368W1", ECCurve_X9_62_CHAR2_PNB368W1);
+    ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB431R1", ECCurve_X9_62_CHAR2_TNB431R1);
+    ECTEST_NAMED_GF2M("SECT-113R1", ECCurve_SECG_CHAR2_113R1);
+    ECTEST_NAMED_GF2M("SECT-113R2", ECCurve_SECG_CHAR2_113R2);
+    ECTEST_NAMED_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
+    ECTEST_NAMED_GF2M("SECT-131R2", ECCurve_SECG_CHAR2_131R2);
+    ECTEST_NAMED_GF2M("SECT-163K1", ECCurve_SECG_CHAR2_163K1);
+    ECTEST_NAMED_GF2M("SECT-163R1", ECCurve_SECG_CHAR2_163R1);
+    ECTEST_NAMED_GF2M("SECT-163R2", ECCurve_SECG_CHAR2_163R2);
+    ECTEST_NAMED_GF2M("SECT-193R1", ECCurve_SECG_CHAR2_193R1);
+    ECTEST_NAMED_GF2M("SECT-193R2", ECCurve_SECG_CHAR2_193R2);
+    ECTEST_NAMED_GF2M("SECT-233K1", ECCurve_SECG_CHAR2_233K1);
+    ECTEST_NAMED_GF2M("SECT-233R1", ECCurve_SECG_CHAR2_233R1);
+    ECTEST_NAMED_GF2M("SECT-239K1", ECCurve_SECG_CHAR2_239K1);
+    ECTEST_NAMED_GF2M("SECT-283K1", ECCurve_SECG_CHAR2_283K1);
+    ECTEST_NAMED_GF2M("SECT-283R1", ECCurve_SECG_CHAR2_283R1);
+    ECTEST_NAMED_GF2M("SECT-409K1", ECCurve_SECG_CHAR2_409K1);
+    ECTEST_NAMED_GF2M("SECT-409R1", ECCurve_SECG_CHAR2_409R1);
+    ECTEST_NAMED_GF2M("SECT-571K1", ECCurve_SECG_CHAR2_571K1);
+    ECTEST_NAMED_GF2M("SECT-571R1", ECCurve_SECG_CHAR2_571R1);
+    ECTEST_NAMED_GF2M("WTLS-1 (113)", ECCurve_WTLS_1);
+    ECTEST_NAMED_GF2M("WTLS-3 (163)", ECCurve_WTLS_3);
+    ECTEST_NAMED_GF2M("WTLS-4 (113)", ECCurve_WTLS_4);
+    ECTEST_NAMED_GF2M("WTLS-5 (163)", ECCurve_WTLS_5);
+    ECTEST_NAMED_GF2M("WTLS-10 (233)", ECCurve_WTLS_10);
+    ECTEST_NAMED_GF2M("WTLS-11 (233)", ECCurve_WTLS_11);
+
+CLEANUP:
+    EC_FreeCurveParams(params);
+    ECGroup_free(group);
+    if (res != MP_OKAY) {
+        printf("Error: exiting with error value %i\n", res);
+    }
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/tests/ec_naft.c b/nss/lib/freebl/ecl/tests/ec_naft.c
new file mode 100644
index 0000000..61ef15c
--- /dev/null
+++ b/nss/lib/freebl/ecl/tests/ec_naft.c
@@ -0,0 +1,121 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "ecl.h"
+#include "ecp.h"
+#include "ecl-priv.h"
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Returns 2^e as an integer. This is meant to be used for small powers of
+ * two. */
+int ec_twoTo(int e);
+
+/* Number of bits of scalar to test */
+#define BITSIZE 160
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k)                                                        \
+    {                                                                                 \
+        double dStart, dNow, dUserTime;                                               \
+        struct rusage ru;                                                             \
+        int i;                                                                        \
+        getrusage(RUSAGE_SELF, &ru);                                                  \
+        dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+        for (i = 0; i < k; i++) {                                                     \
+            {                                                                         \
+                op;                                                                   \
+            }                                                                         \
+        };                                                                            \
+        getrusage(RUSAGE_SELF, &ru);                                                  \
+        dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001;   \
+        dUserTime = dNow - dStart;                                                    \
+        if (dUserTime)                                                                \
+            printf("    %-45s\n      k: %6i, t: %6.2f sec\n", #op, k, dUserTime);     \
+    }
+
+/* Tests wNAF computation. Non-adjacent-form is discussed in the paper: D.
+ * Hankerson, J. Hernandez and A. Menezes, "Software implementation of
+ * elliptic curve cryptography over binary fields", Proc. CHES 2000. */
+
+mp_err
+main(void)
+{
+    signed char naf[BITSIZE + 1];
+    ECGroup *group = NULL;
+    mp_int k;
+    mp_int *scalar;
+    int i, count;
+    int res;
+    int w = 5;
+    char s[1000];
+
+    /* Get a 160 bit scalar to compute wNAF from */
+    group = ECGroup_fromName(ECCurve_SECG_PRIME_160R1);
+    scalar = &group->genx;
+
+    /* Compute wNAF representation of scalar */
+    ec_compute_wNAF(naf, BITSIZE, scalar, w);
+
+    /* Verify correctness of representation */
+    mp_init(&k); /* init k to 0 */
+
+    for (i = BITSIZE; i >= 0; i--) {
+        mp_add(&k, &k, &k);
+        /* digits in mp_???_d are unsigned */
+        if (naf[i] >= 0) {
+            mp_add_d(&k, naf[i], &k);
+        } else {
+            mp_sub_d(&k, -naf[i], &k);
+        }
+    }
+
+    if (mp_cmp(&k, scalar) != 0) {
+        printf("Error:  incorrect NAF value.\n");
+        MP_CHECKOK(mp_toradix(&k, s, 16));
+        printf("NAF value   %s\n", s);
+        MP_CHECKOK(mp_toradix(scalar, s, 16));
+        printf("original value   %s\n", s);
+        goto CLEANUP;
+    }
+
+    /* Verify digits of representation are valid */
+    for (i = 0; i <= BITSIZE; i++) {
+        if (naf[i] % 2 == 0 && naf[i] != 0) {
+            printf("Error:  Even non-zero digit found.\n");
+            goto CLEANUP;
+        }
+        if (naf[i] < -(ec_twoTo(w - 1)) || naf[i] >= ec_twoTo(w - 1)) {
+            printf("Error:  Magnitude of naf digit too large.\n");
+            goto CLEANUP;
+        }
+    }
+
+    /* Verify sparsity of representation */
+    count = w - 1;
+    for (i = 0; i <= BITSIZE; i++) {
+        if (naf[i] != 0) {
+            if (count < w - 1) {
+                printf("Error:  Sparsity failed.\n");
+                goto CLEANUP;
+            }
+            count = 0;
+        } else
+            count++;
+    }
+
+    /* Check timing */
+    M_TimeOperation(ec_compute_wNAF(naf, BITSIZE, scalar, w), 10000);
+
+    printf("Test passed.\n");
+CLEANUP:
+    ECGroup_free(group);
+    return MP_OKAY;
+}
diff --git a/nss/lib/freebl/ecl/tests/ecp_fpt.c b/nss/lib/freebl/ecl/tests/ecp_fpt.c
new file mode 100644
index 0000000..490e0af
--- /dev/null
+++ b/nss/lib/freebl/ecl/tests/ecp_fpt.c
@@ -0,0 +1,1075 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ecp_fp.h"
+#include "mpprime.h"
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k)                                                                                       \
+    {                                                                                                                \
+        double dStart, dNow, dUserTime;                                                                              \
+        struct rusage ru;                                                                                            \
+        int i;                                                                                                       \
+        getrusage(RUSAGE_SELF, &ru);                                                                                 \
+        dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001;                                \
+        for (i = 0; i < k; i++) {                                                                                    \
+            {                                                                                                        \
+                op;                                                                                                  \
+            }                                                                                                        \
+        };                                                                                                           \
+        getrusage(RUSAGE_SELF, &ru);                                                                                 \
+        dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001;                                  \
+        dUserTime = dNow - dStart;                                                                                   \
+        if (dUserTime)                                                                                               \
+            printf("    %-45s\n      k: %6i, t: %6.2f sec, k/t: %6.2f ops/sec\n", #op, k, dUserTime, k / dUserTime); \
+    }
+
+/* Test curve using specific floating point field arithmetic. */
+#define M_TestCurve(name_c, name)                                                       \
+    {                                                                                   \
+        printf("Testing %s using specific floating point implementation...\n", name_c); \
+        ECGroup_free(ecgroup);                                                          \
+        ecgroup = ECGroup_fromName(name);                                               \
+        if (ecgroup == NULL) {                                                          \
+            printf("  Warning: could not construct group.\n");                          \
+            printf("%s failed.\n", name_c);                                             \
+            res = MP_NO;                                                                \
+            goto CLEANUP;                                                               \
+        } else {                                                                        \
+            MP_CHECKOK(testCurve(ecgroup));                                             \
+            printf("%s passed.\n", name_c);                                             \
+        }                                                                               \
+    }
+
+/* Outputs a floating point double (currently not used) */
+void
+d_output(const double *u, int len, char *name, const EC_group_fp *group)
+{
+    int i;
+
+    printf("%s:  ", name);
+    for (i = 0; i < len; i++) {
+        printf("+ %.2f * 2^%i ", u[i] / ecfp_exp[i],
+               group->doubleBitSize * i);
+    }
+    printf("\n");
+}
+
+/* Tests a point p in Jacobian coordinates, comparing against the
+ * expected affine result (x, y). */
+mp_err
+testJacPoint(ecfp_jac_pt *p, mp_int *x, mp_int *y, ECGroup *ecgroup)
+{
+    char s[1000];
+    mp_int rx, ry, rz;
+    mp_err res = MP_OKAY;
+
+    MP_DIGITS(&rx) = 0;
+    MP_DIGITS(&ry) = 0;
+    MP_DIGITS(&rz) = 0;
+
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&rz));
+
+    ecfp_fp2i(&rx, p->x, ecgroup);
+    ecfp_fp2i(&ry, p->y, ecgroup);
+    ecfp_fp2i(&rz, p->z, ecgroup);
+
+    /* convert result R to affine coordinates */
+    ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+    /* Compare to expected result */
+    if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+        printf("  Error: Jacobian Floating Point Incorrect.\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("floating point result\nrx    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry    %s\n", s);
+        MP_CHECKOK(mp_toradix(x, s, 16));
+        printf("integer result\nx   %s\n", s);
+        MP_CHECKOK(mp_toradix(y, s, 16));
+        printf("y   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+CLEANUP:
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&rz);
+
+    return res;
+}
+
+/* Tests a point p in Chudnovsky Jacobian coordinates, comparing against
+ * the expected affine result (x, y). */
+mp_err
+testChudPoint(ecfp_chud_pt *p, mp_int *x, mp_int *y, ECGroup *ecgroup)
+{
+
+    char s[1000];
+    mp_int rx, ry, rz, rz2, rz3, test;
+    mp_err res = MP_OKAY;
+
+    /* Initialization */
+    MP_DIGITS(&rx) = 0;
+    MP_DIGITS(&ry) = 0;
+    MP_DIGITS(&rz) = 0;
+    MP_DIGITS(&rz2) = 0;
+    MP_DIGITS(&rz3) = 0;
+    MP_DIGITS(&test) = 0;
+
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&rz));
+    MP_CHECKOK(mp_init(&rz2));
+    MP_CHECKOK(mp_init(&rz3));
+    MP_CHECKOK(mp_init(&test));
+
+    /* Convert to integers */
+    ecfp_fp2i(&rx, p->x, ecgroup);
+    ecfp_fp2i(&ry, p->y, ecgroup);
+    ecfp_fp2i(&rz, p->z, ecgroup);
+    ecfp_fp2i(&rz2, p->z2, ecgroup);
+    ecfp_fp2i(&rz3, p->z3, ecgroup);
+
+    /* Verify z2, z3 are valid */
+    mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
+    if (mp_cmp(&test, &rz2) != 0) {
+        printf("  Error: rzp2 not valid\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    mp_mulmod(&test, &rz, &ecgroup->meth->irr, &test);
+    if (mp_cmp(&test, &rz3) != 0) {
+        printf("  Error: rzp2 not valid\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* convert result R to affine coordinates */
+    ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+    /* Compare against expected result */
+    if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+        printf("  Error: Chudnovsky Floating Point Incorrect.\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("floating point result\nrx    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry    %s\n", s);
+        MP_CHECKOK(mp_toradix(x, s, 16));
+        printf("integer result\nx   %s\n", s);
+        MP_CHECKOK(mp_toradix(y, s, 16));
+        printf("y   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+CLEANUP:
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&rz);
+    mp_clear(&rz2);
+    mp_clear(&rz3);
+    mp_clear(&test);
+
+    return res;
+}
+
+/* Tests a point p in Modified Jacobian coordinates, comparing against the
+ * expected affine result (x, y). */
+mp_err
+testJmPoint(ecfp_jm_pt *r, mp_int *x, mp_int *y, ECGroup *ecgroup)
+{
+
+    char s[1000];
+    mp_int rx, ry, rz, raz4, test;
+    mp_err res = MP_OKAY;
+
+    /* Initialization */
+    MP_DIGITS(&rx) = 0;
+    MP_DIGITS(&ry) = 0;
+    MP_DIGITS(&rz) = 0;
+    MP_DIGITS(&raz4) = 0;
+    MP_DIGITS(&test) = 0;
+
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&rz));
+    MP_CHECKOK(mp_init(&raz4));
+    MP_CHECKOK(mp_init(&test));
+
+    /* Convert to integer */
+    ecfp_fp2i(&rx, r->x, ecgroup);
+    ecfp_fp2i(&ry, r->y, ecgroup);
+    ecfp_fp2i(&rz, r->z, ecgroup);
+    ecfp_fp2i(&raz4, r->az4, ecgroup);
+
+    /* Verify raz4 = rz^4 * a */
+    mp_sqrmod(&rz, &ecgroup->meth->irr, &test);
+    mp_sqrmod(&test, &ecgroup->meth->irr, &test);
+    mp_mulmod(&test, &ecgroup->curvea, &ecgroup->meth->irr, &test);
+    if (mp_cmp(&test, &raz4) != 0) {
+        printf("  Error: a*z^4 not valid\n");
+        MP_CHECKOK(mp_toradix(&ecgroup->curvea, s, 16));
+        printf("a    %s\n", s);
+        MP_CHECKOK(mp_toradix(&rz, s, 16));
+        printf("rz   %s\n", s);
+        MP_CHECKOK(mp_toradix(&raz4, s, 16));
+        printf("raz4    %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* convert result R to affine coordinates */
+    ec_GFp_pt_jac2aff(&rx, &ry, &rz, &rx, &ry, ecgroup);
+
+    /* Compare against expected result */
+    if ((mp_cmp(&rx, x) != 0) || (mp_cmp(&ry, y) != 0)) {
+        printf("  Error: Modified Jacobian Floating Point Incorrect.\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("floating point result\nrx    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry    %s\n", s);
+        MP_CHECKOK(mp_toradix(x, s, 16));
+        printf("integer result\nx   %s\n", s);
+        MP_CHECKOK(mp_toradix(y, s, 16));
+        printf("y   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+CLEANUP:
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&rz);
+    mp_clear(&raz4);
+    mp_clear(&test);
+
+    return res;
+}
+
+/* Tests point addition of Jacobian + Affine -> Jacobian */
+mp_err
+testPointAddJacAff(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int pz, rx2, ry2, rz2;
+    ecfp_jac_pt p, r;
+    ecfp_aff_pt q;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    /* Init */
+    MP_DIGITS(&pz) = 0;
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&rz2) = 0;
+    MP_CHECKOK(mp_init(&pz));
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&rz2));
+
+    MP_CHECKOK(mp_set_int(&pz, 5));
+
+    /* Set p */
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(p.z, &pz, ecgroup);
+    /* Set q */
+    ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+
+    /* Do calculations */
+    group->pt_add_jac_aff(&p, &q, &r, group);
+
+    /* Do calculation in integer to compare against */
+    MP_CHECKOK(ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &ecgroup->geny,
+                                     &ecgroup->genx, &rx2, &ry2, &rz2, ecgroup));
+    /* convert result R to affine coordinates */
+    ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+    MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Addition - Jacobian & Affine\n");
+    else
+        printf("TEST FAILED - Point Addition - Jacobian & Affine\n");
+
+    mp_clear(&pz);
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&rz2);
+
+    return res;
+}
+
+/* Tests point addition in Jacobian coordinates */
+mp_err
+testPointAddJac(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int pz, qz, qx, qy, rx2, ry2, rz2;
+    ecfp_jac_pt p, q, r;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    /* Init */
+    MP_DIGITS(&pz) = 0;
+    MP_DIGITS(&qx) = 0;
+    MP_DIGITS(&qy) = 0;
+    MP_DIGITS(&qz) = 0;
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&rz2) = 0;
+    MP_CHECKOK(mp_init(&pz));
+    MP_CHECKOK(mp_init(&qx));
+    MP_CHECKOK(mp_init(&qy));
+    MP_CHECKOK(mp_init(&qz));
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&rz2));
+
+    MP_CHECKOK(mp_set_int(&pz, 5));
+    MP_CHECKOK(mp_set_int(&qz, 105));
+
+    /* Set p */
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(p.z, &pz, ecgroup);
+    /* Set q */
+    ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(q.z, &qz, ecgroup);
+
+    /* Do calculations */
+    group->pt_add_jac(&p, &q, &r, group);
+
+    /* Do calculation in integer to compare against */
+    ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+                      ecgroup);
+    MP_CHECKOK(ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy, &rx2, &ry2,
+                                     &rz2, ecgroup));
+    /* convert result R to affine coordinates */
+    ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+    MP_CHECKOK(testJacPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Addition - Jacobian\n");
+    else
+        printf("TEST FAILED - Point Addition - Jacobian\n");
+
+    mp_clear(&pz);
+    mp_clear(&qx);
+    mp_clear(&qy);
+    mp_clear(&qz);
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&rz2);
+
+    return res;
+}
+
+/* Tests point addition in Chudnovsky Jacobian Coordinates */
+mp_err
+testPointAddChud(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int rx2, ry2, ix, iy, iz, test, pz, qx, qy, qz;
+    ecfp_chud_pt p, q, r;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    MP_DIGITS(&qx) = 0;
+    MP_DIGITS(&qy) = 0;
+    MP_DIGITS(&qz) = 0;
+    MP_DIGITS(&pz) = 0;
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&ix) = 0;
+    MP_DIGITS(&iy) = 0;
+    MP_DIGITS(&iz) = 0;
+    MP_DIGITS(&test) = 0;
+
+    MP_CHECKOK(mp_init(&qx));
+    MP_CHECKOK(mp_init(&qy));
+    MP_CHECKOK(mp_init(&qz));
+    MP_CHECKOK(mp_init(&pz));
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&ix));
+    MP_CHECKOK(mp_init(&iy));
+    MP_CHECKOK(mp_init(&iz));
+    MP_CHECKOK(mp_init(&test));
+
+    /* Test Chudnovsky form addition */
+    /* Set p */
+    MP_CHECKOK(mp_set_int(&pz, 5));
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(p.z, &pz, ecgroup);
+    mp_sqrmod(&pz, &ecgroup->meth->irr, &test);
+    ecfp_i2fp(p.z2, &test, ecgroup);
+    mp_mulmod(&test, &pz, &ecgroup->meth->irr, &test);
+    ecfp_i2fp(p.z3, &test, ecgroup);
+
+    /* Set q */
+    MP_CHECKOK(mp_set_int(&qz, 105));
+    ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(q.z, &qz, ecgroup);
+    mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
+    ecfp_i2fp(q.z2, &test, ecgroup);
+    mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
+    ecfp_i2fp(q.z3, &test, ecgroup);
+
+    group->pt_add_chud(&p, &q, &r, group);
+
+    /* Calculate addition to compare against */
+    ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+                      ecgroup);
+    ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
+                          &ix, &iy, &iz, ecgroup);
+    ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
+
+    MP_CHECKOK(testChudPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Addition - Chudnovsky Jacobian\n");
+    else
+        printf("TEST FAILED - Point Addition - Chudnovsky Jacobian\n");
+
+    mp_clear(&qx);
+    mp_clear(&qy);
+    mp_clear(&qz);
+    mp_clear(&pz);
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&ix);
+    mp_clear(&iy);
+    mp_clear(&iz);
+    mp_clear(&test);
+
+    return res;
+}
+
+/* Tests point addition in Modified Jacobian + Chudnovsky Jacobian ->
+ * Modified Jacobian coordinates. */
+mp_err
+testPointAddJmChud(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int rx2, ry2, ix, iy, iz, test, pz, paz4, qx, qy, qz;
+    ecfp_chud_pt q;
+    ecfp_jm_pt p, r;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    MP_DIGITS(&qx) = 0;
+    MP_DIGITS(&qy) = 0;
+    MP_DIGITS(&qz) = 0;
+    MP_DIGITS(&pz) = 0;
+    MP_DIGITS(&paz4) = 0;
+    MP_DIGITS(&iz) = 0;
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&ix) = 0;
+    MP_DIGITS(&iy) = 0;
+    MP_DIGITS(&iz) = 0;
+    MP_DIGITS(&test) = 0;
+
+    MP_CHECKOK(mp_init(&qx));
+    MP_CHECKOK(mp_init(&qy));
+    MP_CHECKOK(mp_init(&qz));
+    MP_CHECKOK(mp_init(&pz));
+    MP_CHECKOK(mp_init(&paz4));
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&ix));
+    MP_CHECKOK(mp_init(&iy));
+    MP_CHECKOK(mp_init(&iz));
+    MP_CHECKOK(mp_init(&test));
+
+    /* Test Modified Jacobian form addition */
+    /* Set p */
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+    /* paz4 = az^4 */
+    MP_CHECKOK(mp_set_int(&pz, 5));
+    mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
+    mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
+    mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
+    ecfp_i2fp(p.z, &pz, ecgroup);
+    ecfp_i2fp(p.az4, &paz4, ecgroup);
+
+    /* Set q */
+    MP_CHECKOK(mp_set_int(&qz, 105));
+    ecfp_i2fp(q.x, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(q.y, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(q.z, &qz, ecgroup);
+    mp_sqrmod(&qz, &ecgroup->meth->irr, &test);
+    ecfp_i2fp(q.z2, &test, ecgroup);
+    mp_mulmod(&test, &qz, &ecgroup->meth->irr, &test);
+    ecfp_i2fp(q.z3, &test, ecgroup);
+
+    /* Do calculation */
+    group->pt_add_jm_chud(&p, &q, &r, group);
+
+    /* Calculate addition to compare against */
+    ec_GFp_pt_jac2aff(&ecgroup->geny, &ecgroup->genx, &qz, &qx, &qy,
+                      ecgroup);
+    ec_GFp_pt_add_jac_aff(&ecgroup->genx, &ecgroup->geny, &pz, &qx, &qy,
+                          &ix, &iy, &iz, ecgroup);
+    ec_GFp_pt_jac2aff(&ix, &iy, &iz, &rx2, &ry2, ecgroup);
+
+    MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Addition - Modified & Chudnovsky Jacobian\n");
+    else
+        printf("TEST FAILED - Point Addition - Modified & Chudnovsky Jacobian\n");
+
+    mp_clear(&qx);
+    mp_clear(&qy);
+    mp_clear(&qz);
+    mp_clear(&pz);
+    mp_clear(&paz4);
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&ix);
+    mp_clear(&iy);
+    mp_clear(&iz);
+    mp_clear(&test);
+
+    return res;
+}
+
+/* Tests point doubling in Modified Jacobian coordinates */
+mp_err
+testPointDoubleJm(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int pz, paz4, rx2, ry2, rz2, raz4;
+    ecfp_jm_pt p, r;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    MP_DIGITS(&pz) = 0;
+    MP_DIGITS(&paz4) = 0;
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&rz2) = 0;
+    MP_DIGITS(&raz4) = 0;
+
+    MP_CHECKOK(mp_init(&pz));
+    MP_CHECKOK(mp_init(&paz4));
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&rz2));
+    MP_CHECKOK(mp_init(&raz4));
+
+    /* Set p */
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+    /* paz4 = az^4 */
+    MP_CHECKOK(mp_set_int(&pz, 5));
+    mp_sqrmod(&pz, &ecgroup->meth->irr, &paz4);
+    mp_sqrmod(&paz4, &ecgroup->meth->irr, &paz4);
+    mp_mulmod(&paz4, &ecgroup->curvea, &ecgroup->meth->irr, &paz4);
+
+    ecfp_i2fp(p.z, &pz, ecgroup);
+    ecfp_i2fp(p.az4, &paz4, ecgroup);
+
+    group->pt_dbl_jm(&p, &r, group);
+
+    M_TimeOperation(group->pt_dbl_jm(&p, &r, group), 100000);
+
+    /* Calculate doubling to compare against */
+    ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+                      &rz2, ecgroup);
+    ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+    /* Do comparison and check az^4 */
+    MP_CHECKOK(testJmPoint(&r, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Doubling - Modified Jacobian\n");
+    else
+        printf("TEST FAILED - Point Doubling - Modified Jacobian\n");
+    mp_clear(&pz);
+    mp_clear(&paz4);
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&rz2);
+    mp_clear(&raz4);
+
+    return res;
+}
+
+/* Tests point doubling in Chudnovsky Jacobian coordinates */
+mp_err
+testPointDoubleChud(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int px, py, pz, rx2, ry2, rz2;
+    ecfp_aff_pt p;
+    ecfp_chud_pt p2;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&rz2) = 0;
+    MP_DIGITS(&px) = 0;
+    MP_DIGITS(&py) = 0;
+    MP_DIGITS(&pz) = 0;
+
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&rz2));
+    MP_CHECKOK(mp_init(&px));
+    MP_CHECKOK(mp_init(&py));
+    MP_CHECKOK(mp_init(&pz));
+
+    /* Set p2 = 2P */
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+    group->pt_dbl_aff2chud(&p, &p2, group);
+
+    /* Calculate doubling to compare against */
+    MP_CHECKOK(mp_set_int(&pz, 1));
+    ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+                      &rz2, ecgroup);
+    ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+    /* Do comparison and check az^4 */
+    MP_CHECKOK(testChudPoint(&p2, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Doubling - Chudnovsky Jacobian\n");
+    else
+        printf("TEST FAILED - Point Doubling - Chudnovsky Jacobian\n");
+
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&rz2);
+    mp_clear(&px);
+    mp_clear(&py);
+    mp_clear(&pz);
+
+    return res;
+}
+
+/* Test point doubling in Jacobian coordinates */
+mp_err
+testPointDoubleJac(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int pz, rx, ry, rz, rx2, ry2, rz2;
+    ecfp_jac_pt p, p2;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    MP_DIGITS(&pz) = 0;
+    MP_DIGITS(&rx) = 0;
+    MP_DIGITS(&ry) = 0;
+    MP_DIGITS(&rz) = 0;
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&rz2) = 0;
+
+    MP_CHECKOK(mp_init(&pz));
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&rz));
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&rz2));
+
+    MP_CHECKOK(mp_set_int(&pz, 5));
+
+    /* Set p2 = 2P */
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(p.z, &pz, ecgroup);
+    ecfp_i2fp(group->curvea, &ecgroup->curvea, ecgroup);
+
+    group->pt_dbl_jac(&p, &p2, group);
+    M_TimeOperation(group->pt_dbl_jac(&p, &p2, group), 100000);
+
+    /* Calculate doubling to compare against */
+    ec_GFp_pt_dbl_jac(&ecgroup->genx, &ecgroup->geny, &pz, &rx2, &ry2,
+                      &rz2, ecgroup);
+    ec_GFp_pt_jac2aff(&rx2, &ry2, &rz2, &rx2, &ry2, ecgroup);
+
+    /* Do comparison */
+    MP_CHECKOK(testJacPoint(&p2, &rx2, &ry2, ecgroup));
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Doubling - Jacobian\n");
+    else
+        printf("TEST FAILED - Point Doubling - Jacobian\n");
+
+    mp_clear(&pz);
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&rz);
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&rz2);
+
+    return res;
+}
+
+/* Tests a point multiplication (various algorithms) */
+mp_err
+testPointMul(ECGroup *ecgroup)
+{
+    mp_err res;
+    char s[1000];
+    mp_int rx, ry, order_1;
+
+    /* Init */
+    MP_DIGITS(&rx) = 0;
+    MP_DIGITS(&ry) = 0;
+    MP_DIGITS(&order_1) = 0;
+
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&order_1));
+
+    MP_CHECKOK(mp_set_int(&order_1, 1));
+    MP_CHECKOK(mp_sub(&ecgroup->order, &order_1, &order_1));
+
+    /* Test Algorithm 1: Jacobian-Affine Double & Add */
+    ec_GFp_pt_mul_jac_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
+                         &ry, ecgroup);
+    MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+    if ((mp_cmp(&rx, &ecgroup->genx) != 0) || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+        printf("  Error: ec_GFp_pt_mul_jac_fp invalid result (expected (- base point)).\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("rx   %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    ec_GFp_pt_mul_jac_fp(&ecgroup->order, &ecgroup->genx, &ecgroup->geny,
+                         &rx, &ry, ecgroup);
+    if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: ec_GFp_pt_mul_jac_fp invalid result (expected point at infinity.\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("rx   %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* Test Algorithm 2: 4-bit Window in Jacobian */
+    ec_GFp_point_mul_jac_4w_fp(&order_1, &ecgroup->genx, &ecgroup->geny,
+                               &rx, &ry, ecgroup);
+    MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+    if ((mp_cmp(&rx, &ecgroup->genx) != 0) || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+        printf("  Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected (- base point)).\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("rx   %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    ec_GFp_point_mul_jac_4w_fp(&ecgroup->order, &ecgroup->genx,
+                               &ecgroup->geny, &rx, &ry, ecgroup);
+    if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: ec_GFp_point_mul_jac_4w_fp invalid result (expected point at infinity.\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("rx   %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* Test Algorithm 3: wNAF with modified Jacobian coordinates */
+    ec_GFp_point_mul_wNAF_fp(&order_1, &ecgroup->genx, &ecgroup->geny, &rx,
+                             &ry, ecgroup);
+    MP_CHECKOK(ecgroup->meth->field_neg(&ry, &ry, ecgroup->meth));
+    if ((mp_cmp(&rx, &ecgroup->genx) != 0) || (mp_cmp(&ry, &ecgroup->geny) != 0)) {
+        printf("  Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected (- base point)).\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("rx   %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    ec_GFp_point_mul_wNAF_fp(&ecgroup->order, &ecgroup->genx,
+                             &ecgroup->geny, &rx, &ry, ecgroup);
+    if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: ec_GFp_pt_mul_wNAF_fp invalid result (expected point at infinity.\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("rx   %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("ry   %s\n", s);
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Multiplication\n");
+    else
+        printf("TEST FAILED - Point Multiplication\n");
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&order_1);
+
+    return res;
+}
+
+/* Tests point multiplication with a random scalar repeatedly, comparing
+ * for consistency within different algorithms. */
+mp_err
+testPointMulRandom(ECGroup *ecgroup)
+{
+    mp_err res;
+    mp_int rx, ry, rx2, ry2, n;
+    int i, size;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+
+    MP_DIGITS(&rx) = 0;
+    MP_DIGITS(&ry) = 0;
+    MP_DIGITS(&rx2) = 0;
+    MP_DIGITS(&ry2) = 0;
+    MP_DIGITS(&n) = 0;
+
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&rx2));
+    MP_CHECKOK(mp_init(&ry2));
+    MP_CHECKOK(mp_init(&n));
+
+    for (i = 0; i < 100; i++) {
+        /* compute random scalar */
+        size = mpl_significant_bits(&ecgroup->meth->irr);
+        if (size < MP_OKAY) {
+            res = MP_NO;
+            goto CLEANUP;
+        }
+        MP_CHECKOK(mpp_random_size(&n, group->orderBitSize));
+        MP_CHECKOK(mp_mod(&n, &ecgroup->order, &n));
+
+        ec_GFp_pt_mul_jac(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+                          ecgroup);
+        ec_GFp_pt_mul_jac_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx2,
+                             &ry2, ecgroup);
+
+        if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+            printf("  Error: different results for Point Multiplication - Double & Add.\n");
+            res = MP_NO;
+            goto CLEANUP;
+        }
+
+        ec_GFp_point_mul_wNAF_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
+                                 &ry, ecgroup);
+        if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+            printf("  Error: different results for Point Multiplication - wNAF.\n");
+            res = MP_NO;
+            goto CLEANUP;
+        }
+
+        ec_GFp_point_mul_jac_4w_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx,
+                                   &ry, ecgroup);
+        if ((mp_cmp(&rx, &rx2) != 0) || (mp_cmp(&ry, &ry2) != 0)) {
+            printf("  Error: different results for Point Multiplication - 4 bit window.\n");
+            res = MP_NO;
+            goto CLEANUP;
+        }
+    }
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Random Multiplication\n");
+    else
+        printf("TEST FAILED - Point Random Multiplication\n");
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&rx2);
+    mp_clear(&ry2);
+    mp_clear(&n);
+
+    return res;
+}
+
+/* Tests the time required for a point multiplication */
+mp_err
+testPointMulTime(ECGroup *ecgroup)
+{
+    mp_err res = MP_OKAY;
+    mp_int rx, ry, n;
+    int size;
+
+    MP_DIGITS(&rx) = 0;
+    MP_DIGITS(&ry) = 0;
+    MP_DIGITS(&n) = 0;
+
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&n));
+
+    /* compute random scalar */
+    size = mpl_significant_bits(&ecgroup->meth->irr);
+    if (size < MP_OKAY) {
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+    MP_CHECKOK(ecgroup->meth->field_mod(&n, &n, ecgroup->meth));
+
+    M_TimeOperation(ec_GFp_pt_mul_jac_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+                                         ecgroup),
+                    1000);
+
+    M_TimeOperation(ec_GFp_point_mul_jac_4w_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+                                               ecgroup),
+                    1000);
+
+    M_TimeOperation(ec_GFp_point_mul_wNAF_fp(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+                                             ecgroup),
+                    1000);
+
+    M_TimeOperation(ec_GFp_pt_mul_jac(&n, &ecgroup->genx, &ecgroup->geny, &rx, &ry,
+                                      ecgroup),
+                    100);
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Point Multiplication Timing\n");
+    else
+        printf("TEST FAILED - Point Multiplication Timing\n");
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&n);
+
+    return res;
+}
+
+/* Tests pre computation of Chudnovsky Jacobian points used in wNAF form */
+mp_err
+testPreCompute(ECGroup *ecgroup)
+{
+    ecfp_chud_pt precomp[16];
+    ecfp_aff_pt p;
+    EC_group_fp *group = (EC_group_fp *)ecgroup->extra1;
+    int i;
+    mp_err res;
+
+    mp_int x, y, ny, x2, y2;
+
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&y) = 0;
+    MP_DIGITS(&ny) = 0;
+    MP_DIGITS(&x2) = 0;
+    MP_DIGITS(&y2) = 0;
+
+    MP_CHECKOK(mp_init(&x));
+    MP_CHECKOK(mp_init(&y));
+    MP_CHECKOK(mp_init(&ny));
+    MP_CHECKOK(mp_init(&x2));
+    MP_CHECKOK(mp_init(&y2));
+
+    ecfp_i2fp(p.x, &ecgroup->genx, ecgroup);
+    ecfp_i2fp(p.y, &ecgroup->geny, ecgroup);
+    ecfp_i2fp(group->curvea, &(ecgroup->curvea), ecgroup);
+
+    /* Perform precomputation */
+    group->precompute_chud(precomp, &p, group);
+
+    M_TimeOperation(group->precompute_chud(precomp, &p, group), 10000);
+
+    /* Calculate addition to compare against */
+    MP_CHECKOK(mp_copy(&ecgroup->genx, &x));
+    MP_CHECKOK(mp_copy(&ecgroup->geny, &y));
+    MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
+
+    ec_GFp_pt_dbl_aff(&x, &y, &x2, &y2, ecgroup);
+
+    for (i = 0; i < 8; i++) {
+        MP_CHECKOK(testChudPoint(&precomp[8 + i], &x, &y, ecgroup));
+        MP_CHECKOK(testChudPoint(&precomp[7 - i], &x, &ny, ecgroup));
+        ec_GFp_pt_add_aff(&x, &y, &x2, &y2, &x, &y, ecgroup);
+        MP_CHECKOK(ecgroup->meth->field_neg(&y, &ny, ecgroup->meth));
+    }
+
+CLEANUP:
+    if (res == MP_OKAY)
+        printf("  Test Passed - Precomputation\n");
+    else
+        printf("TEST FAILED - Precomputation\n");
+
+    mp_clear(&x);
+    mp_clear(&y);
+    mp_clear(&ny);
+    mp_clear(&x2);
+    mp_clear(&y2);
+    return res;
+}
+
+/* Given a curve using floating point arithmetic, test it. This method
+ * specifies which of the above tests to run. */
+mp_err
+testCurve(ECGroup *ecgroup)
+{
+    int res = MP_OKAY;
+
+    MP_CHECKOK(testPointAddJacAff(ecgroup));
+    MP_CHECKOK(testPointAddJac(ecgroup));
+    MP_CHECKOK(testPointAddChud(ecgroup));
+    MP_CHECKOK(testPointAddJmChud(ecgroup));
+    MP_CHECKOK(testPointDoubleJac(ecgroup));
+    MP_CHECKOK(testPointDoubleChud(ecgroup));
+    MP_CHECKOK(testPointDoubleJm(ecgroup));
+    MP_CHECKOK(testPreCompute(ecgroup));
+    MP_CHECKOK(testPointMul(ecgroup));
+    MP_CHECKOK(testPointMulRandom(ecgroup));
+    MP_CHECKOK(testPointMulTime(ecgroup));
+CLEANUP:
+    return res;
+}
+
+/* Tests a number of curves optimized using floating point arithmetic */
+int
+main(void)
+{
+    mp_err res = MP_OKAY;
+    ECGroup *ecgroup = NULL;
+
+    /* specific arithmetic tests */
+    M_TestCurve("SECG-160R1", ECCurve_SECG_PRIME_160R1);
+    M_TestCurve("SECG-192R1", ECCurve_SECG_PRIME_192R1);
+    M_TestCurve("SEGC-224R1", ECCurve_SECG_PRIME_224R1);
+
+CLEANUP:
+    ECGroup_free(ecgroup);
+    if (res != MP_OKAY) {
+        printf("Error: exiting with error value %i\n", res);
+    }
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/tests/ecp_test.c b/nss/lib/freebl/ecl/tests/ecp_test.c
new file mode 100644
index 0000000..949d8c8
--- /dev/null
+++ b/nss/lib/freebl/ecl/tests/ecp_test.c
@@ -0,0 +1,408 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpprime.h"
+#include "ecl.h"
+#include "ecl-curve.h"
+#include "ecp.h"
+#include <stdio.h>
+#include <strings.h>
+#include <assert.h>
+
+#include <time.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+/* Time k repetitions of operation op. */
+#define M_TimeOperation(op, k)                                                        \
+    {                                                                                 \
+        double dStart, dNow, dUserTime;                                               \
+        struct rusage ru;                                                             \
+        int i;                                                                        \
+        getrusage(RUSAGE_SELF, &ru);                                                  \
+        dStart = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001; \
+        for (i = 0; i < k; i++) {                                                     \
+            {                                                                         \
+                op;                                                                   \
+            }                                                                         \
+        };                                                                            \
+        getrusage(RUSAGE_SELF, &ru);                                                  \
+        dNow = (double)ru.ru_utime.tv_sec + (double)ru.ru_utime.tv_usec * 0.000001;   \
+        dUserTime = dNow - dStart;                                                    \
+        if (dUserTime)                                                                \
+            printf("    %-45s k: %6i, t: %6.2f sec\n", #op, k, dUserTime);            \
+    }
+
+/* Test curve using generic field arithmetic. */
+#define ECTEST_GENERIC_GFP(name_c, name)                             \
+    printf("Testing %s using generic implementation...\n", name_c);  \
+    params = EC_GetNamedCurveParams(name);                           \
+    if (params == NULL) {                                            \
+        printf("  Error: could not construct params.\n");            \
+        res = MP_NO;                                                 \
+        goto CLEANUP;                                                \
+    }                                                                \
+    ECGroup_free(group);                                             \
+    group = ECGroup_fromHex(params);                                 \
+    if (group == NULL) {                                             \
+        printf("  Error: could not construct group.\n");             \
+        res = MP_NO;                                                 \
+        goto CLEANUP;                                                \
+    }                                                                \
+    MP_CHECKOK(ectest_curve_GFp(group, ectestPrint, ectestTime, 1)); \
+    printf("... okay.\n");
+
+/* Test curve using specific field arithmetic. */
+#define ECTEST_NAMED_GFP(name_c, name)                                   \
+    printf("Testing %s using specific implementation...\n", name_c);     \
+    ECGroup_free(group);                                                 \
+    group = ECGroup_fromName(name);                                      \
+    if (group == NULL) {                                                 \
+        printf("  Warning: could not construct group.\n");               \
+        printf("... failed; continuing with remaining tests.\n");        \
+    } else {                                                             \
+        MP_CHECKOK(ectest_curve_GFp(group, ectestPrint, ectestTime, 0)); \
+        printf("... okay.\n");                                           \
+    }
+
+/* Performs basic tests of elliptic curve cryptography over prime fields.
+ * If tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+ectest_curve_GFp(ECGroup *group, int ectestPrint, int ectestTime,
+                 int generic)
+{
+
+    mp_int one, order_1, gx, gy, rx, ry, n;
+    int size;
+    mp_err res;
+    char s[1000];
+
+    /* initialize values */
+    MP_CHECKOK(mp_init(&one));
+    MP_CHECKOK(mp_init(&order_1));
+    MP_CHECKOK(mp_init(&gx));
+    MP_CHECKOK(mp_init(&gy));
+    MP_CHECKOK(mp_init(&rx));
+    MP_CHECKOK(mp_init(&ry));
+    MP_CHECKOK(mp_init(&n));
+
+    MP_CHECKOK(mp_set_int(&one, 1));
+    MP_CHECKOK(mp_sub(&group->order, &one, &order_1));
+
+    /* encode base point */
+    if (group->meth->field_dec) {
+        MP_CHECKOK(group->meth->field_dec(&group->genx, &gx, group->meth));
+        MP_CHECKOK(group->meth->field_dec(&group->geny, &gy, group->meth));
+    } else {
+        MP_CHECKOK(mp_copy(&group->genx, &gx));
+        MP_CHECKOK(mp_copy(&group->geny, &gy));
+    }
+    if (ectestPrint) {
+        /* output base point */
+        printf("  base point P:\n");
+        MP_CHECKOK(mp_toradix(&gx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&gy, s, 16));
+        printf("    %s\n", s);
+        if (group->meth->field_enc) {
+            printf("  base point P (encoded):\n");
+            MP_CHECKOK(mp_toradix(&group->genx, s, 16));
+            printf("    %s\n", s);
+            MP_CHECKOK(mp_toradix(&group->geny, s, 16));
+            printf("    %s\n", s);
+        }
+    }
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+    /* multiply base point by order - 1 and check for negative of base
+     * point */
+    MP_CHECKOK(ec_GFp_pt_mul_aff(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+    if (ectestPrint) {
+        printf("  (order-1)*P (affine):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
+    if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+    /* multiply base point by order - 1 and check for negative of base
+     * point */
+    MP_CHECKOK(ec_GFp_pt_mul_jac(&order_1, &group->genx, &group->geny, &rx, &ry, group));
+    if (ectestPrint) {
+        printf("  (order-1)*P (jacobian):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(group->meth->field_neg(&ry, &ry, group->meth));
+    if ((mp_cmp(&rx, &group->genx) != 0) || (mp_cmp(&ry, &group->geny) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+    /* multiply base point by order - 1 and check for negative of base
+     * point */
+    MP_CHECKOK(ECPoint_mul(group, &order_1, NULL, NULL, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order-1)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+    if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* multiply base point by order - 1 and check for negative of base
+     * point */
+    MP_CHECKOK(ECPoint_mul(group, &order_1, &gx, &gy, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order-1)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+    if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ec_GFp_pt_mul_aff(&group->order, &group->genx, &group->geny, &rx, &ry,
+                                 group));
+    if (ectestPrint) {
+        printf("  (order)*P (affine):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+#ifdef ECL_ENABLE_GFP_PT_MUL_JAC
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ec_GFp_pt_mul_jac(&group->order, &group->genx, &group->geny, &rx, &ry,
+                                 group));
+    if (ectestPrint) {
+        printf("  (order)*P (jacobian):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+#endif
+
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ECPoint_mul(group, &group->order, NULL, NULL, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* multiply base point by order and check for point at infinity */
+    MP_CHECKOK(ECPoint_mul(group, &group->order, &gx, &gy, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order)*P (ECPoint_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    if (ec_GFp_pt_is_inf_aff(&rx, &ry) != MP_YES) {
+        printf("  Error: invalid result (expected point at infinity).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* check that (order-1)P + (order-1)P + P == (order-1)P */
+    MP_CHECKOK(ECPoints_mul(group, &order_1, &order_1, &gx, &gy, &rx, &ry));
+    MP_CHECKOK(ECPoints_mul(group, &one, &one, &rx, &ry, &rx, &ry));
+    if (ectestPrint) {
+        printf("  (order-1)*P + (order-1)*P + P == (order-1)*P (ECPoints_mul):\n");
+        MP_CHECKOK(mp_toradix(&rx, s, 16));
+        printf("    %s\n", s);
+        MP_CHECKOK(mp_toradix(&ry, s, 16));
+        printf("    %s\n", s);
+    }
+    MP_CHECKOK(mp_submod(&group->meth->irr, &ry, &group->meth->irr, &ry));
+    if ((mp_cmp(&rx, &gx) != 0) || (mp_cmp(&ry, &gy) != 0)) {
+        printf("  Error: invalid result (expected (- base point)).\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    /* test validate_point function */
+    if (ECPoint_validate(group, &gx, &gy) != MP_YES) {
+        printf("  Error: validate point on base point failed.\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+    MP_CHECKOK(mp_add_d(&gy, 1, &ry));
+    if (ECPoint_validate(group, &gx, &ry) != MP_NO) {
+        printf("  Error: validate point on invalid point passed.\n");
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    if (ectestTime) {
+        /* compute random scalar */
+        size = mpl_significant_bits(&group->meth->irr);
+        if (size < MP_OKAY) {
+            goto CLEANUP;
+        }
+        MP_CHECKOK(mpp_random_size(&n, (size + ECL_BITS - 1) / ECL_BITS));
+        MP_CHECKOK(group->meth->field_mod(&n, &n, group->meth));
+        /* timed test */
+        if (generic) {
+#ifdef ECL_ENABLE_GFP_PT_MUL_AFF
+            M_TimeOperation(MP_CHECKOK(ec_GFp_pt_mul_aff(&n, &group->genx, &group->geny, &rx, &ry,
+                                                         group)),
+                            100);
+#endif
+            M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+                            100);
+            M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+        } else {
+            M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, NULL, NULL, &rx, &ry)),
+                            100);
+            M_TimeOperation(MP_CHECKOK(ECPoint_mul(group, &n, &gx, &gy, &rx, &ry)),
+                            100);
+            M_TimeOperation(MP_CHECKOK(ECPoints_mul(group, &n, &n, &gx, &gy, &rx, &ry)), 100);
+        }
+    }
+
+CLEANUP:
+    mp_clear(&one);
+    mp_clear(&order_1);
+    mp_clear(&gx);
+    mp_clear(&gy);
+    mp_clear(&rx);
+    mp_clear(&ry);
+    mp_clear(&n);
+    if (res != MP_OKAY) {
+        printf("  Error: exiting with error value %i\n", res);
+    }
+    return res;
+}
+
+/* Prints help information. */
+void
+printUsage()
+{
+    printf("Usage: ecp_test [--print] [--time]\n");
+    printf("    --print     Print out results of each point arithmetic test.\n");
+    printf("    --time      Benchmark point operations and print results.\n");
+}
+
+/* Performs tests of elliptic curve cryptography over prime fields If
+ * tests fail, then it prints an error message, aborts, and returns an
+ * error code. Otherwise, returns 0. */
+int
+main(int argv, char **argc)
+{
+
+    int ectestTime = 0;
+    int ectestPrint = 0;
+    int i;
+    ECGroup *group = NULL;
+    ECCurveParams *params = NULL;
+    mp_err res;
+
+    /* read command-line arguments */
+    for (i = 1; i < argv; i++) {
+        if ((strcasecmp(argc[i], "time") == 0) || (strcasecmp(argc[i], "-time") == 0) || (strcasecmp(argc[i], "--time") == 0)) {
+            ectestTime = 1;
+        } else if ((strcasecmp(argc[i], "print") == 0) || (strcasecmp(argc[i], "-print") == 0) || (strcasecmp(argc[i], "--print") == 0)) {
+            ectestPrint = 1;
+        } else {
+            printUsage();
+            return 0;
+        }
+    }
+
+    /* generic arithmetic tests */
+    ECTEST_GENERIC_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
+
+    /* specific arithmetic tests */
+    ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
+    ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
+    ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
+    ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
+    ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
+    ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
+    ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
+    ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
+    ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
+    ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
+    ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
+    ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
+    ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
+    ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
+    ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
+    ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
+    ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
+    ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
+    ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
+    ECTEST_NAMED_GFP("SECP-192K1", ECCurve_SECG_PRIME_192K1);
+    ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
+    ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
+    ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
+    ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
+    ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
+    ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
+    ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
+    ECTEST_NAMED_GFP("WTLS-6 (112)", ECCurve_WTLS_6);
+    ECTEST_NAMED_GFP("WTLS-7 (160)", ECCurve_WTLS_7);
+    ECTEST_NAMED_GFP("WTLS-8 (112)", ECCurve_WTLS_8);
+    ECTEST_NAMED_GFP("WTLS-9 (160)", ECCurve_WTLS_9);
+    ECTEST_NAMED_GFP("WTLS-12 (224)", ECCurve_WTLS_12);
+
+CLEANUP:
+    EC_FreeCurveParams(params);
+    ECGroup_free(group);
+    if (res != MP_OKAY) {
+        printf("Error: exiting with error value %i\n", res);
+    }
+    return res;
+}
diff --git a/nss/lib/freebl/ecl/uint128.c b/nss/lib/freebl/ecl/uint128.c
new file mode 100644
index 0000000..5465875
--- /dev/null
+++ b/nss/lib/freebl/ecl/uint128.c
@@ -0,0 +1,90 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "uint128.h"
+
+/* helper functions */
+uint64_t
+mask51(uint128_t x)
+{
+    return x.lo & MASK51;
+}
+
+uint64_t
+mask_lower(uint128_t x)
+{
+    return x.lo;
+}
+
+uint128_t
+mask51full(uint128_t x)
+{
+    uint128_t ret = { x.lo & MASK51, 0 };
+    return ret;
+}
+
+uint128_t
+init128x(uint64_t x)
+{
+    uint128_t ret = { x, 0 };
+    return ret;
+}
+
+#define CONSTANT_TIME_CARRY(a, b) \
+    ((a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1))
+
+/* arithmetic */
+
+uint128_t
+add128(uint128_t a, uint128_t b)
+{
+    uint128_t ret;
+    ret.lo = a.lo + b.lo;
+    ret.hi = a.hi + b.hi + CONSTANT_TIME_CARRY(ret.lo, b.lo);
+    return ret;
+}
+
+/* out = 19 * a */
+uint128_t
+mul12819(uint128_t a)
+{
+    uint128_t ret = lshift128(a, 4);
+    ret = add128(ret, a);
+    ret = add128(ret, a);
+    ret = add128(ret, a);
+    return ret;
+}
+
+uint128_t
+mul6464(uint64_t a, uint64_t b)
+{
+    uint128_t ret;
+    uint64_t t0 = ((uint64_t)(uint32_t)a) * ((uint64_t)(uint32_t)b);
+    uint64_t t1 = (a >> 32) * ((uint64_t)(uint32_t)b) + (t0 >> 32);
+    uint64_t t2 = (b >> 32) * ((uint64_t)(uint32_t)a) + ((uint32_t)t1);
+    ret.lo = (((uint64_t)((uint32_t)t2)) << 32) + ((uint32_t)t0);
+    ret.hi = (a >> 32) * (b >> 32);
+    ret.hi += (t2 >> 32) + (t1 >> 32);
+    return ret;
+}
+
+/* only defined for n < 64 */
+uint128_t
+rshift128(uint128_t x, uint8_t n)
+{
+    uint128_t ret;
+    ret.lo = (x.lo >> n) + (x.hi << (64 - n));
+    ret.hi = x.hi >> n;
+    return ret;
+}
+
+/* only defined for n < 64 */
+uint128_t
+lshift128(uint128_t x, uint8_t n)
+{
+    uint128_t ret;
+    ret.hi = (x.hi << n) + (x.lo >> (64 - n));
+    ret.lo = x.lo << n;
+    return ret;
+}
diff --git a/nss/lib/freebl/ecl/uint128.h b/nss/lib/freebl/ecl/uint128.h
new file mode 100644
index 0000000..a3a71e6
--- /dev/null
+++ b/nss/lib/freebl/ecl/uint128.h
@@ -0,0 +1,35 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdint.h>
+
+#define MASK51 0x7ffffffffffffULL
+
+#ifdef HAVE_INT128_SUPPORT
+typedef unsigned __int128 uint128_t;
+#define add128(a, b) (a) + (b)
+#define mul6464(a, b) (uint128_t)(a) * (uint128_t)(b)
+#define mul12819(a) (uint128_t)(a) * 19
+#define rshift128(x, n) (x) >> (n)
+#define lshift128(x, n) (x) << (n)
+#define mask51(x) (x) & 0x7ffffffffffff
+#define mask_lower(x) (uint64_t)(x)
+#define mask51full(x) (x) & 0x7ffffffffffff
+#define init128x(x) (x)
+#else /* uint128_t for Windows and 32 bit intel systems */
+struct uint128_t_str {
+    uint64_t lo;
+    uint64_t hi;
+};
+typedef struct uint128_t_str uint128_t;
+uint128_t add128(uint128_t a, uint128_t b);
+uint128_t mul6464(uint64_t a, uint64_t b);
+uint128_t mul12819(uint128_t a);
+uint128_t rshift128(uint128_t x, uint8_t n);
+uint128_t lshift128(uint128_t x, uint8_t n);
+uint64_t mask51(uint128_t x);
+uint64_t mask_lower(uint128_t x);
+uint128_t mask51full(uint128_t x);
+uint128_t init128x(uint64_t x);
+#endif
diff --git a/nss/lib/freebl/exports.gyp b/nss/lib/freebl/exports.gyp
new file mode 100644
index 0000000..ef81685
--- /dev/null
+++ b/nss/lib/freebl/exports.gyp
@@ -0,0 +1,48 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_freebl_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'blapit.h',
+            'ecl/ecl-exp.h',
+            'shsign.h'
+          ],
+          'conditions': [
+            [ 'OS=="linux"', {
+              'files': [
+                'nsslowhash.h',
+              ],
+            }],
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'alghmac.h',
+            'blapi.h',
+            'chacha20poly1305.h',
+            'ec.h',
+            'ecl/ecl-curve.h',
+            'ecl/ecl.h',
+            'hmacct.h',
+            'secmpi.h',
+            'secrng.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c
new file mode 100644
index 0000000..b3ae686
--- /dev/null
+++ b/nss/lib/freebl/fipsfreebl.c
@@ -0,0 +1,1715 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "seccomon.h" /* Required for RSA and DSA. */
+#include "secerr.h"
+#include "prtypes.h"
+
+#ifdef NSS_ENABLE_ECC
+#include "ec.h" /* Required for ECDSA */
+#endif
+
+/*
+ * different platforms have different ways of calling and initial entry point
+ * when the dll/.so is loaded. Most platforms support either a posix pragma
+ * or the GCC attribute. Some platforms suppor a pre-defined name, and some
+ * platforms have a link line way of invoking this function.
+ */
+
+/* The pragma */
+#if defined(USE_INIT_PRAGMA)
+#pragma init(bl_startup_tests)
+#endif
+
+/* GCC Attribute */
+#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT)
+#define INIT_FUNCTION __attribute__((constructor))
+#else
+#define INIT_FUNCTION
+#endif
+
+static void INIT_FUNCTION bl_startup_tests(void);
+
+/* Windows pre-defined entry */
+#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
+#include <windows.h>
+
+BOOL WINAPI DllMain(
+    HINSTANCE hinstDLL, // handle to DLL module
+    DWORD fdwReason,    // reason for calling function
+    LPVOID lpReserved)  // reserved
+{
+    // Perform actions based on the reason for calling.
+    switch (fdwReason) {
+        case DLL_PROCESS_ATTACH:
+            // Initialize once for each new process.
+            // Return FALSE to fail DLL load.
+            bl_startup_tests();
+            break;
+
+        case DLL_THREAD_ATTACH:
+            // Do thread-specific initialization.
+            break;
+
+        case DLL_THREAD_DETACH:
+            // Do thread-specific cleanup.
+            break;
+
+        case DLL_PROCESS_DETACH:
+            // Perform any necessary cleanup.
+            break;
+    }
+    return TRUE; // Successful DLL_PROCESS_ATTACH.
+}
+#endif
+
+/* insert other platform dependent init entry points here, or modify
+ * the linker line */
+
+/* FIPS preprocessor directives for RC2-ECB and RC2-CBC.        */
+#define FIPS_RC2_KEY_LENGTH 5     /*  40-bits */
+#define FIPS_RC2_ENCRYPT_LENGTH 8 /*  64-bits */
+#define FIPS_RC2_DECRYPT_LENGTH 8 /*  64-bits */
+
+/* FIPS preprocessor directives for RC4.                        */
+#define FIPS_RC4_KEY_LENGTH 5     /*  40-bits */
+#define FIPS_RC4_ENCRYPT_LENGTH 8 /*  64-bits */
+#define FIPS_RC4_DECRYPT_LENGTH 8 /*  64-bits */
+
+/* FIPS preprocessor directives for DES-ECB and DES-CBC.        */
+#define FIPS_DES_ENCRYPT_LENGTH 8 /*  64-bits */
+#define FIPS_DES_DECRYPT_LENGTH 8 /*  64-bits */
+
+/* FIPS preprocessor directives for DES3-CBC and DES3-ECB.      */
+#define FIPS_DES3_ENCRYPT_LENGTH 8 /*  64-bits */
+#define FIPS_DES3_DECRYPT_LENGTH 8 /*  64-bits */
+
+/* FIPS preprocessor directives for AES-ECB and AES-CBC.        */
+#define FIPS_AES_BLOCK_SIZE 16     /* 128-bits */
+#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
+#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
+#define FIPS_AES_128_KEY_SIZE 16   /* 128-bits */
+#define FIPS_AES_192_KEY_SIZE 24   /* 192-bits */
+#define FIPS_AES_256_KEY_SIZE 32   /* 256-bits */
+
+/* FIPS preprocessor directives for message digests             */
+#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
+
+/* FIPS preprocessor directives for RSA.                         */
+#define FIPS_RSA_TYPE siBuffer
+#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3    /*   24-bits */
+#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1    /*    8-bits */
+#define FIPS_RSA_MESSAGE_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_COEFFICIENT_LENGTH 128      /* 1024-bits */
+#define FIPS_RSA_PRIME0_LENGTH 128           /* 1024-bits */
+#define FIPS_RSA_PRIME1_LENGTH 128           /* 1024-bits */
+#define FIPS_RSA_EXPONENT0_LENGTH 128        /* 1024-bits */
+#define FIPS_RSA_EXPONENT1_LENGTH 128        /* 1024-bits */
+#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_ENCRYPT_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_DECRYPT_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_SIGNATURE_LENGTH 256        /* 2048-bits */
+#define FIPS_RSA_MODULUS_LENGTH 256          /* 2048-bits */
+
+/* FIPS preprocessor directives for DSA.                        */
+#define FIPS_DSA_TYPE siBuffer
+#define FIPS_DSA_DIGEST_LENGTH 20    /*  160-bits */
+#define FIPS_DSA_SUBPRIME_LENGTH 20  /*  160-bits */
+#define FIPS_DSA_SIGNATURE_LENGTH 40 /*  320-bits */
+#define FIPS_DSA_PRIME_LENGTH 128    /* 1024-bits */
+#define FIPS_DSA_BASE_LENGTH 128     /* 1024-bits */
+
+/* FIPS preprocessor directives for RNG.                        */
+#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
+
+static SECStatus
+freebl_fips_DES3_PowerUpSelfTest(void)
+{
+    /* DES3 Known Key (56-bits). */
+    static const PRUint8 des3_known_key[] = { "ANSI Triple-DES Key Data" };
+
+    /* DES3-CBC Known Initialization Vector (64-bits). */
+    static const PRUint8 des3_cbc_known_initialization_vector[] = { "Security" };
+
+    /* DES3 Known Plaintext (64-bits). */
+    static const PRUint8 des3_ecb_known_plaintext[] = { "Netscape" };
+    static const PRUint8 des3_cbc_known_plaintext[] = { "Netscape" };
+
+    /* DES3 Known Ciphertext (64-bits). */
+    static const PRUint8 des3_ecb_known_ciphertext[] = {
+        0x55, 0x8e, 0xad, 0x3c, 0xee, 0x49, 0x69, 0xbe
+    };
+    static const PRUint8 des3_cbc_known_ciphertext[] = {
+        0x43, 0xdc, 0x6a, 0xc1, 0xaf, 0xa6, 0x32, 0xf5
+    };
+
+    /* DES3 variables. */
+    PRUint8 des3_computed_ciphertext[FIPS_DES3_ENCRYPT_LENGTH];
+    PRUint8 des3_computed_plaintext[FIPS_DES3_DECRYPT_LENGTH];
+    DESContext *des3_context;
+    unsigned int des3_bytes_encrypted;
+    unsigned int des3_bytes_decrypted;
+    SECStatus des3_status;
+
+    /*******************************************************/
+    /* DES3-ECB Single-Round Known Answer Encryption Test. */
+    /*******************************************************/
+
+    des3_context = DES_CreateContext(des3_known_key, NULL,
+                                     NSS_DES_EDE3, PR_TRUE);
+
+    if (des3_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    des3_status = DES_Encrypt(des3_context, des3_computed_ciphertext,
+                              &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
+                              des3_ecb_known_plaintext,
+                              FIPS_DES3_DECRYPT_LENGTH);
+
+    DES_DestroyContext(des3_context, PR_TRUE);
+
+    if ((des3_status != SECSuccess) ||
+        (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) ||
+        (PORT_Memcmp(des3_computed_ciphertext, des3_ecb_known_ciphertext,
+                     FIPS_DES3_ENCRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /*******************************************************/
+    /* DES3-ECB Single-Round Known Answer Decryption Test. */
+    /*******************************************************/
+
+    des3_context = DES_CreateContext(des3_known_key, NULL,
+                                     NSS_DES_EDE3, PR_FALSE);
+
+    if (des3_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    des3_status = DES_Decrypt(des3_context, des3_computed_plaintext,
+                              &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
+                              des3_ecb_known_ciphertext,
+                              FIPS_DES3_ENCRYPT_LENGTH);
+
+    DES_DestroyContext(des3_context, PR_TRUE);
+
+    if ((des3_status != SECSuccess) ||
+        (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) ||
+        (PORT_Memcmp(des3_computed_plaintext, des3_ecb_known_plaintext,
+                     FIPS_DES3_DECRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /*******************************************************/
+    /* DES3-CBC Single-Round Known Answer Encryption Test. */
+    /*******************************************************/
+
+    des3_context = DES_CreateContext(des3_known_key,
+                                     des3_cbc_known_initialization_vector,
+                                     NSS_DES_EDE3_CBC, PR_TRUE);
+
+    if (des3_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    des3_status = DES_Encrypt(des3_context, des3_computed_ciphertext,
+                              &des3_bytes_encrypted, FIPS_DES3_ENCRYPT_LENGTH,
+                              des3_cbc_known_plaintext,
+                              FIPS_DES3_DECRYPT_LENGTH);
+
+    DES_DestroyContext(des3_context, PR_TRUE);
+
+    if ((des3_status != SECSuccess) ||
+        (des3_bytes_encrypted != FIPS_DES3_ENCRYPT_LENGTH) ||
+        (PORT_Memcmp(des3_computed_ciphertext, des3_cbc_known_ciphertext,
+                     FIPS_DES3_ENCRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /*******************************************************/
+    /* DES3-CBC Single-Round Known Answer Decryption Test. */
+    /*******************************************************/
+
+    des3_context = DES_CreateContext(des3_known_key,
+                                     des3_cbc_known_initialization_vector,
+                                     NSS_DES_EDE3_CBC, PR_FALSE);
+
+    if (des3_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    des3_status = DES_Decrypt(des3_context, des3_computed_plaintext,
+                              &des3_bytes_decrypted, FIPS_DES3_DECRYPT_LENGTH,
+                              des3_cbc_known_ciphertext,
+                              FIPS_DES3_ENCRYPT_LENGTH);
+
+    DES_DestroyContext(des3_context, PR_TRUE);
+
+    if ((des3_status != SECSuccess) ||
+        (des3_bytes_decrypted != FIPS_DES3_DECRYPT_LENGTH) ||
+        (PORT_Memcmp(des3_computed_plaintext, des3_cbc_known_plaintext,
+                     FIPS_DES3_DECRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+/* AES self-test for 128-bit, 192-bit, or 256-bit key sizes*/
+static SECStatus
+freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
+{
+    /* AES Known Key (up to 256-bits). */
+    static const PRUint8 aes_known_key[] =
+        { "AES-128 RIJNDAELLEADNJIR 821-SEA" };
+
+    /* AES-CBC Known Initialization Vector (128-bits). */
+    static const PRUint8 aes_cbc_known_initialization_vector[] =
+        { "SecurityytiruceS" };
+
+    /* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
+    static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
+
+    /* AES Known Ciphertext (128-bit key). */
+    static const PRUint8 aes_ecb128_known_ciphertext[] = {
+        0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
+        0x03, 0x88, 0x16, 0x7b, 0x20, 0xbf, 0x35, 0x47
+    };
+
+    static const PRUint8 aes_cbc128_known_ciphertext[] = {
+        0xcf, 0x15, 0x1d, 0x4f, 0x96, 0xe4, 0x4f, 0x63,
+        0x15, 0x54, 0x14, 0x1d, 0x4e, 0xd8, 0xd5, 0xea
+    };
+
+    /* AES Known Ciphertext (192-bit key). */
+    static const PRUint8 aes_ecb192_known_ciphertext[] = {
+        0xa0, 0x18, 0x62, 0xed, 0x88, 0x19, 0xcb, 0x62,
+        0x88, 0x1d, 0x4d, 0xfe, 0x84, 0x02, 0x89, 0x0e
+    };
+
+    static const PRUint8 aes_cbc192_known_ciphertext[] = {
+        0x83, 0xf7, 0xa4, 0x76, 0xd1, 0x6f, 0x07, 0xbe,
+        0x07, 0xbc, 0x43, 0x2f, 0x6d, 0xad, 0x29, 0xe1
+    };
+
+    /* AES Known Ciphertext (256-bit key). */
+    static const PRUint8 aes_ecb256_known_ciphertext[] = {
+        0xdb, 0xa6, 0x52, 0x01, 0x8a, 0x70, 0xae, 0x66,
+        0x3a, 0x99, 0xd8, 0x95, 0x7f, 0xfb, 0x01, 0x67
+    };
+
+    static const PRUint8 aes_cbc256_known_ciphertext[] = {
+        0x37, 0xea, 0x07, 0x06, 0x31, 0x1c, 0x59, 0x27,
+        0xc5, 0xc5, 0x68, 0x71, 0x6e, 0x34, 0x40, 0x16
+    };
+
+    const PRUint8 *aes_ecb_known_ciphertext =
+        (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext;
+
+    const PRUint8 *aes_cbc_known_ciphertext =
+        (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext : aes_cbc256_known_ciphertext;
+
+    /* AES variables. */
+    PRUint8 aes_computed_ciphertext[FIPS_AES_ENCRYPT_LENGTH];
+    PRUint8 aes_computed_plaintext[FIPS_AES_DECRYPT_LENGTH];
+    AESContext *aes_context;
+    unsigned int aes_bytes_encrypted;
+    unsigned int aes_bytes_decrypted;
+    SECStatus aes_status;
+
+    /*check if aes_key_size is 128, 192, or 256 bits */
+    if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
+        (aes_key_size != FIPS_AES_192_KEY_SIZE) &&
+        (aes_key_size != FIPS_AES_256_KEY_SIZE)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /******************************************************/
+    /* AES-ECB Single-Round Known Answer Encryption Test: */
+    /******************************************************/
+
+    aes_context = AES_CreateContext(aes_known_key, NULL, NSS_AES, PR_TRUE,
+                                    aes_key_size, FIPS_AES_BLOCK_SIZE);
+
+    if (aes_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext,
+                             &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
+                             aes_known_plaintext,
+                             FIPS_AES_DECRYPT_LENGTH);
+
+    AES_DestroyContext(aes_context, PR_TRUE);
+
+    if ((aes_status != SECSuccess) ||
+        (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) ||
+        (PORT_Memcmp(aes_computed_ciphertext, aes_ecb_known_ciphertext,
+                     FIPS_AES_ENCRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /******************************************************/
+    /* AES-ECB Single-Round Known Answer Decryption Test: */
+    /******************************************************/
+
+    aes_context = AES_CreateContext(aes_known_key, NULL, NSS_AES, PR_FALSE,
+                                    aes_key_size, FIPS_AES_BLOCK_SIZE);
+
+    if (aes_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    aes_status = AES_Decrypt(aes_context, aes_computed_plaintext,
+                             &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
+                             aes_ecb_known_ciphertext,
+                             FIPS_AES_ENCRYPT_LENGTH);
+
+    AES_DestroyContext(aes_context, PR_TRUE);
+
+    if ((aes_status != SECSuccess) ||
+        (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) ||
+        (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext,
+                     FIPS_AES_DECRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /******************************************************/
+    /* AES-CBC Single-Round Known Answer Encryption Test. */
+    /******************************************************/
+
+    aes_context = AES_CreateContext(aes_known_key,
+                                    aes_cbc_known_initialization_vector,
+                                    NSS_AES_CBC, PR_TRUE, aes_key_size,
+                                    FIPS_AES_BLOCK_SIZE);
+
+    if (aes_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    aes_status = AES_Encrypt(aes_context, aes_computed_ciphertext,
+                             &aes_bytes_encrypted, FIPS_AES_ENCRYPT_LENGTH,
+                             aes_known_plaintext,
+                             FIPS_AES_DECRYPT_LENGTH);
+
+    AES_DestroyContext(aes_context, PR_TRUE);
+
+    if ((aes_status != SECSuccess) ||
+        (aes_bytes_encrypted != FIPS_AES_ENCRYPT_LENGTH) ||
+        (PORT_Memcmp(aes_computed_ciphertext, aes_cbc_known_ciphertext,
+                     FIPS_AES_ENCRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /******************************************************/
+    /* AES-CBC Single-Round Known Answer Decryption Test. */
+    /******************************************************/
+
+    aes_context = AES_CreateContext(aes_known_key,
+                                    aes_cbc_known_initialization_vector,
+                                    NSS_AES_CBC, PR_FALSE, aes_key_size,
+                                    FIPS_AES_BLOCK_SIZE);
+
+    if (aes_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    aes_status = AES_Decrypt(aes_context, aes_computed_plaintext,
+                             &aes_bytes_decrypted, FIPS_AES_DECRYPT_LENGTH,
+                             aes_cbc_known_ciphertext,
+                             FIPS_AES_ENCRYPT_LENGTH);
+
+    AES_DestroyContext(aes_context, PR_TRUE);
+
+    if ((aes_status != SECSuccess) ||
+        (aes_bytes_decrypted != FIPS_AES_DECRYPT_LENGTH) ||
+        (PORT_Memcmp(aes_computed_plaintext, aes_known_plaintext,
+                     FIPS_AES_DECRYPT_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+/* Known Hash Message (512-bits).  Used for all hashes (incl. SHA-N [N>1]). */
+static const PRUint8 known_hash_message[] = {
+    "The test message for the MD2, MD5, and SHA-1 hashing algorithms."
+};
+
+/****************************************************/
+/* Single Round HMAC SHA-X test                     */
+/****************************************************/
+static SECStatus
+freebl_fips_HMAC(unsigned char *hmac_computed,
+                 const PRUint8 *secret_key,
+                 unsigned int secret_key_length,
+                 const PRUint8 *message,
+                 unsigned int message_length,
+                 HASH_HashType hashAlg)
+{
+    SECStatus hmac_status = SECFailure;
+    HMACContext *cx = NULL;
+    SECHashObject *hashObj = NULL;
+    unsigned int bytes_hashed = 0;
+
+    hashObj = (SECHashObject *)HASH_GetRawHashObject(hashAlg);
+
+    if (!hashObj)
+        return (SECFailure);
+
+    cx = HMAC_Create(hashObj, secret_key,
+                     secret_key_length,
+                     PR_TRUE); /* PR_TRUE for in FIPS mode */
+
+    if (cx == NULL)
+        return (SECFailure);
+
+    HMAC_Begin(cx);
+    HMAC_Update(cx, message, message_length);
+    hmac_status = HMAC_Finish(cx, hmac_computed, &bytes_hashed,
+                              hashObj->length);
+
+    HMAC_Destroy(cx, PR_TRUE);
+
+    return (hmac_status);
+}
+
+static SECStatus
+freebl_fips_HMAC_PowerUpSelfTest(void)
+{
+    static const PRUint8 HMAC_known_secret_key[] = {
+        "Firefox and ThunderBird are awesome!"
+    };
+
+    static const PRUint8 HMAC_known_secret_key_length = sizeof HMAC_known_secret_key;
+
+    /* known SHA1 hmac (20 bytes) */
+    static const PRUint8 known_SHA1_hmac[] = {
+        0xd5, 0x85, 0xf6, 0x5b, 0x39, 0xfa, 0xb9, 0x05,
+        0x3b, 0x57, 0x1d, 0x61, 0xe7, 0xb8, 0x84, 0x1e,
+        0x5d, 0x0e, 0x1e, 0x11
+    };
+
+    /* known SHA224 hmac (28 bytes) */
+    static const PRUint8 known_SHA224_hmac[] = {
+        0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
+        0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
+        0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
+        0x9a, 0xb8, 0x98, 0x4e
+    };
+
+    /* known SHA256 hmac (32 bytes) */
+    static const PRUint8 known_SHA256_hmac[] = {
+        0x05, 0x75, 0x9a, 0x9e, 0x70, 0x5e, 0xe7, 0x44,
+        0xe2, 0x46, 0x4b, 0x92, 0x22, 0x14, 0x22, 0xe0,
+        0x1b, 0x92, 0x8a, 0x0c, 0xfe, 0xf5, 0x49, 0xe9,
+        0xa7, 0x1b, 0x56, 0x7d, 0x1d, 0x29, 0x40, 0x48
+    };
+
+    /* known SHA384 hmac (48 bytes) */
+    static const PRUint8 known_SHA384_hmac[] = {
+        0xcd, 0x56, 0x14, 0xec, 0x05, 0x53, 0x06, 0x2b,
+        0x7e, 0x9c, 0x8a, 0x18, 0x5e, 0xea, 0xf3, 0x91,
+        0x33, 0xfb, 0x64, 0xf6, 0xe3, 0x9f, 0x89, 0x0b,
+        0xaf, 0xbe, 0x83, 0x4d, 0x3f, 0x3c, 0x43, 0x4d,
+        0x4a, 0x0c, 0x56, 0x98, 0xf8, 0xca, 0xb4, 0xaa,
+        0x9a, 0xf4, 0x0a, 0xaf, 0x4f, 0x69, 0xca, 0x87
+    };
+
+    /* known SHA512 hmac (64 bytes) */
+    static const PRUint8 known_SHA512_hmac[] = {
+        0xf6, 0x0e, 0x97, 0x12, 0x00, 0x67, 0x6e, 0xb9,
+        0x0c, 0xb2, 0x63, 0xf0, 0x60, 0xac, 0x75, 0x62,
+        0x70, 0x95, 0x2a, 0x52, 0x22, 0xee, 0xdd, 0xd2,
+        0x71, 0xb1, 0xe8, 0x26, 0x33, 0xd3, 0x13, 0x27,
+        0xcb, 0xff, 0x44, 0xef, 0x87, 0x97, 0x16, 0xfb,
+        0xd3, 0x0b, 0x48, 0xbe, 0x12, 0x4e, 0xda, 0xb1,
+        0x89, 0x90, 0xfb, 0x06, 0x0c, 0xbe, 0xe5, 0xc4,
+        0xff, 0x24, 0x37, 0x3d, 0xc7, 0xe4, 0xe4, 0x37
+    };
+
+    SECStatus hmac_status;
+    PRUint8 hmac_computed[HASH_LENGTH_MAX];
+
+    /***************************************************/
+    /* HMAC SHA-1 Single-Round Known Answer HMAC Test. */
+    /***************************************************/
+
+    hmac_status = freebl_fips_HMAC(hmac_computed,
+                                   HMAC_known_secret_key,
+                                   HMAC_known_secret_key_length,
+                                   known_hash_message,
+                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+                                   HASH_AlgSHA1);
+
+    if ((hmac_status != SECSuccess) ||
+        (PORT_Memcmp(hmac_computed, known_SHA1_hmac,
+                     SHA1_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* HMAC SHA-224 Single-Round Known Answer Test.    */
+    /***************************************************/
+
+    hmac_status = freebl_fips_HMAC(hmac_computed,
+                                   HMAC_known_secret_key,
+                                   HMAC_known_secret_key_length,
+                                   known_hash_message,
+                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+                                   HASH_AlgSHA224);
+
+    if ((hmac_status != SECSuccess) ||
+        (PORT_Memcmp(hmac_computed, known_SHA224_hmac,
+                     SHA224_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* HMAC SHA-256 Single-Round Known Answer Test.    */
+    /***************************************************/
+
+    hmac_status = freebl_fips_HMAC(hmac_computed,
+                                   HMAC_known_secret_key,
+                                   HMAC_known_secret_key_length,
+                                   known_hash_message,
+                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+                                   HASH_AlgSHA256);
+
+    if ((hmac_status != SECSuccess) ||
+        (PORT_Memcmp(hmac_computed, known_SHA256_hmac,
+                     SHA256_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* HMAC SHA-384 Single-Round Known Answer Test.    */
+    /***************************************************/
+
+    hmac_status = freebl_fips_HMAC(hmac_computed,
+                                   HMAC_known_secret_key,
+                                   HMAC_known_secret_key_length,
+                                   known_hash_message,
+                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+                                   HASH_AlgSHA384);
+
+    if ((hmac_status != SECSuccess) ||
+        (PORT_Memcmp(hmac_computed, known_SHA384_hmac,
+                     SHA384_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* HMAC SHA-512 Single-Round Known Answer Test.    */
+    /***************************************************/
+
+    hmac_status = freebl_fips_HMAC(hmac_computed,
+                                   HMAC_known_secret_key,
+                                   HMAC_known_secret_key_length,
+                                   known_hash_message,
+                                   FIPS_KNOWN_HASH_MESSAGE_LENGTH,
+                                   HASH_AlgSHA512);
+
+    if ((hmac_status != SECSuccess) ||
+        (PORT_Memcmp(hmac_computed, known_SHA512_hmac,
+                     SHA512_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+freebl_fips_SHA_PowerUpSelfTest(void)
+{
+    /* SHA-1 Known Digest Message (160-bits). */
+    static const PRUint8 sha1_known_digest[] = {
+        0x0a, 0x6d, 0x07, 0xba, 0x1e, 0xbd, 0x8a, 0x1b,
+        0x72, 0xf6, 0xc7, 0x22, 0xf1, 0x27, 0x9f, 0xf0,
+        0xe0, 0x68, 0x47, 0x7a
+    };
+
+    /* SHA-224 Known Digest Message (224-bits). */
+    static const PRUint8 sha224_known_digest[] = {
+        0x89, 0x5e, 0x7f, 0xfd, 0x0e, 0xd8, 0x35, 0x6f,
+        0x64, 0x6d, 0xf2, 0xde, 0x5e, 0xed, 0xa6, 0x7f,
+        0x29, 0xd1, 0x12, 0x73, 0x42, 0x84, 0x95, 0x4f,
+        0x8e, 0x08, 0xe5, 0xcb
+    };
+
+    /* SHA-256 Known Digest Message (256-bits). */
+    static const PRUint8 sha256_known_digest[] = {
+        0x38, 0xa9, 0xc1, 0xf0, 0x35, 0xf6, 0x5d, 0x61,
+        0x11, 0xd4, 0x0b, 0xdc, 0xce, 0x35, 0x14, 0x8d,
+        0xf2, 0xdd, 0xaf, 0xaf, 0xcf, 0xb7, 0x87, 0xe9,
+        0x96, 0xa5, 0xd2, 0x83, 0x62, 0x46, 0x56, 0x79
+    };
+
+    /* SHA-384 Known Digest Message (384-bits). */
+    static const PRUint8 sha384_known_digest[] = {
+        0x11, 0xfe, 0x1c, 0x00, 0x89, 0x48, 0xde, 0xb3,
+        0x99, 0xee, 0x1c, 0x18, 0xb4, 0x10, 0xfb, 0xfe,
+        0xe3, 0xa8, 0x2c, 0xf3, 0x04, 0xb0, 0x2f, 0xc8,
+        0xa3, 0xc4, 0x5e, 0xea, 0x7e, 0x60, 0x48, 0x7b,
+        0xce, 0x2c, 0x62, 0xf7, 0xbc, 0xa7, 0xe8, 0xa3,
+        0xcf, 0x24, 0xce, 0x9c, 0xe2, 0x8b, 0x09, 0x72
+    };
+
+    /* SHA-512 Known Digest Message (512-bits). */
+    static const PRUint8 sha512_known_digest[] = {
+        0xc8, 0xb3, 0x27, 0xf9, 0x0b, 0x24, 0xc8, 0xbf,
+        0x4c, 0xba, 0x33, 0x54, 0xf2, 0x31, 0xbf, 0xdb,
+        0xab, 0xfd, 0xb3, 0x15, 0xd7, 0xfa, 0x48, 0x99,
+        0x07, 0x60, 0x0f, 0x57, 0x41, 0x1a, 0xdd, 0x28,
+        0x12, 0x55, 0x25, 0xac, 0xba, 0x3a, 0x99, 0x12,
+        0x2c, 0x7a, 0x8f, 0x75, 0x3a, 0xe1, 0x06, 0x6f,
+        0x30, 0x31, 0xc9, 0x33, 0xc6, 0x1b, 0x90, 0x1a,
+        0x6c, 0x98, 0x9a, 0x87, 0xd0, 0xb2, 0xf8, 0x07
+    };
+
+    /* SHA-X variables. */
+    PRUint8 sha_computed_digest[HASH_LENGTH_MAX];
+    SECStatus sha_status;
+
+    /*************************************************/
+    /* SHA-1 Single-Round Known Answer Hashing Test. */
+    /*************************************************/
+
+    sha_status = SHA1_HashBuf(sha_computed_digest, known_hash_message,
+                              FIPS_KNOWN_HASH_MESSAGE_LENGTH);
+
+    if ((sha_status != SECSuccess) ||
+        (PORT_Memcmp(sha_computed_digest, sha1_known_digest,
+                     SHA1_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* SHA-224 Single-Round Known Answer Hashing Test. */
+    /***************************************************/
+
+    sha_status = SHA224_HashBuf(sha_computed_digest, known_hash_message,
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
+
+    if ((sha_status != SECSuccess) ||
+        (PORT_Memcmp(sha_computed_digest, sha224_known_digest,
+                     SHA224_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* SHA-256 Single-Round Known Answer Hashing Test. */
+    /***************************************************/
+
+    sha_status = SHA256_HashBuf(sha_computed_digest, known_hash_message,
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
+
+    if ((sha_status != SECSuccess) ||
+        (PORT_Memcmp(sha_computed_digest, sha256_known_digest,
+                     SHA256_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* SHA-384 Single-Round Known Answer Hashing Test. */
+    /***************************************************/
+
+    sha_status = SHA384_HashBuf(sha_computed_digest, known_hash_message,
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
+
+    if ((sha_status != SECSuccess) ||
+        (PORT_Memcmp(sha_computed_digest, sha384_known_digest,
+                     SHA384_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /***************************************************/
+    /* SHA-512 Single-Round Known Answer Hashing Test. */
+    /***************************************************/
+
+    sha_status = SHA512_HashBuf(sha_computed_digest, known_hash_message,
+                                FIPS_KNOWN_HASH_MESSAGE_LENGTH);
+
+    if ((sha_status != SECSuccess) ||
+        (PORT_Memcmp(sha_computed_digest, sha512_known_digest,
+                     SHA512_LENGTH) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+freebl_fips_RSA_PowerUpSelfTest(void)
+{
+    /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
+    static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
+        0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
+        0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
+        0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
+        0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
+        0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
+        0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
+        0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
+        0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
+        0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
+        0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
+        0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
+        0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
+        0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
+        0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
+        0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
+        0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
+        0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
+        0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
+        0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
+        0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
+        0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
+        0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
+        0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
+        0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
+        0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
+        0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
+        0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
+        0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
+        0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
+        0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
+        0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
+        0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b
+    };
+
+    /* RSA Known Public Key Values (24-bits). */
+    static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 };
+    /* RSA Known Private Key Values (version                 is    8-bits), */
+    /*                              (private exponent        is 2048-bits), */
+    /*                              (private prime0          is 1024-bits), */
+    /*                              (private prime1          is 1024-bits), */
+    /*                              (private prime exponent0 is 1024-bits), */
+    /*                              (private prime exponent1 is 1024-bits), */
+    /*                          and (private coefficient     is 1024-bits). */
+    static const PRUint8 rsa_version[] = { 0x00 };
+
+    static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = {
+        0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
+        0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
+        0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
+        0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
+        0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
+        0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
+        0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
+        0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
+        0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
+        0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
+        0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
+        0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
+        0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
+        0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
+        0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
+        0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
+        0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
+        0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
+        0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
+        0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
+        0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
+        0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
+        0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
+        0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
+        0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
+        0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
+        0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
+        0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
+        0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
+        0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
+        0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
+        0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81
+    };
+
+    static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
+        0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
+        0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
+        0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
+        0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
+        0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
+        0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
+        0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
+        0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
+        0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
+        0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
+        0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
+        0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
+        0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
+        0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
+        0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
+        0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05
+    };
+    static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
+        0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
+        0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
+        0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
+        0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
+        0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
+        0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
+        0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
+        0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
+        0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
+        0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
+        0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
+        0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
+        0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
+        0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
+        0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
+        0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf
+    };
+    static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
+        0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
+        0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
+        0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
+        0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
+        0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
+        0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
+        0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
+        0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
+        0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
+        0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
+        0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
+        0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
+        0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
+        0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
+        0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
+        0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d
+    };
+    static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
+        0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
+        0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
+        0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
+        0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
+        0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
+        0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
+        0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
+        0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
+        0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
+        0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
+        0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
+        0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
+        0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
+        0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
+        0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
+        0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59
+    };
+    static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
+        0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
+        0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
+        0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
+        0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
+        0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
+        0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
+        0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
+        0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
+        0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
+        0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
+        0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
+        0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
+        0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
+        0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
+        0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
+        0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02
+    };
+
+    /* RSA Known Plaintext Message (1024-bits). */
+    static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
+        "Known plaintext message utilized"
+        "for RSA Encryption &  Decryption"
+        "blocks SHA256, SHA384  and      "
+        "SHA512 RSA Signature KAT tests. "
+        "Known plaintext message utilized"
+        "for RSA Encryption &  Decryption"
+        "blocks SHA256, SHA384  and      "
+        "SHA512 RSA Signature KAT  tests."
+    };
+
+    /* RSA Known Ciphertext (2048-bits). */
+    static const PRUint8 rsa_known_ciphertext[] = {
+        0x04, 0x12, 0x46, 0xe3, 0x6a, 0xee, 0xde, 0xdd,
+        0x49, 0xa1, 0xd9, 0x83, 0xf7, 0x35, 0xf9, 0x70,
+        0x88, 0x03, 0x2d, 0x01, 0x8b, 0xd1, 0xbf, 0xdb,
+        0xe5, 0x1c, 0x85, 0xbe, 0xb5, 0x0b, 0x48, 0x45,
+        0x7a, 0xf0, 0xa0, 0xe3, 0xa2, 0xbb, 0x4b, 0xf6,
+        0x27, 0xd0, 0x1b, 0x12, 0xe3, 0x77, 0x52, 0x34,
+        0x9e, 0x8e, 0x03, 0xd2, 0xf8, 0x79, 0x6e, 0x39,
+        0x79, 0x53, 0x3c, 0x44, 0x14, 0x94, 0xbb, 0x8d,
+        0xaa, 0x14, 0x44, 0xa0, 0x7b, 0xa5, 0x8c, 0x93,
+        0x5f, 0x99, 0xa4, 0xa3, 0x6e, 0x7a, 0x38, 0x40,
+        0x78, 0xfa, 0x36, 0x91, 0x5e, 0x9a, 0x9c, 0xba,
+        0x1e, 0xd4, 0xf9, 0xda, 0x4b, 0x0f, 0xa8, 0xa3,
+        0x1c, 0xf3, 0x3a, 0xd1, 0xa5, 0xb4, 0x51, 0x16,
+        0xed, 0x4b, 0xcf, 0xec, 0x93, 0x7b, 0x90, 0x21,
+        0xbc, 0x3a, 0xf4, 0x0b, 0xd1, 0x3a, 0x2b, 0xba,
+        0xa6, 0x7d, 0x5b, 0x53, 0xd8, 0x64, 0xf9, 0x29,
+        0x7b, 0x7f, 0x77, 0x3e, 0x51, 0x4c, 0x9a, 0x94,
+        0xd2, 0x4b, 0x4a, 0x8d, 0x61, 0x74, 0x97, 0xae,
+        0x53, 0x6a, 0xf4, 0x90, 0xc2, 0x2c, 0x49, 0xe2,
+        0xfa, 0xeb, 0x91, 0xc5, 0xe5, 0x83, 0x13, 0xc9,
+        0x44, 0x4b, 0x95, 0x2c, 0x57, 0x70, 0x15, 0x5c,
+        0x64, 0x8d, 0x1a, 0xfd, 0x2a, 0xc7, 0xb2, 0x9c,
+        0x5c, 0x99, 0xd3, 0x4a, 0xfd, 0xdd, 0xf6, 0x82,
+        0x87, 0x8c, 0x5a, 0xc4, 0xa8, 0x0d, 0x2a, 0xef,
+        0xc3, 0xa2, 0x7e, 0x8e, 0x67, 0x9f, 0x6f, 0x63,
+        0xdb, 0xbb, 0x1d, 0x31, 0xc4, 0xbb, 0xbc, 0x13,
+        0x3f, 0x54, 0xc6, 0xf6, 0xc5, 0x28, 0x32, 0xab,
+        0x96, 0x42, 0x10, 0x36, 0x40, 0x92, 0xbb, 0x57,
+        0x55, 0x38, 0xf5, 0x43, 0x7e, 0x43, 0xc4, 0x65,
+        0x47, 0x64, 0xaa, 0x0f, 0x4c, 0xe9, 0x49, 0x16,
+        0xec, 0x6a, 0x50, 0xfd, 0x14, 0x49, 0xca, 0xdb,
+        0x44, 0x54, 0xca, 0xbe, 0xa3, 0x0e, 0x5f, 0xef
+    };
+
+    static const RSAPublicKey bl_public_key = {
+        NULL,
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+          FIPS_RSA_MODULUS_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+          FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
+    };
+    static const RSAPrivateKey bl_private_key = {
+        NULL,
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
+          FIPS_RSA_PRIVATE_VERSION_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+          FIPS_RSA_MODULUS_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+          FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
+          FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
+          FIPS_RSA_PRIME0_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
+          FIPS_RSA_PRIME1_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
+          FIPS_RSA_EXPONENT0_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
+          FIPS_RSA_EXPONENT1_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
+          FIPS_RSA_COEFFICIENT_LENGTH }
+    };
+
+    /* RSA variables. */
+    SECStatus rsa_status;
+    RSAPublicKey rsa_public_key;
+    RSAPrivateKey rsa_private_key;
+
+    PRUint8 rsa_computed_ciphertext[FIPS_RSA_ENCRYPT_LENGTH];
+    PRUint8 rsa_computed_plaintext[FIPS_RSA_DECRYPT_LENGTH];
+
+    rsa_public_key = bl_public_key;
+    rsa_private_key = bl_private_key;
+
+    /**************************************************/
+    /* RSA Single-Round Known Answer Encryption Test. */
+    /**************************************************/
+
+    /* Perform RSA Public Key Encryption. */
+    rsa_status = RSA_PublicKeyOp(&rsa_public_key,
+                                 rsa_computed_ciphertext,
+                                 rsa_known_plaintext_msg);
+
+    if ((rsa_status != SECSuccess) ||
+        (PORT_Memcmp(rsa_computed_ciphertext, rsa_known_ciphertext,
+                     FIPS_RSA_ENCRYPT_LENGTH) != 0))
+        goto rsa_loser;
+
+    /**************************************************/
+    /* RSA Single-Round Known Answer Decryption Test. */
+    /**************************************************/
+
+    /* Perform RSA Private Key Decryption. */
+    rsa_status = RSA_PrivateKeyOp(&rsa_private_key,
+                                  rsa_computed_plaintext,
+                                  rsa_known_ciphertext);
+
+    if ((rsa_status != SECSuccess) ||
+        (PORT_Memcmp(rsa_computed_plaintext, rsa_known_plaintext_msg,
+                     FIPS_RSA_DECRYPT_LENGTH) != 0))
+        goto rsa_loser;
+
+    return (SECSuccess);
+
+rsa_loser:
+
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return (SECFailure);
+}
+
+#ifdef NSS_ENABLE_ECC
+
+static SECStatus
+freebl_fips_ECDSA_Test(ECParams *ecparams,
+                       const PRUint8 *knownSignature,
+                       unsigned int knownSignatureLen)
+{
+
+    /* ECDSA Known Seed info for curves nistp256 and nistk283  */
+    static const PRUint8 ecdsa_Known_Seed[] = {
+        0x6a, 0x9b, 0xf6, 0xf7, 0xce, 0xed, 0x79, 0x11,
+        0xf0, 0xc7, 0xc8, 0x9a, 0xa5, 0xd1, 0x57, 0xb1,
+        0x7b, 0x5a, 0x3b, 0x76, 0x4e, 0x7b, 0x7c, 0xbc,
+        0xf2, 0x76, 0x1c, 0x1c, 0x7f, 0xc5, 0x53, 0x2f
+    };
+
+    static const PRUint8 msg[] = {
+        "Firefox and ThunderBird are awesome!"
+    };
+
+    unsigned char sha1[SHA1_LENGTH]; /* SHA-1 hash (160 bits) */
+    unsigned char sig[2 * MAX_ECKEY_LEN];
+    SECItem signature, digest;
+    ECPrivateKey *ecdsa_private_key = NULL;
+    ECPublicKey ecdsa_public_key;
+    SECStatus ecdsaStatus = SECSuccess;
+
+    /* Generates a new EC key pair. The private key is a supplied
+     * random value (in seed) and the public key is the result of
+     * performing a scalar point multiplication of that value with
+     * the curve's base point.
+     */
+    ecdsaStatus = EC_NewKeyFromSeed(ecparams, &ecdsa_private_key,
+                                    ecdsa_Known_Seed,
+                                    sizeof(ecdsa_Known_Seed));
+    if (ecdsaStatus != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+
+    /* construct public key from private key. */
+    ecdsa_public_key.ecParams = ecdsa_private_key->ecParams;
+    ecdsa_public_key.publicValue = ecdsa_private_key->publicValue;
+
+    /* validate public key value */
+    ecdsaStatus = EC_ValidatePublicKey(&ecdsa_public_key.ecParams,
+                                       &ecdsa_public_key.publicValue);
+    if (ecdsaStatus != SECSuccess) {
+        goto loser;
+    }
+
+    /* validate public key value */
+    ecdsaStatus = EC_ValidatePublicKey(&ecdsa_private_key->ecParams,
+                                       &ecdsa_private_key->publicValue);
+    if (ecdsaStatus != SECSuccess) {
+        goto loser;
+    }
+
+    /***************************************************/
+    /* ECDSA Single-Round Known Answer Signature Test. */
+    /***************************************************/
+
+    ecdsaStatus = SHA1_HashBuf(sha1, msg, sizeof msg);
+    if (ecdsaStatus != SECSuccess) {
+        goto loser;
+    }
+    digest.type = siBuffer;
+    digest.data = sha1;
+    digest.len = SHA1_LENGTH;
+
+    memset(sig, 0, sizeof sig);
+    signature.type = siBuffer;
+    signature.data = sig;
+    signature.len = sizeof sig;
+
+    ecdsaStatus = ECDSA_SignDigestWithSeed(ecdsa_private_key, &signature,
+                                           &digest, ecdsa_Known_Seed, sizeof ecdsa_Known_Seed);
+    if (ecdsaStatus != SECSuccess) {
+        goto loser;
+    }
+
+    if ((signature.len != knownSignatureLen) ||
+        (PORT_Memcmp(signature.data, knownSignature,
+                     knownSignatureLen) != 0)) {
+        ecdsaStatus = SECFailure;
+        goto loser;
+    }
+
+    /******************************************************/
+    /* ECDSA Single-Round Known Answer Verification Test. */
+    /******************************************************/
+
+    /* Perform ECDSA verification process. */
+    ecdsaStatus = ECDSA_VerifyDigest(&ecdsa_public_key, &signature, &digest);
+
+loser:
+    /* free the memory for the private key arena*/
+    PORT_FreeArena(ecdsa_private_key->ecParams.arena, PR_FALSE);
+
+    if (ecdsaStatus != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return (SECFailure);
+    }
+    return (SECSuccess);
+}
+
+static SECStatus
+freebl_fips_ECDSA_PowerUpSelfTest()
+{
+
+    /* ECDSA Known curve nistp256 == ECCCurve_X9_62_PRIME_256V1 params */
+    static const unsigned char p256_prime[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
+    };
+    static const unsigned char p256_a[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC
+    };
+    static const unsigned char p256_b[] = {
+        0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, 0x76,
+        0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, 0x3B, 0xCE,
+        0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B
+    };
+    static const unsigned char p256_base[] = {
+        0x04,
+        0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, 0x63,
+        0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1,
+        0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
+        0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B, 0x8E, 0xE7, 0xEB, 0x4A, 0x7C,
+        0x0F, 0x9E, 0x16, 0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE, 0xCB, 0xB6,
+        0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5
+    };
+    static const unsigned char p256_order[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9,
+        0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
+    };
+    static const unsigned char p256_encoding[] = {
+        0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+    };
+    static const ECParams ecdsa_known_P256_Params = {
+        NULL, ec_params_named,                                               /* arena, type */
+                                                                             /* fieldID */
+        { 256, ec_field_GFp,                                                 /* size and type */
+          { { siBuffer, (unsigned char *)p256_prime, sizeof(p256_prime) } }, /* u.prime */
+          0,
+          0,
+          0 },
+        /* curve */
+        { /* a = curvea b = curveb */
+          /* curve.a */
+          { siBuffer, (unsigned char *)p256_a, sizeof(p256_a) },
+          /* curve.b */
+          { siBuffer, (unsigned char *)p256_b, sizeof(p256_b) },
+          /* curve.seed */
+          { siBuffer, NULL, 0 } },
+        /* base  = 04xy*/
+        { siBuffer, (unsigned char *)p256_base, sizeof(p256_base) },
+        /* order */
+        { siBuffer, (unsigned char *)p256_order, sizeof(p256_order) },
+        1, /* cofactor */
+        /* DEREncoding */
+        { siBuffer, (unsigned char *)p256_encoding, sizeof(p256_encoding) },
+        ECCurve_X9_62_PRIME_256V1,
+        /* curveOID */
+        { siBuffer, (unsigned char *)(p256_encoding) + 2, sizeof(p256_encoding) - 2 },
+    };
+
+    static const PRUint8 ecdsa_known_P256_signature[] = {
+        0x07, 0xb1, 0xcb, 0x57, 0x20, 0xa7, 0x10, 0xd6,
+        0x9d, 0x37, 0x4b, 0x1c, 0xdc, 0x35, 0x90, 0xff,
+        0x1a, 0x2d, 0x98, 0x95, 0x1b, 0x2f, 0xeb, 0x7f,
+        0xbb, 0x81, 0xca, 0xc0, 0x69, 0x75, 0xea, 0xc5,
+        0x59, 0x6a, 0x62, 0x49, 0x3d, 0x50, 0xc9, 0xe1,
+        0x27, 0x3b, 0xff, 0x9b, 0x13, 0x66, 0x67, 0xdd,
+        0x7d, 0xd1, 0x0d, 0x2d, 0x7c, 0x44, 0x04, 0x1b,
+        0x16, 0x21, 0x12, 0xc5, 0xcb, 0xbd, 0x9e, 0x75
+    };
+
+    ECParams ecparams;
+
+    SECStatus rv;
+
+    /* ECDSA GF(p) prime field curve test */
+    ecparams = ecdsa_known_P256_Params;
+    rv = freebl_fips_ECDSA_Test(&ecparams,
+                                ecdsa_known_P256_signature,
+                                sizeof ecdsa_known_P256_signature);
+    if (rv != SECSuccess) {
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+#endif /* NSS_ENABLE_ECC */
+
+static SECStatus
+freebl_fips_DSA_PowerUpSelfTest(void)
+{
+    /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
+    static const PRUint8 dsa_P[] = {
+        0x80, 0xb0, 0xd1, 0x9d, 0x6e, 0xa4, 0xf3, 0x28,
+        0x9f, 0x24, 0xa9, 0x8a, 0x49, 0xd0, 0x0c, 0x63,
+        0xe8, 0x59, 0x04, 0xf9, 0x89, 0x4a, 0x5e, 0xc0,
+        0x6d, 0xd2, 0x67, 0x6b, 0x37, 0x81, 0x83, 0x0c,
+        0xfe, 0x3a, 0x8a, 0xfd, 0xa0, 0x3b, 0x08, 0x91,
+        0x1c, 0xcb, 0xb5, 0x63, 0xb0, 0x1c, 0x70, 0xd0,
+        0xae, 0xe1, 0x60, 0x2e, 0x12, 0xeb, 0x54, 0xc7,
+        0xcf, 0xc6, 0xcc, 0xae, 0x97, 0x52, 0x32, 0x63,
+        0xd3, 0xeb, 0x55, 0xea, 0x2f, 0x4c, 0xd5, 0xd7,
+        0x3f, 0xda, 0xec, 0x49, 0x27, 0x0b, 0x14, 0x56,
+        0xc5, 0x09, 0xbe, 0x4d, 0x09, 0x15, 0x75, 0x2b,
+        0xa3, 0x42, 0x0d, 0x03, 0x71, 0xdf, 0x0f, 0xf4,
+        0x0e, 0xe9, 0x0c, 0x46, 0x93, 0x3d, 0x3f, 0xa6,
+        0x6c, 0xdb, 0xca, 0xe5, 0xac, 0x96, 0xc8, 0x64,
+        0x5c, 0xec, 0x4b, 0x35, 0x65, 0xfc, 0xfb, 0x5a,
+        0x1b, 0x04, 0x1b, 0xa1, 0x0e, 0xfd, 0x88, 0x15
+    };
+
+    static const PRUint8 dsa_Q[] = {
+        0xad, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e,
+        0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6,
+        0x91, 0x99, 0x8b, 0xcf
+    };
+
+    static const PRUint8 dsa_G[] = {
+        0x78, 0x6e, 0xa9, 0xd8, 0xcd, 0x4a, 0x85, 0xa4,
+        0x45, 0xb6, 0x6e, 0x5d, 0x21, 0x50, 0x61, 0xf6,
+        0x5f, 0xdf, 0x5c, 0x7a, 0xde, 0x0d, 0x19, 0xd3,
+        0xc1, 0x3b, 0x14, 0xcc, 0x8e, 0xed, 0xdb, 0x17,
+        0xb6, 0xca, 0xba, 0x86, 0xa9, 0xea, 0x51, 0x2d,
+        0xc1, 0xa9, 0x16, 0xda, 0xf8, 0x7b, 0x59, 0x8a,
+        0xdf, 0xcb, 0xa4, 0x67, 0x00, 0x44, 0xea, 0x24,
+        0x73, 0xe5, 0xcb, 0x4b, 0xaf, 0x2a, 0x31, 0x25,
+        0x22, 0x28, 0x3f, 0x16, 0x10, 0x82, 0xf7, 0xeb,
+        0x94, 0x0d, 0xdd, 0x09, 0x22, 0x14, 0x08, 0x79,
+        0xba, 0x11, 0x0b, 0xf1, 0xff, 0x2d, 0x67, 0xac,
+        0xeb, 0xb6, 0x55, 0x51, 0x69, 0x97, 0xa7, 0x25,
+        0x6b, 0x9c, 0xa0, 0x9b, 0xd5, 0x08, 0x9b, 0x27,
+        0x42, 0x1c, 0x7a, 0x69, 0x57, 0xe6, 0x2e, 0xed,
+        0xa9, 0x5b, 0x25, 0xe8, 0x1f, 0xd2, 0xed, 0x1f,
+        0xdf, 0xe7, 0x80, 0x17, 0xba, 0x0d, 0x4d, 0x38
+    };
+
+    /* DSA Known Random Values (known random key block       is 160-bits)  */
+    /*                     and (known random signature block is 160-bits). */
+    static const PRUint8 dsa_known_random_key_block[] = {
+        "Mozilla Rules World!"
+    };
+    static const PRUint8 dsa_known_random_signature_block[] = {
+        "Random DSA Signature"
+    };
+
+    /* DSA Known Digest (160-bits) */
+    static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
+
+    /* DSA Known Signature (320-bits). */
+    static const PRUint8 dsa_known_signature[] = {
+        0x25, 0x7c, 0x3a, 0x79, 0x32, 0x45, 0xb7, 0x32,
+        0x70, 0xca, 0x62, 0x63, 0x2b, 0xf6, 0x29, 0x2c,
+        0x22, 0x2a, 0x03, 0xce, 0x48, 0x15, 0x11, 0x72,
+        0x7b, 0x7e, 0xf5, 0x7a, 0xf3, 0x10, 0x3b, 0xde,
+        0x34, 0xc1, 0x9e, 0xd7, 0x27, 0x9e, 0x77, 0x38
+    };
+
+    /* DSA variables. */
+    DSAPrivateKey *dsa_private_key;
+    SECStatus dsa_status;
+    SECItem dsa_signature_item;
+    SECItem dsa_digest_item;
+    DSAPublicKey dsa_public_key;
+    PRUint8 dsa_computed_signature[FIPS_DSA_SIGNATURE_LENGTH];
+    static const PQGParams dsa_pqg = {
+        NULL,
+        { FIPS_DSA_TYPE, (unsigned char *)dsa_P, FIPS_DSA_PRIME_LENGTH },
+        { FIPS_DSA_TYPE, (unsigned char *)dsa_Q, FIPS_DSA_SUBPRIME_LENGTH },
+        { FIPS_DSA_TYPE, (unsigned char *)dsa_G, FIPS_DSA_BASE_LENGTH }
+    };
+
+    /*******************************************/
+    /* Generate a DSA public/private key pair. */
+    /*******************************************/
+
+    /* Generate a DSA public/private key pair. */
+    dsa_status = DSA_NewKeyFromSeed(&dsa_pqg, dsa_known_random_key_block,
+                                    &dsa_private_key);
+
+    if (dsa_status != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    /* construct public key from private key. */
+    dsa_public_key.params = dsa_private_key->params;
+    dsa_public_key.publicValue = dsa_private_key->publicValue;
+
+    /*************************************************/
+    /* DSA Single-Round Known Answer Signature Test. */
+    /*************************************************/
+
+    dsa_signature_item.data = dsa_computed_signature;
+    dsa_signature_item.len = sizeof dsa_computed_signature;
+
+    dsa_digest_item.data = (unsigned char *)dsa_known_digest;
+    dsa_digest_item.len = SHA1_LENGTH;
+
+    /* Perform DSA signature process. */
+    dsa_status = DSA_SignDigestWithSeed(dsa_private_key,
+                                        &dsa_signature_item,
+                                        &dsa_digest_item,
+                                        dsa_known_random_signature_block);
+
+    if ((dsa_status != SECSuccess) ||
+        (dsa_signature_item.len != FIPS_DSA_SIGNATURE_LENGTH) ||
+        (PORT_Memcmp(dsa_computed_signature, dsa_known_signature,
+                     FIPS_DSA_SIGNATURE_LENGTH) != 0)) {
+        dsa_status = SECFailure;
+    } else {
+
+        /****************************************************/
+        /* DSA Single-Round Known Answer Verification Test. */
+        /****************************************************/
+
+        /* Perform DSA verification process. */
+        dsa_status = DSA_VerifyDigest(&dsa_public_key,
+                                      &dsa_signature_item,
+                                      &dsa_digest_item);
+    }
+
+    PORT_FreeArena(dsa_private_key->params.arena, PR_TRUE);
+    /* Don't free public key, it uses same arena as private key */
+
+    /* Verify DSA signature. */
+    if (dsa_status != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+freebl_fips_RNG_PowerUpSelfTest(void)
+{
+    static const PRUint8 Q[] = {
+        0x85, 0x89, 0x9c, 0x77, 0xa3, 0x79, 0xff, 0x1a,
+        0x86, 0x6f, 0x2f, 0x3e, 0x2e, 0xf9, 0x8c, 0x9c,
+        0x9d, 0xef, 0xeb, 0xed
+    };
+    static const PRUint8 GENX[] = {
+        0x65, 0x48, 0xe3, 0xca, 0xac, 0x64, 0x2d, 0xf7,
+        0x7b, 0xd3, 0x4e, 0x79, 0xc9, 0x7d, 0xa6, 0xa8,
+        0xa2, 0xc2, 0x1f, 0x8f, 0xe9, 0xb9, 0xd3, 0xa1,
+        0x3f, 0xf7, 0x0c, 0xcd, 0xa6, 0xca, 0xbf, 0xce,
+        0x84, 0x0e, 0xb6, 0xf1, 0x0d, 0xbe, 0xa9, 0xa3
+    };
+    static const PRUint8 rng_known_DSAX[] = {
+        0x7a, 0x86, 0xf1, 0x7f, 0xbd, 0x4e, 0x6e, 0xd9,
+        0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73,
+        0x10, 0x1f, 0x60, 0xd7
+    };
+
+    SECStatus rng_status = SECSuccess;
+    PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
+
+    /*******************************************/
+    /*   Run the SP 800-90 Health tests        */
+    /*******************************************/
+    rng_status = PRNGTEST_RunHealthTests();
+    if (rng_status != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /*******************************************/
+    /* Generate DSAX fow given Q.              */
+    /*******************************************/
+
+    rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
+
+    /* Verify DSAX to perform the RNG integrity check */
+    if ((rng_status != SECSuccess) ||
+        (PORT_Memcmp(DSAX, rng_known_DSAX,
+                     (FIPS_DSA_SUBPRIME_LENGTH)) != 0)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+freebl_fipsSoftwareIntegrityTest(const char *libname)
+{
+    SECStatus rv = SECSuccess;
+
+    /* make sure that our check file signatures are OK */
+    if (!BLAPI_VerifySelf(libname)) {
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+#define DO_FREEBL 1
+#define DO_REST 2
+
+static SECStatus
+freebl_fipsPowerUpSelfTest(unsigned int tests)
+{
+    SECStatus rv;
+
+    /*
+     * stand alone freebl. Test hash, and rng
+     */
+    if (tests & DO_FREEBL) {
+
+        /* SHA-X Power-Up SelfTest(s). */
+        rv = freebl_fips_SHA_PowerUpSelfTest();
+
+        if (rv != SECSuccess)
+            return rv;
+
+        /* RNG Power-Up SelfTest(s). */
+        rv = freebl_fips_RNG_PowerUpSelfTest();
+
+        if (rv != SECSuccess)
+            return rv;
+    }
+
+    /*
+     * test the rest of the algorithms not accessed through freebl
+     * standalone */
+    if (tests & DO_REST) {
+
+        /* DES3 Power-Up SelfTest(s). */
+        rv = freebl_fips_DES3_PowerUpSelfTest();
+
+        if (rv != SECSuccess)
+            return rv;
+
+        /* AES Power-Up SelfTest(s) for 128-bit key. */
+        rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_128_KEY_SIZE);
+
+        if (rv != SECSuccess)
+            return rv;
+
+        /* AES Power-Up SelfTest(s) for 192-bit key. */
+        rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_192_KEY_SIZE);
+
+        if (rv != SECSuccess)
+            return rv;
+
+        /* AES Power-Up SelfTest(s) for 256-bit key. */
+        rv = freebl_fips_AES_PowerUpSelfTest(FIPS_AES_256_KEY_SIZE);
+
+        if (rv != SECSuccess)
+            return rv;
+
+        /* HMAC SHA-X Power-Up SelfTest(s). */
+        rv = freebl_fips_HMAC_PowerUpSelfTest();
+
+        if (rv != SECSuccess)
+            return rv;
+
+        /* NOTE: RSA can only be tested in full freebl. It requires access to
+     * the locking primitives */
+        /* RSA Power-Up SelfTest(s). */
+        rv = freebl_fips_RSA_PowerUpSelfTest();
+
+        if (rv != SECSuccess)
+            return rv;
+
+        /* DSA Power-Up SelfTest(s). */
+        rv = freebl_fips_DSA_PowerUpSelfTest();
+
+        if (rv != SECSuccess)
+            return rv;
+
+#ifdef NSS_ENABLE_ECC
+        /* ECDSA Power-Up SelfTest(s). */
+        rv = freebl_fips_ECDSA_PowerUpSelfTest();
+
+        if (rv != SECSuccess)
+            return rv;
+#endif
+    }
+    /* Passed Power-Up SelfTest(s). */
+    return (SECSuccess);
+}
+
+/*
+ * state variables. NOTE: freebl has two uses: a standalone use which
+ * provided limitted access to the hash functions throught the NSSLOWHASH_
+ * interface and an joint use from softoken, using the function pointer
+ * table. The standalone use can operation without nspr or nss-util, while
+ * the joint use requires both to be loaded. Certain functions (like RSA)
+ * needs locking from NSPR, for instance.
+ *
+ * At load time, we need to handle the two uses separately. If nspr and
+ * nss-util  are loaded, then we can run all the selftests, but if nspr and
+ * nss-util are not loaded, then we can't run all the selftests, and we need
+ * to prevent the softoken function pointer table from operating until the
+ * libraries are loaded and we try to use them.
+ */
+static PRBool self_tests_freebl_ran = PR_FALSE;
+static PRBool self_tests_ran = PR_FALSE;
+static PRBool self_tests_freebl_success = PR_FALSE;
+static PRBool self_tests_success = PR_FALSE;
+#if defined(DEBUG)
+static PRBool fips_mode_available = PR_FALSE;
+#endif
+
+/*
+ * accessors for freebl
+ */
+PRBool
+BL_POSTRan(PRBool freebl_only)
+{
+    SECStatus rv;
+    /* if the freebl self tests didn't run, there is something wrong with
+     * our on load tests */
+    if (!self_tests_freebl_ran) {
+        return PR_FALSE;
+    }
+    /* if all the self tests have run, we are good */
+    if (self_tests_ran) {
+        return PR_TRUE;
+    }
+    /* if we only care about the freebl tests, we are good */
+    if (freebl_only) {
+        return PR_TRUE;
+    }
+    /* run the rest of the self tests */
+    /* We could get there if freebl was loaded without the rest of the support
+     * libraries, but now we want to use more than just a standalone freebl.
+     * This requires the other libraries to be loaded.
+     * If they are now loaded, Try to run the rest of the selftests,
+     * otherwise fail (disabling access to these algorithms)  */
+    self_tests_ran = PR_TRUE;
+    BL_Init();     /* required by RSA */
+    RNG_RNGInit(); /* required by RSA */
+    rv = freebl_fipsPowerUpSelfTest(DO_REST);
+    if (rv == SECSuccess) {
+        self_tests_success = PR_TRUE;
+    }
+    return PR_TRUE;
+}
+
+#include "blname.c"
+
+/*
+ * This function is called at dll load time, the code tha makes this
+ * happen is platform specific on defined above.
+ */
+static void
+bl_startup_tests(void)
+{
+    const char *libraryName;
+    PRBool freebl_only = PR_FALSE;
+    SECStatus rv;
+
+    PORT_Assert(self_tests_freebl_ran == PR_FALSE);
+    PORT_Assert(self_tests_success == PR_FALSE);
+    PORT_Assert(fips_mode_available == PR_FALSE);
+    self_tests_freebl_ran = PR_TRUE;      /* we are running the tests */
+    self_tests_success = PR_FALSE;        /* force it just in case */
+    self_tests_freebl_success = PR_FALSE; /* force it just in case */
+
+#ifdef FREEBL_NO_DEPEND
+    rv = FREEBL_InitStubs();
+    if (rv != SECSuccess) {
+        freebl_only = PR_TRUE;
+    }
+#endif
+
+    self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
+
+    if (!freebl_only) {
+        self_tests_ran = PR_TRUE; /* we're running all the tests */
+        BL_Init();                /* needs to be called before RSA can be used */
+        RNG_RNGInit();
+    }
+
+    /* always run the post tests */
+    rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST);
+    if (rv != SECSuccess) {
+        return;
+    }
+
+    libraryName = getLibName();
+    rv = freebl_fipsSoftwareIntegrityTest(libraryName);
+    if (rv != SECSuccess) {
+        return;
+    }
+
+    /* posts are happy, allow the fips module to function now */
+    self_tests_freebl_success = PR_TRUE; /* we always test the freebl stuff */
+    if (!freebl_only) {
+        self_tests_success = PR_TRUE;
+    }
+}
+
+/*
+ * this is called from the freebl init entry points that controll access to
+ * all other freebl functions. This prevents freebl from operating if our
+ * power on selftest failed.
+ */
+SECStatus
+BL_FIPSEntryOK(PRBool freebl_only)
+{
+#ifdef NSS_NO_INIT_SUPPORT
+    /* this should only be set on platforms that can't handle one of the INIT
+    * schemes.  This code allows those platforms to continue to function,
+    * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
+    * is not set, and init support has not been properly enabled, freebl
+    * will always fail because of the test below
+    */
+    if (!self_tests_freebl_ran) {
+        bl_startup_tests();
+    }
+#endif
+    /* if the general self tests succeeded, we're done */
+    if (self_tests_success) {
+        return SECSuccess;
+    }
+    /* standalone freebl can initialize */
+    if (freebl_only & self_tests_freebl_success) {
+        return SECSuccess;
+    }
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+}
diff --git a/nss/lib/freebl/freebl.def b/nss/lib/freebl/freebl.def
new file mode 100644
index 0000000..164c843
--- /dev/null
+++ b/nss/lib/freebl/freebl.def
@@ -0,0 +1,26 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSSprivate_3.11 {               # NSS 3.11 release
+;+    global:
+LIBRARY freebl3 ;-
+EXPORTS	;-
+FREEBL_GetVector;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/freebl/freebl.gyp b/nss/lib/freebl/freebl.gyp
new file mode 100644
index 0000000..b8166cc
--- /dev/null
+++ b/nss/lib/freebl/freebl.gyp
@@ -0,0 +1,268 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'intel-gcm-wrap_c_lib',
+      'type': 'static_library',
+      'sources': [
+        'intel-gcm-wrap.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ],
+      'cflags': [
+        '-mssse3'
+      ],
+      'cflags_mozilla': [
+        '-mssse3'
+      ]
+    },
+    {
+      'target_name': 'freebl',
+      'type': 'static_library',
+      'sources': [
+        'loader.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    # For test builds, build a static freebl library so we can statically
+    # link it into the test build binary. This way we don't have to
+    # dlopen() the shared lib but can directly call freebl functions.
+    {
+      'target_name': 'freebl_static',
+      'type': 'static_library',
+      'includes': [
+        'freebl_base.gypi',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ],
+      'conditions': [
+        [ 'OS=="linux"', {
+          'defines!': [
+            'FREEBL_NO_DEPEND',
+            'FREEBL_LOWHASH',
+            'USE_HW_AES',
+            'INTEL_GCM',
+          ],
+          'conditions': [
+            [ 'target_arch=="x64"', {
+              # The AES assembler code doesn't work in static test builds.
+              # The linker complains about non-relocatable code, and I
+              # currently don't know how to fix this properly.
+              'sources!': [
+                'intel-aes.s',
+                'intel-gcm.s',
+              ],
+            }],
+          ],
+        }],
+      ],
+    },
+    {
+      'target_name': '<(freebl_name)',
+      'type': 'shared_library',
+      'includes': [
+        'freebl_base.gypi',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ],
+      'conditions': [
+        [ 'OS!="linux" and OS!="android"', {
+          'conditions': [
+            [ 'moz_fold_libs==0', {
+              'dependencies': [
+                '<(DEPTH)/lib/util/util.gyp:nssutil3',
+              ],
+            }, {
+              'libraries': [
+                '<(moz_folded_library_name)',
+              ],
+            }],
+          ],
+        }, 'target_arch=="x64"', {
+          'dependencies': [
+            'intel-gcm-wrap_c_lib',
+          ],
+        }],
+        [ 'OS=="win" and cc_is_clang==1', {
+          'dependencies': [
+            'intel-gcm-wrap_c_lib',
+          ],
+        }],
+        [ 'OS=="linux"', {
+          'sources': [
+            'nsslowhash.c',
+            'stubs.c',
+          ],
+        }],
+      ],
+      'variables': {
+       'conditions': [
+         [ 'OS=="linux"', {
+           'mapfile': 'freebl_hash_vector.def',
+         }, {
+           'mapfile': 'freebl.def',
+         }],
+       ]
+      },
+    },
+  ],
+  'conditions': [
+    [ 'OS=="linux"', {
+      # stub build
+      'targets': [
+        {
+          'target_name': 'freebl3',
+          'type': 'shared_library',
+          'defines': [
+            'FREEBL_NO_DEPEND',
+          ],
+          'sources': [
+            'lowhash_vector.c'
+          ],
+          'dependencies': [
+            '<(DEPTH)/exports.gyp:nss_exports'
+          ],
+          'variables': {
+            'mapfile': 'freebl_hash.def'
+          }
+        },
+      ],
+    }],
+  ],
+  'target_defaults': {
+    'include_dirs': [
+      'mpi',
+      'ecl'
+    ],
+    'defines': [
+      'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+      'SHLIB_PREFIX=\"<(dll_prefix)\"',
+      'SHLIB_VERSION=\"3\"',
+      'SOFTOKEN_SHLIB_VERSION=\"3\"',
+      'RIJNDAEL_INCLUDE_TABLES',
+      'MP_API_COMPATIBLE'
+    ],
+    'conditions': [
+      [ 'OS=="win" and target_arch=="ia32"', {
+        'msvs_settings': {
+          'VCCLCompilerTool': {
+            #TODO: -Ox optimize flags
+            'PreprocessorDefinitions': [
+              'NSS_X86_OR_X64',
+              'NSS_X86',
+              'MP_ASSEMBLY_MULTIPLY',
+              'MP_ASSEMBLY_SQUARE',
+              'MP_ASSEMBLY_DIV_2DX1D',
+              'MP_USE_UINT_DIGIT',
+              'MP_NO_MP_WORD',
+              'USE_HW_AES',
+              'INTEL_GCM',
+            ],
+          },
+        },
+      }],
+      [ 'OS=="win" and target_arch=="x64"', {
+        'msvs_settings': {
+          'VCCLCompilerTool': {
+            #TODO: -Ox optimize flags
+            'PreprocessorDefinitions': [
+              'NSS_USE_64',
+              'NSS_X86_OR_X64',
+              'NSS_X64',
+              'MP_IS_LITTLE_ENDIAN',
+              'NSS_BEVAND_ARCFOUR',
+              'MPI_AMD64',
+              'MP_ASSEMBLY_MULTIPLY',
+              'NSS_USE_COMBA',
+              'USE_HW_AES',
+              'INTEL_GCM',
+            ],
+          },
+        },
+      }],
+      [ 'OS!="win"', {
+        'conditions': [
+          [ 'target_arch=="x64"', {
+            'defines': [
+              'NSS_USE_64',
+              'NSS_X86_OR_X64',
+              'NSS_X64',
+              # The Makefile does version-tests on GCC, but we're not doing that here.
+              'HAVE_INT128_SUPPORT',
+            ],
+          }, {
+            'sources': [
+              'ecl/uint128.c',
+            ],
+          }],
+          [ 'target_arch=="ia32"', {
+            'defines': [
+              'NSS_X86_OR_X64',
+              'NSS_X86',
+            ],
+          }],
+        ],
+      }],
+      [ 'OS=="linux"', {
+        'defines': [
+          'FREEBL_LOWHASH',
+          'FREEBL_NO_DEPEND',
+        ],
+      }],
+      [ 'OS=="linux" or OS=="android"', {
+        'conditions': [
+          [ 'target_arch=="x64"', {
+            'defines': [
+              'MP_IS_LITTLE_ENDIAN',
+              'NSS_BEVAND_ARCFOUR',
+              'MPI_AMD64',
+              'MP_ASSEMBLY_MULTIPLY',
+              'NSS_USE_COMBA',
+            ],
+          }],
+          [ 'target_arch=="x64"', {
+            'defines': [
+              'USE_HW_AES',
+              'INTEL_GCM',
+            ],
+          }],
+          [ 'target_arch=="ia32"', {
+            'defines': [
+              'MP_IS_LITTLE_ENDIAN',
+              'MP_ASSEMBLY_MULTIPLY',
+              'MP_ASSEMBLY_SQUARE',
+              'MP_ASSEMBLY_DIV_2DX1D',
+              'MP_USE_UINT_DIGIT',
+            ],
+          }],
+          [ 'target_arch=="arm"', {
+            'defines': [
+              'MP_ASSEMBLY_MULTIPLY',
+              'MP_ASSEMBLY_SQUARE',
+              'MP_USE_UINT_DIGIT',
+              'SHA_NO_LONG_LONG',
+            ],
+          }],
+          [ 'target_arch=="arm64" or target_arch=="aarch64"', {
+            'defines': [
+              'NSS_USE_64',
+            ],
+          }],
+        ],
+      }],
+    ],
+  },
+  'variables': {
+    'module': 'nss',
+  }
+}
diff --git a/nss/lib/freebl/freebl.rc b/nss/lib/freebl/freebl.rc
new file mode 100644
index 0000000..444ae5d
--- /dev/null
+++ b/nss/lib/freebl/freebl.rc
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "softkver.h"
+#include <winver.h>
+
+#define MY_LIBNAME "freebl"
+#define MY_FILEDESCRIPTION "NSS freebl Library"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define SOFTOKEN_VMAJOR_STR STRINGIZE2(SOFTOKEN_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if SOFTOKEN_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME SOFTOKEN_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,SOFTOKEN_VBUILD
+ PRODUCTVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,SOFTOKEN_VBUILD
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", SOFTOKEN_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", SOFTOKEN_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/freebl/freebl_base.gypi b/nss/lib/freebl/freebl_base.gypi
new file mode 100644
index 0000000..7570eec
--- /dev/null
+++ b/nss/lib/freebl/freebl_base.gypi
@@ -0,0 +1,199 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'sources': [
+    'aeskeywrap.c',
+    'alg2268.c',
+    'alghmac.c',
+    'arcfive.c',
+    'arcfour.c',
+    'camellia.c',
+    'chacha20poly1305.c',
+    'ctr.c',
+    'cts.c',
+    'des.c',
+    'desblapi.c',
+    'dh.c',
+    'drbg.c',
+    'dsa.c',
+    'ec.c',
+    'ecdecode.c',
+    'ecl/ec_naf.c',
+    'ecl/ecl.c',
+    'ecl/ecl_curve.c',
+    'ecl/ecl_gf.c',
+    'ecl/ecl_mult.c',
+    'ecl/ecp_25519.c',
+    'ecl/ecp_256.c',
+    'ecl/ecp_256_32.c',
+    'ecl/ecp_384.c',
+    'ecl/ecp_521.c',
+    'ecl/ecp_aff.c',
+    'ecl/ecp_jac.c',
+    'ecl/ecp_jm.c',
+    'ecl/ecp_mont.c',
+    'fipsfreebl.c',
+    'freeblver.c',
+    'gcm.c',
+    'hmacct.c',
+    'jpake.c',
+    'ldvector.c',
+    'md2.c',
+    'md5.c',
+    'mpi/mp_gf2m.c',
+    'mpi/mpcpucache.c',
+    'mpi/mpi.c',
+    'mpi/mplogic.c',
+    'mpi/mpmontg.c',
+    'mpi/mpprime.c',
+    'pqg.c',
+    'rawhash.c',
+    'rijndael.c',
+    'rsa.c',
+    'rsapkcs.c',
+    'seed.c',
+    'sha512.c',
+    'sha_fast.c',
+    'shvfy.c',
+    'sysrand.c',
+    'tlsprfalg.c'
+  ],
+  'conditions': [
+    [ 'OS=="linux" or OS=="android"', {
+      'conditions': [
+        [ 'target_arch=="x64"', {
+          'sources': [
+            'arcfour-amd64-gas.s',
+            'intel-aes.s',
+            'intel-gcm.s',
+            'mpi/mpi_amd64.c',
+            'mpi/mpi_amd64_gas.s',
+            'mpi/mp_comba.c',
+          ],
+          'conditions': [
+            [ 'cc_is_clang==1', {
+              'cflags': [
+                '-no-integrated-as',
+              ],
+              'cflags_mozilla': [
+                '-no-integrated-as',
+              ],
+              'asflags_mozilla': [
+                '-no-integrated-as',
+              ],
+            }],
+          ],
+        }],
+        [ 'target_arch=="ia32"', {
+          'sources': [
+            'mpi/mpi_x86.s',
+          ],
+        }],
+        [ 'target_arch=="arm"', {
+          'sources': [
+            'mpi/mpi_arm.c',
+          ],
+        }],
+      ],
+    }],
+    [ 'OS=="win"', {
+      'sources': [
+        #TODO: building with mingw should not need this.
+        'ecl/uint128.c',
+      ],
+      'libraries': [
+        'advapi32.lib',
+      ],
+      'conditions': [
+        [ 'target_arch=="x64"', {
+          'sources': [
+            'arcfour-amd64-masm.asm',
+            'mpi/mpi_amd64.c',
+            'mpi/mpi_amd64_masm.asm',
+            'mpi/mp_comba_amd64_masm.asm',
+            'intel-aes-x64-masm.asm',
+            'intel-gcm-x64-masm.asm',
+          ],
+        }, {
+          # not x64
+          'sources': [
+            'mpi/mpi_x86_asm.c',
+            'intel-aes-x86-masm.asm',
+            'intel-gcm-x86-masm.asm',
+          ],
+        }],
+        [ 'cc_is_clang!=1', {
+          # MSVC
+          'sources': [
+            'intel-gcm-wrap.c',
+          ],
+        }],
+      ],
+    }],
+    ['target_arch=="ia32" or target_arch=="x64"', {
+      'sources': [
+        # All intel architectures get the 64 bit version
+        'ecl/curve25519_64.c',
+      ],
+    }, {
+      'sources': [
+        # All non intel architectures get the generic 32 bit implementation (slow!)
+        'ecl/curve25519_32.c',
+      ],
+    }],
+    #TODO uint128.c
+    [ 'disable_chachapoly==0', {
+      'conditions': [
+        [ 'OS!="win" and target_arch=="x64"', {
+          'sources': [
+            'chacha20_vec.c',
+            'poly1305-donna-x64-sse2-incremental-source.c',
+          ],
+        }, {
+          # not x64
+          'sources': [
+            'chacha20.c',
+            'poly1305.c',
+          ],
+        }],
+      ],
+    }],
+    [ 'fuzz_oss==1', {
+      'defines': [
+        'UNSAFE_RNG_NO_URANDOM_SEED',
+      ],
+    }],
+    [ 'fuzz_tls==1', {
+      'sources': [
+        'det_rng.c',
+      ],
+      'defines': [
+        'UNSAFE_FUZZER_MODE',
+      ],
+    }],
+    [ 'ct_verif==1', {
+      'defines': [
+        'CT_VERIF',
+      ],
+    }],
+    [ 'OS=="mac"', {
+      'conditions': [
+        [ 'target_arch=="ia32"', {
+          'sources': [
+            'mpi/mpi_sse2.s',
+          ],
+          'defines': [
+            'MP_USE_UINT_DIGIT',
+            'MP_ASSEMBLY_MULTIPLY',
+            'MP_ASSEMBLY_SQUARE',
+            'MP_ASSEMBLY_DIV_2DX1D',
+          ],
+        }],
+      ],
+    }],
+  ],
+ 'ldflags': [
+   '-Wl,-Bsymbolic'
+ ],
+}
diff --git a/nss/lib/freebl/freebl_hash.def b/nss/lib/freebl/freebl_hash.def
new file mode 100644
index 0000000..9fd2736
--- /dev/null
+++ b/nss/lib/freebl/freebl_hash.def
@@ -0,0 +1,39 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSSprivate_3.11 {               # NSS 3.11 release
+;+    global:
+LIBRARY freebl3 ;-
+EXPORTS	;-
+FREEBL_GetVector;
+;+    local:
+;+       *;
+;+};
+;+NSSRAWHASH_3.12.3 {             # NSS 3.12.3 release
+;+    global:
+NSSLOW_Init;
+NSSLOW_Shutdown;
+NSSLOWHASH_Length;
+NSSLOWHASH_Begin;
+NSSLOWHASH_Destroy;
+NSSLOWHASH_End;
+NSSLOWHASH_NewContext;
+NSSLOWHASH_Update;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/freebl/freebl_hash_vector.def b/nss/lib/freebl/freebl_hash_vector.def
new file mode 100644
index 0000000..9d7d07d
--- /dev/null
+++ b/nss/lib/freebl/freebl_hash_vector.def
@@ -0,0 +1,34 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSSprivate_3.11 {               # NSS 3.11 release
+;+    global:
+LIBRARY freebl3 ;-
+EXPORTS	;-
+FREEBL_GetVector;
+;+    local:
+;+       *;
+;+};
+;+NSSprivate_3.16 {               # NSS 3.11 release
+;+    global:
+LIBRARY freebl3 ;-
+EXPORTS	;-
+NSSLOW_GetVector;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/freebl/freeblver.c b/nss/lib/freebl/freeblver.c
new file mode 100644
index 0000000..9136f0b
--- /dev/null
+++ b/nss/lib/freebl/freeblver.c
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Library identity and versioning */
+
+#include "softkver.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_freebl_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING;
diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c
new file mode 100644
index 0000000..2212100
--- /dev/null
+++ b/nss/lib/freebl/gcm.c
@@ -0,0 +1,860 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+#include "blapii.h"
+#include "blapit.h"
+#include "gcm.h"
+#include "ctr.h"
+#include "secerr.h"
+#include "prtypes.h"
+#include "pkcs11t.h"
+
+#include <limits.h>
+
+/**************************************************************************
+ *          First implement the Galois hash function of GCM (gcmHash)     *
+ **************************************************************************/
+#define GCM_HASH_LEN_LEN 8 /* gcm hash defines lengths to be 64 bits */
+
+typedef struct gcmHashContextStr gcmHashContext;
+
+static SECStatus gcmHash_InitContext(gcmHashContext *hash,
+                                     const unsigned char *H,
+                                     unsigned int blocksize);
+static void gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit);
+static SECStatus gcmHash_Update(gcmHashContext *ghash,
+                                const unsigned char *buf, unsigned int len,
+                                unsigned int blocksize);
+static SECStatus gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize);
+static SECStatus gcmHash_Final(gcmHashContext *gcm, unsigned char *outbuf,
+                               unsigned int *outlen, unsigned int maxout,
+                               unsigned int blocksize);
+static SECStatus gcmHash_Reset(gcmHashContext *ghash,
+                               const unsigned char *inbuf,
+                               unsigned int inbufLen, unsigned int blocksize);
+
+/* compile time defines to select how the GF2 multiply is calculated.
+ * There are currently 2 algorithms implemented here: MPI and ALGORITHM_1.
+ *
+ * MPI uses the GF2m implemented in mpi to support GF2 ECC.
+ * ALGORITHM_1 is the Algorithm 1 in both NIST SP 800-38D and
+ * "The Galois/Counter Mode of Operation (GCM)", McGrew & Viega.
+ */
+#if !defined(GCM_USE_ALGORITHM_1) && !defined(GCM_USE_MPI)
+#define GCM_USE_MPI 1 /* MPI is about 5x faster with the               \
+                       * same or less complexity. It's possible to use \
+                       * tables to speed things up even more */
+#endif
+
+/* GCM defines the bit string to be LSB first, which is exactly
+ * opposite everyone else, including hardware. build array
+ * to reverse everything. */
+static const unsigned char gcm_byte_rev[256] = {
+    0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
+    0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
+    0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
+    0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
+    0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
+    0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
+    0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
+    0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
+    0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
+    0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
+    0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
+    0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
+    0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
+    0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
+    0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
+    0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
+    0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
+    0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
+    0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
+    0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
+    0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
+    0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
+    0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
+    0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
+    0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
+    0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
+    0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
+    0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
+    0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
+    0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
+    0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
+    0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
+};
+
+#ifdef GCM_TRACE
+#include <stdio.h>
+
+#define GCM_TRACE_X(ghash, label)         \
+    {                                     \
+        unsigned char _X[MAX_BLOCK_SIZE]; \
+        int i;                            \
+        gcm_getX(ghash, _X, blocksize);   \
+        printf(label, (ghash)->m);        \
+        for (i = 0; i < blocksize; i++)   \
+            printf("%02x", _X[i]);        \
+        printf("\n");                     \
+    }
+#define GCM_TRACE_BLOCK(label, buf, blocksize) \
+    {                                          \
+        printf(label);                         \
+        for (i = 0; i < blocksize; i++)        \
+            printf("%02x", buf[i]);            \
+        printf("\n");                          \
+    }
+#else
+#define GCM_TRACE_X(ghash, label)
+#define GCM_TRACE_BLOCK(label, buf, blocksize)
+#endif
+
+#ifdef GCM_USE_MPI
+
+#ifdef GCM_USE_ALGORITHM_1
+#error "Only define one of GCM_USE_MPI, GCM_USE_ALGORITHM_1"
+#endif
+/* use the MPI functions to calculate Xn = (Xn-1^C_i)*H mod poly */
+#include "mpi.h"
+#include "secmpi.h"
+#include "mplogic.h"
+#include "mp_gf2m.h"
+
+/* state needed to handle GCM Hash function */
+struct gcmHashContextStr {
+    mp_int H;
+    mp_int X;
+    mp_int C_i;
+    const unsigned int *poly;
+    unsigned char buffer[MAX_BLOCK_SIZE];
+    unsigned int bufLen;
+    int m; /* XXX what is m? */
+    unsigned char counterBuf[2 * GCM_HASH_LEN_LEN];
+    PRUint64 cLen;
+};
+
+/* f = x^128 + x^7 + x^2 + x + 1 */
+static const unsigned int poly_128[] = { 128, 7, 2, 1, 0 };
+
+/* sigh, GCM defines the bit strings exactly backwards from everything else */
+static void
+gcm_reverse(unsigned char *target, const unsigned char *src,
+            unsigned int blocksize)
+{
+    unsigned int i;
+    for (i = 0; i < blocksize; i++) {
+        target[blocksize - i - 1] = gcm_byte_rev[src[i]];
+    }
+}
+
+/* Initialize a gcmHashContext */
+static SECStatus
+gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
+                    unsigned int blocksize)
+{
+    mp_err err = MP_OKAY;
+    unsigned char H_rev[MAX_BLOCK_SIZE];
+
+    MP_DIGITS(&ghash->H) = 0;
+    MP_DIGITS(&ghash->X) = 0;
+    MP_DIGITS(&ghash->C_i) = 0;
+    CHECK_MPI_OK(mp_init(&ghash->H));
+    CHECK_MPI_OK(mp_init(&ghash->X));
+    CHECK_MPI_OK(mp_init(&ghash->C_i));
+
+    mp_zero(&ghash->X);
+    gcm_reverse(H_rev, H, blocksize);
+    CHECK_MPI_OK(mp_read_unsigned_octets(&ghash->H, H_rev, blocksize));
+
+    /* set the irreducible polynomial. Each blocksize has its own polynomial.
+     * for now only blocksize 16 (=128 bits) is defined */
+    switch (blocksize) {
+        case 16: /* 128 bits */
+            ghash->poly = poly_128;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            goto cleanup;
+    }
+    ghash->cLen = 0;
+    ghash->bufLen = 0;
+    ghash->m = 0;
+    PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
+    return SECSuccess;
+cleanup:
+    gcmHash_DestroyContext(ghash, PR_FALSE);
+    return SECFailure;
+}
+
+/* Destroy a HashContext (Note we zero the digits so this function
+ * is idempotent if called with freeit == PR_FALSE */
+static void
+gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit)
+{
+    mp_clear(&ghash->H);
+    mp_clear(&ghash->X);
+    mp_clear(&ghash->C_i);
+    PORT_Memset(ghash, 0, sizeof(gcmHashContext));
+    if (freeit) {
+        PORT_Free(ghash);
+    }
+}
+
+static SECStatus
+gcm_getX(gcmHashContext *ghash, unsigned char *T, unsigned int blocksize)
+{
+    int len;
+    mp_err err;
+    unsigned char tmp_buf[MAX_BLOCK_SIZE];
+    unsigned char *X;
+
+    len = mp_unsigned_octet_size(&ghash->X);
+    if (len <= 0) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    X = tmp_buf;
+    PORT_Assert((unsigned int)len <= blocksize);
+    if ((unsigned int)len > blocksize) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* zero pad the result */
+    if (len != blocksize) {
+        PORT_Memset(X, 0, blocksize - len);
+        X += blocksize - len;
+    }
+
+    err = mp_to_unsigned_octets(&ghash->X, X, len);
+    if (err < 0) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    gcm_reverse(T, tmp_buf, blocksize);
+    return SECSuccess;
+}
+
+static SECStatus
+gcm_HashMult(gcmHashContext *ghash, const unsigned char *buf,
+             unsigned int count, unsigned int blocksize)
+{
+    SECStatus rv = SECFailure;
+    mp_err err = MP_OKAY;
+    unsigned char tmp_buf[MAX_BLOCK_SIZE];
+    unsigned int i;
+
+    for (i = 0; i < count; i++, buf += blocksize) {
+        ghash->m++;
+        gcm_reverse(tmp_buf, buf, blocksize);
+        CHECK_MPI_OK(mp_read_unsigned_octets(&ghash->C_i, tmp_buf, blocksize));
+        CHECK_MPI_OK(mp_badd(&ghash->X, &ghash->C_i, &ghash->C_i));
+        /*
+         * Looking to speed up GCM, this the the place to do it.
+         * There are two areas that can be exploited to speed up this code.
+         *
+         * 1) H is a constant in this multiply. We can precompute H * (0 - 255)
+         * at init time and this becomes an blockize xors of our table lookup.
+         *
+         * 2) poly is a constant for each blocksize. We can calculate the
+         * modulo reduction by a series of adds and shifts.
+         *
+         * For now we are after functionality, so we will go ahead and use
+         * the builtin bmulmod from mpi
+         */
+        CHECK_MPI_OK(mp_bmulmod(&ghash->C_i, &ghash->H,
+                                ghash->poly, &ghash->X));
+        GCM_TRACE_X(ghash, "X%d = ")
+    }
+    rv = SECSuccess;
+cleanup:
+    PORT_Memset(tmp_buf, 0, sizeof(tmp_buf));
+    if (rv != SECSuccess) {
+        MP_TO_SEC_ERROR(err);
+    }
+    return rv;
+}
+
+static void
+gcm_zeroX(gcmHashContext *ghash)
+{
+    mp_zero(&ghash->X);
+    ghash->m = 0;
+}
+
+#endif
+
+#ifdef GCM_USE_ALGORITHM_1
+/* use algorithm 1 of McGrew & Viega "The Galois/Counter Mode of Operation" */
+
+#define GCM_ARRAY_SIZE (MAX_BLOCK_SIZE / sizeof(unsigned long))
+
+struct gcmHashContextStr {
+    unsigned long H[GCM_ARRAY_SIZE];
+    unsigned long X[GCM_ARRAY_SIZE];
+    unsigned long R;
+    unsigned char buffer[MAX_BLOCK_SIZE];
+    unsigned int bufLen;
+    int m;
+    unsigned char counterBuf[2 * GCM_HASH_LEN_LEN];
+    PRUint64 cLen;
+};
+
+static void
+gcm_bytes_to_longs(unsigned long *l, const unsigned char *c, unsigned int len)
+{
+    int i, j;
+    int array_size = len / sizeof(unsigned long);
+
+    PORT_Assert(len % sizeof(unsigned long) == 0);
+    for (i = 0; i < array_size; i++) {
+        unsigned long tmp = 0;
+        int byte_offset = i * sizeof(unsigned long);
+        for (j = sizeof(unsigned long) - 1; j >= 0; j--) {
+            tmp = (tmp << PR_BITS_PER_BYTE) | gcm_byte_rev[c[byte_offset + j]];
+        }
+        l[i] = tmp;
+    }
+}
+
+static void
+gcm_longs_to_bytes(const unsigned long *l, unsigned char *c, unsigned int len)
+{
+    int i, j;
+    int array_size = len / sizeof(unsigned long);
+
+    PORT_Assert(len % sizeof(unsigned long) == 0);
+    for (i = 0; i < array_size; i++) {
+        unsigned long tmp = l[i];
+        int byte_offset = i * sizeof(unsigned long);
+        for (j = 0; j < sizeof(unsigned long); j++) {
+            c[byte_offset + j] = gcm_byte_rev[tmp & 0xff];
+            tmp = (tmp >> PR_BITS_PER_BYTE);
+        }
+    }
+}
+
+/* Initialize a gcmHashContext */
+static SECStatus
+gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
+                    unsigned int blocksize)
+{
+    PORT_Memset(ghash->X, 0, sizeof(ghash->X));
+    PORT_Memset(ghash->H, 0, sizeof(ghash->H));
+    gcm_bytes_to_longs(ghash->H, H, blocksize);
+
+    /* set the irreducible polynomial. Each blocksize has its own polynommial
+     * for now only blocksize 16 (=128 bits) is defined */
+    switch (blocksize) {
+        case 16:                            /* 128 bits */
+            ghash->R = (unsigned long)0x87; /* x^7 + x^2 + x +1 */
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            goto cleanup;
+    }
+    ghash->cLen = 0;
+    ghash->bufLen = 0;
+    ghash->m = 0;
+    PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
+    return SECSuccess;
+cleanup:
+    return SECFailure;
+}
+
+/* Destroy a HashContext (Note we zero the digits so this function
+ * is idempotent if called with freeit == PR_FALSE */
+static void
+gcmHash_DestroyContext(gcmHashContext *ghash, PRBool freeit)
+{
+    PORT_Memset(ghash, 0, sizeof(gcmHashContext));
+    if (freeit) {
+        PORT_Free(ghash);
+    }
+}
+
+static unsigned long
+gcm_shift_one(unsigned long *t, unsigned int count)
+{
+    unsigned long carry = 0;
+    unsigned long nextcarry = 0;
+    unsigned int i;
+    for (i = 0; i < count; i++) {
+        nextcarry = t[i] >> ((sizeof(unsigned long) * PR_BITS_PER_BYTE) - 1);
+        t[i] = (t[i] << 1) | carry;
+        carry = nextcarry;
+    }
+    return carry;
+}
+
+static SECStatus
+gcm_getX(gcmHashContext *ghash, unsigned char *T, unsigned int blocksize)
+{
+    gcm_longs_to_bytes(ghash->X, T, blocksize);
+    return SECSuccess;
+}
+
+#define GCM_XOR(t, s, len)    \
+    for (l = 0; l < len; l++) \
+    t[l] ^= s[l]
+
+static SECStatus
+gcm_HashMult(gcmHashContext *ghash, const unsigned char *buf,
+             unsigned int count, unsigned int blocksize)
+{
+    unsigned long C_i[GCM_ARRAY_SIZE];
+    unsigned int arraysize = blocksize / sizeof(unsigned long);
+    unsigned int i, j, k, l;
+
+    for (i = 0; i < count; i++, buf += blocksize) {
+        ghash->m++;
+        gcm_bytes_to_longs(C_i, buf, blocksize);
+        GCM_XOR(C_i, ghash->X, arraysize);
+        /* multiply X = C_i * H */
+        PORT_Memset(ghash->X, 0, sizeof(ghash->X));
+        for (j = 0; j < arraysize; j++) {
+            unsigned long H = ghash->H[j];
+            for (k = 0; k < sizeof(unsigned long) * PR_BITS_PER_BYTE; k++) {
+                if (H & 1) {
+                    GCM_XOR(ghash->X, C_i, arraysize);
+                }
+                if (gcm_shift_one(C_i, arraysize)) {
+                    C_i[0] = C_i[0] ^ ghash->R;
+                }
+                H = H >> 1;
+            }
+        }
+        GCM_TRACE_X(ghash, "X%d = ")
+    }
+    PORT_Memset(C_i, 0, sizeof(C_i));
+    return SECSuccess;
+}
+
+static void
+gcm_zeroX(gcmHashContext *ghash)
+{
+    PORT_Memset(ghash->X, 0, sizeof(ghash->X));
+    ghash->m = 0;
+}
+#endif
+
+/*
+ * implement GCM GHASH using the freebl GHASH function. The gcm_HashMult
+ * function always takes blocksize lengths of data. gcmHash_Update will
+ * format the data properly.
+ */
+static SECStatus
+gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
+               unsigned int len, unsigned int blocksize)
+{
+    unsigned int blocks;
+    SECStatus rv;
+
+    ghash->cLen += (len * PR_BITS_PER_BYTE);
+
+    /* first deal with the current buffer of data. Try to fill it out so
+     * we can hash it */
+    if (ghash->bufLen) {
+        unsigned int needed = PR_MIN(len, blocksize - ghash->bufLen);
+        if (needed != 0) {
+            PORT_Memcpy(ghash->buffer + ghash->bufLen, buf, needed);
+        }
+        buf += needed;
+        len -= needed;
+        ghash->bufLen += needed;
+        if (len == 0) {
+            /* didn't add enough to hash the data, nothing more do do */
+            return SECSuccess;
+        }
+        PORT_Assert(ghash->bufLen == blocksize);
+        /* hash the buffer and clear it */
+        rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
+        PORT_Memset(ghash->buffer, 0, blocksize);
+        ghash->bufLen = 0;
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+    /* now hash any full blocks remaining in the data stream */
+    blocks = len / blocksize;
+    if (blocks) {
+        rv = gcm_HashMult(ghash, buf, blocks, blocksize);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+        buf += blocks * blocksize;
+        len -= blocks * blocksize;
+    }
+
+    /* save any remainder in the buffer to be hashed with the next call */
+    if (len != 0) {
+        PORT_Memcpy(ghash->buffer, buf, len);
+        ghash->bufLen = len;
+    }
+    return SECSuccess;
+}
+
+/*
+ * write out any partial blocks zero padded through the GHASH engine,
+ * save the lengths for the final completion of the hash
+ */
+static SECStatus
+gcmHash_Sync(gcmHashContext *ghash, unsigned int blocksize)
+{
+    int i;
+    SECStatus rv;
+
+    /* copy the previous counter to the upper block */
+    PORT_Memcpy(ghash->counterBuf, &ghash->counterBuf[GCM_HASH_LEN_LEN],
+                GCM_HASH_LEN_LEN);
+    /* copy the current counter in the lower block */
+    for (i = 0; i < GCM_HASH_LEN_LEN; i++) {
+        ghash->counterBuf[GCM_HASH_LEN_LEN + i] =
+            (ghash->cLen >> ((GCM_HASH_LEN_LEN - 1 - i) * PR_BITS_PER_BYTE)) & 0xff;
+    }
+    ghash->cLen = 0;
+
+    /* now zero fill the buffer and hash the last block */
+    if (ghash->bufLen) {
+        PORT_Memset(ghash->buffer + ghash->bufLen, 0, blocksize - ghash->bufLen);
+        rv = gcm_HashMult(ghash, ghash->buffer, 1, blocksize);
+        PORT_Memset(ghash->buffer, 0, blocksize);
+        ghash->bufLen = 0;
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+/*
+ * This does the final sync, hashes the lengths, then returns
+ * "T", the hashed output.
+ */
+static SECStatus
+gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
+              unsigned int *outlen, unsigned int maxout,
+              unsigned int blocksize)
+{
+    unsigned char T[MAX_BLOCK_SIZE];
+    SECStatus rv;
+
+    rv = gcmHash_Sync(ghash, blocksize);
+    if (rv != SECSuccess) {
+        goto cleanup;
+    }
+
+    rv = gcm_HashMult(ghash, ghash->counterBuf, (GCM_HASH_LEN_LEN * 2) / blocksize,
+                      blocksize);
+    if (rv != SECSuccess) {
+        goto cleanup;
+    }
+
+    GCM_TRACE_X(ghash, "GHASH(H,A,C) = ")
+
+    rv = gcm_getX(ghash, T, blocksize);
+    if (rv != SECSuccess) {
+        goto cleanup;
+    }
+
+    if (maxout > blocksize)
+        maxout = blocksize;
+    PORT_Memcpy(outbuf, T, maxout);
+    *outlen = maxout;
+    rv = SECSuccess;
+
+cleanup:
+    PORT_Memset(T, 0, sizeof(T));
+    return rv;
+}
+
+SECStatus
+gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
+              unsigned int AADLen, unsigned int blocksize)
+{
+    SECStatus rv;
+
+    ghash->cLen = 0;
+    PORT_Memset(ghash->counterBuf, 0, GCM_HASH_LEN_LEN * 2);
+    ghash->bufLen = 0;
+    gcm_zeroX(ghash);
+
+    /* now kick things off by hashing the Additional Authenticated Data */
+    if (AADLen != 0) {
+        rv = gcmHash_Update(ghash, AAD, AADLen, blocksize);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+        rv = gcmHash_Sync(ghash, blocksize);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+/**************************************************************************
+ *           Now implement the GCM using gcmHash and CTR                  *
+ **************************************************************************/
+
+/* state to handle the full GCM operation (hash and counter) */
+struct GCMContextStr {
+    gcmHashContext ghash_context;
+    CTRContext ctr_context;
+    unsigned long tagBits;
+    unsigned char tagKey[MAX_BLOCK_SIZE];
+};
+
+GCMContext *
+GCM_CreateContext(void *context, freeblCipherFunc cipher,
+                  const unsigned char *params, unsigned int blocksize)
+{
+    GCMContext *gcm = NULL;
+    gcmHashContext *ghash;
+    unsigned char H[MAX_BLOCK_SIZE];
+    unsigned int tmp;
+    PRBool freeCtr = PR_FALSE;
+    PRBool freeHash = PR_FALSE;
+    const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
+    CK_AES_CTR_PARAMS ctrParams;
+    SECStatus rv;
+
+    if (blocksize > MAX_BLOCK_SIZE || blocksize > sizeof(ctrParams.cb)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+    gcm = PORT_ZNew(GCMContext);
+    if (gcm == NULL) {
+        return NULL;
+    }
+    /* first fill in the ghash context */
+    ghash = &gcm->ghash_context;
+    PORT_Memset(H, 0, blocksize);
+    rv = (*cipher)(context, H, &tmp, blocksize, H, blocksize, blocksize);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = gcmHash_InitContext(ghash, H, blocksize);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    freeHash = PR_TRUE;
+
+    /* fill in the Counter context */
+    ctrParams.ulCounterBits = 32;
+    PORT_Memset(ctrParams.cb, 0, sizeof(ctrParams.cb));
+    if ((blocksize == 16) && (gcmParams->ulIvLen == 12)) {
+        PORT_Memcpy(ctrParams.cb, gcmParams->pIv, gcmParams->ulIvLen);
+        ctrParams.cb[blocksize - 1] = 1;
+    } else {
+        rv = gcmHash_Update(ghash, gcmParams->pIv, gcmParams->ulIvLen,
+                            blocksize);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = gcmHash_Final(ghash, ctrParams.cb, &tmp, blocksize, blocksize);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    rv = CTR_InitContext(&gcm->ctr_context, context, cipher,
+                         (unsigned char *)&ctrParams, blocksize);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    freeCtr = PR_TRUE;
+
+    /* fill in the gcm structure */
+    gcm->tagBits = gcmParams->ulTagBits; /* save for final step */
+    /* calculate the final tag key. NOTE: gcm->tagKey is zero to start with.
+     * if this assumption changes, we would need to explicitly clear it here */
+    rv = CTR_Update(&gcm->ctr_context, gcm->tagKey, &tmp, blocksize,
+                    gcm->tagKey, blocksize, blocksize);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* finally mix in the AAD data */
+    rv = gcmHash_Reset(ghash, gcmParams->pAAD, gcmParams->ulAADLen, blocksize);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return gcm;
+
+loser:
+    if (freeCtr) {
+        CTR_DestroyContext(&gcm->ctr_context, PR_FALSE);
+    }
+    if (freeHash) {
+        gcmHash_DestroyContext(&gcm->ghash_context, PR_FALSE);
+    }
+    if (gcm) {
+        PORT_Free(gcm);
+    }
+    return NULL;
+}
+
+void
+GCM_DestroyContext(GCMContext *gcm, PRBool freeit)
+{
+    /* these two are statically allocated and will be freed when we free
+     * gcm. call their destroy functions to free up any locally
+     * allocated data (like mp_int's) */
+    CTR_DestroyContext(&gcm->ctr_context, PR_FALSE);
+    gcmHash_DestroyContext(&gcm->ghash_context, PR_FALSE);
+    PORT_Memset(&gcm->tagBits, 0, sizeof(gcm->tagBits));
+    PORT_Memset(gcm->tagKey, 0, sizeof(gcm->tagKey));
+    if (freeit) {
+        PORT_Free(gcm);
+    }
+}
+
+static SECStatus
+gcm_GetTag(GCMContext *gcm, unsigned char *outbuf,
+           unsigned int *outlen, unsigned int maxout,
+           unsigned int blocksize)
+{
+    unsigned int tagBytes;
+    unsigned int extra;
+    unsigned int i;
+    SECStatus rv;
+
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+    extra = tagBytes * PR_BITS_PER_BYTE - gcm->tagBits;
+
+    if (outbuf == NULL) {
+        *outlen = tagBytes;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    if (maxout < tagBytes) {
+        *outlen = tagBytes;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    maxout = tagBytes;
+    rv = gcmHash_Final(&gcm->ghash_context, outbuf, outlen, maxout, blocksize);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    GCM_TRACE_BLOCK("GHASH=", outbuf, blocksize);
+    GCM_TRACE_BLOCK("Y0=", gcm->tagKey, blocksize);
+    for (i = 0; i < *outlen; i++) {
+        outbuf[i] ^= gcm->tagKey[i];
+    }
+    GCM_TRACE_BLOCK("Y0=", gcm->tagKey, blocksize);
+    GCM_TRACE_BLOCK("T=", outbuf, blocksize);
+    /* mask off any extra bits we got */
+    if (extra) {
+        outbuf[tagBytes - 1] &= ~((1 << extra) - 1);
+    }
+    return SECSuccess;
+}
+
+/*
+ * See The Galois/Counter Mode of Operation, McGrew and Viega.
+ *  GCM is basically counter mode with a specific initialization and
+ *  built in macing operation.
+ */
+SECStatus
+GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
+                  unsigned int *outlen, unsigned int maxout,
+                  const unsigned char *inbuf, unsigned int inlen,
+                  unsigned int blocksize)
+{
+    SECStatus rv;
+    unsigned int tagBytes;
+    unsigned int len;
+
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+    if (UINT_MAX - inlen < tagBytes) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    if (maxout < inlen + tagBytes) {
+        *outlen = inlen + tagBytes;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    rv = CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout,
+                    inbuf, inlen, blocksize);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = gcmHash_Update(&gcm->ghash_context, outbuf, *outlen, blocksize);
+    if (rv != SECSuccess) {
+        PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
+        *outlen = 0;
+        return SECFailure;
+    }
+    rv = gcm_GetTag(gcm, outbuf + *outlen, &len, maxout - *outlen, blocksize);
+    if (rv != SECSuccess) {
+        PORT_Memset(outbuf, 0, *outlen); /* clear the output buffer */
+        *outlen = 0;
+        return SECFailure;
+    };
+    *outlen += len;
+    return SECSuccess;
+}
+
+/*
+ * See The Galois/Counter Mode of Operation, McGrew and Viega.
+ *  GCM is basically counter mode with a specific initialization and
+ *  built in macing operation. NOTE: the only difference between Encrypt
+ *  and Decrypt is when we calculate the mac. That is because the mac must
+ *  always be calculated on the cipher text, not the plain text, so for
+ *  encrypt, we do the CTR update first and for decrypt we do the mac first.
+ */
+SECStatus
+GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
+                  unsigned int *outlen, unsigned int maxout,
+                  const unsigned char *inbuf, unsigned int inlen,
+                  unsigned int blocksize)
+{
+    SECStatus rv;
+    unsigned int tagBytes;
+    unsigned char tag[MAX_BLOCK_SIZE];
+    const unsigned char *intag;
+    unsigned int len;
+
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+
+    /* get the authentication block */
+    if (inlen < tagBytes) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    inlen -= tagBytes;
+    intag = inbuf + inlen;
+
+    /* verify the block */
+    rv = gcmHash_Update(&gcm->ghash_context, inbuf, inlen, blocksize);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = gcm_GetTag(gcm, tag, &len, blocksize, blocksize);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    /* Don't decrypt if we can't authenticate the encrypted data!
+     * This assumes that if tagBits is not a multiple of 8, intag will
+     * preserve the masked off missing bits.  */
+    if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) {
+        /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        PORT_Memset(tag, 0, sizeof(tag));
+        return SECFailure;
+    }
+    PORT_Memset(tag, 0, sizeof(tag));
+    /* finish the decryption */
+    return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout,
+                      inbuf, inlen, blocksize);
+}
diff --git a/nss/lib/freebl/gcm.h b/nss/lib/freebl/gcm.h
new file mode 100644
index 0000000..1cdba53
--- /dev/null
+++ b/nss/lib/freebl/gcm.h
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GCM_H
+#define GCM_H 1
+
+#include "blapii.h"
+
+typedef struct GCMContextStr GCMContext;
+
+/*
+ * The context argument is the inner cipher context to use with cipher. The
+ * GCMContext does not own context. context needs to remain valid for as long
+ * as the GCMContext is valid.
+ *
+ * The cipher argument is a block cipher in the ECB encrypt mode.
+ */
+GCMContext *GCM_CreateContext(void *context, freeblCipherFunc cipher,
+                              const unsigned char *params, unsigned int blocksize);
+void GCM_DestroyContext(GCMContext *gcm, PRBool freeit);
+SECStatus GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
+                            unsigned int *outlen, unsigned int maxout,
+                            const unsigned char *inbuf, unsigned int inlen,
+                            unsigned int blocksize);
+SECStatus GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
+                            unsigned int *outlen, unsigned int maxout,
+                            const unsigned char *inbuf, unsigned int inlen,
+                            unsigned int blocksize);
+
+#endif
diff --git a/nss/lib/freebl/genload.c b/nss/lib/freebl/genload.c
new file mode 100644
index 0000000..832deb5
--- /dev/null
+++ b/nss/lib/freebl/genload.c
@@ -0,0 +1,167 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This file is meant to be included by other .c files.
+ * This file takes a "parameter", the scope which includes this
+ * code shall declare this variable:
+ *   const char *NameOfThisSharedLib;
+ *
+ * NameOfThisSharedLib:
+ *   The file name of the shared library that shall be used as the
+ *   "reference library". The loader will attempt to load the requested
+ *   library from the same directory as the reference library.
+ */
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#define BL_MAXSYMLINKS 20
+
+/*
+ * If 'link' is a symbolic link, this function follows the symbolic links
+ * and returns the pathname of the ultimate source of the symbolic links.
+ * If 'link' is not a symbolic link, this function returns NULL.
+ * The caller should call PR_Free to free the string returned by this
+ * function.
+ */
+static char*
+loader_GetOriginalPathname(const char* link)
+{
+#ifdef __GLIBC__
+    char* tmp = realpath(link, NULL);
+    char* resolved;
+    if (!tmp)
+        return NULL;
+    resolved = PR_Malloc(strlen(tmp) + 1);
+    strcpy(resolved, tmp); /* This is necessary because PR_Free might not be using free() */
+    free(tmp);
+    return resolved;
+#else
+    char* resolved = NULL;
+    char* input = NULL;
+    PRUint32 iterations = 0;
+    PRInt32 len = 0, retlen = 0;
+    if (!link) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+    len = PR_MAX(1024, strlen(link) + 1);
+    resolved = PR_Malloc(len);
+    input = PR_Malloc(len);
+    if (!resolved || !input) {
+        if (resolved) {
+            PR_Free(resolved);
+        }
+        if (input) {
+            PR_Free(input);
+        }
+        return NULL;
+    }
+    strcpy(input, link);
+    while ((iterations++ < BL_MAXSYMLINKS) &&
+           ((retlen = readlink(input, resolved, len - 1)) > 0)) {
+        char* tmp = input;
+        resolved[retlen] = '\0'; /* NULL termination */
+        input = resolved;
+        resolved = tmp;
+    }
+    PR_Free(resolved);
+    if (iterations == 1 && retlen < 0) {
+        PR_Free(input);
+        input = NULL;
+    }
+    return input;
+#endif
+}
+#endif /* XP_UNIX */
+
+/*
+ * Load the library with the file name 'name' residing in the same
+ * directory as the reference library, whose pathname is 'referencePath'.
+ */
+static PRLibrary*
+loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
+{
+    PRLibrary* dlh = NULL;
+    char* fullName = NULL;
+    char* c;
+    PRLibSpec libSpec;
+
+    /* Remove the trailing filename from referencePath and add the new one */
+    c = strrchr(referencePath, PR_GetDirectorySeparator());
+    if (c) {
+        size_t referencePathSize = 1 + c - referencePath;
+        fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1);
+        if (fullName) {
+            memcpy(fullName, referencePath, referencePathSize);
+            strcpy(fullName + referencePathSize, name);
+#ifdef DEBUG_LOADER
+            PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n",
+                       fullName);
+#endif
+            libSpec.type = PR_LibSpec_Pathname;
+            libSpec.value.pathname = fullName;
+            dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+            PORT_Free(fullName);
+        }
+    }
+    return dlh;
+}
+
+/*
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded
+ * shared lib that contains this function, and then do a PR_LoadLibrary
+ * with an absolute pathname for the softoken shared library.
+ */
+
+static PRLibrary*
+loader_LoadLibrary(const char* nameToLoad)
+{
+    PRLibrary* lib = NULL;
+    char* fullPath = NULL;
+    PRLibSpec libSpec;
+
+    /* Get the pathname for nameOfAlreadyLoadedLib, i.e. /usr/lib/libnss3.so
+     * PR_GetLibraryFilePathname works with either the base library name or a
+     * function pointer, depending on the platform. We can't query an exported
+     * symbol such as NSC_GetFunctionList, because on some platforms we can't
+     * find symbols in loaded implicit dependencies.
+     * But we can just get the address of this function !
+     */
+    fullPath = PR_GetLibraryFilePathname(NameOfThisSharedLib,
+                                         (PRFuncPtr)&loader_LoadLibrary);
+
+    if (fullPath) {
+        lib = loader_LoadLibInReferenceDir(fullPath, nameToLoad);
+#ifdef XP_UNIX
+        if (!lib) {
+            /*
+             * If fullPath is a symbolic link, resolve the symbolic
+             * link and try again.
+             */
+            char* originalfullPath = loader_GetOriginalPathname(fullPath);
+            if (originalfullPath) {
+                PR_Free(fullPath);
+                fullPath = originalfullPath;
+                lib = loader_LoadLibInReferenceDir(fullPath, nameToLoad);
+            }
+        }
+#endif
+        PR_Free(fullPath);
+    }
+    if (!lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nAttempting to load %s\n", nameToLoad);
+#endif
+        libSpec.type = PR_LibSpec_Pathname;
+        libSpec.value.pathname = nameToLoad;
+        lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+    }
+    if (NULL == lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nLoading failed : %s.\n", nameToLoad);
+#endif
+    }
+    return lib;
+}
diff --git a/nss/lib/freebl/hmacct.c b/nss/lib/freebl/hmacct.c
new file mode 100644
index 0000000..c7815ac
--- /dev/null
+++ b/nss/lib/freebl/hmacct.c
@@ -0,0 +1,335 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "secport.h"
+#include "hasht.h"
+#include "blapit.h"
+#include "hmacct.h"
+#include "secerr.h"
+
+/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
+ * field. (SHA-384/512 have 128-bit length.) */
+#define MAX_HASH_BIT_COUNT_BYTES 16
+
+/* Some utility functions are needed:
+ *
+ * These macros return the given value with the MSB copied to all the other
+ * bits. They use the fact that an arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to replace
+ * them with something else on odd CPUs.
+ *
+ * Note: the argument to these macros must be an unsigned int.
+ * */
+#define DUPLICATE_MSB_TO_ALL(x) ((unsigned int)((int)(x) >> (sizeof(int) * 8 - 1)))
+#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
+
+/* constantTimeGE returns 0xff if a>=b and 0x00 otherwise, where a, b <
+ * MAX_UINT/2. */
+static unsigned char
+constantTimeGE(unsigned int a, unsigned int b)
+{
+    a -= b;
+    return DUPLICATE_MSB_TO_ALL(~a);
+}
+
+/* constantTimeEQ8 returns 0xff if a==b and 0x00 otherwise. */
+static unsigned char
+constantTimeEQ8(unsigned char a, unsigned char b)
+{
+    unsigned int c = a ^ b;
+    c--;
+    return DUPLICATE_MSB_TO_ALL_8(c);
+}
+
+/* MAC performs a constant time SSLv3/TLS MAC of |dataLen| bytes of |data|,
+ * where |dataLen| includes both the authenticated bytes and the MAC tag from
+ * the sender. |dataLen| must be >= the length of the MAC tag.
+ *
+ * |dataTotalLen| is >= |dataLen| and also accounts for any padding bytes
+ * that may follow the sender's MAC. (Only a single block of padding may
+ * follow in SSLv3, or up to 255 bytes in TLS.)
+ *
+ * Since the results of decryption are secret information (otherwise a
+ * padding-oracle is created), this function is constant-time with respect to
+ * |dataLen|.
+ *
+ * |header| contains either the 13-byte TLS header (containing the sequence
+ * number, record type etc), or it contains the SSLv3 header with the SSLv3
+ * padding bytes etc. */
+static SECStatus
+MAC(unsigned char *mdOut,
+    unsigned int *mdOutLen,
+    unsigned int mdOutMax,
+    const SECHashObject *hashObj,
+    const unsigned char *macSecret,
+    unsigned int macSecretLen,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const unsigned char *data,
+    unsigned int dataLen,
+    unsigned int dataTotalLen,
+    unsigned char isSSLv3)
+{
+    void *mdState = hashObj->create();
+    const unsigned int mdSize = hashObj->length;
+    const unsigned int mdBlockSize = hashObj->blocklength;
+    /* mdLengthSize is the number of bytes in the length field that terminates
+     * the hash.
+     *
+     * This assumes that hash functions with a 64 byte block size use a 64-bit
+     * length, and otherwise they use a 128-bit length. This is true of {MD5,
+     * SHA*} (which are all of the hash functions specified for use with TLS
+     * today). */
+    const unsigned int mdLengthSize = mdBlockSize == 64 ? 8 : 16;
+
+    const unsigned int sslv3PadLen = hashObj->type == HASH_AlgMD5 ? 48 : 40;
+
+    /* varianceBlocks is the number of blocks of the hash that we have to
+     * calculate in constant time because they could be altered by the
+     * padding value.
+     *
+     * In SSLv3, the padding must be minimal so the end of the plaintext
+     * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
+     * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
+     * termination (0x80 + 64-bit length) don't fit in the final block, we
+     * say that the final two blocks can vary based on the padding.
+     *
+     * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
+     * required to be minimal. Therefore we say that the final six blocks
+     * can vary based on the padding.
+     *
+     * Later in the function, if the message is short and there obviously
+     * cannot be this many blocks then varianceBlocks can be reduced. */
+    unsigned int varianceBlocks = isSSLv3 ? 2 : 6;
+    /* From now on we're dealing with the MAC, which conceptually has 13
+     * bytes of `header' before the start of the data (TLS) or 71/75 bytes
+     * (SSLv3) */
+    const unsigned int len = dataTotalLen + headerLen;
+    /* maxMACBytes contains the maximum bytes of bytes in the MAC, including
+     * |header|, assuming that there's no padding. */
+    const unsigned int maxMACBytes = len - mdSize - 1;
+    /* numBlocks is the maximum number of hash blocks. */
+    const unsigned int numBlocks =
+        (maxMACBytes + 1 + mdLengthSize + mdBlockSize - 1) / mdBlockSize;
+    /* macEndOffset is the index just past the end of the data to be
+     * MACed. */
+    const unsigned int macEndOffset = dataLen + headerLen - mdSize;
+    /* c is the index of the 0x80 byte in the final hash block that
+     * contains application data. */
+    const unsigned int c = macEndOffset % mdBlockSize;
+    /* indexA is the hash block number that contains the 0x80 terminating
+     * value. */
+    const unsigned int indexA = macEndOffset / mdBlockSize;
+    /* indexB is the hash block number that contains the 64-bit hash
+     * length, in bits. */
+    const unsigned int indexB = (macEndOffset + mdLengthSize) / mdBlockSize;
+    /* bits is the hash-length in bits. It includes the additional hash
+     * block for the masked HMAC key, or whole of |header| in the case of
+     * SSLv3. */
+    unsigned int bits;
+    /* In order to calculate the MAC in constant time we have to handle
+     * the final blocks specially because the padding value could cause the
+     * end to appear somewhere in the final |varianceBlocks| blocks and we
+     * can't leak where. However, |numStartingBlocks| worth of data can
+     * be hashed right away because no padding value can affect whether
+     * they are plaintext. */
+    unsigned int numStartingBlocks = 0;
+    /* k is the starting byte offset into the conceptual header||data where
+     * we start processing. */
+    unsigned int k = 0;
+    unsigned char lengthBytes[MAX_HASH_BIT_COUNT_BYTES];
+    /* hmacPad is the masked HMAC key. */
+    unsigned char hmacPad[HASH_BLOCK_LENGTH_MAX];
+    unsigned char firstBlock[HASH_BLOCK_LENGTH_MAX];
+    unsigned char macOut[HASH_LENGTH_MAX];
+    unsigned i, j;
+
+    /* For SSLv3, if we're going to have any starting blocks then we need
+     * at least two because the header is larger than a single block. */
+    if (numBlocks > varianceBlocks + (isSSLv3 ? 1 : 0)) {
+        numStartingBlocks = numBlocks - varianceBlocks;
+        k = mdBlockSize * numStartingBlocks;
+    }
+
+    bits = 8 * macEndOffset;
+    hashObj->begin(mdState);
+    if (!isSSLv3) {
+        /* Compute the initial HMAC block. For SSLv3, the padding and
+         * secret bytes are included in |header| because they take more
+         * than a single block. */
+        bits += 8 * mdBlockSize;
+        memset(hmacPad, 0, mdBlockSize);
+        PORT_Assert(macSecretLen <= sizeof(hmacPad));
+        memcpy(hmacPad, macSecret, macSecretLen);
+        for (i = 0; i < mdBlockSize; i++)
+            hmacPad[i] ^= 0x36;
+        hashObj->update(mdState, hmacPad, mdBlockSize);
+    }
+
+    j = 0;
+    memset(lengthBytes, 0, sizeof(lengthBytes));
+    if (mdLengthSize == 16) {
+        j = 8;
+    }
+    if (hashObj->type == HASH_AlgMD5) {
+        /* MD5 appends a little-endian length. */
+        for (i = 0; i < 4; i++) {
+            lengthBytes[i + j] = bits >> (8 * i);
+        }
+    } else {
+        /* All other TLS hash functions use a big-endian length. */
+        for (i = 0; i < 4; i++) {
+            lengthBytes[4 + i + j] = bits >> (8 * (3 - i));
+        }
+    }
+
+    if (k > 0) {
+        if (isSSLv3) {
+            /* The SSLv3 header is larger than a single block.
+             * overhang is the number of bytes beyond a single
+             * block that the header consumes: either 7 bytes
+             * (SHA1) or 11 bytes (MD5). */
+            const unsigned int overhang = headerLen - mdBlockSize;
+            hashObj->update(mdState, header, mdBlockSize);
+            memcpy(firstBlock, header + mdBlockSize, overhang);
+            memcpy(firstBlock + overhang, data, mdBlockSize - overhang);
+            hashObj->update(mdState, firstBlock, mdBlockSize);
+            for (i = 1; i < k / mdBlockSize - 1; i++) {
+                hashObj->update(mdState, data + mdBlockSize * i - overhang,
+                                mdBlockSize);
+            }
+        } else {
+            /* k is a multiple of mdBlockSize. */
+            memcpy(firstBlock, header, 13);
+            memcpy(firstBlock + 13, data, mdBlockSize - 13);
+            hashObj->update(mdState, firstBlock, mdBlockSize);
+            for (i = 1; i < k / mdBlockSize; i++) {
+                hashObj->update(mdState, data + mdBlockSize * i - 13,
+                                mdBlockSize);
+            }
+        }
+    }
+
+    memset(macOut, 0, sizeof(macOut));
+
+    /* We now process the final hash blocks. For each block, we construct
+     * it in constant time. If i == indexA then we'll include the 0x80
+     * bytes and zero pad etc. For each block we selectively copy it, in
+     * constant time, to |macOut|. */
+    for (i = numStartingBlocks; i <= numStartingBlocks + varianceBlocks; i++) {
+        unsigned char block[HASH_BLOCK_LENGTH_MAX];
+        unsigned char isBlockA = constantTimeEQ8(i, indexA);
+        unsigned char isBlockB = constantTimeEQ8(i, indexB);
+        for (j = 0; j < mdBlockSize; j++) {
+            unsigned char isPastC = isBlockA & constantTimeGE(j, c);
+            unsigned char isPastCPlus1 = isBlockA & constantTimeGE(j, c + 1);
+            unsigned char b = 0;
+            if (k < headerLen) {
+                b = header[k];
+            } else if (k < dataTotalLen + headerLen) {
+                b = data[k - headerLen];
+            }
+            k++;
+
+            /* If this is the block containing the end of the
+             * application data, and we are at the offset for the
+             * 0x80 value, then overwrite b with 0x80. */
+            b = (b & ~isPastC) | (0x80 & isPastC);
+            /* If this the the block containing the end of the
+             * application data and we're past the 0x80 value then
+             * just write zero. */
+            b = b & ~isPastCPlus1;
+            /* If this is indexB (the final block), but not
+             * indexA (the end of the data), then the 64-bit
+             * length didn't fit into indexA and we're having to
+             * add an extra block of zeros. */
+            b &= ~isBlockB | isBlockA;
+
+            /* The final bytes of one of the blocks contains the length. */
+            if (j >= mdBlockSize - mdLengthSize) {
+                /* If this is indexB, write a length byte. */
+                b = (b & ~isBlockB) |
+                    (isBlockB & lengthBytes[j - (mdBlockSize - mdLengthSize)]);
+            }
+            block[j] = b;
+        }
+
+        hashObj->update(mdState, block, mdBlockSize);
+        hashObj->end_raw(mdState, block, NULL, mdSize);
+        /* If this is indexB, copy the hash value to |macOut|. */
+        for (j = 0; j < mdSize; j++) {
+            macOut[j] |= block[j] & isBlockB;
+        }
+    }
+
+    hashObj->begin(mdState);
+
+    if (isSSLv3) {
+        /* We repurpose |hmacPad| to contain the SSLv3 pad2 block. */
+        for (i = 0; i < sslv3PadLen; i++)
+            hmacPad[i] = 0x5c;
+
+        hashObj->update(mdState, macSecret, macSecretLen);
+        hashObj->update(mdState, hmacPad, sslv3PadLen);
+        hashObj->update(mdState, macOut, mdSize);
+    } else {
+        /* Complete the HMAC in the standard manner. */
+        for (i = 0; i < mdBlockSize; i++)
+            hmacPad[i] ^= 0x6a;
+
+        hashObj->update(mdState, hmacPad, mdBlockSize);
+        hashObj->update(mdState, macOut, mdSize);
+    }
+
+    hashObj->end(mdState, mdOut, mdOutLen, mdOutMax);
+    hashObj->destroy(mdState, PR_TRUE);
+
+    return SECSuccess;
+}
+
+SECStatus
+HMAC_ConstantTime(
+    unsigned char *result,
+    unsigned int *resultLen,
+    unsigned int maxResultLen,
+    const SECHashObject *hashObj,
+    const unsigned char *secret,
+    unsigned int secretLen,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const unsigned char *body,
+    unsigned int bodyLen,
+    unsigned int bodyTotalLen)
+{
+    if (hashObj->end_raw == NULL)
+        return SECFailure;
+    return MAC(result, resultLen, maxResultLen, hashObj, secret, secretLen,
+               header, headerLen, body, bodyLen, bodyTotalLen,
+               0 /* not SSLv3 */);
+}
+
+SECStatus
+SSLv3_MAC_ConstantTime(
+    unsigned char *result,
+    unsigned int *resultLen,
+    unsigned int maxResultLen,
+    const SECHashObject *hashObj,
+    const unsigned char *secret,
+    unsigned int secretLen,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const unsigned char *body,
+    unsigned int bodyLen,
+    unsigned int bodyTotalLen)
+{
+    if (hashObj->end_raw == NULL)
+        return SECFailure;
+    return MAC(result, resultLen, maxResultLen, hashObj, secret, secretLen,
+               header, headerLen, body, bodyLen, bodyTotalLen,
+               1 /* SSLv3 */);
+}
diff --git a/nss/lib/freebl/hmacct.h b/nss/lib/freebl/hmacct.h
new file mode 100644
index 0000000..a773ea8
--- /dev/null
+++ b/nss/lib/freebl/hmacct.h
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _HMACCT_H_
+#define _HMACCT_H_
+
+SEC_BEGIN_PROTOS
+
+extern SECStatus HMAC_ConstantTime(
+    unsigned char *result,
+    unsigned int *resultLen,
+    unsigned int maxResultLen,
+    const SECHashObject *hashObj,
+    const unsigned char *secret,
+    unsigned int secretLen,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const unsigned char *body,
+    unsigned int bodyLen,
+    unsigned int bodyTotalLen);
+
+extern SECStatus SSLv3_MAC_ConstantTime(
+    unsigned char *result,
+    unsigned int *resultLen,
+    unsigned int maxResultLen,
+    const SECHashObject *hashObj,
+    const unsigned char *secret,
+    unsigned int secretLen,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const unsigned char *body,
+    unsigned int bodyLen,
+    unsigned int bodyTotalLen);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/freebl/intel-aes-x64-masm.asm b/nss/lib/freebl/intel-aes-x64-masm.asm
new file mode 100644
index 0000000..ef5c76b
--- /dev/null
+++ b/nss/lib/freebl/intel-aes-x64-masm.asm
@@ -0,0 +1,971 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.DATA
+ALIGN 16
+Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh
+Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h
+Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh
+Lcon1 dd 1,1,1,1
+Lcon2 dd 1bh,1bh,1bh,1bh
+
+.CODE
+
+ctx     textequ <rcx>
+output  textequ <rdx>
+input   textequ <r8>
+inputLen textequ <r9d>
+
+
+aes_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesenc  xmm0, xmm8
+    aesenc  xmm1, xmm8
+    aesenc  xmm2, xmm8
+    aesenc  xmm3, xmm8
+    aesenc  xmm4, xmm8
+    aesenc  xmm5, xmm8
+    aesenc  xmm6, xmm8
+    aesenc  xmm7, xmm8
+    ENDM
+
+aes_last_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesenclast  xmm0, xmm8
+    aesenclast  xmm1, xmm8
+    aesenclast  xmm2, xmm8
+    aesenclast  xmm3, xmm8
+    aesenclast  xmm4, xmm8
+    aesenclast  xmm5, xmm8
+    aesenclast  xmm6, xmm8
+    aesenclast  xmm7, xmm8
+    ENDM
+
+aes_dec_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesdec  xmm0, xmm8
+    aesdec  xmm1, xmm8
+    aesdec  xmm2, xmm8
+    aesdec  xmm3, xmm8
+    aesdec  xmm4, xmm8
+    aesdec  xmm5, xmm8
+    aesdec  xmm6, xmm8
+    aesdec  xmm7, xmm8
+    ENDM
+
+aes_dec_last_rnd MACRO i
+    movdqu  xmm8, [i*16 + ctx]
+    aesdeclast  xmm0, xmm8
+    aesdeclast  xmm1, xmm8
+    aesdeclast  xmm2, xmm8
+    aesdeclast  xmm3, xmm8
+    aesdeclast  xmm4, xmm8
+    aesdeclast  xmm5, xmm8
+    aesdeclast  xmm6, xmm8
+    aesdeclast  xmm7, xmm8
+    ENDM
+
+
+gen_aes_ecb_func MACRO enc, rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   bail
+
+        xor     inputLen, inputLen
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+        movdqu  xmm7, [7*16 + input]
+
+        movdqu  xmm8, [0*16 + ctx]
+        pxor    xmm0, xmm8
+        pxor    xmm1, xmm8
+        pxor    xmm2, xmm8
+        pxor    xmm3, xmm8
+        pxor    xmm4, xmm8
+        pxor    xmm5, xmm8
+        pxor    xmm6, xmm8
+        pxor    xmm7, xmm8
+
+IF enc eq 1
+        rnd textequ <aes_rnd>
+        lastrnd textequ <aes_last_rnd>
+        aesinst textequ <aesenc>
+        aeslastinst textequ <aesenclast>
+ELSE
+        rnd textequ <aes_dec_rnd>
+        lastrnd textequ <aes_dec_last_rnd>
+        aesinst textequ <aesdec>
+        aeslastinst textequ <aesdeclast>
+ENDIF
+
+        i = 1
+        WHILE i LT rnds
+            rnd i
+            i = i+1
+            ENDM
+        lastrnd rnds
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesinst  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aeslastinst xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+ENDM
+
+intel_aes_encrypt_ecb_128 PROC
+gen_aes_ecb_func 1, 10
+intel_aes_encrypt_ecb_128 ENDP
+
+intel_aes_encrypt_ecb_192 PROC
+gen_aes_ecb_func 1, 12
+intel_aes_encrypt_ecb_192 ENDP
+
+intel_aes_encrypt_ecb_256 PROC
+gen_aes_ecb_func 1, 14
+intel_aes_encrypt_ecb_256 ENDP
+
+intel_aes_decrypt_ecb_128 PROC
+gen_aes_ecb_func 0, 10
+intel_aes_decrypt_ecb_128 ENDP
+
+intel_aes_decrypt_ecb_192 PROC
+gen_aes_ecb_func 0, 12
+intel_aes_decrypt_ecb_192 ENDP
+
+intel_aes_decrypt_ecb_256 PROC
+gen_aes_ecb_func 0, 14
+intel_aes_decrypt_ecb_256 ENDP
+
+
+KEY textequ <rcx>
+KS  textequ <rdx>
+ITR textequ <r8>
+
+intel_aes_encrypt_init_128  PROC
+
+    movdqu  xmm1, [KEY]
+    movdqu  [KS], xmm1
+    movdqa  xmm2, xmm1
+
+    lea ITR, Lcon1
+    movdqa  xmm0, [ITR]
+    lea ITR, Lmask
+    movdqa  xmm4, [ITR]
+
+    mov ITR, 8
+
+Lenc_128_ks_loop:
+        lea KS, [16 + KS]
+        dec ITR
+
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm3, xmm1
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pxor    xmm1, xmm2
+        movdqu  [KS], xmm1
+        movdqa  xmm2, xmm1
+
+        jne Lenc_128_ks_loop
+
+    lea ITR, Lcon2
+    movdqa  xmm0, [ITR]
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    pslld   xmm0, 1
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [16 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [32 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    ret
+intel_aes_encrypt_init_128  ENDP
+
+
+intel_aes_decrypt_init_128  PROC
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_128
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [10*16 + KS]
+    movdqu  [10*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 5
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(10-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(10-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [5*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [5*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_128  ENDP
+
+
+intel_aes_encrypt_init_192  PROC
+
+    sub     rsp, 16*2
+    movdqu  [16*0 + rsp], xmm6
+    movdqu  [16*1 + rsp], xmm7
+
+    movdqu  xmm1, [KEY]
+    mov     ITR, [16 + KEY]
+    movd    xmm3, ITR
+
+    movdqu  [KS], xmm1
+    movdqa  xmm5, xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask192
+    movdqu  xmm4, [ITR]
+
+    mov ITR, 4
+
+Lenc_192_ks_loop:
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqa  xmm6, xmm1
+        shufpd  xmm5, xmm1, 00h
+        shufpd  xmm6, xmm3, 01h
+
+        movdqu  [16 + KS], xmm5
+        movdqu  [32 + KS], xmm6
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqu  [48 + KS], xmm1
+        movdqa  xmm5, xmm3
+
+        lea KS, [48 + KS]
+
+        dec ITR
+        jnz Lenc_192_ks_loop
+
+    movdqu  [16 + KS], xmm5
+
+    movdqu  xmm7, [16*1 + rsp]
+    movdqu  xmm6, [16*0 + rsp]
+    add rsp, 16*2
+    ret
+intel_aes_encrypt_init_192  ENDP
+
+intel_aes_decrypt_init_192  PROC
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_192
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [12*16 + KS]
+    movdqu  [12*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 6
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(12-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(12-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [6*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [6*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_192  ENDP
+
+
+intel_aes_encrypt_init_256  PROC
+    sub     rsp, 16*2
+    movdqu  [16*0 + rsp], xmm6
+    movdqu  [16*1 + rsp], xmm7
+
+    movdqu  xmm1, [16*0 + KEY]
+    movdqu  xmm3, [16*1 + KEY]
+
+    movdqu  [16*0 + KS], xmm1
+    movdqu  [16*1 + KS], xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask256
+    movdqu  xmm5, [ITR]
+
+    pxor    xmm6, xmm6
+
+    mov ITR, 6
+
+Lenc_256_ks_loop:
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm5
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm4, xmm1
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pxor    xmm1, xmm2
+        movdqu  [16*2 + KS], xmm1
+
+        pshufd  xmm2, xmm1, 0ffh
+        aesenclast  xmm2, xmm6
+        movdqa  xmm4, xmm3
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pxor    xmm3, xmm2
+        movdqu  [16*3 + KS], xmm3
+
+        lea KS, [32 + KS]
+        dec ITR
+        jnz Lenc_256_ks_loop
+
+    movdqa  xmm2, xmm3
+    pshufb  xmm2, xmm5
+    aesenclast  xmm2, xmm0
+    movdqa  xmm4, xmm1
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pxor    xmm1, xmm2
+    movdqu  [16*2 + KS], xmm1
+
+    movdqu  xmm7, [16*1 + rsp]
+    movdqu  xmm6, [16*0 + rsp]
+    add rsp, 16*2
+    ret
+
+intel_aes_encrypt_init_256  ENDP
+
+
+intel_aes_decrypt_init_256  PROC
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_256
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [14*16 + KS]
+    movdqu  [14*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 7
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(14-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(14-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [7*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [7*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_256  ENDP
+
+
+
+gen_aes_cbc_enc_func MACRO rnds
+
+LOCAL   loop1
+LOCAL   bail
+
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+        movdqu  xmm0, [-32+ctx]
+
+        movdqu  xmm2, [0*16 + ctx]
+        movdqu  xmm3, [1*16 + ctx]
+        movdqu  xmm4, [2*16 + ctx]
+        movdqu  xmm5, [3*16 + ctx]
+        movdqu  xmm6, [4*16 + ctx]
+        movdqu  xmm7, [5*16 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm1, [input]
+        pxor    xmm1, xmm2
+        pxor    xmm0, xmm1
+
+        aesenc  xmm0, xmm3
+        aesenc  xmm0, xmm4
+        aesenc  xmm0, xmm5
+        aesenc  xmm0, xmm6
+        aesenc  xmm0, xmm7
+
+        i = 6
+    WHILE i LT rnds
+            movdqu  xmm8, [i*16 + ctx]
+            aesenc  xmm0, xmm8
+            i = i+1
+        ENDM
+        movdqu  xmm8, [rnds*16 + ctx]
+        aesenclast xmm0, xmm8
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32+ctx], xmm0
+
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+
+ENDM
+
+gen_aes_cbc_dec_func MACRO rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   dec1
+LOCAL   bail
+
+        mov     input,      [rsp + 1*8 + 8*4]
+        mov     inputLen,   [rsp + 1*8 + 8*5]
+
+        sub     rsp, 3*16
+
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+        lea     ctx, [48+ctx]
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      dec1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+        movdqu  xmm7, [7*16 + input]
+
+        movdqu  xmm8, [0*16 + ctx]
+        pxor    xmm0, xmm8
+        pxor    xmm1, xmm8
+        pxor    xmm2, xmm8
+        pxor    xmm3, xmm8
+        pxor    xmm4, xmm8
+        pxor    xmm5, xmm8
+        pxor    xmm6, xmm8
+        pxor    xmm7, xmm8
+
+        i = 1
+        WHILE i LT rnds
+            aes_dec_rnd i
+            i = i+1
+            ENDM
+        aes_dec_last_rnd rnds
+
+        movdqu  xmm8, [-32 + ctx]
+        pxor    xmm0, xmm8
+        movdqu  xmm8, [0*16 + input]
+        pxor    xmm1, xmm8
+        movdqu  xmm8, [1*16 + input]
+        pxor    xmm2, xmm8
+        movdqu  xmm8, [2*16 + input]
+        pxor    xmm3, xmm8
+        movdqu  xmm8, [3*16 + input]
+        pxor    xmm4, xmm8
+        movdqu  xmm8, [4*16 + input]
+        pxor    xmm5, xmm8
+        movdqu  xmm8, [5*16 + input]
+        pxor    xmm6, xmm8
+        movdqu  xmm8, [6*16 + input]
+        pxor    xmm7, xmm8
+        movdqu  xmm8, [7*16 + input]
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+        movdqu  [-32 + ctx], xmm8
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+dec1:
+
+        movdqu  xmm3, [-32 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqa  xmm4, xmm0
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesdec  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesdeclast xmm0, xmm7
+        pxor    xmm3, xmm0
+
+        movdqu  [output], xmm3
+        movdqa  xmm3, xmm4
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32 + ctx], xmm3
+        xor rax, rax
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+        ret
+ENDM
+
+intel_aes_encrypt_cbc_128 PROC
+gen_aes_cbc_enc_func  10
+intel_aes_encrypt_cbc_128 ENDP
+
+intel_aes_encrypt_cbc_192 PROC
+gen_aes_cbc_enc_func  12
+intel_aes_encrypt_cbc_192 ENDP
+
+intel_aes_encrypt_cbc_256 PROC
+gen_aes_cbc_enc_func  14
+intel_aes_encrypt_cbc_256 ENDP
+
+intel_aes_decrypt_cbc_128 PROC
+gen_aes_cbc_dec_func  10
+intel_aes_decrypt_cbc_128 ENDP
+
+intel_aes_decrypt_cbc_192 PROC
+gen_aes_cbc_dec_func  12
+intel_aes_decrypt_cbc_192 ENDP
+
+intel_aes_decrypt_cbc_256 PROC
+gen_aes_cbc_dec_func  14
+intel_aes_decrypt_cbc_256 ENDP
+
+
+
+ctrCtx textequ <r10>
+CTR textequ <r11d>
+CTRSave textequ <eax>
+
+gen_aes_ctr_func MACRO rnds
+
+LOCAL   loop8
+LOCAL   loop1
+LOCAL   enc1
+LOCAL   bail
+
+        mov     input,      [rsp + 8*1 + 4*8]
+        mov     inputLen,   [rsp + 8*1 + 5*8]
+
+        mov     ctrCtx, ctx
+        mov     ctx, [8+ctrCtx]
+        lea     ctx, [48+ctx]
+
+        sub     rsp, 3*16
+        movdqu  [rsp + 0*16], xmm6
+        movdqu  [rsp + 1*16], xmm7
+        movdqu  [rsp + 2*16], xmm8
+
+
+        push    rbp
+        mov     rbp, rsp
+        sub     rsp, 8*16
+        and     rsp, -16
+
+
+        movdqu  xmm0, [16+ctrCtx]
+        mov     CTRSave, DWORD PTR [ctrCtx + 16 + 3*4]
+        bswap   CTRSave
+        movdqu  xmm1, [ctx + 0*16]
+
+        pxor    xmm0, xmm1
+
+        movdqa  [rsp + 0*16], xmm0
+        movdqa  [rsp + 1*16], xmm0
+        movdqa  [rsp + 2*16], xmm0
+        movdqa  [rsp + 3*16], xmm0
+        movdqa  [rsp + 4*16], xmm0
+        movdqa  [rsp + 5*16], xmm0
+        movdqa  [rsp + 6*16], xmm0
+        movdqa  [rsp + 7*16], xmm0
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 1*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 2*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 3*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 4*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 5*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 6*16 + 3*4], CTR
+
+        inc     CTRSave
+        mov     CTR, CTRSave
+        bswap   CTR
+        xor     CTR, DWORD PTR [ctx + 3*4]
+        mov     DWORD PTR [rsp + 7*16 + 3*4], CTR
+
+
+loop8:
+        cmp     inputLen, 8*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + rsp]
+        movdqu  xmm1, [1*16 + rsp]
+        movdqu  xmm2, [2*16 + rsp]
+        movdqu  xmm3, [3*16 + rsp]
+        movdqu  xmm4, [4*16 + rsp]
+        movdqu  xmm5, [5*16 + rsp]
+        movdqu  xmm6, [6*16 + rsp]
+        movdqu  xmm7, [7*16 + rsp]
+
+        i = 1
+        WHILE i LE 8
+            aes_rnd i
+
+            inc     CTRSave
+            mov     CTR, CTRSave
+            bswap   CTR
+            xor     CTR, DWORD PTR [ctx + 3*4]
+            mov     DWORD PTR [rsp + (i-1)*16 + 3*4], CTR
+
+            i = i+1
+        ENDM
+        WHILE i LT rnds
+            aes_rnd i
+            i = i+1
+            ENDM
+        aes_last_rnd rnds
+
+        movdqu  xmm8, [0*16 + input]
+        pxor    xmm0, xmm8
+        movdqu  xmm8, [1*16 + input]
+        pxor    xmm1, xmm8
+        movdqu  xmm8, [2*16 + input]
+        pxor    xmm2, xmm8
+        movdqu  xmm8, [3*16 + input]
+        pxor    xmm3, xmm8
+        movdqu  xmm8, [4*16 + input]
+        pxor    xmm4, xmm8
+        movdqu  xmm8, [5*16 + input]
+        pxor    xmm5, xmm8
+        movdqu  xmm8, [6*16 + input]
+        pxor    xmm6, xmm8
+        movdqu  xmm8, [7*16 + input]
+        pxor    xmm7, xmm8
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [7*16 + output], xmm7
+
+        lea input, [8*16 + input]
+        lea output, [8*16 + output]
+        sub inputLen, 8*16
+        jmp loop8
+
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [rsp]
+        add     rsp, 16
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  xmm7, [input]
+        pxor    xmm0, xmm7
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+
+        movdqu  xmm0, [rsp]
+        movdqu  xmm1, [ctx + 0*16]
+        pxor    xmm0, xmm1
+        movdqu  [16+ctrCtx], xmm0
+
+
+        xor     rax, rax
+        mov     rsp, rbp
+        pop     rbp
+
+        movdqu  xmm6, [rsp + 0*16]
+        movdqu  xmm7, [rsp + 1*16]
+        movdqu  xmm8, [rsp + 2*16]
+        add     rsp, 3*16
+
+        ret
+ENDM
+
+
+intel_aes_encrypt_ctr_128 PROC
+gen_aes_ctr_func  10
+intel_aes_encrypt_ctr_128 ENDP
+
+intel_aes_encrypt_ctr_192 PROC
+gen_aes_ctr_func  12
+intel_aes_encrypt_ctr_192 ENDP
+
+intel_aes_encrypt_ctr_256 PROC
+gen_aes_ctr_func  14
+intel_aes_encrypt_ctr_256 ENDP
+
+
+END
diff --git a/nss/lib/freebl/intel-aes-x86-masm.asm b/nss/lib/freebl/intel-aes-x86-masm.asm
new file mode 100644
index 0000000..7d805e7
--- /dev/null
+++ b/nss/lib/freebl/intel-aes-x86-masm.asm
@@ -0,0 +1,949 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.MODEL FLAT, C
+.XMM
+
+.DATA
+ALIGN 16
+Lmask dd 0c0f0e0dh,0c0f0e0dh,0c0f0e0dh,0c0f0e0dh
+Lmask192 dd 004070605h, 004070605h, 004070605h, 004070605h
+Lmask256 dd 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh, 00c0f0e0dh
+Lcon1 dd 1,1,1,1
+Lcon2 dd 1bh,1bh,1bh,1bh
+
+.CODE
+
+ctx     textequ <ecx>
+output  textequ <edx>
+input   textequ <eax>
+inputLen textequ <edi>
+
+
+aes_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesenc  xmm0, xmm7
+    aesenc  xmm1, xmm7
+    aesenc  xmm2, xmm7
+    aesenc  xmm3, xmm7
+    aesenc  xmm4, xmm7
+    aesenc  xmm5, xmm7
+    aesenc  xmm6, xmm7
+    ENDM
+
+aes_last_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesenclast  xmm0, xmm7
+    aesenclast  xmm1, xmm7
+    aesenclast  xmm2, xmm7
+    aesenclast  xmm3, xmm7
+    aesenclast  xmm4, xmm7
+    aesenclast  xmm5, xmm7
+    aesenclast  xmm6, xmm7
+    ENDM
+
+aes_dec_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesdec  xmm0, xmm7
+    aesdec  xmm1, xmm7
+    aesdec  xmm2, xmm7
+    aesdec  xmm3, xmm7
+    aesdec  xmm4, xmm7
+    aesdec  xmm5, xmm7
+    aesdec  xmm6, xmm7
+    ENDM
+
+aes_dec_last_rnd MACRO i
+    movdqu  xmm7, [i*16 + ctx]
+    aesdeclast  xmm0, xmm7
+    aesdeclast  xmm1, xmm7
+    aesdeclast  xmm2, xmm7
+    aesdeclast  xmm3, xmm7
+    aesdeclast  xmm4, xmm7
+    aesdeclast  xmm5, xmm7
+    aesdeclast  xmm6, xmm7
+    ENDM
+
+
+gen_aes_ecb_func MACRO enc, rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+        pxor    xmm1, xmm7
+        pxor    xmm2, xmm7
+        pxor    xmm3, xmm7
+        pxor    xmm4, xmm7
+        pxor    xmm5, xmm7
+        pxor    xmm6, xmm7
+
+IF enc eq 1
+        rnd textequ <aes_rnd>
+        lastrnd textequ <aes_last_rnd>
+        aesinst textequ <aesenc>
+        aeslastinst textequ <aesenclast>
+ELSE
+        rnd textequ <aes_dec_rnd>
+        lastrnd textequ <aes_dec_last_rnd>
+        aesinst textequ <aesdec>
+        aeslastinst textequ <aesdeclast>
+ENDIF
+
+        i = 1
+        WHILE i LT rnds
+            rnd i
+            i = i+1
+            ENDM
+        lastrnd rnds
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesinst  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aeslastinst xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        xor eax, eax
+        pop     inputLen
+        ret
+
+ENDM
+
+ALIGN 16
+intel_aes_encrypt_ecb_128 PROC
+gen_aes_ecb_func 1, 10
+intel_aes_encrypt_ecb_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ecb_192 PROC
+gen_aes_ecb_func 1, 12
+intel_aes_encrypt_ecb_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ecb_256 PROC
+gen_aes_ecb_func 1, 14
+intel_aes_encrypt_ecb_256 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_128 PROC
+gen_aes_ecb_func 0, 10
+intel_aes_decrypt_ecb_128 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_192 PROC
+gen_aes_ecb_func 0, 12
+intel_aes_decrypt_ecb_192 ENDP
+
+ALIGN 16
+intel_aes_decrypt_ecb_256 PROC
+gen_aes_ecb_func 0, 14
+intel_aes_decrypt_ecb_256 ENDP
+
+
+KEY textequ <ecx>
+KS  textequ <edx>
+ITR textequ <eax>
+
+ALIGN 16
+intel_aes_encrypt_init_128  PROC
+
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+
+    movdqu  xmm1, [KEY]
+    movdqu  [KS], xmm1
+    movdqa  xmm2, xmm1
+
+    lea ITR, Lcon1
+    movdqa  xmm0, [ITR]
+    lea ITR, Lmask
+    movdqa  xmm4, [ITR]
+
+    mov ITR, 8
+
+Lenc_128_ks_loop:
+        lea KS, [16 + KS]
+        dec ITR
+
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm3, xmm1
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pslldq  xmm3, 4
+        pxor    xmm1, xmm3
+        pxor    xmm1, xmm2
+        movdqu  [KS], xmm1
+        movdqa  xmm2, xmm1
+
+        jne Lenc_128_ks_loop
+
+    lea ITR, Lcon2
+    movdqa  xmm0, [ITR]
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    pslld   xmm0, 1
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [16 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    pshufb  xmm2, xmm4
+    aesenclast  xmm2, xmm0
+    movdqa  xmm3, xmm1
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pslldq  xmm3, 4
+    pxor    xmm1, xmm3
+    pxor    xmm1, xmm2
+    movdqu  [32 + KS], xmm1
+    movdqa  xmm2, xmm1
+
+    ret
+intel_aes_encrypt_init_128  ENDP
+
+
+ALIGN 16
+intel_aes_decrypt_init_128  PROC
+
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_128
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [10*16 + KS]
+    movdqu  [10*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 5
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(10-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(10-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [5*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [5*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_128  ENDP
+
+
+ALIGN 16
+intel_aes_encrypt_init_192  PROC
+
+    mov     KEY, [esp + 1*4 + 0*4]
+    mov     KS,  [esp + 1*4 + 1*4]
+
+    pxor    xmm3, xmm3
+    movdqu  xmm1, [KEY]
+    pinsrd  xmm3, DWORD PTR [16 + KEY], 0
+    pinsrd  xmm3, DWORD PTR [20 + KEY], 1
+
+    movdqu  [KS], xmm1
+    movdqa  xmm5, xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask192
+    movdqu  xmm4, [ITR]
+
+    mov ITR, 4
+
+Lenc_192_ks_loop:
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqa  xmm6, xmm1
+        shufpd  xmm5, xmm1, 00h
+        shufpd  xmm6, xmm3, 01h
+
+        movdqu  [16 + KS], xmm5
+        movdqu  [32 + KS], xmm6
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm4
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+
+        movdqa  xmm6, xmm1
+        movdqa  xmm7, xmm3
+        pslldq  xmm6, 4
+        pslldq  xmm7, 4
+        pxor    xmm1, xmm6
+        pxor    xmm3, xmm7
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pslldq  xmm6, 4
+        pxor    xmm1, xmm6
+        pxor    xmm1, xmm2
+        pshufd  xmm2, xmm1, 0ffh
+        pxor    xmm3, xmm2
+
+        movdqu  [48 + KS], xmm1
+        movdqa  xmm5, xmm3
+
+        lea KS, [48 + KS]
+
+        dec ITR
+        jnz Lenc_192_ks_loop
+
+    movdqu  [16 + KS], xmm5
+ret
+intel_aes_encrypt_init_192  ENDP
+
+ALIGN 16
+intel_aes_decrypt_init_192  PROC
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_192
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [12*16 + KS]
+    movdqu  [12*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 6
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(12-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(12-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [6*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [6*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_192  ENDP
+
+ALIGN 16
+intel_aes_encrypt_init_256  PROC
+
+    mov     KEY,    [esp + 1*4 + 0*4]
+    mov     KS,     [esp + 1*4 + 1*4]
+    movdqu  xmm1, [16*0 + KEY]
+    movdqu  xmm3, [16*1 + KEY]
+
+    movdqu  [16*0 + KS], xmm1
+    movdqu  [16*1 + KS], xmm3
+
+    lea ITR, Lcon1
+    movdqu  xmm0, [ITR]
+    lea ITR, Lmask256
+    movdqu  xmm5, [ITR]
+
+    pxor    xmm6, xmm6
+
+    mov ITR, 6
+
+Lenc_256_ks_loop:
+
+        movdqa  xmm2, xmm3
+        pshufb  xmm2, xmm5
+        aesenclast  xmm2, xmm0
+        pslld   xmm0, 1
+        movdqa  xmm4, xmm1
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm1, xmm4
+        pxor    xmm1, xmm2
+        movdqu  [16*2 + KS], xmm1
+
+        pshufd  xmm2, xmm1, 0ffh
+        aesenclast  xmm2, xmm6
+        movdqa  xmm4, xmm3
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pslldq  xmm4, 4
+        pxor    xmm3, xmm4
+        pxor    xmm3, xmm2
+        movdqu  [16*3 + KS], xmm3
+
+        lea KS, [32 + KS]
+        dec ITR
+        jnz Lenc_256_ks_loop
+
+    movdqa  xmm2, xmm3
+    pshufb  xmm2, xmm5
+    aesenclast  xmm2, xmm0
+    movdqa  xmm4, xmm1
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pslldq  xmm4, 4
+    pxor    xmm1, xmm4
+    pxor    xmm1, xmm2
+    movdqu  [16*2 + KS], xmm1
+
+    ret
+intel_aes_encrypt_init_256  ENDP
+
+ALIGN 16
+intel_aes_decrypt_init_256  PROC
+    mov     KEY,        [esp + 1*4 + 0*4]
+    mov     KS,         [esp + 1*4 + 1*4]
+
+    push    KS
+    push    KEY
+
+    call    intel_aes_encrypt_init_256
+
+    pop     KEY
+    pop     KS
+
+    movdqu  xmm0, [0*16 + KS]
+    movdqu  xmm1, [14*16 + KS]
+    movdqu  [14*16 + KS], xmm0
+    movdqu  [0*16 + KS], xmm1
+
+    i = 1
+    WHILE i LT 7
+        movdqu  xmm0, [i*16 + KS]
+        movdqu  xmm1, [(14-i)*16 + KS]
+
+        aesimc  xmm0, xmm0
+        aesimc  xmm1, xmm1
+
+        movdqu  [(14-i)*16 + KS], xmm0
+        movdqu  [i*16 + KS], xmm1
+
+        i = i+1
+    ENDM
+
+    movdqu  xmm0, [7*16 + KS]
+    aesimc  xmm0, xmm0
+    movdqu  [7*16 + KS], xmm0
+    ret
+intel_aes_decrypt_init_256  ENDP
+
+
+
+gen_aes_cbc_enc_func MACRO rnds
+
+LOCAL   loop1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+        movdqu  xmm0, [-32+ctx]
+
+        movdqu  xmm2, [0*16 + ctx]
+        movdqu  xmm3, [1*16 + ctx]
+        movdqu  xmm4, [2*16 + ctx]
+        movdqu  xmm5, [3*16 + ctx]
+        movdqu  xmm6, [4*16 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm1, [input]
+        pxor    xmm1, xmm2
+        pxor    xmm0, xmm1
+
+        aesenc  xmm0, xmm3
+        aesenc  xmm0, xmm4
+        aesenc  xmm0, xmm5
+        aesenc  xmm0, xmm6
+
+        i = 5
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32+ctx], xmm0
+
+        xor eax, eax
+        pop inputLen
+        ret
+
+ENDM
+
+gen_aes_cbc_dec_func MACRO rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   dec1
+LOCAL   bail
+
+        push    inputLen
+
+        mov     ctx,    [esp + 2*4 + 0*4]
+        mov     output,     [esp + 2*4 + 1*4]
+        mov     input,      [esp + 2*4 + 4*4]
+        mov     inputLen,   [esp + 2*4 + 5*4]
+
+        lea     ctx, [44+ctx]
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      dec1
+
+        movdqu  xmm0, [0*16 + input]
+        movdqu  xmm1, [1*16 + input]
+        movdqu  xmm2, [2*16 + input]
+        movdqu  xmm3, [3*16 + input]
+        movdqu  xmm4, [4*16 + input]
+        movdqu  xmm5, [5*16 + input]
+        movdqu  xmm6, [6*16 + input]
+
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+        pxor    xmm1, xmm7
+        pxor    xmm2, xmm7
+        pxor    xmm3, xmm7
+        pxor    xmm4, xmm7
+        pxor    xmm5, xmm7
+        pxor    xmm6, xmm7
+
+        i = 1
+        WHILE i LT rnds
+            aes_dec_rnd i
+            i = i+1
+            ENDM
+        aes_dec_last_rnd rnds
+
+        movdqu  xmm7, [-32 + ctx]
+        pxor    xmm0, xmm7
+        movdqu  xmm7, [0*16 + input]
+        pxor    xmm1, xmm7
+        movdqu  xmm7, [1*16 + input]
+        pxor    xmm2, xmm7
+        movdqu  xmm7, [2*16 + input]
+        pxor    xmm3, xmm7
+        movdqu  xmm7, [3*16 + input]
+        pxor    xmm4, xmm7
+        movdqu  xmm7, [4*16 + input]
+        pxor    xmm5, xmm7
+        movdqu  xmm7, [5*16 + input]
+        pxor    xmm6, xmm7
+        movdqu  xmm7, [6*16 + input]
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+        movdqu  [-32 + ctx], xmm7
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+dec1:
+
+        movdqu  xmm3, [-32 + ctx]
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [input]
+        movdqa  xmm4, xmm0
+        movdqu  xmm7, [0*16 + ctx]
+        pxor    xmm0, xmm7
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesdec  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesdeclast xmm0, xmm7
+        pxor    xmm3, xmm0
+
+        movdqu  [output], xmm3
+        movdqa  xmm3, xmm4
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+        movdqu  [-32 + ctx], xmm3
+        xor eax, eax
+        pop     inputLen
+        ret
+ENDM
+
+ALIGN 16
+intel_aes_encrypt_cbc_128 PROC
+gen_aes_cbc_enc_func  10
+intel_aes_encrypt_cbc_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_cbc_192 PROC
+gen_aes_cbc_enc_func  12
+intel_aes_encrypt_cbc_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_cbc_256 PROC
+gen_aes_cbc_enc_func  14
+intel_aes_encrypt_cbc_256 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_128 PROC
+gen_aes_cbc_dec_func  10
+intel_aes_decrypt_cbc_128 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_192 PROC
+gen_aes_cbc_dec_func  12
+intel_aes_decrypt_cbc_192 ENDP
+
+ALIGN 16
+intel_aes_decrypt_cbc_256 PROC
+gen_aes_cbc_dec_func  14
+intel_aes_decrypt_cbc_256 ENDP
+
+
+
+ctrCtx textequ <esi>
+CTR textequ <ebx>
+
+gen_aes_ctr_func MACRO rnds
+
+LOCAL   loop7
+LOCAL   loop1
+LOCAL   enc1
+LOCAL   bail
+
+        push    inputLen
+        push    ctrCtx
+        push    CTR
+        push    ebp
+
+        mov     ctrCtx, [esp + 4*5 + 0*4]
+        mov     output, [esp + 4*5 + 1*4]
+        mov     input,  [esp + 4*5 + 4*4]
+        mov     inputLen, [esp + 4*5 + 5*4]
+
+        mov     ctx, [4+ctrCtx]
+        lea     ctx, [44+ctx]
+
+        mov     ebp, esp
+        sub     esp, 7*16
+        and     esp, -16
+
+        movdqu  xmm0, [8+ctrCtx]
+        mov     ctrCtx, [ctrCtx + 8 + 3*4]
+        bswap   ctrCtx
+        movdqu  xmm1, [ctx + 0*16]
+
+        pxor    xmm0, xmm1
+
+        movdqa  [esp + 0*16], xmm0
+        movdqa  [esp + 1*16], xmm0
+        movdqa  [esp + 2*16], xmm0
+        movdqa  [esp + 3*16], xmm0
+        movdqa  [esp + 4*16], xmm0
+        movdqa  [esp + 5*16], xmm0
+        movdqa  [esp + 6*16], xmm0
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 1*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 2*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 3*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 4*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 5*16 + 3*4], CTR
+
+        inc     ctrCtx
+        mov     CTR, ctrCtx
+        bswap   CTR
+        xor     CTR, [ctx + 3*4]
+        mov     [esp + 6*16 + 3*4], CTR
+
+
+loop7:
+        cmp     inputLen, 7*16
+        jb      loop1
+
+        movdqu  xmm0, [0*16 + esp]
+        movdqu  xmm1, [1*16 + esp]
+        movdqu  xmm2, [2*16 + esp]
+        movdqu  xmm3, [3*16 + esp]
+        movdqu  xmm4, [4*16 + esp]
+        movdqu  xmm5, [5*16 + esp]
+        movdqu  xmm6, [6*16 + esp]
+
+        i = 1
+        WHILE i LE 7
+            aes_rnd i
+
+            inc     ctrCtx
+            mov     CTR, ctrCtx
+            bswap   CTR
+            xor     CTR, [ctx + 3*4]
+            mov     [esp + (i-1)*16 + 3*4], CTR
+
+            i = i+1
+        ENDM
+        WHILE i LT rnds
+            aes_rnd i
+            i = i+1
+            ENDM
+        aes_last_rnd rnds
+
+        movdqu  xmm7, [0*16 + input]
+        pxor    xmm0, xmm7
+        movdqu  xmm7, [1*16 + input]
+        pxor    xmm1, xmm7
+        movdqu  xmm7, [2*16 + input]
+        pxor    xmm2, xmm7
+        movdqu  xmm7, [3*16 + input]
+        pxor    xmm3, xmm7
+        movdqu  xmm7, [4*16 + input]
+        pxor    xmm4, xmm7
+        movdqu  xmm7, [5*16 + input]
+        pxor    xmm5, xmm7
+        movdqu  xmm7, [6*16 + input]
+        pxor    xmm6, xmm7
+
+        movdqu  [0*16 + output], xmm0
+        movdqu  [1*16 + output], xmm1
+        movdqu  [2*16 + output], xmm2
+        movdqu  [3*16 + output], xmm3
+        movdqu  [4*16 + output], xmm4
+        movdqu  [5*16 + output], xmm5
+        movdqu  [6*16 + output], xmm6
+
+        lea input, [7*16 + input]
+        lea output, [7*16 + output]
+        sub inputLen, 7*16
+        jmp loop7
+
+
+loop1:
+        cmp     inputLen, 1*16
+        jb      bail
+
+        movdqu  xmm0, [esp]
+        add     esp, 16
+
+        i = 1
+    WHILE i LT rnds
+            movdqu  xmm7, [i*16 + ctx]
+            aesenc  xmm0, xmm7
+            i = i+1
+        ENDM
+        movdqu  xmm7, [rnds*16 + ctx]
+        aesenclast xmm0, xmm7
+
+        movdqu  xmm7, [input]
+        pxor    xmm0, xmm7
+        movdqu  [output], xmm0
+
+        lea input, [1*16 + input]
+        lea output, [1*16 + output]
+        sub inputLen, 1*16
+        jmp loop1
+
+bail:
+
+        mov     ctrCtx, [ebp + 4*5 + 0*4]
+        movdqu  xmm0, [esp]
+        movdqu  xmm1, [ctx + 0*16]
+        pxor    xmm0, xmm1
+        movdqu  [8+ctrCtx], xmm0
+
+
+        xor     eax, eax
+        mov     esp, ebp
+        pop     ebp
+        pop     CTR
+        pop     ctrCtx
+        pop     inputLen
+        ret
+ENDM
+
+
+ALIGN 16
+intel_aes_encrypt_ctr_128 PROC
+gen_aes_ctr_func  10
+intel_aes_encrypt_ctr_128 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ctr_192 PROC
+gen_aes_ctr_func  12
+intel_aes_encrypt_ctr_192 ENDP
+
+ALIGN 16
+intel_aes_encrypt_ctr_256 PROC
+gen_aes_ctr_func  14
+intel_aes_encrypt_ctr_256 ENDP
+
+
+END
diff --git a/nss/lib/freebl/intel-aes.h b/nss/lib/freebl/intel-aes.h
new file mode 100644
index 0000000..d5bd2d8
--- /dev/null
+++ b/nss/lib/freebl/intel-aes.h
@@ -0,0 +1,143 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Prototypes of the functions defined in the assembler file.  */
+void intel_aes_encrypt_init_128(const unsigned char *key, PRUint32 *expanded);
+void intel_aes_encrypt_init_192(const unsigned char *key, PRUint32 *expanded);
+void intel_aes_encrypt_init_256(const unsigned char *key, PRUint32 *expanded);
+void intel_aes_decrypt_init_128(const unsigned char *key, PRUint32 *expanded);
+void intel_aes_decrypt_init_192(const unsigned char *key, PRUint32 *expanded);
+void intel_aes_decrypt_init_256(const unsigned char *key, PRUint32 *expanded);
+SECStatus intel_aes_encrypt_ecb_128(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_decrypt_ecb_128(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_cbc_128(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_decrypt_cbc_128(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_128(CTRContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ecb_192(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_decrypt_ecb_192(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_cbc_192(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_decrypt_cbc_192(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_192(CTRContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ecb_256(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_decrypt_ecb_256(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_cbc_256(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_decrypt_cbc_256(AESContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+SECStatus intel_aes_encrypt_ctr_256(CTRContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen,
+                                    unsigned int blocksize);
+
+#define intel_aes_ecb_worker(encrypt, keysize)                             \
+    ((encrypt)                                                             \
+         ? ((keysize) == 16 ? intel_aes_encrypt_ecb_128                    \
+                            : (keysize) == 24 ? intel_aes_encrypt_ecb_192  \
+                                              : intel_aes_encrypt_ecb_256) \
+         : ((keysize) == 16 ? intel_aes_decrypt_ecb_128                    \
+                            : (keysize) == 24 ? intel_aes_decrypt_ecb_192  \
+                                              : intel_aes_decrypt_ecb_256))
+
+#define intel_aes_cbc_worker(encrypt, keysize)                             \
+    ((encrypt)                                                             \
+         ? ((keysize) == 16 ? intel_aes_encrypt_cbc_128                    \
+                            : (keysize) == 24 ? intel_aes_encrypt_cbc_192  \
+                                              : intel_aes_encrypt_cbc_256) \
+         : ((keysize) == 16 ? intel_aes_decrypt_cbc_128                    \
+                            : (keysize) == 24 ? intel_aes_decrypt_cbc_192  \
+                                              : intel_aes_decrypt_cbc_256))
+
+#define intel_aes_ctr_worker(nr)                         \
+    ((nr) == 10 ? intel_aes_encrypt_ctr_128              \
+                : (nr) == 12 ? intel_aes_encrypt_ctr_192 \
+                             : intel_aes_encrypt_ctr_256)
+
+#define intel_aes_init(encrypt, keysize)                          \
+    do {                                                          \
+        if (encrypt) {                                            \
+            if (keysize == 16)                                    \
+                intel_aes_encrypt_init_128(key, cx->expandedKey); \
+            else if (keysize == 24)                               \
+                intel_aes_encrypt_init_192(key, cx->expandedKey); \
+            else                                                  \
+                intel_aes_encrypt_init_256(key, cx->expandedKey); \
+        } else {                                                  \
+            if (keysize == 16)                                    \
+                intel_aes_decrypt_init_128(key, cx->expandedKey); \
+            else if (keysize == 24)                               \
+                intel_aes_decrypt_init_192(key, cx->expandedKey); \
+            else                                                  \
+                intel_aes_decrypt_init_256(key, cx->expandedKey); \
+        }                                                         \
+    } while (0)
diff --git a/nss/lib/freebl/intel-aes.s b/nss/lib/freebl/intel-aes.s
new file mode 100644
index 0000000..2dfcfa1
--- /dev/null
+++ b/nss/lib/freebl/intel-aes.s
@@ -0,0 +1,2514 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+	.text
+
+#define IV_OFFSET 16
+#define EXPANDED_KEY_OFFSET 48
+
+/*
+ * Warning: the length values used in this module are "unsigned int"
+ * in C, which is 32-bit.  When they're passed in registers, use only
+ * the low 32 bits, because the top half is unspecified.
+ *
+ * This is called from C code, so the contents of those bits can
+ * depend on the C compiler's optimization decisions.  This means that
+ * mistakes might not be obvious in testing if those bits happen to be
+ * zero in your build.
+ *
+ * Exception: 32-bit lea instructions use a 64-bit address because the
+ * address size doesn't affect the result, and that form is more
+ * compactly encoded and preferred by compilers over a 32-bit address.
+ */
+
+/* in %rdi : the key
+   in %rsi : buffer for expanded key
+*/
+	.type intel_aes_encrypt_init_128,@function
+	.globl intel_aes_encrypt_init_128
+	.align	16
+intel_aes_encrypt_init_128:
+	movups	(%rdi), %xmm1
+	movups	%xmm1, (%rsi)
+	leaq	16(%rsi), %rsi
+	xorl	%eax, %eax
+
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x01	/* aeskeygenassist $0x01, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x02	/* aeskeygenassist $0x02, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x04	/* aeskeygenassist $0x04, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x08	/* aeskeygenassist $0x08, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x10	/* aeskeygenassist $0x10, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x20	/* aeskeygenassist $0x20, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x40	/* aeskeygenassist $0x40, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x80	/* aeskeygenassist $0x80, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x1b	/* aeskeygenassist $0x1b, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x36	/* aeskeygenassist $0x36, %xmm1, %xmm2 */
+	call key_expansion128
+
+	ret
+	.size intel_aes_encrypt_init_128, .-intel_aes_encrypt_init_128
+
+
+/* in %rdi : the key
+   in %rsi : buffer for expanded key
+*/
+	.type intel_aes_decrypt_init_128,@function
+	.globl intel_aes_decrypt_init_128
+	.align	16
+intel_aes_decrypt_init_128:
+	movups	(%rdi), %xmm1
+	movups	%xmm1, (%rsi)
+	leaq	16(%rsi), %rsi
+	xorl	%eax, %eax
+
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x01	/* aeskeygenassist $0x01, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x02	/* aeskeygenassist $0x02, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x04	/* aeskeygenassist $0x04, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x08	/* aeskeygenassist $0x08, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x10	/* aeskeygenassist $0x10, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x20	/* aeskeygenassist $0x20, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x40	/* aeskeygenassist $0x40, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x80	/* aeskeygenassist $0x80, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x1b	/* aeskeygenassist $0x1b, %xmm1, %xmm2 */
+	call key_expansion128
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd1,0x36	/* aeskeygenassist $0x36, %xmm1, %xmm2 */
+	call key_expansion128
+
+	ret
+	.size intel_aes_decrypt_init_128, .-intel_aes_decrypt_init_128
+
+
+	.type key_expansion128,@function
+	.align	16
+key_expansion128:
+	movd	%eax, %xmm3
+	pshufd	$0xff, %xmm2, %xmm2
+	shufps	$0x10, %xmm1, %xmm3
+	pxor	%xmm3, %xmm1
+	shufps	$0x8c, %xmm1, %xmm3
+	pxor	%xmm2, %xmm1
+	pxor	%xmm3, %xmm1
+	movdqu	%xmm1, (%rsi)
+	addq	$16, %rsi
+	ret
+	.size key_expansion128, .-key_expansion128
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_encrypt_ecb_128,@function
+	.globl intel_aes_encrypt_ecb_128
+	.align	16
+intel_aes_encrypt_ecb_128:
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdi), %xmm2
+	movdqu	160(%rdi), %xmm12
+	xor	%eax, %eax
+//	cmpl	$8*16, %r9d
+	cmpl	$128, %r9d
+	jb	1f
+//	leal	-8*16(%r9), %r11d
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm2, %xmm3
+	pxor	%xmm2, %xmm4
+	pxor	%xmm2, %xmm5
+	pxor	%xmm2, %xmm6
+	pxor	%xmm2, %xmm7
+	pxor	%xmm2, %xmm8
+	pxor	%xmm2, %xmm9
+	pxor	%xmm2, %xmm10
+
+// complete loop unrolling
+	movdqu 16(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 144(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xdc 	/* aesenclast 	%xmm12, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xe4 	/* aesenclast 	%xmm12, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xec 	/* aesenclast 	%xmm12, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xf4 	/* aesenclast 	%xmm12, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xfc 	/* aesenclast 	%xmm12, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xc4 	/* aesenclast 	%xmm12, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xcc 	/* aesenclast 	%xmm12, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xd4 	/* aesenclast 	%xmm12, %xmm10 */
+
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+//	addl	$8*16, %eax
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+
+4:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm2, %xmm1
+	.byte 0x66,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcf	/* aesenc	%xmm7, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc8	/* aesenc	%xmm8, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xca	/* aesenc	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xcc	/* aesenclast %xmm12, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	xor	%eax, %eax
+	ret
+	.size intel_aes_encrypt_ecb_128, .-intel_aes_encrypt_ecb_128
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_decrypt_ecb_128,@function
+	.globl intel_aes_decrypt_ecb_128
+	.align	16
+intel_aes_decrypt_ecb_128:
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdi), %xmm2
+	movdqu	160(%rdi), %xmm12
+	xorl	%eax, %eax
+//	cmpl	$8*16, %r9d
+	cmpl	$128, %r9d
+	jb	1f
+//	leal	-8*16(%r9), %r11d
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm12, %xmm3
+	pxor	%xmm12, %xmm4
+	pxor	%xmm12, %xmm5
+	pxor	%xmm12, %xmm6
+	pxor	%xmm12, %xmm7
+	pxor	%xmm12, %xmm8
+	pxor	%xmm12, %xmm9
+	pxor	%xmm12, %xmm10
+
+// complete loop unrolling
+	movdqu 144(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 16(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x0f,0x38,0xdf,0xda		/* aesdeclast 	%xmm2, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdf,0xe2		/* aesdeclast 	%xmm2, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdf,0xea		/* aesdeclast 	%xmm2, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdf,0xf2		/* aesdeclast 	%xmm2, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdf,0xfa		/* aesdeclast 	%xmm2, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xc2	/* aesdeclast 	%xmm2, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xca	/* aesdeclast 	%xmm2, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xd2	/* aesdeclast 	%xmm2, %xmm10 */
+
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+//	addl	$8*16, %eax
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+
+4:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm12, %xmm1
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xca	/* aesdec	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc8	/* aesdec	%xmm8, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcf	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xce	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdf,0xca	/* aesdeclast %xmm2, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	xor	%eax, %eax
+	ret
+	.size intel_aes_decrypt_ecb_128, .-intel_aes_decrypt_ecb_128
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_encrypt_cbc_128,@function
+	.globl intel_aes_encrypt_cbc_128
+	.align	16
+intel_aes_encrypt_cbc_128:
+	testl	%r9d, %r9d
+	je	2f
+
+//	leaq	IV_OFFSET(%rdi), %rdx
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	16(%rdi), %rdx
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdx), %xmm0
+	movdqu	(%rdi), %xmm2
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+	movdqu	160(%rdi), %xmm12
+
+	xorl	%eax, %eax
+1:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm0, %xmm1
+	pxor	%xmm2, %xmm1
+	.byte 0x66,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcf	/* aesenc	%xmm7, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc8	/* aesenc	%xmm8, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xca	/* aesenc	%xmma, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmmb, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xcc	/* aesenclast %xmm12, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	movdqa	%xmm1, %xmm0
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	1b
+
+	movdqu	%xmm0, (%rdx)
+
+2:	xor	%eax, %eax
+	ret
+	.size intel_aes_encrypt_cbc_128, .-intel_aes_encrypt_cbc_128
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_decrypt_cbc_128,@function
+	.globl intel_aes_decrypt_cbc_128
+	.align	16
+intel_aes_decrypt_cbc_128:
+//	leaq	IV_OFFSET(%rdi), %rdx
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	16(%rdi), %rdx
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdx), %xmm0   /* iv */
+	movdqu	(%rdi), %xmm2   /* first key block */
+	movdqu	160(%rdi), %xmm12 /* last key block */
+	xorl	%eax, %eax
+	cmpl	$128, %r9d
+	jb	1f
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3 /* 1st data block */
+	movdqu	16(%r8, %rax), %xmm4 /* 2d data block */
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm12, %xmm3
+	pxor	%xmm12, %xmm4
+	pxor	%xmm12, %xmm5
+	pxor	%xmm12, %xmm6
+	pxor	%xmm12, %xmm7
+	pxor	%xmm12, %xmm8
+	pxor	%xmm12, %xmm9
+	pxor	%xmm12, %xmm10
+
+// complete loop unrolling
+	movdqu 144(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 16(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x0f,0x38,0xdf,0xda		/* aesdeclast 	%xmm2, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdf,0xe2		/* aesdeclast 	%xmm2, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdf,0xea		/* aesdeclast 	%xmm2, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdf,0xf2		/* aesdeclast 	%xmm2, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdf,0xfa		/* aesdeclast 	%xmm2, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xc2	/* aesdeclast 	%xmm2, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xca	/* aesdeclast 	%xmm2, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xd2	/* aesdeclast 	%xmm2, %xmm10 */
+
+ 	pxor	%xmm0, %xmm3
+	movdqu	(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm4
+	movdqu	16(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm5
+	movdqu	32(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm6
+	movdqu	48(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm7
+	movdqu	64(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm8
+	movdqu	80(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm9
+	movdqu	96(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm10
+	movdqu	112(%r8, %rax), %xmm0
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+
+4:	movdqu	(%r8, %rax), %xmm1
+	movdqa	%xmm1, %xmm13
+	pxor	%xmm12, %xmm1
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xca	/* aesdec	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc8	/* aesdec	%xmm8, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcf	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xce	/* aesdec	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdf,0xca	/* aesdeclast %xmm2, %xmm1 */
+	pxor	%xmm0, %xmm1
+	movdqu	%xmm1, (%rsi, %rax)
+	movdqa	%xmm13, %xmm0
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	movdqu	%xmm0, (%rdx)
+
+	xor	%eax, %eax
+	ret
+	.size intel_aes_decrypt_cbc_128, .-intel_aes_decrypt_cbc_128
+        
+/* in %rdi : the key
+   in %rsi : buffer for expanded key
+*/
+	.type intel_aes_encrypt_init_192,@function
+	.globl intel_aes_encrypt_init_192
+	.align	16
+intel_aes_encrypt_init_192:
+	movdqu	(%rdi), %xmm1
+	movq	16(%rdi), %xmm3
+	movdqu	%xmm1, (%rsi)
+	movq	%xmm3, 16(%rsi)
+	leaq	24(%rsi), %rsi
+
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x01	/* aeskeygenassist $0x01, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x02	/* aeskeygenassist $0x02, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x04	/* aeskeygenassist $0x04, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x08	/* aeskeygenassist $0x08, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x10	/* aeskeygenassist $0x10, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x20	/* aeskeygenassist $0x20, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x40	/* aeskeygenassist $0x40, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x80	/* aeskeygenassist $0x80, %xmm3, %xmm2 */
+	call key_expansion192
+
+	ret
+	.size intel_aes_encrypt_init_192, .-intel_aes_encrypt_init_192
+
+
+/* in %rdi : the key
+   in %rsi : buffer for expanded key
+*/
+	.type intel_aes_decrypt_init_192,@function
+	.globl intel_aes_decrypt_init_192
+	.align	16
+intel_aes_decrypt_init_192:
+	movdqu	(%rdi), %xmm1
+	movq	16(%rdi), %xmm3
+	movdqu	%xmm1, (%rsi)
+	movq	%xmm3, 16(%rsi)
+	leaq	24(%rsi), %rsi
+
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x01	/* aeskeygenassist $0x01, %xmm3, %xmm2 */
+	call key_expansion192
+	movups	-32(%rsi), %xmm2
+	movups	-16(%rsi), %xmm4
+	.byte 0x66,0x0f,0x38,0xdb,0xd2	/* aesimc	%xmm2, %xmm2 */
+	.byte 0x66,0x0f,0x38,0xdb,0xe4	/* aesimc	%xmm4, %xmm4 */
+	movups	%xmm2, -32(%rsi)
+	movups	%xmm4, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x02	/* aeskeygenassist $0x02, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -24(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x04	/* aeskeygenassist $0x04, %xmm3, %xmm2 */
+	call key_expansion192
+	movups	-32(%rsi), %xmm2
+	movups	-16(%rsi), %xmm4
+	.byte 0x66,0x0f,0x38,0xdb,0xd2	/* aesimc	%xmm2, %xmm2 */
+	.byte 0x66,0x0f,0x38,0xdb,0xe4	/* aesimc	%xmm4, %xmm4 */
+	movups	%xmm2, -32(%rsi)
+	movups	%xmm4, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x08	/* aeskeygenassist $0x08, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -24(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x10	/* aeskeygenassist $0x10, %xmm3, %xmm2 */
+	call key_expansion192
+	movups	-32(%rsi), %xmm2
+	movups	-16(%rsi), %xmm4
+	.byte 0x66,0x0f,0x38,0xdb,0xd2	/* aesimc	%xmm2, %xmm2 */
+	.byte 0x66,0x0f,0x38,0xdb,0xe4	/* aesimc	%xmm4, %xmm4 */
+	movups	%xmm2, -32(%rsi)
+	movups	%xmm4, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x20	/* aeskeygenassist $0x20, %xmm3, %xmm2 */
+	call key_expansion192
+	.byte 0x66,0x0f,0x38,0xdb,0xd1	/* aesimc	%xmm1, %xmm2 */
+	movups	%xmm2, -24(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x40	/* aeskeygenassist $0x40, %xmm3, %xmm2 */
+	call key_expansion192
+	movups	-32(%rsi), %xmm2
+	movups	-16(%rsi), %xmm4
+	.byte 0x66,0x0f,0x38,0xdb,0xd2	/* aesimc	%xmm2, %xmm2 */
+	.byte 0x66,0x0f,0x38,0xdb,0xe4	/* aesimc	%xmm4, %xmm4 */
+	movups	%xmm2, -32(%rsi)
+	movups	%xmm4, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x80	/* aeskeygenassist $0x80, %xmm3, %xmm2 */
+	call key_expansion192
+
+	ret
+	.size intel_aes_decrypt_init_192, .-intel_aes_decrypt_init_192
+
+
+	.type key_expansion192,@function
+	.align	16
+key_expansion192:
+	pshufd	$0x55, %xmm2, %xmm2
+	xor	%eax, %eax
+	movd	%eax, %xmm4
+	shufps	$0x10, %xmm1, %xmm4
+	pxor	%xmm4, %xmm1
+	shufps	$0x8c, %xmm1, %xmm4
+	pxor	%xmm2, %xmm1
+	pxor	%xmm4, %xmm1
+	movdqu	%xmm1, (%rsi)
+	addq	$16, %rsi
+
+	pshufd	$0xff, %xmm1, %xmm4
+	movd	%eax, %xmm5
+	shufps	$0x00, %xmm3, %xmm5
+	shufps	$0x08, %xmm3, %xmm5
+	pxor	%xmm4, %xmm3
+	pxor	%xmm5, %xmm3
+	movq	%xmm3, (%rsi)
+	addq	$8, %rsi
+	ret
+	.size key_expansion192, .-key_expansion192
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_encrypt_ecb_192,@function
+	.globl intel_aes_encrypt_ecb_192
+	.align	16
+intel_aes_encrypt_ecb_192:
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdi), %xmm2
+	movdqu	192(%rdi), %xmm14
+	xorl	%eax, %eax
+//	cmpl	$8*16, %r9d
+	cmpl	$128, %r9d
+	jb	1f
+//	leal	-8*16(%r9), %r11d
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm2, %xmm3
+	pxor	%xmm2, %xmm4
+	pxor	%xmm2, %xmm5
+	pxor	%xmm2, %xmm6
+	pxor	%xmm2, %xmm7
+	pxor	%xmm2, %xmm8
+	pxor	%xmm2, %xmm9
+	pxor	%xmm2, %xmm10
+
+// complete loop unrolling
+	movdqu 16(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 144(%rdi), %xmm1
+	movdqu 160(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 176(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xde	/* aesenclast 	%xmm14, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xe6	/* aesenclast 	%xmm14, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xee	/* aesenclast 	%xmm14, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xf6	/* aesenclast 	%xmm14, %xmm7 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xfe	/* aesenclast 	%xmm14, %xmm3 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xc6	/* aesenclast 	%xmm14, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xce	/* aesenclast 	%xmm14, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xd6	/* aesenclast 	%xmm14, %xmm10 */
+
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+//	addl	$8*16, %eax
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+	movdqu	160(%rdi), %xmm12
+	movdqu	176(%rdi), %xmm13
+
+4:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm2, %xmm1
+	.byte 0x66,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcf	/* aesenc	%xmm7, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc8	/* aesenc	%xmm8, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xca	/* aesenc	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xce	/* aesenclast %xmm14, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	xor	%eax, %eax
+	ret
+	.size intel_aes_encrypt_ecb_192, .-intel_aes_encrypt_ecb_192
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_decrypt_ecb_192,@function
+	.globl intel_aes_decrypt_ecb_192
+	.align	16
+intel_aes_decrypt_ecb_192:
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdi), %xmm2
+	movdqu	192(%rdi), %xmm14
+	xorl	%eax, %eax
+//	cmpl	$8*16, %r9d
+	cmpl	$128, %r9d
+	jb	1f
+//	leal	-8*16(%r9), %r11d
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm14, %xmm3
+	pxor	%xmm14, %xmm4
+	pxor	%xmm14, %xmm5
+	pxor	%xmm14, %xmm6
+	pxor	%xmm14, %xmm7
+	pxor	%xmm14, %xmm8
+	pxor	%xmm14, %xmm9
+	pxor	%xmm14, %xmm10
+
+// complete loop unrolling
+	movdqu 176(%rdi), %xmm1
+	movdqu 160(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 144(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 16(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x0f,0x38,0xdf,0xda		/* aesdeclast 	%xmm2, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdf,0xe2		/* aesdeclast 	%xmm2, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdf,0xea		/* aesdeclast 	%xmm2, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdf,0xf2		/* aesdeclast 	%xmm2, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdf,0xfa		/* aesdeclast 	%xmm2, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xc2	/* aesdeclast 	%xmm2, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xca	/* aesdeclast 	%xmm2, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xd2	/* aesdeclast 	%xmm2, %xmm10 */
+
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+//	addl	$8*16, %eax
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+	movdqu	160(%rdi), %xmm12
+	movdqu	176(%rdi), %xmm13
+
+4:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm14, %xmm1
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xca	/* aesdec	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc8	/* aesdec	%xmm8, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcf	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xce	/* aesdec	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdf,0xca	/* aesdeclast %xmm2, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	xor	%eax, %eax
+	ret
+	.size intel_aes_decrypt_ecb_192, .-intel_aes_decrypt_ecb_192
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_encrypt_cbc_192,@function
+	.globl intel_aes_encrypt_cbc_192
+	.align	16
+intel_aes_encrypt_cbc_192:
+	testl	%r9d, %r9d
+	je	2f
+
+//	leaq	IV_OFFSET(%rdi), %rdx
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	16(%rdi), %rdx
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdx), %xmm0
+	movdqu	(%rdi), %xmm2
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+	movdqu	160(%rdi), %xmm12
+	movdqu	176(%rdi), %xmm13
+	movdqu	192(%rdi), %xmm14
+
+	xorl	%eax, %eax
+1:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm0, %xmm1
+	pxor	%xmm2, %xmm1
+	.byte 0x66,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcf	/* aesenc	%xmm7, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc8	/* aesenc	%xmm8, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xca	/* aesenc	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xce	/* aesenclast %xmm14, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	movdqa	%xmm1, %xmm0
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	1b
+
+	movdqu	%xmm0, (%rdx)
+
+2:	xor	%eax, %eax
+	ret
+	.size intel_aes_encrypt_cbc_192, .-intel_aes_encrypt_cbc_192
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %exx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_decrypt_cbc_192,@function
+	.globl intel_aes_decrypt_cbc_192
+	.align	16
+intel_aes_decrypt_cbc_192:
+	leaq	16(%rdi), %rdx
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdx), %xmm0
+	movdqu	(%rdi), %xmm2
+	movdqu	192(%rdi), %xmm14
+	xorl	%eax, %eax
+	cmpl	$128, %r9d
+	jb	1f
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm14, %xmm3
+	pxor	%xmm14, %xmm4
+	pxor	%xmm14, %xmm5
+	pxor	%xmm14, %xmm6
+	pxor	%xmm14, %xmm7
+	pxor	%xmm14, %xmm8
+	pxor	%xmm14, %xmm9
+	pxor	%xmm14, %xmm10
+
+// complete loop unrolling
+	movdqu 176(%rdi), %xmm1
+	movdqu 160(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 144(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 16(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x0f,0x38,0xdf,0xda		/* aesdeclast 	%xmm2, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdf,0xe2		/* aesdeclast 	%xmm2, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdf,0xea		/* aesdeclast 	%xmm2, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdf,0xf2		/* aesdeclast 	%xmm2, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdf,0xfa		/* aesdeclast 	%xmm2, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xc2	/* aesdeclast 	%xmm2, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xca	/* aesdeclast 	%xmm2, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xd2	/* aesdeclast 	%xmm2, %xmm10 */
+
+ 	pxor	%xmm0, %xmm3
+	movdqu	(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm4
+	movdqu	16(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm5
+	movdqu	32(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm6
+	movdqu	48(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm7
+	movdqu	64(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm8
+	movdqu	80(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm9
+	movdqu	96(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm10
+	movdqu	112(%r8, %rax), %xmm0
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm3
+	movdqu	32(%rdi), %xmm4
+	movdqu	48(%rdi), %xmm5
+	movdqu	64(%rdi), %xmm6
+	movdqu	80(%rdi), %xmm7
+	movdqu	96(%rdi), %xmm8
+	movdqu	112(%rdi), %xmm9
+	movdqu	128(%rdi), %xmm10
+	movdqu	144(%rdi), %xmm11
+	movdqu	160(%rdi), %xmm12
+	movdqu	176(%rdi), %xmm13
+
+4:	movdqu	(%r8, %rax), %xmm1
+	movdqa	%xmm1, %xmm15
+	pxor	%xmm14, %xmm1
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xca	/* aesdec	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc8	/* aesdec	%xmm8, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcf	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xce	/* aesdec	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdf,0xca	/* aesdeclast %xmm2, %xmm1 */
+	pxor	%xmm0, %xmm1
+	movdqu	%xmm1, (%rsi, %rax)
+	movdqa	%xmm15, %xmm0
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	movdqu	%xmm0, (%rdx)
+
+	xor	%eax, %eax
+	ret
+	.size intel_aes_decrypt_cbc_192, .-intel_aes_decrypt_cbc_192
+
+/* in %rdi : the key
+   in %rsi : buffer for expanded key
+*/
+	.type intel_aes_encrypt_init_256,@function
+	.globl intel_aes_encrypt_init_256
+	.align	16
+intel_aes_encrypt_init_256:
+	movdqu	(%rdi), %xmm1
+	movdqu	16(%rdi), %xmm3
+	movdqu	%xmm1, (%rsi)
+	movdqu	%xmm3, 16(%rsi)
+	leaq	32(%rsi), %rsi
+	xor	%eax, %eax
+
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x01	/* aeskeygenassist $0x01, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x02	/* aeskeygenassist $0x02, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x04	/* aeskeygenassist $0x04, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x08	/* aeskeygenassist $0x08, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x10	/* aeskeygenassist $0x10, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x20	/* aeskeygenassist $0x20, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x40	/* aeskeygenassist $0x40, %xmm3, %xmm2 */
+	pxor	%xmm6, %xmm6
+	pshufd	$0xff, %xmm2, %xmm2
+	shufps	$0x10, %xmm1, %xmm6
+	pxor	%xmm6, %xmm1
+	shufps	$0x8c, %xmm1, %xmm6
+	pxor	%xmm2, %xmm1
+	pxor	%xmm6, %xmm1
+	movdqu	%xmm1, (%rsi)
+
+	ret
+	.size intel_aes_encrypt_init_256, .-intel_aes_encrypt_init_256
+
+
+/* in %rdi : the key
+   in %rsi : buffer for expanded key
+*/
+	.type intel_aes_decrypt_init_256,@function
+	.globl intel_aes_decrypt_init_256
+	.align	16
+intel_aes_decrypt_init_256:
+	movdqu	(%rdi), %xmm1
+	movdqu	16(%rdi), %xmm3
+	movdqu	%xmm1, (%rsi)
+	.byte 0x66,0x0f,0x38,0xdb,0xe3	/* aesimc	%xmm3, %xmm4 */
+	movdqu	%xmm4, 16(%rsi)
+	leaq	32(%rsi), %rsi
+	xor	%eax, %eax
+
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x01	/* aeskeygenassist $0x01, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x38,0xdb,0xe1	/* aesimc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdb,0xeb	/* aesimc	%xmm3, %xmm5 */
+	movdqu	%xmm4, -32(%rsi)
+	movdqu	%xmm5, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x02	/* aeskeygenassist $0x02, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x38,0xdb,0xe1	/* aesimc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdb,0xeb	/* aesimc	%xmm3, %xmm5 */
+	movdqu	%xmm4, -32(%rsi)
+	movdqu	%xmm5, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x04	/* aeskeygenassist $0x04, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x38,0xdb,0xe1	/* aesimc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdb,0xeb	/* aesimc	%xmm3, %xmm5 */
+	movdqu	%xmm4, -32(%rsi)
+	movdqu	%xmm5, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x08	/* aeskeygenassist $0x08, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x38,0xdb,0xe1	/* aesimc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdb,0xeb	/* aesimc	%xmm3, %xmm5 */
+	movdqu	%xmm4, -32(%rsi)
+	movdqu	%xmm5, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x10	/* aeskeygenassist $0x10, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x38,0xdb,0xe1	/* aesimc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdb,0xeb	/* aesimc	%xmm3, %xmm5 */
+	movdqu	%xmm4, -32(%rsi)
+	movdqu	%xmm5, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x20	/* aeskeygenassist $0x20, %xmm3, %xmm2 */
+	call key_expansion256
+	.byte 0x66,0x0f,0x38,0xdb,0xe1	/* aesimc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdb,0xeb	/* aesimc	%xmm3, %xmm5 */
+	movdqu	%xmm4, -32(%rsi)
+	movdqu	%xmm5, -16(%rsi)
+	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x40	/* aeskeygenassist $0x40, %xmm3, %xmm2 */
+	pxor	%xmm6, %xmm6
+	pshufd	$0xff, %xmm2, %xmm2
+	shufps	$0x10, %xmm1, %xmm6
+	pxor	%xmm6, %xmm1
+	shufps	$0x8c, %xmm1, %xmm6
+	pxor	%xmm2, %xmm1
+	pxor	%xmm6, %xmm1
+	movdqu	%xmm1, (%rsi)
+
+	ret
+	.size intel_aes_decrypt_init_256, .-intel_aes_decrypt_init_256
+
+
+	.type key_expansion256,@function
+	.align	16
+key_expansion256:
+	movd	%eax, %xmm6
+	pshufd	$0xff, %xmm2, %xmm2
+	shufps	$0x10, %xmm1, %xmm6
+	pxor	%xmm6, %xmm1
+	shufps	$0x8c, %xmm1, %xmm6
+	pxor	%xmm2, %xmm1
+	pxor	%xmm6, %xmm1
+	movdqu	%xmm1, (%rsi)
+
+	addq	$16, %rsi
+	.byte 0x66,0x0f,0x3a,0xdf,0xe1,0x00	/* aeskeygenassist $0, %xmm1, %xmm4 */
+	pshufd	$0xaa, %xmm4, %xmm4
+	shufps	$0x10, %xmm3, %xmm6
+	pxor	%xmm6, %xmm3
+	shufps	$0x8c, %xmm3, %xmm6
+	pxor	%xmm4, %xmm3
+	pxor	%xmm6, %xmm3
+	movdqu	%xmm3, (%rsi)
+	addq	$16, %rsi
+	ret
+	.size key_expansion256, .-key_expansion256
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_encrypt_ecb_256,@function
+	.globl intel_aes_encrypt_ecb_256
+	.align	16
+intel_aes_encrypt_ecb_256:
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdi), %xmm2
+	movdqu	224(%rdi), %xmm15
+	xorl	%eax, %eax
+//	cmpl	$8*16, %r9d
+	cmpl	$128, %r9d
+	jb	1f
+//	leal	-8*16(%r9), %r11d
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm2, %xmm3
+	pxor	%xmm2, %xmm4
+	pxor	%xmm2, %xmm5
+	pxor	%xmm2, %xmm6
+	pxor	%xmm2, %xmm7
+	pxor	%xmm2, %xmm8
+	pxor	%xmm2, %xmm9
+	pxor	%xmm2, %xmm10
+
+// complete loop unrolling
+	movdqu 16(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 144(%rdi), %xmm1
+	movdqu 160(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 176(%rdi), %xmm1
+	movdqu 192(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xdb	/* aesenc	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xe3	/* aesenc	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xeb	/* aesenc	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xf3	/* aesenc	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xfb	/* aesenc	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xc3	/* aesenc	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdc,0xd3	/* aesenc	%xmm11, %xmm10 */
+
+	movdqu 208(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xdc,0xd9		/* aesenc	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe1		/* aesenc	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdc,0xe9		/* aesenc	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf1		/* aesenc	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdc,0xf9		/* aesenc	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc1	/* aesenc	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdc,0xd1	/* aesenc	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xdf	/* aesenclast 	%xmm15, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xe7	/* aesenclast 	%xmm15, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xef	/* aesenclast 	%xmm15, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xf7	/* aesenclast 	%xmm15, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xff	/* aesenclast 	%xmm15, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xc7	/* aesenclast 	%xmm15, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xcf	/* aesenclast 	%xmm15, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xdd,0xd7	/* aesenclast 	%xmm15, %xmm10 */
+
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+//	addl	$8*16, %eax
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	(%rdi), %xmm8
+	movdqu	16(%rdi), %xmm2
+	movdqu	32(%rdi), %xmm3
+	movdqu	48(%rdi), %xmm4
+	movdqu	64(%rdi), %xmm5
+	movdqu	80(%rdi), %xmm6
+	movdqu	96(%rdi), %xmm7
+	movdqu	128(%rdi), %xmm9
+	movdqu	144(%rdi), %xmm10
+	movdqu	160(%rdi), %xmm11
+	movdqu	176(%rdi), %xmm12
+	movdqu	192(%rdi), %xmm13
+	movdqu	208(%rdi), %xmm14
+
+4:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm8, %xmm1
+	movdqu	112(%rdi), %xmm8
+	.byte 0x66,0x0f,0x38,0xdc,0xca	/* aesenc	%xmm2, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcf	/* aesenc	%xmm7, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc8	/* aesenc	%xmm8, %xmm1 */
+	movdqu	(%rdi), %xmm8
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xca	/* aesenc	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm14, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xcf	/* aesenclast %xmm15, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	xor	%eax, %eax
+	ret
+	.size intel_aes_encrypt_ecb_256, .-intel_aes_encrypt_ecb_256
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_decrypt_ecb_256,@function
+	.globl intel_aes_decrypt_ecb_256
+	.align	16
+intel_aes_decrypt_ecb_256:
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdi), %xmm2
+	movdqu	224(%rdi), %xmm15
+	xorl	%eax, %eax
+//	cmpl	$8*16, %r9d
+	cmpl	$128, %r9d
+	jb	1f
+//	leal	-8*16(%r9), %r11d
+	leal	-128(%r9), %r11d
+2:	movdqu	(%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm15, %xmm3
+	pxor	%xmm15, %xmm4
+	pxor	%xmm15, %xmm5
+	pxor	%xmm15, %xmm6
+	pxor	%xmm15, %xmm7
+	pxor	%xmm15, %xmm8
+	pxor	%xmm15, %xmm9
+	pxor	%xmm15, %xmm10
+
+// complete loop unrolling
+	movdqu 208(%rdi), %xmm1
+	movdqu 192(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 176(%rdi), %xmm1
+	movdqu 160(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 144(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 16(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x0f,0x38,0xdf,0xda		/* aesdeclast 	%xmm2, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdf,0xe2		/* aesdeclast 	%xmm2, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdf,0xea		/* aesdeclast 	%xmm2, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdf,0xf2		/* aesdeclast 	%xmm2, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdf,0xfa		/* aesdeclast 	%xmm2, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xc2	/* aesdeclast 	%xmm2, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xca	/* aesdeclast 	%xmm2, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xd2	/* aesdeclast 	%xmm2, %xmm10 */
+
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+//	addl	$8*16, %eax
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm2
+	movdqu	32(%rdi), %xmm3
+	movdqu	48(%rdi), %xmm4
+	movdqu	64(%rdi), %xmm5
+	movdqu	80(%rdi), %xmm6
+	movdqu	96(%rdi), %xmm7
+	movdqu	112(%rdi), %xmm8
+	movdqu	128(%rdi), %xmm9
+	movdqu	144(%rdi), %xmm10
+	movdqu	160(%rdi), %xmm11
+	movdqu	176(%rdi), %xmm12
+	movdqu	192(%rdi), %xmm13
+	movdqu	208(%rdi), %xmm14
+
+4:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm15, %xmm1
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xce	/* aesdec	%xmm14, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xca	/* aesdec	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc8	/* aesdec	%xmm8, %xmm1 */
+	movdqu	(%rdi), %xmm8
+	.byte 0x66,0x0f,0x38,0xde,0xcf	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xce	/* aesdec	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xca	/* aesdec	%xmm2, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdf,0xc8	/* aesdeclast %xmm8, %xmm1 */
+	movdqu	112(%rdi), %xmm8
+	movdqu	%xmm1, (%rsi, %rax)
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	xor	%eax, %eax
+	ret
+	.size intel_aes_decrypt_ecb_256, .-intel_aes_decrypt_ecb_256
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_encrypt_cbc_256,@function
+	.globl intel_aes_encrypt_cbc_256
+	.align	16
+intel_aes_encrypt_cbc_256:
+	testl	%r9d, %r9d
+	je	2f
+
+//	leaq	IV_OFFSET(%rdi), %rdx
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	16(%rdi), %rdx
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdx), %xmm0
+	movdqu	(%rdi), %xmm8
+	movdqu	16(%rdi), %xmm2
+	movdqu	32(%rdi), %xmm3
+	movdqu	48(%rdi), %xmm4
+	movdqu	64(%rdi), %xmm5
+	movdqu	80(%rdi), %xmm6
+	movdqu	96(%rdi), %xmm7
+	movdqu	128(%rdi), %xmm9
+	movdqu	144(%rdi), %xmm10
+	movdqu	160(%rdi), %xmm11
+	movdqu	176(%rdi), %xmm12
+	movdqu	192(%rdi), %xmm13
+	movdqu	208(%rdi), %xmm14
+	movdqu	224(%rdi), %xmm15
+
+	xorl	%eax, %eax
+1:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm0, %xmm1
+	pxor	%xmm8, %xmm1
+	movdqu	112(%rdi), %xmm8
+	.byte 0x66,0x0f,0x38,0xdc,0xca	/* aesenc	%xmm2, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xdc,0xcf	/* aesenc	%xmm7, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc8	/* aesenc	%xmm8, %xmm1 */
+	movdqu	(%rdi), %xmm8
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xc9	/* aesenc	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xca	/* aesenc	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcb	/* aesenc	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcc	/* aesenc	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xcd	/* aesenc	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdc,0xce	/* aesenc	%xmm14, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdd,0xcf	/* aesenclast %xmm15, %xmm1 */
+	movdqu	%xmm1, (%rsi, %rax)
+	movdqa	%xmm1, %xmm0
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	1b
+
+	movdqu	%xmm0, (%rdx)
+
+2:	xor	%eax, %eax
+	ret
+	.size intel_aes_encrypt_cbc_256, .-intel_aes_encrypt_cbc_256
+
+
+/* in %rdi : cx - context
+   in %rsi : output - pointer to output buffer
+   in %rdx : outputLen - pointer to variable for length of output
+             (already filled in by caller)
+   in %ecx : maxOutputLen - length of output buffer
+             (already checked by caller)
+   in %r8  : input - pointer to input buffer
+   in %r9d : inputLen - length of input buffer
+   on stack: blocksize - AES blocksize (always 16, unused)
+*/
+	.type intel_aes_decrypt_cbc_256,@function
+	.globl intel_aes_decrypt_cbc_256
+	.align	16
+intel_aes_decrypt_cbc_256:
+//	leaq	IV_OFFSET(%rdi), %rdx
+//	leaq	EXPANDED_KEY_OFFSET(%rdi), %rdi
+	leaq	16(%rdi), %rdx
+	leaq	48(%rdi), %rdi
+
+	movdqu	(%rdx), %xmm0
+	movdqu	(%rdi), %xmm2
+	movdqu	224(%rdi), %xmm15
+	xorl	%eax, %eax
+//	cmpl	$8*16, %r9d
+	cmpl	$128, %r9d
+	jb	1f
+//	leal	-8*16(%r9), %r11d
+	leal	-128(%r9), %r11d
+2:	movdqu  (%r8, %rax), %xmm3
+	movdqu	16(%r8, %rax), %xmm4
+	movdqu	32(%r8, %rax), %xmm5
+	movdqu	48(%r8, %rax), %xmm6
+	movdqu	64(%r8, %rax), %xmm7
+	movdqu	80(%r8, %rax), %xmm8
+	movdqu	96(%r8, %rax), %xmm9
+	movdqu	112(%r8, %rax), %xmm10
+	pxor	%xmm15, %xmm3
+	pxor	%xmm15, %xmm4
+	pxor	%xmm15, %xmm5
+	pxor	%xmm15, %xmm6
+	pxor	%xmm15, %xmm7
+	pxor	%xmm15, %xmm8
+	pxor	%xmm15, %xmm9
+	pxor	%xmm15, %xmm10
+
+// complete loop unrolling
+	movdqu 208(%rdi), %xmm1
+	movdqu 192(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 176(%rdi), %xmm1
+	movdqu 160(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 144(%rdi), %xmm1
+	movdqu 128(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 112(%rdi), %xmm1
+	movdqu 96(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 80(%rdi), %xmm1
+	movdqu 64(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 48(%rdi), %xmm1
+	movdqu 32(%rdi), %xmm11
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xdb	/* aesdec	%xmm11, %xmm3 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xe3	/* aesdec	%xmm11, %xmm4 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xeb	/* aesdec	%xmm11, %xmm5 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xf3	/* aesdec	%xmm11, %xmm6 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xfb	/* aesdec	%xmm11, %xmm7 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xc3	/* aesdec	%xmm11, %xmm8 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm9 */
+	.byte 0x66,0x45,0x0f,0x38,0xde,0xd3	/* aesdec	%xmm11, %xmm10 */
+
+	movdqu 16(%rdi), %xmm1
+	.byte 0x66,0x0f,0x38,0xde,0xd9		/* aesdec	%xmm1, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xde,0xe1		/* aesdec	%xmm1, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xde,0xe9		/* aesdec	%xmm1, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xde,0xf1		/* aesdec	%xmm1, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xde,0xf9		/* aesdec	%xmm1, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc1	/* aesdec	%xmm1, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm1, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xde,0xd1	/* aesdec	%xmm1, %xmm10 */
+	.byte 0x66,0x0f,0x38,0xdf,0xda		/* aesdeclast 	%xmm2, %xmm3 */
+	.byte 0x66,0x0f,0x38,0xdf,0xe2		/* aesdeclast 	%xmm2, %xmm4 */
+	.byte 0x66,0x0f,0x38,0xdf,0xea		/* aesdeclast 	%xmm2, %xmm5 */
+	.byte 0x66,0x0f,0x38,0xdf,0xf2		/* aesdeclast 	%xmm2, %xmm6 */
+	.byte 0x66,0x0f,0x38,0xdf,0xfa		/* aesdeclast 	%xmm2, %xmm7 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xc2	/* aesdeclast 	%xmm2, %xmm8 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xca	/* aesdeclast 	%xmm2, %xmm9 */
+	.byte 0x66,0x44,0x0f,0x38,0xdf,0xd2	/* aesdeclast 	%xmm2, %xmm10 */
+
+ 	pxor	%xmm0, %xmm3
+	movdqu	(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm4
+	movdqu	16(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm5
+	movdqu	32(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm6
+	movdqu	48(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm7
+	movdqu	64(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm8
+	movdqu	80(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm9
+	movdqu	96(%r8, %rax), %xmm0
+	pxor	%xmm0, %xmm10
+	movdqu	112(%r8, %rax), %xmm0
+	movdqu	%xmm3, (%rsi, %rax)
+	movdqu	%xmm4, 16(%rsi, %rax)
+	movdqu	%xmm5, 32(%rsi, %rax)
+	movdqu	%xmm6, 48(%rsi, %rax)
+	movdqu	%xmm7, 64(%rsi, %rax)
+	movdqu	%xmm8, 80(%rsi, %rax)
+	movdqu	%xmm9, 96(%rsi, %rax)
+	movdqu	%xmm10, 112(%rsi, %rax)
+//	addl	$8*16, %eax
+	addl	$128, %eax
+	cmpl	%r11d, %eax
+	jbe	2b
+1:	cmpl	%eax, %r9d
+	je	5f
+
+	movdqu	16(%rdi), %xmm2
+	movdqu	32(%rdi), %xmm3
+	movdqu	48(%rdi), %xmm4
+	movdqu	64(%rdi), %xmm5
+	movdqu	80(%rdi), %xmm6
+	movdqu	96(%rdi), %xmm7
+	movdqu	112(%rdi), %xmm8
+	movdqu	128(%rdi), %xmm9
+	movdqu	144(%rdi), %xmm10
+	movdqu	160(%rdi), %xmm11
+	movdqu	176(%rdi), %xmm12
+	movdqu	192(%rdi), %xmm13
+	movdqu	208(%rdi), %xmm14
+
+4:	movdqu	(%r8, %rax), %xmm1
+	pxor	%xmm15, %xmm1
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xce	/* aesdec	%xmm14, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm13, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm12, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm11, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xca	/* aesdec	%xmm10, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc9	/* aesdec	%xmm9, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xde,0xc8	/* aesdec	%xmm8, %xmm1 */
+	movdqu	(%rdi), %xmm8
+	.byte 0x66,0x0f,0x38,0xde,0xcf	/* aesdec	%xmm7, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xce	/* aesdec	%xmm6, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcd	/* aesdec	%xmm5, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcc	/* aesdec	%xmm4, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xcb	/* aesdec	%xmm3, %xmm1 */
+	.byte 0x66,0x0f,0x38,0xde,0xca	/* aesdec	%xmm2, %xmm1 */
+	.byte 0x66,0x41,0x0f,0x38,0xdf,0xc8	/* aesdeclast %xmm8, %xmm1 */
+	movdqu	112(%rdi), %xmm8
+	pxor	%xmm0, %xmm1
+	movdqu	(%r8, %rax), %xmm0  /* fetch the IV before we store the block */
+	movdqu	%xmm1, (%rsi, %rax) /* in case input buf = output buf */
+	addl	$16, %eax
+	cmpl	%eax, %r9d
+	jne	4b
+
+5:	movdqu	%xmm0, (%rdx)
+
+	xor	%eax, %eax
+	ret
+	.size intel_aes_decrypt_cbc_256, .-intel_aes_decrypt_cbc_256
diff --git a/nss/lib/freebl/intel-gcm-wrap.c b/nss/lib/freebl/intel-gcm-wrap.c
new file mode 100644
index 0000000..8c5eaf0
--- /dev/null
+++ b/nss/lib/freebl/intel-gcm-wrap.c
@@ -0,0 +1,254 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* Copyright(c) 2013, Intel Corp. */
+
+/* Wrapper functions for Intel optimized implementation of AES-GCM */
+
+#ifdef USE_HW_AES
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapii.h"
+#include "blapit.h"
+#include "gcm.h"
+#include "ctr.h"
+#include "secerr.h"
+#include "prtypes.h"
+#include "pkcs11t.h"
+
+#include <limits.h>
+
+#include "intel-gcm.h"
+#include "rijndael.h"
+
+#include <emmintrin.h>
+#include <tmmintrin.h>
+
+struct intel_AES_GCMContextStr {
+    unsigned char Htbl[16 * AES_BLOCK_SIZE];
+    unsigned char X0[AES_BLOCK_SIZE];
+    unsigned char T[AES_BLOCK_SIZE];
+    unsigned char CTR[AES_BLOCK_SIZE];
+    AESContext *aes_context;
+    unsigned long tagBits;
+    unsigned long Alen;
+    unsigned long Mlen;
+};
+
+intel_AES_GCMContext *
+intel_AES_GCM_CreateContext(void *context,
+                            freeblCipherFunc cipher,
+                            const unsigned char *params,
+                            unsigned int blocksize)
+{
+    intel_AES_GCMContext *gcm = NULL;
+    AESContext *aes = (AESContext *)context;
+    const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
+    unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */
+
+    unsigned long IV_whole_len = gcmParams->ulIvLen & (~0xful);
+    unsigned int IV_remainder_len = gcmParams->ulIvLen & 0xful;
+    unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful);
+    unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful;
+
+    __m128i BSWAP_MASK = _mm_setr_epi8(15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0);
+    __m128i ONE = _mm_set_epi32(0, 0, 0, 1);
+    unsigned int j;
+    SECStatus rv;
+
+    if (blocksize != AES_BLOCK_SIZE) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+    gcm = PORT_ZNew(intel_AES_GCMContext);
+
+    if (gcm == NULL) {
+        return NULL;
+    }
+
+    /* initialize context fields */
+    gcm->aes_context = aes;
+    gcm->tagBits = gcmParams->ulTagBits;
+    gcm->Alen = 0;
+    gcm->Mlen = 0;
+
+    /* first prepare H and its derivatives for ghash */
+    intel_aes_gcmINIT(gcm->Htbl, (unsigned char *)aes->expandedKey, aes->Nr);
+
+    /* Initial TAG value is zero */
+    _mm_storeu_si128((__m128i *)gcm->T, _mm_setzero_si128());
+    _mm_storeu_si128((__m128i *)gcm->X0, _mm_setzero_si128());
+
+    /* Init the counter */
+    if (gcmParams->ulIvLen == 12) {
+        _mm_storeu_si128((__m128i *)gcm->CTR,
+                         _mm_setr_epi32(((unsigned int *)gcmParams->pIv)[0],
+                                        ((unsigned int *)gcmParams->pIv)[1],
+                                        ((unsigned int *)gcmParams->pIv)[2],
+                                        0x01000000));
+    } else {
+        /* If IV size is not 96 bits, then the initial counter value is GHASH
+         * of the IV */
+        intel_aes_gcmAAD(gcm->Htbl, gcmParams->pIv, IV_whole_len, gcm->T);
+
+        /* Partial block */
+        if (IV_remainder_len) {
+            PORT_Memset(buff, 0, AES_BLOCK_SIZE);
+            PORT_Memcpy(buff, gcmParams->pIv + IV_whole_len, IV_remainder_len);
+            intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
+        }
+
+        intel_aes_gcmTAG(
+            gcm->Htbl,
+            gcm->T,
+            gcmParams->ulIvLen,
+            0,
+            gcm->X0,
+            gcm->CTR);
+
+        /* TAG should be zero again */
+        _mm_storeu_si128((__m128i *)gcm->T, _mm_setzero_si128());
+    }
+
+    /* Encrypt the initial counter, will be used to encrypt the GHASH value,
+     * in the end */
+    rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR,
+                   AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* Promote the counter by 1 */
+    _mm_storeu_si128((__m128i *)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i *)gcm->CTR), BSWAP_MASK)), BSWAP_MASK));
+
+    /* Now hash AAD - it would actually make sense to seperate the context
+     * creation from the AAD, because that would allow to reuse the H, which
+     * only changes when the AES key changes, and not every package, like the
+     * IV and AAD */
+    intel_aes_gcmAAD(gcm->Htbl, gcmParams->pAAD, AAD_whole_len, gcm->T);
+    if (AAD_remainder_len) {
+        PORT_Memset(buff, 0, AES_BLOCK_SIZE);
+        PORT_Memcpy(buff, gcmParams->pAAD + AAD_whole_len, AAD_remainder_len);
+        intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
+    }
+    gcm->Alen += gcmParams->ulAADLen;
+    return gcm;
+
+loser:
+    PORT_Free(gcm);
+    return NULL;
+}
+
+void
+intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit)
+{
+    if (freeit) {
+        PORT_Free(gcm);
+    }
+}
+
+SECStatus
+intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
+                            unsigned char *outbuf,
+                            unsigned int *outlen, unsigned int maxout,
+                            const unsigned char *inbuf, unsigned int inlen,
+                            unsigned int blocksize)
+{
+    unsigned int tagBytes;
+    unsigned char T[AES_BLOCK_SIZE];
+    unsigned int j;
+
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+    if (UINT_MAX - inlen < tagBytes) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    if (maxout < inlen + tagBytes) {
+        *outlen = inlen + tagBytes;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    intel_aes_gcmENC(
+        inbuf,
+        outbuf,
+        gcm,
+        inlen);
+
+    gcm->Mlen += inlen;
+
+    intel_aes_gcmTAG(
+        gcm->Htbl,
+        gcm->T,
+        gcm->Mlen,
+        gcm->Alen,
+        gcm->X0,
+        T);
+
+    *outlen = inlen + tagBytes;
+
+    for (j = 0; j < tagBytes; j++) {
+        outbuf[inlen + j] = T[j];
+    }
+    return SECSuccess;
+}
+
+SECStatus
+intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
+                            unsigned char *outbuf,
+                            unsigned int *outlen, unsigned int maxout,
+                            const unsigned char *inbuf, unsigned int inlen,
+                            unsigned int blocksize)
+{
+    unsigned int tagBytes;
+    unsigned char T[AES_BLOCK_SIZE];
+    const unsigned char *intag;
+
+    tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
+
+    /* get the authentication block */
+    if (inlen < tagBytes) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    inlen -= tagBytes;
+    intag = inbuf + inlen;
+
+    if (maxout < inlen) {
+        *outlen = inlen;
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    intel_aes_gcmDEC(
+        inbuf,
+        outbuf,
+        gcm,
+        inlen);
+
+    gcm->Mlen += inlen;
+    intel_aes_gcmTAG(
+        gcm->Htbl,
+        gcm->T,
+        gcm->Mlen,
+        gcm->Alen,
+        gcm->X0,
+        T);
+
+    if (NSS_SecureMemcmp(T, intag, tagBytes) != 0) {
+        memset(outbuf, 0, inlen);
+        *outlen = 0;
+        /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    *outlen = inlen;
+
+    return SECSuccess;
+}
+
+#endif
diff --git a/nss/lib/freebl/intel-gcm-x64-masm.asm b/nss/lib/freebl/intel-gcm-x64-masm.asm
new file mode 100644
index 0000000..8b68b76
--- /dev/null
+++ b/nss/lib/freebl/intel-gcm-x64-masm.asm
@@ -0,0 +1,1295 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.DATA
+ALIGN 16
+Lone            dq 1,0
+Ltwo            dq 2,0
+Lbswap_mask     db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+Lshuff_mask     dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh
+Lpoly           dq 01h, 0c200000000000000h
+
+.CODE
+
+
+GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4
+    vpclmulqdq  TMP1, SRC2, SRC1, 0h
+    vpclmulqdq  TMP4, SRC2, SRC1, 011h
+
+    vpshufd     TMP2, SRC2, 78
+    vpshufd     TMP3, SRC1, 78
+    vpxor       TMP2, TMP2, SRC2
+    vpxor       TMP3, TMP3, SRC1
+
+    vpclmulqdq  TMP2, TMP2, TMP3, 0h
+    vpxor       TMP2, TMP2, TMP1
+    vpxor       TMP2, TMP2, TMP4
+
+    vpslldq     TMP3, TMP2, 8
+    vpsrldq     TMP2, TMP2, 8
+
+    vpxor       TMP1, TMP1, TMP3
+    vpxor       TMP4, TMP4, TMP2
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpxor       DST, TMP1, TMP4
+
+    ENDM
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the final GCM tag
+; void intel_aes_gcmTAG(unsigned char Htbl[16*16],
+;                       unsigned char *Tp,
+;                       unsigned int Mlen,
+;                       unsigned int Alen,
+;                       unsigned char *X0,
+;                       unsigned char *TAG);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmTAG PROC
+
+Htbl    textequ <rcx>
+Tp      textequ <rdx>
+Mlen    textequ <r8>
+Alen    textequ <r9>
+X0      textequ <r10>
+TAG     textequ <r11>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    mov     X0, [rsp + 1*8 + 4*8]
+    mov     TAG, [rsp + 1*8 + 5*8]
+
+    vzeroupper
+    vmovdqu T, XMMWORD PTR[Tp]
+    vpxor   TMP0, TMP0, TMP0
+
+    shl     Mlen, 3
+    shl     Alen, 3
+
+    ;vpinsrq    TMP0, TMP0, Mlen, 0
+    ;vpinsrq    TMP0, TMP0, Alen, 1
+    ; workaround the ml64.exe vpinsrq issue
+    vpinsrd TMP0, TMP0, r8d, 0
+    vpinsrd TMP0, TMP0, r9d, 2
+    shr Mlen, 32
+    shr Alen, 32
+    vpinsrd TMP0, TMP0, r8d, 1
+    vpinsrd TMP0, TMP0, r9d, 3
+
+    vpxor   T, T, TMP0
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+
+    vpshufb T, T, [Lbswap_mask]
+    vpxor   T, T, [X0]
+    vmovdqu XMMWORD PTR[TAG], T
+    vzeroupper
+
+    ret
+
+intel_aes_gcmTAG ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the H table
+; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmINIT PROC
+
+Htbl    textequ <rcx>
+KS      textequ <rdx>
+NR      textequ <r8d>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    vzeroupper
+    ; AES-ENC(0)
+    vmovdqu T, XMMWORD PTR[KS]
+    lea KS, [16 + KS]
+    dec NR
+Lenc_loop:
+        vaesenc T, T, [KS]
+        lea KS, [16 + KS]
+        dec NR
+        jnz Lenc_loop
+
+    vaesenclast T, T, [KS]
+    vpshufb T, T, [Lbswap_mask]
+
+    ;Calculate H` = GFMUL(H, 2)
+    vpsrad  xmm3, T, 31
+    vpshufd xmm3, xmm3, 0ffh
+    vpand   xmm5, xmm3, [Lpoly]
+    vpsrld  xmm3, T, 31
+    vpslld  xmm4, T, 1
+    vpslldq xmm3, xmm3, 4
+    vpxor   T, xmm4, xmm3
+    vpxor   T, T, xmm5
+
+    vmovdqu TMP0, T
+    vmovdqu XMMWORD PTR[Htbl + 0*16], T
+
+    vpshufd xmm2, T, 78
+    vpxor   xmm2, xmm2, T
+    vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2
+
+    i = 1
+    WHILE i LT 8
+        GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+        vmovdqu XMMWORD PTR[Htbl + i*16], T
+        vpshufd xmm2, T, 78
+        vpxor   xmm2, xmm2, T
+        vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2
+        i = i+1
+        ENDM
+    vzeroupper
+    ret
+intel_aes_gcmINIT ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Authenticate only
+; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmAAD PROC
+
+Htbl    textequ <rcx>
+inp     textequ <rdx>
+len     textequ <r8>
+Tp      textequ <r9>
+hlp0    textequ <r10>
+
+DATA    textequ <xmm0>
+T       textequ <xmm1>
+TMP0    textequ <xmm2>
+TMP1    textequ <xmm3>
+TMP2    textequ <xmm4>
+TMP3    textequ <xmm5>
+TMP4    textequ <xmm6>
+Xhi     textequ <xmm7>
+
+KARATSUBA_AAD MACRO i
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 0h
+    vpxor       TMP0, TMP0, TMP3
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + i*16], 0h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+    test  len, len
+    jnz   LbeginAAD
+    ret
+
+LbeginAAD:
+    vzeroupper
+
+    sub rsp, 2*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+
+    vpxor   Xhi, Xhi, Xhi
+
+    vmovdqu T, XMMWORD PTR[Tp]
+    ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+    mov hlp0, len
+    and hlp0, 128-1
+    jz  Lmod_loop
+
+    and len, -128
+    sub hlp0, 16
+
+    ; Prefix block
+    vmovdqu DATA, XMMWORD PTR[inp]
+    vpshufb DATA, DATA, [Lbswap_mask]
+    vpxor   DATA, DATA, T
+
+    vpclmulqdq  TMP0, DATA, [Htbl + hlp0], 0h
+    vpclmulqdq  TMP1, DATA, [Htbl + hlp0], 011h
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + hlp0], 0h
+
+    lea     inp, [inp+16]
+    test    hlp0, hlp0
+    jnz     Lpre_loop
+    jmp     Lred1
+
+    ;hash remaining prefix bocks (up to 7 total prefix blocks)
+Lpre_loop:
+
+        sub hlp0, 16
+
+        vmovdqu DATA, XMMWORD PTR[inp]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 0h
+        vpxor       TMP0, TMP0, TMP3
+        vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 011h
+        vpxor       TMP1, TMP1, TMP3
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + hlp0], 0h
+        vpxor       TMP2, TMP2, TMP3
+
+        test    hlp0, hlp0
+        lea     inp, [inp+16]
+        jnz     Lpre_loop
+
+Lred1:
+
+    vpxor       TMP2, TMP2, TMP0
+    vpxor       TMP2, TMP2, TMP1
+    vpsrldq     TMP3, TMP2, 8
+    vpslldq     TMP2, TMP2, 8
+
+    vpxor       Xhi, TMP1, TMP3
+    vpxor       T, TMP0, TMP2
+
+
+Lmod_loop:
+
+        sub len, 16*8
+        jb  Ldone
+        ; Block #0
+        vmovdqu DATA, XMMWORD PTR[inp + 16*7]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP0, DATA, [Htbl + 0*16], 0h
+        vpclmulqdq  TMP1, DATA, [Htbl + 0*16], 011h
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + 0*16], 0h
+
+        ; Block #1
+        vmovdqu DATA, XMMWORD PTR[inp + 16*6]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 1
+
+        ; Block #2
+        vmovdqu DATA, XMMWORD PTR[inp + 16*5]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h         ;reduction stage 1a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 2
+
+        vpxor       T, T, TMP4                          ;reduction stage 1b
+
+        ; Block #3
+        vmovdqu DATA, XMMWORD PTR[inp + 16*4]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 3
+        ; Block #4
+        vmovdqu DATA, XMMWORD PTR[inp + 16*3]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h        ;reduction stage 2a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 4
+
+        vpxor       T, T, TMP4                          ;reduction stage 2b
+        ; Block #5
+        vmovdqu DATA, XMMWORD PTR[inp + 16*2]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 5
+
+        vpxor   T, T, Xhi                               ;reduction finalize
+        ; Block #6
+        vmovdqu DATA, XMMWORD PTR[inp + 16*1]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 6
+        ; Block #7
+        vmovdqu DATA, XMMWORD PTR[inp + 16*0]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        vpxor   DATA, DATA, T
+        KARATSUBA_AAD 7
+        ; Aggregated 8 blocks, now karatsuba fixup
+        vpxor   TMP2, TMP2, TMP0
+        vpxor   TMP2, TMP2, TMP1
+        vpsrldq TMP3, TMP2, 8
+        vpslldq TMP2, TMP2, 8
+
+        vpxor   Xhi, TMP1, TMP3
+        vpxor   T, TMP0, TMP2
+
+        lea inp, [inp + 16*8]
+        jmp Lmod_loop
+
+Ldone:
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpxor       T, T, Xhi
+    vmovdqu     XMMWORD PTR[Tp], T
+    vzeroupper
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    add rsp, 16*2
+
+    ret
+
+intel_aes_gcmAAD ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Encrypt and Authenticate
+; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmENC PROC
+
+PT      textequ <rcx>
+CT      textequ <rdx>
+Htbl    textequ <r8>
+Gctx    textequ <r8>
+len     textequ <r9>
+KS      textequ <r10>
+NR      textequ <eax>
+
+aluCTR  textequ <r11d>
+aluKSl  textequ <r12d>
+aluTMP  textequ <r13d>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+TMP1    textequ <xmm2>
+TMP2    textequ <xmm3>
+TMP3    textequ <xmm4>
+TMP4    textequ <xmm5>
+TMP5    textequ <xmm6>
+CTR0    textequ <xmm7>
+CTR1    textequ <xmm8>
+CTR2    textequ <xmm9>
+CTR3    textequ <xmm10>
+CTR4    textequ <xmm11>
+CTR5    textequ <xmm12>
+CTR6    textequ <xmm13>
+CTR7    textequ <xmm14>
+BSWAPMASK   textequ <xmm15>
+
+ROUND MACRO i
+    vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+    vaesenc CTR0, CTR0, TMP3
+    vaesenc CTR1, CTR1, TMP3
+    vaesenc CTR2, CTR2, TMP3
+    vaesenc CTR3, CTR3, TMP3
+    vaesenc CTR4, CTR4, TMP3
+    vaesenc CTR5, CTR5, TMP3
+    vaesenc CTR6, CTR6, TMP3
+    vaesenc CTR7, CTR7, TMP3
+ENDM
+ROUNDMUL MACRO i
+    vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+
+    vaesenc CTR0, CTR0, TMP3
+    vaesenc CTR1, CTR1, TMP3
+    vaesenc CTR2, CTR2, TMP3
+    vaesenc CTR3, CTR3, TMP3
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+
+    vaesenc CTR4, CTR4, TMP3
+    vaesenc CTR5, CTR5, TMP3
+    vaesenc CTR6, CTR6, TMP3
+    vaesenc CTR7, CTR7, TMP3
+
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+KARATSUBA MACRO i
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+NEXTCTR MACRO i
+    add aluCTR, 1
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [3*4 + 8*16 + i*16 + rsp], aluTMP
+ENDM
+
+
+    test  len, len
+    jnz   LbeginENC
+    ret
+
+LbeginENC:
+
+    vzeroupper
+    push    r11
+    push    r12
+    push    r13
+    push    rbp
+    sub rsp, 10*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+    vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+    vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+    vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+    vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+    vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+    vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+    vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+    vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+
+    mov rbp, rsp
+    sub rsp, 16*16
+    and rsp, -16
+
+    vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+    mov     KS, [16*16 + 3*16 + Gctx]
+    mov     NR, [4 + KS]
+    lea     KS, [48 + KS]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+
+    mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    mov aluKSl, [3*4 + KS]
+    bswap   aluCTR
+    bswap   aluKSl
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[8*16 + 0*16 + rsp], TMP0
+
+    cmp len, 128
+    jb  LEncDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[8*16 + 1*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 2*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 3*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 4*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 5*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 6*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 7*16 + rsp], TMP0
+
+; Encrypt the initial 8 blocks
+    sub len, 128
+    vpaddd  CTR1, CTR0, XMMWORD PTR[Lone]
+    vpaddd  CTR2, CTR0, XMMWORD PTR[Ltwo]
+    vpaddd  CTR3, CTR2, XMMWORD PTR[Lone]
+    vpaddd  CTR4, CTR2, XMMWORD PTR[Ltwo]
+    vpaddd  CTR5, CTR4, XMMWORD PTR[Lone]
+    vpaddd  CTR6, CTR4, XMMWORD PTR[Ltwo]
+    vpaddd  CTR7, CTR6, XMMWORD PTR[Lone]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+    vpshufb CTR1, CTR1, BSWAPMASK
+    vpshufb CTR2, CTR2, BSWAPMASK
+    vpshufb CTR3, CTR3, BSWAPMASK
+    vpshufb CTR4, CTR4, BSWAPMASK
+    vpshufb CTR5, CTR5, BSWAPMASK
+    vpshufb CTR6, CTR6, BSWAPMASK
+    vpshufb CTR7, CTR7, BSWAPMASK
+
+    vmovdqu TMP3, XMMWORD PTR[0*16 + KS]
+    vpxor   CTR0, CTR0, TMP3
+    vpxor   CTR1, CTR1, TMP3
+    vpxor   CTR2, CTR2, TMP3
+    vpxor   CTR3, CTR3, TMP3
+    vpxor   CTR4, CTR4, TMP3
+    vpxor   CTR5, CTR5, TMP3
+    vpxor   CTR6, CTR6, TMP3
+    vpxor   CTR7, CTR7, TMP3
+
+    ROUND   1
+
+    add aluCTR, 8
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [8*16 + 0*16 + 3*4 + rsp], aluTMP
+
+    ROUND   2
+    NEXTCTR 1
+    ROUND   3
+    NEXTCTR 2
+    ROUND   4
+    NEXTCTR 3
+    ROUND   5
+    NEXTCTR 4
+    ROUND   6
+    NEXTCTR 5
+    ROUND   7
+    NEXTCTR 6
+    ROUND   8
+    NEXTCTR 7
+    ROUND   9
+    vmovdqu TMP5, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu TMP5, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+    vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+    vaesenclast CTR0, CTR0, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+    vaesenclast CTR1, CTR1, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+    vaesenclast CTR2, CTR2, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+    vaesenclast CTR3, CTR3, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+    vaesenclast CTR4, CTR4, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+    vaesenclast CTR5, CTR5, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+    vaesenclast CTR6, CTR6, TMP3
+    vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+    vaesenclast CTR7, CTR7, TMP3
+
+    vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+    vpshufb CTR0, CTR0, BSWAPMASK
+    vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+    vpshufb CTR1, CTR1, BSWAPMASK
+    vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+    vpshufb CTR2, CTR2, BSWAPMASK
+    vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+    vpshufb CTR3, CTR3, BSWAPMASK
+    vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+    vpshufb CTR4, CTR4, BSWAPMASK
+    vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+    vpshufb CTR5, CTR5, BSWAPMASK
+    vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+    vpshufb CTR6, CTR6, BSWAPMASK
+    vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+    vpshufb TMP5, CTR7, BSWAPMASK
+
+    vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+    vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+    vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+    vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+    vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+    vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+    vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+
+    lea CT, [8*16 + CT]
+    lea PT, [8*16 + PT]
+    jmp LEncDataOctets
+
+LEncDataOctets:
+        cmp len, 128
+        jb  LEndEncOctets
+        sub len, 128
+
+        vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + rsp]
+        vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + rsp]
+        vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + rsp]
+        vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + rsp]
+        vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + rsp]
+        vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + rsp]
+        vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + rsp]
+        vmovdqa CTR7, XMMWORD PTR[8*16 + 7*16 + rsp]
+
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+        ROUNDMUL 1
+        NEXTCTR 0
+        vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+        ROUNDMUL 2
+        NEXTCTR 1
+        vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+        ROUNDMUL 3
+        NEXTCTR 2
+        vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+        ROUNDMUL 4
+        NEXTCTR 3
+        vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+        ROUNDMUL 5
+        NEXTCTR 4
+        vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+        ROUNDMUL 6
+        NEXTCTR 5
+        vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+        ROUNDMUL 7
+        NEXTCTR 6
+
+        ROUND 8
+        NEXTCTR 7
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   T, TMP2, TMP3
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        ROUND 9
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+        vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+        vaesenclast CTR0, CTR0, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+        vaesenclast CTR1, CTR1, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+        vaesenclast CTR2, CTR2, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+        vaesenclast CTR3, CTR3, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+        vaesenclast CTR4, CTR4, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+        vaesenclast CTR5, CTR5, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+        vaesenclast CTR6, CTR6, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+        vaesenclast CTR7, CTR7, TMP3
+
+        vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+        vpshufb CTR0, CTR0, BSWAPMASK
+        vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+        vpshufb CTR1, CTR1, BSWAPMASK
+        vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+        vpshufb CTR2, CTR2, BSWAPMASK
+        vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+        vpshufb CTR3, CTR3, BSWAPMASK
+        vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+        vpshufb CTR4, CTR4, BSWAPMASK
+        vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+        vpshufb CTR5, CTR5, BSWAPMASK
+        vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+        vpshufb CTR6, CTR6, BSWAPMASK
+        vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+        vpshufb TMP5, CTR7, BSWAPMASK
+
+        vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+        vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+        vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+        vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+        vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+        vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+        vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+
+        vpxor   T, T, TMP4
+
+        lea CT, [8*16 + CT]
+        lea PT, [8*16 + PT]
+        jmp LEncDataOctets
+
+LEndEncOctets:
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+    KARATSUBA 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+    KARATSUBA 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+    KARATSUBA 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+    KARATSUBA 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+    KARATSUBA 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+    KARATSUBA 6
+    vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+    KARATSUBA 7
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   T, TMP2, TMP3
+
+    vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+    vpalignr    T,T,T,8
+    vpxor       T, T, TMP1
+
+    vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+    vpalignr    T,T,T,8
+    vpxor       T, T, TMP1
+
+    vpxor       T, T, TMP4
+
+    sub aluCTR, 7
+
+LEncDataSingles:
+
+        cmp len, 16
+        jb  LEncDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[PT]
+        vmovdqu XMMWORD PTR[CT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP1, TMP1, BSWAPMASK
+        vpxor   T, T, TMP1
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+        jmp LEncDataSingles
+
+LEncDataTail:
+
+    test    len, len
+    jz  LEncDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; zero a temp location
+    vpxor   TMP2, TMP2, TMP2
+    vmovdqa XMMWORD PTR[rsp], TMP2
+; copy as many bytes as needed
+    xor KS, KS
+
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [PT + KS]
+        mov [rsp + KS], al
+        inc KS
+        jmp @b
+@@:
+    vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+    vmovdqa XMMWORD PTR[rsp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [rsp + KS]
+        mov [CT + KS], al
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[rsp + KS], 0
+        inc KS
+        jmp @b
+@@:
+BAIL:
+    vmovdqa TMP1, XMMWORD PTR[rsp]
+    vpshufb TMP1, TMP1, BSWAPMASK
+    vpxor   T, T, TMP1
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+LEncDataEnd:
+
+    vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov rsp, rbp
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+    vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+    vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+    vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+    vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+    vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+    vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+    vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+
+    add rsp, 10*16
+    pop rbp
+    pop r13
+    pop r12
+    pop r11
+
+    vzeroupper
+
+    ret
+intel_aes_gcmENC ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Decrypt and Authenticate
+; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmDEC PROC
+
+NEXTCTR MACRO i
+    add aluCTR, 1
+    mov aluTMP, aluCTR
+    xor aluTMP, aluKSl
+    bswap   aluTMP
+    mov [3*4 + i*16 + rsp], aluTMP
+ENDM
+
+PT      textequ <rdx>
+CT      textequ <rcx>
+
+    test  len, len
+    jnz   LbeginDEC
+    ret
+
+LbeginDEC:
+
+    vzeroupper
+    push    r11
+    push    r12
+    push    r13
+    push    rbp
+    sub rsp, 10*16
+    vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+    vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+    vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+    vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+    vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+    vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+    vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+    vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+    vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+    vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+
+    mov rbp, rsp
+    sub rsp, 8*16
+    and rsp, -16
+
+    vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+    mov     KS, [16*16 + 3*16 + Gctx]
+    mov     NR, [4 + KS]
+    lea     KS, [48 + KS]
+
+    vpshufb CTR0, CTR0, BSWAPMASK
+
+    mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    mov aluKSl, [3*4 + KS]
+    bswap   aluCTR
+    bswap   aluKSl
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[0*16 + rsp], TMP0
+
+    cmp len, 128
+    jb  LDecDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[1*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[2*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[3*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[4*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[5*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[6*16 + rsp], TMP0
+    vmovdqu XMMWORD PTR[7*16 + rsp], TMP0
+
+    NEXTCTR 1
+    NEXTCTR 2
+    NEXTCTR 3
+    NEXTCTR 4
+    NEXTCTR 5
+    NEXTCTR 6
+    NEXTCTR 7
+
+LDecDataOctets:
+        cmp len, 128
+        jb  LEndDecOctets
+        sub len, 128
+
+        vmovdqa CTR0, XMMWORD PTR[0*16 + rsp]
+        vmovdqa CTR1, XMMWORD PTR[1*16 + rsp]
+        vmovdqa CTR2, XMMWORD PTR[2*16 + rsp]
+        vmovdqa CTR3, XMMWORD PTR[3*16 + rsp]
+        vmovdqa CTR4, XMMWORD PTR[4*16 + rsp]
+        vmovdqa CTR5, XMMWORD PTR[5*16 + rsp]
+        vmovdqa CTR6, XMMWORD PTR[6*16 + rsp]
+        vmovdqa CTR7, XMMWORD PTR[7*16 + rsp]
+
+        vmovdqu TMP5, XMMWORD PTR[7*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[6*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 1
+        NEXTCTR 0
+        vmovdqu TMP5, XMMWORD PTR[5*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 2
+        NEXTCTR 1
+        vmovdqu TMP5, XMMWORD PTR[4*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 3
+        NEXTCTR 2
+        vmovdqu TMP5, XMMWORD PTR[3*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 4
+        NEXTCTR 3
+        vmovdqu TMP5, XMMWORD PTR[2*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 5
+        NEXTCTR 4
+        vmovdqu TMP5, XMMWORD PTR[1*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        ROUNDMUL 6
+        NEXTCTR 5
+        vmovdqu TMP5, XMMWORD PTR[0*16 + CT]
+        vpshufb TMP5, TMP5, BSWAPMASK
+        vpxor   TMP5, TMP5, T
+        ROUNDMUL 7
+        NEXTCTR 6
+
+        ROUND 8
+        NEXTCTR 7
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   T, TMP2, TMP3
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        ROUND 9
+
+        vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+        vpalignr    T,T,T,8
+        vpxor       T, T, TMP1
+
+        vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+        vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + CT]
+        vaesenclast CTR0, CTR0, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + CT]
+        vaesenclast CTR1, CTR1, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + CT]
+        vaesenclast CTR2, CTR2, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + CT]
+        vaesenclast CTR3, CTR3, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + CT]
+        vaesenclast CTR4, CTR4, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + CT]
+        vaesenclast CTR5, CTR5, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + CT]
+        vaesenclast CTR6, CTR6, TMP3
+        vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + CT]
+        vaesenclast CTR7, CTR7, TMP3
+
+        vmovdqu XMMWORD PTR[0*16 + PT], CTR0
+        vmovdqu XMMWORD PTR[1*16 + PT], CTR1
+        vmovdqu XMMWORD PTR[2*16 + PT], CTR2
+        vmovdqu XMMWORD PTR[3*16 + PT], CTR3
+        vmovdqu XMMWORD PTR[4*16 + PT], CTR4
+        vmovdqu XMMWORD PTR[5*16 + PT], CTR5
+        vmovdqu XMMWORD PTR[6*16 + PT], CTR6
+        vmovdqu XMMWORD PTR[7*16 + PT], CTR7
+
+        vpxor   T, T, TMP4
+
+        lea CT, [8*16 + CT]
+        lea PT, [8*16 + PT]
+        jmp LDecDataOctets
+
+LEndDecOctets:
+
+    sub aluCTR, 7
+
+LDecDataSingles:
+
+        cmp len, 16
+        jb  LDecDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+
+        vmovdqu TMP2, XMMWORD PTR[CT]
+        vpxor   TMP1, TMP1, TMP2
+        vmovdqu XMMWORD PTR[PT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP2, TMP2, BSWAPMASK
+        vpxor   T, T, TMP2
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+
+        jmp LDecDataSingles
+
+LDecDataTail:
+
+    test    len, len
+    jz      LDecDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+    inc aluCTR
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; copy as many bytes as needed
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [CT + KS]
+        mov [rsp + KS], al
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[rsp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    vmovdqa TMP2, XMMWORD PTR[rsp]
+    vpshufb TMP2, TMP2, BSWAPMASK
+    vpxor   T, T, TMP2
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, TMP5, TMP2, TMP3, TMP4
+
+
+    vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+    vmovdqa XMMWORD PTR[rsp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov al, [rsp + KS]
+        mov [PT + KS], al
+        inc KS
+        jmp @b
+@@:
+
+LDecDataEnd:
+
+    vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov rsp, rbp
+
+    vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+    vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+    vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+    vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+    vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+    vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+    vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+    vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+    vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+    vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+
+    add rsp, 10*16
+    pop rbp
+    pop r13
+    pop r12
+    pop r11
+
+    vzeroupper
+
+    ret
+ret
+intel_aes_gcmDEC ENDP
+
+
+END
diff --git a/nss/lib/freebl/intel-gcm-x86-masm.asm b/nss/lib/freebl/intel-gcm-x86-masm.asm
new file mode 100644
index 0000000..6362ad8
--- /dev/null
+++ b/nss/lib/freebl/intel-gcm-x86-masm.asm
@@ -0,0 +1,1209 @@
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+
+
+.MODEL FLAT, C
+.XMM
+
+.DATA
+ALIGN 16
+Lone            dq 1,0
+Ltwo            dq 2,0
+Lbswap_mask     db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+Lshuff_mask     dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh
+Lpoly           dq 01h, 0c200000000000000h
+
+.CODE
+
+
+GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4
+    vpclmulqdq  TMP1, SRC2, SRC1, 0h
+    vpclmulqdq  TMP4, SRC2, SRC1, 011h
+
+    vpshufd     TMP2, SRC2, 78
+    vpshufd     TMP3, SRC1, 78
+    vpxor       TMP2, TMP2, SRC2
+    vpxor       TMP3, TMP3, SRC1
+
+    vpclmulqdq  TMP2, TMP2, TMP3, 0h
+    vpxor       TMP2, TMP2, TMP1
+    vpxor       TMP2, TMP2, TMP4
+
+    vpslldq     TMP3, TMP2, 8
+    vpsrldq     TMP2, TMP2, 8
+
+    vpxor       TMP1, TMP1, TMP3
+    vpxor       TMP4, TMP4, TMP2
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+    vpshufd     TMP3, TMP1, 78
+    vpxor       TMP1, TMP2, TMP3
+
+    vpxor       DST, TMP1, TMP4
+
+    ENDM
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the final GCM tag
+; void intel_aes_gcmTAG(unsigned char Htbl[16*16],
+;                       unsigned char *Tp,
+;                       unsigned int Mlen,
+;                       unsigned int Alen,
+;                       unsigned char* X0,
+;                       unsigned char* TAG);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmTAG PROC
+
+Htbl    textequ <eax>
+Tp      textequ <ecx>
+X0      textequ <edx>
+TAG     textequ <ebx>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    push    ebx
+
+    mov     Htbl,   [esp + 2*4 + 0*4]
+    mov     Tp,     [esp + 2*4 + 1*4]
+    mov     X0,     [esp + 2*4 + 4*4]
+    mov     TAG,    [esp + 2*4 + 5*4]
+
+    vzeroupper
+    vmovdqu T, XMMWORD PTR[Tp]
+
+    vpxor   TMP0, TMP0, TMP0
+    vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 2*4], 0
+    vpinsrd TMP0, TMP0, DWORD PTR[esp + 2*4 + 3*4], 2
+    vpsllq  TMP0, TMP0, 3
+
+    vpxor   T, T, TMP0
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+
+    vpshufb T, T, [Lbswap_mask]
+    vpxor   T, T, [X0]
+    vmovdqu XMMWORD PTR[TAG], T
+    vzeroupper
+
+    pop ebx
+
+    ret
+
+intel_aes_gcmTAG ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the H table
+; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmINIT PROC
+
+Htbl    textequ <eax>
+KS      textequ <ecx>
+NR      textequ <edx>
+
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+
+    mov     Htbl,   [esp + 4*1 + 0*4]
+    mov     KS,     [esp + 4*1 + 1*4]
+    mov     NR,     [esp + 4*1 + 2*4]
+
+    vzeroupper
+    ; AES-ENC(0)
+    vmovdqu T, XMMWORD PTR[KS]
+    lea KS, [16 + KS]
+    dec NR
+Lenc_loop:
+        vaesenc T, T, [KS]
+        lea KS, [16 + KS]
+        dec NR
+        jnz Lenc_loop
+
+    vaesenclast T, T, [KS]
+    vpshufb T, T, [Lbswap_mask]
+
+    ;Calculate H` = GFMUL(H, 2)
+    vpsrad  xmm3, T, 31
+    vpshufd xmm3, xmm3, 0ffh
+    vpand   xmm5, xmm3, [Lpoly]
+    vpsrld  xmm3, T, 31
+    vpslld  xmm4, T, 1
+    vpslldq xmm3, xmm3, 4
+    vpxor   T, xmm4, xmm3
+    vpxor   T, T, xmm5
+
+    vmovdqu TMP0, T
+    vmovdqu XMMWORD PTR[Htbl + 0*16], T
+
+    vpshufd xmm2, T, 78
+    vpxor   xmm2, xmm2, T
+    vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2
+
+    i = 1
+    WHILE i LT 8
+        GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+        vmovdqu XMMWORD PTR[Htbl + i*16], T
+        vpshufd xmm2, T, 78
+        vpxor   xmm2, xmm2, T
+        vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2
+        i = i+1
+        ENDM
+    vzeroupper
+    ret
+intel_aes_gcmINIT ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Authenticate only
+; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmAAD PROC
+
+Htbl    textequ <eax>
+inp     textequ <ecx>
+len     textequ <edx>
+Tp      textequ <ebx>
+hlp0    textequ <esi>
+
+DATA    textequ <xmm0>
+T       textequ <xmm1>
+TMP0    textequ <xmm2>
+TMP1    textequ <xmm3>
+TMP2    textequ <xmm4>
+TMP3    textequ <xmm5>
+TMP4    textequ <xmm6>
+Xhi     textequ <xmm7>
+
+KARATSUBA_AAD MACRO i
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 0h
+    vpxor       TMP0, TMP0, TMP3
+    vpclmulqdq  TMP3, DATA, [Htbl + i*16], 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + i*16], 0h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+    cmp   DWORD PTR[esp + 1*3 + 2*4], 0
+    jnz   LbeginAAD
+    ret
+
+LbeginAAD:
+    push    ebx
+    push    esi
+
+    mov     Htbl,   [esp + 4*3 + 0*4]
+    mov     inp,    [esp + 4*3 + 1*4]
+    mov     len,    [esp + 4*3 + 2*4]
+    mov     Tp,     [esp + 4*3 + 3*4]
+
+    vzeroupper
+
+    vpxor   Xhi, Xhi, Xhi
+
+    vmovdqu T, XMMWORD PTR[Tp]
+    ;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+    mov hlp0, len
+    and hlp0, 128-1
+    jz  Lmod_loop
+
+    and len, -128
+    sub hlp0, 16
+
+    ; Prefix block
+    vmovdqu DATA, XMMWORD PTR[inp]
+    vpshufb DATA, DATA, [Lbswap_mask]
+    vpxor   DATA, DATA, T
+
+    vpclmulqdq  TMP0, DATA, XMMWORD PTR[Htbl + hlp0], 0h
+    vpclmulqdq  TMP1, DATA, XMMWORD PTR[Htbl + hlp0], 011h
+    vpshufd     TMP3, DATA, 78
+    vpxor       TMP3, TMP3, DATA
+    vpclmulqdq  TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h
+
+    lea     inp, [inp+16]
+    test    hlp0, hlp0
+    jnz     Lpre_loop
+    jmp     Lred1
+
+    ;hash remaining prefix bocks (up to 7 total prefix blocks)
+Lpre_loop:
+
+        sub hlp0, 16
+
+        vmovdqu DATA, XMMWORD PTR[inp]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 0h
+        vpxor       TMP0, TMP0, TMP3
+        vpclmulqdq  TMP3, DATA, XMMWORD PTR[Htbl + hlp0], 011h
+        vpxor       TMP1, TMP1, TMP3
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP3, TMP3, XMMWORD PTR[Htbl + 8*16 + hlp0], 0h
+        vpxor       TMP2, TMP2, TMP3
+
+        test    hlp0, hlp0
+        lea     inp, [inp+16]
+        jnz     Lpre_loop
+
+Lred1:
+
+    vpxor       TMP2, TMP2, TMP0
+    vpxor       TMP2, TMP2, TMP1
+    vpsrldq     TMP3, TMP2, 8
+    vpslldq     TMP2, TMP2, 8
+
+    vpxor       Xhi, TMP1, TMP3
+    vpxor       T, TMP0, TMP2
+
+Lmod_loop:
+
+        sub len, 16*8
+        jb  Ldone
+        ; Block #0
+        vmovdqu DATA, XMMWORD PTR[inp + 16*7]
+        vpshufb DATA, DATA, XMMWORD PTR[Lbswap_mask]
+
+        vpclmulqdq  TMP0, DATA, XMMWORD PTR[Htbl + 0*16], 0h
+        vpclmulqdq  TMP1, DATA, XMMWORD PTR[Htbl + 0*16], 011h
+        vpshufd     TMP3, DATA, 78
+        vpxor       TMP3, TMP3, DATA
+        vpclmulqdq  TMP2, TMP3, XMMWORD PTR[Htbl + 8*16 + 0*16], 0h
+
+        ; Block #1
+        vmovdqu DATA, XMMWORD PTR[inp + 16*6]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 1
+
+        ; Block #2
+        vmovdqu DATA, XMMWORD PTR[inp + 16*5]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h         ;reduction stage 1a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 2
+
+        vpxor       T, T, TMP4                          ;reduction stage 1b
+
+        ; Block #3
+        vmovdqu DATA, XMMWORD PTR[inp + 16*4]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 3
+        ; Block #4
+        vmovdqu DATA, XMMWORD PTR[inp + 16*3]
+        vpshufb DATA, DATA, [Lbswap_mask]
+
+        vpclmulqdq  TMP4, T, [Lpoly], 010h        ;reduction stage 2a
+        vpalignr    T, T, T, 8
+
+        KARATSUBA_AAD 4
+
+        vpxor       T, T, TMP4                          ;reduction stage 2b
+        ; Block #5
+        vmovdqu DATA, XMMWORD PTR[inp + 16*2]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 5
+
+        vpxor   T, T, Xhi                               ;reduction finalize
+        ; Block #6
+        vmovdqu DATA, XMMWORD PTR[inp + 16*1]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        KARATSUBA_AAD 6
+        ; Block #7
+        vmovdqu DATA, XMMWORD PTR[inp + 16*0]
+        vpshufb DATA, DATA, [Lbswap_mask]
+        vpxor   DATA, DATA, T
+        KARATSUBA_AAD 7
+        ; Aggregated 8 blocks, now karatsuba fixup
+        vpxor   TMP2, TMP2, TMP0
+        vpxor   TMP2, TMP2, TMP1
+        vpsrldq TMP3, TMP2, 8
+        vpslldq TMP2, TMP2, 8
+
+        vpxor   Xhi, TMP1, TMP3
+        vpxor   T, TMP0, TMP2
+
+        lea inp, [inp + 16*8]
+        jmp Lmod_loop
+
+Ldone:
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpclmulqdq  TMP4, T, [Lpoly], 010h
+    vpalignr    T, T, T, 8
+    vpxor       T, T, TMP4
+
+    vpxor       T, T, Xhi
+    vmovdqu     XMMWORD PTR[Tp], T
+    vzeroupper
+
+    pop esi
+    pop ebx
+    ret
+
+intel_aes_gcmAAD ENDP
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Encrypt and Authenticate
+; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ALIGN 16
+intel_aes_gcmENC PROC
+
+PT      textequ <eax>
+CT      textequ <ecx>
+Htbl    textequ <edx>
+Gctx    textequ <edx>
+len     textequ <DWORD PTR[ebp + 5*4 + 3*4]>
+KS      textequ <esi>
+NR      textequ <DWORD PTR[-40 + KS]>
+
+aluCTR  textequ <ebx>
+aluTMP  textequ <edi>
+
+T       textequ <XMMWORD PTR[16*16 + 1*16 + Gctx]>
+TMP0    textequ <xmm1>
+TMP1    textequ <xmm2>
+TMP2    textequ <xmm3>
+TMP3    textequ <xmm4>
+TMP4    textequ <xmm5>
+TMP5    textequ <xmm6>
+
+CTR0    textequ <xmm0>
+CTR1    textequ <xmm1>
+CTR2    textequ <xmm2>
+CTR3    textequ <xmm3>
+CTR4    textequ <xmm4>
+CTR5    textequ <xmm5>
+CTR6    textequ <xmm6>
+
+ROUND MACRO i
+    vmovdqu xmm7, XMMWORD PTR[i*16 + KS]
+    vaesenc CTR0, CTR0, xmm7
+    vaesenc CTR1, CTR1, xmm7
+    vaesenc CTR2, CTR2, xmm7
+    vaesenc CTR3, CTR3, xmm7
+    vaesenc CTR4, CTR4, xmm7
+    vaesenc CTR5, CTR5, xmm7
+    vaesenc CTR6, CTR6, xmm7
+ENDM
+
+KARATSUBA MACRO i
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+    vpxor       TMP0, TMP0, TMP3
+    vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+    vpclmulqdq  TMP3, TMP5, TMP4, 011h
+    vpxor       TMP1, TMP1, TMP3
+    vpclmulqdq  TMP3, TMP5, TMP4, 000h
+    vpxor       TMP2, TMP2, TMP3
+ENDM
+
+NEXTCTR MACRO i
+    add     aluCTR, 1
+    mov     aluTMP, aluCTR
+    bswap   aluTMP
+    xor     aluTMP, [3*4 + KS]
+    mov     [3*4 + 8*16 + i*16 + esp], aluTMP
+ENDM
+
+    cmp DWORD PTR[1*4 + 3*4 + esp], 0
+    jne LbeginENC
+    ret
+
+LbeginENC:
+
+    vzeroupper
+    push    ebp
+    push    ebx
+    push    esi
+    push    edi
+
+    mov ebp, esp
+    sub esp, 16*16
+    and esp, -16
+
+    mov PT, [ebp + 5*4 + 0*4]
+    mov CT, [ebp + 5*4 + 1*4]
+    mov Gctx, [ebp + 5*4 + 2*4]
+
+    mov     KS, [16*16 + 3*16 + Gctx]
+    lea     KS, [44 + KS]
+
+    mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    bswap   aluCTR
+
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[8*16 + 0*16 + esp], TMP0
+
+    cmp len, 16*7
+    jb  LEncDataSingles
+; Prepare the "top" counters
+    vmovdqu XMMWORD PTR[8*16 + 1*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 2*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 3*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 4*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 5*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[8*16 + 6*16 + esp], TMP0
+
+    vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+; Encrypt the initial 7 blocks
+    sub len, 16*7
+    vpaddd  CTR1, CTR0, XMMWORD PTR[Lone]
+    vpaddd  CTR2, CTR0, XMMWORD PTR[Ltwo]
+    vpaddd  CTR3, CTR2, XMMWORD PTR[Lone]
+    vpaddd  CTR4, CTR2, XMMWORD PTR[Ltwo]
+    vpaddd  CTR5, CTR4, XMMWORD PTR[Lone]
+    vpaddd  CTR6, CTR4, XMMWORD PTR[Ltwo]
+
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR6, CTR6, XMMWORD PTR[Lbswap_mask]
+
+    vmovdqu xmm7, XMMWORD PTR[0*16 + KS]
+    vpxor   CTR0, CTR0, xmm7
+    vpxor   CTR1, CTR1, xmm7
+    vpxor   CTR2, CTR2, xmm7
+    vpxor   CTR3, CTR3, xmm7
+    vpxor   CTR4, CTR4, xmm7
+    vpxor   CTR5, CTR5, xmm7
+    vpxor   CTR6, CTR6, xmm7
+
+    ROUND   1
+
+    add aluCTR, 7
+    mov aluTMP, aluCTR
+    bswap   aluTMP
+    xor aluTMP, [KS + 3*4]
+    mov [8*16 + 0*16 + 3*4 + esp], aluTMP
+
+    ROUND   2
+    NEXTCTR 1
+    ROUND   3
+    NEXTCTR 2
+    ROUND   4
+    NEXTCTR 3
+    ROUND   5
+    NEXTCTR 4
+    ROUND   6
+    NEXTCTR 5
+    ROUND   7
+    NEXTCTR 6
+    ROUND   8
+    ROUND   9
+    vmovdqu xmm7, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu xmm7, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast CTR0, CTR0, xmm7
+    vaesenclast CTR1, CTR1, xmm7
+    vaesenclast CTR2, CTR2, xmm7
+    vaesenclast CTR3, CTR3, xmm7
+    vaesenclast CTR4, CTR4, xmm7
+    vaesenclast CTR5, CTR5, xmm7
+    vaesenclast CTR6, CTR6, xmm7
+
+    vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + PT]
+    vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + PT]
+    vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + PT]
+    vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + PT]
+    vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + PT]
+    vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + PT]
+    vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + PT]
+
+    vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+    vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+    vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+    vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+    vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+    vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+    vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+
+    vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+    vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+    vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask]
+
+    vmovdqa XMMWORD PTR[1*16 + esp], CTR5
+    vmovdqa XMMWORD PTR[2*16 + esp], CTR4
+    vmovdqa XMMWORD PTR[3*16 + esp], CTR3
+    vmovdqa XMMWORD PTR[4*16 + esp], CTR2
+    vmovdqa XMMWORD PTR[5*16 + esp], CTR1
+    vmovdqa XMMWORD PTR[6*16 + esp], CTR0
+
+    lea CT, [7*16 + CT]
+    lea PT, [7*16 + PT]
+    jmp LEncData7
+
+LEncData7:
+        cmp len, 16*7
+        jb  LEndEnc7
+        sub len, 16*7
+
+        vpshufd TMP4, TMP5, 78
+        vpxor   TMP4, TMP4, TMP5
+        vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+        vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+        vpclmulqdq  TMP1, TMP5, TMP4, 011h
+        vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+        vmovdqu TMP5, XMMWORD PTR[1*16 + esp]
+        KARATSUBA 1
+        vmovdqu TMP5, XMMWORD PTR[2*16 + esp]
+        KARATSUBA 2
+        vmovdqu TMP5, XMMWORD PTR[3*16 + esp]
+        KARATSUBA 3
+        vmovdqu TMP5, XMMWORD PTR[4*16 + esp]
+        KARATSUBA 4
+        vmovdqu TMP5, XMMWORD PTR[5*16 + esp]
+        KARATSUBA 5
+        vmovdqu TMP5, XMMWORD PTR[6*16 + esp]
+        vpxor   TMP5, TMP5, T
+        KARATSUBA 6
+
+        vpxor   TMP0, TMP0, TMP1
+        vpxor   TMP0, TMP0, TMP2
+        vpsrldq TMP3, TMP0, 8
+        vpxor   TMP4, TMP1, TMP3
+        vpslldq TMP3, TMP0, 8
+        vpxor   TMP5, TMP2, TMP3
+
+        vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+        vpalignr    TMP5,TMP5,TMP5,8
+        vpxor       TMP5, TMP5, TMP1
+
+        vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+        vpalignr    TMP5,TMP5,TMP5,8
+        vpxor       TMP5, TMP5, TMP1
+
+        vpxor       TMP5, TMP5, TMP4
+        vmovdqu     T, TMP5
+
+        vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + esp]
+        vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + esp]
+        vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + esp]
+        vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + esp]
+        vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + esp]
+        vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + esp]
+        vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + esp]
+
+        ROUND 1
+        NEXTCTR 0
+        ROUND 2
+        NEXTCTR 1
+        ROUND 3
+        NEXTCTR 2
+        ROUND 4
+        NEXTCTR 3
+        ROUND 5
+        NEXTCTR 4
+        ROUND 6
+        NEXTCTR 5
+        ROUND 7
+        NEXTCTR 6
+
+        ROUND 8
+        ROUND 9
+
+        vmovdqu     xmm7, XMMWORD PTR[10*16 + KS]
+        cmp         NR, 10
+        je          @f
+
+        ROUND 10
+        ROUND 11
+        vmovdqu     xmm7, XMMWORD PTR[12*16 + KS]
+        cmp         NR, 12
+        je          @f
+
+        ROUND 12
+        ROUND 13
+        vmovdqu     xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast CTR0, CTR0, xmm7
+        vaesenclast CTR1, CTR1, xmm7
+        vaesenclast CTR2, CTR2, xmm7
+        vaesenclast CTR3, CTR3, xmm7
+        vaesenclast CTR4, CTR4, xmm7
+        vaesenclast CTR5, CTR5, xmm7
+        vaesenclast CTR6, CTR6, xmm7
+
+        vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + PT]
+        vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + PT]
+        vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + PT]
+        vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + PT]
+        vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + PT]
+        vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + PT]
+        vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + PT]
+
+        vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+        vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+        vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+        vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+        vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+        vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+        vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+
+        vpshufb CTR0, CTR0, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR1, CTR1, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR2, CTR2, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR3, CTR3, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR4, CTR4, XMMWORD PTR[Lbswap_mask]
+        vpshufb CTR5, CTR5, XMMWORD PTR[Lbswap_mask]
+        vpshufb TMP5, CTR6, XMMWORD PTR[Lbswap_mask]
+
+        vmovdqa XMMWORD PTR[1*16 + esp], CTR5
+        vmovdqa XMMWORD PTR[2*16 + esp], CTR4
+        vmovdqa XMMWORD PTR[3*16 + esp], CTR3
+        vmovdqa XMMWORD PTR[4*16 + esp], CTR2
+        vmovdqa XMMWORD PTR[5*16 + esp], CTR1
+        vmovdqa XMMWORD PTR[6*16 + esp], CTR0
+
+        lea CT, [7*16 + CT]
+        lea PT, [7*16 + PT]
+        jmp LEncData7
+
+LEndEnc7:
+
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    vmovdqu TMP5, XMMWORD PTR[1*16 + esp]
+    KARATSUBA 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + esp]
+    KARATSUBA 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + esp]
+    KARATSUBA 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + esp]
+    KARATSUBA 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + esp]
+    KARATSUBA 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + esp]
+    vpxor   TMP5, TMP5, T
+    KARATSUBA 6
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   TMP5, TMP2, TMP3
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpxor       TMP5, TMP5, TMP4
+    vmovdqu     T, TMP5
+
+    sub aluCTR, 6
+
+LEncDataSingles:
+
+        cmp len, 16
+        jb  LEncDataTail
+        sub len, 16
+
+        vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[PT]
+        vmovdqu XMMWORD PTR[CT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+
+        vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+        vpxor   TMP1, TMP1, T
+
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+        vmovdqu T, TMP1
+
+        jmp LEncDataSingles
+
+LEncDataTail:
+
+    cmp len, 0
+    je  LEncDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + esp]
+
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast TMP1, TMP1, TMP2
+; zero a temp location
+    vpxor   TMP2, TMP2, TMP2
+    vmovdqa XMMWORD PTR[esp], TMP2
+; copy as many bytes as needed
+    xor KS, KS
+    mov aluTMP, edx
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[PT + KS]
+        mov BYTE PTR[esp + KS], dl
+        inc KS
+        jmp @b
+@@:
+    vpxor   TMP1, TMP1, XMMWORD PTR[esp]
+    vmovdqa XMMWORD PTR[esp], TMP1
+    xor KS, KS
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[esp + KS]
+        mov BYTE PTR[CT + KS], dl
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[esp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    mov edx, aluTMP
+    vmovdqa TMP1, XMMWORD PTR[esp]
+    vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP1, TMP1, T
+
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+    vmovdqu T, TMP1
+
+LEncDataEnd:
+    inc     aluCTR
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov esp, ebp
+    pop edi
+    pop esi
+    pop ebx
+    pop ebp
+
+
+    vzeroupper
+
+    ret
+intel_aes_gcmENC ENDP
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Decrypt and Authenticate
+; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+
+NEXTCTR MACRO i
+    add     aluCTR, 1
+    mov     aluTMP, aluCTR
+    bswap   aluTMP
+    xor     aluTMP, [3*4 + KS]
+    mov     [3*4 + i*16 + esp], aluTMP
+ENDM
+
+intel_aes_gcmDEC PROC
+
+    cmp DWORD PTR[1*4 + 3*4 + esp], 0
+    jne LbeginDEC
+    ret
+
+LbeginDEC:
+
+    vzeroupper
+    push    ebp
+    push    ebx
+    push    esi
+    push    edi
+
+    mov ebp, esp
+    sub esp, 8*16
+    and esp, -16
+
+    mov CT, [ebp + 5*4 + 0*4]
+    mov PT, [ebp + 5*4 + 1*4]
+    mov Gctx, [ebp + 5*4 + 2*4]
+
+    mov     KS, [16*16 + 3*16 + Gctx]
+    lea     KS, [44 + KS]
+
+    mov     aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+    bswap   aluCTR
+
+
+    vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+    vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+    vmovdqu XMMWORD PTR[0*16 + esp], TMP0
+
+    cmp len, 16*7
+    jb  LDecDataSingles
+    vmovdqu XMMWORD PTR[1*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[2*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[3*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[4*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[5*16 + esp], TMP0
+    vmovdqu XMMWORD PTR[6*16 + esp], TMP0
+    dec aluCTR
+
+LDecData7:
+    cmp len, 16*7
+    jb  LDecData7End
+    sub len, 16*7
+
+    vmovdqu TMP5, XMMWORD PTR[0*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP5, TMP5, T
+    vpshufd TMP4, TMP5, 78
+    vpxor   TMP4, TMP4, TMP5
+    vpclmulqdq  TMP0, TMP4, XMMWORD PTR[6*16 + 8*16 + Htbl], 000h
+    vmovdqu     TMP4, XMMWORD PTR[6*16 + Htbl]
+    vpclmulqdq  TMP1, TMP5, TMP4, 011h
+    vpclmulqdq  TMP2, TMP5, TMP4, 000h
+
+    NEXTCTR 0
+    vmovdqu TMP5, XMMWORD PTR[1*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 5
+    NEXTCTR 1
+    vmovdqu TMP5, XMMWORD PTR[2*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 4
+    NEXTCTR 2
+    vmovdqu TMP5, XMMWORD PTR[3*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 3
+    NEXTCTR 3
+    vmovdqu TMP5, XMMWORD PTR[4*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 2
+    NEXTCTR 4
+    vmovdqu TMP5, XMMWORD PTR[5*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 1
+    NEXTCTR 5
+    vmovdqu TMP5, XMMWORD PTR[6*16 + CT]
+    vpshufb TMP5, TMP5, XMMWORD PTR[Lbswap_mask]
+    KARATSUBA 0
+    NEXTCTR 6
+
+    vpxor   TMP0, TMP0, TMP1
+    vpxor   TMP0, TMP0, TMP2
+    vpsrldq TMP3, TMP0, 8
+    vpxor   TMP4, TMP1, TMP3
+    vpslldq TMP3, TMP0, 8
+    vpxor   TMP5, TMP2, TMP3
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpclmulqdq  TMP1, TMP5, XMMWORD PTR[Lpoly], 010h
+    vpalignr    TMP5,TMP5,TMP5,8
+    vpxor       TMP5, TMP5, TMP1
+
+    vpxor       TMP5, TMP5, TMP4
+    vmovdqu     T, TMP5
+
+    vmovdqa CTR0, XMMWORD PTR[0*16 + esp]
+    vmovdqa CTR1, XMMWORD PTR[1*16 + esp]
+    vmovdqa CTR2, XMMWORD PTR[2*16 + esp]
+    vmovdqa CTR3, XMMWORD PTR[3*16 + esp]
+    vmovdqa CTR4, XMMWORD PTR[4*16 + esp]
+    vmovdqa CTR5, XMMWORD PTR[5*16 + esp]
+    vmovdqa CTR6, XMMWORD PTR[6*16 + esp]
+
+    ROUND   1
+    ROUND   2
+    ROUND   3
+    ROUND   4
+    ROUND   5
+    ROUND   6
+    ROUND   7
+    ROUND   8
+    ROUND   9
+    vmovdqu xmm7, XMMWORD PTR[10*16 + KS]
+    cmp     NR, 10
+    je      @f
+
+    ROUND   10
+    ROUND   11
+    vmovdqu xmm7, XMMWORD PTR[12*16 + KS]
+    cmp     NR, 12
+    je      @f
+
+    ROUND   12
+    ROUND   13
+    vmovdqu xmm7, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast CTR0, CTR0, xmm7
+    vaesenclast CTR1, CTR1, xmm7
+    vaesenclast CTR2, CTR2, xmm7
+    vaesenclast CTR3, CTR3, xmm7
+    vaesenclast CTR4, CTR4, xmm7
+    vaesenclast CTR5, CTR5, xmm7
+    vaesenclast CTR6, CTR6, xmm7
+
+    vpxor   CTR0, CTR0, XMMWORD PTR[0*16 + CT]
+    vpxor   CTR1, CTR1, XMMWORD PTR[1*16 + CT]
+    vpxor   CTR2, CTR2, XMMWORD PTR[2*16 + CT]
+    vpxor   CTR3, CTR3, XMMWORD PTR[3*16 + CT]
+    vpxor   CTR4, CTR4, XMMWORD PTR[4*16 + CT]
+    vpxor   CTR5, CTR5, XMMWORD PTR[5*16 + CT]
+    vpxor   CTR6, CTR6, XMMWORD PTR[6*16 + CT]
+
+    vmovdqu XMMWORD PTR[0*16 + PT], CTR0
+    vmovdqu XMMWORD PTR[1*16 + PT], CTR1
+    vmovdqu XMMWORD PTR[2*16 + PT], CTR2
+    vmovdqu XMMWORD PTR[3*16 + PT], CTR3
+    vmovdqu XMMWORD PTR[4*16 + PT], CTR4
+    vmovdqu XMMWORD PTR[5*16 + PT], CTR5
+    vmovdqu XMMWORD PTR[6*16 + PT], CTR6
+
+    lea CT, [7*16 + CT]
+    lea PT, [7*16 + PT]
+    jmp LDecData7
+
+LDecData7End:
+
+    NEXTCTR 0
+
+LDecDataSingles:
+
+        cmp len, 16
+        jb  LDecDataTail
+        sub len, 16
+
+        vmovdqu TMP1, XMMWORD PTR[CT]
+        vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+        vpxor   TMP1, TMP1, T
+
+        vmovdqu TMP0, XMMWORD PTR[Htbl]
+        GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+        vmovdqu T, TMP1
+
+        vmovdqa TMP1, XMMWORD PTR[0*16 + esp]
+        NEXTCTR 0
+
+        vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+        cmp NR, 10
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+        cmp NR, 12
+        je  @f
+        vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+        vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+        vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+        vaesenclast TMP1, TMP1, TMP2
+        vpxor   TMP1, TMP1, XMMWORD PTR[CT]
+        vmovdqu XMMWORD PTR[PT], TMP1
+
+        lea PT, [16+PT]
+        lea CT, [16+CT]
+        jmp LDecDataSingles
+
+LDecDataTail:
+
+    cmp len, 0
+    je  LDecDataEnd
+
+    vmovdqa TMP1, XMMWORD PTR[0*16 + esp]
+    inc aluCTR
+    vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+    cmp NR, 10
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+    cmp NR, 12
+    je  @f
+    vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+    vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+    vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+    vaesenclast xmm7, TMP1, TMP2
+
+; copy as many bytes as needed
+    xor KS, KS
+    mov aluTMP, edx
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[CT + KS]
+        mov BYTE PTR[esp + KS], dl
+        inc KS
+        jmp @b
+@@:
+        cmp KS, 16
+        je  @f
+        mov BYTE PTR[esp + KS], 0
+        inc KS
+        jmp @b
+@@:
+    mov edx, aluTMP
+    vmovdqa TMP1, XMMWORD PTR[esp]
+    vpshufb TMP1, TMP1, XMMWORD PTR[Lbswap_mask]
+    vpxor   TMP1, TMP1, T
+
+    vmovdqu TMP0, XMMWORD PTR[Htbl]
+    GFMUL   TMP1, TMP1, TMP0, TMP5, TMP2, TMP3, TMP4
+    vmovdqu T, TMP1
+
+    vpxor   xmm7, xmm7, XMMWORD PTR[esp]
+    vmovdqa XMMWORD PTR[esp], xmm7
+    xor     KS, KS
+    mov aluTMP, edx
+@@:
+        cmp len, KS
+        je  @f
+        mov dl, BYTE PTR[esp + KS]
+        mov BYTE PTR[PT + KS], dl
+        inc KS
+        jmp @b
+@@:
+    mov edx, aluTMP
+
+LDecDataEnd:
+
+    bswap   aluCTR
+    mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+
+    mov esp, ebp
+    pop edi
+    pop esi
+    pop ebx
+    pop ebp
+
+    vzeroupper
+
+    ret
+intel_aes_gcmDEC ENDP
+
+
+END
diff --git a/nss/lib/freebl/intel-gcm.h b/nss/lib/freebl/intel-gcm.h
new file mode 100644
index 0000000..566e544
--- /dev/null
+++ b/nss/lib/freebl/intel-gcm.h
@@ -0,0 +1,83 @@
+/******************************************************************************/
+/* LICENSE:                                                                   */
+/* This submission to NSS is to be made available under the terms of the      */
+/* Mozilla Public License, v. 2.0. You can obtain one at http:                */
+/* //mozilla.org/MPL/2.0/.                                                    */
+/******************************************************************************/
+/* Copyright(c) 2013, Intel Corp.                                             */
+/******************************************************************************/
+/* Reference:                                                                 */
+/* [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication   */
+/*     Instruction and its Usage for Computing the GCM Mode (Rev. 2.01)       */
+/*     http://software.intel.com/sites/default/files/article/165685/clmul-wp-r*/
+/*ev-2.01-2012-09-21.pdf                                                      */
+/* [2] S. Gueron, M. E. Kounavis: Efficient Implementation of the Galois      */
+/*     Counter Mode Using a Carry-less Multiplier and a Fast Reduction        */
+/*     Algorithm. Information Processing Letters 110: 549-553 (2010).         */
+/* [3] S. Gueron: AES Performance on the 2nd Generation Intel(R) Core(TM)     */
+/*     Processor Family (to be posted) (2012).                                */
+/* [4] S. Gueron: Fast GHASH computations for speeding up AES-GCM (to be      */
+/*     published) (2012).                                                     */
+
+#ifndef INTEL_GCM_H
+#define INTEL_GCM_H 1
+
+#include "blapii.h"
+
+typedef struct intel_AES_GCMContextStr intel_AES_GCMContext;
+
+intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context, freeblCipherFunc cipher,
+                                                  const unsigned char *params, unsigned int blocksize);
+
+void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit);
+
+SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
+                                      unsigned int *outlen, unsigned int maxout,
+                                      const unsigned char *inbuf, unsigned int inlen,
+                                      unsigned int blocksize);
+
+SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *outbuf,
+                                      unsigned int *outlen, unsigned int maxout,
+                                      const unsigned char *inbuf, unsigned int inlen,
+                                      unsigned int blocksize);
+
+/* Prototypes of functions in the assembler file for fast AES-GCM, using
+   Intel AES-NI and CLMUL-NI, as described in [1]
+   [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication
+       Instruction and its Usage for Computing the GCM Mode                */
+
+/* Prepares the constants used in the aggregated reduction method */
+void intel_aes_gcmINIT(unsigned char Htbl[16 * 16],
+                       unsigned char *KS,
+                       int NR);
+
+/* Produces the final GHASH value */
+void intel_aes_gcmTAG(unsigned char Htbl[16 * 16],
+                      unsigned char *Tp,
+                      unsigned long Mlen,
+                      unsigned long Alen,
+                      unsigned char *X0,
+                      unsigned char *TAG);
+
+/* Hashes the Additional Authenticated Data, should be used before enc/dec.
+   Operates on whole blocks only. Partial blocks should be padded externally. */
+void intel_aes_gcmAAD(unsigned char Htbl[16 * 16],
+                      unsigned char *AAD,
+                      unsigned long Alen,
+                      unsigned char *Tp);
+
+/* Encrypts and hashes the Plaintext.
+   Operates on any length of data, however partial block should only be encrypted
+   at the last call, otherwise the result will be incorrect. */
+void intel_aes_gcmENC(const unsigned char *PT,
+                      unsigned char *CT,
+                      void *Gctx,
+                      unsigned long len);
+
+/* Similar to ENC, but decrypts the Ciphertext. */
+void intel_aes_gcmDEC(const unsigned char *CT,
+                      unsigned char *PT,
+                      void *Gctx,
+                      unsigned long len);
+
+#endif
diff --git a/nss/lib/freebl/intel-gcm.s b/nss/lib/freebl/intel-gcm.s
new file mode 100644
index 0000000..1a31060
--- /dev/null
+++ b/nss/lib/freebl/intel-gcm.s
@@ -0,0 +1,1340 @@
+# LICENSE:                                                                  
+# This submission to NSS is to be made available under the terms of the
+# Mozilla Public License, v. 2.0. You can obtain one at http:         
+# //mozilla.org/MPL/2.0/. 
+################################################################################
+# Copyright(c) 2012, Intel Corp.
+
+.align  16
+.Lone:
+.quad 1,0
+.Ltwo:
+.quad 2,0
+.Lbswap_mask:
+.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lshuff_mask:
+.quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f
+.Lpoly:
+.quad 0x1, 0xc200000000000000 
+
+
+################################################################################
+# Generates the final GCM tag
+# void intel_aes_gcmTAG(uint8_t Htbl[16*16], uint8_t *Tp, uint64_t Mlen, uint64_t Alen, uint8_t* X0, uint8_t* TAG);
+.type intel_aes_gcmTAG,@function
+.globl intel_aes_gcmTAG
+.align 16
+intel_aes_gcmTAG:
+
+.set  Htbl, %rdi
+.set  Tp, %rsi
+.set  Mlen, %rdx
+.set  Alen, %rcx
+.set  X0, %r8
+.set  TAG, %r9
+
+.set T,%xmm0
+.set TMP0,%xmm1
+
+   vmovdqu  (Tp), T
+   vpshufb  .Lbswap_mask(%rip), T, T
+   vpxor    TMP0, TMP0, TMP0
+   shl      $3, Mlen
+   shl      $3, Alen
+   vpinsrq  $0, Mlen, TMP0, TMP0
+   vpinsrq  $1, Alen, TMP0, TMP0
+   vpxor    TMP0, T, T
+   vmovdqu  (Htbl), TMP0
+   call     GFMUL
+   vpshufb  .Lbswap_mask(%rip), T, T
+   vpxor    (X0), T, T
+   vmovdqu  T, (TAG)
+   
+ret
+.size intel_aes_gcmTAG, .-intel_aes_gcmTAG
+################################################################################
+# Generates the H table
+# void intel_aes_gcmINIT(uint8_t Htbl[16*16], uint8_t *KS, int NR);
+.type intel_aes_gcmINIT,@function
+.globl intel_aes_gcmINIT
+.align 16
+intel_aes_gcmINIT:
+   
+.set  Htbl, %rdi
+.set  KS, %rsi
+.set  NR, %edx
+
+.set T,%xmm0
+.set TMP0,%xmm1
+
+CALCULATE_POWERS_OF_H:
+    vmovdqu      16*0(KS), T
+    vaesenc      16*1(KS), T, T
+    vaesenc      16*2(KS), T, T
+    vaesenc      16*3(KS), T, T
+    vaesenc      16*4(KS), T, T
+    vaesenc      16*5(KS), T, T
+    vaesenc      16*6(KS), T, T
+    vaesenc      16*7(KS), T, T
+    vaesenc      16*8(KS), T, T
+    vaesenc      16*9(KS), T, T
+    vmovdqu      16*10(KS), TMP0
+    cmp          $10, NR
+    je           .LH0done
+    vaesenc      16*10(KS), T, T
+    vaesenc      16*11(KS), T, T
+    vmovdqu      16*12(KS), TMP0
+    cmp          $12, NR
+    je           .LH0done
+    vaesenc      16*12(KS), T, T
+    vaesenc      16*13(KS), T, T
+    vmovdqu      16*14(KS), TMP0
+  
+.LH0done:
+    vaesenclast  TMP0, T, T
+
+    vpshufb      .Lbswap_mask(%rip), T, T  
+
+    vmovdqu	T, TMP0
+    # Calculate H` = GFMUL(H, 2)
+    vpsrld	$7 , T , %xmm3
+    vmovdqu	.Lshuff_mask(%rip), %xmm4
+    vpshufb	%xmm4, %xmm3 , %xmm3
+    movq	$0xff00 , %rax
+    vmovq	%rax, %xmm4
+    vpshufb	%xmm3, %xmm4 , %xmm4
+    vmovdqu	.Lpoly(%rip), %xmm5
+    vpand	%xmm4, %xmm5, %xmm5
+    vpsrld	$31, T, %xmm3
+    vpslld	$1, T, %xmm4
+    vpslldq	$4, %xmm3, %xmm3
+    vpxor	%xmm3, %xmm4, T  #xmm1 holds now p(x)<<1
+
+    #adding p(x)<<1 to xmm5
+    vpxor     %xmm5, T , T
+    vmovdqu   T, TMP0
+    vmovdqu   T, (Htbl)     # H * 2
+    call  GFMUL
+    vmovdqu  T, 16(Htbl)    # H^2 * 2
+    call  GFMUL
+    vmovdqu  T, 32(Htbl)    # H^3 * 2
+    call  GFMUL
+    vmovdqu  T, 48(Htbl)    # H^4 * 2
+    call  GFMUL
+    vmovdqu  T, 64(Htbl)    # H^5 * 2
+    call  GFMUL
+    vmovdqu  T, 80(Htbl)    # H^6 * 2
+    call  GFMUL
+    vmovdqu  T, 96(Htbl)    # H^7 * 2
+    call  GFMUL
+    vmovdqu  T, 112(Htbl)   # H^8 * 2  
+
+    # Precalculations for the reduce 4 step
+    vpshufd  $78, (Htbl), %xmm8
+    vpshufd  $78, 16(Htbl), %xmm9
+    vpshufd  $78, 32(Htbl), %xmm10
+    vpshufd  $78, 48(Htbl), %xmm11
+    vpshufd  $78, 64(Htbl), %xmm12
+    vpshufd  $78, 80(Htbl), %xmm13
+    vpshufd  $78, 96(Htbl), %xmm14
+    vpshufd  $78, 112(Htbl), %xmm15
+
+    vpxor  (Htbl), %xmm8, %xmm8
+    vpxor  16(Htbl), %xmm9, %xmm9
+    vpxor  32(Htbl), %xmm10, %xmm10
+    vpxor  48(Htbl), %xmm11, %xmm11
+    vpxor  64(Htbl), %xmm12, %xmm12
+    vpxor  80(Htbl), %xmm13, %xmm13
+    vpxor  96(Htbl), %xmm14, %xmm14
+    vpxor  112(Htbl), %xmm15, %xmm15
+
+    vmovdqu   %xmm8, 128(Htbl)
+    vmovdqu   %xmm9, 144(Htbl)
+    vmovdqu   %xmm10, 160(Htbl)
+    vmovdqu   %xmm11, 176(Htbl)
+    vmovdqu   %xmm12, 192(Htbl)
+    vmovdqu   %xmm13, 208(Htbl)
+    vmovdqu   %xmm14, 224(Htbl)
+    vmovdqu   %xmm15, 240(Htbl)
+
+    ret
+.size intel_aes_gcmINIT, .-intel_aes_gcmINIT
+################################################################################
+# Authenticate only
+# void intel_aes_gcmAAD(uint8_t Htbl[16*16], uint8_t *AAD, uint64_t Alen, uint8_t *Tp);
+
+.globl  intel_aes_gcmAAD
+.type   intel_aes_gcmAAD,@function
+.align  16
+intel_aes_gcmAAD:
+
+.set DATA, %xmm0
+.set T, %xmm1
+.set BSWAP_MASK, %xmm2
+.set TMP0, %xmm3
+.set TMP1, %xmm4
+.set TMP2, %xmm5
+.set TMP3, %xmm6
+.set TMP4, %xmm7
+.set Xhi, %xmm9
+
+.set Htbl, %rdi
+.set inp, %rsi
+.set len, %rdx
+.set Tp, %rcx
+
+.set hlp0, %r11
+
+.macro KARATSUBA_AAD i
+    vpclmulqdq  $0x00, 16*\i(Htbl), DATA, TMP3
+    vpxor       TMP3, TMP0, TMP0
+    vpclmulqdq  $0x11, 16*\i(Htbl), DATA, TMP3
+    vpxor       TMP3, TMP1, TMP1
+    vpshufd     $78,  DATA, TMP3
+    vpxor       DATA, TMP3, TMP3
+    vpclmulqdq  $0x00, 16*(\i+8)(Htbl), TMP3, TMP3
+    vpxor       TMP3, TMP2, TMP2
+.endm
+
+    test  len, len
+    jnz   .LbeginAAD
+    ret
+
+.LbeginAAD:
+
+   push  hlp0
+   vzeroupper
+   
+   vmovdqa  .Lbswap_mask(%rip), BSWAP_MASK
+   
+   vpxor    Xhi, Xhi, Xhi
+   
+   vmovdqu  (Tp),T
+   vpshufb  BSWAP_MASK,T,T
+
+   # we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+    mov     len, hlp0
+    and	    $~-128, hlp0
+
+    jz      .Lmod_loop
+
+    sub     hlp0, len
+    sub     $16, hlp0
+
+   #hash first prefix block
+	vmovdqu (inp), DATA
+	vpshufb  BSWAP_MASK, DATA, DATA
+	vpxor    T, DATA, DATA
+	
+	vpclmulqdq  $0x00, (Htbl, hlp0), DATA, TMP0
+	vpclmulqdq  $0x11, (Htbl, hlp0), DATA, TMP1
+	vpshufd     $78, DATA, TMP2
+	vpxor       DATA, TMP2, TMP2
+	vpclmulqdq  $0x00, 16*8(Htbl, hlp0), TMP2, TMP2
+	
+	lea	    16(inp), inp
+	test    hlp0, hlp0
+	jnz	    .Lpre_loop
+	jmp	    .Lred1
+
+    #hash remaining prefix bocks (up to 7 total prefix blocks)
+.align 64
+.Lpre_loop:
+
+    sub	$16, hlp0
+
+    vmovdqu     (inp),DATA           # next data block
+    vpshufb     BSWAP_MASK,DATA,DATA
+
+    vpclmulqdq  $0x00, (Htbl,hlp0), DATA, TMP3
+    vpxor       TMP3, TMP0, TMP0
+    vpclmulqdq  $0x11, (Htbl,hlp0), DATA, TMP3
+    vpxor       TMP3, TMP1, TMP1
+    vpshufd	    $78, DATA, TMP3
+    vpxor       DATA, TMP3, TMP3
+    vpclmulqdq  $0x00, 16*8(Htbl,hlp0), TMP3, TMP3
+    vpxor       TMP3, TMP2, TMP2
+
+    test	hlp0, hlp0
+
+    lea	16(inp), inp
+
+    jnz	.Lpre_loop
+	
+.Lred1:
+    vpxor       TMP0, TMP2, TMP2
+    vpxor       TMP1, TMP2, TMP2
+    vpsrldq     $8, TMP2, TMP3
+    vpslldq     $8, TMP2, TMP2
+
+    vpxor       TMP3, TMP1, Xhi
+    vpxor       TMP2, TMP0, T
+	
+.align 64
+.Lmod_loop:
+    sub	$0x80, len
+    jb	.Ldone
+
+    vmovdqu     16*7(inp),DATA		# Ii
+    vpshufb     BSWAP_MASK,DATA,DATA
+
+    vpclmulqdq  $0x00, (Htbl), DATA, TMP0
+    vpclmulqdq  $0x11, (Htbl), DATA, TMP1
+    vpshufd     $78, DATA, TMP2
+    vpxor       DATA, TMP2, TMP2
+    vpclmulqdq  $0x00, 16*8(Htbl), TMP2, TMP2
+    #########################################################
+    vmovdqu     16*6(inp),DATA
+    vpshufb     BSWAP_MASK,DATA,DATA
+    KARATSUBA_AAD 1
+    #########################################################
+    vmovdqu     16*5(inp),DATA
+    vpshufb     BSWAP_MASK,DATA,DATA
+
+    vpclmulqdq  $0x10, .Lpoly(%rip), T, TMP4         #reduction stage 1a
+    vpalignr    $8, T, T, T
+
+    KARATSUBA_AAD 2
+
+    vpxor       TMP4, T, T                 #reduction stage 1b
+    #########################################################
+    vmovdqu		16*4(inp),DATA
+    vpshufb	    BSWAP_MASK,DATA,DATA
+
+    KARATSUBA_AAD 3
+    #########################################################
+    vmovdqu     16*3(inp),DATA
+    vpshufb     BSWAP_MASK,DATA,DATA
+
+    vpclmulqdq  $0x10, .Lpoly(%rip), T, TMP4         #reduction stage 2a
+    vpalignr    $8, T, T, T
+
+    KARATSUBA_AAD 4
+
+    vpxor       TMP4, T, T                 #reduction stage 2b
+    #########################################################
+    vmovdqu     16*2(inp),DATA
+    vpshufb     BSWAP_MASK,DATA,DATA
+
+    KARATSUBA_AAD 5
+
+    vpxor       Xhi, T, T                  #reduction finalize
+    #########################################################
+    vmovdqu     16*1(inp),DATA
+    vpshufb     BSWAP_MASK,DATA,DATA
+
+    KARATSUBA_AAD 6
+    #########################################################
+    vmovdqu     16*0(inp),DATA
+    vpshufb     BSWAP_MASK,DATA,DATA
+    vpxor       T,DATA,DATA
+
+    KARATSUBA_AAD 7
+    #########################################################
+    vpxor       TMP0, TMP2, TMP2              # karatsuba fixup
+    vpxor       TMP1, TMP2, TMP2
+    vpsrldq     $8, TMP2, TMP3
+    vpslldq     $8, TMP2, TMP2
+
+    vpxor       TMP3, TMP1, Xhi
+    vpxor       TMP2, TMP0, T
+
+    lea	16*8(inp), inp
+    jmp .Lmod_loop
+    #########################################################
+
+.Ldone:
+    vpclmulqdq  $0x10, .Lpoly(%rip), T, TMP3
+    vpalignr    $8, T, T, T
+    vpxor       TMP3, T, T
+
+    vpclmulqdq  $0x10, .Lpoly(%rip), T, TMP3
+    vpalignr    $8, T, T, T
+    vpxor       TMP3, T, T
+
+    vpxor       Xhi, T, T
+   
+.Lsave:
+    vpshufb     BSWAP_MASK,T, T
+    vmovdqu     T,(Tp)
+    vzeroupper
+
+    pop hlp0
+    ret
+.size   intel_aes_gcmAAD,.-intel_aes_gcmAAD
+
+################################################################################
+# Encrypt and Authenticate
+# void intel_aes_gcmENC(uint8_t* PT, uint8_t* CT, void *Gctx,uint64_t len);
+.type intel_aes_gcmENC,@function
+.globl intel_aes_gcmENC
+.align 16
+intel_aes_gcmENC:
+
+.set PT,%rdi
+.set CT,%rsi
+.set Htbl, %rdx
+.set len, %rcx
+.set KS,%r9
+.set NR,%r10d
+
+.set Gctx, %rdx
+
+.set T,%xmm0
+.set TMP0,%xmm1
+.set TMP1,%xmm2
+.set TMP2,%xmm3
+.set TMP3,%xmm4
+.set TMP4,%xmm5
+.set TMP5,%xmm6
+.set CTR0,%xmm7
+.set CTR1,%xmm8
+.set CTR2,%xmm9
+.set CTR3,%xmm10
+.set CTR4,%xmm11
+.set CTR5,%xmm12
+.set CTR6,%xmm13
+.set CTR7,%xmm14
+.set CTR,%xmm15
+
+.macro ROUND i
+    vmovdqu \i*16(KS), TMP3
+    vaesenc TMP3, CTR0, CTR0
+    vaesenc TMP3, CTR1, CTR1
+    vaesenc TMP3, CTR2, CTR2
+    vaesenc TMP3, CTR3, CTR3
+    vaesenc TMP3, CTR4, CTR4
+    vaesenc TMP3, CTR5, CTR5
+    vaesenc TMP3, CTR6, CTR6
+    vaesenc TMP3, CTR7, CTR7
+.endm
+
+.macro ROUNDMUL i
+
+    vmovdqu \i*16(%rsp), TMP5
+    vmovdqu \i*16(KS), TMP3
+
+    vaesenc TMP3, CTR0, CTR0
+    vaesenc TMP3, CTR1, CTR1
+    vaesenc TMP3, CTR2, CTR2
+    vaesenc TMP3, CTR3, CTR3
+
+    vpshufd $78, TMP5, TMP4
+    vpxor   TMP5, TMP4, TMP4
+
+    vaesenc TMP3, CTR4, CTR4
+    vaesenc TMP3, CTR5, CTR5
+    vaesenc TMP3, CTR6, CTR6
+    vaesenc TMP3, CTR7, CTR7
+
+    vpclmulqdq  $0x00, 128+\i*16(Htbl), TMP4, TMP3
+    vpxor       TMP3, TMP0, TMP0
+    vmovdqa     \i*16(Htbl), TMP4
+    vpclmulqdq  $0x11, TMP4, TMP5, TMP3
+    vpxor       TMP3, TMP1, TMP1
+    vpclmulqdq  $0x00, TMP4, TMP5, TMP3
+    vpxor       TMP3, TMP2, TMP2
+  
+.endm
+
+.macro KARATSUBA i
+    vmovdqu \i*16(%rsp), TMP5
+
+    vpclmulqdq  $0x11, 16*\i(Htbl), TMP5, TMP3
+    vpxor       TMP3, TMP1, TMP1
+    vpclmulqdq  $0x00, 16*\i(Htbl), TMP5, TMP3
+    vpxor       TMP3, TMP2, TMP2
+    vpshufd     $78, TMP5, TMP3
+    vpxor       TMP5, TMP3, TMP5
+    vpclmulqdq  $0x00, 128+\i*16(Htbl), TMP5, TMP3
+    vpxor       TMP3, TMP0, TMP0
+.endm
+
+    test len, len
+    jnz  .Lbegin
+    ret
+   
+.Lbegin:
+
+    vzeroupper
+    push %rbp
+    push %rbx
+
+    movq %rsp, %rbp   
+    sub  $128, %rsp
+    andq $-16, %rsp
+
+    vmovdqu  288(Gctx), CTR
+    vmovdqu  272(Gctx), T
+    mov  304(Gctx), KS
+    mov  4(KS), NR
+    lea  48(KS), KS
+
+    vpshufb  .Lbswap_mask(%rip), CTR, CTR
+    vpshufb  .Lbswap_mask(%rip), T, T
+
+    cmp  $128, len
+    jb   .LDataSingles
+   
+# Encrypt the first eight blocks
+    sub     $128, len
+    vmovdqa CTR, CTR0
+    vpaddd  .Lone(%rip), CTR0, CTR1
+    vpaddd  .Ltwo(%rip), CTR0, CTR2
+    vpaddd  .Lone(%rip), CTR2, CTR3
+    vpaddd  .Ltwo(%rip), CTR2, CTR4
+    vpaddd  .Lone(%rip), CTR4, CTR5
+    vpaddd  .Ltwo(%rip), CTR4, CTR6
+    vpaddd  .Lone(%rip), CTR6, CTR7
+    vpaddd  .Ltwo(%rip), CTR6, CTR
+
+    vpshufb .Lbswap_mask(%rip), CTR0, CTR0
+    vpshufb .Lbswap_mask(%rip), CTR1, CTR1
+    vpshufb .Lbswap_mask(%rip), CTR2, CTR2
+    vpshufb .Lbswap_mask(%rip), CTR3, CTR3
+    vpshufb .Lbswap_mask(%rip), CTR4, CTR4
+    vpshufb .Lbswap_mask(%rip), CTR5, CTR5
+    vpshufb .Lbswap_mask(%rip), CTR6, CTR6
+    vpshufb .Lbswap_mask(%rip), CTR7, CTR7
+
+    vpxor   (KS), CTR0, CTR0
+    vpxor   (KS), CTR1, CTR1
+    vpxor   (KS), CTR2, CTR2
+    vpxor   (KS), CTR3, CTR3
+    vpxor   (KS), CTR4, CTR4
+    vpxor   (KS), CTR5, CTR5
+    vpxor   (KS), CTR6, CTR6
+    vpxor   (KS), CTR7, CTR7
+
+    ROUND 1
+    ROUND 2
+    ROUND 3
+    ROUND 4
+    ROUND 5
+    ROUND 6
+    ROUND 7
+    ROUND 8
+    ROUND 9
+
+    vmovdqu 160(KS), TMP5
+    cmp $12, NR
+    jb  .LLast1
+
+    ROUND 10
+    ROUND 11
+
+    vmovdqu 192(KS), TMP5
+    cmp $14, NR
+    jb  .LLast1
+
+    ROUND 12
+    ROUND 13
+
+    vmovdqu 224(KS), TMP5
+  
+.LLast1:
+
+    vpxor       (PT), TMP5, TMP3
+    vaesenclast TMP3, CTR0, CTR0
+    vpxor       16(PT), TMP5, TMP3
+    vaesenclast TMP3, CTR1, CTR1
+    vpxor       32(PT), TMP5, TMP3
+    vaesenclast TMP3, CTR2, CTR2
+    vpxor       48(PT), TMP5, TMP3
+    vaesenclast TMP3, CTR3, CTR3
+    vpxor       64(PT), TMP5, TMP3
+    vaesenclast TMP3, CTR4, CTR4
+    vpxor       80(PT), TMP5, TMP3
+    vaesenclast TMP3, CTR5, CTR5
+    vpxor       96(PT), TMP5, TMP3
+    vaesenclast TMP3, CTR6, CTR6
+    vpxor       112(PT), TMP5, TMP3
+    vaesenclast TMP3, CTR7, CTR7
+    
+    vmovdqu     .Lbswap_mask(%rip), TMP3
+   
+    vmovdqu CTR0, (CT)
+    vpshufb TMP3, CTR0, CTR0
+    vmovdqu CTR1, 16(CT)
+    vpshufb TMP3, CTR1, CTR1
+    vmovdqu CTR2, 32(CT)
+    vpshufb TMP3, CTR2, CTR2
+    vmovdqu CTR3, 48(CT)
+    vpshufb TMP3, CTR3, CTR3
+    vmovdqu CTR4, 64(CT)
+    vpshufb TMP3, CTR4, CTR4
+    vmovdqu CTR5, 80(CT)
+    vpshufb TMP3, CTR5, CTR5
+    vmovdqu CTR6, 96(CT)
+    vpshufb TMP3, CTR6, CTR6
+    vmovdqu CTR7, 112(CT)
+    vpshufb TMP3, CTR7, CTR7
+
+    lea 128(CT), CT
+    lea 128(PT), PT
+    jmp .LDataOctets
+
+# Encrypt 8 blocks each time while hashing previous 8 blocks
+.align 64
+.LDataOctets:
+        cmp $128, len
+        jb  .LEndOctets
+        sub $128, len
+
+        vmovdqa CTR7, TMP5
+        vmovdqa CTR6, 1*16(%rsp)
+        vmovdqa CTR5, 2*16(%rsp)
+        vmovdqa CTR4, 3*16(%rsp)
+        vmovdqa CTR3, 4*16(%rsp)
+        vmovdqa CTR2, 5*16(%rsp)
+        vmovdqa CTR1, 6*16(%rsp)
+        vmovdqa CTR0, 7*16(%rsp)
+
+        vmovdqa CTR, CTR0
+        vpaddd  .Lone(%rip), CTR0, CTR1
+        vpaddd  .Ltwo(%rip), CTR0, CTR2
+        vpaddd  .Lone(%rip), CTR2, CTR3
+        vpaddd  .Ltwo(%rip), CTR2, CTR4
+        vpaddd  .Lone(%rip), CTR4, CTR5
+        vpaddd  .Ltwo(%rip), CTR4, CTR6
+        vpaddd  .Lone(%rip), CTR6, CTR7
+        vpaddd  .Ltwo(%rip), CTR6, CTR
+
+        vmovdqu (KS), TMP4
+        vpshufb TMP3, CTR0, CTR0
+        vpxor   TMP4, CTR0, CTR0
+        vpshufb TMP3, CTR1, CTR1
+        vpxor   TMP4, CTR1, CTR1
+        vpshufb TMP3, CTR2, CTR2
+        vpxor   TMP4, CTR2, CTR2
+        vpshufb TMP3, CTR3, CTR3
+        vpxor   TMP4, CTR3, CTR3
+        vpshufb TMP3, CTR4, CTR4
+        vpxor   TMP4, CTR4, CTR4
+        vpshufb TMP3, CTR5, CTR5
+        vpxor   TMP4, CTR5, CTR5
+        vpshufb TMP3, CTR6, CTR6
+        vpxor   TMP4, CTR6, CTR6
+        vpshufb TMP3, CTR7, CTR7
+        vpxor   TMP4, CTR7, CTR7
+
+        vmovdqu     16*0(Htbl), TMP3
+        vpclmulqdq  $0x11, TMP3, TMP5, TMP1
+        vpclmulqdq  $0x00, TMP3, TMP5, TMP2      
+        vpshufd     $78, TMP5, TMP3
+        vpxor       TMP5, TMP3, TMP5
+        vmovdqu     128+0*16(Htbl), TMP3      
+        vpclmulqdq  $0x00, TMP3, TMP5, TMP0
+
+        ROUNDMUL 1
+
+        ROUNDMUL 2
+
+        ROUNDMUL 3
+
+        ROUNDMUL 4
+
+        ROUNDMUL 5
+
+        ROUNDMUL 6
+
+        vpxor   7*16(%rsp), T, TMP5
+        vmovdqu 7*16(KS), TMP3
+
+        vaesenc TMP3, CTR0, CTR0
+        vaesenc TMP3, CTR1, CTR1
+        vaesenc TMP3, CTR2, CTR2
+        vaesenc TMP3, CTR3, CTR3
+
+        vpshufd $78, TMP5, TMP4
+        vpxor   TMP5, TMP4, TMP4
+
+        vaesenc TMP3, CTR4, CTR4
+        vaesenc TMP3, CTR5, CTR5
+        vaesenc TMP3, CTR6, CTR6
+        vaesenc TMP3, CTR7, CTR7
+
+        vpclmulqdq  $0x11, 7*16(Htbl), TMP5, TMP3
+        vpxor       TMP3, TMP1, TMP1
+        vpclmulqdq  $0x00, 7*16(Htbl), TMP5, TMP3
+        vpxor       TMP3, TMP2, TMP2
+        vpclmulqdq  $0x00, 128+7*16(Htbl), TMP4, TMP3
+        vpxor       TMP3, TMP0, TMP0
+
+        ROUND 8    
+        vmovdqa .Lpoly(%rip), TMP5
+
+        vpxor   TMP1, TMP0, TMP0
+        vpxor   TMP2, TMP0, TMP0
+        vpsrldq $8, TMP0, TMP3
+        vpxor   TMP3, TMP1, TMP4
+        vpslldq $8, TMP0, TMP3
+        vpxor   TMP3, TMP2, T
+
+        vpclmulqdq  $0x10, TMP5, T, TMP1
+        vpalignr    $8, T, T, T
+        vpxor       T, TMP1, T
+
+        ROUND 9
+
+        vpclmulqdq  $0x10, TMP5, T, TMP1
+        vpalignr    $8, T, T, T
+        vpxor       T, TMP1, T
+
+        vmovdqu 160(KS), TMP5
+        cmp     $10, NR
+        jbe     .LLast2
+
+        ROUND 10
+        ROUND 11
+
+        vmovdqu 192(KS), TMP5
+        cmp     $12, NR
+        jbe     .LLast2
+
+        ROUND 12
+        ROUND 13
+
+        vmovdqu 224(KS), TMP5
+
+.LLast2:
+      
+        vpxor       (PT), TMP5, TMP3
+        vaesenclast TMP3, CTR0, CTR0
+        vpxor       16(PT), TMP5, TMP3
+        vaesenclast TMP3, CTR1, CTR1
+        vpxor       32(PT), TMP5, TMP3
+        vaesenclast TMP3, CTR2, CTR2
+        vpxor       48(PT), TMP5, TMP3
+        vaesenclast TMP3, CTR3, CTR3
+        vpxor       64(PT), TMP5, TMP3
+        vaesenclast TMP3, CTR4, CTR4
+        vpxor       80(PT), TMP5, TMP3
+        vaesenclast TMP3, CTR5, CTR5
+        vpxor       96(PT), TMP5, TMP3
+        vaesenclast TMP3, CTR6, CTR6
+        vpxor       112(PT), TMP5, TMP3
+        vaesenclast TMP3, CTR7, CTR7
+
+        vmovdqu .Lbswap_mask(%rip), TMP3
+
+        vmovdqu CTR0, (CT)
+        vpshufb TMP3, CTR0, CTR0
+        vmovdqu CTR1, 16(CT)
+        vpshufb TMP3, CTR1, CTR1
+        vmovdqu CTR2, 32(CT)
+        vpshufb TMP3, CTR2, CTR2
+        vmovdqu CTR3, 48(CT)
+        vpshufb TMP3, CTR3, CTR3
+        vmovdqu CTR4, 64(CT)
+        vpshufb TMP3, CTR4, CTR4
+        vmovdqu CTR5, 80(CT)
+        vpshufb TMP3, CTR5, CTR5
+        vmovdqu CTR6, 96(CT)
+        vpshufb TMP3, CTR6, CTR6
+        vmovdqu CTR7,112(CT)
+        vpshufb TMP3, CTR7, CTR7
+
+        vpxor   TMP4, T, T
+
+        lea 128(CT), CT
+        lea 128(PT), PT
+    jmp  .LDataOctets
+
+.LEndOctets:
+    
+    vmovdqa CTR7, TMP5
+    vmovdqa CTR6, 1*16(%rsp)
+    vmovdqa CTR5, 2*16(%rsp)
+    vmovdqa CTR4, 3*16(%rsp)
+    vmovdqa CTR3, 4*16(%rsp)
+    vmovdqa CTR2, 5*16(%rsp)
+    vmovdqa CTR1, 6*16(%rsp)
+    vmovdqa CTR0, 7*16(%rsp)
+
+    vmovdqu     16*0(Htbl), TMP3
+    vpclmulqdq  $0x11, TMP3, TMP5, TMP1
+    vpclmulqdq  $0x00, TMP3, TMP5, TMP2      
+    vpshufd     $78, TMP5, TMP3
+    vpxor       TMP5, TMP3, TMP5
+    vmovdqu     128+0*16(Htbl), TMP3      
+    vpclmulqdq  $0x00, TMP3, TMP5, TMP0
+
+    KARATSUBA 1
+    KARATSUBA 2
+    KARATSUBA 3      
+    KARATSUBA 4
+    KARATSUBA 5
+    KARATSUBA 6
+
+    vmovdqu     7*16(%rsp), TMP5
+    vpxor       T, TMP5, TMP5
+    vmovdqu     16*7(Htbl), TMP4            
+    vpclmulqdq  $0x11, TMP4, TMP5, TMP3
+    vpxor       TMP3, TMP1, TMP1
+    vpclmulqdq  $0x00, TMP4, TMP5, TMP3
+    vpxor       TMP3, TMP2, TMP2      
+    vpshufd     $78, TMP5, TMP3
+    vpxor       TMP5, TMP3, TMP5
+    vmovdqu     128+7*16(Htbl), TMP4      
+    vpclmulqdq  $0x00, TMP4, TMP5, TMP3
+    vpxor       TMP3, TMP0, TMP0
+
+    vpxor       TMP1, TMP0, TMP0
+    vpxor       TMP2, TMP0, TMP0
+
+    vpsrldq     $8, TMP0, TMP3
+    vpxor       TMP3, TMP1, TMP4
+    vpslldq     $8, TMP0, TMP3
+    vpxor       TMP3, TMP2, T
+
+    vmovdqa     .Lpoly(%rip), TMP2
+
+    vpalignr    $8, T, T, TMP1
+    vpclmulqdq  $0x10, TMP2, T, T
+    vpxor       T, TMP1, T
+
+    vpalignr    $8, T, T, TMP1
+    vpclmulqdq  $0x10, TMP2, T, T
+    vpxor       T, TMP1, T
+
+    vpxor       TMP4, T, T
+
+#Here we encrypt any remaining whole block
+.LDataSingles:
+
+    cmp $16, len
+    jb  .LDataTail
+    sub $16, len
+
+    vpshufb .Lbswap_mask(%rip), CTR, TMP1
+    vpaddd  .Lone(%rip), CTR, CTR
+
+    vpxor   (KS), TMP1, TMP1
+    vaesenc 16*1(KS), TMP1, TMP1
+    vaesenc 16*2(KS), TMP1, TMP1
+    vaesenc 16*3(KS), TMP1, TMP1
+    vaesenc 16*4(KS), TMP1, TMP1
+    vaesenc 16*5(KS), TMP1, TMP1
+    vaesenc 16*6(KS), TMP1, TMP1
+    vaesenc 16*7(KS), TMP1, TMP1
+    vaesenc 16*8(KS), TMP1, TMP1
+    vaesenc 16*9(KS), TMP1, TMP1
+    vmovdqu 16*10(KS), TMP2
+    cmp     $10, NR
+    je      .LLast3
+    vaesenc 16*10(KS), TMP1, TMP1
+    vaesenc 16*11(KS), TMP1, TMP1
+    vmovdqu 16*12(KS), TMP2
+    cmp     $12, NR
+    je      .LLast3
+    vaesenc 16*12(KS), TMP1, TMP1
+    vaesenc 16*13(KS), TMP1, TMP1
+    vmovdqu 16*14(KS), TMP2
+
+.LLast3:
+    vaesenclast TMP2, TMP1, TMP1
+
+    vpxor   (PT), TMP1, TMP1
+    vmovdqu TMP1, (CT)
+    addq    $16, CT
+    addq    $16, PT
+
+    vpshufb .Lbswap_mask(%rip), TMP1, TMP1
+    vpxor   TMP1, T, T
+    vmovdqu (Htbl), TMP0
+    call    GFMUL
+
+    jmp .LDataSingles
+
+#Here we encypt the final partial block, if there is one
+.LDataTail:
+
+    test    len, len
+    jz      DATA_END
+# First prepare the counter block
+    vpshufb .Lbswap_mask(%rip), CTR, TMP1
+    vpaddd  .Lone(%rip), CTR, CTR
+
+    vpxor   (KS), TMP1, TMP1
+    vaesenc 16*1(KS), TMP1, TMP1
+    vaesenc 16*2(KS), TMP1, TMP1
+    vaesenc 16*3(KS), TMP1, TMP1
+    vaesenc 16*4(KS), TMP1, TMP1
+    vaesenc 16*5(KS), TMP1, TMP1
+    vaesenc 16*6(KS), TMP1, TMP1
+    vaesenc 16*7(KS), TMP1, TMP1
+    vaesenc 16*8(KS), TMP1, TMP1
+    vaesenc 16*9(KS), TMP1, TMP1
+    vmovdqu 16*10(KS), TMP2
+    cmp     $10, NR
+    je      .LLast4
+    vaesenc 16*10(KS), TMP1, TMP1
+    vaesenc 16*11(KS), TMP1, TMP1
+    vmovdqu 16*12(KS), TMP2
+    cmp     $12, NR
+    je      .LLast4
+    vaesenc 16*12(KS), TMP1, TMP1
+    vaesenc 16*13(KS), TMP1, TMP1
+    vmovdqu 16*14(KS), TMP2
+  
+.LLast4:
+    vaesenclast TMP2, TMP1, TMP1
+#Zero a temp location
+    vpxor   TMP2, TMP2, TMP2
+    vmovdqa TMP2, (%rsp)
+    
+# Copy the required bytes only (could probably use rep movsb)
+    xor KS, KS  
+.LEncCpy:
+        cmp     KS, len
+        je      .LEncCpyEnd
+        movb    (PT, KS, 1), %r8b
+        movb    %r8b, (%rsp, KS, 1)
+        inc     KS
+        jmp .LEncCpy
+.LEncCpyEnd:
+# Xor with the counter block
+    vpxor   (%rsp), TMP1, TMP0
+# Again, store at temp location
+    vmovdqa TMP0, (%rsp)
+# Copy only the required bytes to CT, and zero the rest for the hash
+    xor KS, KS
+.LEncCpy2:
+    cmp     KS, len
+    je      .LEncCpy3
+    movb    (%rsp, KS, 1), %r8b
+    movb    %r8b, (CT, KS, 1)
+    inc     KS
+    jmp .LEncCpy2
+.LEncCpy3:
+    cmp     $16, KS
+    je      .LEndCpy3
+    movb    $0, (%rsp, KS, 1)
+    inc     KS
+    jmp .LEncCpy3
+.LEndCpy3:
+   vmovdqa  (%rsp), TMP0
+
+   vpshufb  .Lbswap_mask(%rip), TMP0, TMP0
+   vpxor    TMP0, T, T
+   vmovdqu  (Htbl), TMP0
+   call     GFMUL
+
+DATA_END:
+
+   vpshufb  .Lbswap_mask(%rip), T, T
+   vpshufb  .Lbswap_mask(%rip), CTR, CTR
+   vmovdqu  T, 272(Gctx)
+   vmovdqu  CTR, 288(Gctx)
+
+   movq   %rbp, %rsp
+
+   popq   %rbx
+   popq   %rbp
+   ret
+   .size intel_aes_gcmENC, .-intel_aes_gcmENC
+  
+#########################
+# Decrypt and Authenticate
+# void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx,uint64_t len);
+.type intel_aes_gcmDEC,@function
+.globl intel_aes_gcmDEC
+.align 16
+intel_aes_gcmDEC:
+# parameter 1: CT    # input
+# parameter 2: PT    # output
+# parameter 3: %rdx  # Gctx
+# parameter 4: %rcx  # len
+
+.macro DEC_KARATSUBA i
+    vmovdqu     (7-\i)*16(CT), TMP5
+    vpshufb     .Lbswap_mask(%rip), TMP5, TMP5
+
+    vpclmulqdq  $0x11, 16*\i(Htbl), TMP5, TMP3
+    vpxor       TMP3, TMP1, TMP1
+    vpclmulqdq  $0x00, 16*\i(Htbl), TMP5, TMP3
+    vpxor       TMP3, TMP2, TMP2
+    vpshufd     $78, TMP5, TMP3
+    vpxor       TMP5, TMP3, TMP5
+    vpclmulqdq  $0x00, 128+\i*16(Htbl), TMP5, TMP3
+    vpxor       TMP3, TMP0, TMP0
+.endm
+
+.set PT,%rsi
+.set CT,%rdi
+.set Htbl, %rdx
+.set len, %rcx
+.set KS,%r9
+.set NR,%r10d
+
+.set Gctx, %rdx
+
+.set T,%xmm0
+.set TMP0,%xmm1
+.set TMP1,%xmm2
+.set TMP2,%xmm3
+.set TMP3,%xmm4
+.set TMP4,%xmm5
+.set TMP5,%xmm6
+.set CTR0,%xmm7
+.set CTR1,%xmm8
+.set CTR2,%xmm9
+.set CTR3,%xmm10
+.set CTR4,%xmm11
+.set CTR5,%xmm12
+.set CTR6,%xmm13
+.set CTR7,%xmm14
+.set CTR,%xmm15
+
+    test  len, len
+    jnz   .LbeginDec
+    ret
+   
+.LbeginDec:
+
+    pushq   %rbp
+    pushq   %rbx
+    movq    %rsp, %rbp   
+    sub     $128, %rsp
+    andq    $-16, %rsp
+    vmovdqu 288(Gctx), CTR
+    vmovdqu 272(Gctx), T
+    mov     304(Gctx), KS
+    mov     4(KS), NR
+    lea     48(KS), KS
+
+    vpshufb .Lbswap_mask(%rip), CTR, CTR
+    vpshufb .Lbswap_mask(%rip), T, T
+     
+    vmovdqu .Lbswap_mask(%rip), TMP3
+    jmp     .LDECOctets
+      
+# Decrypt 8 blocks each time while hashing them at the same time
+.align 64
+.LDECOctets:
+   
+        cmp $128, len
+        jb  .LDECSingles
+        sub $128, len
+
+        vmovdqa CTR, CTR0
+        vpaddd  .Lone(%rip), CTR0, CTR1
+        vpaddd  .Ltwo(%rip), CTR0, CTR2
+        vpaddd  .Lone(%rip), CTR2, CTR3
+        vpaddd  .Ltwo(%rip), CTR2, CTR4
+        vpaddd  .Lone(%rip), CTR4, CTR5
+        vpaddd  .Ltwo(%rip), CTR4, CTR6
+        vpaddd  .Lone(%rip), CTR6, CTR7
+        vpaddd  .Ltwo(%rip), CTR6, CTR
+
+        vpshufb TMP3, CTR0, CTR0
+        vpshufb TMP3, CTR1, CTR1
+        vpshufb TMP3, CTR2, CTR2
+        vpshufb TMP3, CTR3, CTR3
+        vpshufb TMP3, CTR4, CTR4
+        vpshufb TMP3, CTR5, CTR5
+        vpshufb TMP3, CTR6, CTR6
+        vpshufb TMP3, CTR7, CTR7
+
+        vmovdqu (KS), TMP3
+        vpxor  TMP3, CTR0, CTR0
+        vpxor  TMP3, CTR1, CTR1
+        vpxor  TMP3, CTR2, CTR2
+        vpxor  TMP3, CTR3, CTR3
+        vpxor  TMP3, CTR4, CTR4
+        vpxor  TMP3, CTR5, CTR5
+        vpxor  TMP3, CTR6, CTR6
+        vpxor  TMP3, CTR7, CTR7
+
+        vmovdqu     7*16(CT), TMP5
+        vpshufb     .Lbswap_mask(%rip), TMP5, TMP5
+        vmovdqu     16*0(Htbl), TMP3
+        vpclmulqdq  $0x11, TMP3, TMP5, TMP1
+        vpclmulqdq  $0x00, TMP3, TMP5, TMP2      
+        vpshufd     $78, TMP5, TMP3
+        vpxor       TMP5, TMP3, TMP5
+        vmovdqu     128+0*16(Htbl), TMP3      
+        vpclmulqdq  $0x00, TMP3, TMP5, TMP0
+
+        ROUND 1
+        DEC_KARATSUBA 1
+
+        ROUND 2
+        DEC_KARATSUBA 2
+
+        ROUND 3
+        DEC_KARATSUBA 3
+
+        ROUND 4
+        DEC_KARATSUBA 4
+
+        ROUND 5
+        DEC_KARATSUBA 5
+
+        ROUND 6
+        DEC_KARATSUBA 6
+
+        ROUND 7
+
+        vmovdqu     0*16(CT), TMP5
+        vpshufb     .Lbswap_mask(%rip), TMP5, TMP5
+        vpxor       T, TMP5, TMP5
+        vmovdqu     16*7(Htbl), TMP4
+            
+        vpclmulqdq  $0x11, TMP4, TMP5, TMP3
+        vpxor       TMP3, TMP1, TMP1
+        vpclmulqdq  $0x00, TMP4, TMP5, TMP3
+        vpxor       TMP3, TMP2, TMP2
+
+        vpshufd     $78, TMP5, TMP3
+        vpxor       TMP5, TMP3, TMP5
+        vmovdqu     128+7*16(Htbl), TMP4
+
+        vpclmulqdq  $0x00, TMP4, TMP5, TMP3
+        vpxor       TMP3, TMP0, TMP0
+
+        ROUND 8      
+
+        vpxor       TMP1, TMP0, TMP0
+        vpxor       TMP2, TMP0, TMP0
+
+        vpsrldq     $8, TMP0, TMP3
+        vpxor       TMP3, TMP1, TMP4
+        vpslldq     $8, TMP0, TMP3
+        vpxor       TMP3, TMP2, T
+        vmovdqa	  .Lpoly(%rip), TMP2
+
+        vpalignr    $8, T, T, TMP1
+        vpclmulqdq  $0x10, TMP2, T, T
+        vpxor       T, TMP1, T
+
+        ROUND 9
+
+        vpalignr    $8, T, T, TMP1
+        vpclmulqdq  $0x10, TMP2, T, T
+        vpxor       T, TMP1, T
+
+        vmovdqu     160(KS), TMP5
+        cmp         $10, NR
+
+        jbe  .LDECLast1
+
+        ROUND 10
+        ROUND 11
+
+        vmovdqu     192(KS), TMP5
+        cmp         $12, NR       
+
+        jbe  .LDECLast1
+
+        ROUND 12
+        ROUND 13
+
+        vmovdqu  224(KS), TMP5
+
+.LDECLast1:      
+      
+        vpxor   (CT), TMP5, TMP3
+        vaesenclast TMP3, CTR0, CTR0
+        vpxor   16(CT), TMP5, TMP3
+        vaesenclast TMP3, CTR1, CTR1
+        vpxor   32(CT), TMP5, TMP3
+        vaesenclast TMP3, CTR2, CTR2
+        vpxor   48(CT), TMP5, TMP3
+        vaesenclast TMP3, CTR3, CTR3
+        vpxor   64(CT), TMP5, TMP3
+        vaesenclast TMP3, CTR4, CTR4
+        vpxor   80(CT), TMP5, TMP3
+        vaesenclast TMP3, CTR5, CTR5
+        vpxor   96(CT), TMP5, TMP3
+        vaesenclast TMP3, CTR6, CTR6
+        vpxor   112(CT), TMP5, TMP3
+        vaesenclast TMP3, CTR7, CTR7
+
+        vmovdqu .Lbswap_mask(%rip), TMP3
+
+        vmovdqu CTR0, (PT)
+        vmovdqu CTR1, 16(PT)
+        vmovdqu CTR2, 32(PT)
+        vmovdqu CTR3, 48(PT)
+        vmovdqu CTR4, 64(PT)
+        vmovdqu CTR5, 80(PT)
+        vmovdqu CTR6, 96(PT)
+        vmovdqu CTR7,112(PT)
+
+        vpxor   TMP4, T, T
+
+        lea 128(CT), CT
+        lea 128(PT), PT
+   jmp  .LDECOctets
+   
+#Here we decrypt and hash any remaining whole block
+.LDECSingles:
+
+    cmp   $16, len
+    jb    .LDECTail
+    sub   $16, len
+
+    vmovdqu  (CT), TMP1
+    vpshufb  .Lbswap_mask(%rip), TMP1, TMP1
+    vpxor    TMP1, T, T
+    vmovdqu  (Htbl), TMP0
+    call     GFMUL
+
+
+    vpshufb  .Lbswap_mask(%rip), CTR, TMP1
+    vpaddd   .Lone(%rip), CTR, CTR
+
+    vpxor    (KS), TMP1, TMP1
+    vaesenc  16*1(KS), TMP1, TMP1
+    vaesenc  16*2(KS), TMP1, TMP1
+    vaesenc  16*3(KS), TMP1, TMP1
+    vaesenc  16*4(KS), TMP1, TMP1
+    vaesenc  16*5(KS), TMP1, TMP1
+    vaesenc  16*6(KS), TMP1, TMP1
+    vaesenc  16*7(KS), TMP1, TMP1
+    vaesenc  16*8(KS), TMP1, TMP1
+    vaesenc  16*9(KS), TMP1, TMP1
+    vmovdqu  16*10(KS), TMP2
+    cmp      $10, NR
+    je       .LDECLast2
+    vaesenc  16*10(KS), TMP1, TMP1
+    vaesenc  16*11(KS), TMP1, TMP1
+    vmovdqu  16*12(KS), TMP2
+    cmp      $12, NR
+    je       .LDECLast2
+    vaesenc  16*12(KS), TMP1, TMP1
+    vaesenc  16*13(KS), TMP1, TMP1
+    vmovdqu  16*14(KS), TMP2
+.LDECLast2:
+    vaesenclast TMP2, TMP1, TMP1
+
+    vpxor    (CT), TMP1, TMP1
+    vmovdqu  TMP1, (PT)
+    addq     $16, CT
+    addq     $16, PT  
+    jmp   .LDECSingles
+
+#Here we decrypt the final partial block, if there is one
+.LDECTail:
+   test   len, len
+   jz     .LDEC_END
+
+   vpshufb  .Lbswap_mask(%rip), CTR, TMP1
+   vpaddd .Lone(%rip), CTR, CTR
+
+   vpxor  (KS), TMP1, TMP1
+   vaesenc  16*1(KS), TMP1, TMP1
+   vaesenc  16*2(KS), TMP1, TMP1
+   vaesenc  16*3(KS), TMP1, TMP1
+   vaesenc  16*4(KS), TMP1, TMP1
+   vaesenc  16*5(KS), TMP1, TMP1
+   vaesenc  16*6(KS), TMP1, TMP1
+   vaesenc  16*7(KS), TMP1, TMP1
+   vaesenc  16*8(KS), TMP1, TMP1
+   vaesenc  16*9(KS), TMP1, TMP1
+   vmovdqu  16*10(KS), TMP2
+   cmp      $10, NR
+   je       .LDECLast3
+   vaesenc  16*10(KS), TMP1, TMP1
+   vaesenc  16*11(KS), TMP1, TMP1
+   vmovdqu  16*12(KS), TMP2
+   cmp      $12, NR
+   je       .LDECLast3
+   vaesenc  16*12(KS), TMP1, TMP1
+   vaesenc  16*13(KS), TMP1, TMP1
+   vmovdqu  16*14(KS), TMP2
+
+.LDECLast3:
+   vaesenclast TMP2, TMP1, TMP1
+  
+   vpxor   TMP2, TMP2, TMP2
+   vmovdqa TMP2, (%rsp) 
+# Copy the required bytes only (could probably use rep movsb)
+    xor KS, KS  
+.LDecCpy:
+        cmp     KS, len
+        je      .LDecCpy2
+        movb    (CT, KS, 1), %r8b
+        movb    %r8b, (%rsp, KS, 1)
+        inc     KS
+        jmp     .LDecCpy
+.LDecCpy2:
+        cmp     $16, KS
+        je      .LDecCpyEnd
+        movb    $0, (%rsp, KS, 1)
+        inc     KS
+        jmp     .LDecCpy2
+.LDecCpyEnd:
+# Xor with the counter block
+    vmovdqa (%rsp), TMP0
+    vpxor   TMP0, TMP1, TMP1
+# Again, store at temp location
+    vmovdqa TMP1, (%rsp)
+# Copy only the required bytes to PT, and zero the rest for the hash
+    xor KS, KS
+.LDecCpy3:
+    cmp     KS, len
+    je      .LDecCpyEnd3
+    movb    (%rsp, KS, 1), %r8b
+    movb    %r8b, (PT, KS, 1)
+    inc     KS
+    jmp     .LDecCpy3
+.LDecCpyEnd3:
+   vpshufb  .Lbswap_mask(%rip), TMP0, TMP0
+   vpxor    TMP0, T, T
+   vmovdqu  (Htbl), TMP0
+   call     GFMUL
+.LDEC_END:
+
+   vpshufb  .Lbswap_mask(%rip), T, T
+   vpshufb  .Lbswap_mask(%rip), CTR, CTR
+   vmovdqu  T, 272(Gctx)
+   vmovdqu  CTR, 288(Gctx)
+
+   movq   %rbp, %rsp
+
+   popq   %rbx
+   popq   %rbp
+   ret
+  .size intel_aes_gcmDEC, .-intel_aes_gcmDEC
+#########################
+# a = T
+# b = TMP0 - remains unchanged
+# res = T
+# uses also TMP1,TMP2,TMP3,TMP4
+# __m128i GFMUL(__m128i A, __m128i B);
+.type GFMUL,@function
+.globl GFMUL
+GFMUL:  
+    vpclmulqdq  $0x00, TMP0, T, TMP1
+    vpclmulqdq  $0x11, TMP0, T, TMP4
+
+    vpshufd     $78, T, TMP2
+    vpshufd     $78, TMP0, TMP3
+    vpxor       T, TMP2, TMP2
+    vpxor       TMP0, TMP3, TMP3
+
+    vpclmulqdq  $0x00, TMP3, TMP2, TMP2
+    vpxor       TMP1, TMP2, TMP2
+    vpxor       TMP4, TMP2, TMP2
+
+    vpslldq     $8, TMP2, TMP3
+    vpsrldq     $8, TMP2, TMP2
+
+    vpxor       TMP3, TMP1, TMP1
+    vpxor       TMP2, TMP4, TMP4
+
+    vpclmulqdq  $0x10, .Lpoly(%rip), TMP1, TMP2
+    vpshufd     $78, TMP1, TMP3
+    vpxor       TMP3, TMP2, TMP1
+
+    vpclmulqdq  $0x10, .Lpoly(%rip), TMP1, TMP2
+    vpshufd     $78, TMP1, TMP3
+    vpxor       TMP3, TMP2, TMP1
+
+    vpxor       TMP4, TMP1, T
+    ret
+.size GFMUL, .-GFMUL
+
diff --git a/nss/lib/freebl/jpake.c b/nss/lib/freebl/jpake.c
new file mode 100644
index 0000000..741c7a8
--- /dev/null
+++ b/nss/lib/freebl/jpake.c
@@ -0,0 +1,495 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "secerr.h"
+#include "secitem.h"
+#include "secmpi.h"
+
+/* Hash an item's length and then its value. Only items smaller than 2^16 bytes
+ * are allowed. Lengths are hashed in network byte order. This is designed
+ * to match the OpenSSL J-PAKE implementation.
+ */
+static mp_err
+hashSECItem(HASHContext *hash, const SECItem *it)
+{
+    unsigned char length[2];
+
+    if (it->len > 0xffff)
+        return MP_BADARG;
+
+    length[0] = (unsigned char)(it->len >> 8);
+    length[1] = (unsigned char)(it->len);
+    hash->hashobj->update(hash->hash_context, length, 2);
+    hash->hashobj->update(hash->hash_context, it->data, it->len);
+    return MP_OKAY;
+}
+
+/* Hash all public components of the signature, each prefixed with its
+   length, and then convert the hash to an mp_int. */
+static mp_err
+hashPublicParams(HASH_HashType hashType, const SECItem *g,
+                 const SECItem *gv, const SECItem *gx,
+                 const SECItem *signerID, mp_int *h)
+{
+    mp_err err;
+    unsigned char hBuf[HASH_LENGTH_MAX];
+    SECItem hItem;
+    HASHContext hash;
+
+    hash.hashobj = HASH_GetRawHashObject(hashType);
+    if (hash.hashobj == NULL || hash.hashobj->length > sizeof hBuf) {
+        return MP_BADARG;
+    }
+    hash.hash_context = hash.hashobj->create();
+    if (hash.hash_context == NULL) {
+        return MP_MEM;
+    }
+
+    hItem.data = hBuf;
+    hItem.len = hash.hashobj->length;
+
+    hash.hashobj->begin(hash.hash_context);
+    CHECK_MPI_OK(hashSECItem(&hash, g));
+    CHECK_MPI_OK(hashSECItem(&hash, gv));
+    CHECK_MPI_OK(hashSECItem(&hash, gx));
+    CHECK_MPI_OK(hashSECItem(&hash, signerID));
+    hash.hashobj->end(hash.hash_context, hItem.data, &hItem.len,
+                      sizeof hBuf);
+    SECITEM_TO_MPINT(hItem, h);
+
+cleanup:
+    if (hash.hash_context != NULL) {
+        hash.hashobj->destroy(hash.hash_context, PR_TRUE);
+    }
+
+    return err;
+}
+
+/* Generate a Schnorr signature for round 1 or round 2 */
+SECStatus
+JPAKE_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+           const SECItem *signerID, const SECItem *x,
+           const SECItem *testRandom, const SECItem *gxIn, SECItem *gxOut,
+           SECItem *gv, SECItem *r)
+{
+    SECStatus rv = SECSuccess;
+    mp_err err;
+    mp_int p;
+    mp_int q;
+    mp_int g;
+    mp_int X;
+    mp_int GX;
+    mp_int V;
+    mp_int GV;
+    mp_int h;
+    mp_int tmp;
+    mp_int R;
+    SECItem v;
+
+    if (!arena ||
+        !pqg || !pqg->prime.data || pqg->prime.len == 0 ||
+        !pqg->subPrime.data || pqg->subPrime.len == 0 ||
+        !pqg->base.data || pqg->base.len == 0 ||
+        !signerID || !signerID->data || signerID->len == 0 ||
+        !x || !x->data || x->len == 0 ||
+        (testRandom && (!testRandom->data || testRandom->len == 0)) ||
+        (gxIn == NULL && (!gxOut || gxOut->data != NULL)) ||
+        (gxIn != NULL && (!gxIn->data || gxIn->len == 0 || gxOut != NULL)) ||
+        !gv || gv->data != NULL ||
+        !r || r->data != NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&X) = 0;
+    MP_DIGITS(&GX) = 0;
+    MP_DIGITS(&V) = 0;
+    MP_DIGITS(&GV) = 0;
+    MP_DIGITS(&h) = 0;
+    MP_DIGITS(&tmp) = 0;
+    MP_DIGITS(&R) = 0;
+
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&g));
+    CHECK_MPI_OK(mp_init(&X));
+    CHECK_MPI_OK(mp_init(&GX));
+    CHECK_MPI_OK(mp_init(&V));
+    CHECK_MPI_OK(mp_init(&GV));
+    CHECK_MPI_OK(mp_init(&h));
+    CHECK_MPI_OK(mp_init(&tmp));
+    CHECK_MPI_OK(mp_init(&R));
+
+    SECITEM_TO_MPINT(pqg->prime, &p);
+    SECITEM_TO_MPINT(pqg->subPrime, &q);
+    SECITEM_TO_MPINT(pqg->base, &g);
+    SECITEM_TO_MPINT(*x, &X);
+
+    /* gx = g^x */
+    if (gxIn == NULL) {
+        CHECK_MPI_OK(mp_exptmod(&g, &X, &p, &GX));
+        MPINT_TO_SECITEM(&GX, gxOut, arena);
+        gxIn = gxOut;
+    } else {
+        SECITEM_TO_MPINT(*gxIn, &GX);
+    }
+
+    /* v is a random value in the q subgroup */
+    if (testRandom == NULL) {
+        v.data = NULL;
+        rv = DSA_NewRandom(arena, &pqg->subPrime, &v);
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+    } else {
+        v.data = testRandom->data;
+        v.len = testRandom->len;
+    }
+    SECITEM_TO_MPINT(v, &V);
+
+    /* gv = g^v (mod q), random v, 1 <= v < q */
+    CHECK_MPI_OK(mp_exptmod(&g, &V, &p, &GV));
+    MPINT_TO_SECITEM(&GV, gv, arena);
+
+    /* h = H(g, gv, gx, signerID) */
+    CHECK_MPI_OK(hashPublicParams(hashType, &pqg->base, gv, gxIn, signerID,
+                                  &h));
+
+    /* r = v - x*h (mod q) */
+    CHECK_MPI_OK(mp_mulmod(&X, &h, &q, &tmp));
+    CHECK_MPI_OK(mp_submod(&V, &tmp, &q, &R));
+    MPINT_TO_SECITEM(&R, r, arena);
+
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&g);
+    mp_clear(&X);
+    mp_clear(&GX);
+    mp_clear(&V);
+    mp_clear(&GV);
+    mp_clear(&h);
+    mp_clear(&tmp);
+    mp_clear(&R);
+
+    if (rv == SECSuccess && err != MP_OKAY) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/* Verify a Schnorr signature generated by the peer in round 1 or round 2. */
+SECStatus
+JPAKE_Verify(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+             const SECItem *signerID, const SECItem *peerID,
+             const SECItem *gx, const SECItem *gv, const SECItem *r)
+{
+    SECStatus rv = SECSuccess;
+    mp_err err;
+    mp_int p;
+    mp_int q;
+    mp_int g;
+    mp_int p_minus_1;
+    mp_int GX;
+    mp_int h;
+    mp_int one;
+    mp_int R;
+    mp_int gr;
+    mp_int gxh;
+    mp_int gr_gxh;
+    SECItem calculated;
+
+    if (!arena ||
+        !pqg || !pqg->prime.data || pqg->prime.len == 0 ||
+        !pqg->subPrime.data || pqg->subPrime.len == 0 ||
+        !pqg->base.data || pqg->base.len == 0 ||
+        !signerID || !signerID->data || signerID->len == 0 ||
+        !peerID || !peerID->data || peerID->len == 0 ||
+        !gx || !gx->data || gx->len == 0 ||
+        !gv || !gv->data || gv->len == 0 ||
+        !r || !r->data || r->len == 0 ||
+        SECITEM_CompareItem(signerID, peerID) == SECEqual) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&p_minus_1) = 0;
+    MP_DIGITS(&GX) = 0;
+    MP_DIGITS(&h) = 0;
+    MP_DIGITS(&one) = 0;
+    MP_DIGITS(&R) = 0;
+    MP_DIGITS(&gr) = 0;
+    MP_DIGITS(&gxh) = 0;
+    MP_DIGITS(&gr_gxh) = 0;
+    calculated.data = NULL;
+
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&g));
+    CHECK_MPI_OK(mp_init(&p_minus_1));
+    CHECK_MPI_OK(mp_init(&GX));
+    CHECK_MPI_OK(mp_init(&h));
+    CHECK_MPI_OK(mp_init(&one));
+    CHECK_MPI_OK(mp_init(&R));
+    CHECK_MPI_OK(mp_init(&gr));
+    CHECK_MPI_OK(mp_init(&gxh));
+    CHECK_MPI_OK(mp_init(&gr_gxh));
+
+    SECITEM_TO_MPINT(pqg->prime, &p);
+    SECITEM_TO_MPINT(pqg->subPrime, &q);
+    SECITEM_TO_MPINT(pqg->base, &g);
+    SECITEM_TO_MPINT(*gx, &GX);
+    SECITEM_TO_MPINT(*r, &R);
+
+    CHECK_MPI_OK(mp_sub_d(&p, 1, &p_minus_1));
+    CHECK_MPI_OK(mp_exptmod(&GX, &q, &p, &one));
+    /* Check g^x is in [1, p-2], R is in [0, q-1], and (g^x)^q mod p == 1 */
+    if (!(mp_cmp_z(&GX) > 0 &&
+          mp_cmp(&GX, &p_minus_1) < 0 &&
+          mp_cmp(&R, &q) < 0 &&
+          mp_cmp_d(&one, 1) == 0)) {
+        goto badSig;
+    }
+
+    CHECK_MPI_OK(hashPublicParams(hashType, &pqg->base, gv, gx, peerID,
+                                  &h));
+
+    /* Calculate g^v = g^r * g^x^h */
+    CHECK_MPI_OK(mp_exptmod(&g, &R, &p, &gr));
+    CHECK_MPI_OK(mp_exptmod(&GX, &h, &p, &gxh));
+    CHECK_MPI_OK(mp_mulmod(&gr, &gxh, &p, &gr_gxh));
+
+    /* Compare calculated g^v to given g^v */
+    MPINT_TO_SECITEM(&gr_gxh, &calculated, arena);
+    if (calculated.len == gv->len &&
+        NSS_SecureMemcmp(calculated.data, gv->data, calculated.len) == 0) {
+        rv = SECSuccess;
+    } else {
+    badSig:
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        rv = SECFailure;
+    }
+
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&g);
+    mp_clear(&p_minus_1);
+    mp_clear(&GX);
+    mp_clear(&h);
+    mp_clear(&one);
+    mp_clear(&R);
+    mp_clear(&gr);
+    mp_clear(&gxh);
+    mp_clear(&gr_gxh);
+
+    if (rv == SECSuccess && err != MP_OKAY) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/* Calculate base = gx1*gx3*gx4 (mod p), i.e. g^(x1+x3+x4) (mod p) */
+static mp_err
+jpake_Round2Base(const SECItem *gx1, const SECItem *gx3,
+                 const SECItem *gx4, const mp_int *p, mp_int *base)
+{
+    mp_err err;
+    mp_int GX1;
+    mp_int GX3;
+    mp_int GX4;
+    mp_int tmp;
+
+    MP_DIGITS(&GX1) = 0;
+    MP_DIGITS(&GX3) = 0;
+    MP_DIGITS(&GX4) = 0;
+    MP_DIGITS(&tmp) = 0;
+
+    CHECK_MPI_OK(mp_init(&GX1));
+    CHECK_MPI_OK(mp_init(&GX3));
+    CHECK_MPI_OK(mp_init(&GX4));
+    CHECK_MPI_OK(mp_init(&tmp));
+
+    SECITEM_TO_MPINT(*gx1, &GX1);
+    SECITEM_TO_MPINT(*gx3, &GX3);
+    SECITEM_TO_MPINT(*gx4, &GX4);
+
+    /* In round 2, the peer/attacker sends us g^x3 and g^x4 and the protocol
+       requires that these values are distinct. */
+    if (mp_cmp(&GX3, &GX4) == 0) {
+        return MP_BADARG;
+    }
+
+    CHECK_MPI_OK(mp_mul(&GX1, &GX3, &tmp));
+    CHECK_MPI_OK(mp_mul(&tmp, &GX4, &tmp));
+    CHECK_MPI_OK(mp_mod(&tmp, p, base));
+
+cleanup:
+    mp_clear(&GX1);
+    mp_clear(&GX3);
+    mp_clear(&GX4);
+    mp_clear(&tmp);
+    return err;
+}
+
+SECStatus
+JPAKE_Round2(PLArenaPool *arena,
+             const SECItem *p, const SECItem *q, const SECItem *gx1,
+             const SECItem *gx3, const SECItem *gx4, SECItem *base,
+             const SECItem *x2, const SECItem *s, SECItem *x2s)
+{
+    mp_err err;
+    mp_int P;
+    mp_int Q;
+    mp_int X2;
+    mp_int S;
+    mp_int result;
+
+    if (!arena ||
+        !p || !p->data || p->len == 0 ||
+        !q || !q->data || q->len == 0 ||
+        !gx1 || !gx1->data || gx1->len == 0 ||
+        !gx3 || !gx3->data || gx3->len == 0 ||
+        !gx4 || !gx4->data || gx4->len == 0 ||
+        !base || base->data != NULL ||
+        (x2s != NULL && (x2s->data != NULL ||
+                         !x2 || !x2->data || x2->len == 0 ||
+                         !s || !s->data || s->len == 0))) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    MP_DIGITS(&P) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&X2) = 0;
+    MP_DIGITS(&S) = 0;
+    MP_DIGITS(&result) = 0;
+
+    CHECK_MPI_OK(mp_init(&P));
+    CHECK_MPI_OK(mp_init(&Q));
+    CHECK_MPI_OK(mp_init(&result));
+
+    if (x2s != NULL) {
+        CHECK_MPI_OK(mp_init(&X2));
+        CHECK_MPI_OK(mp_init(&S));
+
+        SECITEM_TO_MPINT(*q, &Q);
+        SECITEM_TO_MPINT(*x2, &X2);
+
+        SECITEM_TO_MPINT(*s, &S);
+        /* S must be in [1, Q-1] */
+        if (mp_cmp_z(&S) <= 0 || mp_cmp(&S, &Q) >= 0) {
+            err = MP_BADARG;
+            goto cleanup;
+        }
+
+        CHECK_MPI_OK(mp_mulmod(&X2, &S, &Q, &result));
+        MPINT_TO_SECITEM(&result, x2s, arena);
+    }
+
+    SECITEM_TO_MPINT(*p, &P);
+    CHECK_MPI_OK(jpake_Round2Base(gx1, gx3, gx4, &P, &result));
+    MPINT_TO_SECITEM(&result, base, arena);
+
+cleanup:
+    mp_clear(&P);
+    mp_clear(&Q);
+    mp_clear(&X2);
+    mp_clear(&S);
+    mp_clear(&result);
+
+    if (err != MP_OKAY) {
+        MP_TO_SEC_ERROR(err);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+JPAKE_Final(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+            const SECItem *x2, const SECItem *gx4, const SECItem *x2s,
+            const SECItem *B, SECItem *K)
+{
+    mp_err err;
+    mp_int P;
+    mp_int Q;
+    mp_int tmp;
+    mp_int exponent;
+    mp_int divisor;
+    mp_int base;
+
+    if (!arena ||
+        !p || !p->data || p->len == 0 ||
+        !q || !q->data || q->len == 0 ||
+        !x2 || !x2->data || x2->len == 0 ||
+        !gx4 || !gx4->data || gx4->len == 0 ||
+        !x2s || !x2s->data || x2s->len == 0 ||
+        !B || !B->data || B->len == 0 ||
+        !K || K->data != NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    MP_DIGITS(&P) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&tmp) = 0;
+    MP_DIGITS(&exponent) = 0;
+    MP_DIGITS(&divisor) = 0;
+    MP_DIGITS(&base) = 0;
+
+    CHECK_MPI_OK(mp_init(&P));
+    CHECK_MPI_OK(mp_init(&Q));
+    CHECK_MPI_OK(mp_init(&tmp));
+    CHECK_MPI_OK(mp_init(&exponent));
+    CHECK_MPI_OK(mp_init(&divisor));
+    CHECK_MPI_OK(mp_init(&base));
+
+    /* exponent = -x2s (mod q) */
+    SECITEM_TO_MPINT(*q, &Q);
+    SECITEM_TO_MPINT(*x2s, &tmp);
+    /*  q == 0 (mod q), so q - x2s == -x2s (mod q) */
+    CHECK_MPI_OK(mp_sub(&Q, &tmp, &exponent));
+
+    /* divisor = gx4^-x2s = 1/(gx4^x2s) (mod p) */
+    SECITEM_TO_MPINT(*p, &P);
+    SECITEM_TO_MPINT(*gx4, &tmp);
+    CHECK_MPI_OK(mp_exptmod(&tmp, &exponent, &P, &divisor));
+
+    /* base = B*divisor = B/(gx4^x2s) (mod p) */
+    SECITEM_TO_MPINT(*B, &tmp);
+    CHECK_MPI_OK(mp_mulmod(&divisor, &tmp, &P, &base));
+
+    /* tmp = base^x2 (mod p) */
+    SECITEM_TO_MPINT(*x2, &exponent);
+    CHECK_MPI_OK(mp_exptmod(&base, &exponent, &P, &tmp));
+
+    MPINT_TO_SECITEM(&tmp, K, arena);
+
+cleanup:
+    mp_clear(&P);
+    mp_clear(&Q);
+    mp_clear(&tmp);
+    mp_clear(&exponent);
+    mp_clear(&divisor);
+    mp_clear(&base);
+
+    if (err != MP_OKAY) {
+        MP_TO_SEC_ERROR(err);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
diff --git a/nss/lib/freebl/ldvector.c b/nss/lib/freebl/ldvector.c
new file mode 100644
index 0000000..2447a0c
--- /dev/null
+++ b/nss/lib/freebl/ldvector.c
@@ -0,0 +1,353 @@
+/*
+ * ldvector.c - platform dependent DSO containing freebl implementation.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+extern int FREEBL_InitStubs(void);
+#endif
+
+#include "loader.h"
+#include "alghmac.h"
+#include "hmacct.h"
+#include "blapii.h"
+
+static const struct FREEBLVectorStr vector =
+    {
+
+      sizeof vector,
+      FREEBL_VERSION,
+
+      RSA_NewKey,
+      RSA_PublicKeyOp,
+      RSA_PrivateKeyOp,
+      DSA_NewKey,
+      DSA_SignDigest,
+      DSA_VerifyDigest,
+      DSA_NewKeyFromSeed,
+      DSA_SignDigestWithSeed,
+      DH_GenParam,
+      DH_NewKey,
+      DH_Derive,
+      KEA_Derive,
+      KEA_Verify,
+      RC4_CreateContext,
+      RC4_DestroyContext,
+      RC4_Encrypt,
+      RC4_Decrypt,
+      RC2_CreateContext,
+      RC2_DestroyContext,
+      RC2_Encrypt,
+      RC2_Decrypt,
+      RC5_CreateContext,
+      RC5_DestroyContext,
+      RC5_Encrypt,
+      RC5_Decrypt,
+      DES_CreateContext,
+      DES_DestroyContext,
+      DES_Encrypt,
+      DES_Decrypt,
+      AES_CreateContext,
+      AES_DestroyContext,
+      AES_Encrypt,
+      AES_Decrypt,
+      MD5_Hash,
+      MD5_HashBuf,
+      MD5_NewContext,
+      MD5_DestroyContext,
+      MD5_Begin,
+      MD5_Update,
+      MD5_End,
+      MD5_FlattenSize,
+      MD5_Flatten,
+      MD5_Resurrect,
+      MD5_TraceState,
+      MD2_Hash,
+      MD2_NewContext,
+      MD2_DestroyContext,
+      MD2_Begin,
+      MD2_Update,
+      MD2_End,
+      MD2_FlattenSize,
+      MD2_Flatten,
+      MD2_Resurrect,
+      SHA1_Hash,
+      SHA1_HashBuf,
+      SHA1_NewContext,
+      SHA1_DestroyContext,
+      SHA1_Begin,
+      SHA1_Update,
+      SHA1_End,
+      SHA1_TraceState,
+      SHA1_FlattenSize,
+      SHA1_Flatten,
+      SHA1_Resurrect,
+      RNG_RNGInit,
+      RNG_RandomUpdate,
+      RNG_GenerateGlobalRandomBytes,
+      RNG_RNGShutdown,
+      PQG_ParamGen,
+      PQG_ParamGenSeedLen,
+      PQG_VerifyParams,
+
+      /* End of Version 3.001. */
+
+      RSA_PrivateKeyOpDoubleChecked,
+      RSA_PrivateKeyCheck,
+      BL_Cleanup,
+
+      /* End of Version 3.002. */
+
+      SHA256_NewContext,
+      SHA256_DestroyContext,
+      SHA256_Begin,
+      SHA256_Update,
+      SHA256_End,
+      SHA256_HashBuf,
+      SHA256_Hash,
+      SHA256_TraceState,
+      SHA256_FlattenSize,
+      SHA256_Flatten,
+      SHA256_Resurrect,
+
+      SHA512_NewContext,
+      SHA512_DestroyContext,
+      SHA512_Begin,
+      SHA512_Update,
+      SHA512_End,
+      SHA512_HashBuf,
+      SHA512_Hash,
+      SHA512_TraceState,
+      SHA512_FlattenSize,
+      SHA512_Flatten,
+      SHA512_Resurrect,
+
+      SHA384_NewContext,
+      SHA384_DestroyContext,
+      SHA384_Begin,
+      SHA384_Update,
+      SHA384_End,
+      SHA384_HashBuf,
+      SHA384_Hash,
+      SHA384_TraceState,
+      SHA384_FlattenSize,
+      SHA384_Flatten,
+      SHA384_Resurrect,
+
+      /* End of Version 3.003. */
+
+      AESKeyWrap_CreateContext,
+      AESKeyWrap_DestroyContext,
+      AESKeyWrap_Encrypt,
+      AESKeyWrap_Decrypt,
+
+      /* End of Version 3.004. */
+
+      BLAPI_SHVerify,
+      BLAPI_VerifySelf,
+
+      /* End of Version 3.005. */
+
+      EC_NewKey,
+      EC_NewKeyFromSeed,
+      EC_ValidatePublicKey,
+      ECDH_Derive,
+      ECDSA_SignDigest,
+      ECDSA_VerifyDigest,
+      ECDSA_SignDigestWithSeed,
+
+      /* End of Version 3.006. */
+      /* End of Version 3.007. */
+
+      AES_InitContext,
+      AESKeyWrap_InitContext,
+      DES_InitContext,
+      RC2_InitContext,
+      RC4_InitContext,
+
+      AES_AllocateContext,
+      AESKeyWrap_AllocateContext,
+      DES_AllocateContext,
+      RC2_AllocateContext,
+      RC4_AllocateContext,
+
+      MD2_Clone,
+      MD5_Clone,
+      SHA1_Clone,
+      SHA256_Clone,
+      SHA384_Clone,
+      SHA512_Clone,
+
+      TLS_PRF,
+      HASH_GetRawHashObject,
+
+      HMAC_Create,
+      HMAC_Init,
+      HMAC_Begin,
+      HMAC_Update,
+      HMAC_Clone,
+      HMAC_Finish,
+      HMAC_Destroy,
+
+      RNG_SystemInfoForRNG,
+
+      /* End of Version 3.008. */
+
+      FIPS186Change_GenerateX,
+      FIPS186Change_ReduceModQForDSA,
+
+      /* End of Version 3.009. */
+      Camellia_InitContext,
+      Camellia_AllocateContext,
+      Camellia_CreateContext,
+      Camellia_DestroyContext,
+      Camellia_Encrypt,
+      Camellia_Decrypt,
+
+      PQG_DestroyParams,
+      PQG_DestroyVerify,
+
+      /* End of Version 3.010. */
+
+      SEED_InitContext,
+      SEED_AllocateContext,
+      SEED_CreateContext,
+      SEED_DestroyContext,
+      SEED_Encrypt,
+      SEED_Decrypt,
+
+      BL_Init,
+      BL_SetForkState,
+
+      PRNGTEST_Instantiate,
+      PRNGTEST_Reseed,
+      PRNGTEST_Generate,
+
+      PRNGTEST_Uninstantiate,
+
+      /* End of Version 3.011. */
+
+      RSA_PopulatePrivateKey,
+
+      DSA_NewRandom,
+
+      JPAKE_Sign,
+      JPAKE_Verify,
+      JPAKE_Round2,
+      JPAKE_Final,
+
+      /* End of Version 3.012 */
+
+      TLS_P_hash,
+      SHA224_NewContext,
+      SHA224_DestroyContext,
+      SHA224_Begin,
+      SHA224_Update,
+      SHA224_End,
+      SHA224_HashBuf,
+      SHA224_Hash,
+      SHA224_TraceState,
+      SHA224_FlattenSize,
+      SHA224_Flatten,
+      SHA224_Resurrect,
+      SHA224_Clone,
+      BLAPI_SHVerifyFile,
+
+      /* End of Version 3.013 */
+
+      PQG_ParamGenV2,
+      PRNGTEST_RunHealthTests,
+
+      /* End of Version 3.014 */
+
+      HMAC_ConstantTime,
+      SSLv3_MAC_ConstantTime,
+
+      /* End of Version 3.015 */
+
+      RSA_SignRaw,
+      RSA_CheckSignRaw,
+      RSA_CheckSignRecoverRaw,
+      RSA_EncryptRaw,
+      RSA_DecryptRaw,
+      RSA_EncryptOAEP,
+      RSA_DecryptOAEP,
+      RSA_EncryptBlock,
+      RSA_DecryptBlock,
+      RSA_SignPSS,
+      RSA_CheckSignPSS,
+      RSA_Sign,
+      RSA_CheckSign,
+      RSA_CheckSignRecover,
+
+      /* End of Version 3.016 */
+
+      EC_FillParams,
+      EC_DecodeParams,
+      EC_CopyParams,
+
+      /* End of Version 3.017 */
+
+      ChaCha20Poly1305_InitContext,
+      ChaCha20Poly1305_CreateContext,
+      ChaCha20Poly1305_DestroyContext,
+      ChaCha20Poly1305_Seal,
+      ChaCha20Poly1305_Open,
+
+      /* End of Version 3.018 */
+
+      EC_GetPointSize
+
+      /* End of Version 3.019 */
+    };
+
+const FREEBLVector*
+FREEBL_GetVector(void)
+{
+#ifdef FREEBL_NO_DEPEND
+    SECStatus rv;
+#endif
+
+#define NSS_VERSION_VARIABLE __nss_freebl_version
+#include "verref.h"
+
+#ifdef FREEBL_NO_DEPEND
+    /* this entry point is only valid if nspr and nss-util has been loaded */
+    rv = FREEBL_InitStubs();
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+#endif
+    /* make sure the Full self tests have been run before continuing */
+    BL_POSTRan(PR_FALSE);
+
+    return &vector;
+}
+
+#ifdef FREEBL_LOWHASH
+static const struct NSSLOWVectorStr nssvector =
+    {
+      sizeof nssvector,
+      NSSLOW_VERSION,
+      FREEBL_GetVector,
+      NSSLOW_Init,
+      NSSLOW_Shutdown,
+      NSSLOW_Reset,
+      NSSLOWHASH_NewContext,
+      NSSLOWHASH_Begin,
+      NSSLOWHASH_Update,
+      NSSLOWHASH_End,
+      NSSLOWHASH_Destroy,
+      NSSLOWHASH_Length
+    };
+
+const NSSLOWVector*
+NSSLOW_GetVector(void)
+{
+    /* POST check and  stub init happens in FREEBL_GetVector() and
+     * NSSLOW_Init() respectively */
+    return &nssvector;
+}
+#endif
diff --git a/nss/lib/freebl/loader.c b/nss/lib/freebl/loader.c
new file mode 100644
index 0000000..792171b
--- /dev/null
+++ b/nss/lib/freebl/loader.c
@@ -0,0 +1,2126 @@
+/*
+ * loader.c - load platform dependent DSO containing freebl implementation.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "loader.h"
+#include "prmem.h"
+#include "prerror.h"
+#include "prinit.h"
+#include "prenv.h"
+#include "blname.c"
+
+#include "prio.h"
+#include "prprf.h"
+#include <stdio.h>
+#include "prsystem.h"
+
+static const char *NameOfThisSharedLib =
+    SHLIB_PREFIX "softokn" SOFTOKEN_SHLIB_VERSION "." SHLIB_SUFFIX;
+
+static PRLibrary *blLib = NULL;
+
+#define LSB(x) ((x)&0xff)
+#define MSB(x) ((x) >> 8)
+
+static const FREEBLVector *vector;
+static const char *libraryName = NULL;
+
+#include "genload.c"
+
+/* This function must be run only once. */
+/*  determine if hybrid platform, then actually load the DSO. */
+static PRStatus
+freebl_LoadDSO(void)
+{
+    PRLibrary *handle;
+    const char *name = getLibName();
+
+    if (!name) {
+        PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
+        return PR_FAILURE;
+    }
+
+    handle = loader_LoadLibrary(name);
+    if (handle) {
+        PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
+        if (address) {
+            FREEBLGetVectorFn *getVector = (FREEBLGetVectorFn *)address;
+            const FREEBLVector *dsoVector = getVector();
+            if (dsoVector) {
+                unsigned short dsoVersion = dsoVector->version;
+                unsigned short myVersion = FREEBL_VERSION;
+                if (MSB(dsoVersion) == MSB(myVersion) &&
+                    LSB(dsoVersion) >= LSB(myVersion) &&
+                    dsoVector->length >= sizeof(FREEBLVector)) {
+                    vector = dsoVector;
+                    libraryName = name;
+                    blLib = handle;
+                    return PR_SUCCESS;
+                }
+            }
+        }
+#ifdef DEBUG
+        if (blLib) {
+            PRStatus status = PR_UnloadLibrary(blLib);
+            PORT_Assert(PR_SUCCESS == status);
+        }
+#else
+        if (blLib)
+            PR_UnloadLibrary(blLib);
+#endif
+    }
+    return PR_FAILURE;
+}
+
+static const PRCallOnceType pristineCallOnce;
+static PRCallOnceType loadFreeBLOnce;
+
+static PRStatus
+freebl_RunLoaderOnce(void)
+{
+    PRStatus status;
+
+    status = PR_CallOnce(&loadFreeBLOnce, &freebl_LoadDSO);
+    return status;
+}
+
+SECStatus
+BL_Init(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_BL_Init)();
+}
+
+RSAPrivateKey *
+RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_RSA_NewKey)(keySizeInBits, publicExponent);
+}
+
+SECStatus
+RSA_PublicKeyOp(RSAPublicKey *key,
+                unsigned char *output,
+                const unsigned char *input)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_PublicKeyOp)(key, output, input);
+}
+
+SECStatus
+RSA_PrivateKeyOp(RSAPrivateKey *key,
+                 unsigned char *output,
+                 const unsigned char *input)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_PrivateKeyOp)(key, output, input);
+}
+
+SECStatus
+RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+                              unsigned char *output,
+                              const unsigned char *input)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_PrivateKeyOpDoubleChecked)(key, output, input);
+}
+
+SECStatus
+RSA_PrivateKeyCheck(const RSAPrivateKey *key)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_PrivateKeyCheck)(key);
+}
+
+SECStatus
+DSA_NewKey(const PQGParams *params, DSAPrivateKey **privKey)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DSA_NewKey)(params, privKey);
+}
+
+SECStatus
+DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DSA_SignDigest)(key, signature, digest);
+}
+
+SECStatus
+DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
+                 const SECItem *digest)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DSA_VerifyDigest)(key, signature, digest);
+}
+
+SECStatus
+DSA_NewKeyFromSeed(const PQGParams *params, const unsigned char *seed,
+                   DSAPrivateKey **privKey)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DSA_NewKeyFromSeed)(params, seed, privKey);
+}
+
+SECStatus
+DSA_SignDigestWithSeed(DSAPrivateKey *key, SECItem *signature,
+                       const SECItem *digest, const unsigned char *seed)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DSA_SignDigestWithSeed)(key, signature, digest, seed);
+}
+
+SECStatus
+DSA_NewRandom(PLArenaPool *arena, const SECItem *q, SECItem *seed)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DSA_NewRandom)(arena, q, seed);
+}
+
+SECStatus
+DH_GenParam(int primeLen, DHParams **params)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DH_GenParam)(primeLen, params);
+}
+
+SECStatus
+DH_NewKey(DHParams *params, DHPrivateKey **privKey)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DH_NewKey)(params, privKey);
+}
+
+SECStatus
+DH_Derive(SECItem *publicValue, SECItem *prime, SECItem *privateValue,
+          SECItem *derivedSecret, unsigned int maxOutBytes)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DH_Derive)(publicValue, prime, privateValue,
+                                 derivedSecret, maxOutBytes);
+}
+
+SECStatus
+KEA_Derive(SECItem *prime, SECItem *public1, SECItem *public2,
+           SECItem *private1, SECItem *private2, SECItem *derivedSecret)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_KEA_Derive)(prime, public1, public2,
+                                  private1, private2, derivedSecret);
+}
+
+PRBool
+KEA_Verify(SECItem *Y, SECItem *prime, SECItem *subPrime)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return PR_FALSE;
+    return (vector->p_KEA_Verify)(Y, prime, subPrime);
+}
+
+RC4Context *
+RC4_CreateContext(const unsigned char *key, int len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_RC4_CreateContext)(key, len);
+}
+
+void
+RC4_DestroyContext(RC4Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_RC4_DestroyContext)(cx, freeit);
+}
+
+SECStatus
+RC4_Encrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC4_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+SECStatus
+RC4_Decrypt(RC4Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC4_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+RC2Context *
+RC2_CreateContext(const unsigned char *key, unsigned int len,
+                  const unsigned char *iv, int mode, unsigned effectiveKeyLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_RC2_CreateContext)(key, len, iv, mode, effectiveKeyLen);
+}
+
+void
+RC2_DestroyContext(RC2Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_RC2_DestroyContext)(cx, freeit);
+}
+
+SECStatus
+RC2_Encrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC2_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+SECStatus
+RC2_Decrypt(RC2Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC2_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+RC5Context *
+RC5_CreateContext(const SECItem *key, unsigned int rounds,
+                  unsigned int wordSize, const unsigned char *iv, int mode)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_RC5_CreateContext)(key, rounds, wordSize, iv, mode);
+}
+
+void
+RC5_DestroyContext(RC5Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_RC5_DestroyContext)(cx, freeit);
+}
+
+SECStatus
+RC5_Encrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC5_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+SECStatus
+RC5_Decrypt(RC5Context *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC5_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+DESContext *
+DES_CreateContext(const unsigned char *key, const unsigned char *iv,
+                  int mode, PRBool encrypt)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_DES_CreateContext)(key, iv, mode, encrypt);
+}
+
+void
+DES_DestroyContext(DESContext *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_DES_DestroyContext)(cx, freeit);
+}
+
+SECStatus
+DES_Encrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DES_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+SECStatus
+DES_Decrypt(DESContext *cx, unsigned char *output, unsigned int *outputLen,
+            unsigned int maxOutputLen, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DES_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+SEEDContext *
+SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
+                   int mode, PRBool encrypt)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SEED_CreateContext)(key, iv, mode, encrypt);
+}
+
+void
+SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SEED_DestroyContext)(cx, freeit);
+}
+
+SECStatus
+SEED_Encrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
+             unsigned int maxOutputLen, const unsigned char *input,
+             unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SEED_Encrypt)(cx, output, outputLen, maxOutputLen, input,
+                                    inputLen);
+}
+
+SECStatus
+SEED_Decrypt(SEEDContext *cx, unsigned char *output, unsigned int *outputLen,
+             unsigned int maxOutputLen, const unsigned char *input,
+             unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SEED_Decrypt)(cx, output, outputLen, maxOutputLen, input,
+                                    inputLen);
+}
+
+AESContext *
+AES_CreateContext(const unsigned char *key, const unsigned char *iv,
+                  int mode, int encrypt,
+                  unsigned int keylen, unsigned int blocklen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_AES_CreateContext)(key, iv, mode, encrypt, keylen,
+                                         blocklen);
+}
+
+void
+AES_DestroyContext(AESContext *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_AES_DestroyContext)(cx, freeit);
+}
+
+SECStatus
+AES_Encrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_AES_Encrypt)(cx, output, outputLen, maxOutputLen,
+                                   input, inputLen);
+}
+
+SECStatus
+AES_Decrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_AES_Decrypt)(cx, output, outputLen, maxOutputLen,
+                                   input, inputLen);
+}
+
+SECStatus
+MD5_Hash(unsigned char *dest, const char *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_MD5_Hash)(dest, src);
+}
+
+SECStatus
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_MD5_HashBuf)(dest, src, src_length);
+}
+
+MD5Context *
+MD5_NewContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_MD5_NewContext)();
+}
+
+void
+MD5_DestroyContext(MD5Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD5_DestroyContext)(cx, freeit);
+}
+
+void
+MD5_Begin(MD5Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD5_Begin)(cx);
+}
+
+void
+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD5_Update)(cx, input, inputLen);
+}
+
+void
+MD5_End(MD5Context *cx, unsigned char *digest,
+        unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD5_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+unsigned int
+MD5_FlattenSize(MD5Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return 0;
+    return (vector->p_MD5_FlattenSize)(cx);
+}
+
+SECStatus
+MD5_Flatten(MD5Context *cx, unsigned char *space)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_MD5_Flatten)(cx, space);
+}
+
+MD5Context *
+MD5_Resurrect(unsigned char *space, void *arg)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_MD5_Resurrect)(space, arg);
+}
+
+void
+MD5_TraceState(MD5Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD5_TraceState)(cx);
+}
+
+SECStatus
+MD2_Hash(unsigned char *dest, const char *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_MD2_Hash)(dest, src);
+}
+
+MD2Context *
+MD2_NewContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_MD2_NewContext)();
+}
+
+void
+MD2_DestroyContext(MD2Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD2_DestroyContext)(cx, freeit);
+}
+
+void
+MD2_Begin(MD2Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD2_Begin)(cx);
+}
+
+void
+MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD2_Update)(cx, input, inputLen);
+}
+
+void
+MD2_End(MD2Context *cx, unsigned char *digest,
+        unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD2_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+unsigned int
+MD2_FlattenSize(MD2Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return 0;
+    return (vector->p_MD2_FlattenSize)(cx);
+}
+
+SECStatus
+MD2_Flatten(MD2Context *cx, unsigned char *space)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_MD2_Flatten)(cx, space);
+}
+
+MD2Context *
+MD2_Resurrect(unsigned char *space, void *arg)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_MD2_Resurrect)(space, arg);
+}
+
+SECStatus
+SHA1_Hash(unsigned char *dest, const char *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA1_Hash)(dest, src);
+}
+
+SECStatus
+SHA1_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA1_HashBuf)(dest, src, src_length);
+}
+
+SHA1Context *
+SHA1_NewContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA1_NewContext)();
+}
+
+void
+SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA1_DestroyContext)(cx, freeit);
+}
+
+void
+SHA1_Begin(SHA1Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA1_Begin)(cx);
+}
+
+void
+SHA1_Update(SHA1Context *cx, const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA1_Update)(cx, input, inputLen);
+}
+
+void
+SHA1_End(SHA1Context *cx, unsigned char *digest,
+         unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA1_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void
+SHA1_TraceState(SHA1Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA1_TraceState)(cx);
+}
+
+unsigned int
+SHA1_FlattenSize(SHA1Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return 0;
+    return (vector->p_SHA1_FlattenSize)(cx);
+}
+
+SECStatus
+SHA1_Flatten(SHA1Context *cx, unsigned char *space)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA1_Flatten)(cx, space);
+}
+
+SHA1Context *
+SHA1_Resurrect(unsigned char *space, void *arg)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA1_Resurrect)(space, arg);
+}
+
+SECStatus
+RNG_RNGInit(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RNG_RNGInit)();
+}
+
+SECStatus
+RNG_RandomUpdate(const void *data, size_t bytes)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RNG_RandomUpdate)(data, bytes);
+}
+
+SECStatus
+RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RNG_GenerateGlobalRandomBytes)(dest, len);
+}
+
+void
+RNG_RNGShutdown(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_RNG_RNGShutdown)();
+}
+
+SECStatus
+PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PQG_ParamGen)(j, pParams, pVfy);
+}
+
+SECStatus
+PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes,
+                    PQGParams **pParams, PQGVerify **pVfy)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PQG_ParamGenSeedLen)(j, seedBytes, pParams, pVfy);
+}
+
+SECStatus
+PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy,
+                 SECStatus *result)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PQG_VerifyParams)(params, vfy, result);
+}
+
+void
+PQG_DestroyParams(PQGParams *params)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_PQG_DestroyParams)(params);
+}
+
+void
+PQG_DestroyVerify(PQGVerify *vfy)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_PQG_DestroyVerify)(vfy);
+}
+
+void
+BL_Cleanup(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_BL_Cleanup)();
+}
+
+void
+BL_Unload(void)
+{
+    /* This function is not thread-safe, but doesn't need to be, because it is
+     * only called from functions that are also defined as not thread-safe,
+     * namely C_Finalize in softoken, and the SSL bypass shutdown callback called
+     * from NSS_Shutdown. */
+    char *disableUnload = NULL;
+    vector = NULL;
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+    if (blLib && !disableUnload) {
+#ifdef DEBUG
+        PRStatus status = PR_UnloadLibrary(blLib);
+        PORT_Assert(PR_SUCCESS == status);
+#else
+        PR_UnloadLibrary(blLib);
+#endif
+    }
+    blLib = NULL;
+    loadFreeBLOnce = pristineCallOnce;
+}
+
+/* ============== New for 3.003 =============================== */
+
+SECStatus
+SHA256_Hash(unsigned char *dest, const char *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA256_Hash)(dest, src);
+}
+
+SECStatus
+SHA256_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA256_HashBuf)(dest, src, src_length);
+}
+
+SHA256Context *
+SHA256_NewContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA256_NewContext)();
+}
+
+void
+SHA256_DestroyContext(SHA256Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA256_DestroyContext)(cx, freeit);
+}
+
+void
+SHA256_Begin(SHA256Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA256_Begin)(cx);
+}
+
+void
+SHA256_Update(SHA256Context *cx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA256_Update)(cx, input, inputLen);
+}
+
+void
+SHA256_End(SHA256Context *cx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA256_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void
+SHA256_TraceState(SHA256Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA256_TraceState)(cx);
+}
+
+unsigned int
+SHA256_FlattenSize(SHA256Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return 0;
+    return (vector->p_SHA256_FlattenSize)(cx);
+}
+
+SECStatus
+SHA256_Flatten(SHA256Context *cx, unsigned char *space)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA256_Flatten)(cx, space);
+}
+
+SHA256Context *
+SHA256_Resurrect(unsigned char *space, void *arg)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA256_Resurrect)(space, arg);
+}
+
+SECStatus
+SHA512_Hash(unsigned char *dest, const char *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA512_Hash)(dest, src);
+}
+
+SECStatus
+SHA512_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA512_HashBuf)(dest, src, src_length);
+}
+
+SHA512Context *
+SHA512_NewContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA512_NewContext)();
+}
+
+void
+SHA512_DestroyContext(SHA512Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA512_DestroyContext)(cx, freeit);
+}
+
+void
+SHA512_Begin(SHA512Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA512_Begin)(cx);
+}
+
+void
+SHA512_Update(SHA512Context *cx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA512_Update)(cx, input, inputLen);
+}
+
+void
+SHA512_End(SHA512Context *cx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA512_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void
+SHA512_TraceState(SHA512Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA512_TraceState)(cx);
+}
+
+unsigned int
+SHA512_FlattenSize(SHA512Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return 0;
+    return (vector->p_SHA512_FlattenSize)(cx);
+}
+
+SECStatus
+SHA512_Flatten(SHA512Context *cx, unsigned char *space)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA512_Flatten)(cx, space);
+}
+
+SHA512Context *
+SHA512_Resurrect(unsigned char *space, void *arg)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA512_Resurrect)(space, arg);
+}
+
+SECStatus
+SHA384_Hash(unsigned char *dest, const char *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA384_Hash)(dest, src);
+}
+
+SECStatus
+SHA384_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA384_HashBuf)(dest, src, src_length);
+}
+
+SHA384Context *
+SHA384_NewContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA384_NewContext)();
+}
+
+void
+SHA384_DestroyContext(SHA384Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA384_DestroyContext)(cx, freeit);
+}
+
+void
+SHA384_Begin(SHA384Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA384_Begin)(cx);
+}
+
+void
+SHA384_Update(SHA384Context *cx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA384_Update)(cx, input, inputLen);
+}
+
+void
+SHA384_End(SHA384Context *cx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA384_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void
+SHA384_TraceState(SHA384Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA384_TraceState)(cx);
+}
+
+unsigned int
+SHA384_FlattenSize(SHA384Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return 0;
+    return (vector->p_SHA384_FlattenSize)(cx);
+}
+
+SECStatus
+SHA384_Flatten(SHA384Context *cx, unsigned char *space)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA384_Flatten)(cx, space);
+}
+
+SHA384Context *
+SHA384_Resurrect(unsigned char *space, void *arg)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA384_Resurrect)(space, arg);
+}
+
+AESKeyWrapContext *
+AESKeyWrap_CreateContext(const unsigned char *key, const unsigned char *iv,
+                         int encrypt, unsigned int keylen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return vector->p_AESKeyWrap_CreateContext(key, iv, encrypt, keylen);
+}
+
+void
+AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    vector->p_AESKeyWrap_DestroyContext(cx, freeit);
+}
+
+SECStatus
+AESKeyWrap_Encrypt(AESKeyWrapContext *cx, unsigned char *output,
+                   unsigned int *outputLen, unsigned int maxOutputLen,
+                   const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return vector->p_AESKeyWrap_Encrypt(cx, output, outputLen, maxOutputLen,
+                                        input, inputLen);
+}
+SECStatus
+AESKeyWrap_Decrypt(AESKeyWrapContext *cx, unsigned char *output,
+                   unsigned int *outputLen, unsigned int maxOutputLen,
+                   const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return vector->p_AESKeyWrap_Decrypt(cx, output, outputLen, maxOutputLen,
+                                        input, inputLen);
+}
+
+PRBool
+BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return PR_FALSE;
+    return vector->p_BLAPI_SHVerify(name, addr);
+}
+
+/*
+ * The Caller is expected to pass NULL as the name, which will
+ * trigger the p_BLAPI_VerifySelf() to return 'TRUE'. Pass the real
+ * name of the shared library we loaded (the static libraryName set
+ * in freebl_LoadDSO) to p_BLAPI_VerifySelf.
+ */
+PRBool
+BLAPI_VerifySelf(const char *name)
+{
+    PORT_Assert(!name);
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return PR_FALSE;
+    return vector->p_BLAPI_VerifySelf(libraryName);
+}
+
+/* ============== New for 3.006 =============================== */
+
+SECStatus
+EC_NewKey(ECParams *params, ECPrivateKey **privKey)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_EC_NewKey)(params, privKey);
+}
+
+SECStatus
+EC_NewKeyFromSeed(ECParams *params, ECPrivateKey **privKey,
+                  const unsigned char *seed, int seedlen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_EC_NewKeyFromSeed)(params, privKey, seed, seedlen);
+}
+
+SECStatus
+EC_ValidatePublicKey(ECParams *params, SECItem *publicValue)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_EC_ValidatePublicKey)(params, publicValue);
+}
+
+SECStatus
+ECDH_Derive(SECItem *publicValue, ECParams *params, SECItem *privateValue,
+            PRBool withCofactor, SECItem *derivedSecret)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ECDH_Derive)(publicValue, params, privateValue,
+                                   withCofactor, derivedSecret);
+}
+
+SECStatus
+ECDSA_SignDigest(ECPrivateKey *key, SECItem *signature,
+                 const SECItem *digest)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ECDSA_SignDigest)(key, signature, digest);
+}
+
+SECStatus
+ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature,
+                   const SECItem *digest)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ECDSA_VerifyDigest)(key, signature, digest);
+}
+
+SECStatus
+ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
+                         const SECItem *digest, const unsigned char *seed, const int seedlen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ECDSA_SignDigestWithSeed)(key, signature, digest,
+                                                seed, seedlen);
+}
+
+/* ============== New for 3.008 =============================== */
+
+AESContext *
+AES_AllocateContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_AES_AllocateContext)();
+}
+
+AESKeyWrapContext *
+AESKeyWrap_AllocateContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_AESKeyWrap_AllocateContext)();
+}
+
+DESContext *
+DES_AllocateContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_DES_AllocateContext)();
+}
+
+RC2Context *
+RC2_AllocateContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_RC2_AllocateContext)();
+}
+
+RC4Context *
+RC4_AllocateContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_RC4_AllocateContext)();
+}
+
+SECStatus
+AES_InitContext(AESContext *cx, const unsigned char *key,
+                unsigned int keylen, const unsigned char *iv, int mode,
+                unsigned int encrypt, unsigned int blocklen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_AES_InitContext)(cx, key, keylen, iv, mode, encrypt,
+                                       blocklen);
+}
+
+SECStatus
+AESKeyWrap_InitContext(AESKeyWrapContext *cx, const unsigned char *key,
+                       unsigned int keylen, const unsigned char *iv, int mode,
+                       unsigned int encrypt, unsigned int blocklen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_AESKeyWrap_InitContext)(cx, key, keylen, iv, mode,
+                                              encrypt, blocklen);
+}
+
+SECStatus
+DES_InitContext(DESContext *cx, const unsigned char *key,
+                unsigned int keylen, const unsigned char *iv, int mode,
+                unsigned int encrypt, unsigned int xtra)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_DES_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
+}
+
+SECStatus
+SEED_InitContext(SEEDContext *cx, const unsigned char *key,
+                 unsigned int keylen, const unsigned char *iv, int mode,
+                 unsigned int encrypt, unsigned int xtra)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SEED_InitContext)(cx, key, keylen, iv, mode, encrypt, xtra);
+}
+
+SECStatus
+RC2_InitContext(RC2Context *cx, const unsigned char *key,
+                unsigned int keylen, const unsigned char *iv, int mode,
+                unsigned int effectiveKeyLen, unsigned int xtra)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC2_InitContext)(cx, key, keylen, iv, mode,
+                                       effectiveKeyLen, xtra);
+}
+
+SECStatus
+RC4_InitContext(RC4Context *cx, const unsigned char *key,
+                unsigned int keylen, const unsigned char *x1, int x2,
+                unsigned int x3, unsigned int x4)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RC4_InitContext)(cx, key, keylen, x1, x2, x3, x4);
+}
+
+void
+MD2_Clone(MD2Context *dest, MD2Context *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD2_Clone)(dest, src);
+}
+
+void
+MD5_Clone(MD5Context *dest, MD5Context *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_MD5_Clone)(dest, src);
+}
+
+void
+SHA1_Clone(SHA1Context *dest, SHA1Context *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA1_Clone)(dest, src);
+}
+
+void
+SHA256_Clone(SHA256Context *dest, SHA256Context *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA256_Clone)(dest, src);
+}
+
+void
+SHA384_Clone(SHA384Context *dest, SHA384Context *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA384_Clone)(dest, src);
+}
+
+void
+SHA512_Clone(SHA512Context *dest, SHA512Context *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA512_Clone)(dest, src);
+}
+
+SECStatus
+TLS_PRF(const SECItem *secret, const char *label,
+        SECItem *seed, SECItem *result, PRBool isFIPS)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_TLS_PRF)(secret, label, seed, result, isFIPS);
+}
+
+const SECHashObject *
+HASH_GetRawHashObject(HASH_HashType hashType)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_HASH_GetRawHashObject)(hashType);
+}
+
+void
+HMAC_Destroy(HMACContext *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_HMAC_Destroy)(cx, freeit);
+}
+
+HMACContext *
+HMAC_Create(const SECHashObject *hashObj, const unsigned char *secret,
+            unsigned int secret_len, PRBool isFIPS)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_HMAC_Create)(hashObj, secret, secret_len, isFIPS);
+}
+
+SECStatus
+HMAC_Init(HMACContext *cx, const SECHashObject *hashObj,
+          const unsigned char *secret, unsigned int secret_len, PRBool isFIPS)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_HMAC_Init)(cx, hashObj, secret, secret_len, isFIPS);
+}
+
+void
+HMAC_Begin(HMACContext *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_HMAC_Begin)(cx);
+}
+
+void
+HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_HMAC_Update)(cx, data, data_len);
+}
+
+SECStatus
+HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
+            unsigned int max_result_len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_HMAC_Finish)(cx, result, result_len, max_result_len);
+}
+
+HMACContext *
+HMAC_Clone(HMACContext *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_HMAC_Clone)(cx);
+}
+
+void
+RNG_SystemInfoForRNG(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_RNG_SystemInfoForRNG)();
+}
+
+SECStatus
+FIPS186Change_GenerateX(unsigned char *XKEY, const unsigned char *XSEEDj,
+                        unsigned char *x_j)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_FIPS186Change_GenerateX)(XKEY, XSEEDj, x_j);
+}
+
+SECStatus
+FIPS186Change_ReduceModQForDSA(const unsigned char *w,
+                               const unsigned char *q,
+                               unsigned char *xj)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_FIPS186Change_ReduceModQForDSA)(w, q, xj);
+}
+
+/* === new for Camellia === */
+SECStatus
+Camellia_InitContext(CamelliaContext *cx, const unsigned char *key,
+                     unsigned int keylen, const unsigned char *iv, int mode,
+                     unsigned int encrypt, unsigned int unused)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_Camellia_InitContext)(cx, key, keylen, iv, mode, encrypt,
+                                            unused);
+}
+
+CamelliaContext *
+Camellia_AllocateContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_Camellia_AllocateContext)();
+}
+
+CamelliaContext *
+Camellia_CreateContext(const unsigned char *key, const unsigned char *iv,
+                       int mode, int encrypt,
+                       unsigned int keylen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_Camellia_CreateContext)(key, iv, mode, encrypt, keylen);
+}
+
+void
+Camellia_DestroyContext(CamelliaContext *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_Camellia_DestroyContext)(cx, freeit);
+}
+
+SECStatus
+Camellia_Encrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_Camellia_Encrypt)(cx, output, outputLen, maxOutputLen,
+                                        input, inputLen);
+}
+
+SECStatus
+Camellia_Decrypt(CamelliaContext *cx, unsigned char *output,
+                 unsigned int *outputLen, unsigned int maxOutputLen,
+                 const unsigned char *input, unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_Camellia_Decrypt)(cx, output, outputLen, maxOutputLen,
+                                        input, inputLen);
+}
+
+void
+BL_SetForkState(PRBool forked)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_BL_SetForkState)(forked);
+}
+
+SECStatus
+PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
+                     const PRUint8 *nonce, unsigned int nonce_len,
+                     const PRUint8 *personal_string, unsigned int ps_len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PRNGTEST_Instantiate)(entropy, entropy_len,
+                                            nonce, nonce_len,
+                                            personal_string, ps_len);
+}
+
+SECStatus
+PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
+                const PRUint8 *additional, unsigned int additional_len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PRNGTEST_Reseed)(entropy, entropy_len,
+                                       additional, additional_len);
+}
+
+SECStatus
+PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
+                  const PRUint8 *additional, unsigned int additional_len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PRNGTEST_Generate)(bytes, bytes_len,
+                                         additional, additional_len);
+}
+
+SECStatus
+PRNGTEST_Uninstantiate()
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PRNGTEST_Uninstantiate)();
+}
+
+SECStatus
+RSA_PopulatePrivateKey(RSAPrivateKey *key)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_PopulatePrivateKey)(key);
+}
+
+SECStatus
+JPAKE_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+           const SECItem *signerID, const SECItem *x,
+           const SECItem *testRandom, const SECItem *gxIn, SECItem *gxOut,
+           SECItem *gv, SECItem *r)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_JPAKE_Sign)(arena, pqg, hashType, signerID, x,
+                                  testRandom, gxIn, gxOut, gv, r);
+}
+
+SECStatus
+JPAKE_Verify(PLArenaPool *arena, const PQGParams *pqg,
+             HASH_HashType hashType, const SECItem *signerID,
+             const SECItem *peerID, const SECItem *gx,
+             const SECItem *gv, const SECItem *r)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_JPAKE_Verify)(arena, pqg, hashType, signerID, peerID,
+                                    gx, gv, r);
+}
+
+SECStatus
+JPAKE_Round2(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+             const SECItem *gx1, const SECItem *gx3, const SECItem *gx4,
+             SECItem *base, const SECItem *x2, const SECItem *s, SECItem *x2s)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_JPAKE_Round2)(arena, p, q, gx1, gx3, gx4, base, x2, s, x2s);
+}
+
+SECStatus
+JPAKE_Final(PLArenaPool *arena, const SECItem *p, const SECItem *q,
+            const SECItem *x2, const SECItem *gx4, const SECItem *x2s,
+            const SECItem *B, SECItem *K)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_JPAKE_Final)(arena, p, q, x2, gx4, x2s, B, K);
+}
+
+SECStatus
+TLS_P_hash(HASH_HashType hashAlg, const SECItem *secret, const char *label,
+           SECItem *seed, SECItem *result, PRBool isFIPS)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_TLS_P_hash)(hashAlg, secret, label, seed, result, isFIPS);
+}
+
+SECStatus
+SHA224_Hash(unsigned char *dest, const char *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA224_Hash)(dest, src);
+}
+
+SECStatus
+SHA224_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA224_HashBuf)(dest, src, src_length);
+}
+
+SHA224Context *
+SHA224_NewContext(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA224_NewContext)();
+}
+
+void
+SHA224_DestroyContext(SHA224Context *cx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA224_DestroyContext)(cx, freeit);
+}
+
+void
+SHA224_Begin(SHA256Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA224_Begin)(cx);
+}
+
+void
+SHA224_Update(SHA224Context *cx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA224_Update)(cx, input, inputLen);
+}
+
+void
+SHA224_End(SHA224Context *cx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA224_End)(cx, digest, digestLen, maxDigestLen);
+}
+
+void
+SHA224_TraceState(SHA224Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA224_TraceState)(cx);
+}
+
+unsigned int
+SHA224_FlattenSize(SHA224Context *cx)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return 0;
+    return (vector->p_SHA224_FlattenSize)(cx);
+}
+
+SECStatus
+SHA224_Flatten(SHA224Context *cx, unsigned char *space)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SHA224_Flatten)(cx, space);
+}
+
+SHA224Context *
+SHA224_Resurrect(unsigned char *space, void *arg)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_SHA224_Resurrect)(space, arg);
+}
+
+void
+SHA224_Clone(SHA224Context *dest, SHA224Context *src)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_SHA224_Clone)(dest, src);
+}
+
+PRBool
+BLAPI_SHVerifyFile(const char *name)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return PR_FALSE;
+    return vector->p_BLAPI_SHVerifyFile(name);
+}
+
+/* === new for DSA-2 === */
+SECStatus
+PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
+               PQGParams **pParams, PQGVerify **pVfy)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_PQG_ParamGenV2)(L, N, seedBytes, pParams, pVfy);
+}
+
+SECStatus
+PRNGTEST_RunHealthTests(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return vector->p_PRNGTEST_RunHealthTests();
+}
+
+SECStatus
+SSLv3_MAC_ConstantTime(
+    unsigned char *result,
+    unsigned int *resultLen,
+    unsigned int maxResultLen,
+    const SECHashObject *hashObj,
+    const unsigned char *secret,
+    unsigned int secretLen,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const unsigned char *body,
+    unsigned int bodyLen,
+    unsigned int bodyTotalLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_SSLv3_MAC_ConstantTime)(
+        result, resultLen, maxResultLen,
+        hashObj,
+        secret, secretLen,
+        header, headerLen,
+        body, bodyLen, bodyTotalLen);
+}
+
+SECStatus
+HMAC_ConstantTime(
+    unsigned char *result,
+    unsigned int *resultLen,
+    unsigned int maxResultLen,
+    const SECHashObject *hashObj,
+    const unsigned char *secret,
+    unsigned int secretLen,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const unsigned char *body,
+    unsigned int bodyLen,
+    unsigned int bodyTotalLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_HMAC_ConstantTime)(
+        result, resultLen, maxResultLen,
+        hashObj,
+        secret, secretLen,
+        header, headerLen,
+        body, bodyLen, bodyTotalLen);
+}
+
+SECStatus
+RSA_SignRaw(RSAPrivateKey *key,
+            unsigned char *output,
+            unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_SignRaw)(key, output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+SECStatus
+RSA_CheckSignRaw(RSAPublicKey *key,
+                 const unsigned char *sig,
+                 unsigned int sigLen,
+                 const unsigned char *hash,
+                 unsigned int hashLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_CheckSignRaw)(key, sig, sigLen, hash, hashLen);
+}
+
+SECStatus
+RSA_CheckSignRecoverRaw(RSAPublicKey *key,
+                        unsigned char *data,
+                        unsigned int *dataLen,
+                        unsigned int maxDataLen,
+                        const unsigned char *sig,
+                        unsigned int sigLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_CheckSignRecoverRaw)(key, data, dataLen, maxDataLen,
+                                               sig, sigLen);
+}
+
+SECStatus
+RSA_EncryptRaw(RSAPublicKey *key,
+               unsigned char *output,
+               unsigned int *outputLen,
+               unsigned int maxOutputLen,
+               const unsigned char *input,
+               unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_EncryptRaw)(key, output, outputLen, maxOutputLen,
+                                      input, inputLen);
+}
+
+SECStatus
+RSA_DecryptRaw(RSAPrivateKey *key,
+               unsigned char *output,
+               unsigned int *outputLen,
+               unsigned int maxOutputLen,
+               const unsigned char *input,
+               unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_DecryptRaw)(key, output, outputLen, maxOutputLen,
+                                      input, inputLen);
+}
+
+SECStatus
+RSA_EncryptOAEP(RSAPublicKey *key,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen,
+                const unsigned char *seed,
+                unsigned int seedLen,
+                unsigned char *output,
+                unsigned int *outputLen,
+                unsigned int maxOutputLen,
+                const unsigned char *input,
+                unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_EncryptOAEP)(key, hashAlg, maskHashAlg, label,
+                                       labelLen, seed, seedLen, output,
+                                       outputLen, maxOutputLen, input, inputLen);
+}
+
+SECStatus
+RSA_DecryptOAEP(RSAPrivateKey *key,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen,
+                unsigned char *output,
+                unsigned int *outputLen,
+                unsigned int maxOutputLen,
+                const unsigned char *input,
+                unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_DecryptOAEP)(key, hashAlg, maskHashAlg, label,
+                                       labelLen, output, outputLen,
+                                       maxOutputLen, input, inputLen);
+}
+
+SECStatus
+RSA_EncryptBlock(RSAPublicKey *key,
+                 unsigned char *output,
+                 unsigned int *outputLen,
+                 unsigned int maxOutputLen,
+                 const unsigned char *input,
+                 unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_EncryptBlock)(key, output, outputLen, maxOutputLen,
+                                        input, inputLen);
+}
+
+SECStatus
+RSA_DecryptBlock(RSAPrivateKey *key,
+                 unsigned char *output,
+                 unsigned int *outputLen,
+                 unsigned int maxOutputLen,
+                 const unsigned char *input,
+                 unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_DecryptBlock)(key, output, outputLen, maxOutputLen,
+                                        input, inputLen);
+}
+
+SECStatus
+RSA_SignPSS(RSAPrivateKey *key,
+            HASH_HashType hashAlg,
+            HASH_HashType maskHashAlg,
+            const unsigned char *salt,
+            unsigned int saltLen,
+            unsigned char *output,
+            unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *input,
+            unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_SignPSS)(key, hashAlg, maskHashAlg, salt, saltLen,
+                                   output, outputLen, maxOutputLen, input,
+                                   inputLen);
+}
+
+SECStatus
+RSA_CheckSignPSS(RSAPublicKey *key,
+                 HASH_HashType hashAlg,
+                 HASH_HashType maskHashAlg,
+                 unsigned int saltLen,
+                 const unsigned char *sig,
+                 unsigned int sigLen,
+                 const unsigned char *hash,
+                 unsigned int hashLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_CheckSignPSS)(key, hashAlg, maskHashAlg, saltLen,
+                                        sig, sigLen, hash, hashLen);
+}
+
+SECStatus
+RSA_Sign(RSAPrivateKey *key,
+         unsigned char *output,
+         unsigned int *outputLen,
+         unsigned int maxOutputLen,
+         const unsigned char *input,
+         unsigned int inputLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_Sign)(key, output, outputLen, maxOutputLen, input,
+                                inputLen);
+}
+
+SECStatus
+RSA_CheckSign(RSAPublicKey *key,
+              const unsigned char *sig,
+              unsigned int sigLen,
+              const unsigned char *data,
+              unsigned int dataLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_CheckSign)(key, sig, sigLen, data, dataLen);
+}
+
+SECStatus
+RSA_CheckSignRecover(RSAPublicKey *key,
+                     unsigned char *output,
+                     unsigned int *outputLen,
+                     unsigned int maxOutputLen,
+                     const unsigned char *sig,
+                     unsigned int sigLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_RSA_CheckSignRecover)(key, output, outputLen, maxOutputLen,
+                                            sig, sigLen);
+}
+
+SECStatus
+EC_FillParams(PLArenaPool *arena,
+              const SECItem *encodedParams,
+              ECParams *params)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_EC_FillParams)(arena, encodedParams, params);
+}
+
+SECStatus
+EC_DecodeParams(const SECItem *encodedParams,
+                ECParams **ecparams)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_EC_DecodeParams)(encodedParams, ecparams);
+}
+
+SECStatus
+EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+              const ECParams *srcParams)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_EC_CopyParams)(arena, dstParams, srcParams);
+}
+
+SECStatus
+ChaCha20Poly1305_InitContext(ChaCha20Poly1305Context *ctx,
+                             const unsigned char *key, unsigned int keyLen,
+                             unsigned int tagLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ChaCha20Poly1305_InitContext)(ctx, key, keyLen, tagLen);
+}
+
+ChaCha20Poly1305Context *
+ChaCha20Poly1305_CreateContext(const unsigned char *key, unsigned int keyLen,
+                               unsigned int tagLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_ChaCha20Poly1305_CreateContext)(key, keyLen, tagLen);
+}
+
+void
+ChaCha20Poly1305_DestroyContext(ChaCha20Poly1305Context *ctx, PRBool freeit)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_ChaCha20Poly1305_DestroyContext)(ctx, freeit);
+}
+
+SECStatus
+ChaCha20Poly1305_Seal(const ChaCha20Poly1305Context *ctx,
+                      unsigned char *output, unsigned int *outputLen,
+                      unsigned int maxOutputLen,
+                      const unsigned char *input, unsigned int inputLen,
+                      const unsigned char *nonce, unsigned int nonceLen,
+                      const unsigned char *ad, unsigned int adLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ChaCha20Poly1305_Seal)(
+        ctx, output, outputLen, maxOutputLen, input, inputLen,
+        nonce, nonceLen, ad, adLen);
+}
+
+SECStatus
+ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx,
+                      unsigned char *output, unsigned int *outputLen,
+                      unsigned int maxOutputLen,
+                      const unsigned char *input, unsigned int inputLen,
+                      const unsigned char *nonce, unsigned int nonceLen,
+                      const unsigned char *ad, unsigned int adLen)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_ChaCha20Poly1305_Open)(
+        ctx, output, outputLen, maxOutputLen, input, inputLen,
+        nonce, nonceLen, ad, adLen);
+}
+
+int
+EC_GetPointSize(const ECParams *params)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return SECFailure;
+    return (vector->p_EC_GetPointSize)(params);
+}
diff --git a/nss/lib/freebl/loader.h b/nss/lib/freebl/loader.h
new file mode 100644
index 0000000..ed392cc
--- /dev/null
+++ b/nss/lib/freebl/loader.h
@@ -0,0 +1,788 @@
+/*
+ * loader.h - load platform dependent DSO containing freebl implementation.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _LOADER_H_
+#define _LOADER_H_ 1
+
+#include "blapi.h"
+
+#define FREEBL_VERSION 0x0313
+
+struct FREEBLVectorStr {
+
+    unsigned short length;  /* of this struct in bytes */
+    unsigned short version; /* of this struct. */
+
+    RSAPrivateKey *(*p_RSA_NewKey)(int keySizeInBits,
+                                   SECItem *publicExponent);
+
+    SECStatus (*p_RSA_PublicKeyOp)(RSAPublicKey *key,
+                                   unsigned char *output,
+                                   const unsigned char *input);
+
+    SECStatus (*p_RSA_PrivateKeyOp)(RSAPrivateKey *key,
+                                    unsigned char *output,
+                                    const unsigned char *input);
+
+    SECStatus (*p_DSA_NewKey)(const PQGParams *params,
+                              DSAPrivateKey **privKey);
+
+    SECStatus (*p_DSA_SignDigest)(DSAPrivateKey *key,
+                                  SECItem *signature,
+                                  const SECItem *digest);
+
+    SECStatus (*p_DSA_VerifyDigest)(DSAPublicKey *key,
+                                    const SECItem *signature,
+                                    const SECItem *digest);
+
+    SECStatus (*p_DSA_NewKeyFromSeed)(const PQGParams *params,
+                                      const unsigned char *seed,
+                                      DSAPrivateKey **privKey);
+
+    SECStatus (*p_DSA_SignDigestWithSeed)(DSAPrivateKey *key,
+                                          SECItem *signature,
+                                          const SECItem *digest,
+                                          const unsigned char *seed);
+
+    SECStatus (*p_DH_GenParam)(int primeLen, DHParams **params);
+
+    SECStatus (*p_DH_NewKey)(DHParams *params,
+                             DHPrivateKey **privKey);
+
+    SECStatus (*p_DH_Derive)(SECItem *publicValue,
+                             SECItem *prime,
+                             SECItem *privateValue,
+                             SECItem *derivedSecret,
+                             unsigned int maxOutBytes);
+
+    SECStatus (*p_KEA_Derive)(SECItem *prime,
+                              SECItem *public1,
+                              SECItem *public2,
+                              SECItem *private1,
+                              SECItem *private2,
+                              SECItem *derivedSecret);
+
+    PRBool (*p_KEA_Verify)(SECItem *Y, SECItem *prime, SECItem *subPrime);
+
+    RC4Context *(*p_RC4_CreateContext)(const unsigned char *key, int len);
+
+    void (*p_RC4_DestroyContext)(RC4Context *cx, PRBool freeit);
+
+    SECStatus (*p_RC4_Encrypt)(RC4Context *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_RC4_Decrypt)(RC4Context *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    RC2Context *(*p_RC2_CreateContext)(const unsigned char *key,
+                                       unsigned int len, const unsigned char *iv,
+                                       int mode, unsigned effectiveKeyLen);
+
+    void (*p_RC2_DestroyContext)(RC2Context *cx, PRBool freeit);
+
+    SECStatus (*p_RC2_Encrypt)(RC2Context *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_RC2_Decrypt)(RC2Context *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    RC5Context *(*p_RC5_CreateContext)(const SECItem *key, unsigned int rounds,
+                                       unsigned int wordSize, const unsigned char *iv, int mode);
+
+    void (*p_RC5_DestroyContext)(RC5Context *cx, PRBool freeit);
+
+    SECStatus (*p_RC5_Encrypt)(RC5Context *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_RC5_Decrypt)(RC5Context *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    DESContext *(*p_DES_CreateContext)(const unsigned char *key,
+                                       const unsigned char *iv,
+                                       int mode, PRBool encrypt);
+
+    void (*p_DES_DestroyContext)(DESContext *cx, PRBool freeit);
+
+    SECStatus (*p_DES_Encrypt)(DESContext *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_DES_Decrypt)(DESContext *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    AESContext *(*p_AES_CreateContext)(const unsigned char *key,
+                                       const unsigned char *iv,
+                                       int mode, int encrypt, unsigned int keylen,
+                                       unsigned int blocklen);
+
+    void (*p_AES_DestroyContext)(AESContext *cx, PRBool freeit);
+
+    SECStatus (*p_AES_Encrypt)(AESContext *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_AES_Decrypt)(AESContext *cx, unsigned char *output,
+                               unsigned int *outputLen, unsigned int maxOutputLen,
+                               const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_MD5_Hash)(unsigned char *dest, const char *src);
+
+    SECStatus (*p_MD5_HashBuf)(unsigned char *dest, const unsigned char *src,
+                               PRUint32 src_length);
+
+    MD5Context *(*p_MD5_NewContext)(void);
+
+    void (*p_MD5_DestroyContext)(MD5Context *cx, PRBool freeit);
+
+    void (*p_MD5_Begin)(MD5Context *cx);
+
+    void (*p_MD5_Update)(MD5Context *cx,
+                         const unsigned char *input, unsigned int inputLen);
+
+    void (*p_MD5_End)(MD5Context *cx, unsigned char *digest,
+                      unsigned int *digestLen, unsigned int maxDigestLen);
+
+    unsigned int (*p_MD5_FlattenSize)(MD5Context *cx);
+
+    SECStatus (*p_MD5_Flatten)(MD5Context *cx, unsigned char *space);
+
+    MD5Context *(*p_MD5_Resurrect)(unsigned char *space, void *arg);
+
+    void (*p_MD5_TraceState)(MD5Context *cx);
+
+    SECStatus (*p_MD2_Hash)(unsigned char *dest, const char *src);
+
+    MD2Context *(*p_MD2_NewContext)(void);
+
+    void (*p_MD2_DestroyContext)(MD2Context *cx, PRBool freeit);
+
+    void (*p_MD2_Begin)(MD2Context *cx);
+
+    void (*p_MD2_Update)(MD2Context *cx,
+                         const unsigned char *input, unsigned int inputLen);
+
+    void (*p_MD2_End)(MD2Context *cx, unsigned char *digest,
+                      unsigned int *digestLen, unsigned int maxDigestLen);
+
+    unsigned int (*p_MD2_FlattenSize)(MD2Context *cx);
+
+    SECStatus (*p_MD2_Flatten)(MD2Context *cx, unsigned char *space);
+
+    MD2Context *(*p_MD2_Resurrect)(unsigned char *space, void *arg);
+
+    SECStatus (*p_SHA1_Hash)(unsigned char *dest, const char *src);
+
+    SECStatus (*p_SHA1_HashBuf)(unsigned char *dest, const unsigned char *src,
+                                PRUint32 src_length);
+
+    SHA1Context *(*p_SHA1_NewContext)(void);
+
+    void (*p_SHA1_DestroyContext)(SHA1Context *cx, PRBool freeit);
+
+    void (*p_SHA1_Begin)(SHA1Context *cx);
+
+    void (*p_SHA1_Update)(SHA1Context *cx, const unsigned char *input,
+                          unsigned int inputLen);
+
+    void (*p_SHA1_End)(SHA1Context *cx, unsigned char *digest,
+                       unsigned int *digestLen, unsigned int maxDigestLen);
+
+    void (*p_SHA1_TraceState)(SHA1Context *cx);
+
+    unsigned int (*p_SHA1_FlattenSize)(SHA1Context *cx);
+
+    SECStatus (*p_SHA1_Flatten)(SHA1Context *cx, unsigned char *space);
+
+    SHA1Context *(*p_SHA1_Resurrect)(unsigned char *space, void *arg);
+
+    SECStatus (*p_RNG_RNGInit)(void);
+
+    SECStatus (*p_RNG_RandomUpdate)(const void *data, size_t bytes);
+
+    SECStatus (*p_RNG_GenerateGlobalRandomBytes)(void *dest, size_t len);
+
+    void (*p_RNG_RNGShutdown)(void);
+
+    SECStatus (*p_PQG_ParamGen)(unsigned int j, PQGParams **pParams,
+                                PQGVerify **pVfy);
+
+    SECStatus (*p_PQG_ParamGenSeedLen)(unsigned int j, unsigned int seedBytes,
+                                       PQGParams **pParams, PQGVerify **pVfy);
+
+    SECStatus (*p_PQG_VerifyParams)(const PQGParams *params,
+                                    const PQGVerify *vfy, SECStatus *result);
+
+    /* Version 3.001 came to here */
+
+    SECStatus (*p_RSA_PrivateKeyOpDoubleChecked)(RSAPrivateKey *key,
+                                                 unsigned char *output,
+                                                 const unsigned char *input);
+
+    SECStatus (*p_RSA_PrivateKeyCheck)(const RSAPrivateKey *key);
+
+    void (*p_BL_Cleanup)(void);
+
+    /* Version 3.002 came to here */
+
+    SHA256Context *(*p_SHA256_NewContext)(void);
+    void (*p_SHA256_DestroyContext)(SHA256Context *cx, PRBool freeit);
+    void (*p_SHA256_Begin)(SHA256Context *cx);
+    void (*p_SHA256_Update)(SHA256Context *cx, const unsigned char *input,
+                            unsigned int inputLen);
+    void (*p_SHA256_End)(SHA256Context *cx, unsigned char *digest,
+                         unsigned int *digestLen, unsigned int maxDigestLen);
+    SECStatus (*p_SHA256_HashBuf)(unsigned char *dest, const unsigned char *src,
+                                  PRUint32 src_length);
+    SECStatus (*p_SHA256_Hash)(unsigned char *dest, const char *src);
+    void (*p_SHA256_TraceState)(SHA256Context *cx);
+    unsigned int (*p_SHA256_FlattenSize)(SHA256Context *cx);
+    SECStatus (*p_SHA256_Flatten)(SHA256Context *cx, unsigned char *space);
+    SHA256Context *(*p_SHA256_Resurrect)(unsigned char *space, void *arg);
+
+    SHA512Context *(*p_SHA512_NewContext)(void);
+    void (*p_SHA512_DestroyContext)(SHA512Context *cx, PRBool freeit);
+    void (*p_SHA512_Begin)(SHA512Context *cx);
+    void (*p_SHA512_Update)(SHA512Context *cx, const unsigned char *input,
+                            unsigned int inputLen);
+    void (*p_SHA512_End)(SHA512Context *cx, unsigned char *digest,
+                         unsigned int *digestLen, unsigned int maxDigestLen);
+    SECStatus (*p_SHA512_HashBuf)(unsigned char *dest, const unsigned char *src,
+                                  PRUint32 src_length);
+    SECStatus (*p_SHA512_Hash)(unsigned char *dest, const char *src);
+    void (*p_SHA512_TraceState)(SHA512Context *cx);
+    unsigned int (*p_SHA512_FlattenSize)(SHA512Context *cx);
+    SECStatus (*p_SHA512_Flatten)(SHA512Context *cx, unsigned char *space);
+    SHA512Context *(*p_SHA512_Resurrect)(unsigned char *space, void *arg);
+
+    SHA384Context *(*p_SHA384_NewContext)(void);
+    void (*p_SHA384_DestroyContext)(SHA384Context *cx, PRBool freeit);
+    void (*p_SHA384_Begin)(SHA384Context *cx);
+    void (*p_SHA384_Update)(SHA384Context *cx, const unsigned char *input,
+                            unsigned int inputLen);
+    void (*p_SHA384_End)(SHA384Context *cx, unsigned char *digest,
+                         unsigned int *digestLen, unsigned int maxDigestLen);
+    SECStatus (*p_SHA384_HashBuf)(unsigned char *dest, const unsigned char *src,
+                                  PRUint32 src_length);
+    SECStatus (*p_SHA384_Hash)(unsigned char *dest, const char *src);
+    void (*p_SHA384_TraceState)(SHA384Context *cx);
+    unsigned int (*p_SHA384_FlattenSize)(SHA384Context *cx);
+    SECStatus (*p_SHA384_Flatten)(SHA384Context *cx, unsigned char *space);
+    SHA384Context *(*p_SHA384_Resurrect)(unsigned char *space, void *arg);
+
+    /* Version 3.003 came to here */
+
+    AESKeyWrapContext *(*p_AESKeyWrap_CreateContext)(const unsigned char *key,
+                                                     const unsigned char *iv, int encrypt, unsigned int keylen);
+
+    void (*p_AESKeyWrap_DestroyContext)(AESKeyWrapContext *cx, PRBool freeit);
+
+    SECStatus (*p_AESKeyWrap_Encrypt)(AESKeyWrapContext *cx,
+                                      unsigned char *output,
+                                      unsigned int *outputLen, unsigned int maxOutputLen,
+                                      const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_AESKeyWrap_Decrypt)(AESKeyWrapContext *cx,
+                                      unsigned char *output,
+                                      unsigned int *outputLen, unsigned int maxOutputLen,
+                                      const unsigned char *input, unsigned int inputLen);
+
+    /* Version 3.004 came to here */
+
+    PRBool (*p_BLAPI_SHVerify)(const char *name, PRFuncPtr addr);
+    PRBool (*p_BLAPI_VerifySelf)(const char *name);
+
+    /* Version 3.005 came to here */
+
+    SECStatus (*p_EC_NewKey)(ECParams *params,
+                             ECPrivateKey **privKey);
+
+    SECStatus (*p_EC_NewKeyFromSeed)(ECParams *params,
+                                     ECPrivateKey **privKey,
+                                     const unsigned char *seed,
+                                     int seedlen);
+
+    SECStatus (*p_EC_ValidatePublicKey)(ECParams *params,
+                                        SECItem *publicValue);
+
+    SECStatus (*p_ECDH_Derive)(SECItem *publicValue,
+                               ECParams *params,
+                               SECItem *privateValue,
+                               PRBool withCofactor,
+                               SECItem *derivedSecret);
+
+    SECStatus (*p_ECDSA_SignDigest)(ECPrivateKey *key,
+                                    SECItem *signature,
+                                    const SECItem *digest);
+
+    SECStatus (*p_ECDSA_VerifyDigest)(ECPublicKey *key,
+                                      const SECItem *signature,
+                                      const SECItem *digest);
+
+    SECStatus (*p_ECDSA_SignDigestWithSeed)(ECPrivateKey *key,
+                                            SECItem *signature,
+                                            const SECItem *digest,
+                                            const unsigned char *seed,
+                                            const int seedlen);
+
+    /* Version 3.006 came to here */
+
+    /* no modification to FREEBLVectorStr itself
+   * but ECParamStr was modified
+   */
+
+    /* Version 3.007 came to here */
+
+    SECStatus (*p_AES_InitContext)(AESContext *cx,
+                                   const unsigned char *key,
+                                   unsigned int keylen,
+                                   const unsigned char *iv,
+                                   int mode,
+                                   unsigned int encrypt,
+                                   unsigned int blocklen);
+    SECStatus (*p_AESKeyWrap_InitContext)(AESKeyWrapContext *cx,
+                                          const unsigned char *key,
+                                          unsigned int keylen,
+                                          const unsigned char *iv,
+                                          int mode,
+                                          unsigned int encrypt,
+                                          unsigned int blocklen);
+    SECStatus (*p_DES_InitContext)(DESContext *cx,
+                                   const unsigned char *key,
+                                   unsigned int keylen,
+                                   const unsigned char *iv,
+                                   int mode,
+                                   unsigned int encrypt,
+                                   unsigned int);
+    SECStatus (*p_RC2_InitContext)(RC2Context *cx,
+                                   const unsigned char *key,
+                                   unsigned int keylen,
+                                   const unsigned char *iv,
+                                   int mode,
+                                   unsigned int effectiveKeyLen,
+                                   unsigned int);
+    SECStatus (*p_RC4_InitContext)(RC4Context *cx,
+                                   const unsigned char *key,
+                                   unsigned int keylen,
+                                   const unsigned char *,
+                                   int,
+                                   unsigned int,
+                                   unsigned int);
+
+    AESContext *(*p_AES_AllocateContext)(void);
+    AESKeyWrapContext *(*p_AESKeyWrap_AllocateContext)(void);
+    DESContext *(*p_DES_AllocateContext)(void);
+    RC2Context *(*p_RC2_AllocateContext)(void);
+    RC4Context *(*p_RC4_AllocateContext)(void);
+
+    void (*p_MD2_Clone)(MD2Context *dest, MD2Context *src);
+    void (*p_MD5_Clone)(MD5Context *dest, MD5Context *src);
+    void (*p_SHA1_Clone)(SHA1Context *dest, SHA1Context *src);
+    void (*p_SHA256_Clone)(SHA256Context *dest, SHA256Context *src);
+    void (*p_SHA384_Clone)(SHA384Context *dest, SHA384Context *src);
+    void (*p_SHA512_Clone)(SHA512Context *dest, SHA512Context *src);
+
+    SECStatus (*p_TLS_PRF)(const SECItem *secret, const char *label,
+                           SECItem *seed, SECItem *result, PRBool isFIPS);
+
+    const SECHashObject *(*p_HASH_GetRawHashObject)(HASH_HashType hashType);
+
+    HMACContext *(*p_HMAC_Create)(const SECHashObject *hashObj,
+                                  const unsigned char *secret,
+                                  unsigned int secret_len, PRBool isFIPS);
+    SECStatus (*p_HMAC_Init)(HMACContext *cx, const SECHashObject *hash_obj,
+                             const unsigned char *secret,
+                             unsigned int secret_len, PRBool isFIPS);
+    void (*p_HMAC_Begin)(HMACContext *cx);
+    void (*p_HMAC_Update)(HMACContext *cx, const unsigned char *data,
+                          unsigned int data_len);
+    HMACContext *(*p_HMAC_Clone)(HMACContext *cx);
+    SECStatus (*p_HMAC_Finish)(HMACContext *cx, unsigned char *result,
+                               unsigned int *result_len,
+                               unsigned int max_result_len);
+    void (*p_HMAC_Destroy)(HMACContext *cx, PRBool freeit);
+
+    void (*p_RNG_SystemInfoForRNG)(void);
+
+    /* Version 3.008 came to here */
+
+    SECStatus (*p_FIPS186Change_GenerateX)(unsigned char *XKEY,
+                                           const unsigned char *XSEEDj,
+                                           unsigned char *x_j);
+    SECStatus (*p_FIPS186Change_ReduceModQForDSA)(const unsigned char *w,
+                                                  const unsigned char *q,
+                                                  unsigned char *xj);
+
+    /* Version 3.009 came to here */
+
+    SECStatus (*p_Camellia_InitContext)(CamelliaContext *cx,
+                                        const unsigned char *key,
+                                        unsigned int keylen,
+                                        const unsigned char *iv,
+                                        int mode,
+                                        unsigned int encrypt,
+                                        unsigned int unused);
+
+    CamelliaContext *(*p_Camellia_AllocateContext)(void);
+    CamelliaContext *(*p_Camellia_CreateContext)(const unsigned char *key,
+                                                 const unsigned char *iv,
+                                                 int mode, int encrypt,
+                                                 unsigned int keylen);
+    void (*p_Camellia_DestroyContext)(CamelliaContext *cx, PRBool freeit);
+
+    SECStatus (*p_Camellia_Encrypt)(CamelliaContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen);
+
+    SECStatus (*p_Camellia_Decrypt)(CamelliaContext *cx, unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen);
+
+    void (*p_PQG_DestroyParams)(PQGParams *params);
+
+    void (*p_PQG_DestroyVerify)(PQGVerify *vfy);
+
+    /* Version 3.010 came to here */
+
+    SECStatus (*p_SEED_InitContext)(SEEDContext *cx,
+                                    const unsigned char *key,
+                                    unsigned int keylen,
+                                    const unsigned char *iv,
+                                    int mode,
+                                    unsigned int encrypt,
+                                    unsigned int);
+
+    SEEDContext *(*p_SEED_AllocateContext)(void);
+
+    SEEDContext *(*p_SEED_CreateContext)(const unsigned char *key,
+                                         const unsigned char *iv,
+                                         int mode, PRBool encrypt);
+
+    void (*p_SEED_DestroyContext)(SEEDContext *cx, PRBool freeit);
+
+    SECStatus (*p_SEED_Encrypt)(SEEDContext *cx, unsigned char *output,
+                                unsigned int *outputLen, unsigned int maxOutputLen,
+                                const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_SEED_Decrypt)(SEEDContext *cx, unsigned char *output,
+                                unsigned int *outputLen, unsigned int maxOutputLen,
+                                const unsigned char *input, unsigned int inputLen);
+
+    SECStatus (*p_BL_Init)(void);
+    void (*p_BL_SetForkState)(PRBool);
+
+    SECStatus (*p_PRNGTEST_Instantiate)(const PRUint8 *entropy,
+                                        unsigned int entropy_len,
+                                        const PRUint8 *nonce,
+                                        unsigned int nonce_len,
+                                        const PRUint8 *personal_string,
+                                        unsigned int ps_len);
+
+    SECStatus (*p_PRNGTEST_Reseed)(const PRUint8 *entropy,
+                                   unsigned int entropy_len,
+                                   const PRUint8 *additional,
+                                   unsigned int additional_len);
+
+    SECStatus (*p_PRNGTEST_Generate)(PRUint8 *bytes,
+                                     unsigned int bytes_len,
+                                     const PRUint8 *additional,
+                                     unsigned int additional_len);
+
+    SECStatus (*p_PRNGTEST_Uninstantiate)(void);
+    /* Version 3.011 came to here */
+
+    SECStatus (*p_RSA_PopulatePrivateKey)(RSAPrivateKey *key);
+
+    SECStatus (*p_DSA_NewRandom)(PLArenaPool *arena, const SECItem *q,
+                                 SECItem *seed);
+
+    SECStatus (*p_JPAKE_Sign)(PLArenaPool *arena, const PQGParams *pqg,
+                              HASH_HashType hashType, const SECItem *signerID,
+                              const SECItem *x, const SECItem *testRandom,
+                              const SECItem *gxIn, SECItem *gxOut,
+                              SECItem *gv, SECItem *r);
+
+    SECStatus (*p_JPAKE_Verify)(PLArenaPool *arena, const PQGParams *pqg,
+                                HASH_HashType hashType, const SECItem *signerID,
+                                const SECItem *peerID, const SECItem *gx,
+                                const SECItem *gv, const SECItem *r);
+
+    SECStatus (*p_JPAKE_Round2)(PLArenaPool *arena, const SECItem *p,
+                                const SECItem *q, const SECItem *gx1,
+                                const SECItem *gx3, const SECItem *gx4,
+                                SECItem *base, const SECItem *x2,
+                                const SECItem *s, SECItem *x2s);
+
+    SECStatus (*p_JPAKE_Final)(PLArenaPool *arena, const SECItem *p,
+                               const SECItem *q, const SECItem *x2,
+                               const SECItem *gx4, const SECItem *x2s,
+                               const SECItem *B, SECItem *K);
+
+    /* Version 3.012 came to here */
+
+    SECStatus (*p_TLS_P_hash)(HASH_HashType hashAlg,
+                              const SECItem *secret,
+                              const char *label,
+                              SECItem *seed,
+                              SECItem *result,
+                              PRBool isFIPS);
+
+    SHA224Context *(*p_SHA224_NewContext)(void);
+    void (*p_SHA224_DestroyContext)(SHA224Context *cx, PRBool freeit);
+    void (*p_SHA224_Begin)(SHA224Context *cx);
+    void (*p_SHA224_Update)(SHA224Context *cx, const unsigned char *input,
+                            unsigned int inputLen);
+    void (*p_SHA224_End)(SHA224Context *cx, unsigned char *digest,
+                         unsigned int *digestLen, unsigned int maxDigestLen);
+    SECStatus (*p_SHA224_HashBuf)(unsigned char *dest, const unsigned char *src,
+                                  PRUint32 src_length);
+    SECStatus (*p_SHA224_Hash)(unsigned char *dest, const char *src);
+    void (*p_SHA224_TraceState)(SHA224Context *cx);
+    unsigned int (*p_SHA224_FlattenSize)(SHA224Context *cx);
+    SECStatus (*p_SHA224_Flatten)(SHA224Context *cx, unsigned char *space);
+    SHA224Context *(*p_SHA224_Resurrect)(unsigned char *space, void *arg);
+    void (*p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);
+    PRBool (*p_BLAPI_SHVerifyFile)(const char *name);
+
+    /* Version 3.013 came to here */
+
+    SECStatus (*p_PQG_ParamGenV2)(unsigned int L, unsigned int N,
+                                  unsigned int seedBytes,
+                                  PQGParams **pParams, PQGVerify **pVfy);
+    SECStatus (*p_PRNGTEST_RunHealthTests)(void);
+
+    /* Version 3.014 came to here */
+
+    SECStatus (*p_HMAC_ConstantTime)(
+        unsigned char *result,
+        unsigned int *resultLen,
+        unsigned int maxResultLen,
+        const SECHashObject *hashObj,
+        const unsigned char *secret,
+        unsigned int secretLen,
+        const unsigned char *header,
+        unsigned int headerLen,
+        const unsigned char *body,
+        unsigned int bodyLen,
+        unsigned int bodyTotalLen);
+
+    SECStatus (*p_SSLv3_MAC_ConstantTime)(
+        unsigned char *result,
+        unsigned int *resultLen,
+        unsigned int maxResultLen,
+        const SECHashObject *hashObj,
+        const unsigned char *secret,
+        unsigned int secretLen,
+        const unsigned char *header,
+        unsigned int headerLen,
+        const unsigned char *body,
+        unsigned int bodyLen,
+        unsigned int bodyTotalLen);
+
+    /* Version 3.015 came to here */
+
+    SECStatus (*p_RSA_SignRaw)(RSAPrivateKey *key,
+                               unsigned char *output,
+                               unsigned int *outputLen,
+                               unsigned int maxOutputLen,
+                               const unsigned char *input,
+                               unsigned int inputLen);
+    SECStatus (*p_RSA_CheckSignRaw)(RSAPublicKey *key,
+                                    const unsigned char *sig,
+                                    unsigned int sigLen,
+                                    const unsigned char *hash,
+                                    unsigned int hashLen);
+    SECStatus (*p_RSA_CheckSignRecoverRaw)(RSAPublicKey *key,
+                                           unsigned char *data,
+                                           unsigned int *dataLen,
+                                           unsigned int maxDataLen,
+                                           const unsigned char *sig,
+                                           unsigned int sigLen);
+    SECStatus (*p_RSA_EncryptRaw)(RSAPublicKey *key,
+                                  unsigned char *output,
+                                  unsigned int *outputLen,
+                                  unsigned int maxOutputLen,
+                                  const unsigned char *input,
+                                  unsigned int inputLen);
+    SECStatus (*p_RSA_DecryptRaw)(RSAPrivateKey *key,
+                                  unsigned char *output,
+                                  unsigned int *outputLen,
+                                  unsigned int maxOutputLen,
+                                  const unsigned char *input,
+                                  unsigned int inputLen);
+    SECStatus (*p_RSA_EncryptOAEP)(RSAPublicKey *key,
+                                   HASH_HashType hashAlg,
+                                   HASH_HashType maskHashAlg,
+                                   const unsigned char *label,
+                                   unsigned int labelLen,
+                                   const unsigned char *seed,
+                                   unsigned int seedLen,
+                                   unsigned char *output,
+                                   unsigned int *outputLen,
+                                   unsigned int maxOutputLen,
+                                   const unsigned char *input,
+                                   unsigned int inputLen);
+    SECStatus (*p_RSA_DecryptOAEP)(RSAPrivateKey *key,
+                                   HASH_HashType hashAlg,
+                                   HASH_HashType maskHashAlg,
+                                   const unsigned char *label,
+                                   unsigned int labelLen,
+                                   unsigned char *output,
+                                   unsigned int *outputLen,
+                                   unsigned int maxOutputLen,
+                                   const unsigned char *input,
+                                   unsigned int inputLen);
+    SECStatus (*p_RSA_EncryptBlock)(RSAPublicKey *key,
+                                    unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen);
+    SECStatus (*p_RSA_DecryptBlock)(RSAPrivateKey *key,
+                                    unsigned char *output,
+                                    unsigned int *outputLen,
+                                    unsigned int maxOutputLen,
+                                    const unsigned char *input,
+                                    unsigned int inputLen);
+    SECStatus (*p_RSA_SignPSS)(RSAPrivateKey *key,
+                               HASH_HashType hashAlg,
+                               HASH_HashType maskHashAlg,
+                               const unsigned char *salt,
+                               unsigned int saltLen,
+                               unsigned char *output,
+                               unsigned int *outputLen,
+                               unsigned int maxOutputLen,
+                               const unsigned char *input,
+                               unsigned int inputLen);
+    SECStatus (*p_RSA_CheckSignPSS)(RSAPublicKey *key,
+                                    HASH_HashType hashAlg,
+                                    HASH_HashType maskHashAlg,
+                                    unsigned int saltLen,
+                                    const unsigned char *sig,
+                                    unsigned int sigLen,
+                                    const unsigned char *hash,
+                                    unsigned int hashLen);
+    SECStatus (*p_RSA_Sign)(RSAPrivateKey *key,
+                            unsigned char *output,
+                            unsigned int *outputLen,
+                            unsigned int maxOutputLen,
+                            const unsigned char *input,
+                            unsigned int inputLen);
+    SECStatus (*p_RSA_CheckSign)(RSAPublicKey *key,
+                                 const unsigned char *sig,
+                                 unsigned int sigLen,
+                                 const unsigned char *data,
+                                 unsigned int dataLen);
+    SECStatus (*p_RSA_CheckSignRecover)(RSAPublicKey *key,
+                                        unsigned char *output,
+                                        unsigned int *outputLen,
+                                        unsigned int maxOutputLen,
+                                        const unsigned char *sig,
+                                        unsigned int sigLen);
+
+    /* Version 3.016 came to here */
+
+    SECStatus (*p_EC_FillParams)(PLArenaPool *arena,
+                                 const SECItem *encodedParams, ECParams *params);
+    SECStatus (*p_EC_DecodeParams)(const SECItem *encodedParams,
+                                   ECParams **ecparams);
+    SECStatus (*p_EC_CopyParams)(PLArenaPool *arena, ECParams *dstParams,
+                                 const ECParams *srcParams);
+
+    /* Version 3.017 came to here */
+
+    SECStatus (*p_ChaCha20Poly1305_InitContext)(ChaCha20Poly1305Context *ctx,
+                                                const unsigned char *key,
+                                                unsigned int keyLen,
+                                                unsigned int tagLen);
+
+    ChaCha20Poly1305Context *(*p_ChaCha20Poly1305_CreateContext)(
+        const unsigned char *key, unsigned int keyLen, unsigned int tagLen);
+
+    void (*p_ChaCha20Poly1305_DestroyContext)(ChaCha20Poly1305Context *ctx,
+                                              PRBool freeit);
+
+    SECStatus (*p_ChaCha20Poly1305_Seal)(
+        const ChaCha20Poly1305Context *ctx, unsigned char *output,
+        unsigned int *outputLen, unsigned int maxOutputLen,
+        const unsigned char *input, unsigned int inputLen,
+        const unsigned char *nonce, unsigned int nonceLen,
+        const unsigned char *ad, unsigned int adLen);
+
+    SECStatus (*p_ChaCha20Poly1305_Open)(
+        const ChaCha20Poly1305Context *ctx, unsigned char *output,
+        unsigned int *outputLen, unsigned int maxOutputLen,
+        const unsigned char *input, unsigned int inputLen,
+        const unsigned char *nonce, unsigned int nonceLen,
+        const unsigned char *ad, unsigned int adLen);
+
+    /* Version 3.018 came to here */
+
+    int (*p_EC_GetPointSize)(const ECParams *);
+
+    /* Version 3.019 came to here */
+
+    /* Add new function pointers at the end of this struct and bump
+     * FREEBL_VERSION at the beginning of this file. */
+};
+
+typedef struct FREEBLVectorStr FREEBLVector;
+
+#ifdef FREEBL_LOWHASH
+#include "nsslowhash.h"
+
+#define NSSLOW_VERSION 0x0300
+
+struct NSSLOWVectorStr {
+    unsigned short length;  /* of this struct in bytes */
+    unsigned short version; /* of this struct. */
+    const FREEBLVector *(*p_FREEBL_GetVector)(void);
+    NSSLOWInitContext *(*p_NSSLOW_Init)(void);
+    void (*p_NSSLOW_Shutdown)(NSSLOWInitContext *context);
+    void (*p_NSSLOW_Reset)(NSSLOWInitContext *context);
+    NSSLOWHASHContext *(*p_NSSLOWHASH_NewContext)(
+        NSSLOWInitContext *initContext,
+        HASH_HashType hashType);
+    void (*p_NSSLOWHASH_Begin)(NSSLOWHASHContext *context);
+    void (*p_NSSLOWHASH_Update)(NSSLOWHASHContext *context,
+                                const unsigned char *buf,
+                                unsigned int len);
+    void (*p_NSSLOWHASH_End)(NSSLOWHASHContext *context,
+                             unsigned char *buf,
+                             unsigned int *ret, unsigned int len);
+    void (*p_NSSLOWHASH_Destroy)(NSSLOWHASHContext *context);
+    unsigned int (*p_NSSLOWHASH_Length)(NSSLOWHASHContext *context);
+};
+
+typedef struct NSSLOWVectorStr NSSLOWVector;
+#endif
+
+SEC_BEGIN_PROTOS
+
+#ifdef FREEBL_LOWHASH
+typedef const NSSLOWVector *NSSLOWGetVectorFn(void);
+
+extern NSSLOWGetVectorFn NSSLOW_GetVector;
+#endif
+
+typedef const FREEBLVector *FREEBLGetVectorFn(void);
+
+extern FREEBLGetVectorFn FREEBL_GetVector;
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/freebl/lowhash_vector.c b/nss/lib/freebl/lowhash_vector.c
new file mode 100644
index 0000000..7690c98
--- /dev/null
+++ b/nss/lib/freebl/lowhash_vector.c
@@ -0,0 +1,217 @@
+/*
+ * loader.c - load platform dependent DSO containing freebl implementation.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#define _GNU_SOURCE 1
+#include "loader.h"
+#include "prmem.h"
+#include "prerror.h"
+#include "prinit.h"
+#include "prenv.h"
+#include "blname.c"
+
+#include "prio.h"
+#include "prprf.h"
+#include <stdio.h>
+#include "prsystem.h"
+#include "nsslowhash.h"
+#include <dlfcn.h>
+#include "pratom.h"
+
+static PRLibrary *blLib;
+
+#define LSB(x) ((x)&0xff)
+#define MSB(x) ((x) >> 8)
+
+static const NSSLOWVector *vector;
+static const char *libraryName = NULL;
+
+/* pretty much only glibc uses this, make sure we don't have any depenencies
+ * on nspr.. */
+#undef PORT_Alloc
+#undef PORT_Free
+#define PORT_Alloc malloc
+#define PR_Malloc malloc
+#define PORT_Free free
+#define PR_Free free
+#define PR_GetDirectorySeparator() '/'
+#define PR_LoadLibraryWithFlags(libspec, flags) \
+    (PRLibrary *)dlopen(libSpec.value.pathname, RTLD_NOW | RTLD_LOCAL)
+#define PR_GetLibraryFilePathname(name, addr) \
+    freebl_lowhash_getLibraryFilePath(addr)
+
+static char *
+freebl_lowhash_getLibraryFilePath(void *addr)
+{
+    Dl_info dli;
+    if (dladdr(addr, &dli) == 0) {
+        return NULL;
+    }
+    return strdup(dli.dli_fname);
+}
+
+/*
+ * The PR_LoadLibraryWithFlags call above defines this variable away, so we
+ * don't need it..
+ */
+#ifdef nodef
+static const char *NameOfThisSharedLib =
+    SHLIB_PREFIX "freebl" SHLIB_VERSION "." SHLIB_SUFFIX;
+#endif
+
+#include "genload.c"
+
+/* This function must be run only once. */
+/*  determine if hybrid platform, then actually load the DSO. */
+static PRStatus
+freebl_LoadDSO(void)
+{
+    PRLibrary *handle;
+    const char *name = getLibName();
+
+    if (!name) {
+        /*PR_SetError(PR_LOAD_LIBRARY_ERROR,0); */
+        return PR_FAILURE;
+    }
+    handle = loader_LoadLibrary(name);
+    if (handle) {
+        void *address = dlsym(handle, "NSSLOW_GetVector");
+        if (address) {
+            NSSLOWGetVectorFn *getVector = (NSSLOWGetVectorFn *)address;
+            const NSSLOWVector *dsoVector = getVector();
+            if (dsoVector) {
+                unsigned short dsoVersion = dsoVector->version;
+                unsigned short myVersion = NSSLOW_VERSION;
+                if (MSB(dsoVersion) == MSB(myVersion) &&
+                    LSB(dsoVersion) >= LSB(myVersion) &&
+                    dsoVector->length >= sizeof(NSSLOWVector)) {
+                    vector = dsoVector;
+                    libraryName = name;
+                    blLib = handle;
+                    return PR_SUCCESS;
+                }
+            }
+        }
+        (void)dlclose(handle);
+    }
+    return PR_FAILURE;
+}
+
+static PRCallOnceType loadFreeBLOnce;
+
+static PRStatus
+freebl_RunLoaderOnce(void)
+{
+    /* Don't have NSPR, so can use the real PR_CallOnce, implement a stripped
+     * down version. */
+    if (loadFreeBLOnce.initialized) {
+        return loadFreeBLOnce.status;
+    }
+    if (__sync_lock_test_and_set(&loadFreeBLOnce.inProgress, 1) == 0) {
+        loadFreeBLOnce.status = freebl_LoadDSO();
+        loadFreeBLOnce.initialized = 1;
+    } else {
+        /* shouldn't have a lot of takers on the else clause, which is good
+         * since we don't have condition variables yet.
+         * 'initialized' only ever gets set (not cleared) so we don't
+         * need the traditional locks. */
+        while (!loadFreeBLOnce.initialized) {
+            sleep(1); /* don't have condition variables, just give up the CPU */
+        }
+    }
+
+    return loadFreeBLOnce.status;
+}
+
+const FREEBLVector *
+FREEBL_GetVector(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) {
+        return NULL;
+    }
+    if (vector) {
+        return (vector->p_FREEBL_GetVector)();
+    }
+    return NULL;
+}
+
+NSSLOWInitContext *
+NSSLOW_Init(void)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_NSSLOW_Init)();
+}
+
+void
+NSSLOW_Shutdown(NSSLOWInitContext *context)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_NSSLOW_Shutdown)(context);
+}
+
+void
+NSSLOW_Reset(NSSLOWInitContext *context)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_NSSLOW_Reset)(context);
+}
+
+NSSLOWHASHContext *
+NSSLOWHASH_NewContext(
+    NSSLOWInitContext *initContext,
+    HASH_HashType hashType)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return NULL;
+    return (vector->p_NSSLOWHASH_NewContext)(initContext, hashType);
+}
+
+void
+NSSLOWHASH_Begin(NSSLOWHASHContext *context)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_NSSLOWHASH_Begin)(context);
+}
+
+void
+NSSLOWHASH_Update(NSSLOWHASHContext *context,
+                  const unsigned char *buf,
+                  unsigned int len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_NSSLOWHASH_Update)(context, buf, len);
+}
+
+void
+NSSLOWHASH_End(NSSLOWHASHContext *context,
+               unsigned char *buf,
+               unsigned int *ret, unsigned int len)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_NSSLOWHASH_End)(context, buf, ret, len);
+}
+
+void
+NSSLOWHASH_Destroy(NSSLOWHASHContext *context)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return;
+    (vector->p_NSSLOWHASH_Destroy)(context);
+}
+
+unsigned int
+NSSLOWHASH_Length(NSSLOWHASHContext *context)
+{
+    if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+        return -1;
+    return (vector->p_NSSLOWHASH_Length)(context);
+}
diff --git a/nss/lib/freebl/manifest.mn b/nss/lib/freebl/manifest.mn
new file mode 100644
index 0000000..1ef9839
--- /dev/null
+++ b/nss/lib/freebl/manifest.mn
@@ -0,0 +1,195 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# NOTE: any ifdefs in this file must be defined on the gmake command line
+# (if anywhere).  They cannot come from Makefile or config.mk 
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+# copied from Linux.mk. We have a chicken and egg issue here. We need to set
+# Library name before we call the platform code in coreconf, but we need to
+# Pick up the automatic setting of FREEBL_LOWHASH before we  can set the
+# Library name... so for now we mimic the code in Linux.mk to get the
+# automatic setting early...
+#
+# On Linux 2.6 or later, build libfreebl3.so with no NSPR and libnssutil3.so
+# dependencies by default.  Set FREEBL_NO_DEPEND to 0 in the environment to
+# override this.
+#
+#
+include $(CORE_DEPTH)/coreconf/arch.mk
+ifeq ($(OS_ARCH),Linux)
+ifneq ($(OS_TARGET),Android)
+ifeq (2.6,$(firstword $(sort 2.6 $(OS_RELEASE))))
+ifndef FREEBL_NO_DEPEND
+FREEBL_NO_DEPEND = 1
+FREEBL_LOWHASH = 1
+endif
+endif
+endif
+endif
+
+
+LIBRARY_NAME = freebl
+LIBRARY_VERSION = 3
+
+ifdef FREEBL_CHILD_BUILD
+  ifdef USE_ABI32_INT32
+    LIBRARY_NAME = freebl_32int
+  endif
+  ifdef USE_ABI32_INT64
+    LIBRARY_NAME = freebl_32int64
+  endif
+  ifdef USE_ABI32_FPU
+    LIBRARY_NAME = freebl_32fpu
+  endif
+  ifdef USE_ABI64_INT
+    LIBRARY_NAME = freebl_64int
+  endif
+  ifdef USE_ABI64_FPU
+    LIBRARY_NAME = freebl_64fpu
+  endif
+  ifdef FREEBL_LOWHASH
+    LIBRARY_NAME = freeblpriv
+  endif
+  ifdef USE_STUB_BUILD
+    # for the stub build, reset name to the default (from freeblpriv)
+    LIBRARY_NAME = freebl
+  endif
+endif
+
+# if the library name contains _, we prefix the version with _
+ifneq (,$(findstring _,$(LIBRARY_NAME)))
+  LIBRARY_VERSION := _$(LIBRARY_VERSION)
+endif
+
+MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def
+
+SOFTOKEN_LIBRARY_VERSION = 3
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \
+	-DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \
+	-DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\"
+
+REQUIRES = 
+
+EXPORTS = \
+	blapit.h \
+	shsign.h \
+	ecl-exp.h \
+	$(LOWHASH_EXPORTS) \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	alghmac.h \
+	blapi.h \
+	chacha20poly1305.h \
+	hmacct.h \
+	secmpi.h \
+	secrng.h \
+	ec.h \
+	ecl.h \
+	ecl-curve.h \
+	$(NULL)
+
+MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
+MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
+
+
+ECL_HDRS = ecl-exp.h ecl.h ecp.h ecl-priv.h
+ifndef NSS_DISABLE_ECC
+ECL_SRCS = ecl.c ecl_curve.c ecl_mult.c ecl_gf.c \
+	ecp_aff.c ecp_jac.c ecp_mont.c \
+	ec_naf.c ecp_jm.c ecp_256.c ecp_384.c ecp_521.c \
+	ecp_256_32.c ecp_25519.c
+else
+ECL_SRCS = $(NULL)
+endif
+SHA_SRCS = sha_fast.c
+MPCPU_SRCS = mpcpucache.c
+
+CSRCS = \
+	freeblver.c \
+	ldvector.c \
+	sysrand.c \
+	$(SHA_SRCS) \
+	md2.c \
+	md5.c \
+	sha512.c \
+	alghmac.c \
+	rawhash.c \
+	alg2268.c \
+	arcfour.c \
+	arcfive.c \
+	desblapi.c \
+	des.c \
+	drbg.c \
+	chacha20poly1305.c \
+	cts.c \
+	ctr.c \
+	fipsfreebl.c \
+	gcm.c \
+	hmacct.c \
+	rijndael.c \
+	aeskeywrap.c \
+	camellia.c \
+	dh.c \
+	ec.c \
+	ecdecode.c \
+	pqg.c \
+	dsa.c \
+	rsa.c \
+	rsapkcs.c \
+	shvfy.c \
+	tlsprfalg.c \
+	seed.c \
+	jpake.c \
+	$(MPI_SRCS) \
+	$(MPCPU_SRCS) \
+	$(ECL_SRCS) \
+	$(STUBS_SRCS) \
+	$(LOWHASH_SRCS) \
+	$(EXTRA_SRCS) \
+	$(NULL)
+
+ALL_CSRCS := $(CSRCS)
+
+ALL_HDRS =  \
+	alghmac.h \
+	blapi.h \
+	blapit.h \
+	des.h \
+	ec.h \
+	loader.h \
+	rijndael.h \
+	camellia.h \
+	secmpi.h \
+	sha_fast.h \
+	sha256.h \
+	shsign.h \
+	vis_proto.h \
+	seed.h \
+	$(NULL)
+
+
+ifdef AES_GEN_TBL
+DEFINES += -DRIJNDAEL_GENERATE_TABLES
+else 
+ifdef AES_GEN_TBL_M
+DEFINES += -DRIJNDAEL_GENERATE_TABLES_MACRO
+else
+ifdef AES_GEN_VAL
+DEFINES += -DRIJNDAEL_GENERATE_VALUES
+else
+ifdef AES_GEN_VAL_M
+DEFINES += -DRIJNDAEL_GENERATE_VALUES_MACRO
+else
+DEFINES += -DRIJNDAEL_INCLUDE_TABLES
+endif
+endif
+endif
+endif
diff --git a/nss/lib/freebl/md2.c b/nss/lib/freebl/md2.c
new file mode 100644
index 0000000..cb3d3d8
--- /dev/null
+++ b/nss/lib/freebl/md2.c
@@ -0,0 +1,269 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+
+#include "blapi.h"
+
+#define MD2_DIGEST_LEN 16
+#define MD2_BUFSIZE 16
+#define MD2_X_SIZE 48  /* The X array, [CV | INPUT | TMP VARS] */
+#define MD2_CV 0       /* index into X for chaining variables */
+#define MD2_INPUT 16   /* index into X for input */
+#define MD2_TMPVARS 32 /* index into X for temporary variables */
+#define MD2_CHECKSUM_SIZE 16
+
+struct MD2ContextStr {
+    unsigned char checksum[MD2_BUFSIZE];
+    unsigned char X[MD2_X_SIZE];
+    PRUint8 unusedBuffer;
+};
+
+static const PRUint8 MD2S[256] = {
+    0051, 0056, 0103, 0311, 0242, 0330, 0174, 0001,
+    0075, 0066, 0124, 0241, 0354, 0360, 0006, 0023,
+    0142, 0247, 0005, 0363, 0300, 0307, 0163, 0214,
+    0230, 0223, 0053, 0331, 0274, 0114, 0202, 0312,
+    0036, 0233, 0127, 0074, 0375, 0324, 0340, 0026,
+    0147, 0102, 0157, 0030, 0212, 0027, 0345, 0022,
+    0276, 0116, 0304, 0326, 0332, 0236, 0336, 0111,
+    0240, 0373, 0365, 0216, 0273, 0057, 0356, 0172,
+    0251, 0150, 0171, 0221, 0025, 0262, 0007, 0077,
+    0224, 0302, 0020, 0211, 0013, 0042, 0137, 0041,
+    0200, 0177, 0135, 0232, 0132, 0220, 0062, 0047,
+    0065, 0076, 0314, 0347, 0277, 0367, 0227, 0003,
+    0377, 0031, 0060, 0263, 0110, 0245, 0265, 0321,
+    0327, 0136, 0222, 0052, 0254, 0126, 0252, 0306,
+    0117, 0270, 0070, 0322, 0226, 0244, 0175, 0266,
+    0166, 0374, 0153, 0342, 0234, 0164, 0004, 0361,
+    0105, 0235, 0160, 0131, 0144, 0161, 0207, 0040,
+    0206, 0133, 0317, 0145, 0346, 0055, 0250, 0002,
+    0033, 0140, 0045, 0255, 0256, 0260, 0271, 0366,
+    0034, 0106, 0141, 0151, 0064, 0100, 0176, 0017,
+    0125, 0107, 0243, 0043, 0335, 0121, 0257, 0072,
+    0303, 0134, 0371, 0316, 0272, 0305, 0352, 0046,
+    0054, 0123, 0015, 0156, 0205, 0050, 0204, 0011,
+    0323, 0337, 0315, 0364, 0101, 0201, 0115, 0122,
+    0152, 0334, 0067, 0310, 0154, 0301, 0253, 0372,
+    0044, 0341, 0173, 0010, 0014, 0275, 0261, 0112,
+    0170, 0210, 0225, 0213, 0343, 0143, 0350, 0155,
+    0351, 0313, 0325, 0376, 0073, 0000, 0035, 0071,
+    0362, 0357, 0267, 0016, 0146, 0130, 0320, 0344,
+    0246, 0167, 0162, 0370, 0353, 0165, 0113, 0012,
+    0061, 0104, 0120, 0264, 0217, 0355, 0037, 0032,
+    0333, 0231, 0215, 0063, 0237, 0021, 0203, 0024
+};
+
+SECStatus
+MD2_Hash(unsigned char *dest, const char *src)
+{
+    unsigned int len;
+    MD2Context *cx = MD2_NewContext();
+    if (!cx) {
+        PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+        return SECFailure;
+    }
+    MD2_Begin(cx);
+    MD2_Update(cx, (const unsigned char *)src, PORT_Strlen(src));
+    MD2_End(cx, dest, &len, MD2_DIGEST_LEN);
+    MD2_DestroyContext(cx, PR_TRUE);
+    return SECSuccess;
+}
+
+MD2Context *
+MD2_NewContext(void)
+{
+    MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
+    if (cx == NULL) {
+        PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+        return NULL;
+    }
+    return cx;
+}
+
+void
+MD2_DestroyContext(MD2Context *cx, PRBool freeit)
+{
+    if (freeit)
+        PORT_ZFree(cx, sizeof(*cx));
+}
+
+void
+MD2_Begin(MD2Context *cx)
+{
+    memset(cx, 0, sizeof(*cx));
+    cx->unusedBuffer = MD2_BUFSIZE;
+}
+
+static void
+md2_compress(MD2Context *cx)
+{
+    int j;
+    unsigned char P;
+    P = cx->checksum[MD2_CHECKSUM_SIZE - 1];
+/* Compute the running checksum, and set the tmp variables to be
+     * CV[i] XOR input[i]
+     */
+#define CKSUMFN(n)                                        \
+    P = cx->checksum[n] ^ MD2S[cx->X[MD2_INPUT + n] ^ P]; \
+    cx->checksum[n] = P;                                  \
+    cx->X[MD2_TMPVARS + n] = cx->X[n] ^ cx->X[MD2_INPUT + n];
+    CKSUMFN(0);
+    CKSUMFN(1);
+    CKSUMFN(2);
+    CKSUMFN(3);
+    CKSUMFN(4);
+    CKSUMFN(5);
+    CKSUMFN(6);
+    CKSUMFN(7);
+    CKSUMFN(8);
+    CKSUMFN(9);
+    CKSUMFN(10);
+    CKSUMFN(11);
+    CKSUMFN(12);
+    CKSUMFN(13);
+    CKSUMFN(14);
+    CKSUMFN(15);
+/* The compression function. */
+#define COMPRESS(n)         \
+    P = cx->X[n] ^ MD2S[P]; \
+    cx->X[n] = P;
+    P = 0x00;
+    for (j = 0; j < 18; j++) {
+        COMPRESS(0);
+        COMPRESS(1);
+        COMPRESS(2);
+        COMPRESS(3);
+        COMPRESS(4);
+        COMPRESS(5);
+        COMPRESS(6);
+        COMPRESS(7);
+        COMPRESS(8);
+        COMPRESS(9);
+        COMPRESS(10);
+        COMPRESS(11);
+        COMPRESS(12);
+        COMPRESS(13);
+        COMPRESS(14);
+        COMPRESS(15);
+        COMPRESS(16);
+        COMPRESS(17);
+        COMPRESS(18);
+        COMPRESS(19);
+        COMPRESS(20);
+        COMPRESS(21);
+        COMPRESS(22);
+        COMPRESS(23);
+        COMPRESS(24);
+        COMPRESS(25);
+        COMPRESS(26);
+        COMPRESS(27);
+        COMPRESS(28);
+        COMPRESS(29);
+        COMPRESS(30);
+        COMPRESS(31);
+        COMPRESS(32);
+        COMPRESS(33);
+        COMPRESS(34);
+        COMPRESS(35);
+        COMPRESS(36);
+        COMPRESS(37);
+        COMPRESS(38);
+        COMPRESS(39);
+        COMPRESS(40);
+        COMPRESS(41);
+        COMPRESS(42);
+        COMPRESS(43);
+        COMPRESS(44);
+        COMPRESS(45);
+        COMPRESS(46);
+        COMPRESS(47);
+        P = (P + j) % 256;
+    }
+    cx->unusedBuffer = MD2_BUFSIZE;
+}
+
+void
+MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+    PRUint32 bytesToConsume;
+
+    /* Fill the remaining input buffer. */
+    if (cx->unusedBuffer != MD2_BUFSIZE) {
+        bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
+        memcpy(&cx->X[MD2_INPUT + (MD2_BUFSIZE - cx->unusedBuffer)],
+               input, bytesToConsume);
+        if (cx->unusedBuffer + bytesToConsume >= MD2_BUFSIZE)
+            md2_compress(cx);
+        inputLen -= bytesToConsume;
+        input += bytesToConsume;
+    }
+
+    /* Iterate over 16-byte chunks of the input. */
+    while (inputLen >= MD2_BUFSIZE) {
+        memcpy(&cx->X[MD2_INPUT], input, MD2_BUFSIZE);
+        md2_compress(cx);
+        inputLen -= MD2_BUFSIZE;
+        input += MD2_BUFSIZE;
+    }
+
+    /* Copy any input that remains into the buffer. */
+    if (inputLen)
+        memcpy(&cx->X[MD2_INPUT], input, inputLen);
+    cx->unusedBuffer = MD2_BUFSIZE - inputLen;
+}
+
+void
+MD2_End(MD2Context *cx, unsigned char *digest,
+        unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    PRUint8 padStart;
+    if (maxDigestLen < MD2_BUFSIZE) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+    padStart = MD2_BUFSIZE - cx->unusedBuffer;
+    memset(&cx->X[MD2_INPUT + padStart], cx->unusedBuffer,
+           cx->unusedBuffer);
+    md2_compress(cx);
+    memcpy(&cx->X[MD2_INPUT], cx->checksum, MD2_BUFSIZE);
+    md2_compress(cx);
+    *digestLen = MD2_DIGEST_LEN;
+    memcpy(digest, &cx->X[MD2_CV], MD2_DIGEST_LEN);
+}
+
+unsigned int
+MD2_FlattenSize(MD2Context *cx)
+{
+    return sizeof(*cx);
+}
+
+SECStatus
+MD2_Flatten(MD2Context *cx, unsigned char *space)
+{
+    memcpy(space, cx, sizeof(*cx));
+    return SECSuccess;
+}
+
+MD2Context *
+MD2_Resurrect(unsigned char *space, void *arg)
+{
+    MD2Context *cx = MD2_NewContext();
+    if (cx)
+        memcpy(cx, space, sizeof(*cx));
+    return cx;
+}
+
+void
+MD2_Clone(MD2Context *dest, MD2Context *src)
+{
+    memcpy(dest, src, sizeof *dest);
+}
diff --git a/nss/lib/freebl/md5.c b/nss/lib/freebl/md5.c
new file mode 100644
index 0000000..bdd36a6
--- /dev/null
+++ b/nss/lib/freebl/md5.c
@@ -0,0 +1,598 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "prlong.h"
+
+#include "blapi.h"
+#include "blapii.h"
+
+#define MD5_HASH_LEN 16
+#define MD5_BUFFER_SIZE 64
+#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8)
+
+#define CV0_1 0x67452301
+#define CV0_2 0xefcdab89
+#define CV0_3 0x98badcfe
+#define CV0_4 0x10325476
+
+#define T1_0 0xd76aa478
+#define T1_1 0xe8c7b756
+#define T1_2 0x242070db
+#define T1_3 0xc1bdceee
+#define T1_4 0xf57c0faf
+#define T1_5 0x4787c62a
+#define T1_6 0xa8304613
+#define T1_7 0xfd469501
+#define T1_8 0x698098d8
+#define T1_9 0x8b44f7af
+#define T1_10 0xffff5bb1
+#define T1_11 0x895cd7be
+#define T1_12 0x6b901122
+#define T1_13 0xfd987193
+#define T1_14 0xa679438e
+#define T1_15 0x49b40821
+
+#define T2_0 0xf61e2562
+#define T2_1 0xc040b340
+#define T2_2 0x265e5a51
+#define T2_3 0xe9b6c7aa
+#define T2_4 0xd62f105d
+#define T2_5 0x02441453
+#define T2_6 0xd8a1e681
+#define T2_7 0xe7d3fbc8
+#define T2_8 0x21e1cde6
+#define T2_9 0xc33707d6
+#define T2_10 0xf4d50d87
+#define T2_11 0x455a14ed
+#define T2_12 0xa9e3e905
+#define T2_13 0xfcefa3f8
+#define T2_14 0x676f02d9
+#define T2_15 0x8d2a4c8a
+
+#define T3_0 0xfffa3942
+#define T3_1 0x8771f681
+#define T3_2 0x6d9d6122
+#define T3_3 0xfde5380c
+#define T3_4 0xa4beea44
+#define T3_5 0x4bdecfa9
+#define T3_6 0xf6bb4b60
+#define T3_7 0xbebfbc70
+#define T3_8 0x289b7ec6
+#define T3_9 0xeaa127fa
+#define T3_10 0xd4ef3085
+#define T3_11 0x04881d05
+#define T3_12 0xd9d4d039
+#define T3_13 0xe6db99e5
+#define T3_14 0x1fa27cf8
+#define T3_15 0xc4ac5665
+
+#define T4_0 0xf4292244
+#define T4_1 0x432aff97
+#define T4_2 0xab9423a7
+#define T4_3 0xfc93a039
+#define T4_4 0x655b59c3
+#define T4_5 0x8f0ccc92
+#define T4_6 0xffeff47d
+#define T4_7 0x85845dd1
+#define T4_8 0x6fa87e4f
+#define T4_9 0xfe2ce6e0
+#define T4_10 0xa3014314
+#define T4_11 0x4e0811a1
+#define T4_12 0xf7537e82
+#define T4_13 0xbd3af235
+#define T4_14 0x2ad7d2bb
+#define T4_15 0xeb86d391
+
+#define R1B0 0
+#define R1B1 1
+#define R1B2 2
+#define R1B3 3
+#define R1B4 4
+#define R1B5 5
+#define R1B6 6
+#define R1B7 7
+#define R1B8 8
+#define R1B9 9
+#define R1B10 10
+#define R1B11 11
+#define R1B12 12
+#define R1B13 13
+#define R1B14 14
+#define R1B15 15
+
+#define R2B0 1
+#define R2B1 6
+#define R2B2 11
+#define R2B3 0
+#define R2B4 5
+#define R2B5 10
+#define R2B6 15
+#define R2B7 4
+#define R2B8 9
+#define R2B9 14
+#define R2B10 3
+#define R2B11 8
+#define R2B12 13
+#define R2B13 2
+#define R2B14 7
+#define R2B15 12
+
+#define R3B0 5
+#define R3B1 8
+#define R3B2 11
+#define R3B3 14
+#define R3B4 1
+#define R3B5 4
+#define R3B6 7
+#define R3B7 10
+#define R3B8 13
+#define R3B9 0
+#define R3B10 3
+#define R3B11 6
+#define R3B12 9
+#define R3B13 12
+#define R3B14 15
+#define R3B15 2
+
+#define R4B0 0
+#define R4B1 7
+#define R4B2 14
+#define R4B3 5
+#define R4B4 12
+#define R4B5 3
+#define R4B6 10
+#define R4B7 1
+#define R4B8 8
+#define R4B9 15
+#define R4B10 6
+#define R4B11 13
+#define R4B12 4
+#define R4B13 11
+#define R4B14 2
+#define R4B15 9
+
+#define S1_0 7
+#define S1_1 12
+#define S1_2 17
+#define S1_3 22
+
+#define S2_0 5
+#define S2_1 9
+#define S2_2 14
+#define S2_3 20
+
+#define S3_0 4
+#define S3_1 11
+#define S3_2 16
+#define S3_3 23
+
+#define S4_0 6
+#define S4_1 10
+#define S4_2 15
+#define S4_3 21
+
+struct MD5ContextStr {
+    PRUint32 lsbInput;
+    PRUint32 msbInput;
+    PRUint32 cv[4];
+    union {
+        PRUint8 b[64];
+        PRUint32 w[16];
+    } u;
+};
+
+#define inBuf u.b
+
+SECStatus
+MD5_Hash(unsigned char *dest, const char *src)
+{
+    return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+SECStatus
+MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    unsigned int len;
+    MD5Context cx;
+
+    MD5_Begin(&cx);
+    MD5_Update(&cx, src, src_length);
+    MD5_End(&cx, dest, &len, MD5_HASH_LEN);
+    memset(&cx, 0, sizeof cx);
+    return SECSuccess;
+}
+
+MD5Context *
+MD5_NewContext(void)
+{
+    /* no need to ZAlloc, MD5_Begin will init the context */
+    MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
+    if (cx == NULL) {
+        PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+        return NULL;
+    }
+    return cx;
+}
+
+void
+MD5_DestroyContext(MD5Context *cx, PRBool freeit)
+{
+    memset(cx, 0, sizeof *cx);
+    if (freeit) {
+        PORT_Free(cx);
+    }
+}
+
+void
+MD5_Begin(MD5Context *cx)
+{
+    cx->lsbInput = 0;
+    cx->msbInput = 0;
+    /*  memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
+    cx->cv[0] = CV0_1;
+    cx->cv[1] = CV0_2;
+    cx->cv[2] = CV0_3;
+    cx->cv[3] = CV0_4;
+}
+
+#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
+
+#if defined(SOLARIS) || defined(HPUX)
+#define addto64(sumhigh, sumlow, addend) \
+    sumlow += addend;                    \
+    sumhigh += (sumlow < addend);
+#else
+#define addto64(sumhigh, sumlow, addend) \
+    sumlow += addend;                    \
+    if (sumlow < addend)                 \
+        ++sumhigh;
+#endif
+
+#define MASK 0x00ff00ff
+#ifdef IS_LITTLE_ENDIAN
+#define lendian(i32) \
+    (i32)
+#else
+#define lendian(i32) \
+    (tmp = (i32 >> 16) | (i32 << 16), ((tmp & MASK) << 8) | ((tmp >> 8) & MASK))
+#endif
+
+#ifndef IS_LITTLE_ENDIAN
+
+#define lebytes(b4) \
+    ((b4)[3] << 24 | (b4)[2] << 16 | (b4)[1] << 8 | (b4)[0])
+
+static void
+md5_prep_state_le(MD5Context *cx)
+{
+    PRUint32 tmp;
+    cx->u.w[0] = lendian(cx->u.w[0]);
+    cx->u.w[1] = lendian(cx->u.w[1]);
+    cx->u.w[2] = lendian(cx->u.w[2]);
+    cx->u.w[3] = lendian(cx->u.w[3]);
+    cx->u.w[4] = lendian(cx->u.w[4]);
+    cx->u.w[5] = lendian(cx->u.w[5]);
+    cx->u.w[6] = lendian(cx->u.w[6]);
+    cx->u.w[7] = lendian(cx->u.w[7]);
+    cx->u.w[8] = lendian(cx->u.w[8]);
+    cx->u.w[9] = lendian(cx->u.w[9]);
+    cx->u.w[10] = lendian(cx->u.w[10]);
+    cx->u.w[11] = lendian(cx->u.w[11]);
+    cx->u.w[12] = lendian(cx->u.w[12]);
+    cx->u.w[13] = lendian(cx->u.w[13]);
+    cx->u.w[14] = lendian(cx->u.w[14]);
+    cx->u.w[15] = lendian(cx->u.w[15]);
+}
+
+static void
+md5_prep_buffer_le(MD5Context *cx, const PRUint8 *beBuf)
+{
+    cx->u.w[0] = lebytes(&beBuf[0]);
+    cx->u.w[1] = lebytes(&beBuf[4]);
+    cx->u.w[2] = lebytes(&beBuf[8]);
+    cx->u.w[3] = lebytes(&beBuf[12]);
+    cx->u.w[4] = lebytes(&beBuf[16]);
+    cx->u.w[5] = lebytes(&beBuf[20]);
+    cx->u.w[6] = lebytes(&beBuf[24]);
+    cx->u.w[7] = lebytes(&beBuf[28]);
+    cx->u.w[8] = lebytes(&beBuf[32]);
+    cx->u.w[9] = lebytes(&beBuf[36]);
+    cx->u.w[10] = lebytes(&beBuf[40]);
+    cx->u.w[11] = lebytes(&beBuf[44]);
+    cx->u.w[12] = lebytes(&beBuf[48]);
+    cx->u.w[13] = lebytes(&beBuf[52]);
+    cx->u.w[14] = lebytes(&beBuf[56]);
+    cx->u.w[15] = lebytes(&beBuf[60]);
+}
+#endif
+
+#define F(X, Y, Z) \
+    ((X & Y) | ((~X) & Z))
+
+#define G(X, Y, Z) \
+    ((X & Z) | (Y & (~Z)))
+
+#define H(X, Y, Z) \
+    (X ^ Y ^ Z)
+
+#define I(X, Y, Z) \
+    (Y ^ (X | (~Z)))
+
+#define FF(a, b, c, d, bufint, s, ti) \
+    a = b + cls(a + F(b, c, d) + bufint + ti, s)
+
+#define GG(a, b, c, d, bufint, s, ti) \
+    a = b + cls(a + G(b, c, d) + bufint + ti, s)
+
+#define HH(a, b, c, d, bufint, s, ti) \
+    a = b + cls(a + H(b, c, d) + bufint + ti, s)
+
+#define II(a, b, c, d, bufint, s, ti) \
+    a = b + cls(a + I(b, c, d) + bufint + ti, s)
+
+static void NO_SANITIZE_ALIGNMENT
+md5_compress(MD5Context *cx, const PRUint32 *wBuf)
+{
+    PRUint32 a, b, c, d;
+    PRUint32 tmp;
+    a = cx->cv[0];
+    b = cx->cv[1];
+    c = cx->cv[2];
+    d = cx->cv[3];
+    FF(a, b, c, d, wBuf[R1B0], S1_0, T1_0);
+    FF(d, a, b, c, wBuf[R1B1], S1_1, T1_1);
+    FF(c, d, a, b, wBuf[R1B2], S1_2, T1_2);
+    FF(b, c, d, a, wBuf[R1B3], S1_3, T1_3);
+    FF(a, b, c, d, wBuf[R1B4], S1_0, T1_4);
+    FF(d, a, b, c, wBuf[R1B5], S1_1, T1_5);
+    FF(c, d, a, b, wBuf[R1B6], S1_2, T1_6);
+    FF(b, c, d, a, wBuf[R1B7], S1_3, T1_7);
+    FF(a, b, c, d, wBuf[R1B8], S1_0, T1_8);
+    FF(d, a, b, c, wBuf[R1B9], S1_1, T1_9);
+    FF(c, d, a, b, wBuf[R1B10], S1_2, T1_10);
+    FF(b, c, d, a, wBuf[R1B11], S1_3, T1_11);
+    FF(a, b, c, d, wBuf[R1B12], S1_0, T1_12);
+    FF(d, a, b, c, wBuf[R1B13], S1_1, T1_13);
+    FF(c, d, a, b, wBuf[R1B14], S1_2, T1_14);
+    FF(b, c, d, a, wBuf[R1B15], S1_3, T1_15);
+    GG(a, b, c, d, wBuf[R2B0], S2_0, T2_0);
+    GG(d, a, b, c, wBuf[R2B1], S2_1, T2_1);
+    GG(c, d, a, b, wBuf[R2B2], S2_2, T2_2);
+    GG(b, c, d, a, wBuf[R2B3], S2_3, T2_3);
+    GG(a, b, c, d, wBuf[R2B4], S2_0, T2_4);
+    GG(d, a, b, c, wBuf[R2B5], S2_1, T2_5);
+    GG(c, d, a, b, wBuf[R2B6], S2_2, T2_6);
+    GG(b, c, d, a, wBuf[R2B7], S2_3, T2_7);
+    GG(a, b, c, d, wBuf[R2B8], S2_0, T2_8);
+    GG(d, a, b, c, wBuf[R2B9], S2_1, T2_9);
+    GG(c, d, a, b, wBuf[R2B10], S2_2, T2_10);
+    GG(b, c, d, a, wBuf[R2B11], S2_3, T2_11);
+    GG(a, b, c, d, wBuf[R2B12], S2_0, T2_12);
+    GG(d, a, b, c, wBuf[R2B13], S2_1, T2_13);
+    GG(c, d, a, b, wBuf[R2B14], S2_2, T2_14);
+    GG(b, c, d, a, wBuf[R2B15], S2_3, T2_15);
+    HH(a, b, c, d, wBuf[R3B0], S3_0, T3_0);
+    HH(d, a, b, c, wBuf[R3B1], S3_1, T3_1);
+    HH(c, d, a, b, wBuf[R3B2], S3_2, T3_2);
+    HH(b, c, d, a, wBuf[R3B3], S3_3, T3_3);
+    HH(a, b, c, d, wBuf[R3B4], S3_0, T3_4);
+    HH(d, a, b, c, wBuf[R3B5], S3_1, T3_5);
+    HH(c, d, a, b, wBuf[R3B6], S3_2, T3_6);
+    HH(b, c, d, a, wBuf[R3B7], S3_3, T3_7);
+    HH(a, b, c, d, wBuf[R3B8], S3_0, T3_8);
+    HH(d, a, b, c, wBuf[R3B9], S3_1, T3_9);
+    HH(c, d, a, b, wBuf[R3B10], S3_2, T3_10);
+    HH(b, c, d, a, wBuf[R3B11], S3_3, T3_11);
+    HH(a, b, c, d, wBuf[R3B12], S3_0, T3_12);
+    HH(d, a, b, c, wBuf[R3B13], S3_1, T3_13);
+    HH(c, d, a, b, wBuf[R3B14], S3_2, T3_14);
+    HH(b, c, d, a, wBuf[R3B15], S3_3, T3_15);
+    II(a, b, c, d, wBuf[R4B0], S4_0, T4_0);
+    II(d, a, b, c, wBuf[R4B1], S4_1, T4_1);
+    II(c, d, a, b, wBuf[R4B2], S4_2, T4_2);
+    II(b, c, d, a, wBuf[R4B3], S4_3, T4_3);
+    II(a, b, c, d, wBuf[R4B4], S4_0, T4_4);
+    II(d, a, b, c, wBuf[R4B5], S4_1, T4_5);
+    II(c, d, a, b, wBuf[R4B6], S4_2, T4_6);
+    II(b, c, d, a, wBuf[R4B7], S4_3, T4_7);
+    II(a, b, c, d, wBuf[R4B8], S4_0, T4_8);
+    II(d, a, b, c, wBuf[R4B9], S4_1, T4_9);
+    II(c, d, a, b, wBuf[R4B10], S4_2, T4_10);
+    II(b, c, d, a, wBuf[R4B11], S4_3, T4_11);
+    II(a, b, c, d, wBuf[R4B12], S4_0, T4_12);
+    II(d, a, b, c, wBuf[R4B13], S4_1, T4_13);
+    II(c, d, a, b, wBuf[R4B14], S4_2, T4_14);
+    II(b, c, d, a, wBuf[R4B15], S4_3, T4_15);
+    cx->cv[0] += a;
+    cx->cv[1] += b;
+    cx->cv[2] += c;
+    cx->cv[3] += d;
+}
+
+void
+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+    PRUint32 bytesToConsume;
+    PRUint32 inBufIndex = cx->lsbInput & 63;
+    const PRUint32 *wBuf;
+
+    /* Add the number of input bytes to the 64-bit input counter. */
+    addto64(cx->msbInput, cx->lsbInput, inputLen);
+    if (inBufIndex) {
+        /* There is already data in the buffer.  Fill with input. */
+        bytesToConsume = PR_MIN(inputLen, MD5_BUFFER_SIZE - inBufIndex);
+        memcpy(&cx->inBuf[inBufIndex], input, bytesToConsume);
+        if (inBufIndex + bytesToConsume >= MD5_BUFFER_SIZE) {
+/* The buffer is filled.  Run the compression function. */
+#ifndef IS_LITTLE_ENDIAN
+            md5_prep_state_le(cx);
+#endif
+            md5_compress(cx, cx->u.w);
+        }
+        /* Remaining input. */
+        inputLen -= bytesToConsume;
+        input += bytesToConsume;
+    }
+
+    /* Iterate over 64-byte chunks of the message. */
+    while (inputLen >= MD5_BUFFER_SIZE) {
+#ifdef IS_LITTLE_ENDIAN
+#ifdef HAVE_UNALIGNED_ACCESS
+        /* x86 can handle arithmetic on non-word-aligned buffers */
+        wBuf = (PRUint32 *)input;
+#else
+        if ((ptrdiff_t)input & 0x3) {
+            /* buffer not aligned, copy it to force alignment */
+            memcpy(cx->inBuf, input, MD5_BUFFER_SIZE);
+            wBuf = cx->u.w;
+        } else {
+            /* buffer is aligned */
+            wBuf = (PRUint32 *)input;
+        }
+#endif
+#else
+        md5_prep_buffer_le(cx, input);
+        wBuf = cx->u.w;
+#endif
+        md5_compress(cx, wBuf);
+        inputLen -= MD5_BUFFER_SIZE;
+        input += MD5_BUFFER_SIZE;
+    }
+
+    /* Tail of message (message bytes mod 64). */
+    if (inputLen)
+        memcpy(cx->inBuf, input, inputLen);
+}
+
+static const unsigned char padbytes[] = {
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+void
+MD5_End(MD5Context *cx, unsigned char *digest,
+        unsigned int *digestLen, unsigned int maxDigestLen)
+{
+#ifndef IS_LITTLE_ENDIAN
+    PRUint32 tmp;
+#endif
+    PRUint32 lowInput, highInput;
+    PRUint32 inBufIndex = cx->lsbInput & 63;
+
+    if (maxDigestLen < MD5_HASH_LEN) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    /* Copy out the length of bits input before padding. */
+    lowInput = cx->lsbInput;
+    highInput = (cx->msbInput << 3) | (lowInput >> 29);
+    lowInput <<= 3;
+
+    if (inBufIndex < MD5_END_BUFFER) {
+        MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+    } else {
+        MD5_Update(cx, padbytes,
+                   MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
+    }
+
+    /* Store the number of bytes input (before padding) in final 64 bits. */
+    cx->u.w[14] = lendian(lowInput);
+    cx->u.w[15] = lendian(highInput);
+
+/* Final call to compress. */
+#ifndef IS_LITTLE_ENDIAN
+    md5_prep_state_le(cx);
+#endif
+    md5_compress(cx, cx->u.w);
+
+    /* Copy the resulting values out of the chain variables into return buf. */
+    if (digestLen)
+        *digestLen = MD5_HASH_LEN;
+#ifndef IS_LITTLE_ENDIAN
+    cx->cv[0] = lendian(cx->cv[0]);
+    cx->cv[1] = lendian(cx->cv[1]);
+    cx->cv[2] = lendian(cx->cv[2]);
+    cx->cv[3] = lendian(cx->cv[3]);
+#endif
+    memcpy(digest, cx->cv, MD5_HASH_LEN);
+}
+
+void
+MD5_EndRaw(MD5Context *cx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+#ifndef IS_LITTLE_ENDIAN
+    PRUint32 tmp;
+#endif
+    PRUint32 cv[4];
+
+    if (maxDigestLen < MD5_HASH_LEN) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    memcpy(cv, cx->cv, sizeof(cv));
+#ifndef IS_LITTLE_ENDIAN
+    cv[0] = lendian(cv[0]);
+    cv[1] = lendian(cv[1]);
+    cv[2] = lendian(cv[2]);
+    cv[3] = lendian(cv[3]);
+#endif
+    memcpy(digest, cv, MD5_HASH_LEN);
+    if (digestLen)
+        *digestLen = MD5_HASH_LEN;
+}
+
+unsigned int
+MD5_FlattenSize(MD5Context *cx)
+{
+    return sizeof(*cx);
+}
+
+SECStatus
+MD5_Flatten(MD5Context *cx, unsigned char *space)
+{
+    memcpy(space, cx, sizeof(*cx));
+    return SECSuccess;
+}
+
+MD5Context *
+MD5_Resurrect(unsigned char *space, void *arg)
+{
+    MD5Context *cx = MD5_NewContext();
+    if (cx)
+        memcpy(cx, space, sizeof(*cx));
+    return cx;
+}
+
+void
+MD5_Clone(MD5Context *dest, MD5Context *src)
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+void
+MD5_TraceState(MD5Context *cx)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+}
diff --git a/nss/lib/freebl/mknewpc2.c b/nss/lib/freebl/mknewpc2.c
new file mode 100644
index 0000000..6b29688
--- /dev/null
+++ b/nss/lib/freebl/mknewpc2.c
@@ -0,0 +1,208 @@
+/*
+ *  mknewpc2.c
+ *
+ *  Generate PC-2 tables for DES-150 library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+typedef unsigned char BYTE;
+typedef unsigned int HALF;
+
+#define DES_ENCRYPT 0
+#define DES_DECRYPT 1
+
+/* two 28-bit registers defined in key schedule production process */
+static HALF C0, D0;
+
+static HALF L0, R0;
+
+/* key schedule, 16 internal keys, each with 8 6-bit parts */
+static BYTE KS[8][16];
+
+/*
+ * This table takes the 56 bits in C0 and D0 and shows show they are
+ * permuted into the 8 6-bit parts of the key in the key schedule.
+ * The bits of C0 are numbered left to right, 1-28.
+ * The bits of D0 are numbered left to right, 29-56.
+ * Zeros in this table represent bits that are always zero.
+ * Note that all the bits in the first  4 rows come from C0,
+ *       and all the bits in the second 4 rows come from D0.
+ */
+static const BYTE PC2[64] = {
+    14, 17, 11, 24, 1, 5, 0, 0, /* S1 */
+    3, 28, 15, 6, 21, 10, 0, 0, /* S2 */
+    23, 19, 12, 4, 26, 8, 0, 0, /* S3 */
+    16, 7, 27, 20, 13, 2, 0, 0, /* S4 */
+
+    41, 52, 31, 37, 47, 55, 0, 0, /* S5 */
+    30, 40, 51, 45, 33, 48, 0, 0, /* S6 */
+    44, 49, 39, 56, 34, 53, 0, 0, /* S7 */
+    46, 42, 50, 36, 29, 32, 0, 0  /* S8 */
+};
+
+/* This table represents the same info as PC2, except that
+ * The bits of C0 and D0 are each numbered right to left, 0-27.
+ * -1 values indicate bits that are always zero.
+ * As before all the bits in the first  4 rows come from C0,
+ *       and all the bits in the second 4 rows come from D0.
+ */
+static signed char PC2a[64] = {
+    /* bits of C0 */
+    14, 11, 17, 4, 27, 23, -1, -1, /* S1 */
+    25, 0, 13, 22, 7, 18, -1, -1,  /* S2 */
+    5, 9, 16, 24, 2, 20, -1, -1,   /* S3 */
+    12, 21, 1, 8, 15, 26, -1, -1,  /* S4 */
+                                   /* bits of D0 */
+    15, 4, 25, 19, 9, 1, -1, -1,   /* S5 */
+    26, 16, 5, 11, 23, 8, -1, -1,  /* S6 */
+    12, 7, 17, 0, 22, 3, -1, -1,   /* S7 */
+    10, 14, 6, 20, 27, 24, -1, -1  /* S8 */
+};
+
+/* This table represents the same info as PC2a, except that
+ * The order of of the rows has been changed to increase the efficiency
+ * with which the key sechedule is created.
+ * Fewer shifts and ANDs are required to make the KS from these.
+ */
+static const signed char PC2b[64] = {
+    /* bits of C0 */
+    14, 11, 17, 4, 27, 23, -1, -1, /* S1 */
+    5, 9, 16, 24, 2, 20, -1, -1,   /* S3 */
+    25, 0, 13, 22, 7, 18, -1, -1,  /* S2 */
+    12, 21, 1, 8, 15, 26, -1, -1,  /* S4 */
+                                   /* bits of D0 */
+    26, 16, 5, 11, 23, 8, -1, -1,  /* S6 */
+    10, 14, 6, 20, 27, 24, -1, -1, /* S8 */
+    15, 4, 25, 19, 9, 1, -1, -1,   /* S5 */
+    12, 7, 17, 0, 22, 3, -1, -1    /* S7 */
+};
+
+/* Only 24 of the 28 bits in C0 and D0 are used in PC2.
+ * The used bits of C0 and D0 are grouped into 4 groups of 6,
+ * so that the PC2 permutation can be accomplished with 4 lookups
+ * in tables of 64 entries.
+ * The following table shows how the bits of C0 and D0 are grouped
+ * into indexes for the respective table lookups.
+ * Bits are numbered right-to-left, 0-27, as in PC2b.
+ */
+static BYTE NDX[48] = {
+    /* Bits of C0 */
+    27, 26, 25, 24, 23, 22, /* C0 table 0 */
+    18, 17, 16, 15, 14, 13, /* C0 table 1 */
+    9, 8, 7, 2, 1, 0,       /* C0 table 2 */
+    5, 4, 21, 20, 12, 11,   /* C0 table 3 */
+                            /* bits of D0 */
+    27, 26, 25, 24, 23, 22, /* D0 table 0 */
+    20, 19, 17, 16, 15, 14, /* D0 table 1 */
+    12, 11, 10, 9, 8, 7,    /* D0 table 2 */
+    6, 5, 4, 3, 1, 0        /* D0 table 3 */
+};
+
+/* Here's the code that does that grouping.
+    left   = PC2LOOKUP(0, 0, ((c0 >> 22) & 0x3F) );
+    left  |= PC2LOOKUP(0, 1, ((c0 >> 13) & 0x3F) );
+    left  |= PC2LOOKUP(0, 2, ((c0 >>  4) & 0x38) | (c0 & 0x7) );
+    left  |= PC2LOOKUP(0, 3, ((c0>>18)&0xC) | ((c0>>11)&0x3) | (c0&0x30));
+
+    right  = PC2LOOKUP(1, 0, ((d0 >> 22) & 0x3F) );
+    right |= PC2LOOKUP(1, 1, ((d0 >> 15) & 0x30) | ((d0 >> 14) & 0xf) );
+    right |= PC2LOOKUP(1, 2, ((d0 >>  7) & 0x3F) );
+    right |= PC2LOOKUP(1, 3, ((d0 >>  1) & 0x3C) | (d0 & 0x3));
+*/
+
+void
+make_pc2a(void)
+{
+
+    int i, j;
+
+    for (i = 0; i < 64; ++i) {
+        j = PC2[i];
+        if (j == 0)
+            j = -1;
+        else if (j < 29)
+            j = 28 - j;
+        else
+            j = 56 - j;
+        PC2a[i] = j;
+    }
+    for (i = 0; i < 64; i += 8) {
+        printf("%3d,%3d,%3d,%3d,%3d,%3d,%3d,%3d,\n",
+               PC2a[i + 0], PC2a[i + 1], PC2a[i + 2], PC2a[i + 3],
+               PC2a[i + 4], PC2a[i + 5], PC2a[i + 6], PC2a[i + 7]);
+    }
+}
+
+HALF PC2cd0[64];
+
+HALF PC_2H[8][64];
+
+void
+mktable()
+{
+    int i;
+    int table;
+    const BYTE* ndx = NDX;
+    HALF mask;
+
+    mask = 0x80000000;
+    for (i = 0; i < 32; ++i, mask >>= 1) {
+        int bit = PC2b[i];
+        if (bit < 0)
+            continue;
+        PC2cd0[bit + 32] = mask;
+    }
+
+    mask = 0x80000000;
+    for (i = 32; i < 64; ++i, mask >>= 1) {
+        int bit = PC2b[i];
+        if (bit < 0)
+            continue;
+        PC2cd0[bit] = mask;
+    }
+
+#if DEBUG
+    for (i = 0; i < 64; ++i) {
+        printf("0x%08x,\n", PC2cd0[i]);
+    }
+#endif
+    for (i = 0; i < 24; ++i) {
+        NDX[i] += 32; /* because c0 is the upper half */
+    }
+
+    for (table = 0; table < 8; ++table) {
+        HALF bitvals[6];
+        for (i = 0; i < 6; ++i) {
+            bitvals[5 - i] = PC2cd0[*ndx++];
+        }
+        for (i = 0; i < 64; ++i) {
+            int j;
+            int k = 0;
+            HALF value = 0;
+
+            for (j = i; j; j >>= 1, ++k) {
+                if (j & 1) {
+                    value |= bitvals[k];
+                }
+            }
+            PC_2H[table][i] = value;
+        }
+        printf("/* table %d */ {\n", table);
+        for (i = 0; i < 64; i += 4) {
+            printf("    0x%08x, 0x%08x, 0x%08x, 0x%08x, \n",
+                   PC_2H[table][i], PC_2H[table][i + 1],
+                   PC_2H[table][i + 2], PC_2H[table][i + 3]);
+        }
+        printf("  },\n");
+    }
+}
+
+int
+main(void)
+{
+    /*   make_pc2a(); */
+    mktable();
+    return 0;
+}
diff --git a/nss/lib/freebl/mksp.c b/nss/lib/freebl/mksp.c
new file mode 100644
index 0000000..ca83ac8
--- /dev/null
+++ b/nss/lib/freebl/mksp.c
@@ -0,0 +1,119 @@
+/*
+ *  mksp.c
+ *
+ *  Generate SP tables for DES-150 library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+
+/*
+ * sboxes - the tables for the s-box functions
+ *        from FIPS 46, pages 15-16.
+ */
+unsigned char S[8][64] = {
+    /* Func S1 = */
+    { 14, 0, 4, 15, 13, 7, 1, 4, 2, 14, 15, 2, 11, 13, 8, 1,
+      3, 10, 10, 6, 6, 12, 12, 11, 5, 9, 9, 5, 0, 3, 7, 8,
+      4, 15, 1, 12, 14, 8, 8, 2, 13, 4, 6, 9, 2, 1, 11, 7,
+      15, 5, 12, 11, 9, 3, 7, 14, 3, 10, 10, 0, 5, 6, 0, 13 },
+    /* Func S2 = */
+    { 15, 3, 1, 13, 8, 4, 14, 7, 6, 15, 11, 2, 3, 8, 4, 14,
+      9, 12, 7, 0, 2, 1, 13, 10, 12, 6, 0, 9, 5, 11, 10, 5,
+      0, 13, 14, 8, 7, 10, 11, 1, 10, 3, 4, 15, 13, 4, 1, 2,
+      5, 11, 8, 6, 12, 7, 6, 12, 9, 0, 3, 5, 2, 14, 15, 9 },
+    /* Func S3 = */
+    { 10, 13, 0, 7, 9, 0, 14, 9, 6, 3, 3, 4, 15, 6, 5, 10,
+      1, 2, 13, 8, 12, 5, 7, 14, 11, 12, 4, 11, 2, 15, 8, 1,
+      13, 1, 6, 10, 4, 13, 9, 0, 8, 6, 15, 9, 3, 8, 0, 7,
+      11, 4, 1, 15, 2, 14, 12, 3, 5, 11, 10, 5, 14, 2, 7, 12 },
+    /* Func S4 = */
+    { 7, 13, 13, 8, 14, 11, 3, 5, 0, 6, 6, 15, 9, 0, 10, 3,
+      1, 4, 2, 7, 8, 2, 5, 12, 11, 1, 12, 10, 4, 14, 15, 9,
+      10, 3, 6, 15, 9, 0, 0, 6, 12, 10, 11, 1, 7, 13, 13, 8,
+      15, 9, 1, 4, 3, 5, 14, 11, 5, 12, 2, 7, 8, 2, 4, 14 },
+    /* Func S5 = */
+    { 2, 14, 12, 11, 4, 2, 1, 12, 7, 4, 10, 7, 11, 13, 6, 1,
+      8, 5, 5, 0, 3, 15, 15, 10, 13, 3, 0, 9, 14, 8, 9, 6,
+      4, 11, 2, 8, 1, 12, 11, 7, 10, 1, 13, 14, 7, 2, 8, 13,
+      15, 6, 9, 15, 12, 0, 5, 9, 6, 10, 3, 4, 0, 5, 14, 3 },
+    /* Func S6 = */
+    { 12, 10, 1, 15, 10, 4, 15, 2, 9, 7, 2, 12, 6, 9, 8, 5,
+      0, 6, 13, 1, 3, 13, 4, 14, 14, 0, 7, 11, 5, 3, 11, 8,
+      9, 4, 14, 3, 15, 2, 5, 12, 2, 9, 8, 5, 12, 15, 3, 10,
+      7, 11, 0, 14, 4, 1, 10, 7, 1, 6, 13, 0, 11, 8, 6, 13 },
+    /* Func S7 = */
+    { 4, 13, 11, 0, 2, 11, 14, 7, 15, 4, 0, 9, 8, 1, 13, 10,
+      3, 14, 12, 3, 9, 5, 7, 12, 5, 2, 10, 15, 6, 8, 1, 6,
+      1, 6, 4, 11, 11, 13, 13, 8, 12, 1, 3, 4, 7, 10, 14, 7,
+      10, 9, 15, 5, 6, 0, 8, 15, 0, 14, 5, 2, 9, 3, 2, 12 },
+    /* Func S8 = */
+    { 13, 1, 2, 15, 8, 13, 4, 8, 6, 10, 15, 3, 11, 7, 1, 4,
+      10, 12, 9, 5, 3, 6, 14, 11, 5, 0, 0, 14, 12, 9, 7, 2,
+      7, 2, 11, 1, 4, 14, 1, 7, 9, 4, 12, 10, 14, 8, 2, 13,
+      0, 15, 6, 12, 10, 9, 13, 0, 15, 3, 3, 5, 5, 6, 8, 11 }
+};
+
+/*
+ * Permutation function for results from s-boxes
+ *   from FIPS 46 pages 12 and 16.
+ * P =
+ */
+unsigned char P[32] = {
+    16, 7, 20, 21, 29, 12, 28, 17,
+    1, 15, 23, 26, 5, 18, 31, 10,
+    2, 8, 24, 14, 32, 27, 3, 9,
+    19, 13, 30, 6, 22, 11, 4, 25
+};
+
+unsigned int Pinv[32];
+unsigned int SP[8][64];
+
+void
+makePinv(void)
+{
+    int i;
+    unsigned int Pi = 0x80000000;
+    for (i = 0; i < 32; ++i) {
+        int j = 32 - P[i];
+        Pinv[j] = Pi;
+        Pi >>= 1;
+    }
+}
+
+void
+makeSP(void)
+{
+    int box;
+    for (box = 0; box < 8; ++box) {
+        int item;
+        printf("/* box S%d */ {\n", box + 1);
+        for (item = 0; item < 64; ++item) {
+            unsigned int s = S[box][item];
+            unsigned int val = 0;
+            unsigned int bitnum = (7 - box) * 4;
+            for (; s; s >>= 1, ++bitnum) {
+                if (s & 1) {
+                    val |= Pinv[bitnum];
+                }
+            }
+            val = (val << 3) | (val >> 29);
+            SP[box][item] = val;
+        }
+        for (item = 0; item < 64; item += 4) {
+            printf("\t0x%08x, 0x%08x, 0x%08x, 0x%08x,\n",
+                   SP[box][item], SP[box][item + 1], SP[box][item + 2], SP[box][item + 3]);
+        }
+        printf("    },\n");
+    }
+}
+
+int
+main()
+{
+    makePinv();
+    makeSP();
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/Makefile b/nss/lib/freebl/mpi/Makefile
new file mode 100644
index 0000000..0dee5be
--- /dev/null
+++ b/nss/lib/freebl/mpi/Makefile
@@ -0,0 +1,244 @@
+#
+# Makefile for MPI library
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+## Define CC to be the C compiler you wish to use.  The GNU cc
+## compiler (gcc) should work, at the very least
+#CC=cc
+#CC=gcc
+
+## 
+## Define PERL to point to your local Perl interpreter.  It
+## should be Perl 5.x, although it's conceivable that Perl 4
+## might work ... I haven't tested it.
+##
+#PERL=/usr/bin/perl
+#PERL=perl
+
+include target.mk
+
+CFLAGS+= $(XCFLAGS)
+
+##
+## Define LIBS to include any libraries you need to link against.
+## If NO_TABLE is define, LIBS should include '-lm' or whatever is
+## necessary to bring in the math library.  Otherwise, it can be
+## left alone, unless your system has other peculiar requirements.
+##
+LIBS=#-lmalloc#-lefence#-lm
+
+## 
+## Define RANLIB to be the library header randomizer; you might not
+## need this on some systems (just set it to 'echo' on these systems,
+## such as IRIX)
+##
+RANLIB=echo
+
+##
+## This is the version string used for the documentation and 
+## building the distribution tarball.  Don't mess with it unless
+## you are releasing a new version
+VERS=1.7p6
+
+## ----------------------------------------------------------------------
+## You probably don't need to change anything below this line...
+##
+
+##
+## This is the list of source files that need to be packed into
+## the distribution file
+SRCS=   mpi.c mpprime.c mplogic.c mp_gf2m.c mpmontg.c mpi-test.c primes.c \
+	mpcpucache.c tests/ \
+	utils/gcd.c utils/invmod.c utils/lap.c \
+	utils/ptab.pl utils/sieve.c utils/isprime.c\
+	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
+	utils/bbsrand.c utils/prng.c utils/primegen.c \
+	utils/basecvt.c utils/makeprime.c\
+	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
+	utils/mpi.h utils/mpprime.h mulsqr.c \
+	make-test-arrays test-arrays.txt all-tests make-logtab \
+	types.pl stats timetest multest
+
+## These are the header files that go into the distribution file
+HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h mp_gf2m.h \
+     mp_gf2m-priv.h utils/bbs_rand.h tests/mpi.h tests/mpprime.h
+
+## These are the documentation files that go into the distribution file
+DOCS=README doc utils/README utils/PRIMES 
+
+## This is the list of tools built by 'make tools'
+TOOLS=gcd invmod isprime lap dec2hex hex2dec primegen prng \
+	basecvt fact exptmod pi makeprime identest
+
+LIBOBJS = mpprime.o mpmontg.o mplogic.o mp_gf2m.o mpi.o mpcpucache.o $(AS_OBJS)
+LIBHDRS = mpi-config.h mpi-priv.h mpi.h
+APPHDRS = mpi-config.h mpi.h mplogic.h mp_gf2m.h mpprime.h
+
+help:
+	@ echo ""
+	@ echo "The following targets can be built with this Makefile:"
+	@ echo ""
+	@ echo "libmpi.a     - arithmetic and prime testing library"
+	@ echo "mpi-test     - test driver (requires MP_IOFUNC)"
+	@ echo "tools        - command line tools"
+	@ echo "doc          - manual pages for tools"
+	@ echo "clean        - clean up objects and such"
+	@ echo "distclean    - get ready for distribution"
+	@ echo "dist         - distribution tarball"
+	@ echo ""
+
+.SUFFIXES: .c .o .i
+
+.c.i:
+	$(CC) $(CFLAGS) -E $< > $@
+
+#.c.o: $*.h $*.c
+#	$(CC) $(CFLAGS) -c $<
+
+#---------------------------------------
+
+$(LIBOBJS): $(LIBHDRS)
+
+logtab.h: make-logtab
+	$(PERL) make-logtab > logtab.h
+
+mpi.o: mpi.c logtab.h $(LIBHDRS)
+
+mplogic.o: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
+
+mp_gf2m.o: mp_gf2m.c mpi-priv.h mp_gf2m.h mp_gf2m-priv.h $(LIBHDRS)
+
+mpmontg.o: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
+
+mpprime.o: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
+
+mpcpucache.o: mpcpucache.c $(LIBHDRS)
+
+mpi_mips.o: mpi_mips.s
+	$(CC) -o $@ $(ASFLAGS) -c mpi_mips.s
+
+mpi_sparc.o : montmulf.h
+
+mpv_sparcv9.s: vis_64.il mpv_sparc.c
+	$(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_64.il mpv_sparc.c
+
+mpv_sparcv8.s: vis_64.il mpv_sparc.c
+	$(CC) -o $@ $(SOLARIS_FPU_FLAGS) -S vis_32.il mpv_sparc.c
+
+montmulfv8.o montmulfv9.o mpv_sparcv8.o mpv_sparcv9.o : %.o : %.s 
+	$(CC) -o $@ $(SOLARIS_ASM_FLAGS) -c $<
+
+mpi_arm.o: mpi_arm.c $(LIBHDRS)
+
+# This rule is used to build the .s sources, which are then hand optimized.
+#montmulfv8.s montmulfv9.s : montmulf%.s : montmulf%.il montmulf.c montmulf.h 
+#	$(CC) -o $@ $(SOLARIS_ASM_FLAGS) -S montmulf$*.il montmulf.c
+
+
+libmpi.a: $(LIBOBJS)
+	ar -cvr libmpi.a $(LIBOBJS)
+	$(RANLIB) libmpi.a
+
+lib libs: libmpi.a
+
+mpi.i: mpi.h
+
+#---------------------------------------
+
+MPTESTOBJS = mptest1.o mptest2.o mptest3.o mptest3a.o mptest4.o mptest4a.o \
+	mptest4b.o mptest6.o mptest7.o mptest8.o mptest9.o mptestb.o
+MPTESTS = $(MPTESTOBJS:.o=)
+
+$(MPTESTOBJS): mptest%.o: tests/mptest-%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -o $@ -c $<
+
+$(MPTESTS): mptest%: mptest%.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^  $(LIBS)
+
+tests: mptest1 mptest2 mptest3 mptest3a mptest4 mptest4a mptest4b mptest6 \
+	mptestb bbsrand
+
+utests: mptest7 mptest8 mptest9
+
+#---------------------------------------
+
+EXTRAOBJS = bbsrand.o bbs_rand.o prng.o
+UTILOBJS = primegen.o metime.o identest.o basecvt.o fact.o exptmod.o pi.o \
+	makeprime.o gcd.o invmod.o lap.o isprime.o \
+	dec2hex.o hex2dec.o
+UTILS = $(UTILOBJS:.o=) 
+
+$(UTILS): % : %.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+$(UTILOBJS) $(EXTRAOBJS): %.o : utils/%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -o $@ -c $<
+
+prng: prng.o bbs_rand.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+bbsrand: bbsrand.o bbs_rand.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+utils: $(UTILS) prng bbsrand
+
+#---------------------------------------
+
+test-info.c: test-arrays.txt
+	$(PERL) make-test-arrays test-arrays.txt > test-info.c
+
+mpi-test.o: mpi-test.c test-info.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -o $@ -c $<
+
+mpi-test: mpi-test.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+mdxptest.o: mdxptest.c $(LIBHDRS) mpi-priv.h
+
+mdxptest: mdxptest.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+mulsqr.o: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
+	$(CC) $(CFLAGS) -DMP_SQUARE=1 -o $@ -c mulsqr.c 
+
+mulsqr: mulsqr.o libmpi.a
+	$(CC) $(CFLAGS) -o $@ $^ $(LIBS)
+
+#---------------------------------------
+
+alltests: tests utests mpi-test
+
+tools: $(TOOLS)
+
+doc:
+	(cd doc; ./build)
+
+clean:
+	rm -f *.o *.a *.i
+	rm -f core
+	rm -f *~ .*~
+	rm -f utils/*.o
+	rm -f utils/core
+	rm -f utils/*~ utils/.*~
+
+clobber: clean
+	rm -f $(TOOLS) $(UTILS)
+
+distclean: clean
+	rm -f mptest? mpi-test metime mulsqr karatsuba
+	rm -f mptest?a mptest?b
+	rm -f utils/mptest?
+	rm -f test-info.c logtab.h
+	rm -f libmpi.a
+	rm -f $(TOOLS)
+
+dist: Makefile $(HDRS) $(SRCS) $(DOCS)
+	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
+	pgps -ab mpi-$(VERS).tar
+	chmod +r mpi-$(VERS).tar.asc
+	gzip -9 mpi-$(VERS).tar
+
+# END
diff --git a/nss/lib/freebl/mpi/Makefile.os2 b/nss/lib/freebl/mpi/Makefile.os2
new file mode 100644
index 0000000..fa705ee
--- /dev/null
+++ b/nss/lib/freebl/mpi/Makefile.os2
@@ -0,0 +1,243 @@
+#
+# Makefile.win - gmake Makefile for building MPI with VACPP on OS/2
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+## Define CC to be the C compiler you wish to use.  The GNU cc
+## compiler (gcc) should work, at the very least
+#CC=cc
+#CC=gcc
+CC=icc.exe
+AS=alp.exe
+
+## 
+## Define PERL to point to your local Perl interpreter.  It
+## should be Perl 5.x, although it's conceivable that Perl 4
+## might work ... I haven't tested it.
+##
+#PERL=/usr/bin/perl
+#PERL=perl
+
+##
+## Define CFLAGS to contain any local options your compiler
+## setup requires.
+##
+## Conditional compilation options are no longer here; see
+## the file 'mpi-config.h' instead.
+##
+MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+
+#OS/2
+AS_SRCS = mpi_x86.asm
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \
+ -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+CFLAGS = /Ti+ -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ $(MPICMN)
+ASFLAGS =
+
+##
+## Define LIBS to include any libraries you need to link against.
+## If NO_TABLE is define, LIBS should include '-lm' or whatever is
+## necessary to bring in the math library.  Otherwise, it can be
+## left alone, unless your system has other peculiar requirements.
+##
+LIBS=#-lmalloc#-lefence#-lm
+
+## 
+## Define RANLIB to be the library header randomizer; you might not
+## need this on some systems (just set it to 'echo' on these systems,
+## such as IRIX)
+##
+RANLIB=echo
+
+##
+## This is the version string used for the documentation and 
+## building the distribution tarball.  Don't mess with it unless
+## you are releasing a new version
+VERS=1.7p6
+
+## ----------------------------------------------------------------------
+## You probably don't need to change anything below this line...
+##
+
+##
+## This is the list of source files that need to be packed into
+## the distribution file
+SRCS=   mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \
+	utils/gcd.c utils/invmod.c utils/lap.c \
+	utils/ptab.pl utils/sieve.c utils/isprime.c\
+	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
+	utils/bbsrand.c utils/prng.c utils/primegen.c \
+	utils/basecvt.c utils/makeprime.c\
+	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
+	utils/mpi.h utils/mpprime.h mulsqr.c \
+	make-test-arrays test-arrays.txt all-tests make-logtab \
+	types.pl stats timetest multest
+
+## These are the header files that go into the distribution file
+HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \
+     utils/bbs_rand.h tests/mpi.h tests/mpprime.h
+
+## These are the documentation files that go into the distribution file
+DOCS=README doc utils/README utils/PRIMES 
+
+## This is the list of tools built by 'make tools'
+TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \
+ primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe
+
+AS_OBJS = $(AS_SRCS:.asm=.obj)
+LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS)
+LIBHDRS = mpi-config.h mpi-priv.h mpi.h
+APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h
+
+
+help:
+	@ echo ""
+	@ echo "The following targets can be built with this Makefile:"
+	@ echo ""
+	@ echo "mpi.lib      - arithmetic and prime testing library"
+	@ echo "mpi-test.exe - test driver (requires MP_IOFUNC)"
+	@ echo "tools        - command line tools"
+	@ echo "doc          - manual pages for tools"
+	@ echo "clean        - clean up objects and such"
+	@ echo "distclean    - get ready for distribution"
+	@ echo "dist         - distribution tarball"
+	@ echo ""
+
+.SUFFIXES: .c .obj .i .lib .exe .asm
+
+.c.i:
+	$(CC) $(CFLAGS) -E $< > $@
+
+.c.obj: 
+	$(CC) $(CFLAGS) -c $<
+
+.asm.obj:
+	$(AS) $(ASFLAGS) $<
+
+.obj.exe:
+	$(CC) $(CFLAGS) -Fo$@ $<
+
+#---------------------------------------
+
+$(LIBOBJS): $(LIBHDRS)
+
+logtab.h: make-logtab
+	$(PERL) make-logtab > logtab.h
+
+mpi.obj: mpi.c logtab.h $(LIBHDRS)
+
+mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
+
+mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
+
+mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
+
+mpi_mips.obj: mpi_mips.s
+	$(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s
+
+mpi.lib: $(LIBOBJS)
+	ilib /out:mpi.lib $(LIBOBJS)
+	$(RANLIB) mpi.lib
+
+lib libs: mpi.lib
+
+#---------------------------------------
+
+MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \
+ mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj
+MPTESTS = $(MPTESTOBJS:.obj=.exe)
+
+$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \
+ mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe
+
+utests: mptest7.exe mptest8.exe mptest9.exe
+
+#---------------------------------------
+
+EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj
+UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \
+ exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \
+ isprime.obj dec2hex.obj hex2dec.obj
+UTILS = $(UTILOBJS:.obj=.exe) 
+
+$(UTILS): %.exe : %.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+utils: $(UTILS) prng.exe bbsrand.exe
+
+#---------------------------------------
+
+test-info.c: test-arrays.txt
+	$(PERL) make-test-arrays test-arrays.txt > test-info.c
+
+mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+mpi-test.exe: mpi-test.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h
+
+mdxptest.exe: mdxptest.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
+	$(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c 
+
+mulsqr.exe: mulsqr.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+#---------------------------------------
+
+alltests: tests utests mpi-test.exe
+
+tools: $(TOOLS)
+
+doc:
+	(cd doc; ./build)
+
+clean:
+	rm -f *.obj *.lib *.pdb *.ilk
+	cd utils; rm -f *.obj *.lib *.pdb *.ilk
+
+distclean: clean
+	rm -f mptest? mpi-test metime mulsqr karatsuba
+	rm -f mptest?a mptest?b
+	rm -f utils/mptest?
+	rm -f test-info.c logtab.h
+	rm -f mpi.lib
+	rm -f $(TOOLS)
+
+dist: Makefile $(HDRS) $(SRCS) $(DOCS)
+	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
+	pgps -ab mpi-$(VERS).tar
+	chmod +r mpi-$(VERS).tar.asc
+	gzip -9 mpi-$(VERS).tar
+
+
+print: 
+	@echo LIBOBJS = $(LIBOBJS)
+# END
diff --git a/nss/lib/freebl/mpi/Makefile.win b/nss/lib/freebl/mpi/Makefile.win
new file mode 100644
index 0000000..cd41dfa
--- /dev/null
+++ b/nss/lib/freebl/mpi/Makefile.win
@@ -0,0 +1,254 @@
+#
+# Makefile.win - gmake Makefile for building MPI with MSVC on NT
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+## Define CC to be the C compiler you wish to use.  The GNU cc
+## compiler (gcc) should work, at the very least
+#CC=cc
+#CC=gcc
+CC=cl.exe
+ifeq ($(CPU_ARCH),x86_64)
+AS=ml64.exe
+else
+AS=ml.exe
+endif
+
+## 
+## Define PERL to point to your local Perl interpreter.  It
+## should be Perl 5.x, although it's conceivable that Perl 4
+## might work ... I haven't tested it.
+##
+#PERL=/usr/bin/perl
+#PERL=perl
+
+##
+## Define CFLAGS to contain any local options your compiler
+## setup requires.
+##
+## Conditional compilation options are no longer here; see
+## the file 'mpi-config.h' instead.
+##
+MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC
+
+ifeq ($(CPU_ARCH),x86_64)
+AS_SRCS = mpi_x86_64.asm
+CFLAGS = -O2 -Z7 -MD -W3 -nologo -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WIN64 -D_AMD64_ -D_M_AMD64 -D_WINDOWS -DWIN95 $(MPICMN)
+ASFLAGS = -Cp -Sn -Zi -I.
+else
+#NT
+AS_SRCS = mpi_x86.asm
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+#CFLAGS= -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC \
+ -DDEBUG -D_DEBUG -UNDEBUG -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -O2 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+#CFLAGS = -Od -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+CFLAGS = -O2 -Z7 -MD -W3 -nologo -D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG \
+ -DWIN32 -D_WINDOWS -DWIN95 $(MPICMN)
+ASFLAGS = -Cp -Sn -Zi -coff -I. 
+endif
+
+##
+## Define LIBS to include any libraries you need to link against.
+## If NO_TABLE is define, LIBS should include '-lm' or whatever is
+## necessary to bring in the math library.  Otherwise, it can be
+## left alone, unless your system has other peculiar requirements.
+##
+LIBS=#-lmalloc#-lefence#-lm
+
+## 
+## Define RANLIB to be the library header randomizer; you might not
+## need this on some systems (just set it to 'echo' on these systems,
+## such as IRIX)
+##
+RANLIB=echo
+
+##
+## This is the version string used for the documentation and 
+## building the distribution tarball.  Don't mess with it unless
+## you are releasing a new version
+VERS=1.7p6
+
+## ----------------------------------------------------------------------
+## You probably don't need to change anything below this line...
+##
+
+##
+## This is the list of source files that need to be packed into
+## the distribution file
+SRCS=   mpi.c mpprime.c mplogic.c mpmontg.c mpi-test.c primes.c tests/ \
+	utils/gcd.c utils/invmod.c utils/lap.c \
+	utils/ptab.pl utils/sieve.c utils/isprime.c\
+	utils/dec2hex.c utils/hex2dec.c utils/bbs_rand.c \
+	utils/bbsrand.c utils/prng.c utils/primegen.c \
+	utils/basecvt.c utils/makeprime.c\
+	utils/fact.c utils/exptmod.c utils/pi.c utils/metime.c \
+	utils/mpi.h utils/mpprime.h mulsqr.c \
+	make-test-arrays test-arrays.txt all-tests make-logtab \
+	types.pl stats timetest multest
+
+## These are the header files that go into the distribution file
+HDRS=mpi.h mpi-config.h utils/mpi.h utils/mpi-config.h mpprime.h mplogic.h \
+     utils/bbs_rand.h tests/mpi.h tests/mpprime.h
+
+## These are the documentation files that go into the distribution file
+DOCS=README doc utils/README utils/PRIMES 
+
+## This is the list of tools built by 'make tools'
+TOOLS=gcd.exe invmod.exe isprime.exe lap.exe dec2hex.exe hex2dec.exe \
+ primegen.exe prng.exe basecvt.exe fact.exe exptmod.exe pi.exe makeprime.exe
+
+AS_OBJS = $(AS_SRCS:.asm=.obj)
+LIBOBJS = mpprime.obj mpmontg.obj mplogic.obj mpi.obj $(AS_OBJS)
+LIBHDRS = mpi-config.h mpi-priv.h mpi.h
+APPHDRS = mpi-config.h mpi.h mplogic.h mpprime.h
+
+
+help:
+	@ echo ""
+	@ echo "The following targets can be built with this Makefile:"
+	@ echo ""
+	@ echo "mpi.lib     - arithmetic and prime testing library"
+	@ echo "mpi-test     - test driver (requires MP_IOFUNC)"
+	@ echo "tools        - command line tools"
+	@ echo "doc          - manual pages for tools"
+	@ echo "clean        - clean up objects and such"
+	@ echo "distclean    - get ready for distribution"
+	@ echo "dist         - distribution tarball"
+	@ echo ""
+
+.SUFFIXES: .c .obj .i .lib .exe .asm
+
+.c.i:
+	$(CC) $(CFLAGS) -E $< > $@
+
+.c.obj: 
+	$(CC) $(CFLAGS) -c $<
+
+.asm.obj:
+	$(AS) $(ASFLAGS) -c $<
+
+.obj.exe:
+	$(CC) $(CFLAGS) -Fo$@ $<
+
+#---------------------------------------
+
+$(LIBOBJS): $(LIBHDRS)
+
+logtab.h: make-logtab
+	$(PERL) make-logtab > logtab.h
+
+mpi.obj: mpi.c logtab.h $(LIBHDRS)
+
+mplogic.obj: mplogic.c mpi-priv.h mplogic.h $(LIBHDRS)
+
+mpmontg.obj: mpmontg.c mpi-priv.h mplogic.h mpprime.h $(LIBHDRS)
+
+mpprime.obj: mpprime.c mpi-priv.h mpprime.h mplogic.h primes.c $(LIBHDRS)
+
+mpi_mips.obj: mpi_mips.s
+	$(CC) -Fo$@ $(ASFLAGS) -c mpi_mips.s
+
+mpi.lib: $(LIBOBJS)
+	ar -cvr mpi.lib $(LIBOBJS)
+	$(RANLIB) mpi.lib
+
+lib libs: mpi.lib
+
+#---------------------------------------
+
+MPTESTOBJS = mptest1.obj mptest2.obj mptest3.obj mptest3a.obj mptest4.obj \
+ mptest4a.obj mptest4b.obj mptest6.obj mptest7.obj mptest8.obj mptest9.obj
+MPTESTS = $(MPTESTOBJS:.obj=.exe)
+
+$(MPTESTOBJS): mptest%.obj: tests/mptest-%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+$(MPTESTS): mptest%.exe: mptest%.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+tests: mptest1.exe mptest2.exe mptest3.exe mptest3a.exe mptest4.exe \
+ mptest4a.exe mptest4b.exe mptest6.exe bbsrand.exe
+
+utests: mptest7.exe mptest8.exe mptest9.exe
+
+#---------------------------------------
+
+EXTRAOBJS = bbsrand.obj bbs_rand.obj prng.obj
+UTILOBJS = primegen.obj metime.obj identest.obj basecvt.obj fact.obj \
+ exptmod.obj pi.obj makeprime.obj karatsuba.obj gcd.obj invmod.obj lap.obj \
+ isprime.obj dec2hex.obj hex2dec.obj
+UTILS = $(UTILOBJS:.obj=.exe) 
+
+$(UTILS): %.exe : %.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^ 
+
+$(UTILOBJS) $(EXTRAOBJS): %.obj : utils/%.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+prng.exe: prng.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+bbsrand.exe: bbsrand.obj bbs_rand.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+utils: $(UTILS) prng.exe bbsrand.exe
+
+#---------------------------------------
+
+test-info.c: test-arrays.txt
+	$(PERL) make-test-arrays test-arrays.txt > test-info.c
+
+mpi-test.obj: mpi-test.c test-info.c $(LIBHDRS)
+	$(CC) $(CFLAGS) -Fo$@ -c $<
+
+mpi-test.exe: mpi-test.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mdxptest.obj: mdxptest.c $(LIBHDRS) mpi-priv.h
+
+mdxptest.exe: mdxptest.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+mulsqr.obj: mulsqr.c logtab.h mpi.h mpi-config.h mpprime.h 
+	$(CC) $(CFLAGS) -DMP_SQUARE=1 -Fo$@ -c mulsqr.c 
+
+mulsqr.exe: mulsqr.obj mpi.lib $(LIBS)
+	$(CC) $(CFLAGS) -Fo$@ $^
+
+#---------------------------------------
+
+alltests: tests utests mpi-test.exe
+
+tools: $(TOOLS)
+
+doc:
+	(cd doc; ./build)
+
+clean:
+	rm -f *.obj *.lib *.pdb *.ilk
+	cd utils; rm -f *.obj *.lib *.pdb *.ilk
+
+distclean: clean
+	rm -f mptest? mpi-test metime mulsqr karatsuba
+	rm -f mptest?a mptest?b
+	rm -f utils/mptest?
+	rm -f test-info.c logtab.h
+	rm -f mpi.lib
+	rm -f $(TOOLS)
+
+dist: Makefile $(HDRS) $(SRCS) $(DOCS)
+	tar -cvf mpi-$(VERS).tar Makefile $(HDRS) $(SRCS) $(DOCS)
+	pgps -ab mpi-$(VERS).tar
+	chmod +r mpi-$(VERS).tar.asc
+	gzip -9 mpi-$(VERS).tar
+
+
+print: 
+	@echo LIBOBJS = $(LIBOBJS)
+# END
diff --git a/nss/lib/freebl/mpi/README b/nss/lib/freebl/mpi/README
new file mode 100644
index 0000000..f1c66df
--- /dev/null
+++ b/nss/lib/freebl/mpi/README
@@ -0,0 +1,746 @@
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+About the MPI Library
+---------------------
+
+The files 'mpi.h' and 'mpi.c' define a simple, arbitrary precision
+signed integer arithmetic package.  The implementation is not the most
+efficient possible, but the code is small and should be fairly easily
+portable to just about any machine that supports an ANSI C compiler,
+as long as it is capable of at least 16-bit arithmetic (but also see
+below for more on this).
+
+This library was written with an eye to cryptographic applications;
+thus, some care is taken to make sure that temporary values are not
+left lying around in memory when they are no longer in use.  This adds
+some overhead for zeroing buffers before they are released back into
+the free pool; however, it gives you the assurance that there is only
+one copy of your important values residing in your process's address
+space at a time.  Obviously, it is difficult to guarantee anything, in
+a pre-emptive multitasking environment, but this at least helps you
+keep a lid on the more obvious ways your data can get spread around in
+memory.
+
+
+Using the Library
+-----------------
+
+To use the MPI library in your program, you must include the header:
+
+#include "mpi.h"
+
+This header provides all the type and function declarations you'll
+need to use the library.  Almost all the names defined by the library
+begin with the prefix 'mp_', so it should be easy to keep them from
+clashing with your program's namespace (he says, glibly, knowing full
+well there are always pathological cases).
+
+There are a few things you may want to configure about the library.
+By default, the MPI library uses an unsigned short for its digit type,
+and an unsigned int for its word type.  The word type must be big
+enough to contain at least two digits, for the primitive arithmetic to
+work out.  On my machine, a short is 2 bytes and an int is 4 bytes --
+but if you have 64-bit ints, you might want to use a 4-byte digit and
+an 8-byte word.  I have tested the library using 1-byte digits and
+2-byte words, as well.  Whatever you choose to do, the things you need
+to change are:
+
+(1) The type definitions for mp_digit and mp_word.
+
+(2) The macro DIGIT_FMT which tells mp_print() how to display a
+    single digit.  This is just a printf() format string, so you
+    can adjust it appropriately.
+
+(3) The macros DIGIT_MAX and MP_WORD_MAX, which specify the 
+    largest value expressible in an mp_digit and an mp_word,
+    respectively.
+
+Both the mp_digit and mp_word should be UNSIGNED integer types.  The
+code relies on having the full positive precision of the type used for
+digits and words.
+
+The remaining type definitions should be left alone, for the most
+part.  The code in the library does not make any significant
+assumptions about the sizes of things, but there is little if any
+reason to change the other parameters, so I would recommend you leave
+them as you found them.
+
+The library comes with a Perl script, 'types.pl', which will scan your
+current Makefile settings, and attempt to find good definitions for
+these types.  It relies on a Unix sort of build environment, so it
+probably won't work under MacOS or Windows, but it can be convenient
+if you're porting to a new flavour of Unix.  Just run 'types.pl' at
+the command line, and it will spit out its results to the standard
+output.
+
+
+Conventions
+-----------
+
+Most functions in the library return a value of type mp_err.  This
+permits the library to communicate success or various kinds of failure
+to the calling program.  The return values currently defined are:
+
+        MP_OKAY         - okay, operation succeeded, all's well
+        MP_YES          - okay, the answer is yes (same as MP_OKAY)
+        MP_NO           - okay, but answer is no (not MP_OKAY)
+        MP_MEM          - operation ran out of memory
+        MP_RANGE        - input parameter was out of range
+        MP_BADARG       - an invalid input parameter was provided
+        MP_UNDEF        - no output value is defined for this input
+
+The only function which currently uses MP_UNDEF is mp_invmod().
+Division by zero is undefined, but the division functions will return
+MP_RANGE for a zero divisor.  MP_BADARG usually means you passed a
+bogus mp_int structure to the function.  MP_YES and MP_NO are not used
+by the library itself; they're defined so you can use them in your own
+extensions.
+
+If you need a readable interpretation of these error codes in your
+program, you may also use the mp_strerror() function.  This function
+takes an mp_err as input, and returns a pointer to a human-readable
+string describing the meaning of the error.  These strings are stored
+as constants within the library, so the caller should not attempt to
+modify or free the memory associated with these strings.
+
+The library represents values in signed-magnitude format.  Values
+strictly less than zero are negative, all others are considered
+positive (zero is positive by fiat).  You can access the 'sign' member
+of the mp_int structure directly, but better is to use the mp_cmp_z()
+function, to find out which side of zero the value lies on.
+
+Most arithmetic functions have a single-digit variant, as well as the
+full arbitrary-precision.  An mp_digit is an unsigned value between 0
+and DIGIT_MAX inclusive.  The radix is available as RADIX.  The number
+of bits in a given digit is given as DIGIT_BIT.
+
+Generally, input parameters are given before output parameters.
+Unless otherwise specified, any input parameter can be re-used as an
+output parameter, without confusing anything.
+
+The basic numeric type defined by the library is an mp_int.  Virtually
+all the functions in the library take a pointer to an mp_int as one of
+their parameters.  An explanation of how to create and use these
+structures follows.  And so, without further ado...
+
+
+Initialization and Cleanup
+--------------------------
+
+The basic numeric type defined by the library is an 'mp_int'.
+However, it is not sufficient to simply declare a variable of type
+mp_int in your program.  These variables also need to be initialized
+before they can be used, to allocate the internal storage they require
+for computation.
+
+This is done using one of the following functions:
+
+        mp_init(mp_int *mp);
+        mp_init_copy(mp_int *mp, mp_int *from);
+        mp_init_size(mp_int *mp, mp_size p);
+
+Each of these requires a pointer to a structure of type mp_int.  The
+basic mp_init() simply initializes the mp_int to a default size, and
+sets its value to zero.  If you would like to initialize a copy of an
+existing mp_int, use mp_init_copy(), where the 'from' parameter is the
+mp_int you'd like to make a copy of.  The third function,
+mp_init_size(), permits you to specify how many digits of precision
+should be preallocated for your mp_int.  This can help the library
+avoid unnecessary re-allocations later on.
+
+The default precision used by mp_init() can be retrieved using:
+
+        precision = mp_get_prec();
+
+This returns the number of digits that will be allocated.  You can
+change this value by using:
+
+        mp_set_prec(unsigned int prec);
+
+Any positive value is acceptable -- if you pass zero, the default
+precision will be re-set to the compiled-in library default (this is
+specified in the header file 'mpi-config.h', and typically defaults to
+8 or 16).
+
+Just as you must allocate an mp_int before you can use it, you must
+clean up the structure when you are done with it.  This is performed
+using the mp_clear() function.  Remember that any mp_int that you
+create as a local variable in a function must be mp_clear()'d before
+that function exits, or else the memory allocated to that mp_int will
+be orphaned and unrecoverable.
+
+To set an mp_int to a given value, the following functions are given:
+
+        mp_set(mp_int *mp, mp_digit d);
+        mp_set_int(mp_int *mp, long z);
+
+The mp_set() function sets the mp_int to a single digit value, while
+mp_set_int() sets the mp_int to a signed long integer value.
+
+To set an mp_int to zero, use:
+
+        mp_zero(mp_int *mp);
+
+
+Copying and Moving
+------------------
+
+If you have two initialized mp_int's, and you want to copy the value
+of one into the other, use:
+
+        mp_copy(from, to)
+
+This takes care of clearing the old value of 'to', and copies the new
+value into it.  If 'to' is not yet initialized, use mp_init_copy()
+instead (see above).
+
+Note:   The library tries, whenever possible, to avoid allocating
+----    new memory.  Thus, mp_copy() tries first to satisfy the needs
+        of the copy by re-using the memory already allocated to 'to'.
+        Only if this proves insufficient will mp_copy() actually
+        allocate new memory.
+
+        For this reason, if you know a priori that 'to' has enough
+        available space to hold 'from', you don't need to check the
+        return value of mp_copy() for memory failure.  The USED()
+        macro tells you how many digits are used by an mp_int, and
+        the ALLOC() macro tells you how many are allocated.
+
+If you have two initialized mp_int's, and you want to exchange their
+values, use:
+
+        mp_exch(a, b)
+
+This is better than using mp_copy() with a temporary, since it will
+not (ever) touch the memory allocator -- it just swaps the exact
+contents of the two structures.  The mp_exch() function cannot fail;
+if you pass it an invalid structure, it just ignores it, and does
+nothing.
+
+
+Basic Arithmetic
+----------------
+
+Once you have initialized your integers, you can operate on them.  The
+basic arithmetic functions on full mp_int values are:
+
+mp_add(a, b, c)         - computes c = a + b
+mp_sub(a, b, c)         - computes c = a - b
+mp_mul(a, b, c)         - computes c = a * b
+mp_sqr(a, b)            - computes b = a * a
+mp_div(a, b, q, r)      - computes q, r such that a = bq + r
+mp_div_2d(a, d, q, r)   - computes q = a / 2^d, r = a % 2^d
+mp_expt(a, b, c)        - computes c = a ** b
+mp_2expt(a, k)          - computes a = 2^k
+
+The mp_div_2d() function efficiently computes division by powers of
+two.  Either the q or r parameter may be NULL, in which case that
+portion of the computation will be discarded.
+
+The algorithms used for some of the computations here are described in
+the following files which are included with this distribution:
+
+mul.txt         Describes the multiplication algorithm
+div.txt         Describes the division algorithm
+expt.txt        Describes the exponentiation algorithm
+sqrt.txt        Describes the square-root algorithm
+square.txt      Describes the squaring algorithm
+
+There are single-digit versions of most of these routines, as well.
+In the following prototypes, 'd' is a single mp_digit:
+
+mp_add_d(a, d, c)       - computes c = a + d
+mp_sub_d(a, d, c)       - computes c = a - d
+mp_mul_d(a, d, c)       - computes c = a * d
+mp_mul_2(a, c)          - computes c = a * 2
+mp_div_d(a, d, q, r)    - computes q, r such that a = bq + r
+mp_div_2(a, c)          - computes c = a / 2
+mp_expt_d(a, d, c)      - computes c = a ** d
+
+The mp_mul_2() and mp_div_2() functions take advantage of the internal
+representation of an mp_int to do multiplication by two more quickly
+than mp_mul_d() would.  Other basic functions of an arithmetic variety
+include:
+
+mp_zero(a)              - assign 0 to a
+mp_neg(a, c)            - negate a: c = -a
+mp_abs(a, c)            - absolute value: c = |a|
+
+
+Comparisons
+-----------
+
+Several comparison functions are provided.  Each of these, unless
+otherwise specified, returns zero if the comparands are equal, < 0 if
+the first is less than the second, and > 0 if the first is greater
+than the second:
+
+mp_cmp_z(a)             - compare a <=> 0
+mp_cmp_d(a, d)          - compare a <=> d, d is a single digit
+mp_cmp(a, b)            - compare a <=> b
+mp_cmp_mag(a, b)        - compare |a| <=> |b|
+mp_isodd(a)             - return nonzero if odd, zero otherwise
+mp_iseven(a)            - return nonzero if even, zero otherwise
+
+
+Modular Arithmetic
+------------------
+
+Modular variations of the basic arithmetic functions are also
+supported.  These are available if the MP_MODARITH parameter in
+mpi-config.h is turned on (it is by default).  The modular arithmetic
+functions are:
+
+mp_mod(a, m, c)         - compute c = a (mod m), 0 <= c < m
+mp_mod_d(a, d, c)       - compute c = a (mod d), 0 <= c < d (see below)
+mp_addmod(a, b, m, c)   - compute c = (a + b) mod m
+mp_submod(a, b, m, c)   - compute c = (a - b) mod m
+mp_mulmod(a, b, m, c)   - compute c = (a * b) mod m
+mp_sqrmod(a, m, c)      - compute c = (a * a) mod m
+mp_exptmod(a, b, m, c)  - compute c = (a ** b) mod m
+mp_exptmod_d(a, d, m, c)- compute c = (a ** d) mod m
+
+The mp_sqr() function squares its input argument.  A call to mp_sqr(a,
+c) is identical in meaning to mp_mul(a, a, c); however, if the
+MP_SQUARE variable is set true in mpi-config.h (see below), then it
+will be implemented with a different algorithm, that is supposed to
+take advantage of the redundant computation that takes place during
+squaring.  Unfortunately, some compilers result in worse performance
+on this code, so you can change the behaviour at will.  There is a
+utility program "mulsqr.c" that lets you test which does better on
+your system.
+
+The mp_sqrmod() function is analogous to the mp_sqr() function; it
+uses the mp_sqr() function rather than mp_mul(), and then performs the
+modular reduction.  This probably won't help much unless you are doing
+a lot of them.
+
+See the file 'square.txt' for a synopsis of the algorithm used.
+
+Note:   The mp_mod_d() function computes a modular reduction around
+----    a single digit d.  The result is a single digit c.
+
+Because an inverse is defined for a (mod m) if and only if (a, m) = 1
+(that is, if a and m are relatively prime), mp_invmod() may not be
+able to compute an inverse for the arguments.  In this case, it
+returns the value MP_UNDEF, and does not modify c.  If an inverse is
+defined, however, it returns MP_OKAY, and sets c to the value of the
+inverse (mod m).
+
+See the file 'redux.txt' for a description of the modular reduction
+algorithm used by mp_exptmod().
+
+
+Greatest Common Divisor
+-----------------------
+
+If The greates common divisor of two values can be found using one of the
+following functions:
+
+mp_gcd(a, b, c)         - compute c = (a, b) using binary algorithm
+mp_lcm(a, b, c)         - compute c = [a, b] = ab / (a, b)
+mp_xgcd(a, b, g, x, y)  - compute g, x, y so that ax + by = g = (a, b)
+
+Also provided is a function to compute modular inverses, if they
+exist:
+
+mp_invmod(a, m, c)      - compute c = a^-1 (mod m), if it exists
+
+The function mp_xgcd() computes the greatest common divisor, and also
+returns values of x and y satisfying Bezout's identity.  This is used
+by mp_invmod() to find modular inverses.  However, if you do not need
+these values, you will find that mp_gcd() is MUCH more efficient,
+since it doesn't need all the intermediate values that mp_xgcd()
+requires in order to compute x and y. 
+
+The mp_gcd() (and mp_xgcd()) functions use the binary (extended) GCD
+algorithm due to Josef Stein.
+
+
+Input & Output Functions
+------------------------
+
+The following basic I/O routines are provided.  These are present at
+all times:
+
+mp_read_radix(mp, str, r)  - convert a string in radix r to an mp_int
+mp_read_raw(mp, s, len)    - convert a string of bytes to an mp_int
+mp_radix_size(mp, r)       - return length of buffer needed by mp_toradix()
+mp_raw_size(mp)            - return length of buffer needed by mp_toraw()
+mp_toradix(mp, str, r)     - convert an mp_int to a string of radix r 
+                             digits
+mp_toraw(mp, str)          - convert an mp_int to a string of bytes
+mp_tovalue(ch, r)          - convert ch to its value when taken as
+                             a radix r digit, or -1 if invalid
+mp_strerror(err)           - get a string describing mp_err value 'err'
+
+If you compile the MPI library with MP_IOFUNC defined, you will also
+have access to the following additional I/O function:
+
+mp_print(mp, ofp)       - print an mp_int as text to output stream ofp
+
+Note that mp_radix_size() returns a size in bytes guaranteed to be AT
+LEAST big enough for the digits output by mp_toradix().  Because it
+uses an approximation technique to figure out how many digits will be
+needed, it may return a figure which is larger than necessary.  Thus,
+the caller should not rely on the value to determine how many bytes
+will actually be written by mp_toradix().  The string mp_toradix()
+creates will be NUL terminated, so the standard C library function
+strlen() should be able to ascertain this for you, if you need it.
+
+The mp_read_radix() and mp_toradix() functions support bases from 2 to
+64 inclusive.  If you require more general radix conversion facilities
+than this, you will need to write them yourself (that's why mp_div_d()
+is provided, after all).
+
+Note:   mp_read_radix() will accept as digits either capital or 
+----    lower-case letters.  However, the current implementation of
+        mp_toradix() only outputs upper-case letters, when writing
+        bases betwee 10 and 36.  The underlying code supports using
+        lower-case letters, but the interface stub does not have a
+        selector for it.  You can add one yourself if you think it
+        is worthwhile -- I do not.  Bases from 36 to 64 use lower-
+        case letters as distinct from upper-case.  Bases 63 and
+        64 use the characters '+' and '/' as digits.
+
+        Note also that compiling with MP_IOFUNC defined will cause
+        inclusion of <stdio.h>, so if you are trying to write code
+        which does not depend on the standard C library, you will
+        probably want to avoid this option.  This is needed because
+        the mp_print() function takes a standard library FILE * as
+        one of its parameters, and uses the fprintf() function.
+
+The mp_toraw() function converts the integer to a sequence of bytes,
+in big-endian ordering (most-significant byte first).  Assuming your
+bytes are 8 bits wide, this corresponds to base 256.  The sign is
+encoded as a single leading byte, whose value is 0 for zero or
+positive values, or 1 for negative values.  The mp_read_raw() function
+reverses this process -- it takes a buffer of bytes, interprets the
+first as a sign indicator (0 = zero/positive, nonzero = negative), and
+the rest as a sequence of 1-byte digits in big-endian ordering.
+
+The mp_raw_size() function returns the exact number of bytes required
+to store the given integer in "raw" format (as described in the
+previous paragraph).  Zero is returned in case of error; a valid
+integer will require at least three bytes of storage.
+
+In previous versions of the MPI library, an "external representation
+format" was supported.  This was removed, however, because I found I
+was never using it, it was not as portable as I would have liked, and
+I decided it was a waste of space.
+
+
+Other Functions
+---------------
+
+The files 'mpprime.h' and 'mpprime.c' define some routines which are
+useful for divisibility testing and probabilistic primality testing.
+The routines defined are:
+
+mpp_divis(a, b)          - is a divisible by b?
+mpp_divis_d(a, d)        - is a divisible by digit d?
+mpp_random(a)            - set a to random value at current precision
+mpp_random_size(a, prec) - set a to random value at given precision
+
+Note:  The mpp_random() and mpp_random_size() functions use the C
+----   library's rand() function to generate random values.  It is
+       up to the caller to seed this generator before it is called.
+       These functions are not suitable for generating quantities
+       requiring cryptographic-quality randomness; they are intended
+       primarily for use in primality testing.
+
+       Note too that the MPI library does not call srand(), so your
+       application should do this, if you ever want the sequence
+       to change.
+
+mpp_divis_vector(a, v, s, w)  - is a divisible by any of the s digits
+                                in v?  If so, let w be the index of 
+                                that digit
+
+mpp_divis_primes(a, np)       - is a divisible by any of the first np
+                                primes?  If so, set np to the prime 
+                                which divided a.
+
+mpp_fermat(a, d)              - test if w^a = w (mod a).  If so, 
+                                returns MP_YES, otherwise MP_NO.
+
+mpp_pprime(a, nt)             - perform nt iterations of the Rabin-
+                                Miller probabilistic primality test
+                                on a.  Returns MP_YES if all tests
+                                passed, or MP_NO if any test fails.
+
+The mpp_fermat() function works based on Fermat's little theorem, a
+consequence of which is that if p is a prime, and (w, p) = 1, then:
+
+        w^p = w (mod p)
+
+Put another way, if w^p != w (mod p), then p is not prime.  The test
+is expensive to compute, but it helps to quickly eliminate an enormous
+class of composite numbers prior to Rabin-Miller testing.
+
+Building the Library
+--------------------
+
+The MPI library is designed to be as self-contained as possible.  You
+should be able to compile it with your favourite ANSI C compiler, and
+link it into your program directly.  If you are on a Unix system using
+the GNU C compiler (gcc), the following should work:
+
+% gcc -ansi -pedantic -Wall -O2 -c mpi.c
+
+The file 'mpi-config.h' defines several configurable parameters for
+the library, which you can adjust to suit your application.  At the
+time of this writing, the available options are:
+
+MP_IOFUNC       - Define true to include the mp_print() function, 
+                  which is moderately useful for debugging.  This
+                  implicitly includes <stdio.h>.
+
+MP_MODARITH     - Define true to include the modular arithmetic
+                  functions.  If you don't need modular arithmetic
+                  in your application, you can set this to zero to
+                  leave out all the modular routines.
+
+MP_LOGTAB       - If true, the file "logtab.h" is included, which
+                  is basically a static table of base 2 logarithms.
+                  These are used to compute how big the buffers for
+                  radix conversion need to be.  If you set this false,
+                  the library includes <math.h> and uses log().  This
+                  typically forces you to link against math libraries.
+
+MP_MEMSET       - If true, use memset() to zero buffers.  If you run
+                  into weird alignment related bugs, set this to zero
+                  and an explicit loop will be used.
+
+MP_MEMCPY       - If true, use memcpy() to copy buffers.  If you run
+                  into weird alignment bugs, set this to zero and an
+                  explicit loop will be used.
+
+MP_ARGCHK       - Set to 0, 1, or 2.  This defines how the argument
+                  checking macro, ARGCHK(), gets expanded.  If this 
+                  is set to zero, ARGCHK() expands to nothing; no 
+                  argument checks are performed.  If this is 1, the
+                  ARGCHK() macro expands to code that returns MP_BADARG
+                  or similar at runtime.  If it is 2, ARGCHK() expands 
+                  to an assert() call that aborts the program on a 
+                  bad input.
+
+MP_DEBUG        - Turns on debugging output.  This is probably not at
+                  all useful unless you are debugging the library.  It
+                  tends to spit out a LOT of output.
+
+MP_DEFPREC      - The default precision of a newly-created mp_int, in
+                  digits.  The precision can be changed at runtime by
+                  the mp_set_prec() function, but this is its initial
+                  value.
+
+MP_SQUARE       - If this is set to a nonzero value, the mp_sqr() 
+                  function will use an alternate algorithm that takes
+                  advantage of the redundant inner product computation
+                  when both multiplicands are identical.  Unfortunately,
+                  with some compilers this is actually SLOWER than just
+                  calling mp_mul() with the same argument twice.  So
+                  if you set MP_SQUARE to zero, mp_sqr() will be expan-
+                  ded into a call to mp_mul().  This applies to all 
+                  the uses of mp_sqr(), including mp_sqrmod() and the
+                  internal calls to s_mp_sqr() inside mpi.c
+
+                  The program 'mulsqr' (mulsqr.c) can be used to test
+                  which works best for your configuration.  Set up the
+                  CC and CFLAGS variables in the Makefile, then type:
+
+                        make mulsqr
+
+                  Invoke it with arguments similar to the following:
+
+                        mulsqr 25000 1024
+
+                  That is, 25000 products computed on 1024-bit values.
+                  The output will compare the two timings, and recommend
+                  a setting for MP_SQUARE.  It is off by default.
+
+If you would like to use the mp_print() function (see above), be sure
+to define MP_IOFUNC in mpi-config.h.  Many of the test drivers in the
+'tests' subdirectory expect this to be defined (although the test
+driver 'mpi-test' doesn't need it)
+
+The Makefile which comes with the library should take care of building
+the library for you, if you have set the CC and CFLAGS variables at
+the top of the file appropriately.  By default, they are set up to
+use the GNU C compiler:
+
+CC=gcc
+CFLAGS=-ansi -pedantic -Wall -O2
+
+If all goes well, the library should compile without warnings using
+this combination.  You should, of course, make whatever adjustments
+you find necessary.  
+
+The MPI library distribution comes with several additional programs
+which are intended to demonstrate the use of the library, and provide
+a framework for testing it.  There are a handful of test driver
+programs, in the files named 'mptest-X.c', where X is a digit.  Also,
+there are some simple command-line utilities (in the 'utils'
+directory) for manipulating large numbers.  These include:
+
+basecvt.c       A radix-conversion program, supporting bases from
+                2 to 64 inclusive.
+
+bbsrand.c       A BBS (quadratic residue) pseudo-random number 
+                generator.  The file 'bbsrand.c' is just the driver
+                for the program; the real code lives in the files
+                'bbs_rand.h' and 'bbs_rand.c'
+
+dec2hex.c       Converts decimal to hexadecimal
+
+gcd.c           Computes the greatest common divisor of two values.
+                If invoked as 'xgcd', also computes constants x and
+                y such that (a, b) = ax + by, in accordance with
+                Bezout's identity.
+
+hex2dec.c       Converts hexadecimal to decimal
+
+invmod.c        Computes modular inverses
+
+isprime.c       Performs the Rabin-Miller probabilistic primality
+                test on a number.  Values which fail this test are
+                definitely composite, and those which pass are very
+                likely to be prime (although there are no guarantees)
+
+lap.c           Computes the order (least annihilating power) of
+                a value v modulo m.  Very dumb algorithm.
+
+primegen.c      Generates large (probable) primes.
+
+prng.c          A pseudo-random number generator based on the
+                BBS generator code in 'bbs_rand.c'
+
+sieve.c         Implements the Sieve of Eratosthenes, using a big
+                bitmap, to generate a list of prime numbers.
+
+fact.c          Computes the factorial of an arbitrary precision
+                integer (iterative).
+
+exptmod.c       Computes arbitrary precision modular exponentiation
+                from the command line (exptmod a b m -> a^b (mod m))
+
+Most of these can be built from the Makefile that comes with the
+library.  Try 'make tools', if your environment supports it.
+
+
+Testing the Library
+-------------------
+
+Automatic test vectors are included, in the form of a program called
+'mpi-test'.  To build this program and run all the tests, simply
+invoke the shell script 'all-tests'.  If all the tests pass, you
+should see a message:
+
+        All tests passed
+
+If something went wrong, you'll get:
+
+        One or more tests failed.
+
+If this happens, scan back through the preceding lines, to see which
+test failed.  Any failure indicates a bug in the library, which needs
+to be fixed before it will give accurate results.  If you get any such
+thing, please let me know, and I'll try to fix it.  Please let me know
+what platform and compiler you were using, as well as which test
+failed.  If a reason for failure was given, please send me that text
+as well.
+
+If you're on a system where the standard Unix build tools don't work,
+you can build the 'mpi-test' program manually, and run it by hand.
+This is tedious and obnoxious, sorry.
+
+Further manual testing can be performed by building the manual testing
+programs, whose source is found in the 'tests' subdirectory.  Each
+test is in a source file called 'mptest-X.c'.  The Makefile contains a
+target to build all of them at once:
+
+        make tests
+
+Read the comments at the top of each source file to see what the
+driver is supposed to test.  You probably don't need to do this; these
+programs were only written to help me as I was developing the library.
+
+The relevant files are:
+
+mpi-test.c              The source for the test driver
+
+make-test-arrays        A Perl script to generate some of the internal
+                        data structures used by mpi-test.c
+
+test-arrays.txt         The source file for make-test-arrays
+
+all-tests               A Bourne shell script which runs all the
+                        tests in the mpi-test suite
+
+Running 'make mpi-test' should build the mpi-test program.  If you
+cannot use make, here is what needs to be done:
+
+(1) Use 'make-test-arrays' to generate the file 'test-info.c' from
+    the 'test-arrays.txt' file.  Since Perl can be found everywhere,
+    this should be no trouble.  Under Unix, this looks like:
+
+        make-test-arrays test-arrays.txt > test-info.c
+
+(2) Build the MPI library:
+
+        gcc -ansi -pedantic -Wall -c mpi.c
+
+(3) Build the mpi-test program:
+
+        gcc -ansi -pedantic -Wall -o mpi-test mpi.o mpi-test.c
+
+When you've got mpi-test, you can use 'all-tests' to run all the tests
+made available by mpi-test.  If any of them fail, there should be a
+diagnostic indicating what went wrong.  These are fairly high-level
+diagnostics, and won't really help you debug the problem; they're
+simply intended to help you isolate which function caused the problem.
+If you encounter a problem of this sort, feel free to e-mail me, and I
+will certainly attempt to help you debug it.
+
+Note:   Several of the tests hard-wired into 'mpi-test' operate under
+----    the assumption that you are using at least a 16-bit mp_digit 
+        type.  If that is not true, several tests might fail, because 
+        of range problems with the maximum digit value.
+
+        If you are using an 8-bit digit, you will also need to 
+        modify the code for mp_read_raw(), which assumes that
+        multiplication by 256 can be done with mp_mul_d(), a
+        fact that fails when DIGIT_MAX is 255.  You can replace
+        the call with s_mp_lshd(), which will give you the same
+        effect, and without doing as much work. :)
+
+Acknowledgements:
+----------------
+
+The algorithms used in this library were drawn primarily from Volume
+2 of Donald Knuth's magnum opus, _The Art of Computer Programming_, 
+"Semi-Numerical Methods".  Barrett's algorithm for modular reduction
+came from Menezes, Oorschot, and Vanstone's _Handbook of Applied
+Cryptography_, Chapter 14.
+
+Thanks are due to Tom St. Denis, for finding an obnoxious sign-related
+bug in mp_read_raw() that made things break on platforms which use
+signed chars.
+
+About the Author
+----------------
+
+This software was written by Michael J. Fromberger.  You can contact
+the author as follows:
+
+E-mail:   <sting@linguist.dartmouth.edu>
+
+Postal:   8000 Cummings Hall, Thayer School of Engineering
+          Dartmouth College, Hanover, New Hampshire, USA
+
+PGP key:  http://linguist.dartmouth.edu/~sting/keys/mjf.html
+          9736 188B 5AFA 23D6 D6AA  BE0D 5856 4525 289D 9907
+
+Last updated:  16-Jan-2000
diff --git a/nss/lib/freebl/mpi/all-tests b/nss/lib/freebl/mpi/all-tests
new file mode 100755
index 0000000..3429a15
--- /dev/null
+++ b/nss/lib/freebl/mpi/all-tests
@@ -0,0 +1,83 @@
+#!/bin/sh
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ECHO=/bin/echo
+MAKE=gmake
+
+$ECHO "\n** Running unit tests for MPI library\n"
+
+# Build the mpi-test program, which comprises all the unit tests for
+# the MPI library...
+
+$ECHO "Bringing mpi-test up to date ... "
+if $MAKE mpi-test ; then
+  :
+else
+  $ECHO " "
+  $ECHO "Make failed to build mpi-test."
+  $ECHO " "
+  exit 1
+fi
+
+if [ ! -x mpi-test ] ; then
+  $ECHO " "
+  $ECHO "Cannot find 'mpi-test' program, testing cannot continue."
+  $ECHO " "
+  exit 1
+fi
+
+# Get the list of available test suites...
+tests=`./mpi-test list | awk '{print $1}'`
+errs=0
+
+# Run each test suite and check the result code of mpi-test
+for test in $tests ; do
+  $ECHO "$test ... \c"
+  if ./mpi-test $test ; then
+    $ECHO "passed"
+  else
+    $ECHO "FAILED"
+    errs=1
+  fi
+done
+
+# If any tests failed, we'll stop at this point
+if [ "$errs" = "0" ] ; then
+  $ECHO "All unit tests passed"
+else
+  $ECHO "One or more tests failed"
+  exit 1
+fi
+
+# Now try to build the 'pi' program, and see if it can compute the
+# first thousand digits of pi correctly
+$ECHO "\n** Running other tests\n"
+
+$ECHO "Bringing 'pi' up to date ... "
+if $MAKE pi ; then
+    :
+else
+    $ECHO "\nMake failed to build pi.\n"
+    exit 1
+fi
+
+if [ ! -x pi ] ; then
+    $ECHO "\nCannot find 'pi' program; testing cannot continue.\n"
+    exit 1
+fi
+
+./pi 2000 > /tmp/pi.tmp.$$
+if cmp tests/pi2k.txt /tmp/pi.tmp.$$ ; then
+    $ECHO "Okay!  The pi test passes."
+else
+    $ECHO "Oops!  The pi test failed. :("
+    exit 1
+fi
+
+rm -f /tmp/pi.tmp.$$
+
+exit 0
+
+# Here there be dragons
diff --git a/nss/lib/freebl/mpi/doc/LICENSE b/nss/lib/freebl/mpi/doc/LICENSE
new file mode 100644
index 0000000..35cca68
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/LICENSE
@@ -0,0 +1,11 @@
+Within this directory, each of the file listed below is licensed under 
+the terms given in the file LICENSE-MPL, also in this directory.
+
+basecvt.pod
+gcd.pod
+invmod.pod
+isprime.pod
+lap.pod
+mpi-test.pod
+prime.txt
+prng.pod
diff --git a/nss/lib/freebl/mpi/doc/LICENSE-MPL b/nss/lib/freebl/mpi/doc/LICENSE-MPL
new file mode 100644
index 0000000..41dc232
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/LICENSE-MPL
@@ -0,0 +1,3 @@
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/basecvt.pod b/nss/lib/freebl/mpi/doc/basecvt.pod
new file mode 100644
index 0000000..c3d87fb
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/basecvt.pod
@@ -0,0 +1,65 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+=head1 NAME
+
+ basecvt - radix conversion for arbitrary precision integers
+
+=head1 SYNOPSIS
+
+ basecvt <ibase> <obase> [values]
+
+=head1 DESCRIPTION
+
+The B<basecvt> program is a command-line tool for converting integers
+of arbitrary precision from one radix to another.  The current version
+supports radix values from 2 (binary) to 64, inclusive.  The first two
+command line arguments specify the input and output radix, in base 10.
+Any further arguments are taken to be integers notated in the input
+radix, and these are converted to the output radix.  The output is
+written, one integer per line, to standard output.
+
+When reading integers, only digits considered "valid" for the input
+radix are considered.  Processing of an integer terminates when an
+invalid input digit is encountered.  So, for example, if you set the
+input radix to 10 and enter '10ACF', B<basecvt> would assume that you
+had entered '10' and ignore the rest of the string.
+
+If no values are provided, no output is written, but the program
+simply terminates with a zero exit status.  Error diagnostics are
+written to standard error in the event of out-of-range radix
+specifications.  Regardless of the actual values of the input and
+output radix, the radix arguments are taken to be in base 10 (decimal)
+notation.
+
+=head1 DIGITS
+
+For radices from 2-10, standard ASCII decimal digits 0-9 are used for
+both input and output.  For radices from 11-36, the ASCII letters A-Z
+are also included, following the convention used in hexadecimal.  In
+this range, input is accepted in either upper or lower case, although
+on output only lower-case letters are used.
+
+For radices from 37-62, the output includes both upper- and lower-case
+ASCII letters, and case matters.  In this range, case is distinguished
+both for input and for output values.
+
+For radices 63 and 64, the characters '+' (plus) and '/' (forward
+solidus) are also used.  These are derived from the MIME base64
+encoding scheme.  The overall encoding is not the same as base64,
+because the ASCII digits are used for the bottom of the range, and the
+letters are shifted upward; however, the output will consist of the
+same character set.
+
+This input and output behaviour is inherited from the MPI library used
+by B<basecvt>, and so is not configurable at runtime.
+
+=head1 SEE ALSO
+
+ dec2hex(1), hex2dec(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
diff --git a/nss/lib/freebl/mpi/doc/build b/nss/lib/freebl/mpi/doc/build
new file mode 100755
index 0000000..4d75b1e
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/build
@@ -0,0 +1,30 @@
+#!/bin/sh
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+VERS="1.7p6"
+SECT="1"
+NAME="MPI Tools"
+
+echo "Building manual pages ..."
+case $# in
+  0)
+    files=`ls *.pod`
+    ;;
+  *)
+    files=$*
+    ;;
+esac
+
+for name in $files
+do
+   echo -n "$name ... "
+#  sname=`noext $name`
+   sname=`basename $name .pod`
+   pod2man --section="$SECT" --center="$NAME" --release="$VERS" $name > $sname.$SECT
+   echo "(done)"
+done
+
+echo "Finished building."
+
diff --git a/nss/lib/freebl/mpi/doc/div.txt b/nss/lib/freebl/mpi/doc/div.txt
new file mode 100644
index 0000000..c13fb6e
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/div.txt
@@ -0,0 +1,64 @@
+Division
+
+This describes the division algorithm used by the MPI library.
+
+Input:    a, b; a > b
+Compute:  Q, R; a = Qb + R
+
+The input numbers are normalized so that the high-order digit of b is
+at least half the radix.  This guarantees that we have a reasonable
+way to guess at the digits of the quotient (this method was taken from
+Knuth, vol. 2, with adaptations).
+
+To normalize, test the high-order digit of b.  If it is less than half
+the radix, multiply both a and b by d, where:
+
+             radix - 1
+	d = -----------
+              bmax + 1
+
+...where bmax is the high-order digit of b.  Otherwise, set d = 1.
+
+Given normalize values for a and b, let the notation a[n] denote the
+nth digit of a.  Let #a be the number of significant figures of a (not
+including any leading zeroes).
+
+	Let R = 0
+	Let p = #a - 1
+
+	while(p >= 0)
+	  do
+	    R = (R * radix) + a[p]
+	    p = p - 1
+	  while(R < b and p >= 0)
+
+	  if(R < b)
+	    break
+
+	  q = (R[#R - 1] * radix) + R[#R - 2]
+	  q = q / b[#b - 1]
+
+	  T = b * q
+
+	  while(T > L)
+	    q = q - 1
+	    T = T - b
+	  endwhile
+
+	  L = L - T
+
+	  Q = (Q * radix) + q
+
+	endwhile
+
+At this point, Q is the quotient, and R is the normalized remainder.
+To denormalize R, compute:
+
+	R = (R / d)
+
+At this point, you are finished.
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/expt.txt b/nss/lib/freebl/mpi/doc/expt.txt
new file mode 100644
index 0000000..bd9d6f1
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/expt.txt
@@ -0,0 +1,94 @@
+Exponentiation
+
+For exponentiation, the MPI library uses a simple and fairly standard
+square-and-multiply method.  The algorithm is this:
+
+Input:	a, b
+Output: a ** b
+
+	s = 1
+
+	while(b != 0)
+	  if(b is odd)
+	    s = s * a
+	  endif
+
+	  b = b / 2
+
+	  x = x * x
+	endwhile
+
+	return s
+
+The modular exponentiation is done the same way, except replacing:
+
+	s = s * a
+
+with
+	s = (s * a) mod m
+
+and replacing
+
+	x = x * x
+
+with
+
+	x = (x * x) mod m
+
+Here is a sample exponentiation using the MPI library, as compared to
+the same problem solved by the Unix 'bc' program on my system:
+
+Computation of 2,381,283 ** 235
+
+'bc' says:
+
+4385CA4A804D199FBEAD95FAD0796FAD0D0B51FC9C16743C45568C789666985DB719\
+4D90E393522F74C9601262C0514145A49F3B53D00983F95FDFCEA3D0043ECEF6227E\
+6FB59C924C3EE74447B359B5BF12A555D46CB819809EF423F004B55C587D6F0E8A55\
+4988036A42ACEF9F71459F97CEF6E574BD7373657111648626B1FF8EE15F663B2C0E\
+6BBE5082D4CDE8E14F263635AE8F35DB2C280819517BE388B5573B84C5A19C871685\
+FD408A6471F9D6AFAF5129A7548EAE926B40874B340285F44765BF5468CE20A13267\
+CD88CE6BC786ACED36EC7EA50F67FF27622575319068A332C3C0CB23E26FB55E26F4\
+5F732753A52B8E2FB4D4F42D894242613CA912A25486C3DEC9C66E5DB6182F6C1761\
+CF8CD0D255BE64B93836B27D452AE38F950EB98B517D4CF50D48F0165EF0CCCE1F5C\
+49BF18219FDBA0EEDD1A7E8B187B70C2BAED5EC5C6821EF27FAFB1CFF70111C52235\
+5E948B93A015AA1AE152B110BB5658CB14D3E45A48BFE7F082C1182672A455A695CD\
+A1855E8781E625F25B41B516E77F589FA420C3B058861EA138CF7A2C58DB3C7504FD\
+D29554D78237834CC5AE710D403CC4F6973D5012B7E117A8976B14A0B5AFA889BD47\
+92C461F0F96116F00A97AE9E83DC5203680CAF9A18A062566C145650AB86BE4F907F\
+A9F7AB4A700B29E1E5BACCD6DCBFA513E10832815F710807EED2E279081FEC61D619\
+AB270BEB3D3A1787B35A9DD41A8766CF21F3B5C693B3BAB1C2FA14A4ED202BC35743\
+E5CBE2391624D4F8C9BFBBC78D69764E7C6C5B11BF005677BFAD17D9278FFC1F158F\
+1B3683FF7960FA0608103792C4163DC0AF3E06287BB8624F8FE3A0FFBDF82ACECA2F\
+CFFF2E1AC93F3CA264A1B
+
+MPI says:
+
+4385CA4A804D199FBEAD95FAD0796FAD0D0B51FC9C16743C45568C789666985DB719\
+4D90E393522F74C9601262C0514145A49F3B53D00983F95FDFCEA3D0043ECEF6227E\
+6FB59C924C3EE74447B359B5BF12A555D46CB819809EF423F004B55C587D6F0E8A55\
+4988036A42ACEF9F71459F97CEF6E574BD7373657111648626B1FF8EE15F663B2C0E\
+6BBE5082D4CDE8E14F263635AE8F35DB2C280819517BE388B5573B84C5A19C871685\
+FD408A6471F9D6AFAF5129A7548EAE926B40874B340285F44765BF5468CE20A13267\
+CD88CE6BC786ACED36EC7EA50F67FF27622575319068A332C3C0CB23E26FB55E26F4\
+5F732753A52B8E2FB4D4F42D894242613CA912A25486C3DEC9C66E5DB6182F6C1761\
+CF8CD0D255BE64B93836B27D452AE38F950EB98B517D4CF50D48F0165EF0CCCE1F5C\
+49BF18219FDBA0EEDD1A7E8B187B70C2BAED5EC5C6821EF27FAFB1CFF70111C52235\
+5E948B93A015AA1AE152B110BB5658CB14D3E45A48BFE7F082C1182672A455A695CD\
+A1855E8781E625F25B41B516E77F589FA420C3B058861EA138CF7A2C58DB3C7504FD\
+D29554D78237834CC5AE710D403CC4F6973D5012B7E117A8976B14A0B5AFA889BD47\
+92C461F0F96116F00A97AE9E83DC5203680CAF9A18A062566C145650AB86BE4F907F\
+A9F7AB4A700B29E1E5BACCD6DCBFA513E10832815F710807EED2E279081FEC61D619\
+AB270BEB3D3A1787B35A9DD41A8766CF21F3B5C693B3BAB1C2FA14A4ED202BC35743\
+E5CBE2391624D4F8C9BFBBC78D69764E7C6C5B11BF005677BFAD17D9278FFC1F158F\
+1B3683FF7960FA0608103792C4163DC0AF3E06287BB8624F8FE3A0FFBDF82ACECA2F\
+CFFF2E1AC93F3CA264A1B
+
+Diff says:
+% diff bc.txt mp.txt
+%
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/gcd.pod b/nss/lib/freebl/mpi/doc/gcd.pod
new file mode 100644
index 0000000..b5b8fa3
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/gcd.pod
@@ -0,0 +1,28 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+=head1 NAME
+
+ gcd - compute greatest common divisor of two integers
+
+=head1 SYNOPSIS
+
+ gcd <a> <b>
+
+=head1 DESCRIPTION
+
+The B<gcd> program computes the greatest common divisor of two
+arbitrary-precision integers I<a> and I<b>.  The result is written in
+standard decimal notation to the standard output.
+
+If I<b> is zero, B<gcd> will print an error message and exit.
+
+=head1 SEE ALSO
+
+invmod(1), isprime(1), lap(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
diff --git a/nss/lib/freebl/mpi/doc/invmod.pod b/nss/lib/freebl/mpi/doc/invmod.pod
new file mode 100644
index 0000000..0194f44
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/invmod.pod
@@ -0,0 +1,34 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+=head1 NAME
+
+ invmod - compute modular inverse of an integer
+
+=head1 SYNOPSIS
+
+ invmod <a> <m>
+
+=head1 DESCRIPTION
+
+The B<invmod> program computes the inverse of I<a>, modulo I<m>, if
+that inverse exists.  Both I<a> and I<m> are arbitrary-precision
+integers in decimal notation.  The result is written in standard
+decimal notation to the standard output.
+
+If there is no inverse, the message:
+
+ No inverse
+
+...will be printed to the standard output (an inverse exists if and
+only if the greatest common divisor of I<a> and I<m> is 1).
+
+=head1 SEE ALSO
+
+gcd(1), isprime(1), lap(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
diff --git a/nss/lib/freebl/mpi/doc/isprime.pod b/nss/lib/freebl/mpi/doc/isprime.pod
new file mode 100644
index 0000000..a8ec1f7
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/isprime.pod
@@ -0,0 +1,63 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+=head1 NAME
+
+ isprime - probabilistic primality testing
+
+=head1 SYNOPSIS
+
+ isprime <a>
+
+=head1 DESCRIPTION
+
+The B<isprime> program attempts to determine whether the arbitrary
+precision integer I<a> is prime.  It first tests I<a> for divisibility
+by the first 170 or so small primes, and assuming I<a> is not
+divisible by any of these, applies 15 iterations of the Rabin-Miller
+probabilistic primality test.
+
+If the program discovers that the number is composite, it will print:
+
+ Not prime (reason)
+
+Where I<reason> is either:
+
+	divisible by small prime x
+
+Or:
+
+	failed nth pseudoprime test
+
+In the first case, I<x> indicates the first small prime factor that
+was found.  In the second case, I<n> indicates which of the
+pseudoprime tests failed (numbered from 1)
+
+If this happens, the number is definitely not prime.  However, if the
+number succeeds, this message results:
+
+ Probably prime, 1 in 4^15 chance of false positive
+
+If this happens, the number is prime with very high probability, but
+its primality has not been absolutely proven, only demonstrated to a
+very convincing degree.
+
+The value I<a> can be input in standard decimal notation, or, if it is
+prefixed with I<Ox>, it will be read as hexadecimal.
+
+=head1 ENVIRONMENT
+
+You can control how many iterations of Rabin-Miller are performed on
+the candidate number by setting the I<RM_TESTS> environment variable
+to an integer value before starting up B<isprime>.  This will change
+the output slightly if the number passes all the tests.
+
+=head1 SEE ALSO
+
+gcd(1), invmod(1), lap(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
diff --git a/nss/lib/freebl/mpi/doc/lap.pod b/nss/lib/freebl/mpi/doc/lap.pod
new file mode 100644
index 0000000..47539fb
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/lap.pod
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+=head1 NAME
+
+ lap - compute least annihilating power of a number
+
+=head1 SYNOPSIS
+
+ lap <a> <m>
+
+=head1 DESCRIPTION
+
+The B<lap> program computes the order of I<a> modulo I<m>, for
+arbitrary precision integers I<a> and I<m>.  The B<order> of I<a>
+modulo I<m> is defined as the smallest positive value I<n> for which
+I<a> raised to the I<n>th power, modulo I<m>, is equal to 1.  The
+order may not exist, if I<m> is composite.
+
+=head1 RESTRICTIONS
+
+This program is very slow, especially for large moduli.  It is
+intended as a way to help find primitive elements in a modular field,
+but it does not do so in a particularly inefficient manner.  It was
+written simply to help verify that a particular candidate does not
+have an obviously short cycle mod I<m>.
+
+=head1 SEE ALSO
+
+gcd(1), invmod(1), isprime(1)
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
diff --git a/nss/lib/freebl/mpi/doc/mpi-test.pod b/nss/lib/freebl/mpi/doc/mpi-test.pod
new file mode 100644
index 0000000..b05f866
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/mpi-test.pod
@@ -0,0 +1,51 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+=head1 NAME
+
+ mpi-test - automated test program for MPI library
+
+=head1 SYNOPSIS
+
+ mpi-test <suite-name> [quiet]
+ mpi-test list
+ mpi-test help
+
+=head1 DESCRIPTION
+
+The B<mpi-test> program is a general unit test driver for the MPI
+library.  It is used to verify that the library works as it is
+supposed to on your architecture.  As with most such things, passing
+all the tests in B<mpi-test> does not guarantee the code is correct,
+but if any of them fail, there are certainly problems.
+
+Each major function of the library can be tested individually.  For a
+list of the test suites understood by B<mpi-test>, run it with the
+I<list> command line option:
+
+ mpi-test list
+
+This will display a list of the available test suites and a brief
+synopsis of what each one does.  For a brief overview of this
+document, run B<mpi-test> I<help>.
+
+B<mpi-test> exits with a zero status if the selected test succeeds, or
+a nonzero status if it fails.  If a I<suite-name> which is not
+understood by B<mpi-test> is given, a diagnostic is printed to the
+standard error, and the program exits with a result code of 2.  If a
+test fails, the result code will be 1, and a diagnostic is ordinarily
+printed to the standard error.  However, if the I<quiet> option is
+provided, these diagnostics will be suppressed.
+
+=head1 RESTRICTIONS
+
+Only a few canned test cases are provided.  The solutions have been
+verified using the GNU bc(1) program, so bugs there may cause problems
+here; however, this is very unlikely, so if a test fails, it is almost
+certainly my fault, not bc(1)'s.
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Thayer School of Engineering, Hanover, New Hampshire, USA
diff --git a/nss/lib/freebl/mpi/doc/mul.txt b/nss/lib/freebl/mpi/doc/mul.txt
new file mode 100644
index 0000000..975f56d
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/mul.txt
@@ -0,0 +1,77 @@
+Multiplication
+
+This describes the multiplication algorithm used by the MPI library.
+
+This is basically a standard "schoolbook" algorithm.  It is slow --
+O(mn) for m = #a, n = #b -- but easy to implement and verify.
+Basically, we run two nested loops, as illustrated here (R is the
+radix):
+
+k = 0
+for j <- 0 to (#b - 1)
+  for i <- 0 to (#a - 1)
+    w = (a[j] * b[i]) + k + c[i+j]
+    c[i+j] = w mod R
+    k = w div R
+  endfor
+  c[i+j] = k;
+  k = 0;
+endfor
+
+It is necessary that 'w' have room for at least two radix R digits.
+The product of any two digits in radix R is at most:
+
+	(R - 1)(R - 1) = R^2 - 2R + 1
+
+Since a two-digit radix-R number can hold R^2 - 1 distinct values,
+this insures that the product will fit into the two-digit register.
+
+To insure that two digits is enough for w, we must also show that
+there is room for the carry-in from the previous multiplication, and
+the current value of the product digit that is being recomputed.
+Assuming each of these may be as big as R - 1 (and no larger,
+certainly), two digits will be enough if and only if:
+
+	(R^2 - 2R + 1) + 2(R - 1) <= R^2 - 1
+
+Solving this equation shows that, indeed, this is the case:
+
+	R^2 - 2R + 1 + 2R - 2 <= R^2 - 1
+
+	R^2 - 1 <= R^2 - 1
+
+This suggests that a good radix would be one more than the largest
+value that can be held in half a machine word -- so, for example, as
+in this implementation, where we used a radix of 65536 on a machine
+with 4-byte words.  Another advantage of a radix of this sort is that
+binary-level operations are easy on numbers in this representation.
+
+Here's an example multiplication worked out longhand in radix-10,
+using the above algorithm:
+
+   a =     999
+   b =   x 999
+  -------------
+   p =   98001
+
+w = (a[jx] * b[ix]) + kin + c[ix + jx]
+c[ix+jx] = w % RADIX
+k = w / RADIX
+                                                               product
+ix	jx	a[jx]	b[ix]	kin	w	c[i+j]	kout	000000
+0	0	9	9	0	81+0+0	1	8	000001
+0	1	9	9	8	81+8+0	9	8	000091
+0	2	9	9	8	81+8+0	9	8	000991
+				8			0	008991
+1	0	9	9	0	81+0+9	0	9	008901
+1	1	9	9	9	81+9+9	9	9	008901
+1	2	9	9	9	81+9+8	8	9	008901
+				9			0	098901
+2	0	9	9	0	81+0+9	0	9	098001
+2	1	9	9	9	81+9+8	8	9	098001
+2	2	9	9	9	81+9+9	9	9	098001
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/pi.txt b/nss/lib/freebl/mpi/doc/pi.txt
new file mode 100644
index 0000000..a6ef911
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/pi.txt
@@ -0,0 +1,53 @@
+This file describes how pi is computed by the program in 'pi.c' (see
+the utils subdirectory).
+
+Basically, we use Machin's formula, which is what everyone in the
+world uses as a simple method for computing approximations to pi.
+This works for up to a few thousand digits without too much effort.
+Beyond that, though, it gets too slow.
+
+Machin's formula states:
+
+	 pi := 16 * arctan(1/5) - 4 * arctan(1/239)
+
+We compute this in integer arithmetic by first multiplying everything
+through by 10^d, where 'd' is the number of digits of pi we wanted to
+compute.  It turns out, the last few digits will be wrong, but the
+number that are wrong is usually very small (ordinarly only 2-3).
+Having done this, we compute the arctan() function using the formula:
+
+                       1      1       1       1       1     
+       arctan(1/x) := --- - ----- + ----- - ----- + ----- - ...
+                       x    3 x^3   5 x^5   7 x^7   9 x^9
+
+This is done iteratively by computing the first term manually, and
+then iteratively dividing x^2 and k, where k = 3, 5, 7, ... out of the
+current figure.  This is then added to (or subtracted from) a running
+sum, as appropriate.  The iteration continues until we overflow our
+available precision and the current figure goes to zero under integer
+division.  At that point, we're finished.
+
+Actually, we get a couple extra bits of precision out of the fact that
+we know we're computing y * arctan(1/x), by setting up the multiplier
+as:
+
+      y * 10^d
+
+... instead of just 10^d.  There is also a bit of cleverness in how
+the loop is constructed, to avoid special-casing the first term.
+Check out the code for arctan() in 'pi.c', if you are interested in
+seeing how it is set up.
+
+Thanks to Jason P. for this algorithm, which I assembled from notes
+and programs found on his cool "Pile of Pi Programs" page, at:
+
+      http://www.isr.umd.edu/~jasonp/pipage.html
+
+Thanks also to Henrik Johansson <Henrik.Johansson@Nexus.Comm.SE>, from
+whose pi program I borrowed the clever idea of pre-multiplying by x in
+order to avoid a special case on the loop iteration.
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/prime.txt b/nss/lib/freebl/mpi/doc/prime.txt
new file mode 100644
index 0000000..694797d
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/prime.txt
@@ -0,0 +1,6542 @@
+2
+3
+5
+7
+11
+13
+17
+19
+23
+29
+31
+37
+41
+43
+47
+53
+59
+61
+67
+71
+73
+79
+83
+89
+97
+101
+103
+107
+109
+113
+127
+131
+137
+139
+149
+151
+157
+163
+167
+173
+179
+181
+191
+193
+197
+199
+211
+223
+227
+229
+233
+239
+241
+251
+257
+263
+269
+271
+277
+281
+283
+293
+307
+311
+313
+317
+331
+337
+347
+349
+353
+359
+367
+373
+379
+383
+389
+397
+401
+409
+419
+421
+431
+433
+439
+443
+449
+457
+461
+463
+467
+479
+487
+491
+499
+503
+509
+521
+523
+541
+547
+557
+563
+569
+571
+577
+587
+593
+599
+601
+607
+613
+617
+619
+631
+641
+643
+647
+653
+659
+661
+673
+677
+683
+691
+701
+709
+719
+727
+733
+739
+743
+751
+757
+761
+769
+773
+787
+797
+809
+811
+821
+823
+827
+829
+839
+853
+857
+859
+863
+877
+881
+883
+887
+907
+911
+919
+929
+937
+941
+947
+953
+967
+971
+977
+983
+991
+997
+1009
+1013
+1019
+1021
+1031
+1033
+1039
+1049
+1051
+1061
+1063
+1069
+1087
+1091
+1093
+1097
+1103
+1109
+1117
+1123
+1129
+1151
+1153
+1163
+1171
+1181
+1187
+1193
+1201
+1213
+1217
+1223
+1229
+1231
+1237
+1249
+1259
+1277
+1279
+1283
+1289
+1291
+1297
+1301
+1303
+1307
+1319
+1321
+1327
+1361
+1367
+1373
+1381
+1399
+1409
+1423
+1427
+1429
+1433
+1439
+1447
+1451
+1453
+1459
+1471
+1481
+1483
+1487
+1489
+1493
+1499
+1511
+1523
+1531
+1543
+1549
+1553
+1559
+1567
+1571
+1579
+1583
+1597
+1601
+1607
+1609
+1613
+1619
+1621
+1627
+1637
+1657
+1663
+1667
+1669
+1693
+1697
+1699
+1709
+1721
+1723
+1733
+1741
+1747
+1753
+1759
+1777
+1783
+1787
+1789
+1801
+1811
+1823
+1831
+1847
+1861
+1867
+1871
+1873
+1877
+1879
+1889
+1901
+1907
+1913
+1931
+1933
+1949
+1951
+1973
+1979
+1987
+1993
+1997
+1999
+2003
+2011
+2017
+2027
+2029
+2039
+2053
+2063
+2069
+2081
+2083
+2087
+2089
+2099
+2111
+2113
+2129
+2131
+2137
+2141
+2143
+2153
+2161
+2179
+2203
+2207
+2213
+2221
+2237
+2239
+2243
+2251
+2267
+2269
+2273
+2281
+2287
+2293
+2297
+2309
+2311
+2333
+2339
+2341
+2347
+2351
+2357
+2371
+2377
+2381
+2383
+2389
+2393
+2399
+2411
+2417
+2423
+2437
+2441
+2447
+2459
+2467
+2473
+2477
+2503
+2521
+2531
+2539
+2543
+2549
+2551
+2557
+2579
+2591
+2593
+2609
+2617
+2621
+2633
+2647
+2657
+2659
+2663
+2671
+2677
+2683
+2687
+2689
+2693
+2699
+2707
+2711
+2713
+2719
+2729
+2731
+2741
+2749
+2753
+2767
+2777
+2789
+2791
+2797
+2801
+2803
+2819
+2833
+2837
+2843
+2851
+2857
+2861
+2879
+2887
+2897
+2903
+2909
+2917
+2927
+2939
+2953
+2957
+2963
+2969
+2971
+2999
+3001
+3011
+3019
+3023
+3037
+3041
+3049
+3061
+3067
+3079
+3083
+3089
+3109
+3119
+3121
+3137
+3163
+3167
+3169
+3181
+3187
+3191
+3203
+3209
+3217
+3221
+3229
+3251
+3253
+3257
+3259
+3271
+3299
+3301
+3307
+3313
+3319
+3323
+3329
+3331
+3343
+3347
+3359
+3361
+3371
+3373
+3389
+3391
+3407
+3413
+3433
+3449
+3457
+3461
+3463
+3467
+3469
+3491
+3499
+3511
+3517
+3527
+3529
+3533
+3539
+3541
+3547
+3557
+3559
+3571
+3581
+3583
+3593
+3607
+3613
+3617
+3623
+3631
+3637
+3643
+3659
+3671
+3673
+3677
+3691
+3697
+3701
+3709
+3719
+3727
+3733
+3739
+3761
+3767
+3769
+3779
+3793
+3797
+3803
+3821
+3823
+3833
+3847
+3851
+3853
+3863
+3877
+3881
+3889
+3907
+3911
+3917
+3919
+3923
+3929
+3931
+3943
+3947
+3967
+3989
+4001
+4003
+4007
+4013
+4019
+4021
+4027
+4049
+4051
+4057
+4073
+4079
+4091
+4093
+4099
+4111
+4127
+4129
+4133
+4139
+4153
+4157
+4159
+4177
+4201
+4211
+4217
+4219
+4229
+4231
+4241
+4243
+4253
+4259
+4261
+4271
+4273
+4283
+4289
+4297
+4327
+4337
+4339
+4349
+4357
+4363
+4373
+4391
+4397
+4409
+4421
+4423
+4441
+4447
+4451
+4457
+4463
+4481
+4483
+4493
+4507
+4513
+4517
+4519
+4523
+4547
+4549
+4561
+4567
+4583
+4591
+4597
+4603
+4621
+4637
+4639
+4643
+4649
+4651
+4657
+4663
+4673
+4679
+4691
+4703
+4721
+4723
+4729
+4733
+4751
+4759
+4783
+4787
+4789
+4793
+4799
+4801
+4813
+4817
+4831
+4861
+4871
+4877
+4889
+4903
+4909
+4919
+4931
+4933
+4937
+4943
+4951
+4957
+4967
+4969
+4973
+4987
+4993
+4999
+5003
+5009
+5011
+5021
+5023
+5039
+5051
+5059
+5077
+5081
+5087
+5099
+5101
+5107
+5113
+5119
+5147
+5153
+5167
+5171
+5179
+5189
+5197
+5209
+5227
+5231
+5233
+5237
+5261
+5273
+5279
+5281
+5297
+5303
+5309
+5323
+5333
+5347
+5351
+5381
+5387
+5393
+5399
+5407
+5413
+5417
+5419
+5431
+5437
+5441
+5443
+5449
+5471
+5477
+5479
+5483
+5501
+5503
+5507
+5519
+5521
+5527
+5531
+5557
+5563
+5569
+5573
+5581
+5591
+5623
+5639
+5641
+5647
+5651
+5653
+5657
+5659
+5669
+5683
+5689
+5693
+5701
+5711
+5717
+5737
+5741
+5743
+5749
+5779
+5783
+5791
+5801
+5807
+5813
+5821
+5827
+5839
+5843
+5849
+5851
+5857
+5861
+5867
+5869
+5879
+5881
+5897
+5903
+5923
+5927
+5939
+5953
+5981
+5987
+6007
+6011
+6029
+6037
+6043
+6047
+6053
+6067
+6073
+6079
+6089
+6091
+6101
+6113
+6121
+6131
+6133
+6143
+6151
+6163
+6173
+6197
+6199
+6203
+6211
+6217
+6221
+6229
+6247
+6257
+6263
+6269
+6271
+6277
+6287
+6299
+6301
+6311
+6317
+6323
+6329
+6337
+6343
+6353
+6359
+6361
+6367
+6373
+6379
+6389
+6397
+6421
+6427
+6449
+6451
+6469
+6473
+6481
+6491
+6521
+6529
+6547
+6551
+6553
+6563
+6569
+6571
+6577
+6581
+6599
+6607
+6619
+6637
+6653
+6659
+6661
+6673
+6679
+6689
+6691
+6701
+6703
+6709
+6719
+6733
+6737
+6761
+6763
+6779
+6781
+6791
+6793
+6803
+6823
+6827
+6829
+6833
+6841
+6857
+6863
+6869
+6871
+6883
+6899
+6907
+6911
+6917
+6947
+6949
+6959
+6961
+6967
+6971
+6977
+6983
+6991
+6997
+7001
+7013
+7019
+7027
+7039
+7043
+7057
+7069
+7079
+7103
+7109
+7121
+7127
+7129
+7151
+7159
+7177
+7187
+7193
+7207
+7211
+7213
+7219
+7229
+7237
+7243
+7247
+7253
+7283
+7297
+7307
+7309
+7321
+7331
+7333
+7349
+7351
+7369
+7393
+7411
+7417
+7433
+7451
+7457
+7459
+7477
+7481
+7487
+7489
+7499
+7507
+7517
+7523
+7529
+7537
+7541
+7547
+7549
+7559
+7561
+7573
+7577
+7583
+7589
+7591
+7603
+7607
+7621
+7639
+7643
+7649
+7669
+7673
+7681
+7687
+7691
+7699
+7703
+7717
+7723
+7727
+7741
+7753
+7757
+7759
+7789
+7793
+7817
+7823
+7829
+7841
+7853
+7867
+7873
+7877
+7879
+7883
+7901
+7907
+7919
+7927
+7933
+7937
+7949
+7951
+7963
+7993
+8009
+8011
+8017
+8039
+8053
+8059
+8069
+8081
+8087
+8089
+8093
+8101
+8111
+8117
+8123
+8147
+8161
+8167
+8171
+8179
+8191
+8209
+8219
+8221
+8231
+8233
+8237
+8243
+8263
+8269
+8273
+8287
+8291
+8293
+8297
+8311
+8317
+8329
+8353
+8363
+8369
+8377
+8387
+8389
+8419
+8423
+8429
+8431
+8443
+8447
+8461
+8467
+8501
+8513
+8521
+8527
+8537
+8539
+8543
+8563
+8573
+8581
+8597
+8599
+8609
+8623
+8627
+8629
+8641
+8647
+8663
+8669
+8677
+8681
+8689
+8693
+8699
+8707
+8713
+8719
+8731
+8737
+8741
+8747
+8753
+8761
+8779
+8783
+8803
+8807
+8819
+8821
+8831
+8837
+8839
+8849
+8861
+8863
+8867
+8887
+8893
+8923
+8929
+8933
+8941
+8951
+8963
+8969
+8971
+8999
+9001
+9007
+9011
+9013
+9029
+9041
+9043
+9049
+9059
+9067
+9091
+9103
+9109
+9127
+9133
+9137
+9151
+9157
+9161
+9173
+9181
+9187
+9199
+9203
+9209
+9221
+9227
+9239
+9241
+9257
+9277
+9281
+9283
+9293
+9311
+9319
+9323
+9337
+9341
+9343
+9349
+9371
+9377
+9391
+9397
+9403
+9413
+9419
+9421
+9431
+9433
+9437
+9439
+9461
+9463
+9467
+9473
+9479
+9491
+9497
+9511
+9521
+9533
+9539
+9547
+9551
+9587
+9601
+9613
+9619
+9623
+9629
+9631
+9643
+9649
+9661
+9677
+9679
+9689
+9697
+9719
+9721
+9733
+9739
+9743
+9749
+9767
+9769
+9781
+9787
+9791
+9803
+9811
+9817
+9829
+9833
+9839
+9851
+9857
+9859
+9871
+9883
+9887
+9901
+9907
+9923
+9929
+9931
+9941
+9949
+9967
+9973
+10007
+10009
+10037
+10039
+10061
+10067
+10069
+10079
+10091
+10093
+10099
+10103
+10111
+10133
+10139
+10141
+10151
+10159
+10163
+10169
+10177
+10181
+10193
+10211
+10223
+10243
+10247
+10253
+10259
+10267
+10271
+10273
+10289
+10301
+10303
+10313
+10321
+10331
+10333
+10337
+10343
+10357
+10369
+10391
+10399
+10427
+10429
+10433
+10453
+10457
+10459
+10463
+10477
+10487
+10499
+10501
+10513
+10529
+10531
+10559
+10567
+10589
+10597
+10601
+10607
+10613
+10627
+10631
+10639
+10651
+10657
+10663
+10667
+10687
+10691
+10709
+10711
+10723
+10729
+10733
+10739
+10753
+10771
+10781
+10789
+10799
+10831
+10837
+10847
+10853
+10859
+10861
+10867
+10883
+10889
+10891
+10903
+10909
+10937
+10939
+10949
+10957
+10973
+10979
+10987
+10993
+11003
+11027
+11047
+11057
+11059
+11069
+11071
+11083
+11087
+11093
+11113
+11117
+11119
+11131
+11149
+11159
+11161
+11171
+11173
+11177
+11197
+11213
+11239
+11243
+11251
+11257
+11261
+11273
+11279
+11287
+11299
+11311
+11317
+11321
+11329
+11351
+11353
+11369
+11383
+11393
+11399
+11411
+11423
+11437
+11443
+11447
+11467
+11471
+11483
+11489
+11491
+11497
+11503
+11519
+11527
+11549
+11551
+11579
+11587
+11593
+11597
+11617
+11621
+11633
+11657
+11677
+11681
+11689
+11699
+11701
+11717
+11719
+11731
+11743
+11777
+11779
+11783
+11789
+11801
+11807
+11813
+11821
+11827
+11831
+11833
+11839
+11863
+11867
+11887
+11897
+11903
+11909
+11923
+11927
+11933
+11939
+11941
+11953
+11959
+11969
+11971
+11981
+11987
+12007
+12011
+12037
+12041
+12043
+12049
+12071
+12073
+12097
+12101
+12107
+12109
+12113
+12119
+12143
+12149
+12157
+12161
+12163
+12197
+12203
+12211
+12227
+12239
+12241
+12251
+12253
+12263
+12269
+12277
+12281
+12289
+12301
+12323
+12329
+12343
+12347
+12373
+12377
+12379
+12391
+12401
+12409
+12413
+12421
+12433
+12437
+12451
+12457
+12473
+12479
+12487
+12491
+12497
+12503
+12511
+12517
+12527
+12539
+12541
+12547
+12553
+12569
+12577
+12583
+12589
+12601
+12611
+12613
+12619
+12637
+12641
+12647
+12653
+12659
+12671
+12689
+12697
+12703
+12713
+12721
+12739
+12743
+12757
+12763
+12781
+12791
+12799
+12809
+12821
+12823
+12829
+12841
+12853
+12889
+12893
+12899
+12907
+12911
+12917
+12919
+12923
+12941
+12953
+12959
+12967
+12973
+12979
+12983
+13001
+13003
+13007
+13009
+13033
+13037
+13043
+13049
+13063
+13093
+13099
+13103
+13109
+13121
+13127
+13147
+13151
+13159
+13163
+13171
+13177
+13183
+13187
+13217
+13219
+13229
+13241
+13249
+13259
+13267
+13291
+13297
+13309
+13313
+13327
+13331
+13337
+13339
+13367
+13381
+13397
+13399
+13411
+13417
+13421
+13441
+13451
+13457
+13463
+13469
+13477
+13487
+13499
+13513
+13523
+13537
+13553
+13567
+13577
+13591
+13597
+13613
+13619
+13627
+13633
+13649
+13669
+13679
+13681
+13687
+13691
+13693
+13697
+13709
+13711
+13721
+13723
+13729
+13751
+13757
+13759
+13763
+13781
+13789
+13799
+13807
+13829
+13831
+13841
+13859
+13873
+13877
+13879
+13883
+13901
+13903
+13907
+13913
+13921
+13931
+13933
+13963
+13967
+13997
+13999
+14009
+14011
+14029
+14033
+14051
+14057
+14071
+14081
+14083
+14087
+14107
+14143
+14149
+14153
+14159
+14173
+14177
+14197
+14207
+14221
+14243
+14249
+14251
+14281
+14293
+14303
+14321
+14323
+14327
+14341
+14347
+14369
+14387
+14389
+14401
+14407
+14411
+14419
+14423
+14431
+14437
+14447
+14449
+14461
+14479
+14489
+14503
+14519
+14533
+14537
+14543
+14549
+14551
+14557
+14561
+14563
+14591
+14593
+14621
+14627
+14629
+14633
+14639
+14653
+14657
+14669
+14683
+14699
+14713
+14717
+14723
+14731
+14737
+14741
+14747
+14753
+14759
+14767
+14771
+14779
+14783
+14797
+14813
+14821
+14827
+14831
+14843
+14851
+14867
+14869
+14879
+14887
+14891
+14897
+14923
+14929
+14939
+14947
+14951
+14957
+14969
+14983
+15013
+15017
+15031
+15053
+15061
+15073
+15077
+15083
+15091
+15101
+15107
+15121
+15131
+15137
+15139
+15149
+15161
+15173
+15187
+15193
+15199
+15217
+15227
+15233
+15241
+15259
+15263
+15269
+15271
+15277
+15287
+15289
+15299
+15307
+15313
+15319
+15329
+15331
+15349
+15359
+15361
+15373
+15377
+15383
+15391
+15401
+15413
+15427
+15439
+15443
+15451
+15461
+15467
+15473
+15493
+15497
+15511
+15527
+15541
+15551
+15559
+15569
+15581
+15583
+15601
+15607
+15619
+15629
+15641
+15643
+15647
+15649
+15661
+15667
+15671
+15679
+15683
+15727
+15731
+15733
+15737
+15739
+15749
+15761
+15767
+15773
+15787
+15791
+15797
+15803
+15809
+15817
+15823
+15859
+15877
+15881
+15887
+15889
+15901
+15907
+15913
+15919
+15923
+15937
+15959
+15971
+15973
+15991
+16001
+16007
+16033
+16057
+16061
+16063
+16067
+16069
+16073
+16087
+16091
+16097
+16103
+16111
+16127
+16139
+16141
+16183
+16187
+16189
+16193
+16217
+16223
+16229
+16231
+16249
+16253
+16267
+16273
+16301
+16319
+16333
+16339
+16349
+16361
+16363
+16369
+16381
+16411
+16417
+16421
+16427
+16433
+16447
+16451
+16453
+16477
+16481
+16487
+16493
+16519
+16529
+16547
+16553
+16561
+16567
+16573
+16603
+16607
+16619
+16631
+16633
+16649
+16651
+16657
+16661
+16673
+16691
+16693
+16699
+16703
+16729
+16741
+16747
+16759
+16763
+16787
+16811
+16823
+16829
+16831
+16843
+16871
+16879
+16883
+16889
+16901
+16903
+16921
+16927
+16931
+16937
+16943
+16963
+16979
+16981
+16987
+16993
+17011
+17021
+17027
+17029
+17033
+17041
+17047
+17053
+17077
+17093
+17099
+17107
+17117
+17123
+17137
+17159
+17167
+17183
+17189
+17191
+17203
+17207
+17209
+17231
+17239
+17257
+17291
+17293
+17299
+17317
+17321
+17327
+17333
+17341
+17351
+17359
+17377
+17383
+17387
+17389
+17393
+17401
+17417
+17419
+17431
+17443
+17449
+17467
+17471
+17477
+17483
+17489
+17491
+17497
+17509
+17519
+17539
+17551
+17569
+17573
+17579
+17581
+17597
+17599
+17609
+17623
+17627
+17657
+17659
+17669
+17681
+17683
+17707
+17713
+17729
+17737
+17747
+17749
+17761
+17783
+17789
+17791
+17807
+17827
+17837
+17839
+17851
+17863
+17881
+17891
+17903
+17909
+17911
+17921
+17923
+17929
+17939
+17957
+17959
+17971
+17977
+17981
+17987
+17989
+18013
+18041
+18043
+18047
+18049
+18059
+18061
+18077
+18089
+18097
+18119
+18121
+18127
+18131
+18133
+18143
+18149
+18169
+18181
+18191
+18199
+18211
+18217
+18223
+18229
+18233
+18251
+18253
+18257
+18269
+18287
+18289
+18301
+18307
+18311
+18313
+18329
+18341
+18353
+18367
+18371
+18379
+18397
+18401
+18413
+18427
+18433
+18439
+18443
+18451
+18457
+18461
+18481
+18493
+18503
+18517
+18521
+18523
+18539
+18541
+18553
+18583
+18587
+18593
+18617
+18637
+18661
+18671
+18679
+18691
+18701
+18713
+18719
+18731
+18743
+18749
+18757
+18773
+18787
+18793
+18797
+18803
+18839
+18859
+18869
+18899
+18911
+18913
+18917
+18919
+18947
+18959
+18973
+18979
+19001
+19009
+19013
+19031
+19037
+19051
+19069
+19073
+19079
+19081
+19087
+19121
+19139
+19141
+19157
+19163
+19181
+19183
+19207
+19211
+19213
+19219
+19231
+19237
+19249
+19259
+19267
+19273
+19289
+19301
+19309
+19319
+19333
+19373
+19379
+19381
+19387
+19391
+19403
+19417
+19421
+19423
+19427
+19429
+19433
+19441
+19447
+19457
+19463
+19469
+19471
+19477
+19483
+19489
+19501
+19507
+19531
+19541
+19543
+19553
+19559
+19571
+19577
+19583
+19597
+19603
+19609
+19661
+19681
+19687
+19697
+19699
+19709
+19717
+19727
+19739
+19751
+19753
+19759
+19763
+19777
+19793
+19801
+19813
+19819
+19841
+19843
+19853
+19861
+19867
+19889
+19891
+19913
+19919
+19927
+19937
+19949
+19961
+19963
+19973
+19979
+19991
+19993
+19997
+20011
+20021
+20023
+20029
+20047
+20051
+20063
+20071
+20089
+20101
+20107
+20113
+20117
+20123
+20129
+20143
+20147
+20149
+20161
+20173
+20177
+20183
+20201
+20219
+20231
+20233
+20249
+20261
+20269
+20287
+20297
+20323
+20327
+20333
+20341
+20347
+20353
+20357
+20359
+20369
+20389
+20393
+20399
+20407
+20411
+20431
+20441
+20443
+20477
+20479
+20483
+20507
+20509
+20521
+20533
+20543
+20549
+20551
+20563
+20593
+20599
+20611
+20627
+20639
+20641
+20663
+20681
+20693
+20707
+20717
+20719
+20731
+20743
+20747
+20749
+20753
+20759
+20771
+20773
+20789
+20807
+20809
+20849
+20857
+20873
+20879
+20887
+20897
+20899
+20903
+20921
+20929
+20939
+20947
+20959
+20963
+20981
+20983
+21001
+21011
+21013
+21017
+21019
+21023
+21031
+21059
+21061
+21067
+21089
+21101
+21107
+21121
+21139
+21143
+21149
+21157
+21163
+21169
+21179
+21187
+21191
+21193
+21211
+21221
+21227
+21247
+21269
+21277
+21283
+21313
+21317
+21319
+21323
+21341
+21347
+21377
+21379
+21383
+21391
+21397
+21401
+21407
+21419
+21433
+21467
+21481
+21487
+21491
+21493
+21499
+21503
+21517
+21521
+21523
+21529
+21557
+21559
+21563
+21569
+21577
+21587
+21589
+21599
+21601
+21611
+21613
+21617
+21647
+21649
+21661
+21673
+21683
+21701
+21713
+21727
+21737
+21739
+21751
+21757
+21767
+21773
+21787
+21799
+21803
+21817
+21821
+21839
+21841
+21851
+21859
+21863
+21871
+21881
+21893
+21911
+21929
+21937
+21943
+21961
+21977
+21991
+21997
+22003
+22013
+22027
+22031
+22037
+22039
+22051
+22063
+22067
+22073
+22079
+22091
+22093
+22109
+22111
+22123
+22129
+22133
+22147
+22153
+22157
+22159
+22171
+22189
+22193
+22229
+22247
+22259
+22271
+22273
+22277
+22279
+22283
+22291
+22303
+22307
+22343
+22349
+22367
+22369
+22381
+22391
+22397
+22409
+22433
+22441
+22447
+22453
+22469
+22481
+22483
+22501
+22511
+22531
+22541
+22543
+22549
+22567
+22571
+22573
+22613
+22619
+22621
+22637
+22639
+22643
+22651
+22669
+22679
+22691
+22697
+22699
+22709
+22717
+22721
+22727
+22739
+22741
+22751
+22769
+22777
+22783
+22787
+22807
+22811
+22817
+22853
+22859
+22861
+22871
+22877
+22901
+22907
+22921
+22937
+22943
+22961
+22963
+22973
+22993
+23003
+23011
+23017
+23021
+23027
+23029
+23039
+23041
+23053
+23057
+23059
+23063
+23071
+23081
+23087
+23099
+23117
+23131
+23143
+23159
+23167
+23173
+23189
+23197
+23201
+23203
+23209
+23227
+23251
+23269
+23279
+23291
+23293
+23297
+23311
+23321
+23327
+23333
+23339
+23357
+23369
+23371
+23399
+23417
+23431
+23447
+23459
+23473
+23497
+23509
+23531
+23537
+23539
+23549
+23557
+23561
+23563
+23567
+23581
+23593
+23599
+23603
+23609
+23623
+23627
+23629
+23633
+23663
+23669
+23671
+23677
+23687
+23689
+23719
+23741
+23743
+23747
+23753
+23761
+23767
+23773
+23789
+23801
+23813
+23819
+23827
+23831
+23833
+23857
+23869
+23873
+23879
+23887
+23893
+23899
+23909
+23911
+23917
+23929
+23957
+23971
+23977
+23981
+23993
+24001
+24007
+24019
+24023
+24029
+24043
+24049
+24061
+24071
+24077
+24083
+24091
+24097
+24103
+24107
+24109
+24113
+24121
+24133
+24137
+24151
+24169
+24179
+24181
+24197
+24203
+24223
+24229
+24239
+24247
+24251
+24281
+24317
+24329
+24337
+24359
+24371
+24373
+24379
+24391
+24407
+24413
+24419
+24421
+24439
+24443
+24469
+24473
+24481
+24499
+24509
+24517
+24527
+24533
+24547
+24551
+24571
+24593
+24611
+24623
+24631
+24659
+24671
+24677
+24683
+24691
+24697
+24709
+24733
+24749
+24763
+24767
+24781
+24793
+24799
+24809
+24821
+24841
+24847
+24851
+24859
+24877
+24889
+24907
+24917
+24919
+24923
+24943
+24953
+24967
+24971
+24977
+24979
+24989
+25013
+25031
+25033
+25037
+25057
+25073
+25087
+25097
+25111
+25117
+25121
+25127
+25147
+25153
+25163
+25169
+25171
+25183
+25189
+25219
+25229
+25237
+25243
+25247
+25253
+25261
+25301
+25303
+25307
+25309
+25321
+25339
+25343
+25349
+25357
+25367
+25373
+25391
+25409
+25411
+25423
+25439
+25447
+25453
+25457
+25463
+25469
+25471
+25523
+25537
+25541
+25561
+25577
+25579
+25583
+25589
+25601
+25603
+25609
+25621
+25633
+25639
+25643
+25657
+25667
+25673
+25679
+25693
+25703
+25717
+25733
+25741
+25747
+25759
+25763
+25771
+25793
+25799
+25801
+25819
+25841
+25847
+25849
+25867
+25873
+25889
+25903
+25913
+25919
+25931
+25933
+25939
+25943
+25951
+25969
+25981
+25997
+25999
+26003
+26017
+26021
+26029
+26041
+26053
+26083
+26099
+26107
+26111
+26113
+26119
+26141
+26153
+26161
+26171
+26177
+26183
+26189
+26203
+26209
+26227
+26237
+26249
+26251
+26261
+26263
+26267
+26293
+26297
+26309
+26317
+26321
+26339
+26347
+26357
+26371
+26387
+26393
+26399
+26407
+26417
+26423
+26431
+26437
+26449
+26459
+26479
+26489
+26497
+26501
+26513
+26539
+26557
+26561
+26573
+26591
+26597
+26627
+26633
+26641
+26647
+26669
+26681
+26683
+26687
+26693
+26699
+26701
+26711
+26713
+26717
+26723
+26729
+26731
+26737
+26759
+26777
+26783
+26801
+26813
+26821
+26833
+26839
+26849
+26861
+26863
+26879
+26881
+26891
+26893
+26903
+26921
+26927
+26947
+26951
+26953
+26959
+26981
+26987
+26993
+27011
+27017
+27031
+27043
+27059
+27061
+27067
+27073
+27077
+27091
+27103
+27107
+27109
+27127
+27143
+27179
+27191
+27197
+27211
+27239
+27241
+27253
+27259
+27271
+27277
+27281
+27283
+27299
+27329
+27337
+27361
+27367
+27397
+27407
+27409
+27427
+27431
+27437
+27449
+27457
+27479
+27481
+27487
+27509
+27527
+27529
+27539
+27541
+27551
+27581
+27583
+27611
+27617
+27631
+27647
+27653
+27673
+27689
+27691
+27697
+27701
+27733
+27737
+27739
+27743
+27749
+27751
+27763
+27767
+27773
+27779
+27791
+27793
+27799
+27803
+27809
+27817
+27823
+27827
+27847
+27851
+27883
+27893
+27901
+27917
+27919
+27941
+27943
+27947
+27953
+27961
+27967
+27983
+27997
+28001
+28019
+28027
+28031
+28051
+28057
+28069
+28081
+28087
+28097
+28099
+28109
+28111
+28123
+28151
+28163
+28181
+28183
+28201
+28211
+28219
+28229
+28277
+28279
+28283
+28289
+28297
+28307
+28309
+28319
+28349
+28351
+28387
+28393
+28403
+28409
+28411
+28429
+28433
+28439
+28447
+28463
+28477
+28493
+28499
+28513
+28517
+28537
+28541
+28547
+28549
+28559
+28571
+28573
+28579
+28591
+28597
+28603
+28607
+28619
+28621
+28627
+28631
+28643
+28649
+28657
+28661
+28663
+28669
+28687
+28697
+28703
+28711
+28723
+28729
+28751
+28753
+28759
+28771
+28789
+28793
+28807
+28813
+28817
+28837
+28843
+28859
+28867
+28871
+28879
+28901
+28909
+28921
+28927
+28933
+28949
+28961
+28979
+29009
+29017
+29021
+29023
+29027
+29033
+29059
+29063
+29077
+29101
+29123
+29129
+29131
+29137
+29147
+29153
+29167
+29173
+29179
+29191
+29201
+29207
+29209
+29221
+29231
+29243
+29251
+29269
+29287
+29297
+29303
+29311
+29327
+29333
+29339
+29347
+29363
+29383
+29387
+29389
+29399
+29401
+29411
+29423
+29429
+29437
+29443
+29453
+29473
+29483
+29501
+29527
+29531
+29537
+29567
+29569
+29573
+29581
+29587
+29599
+29611
+29629
+29633
+29641
+29663
+29669
+29671
+29683
+29717
+29723
+29741
+29753
+29759
+29761
+29789
+29803
+29819
+29833
+29837
+29851
+29863
+29867
+29873
+29879
+29881
+29917
+29921
+29927
+29947
+29959
+29983
+29989
+30011
+30013
+30029
+30047
+30059
+30071
+30089
+30091
+30097
+30103
+30109
+30113
+30119
+30133
+30137
+30139
+30161
+30169
+30181
+30187
+30197
+30203
+30211
+30223
+30241
+30253
+30259
+30269
+30271
+30293
+30307
+30313
+30319
+30323
+30341
+30347
+30367
+30389
+30391
+30403
+30427
+30431
+30449
+30467
+30469
+30491
+30493
+30497
+30509
+30517
+30529
+30539
+30553
+30557
+30559
+30577
+30593
+30631
+30637
+30643
+30649
+30661
+30671
+30677
+30689
+30697
+30703
+30707
+30713
+30727
+30757
+30763
+30773
+30781
+30803
+30809
+30817
+30829
+30839
+30841
+30851
+30853
+30859
+30869
+30871
+30881
+30893
+30911
+30931
+30937
+30941
+30949
+30971
+30977
+30983
+31013
+31019
+31033
+31039
+31051
+31063
+31069
+31079
+31081
+31091
+31121
+31123
+31139
+31147
+31151
+31153
+31159
+31177
+31181
+31183
+31189
+31193
+31219
+31223
+31231
+31237
+31247
+31249
+31253
+31259
+31267
+31271
+31277
+31307
+31319
+31321
+31327
+31333
+31337
+31357
+31379
+31387
+31391
+31393
+31397
+31469
+31477
+31481
+31489
+31511
+31513
+31517
+31531
+31541
+31543
+31547
+31567
+31573
+31583
+31601
+31607
+31627
+31643
+31649
+31657
+31663
+31667
+31687
+31699
+31721
+31723
+31727
+31729
+31741
+31751
+31769
+31771
+31793
+31799
+31817
+31847
+31849
+31859
+31873
+31883
+31891
+31907
+31957
+31963
+31973
+31981
+31991
+32003
+32009
+32027
+32029
+32051
+32057
+32059
+32063
+32069
+32077
+32083
+32089
+32099
+32117
+32119
+32141
+32143
+32159
+32173
+32183
+32189
+32191
+32203
+32213
+32233
+32237
+32251
+32257
+32261
+32297
+32299
+32303
+32309
+32321
+32323
+32327
+32341
+32353
+32359
+32363
+32369
+32371
+32377
+32381
+32401
+32411
+32413
+32423
+32429
+32441
+32443
+32467
+32479
+32491
+32497
+32503
+32507
+32531
+32533
+32537
+32561
+32563
+32569
+32573
+32579
+32587
+32603
+32609
+32611
+32621
+32633
+32647
+32653
+32687
+32693
+32707
+32713
+32717
+32719
+32749
+32771
+32779
+32783
+32789
+32797
+32801
+32803
+32831
+32833
+32839
+32843
+32869
+32887
+32909
+32911
+32917
+32933
+32939
+32941
+32957
+32969
+32971
+32983
+32987
+32993
+32999
+33013
+33023
+33029
+33037
+33049
+33053
+33071
+33073
+33083
+33091
+33107
+33113
+33119
+33149
+33151
+33161
+33179
+33181
+33191
+33199
+33203
+33211
+33223
+33247
+33287
+33289
+33301
+33311
+33317
+33329
+33331
+33343
+33347
+33349
+33353
+33359
+33377
+33391
+33403
+33409
+33413
+33427
+33457
+33461
+33469
+33479
+33487
+33493
+33503
+33521
+33529
+33533
+33547
+33563
+33569
+33577
+33581
+33587
+33589
+33599
+33601
+33613
+33617
+33619
+33623
+33629
+33637
+33641
+33647
+33679
+33703
+33713
+33721
+33739
+33749
+33751
+33757
+33767
+33769
+33773
+33791
+33797
+33809
+33811
+33827
+33829
+33851
+33857
+33863
+33871
+33889
+33893
+33911
+33923
+33931
+33937
+33941
+33961
+33967
+33997
+34019
+34031
+34033
+34039
+34057
+34061
+34123
+34127
+34129
+34141
+34147
+34157
+34159
+34171
+34183
+34211
+34213
+34217
+34231
+34253
+34259
+34261
+34267
+34273
+34283
+34297
+34301
+34303
+34313
+34319
+34327
+34337
+34351
+34361
+34367
+34369
+34381
+34403
+34421
+34429
+34439
+34457
+34469
+34471
+34483
+34487
+34499
+34501
+34511
+34513
+34519
+34537
+34543
+34549
+34583
+34589
+34591
+34603
+34607
+34613
+34631
+34649
+34651
+34667
+34673
+34679
+34687
+34693
+34703
+34721
+34729
+34739
+34747
+34757
+34759
+34763
+34781
+34807
+34819
+34841
+34843
+34847
+34849
+34871
+34877
+34883
+34897
+34913
+34919
+34939
+34949
+34961
+34963
+34981
+35023
+35027
+35051
+35053
+35059
+35069
+35081
+35083
+35089
+35099
+35107
+35111
+35117
+35129
+35141
+35149
+35153
+35159
+35171
+35201
+35221
+35227
+35251
+35257
+35267
+35279
+35281
+35291
+35311
+35317
+35323
+35327
+35339
+35353
+35363
+35381
+35393
+35401
+35407
+35419
+35423
+35437
+35447
+35449
+35461
+35491
+35507
+35509
+35521
+35527
+35531
+35533
+35537
+35543
+35569
+35573
+35591
+35593
+35597
+35603
+35617
+35671
+35677
+35729
+35731
+35747
+35753
+35759
+35771
+35797
+35801
+35803
+35809
+35831
+35837
+35839
+35851
+35863
+35869
+35879
+35897
+35899
+35911
+35923
+35933
+35951
+35963
+35969
+35977
+35983
+35993
+35999
+36007
+36011
+36013
+36017
+36037
+36061
+36067
+36073
+36083
+36097
+36107
+36109
+36131
+36137
+36151
+36161
+36187
+36191
+36209
+36217
+36229
+36241
+36251
+36263
+36269
+36277
+36293
+36299
+36307
+36313
+36319
+36341
+36343
+36353
+36373
+36383
+36389
+36433
+36451
+36457
+36467
+36469
+36473
+36479
+36493
+36497
+36523
+36527
+36529
+36541
+36551
+36559
+36563
+36571
+36583
+36587
+36599
+36607
+36629
+36637
+36643
+36653
+36671
+36677
+36683
+36691
+36697
+36709
+36713
+36721
+36739
+36749
+36761
+36767
+36779
+36781
+36787
+36791
+36793
+36809
+36821
+36833
+36847
+36857
+36871
+36877
+36887
+36899
+36901
+36913
+36919
+36923
+36929
+36931
+36943
+36947
+36973
+36979
+36997
+37003
+37013
+37019
+37021
+37039
+37049
+37057
+37061
+37087
+37097
+37117
+37123
+37139
+37159
+37171
+37181
+37189
+37199
+37201
+37217
+37223
+37243
+37253
+37273
+37277
+37307
+37309
+37313
+37321
+37337
+37339
+37357
+37361
+37363
+37369
+37379
+37397
+37409
+37423
+37441
+37447
+37463
+37483
+37489
+37493
+37501
+37507
+37511
+37517
+37529
+37537
+37547
+37549
+37561
+37567
+37571
+37573
+37579
+37589
+37591
+37607
+37619
+37633
+37643
+37649
+37657
+37663
+37691
+37693
+37699
+37717
+37747
+37781
+37783
+37799
+37811
+37813
+37831
+37847
+37853
+37861
+37871
+37879
+37889
+37897
+37907
+37951
+37957
+37963
+37967
+37987
+37991
+37993
+37997
+38011
+38039
+38047
+38053
+38069
+38083
+38113
+38119
+38149
+38153
+38167
+38177
+38183
+38189
+38197
+38201
+38219
+38231
+38237
+38239
+38261
+38273
+38281
+38287
+38299
+38303
+38317
+38321
+38327
+38329
+38333
+38351
+38371
+38377
+38393
+38431
+38447
+38449
+38453
+38459
+38461
+38501
+38543
+38557
+38561
+38567
+38569
+38593
+38603
+38609
+38611
+38629
+38639
+38651
+38653
+38669
+38671
+38677
+38693
+38699
+38707
+38711
+38713
+38723
+38729
+38737
+38747
+38749
+38767
+38783
+38791
+38803
+38821
+38833
+38839
+38851
+38861
+38867
+38873
+38891
+38903
+38917
+38921
+38923
+38933
+38953
+38959
+38971
+38977
+38993
+39019
+39023
+39041
+39043
+39047
+39079
+39089
+39097
+39103
+39107
+39113
+39119
+39133
+39139
+39157
+39161
+39163
+39181
+39191
+39199
+39209
+39217
+39227
+39229
+39233
+39239
+39241
+39251
+39293
+39301
+39313
+39317
+39323
+39341
+39343
+39359
+39367
+39371
+39373
+39383
+39397
+39409
+39419
+39439
+39443
+39451
+39461
+39499
+39503
+39509
+39511
+39521
+39541
+39551
+39563
+39569
+39581
+39607
+39619
+39623
+39631
+39659
+39667
+39671
+39679
+39703
+39709
+39719
+39727
+39733
+39749
+39761
+39769
+39779
+39791
+39799
+39821
+39827
+39829
+39839
+39841
+39847
+39857
+39863
+39869
+39877
+39883
+39887
+39901
+39929
+39937
+39953
+39971
+39979
+39983
+39989
+40009
+40013
+40031
+40037
+40039
+40063
+40087
+40093
+40099
+40111
+40123
+40127
+40129
+40151
+40153
+40163
+40169
+40177
+40189
+40193
+40213
+40231
+40237
+40241
+40253
+40277
+40283
+40289
+40343
+40351
+40357
+40361
+40387
+40423
+40427
+40429
+40433
+40459
+40471
+40483
+40487
+40493
+40499
+40507
+40519
+40529
+40531
+40543
+40559
+40577
+40583
+40591
+40597
+40609
+40627
+40637
+40639
+40693
+40697
+40699
+40709
+40739
+40751
+40759
+40763
+40771
+40787
+40801
+40813
+40819
+40823
+40829
+40841
+40847
+40849
+40853
+40867
+40879
+40883
+40897
+40903
+40927
+40933
+40939
+40949
+40961
+40973
+40993
+41011
+41017
+41023
+41039
+41047
+41051
+41057
+41077
+41081
+41113
+41117
+41131
+41141
+41143
+41149
+41161
+41177
+41179
+41183
+41189
+41201
+41203
+41213
+41221
+41227
+41231
+41233
+41243
+41257
+41263
+41269
+41281
+41299
+41333
+41341
+41351
+41357
+41381
+41387
+41389
+41399
+41411
+41413
+41443
+41453
+41467
+41479
+41491
+41507
+41513
+41519
+41521
+41539
+41543
+41549
+41579
+41593
+41597
+41603
+41609
+41611
+41617
+41621
+41627
+41641
+41647
+41651
+41659
+41669
+41681
+41687
+41719
+41729
+41737
+41759
+41761
+41771
+41777
+41801
+41809
+41813
+41843
+41849
+41851
+41863
+41879
+41887
+41893
+41897
+41903
+41911
+41927
+41941
+41947
+41953
+41957
+41959
+41969
+41981
+41983
+41999
+42013
+42017
+42019
+42023
+42043
+42061
+42071
+42073
+42083
+42089
+42101
+42131
+42139
+42157
+42169
+42179
+42181
+42187
+42193
+42197
+42209
+42221
+42223
+42227
+42239
+42257
+42281
+42283
+42293
+42299
+42307
+42323
+42331
+42337
+42349
+42359
+42373
+42379
+42391
+42397
+42403
+42407
+42409
+42433
+42437
+42443
+42451
+42457
+42461
+42463
+42467
+42473
+42487
+42491
+42499
+42509
+42533
+42557
+42569
+42571
+42577
+42589
+42611
+42641
+42643
+42649
+42667
+42677
+42683
+42689
+42697
+42701
+42703
+42709
+42719
+42727
+42737
+42743
+42751
+42767
+42773
+42787
+42793
+42797
+42821
+42829
+42839
+42841
+42853
+42859
+42863
+42899
+42901
+42923
+42929
+42937
+42943
+42953
+42961
+42967
+42979
+42989
+43003
+43013
+43019
+43037
+43049
+43051
+43063
+43067
+43093
+43103
+43117
+43133
+43151
+43159
+43177
+43189
+43201
+43207
+43223
+43237
+43261
+43271
+43283
+43291
+43313
+43319
+43321
+43331
+43391
+43397
+43399
+43403
+43411
+43427
+43441
+43451
+43457
+43481
+43487
+43499
+43517
+43541
+43543
+43573
+43577
+43579
+43591
+43597
+43607
+43609
+43613
+43627
+43633
+43649
+43651
+43661
+43669
+43691
+43711
+43717
+43721
+43753
+43759
+43777
+43781
+43783
+43787
+43789
+43793
+43801
+43853
+43867
+43889
+43891
+43913
+43933
+43943
+43951
+43961
+43963
+43969
+43973
+43987
+43991
+43997
+44017
+44021
+44027
+44029
+44041
+44053
+44059
+44071
+44087
+44089
+44101
+44111
+44119
+44123
+44129
+44131
+44159
+44171
+44179
+44189
+44201
+44203
+44207
+44221
+44249
+44257
+44263
+44267
+44269
+44273
+44279
+44281
+44293
+44351
+44357
+44371
+44381
+44383
+44389
+44417
+44449
+44453
+44483
+44491
+44497
+44501
+44507
+44519
+44531
+44533
+44537
+44543
+44549
+44563
+44579
+44587
+44617
+44621
+44623
+44633
+44641
+44647
+44651
+44657
+44683
+44687
+44699
+44701
+44711
+44729
+44741
+44753
+44771
+44773
+44777
+44789
+44797
+44809
+44819
+44839
+44843
+44851
+44867
+44879
+44887
+44893
+44909
+44917
+44927
+44939
+44953
+44959
+44963
+44971
+44983
+44987
+45007
+45013
+45053
+45061
+45077
+45083
+45119
+45121
+45127
+45131
+45137
+45139
+45161
+45179
+45181
+45191
+45197
+45233
+45247
+45259
+45263
+45281
+45289
+45293
+45307
+45317
+45319
+45329
+45337
+45341
+45343
+45361
+45377
+45389
+45403
+45413
+45427
+45433
+45439
+45481
+45491
+45497
+45503
+45523
+45533
+45541
+45553
+45557
+45569
+45587
+45589
+45599
+45613
+45631
+45641
+45659
+45667
+45673
+45677
+45691
+45697
+45707
+45737
+45751
+45757
+45763
+45767
+45779
+45817
+45821
+45823
+45827
+45833
+45841
+45853
+45863
+45869
+45887
+45893
+45943
+45949
+45953
+45959
+45971
+45979
+45989
+46021
+46027
+46049
+46051
+46061
+46073
+46091
+46093
+46099
+46103
+46133
+46141
+46147
+46153
+46171
+46181
+46183
+46187
+46199
+46219
+46229
+46237
+46261
+46271
+46273
+46279
+46301
+46307
+46309
+46327
+46337
+46349
+46351
+46381
+46399
+46411
+46439
+46441
+46447
+46451
+46457
+46471
+46477
+46489
+46499
+46507
+46511
+46523
+46549
+46559
+46567
+46573
+46589
+46591
+46601
+46619
+46633
+46639
+46643
+46649
+46663
+46679
+46681
+46687
+46691
+46703
+46723
+46727
+46747
+46751
+46757
+46769
+46771
+46807
+46811
+46817
+46819
+46829
+46831
+46853
+46861
+46867
+46877
+46889
+46901
+46919
+46933
+46957
+46993
+46997
+47017
+47041
+47051
+47057
+47059
+47087
+47093
+47111
+47119
+47123
+47129
+47137
+47143
+47147
+47149
+47161
+47189
+47207
+47221
+47237
+47251
+47269
+47279
+47287
+47293
+47297
+47303
+47309
+47317
+47339
+47351
+47353
+47363
+47381
+47387
+47389
+47407
+47417
+47419
+47431
+47441
+47459
+47491
+47497
+47501
+47507
+47513
+47521
+47527
+47533
+47543
+47563
+47569
+47581
+47591
+47599
+47609
+47623
+47629
+47639
+47653
+47657
+47659
+47681
+47699
+47701
+47711
+47713
+47717
+47737
+47741
+47743
+47777
+47779
+47791
+47797
+47807
+47809
+47819
+47837
+47843
+47857
+47869
+47881
+47903
+47911
+47917
+47933
+47939
+47947
+47951
+47963
+47969
+47977
+47981
+48017
+48023
+48029
+48049
+48073
+48079
+48091
+48109
+48119
+48121
+48131
+48157
+48163
+48179
+48187
+48193
+48197
+48221
+48239
+48247
+48259
+48271
+48281
+48299
+48311
+48313
+48337
+48341
+48353
+48371
+48383
+48397
+48407
+48409
+48413
+48437
+48449
+48463
+48473
+48479
+48481
+48487
+48491
+48497
+48523
+48527
+48533
+48539
+48541
+48563
+48571
+48589
+48593
+48611
+48619
+48623
+48647
+48649
+48661
+48673
+48677
+48679
+48731
+48733
+48751
+48757
+48761
+48767
+48779
+48781
+48787
+48799
+48809
+48817
+48821
+48823
+48847
+48857
+48859
+48869
+48871
+48883
+48889
+48907
+48947
+48953
+48973
+48989
+48991
+49003
+49009
+49019
+49031
+49033
+49037
+49043
+49057
+49069
+49081
+49103
+49109
+49117
+49121
+49123
+49139
+49157
+49169
+49171
+49177
+49193
+49199
+49201
+49207
+49211
+49223
+49253
+49261
+49277
+49279
+49297
+49307
+49331
+49333
+49339
+49363
+49367
+49369
+49391
+49393
+49409
+49411
+49417
+49429
+49433
+49451
+49459
+49463
+49477
+49481
+49499
+49523
+49529
+49531
+49537
+49547
+49549
+49559
+49597
+49603
+49613
+49627
+49633
+49639
+49663
+49667
+49669
+49681
+49697
+49711
+49727
+49739
+49741
+49747
+49757
+49783
+49787
+49789
+49801
+49807
+49811
+49823
+49831
+49843
+49853
+49871
+49877
+49891
+49919
+49921
+49927
+49937
+49939
+49943
+49957
+49991
+49993
+49999
+50021
+50023
+50033
+50047
+50051
+50053
+50069
+50077
+50087
+50093
+50101
+50111
+50119
+50123
+50129
+50131
+50147
+50153
+50159
+50177
+50207
+50221
+50227
+50231
+50261
+50263
+50273
+50287
+50291
+50311
+50321
+50329
+50333
+50341
+50359
+50363
+50377
+50383
+50387
+50411
+50417
+50423
+50441
+50459
+50461
+50497
+50503
+50513
+50527
+50539
+50543
+50549
+50551
+50581
+50587
+50591
+50593
+50599
+50627
+50647
+50651
+50671
+50683
+50707
+50723
+50741
+50753
+50767
+50773
+50777
+50789
+50821
+50833
+50839
+50849
+50857
+50867
+50873
+50891
+50893
+50909
+50923
+50929
+50951
+50957
+50969
+50971
+50989
+50993
+51001
+51031
+51043
+51047
+51059
+51061
+51071
+51109
+51131
+51133
+51137
+51151
+51157
+51169
+51193
+51197
+51199
+51203
+51217
+51229
+51239
+51241
+51257
+51263
+51283
+51287
+51307
+51329
+51341
+51343
+51347
+51349
+51361
+51383
+51407
+51413
+51419
+51421
+51427
+51431
+51437
+51439
+51449
+51461
+51473
+51479
+51481
+51487
+51503
+51511
+51517
+51521
+51539
+51551
+51563
+51577
+51581
+51593
+51599
+51607
+51613
+51631
+51637
+51647
+51659
+51673
+51679
+51683
+51691
+51713
+51719
+51721
+51749
+51767
+51769
+51787
+51797
+51803
+51817
+51827
+51829
+51839
+51853
+51859
+51869
+51871
+51893
+51899
+51907
+51913
+51929
+51941
+51949
+51971
+51973
+51977
+51991
+52009
+52021
+52027
+52051
+52057
+52067
+52069
+52081
+52103
+52121
+52127
+52147
+52153
+52163
+52177
+52181
+52183
+52189
+52201
+52223
+52237
+52249
+52253
+52259
+52267
+52289
+52291
+52301
+52313
+52321
+52361
+52363
+52369
+52379
+52387
+52391
+52433
+52453
+52457
+52489
+52501
+52511
+52517
+52529
+52541
+52543
+52553
+52561
+52567
+52571
+52579
+52583
+52609
+52627
+52631
+52639
+52667
+52673
+52691
+52697
+52709
+52711
+52721
+52727
+52733
+52747
+52757
+52769
+52783
+52807
+52813
+52817
+52837
+52859
+52861
+52879
+52883
+52889
+52901
+52903
+52919
+52937
+52951
+52957
+52963
+52967
+52973
+52981
+52999
+53003
+53017
+53047
+53051
+53069
+53077
+53087
+53089
+53093
+53101
+53113
+53117
+53129
+53147
+53149
+53161
+53171
+53173
+53189
+53197
+53201
+53231
+53233
+53239
+53267
+53269
+53279
+53281
+53299
+53309
+53323
+53327
+53353
+53359
+53377
+53381
+53401
+53407
+53411
+53419
+53437
+53441
+53453
+53479
+53503
+53507
+53527
+53549
+53551
+53569
+53591
+53593
+53597
+53609
+53611
+53617
+53623
+53629
+53633
+53639
+53653
+53657
+53681
+53693
+53699
+53717
+53719
+53731
+53759
+53773
+53777
+53783
+53791
+53813
+53819
+53831
+53849
+53857
+53861
+53881
+53887
+53891
+53897
+53899
+53917
+53923
+53927
+53939
+53951
+53959
+53987
+53993
+54001
+54011
+54013
+54037
+54049
+54059
+54083
+54091
+54101
+54121
+54133
+54139
+54151
+54163
+54167
+54181
+54193
+54217
+54251
+54269
+54277
+54287
+54293
+54311
+54319
+54323
+54331
+54347
+54361
+54367
+54371
+54377
+54401
+54403
+54409
+54413
+54419
+54421
+54437
+54443
+54449
+54469
+54493
+54497
+54499
+54503
+54517
+54521
+54539
+54541
+54547
+54559
+54563
+54577
+54581
+54583
+54601
+54617
+54623
+54629
+54631
+54647
+54667
+54673
+54679
+54709
+54713
+54721
+54727
+54751
+54767
+54773
+54779
+54787
+54799
+54829
+54833
+54851
+54869
+54877
+54881
+54907
+54917
+54919
+54941
+54949
+54959
+54973
+54979
+54983
+55001
+55009
+55021
+55049
+55051
+55057
+55061
+55073
+55079
+55103
+55109
+55117
+55127
+55147
+55163
+55171
+55201
+55207
+55213
+55217
+55219
+55229
+55243
+55249
+55259
+55291
+55313
+55331
+55333
+55337
+55339
+55343
+55351
+55373
+55381
+55399
+55411
+55439
+55441
+55457
+55469
+55487
+55501
+55511
+55529
+55541
+55547
+55579
+55589
+55603
+55609
+55619
+55621
+55631
+55633
+55639
+55661
+55663
+55667
+55673
+55681
+55691
+55697
+55711
+55717
+55721
+55733
+55763
+55787
+55793
+55799
+55807
+55813
+55817
+55819
+55823
+55829
+55837
+55843
+55849
+55871
+55889
+55897
+55901
+55903
+55921
+55927
+55931
+55933
+55949
+55967
+55987
+55997
+56003
+56009
+56039
+56041
+56053
+56081
+56087
+56093
+56099
+56101
+56113
+56123
+56131
+56149
+56167
+56171
+56179
+56197
+56207
+56209
+56237
+56239
+56249
+56263
+56267
+56269
+56299
+56311
+56333
+56359
+56369
+56377
+56383
+56393
+56401
+56417
+56431
+56437
+56443
+56453
+56467
+56473
+56477
+56479
+56489
+56501
+56503
+56509
+56519
+56527
+56531
+56533
+56543
+56569
+56591
+56597
+56599
+56611
+56629
+56633
+56659
+56663
+56671
+56681
+56687
+56701
+56711
+56713
+56731
+56737
+56747
+56767
+56773
+56779
+56783
+56807
+56809
+56813
+56821
+56827
+56843
+56857
+56873
+56891
+56893
+56897
+56909
+56911
+56921
+56923
+56929
+56941
+56951
+56957
+56963
+56983
+56989
+56993
+56999
+57037
+57041
+57047
+57059
+57073
+57077
+57089
+57097
+57107
+57119
+57131
+57139
+57143
+57149
+57163
+57173
+57179
+57191
+57193
+57203
+57221
+57223
+57241
+57251
+57259
+57269
+57271
+57283
+57287
+57301
+57329
+57331
+57347
+57349
+57367
+57373
+57383
+57389
+57397
+57413
+57427
+57457
+57467
+57487
+57493
+57503
+57527
+57529
+57557
+57559
+57571
+57587
+57593
+57601
+57637
+57641
+57649
+57653
+57667
+57679
+57689
+57697
+57709
+57713
+57719
+57727
+57731
+57737
+57751
+57773
+57781
+57787
+57791
+57793
+57803
+57809
+57829
+57839
+57847
+57853
+57859
+57881
+57899
+57901
+57917
+57923
+57943
+57947
+57973
+57977
+57991
+58013
+58027
+58031
+58043
+58049
+58057
+58061
+58067
+58073
+58099
+58109
+58111
+58129
+58147
+58151
+58153
+58169
+58171
+58189
+58193
+58199
+58207
+58211
+58217
+58229
+58231
+58237
+58243
+58271
+58309
+58313
+58321
+58337
+58363
+58367
+58369
+58379
+58391
+58393
+58403
+58411
+58417
+58427
+58439
+58441
+58451
+58453
+58477
+58481
+58511
+58537
+58543
+58549
+58567
+58573
+58579
+58601
+58603
+58613
+58631
+58657
+58661
+58679
+58687
+58693
+58699
+58711
+58727
+58733
+58741
+58757
+58763
+58771
+58787
+58789
+58831
+58889
+58897
+58901
+58907
+58909
+58913
+58921
+58937
+58943
+58963
+58967
+58979
+58991
+58997
+59009
+59011
+59021
+59023
+59029
+59051
+59053
+59063
+59069
+59077
+59083
+59093
+59107
+59113
+59119
+59123
+59141
+59149
+59159
+59167
+59183
+59197
+59207
+59209
+59219
+59221
+59233
+59239
+59243
+59263
+59273
+59281
+59333
+59341
+59351
+59357
+59359
+59369
+59377
+59387
+59393
+59399
+59407
+59417
+59419
+59441
+59443
+59447
+59453
+59467
+59471
+59473
+59497
+59509
+59513
+59539
+59557
+59561
+59567
+59581
+59611
+59617
+59621
+59627
+59629
+59651
+59659
+59663
+59669
+59671
+59693
+59699
+59707
+59723
+59729
+59743
+59747
+59753
+59771
+59779
+59791
+59797
+59809
+59833
+59863
+59879
+59887
+59921
+59929
+59951
+59957
+59971
+59981
+59999
+60013
+60017
+60029
+60037
+60041
+60077
+60083
+60089
+60091
+60101
+60103
+60107
+60127
+60133
+60139
+60149
+60161
+60167
+60169
+60209
+60217
+60223
+60251
+60257
+60259
+60271
+60289
+60293
+60317
+60331
+60337
+60343
+60353
+60373
+60383
+60397
+60413
+60427
+60443
+60449
+60457
+60493
+60497
+60509
+60521
+60527
+60539
+60589
+60601
+60607
+60611
+60617
+60623
+60631
+60637
+60647
+60649
+60659
+60661
+60679
+60689
+60703
+60719
+60727
+60733
+60737
+60757
+60761
+60763
+60773
+60779
+60793
+60811
+60821
+60859
+60869
+60887
+60889
+60899
+60901
+60913
+60917
+60919
+60923
+60937
+60943
+60953
+60961
+61001
+61007
+61027
+61031
+61043
+61051
+61057
+61091
+61099
+61121
+61129
+61141
+61151
+61153
+61169
+61211
+61223
+61231
+61253
+61261
+61283
+61291
+61297
+61331
+61333
+61339
+61343
+61357
+61363
+61379
+61381
+61403
+61409
+61417
+61441
+61463
+61469
+61471
+61483
+61487
+61493
+61507
+61511
+61519
+61543
+61547
+61553
+61559
+61561
+61583
+61603
+61609
+61613
+61627
+61631
+61637
+61643
+61651
+61657
+61667
+61673
+61681
+61687
+61703
+61717
+61723
+61729
+61751
+61757
+61781
+61813
+61819
+61837
+61843
+61861
+61871
+61879
+61909
+61927
+61933
+61949
+61961
+61967
+61979
+61981
+61987
+61991
+62003
+62011
+62017
+62039
+62047
+62053
+62057
+62071
+62081
+62099
+62119
+62129
+62131
+62137
+62141
+62143
+62171
+62189
+62191
+62201
+62207
+62213
+62219
+62233
+62273
+62297
+62299
+62303
+62311
+62323
+62327
+62347
+62351
+62383
+62401
+62417
+62423
+62459
+62467
+62473
+62477
+62483
+62497
+62501
+62507
+62533
+62539
+62549
+62563
+62581
+62591
+62597
+62603
+62617
+62627
+62633
+62639
+62653
+62659
+62683
+62687
+62701
+62723
+62731
+62743
+62753
+62761
+62773
+62791
+62801
+62819
+62827
+62851
+62861
+62869
+62873
+62897
+62903
+62921
+62927
+62929
+62939
+62969
+62971
+62981
+62983
+62987
+62989
+63029
+63031
+63059
+63067
+63073
+63079
+63097
+63103
+63113
+63127
+63131
+63149
+63179
+63197
+63199
+63211
+63241
+63247
+63277
+63281
+63299
+63311
+63313
+63317
+63331
+63337
+63347
+63353
+63361
+63367
+63377
+63389
+63391
+63397
+63409
+63419
+63421
+63439
+63443
+63463
+63467
+63473
+63487
+63493
+63499
+63521
+63527
+63533
+63541
+63559
+63577
+63587
+63589
+63599
+63601
+63607
+63611
+63617
+63629
+63647
+63649
+63659
+63667
+63671
+63689
+63691
+63697
+63703
+63709
+63719
+63727
+63737
+63743
+63761
+63773
+63781
+63793
+63799
+63803
+63809
+63823
+63839
+63841
+63853
+63857
+63863
+63901
+63907
+63913
+63929
+63949
+63977
+63997
+64007
+64013
+64019
+64033
+64037
+64063
+64067
+64081
+64091
+64109
+64123
+64151
+64153
+64157
+64171
+64187
+64189
+64217
+64223
+64231
+64237
+64271
+64279
+64283
+64301
+64303
+64319
+64327
+64333
+64373
+64381
+64399
+64403
+64433
+64439
+64451
+64453
+64483
+64489
+64499
+64513
+64553
+64567
+64577
+64579
+64591
+64601
+64609
+64613
+64621
+64627
+64633
+64661
+64663
+64667
+64679
+64693
+64709
+64717
+64747
+64763
+64781
+64783
+64793
+64811
+64817
+64849
+64853
+64871
+64877
+64879
+64891
+64901
+64919
+64921
+64927
+64937
+64951
+64969
+64997
+65003
+65011
+65027
+65029
+65033
+65053
+65063
+65071
+65089
+65099
+65101
+65111
+65119
+65123
+65129
+65141
+65147
+65167
+65171
+65173
+65179
+65183
+65203
+65213
+65239
+65257
+65267
+65269
+65287
+65293
+65309
+65323
+65327
+65353
+65357
+65371
+65381
+65393
+65407
+65413
+65419
+65423
+65437
+65447
+65449
+65479
+65497
+65519
+65521
diff --git a/nss/lib/freebl/mpi/doc/prng.pod b/nss/lib/freebl/mpi/doc/prng.pod
new file mode 100644
index 0000000..6da4d4a
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/prng.pod
@@ -0,0 +1,38 @@
+=head1 NAME
+
+ prng - pseudo-random number generator
+
+=head1 SYNOPSIS
+
+ prng [count]
+
+=head1 DESCRIPTION
+
+B<Prng> generates 32-bit pseudo-random integers using the
+Blum-Blum-Shub (BBS) quadratic residue generator.  It is seeded using
+the standard C library's rand() function, which itself seeded from the
+system clock and the process ID number.  Thus, the values generated
+are not particularly useful for cryptographic applications, but they
+are in general much better than the typical output of the usual
+multiplicative congruency generator used by most runtime libraries.
+
+You may optionally specify how many random values should be generated
+by giving a I<count> argument on the command line.  If you do not
+specify a count, only one random value will be generated.  The results
+are output to the standard output in decimal notation, one value per
+line.
+
+=head1 RESTRICTIONS
+
+As stated above, B<prng> uses the C library's rand() function to seed
+the generator, so it is not terribly suitable for cryptographic
+applications.  Also note that each time you run the program, a new
+seed is generated, so it is better to run it once with a I<count>
+parameter than it is to run it multiple times to generate several
+values.
+
+=head1 AUTHOR
+
+ Michael J. Fromberger <sting@linguist.dartmouth.edu>
+ Copyright (C) 1998 Michael J. Fromberger, All Rights Reserved
+ Thayer School of Engineering, Dartmouth College, Hanover, NH  USA
diff --git a/nss/lib/freebl/mpi/doc/redux.txt b/nss/lib/freebl/mpi/doc/redux.txt
new file mode 100644
index 0000000..0df0f03
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/redux.txt
@@ -0,0 +1,86 @@
+Modular Reduction
+
+Usually, modular reduction is accomplished by long division, using the
+mp_div() or mp_mod() functions.  However, when performing modular
+exponentiation, you spend a lot of time reducing by the same modulus
+again and again.  For this purpose, doing a full division for each
+multiplication is quite inefficient.
+
+For this reason, the mp_exptmod() function does not perform modular
+reductions in the usual way, but instead takes advantage of an
+algorithm due to Barrett, as described by Menezes, Oorschot and
+VanStone in their book _Handbook of Applied Cryptography_, published
+by the CRC Press (see Chapter 14 for details).  This method reduces
+most of the computation of reduction to efficient shifting and masking
+operations, and avoids the multiple-precision division entirely.
+
+Here is a brief synopsis of Barrett reduction, as it is implemented in
+this library.
+
+Let b denote the radix of the computation (one more than the maximum
+value that can be denoted by an mp_digit).  Let m be the modulus, and
+let k be the number of significant digits of m.  Let x be the value to
+be reduced modulo m.  By the Division Theorem, there exist unique
+integers Q and R such that:
+
+	 x = Qm + R, 0 <= R < m
+
+Barrett reduction takes advantage of the fact that you can easily
+approximate Q to within two, given a value M such that:
+
+	                  2k
+	                 b
+	    M = floor( ----- )
+	                 m
+
+Computation of M requires a full-precision division step, so if you
+are only doing a single reduction by m, you gain no advantage.
+However, when multiple reductions by the same m are required, this
+division need only be done once, beforehand.  Using this, we can use
+the following equation to compute Q', an approximation of Q:
+
+                     x
+            floor( ------ ) M
+                      k-1
+                     b
+Q' = floor( ----------------- )
+                    k+1
+                   b
+
+The divisions by b^(k-1) and b^(k+1) and the floor() functions can be
+efficiently implemented with shifts and masks, leaving only a single
+multiplication to be performed to get this approximation.  It can be
+shown that Q - 2 <= Q' <= Q, so in the worst case, we can get out with
+two additional subtractions to bring the value into line with the
+actual value of Q.
+
+Once we've got Q', we basically multiply that by m and subtract from
+x, yielding:
+
+   x - Q'm = Qm + R - Q'm
+
+Since we know the constraint on Q', this is one of:
+
+      R
+      m + R
+      2m + R
+
+Since R < m by the Division Theorem, we can simply subtract off m
+until we get a value in the correct range, which will happen with no
+more than 2 subtractions:
+
+     v = x - Q'm
+
+     while(v >= m)
+       v = v - m
+     endwhile
+
+
+In random performance trials, modular exponentiation using this method
+of reduction gave around a 40% speedup over using the division for
+reduction.
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/sqrt.txt b/nss/lib/freebl/mpi/doc/sqrt.txt
new file mode 100644
index 0000000..4529cbf
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/sqrt.txt
@@ -0,0 +1,50 @@
+Square Root
+
+A simple iterative algorithm is used to compute the greatest integer
+less than or equal to the square root.  Essentially, this is Newton's
+linear approximation, computed by finding successive values of the
+equation:
+
+		    x[k]^2 - V
+x[k+1]	 =  x[k] - ------------
+	             2 x[k]
+
+...where V is the value for which the square root is being sought.  In
+essence, what is happening here is that we guess a value for the
+square root, then figure out how far off we were by squaring our guess
+and subtracting the target.  Using this value, we compute a linear
+approximation for the error, and adjust the "guess".  We keep doing
+this until the precision gets low enough that the above equation
+yields a quotient of zero.  At this point, our last guess is one
+greater than the square root we're seeking.
+
+The initial guess is computed by dividing V by 4, which is a heuristic
+I have found to be fairly good on average.  This also has the
+advantage of being very easy to compute efficiently, even for large
+values.
+
+So, the resulting algorithm works as follows:
+
+    x = V / 4   /* compute initial guess */
+    
+    loop
+	t = (x * x) - V   /* Compute absolute error  */
+	u = 2 * x         /* Adjust by tangent slope */
+	t = t / u
+
+	/* Loop is done if error is zero */
+	if(t == 0)
+	    break
+
+	/* Adjust guess by error term    */
+	x = x - t
+    end
+
+    x = x - 1
+
+The result of the computation is the value of x.
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/square.txt b/nss/lib/freebl/mpi/doc/square.txt
new file mode 100644
index 0000000..edbb978
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/square.txt
@@ -0,0 +1,72 @@
+Squaring Algorithm
+
+When you are squaring a value, you can take advantage of the fact that
+half the multiplications performed by the more general multiplication
+algorithm (see 'mul.txt' for a description) are redundant when the
+multiplicand equals the multiplier.
+
+In particular, the modified algorithm is:
+
+k = 0
+for j <- 0 to (#a - 1)
+  w = c[2*j] + (a[j] ^ 2);
+  k = w div R
+
+  for i <- j+1 to (#a - 1)
+    w = (2 * a[j] * a[i]) + k + c[i+j]
+    c[i+j] = w mod R
+    k = w div R
+  endfor
+  c[i+j] = k;
+  k = 0;
+endfor
+
+On the surface, this looks identical to the multiplication algorithm;
+however, note the following differences:
+
+  - precomputation of the leading term in the outer loop
+
+  - i runs from j+1 instead of from zero
+
+  - doubling of a[i] * a[j] in the inner product
+
+Unfortunately, the construction of the inner product is such that we
+need more than two digits to represent the inner product, in some
+cases.  In a C implementation, this means that some gymnastics must be
+performed in order to handle overflow, for which C has no direct
+abstraction.  We do this by observing the following:
+
+If we have multiplied a[i] and a[j], and the product is more than half
+the maximum value expressible in two digits, then doubling this result
+will overflow into a third digit.  If this occurs, we take note of the
+overflow, and double it anyway -- C integer arithmetic ignores
+overflow, so the two digits we get back should still be valid, modulo
+the overflow.
+
+Having doubled this value, we now have to add in the remainders and
+the digits already computed by earlier steps.  If we did not overflow
+in the previous step, we might still cause an overflow here.  That
+will happen whenever the maximum value expressible in two digits, less
+the amount we have to add, is greater than the result of the previous
+step.  Thus, the overflow computation is:
+
+
+  u = 0
+  w = a[i] * a[j]
+
+  if(w > (R - 1)/ 2)
+    u = 1;
+
+  w = w * 2
+  v = c[i + j] + k
+
+  if(u == 0 && (R - 1 - v) < w)
+    u = 1
+
+If there is an overflow, u will be 1, otherwise u will be 0.  The rest
+of the parameters are the same as they are in the above description.
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/doc/timing.txt b/nss/lib/freebl/mpi/doc/timing.txt
new file mode 100644
index 0000000..58f37c9
--- /dev/null
+++ b/nss/lib/freebl/mpi/doc/timing.txt
@@ -0,0 +1,213 @@
+MPI Library Timing Tests
+
+Hardware/OS
+(A) SGI O2 1 x MIPS R10000 250MHz IRIX 6.5.3
+(B) IBM RS/6000 43P-240 1 x PowerPC 603e 223MHz AIX 4.3
+(C) Dell GX1/L+ 1 x Pentium III 550MHz Linux 2.2.12-20
+(D) PowerBook G3 1 x PowerPC 750 266MHz LinuxPPC 2.2.6-15apmac
+(E) PowerBook G3 1 x PowerPC 750 266MHz MacOS 8.5.1
+(F) PowerBook G3 1 x PowerPC 750 400MHz MacOS 9.0.2
+
+Compiler
+(1) MIPSpro C 7.2.1 -O3 optimizations
+(2) GCC 2.95.1 -O3 optimizations
+(3) IBM AIX xlc -O3 optimizations (version unknown)
+(4) EGCS 2.91.66 -O3 optimizations
+(5) Metrowerks CodeWarrior 5.0 C, all optimizations
+(6) MIPSpro C 7.30 -O3 optimizations
+(7) same as (6), with optimized libmalloc.so
+
+Timings are given in seconds, computed using the C library's clock()
+function.  The first column gives the hardware and compiler
+configuration used for the test. The second column indicates the
+number of tests that were aggregated to get the statistics for that
+size.  These were compiled using 16 bit digits.
+
+Source data were generated randomly using a fixed seed, so they should
+be internally consistent, but may vary on different systems depending
+on the C library.  Also, since the resolution of the timer accessed by
+clock() varies, there may be some variance in the precision of these
+measurements.
+
+Prime Generation (primegen)
+
+128 bits:
+A1      200     min=0.03, avg=0.19, max=0.72, sum=38.46
+A2      200     min=0.02, avg=0.16, max=0.62, sum=32.55
+B3      200     min=0.01, avg=0.07, max=0.22, sum=13.29
+C4      200     min=0.00, avg=0.03, max=0.20, sum=6.14
+D4      200     min=0.00, avg=0.05, max=0.33, sum=9.70
+A6      200     min=0.01, avg=0.09, max=0.36, sum=17.48
+A7      200     min=0.00, avg=0.05, max=0.24, sum=10.07
+
+192 bits:
+A1      200     min=0.05, avg=0.45, max=3.13, sum=89.96
+A2      200     min=0.04, avg=0.39, max=2.61, sum=77.55
+B3      200     min=0.02, avg=0.18, max=1.25, sum=36.97
+C4      200     min=0.01, avg=0.09, max=0.33, sum=18.24
+D4      200     min=0.02, avg=0.15, max=0.54, sum=29.63
+A6      200     min=0.02, avg=0.24, max=1.70, sum=47.84
+A7      200     min=0.01, avg=0.15, max=1.05, sum=30.88
+
+256 bits:
+A1      200     min=0.08, avg=0.92, max=6.13, sum=184.79
+A2      200     min=0.06, avg=0.76, max=5.03, sum=151.11
+B3      200     min=0.04, avg=0.41, max=2.68, sum=82.35
+C4      200     min=0.02, avg=0.19, max=0.69, sum=37.91
+D4      200     min=0.03, avg=0.31, max=1.15, sum=63.00
+A6      200     min=0.04, avg=0.48, max=3.13, sum=95.46
+A7      200     min=0.03, avg=0.37, max=2.36, sum=73.60
+
+320 bits:
+A1      200     min=0.11, avg=1.59, max=6.14, sum=318.81
+A2      200     min=0.09, avg=1.27, max=4.93, sum=254.03
+B3      200     min=0.07, avg=0.82, max=3.13, sum=163.80
+C4      200     min=0.04, avg=0.44, max=1.91, sum=87.59
+D4      200     min=0.06, avg=0.73, max=3.22, sum=146.73
+A6      200     min=0.07, avg=0.93, max=3.50, sum=185.01
+A7      200     min=0.05, avg=0.76, max=2.94, sum=151.78
+
+384 bits:
+A1      200     min=0.16, avg=2.69, max=11.41, sum=537.89
+A2      200     min=0.13, avg=2.15, max=9.03, sum=429.14
+B3      200     min=0.11, avg=1.54, max=6.49, sum=307.78
+C4      200     min=0.06, avg=0.81, max=4.84, sum=161.13
+D4      200     min=0.10, avg=1.38, max=8.31, sum=276.81
+A6      200     min=0.11, avg=1.73, max=7.36, sum=345.55
+A7      200     min=0.09, avg=1.46, max=6.12, sum=292.02
+
+448 bits:
+A1      200     min=0.23, avg=3.36, max=15.92, sum=672.63
+A2      200     min=0.17, avg=2.61, max=12.25, sum=522.86
+B3      200     min=0.16, avg=2.10, max=9.83, sum=420.86
+C4      200     min=0.09, avg=1.44, max=7.64, sum=288.36
+D4      200     min=0.16, avg=2.50, max=13.29, sum=500.17
+A6      200     min=0.15, avg=2.31, max=10.81, sum=461.58
+A7      200     min=0.14, avg=2.03, max=9.53, sum=405.16
+
+512 bits:
+A1      200     min=0.30, avg=6.12, max=22.18, sum=1223.35
+A2      200     min=0.25, avg=4.67, max=16.90, sum=933.18
+B3      200     min=0.23, avg=4.13, max=14.94, sum=825.45
+C4      200     min=0.13, avg=2.08, max=9.75, sum=415.22
+D4      200     min=0.24, avg=4.04, max=20.18, sum=808.11
+A6      200     min=0.22, avg=4.47, max=16.19, sum=893.83
+A7      200     min=0.20, avg=4.03, max=14.65, sum=806.02
+
+Modular Exponentation (metime)
+
+The following results are aggregated from 200 pseudo-randomly
+generated tests, based on a fixed seed. 
+
+                      base, exponent, and modulus size (bits)
+P/C       128   192   256   320   384   448   512   640   768   896  1024
+------- -----------------------------------------------------------------
+A1      0.015 0.027 0.047 0.069 0.098 0.133 0.176 0.294 0.458 0.680 1.040
+A2      0.013 0.024 0.037 0.053 0.077 0.102 0.133 0.214 0.326 0.476 0.668
+B3      0.005 0.011 0.021 0.036 0.056 0.084 0.121 0.222 0.370 0.573 0.840
+C4      0.002 0.006 0.011 0.020 0.032 0.048 0.069 0.129 0.223 0.344 0.507
+D4      0.004 0.010 0.019 0.034 0.056 0.085 0.123 0.232 0.390 0.609 0.899
+E5      0.007 0.015 0.031 0.055 0.088 0.133 0.183 0.342 0.574 0.893 1.317
+A6      0.008 0.016 0.038 0.042 0.064 0.093 0.133 0.239 0.393 0.604 0.880
+A7      0.005 0.011 0.020 0.036 0.056 0.083 0.121 0.223 0.374 0.583 0.855
+
+Multiplication and Squaring tests, (mulsqr)
+
+The following results are aggregated from 500000 pseudo-randomly
+generated tests, based on a per-run wall-clock seed.  Times are given
+in seconds, except where indicated in microseconds (us).
+
+(A1)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      9.33        9.15    >   1.9     18.7us      18.3us
+128     10.88       10.44   >   4.0     21.8us      20.9us
+192     13.30       11.89   >   10.6    26.7us      23.8us
+256     14.88       12.64   >   15.1    29.8us      25.3us
+320     18.64       15.01   >   19.5    37.3us      30.0us
+384     23.11       17.70   >   23.4    46.2us      35.4us
+448     28.28       20.88   >   26.2    56.6us      41.8us
+512     34.09       24.51   >   28.1    68.2us      49.0us
+640     47.86       33.25   >   30.5    95.7us      66.5us
+768     64.91       43.54   >   32.9    129.8us     87.1us
+896     84.49       55.48   >   34.3    169.0us     111.0us
+1024    107.25      69.21   >   35.5    214.5us     138.4us
+1536    227.97      141.91  >   37.8    456.0us     283.8us
+2048    394.05      242.15  >   38.5    788.1us     484.3us
+
+(A2)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      7.87        7.95    <   1.0     15.7us      15.9us
+128     9.40        9.19    >   2.2     18.8us      18.4us
+192     11.15       10.59   >   5.0     22.3us      21.2us
+256     12.02       11.16   >   7.2     24.0us      22.3us
+320     14.62       13.43   >   8.1     29.2us      26.9us
+384     17.72       15.80   >   10.8    35.4us      31.6us
+448     21.24       18.51   >   12.9    42.5us      37.0us
+512     25.36       21.78   >   14.1    50.7us      43.6us
+640     34.57       29.00   >   16.1    69.1us      58.0us
+768     46.10       37.60   >   18.4    92.2us      75.2us
+896     58.94       47.72   >   19.0    117.9us     95.4us
+1024    73.76       59.12   >   19.8    147.5us     118.2us
+1536    152.00      118.80  >   21.8    304.0us     237.6us
+2048    259.41      199.57  >   23.1    518.8us     399.1us
+
+(B3)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      2.60        2.47    >   5.0     5.20us      4.94us
+128     4.43        4.06    >   8.4     8.86us      8.12us
+192     7.03        6.10    >   13.2    14.1us      12.2us
+256     10.44       8.59    >   17.7    20.9us      17.2us
+320     14.44       11.64   >   19.4    28.9us      23.3us
+384     19.12       15.08   >   21.1    38.2us      30.2us
+448     24.55       19.09   >   22.2    49.1us      38.2us
+512     31.03       23.53   >   24.2    62.1us      47.1us
+640     45.05       33.80   >   25.0    90.1us      67.6us
+768     63.02       46.05   >   26.9    126.0us     92.1us
+896     83.74       60.29   >   28.0    167.5us     120.6us
+1024    106.73      76.65   >   28.2    213.5us     153.3us
+1536    228.94      160.98  >   29.7    457.9us     322.0us
+2048    398.08      275.93  >   30.7    796.2us     551.9us
+
+(C4)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      1.34        1.28    >   4.5     2.68us      2.56us
+128     2.76        2.59    >   6.2     5.52us      5.18us
+192     4.52        4.16    >   8.0     9.04us      8.32us
+256     6.64        5.99    >   9.8     13.3us      12.0us
+320     9.20        8.13    >   11.6    18.4us      16.3us
+384     12.01       10.58   >   11.9    24.0us      21.2us
+448     15.24       13.33   >   12.5    30.5us      26.7us
+512     19.02       16.46   >   13.5    38.0us      32.9us
+640     27.56       23.54   >   14.6    55.1us      47.1us
+768     37.89       31.78   >   16.1    75.8us      63.6us
+896     49.24       41.42   >   15.9    98.5us      82.8us
+1024    62.59       52.18   >   16.6    125.2us     104.3us
+1536    131.66      107.72  >   18.2    263.3us     215.4us
+2048    226.45      182.95  >   19.2    453.0us     365.9us
+
+(A7)
+
+bits    multiply    square  ad  percent time/mult   time/square
+64      1.74        1.71    >   1.7     3.48us      3.42us
+128     3.48        2.96    >   14.9    6.96us      5.92us
+192     5.74        4.60    >   19.9    11.5us      9.20us
+256     8.75        6.61    >   24.5    17.5us      13.2us
+320     12.5        8.99    >   28.1    25.0us      18.0us
+384     16.9        11.9    >   29.6    33.8us      23.8us
+448     22.2        15.2    >   31.7    44.4us      30.4us
+512     28.3        19.0    >   32.7    56.6us      38.0us
+640     42.4        28.0    >   34.0    84.8us      56.0us
+768     59.4        38.5    >   35.2    118.8us     77.0us
+896     79.5        51.2    >   35.6    159.0us     102.4us
+1024    102.6	    65.5    >	36.2	205.2us	    131.0us
+1536    224.3	    140.6   >	37.3	448.6us	    281.2us
+2048    393.4	    244.3   >	37.9	786.8us	    488.6us
+
+------------------------------------------------------------------
+ This Source Code Form is subject to the terms of the Mozilla Public
+ # License, v. 2.0. If a copy of the MPL was not distributed with this
+ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/hpma512.s b/nss/lib/freebl/mpi/hpma512.s
new file mode 100644
index 0000000..ae9da63
--- /dev/null
+++ b/nss/lib/freebl/mpi/hpma512.s
@@ -0,0 +1,615 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ *
+ *  This PA-RISC 2.0 function computes the product of two unsigned integers,
+ *  and adds the result to a previously computed integer.  The multiplicand
+ *  is a 512-bit (64-byte, eight doubleword) unsigned integer, stored in
+ *  memory in little-double-wordian order.  The multiplier is an unsigned
+ *  64-bit integer.  The previously computed integer to which the product is
+ *  added is located in the result ("res") area, and is assumed to be a
+ *  576-bit (72-byte, nine doubleword) unsigned integer, stored in memory
+ *  in little-double-wordian order.  This value normally will be the result
+ *  of a previously computed nine doubleword result.  It is not necessary
+ *  to pad the multiplicand with an additional 64-bit zero doubleword.
+ *
+ *  Multiplicand, multiplier, and addend ideally should be aligned at
+ *  16-byte boundaries for best performance.  The code will function
+ *  correctly for alignment at eight-byte boundaries which are not 16-byte
+ *  boundaries, but the execution may be slightly slower due to even/odd
+ *  bank conflicts on PA-RISC 8000 processors.
+ *
+ *  This function is designed to accept the same calling sequence as Bill
+ *  Ackerman's "maxpy_little" function.  The carry from the ninth doubleword
+ *  of the result is written to the tenth word of the result, as is done by
+ *  Bill Ackerman's function.  The final carry also is returned as an
+ *  integer, which may be ignored.  The function prototype may be either
+ *  of the following:
+ *
+ *      void multacc512( int l, chunk* m, const chunk* a, chunk* res );
+ *          or
+ *      int multacc512( int l, chunk* m, const chunk* a, chunk* res );
+ *
+ *  where:  "l" originally denoted vector lengths.  This parameter is
+ *      ignored.  This function always assumes a multiplicand length of
+ *      512 bits (eight doublewords), and addend and result lengths of
+ *      576 bits (nine doublewords).
+ *
+ *      "m" is a pointer to the doubleword multiplier, ideally aligned
+ *      on a 16-byte boundary.
+ *
+ *      "a" is a pointer to the eight-doubleword multiplicand, stored
+ *      in little-double-wordian order, and ideally aligned on a 16-byte
+ *      boundary.
+ *
+ *      "res" is a pointer to the nine doubleword addend, and to the
+ *      nine-doubleword product computed by this function.  The result
+ *      also is stored in little-double-wordian order, and ideally is
+ *      aligned on a 16-byte boundary. It is expected that the alignment
+ *      of the "res" area may alternate between even/odd doubleword
+ *      boundaries for successive calls for 512-bit x 512-bit
+ *      multiplications.
+ *
+ *  The code for this function has been scheduled to use the parallelism
+ *  of the PA-RISC 8000 series microprocessors as well as the author was
+ *  able.  Comments and/or suggestions for improvement are welcomed.
+ *
+ *  The code is "64-bit safe".  This means it may be called in either
+ *  the 32ILP context or the 64LP context.  All 64-bits of registers are
+ *  saved and restored.
+ *
+ *  This code is self-contained.  It requires no other header files in order
+ *  to compile and to be linkable on a PA-RISC 2.0 machine.  Symbolic
+ *  definitions for registers and stack offsets are included within this
+ *  one source file.
+ *
+ *  This is a leaf routine.  As such, minimal use is made of the stack area.
+ *  Of the 192 bytes allocated, 64 bytes are used for saving/restoring eight
+ *  general registers, and 128 bytes are used to move intermediate products
+ *  from the floating-point registers to the general registers.  Stack
+ *  protocols assure proper alignment of these areas.
+ *
+ */
+
+
+/*  ====================================================================*/
+/*      symbolic definitions for PA-RISC registers      */
+/*      in the MIPS style, avoids lots of case shifts       */
+/*      assigments (except t4) preserve register number parity  */
+/*  ====================================================================*/
+
+#define zero    %r0         /* permanent zero */
+#define t5      %r1         /* temp register, altered by addil */
+
+#define rp      %r2         /* return pointer */
+
+#define s1      %r3         /* callee saves register*/
+#define s0      %r4         /* callee saves register*/
+#define s3      %r5         /* callee saves register*/
+#define s2      %r6         /* callee saves register*/
+#define s5      %r7         /* callee saves register*/
+#define s4      %r8         /* callee saves register*/
+#define s7      %r9         /* callee saves register*/
+#define s6      %r10        /* callee saves register*/
+
+#define t1      %r19        /* caller saves register*/
+#define t0      %r20        /* caller saves register*/
+#define t3      %r21        /* caller saves register*/
+#define t2      %r22        /* caller saves register*/
+
+#define a3      %r23        /* fourth argument register, high word */
+#define a2      %r24        /* third argument register, low word*/
+#define a1      %r25        /* second argument register, high word*/
+#define a0      %r26        /* first argument register, low word*/
+
+#define v0      %r28        /* high order return value*/
+#define v1      %r29        /* low order return value*/
+
+#define sp      %r30        /* stack pointer*/
+#define t4      %r31        /* temporary register   */
+
+#define fa0     %fr4        /* first argument register*/
+#define fa1     %fr5        /* second argument register*/
+#define fa2     %fr6        /* third argument register*/
+#define fa3     %fr7        /* fourth argument register*/
+
+#define fa0r    %fr4R       /* first argument register*/
+#define fa1r    %fr5R       /* second argument register*/
+#define fa2r    %fr6R       /* third argument register*/
+#define fa3r    %fr7R       /* fourth argument register*/
+
+#define ft0     %fr8        /* caller saves register*/
+#define ft1     %fr9        /* caller saves register*/
+#define ft2     %fr10       /* caller saves register*/
+#define ft3     %fr11       /* caller saves register*/
+
+#define ft0r    %fr8R       /* caller saves register*/
+#define ft1r    %fr9R       /* caller saves register*/
+#define ft2r    %fr10R      /* caller saves register*/
+#define ft3r    %fr11R      /* caller saves register*/
+
+#define ft4     %fr22       /* caller saves register*/
+#define ft5     %fr23       /* caller saves register*/
+#define ft6     %fr24       /* caller saves register*/
+#define ft7     %fr25       /* caller saves register*/
+#define ft8     %fr26       /* caller saves register*/
+#define ft9     %fr27       /* caller saves register*/
+#define ft10    %fr28       /* caller saves register*/
+#define ft11    %fr29       /* caller saves register*/
+#define ft12    %fr30       /* caller saves register*/
+#define ft13    %fr31       /* caller saves register*/
+
+#define ft4r    %fr22R      /* caller saves register*/
+#define ft5r    %fr23R      /* caller saves register*/
+#define ft6r    %fr24R      /* caller saves register*/
+#define ft7r    %fr25R      /* caller saves register*/
+#define ft8r    %fr26R      /* caller saves register*/
+#define ft9r    %fr27R      /* caller saves register*/
+#define ft10r   %fr28R      /* caller saves register*/
+#define ft11r   %fr29R      /* caller saves register*/
+#define ft12r   %fr30R      /* caller saves register*/
+#define ft13r   %fr31R      /* caller saves register*/
+
+
+
+/*  ================================================================== */
+/*      functional definitions for PA-RISC registers           */
+/*  ================================================================== */
+
+/*              general registers           */
+
+#define T1      a0          /* temp, (length parameter ignored)             */
+
+#define pM      a1          /* -> 64-bit multiplier                         */
+#define T2      a1          /* temp, (after fetching multiplier)            */
+
+#define pA      a2          /* -> multiplicand vector (8 64-bit words)      */
+#define T3      a2          /* temp, (after fetching multiplicand)          */
+
+#define pR      a3          /* -> addend vector (8 64-bit doublewords,
+                                  result vector (9 64-bit words)            */
+
+#define S0      s0          /* callee saves summand registers               */
+#define S1      s1
+#define S2      s2
+#define S3      s3
+#define S4      s4
+#define S5      s5
+#define S6      s6
+#define S7      s7
+
+#define S8      v0          /* caller saves summand registers               */
+#define S9      v1
+#define S10     t0
+#define S11     t1
+#define S12     t2
+#define S13     t3
+#define S14     t4
+#define S15     t5
+
+
+
+/*              floating-point registers                                    */
+
+#define M       fa0         /* multiplier double word                       */
+#define MR      fa0r        /* low order half of multiplier double word     */
+#define ML      fa0         /* high order half of multiplier double word    */
+
+#define A0      fa2         /* multiplicand double word 0                   */
+#define A0R     fa2r        /* low order half of multiplicand double word   */
+#define A0L     fa2         /* high order half of multiplicand double word  */
+
+#define A1      fa3         /* multiplicand double word 1                   */
+#define A1R     fa3r        /* low order half of multiplicand double word   */
+#define A1L     fa3         /* high order half of multiplicand double word  */
+
+#define A2      ft0         /* multiplicand double word 2                   */
+#define A2R     ft0r        /* low order half of multiplicand double word   */
+#define A2L     ft0         /* high order half of multiplicand double word  */
+
+#define A3      ft1         /* multiplicand double word 3                   */
+#define A3R     ft1r        /* low order half of multiplicand double word   */
+#define A3L     ft1         /* high order half of multiplicand double word  */
+
+#define A4      ft2         /* multiplicand double word 4                   */
+#define A4R     ft2r        /* low order half of multiplicand double word   */
+#define A4L     ft2         /* high order half of multiplicand double word  */
+
+#define A5      ft3         /* multiplicand double word 5                   */
+#define A5R     ft3r        /* low order half of multiplicand double word   */
+#define A5L     ft3         /* high order half of multiplicand double word  */
+
+#define A6      ft4         /* multiplicand double word 6                   */
+#define A6R     ft4r        /* low order half of multiplicand double word   */
+#define A6L     ft4         /* high order half of multiplicand double word  */
+
+#define A7      ft5         /* multiplicand double word 7                   */
+#define A7R     ft5r        /* low order half of multiplicand double word   */
+#define A7L     ft5         /* high order half of multiplicand double word  */
+
+#define P0      ft6         /* product word 0                               */
+#define P1      ft7         /* product word 0                               */
+#define P2      ft8         /* product word 0                               */
+#define P3      ft9         /* product word 0                               */
+#define P4      ft10        /* product word 0                               */
+#define P5      ft11        /* product word 0                               */
+#define P6      ft12        /* product word 0                               */
+#define P7      ft13        /* product word 0                               */
+
+
+
+
+/*  ======================================================================  */
+/*      symbolic definitions for HP-UX stack offsets                        */
+/*      symbolic definitions for memory NOPs                                */
+/*  ======================================================================  */
+
+#define ST_SZ       192         /* stack area total size                    */
+
+#define SV0         -192(sp)    /* general register save area               */
+#define SV1         -184(sp)
+#define SV2         -176(sp)
+#define SV3         -168(sp)
+#define SV4         -160(sp)
+#define SV5         -152(sp)
+#define SV6         -144(sp)
+#define SV7         -136(sp)
+
+#define XF0         -128(sp)    /* data transfer area                       */
+#define XF1         -120(sp)    /* for floating-pt to integer regs          */
+#define XF2         -112(sp)
+#define XF3         -104(sp)
+#define XF4         -96(sp)
+#define XF5         -88(sp)
+#define XF6         -80(sp)
+#define XF7         -72(sp)
+#define XF8         -64(sp)
+#define XF9         -56(sp)
+#define XF10        -48(sp)
+#define XF11        -40(sp)
+#define XF12        -32(sp)
+#define XF13        -24(sp)
+#define XF14        -16(sp)
+#define XF15        -8(sp)
+
+#define mnop    proberi (sp),3,zero     /* memory NOP                       */
+
+
+
+
+/*  ======================================================================  */
+/*      assembler formalities                                               */
+/*  ======================================================================  */
+
+#ifdef __LP64__
+                .level  2.0W
+#else
+                .level  2.0
+#endif
+                .space    $TEXT$
+                .subspa   $CODE$
+                .align    16
+
+/*  ======================================================================  */
+/*      here to compute 64-bit x 512-bit product + 512-bit addend           */
+/*  ======================================================================  */
+
+multacc512
+        .PROC
+        .CALLINFO
+        .ENTRY
+    fldd    0(pM),M                 ; multiplier double word
+    ldo     ST_SZ(sp),sp            ; push stack
+
+    fldd    0(pA),A0                ; multiplicand double word 0
+    std     S1,SV1                  ; save s1
+
+    fldd    16(pA),A2               ; multiplicand double word 2
+    std     S3,SV3                  ; save s3
+
+    fldd    32(pA),A4               ; multiplicand double word 4
+    std     S5,SV5                  ; save s5
+
+    fldd    48(pA),A6               ; multiplicand double word 6
+    std     S7,SV7                  ; save s7
+
+
+    std     S0,SV0                  ; save s0
+    fldd    8(pA),A1                ; multiplicand double word 1
+    xmpyu   MR,A0L,P0               ; A0 cross 32-bit word products
+    xmpyu   ML,A0R,P2
+
+    std     S2,SV2                  ; save s2
+    fldd    24(pA),A3               ; multiplicand double word 3
+    xmpyu   MR,A2L,P4               ; A2 cross 32-bit word products
+    xmpyu   ML,A2R,P6
+
+    std     S4,SV4                  ; save s4
+    fldd    40(pA),A5               ; multiplicand double word 5
+
+    std     S6,SV6                  ; save s6
+    fldd    56(pA),A7               ; multiplicand double word 7
+
+
+    fstd    P0,XF0                  ; MR * A0L
+    xmpyu   MR,A0R,P0               ; A0 right 32-bit word product
+    xmpyu   MR,A1L,P1               ; A1 cross 32-bit word product
+
+    fstd    P2,XF2                  ; ML * A0R
+    xmpyu   ML,A0L,P2               ; A0 left 32-bit word product
+    xmpyu   ML,A1R,P3               ; A1 cross 32-bit word product
+
+    fstd    P4,XF4                  ; MR * A2L
+    xmpyu   MR,A2R,P4               ; A2 right 32-bit word product
+    xmpyu   MR,A3L,P5               ; A3 cross 32-bit word product
+
+    fstd    P6,XF6                  ; ML * A2R
+    xmpyu   ML,A2L,P6               ; A2 parallel 32-bit word product
+    xmpyu   ML,A3R,P7               ; A3 cross 32-bit word product
+
+
+    ldd     XF0,S0                  ; MR * A0L
+    fstd    P1,XF1                  ; MR * A1L
+
+    ldd     XF2,S2                  ; ML * A0R
+    fstd    P3,XF3                  ; ML * A1R
+
+    ldd     XF4,S4                  ; MR * A2L
+    fstd    P5,XF5                  ; MR * A3L
+    xmpyu   MR,A1R,P1               ; A1 parallel 32-bit word products
+    xmpyu   ML,A1L,P3
+
+    ldd     XF6,S6                  ; ML * A2R
+    fstd    P7,XF7                  ; ML * A3R
+    xmpyu   MR,A3R,P5               ; A3 parallel 32-bit word products
+    xmpyu   ML,A3L,P7
+
+
+    fstd    P0,XF0                  ; MR * A0R
+    ldd     XF1,S1                  ; MR * A1L
+    nop
+    add     S0,S2,T1                ; A0 cross product sum
+
+    fstd    P2,XF2                  ; ML * A0L
+    ldd     XF3,S3                  ; ML * A1R
+    add,dc  zero,zero,S0            ; A0 cross product sum carry
+    depd,z  T1,31,32,S2             ; A0 cross product sum << 32
+
+    fstd    P4,XF4                  ; MR * A2R
+    ldd     XF5,S5                  ; MR * A3L
+    shrpd   S0,T1,32,S0             ; A0 carry | cross product sum >> 32
+    add     S4,S6,T3                ; A2 cross product sum
+
+    fstd    P6,XF6                  ; ML * A2L
+    ldd     XF7,S7                  ; ML * A3R
+    add,dc  zero,zero,S4            ; A2 cross product sum carry
+    depd,z  T3,31,32,S6             ; A2 cross product sum << 32
+
+
+    ldd     XF0,S8                  ; MR * A0R
+    fstd    P1,XF1                  ; MR * A1R
+    xmpyu   MR,A4L,P0               ; A4 cross 32-bit word product
+    xmpyu   MR,A5L,P1               ; A5 cross 32-bit word product
+
+    ldd     XF2,S10                 ; ML * A0L
+    fstd    P3,XF3                  ; ML * A1L
+    xmpyu   ML,A4R,P2               ; A4 cross 32-bit word product
+    xmpyu   ML,A5R,P3               ; A5 cross 32-bit word product
+
+    ldd     XF4,S12                 ; MR * A2R
+    fstd    P5,XF5                  ; MR * A3L
+    xmpyu   MR,A6L,P4               ; A6 cross 32-bit word product
+    xmpyu   MR,A7L,P5               ; A7 cross 32-bit word product
+
+    ldd     XF6,S14                 ; ML * A2L
+    fstd    P7,XF7                  ; ML * A3L
+    xmpyu   ML,A6R,P6               ; A6 cross 32-bit word product
+    xmpyu   ML,A7R,P7               ; A7 cross 32-bit word product
+
+
+    fstd    P0,XF0                  ; MR * A4L
+    ldd     XF1,S9                  ; MR * A1R
+    shrpd   S4,T3,32,S4             ; A2 carry | cross product sum >> 32
+    add     S1,S3,T1                ; A1 cross product sum
+
+    fstd    P2,XF2                  ; ML * A4R
+    ldd     XF3,S11                 ; ML * A1L
+    add,dc  zero,zero,S1            ; A1 cross product sum carry
+    depd,z  T1,31,32,S3             ; A1 cross product sum << 32
+
+    fstd    P4,XF4                  ; MR * A6L
+    ldd     XF5,S13                 ; MR * A3R
+    shrpd   S1,T1,32,S1             ; A1 carry | cross product sum >> 32
+    add     S5,S7,T3                ; A3 cross product sum
+
+    fstd    P6,XF6                  ; ML * A6R
+    ldd     XF7,S15                 ; ML * A3L
+    add,dc  zero,zero,S5            ; A3 cross product sum carry
+    depd,z  T3,31,32,S7             ; A3 cross product sum << 32
+
+
+    shrpd   S5,T3,32,S5             ; A3 carry | cross product sum >> 32
+    add     S2,S8,S8                ; M * A0 right doubleword, P0 doubleword
+
+    add,dc  S0,S10,S10              ; M * A0 left doubleword
+    add     S3,S9,S9                ; M * A1 right doubleword
+
+    add,dc  S1,S11,S11              ; M * A1 left doubleword
+    add     S6,S12,S12              ; M * A2 right doubleword
+
+
+    ldd     24(pR),S3               ; Addend word 3
+    fstd    P1,XF1                  ; MR * A5L
+    add,dc  S4,S14,S14              ; M * A2 left doubleword
+    xmpyu   MR,A5R,P1               ; A5 right 32-bit word product
+
+    ldd     8(pR),S1                ; Addend word 1
+    fstd    P3,XF3                  ; ML * A5R
+    add     S7,S13,S13              ; M * A3 right doubleword
+    xmpyu   ML,A5L,P3               ; A5 left 32-bit word product
+
+    ldd     0(pR),S7                ; Addend word 0
+    fstd    P5,XF5                  ; MR * A7L
+    add,dc  S5,S15,S15              ; M * A3 left doubleword
+    xmpyu   MR,A7R,P5               ; A7 right 32-bit word product
+
+    ldd     16(pR),S5               ; Addend word 2
+    fstd    P7,XF7                  ; ML * A7R
+    add     S10,S9,S9               ; P1 doubleword
+    xmpyu   ML,A7L,P7               ; A7 left 32-bit word products
+
+
+    ldd     XF0,S0                  ; MR * A4L
+    fstd    P1,XF9                  ; MR * A5R
+    add,dc  S11,S12,S12             ; P2 doubleword
+    xmpyu   MR,A4R,P0               ; A4 right 32-bit word product
+
+    ldd     XF2,S2                  ; ML * A4R
+    fstd    P3,XF11                 ; ML * A5L
+    add,dc  S14,S13,S13             ; P3 doubleword
+    xmpyu   ML,A4L,P2               ; A4 left 32-bit word product
+
+    ldd     XF6,S6                  ; ML * A6R
+    fstd    P5,XF13                 ; MR * A7R
+    add,dc  zero,S15,T2             ; P4 partial doubleword
+    xmpyu   MR,A6R,P4               ; A6 right 32-bit word product
+
+    ldd     XF4,S4                  ; MR * A6L
+    fstd    P7,XF15                 ; ML * A7L
+    add     S7,S8,S8                ; R0 + P0, new R0 doubleword
+    xmpyu   ML,A6L,P6               ; A6 left 32-bit word product
+
+
+    fstd    P0,XF0                  ; MR * A4R
+    ldd     XF7,S7                  ; ML * A7R
+    add,dc  S1,S9,S9                ; c + R1 + P1, new R1 doubleword
+
+    fstd    P2,XF2                  ; ML * A4L
+    ldd     XF1,S1                  ; MR * A5L
+    add,dc  S5,S12,S12              ; c + R2 + P2, new R2 doubleword
+
+    fstd    P4,XF4                  ; MR * A6R
+    ldd     XF5,S5                  ; MR * A7L
+    add,dc  S3,S13,S13              ; c + R3 + P3, new R3 doubleword
+
+    fstd    P6,XF6                  ; ML * A6L
+    ldd     XF3,S3                  ; ML * A5R
+    add,dc  zero,T2,T2              ; c + partial P4
+    add     S0,S2,T1                ; A4 cross product sum
+
+
+    std     S8,0(pR)                ; save R0
+    add,dc  zero,zero,S0            ; A4 cross product sum carry
+    depd,z  T1,31,32,S2             ; A4 cross product sum << 32
+
+    std     S9,8(pR)                ; save R1
+    shrpd   S0,T1,32,S0             ; A4 carry | cross product sum >> 32
+    add     S4,S6,T3                ; A6 cross product sum
+
+    std     S12,16(pR)              ; save R2
+    add,dc  zero,zero,S4            ; A6 cross product sum carry
+    depd,z  T3,31,32,S6             ; A6 cross product sum << 32
+
+
+    std     S13,24(pR)              ; save R3
+    shrpd   S4,T3,32,S4             ; A6 carry | cross product sum >> 32
+    add     S1,S3,T1                ; A5 cross product sum
+
+    ldd     XF0,S8                  ; MR * A4R
+    add,dc  zero,zero,S1            ; A5 cross product sum carry
+    depd,z  T1,31,32,S3             ; A5 cross product sum << 32
+
+    ldd     XF2,S10                 ; ML * A4L
+    ldd     XF9,S9                  ; MR * A5R
+    shrpd   S1,T1,32,S1             ; A5 carry | cross product sum >> 32
+    add     S5,S7,T3                ; A7 cross product sum
+
+    ldd     XF4,S12                 ; MR * A6R
+    ldd     XF11,S11                ; ML * A5L
+    add,dc  zero,zero,S5            ; A7 cross product sum carry
+    depd,z  T3,31,32,S7             ; A7 cross product sum << 32
+
+    ldd     XF6,S14                 ; ML * A6L
+    ldd     XF13,S13                ; MR * A7R
+    shrpd   S5,T3,32,S5             ; A7 carry | cross product sum >> 32
+    add     S2,S8,S8                ; M * A4 right doubleword
+
+
+    ldd     XF15,S15                ; ML * A7L
+    add,dc  S0,S10,S10              ; M * A4 left doubleword
+    add     S3,S9,S9                ; M * A5 right doubleword
+
+    add,dc  S1,S11,S11              ; M * A5 left doubleword
+    add     S6,S12,S12              ; M * A6 right doubleword
+
+    ldd     32(pR),S0               ; Addend word 4
+    ldd     40(pR),S1               ; Addend word 5
+    add,dc  S4,S14,S14              ; M * A6 left doubleword
+    add     S7,S13,S13              ; M * A7 right doubleword
+
+    ldd     48(pR),S2               ; Addend word 6
+    ldd     56(pR),S3               ; Addend word 7
+    add,dc  S5,S15,S15              ; M * A7 left doubleword
+    add     S8,T2,S8                ; P4 doubleword
+
+    ldd     64(pR),S4               ; Addend word 8
+    ldd     SV5,s5                  ; restore s5
+    add,dc  S10,S9,S9               ; P5 doubleword
+    add,dc  S11,S12,S12             ; P6 doubleword
+
+
+    ldd     SV6,s6                  ; restore s6
+    ldd     SV7,s7                  ; restore s7
+    add,dc  S14,S13,S13             ; P7 doubleword
+    add,dc  zero,S15,S15            ; P8 doubleword
+
+    add     S0,S8,S8                ; new R4 doubleword
+
+    ldd     SV0,s0                  ; restore s0
+    std     S8,32(pR)               ; save R4
+    add,dc  S1,S9,S9                ; new R5 doubleword
+
+    ldd     SV1,s1                  ; restore s1
+    std     S9,40(pR)               ; save R5
+    add,dc  S2,S12,S12              ; new R6 doubleword
+
+    ldd     SV2,s2                  ; restore s2
+    std     S12,48(pR)              ; save R6
+    add,dc  S3,S13,S13              ; new R7 doubleword
+
+    ldd     SV3,s3                  ; restore s3
+    std     S13,56(pR)              ; save R7
+    add,dc  S4,S15,S15              ; new R8 doubleword
+
+    ldd     SV4,s4                  ; restore s4
+    std     S15,64(pR)              ; save result[8]
+    add,dc  zero,zero,v0            ; return carry from R8
+
+    CMPIB,*= 0,v0,$L0               ; if no overflow, exit
+    LDO     8(pR),pR
+
+$FINAL1                             ; Final carry propagation
+    LDD     64(pR),v0
+    LDO     8(pR),pR
+    ADDI    1,v0,v0
+    CMPIB,*= 0,v0,$FINAL1           ; Keep looping if there is a carry.
+    STD     v0,56(pR)
+$L0
+    bv      zero(rp)                ; -> caller
+    ldo     -ST_SZ(sp),sp           ; pop stack
+
+/*  ======================================================================  */
+/*      end of module                                                       */
+/*  ======================================================================  */
+
+
+        bve (rp)
+        .EXIT
+        nop
+                .PROCEND
+                .SPACE         $TEXT$
+                .SUBSPA        $CODE$
+                .EXPORT        multacc512,ENTRY
+
+        .end
diff --git a/nss/lib/freebl/mpi/hppa20.s b/nss/lib/freebl/mpi/hppa20.s
new file mode 100644
index 0000000..c72de8a
--- /dev/null
+++ b/nss/lib/freebl/mpi/hppa20.s
@@ -0,0 +1,904 @@
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#ifdef __LP64__
+        .LEVEL   2.0W
+#else
+;       .LEVEL   1.1
+;       .ALLOW   2.0N
+        .LEVEL   2.0
+#endif
+        .SPACE   $TEXT$,SORT=8
+        .SUBSPA  $CODE$,QUAD=0,ALIGN=4,ACCESS=0x2c,CODE_ONLY,SORT=24
+
+; ***************************************************************
+;
+;                 maxpy_[little/big]
+;
+; ***************************************************************
+
+; There is no default -- you must specify one or the other.
+#define LITTLE_WORDIAN 1
+
+#ifdef LITTLE_WORDIAN
+#define EIGHT 8
+#define SIXTEEN 16
+#define THIRTY_TWO 32
+#define UN_EIGHT -8
+#define UN_SIXTEEN -16
+#define UN_TWENTY_FOUR -24
+#endif
+
+#ifdef BIG_WORDIAN
+#define EIGHT -8
+#define SIXTEEN -16
+#define THIRTY_TWO -32
+#define UN_EIGHT 8
+#define UN_SIXTEEN 16
+#define UN_TWENTY_FOUR 24
+#endif
+
+; This performs a multiple-precision integer version of "daxpy",
+; Using the selected addressing direction.  "Little-wordian" means that
+; the least significant word of a number is stored at the lowest address.
+; "Big-wordian" means that the most significant word is at the lowest
+; address.  Either way, the incoming address of the vector is that
+; of the least significant word.  That means that, for little-wordian
+; addressing, we move the address upward as we propagate carries
+; from the least significant word to the most significant.  For
+; big-wordian we move the address downward.
+
+; We use the following registers:
+;
+;     r2   return PC, of course
+;     r26 = arg1 =  length
+;     r25 = arg2 =  address of scalar
+;     r24 = arg3 =  multiplicand vector
+;     r23 = arg4 =  result vector
+;
+;     fr9 = scalar loaded once only from r25
+
+; The cycle counts shown in the bodies below are simply the result of a
+; scheduling by hand.  The actual PCX-U hardware does it differently.
+; The intention is that the overall speed is the same.
+
+; The pipeline startup and shutdown code is constructed in the usual way,
+; by taking the loop bodies and removing unnecessary instructions.
+; We have left the comments describing cycle numbers in the code.
+; These are intended for reference when comparing with the main loop,
+; and have no particular relationship to actual cycle numbers.
+
+#ifdef LITTLE_WORDIAN
+maxpy_little
+#else
+maxpy_big
+#endif
+        .PROC
+        .CALLINFO FRAME=120,ENTRY_GR=4
+        .ENTRY
+        STW,MA  %r3,128(%sp)
+        STW     %r4,-124(%sp)
+
+        ADDIB,< -1,%r26,$L0         ; If N = 0, exit immediately.
+        FLDD    0(%r25),%fr9        ; fr9 = scalar
+
+; First startup
+
+        FLDD    0(%r24),%fr24       ; Cycle 1
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        CMPIB,> 3,%r26,$N_IS_SMALL  ; Pick out cases N = 1, 2, or 3
+        XMPYU   %fr9L,%fr24R,%fr24  ; Cycle 6
+        FLDD    EIGHT(%r24),%fr28   ; Cycle 8
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        FSTD    %fr24,-96(%sp)
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        FSTD    %fr25,-80(%sp)
+        LDO     SIXTEEN(%r24),%r24  ; Cycle 12
+        FSTD    %fr31,-64(%sp)
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        FSTD    %fr27,-48(%sp)
+
+; Second startup
+
+        XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        FSTD    %fr30,-56(%sp)
+        FLDD    0(%r24),%fr24
+
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        LDD     -96(%sp),%r3
+        FSTD    %fr29,-72(%sp)
+
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        XMPYU   %fr9L,%fr24R,%fr24  ; Cycle 6
+        LDD     -56(%sp),%r20
+        ADD     %r21,%r3,%r3
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        LDD     -88(%sp),%r4
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -48(%sp),%r1
+
+        FLDD    EIGHT(%r24),%fr28   ; Cycle 8
+        LDD     -104(%sp),%r31
+        ADD,DC  %r0,%r0,%r20
+        SHRPD   %r19,%r3,32,%r3
+
+        LDD     -72(%sp),%r29       ; Cycle 9
+        SHRPD   %r20,%r19,32,%r20
+        ADD     %r21,%r1,%r1
+
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        ADD,DC  %r3,%r4,%r4
+        FSTD    %fr24,-96(%sp)
+
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        ADD,DC  %r0,%r20,%r20
+        LDD     0(%r23),%r3
+        FSTD    %fr25,-80(%sp)
+
+        LDO     SIXTEEN(%r24),%r24  ; Cycle 12
+        FSTD    %fr31,-64(%sp)
+
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        ADD     %r0,%r0,%r0         ; clear the carry bit
+        ADDIB,<= -4,%r26,$ENDLOOP   ; actually happens in cycle 12
+        FSTD    %fr27,-48(%sp)
+;        MFCTL   %cr16,%r21         ; for timing
+;        STD     %r21,-112(%sp)
+
+; Here is the loop.
+
+$LOOP   XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        ADD,DC  %r29,%r4,%r4
+        FSTD    %fr30,-56(%sp)
+        FLDD    0(%r24),%fr24
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr26,-88(%sp)
+
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        ADD     %r3,%r1,%r1
+        FSTD    %fr28,-104(%sp)
+        LDD     UN_EIGHT(%r23),%r21
+
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        ADD,DC  %r21,%r4,%r28
+        FSTD    %fr29,-72(%sp)    
+        LDD     -96(%sp),%r3
+
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        ADD,DC  %r20,%r31,%r22
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        XMPYU   %fr9L,%fr24R,%fr24  ; Cycle 6
+        ADD     %r21,%r3,%r3
+        LDD     -56(%sp),%r20
+        STD     %r1,UN_SIXTEEN(%r23)
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -88(%sp),%r4
+        LDD     -48(%sp),%r1
+
+        ADD,DC  %r0,%r0,%r20        ; Cycle 8
+        SHRPD   %r19,%r3,32,%r3
+        FLDD    EIGHT(%r24),%fr28
+        LDD     -104(%sp),%r31
+
+        SHRPD   %r20,%r19,32,%r20   ; Cycle 9
+        ADD     %r21,%r1,%r1
+        STD     %r28,UN_EIGHT(%r23)
+        LDD     -72(%sp),%r29
+
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        ADD,DC  %r3,%r4,%r4
+        FSTD    %fr24,-96(%sp)
+
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr25,-80(%sp)
+        LDD     0(%r23),%r3
+
+        LDO     SIXTEEN(%r24),%r24  ; Cycle 12
+        FSTD    %fr31,-64(%sp)
+
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        ADD     %r22,%r1,%r1
+        ADDIB,> -2,%r26,$LOOP       ; actually happens in cycle 12
+        FSTD    %fr27,-48(%sp)
+
+$ENDLOOP
+
+; Shutdown code, first stage.
+
+;        MFCTL   %cr16,%r21         ; for timing
+;        STD     %r21,UN_SIXTEEN(%r23)
+;        LDD     -112(%sp),%r21
+;        STD     %r21,UN_EIGHT(%r23)
+
+        XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        ADD,DC  %r29,%r4,%r4
+        CMPIB,= 0,%r26,$ONEMORE
+        FSTD    %fr30,-56(%sp)
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr26,-88(%sp)
+
+        ADD     %r3,%r1,%r1         ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+        LDD     UN_EIGHT(%r23),%r21
+
+        ADD,DC  %r21,%r4,%r28       ; Cycle 4
+        FSTD    %fr29,-72(%sp)    
+        STD     %r28,UN_EIGHT(%r23) ; moved up from cycle 9
+        LDD     -96(%sp),%r3
+
+        ADD,DC  %r20,%r31,%r22      ; Cycle 5
+        STD     %r1,UN_SIXTEEN(%r23)
+$JOIN4
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        ADD     %r21,%r3,%r3        ; Cycle 6
+        LDD     -56(%sp),%r20
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -88(%sp),%r4
+        LDD     -48(%sp),%r1
+
+        ADD,DC  %r0,%r0,%r20        ; Cycle 8
+        SHRPD   %r19,%r3,32,%r3
+        LDD     -104(%sp),%r31
+
+        SHRPD   %r20,%r19,32,%r20   ; Cycle 9
+        ADD     %r21,%r1,%r1
+        LDD     -72(%sp),%r29
+
+        ADD,DC  %r3,%r4,%r4         ; Cycle 10
+
+        ADD,DC  %r0,%r20,%r20       ; Cycle 11
+        LDD     0(%r23),%r3
+
+        ADD     %r22,%r1,%r1        ; Cycle 13
+
+; Shutdown code, second stage.
+
+        ADD,DC  %r29,%r4,%r4        ; Cycle 1
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+
+        LDD     UN_EIGHT(%r23),%r21 ; Cycle 3
+        ADD     %r3,%r1,%r1
+
+        ADD,DC  %r21,%r4,%r28       ; Cycle 4
+
+        ADD,DC  %r20,%r31,%r22      ; Cycle 5
+
+        STD     %r1,UN_SIXTEEN(%r23); Cycle 6
+
+        STD     %r28,UN_EIGHT(%r23) ; Cycle 9
+
+        LDD     0(%r23),%r3         ; Cycle 11
+
+; Shutdown code, third stage.
+
+        LDO     SIXTEEN(%r23),%r23
+        ADD     %r3,%r22,%r1
+$JOIN1  ADD,DC  %r0,%r0,%r21
+        CMPIB,*= 0,%r21,$L0         ; if no overflow, exit
+        STD     %r1,UN_SIXTEEN(%r23)
+
+; Final carry propagation
+
+$FINAL1 LDO     EIGHT(%r23),%r23
+        LDD     UN_SIXTEEN(%r23),%r21
+        ADDI    1,%r21,%r21
+        CMPIB,*= 0,%r21,$FINAL1     ; Keep looping if there is a carry.
+        STD     %r21,UN_SIXTEEN(%r23)
+        B       $L0
+        NOP
+
+; Here is the code that handles the difficult cases N=1, N=2, and N=3.
+; We do the usual trick -- branch out of the startup code at appropriate
+; points, and branch into the shutdown code.
+
+$N_IS_SMALL
+        CMPIB,= 0,%r26,$N_IS_ONE
+        FSTD    %fr24,-96(%sp)      ; Cycle 10
+        FLDD    EIGHT(%r24),%fr28   ; Cycle 8
+        XMPYU   %fr9L,%fr28R,%fr31  ; Cycle 10
+        XMPYU   %fr9R,%fr28L,%fr30  ; Cycle 11
+        FSTD    %fr25,-80(%sp)
+        FSTD    %fr31,-64(%sp)      ; Cycle 12
+        XMPYU   %fr9R,%fr28R,%fr29  ; Cycle 13
+        FSTD    %fr27,-48(%sp)
+        XMPYU   %fr9L,%fr28L,%fr28  ; Cycle 1
+        CMPIB,= 2,%r26,$N_IS_THREE
+        FSTD    %fr30,-56(%sp)
+
+; N = 2
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+        FSTD    %fr28,-104(%sp)     ; Cycle 3
+        LDD     -96(%sp),%r3        ; Cycle 4
+        FSTD    %fr29,-72(%sp)
+        B       $JOIN4
+        ADD     %r0,%r0,%r22
+
+$N_IS_THREE
+        FLDD    SIXTEEN(%r24),%fr24
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        LDD     -96(%sp),%r3
+        FSTD    %fr29,-72(%sp)
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+        B       $JOIN3
+        ADD     %r0,%r0,%r22
+
+$N_IS_ONE
+        FSTD    %fr25,-80(%sp)
+        FSTD    %fr27,-48(%sp)
+        FSTD    %fr26,-88(%sp)      ; Cycle 2
+        B       $JOIN5
+        ADD     %r0,%r0,%r22
+
+; We came out of the unrolled loop with wrong parity.  Do one more
+; single cycle.  This is quite tricky, because of the way the
+; carry chains and SHRPD chains have been chopped up.
+
+$ONEMORE
+
+        FLDD    0(%r24),%fr24
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20
+        FSTD    %fr26,-88(%sp)
+
+        XMPYU   %fr9R,%fr24R,%fr27  ; Cycle 3
+        FSTD    %fr28,-104(%sp)
+        LDD     UN_EIGHT(%r23),%r21
+        ADD     %r3,%r1,%r1
+
+        XMPYU   %fr9R,%fr24L,%fr25  ; Cycle 4
+        ADD,DC  %r21,%r4,%r28
+        STD     %r28,UN_EIGHT(%r23) ; moved from cycle 9
+        LDD     -96(%sp),%r3
+        FSTD    %fr29,-72(%sp)    
+
+        XMPYU   %fr9L,%fr24L,%fr26  ; Cycle 5
+        ADD,DC  %r20,%r31,%r22
+        LDD     -64(%sp),%r19
+        LDD     -80(%sp),%r21
+
+        STD     %r1,UN_SIXTEEN(%r23); Cycle 6
+$JOIN3
+        XMPYU   %fr9L,%fr24R,%fr24
+        LDD     -56(%sp),%r20
+        ADD     %r21,%r3,%r3
+
+        ADD,DC  %r20,%r19,%r19      ; Cycle 7
+        LDD     -88(%sp),%r4
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -48(%sp),%r1
+
+        LDD     -104(%sp),%r31      ; Cycle 8
+        ADD,DC  %r0,%r0,%r20
+        SHRPD   %r19,%r3,32,%r3
+
+        LDD     -72(%sp),%r29       ; Cycle 9
+        SHRPD   %r20,%r19,32,%r20
+        ADD     %r21,%r1,%r1
+
+        ADD,DC  %r3,%r4,%r4         ; Cycle 10
+        FSTD    %fr24,-96(%sp)
+
+        ADD,DC  %r0,%r20,%r20       ; Cycle 11
+        LDD     0(%r23),%r3
+        FSTD    %fr25,-80(%sp)
+
+        ADD     %r22,%r1,%r1        ; Cycle 13
+        FSTD    %fr27,-48(%sp)
+
+; Shutdown code, stage 1-1/2.
+
+        ADD,DC  %r29,%r4,%r4        ; Cycle 1
+
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        ADD,DC  %r0,%r20,%r20     
+        FSTD    %fr26,-88(%sp)
+
+        LDD     UN_EIGHT(%r23),%r21 ; Cycle 3
+        ADD     %r3,%r1,%r1
+
+        ADD,DC  %r21,%r4,%r28       ; Cycle 4
+        STD     %r28,UN_EIGHT(%r23) ; moved from cycle 9
+
+        ADD,DC  %r20,%r31,%r22      ; Cycle 5
+        STD     %r1,UN_SIXTEEN(%r23)
+$JOIN5
+        LDD     -96(%sp),%r3        ; moved from cycle 4
+        LDD     -80(%sp),%r21
+        ADD     %r21,%r3,%r3        ; Cycle 6
+        ADD,DC  %r0,%r0,%r19        ; Cycle 7
+        LDD     -88(%sp),%r4
+        SHRPD   %r3,%r0,32,%r21
+        LDD     -48(%sp),%r1
+        SHRPD   %r19,%r3,32,%r3     ; Cycle 8
+        ADD     %r21,%r1,%r1        ; Cycle 9
+        ADD,DC  %r3,%r4,%r4         ; Cycle 10
+        LDD     0(%r23),%r3         ; Cycle 11
+        ADD     %r22,%r1,%r1        ; Cycle 13
+
+; Shutdown code, stage 2-1/2.
+
+        ADD,DC  %r0,%r4,%r4         ; Cycle 1
+        LDO     SIXTEEN(%r23),%r23  ; Cycle 2
+        LDD     UN_EIGHT(%r23),%r21 ; Cycle 3
+        ADD     %r3,%r1,%r1
+        STD     %r1,UN_SIXTEEN(%r23)
+        ADD,DC  %r21,%r4,%r1
+        B       $JOIN1
+        LDO     EIGHT(%r23),%r23
+
+; exit
+
+$L0
+        LDW     -124(%sp),%r4
+        BVE     (%r2)
+        .EXIT
+        LDW,MB  -128(%sp),%r3
+
+        .PROCEND
+
+; ***************************************************************
+;
+;                 add_diag_[little/big]
+;
+; ***************************************************************
+
+; The arguments are as follows:
+;     r2   return PC, of course
+;     r26 = arg1 =  length
+;     r25 = arg2 =  vector to square
+;     r24 = arg3 =  result vector
+
+#ifdef LITTLE_WORDIAN
+add_diag_little
+#else
+add_diag_big
+#endif
+        .PROC
+        .CALLINFO FRAME=120,ENTRY_GR=4
+        .ENTRY
+        STW,MA  %r3,128(%sp)
+        STW     %r4,-124(%sp)
+
+        ADDIB,< -1,%r26,$Z0         ; If N=0, exit immediately.
+        NOP
+
+; Startup code
+
+        FLDD    0(%r25),%fr7        ; Cycle 2 (alternate body)
+        XMPYU   %fr7R,%fr7R,%fr29   ; Cycle 4
+        XMPYU   %fr7L,%fr7R,%fr27   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr30
+        LDO     SIXTEEN(%r25),%r25  ; Cycle 6
+        FSTD    %fr29,-88(%sp)
+        FSTD    %fr27,-72(%sp)      ; Cycle 7
+        CMPIB,= 0,%r26,$DIAG_N_IS_ONE ; Cycle 1 (main body)
+        FSTD    %fr30,-96(%sp)
+        FLDD    UN_EIGHT(%r25),%fr7 ; Cycle 2
+        LDD     -88(%sp),%r22       ; Cycle 3
+        LDD     -72(%sp),%r31       ; Cycle 4
+        XMPYU   %fr7R,%fr7R,%fr28
+        XMPYU   %fr7L,%fr7R,%fr24   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr31
+        LDD     -96(%sp),%r20       ; Cycle 6
+        FSTD    %fr28,-80(%sp)
+        ADD     %r0,%r0,%r0         ; clear the carry bit
+        ADDIB,<= -2,%r26,$ENDDIAGLOOP ; Cycle 7
+        FSTD    %fr24,-64(%sp)
+
+; Here is the loop.  It is unrolled twice, modelled after the "alternate body" and then the "main body".
+
+$DIAGLOOP
+        SHRPD   %r31,%r0,31,%r3     ; Cycle 1 (alternate body)
+        LDO     SIXTEEN(%r25),%r25
+        LDD     0(%r24),%r1
+        FSTD    %fr31,-104(%sp)
+        SHRPD   %r0,%r31,31,%r4     ; Cycle 2
+        ADD,DC  %r22,%r3,%r3
+        FLDD    UN_SIXTEEN(%r25),%fr7   
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        ADD     %r1,%r3,%r3
+        XMPYU   %fr7R,%fr7R,%fr29   ; Cycle 4
+        LDD     -80(%sp),%r21
+        STD     %r3,0(%r24)
+        XMPYU   %fr7L,%fr7R,%fr27   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr30
+        LDD     -64(%sp),%r29       
+        LDD     EIGHT(%r24),%r1  
+        ADD,DC  %r4,%r20,%r20       ; Cycle 6
+        LDD     -104(%sp),%r19
+        FSTD    %fr29,-88(%sp)
+        ADD     %r20,%r1,%r1        ; Cycle 7
+        FSTD    %fr27,-72(%sp)
+        SHRPD   %r29,%r0,31,%r4     ; Cycle 1 (main body)
+        LDO     THIRTY_TWO(%r24),%r24
+        LDD     UN_SIXTEEN(%r24),%r28
+        FSTD    %fr30,-96(%sp)
+        SHRPD   %r0,%r29,31,%r3     ; Cycle 2
+        ADD,DC  %r21,%r4,%r4
+        FLDD    UN_EIGHT(%r25),%fr7
+        STD     %r1,UN_TWENTY_FOUR(%r24)
+        ADD,DC  %r0,%r19,%r19       ; Cycle 3
+        ADD     %r28,%r4,%r4
+        XMPYU   %fr7R,%fr7R,%fr28   ; Cycle 4
+        LDD     -88(%sp),%r22
+        STD     %r4,UN_SIXTEEN(%r24)
+        XMPYU   %fr7L,%fr7R,%fr24   ; Cycle 5
+        XMPYU   %fr7L,%fr7L,%fr31
+        LDD     -72(%sp),%r31
+        LDD     UN_EIGHT(%r24),%r28
+        ADD,DC  %r3,%r19,%r19       ; Cycle 6
+        LDD     -96(%sp),%r20
+        FSTD    %fr28,-80(%sp)
+        ADD     %r19,%r28,%r28      ; Cycle 7
+        FSTD    %fr24,-64(%sp)
+        ADDIB,> -2,%r26,$DIAGLOOP   ; Cycle 8
+        STD     %r28,UN_EIGHT(%r24)
+
+$ENDDIAGLOOP
+
+        ADD,DC  %r0,%r22,%r22    
+        CMPIB,= 0,%r26,$ONEMOREDIAG
+        SHRPD   %r31,%r0,31,%r3
+
+; Shutdown code, first stage.
+
+        FSTD    %fr31,-104(%sp)     ; Cycle 1 (alternate body)
+        LDD     0(%r24),%r28
+        SHRPD   %r0,%r31,31,%r4     ; Cycle 2
+        ADD     %r3,%r22,%r3
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        LDD     -80(%sp),%r21
+        ADD     %r3,%r28,%r3
+        LDD     -64(%sp),%r29       ; Cycle 4
+        STD     %r3,0(%r24)
+        LDD     EIGHT(%r24),%r1     ; Cycle 5
+        LDO     SIXTEEN(%r25),%r25  ; Cycle 6
+        LDD     -104(%sp),%r19
+        ADD,DC  %r4,%r20,%r20
+        ADD     %r20,%r1,%r1        ; Cycle 7
+        ADD,DC  %r0,%r21,%r21       ; Cycle 8
+        STD     %r1,EIGHT(%r24)
+
+; Shutdown code, second stage.
+
+        SHRPD   %r29,%r0,31,%r4     ; Cycle 1 (main body)
+        LDO     THIRTY_TWO(%r24),%r24
+        LDD     UN_SIXTEEN(%r24),%r1
+        SHRPD   %r0,%r29,31,%r3      ; Cycle 2
+        ADD     %r4,%r21,%r4
+        ADD,DC  %r0,%r19,%r19       ; Cycle 3
+        ADD     %r4,%r1,%r4
+        STD     %r4,UN_SIXTEEN(%r24); Cycle 4
+        LDD     UN_EIGHT(%r24),%r28 ; Cycle 5
+        ADD,DC  %r3,%r19,%r19       ; Cycle 6       
+        ADD     %r19,%r28,%r28      ; Cycle 7
+        ADD,DC  %r0,%r0,%r22        ; Cycle 8
+        CMPIB,*= 0,%r22,$Z0         ; if no overflow, exit
+        STD     %r28,UN_EIGHT(%r24)
+
+; Final carry propagation
+
+$FDIAG2
+        LDO     EIGHT(%r24),%r24
+        LDD     UN_EIGHT(%r24),%r26
+        ADDI    1,%r26,%r26
+        CMPIB,*= 0,%r26,$FDIAG2     ; Keep looping if there is a carry.
+        STD     %r26,UN_EIGHT(%r24)
+
+        B   $Z0
+        NOP
+
+; Here is the code that handles the difficult case N=1.
+; We do the usual trick -- branch out of the startup code at appropriate
+; points, and branch into the shutdown code.
+
+$DIAG_N_IS_ONE
+
+        LDD     -88(%sp),%r22
+        LDD     -72(%sp),%r31
+        B       $JOINDIAG
+        LDD     -96(%sp),%r20
+
+; We came out of the unrolled loop with wrong parity.  Do one more
+; single cycle.  This is the "alternate body".  It will, of course,
+; give us opposite registers from the other case, so we need
+; completely different shutdown code.
+
+$ONEMOREDIAG
+        FSTD    %fr31,-104(%sp)     ; Cycle 1 (alternate body)
+        LDD     0(%r24),%r28
+        FLDD    0(%r25),%fr7        ; Cycle 2
+        SHRPD   %r0,%r31,31,%r4
+        ADD     %r3,%r22,%r3
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        LDD     -80(%sp),%r21
+        ADD     %r3,%r28,%r3
+        LDD     -64(%sp),%r29       ; Cycle 4
+        STD     %r3,0(%r24)
+        XMPYU   %fr7R,%fr7R,%fr29
+        LDD     EIGHT(%r24),%r1     ; Cycle 5
+        XMPYU   %fr7L,%fr7R,%fr27
+        XMPYU   %fr7L,%fr7L,%fr30
+        LDD     -104(%sp),%r19      ; Cycle 6
+        FSTD    %fr29,-88(%sp)
+        ADD,DC  %r4,%r20,%r20
+        FSTD    %fr27,-72(%sp)      ; Cycle 7
+        ADD     %r20,%r1,%r1
+        ADD,DC  %r0,%r21,%r21       ; Cycle 8
+        STD     %r1,EIGHT(%r24)
+
+; Shutdown code, first stage.
+
+        SHRPD   %r29,%r0,31,%r4     ; Cycle 1 (main body)
+        LDO     THIRTY_TWO(%r24),%r24
+        FSTD    %fr30,-96(%sp)
+        LDD     UN_SIXTEEN(%r24),%r1
+        SHRPD   %r0,%r29,31,%r3     ; Cycle 2
+        ADD     %r4,%r21,%r4
+        ADD,DC  %r0,%r19,%r19       ; Cycle 3
+        LDD     -88(%sp),%r22
+        ADD     %r4,%r1,%r4
+        LDD     -72(%sp),%r31       ; Cycle 4
+        STD     %r4,UN_SIXTEEN(%r24)
+        LDD     UN_EIGHT(%r24),%r28 ; Cycle 5
+        LDD     -96(%sp),%r20       ; Cycle 6
+        ADD,DC  %r3,%r19,%r19
+        ADD     %r19,%r28,%r28      ; Cycle 7
+        ADD,DC  %r0,%r22,%r22       ; Cycle 8
+        STD     %r28,UN_EIGHT(%r24)
+
+; Shutdown code, second stage.
+
+$JOINDIAG
+        SHRPD   %r31,%r0,31,%r3     ; Cycle 1 (alternate body)
+        LDD     0(%r24),%r28        
+        SHRPD   %r0,%r31,31,%r4     ; Cycle 2
+        ADD     %r3,%r22,%r3
+        ADD,DC  %r0,%r20,%r20       ; Cycle 3
+        ADD     %r3,%r28,%r3
+        STD     %r3,0(%r24)         ; Cycle 4
+        LDD     EIGHT(%r24),%r1     ; Cycle 5
+        ADD,DC  %r4,%r20,%r20
+        ADD     %r20,%r1,%r1        ; Cycle 7
+        ADD,DC  %r0,%r0,%r21        ; Cycle 8
+        CMPIB,*= 0,%r21,$Z0         ; if no overflow, exit
+        STD     %r1,EIGHT(%r24)
+
+; Final carry propagation
+
+$FDIAG1
+        LDO     EIGHT(%r24),%r24
+        LDD     EIGHT(%r24),%r26
+        ADDI    1,%r26,%r26
+        CMPIB,*= 0,%r26,$FDIAG1    ; Keep looping if there is a carry.
+        STD     %r26,EIGHT(%r24)
+
+$Z0
+        LDW     -124(%sp),%r4
+        BVE     (%r2)
+        .EXIT
+        LDW,MB  -128(%sp),%r3
+        .PROCEND
+;	.ALLOW
+
+        .SPACE         $TEXT$
+        .SUBSPA        $CODE$
+#ifdef LITTLE_WORDIAN
+#ifdef __GNUC__
+; GNU-as (as of 2.19) does not support LONG_RETURN
+        .EXPORT        maxpy_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
+        .EXPORT        add_diag_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+#else
+        .EXPORT        maxpy_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,LONG_RETURN
+        .EXPORT        add_diag_little,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,LONG_RETURN
+#endif
+#else
+        .EXPORT        maxpy_big,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,LONG_RETURN
+        .EXPORT        add_diag_big,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,LONG_RETURN
+#endif
+        .END
+
+
+; How to use "maxpy_PA20_little" and "maxpy_PA20_big"
+; 
+; The routine "maxpy_PA20_little" or "maxpy_PA20_big"
+; performs a 64-bit x any-size multiply, and adds the
+; result to an area of memory.  That is, it performs
+; something like
+; 
+;      A B C D
+;    *       Z
+;   __________
+;    P Q R S T
+; 
+; and then adds the "PQRST" vector into an area of memory,
+; handling all carries.
+; 
+; Digression on nomenclature and endian-ness:
+; 
+; Each of the capital letters in the above represents a 64-bit
+; quantity.  That is, you could think of the discussion as
+; being in terms of radix-16-quintillion arithmetic.  The data
+; type being manipulated is "unsigned long long int".  This
+; requires the 64-bit extension of the HP-UX C compiler,
+; available at release 10.  You need these compiler flags to
+; enable these extensions:
+; 
+;       -Aa +e +DA2.0 +DS2.0
+; 
+; (The first specifies ANSI C, the second enables the
+; extensions, which are beyond ANSI C, and the third and
+; fourth tell the compiler to use whatever features of the
+; PA2.0 architecture it wishes, in order to made the code more
+; efficient.  Since the presence of the assembly code will
+; make the program unable to run on anything less than PA2.0,
+; you might as well gain the performance enhancements in the C
+; code as well.)
+; 
+; Questions of "endian-ness" often come up, usually in the
+; context of byte ordering in a word.  These routines have a
+; similar issue, that could be called "wordian-ness".
+; Independent of byte ordering (PA is always big-endian), one
+; can make two choices when representing extremely large
+; numbers as arrays of 64-bit doublewords in memory.
+; 
+; "Little-wordian" layout means that the least significant
+; word of a number is stored at the lowest address.
+; 
+;   MSW     LSW
+;    |       |
+;    V       V
+; 
+;    A B C D E
+; 
+;    ^     ^ ^
+;    |     | |____ address 0
+;    |     |
+;    |     |_______address 8
+;    |
+;    address 32
+; 
+; "Big-wordian" means that the most significant word is at the
+; lowest address.
+; 
+;   MSW     LSW
+;    |       |
+;    V       V
+; 
+;    A B C D E
+; 
+;    ^     ^ ^
+;    |     | |____ address 32
+;    |     |
+;    |     |_______address 24
+;    |
+;    address 0
+; 
+; When you compile the file, you must specify one or the other, with
+; a switch "-DLITTLE_WORDIAN" or "-DBIG_WORDIAN".
+; 
+;     Incidentally, you assemble this file as part of your
+;     project with the same C compiler as the rest of the program.
+;     My "makefile" for a superprecision arithmetic package has
+;     the following stuff:
+; 
+;     # definitions:
+;     CC = cc -Aa +e -z +DA2.0 +DS2.0 +w1
+;     CFLAGS = +O3
+;     LDFLAGS = -L /usr/lib -Wl,-aarchive
+; 
+;     # general build rule for ".s" files:
+;     .s.o:
+;             $(CC) $(CFLAGS) -c $< -DBIG_WORDIAN
+; 
+;     # Now any bind step that calls for pa20.o will assemble pa20.s
+; 
+; End of digression, back to arithmetic:
+; 
+; The way we multiply two huge numbers is, of course, to multiply
+; the "ABCD" vector by each of the "WXYZ" doublewords, adding
+; the result vectors with increasing offsets, the way we learned
+; in school, back before we all used calculators:
+; 
+;            A B C D
+;          * W X Y Z
+;         __________
+;          P Q R S T
+;        E F G H I
+;      M N O P Q
+;  + R S T U V
+;    _______________
+;    F I N A L S U M
+; 
+; So we call maxpy_PA20_big (in my case; my package is
+; big-wordian) repeatedly, giving the W, X, Y, and Z arguments
+; in turn as the "scalar", and giving the "ABCD" vector each
+; time.  We direct it to add its result into an area of memory
+; that we have cleared at the start.  We skew the exact
+; location into that area with each call.
+; 
+; The prototype for the function is
+; 
+; extern void maxpy_PA20_big(
+;    int length,        /* Number of doublewords in the multiplicand vector. */
+;    const long long int *scalaraddr,    /* Address to fetch the scalar. */
+;    const long long int *multiplicand,  /* The multiplicand vector. */
+;    long long int *result);             /* Where to accumulate the result. */
+; 
+; (You should place a copy of this prototype in an include file
+; or in your C file.)
+; 
+; Now, IN ALL CASES, the given address for the multiplicand or
+; the result is that of the LEAST SIGNIFICANT DOUBLEWORD.
+; That word is, of course, the word at which the routine
+; starts processing.  "maxpy_PA20_little" then increases the
+; addresses as it computes.  "maxpy_PA20_big" decreases them.
+; 
+; In our example above, "length" would be 4 in each case.
+; "multiplicand" would be the "ABCD" vector.  Specifically,
+; the address of the element "D".  "scalaraddr" would be the
+; address of "W", "X", "Y", or "Z" on the four calls that we
+; would make.  (The order doesn't matter, of course.)
+; "result" would be the appropriate address in the result
+; area.  When multiplying by "Z", that would be the least
+; significant word.  When multiplying by "Y", it would be the
+; next higher word (8 bytes higher if little-wordian; 8 bytes
+; lower if big-wordian), and so on.  The size of the result
+; area must be the the sum of the sizes of the multiplicand
+; and multiplier vectors, and must be initialized to zero
+; before we start.
+; 
+; Whenever the routine adds its partial product into the result
+; vector, it follows carry chains as far as they need to go.
+; 
+; Here is the super-precision multiply routine that I use for
+; my package.  The package is big-wordian.  I have taken out
+; handling of exponents (it's a floating point package):
+; 
+; static void mul_PA20(
+;   int size,
+;   const long long int *arg1,
+;   const long long int *arg2,
+;   long long int *result)
+; {
+;    int i;
+; 
+;    for (i=0 ; i<2*size ; i++) result[i] = 0ULL;
+; 
+;    for (i=0 ; i<size ; i++) {
+;       maxpy_PA20_big(size, &arg2[i], &arg1[size-1], &result[size+i]);
+;    }
+; }
diff --git a/nss/lib/freebl/mpi/hppatch.adb b/nss/lib/freebl/mpi/hppatch.adb
new file mode 100644
index 0000000..6875032
--- /dev/null
+++ b/nss/lib/freebl/mpi/hppatch.adb
@@ -0,0 +1,21 @@
+#/bin/sh
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# script to change the system id in an object file from PA-RISC 2.0 to 1.1
+
+adb -w $1 << EOF
+?m 0 -1 0
+0x0?X
+0x0?W (@0x0&~0x40000)|(~@0x0&0x40000)
+
+0?"change checksum"
+0x7c?X
+0x7c?W (@0x7c&~0x40000)|(~@0x7c&0x40000)
+$q
+EOF
+
+exit 0
+
diff --git a/nss/lib/freebl/mpi/logtab.h b/nss/lib/freebl/mpi/logtab.h
new file mode 100644
index 0000000..24cb13c
--- /dev/null
+++ b/nss/lib/freebl/mpi/logtab.h
@@ -0,0 +1,28 @@
+/*
+ *  logtab.h
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const float s_logv_2[] = {
+    0.000000000f, 0.000000000f, 1.000000000f, 0.630929754f, /*  0  1  2  3 */
+    0.500000000f, 0.430676558f, 0.386852807f, 0.356207187f, /*  4  5  6  7 */
+    0.333333333f, 0.315464877f, 0.301029996f, 0.289064826f, /*  8  9 10 11 */
+    0.278942946f, 0.270238154f, 0.262649535f, 0.255958025f, /* 12 13 14 15 */
+    0.250000000f, 0.244650542f, 0.239812467f, 0.235408913f, /* 16 17 18 19 */
+    0.231378213f, 0.227670249f, 0.224243824f, 0.221064729f, /* 20 21 22 23 */
+    0.218104292f, 0.215338279f, 0.212746054f, 0.210309918f, /* 24 25 26 27 */
+    0.208014598f, 0.205846832f, 0.203795047f, 0.201849087f, /* 28 29 30 31 */
+    0.200000000f, 0.198239863f, 0.196561632f, 0.194959022f, /* 32 33 34 35 */
+    0.193426404f, 0.191958720f, 0.190551412f, 0.189200360f, /* 36 37 38 39 */
+    0.187901825f, 0.186652411f, 0.185449023f, 0.184288833f, /* 40 41 42 43 */
+    0.183169251f, 0.182087900f, 0.181042597f, 0.180031327f, /* 44 45 46 47 */
+    0.179052232f, 0.178103594f, 0.177183820f, 0.176291434f, /* 48 49 50 51 */
+    0.175425064f, 0.174583430f, 0.173765343f, 0.172969690f, /* 52 53 54 55 */
+    0.172195434f, 0.171441601f, 0.170707280f, 0.169991616f, /* 56 57 58 59 */
+    0.169293808f, 0.168613099f, 0.167948779f, 0.167300179f, /* 60 61 62 63 */
+    0.166666667f
+};
diff --git a/nss/lib/freebl/mpi/make-logtab b/nss/lib/freebl/mpi/make-logtab
new file mode 100755
index 0000000..fadba1c
--- /dev/null
+++ b/nss/lib/freebl/mpi/make-logtab
@@ -0,0 +1,29 @@
+#!/usr/bin/perl
+
+#
+# make-logtab
+#
+# Generate a table of logarithms of 2 in various bases, for use in
+# estimating the output sizes of various bases.
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$ARRAYNAME = $ENV{'ARRAYNAME'} || "s_logv_2";
+$ARRAYTYPE = $ENV{'ARRAYTYPE'} || "float";
+
+printf("const %s %s[] = {\n   %0.9ff, %0.9ff, ", 
+       $ARRAYTYPE, $ARRAYNAME, 0, 0);
+$brk = 2;
+for($ix = 2; $ix < 64; $ix++) {
+    printf("%0.9ff, ", (log(2)/log($ix)));
+    $brk = ($brk + 1) & 3;
+    if(!$brk) {
+	printf(" /* %2d %2d %2d %2d */\n   ",
+	       $ix - 3, $ix - 2, $ix - 1, $ix);
+    }
+}
+printf("%0.9ff\n};\n\n", (log(2)/log($ix)));
+
+exit 0;
diff --git a/nss/lib/freebl/mpi/make-test-arrays b/nss/lib/freebl/mpi/make-test-arrays
new file mode 100755
index 0000000..ecdd552
--- /dev/null
+++ b/nss/lib/freebl/mpi/make-test-arrays
@@ -0,0 +1,98 @@
+#!/usr/bin/perl
+
+#
+# make-test-arrays
+#
+# Given a test-arrays file, which specifies the test suite names, the
+# names of the functions which perform those test suites, and
+# descriptive comments, this script generates C structures for the
+# mpi-test program.  The input consists of lines of the form:
+#
+# suite-name:function-name:comment
+#
+# The output is written to the standard output.  Blank lines are
+# ignored, and comments beginning with '#' are stripped.
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Read parameters from the environment, if available
+$NAMEVAR = $ENV{'NAMEVAR'} || "g_names";
+$COUNTVAR = $ENV{'COUNTVAR'} || "g_count";
+$FUNCVAR = $ENV{'FUNCVAR'} || "g_tests";
+$DESCVAR = $ENV{'DESCVAR'} || "g_descs";
+$FUNCLEN = 13;
+$NAMELEN = 18;
+$DESCLEN = 45;
+
+#------------------------------------------------------------------------
+# Suck in input from the files on the command line, or standard input
+while(<>) {
+    chomp;
+    s/\#.*$//;
+    next if /^\s*$/;
+
+    ($suite, $func, $desc) = split(/:/, $_);
+
+    $tmp = { "suite" => $suite,
+	     "func"  => $func,
+	     "desc"  => $desc };
+
+    push(@item, $tmp);
+}
+$count = scalar(@item);
+$last = pop(@item);
+
+#------------------------------------------------------------------------
+# Output the table of names
+print "/* Table mapping test suite names to index numbers */\n";
+printf("const int   %s = %d;\n", $COUNTVAR, $count);
+printf("const char *%s[] = {\n", $NAMEVAR);
+
+foreach $elt (@item) {
+    printf("   \"%s\",%s/* %s%s */\n", $elt->{"suite"},
+	   " " x ($NAMELEN - length($elt->{"suite"})),
+	   $elt->{"desc"},
+	   " " x ($DESCLEN - length($elt->{"desc"})));
+}
+printf("   \"%s\" %s/* %s%s */\n", $last->{"suite"},
+       " " x ($NAMELEN - length($last->{"suite"})),
+       $last->{"desc"},
+       " " x ($DESCLEN - length($last->{"desc"})));
+print "};\n\n";
+
+#------------------------------------------------------------------------
+# Output the driver function prototypes
+print "/* Test function prototypes */\n";
+foreach $elt (@item, $last) {
+    printf("int  %s(void);\n", $elt->{"func"});
+}
+print "\n";
+
+#------------------------------------------------------------------------
+# Output the table of functions
+print "/* Table mapping index numbers to functions */\n";
+printf("int (*%s[])(void)  = {\n   ", $FUNCVAR);
+$brk = 0;
+
+foreach $elt (@item) {
+    print($elt->{"func"}, ", ", 
+	  " " x ($FUNCLEN - length($elt->{"func"})));
+    $brk = ($brk + 1) & 3;
+    print "\n   " unless($brk);
+}
+print $last->{"func"}, "\n};\n\n";
+
+#------------------------------------------------------------------------
+# Output the table of descriptions
+print "/* Table mapping index numbers to descriptions */\n";
+printf("const char *%s[] = {\n", $DESCVAR);
+
+foreach $elt (@item) {
+    printf("   \"%s\",\n", $elt->{"desc"});
+}
+printf("   \"%s\"\n};\n\n", $last->{"desc"});
+
+exit 0;
+
diff --git a/nss/lib/freebl/mpi/mdxptest.c b/nss/lib/freebl/mpi/mdxptest.c
new file mode 100644
index 0000000..adbcfc3
--- /dev/null
+++ b/nss/lib/freebl/mpi/mdxptest.c
@@ -0,0 +1,306 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "mpi.h"
+#include "mpi-priv.h"
+
+/* #define OLD_WAY 1  */
+
+/* This key is the 1024-bit test key used for speed testing of RSA private
+** key ops.
+*/
+
+#define CONST const
+
+static CONST unsigned char default_n[128] = {
+    0xc2, 0xae, 0x96, 0x89, 0xaf, 0xce, 0xd0, 0x7b, 0x3b, 0x35, 0xfd, 0x0f, 0xb1, 0xf4, 0x7a, 0xd1,
+    0x3c, 0x7d, 0xb5, 0x86, 0xf2, 0x68, 0x36, 0xc9, 0x97, 0xe6, 0x82, 0x94, 0x86, 0xaa, 0x05, 0x39,
+    0xec, 0x11, 0x51, 0xcc, 0x5c, 0xa1, 0x59, 0xba, 0x29, 0x18, 0xf3, 0x28, 0xf1, 0x9d, 0xe3, 0xae,
+    0x96, 0x5d, 0x6d, 0x87, 0x73, 0xf6, 0xf6, 0x1f, 0xd0, 0x2d, 0xfb, 0x2f, 0x7a, 0x13, 0x7f, 0xc8,
+    0x0c, 0x7a, 0xe9, 0x85, 0xfb, 0xce, 0x74, 0x86, 0xf8, 0xef, 0x2f, 0x85, 0x37, 0x73, 0x0f, 0x62,
+    0x4e, 0x93, 0x17, 0xb7, 0x7e, 0x84, 0x9a, 0x94, 0x11, 0x05, 0xca, 0x0d, 0x31, 0x4b, 0x2a, 0xc8,
+    0xdf, 0xfe, 0xe9, 0x0c, 0x13, 0xc7, 0xf2, 0xad, 0x19, 0x64, 0x28, 0x3c, 0xb5, 0x6a, 0xc8, 0x4b,
+    0x79, 0xea, 0x7c, 0xce, 0x75, 0x92, 0x45, 0x3e, 0xa3, 0x9d, 0x64, 0x6f, 0x04, 0x69, 0x19, 0x17
+};
+
+static CONST unsigned char default_d[128] = {
+    0x13, 0xcb, 0xbc, 0xf2, 0xf3, 0x35, 0x8c, 0x6d, 0x7b, 0x6f, 0xd9, 0xf3, 0xa6, 0x9c, 0xbd, 0x80,
+    0x59, 0x2e, 0x4f, 0x2f, 0x11, 0xa7, 0x17, 0x2b, 0x18, 0x8f, 0x0f, 0xe8, 0x1a, 0x69, 0x5f, 0x6e,
+    0xac, 0x5a, 0x76, 0x7e, 0xd9, 0x4c, 0x6e, 0xdb, 0x47, 0x22, 0x8a, 0x57, 0x37, 0x7a, 0x5e, 0x94,
+    0x7a, 0x25, 0xb5, 0xe5, 0x78, 0x1d, 0x3c, 0x99, 0xaf, 0x89, 0x7d, 0x69, 0x2e, 0x78, 0x9d, 0x1d,
+    0x84, 0xc8, 0xc1, 0xd7, 0x1a, 0xb2, 0x6d, 0x2d, 0x8a, 0xd9, 0xab, 0x6b, 0xce, 0xae, 0xb0, 0xa0,
+    0x58, 0x55, 0xad, 0x5c, 0x40, 0x8a, 0xd6, 0x96, 0x08, 0x8a, 0xe8, 0x63, 0xe6, 0x3d, 0x6c, 0x20,
+    0x49, 0xc7, 0xaf, 0x0f, 0x25, 0x73, 0xd3, 0x69, 0x43, 0x3b, 0xf2, 0x32, 0xf8, 0x3d, 0x5e, 0xee,
+    0x7a, 0xca, 0xd6, 0x94, 0x55, 0xe5, 0xbd, 0x25, 0x34, 0x8d, 0x63, 0x40, 0xb5, 0x8a, 0xc3, 0x01
+};
+
+#define DEFAULT_ITERS 50
+
+typedef clock_t timetype;
+#define gettime(x) *(x) = clock()
+#define subtime(a, b) a -= b
+#define msec(x) ((clock_t)((double)x * 1000.0 / CLOCKS_PER_SEC))
+#define sec(x) (x / CLOCKS_PER_SEC)
+
+struct TimingContextStr {
+    timetype start;
+    timetype end;
+    timetype interval;
+
+    int minutes;
+    int seconds;
+    int millisecs;
+};
+
+typedef struct TimingContextStr TimingContext;
+
+TimingContext *
+CreateTimingContext(void)
+{
+    return (TimingContext *)malloc(sizeof(TimingContext));
+}
+
+void
+DestroyTimingContext(TimingContext *ctx)
+{
+    free(ctx);
+}
+
+void
+TimingBegin(TimingContext *ctx)
+{
+    gettime(&ctx->start);
+}
+
+static void
+timingUpdate(TimingContext *ctx)
+{
+
+    ctx->millisecs = msec(ctx->interval) % 1000;
+    ctx->seconds = sec(ctx->interval);
+    ctx->minutes = ctx->seconds / 60;
+    ctx->seconds %= 60;
+}
+
+void
+TimingEnd(TimingContext *ctx)
+{
+    gettime(&ctx->end);
+    ctx->interval = ctx->end;
+    subtime(ctx->interval, ctx->start);
+    timingUpdate(ctx);
+}
+
+char *
+TimingGenerateString(TimingContext *ctx)
+{
+    static char sBuf[4096];
+
+    sprintf(sBuf, "%d minutes, %d.%03d seconds", ctx->minutes,
+            ctx->seconds, ctx->millisecs);
+    return sBuf;
+}
+
+static void
+dumpBytes(unsigned char *b, int l)
+{
+    int i;
+    if (l <= 0)
+        return;
+    for (i = 0; i < l; ++i) {
+        if (i % 16 == 0)
+            printf("\t");
+        printf(" %02x", b[i]);
+        if (i % 16 == 15)
+            printf("\n");
+    }
+    if ((i % 16) != 0)
+        printf("\n");
+    printf("\n");
+}
+
+static mp_err
+testNewFuncs(const unsigned char *modulusBytes, int modulus_len)
+{
+    mp_err mperr = MP_OKAY;
+    mp_int modulus;
+    unsigned char buf[512];
+
+    mperr = mp_init(&modulus);
+    mperr = mp_read_unsigned_octets(&modulus, modulusBytes, modulus_len);
+    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len);
+    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len + 1);
+    mperr = mp_to_fixlen_octets(&modulus, buf, modulus_len + 4);
+    mperr = mp_to_unsigned_octets(&modulus, buf, modulus_len);
+    mperr = mp_to_signed_octets(&modulus, buf, modulus_len + 1);
+    mp_clear(&modulus);
+    return mperr;
+}
+
+int
+testModExp(const unsigned char *modulusBytes,
+           const unsigned int expo,
+           const unsigned char *input,
+           unsigned char *output,
+           int modulus_len)
+{
+    mp_err mperr = MP_OKAY;
+    mp_int modulus;
+    mp_int base;
+    mp_int exponent;
+    mp_int result;
+
+    mperr = mp_init(&modulus);
+    mperr += mp_init(&base);
+    mperr += mp_init(&exponent);
+    mperr += mp_init(&result);
+    /* we initialize all mp_ints unconditionally, even if some fail.
+    ** This guarantees that the DIGITS pointer is valid (even if null).
+    ** So, mp_clear will do the right thing below.
+    */
+    if (mperr == MP_OKAY) {
+        mperr = mp_read_unsigned_octets(&modulus,
+                                        modulusBytes + (sizeof default_n - modulus_len), modulus_len);
+        mperr += mp_read_unsigned_octets(&base, input, modulus_len);
+        mp_set(&exponent, expo);
+        if (mperr == MP_OKAY) {
+#if OLD_WAY
+            mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
+#else
+            mperr = mp_exptmod(&base, &exponent, &modulus, &result);
+#endif
+            if (mperr == MP_OKAY) {
+                mperr = mp_to_fixlen_octets(&result, output, modulus_len);
+            }
+        }
+    }
+    mp_clear(&base);
+    mp_clear(&result);
+
+    mp_clear(&modulus);
+    mp_clear(&exponent);
+
+    return (int)mperr;
+}
+
+int
+doModExp(const unsigned char *modulusBytes,
+         const unsigned char *exponentBytes,
+         const unsigned char *input,
+         unsigned char *output,
+         int modulus_len)
+{
+    mp_err mperr = MP_OKAY;
+    mp_int modulus;
+    mp_int base;
+    mp_int exponent;
+    mp_int result;
+
+    mperr = mp_init(&modulus);
+    mperr += mp_init(&base);
+    mperr += mp_init(&exponent);
+    mperr += mp_init(&result);
+    /* we initialize all mp_ints unconditionally, even if some fail.
+    ** This guarantees that the DIGITS pointer is valid (even if null).
+    ** So, mp_clear will do the right thing below.
+    */
+    if (mperr == MP_OKAY) {
+        mperr = mp_read_unsigned_octets(&modulus,
+                                        modulusBytes + (sizeof default_n - modulus_len), modulus_len);
+        mperr += mp_read_unsigned_octets(&exponent, exponentBytes, modulus_len);
+        mperr += mp_read_unsigned_octets(&base, input, modulus_len);
+        if (mperr == MP_OKAY) {
+#if OLD_WAY
+            mperr = s_mp_exptmod(&base, &exponent, &modulus, &result);
+#else
+            mperr = mp_exptmod(&base, &exponent, &modulus, &result);
+#endif
+            if (mperr == MP_OKAY) {
+                mperr = mp_to_fixlen_octets(&result, output, modulus_len);
+            }
+        }
+    }
+    mp_clear(&base);
+    mp_clear(&result);
+
+    mp_clear(&modulus);
+    mp_clear(&exponent);
+
+    return (int)mperr;
+}
+
+int
+main(int argc, char **argv)
+{
+    TimingContext *timeCtx;
+    char *progName;
+    long iters = DEFAULT_ITERS;
+    unsigned int modulus_len;
+    int i;
+    int rv;
+    unsigned char buf[1024];
+    unsigned char buf2[1024];
+
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+        progName = strrchr(argv[0], '\\');
+    progName = progName ? progName + 1 : argv[0];
+
+    if (argc >= 2) {
+        iters = atol(argv[1]);
+    }
+
+    if (argc >= 3) {
+        modulus_len = atol(argv[2]);
+    } else
+        modulus_len = sizeof default_n;
+
+    /* no library init function !? */
+
+    memset(buf, 0x41, sizeof buf);
+
+    if (iters < 2) {
+        testNewFuncs(default_n, modulus_len);
+        testNewFuncs(default_n + 1, modulus_len - 1);
+        testNewFuncs(default_n + 2, modulus_len - 2);
+        testNewFuncs(default_n + 3, modulus_len - 3);
+
+        rv = testModExp(default_n, 0, buf, buf2, modulus_len);
+        dumpBytes((unsigned char *)buf2, modulus_len);
+
+        rv = testModExp(default_n, 1, buf, buf2, modulus_len);
+        dumpBytes((unsigned char *)buf2, modulus_len);
+
+        rv = testModExp(default_n, 2, buf, buf2, modulus_len);
+        dumpBytes((unsigned char *)buf2, modulus_len);
+
+        rv = testModExp(default_n, 3, buf, buf2, modulus_len);
+        dumpBytes((unsigned char *)buf2, modulus_len);
+    }
+    rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
+    if (rv != 0) {
+        fprintf(stderr, "Error in modexp operation:\n");
+        exit(1);
+    }
+    dumpBytes((unsigned char *)buf2, modulus_len);
+
+    timeCtx = CreateTimingContext();
+    TimingBegin(timeCtx);
+    i = iters;
+    while (i--) {
+        rv = doModExp(default_n, default_d, buf, buf2, modulus_len);
+        if (rv != 0) {
+            fprintf(stderr, "Error in modexp operation\n");
+            exit(1);
+        }
+    }
+    TimingEnd(timeCtx);
+    printf("%ld iterations in %s\n", iters, TimingGenerateString(timeCtx));
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/montmulf.c b/nss/lib/freebl/mpi/montmulf.c
new file mode 100644
index 0000000..ce8fbc3
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulf.c
@@ -0,0 +1,286 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef SOLARIS
+#define RF_INLINE_MACROS 1
+#endif
+
+static const double TwoTo16 = 65536.0;
+static const double TwoToMinus16 = 1.0 / 65536.0;
+static const double Zero = 0.0;
+static const double TwoTo32 = 65536.0 * 65536.0;
+static const double TwoToMinus32 = 1.0 / (65536.0 * 65536.0);
+
+#ifdef RF_INLINE_MACROS
+
+double upper32(double);
+double lower32(double, double);
+double mod(double, double, double);
+
+void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/,
+                          const double * /* 2^16*/,
+                          const double * /* 0 */,
+                          double * /*result16*/,
+                          double * /* result32 */,
+                          float * /*source - should be unsigned int* converted to float* */);
+
+#else
+#ifdef MP_USE_FLOOR
+#include <math.h>
+#else
+#define floor(d) ((double)((unsigned long long)(d)))
+#endif
+
+static double
+upper32(double x)
+{
+    return floor(x * TwoToMinus32);
+}
+
+static double
+lower32(double x, double y)
+{
+    return x - TwoTo32 * floor(x * TwoToMinus32);
+}
+
+static double
+mod(double x, double oneoverm, double m)
+{
+    return x - m * floor(x * oneoverm);
+}
+
+#endif
+
+static void
+cleanup(double *dt, int from, int tlen)
+{
+    int i;
+    double tmp, tmp1, x, x1;
+
+    tmp = tmp1 = Zero;
+    /* original code **
+     for(i=2*from;i<2*tlen-2;i++)
+       {
+         x=dt[i];
+         dt[i]=lower32(x,Zero)+tmp1;
+         tmp1=tmp;
+         tmp=upper32(x);
+       }
+     dt[tlen-2]+=tmp1;
+     dt[tlen-1]+=tmp;
+     **end original code ***/
+    /* new code ***/
+    for (i = 2 * from; i < 2 * tlen; i += 2) {
+        x = dt[i];
+        x1 = dt[i + 1];
+        dt[i] = lower32(x, Zero) + tmp;
+        dt[i + 1] = lower32(x1, Zero) + tmp1;
+        tmp = upper32(x);
+        tmp1 = upper32(x1);
+    }
+    /** end new code **/
+}
+
+void
+conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+{
+    int i;
+    long long t, t1, a, b, c, d;
+
+    t1 = 0;
+    a = (long long)d16[0];
+    b = (long long)d16[1];
+    for (i = 0; i < ilen - 1; i++) {
+        c = (long long)d16[2 * i + 2];
+        t1 += (unsigned int)a;
+        t = (a >> 32);
+        d = (long long)d16[2 * i + 3];
+        t1 += (b & 0xffff) << 16;
+        t += (b >> 16) + (t1 >> 32);
+        i32[i] = (unsigned int)t1;
+        t1 = t;
+        a = c;
+        b = d;
+    }
+    t1 += (unsigned int)a;
+    t = (a >> 32);
+    t1 += (b & 0xffff) << 16;
+    i32[i] = (unsigned int)t1;
+}
+
+void
+conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+{
+    int i;
+
+#pragma pipeloop(0)
+    for (i = 0; i < len; i++)
+        d32[i] = (double)(i32[i]);
+}
+
+void
+conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+{
+    int i;
+    unsigned int a;
+
+#pragma pipeloop(0)
+    for (i = 0; i < len; i++) {
+        a = i32[i];
+        d16[2 * i] = (double)(a & 0xffff);
+        d16[2 * i + 1] = (double)(a >> 16);
+    }
+}
+
+void
+conv_i32_to_d32_and_d16(double *d32, double *d16,
+                        unsigned int *i32, int len)
+{
+    int i = 0;
+    unsigned int a;
+
+#pragma pipeloop(0)
+#ifdef RF_INLINE_MACROS
+    for (; i < len - 3; i += 4) {
+        i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+                             &(d16[2 * i]), &(d32[i]), (float *)(&(i32[i])));
+    }
+#endif
+    for (; i < len; i++) {
+        a = i32[i];
+        d32[i] = (double)(i32[i]);
+        d16[2 * i] = (double)(a & 0xffff);
+        d16[2 * i + 1] = (double)(a >> 16);
+    }
+}
+
+void
+adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+{
+    long long acc;
+    int i;
+
+    if (i32[len] > 0)
+        i = -1;
+    else {
+        for (i = len - 1; i >= 0; i--) {
+            if (i32[i] != nint[i])
+                break;
+        }
+    }
+    if ((i < 0) || (i32[i] > nint[i])) {
+        acc = 0;
+        for (i = 0; i < len; i++) {
+            acc = acc + (unsigned long long)(i32[i]) - (unsigned long long)(nint[i]);
+            i32[i] = (unsigned int)acc;
+            acc = acc >> 32;
+        }
+    }
+}
+
+/*
+** the lengths of the input arrays should be at least the following:
+** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+** all of them should be different from one another
+**
+*/
+void
+mont_mulf_noconv(unsigned int *result,
+                 double *dm1, double *dm2, double *dt,
+                 double *dn, unsigned int *nint,
+                 int nlen, double dn0)
+{
+    int i, j, jj;
+    int tmp;
+    double digit, m2j, nextm2j, a, b;
+    double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+
+    pdm1 = &(dm1[0]);
+    pdm2 = &(dm2[0]);
+    pdn = &(dn[0]);
+    pdm2[2 * nlen] = Zero;
+
+    if (nlen != 16) {
+        for (i = 0; i < 4 * nlen + 2; i++)
+            dt[i] = Zero;
+
+        a = dt[0] = pdm1[0] * pdm2[0];
+        digit = mod(lower32(a, Zero) * dn0, TwoToMinus16, TwoTo16);
+
+        pdtj = &(dt[0]);
+        for (j = jj = 0; j < 2 * nlen; j++, jj++, pdtj++) {
+            m2j = pdm2[j];
+            a = pdtj[0] + pdn[0] * digit;
+            b = pdtj[1] + pdm1[0] * pdm2[j + 1] + a * TwoToMinus16;
+            pdtj[1] = b;
+
+#pragma pipeloop(0)
+            for (i = 1; i < nlen; i++) {
+                pdtj[2 * i] += pdm1[i] * m2j + pdn[i] * digit;
+            }
+            if ((jj == 30)) {
+                cleanup(dt, j / 2 + 1, 2 * nlen + 1);
+                jj = 0;
+            }
+
+            digit = mod(lower32(b, Zero) * dn0, TwoToMinus16, TwoTo16);
+        }
+    } else {
+        a = dt[0] = pdm1[0] * pdm2[0];
+
+        dt[65] = dt[64] = dt[63] = dt[62] = dt[61] = dt[60] =
+            dt[59] = dt[58] = dt[57] = dt[56] = dt[55] = dt[54] =
+                dt[53] = dt[52] = dt[51] = dt[50] = dt[49] = dt[48] =
+                    dt[47] = dt[46] = dt[45] = dt[44] = dt[43] = dt[42] =
+                        dt[41] = dt[40] = dt[39] = dt[38] = dt[37] = dt[36] =
+                            dt[35] = dt[34] = dt[33] = dt[32] = dt[31] = dt[30] =
+                                dt[29] = dt[28] = dt[27] = dt[26] = dt[25] = dt[24] =
+                                    dt[23] = dt[22] = dt[21] = dt[20] = dt[19] = dt[18] =
+                                        dt[17] = dt[16] = dt[15] = dt[14] = dt[13] = dt[12] =
+                                            dt[11] = dt[10] = dt[9] = dt[8] = dt[7] = dt[6] =
+                                                dt[5] = dt[4] = dt[3] = dt[2] = dt[1] = Zero;
+
+        pdn_0 = pdn[0];
+        pdm1_0 = pdm1[0];
+
+        digit = mod(lower32(a, Zero) * dn0, TwoToMinus16, TwoTo16);
+        pdtj = &(dt[0]);
+
+        for (j = 0; j < 32; j++, pdtj++) {
+
+            m2j = pdm2[j];
+            a = pdtj[0] + pdn_0 * digit;
+            b = pdtj[1] + pdm1_0 * pdm2[j + 1] + a * TwoToMinus16;
+            pdtj[1] = b;
+
+            /**** this loop will be fully unrolled:
+             for(i=1;i<16;i++)
+               {
+                 pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+               }
+             *************************************/
+            pdtj[2] += pdm1[1] * m2j + pdn[1] * digit;
+            pdtj[4] += pdm1[2] * m2j + pdn[2] * digit;
+            pdtj[6] += pdm1[3] * m2j + pdn[3] * digit;
+            pdtj[8] += pdm1[4] * m2j + pdn[4] * digit;
+            pdtj[10] += pdm1[5] * m2j + pdn[5] * digit;
+            pdtj[12] += pdm1[6] * m2j + pdn[6] * digit;
+            pdtj[14] += pdm1[7] * m2j + pdn[7] * digit;
+            pdtj[16] += pdm1[8] * m2j + pdn[8] * digit;
+            pdtj[18] += pdm1[9] * m2j + pdn[9] * digit;
+            pdtj[20] += pdm1[10] * m2j + pdn[10] * digit;
+            pdtj[22] += pdm1[11] * m2j + pdn[11] * digit;
+            pdtj[24] += pdm1[12] * m2j + pdn[12] * digit;
+            pdtj[26] += pdm1[13] * m2j + pdn[13] * digit;
+            pdtj[28] += pdm1[14] * m2j + pdn[14] * digit;
+            pdtj[30] += pdm1[15] * m2j + pdn[15] * digit;
+            /* no need for cleenup, cannot overflow */
+            digit = mod(lower32(b, Zero) * dn0, TwoToMinus16, TwoTo16);
+        }
+    }
+
+    conv_d16_to_i32(result, dt + 2 * nlen, (long long *)dt, nlen + 1);
+
+    adjust_montf_result(result, nint, nlen);
+}
diff --git a/nss/lib/freebl/mpi/montmulf.h b/nss/lib/freebl/mpi/montmulf.h
new file mode 100644
index 0000000..69bed4a
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulf.h
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*  The functions that are to be called from outside of the .s file have the
+ *  following interfaces and array size requirements:
+ */
+
+void conv_i32_to_d32(double *d32, unsigned int *i32, int len);
+
+/*  Converts an array of int's to an array of doubles, so that each double
+ *  corresponds to an int.  len is the number of items converted.
+ *  Does not allocate the output array.
+ *  The pointers d32 and i32 should point to arrays of size at least  len
+ *  (doubles and unsigned ints, respectively)
+ */
+
+void conv_i32_to_d16(double *d16, unsigned int *i32, int len);
+
+/*  Converts an array of int's to an array of doubles so that each element
+ *  of the int array is converted to a pair of doubles, the first one
+ *  corresponding to the lower (least significant) 16 bits of the int and
+ *  the second one corresponding to the upper (most significant) 16 bits of
+ *  the 32-bit int. len is the number of ints converted.
+ *  Does not allocate the output array.
+ *  The pointer d16 should point to an array of doubles of size at least
+ *  2*len and i32 should point an array of ints of size at least  len
+ */
+
+void conv_i32_to_d32_and_d16(double *d32, double *d16,
+                             unsigned int *i32, int len);
+
+/*  Does the above two conversions together, it is much faster than doing
+ *  both of those in succession
+ */
+
+void mont_mulf_noconv(unsigned int *result,
+                      double *dm1, double *dm2, double *dt,
+                      double *dn, unsigned int *nint,
+                      int nlen, double dn0);
+
+/*  Does the Montgomery multiplication of the numbers stored in the arrays
+ *  pointed to by dm1 and dm2, writing the result to the array pointed to by
+ *  result. It uses the array pointed to by dt as a temporary work area.
+ *  nint should point to the modulus in the array-of-integers representation,
+ *  dn should point to its array-of-doubles as obtained as a result of the
+ *  function call   conv_i32_to_d32(dn, nint, nlen);
+ *  nlen is the length of the array containing the modulus.
+ *  The representation used for dm1 is the one that is a result of the function
+ *  call   conv_i32_to_d32(dm1, m1, nlen), the representation for dm2 is the
+ *  result of the function call   conv_i32_to_d16(dm2, m2, nlen).
+ *  Note that m1 and m2 should both be of length nlen, so they should be
+ *  padded with 0's if necessary before the conversion. The result comes in
+ *  this form (int representation, padded with 0's).
+ *  dn0 is the value of the 16 least significant bits of n0'.
+ *  The function does not allocate memory for any of the arrays, so the
+ *  pointers should point to arrays with the following minimal sizes:
+ *  result - nlen+1
+ *  dm1    - nlen
+ *  dm2    - 2*nlen+1  ( the +1 is necessary for technical reasons )
+ *  dt     - 4*nlen+2
+ *  dn     - nlen
+ *  nint   - nlen
+ *  No two arrays should point to overlapping areas of memory.
+ */
diff --git a/nss/lib/freebl/mpi/montmulf.il b/nss/lib/freebl/mpi/montmulf.il
new file mode 100644
index 0000000..4952d0f
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulf.il
@@ -0,0 +1,108 @@
+!  
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+!
+! double upper32(double /*frs1*/);
+!
+        .inline upper32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+
+	fdtox	%f10,%f10
+	fitod	%f10,%f0
+        .end
+
+!
+! double lower32(double /*frs1*/, double /* Zero */);
+!
+        .inline lower32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f12
+
+	fdtox	%f10,%f10
+	fmovs	%f12,%f10
+	fxtod	%f10,%f0
+        .end
+
+!
+! double mod(double /*x*/, double /*1/m*/, double /*m*/);
+!
+        .inline mod,12
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f2
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f4
+        std     %o4,[%sp+0x48]
+        ldd     [%sp+0x48],%f6
+
+	fmuld	%f2,%f4,%f4
+	fdtox	%f4,%f4
+	fxtod	%f4,%f4
+	fmuld	%f4,%f6,%f4
+	fsubd	%f2,%f4,%f0
+        .end
+
+
+!
+! void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!			    double * /* 0 */,
+!			    double * /*result16*/, double * /* result32 */
+!			    float *  /*source - should be unsigned int*
+!		            	       converted to float* */);
+!
+        .inline i16_to_d16_and_d32x4,24
+        ldd     [%o0],%f2  ! 1/(2^16)
+        ldd     [%o1],%f4  ! 2^16
+	ldd	[%o2],%f22
+
+	fmovd	%f22,%f6
+	ld	[%o5],%f7
+	fmovd	%f22,%f10
+	ld	[%o5+4],%f11
+	fmovd	%f22,%f14
+	ld	[%o5+8],%f15
+	fmovd	%f22,%f18
+	ld	[%o5+12],%f19
+	fxtod	%f6,%f6
+	std	%f6,[%o4]
+	fxtod	%f10,%f10
+	std	%f10,[%o4+8]
+	fxtod	%f14,%f14
+	std	%f14,[%o4+16]
+	fxtod	%f18,%f18
+	std	%f18,[%o4+24]
+	fmuld	%f2,%f6,%f8
+	fmuld	%f2,%f10,%f12
+	fmuld	%f2,%f14,%f16
+	fmuld	%f2,%f18,%f20
+	fdtox	%f8,%f8
+	fdtox	%f12,%f12
+	fdtox	%f16,%f16
+	fdtox	%f20,%f20
+	fxtod	%f8,%f8
+	std	%f8,[%o3+8]
+	fxtod	%f12,%f12
+	std	%f12,[%o3+24]
+	fxtod	%f16,%f16
+	std	%f16,[%o3+40]
+	fxtod	%f20,%f20
+	std	%f20,[%o3+56]
+	fmuld	%f8,%f4,%f8
+	fmuld	%f12,%f4,%f12
+	fmuld	%f16,%f4,%f16
+	fmuld	%f20,%f4,%f20
+	fsubd	%f6,%f8,%f8
+	std	%f8,[%o3]
+	fsubd	%f10,%f12,%f12
+	std	%f12,[%o3+16]
+	fsubd	%f14,%f16,%f16
+	std	%f16,[%o3+32]
+	fsubd	%f18,%f20,%f20
+	std	%f20,[%o3+48]
+        .end
+
+
diff --git a/nss/lib/freebl/mpi/montmulf.s b/nss/lib/freebl/mpi/montmulf.s
new file mode 100644
index 0000000..69d2a3c
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulf.s
@@ -0,0 +1,1938 @@
+!  
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.section	".text",#alloc,#execinstr
+	.file	"montmulf.c"
+
+	.section	".data",#alloc,#write
+	.align	8
+TwoTo16:		/* frequency 1.0 confidence 0.0 */
+	.word	1089470464
+	.word	0
+	.type	TwoTo16,#object
+	.size	TwoTo16,8
+TwoToMinus16:		/* frequency 1.0 confidence 0.0 */
+	.word	1055916032
+	.word	0
+	.type	TwoToMinus16,#object
+	.size	TwoToMinus16,8
+Zero:		/* frequency 1.0 confidence 0.0 */
+	.word	0
+	.word	0
+	.type	Zero,#object
+	.size	Zero,8
+TwoTo32:		/* frequency 1.0 confidence 0.0 */
+	.word	1106247680
+	.word	0
+	.type	TwoTo32,#object
+	.size	TwoTo32,8
+TwoToMinus32:		/* frequency 1.0 confidence 0.0 */
+	.word	1039138816
+	.word	0
+	.type	TwoToMinus32,#object
+	.size	TwoToMinus32,8
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE cleanup
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global cleanup
+                                   cleanup:		/* frequency 1.0 confidence 0.0 */
+! FILE montmulf.c
+
+!    1		                    !#define RF_INLINE_MACROS
+!    3		                    !static double TwoTo16=65536.0;
+!    4		                    !static double TwoToMinus16=1.0/65536.0;
+!    5		                    !static double Zero=0.0;
+!    6		                    !static double TwoTo32=65536.0*65536.0;
+!    7		                    !static double TwoToMinus32=1.0/(65536.0*65536.0);
+!    9		                    !#ifdef RF_INLINE_MACROS
+!   11		                    !double upper32(double);
+!   12		                    !double lower32(double, double);
+!   13		                    !double mod(double, double, double);
+!   15		                    !#else
+!   17		                    !static double upper32(double x)
+!   18		                    !{
+!   19		                    !  return floor(x*TwoToMinus32);
+!   20		                    !}
+!   22		                    !static double lower32(double x, double y)
+!   23		                    !{
+!   24		                    !  return x-TwoTo32*floor(x*TwoToMinus32);
+!   25		                    !}
+!   27		                    !static double mod(double x, double oneoverm, double m)
+!   28		                    !{
+!   29		                    !  return x-m*floor(x*oneoverm);
+!   30		                    !}
+!   32		                    !#endif
+!   35		                    !void cleanup(double *dt, int from, int tlen)
+!   36		                    !{
+!   37		                    ! int i;
+!   38		                    ! double tmp,tmp1,x,x1;
+!   40		                    ! tmp=tmp1=Zero;
+
+/* 000000	  40 ( 0  1) */		sethi	%hi(Zero),%g2
+
+!   41		                    ! /* original code **
+!   42		                    ! for(i=2*from;i<2*tlen-2;i++)
+!   43		                    !   {
+!   44		                    !     x=dt[i];
+!   45		                    !     dt[i]=lower32(x,Zero)+tmp1;
+!   46		                    !     tmp1=tmp;
+!   47		                    !     tmp=upper32(x);
+!   48		                    !   }
+!   49		                    ! dt[tlen-2]+=tmp1;
+!   50		                    ! dt[tlen-1]+=tmp;
+!   51		                    ! **end original code ***/
+!   52		                    ! /* new code ***/
+!   53		                    ! for(i=2*from;i<2*tlen;i+=2)
+
+/* 0x0004	  53 ( 1  2) */		sll	%o2,1,%g3
+/* 0x0008	  40 ( 1  4) */		ldd	[%g2+%lo(Zero)],%f0
+/* 0x000c	     ( 1  2) */		add	%g2,%lo(Zero),%g2
+/* 0x0010	  53 ( 2  3) */		sll	%o1,1,%g4
+/* 0x0014	  36 ( 3  4) */		sll	%o1,4,%g1
+/* 0x0018	  40 ( 3  4) */		fmovd	%f0,%f4
+/* 0x001c	  53 ( 3  4) */		cmp	%g4,%g3
+/* 0x0020	     ( 3  4) */		bge,pt	%icc,.L77000116	! tprob=0.56
+/* 0x0024	     ( 4  5) */		fmovd	%f0,%f2
+/* 0x0028	  36 ( 4  5) */		add	%o0,%g1,%g1
+/* 0x002c	     ( 4  5) */		sub	%g3,1,%g3
+
+!   54		                    !   {
+!   55		                    !     x=dt[i];
+
+/* 0x0030	  55 ( 5  8) */		ldd	[%g1],%f8
+                                   .L900000114:		/* frequency 6.4 confidence 0.0 */
+/* 0x0034	     ( 0  3) */		fdtox	%f8,%f6
+
+!   56		                    !     x1=dt[i+1];
+
+/* 0x0038	  56 ( 0  3) */		ldd	[%g1+8],%f10
+
+!   57		                    !     dt[i]=lower32(x,Zero)+tmp;
+!   58		                    !     dt[i+1]=lower32(x1,Zero)+tmp1;
+!   59		                    !     tmp=upper32(x);
+!   60		                    !     tmp1=upper32(x1);
+
+/* 0x003c	  60 ( 0  1) */		add	%g4,2,%g4
+/* 0x0040	     ( 1  4) */		fdtox	%f8,%f8
+/* 0x0044	     ( 1  2) */		cmp	%g4,%g3
+/* 0x0048	     ( 5  6) */		fmovs	%f0,%f6
+/* 0x004c	     ( 7 10) */		fxtod	%f6,%f6
+/* 0x0050	     ( 8 11) */		fdtox	%f10,%f0
+/* 0x0054	  57 (10 13) */		faddd	%f6,%f2,%f2
+/* 0x0058	     (10 11) */		std	%f2,[%g1]
+/* 0x005c	     (12 15) */		ldd	[%g2],%f2
+/* 0x0060	     (14 15) */		fmovs	%f2,%f0
+/* 0x0064	     (16 19) */		fxtod	%f0,%f6
+/* 0x0068	     (17 20) */		fdtox	%f10,%f0
+/* 0x006c	     (18 21) */		fitod	%f8,%f2
+/* 0x0070	  58 (19 22) */		faddd	%f6,%f4,%f4
+/* 0x0074	     (19 20) */		std	%f4,[%g1+8]
+/* 0x0078	  60 (19 20) */		add	%g1,16,%g1
+/* 0x007c	     (20 23) */		fitod	%f0,%f4
+/* 0x0080	     (20 23) */		ldd	[%g2],%f0
+/* 0x0084	     (20 21) */		ble,a,pt	%icc,.L900000114	! tprob=0.86
+/* 0x0088	     (21 24) */		ldd	[%g1],%f8
+                                   .L77000116:		/* frequency 1.0 confidence 0.0 */
+/* 0x008c	     ( 0  2) */		retl	! Result = 
+/* 0x0090	     ( 1  2) */		nop
+/* 0x0094	   0 ( 0  0) */		.type	cleanup,2
+/* 0x0094	     ( 0  0) */		.size	cleanup,(.-cleanup)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_d16_to_i32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_d16_to_i32
+                                   conv_d16_to_i32:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-136,%sp
+
+!   61		                    !   }
+!   62		                    !  /** end new code **/
+!   63		                    !}
+!   66		                    !void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+!   67		                    !{
+!   68		                    !int i;
+!   69		                    !long long t, t1, a, b, c, d;
+!   71		                    ! t1=0;
+!   72		                    ! a=(long long)d16[0];
+
+/* 0x0004	  72 ( 1  4) */		ldd	[%i1],%f0
+
+!   73		                    ! b=(long long)d16[1];
+!   74		                    ! for(i=0; i<ilen-1; i++)
+
+/* 0x0008	  74 ( 1  2) */		sub	%i3,1,%g2
+/* 0x000c	  67 ( 1  2) */		or	%g0,%i0,%g5
+/* 0x0010	  74 ( 2  3) */		cmp	%g2,0
+/* 0x0014	  71 ( 2  3) */		or	%g0,0,%o4
+/* 0x0018	  72 ( 3  6) */		fdtox	%f0,%f0
+/* 0x001c	     ( 3  4) */		std	%f0,[%sp+120]
+/* 0x0020	  74 ( 3  4) */		or	%g0,0,%o7
+/* 0x0024	  67 ( 4  5) */		or	%g0,%i3,%o0
+/* 0x0028	     ( 4  5) */		sub	%i3,2,%o2
+/* 0x002c	  73 ( 5  8) */		ldd	[%i1+8],%f0
+/* 0x0030	  67 ( 5  6) */		sethi	%hi(0xfc00),%o0
+/* 0x0034	     ( 5  6) */		add	%o2,1,%g3
+/* 0x0038	     ( 6  7) */		add	%o0,1023,%o1
+/* 0x003c	     ( 6  7) */		or	%g0,%g5,%o5
+/* 0x0040	  73 ( 7 10) */		fdtox	%f0,%f0
+/* 0x0044	     ( 7  8) */		std	%f0,[%sp+112]
+/* 0x0048	  72 (11 13) */		ldx	[%sp+120],%g4
+/* 0x004c	  73 (12 14) */		ldx	[%sp+112],%g1
+/* 0x0050	  74 (12 13) */		ble,pt	%icc,.L900000214	! tprob=0.56
+/* 0x0054	     (12 13) */		sethi	%hi(0xfc00),%g2
+/* 0x0058	  67 (13 14) */		or	%g0,-1,%g2
+/* 0x005c	  74 (13 14) */		cmp	%g3,3
+/* 0x0060	  67 (14 15) */		srl	%g2,0,%o3
+/* 0x0064	     (14 15) */		or	%g0,%i1,%g2
+/* 0x0068	  74 (14 15) */		bl,pn	%icc,.L77000134	! tprob=0.44
+/* 0x006c	     (15 18) */		ldd	[%g2+16],%f0
+
+!   75		                    !   {
+!   76		                    !     c=(long long)d16[2*i+2];
+!   77		                    !     t1+=a&0xffffffff;
+!   78		                    !     t=(a>>32);
+!   79		                    !     d=(long long)d16[2*i+3];
+!   80		                    !     t1+=(b&0xffff)<<16;
+
+/* 0x0070	  80 (15 16) */		and	%g1,%o1,%o0
+
+!   81		                    !     t+=(b>>16)+(t1>>32);
+!   82		                    !     i32[i]=t1&0xffffffff;
+!   83		                    !     t1=t;
+!   84		                    !     a=c;
+!   85		                    !     b=d;
+
+/* 0x0074	  85 (15 16) */		add	%g2,16,%g2
+/* 0x0078	  80 (16 17) */		sllx	%o0,16,%g3
+/* 0x007c	  77 (16 17) */		and	%g4,%o3,%o0
+/* 0x0080	  76 (17 20) */		fdtox	%f0,%f0
+/* 0x0084	     (17 18) */		std	%f0,[%sp+104]
+/* 0x0088	  74 (17 18) */		add	%o0,%g3,%o4
+/* 0x008c	  79 (18 21) */		ldd	[%g2+8],%f2
+/* 0x0090	  81 (18 19) */		srax	%g1,16,%o0
+/* 0x0094	  82 (18 19) */		and	%o4,%o3,%o7
+/* 0x0098	  81 (19 20) */		stx	%o0,[%sp+112]
+/* 0x009c	     (19 20) */		srax	%o4,32,%o0
+/* 0x00a0	  85 (19 20) */		add	%g5,4,%o5
+/* 0x00a4	  81 (20 21) */		stx	%o0,[%sp+120]
+/* 0x00a8	  78 (20 21) */		srax	%g4,32,%o4
+/* 0x00ac	  79 (20 23) */		fdtox	%f2,%f0
+/* 0x00b0	     (21 22) */		std	%f0,[%sp+96]
+/* 0x00b4	  81 (22 24) */		ldx	[%sp+112],%o0
+/* 0x00b8	     (23 25) */		ldx	[%sp+120],%g4
+/* 0x00bc	  76 (25 27) */		ldx	[%sp+104],%g3
+/* 0x00c0	  81 (25 26) */		add	%o0,%g4,%g4
+/* 0x00c4	  79 (26 28) */		ldx	[%sp+96],%g1
+/* 0x00c8	  81 (26 27) */		add	%o4,%g4,%o4
+/* 0x00cc	  82 (27 28) */		st	%o7,[%g5]
+/* 0x00d0	     (27 28) */		or	%g0,1,%o7
+/* 0x00d4	  84 (27 28) */		or	%g0,%g3,%g4
+                                   .L900000209:		/* frequency 64.0 confidence 0.0 */
+/* 0x00d8	  76 (17 19) */		ldd	[%g2+16],%f0
+/* 0x00dc	  85 (17 18) */		add	%o7,1,%o7
+/* 0x00e0	     (17 18) */		add	%o5,4,%o5
+/* 0x00e4	     (18 18) */		cmp	%o7,%o2
+/* 0x00e8	     (18 19) */		add	%g2,16,%g2
+/* 0x00ec	  76 (19 22) */		fdtox	%f0,%f0
+/* 0x00f0	     (20 21) */		std	%f0,[%sp+104]
+/* 0x00f4	  79 (21 23) */		ldd	[%g2+8],%f0
+/* 0x00f8	     (23 26) */		fdtox	%f0,%f0
+/* 0x00fc	     (24 25) */		std	%f0,[%sp+96]
+/* 0x0100	  80 (25 26) */		and	%g1,%o1,%g3
+/* 0x0104	     (26 27) */		sllx	%g3,16,%g3
+/* 0x0108	     ( 0  0) */		stx	%g3,[%sp+120]
+/* 0x010c	  77 (26 27) */		and	%g4,%o3,%g3
+/* 0x0110	  74 ( 0  0) */		stx	%o7,[%sp+128]
+/* 0x0114	     ( 0  0) */		ldx	[%sp+120],%o7
+/* 0x0118	     (27 27) */		add	%g3,%o7,%g3
+/* 0x011c	     ( 0  0) */		ldx	[%sp+128],%o7
+/* 0x0120	  81 (28 29) */		srax	%g1,16,%g1
+/* 0x0124	  74 (28 28) */		add	%g3,%o4,%g3
+/* 0x0128	  81 (29 30) */		srax	%g3,32,%o4
+/* 0x012c	     ( 0  0) */		stx	%o4,[%sp+112]
+/* 0x0130	  78 (30 31) */		srax	%g4,32,%o4
+/* 0x0134	  81 ( 0  0) */		ldx	[%sp+112],%g4
+/* 0x0138	     (30 31) */		add	%g1,%g4,%g4
+/* 0x013c	  79 (31 33) */		ldx	[%sp+96],%g1
+/* 0x0140	  81 (31 32) */		add	%o4,%g4,%o4
+/* 0x0144	  82 (32 33) */		and	%g3,%o3,%g3
+/* 0x0148	  84 ( 0  0) */		ldx	[%sp+104],%g4
+/* 0x014c	  85 (33 34) */		ble,pt	%icc,.L900000209	! tprob=0.50
+/* 0x0150	     (33 34) */		st	%g3,[%o5-4]
+                                   .L900000212:		/* frequency 8.0 confidence 0.0 */
+/* 0x0154	  85 ( 0  1) */		ba	.L900000214	! tprob=1.00
+/* 0x0158	     ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L77000134:		/* frequency 0.7 confidence 0.0 */
+                                   .L900000213:		/* frequency 6.4 confidence 0.0 */
+/* 0x015c	  77 ( 0  1) */		and	%g4,%o3,%o0
+/* 0x0160	  80 ( 0  1) */		and	%g1,%o1,%g3
+/* 0x0164	  76 ( 0  3) */		fdtox	%f0,%f0
+/* 0x0168	  77 ( 1  2) */		add	%o4,%o0,%o0
+/* 0x016c	  76 ( 1  2) */		std	%f0,[%sp+104]
+/* 0x0170	  85 ( 1  2) */		add	%o7,1,%o7
+/* 0x0174	  80 ( 2  3) */		sllx	%g3,16,%o4
+/* 0x0178	  79 ( 2  5) */		ldd	[%g2+24],%f2
+/* 0x017c	  85 ( 2  3) */		add	%g2,16,%g2
+/* 0x0180	  80 ( 3  4) */		add	%o0,%o4,%o4
+/* 0x0184	  81 ( 3  4) */		stx	%o7,[%sp+128]
+/* 0x0188	     ( 4  5) */		srax	%g1,16,%o0
+/* 0x018c	     ( 4  5) */		stx	%o0,[%sp+112]
+/* 0x0190	  82 ( 4  5) */		and	%o4,%o3,%g3
+/* 0x0194	  81 ( 5  6) */		srax	%o4,32,%o0
+/* 0x0198	     ( 5  6) */		stx	%o0,[%sp+120]
+/* 0x019c	  79 ( 5  8) */		fdtox	%f2,%f0
+/* 0x01a0	     ( 6  7) */		std	%f0,[%sp+96]
+/* 0x01a4	  78 ( 6  7) */		srax	%g4,32,%o4
+/* 0x01a8	  81 ( 7  9) */		ldx	[%sp+120],%o7
+/* 0x01ac	     ( 8 10) */		ldx	[%sp+112],%g4
+/* 0x01b0	  76 (10 12) */		ldx	[%sp+104],%g1
+/* 0x01b4	  81 (10 11) */		add	%g4,%o7,%g4
+/* 0x01b8	     (11 13) */		ldx	[%sp+128],%o7
+/* 0x01bc	     (11 12) */		add	%o4,%g4,%o4
+/* 0x01c0	  79 (12 14) */		ldx	[%sp+96],%o0
+/* 0x01c4	  84 (12 13) */		or	%g0,%g1,%g4
+/* 0x01c8	  82 (13 14) */		st	%g3,[%o5]
+/* 0x01cc	  85 (13 14) */		add	%o5,4,%o5
+/* 0x01d0	     (13 14) */		cmp	%o7,%o2
+/* 0x01d4	     (14 15) */		or	%g0,%o0,%g1
+/* 0x01d8	     (14 15) */		ble,a,pt	%icc,.L900000213	! tprob=0.86
+/* 0x01dc	     (14 17) */		ldd	[%g2+16],%f0
+                                   .L77000127:		/* frequency 1.0 confidence 0.0 */
+
+!   86		                    !   }
+!   87		                    !     t1+=a&0xffffffff;
+!   88		                    !     t=(a>>32);
+!   89		                    !     t1+=(b&0xffff)<<16;
+!   90		                    !     i32[i]=t1&0xffffffff;
+
+/* 0x01e0	  90 ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L900000214:		/* frequency 1.0 confidence 0.0 */
+/* 0x01e4	  90 ( 0  1) */		or	%g0,-1,%g3
+/* 0x01e8	     ( 0  1) */		add	%g2,1023,%g2
+/* 0x01ec	     ( 1  2) */		srl	%g3,0,%g3
+/* 0x01f0	     ( 1  2) */		and	%g1,%g2,%g2
+/* 0x01f4	     ( 2  3) */		and	%g4,%g3,%g4
+/* 0x01f8	     ( 3  4) */		sllx	%g2,16,%g2
+/* 0x01fc	     ( 3  4) */		add	%o4,%g4,%g4
+/* 0x0200	     ( 4  5) */		add	%g4,%g2,%g2
+/* 0x0204	     ( 5  6) */		sll	%o7,2,%g4
+/* 0x0208	     ( 5  6) */		and	%g2,%g3,%g2
+/* 0x020c	     ( 6  7) */		st	%g2,[%g5+%g4]
+/* 0x0210	     ( 7  9) */		ret	! Result = 
+/* 0x0214	     ( 9 10) */		restore	%g0,%g0,%g0
+/* 0x0218	   0 ( 0  0) */		.type	conv_d16_to_i32,2
+/* 0x0218	     ( 0  0) */		.size	conv_d16_to_i32,(.-conv_d16_to_i32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	8
+!
+! CONSTANT POOL
+!
+                                   .L_const_seg_900000301:		/* frequency 1.0 confidence 0.0 */
+/* 000000	   0 ( 0  0) */		.word	1127219200,0
+/* 0x0008	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_i32_to_d32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_i32_to_d32
+                                   conv_i32_to_d32:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		orcc	%g0,%o2,%g1
+
+!   92		                    !}
+!   94		                    !void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+!   95		                    !{
+!   96		                    !int i;
+!   98		                    !#pragma pipeloop(0)
+!   99		                    ! for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+
+/* 0x0004	  99 ( 0  1) */		ble,pt	%icc,.L77000140	! tprob=0.56
+/* 0x0008	     ( 0  1) */		nop
+/* 0x000c	     ( 1  2) */		sethi	%hi(.L_const_seg_900000301),%g2
+/* 0x0010	  95 ( 1  2) */		or	%g0,%o1,%g4
+/* 0x0014	  99 ( 2  3) */		add	%g2,%lo(.L_const_seg_900000301),%g2
+/* 0x0018	     ( 2  3) */		or	%g0,0,%o5
+/* 0x001c	  95 ( 3  4) */		or	%g0,%o0,%g5
+/* 0x0020	  99 ( 3  4) */		sub	%o2,1,%g3
+/* 0x0024	     ( 4  5) */		cmp	%o2,9
+/* 0x0028	     ( 4  5) */		bl,pn	%icc,.L77000144	! tprob=0.44
+/* 0x002c	     ( 4  7) */		ldd	[%g2],%f8
+/* 0x0030	     ( 5  8) */		ld	[%o1],%f7
+/* 0x0034	     ( 5  6) */		add	%o1,16,%g4
+/* 0x0038	     ( 5  6) */		sub	%o2,5,%g1
+/* 0x003c	     ( 6  9) */		ld	[%o1+4],%f5
+/* 0x0040	     ( 6  7) */		or	%g0,4,%o5
+/* 0x0044	     ( 7 10) */		ld	[%o1+8],%f3
+/* 0x0048	     ( 7  8) */		fmovs	%f8,%f6
+/* 0x004c	     ( 8 11) */		ld	[%o1+12],%f1
+                                   .L900000305:		/* frequency 64.0 confidence 0.0 */
+/* 0x0050	     ( 8 16) */		ld	[%g4],%f11
+/* 0x0054	     ( 8  9) */		add	%o5,5,%o5
+/* 0x0058	     ( 8  9) */		add	%g4,20,%g4
+/* 0x005c	     ( 8 11) */		fsubd	%f6,%f8,%f6
+/* 0x0060	     ( 9 10) */		std	%f6,[%g5]
+/* 0x0064	     ( 9  9) */		cmp	%o5,%g1
+/* 0x0068	     ( 9 10) */		add	%g5,40,%g5
+/* 0x006c	     ( 0  0) */		fmovs	%f8,%f4
+/* 0x0070	     (10 18) */		ld	[%g4-16],%f7
+/* 0x0074	     (10 13) */		fsubd	%f4,%f8,%f12
+/* 0x0078	     ( 0  0) */		fmovs	%f8,%f2
+/* 0x007c	     (11 12) */		std	%f12,[%g5-32]
+/* 0x0080	     (12 20) */		ld	[%g4-12],%f5
+/* 0x0084	     (12 15) */		fsubd	%f2,%f8,%f12
+/* 0x0088	     ( 0  0) */		fmovs	%f8,%f0
+/* 0x008c	     (13 14) */		std	%f12,[%g5-24]
+/* 0x0090	     (14 22) */		ld	[%g4-8],%f3
+/* 0x0094	     (14 17) */		fsubd	%f0,%f8,%f12
+/* 0x0098	     ( 0  0) */		fmovs	%f8,%f10
+/* 0x009c	     (15 16) */		std	%f12,[%g5-16]
+/* 0x00a0	     (16 24) */		ld	[%g4-4],%f1
+/* 0x00a4	     (16 19) */		fsubd	%f10,%f8,%f10
+/* 0x00a8	     ( 0  0) */		fmovs	%f8,%f6
+/* 0x00ac	     (17 18) */		ble,pt	%icc,.L900000305	! tprob=0.50
+/* 0x00b0	     (17 18) */		std	%f10,[%g5-8]
+                                   .L900000308:		/* frequency 8.0 confidence 0.0 */
+/* 0x00b4	     ( 0  1) */		fmovs	%f8,%f4
+/* 0x00b8	     ( 0  1) */		add	%g5,32,%g5
+/* 0x00bc	     ( 0  1) */		cmp	%o5,%g3
+/* 0x00c0	     ( 1  2) */		fmovs	%f8,%f2
+/* 0x00c4	     ( 2  3) */		fmovs	%f8,%f0
+/* 0x00c8	     ( 4  7) */		fsubd	%f6,%f8,%f6
+/* 0x00cc	     ( 4  5) */		std	%f6,[%g5-32]
+/* 0x00d0	     ( 5  8) */		fsubd	%f4,%f8,%f4
+/* 0x00d4	     ( 5  6) */		std	%f4,[%g5-24]
+/* 0x00d8	     ( 6  9) */		fsubd	%f2,%f8,%f2
+/* 0x00dc	     ( 6  7) */		std	%f2,[%g5-16]
+/* 0x00e0	     ( 7 10) */		fsubd	%f0,%f8,%f0
+/* 0x00e4	     ( 7  8) */		bg,pn	%icc,.L77000140	! tprob=0.14
+/* 0x00e8	     ( 7  8) */		std	%f0,[%g5-8]
+                                   .L77000144:		/* frequency 0.7 confidence 0.0 */
+/* 0x00ec	     ( 0  3) */		ld	[%g4],%f1
+                                   .L900000309:		/* frequency 6.4 confidence 0.0 */
+/* 0x00f0	     ( 0  3) */		ldd	[%g2],%f8
+/* 0x00f4	     ( 0  1) */		add	%o5,1,%o5
+/* 0x00f8	     ( 0  1) */		add	%g4,4,%g4
+/* 0x00fc	     ( 1  2) */		cmp	%o5,%g3
+/* 0x0100	     ( 2  3) */		fmovs	%f8,%f0
+/* 0x0104	     ( 4  7) */		fsubd	%f0,%f8,%f0
+/* 0x0108	     ( 4  5) */		std	%f0,[%g5]
+/* 0x010c	     ( 4  5) */		add	%g5,8,%g5
+/* 0x0110	     ( 4  5) */		ble,a,pt	%icc,.L900000309	! tprob=0.86
+/* 0x0114	     ( 6  9) */		ld	[%g4],%f1
+                                   .L77000140:		/* frequency 1.0 confidence 0.0 */
+/* 0x0118	     ( 0  2) */		retl	! Result = 
+/* 0x011c	     ( 1  2) */		nop
+/* 0x0120	   0 ( 0  0) */		.type	conv_i32_to_d32,2
+/* 0x0120	     ( 0  0) */		.size	conv_i32_to_d32,(.-conv_i32_to_d32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	8
+!
+! CONSTANT POOL
+!
+                                   .L_const_seg_900000401:		/* frequency 1.0 confidence 0.0 */
+/* 000000	   0 ( 0  0) */		.word	1127219200,0
+/* 0x0008	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_i32_to_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_i32_to_d16
+                                   conv_i32_to_d16:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-104,%sp
+/* 0x0004	     ( 1  2) */		orcc	%g0,%i2,%o0
+
+!  100		                    !}
+!  103		                    !void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+!  104		                    !{
+!  105		                    !int i;
+!  106		                    !unsigned int a;
+!  108		                    !#pragma pipeloop(0)
+!  109		                    ! for(i=0;i<len;i++)
+
+/* 0x0008	 109 ( 1  2) */		ble,pt	%icc,.L77000150	! tprob=0.56
+/* 0x000c	     ( 1  2) */		nop
+/* 0x0010	     ( 2  3) */		sub	%o0,1,%o5
+/* 0x0014	     ( 2  3) */		sethi	%hi(0xfc00),%g2
+
+!  110		                    !   {
+!  111		                    !     a=i32[i];
+!  112		                    !     d16[2*i]=(double)(a&0xffff);
+!  113		                    !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0018	 113 ( 3  4) */		sethi	%hi(.L_const_seg_900000401),%o0
+/* 0x001c	     ( 3  4) */		add	%o5,1,%g3
+/* 0x0020	     ( 4  5) */		add	%g2,1023,%o4
+/* 0x0024	 109 ( 4  5) */		or	%g0,0,%g1
+/* 0x0028	     ( 5  6) */		cmp	%g3,3
+/* 0x002c	     ( 5  6) */		or	%g0,%i1,%o7
+/* 0x0030	     ( 6  7) */		add	%o0,%lo(.L_const_seg_900000401),%o3
+/* 0x0034	     ( 6  7) */		or	%g0,%i0,%g2
+/* 0x0038	     ( 6  7) */		bl,pn	%icc,.L77000154	! tprob=0.44
+/* 0x003c	     ( 7  8) */		add	%o7,4,%o0
+/* 0x0040	 112 ( 7 10) */		ldd	[%o3],%f0
+/* 0x0044	 113 ( 7  8) */		or	%g0,1,%g1
+/* 0x0048	 111 ( 8 11) */		ld	[%o0-4],%o1
+/* 0x004c	   0 ( 8  9) */		or	%g0,%o0,%o7
+/* 0x0050	 112 (10 11) */		and	%o1,%o4,%o0
+                                   .L900000406:		/* frequency 64.0 confidence 0.0 */
+/* 0x0054	 112 (22 23) */		st	%o0,[%sp+96]
+/* 0x0058	 113 (22 23) */		add	%g1,1,%g1
+/* 0x005c	     (22 23) */		add	%g2,16,%g2
+/* 0x0060	     (23 23) */		cmp	%g1,%o5
+/* 0x0064	     (23 24) */		add	%o7,4,%o7
+/* 0x0068	 112 (29 31) */		ld	[%sp+96],%f3
+/* 0x006c	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x0070	     (31 34) */		fsubd	%f2,%f0,%f2
+/* 0x0074	 113 (32 33) */		srl	%o1,16,%o0
+/* 0x0078	 112 (32 33) */		std	%f2,[%g2-16]
+/* 0x007c	 113 (33 34) */		st	%o0,[%sp+92]
+/* 0x0080	     (40 42) */		ld	[%sp+92],%f3
+/* 0x0084	 111 (41 43) */		ld	[%o7-4],%o1
+/* 0x0088	 113 ( 0  0) */		fmovs	%f0,%f2
+/* 0x008c	     (42 45) */		fsubd	%f2,%f0,%f2
+/* 0x0090	 112 (43 44) */		and	%o1,%o4,%o0
+/* 0x0094	 113 (43 44) */		ble,pt	%icc,.L900000406	! tprob=0.50
+/* 0x0098	     (43 44) */		std	%f2,[%g2-8]
+                                   .L900000409:		/* frequency 8.0 confidence 0.0 */
+/* 0x009c	 112 ( 0  1) */		st	%o0,[%sp+96]
+/* 0x00a0	     ( 0  1) */		fmovs	%f0,%f2
+/* 0x00a4	 113 ( 0  1) */		add	%g2,16,%g2
+/* 0x00a8	     ( 1  2) */		srl	%o1,16,%o0
+/* 0x00ac	 112 ( 4  7) */		ld	[%sp+96],%f3
+/* 0x00b0	     ( 6  9) */		fsubd	%f2,%f0,%f2
+/* 0x00b4	     ( 6  7) */		std	%f2,[%g2-16]
+/* 0x00b8	 113 ( 7  8) */		st	%o0,[%sp+92]
+/* 0x00bc	     (10 11) */		fmovs	%f0,%f2
+/* 0x00c0	     (11 14) */		ld	[%sp+92],%f3
+/* 0x00c4	     (13 16) */		fsubd	%f2,%f0,%f0
+/* 0x00c8	     (13 14) */		std	%f0,[%g2-8]
+/* 0x00cc	     (14 16) */		ret	! Result = 
+/* 0x00d0	     (16 17) */		restore	%g0,%g0,%g0
+                                   .L77000154:		/* frequency 0.7 confidence 0.0 */
+/* 0x00d4	 111 ( 0  3) */		ld	[%o7],%o0
+                                   .L900000410:		/* frequency 6.4 confidence 0.0 */
+/* 0x00d8	 112 ( 0  1) */		and	%o0,%o4,%o1
+/* 0x00dc	     ( 0  1) */		st	%o1,[%sp+96]
+/* 0x00e0	 113 ( 0  1) */		add	%g1,1,%g1
+/* 0x00e4	 112 ( 1  4) */		ldd	[%o3],%f0
+/* 0x00e8	 113 ( 1  2) */		srl	%o0,16,%o0
+/* 0x00ec	     ( 1  2) */		add	%o7,4,%o7
+/* 0x00f0	     ( 2  3) */		cmp	%g1,%o5
+/* 0x00f4	 112 ( 3  4) */		fmovs	%f0,%f2
+/* 0x00f8	     ( 4  7) */		ld	[%sp+96],%f3
+/* 0x00fc	     ( 6  9) */		fsubd	%f2,%f0,%f2
+/* 0x0100	     ( 6  7) */		std	%f2,[%g2]
+/* 0x0104	 113 ( 7  8) */		st	%o0,[%sp+92]
+/* 0x0108	     (10 11) */		fmovs	%f0,%f2
+/* 0x010c	     (11 14) */		ld	[%sp+92],%f3
+/* 0x0110	     (13 16) */		fsubd	%f2,%f0,%f0
+/* 0x0114	     (13 14) */		std	%f0,[%g2+8]
+/* 0x0118	     (13 14) */		add	%g2,16,%g2
+/* 0x011c	     (13 14) */		ble,a,pt	%icc,.L900000410	! tprob=0.86
+/* 0x0120	     (14 17) */		ld	[%o7],%o0
+                                   .L77000150:		/* frequency 1.0 confidence 0.0 */
+/* 0x0124	     ( 0  2) */		ret	! Result = 
+/* 0x0128	     ( 2  3) */		restore	%g0,%g0,%g0
+/* 0x012c	   0 ( 0  0) */		.type	conv_i32_to_d16,2
+/* 0x012c	     ( 0  0) */		.size	conv_i32_to_d16,(.-conv_i32_to_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	8
+!
+! CONSTANT POOL
+!
+                                   .L_const_seg_900000501:		/* frequency 1.0 confidence 0.0 */
+/* 000000	   0 ( 0  0) */		.word	1127219200,0
+/* 0x0008	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE conv_i32_to_d32_and_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global conv_i32_to_d32_and_d16
+                                   conv_i32_to_d32_and_d16:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-104,%sp
+/* 0x0004	     ( 1  2) */		or	%g0,%i3,%i4
+/* 0x0008	     ( 1  2) */		or	%g0,%i2,%g1
+
+!  114		                    !   }
+!  115		                    !}
+!  118		                    !void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!  119		                    !			  double * /* 0 */,
+!  120		                    !			  double * /*result16*/, double * /* result32 */,
+!  121		                    !			  float *  /*source - should be unsigned int*
+!  122		                    !		          	       converted to float* */);
+!  126		                    !void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+!  127		                    !			     unsigned int *i32, int len)
+!  128		                    !{
+!  129		                    !int i;
+!  130		                    !unsigned int a;
+!  132		                    !#pragma pipeloop(0)
+!  133		                    ! for(i=0;i<len-3;i+=4)
+
+/* 0x000c	 133 ( 2  3) */		sub	%i4,3,%g2
+/* 0x0010	     ( 2  3) */		or	%g0,0,%o7
+/* 0x0014	     ( 3  4) */		cmp	%g2,0
+/* 0x0018	 128 ( 3  4) */		or	%g0,%i0,%i3
+/* 0x001c	 133 ( 3  4) */		ble,pt	%icc,.L900000515	! tprob=0.56
+/* 0x0020	     ( 4  5) */		cmp	%o7,%i4
+
+!  134		                    !   {
+!  135		                    !     i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+!  136		                    !			  &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
+
+/* 0x0024	 136 ( 4  5) */		sethi	%hi(Zero),%g2
+/* 0x0028	 133 ( 5  6) */		or	%g0,%g1,%o3
+/* 0x002c	     ( 5  6) */		sub	%i4,4,%o2
+/* 0x0030	 136 ( 6  7) */		add	%g2,%lo(Zero),%o1
+/* 0x0034	 133 ( 6  7) */		or	%g0,0,%o5
+/* 0x0038	     ( 7  8) */		or	%g0,0,%o4
+/* 0x003c	 136 ( 7  8) */		or	%g0,%o3,%g4
+                                   .L900000514:		/* frequency 6.4 confidence 0.0 */
+/* 0x0040	     ( 0  3) */		ldd	[%o1],%f2
+/* 0x0044	 136 ( 0  1) */		add	%i3,%o5,%g2
+/* 0x0048	     ( 0  1) */		add	%i1,%o4,%g3
+/* 0x004c	     ( 1  4) */		ldd	[%o1-8],%f0
+/* 0x0050	     ( 1  2) */		add	%o7,4,%o7
+/* 0x0054	     ( 1  2) */		add	%o3,16,%o3
+/* 0x0058	     ( 2  3) */		fmovd	%f2,%f14
+/* 0x005c	     ( 2  5) */		ld	[%g4],%f15
+/* 0x0060	     ( 2  3) */		cmp	%o7,%o2
+/* 0x0064	     ( 3  4) */		fmovd	%f2,%f10
+/* 0x0068	     ( 3  6) */		ld	[%g4+4],%f11
+/* 0x006c	     ( 4  5) */		fmovd	%f2,%f6
+/* 0x0070	     ( 4  7) */		ld	[%g4+8],%f7
+/* 0x0074	     ( 5  8) */		ld	[%g4+12],%f3
+/* 0x0078	     ( 5  8) */		fxtod	%f14,%f14
+/* 0x007c	     ( 6  9) */		fxtod	%f10,%f10
+/* 0x0080	     ( 6  9) */		ldd	[%o1-16],%f16
+/* 0x0084	     ( 7 10) */		fxtod	%f6,%f6
+/* 0x0088	     ( 7  8) */		std	%f14,[%i3+%o5]
+/* 0x008c	     ( 7  8) */		add	%o5,32,%o5
+/* 0x0090	     ( 8 11) */		fxtod	%f2,%f2
+/* 0x0094	     ( 8 11) */		fmuld	%f0,%f14,%f12
+/* 0x0098	     ( 8  9) */		std	%f10,[%g2+8]
+/* 0x009c	     ( 9 12) */		fmuld	%f0,%f10,%f8
+/* 0x00a0	     ( 9 10) */		std	%f6,[%g2+16]
+/* 0x00a4	     (10 13) */		fmuld	%f0,%f6,%f4
+/* 0x00a8	     (10 11) */		std	%f2,[%g2+24]
+/* 0x00ac	     (11 14) */		fmuld	%f0,%f2,%f0
+/* 0x00b0	     (11 14) */		fdtox	%f12,%f12
+/* 0x00b4	     (12 15) */		fdtox	%f8,%f8
+/* 0x00b8	     (13 16) */		fdtox	%f4,%f4
+/* 0x00bc	     (14 17) */		fdtox	%f0,%f0
+/* 0x00c0	     (15 18) */		fxtod	%f12,%f12
+/* 0x00c4	     (15 16) */		std	%f12,[%g3+8]
+/* 0x00c8	     (16 19) */		fxtod	%f8,%f8
+/* 0x00cc	     (16 17) */		std	%f8,[%g3+24]
+/* 0x00d0	     (17 20) */		fxtod	%f4,%f4
+/* 0x00d4	     (17 18) */		std	%f4,[%g3+40]
+/* 0x00d8	     (18 21) */		fxtod	%f0,%f0
+/* 0x00dc	     (18 21) */		fmuld	%f12,%f16,%f12
+/* 0x00e0	     (18 19) */		std	%f0,[%g3+56]
+/* 0x00e4	     (19 22) */		fmuld	%f8,%f16,%f8
+/* 0x00e8	     (20 23) */		fmuld	%f4,%f16,%f4
+/* 0x00ec	     (21 24) */		fmuld	%f0,%f16,%f0
+/* 0x00f0	     (21 24) */		fsubd	%f14,%f12,%f12
+/* 0x00f4	     (21 22) */		std	%f12,[%i1+%o4]
+/* 0x00f8	     (22 25) */		fsubd	%f10,%f8,%f8
+/* 0x00fc	     (22 23) */		std	%f8,[%g3+16]
+/* 0x0100	     (22 23) */		add	%o4,64,%o4
+/* 0x0104	     (23 26) */		fsubd	%f6,%f4,%f4
+/* 0x0108	     (23 24) */		std	%f4,[%g3+32]
+/* 0x010c	     (24 27) */		fsubd	%f2,%f0,%f0
+/* 0x0110	     (24 25) */		std	%f0,[%g3+48]
+/* 0x0114	     (24 25) */		ble,pt	%icc,.L900000514	! tprob=0.86
+/* 0x0118	     (25 26) */		or	%g0,%o3,%g4
+                                   .L77000159:		/* frequency 1.0 confidence 0.0 */
+
+!  137		                    !   }
+!  138		                    ! for(;i<len;i++)
+
+/* 0x011c	 138 ( 0  1) */		cmp	%o7,%i4
+                                   .L900000515:		/* frequency 1.0 confidence 0.0 */
+/* 0x0120	 138 ( 0  1) */		bge,pt	%icc,.L77000164	! tprob=0.56
+/* 0x0124	     ( 0  1) */		nop
+
+!  139		                    !   {
+!  140		                    !     a=i32[i];
+!  141		                    !     d32[i]=(double)(i32[i]);
+!  142		                    !     d16[2*i]=(double)(a&0xffff);
+!  143		                    !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0128	 143 ( 0  1) */		sethi	%hi(.L_const_seg_900000501),%o1
+/* 0x012c	 138 ( 1  2) */		sethi	%hi(0xfc00),%o0
+/* 0x0130	 141 ( 1  4) */		ldd	[%o1+%lo(.L_const_seg_900000501)],%f0
+/* 0x0134	 138 ( 1  2) */		sub	%i4,%o7,%g3
+/* 0x0138	     ( 2  3) */		sll	%o7,2,%g2
+/* 0x013c	     ( 2  3) */		add	%o0,1023,%o3
+/* 0x0140	     ( 3  4) */		sll	%o7,3,%g4
+/* 0x0144	     ( 3  4) */		cmp	%g3,3
+/* 0x0148	     ( 4  5) */		add	%g1,%g2,%o0
+/* 0x014c	     ( 4  5) */		add	%o1,%lo(.L_const_seg_900000501),%o2
+/* 0x0150	     ( 5  6) */		add	%i3,%g4,%o4
+/* 0x0154	     ( 5  6) */		sub	%i4,1,%o1
+/* 0x0158	     ( 6  7) */		sll	%o7,4,%g5
+/* 0x015c	     ( 6  7) */		bl,pn	%icc,.L77000161	! tprob=0.44
+/* 0x0160	     ( 7  8) */		add	%i1,%g5,%o5
+/* 0x0164	 141 ( 7 10) */		ld	[%g1+%g2],%f3
+/* 0x0168	 143 ( 7  8) */		add	%o4,8,%o4
+/* 0x016c	 140 ( 8 11) */		ld	[%g1+%g2],%g1
+/* 0x0170	 143 ( 8  9) */		add	%o5,16,%o5
+/* 0x0174	     ( 8  9) */		add	%o7,1,%o7
+/* 0x0178	 141 ( 9 10) */		fmovs	%f0,%f2
+/* 0x017c	 143 ( 9 10) */		add	%o0,4,%o0
+/* 0x0180	 142 (10 11) */		and	%g1,%o3,%g2
+/* 0x0184	 141 (11 14) */		fsubd	%f2,%f0,%f2
+/* 0x0188	     (11 12) */		std	%f2,[%o4-8]
+/* 0x018c	 143 (11 12) */		srl	%g1,16,%g1
+/* 0x0190	 142 (12 13) */		st	%g2,[%sp+96]
+/* 0x0194	     (15 16) */		fmovs	%f0,%f2
+/* 0x0198	     (16 19) */		ld	[%sp+96],%f3
+/* 0x019c	     (18 21) */		fsubd	%f2,%f0,%f2
+/* 0x01a0	     (18 19) */		std	%f2,[%o5-16]
+/* 0x01a4	 143 (19 20) */		st	%g1,[%sp+92]
+/* 0x01a8	     (22 23) */		fmovs	%f0,%f2
+/* 0x01ac	     (23 26) */		ld	[%sp+92],%f3
+/* 0x01b0	     (25 28) */		fsubd	%f2,%f0,%f2
+/* 0x01b4	     (25 26) */		std	%f2,[%o5-8]
+                                   .L900000509:		/* frequency 64.0 confidence 0.0 */
+/* 0x01b8	 141 (26 28) */		ld	[%o0],%f3
+/* 0x01bc	 143 (26 27) */		add	%o7,2,%o7
+/* 0x01c0	     (26 27) */		add	%o5,32,%o5
+/* 0x01c4	 140 (27 29) */		ld	[%o0],%g1
+/* 0x01c8	 143 (27 27) */		cmp	%o7,%o1
+/* 0x01cc	     (27 28) */		add	%o4,16,%o4
+/* 0x01d0	 141 ( 0  0) */		fmovs	%f0,%f2
+/* 0x01d4	     (28 31) */		fsubd	%f2,%f0,%f2
+/* 0x01d8	     (29 30) */		std	%f2,[%o4-16]
+/* 0x01dc	 142 (29 30) */		and	%g1,%o3,%g2
+/* 0x01e0	     (30 31) */		st	%g2,[%sp+96]
+/* 0x01e4	     (37 39) */		ld	[%sp+96],%f3
+/* 0x01e8	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x01ec	     (39 42) */		fsubd	%f2,%f0,%f2
+/* 0x01f0	 143 (40 41) */		srl	%g1,16,%g1
+/* 0x01f4	 142 (40 41) */		std	%f2,[%o5-32]
+/* 0x01f8	 143 (41 42) */		st	%g1,[%sp+92]
+/* 0x01fc	     (48 50) */		ld	[%sp+92],%f3
+/* 0x0200	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x0204	     (50 53) */		fsubd	%f2,%f0,%f2
+/* 0x0208	     (51 52) */		std	%f2,[%o5-24]
+/* 0x020c	     (51 52) */		add	%o0,4,%o0
+/* 0x0210	 141 (52 54) */		ld	[%o0],%f3
+/* 0x0214	 140 (53 55) */		ld	[%o0],%g1
+/* 0x0218	 141 ( 0  0) */		fmovs	%f0,%f2
+/* 0x021c	     (54 57) */		fsubd	%f2,%f0,%f2
+/* 0x0220	     (55 56) */		std	%f2,[%o4-8]
+/* 0x0224	 142 (55 56) */		and	%g1,%o3,%g2
+/* 0x0228	     (56 57) */		st	%g2,[%sp+96]
+/* 0x022c	     (63 65) */		ld	[%sp+96],%f3
+/* 0x0230	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x0234	     (65 68) */		fsubd	%f2,%f0,%f2
+/* 0x0238	 143 (66 67) */		srl	%g1,16,%g1
+/* 0x023c	 142 (66 67) */		std	%f2,[%o5-16]
+/* 0x0240	 143 (67 68) */		st	%g1,[%sp+92]
+/* 0x0244	     (74 76) */		ld	[%sp+92],%f3
+/* 0x0248	     ( 0  0) */		fmovs	%f0,%f2
+/* 0x024c	     (76 79) */		fsubd	%f2,%f0,%f2
+/* 0x0250	     (77 78) */		std	%f2,[%o5-8]
+/* 0x0254	     (77 78) */		bl,pt	%icc,.L900000509	! tprob=0.50
+/* 0x0258	     (77 78) */		add	%o0,4,%o0
+                                   .L900000512:		/* frequency 8.0 confidence 0.0 */
+/* 0x025c	 143 ( 0  1) */		cmp	%o7,%i4
+/* 0x0260	     ( 0  1) */		bge,pn	%icc,.L77000164	! tprob=0.14
+/* 0x0264	     ( 0  1) */		nop
+                                   .L77000161:		/* frequency 0.7 confidence 0.0 */
+/* 0x0268	 141 ( 0  3) */		ld	[%o0],%f3
+                                   .L900000513:		/* frequency 6.4 confidence 0.0 */
+/* 0x026c	 141 ( 0  3) */		ldd	[%o2],%f0
+/* 0x0270	 143 ( 0  1) */		add	%o7,1,%o7
+/* 0x0274	 140 ( 1  4) */		ld	[%o0],%o1
+/* 0x0278	 143 ( 1  2) */		add	%o0,4,%o0
+/* 0x027c	     ( 1  2) */		cmp	%o7,%i4
+/* 0x0280	 141 ( 2  3) */		fmovs	%f0,%f2
+/* 0x0284	 142 ( 3  4) */		and	%o1,%o3,%g1
+/* 0x0288	 141 ( 4  7) */		fsubd	%f2,%f0,%f2
+/* 0x028c	     ( 4  5) */		std	%f2,[%o4]
+/* 0x0290	 143 ( 4  5) */		srl	%o1,16,%o1
+/* 0x0294	 142 ( 5  6) */		st	%g1,[%sp+96]
+/* 0x0298	 143 ( 5  6) */		add	%o4,8,%o4
+/* 0x029c	 142 ( 8  9) */		fmovs	%f0,%f2
+/* 0x02a0	     ( 9 12) */		ld	[%sp+96],%f3
+/* 0x02a4	     (11 14) */		fsubd	%f2,%f0,%f2
+/* 0x02a8	     (11 12) */		std	%f2,[%o5]
+/* 0x02ac	 143 (12 13) */		st	%o1,[%sp+92]
+/* 0x02b0	     (15 16) */		fmovs	%f0,%f2
+/* 0x02b4	     (16 19) */		ld	[%sp+92],%f3
+/* 0x02b8	     (18 21) */		fsubd	%f2,%f0,%f0
+/* 0x02bc	     (18 19) */		std	%f0,[%o5+8]
+/* 0x02c0	     (18 19) */		add	%o5,16,%o5
+/* 0x02c4	     (18 19) */		bl,a,pt	%icc,.L900000513	! tprob=0.86
+/* 0x02c8	     (19 22) */		ld	[%o0],%f3
+                                   .L77000164:		/* frequency 1.0 confidence 0.0 */
+/* 0x02cc	     ( 0  2) */		ret	! Result = 
+/* 0x02d0	     ( 2  3) */		restore	%g0,%g0,%g0
+/* 0x02d4	   0 ( 0  0) */		.type	conv_i32_to_d32_and_d16,2
+/* 0x02d4	     ( 0  0) */		.size	conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	4
+!
+! SUBROUTINE adjust_montf_result
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global adjust_montf_result
+                                   adjust_montf_result:		/* frequency 1.0 confidence 0.0 */
+
+!  144		                    !   }
+!  145		                    !}
+!  148		                    !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+!  149		                    !{
+!  150		                    !long long acc;
+!  151		                    !int i;
+!  153		                    ! if(i32[len]>0) i=-1;
+
+/* 000000	 153 ( 0  1) */		sll	%o2,2,%g1
+/* 0x0004	     ( 0  1) */		or	%g0,-1,%g3
+/* 0x0008	     ( 1  4) */		ld	[%o0+%g1],%g1
+/* 0x000c	     ( 3  4) */		cmp	%g1,0
+/* 0x0010	     ( 3  4) */		bleu,pn	%icc,.L77000175	! tprob=0.50
+/* 0x0014	     ( 3  4) */		or	%g0,%o1,%o3
+/* 0x0018	     ( 4  5) */		ba	.L900000611	! tprob=1.00
+/* 0x001c	     ( 4  5) */		cmp	%g3,0
+                                   .L77000175:		/* frequency 0.8 confidence 0.0 */
+
+!  154		                    ! else
+!  155		                    !   {
+!  156		                    !     for(i=len-1; i>=0; i++)
+
+/* 0x0020	 156 ( 0  1) */		subcc	%o2,1,%g3
+/* 0x0024	     ( 0  1) */		bneg,pt	%icc,.L900000611	! tprob=0.60
+/* 0x0028	     ( 1  2) */		cmp	%g3,0
+/* 0x002c	     ( 1  2) */		sll	%g3,2,%g1
+/* 0x0030	     ( 2  3) */		add	%o0,%g1,%g2
+/* 0x0034	     ( 2  3) */		add	%o1,%g1,%g1
+
+!  157		                    !       {
+!  158		                    !	 if(i32[i]!=nint[i]) break;
+
+/* 0x0038	 158 ( 3  6) */		ld	[%g1],%g5
+                                   .L900000610:		/* frequency 5.3 confidence 0.0 */
+/* 0x003c	 158 ( 0  3) */		ld	[%g2],%o5
+/* 0x0040	     ( 0  1) */		add	%g1,4,%g1
+/* 0x0044	     ( 0  1) */		add	%g2,4,%g2
+/* 0x0048	     ( 2  3) */		cmp	%o5,%g5
+/* 0x004c	     ( 2  3) */		bne,pn	%icc,.L77000182	! tprob=0.16
+/* 0x0050	     ( 2  3) */		nop
+/* 0x0054	     ( 3  4) */		addcc	%g3,1,%g3
+/* 0x0058	     ( 3  4) */		bpos,a,pt	%icc,.L900000610	! tprob=0.84
+/* 0x005c	     ( 3  6) */		ld	[%g1],%g5
+                                   .L77000182:		/* frequency 1.0 confidence 0.0 */
+
+!  159		                    !       }
+!  160		                    !   }
+!  161		                    ! if((i<0)||(i32[i]>nint[i]))
+
+/* 0x0060	 161 ( 0  1) */		cmp	%g3,0
+                                   .L900000611:		/* frequency 1.0 confidence 0.0 */
+/* 0x0064	 161 ( 0  1) */		bl,pn	%icc,.L77000198	! tprob=0.50
+/* 0x0068	     ( 0  1) */		sll	%g3,2,%g2
+/* 0x006c	     ( 1  4) */		ld	[%o1+%g2],%g1
+/* 0x0070	     ( 2  5) */		ld	[%o0+%g2],%g2
+/* 0x0074	     ( 4  5) */		cmp	%g2,%g1
+/* 0x0078	     ( 4  5) */		bleu,pt	%icc,.L77000191	! tprob=0.56
+/* 0x007c	     ( 4  5) */		nop
+                                   .L77000198:		/* frequency 0.8 confidence 0.0 */
+
+!  162		                    !   {
+!  163		                    !     acc=0;
+!  164		                    !     for(i=0;i<len;i++)
+
+/* 0x0080	 164 ( 0  1) */		cmp	%o2,0
+/* 0x0084	     ( 0  1) */		ble,pt	%icc,.L77000191	! tprob=0.60
+/* 0x0088	     ( 0  1) */		nop
+/* 0x008c	 161 ( 1  2) */		or	%g0,-1,%g2
+/* 0x0090	     ( 1  2) */		sub	%o2,1,%g4
+/* 0x0094	     ( 2  3) */		srl	%g2,0,%g3
+/* 0x0098	 163 ( 2  3) */		or	%g0,0,%g5
+/* 0x009c	 164 ( 3  4) */		or	%g0,0,%o5
+/* 0x00a0	 161 ( 3  4) */		or	%g0,%o0,%o4
+/* 0x00a4	     ( 4  5) */		cmp	%o2,3
+/* 0x00a8	     ( 4  5) */		add	%o1,4,%g2
+/* 0x00ac	 164 ( 4  5) */		bl,pn	%icc,.L77000199	! tprob=0.40
+/* 0x00b0	     ( 5  6) */		add	%o0,8,%g1
+
+!  165		                    !       {
+!  166		                    !	 acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
+
+/* 0x00b4	 166 ( 5  8) */		ld	[%o0],%o2
+/* 0x00b8	   0 ( 5  6) */		or	%g0,%g2,%o3
+/* 0x00bc	 166 ( 6  9) */		ld	[%o1],%o1
+/* 0x00c0	   0 ( 6  7) */		or	%g0,%g1,%o4
+
+!  167		                    !	 i32[i]=acc&0xffffffff;
+!  168		                    !	 acc=acc>>32;
+
+/* 0x00c4	 168 ( 6  7) */		or	%g0,2,%o5
+/* 0x00c8	 166 ( 7 10) */		ld	[%o0+4],%g1
+/* 0x00cc	 164 ( 8  9) */		sub	%o2,%o1,%o2
+/* 0x00d0	     ( 9 10) */		or	%g0,%o2,%g5
+/* 0x00d4	 167 ( 9 10) */		and	%o2,%g3,%o2
+/* 0x00d8	     ( 9 10) */		st	%o2,[%o0]
+/* 0x00dc	 168 (10 11) */		srax	%g5,32,%g5
+                                   .L900000605:		/* frequency 64.0 confidence 0.0 */
+/* 0x00e0	 166 (12 20) */		ld	[%o3],%o2
+/* 0x00e4	 168 (12 13) */		add	%o5,1,%o5
+/* 0x00e8	     (12 13) */		add	%o3,4,%o3
+/* 0x00ec	     (13 13) */		cmp	%o5,%g4
+/* 0x00f0	     (13 14) */		add	%o4,4,%o4
+/* 0x00f4	 164 (14 14) */		sub	%g1,%o2,%g1
+/* 0x00f8	     (15 15) */		add	%g1,%g5,%g5
+/* 0x00fc	 167 (16 17) */		and	%g5,%g3,%o2
+/* 0x0100	 166 (16 24) */		ld	[%o4-4],%g1
+/* 0x0104	 167 (17 18) */		st	%o2,[%o4-8]
+/* 0x0108	 168 (17 18) */		ble,pt	%icc,.L900000605	! tprob=0.50
+/* 0x010c	     (17 18) */		srax	%g5,32,%g5
+                                   .L900000608:		/* frequency 8.0 confidence 0.0 */
+/* 0x0110	 166 ( 0  3) */		ld	[%o3],%g2
+/* 0x0114	 164 ( 2  3) */		sub	%g1,%g2,%g1
+/* 0x0118	     ( 3  4) */		add	%g1,%g5,%g1
+/* 0x011c	 167 ( 4  5) */		and	%g1,%g3,%g2
+/* 0x0120	     ( 5  7) */		retl	! Result = 
+/* 0x0124	     ( 6  7) */		st	%g2,[%o4-4]
+                                   .L77000199:		/* frequency 0.6 confidence 0.0 */
+/* 0x0128	 166 ( 0  3) */		ld	[%o4],%g1
+                                   .L900000609:		/* frequency 5.3 confidence 0.0 */
+/* 0x012c	 166 ( 0  3) */		ld	[%o3],%g2
+/* 0x0130	     ( 0  1) */		add	%g5,%g1,%g1
+/* 0x0134	 168 ( 0  1) */		add	%o5,1,%o5
+/* 0x0138	     ( 1  2) */		add	%o3,4,%o3
+/* 0x013c	     ( 1  2) */		cmp	%o5,%g4
+/* 0x0140	 166 ( 2  3) */		sub	%g1,%g2,%g1
+/* 0x0144	 167 ( 3  4) */		and	%g1,%g3,%g2
+/* 0x0148	     ( 3  4) */		st	%g2,[%o4]
+/* 0x014c	 168 ( 3  4) */		add	%o4,4,%o4
+/* 0x0150	     ( 4  5) */		srax	%g1,32,%g5
+/* 0x0154	     ( 4  5) */		ble,a,pt	%icc,.L900000609	! tprob=0.84
+/* 0x0158	     ( 4  7) */		ld	[%o4],%g1
+                                   .L77000191:		/* frequency 1.0 confidence 0.0 */
+/* 0x015c	     ( 0  2) */		retl	! Result = 
+/* 0x0160	     ( 1  2) */		nop
+/* 0x0164	   0 ( 0  0) */		.type	adjust_montf_result,2
+/* 0x0164	     ( 0  0) */		.size	adjust_montf_result,(.-adjust_montf_result)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.align	32
+!
+! SUBROUTINE mont_mulf_noconv
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   	.global mont_mulf_noconv
+                                   mont_mulf_noconv:		/* frequency 1.0 confidence 0.0 */
+/* 000000	     ( 0  1) */		save	%sp,-144,%sp
+/* 0x0004	     ( 1  2) */		st	%i0,[%fp+68]
+
+!  169		                    !       }
+!  170		                    !   }
+!  171		                    !}
+!  175		                    !void cleanup(double *dt, int from, int tlen);
+!  177		                    !/*
+!  178		                    !** the lengths of the input arrays should be at least the following:
+!  179		                    !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+!  180		                    !** all of them should be different from one another
+!  181		                    !**
+!  182		                    !*/
+!  183		                    !void mont_mulf_noconv(unsigned int *result,
+!  184		                    !		     double *dm1, double *dm2, double *dt,
+!  185		                    !		     double *dn, unsigned int *nint,
+!  186		                    !		     int nlen, double dn0)
+!  187		                    !{
+!  188		                    ! int i, j, jj;
+!  189		                    ! int tmp;
+!  190		                    ! double digit, m2j, nextm2j, a, b;
+!  191		                    ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+!  193		                    ! pdm1=&(dm1[0]);
+!  194		                    ! pdm2=&(dm2[0]);
+!  195		                    ! pdn=&(dn[0]);
+!  196		                    ! pdm2[2*nlen]=Zero;
+
+/* 0x0008	 196 ( 1  2) */		sethi	%hi(Zero),%g2
+/* 0x000c	 187 ( 1  2) */		or	%g0,%i2,%o1
+/* 0x0010	     ( 2  3) */		st	%i5,[%fp+88]
+/* 0x0014	     ( 2  3) */		or	%g0,%i3,%o2
+/* 0x0018	 196 ( 2  3) */		add	%g2,%lo(Zero),%g4
+/* 0x001c	     ( 3  6) */		ldd	[%g2+%lo(Zero)],%f2
+/* 0x0020	 187 ( 3  4) */		or	%g0,%o2,%g5
+/* 0x0024	 196 ( 3  4) */		or	%g0,%o1,%i0
+/* 0x0028	 187 ( 4  5) */		or	%g0,%i4,%i2
+
+!  198		                    ! if (nlen!=16)
+!  199		                    !   {
+!  200		                    !     for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
+!  202		                    !     a=dt[0]=pdm1[0]*pdm2[0];
+!  203		                    !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  205		                    !     pdtj=&(dt[0]);
+!  206		                    !     for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
+!  207		                    !       {
+!  208		                    !	 m2j=pdm2[j];
+!  209		                    !	 a=pdtj[0]+pdn[0]*digit;
+!  210		                    !	 b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
+!  211		                    !	 pdtj[1]=b;
+!  213		                    !#pragma pipeloop(0)
+!  214		                    !	 for(i=1;i<nlen;i++)
+!  215		                    !	   {
+!  216		                    !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  217		                    !	   }
+!  218		                    ! 	 if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
+!  219		                    !	 
+!  220		                    !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  221		                    !       }
+!  222		                    !   }
+!  223		                    ! else
+!  224		                    !   {
+!  225		                    !     a=dt[0]=pdm1[0]*pdm2[0];
+!  227		                    !     dt[65]=     dt[64]=     dt[63]=     dt[62]=     dt[61]=     dt[60]=
+!  228		                    !     dt[59]=     dt[58]=     dt[57]=     dt[56]=     dt[55]=     dt[54]=
+!  229		                    !     dt[53]=     dt[52]=     dt[51]=     dt[50]=     dt[49]=     dt[48]=
+!  230		                    !     dt[47]=     dt[46]=     dt[45]=     dt[44]=     dt[43]=     dt[42]=
+!  231		                    !     dt[41]=     dt[40]=     dt[39]=     dt[38]=     dt[37]=     dt[36]=
+!  232		                    !     dt[35]=     dt[34]=     dt[33]=     dt[32]=     dt[31]=     dt[30]=
+!  233		                    !     dt[29]=     dt[28]=     dt[27]=     dt[26]=     dt[25]=     dt[24]=
+!  234		                    !     dt[23]=     dt[22]=     dt[21]=     dt[20]=     dt[19]=     dt[18]=
+!  235		                    !     dt[17]=     dt[16]=     dt[15]=     dt[14]=     dt[13]=     dt[12]=
+!  236		                    !     dt[11]=     dt[10]=     dt[ 9]=     dt[ 8]=     dt[ 7]=     dt[ 6]=
+!  237		                    !     dt[ 5]=     dt[ 4]=     dt[ 3]=     dt[ 2]=     dt[ 1]=Zero;
+!  239		                    !     pdn_0=pdn[0];
+!  240		                    !     pdm1_0=pdm1[0];
+!  242		                    !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  243		                    !     pdtj=&(dt[0]);
+!  245		                    !     for(j=0;j<32;j++,pdtj++)
+!  246		                    !       {
+!  248		                    !	 m2j=pdm2[j];
+!  249		                    !	 a=pdtj[0]+pdn_0*digit;
+!  250		                    !	 b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
+!  251		                    !	 pdtj[1]=b;
+!  253		                    !	 /**** this loop will be fully unrolled:
+!  254		                    !	 for(i=1;i<16;i++)
+!  255		                    !	   {
+!  256		                    !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  257		                    !	   }
+!  258		                    !	 *************************************/
+!  259		                    !	     pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
+!  260		                    !	     pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
+!  261		                    !	     pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
+!  262		                    !	     pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
+!  263		                    !	     pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
+!  264		                    !	     pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
+!  265		                    !	     pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
+!  266		                    !	     pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
+!  267		                    !	     pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
+!  268		                    !	     pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
+!  269		                    !	     pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
+!  270		                    !	     pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
+!  271		                    !	     pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
+!  272		                    !	     pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
+!  273		                    !	     pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
+!  274		                    !	 /* no need for cleenup, cannot overflow */
+!  275		                    !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  276		                    !       }
+!  277		                    !   }
+!  279		                    ! conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
+!  281		                    ! adjust_montf_result(result,nint,nlen); 
+
+/* 0x002c	 281 ( 4  5) */		or	%g0,1,%o4
+/* 0x0030	 187 ( 6  9) */		ldd	[%fp+96],%f0
+/* 0x0034	 196 ( 7 10) */		ld	[%fp+92],%o0
+/* 0x0038	 187 ( 8  9) */		fmovd	%f0,%f16
+/* 0x003c	 196 ( 9 10) */		sll	%o0,4,%g2
+/* 0x0040	     ( 9 10) */		or	%g0,%o0,%g1
+/* 0x0044	 198 (10 11) */		cmp	%o0,16
+/* 0x0048	     (10 11) */		be,pn	%icc,.L77000289	! tprob=0.50
+/* 0x004c	     (10 11) */		std	%f2,[%o1+%g2]
+/* 0x0050	 200 (11 12) */		sll	%o0,2,%g2
+/* 0x0054	     (11 14) */		ldd	[%g4],%f2
+/* 0x0058	     (12 13) */		add	%g2,2,%o1
+/* 0x005c	     (12 13) */		add	%g2,1,%o3
+/* 0x0060	 196 (13 14) */		sll	%o0,1,%o7
+/* 0x0064	 200 (13 14) */		cmp	%o1,0
+/* 0x0068	     (13 14) */		ble,a,pt	%icc,.L900000755	! tprob=0.55
+/* 0x006c	     (14 17) */		ldd	[%i1],%f0
+/* 0x0070	     (14 15) */		cmp	%o1,3
+/* 0x0074	 281 (14 15) */		or	%g0,1,%o1
+/* 0x0078	     (14 15) */		bl,pn	%icc,.L77000279	! tprob=0.40
+/* 0x007c	     (15 16) */		add	%o2,8,%o0
+/* 0x0080	     (15 16) */		std	%f2,[%g5]
+/* 0x0084	   0 (16 17) */		or	%g0,%o0,%o2
+                                   .L900000726:		/* frequency 64.0 confidence 0.0 */
+/* 0x0088	     ( 3  5) */		ldd	[%g4],%f0
+/* 0x008c	     ( 3  4) */		add	%o4,1,%o4
+/* 0x0090	     ( 3  4) */		add	%o2,8,%o2
+/* 0x0094	     ( 4  4) */		cmp	%o4,%o3
+/* 0x0098	     ( 5  6) */		ble,pt	%icc,.L900000726	! tprob=0.50
+/* 0x009c	     ( 5  6) */		std	%f0,[%o2-8]
+                                   .L900000729:		/* frequency 8.0 confidence 0.0 */
+/* 0x00a0	     ( 0  1) */		ba	.L900000755	! tprob=1.00
+/* 0x00a4	     ( 0  3) */		ldd	[%i1],%f0
+                                   .L77000279:		/* frequency 0.6 confidence 0.0 */
+/* 0x00a8	     ( 0  1) */		std	%f2,[%o2]
+                                   .L900000754:		/* frequency 5.3 confidence 0.0 */
+/* 0x00ac	     ( 0  3) */		ldd	[%g4],%f2
+/* 0x00b0	     ( 0  1) */		cmp	%o1,%o3
+/* 0x00b4	     ( 0  1) */		add	%o2,8,%o2
+/* 0x00b8	     ( 1  2) */		add	%o1,1,%o1
+/* 0x00bc	     ( 1  2) */		ble,a,pt	%icc,.L900000754	! tprob=0.87
+/* 0x00c0	     ( 3  4) */		std	%f2,[%o2]
+                                   .L77000284:		/* frequency 0.8 confidence 0.0 */
+/* 0x00c4	 202 ( 0  3) */		ldd	[%i1],%f0
+                                   .L900000755:		/* frequency 0.8 confidence 0.0 */
+/* 0x00c8	 202 ( 0  3) */		ldd	[%i0],%f2
+/* 0x00cc	     ( 0  1) */		add	%o7,1,%o2
+/* 0x00d0	 206 ( 0  1) */		cmp	%o7,0
+/* 0x00d4	     ( 1  2) */		sll	%o2,1,%o0
+/* 0x00d8	     ( 1  2) */		sub	%o7,1,%o1
+/* 0x00dc	 202 ( 2  5) */		fmuld	%f0,%f2,%f0
+/* 0x00e0	     ( 2  3) */		std	%f0,[%g5]
+/* 0x00e4	     ( 2  3) */		sub	%g1,1,%o7
+/* 0x00e8	     ( 3  6) */		ldd	[%g4],%f6
+/* 0x00ec	   0 ( 3  4) */		or	%g0,%o7,%g3
+/* 0x00f0	     ( 3  4) */		or	%g0,0,%l0
+/* 0x00f4	     ( 4  7) */		ldd	[%g4-8],%f2
+/* 0x00f8	     ( 4  5) */		or	%g0,0,%i5
+/* 0x00fc	     ( 4  5) */		or	%g0,%o1,%o5
+/* 0x0100	     ( 5  8) */		fdtox	%f0,%f0
+/* 0x0104	     ( 5  8) */		ldd	[%g4-16],%f4
+/* 0x0108	     ( 5  6) */		or	%g0,%o0,%o3
+/* 0x010c	 210 ( 6  7) */		add	%i0,8,%o4
+/* 0x0110	     ( 6  7) */		or	%g0,0,%i4
+/* 0x0114	     ( 9 10) */		fmovs	%f6,%f0
+/* 0x0118	     (11 14) */		fxtod	%f0,%f0
+/* 0x011c	 203 (14 17) */		fmuld	%f0,%f16,%f0
+/* 0x0120	     (17 20) */		fmuld	%f0,%f2,%f2
+/* 0x0124	     (20 23) */		fdtox	%f2,%f2
+/* 0x0128	     (23 26) */		fxtod	%f2,%f2
+/* 0x012c	     (26 29) */		fmuld	%f2,%f4,%f2
+/* 0x0130	     (29 32) */		fsubd	%f0,%f2,%f22
+/* 0x0134	 206 (29 30) */		ble,pt	%icc,.L900000748	! tprob=0.60
+/* 0x0138	     (29 30) */		sll	%g1,4,%g2
+/* 0x013c	 210 (30 33) */		ldd	[%i2],%f0
+                                   .L900000749:		/* frequency 5.3 confidence 0.0 */
+/* 0x0140	 210 ( 0  3) */		fmuld	%f0,%f22,%f8
+/* 0x0144	     ( 0  3) */		ldd	[%i1],%f0
+/* 0x0148	 214 ( 0  1) */		cmp	%g1,1
+/* 0x014c	 210 ( 1  4) */		ldd	[%o4+%i4],%f6
+/* 0x0150	     ( 1  2) */		add	%i1,8,%o0
+/* 0x0154	 214 ( 1  2) */		or	%g0,1,%o1
+/* 0x0158	 210 ( 2  5) */		ldd	[%i3],%f2
+/* 0x015c	     ( 2  3) */		add	%i3,16,%l1
+/* 0x0160	     ( 3  6) */		fmuld	%f0,%f6,%f6
+/* 0x0164	     ( 3  6) */		ldd	[%g4-8],%f4
+/* 0x0168	     ( 4  7) */		faddd	%f2,%f8,%f2
+/* 0x016c	     ( 4  7) */		ldd	[%i3+8],%f0
+/* 0x0170	 208 ( 5  8) */		ldd	[%i0+%i4],%f20
+/* 0x0174	 210 ( 6  9) */		faddd	%f0,%f6,%f0
+/* 0x0178	     ( 7 10) */		fmuld	%f2,%f4,%f2
+/* 0x017c	     (10 13) */		faddd	%f0,%f2,%f18
+/* 0x0180	 211 (10 11) */		std	%f18,[%i3+8]
+/* 0x0184	 214 (10 11) */		ble,pt	%icc,.L900000753	! tprob=0.54
+/* 0x0188	     (11 12) */		srl	%i5,31,%g2
+/* 0x018c	     (11 12) */		cmp	%g3,7
+/* 0x0190	 210 (12 13) */		add	%i2,8,%g2
+/* 0x0194	 214 (12 13) */		bl,pn	%icc,.L77000281	! tprob=0.36
+/* 0x0198	     (13 14) */		add	%g2,24,%o2
+/* 0x019c	 216 (13 16) */		ldd	[%o0+16],%f14
+/* 0x01a0	     (13 14) */		add	%i3,48,%l1
+/* 0x01a4	     (14 17) */		ldd	[%o0+24],%f12
+/* 0x01a8	   0 (14 15) */		or	%g0,%o2,%g2
+/* 0x01ac	 214 (14 15) */		sub	%g1,3,%o2
+/* 0x01b0	 216 (15 18) */		ldd	[%o0],%f2
+/* 0x01b4	     (15 16) */		or	%g0,5,%o1
+/* 0x01b8	     (16 19) */		ldd	[%g2-24],%f0
+/* 0x01bc	     (17 20) */		ldd	[%o0+8],%f6
+/* 0x01c0	     (17 20) */		fmuld	%f2,%f20,%f2
+/* 0x01c4	     (17 18) */		add	%o0,32,%o0
+/* 0x01c8	     (18 21) */		ldd	[%g2-16],%f8
+/* 0x01cc	     (18 21) */		fmuld	%f0,%f22,%f4
+/* 0x01d0	     (19 22) */		ldd	[%i3+16],%f0
+/* 0x01d4	     (19 22) */		fmuld	%f6,%f20,%f10
+/* 0x01d8	     (20 23) */		ldd	[%g2-8],%f6
+/* 0x01dc	     (21 24) */		faddd	%f2,%f4,%f4
+/* 0x01e0	     (21 24) */		ldd	[%i3+32],%f2
+                                   .L900000738:		/* frequency 512.0 confidence 0.0 */
+/* 0x01e4	 216 (16 24) */		ldd	[%g2],%f24
+/* 0x01e8	     (16 17) */		add	%o1,3,%o1
+/* 0x01ec	     (16 17) */		add	%g2,24,%g2
+/* 0x01f0	     (16 19) */		fmuld	%f8,%f22,%f8
+/* 0x01f4	     (17 25) */		ldd	[%l1],%f28
+/* 0x01f8	     (17 17) */		cmp	%o1,%o2
+/* 0x01fc	     (17 18) */		add	%o0,24,%o0
+/* 0x0200	     (18 26) */		ldd	[%o0-24],%f26
+/* 0x0204	     (18 21) */		faddd	%f0,%f4,%f0
+/* 0x0208	     (18 19) */		add	%l1,48,%l1
+/* 0x020c	     (19 22) */		faddd	%f10,%f8,%f10
+/* 0x0210	     (19 22) */		fmuld	%f14,%f20,%f4
+/* 0x0214	     (19 20) */		std	%f0,[%l1-80]
+/* 0x0218	     (20 28) */		ldd	[%g2-16],%f8
+/* 0x021c	     (20 23) */		fmuld	%f6,%f22,%f6
+/* 0x0220	     (21 29) */		ldd	[%l1-32],%f0
+/* 0x0224	     (22 30) */		ldd	[%o0-16],%f14
+/* 0x0228	     (22 25) */		faddd	%f2,%f10,%f2
+/* 0x022c	     (23 26) */		faddd	%f4,%f6,%f10
+/* 0x0230	     (23 26) */		fmuld	%f12,%f20,%f4
+/* 0x0234	     (23 24) */		std	%f2,[%l1-64]
+/* 0x0238	     (24 32) */		ldd	[%g2-8],%f6
+/* 0x023c	     (24 27) */		fmuld	%f24,%f22,%f24
+/* 0x0240	     (25 33) */		ldd	[%l1-16],%f2
+/* 0x0244	     (26 34) */		ldd	[%o0-8],%f12
+/* 0x0248	     (26 29) */		faddd	%f28,%f10,%f10
+/* 0x024c	     (27 28) */		std	%f10,[%l1-48]
+/* 0x0250	     (27 30) */		fmuld	%f26,%f20,%f10
+/* 0x0254	     (27 28) */		ble,pt	%icc,.L900000738	! tprob=0.50
+/* 0x0258	     (27 30) */		faddd	%f4,%f24,%f4
+                                   .L900000741:		/* frequency 64.0 confidence 0.0 */
+/* 0x025c	 216 ( 0  3) */		fmuld	%f8,%f22,%f28
+/* 0x0260	     ( 0  3) */		ldd	[%g2],%f24
+/* 0x0264	     ( 0  3) */		faddd	%f0,%f4,%f26
+/* 0x0268	     ( 1  4) */		fmuld	%f12,%f20,%f8
+/* 0x026c	     ( 1  2) */		add	%l1,32,%l1
+/* 0x0270	     ( 1  2) */		cmp	%o1,%g3
+/* 0x0274	     ( 2  5) */		fmuld	%f14,%f20,%f14
+/* 0x0278	     ( 2  5) */		ldd	[%l1-32],%f4
+/* 0x027c	     ( 2  3) */		add	%g2,8,%g2
+/* 0x0280	     ( 3  6) */		faddd	%f10,%f28,%f12
+/* 0x0284	     ( 3  6) */		fmuld	%f6,%f22,%f6
+/* 0x0288	     ( 3  6) */		ldd	[%l1-16],%f0
+/* 0x028c	     ( 4  7) */		fmuld	%f24,%f22,%f10
+/* 0x0290	     ( 4  5) */		std	%f26,[%l1-64]
+/* 0x0294	     ( 6  9) */		faddd	%f2,%f12,%f2
+/* 0x0298	     ( 6  7) */		std	%f2,[%l1-48]
+/* 0x029c	     ( 7 10) */		faddd	%f14,%f6,%f6
+/* 0x02a0	     ( 8 11) */		faddd	%f8,%f10,%f2
+/* 0x02a4	     (10 13) */		faddd	%f4,%f6,%f4
+/* 0x02a8	     (10 11) */		std	%f4,[%l1-32]
+/* 0x02ac	     (11 14) */		faddd	%f0,%f2,%f0
+/* 0x02b0	     (11 12) */		bg,pn	%icc,.L77000213	! tprob=0.13
+/* 0x02b4	     (11 12) */		std	%f0,[%l1-16]
+                                   .L77000281:		/* frequency 4.0 confidence 0.0 */
+/* 0x02b8	 216 ( 0  3) */		ldd	[%o0],%f0
+                                   .L900000752:		/* frequency 36.6 confidence 0.0 */
+/* 0x02bc	 216 ( 0  3) */		ldd	[%g2],%f4
+/* 0x02c0	     ( 0  3) */		fmuld	%f0,%f20,%f2
+/* 0x02c4	     ( 0  1) */		add	%o1,1,%o1
+/* 0x02c8	     ( 1  4) */		ldd	[%l1],%f0
+/* 0x02cc	     ( 1  2) */		add	%o0,8,%o0
+/* 0x02d0	     ( 1  2) */		add	%g2,8,%g2
+/* 0x02d4	     ( 2  5) */		fmuld	%f4,%f22,%f4
+/* 0x02d8	     ( 2  3) */		cmp	%o1,%g3
+/* 0x02dc	     ( 5  8) */		faddd	%f2,%f4,%f2
+/* 0x02e0	     ( 8 11) */		faddd	%f0,%f2,%f0
+/* 0x02e4	     ( 8  9) */		std	%f0,[%l1]
+/* 0x02e8	     ( 8  9) */		add	%l1,16,%l1
+/* 0x02ec	     ( 8  9) */		ble,a,pt	%icc,.L900000752	! tprob=0.87
+/* 0x02f0	     (10 13) */		ldd	[%o0],%f0
+                                   .L77000213:		/* frequency 5.3 confidence 0.0 */
+/* 0x02f4	     ( 0  1) */		srl	%i5,31,%g2
+                                   .L900000753:		/* frequency 5.3 confidence 0.0 */
+/* 0x02f8	 218 ( 0  1) */		cmp	%l0,30
+/* 0x02fc	     ( 0  1) */		bne,a,pt	%icc,.L900000751	! tprob=0.54
+/* 0x0300	     ( 0  3) */		fdtox	%f18,%f0
+/* 0x0304	     ( 1  2) */		add	%i5,%g2,%g2
+/* 0x0308	     ( 1  2) */		sub	%o3,1,%o2
+/* 0x030c	     ( 2  3) */		sra	%g2,1,%o0
+/* 0x0310	 216 ( 2  5) */		ldd	[%g4],%f0
+/* 0x0314	     ( 3  4) */		add	%o0,1,%g2
+/* 0x0318	     ( 4  5) */		sll	%g2,1,%o0
+/* 0x031c	     ( 4  5) */		fmovd	%f0,%f2
+/* 0x0320	     ( 5  6) */		sll	%g2,4,%o1
+/* 0x0324	     ( 5  6) */		cmp	%o0,%o3
+/* 0x0328	     ( 5  6) */		bge,pt	%icc,.L77000215	! tprob=0.53
+/* 0x032c	     ( 6  7) */		or	%g0,0,%l0
+/* 0x0330	 218 ( 6  7) */		add	%g5,%o1,%o1
+/* 0x0334	 216 ( 7 10) */		ldd	[%o1],%f8
+                                   .L900000750:		/* frequency 32.0 confidence 0.0 */
+/* 0x0338	     ( 0  3) */		fdtox	%f8,%f6
+/* 0x033c	     ( 0  3) */		ldd	[%g4],%f10
+/* 0x0340	     ( 0  1) */		add	%o0,2,%o0
+/* 0x0344	     ( 1  4) */		ldd	[%o1+8],%f4
+/* 0x0348	     ( 1  4) */		fdtox	%f8,%f8
+/* 0x034c	     ( 1  2) */		cmp	%o0,%o2
+/* 0x0350	     ( 5  6) */		fmovs	%f10,%f6
+/* 0x0354	     ( 7 10) */		fxtod	%f6,%f10
+/* 0x0358	     ( 8 11) */		fdtox	%f4,%f6
+/* 0x035c	     ( 9 12) */		fdtox	%f4,%f4
+/* 0x0360	     (10 13) */		faddd	%f10,%f2,%f2
+/* 0x0364	     (10 11) */		std	%f2,[%o1]
+/* 0x0368	     (12 15) */		ldd	[%g4],%f2
+/* 0x036c	     (14 15) */		fmovs	%f2,%f6
+/* 0x0370	     (16 19) */		fxtod	%f6,%f6
+/* 0x0374	     (17 20) */		fitod	%f8,%f2
+/* 0x0378	     (19 22) */		faddd	%f6,%f0,%f0
+/* 0x037c	     (19 20) */		std	%f0,[%o1+8]
+/* 0x0380	     (19 20) */		add	%o1,16,%o1
+/* 0x0384	     (20 23) */		fitod	%f4,%f0
+/* 0x0388	     (20 21) */		ble,a,pt	%icc,.L900000750	! tprob=0.87
+/* 0x038c	     (20 23) */		ldd	[%o1],%f8
+                                   .L77000233:		/* frequency 4.6 confidence 0.0 */
+/* 0x0390	     ( 0  0) */		or	%g0,0,%l0
+                                   .L77000215:		/* frequency 5.3 confidence 0.0 */
+/* 0x0394	     ( 0  3) */		fdtox	%f18,%f0
+                                   .L900000751:		/* frequency 5.3 confidence 0.0 */
+/* 0x0398	     ( 0  3) */		ldd	[%g4],%f6
+/* 0x039c	 220 ( 0  1) */		add	%i5,1,%i5
+/* 0x03a0	     ( 0  1) */		add	%i4,8,%i4
+/* 0x03a4	     ( 1  4) */		ldd	[%g4-8],%f2
+/* 0x03a8	     ( 1  2) */		add	%l0,1,%l0
+/* 0x03ac	     ( 1  2) */		add	%i3,8,%i3
+/* 0x03b0	     ( 2  3) */		fmovs	%f6,%f0
+/* 0x03b4	     ( 2  5) */		ldd	[%g4-16],%f4
+/* 0x03b8	     ( 2  3) */		cmp	%i5,%o5
+/* 0x03bc	     ( 4  7) */		fxtod	%f0,%f0
+/* 0x03c0	     ( 7 10) */		fmuld	%f0,%f16,%f0
+/* 0x03c4	     (10 13) */		fmuld	%f0,%f2,%f2
+/* 0x03c8	     (13 16) */		fdtox	%f2,%f2
+/* 0x03cc	     (16 19) */		fxtod	%f2,%f2
+/* 0x03d0	     (19 22) */		fmuld	%f2,%f4,%f2
+/* 0x03d4	     (22 25) */		fsubd	%f0,%f2,%f22
+/* 0x03d8	     (22 23) */		ble,a,pt	%icc,.L900000749	! tprob=0.89
+/* 0x03dc	     (22 25) */		ldd	[%i2],%f0
+                                   .L900000725:		/* frequency 0.7 confidence 0.0 */
+/* 0x03e0	 220 ( 0  1) */		ba	.L900000748	! tprob=1.00
+/* 0x03e4	     ( 0  1) */		sll	%g1,4,%g2
+
+	
+                                   .L77000289:		/* frequency 0.8 confidence 0.0 */
+/* 0x03e8	 225 ( 0  3) */		ldd	[%o1],%f6
+/* 0x03ec	 242 ( 0  1) */		add	%g4,-8,%g2
+/* 0x03f0	     ( 0  1) */		add	%g4,-16,%g3
+/* 0x03f4	 225 ( 1  4) */		ldd	[%i1],%f2
+/* 0x03f8	 245 ( 1  2) */		or	%g0,0,%o3
+/* 0x03fc	     ( 1  2) */		or	%g0,0,%o0
+/* 0x0400	 225 ( 3  6) */		fmuld	%f2,%f6,%f2
+/* 0x0404	     ( 3  4) */		std	%f2,[%o2]
+/* 0x0408	     ( 4  7) */		ldd	[%g4],%f6
+/* 0x040c	 237 ( 7  8) */		std	%f6,[%o2+8]
+/* 0x0410	     ( 8  9) */		std	%f6,[%o2+16]
+/* 0x0414	     ( 9 10) */		std	%f6,[%o2+24]
+/* 0x0418	     (10 11) */		std	%f6,[%o2+32]
+/* 0x041c	     (11 12) */		std	%f6,[%o2+40]
+/* 0x0420	     (12 13) */		std	%f6,[%o2+48]
+/* 0x0424	     (13 14) */		std	%f6,[%o2+56]
+/* 0x0428	     (14 15) */		std	%f6,[%o2+64]
+/* 0x042c	     (15 16) */		std	%f6,[%o2+72]
+!	prefetch	[%i4],0
+!	prefetch	[%i4+32],0
+!	prefetch	[%i4+64],0
+!	prefetch	[%i4+96],0
+!	prefetch	[%i4+120],0
+!	prefetch	[%i1],0
+!	prefetch	[%i1+32],0
+!	prefetch	[%i1+64],0
+!	prefetch	[%i1+96],0
+!	prefetch	[%i1+120],0
+/* 0x0430	     (16 17) */		std	%f6,[%o2+80]
+/* 0x0434	     (17 18) */		std	%f6,[%o2+88]
+/* 0x0438	     (18 19) */		std	%f6,[%o2+96]
+/* 0x043c	     (19 20) */		std	%f6,[%o2+104]
+/* 0x0440	     (20 21) */		std	%f6,[%o2+112]
+/* 0x0444	     (21 22) */		std	%f6,[%o2+120]
+/* 0x0448	     (22 23) */		std	%f6,[%o2+128]
+/* 0x044c	     (23 24) */		std	%f6,[%o2+136]
+/* 0x0450	     (24 25) */		std	%f6,[%o2+144]
+/* 0x0454	     (25 26) */		std	%f6,[%o2+152]
+/* 0x0458	     (26 27) */		std	%f6,[%o2+160]
+/* 0x045c	     (27 28) */		std	%f6,[%o2+168]
+/* 0x0460	     (27 30) */		fdtox	%f2,%f2
+/* 0x0464	     (28 29) */		std	%f6,[%o2+176]
+/* 0x0468	     (29 30) */		std	%f6,[%o2+184]
+/* 0x046c	     (30 31) */		std	%f6,[%o2+192]
+/* 0x0470	     (31 32) */		std	%f6,[%o2+200]
+/* 0x0474	     (32 33) */		std	%f6,[%o2+208]
+/* 0x0478	     (33 34) */		std	%f6,[%o2+216]
+/* 0x047c	     (34 35) */		std	%f6,[%o2+224]
+/* 0x0480	     (35 36) */		std	%f6,[%o2+232]
+/* 0x0484	     (36 37) */		std	%f6,[%o2+240]
+/* 0x0488	     (37 38) */		std	%f6,[%o2+248]
+/* 0x048c	     (38 39) */		std	%f6,[%o2+256]
+/* 0x0490	     (39 40) */		std	%f6,[%o2+264]
+/* 0x0494	     (40 41) */		std	%f6,[%o2+272]
+/* 0x0498	     (41 42) */		std	%f6,[%o2+280]
+/* 0x049c	     (42 43) */		std	%f6,[%o2+288]
+/* 0x04a0	     (43 44) */		std	%f6,[%o2+296]
+/* 0x04a4	     (44 45) */		std	%f6,[%o2+304]
+/* 0x04a8	     (45 46) */		std	%f6,[%o2+312]
+/* 0x04ac	     (46 47) */		std	%f6,[%o2+320]
+/* 0x04b0	     (47 48) */		std	%f6,[%o2+328]
+/* 0x04b4	     (48 49) */		std	%f6,[%o2+336]
+/* 0x04b8	     (49 50) */		std	%f6,[%o2+344]
+/* 0x04bc	     (50 51) */		std	%f6,[%o2+352]
+/* 0x04c0	     (51 52) */		std	%f6,[%o2+360]
+/* 0x04c4	     (52 53) */		std	%f6,[%o2+368]
+/* 0x04c8	     (53 54) */		std	%f6,[%o2+376]
+/* 0x04cc	     (54 55) */		std	%f6,[%o2+384]
+/* 0x04d0	     (55 56) */		std	%f6,[%o2+392]
+/* 0x04d4	     (56 57) */		std	%f6,[%o2+400]
+/* 0x04d8	     (57 58) */		std	%f6,[%o2+408]
+/* 0x04dc	     (58 59) */		std	%f6,[%o2+416]
+/* 0x04e0	     (59 60) */		std	%f6,[%o2+424]
+/* 0x04e4	     (60 61) */		std	%f6,[%o2+432]
+/* 0x04e8	     (61 62) */		std	%f6,[%o2+440]
+/* 0x04ec	     (62 63) */		std	%f6,[%o2+448]
+/* 0x04f0	     (63 64) */		std	%f6,[%o2+456]
+/* 0x04f4	     (64 65) */		std	%f6,[%o2+464]
+/* 0x04f8	     (65 66) */		std	%f6,[%o2+472]
+/* 0x04fc	     (66 67) */		std	%f6,[%o2+480]
+/* 0x0500	     (67 68) */		std	%f6,[%o2+488]
+/* 0x0504	     (68 69) */		std	%f6,[%o2+496]
+/* 0x0508	     (69 70) */		std	%f6,[%o2+504]
+/* 0x050c	     (70 71) */		std	%f6,[%o2+512]
+/* 0x0510	     (71 72) */		std	%f6,[%o2+520]
+/* 0x0514	 242 (72 75) */		ld	[%g4],%f2 ! dalign
+/* 0x0518	     (73 76) */		ld	[%g2],%f6 ! dalign
+/* 0x051c	     (74 77) */		fxtod	%f2,%f10
+/* 0x0520	     (74 77) */		ld	[%g2+4],%f7
+/* 0x0524	     (75 78) */		ld	[%g3],%f8 ! dalign
+/* 0x0528	     (76 79) */		ld	[%g3+4],%f9
+/* 0x052c	     (77 80) */		fmuld	%f10,%f0,%f0
+/* 0x0530	 239 (77 80) */		ldd	[%i4],%f4
+/* 0x0534	 240 (78 81) */		ldd	[%i1],%f2
+/* 0x0538	     (80 83) */		fmuld	%f0,%f6,%f6
+/* 0x053c	     (83 86) */		fdtox	%f6,%f6
+/* 0x0540	     (86 89) */		fxtod	%f6,%f6
+/* 0x0544	     (89 92) */		fmuld	%f6,%f8,%f6
+/* 0x0548	     (92 95) */		fsubd	%f0,%f6,%f0
+/* 0x054c	 250 (95 98) */		fmuld	%f4,%f0,%f10
+                                   .L900000747:		/* frequency 6.4 confidence 0.0 */
+
+
+	fmovd %f0,%f0
+	fmovd %f16,%f18
+	ldd [%i4],%f2
+	ldd [%o2],%f8
+	ldd [%i1],%f10
+	ldd [%g4-8],%f14
+	ldd [%g4-16],%f16
+	ldd [%o1],%f24
+
+	ldd [%i1+8],%f26
+	ldd [%i1+16],%f40
+	ldd [%i1+48],%f46
+	ldd [%i1+56],%f30
+	ldd [%i1+64],%f54
+	ldd [%i1+104],%f34
+	ldd [%i1+112],%f58
+
+	ldd [%i4+112],%f60
+	ldd [%i4+8],%f28	
+	ldd [%i4+104],%f38
+
+	nop
+	nop
+!
+	.L99999999:
+!1
+!!!
+	ldd	[%i1+24],%f32
+	fmuld	%f0,%f2,%f4
+!2
+!!!
+	ldd	[%i4+24],%f36
+	fmuld	%f26,%f24,%f20
+!3
+!!!
+	ldd	[%i1+40],%f42
+	fmuld	%f28,%f0,%f22
+!4
+!!!
+	ldd	[%i4+40],%f44
+	fmuld	%f32,%f24,%f32
+!5
+!!!
+	ldd	[%o1+8],%f6
+	faddd	%f4,%f8,%f4
+	fmuld	%f36,%f0,%f36
+!6
+!!!
+	add	%o1,8,%o1
+	ldd	[%i4+56],%f50
+	fmuld	%f42,%f24,%f42
+!7
+!!!
+	ldd	[%i1+72],%f52
+	faddd	%f20,%f22,%f20
+	fmuld	%f44,%f0,%f44
+!8
+!!!
+	ldd	[%o2+16],%f22
+	fmuld	%f10,%f6,%f12
+!9
+!!!
+	ldd	[%i4+72],%f56
+	faddd	%f32,%f36,%f32
+	fmuld	%f14,%f4,%f4
+!10
+!!!
+	ldd	[%o2+48],%f36
+	fmuld	%f30,%f24,%f48
+!11
+!!!
+	ldd	[%o2+8],%f8
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50	
+!12
+!!!
+	std	%f20,[%o2+16]
+	faddd	%f42,%f44,%f42
+	fmuld	%f52,%f24,%f52
+!13
+!!!
+	ldd	[%o2+80],%f44
+	faddd	%f4,%f12,%f4
+	fmuld	%f56,%f0,%f56
+!14
+!!!
+	ldd	[%i1+88],%f20
+	faddd	%f32,%f36,%f32
+!15
+!!!
+	ldd	[%i4+88],%f22
+	faddd	%f48,%f50,%f48
+!16
+!!!
+	ldd	[%o2+112],%f50
+	faddd	%f52,%f56,%f52
+!17
+!!!
+	ldd	[%o2+144],%f56
+	faddd	%f4,%f8,%f8
+	fmuld	%f20,%f24,%f20
+!18
+!!!
+	std	%f32,[%o2+48]
+	faddd	%f42,%f44,%f42
+	fmuld	%f22,%f0,%f22
+!19
+!!!
+	std	%f42,[%o2+80]
+	faddd	%f48,%f50,%f48
+	fmuld	%f34,%f24,%f32
+!20
+!!!
+	std	%f48,[%o2+112]
+	faddd	%f52,%f56,%f52
+	fmuld	%f38,%f0,%f36
+!21
+!!!
+	ldd	[%i1+120],%f42
+	fdtox	%f8,%f4
+!22
+!!!
+	std	%f52,[%o2+144]
+	faddd	%f20,%f22,%f20
+!23
+!!!
+	ldd	[%i4+120],%f44
+!24
+!!!
+	ldd	[%o2+176],%f22
+	faddd	%f32,%f36,%f32
+	fmuld	%f42,%f24,%f42
+!25
+!!!
+	ldd	[%i4+16],%f50
+	fmovs	%f17,%f4
+!26
+!!!
+	ldd	[%i1+32],%f52
+	fmuld	%f44,%f0,%f44
+!27
+!!!
+	ldd	[%i4+32],%f56
+	fmuld	%f40,%f24,%f48
+!28
+!!!
+	ldd	[%o2+208],%f36
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50
+!29
+!!!
+	std	%f20,[%o2+176]
+	fxtod	%f4,%f4
+	fmuld	%f52,%f24,%f52
+!30
+!!!
+	ldd	[%i4+48],%f22
+	faddd	%f42,%f44,%f42
+	fmuld	%f56,%f0,%f56
+!31
+!!!
+	ldd	[%o2+240],%f44
+	faddd	%f32,%f36,%f32
+!32
+!!!
+	std	%f32,[%o2+208]
+	faddd	%f48,%f50,%f48
+	fmuld	%f46,%f24,%f20
+!33
+!!!
+	ldd	[%o2+32],%f50
+	fmuld	%f4,%f18,%f12
+!34
+!!!
+	ldd	[%i4+64],%f36
+	faddd	%f52,%f56,%f52
+	fmuld	%f22,%f0,%f22
+!35
+!!!
+	ldd	[%o2+64],%f56
+	faddd	%f42,%f44,%f42
+!36
+!!!
+	std	%f42,[%o2+240]
+	faddd	%f48,%f50,%f48
+	fmuld	%f54,%f24,%f32
+!37
+!!!
+	std	%f48,[%o2+32]
+	fmuld	%f12,%f14,%f4
+!38
+!!!
+	ldd	[%i1+80],%f42
+	faddd	%f52,%f56,%f56	! yes, tmp52!
+	fmuld	%f36,%f0,%f36
+!39
+!!!
+	ldd	[%i4+80],%f44
+	faddd	%f20,%f22,%f20
+!40
+!!!
+	ldd	[%i1+96],%f48
+	fmuld	%f58,%f24,%f52
+!41
+!!!
+	ldd	[%i4+96],%f50
+	fdtox	%f4,%f4
+	fmuld	%f42,%f24,%f42
+!42
+!!!
+	std	%f56,[%o2+64]	! yes, tmp52!
+	faddd	%f32,%f36,%f32
+	fmuld	%f44,%f0,%f44
+!43
+!!!
+	ldd	[%o2+96],%f22
+	fmuld	%f48,%f24,%f48
+!44
+!!!
+	ldd	[%o2+128],%f36
+	fmovd	%f6,%f24
+	fmuld	%f50,%f0,%f50
+!45
+!!!
+	fxtod	%f4,%f4
+	fmuld	%f60,%f0,%f56
+!46
+!!!
+	add	%o2,8,%o2
+	faddd	%f42,%f44,%f42
+!47
+!!!
+	ldd	[%o2+160-8],%f44
+	faddd	%f20,%f22,%f20
+!48
+!!!
+	std	%f20,[%o2+96-8]
+	faddd	%f48,%f50,%f48
+!49
+!!!
+	ldd	[%o2+192-8],%f50
+	faddd	%f52,%f56,%f52
+	fmuld	%f4,%f16,%f4
+!50
+!!!
+	ldd	[%o2+224-8],%f56
+	faddd	%f32,%f36,%f32
+!51
+!!!
+	std	%f32,[%o2+128-8]
+	faddd	%f42,%f44,%f42
+!52
+	add	%o3,1,%o3
+	std	%f42,[%o2+160-8]
+	faddd	%f48,%f50,%f48
+!53
+!!!
+	cmp	%o3,31
+	std	%f48,[%o2+192-8]
+	faddd	%f52,%f56,%f52
+!54
+	std	%f52,[%o2+224-8]
+	ble,pt	%icc,.L99999999
+	fsubd	%f12,%f4,%f0
+
+
+
+!55
+	std %f8,[%o2]
+
+	
+	
+	
+	
+	
+	                                   .L77000285:		/* frequency 1.0 confidence 0.0 */
+/* 0x07a8	 279 ( 0  1) */		sll	%g1,4,%g2
+                                   .L900000748:		/* frequency 1.0 confidence 0.0 */
+/* 0x07ac	 279 ( 0  3) */		ldd	[%g5+%g2],%f0
+/* 0x07b0	     ( 0  1) */		add	%g5,%g2,%i1
+/* 0x07b4	     ( 0  1) */		or	%g0,0,%o4
+/* 0x07b8	 206 ( 1  4) */		ld	[%fp+68],%o0
+/* 0x07bc	 279 ( 1  2) */		or	%g0,0,%i0
+/* 0x07c0	     ( 1  2) */		cmp	%g1,0
+/* 0x07c4	     ( 2  5) */		fdtox	%f0,%f0
+/* 0x07c8	     ( 2  3) */		std	%f0,[%sp+120]
+/* 0x07cc	 275 ( 2  3) */		sethi	%hi(0xfc00),%o1
+/* 0x07d0	 206 ( 3  4) */		or	%g0,%o0,%o3
+/* 0x07d4	 275 ( 3  4) */		sub	%g1,1,%g4
+/* 0x07d8	 279 ( 4  7) */		ldd	[%i1+8],%f0
+/* 0x07dc	     ( 4  5) */		or	%g0,%o0,%g5
+/* 0x07e0	     ( 4  5) */		add	%o1,1023,%o1
+/* 0x07e4	     ( 6  9) */		fdtox	%f0,%f0
+/* 0x07e8	     ( 6  7) */		std	%f0,[%sp+112]
+/* 0x07ec	     (10 12) */		ldx	[%sp+112],%o5
+/* 0x07f0	     (11 13) */		ldx	[%sp+120],%o7
+/* 0x07f4	     (11 12) */		ble,pt	%icc,.L900000746	! tprob=0.56
+/* 0x07f8	     (11 12) */		sethi	%hi(0xfc00),%g2
+/* 0x07fc	 275 (12 13) */		or	%g0,-1,%g2
+/* 0x0800	 279 (12 13) */		cmp	%g1,3
+/* 0x0804	 275 (13 14) */		srl	%g2,0,%o2
+/* 0x0808	 279 (13 14) */		bl,pn	%icc,.L77000286	! tprob=0.44
+/* 0x080c	     (13 14) */		or	%g0,%i1,%g2
+/* 0x0810	     (14 17) */		ldd	[%i1+16],%f0
+/* 0x0814	     (14 15) */		and	%o5,%o1,%o0
+/* 0x0818	     (14 15) */		add	%i1,16,%g2
+/* 0x081c	     (15 16) */		sllx	%o0,16,%g3
+/* 0x0820	     (15 16) */		and	%o7,%o2,%o0
+/* 0x0824	     (16 19) */		fdtox	%f0,%f0
+/* 0x0828	     (16 17) */		std	%f0,[%sp+104]
+/* 0x082c	     (16 17) */		add	%o0,%g3,%o4
+/* 0x0830	     (17 20) */		ldd	[%i1+24],%f2
+/* 0x0834	     (17 18) */		srax	%o5,16,%o0
+/* 0x0838	     (17 18) */		add	%o3,4,%g5
+/* 0x083c	     (18 19) */		stx	%o0,[%sp+128]
+/* 0x0840	     (18 19) */		and	%o4,%o2,%o0
+/* 0x0844	     (18 19) */		or	%g0,1,%i0
+/* 0x0848	     (19 20) */		stx	%o0,[%sp+112]
+/* 0x084c	     (19 20) */		srax	%o4,32,%o0
+/* 0x0850	     (19 22) */		fdtox	%f2,%f0
+/* 0x0854	     (20 21) */		stx	%o0,[%sp+136]
+/* 0x0858	     (20 21) */		srax	%o7,32,%o4
+/* 0x085c	     (21 22) */		std	%f0,[%sp+96]
+/* 0x0860	     (22 24) */		ldx	[%sp+136],%o7
+/* 0x0864	     (23 25) */		ldx	[%sp+128],%o0
+/* 0x0868	     (25 27) */		ldx	[%sp+104],%g3
+/* 0x086c	     (25 26) */		add	%o0,%o7,%o0
+/* 0x0870	     (26 28) */		ldx	[%sp+112],%o7
+/* 0x0874	     (26 27) */		add	%o4,%o0,%o4
+/* 0x0878	     (27 29) */		ldx	[%sp+96],%o5
+/* 0x087c	     (28 29) */		st	%o7,[%o3]
+/* 0x0880	     (28 29) */		or	%g0,%g3,%o7
+                                   .L900000730:		/* frequency 64.0 confidence 0.0 */
+/* 0x0884	     (17 19) */		ldd	[%g2+16],%f0
+/* 0x0888	     (17 18) */		add	%i0,1,%i0
+/* 0x088c	     (17 18) */		add	%g5,4,%g5
+/* 0x0890	     (18 18) */		cmp	%i0,%g4
+/* 0x0894	     (18 19) */		add	%g2,16,%g2
+/* 0x0898	     (19 22) */		fdtox	%f0,%f0
+/* 0x089c	     (20 21) */		std	%f0,[%sp+104]
+/* 0x08a0	     (21 23) */		ldd	[%g2+8],%f0
+/* 0x08a4	     (23 26) */		fdtox	%f0,%f0
+/* 0x08a8	     (24 25) */		std	%f0,[%sp+96]
+/* 0x08ac	     (25 26) */		and	%o5,%o1,%g3
+/* 0x08b0	     (26 27) */		sllx	%g3,16,%g3
+/* 0x08b4	     ( 0  0) */		stx	%g3,[%sp+120]
+/* 0x08b8	     (26 27) */		and	%o7,%o2,%g3
+/* 0x08bc	     ( 0  0) */		stx	%o7,[%sp+128]
+/* 0x08c0	     ( 0  0) */		ldx	[%sp+120],%o7
+/* 0x08c4	     (27 27) */		add	%g3,%o7,%g3
+/* 0x08c8	     ( 0  0) */		ldx	[%sp+128],%o7
+/* 0x08cc	     (28 29) */		srax	%o5,16,%o5
+/* 0x08d0	     (28 28) */		add	%g3,%o4,%g3
+/* 0x08d4	     (29 30) */		srax	%g3,32,%o4
+/* 0x08d8	     ( 0  0) */		stx	%o4,[%sp+112]
+/* 0x08dc	     (30 31) */		srax	%o7,32,%o4
+/* 0x08e0	     ( 0  0) */		ldx	[%sp+112],%o7
+/* 0x08e4	     (30 31) */		add	%o5,%o7,%o7
+/* 0x08e8	     (31 33) */		ldx	[%sp+96],%o5
+/* 0x08ec	     (31 32) */		add	%o4,%o7,%o4
+/* 0x08f0	     (32 33) */		and	%g3,%o2,%g3
+/* 0x08f4	     ( 0  0) */		ldx	[%sp+104],%o7
+/* 0x08f8	     (33 34) */		ble,pt	%icc,.L900000730	! tprob=0.50
+/* 0x08fc	     (33 34) */		st	%g3,[%g5-4]
+                                   .L900000733:		/* frequency 8.0 confidence 0.0 */
+/* 0x0900	     ( 0  1) */		ba	.L900000746	! tprob=1.00
+/* 0x0904	     ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L77000286:		/* frequency 0.7 confidence 0.0 */
+/* 0x0908	     ( 0  3) */		ldd	[%g2+16],%f0
+                                   .L900000745:		/* frequency 6.4 confidence 0.0 */
+/* 0x090c	     ( 0  1) */		and	%o7,%o2,%o0
+/* 0x0910	     ( 0  1) */		and	%o5,%o1,%g3
+/* 0x0914	     ( 0  3) */		fdtox	%f0,%f0
+/* 0x0918	     ( 1  2) */		add	%o4,%o0,%o0
+/* 0x091c	     ( 1  2) */		std	%f0,[%sp+104]
+/* 0x0920	     ( 1  2) */		add	%i0,1,%i0
+/* 0x0924	     ( 2  3) */		sllx	%g3,16,%o4
+/* 0x0928	     ( 2  5) */		ldd	[%g2+24],%f2
+/* 0x092c	     ( 2  3) */		add	%g2,16,%g2
+/* 0x0930	     ( 3  4) */		add	%o0,%o4,%o4
+/* 0x0934	     ( 3  4) */		cmp	%i0,%g4
+/* 0x0938	     ( 4  5) */		srax	%o5,16,%o0
+/* 0x093c	     ( 4  5) */		stx	%o0,[%sp+112]
+/* 0x0940	     ( 4  5) */		and	%o4,%o2,%g3
+/* 0x0944	     ( 5  6) */		srax	%o4,32,%o5
+/* 0x0948	     ( 5  8) */		fdtox	%f2,%f0
+/* 0x094c	     ( 5  6) */		std	%f0,[%sp+96]
+/* 0x0950	     ( 6  7) */		srax	%o7,32,%o4
+/* 0x0954	     ( 6  8) */		ldx	[%sp+112],%o7
+/* 0x0958	     ( 8  9) */		add	%o7,%o5,%o7
+/* 0x095c	     ( 9 11) */		ldx	[%sp+104],%o5
+/* 0x0960	     ( 9 10) */		add	%o4,%o7,%o4
+/* 0x0964	     (10 12) */		ldx	[%sp+96],%o0
+/* 0x0968	     (11 12) */		st	%g3,[%g5]
+/* 0x096c	     (11 12) */		or	%g0,%o5,%o7
+/* 0x0970	     (11 12) */		add	%g5,4,%g5
+/* 0x0974	     (12 13) */		or	%g0,%o0,%o5
+/* 0x0978	     (12 13) */		ble,a,pt	%icc,.L900000745	! tprob=0.86
+/* 0x097c	     (12 15) */		ldd	[%g2+16],%f0
+                                   .L77000236:		/* frequency 1.0 confidence 0.0 */
+/* 0x0980	     ( 0  1) */		sethi	%hi(0xfc00),%g2
+                                   .L900000746:		/* frequency 1.0 confidence 0.0 */
+/* 0x0984	     ( 0  1) */		or	%g0,-1,%o0
+/* 0x0988	     ( 0  1) */		add	%g2,1023,%g2
+/* 0x098c	     ( 0  3) */		ld	[%fp+88],%o1
+/* 0x0990	     ( 1  2) */		srl	%o0,0,%g3
+/* 0x0994	     ( 1  2) */		and	%o5,%g2,%g2
+/* 0x0998	     ( 2  3) */		and	%o7,%g3,%g4
+/* 0x099c	 281 ( 2  3) */		or	%g0,-1,%o5
+/* 0x09a0	 275 ( 3  4) */		sllx	%g2,16,%g2
+/* 0x09a4	     ( 3  4) */		add	%o4,%g4,%g4
+/* 0x09a8	     ( 4  5) */		add	%g4,%g2,%g2
+/* 0x09ac	     ( 5  6) */		sll	%i0,2,%g4
+/* 0x09b0	     ( 5  6) */		and	%g2,%g3,%g2
+/* 0x09b4	     ( 6  7) */		st	%g2,[%o3+%g4]
+/* 0x09b8	 281 ( 6  7) */		sll	%g1,2,%g2
+/* 0x09bc	     ( 7 10) */		ld	[%o3+%g2],%g2
+/* 0x09c0	     ( 9 10) */		cmp	%g2,0
+/* 0x09c4	     ( 9 10) */		bleu,pn	%icc,.L77000241	! tprob=0.50
+/* 0x09c8	     ( 9 10) */		or	%g0,%o1,%o2
+/* 0x09cc	     (10 11) */		ba	.L900000744	! tprob=1.00
+/* 0x09d0	     (10 11) */		cmp	%o5,0
+                                   .L77000241:		/* frequency 0.8 confidence 0.0 */
+/* 0x09d4	     ( 0  1) */		subcc	%g1,1,%o5
+/* 0x09d8	     ( 0  1) */		bneg,pt	%icc,.L900000744	! tprob=0.60
+/* 0x09dc	     ( 1  2) */		cmp	%o5,0
+/* 0x09e0	     ( 1  2) */		sll	%o5,2,%g2
+/* 0x09e4	     ( 2  3) */		add	%o1,%g2,%o0
+/* 0x09e8	     ( 2  3) */		add	%o3,%g2,%o4
+/* 0x09ec	     ( 3  6) */		ld	[%o0],%g2
+                                   .L900000743:		/* frequency 5.3 confidence 0.0 */
+/* 0x09f0	     ( 0  3) */		ld	[%o4],%g3
+/* 0x09f4	     ( 0  1) */		add	%o0,4,%o0
+/* 0x09f8	     ( 0  1) */		add	%o4,4,%o4
+/* 0x09fc	     ( 2  3) */		cmp	%g3,%g2
+/* 0x0a00	     ( 2  3) */		bne,pn	%icc,.L77000244	! tprob=0.16
+/* 0x0a04	     ( 2  3) */		nop
+/* 0x0a08	     ( 3  4) */		addcc	%o5,1,%o5
+/* 0x0a0c	     ( 3  4) */		bpos,a,pt	%icc,.L900000743	! tprob=0.84
+/* 0x0a10	     ( 3  6) */		ld	[%o0],%g2
+                                   .L77000244:		/* frequency 1.0 confidence 0.0 */
+/* 0x0a14	     ( 0  1) */		cmp	%o5,0
+                                   .L900000744:		/* frequency 1.0 confidence 0.0 */
+/* 0x0a18	     ( 0  1) */		bl,pn	%icc,.L77000287	! tprob=0.50
+/* 0x0a1c	     ( 0  1) */		sll	%o5,2,%g2
+/* 0x0a20	     ( 1  4) */		ld	[%o2+%g2],%g3
+/* 0x0a24	     ( 2  5) */		ld	[%o3+%g2],%g2
+/* 0x0a28	     ( 4  5) */		cmp	%g2,%g3
+/* 0x0a2c	     ( 4  5) */		bleu,pt	%icc,.L77000224	! tprob=0.56
+/* 0x0a30	     ( 4  5) */		nop
+                                   .L77000287:		/* frequency 0.8 confidence 0.0 */
+/* 0x0a34	     ( 0  1) */		cmp	%g1,0
+/* 0x0a38	     ( 0  1) */		ble,pt	%icc,.L77000224	! tprob=0.60
+/* 0x0a3c	     ( 0  1) */		nop
+/* 0x0a40	 281 ( 1  2) */		sub	%g1,1,%o7
+/* 0x0a44	     ( 1  2) */		or	%g0,-1,%g2
+/* 0x0a48	     ( 2  3) */		srl	%g2,0,%o4
+/* 0x0a4c	     ( 2  3) */		add	%o7,1,%o0
+/* 0x0a50	 279 ( 3  4) */		or	%g0,0,%o5
+/* 0x0a54	     ( 3  4) */		or	%g0,0,%g1
+/* 0x0a58	     ( 4  5) */		cmp	%o0,3
+/* 0x0a5c	     ( 4  5) */		bl,pn	%icc,.L77000288	! tprob=0.40
+/* 0x0a60	     ( 4  5) */		add	%o3,8,%o1
+/* 0x0a64	     ( 5  6) */		add	%o2,4,%o0
+/* 0x0a68	     ( 5  8) */		ld	[%o1-8],%g2
+/* 0x0a6c	   0 ( 5  6) */		or	%g0,%o1,%o3
+/* 0x0a70	 279 ( 6  9) */		ld	[%o0-4],%g3
+/* 0x0a74	   0 ( 6  7) */		or	%g0,%o0,%o2
+/* 0x0a78	 279 ( 6  7) */		or	%g0,2,%g1
+/* 0x0a7c	     ( 7 10) */		ld	[%o3-4],%o0
+/* 0x0a80	     ( 8  9) */		sub	%g2,%g3,%g2
+/* 0x0a84	     ( 9 10) */		or	%g0,%g2,%o5
+/* 0x0a88	     ( 9 10) */		and	%g2,%o4,%g2
+/* 0x0a8c	     ( 9 10) */		st	%g2,[%o3-8]
+/* 0x0a90	     (10 11) */		srax	%o5,32,%o5
+                                   .L900000734:		/* frequency 64.0 confidence 0.0 */
+/* 0x0a94	     (12 20) */		ld	[%o2],%g2
+/* 0x0a98	     (12 13) */		add	%g1,1,%g1
+/* 0x0a9c	     (12 13) */		add	%o2,4,%o2
+/* 0x0aa0	     (13 13) */		cmp	%g1,%o7
+/* 0x0aa4	     (13 14) */		add	%o3,4,%o3
+/* 0x0aa8	     (14 14) */		sub	%o0,%g2,%o0
+/* 0x0aac	     (15 15) */		add	%o0,%o5,%o5
+/* 0x0ab0	     (16 17) */		and	%o5,%o4,%g2
+/* 0x0ab4	     (16 24) */		ld	[%o3-4],%o0
+/* 0x0ab8	     (17 18) */		st	%g2,[%o3-8]
+/* 0x0abc	     (17 18) */		ble,pt	%icc,.L900000734	! tprob=0.50
+/* 0x0ac0	     (17 18) */		srax	%o5,32,%o5
+                                   .L900000737:		/* frequency 8.0 confidence 0.0 */
+/* 0x0ac4	     ( 0  3) */		ld	[%o2],%o1
+/* 0x0ac8	     ( 2  3) */		sub	%o0,%o1,%o0
+/* 0x0acc	     ( 3  4) */		add	%o0,%o5,%o0
+/* 0x0ad0	     ( 4  5) */		and	%o0,%o4,%o1
+/* 0x0ad4	     ( 4  5) */		st	%o1,[%o3-4]
+/* 0x0ad8	     ( 5  7) */		ret	! Result = 
+/* 0x0adc	     ( 7  8) */		restore	%g0,%g0,%g0
+                                   .L77000288:		/* frequency 0.6 confidence 0.0 */
+/* 0x0ae0	     ( 0  3) */		ld	[%o3],%o0
+                                   .L900000742:		/* frequency 5.3 confidence 0.0 */
+/* 0x0ae4	     ( 0  3) */		ld	[%o2],%o1
+/* 0x0ae8	     ( 0  1) */		add	%o5,%o0,%o0
+/* 0x0aec	     ( 0  1) */		add	%g1,1,%g1
+/* 0x0af0	     ( 1  2) */		add	%o2,4,%o2
+/* 0x0af4	     ( 1  2) */		cmp	%g1,%o7
+/* 0x0af8	     ( 2  3) */		sub	%o0,%o1,%o0
+/* 0x0afc	     ( 3  4) */		and	%o0,%o4,%o1
+/* 0x0b00	     ( 3  4) */		st	%o1,[%o3]
+/* 0x0b04	     ( 3  4) */		add	%o3,4,%o3
+/* 0x0b08	     ( 4  5) */		srax	%o0,32,%o5
+/* 0x0b0c	     ( 4  5) */		ble,a,pt	%icc,.L900000742	! tprob=0.84
+/* 0x0b10	     ( 4  7) */		ld	[%o3],%o0
+                                   .L77000224:		/* frequency 1.0 confidence 0.0 */
+/* 0x0b14	     ( 0  2) */		ret	! Result = 
+/* 0x0b18	     ( 2  3) */		restore	%g0,%g0,%g0
+/* 0x0b1c	   0 ( 0  0) */		.type	mont_mulf_noconv,2
+/* 0x0b1c	     ( 0  0) */		.size	mont_mulf_noconv,(.-mont_mulf_noconv)
+
diff --git a/nss/lib/freebl/mpi/montmulfv8.il b/nss/lib/freebl/mpi/montmulfv8.il
new file mode 100644
index 0000000..4952d0f
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulfv8.il
@@ -0,0 +1,108 @@
+!  
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+!
+! double upper32(double /*frs1*/);
+!
+        .inline upper32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+
+	fdtox	%f10,%f10
+	fitod	%f10,%f0
+        .end
+
+!
+! double lower32(double /*frs1*/, double /* Zero */);
+!
+        .inline lower32,8
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f10
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f12
+
+	fdtox	%f10,%f10
+	fmovs	%f12,%f10
+	fxtod	%f10,%f0
+        .end
+
+!
+! double mod(double /*x*/, double /*1/m*/, double /*m*/);
+!
+        .inline mod,12
+        std     %o0,[%sp+0x48]
+        ldd     [%sp+0x48],%f2
+        std     %o2,[%sp+0x48]
+        ldd     [%sp+0x48],%f4
+        std     %o4,[%sp+0x48]
+        ldd     [%sp+0x48],%f6
+
+	fmuld	%f2,%f4,%f4
+	fdtox	%f4,%f4
+	fxtod	%f4,%f4
+	fmuld	%f4,%f6,%f4
+	fsubd	%f2,%f4,%f0
+        .end
+
+
+!
+! void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!			    double * /* 0 */,
+!			    double * /*result16*/, double * /* result32 */
+!			    float *  /*source - should be unsigned int*
+!		            	       converted to float* */);
+!
+        .inline i16_to_d16_and_d32x4,24
+        ldd     [%o0],%f2  ! 1/(2^16)
+        ldd     [%o1],%f4  ! 2^16
+	ldd	[%o2],%f22
+
+	fmovd	%f22,%f6
+	ld	[%o5],%f7
+	fmovd	%f22,%f10
+	ld	[%o5+4],%f11
+	fmovd	%f22,%f14
+	ld	[%o5+8],%f15
+	fmovd	%f22,%f18
+	ld	[%o5+12],%f19
+	fxtod	%f6,%f6
+	std	%f6,[%o4]
+	fxtod	%f10,%f10
+	std	%f10,[%o4+8]
+	fxtod	%f14,%f14
+	std	%f14,[%o4+16]
+	fxtod	%f18,%f18
+	std	%f18,[%o4+24]
+	fmuld	%f2,%f6,%f8
+	fmuld	%f2,%f10,%f12
+	fmuld	%f2,%f14,%f16
+	fmuld	%f2,%f18,%f20
+	fdtox	%f8,%f8
+	fdtox	%f12,%f12
+	fdtox	%f16,%f16
+	fdtox	%f20,%f20
+	fxtod	%f8,%f8
+	std	%f8,[%o3+8]
+	fxtod	%f12,%f12
+	std	%f12,[%o3+24]
+	fxtod	%f16,%f16
+	std	%f16,[%o3+40]
+	fxtod	%f20,%f20
+	std	%f20,[%o3+56]
+	fmuld	%f8,%f4,%f8
+	fmuld	%f12,%f4,%f12
+	fmuld	%f16,%f4,%f16
+	fmuld	%f20,%f4,%f20
+	fsubd	%f6,%f8,%f8
+	std	%f8,[%o3]
+	fsubd	%f10,%f12,%f12
+	std	%f12,[%o3+16]
+	fsubd	%f14,%f16,%f16
+	std	%f16,[%o3+32]
+	fsubd	%f18,%f20,%f20
+	std	%f20,[%o3+48]
+        .end
+
+
diff --git a/nss/lib/freebl/mpi/montmulfv8.s b/nss/lib/freebl/mpi/montmulfv8.s
new file mode 100644
index 0000000..ca73888
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulfv8.s
@@ -0,0 +1,1818 @@
+!  
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.section	".text",#alloc,#execinstr
+	.file	"montmulf.c"
+
+	.section	".rodata",#alloc
+	.global	TwoTo16
+	.align	8
+!
+! CONSTANT POOL
+!
+	.global TwoTo16
+TwoTo16:
+	.word	1089470464
+	.word	0
+	.type	TwoTo16,#object
+	.size	TwoTo16,8
+	.global	TwoToMinus16
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus16
+TwoToMinus16:
+	.word	1055916032
+	.word	0
+	.type	TwoToMinus16,#object
+	.size	TwoToMinus16,8
+	.global	Zero
+!
+! CONSTANT POOL
+!
+	.global Zero
+Zero:
+	.word	0
+	.word	0
+	.type	Zero,#object
+	.size	Zero,8
+	.global	TwoTo32
+!
+! CONSTANT POOL
+!
+	.global TwoTo32
+TwoTo32:
+	.word	1106247680
+	.word	0
+	.type	TwoTo32,#object
+	.size	TwoTo32,8
+	.global	TwoToMinus32
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus32
+TwoToMinus32:
+	.word	1039138816
+	.word	0
+	.type	TwoToMinus32,#object
+	.size	TwoToMinus32,8
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	4
+!
+! SUBROUTINE conv_d16_to_i32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_d16_to_i32
+                       conv_d16_to_i32:
+/* 000000	     */		save	%sp,-128,%sp
+! FILE montmulf.c
+
+!   36		      !#define RF_INLINE_MACROS
+!   38		      !static const double TwoTo16=65536.0;
+!   39		      !static const double TwoToMinus16=1.0/65536.0;
+!   40		      !static const double Zero=0.0;
+!   41		      !static const double TwoTo32=65536.0*65536.0;
+!   42		      !static const double TwoToMinus32=1.0/(65536.0*65536.0);
+!   44		      !#ifdef RF_INLINE_MACROS
+!   46		      !double upper32(double);
+!   47		      !double lower32(double, double);
+!   48		      !double mod(double, double, double);
+!   50		      !void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/, 
+!   51		      !			  const double * /* 2^16*/,
+!   52		      !			  const double * /* 0 */,
+!   53		      !			  double *       /*result16*/, 
+!   54		      !			  double *       /* result32 */,
+!   55		      !			  float *  /*source - should be unsigned int*
+!   56		      !		          	       converted to float* */);
+!   58		      !#else
+!   60		      !static double upper32(double x)
+!   61		      !{
+!   62		      !  return floor(x*TwoToMinus32);
+!   63		      !}
+!   65		      !static double lower32(double x, double y)
+!   66		      !{
+!   67		      !  return x-TwoTo32*floor(x*TwoToMinus32);
+!   68		      !}
+!   70		      !static double mod(double x, double oneoverm, double m)
+!   71		      !{
+!   72		      !  return x-m*floor(x*oneoverm);
+!   73		      !}
+!   75		      !#endif
+!   78		      !static void cleanup(double *dt, int from, int tlen)
+!   79		      !{
+!   80		      ! int i;
+!   81		      ! double tmp,tmp1,x,x1;
+!   83		      ! tmp=tmp1=Zero;
+!   84		      ! /* original code **
+!   85		      ! for(i=2*from;i<2*tlen-2;i++)
+!   86		      !   {
+!   87		      !     x=dt[i];
+!   88		      !     dt[i]=lower32(x,Zero)+tmp1;
+!   89		      !     tmp1=tmp;
+!   90		      !     tmp=upper32(x);
+!   91		      !   }
+!   92		      ! dt[tlen-2]+=tmp1;
+!   93		      ! dt[tlen-1]+=tmp;
+!   94		      ! **end original code ***/
+!   95		      ! /* new code ***/
+!   96		      ! for(i=2*from;i<2*tlen;i+=2)
+!   97		      !   {
+!   98		      !     x=dt[i];
+!   99		      !     x1=dt[i+1];
+!  100		      !     dt[i]=lower32(x,Zero)+tmp;
+!  101		      !     dt[i+1]=lower32(x1,Zero)+tmp1;
+!  102		      !     tmp=upper32(x);
+!  103		      !     tmp1=upper32(x1);
+!  104		      !   }
+!  105		      !  /** end new code **/
+!  106		      !}
+!  109		      !void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+!  110		      !{
+!  111		      !int i;
+!  112		      !long long t, t1, a, b, c, d;
+!  114		      ! t1=0;
+!  115		      ! a=(long long)d16[0];
+
+/* 0x0004	 115 */		ldd	[%i1],%f0
+/* 0x0008	 110 */		or	%g0,%i1,%o0
+
+!  116		      ! b=(long long)d16[1];
+!  117		      ! for(i=0; i<ilen-1; i++)
+
+/* 0x000c	 117 */		sub	%i3,1,%g2
+/* 0x0010	     */		cmp	%g2,0
+/* 0x0014	 114 */		or	%g0,0,%o4
+/* 0x0018	 115 */		fdtox	%f0,%f0
+/* 0x001c	     */		std	%f0,[%sp+120]
+/* 0x0020	 117 */		or	%g0,0,%o7
+/* 0x0024	 110 */		or	%g0,%i3,%o1
+/* 0x0028	     */		sub	%i3,2,%o2
+/* 0x002c	 116 */		ldd	[%o0+8],%f0
+/* 0x0030	 110 */		sethi	%hi(0xfc00),%o1
+/* 0x0034	     */		add	%o2,1,%g3
+/* 0x0038	     */		add	%o1,1023,%o1
+/* 0x003c	     */		or	%g0,%i0,%o5
+/* 0x0040	 116 */		fdtox	%f0,%f0
+/* 0x0044	     */		std	%f0,[%sp+112]
+/* 0x0048	     */		ldx	[%sp+112],%g1
+/* 0x004c	 115 */		ldx	[%sp+120],%g4
+/* 0x0050	 117 */		ble,pt	%icc,.L900000117
+/* 0x0054	     */		sethi	%hi(0xfc00),%g2
+/* 0x0058	 110 */		or	%g0,-1,%g2
+/* 0x005c	 117 */		cmp	%g3,3
+/* 0x0060	 110 */		srl	%g2,0,%o3
+/* 0x0064	 117 */		bl,pn	%icc,.L77000134
+/* 0x0068	     */		or	%g0,%o0,%g2
+
+!  118		      !   {
+!  119		      !     c=(long long)d16[2*i+2];
+
+/* 0x006c	 119 */		ldd	[%o0+16],%f0
+
+!  120		      !     t1+=a&0xffffffff;
+!  121		      !     t=(a>>32);
+!  122		      !     d=(long long)d16[2*i+3];
+!  123		      !     t1+=(b&0xffff)<<16;
+!  124		      !     t+=(b>>16)+(t1>>32);
+!  125		      !     i32[i]=t1&0xffffffff;
+!  126		      !     t1=t;
+!  127		      !     a=c;
+!  128		      !     b=d;
+
+/* 0x0070	 128 */		add	%o0,16,%g2
+/* 0x0074	 123 */		and	%g1,%o1,%o0
+/* 0x0078	     */		sllx	%o0,16,%g3
+/* 0x007c	 120 */		and	%g4,%o3,%o0
+/* 0x0080	 117 */		add	%o0,%g3,%o4
+/* 0x0084	 119 */		fdtox	%f0,%f0
+/* 0x0088	     */		std	%f0,[%sp+104]
+/* 0x008c	 125 */		and	%o4,%o3,%g5
+/* 0x0090	 122 */		ldd	[%g2+8],%f2
+/* 0x0094	 128 */		add	%o5,4,%o5
+/* 0x0098	 124 */		srax	%o4,32,%o4
+/* 0x009c	     */		stx	%o4,[%sp+112]
+/* 0x00a0	 122 */		fdtox	%f2,%f0
+/* 0x00a4	     */		std	%f0,[%sp+96]
+/* 0x00a8	 124 */		srax	%g1,16,%o0
+/* 0x00ac	     */		ldx	[%sp+112],%o7
+/* 0x00b0	 121 */		srax	%g4,32,%o4
+/* 0x00b4	 124 */		add	%o0,%o7,%g4
+/* 0x00b8	 128 */		or	%g0,1,%o7
+/* 0x00bc	 119 */		ldx	[%sp+104],%g3
+/* 0x00c0	 124 */		add	%o4,%g4,%o4
+/* 0x00c4	 122 */		ldx	[%sp+96],%g1
+/* 0x00c8	 125 */		st	%g5,[%o5-4]
+/* 0x00cc	 127 */		or	%g0,%g3,%g4
+                       .L900000112:
+/* 0x00d0	 119 */		ldd	[%g2+16],%f0
+/* 0x00d4	 128 */		add	%o7,1,%o7
+/* 0x00d8	     */		add	%o5,4,%o5
+/* 0x00dc	     */		cmp	%o7,%o2
+/* 0x00e0	     */		add	%g2,16,%g2
+/* 0x00e4	 119 */		fdtox	%f0,%f0
+/* 0x00e8	     */		std	%f0,[%sp+104]
+/* 0x00ec	 122 */		ldd	[%g2+8],%f0
+/* 0x00f0	     */		fdtox	%f0,%f0
+/* 0x00f4	     */		std	%f0,[%sp+96]
+/* 0x00f8	 123 */		and	%g1,%o1,%g3
+/* 0x00fc	     */		sllx	%g3,16,%g5
+/* 0x0100	 120 */		and	%g4,%o3,%g3
+/* 0x0104	 117 */		add	%g3,%g5,%g3
+/* 0x0108	 124 */		srax	%g1,16,%g1
+/* 0x010c	 117 */		add	%g3,%o4,%g3
+/* 0x0110	 124 */		srax	%g3,32,%o4
+/* 0x0114	     */		stx	%o4,[%sp+112]
+/* 0x0118	 119 */		ldx	[%sp+104],%g5
+/* 0x011c	 121 */		srax	%g4,32,%o4
+/* 0x0120	 124 */		ldx	[%sp+112],%g4
+/* 0x0124	     */		add	%g1,%g4,%g4
+/* 0x0128	 122 */		ldx	[%sp+96],%g1
+/* 0x012c	 124 */		add	%o4,%g4,%o4
+/* 0x0130	 125 */		and	%g3,%o3,%g3
+/* 0x0134	 127 */		or	%g0,%g5,%g4
+/* 0x0138	 128 */		ble,pt	%icc,.L900000112
+/* 0x013c	     */		st	%g3,[%o5-4]
+                       .L900000115:
+/* 0x0140	 128 */		ba	.L900000117
+/* 0x0144	     */		sethi	%hi(0xfc00),%g2
+                       .L77000134:
+/* 0x0148	 119 */		ldd	[%g2+16],%f0
+                       .L900000116:
+/* 0x014c	 120 */		and	%g4,%o3,%o0
+/* 0x0150	 123 */		and	%g1,%o1,%g3
+/* 0x0154	 119 */		fdtox	%f0,%f0
+/* 0x0158	 120 */		add	%o4,%o0,%o0
+/* 0x015c	 119 */		std	%f0,[%sp+104]
+/* 0x0160	 128 */		add	%o7,1,%o7
+/* 0x0164	 123 */		sllx	%g3,16,%o4
+/* 0x0168	 122 */		ldd	[%g2+24],%f2
+/* 0x016c	 128 */		add	%g2,16,%g2
+/* 0x0170	 123 */		add	%o0,%o4,%o0
+/* 0x0174	 128 */		cmp	%o7,%o2
+/* 0x0178	 125 */		and	%o0,%o3,%g3
+/* 0x017c	 122 */		fdtox	%f2,%f0
+/* 0x0180	     */		std	%f0,[%sp+96]
+/* 0x0184	 124 */		srax	%o0,32,%o0
+/* 0x0188	     */		stx	%o0,[%sp+112]
+/* 0x018c	 121 */		srax	%g4,32,%o4
+/* 0x0190	 122 */		ldx	[%sp+96],%o0
+/* 0x0194	 124 */		srax	%g1,16,%g5
+/* 0x0198	     */		ldx	[%sp+112],%g4
+/* 0x019c	 119 */		ldx	[%sp+104],%g1
+/* 0x01a0	 125 */		st	%g3,[%o5]
+/* 0x01a4	 124 */		add	%g5,%g4,%g4
+/* 0x01a8	 128 */		add	%o5,4,%o5
+/* 0x01ac	 124 */		add	%o4,%g4,%o4
+/* 0x01b0	 127 */		or	%g0,%g1,%g4
+/* 0x01b4	 128 */		or	%g0,%o0,%g1
+/* 0x01b8	     */		ble,a,pt	%icc,.L900000116
+/* 0x01bc	     */		ldd	[%g2+16],%f0
+                       .L77000127:
+
+!  129		      !   }
+!  130		      !     t1+=a&0xffffffff;
+!  131		      !     t=(a>>32);
+!  132		      !     t1+=(b&0xffff)<<16;
+!  133		      !     i32[i]=t1&0xffffffff;
+
+/* 0x01c0	 133 */		sethi	%hi(0xfc00),%g2
+                       .L900000117:
+/* 0x01c4	 133 */		or	%g0,-1,%g3
+/* 0x01c8	     */		add	%g2,1023,%g2
+/* 0x01cc	     */		srl	%g3,0,%g3
+/* 0x01d0	     */		and	%g1,%g2,%g2
+/* 0x01d4	     */		and	%g4,%g3,%g4
+/* 0x01d8	     */		sllx	%g2,16,%g2
+/* 0x01dc	     */		add	%o4,%g4,%g4
+/* 0x01e0	     */		add	%g4,%g2,%g2
+/* 0x01e4	     */		sll	%o7,2,%g4
+/* 0x01e8	     */		and	%g2,%g3,%g2
+/* 0x01ec	     */		st	%g2,[%i0+%g4]
+/* 0x01f0	     */		ret	! Result = 
+/* 0x01f4	     */		restore	%g0,%g0,%g0
+/* 0x01f8	   0 */		.type	conv_d16_to_i32,2
+/* 0x01f8	     */		.size	conv_d16_to_i32,(.-conv_d16_to_i32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000201:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	4
+/* 0x0008	     */		.skip	16
+!
+! SUBROUTINE conv_i32_to_d32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32
+                       conv_i32_to_d32:
+/* 000000	     */		or	%g0,%o7,%g2
+
+!  135		      !}
+!  137		      !void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+!  138		      !{
+!  139		      !int i;
+!  141		      !#pragma pipeloop(0)
+!  142		      ! for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+
+/* 0x0004	 142 */		cmp	%o2,0
+                       .L900000210:
+/* 0x0008	     */		call	.+8
+/* 0x000c	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0010	 142 */		or	%g0,0,%o5
+/* 0x0014	 138 */		add	%g4,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0018	     */		or	%g0,%o0,%g5
+/* 0x001c	     */		add	%g4,%o7,%g1
+/* 0x0020	 142 */		ble,pt	%icc,.L77000140
+/* 0x0024	     */		or	%g0,%g2,%o7
+/* 0x0028	     */		sethi	%hi(.L_const_seg_900000201),%g2
+/* 0x002c	 138 */		or	%g0,%o1,%g4
+/* 0x0030	 142 */		add	%g2,%lo(.L_const_seg_900000201),%g2
+/* 0x0034	     */		sub	%o2,1,%g3
+/* 0x0038	     */		ld	[%g1+%g2],%g2
+/* 0x003c	     */		cmp	%o2,9
+/* 0x0040	     */		bl,pn	%icc,.L77000144
+/* 0x0044	     */		ldd	[%g2],%f8
+/* 0x0048	     */		add	%o1,16,%g4
+/* 0x004c	     */		sub	%o2,5,%g1
+/* 0x0050	     */		ld	[%o1],%f7
+/* 0x0054	     */		or	%g0,4,%o5
+/* 0x0058	     */		ld	[%o1+4],%f5
+/* 0x005c	     */		ld	[%o1+8],%f3
+/* 0x0060	     */		fmovs	%f8,%f6
+/* 0x0064	     */		ld	[%o1+12],%f1
+                       .L900000205:
+/* 0x0068	     */		ld	[%g4],%f11
+/* 0x006c	     */		add	%o5,5,%o5
+/* 0x0070	     */		add	%g4,20,%g4
+/* 0x0074	     */		fsubd	%f6,%f8,%f6
+/* 0x0078	     */		std	%f6,[%g5]
+/* 0x007c	     */		cmp	%o5,%g1
+/* 0x0080	     */		add	%g5,40,%g5
+/* 0x0084	     */		fmovs	%f8,%f4
+/* 0x0088	     */		ld	[%g4-16],%f7
+/* 0x008c	     */		fsubd	%f4,%f8,%f12
+/* 0x0090	     */		fmovs	%f8,%f2
+/* 0x0094	     */		std	%f12,[%g5-32]
+/* 0x0098	     */		ld	[%g4-12],%f5
+/* 0x009c	     */		fsubd	%f2,%f8,%f12
+/* 0x00a0	     */		fmovs	%f8,%f0
+/* 0x00a4	     */		std	%f12,[%g5-24]
+/* 0x00a8	     */		ld	[%g4-8],%f3
+/* 0x00ac	     */		fsubd	%f0,%f8,%f12
+/* 0x00b0	     */		fmovs	%f8,%f10
+/* 0x00b4	     */		std	%f12,[%g5-16]
+/* 0x00b8	     */		ld	[%g4-4],%f1
+/* 0x00bc	     */		fsubd	%f10,%f8,%f10
+/* 0x00c0	     */		fmovs	%f8,%f6
+/* 0x00c4	     */		ble,pt	%icc,.L900000205
+/* 0x00c8	     */		std	%f10,[%g5-8]
+                       .L900000208:
+/* 0x00cc	     */		fmovs	%f8,%f4
+/* 0x00d0	     */		add	%g5,32,%g5
+/* 0x00d4	     */		cmp	%o5,%g3
+/* 0x00d8	     */		fmovs	%f8,%f2
+/* 0x00dc	     */		fmovs	%f8,%f0
+/* 0x00e0	     */		fsubd	%f6,%f8,%f6
+/* 0x00e4	     */		std	%f6,[%g5-32]
+/* 0x00e8	     */		fsubd	%f4,%f8,%f4
+/* 0x00ec	     */		std	%f4,[%g5-24]
+/* 0x00f0	     */		fsubd	%f2,%f8,%f2
+/* 0x00f4	     */		std	%f2,[%g5-16]
+/* 0x00f8	     */		fsubd	%f0,%f8,%f0
+/* 0x00fc	     */		bg,pn	%icc,.L77000140
+/* 0x0100	     */		std	%f0,[%g5-8]
+                       .L77000144:
+/* 0x0104	     */		ld	[%g4],%f1
+                       .L900000211:
+/* 0x0108	     */		ldd	[%g2],%f8
+/* 0x010c	     */		add	%o5,1,%o5
+/* 0x0110	     */		add	%g4,4,%g4
+/* 0x0114	     */		cmp	%o5,%g3
+/* 0x0118	     */		fmovs	%f8,%f0
+/* 0x011c	     */		fsubd	%f0,%f8,%f0
+/* 0x0120	     */		std	%f0,[%g5]
+/* 0x0124	     */		add	%g5,8,%g5
+/* 0x0128	     */		ble,a,pt	%icc,.L900000211
+/* 0x012c	     */		ld	[%g4],%f1
+                       .L77000140:
+/* 0x0130	     */		retl	! Result = 
+/* 0x0134	     */		nop
+/* 0x0138	   0 */		.type	conv_i32_to_d32,2
+/* 0x0138	     */		.size	conv_i32_to_d32,(.-conv_i32_to_d32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000301:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	4
+!
+! SUBROUTINE conv_i32_to_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d16
+                       conv_i32_to_d16:
+/* 000000	     */		save	%sp,-104,%sp
+/* 0x0004	     */		or	%g0,%i2,%o0
+
+!  143		      !}
+!  146		      !void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+!  147		      !{
+!  148		      !int i;
+!  149		      !unsigned int a;
+!  151		      !#pragma pipeloop(0)
+!  152		      ! for(i=0;i<len;i++)
+!  153		      !   {
+!  154		      !     a=i32[i];
+!  155		      !     d16[2*i]=(double)(a&0xffff);
+!  156		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0008	 156 */		sethi	%hi(.L_const_seg_900000301),%g2
+                       .L900000310:
+/* 0x000c	     */		call	.+8
+/* 0x0010	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+/* 0x0014	 152 */		cmp	%o0,0
+/* 0x0018	 147 */		add	%g3,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+/* 0x001c	 152 */		ble,pt	%icc,.L77000150
+/* 0x0020	     */		add	%g3,%o7,%o2
+/* 0x0024	     */		sub	%i2,1,%o5
+/* 0x0028	 156 */		add	%g2,%lo(.L_const_seg_900000301),%o1
+/* 0x002c	 152 */		sethi	%hi(0xfc00),%o0
+/* 0x0030	     */		ld	[%o2+%o1],%o3
+/* 0x0034	     */		add	%o5,1,%g2
+/* 0x0038	     */		or	%g0,0,%g1
+/* 0x003c	     */		cmp	%g2,3
+/* 0x0040	     */		or	%g0,%i1,%o7
+/* 0x0044	     */		add	%o0,1023,%o4
+/* 0x0048	     */		or	%g0,%i0,%g3
+/* 0x004c	     */		bl,pn	%icc,.L77000154
+/* 0x0050	     */		add	%o7,4,%o0
+/* 0x0054	 155 */		ldd	[%o3],%f0
+/* 0x0058	 156 */		or	%g0,1,%g1
+/* 0x005c	 154 */		ld	[%o0-4],%o1
+/* 0x0060	   0 */		or	%g0,%o0,%o7
+/* 0x0064	 155 */		and	%o1,%o4,%o0
+                       .L900000306:
+/* 0x0068	 155 */		st	%o0,[%sp+96]
+/* 0x006c	 156 */		add	%g1,1,%g1
+/* 0x0070	     */		add	%g3,16,%g3
+/* 0x0074	     */		cmp	%g1,%o5
+/* 0x0078	     */		add	%o7,4,%o7
+/* 0x007c	 155 */		ld	[%sp+96],%f3
+/* 0x0080	     */		fmovs	%f0,%f2
+/* 0x0084	     */		fsubd	%f2,%f0,%f2
+/* 0x0088	 156 */		srl	%o1,16,%o0
+/* 0x008c	 155 */		std	%f2,[%g3-16]
+/* 0x0090	 156 */		st	%o0,[%sp+92]
+/* 0x0094	     */		ld	[%sp+92],%f3
+/* 0x0098	 154 */		ld	[%o7-4],%o1
+/* 0x009c	 156 */		fmovs	%f0,%f2
+/* 0x00a0	     */		fsubd	%f2,%f0,%f2
+/* 0x00a4	 155 */		and	%o1,%o4,%o0
+/* 0x00a8	 156 */		ble,pt	%icc,.L900000306
+/* 0x00ac	     */		std	%f2,[%g3-8]
+                       .L900000309:
+/* 0x00b0	 155 */		st	%o0,[%sp+96]
+/* 0x00b4	     */		fmovs	%f0,%f2
+/* 0x00b8	 156 */		add	%g3,16,%g3
+/* 0x00bc	     */		srl	%o1,16,%o0
+/* 0x00c0	 155 */		ld	[%sp+96],%f3
+/* 0x00c4	     */		fsubd	%f2,%f0,%f2
+/* 0x00c8	     */		std	%f2,[%g3-16]
+/* 0x00cc	 156 */		st	%o0,[%sp+92]
+/* 0x00d0	     */		fmovs	%f0,%f2
+/* 0x00d4	     */		ld	[%sp+92],%f3
+/* 0x00d8	     */		fsubd	%f2,%f0,%f0
+/* 0x00dc	     */		std	%f0,[%g3-8]
+/* 0x00e0	     */		ret	! Result = 
+/* 0x00e4	     */		restore	%g0,%g0,%g0
+                       .L77000154:
+/* 0x00e8	 154 */		ld	[%o7],%o0
+                       .L900000311:
+/* 0x00ec	 155 */		and	%o0,%o4,%o1
+/* 0x00f0	     */		st	%o1,[%sp+96]
+/* 0x00f4	 156 */		add	%g1,1,%g1
+/* 0x00f8	 155 */		ldd	[%o3],%f0
+/* 0x00fc	 156 */		srl	%o0,16,%o0
+/* 0x0100	     */		add	%o7,4,%o7
+/* 0x0104	     */		cmp	%g1,%o5
+/* 0x0108	 155 */		fmovs	%f0,%f2
+/* 0x010c	     */		ld	[%sp+96],%f3
+/* 0x0110	     */		fsubd	%f2,%f0,%f2
+/* 0x0114	     */		std	%f2,[%g3]
+/* 0x0118	 156 */		st	%o0,[%sp+92]
+/* 0x011c	     */		fmovs	%f0,%f2
+/* 0x0120	     */		ld	[%sp+92],%f3
+/* 0x0124	     */		fsubd	%f2,%f0,%f0
+/* 0x0128	     */		std	%f0,[%g3+8]
+/* 0x012c	     */		add	%g3,16,%g3
+/* 0x0130	     */		ble,a,pt	%icc,.L900000311
+/* 0x0134	     */		ld	[%o7],%o0
+                       .L77000150:
+/* 0x0138	     */		ret	! Result = 
+/* 0x013c	     */		restore	%g0,%g0,%g0
+/* 0x0140	   0 */		.type	conv_i32_to_d16,2
+/* 0x0140	     */		.size	conv_i32_to_d16,(.-conv_i32_to_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000401:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	4
+/* 0x0008	     */		.skip	16
+!
+! SUBROUTINE conv_i32_to_d32_and_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32_and_d16
+                       conv_i32_to_d32_and_d16:
+/* 000000	     */		save	%sp,-120,%sp
+                       .L900000415:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g4
+
+!  157		      !   }
+!  158		      !}
+!  161		      !void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+!  162		      !			     unsigned int *i32, int len)
+!  163		      !{
+!  164		      !int i = 0;
+!  165		      !unsigned int a;
+!  167		      !#pragma pipeloop(0)
+!  168		      !#ifdef RF_INLINE_MACROS
+!  169		      ! for(;i<len-3;i+=4)
+
+/* 0x000c	 169 */		sub	%i3,3,%g2
+/* 0x0010	     */		cmp	%g2,0
+/* 0x0014	 163 */		add	%g4,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g4
+
+!  170		      !   {
+!  171		      !     i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+!  172		      !			  &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
+
+/* 0x0018	 172 */		sethi	%hi(Zero),%g2
+/* 0x001c	 163 */		add	%g4,%o7,%o4
+/* 0x0020	 172 */		add	%g2,%lo(Zero),%g2
+/* 0x0024	     */		sethi	%hi(TwoToMinus16),%g3
+/* 0x0028	     */		ld	[%o4+%g2],%o1
+/* 0x002c	     */		sethi	%hi(TwoTo16),%g4
+/* 0x0030	     */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x0034	     */		ld	[%o4+%g2],%o3
+/* 0x0038	 164 */		or	%g0,0,%g5
+/* 0x003c	 172 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0040	     */		ld	[%o4+%g3],%o2
+/* 0x0044	 163 */		or	%g0,%i0,%i4
+/* 0x0048	 169 */		or	%g0,%i2,%o7
+/* 0x004c	     */		ble,pt	%icc,.L900000418
+/* 0x0050	     */		cmp	%g5,%i3
+/* 0x0054	 172 */		stx	%o7,[%sp+104]
+/* 0x0058	 169 */		sub	%i3,4,%o5
+/* 0x005c	     */		or	%g0,0,%g4
+/* 0x0060	     */		or	%g0,0,%g1
+                       .L900000417:
+/* 0x0064	     */		ldd	[%o1],%f2
+/* 0x0068	 172 */		add	%i4,%g4,%g2
+/* 0x006c	     */		add	%i1,%g1,%g3
+/* 0x0070	     */		ldd	[%o3],%f0
+/* 0x0074	     */		add	%g5,4,%g5
+/* 0x0078	     */		fmovd	%f2,%f14
+/* 0x007c	     */		ld	[%o7],%f15
+/* 0x0080	     */		cmp	%g5,%o5
+/* 0x0084	     */		fmovd	%f2,%f10
+/* 0x0088	     */		ld	[%o7+4],%f11
+/* 0x008c	     */		add	%o7,16,%o7
+/* 0x0090	     */		ldx	[%sp+104],%o0
+/* 0x0094	     */		fmovd	%f2,%f6
+/* 0x0098	     */		stx	%o7,[%sp+112]
+/* 0x009c	     */		fxtod	%f14,%f14
+/* 0x00a0	     */		ld	[%o0+8],%f7
+/* 0x00a4	     */		fxtod	%f10,%f10
+/* 0x00a8	     */		ld	[%o0+12],%f3
+/* 0x00ac	     */		fxtod	%f6,%f6
+/* 0x00b0	     */		ldd	[%o2],%f16
+/* 0x00b4	     */		fmuld	%f0,%f14,%f12
+/* 0x00b8	     */		fxtod	%f2,%f2
+/* 0x00bc	     */		fmuld	%f0,%f10,%f8
+/* 0x00c0	     */		std	%f14,[%i4+%g4]
+/* 0x00c4	     */		ldx	[%sp+112],%o7
+/* 0x00c8	     */		add	%g4,32,%g4
+/* 0x00cc	     */		fmuld	%f0,%f6,%f4
+/* 0x00d0	     */		fdtox	%f12,%f12
+/* 0x00d4	     */		std	%f10,[%g2+8]
+/* 0x00d8	     */		fmuld	%f0,%f2,%f0
+/* 0x00dc	     */		fdtox	%f8,%f8
+/* 0x00e0	     */		std	%f6,[%g2+16]
+/* 0x00e4	     */		std	%f2,[%g2+24]
+/* 0x00e8	     */		fdtox	%f4,%f4
+/* 0x00ec	     */		fdtox	%f0,%f0
+/* 0x00f0	     */		fxtod	%f12,%f12
+/* 0x00f4	     */		std	%f12,[%g3+8]
+/* 0x00f8	     */		fxtod	%f8,%f8
+/* 0x00fc	     */		std	%f8,[%g3+24]
+/* 0x0100	     */		fxtod	%f4,%f4
+/* 0x0104	     */		std	%f4,[%g3+40]
+/* 0x0108	     */		fxtod	%f0,%f0
+/* 0x010c	     */		std	%f0,[%g3+56]
+/* 0x0110	     */		fmuld	%f12,%f16,%f12
+/* 0x0114	     */		fmuld	%f8,%f16,%f8
+/* 0x0118	     */		fmuld	%f4,%f16,%f4
+/* 0x011c	     */		fsubd	%f14,%f12,%f12
+/* 0x0120	     */		std	%f12,[%i1+%g1]
+/* 0x0124	     */		fmuld	%f0,%f16,%f0
+/* 0x0128	     */		fsubd	%f10,%f8,%f8
+/* 0x012c	     */		std	%f8,[%g3+16]
+/* 0x0130	     */		add	%g1,64,%g1
+/* 0x0134	     */		fsubd	%f6,%f4,%f4
+/* 0x0138	     */		std	%f4,[%g3+32]
+/* 0x013c	     */		fsubd	%f2,%f0,%f0
+/* 0x0140	     */		std	%f0,[%g3+48]
+/* 0x0144	     */		ble,a,pt	%icc,.L900000417
+/* 0x0148	     */		stx	%o7,[%sp+104]
+                       .L77000159:
+
+!  173		      !   }
+!  174		      !#endif
+!  175		      ! for(;i<len;i++)
+
+/* 0x014c	 175 */		cmp	%g5,%i3
+                       .L900000418:
+/* 0x0150	 175 */		bge,pt	%icc,.L77000164
+/* 0x0154	     */		nop
+
+!  176		      !   {
+!  177		      !     a=i32[i];
+!  178		      !     d32[i]=(double)(i32[i]);
+!  179		      !     d16[2*i]=(double)(a&0xffff);
+!  180		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0158	 180 */		sethi	%hi(.L_const_seg_900000401),%g2
+/* 0x015c	     */		add	%g2,%lo(.L_const_seg_900000401),%o1
+/* 0x0160	 175 */		sethi	%hi(0xfc00),%o0
+/* 0x0164	     */		ld	[%o4+%o1],%o2
+/* 0x0168	     */		sll	%g5,2,%o3
+/* 0x016c	     */		sub	%i3,%g5,%g3
+/* 0x0170	     */		sll	%g5,3,%g2
+/* 0x0174	     */		add	%o0,1023,%o4
+/* 0x0178	 178 */		ldd	[%o2],%f0
+/* 0x017c	     */		add	%i2,%o3,%o0
+/* 0x0180	 175 */		cmp	%g3,3
+/* 0x0184	     */		add	%i4,%g2,%o3
+/* 0x0188	     */		sub	%i3,1,%o1
+/* 0x018c	     */		sll	%g5,4,%g4
+/* 0x0190	     */		bl,pn	%icc,.L77000161
+/* 0x0194	     */		add	%i1,%g4,%o5
+/* 0x0198	 178 */		ld	[%o0],%f3
+/* 0x019c	 180 */		add	%o3,8,%o3
+/* 0x01a0	 177 */		ld	[%o0],%o7
+/* 0x01a4	 180 */		add	%o5,16,%o5
+/* 0x01a8	     */		add	%g5,1,%g5
+/* 0x01ac	 178 */		fmovs	%f0,%f2
+/* 0x01b0	 180 */		add	%o0,4,%o0
+/* 0x01b4	 179 */		and	%o7,%o4,%g1
+/* 0x01b8	 178 */		fsubd	%f2,%f0,%f2
+/* 0x01bc	     */		std	%f2,[%o3-8]
+/* 0x01c0	 180 */		srl	%o7,16,%o7
+/* 0x01c4	 179 */		st	%g1,[%sp+96]
+/* 0x01c8	     */		fmovs	%f0,%f2
+/* 0x01cc	     */		ld	[%sp+96],%f3
+/* 0x01d0	     */		fsubd	%f2,%f0,%f2
+/* 0x01d4	     */		std	%f2,[%o5-16]
+/* 0x01d8	 180 */		st	%o7,[%sp+92]
+/* 0x01dc	     */		fmovs	%f0,%f2
+/* 0x01e0	     */		ld	[%sp+92],%f3
+/* 0x01e4	     */		fsubd	%f2,%f0,%f2
+/* 0x01e8	     */		std	%f2,[%o5-8]
+                       .L900000411:
+/* 0x01ec	 178 */		ld	[%o0],%f3
+/* 0x01f0	 180 */		add	%g5,2,%g5
+/* 0x01f4	     */		add	%o5,32,%o5
+/* 0x01f8	 177 */		ld	[%o0],%o7
+/* 0x01fc	 180 */		cmp	%g5,%o1
+/* 0x0200	     */		add	%o3,16,%o3
+/* 0x0204	 178 */		fmovs	%f0,%f2
+/* 0x0208	     */		fsubd	%f2,%f0,%f2
+/* 0x020c	     */		std	%f2,[%o3-16]
+/* 0x0210	 179 */		and	%o7,%o4,%g1
+/* 0x0214	     */		st	%g1,[%sp+96]
+/* 0x0218	     */		ld	[%sp+96],%f3
+/* 0x021c	     */		fmovs	%f0,%f2
+/* 0x0220	     */		fsubd	%f2,%f0,%f2
+/* 0x0224	 180 */		srl	%o7,16,%o7
+/* 0x0228	 179 */		std	%f2,[%o5-32]
+/* 0x022c	 180 */		st	%o7,[%sp+92]
+/* 0x0230	     */		ld	[%sp+92],%f3
+/* 0x0234	     */		fmovs	%f0,%f2
+/* 0x0238	     */		fsubd	%f2,%f0,%f2
+/* 0x023c	     */		std	%f2,[%o5-24]
+/* 0x0240	     */		add	%o0,4,%o0
+/* 0x0244	 178 */		ld	[%o0],%f3
+/* 0x0248	 177 */		ld	[%o0],%o7
+/* 0x024c	 178 */		fmovs	%f0,%f2
+/* 0x0250	     */		fsubd	%f2,%f0,%f2
+/* 0x0254	     */		std	%f2,[%o3-8]
+/* 0x0258	 179 */		and	%o7,%o4,%g1
+/* 0x025c	     */		st	%g1,[%sp+96]
+/* 0x0260	     */		ld	[%sp+96],%f3
+/* 0x0264	     */		fmovs	%f0,%f2
+/* 0x0268	     */		fsubd	%f2,%f0,%f2
+/* 0x026c	 180 */		srl	%o7,16,%o7
+/* 0x0270	 179 */		std	%f2,[%o5-16]
+/* 0x0274	 180 */		st	%o7,[%sp+92]
+/* 0x0278	     */		ld	[%sp+92],%f3
+/* 0x027c	     */		fmovs	%f0,%f2
+/* 0x0280	     */		fsubd	%f2,%f0,%f2
+/* 0x0284	     */		std	%f2,[%o5-8]
+/* 0x0288	     */		bl,pt	%icc,.L900000411
+/* 0x028c	     */		add	%o0,4,%o0
+                       .L900000414:
+/* 0x0290	 180 */		cmp	%g5,%i3
+/* 0x0294	     */		bge,pn	%icc,.L77000164
+/* 0x0298	     */		nop
+                       .L77000161:
+/* 0x029c	 178 */		ld	[%o0],%f3
+                       .L900000416:
+/* 0x02a0	 178 */		ldd	[%o2],%f0
+/* 0x02a4	 180 */		add	%g5,1,%g5
+/* 0x02a8	 177 */		ld	[%o0],%o1
+/* 0x02ac	 180 */		add	%o0,4,%o0
+/* 0x02b0	     */		cmp	%g5,%i3
+/* 0x02b4	 178 */		fmovs	%f0,%f2
+/* 0x02b8	 179 */		and	%o1,%o4,%o7
+/* 0x02bc	 178 */		fsubd	%f2,%f0,%f2
+/* 0x02c0	     */		std	%f2,[%o3]
+/* 0x02c4	 180 */		srl	%o1,16,%o1
+/* 0x02c8	 179 */		st	%o7,[%sp+96]
+/* 0x02cc	 180 */		add	%o3,8,%o3
+/* 0x02d0	 179 */		fmovs	%f0,%f2
+/* 0x02d4	     */		ld	[%sp+96],%f3
+/* 0x02d8	     */		fsubd	%f2,%f0,%f2
+/* 0x02dc	     */		std	%f2,[%o5]
+/* 0x02e0	 180 */		st	%o1,[%sp+92]
+/* 0x02e4	     */		fmovs	%f0,%f2
+/* 0x02e8	     */		ld	[%sp+92],%f3
+/* 0x02ec	     */		fsubd	%f2,%f0,%f0
+/* 0x02f0	     */		std	%f0,[%o5+8]
+/* 0x02f4	     */		add	%o5,16,%o5
+/* 0x02f8	     */		bl,a,pt	%icc,.L900000416
+/* 0x02fc	     */		ld	[%o0],%f3
+                       .L77000164:
+/* 0x0300	     */		ret	! Result = 
+/* 0x0304	     */		restore	%g0,%g0,%g0
+/* 0x0308	   0 */		.type	conv_i32_to_d32_and_d16,2
+/* 0x0308	     */		.size	conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	4
+!
+! SUBROUTINE adjust_montf_result
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global adjust_montf_result
+                       adjust_montf_result:
+/* 000000	     */		or	%g0,%o2,%g5
+
+!  181		      !   }
+!  182		      !}
+!  185		      !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+!  186		      !{
+!  187		      !long long acc;
+!  188		      !int i;
+!  190		      ! if(i32[len]>0) i=-1;
+
+/* 0x0004	 190 */		or	%g0,-1,%g4
+/* 0x0008	     */		sll	%o2,2,%g1
+/* 0x000c	     */		ld	[%o0+%g1],%g1
+/* 0x0010	     */		cmp	%g1,0
+/* 0x0014	     */		bleu,pn	%icc,.L77000175
+/* 0x0018	     */		or	%g0,%o1,%o3
+/* 0x001c	     */		ba	.L900000511
+/* 0x0020	     */		cmp	%g4,0
+                       .L77000175:
+
+!  191		      ! else
+!  192		      !   {
+!  193		      !     for(i=len-1; i>=0; i--)
+
+/* 0x0024	 193 */		sub	%o2,1,%g4
+/* 0x0028	     */		sll	%g4,2,%g1
+/* 0x002c	     */		cmp	%g4,0
+/* 0x0030	     */		bl,pt	%icc,.L900000511
+/* 0x0034	     */		cmp	%g4,0
+/* 0x0038	     */		add	%o1,%g1,%g2
+
+!  194		      !       {
+!  195		      !	 if(i32[i]!=nint[i]) break;
+
+/* 0x003c	 195 */		ld	[%g2],%o5
+/* 0x0040	 193 */		add	%o0,%g1,%g3
+                       .L900000510:
+/* 0x0044	 195 */		ld	[%g3],%o2
+/* 0x0048	     */		sub	%g4,1,%g1
+/* 0x004c	     */		sub	%g2,4,%g2
+/* 0x0050	     */		sub	%g3,4,%g3
+/* 0x0054	     */		cmp	%o2,%o5
+/* 0x0058	     */		bne,pn	%icc,.L77000182
+/* 0x005c	     */		nop
+/* 0x0060	   0 */		or	%g0,%g1,%g4
+/* 0x0064	 195 */		cmp	%g1,0
+/* 0x0068	     */		bge,a,pt	%icc,.L900000510
+/* 0x006c	     */		ld	[%g2],%o5
+                       .L77000182:
+
+!  196		      !       }
+!  197		      !   }
+!  198		      ! if((i<0)||(i32[i]>nint[i]))
+
+/* 0x0070	 198 */		cmp	%g4,0
+                       .L900000511:
+/* 0x0074	 198 */		bl,pn	%icc,.L77000198
+/* 0x0078	     */		sll	%g4,2,%g2
+/* 0x007c	     */		ld	[%o1+%g2],%g1
+/* 0x0080	     */		ld	[%o0+%g2],%g2
+/* 0x0084	     */		cmp	%g2,%g1
+/* 0x0088	     */		bleu,pt	%icc,.L77000191
+/* 0x008c	     */		nop
+                       .L77000198:
+
+!  199		      !   {
+!  200		      !     acc=0;
+!  201		      !     for(i=0;i<len;i++)
+
+/* 0x0090	 201 */		cmp	%g5,0
+/* 0x0094	     */		ble,pt	%icc,.L77000191
+/* 0x0098	     */		nop
+/* 0x009c	     */		or	%g0,%g5,%g1
+/* 0x00a0	 198 */		or	%g0,-1,%g2
+/* 0x00a4	     */		srl	%g2,0,%g3
+/* 0x00a8	     */		sub	%g5,1,%g4
+/* 0x00ac	 200 */		or	%g0,0,%g5
+/* 0x00b0	 201 */		or	%g0,0,%o5
+/* 0x00b4	 198 */		or	%g0,%o0,%o4
+/* 0x00b8	     */		cmp	%g1,3
+/* 0x00bc	 201 */		bl,pn	%icc,.L77000199
+/* 0x00c0	     */		add	%o0,8,%g1
+/* 0x00c4	     */		add	%o1,4,%g2
+
+!  202		      !       {
+!  203		      !	 acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
+
+/* 0x00c8	 203 */		ld	[%o0],%o2
+/* 0x00cc	     */		ld	[%o1],%o1
+/* 0x00d0	   0 */		or	%g0,%g1,%o4
+/* 0x00d4	     */		or	%g0,%g2,%o3
+/* 0x00d8	 203 */		ld	[%o0+4],%g1
+
+!  204		      !	 i32[i]=acc&0xffffffff;
+!  205		      !	 acc=acc>>32;
+
+/* 0x00dc	 205 */		or	%g0,2,%o5
+/* 0x00e0	 201 */		sub	%o2,%o1,%o2
+/* 0x00e4	     */		or	%g0,%o2,%g5
+/* 0x00e8	 204 */		and	%o2,%g3,%o2
+/* 0x00ec	     */		st	%o2,[%o0]
+/* 0x00f0	 205 */		srax	%g5,32,%g5
+                       .L900000505:
+/* 0x00f4	 203 */		ld	[%o3],%o2
+/* 0x00f8	 205 */		add	%o5,1,%o5
+/* 0x00fc	     */		add	%o3,4,%o3
+/* 0x0100	     */		cmp	%o5,%g4
+/* 0x0104	     */		add	%o4,4,%o4
+/* 0x0108	 201 */		sub	%g1,%o2,%g1
+/* 0x010c	     */		add	%g1,%g5,%g5
+/* 0x0110	 204 */		and	%g5,%g3,%o2
+/* 0x0114	 203 */		ld	[%o4-4],%g1
+/* 0x0118	 204 */		st	%o2,[%o4-8]
+/* 0x011c	 205 */		ble,pt	%icc,.L900000505
+/* 0x0120	     */		srax	%g5,32,%g5
+                       .L900000508:
+/* 0x0124	 203 */		ld	[%o3],%g2
+/* 0x0128	 201 */		sub	%g1,%g2,%g1
+/* 0x012c	     */		add	%g1,%g5,%g1
+/* 0x0130	 204 */		and	%g1,%g3,%g2
+/* 0x0134	     */		retl	! Result = 
+/* 0x0138	     */		st	%g2,[%o4-4]
+                       .L77000199:
+/* 0x013c	 203 */		ld	[%o4],%g1
+                       .L900000509:
+/* 0x0140	 203 */		ld	[%o3],%g2
+/* 0x0144	     */		add	%g5,%g1,%g1
+/* 0x0148	 205 */		add	%o5,1,%o5
+/* 0x014c	     */		add	%o3,4,%o3
+/* 0x0150	     */		cmp	%o5,%g4
+/* 0x0154	 203 */		sub	%g1,%g2,%g1
+/* 0x0158	 204 */		and	%g1,%g3,%g2
+/* 0x015c	     */		st	%g2,[%o4]
+/* 0x0160	 205 */		add	%o4,4,%o4
+/* 0x0164	     */		srax	%g1,32,%g5
+/* 0x0168	     */		ble,a,pt	%icc,.L900000509
+/* 0x016c	     */		ld	[%o4],%g1
+                       .L77000191:
+/* 0x0170	     */		retl	! Result = 
+/* 0x0174	     */		nop
+/* 0x0178	   0 */		.type	adjust_montf_result,2
+/* 0x0178	     */		.size	adjust_montf_result,(.-adjust_montf_result)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	4
+/* 000000	     */		.skip	16
+!
+! SUBROUTINE mont_mulf_noconv
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global mont_mulf_noconv
+                       mont_mulf_noconv:
+/* 000000	     */		save	%sp,-144,%sp
+                       .L900000646:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000646-.)),%g5
+
+!  206		      !       }
+!  207		      !   }
+!  208		      !}
+!  213		      !/*
+!  214		      !** the lengths of the input arrays should be at least the following:
+!  215		      !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+!  216		      !** all of them should be different from one another
+!  217		      !**
+!  218		      !*/
+!  219		      !void mont_mulf_noconv(unsigned int *result,
+!  220		      !		     double *dm1, double *dm2, double *dt,
+!  221		      !		     double *dn, unsigned int *nint,
+!  222		      !		     int nlen, double dn0)
+!  223		      !{
+!  224		      ! int i, j, jj;
+!  225		      ! int tmp;
+!  226		      ! double digit, m2j, nextm2j, a, b;
+!  227		      ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+!  229		      ! pdm1=&(dm1[0]);
+!  230		      ! pdm2=&(dm2[0]);
+!  231		      ! pdn=&(dn[0]);
+!  232		      ! pdm2[2*nlen]=Zero;
+
+/* 0x000c	 232 */		ld	[%fp+92],%o1
+/* 0x0010	     */		sethi	%hi(Zero),%g2
+/* 0x0014	 223 */		ldd	[%fp+96],%f2
+/* 0x0018	     */		add	%g5,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000646-.)),%g5
+/* 0x001c	 232 */		add	%g2,%lo(Zero),%g2
+/* 0x0020	 223 */		st	%i0,[%fp+68]
+/* 0x0024	     */		add	%g5,%o7,%o3
+
+!  234		      ! if (nlen!=16)
+!  235		      !   {
+!  236		      !     for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
+!  238		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  239		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+/* 0x0028	 239 */		sethi	%hi(TwoToMinus16),%g3
+/* 0x002c	 232 */		ld	[%o3+%g2],%l0
+/* 0x0030	 239 */		sethi	%hi(TwoTo16),%g4
+/* 0x0034	 223 */		or	%g0,%i2,%o2
+/* 0x0038	     */		fmovd	%f2,%f16
+/* 0x003c	     */		st	%i5,[%fp+88]
+/* 0x0040	 239 */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x0044	 223 */		or	%g0,%i1,%i2
+/* 0x0048	 232 */		ldd	[%l0],%f0
+/* 0x004c	 239 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0050	 223 */		or	%g0,%i3,%o0
+/* 0x0054	 232 */		sll	%o1,4,%g4
+/* 0x0058	 239 */		ld	[%o3+%g2],%g5
+/* 0x005c	 223 */		or	%g0,%i3,%i1
+/* 0x0060	 239 */		ld	[%o3+%g3],%g1
+/* 0x0064	 232 */		or	%g0,%o1,%i0
+/* 0x0068	     */		or	%g0,%o2,%i3
+/* 0x006c	 234 */		cmp	%o1,16
+/* 0x0070	     */		be,pn	%icc,.L77000279
+/* 0x0074	     */		std	%f0,[%o2+%g4]
+/* 0x0078	 236 */		sll	%o1,2,%g2
+/* 0x007c	     */		or	%g0,%o0,%o3
+/* 0x0080	 232 */		sll	%o1,1,%o1
+/* 0x0084	 236 */		add	%g2,2,%o2
+/* 0x0088	     */		cmp	%o2,0
+/* 0x008c	     */		ble,a,pt	%icc,.L900000660
+/* 0x0090	     */		ldd	[%i2],%f0
+
+!  241		      !     pdtj=&(dt[0]);
+!  242		      !     for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
+!  243		      !       {
+!  244		      !	 m2j=pdm2[j];
+!  245		      !	 a=pdtj[0]+pdn[0]*digit;
+!  246		      !	 b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
+!  247		      !	 pdtj[1]=b;
+!  249		      !#pragma pipeloop(0)
+!  250		      !	 for(i=1;i<nlen;i++)
+!  251		      !	   {
+!  252		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  253		      !	   }
+!  254		      ! 	 if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
+!  255		      !	 
+!  256		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  257		      !       }
+!  258		      !   }
+!  259		      ! else
+!  260		      !   {
+!  261		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  263		      !     dt[65]=     dt[64]=     dt[63]=     dt[62]=     dt[61]=     dt[60]=
+!  264		      !     dt[59]=     dt[58]=     dt[57]=     dt[56]=     dt[55]=     dt[54]=
+!  265		      !     dt[53]=     dt[52]=     dt[51]=     dt[50]=     dt[49]=     dt[48]=
+!  266		      !     dt[47]=     dt[46]=     dt[45]=     dt[44]=     dt[43]=     dt[42]=
+!  267		      !     dt[41]=     dt[40]=     dt[39]=     dt[38]=     dt[37]=     dt[36]=
+!  268		      !     dt[35]=     dt[34]=     dt[33]=     dt[32]=     dt[31]=     dt[30]=
+!  269		      !     dt[29]=     dt[28]=     dt[27]=     dt[26]=     dt[25]=     dt[24]=
+!  270		      !     dt[23]=     dt[22]=     dt[21]=     dt[20]=     dt[19]=     dt[18]=
+!  271		      !     dt[17]=     dt[16]=     dt[15]=     dt[14]=     dt[13]=     dt[12]=
+!  272		      !     dt[11]=     dt[10]=     dt[ 9]=     dt[ 8]=     dt[ 7]=     dt[ 6]=
+!  273		      !     dt[ 5]=     dt[ 4]=     dt[ 3]=     dt[ 2]=     dt[ 1]=Zero;
+!  275		      !     pdn_0=pdn[0];
+!  276		      !     pdm1_0=pdm1[0];
+!  278		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  279		      !     pdtj=&(dt[0]);
+!  281		      !     for(j=0;j<32;j++,pdtj++)
+
+/* 0x0094	 281 */		add	%g2,2,%o0
+/* 0x0098	 236 */		add	%g2,1,%o2
+/* 0x009c	 281 */		cmp	%o0,3
+/* 0x00a0	     */		bl,pn	%icc,.L77000280
+/* 0x00a4	     */		or	%g0,1,%o0
+/* 0x00a8	     */		add	%o3,8,%o3
+/* 0x00ac	     */		or	%g0,1,%o4
+/* 0x00b0	     */		std	%f0,[%o3-8]
+                       .L900000630:
+/* 0x00b4	     */		std	%f0,[%o3]
+/* 0x00b8	     */		add	%o4,2,%o4
+/* 0x00bc	     */		add	%o3,16,%o3
+/* 0x00c0	     */		cmp	%o4,%g2
+/* 0x00c4	     */		ble,pt	%icc,.L900000630
+/* 0x00c8	     */		std	%f0,[%o3-8]
+                       .L900000633:
+/* 0x00cc	     */		cmp	%o4,%o2
+/* 0x00d0	     */		bg,pn	%icc,.L77000285
+/* 0x00d4	     */		add	%o4,1,%o0
+                       .L77000280:
+/* 0x00d8	     */		std	%f0,[%o3]
+                       .L900000659:
+/* 0x00dc	     */		ldd	[%l0],%f0
+/* 0x00e0	     */		cmp	%o0,%o2
+/* 0x00e4	     */		add	%o3,8,%o3
+/* 0x00e8	     */		add	%o0,1,%o0
+/* 0x00ec	     */		ble,a,pt	%icc,.L900000659
+/* 0x00f0	     */		std	%f0,[%o3]
+                       .L77000285:
+/* 0x00f4	 238 */		ldd	[%i2],%f0
+                       .L900000660:
+/* 0x00f8	 238 */		ldd	[%i3],%f2
+/* 0x00fc	     */		add	%o1,1,%o2
+/* 0x0100	 242 */		cmp	%o1,0
+/* 0x0104	     */		sll	%o2,1,%o0
+/* 0x0108	     */		sub	%o1,1,%o1
+/* 0x010c	 238 */		fmuld	%f0,%f2,%f0
+/* 0x0110	     */		std	%f0,[%i1]
+/* 0x0114	   0 */		or	%g0,0,%l1
+/* 0x0118	     */		ldd	[%l0],%f6
+/* 0x011c	     */		or	%g0,0,%g4
+/* 0x0120	     */		or	%g0,%o2,%i5
+/* 0x0124	     */		ldd	[%g5],%f2
+/* 0x0128	     */		or	%g0,%o1,%g3
+/* 0x012c	     */		or	%g0,%o0,%o3
+/* 0x0130	     */		fdtox	%f0,%f0
+/* 0x0134	     */		ldd	[%g1],%f4
+/* 0x0138	 246 */		add	%i3,8,%o4
+/* 0x013c	     */		or	%g0,0,%l2
+/* 0x0140	     */		or	%g0,%i1,%o5
+/* 0x0144	     */		sub	%i0,1,%o7
+/* 0x0148	     */		fmovs	%f6,%f0
+/* 0x014c	     */		fxtod	%f0,%f0
+/* 0x0150	 239 */		fmuld	%f0,%f16,%f0
+/* 0x0154	     */		fmuld	%f0,%f2,%f2
+/* 0x0158	     */		fdtox	%f2,%f2
+/* 0x015c	     */		fxtod	%f2,%f2
+/* 0x0160	     */		fmuld	%f2,%f4,%f2
+/* 0x0164	     */		fsubd	%f0,%f2,%f22
+/* 0x0168	 242 */		ble,pt	%icc,.L900000653
+/* 0x016c	     */		sll	%i0,4,%g2
+/* 0x0170	 246 */		ldd	[%i4],%f0
+                       .L900000654:
+/* 0x0174	 246 */		fmuld	%f0,%f22,%f8
+/* 0x0178	     */		ldd	[%i2],%f0
+/* 0x017c	 250 */		cmp	%i0,1
+/* 0x0180	 246 */		ldd	[%o4+%l2],%f6
+/* 0x0184	     */		add	%i2,8,%o0
+/* 0x0188	 250 */		or	%g0,1,%o1
+/* 0x018c	 246 */		ldd	[%o5],%f2
+/* 0x0190	     */		add	%o5,16,%l3
+/* 0x0194	     */		fmuld	%f0,%f6,%f6
+/* 0x0198	     */		ldd	[%g5],%f4
+/* 0x019c	     */		faddd	%f2,%f8,%f2
+/* 0x01a0	     */		ldd	[%o5+8],%f0
+/* 0x01a4	 244 */		ldd	[%i3+%l2],%f20
+/* 0x01a8	 246 */		faddd	%f0,%f6,%f0
+/* 0x01ac	     */		fmuld	%f2,%f4,%f2
+/* 0x01b0	     */		faddd	%f0,%f2,%f18
+/* 0x01b4	 247 */		std	%f18,[%o5+8]
+/* 0x01b8	 250 */		ble,pt	%icc,.L900000658
+/* 0x01bc	     */		srl	%g4,31,%g2
+/* 0x01c0	     */		cmp	%o7,7
+/* 0x01c4	 246 */		add	%i4,8,%g2
+/* 0x01c8	 250 */		bl,pn	%icc,.L77000284
+/* 0x01cc	     */		add	%g2,24,%o2
+/* 0x01d0	 252 */		ldd	[%o0+24],%f12
+/* 0x01d4	     */		add	%o5,48,%l3
+/* 0x01d8	     */		ldd	[%o0],%f2
+/* 0x01dc	   0 */		or	%g0,%o2,%g2
+/* 0x01e0	 250 */		sub	%o7,2,%o2
+/* 0x01e4	 252 */		ldd	[%g2-24],%f0
+/* 0x01e8	     */		or	%g0,5,%o1
+/* 0x01ec	     */		ldd	[%o0+8],%f6
+/* 0x01f0	     */		fmuld	%f2,%f20,%f2
+/* 0x01f4	     */		ldd	[%o0+16],%f14
+/* 0x01f8	     */		fmuld	%f0,%f22,%f4
+/* 0x01fc	     */		add	%o0,32,%o0
+/* 0x0200	     */		ldd	[%g2-16],%f8
+/* 0x0204	     */		fmuld	%f6,%f20,%f10
+/* 0x0208	     */		ldd	[%o5+16],%f0
+/* 0x020c	     */		ldd	[%g2-8],%f6
+/* 0x0210	     */		faddd	%f2,%f4,%f4
+/* 0x0214	     */		ldd	[%o5+32],%f2
+                       .L900000642:
+/* 0x0218	 252 */		ldd	[%g2],%f24
+/* 0x021c	     */		add	%o1,3,%o1
+/* 0x0220	     */		add	%g2,24,%g2
+/* 0x0224	     */		fmuld	%f8,%f22,%f8
+/* 0x0228	     */		ldd	[%l3],%f28
+/* 0x022c	     */		cmp	%o1,%o2
+/* 0x0230	     */		add	%o0,24,%o0
+/* 0x0234	     */		ldd	[%o0-24],%f26
+/* 0x0238	     */		faddd	%f0,%f4,%f0
+/* 0x023c	     */		add	%l3,48,%l3
+/* 0x0240	     */		faddd	%f10,%f8,%f10
+/* 0x0244	     */		fmuld	%f14,%f20,%f4
+/* 0x0248	     */		std	%f0,[%l3-80]
+/* 0x024c	     */		ldd	[%g2-16],%f8
+/* 0x0250	     */		fmuld	%f6,%f22,%f6
+/* 0x0254	     */		ldd	[%l3-32],%f0
+/* 0x0258	     */		ldd	[%o0-16],%f14
+/* 0x025c	     */		faddd	%f2,%f10,%f2
+/* 0x0260	     */		faddd	%f4,%f6,%f10
+/* 0x0264	     */		fmuld	%f12,%f20,%f4
+/* 0x0268	     */		std	%f2,[%l3-64]
+/* 0x026c	     */		ldd	[%g2-8],%f6
+/* 0x0270	     */		fmuld	%f24,%f22,%f24
+/* 0x0274	     */		ldd	[%l3-16],%f2
+/* 0x0278	     */		ldd	[%o0-8],%f12
+/* 0x027c	     */		faddd	%f28,%f10,%f10
+/* 0x0280	     */		std	%f10,[%l3-48]
+/* 0x0284	     */		fmuld	%f26,%f20,%f10
+/* 0x0288	     */		ble,pt	%icc,.L900000642
+/* 0x028c	     */		faddd	%f4,%f24,%f4
+                       .L900000645:
+/* 0x0290	 252 */		fmuld	%f8,%f22,%f28
+/* 0x0294	     */		ldd	[%g2],%f24
+/* 0x0298	     */		faddd	%f0,%f4,%f26
+/* 0x029c	     */		fmuld	%f12,%f20,%f8
+/* 0x02a0	     */		add	%l3,32,%l3
+/* 0x02a4	     */		cmp	%o1,%o7
+/* 0x02a8	     */		fmuld	%f14,%f20,%f14
+/* 0x02ac	     */		ldd	[%l3-32],%f4
+/* 0x02b0	     */		add	%g2,8,%g2
+/* 0x02b4	     */		faddd	%f10,%f28,%f12
+/* 0x02b8	     */		fmuld	%f6,%f22,%f6
+/* 0x02bc	     */		ldd	[%l3-16],%f0
+/* 0x02c0	     */		fmuld	%f24,%f22,%f10
+/* 0x02c4	     */		std	%f26,[%l3-64]
+/* 0x02c8	     */		faddd	%f2,%f12,%f2
+/* 0x02cc	     */		std	%f2,[%l3-48]
+/* 0x02d0	     */		faddd	%f14,%f6,%f6
+/* 0x02d4	     */		faddd	%f8,%f10,%f2
+/* 0x02d8	     */		faddd	%f4,%f6,%f4
+/* 0x02dc	     */		std	%f4,[%l3-32]
+/* 0x02e0	     */		faddd	%f0,%f2,%f0
+/* 0x02e4	     */		bg,pn	%icc,.L77000213
+/* 0x02e8	     */		std	%f0,[%l3-16]
+                       .L77000284:
+/* 0x02ec	 252 */		ldd	[%o0],%f0
+                       .L900000657:
+/* 0x02f0	 252 */		ldd	[%g2],%f4
+/* 0x02f4	     */		fmuld	%f0,%f20,%f2
+/* 0x02f8	     */		add	%o1,1,%o1
+/* 0x02fc	     */		ldd	[%l3],%f0
+/* 0x0300	     */		add	%o0,8,%o0
+/* 0x0304	     */		add	%g2,8,%g2
+/* 0x0308	     */		fmuld	%f4,%f22,%f4
+/* 0x030c	     */		cmp	%o1,%o7
+/* 0x0310	     */		faddd	%f2,%f4,%f2
+/* 0x0314	     */		faddd	%f0,%f2,%f0
+/* 0x0318	     */		std	%f0,[%l3]
+/* 0x031c	     */		add	%l3,16,%l3
+/* 0x0320	     */		ble,a,pt	%icc,.L900000657
+/* 0x0324	     */		ldd	[%o0],%f0
+                       .L77000213:
+/* 0x0328	     */		srl	%g4,31,%g2
+                       .L900000658:
+/* 0x032c	 254 */		cmp	%l1,30
+/* 0x0330	     */		bne,a,pt	%icc,.L900000656
+/* 0x0334	     */		fdtox	%f18,%f0
+/* 0x0338	     */		add	%g4,%g2,%g2
+/* 0x033c	     */		sra	%g2,1,%o0
+/* 0x0340	 281 */		ldd	[%l0],%f0
+/* 0x0344	     */		sll	%i5,1,%o2
+/* 0x0348	     */		add	%o0,1,%g2
+/* 0x034c	     */		sll	%g2,1,%o0
+/* 0x0350	 254 */		sub	%o2,1,%o2
+/* 0x0354	 281 */		fmovd	%f0,%f2
+/* 0x0358	     */		sll	%g2,4,%o1
+/* 0x035c	     */		cmp	%o0,%o3
+/* 0x0360	     */		bge,pt	%icc,.L77000215
+/* 0x0364	     */		or	%g0,0,%l1
+/* 0x0368	 254 */		add	%i1,%o1,%o1
+/* 0x036c	 281 */		ldd	[%o1],%f6
+                       .L900000655:
+/* 0x0370	     */		fdtox	%f6,%f10
+/* 0x0374	     */		ldd	[%o1+8],%f4
+/* 0x0378	     */		add	%o0,2,%o0
+/* 0x037c	     */		ldd	[%l0],%f12
+/* 0x0380	     */		fdtox	%f6,%f6
+/* 0x0384	     */		cmp	%o0,%o2
+/* 0x0388	     */		fdtox	%f4,%f8
+/* 0x038c	     */		fdtox	%f4,%f4
+/* 0x0390	     */		fmovs	%f12,%f10
+/* 0x0394	     */		fmovs	%f12,%f8
+/* 0x0398	     */		fxtod	%f10,%f10
+/* 0x039c	     */		fxtod	%f8,%f8
+/* 0x03a0	     */		faddd	%f10,%f2,%f2
+/* 0x03a4	     */		std	%f2,[%o1]
+/* 0x03a8	     */		faddd	%f8,%f0,%f0
+/* 0x03ac	     */		std	%f0,[%o1+8]
+/* 0x03b0	     */		add	%o1,16,%o1
+/* 0x03b4	     */		fitod	%f6,%f2
+/* 0x03b8	     */		fitod	%f4,%f0
+/* 0x03bc	     */		ble,a,pt	%icc,.L900000655
+/* 0x03c0	     */		ldd	[%o1],%f6
+                       .L77000233:
+/* 0x03c4	     */		or	%g0,0,%l1
+                       .L77000215:
+/* 0x03c8	     */		fdtox	%f18,%f0
+                       .L900000656:
+/* 0x03cc	     */		ldd	[%l0],%f6
+/* 0x03d0	 256 */		add	%g4,1,%g4
+/* 0x03d4	     */		add	%l2,8,%l2
+/* 0x03d8	     */		ldd	[%g5],%f2
+/* 0x03dc	     */		add	%l1,1,%l1
+/* 0x03e0	     */		add	%o5,8,%o5
+/* 0x03e4	     */		fmovs	%f6,%f0
+/* 0x03e8	     */		ldd	[%g1],%f4
+/* 0x03ec	     */		cmp	%g4,%g3
+/* 0x03f0	     */		fxtod	%f0,%f0
+/* 0x03f4	     */		fmuld	%f0,%f16,%f0
+/* 0x03f8	     */		fmuld	%f0,%f2,%f2
+/* 0x03fc	     */		fdtox	%f2,%f2
+/* 0x0400	     */		fxtod	%f2,%f2
+/* 0x0404	     */		fmuld	%f2,%f4,%f2
+/* 0x0408	     */		fsubd	%f0,%f2,%f22
+/* 0x040c	     */		ble,a,pt	%icc,.L900000654
+/* 0x0410	     */		ldd	[%i4],%f0
+                       .L900000629:
+/* 0x0414	 256 */		ba	.L900000653
+/* 0x0418	     */		sll	%i0,4,%g2
+                       .L77000279:
+/* 0x041c	 261 */		ldd	[%o2],%f6
+/* 0x0420	 279 */		or	%g0,%o0,%o4
+/* 0x0424	 281 */		or	%g0,0,%o3
+/* 0x0428	 261 */		ldd	[%i2],%f4
+/* 0x042c	 273 */		std	%f0,[%o0+8]
+/* 0x0430	     */		std	%f0,[%o0+16]
+/* 0x0434	 261 */		fmuld	%f4,%f6,%f4
+/* 0x0438	     */		std	%f4,[%o0]
+/* 0x043c	 273 */		std	%f0,[%o0+24]
+/* 0x0440	     */		std	%f0,[%o0+32]
+/* 0x0444	     */		fdtox	%f4,%f4
+/* 0x0448	     */		std	%f0,[%o0+40]
+/* 0x044c	     */		std	%f0,[%o0+48]
+/* 0x0450	     */		std	%f0,[%o0+56]
+/* 0x0454	     */		std	%f0,[%o0+64]
+/* 0x0458	     */		std	%f0,[%o0+72]
+/* 0x045c	     */		std	%f0,[%o0+80]
+/* 0x0460	     */		std	%f0,[%o0+88]
+/* 0x0464	     */		std	%f0,[%o0+96]
+/* 0x0468	     */		std	%f0,[%o0+104]
+/* 0x046c	     */		std	%f0,[%o0+112]
+/* 0x0470	     */		std	%f0,[%o0+120]
+/* 0x0474	     */		std	%f0,[%o0+128]
+/* 0x0478	     */		std	%f0,[%o0+136]
+/* 0x047c	     */		std	%f0,[%o0+144]
+/* 0x0480	     */		std	%f0,[%o0+152]
+/* 0x0484	     */		std	%f0,[%o0+160]
+/* 0x0488	     */		std	%f0,[%o0+168]
+/* 0x048c	     */		fmovs	%f0,%f4
+/* 0x0490	     */		std	%f0,[%o0+176]
+/* 0x0494	 281 */		or	%g0,0,%o1
+/* 0x0498	 273 */		std	%f0,[%o0+184]
+/* 0x049c	     */		fxtod	%f4,%f4
+/* 0x04a0	     */		std	%f0,[%o0+192]
+/* 0x04a4	     */		std	%f0,[%o0+200]
+/* 0x04a8	     */		std	%f0,[%o0+208]
+/* 0x04ac	 278 */		fmuld	%f4,%f2,%f2
+/* 0x04b0	 273 */		std	%f0,[%o0+216]
+/* 0x04b4	     */		std	%f0,[%o0+224]
+/* 0x04b8	     */		std	%f0,[%o0+232]
+/* 0x04bc	     */		std	%f0,[%o0+240]
+/* 0x04c0	     */		std	%f0,[%o0+248]
+/* 0x04c4	     */		std	%f0,[%o0+256]
+/* 0x04c8	     */		std	%f0,[%o0+264]
+/* 0x04cc	     */		std	%f0,[%o0+272]
+/* 0x04d0	     */		std	%f0,[%o0+280]
+/* 0x04d4	     */		std	%f0,[%o0+288]
+/* 0x04d8	     */		std	%f0,[%o0+296]
+/* 0x04dc	     */		std	%f0,[%o0+304]
+/* 0x04e0	     */		std	%f0,[%o0+312]
+/* 0x04e4	     */		std	%f0,[%o0+320]
+/* 0x04e8	     */		std	%f0,[%o0+328]
+/* 0x04ec	     */		std	%f0,[%o0+336]
+/* 0x04f0	     */		std	%f0,[%o0+344]
+/* 0x04f4	     */		std	%f0,[%o0+352]
+/* 0x04f8	     */		std	%f0,[%o0+360]
+/* 0x04fc	     */		std	%f0,[%o0+368]
+/* 0x0500	     */		std	%f0,[%o0+376]
+/* 0x0504	     */		std	%f0,[%o0+384]
+/* 0x0508	     */		std	%f0,[%o0+392]
+/* 0x050c	     */		std	%f0,[%o0+400]
+/* 0x0510	     */		std	%f0,[%o0+408]
+/* 0x0514	     */		std	%f0,[%o0+416]
+/* 0x0518	     */		std	%f0,[%o0+424]
+/* 0x051c	     */		std	%f0,[%o0+432]
+/* 0x0520	     */		std	%f0,[%o0+440]
+/* 0x0524	     */		std	%f0,[%o0+448]
+/* 0x0528	     */		std	%f0,[%o0+456]
+/* 0x052c	     */		std	%f0,[%o0+464]
+/* 0x0530	     */		std	%f0,[%o0+472]
+/* 0x0534	     */		std	%f0,[%o0+480]
+/* 0x0538	     */		std	%f0,[%o0+488]
+/* 0x053c	     */		std	%f0,[%o0+496]
+/* 0x0540	     */		std	%f0,[%o0+504]
+/* 0x0544	     */		std	%f0,[%o0+512]
+/* 0x0548	     */		std	%f0,[%o0+520]
+/* 0x054c	     */		ldd	[%g5],%f0
+/* 0x0550	     */		ldd	[%g1],%f8
+/* 0x0554	     */		fmuld	%f2,%f0,%f6
+/* 0x0558	 275 */		ldd	[%i4],%f4
+/* 0x055c	 276 */		ldd	[%i2],%f0
+/* 0x0560	     */		fdtox	%f6,%f6
+/* 0x0564	     */		fxtod	%f6,%f6
+/* 0x0568	     */		fmuld	%f6,%f8,%f6
+/* 0x056c	     */		fsubd	%f2,%f6,%f2
+/* 0x0570	 286 */		fmuld	%f4,%f2,%f12
+
+!  282		      !       {
+!  284		      !	 m2j=pdm2[j];
+!  285		      !	 a=pdtj[0]+pdn_0*digit;
+!  286		      !	 b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
+
+!  287		      !	 pdtj[1]=b;
+!  289		      !	 /**** this loop will be fully unrolled:
+!  290		      !	 for(i=1;i<16;i++)
+!  291		      !	   {
+!  292		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  293		      !	   }
+!  294		      !	 *************************************/
+!  295		      !	     pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
+!  296		      !	     pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
+!  297		      !	     pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
+!  298		      !	     pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
+!  299		      !	     pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
+!  300		      !	     pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
+!  301		      !	     pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
+!  302		      !	     pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
+!  303		      !	     pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
+!  304		      !	     pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
+!  305		      !	     pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
+!  306		      !	     pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
+!  307		      !	     pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
+!  308		      !	     pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
+!  309		      !	     pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
+!  310		      !	 /* no need for cleenup, cannot overflow */
+!  311		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+	fmovd %f2,%f0		! hand modified
+	fmovd %f16,%f18			! hand modified
+	ldd [%i4],%f2
+	ldd [%o4],%f8
+	ldd [%i2],%f10
+	ldd [%g5],%f14		! hand modified
+	ldd [%g1],%f16		! hand modified
+	ldd [%i3],%f24
+
+	ldd [%i2+8],%f26
+	ldd [%i2+16],%f40
+	ldd [%i2+48],%f46
+	ldd [%i2+56],%f30
+	ldd [%i2+64],%f54
+	ldd [%i2+104],%f34
+	ldd [%i2+112],%f58
+
+	ldd [%i4+8],%f28	
+	ldd [%i4+104],%f38
+	ldd [%i4+112],%f60
+
+	.L99999999: 			!1
+	ldd	[%i2+24],%f32
+	fmuld	%f0,%f2,%f4 	!2
+	ldd	[%i4+24],%f36
+	fmuld	%f26,%f24,%f20 	!3
+	ldd	[%i2+40],%f42
+	fmuld	%f28,%f0,%f22 	!4
+	ldd	[%i4+40],%f44
+	fmuld	%f32,%f24,%f32 	!5
+	ldd	[%i3+8],%f6
+	faddd	%f4,%f8,%f4
+	fmuld	%f36,%f0,%f36 	!6
+	add	%i3,8,%i3
+	ldd	[%i4+56],%f50
+	fmuld	%f42,%f24,%f42 	!7
+	ldd	[%i2+72],%f52
+	faddd	%f20,%f22,%f20
+	fmuld	%f44,%f0,%f44 	!8
+	ldd	[%o4+16],%f22
+	fmuld	%f10,%f6,%f12 	!9
+	ldd	[%i4+72],%f56
+	faddd	%f32,%f36,%f32
+	fmuld	%f14,%f4,%f4 !10
+	ldd	[%o4+48],%f36
+	fmuld	%f30,%f24,%f48 	!11
+	ldd	[%o4+8],%f8
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50	!12
+	std	%f20,[%o4+16]
+	faddd	%f42,%f44,%f42
+	fmuld	%f52,%f24,%f52 	!13
+	ldd	[%o4+80],%f44
+	faddd	%f4,%f12,%f4
+	fmuld	%f56,%f0,%f56 	!14
+	ldd	[%i2+88],%f20
+	faddd	%f32,%f36,%f32 	!15
+	ldd	[%i4+88],%f22
+	faddd	%f48,%f50,%f48 	!16
+	ldd	[%o4+112],%f50
+	faddd	%f52,%f56,%f52 	!17
+	ldd	[%o4+144],%f56
+	faddd	%f4,%f8,%f8
+	fmuld	%f20,%f24,%f20 	!18
+	std	%f32,[%o4+48]
+	faddd	%f42,%f44,%f42
+	fmuld	%f22,%f0,%f22 	!19
+	std	%f42,[%o4+80]
+	faddd	%f48,%f50,%f48
+	fmuld	%f34,%f24,%f32 	!20
+	std	%f48,[%o4+112]
+	faddd	%f52,%f56,%f52
+	fmuld	%f38,%f0,%f36 	!21
+	ldd	[%i2+120],%f42
+	fdtox	%f8,%f4 		!22
+	std	%f52,[%o4+144]
+	faddd	%f20,%f22,%f20 	!23
+	ldd	[%i4+120],%f44 	!24
+	ldd	[%o4+176],%f22
+	faddd	%f32,%f36,%f32
+	fmuld	%f42,%f24,%f42 	!25
+	ldd	[%i4+16],%f50
+	fmovs	%f17,%f4 	!26
+	ldd	[%i2+32],%f52
+	fmuld	%f44,%f0,%f44 	!27
+	ldd	[%i4+32],%f56
+	fmuld	%f40,%f24,%f48 	!28
+	ldd	[%o4+208],%f36
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50 	!29
+	std	%f20,[%o4+176]
+	fxtod	%f4,%f4
+	fmuld	%f52,%f24,%f52 	!30
+	ldd	[%i4+48],%f22
+	faddd	%f42,%f44,%f42
+	fmuld	%f56,%f0,%f56 	!31
+	ldd	[%o4+240],%f44
+	faddd	%f32,%f36,%f32 	!32
+	std	%f32,[%o4+208]
+	faddd	%f48,%f50,%f48
+	fmuld	%f46,%f24,%f20 	!33
+	ldd	[%o4+32],%f50
+	fmuld	%f4,%f18,%f12 	!34
+	ldd	[%i4+64],%f36
+	faddd	%f52,%f56,%f52
+	fmuld	%f22,%f0,%f22 	!35
+	ldd	[%o4+64],%f56
+	faddd	%f42,%f44,%f42 	!36
+	std	%f42,[%o4+240]
+	faddd	%f48,%f50,%f48
+	fmuld	%f54,%f24,%f32 	!37
+	std	%f48,[%o4+32]
+	fmuld	%f12,%f14,%f4 !38
+	ldd	[%i2+80],%f42
+	faddd	%f52,%f56,%f56	! yes, tmp52!
+	fmuld	%f36,%f0,%f36 	!39
+	ldd	[%i4+80],%f44
+	faddd	%f20,%f22,%f20 	!40
+	ldd	[%i2+96],%f48
+	fmuld	%f58,%f24,%f52 	!41
+	ldd	[%i4+96],%f50
+	fdtox	%f4,%f4
+	fmuld	%f42,%f24,%f42 	!42
+	std	%f56,[%o4+64]	! yes, tmp52!
+	faddd	%f32,%f36,%f32
+	fmuld	%f44,%f0,%f44 	!43
+	ldd	[%o4+96],%f22
+	fmuld	%f48,%f24,%f48 	!44
+	ldd	[%o4+128],%f36
+	fmovd	%f6,%f24
+	fmuld	%f50,%f0,%f50 	!45
+	fxtod	%f4,%f4
+	fmuld	%f60,%f0,%f56 	!46
+	add	%o4,8,%o4
+	faddd	%f42,%f44,%f42 	!47
+	ldd	[%o4+160-8],%f44
+	faddd	%f20,%f22,%f20 	!48
+	std	%f20,[%o4+96-8]
+	faddd	%f48,%f50,%f48 	!49
+	ldd	[%o4+192-8],%f50
+	faddd	%f52,%f56,%f52
+	fmuld	%f4,%f16,%f4 	!50
+	ldd	[%o4+224-8],%f56
+	faddd	%f32,%f36,%f32 	!51
+	std	%f32,[%o4+128-8]
+	faddd	%f42,%f44,%f42 	!52
+	add	%o3,1,%o3
+	std	%f42,[%o4+160-8]
+	faddd	%f48,%f50,%f48 	!53
+	cmp	%o3,31
+	std	%f48,[%o4+192-8]
+	fsubd	%f12,%f4,%f0 	!54
+	faddd	%f52,%f56,%f52
+	ble,pt	%icc,.L99999999
+	std	%f52,[%o4+224-8] 	!55
+	std %f8,[%o4]
+
+!  312		      !       }
+!  313		      !   }
+!  315		      ! conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
+
+/* 0x07c8	 315 */		sll	%i0,4,%g2
+                       .L900000653:
+/* 0x07cc	 315 */		add	%i1,%g2,%i1
+/* 0x07d0	 242 */		ld	[%fp+68],%o0
+/* 0x07d4	 315 */		or	%g0,0,%o4
+/* 0x07d8	     */		ldd	[%i1],%f0
+/* 0x07dc	     */		or	%g0,0,%g5
+/* 0x07e0	     */		cmp	%i0,0
+/* 0x07e4	 242 */		or	%g0,%o0,%o3
+/* 0x07e8	 311 */		sub	%i0,1,%g1
+/* 0x07ec	 315 */		fdtox	%f0,%f0
+/* 0x07f0	     */		std	%f0,[%sp+120]
+/* 0x07f4	 311 */		sethi	%hi(0xfc00),%o1
+/* 0x07f8	     */		add	%g1,1,%g3
+/* 0x07fc	     */		or	%g0,%o0,%g4
+/* 0x0800	 315 */		ldd	[%i1+8],%f0
+/* 0x0804	     */		add	%o1,1023,%o1
+/* 0x0808	     */		fdtox	%f0,%f0
+/* 0x080c	     */		std	%f0,[%sp+112]
+/* 0x0810	     */		ldx	[%sp+112],%o5
+/* 0x0814	     */		ldx	[%sp+120],%o7
+/* 0x0818	     */		ble,pt	%icc,.L900000651
+/* 0x081c	     */		sethi	%hi(0xfc00),%g2
+/* 0x0820	 311 */		or	%g0,-1,%g2
+/* 0x0824	 315 */		cmp	%g3,3
+/* 0x0828	 311 */		srl	%g2,0,%o2
+/* 0x082c	 315 */		bl,pn	%icc,.L77000287
+/* 0x0830	     */		or	%g0,%i1,%g2
+/* 0x0834	     */		ldd	[%i1+16],%f0
+/* 0x0838	     */		and	%o5,%o1,%o0
+/* 0x083c	     */		add	%i1,16,%g2
+/* 0x0840	     */		sllx	%o0,16,%g3
+/* 0x0844	     */		and	%o7,%o2,%o0
+/* 0x0848	     */		fdtox	%f0,%f0
+/* 0x084c	     */		std	%f0,[%sp+104]
+/* 0x0850	     */		add	%o0,%g3,%o4
+/* 0x0854	     */		ldd	[%i1+24],%f2
+/* 0x0858	     */		srax	%o5,16,%o0
+/* 0x085c	     */		add	%o3,4,%g4
+/* 0x0860	     */		stx	%o0,[%sp+128]
+/* 0x0864	     */		and	%o4,%o2,%o0
+/* 0x0868	     */		stx	%o0,[%sp+112]
+/* 0x086c	     */		srax	%o4,32,%o0
+/* 0x0870	     */		fdtox	%f2,%f0
+/* 0x0874	     */		stx	%o0,[%sp+136]
+/* 0x0878	     */		srax	%o7,32,%o4
+/* 0x087c	     */		std	%f0,[%sp+96]
+/* 0x0880	     */		ldx	[%sp+128],%g5
+/* 0x0884	     */		ldx	[%sp+136],%o7
+/* 0x0888	     */		ldx	[%sp+104],%g3
+/* 0x088c	     */		add	%g5,%o7,%o0
+/* 0x0890	     */		or	%g0,1,%g5
+/* 0x0894	     */		ldx	[%sp+112],%o7
+/* 0x0898	     */		add	%o4,%o0,%o4
+/* 0x089c	     */		ldx	[%sp+96],%o5
+/* 0x08a0	     */		st	%o7,[%o3]
+/* 0x08a4	     */		or	%g0,%g3,%o7
+                       .L900000634:
+/* 0x08a8	     */		ldd	[%g2+16],%f0
+/* 0x08ac	     */		add	%g5,1,%g5
+/* 0x08b0	     */		add	%g4,4,%g4
+/* 0x08b4	     */		cmp	%g5,%g1
+/* 0x08b8	     */		add	%g2,16,%g2
+/* 0x08bc	     */		fdtox	%f0,%f0
+/* 0x08c0	     */		std	%f0,[%sp+104]
+/* 0x08c4	     */		ldd	[%g2+8],%f0
+/* 0x08c8	     */		fdtox	%f0,%f0
+/* 0x08cc	     */		std	%f0,[%sp+96]
+/* 0x08d0	     */		and	%o5,%o1,%g3
+/* 0x08d4	     */		sllx	%g3,16,%g3
+/* 0x08d8	     */		stx	%g3,[%sp+120]
+/* 0x08dc	     */		and	%o7,%o2,%g3
+/* 0x08e0	     */		stx	%o7,[%sp+128]
+/* 0x08e4	     */		ldx	[%sp+120],%o7
+/* 0x08e8	     */		add	%g3,%o7,%g3
+/* 0x08ec	     */		ldx	[%sp+128],%o7
+/* 0x08f0	     */		srax	%o5,16,%o5
+/* 0x08f4	     */		add	%g3,%o4,%g3
+/* 0x08f8	     */		srax	%g3,32,%o4
+/* 0x08fc	     */		stx	%o4,[%sp+112]
+/* 0x0900	     */		srax	%o7,32,%o4
+/* 0x0904	     */		ldx	[%sp+112],%o7
+/* 0x0908	     */		add	%o5,%o7,%o7
+/* 0x090c	     */		ldx	[%sp+96],%o5
+/* 0x0910	     */		add	%o4,%o7,%o4
+/* 0x0914	     */		and	%g3,%o2,%g3
+/* 0x0918	     */		ldx	[%sp+104],%o7
+/* 0x091c	     */		ble,pt	%icc,.L900000634
+/* 0x0920	     */		st	%g3,[%g4-4]
+                       .L900000637:
+/* 0x0924	     */		ba	.L900000651
+/* 0x0928	     */		sethi	%hi(0xfc00),%g2
+                       .L77000287:
+/* 0x092c	     */		ldd	[%g2+16],%f0
+                       .L900000650:
+/* 0x0930	     */		and	%o7,%o2,%o0
+/* 0x0934	     */		and	%o5,%o1,%g3
+/* 0x0938	     */		fdtox	%f0,%f0
+/* 0x093c	     */		add	%o4,%o0,%o0
+/* 0x0940	     */		std	%f0,[%sp+104]
+/* 0x0944	     */		add	%g5,1,%g5
+/* 0x0948	     */		sllx	%g3,16,%o4
+/* 0x094c	     */		ldd	[%g2+24],%f2
+/* 0x0950	     */		add	%g2,16,%g2
+/* 0x0954	     */		add	%o0,%o4,%o4
+/* 0x0958	     */		cmp	%g5,%g1
+/* 0x095c	     */		srax	%o5,16,%o0
+/* 0x0960	     */		stx	%o0,[%sp+112]
+/* 0x0964	     */		and	%o4,%o2,%g3
+/* 0x0968	     */		srax	%o4,32,%o5
+/* 0x096c	     */		fdtox	%f2,%f0
+/* 0x0970	     */		std	%f0,[%sp+96]
+/* 0x0974	     */		srax	%o7,32,%o4
+/* 0x0978	     */		ldx	[%sp+112],%o7
+/* 0x097c	     */		add	%o7,%o5,%o7
+/* 0x0980	     */		ldx	[%sp+104],%o5
+/* 0x0984	     */		add	%o4,%o7,%o4
+/* 0x0988	     */		ldx	[%sp+96],%o0
+/* 0x098c	     */		st	%g3,[%g4]
+/* 0x0990	     */		or	%g0,%o5,%o7
+/* 0x0994	     */		add	%g4,4,%g4
+/* 0x0998	     */		or	%g0,%o0,%o5
+/* 0x099c	     */		ble,a,pt	%icc,.L900000650
+/* 0x09a0	     */		ldd	[%g2+16],%f0
+                       .L77000236:
+/* 0x09a4	     */		sethi	%hi(0xfc00),%g2
+                       .L900000651:
+/* 0x09a8	     */		or	%g0,-1,%o0
+/* 0x09ac	     */		add	%g2,1023,%g2
+/* 0x09b0	     */		ld	[%fp+88],%o1
+/* 0x09b4	     */		srl	%o0,0,%g3
+/* 0x09b8	     */		and	%o5,%g2,%g2
+/* 0x09bc	     */		and	%o7,%g3,%g4
+
+!  317		      ! adjust_montf_result(result,nint,nlen); 
+
+/* 0x09c0	 317 */		or	%g0,-1,%o5
+/* 0x09c4	 311 */		sllx	%g2,16,%g2
+/* 0x09c8	     */		add	%o4,%g4,%g4
+/* 0x09cc	     */		add	%g4,%g2,%g2
+/* 0x09d0	     */		sll	%g5,2,%g4
+/* 0x09d4	     */		and	%g2,%g3,%g2
+/* 0x09d8	     */		st	%g2,[%o3+%g4]
+/* 0x09dc	 317 */		sll	%i0,2,%g2
+/* 0x09e0	     */		ld	[%o3+%g2],%g2
+/* 0x09e4	     */		cmp	%g2,0
+/* 0x09e8	     */		bleu,pn	%icc,.L77000241
+/* 0x09ec	     */		or	%g0,%o1,%o2
+/* 0x09f0	     */		ba	.L900000649
+/* 0x09f4	     */		cmp	%o5,0
+                       .L77000241:
+/* 0x09f8	     */		sub	%i0,1,%o5
+/* 0x09fc	     */		sll	%o5,2,%g2
+/* 0x0a00	     */		cmp	%o5,0
+/* 0x0a04	     */		bl,pt	%icc,.L900000649
+/* 0x0a08	     */		cmp	%o5,0
+/* 0x0a0c	     */		add	%o1,%g2,%o1
+/* 0x0a10	     */		add	%o3,%g2,%o4
+/* 0x0a14	     */		ld	[%o1],%g2
+                       .L900000648:
+/* 0x0a18	     */		ld	[%o4],%g3
+/* 0x0a1c	     */		sub	%o5,1,%o0
+/* 0x0a20	     */		sub	%o1,4,%o1
+/* 0x0a24	     */		sub	%o4,4,%o4
+/* 0x0a28	     */		cmp	%g3,%g2
+/* 0x0a2c	     */		bne,pn	%icc,.L77000244
+/* 0x0a30	     */		nop
+/* 0x0a34	   0 */		or	%g0,%o0,%o5
+/* 0x0a38	 317 */		cmp	%o0,0
+/* 0x0a3c	     */		bge,a,pt	%icc,.L900000648
+/* 0x0a40	     */		ld	[%o1],%g2
+                       .L77000244:
+/* 0x0a44	     */		cmp	%o5,0
+                       .L900000649:
+/* 0x0a48	     */		bl,pn	%icc,.L77000288
+/* 0x0a4c	     */		sll	%o5,2,%g2
+/* 0x0a50	     */		ld	[%o2+%g2],%g3
+/* 0x0a54	     */		ld	[%o3+%g2],%g2
+/* 0x0a58	     */		cmp	%g2,%g3
+/* 0x0a5c	     */		bleu,pt	%icc,.L77000224
+/* 0x0a60	     */		nop
+                       .L77000288:
+/* 0x0a64	     */		cmp	%i0,0
+/* 0x0a68	     */		ble,pt	%icc,.L77000224
+/* 0x0a6c	     */		nop
+/* 0x0a70	 317 */		sub	%i0,1,%o7
+/* 0x0a74	     */		or	%g0,-1,%g2
+/* 0x0a78	     */		srl	%g2,0,%o4
+/* 0x0a7c	     */		add	%o7,1,%o0
+/* 0x0a80	 315 */		or	%g0,0,%o5
+/* 0x0a84	     */		or	%g0,0,%g1
+/* 0x0a88	     */		cmp	%o0,3
+/* 0x0a8c	     */		bl,pn	%icc,.L77000289
+/* 0x0a90	     */		add	%o3,8,%o1
+/* 0x0a94	     */		add	%o2,4,%o0
+/* 0x0a98	     */		ld	[%o1-8],%g2
+/* 0x0a9c	   0 */		or	%g0,%o1,%o3
+/* 0x0aa0	 315 */		ld	[%o0-4],%g3
+/* 0x0aa4	   0 */		or	%g0,%o0,%o2
+/* 0x0aa8	 315 */		or	%g0,2,%g1
+/* 0x0aac	     */		ld	[%o3-4],%o0
+/* 0x0ab0	     */		sub	%g2,%g3,%g2
+/* 0x0ab4	     */		or	%g0,%g2,%o5
+/* 0x0ab8	     */		and	%g2,%o4,%g2
+/* 0x0abc	     */		st	%g2,[%o3-8]
+/* 0x0ac0	     */		srax	%o5,32,%o5
+                       .L900000638:
+/* 0x0ac4	     */		ld	[%o2],%g2
+/* 0x0ac8	     */		add	%g1,1,%g1
+/* 0x0acc	     */		add	%o2,4,%o2
+/* 0x0ad0	     */		cmp	%g1,%o7
+/* 0x0ad4	     */		add	%o3,4,%o3
+/* 0x0ad8	     */		sub	%o0,%g2,%o0
+/* 0x0adc	     */		add	%o0,%o5,%o5
+/* 0x0ae0	     */		and	%o5,%o4,%g2
+/* 0x0ae4	     */		ld	[%o3-4],%o0
+/* 0x0ae8	     */		st	%g2,[%o3-8]
+/* 0x0aec	     */		ble,pt	%icc,.L900000638
+/* 0x0af0	     */		srax	%o5,32,%o5
+                       .L900000641:
+/* 0x0af4	     */		ld	[%o2],%o1
+/* 0x0af8	     */		sub	%o0,%o1,%o0
+/* 0x0afc	     */		add	%o0,%o5,%o0
+/* 0x0b00	     */		and	%o0,%o4,%o1
+/* 0x0b04	     */		st	%o1,[%o3-4]
+/* 0x0b08	     */		ret	! Result = 
+/* 0x0b0c	     */		restore	%g0,%g0,%g0
+                       .L77000289:
+/* 0x0b10	     */		ld	[%o3],%o0
+                       .L900000647:
+/* 0x0b14	     */		ld	[%o2],%o1
+/* 0x0b18	     */		add	%o5,%o0,%o0
+/* 0x0b1c	     */		add	%g1,1,%g1
+/* 0x0b20	     */		add	%o2,4,%o2
+/* 0x0b24	     */		cmp	%g1,%o7
+/* 0x0b28	     */		sub	%o0,%o1,%o0
+/* 0x0b2c	     */		and	%o0,%o4,%o1
+/* 0x0b30	     */		st	%o1,[%o3]
+/* 0x0b34	     */		add	%o3,4,%o3
+/* 0x0b38	     */		srax	%o0,32,%o5
+/* 0x0b3c	     */		ble,a,pt	%icc,.L900000647
+/* 0x0b40	     */		ld	[%o3],%o0
+                       .L77000224:
+/* 0x0b44	     */		ret	! Result = 
+/* 0x0b48	     */		restore	%g0,%g0,%g0
+/* 0x0b4c	   0 */		.type	mont_mulf_noconv,2
+/* 0x0b4c	     */		.size	mont_mulf_noconv,(.-mont_mulf_noconv)
+
diff --git a/nss/lib/freebl/mpi/montmulfv9.il b/nss/lib/freebl/mpi/montmulfv9.il
new file mode 100644
index 0000000..006f474
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulfv9.il
@@ -0,0 +1,93 @@
+!  
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+!
+! double upper32(double /*frs1*/);
+!
+        .inline upper32,8
+	fdtox	%f0,%f10
+	fitod	%f10,%f0
+        .end
+
+!
+! double lower32(double /*frs1*/, double /* Zero */);
+!
+        .inline lower32,8
+	fdtox	%f0,%f10
+	fmovs	%f2,%f10
+	fxtod	%f10,%f0
+        .end
+
+!
+! double mod(double /*x*/, double /*1/m*/, double /*m*/);
+!
+        .inline mod,12
+	fmuld	%f0,%f2,%f2
+	fdtox	%f2,%f2
+	fxtod	%f2,%f2
+	fmuld	%f2,%f4,%f2
+	fsubd	%f0,%f2,%f0
+        .end
+
+
+!
+! void i16_to_d16_and_d32x4(double * /*1/(2^16)*/, double * /* 2^16*/,
+!			    double * /* 0 */,
+!			    double * /*result16*/, double * /* result32 */
+!			    float *  /*source - should be unsigned int*
+!		            	       converted to float* */);
+!
+        .inline i16_to_d16_and_d32x4,24
+        ldd     [%o0],%f2  ! 1/(2^16)
+        ldd     [%o1],%f4  ! 2^16
+	ldd	[%o2],%f22
+
+	fmovd	%f22,%f6
+	ld	[%o5],%f7
+	fmovd	%f22,%f10
+	ld	[%o5+4],%f11
+	fmovd	%f22,%f14
+	ld	[%o5+8],%f15
+	fmovd	%f22,%f18
+	ld	[%o5+12],%f19
+	fxtod	%f6,%f6
+	std	%f6,[%o4]
+	fxtod	%f10,%f10
+	std	%f10,[%o4+8]
+	fxtod	%f14,%f14
+	std	%f14,[%o4+16]
+	fxtod	%f18,%f18
+	std	%f18,[%o4+24]
+	fmuld	%f2,%f6,%f8
+	fmuld	%f2,%f10,%f12
+	fmuld	%f2,%f14,%f16
+	fmuld	%f2,%f18,%f20
+	fdtox	%f8,%f8
+	fdtox	%f12,%f12
+	fdtox	%f16,%f16
+	fdtox	%f20,%f20
+	fxtod	%f8,%f8
+	std	%f8,[%o3+8]
+	fxtod	%f12,%f12
+	std	%f12,[%o3+24]
+	fxtod	%f16,%f16
+	std	%f16,[%o3+40]
+	fxtod	%f20,%f20
+	std	%f20,[%o3+56]
+	fmuld	%f8,%f4,%f8
+	fmuld	%f12,%f4,%f12
+	fmuld	%f16,%f4,%f16
+	fmuld	%f20,%f4,%f20
+	fsubd	%f6,%f8,%f8
+	std	%f8,[%o3]
+	fsubd	%f10,%f12,%f12
+	std	%f12,[%o3+16]
+	fsubd	%f14,%f16,%f16
+	std	%f16,[%o3+32]
+	fsubd	%f18,%f20,%f20
+	std	%f20,[%o3+48]
+        .end
+
+
diff --git a/nss/lib/freebl/mpi/montmulfv9.s b/nss/lib/freebl/mpi/montmulfv9.s
new file mode 100644
index 0000000..560e47f
--- /dev/null
+++ b/nss/lib/freebl/mpi/montmulfv9.s
@@ -0,0 +1,2346 @@
+!  
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.section	".text",#alloc,#execinstr
+	.file	"montmulf.c"
+
+	.section	".rodata",#alloc
+	.global	TwoTo16
+	.align	8
+!
+! CONSTANT POOL
+!
+	.global TwoTo16
+TwoTo16:
+	.word	1089470464
+	.word	0
+	.type	TwoTo16,#object
+	.size	TwoTo16,8
+	.global	TwoToMinus16
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus16
+TwoToMinus16:
+	.word	1055916032
+	.word	0
+	.type	TwoToMinus16,#object
+	.size	TwoToMinus16,8
+	.global	Zero
+!
+! CONSTANT POOL
+!
+	.global Zero
+Zero:
+	.word	0
+	.word	0
+	.type	Zero,#object
+	.size	Zero,8
+	.global	TwoTo32
+!
+! CONSTANT POOL
+!
+	.global TwoTo32
+TwoTo32:
+	.word	1106247680
+	.word	0
+	.type	TwoTo32,#object
+	.size	TwoTo32,8
+	.global	TwoToMinus32
+!
+! CONSTANT POOL
+!
+	.global TwoToMinus32
+TwoToMinus32:
+	.word	1039138816
+	.word	0
+	.type	TwoToMinus32,#object
+	.size	TwoToMinus32,8
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.register	%g3,#scratch
+/* 000000	     */		.register	%g2,#scratch
+/* 000000	   0 */		.align	8
+!
+! SUBROUTINE conv_d16_to_i32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_d16_to_i32
+                       conv_d16_to_i32:
+/* 000000	     */		save	%sp,-208,%sp
+! FILE montmulf.c
+
+!    1		      !/*
+!    2		      ! * The contents of this file are subject to the Mozilla Public
+!    3		      ! * License Version 1.1 (the "License"); you may not use this file
+!    4		      ! * except in compliance with the License. You may obtain a copy of
+!    5		      ! * the License at http://www.mozilla.org/MPL/
+!    6		      ! * 
+!    7		      ! * Software distributed under the License is distributed on an "AS
+!    8		      ! * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+!    9		      ! * implied. See the License for the specific language governing
+!   10		      ! * rights and limitations under the License.
+!   11		      ! * 
+!   12		      ! * The Original Code is SPARC optimized Montgomery multiply functions.
+!   13		      ! *
+!   14		      ! * The Initial Developer of the Original Code is Sun Microsystems Inc.
+!   15		      ! * Portions created by Sun Microsystems Inc. are 
+!   16		      ! * Copyright (C) 1999-2000 Sun Microsystems Inc.  All Rights Reserved.
+!   17		      ! * 
+!   18		      ! * Contributor(s):
+!   19		      ! *	Netscape Communications Corporation
+!   20		      ! * 
+!   21		      ! * Alternatively, the contents of this file may be used under the
+!   22		      ! * terms of the GNU General Public License Version 2 or later (the
+!   23		      ! * "GPL"), in which case the provisions of the GPL are applicable 
+!   24		      ! * instead of those above.	If you wish to allow use of your 
+!   25		      ! * version of this file only under the terms of the GPL and not to
+!   26		      ! * allow others to use your version of this file under the MPL,
+!   27		      ! * indicate your decision by deleting the provisions above and
+!   28		      ! * replace them with the notice and other provisions required by
+!   29		      ! * the GPL.  If you do not delete the provisions above, a recipient
+!   30		      ! * may use your version of this file under either the MPL or the
+!   31		      ! * GPL.
+!   34		      ! */
+!   36		      !#define RF_INLINE_MACROS
+!   38		      !static const double TwoTo16=65536.0;
+!   39		      !static const double TwoToMinus16=1.0/65536.0;
+!   40		      !static const double Zero=0.0;
+!   41		      !static const double TwoTo32=65536.0*65536.0;
+!   42		      !static const double TwoToMinus32=1.0/(65536.0*65536.0);
+!   44		      !#ifdef RF_INLINE_MACROS
+!   46		      !double upper32(double);
+!   47		      !double lower32(double, double);
+!   48		      !double mod(double, double, double);
+!   50		      !void i16_to_d16_and_d32x4(const double * /*1/(2^16)*/, 
+!   51		      !			  const double * /* 2^16*/,
+!   52		      !			  const double * /* 0 */,
+!   53		      !			  double *       /*result16*/, 
+!   54		      !			  double *       /* result32 */,
+!   55		      !			  float *  /*source - should be unsigned int*
+!   56		      !		          	       converted to float* */);
+!   58		      !#else
+!   60		      !static double upper32(double x)
+!   61		      !{
+!   62		      !  return floor(x*TwoToMinus32);
+!   63		      !}
+!   65		      !static double lower32(double x, double y)
+!   66		      !{
+!   67		      !  return x-TwoTo32*floor(x*TwoToMinus32);
+!   68		      !}
+!   70		      !static double mod(double x, double oneoverm, double m)
+!   71		      !{
+!   72		      !  return x-m*floor(x*oneoverm);
+!   73		      !}
+!   75		      !#endif
+!   78		      !static void cleanup(double *dt, int from, int tlen)
+!   79		      !{
+!   80		      ! int i;
+!   81		      ! double tmp,tmp1,x,x1;
+!   83		      ! tmp=tmp1=Zero;
+!   84		      ! /* original code **
+!   85		      ! for(i=2*from;i<2*tlen-2;i++)
+!   86		      !   {
+!   87		      !     x=dt[i];
+!   88		      !     dt[i]=lower32(x,Zero)+tmp1;
+!   89		      !     tmp1=tmp;
+!   90		      !     tmp=upper32(x);
+!   91		      !   }
+!   92		      ! dt[tlen-2]+=tmp1;
+!   93		      ! dt[tlen-1]+=tmp;
+!   94		      ! **end original code ***/
+!   95		      ! /* new code ***/
+!   96		      ! for(i=2*from;i<2*tlen;i+=2)
+!   97		      !   {
+!   98		      !     x=dt[i];
+!   99		      !     x1=dt[i+1];
+!  100		      !     dt[i]=lower32(x,Zero)+tmp;
+!  101		      !     dt[i+1]=lower32(x1,Zero)+tmp1;
+!  102		      !     tmp=upper32(x);
+!  103		      !     tmp1=upper32(x1);
+!  104		      !   }
+!  105		      !  /** end new code **/
+!  106		      !}
+!  109		      !void conv_d16_to_i32(unsigned int *i32, double *d16, long long *tmp, int ilen)
+!  110		      !{
+!  111		      !int i;
+!  112		      !long long t, t1, a, b, c, d;
+!  114		      ! t1=0;
+!  115		      ! a=(long long)d16[0];
+
+/* 0x0004	 115 */		ldd	[%i1],%f2
+
+!  116		      ! b=(long long)d16[1];
+!  117		      ! for(i=0; i<ilen-1; i++)
+
+/* 0x0008	 117 */		sub	%i3,1,%o1
+/* 0x000c	 110 */		or	%g0,%i0,%g1
+/* 0x0010	 116 */		ldd	[%i1+8],%f4
+/* 0x0014	 117 */		cmp	%o1,0
+/* 0x0018	 114 */		or	%g0,0,%g5
+/* 0x001c	 115 */		fdtox	%f2,%f2
+/* 0x0020	     */		std	%f2,[%sp+2247]
+/* 0x0024	 117 */		or	%g0,0,%o0
+/* 0x0028	 116 */		fdtox	%f4,%f2
+/* 0x002c	     */		std	%f2,[%sp+2239]
+/* 0x0030	 110 */		sub	%o1,1,%o7
+/* 0x0034	     */		or	%g0,%i1,%o4
+/* 0x0038	     */		sethi	%hi(0xfc00),%o3
+/* 0x003c	     */		or	%g0,-1,%o1
+/* 0x0040	     */		or	%g0,2,%i1
+/* 0x0044	     */		srl	%o1,0,%g3
+/* 0x0048	     */		or	%g0,%o4,%g4
+/* 0x004c	 116 */		ldx	[%sp+2239],%i2
+/* 0x0050	     */		add	%o3,1023,%o5
+/* 0x0054	 117 */		sub	%o7,1,%o2
+/* 0x0058	 115 */		ldx	[%sp+2247],%i3
+/* 0x005c	 117 */		ble,pt	%icc,.L900000113
+/* 0x0060	     */		sethi	%hi(0xfc00),%g2
+/* 0x0064	     */		add	%o7,1,%g2
+
+!  118		      !   {
+!  119		      !     c=(long long)d16[2*i+2];
+!  120		      !     t1+=a&0xffffffff;
+!  121		      !     t=(a>>32);
+!  122		      !     d=(long long)d16[2*i+3];
+!  123		      !     t1+=(b&0xffff)<<16;
+
+/* 0x0068	 123 */		and	%i2,%o5,%i4
+/* 0x006c	     */		sllx	%i4,16,%o1
+/* 0x0070	 117 */		cmp	%g2,6
+/* 0x0074	     */		bl,pn	%icc,.L77000134
+/* 0x0078	     */		or	%g0,3,%i0
+/* 0x007c	 119 */		ldd	[%o4+16],%f0
+/* 0x0080	 120 */		and	%i3,%g3,%o3
+
+!  124		      !     t+=(b>>16)+(t1>>32);
+
+/* 0x0084	 124 */		srax	%i2,16,%i5
+/* 0x0088	 117 */		add	%o3,%o1,%i4
+/* 0x008c	 121 */		srax	%i3,32,%i3
+/* 0x0090	 119 */		fdtox	%f0,%f0
+/* 0x0094	     */		std	%f0,[%sp+2231]
+
+!  125		      !     i32[i]=t1&0xffffffff;
+
+/* 0x0098	 125 */		and	%i4,%g3,%l0
+/* 0x009c	 117 */		or	%g0,72,%o3
+/* 0x00a0	 122 */		ldd	[%g4+24],%f0
+/* 0x00a4	 117 */		or	%g0,64,%o4
+/* 0x00a8	     */		or	%g0,4,%o1
+
+!  126		      !     t1=t;
+!  127		      !     a=c;
+!  128		      !     b=d;
+
+/* 0x00ac	 128 */		or	%g0,5,%i0
+/* 0x00b0	     */		or	%g0,4,%i1
+/* 0x00b4	 119 */		ldx	[%sp+2231],%g2
+/* 0x00b8	 122 */		fdtox	%f0,%f0
+/* 0x00bc	 128 */		or	%g0,4,%o0
+/* 0x00c0	 122 */		std	%f0,[%sp+2223]
+/* 0x00c4	     */		ldd	[%g4+40],%f2
+/* 0x00c8	 120 */		and	%g2,%g3,%i2
+/* 0x00cc	 119 */		ldd	[%g4+32],%f0
+/* 0x00d0	 121 */		srax	%g2,32,%g2
+/* 0x00d4	 122 */		ldd	[%g4+56],%f4
+/* 0x00d8	     */		fdtox	%f2,%f2
+/* 0x00dc	     */		ldx	[%sp+2223],%g5
+/* 0x00e0	 119 */		fdtox	%f0,%f0
+/* 0x00e4	 125 */		st	%l0,[%g1]
+/* 0x00e8	 124 */		srax	%i4,32,%l0
+/* 0x00ec	 122 */		fdtox	%f4,%f4
+/* 0x00f0	     */		std	%f2,[%sp+2223]
+/* 0x00f4	 123 */		and	%g5,%o5,%i4
+/* 0x00f8	 124 */		add	%i5,%l0,%i5
+/* 0x00fc	 119 */		std	%f0,[%sp+2231]
+/* 0x0100	 123 */		sllx	%i4,16,%i4
+/* 0x0104	 124 */		add	%i3,%i5,%i3
+/* 0x0108	 119 */		ldd	[%g4+48],%f2
+/* 0x010c	 124 */		srax	%g5,16,%g5
+/* 0x0110	 117 */		add	%i2,%i4,%i2
+/* 0x0114	 122 */		ldd	[%g4+72],%f0
+/* 0x0118	 117 */		add	%i2,%i3,%i4
+/* 0x011c	 124 */		srax	%i4,32,%i5
+/* 0x0120	 119 */		fdtox	%f2,%f2
+/* 0x0124	 125 */		and	%i4,%g3,%i4
+/* 0x0128	 122 */		ldx	[%sp+2223],%i2
+/* 0x012c	 124 */		add	%g5,%i5,%g5
+/* 0x0130	 119 */		ldx	[%sp+2231],%i3
+/* 0x0134	 124 */		add	%g2,%g5,%g5
+/* 0x0138	 119 */		std	%f2,[%sp+2231]
+/* 0x013c	 122 */		std	%f4,[%sp+2223]
+/* 0x0140	 119 */		ldd	[%g4+64],%f2
+/* 0x0144	 125 */		st	%i4,[%g1+4]
+                       .L900000108:
+/* 0x0148	 122 */		ldx	[%sp+2223],%i4
+/* 0x014c	 128 */		add	%o0,2,%o0
+/* 0x0150	     */		add	%i0,4,%i0
+/* 0x0154	 119 */		ldx	[%sp+2231],%l0
+/* 0x0158	 117 */		add	%o3,16,%o3
+/* 0x015c	 123 */		and	%i2,%o5,%g2
+/* 0x0160	     */		sllx	%g2,16,%i5
+/* 0x0164	 120 */		and	%i3,%g3,%g2
+/* 0x0168	 122 */		ldd	[%g4+%o3],%f4
+/* 0x016c	     */		fdtox	%f0,%f0
+/* 0x0170	     */		std	%f0,[%sp+2223]
+/* 0x0174	 124 */		srax	%i2,16,%i2
+/* 0x0178	 117 */		add	%g2,%i5,%g2
+/* 0x017c	 119 */		fdtox	%f2,%f0
+/* 0x0180	 117 */		add	%o4,16,%o4
+/* 0x0184	 119 */		std	%f0,[%sp+2231]
+/* 0x0188	 117 */		add	%g2,%g5,%g2
+/* 0x018c	 119 */		ldd	[%g4+%o4],%f2
+/* 0x0190	 124 */		srax	%g2,32,%i5
+/* 0x0194	 128 */		cmp	%o0,%o2
+/* 0x0198	 121 */		srax	%i3,32,%g5
+/* 0x019c	 124 */		add	%i2,%i5,%i2
+/* 0x01a0	     */		add	%g5,%i2,%i5
+/* 0x01a4	 117 */		add	%o1,4,%o1
+/* 0x01a8	 125 */		and	%g2,%g3,%g2
+/* 0x01ac	 127 */		or	%g0,%l0,%g5
+/* 0x01b0	 125 */		st	%g2,[%g1+%o1]
+/* 0x01b4	 128 */		add	%i1,4,%i1
+/* 0x01b8	 122 */		ldx	[%sp+2223],%i2
+/* 0x01bc	 119 */		ldx	[%sp+2231],%i3
+/* 0x01c0	 117 */		add	%o3,16,%o3
+/* 0x01c4	 123 */		and	%i4,%o5,%g2
+/* 0x01c8	     */		sllx	%g2,16,%l0
+/* 0x01cc	 120 */		and	%g5,%g3,%g2
+/* 0x01d0	 122 */		ldd	[%g4+%o3],%f0
+/* 0x01d4	     */		fdtox	%f4,%f4
+/* 0x01d8	     */		std	%f4,[%sp+2223]
+/* 0x01dc	 124 */		srax	%i4,16,%i4
+/* 0x01e0	 117 */		add	%g2,%l0,%g2
+/* 0x01e4	 119 */		fdtox	%f2,%f2
+/* 0x01e8	 117 */		add	%o4,16,%o4
+/* 0x01ec	 119 */		std	%f2,[%sp+2231]
+/* 0x01f0	 117 */		add	%g2,%i5,%g2
+/* 0x01f4	 119 */		ldd	[%g4+%o4],%f2
+/* 0x01f8	 124 */		srax	%g2,32,%i5
+/* 0x01fc	 121 */		srax	%g5,32,%g5
+/* 0x0200	 124 */		add	%i4,%i5,%i4
+/* 0x0204	     */		add	%g5,%i4,%g5
+/* 0x0208	 117 */		add	%o1,4,%o1
+/* 0x020c	 125 */		and	%g2,%g3,%g2
+/* 0x0210	 128 */		ble,pt	%icc,.L900000108
+/* 0x0214	     */		st	%g2,[%g1+%o1]
+                       .L900000111:
+/* 0x0218	 122 */		ldx	[%sp+2223],%o2
+/* 0x021c	 123 */		and	%i2,%o5,%i4
+/* 0x0220	 120 */		and	%i3,%g3,%g2
+/* 0x0224	 123 */		sllx	%i4,16,%i4
+/* 0x0228	 119 */		ldx	[%sp+2231],%i5
+/* 0x022c	 128 */		cmp	%o0,%o7
+/* 0x0230	 124 */		srax	%i2,16,%i2
+/* 0x0234	 117 */		add	%g2,%i4,%g2
+/* 0x0238	 122 */		fdtox	%f0,%f4
+/* 0x023c	     */		std	%f4,[%sp+2223]
+/* 0x0240	 117 */		add	%g2,%g5,%g5
+/* 0x0244	 123 */		and	%o2,%o5,%l0
+/* 0x0248	 124 */		srax	%g5,32,%l1
+/* 0x024c	 120 */		and	%i5,%g3,%i4
+/* 0x0250	 119 */		fdtox	%f2,%f0
+/* 0x0254	 121 */		srax	%i3,32,%g2
+/* 0x0258	 119 */		std	%f0,[%sp+2231]
+/* 0x025c	 124 */		add	%i2,%l1,%i2
+/* 0x0260	 123 */		sllx	%l0,16,%i3
+/* 0x0264	 124 */		add	%g2,%i2,%i2
+/* 0x0268	     */		srax	%o2,16,%o2
+/* 0x026c	 117 */		add	%o1,4,%g2
+/* 0x0270	     */		add	%i4,%i3,%o1
+/* 0x0274	 125 */		and	%g5,%g3,%g5
+/* 0x0278	     */		st	%g5,[%g1+%g2]
+/* 0x027c	 119 */		ldx	[%sp+2231],%i3
+/* 0x0280	 117 */		add	%o1,%i2,%o1
+/* 0x0284	     */		add	%g2,4,%g2
+/* 0x0288	 124 */		srax	%o1,32,%i4
+/* 0x028c	 122 */		ldx	[%sp+2223],%i2
+/* 0x0290	 125 */		and	%o1,%g3,%g5
+/* 0x0294	 121 */		srax	%i5,32,%o1
+/* 0x0298	 124 */		add	%o2,%i4,%o2
+/* 0x029c	 125 */		st	%g5,[%g1+%g2]
+/* 0x02a0	 128 */		bg,pn	%icc,.L77000127
+/* 0x02a4	     */		add	%o1,%o2,%g5
+/* 0x02a8	     */		add	%i0,6,%i0
+/* 0x02ac	     */		add	%i1,6,%i1
+                       .L77000134:
+/* 0x02b0	 119 */		sra	%i1,0,%o2
+                       .L900000112:
+/* 0x02b4	 119 */		sllx	%o2,3,%o3
+/* 0x02b8	 120 */		and	%i3,%g3,%o1
+/* 0x02bc	 119 */		ldd	[%g4+%o3],%f0
+/* 0x02c0	 122 */		sra	%i0,0,%o3
+/* 0x02c4	 123 */		and	%i2,%o5,%o2
+/* 0x02c8	 122 */		sllx	%o3,3,%o3
+/* 0x02cc	 120 */		add	%g5,%o1,%o1
+/* 0x02d0	 119 */		fdtox	%f0,%f0
+/* 0x02d4	     */		std	%f0,[%sp+2231]
+/* 0x02d8	 123 */		sllx	%o2,16,%o2
+/* 0x02dc	     */		add	%o1,%o2,%o2
+/* 0x02e0	 128 */		add	%i1,2,%i1
+/* 0x02e4	 122 */		ldd	[%g4+%o3],%f0
+/* 0x02e8	 124 */		srax	%o2,32,%g2
+/* 0x02ec	 125 */		and	%o2,%g3,%o3
+/* 0x02f0	 124 */		srax	%i2,16,%o1
+/* 0x02f4	 128 */		add	%i0,2,%i0
+/* 0x02f8	 122 */		fdtox	%f0,%f0
+/* 0x02fc	     */		std	%f0,[%sp+2223]
+/* 0x0300	 125 */		sra	%o0,0,%o2
+/* 0x0304	     */		sllx	%o2,2,%o2
+/* 0x0308	 124 */		add	%o1,%g2,%g5
+/* 0x030c	 121 */		srax	%i3,32,%g2
+/* 0x0310	 128 */		add	%o0,1,%o0
+/* 0x0314	 124 */		add	%g2,%g5,%g5
+/* 0x0318	 128 */		cmp	%o0,%o7
+/* 0x031c	 119 */		ldx	[%sp+2231],%o4
+/* 0x0320	 122 */		ldx	[%sp+2223],%i2
+/* 0x0324	 125 */		st	%o3,[%g1+%o2]
+/* 0x0328	 127 */		or	%g0,%o4,%i3
+/* 0x032c	 128 */		ble,pt	%icc,.L900000112
+/* 0x0330	     */		sra	%i1,0,%o2
+                       .L77000127:
+
+!  129		      !   }
+!  130		      !     t1+=a&0xffffffff;
+!  131		      !     t=(a>>32);
+!  132		      !     t1+=(b&0xffff)<<16;
+!  133		      !     i32[i]=t1&0xffffffff;
+
+/* 0x0334	 133 */		sethi	%hi(0xfc00),%g2
+                       .L900000113:
+/* 0x0338	 133 */		or	%g0,-1,%g3
+/* 0x033c	     */		add	%g2,1023,%g2
+/* 0x0340	     */		srl	%g3,0,%g3
+/* 0x0344	     */		and	%i2,%g2,%g2
+/* 0x0348	     */		and	%i3,%g3,%g4
+/* 0x034c	     */		sllx	%g2,16,%g2
+/* 0x0350	     */		add	%g5,%g4,%g4
+/* 0x0354	     */		sra	%o0,0,%g5
+/* 0x0358	     */		add	%g4,%g2,%g4
+/* 0x035c	     */		sllx	%g5,2,%g2
+/* 0x0360	     */		and	%g4,%g3,%g3
+/* 0x0364	     */		st	%g3,[%g1+%g2]
+/* 0x0368	     */		ret	! Result = 
+/* 0x036c	     */		restore	%g0,%g0,%g0
+/* 0x0370	   0 */		.type	conv_d16_to_i32,2
+/* 0x0370	     */		.size	conv_d16_to_i32,(.-conv_d16_to_i32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000201:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	8
+/* 0x0008	     */		.skip	24
+!
+! SUBROUTINE conv_i32_to_d32
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32
+                       conv_i32_to_d32:
+/* 000000	     */		or	%g0,%o7,%g3
+
+!  135		      !}
+!  137		      !void conv_i32_to_d32(double *d32, unsigned int *i32, int len)
+!  138		      !{
+!  139		      !int i;
+!  141		      !#pragma pipeloop(0)
+!  142		      ! for(i=0;i<len;i++) d32[i]=(double)(i32[i]);
+
+/* 0x0004	 142 */		cmp	%o2,0
+                       .L900000210:
+/* 0x0008	     */		call	.+8
+/* 0x000c	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0010	 142 */		or	%g0,0,%o3
+/* 0x0014	 138 */		add	%g4,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000210-.)),%g4
+/* 0x0018	 142 */		sub	%o2,1,%o4
+/* 0x001c	 138 */		add	%g4,%o7,%g1
+/* 0x0020	 142 */		ble,pt	%icc,.L77000140
+/* 0x0024	     */		or	%g0,%g3,%o7
+/* 0x0028	     */		sethi	%hi(.L_const_seg_900000201),%g3
+/* 0x002c	     */		cmp	%o2,12
+/* 0x0030	     */		add	%g3,%lo(.L_const_seg_900000201),%g2
+/* 0x0034	     */		or	%g0,%o1,%g5
+/* 0x0038	     */		ldx	[%g1+%g2],%g4
+/* 0x003c	     */		or	%g0,0,%g1
+/* 0x0040	     */		or	%g0,24,%g2
+/* 0x0044	     */		bl,pn	%icc,.L77000144
+/* 0x0048	     */		or	%g0,0,%g3
+/* 0x004c	     */		ld	[%o1],%f13
+/* 0x0050	     */		or	%g0,7,%o3
+/* 0x0054	     */		ldd	[%g4],%f8
+/* 0x0058	     */		sub	%o2,5,%g3
+/* 0x005c	     */		or	%g0,8,%g1
+/* 0x0060	     */		ld	[%o1+4],%f11
+/* 0x0064	     */		ld	[%o1+8],%f7
+/* 0x0068	     */		fmovs	%f8,%f12
+/* 0x006c	     */		ld	[%o1+12],%f5
+/* 0x0070	     */		fmovs	%f8,%f10
+/* 0x0074	     */		ld	[%o1+16],%f3
+/* 0x0078	     */		fmovs	%f8,%f6
+/* 0x007c	     */		ld	[%o1+20],%f1
+/* 0x0080	     */		fsubd	%f12,%f8,%f12
+/* 0x0084	     */		std	%f12,[%o0]
+/* 0x0088	     */		fsubd	%f10,%f8,%f10
+/* 0x008c	     */		std	%f10,[%o0+8]
+                       .L900000205:
+/* 0x0090	     */		ld	[%o1+%g2],%f11
+/* 0x0094	     */		add	%g1,8,%g1
+/* 0x0098	     */		add	%o3,5,%o3
+/* 0x009c	     */		fsubd	%f6,%f8,%f6
+/* 0x00a0	     */		add	%g2,4,%g2
+/* 0x00a4	     */		std	%f6,[%o0+%g1]
+/* 0x00a8	     */		cmp	%o3,%g3
+/* 0x00ac	     */		fmovs	%f8,%f4
+/* 0x00b0	     */		ld	[%o1+%g2],%f7
+/* 0x00b4	     */		fsubd	%f4,%f8,%f12
+/* 0x00b8	     */		add	%g1,8,%g1
+/* 0x00bc	     */		add	%g2,4,%g2
+/* 0x00c0	     */		fmovs	%f8,%f2
+/* 0x00c4	     */		std	%f12,[%o0+%g1]
+/* 0x00c8	     */		ld	[%o1+%g2],%f5
+/* 0x00cc	     */		fsubd	%f2,%f8,%f12
+/* 0x00d0	     */		add	%g1,8,%g1
+/* 0x00d4	     */		add	%g2,4,%g2
+/* 0x00d8	     */		fmovs	%f8,%f0
+/* 0x00dc	     */		std	%f12,[%o0+%g1]
+/* 0x00e0	     */		ld	[%o1+%g2],%f3
+/* 0x00e4	     */		fsubd	%f0,%f8,%f12
+/* 0x00e8	     */		add	%g1,8,%g1
+/* 0x00ec	     */		add	%g2,4,%g2
+/* 0x00f0	     */		fmovs	%f8,%f10
+/* 0x00f4	     */		std	%f12,[%o0+%g1]
+/* 0x00f8	     */		ld	[%o1+%g2],%f1
+/* 0x00fc	     */		fsubd	%f10,%f8,%f10
+/* 0x0100	     */		add	%g1,8,%g1
+/* 0x0104	     */		add	%g2,4,%g2
+/* 0x0108	     */		std	%f10,[%o0+%g1]
+/* 0x010c	     */		ble,pt	%icc,.L900000205
+/* 0x0110	     */		fmovs	%f8,%f6
+                       .L900000208:
+/* 0x0114	     */		fmovs	%f8,%f4
+/* 0x0118	     */		ld	[%o1+%g2],%f11
+/* 0x011c	     */		add	%g1,8,%g3
+/* 0x0120	     */		fmovs	%f8,%f2
+/* 0x0124	     */		add	%g1,16,%g1
+/* 0x0128	     */		cmp	%o3,%o4
+/* 0x012c	     */		fmovs	%f8,%f0
+/* 0x0130	     */		add	%g1,8,%o1
+/* 0x0134	     */		add	%g1,16,%o2
+/* 0x0138	     */		fmovs	%f8,%f10
+/* 0x013c	     */		add	%g1,24,%g2
+/* 0x0140	     */		fsubd	%f6,%f8,%f6
+/* 0x0144	     */		std	%f6,[%o0+%g3]
+/* 0x0148	     */		fsubd	%f4,%f8,%f4
+/* 0x014c	     */		std	%f4,[%o0+%g1]
+/* 0x0150	     */		sra	%o3,0,%g1
+/* 0x0154	     */		fsubd	%f2,%f8,%f2
+/* 0x0158	     */		std	%f2,[%o0+%o1]
+/* 0x015c	     */		sllx	%g1,2,%g3
+/* 0x0160	     */		fsubd	%f0,%f8,%f0
+/* 0x0164	     */		std	%f0,[%o0+%o2]
+/* 0x0168	     */		fsubd	%f10,%f8,%f0
+/* 0x016c	     */		bg,pn	%icc,.L77000140
+/* 0x0170	     */		std	%f0,[%o0+%g2]
+                       .L77000144:
+/* 0x0174	     */		ldd	[%g4],%f8
+                       .L900000211:
+/* 0x0178	     */		ld	[%g5+%g3],%f13
+/* 0x017c	     */		sllx	%g1,3,%g2
+/* 0x0180	     */		add	%o3,1,%o3
+/* 0x0184	     */		sra	%o3,0,%g1
+/* 0x0188	     */		cmp	%o3,%o4
+/* 0x018c	     */		fmovs	%f8,%f12
+/* 0x0190	     */		sllx	%g1,2,%g3
+/* 0x0194	     */		fsubd	%f12,%f8,%f0
+/* 0x0198	     */		std	%f0,[%o0+%g2]
+/* 0x019c	     */		ble,a,pt	%icc,.L900000211
+/* 0x01a0	     */		ldd	[%g4],%f8
+                       .L77000140:
+/* 0x01a4	     */		retl	! Result = 
+/* 0x01a8	     */		nop
+/* 0x01ac	   0 */		.type	conv_i32_to_d32,2
+/* 0x01ac	     */		.size	conv_i32_to_d32,(.-conv_i32_to_d32)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000301:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	8
+/* 0x0008	     */		.skip	24
+!
+! SUBROUTINE conv_i32_to_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d16
+                       conv_i32_to_d16:
+/* 000000	     */		save	%sp,-192,%sp
+                       .L900000310:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+
+!  143		      !}
+!  146		      !void conv_i32_to_d16(double *d16, unsigned int *i32, int len)
+!  147		      !{
+!  148		      !int i;
+!  149		      !unsigned int a;
+!  151		      !#pragma pipeloop(0)
+!  152		      ! for(i=0;i<len;i++)
+
+/* 0x000c	 152 */		cmp	%i2,0
+/* 0x0010	 147 */		add	%g3,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000310-.)),%g3
+/* 0x0014	 152 */		ble,pt	%icc,.L77000150
+/* 0x0018	     */		add	%g3,%o7,%o0
+
+!  153		      !   {
+!  154		      !     a=i32[i];
+!  155		      !     d16[2*i]=(double)(a&0xffff);
+!  156		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x001c	 156 */		sethi	%hi(.L_const_seg_900000301),%g2
+/* 0x0020	 147 */		or	%g0,%i2,%o1
+/* 0x0024	 152 */		sethi	%hi(0xfc00),%g3
+/* 0x0028	 156 */		add	%g2,%lo(.L_const_seg_900000301),%g2
+/* 0x002c	 152 */		or	%g0,%o1,%g4
+/* 0x0030	 156 */		ldx	[%o0+%g2],%o5
+/* 0x0034	 152 */		add	%g3,1023,%g1
+/* 0x0038	 147 */		or	%g0,%i1,%o7
+/* 0x003c	 152 */		or	%g0,0,%i2
+/* 0x0040	     */		sub	%o1,1,%g5
+/* 0x0044	     */		or	%g0,0,%g3
+/* 0x0048	     */		or	%g0,1,%g2
+/* 0x004c	 154 */		or	%g0,0,%o2
+/* 0x0050	     */		cmp	%g4,6
+/* 0x0054	 152 */		bl,pn	%icc,.L77000154
+/* 0x0058	     */		ldd	[%o5],%f0
+/* 0x005c	     */		sub	%o1,2,%o3
+/* 0x0060	     */		or	%g0,16,%o2
+/* 0x0064	 154 */		ld	[%i1],%o4
+/* 0x0068	 156 */		or	%g0,3,%g2
+/* 0x006c	     */		or	%g0,2,%g3
+/* 0x0070	 155 */		fmovs	%f0,%f2
+/* 0x0074	 156 */		or	%g0,4,%i2
+/* 0x0078	 155 */		and	%o4,%g1,%o0
+/* 0x007c	     */		st	%o0,[%sp+2227]
+/* 0x0080	     */		fmovs	%f0,%f4
+/* 0x0084	 156 */		srl	%o4,16,%i4
+/* 0x0088	 152 */		or	%g0,12,%o4
+/* 0x008c	     */		or	%g0,24,%o0
+/* 0x0090	 155 */		ld	[%sp+2227],%f3
+/* 0x0094	     */		fsubd	%f2,%f0,%f2
+/* 0x0098	     */		std	%f2,[%i0]
+/* 0x009c	 156 */		st	%i4,[%sp+2223]
+/* 0x00a0	 154 */		ld	[%o7+4],%o1
+/* 0x00a4	 156 */		fmovs	%f0,%f2
+/* 0x00a8	 155 */		and	%o1,%g1,%i1
+/* 0x00ac	 156 */		ld	[%sp+2223],%f3
+/* 0x00b0	     */		srl	%o1,16,%o1
+/* 0x00b4	     */		fsubd	%f2,%f0,%f2
+/* 0x00b8	     */		std	%f2,[%i0+8]
+/* 0x00bc	     */		st	%o1,[%sp+2223]
+/* 0x00c0	 155 */		st	%i1,[%sp+2227]
+/* 0x00c4	 154 */		ld	[%o7+8],%o1
+/* 0x00c8	 156 */		fmovs	%f0,%f2
+/* 0x00cc	 155 */		and	%o1,%g1,%g4
+/* 0x00d0	     */		ld	[%sp+2227],%f5
+/* 0x00d4	 156 */		srl	%o1,16,%o1
+/* 0x00d8	     */		ld	[%sp+2223],%f3
+/* 0x00dc	     */		st	%o1,[%sp+2223]
+/* 0x00e0	 155 */		fsubd	%f4,%f0,%f4
+/* 0x00e4	     */		st	%g4,[%sp+2227]
+/* 0x00e8	 156 */		fsubd	%f2,%f0,%f2
+/* 0x00ec	 154 */		ld	[%o7+12],%o1
+/* 0x00f0	 155 */		std	%f4,[%i0+16]
+/* 0x00f4	 156 */		std	%f2,[%i0+24]
+                       .L900000306:
+/* 0x00f8	 155 */		ld	[%sp+2227],%f5
+/* 0x00fc	 156 */		add	%i2,2,%i2
+/* 0x0100	     */		add	%g2,4,%g2
+/* 0x0104	     */		ld	[%sp+2223],%f3
+/* 0x0108	     */		cmp	%i2,%o3
+/* 0x010c	     */		add	%g3,4,%g3
+/* 0x0110	 155 */		and	%o1,%g1,%g4
+/* 0x0114	 156 */		srl	%o1,16,%o1
+/* 0x0118	 155 */		st	%g4,[%sp+2227]
+/* 0x011c	 156 */		st	%o1,[%sp+2223]
+/* 0x0120	 152 */		add	%o4,4,%o1
+/* 0x0124	 154 */		ld	[%o7+%o1],%o4
+/* 0x0128	 156 */		fmovs	%f0,%f2
+/* 0x012c	 155 */		fmovs	%f0,%f4
+/* 0x0130	     */		fsubd	%f4,%f0,%f4
+/* 0x0134	 152 */		add	%o2,16,%o2
+/* 0x0138	 156 */		fsubd	%f2,%f0,%f2
+/* 0x013c	 155 */		std	%f4,[%i0+%o2]
+/* 0x0140	 152 */		add	%o0,16,%o0
+/* 0x0144	 156 */		std	%f2,[%i0+%o0]
+/* 0x0148	 155 */		ld	[%sp+2227],%f5
+/* 0x014c	 156 */		ld	[%sp+2223],%f3
+/* 0x0150	 155 */		and	%o4,%g1,%g4
+/* 0x0154	 156 */		srl	%o4,16,%o4
+/* 0x0158	 155 */		st	%g4,[%sp+2227]
+/* 0x015c	 156 */		st	%o4,[%sp+2223]
+/* 0x0160	 152 */		add	%o1,4,%o4
+/* 0x0164	 154 */		ld	[%o7+%o4],%o1
+/* 0x0168	 156 */		fmovs	%f0,%f2
+/* 0x016c	 155 */		fmovs	%f0,%f4
+/* 0x0170	     */		fsubd	%f4,%f0,%f4
+/* 0x0174	 152 */		add	%o2,16,%o2
+/* 0x0178	 156 */		fsubd	%f2,%f0,%f2
+/* 0x017c	 155 */		std	%f4,[%i0+%o2]
+/* 0x0180	 152 */		add	%o0,16,%o0
+/* 0x0184	 156 */		ble,pt	%icc,.L900000306
+/* 0x0188	     */		std	%f2,[%i0+%o0]
+                       .L900000309:
+/* 0x018c	 155 */		ld	[%sp+2227],%f5
+/* 0x0190	 156 */		fmovs	%f0,%f2
+/* 0x0194	     */		srl	%o1,16,%o3
+/* 0x0198	     */		ld	[%sp+2223],%f3
+/* 0x019c	 155 */		and	%o1,%g1,%i1
+/* 0x01a0	 152 */		add	%o2,16,%g4
+/* 0x01a4	 155 */		fmovs	%f0,%f4
+/* 0x01a8	     */		st	%i1,[%sp+2227]
+/* 0x01ac	 152 */		add	%o0,16,%o2
+/* 0x01b0	 156 */		st	%o3,[%sp+2223]
+/* 0x01b4	 154 */		sra	%i2,0,%o3
+/* 0x01b8	 152 */		add	%g4,16,%o1
+/* 0x01bc	 155 */		fsubd	%f4,%f0,%f4
+/* 0x01c0	     */		std	%f4,[%i0+%g4]
+/* 0x01c4	 152 */		add	%o0,32,%o0
+/* 0x01c8	 156 */		fsubd	%f2,%f0,%f2
+/* 0x01cc	     */		std	%f2,[%i0+%o2]
+/* 0x01d0	     */		sllx	%o3,2,%o2
+/* 0x01d4	 155 */		ld	[%sp+2227],%f5
+/* 0x01d8	 156 */		cmp	%i2,%g5
+/* 0x01dc	     */		add	%g2,6,%g2
+/* 0x01e0	     */		ld	[%sp+2223],%f3
+/* 0x01e4	     */		add	%g3,6,%g3
+/* 0x01e8	 155 */		fmovs	%f0,%f4
+/* 0x01ec	 156 */		fmovs	%f0,%f2
+/* 0x01f0	 155 */		fsubd	%f4,%f0,%f4
+/* 0x01f4	     */		std	%f4,[%i0+%o1]
+/* 0x01f8	 156 */		fsubd	%f2,%f0,%f0
+/* 0x01fc	     */		bg,pn	%icc,.L77000150
+/* 0x0200	     */		std	%f0,[%i0+%o0]
+                       .L77000154:
+/* 0x0204	 155 */		ldd	[%o5],%f0
+                       .L900000311:
+/* 0x0208	 154 */		ld	[%o7+%o2],%o0
+/* 0x020c	 155 */		sra	%g3,0,%o1
+/* 0x0210	     */		fmovs	%f0,%f2
+/* 0x0214	     */		sllx	%o1,3,%o2
+/* 0x0218	 156 */		add	%i2,1,%i2
+/* 0x021c	 155 */		and	%o0,%g1,%o1
+/* 0x0220	     */		st	%o1,[%sp+2227]
+/* 0x0224	 156 */		add	%g3,2,%g3
+/* 0x0228	     */		srl	%o0,16,%o1
+/* 0x022c	     */		cmp	%i2,%g5
+/* 0x0230	     */		sra	%g2,0,%o0
+/* 0x0234	     */		add	%g2,2,%g2
+/* 0x0238	     */		sllx	%o0,3,%o0
+/* 0x023c	 155 */		ld	[%sp+2227],%f3
+/* 0x0240	 154 */		sra	%i2,0,%o3
+/* 0x0244	 155 */		fsubd	%f2,%f0,%f2
+/* 0x0248	     */		std	%f2,[%i0+%o2]
+/* 0x024c	     */		sllx	%o3,2,%o2
+/* 0x0250	 156 */		st	%o1,[%sp+2223]
+/* 0x0254	     */		fmovs	%f0,%f2
+/* 0x0258	     */		ld	[%sp+2223],%f3
+/* 0x025c	     */		fsubd	%f2,%f0,%f0
+/* 0x0260	     */		std	%f0,[%i0+%o0]
+/* 0x0264	     */		ble,a,pt	%icc,.L900000311
+/* 0x0268	     */		ldd	[%o5],%f0
+                       .L77000150:
+/* 0x026c	     */		ret	! Result = 
+/* 0x0270	     */		restore	%g0,%g0,%g0
+/* 0x0274	   0 */		.type	conv_i32_to_d16,2
+/* 0x0274	     */		.size	conv_i32_to_d16,(.-conv_i32_to_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! CONSTANT POOL
+!
+                       .L_const_seg_900000401:
+/* 000000	   0 */		.word	1127219200,0
+/* 0x0008	   0 */		.align	8
+/* 0x0008	     */		.skip	24
+!
+! SUBROUTINE conv_i32_to_d32_and_d16
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global conv_i32_to_d32_and_d16
+                       conv_i32_to_d32_and_d16:
+/* 000000	     */		save	%sp,-192,%sp
+                       .L900000415:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g3
+
+!  157		      !   }
+!  158		      !}
+!  161		      !void conv_i32_to_d32_and_d16(double *d32, double *d16, 
+!  162		      !			     unsigned int *i32, int len)
+!  163		      !{
+!  164		      !int i = 0;
+!  165		      !unsigned int a;
+!  167		      !#pragma pipeloop(0)
+!  168		      !#ifdef RF_INLINE_MACROS
+!  169		      ! for(;i<len-3;i+=4)
+!  170		      !   {
+!  171		      !     i16_to_d16_and_d32x4(&TwoToMinus16, &TwoTo16, &Zero,
+!  172		      !			  &(d16[2*i]), &(d32[i]), (float *)(&(i32[i])));
+
+/* 0x000c	 172 */		sethi	%hi(Zero),%g2
+/* 0x0010	 163 */		add	%g3,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000415-.)),%g3
+/* 0x0014	     */		or	%g0,%i3,%g5
+/* 0x0018	     */		add	%g3,%o7,%o3
+/* 0x001c	 172 */		add	%g2,%lo(Zero),%g2
+/* 0x0020	     */		ldx	[%o3+%g2],%o0
+/* 0x0024	     */		sethi	%hi(TwoToMinus16),%g3
+/* 0x0028	 163 */		or	%g0,%i0,%i3
+/* 0x002c	 169 */		sub	%g5,3,%o1
+/* 0x0030	 172 */		sethi	%hi(TwoTo16),%g4
+/* 0x0034	 163 */		or	%g0,%i2,%i0
+/* 0x0038	 172 */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x003c	     */		ldx	[%o3+%g2],%o2
+/* 0x0040	 169 */		cmp	%o1,0
+/* 0x0044	 164 */		or	%g0,0,%i2
+/* 0x0048	 169 */		ble,pt	%icc,.L900000418
+/* 0x004c	     */		cmp	%i2,%g5
+/* 0x0050	     */		ldd	[%o0],%f2
+/* 0x0054	 172 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0058	     */		ldx	[%o3+%g3],%o1
+/* 0x005c	 169 */		sub	%g5,4,%o4
+/* 0x0060	     */		or	%g0,0,%o5
+                       .L900000417:
+/* 0x0064	 172 */		sra	%i2,0,%g2
+/* 0x0068	     */		fmovd	%f2,%f14
+/* 0x006c	     */		ldd	[%o2],%f0
+/* 0x0070	     */		sllx	%g2,2,%g3
+/* 0x0074	     */		fmovd	%f2,%f10
+/* 0x0078	     */		ldd	[%o1],%f16
+/* 0x007c	     */		ld	[%g3+%i0],%f15
+/* 0x0080	     */		add	%i0,%g3,%g3
+/* 0x0084	     */		fmovd	%f2,%f6
+/* 0x0088	     */		ld	[%g3+4],%f11
+/* 0x008c	     */		sra	%o5,0,%g4
+/* 0x0090	     */		add	%i2,4,%i2
+/* 0x0094	     */		ld	[%g3+8],%f7
+/* 0x0098	     */		fxtod	%f14,%f14
+/* 0x009c	     */		sllx	%g2,3,%g2
+/* 0x00a0	     */		ld	[%g3+12],%f3
+/* 0x00a4	     */		fxtod	%f10,%f10
+/* 0x00a8	     */		sllx	%g4,3,%g3
+/* 0x00ac	     */		fxtod	%f6,%f6
+/* 0x00b0	     */		std	%f14,[%g2+%i3]
+/* 0x00b4	     */		add	%i3,%g2,%g4
+/* 0x00b8	     */		fxtod	%f2,%f2
+/* 0x00bc	     */		fmuld	%f0,%f14,%f12
+/* 0x00c0	     */		std	%f2,[%g4+24]
+/* 0x00c4	     */		fmuld	%f0,%f10,%f8
+/* 0x00c8	     */		std	%f10,[%g4+8]
+/* 0x00cc	     */		add	%i1,%g3,%g2
+/* 0x00d0	     */		fmuld	%f0,%f6,%f4
+/* 0x00d4	     */		std	%f6,[%g4+16]
+/* 0x00d8	     */		cmp	%i2,%o4
+/* 0x00dc	     */		fmuld	%f0,%f2,%f0
+/* 0x00e0	     */		fdtox	%f12,%f12
+/* 0x00e4	     */		add	%o5,8,%o5
+/* 0x00e8	     */		fdtox	%f8,%f8
+/* 0x00ec	     */		fdtox	%f4,%f4
+/* 0x00f0	     */		fdtox	%f0,%f0
+/* 0x00f4	     */		fxtod	%f12,%f12
+/* 0x00f8	     */		std	%f12,[%g2+8]
+/* 0x00fc	     */		fxtod	%f8,%f8
+/* 0x0100	     */		std	%f8,[%g2+24]
+/* 0x0104	     */		fxtod	%f4,%f4
+/* 0x0108	     */		std	%f4,[%g2+40]
+/* 0x010c	     */		fxtod	%f0,%f0
+/* 0x0110	     */		std	%f0,[%g2+56]
+/* 0x0114	     */		fmuld	%f12,%f16,%f12
+/* 0x0118	     */		fmuld	%f8,%f16,%f8
+/* 0x011c	     */		fmuld	%f4,%f16,%f4
+/* 0x0120	     */		fsubd	%f14,%f12,%f12
+/* 0x0124	     */		std	%f12,[%g3+%i1]
+/* 0x0128	     */		fmuld	%f0,%f16,%f0
+/* 0x012c	     */		fsubd	%f10,%f8,%f8
+/* 0x0130	     */		std	%f8,[%g2+16]
+/* 0x0134	     */		fsubd	%f6,%f4,%f4
+/* 0x0138	     */		std	%f4,[%g2+32]
+/* 0x013c	     */		fsubd	%f2,%f0,%f0
+/* 0x0140	     */		std	%f0,[%g2+48]
+/* 0x0144	     */		ble,a,pt	%icc,.L900000417
+/* 0x0148	     */		ldd	[%o0],%f2
+                       .L77000159:
+
+!  173		      !   }
+!  174		      !#endif
+!  175		      ! for(;i<len;i++)
+
+/* 0x014c	 175 */		cmp	%i2,%g5
+                       .L900000418:
+/* 0x0150	 175 */		bge,pt	%icc,.L77000164
+/* 0x0154	     */		nop
+
+!  176		      !   {
+!  177		      !     a=i32[i];
+!  178		      !     d32[i]=(double)(i32[i]);
+!  179		      !     d16[2*i]=(double)(a&0xffff);
+!  180		      !     d16[2*i+1]=(double)(a>>16);
+
+/* 0x0158	 180 */		sethi	%hi(.L_const_seg_900000401),%g2
+/* 0x015c	     */		add	%g2,%lo(.L_const_seg_900000401),%g2
+/* 0x0160	 175 */		sethi	%hi(0xfc00),%g3
+/* 0x0164	 180 */		ldx	[%o3+%g2],%g1
+/* 0x0168	 175 */		sll	%i2,1,%i4
+/* 0x016c	     */		sub	%g5,%i2,%g4
+/* 0x0170	 177 */		sra	%i2,0,%o3
+/* 0x0174	 175 */		add	%g3,1023,%g3
+/* 0x0178	 178 */		ldd	[%g1],%f2
+/* 0x017c	     */		sllx	%o3,2,%o2
+/* 0x0180	 175 */		add	%i4,1,%g2
+/* 0x0184	 177 */		or	%g0,%o3,%o1
+/* 0x0188	     */		cmp	%g4,6
+/* 0x018c	 175 */		bl,pn	%icc,.L77000161
+/* 0x0190	     */		sra	%i2,0,%o3
+/* 0x0194	 177 */		or	%g0,%o2,%o0
+/* 0x0198	 178 */		ld	[%i0+%o2],%f5
+/* 0x019c	 179 */		fmovs	%f2,%f8
+/* 0x01a0	 175 */		add	%o0,4,%o3
+/* 0x01a4	 177 */		ld	[%i0+%o0],%o7
+/* 0x01a8	 180 */		fmovs	%f2,%f6
+/* 0x01ac	 178 */		fmovs	%f2,%f4
+/* 0x01b0	     */		sllx	%o1,3,%o2
+/* 0x01b4	 175 */		add	%o3,4,%o5
+/* 0x01b8	 179 */		sra	%i4,0,%o0
+/* 0x01bc	 175 */		add	%o3,8,%o4
+/* 0x01c0	 178 */		fsubd	%f4,%f2,%f4
+/* 0x01c4	     */		std	%f4,[%i3+%o2]
+/* 0x01c8	 179 */		sllx	%o0,3,%i5
+/* 0x01cc	     */		and	%o7,%g3,%o0
+/* 0x01d0	     */		st	%o0,[%sp+2227]
+/* 0x01d4	 175 */		add	%i5,16,%o1
+/* 0x01d8	 180 */		srl	%o7,16,%g4
+/* 0x01dc	     */		add	%i2,1,%i2
+/* 0x01e0	     */		sra	%g2,0,%o0
+/* 0x01e4	 175 */		add	%o2,8,%o2
+/* 0x01e8	 179 */		fmovs	%f2,%f4
+/* 0x01ec	 180 */		sllx	%o0,3,%l0
+/* 0x01f0	     */		add	%i4,3,%g2
+/* 0x01f4	 179 */		ld	[%sp+2227],%f5
+/* 0x01f8	 175 */		add	%l0,16,%o0
+/* 0x01fc	 180 */		add	%i4,2,%i4
+/* 0x0200	 175 */		sub	%g5,1,%o7
+/* 0x0204	 180 */		add	%i2,3,%i2
+/* 0x0208	 179 */		fsubd	%f4,%f2,%f4
+/* 0x020c	     */		std	%f4,[%i1+%i5]
+/* 0x0210	 180 */		st	%g4,[%sp+2223]
+/* 0x0214	 177 */		ld	[%i0+%o3],%i5
+/* 0x0218	 180 */		fmovs	%f2,%f4
+/* 0x021c	     */		srl	%i5,16,%g4
+/* 0x0220	 179 */		and	%i5,%g3,%i5
+/* 0x0224	 180 */		ld	[%sp+2223],%f5
+/* 0x0228	     */		fsubd	%f4,%f2,%f4
+/* 0x022c	     */		std	%f4,[%i1+%l0]
+/* 0x0230	     */		st	%g4,[%sp+2223]
+/* 0x0234	 177 */		ld	[%i0+%o5],%g4
+/* 0x0238	 179 */		st	%i5,[%sp+2227]
+/* 0x023c	 178 */		fmovs	%f2,%f4
+/* 0x0240	 180 */		srl	%g4,16,%i5
+/* 0x0244	 179 */		and	%g4,%g3,%g4
+/* 0x0248	 180 */		ld	[%sp+2223],%f7
+/* 0x024c	     */		st	%i5,[%sp+2223]
+/* 0x0250	 178 */		ld	[%i0+%o3],%f5
+/* 0x0254	 180 */		fsubd	%f6,%f2,%f6
+/* 0x0258	 177 */		ld	[%i0+%o4],%o3
+/* 0x025c	 178 */		fsubd	%f4,%f2,%f4
+/* 0x0260	 179 */		ld	[%sp+2227],%f9
+/* 0x0264	 180 */		ld	[%sp+2223],%f1
+/* 0x0268	 179 */		st	%g4,[%sp+2227]
+/* 0x026c	     */		fsubd	%f8,%f2,%f8
+/* 0x0270	     */		std	%f8,[%i1+%o1]
+/* 0x0274	 180 */		std	%f6,[%i1+%o0]
+/* 0x0278	 178 */		std	%f4,[%i3+%o2]
+                       .L900000411:
+/* 0x027c	 179 */		ld	[%sp+2227],%f13
+/* 0x0280	 180 */		srl	%o3,16,%g4
+/* 0x0284	     */		add	%i2,2,%i2
+/* 0x0288	     */		st	%g4,[%sp+2223]
+/* 0x028c	     */		cmp	%i2,%o7
+/* 0x0290	     */		add	%g2,4,%g2
+/* 0x0294	 178 */		ld	[%i0+%o5],%f11
+/* 0x0298	 180 */		add	%i4,4,%i4
+/* 0x029c	 175 */		add	%o4,4,%o5
+/* 0x02a0	 177 */		ld	[%i0+%o5],%g4
+/* 0x02a4	 179 */		and	%o3,%g3,%o3
+/* 0x02a8	     */		st	%o3,[%sp+2227]
+/* 0x02ac	 180 */		fmovs	%f2,%f0
+/* 0x02b0	 179 */		fmovs	%f2,%f12
+/* 0x02b4	 180 */		fsubd	%f0,%f2,%f8
+/* 0x02b8	 179 */		fsubd	%f12,%f2,%f4
+/* 0x02bc	 175 */		add	%o1,16,%o1
+/* 0x02c0	 180 */		ld	[%sp+2223],%f7
+/* 0x02c4	 178 */		fmovs	%f2,%f10
+/* 0x02c8	 179 */		std	%f4,[%i1+%o1]
+/* 0x02cc	 175 */		add	%o0,16,%o0
+/* 0x02d0	 178 */		fsubd	%f10,%f2,%f4
+/* 0x02d4	 175 */		add	%o2,8,%o2
+/* 0x02d8	 180 */		std	%f8,[%i1+%o0]
+/* 0x02dc	 178 */		std	%f4,[%i3+%o2]
+/* 0x02e0	 179 */		ld	[%sp+2227],%f9
+/* 0x02e4	 180 */		srl	%g4,16,%o3
+/* 0x02e8	     */		st	%o3,[%sp+2223]
+/* 0x02ec	 178 */		ld	[%i0+%o4],%f5
+/* 0x02f0	 175 */		add	%o4,8,%o4
+/* 0x02f4	 177 */		ld	[%i0+%o4],%o3
+/* 0x02f8	 179 */		and	%g4,%g3,%g4
+/* 0x02fc	     */		st	%g4,[%sp+2227]
+/* 0x0300	 180 */		fmovs	%f2,%f6
+/* 0x0304	 179 */		fmovs	%f2,%f8
+/* 0x0308	 180 */		fsubd	%f6,%f2,%f6
+/* 0x030c	 179 */		fsubd	%f8,%f2,%f8
+/* 0x0310	 175 */		add	%o1,16,%o1
+/* 0x0314	 180 */		ld	[%sp+2223],%f1
+/* 0x0318	 178 */		fmovs	%f2,%f4
+/* 0x031c	 179 */		std	%f8,[%i1+%o1]
+/* 0x0320	 175 */		add	%o0,16,%o0
+/* 0x0324	 178 */		fsubd	%f4,%f2,%f4
+/* 0x0328	 175 */		add	%o2,8,%o2
+/* 0x032c	 180 */		std	%f6,[%i1+%o0]
+/* 0x0330	     */		bl,pt	%icc,.L900000411
+/* 0x0334	     */		std	%f4,[%i3+%o2]
+                       .L900000414:
+/* 0x0338	 180 */		srl	%o3,16,%o7
+/* 0x033c	     */		st	%o7,[%sp+2223]
+/* 0x0340	 179 */		fmovs	%f2,%f12
+/* 0x0344	 178 */		ld	[%i0+%o5],%f11
+/* 0x0348	 180 */		fmovs	%f2,%f0
+/* 0x034c	 179 */		and	%o3,%g3,%g4
+/* 0x0350	 180 */		fmovs	%f2,%f6
+/* 0x0354	 175 */		add	%o1,16,%o3
+/* 0x0358	     */		add	%o0,16,%o7
+/* 0x035c	 178 */		fmovs	%f2,%f10
+/* 0x0360	 175 */		add	%o2,8,%o2
+/* 0x0364	     */		add	%o1,32,%o5
+/* 0x0368	 179 */		ld	[%sp+2227],%f13
+/* 0x036c	 178 */		fmovs	%f2,%f4
+/* 0x0370	 175 */		add	%o0,32,%o1
+/* 0x0374	 180 */		ld	[%sp+2223],%f7
+/* 0x0378	 175 */		add	%o2,8,%o0
+/* 0x037c	 180 */		cmp	%i2,%g5
+/* 0x0380	 179 */		st	%g4,[%sp+2227]
+/* 0x0384	     */		fsubd	%f12,%f2,%f8
+/* 0x0388	 180 */		add	%g2,6,%g2
+/* 0x038c	 179 */		std	%f8,[%i1+%o3]
+/* 0x0390	 180 */		fsubd	%f0,%f2,%f0
+/* 0x0394	 177 */		sra	%i2,0,%o3
+/* 0x0398	 180 */		std	%f0,[%i1+%o7]
+/* 0x039c	 178 */		fsubd	%f10,%f2,%f0
+/* 0x03a0	 180 */		add	%i4,6,%i4
+/* 0x03a4	 178 */		std	%f0,[%i3+%o2]
+/* 0x03a8	     */		sllx	%o3,2,%o2
+/* 0x03ac	 179 */		ld	[%sp+2227],%f9
+/* 0x03b0	 178 */		ld	[%i0+%o4],%f5
+/* 0x03b4	 179 */		fmovs	%f2,%f8
+/* 0x03b8	     */		fsubd	%f8,%f2,%f0
+/* 0x03bc	     */		std	%f0,[%i1+%o5]
+/* 0x03c0	 180 */		fsubd	%f6,%f2,%f0
+/* 0x03c4	     */		std	%f0,[%i1+%o1]
+/* 0x03c8	 178 */		fsubd	%f4,%f2,%f0
+/* 0x03cc	 180 */		bge,pn	%icc,.L77000164
+/* 0x03d0	     */		std	%f0,[%i3+%o0]
+                       .L77000161:
+/* 0x03d4	 178 */		ldd	[%g1],%f2
+                       .L900000416:
+/* 0x03d8	 178 */		ld	[%i0+%o2],%f5
+/* 0x03dc	 179 */		sra	%i4,0,%o0
+/* 0x03e0	 180 */		add	%i2,1,%i2
+/* 0x03e4	 177 */		ld	[%i0+%o2],%o1
+/* 0x03e8	 178 */		sllx	%o3,3,%o3
+/* 0x03ec	 180 */		add	%i4,2,%i4
+/* 0x03f0	 178 */		fmovs	%f2,%f4
+/* 0x03f4	 179 */		sllx	%o0,3,%o4
+/* 0x03f8	 180 */		cmp	%i2,%g5
+/* 0x03fc	 179 */		and	%o1,%g3,%o0
+/* 0x0400	 178 */		fsubd	%f4,%f2,%f0
+/* 0x0404	     */		std	%f0,[%i3+%o3]
+/* 0x0408	 180 */		srl	%o1,16,%o1
+/* 0x040c	 179 */		st	%o0,[%sp+2227]
+/* 0x0410	 180 */		sra	%g2,0,%o0
+/* 0x0414	     */		add	%g2,2,%g2
+/* 0x0418	 177 */		sra	%i2,0,%o3
+/* 0x041c	 180 */		sllx	%o0,3,%o0
+/* 0x0420	 179 */		fmovs	%f2,%f4
+/* 0x0424	     */		sllx	%o3,2,%o2
+/* 0x0428	     */		ld	[%sp+2227],%f5
+/* 0x042c	     */		fsubd	%f4,%f2,%f0
+/* 0x0430	     */		std	%f0,[%i1+%o4]
+/* 0x0434	 180 */		st	%o1,[%sp+2223]
+/* 0x0438	     */		fmovs	%f2,%f4
+/* 0x043c	     */		ld	[%sp+2223],%f5
+/* 0x0440	     */		fsubd	%f4,%f2,%f0
+/* 0x0444	     */		std	%f0,[%i1+%o0]
+/* 0x0448	     */		bl,a,pt	%icc,.L900000416
+/* 0x044c	     */		ldd	[%g1],%f2
+                       .L77000164:
+/* 0x0450	     */		ret	! Result = 
+/* 0x0454	     */		restore	%g0,%g0,%g0
+/* 0x0458	   0 */		.type	conv_i32_to_d32_and_d16,2
+/* 0x0458	     */		.size	conv_i32_to_d32_and_d16,(.-conv_i32_to_d32_and_d16)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+!
+! SUBROUTINE adjust_montf_result
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global adjust_montf_result
+                       adjust_montf_result:
+/* 000000	     */		save	%sp,-176,%sp
+/* 0x0004	     */		or	%g0,%i2,%o1
+/* 0x0008	     */		or	%g0,%i0,%i2
+
+!  181		      !   }
+!  182		      !}
+!  185		      !void adjust_montf_result(unsigned int *i32, unsigned int *nint, int len)
+!  186		      !{
+!  187		      !long long acc;
+!  188		      !int i;
+!  190		      ! if(i32[len]>0) i=-1;
+
+/* 0x000c	 190 */		sra	%o1,0,%g2
+/* 0x0010	     */		or	%g0,-1,%o2
+/* 0x0014	     */		sllx	%g2,2,%g2
+/* 0x0018	     */		ld	[%i2+%g2],%g2
+/* 0x001c	     */		cmp	%g2,0
+/* 0x0020	     */		bleu,pn	%icc,.L77000175
+/* 0x0024	     */		or	%g0,%i1,%i0
+/* 0x0028	     */		ba	.L900000511
+/* 0x002c	     */		cmp	%o2,0
+                       .L77000175:
+
+!  191		      ! else
+!  192		      !   {
+!  193		      !     for(i=len-1; i>=0; i--)
+
+/* 0x0030	 193 */		sub	%o1,1,%o2
+/* 0x0034	     */		cmp	%o2,0
+/* 0x0038	     */		bl,pn	%icc,.L77000182
+/* 0x003c	     */		sra	%o2,0,%g2
+                       .L900000510:
+
+!  194		      !       {
+!  195		      !	 if(i32[i]!=nint[i]) break;
+
+/* 0x0040	 195 */		sllx	%g2,2,%g2
+/* 0x0044	     */		sub	%o2,1,%o0
+/* 0x0048	     */		ld	[%i1+%g2],%g3
+/* 0x004c	     */		ld	[%i2+%g2],%g2
+/* 0x0050	     */		cmp	%g2,%g3
+/* 0x0054	     */		bne,pn	%icc,.L77000182
+/* 0x0058	     */		nop
+/* 0x005c	   0 */		or	%g0,%o0,%o2
+/* 0x0060	 195 */		cmp	%o0,0
+/* 0x0064	     */		bge,pt	%icc,.L900000510
+/* 0x0068	     */		sra	%o2,0,%g2
+                       .L77000182:
+
+!  196		      !       }
+!  197		      !   }
+!  198		      ! if((i<0)||(i32[i]>nint[i]))
+
+/* 0x006c	 198 */		cmp	%o2,0
+                       .L900000511:
+/* 0x0070	 198 */		bl,pn	%icc,.L77000198
+/* 0x0074	     */		sra	%o2,0,%g2
+/* 0x0078	     */		sllx	%g2,2,%g2
+/* 0x007c	     */		ld	[%i1+%g2],%g3
+/* 0x0080	     */		ld	[%i2+%g2],%g2
+/* 0x0084	     */		cmp	%g2,%g3
+/* 0x0088	     */		bleu,pt	%icc,.L77000191
+/* 0x008c	     */		nop
+                       .L77000198:
+
+!  199		      !   {
+!  200		      !     acc=0;
+!  201		      !     for(i=0;i<len;i++)
+
+/* 0x0090	 201 */		cmp	%o1,0
+/* 0x0094	     */		ble,pt	%icc,.L77000191
+/* 0x0098	     */		nop
+/* 0x009c	 198 */		or	%g0,-1,%g2
+/* 0x00a0	 201 */		or	%g0,%o1,%g3
+/* 0x00a4	 198 */		srl	%g2,0,%g2
+/* 0x00a8	     */		sub	%o1,1,%g4
+/* 0x00ac	     */		cmp	%o1,9
+/* 0x00b0	 201 */		or	%g0,0,%i1
+/* 0x00b4	 200 */		or	%g0,0,%g5
+
+!  202		      !       {
+!  203		      !	 acc=acc+(unsigned long long)(i32[i])-(unsigned long long)(nint[i]);
+
+/* 0x00b8	 203 */		or	%g0,0,%o1
+/* 0x00bc	 201 */		bl,pn	%icc,.L77000199
+/* 0x00c0	     */		sub	%g3,4,%o7
+/* 0x00c4	 203 */		ld	[%i2],%o1
+
+!  204		      !	 i32[i]=acc&0xffffffff;
+!  205		      !	 acc=acc>>32;
+
+/* 0x00c8	 205 */		or	%g0,5,%i1
+/* 0x00cc	 203 */		ld	[%i0],%o2
+/* 0x00d0	 201 */		or	%g0,8,%o5
+/* 0x00d4	     */		or	%g0,12,%o4
+/* 0x00d8	 203 */		ld	[%i0+4],%o3
+/* 0x00dc	 201 */		or	%g0,16,%g1
+/* 0x00e0	 203 */		ld	[%i2+4],%o0
+/* 0x00e4	 201 */		sub	%o1,%o2,%o1
+/* 0x00e8	 203 */		ld	[%i0+8],%i3
+/* 0x00ec	 204 */		and	%o1,%g2,%g5
+/* 0x00f0	     */		st	%g5,[%i2]
+/* 0x00f4	 205 */		srax	%o1,32,%g5
+/* 0x00f8	 201 */		sub	%o0,%o3,%o0
+/* 0x00fc	 203 */		ld	[%i0+12],%o2
+/* 0x0100	 201 */		add	%o0,%g5,%o0
+/* 0x0104	 204 */		and	%o0,%g2,%g5
+/* 0x0108	     */		st	%g5,[%i2+4]
+/* 0x010c	 205 */		srax	%o0,32,%o0
+/* 0x0110	 203 */		ld	[%i2+8],%o1
+/* 0x0114	     */		ld	[%i2+12],%o3
+/* 0x0118	 201 */		sub	%o1,%i3,%o1
+                       .L900000505:
+/* 0x011c	     */		add	%g1,4,%g3
+/* 0x0120	 203 */		ld	[%g1+%i2],%g5
+/* 0x0124	 201 */		add	%o1,%o0,%o0
+/* 0x0128	 203 */		ld	[%i0+%g1],%i3
+/* 0x012c	 201 */		sub	%o3,%o2,%o1
+/* 0x0130	 204 */		and	%o0,%g2,%o2
+/* 0x0134	     */		st	%o2,[%o5+%i2]
+/* 0x0138	 205 */		srax	%o0,32,%o2
+/* 0x013c	     */		add	%i1,4,%i1
+/* 0x0140	 201 */		add	%g1,8,%o5
+/* 0x0144	 203 */		ld	[%g3+%i2],%o0
+/* 0x0148	 201 */		add	%o1,%o2,%o1
+/* 0x014c	 203 */		ld	[%i0+%g3],%o3
+/* 0x0150	 201 */		sub	%g5,%i3,%o2
+/* 0x0154	 204 */		and	%o1,%g2,%g5
+/* 0x0158	     */		st	%g5,[%o4+%i2]
+/* 0x015c	 205 */		srax	%o1,32,%g5
+/* 0x0160	     */		cmp	%i1,%o7
+/* 0x0164	 201 */		add	%g1,12,%o4
+/* 0x0168	 203 */		ld	[%o5+%i2],%o1
+/* 0x016c	 201 */		add	%o2,%g5,%o2
+/* 0x0170	 203 */		ld	[%i0+%o5],%i3
+/* 0x0174	 201 */		sub	%o0,%o3,%o0
+/* 0x0178	 204 */		and	%o2,%g2,%o3
+/* 0x017c	     */		st	%o3,[%g1+%i2]
+/* 0x0180	 205 */		srax	%o2,32,%g5
+/* 0x0184	 203 */		ld	[%o4+%i2],%o3
+/* 0x0188	 201 */		add	%g1,16,%g1
+/* 0x018c	     */		add	%o0,%g5,%o0
+/* 0x0190	 203 */		ld	[%i0+%o4],%o2
+/* 0x0194	 201 */		sub	%o1,%i3,%o1
+/* 0x0198	 204 */		and	%o0,%g2,%g5
+/* 0x019c	     */		st	%g5,[%g3+%i2]
+/* 0x01a0	 205 */		ble,pt	%icc,.L900000505
+/* 0x01a4	     */		srax	%o0,32,%o0
+                       .L900000508:
+/* 0x01a8	     */		add	%o1,%o0,%g3
+/* 0x01ac	     */		sub	%o3,%o2,%o1
+/* 0x01b0	 203 */		ld	[%g1+%i2],%o0
+/* 0x01b4	     */		ld	[%i0+%g1],%o2
+/* 0x01b8	 205 */		srax	%g3,32,%o7
+/* 0x01bc	 204 */		and	%g3,%g2,%o3
+/* 0x01c0	 201 */		add	%o1,%o7,%o1
+/* 0x01c4	 204 */		st	%o3,[%o5+%i2]
+/* 0x01c8	 205 */		cmp	%i1,%g4
+/* 0x01cc	 201 */		sub	%o0,%o2,%o0
+/* 0x01d0	 204 */		and	%o1,%g2,%o2
+/* 0x01d4	     */		st	%o2,[%o4+%i2]
+/* 0x01d8	 205 */		srax	%o1,32,%o1
+/* 0x01dc	 203 */		sra	%i1,0,%o2
+/* 0x01e0	 201 */		add	%o0,%o1,%o0
+/* 0x01e4	 205 */		srax	%o0,32,%g5
+/* 0x01e8	 204 */		and	%o0,%g2,%o1
+/* 0x01ec	     */		st	%o1,[%g1+%i2]
+/* 0x01f0	 205 */		bg,pn	%icc,.L77000191
+/* 0x01f4	     */		sllx	%o2,2,%o1
+                       .L77000199:
+/* 0x01f8	   0 */		or	%g0,%o1,%g1
+                       .L900000509:
+/* 0x01fc	 203 */		ld	[%o1+%i2],%o0
+/* 0x0200	 205 */		add	%i1,1,%i1
+/* 0x0204	 203 */		ld	[%i0+%o1],%o1
+/* 0x0208	     */		sra	%i1,0,%o2
+/* 0x020c	 205 */		cmp	%i1,%g4
+/* 0x0210	 203 */		add	%g5,%o0,%o0
+/* 0x0214	     */		sub	%o0,%o1,%o0
+/* 0x0218	 205 */		srax	%o0,32,%g5
+/* 0x021c	 204 */		and	%o0,%g2,%o1
+/* 0x0220	     */		st	%o1,[%g1+%i2]
+/* 0x0224	     */		sllx	%o2,2,%o1
+/* 0x0228	 205 */		ble,pt	%icc,.L900000509
+/* 0x022c	     */		or	%g0,%o1,%g1
+                       .L77000191:
+/* 0x0230	     */		ret	! Result = 
+/* 0x0234	     */		restore	%g0,%g0,%g0
+/* 0x0238	   0 */		.type	adjust_montf_result,2
+/* 0x0238	     */		.size	adjust_montf_result,(.-adjust_montf_result)
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 */		.align	8
+/* 000000	     */		.skip	24
+!
+! SUBROUTINE mont_mulf_noconv
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION
+
+                       	.global mont_mulf_noconv
+                       mont_mulf_noconv:
+/* 000000	     */		save	%sp,-224,%sp
+                       .L900000643:
+/* 0x0004	     */		call	.+8
+/* 0x0008	     */		sethi	/*X*/%hi(_GLOBAL_OFFSET_TABLE_-(.L900000643-.)),%g5
+/* 0x000c	     */		ldx	[%fp+2223],%l0
+
+!  206		      !       }
+!  207		      !   }
+!  208		      !}
+!  213		      !/*
+!  214		      !** the lengths of the input arrays should be at least the following:
+!  215		      !** result[nlen+1], dm1[nlen], dm2[2*nlen+1], dt[4*nlen+2], dn[nlen], nint[nlen]
+!  216		      !** all of them should be different from one another
+!  217		      !**
+!  218		      !*/
+!  219		      !void mont_mulf_noconv(unsigned int *result,
+!  220		      !		     double *dm1, double *dm2, double *dt,
+!  221		      !		     double *dn, unsigned int *nint,
+!  222		      !		     int nlen, double dn0)
+!  223		      !{
+!  224		      ! int i, j, jj;
+!  225		      ! int tmp;
+!  226		      ! double digit, m2j, nextm2j, a, b;
+!  227		      ! double *dptmp, *pdm1, *pdm2, *pdn, *pdtj, pdn_0, pdm1_0;
+!  229		      ! pdm1=&(dm1[0]);
+!  230		      ! pdm2=&(dm2[0]);
+!  231		      ! pdn=&(dn[0]);
+!  232		      ! pdm2[2*nlen]=Zero;
+
+/* 0x0010	 232 */		sethi	%hi(Zero),%g2
+/* 0x0014	 223 */		fmovd	%f14,%f30
+/* 0x0018	     */		add	%g5,/*X*/%lo(_GLOBAL_OFFSET_TABLE_-(.L900000643-.)),%g5
+/* 0x001c	 232 */		add	%g2,%lo(Zero),%g2
+/* 0x0020	     */		sll	%l0,1,%o3
+/* 0x0024	 223 */		add	%g5,%o7,%o4
+/* 0x0028	 232 */		sra	%o3,0,%g5
+/* 0x002c	     */		ldx	[%o4+%g2],%o7
+
+!  234		      ! if (nlen!=16)
+!  235		      !   {
+!  236		      !     for(i=0;i<4*nlen+2;i++) dt[i]=Zero;
+!  238		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  239		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+/* 0x0030	 239 */		sethi	%hi(TwoToMinus16),%g3
+/* 0x0034	     */		sethi	%hi(TwoTo16),%g4
+/* 0x0038	     */		add	%g3,%lo(TwoToMinus16),%g2
+/* 0x003c	 232 */		ldd	[%o7],%f0
+/* 0x0040	 239 */		add	%g4,%lo(TwoTo16),%g3
+/* 0x0044	 223 */		or	%g0,%i4,%o0
+/* 0x0048	 232 */		sllx	%g5,3,%g4
+/* 0x004c	 239 */		ldx	[%o4+%g2],%o5
+/* 0x0050	 223 */		or	%g0,%i5,%l3
+/* 0x0054	     */		or	%g0,%i0,%l2
+/* 0x0058	 239 */		ldx	[%o4+%g3],%o4
+/* 0x005c	 234 */		cmp	%l0,16
+/* 0x0060	 232 */		std	%f0,[%i2+%g4]
+/* 0x0064	 234 */		be,pn	%icc,.L77000279
+/* 0x0068	     */		or	%g0,%i3,%l4
+/* 0x006c	 236 */		sll	%l0,2,%g2
+/* 0x0070	 223 */		or	%g0,%o0,%i5
+/* 0x0074	 236 */		add	%g2,2,%o0
+/* 0x0078	 223 */		or	%g0,%i1,%i4
+/* 0x007c	 236 */		cmp	%o0,0
+/* 0x0080	 223 */		or	%g0,%i2,%l1
+/* 0x0084	 236 */		ble,a,pt	%icc,.L900000657
+/* 0x0088	     */		ldd	[%i1],%f6
+
+!  241		      !     pdtj=&(dt[0]);
+!  242		      !     for(j=jj=0;j<2*nlen;j++,jj++,pdtj++)
+!  243		      !       {
+!  244		      !	 m2j=pdm2[j];
+!  245		      !	 a=pdtj[0]+pdn[0]*digit;
+!  246		      !	 b=pdtj[1]+pdm1[0]*pdm2[j+1]+a*TwoToMinus16;
+!  247		      !	 pdtj[1]=b;
+!  249		      !#pragma pipeloop(0)
+!  250		      !	 for(i=1;i<nlen;i++)
+!  251		      !	   {
+!  252		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  253		      !	   }
+!  254		      ! 	 if((jj==30)) {cleanup(dt,j/2+1,2*nlen+1); jj=0;}
+!  255		      !	 
+!  256		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  257		      !       }
+!  258		      !   }
+!  259		      ! else
+!  260		      !   {
+!  261		      !     a=dt[0]=pdm1[0]*pdm2[0];
+!  263		      !     dt[65]=     dt[64]=     dt[63]=     dt[62]=     dt[61]=     dt[60]=
+!  264		      !     dt[59]=     dt[58]=     dt[57]=     dt[56]=     dt[55]=     dt[54]=
+!  265		      !     dt[53]=     dt[52]=     dt[51]=     dt[50]=     dt[49]=     dt[48]=
+!  266		      !     dt[47]=     dt[46]=     dt[45]=     dt[44]=     dt[43]=     dt[42]=
+!  267		      !     dt[41]=     dt[40]=     dt[39]=     dt[38]=     dt[37]=     dt[36]=
+!  268		      !     dt[35]=     dt[34]=     dt[33]=     dt[32]=     dt[31]=     dt[30]=
+!  269		      !     dt[29]=     dt[28]=     dt[27]=     dt[26]=     dt[25]=     dt[24]=
+!  270		      !     dt[23]=     dt[22]=     dt[21]=     dt[20]=     dt[19]=     dt[18]=
+!  271		      !     dt[17]=     dt[16]=     dt[15]=     dt[14]=     dt[13]=     dt[12]=
+!  272		      !     dt[11]=     dt[10]=     dt[ 9]=     dt[ 8]=     dt[ 7]=     dt[ 6]=
+!  273		      !     dt[ 5]=     dt[ 4]=     dt[ 3]=     dt[ 2]=     dt[ 1]=Zero;
+!  275		      !     pdn_0=pdn[0];
+!  276		      !     pdm1_0=pdm1[0];
+!  278		      !     digit=mod(lower32(a,Zero)*dn0,TwoToMinus16,TwoTo16);
+!  279		      !     pdtj=&(dt[0]);
+!  281		      !     for(j=0;j<32;j++,pdtj++)
+
+/* 0x008c	 281 */		or	%g0,%o0,%o1
+/* 0x0090	 236 */		sub	%o0,1,%g1
+/* 0x0094	     */		or	%g0,0,%g2
+/* 0x0098	 281 */		cmp	%o1,5
+/* 0x009c	     */		bl,pn	%icc,.L77000280
+/* 0x00a0	     */		or	%g0,8,%o0
+/* 0x00a4	     */		std	%f0,[%i3]
+/* 0x00a8	     */		or	%g0,2,%g2
+/* 0x00ac	     */		sub	%g1,2,%o1
+                       .L900000627:
+/* 0x00b0	     */		add	%o0,8,%g3
+/* 0x00b4	     */		std	%f0,[%i3+%o0]
+/* 0x00b8	     */		add	%g2,3,%g2
+/* 0x00bc	     */		add	%o0,16,%o2
+/* 0x00c0	     */		std	%f0,[%i3+%g3]
+/* 0x00c4	     */		cmp	%g2,%o1
+/* 0x00c8	     */		add	%o0,24,%o0
+/* 0x00cc	     */		ble,pt	%icc,.L900000627
+/* 0x00d0	     */		std	%f0,[%i3+%o2]
+                       .L900000630:
+/* 0x00d4	     */		cmp	%g2,%g1
+/* 0x00d8	     */		bg,pn	%icc,.L77000285
+/* 0x00dc	     */		std	%f0,[%i3+%o0]
+                       .L77000280:
+/* 0x00e0	     */		ldd	[%o7],%f0
+                       .L900000656:
+/* 0x00e4	     */		sra	%g2,0,%o0
+/* 0x00e8	     */		add	%g2,1,%g2
+/* 0x00ec	     */		sllx	%o0,3,%o0
+/* 0x00f0	     */		cmp	%g2,%g1
+/* 0x00f4	     */		std	%f0,[%i3+%o0]
+/* 0x00f8	     */		ble,a,pt	%icc,.L900000656
+/* 0x00fc	     */		ldd	[%o7],%f0
+                       .L77000285:
+/* 0x0100	 238 */		ldd	[%i1],%f6
+                       .L900000657:
+/* 0x0104	 238 */		ldd	[%i2],%f8
+/* 0x0108	 242 */		cmp	%o3,0
+/* 0x010c	     */		sub	%o3,1,%o1
+/* 0x0110	 239 */		ldd	[%o7],%f10
+/* 0x0114	     */		add	%o3,1,%o2
+/* 0x0118	   0 */		or	%g0,0,%i2
+/* 0x011c	 238 */		fmuld	%f6,%f8,%f6
+/* 0x0120	     */		std	%f6,[%i3]
+/* 0x0124	   0 */		or	%g0,0,%g3
+/* 0x0128	 239 */		ldd	[%o5],%f8
+/* 0x012c	   0 */		or	%g0,%o2,%g1
+/* 0x0130	 236 */		sub	%l0,1,%i1
+/* 0x0134	 239 */		ldd	[%o4],%f12
+/* 0x0138	 236 */		or	%g0,1,%g4
+/* 0x013c	     */		fdtox	%f6,%f0
+/* 0x0140	     */		fmovs	%f10,%f0
+/* 0x0144	     */		fxtod	%f0,%f6
+/* 0x0148	 239 */		fmuld	%f6,%f14,%f6
+/* 0x014c	     */		fmuld	%f6,%f8,%f8
+/* 0x0150	     */		fdtox	%f8,%f8
+/* 0x0154	     */		fxtod	%f8,%f8
+/* 0x0158	     */		fmuld	%f8,%f12,%f8
+/* 0x015c	     */		fsubd	%f6,%f8,%f20
+/* 0x0160	 242 */		ble,pt	%icc,.L900000650
+/* 0x0164	     */		sllx	%g5,3,%g2
+/* 0x0168	   0 */		st	%o1,[%sp+2223]
+/* 0x016c	 246 */		ldd	[%i5],%f6
+                       .L900000651:
+/* 0x0170	 246 */		sra	%g4,0,%g2
+/* 0x0174	     */		fmuld	%f6,%f20,%f6
+/* 0x0178	     */		ldd	[%i3],%f12
+/* 0x017c	     */		sllx	%g2,3,%g2
+/* 0x0180	     */		ldd	[%i4],%f8
+/* 0x0184	 250 */		cmp	%l0,1
+/* 0x0188	 246 */		ldd	[%l1+%g2],%f10
+/* 0x018c	 244 */		sra	%i2,0,%g2
+/* 0x0190	     */		add	%i2,1,%i0
+/* 0x0194	 246 */		faddd	%f12,%f6,%f6
+/* 0x0198	     */		ldd	[%o5],%f12
+/* 0x019c	 244 */		sllx	%g2,3,%g2
+/* 0x01a0	 246 */		fmuld	%f8,%f10,%f8
+/* 0x01a4	     */		ldd	[%i3+8],%f10
+/* 0x01a8	     */		srl	%i2,31,%o3
+/* 0x01ac	 244 */		ldd	[%l1+%g2],%f18
+/* 0x01b0	   0 */		or	%g0,1,%l5
+/* 0x01b4	 236 */		or	%g0,2,%g2
+/* 0x01b8	 246 */		fmuld	%f6,%f12,%f6
+/* 0x01bc	 250 */		or	%g0,32,%o1
+/* 0x01c0	     */		or	%g0,48,%o2
+/* 0x01c4	 246 */		faddd	%f10,%f8,%f8
+/* 0x01c8	     */		faddd	%f8,%f6,%f16
+/* 0x01cc	 250 */		ble,pn	%icc,.L77000213
+/* 0x01d0	     */		std	%f16,[%i3+8]
+/* 0x01d4	     */		cmp	%i1,8
+/* 0x01d8	     */		sub	%l0,3,%o3
+/* 0x01dc	     */		bl,pn	%icc,.L77000284
+/* 0x01e0	     */		or	%g0,8,%o0
+/* 0x01e4	 252 */		ldd	[%i5+8],%f0
+/* 0x01e8	     */		or	%g0,6,%l5
+/* 0x01ec	     */		ldd	[%i4+8],%f2
+/* 0x01f0	     */		or	%g0,4,%g2
+/* 0x01f4	 250 */		or	%g0,40,%o0
+/* 0x01f8	 252 */		ldd	[%i5+16],%f8
+/* 0x01fc	     */		fmuld	%f0,%f20,%f10
+/* 0x0200	     */		ldd	[%i4+16],%f4
+/* 0x0204	     */		fmuld	%f2,%f18,%f2
+/* 0x0208	     */		ldd	[%i3+16],%f0
+/* 0x020c	     */		fmuld	%f8,%f20,%f12
+/* 0x0210	     */		ldd	[%i4+24],%f6
+/* 0x0214	     */		fmuld	%f4,%f18,%f4
+/* 0x0218	     */		ldd	[%i5+24],%f8
+/* 0x021c	     */		faddd	%f2,%f10,%f2
+/* 0x0220	     */		ldd	[%i4+32],%f14
+/* 0x0224	     */		fmuld	%f6,%f18,%f10
+/* 0x0228	     */		ldd	[%i5+32],%f6
+/* 0x022c	     */		faddd	%f4,%f12,%f4
+/* 0x0230	     */		ldd	[%i4+40],%f12
+/* 0x0234	     */		faddd	%f0,%f2,%f0
+/* 0x0238	     */		std	%f0,[%i3+16]
+/* 0x023c	     */		ldd	[%i3+32],%f0
+/* 0x0240	     */		ldd	[%i3+48],%f2
+                       .L900000639:
+/* 0x0244	     */		add	%o2,16,%l6
+/* 0x0248	 252 */		ldd	[%i5+%o0],%f22
+/* 0x024c	     */		add	%l5,3,%l5
+/* 0x0250	     */		fmuld	%f8,%f20,%f8
+/* 0x0254	 250 */		add	%o0,8,%o0
+/* 0x0258	 252 */		ldd	[%l6+%i3],%f26
+/* 0x025c	     */		cmp	%l5,%o3
+/* 0x0260	     */		ldd	[%i4+%o0],%f24
+/* 0x0264	     */		faddd	%f0,%f4,%f0
+/* 0x0268	     */		add	%g2,6,%g2
+/* 0x026c	     */		faddd	%f10,%f8,%f10
+/* 0x0270	     */		fmuld	%f14,%f18,%f4
+/* 0x0274	     */		std	%f0,[%o1+%i3]
+/* 0x0278	 250 */		add	%o2,32,%o1
+/* 0x027c	 252 */		ldd	[%i5+%o0],%f8
+/* 0x0280	     */		fmuld	%f6,%f20,%f6
+/* 0x0284	 250 */		add	%o0,8,%o0
+/* 0x0288	 252 */		ldd	[%o1+%i3],%f0
+/* 0x028c	     */		ldd	[%i4+%o0],%f14
+/* 0x0290	     */		faddd	%f2,%f10,%f2
+/* 0x0294	     */		faddd	%f4,%f6,%f10
+/* 0x0298	     */		fmuld	%f12,%f18,%f4
+/* 0x029c	     */		std	%f2,[%o2+%i3]
+/* 0x02a0	 250 */		add	%o2,48,%o2
+/* 0x02a4	 252 */		ldd	[%i5+%o0],%f6
+/* 0x02a8	     */		fmuld	%f22,%f20,%f22
+/* 0x02ac	 250 */		add	%o0,8,%o0
+/* 0x02b0	 252 */		ldd	[%o2+%i3],%f2
+/* 0x02b4	     */		ldd	[%i4+%o0],%f12
+/* 0x02b8	     */		faddd	%f26,%f10,%f10
+/* 0x02bc	     */		std	%f10,[%l6+%i3]
+/* 0x02c0	     */		fmuld	%f24,%f18,%f10
+/* 0x02c4	     */		ble,pt	%icc,.L900000639
+/* 0x02c8	     */		faddd	%f4,%f22,%f4
+                       .L900000642:
+/* 0x02cc	 252 */		fmuld	%f8,%f20,%f24
+/* 0x02d0	     */		faddd	%f0,%f4,%f8
+/* 0x02d4	 250 */		add	%o2,16,%o3
+/* 0x02d8	 252 */		ldd	[%o3+%i3],%f4
+/* 0x02dc	     */		fmuld	%f14,%f18,%f0
+/* 0x02e0	     */		cmp	%l5,%i1
+/* 0x02e4	     */		std	%f8,[%o1+%i3]
+/* 0x02e8	     */		fmuld	%f12,%f18,%f8
+/* 0x02ec	 250 */		add	%o2,32,%o1
+/* 0x02f0	 252 */		faddd	%f10,%f24,%f12
+/* 0x02f4	     */		ldd	[%i5+%o0],%f22
+/* 0x02f8	     */		fmuld	%f6,%f20,%f6
+/* 0x02fc	     */		add	%g2,8,%g2
+/* 0x0300	     */		fmuld	%f22,%f20,%f10
+/* 0x0304	     */		faddd	%f2,%f12,%f2
+/* 0x0308	     */		faddd	%f0,%f6,%f6
+/* 0x030c	     */		ldd	[%o1+%i3],%f0
+/* 0x0310	     */		std	%f2,[%o2+%i3]
+/* 0x0314	     */		faddd	%f8,%f10,%f2
+/* 0x0318	     */		sra	%l5,0,%o2
+/* 0x031c	     */		sllx	%o2,3,%o0
+/* 0x0320	     */		faddd	%f4,%f6,%f4
+/* 0x0324	     */		std	%f4,[%o3+%i3]
+/* 0x0328	     */		faddd	%f0,%f2,%f0
+/* 0x032c	     */		std	%f0,[%o1+%i3]
+/* 0x0330	     */		bg,a,pn	%icc,.L77000213
+/* 0x0334	     */		srl	%i2,31,%o3
+                       .L77000284:
+/* 0x0338	 252 */		ldd	[%i4+%o0],%f2
+                       .L900000655:
+/* 0x033c	 252 */		ldd	[%i5+%o0],%f0
+/* 0x0340	     */		fmuld	%f2,%f18,%f2
+/* 0x0344	     */		sra	%g2,0,%o0
+/* 0x0348	     */		sllx	%o0,3,%o1
+/* 0x034c	     */		add	%l5,1,%l5
+/* 0x0350	     */		fmuld	%f0,%f20,%f4
+/* 0x0354	     */		ldd	[%o1+%i3],%f0
+/* 0x0358	     */		sra	%l5,0,%o2
+/* 0x035c	     */		sllx	%o2,3,%o0
+/* 0x0360	     */		add	%g2,2,%g2
+/* 0x0364	     */		cmp	%l5,%i1
+/* 0x0368	     */		faddd	%f2,%f4,%f2
+/* 0x036c	     */		faddd	%f0,%f2,%f0
+/* 0x0370	     */		std	%f0,[%o1+%i3]
+/* 0x0374	     */		ble,a,pt	%icc,.L900000655
+/* 0x0378	     */		ldd	[%i4+%o0],%f2
+                       .L900000626:
+/* 0x037c	     */		srl	%i2,31,%o3
+/* 0x0380	 252 */		ba	.L900000654
+/* 0x0384	     */		cmp	%g3,30
+                       .L77000213:
+/* 0x0388	 254 */		cmp	%g3,30
+                       .L900000654:
+/* 0x038c	     */		add	%i2,%o3,%o0
+/* 0x0390	 254 */		bne,a,pt	%icc,.L900000653
+/* 0x0394	     */		fdtox	%f16,%f0
+/* 0x0398	 281 */		sra	%o0,1,%g2
+/* 0x039c	     */		add	%g2,1,%g2
+/* 0x03a0	     */		ldd	[%o7],%f0
+/* 0x03a4	     */		sll	%g2,1,%o1
+/* 0x03a8	     */		sll	%g1,1,%g2
+/* 0x03ac	     */		or	%g0,%o1,%o2
+/* 0x03b0	     */		fmovd	%f0,%f2
+/* 0x03b4	     */		or	%g0,%g2,%o0
+/* 0x03b8	     */		cmp	%o1,%o0
+/* 0x03bc	     */		sub	%g2,1,%o0
+/* 0x03c0	     */		bge,pt	%icc,.L77000215
+/* 0x03c4	     */		or	%g0,0,%g3
+/* 0x03c8	 254 */		add	%o1,1,%o1
+/* 0x03cc	 281 */		sra	%o2,0,%g2
+                       .L900000652:
+/* 0x03d0	     */		sllx	%g2,3,%g2
+/* 0x03d4	     */		ldd	[%o7],%f6
+/* 0x03d8	     */		add	%o2,2,%o2
+/* 0x03dc	     */		sra	%o1,0,%g3
+/* 0x03e0	     */		ldd	[%g2+%l4],%f8
+/* 0x03e4	     */		cmp	%o2,%o0
+/* 0x03e8	     */		sllx	%g3,3,%g3
+/* 0x03ec	     */		add	%o1,2,%o1
+/* 0x03f0	     */		ldd	[%l4+%g3],%f10
+/* 0x03f4	     */		fdtox	%f8,%f12
+/* 0x03f8	     */		fdtox	%f10,%f4
+/* 0x03fc	     */		fmovd	%f12,%f8
+/* 0x0400	     */		fmovs	%f6,%f12
+/* 0x0404	     */		fmovs	%f6,%f4
+/* 0x0408	     */		fxtod	%f12,%f6
+/* 0x040c	     */		fxtod	%f4,%f12
+/* 0x0410	     */		fdtox	%f10,%f4
+/* 0x0414	     */		faddd	%f6,%f2,%f6
+/* 0x0418	     */		std	%f6,[%g2+%l4]
+/* 0x041c	     */		faddd	%f12,%f0,%f6
+/* 0x0420	     */		std	%f6,[%l4+%g3]
+/* 0x0424	     */		fitod	%f8,%f2
+/* 0x0428	     */		fitod	%f4,%f0
+/* 0x042c	     */		ble,pt	%icc,.L900000652
+/* 0x0430	     */		sra	%o2,0,%g2
+                       .L77000233:
+/* 0x0434	     */		or	%g0,0,%g3
+                       .L77000215:
+/* 0x0438	     */		fdtox	%f16,%f0
+                       .L900000653:
+/* 0x043c	 256 */		ldd	[%o7],%f6
+/* 0x0440	     */		add	%g4,1,%g4
+/* 0x0444	     */		or	%g0,%i0,%i2
+/* 0x0448	     */		ldd	[%o5],%f8
+/* 0x044c	     */		add	%g3,1,%g3
+/* 0x0450	     */		add	%i3,8,%i3
+/* 0x0454	     */		fmovs	%f6,%f0
+/* 0x0458	     */		ldd	[%o4],%f10
+/* 0x045c	     */		ld	[%sp+2223],%o0
+/* 0x0460	     */		fxtod	%f0,%f6
+/* 0x0464	     */		cmp	%i0,%o0
+/* 0x0468	     */		fmuld	%f6,%f30,%f6
+/* 0x046c	     */		fmuld	%f6,%f8,%f8
+/* 0x0470	     */		fdtox	%f8,%f8
+/* 0x0474	     */		fxtod	%f8,%f8
+/* 0x0478	     */		fmuld	%f8,%f10,%f8
+/* 0x047c	     */		fsubd	%f6,%f8,%f20
+/* 0x0480	     */		ble,a,pt	%icc,.L900000651
+/* 0x0484	     */		ldd	[%i5],%f6
+                       .L900000625:
+/* 0x0488	 256 */		ba	.L900000650
+/* 0x048c	     */		sllx	%g5,3,%g2
+                       .L77000279:
+/* 0x0490	 261 */		ldd	[%i1],%f4
+/* 0x0494	     */		ldd	[%i2],%f6
+/* 0x0498	 273 */		std	%f0,[%i3+8]
+/* 0x049c	     */		std	%f0,[%i3+16]
+/* 0x04a0	 261 */		fmuld	%f4,%f6,%f6
+/* 0x04a4	     */		std	%f6,[%i3]
+/* 0x04a8	 273 */		std	%f0,[%i3+24]
+/* 0x04ac	     */		std	%f0,[%i3+32]
+/* 0x04b0	     */		fdtox	%f6,%f2
+/* 0x04b4	     */		std	%f0,[%i3+40]
+/* 0x04b8	     */		std	%f0,[%i3+48]
+/* 0x04bc	     */		std	%f0,[%i3+56]
+/* 0x04c0	     */		std	%f0,[%i3+64]
+/* 0x04c4	     */		fmovs	%f0,%f2
+/* 0x04c8	     */		std	%f0,[%i3+72]
+/* 0x04cc	     */		std	%f0,[%i3+80]
+/* 0x04d0	     */		std	%f0,[%i3+88]
+/* 0x04d4	     */		std	%f0,[%i3+96]
+/* 0x04d8	     */		std	%f0,[%i3+104]
+/* 0x04dc	     */		std	%f0,[%i3+112]
+/* 0x04e0	     */		std	%f0,[%i3+120]
+/* 0x04e4	     */		std	%f0,[%i3+128]
+/* 0x04e8	     */		std	%f0,[%i3+136]
+/* 0x04ec	     */		std	%f0,[%i3+144]
+/* 0x04f0	     */		std	%f0,[%i3+152]
+/* 0x04f4	     */		std	%f0,[%i3+160]
+/* 0x04f8	     */		std	%f0,[%i3+168]
+/* 0x04fc	     */		fxtod	%f2,%f6
+/* 0x0500	     */		std	%f0,[%i3+176]
+/* 0x0504	 281 */		or	%g0,1,%o2
+/* 0x0508	 273 */		std	%f0,[%i3+184]
+
+!  282		      !       {
+!  284		      !	 m2j=pdm2[j];
+!  285		      !	 a=pdtj[0]+pdn_0*digit;
+!  286		      !	 b=pdtj[1]+pdm1_0*pdm2[j+1]+a*TwoToMinus16;
+
+/* 0x050c	 286 */		sra	%o2,0,%g2
+/* 0x0510	 279 */		or	%g0,%i3,%o3
+/* 0x0514	 273 */		std	%f0,[%i3+192]
+/* 0x0518	 278 */		fmuld	%f6,%f14,%f6
+/* 0x051c	 281 */		or	%g0,0,%g1
+/* 0x0520	 273 */		std	%f0,[%i3+200]
+/* 0x0524	     */		std	%f0,[%i3+208]
+/* 0x0528	     */		std	%f0,[%i3+216]
+/* 0x052c	     */		std	%f0,[%i3+224]
+/* 0x0530	     */		std	%f0,[%i3+232]
+/* 0x0534	     */		std	%f0,[%i3+240]
+/* 0x0538	     */		std	%f0,[%i3+248]
+/* 0x053c	     */		std	%f0,[%i3+256]
+/* 0x0540	     */		std	%f0,[%i3+264]
+/* 0x0544	     */		std	%f0,[%i3+272]
+/* 0x0548	     */		std	%f0,[%i3+280]
+/* 0x054c	     */		std	%f0,[%i3+288]
+/* 0x0550	     */		std	%f0,[%i3+296]
+/* 0x0554	     */		std	%f0,[%i3+304]
+/* 0x0558	     */		std	%f0,[%i3+312]
+/* 0x055c	     */		std	%f0,[%i3+320]
+/* 0x0560	     */		std	%f0,[%i3+328]
+/* 0x0564	     */		std	%f0,[%i3+336]
+/* 0x0568	     */		std	%f0,[%i3+344]
+/* 0x056c	     */		std	%f0,[%i3+352]
+/* 0x0570	     */		std	%f0,[%i3+360]
+/* 0x0574	     */		std	%f0,[%i3+368]
+/* 0x0578	     */		std	%f0,[%i3+376]
+/* 0x057c	     */		std	%f0,[%i3+384]
+/* 0x0580	     */		std	%f0,[%i3+392]
+/* 0x0584	     */		std	%f0,[%i3+400]
+/* 0x0588	     */		std	%f0,[%i3+408]
+/* 0x058c	     */		std	%f0,[%i3+416]
+/* 0x0590	     */		std	%f0,[%i3+424]
+/* 0x0594	     */		std	%f0,[%i3+432]
+/* 0x0598	     */		std	%f0,[%i3+440]
+/* 0x059c	     */		std	%f0,[%i3+448]
+/* 0x05a0	     */		std	%f0,[%i3+456]
+/* 0x05a4	     */		std	%f0,[%i3+464]
+/* 0x05a8	     */		std	%f0,[%i3+472]
+/* 0x05ac	     */		std	%f0,[%i3+480]
+/* 0x05b0	     */		std	%f0,[%i3+488]
+/* 0x05b4	     */		std	%f0,[%i3+496]
+/* 0x05b8	 278 */		ldd	[%o5],%f8
+/* 0x05bc	     */		ldd	[%o4],%f10
+/* 0x05c0	     */		fmuld	%f6,%f8,%f8
+/* 0x05c4	 273 */		std	%f0,[%i3+504]
+/* 0x05c8	     */		std	%f0,[%i3+512]
+/* 0x05cc	     */		std	%f0,[%i3+520]
+/* 0x05d0	     */		fdtox	%f8,%f8
+/* 0x05d4	 275 */		ldd	[%o0],%f0
+/* 0x05d8	     */		fxtod	%f8,%f8
+/* 0x05dc	     */		fmuld	%f8,%f10,%f8
+/* 0x05e0	     */		fsubd	%f6,%f8,%f2
+
+!  287		      !	 pdtj[1]=b;
+!  289		      !	 /**** this loop will be fully unrolled:
+!  290		      !	 for(i=1;i<16;i++)
+!  291		      !	   {
+!  292		      !	     pdtj[2*i]+=pdm1[i]*m2j+pdn[i]*digit;
+!  293		      !	   }
+!  294		      !	 *************************************/
+!  295		      !	     pdtj[2]+=pdm1[1]*m2j+pdn[1]*digit;
+!  296		      !	     pdtj[4]+=pdm1[2]*m2j+pdn[2]*digit;
+!  297		      !	     pdtj[6]+=pdm1[3]*m2j+pdn[3]*digit;
+!  298		      !	     pdtj[8]+=pdm1[4]*m2j+pdn[4]*digit;
+!  299		      !	     pdtj[10]+=pdm1[5]*m2j+pdn[5]*digit;
+!  300		      !	     pdtj[12]+=pdm1[6]*m2j+pdn[6]*digit;
+!  301		      !	     pdtj[14]+=pdm1[7]*m2j+pdn[7]*digit;
+!  302		      !	     pdtj[16]+=pdm1[8]*m2j+pdn[8]*digit;
+!  303		      !	     pdtj[18]+=pdm1[9]*m2j+pdn[9]*digit;
+!  304		      !	     pdtj[20]+=pdm1[10]*m2j+pdn[10]*digit;
+!  305		      !	     pdtj[22]+=pdm1[11]*m2j+pdn[11]*digit;
+!  306		      !	     pdtj[24]+=pdm1[12]*m2j+pdn[12]*digit;
+!  307		      !	     pdtj[26]+=pdm1[13]*m2j+pdn[13]*digit;
+!  308		      !	     pdtj[28]+=pdm1[14]*m2j+pdn[14]*digit;
+!  309		      !	     pdtj[30]+=pdm1[15]*m2j+pdn[15]*digit;
+!  310		      !	 /* no need for cleenup, cannot overflow */
+!  311		      !	 digit=mod(lower32(b,Zero)*dn0,TwoToMinus16,TwoTo16);
+
+
+	fmovd %f2,%f0		! hand modified
+	fmovd %f30,%f18		! hand modified
+	ldd [%o0],%f2
+	ldd [%o3],%f8
+	ldd [%i1],%f10
+	ldd [%o5],%f14		! hand modified
+	ldd [%o4],%f16		! hand modified
+	ldd [%i2],%f24
+
+	ldd [%i1+8],%f26
+	ldd [%i1+16],%f40
+	ldd [%i1+48],%f46
+	ldd [%i1+56],%f30
+	ldd [%i1+64],%f54
+	ldd [%i1+104],%f34
+	ldd [%i1+112],%f58
+
+	ldd [%o0+8],%f28	
+	ldd [%o0+104],%f38
+	ldd [%o0+112],%f60
+
+	.L99999999: 			!1
+	ldd	[%i1+24],%f32
+	fmuld	%f0,%f2,%f4 	!2
+	ldd	[%o0+24],%f36
+	fmuld	%f26,%f24,%f20 	!3
+	ldd	[%i1+40],%f42
+	fmuld	%f28,%f0,%f22 	!4
+	ldd	[%o0+40],%f44
+	fmuld	%f32,%f24,%f32 	!5
+	ldd	[%i2+8],%f6
+	faddd	%f4,%f8,%f4
+	fmuld	%f36,%f0,%f36 	!6
+	add	%i2,8,%i2
+	ldd	[%o0+56],%f50
+	fmuld	%f42,%f24,%f42 	!7
+	ldd	[%i1+72],%f52
+	faddd	%f20,%f22,%f20
+	fmuld	%f44,%f0,%f44 	!8
+	ldd	[%o3+16],%f22
+	fmuld	%f10,%f6,%f12 	!9
+	ldd	[%o0+72],%f56
+	faddd	%f32,%f36,%f32
+	fmuld	%f14,%f4,%f4 !10
+	ldd	[%o3+48],%f36
+	fmuld	%f30,%f24,%f48 	!11
+	ldd	[%o3+8],%f8
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50	!12
+	std	%f20,[%o3+16]
+	faddd	%f42,%f44,%f42
+	fmuld	%f52,%f24,%f52 	!13
+	ldd	[%o3+80],%f44
+	faddd	%f4,%f12,%f4
+	fmuld	%f56,%f0,%f56 	!14
+	ldd	[%i1+88],%f20
+	faddd	%f32,%f36,%f32 	!15
+	ldd	[%o0+88],%f22
+	faddd	%f48,%f50,%f48 	!16
+	ldd	[%o3+112],%f50
+	faddd	%f52,%f56,%f52 	!17
+	ldd	[%o3+144],%f56
+	faddd	%f4,%f8,%f8
+	fmuld	%f20,%f24,%f20 	!18
+	std	%f32,[%o3+48]
+	faddd	%f42,%f44,%f42
+	fmuld	%f22,%f0,%f22 	!19
+	std	%f42,[%o3+80]
+	faddd	%f48,%f50,%f48
+	fmuld	%f34,%f24,%f32 	!20
+	std	%f48,[%o3+112]
+	faddd	%f52,%f56,%f52
+	fmuld	%f38,%f0,%f36 	!21
+	ldd	[%i1+120],%f42
+	fdtox	%f8,%f4 		!22
+	std	%f52,[%o3+144]
+	faddd	%f20,%f22,%f20 	!23
+	ldd	[%o0+120],%f44 	!24
+	ldd	[%o3+176],%f22
+	faddd	%f32,%f36,%f32
+	fmuld	%f42,%f24,%f42 	!25
+	ldd	[%o0+16],%f50
+	fmovs	%f17,%f4 	!26
+	ldd	[%i1+32],%f52
+	fmuld	%f44,%f0,%f44 	!27
+	ldd	[%o0+32],%f56
+	fmuld	%f40,%f24,%f48 	!28
+	ldd	[%o3+208],%f36
+	faddd	%f20,%f22,%f20
+	fmuld	%f50,%f0,%f50 	!29
+	std	%f20,[%o3+176]
+	fxtod	%f4,%f4
+	fmuld	%f52,%f24,%f52 	!30
+	ldd	[%o0+48],%f22
+	faddd	%f42,%f44,%f42
+	fmuld	%f56,%f0,%f56 	!31
+	ldd	[%o3+240],%f44
+	faddd	%f32,%f36,%f32 	!32
+	std	%f32,[%o3+208]
+	faddd	%f48,%f50,%f48
+	fmuld	%f46,%f24,%f20 	!33
+	ldd	[%o3+32],%f50
+	fmuld	%f4,%f18,%f12 	!34
+	ldd	[%o0+64],%f36
+	faddd	%f52,%f56,%f52
+	fmuld	%f22,%f0,%f22 	!35
+	ldd	[%o3+64],%f56
+	faddd	%f42,%f44,%f42 	!36
+	std	%f42,[%o3+240]
+	faddd	%f48,%f50,%f48
+	fmuld	%f54,%f24,%f32 	!37
+	std	%f48,[%o3+32]
+	fmuld	%f12,%f14,%f4 !38
+	ldd	[%i1+80],%f42
+	faddd	%f52,%f56,%f56	! yes, tmp52!
+	fmuld	%f36,%f0,%f36 	!39
+	ldd	[%o0+80],%f44
+	faddd	%f20,%f22,%f20 	!40
+	ldd	[%i1+96],%f48
+	fmuld	%f58,%f24,%f52 	!41
+	ldd	[%o0+96],%f50
+	fdtox	%f4,%f4
+	fmuld	%f42,%f24,%f42 	!42
+	std	%f56,[%o3+64]	! yes, tmp52!
+	faddd	%f32,%f36,%f32
+	fmuld	%f44,%f0,%f44 	!43
+	ldd	[%o3+96],%f22
+	fmuld	%f48,%f24,%f48 	!44
+	ldd	[%o3+128],%f36
+	fmovd	%f6,%f24
+	fmuld	%f50,%f0,%f50 	!45
+	fxtod	%f4,%f4
+	fmuld	%f60,%f0,%f56 	!46
+	add	%o3,8,%o3
+	faddd	%f42,%f44,%f42 	!47
+	ldd	[%o3+160-8],%f44
+	faddd	%f20,%f22,%f20 	!48
+	std	%f20,[%o3+96-8]
+	faddd	%f48,%f50,%f48 	!49
+	ldd	[%o3+192-8],%f50
+	faddd	%f52,%f56,%f52
+	fmuld	%f4,%f16,%f4 	!50
+	ldd	[%o3+224-8],%f56
+	faddd	%f32,%f36,%f32 	!51
+	std	%f32,[%o3+128-8]
+	faddd	%f42,%f44,%f42 	!52
+	add	%g1,1,%g1
+	std	%f42,[%o3+160-8]
+	faddd	%f48,%f50,%f48 	!53
+	cmp	%g1,31
+	std	%f48,[%o3+192-8]
+	fsubd	%f12,%f4,%f0 	!54
+	faddd	%f52,%f56,%f52
+	ble,pt	%icc,.L99999999
+	std	%f52,[%o3+224-8] 	!55
+	std %f8,[%o3]
+!  312		      !       }
+!  313		      !   }
+!  315		      ! conv_d16_to_i32(result,dt+2*nlen,(long long *)dt,nlen+1);
+
+/* 0x0844	 315 */		sllx	%g5,3,%g2
+                       .L900000650:
+/* 0x0848	 315 */		ldd	[%g2+%l4],%f2
+/* 0x084c	     */		add	%l4,%g2,%o0
+/* 0x0850	     */		or	%g0,0,%g1
+/* 0x0854	     */		ldd	[%o0+8],%f4
+/* 0x0858	     */		or	%g0,0,%i2
+/* 0x085c	     */		cmp	%l0,0
+/* 0x0860	     */		fdtox	%f2,%f2
+/* 0x0864	     */		std	%f2,[%sp+2255]
+/* 0x0868	 311 */		sethi	%hi(0xfc00),%o3
+/* 0x086c	 315 */		fdtox	%f4,%f2
+/* 0x0870	     */		std	%f2,[%sp+2247]
+/* 0x0874	 311 */		or	%g0,-1,%o2
+/* 0x0878	     */		srl	%o2,0,%o5
+/* 0x087c	     */		or	%g0,2,%g5
+/* 0x0880	     */		sub	%l0,1,%g3
+/* 0x0884	     */		or	%g0,%o0,%o7
+/* 0x0888	     */		add	%o3,1023,%o4
+/* 0x088c	 315 */		or	%g0,64,%o3
+/* 0x0890	     */		ldx	[%sp+2255],%i0
+/* 0x0894	     */		sub	%l0,2,%o1
+/* 0x0898	     */		ldx	[%sp+2247],%i1
+/* 0x089c	     */		ble,pt	%icc,.L900000648
+/* 0x08a0	     */		sethi	%hi(0xfc00),%g2
+/* 0x08a4	     */		cmp	%l0,6
+/* 0x08a8	     */		and	%i0,%o5,%o2
+/* 0x08ac	     */		bl,pn	%icc,.L77000287
+/* 0x08b0	     */		or	%g0,3,%g4
+/* 0x08b4	     */		ldd	[%o7+16],%f0
+/* 0x08b8	     */		and	%i1,%o4,%i3
+/* 0x08bc	     */		sllx	%i3,16,%o0
+/* 0x08c0	     */		or	%g0,5,%g4
+/* 0x08c4	     */		srax	%i1,16,%i4
+/* 0x08c8	     */		fdtox	%f0,%f0
+/* 0x08cc	     */		std	%f0,[%sp+2239]
+/* 0x08d0	     */		srax	%i0,32,%i1
+/* 0x08d4	     */		add	%o2,%o0,%i5
+/* 0x08d8	     */		ldd	[%o7+24],%f0
+/* 0x08dc	     */		and	%i5,%o5,%l1
+/* 0x08e0	     */		or	%g0,72,%o2
+/* 0x08e4	     */		or	%g0,4,%o0
+/* 0x08e8	     */		or	%g0,4,%g5
+/* 0x08ec	     */		ldx	[%sp+2239],%g1
+/* 0x08f0	     */		fdtox	%f0,%f0
+/* 0x08f4	     */		or	%g0,4,%i2
+/* 0x08f8	     */		std	%f0,[%sp+2231]
+/* 0x08fc	     */		ldd	[%o7+40],%f2
+/* 0x0900	     */		and	%g1,%o5,%i3
+/* 0x0904	     */		ldd	[%o7+32],%f0
+/* 0x0908	     */		srax	%g1,32,%g1
+/* 0x090c	     */		ldd	[%o7+56],%f4
+/* 0x0910	     */		fdtox	%f2,%f2
+/* 0x0914	     */		ldx	[%sp+2231],%g2
+/* 0x0918	     */		fdtox	%f0,%f0
+/* 0x091c	     */		st	%l1,[%l2]
+/* 0x0920	     */		srax	%i5,32,%l1
+/* 0x0924	     */		fdtox	%f4,%f4
+/* 0x0928	     */		std	%f2,[%sp+2231]
+/* 0x092c	     */		and	%g2,%o4,%i5
+/* 0x0930	     */		add	%i4,%l1,%i4
+/* 0x0934	     */		std	%f0,[%sp+2239]
+/* 0x0938	     */		sllx	%i5,16,%i0
+/* 0x093c	     */		add	%i1,%i4,%i1
+/* 0x0940	     */		ldd	[%o7+48],%f2
+/* 0x0944	     */		srax	%g2,16,%g2
+/* 0x0948	     */		add	%i3,%i0,%i0
+/* 0x094c	     */		ldd	[%o7+72],%f0
+/* 0x0950	     */		add	%i0,%i1,%i3
+/* 0x0954	     */		srax	%i3,32,%i4
+/* 0x0958	     */		fdtox	%f2,%f2
+/* 0x095c	     */		and	%i3,%o5,%i3
+/* 0x0960	     */		ldx	[%sp+2231],%i1
+/* 0x0964	     */		add	%g2,%i4,%g2
+/* 0x0968	     */		ldx	[%sp+2239],%i0
+/* 0x096c	     */		add	%g1,%g2,%g1
+/* 0x0970	     */		std	%f2,[%sp+2239]
+/* 0x0974	     */		std	%f4,[%sp+2231]
+/* 0x0978	     */		ldd	[%o7+64],%f2
+/* 0x097c	     */		st	%i3,[%l2+4]
+                       .L900000631:
+/* 0x0980	     */		ldx	[%sp+2231],%i3
+/* 0x0984	     */		add	%i2,2,%i2
+/* 0x0988	     */		add	%g4,4,%g4
+/* 0x098c	     */		ldx	[%sp+2239],%i5
+/* 0x0990	     */		add	%o2,16,%o2
+/* 0x0994	     */		and	%i1,%o4,%g2
+/* 0x0998	     */		sllx	%g2,16,%i4
+/* 0x099c	     */		and	%i0,%o5,%g2
+/* 0x09a0	     */		ldd	[%o7+%o2],%f4
+/* 0x09a4	     */		fdtox	%f0,%f0
+/* 0x09a8	     */		std	%f0,[%sp+2231]
+/* 0x09ac	     */		srax	%i1,16,%i1
+/* 0x09b0	     */		add	%g2,%i4,%g2
+/* 0x09b4	     */		fdtox	%f2,%f0
+/* 0x09b8	     */		add	%o3,16,%o3
+/* 0x09bc	     */		std	%f0,[%sp+2239]
+/* 0x09c0	     */		add	%g2,%g1,%g1
+/* 0x09c4	     */		ldd	[%o7+%o3],%f2
+/* 0x09c8	     */		srax	%g1,32,%i4
+/* 0x09cc	     */		cmp	%i2,%o1
+/* 0x09d0	     */		srax	%i0,32,%g2
+/* 0x09d4	     */		add	%i1,%i4,%i0
+/* 0x09d8	     */		add	%g2,%i0,%i4
+/* 0x09dc	     */		add	%o0,4,%o0
+/* 0x09e0	     */		and	%g1,%o5,%g2
+/* 0x09e4	     */		or	%g0,%i5,%g1
+/* 0x09e8	     */		st	%g2,[%l2+%o0]
+/* 0x09ec	     */		add	%g5,4,%g5
+/* 0x09f0	     */		ldx	[%sp+2231],%i1
+/* 0x09f4	     */		ldx	[%sp+2239],%i0
+/* 0x09f8	     */		add	%o2,16,%o2
+/* 0x09fc	     */		and	%i3,%o4,%g2
+/* 0x0a00	     */		sllx	%g2,16,%i5
+/* 0x0a04	     */		and	%g1,%o5,%g2
+/* 0x0a08	     */		ldd	[%o7+%o2],%f0
+/* 0x0a0c	     */		fdtox	%f4,%f4
+/* 0x0a10	     */		std	%f4,[%sp+2231]
+/* 0x0a14	     */		srax	%i3,16,%i3
+/* 0x0a18	     */		add	%g2,%i5,%g2
+/* 0x0a1c	     */		fdtox	%f2,%f2
+/* 0x0a20	     */		add	%o3,16,%o3
+/* 0x0a24	     */		std	%f2,[%sp+2239]
+/* 0x0a28	     */		add	%g2,%i4,%g2
+/* 0x0a2c	     */		ldd	[%o7+%o3],%f2
+/* 0x0a30	     */		srax	%g2,32,%i4
+/* 0x0a34	     */		srax	%g1,32,%g1
+/* 0x0a38	     */		add	%i3,%i4,%i3
+/* 0x0a3c	     */		add	%g1,%i3,%g1
+/* 0x0a40	     */		add	%o0,4,%o0
+/* 0x0a44	     */		and	%g2,%o5,%g2
+/* 0x0a48	     */		ble,pt	%icc,.L900000631
+/* 0x0a4c	     */		st	%g2,[%l2+%o0]
+                       .L900000634:
+/* 0x0a50	     */		srax	%i1,16,%i5
+/* 0x0a54	     */		ldx	[%sp+2231],%o1
+/* 0x0a58	     */		and	%i1,%o4,%i3
+/* 0x0a5c	     */		sllx	%i3,16,%i3
+/* 0x0a60	     */		ldx	[%sp+2239],%i4
+/* 0x0a64	     */		and	%i0,%o5,%g2
+/* 0x0a68	     */		add	%g2,%i3,%g2
+/* 0x0a6c	     */		and	%o1,%o4,%i3
+/* 0x0a70	     */		fdtox	%f0,%f4
+/* 0x0a74	     */		sllx	%i3,16,%i3
+/* 0x0a78	     */		std	%f4,[%sp+2231]
+/* 0x0a7c	     */		add	%g2,%g1,%g2
+/* 0x0a80	     */		srax	%g2,32,%l1
+/* 0x0a84	     */		and	%i4,%o5,%i1
+/* 0x0a88	     */		fdtox	%f2,%f0
+/* 0x0a8c	     */		srax	%i0,32,%g1
+/* 0x0a90	     */		std	%f0,[%sp+2239]
+/* 0x0a94	     */		add	%i5,%l1,%i0
+/* 0x0a98	     */		srax	%o1,16,%o1
+/* 0x0a9c	     */		add	%g1,%i0,%i0
+/* 0x0aa0	     */		add	%o0,4,%g1
+/* 0x0aa4	     */		add	%i1,%i3,%o0
+/* 0x0aa8	     */		and	%g2,%o5,%g2
+/* 0x0aac	     */		st	%g2,[%l2+%g1]
+/* 0x0ab0	     */		add	%o0,%i0,%o0
+/* 0x0ab4	     */		srax	%o0,32,%i3
+/* 0x0ab8	     */		ldx	[%sp+2231],%i1
+/* 0x0abc	     */		add	%g1,4,%g1
+/* 0x0ac0	     */		ldx	[%sp+2239],%i0
+/* 0x0ac4	     */		and	%o0,%o5,%g2
+/* 0x0ac8	     */		add	%o1,%i3,%o1
+/* 0x0acc	     */		srax	%i4,32,%o0
+/* 0x0ad0	     */		cmp	%i2,%g3
+/* 0x0ad4	     */		st	%g2,[%l2+%g1]
+/* 0x0ad8	     */		bg,pn	%icc,.L77000236
+/* 0x0adc	     */		add	%o0,%o1,%g1
+/* 0x0ae0	     */		add	%g4,6,%g4
+/* 0x0ae4	     */		add	%g5,6,%g5
+                       .L77000287:
+/* 0x0ae8	     */		sra	%g5,0,%o1
+                       .L900000647:
+/* 0x0aec	     */		sllx	%o1,3,%o2
+/* 0x0af0	     */		and	%i0,%o5,%o0
+/* 0x0af4	     */		ldd	[%o7+%o2],%f0
+/* 0x0af8	     */		sra	%g4,0,%o2
+/* 0x0afc	     */		and	%i1,%o4,%o1
+/* 0x0b00	     */		sllx	%o2,3,%o2
+/* 0x0b04	     */		add	%g1,%o0,%o0
+/* 0x0b08	     */		fdtox	%f0,%f0
+/* 0x0b0c	     */		std	%f0,[%sp+2239]
+/* 0x0b10	     */		sllx	%o1,16,%o1
+/* 0x0b14	     */		add	%o0,%o1,%o1
+/* 0x0b18	     */		add	%g5,2,%g5
+/* 0x0b1c	     */		ldd	[%o7+%o2],%f0
+/* 0x0b20	     */		srax	%o1,32,%g1
+/* 0x0b24	     */		and	%o1,%o5,%o2
+/* 0x0b28	     */		srax	%i1,16,%o0
+/* 0x0b2c	     */		add	%g4,2,%g4
+/* 0x0b30	     */		fdtox	%f0,%f0
+/* 0x0b34	     */		std	%f0,[%sp+2231]
+/* 0x0b38	     */		sra	%i2,0,%o1
+/* 0x0b3c	     */		sllx	%o1,2,%o1
+/* 0x0b40	     */		add	%o0,%g1,%g2
+/* 0x0b44	     */		srax	%i0,32,%g1
+/* 0x0b48	     */		add	%i2,1,%i2
+/* 0x0b4c	     */		add	%g1,%g2,%g1
+/* 0x0b50	     */		cmp	%i2,%g3
+/* 0x0b54	     */		ldx	[%sp+2239],%o3
+/* 0x0b58	     */		ldx	[%sp+2231],%i1
+/* 0x0b5c	     */		st	%o2,[%l2+%o1]
+/* 0x0b60	     */		or	%g0,%o3,%i0
+/* 0x0b64	     */		ble,pt	%icc,.L900000647
+/* 0x0b68	     */		sra	%g5,0,%o1
+                       .L77000236:
+/* 0x0b6c	     */		sethi	%hi(0xfc00),%g2
+                       .L900000648:
+/* 0x0b70	     */		or	%g0,-1,%o0
+/* 0x0b74	     */		add	%g2,1023,%g2
+/* 0x0b78	     */		srl	%o0,0,%g3
+/* 0x0b7c	     */		and	%i1,%g2,%g2
+/* 0x0b80	     */		and	%i0,%g3,%g4
+/* 0x0b84	     */		sllx	%g2,16,%g2
+/* 0x0b88	     */		add	%g1,%g4,%g4
+/* 0x0b8c	     */		sra	%i2,0,%g5
+/* 0x0b90	     */		add	%g4,%g2,%g4
+/* 0x0b94	     */		sllx	%g5,2,%g2
+/* 0x0b98	     */		and	%g4,%g3,%g3
+/* 0x0b9c	     */		st	%g3,[%l2+%g2]
+
+!  317		      ! adjust_montf_result(result,nint,nlen); 
+
+/* 0x0ba0	 317 */		sra	%l0,0,%g4
+/* 0x0ba4	     */		sllx	%g4,2,%g2
+/* 0x0ba8	     */		ld	[%l2+%g2],%g2
+/* 0x0bac	     */		cmp	%g2,0
+/* 0x0bb0	     */		bleu,pn	%icc,.L77000241
+/* 0x0bb4	     */		or	%g0,-1,%o1
+/* 0x0bb8	     */		ba	.L900000646
+/* 0x0bbc	     */		cmp	%o1,0
+                       .L77000241:
+/* 0x0bc0	     */		sub	%l0,1,%o1
+/* 0x0bc4	     */		cmp	%o1,0
+/* 0x0bc8	     */		bl,pn	%icc,.L77000244
+/* 0x0bcc	     */		sra	%o1,0,%g2
+                       .L900000645:
+/* 0x0bd0	     */		sllx	%g2,2,%g2
+/* 0x0bd4	     */		sub	%o1,1,%o0
+/* 0x0bd8	     */		ld	[%l3+%g2],%g3
+/* 0x0bdc	     */		ld	[%l2+%g2],%g2
+/* 0x0be0	     */		cmp	%g2,%g3
+/* 0x0be4	     */		bne,pn	%icc,.L77000244
+/* 0x0be8	     */		nop
+/* 0x0bec	   0 */		or	%g0,%o0,%o1
+/* 0x0bf0	 317 */		cmp	%o0,0
+/* 0x0bf4	     */		bge,pt	%icc,.L900000645
+/* 0x0bf8	     */		sra	%o1,0,%g2
+                       .L77000244:
+/* 0x0bfc	     */		cmp	%o1,0
+                       .L900000646:
+/* 0x0c00	     */		bl,pn	%icc,.L77000288
+/* 0x0c04	     */		sra	%o1,0,%g2
+/* 0x0c08	     */		sllx	%g2,2,%g2
+/* 0x0c0c	     */		ld	[%l3+%g2],%g3
+/* 0x0c10	     */		ld	[%l2+%g2],%g2
+/* 0x0c14	     */		cmp	%g2,%g3
+/* 0x0c18	     */		bleu,pt	%icc,.L77000224
+/* 0x0c1c	     */		nop
+                       .L77000288:
+/* 0x0c20	     */		cmp	%l0,0
+/* 0x0c24	     */		ble,pt	%icc,.L77000224
+/* 0x0c28	     */		nop
+/* 0x0c2c	 317 */		or	%g0,-1,%g2
+/* 0x0c30	 315 */		or	%g0,0,%i0
+/* 0x0c34	 317 */		srl	%g2,0,%g2
+/* 0x0c38	 315 */		or	%g0,0,%g4
+/* 0x0c3c	     */		or	%g0,0,%o1
+/* 0x0c40	 317 */		sub	%l0,1,%g5
+/* 0x0c44	     */		cmp	%l0,9
+/* 0x0c48	 315 */		or	%g0,8,%o5
+/* 0x0c4c	     */		bl,pn	%icc,.L77000289
+/* 0x0c50	     */		sub	%l0,4,%o7
+/* 0x0c54	     */		ld	[%l2],%o1
+/* 0x0c58	     */		or	%g0,5,%i0
+/* 0x0c5c	     */		ld	[%l3],%o2
+/* 0x0c60	     */		or	%g0,12,%o4
+/* 0x0c64	     */		or	%g0,16,%g1
+/* 0x0c68	     */		ld	[%l3+4],%o3
+/* 0x0c6c	     */		ld	[%l2+4],%o0
+/* 0x0c70	     */		sub	%o1,%o2,%o1
+/* 0x0c74	     */		ld	[%l3+8],%i1
+/* 0x0c78	     */		and	%o1,%g2,%g4
+/* 0x0c7c	     */		st	%g4,[%l2]
+/* 0x0c80	     */		srax	%o1,32,%g4
+/* 0x0c84	     */		sub	%o0,%o3,%o0
+/* 0x0c88	     */		ld	[%l3+12],%o2
+/* 0x0c8c	     */		add	%o0,%g4,%o0
+/* 0x0c90	     */		and	%o0,%g2,%g4
+/* 0x0c94	     */		st	%g4,[%l2+4]
+/* 0x0c98	     */		srax	%o0,32,%o0
+/* 0x0c9c	     */		ld	[%l2+8],%o1
+/* 0x0ca0	     */		ld	[%l2+12],%o3
+/* 0x0ca4	     */		sub	%o1,%i1,%o1
+                       .L900000635:
+/* 0x0ca8	     */		add	%g1,4,%g3
+/* 0x0cac	     */		ld	[%g1+%l2],%g4
+/* 0x0cb0	     */		add	%o1,%o0,%o0
+/* 0x0cb4	     */		ld	[%l3+%g1],%i1
+/* 0x0cb8	     */		sub	%o3,%o2,%o1
+/* 0x0cbc	     */		and	%o0,%g2,%o2
+/* 0x0cc0	     */		st	%o2,[%o5+%l2]
+/* 0x0cc4	     */		srax	%o0,32,%o2
+/* 0x0cc8	     */		add	%i0,4,%i0
+/* 0x0ccc	     */		add	%g1,8,%o5
+/* 0x0cd0	     */		ld	[%g3+%l2],%o0
+/* 0x0cd4	     */		add	%o1,%o2,%o1
+/* 0x0cd8	     */		ld	[%l3+%g3],%o3
+/* 0x0cdc	     */		sub	%g4,%i1,%o2
+/* 0x0ce0	     */		and	%o1,%g2,%g4
+/* 0x0ce4	     */		st	%g4,[%o4+%l2]
+/* 0x0ce8	     */		srax	%o1,32,%g4
+/* 0x0cec	     */		cmp	%i0,%o7
+/* 0x0cf0	     */		add	%g1,12,%o4
+/* 0x0cf4	     */		ld	[%o5+%l2],%o1
+/* 0x0cf8	     */		add	%o2,%g4,%o2
+/* 0x0cfc	     */		ld	[%l3+%o5],%i1
+/* 0x0d00	     */		sub	%o0,%o3,%o0
+/* 0x0d04	     */		and	%o2,%g2,%o3
+/* 0x0d08	     */		st	%o3,[%g1+%l2]
+/* 0x0d0c	     */		srax	%o2,32,%g4
+/* 0x0d10	     */		ld	[%o4+%l2],%o3
+/* 0x0d14	     */		add	%g1,16,%g1
+/* 0x0d18	     */		add	%o0,%g4,%o0
+/* 0x0d1c	     */		ld	[%l3+%o4],%o2
+/* 0x0d20	     */		sub	%o1,%i1,%o1
+/* 0x0d24	     */		and	%o0,%g2,%g4
+/* 0x0d28	     */		st	%g4,[%g3+%l2]
+/* 0x0d2c	     */		ble,pt	%icc,.L900000635
+/* 0x0d30	     */		srax	%o0,32,%o0
+                       .L900000638:
+/* 0x0d34	     */		add	%o1,%o0,%g3
+/* 0x0d38	     */		sub	%o3,%o2,%o1
+/* 0x0d3c	     */		ld	[%g1+%l2],%o0
+/* 0x0d40	     */		ld	[%l3+%g1],%o2
+/* 0x0d44	     */		srax	%g3,32,%o7
+/* 0x0d48	     */		and	%g3,%g2,%o3
+/* 0x0d4c	     */		add	%o1,%o7,%o1
+/* 0x0d50	     */		st	%o3,[%o5+%l2]
+/* 0x0d54	     */		cmp	%i0,%g5
+/* 0x0d58	     */		sub	%o0,%o2,%o0
+/* 0x0d5c	     */		and	%o1,%g2,%o2
+/* 0x0d60	     */		st	%o2,[%o4+%l2]
+/* 0x0d64	     */		srax	%o1,32,%o1
+/* 0x0d68	     */		sra	%i0,0,%o2
+/* 0x0d6c	     */		add	%o0,%o1,%o0
+/* 0x0d70	     */		srax	%o0,32,%g4
+/* 0x0d74	     */		and	%o0,%g2,%o1
+/* 0x0d78	     */		st	%o1,[%g1+%l2]
+/* 0x0d7c	     */		bg,pn	%icc,.L77000224
+/* 0x0d80	     */		sllx	%o2,2,%o1
+                       .L77000289:
+/* 0x0d84	   0 */		or	%g0,%o1,%g1
+                       .L900000644:
+/* 0x0d88	     */		ld	[%o1+%l2],%o0
+/* 0x0d8c	     */		add	%i0,1,%i0
+/* 0x0d90	     */		ld	[%l3+%o1],%o1
+/* 0x0d94	     */		sra	%i0,0,%o2
+/* 0x0d98	     */		cmp	%i0,%g5
+/* 0x0d9c	     */		add	%g4,%o0,%o0
+/* 0x0da0	     */		sub	%o0,%o1,%o0
+/* 0x0da4	     */		srax	%o0,32,%g4
+/* 0x0da8	     */		and	%o0,%g2,%o1
+/* 0x0dac	     */		st	%o1,[%g1+%l2]
+/* 0x0db0	     */		sllx	%o2,2,%o1
+/* 0x0db4	     */		ble,pt	%icc,.L900000644
+/* 0x0db8	     */		or	%g0,%o1,%g1
+                       .L77000224:
+/* 0x0dbc	     */		ret	! Result = 
+/* 0x0dc0	     */		restore	%g0,%g0,%g0
+/* 0x0dc4	   0 */		.type	mont_mulf_noconv,2
+/* 0x0dc4	     */		.size	mont_mulf_noconv,(.-mont_mulf_noconv)
+
diff --git a/nss/lib/freebl/mpi/mp_comba.c b/nss/lib/freebl/mpi/mp_comba.c
new file mode 100644
index 0000000..3b4937b
--- /dev/null
+++ b/nss/lib/freebl/mpi/mp_comba.c
@@ -0,0 +1,3235 @@
+/*
+ * The below file is derived from TFM v0.03.
+ * It contains code from fp_mul_comba.c and
+ * fp_sqr_comba.c, which contained the following license.
+ *
+ * Right now, the assembly in this file limits
+ * this code to AMD 64.
+ *
+ * This file is public domain.
+ */
+
+/* TomsFastMath, a fast ISO C bignum library.
+ *
+ * This project is meant to fill in where LibTomMath
+ * falls short.  That is speed ;-)
+ *
+ * This project is public domain and free for all purposes.
+ *
+ * Tom St Denis, tomstdenis@iahu.ca
+ */
+
+#include "mpi-priv.h"
+
+/* clamp digits */
+#define mp_clamp(a)                                      \
+    {                                                    \
+        while ((a)->used && (a)->dp[(a)->used - 1] == 0) \
+            --((a)->used);                               \
+        (a)->sign = (a)->used ? (a)->sign : ZPOS;        \
+    }
+
+/* anything you need at the start */
+#define COMBA_START
+
+/* clear the chaining variables */
+#define COMBA_CLEAR \
+    c0 = c1 = c2 = 0;
+
+/* forward the carry to the next digit */
+#define COMBA_FORWARD \
+    do {              \
+        c0 = c1;      \
+        c1 = c2;      \
+        c2 = 0;       \
+    } while (0);
+
+/* anything you need at the end */
+#define COMBA_FINI
+
+/* this should multiply i and j  */
+#define MULADD(i, j)                                \
+    __asm__(                                        \
+        "movq  %6,%%rax     \n\t"                   \
+        "mulq  %7           \n\t"                   \
+        "addq  %%rax,%0     \n\t"                   \
+        "adcq  %%rdx,%1     \n\t"                   \
+        "adcq  $0,%2        \n\t"                   \
+        : "=r"(c0), "=r"(c1), "=r"(c2)              \
+        : "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) \
+        : "%rax", "%rdx", "cc");
+
+/* sqr macros only */
+#define CLEAR_CARRY \
+    c0 = c1 = c2 = 0;
+
+#define COMBA_STORE(x) \
+    x = c0;
+
+#define COMBA_STORE2(x) \
+    x = c1;
+
+#define CARRY_FORWARD \
+    do {              \
+        c0 = c1;      \
+        c1 = c2;      \
+        c2 = 0;       \
+    } while (0);
+
+#define COMBA_FINI
+
+#define SQRADD(i, j)                        \
+    __asm__(                                \
+        "movq  %6,%%rax     \n\t"           \
+        "mulq  %%rax        \n\t"           \
+        "addq  %%rax,%0     \n\t"           \
+        "adcq  %%rdx,%1     \n\t"           \
+        "adcq  $0,%2        \n\t"           \
+        : "=r"(c0), "=r"(c1), "=r"(c2)      \
+        : "0"(c0), "1"(c1), "2"(c2), "g"(i) \
+        : "%rax", "%rdx", "cc");
+
+#define SQRADD2(i, j)                               \
+    __asm__(                                        \
+        "movq  %6,%%rax     \n\t"                   \
+        "mulq  %7           \n\t"                   \
+        "addq  %%rax,%0     \n\t"                   \
+        "adcq  %%rdx,%1     \n\t"                   \
+        "adcq  $0,%2        \n\t"                   \
+        "addq  %%rax,%0     \n\t"                   \
+        "adcq  %%rdx,%1     \n\t"                   \
+        "adcq  $0,%2        \n\t"                   \
+        : "=r"(c0), "=r"(c1), "=r"(c2)              \
+        : "0"(c0), "1"(c1), "2"(c2), "g"(i), "g"(j) \
+        : "%rax", "%rdx", "cc");
+
+#define SQRADDSC(i, j)                    \
+    __asm__(                              \
+        "movq  %3,%%rax     \n\t"         \
+        "mulq  %4           \n\t"         \
+        "movq  %%rax,%0     \n\t"         \
+        "movq  %%rdx,%1     \n\t"         \
+        "xorq  %2,%2        \n\t"         \
+        : "=r"(sc0), "=r"(sc1), "=r"(sc2) \
+        : "g"(i), "g"(j)                  \
+        : "%rax", "%rdx", "cc");
+
+#define SQRADDAC(i, j)                                 \
+    __asm__(                                           \
+        "movq  %6,%%rax     \n\t"                      \
+        "mulq  %7           \n\t"                      \
+        "addq  %%rax,%0     \n\t"                      \
+        "adcq  %%rdx,%1     \n\t"                      \
+        "adcq  $0,%2        \n\t"                      \
+        : "=r"(sc0), "=r"(sc1), "=r"(sc2)              \
+        : "0"(sc0), "1"(sc1), "2"(sc2), "g"(i), "g"(j) \
+        : "%rax", "%rdx", "cc");
+
+#define SQRADDDB                                                  \
+    __asm__(                                                      \
+        "addq %6,%0         \n\t"                                 \
+        "adcq %7,%1         \n\t"                                 \
+        "adcq %8,%2         \n\t"                                 \
+        "addq %6,%0         \n\t"                                 \
+        "adcq %7,%1         \n\t"                                 \
+        "adcq %8,%2         \n\t"                                 \
+        : "=&r"(c0), "=&r"(c1), "=&r"(c2)                         \
+        : "0"(c0), "1"(c1), "2"(c2), "r"(sc0), "r"(sc1), "r"(sc2) \
+        : "cc");
+
+void
+s_mp_mul_comba_4(const mp_int *A, const mp_int *B, mp_int *C)
+{
+    mp_digit c0, c1, c2, at[8];
+
+    memcpy(at, A->dp, 4 * sizeof(mp_digit));
+    memcpy(at + 4, B->dp, 4 * sizeof(mp_digit));
+    COMBA_START;
+
+    COMBA_CLEAR;
+    /* 0 */
+    MULADD(at[0], at[4]);
+    COMBA_STORE(C->dp[0]);
+    /* 1 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[5]);
+    MULADD(at[1], at[4]);
+    COMBA_STORE(C->dp[1]);
+    /* 2 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[6]);
+    MULADD(at[1], at[5]);
+    MULADD(at[2], at[4]);
+    COMBA_STORE(C->dp[2]);
+    /* 3 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[7]);
+    MULADD(at[1], at[6]);
+    MULADD(at[2], at[5]);
+    MULADD(at[3], at[4]);
+    COMBA_STORE(C->dp[3]);
+    /* 4 */
+    COMBA_FORWARD;
+    MULADD(at[1], at[7]);
+    MULADD(at[2], at[6]);
+    MULADD(at[3], at[5]);
+    COMBA_STORE(C->dp[4]);
+    /* 5 */
+    COMBA_FORWARD;
+    MULADD(at[2], at[7]);
+    MULADD(at[3], at[6]);
+    COMBA_STORE(C->dp[5]);
+    /* 6 */
+    COMBA_FORWARD;
+    MULADD(at[3], at[7]);
+    COMBA_STORE(C->dp[6]);
+    COMBA_STORE2(C->dp[7]);
+    C->used = 8;
+    C->sign = A->sign ^ B->sign;
+    mp_clamp(C);
+    COMBA_FINI;
+}
+
+void
+s_mp_mul_comba_8(const mp_int *A, const mp_int *B, mp_int *C)
+{
+    mp_digit c0, c1, c2, at[16];
+
+    memcpy(at, A->dp, 8 * sizeof(mp_digit));
+    memcpy(at + 8, B->dp, 8 * sizeof(mp_digit));
+    COMBA_START;
+
+    COMBA_CLEAR;
+    /* 0 */
+    MULADD(at[0], at[8]);
+    COMBA_STORE(C->dp[0]);
+    /* 1 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[9]);
+    MULADD(at[1], at[8]);
+    COMBA_STORE(C->dp[1]);
+    /* 2 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[10]);
+    MULADD(at[1], at[9]);
+    MULADD(at[2], at[8]);
+    COMBA_STORE(C->dp[2]);
+    /* 3 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[11]);
+    MULADD(at[1], at[10]);
+    MULADD(at[2], at[9]);
+    MULADD(at[3], at[8]);
+    COMBA_STORE(C->dp[3]);
+    /* 4 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[12]);
+    MULADD(at[1], at[11]);
+    MULADD(at[2], at[10]);
+    MULADD(at[3], at[9]);
+    MULADD(at[4], at[8]);
+    COMBA_STORE(C->dp[4]);
+    /* 5 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[13]);
+    MULADD(at[1], at[12]);
+    MULADD(at[2], at[11]);
+    MULADD(at[3], at[10]);
+    MULADD(at[4], at[9]);
+    MULADD(at[5], at[8]);
+    COMBA_STORE(C->dp[5]);
+    /* 6 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[14]);
+    MULADD(at[1], at[13]);
+    MULADD(at[2], at[12]);
+    MULADD(at[3], at[11]);
+    MULADD(at[4], at[10]);
+    MULADD(at[5], at[9]);
+    MULADD(at[6], at[8]);
+    COMBA_STORE(C->dp[6]);
+    /* 7 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[15]);
+    MULADD(at[1], at[14]);
+    MULADD(at[2], at[13]);
+    MULADD(at[3], at[12]);
+    MULADD(at[4], at[11]);
+    MULADD(at[5], at[10]);
+    MULADD(at[6], at[9]);
+    MULADD(at[7], at[8]);
+    COMBA_STORE(C->dp[7]);
+    /* 8 */
+    COMBA_FORWARD;
+    MULADD(at[1], at[15]);
+    MULADD(at[2], at[14]);
+    MULADD(at[3], at[13]);
+    MULADD(at[4], at[12]);
+    MULADD(at[5], at[11]);
+    MULADD(at[6], at[10]);
+    MULADD(at[7], at[9]);
+    COMBA_STORE(C->dp[8]);
+    /* 9 */
+    COMBA_FORWARD;
+    MULADD(at[2], at[15]);
+    MULADD(at[3], at[14]);
+    MULADD(at[4], at[13]);
+    MULADD(at[5], at[12]);
+    MULADD(at[6], at[11]);
+    MULADD(at[7], at[10]);
+    COMBA_STORE(C->dp[9]);
+    /* 10 */
+    COMBA_FORWARD;
+    MULADD(at[3], at[15]);
+    MULADD(at[4], at[14]);
+    MULADD(at[5], at[13]);
+    MULADD(at[6], at[12]);
+    MULADD(at[7], at[11]);
+    COMBA_STORE(C->dp[10]);
+    /* 11 */
+    COMBA_FORWARD;
+    MULADD(at[4], at[15]);
+    MULADD(at[5], at[14]);
+    MULADD(at[6], at[13]);
+    MULADD(at[7], at[12]);
+    COMBA_STORE(C->dp[11]);
+    /* 12 */
+    COMBA_FORWARD;
+    MULADD(at[5], at[15]);
+    MULADD(at[6], at[14]);
+    MULADD(at[7], at[13]);
+    COMBA_STORE(C->dp[12]);
+    /* 13 */
+    COMBA_FORWARD;
+    MULADD(at[6], at[15]);
+    MULADD(at[7], at[14]);
+    COMBA_STORE(C->dp[13]);
+    /* 14 */
+    COMBA_FORWARD;
+    MULADD(at[7], at[15]);
+    COMBA_STORE(C->dp[14]);
+    COMBA_STORE2(C->dp[15]);
+    C->used = 16;
+    C->sign = A->sign ^ B->sign;
+    mp_clamp(C);
+    COMBA_FINI;
+}
+
+void
+s_mp_mul_comba_16(const mp_int *A, const mp_int *B, mp_int *C)
+{
+    mp_digit c0, c1, c2, at[32];
+
+    memcpy(at, A->dp, 16 * sizeof(mp_digit));
+    memcpy(at + 16, B->dp, 16 * sizeof(mp_digit));
+    COMBA_START;
+
+    COMBA_CLEAR;
+    /* 0 */
+    MULADD(at[0], at[16]);
+    COMBA_STORE(C->dp[0]);
+    /* 1 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[17]);
+    MULADD(at[1], at[16]);
+    COMBA_STORE(C->dp[1]);
+    /* 2 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[18]);
+    MULADD(at[1], at[17]);
+    MULADD(at[2], at[16]);
+    COMBA_STORE(C->dp[2]);
+    /* 3 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[19]);
+    MULADD(at[1], at[18]);
+    MULADD(at[2], at[17]);
+    MULADD(at[3], at[16]);
+    COMBA_STORE(C->dp[3]);
+    /* 4 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[20]);
+    MULADD(at[1], at[19]);
+    MULADD(at[2], at[18]);
+    MULADD(at[3], at[17]);
+    MULADD(at[4], at[16]);
+    COMBA_STORE(C->dp[4]);
+    /* 5 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[21]);
+    MULADD(at[1], at[20]);
+    MULADD(at[2], at[19]);
+    MULADD(at[3], at[18]);
+    MULADD(at[4], at[17]);
+    MULADD(at[5], at[16]);
+    COMBA_STORE(C->dp[5]);
+    /* 6 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[22]);
+    MULADD(at[1], at[21]);
+    MULADD(at[2], at[20]);
+    MULADD(at[3], at[19]);
+    MULADD(at[4], at[18]);
+    MULADD(at[5], at[17]);
+    MULADD(at[6], at[16]);
+    COMBA_STORE(C->dp[6]);
+    /* 7 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[23]);
+    MULADD(at[1], at[22]);
+    MULADD(at[2], at[21]);
+    MULADD(at[3], at[20]);
+    MULADD(at[4], at[19]);
+    MULADD(at[5], at[18]);
+    MULADD(at[6], at[17]);
+    MULADD(at[7], at[16]);
+    COMBA_STORE(C->dp[7]);
+    /* 8 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[24]);
+    MULADD(at[1], at[23]);
+    MULADD(at[2], at[22]);
+    MULADD(at[3], at[21]);
+    MULADD(at[4], at[20]);
+    MULADD(at[5], at[19]);
+    MULADD(at[6], at[18]);
+    MULADD(at[7], at[17]);
+    MULADD(at[8], at[16]);
+    COMBA_STORE(C->dp[8]);
+    /* 9 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[25]);
+    MULADD(at[1], at[24]);
+    MULADD(at[2], at[23]);
+    MULADD(at[3], at[22]);
+    MULADD(at[4], at[21]);
+    MULADD(at[5], at[20]);
+    MULADD(at[6], at[19]);
+    MULADD(at[7], at[18]);
+    MULADD(at[8], at[17]);
+    MULADD(at[9], at[16]);
+    COMBA_STORE(C->dp[9]);
+    /* 10 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[26]);
+    MULADD(at[1], at[25]);
+    MULADD(at[2], at[24]);
+    MULADD(at[3], at[23]);
+    MULADD(at[4], at[22]);
+    MULADD(at[5], at[21]);
+    MULADD(at[6], at[20]);
+    MULADD(at[7], at[19]);
+    MULADD(at[8], at[18]);
+    MULADD(at[9], at[17]);
+    MULADD(at[10], at[16]);
+    COMBA_STORE(C->dp[10]);
+    /* 11 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[27]);
+    MULADD(at[1], at[26]);
+    MULADD(at[2], at[25]);
+    MULADD(at[3], at[24]);
+    MULADD(at[4], at[23]);
+    MULADD(at[5], at[22]);
+    MULADD(at[6], at[21]);
+    MULADD(at[7], at[20]);
+    MULADD(at[8], at[19]);
+    MULADD(at[9], at[18]);
+    MULADD(at[10], at[17]);
+    MULADD(at[11], at[16]);
+    COMBA_STORE(C->dp[11]);
+    /* 12 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[28]);
+    MULADD(at[1], at[27]);
+    MULADD(at[2], at[26]);
+    MULADD(at[3], at[25]);
+    MULADD(at[4], at[24]);
+    MULADD(at[5], at[23]);
+    MULADD(at[6], at[22]);
+    MULADD(at[7], at[21]);
+    MULADD(at[8], at[20]);
+    MULADD(at[9], at[19]);
+    MULADD(at[10], at[18]);
+    MULADD(at[11], at[17]);
+    MULADD(at[12], at[16]);
+    COMBA_STORE(C->dp[12]);
+    /* 13 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[29]);
+    MULADD(at[1], at[28]);
+    MULADD(at[2], at[27]);
+    MULADD(at[3], at[26]);
+    MULADD(at[4], at[25]);
+    MULADD(at[5], at[24]);
+    MULADD(at[6], at[23]);
+    MULADD(at[7], at[22]);
+    MULADD(at[8], at[21]);
+    MULADD(at[9], at[20]);
+    MULADD(at[10], at[19]);
+    MULADD(at[11], at[18]);
+    MULADD(at[12], at[17]);
+    MULADD(at[13], at[16]);
+    COMBA_STORE(C->dp[13]);
+    /* 14 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[30]);
+    MULADD(at[1], at[29]);
+    MULADD(at[2], at[28]);
+    MULADD(at[3], at[27]);
+    MULADD(at[4], at[26]);
+    MULADD(at[5], at[25]);
+    MULADD(at[6], at[24]);
+    MULADD(at[7], at[23]);
+    MULADD(at[8], at[22]);
+    MULADD(at[9], at[21]);
+    MULADD(at[10], at[20]);
+    MULADD(at[11], at[19]);
+    MULADD(at[12], at[18]);
+    MULADD(at[13], at[17]);
+    MULADD(at[14], at[16]);
+    COMBA_STORE(C->dp[14]);
+    /* 15 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[31]);
+    MULADD(at[1], at[30]);
+    MULADD(at[2], at[29]);
+    MULADD(at[3], at[28]);
+    MULADD(at[4], at[27]);
+    MULADD(at[5], at[26]);
+    MULADD(at[6], at[25]);
+    MULADD(at[7], at[24]);
+    MULADD(at[8], at[23]);
+    MULADD(at[9], at[22]);
+    MULADD(at[10], at[21]);
+    MULADD(at[11], at[20]);
+    MULADD(at[12], at[19]);
+    MULADD(at[13], at[18]);
+    MULADD(at[14], at[17]);
+    MULADD(at[15], at[16]);
+    COMBA_STORE(C->dp[15]);
+    /* 16 */
+    COMBA_FORWARD;
+    MULADD(at[1], at[31]);
+    MULADD(at[2], at[30]);
+    MULADD(at[3], at[29]);
+    MULADD(at[4], at[28]);
+    MULADD(at[5], at[27]);
+    MULADD(at[6], at[26]);
+    MULADD(at[7], at[25]);
+    MULADD(at[8], at[24]);
+    MULADD(at[9], at[23]);
+    MULADD(at[10], at[22]);
+    MULADD(at[11], at[21]);
+    MULADD(at[12], at[20]);
+    MULADD(at[13], at[19]);
+    MULADD(at[14], at[18]);
+    MULADD(at[15], at[17]);
+    COMBA_STORE(C->dp[16]);
+    /* 17 */
+    COMBA_FORWARD;
+    MULADD(at[2], at[31]);
+    MULADD(at[3], at[30]);
+    MULADD(at[4], at[29]);
+    MULADD(at[5], at[28]);
+    MULADD(at[6], at[27]);
+    MULADD(at[7], at[26]);
+    MULADD(at[8], at[25]);
+    MULADD(at[9], at[24]);
+    MULADD(at[10], at[23]);
+    MULADD(at[11], at[22]);
+    MULADD(at[12], at[21]);
+    MULADD(at[13], at[20]);
+    MULADD(at[14], at[19]);
+    MULADD(at[15], at[18]);
+    COMBA_STORE(C->dp[17]);
+    /* 18 */
+    COMBA_FORWARD;
+    MULADD(at[3], at[31]);
+    MULADD(at[4], at[30]);
+    MULADD(at[5], at[29]);
+    MULADD(at[6], at[28]);
+    MULADD(at[7], at[27]);
+    MULADD(at[8], at[26]);
+    MULADD(at[9], at[25]);
+    MULADD(at[10], at[24]);
+    MULADD(at[11], at[23]);
+    MULADD(at[12], at[22]);
+    MULADD(at[13], at[21]);
+    MULADD(at[14], at[20]);
+    MULADD(at[15], at[19]);
+    COMBA_STORE(C->dp[18]);
+    /* 19 */
+    COMBA_FORWARD;
+    MULADD(at[4], at[31]);
+    MULADD(at[5], at[30]);
+    MULADD(at[6], at[29]);
+    MULADD(at[7], at[28]);
+    MULADD(at[8], at[27]);
+    MULADD(at[9], at[26]);
+    MULADD(at[10], at[25]);
+    MULADD(at[11], at[24]);
+    MULADD(at[12], at[23]);
+    MULADD(at[13], at[22]);
+    MULADD(at[14], at[21]);
+    MULADD(at[15], at[20]);
+    COMBA_STORE(C->dp[19]);
+    /* 20 */
+    COMBA_FORWARD;
+    MULADD(at[5], at[31]);
+    MULADD(at[6], at[30]);
+    MULADD(at[7], at[29]);
+    MULADD(at[8], at[28]);
+    MULADD(at[9], at[27]);
+    MULADD(at[10], at[26]);
+    MULADD(at[11], at[25]);
+    MULADD(at[12], at[24]);
+    MULADD(at[13], at[23]);
+    MULADD(at[14], at[22]);
+    MULADD(at[15], at[21]);
+    COMBA_STORE(C->dp[20]);
+    /* 21 */
+    COMBA_FORWARD;
+    MULADD(at[6], at[31]);
+    MULADD(at[7], at[30]);
+    MULADD(at[8], at[29]);
+    MULADD(at[9], at[28]);
+    MULADD(at[10], at[27]);
+    MULADD(at[11], at[26]);
+    MULADD(at[12], at[25]);
+    MULADD(at[13], at[24]);
+    MULADD(at[14], at[23]);
+    MULADD(at[15], at[22]);
+    COMBA_STORE(C->dp[21]);
+    /* 22 */
+    COMBA_FORWARD;
+    MULADD(at[7], at[31]);
+    MULADD(at[8], at[30]);
+    MULADD(at[9], at[29]);
+    MULADD(at[10], at[28]);
+    MULADD(at[11], at[27]);
+    MULADD(at[12], at[26]);
+    MULADD(at[13], at[25]);
+    MULADD(at[14], at[24]);
+    MULADD(at[15], at[23]);
+    COMBA_STORE(C->dp[22]);
+    /* 23 */
+    COMBA_FORWARD;
+    MULADD(at[8], at[31]);
+    MULADD(at[9], at[30]);
+    MULADD(at[10], at[29]);
+    MULADD(at[11], at[28]);
+    MULADD(at[12], at[27]);
+    MULADD(at[13], at[26]);
+    MULADD(at[14], at[25]);
+    MULADD(at[15], at[24]);
+    COMBA_STORE(C->dp[23]);
+    /* 24 */
+    COMBA_FORWARD;
+    MULADD(at[9], at[31]);
+    MULADD(at[10], at[30]);
+    MULADD(at[11], at[29]);
+    MULADD(at[12], at[28]);
+    MULADD(at[13], at[27]);
+    MULADD(at[14], at[26]);
+    MULADD(at[15], at[25]);
+    COMBA_STORE(C->dp[24]);
+    /* 25 */
+    COMBA_FORWARD;
+    MULADD(at[10], at[31]);
+    MULADD(at[11], at[30]);
+    MULADD(at[12], at[29]);
+    MULADD(at[13], at[28]);
+    MULADD(at[14], at[27]);
+    MULADD(at[15], at[26]);
+    COMBA_STORE(C->dp[25]);
+    /* 26 */
+    COMBA_FORWARD;
+    MULADD(at[11], at[31]);
+    MULADD(at[12], at[30]);
+    MULADD(at[13], at[29]);
+    MULADD(at[14], at[28]);
+    MULADD(at[15], at[27]);
+    COMBA_STORE(C->dp[26]);
+    /* 27 */
+    COMBA_FORWARD;
+    MULADD(at[12], at[31]);
+    MULADD(at[13], at[30]);
+    MULADD(at[14], at[29]);
+    MULADD(at[15], at[28]);
+    COMBA_STORE(C->dp[27]);
+    /* 28 */
+    COMBA_FORWARD;
+    MULADD(at[13], at[31]);
+    MULADD(at[14], at[30]);
+    MULADD(at[15], at[29]);
+    COMBA_STORE(C->dp[28]);
+    /* 29 */
+    COMBA_FORWARD;
+    MULADD(at[14], at[31]);
+    MULADD(at[15], at[30]);
+    COMBA_STORE(C->dp[29]);
+    /* 30 */
+    COMBA_FORWARD;
+    MULADD(at[15], at[31]);
+    COMBA_STORE(C->dp[30]);
+    COMBA_STORE2(C->dp[31]);
+    C->used = 32;
+    C->sign = A->sign ^ B->sign;
+    mp_clamp(C);
+    COMBA_FINI;
+}
+
+void
+s_mp_mul_comba_32(const mp_int *A, const mp_int *B, mp_int *C)
+{
+    mp_digit c0, c1, c2, at[64];
+
+    memcpy(at, A->dp, 32 * sizeof(mp_digit));
+    memcpy(at + 32, B->dp, 32 * sizeof(mp_digit));
+    COMBA_START;
+
+    COMBA_CLEAR;
+    /* 0 */
+    MULADD(at[0], at[32]);
+    COMBA_STORE(C->dp[0]);
+    /* 1 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[33]);
+    MULADD(at[1], at[32]);
+    COMBA_STORE(C->dp[1]);
+    /* 2 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[34]);
+    MULADD(at[1], at[33]);
+    MULADD(at[2], at[32]);
+    COMBA_STORE(C->dp[2]);
+    /* 3 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[35]);
+    MULADD(at[1], at[34]);
+    MULADD(at[2], at[33]);
+    MULADD(at[3], at[32]);
+    COMBA_STORE(C->dp[3]);
+    /* 4 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[36]);
+    MULADD(at[1], at[35]);
+    MULADD(at[2], at[34]);
+    MULADD(at[3], at[33]);
+    MULADD(at[4], at[32]);
+    COMBA_STORE(C->dp[4]);
+    /* 5 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[37]);
+    MULADD(at[1], at[36]);
+    MULADD(at[2], at[35]);
+    MULADD(at[3], at[34]);
+    MULADD(at[4], at[33]);
+    MULADD(at[5], at[32]);
+    COMBA_STORE(C->dp[5]);
+    /* 6 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[38]);
+    MULADD(at[1], at[37]);
+    MULADD(at[2], at[36]);
+    MULADD(at[3], at[35]);
+    MULADD(at[4], at[34]);
+    MULADD(at[5], at[33]);
+    MULADD(at[6], at[32]);
+    COMBA_STORE(C->dp[6]);
+    /* 7 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[39]);
+    MULADD(at[1], at[38]);
+    MULADD(at[2], at[37]);
+    MULADD(at[3], at[36]);
+    MULADD(at[4], at[35]);
+    MULADD(at[5], at[34]);
+    MULADD(at[6], at[33]);
+    MULADD(at[7], at[32]);
+    COMBA_STORE(C->dp[7]);
+    /* 8 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[40]);
+    MULADD(at[1], at[39]);
+    MULADD(at[2], at[38]);
+    MULADD(at[3], at[37]);
+    MULADD(at[4], at[36]);
+    MULADD(at[5], at[35]);
+    MULADD(at[6], at[34]);
+    MULADD(at[7], at[33]);
+    MULADD(at[8], at[32]);
+    COMBA_STORE(C->dp[8]);
+    /* 9 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[41]);
+    MULADD(at[1], at[40]);
+    MULADD(at[2], at[39]);
+    MULADD(at[3], at[38]);
+    MULADD(at[4], at[37]);
+    MULADD(at[5], at[36]);
+    MULADD(at[6], at[35]);
+    MULADD(at[7], at[34]);
+    MULADD(at[8], at[33]);
+    MULADD(at[9], at[32]);
+    COMBA_STORE(C->dp[9]);
+    /* 10 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[42]);
+    MULADD(at[1], at[41]);
+    MULADD(at[2], at[40]);
+    MULADD(at[3], at[39]);
+    MULADD(at[4], at[38]);
+    MULADD(at[5], at[37]);
+    MULADD(at[6], at[36]);
+    MULADD(at[7], at[35]);
+    MULADD(at[8], at[34]);
+    MULADD(at[9], at[33]);
+    MULADD(at[10], at[32]);
+    COMBA_STORE(C->dp[10]);
+    /* 11 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[43]);
+    MULADD(at[1], at[42]);
+    MULADD(at[2], at[41]);
+    MULADD(at[3], at[40]);
+    MULADD(at[4], at[39]);
+    MULADD(at[5], at[38]);
+    MULADD(at[6], at[37]);
+    MULADD(at[7], at[36]);
+    MULADD(at[8], at[35]);
+    MULADD(at[9], at[34]);
+    MULADD(at[10], at[33]);
+    MULADD(at[11], at[32]);
+    COMBA_STORE(C->dp[11]);
+    /* 12 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[44]);
+    MULADD(at[1], at[43]);
+    MULADD(at[2], at[42]);
+    MULADD(at[3], at[41]);
+    MULADD(at[4], at[40]);
+    MULADD(at[5], at[39]);
+    MULADD(at[6], at[38]);
+    MULADD(at[7], at[37]);
+    MULADD(at[8], at[36]);
+    MULADD(at[9], at[35]);
+    MULADD(at[10], at[34]);
+    MULADD(at[11], at[33]);
+    MULADD(at[12], at[32]);
+    COMBA_STORE(C->dp[12]);
+    /* 13 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[45]);
+    MULADD(at[1], at[44]);
+    MULADD(at[2], at[43]);
+    MULADD(at[3], at[42]);
+    MULADD(at[4], at[41]);
+    MULADD(at[5], at[40]);
+    MULADD(at[6], at[39]);
+    MULADD(at[7], at[38]);
+    MULADD(at[8], at[37]);
+    MULADD(at[9], at[36]);
+    MULADD(at[10], at[35]);
+    MULADD(at[11], at[34]);
+    MULADD(at[12], at[33]);
+    MULADD(at[13], at[32]);
+    COMBA_STORE(C->dp[13]);
+    /* 14 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[46]);
+    MULADD(at[1], at[45]);
+    MULADD(at[2], at[44]);
+    MULADD(at[3], at[43]);
+    MULADD(at[4], at[42]);
+    MULADD(at[5], at[41]);
+    MULADD(at[6], at[40]);
+    MULADD(at[7], at[39]);
+    MULADD(at[8], at[38]);
+    MULADD(at[9], at[37]);
+    MULADD(at[10], at[36]);
+    MULADD(at[11], at[35]);
+    MULADD(at[12], at[34]);
+    MULADD(at[13], at[33]);
+    MULADD(at[14], at[32]);
+    COMBA_STORE(C->dp[14]);
+    /* 15 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[47]);
+    MULADD(at[1], at[46]);
+    MULADD(at[2], at[45]);
+    MULADD(at[3], at[44]);
+    MULADD(at[4], at[43]);
+    MULADD(at[5], at[42]);
+    MULADD(at[6], at[41]);
+    MULADD(at[7], at[40]);
+    MULADD(at[8], at[39]);
+    MULADD(at[9], at[38]);
+    MULADD(at[10], at[37]);
+    MULADD(at[11], at[36]);
+    MULADD(at[12], at[35]);
+    MULADD(at[13], at[34]);
+    MULADD(at[14], at[33]);
+    MULADD(at[15], at[32]);
+    COMBA_STORE(C->dp[15]);
+    /* 16 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[48]);
+    MULADD(at[1], at[47]);
+    MULADD(at[2], at[46]);
+    MULADD(at[3], at[45]);
+    MULADD(at[4], at[44]);
+    MULADD(at[5], at[43]);
+    MULADD(at[6], at[42]);
+    MULADD(at[7], at[41]);
+    MULADD(at[8], at[40]);
+    MULADD(at[9], at[39]);
+    MULADD(at[10], at[38]);
+    MULADD(at[11], at[37]);
+    MULADD(at[12], at[36]);
+    MULADD(at[13], at[35]);
+    MULADD(at[14], at[34]);
+    MULADD(at[15], at[33]);
+    MULADD(at[16], at[32]);
+    COMBA_STORE(C->dp[16]);
+    /* 17 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[49]);
+    MULADD(at[1], at[48]);
+    MULADD(at[2], at[47]);
+    MULADD(at[3], at[46]);
+    MULADD(at[4], at[45]);
+    MULADD(at[5], at[44]);
+    MULADD(at[6], at[43]);
+    MULADD(at[7], at[42]);
+    MULADD(at[8], at[41]);
+    MULADD(at[9], at[40]);
+    MULADD(at[10], at[39]);
+    MULADD(at[11], at[38]);
+    MULADD(at[12], at[37]);
+    MULADD(at[13], at[36]);
+    MULADD(at[14], at[35]);
+    MULADD(at[15], at[34]);
+    MULADD(at[16], at[33]);
+    MULADD(at[17], at[32]);
+    COMBA_STORE(C->dp[17]);
+    /* 18 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[50]);
+    MULADD(at[1], at[49]);
+    MULADD(at[2], at[48]);
+    MULADD(at[3], at[47]);
+    MULADD(at[4], at[46]);
+    MULADD(at[5], at[45]);
+    MULADD(at[6], at[44]);
+    MULADD(at[7], at[43]);
+    MULADD(at[8], at[42]);
+    MULADD(at[9], at[41]);
+    MULADD(at[10], at[40]);
+    MULADD(at[11], at[39]);
+    MULADD(at[12], at[38]);
+    MULADD(at[13], at[37]);
+    MULADD(at[14], at[36]);
+    MULADD(at[15], at[35]);
+    MULADD(at[16], at[34]);
+    MULADD(at[17], at[33]);
+    MULADD(at[18], at[32]);
+    COMBA_STORE(C->dp[18]);
+    /* 19 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[51]);
+    MULADD(at[1], at[50]);
+    MULADD(at[2], at[49]);
+    MULADD(at[3], at[48]);
+    MULADD(at[4], at[47]);
+    MULADD(at[5], at[46]);
+    MULADD(at[6], at[45]);
+    MULADD(at[7], at[44]);
+    MULADD(at[8], at[43]);
+    MULADD(at[9], at[42]);
+    MULADD(at[10], at[41]);
+    MULADD(at[11], at[40]);
+    MULADD(at[12], at[39]);
+    MULADD(at[13], at[38]);
+    MULADD(at[14], at[37]);
+    MULADD(at[15], at[36]);
+    MULADD(at[16], at[35]);
+    MULADD(at[17], at[34]);
+    MULADD(at[18], at[33]);
+    MULADD(at[19], at[32]);
+    COMBA_STORE(C->dp[19]);
+    /* 20 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[52]);
+    MULADD(at[1], at[51]);
+    MULADD(at[2], at[50]);
+    MULADD(at[3], at[49]);
+    MULADD(at[4], at[48]);
+    MULADD(at[5], at[47]);
+    MULADD(at[6], at[46]);
+    MULADD(at[7], at[45]);
+    MULADD(at[8], at[44]);
+    MULADD(at[9], at[43]);
+    MULADD(at[10], at[42]);
+    MULADD(at[11], at[41]);
+    MULADD(at[12], at[40]);
+    MULADD(at[13], at[39]);
+    MULADD(at[14], at[38]);
+    MULADD(at[15], at[37]);
+    MULADD(at[16], at[36]);
+    MULADD(at[17], at[35]);
+    MULADD(at[18], at[34]);
+    MULADD(at[19], at[33]);
+    MULADD(at[20], at[32]);
+    COMBA_STORE(C->dp[20]);
+    /* 21 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[53]);
+    MULADD(at[1], at[52]);
+    MULADD(at[2], at[51]);
+    MULADD(at[3], at[50]);
+    MULADD(at[4], at[49]);
+    MULADD(at[5], at[48]);
+    MULADD(at[6], at[47]);
+    MULADD(at[7], at[46]);
+    MULADD(at[8], at[45]);
+    MULADD(at[9], at[44]);
+    MULADD(at[10], at[43]);
+    MULADD(at[11], at[42]);
+    MULADD(at[12], at[41]);
+    MULADD(at[13], at[40]);
+    MULADD(at[14], at[39]);
+    MULADD(at[15], at[38]);
+    MULADD(at[16], at[37]);
+    MULADD(at[17], at[36]);
+    MULADD(at[18], at[35]);
+    MULADD(at[19], at[34]);
+    MULADD(at[20], at[33]);
+    MULADD(at[21], at[32]);
+    COMBA_STORE(C->dp[21]);
+    /* 22 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[54]);
+    MULADD(at[1], at[53]);
+    MULADD(at[2], at[52]);
+    MULADD(at[3], at[51]);
+    MULADD(at[4], at[50]);
+    MULADD(at[5], at[49]);
+    MULADD(at[6], at[48]);
+    MULADD(at[7], at[47]);
+    MULADD(at[8], at[46]);
+    MULADD(at[9], at[45]);
+    MULADD(at[10], at[44]);
+    MULADD(at[11], at[43]);
+    MULADD(at[12], at[42]);
+    MULADD(at[13], at[41]);
+    MULADD(at[14], at[40]);
+    MULADD(at[15], at[39]);
+    MULADD(at[16], at[38]);
+    MULADD(at[17], at[37]);
+    MULADD(at[18], at[36]);
+    MULADD(at[19], at[35]);
+    MULADD(at[20], at[34]);
+    MULADD(at[21], at[33]);
+    MULADD(at[22], at[32]);
+    COMBA_STORE(C->dp[22]);
+    /* 23 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[55]);
+    MULADD(at[1], at[54]);
+    MULADD(at[2], at[53]);
+    MULADD(at[3], at[52]);
+    MULADD(at[4], at[51]);
+    MULADD(at[5], at[50]);
+    MULADD(at[6], at[49]);
+    MULADD(at[7], at[48]);
+    MULADD(at[8], at[47]);
+    MULADD(at[9], at[46]);
+    MULADD(at[10], at[45]);
+    MULADD(at[11], at[44]);
+    MULADD(at[12], at[43]);
+    MULADD(at[13], at[42]);
+    MULADD(at[14], at[41]);
+    MULADD(at[15], at[40]);
+    MULADD(at[16], at[39]);
+    MULADD(at[17], at[38]);
+    MULADD(at[18], at[37]);
+    MULADD(at[19], at[36]);
+    MULADD(at[20], at[35]);
+    MULADD(at[21], at[34]);
+    MULADD(at[22], at[33]);
+    MULADD(at[23], at[32]);
+    COMBA_STORE(C->dp[23]);
+    /* 24 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[56]);
+    MULADD(at[1], at[55]);
+    MULADD(at[2], at[54]);
+    MULADD(at[3], at[53]);
+    MULADD(at[4], at[52]);
+    MULADD(at[5], at[51]);
+    MULADD(at[6], at[50]);
+    MULADD(at[7], at[49]);
+    MULADD(at[8], at[48]);
+    MULADD(at[9], at[47]);
+    MULADD(at[10], at[46]);
+    MULADD(at[11], at[45]);
+    MULADD(at[12], at[44]);
+    MULADD(at[13], at[43]);
+    MULADD(at[14], at[42]);
+    MULADD(at[15], at[41]);
+    MULADD(at[16], at[40]);
+    MULADD(at[17], at[39]);
+    MULADD(at[18], at[38]);
+    MULADD(at[19], at[37]);
+    MULADD(at[20], at[36]);
+    MULADD(at[21], at[35]);
+    MULADD(at[22], at[34]);
+    MULADD(at[23], at[33]);
+    MULADD(at[24], at[32]);
+    COMBA_STORE(C->dp[24]);
+    /* 25 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[57]);
+    MULADD(at[1], at[56]);
+    MULADD(at[2], at[55]);
+    MULADD(at[3], at[54]);
+    MULADD(at[4], at[53]);
+    MULADD(at[5], at[52]);
+    MULADD(at[6], at[51]);
+    MULADD(at[7], at[50]);
+    MULADD(at[8], at[49]);
+    MULADD(at[9], at[48]);
+    MULADD(at[10], at[47]);
+    MULADD(at[11], at[46]);
+    MULADD(at[12], at[45]);
+    MULADD(at[13], at[44]);
+    MULADD(at[14], at[43]);
+    MULADD(at[15], at[42]);
+    MULADD(at[16], at[41]);
+    MULADD(at[17], at[40]);
+    MULADD(at[18], at[39]);
+    MULADD(at[19], at[38]);
+    MULADD(at[20], at[37]);
+    MULADD(at[21], at[36]);
+    MULADD(at[22], at[35]);
+    MULADD(at[23], at[34]);
+    MULADD(at[24], at[33]);
+    MULADD(at[25], at[32]);
+    COMBA_STORE(C->dp[25]);
+    /* 26 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[58]);
+    MULADD(at[1], at[57]);
+    MULADD(at[2], at[56]);
+    MULADD(at[3], at[55]);
+    MULADD(at[4], at[54]);
+    MULADD(at[5], at[53]);
+    MULADD(at[6], at[52]);
+    MULADD(at[7], at[51]);
+    MULADD(at[8], at[50]);
+    MULADD(at[9], at[49]);
+    MULADD(at[10], at[48]);
+    MULADD(at[11], at[47]);
+    MULADD(at[12], at[46]);
+    MULADD(at[13], at[45]);
+    MULADD(at[14], at[44]);
+    MULADD(at[15], at[43]);
+    MULADD(at[16], at[42]);
+    MULADD(at[17], at[41]);
+    MULADD(at[18], at[40]);
+    MULADD(at[19], at[39]);
+    MULADD(at[20], at[38]);
+    MULADD(at[21], at[37]);
+    MULADD(at[22], at[36]);
+    MULADD(at[23], at[35]);
+    MULADD(at[24], at[34]);
+    MULADD(at[25], at[33]);
+    MULADD(at[26], at[32]);
+    COMBA_STORE(C->dp[26]);
+    /* 27 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[59]);
+    MULADD(at[1], at[58]);
+    MULADD(at[2], at[57]);
+    MULADD(at[3], at[56]);
+    MULADD(at[4], at[55]);
+    MULADD(at[5], at[54]);
+    MULADD(at[6], at[53]);
+    MULADD(at[7], at[52]);
+    MULADD(at[8], at[51]);
+    MULADD(at[9], at[50]);
+    MULADD(at[10], at[49]);
+    MULADD(at[11], at[48]);
+    MULADD(at[12], at[47]);
+    MULADD(at[13], at[46]);
+    MULADD(at[14], at[45]);
+    MULADD(at[15], at[44]);
+    MULADD(at[16], at[43]);
+    MULADD(at[17], at[42]);
+    MULADD(at[18], at[41]);
+    MULADD(at[19], at[40]);
+    MULADD(at[20], at[39]);
+    MULADD(at[21], at[38]);
+    MULADD(at[22], at[37]);
+    MULADD(at[23], at[36]);
+    MULADD(at[24], at[35]);
+    MULADD(at[25], at[34]);
+    MULADD(at[26], at[33]);
+    MULADD(at[27], at[32]);
+    COMBA_STORE(C->dp[27]);
+    /* 28 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[60]);
+    MULADD(at[1], at[59]);
+    MULADD(at[2], at[58]);
+    MULADD(at[3], at[57]);
+    MULADD(at[4], at[56]);
+    MULADD(at[5], at[55]);
+    MULADD(at[6], at[54]);
+    MULADD(at[7], at[53]);
+    MULADD(at[8], at[52]);
+    MULADD(at[9], at[51]);
+    MULADD(at[10], at[50]);
+    MULADD(at[11], at[49]);
+    MULADD(at[12], at[48]);
+    MULADD(at[13], at[47]);
+    MULADD(at[14], at[46]);
+    MULADD(at[15], at[45]);
+    MULADD(at[16], at[44]);
+    MULADD(at[17], at[43]);
+    MULADD(at[18], at[42]);
+    MULADD(at[19], at[41]);
+    MULADD(at[20], at[40]);
+    MULADD(at[21], at[39]);
+    MULADD(at[22], at[38]);
+    MULADD(at[23], at[37]);
+    MULADD(at[24], at[36]);
+    MULADD(at[25], at[35]);
+    MULADD(at[26], at[34]);
+    MULADD(at[27], at[33]);
+    MULADD(at[28], at[32]);
+    COMBA_STORE(C->dp[28]);
+    /* 29 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[61]);
+    MULADD(at[1], at[60]);
+    MULADD(at[2], at[59]);
+    MULADD(at[3], at[58]);
+    MULADD(at[4], at[57]);
+    MULADD(at[5], at[56]);
+    MULADD(at[6], at[55]);
+    MULADD(at[7], at[54]);
+    MULADD(at[8], at[53]);
+    MULADD(at[9], at[52]);
+    MULADD(at[10], at[51]);
+    MULADD(at[11], at[50]);
+    MULADD(at[12], at[49]);
+    MULADD(at[13], at[48]);
+    MULADD(at[14], at[47]);
+    MULADD(at[15], at[46]);
+    MULADD(at[16], at[45]);
+    MULADD(at[17], at[44]);
+    MULADD(at[18], at[43]);
+    MULADD(at[19], at[42]);
+    MULADD(at[20], at[41]);
+    MULADD(at[21], at[40]);
+    MULADD(at[22], at[39]);
+    MULADD(at[23], at[38]);
+    MULADD(at[24], at[37]);
+    MULADD(at[25], at[36]);
+    MULADD(at[26], at[35]);
+    MULADD(at[27], at[34]);
+    MULADD(at[28], at[33]);
+    MULADD(at[29], at[32]);
+    COMBA_STORE(C->dp[29]);
+    /* 30 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[62]);
+    MULADD(at[1], at[61]);
+    MULADD(at[2], at[60]);
+    MULADD(at[3], at[59]);
+    MULADD(at[4], at[58]);
+    MULADD(at[5], at[57]);
+    MULADD(at[6], at[56]);
+    MULADD(at[7], at[55]);
+    MULADD(at[8], at[54]);
+    MULADD(at[9], at[53]);
+    MULADD(at[10], at[52]);
+    MULADD(at[11], at[51]);
+    MULADD(at[12], at[50]);
+    MULADD(at[13], at[49]);
+    MULADD(at[14], at[48]);
+    MULADD(at[15], at[47]);
+    MULADD(at[16], at[46]);
+    MULADD(at[17], at[45]);
+    MULADD(at[18], at[44]);
+    MULADD(at[19], at[43]);
+    MULADD(at[20], at[42]);
+    MULADD(at[21], at[41]);
+    MULADD(at[22], at[40]);
+    MULADD(at[23], at[39]);
+    MULADD(at[24], at[38]);
+    MULADD(at[25], at[37]);
+    MULADD(at[26], at[36]);
+    MULADD(at[27], at[35]);
+    MULADD(at[28], at[34]);
+    MULADD(at[29], at[33]);
+    MULADD(at[30], at[32]);
+    COMBA_STORE(C->dp[30]);
+    /* 31 */
+    COMBA_FORWARD;
+    MULADD(at[0], at[63]);
+    MULADD(at[1], at[62]);
+    MULADD(at[2], at[61]);
+    MULADD(at[3], at[60]);
+    MULADD(at[4], at[59]);
+    MULADD(at[5], at[58]);
+    MULADD(at[6], at[57]);
+    MULADD(at[7], at[56]);
+    MULADD(at[8], at[55]);
+    MULADD(at[9], at[54]);
+    MULADD(at[10], at[53]);
+    MULADD(at[11], at[52]);
+    MULADD(at[12], at[51]);
+    MULADD(at[13], at[50]);
+    MULADD(at[14], at[49]);
+    MULADD(at[15], at[48]);
+    MULADD(at[16], at[47]);
+    MULADD(at[17], at[46]);
+    MULADD(at[18], at[45]);
+    MULADD(at[19], at[44]);
+    MULADD(at[20], at[43]);
+    MULADD(at[21], at[42]);
+    MULADD(at[22], at[41]);
+    MULADD(at[23], at[40]);
+    MULADD(at[24], at[39]);
+    MULADD(at[25], at[38]);
+    MULADD(at[26], at[37]);
+    MULADD(at[27], at[36]);
+    MULADD(at[28], at[35]);
+    MULADD(at[29], at[34]);
+    MULADD(at[30], at[33]);
+    MULADD(at[31], at[32]);
+    COMBA_STORE(C->dp[31]);
+    /* 32 */
+    COMBA_FORWARD;
+    MULADD(at[1], at[63]);
+    MULADD(at[2], at[62]);
+    MULADD(at[3], at[61]);
+    MULADD(at[4], at[60]);
+    MULADD(at[5], at[59]);
+    MULADD(at[6], at[58]);
+    MULADD(at[7], at[57]);
+    MULADD(at[8], at[56]);
+    MULADD(at[9], at[55]);
+    MULADD(at[10], at[54]);
+    MULADD(at[11], at[53]);
+    MULADD(at[12], at[52]);
+    MULADD(at[13], at[51]);
+    MULADD(at[14], at[50]);
+    MULADD(at[15], at[49]);
+    MULADD(at[16], at[48]);
+    MULADD(at[17], at[47]);
+    MULADD(at[18], at[46]);
+    MULADD(at[19], at[45]);
+    MULADD(at[20], at[44]);
+    MULADD(at[21], at[43]);
+    MULADD(at[22], at[42]);
+    MULADD(at[23], at[41]);
+    MULADD(at[24], at[40]);
+    MULADD(at[25], at[39]);
+    MULADD(at[26], at[38]);
+    MULADD(at[27], at[37]);
+    MULADD(at[28], at[36]);
+    MULADD(at[29], at[35]);
+    MULADD(at[30], at[34]);
+    MULADD(at[31], at[33]);
+    COMBA_STORE(C->dp[32]);
+    /* 33 */
+    COMBA_FORWARD;
+    MULADD(at[2], at[63]);
+    MULADD(at[3], at[62]);
+    MULADD(at[4], at[61]);
+    MULADD(at[5], at[60]);
+    MULADD(at[6], at[59]);
+    MULADD(at[7], at[58]);
+    MULADD(at[8], at[57]);
+    MULADD(at[9], at[56]);
+    MULADD(at[10], at[55]);
+    MULADD(at[11], at[54]);
+    MULADD(at[12], at[53]);
+    MULADD(at[13], at[52]);
+    MULADD(at[14], at[51]);
+    MULADD(at[15], at[50]);
+    MULADD(at[16], at[49]);
+    MULADD(at[17], at[48]);
+    MULADD(at[18], at[47]);
+    MULADD(at[19], at[46]);
+    MULADD(at[20], at[45]);
+    MULADD(at[21], at[44]);
+    MULADD(at[22], at[43]);
+    MULADD(at[23], at[42]);
+    MULADD(at[24], at[41]);
+    MULADD(at[25], at[40]);
+    MULADD(at[26], at[39]);
+    MULADD(at[27], at[38]);
+    MULADD(at[28], at[37]);
+    MULADD(at[29], at[36]);
+    MULADD(at[30], at[35]);
+    MULADD(at[31], at[34]);
+    COMBA_STORE(C->dp[33]);
+    /* 34 */
+    COMBA_FORWARD;
+    MULADD(at[3], at[63]);
+    MULADD(at[4], at[62]);
+    MULADD(at[5], at[61]);
+    MULADD(at[6], at[60]);
+    MULADD(at[7], at[59]);
+    MULADD(at[8], at[58]);
+    MULADD(at[9], at[57]);
+    MULADD(at[10], at[56]);
+    MULADD(at[11], at[55]);
+    MULADD(at[12], at[54]);
+    MULADD(at[13], at[53]);
+    MULADD(at[14], at[52]);
+    MULADD(at[15], at[51]);
+    MULADD(at[16], at[50]);
+    MULADD(at[17], at[49]);
+    MULADD(at[18], at[48]);
+    MULADD(at[19], at[47]);
+    MULADD(at[20], at[46]);
+    MULADD(at[21], at[45]);
+    MULADD(at[22], at[44]);
+    MULADD(at[23], at[43]);
+    MULADD(at[24], at[42]);
+    MULADD(at[25], at[41]);
+    MULADD(at[26], at[40]);
+    MULADD(at[27], at[39]);
+    MULADD(at[28], at[38]);
+    MULADD(at[29], at[37]);
+    MULADD(at[30], at[36]);
+    MULADD(at[31], at[35]);
+    COMBA_STORE(C->dp[34]);
+    /* 35 */
+    COMBA_FORWARD;
+    MULADD(at[4], at[63]);
+    MULADD(at[5], at[62]);
+    MULADD(at[6], at[61]);
+    MULADD(at[7], at[60]);
+    MULADD(at[8], at[59]);
+    MULADD(at[9], at[58]);
+    MULADD(at[10], at[57]);
+    MULADD(at[11], at[56]);
+    MULADD(at[12], at[55]);
+    MULADD(at[13], at[54]);
+    MULADD(at[14], at[53]);
+    MULADD(at[15], at[52]);
+    MULADD(at[16], at[51]);
+    MULADD(at[17], at[50]);
+    MULADD(at[18], at[49]);
+    MULADD(at[19], at[48]);
+    MULADD(at[20], at[47]);
+    MULADD(at[21], at[46]);
+    MULADD(at[22], at[45]);
+    MULADD(at[23], at[44]);
+    MULADD(at[24], at[43]);
+    MULADD(at[25], at[42]);
+    MULADD(at[26], at[41]);
+    MULADD(at[27], at[40]);
+    MULADD(at[28], at[39]);
+    MULADD(at[29], at[38]);
+    MULADD(at[30], at[37]);
+    MULADD(at[31], at[36]);
+    COMBA_STORE(C->dp[35]);
+    /* 36 */
+    COMBA_FORWARD;
+    MULADD(at[5], at[63]);
+    MULADD(at[6], at[62]);
+    MULADD(at[7], at[61]);
+    MULADD(at[8], at[60]);
+    MULADD(at[9], at[59]);
+    MULADD(at[10], at[58]);
+    MULADD(at[11], at[57]);
+    MULADD(at[12], at[56]);
+    MULADD(at[13], at[55]);
+    MULADD(at[14], at[54]);
+    MULADD(at[15], at[53]);
+    MULADD(at[16], at[52]);
+    MULADD(at[17], at[51]);
+    MULADD(at[18], at[50]);
+    MULADD(at[19], at[49]);
+    MULADD(at[20], at[48]);
+    MULADD(at[21], at[47]);
+    MULADD(at[22], at[46]);
+    MULADD(at[23], at[45]);
+    MULADD(at[24], at[44]);
+    MULADD(at[25], at[43]);
+    MULADD(at[26], at[42]);
+    MULADD(at[27], at[41]);
+    MULADD(at[28], at[40]);
+    MULADD(at[29], at[39]);
+    MULADD(at[30], at[38]);
+    MULADD(at[31], at[37]);
+    COMBA_STORE(C->dp[36]);
+    /* 37 */
+    COMBA_FORWARD;
+    MULADD(at[6], at[63]);
+    MULADD(at[7], at[62]);
+    MULADD(at[8], at[61]);
+    MULADD(at[9], at[60]);
+    MULADD(at[10], at[59]);
+    MULADD(at[11], at[58]);
+    MULADD(at[12], at[57]);
+    MULADD(at[13], at[56]);
+    MULADD(at[14], at[55]);
+    MULADD(at[15], at[54]);
+    MULADD(at[16], at[53]);
+    MULADD(at[17], at[52]);
+    MULADD(at[18], at[51]);
+    MULADD(at[19], at[50]);
+    MULADD(at[20], at[49]);
+    MULADD(at[21], at[48]);
+    MULADD(at[22], at[47]);
+    MULADD(at[23], at[46]);
+    MULADD(at[24], at[45]);
+    MULADD(at[25], at[44]);
+    MULADD(at[26], at[43]);
+    MULADD(at[27], at[42]);
+    MULADD(at[28], at[41]);
+    MULADD(at[29], at[40]);
+    MULADD(at[30], at[39]);
+    MULADD(at[31], at[38]);
+    COMBA_STORE(C->dp[37]);
+    /* 38 */
+    COMBA_FORWARD;
+    MULADD(at[7], at[63]);
+    MULADD(at[8], at[62]);
+    MULADD(at[9], at[61]);
+    MULADD(at[10], at[60]);
+    MULADD(at[11], at[59]);
+    MULADD(at[12], at[58]);
+    MULADD(at[13], at[57]);
+    MULADD(at[14], at[56]);
+    MULADD(at[15], at[55]);
+    MULADD(at[16], at[54]);
+    MULADD(at[17], at[53]);
+    MULADD(at[18], at[52]);
+    MULADD(at[19], at[51]);
+    MULADD(at[20], at[50]);
+    MULADD(at[21], at[49]);
+    MULADD(at[22], at[48]);
+    MULADD(at[23], at[47]);
+    MULADD(at[24], at[46]);
+    MULADD(at[25], at[45]);
+    MULADD(at[26], at[44]);
+    MULADD(at[27], at[43]);
+    MULADD(at[28], at[42]);
+    MULADD(at[29], at[41]);
+    MULADD(at[30], at[40]);
+    MULADD(at[31], at[39]);
+    COMBA_STORE(C->dp[38]);
+    /* 39 */
+    COMBA_FORWARD;
+    MULADD(at[8], at[63]);
+    MULADD(at[9], at[62]);
+    MULADD(at[10], at[61]);
+    MULADD(at[11], at[60]);
+    MULADD(at[12], at[59]);
+    MULADD(at[13], at[58]);
+    MULADD(at[14], at[57]);
+    MULADD(at[15], at[56]);
+    MULADD(at[16], at[55]);
+    MULADD(at[17], at[54]);
+    MULADD(at[18], at[53]);
+    MULADD(at[19], at[52]);
+    MULADD(at[20], at[51]);
+    MULADD(at[21], at[50]);
+    MULADD(at[22], at[49]);
+    MULADD(at[23], at[48]);
+    MULADD(at[24], at[47]);
+    MULADD(at[25], at[46]);
+    MULADD(at[26], at[45]);
+    MULADD(at[27], at[44]);
+    MULADD(at[28], at[43]);
+    MULADD(at[29], at[42]);
+    MULADD(at[30], at[41]);
+    MULADD(at[31], at[40]);
+    COMBA_STORE(C->dp[39]);
+    /* 40 */
+    COMBA_FORWARD;
+    MULADD(at[9], at[63]);
+    MULADD(at[10], at[62]);
+    MULADD(at[11], at[61]);
+    MULADD(at[12], at[60]);
+    MULADD(at[13], at[59]);
+    MULADD(at[14], at[58]);
+    MULADD(at[15], at[57]);
+    MULADD(at[16], at[56]);
+    MULADD(at[17], at[55]);
+    MULADD(at[18], at[54]);
+    MULADD(at[19], at[53]);
+    MULADD(at[20], at[52]);
+    MULADD(at[21], at[51]);
+    MULADD(at[22], at[50]);
+    MULADD(at[23], at[49]);
+    MULADD(at[24], at[48]);
+    MULADD(at[25], at[47]);
+    MULADD(at[26], at[46]);
+    MULADD(at[27], at[45]);
+    MULADD(at[28], at[44]);
+    MULADD(at[29], at[43]);
+    MULADD(at[30], at[42]);
+    MULADD(at[31], at[41]);
+    COMBA_STORE(C->dp[40]);
+    /* 41 */
+    COMBA_FORWARD;
+    MULADD(at[10], at[63]);
+    MULADD(at[11], at[62]);
+    MULADD(at[12], at[61]);
+    MULADD(at[13], at[60]);
+    MULADD(at[14], at[59]);
+    MULADD(at[15], at[58]);
+    MULADD(at[16], at[57]);
+    MULADD(at[17], at[56]);
+    MULADD(at[18], at[55]);
+    MULADD(at[19], at[54]);
+    MULADD(at[20], at[53]);
+    MULADD(at[21], at[52]);
+    MULADD(at[22], at[51]);
+    MULADD(at[23], at[50]);
+    MULADD(at[24], at[49]);
+    MULADD(at[25], at[48]);
+    MULADD(at[26], at[47]);
+    MULADD(at[27], at[46]);
+    MULADD(at[28], at[45]);
+    MULADD(at[29], at[44]);
+    MULADD(at[30], at[43]);
+    MULADD(at[31], at[42]);
+    COMBA_STORE(C->dp[41]);
+    /* 42 */
+    COMBA_FORWARD;
+    MULADD(at[11], at[63]);
+    MULADD(at[12], at[62]);
+    MULADD(at[13], at[61]);
+    MULADD(at[14], at[60]);
+    MULADD(at[15], at[59]);
+    MULADD(at[16], at[58]);
+    MULADD(at[17], at[57]);
+    MULADD(at[18], at[56]);
+    MULADD(at[19], at[55]);
+    MULADD(at[20], at[54]);
+    MULADD(at[21], at[53]);
+    MULADD(at[22], at[52]);
+    MULADD(at[23], at[51]);
+    MULADD(at[24], at[50]);
+    MULADD(at[25], at[49]);
+    MULADD(at[26], at[48]);
+    MULADD(at[27], at[47]);
+    MULADD(at[28], at[46]);
+    MULADD(at[29], at[45]);
+    MULADD(at[30], at[44]);
+    MULADD(at[31], at[43]);
+    COMBA_STORE(C->dp[42]);
+    /* 43 */
+    COMBA_FORWARD;
+    MULADD(at[12], at[63]);
+    MULADD(at[13], at[62]);
+    MULADD(at[14], at[61]);
+    MULADD(at[15], at[60]);
+    MULADD(at[16], at[59]);
+    MULADD(at[17], at[58]);
+    MULADD(at[18], at[57]);
+    MULADD(at[19], at[56]);
+    MULADD(at[20], at[55]);
+    MULADD(at[21], at[54]);
+    MULADD(at[22], at[53]);
+    MULADD(at[23], at[52]);
+    MULADD(at[24], at[51]);
+    MULADD(at[25], at[50]);
+    MULADD(at[26], at[49]);
+    MULADD(at[27], at[48]);
+    MULADD(at[28], at[47]);
+    MULADD(at[29], at[46]);
+    MULADD(at[30], at[45]);
+    MULADD(at[31], at[44]);
+    COMBA_STORE(C->dp[43]);
+    /* 44 */
+    COMBA_FORWARD;
+    MULADD(at[13], at[63]);
+    MULADD(at[14], at[62]);
+    MULADD(at[15], at[61]);
+    MULADD(at[16], at[60]);
+    MULADD(at[17], at[59]);
+    MULADD(at[18], at[58]);
+    MULADD(at[19], at[57]);
+    MULADD(at[20], at[56]);
+    MULADD(at[21], at[55]);
+    MULADD(at[22], at[54]);
+    MULADD(at[23], at[53]);
+    MULADD(at[24], at[52]);
+    MULADD(at[25], at[51]);
+    MULADD(at[26], at[50]);
+    MULADD(at[27], at[49]);
+    MULADD(at[28], at[48]);
+    MULADD(at[29], at[47]);
+    MULADD(at[30], at[46]);
+    MULADD(at[31], at[45]);
+    COMBA_STORE(C->dp[44]);
+    /* 45 */
+    COMBA_FORWARD;
+    MULADD(at[14], at[63]);
+    MULADD(at[15], at[62]);
+    MULADD(at[16], at[61]);
+    MULADD(at[17], at[60]);
+    MULADD(at[18], at[59]);
+    MULADD(at[19], at[58]);
+    MULADD(at[20], at[57]);
+    MULADD(at[21], at[56]);
+    MULADD(at[22], at[55]);
+    MULADD(at[23], at[54]);
+    MULADD(at[24], at[53]);
+    MULADD(at[25], at[52]);
+    MULADD(at[26], at[51]);
+    MULADD(at[27], at[50]);
+    MULADD(at[28], at[49]);
+    MULADD(at[29], at[48]);
+    MULADD(at[30], at[47]);
+    MULADD(at[31], at[46]);
+    COMBA_STORE(C->dp[45]);
+    /* 46 */
+    COMBA_FORWARD;
+    MULADD(at[15], at[63]);
+    MULADD(at[16], at[62]);
+    MULADD(at[17], at[61]);
+    MULADD(at[18], at[60]);
+    MULADD(at[19], at[59]);
+    MULADD(at[20], at[58]);
+    MULADD(at[21], at[57]);
+    MULADD(at[22], at[56]);
+    MULADD(at[23], at[55]);
+    MULADD(at[24], at[54]);
+    MULADD(at[25], at[53]);
+    MULADD(at[26], at[52]);
+    MULADD(at[27], at[51]);
+    MULADD(at[28], at[50]);
+    MULADD(at[29], at[49]);
+    MULADD(at[30], at[48]);
+    MULADD(at[31], at[47]);
+    COMBA_STORE(C->dp[46]);
+    /* 47 */
+    COMBA_FORWARD;
+    MULADD(at[16], at[63]);
+    MULADD(at[17], at[62]);
+    MULADD(at[18], at[61]);
+    MULADD(at[19], at[60]);
+    MULADD(at[20], at[59]);
+    MULADD(at[21], at[58]);
+    MULADD(at[22], at[57]);
+    MULADD(at[23], at[56]);
+    MULADD(at[24], at[55]);
+    MULADD(at[25], at[54]);
+    MULADD(at[26], at[53]);
+    MULADD(at[27], at[52]);
+    MULADD(at[28], at[51]);
+    MULADD(at[29], at[50]);
+    MULADD(at[30], at[49]);
+    MULADD(at[31], at[48]);
+    COMBA_STORE(C->dp[47]);
+    /* 48 */
+    COMBA_FORWARD;
+    MULADD(at[17], at[63]);
+    MULADD(at[18], at[62]);
+    MULADD(at[19], at[61]);
+    MULADD(at[20], at[60]);
+    MULADD(at[21], at[59]);
+    MULADD(at[22], at[58]);
+    MULADD(at[23], at[57]);
+    MULADD(at[24], at[56]);
+    MULADD(at[25], at[55]);
+    MULADD(at[26], at[54]);
+    MULADD(at[27], at[53]);
+    MULADD(at[28], at[52]);
+    MULADD(at[29], at[51]);
+    MULADD(at[30], at[50]);
+    MULADD(at[31], at[49]);
+    COMBA_STORE(C->dp[48]);
+    /* 49 */
+    COMBA_FORWARD;
+    MULADD(at[18], at[63]);
+    MULADD(at[19], at[62]);
+    MULADD(at[20], at[61]);
+    MULADD(at[21], at[60]);
+    MULADD(at[22], at[59]);
+    MULADD(at[23], at[58]);
+    MULADD(at[24], at[57]);
+    MULADD(at[25], at[56]);
+    MULADD(at[26], at[55]);
+    MULADD(at[27], at[54]);
+    MULADD(at[28], at[53]);
+    MULADD(at[29], at[52]);
+    MULADD(at[30], at[51]);
+    MULADD(at[31], at[50]);
+    COMBA_STORE(C->dp[49]);
+    /* 50 */
+    COMBA_FORWARD;
+    MULADD(at[19], at[63]);
+    MULADD(at[20], at[62]);
+    MULADD(at[21], at[61]);
+    MULADD(at[22], at[60]);
+    MULADD(at[23], at[59]);
+    MULADD(at[24], at[58]);
+    MULADD(at[25], at[57]);
+    MULADD(at[26], at[56]);
+    MULADD(at[27], at[55]);
+    MULADD(at[28], at[54]);
+    MULADD(at[29], at[53]);
+    MULADD(at[30], at[52]);
+    MULADD(at[31], at[51]);
+    COMBA_STORE(C->dp[50]);
+    /* 51 */
+    COMBA_FORWARD;
+    MULADD(at[20], at[63]);
+    MULADD(at[21], at[62]);
+    MULADD(at[22], at[61]);
+    MULADD(at[23], at[60]);
+    MULADD(at[24], at[59]);
+    MULADD(at[25], at[58]);
+    MULADD(at[26], at[57]);
+    MULADD(at[27], at[56]);
+    MULADD(at[28], at[55]);
+    MULADD(at[29], at[54]);
+    MULADD(at[30], at[53]);
+    MULADD(at[31], at[52]);
+    COMBA_STORE(C->dp[51]);
+    /* 52 */
+    COMBA_FORWARD;
+    MULADD(at[21], at[63]);
+    MULADD(at[22], at[62]);
+    MULADD(at[23], at[61]);
+    MULADD(at[24], at[60]);
+    MULADD(at[25], at[59]);
+    MULADD(at[26], at[58]);
+    MULADD(at[27], at[57]);
+    MULADD(at[28], at[56]);
+    MULADD(at[29], at[55]);
+    MULADD(at[30], at[54]);
+    MULADD(at[31], at[53]);
+    COMBA_STORE(C->dp[52]);
+    /* 53 */
+    COMBA_FORWARD;
+    MULADD(at[22], at[63]);
+    MULADD(at[23], at[62]);
+    MULADD(at[24], at[61]);
+    MULADD(at[25], at[60]);
+    MULADD(at[26], at[59]);
+    MULADD(at[27], at[58]);
+    MULADD(at[28], at[57]);
+    MULADD(at[29], at[56]);
+    MULADD(at[30], at[55]);
+    MULADD(at[31], at[54]);
+    COMBA_STORE(C->dp[53]);
+    /* 54 */
+    COMBA_FORWARD;
+    MULADD(at[23], at[63]);
+    MULADD(at[24], at[62]);
+    MULADD(at[25], at[61]);
+    MULADD(at[26], at[60]);
+    MULADD(at[27], at[59]);
+    MULADD(at[28], at[58]);
+    MULADD(at[29], at[57]);
+    MULADD(at[30], at[56]);
+    MULADD(at[31], at[55]);
+    COMBA_STORE(C->dp[54]);
+    /* 55 */
+    COMBA_FORWARD;
+    MULADD(at[24], at[63]);
+    MULADD(at[25], at[62]);
+    MULADD(at[26], at[61]);
+    MULADD(at[27], at[60]);
+    MULADD(at[28], at[59]);
+    MULADD(at[29], at[58]);
+    MULADD(at[30], at[57]);
+    MULADD(at[31], at[56]);
+    COMBA_STORE(C->dp[55]);
+    /* 56 */
+    COMBA_FORWARD;
+    MULADD(at[25], at[63]);
+    MULADD(at[26], at[62]);
+    MULADD(at[27], at[61]);
+    MULADD(at[28], at[60]);
+    MULADD(at[29], at[59]);
+    MULADD(at[30], at[58]);
+    MULADD(at[31], at[57]);
+    COMBA_STORE(C->dp[56]);
+    /* 57 */
+    COMBA_FORWARD;
+    MULADD(at[26], at[63]);
+    MULADD(at[27], at[62]);
+    MULADD(at[28], at[61]);
+    MULADD(at[29], at[60]);
+    MULADD(at[30], at[59]);
+    MULADD(at[31], at[58]);
+    COMBA_STORE(C->dp[57]);
+    /* 58 */
+    COMBA_FORWARD;
+    MULADD(at[27], at[63]);
+    MULADD(at[28], at[62]);
+    MULADD(at[29], at[61]);
+    MULADD(at[30], at[60]);
+    MULADD(at[31], at[59]);
+    COMBA_STORE(C->dp[58]);
+    /* 59 */
+    COMBA_FORWARD;
+    MULADD(at[28], at[63]);
+    MULADD(at[29], at[62]);
+    MULADD(at[30], at[61]);
+    MULADD(at[31], at[60]);
+    COMBA_STORE(C->dp[59]);
+    /* 60 */
+    COMBA_FORWARD;
+    MULADD(at[29], at[63]);
+    MULADD(at[30], at[62]);
+    MULADD(at[31], at[61]);
+    COMBA_STORE(C->dp[60]);
+    /* 61 */
+    COMBA_FORWARD;
+    MULADD(at[30], at[63]);
+    MULADD(at[31], at[62]);
+    COMBA_STORE(C->dp[61]);
+    /* 62 */
+    COMBA_FORWARD;
+    MULADD(at[31], at[63]);
+    COMBA_STORE(C->dp[62]);
+    COMBA_STORE2(C->dp[63]);
+    C->used = 64;
+    C->sign = A->sign ^ B->sign;
+    mp_clamp(C);
+    COMBA_FINI;
+}
+
+void
+s_mp_sqr_comba_4(const mp_int *A, mp_int *B)
+{
+    mp_digit *a, b[8], c0, c1, c2;
+
+    a = A->dp;
+    COMBA_START;
+
+    /* clear carries */
+    CLEAR_CARRY;
+
+    /* output 0 */
+    SQRADD(a[0], a[0]);
+    COMBA_STORE(b[0]);
+
+    /* output 1 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[1]);
+    COMBA_STORE(b[1]);
+
+    /* output 2 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[2]);
+    SQRADD(a[1], a[1]);
+    COMBA_STORE(b[2]);
+
+    /* output 3 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[3]);
+    SQRADD2(a[1], a[2]);
+    COMBA_STORE(b[3]);
+
+    /* output 4 */
+    CARRY_FORWARD;
+    SQRADD2(a[1], a[3]);
+    SQRADD(a[2], a[2]);
+    COMBA_STORE(b[4]);
+
+    /* output 5 */
+    CARRY_FORWARD;
+    SQRADD2(a[2], a[3]);
+    COMBA_STORE(b[5]);
+
+    /* output 6 */
+    CARRY_FORWARD;
+    SQRADD(a[3], a[3]);
+    COMBA_STORE(b[6]);
+    COMBA_STORE2(b[7]);
+    COMBA_FINI;
+
+    B->used = 8;
+    B->sign = ZPOS;
+    memcpy(B->dp, b, 8 * sizeof(mp_digit));
+    mp_clamp(B);
+}
+
+void
+s_mp_sqr_comba_8(const mp_int *A, mp_int *B)
+{
+    mp_digit *a, b[16], c0, c1, c2, sc0, sc1, sc2;
+
+    a = A->dp;
+    COMBA_START;
+
+    /* clear carries */
+    CLEAR_CARRY;
+
+    /* output 0 */
+    SQRADD(a[0], a[0]);
+    COMBA_STORE(b[0]);
+
+    /* output 1 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[1]);
+    COMBA_STORE(b[1]);
+
+    /* output 2 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[2]);
+    SQRADD(a[1], a[1]);
+    COMBA_STORE(b[2]);
+
+    /* output 3 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[3]);
+    SQRADD2(a[1], a[2]);
+    COMBA_STORE(b[3]);
+
+    /* output 4 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[4]);
+    SQRADD2(a[1], a[3]);
+    SQRADD(a[2], a[2]);
+    COMBA_STORE(b[4]);
+
+    /* output 5 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[5]);
+    SQRADDAC(a[1], a[4]);
+    SQRADDAC(a[2], a[3]);
+    SQRADDDB;
+    COMBA_STORE(b[5]);
+
+    /* output 6 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[6]);
+    SQRADDAC(a[1], a[5]);
+    SQRADDAC(a[2], a[4]);
+    SQRADDDB;
+    SQRADD(a[3], a[3]);
+    COMBA_STORE(b[6]);
+
+    /* output 7 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[7]);
+    SQRADDAC(a[1], a[6]);
+    SQRADDAC(a[2], a[5]);
+    SQRADDAC(a[3], a[4]);
+    SQRADDDB;
+    COMBA_STORE(b[7]);
+
+    /* output 8 */
+    CARRY_FORWARD;
+    SQRADDSC(a[1], a[7]);
+    SQRADDAC(a[2], a[6]);
+    SQRADDAC(a[3], a[5]);
+    SQRADDDB;
+    SQRADD(a[4], a[4]);
+    COMBA_STORE(b[8]);
+
+    /* output 9 */
+    CARRY_FORWARD;
+    SQRADDSC(a[2], a[7]);
+    SQRADDAC(a[3], a[6]);
+    SQRADDAC(a[4], a[5]);
+    SQRADDDB;
+    COMBA_STORE(b[9]);
+
+    /* output 10 */
+    CARRY_FORWARD;
+    SQRADD2(a[3], a[7]);
+    SQRADD2(a[4], a[6]);
+    SQRADD(a[5], a[5]);
+    COMBA_STORE(b[10]);
+
+    /* output 11 */
+    CARRY_FORWARD;
+    SQRADD2(a[4], a[7]);
+    SQRADD2(a[5], a[6]);
+    COMBA_STORE(b[11]);
+
+    /* output 12 */
+    CARRY_FORWARD;
+    SQRADD2(a[5], a[7]);
+    SQRADD(a[6], a[6]);
+    COMBA_STORE(b[12]);
+
+    /* output 13 */
+    CARRY_FORWARD;
+    SQRADD2(a[6], a[7]);
+    COMBA_STORE(b[13]);
+
+    /* output 14 */
+    CARRY_FORWARD;
+    SQRADD(a[7], a[7]);
+    COMBA_STORE(b[14]);
+    COMBA_STORE2(b[15]);
+    COMBA_FINI;
+
+    B->used = 16;
+    B->sign = ZPOS;
+    memcpy(B->dp, b, 16 * sizeof(mp_digit));
+    mp_clamp(B);
+}
+
+void
+s_mp_sqr_comba_16(const mp_int *A, mp_int *B)
+{
+    mp_digit *a, b[32], c0, c1, c2, sc0, sc1, sc2;
+
+    a = A->dp;
+    COMBA_START;
+
+    /* clear carries */
+    CLEAR_CARRY;
+
+    /* output 0 */
+    SQRADD(a[0], a[0]);
+    COMBA_STORE(b[0]);
+
+    /* output 1 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[1]);
+    COMBA_STORE(b[1]);
+
+    /* output 2 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[2]);
+    SQRADD(a[1], a[1]);
+    COMBA_STORE(b[2]);
+
+    /* output 3 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[3]);
+    SQRADD2(a[1], a[2]);
+    COMBA_STORE(b[3]);
+
+    /* output 4 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[4]);
+    SQRADD2(a[1], a[3]);
+    SQRADD(a[2], a[2]);
+    COMBA_STORE(b[4]);
+
+    /* output 5 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[5]);
+    SQRADDAC(a[1], a[4]);
+    SQRADDAC(a[2], a[3]);
+    SQRADDDB;
+    COMBA_STORE(b[5]);
+
+    /* output 6 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[6]);
+    SQRADDAC(a[1], a[5]);
+    SQRADDAC(a[2], a[4]);
+    SQRADDDB;
+    SQRADD(a[3], a[3]);
+    COMBA_STORE(b[6]);
+
+    /* output 7 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[7]);
+    SQRADDAC(a[1], a[6]);
+    SQRADDAC(a[2], a[5]);
+    SQRADDAC(a[3], a[4]);
+    SQRADDDB;
+    COMBA_STORE(b[7]);
+
+    /* output 8 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[8]);
+    SQRADDAC(a[1], a[7]);
+    SQRADDAC(a[2], a[6]);
+    SQRADDAC(a[3], a[5]);
+    SQRADDDB;
+    SQRADD(a[4], a[4]);
+    COMBA_STORE(b[8]);
+
+    /* output 9 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[9]);
+    SQRADDAC(a[1], a[8]);
+    SQRADDAC(a[2], a[7]);
+    SQRADDAC(a[3], a[6]);
+    SQRADDAC(a[4], a[5]);
+    SQRADDDB;
+    COMBA_STORE(b[9]);
+
+    /* output 10 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[10]);
+    SQRADDAC(a[1], a[9]);
+    SQRADDAC(a[2], a[8]);
+    SQRADDAC(a[3], a[7]);
+    SQRADDAC(a[4], a[6]);
+    SQRADDDB;
+    SQRADD(a[5], a[5]);
+    COMBA_STORE(b[10]);
+
+    /* output 11 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[11]);
+    SQRADDAC(a[1], a[10]);
+    SQRADDAC(a[2], a[9]);
+    SQRADDAC(a[3], a[8]);
+    SQRADDAC(a[4], a[7]);
+    SQRADDAC(a[5], a[6]);
+    SQRADDDB;
+    COMBA_STORE(b[11]);
+
+    /* output 12 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[12]);
+    SQRADDAC(a[1], a[11]);
+    SQRADDAC(a[2], a[10]);
+    SQRADDAC(a[3], a[9]);
+    SQRADDAC(a[4], a[8]);
+    SQRADDAC(a[5], a[7]);
+    SQRADDDB;
+    SQRADD(a[6], a[6]);
+    COMBA_STORE(b[12]);
+
+    /* output 13 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[13]);
+    SQRADDAC(a[1], a[12]);
+    SQRADDAC(a[2], a[11]);
+    SQRADDAC(a[3], a[10]);
+    SQRADDAC(a[4], a[9]);
+    SQRADDAC(a[5], a[8]);
+    SQRADDAC(a[6], a[7]);
+    SQRADDDB;
+    COMBA_STORE(b[13]);
+
+    /* output 14 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[14]);
+    SQRADDAC(a[1], a[13]);
+    SQRADDAC(a[2], a[12]);
+    SQRADDAC(a[3], a[11]);
+    SQRADDAC(a[4], a[10]);
+    SQRADDAC(a[5], a[9]);
+    SQRADDAC(a[6], a[8]);
+    SQRADDDB;
+    SQRADD(a[7], a[7]);
+    COMBA_STORE(b[14]);
+
+    /* output 15 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[15]);
+    SQRADDAC(a[1], a[14]);
+    SQRADDAC(a[2], a[13]);
+    SQRADDAC(a[3], a[12]);
+    SQRADDAC(a[4], a[11]);
+    SQRADDAC(a[5], a[10]);
+    SQRADDAC(a[6], a[9]);
+    SQRADDAC(a[7], a[8]);
+    SQRADDDB;
+    COMBA_STORE(b[15]);
+
+    /* output 16 */
+    CARRY_FORWARD;
+    SQRADDSC(a[1], a[15]);
+    SQRADDAC(a[2], a[14]);
+    SQRADDAC(a[3], a[13]);
+    SQRADDAC(a[4], a[12]);
+    SQRADDAC(a[5], a[11]);
+    SQRADDAC(a[6], a[10]);
+    SQRADDAC(a[7], a[9]);
+    SQRADDDB;
+    SQRADD(a[8], a[8]);
+    COMBA_STORE(b[16]);
+
+    /* output 17 */
+    CARRY_FORWARD;
+    SQRADDSC(a[2], a[15]);
+    SQRADDAC(a[3], a[14]);
+    SQRADDAC(a[4], a[13]);
+    SQRADDAC(a[5], a[12]);
+    SQRADDAC(a[6], a[11]);
+    SQRADDAC(a[7], a[10]);
+    SQRADDAC(a[8], a[9]);
+    SQRADDDB;
+    COMBA_STORE(b[17]);
+
+    /* output 18 */
+    CARRY_FORWARD;
+    SQRADDSC(a[3], a[15]);
+    SQRADDAC(a[4], a[14]);
+    SQRADDAC(a[5], a[13]);
+    SQRADDAC(a[6], a[12]);
+    SQRADDAC(a[7], a[11]);
+    SQRADDAC(a[8], a[10]);
+    SQRADDDB;
+    SQRADD(a[9], a[9]);
+    COMBA_STORE(b[18]);
+
+    /* output 19 */
+    CARRY_FORWARD;
+    SQRADDSC(a[4], a[15]);
+    SQRADDAC(a[5], a[14]);
+    SQRADDAC(a[6], a[13]);
+    SQRADDAC(a[7], a[12]);
+    SQRADDAC(a[8], a[11]);
+    SQRADDAC(a[9], a[10]);
+    SQRADDDB;
+    COMBA_STORE(b[19]);
+
+    /* output 20 */
+    CARRY_FORWARD;
+    SQRADDSC(a[5], a[15]);
+    SQRADDAC(a[6], a[14]);
+    SQRADDAC(a[7], a[13]);
+    SQRADDAC(a[8], a[12]);
+    SQRADDAC(a[9], a[11]);
+    SQRADDDB;
+    SQRADD(a[10], a[10]);
+    COMBA_STORE(b[20]);
+
+    /* output 21 */
+    CARRY_FORWARD;
+    SQRADDSC(a[6], a[15]);
+    SQRADDAC(a[7], a[14]);
+    SQRADDAC(a[8], a[13]);
+    SQRADDAC(a[9], a[12]);
+    SQRADDAC(a[10], a[11]);
+    SQRADDDB;
+    COMBA_STORE(b[21]);
+
+    /* output 22 */
+    CARRY_FORWARD;
+    SQRADDSC(a[7], a[15]);
+    SQRADDAC(a[8], a[14]);
+    SQRADDAC(a[9], a[13]);
+    SQRADDAC(a[10], a[12]);
+    SQRADDDB;
+    SQRADD(a[11], a[11]);
+    COMBA_STORE(b[22]);
+
+    /* output 23 */
+    CARRY_FORWARD;
+    SQRADDSC(a[8], a[15]);
+    SQRADDAC(a[9], a[14]);
+    SQRADDAC(a[10], a[13]);
+    SQRADDAC(a[11], a[12]);
+    SQRADDDB;
+    COMBA_STORE(b[23]);
+
+    /* output 24 */
+    CARRY_FORWARD;
+    SQRADDSC(a[9], a[15]);
+    SQRADDAC(a[10], a[14]);
+    SQRADDAC(a[11], a[13]);
+    SQRADDDB;
+    SQRADD(a[12], a[12]);
+    COMBA_STORE(b[24]);
+
+    /* output 25 */
+    CARRY_FORWARD;
+    SQRADDSC(a[10], a[15]);
+    SQRADDAC(a[11], a[14]);
+    SQRADDAC(a[12], a[13]);
+    SQRADDDB;
+    COMBA_STORE(b[25]);
+
+    /* output 26 */
+    CARRY_FORWARD;
+    SQRADD2(a[11], a[15]);
+    SQRADD2(a[12], a[14]);
+    SQRADD(a[13], a[13]);
+    COMBA_STORE(b[26]);
+
+    /* output 27 */
+    CARRY_FORWARD;
+    SQRADD2(a[12], a[15]);
+    SQRADD2(a[13], a[14]);
+    COMBA_STORE(b[27]);
+
+    /* output 28 */
+    CARRY_FORWARD;
+    SQRADD2(a[13], a[15]);
+    SQRADD(a[14], a[14]);
+    COMBA_STORE(b[28]);
+
+    /* output 29 */
+    CARRY_FORWARD;
+    SQRADD2(a[14], a[15]);
+    COMBA_STORE(b[29]);
+
+    /* output 30 */
+    CARRY_FORWARD;
+    SQRADD(a[15], a[15]);
+    COMBA_STORE(b[30]);
+    COMBA_STORE2(b[31]);
+    COMBA_FINI;
+
+    B->used = 32;
+    B->sign = ZPOS;
+    memcpy(B->dp, b, 32 * sizeof(mp_digit));
+    mp_clamp(B);
+}
+
+void
+s_mp_sqr_comba_32(const mp_int *A, mp_int *B)
+{
+    mp_digit *a, b[64], c0, c1, c2, sc0, sc1, sc2;
+
+    a = A->dp;
+    COMBA_START;
+
+    /* clear carries */
+    CLEAR_CARRY;
+
+    /* output 0 */
+    SQRADD(a[0], a[0]);
+    COMBA_STORE(b[0]);
+
+    /* output 1 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[1]);
+    COMBA_STORE(b[1]);
+
+    /* output 2 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[2]);
+    SQRADD(a[1], a[1]);
+    COMBA_STORE(b[2]);
+
+    /* output 3 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[3]);
+    SQRADD2(a[1], a[2]);
+    COMBA_STORE(b[3]);
+
+    /* output 4 */
+    CARRY_FORWARD;
+    SQRADD2(a[0], a[4]);
+    SQRADD2(a[1], a[3]);
+    SQRADD(a[2], a[2]);
+    COMBA_STORE(b[4]);
+
+    /* output 5 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[5]);
+    SQRADDAC(a[1], a[4]);
+    SQRADDAC(a[2], a[3]);
+    SQRADDDB;
+    COMBA_STORE(b[5]);
+
+    /* output 6 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[6]);
+    SQRADDAC(a[1], a[5]);
+    SQRADDAC(a[2], a[4]);
+    SQRADDDB;
+    SQRADD(a[3], a[3]);
+    COMBA_STORE(b[6]);
+
+    /* output 7 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[7]);
+    SQRADDAC(a[1], a[6]);
+    SQRADDAC(a[2], a[5]);
+    SQRADDAC(a[3], a[4]);
+    SQRADDDB;
+    COMBA_STORE(b[7]);
+
+    /* output 8 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[8]);
+    SQRADDAC(a[1], a[7]);
+    SQRADDAC(a[2], a[6]);
+    SQRADDAC(a[3], a[5]);
+    SQRADDDB;
+    SQRADD(a[4], a[4]);
+    COMBA_STORE(b[8]);
+
+    /* output 9 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[9]);
+    SQRADDAC(a[1], a[8]);
+    SQRADDAC(a[2], a[7]);
+    SQRADDAC(a[3], a[6]);
+    SQRADDAC(a[4], a[5]);
+    SQRADDDB;
+    COMBA_STORE(b[9]);
+
+    /* output 10 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[10]);
+    SQRADDAC(a[1], a[9]);
+    SQRADDAC(a[2], a[8]);
+    SQRADDAC(a[3], a[7]);
+    SQRADDAC(a[4], a[6]);
+    SQRADDDB;
+    SQRADD(a[5], a[5]);
+    COMBA_STORE(b[10]);
+
+    /* output 11 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[11]);
+    SQRADDAC(a[1], a[10]);
+    SQRADDAC(a[2], a[9]);
+    SQRADDAC(a[3], a[8]);
+    SQRADDAC(a[4], a[7]);
+    SQRADDAC(a[5], a[6]);
+    SQRADDDB;
+    COMBA_STORE(b[11]);
+
+    /* output 12 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[12]);
+    SQRADDAC(a[1], a[11]);
+    SQRADDAC(a[2], a[10]);
+    SQRADDAC(a[3], a[9]);
+    SQRADDAC(a[4], a[8]);
+    SQRADDAC(a[5], a[7]);
+    SQRADDDB;
+    SQRADD(a[6], a[6]);
+    COMBA_STORE(b[12]);
+
+    /* output 13 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[13]);
+    SQRADDAC(a[1], a[12]);
+    SQRADDAC(a[2], a[11]);
+    SQRADDAC(a[3], a[10]);
+    SQRADDAC(a[4], a[9]);
+    SQRADDAC(a[5], a[8]);
+    SQRADDAC(a[6], a[7]);
+    SQRADDDB;
+    COMBA_STORE(b[13]);
+
+    /* output 14 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[14]);
+    SQRADDAC(a[1], a[13]);
+    SQRADDAC(a[2], a[12]);
+    SQRADDAC(a[3], a[11]);
+    SQRADDAC(a[4], a[10]);
+    SQRADDAC(a[5], a[9]);
+    SQRADDAC(a[6], a[8]);
+    SQRADDDB;
+    SQRADD(a[7], a[7]);
+    COMBA_STORE(b[14]);
+
+    /* output 15 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[15]);
+    SQRADDAC(a[1], a[14]);
+    SQRADDAC(a[2], a[13]);
+    SQRADDAC(a[3], a[12]);
+    SQRADDAC(a[4], a[11]);
+    SQRADDAC(a[5], a[10]);
+    SQRADDAC(a[6], a[9]);
+    SQRADDAC(a[7], a[8]);
+    SQRADDDB;
+    COMBA_STORE(b[15]);
+
+    /* output 16 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[16]);
+    SQRADDAC(a[1], a[15]);
+    SQRADDAC(a[2], a[14]);
+    SQRADDAC(a[3], a[13]);
+    SQRADDAC(a[4], a[12]);
+    SQRADDAC(a[5], a[11]);
+    SQRADDAC(a[6], a[10]);
+    SQRADDAC(a[7], a[9]);
+    SQRADDDB;
+    SQRADD(a[8], a[8]);
+    COMBA_STORE(b[16]);
+
+    /* output 17 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[17]);
+    SQRADDAC(a[1], a[16]);
+    SQRADDAC(a[2], a[15]);
+    SQRADDAC(a[3], a[14]);
+    SQRADDAC(a[4], a[13]);
+    SQRADDAC(a[5], a[12]);
+    SQRADDAC(a[6], a[11]);
+    SQRADDAC(a[7], a[10]);
+    SQRADDAC(a[8], a[9]);
+    SQRADDDB;
+    COMBA_STORE(b[17]);
+
+    /* output 18 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[18]);
+    SQRADDAC(a[1], a[17]);
+    SQRADDAC(a[2], a[16]);
+    SQRADDAC(a[3], a[15]);
+    SQRADDAC(a[4], a[14]);
+    SQRADDAC(a[5], a[13]);
+    SQRADDAC(a[6], a[12]);
+    SQRADDAC(a[7], a[11]);
+    SQRADDAC(a[8], a[10]);
+    SQRADDDB;
+    SQRADD(a[9], a[9]);
+    COMBA_STORE(b[18]);
+
+    /* output 19 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[19]);
+    SQRADDAC(a[1], a[18]);
+    SQRADDAC(a[2], a[17]);
+    SQRADDAC(a[3], a[16]);
+    SQRADDAC(a[4], a[15]);
+    SQRADDAC(a[5], a[14]);
+    SQRADDAC(a[6], a[13]);
+    SQRADDAC(a[7], a[12]);
+    SQRADDAC(a[8], a[11]);
+    SQRADDAC(a[9], a[10]);
+    SQRADDDB;
+    COMBA_STORE(b[19]);
+
+    /* output 20 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[20]);
+    SQRADDAC(a[1], a[19]);
+    SQRADDAC(a[2], a[18]);
+    SQRADDAC(a[3], a[17]);
+    SQRADDAC(a[4], a[16]);
+    SQRADDAC(a[5], a[15]);
+    SQRADDAC(a[6], a[14]);
+    SQRADDAC(a[7], a[13]);
+    SQRADDAC(a[8], a[12]);
+    SQRADDAC(a[9], a[11]);
+    SQRADDDB;
+    SQRADD(a[10], a[10]);
+    COMBA_STORE(b[20]);
+
+    /* output 21 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[21]);
+    SQRADDAC(a[1], a[20]);
+    SQRADDAC(a[2], a[19]);
+    SQRADDAC(a[3], a[18]);
+    SQRADDAC(a[4], a[17]);
+    SQRADDAC(a[5], a[16]);
+    SQRADDAC(a[6], a[15]);
+    SQRADDAC(a[7], a[14]);
+    SQRADDAC(a[8], a[13]);
+    SQRADDAC(a[9], a[12]);
+    SQRADDAC(a[10], a[11]);
+    SQRADDDB;
+    COMBA_STORE(b[21]);
+
+    /* output 22 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[22]);
+    SQRADDAC(a[1], a[21]);
+    SQRADDAC(a[2], a[20]);
+    SQRADDAC(a[3], a[19]);
+    SQRADDAC(a[4], a[18]);
+    SQRADDAC(a[5], a[17]);
+    SQRADDAC(a[6], a[16]);
+    SQRADDAC(a[7], a[15]);
+    SQRADDAC(a[8], a[14]);
+    SQRADDAC(a[9], a[13]);
+    SQRADDAC(a[10], a[12]);
+    SQRADDDB;
+    SQRADD(a[11], a[11]);
+    COMBA_STORE(b[22]);
+
+    /* output 23 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[23]);
+    SQRADDAC(a[1], a[22]);
+    SQRADDAC(a[2], a[21]);
+    SQRADDAC(a[3], a[20]);
+    SQRADDAC(a[4], a[19]);
+    SQRADDAC(a[5], a[18]);
+    SQRADDAC(a[6], a[17]);
+    SQRADDAC(a[7], a[16]);
+    SQRADDAC(a[8], a[15]);
+    SQRADDAC(a[9], a[14]);
+    SQRADDAC(a[10], a[13]);
+    SQRADDAC(a[11], a[12]);
+    SQRADDDB;
+    COMBA_STORE(b[23]);
+
+    /* output 24 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[24]);
+    SQRADDAC(a[1], a[23]);
+    SQRADDAC(a[2], a[22]);
+    SQRADDAC(a[3], a[21]);
+    SQRADDAC(a[4], a[20]);
+    SQRADDAC(a[5], a[19]);
+    SQRADDAC(a[6], a[18]);
+    SQRADDAC(a[7], a[17]);
+    SQRADDAC(a[8], a[16]);
+    SQRADDAC(a[9], a[15]);
+    SQRADDAC(a[10], a[14]);
+    SQRADDAC(a[11], a[13]);
+    SQRADDDB;
+    SQRADD(a[12], a[12]);
+    COMBA_STORE(b[24]);
+
+    /* output 25 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[25]);
+    SQRADDAC(a[1], a[24]);
+    SQRADDAC(a[2], a[23]);
+    SQRADDAC(a[3], a[22]);
+    SQRADDAC(a[4], a[21]);
+    SQRADDAC(a[5], a[20]);
+    SQRADDAC(a[6], a[19]);
+    SQRADDAC(a[7], a[18]);
+    SQRADDAC(a[8], a[17]);
+    SQRADDAC(a[9], a[16]);
+    SQRADDAC(a[10], a[15]);
+    SQRADDAC(a[11], a[14]);
+    SQRADDAC(a[12], a[13]);
+    SQRADDDB;
+    COMBA_STORE(b[25]);
+
+    /* output 26 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[26]);
+    SQRADDAC(a[1], a[25]);
+    SQRADDAC(a[2], a[24]);
+    SQRADDAC(a[3], a[23]);
+    SQRADDAC(a[4], a[22]);
+    SQRADDAC(a[5], a[21]);
+    SQRADDAC(a[6], a[20]);
+    SQRADDAC(a[7], a[19]);
+    SQRADDAC(a[8], a[18]);
+    SQRADDAC(a[9], a[17]);
+    SQRADDAC(a[10], a[16]);
+    SQRADDAC(a[11], a[15]);
+    SQRADDAC(a[12], a[14]);
+    SQRADDDB;
+    SQRADD(a[13], a[13]);
+    COMBA_STORE(b[26]);
+
+    /* output 27 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[27]);
+    SQRADDAC(a[1], a[26]);
+    SQRADDAC(a[2], a[25]);
+    SQRADDAC(a[3], a[24]);
+    SQRADDAC(a[4], a[23]);
+    SQRADDAC(a[5], a[22]);
+    SQRADDAC(a[6], a[21]);
+    SQRADDAC(a[7], a[20]);
+    SQRADDAC(a[8], a[19]);
+    SQRADDAC(a[9], a[18]);
+    SQRADDAC(a[10], a[17]);
+    SQRADDAC(a[11], a[16]);
+    SQRADDAC(a[12], a[15]);
+    SQRADDAC(a[13], a[14]);
+    SQRADDDB;
+    COMBA_STORE(b[27]);
+
+    /* output 28 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[28]);
+    SQRADDAC(a[1], a[27]);
+    SQRADDAC(a[2], a[26]);
+    SQRADDAC(a[3], a[25]);
+    SQRADDAC(a[4], a[24]);
+    SQRADDAC(a[5], a[23]);
+    SQRADDAC(a[6], a[22]);
+    SQRADDAC(a[7], a[21]);
+    SQRADDAC(a[8], a[20]);
+    SQRADDAC(a[9], a[19]);
+    SQRADDAC(a[10], a[18]);
+    SQRADDAC(a[11], a[17]);
+    SQRADDAC(a[12], a[16]);
+    SQRADDAC(a[13], a[15]);
+    SQRADDDB;
+    SQRADD(a[14], a[14]);
+    COMBA_STORE(b[28]);
+
+    /* output 29 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[29]);
+    SQRADDAC(a[1], a[28]);
+    SQRADDAC(a[2], a[27]);
+    SQRADDAC(a[3], a[26]);
+    SQRADDAC(a[4], a[25]);
+    SQRADDAC(a[5], a[24]);
+    SQRADDAC(a[6], a[23]);
+    SQRADDAC(a[7], a[22]);
+    SQRADDAC(a[8], a[21]);
+    SQRADDAC(a[9], a[20]);
+    SQRADDAC(a[10], a[19]);
+    SQRADDAC(a[11], a[18]);
+    SQRADDAC(a[12], a[17]);
+    SQRADDAC(a[13], a[16]);
+    SQRADDAC(a[14], a[15]);
+    SQRADDDB;
+    COMBA_STORE(b[29]);
+
+    /* output 30 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[30]);
+    SQRADDAC(a[1], a[29]);
+    SQRADDAC(a[2], a[28]);
+    SQRADDAC(a[3], a[27]);
+    SQRADDAC(a[4], a[26]);
+    SQRADDAC(a[5], a[25]);
+    SQRADDAC(a[6], a[24]);
+    SQRADDAC(a[7], a[23]);
+    SQRADDAC(a[8], a[22]);
+    SQRADDAC(a[9], a[21]);
+    SQRADDAC(a[10], a[20]);
+    SQRADDAC(a[11], a[19]);
+    SQRADDAC(a[12], a[18]);
+    SQRADDAC(a[13], a[17]);
+    SQRADDAC(a[14], a[16]);
+    SQRADDDB;
+    SQRADD(a[15], a[15]);
+    COMBA_STORE(b[30]);
+
+    /* output 31 */
+    CARRY_FORWARD;
+    SQRADDSC(a[0], a[31]);
+    SQRADDAC(a[1], a[30]);
+    SQRADDAC(a[2], a[29]);
+    SQRADDAC(a[3], a[28]);
+    SQRADDAC(a[4], a[27]);
+    SQRADDAC(a[5], a[26]);
+    SQRADDAC(a[6], a[25]);
+    SQRADDAC(a[7], a[24]);
+    SQRADDAC(a[8], a[23]);
+    SQRADDAC(a[9], a[22]);
+    SQRADDAC(a[10], a[21]);
+    SQRADDAC(a[11], a[20]);
+    SQRADDAC(a[12], a[19]);
+    SQRADDAC(a[13], a[18]);
+    SQRADDAC(a[14], a[17]);
+    SQRADDAC(a[15], a[16]);
+    SQRADDDB;
+    COMBA_STORE(b[31]);
+
+    /* output 32 */
+    CARRY_FORWARD;
+    SQRADDSC(a[1], a[31]);
+    SQRADDAC(a[2], a[30]);
+    SQRADDAC(a[3], a[29]);
+    SQRADDAC(a[4], a[28]);
+    SQRADDAC(a[5], a[27]);
+    SQRADDAC(a[6], a[26]);
+    SQRADDAC(a[7], a[25]);
+    SQRADDAC(a[8], a[24]);
+    SQRADDAC(a[9], a[23]);
+    SQRADDAC(a[10], a[22]);
+    SQRADDAC(a[11], a[21]);
+    SQRADDAC(a[12], a[20]);
+    SQRADDAC(a[13], a[19]);
+    SQRADDAC(a[14], a[18]);
+    SQRADDAC(a[15], a[17]);
+    SQRADDDB;
+    SQRADD(a[16], a[16]);
+    COMBA_STORE(b[32]);
+
+    /* output 33 */
+    CARRY_FORWARD;
+    SQRADDSC(a[2], a[31]);
+    SQRADDAC(a[3], a[30]);
+    SQRADDAC(a[4], a[29]);
+    SQRADDAC(a[5], a[28]);
+    SQRADDAC(a[6], a[27]);
+    SQRADDAC(a[7], a[26]);
+    SQRADDAC(a[8], a[25]);
+    SQRADDAC(a[9], a[24]);
+    SQRADDAC(a[10], a[23]);
+    SQRADDAC(a[11], a[22]);
+    SQRADDAC(a[12], a[21]);
+    SQRADDAC(a[13], a[20]);
+    SQRADDAC(a[14], a[19]);
+    SQRADDAC(a[15], a[18]);
+    SQRADDAC(a[16], a[17]);
+    SQRADDDB;
+    COMBA_STORE(b[33]);
+
+    /* output 34 */
+    CARRY_FORWARD;
+    SQRADDSC(a[3], a[31]);
+    SQRADDAC(a[4], a[30]);
+    SQRADDAC(a[5], a[29]);
+    SQRADDAC(a[6], a[28]);
+    SQRADDAC(a[7], a[27]);
+    SQRADDAC(a[8], a[26]);
+    SQRADDAC(a[9], a[25]);
+    SQRADDAC(a[10], a[24]);
+    SQRADDAC(a[11], a[23]);
+    SQRADDAC(a[12], a[22]);
+    SQRADDAC(a[13], a[21]);
+    SQRADDAC(a[14], a[20]);
+    SQRADDAC(a[15], a[19]);
+    SQRADDAC(a[16], a[18]);
+    SQRADDDB;
+    SQRADD(a[17], a[17]);
+    COMBA_STORE(b[34]);
+
+    /* output 35 */
+    CARRY_FORWARD;
+    SQRADDSC(a[4], a[31]);
+    SQRADDAC(a[5], a[30]);
+    SQRADDAC(a[6], a[29]);
+    SQRADDAC(a[7], a[28]);
+    SQRADDAC(a[8], a[27]);
+    SQRADDAC(a[9], a[26]);
+    SQRADDAC(a[10], a[25]);
+    SQRADDAC(a[11], a[24]);
+    SQRADDAC(a[12], a[23]);
+    SQRADDAC(a[13], a[22]);
+    SQRADDAC(a[14], a[21]);
+    SQRADDAC(a[15], a[20]);
+    SQRADDAC(a[16], a[19]);
+    SQRADDAC(a[17], a[18]);
+    SQRADDDB;
+    COMBA_STORE(b[35]);
+
+    /* output 36 */
+    CARRY_FORWARD;
+    SQRADDSC(a[5], a[31]);
+    SQRADDAC(a[6], a[30]);
+    SQRADDAC(a[7], a[29]);
+    SQRADDAC(a[8], a[28]);
+    SQRADDAC(a[9], a[27]);
+    SQRADDAC(a[10], a[26]);
+    SQRADDAC(a[11], a[25]);
+    SQRADDAC(a[12], a[24]);
+    SQRADDAC(a[13], a[23]);
+    SQRADDAC(a[14], a[22]);
+    SQRADDAC(a[15], a[21]);
+    SQRADDAC(a[16], a[20]);
+    SQRADDAC(a[17], a[19]);
+    SQRADDDB;
+    SQRADD(a[18], a[18]);
+    COMBA_STORE(b[36]);
+
+    /* output 37 */
+    CARRY_FORWARD;
+    SQRADDSC(a[6], a[31]);
+    SQRADDAC(a[7], a[30]);
+    SQRADDAC(a[8], a[29]);
+    SQRADDAC(a[9], a[28]);
+    SQRADDAC(a[10], a[27]);
+    SQRADDAC(a[11], a[26]);
+    SQRADDAC(a[12], a[25]);
+    SQRADDAC(a[13], a[24]);
+    SQRADDAC(a[14], a[23]);
+    SQRADDAC(a[15], a[22]);
+    SQRADDAC(a[16], a[21]);
+    SQRADDAC(a[17], a[20]);
+    SQRADDAC(a[18], a[19]);
+    SQRADDDB;
+    COMBA_STORE(b[37]);
+
+    /* output 38 */
+    CARRY_FORWARD;
+    SQRADDSC(a[7], a[31]);
+    SQRADDAC(a[8], a[30]);
+    SQRADDAC(a[9], a[29]);
+    SQRADDAC(a[10], a[28]);
+    SQRADDAC(a[11], a[27]);
+    SQRADDAC(a[12], a[26]);
+    SQRADDAC(a[13], a[25]);
+    SQRADDAC(a[14], a[24]);
+    SQRADDAC(a[15], a[23]);
+    SQRADDAC(a[16], a[22]);
+    SQRADDAC(a[17], a[21]);
+    SQRADDAC(a[18], a[20]);
+    SQRADDDB;
+    SQRADD(a[19], a[19]);
+    COMBA_STORE(b[38]);
+
+    /* output 39 */
+    CARRY_FORWARD;
+    SQRADDSC(a[8], a[31]);
+    SQRADDAC(a[9], a[30]);
+    SQRADDAC(a[10], a[29]);
+    SQRADDAC(a[11], a[28]);
+    SQRADDAC(a[12], a[27]);
+    SQRADDAC(a[13], a[26]);
+    SQRADDAC(a[14], a[25]);
+    SQRADDAC(a[15], a[24]);
+    SQRADDAC(a[16], a[23]);
+    SQRADDAC(a[17], a[22]);
+    SQRADDAC(a[18], a[21]);
+    SQRADDAC(a[19], a[20]);
+    SQRADDDB;
+    COMBA_STORE(b[39]);
+
+    /* output 40 */
+    CARRY_FORWARD;
+    SQRADDSC(a[9], a[31]);
+    SQRADDAC(a[10], a[30]);
+    SQRADDAC(a[11], a[29]);
+    SQRADDAC(a[12], a[28]);
+    SQRADDAC(a[13], a[27]);
+    SQRADDAC(a[14], a[26]);
+    SQRADDAC(a[15], a[25]);
+    SQRADDAC(a[16], a[24]);
+    SQRADDAC(a[17], a[23]);
+    SQRADDAC(a[18], a[22]);
+    SQRADDAC(a[19], a[21]);
+    SQRADDDB;
+    SQRADD(a[20], a[20]);
+    COMBA_STORE(b[40]);
+
+    /* output 41 */
+    CARRY_FORWARD;
+    SQRADDSC(a[10], a[31]);
+    SQRADDAC(a[11], a[30]);
+    SQRADDAC(a[12], a[29]);
+    SQRADDAC(a[13], a[28]);
+    SQRADDAC(a[14], a[27]);
+    SQRADDAC(a[15], a[26]);
+    SQRADDAC(a[16], a[25]);
+    SQRADDAC(a[17], a[24]);
+    SQRADDAC(a[18], a[23]);
+    SQRADDAC(a[19], a[22]);
+    SQRADDAC(a[20], a[21]);
+    SQRADDDB;
+    COMBA_STORE(b[41]);
+
+    /* output 42 */
+    CARRY_FORWARD;
+    SQRADDSC(a[11], a[31]);
+    SQRADDAC(a[12], a[30]);
+    SQRADDAC(a[13], a[29]);
+    SQRADDAC(a[14], a[28]);
+    SQRADDAC(a[15], a[27]);
+    SQRADDAC(a[16], a[26]);
+    SQRADDAC(a[17], a[25]);
+    SQRADDAC(a[18], a[24]);
+    SQRADDAC(a[19], a[23]);
+    SQRADDAC(a[20], a[22]);
+    SQRADDDB;
+    SQRADD(a[21], a[21]);
+    COMBA_STORE(b[42]);
+
+    /* output 43 */
+    CARRY_FORWARD;
+    SQRADDSC(a[12], a[31]);
+    SQRADDAC(a[13], a[30]);
+    SQRADDAC(a[14], a[29]);
+    SQRADDAC(a[15], a[28]);
+    SQRADDAC(a[16], a[27]);
+    SQRADDAC(a[17], a[26]);
+    SQRADDAC(a[18], a[25]);
+    SQRADDAC(a[19], a[24]);
+    SQRADDAC(a[20], a[23]);
+    SQRADDAC(a[21], a[22]);
+    SQRADDDB;
+    COMBA_STORE(b[43]);
+
+    /* output 44 */
+    CARRY_FORWARD;
+    SQRADDSC(a[13], a[31]);
+    SQRADDAC(a[14], a[30]);
+    SQRADDAC(a[15], a[29]);
+    SQRADDAC(a[16], a[28]);
+    SQRADDAC(a[17], a[27]);
+    SQRADDAC(a[18], a[26]);
+    SQRADDAC(a[19], a[25]);
+    SQRADDAC(a[20], a[24]);
+    SQRADDAC(a[21], a[23]);
+    SQRADDDB;
+    SQRADD(a[22], a[22]);
+    COMBA_STORE(b[44]);
+
+    /* output 45 */
+    CARRY_FORWARD;
+    SQRADDSC(a[14], a[31]);
+    SQRADDAC(a[15], a[30]);
+    SQRADDAC(a[16], a[29]);
+    SQRADDAC(a[17], a[28]);
+    SQRADDAC(a[18], a[27]);
+    SQRADDAC(a[19], a[26]);
+    SQRADDAC(a[20], a[25]);
+    SQRADDAC(a[21], a[24]);
+    SQRADDAC(a[22], a[23]);
+    SQRADDDB;
+    COMBA_STORE(b[45]);
+
+    /* output 46 */
+    CARRY_FORWARD;
+    SQRADDSC(a[15], a[31]);
+    SQRADDAC(a[16], a[30]);
+    SQRADDAC(a[17], a[29]);
+    SQRADDAC(a[18], a[28]);
+    SQRADDAC(a[19], a[27]);
+    SQRADDAC(a[20], a[26]);
+    SQRADDAC(a[21], a[25]);
+    SQRADDAC(a[22], a[24]);
+    SQRADDDB;
+    SQRADD(a[23], a[23]);
+    COMBA_STORE(b[46]);
+
+    /* output 47 */
+    CARRY_FORWARD;
+    SQRADDSC(a[16], a[31]);
+    SQRADDAC(a[17], a[30]);
+    SQRADDAC(a[18], a[29]);
+    SQRADDAC(a[19], a[28]);
+    SQRADDAC(a[20], a[27]);
+    SQRADDAC(a[21], a[26]);
+    SQRADDAC(a[22], a[25]);
+    SQRADDAC(a[23], a[24]);
+    SQRADDDB;
+    COMBA_STORE(b[47]);
+
+    /* output 48 */
+    CARRY_FORWARD;
+    SQRADDSC(a[17], a[31]);
+    SQRADDAC(a[18], a[30]);
+    SQRADDAC(a[19], a[29]);
+    SQRADDAC(a[20], a[28]);
+    SQRADDAC(a[21], a[27]);
+    SQRADDAC(a[22], a[26]);
+    SQRADDAC(a[23], a[25]);
+    SQRADDDB;
+    SQRADD(a[24], a[24]);
+    COMBA_STORE(b[48]);
+
+    /* output 49 */
+    CARRY_FORWARD;
+    SQRADDSC(a[18], a[31]);
+    SQRADDAC(a[19], a[30]);
+    SQRADDAC(a[20], a[29]);
+    SQRADDAC(a[21], a[28]);
+    SQRADDAC(a[22], a[27]);
+    SQRADDAC(a[23], a[26]);
+    SQRADDAC(a[24], a[25]);
+    SQRADDDB;
+    COMBA_STORE(b[49]);
+
+    /* output 50 */
+    CARRY_FORWARD;
+    SQRADDSC(a[19], a[31]);
+    SQRADDAC(a[20], a[30]);
+    SQRADDAC(a[21], a[29]);
+    SQRADDAC(a[22], a[28]);
+    SQRADDAC(a[23], a[27]);
+    SQRADDAC(a[24], a[26]);
+    SQRADDDB;
+    SQRADD(a[25], a[25]);
+    COMBA_STORE(b[50]);
+
+    /* output 51 */
+    CARRY_FORWARD;
+    SQRADDSC(a[20], a[31]);
+    SQRADDAC(a[21], a[30]);
+    SQRADDAC(a[22], a[29]);
+    SQRADDAC(a[23], a[28]);
+    SQRADDAC(a[24], a[27]);
+    SQRADDAC(a[25], a[26]);
+    SQRADDDB;
+    COMBA_STORE(b[51]);
+
+    /* output 52 */
+    CARRY_FORWARD;
+    SQRADDSC(a[21], a[31]);
+    SQRADDAC(a[22], a[30]);
+    SQRADDAC(a[23], a[29]);
+    SQRADDAC(a[24], a[28]);
+    SQRADDAC(a[25], a[27]);
+    SQRADDDB;
+    SQRADD(a[26], a[26]);
+    COMBA_STORE(b[52]);
+
+    /* output 53 */
+    CARRY_FORWARD;
+    SQRADDSC(a[22], a[31]);
+    SQRADDAC(a[23], a[30]);
+    SQRADDAC(a[24], a[29]);
+    SQRADDAC(a[25], a[28]);
+    SQRADDAC(a[26], a[27]);
+    SQRADDDB;
+    COMBA_STORE(b[53]);
+
+    /* output 54 */
+    CARRY_FORWARD;
+    SQRADDSC(a[23], a[31]);
+    SQRADDAC(a[24], a[30]);
+    SQRADDAC(a[25], a[29]);
+    SQRADDAC(a[26], a[28]);
+    SQRADDDB;
+    SQRADD(a[27], a[27]);
+    COMBA_STORE(b[54]);
+
+    /* output 55 */
+    CARRY_FORWARD;
+    SQRADDSC(a[24], a[31]);
+    SQRADDAC(a[25], a[30]);
+    SQRADDAC(a[26], a[29]);
+    SQRADDAC(a[27], a[28]);
+    SQRADDDB;
+    COMBA_STORE(b[55]);
+
+    /* output 56 */
+    CARRY_FORWARD;
+    SQRADDSC(a[25], a[31]);
+    SQRADDAC(a[26], a[30]);
+    SQRADDAC(a[27], a[29]);
+    SQRADDDB;
+    SQRADD(a[28], a[28]);
+    COMBA_STORE(b[56]);
+
+    /* output 57 */
+    CARRY_FORWARD;
+    SQRADDSC(a[26], a[31]);
+    SQRADDAC(a[27], a[30]);
+    SQRADDAC(a[28], a[29]);
+    SQRADDDB;
+    COMBA_STORE(b[57]);
+
+    /* output 58 */
+    CARRY_FORWARD;
+    SQRADD2(a[27], a[31]);
+    SQRADD2(a[28], a[30]);
+    SQRADD(a[29], a[29]);
+    COMBA_STORE(b[58]);
+
+    /* output 59 */
+    CARRY_FORWARD;
+    SQRADD2(a[28], a[31]);
+    SQRADD2(a[29], a[30]);
+    COMBA_STORE(b[59]);
+
+    /* output 60 */
+    CARRY_FORWARD;
+    SQRADD2(a[29], a[31]);
+    SQRADD(a[30], a[30]);
+    COMBA_STORE(b[60]);
+
+    /* output 61 */
+    CARRY_FORWARD;
+    SQRADD2(a[30], a[31]);
+    COMBA_STORE(b[61]);
+
+    /* output 62 */
+    CARRY_FORWARD;
+    SQRADD(a[31], a[31]);
+    COMBA_STORE(b[62]);
+    COMBA_STORE2(b[63]);
+    COMBA_FINI;
+
+    B->used = 64;
+    B->sign = ZPOS;
+    memcpy(B->dp, b, 64 * sizeof(mp_digit));
+    mp_clamp(B);
+}
diff --git a/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm b/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm
new file mode 100644
index 0000000..cb43258
--- /dev/null
+++ b/nss/lib/freebl/mpi/mp_comba_amd64_masm.asm
@@ -0,0 +1,13066 @@
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+;/* TomsFastMath, a fast ISO C bignum library.
+; * 
+; * This project is meant to fill in where LibTomMath
+; * falls short.  That is speed ;-)
+; *
+; * This project is public domain and free for all purposes.
+; * 
+; * Tom St Denis, tomstdenis@iahu.ca
+; */
+
+;/*
+; * The source file from which this assembly was derived
+; * comes from TFM v0.03, which has the above license.
+; * This source was from mp_comba_amd64.sun.s and convert to
+; * MASM code set.
+; */
+
+.CODE
+
+externdef memcpy:PROC
+
+public s_mp_mul_comba_4
+public s_mp_mul_comba_8
+public s_mp_mul_comba_16
+public s_mp_mul_comba_32
+public s_mp_sqr_comba_8
+public s_mp_sqr_comba_16
+public s_mp_sqr_comba_32
+
+
+; void s_mp_mul_comba_4(const mp_int *A, const mp_int *B, mp_int *C)
+
+        ALIGN 16
+s_mp_mul_comba_4 PROC
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+        mov rdx, r8
+
+        push r12
+        push rbp
+        push rbx
+        sub rsp, 64
+        mov r9, qword ptr [16+rdi]
+        mov rbx, rdx
+        mov rdx, qword ptr [16+rsi]
+        mov rax, qword ptr [r9]
+        mov qword ptr [-64+64+rsp], rax
+        mov r8, qword ptr [8+r9]
+        mov qword ptr [-56+64+rsp], r8
+        mov rbp, qword ptr [16+r9]
+        mov qword ptr [-48+64+rsp], rbp
+        mov r12, qword ptr [24+r9]
+        mov qword ptr [-40+64+rsp], r12
+        mov rcx, qword ptr [rdx]
+        mov qword ptr [-32+64+rsp], rcx
+        mov r10, qword ptr [8+rdx]
+        mov qword ptr [-24+64+rsp], r10
+        mov r11, qword ptr [16+rdx]
+        xor r10d, r10d
+        mov r8, r10
+        mov r9, r10
+        mov rbp, r10
+        mov qword ptr [-16+64+rsp], r11
+        mov r11, qword ptr [16+rbx]
+        mov rax, qword ptr [24+rdx]
+        mov qword ptr [-8+64+rsp], rax
+        mov rax, qword ptr [-64+64+rsp]
+        mul qword ptr [-32+64+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rbp, 0
+        mov qword ptr [r11], r8
+        mov r8, rbp
+        mov rbp, r10
+        mov rax, qword ptr [-64+64+rsp]
+        mul qword ptr [-24+64+rsp]
+        add r9, rax
+        adc r8, rdx
+        adc rbp, 0
+        mov r12, rbp
+        mov rax, qword ptr [-56+64+rsp]
+        mul qword ptr [-32+64+rsp]
+        add r9, rax
+        adc r8, rdx
+        adc r12, 0
+        mov qword ptr [8+r11], r9
+        mov r9, r12
+        mov r12, r10
+        mov rax, qword ptr [-64+64+rsp]
+        mul qword ptr [-16+64+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc r12, 0
+        mov rcx, r12
+        mov rax, qword ptr [-56+64+rsp]
+        mul qword ptr [-24+64+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-48+64+rsp]
+        mul qword ptr [-32+64+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [16+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-64+64+rsp]
+        mul qword ptr [-8+64+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+64+rsp]
+        mul qword ptr [-16+64+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+64+rsp]
+        mul qword ptr [-24+64+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-40+64+rsp]
+        mul qword ptr [-32+64+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [24+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-56+64+rsp]
+        mul qword ptr [-8+64+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+64+rsp]
+        mul qword ptr [-16+64+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-40+64+rsp]
+        mul qword ptr [-24+64+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [32+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-48+64+rsp]
+        mul qword ptr [-8+64+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov r12, r8
+        mov rbp, r9
+        mov rax, qword ptr [-40+64+rsp]
+        mul qword ptr [-16+64+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [40+r11], rcx
+        mov r8, rbp
+        mov rcx, r12
+        mov rax, qword ptr [-40+64+rsp]
+        mul qword ptr [-8+64+rsp]
+        add r8, rax
+        adc rcx, rdx
+        adc r10, 0
+        mov qword ptr [48+r11], r8
+        mov esi, dword ptr [rsi]
+        xor esi, dword ptr [rdi]
+        test rcx, rcx
+        mov qword ptr [56+r11], rcx
+        mov dword ptr [8+rbx], 8
+        jne L9
+        ALIGN 16
+L18:
+        mov edx, dword ptr [8+rbx]
+        lea edi, dword ptr [-1+rdx]
+        test edi, edi
+        mov dword ptr [8+rbx], edi
+        je L9
+        lea r10d, dword ptr [-2+rdx]
+        cmp dword ptr [r11+r10*8], 0
+        je L18
+L9:
+        mov edx, dword ptr [8+rbx]
+        xor r11d, r11d
+        test edx, edx
+        cmovne r11d, esi
+        mov dword ptr [rbx], r11d
+        add rsp, 64
+        pop rbx
+        pop rbp
+        pop r12
+
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_mul_comba_4 ENDP
+
+
+; void s_mp_mul_comba_8(const mp_int *A, const mp_int *B, mp_int *C)
+
+        ALIGN 16
+s_mp_mul_comba_8 PROC
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+        mov rdx, r8
+
+        push r12
+        push rbp
+        push rbx
+        mov rbx, rdx
+        sub rsp, 8+128
+        mov rdx, qword ptr [16+rdi]
+        mov r8, qword ptr [rdx]
+        mov qword ptr [-120+128+rsp], r8
+        mov rbp, qword ptr [8+rdx]
+        mov qword ptr [-112+128+rsp], rbp
+        mov r9, qword ptr [16+rdx]
+        mov qword ptr [-104+128+rsp], r9
+        mov r12, qword ptr [24+rdx]
+        mov qword ptr [-96+128+rsp], r12
+        mov rcx, qword ptr [32+rdx]
+        mov qword ptr [-88+128+rsp], rcx
+        mov r10, qword ptr [40+rdx]
+        mov qword ptr [-80+128+rsp], r10
+        mov r11, qword ptr [48+rdx]
+        mov qword ptr [-72+128+rsp], r11
+        mov rax, qword ptr [56+rdx]
+        mov rdx, qword ptr [16+rsi]
+        mov qword ptr [-64+128+rsp], rax
+        mov r8, qword ptr [rdx]
+        mov qword ptr [-56+128+rsp], r8
+        mov rbp, qword ptr [8+rdx]
+        mov qword ptr [-48+128+rsp], rbp
+        mov r9, qword ptr [16+rdx]
+        mov qword ptr [-40+128+rsp], r9
+        mov r12, qword ptr [24+rdx]
+        mov qword ptr [-32+128+rsp], r12
+        mov rcx, qword ptr [32+rdx]
+        mov qword ptr [-24+128+rsp], rcx
+        mov r10, qword ptr [40+rdx]
+        mov qword ptr [-16+128+rsp], r10
+        mov r11, qword ptr [48+rdx]
+        xor r10d, r10d
+        mov r8, r10
+        mov r9, r10
+        mov rbp, r10
+        mov qword ptr [-8+128+rsp], r11
+        mov r11, qword ptr [16+rbx]
+        mov rax, qword ptr [56+rdx]
+        mov qword ptr [128+rsp], rax
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rbp, 0
+        mov qword ptr [r11], r8
+        mov r8, rbp
+        mov rbp, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add r9, rax
+        adc r8, rdx
+        adc rbp, 0
+        mov r12, rbp
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add r9, rax
+        adc r8, rdx
+        adc r12, 0
+        mov qword ptr [8+r11], r9
+        mov r9, r12
+        mov r12, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc r12, 0
+        mov rcx, r12
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [16+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [24+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [32+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [40+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [48+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [-56+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [56+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [-48+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [64+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [-40+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [72+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [-32+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [80+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [-24+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [88+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [-16+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [96+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov r12, r8
+        mov rbp, r9
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [-8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [104+r11], rcx
+        mov r8, rbp
+        mov rcx, r12
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [128+rsp]
+        add r8, rax
+        adc rcx, rdx
+        adc r10, 0
+        mov qword ptr [112+r11], r8
+        mov esi, dword ptr [rsi]
+        xor esi, dword ptr [rdi]
+        test rcx, rcx
+        mov qword ptr [120+r11], rcx
+        mov dword ptr [8+rbx], 16
+        jne L35
+        ALIGN 16
+L43:
+        mov edx, dword ptr [8+rbx]
+        lea edi, dword ptr [-1+rdx]
+        test edi, edi
+        mov dword ptr [8+rbx], edi
+        je L35
+        lea eax, dword ptr [-2+rdx]
+        cmp dword ptr [r11+rax*8], 0
+        je L43
+L35:
+        mov r11d, dword ptr [8+rbx]
+        xor edx, edx
+        test r11d, r11d
+        cmovne edx, esi
+        mov dword ptr [rbx], edx
+        add rsp, 8+128
+        pop rbx
+        pop rbp
+        pop r12
+
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_mul_comba_8 ENDP
+
+
+; void s_mp_mul_comba_16(const mp_int *A, const mp_int *B, mp_int *C);
+
+        ALIGN 16
+s_mp_mul_comba_16 PROC
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+        mov rdx, r8
+
+        push r12
+        push rbp
+        push rbx
+        mov rbx, rdx
+        sub rsp, 136+128
+        mov rax, qword ptr [16+rdi]
+        mov r8, qword ptr [rax]
+        mov qword ptr [-120+128+rsp], r8
+        mov rbp, qword ptr [8+rax]
+        mov qword ptr [-112+128+rsp], rbp
+        mov r9, qword ptr [16+rax]
+        mov qword ptr [-104+128+rsp], r9
+        mov r12, qword ptr [24+rax]
+        mov qword ptr [-96+128+rsp], r12
+        mov rcx, qword ptr [32+rax]
+        mov qword ptr [-88+128+rsp], rcx
+        mov r10, qword ptr [40+rax]
+        mov qword ptr [-80+128+rsp], r10
+        mov rdx, qword ptr [48+rax]
+        mov qword ptr [-72+128+rsp], rdx
+        mov r11, qword ptr [56+rax]
+        mov qword ptr [-64+128+rsp], r11
+        mov r8, qword ptr [64+rax]
+        mov qword ptr [-56+128+rsp], r8
+        mov rbp, qword ptr [72+rax]
+        mov qword ptr [-48+128+rsp], rbp
+        mov r9, qword ptr [80+rax]
+        mov qword ptr [-40+128+rsp], r9
+        mov r12, qword ptr [88+rax]
+        mov qword ptr [-32+128+rsp], r12
+        mov rcx, qword ptr [96+rax]
+        mov qword ptr [-24+128+rsp], rcx
+        mov r10, qword ptr [104+rax]
+        mov qword ptr [-16+128+rsp], r10
+        mov rdx, qword ptr [112+rax]
+        mov qword ptr [-8+128+rsp], rdx
+        mov r11, qword ptr [120+rax]
+        mov qword ptr [128+rsp], r11
+        mov r11, qword ptr [16+rsi]
+        mov r8, qword ptr [r11]
+        mov qword ptr [8+128+rsp], r8
+        mov rbp, qword ptr [8+r11]
+        mov qword ptr [16+128+rsp], rbp
+        mov r9, qword ptr [16+r11]
+        mov qword ptr [24+128+rsp], r9
+        mov r12, qword ptr [24+r11]
+        mov qword ptr [32+128+rsp], r12
+        mov rcx, qword ptr [32+r11]
+        mov qword ptr [40+128+rsp], rcx
+        mov r10, qword ptr [40+r11]
+        mov qword ptr [48+128+rsp], r10
+        mov rdx, qword ptr [48+r11]
+        mov qword ptr [56+128+rsp], rdx
+        mov rax, qword ptr [56+r11]
+        mov qword ptr [64+128+rsp], rax
+        mov r8, qword ptr [64+r11]
+        mov qword ptr [72+128+rsp], r8
+        mov rbp, qword ptr [72+r11]
+        mov qword ptr [80+128+rsp], rbp
+        mov r9, qword ptr [80+r11]
+        mov qword ptr [88+128+rsp], r9
+        mov r12, qword ptr [88+r11]
+        mov qword ptr [96+128+rsp], r12
+        mov rcx, qword ptr [96+r11]
+        mov qword ptr [104+128+rsp], rcx
+        mov r10, qword ptr [104+r11]
+        mov qword ptr [112+128+rsp], r10
+        mov rdx, qword ptr [112+r11]
+        xor r10d, r10d
+        mov r8, r10
+        mov r9, r10
+        mov rbp, r10
+        mov qword ptr [120+128+rsp], rdx
+        mov rax, qword ptr [120+r11]
+        mov qword ptr [128+128+rsp], rax
+        mov r11, qword ptr [16+rbx]
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rbp, 0
+        mov qword ptr [r11], r8
+        mov r8, rbp
+        mov rbp, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r9, rax
+        adc r8, rdx
+        adc rbp, 0
+        mov r12, rbp
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r9, rax
+        adc r8, rdx
+        adc r12, 0
+        mov qword ptr [8+r11], r9
+        mov r9, r12
+        mov r12, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc r12, 0
+        mov rcx, r12
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [16+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [24+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [32+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [40+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [48+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [56+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [64+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [72+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [80+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [88+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [96+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [104+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [8+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [112+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-120+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [16+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [8+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [120+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-112+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [24+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [16+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [128+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-104+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [32+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [24+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [136+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-96+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [40+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [32+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [144+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-88+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [48+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [40+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [152+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-80+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [56+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [48+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [160+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-72+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [64+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [56+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [168+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-64+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [72+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [64+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [176+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-56+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [80+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [72+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [184+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-48+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [88+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [80+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [192+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-40+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [96+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [88+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [200+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-32+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [104+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [96+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [208+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-24+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [112+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbp, r9
+        mov r12, r8
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [104+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [216+r11], rcx
+        mov r9, r12
+        mov r8, rbp
+        mov rcx, r10
+        mov rax, qword ptr [-16+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [120+128+rsp]
+        add r8, rax
+        adc r9, rdx
+        adc rcx, 0
+        mov rbp, r9
+        mov r12, rcx
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [112+128+rsp]
+        add r8, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [224+r11], r8
+        mov r9, r12
+        mov rcx, rbp
+        mov r8, r10
+        mov rax, qword ptr [-8+128+rsp]
+        mul qword ptr [128+128+rsp]
+        add rcx, rax
+        adc r9, rdx
+        adc r8, 0
+        mov r12, r8
+        mov rbp, r9
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [120+128+rsp]
+        add rcx, rax
+        adc rbp, rdx
+        adc r12, 0
+        mov qword ptr [232+r11], rcx
+        mov r8, rbp
+        mov rcx, r12
+        mov rax, qword ptr [128+rsp]
+        mul qword ptr [128+128+rsp]
+        add r8, rax
+        adc rcx, rdx
+        adc r10, 0
+        mov qword ptr [240+r11], r8
+        mov esi, dword ptr [rsi]
+        xor esi, dword ptr [rdi]
+        test rcx, rcx
+        mov qword ptr [248+r11], rcx
+        mov dword ptr [8+rbx], 32
+        jne L76
+        ALIGN 16
+L84:
+        mov edx, dword ptr [8+rbx]
+        lea edi, dword ptr [-1+rdx]
+        test edi, edi
+        mov dword ptr [8+rbx], edi
+        je L76
+        lea eax, dword ptr [-2+rdx]
+        cmp dword ptr [r11+rax*8], 0
+        je L84
+L76:
+        mov edx, dword ptr [8+rbx]
+        xor r11d, r11d
+        test edx, edx
+        cmovne r11d, esi
+        mov dword ptr [rbx], r11d
+        add rsp, 136+128
+        pop rbx
+        pop rbp
+        pop r12
+
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_mul_comba_16 ENDP
+
+; void s_mp_mul_comba_32(const mp_int *A, const mp_int *B, mp_int *C)
+
+
+        ALIGN 16
+s_mp_mul_comba_32 PROC ; a "FRAME" function
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+        mov rdx, r8
+
+        push rbp
+        mov rbp, rsp
+        push r13
+        mov r13, rdx
+;        mov edx, 256
+        mov r8d, 256
+        push r12
+        mov r12, rsi
+        push rbx
+        mov rbx, rdi
+        sub rsp, 520+32			; +32 for "home" storage
+;        mov rsi, qword ptr [16+rdi]
+;        lea rdi, qword ptr [-544+rbp]
+        mov rdx, qword ptr [16+rdi]
+        lea rcx, qword ptr [-544+rbp]
+        call memcpy
+;        mov rsi, qword ptr [16+r12]
+;        lea rdi, qword ptr [-288+rbp]
+;        mov edx, 256
+        mov rdx, qword ptr [16+r12]
+        lea rcx, qword ptr [-288+rbp]
+        mov r8d, 256
+        call memcpy
+        mov r9, qword ptr [16+r13]
+        xor r8d, r8d
+        mov rsi, r8
+        mov rdi, r8
+        mov r10, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov qword ptr [r9], rsi
+        mov rsi, r10
+        mov r10, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-280+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc r10, 0
+        mov r11, r10
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-288+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc r11, 0
+        mov qword ptr [8+r9], rdi
+        mov rdi, r11
+        mov r11, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc r11, 0
+        mov rcx, r11
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [16+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [24+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [32+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [40+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [48+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [56+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [64+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [72+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [80+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [88+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [96+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [104+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [112+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [120+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [128+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [136+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [144+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [152+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [160+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [168+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [176+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [184+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [192+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [200+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [208+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [216+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [224+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [232+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-288+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [240+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-544+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-280+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-288+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [248+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-536+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-272+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-280+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [256+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-528+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-264+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-272+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [264+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-520+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-256+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-264+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [272+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-512+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-248+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-256+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [280+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-504+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-240+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-248+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [288+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-496+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-232+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-240+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [296+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-488+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-224+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-232+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [304+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-480+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-216+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-224+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [312+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-472+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-184+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-192+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-200+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-208+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-216+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [320+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-464+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-192+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-200+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-208+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [328+r9], rcx
+        mov rdi, r11
+        mov r11, r10
+        mov r10, r8
+        mov rax, qword ptr [-456+rbp]
+        mul qword ptr [-40+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-48+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-56+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-64+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-72+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-80+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-88+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-96+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-104+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-112+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-120+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-128+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-136+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-144+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-152+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-160+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-168+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-176+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-184+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-192+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-200+rbp]
+        add r11, rax
+        adc rdi, rdx
+        adc r10, 0
+        mov qword ptr [336+r9], r11
+        mov rsi, r10
+        mov r10, r8
+        mov rax, qword ptr [-448+rbp]
+        mul qword ptr [-40+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc r10, 0
+        mov rcx, r10
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-48+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-56+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-64+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-72+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-80+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-88+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-96+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-104+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-112+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-120+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-128+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-136+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-144+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-152+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-160+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-168+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-176+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-184+rbp]
+        add rdi, rax
+        adc rsi, rdx
+        adc rcx, 0
+        mov r11, rsi
+        mov r10, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-192+rbp]
+        add rdi, rax
+        adc r11, rdx
+        adc r10, 0
+        mov qword ptr [344+r9], rdi
+        mov rcx, r11
+        mov rdi, r10
+        mov r11, r8
+        mov rax, qword ptr [-440+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc r11, 0
+        mov rsi, r11
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-176+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-184+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [352+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-432+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-168+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-176+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [360+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-424+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-160+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-168+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [368+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-416+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-152+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-160+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [376+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-408+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-144+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-152+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [384+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-400+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-136+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-144+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [392+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-392+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-128+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-136+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [400+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-384+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-120+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-128+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [408+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-376+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-112+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-120+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [416+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-368+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-104+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-112+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [424+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-360+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-96+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-104+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [432+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-352+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-88+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-96+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [440+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-344+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-80+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-88+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [448+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-336+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-72+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-80+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [456+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-328+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-64+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-72+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [464+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-320+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-56+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r10, rdi
+        mov r11, rcx
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-64+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [472+r9], rsi
+        mov rdi, r11
+        mov rcx, r10
+        mov rsi, r8
+        mov rax, qword ptr [-312+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-48+rbp]
+        add rcx, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r10, rdi
+        mov r11, rsi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-56+rbp]
+        add rcx, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [480+r9], rcx
+        mov rdi, r11
+        mov rsi, r10
+        mov rcx, r8
+        mov rax, qword ptr [-304+rbp]
+        mul qword ptr [-40+rbp]
+        add rsi, rax
+        adc rdi, rdx
+        adc rcx, 0
+        mov r11, rcx
+        mov r10, rdi
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-48+rbp]
+        add rsi, rax
+        adc r10, rdx
+        adc r11, 0
+        mov qword ptr [488+r9], rsi
+        mov rcx, r10
+        mov rsi, r11
+        mov rax, qword ptr [-296+rbp]
+        mul qword ptr [-40+rbp]
+        add rcx, rax
+        adc rsi, rdx
+        adc r8, 0
+        mov qword ptr [496+r9], rcx
+        mov ecx, dword ptr [r12]
+        xor ecx, dword ptr [rbx]
+        test rsi, rsi
+        mov qword ptr [504+r9], rsi
+        mov dword ptr [8+r13], 64
+        jne L149
+        ALIGN 16
+L157:
+        mov edx, dword ptr [8+r13]
+        lea ebx, dword ptr [-1+rdx]
+        test ebx, ebx
+        mov dword ptr [8+r13], ebx
+        je L149
+        lea r12d, dword ptr [-2+rdx]
+        cmp dword ptr [r9+r12*8], 0
+        je L157
+L149:
+        mov r9d, dword ptr [8+r13]
+        xor edx, edx
+        test r9d, r9d
+        cmovne edx, ecx
+        mov dword ptr [r13], edx
+        add rsp, 520+32			; +32 for "home" storage
+        pop rbx
+        pop r12
+        pop r13
+        pop rbp
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_mul_comba_32 ENDP
+
+
+; void s_mp_sqr_comba_4(const mp_int *A, mp_int *B);
+
+        ALIGN 16
+s_mp_sqr_comba_4 PROC
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+
+        push rbp
+        push rbx
+        sub rsp, 80
+        mov r11, rsi
+        xor esi, esi
+        mov r10, rsi
+        mov rbp, rsi
+        mov r8, rsi
+        mov rbx, rsi
+        mov rcx, qword ptr [16+rdi]
+        mov rdi, rsi
+        mov rax, qword ptr [rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc rdi, 0
+        mov qword ptr [-72+80+rsp], r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [8+rcx]
+        add rbx, rax
+        adc rdi, rdx
+        adc rbp, 0
+        add rbx, rax
+        adc rdi, rdx
+        adc rbp, 0
+        mov qword ptr [-64+80+rsp], rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [16+rcx]
+        add rdi, rax
+        adc rbp, rdx
+        adc r8, 0
+        add rdi, rax
+        adc rbp, rdx
+        adc r8, 0
+        mov rbx, rbp
+        mov rbp, r8
+        mov rax, qword ptr [8+rcx]
+        mul rax
+        add rdi, rax
+        adc rbx, rdx
+        adc rbp, 0
+        mov qword ptr [-56+80+rsp], rdi
+        mov r9, rbp
+        mov r8, rbx
+        mov rdi, rsi
+        mov rax, qword ptr [rcx]
+        mul qword ptr [24+rcx]
+        add r8, rax
+        adc r9, rdx
+        adc rdi, 0
+        add r8, rax
+        adc r9, rdx
+        adc rdi, 0
+        mov rbx, r9
+        mov rbp, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [16+rcx]
+        add r8, rax
+        adc rbx, rdx
+        adc rbp, 0
+        add r8, rax
+        adc rbx, rdx
+        adc rbp, 0
+        mov qword ptr [-48+80+rsp], r8
+        mov r9, rbp
+        mov rdi, rbx
+        mov r8, rsi
+        mov dword ptr [8+r11], 8
+        mov dword ptr [r11], 0
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [24+rcx]
+        add rdi, rax
+        adc r9, rdx
+        adc r8, 0
+        add rdi, rax
+        adc r9, rdx
+        adc r8, 0
+        mov rbx, r9
+        mov rbp, r8
+        mov rax, qword ptr [16+rcx]
+        mul rax
+        add rdi, rax
+        adc rbx, rdx
+        adc rbp, 0
+        mov rax, rbp
+        mov qword ptr [-40+80+rsp], rdi
+        mov rbp, rbx
+        mov rdi, rax
+        mov rbx, rsi
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [24+rcx]
+        add rbp, rax
+        adc rdi, rdx
+        adc rbx, 0
+        add rbp, rax
+        adc rdi, rdx
+        adc rbx, 0
+        mov qword ptr [-32+80+rsp], rbp
+        mov r9, rbx
+        mov rax, qword ptr [24+rcx]
+        mul rax
+        add rdi, rax
+        adc r9, rdx
+        adc rsi, 0
+        mov rdx, qword ptr [16+r11]
+        mov qword ptr [-24+80+rsp], rdi
+        mov qword ptr [-16+80+rsp], r9
+        mov qword ptr [rdx], r10
+        mov r8, qword ptr [-64+80+rsp]
+        mov qword ptr [8+rdx], r8
+        mov rbp, qword ptr [-56+80+rsp]
+        mov qword ptr [16+rdx], rbp
+        mov rdi, qword ptr [-48+80+rsp]
+        mov qword ptr [24+rdx], rdi
+        mov rsi, qword ptr [-40+80+rsp]
+        mov qword ptr [32+rdx], rsi
+        mov rbx, qword ptr [-32+80+rsp]
+        mov qword ptr [40+rdx], rbx
+        mov rcx, qword ptr [-24+80+rsp]
+        mov qword ptr [48+rdx], rcx
+        mov rax, qword ptr [-16+80+rsp]
+        mov qword ptr [56+rdx], rax
+        mov edx, dword ptr [8+r11]
+        test edx, edx
+        je L168
+        lea ecx, dword ptr [-1+rdx]
+        mov rsi, qword ptr [16+r11]
+        mov r10d, ecx
+        cmp dword ptr [rsi+r10*8], 0
+        jne L166
+        mov edx, ecx
+        ALIGN 16
+L167:
+        test edx, edx
+        mov ecx, edx
+        je L171
+        dec edx
+        mov eax, edx
+        cmp dword ptr [rsi+rax*8], 0
+        je L167
+        mov dword ptr [8+r11], ecx
+        mov edx, ecx
+L166:
+        test edx, edx
+        je L168
+        mov eax, dword ptr [r11]
+        jmp L169
+
+L171:
+        mov dword ptr [8+r11], edx
+L168:
+        xor eax, eax
+L169:
+        add rsp, 80
+        pop rbx
+        pop rbp
+        mov dword ptr [r11], eax
+
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_sqr_comba_4 ENDP
+
+
+; void s_mp_sqr_comba_8(const mp_int *A, mp_int *B);
+
+        ALIGN 16
+s_mp_sqr_comba_8 PROC
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+        mov rdx, r8
+        mov rcx, r9
+
+        push r14
+        xor r9d, r9d
+        mov r14, r9
+        mov r10, r9
+        push r13
+        mov r13, r9
+        push r12
+        mov r12, r9
+        push rbp
+        mov rbp, rsi
+        mov rsi, r9
+        push rbx
+        mov rbx, r9
+        sub rsp, 8+128
+        mov rcx, qword ptr [16+rdi]
+        mov rax, qword ptr [rcx]
+        mul rax
+        add r14, rax
+        adc rbx, rdx
+        adc r12, 0
+        mov qword ptr [-120+128+rsp], r14
+        mov rax, qword ptr [rcx]
+        mul qword ptr [8+rcx]
+        add rbx, rax
+        adc r12, rdx
+        adc r10, 0
+        add rbx, rax
+        adc r12, rdx
+        adc r10, 0
+        mov qword ptr [-112+128+rsp], rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [16+rcx]
+        add r12, rax
+        adc r10, rdx
+        adc r13, 0
+        add r12, rax
+        adc r10, rdx
+        adc r13, 0
+        mov rbx, r10
+        mov r10, r13
+        mov r13, r9
+        mov rax, qword ptr [8+rcx]
+        mul rax
+        add r12, rax
+        adc rbx, rdx
+        adc r10, 0
+        mov qword ptr [-104+128+rsp], r12
+        mov rdi, r10
+        mov r11, rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [24+rcx]
+        add r11, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r11, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, rdi
+        mov r10, rsi
+        mov rdi, r9
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [16+rcx]
+        add r11, rax
+        adc rbx, rdx
+        adc r10, 0
+        add r11, rax
+        adc rbx, rdx
+        adc r10, 0
+        mov rsi, r9
+        mov qword ptr [-96+128+rsp], r11
+        mov r8, r10
+        mov r12, rbx
+        mov r11, r9
+        mov rax, qword ptr [rcx]
+        mul qword ptr [32+rcx]
+        add r12, rax
+        adc r8, rdx
+        adc r13, 0
+        add r12, rax
+        adc r8, rdx
+        adc r13, 0
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [24+rcx]
+        add r12, rax
+        adc r8, rdx
+        adc r13, 0
+        add r12, rax
+        adc r8, rdx
+        adc r13, 0
+        mov rbx, r8
+        mov r10, r13
+        mov r8, r9
+        mov rax, qword ptr [16+rcx]
+        mul rax
+        add r12, rax
+        adc rbx, rdx
+        adc r10, 0
+        mov qword ptr [-88+128+rsp], r12
+        mov rax, qword ptr [rcx]
+        mul qword ptr [40+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [24+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add rbx, r8
+        adc r10, rdi
+        adc r11, rsi
+        add rbx, r8
+        adc r10, rdi
+        adc r11, rsi
+        mov qword ptr [-80+128+rsp], rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [48+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        mov rdx, rax
+        mov rbx, r11
+        mov rdi, r13
+        mov r11, rdx
+        mov rsi, r12
+        mov rax, qword ptr [24+rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-72+128+rsp], r10
+        mov r10, r11
+        mov rax, qword ptr [rcx]
+        mul qword ptr [56+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        add rbx, r8
+        adc r10, rdi
+        adc rax, rsi
+        add rbx, r8
+        adc r10, rdi
+        adc rax, rsi
+        mov qword ptr [-64+128+rsp], rbx
+        mov r11, rax
+        mov rbx, r9
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [56+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        mov rsi, rbx
+        mov rdi, r13
+        mov rbx, r11
+        mov r13, r12
+        mov r11, rsi
+        mov rax, qword ptr [32+rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-56+128+rsp], r10
+        mov r10, r9
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [56+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor r13, r13
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc r13, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc r13, 0
+        mov r12, rdi
+        mov rax, r13
+        add rbx, r8
+        adc r11, r12
+        adc r10, rax
+        add rbx, r8
+        adc r11, r12
+        adc r10, rax
+        mov qword ptr [-48+128+rsp], rbx
+        mov r12, r11
+        mov rsi, r10
+        mov rbx, r9
+        mov r11, r9
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [56+rcx]
+        add r12, rax
+        adc rsi, rdx
+        adc rbx, 0
+        add r12, rax
+        adc rsi, rdx
+        adc rbx, 0
+        mov r13, rbx
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [48+rcx]
+        add r12, rax
+        adc rsi, rdx
+        adc r13, 0
+        add r12, rax
+        adc rsi, rdx
+        adc r13, 0
+        mov r10, rsi
+        mov rbx, r13
+        mov r13, r9
+        mov rax, qword ptr [40+rcx]
+        mul rax
+        add r12, rax
+        adc r10, rdx
+        adc rbx, 0
+        mov qword ptr [-40+128+rsp], r12
+        mov r8, rbx
+        mov rdi, r10
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [56+rcx]
+        add rdi, rax
+        adc r8, rdx
+        adc r11, 0
+        add rdi, rax
+        adc r8, rdx
+        adc r11, 0
+        mov r10, r8
+        mov rbx, r11
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [48+rcx]
+        add rdi, rax
+        adc r10, rdx
+        adc rbx, 0
+        add rdi, rax
+        adc r10, rdx
+        adc rbx, 0
+        mov qword ptr [-32+128+rsp], rdi
+        mov rsi, rbx
+        mov r12, r10
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [56+rcx]
+        add r12, rax
+        adc rsi, rdx
+        adc r13, 0
+        add r12, rax
+        adc rsi, rdx
+        adc r13, 0
+        mov r10, rsi
+        mov rbx, r13
+        mov rax, qword ptr [48+rcx]
+        mul rax
+        add r12, rax
+        adc r10, rdx
+        adc rbx, 0
+        mov qword ptr [-24+128+rsp], r12
+        mov rdi, r10
+        mov rsi, rbx
+        mov r10, r9
+        mov dword ptr [8+rbp], 16
+        mov dword ptr [rbp], 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [56+rcx]
+        add rdi, rax
+        adc rsi, rdx
+        adc r10, 0
+        add rdi, rax
+        adc rsi, rdx
+        adc r10, 0
+        mov qword ptr [-16+128+rsp], rdi
+        mov r8, r10
+        mov rax, qword ptr [56+rcx]
+        mul rax
+        add rsi, rax
+        adc r8, rdx
+        adc r9, 0
+        mov rax, qword ptr [16+rbp]
+        mov qword ptr [-8+128+rsp], rsi
+        mov qword ptr [128+rsp], r8
+        mov qword ptr [rax], r14
+        mov rbx, qword ptr [-112+128+rsp]
+        mov qword ptr [8+rax], rbx
+        mov rcx, qword ptr [-104+128+rsp]
+        mov qword ptr [16+rax], rcx
+        mov rdx, qword ptr [-96+128+rsp]
+        mov qword ptr [24+rax], rdx
+        mov r14, qword ptr [-88+128+rsp]
+        mov qword ptr [32+rax], r14
+        mov r13, qword ptr [-80+128+rsp]
+        mov qword ptr [40+rax], r13
+        mov r12, qword ptr [-72+128+rsp]
+        mov qword ptr [48+rax], r12
+        mov r11, qword ptr [-64+128+rsp]
+        mov qword ptr [56+rax], r11
+        mov r10, qword ptr [-56+128+rsp]
+        mov qword ptr [64+rax], r10
+        mov r9, qword ptr [-48+128+rsp]
+        mov qword ptr [72+rax], r9
+        mov r8, qword ptr [-40+128+rsp]
+        mov qword ptr [80+rax], r8
+        mov rdi, qword ptr [-32+128+rsp]
+        mov qword ptr [88+rax], rdi
+        mov rsi, qword ptr [-24+128+rsp]
+        mov qword ptr [96+rax], rsi
+        mov rbx, qword ptr [-16+128+rsp]
+        mov qword ptr [104+rax], rbx
+        mov rcx, qword ptr [-8+128+rsp]
+        mov qword ptr [112+rax], rcx
+        mov rdx, qword ptr [128+rsp]
+        mov qword ptr [120+rax], rdx
+        mov edx, dword ptr [8+rbp]
+        test edx, edx
+        je L192
+        lea ecx, dword ptr [-1+rdx]
+        mov rsi, qword ptr [16+rbp]
+        mov r14d, ecx
+        cmp dword ptr [rsi+r14*8], 0
+        jne L190
+        mov edx, ecx
+        ALIGN 16
+L191:
+        test edx, edx
+        mov ecx, edx
+        je L195
+        dec edx
+        mov r9d, edx
+        cmp dword ptr [rsi+r9*8], 0
+        je L191
+        mov dword ptr [8+rbp], ecx
+        mov edx, ecx
+L190:
+        test edx, edx
+        je L192
+        mov eax, dword ptr [rbp]
+        jmp L193
+
+L195:
+        mov dword ptr [8+rbp], edx
+L192:
+        xor eax, eax
+L193:
+        mov dword ptr [rbp], eax
+        add rsp, 8+128
+        pop rbx
+        pop rbp
+        pop r12
+        pop r13
+        pop r14
+
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_sqr_comba_8 ENDP
+
+
+; void s_mp_sqr_comba_16(const mp_int *A, mp_int *B)
+
+        ALIGN 16
+s_mp_sqr_comba_16 PROC ; A "FRAME" function
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+
+        push rbp
+        xor r9d, r9d
+        mov r8, r9
+        mov r11, r9
+        mov rbp, rsp
+        push r14
+        mov r14, rsi
+        mov rsi, r9
+        push r13
+        mov r13, r9
+        push r12
+        mov r12, r9
+        push rbx
+        mov rbx, r9
+        sub rsp, 256+32			; +32 for "home" storage
+        mov rcx, qword ptr [16+rdi]
+        mov rax, qword ptr [rcx]
+        mul rax
+        add r8, rax
+        adc rbx, rdx
+        adc rsi, 0
+        mov qword ptr [-288+rbp], r8
+        mov rax, qword ptr [rcx]
+        mul qword ptr [8+rcx]
+        add rbx, rax
+        adc rsi, rdx
+        adc r12, 0
+        add rbx, rax
+        adc rsi, rdx
+        adc r12, 0
+        mov qword ptr [-280+rbp], rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [16+rcx]
+        add rsi, rax
+        adc r12, rdx
+        adc r13, 0
+        add rsi, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rbx, r12
+        mov r10, r13
+        mov rax, qword ptr [8+rcx]
+        mul rax
+        add rsi, rax
+        adc rbx, rdx
+        adc r10, 0
+        mov qword ptr [-272+rbp], rsi
+        mov rdi, r10
+        mov rsi, r9
+        mov r10, rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [24+rcx]
+        add r10, rax
+        adc rdi, rdx
+        adc r11, 0
+        add r10, rax
+        adc rdi, rdx
+        adc r11, 0
+        mov r12, rdi
+        mov rbx, r11
+        mov rdi, r9
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [16+rcx]
+        add r10, rax
+        adc r12, rdx
+        adc rbx, 0
+        add r10, rax
+        adc r12, rdx
+        adc rbx, 0
+        mov r11, r9
+        mov qword ptr [-264+rbp], r10
+        mov r8, rbx
+        mov r13, r12
+        mov r12, r9
+        mov rax, qword ptr [rcx]
+        mul qword ptr [32+rcx]
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [24+rcx]
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        mov rbx, r8
+        mov r10, r12
+        mov r8, r9
+        mov rax, qword ptr [16+rcx]
+        mul rax
+        add r13, rax
+        adc rbx, rdx
+        adc r10, 0
+        mov qword ptr [-256+rbp], r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [40+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [24+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add rbx, r8
+        adc r10, rdi
+        adc r11, rsi
+        add rbx, r8
+        adc r10, rdi
+        adc r11, rsi
+        mov qword ptr [-248+rbp], rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [48+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        mov rdx, rax
+        mov rbx, r11
+        mov rdi, r13
+        mov r11, rdx
+        mov rsi, r12
+        mov rax, qword ptr [24+rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-240+rbp], r10
+        mov r10, r11
+        mov rax, qword ptr [rcx]
+        mul qword ptr [56+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r9
+        add rbx, r8
+        adc r10, rdi
+        adc rdx, rsi
+        add rbx, r8
+        adc r10, rdi
+        adc rdx, rsi
+        mov r11, rdx
+        mov qword ptr [-232+rbp], rbx
+        mov rbx, r9
+        mov rax, qword ptr [rcx]
+        mul qword ptr [64+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        mov rax, qword ptr [32+rcx]
+        mul rax
+        add r10, rax
+        adc r11, rdx
+        adc rbx, 0
+        mov rdi, r13
+        mov qword ptr [-224+rbp], r10
+        mov rsi, r12
+        mov r10, rbx
+        mov r12, r9
+        mov rax, qword ptr [rcx]
+        mul qword ptr [72+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r11, r8
+        adc r10, rdi
+        adc r12, rsi
+        add r11, r8
+        adc r10, rdi
+        adc r12, rsi
+        mov qword ptr [-216+rbp], r11
+        mov rbx, r12
+        mov rax, qword ptr [rcx]
+        mul qword ptr [80+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc rbx, r13
+        adc rax, r12
+        add r10, r8
+        adc rbx, r13
+        adc rax, r12
+        mov rdx, rax
+        mov r11, rbx
+        mov rdi, r13
+        mov rbx, rdx
+        mov rsi, r12
+        mov rax, qword ptr [40+rcx]
+        mul rax
+        add r10, rax
+        adc r11, rdx
+        adc rbx, 0
+        mov qword ptr [-208+rbp], r10
+        mov r10, rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [88+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r9
+        add r11, r8
+        adc r10, rdi
+        adc rdx, rsi
+        add r11, r8
+        adc r10, rdi
+        adc rdx, rsi
+        mov r13, rdx
+        mov qword ptr [-200+rbp], r11
+        mov r12, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [96+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov rdx, rdi
+        mov r11, rsi
+        add r10, r8
+        adc r12, rdx
+        adc rax, r11
+        add r10, r8
+        adc r12, rdx
+        adc rax, r11
+        mov rbx, rdx
+        mov r13, rax
+        mov rsi, r11
+        mov rax, qword ptr [48+rcx]
+        mul rax
+        add r10, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rdi, rbx
+        mov qword ptr [-192+rbp], r10
+        mov r10, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [104+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r9
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r12, r8
+        adc r10, rdi
+        adc r13, rsi
+        add r12, r8
+        adc r10, rdi
+        adc r13, rsi
+        mov qword ptr [-184+rbp], r12
+        mov r12, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [112+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov rbx, rdi
+        mov rdx, rsi
+        add r10, r8
+        adc r12, rbx
+        adc rax, rdx
+        add r10, r8
+        adc r12, rbx
+        adc rax, rdx
+        mov r11, rdx
+        mov r13, rax
+        mov rdi, rbx
+        mov rax, qword ptr [56+rcx]
+        mul rax
+        add r10, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-176+rbp], r10
+        mov r10, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r9
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r12, r8
+        adc r10, rdi
+        adc r13, rsi
+        add r12, r8
+        adc r10, rdi
+        adc r13, rsi
+        mov qword ptr [-168+rbp], r12
+        mov r12, r13
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov rbx, rdi
+        mov rdx, rsi
+        add r10, r8
+        adc r12, rbx
+        adc rax, rdx
+        add r10, r8
+        adc r12, rbx
+        adc rax, rdx
+        mov r11, rdx
+        mov r13, rax
+        mov rdi, rbx
+        mov rax, qword ptr [64+rcx]
+        mul rax
+        add r10, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-160+rbp], r10
+        mov r11, r9
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r10, r13
+        mov rbx, r9
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r12, r8
+        adc r10, rdi
+        adc r11, rsi
+        add r12, r8
+        adc r10, rdi
+        adc r11, rsi
+        mov qword ptr [-152+rbp], r12
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        mov rdx, rbx
+        mov rdi, r13
+        mov rbx, r11
+        mov rsi, r12
+        mov r11, rdx
+        mov r12, r9
+        mov rax, qword ptr [72+rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-144+rbp], r10
+        mov r10, r11
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add rbx, r8
+        adc r10, rdi
+        adc r12, rsi
+        add rbx, r8
+        adc r10, rdi
+        adc r12, rsi
+        mov qword ptr [-136+rbp], rbx
+        mov r11, r12
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        mov rdx, rax
+        mov rbx, r11
+        mov rdi, r13
+        mov r11, rdx
+        mov rsi, r12
+        mov rax, qword ptr [80+rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-128+rbp], r10
+        mov r10, r11
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r9
+        add rbx, r8
+        adc r10, rdi
+        adc rdx, rsi
+        add rbx, r8
+        adc r10, rdi
+        adc rdx, rsi
+        mov qword ptr [-120+rbp], rbx
+        mov r11, rdx
+        mov rbx, r9
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        add r10, r8
+        adc r11, r13
+        adc rbx, r12
+        mov rdx, rbx
+        mov rdi, r13
+        mov rbx, r11
+        mov rsi, r12
+        mov r11, rdx
+        mov r12, r9
+        mov rax, qword ptr [88+rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-112+rbp], r10
+        mov r10, r11
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add rbx, r8
+        adc r10, rdi
+        adc r12, rsi
+        add rbx, r8
+        adc r10, rdi
+        adc r12, rsi
+        mov qword ptr [-104+rbp], rbx
+        mov r11, r12
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r9
+        mov r13, rdi
+        mov r12, rsi
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        add r10, r8
+        adc r11, r13
+        adc rax, r12
+        mov rdx, rax
+        mov rbx, r11
+        mov rdi, r13
+        mov r11, rdx
+        mov rsi, r12
+        mov rax, qword ptr [96+rcx]
+        mul rax
+        add r10, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-96+rbp], r10
+        mov r10, r9
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r12, rdi
+        mov rax, rsi
+        mov rsi, r9
+        add rbx, r8
+        adc r11, r12
+        adc r10, rax
+        add rbx, r8
+        adc r11, r12
+        adc r10, rax
+        mov r12, r9
+        mov qword ptr [-88+rbp], rbx
+        mov r13, r11
+        mov r11, r10
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [120+rcx]
+        add r13, rax
+        adc r11, rdx
+        adc r12, 0
+        add r13, rax
+        adc r11, rdx
+        adc r12, 0
+        mov rdi, r12
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [112+rcx]
+        add r13, rax
+        adc r11, rdx
+        adc rdi, 0
+        add r13, rax
+        adc r11, rdx
+        adc rdi, 0
+        mov rbx, r11
+        mov r10, rdi
+        mov r11, r9
+        mov rax, qword ptr [104+rcx]
+        mul rax
+        add r13, rax
+        adc rbx, rdx
+        adc r10, 0
+        mov qword ptr [-80+rbp], r13
+        mov r8, r10
+        mov r10, rbx
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [120+rcx]
+        add r10, rax
+        adc r8, rdx
+        adc rsi, 0
+        add r10, rax
+        adc r8, rdx
+        adc rsi, 0
+        mov r12, r8
+        mov rbx, rsi
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [112+rcx]
+        add r10, rax
+        adc r12, rdx
+        adc rbx, 0
+        add r10, rax
+        adc r12, rdx
+        adc rbx, 0
+        mov qword ptr [-72+rbp], r10
+        mov r13, rbx
+        mov rbx, r12
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [120+rcx]
+        add rbx, rax
+        adc r13, rdx
+        adc r11, 0
+        add rbx, rax
+        adc r13, rdx
+        adc r11, 0
+        mov r12, r11
+        mov r10, r13
+        mov rax, qword ptr [112+rcx]
+        mul rax
+        add rbx, rax
+        adc r10, rdx
+        adc r12, 0
+        mov qword ptr [-64+rbp], rbx
+        mov rdi, r10
+        mov rbx, r9
+        mov rsi, r12
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [120+rcx]
+        add rdi, rax
+        adc rsi, rdx
+        adc rbx, 0
+        add rdi, rax
+        adc rsi, rdx
+        adc rbx, 0
+        mov qword ptr [-56+rbp], rdi
+        mov r8, rbx
+        mov rax, qword ptr [120+rcx]
+        mul rax
+        add rsi, rax
+        adc r8, rdx
+        adc r9, 0
+        mov qword ptr [-48+rbp], rsi
+        mov qword ptr [-40+rbp], r8
+        mov dword ptr [8+r14], 32
+        mov dword ptr [r14], 0
+;        mov rdi, qword ptr [16+r14]
+;        lea rsi, qword ptr [-288+rbp]
+;        mov edx, 256
+        mov rcx, qword ptr [16+r14]
+        lea rdx, qword ptr [-288+rbp]
+        mov r8d, 256
+        call memcpy
+        mov edx, dword ptr [8+r14]
+        test edx, edx
+        je L232
+        lea ecx, dword ptr [-1+rdx]
+        mov rsi, qword ptr [16+r14]
+        mov r9d, ecx
+        cmp dword ptr [rsi+r9*8], 0
+        jne L230
+        mov edx, ecx
+        ALIGN 16
+L231:
+        test edx, edx
+        mov ecx, edx
+        je L235
+        dec edx
+        mov eax, edx
+        cmp dword ptr [rsi+rax*8], 0
+        je L231
+        mov dword ptr [8+r14], ecx
+        mov edx, ecx
+L230:
+        test edx, edx
+        je L232
+        mov eax, dword ptr [r14]
+        jmp L233
+
+L235:
+        mov dword ptr [8+r14], edx
+L232:
+        xor eax, eax
+L233:
+        mov dword ptr [r14], eax
+        add rsp, 256+32			; +32 for "home" storage
+        pop rbx
+        pop r12
+        pop r13
+        pop r14
+        pop rbp
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_sqr_comba_16 ENDP
+
+
+; void s_mp_sqr_comba_32(const mp_int *A, mp_int *B);
+
+        ALIGN 16
+s_mp_sqr_comba_32 PROC ; A "FRAME" function
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+
+        push rbp
+        xor r10d, r10d
+        mov r8, r10
+        mov r11, r10
+        mov rbp, rsp
+        push r14
+        mov r14, rsi
+        mov rsi, r10
+        push r13
+        mov r13, r10
+        push r12
+        mov r12, r10
+        push rbx
+        mov rbx, r10
+        sub rsp, 512+32			; +32 for "home" storage
+        mov rcx, qword ptr [16+rdi]
+        mov rax, qword ptr [rcx]
+        mul rax
+        add r8, rax
+        adc rbx, rdx
+        adc rsi, 0
+        mov qword ptr [-544+rbp], r8
+        mov rax, qword ptr [rcx]
+        mul qword ptr [8+rcx]
+        add rbx, rax
+        adc rsi, rdx
+        adc r12, 0
+        add rbx, rax
+        adc rsi, rdx
+        adc r12, 0
+        mov qword ptr [-536+rbp], rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [16+rcx]
+        add rsi, rax
+        adc r12, rdx
+        adc r13, 0
+        add rsi, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rbx, r12
+        mov r9, r13
+        mov rax, qword ptr [8+rcx]
+        mul rax
+        add rsi, rax
+        adc rbx, rdx
+        adc r9, 0
+        mov qword ptr [-528+rbp], rsi
+        mov rdi, r9
+        mov rsi, r10
+        mov r9, rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [24+rcx]
+        add r9, rax
+        adc rdi, rdx
+        adc r11, 0
+        add r9, rax
+        adc rdi, rdx
+        adc r11, 0
+        mov r12, rdi
+        mov r13, r11
+        mov rdi, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [16+rcx]
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov r11, r10
+        mov qword ptr [-520+rbp], r9
+        mov r8, r13
+        mov r13, r12
+        mov r12, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [32+rcx]
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [24+rcx]
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        add r13, rax
+        adc r8, rdx
+        adc r12, 0
+        mov rbx, r8
+        mov r9, r12
+        mov r8, r10
+        mov rax, qword ptr [16+rcx]
+        mul rax
+        add r13, rax
+        adc rbx, rdx
+        adc r9, 0
+        mov qword ptr [-512+rbp], r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [40+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [24+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add rbx, r8
+        adc r9, rdi
+        adc r11, rsi
+        add rbx, r8
+        adc r9, rdi
+        adc r11, rsi
+        mov qword ptr [-504+rbp], rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [48+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r10
+        mov r13, rdi
+        mov r12, rsi
+        add r9, r8
+        adc r11, r13
+        adc rax, r12
+        add r9, r8
+        adc r11, r13
+        adc rax, r12
+        mov rdx, rax
+        mov rbx, r11
+        mov rdi, r13
+        mov r11, rdx
+        mov rsi, r12
+        mov rax, qword ptr [24+rcx]
+        mul rax
+        add r9, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-496+rbp], r9
+        mov r9, r11
+        mov rax, qword ptr [rcx]
+        mul qword ptr [56+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [32+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r10
+        add rbx, r8
+        adc r9, rdi
+        adc rdx, rsi
+        add rbx, r8
+        adc r9, rdi
+        adc rdx, rsi
+        mov r11, rdx
+        mov qword ptr [-488+rbp], rbx
+        mov rbx, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [64+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r13, rdi
+        mov r12, rsi
+        add r9, r8
+        adc r11, r13
+        adc rbx, r12
+        add r9, r8
+        adc r11, r13
+        adc rbx, r12
+        mov rax, qword ptr [32+rcx]
+        mul rax
+        add r9, rax
+        adc r11, rdx
+        adc rbx, 0
+        mov rdi, r13
+        mov qword ptr [-480+rbp], r9
+        mov rsi, r12
+        mov r9, rbx
+        mov r12, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [72+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [40+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r11, r8
+        adc r9, rdi
+        adc r12, rsi
+        add r11, r8
+        adc r9, rdi
+        adc r12, rsi
+        mov qword ptr [-472+rbp], r11
+        mov rbx, r12
+        mov rax, qword ptr [rcx]
+        mul qword ptr [80+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r10
+        mov r13, rdi
+        mov r12, rsi
+        add r9, r8
+        adc rbx, r13
+        adc rax, r12
+        add r9, r8
+        adc rbx, r13
+        adc rax, r12
+        mov rdx, rax
+        mov r11, rbx
+        mov rdi, r13
+        mov rbx, rdx
+        mov rsi, r12
+        mov rax, qword ptr [40+rcx]
+        mul rax
+        add r9, rax
+        adc r11, rdx
+        adc rbx, 0
+        mov qword ptr [-464+rbp], r9
+        mov r9, rbx
+        mov rax, qword ptr [rcx]
+        mul qword ptr [88+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [48+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r10
+        add r11, r8
+        adc r9, rdi
+        adc rdx, rsi
+        add r11, r8
+        adc r9, rdi
+        adc rdx, rsi
+        mov r13, rdx
+        mov qword ptr [-456+rbp], r11
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [96+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, rdi
+        mov r11, rsi
+        add r9, r8
+        adc r12, rax
+        adc r13, r11
+        add r9, r8
+        adc r12, rax
+        adc r13, r11
+        mov rbx, rax
+        mov rsi, r11
+        mov rax, qword ptr [48+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rdi, rbx
+        mov qword ptr [-448+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [104+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [56+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r12, r8
+        adc r9, rdi
+        adc r13, rsi
+        add r12, r8
+        adc r9, rdi
+        adc r13, rsi
+        mov qword ptr [-440+rbp], r12
+        mov r12, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [112+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r13
+        mov rbx, rdi
+        mov r13, rsi
+        add r9, r8
+        adc rdx, rbx
+        adc r12, r13
+        add r9, r8
+        adc rdx, rbx
+        adc r12, r13
+        mov rax, r12
+        mov r11, r13
+        mov r12, rdx
+        mov r13, rax
+        mov rdi, rbx
+        mov rsi, r11
+        mov rax, qword ptr [56+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov qword ptr [-432+rbp], r9
+        mov r9, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [120+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [64+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r8
+        mov rdx, rdi
+        mov rbx, rsi
+        add r12, rax
+        adc r9, rdx
+        adc r13, rbx
+        add r12, rax
+        adc r9, rdx
+        adc r13, rbx
+        mov qword ptr [-424+rbp], r12
+        mov r8, rdx
+        mov rsi, rax
+        mov rdi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [128+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [104+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [96+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [88+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [80+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [72+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [64+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-416+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [136+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [128+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [120+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [72+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, r8
+        mov rax, rdi
+        mov rdx, rsi
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        mov qword ptr [-408+rbp], r12
+        mov rdi, rdx
+        mov r8, rax
+        mov rsi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [144+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [104+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [96+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [88+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [80+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [72+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-400+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [152+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [144+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [136+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [128+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [120+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [80+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, r8
+        mov rax, rdi
+        mov rdx, rsi
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        mov qword ptr [-392+rbp], r12
+        mov rdi, rdx
+        mov r8, rax
+        mov rsi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [160+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [104+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [96+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [88+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [80+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-384+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [168+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [160+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [152+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [144+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [136+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [128+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [120+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [88+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, r8
+        mov rax, rdi
+        mov rdx, rsi
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        mov qword ptr [-376+rbp], r12
+        mov rdi, rdx
+        mov r8, rax
+        mov rsi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [176+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [104+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [96+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [88+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-368+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [184+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [176+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [168+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [160+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [152+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [144+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [136+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [128+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [120+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [112+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [104+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [96+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, r8
+        mov rax, rdi
+        mov rdx, rsi
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        mov rdi, rdx
+        mov qword ptr [-360+rbp], r12
+        mov r8, rax
+        mov rsi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [192+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [104+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rbx, r8
+        mov rax, rdi
+        add r9, rsi
+        adc r12, rbx
+        adc r13, rax
+        add r9, rsi
+        adc r12, rbx
+        adc r13, rax
+        mov r11, rax
+        mov r8, rbx
+        mov rax, qword ptr [96+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rdi, r11
+        mov qword ptr [-352+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [rcx]
+        mul qword ptr [200+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov r13, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [104+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        mov qword ptr [-344+rbp], r12
+        mov r12, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [208+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rdx, r13
+        mov rbx, r8
+        mov r13, rdi
+        add r9, rsi
+        adc rdx, rbx
+        adc r12, r13
+        add r9, rsi
+        adc rdx, rbx
+        adc r12, r13
+        mov rax, r12
+        mov r11, r13
+        mov r12, rdx
+        mov r13, rax
+        mov r8, rbx
+        mov rdi, r11
+        mov rax, qword ptr [104+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov qword ptr [-336+rbp], r9
+        mov r9, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [216+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [112+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        mov qword ptr [-328+rbp], r12
+        mov rax, qword ptr [rcx]
+        mul qword ptr [224+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, r13
+        mov rdx, r10
+        mov rbx, r8
+        mov r12, rdi
+        add r9, rsi
+        adc rax, rbx
+        adc rdx, r12
+        add r9, rsi
+        adc rax, rbx
+        adc rdx, r12
+        mov rdi, rdx
+        mov r11, r12
+        mov r8, rbx
+        mov r12, rax
+        mov r13, rdi
+        mov rdi, r11
+        mov rax, qword ptr [112+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov qword ptr [-320+rbp], r9
+        mov rbx, r13
+        mov r9, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [232+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [120+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        add r12, rsi
+        adc rbx, r8
+        adc r9, rdi
+        add r12, rsi
+        adc rbx, r8
+        adc r9, rdi
+        mov qword ptr [-312+rbp], r12
+        mov r13, r9
+        mov rax, qword ptr [rcx]
+        mul qword ptr [240+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, r10
+        mov r11, r8
+        mov rdx, rdi
+        add rbx, rsi
+        adc r13, r11
+        adc rax, rdx
+        add rbx, rsi
+        adc r13, r11
+        adc rax, rdx
+        mov r9, rdx
+        mov rdx, rax
+        mov r12, r13
+        mov r8, r11
+        mov r13, rdx
+        mov rdi, r9
+        mov rax, qword ptr [120+rcx]
+        mul rax
+        add rbx, rax
+        adc r12, rdx
+        adc r13, 0
+        mov qword ptr [-304+rbp], rbx
+        mov rbx, r13
+        mov r13, r10
+        mov rax, qword ptr [rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [128+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        add r12, rsi
+        adc rbx, r8
+        adc r13, rdi
+        add r12, rsi
+        adc rbx, r8
+        adc r13, rdi
+        mov qword ptr [-296+rbp], r12
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [8+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov r11, r8
+        mov rax, rdi
+        add rbx, rsi
+        adc r12, r11
+        adc r13, rax
+        add rbx, rsi
+        adc r12, r11
+        adc r13, rax
+        mov r9, rax
+        mov r8, r11
+        mov rax, qword ptr [128+rcx]
+        mul rax
+        add rbx, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rdi, r9
+        mov qword ptr [-288+rbp], rbx
+        mov r9, r13
+        mov rax, qword ptr [16+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov r13, r10
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [136+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        mov qword ptr [-280+rbp], r12
+        mov r12, r10
+        mov rax, qword ptr [24+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rdx, r13
+        mov rbx, r8
+        mov r13, rdi
+        add r9, rsi
+        adc rdx, rbx
+        adc r12, r13
+        add r9, rsi
+        adc rdx, rbx
+        adc r12, r13
+        mov rax, r12
+        mov r11, r13
+        mov r12, rdx
+        mov r13, rax
+        mov r8, rbx
+        mov rdi, r11
+        mov rax, qword ptr [136+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov qword ptr [-272+rbp], r9
+        mov r9, r13
+        mov r13, r10
+        mov rax, qword ptr [32+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [144+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        add r12, rsi
+        adc r9, r8
+        adc r13, rdi
+        mov qword ptr [-264+rbp], r12
+        mov rax, qword ptr [40+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, r13
+        mov rdx, r10
+        mov rbx, r8
+        mov r12, rdi
+        add r9, rsi
+        adc rax, rbx
+        adc rdx, r12
+        add r9, rsi
+        adc rax, rbx
+        adc rdx, r12
+        mov rdi, rdx
+        mov r11, r12
+        mov r8, rbx
+        mov r12, rax
+        mov r13, rdi
+        mov rdi, r11
+        mov rax, qword ptr [144+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov r11, r10
+        mov qword ptr [-256+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [48+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [152+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        add r12, rsi
+        adc r9, r8
+        adc r11, rdi
+        add r12, rsi
+        adc r9, r8
+        adc r11, rdi
+        mov qword ptr [-248+rbp], r12
+        mov r13, r11
+        mov rax, qword ptr [56+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [160+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, r10
+        mov rdx, rsi
+        mov rbx, r8
+        mov r12, rdi
+        add r9, rdx
+        adc r13, rbx
+        adc rax, r12
+        add r9, rdx
+        adc r13, rbx
+        adc rax, r12
+        mov r11, r12
+        mov r8, rdx
+        mov rdx, rax
+        mov r12, r13
+        mov rdi, rbx
+        mov r13, rdx
+        mov rsi, r11
+        mov rax, qword ptr [152+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov qword ptr [-240+rbp], r9
+        mov r9, r13
+        mov r13, r10
+        mov rax, qword ptr [64+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [200+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [192+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [184+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [176+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [168+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [160+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r8
+        mov rdx, rdi
+        mov rbx, rsi
+        add r12, rax
+        adc r9, rdx
+        adc r13, rbx
+        add r12, rax
+        adc r9, rdx
+        adc r13, rbx
+        mov qword ptr [-232+rbp], r12
+        mov r8, rdx
+        mov rsi, rax
+        mov rdi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [72+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [168+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [160+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-224+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [80+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [200+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [192+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [184+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [176+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [168+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, r8
+        mov rax, rdi
+        mov rdx, rsi
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        mov qword ptr [-216+rbp], r12
+        mov rdi, rdx
+        mov r8, rax
+        mov rsi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [88+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [176+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [168+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-208+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [96+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [200+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [192+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [184+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [176+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, r8
+        mov rax, rdi
+        mov rdx, rsi
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        mov qword ptr [-200+rbp], r12
+        mov rdi, rdx
+        mov r8, rax
+        mov rsi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [104+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [184+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [176+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-192+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [112+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [200+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [192+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [184+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, r8
+        mov rax, rdi
+        mov rdx, rsi
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        add r12, rbx
+        adc r9, rax
+        adc r13, rdx
+        mov qword ptr [-184+rbp], r12
+        mov rdi, rdx
+        mov r8, rax
+        mov rsi, rbx
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [120+rcx]
+        mul qword ptr [248+rcx]
+        mov rsi, rax
+        mov r8, rdx
+        xor rdi, rdi
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [232+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [224+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [216+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [208+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [200+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [192+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc rdi, 0
+        mov rax, rsi
+        mov rbx, r8
+        mov rdx, rdi
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        add r9, rax
+        adc r12, rbx
+        adc r13, rdx
+        mov r11, rdx
+        mov r8, rax
+        mov rdi, rbx
+        mov rax, qword ptr [184+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-176+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [128+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov r13, r10
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [200+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [192+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r12, r8
+        adc r9, rdi
+        adc r13, rsi
+        add r12, r8
+        adc r9, rdi
+        adc r13, rsi
+        mov qword ptr [-168+rbp], r12
+        mov r12, r13
+        mov r13, r10
+        mov rax, qword ptr [136+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [200+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rbx, rdi
+        mov rax, rsi
+        add r9, r8
+        adc r12, rbx
+        adc r13, rax
+        add r9, r8
+        adc r12, rbx
+        adc r13, rax
+        mov r11, rax
+        mov rdi, rbx
+        mov rbx, r10
+        mov rax, qword ptr [192+rcx]
+        mul rax
+        add r9, rax
+        adc r12, rdx
+        adc r13, 0
+        mov rsi, r11
+        mov qword ptr [-160+rbp], r9
+        mov r9, r13
+        mov rax, qword ptr [144+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [192+rcx]
+        mul qword ptr [200+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add r12, r8
+        adc r9, rdi
+        adc rbx, rsi
+        add r12, r8
+        adc r9, rdi
+        adc rbx, rsi
+        mov qword ptr [-152+rbp], r12
+        mov rax, qword ptr [152+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [192+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r10
+        mov r13, rdi
+        mov r12, rsi
+        add r9, r8
+        adc rbx, r13
+        adc rdx, r12
+        add r9, r8
+        adc rbx, r13
+        adc rdx, r12
+        mov rax, rdx
+        mov rdi, r13
+        mov rsi, r12
+        mov r11, rax
+        mov r12, r10
+        mov rax, qword ptr [200+rcx]
+        mul rax
+        add r9, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-144+rbp], r9
+        mov r9, r11
+        mov rax, qword ptr [160+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [192+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [200+rcx]
+        mul qword ptr [208+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add rbx, r8
+        adc r9, rdi
+        adc r12, rsi
+        add rbx, r8
+        adc r9, rdi
+        adc r12, rsi
+        mov qword ptr [-136+rbp], rbx
+        mov r11, r12
+        mov rax, qword ptr [168+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [192+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [200+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r10
+        mov r13, rdi
+        mov r12, rsi
+        add r9, r8
+        adc r11, r13
+        adc rax, r12
+        add r9, r8
+        adc r11, r13
+        adc rax, r12
+        mov rdx, rax
+        mov rbx, r11
+        mov rdi, r13
+        mov r11, rdx
+        mov rsi, r12
+        mov rax, qword ptr [208+rcx]
+        mul rax
+        add r9, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-128+rbp], r9
+        mov r9, r11
+        mov rax, qword ptr [176+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [192+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [200+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [208+rcx]
+        mul qword ptr [216+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rdx, r10
+        add rbx, r8
+        adc r9, rdi
+        adc rdx, rsi
+        add rbx, r8
+        adc r9, rdi
+        adc rdx, rsi
+        mov qword ptr [-120+rbp], rbx
+        mov r11, rdx
+        mov rbx, r10
+        mov rax, qword ptr [184+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [192+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [200+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [208+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r13, rdi
+        mov r12, rsi
+        add r9, r8
+        adc r11, r13
+        adc rbx, r12
+        add r9, r8
+        adc r11, r13
+        adc rbx, r12
+        mov rdx, rbx
+        mov rdi, r13
+        mov rbx, r11
+        mov rsi, r12
+        mov r11, rdx
+        mov r12, r10
+        mov rax, qword ptr [216+rcx]
+        mul rax
+        add r9, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-112+rbp], r9
+        mov r9, r11
+        mov rax, qword ptr [192+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [200+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [208+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [216+rcx]
+        mul qword ptr [224+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        add rbx, r8
+        adc r9, rdi
+        adc r12, rsi
+        add rbx, r8
+        adc r9, rdi
+        adc r12, rsi
+        mov qword ptr [-104+rbp], rbx
+        mov r11, r12
+        mov rax, qword ptr [200+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [208+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [216+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, r10
+        mov r13, rdi
+        mov r12, rsi
+        add r9, r8
+        adc r11, r13
+        adc rax, r12
+        add r9, r8
+        adc r11, r13
+        adc rax, r12
+        mov rdx, rax
+        mov rbx, r11
+        mov rdi, r13
+        mov r11, rdx
+        mov rsi, r12
+        mov r12, r10
+        mov rax, qword ptr [224+rcx]
+        mul rax
+        add r9, rax
+        adc rbx, rdx
+        adc r11, 0
+        mov qword ptr [-96+rbp], r9
+        mov r9, r10
+        mov rax, qword ptr [208+rcx]
+        mul qword ptr [248+rcx]
+        mov r8, rax
+        mov rdi, rdx
+        xor rsi, rsi
+        mov rax, qword ptr [216+rcx]
+        mul qword ptr [240+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov rax, qword ptr [224+rcx]
+        mul qword ptr [232+rcx]
+        add r8, rax
+        adc rdi, rdx
+        adc rsi, 0
+        mov r13, rdi
+        mov rax, rsi
+        add rbx, r8
+        adc r11, r13
+        adc r9, rax
+        add rbx, r8
+        adc r11, r13
+        adc r9, rax
+        mov qword ptr [-88+rbp], rbx
+        mov rsi, r11
+        mov r8, r9
+        mov rax, qword ptr [216+rcx]
+        mul qword ptr [248+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc r12, 0
+        add rsi, rax
+        adc r8, rdx
+        adc r12, 0
+        mov r11, r12
+        mov rax, qword ptr [224+rcx]
+        mul qword ptr [240+rcx]
+        add rsi, rax
+        adc r8, rdx
+        adc r11, 0
+        add rsi, rax
+        adc r8, rdx
+        adc r11, 0
+        mov r13, r8
+        mov rbx, r11
+        mov rax, qword ptr [232+rcx]
+        mul rax
+        add rsi, rax
+        adc r13, rdx
+        adc rbx, 0
+        mov qword ptr [-80+rbp], rsi
+        mov r12, rbx
+        mov rdi, r13
+        mov r13, r10
+        mov rax, qword ptr [224+rcx]
+        mul qword ptr [248+rcx]
+        add rdi, rax
+        adc r12, rdx
+        adc r13, 0
+        add rdi, rax
+        adc r12, rdx
+        adc r13, 0
+        mov r9, r12
+        mov r12, r13
+        mov rax, qword ptr [232+rcx]
+        mul qword ptr [240+rcx]
+        add rdi, rax
+        adc r9, rdx
+        adc r12, 0
+        add rdi, rax
+        adc r9, rdx
+        adc r12, 0
+        mov qword ptr [-72+rbp], rdi
+        mov r11, r9
+        mov rbx, r12
+        mov r9, r10
+        mov rax, qword ptr [232+rcx]
+        mul qword ptr [248+rcx]
+        add r11, rax
+        adc rbx, rdx
+        adc r9, 0
+        add r11, rax
+        adc rbx, rdx
+        adc r9, 0
+        mov r13, rbx
+        mov rbx, r9
+        mov r9, r10
+        mov rax, qword ptr [240+rcx]
+        mul rax
+        add r11, rax
+        adc r13, rdx
+        adc rbx, 0
+        mov qword ptr [-64+rbp], r11
+        mov rdi, r13
+        mov rsi, rbx
+        mov rax, qword ptr [240+rcx]
+        mul qword ptr [248+rcx]
+        add rdi, rax
+        adc rsi, rdx
+        adc r9, 0
+        add rdi, rax
+        adc rsi, rdx
+        adc r9, 0
+        mov qword ptr [-56+rbp], rdi
+        mov r8, r9
+        mov rax, qword ptr [248+rcx]
+        mul rax
+        add rsi, rax
+        adc r8, rdx
+        adc r10, 0
+        mov qword ptr [-48+rbp], rsi
+        mov qword ptr [-40+rbp], r8
+        mov dword ptr [8+r14], 64
+        mov dword ptr [r14], 0
+;        mov rdi, qword ptr [16+r14]
+;        lea rsi, qword ptr [-544+rbp]
+;        mov edx, 512
+        mov rcx, qword ptr [16+r14]
+        lea rdx, qword ptr [-544+rbp]
+        mov r8d, 512
+        call memcpy
+        mov edx, dword ptr [8+r14]
+        test edx, edx
+        je L304
+        lea ecx, dword ptr [-1+rdx]
+        mov rsi, qword ptr [16+r14]
+        mov r10d, ecx
+        cmp dword ptr [rsi+r10*8], 0
+        jne L302
+        mov edx, ecx
+        ALIGN 16
+L303:
+        test edx, edx
+        mov ecx, edx
+        je L307
+        dec edx
+        mov eax, edx
+        cmp dword ptr [rsi+rax*8], 0
+        je L303
+        mov dword ptr [8+r14], ecx
+        mov edx, ecx
+L302:
+        test edx, edx
+        je L304
+        mov eax, dword ptr [r14]
+        jmp L305
+
+L307:
+        mov dword ptr [8+r14], edx
+L304:
+        xor eax, eax
+L305:
+        mov dword ptr [r14], eax
+        add rsp, 512+32			; +32 for "home" storage
+        pop rbx
+        pop r12
+        pop r13
+        pop r14
+        pop rbp
+
+        pop rsi
+        pop rdi
+
+        ret
+
+s_mp_sqr_comba_32 ENDP
+
+END
diff --git a/nss/lib/freebl/mpi/mp_comba_amd64_sun.s b/nss/lib/freebl/mpi/mp_comba_amd64_sun.s
new file mode 100644
index 0000000..a5181df
--- /dev/null
+++ b/nss/lib/freebl/mpi/mp_comba_amd64_sun.s
@@ -0,0 +1,16097 @@
+//* TomsFastMath, a fast ISO C bignum library.
+/ * 
+/ * This project is meant to fill in where LibTomMath
+/ * falls short.  That is speed ;-)
+/ *
+/ * This project is public domain and free for all purposes.
+/ * 
+/ * Tom St Denis, tomstdenis@iahu.ca
+/ */
+
+//*
+/ * The source file from which this assembly was derived
+/ * comes from TFM v0.03, which has the above license.
+/ * This source was compiled with an unnamed compiler at
+/ * the highest optimization level.  Afterwards, the
+/ * trailing .section was removed because it causes errors
+/ * in the Studio 10 compiler on AMD 64.
+/ */
+
+       	.file	"mp_comba.c"
+	.text
+	.align 16
+.globl s_mp_mul_comba_4
+	.type	s_mp_mul_comba_4, @function
+s_mp_mul_comba_4:
+.LFB2:
+	pushq	%r12
+.LCFI0:
+	pushq	%rbp
+.LCFI1:
+	pushq	%rbx
+.LCFI2:
+	movq	16(%rdi), %r9
+	movq	%rdx, %rbx
+	movq	16(%rsi), %rdx
+	movq	(%r9), %rax
+	movq	%rax, -64(%rsp)
+	movq	8(%r9), %r8
+	movq	%r8, -56(%rsp)
+	movq	16(%r9), %rbp
+	movq	%rbp, -48(%rsp)
+	movq	24(%r9), %r12
+	movq	%r12, -40(%rsp)
+	movq	(%rdx), %rcx
+	movq	%rcx, -32(%rsp)
+	movq	8(%rdx), %r10
+	movq	%r10, -24(%rsp)
+	movq	16(%rdx), %r11
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r9
+	movq	%r10, %rbp
+	movq	%r11, -16(%rsp)
+	movq	16(%rbx), %r11
+	movq	24(%rdx), %rax
+	movq	%rax, -8(%rsp)
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, (%r11)
+	movq	%rbp, %r8
+	movq	%r10, %rbp
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %r12
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r9, 8(%r11)
+	movq	%r12, %r9
+	movq	%r10, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rcx
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 16(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 24(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 32(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%r9, %rbp
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 40(%r11)
+	movq	%rbp, %r8
+	movq	%r12, %rcx
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rcx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r8, 48(%r11)
+	movl	(%rsi), %esi
+	xorl	(%rdi), %esi
+	testq	%rcx, %rcx
+	movq	%rcx, 56(%r11)
+	movl	$8, 8(%rbx)
+	jne	.L9
+	.align 16
+.L18:
+	movl	8(%rbx), %edx
+	leal	-1(%rdx), %edi
+	testl	%edi, %edi
+	movl	%edi, 8(%rbx)
+	je	.L9
+	leal	-2(%rdx), %r10d
+	cmpq	$0, (%r11,%r10,8)
+	je	.L18
+.L9:
+	movl	8(%rbx), %edx
+	xorl	%r11d, %r11d
+	testl	%edx, %edx
+	cmovne	%esi, %r11d
+	movl	%r11d, (%rbx)
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	ret
+.LFE2:
+	.size	s_mp_mul_comba_4, .-s_mp_mul_comba_4
+	.align 16
+.globl s_mp_mul_comba_8
+	.type	s_mp_mul_comba_8, @function
+s_mp_mul_comba_8:
+.LFB3:
+	pushq	%r12
+.LCFI3:
+	pushq	%rbp
+.LCFI4:
+	pushq	%rbx
+.LCFI5:
+	movq	%rdx, %rbx
+	subq	$8, %rsp
+.LCFI6:
+	movq	16(%rdi), %rdx
+	movq	(%rdx), %r8
+	movq	%r8, -120(%rsp)
+	movq	8(%rdx), %rbp
+	movq	%rbp, -112(%rsp)
+	movq	16(%rdx), %r9
+	movq	%r9, -104(%rsp)
+	movq	24(%rdx), %r12
+	movq	%r12, -96(%rsp)
+	movq	32(%rdx), %rcx
+	movq	%rcx, -88(%rsp)
+	movq	40(%rdx), %r10
+	movq	%r10, -80(%rsp)
+	movq	48(%rdx), %r11
+	movq	%r11, -72(%rsp)
+	movq	56(%rdx), %rax
+	movq	16(%rsi), %rdx
+	movq	%rax, -64(%rsp)
+	movq	(%rdx), %r8
+	movq	%r8, -56(%rsp)
+	movq	8(%rdx), %rbp
+	movq	%rbp, -48(%rsp)
+	movq	16(%rdx), %r9
+	movq	%r9, -40(%rsp)
+	movq	24(%rdx), %r12
+	movq	%r12, -32(%rsp)
+	movq	32(%rdx), %rcx
+	movq	%rcx, -24(%rsp)
+	movq	40(%rdx), %r10
+	movq	%r10, -16(%rsp)
+	movq	48(%rdx), %r11
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r9
+	movq	%r10, %rbp
+	movq	%r11, -8(%rsp)
+	movq	16(%rbx), %r11
+	movq	56(%rdx), %rax
+	movq	%rax, (%rsp)
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, (%r11)
+	movq	%rbp, %r8
+	movq	%r10, %rbp
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %r12
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r9, 8(%r11)
+	movq	%r12, %r9
+	movq	%r10, %r12
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 16(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 24(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 32(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 40(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 48(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 56(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 64(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 72(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 80(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 88(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 96(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%r9, %rbp
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  -8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 104(%r11)
+	movq	%rbp, %r8
+	movq	%r12, %rcx
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  (%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rcx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r8, 112(%r11)
+	movl	(%rsi), %esi
+	xorl	(%rdi), %esi
+	testq	%rcx, %rcx
+	movq	%rcx, 120(%r11)
+	movl	$16, 8(%rbx)
+	jne	.L35
+	.align 16
+.L43:
+	movl	8(%rbx), %edx
+	leal	-1(%rdx), %edi
+	testl	%edi, %edi
+	movl	%edi, 8(%rbx)
+	je	.L35
+	leal	-2(%rdx), %eax
+	cmpq	$0, (%r11,%rax,8)
+	je	.L43
+.L35:
+	movl	8(%rbx), %r11d
+	xorl	%edx, %edx
+	testl	%r11d, %r11d
+	cmovne	%esi, %edx
+	movl	%edx, (%rbx)
+	addq	$8, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	ret
+.LFE3:
+	.size	s_mp_mul_comba_8, .-s_mp_mul_comba_8
+	.align 16
+.globl s_mp_mul_comba_16
+	.type	s_mp_mul_comba_16, @function
+s_mp_mul_comba_16:
+.LFB4:
+	pushq	%r12
+.LCFI7:
+	pushq	%rbp
+.LCFI8:
+	pushq	%rbx
+.LCFI9:
+	movq	%rdx, %rbx
+	subq	$136, %rsp
+.LCFI10:
+	movq	16(%rdi), %rax
+	movq	(%rax), %r8
+	movq	%r8, -120(%rsp)
+	movq	8(%rax), %rbp
+	movq	%rbp, -112(%rsp)
+	movq	16(%rax), %r9
+	movq	%r9, -104(%rsp)
+	movq	24(%rax), %r12
+	movq	%r12, -96(%rsp)
+	movq	32(%rax), %rcx
+	movq	%rcx, -88(%rsp)
+	movq	40(%rax), %r10
+	movq	%r10, -80(%rsp)
+	movq	48(%rax), %rdx
+	movq	%rdx, -72(%rsp)
+	movq	56(%rax), %r11
+	movq	%r11, -64(%rsp)
+	movq	64(%rax), %r8
+	movq	%r8, -56(%rsp)
+	movq	72(%rax), %rbp
+	movq	%rbp, -48(%rsp)
+	movq	80(%rax), %r9
+	movq	%r9, -40(%rsp)
+	movq	88(%rax), %r12
+	movq	%r12, -32(%rsp)
+	movq	96(%rax), %rcx
+	movq	%rcx, -24(%rsp)
+	movq	104(%rax), %r10
+	movq	%r10, -16(%rsp)
+	movq	112(%rax), %rdx
+	movq	%rdx, -8(%rsp)
+	movq	120(%rax), %r11
+	movq	%r11, (%rsp)
+	movq	16(%rsi), %r11
+	movq	(%r11), %r8
+	movq	%r8, 8(%rsp)
+	movq	8(%r11), %rbp
+	movq	%rbp, 16(%rsp)
+	movq	16(%r11), %r9
+	movq	%r9, 24(%rsp)
+	movq	24(%r11), %r12
+	movq	%r12, 32(%rsp)
+	movq	32(%r11), %rcx
+	movq	%rcx, 40(%rsp)
+	movq	40(%r11), %r10
+	movq	%r10, 48(%rsp)
+	movq	48(%r11), %rdx
+	movq	%rdx, 56(%rsp)
+	movq	56(%r11), %rax
+	movq	%rax, 64(%rsp)
+	movq	64(%r11), %r8
+	movq	%r8, 72(%rsp)
+	movq	72(%r11), %rbp
+	movq	%rbp, 80(%rsp)
+	movq	80(%r11), %r9
+	movq	%r9, 88(%rsp)
+	movq	88(%r11), %r12
+	movq	%r12, 96(%rsp)
+	movq	96(%r11), %rcx
+	movq	%rcx, 104(%rsp)
+	movq	104(%r11), %r10
+	movq	%r10, 112(%rsp)
+	movq	112(%r11), %rdx
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r9
+	movq	%r10, %rbp
+	movq	%rdx, 120(%rsp)
+	movq	120(%r11), %rax
+	movq	%rax, 128(%rsp)
+	movq	16(%rbx), %r11
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, (%r11)
+	movq	%rbp, %r8
+	movq	%r10, %rbp
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %r12
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r9, 8(%r11)
+	movq	%r12, %r9
+	movq	%r10, %r12
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 16(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 24(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 32(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 40(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 48(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 56(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 64(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 72(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 80(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -32(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 88(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -24(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 96(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  -16(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 104(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -112(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  -8(%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 112(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -120(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -112(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -104(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  8(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 120(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -112(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -104(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -96(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  16(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 128(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -104(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -96(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -88(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  24(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 136(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -96(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -88(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -80(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  32(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 144(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -88(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -80(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -72(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  40(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 152(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -80(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -72(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -64(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  48(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 160(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -72(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -64(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -56(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  56(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 168(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -64(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -56(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -48(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  64(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 176(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -56(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -48(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -40(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  72(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 184(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -48(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -40(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -32(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  80(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 192(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -40(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -32(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -24(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  88(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 200(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -32(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -24(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -16(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  96(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 208(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -24(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -16(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+	movq  -8(%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%r8, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  104(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 216(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %r8
+	movq	%r10, %rcx
+/APP
+	movq  -16(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+	movq  -8(%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%r9, %rbp
+	movq	%rcx, %r12
+/APP
+	movq  (%rsp),%rax     
+	mulq  112(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, 224(%r11)
+	movq	%r12, %r9
+	movq	%rbp, %rcx
+	movq	%r10, %r8
+/APP
+	movq  -8(%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%r9, %rbp
+/APP
+	movq  (%rsp),%rax     
+	mulq  120(%rsp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rcx, 232(%r11)
+	movq	%rbp, %r8
+	movq	%r12, %rcx
+/APP
+	movq  (%rsp),%rax     
+	mulq  128(%rsp)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rcx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r8, 240(%r11)
+	movl	(%rsi), %esi
+	xorl	(%rdi), %esi
+	testq	%rcx, %rcx
+	movq	%rcx, 248(%r11)
+	movl	$32, 8(%rbx)
+	jne	.L76
+	.align 16
+.L84:
+	movl	8(%rbx), %edx
+	leal	-1(%rdx), %edi
+	testl	%edi, %edi
+	movl	%edi, 8(%rbx)
+	je	.L76
+	leal	-2(%rdx), %eax
+	cmpq	$0, (%r11,%rax,8)
+	je	.L84
+.L76:
+	movl	8(%rbx), %edx
+	xorl	%r11d, %r11d
+	testl	%edx, %edx
+	cmovne	%esi, %r11d
+	movl	%r11d, (%rbx)
+	addq	$136, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	ret
+.LFE4:
+	.size	s_mp_mul_comba_16, .-s_mp_mul_comba_16
+	.align 16
+.globl s_mp_mul_comba_32
+	.type	s_mp_mul_comba_32, @function
+s_mp_mul_comba_32:
+.LFB5:
+	pushq	%rbp
+.LCFI11:
+	movq	%rsp, %rbp
+.LCFI12:
+	pushq	%r13
+.LCFI13:
+	movq	%rdx, %r13
+	movl	$256, %edx
+	pushq	%r12
+.LCFI14:
+	movq	%rsi, %r12
+	pushq	%rbx
+.LCFI15:
+	movq	%rdi, %rbx
+	subq	$520, %rsp
+.LCFI16:
+	movq	16(%rdi), %rsi
+	leaq	-544(%rbp), %rdi
+	call	memcpy@PLT
+	movq	16(%r12), %rsi
+	leaq	-288(%rbp), %rdi
+	movl	$256, %edx
+	call	memcpy@PLT
+	movq	16(%r13), %r9
+	xorl	%r8d, %r8d
+	movq	%r8, %rsi
+	movq	%r8, %rdi
+	movq	%r8, %r10
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rsi, (%r9)
+	movq	%r10, %rsi
+	movq	%r8, %r10
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r10, %r11
+/APP
+	movq  -536(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rdi, 8(%r9)
+	movq	%r11, %rdi
+	movq	%r8, %r11
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r11, %rcx
+/APP
+	movq  -536(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -528(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 16(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -520(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 24(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -512(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 32(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -504(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 40(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -496(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 48(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -488(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 56(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -480(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 64(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -472(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 72(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -464(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 80(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -456(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 88(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -448(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 96(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -440(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 104(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -432(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 112(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -424(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 120(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -416(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 128(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -408(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 136(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -400(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 144(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -392(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 152(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -384(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 160(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -376(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 168(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -368(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 176(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -360(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 184(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -352(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 192(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -344(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 200(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -336(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 208(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -328(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 216(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -320(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 224(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -312(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 232(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -304(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 240(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -544(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -536(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -288(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 248(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -536(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -528(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -280(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 256(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -528(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -520(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -272(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 264(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -520(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -512(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -264(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 272(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -512(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -504(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -256(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 280(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -504(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -496(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -248(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 288(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -496(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -488(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -240(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 296(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -488(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -480(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -232(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 304(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -480(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -472(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -224(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 312(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -472(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -464(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -216(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 320(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -464(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -456(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -208(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 328(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %r11
+	movq	%r8, %r10
+/APP
+	movq  -456(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -448(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -440(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+	movq  -296(%rbp),%rax     
+	mulq  -200(%rbp)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r11, 336(%r9)
+	movq	%r10, %rsi
+	movq	%r8, %r10
+/APP
+	movq  -448(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r10, %rcx
+/APP
+	movq  -440(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -432(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rsi, %r11
+	movq	%rcx, %r10
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -192(%rbp)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r11     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rdi, 344(%r9)
+	movq	%r11, %rcx
+	movq	%r10, %rdi
+	movq	%r8, %r11
+/APP
+	movq  -440(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r11, %rsi
+/APP
+	movq  -432(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -184(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 352(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -432(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -424(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -176(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 360(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -424(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -416(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -168(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 368(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -416(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -408(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -160(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 376(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -408(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -400(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -152(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 384(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -400(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -392(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -144(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 392(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -392(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -384(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -136(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 400(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -384(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -376(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -128(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 408(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -376(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -368(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -120(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 416(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -368(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -360(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -112(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 424(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -360(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -352(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -104(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 432(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -352(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -344(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -96(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 440(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -344(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -336(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -88(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 448(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -336(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -328(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -80(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 456(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -328(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -320(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -72(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 464(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -320(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -312(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rcx, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -64(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 472(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rcx
+	movq	%r8, %rsi
+/APP
+	movq  -312(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  -304(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r10
+	movq	%rsi, %r11
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -56(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rcx, 480(%r9)
+	movq	%r11, %rdi
+	movq	%r10, %rsi
+	movq	%r8, %rcx
+/APP
+	movq  -304(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rcx        
+	
+/NO_APP
+	movq	%rcx, %r11
+	movq	%rdi, %r10
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -48(%rbp)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r10     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rsi, 488(%r9)
+	movq	%r10, %rcx
+	movq	%r11, %rsi
+/APP
+	movq  -296(%rbp),%rax     
+	mulq  -40(%rbp)           
+	addq  %rax,%rcx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%rcx, 496(%r9)
+	movl	(%r12), %ecx
+	xorl	(%rbx), %ecx
+	testq	%rsi, %rsi
+	movq	%rsi, 504(%r9)
+	movl	$64, 8(%r13)
+	jne	.L149
+	.align 16
+.L157:
+	movl	8(%r13), %edx
+	leal	-1(%rdx), %ebx
+	testl	%ebx, %ebx
+	movl	%ebx, 8(%r13)
+	je	.L149
+	leal	-2(%rdx), %r12d
+	cmpq	$0, (%r9,%r12,8)
+	je	.L157
+.L149:
+	movl	8(%r13), %r9d
+	xorl	%edx, %edx
+	testl	%r9d, %r9d
+	cmovne	%ecx, %edx
+	movl	%edx, (%r13)
+	addq	$520, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	leave
+	ret
+.LFE5:
+	.size	s_mp_mul_comba_32, .-s_mp_mul_comba_32
+	.align 16
+.globl s_mp_sqr_comba_4
+	.type	s_mp_sqr_comba_4, @function
+s_mp_sqr_comba_4:
+.LFB6:
+	pushq	%rbp
+.LCFI17:
+	movq	%rsi, %r11
+	xorl	%esi, %esi
+	movq	%rsi, %r10
+	movq	%rsi, %rbp
+	movq	%rsi, %r8
+	pushq	%rbx
+.LCFI18:
+	movq	%rsi, %rbx
+	movq	16(%rdi), %rcx
+	movq	%rsi, %rdi
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r10, -72(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbp        
+	addq  %rax,%rbx     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbx, -64(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r8        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbp     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%rbp, %rbx
+	movq	%r8, %rbp
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rdi, -56(%rsp)
+	movq	%rbp, %r9
+	movq	%rbx, %r8
+	movq	%rsi, %rdi
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rdi        
+	addq  %rax,%r8     
+	adcq  %rdx,%r9     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r9, %rbx
+	movq	%rdi, %rbp
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%r8, -48(%rsp)
+	movq	%rbp, %r9
+	movq	%rbx, %rdi
+	movq	%rsi, %r8
+	movl	$8, 8(%r11)
+	movl	$0, (%r11)
+/APP
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r8        
+	
+/NO_APP
+	movq	%r9, %rbx
+	movq	%r8, %rbp
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rbp        
+	
+/NO_APP
+	movq	%rbp, %rax
+	movq	%rdi, -40(%rsp)
+	movq	%rbx, %rbp
+	movq	%rax, %rdi
+	movq	%rsi, %rbx
+/APP
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%rbp     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbx        
+	addq  %rax,%rbp     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rbp, -32(%rsp)
+	movq	%rbx, %r9
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	16(%r11), %rdx
+	movq	%rdi, -24(%rsp)
+	movq	%r9, -16(%rsp)
+	movq	%r10, (%rdx)
+	movq	-64(%rsp), %r8
+	movq	%r8, 8(%rdx)
+	movq	-56(%rsp), %rbp
+	movq	%rbp, 16(%rdx)
+	movq	-48(%rsp), %rdi
+	movq	%rdi, 24(%rdx)
+	movq	-40(%rsp), %rsi
+	movq	%rsi, 32(%rdx)
+	movq	-32(%rsp), %rbx
+	movq	%rbx, 40(%rdx)
+	movq	-24(%rsp), %rcx
+	movq	%rcx, 48(%rdx)
+	movq	-16(%rsp), %rax
+	movq	%rax, 56(%rdx)
+	movl	8(%r11), %edx
+	testl	%edx, %edx
+	je	.L168
+	leal	-1(%rdx), %ecx
+	movq	16(%r11), %rsi
+	mov	%ecx, %r10d
+	cmpq	$0, (%rsi,%r10,8)
+	jne	.L166
+	movl	%ecx, %edx
+	.align 16
+.L167:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L171
+	decl	%edx
+	mov	%edx, %eax
+	cmpq	$0, (%rsi,%rax,8)
+	je	.L167
+	movl	%ecx, 8(%r11)
+	movl	%ecx, %edx
+.L166:
+	testl	%edx, %edx
+	je	.L168
+	popq	%rbx
+	popq	%rbp
+	movl	(%r11), %eax
+	movl	%eax, (%r11)
+	ret
+.L171:
+	movl	%edx, 8(%r11)
+	.align 16
+.L168:
+	popq	%rbx
+	popq	%rbp
+	xorl	%eax, %eax
+	movl	%eax, (%r11)
+	ret
+.LFE6:
+	.size	s_mp_sqr_comba_4, .-s_mp_sqr_comba_4
+	.align 16
+.globl s_mp_sqr_comba_8
+	.type	s_mp_sqr_comba_8, @function
+s_mp_sqr_comba_8:
+.LFB7:
+	pushq	%r14
+.LCFI19:
+	xorl	%r9d, %r9d
+	movq	%r9, %r14
+	movq	%r9, %r10
+	pushq	%r13
+.LCFI20:
+	movq	%r9, %r13
+	pushq	%r12
+.LCFI21:
+	movq	%r9, %r12
+	pushq	%rbp
+.LCFI22:
+	movq	%rsi, %rbp
+	movq	%r9, %rsi
+	pushq	%rbx
+.LCFI23:
+	movq	%r9, %rbx
+	subq	$8, %rsp
+.LCFI24:
+	movq	16(%rdi), %rcx
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r14     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r14, -120(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r10        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rbx, -112(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r10, %rbx
+	movq	%r13, %r10
+	movq	%r9, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r12, -104(%rsp)
+	movq	%r10, %rdi
+	movq	%rbx, %r11
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	addq  %rax,%r11     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %rbx
+	movq	%rsi, %r10
+	movq	%r9, %rdi
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r9, %rsi
+	movq	%r11, -96(%rsp)
+	movq	%r10, %r8
+	movq	%rbx, %r12
+	movq	%r9, %r11
+/APP
+	movq  (%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%r8     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%r13, %r10
+	movq	%r9, %r8
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r12, -88(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  40(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%rbx, -80(%rsp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  48(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -72(%rsp)
+	movq	%r11, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rax         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rax         
+	
+/NO_APP
+	movq	%rbx, -64(%rsp)
+	movq	%rax, %r11
+	movq	%r9, %rbx
+/APP
+	movq  8(%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rsi
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %r13
+	movq	%rsi, %r11
+/APP
+	movq  32(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -56(%rsp)
+	movq	%r9, %r10
+/APP
+	movq  16(%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %r13,%r13        
+	
+	movq  24(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r13        
+	
+	movq  32(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%r13, %rax
+/APP
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	
+/NO_APP
+	movq	%rbx, -48(%rsp)
+	movq	%r11, %r12
+	movq	%r10, %rsi
+	movq	%r9, %rbx
+	movq	%r9, %r11
+/APP
+	movq  24(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rbx, %r13
+/APP
+	movq  32(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rsi, %r10
+	movq	%r13, %rbx
+	movq	%r9, %r13
+/APP
+	movq  40(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r12, -40(%rsp)
+	movq	%rbx, %r8
+	movq	%r10, %rdi
+/APP
+	movq  32(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r8, %r10
+	movq	%r11, %rbx
+/APP
+	movq  40(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rdi, -32(%rsp)
+	movq	%rbx, %rsi
+	movq	%r10, %r12
+/APP
+	movq  40(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	addq  %rax,%r12     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rsi, %r10
+	movq	%r13, %rbx
+/APP
+	movq  48(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r12     
+	adcq  %rdx,%r10     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r12, -24(%rsp)
+	movq	%r10, %rdi
+	movq	%rbx, %rsi
+	movq	%r9, %r10
+	movl	$16, 8(%rbp)
+	movl	$0, (%rbp)
+/APP
+	movq  48(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rdi, -16(%rsp)
+	movq	%r10, %r8
+/APP
+	movq  56(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	16(%rbp), %rax
+	movq	%rsi, -8(%rsp)
+	movq	%r8, (%rsp)
+	movq	%r14, (%rax)
+	movq	-112(%rsp), %rbx
+	movq	%rbx, 8(%rax)
+	movq	-104(%rsp), %rcx
+	movq	%rcx, 16(%rax)
+	movq	-96(%rsp), %rdx
+	movq	%rdx, 24(%rax)
+	movq	-88(%rsp), %r14
+	movq	%r14, 32(%rax)
+	movq	-80(%rsp), %r13
+	movq	%r13, 40(%rax)
+	movq	-72(%rsp), %r12
+	movq	%r12, 48(%rax)
+	movq	-64(%rsp), %r11
+	movq	%r11, 56(%rax)
+	movq	-56(%rsp), %r10
+	movq	%r10, 64(%rax)
+	movq	-48(%rsp), %r9
+	movq	%r9, 72(%rax)
+	movq	-40(%rsp), %r8
+	movq	%r8, 80(%rax)
+	movq	-32(%rsp), %rdi
+	movq	%rdi, 88(%rax)
+	movq	-24(%rsp), %rsi
+	movq	%rsi, 96(%rax)
+	movq	-16(%rsp), %rbx
+	movq	%rbx, 104(%rax)
+	movq	-8(%rsp), %rcx
+	movq	%rcx, 112(%rax)
+	movq	(%rsp), %rdx
+	movq	%rdx, 120(%rax)
+	movl	8(%rbp), %edx
+	testl	%edx, %edx
+	je	.L192
+	leal	-1(%rdx), %ecx
+	movq	16(%rbp), %rsi
+	mov	%ecx, %r14d
+	cmpq	$0, (%rsi,%r14,8)
+	jne	.L190
+	movl	%ecx, %edx
+	.align 16
+.L191:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L195
+	decl	%edx
+	mov	%edx, %r9d
+	cmpq	$0, (%rsi,%r9,8)
+	je	.L191
+	movl	%ecx, 8(%rbp)
+	movl	%ecx, %edx
+.L190:
+	testl	%edx, %edx
+	je	.L192
+	movl	(%rbp), %eax
+	movl	%eax, (%rbp)
+	addq	$8, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	ret
+.L195:
+	movl	%edx, 8(%rbp)
+	.align 16
+.L192:
+	xorl	%eax, %eax
+	movl	%eax, (%rbp)
+	addq	$8, %rsp
+	popq	%rbx
+	popq	%rbp
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	ret
+.LFE7:
+	.size	s_mp_sqr_comba_8, .-s_mp_sqr_comba_8
+	.align 16
+.globl s_mp_sqr_comba_16
+	.type	s_mp_sqr_comba_16, @function
+s_mp_sqr_comba_16:
+.LFB8:
+	pushq	%rbp
+.LCFI25:
+	xorl	%r9d, %r9d
+	movq	%r9, %r8
+	movq	%r9, %r11
+	movq	%rsp, %rbp
+.LCFI26:
+	pushq	%r14
+.LCFI27:
+	movq	%rsi, %r14
+	movq	%r9, %rsi
+	pushq	%r13
+.LCFI28:
+	movq	%r9, %r13
+	pushq	%r12
+.LCFI29:
+	movq	%r9, %r12
+	pushq	%rbx
+.LCFI30:
+	movq	%r9, %rbx
+	subq	$256, %rsp
+.LCFI31:
+	movq	16(%rdi), %rcx
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, -288(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rbx, -280(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r12, %rbx
+	movq	%r13, %r10
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rsi, -272(%rbp)
+	movq	%r10, %rdi
+	movq	%r9, %rsi
+	movq	%rbx, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	addq  %rax,%r10     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%r11, %rbx
+	movq	%r9, %rdi
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r9, %r11
+	movq	%r10, -264(%rbp)
+	movq	%rbx, %r8
+	movq	%r12, %r13
+	movq	%r9, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%r12, %r10
+	movq	%r9, %r8
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r13     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r13, -256(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  40(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%rbx, -248(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  48(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -240(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rbx, -232(%rbp)
+	movq	%r9, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  64(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+	movq  32(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r13, %rdi
+	movq	%r10, -224(%rbp)
+	movq	%r12, %rsi
+	movq	%rbx, %r10
+	movq	%r9, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  72(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%r11, -216(%rbp)
+	movq	%r12, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  80(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%rbx, %r11
+	movq	%r13, %rdi
+	movq	%rdx, %rbx
+	movq	%r12, %rsi
+/APP
+	movq  40(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r10, -208(%rbp)
+	movq	%rbx, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  88(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rdx
+/APP
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	addq %r8,%r11         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r13
+	movq	%r11, -200(%rbp)
+	movq	%r13, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  96(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %rdx
+	movq	%rsi, %r11
+/APP
+	addq %r8,%r10         
+	adcq %rdx,%r12         
+	adcq %r11,%rax         
+	addq %r8,%r10         
+	adcq %rdx,%r12         
+	adcq %r11,%rax         
+	
+/NO_APP
+	movq	%rdx, %rbx
+	movq	%rax, %r13
+	movq	%r11, %rsi
+/APP
+	movq  48(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rbx, %rdi
+	movq	%r10, -192(%rbp)
+	movq	%r13, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  104(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r9, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -184(%rbp)
+	movq	%r13, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  112(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %rbx
+	movq	%rsi, %rdx
+/APP
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r13
+	movq	%rbx, %rdi
+/APP
+	movq  56(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r10, -176(%rbp)
+	movq	%r13, %r10
+/APP
+	movq  (%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r9, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -168(%rbp)
+	movq	%r13, %r12
+/APP
+	movq  8(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %rbx
+	movq	%rsi, %rdx
+/APP
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	addq %r8,%r10         
+	adcq %rbx,%r12         
+	adcq %rdx,%rax         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r13
+	movq	%rbx, %rdi
+/APP
+	movq  64(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r10, -160(%rbp)
+	movq	%r9, %r11
+/APP
+	movq  16(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r13, %r10
+	movq	%r9, %rbx
+/APP
+	movq  24(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	addq %r8,%r12         
+	adcq %rdi,%r10         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%r12, -152(%rbp)
+/APP
+	movq  24(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rdx
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %rsi
+	movq	%rdx, %r11
+	movq	%r9, %r12
+/APP
+	movq  72(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -144(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  32(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -136(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  40(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  80(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -128(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  48(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rbx, -120(%rbp)
+	movq	%rdx, %r11
+	movq	%r9, %rbx
+/APP
+	movq  56(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rdx
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %rsi
+	movq	%rdx, %r11
+	movq	%r9, %r12
+/APP
+	movq  88(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -112(%rbp)
+	movq	%r11, %r10
+/APP
+	movq  64(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r10         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -104(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  72(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r9, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r10         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  96(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r10     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r10, -96(%rbp)
+	movq	%r9, %r10
+/APP
+	movq  80(%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  96(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%rsi, %rax
+	movq	%r9, %rsi
+/APP
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	addq %r8,%rbx         
+	adcq %r12,%r11         
+	adcq %rax,%r10         
+	
+/NO_APP
+	movq	%r9, %r12
+	movq	%rbx, -88(%rbp)
+	movq	%r11, %r13
+	movq	%r10, %r11
+/APP
+	movq  88(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %rdi
+/APP
+	movq  96(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%rdi        
+	addq  %rax,%r13     
+	adcq  %rdx,%r11     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r11, %rbx
+	movq	%rdi, %r10
+	movq	%r9, %r11
+/APP
+	movq  104(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r13     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%r13, -80(%rbp)
+	movq	%r10, %r8
+	movq	%rbx, %r10
+/APP
+	movq  96(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%r8     
+	adcq  $0,%rsi        
+	addq  %rax,%r10     
+	adcq  %rdx,%r8     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %r12
+	movq	%rsi, %rbx
+/APP
+	movq  104(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	addq  %rax,%r10     
+	adcq  %rdx,%r12     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r10, -72(%rbp)
+	movq	%rbx, %r13
+	movq	%r12, %rbx
+/APP
+	movq  104(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%r13     
+	adcq  $0,%r11        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r13     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r11, %r12
+	movq	%r13, %r10
+/APP
+	movq  112(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r10     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rbx, -64(%rbp)
+	movq	%r10, %rdi
+	movq	%r9, %rbx
+	movq	%r12, %rsi
+/APP
+	movq  112(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rdi, -56(%rbp)
+	movq	%rbx, %r8
+/APP
+	movq  120(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rsi, -48(%rbp)
+	movq	16(%r14), %rdi
+	leaq	-288(%rbp), %rsi
+	movl	$256, %edx
+	movq	%r8, -40(%rbp)
+	movl	$32, 8(%r14)
+	movl	$0, (%r14)
+	call	memcpy@PLT
+	movl	8(%r14), %edx
+	testl	%edx, %edx
+	je	.L232
+	leal	-1(%rdx), %ecx
+	movq	16(%r14), %rsi
+	mov	%ecx, %r9d
+	cmpq	$0, (%rsi,%r9,8)
+	jne	.L230
+	movl	%ecx, %edx
+	.align 16
+.L231:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L235
+	decl	%edx
+	mov	%edx, %eax
+	cmpq	$0, (%rsi,%rax,8)
+	je	.L231
+	movl	%ecx, 8(%r14)
+	movl	%ecx, %edx
+.L230:
+	testl	%edx, %edx
+	je	.L232
+	movl	(%r14), %eax
+	movl	%eax, (%r14)
+	addq	$256, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.L235:
+	movl	%edx, 8(%r14)
+	.align 16
+.L232:
+	xorl	%eax, %eax
+	movl	%eax, (%r14)
+	addq	$256, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.LFE8:
+	.size	s_mp_sqr_comba_16, .-s_mp_sqr_comba_16
+	.align 16
+.globl s_mp_sqr_comba_32
+	.type	s_mp_sqr_comba_32, @function
+s_mp_sqr_comba_32:
+.LFB9:
+	pushq	%rbp
+.LCFI32:
+	xorl	%r10d, %r10d
+	movq	%r10, %r8
+	movq	%r10, %r11
+	movq	%rsp, %rbp
+.LCFI33:
+	pushq	%r14
+.LCFI34:
+	movq	%rsi, %r14
+	movq	%r10, %rsi
+	pushq	%r13
+.LCFI35:
+	movq	%r10, %r13
+	pushq	%r12
+.LCFI36:
+	movq	%r10, %r12
+	pushq	%rbx
+.LCFI37:
+	movq	%r10, %rbx
+	subq	$512, %rsp
+.LCFI38:
+	movq	16(%rdi), %rcx
+/APP
+	movq  (%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r8     
+	adcq  %rdx,%rbx     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, -544(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  8(%rcx)           
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	addq  %rax,%rbx     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rbx, -536(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r12, %rbx
+	movq	%r13, %r9
+/APP
+	movq  8(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rsi, -528(%rbp)
+	movq	%r9, %rdi
+	movq	%r10, %rsi
+	movq	%rbx, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r9     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	addq  %rax,%r9     
+	adcq  %rdx,%rdi     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%rdi, %r12
+	movq	%r11, %r13
+	movq	%r10, %rdi
+/APP
+	movq  8(%rcx),%rax     
+	mulq  16(%rcx)           
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r10, %r11
+	movq	%r9, -520(%rbp)
+	movq	%r13, %r8
+	movq	%r12, %r13
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+	movq  8(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%r13     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%r12, %r9
+	movq	%r10, %r8
+/APP
+	movq  16(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r13     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%r13, -512(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  40(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  24(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r11         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r11         
+	
+/NO_APP
+	movq	%rbx, -504(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  48(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  24(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -496(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  56(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  32(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rbx, -488(%rbp)
+	movq	%r10, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  64(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+	movq  32(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r13, %rdi
+	movq	%r9, -480(%rbp)
+	movq	%r12, %rsi
+	movq	%rbx, %r9
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  72(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  40(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%r11, -472(%rbp)
+	movq	%r12, %rbx
+/APP
+	movq  (%rcx),%rax     
+	mulq  80(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%rbx, %r11
+	movq	%r13, %rdi
+	movq	%rdx, %rbx
+	movq	%r12, %rsi
+/APP
+	movq  40(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r11     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r9, -464(%rbp)
+	movq	%rbx, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  88(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  48(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+/APP
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	addq %r8,%r11         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rdx, %r13
+	movq	%r11, -456(%rbp)
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  96(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %rax
+	movq	%rsi, %r11
+/APP
+	addq %r8,%r9         
+	adcq %rax,%r12         
+	adcq %r11,%r13         
+	addq %r8,%r9         
+	adcq %rax,%r12         
+	adcq %r11,%r13         
+	
+/NO_APP
+	movq	%rax, %rbx
+	movq	%r11, %rsi
+/APP
+	movq  48(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rbx, %rdi
+	movq	%r9, -448(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  104(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  56(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -440(%rbp)
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  112(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r13, %rdx
+	movq	%rdi, %rbx
+	movq	%rsi, %r13
+/APP
+	addq %r8,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	addq %r8,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	
+/NO_APP
+	movq	%r12, %rax
+	movq	%r13, %r11
+	movq	%rdx, %r12
+	movq	%rax, %r13
+	movq	%rbx, %rdi
+	movq	%r11, %rsi
+/APP
+	movq  56(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -432(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  120(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  8(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  64(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rax
+	movq	%rdi, %rdx
+	movq	%rsi, %rbx
+/APP
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	
+/NO_APP
+	movq	%r12, -424(%rbp)
+	movq	%rdx, %r8
+	movq	%rax, %rsi
+	movq	%rbx, %rdi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  128(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  64(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -416(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  136(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  72(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -408(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  144(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  72(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -400(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  152(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  80(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -392(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  160(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  80(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -384(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  168(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  88(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -376(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  176(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  88(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -368(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  184(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  16(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  24(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  32(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  40(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  48(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  56(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  64(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  96(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %rdi
+	movq	%r12, -360(%rbp)
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  192(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	addq %rsi,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	
+/NO_APP
+	movq	%rax, %r11
+	movq	%rbx, %r8
+/APP
+	movq  96(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rdi
+	movq	%r9, -352(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  200(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  104(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -344(%rbp)
+	movq	%r10, %r12
+/APP
+	movq  (%rcx),%rax     
+	mulq  208(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r13
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	
+/NO_APP
+	movq	%r12, %rax
+	movq	%r13, %r11
+	movq	%rdx, %r12
+	movq	%rax, %r13
+	movq	%rbx, %r8
+	movq	%r11, %rdi
+/APP
+	movq  104(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -336(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  216(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  112(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -328(%rbp)
+/APP
+	movq  (%rcx),%rax     
+	mulq  224(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rax
+	movq	%r10, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r12
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	
+/NO_APP
+	movq	%rdx, %rdi
+	movq	%r12, %r11
+	movq	%rbx, %r8
+	movq	%rax, %r12
+	movq	%rdi, %r13
+	movq	%r11, %rdi
+/APP
+	movq  112(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -320(%rbp)
+	movq	%r13, %rbx
+	movq	%r10, %r9
+/APP
+	movq  (%rcx),%rax     
+	mulq  232(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  120(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r9         
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r9         
+	
+/NO_APP
+	movq	%r12, -312(%rbp)
+	movq	%r9, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  240(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%r8, %r11
+	movq	%rdi, %rdx
+/APP
+	addq %rsi,%rbx         
+	adcq %r11,%r13         
+	adcq %rdx,%rax         
+	addq %rsi,%rbx         
+	adcq %r11,%r13         
+	adcq %rdx,%rax         
+	
+/NO_APP
+	movq	%rdx, %r9
+	movq	%rax, %rdx
+	movq	%r13, %r12
+	movq	%r11, %r8
+	movq	%rdx, %r13
+	movq	%r9, %rdi
+/APP
+	movq  120(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%rbx, -304(%rbp)
+	movq	%r13, %rbx
+	movq	%r10, %r13
+/APP
+	movq  (%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  8(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  128(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%rbx         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -296(%rbp)
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  8(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  16(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  24(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r8, %r11
+	movq	%rdi, %rax
+/APP
+	addq %rsi,%rbx         
+	adcq %r11,%r12         
+	adcq %rax,%r13         
+	addq %rsi,%rbx         
+	adcq %r11,%r12         
+	adcq %rax,%r13         
+	
+/NO_APP
+	movq	%rax, %r9
+	movq	%r11, %r8
+/APP
+	movq  128(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rbx     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, %rdi
+	movq	%rbx, -288(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  16(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  24(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  136(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -280(%rbp)
+	movq	%r10, %r12
+/APP
+	movq  24(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  32(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r13
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	addq %rsi,%r9         
+	adcq %rbx,%rdx         
+	adcq %r13,%r12         
+	
+/NO_APP
+	movq	%r12, %rax
+	movq	%r13, %r11
+	movq	%rdx, %r12
+	movq	%rax, %r13
+	movq	%rbx, %r8
+	movq	%r11, %rdi
+/APP
+	movq  136(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -272(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  32(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  40(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  144(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r13         
+	
+/NO_APP
+	movq	%r12, -264(%rbp)
+/APP
+	movq  40(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  48(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r13, %rax
+	movq	%r10, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r12
+/APP
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	addq %rsi,%r9         
+	adcq %rbx,%rax         
+	adcq %r12,%rdx         
+	
+/NO_APP
+	movq	%rdx, %rdi
+	movq	%r12, %r11
+	movq	%rbx, %r8
+	movq	%rax, %r12
+	movq	%rdi, %r13
+	movq	%r11, %rdi
+/APP
+	movq  144(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r10, %r11
+	movq	%r9, -256(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  48(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  56(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  152(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r11         
+	addq %rsi,%r12         
+	adcq %r8,%r9         
+	adcq %rdi,%r11         
+	
+/NO_APP
+	movq	%r12, -248(%rbp)
+	movq	%r11, %r13
+/APP
+	movq  56(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  64(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  72(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rsi, %rdx
+	movq	%r8, %rbx
+	movq	%rdi, %r12
+/APP
+	addq %rdx,%r9         
+	adcq %rbx,%r13         
+	adcq %r12,%rax         
+	addq %rdx,%r9         
+	adcq %rbx,%r13         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%r12, %r11
+	movq	%rdx, %r8
+	movq	%rax, %rdx
+	movq	%r13, %r12
+	movq	%rbx, %rdi
+	movq	%rdx, %r13
+	movq	%r11, %rsi
+/APP
+	movq  152(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r9, -240(%rbp)
+	movq	%r13, %r9
+	movq	%r10, %r13
+/APP
+	movq  64(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  72(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  80(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  88(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  96(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  104(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  112(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  120(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  160(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rax
+	movq	%rdi, %rdx
+	movq	%rsi, %rbx
+/APP
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	addq %rax,%r12         
+	adcq %rdx,%r9         
+	adcq %rbx,%r13         
+	
+/NO_APP
+	movq	%r12, -232(%rbp)
+	movq	%rdx, %r8
+	movq	%rax, %rsi
+	movq	%rbx, %rdi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  72(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  80(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  88(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  160(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -224(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  80(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  88(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  96(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  104(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  112(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  120(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  168(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -216(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  88(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  96(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  104(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  160(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  168(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -208(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  96(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  104(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  112(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  120(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  176(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -200(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  104(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  112(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  120(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  160(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  168(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  176(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -192(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  112(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  120(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  128(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  136(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  184(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r8, %rbx
+	movq	%rdi, %rax
+	movq	%rsi, %rdx
+/APP
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	addq %rbx,%r12         
+	adcq %rax,%r9         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%r12, -184(%rbp)
+	movq	%rdx, %rdi
+	movq	%rax, %r8
+	movq	%rbx, %rsi
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  120(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%rsi     
+	movq  %rdx,%r8     
+	xorq  %rdi,%rdi        
+	
+	movq  128(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  136(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  144(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  152(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  160(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  168(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+	movq  176(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%rdi        
+	
+/NO_APP
+	movq	%rsi, %rax
+	movq	%r8, %rbx
+	movq	%rdi, %rdx
+/APP
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	addq %rax,%r9         
+	adcq %rbx,%r12         
+	adcq %rdx,%r13         
+	
+/NO_APP
+	movq	%rdx, %r11
+	movq	%rax, %r8
+	movq	%rbx, %rdi
+/APP
+	movq  184(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -176(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  128(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+/NO_APP
+	movq	%r10, %r13
+/APP
+	movq  136(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  192(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%r13         
+	
+/NO_APP
+	movq	%r12, -168(%rbp)
+	movq	%r13, %r12
+	movq	%r10, %r13
+/APP
+	movq  136(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  144(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %rbx
+	movq	%rsi, %rax
+/APP
+	addq %r8,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	addq %r8,%r9         
+	adcq %rbx,%r12         
+	adcq %rax,%r13         
+	
+/NO_APP
+	movq	%rax, %r11
+	movq	%rbx, %rdi
+	movq	%r10, %rbx
+/APP
+	movq  192(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r11, %rsi
+	movq	%r9, -160(%rbp)
+	movq	%r13, %r9
+/APP
+	movq  144(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  152(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  200(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%rbx         
+	addq %r8,%r12         
+	adcq %rdi,%r9         
+	adcq %rsi,%rbx         
+	
+/NO_APP
+	movq	%r12, -152(%rbp)
+/APP
+	movq  152(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  160(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rdx         
+	addq %r8,%r9         
+	adcq %r13,%rbx         
+	adcq %r12,%rdx         
+	
+/NO_APP
+	movq	%rdx, %rax
+	movq	%r13, %rdi
+	movq	%r12, %rsi
+	movq	%rax, %r11
+	movq	%r10, %r12
+/APP
+	movq  200(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -144(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  160(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  168(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  208(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -136(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  168(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  176(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+/APP
+	movq  208(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -128(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  176(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  184(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  216(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rdx
+/APP
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%rdx         
+	
+/NO_APP
+	movq	%rbx, -120(%rbp)
+	movq	%rdx, %r11
+	movq	%r10, %rbx
+/APP
+	movq  184(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  192(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rbx         
+	
+/NO_APP
+	movq	%rbx, %rdx
+	movq	%r13, %rdi
+	movq	%r11, %rbx
+	movq	%r12, %rsi
+	movq	%rdx, %r11
+	movq	%r10, %r12
+/APP
+	movq  216(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -112(%rbp)
+	movq	%r11, %r9
+/APP
+	movq  192(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  200(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  216(%rcx),%rax     
+	mulq  224(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	addq %r8,%rbx         
+	adcq %rdi,%r9         
+	adcq %rsi,%r12         
+	
+/NO_APP
+	movq	%rbx, -104(%rbp)
+	movq	%r12, %r11
+/APP
+	movq  200(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  208(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  216(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%r10, %rax
+	movq	%rdi, %r13
+	movq	%rsi, %r12
+/APP
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	addq %r8,%r9         
+	adcq %r13,%r11         
+	adcq %r12,%rax         
+	
+/NO_APP
+	movq	%rax, %rdx
+	movq	%r11, %rbx
+	movq	%r13, %rdi
+	movq	%rdx, %r11
+	movq	%r12, %rsi
+	movq	%r10, %r12
+/APP
+	movq  224(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r9     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r9, -96(%rbp)
+	movq	%r10, %r9
+/APP
+	movq  208(%rcx),%rax     
+	mulq  248(%rcx)           
+	movq  %rax,%r8     
+	movq  %rdx,%rdi     
+	xorq  %rsi,%rsi        
+	
+	movq  216(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+	movq  224(%rcx),%rax     
+	mulq  232(%rcx)           
+	addq  %rax,%r8     
+	adcq  %rdx,%rdi     
+	adcq  $0,%rsi        
+	
+/NO_APP
+	movq	%rdi, %r13
+	movq	%rsi, %rax
+/APP
+	addq %r8,%rbx         
+	adcq %r13,%r11         
+	adcq %rax,%r9         
+	addq %r8,%rbx         
+	adcq %r13,%r11         
+	adcq %rax,%r9         
+	
+/NO_APP
+	movq	%rbx, -88(%rbp)
+	movq	%r11, %rsi
+	movq	%r9, %r8
+/APP
+	movq  216(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%r12, %r11
+/APP
+	movq  224(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r11        
+	
+/NO_APP
+	movq	%r8, %r13
+	movq	%r11, %rbx
+/APP
+	movq  232(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r13     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%rsi, -80(%rbp)
+	movq	%rbx, %r12
+	movq	%r13, %rdi
+	movq	%r10, %r13
+/APP
+	movq  224(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r12     
+	adcq  $0,%r13        
+	
+/NO_APP
+	movq	%r12, %r9
+	movq	%r13, %r12
+/APP
+	movq  232(%rcx),%rax     
+	mulq  240(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	addq  %rax,%rdi     
+	adcq  %rdx,%r9     
+	adcq  $0,%r12        
+	
+/NO_APP
+	movq	%rdi, -72(%rbp)
+	movq	%r9, %r11
+	movq	%r12, %rbx
+	movq	%r10, %r9
+/APP
+	movq  232(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	addq  %rax,%r11     
+	adcq  %rdx,%rbx     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rbx, %r13
+	movq	%r9, %rbx
+	movq	%r10, %r9
+/APP
+	movq  240(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%r11     
+	adcq  %rdx,%r13     
+	adcq  $0,%rbx        
+	
+/NO_APP
+	movq	%r11, -64(%rbp)
+	movq	%r13, %rdi
+	movq	%rbx, %rsi
+/APP
+	movq  240(%rcx),%rax     
+	mulq  248(%rcx)           
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r9        
+	addq  %rax,%rdi     
+	adcq  %rdx,%rsi     
+	adcq  $0,%r9        
+	
+/NO_APP
+	movq	%rdi, -56(%rbp)
+	movq	%r9, %r8
+/APP
+	movq  248(%rcx),%rax     
+	mulq  %rax        
+	addq  %rax,%rsi     
+	adcq  %rdx,%r8     
+	adcq  $0,%r10        
+	
+/NO_APP
+	movq	%rsi, -48(%rbp)
+	movq	16(%r14), %rdi
+	leaq	-544(%rbp), %rsi
+	movl	$512, %edx
+	movq	%r8, -40(%rbp)
+	movl	$64, 8(%r14)
+	movl	$0, (%r14)
+	call	memcpy@PLT
+	movl	8(%r14), %edx
+	testl	%edx, %edx
+	je	.L304
+	leal	-1(%rdx), %ecx
+	movq	16(%r14), %rsi
+	mov	%ecx, %r10d
+	cmpq	$0, (%rsi,%r10,8)
+	jne	.L302
+	movl	%ecx, %edx
+	.align 16
+.L303:
+	testl	%edx, %edx
+	movl	%edx, %ecx
+	je	.L307
+	decl	%edx
+	mov	%edx, %eax
+	cmpq	$0, (%rsi,%rax,8)
+	je	.L303
+	movl	%ecx, 8(%r14)
+	movl	%ecx, %edx
+.L302:
+	testl	%edx, %edx
+	je	.L304
+	movl	(%r14), %eax
+	movl	%eax, (%r14)
+	addq	$512, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.L307:
+	movl	%edx, 8(%r14)
+	.align 16
+.L304:
+	xorl	%eax, %eax
+	movl	%eax, (%r14)
+	addq	$512, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	leave
+	ret
+.LFE9:
+	.size	s_mp_sqr_comba_32, .-s_mp_sqr_comba_32
diff --git a/nss/lib/freebl/mpi/mp_gf2m-priv.h b/nss/lib/freebl/mpi/mp_gf2m-priv.h
new file mode 100644
index 0000000..5be4da4
--- /dev/null
+++ b/nss/lib/freebl/mpi/mp_gf2m-priv.h
@@ -0,0 +1,73 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _MP_GF2M_PRIV_H_
+#define _MP_GF2M_PRIV_H_
+
+#include "mpi-priv.h"
+
+extern const mp_digit mp_gf2m_sqr_tb[16];
+
+#if defined(MP_USE_UINT_DIGIT)
+#define MP_DIGIT_BITS 32
+/* enable fast divide and mod operations on MP_DIGIT_BITS */
+#define MP_DIGIT_BITS_LOG_2 5
+#define MP_DIGIT_BITS_MASK 0x1f
+#else
+#define MP_DIGIT_BITS 64
+/* enable fast divide and mod operations on MP_DIGIT_BITS */
+#define MP_DIGIT_BITS_LOG_2 6
+#define MP_DIGIT_BITS_MASK 0x3f
+#endif
+
+/* Platform-specific macros for fast binary polynomial squaring. */
+#if MP_DIGIT_BITS == 32
+#define gf2m_SQR1(w)                                                                \
+    mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 16 | \
+        mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF]
+#define gf2m_SQR0(w)                                                               \
+    mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 | \
+        mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w)&0xF]
+#else
+#define gf2m_SQR1(w)                                                                    \
+    mp_gf2m_sqr_tb[(w) >> 60 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 56 & 0xF] << 48 |     \
+        mp_gf2m_sqr_tb[(w) >> 52 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 48 & 0xF] << 32 | \
+        mp_gf2m_sqr_tb[(w) >> 44 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 40 & 0xF] << 16 | \
+        mp_gf2m_sqr_tb[(w) >> 36 & 0xF] << 8 | mp_gf2m_sqr_tb[(w) >> 32 & 0xF]
+#define gf2m_SQR0(w)                                                                    \
+    mp_gf2m_sqr_tb[(w) >> 28 & 0xF] << 56 | mp_gf2m_sqr_tb[(w) >> 24 & 0xF] << 48 |     \
+        mp_gf2m_sqr_tb[(w) >> 20 & 0xF] << 40 | mp_gf2m_sqr_tb[(w) >> 16 & 0xF] << 32 | \
+        mp_gf2m_sqr_tb[(w) >> 12 & 0xF] << 24 | mp_gf2m_sqr_tb[(w) >> 8 & 0xF] << 16 |  \
+        mp_gf2m_sqr_tb[(w) >> 4 & 0xF] << 8 | mp_gf2m_sqr_tb[(w)&0xF]
+#endif
+
+/* Multiply two binary polynomials mp_digits a, b.
+ * Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1.
+ * Output in two mp_digits rh, rl.
+ */
+void s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b);
+
+/* Compute xor-multiply of two binary polynomials  (a1, a0) x (b1, b0)
+ * result is a binary polynomial in 4 mp_digits r[4].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1,
+                const mp_digit b0);
+
+/* Compute xor-multiply of two binary polynomials  (a2, a1, a0) x (b2, b1, b0)
+ * result is a binary polynomial in 6 mp_digits r[6].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0,
+                const mp_digit b2, const mp_digit b1, const mp_digit b0);
+
+/* Compute xor-multiply of two binary polynomials  (a3, a2, a1, a0) x (b3, b2, b1, b0)
+ * result is a binary polynomial in 8 mp_digits r[8].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1,
+                const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1,
+                const mp_digit b0);
+
+#endif /* _MP_GF2M_PRIV_H_ */
diff --git a/nss/lib/freebl/mpi/mp_gf2m.c b/nss/lib/freebl/mpi/mp_gf2m.c
new file mode 100644
index 0000000..5a096ad
--- /dev/null
+++ b/nss/lib/freebl/mpi/mp_gf2m.c
@@ -0,0 +1,678 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mplogic.h"
+#include "mpi-priv.h"
+
+const mp_digit mp_gf2m_sqr_tb[16] =
+    {
+      0, 1, 4, 5, 16, 17, 20, 21,
+      64, 65, 68, 69, 80, 81, 84, 85
+    };
+
+/* Multiply two binary polynomials mp_digits a, b.
+ * Result is a polynomial with degree < 2 * MP_DIGIT_BITS - 1.
+ * Output in two mp_digits rh, rl.
+ */
+#if MP_DIGIT_BITS == 32
+void
+s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b)
+{
+    register mp_digit h, l, s;
+    mp_digit tab[8], top2b = a >> 30;
+    register mp_digit a1, a2, a4;
+
+    a1 = a & (0x3FFFFFFF);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+
+    s = tab[b & 0x7];
+    l = s;
+    s = tab[b >> 3 & 0x7];
+    l ^= s << 3;
+    h = s >> 29;
+    s = tab[b >> 6 & 0x7];
+    l ^= s << 6;
+    h ^= s >> 26;
+    s = tab[b >> 9 & 0x7];
+    l ^= s << 9;
+    h ^= s >> 23;
+    s = tab[b >> 12 & 0x7];
+    l ^= s << 12;
+    h ^= s >> 20;
+    s = tab[b >> 15 & 0x7];
+    l ^= s << 15;
+    h ^= s >> 17;
+    s = tab[b >> 18 & 0x7];
+    l ^= s << 18;
+    h ^= s >> 14;
+    s = tab[b >> 21 & 0x7];
+    l ^= s << 21;
+    h ^= s >> 11;
+    s = tab[b >> 24 & 0x7];
+    l ^= s << 24;
+    h ^= s >> 8;
+    s = tab[b >> 27 & 0x7];
+    l ^= s << 27;
+    h ^= s >> 5;
+    s = tab[b >> 30];
+    l ^= s << 30;
+    h ^= s >> 2;
+
+    /* compensate for the top two bits of a */
+
+    if (top2b & 01) {
+        l ^= b << 30;
+        h ^= b >> 2;
+    }
+    if (top2b & 02) {
+        l ^= b << 31;
+        h ^= b >> 1;
+    }
+
+    *rh = h;
+    *rl = l;
+}
+#else
+void
+s_bmul_1x1(mp_digit *rh, mp_digit *rl, const mp_digit a, const mp_digit b)
+{
+    register mp_digit h, l, s;
+    mp_digit tab[16], top3b = a >> 61;
+    register mp_digit a1, a2, a4, a8;
+
+    a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+    a8 = a4 << 1;
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+    tab[8] = a8;
+    tab[9] = a1 ^ a8;
+    tab[10] = a2 ^ a8;
+    tab[11] = a1 ^ a2 ^ a8;
+    tab[12] = a4 ^ a8;
+    tab[13] = a1 ^ a4 ^ a8;
+    tab[14] = a2 ^ a4 ^ a8;
+    tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+    s = tab[b & 0xF];
+    l = s;
+    s = tab[b >> 4 & 0xF];
+    l ^= s << 4;
+    h = s >> 60;
+    s = tab[b >> 8 & 0xF];
+    l ^= s << 8;
+    h ^= s >> 56;
+    s = tab[b >> 12 & 0xF];
+    l ^= s << 12;
+    h ^= s >> 52;
+    s = tab[b >> 16 & 0xF];
+    l ^= s << 16;
+    h ^= s >> 48;
+    s = tab[b >> 20 & 0xF];
+    l ^= s << 20;
+    h ^= s >> 44;
+    s = tab[b >> 24 & 0xF];
+    l ^= s << 24;
+    h ^= s >> 40;
+    s = tab[b >> 28 & 0xF];
+    l ^= s << 28;
+    h ^= s >> 36;
+    s = tab[b >> 32 & 0xF];
+    l ^= s << 32;
+    h ^= s >> 32;
+    s = tab[b >> 36 & 0xF];
+    l ^= s << 36;
+    h ^= s >> 28;
+    s = tab[b >> 40 & 0xF];
+    l ^= s << 40;
+    h ^= s >> 24;
+    s = tab[b >> 44 & 0xF];
+    l ^= s << 44;
+    h ^= s >> 20;
+    s = tab[b >> 48 & 0xF];
+    l ^= s << 48;
+    h ^= s >> 16;
+    s = tab[b >> 52 & 0xF];
+    l ^= s << 52;
+    h ^= s >> 12;
+    s = tab[b >> 56 & 0xF];
+    l ^= s << 56;
+    h ^= s >> 8;
+    s = tab[b >> 60];
+    l ^= s << 60;
+    h ^= s >> 4;
+
+    /* compensate for the top three bits of a */
+
+    if (top3b & 01) {
+        l ^= b << 61;
+        h ^= b >> 3;
+    }
+    if (top3b & 02) {
+        l ^= b << 62;
+        h ^= b >> 2;
+    }
+    if (top3b & 04) {
+        l ^= b << 63;
+        h ^= b >> 1;
+    }
+
+    *rh = h;
+    *rl = l;
+}
+#endif
+
+/* Compute xor-multiply of two binary polynomials  (a1, a0) x (b1, b0)
+ * result is a binary polynomial in 4 mp_digits r[4].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void
+s_bmul_2x2(mp_digit *r, const mp_digit a1, const mp_digit a0, const mp_digit b1,
+           const mp_digit b0)
+{
+    mp_digit m1, m0;
+    /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+    s_bmul_1x1(r + 3, r + 2, a1, b1);
+    s_bmul_1x1(r + 1, r, a0, b0);
+    s_bmul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+    /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+    r[2] ^= m1 ^ r[1] ^ r[3];            /* h0 ^= m1 ^ l1 ^ h1; */
+    r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+}
+
+/* Compute xor-multiply of two binary polynomials  (a2, a1, a0) x (b2, b1, b0)
+ * result is a binary polynomial in 6 mp_digits r[6].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void
+s_bmul_3x3(mp_digit *r, const mp_digit a2, const mp_digit a1, const mp_digit a0,
+           const mp_digit b2, const mp_digit b1, const mp_digit b0)
+{
+    mp_digit zm[4];
+
+    s_bmul_1x1(r + 5, r + 4, a2, b2);         /* fill top 2 words */
+    s_bmul_2x2(zm, a1, a2 ^ a0, b1, b2 ^ b0); /* fill middle 4 words */
+    s_bmul_2x2(r, a1, a0, b1, b0);            /* fill bottom 4 words */
+
+    zm[3] ^= r[3];
+    zm[2] ^= r[2];
+    zm[1] ^= r[1] ^ r[5];
+    zm[0] ^= r[0] ^ r[4];
+
+    r[5] ^= zm[3];
+    r[4] ^= zm[2];
+    r[3] ^= zm[1];
+    r[2] ^= zm[0];
+}
+
+/* Compute xor-multiply of two binary polynomials  (a3, a2, a1, a0) x (b3, b2, b1, b0)
+ * result is a binary polynomial in 8 mp_digits r[8].
+ * The caller MUST ensure that r has the right amount of space allocated.
+ */
+void
+s_bmul_4x4(mp_digit *r, const mp_digit a3, const mp_digit a2, const mp_digit a1,
+           const mp_digit a0, const mp_digit b3, const mp_digit b2, const mp_digit b1,
+           const mp_digit b0)
+{
+    mp_digit zm[4];
+
+    s_bmul_2x2(r + 4, a3, a2, b3, b2);                  /* fill top 4 words */
+    s_bmul_2x2(zm, a3 ^ a1, a2 ^ a0, b3 ^ b1, b2 ^ b0); /* fill middle 4 words */
+    s_bmul_2x2(r, a1, a0, b1, b0);                      /* fill bottom 4 words */
+
+    zm[3] ^= r[3] ^ r[7];
+    zm[2] ^= r[2] ^ r[6];
+    zm[1] ^= r[1] ^ r[5];
+    zm[0] ^= r[0] ^ r[4];
+
+    r[5] ^= zm[3];
+    r[4] ^= zm[2];
+    r[3] ^= zm[1];
+    r[2] ^= zm[0];
+}
+
+/* Compute addition of two binary polynomials a and b,
+ * store result in c; c could be a or b, a and b could be equal;
+ * c is the bitwise XOR of a and b.
+ */
+mp_err
+mp_badd(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_digit *pa, *pb, *pc;
+    mp_size ix;
+    mp_size used_pa, used_pb;
+    mp_err res = MP_OKAY;
+
+    /* Add all digits up to the precision of b.  If b had more
+     * precision than a initially, swap a, b first
+     */
+    if (MP_USED(a) >= MP_USED(b)) {
+        pa = MP_DIGITS(a);
+        pb = MP_DIGITS(b);
+        used_pa = MP_USED(a);
+        used_pb = MP_USED(b);
+    } else {
+        pa = MP_DIGITS(b);
+        pb = MP_DIGITS(a);
+        used_pa = MP_USED(b);
+        used_pb = MP_USED(a);
+    }
+
+    /* Make sure c has enough precision for the output value */
+    MP_CHECKOK(s_mp_pad(c, used_pa));
+
+    /* Do word-by-word xor */
+    pc = MP_DIGITS(c);
+    for (ix = 0; ix < used_pb; ix++) {
+        (*pc++) = (*pa++) ^ (*pb++);
+    }
+
+    /* Finish the rest of digits until we're actually done */
+    for (; ix < used_pa; ++ix) {
+        *pc++ = *pa++;
+    }
+
+    MP_USED(c) = used_pa;
+    MP_SIGN(c) = ZPOS;
+    s_mp_clamp(c);
+
+CLEANUP:
+    return res;
+}
+
+#define s_mp_div2(a) MP_CHECKOK(mpl_rsh((a), (a), 1));
+
+/* Compute binary polynomial multiply d = a * b */
+static void
+s_bmul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
+{
+    mp_digit a_i, a0b0, a1b1, carry = 0;
+    while (a_len--) {
+        a_i = *a++;
+        s_bmul_1x1(&a1b1, &a0b0, a_i, b);
+        *d++ = a0b0 ^ carry;
+        carry = a1b1;
+    }
+    *d = carry;
+}
+
+/* Compute binary polynomial xor multiply accumulate d ^= a * b */
+static void
+s_bmul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *d)
+{
+    mp_digit a_i, a0b0, a1b1, carry = 0;
+    while (a_len--) {
+        a_i = *a++;
+        s_bmul_1x1(&a1b1, &a0b0, a_i, b);
+        *d++ ^= a0b0 ^ carry;
+        carry = a1b1;
+    }
+    *d ^= carry;
+}
+
+/* Compute binary polynomial xor multiply c = a * b.
+ * All parameters may be identical.
+ */
+mp_err
+mp_bmul(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_digit *pb, b_i;
+    mp_int tmp;
+    mp_size ib, a_used, b_used;
+    mp_err res = MP_OKAY;
+
+    MP_DIGITS(&tmp) = 0;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (a == c) {
+        MP_CHECKOK(mp_init_copy(&tmp, a));
+        if (a == b)
+            b = &tmp;
+        a = &tmp;
+    } else if (b == c) {
+        MP_CHECKOK(mp_init_copy(&tmp, b));
+        b = &tmp;
+    }
+
+    if (MP_USED(a) < MP_USED(b)) {
+        const mp_int *xch = b; /* switch a and b if b longer */
+        b = a;
+        a = xch;
+    }
+
+    MP_USED(c) = 1;
+    MP_DIGIT(c, 0) = 0;
+    MP_CHECKOK(s_mp_pad(c, USED(a) + USED(b)));
+
+    pb = MP_DIGITS(b);
+    s_bmul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c));
+
+    /* Outer loop:  Digits of b */
+    a_used = MP_USED(a);
+    b_used = MP_USED(b);
+    MP_USED(c) = a_used + b_used;
+    for (ib = 1; ib < b_used; ib++) {
+        b_i = *pb++;
+
+        /* Inner product:  Digits of a */
+        if (b_i)
+            s_bmul_d_add(MP_DIGITS(a), a_used, b_i, MP_DIGITS(c) + ib);
+        else
+            MP_DIGIT(c, ib + a_used) = b_i;
+    }
+
+    s_mp_clamp(c);
+
+    SIGN(c) = ZPOS;
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+}
+
+/* Compute modular reduction of a and store result in r.
+ * r could be a.
+ * For modular arithmetic, the irreducible polynomial f(t) is represented
+ * as an array of int[], where f(t) is of the form:
+ *     f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+mp_err
+mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r)
+{
+    int j, k;
+    int n, dN, d0, d1;
+    mp_digit zz, *z, tmp;
+    mp_size used;
+    mp_err res = MP_OKAY;
+
+    /* The algorithm does the reduction in place in r,
+     * if a != r, copy a into r first so reduction can be done in r
+     */
+    if (a != r) {
+        MP_CHECKOK(mp_copy(a, r));
+    }
+    z = MP_DIGITS(r);
+
+    /* start reduction */
+    /*dN = p[0] / MP_DIGIT_BITS; */
+    dN = p[0] >> MP_DIGIT_BITS_LOG_2;
+    used = MP_USED(r);
+
+    for (j = used - 1; j > dN;) {
+
+        zz = z[j];
+        if (zz == 0) {
+            j--;
+            continue;
+        }
+        z[j] = 0;
+
+        for (k = 1; p[k] > 0; k++) {
+            /* reducing component t^p[k] */
+            n = p[0] - p[k];
+            /*d0 = n % MP_DIGIT_BITS;   */
+            d0 = n & MP_DIGIT_BITS_MASK;
+            d1 = MP_DIGIT_BITS - d0;
+            /*n /= MP_DIGIT_BITS; */
+            n >>= MP_DIGIT_BITS_LOG_2;
+            z[j - n] ^= (zz >> d0);
+            if (d0)
+                z[j - n - 1] ^= (zz << d1);
+        }
+
+        /* reducing component t^0 */
+        n = dN;
+        /*d0 = p[0] % MP_DIGIT_BITS;*/
+        d0 = p[0] & MP_DIGIT_BITS_MASK;
+        d1 = MP_DIGIT_BITS - d0;
+        z[j - n] ^= (zz >> d0);
+        if (d0)
+            z[j - n - 1] ^= (zz << d1);
+    }
+
+    /* final round of reduction */
+    while (j == dN) {
+
+        /* d0 = p[0] % MP_DIGIT_BITS; */
+        d0 = p[0] & MP_DIGIT_BITS_MASK;
+        zz = z[dN] >> d0;
+        if (zz == 0)
+            break;
+        d1 = MP_DIGIT_BITS - d0;
+
+        /* clear up the top d1 bits */
+        if (d0) {
+            z[dN] = (z[dN] << d1) >> d1;
+        } else {
+            z[dN] = 0;
+        }
+        *z ^= zz; /* reduction t^0 component */
+
+        for (k = 1; p[k] > 0; k++) {
+            /* reducing component t^p[k]*/
+            /* n = p[k] / MP_DIGIT_BITS; */
+            n = p[k] >> MP_DIGIT_BITS_LOG_2;
+            /* d0 = p[k] % MP_DIGIT_BITS; */
+            d0 = p[k] & MP_DIGIT_BITS_MASK;
+            d1 = MP_DIGIT_BITS - d0;
+            z[n] ^= (zz << d0);
+            tmp = zz >> d1;
+            if (d0 && tmp)
+                z[n + 1] ^= tmp;
+        }
+    }
+
+    s_mp_clamp(r);
+CLEANUP:
+    return res;
+}
+
+/* Compute the product of two polynomials a and b, reduce modulo p,
+ * Store the result in r.  r could be a or b; a could be b.
+ */
+mp_err
+mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[], mp_int *r)
+{
+    mp_err res;
+
+    if (a == b)
+        return mp_bsqrmod(a, p, r);
+    if ((res = mp_bmul(a, b, r)) != MP_OKAY)
+        return res;
+    return mp_bmod(r, p, r);
+}
+
+/* Compute binary polynomial squaring c = a*a mod p .
+ * Parameter r and a can be identical.
+ */
+
+mp_err
+mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r)
+{
+    mp_digit *pa, *pr, a_i;
+    mp_int tmp;
+    mp_size ia, a_used;
+    mp_err res;
+
+    ARGCHK(a != NULL && r != NULL, MP_BADARG);
+    MP_DIGITS(&tmp) = 0;
+
+    if (a == r) {
+        MP_CHECKOK(mp_init_copy(&tmp, a));
+        a = &tmp;
+    }
+
+    MP_USED(r) = 1;
+    MP_DIGIT(r, 0) = 0;
+    MP_CHECKOK(s_mp_pad(r, 2 * USED(a)));
+
+    pa = MP_DIGITS(a);
+    pr = MP_DIGITS(r);
+    a_used = MP_USED(a);
+    MP_USED(r) = 2 * a_used;
+
+    for (ia = 0; ia < a_used; ia++) {
+        a_i = *pa++;
+        *pr++ = gf2m_SQR0(a_i);
+        *pr++ = gf2m_SQR1(a_i);
+    }
+
+    MP_CHECKOK(mp_bmod(r, p, r));
+    s_mp_clamp(r);
+    SIGN(r) = ZPOS;
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+}
+
+/* Compute binary polynomial y/x mod p, y divided by x, reduce modulo p.
+ * Store the result in r. r could be x or y, and x could equal y.
+ * Uses algorithm Modular_Division_GF(2^m) from
+ *     Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to
+ *     the Great Divide".
+ */
+int
+mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp,
+           const unsigned int p[], mp_int *r)
+{
+    mp_int aa, bb, uu;
+    mp_int *a, *b, *u, *v;
+    mp_err res = MP_OKAY;
+
+    MP_DIGITS(&aa) = 0;
+    MP_DIGITS(&bb) = 0;
+    MP_DIGITS(&uu) = 0;
+
+    MP_CHECKOK(mp_init_copy(&aa, x));
+    MP_CHECKOK(mp_init_copy(&uu, y));
+    MP_CHECKOK(mp_init_copy(&bb, pp));
+    MP_CHECKOK(s_mp_pad(r, USED(pp)));
+    MP_USED(r) = 1;
+    MP_DIGIT(r, 0) = 0;
+
+    a = &aa;
+    b = &bb;
+    u = &uu;
+    v = r;
+    /* reduce x and y mod p */
+    MP_CHECKOK(mp_bmod(a, p, a));
+    MP_CHECKOK(mp_bmod(u, p, u));
+
+    while (!mp_isodd(a)) {
+        s_mp_div2(a);
+        if (mp_isodd(u)) {
+            MP_CHECKOK(mp_badd(u, pp, u));
+        }
+        s_mp_div2(u);
+    }
+
+    do {
+        if (mp_cmp_mag(b, a) > 0) {
+            MP_CHECKOK(mp_badd(b, a, b));
+            MP_CHECKOK(mp_badd(v, u, v));
+            do {
+                s_mp_div2(b);
+                if (mp_isodd(v)) {
+                    MP_CHECKOK(mp_badd(v, pp, v));
+                }
+                s_mp_div2(v);
+            } while (!mp_isodd(b));
+        } else if ((MP_DIGIT(a, 0) == 1) && (MP_USED(a) == 1))
+            break;
+        else {
+            MP_CHECKOK(mp_badd(a, b, a));
+            MP_CHECKOK(mp_badd(u, v, u));
+            do {
+                s_mp_div2(a);
+                if (mp_isodd(u)) {
+                    MP_CHECKOK(mp_badd(u, pp, u));
+                }
+                s_mp_div2(u);
+            } while (!mp_isodd(a));
+        }
+    } while (1);
+
+    MP_CHECKOK(mp_copy(u, r));
+
+CLEANUP:
+    mp_clear(&aa);
+    mp_clear(&bb);
+    mp_clear(&uu);
+    return res;
+}
+
+/* Convert the bit-string representation of a polynomial a into an array
+ * of integers corresponding to the bits with non-zero coefficient.
+ * Up to max elements of the array will be filled.  Return value is total
+ * number of coefficients that would be extracted if array was large enough.
+ */
+int
+mp_bpoly2arr(const mp_int *a, unsigned int p[], int max)
+{
+    int i, j, k;
+    mp_digit top_bit, mask;
+
+    top_bit = 1;
+    top_bit <<= MP_DIGIT_BIT - 1;
+
+    for (k = 0; k < max; k++)
+        p[k] = 0;
+    k = 0;
+
+    for (i = MP_USED(a) - 1; i >= 0; i--) {
+        mask = top_bit;
+        for (j = MP_DIGIT_BIT - 1; j >= 0; j--) {
+            if (MP_DIGITS(a)[i] & mask) {
+                if (k < max)
+                    p[k] = MP_DIGIT_BIT * i + j;
+                k++;
+            }
+            mask >>= 1;
+        }
+    }
+
+    return k;
+}
+
+/* Convert the coefficient array representation of a polynomial to a
+ * bit-string.  The array must be terminated by 0.
+ */
+mp_err
+mp_barr2poly(const unsigned int p[], mp_int *a)
+{
+
+    mp_err res = MP_OKAY;
+    int i;
+
+    mp_zero(a);
+    for (i = 0; p[i] > 0; i++) {
+        MP_CHECKOK(mpl_set_bit(a, p[i], 1));
+    }
+    MP_CHECKOK(mpl_set_bit(a, 0, 1));
+
+CLEANUP:
+    return res;
+}
diff --git a/nss/lib/freebl/mpi/mp_gf2m.h b/nss/lib/freebl/mpi/mp_gf2m.h
new file mode 100644
index 0000000..ed2c854
--- /dev/null
+++ b/nss/lib/freebl/mpi/mp_gf2m.h
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _MP_GF2M_H_
+#define _MP_GF2M_H_
+
+#include "mpi.h"
+
+mp_err mp_badd(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err mp_bmul(const mp_int *a, const mp_int *b, mp_int *c);
+
+/* For modular arithmetic, the irreducible polynomial f(t) is represented
+ * as an array of int[], where f(t) is of the form:
+ *     f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+mp_err mp_bmod(const mp_int *a, const unsigned int p[], mp_int *r);
+mp_err mp_bmulmod(const mp_int *a, const mp_int *b, const unsigned int p[],
+                  mp_int *r);
+mp_err mp_bsqrmod(const mp_int *a, const unsigned int p[], mp_int *r);
+mp_err mp_bdivmod(const mp_int *y, const mp_int *x, const mp_int *pp,
+                  const unsigned int p[], mp_int *r);
+
+int mp_bpoly2arr(const mp_int *a, unsigned int p[], int max);
+mp_err mp_barr2poly(const unsigned int p[], mp_int *a);
+
+#endif /* _MP_GF2M_H_ */
diff --git a/nss/lib/freebl/mpi/mpcpucache.c b/nss/lib/freebl/mpi/mpcpucache.c
new file mode 100644
index 0000000..6fed352
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpcpucache.c
@@ -0,0 +1,808 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+#include "prtypes.h"
+
+/*
+ * This file implements a single function: s_mpi_getProcessorLineSize();
+ * s_mpi_getProcessorLineSize() returns the size in bytes of the cache line
+ * if a cache exists, or zero if there is no cache. If more than one
+ * cache line exists, it should return the smallest line size (which is
+ * usually the L1 cache).
+ *
+ * mp_modexp uses this information to make sure that private key information
+ * isn't being leaked through the cache.
+ *
+ * Currently the file returns good data for most modern x86 processors, and
+ * reasonable data on 64-bit ppc processors. All other processors are assumed
+ * to have a cache line size of 32 bytes unless modified by target.mk.
+ *
+ */
+
+#if defined(i386) || defined(__i386) || defined(__X86__) || defined(_M_IX86) || defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
+/* X86 processors have special instructions that tell us about the cache */
+#include "string.h"
+
+#if defined(__x86_64__) || defined(__x86_64) || defined(_M_AMD64)
+#define AMD_64 1
+#endif
+
+/* Generic CPUID function */
+#if defined(AMD_64)
+
+#if defined(__GNUC__)
+
+void
+freebl_cpuid(unsigned long op, unsigned long *eax,
+             unsigned long *ebx, unsigned long *ecx,
+             unsigned long *edx)
+{
+    __asm__("cpuid\n\t"
+            : "=a"(*eax),
+              "=b"(*ebx),
+              "=c"(*ecx),
+              "=d"(*edx)
+            : "0"(op));
+}
+
+#elif defined(_MSC_VER)
+
+#include <intrin.h>
+
+void
+freebl_cpuid(unsigned long op, unsigned long *eax,
+             unsigned long *ebx, unsigned long *ecx,
+             unsigned long *edx)
+{
+    int intrinsic_out[4];
+
+    __cpuid(intrinsic_out, op);
+    *eax = intrinsic_out[0];
+    *ebx = intrinsic_out[1];
+    *ecx = intrinsic_out[2];
+    *edx = intrinsic_out[3];
+}
+
+#endif
+
+#else /* !defined(AMD_64) */
+
+/* x86 */
+
+#if defined(__GNUC__)
+void
+freebl_cpuid(unsigned long op, unsigned long *eax,
+             unsigned long *ebx, unsigned long *ecx,
+             unsigned long *edx)
+{
+    /* Some older processors don't fill the ecx register with cpuid, so clobber it
+     * before calling cpuid, so that there's no risk of picking random bits that
+     * erroneously indicate that absent CPU features are present.
+     * Also, GCC isn't smart enough to save the ebx PIC register on its own
+     * in this case, so do it by hand. Use edi to store ebx and pass the
+     * value returned in ebx from cpuid through edi. */
+    __asm__("xor %%ecx, %%ecx\n\t"
+            "mov %%ebx,%%edi\n\t"
+            "cpuid\n\t"
+            "xchgl %%ebx,%%edi\n\t"
+            : "=a"(*eax),
+              "=D"(*ebx),
+              "=c"(*ecx),
+              "=d"(*edx)
+            : "0"(op));
+}
+
+/*
+ * try flipping a processor flag to determine CPU type
+ */
+static unsigned long
+changeFlag(unsigned long flag)
+{
+    unsigned long changedFlags, originalFlags;
+    __asm__("pushfl\n\t" /* get the flags */
+            "popl %0\n\t"
+            "movl %0,%1\n\t" /* save the original flags */
+            "xorl %2,%0\n\t" /* flip the bit */
+            "pushl %0\n\t"   /* set the flags */
+            "popfl\n\t"
+            "pushfl\n\t" /* get the flags again (for return) */
+            "popl %0\n\t"
+            "pushl %1\n\t" /* restore the original flags */
+            "popfl\n\t"
+            : "=r"(changedFlags),
+              "=r"(originalFlags),
+              "=r"(flag)
+            : "2"(flag));
+    return changedFlags ^ originalFlags;
+}
+
+#elif defined(_MSC_VER)
+
+/*
+ * windows versions of the above assembler
+ */
+#define wcpuid __asm __emit 0fh __asm __emit 0a2h
+void
+freebl_cpuid(unsigned long op, unsigned long *Reax,
+             unsigned long *Rebx, unsigned long *Recx, unsigned long *Redx)
+{
+    unsigned long Leax, Lebx, Lecx, Ledx;
+    __asm {
+        pushad
+        xor     ecx,ecx
+        mov     eax,op
+        wcpuid
+        mov     Leax,eax
+        mov     Lebx,ebx
+        mov     Lecx,ecx
+        mov     Ledx,edx
+        popad
+    }
+    *Reax = Leax;
+    *Rebx = Lebx;
+    *Recx = Lecx;
+    *Redx = Ledx;
+}
+
+static unsigned long
+changeFlag(unsigned long flag)
+{
+    unsigned long changedFlags, originalFlags;
+    __asm {
+        push eax
+        push ebx
+        pushfd /* get the flags */
+            pop  eax
+        push eax /* save the flags on the stack */
+            mov  originalFlags,eax /* save the original flags */
+        mov  ebx,flag
+            xor  eax,ebx /* flip the bit */
+        push eax /* set the flags */
+            popfd
+        pushfd /* get the flags again (for return) */
+        pop  eax
+        popfd /* restore the original flags */
+        mov changedFlags,eax
+        pop ebx
+        pop eax
+    }
+    return changedFlags ^ originalFlags;
+}
+#endif
+
+#endif
+
+#if !defined(AMD_64)
+#define AC_FLAG 0x40000
+#define ID_FLAG 0x200000
+
+/* 386 processors can't flip the AC_FLAG, intel AP Note AP-485 */
+static int
+is386()
+{
+    return changeFlag(AC_FLAG) == 0;
+}
+
+/* 486 processors can't flip the ID_FLAG, intel AP Note AP-485 */
+static int
+is486()
+{
+    return changeFlag(ID_FLAG) == 0;
+}
+#endif
+
+/*
+ * table for Intel Cache.
+ * See Intel Application Note AP-485 for more information
+ */
+
+typedef unsigned char CacheTypeEntry;
+
+typedef enum {
+    Cache_NONE = 0,
+    Cache_UNKNOWN = 1,
+    Cache_TLB = 2,
+    Cache_TLBi = 3,
+    Cache_TLBd = 4,
+    Cache_Trace = 5,
+    Cache_L1 = 6,
+    Cache_L1i = 7,
+    Cache_L1d = 8,
+    Cache_L2 = 9,
+    Cache_L2i = 10,
+    Cache_L2d = 11,
+    Cache_L3 = 12,
+    Cache_L3i = 13,
+    Cache_L3d = 14
+} CacheType;
+
+struct _cache {
+    CacheTypeEntry type;
+    unsigned char lineSize;
+};
+static const struct _cache CacheMap[256] = {
+    /* 00 */ { Cache_NONE, 0 },
+    /* 01 */ { Cache_TLBi, 0 },
+    /* 02 */ { Cache_TLBi, 0 },
+    /* 03 */ { Cache_TLBd, 0 },
+    /* 04 */ {
+        Cache_TLBd,
+    },
+    /* 05 */ { Cache_UNKNOWN, 0 },
+    /* 06 */ { Cache_L1i, 32 },
+    /* 07 */ { Cache_UNKNOWN, 0 },
+    /* 08 */ { Cache_L1i, 32 },
+    /* 09 */ { Cache_UNKNOWN, 0 },
+    /* 0a */ { Cache_L1d, 32 },
+    /* 0b */ { Cache_UNKNOWN, 0 },
+    /* 0c */ { Cache_L1d, 32 },
+    /* 0d */ { Cache_UNKNOWN, 0 },
+    /* 0e */ { Cache_UNKNOWN, 0 },
+    /* 0f */ { Cache_UNKNOWN, 0 },
+    /* 10 */ { Cache_UNKNOWN, 0 },
+    /* 11 */ { Cache_UNKNOWN, 0 },
+    /* 12 */ { Cache_UNKNOWN, 0 },
+    /* 13 */ { Cache_UNKNOWN, 0 },
+    /* 14 */ { Cache_UNKNOWN, 0 },
+    /* 15 */ { Cache_UNKNOWN, 0 },
+    /* 16 */ { Cache_UNKNOWN, 0 },
+    /* 17 */ { Cache_UNKNOWN, 0 },
+    /* 18 */ { Cache_UNKNOWN, 0 },
+    /* 19 */ { Cache_UNKNOWN, 0 },
+    /* 1a */ { Cache_UNKNOWN, 0 },
+    /* 1b */ { Cache_UNKNOWN, 0 },
+    /* 1c */ { Cache_UNKNOWN, 0 },
+    /* 1d */ { Cache_UNKNOWN, 0 },
+    /* 1e */ { Cache_UNKNOWN, 0 },
+    /* 1f */ { Cache_UNKNOWN, 0 },
+    /* 20 */ { Cache_UNKNOWN, 0 },
+    /* 21 */ { Cache_UNKNOWN, 0 },
+    /* 22 */ { Cache_L3, 64 },
+    /* 23 */ { Cache_L3, 64 },
+    /* 24 */ { Cache_UNKNOWN, 0 },
+    /* 25 */ { Cache_L3, 64 },
+    /* 26 */ { Cache_UNKNOWN, 0 },
+    /* 27 */ { Cache_UNKNOWN, 0 },
+    /* 28 */ { Cache_UNKNOWN, 0 },
+    /* 29 */ { Cache_L3, 64 },
+    /* 2a */ { Cache_UNKNOWN, 0 },
+    /* 2b */ { Cache_UNKNOWN, 0 },
+    /* 2c */ { Cache_L1d, 64 },
+    /* 2d */ { Cache_UNKNOWN, 0 },
+    /* 2e */ { Cache_UNKNOWN, 0 },
+    /* 2f */ { Cache_UNKNOWN, 0 },
+    /* 30 */ { Cache_L1i, 64 },
+    /* 31 */ { Cache_UNKNOWN, 0 },
+    /* 32 */ { Cache_UNKNOWN, 0 },
+    /* 33 */ { Cache_UNKNOWN, 0 },
+    /* 34 */ { Cache_UNKNOWN, 0 },
+    /* 35 */ { Cache_UNKNOWN, 0 },
+    /* 36 */ { Cache_UNKNOWN, 0 },
+    /* 37 */ { Cache_UNKNOWN, 0 },
+    /* 38 */ { Cache_UNKNOWN, 0 },
+    /* 39 */ { Cache_L2, 64 },
+    /* 3a */ { Cache_UNKNOWN, 0 },
+    /* 3b */ { Cache_L2, 64 },
+    /* 3c */ { Cache_L2, 64 },
+    /* 3d */ { Cache_UNKNOWN, 0 },
+    /* 3e */ { Cache_UNKNOWN, 0 },
+    /* 3f */ { Cache_UNKNOWN, 0 },
+    /* 40 */ { Cache_L2, 0 },
+    /* 41 */ { Cache_L2, 32 },
+    /* 42 */ { Cache_L2, 32 },
+    /* 43 */ { Cache_L2, 32 },
+    /* 44 */ { Cache_L2, 32 },
+    /* 45 */ { Cache_L2, 32 },
+    /* 46 */ { Cache_UNKNOWN, 0 },
+    /* 47 */ { Cache_UNKNOWN, 0 },
+    /* 48 */ { Cache_UNKNOWN, 0 },
+    /* 49 */ { Cache_UNKNOWN, 0 },
+    /* 4a */ { Cache_UNKNOWN, 0 },
+    /* 4b */ { Cache_UNKNOWN, 0 },
+    /* 4c */ { Cache_UNKNOWN, 0 },
+    /* 4d */ { Cache_UNKNOWN, 0 },
+    /* 4e */ { Cache_UNKNOWN, 0 },
+    /* 4f */ { Cache_UNKNOWN, 0 },
+    /* 50 */ { Cache_TLBi, 0 },
+    /* 51 */ { Cache_TLBi, 0 },
+    /* 52 */ { Cache_TLBi, 0 },
+    /* 53 */ { Cache_UNKNOWN, 0 },
+    /* 54 */ { Cache_UNKNOWN, 0 },
+    /* 55 */ { Cache_UNKNOWN, 0 },
+    /* 56 */ { Cache_UNKNOWN, 0 },
+    /* 57 */ { Cache_UNKNOWN, 0 },
+    /* 58 */ { Cache_UNKNOWN, 0 },
+    /* 59 */ { Cache_UNKNOWN, 0 },
+    /* 5a */ { Cache_UNKNOWN, 0 },
+    /* 5b */ { Cache_TLBd, 0 },
+    /* 5c */ { Cache_TLBd, 0 },
+    /* 5d */ { Cache_TLBd, 0 },
+    /* 5e */ { Cache_UNKNOWN, 0 },
+    /* 5f */ { Cache_UNKNOWN, 0 },
+    /* 60 */ { Cache_UNKNOWN, 0 },
+    /* 61 */ { Cache_UNKNOWN, 0 },
+    /* 62 */ { Cache_UNKNOWN, 0 },
+    /* 63 */ { Cache_UNKNOWN, 0 },
+    /* 64 */ { Cache_UNKNOWN, 0 },
+    /* 65 */ { Cache_UNKNOWN, 0 },
+    /* 66 */ { Cache_L1d, 64 },
+    /* 67 */ { Cache_L1d, 64 },
+    /* 68 */ { Cache_L1d, 64 },
+    /* 69 */ { Cache_UNKNOWN, 0 },
+    /* 6a */ { Cache_UNKNOWN, 0 },
+    /* 6b */ { Cache_UNKNOWN, 0 },
+    /* 6c */ { Cache_UNKNOWN, 0 },
+    /* 6d */ { Cache_UNKNOWN, 0 },
+    /* 6e */ { Cache_UNKNOWN, 0 },
+    /* 6f */ { Cache_UNKNOWN, 0 },
+    /* 70 */ { Cache_Trace, 1 },
+    /* 71 */ { Cache_Trace, 1 },
+    /* 72 */ { Cache_Trace, 1 },
+    /* 73 */ { Cache_UNKNOWN, 0 },
+    /* 74 */ { Cache_UNKNOWN, 0 },
+    /* 75 */ { Cache_UNKNOWN, 0 },
+    /* 76 */ { Cache_UNKNOWN, 0 },
+    /* 77 */ { Cache_UNKNOWN, 0 },
+    /* 78 */ { Cache_UNKNOWN, 0 },
+    /* 79 */ { Cache_L2, 64 },
+    /* 7a */ { Cache_L2, 64 },
+    /* 7b */ { Cache_L2, 64 },
+    /* 7c */ { Cache_L2, 64 },
+    /* 7d */ { Cache_UNKNOWN, 0 },
+    /* 7e */ { Cache_UNKNOWN, 0 },
+    /* 7f */ { Cache_UNKNOWN, 0 },
+    /* 80 */ { Cache_UNKNOWN, 0 },
+    /* 81 */ { Cache_UNKNOWN, 0 },
+    /* 82 */ { Cache_L2, 32 },
+    /* 83 */ { Cache_L2, 32 },
+    /* 84 */ { Cache_L2, 32 },
+    /* 85 */ { Cache_L2, 32 },
+    /* 86 */ { Cache_L2, 64 },
+    /* 87 */ { Cache_L2, 64 },
+    /* 88 */ { Cache_UNKNOWN, 0 },
+    /* 89 */ { Cache_UNKNOWN, 0 },
+    /* 8a */ { Cache_UNKNOWN, 0 },
+    /* 8b */ { Cache_UNKNOWN, 0 },
+    /* 8c */ { Cache_UNKNOWN, 0 },
+    /* 8d */ { Cache_UNKNOWN, 0 },
+    /* 8e */ { Cache_UNKNOWN, 0 },
+    /* 8f */ { Cache_UNKNOWN, 0 },
+    /* 90 */ { Cache_UNKNOWN, 0 },
+    /* 91 */ { Cache_UNKNOWN, 0 },
+    /* 92 */ { Cache_UNKNOWN, 0 },
+    /* 93 */ { Cache_UNKNOWN, 0 },
+    /* 94 */ { Cache_UNKNOWN, 0 },
+    /* 95 */ { Cache_UNKNOWN, 0 },
+    /* 96 */ { Cache_UNKNOWN, 0 },
+    /* 97 */ { Cache_UNKNOWN, 0 },
+    /* 98 */ { Cache_UNKNOWN, 0 },
+    /* 99 */ { Cache_UNKNOWN, 0 },
+    /* 9a */ { Cache_UNKNOWN, 0 },
+    /* 9b */ { Cache_UNKNOWN, 0 },
+    /* 9c */ { Cache_UNKNOWN, 0 },
+    /* 9d */ { Cache_UNKNOWN, 0 },
+    /* 9e */ { Cache_UNKNOWN, 0 },
+    /* 9f */ { Cache_UNKNOWN, 0 },
+    /* a0 */ { Cache_UNKNOWN, 0 },
+    /* a1 */ { Cache_UNKNOWN, 0 },
+    /* a2 */ { Cache_UNKNOWN, 0 },
+    /* a3 */ { Cache_UNKNOWN, 0 },
+    /* a4 */ { Cache_UNKNOWN, 0 },
+    /* a5 */ { Cache_UNKNOWN, 0 },
+    /* a6 */ { Cache_UNKNOWN, 0 },
+    /* a7 */ { Cache_UNKNOWN, 0 },
+    /* a8 */ { Cache_UNKNOWN, 0 },
+    /* a9 */ { Cache_UNKNOWN, 0 },
+    /* aa */ { Cache_UNKNOWN, 0 },
+    /* ab */ { Cache_UNKNOWN, 0 },
+    /* ac */ { Cache_UNKNOWN, 0 },
+    /* ad */ { Cache_UNKNOWN, 0 },
+    /* ae */ { Cache_UNKNOWN, 0 },
+    /* af */ { Cache_UNKNOWN, 0 },
+    /* b0 */ { Cache_TLBi, 0 },
+    /* b1 */ { Cache_UNKNOWN, 0 },
+    /* b2 */ { Cache_UNKNOWN, 0 },
+    /* b3 */ { Cache_TLBd, 0 },
+    /* b4 */ { Cache_UNKNOWN, 0 },
+    /* b5 */ { Cache_UNKNOWN, 0 },
+    /* b6 */ { Cache_UNKNOWN, 0 },
+    /* b7 */ { Cache_UNKNOWN, 0 },
+    /* b8 */ { Cache_UNKNOWN, 0 },
+    /* b9 */ { Cache_UNKNOWN, 0 },
+    /* ba */ { Cache_UNKNOWN, 0 },
+    /* bb */ { Cache_UNKNOWN, 0 },
+    /* bc */ { Cache_UNKNOWN, 0 },
+    /* bd */ { Cache_UNKNOWN, 0 },
+    /* be */ { Cache_UNKNOWN, 0 },
+    /* bf */ { Cache_UNKNOWN, 0 },
+    /* c0 */ { Cache_UNKNOWN, 0 },
+    /* c1 */ { Cache_UNKNOWN, 0 },
+    /* c2 */ { Cache_UNKNOWN, 0 },
+    /* c3 */ { Cache_UNKNOWN, 0 },
+    /* c4 */ { Cache_UNKNOWN, 0 },
+    /* c5 */ { Cache_UNKNOWN, 0 },
+    /* c6 */ { Cache_UNKNOWN, 0 },
+    /* c7 */ { Cache_UNKNOWN, 0 },
+    /* c8 */ { Cache_UNKNOWN, 0 },
+    /* c9 */ { Cache_UNKNOWN, 0 },
+    /* ca */ { Cache_UNKNOWN, 0 },
+    /* cb */ { Cache_UNKNOWN, 0 },
+    /* cc */ { Cache_UNKNOWN, 0 },
+    /* cd */ { Cache_UNKNOWN, 0 },
+    /* ce */ { Cache_UNKNOWN, 0 },
+    /* cf */ { Cache_UNKNOWN, 0 },
+    /* d0 */ { Cache_UNKNOWN, 0 },
+    /* d1 */ { Cache_UNKNOWN, 0 },
+    /* d2 */ { Cache_UNKNOWN, 0 },
+    /* d3 */ { Cache_UNKNOWN, 0 },
+    /* d4 */ { Cache_UNKNOWN, 0 },
+    /* d5 */ { Cache_UNKNOWN, 0 },
+    /* d6 */ { Cache_UNKNOWN, 0 },
+    /* d7 */ { Cache_UNKNOWN, 0 },
+    /* d8 */ { Cache_UNKNOWN, 0 },
+    /* d9 */ { Cache_UNKNOWN, 0 },
+    /* da */ { Cache_UNKNOWN, 0 },
+    /* db */ { Cache_UNKNOWN, 0 },
+    /* dc */ { Cache_UNKNOWN, 0 },
+    /* dd */ { Cache_UNKNOWN, 0 },
+    /* de */ { Cache_UNKNOWN, 0 },
+    /* df */ { Cache_UNKNOWN, 0 },
+    /* e0 */ { Cache_UNKNOWN, 0 },
+    /* e1 */ { Cache_UNKNOWN, 0 },
+    /* e2 */ { Cache_UNKNOWN, 0 },
+    /* e3 */ { Cache_UNKNOWN, 0 },
+    /* e4 */ { Cache_UNKNOWN, 0 },
+    /* e5 */ { Cache_UNKNOWN, 0 },
+    /* e6 */ { Cache_UNKNOWN, 0 },
+    /* e7 */ { Cache_UNKNOWN, 0 },
+    /* e8 */ { Cache_UNKNOWN, 0 },
+    /* e9 */ { Cache_UNKNOWN, 0 },
+    /* ea */ { Cache_UNKNOWN, 0 },
+    /* eb */ { Cache_UNKNOWN, 0 },
+    /* ec */ { Cache_UNKNOWN, 0 },
+    /* ed */ { Cache_UNKNOWN, 0 },
+    /* ee */ { Cache_UNKNOWN, 0 },
+    /* ef */ { Cache_UNKNOWN, 0 },
+    /* f0 */ { Cache_UNKNOWN, 0 },
+    /* f1 */ { Cache_UNKNOWN, 0 },
+    /* f2 */ { Cache_UNKNOWN, 0 },
+    /* f3 */ { Cache_UNKNOWN, 0 },
+    /* f4 */ { Cache_UNKNOWN, 0 },
+    /* f5 */ { Cache_UNKNOWN, 0 },
+    /* f6 */ { Cache_UNKNOWN, 0 },
+    /* f7 */ { Cache_UNKNOWN, 0 },
+    /* f8 */ { Cache_UNKNOWN, 0 },
+    /* f9 */ { Cache_UNKNOWN, 0 },
+    /* fa */ { Cache_UNKNOWN, 0 },
+    /* fb */ { Cache_UNKNOWN, 0 },
+    /* fc */ { Cache_UNKNOWN, 0 },
+    /* fd */ { Cache_UNKNOWN, 0 },
+    /* fe */ { Cache_UNKNOWN, 0 },
+    /* ff */ { Cache_UNKNOWN, 0 }
+};
+
+/*
+ * use the above table to determine the CacheEntryLineSize.
+ */
+static void
+getIntelCacheEntryLineSize(unsigned long val, int *level,
+                           unsigned long *lineSize)
+{
+    CacheType type;
+
+    type = CacheMap[val].type;
+    /* only interested in data caches */
+    /* NOTE val = 0x40 is a special value that means no L2 or L3 cache.
+     * this data check has the side effect of rejecting that entry. If
+     * that wasn't the case, we could have to reject it explicitly */
+    if (CacheMap[val].lineSize == 0) {
+        return;
+    }
+    /* look at the caches, skip types we aren't interested in.
+     * if we already have a value for a lower level cache, skip the
+     * current entry */
+    if ((type == Cache_L1) || (type == Cache_L1d)) {
+        *level = 1;
+        *lineSize = CacheMap[val].lineSize;
+    } else if ((*level >= 2) && ((type == Cache_L2) || (type == Cache_L2d))) {
+        *level = 2;
+        *lineSize = CacheMap[val].lineSize;
+    } else if ((*level >= 3) && ((type == Cache_L3) || (type == Cache_L3d))) {
+        *level = 3;
+        *lineSize = CacheMap[val].lineSize;
+    }
+    return;
+}
+
+static void
+getIntelRegisterCacheLineSize(unsigned long val,
+                              int *level, unsigned long *lineSize)
+{
+    getIntelCacheEntryLineSize(val >> 24 & 0xff, level, lineSize);
+    getIntelCacheEntryLineSize(val >> 16 & 0xff, level, lineSize);
+    getIntelCacheEntryLineSize(val >> 8 & 0xff, level, lineSize);
+    getIntelCacheEntryLineSize(val & 0xff, level, lineSize);
+}
+
+/*
+ * returns '0' if no recognized cache is found, or if the cache
+ * information is supported by this processor
+ */
+static unsigned long
+getIntelCacheLineSize(int cpuidLevel)
+{
+    int level = 4;
+    unsigned long lineSize = 0;
+    unsigned long eax, ebx, ecx, edx;
+    int repeat, count;
+
+    if (cpuidLevel < 2) {
+        return 0;
+    }
+
+    /* command '2' of the cpuid is intel's cache info call. Each byte of the
+     * 4 registers contain a potential descriptor for the cache. The CacheMap
+     * table maps the cache entry with the processor cache. Register 'al'
+     * contains a count value that cpuid '2' needs to be called in order to
+     * find all the cache descriptors. Only registers with the high bit set
+     * to 'zero' have valid descriptors. This code loops through all the
+     * required calls to cpuid '2' and passes any valid descriptors it finds
+     * to the getIntelRegisterCacheLineSize code, which breaks the registers
+     * down into their component descriptors. In the end the lineSize of the
+     * lowest level cache data cache is returned. */
+    freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
+    repeat = eax & 0xf;
+    for (count = 0; count < repeat; count++) {
+        if ((eax & 0x80000000) == 0) {
+            getIntelRegisterCacheLineSize(eax & 0xffffff00, &level, &lineSize);
+        }
+        if ((ebx & 0x80000000) == 0) {
+            getIntelRegisterCacheLineSize(ebx, &level, &lineSize);
+        }
+        if ((ecx & 0x80000000) == 0) {
+            getIntelRegisterCacheLineSize(ecx, &level, &lineSize);
+        }
+        if ((edx & 0x80000000) == 0) {
+            getIntelRegisterCacheLineSize(edx, &level, &lineSize);
+        }
+        if (count + 1 != repeat) {
+            freebl_cpuid(2, &eax, &ebx, &ecx, &edx);
+        }
+    }
+    return lineSize;
+}
+
+/*
+ * returns '0' if the cache info is not supported by this processor.
+ * This is based on the AMD extended cache commands for cpuid.
+ * (see "AMD Processor Recognition Application Note" Publication 20734).
+ * Some other processors use the identical scheme.
+ * (see "Processor Recognition, Transmeta Corporation").
+ */
+static unsigned long
+getOtherCacheLineSize(unsigned long cpuidLevel)
+{
+    unsigned long lineSize = 0;
+    unsigned long eax, ebx, ecx, edx;
+
+    /* get the Extended CPUID level */
+    freebl_cpuid(0x80000000, &eax, &ebx, &ecx, &edx);
+    cpuidLevel = eax;
+
+    if (cpuidLevel >= 0x80000005) {
+        freebl_cpuid(0x80000005, &eax, &ebx, &ecx, &edx);
+        lineSize = ecx & 0xff; /* line Size, L1 Data Cache */
+    }
+    return lineSize;
+}
+
+static const char *const manMap[] = {
+#define INTEL 0
+    "GenuineIntel",
+#define AMD 1
+    "AuthenticAMD",
+#define CYRIX 2
+    "CyrixInstead",
+#define CENTAUR 2
+    "CentaurHauls",
+#define NEXGEN 3
+    "NexGenDriven",
+#define TRANSMETA 4
+    "GenuineTMx86",
+#define RISE 5
+    "RiseRiseRise",
+#define UMC 6
+    "UMC UMC UMC ",
+#define SIS 7
+    "Sis Sis Sis ",
+#define NATIONAL 8
+    "Geode by NSC",
+};
+
+static const int n_manufacturers = sizeof(manMap) / sizeof(manMap[0]);
+
+#define MAN_UNKNOWN 9
+
+#if !defined(AMD_64)
+#define SSE2_FLAG (1 << 26)
+unsigned long
+s_mpi_is_sse2()
+{
+    unsigned long eax, ebx, ecx, edx;
+
+    if (is386() || is486()) {
+        return 0;
+    }
+    freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
+
+    /* has no SSE2 extensions */
+    if (eax == 0) {
+        return 0;
+    }
+
+    freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
+    return (edx & SSE2_FLAG) == SSE2_FLAG;
+}
+#endif
+
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+    unsigned long eax, ebx, ecx, edx;
+    PRUint32 cpuid[3];
+    unsigned long cpuidLevel;
+    unsigned long cacheLineSize = 0;
+    int manufacturer = MAN_UNKNOWN;
+    int i;
+    char string[13];
+
+#if !defined(AMD_64)
+    if (is386()) {
+        return 0; /* 386 had no cache */
+    }
+    if (is486()) {
+        return 32; /* really? need more info */
+    }
+#endif
+
+    /* Pentium, cpuid command is available */
+    freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
+    cpuidLevel = eax;
+    /* string holds the CPU's manufacturer ID string - a twelve
+     * character ASCII string stored in ebx, edx, ecx, and
+     * the 32-bit extended feature flags are in edx, ecx.
+     */
+    cpuid[0] = ebx;
+    cpuid[1] = ecx;
+    cpuid[2] = edx;
+    memcpy(string, cpuid, sizeof(cpuid));
+    string[12] = 0;
+
+    manufacturer = MAN_UNKNOWN;
+    for (i = 0; i < n_manufacturers; i++) {
+        if (strcmp(manMap[i], string) == 0) {
+            manufacturer = i;
+        }
+    }
+
+    if (manufacturer == INTEL) {
+        cacheLineSize = getIntelCacheLineSize(cpuidLevel);
+    } else {
+        cacheLineSize = getOtherCacheLineSize(cpuidLevel);
+    }
+    /* doesn't support cache info based on cpuid. This means
+     * an old pentium class processor, which have cache lines of
+     * 32. If we learn differently, we can use a switch based on
+     * the Manufacturer id  */
+    if (cacheLineSize == 0) {
+        cacheLineSize = 32;
+    }
+    return cacheLineSize;
+}
+#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
+#endif
+
+#if defined(__ppc64__)
+/*
+ *  Sigh, The PPC has some really nice features to help us determine cache
+ *  size, since it had lots of direct control functions to do so. The POWER
+ *  processor even has an instruction to do this, but it was dropped in
+ *  PowerPC. Unfortunately most of them are not available in user mode.
+ *
+ *  The dcbz function would be a great way to determine cache line size except
+ *  1) it only works on write-back memory (it throws an exception otherwise),
+ *  and 2) because so many mac programs 'knew' the processor cache size was
+ *  32 bytes, they used this instruction as a fast 'zero 32 bytes'. Now the new
+ *  G5 processor has 128 byte cache, but dcbz only clears 32 bytes to keep
+ *  these programs happy. dcbzl work if 64 bit instructions are supported.
+ *  If you know 64 bit instructions are supported, and that stack is
+ *  write-back, you can use this code.
+ */
+#include "memory.h"
+
+/* clear the cache line that contains 'array' */
+static inline void
+dcbzl(char *array)
+{
+    register char *a asm("r2") = array;
+    __asm__ __volatile__("dcbzl %0,r0"
+                         : "=r"(a)
+                         : "0"(a));
+}
+
+#define PPC_DO_ALIGN(x, y) ((char *)((((long long)(x)) + ((y)-1)) & ~((y)-1)))
+
+#define PPC_MAX_LINE_SIZE 256
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+    char testArray[2 * PPC_MAX_LINE_SIZE + 1];
+    char *test;
+    int i;
+
+    /* align the array on a maximum line size boundary, so we
+     * know we are starting to clear from the first address */
+    test = PPC_DO_ALIGN(testArray, PPC_MAX_LINE_SIZE);
+    /* set all the values to 1's */
+    memset(test, 0xff, PPC_MAX_LINE_SIZE);
+    /* clear one cache block starting at 'test' */
+    dcbzl(test);
+
+    /* find the size of the cleared area, that's our block size */
+    for (i = PPC_MAX_LINE_SIZE; i != 0; i = i / 2) {
+        if (test[i - 1] == 0) {
+            return i;
+        }
+    }
+    return 0;
+}
+
+#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
+#endif
+
+/*
+ * put other processor and platform specific cache code here
+ * return the smallest cache line size in bytes on the processor
+ * (usually the L1 cache). If the OS has a call, this would be
+ * a greate place to put it.
+ *
+ * If there is no cache, return 0;
+ *
+ * define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED so the generic functions
+ * below aren't compiled.
+ *
+ */
+
+/* target.mk can define MPI_CACHE_LINE_SIZE if it's common for the family or
+ * OS */
+#if defined(MPI_CACHE_LINE_SIZE) && !defined(MPI_GET_PROCESSOR_LINE_SIZE_DEFINED)
+
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+    return MPI_CACHE_LINE_SIZE;
+}
+#define MPI_GET_PROCESSOR_LINE_SIZE_DEFINED 1
+#endif
+
+/* If no way to get the processor cache line size has been defined, assume
+ * it's 32 bytes (most common value, does not significantly impact performance)
+ */
+#ifndef MPI_GET_PROCESSOR_LINE_SIZE_DEFINED
+unsigned long
+s_mpi_getProcessorLineSize()
+{
+    return 32;
+}
+#endif
+
+#ifdef TEST_IT
+#include <stdio.h>
+
+main()
+{
+    printf("line size = %d\n", s_mpi_getProcessorLineSize());
+}
+#endif
diff --git a/nss/lib/freebl/mpi/mpcpucache_amd64.s b/nss/lib/freebl/mpi/mpcpucache_amd64.s
new file mode 100644
index 0000000..d493b47
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpcpucache_amd64.s
@@ -0,0 +1,861 @@
+/ This Source Code Form is subject to the terms of the Mozilla Public
+/ License, v. 2.0. If a copy of the MPL was not distributed with this
+/ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.file	"mpcpucache.c"
+/	.section	.rodata.str1.1,"aMS",@progbits,1
+	.section	.rodata
+.LC0:
+	.string	"GenuineIntel"
+.LC1:
+	.string	"AuthenticAMD"
+.LC2:
+	.string	"CyrixInstead"
+.LC3:
+	.string	"CentaurHauls"
+.LC4:
+	.string	"NexGenDriven"
+.LC5:
+	.string	"GenuineTMx86"
+.LC6:
+	.string	"RiseRiseRise"
+.LC7:
+	.string	"UMC UMC UMC "
+.LC8:
+	.string	"Sis Sis Sis "
+.LC9:
+	.string	"Geode by NSC"
+	.section	.data.rel.ro.local,"aw",@progbits
+	.align 32
+	.type	manMap, @object
+	.size	manMap, 80
+manMap:
+	.quad	.LC0
+	.quad	.LC1
+	.quad	.LC2
+	.quad	.LC3
+	.quad	.LC4
+	.quad	.LC5
+	.quad	.LC6
+	.quad	.LC7
+	.quad	.LC8
+	.quad	.LC9
+	.section	.rodata
+	.align 32
+	.type	CacheMap, @object
+	.size	CacheMap, 512
+CacheMap:
+	.byte	0
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.zero	1
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.text
+	.align	16
+.globl freebl_cpuid
+	.type	freebl_cpuid, @function
+freebl_cpuid:
+.LFB2:
+	movq	%rdx, %r10
+	pushq	%rbx
+.LCFI0:
+	movq	%rcx, %r11
+	movq	%rdi, %rax
+/APP
+	cpuid
+	
+/NO_APP
+	movq	%rax, (%rsi)
+	movq	%rbx, (%r10)
+	popq	%rbx
+	movq	%rcx, (%r11)
+	movq	%rdx, (%r8)
+	ret
+.LFE2:
+	.size	freebl_cpuid, .-freebl_cpuid
+	.align	16
+	.type	getIntelCacheEntryLineSize, @function
+getIntelCacheEntryLineSize:
+.LFB3:
+	leaq	CacheMap(%rip), %r9
+	movq	%rdx, %r10
+	movzbl	1(%r9,%rdi,2), %ecx
+	movzbl	(%r9,%rdi,2), %r8d
+	testb	%cl, %cl
+	je	.L2
+	cmpl	$6, %r8d
+	sete	%dl
+	cmpl	$8, %r8d
+	sete	%al
+	orl	%edx, %eax
+	testb	$1, %al
+	je	.L4
+	movl	$1, (%rsi)
+.L9:
+	movzbl	%cl, %eax 
+	movq	%rax, (%r10)
+	ret
+	.align	16
+.L4:
+	movl	(%rsi), %r11d
+	cmpl	$1, %r11d
+	jg	.L11
+.L6:
+	cmpl	$2, %r11d
+	jle	.L2
+	cmpl	$12, %r8d
+	sete	%dl
+	cmpl	$14, %r8d
+	sete	%al
+	orl	%edx, %eax
+	testb	$1, %al
+	je	.L2
+	movzbq	1(%r9,%rdi,2), %rax
+	movl	$3, (%rsi)
+	movq	%rax, (%r10)
+	.align	16
+.L2:
+	rep ; ret
+	.align	16
+.L11:
+	cmpl	$9, %r8d
+	sete	%dl
+	cmpl	$11, %r8d
+	sete	%al
+	orl	%edx, %eax
+	testb	$1, %al
+	je	.L6
+	movl	$2, (%rsi)
+	jmp	.L9
+.LFE3:
+	.size	getIntelCacheEntryLineSize, .-getIntelCacheEntryLineSize
+	.align	16
+	.type	getIntelRegisterCacheLineSize, @function
+getIntelRegisterCacheLineSize:
+.LFB4:
+	pushq	%rbp
+.LCFI1:
+	movq	%rsp, %rbp
+.LCFI2:
+	movq	%rbx, -24(%rbp)
+.LCFI3:
+	movq	%rdi, %rbx
+	shrq	$24, %rdi
+	movq	%r12, -16(%rbp)
+.LCFI4:
+	movq	%r13, -8(%rbp)
+.LCFI5:
+	andl	$255, %edi
+	subq	$24, %rsp
+.LCFI6:
+	movq	%rsi, %r13
+	movq	%rdx, %r12
+	call	getIntelCacheEntryLineSize
+	movq	%rbx, %rdi
+	movq	%r12, %rdx
+	movq	%r13, %rsi
+	shrq	$16, %rdi
+	andl	$255, %edi
+	call	getIntelCacheEntryLineSize
+	movq	%rbx, %rdi
+	movq	%r12, %rdx
+	movq	%r13, %rsi
+	shrq	$8, %rdi
+	andl	$255, %ebx
+	andl	$255, %edi
+	call	getIntelCacheEntryLineSize
+	movq	%r12, %rdx
+	movq	%r13, %rsi
+	movq	%rbx, %rdi
+	movq	8(%rsp), %r12
+	movq	(%rsp), %rbx
+	movq	16(%rsp), %r13
+	leave
+	jmp	getIntelCacheEntryLineSize
+.LFE4:
+	.size	getIntelRegisterCacheLineSize, .-getIntelRegisterCacheLineSize
+	.align	16
+.globl s_mpi_getProcessorLineSize
+	.type	s_mpi_getProcessorLineSize, @function
+s_mpi_getProcessorLineSize:
+.LFB7:
+	pushq	%rbp
+.LCFI7:
+	xorl	%edi, %edi
+	movq	%rsp, %rbp
+.LCFI8:
+	pushq	%r15
+.LCFI9:
+	leaq	-136(%rbp), %r8
+	leaq	-144(%rbp), %rcx
+	leaq	-152(%rbp), %rdx
+	pushq	%r14
+.LCFI10:
+	leaq	-160(%rbp), %rsi
+	leaq	-128(%rbp), %r14
+	pushq	%r13
+.LCFI11:
+	leaq	manMap(%rip), %r13
+	pushq	%r12
+.LCFI12:
+	movl	$9, %r12d
+	pushq	%rbx
+.LCFI13:
+	xorl	%ebx, %ebx
+	subq	$200, %rsp
+.LCFI14:
+	call	freebl_cpuid
+	movq	-152(%rbp), %rax
+	movq	-160(%rbp), %r15
+	movb	$0, -116(%rbp)
+	movl	%eax, -128(%rbp)
+	movq	-136(%rbp), %rax
+	movl	%eax, -124(%rbp)
+	movq	-144(%rbp), %rax
+	movl	%eax, -120(%rbp)
+	.align	16
+.L18:
+	movslq	%ebx,%rax
+	movq	%r14, %rsi
+	movq	(%r13,%rax,8), %rdi
+	call	strcmp@PLT
+	testl	%eax, %eax
+	cmove	%ebx, %r12d
+	incl	%ebx
+	cmpl	$9, %ebx
+	jle	.L18
+	testl	%r12d, %r12d
+	jne	.L19
+	xorl	%eax, %eax
+	decl	%r15d
+	movl	$4, -204(%rbp)
+	movq	$0, -200(%rbp)
+	jle	.L21
+	leaq	-168(%rbp), %r8
+	leaq	-176(%rbp), %rcx
+	leaq	-184(%rbp), %rdx
+	leaq	-192(%rbp), %rsi
+	movl	$2, %edi
+	xorl	%ebx, %ebx
+	call	freebl_cpuid
+	movq	-192(%rbp), %rdi
+	movl	%edi, %r12d
+	andl	$15, %r12d
+	cmpl	%r12d, %ebx
+	jl	.L30
+	jmp	.L38
+	.align	16
+.L25:
+	movq	-184(%rbp), %rdi
+	testl	$2147483648, %edi 
+	je	.L40
+.L26:
+	movq	-176(%rbp), %rdi
+	testl	$2147483648, %edi 
+	je	.L41
+.L27:
+	movq	-168(%rbp), %rdi
+	testl	$2147483648, %edi 
+	je	.L42
+.L28:
+	incl	%ebx
+	cmpl	%r12d, %ebx
+	je	.L24
+	leaq	-168(%rbp), %r8
+	leaq	-176(%rbp), %rcx
+	leaq	-184(%rbp), %rdx
+	leaq	-192(%rbp), %rsi
+	movl	$2, %edi
+	call	freebl_cpuid
+.L24:
+	cmpl	%r12d, %ebx
+	jge	.L38
+	movq	-192(%rbp), %rdi
+.L30:
+	testl	$2147483648, %edi 
+	jne	.L25
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	andl	$4294967040, %edi
+	call	getIntelRegisterCacheLineSize
+	movq	-184(%rbp), %rdi
+	testl	$2147483648, %edi 
+	jne	.L26
+.L40:
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	call	getIntelRegisterCacheLineSize
+	movq	-176(%rbp), %rdi
+	testl	$2147483648, %edi 
+	jne	.L27
+.L41:
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	call	getIntelRegisterCacheLineSize
+	movq	-168(%rbp), %rdi
+	testl	$2147483648, %edi 
+	jne	.L28
+.L42:
+	leaq	-200(%rbp), %rdx
+	leaq	-204(%rbp), %rsi
+	call	getIntelRegisterCacheLineSize
+	jmp	.L28
+.L38:
+	movq	-200(%rbp), %rax
+.L21:
+	movq	%rax, %rdx
+	movl	$32, %eax
+	testq	%rdx, %rdx
+	cmoveq	%rax, %rdx
+	addq	$200, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	popq	%r15
+	leave
+	movq	%rdx, %rax
+	ret
+.L19:
+	leaq	-216(%rbp), %r8
+	leaq	-224(%rbp), %rcx
+	leaq	-232(%rbp), %rdx
+	leaq	-240(%rbp), %rsi
+	movl	$2147483648, %edi
+	xorl	%ebx, %ebx
+	call	freebl_cpuid
+	movl	$2147483652, %eax
+	cmpq	%rax, -240(%rbp)
+	ja	.L43
+.L32:
+	movq	%rbx, %rdx
+	movl	$32, %eax
+	testq	%rdx, %rdx
+	cmoveq	%rax, %rdx
+	addq	$200, %rsp
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	popq	%r15
+	leave
+	movq	%rdx, %rax
+	ret
+.L43:
+	leaq	-216(%rbp), %r8
+	leaq	-224(%rbp), %rcx
+	leaq	-232(%rbp), %rdx
+	leaq	-240(%rbp), %rsi
+	movl	$2147483653, %edi
+	call	freebl_cpuid
+	movzbq	-224(%rbp), %rbx
+	jmp	.L32
+.LFE7:
+	.size	s_mpi_getProcessorLineSize, .-s_mpi_getProcessorLineSize
diff --git a/nss/lib/freebl/mpi/mpcpucache_x86.s b/nss/lib/freebl/mpi/mpcpucache_x86.s
new file mode 100644
index 0000000..af17ebc
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpcpucache_x86.s
@@ -0,0 +1,902 @@
+/ This Source Code Form is subject to the terms of the Mozilla Public
+/ License, v. 2.0. If a copy of the MPL was not distributed with this
+/ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.file	"mpcpucache.c"
+/	.section	.rodata.str1.1,"aMS",@progbits,1
+	.section	.rodata
+.LC0:
+	.string	"GenuineIntel"
+.LC1:
+	.string	"AuthenticAMD"
+.LC2:
+	.string	"CyrixInstead"
+.LC3:
+	.string	"CentaurHauls"
+.LC4:
+	.string	"NexGenDriven"
+.LC5:
+	.string	"GenuineTMx86"
+.LC6:
+	.string	"RiseRiseRise"
+.LC7:
+	.string	"UMC UMC UMC "
+.LC8:
+	.string	"Sis Sis Sis "
+.LC9:
+	.string	"Geode by NSC"
+	.section	.data.rel.ro.local,"aw",@progbits
+	.align 32
+	.type	manMap, @object
+	.size	manMap, 40
+manMap:
+	.long	.LC0
+	.long	.LC1
+	.long	.LC2
+	.long	.LC3
+	.long	.LC4
+	.long	.LC5
+	.long	.LC6
+	.long	.LC7
+	.long	.LC8
+	.long	.LC9
+	.section	.rodata
+	.align 32
+	.type	CacheMap, @object
+	.size	CacheMap, 512
+CacheMap:
+	.byte	0
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.zero	1
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	12
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	7
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	8
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	5
+	.byte	1
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	32
+	.byte	9
+	.byte	64
+	.byte	9
+	.byte	64
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	3
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	4
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.byte	1
+	.byte	0
+	.text
+	.align	4
+.globl freebl_cpuid
+	.type	freebl_cpuid, @function
+freebl_cpuid:
+	pushl	%ebp
+	pushl	%edi
+	pushl	%esi
+	subl	$8, %esp
+	movl	%edx, %ebp
+/APP
+	pushl %ebx
+	xorl %ecx, %ecx
+	cpuid
+	mov %ebx,%esi
+	popl %ebx
+	
+/NO_APP
+	movl	%eax, (%ebp)
+	movl	24(%esp), %eax
+	movl	%esi, (%eax)
+	movl	28(%esp), %eax
+	movl	%ecx, (%eax)
+	movl	32(%esp), %eax
+	movl	%edx, (%eax)
+	addl	$8, %esp
+	popl	%esi
+	popl	%edi
+	popl	%ebp
+	ret
+	.size	freebl_cpuid, .-freebl_cpuid
+	.align	4
+	.type	changeFlag, @function
+changeFlag:
+/APP
+	pushfl
+	popl %edx
+	movl %edx,%ecx
+	xorl %eax,%edx
+	pushl %edx
+	popfl
+	pushfl
+	popl %edx
+	pushl %ecx
+	popfl
+	
+/NO_APP
+	xorl	%ecx, %edx
+	movl	%edx, %eax
+	ret
+	.size	changeFlag, .-changeFlag
+	.align	4
+	.type	getIntelCacheEntryLineSize, @function
+getIntelCacheEntryLineSize:
+	pushl	%edi
+	pushl	%esi
+	pushl	%ebx
+	call	.L17
+.L17:
+	popl	%ebx
+	addl	$_GLOBAL_OFFSET_TABLE_+[.-.L17], %ebx
+	movzbl	CacheMap@GOTOFF(%ebx,%eax,2), %ecx
+	movb	1+CacheMap@GOTOFF(%ebx,%eax,2), %al
+	testb	%al, %al
+	movl	16(%esp), %edi
+	je	.L3
+	cmpl	$6, %ecx
+	je	.L6
+	cmpl	$8, %ecx
+	je	.L6
+	movl	(%edx), %esi
+	cmpl	$1, %esi
+	jg	.L15
+.L8:
+	cmpl	$2, %esi
+	jle	.L3
+	cmpl	$12, %ecx
+	je	.L12
+	cmpl	$14, %ecx
+	je	.L12
+	.align	4
+.L3:
+	popl	%ebx
+	popl	%esi
+	popl	%edi
+	ret
+	.align	4
+.L6:
+	movzbl	%al, %eax
+	movl	$1, (%edx)
+	movl	%eax, (%edi)
+.L16:
+	popl	%ebx
+	popl	%esi
+	popl	%edi
+	ret
+	.align	4
+.L15:
+	cmpl	$9, %ecx
+	je	.L9
+	cmpl	$11, %ecx
+	jne	.L8
+.L9:
+	movzbl	%al, %eax
+	movl	$2, (%edx)
+	movl	%eax, (%edi)
+	jmp	.L16
+.L12:
+	movzbl	%al, %eax
+	movl	$3, (%edx)
+	movl	%eax, (%edi)
+	jmp	.L16
+	.size	getIntelCacheEntryLineSize, .-getIntelCacheEntryLineSize
+	.align	4
+	.type	getIntelRegisterCacheLineSize, @function
+getIntelRegisterCacheLineSize:
+	pushl	%ebp
+	movl	%esp, %ebp
+	pushl	%edi
+	pushl	%esi
+	pushl	%ecx
+	movl	8(%ebp), %edi
+	movl	%eax, %esi
+	movl	%edx, -12(%ebp)
+	shrl	$24, %eax
+	pushl	%edi
+	call	getIntelCacheEntryLineSize
+	movl	%esi, %eax
+	pushl	%edi
+	shrl	$16, %eax
+	movl	-12(%ebp), %edx
+	andl	$255, %eax
+	call	getIntelCacheEntryLineSize
+	pushl	%edi
+	movl	%esi, %edx
+	movzbl	%dh, %eax
+	movl	-12(%ebp), %edx
+	call	getIntelCacheEntryLineSize
+	andl	$255, %esi
+	movl	%edi, 8(%ebp)
+	movl	-12(%ebp), %edx
+	addl	$12, %esp
+	leal	-8(%ebp), %esp
+	movl	%esi, %eax
+	popl	%esi
+	popl	%edi
+	leave
+	jmp	getIntelCacheEntryLineSize
+	.size	getIntelRegisterCacheLineSize, .-getIntelRegisterCacheLineSize
+	.align	4
+.globl s_mpi_getProcessorLineSize
+	.type	s_mpi_getProcessorLineSize, @function
+s_mpi_getProcessorLineSize:
+	pushl	%ebp
+	movl	%esp, %ebp
+	pushl	%edi
+	pushl	%esi
+	pushl	%ebx
+	subl	$188, %esp
+	call	.L52
+.L52:
+	popl	%ebx
+	addl	$_GLOBAL_OFFSET_TABLE_+[.-.L52], %ebx
+	movl	$9, -168(%ebp)
+	movl	$262144, %eax
+	call	changeFlag
+	xorl	%edx, %edx
+	testl	%eax, %eax
+	jne	.L50
+.L19:
+	leal	-12(%ebp), %esp
+	popl	%ebx
+	popl	%esi
+	movl	%edx, %eax
+	popl	%edi
+	leave
+	ret
+	.align	4
+.L50:
+	movl	$2097152, %eax
+	call	changeFlag
+	testl	%eax, %eax
+	movl	$32, %edx
+	je	.L19
+	leal	-108(%ebp), %eax
+	pushl	%eax
+	leal	-112(%ebp), %eax
+	pushl	%eax
+	leal	-116(%ebp), %eax
+	pushl	%eax
+	leal	-120(%ebp), %edx
+	xorl	%eax, %eax
+	call	freebl_cpuid
+	movl	-120(%ebp), %eax
+	movl	%eax, -164(%ebp)
+	movl	-116(%ebp), %eax
+	movl	%eax, -104(%ebp)
+	movl	-108(%ebp), %eax
+	movl	%eax, -100(%ebp)
+	movl	-112(%ebp), %eax
+	movl	%eax, -96(%ebp)
+	movb	$0, -92(%ebp)
+	xorl	%esi, %esi
+	addl	$12, %esp
+	leal	-104(%ebp), %edi
+	.align	4
+.L28:
+	subl	$8, %esp
+	pushl	%edi
+	pushl	manMap@GOTOFF(%ebx,%esi,4)
+	call	strcmp@PLT
+	addl	$16, %esp
+	testl	%eax, %eax
+	jne	.L26
+	movl	%esi, -168(%ebp)
+.L26:
+	incl	%esi
+	cmpl	$9, %esi
+	jle	.L28
+	movl	-168(%ebp), %eax
+	testl	%eax, %eax
+	jne	.L29
+	xorl	%eax, %eax
+	cmpl	$1, -164(%ebp)
+	movl	$4, -144(%ebp)
+	movl	$0, -140(%ebp)
+	jle	.L41
+	leal	-124(%ebp), %edx
+	movl	%edx, -188(%ebp)
+	leal	-128(%ebp), %eax
+	pushl	%edx
+	movl	%eax, -184(%ebp)
+	leal	-132(%ebp), %edx
+	pushl	%eax
+	movl	%edx, -180(%ebp)
+	movl	$2, %eax
+	pushl	%edx
+	leal	-136(%ebp), %edx
+	call	freebl_cpuid
+	movl	-136(%ebp), %eax
+	movl	%eax, %edi
+	andl	$15, %edi
+	xorl	%esi, %esi
+	addl	$12, %esp
+	leal	-140(%ebp), %edx
+	cmpl	%edi, %esi
+	movl	%edx, -176(%ebp)
+	jl	.L40
+	jmp	.L48
+	.align	4
+.L49:
+	movl	-136(%ebp), %eax
+.L40:
+	testl	%eax, %eax
+	js	.L35
+	xorb	%al, %al
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L35:
+	movl	-132(%ebp), %eax
+	testl	%eax, %eax
+	js	.L36
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L36:
+	movl	-128(%ebp), %eax
+	testl	%eax, %eax
+	js	.L37
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L37:
+	movl	-124(%ebp), %eax
+	testl	%eax, %eax
+	js	.L38
+	pushl	-176(%ebp)
+	leal	-144(%ebp), %edx
+	call	getIntelRegisterCacheLineSize
+	popl	%eax
+.L38:
+	incl	%esi
+	cmpl	%edi, %esi
+	je	.L34
+	pushl	-188(%ebp)
+	pushl	-184(%ebp)
+	pushl	-180(%ebp)
+	leal	-136(%ebp), %edx
+	movl	$2, %eax
+	call	freebl_cpuid
+	addl	$12, %esp
+.L34:
+	cmpl	%edi, %esi
+	jl	.L49
+.L48:
+	movl	-140(%ebp), %eax
+.L41:
+	testl	%eax, %eax
+	jne	.L44
+	movb	$32, %al
+.L44:
+	leal	-12(%ebp), %esp
+	popl	%ebx
+	popl	%esi
+	movl	%eax, %edx
+	movl	%edx, %eax
+	popl	%edi
+	leave
+	ret
+.L29:
+	leal	-148(%ebp), %eax
+	movl	%eax, -192(%ebp)
+	movl	$0, -172(%ebp)
+	leal	-152(%ebp), %edi
+	pushl	%eax
+	pushl	%edi
+	leal	-156(%ebp), %esi
+	pushl	%esi
+	leal	-160(%ebp), %edx
+	movl	$-2147483648, %eax
+	call	freebl_cpuid
+	addl	$12, %esp
+	cmpl	$-2147483644, -160(%ebp)
+	ja	.L51
+.L42:
+	movl	-172(%ebp), %eax
+	jmp	.L41
+.L51:
+	pushl	-192(%ebp)
+	pushl	%edi
+	pushl	%esi
+	leal	-160(%ebp), %edx
+	movl	$-2147483643, %eax
+	call	freebl_cpuid
+	movzbl	-152(%ebp), %edx
+	addl	$12, %esp
+	movl	%edx, -172(%ebp)
+	jmp	.L42
+	.size	s_mpi_getProcessorLineSize, .-s_mpi_getProcessorLineSize
diff --git a/nss/lib/freebl/mpi/mpi-config.h b/nss/lib/freebl/mpi/mpi-config.h
new file mode 100644
index 0000000..c6f72b2
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi-config.h
@@ -0,0 +1,64 @@
+/* Default configuration for MPI library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MPI_CONFIG_H_
+#define MPI_CONFIG_H_
+
+/*
+  For boolean options,
+  0 = no
+  1 = yes
+
+  Other options are documented individually.
+
+ */
+
+#ifndef MP_IOFUNC
+#define MP_IOFUNC 0 /* include mp_print() ?                */
+#endif
+
+#ifndef MP_MODARITH
+#define MP_MODARITH 1 /* include modular arithmetic ?        */
+#endif
+
+#ifndef MP_LOGTAB
+#define MP_LOGTAB 1 /* use table of logs instead of log()? */
+#endif
+
+#ifndef MP_MEMSET
+#define MP_MEMSET 1 /* use memset() to zero buffers?       */
+#endif
+
+#ifndef MP_MEMCPY
+#define MP_MEMCPY 1 /* use memcpy() to copy buffers?       */
+#endif
+
+#ifndef MP_ARGCHK
+/*
+  0 = no parameter checks
+  1 = runtime checks, continue execution and return an error to caller
+  2 = assertions; dump core on parameter errors
+ */
+#ifdef DEBUG
+#define MP_ARGCHK 2 /* how to check input arguments        */
+#else
+#define MP_ARGCHK 1 /* how to check input arguments        */
+#endif
+#endif
+
+#ifndef MP_DEBUG
+#define MP_DEBUG 0 /* print diagnostic output?            */
+#endif
+
+#ifndef MP_DEFPREC
+#define MP_DEFPREC 64 /* default precision, in digits        */
+#endif
+
+#ifndef MP_SQUARE
+#define MP_SQUARE 1 /* use separate squaring code?         */
+#endif
+
+#endif /* ifndef MPI_CONFIG_H_ */
diff --git a/nss/lib/freebl/mpi/mpi-priv.h b/nss/lib/freebl/mpi/mpi-priv.h
new file mode 100644
index 0000000..b34452c
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi-priv.h
@@ -0,0 +1,243 @@
+/*
+ *  mpi-priv.h  - Private header file for MPI
+ *  Arbitrary precision integer arithmetic library
+ *
+ *  NOTE WELL: the content of this header file is NOT part of the "public"
+ *  API for the MPI library, and may change at any time.
+ *  Application programs that use libmpi should NOT include this header file.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _MPI_PRIV_H_
+#define _MPI_PRIV_H_ 1
+
+#include "mpi.h"
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#if MP_DEBUG
+#include <stdio.h>
+
+#define DIAG(T, V)           \
+    {                        \
+        fprintf(stderr, T);  \
+        mp_print(V, stderr); \
+        fputc('\n', stderr); \
+    }
+#else
+#define DIAG(T, V)
+#endif
+
+/* If we aren't using a wired-in logarithm table, we need to include
+   the math library to get the log() function
+ */
+
+/* {{{ s_logv_2[] - log table for 2 in various bases */
+
+#if MP_LOGTAB
+/*
+  A table of the logs of 2 for various bases (the 0 and 1 entries of
+  this table are meaningless and should not be referenced).
+
+  This table is used to compute output lengths for the mp_toradix()
+  function.  Since a number n in radix r takes up about log_r(n)
+  digits, we estimate the output size by taking the least integer
+  greater than log_r(n), where:
+
+  log_r(n) = log_2(n) * log_r(2)
+
+  This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
+  which are the output bases supported.
+ */
+
+extern const float s_logv_2[];
+#define LOG_V_2(R) s_logv_2[(R)]
+
+#else
+
+/*
+   If MP_LOGTAB is not defined, use the math library to compute the
+   logarithms on the fly.  Otherwise, use the table.
+   Pick which works best for your system.
+ */
+
+#include <math.h>
+#define LOG_V_2(R) (log(2.0) / log(R))
+
+#endif /* if MP_LOGTAB */
+
+/* }}} */
+
+/* {{{ Digit arithmetic macros */
+
+/*
+  When adding and multiplying digits, the results can be larger than
+  can be contained in an mp_digit.  Thus, an mp_word is used.  These
+  macros mask off the upper and lower digits of the mp_word (the
+  mp_word may be more than 2 mp_digits wide, but we only concern
+  ourselves with the low-order 2 mp_digits)
+ */
+
+#define CARRYOUT(W) (mp_digit)((W) >> DIGIT_BIT)
+#define ACCUM(W) (mp_digit)(W)
+
+#define MP_MIN(a, b) (((a) < (b)) ? (a) : (b))
+#define MP_MAX(a, b) (((a) > (b)) ? (a) : (b))
+#define MP_HOWMANY(a, b) (((a) + (b)-1) / (b))
+#define MP_ROUNDUP(a, b) (MP_HOWMANY(a, b) * (b))
+
+/* }}} */
+
+/* {{{ Comparison constants */
+
+#define MP_LT -1
+#define MP_EQ 0
+#define MP_GT 1
+
+/* }}} */
+
+/* {{{ private function declarations */
+
+void s_mp_setz(mp_digit *dp, mp_size count);                     /* zero digits           */
+void s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count); /* copy */
+void *s_mp_alloc(size_t nb, size_t ni);                          /* general allocator     */
+void s_mp_free(void *ptr);                                       /* general free function */
+
+mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */
+mp_err s_mp_pad(mp_int *mp, mp_size min);  /* left pad with zeroes    */
+
+void s_mp_clamp(mp_int *mp); /* clip leading zeroes     */
+
+void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place   */
+
+mp_err s_mp_lshd(mp_int *mp, mp_size p);    /* left-shift by p digits  */
+void s_mp_rshd(mp_int *mp, mp_size p);      /* right-shift by p digits */
+mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place */
+void s_mp_div_2d(mp_int *mp, mp_digit d);   /* divide by 2^d in place  */
+void s_mp_mod_2d(mp_int *mp, mp_digit d);   /* modulo 2^d in place     */
+void s_mp_div_2(mp_int *mp);                /* divide by 2 in place    */
+mp_err s_mp_mul_2(mp_int *mp);              /* multiply by 2 in place  */
+mp_err s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd);
+/* normalize for division  */
+mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */
+mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */
+mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */
+mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r);
+/* unsigned digit divide   */
+mp_err s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu);
+/* Barrett reduction       */
+mp_err s_mp_add(mp_int *a, const mp_int *b); /* magnitude addition      */
+mp_err s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err s_mp_sub(mp_int *a, const mp_int *b); /* magnitude subtract      */
+mp_err s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset);
+/* a += b * RADIX^offset   */
+mp_err s_mp_mul(mp_int *a, const mp_int *b); /* magnitude multiply      */
+#if MP_SQUARE
+mp_err s_mp_sqr(mp_int *a); /* magnitude square        */
+#else
+#define s_mp_sqr(a) s_mp_mul(a, a)
+#endif
+mp_err s_mp_div(mp_int *rem, mp_int *div, mp_int *quot); /* magnitude div */
+mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err s_mp_2expt(mp_int *a, mp_digit k);       /* a = 2^k                 */
+int s_mp_cmp(const mp_int *a, const mp_int *b); /* magnitude comparison */
+int s_mp_cmp_d(const mp_int *a, mp_digit d);    /* magnitude digit compare */
+int s_mp_ispow2(const mp_int *v);               /* is v a power of 2?      */
+int s_mp_ispow2d(mp_digit d);                   /* is d a power of 2?      */
+
+int s_mp_tovalue(char ch, int r);                /* convert ch to value    */
+char s_mp_todigit(mp_digit val, int r, int low); /* convert val to digit */
+int s_mp_outlen(int bits, int r);                /* output length in bytes */
+mp_digit s_mp_invmod_radix(mp_digit P);          /* returns (P ** -1) mod RADIX */
+mp_err s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c);
+mp_err s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c);
+mp_err s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c);
+
+#ifdef NSS_USE_COMBA
+
+#define IS_POWER_OF_2(a) ((a) && !((a) & ((a)-1)))
+
+void s_mp_mul_comba_4(const mp_int *A, const mp_int *B, mp_int *C);
+void s_mp_mul_comba_8(const mp_int *A, const mp_int *B, mp_int *C);
+void s_mp_mul_comba_16(const mp_int *A, const mp_int *B, mp_int *C);
+void s_mp_mul_comba_32(const mp_int *A, const mp_int *B, mp_int *C);
+
+void s_mp_sqr_comba_4(const mp_int *A, mp_int *B);
+void s_mp_sqr_comba_8(const mp_int *A, mp_int *B);
+void s_mp_sqr_comba_16(const mp_int *A, mp_int *B);
+void s_mp_sqr_comba_32(const mp_int *A, mp_int *B);
+
+#endif /* end NSS_USE_COMBA */
+
+/* ------ mpv functions, operate on arrays of digits, not on mp_int's ------ */
+#if defined(__OS2__) && defined(__IBMC__)
+#define MPI_ASM_DECL __cdecl
+#else
+#define MPI_ASM_DECL
+#endif
+
+#ifdef MPI_AMD64
+
+mp_digit MPI_ASM_DECL s_mpv_mul_set_vec64(mp_digit *, mp_digit *, mp_size, mp_digit);
+mp_digit MPI_ASM_DECL s_mpv_mul_add_vec64(mp_digit *, const mp_digit *, mp_size, mp_digit);
+
+/* c = a * b */
+#define s_mpv_mul_d(a, a_len, b, c) \
+    ((mp_digit *)c)[a_len] = s_mpv_mul_set_vec64(c, a, a_len, b)
+
+/* c += a * b */
+#define s_mpv_mul_d_add(a, a_len, b, c) \
+    ((mp_digit *)c)[a_len] = s_mpv_mul_add_vec64(c, a, a_len, b)
+
+#else
+
+void MPI_ASM_DECL s_mpv_mul_d(const mp_digit *a, mp_size a_len,
+                              mp_digit b, mp_digit *c);
+void MPI_ASM_DECL s_mpv_mul_d_add(const mp_digit *a, mp_size a_len,
+                                  mp_digit b, mp_digit *c);
+
+#endif
+
+void MPI_ASM_DECL s_mpv_mul_d_add_prop(const mp_digit *a,
+                                       mp_size a_len, mp_digit b,
+                                       mp_digit *c);
+void MPI_ASM_DECL s_mpv_sqr_add_prop(const mp_digit *a,
+                                     mp_size a_len,
+                                     mp_digit *sqrs);
+
+mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo,
+                                    mp_digit divisor, mp_digit *quot, mp_digit *rem);
+
+/* c += a * b * (MP_RADIX ** offset);  */
+/* Callers of this macro should be aware that the return type might vary;
+ * it should be treated as a void function. */
+#define s_mp_mul_d_add_offset(a, b, c, off) \
+    s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off)
+
+typedef struct {
+    mp_int N;         /* modulus N */
+    mp_digit n0prime; /* n0' = - (n0 ** -1) mod MP_RADIX */
+} mp_mont_modulus;
+
+mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,
+                     mp_mont_modulus *mmm);
+mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm);
+
+/*
+ * s_mpi_getProcessorLineSize() returns the size in bytes of the cache line
+ * if a cache exists, or zero if there is no cache. If more than one
+ * cache line exists, it should return the smallest line size (which is
+ * usually the L1 cache).
+ *
+ * mp_modexp uses this information to make sure that private key information
+ * isn't being leaked through the cache.
+ *
+ * see mpcpucache.c for the implementation.
+ */
+unsigned long s_mpi_getProcessorLineSize();
+
+/* }}} */
+#endif
diff --git a/nss/lib/freebl/mpi/mpi-test.c b/nss/lib/freebl/mpi/mpi-test.c
new file mode 100644
index 0000000..94445e5
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi-test.c
@@ -0,0 +1,2160 @@
+/*
+ * mpi-test.c
+ *
+ * This is a general test suite for the MPI library, which tests
+ * all the functions in the library with known values.  The program
+ * exits with a zero (successful) status if the tests pass, or a
+ * nonzero status if the tests fail.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+#include "test-info.c"
+
+/* ZS means Zero Suppressed (no leading zeros) */
+#if MP_USE_LONG_DIGIT
+#define ZS_DIGIT_FMT "%lX"
+#elif MP_USE_LONG_LONG_DIGIT
+#define ZS_DIGIT_FMT "%llX"
+#elif MP_USE_UINT_DIGIT
+#define ZS_DIGIT_FMT "%X"
+#else
+#error "unknown type of digit"
+#endif
+
+/*
+  Test vectors
+
+  If you intend to change any of these values, you must also recompute
+  the corresponding solutions below.  Basically, these are just hex
+  strings (for the big integers) or integer values (for the digits).
+
+  The comparison tests think they know what relationships hold between
+  these values.  If you change that, you may have to adjust the code
+  for the comparison tests accordingly.  Most of the other tests
+  should be fine as long as you re-compute the solutions, though.
+ */
+const char *mp1 = "639A868CDA0C569861B";
+const char *mp2 = "AAFC0A3FE45E5E09DBE2C29";
+const char *mp3 = "B55AA8DF8A7E83241F38AC7A9E479CAEF2E4D7C5";
+const char *mp4 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char *mp5 = "F595CB42";
+const char *mp5a = "-4B597E";
+const char *mp6 = "0";
+const char *mp7 = "EBFA7121CD838CE6439CC59DDB4CBEF3";
+const char *mp8 = "5";
+const char *mp9 = "F74A2876A1432698923B0767DA19DCF3D71795EE";
+const char *mp10 = "9184E72A000";
+const char *mp11 = "54D79A3557E8";
+const char *mp12 = "10000000000000000";
+const char *mp13 =
+    "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342BDAB6163963C"
+    "D5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45F2B050D226E6DA88";
+const char *mp14 =
+    "AC3FA0EABAAC45724814D798942A1E28E14C81E0DE8055CED630E7689DA648683645DB6E"
+    "458D9F5338CC3D4E33A5D1C9BF42780133599E60DEE0049AFA8F9489501AE5C9AA2B8C13"
+    "FD21285A538B2CA87A626BB56E0A654C8707535E637FF4E39174157402BDE3AA30C9F134"
+    "0C1307BAA864B075A9CC828B6A5E2B2BF1AE406D920CC5E7657D7C0E697DEE5375773AF9"
+    "E200A1B8FAD7CD141F9EE47ABB55511FEB9A4D99EBA22F3A3FF6792FA7EE9E5DC0EE94F7"
+    "7A631EDF3D7DD7C2DAAAFDF234D60302AB63D5234CEAE941B9AF0ADDD9E6E3A940A94EE5"
+    "5DB45A7C66E61EDD0477419BBEFA44C325129601C4F45671C6A0E64665DF341D17FBC71F"
+    "77418BD9F4375DDB3B9D56126526D8E5E0F35A121FD4F347013DA880020A752324F31DDD"
+    "9BCDB13A3B86E207A2DE086825E6EEB87B3A64232CFD8205B799BC018634AAE193F19531"
+    "D6EBC19A75F27CFFAA03EB5974898F53FD569AA5CE60F431B53B0CDE715A5F382405C9C4"
+    "761A8E24888328F09F7BCE4E8D80C957DF177629C8421ACCD0C268C63C0DD47C3C0D954F"
+    "D79F7D7297C6788DF4B3E51381759864D880ACA246DF09533739B8BB6085EAF7AE8DC2D9"
+    "F224E6874926C8D24D34B457FD2C9A586C6B99582DC24F787A39E3942786CF1D494B6EB4"
+    "A513498CDA0B217C4E80BCE7DA1C704C35E071AC21E0DA9F57C27C3533F46A8D20B04137"
+    "C1B1384BE4B2EB46";
+const char *mp15 =
+    "39849CF7FD65AF2E3C4D87FE5526221103D90BA26A6642FFE3C3ECC0887BBBC57E011BF1"
+    "05D822A841653509C68F79EBE51C0099B8CBB04DEF31F36F5954208A3209AC122F0E11D8"
+    "4AE67A494D78336A2066D394D42E27EF6B03DDAF6D69F5112C93E714D27C94F82FC7EF77"
+    "445768C68EAE1C4A1407BE1B303243391D325090449764AE469CC53EC8012C4C02A72F37"
+    "07ED7275D2CC8D0A14B5BCC6BF264941520EBA97E3E6BAE4EE8BC87EE0DDA1F5611A6ECB"
+    "65F8AEF4F184E10CADBDFA5A2FEF828901D18C20785E5CC63473D638762DA80625003711"
+    "9E984AC43E707915B133543AF9D5522C3E7180DC58E1E5381C1FB7DC6A5F4198F3E88FA6"
+    "CBB6DFA8B2D1C763226B253E18BCCB79A29EE82D2DE735078C8AE3C3C86D476AAA08434C"
+    "09C274BDD40A1D8FDE38D6536C22F44E807EB73DE4FB36C9F51E0BC835DDBE3A8EFCF2FE"
+    "672B525769DC39230EE624D5EEDBD837C82A52E153F37378C3AD68A81A7ADBDF3345DBCE"
+    "8FA18CA1DE618EF94DF72EAD928D4F45B9E51632ACF158CF8332C51891D1D12C2A7E6684"
+    "360C4BF177C952579A9F442CFFEC8DAE4821A8E7A31C4861D8464CA9116C60866C5E72F7"
+    "434ADBED36D54ACDFDFF70A4EFB46E285131FE725F1C637D1C62115EDAD01C4189716327"
+    "BFAA79618B1656CBFA22C2C965687D0381CC2FE0245913C4D8D96108213680BD8E93E821"
+    "822AD9DDBFE4BD04";
+const char *mp16 = "4A724340668DB150339A70";
+const char *mp17 = "8ADB90F58";
+const char *mp18 = "C64C230AB20E5";
+const char *mp19 =
+    "F1C9DACDA287F2E3C88DCE2393B8F53DAAAC1196DC36510962B6B59454CFE64B";
+const char *mp20 =
+    "D445662C8B6FE394107B867797750C326E0F4A967E135FC430F6CD7207913AC7";
+const char *mp21 = "2";
+
+const mp_digit md1 = 0;
+const mp_digit md2 = 0x1;
+const mp_digit md3 = 0x80;
+const mp_digit md4 = 0x9C97;
+const mp_digit md5 = 0xF5BF;
+const mp_digit md6 = 0x14A0;
+const mp_digit md7 = 0x03E8;
+const mp_digit md8 = 0x0101;
+const mp_digit md9 = 0xA;
+
+/*
+   Solutions of the form x_mpABC, where:
+
+   x = (p)roduct, (s)um, (d)ifference, (q)uotient, (r)emainder, (g)cd,
+       (i)nverse, (e)xponent, square roo(t), (g)cd, (l)cm.  A
+       leading 'm' indicates a modular operation, e.g. ms_mp12 is the
+       modular sum of operands 1 and 2
+
+   ABC are the operand numbers involved in the computation.  If a 'd'
+   precedes the number, it is a digit operand; if a 'c' precedes it,
+   it is a constant; otherwise, it is a full integer.
+ */
+
+const char *p_mp12 = "4286AD72E095C9FE009938750743174ADDD7FD1E53";
+const char *p_mp34 = "-46BDBD66CA108C94A8CF46C325F7B6E2F2BA82D35"
+                     "A1BFD6934C441EE369B60CA29BADC26845E918B";
+const char *p_mp57 = "E260C265A0A27C17AD5F4E59D6E0360217A2EBA6";
+const char *p_mp22 = "7233B5C1097FFC77CCF55928FDC3A5D31B712FDE7A1E91";
+const char *p_mp1d4 = "3CECEA2331F4220BEF68DED";
+const char *p_mp8d6 = "6720";
+const char *p_mp1113 =
+    "11590FC3831C8C3C51813142C88E566408DB04F9E27642F6471A1822E0100B12F7F1"
+    "5699A127C0FA9D26DCBFF458522661F30C6ADA4A07C8C90F9116893F6DBFBF24C3A2"
+    "4340";
+const char *p_mp1415 =
+    "26B36540DE8B3586699CCEAE218A2842C7D5A01590E70C4A26E789107FBCDB06AA2C"
+    "6DDC39E6FA18B16FCB2E934C9A5F844DAD60EE3B1EA82199EC5E9608F67F860FB965"
+    "736055DF0E8F2540EB28D07F47E309B5F5D7C94FF190AB9C83A6970160CA700B1081"
+    "F60518132AF28C6CEE6B7C473E461ABAC52C39CED50A08DD4E7EA8BA18DAD545126D"
+    "A388F6983C29B6BE3F9DCBC15766E8E6D626A92C5296A9C4653CAE5788350C0E2107"
+    "F57E5E8B6994C4847D727FF1A63A66A6CEF42B9C9E6BD04C92550B85D5527DE8A132"
+    "E6BE89341A9285C7CE7FB929D871BBCBD0ED2863B6B078B0DBB30FCA66D6C64284D6"
+    "57F394A0271E15B6EC7A9D530EBAC6CA262EF6F97E1A29FCE7749240E4AECA591ECF"
+    "272122BC587370F9371B67BB696B3CDC1BC8C5B64B6280994EBA00CDEB8EB0F5D06E"
+    "18F401D65FDCECF23DD7B9BB5B4C5458AEF2CCC09BA7F70EACB844750ACFD027521E"
+    "2E047DE8388B35F8512D3DA46FF1A12D4260213602BF7BFFDB6059439B1BD0676449"
+    "8D98C74F48FB3F548948D5BA0C8ECFCD054465132DC43466D6BBD59FBAF8D6D4E157"
+    "2D612B40A956C7D3E140F3B8562EF18568B24D335707D5BAC7495014DF2444172426"
+    "FD099DED560D30D1F945386604AFC85C64BD1E5F531F5C7840475FC0CF0F79810012"
+    "4572BAF5A9910CDBD02B27FFCC3C7E5E88EF59F3AE152476E33EDA696A4F751E0AE4"
+    "A3D2792DEA78E25B9110E12A19EFD09EA47FF9D6594DA445478BEB6901EAF8A35B2D"
+    "FD59BEE9BF7AA8535B7D326EFA5AA2121B5EBE04DD85827A3D43BD04F4AA6D7B62A2"
+    "B6D7A3077286A511A431E1EF75FCEBA3FAE9D5843A8ED17AA02BBB1B571F904699C5"
+    "A6073F87DDD012E2322AB3F41F2A61F428636FE86914148E19B8EF8314ED83332F2F"
+    "8C2ADE95071E792C0A68B903E060DD322A75FD0C2B992059FCCBB58AFA06B50D1634"
+    "BBD93F187FCE0566609FCC2BABB269C66CEB097598AA17957BB4FDA3E64A1B30402E"
+    "851CF9208E33D52E459A92C63FBB66435BB018E155E2C7F055E0B7AB82CD58FC4889"
+    "372ED9EEAC2A07E8E654AB445B9298D2830D6D4DFD117B9C8ABE3968927DC24B3633"
+    "BAD6E6466DB45DDAE87A0AB00336AC2CCCE176704F7214FCAB55743AB76C2B6CA231"
+    "7984610B27B5786DE55C184DDF556EDFEA79A3652831940DAD941E243F482DC17E50"
+    "284BC2FB1AD712A92542C573E55678878F02DFD9E3A863C7DF863227AEDE14B47AD3"
+    "957190124820ADC19F5353878EDB6BF7D0C77352A6E3BDB53EEB88F5AEF6226D6E68"
+    "756776A8FB49B77564147A641664C2A54F7E5B680CCC6A4D22D894E464DF20537094"
+    "548F1732452F9E7F810C0B4B430C073C0FBCE03F0D03F82630654BCE166AA772E1EE"
+    "DD0C08D3E3EBDF0AF54203B43AFDFC40D8FC79C97A4B0A4E1BEB14D8FCEFDDED8758"
+    "6ED65B18";
+const char *p_mp2121 = "4";
+const char *mp_mp345 = "B9B6D3A3";
+const char *mp_mp335 = "16609C2D";
+
+const char *s_mp13 = "B55AA8DF8A7E83241F38B2B446B06A4FB84E5DE0";
+const char *s_mp34 = "517EE6B92EF65C965736EB6BF7C325F73504CEB6";
+const char *s_mp46 = "-63DBC2265B88268DC801C10EA68476B7BDE0090F";
+const char *s_mp5d4 = "F59667D9";
+const char *s_mp2d5 = "AAFC0A3FE45E5E09DBF21E8";
+const char *s_mp1415 =
+    "E5C43DE2B811F4A084625F96E9504039E5258D8348E698CEB9F4D4292622042DB446"
+    "F75F4B65C1FB7A317257FA354BB5A45E789AEC254EAECE11F80A53E3B513822491DB"
+    "D9399DEC4807A2A3A10360129AC93F4A42388D3BF20B310DD0E9E9F4BE07FC88D53A"
+    "78A26091E0AB506A70813712CCBFBDD440A69A906E650EE090FDD6A42A95AC1A414D"
+    "317F1A9F781E6A30E9EE142ECDA45A1E3454A1417A7B9A613DA90831CF88EA1F2E82"
+    "41AE88CC4053220903C2E05BCDD42F02B8CF8868F84C64C5858BAD356143C5494607"
+    "EE22E11650148BAF65A985F6FC4CA540A55697F2B5AA95D6B8CF96EF638416DE1DD6"
+    "3BA9E2C09E22D03E75B60BE456C642F86B82A709253E5E087B507DE3A45F8392423F"
+    "4DBC284E8DC88C43CA77BC8DCEFB6129A59025F80F90FF978116DEBB9209E306FBB9"
+    "1B6111F8B8CFACB7C7C9BC12691C22EE88303E1713F1DFCEB622B8EA102F6365678B"
+    "C580ED87225467AA78E875868BD53B17574BA59305BC1AC666E4B7E9ED72FCFC200E"
+    "189D98FC8C5C7533739C53F52DDECDDFA5A8668BFBD40DABC9640F8FCAE58F532940"
+    "8162261320A25589E9FB51B50F80056471F24B7E1AEC35D1356FC2747FFC13A04B34"
+    "24FCECE10880BD9D97CA8CDEB2F5969BF4F30256EB5ED2BCD1DC64BDC2EE65217848"
+    "48A37FB13F84ED4FB7ACA18C4639EE64309BDD3D552AEB4AAF44295943DC1229A497"
+    "A84A";
+
+const char *ms_mp345 = "1E71E292";
+
+const char *d_mp12 = "-AAFBA6A55DD183FD854A60E";
+const char *d_mp34 = "119366B05E606A9B1E73A6D8944CC1366B0C4E0D4";
+const char *d_mp5d4 = "F5952EAB";
+const char *d_mp6d2 = "-1";
+const char *md_mp345 = "26596B86";
+
+const char *q_mp42 = "-95825A1FFA1A155D5";
+const char *r_mp42 = "-6312E99D7700A3DCB32ADF2";
+const char *q_mp45a = "15344CDA3D841F661D2B61B6EDF7828CE36";
+const char *r_mp45a = "-47C47B";
+const char *q_mp7c2 = "75FD3890E6C1C67321CE62CEEDA65F79";
+const char *q_mp3d6 = "8CAFD53C272BD6FE8B0847BDC3B539EFAB5C3";
+const char *r_mp3d6 = "1E5";
+const char *r_mp5d5 = "1257";
+const char *r_mp47 = "B3A9018D970281A90FB729A181D95CB8";
+const char *q_mp1404 =
+    "-1B994D869142D3EF6123A3CBBC3C0114FA071CFCEEF4B7D231D65591D32501AD80F"
+    "FF49AE4EC80514CC071EF6B42521C2508F4CB2FEAD69A2D2EF3934087DCAF88CC4C4"
+    "659F1CA8A7F4D36817D802F778F1392337FE36302D6865BF0D4645625DF8BB044E19"
+    "930635BE2609FAC8D99357D3A9F81F2578DE15A300964188292107DAC980E0A08CD7"
+    "E938A2135FAD45D50CB1D8C2D4C4E60C27AB98B9FBD7E4DBF752C57D2674520E4BB2"
+    "7E42324C0EFE84FB3E38CF6950E699E86FD45FE40D428400F2F94EDF7E94FAE10B45"
+    "89329E1BF61E5A378C7B31C9C6A234F8254D4C24823B84D0BF8D671D8BC9154DFAC9"
+    "49BD8ACABD6BD32DD4DC587F22C86153CB3954BDF7C2A890D623642492C482CF3E2C"
+    "776FC019C3BBC61688B485E6FD35D6376089C1E33F880E84C4E51E8ABEACE1B3FB70"
+    "3EAD0E28D2D44E7F1C0A859C840775E94F8C1369D985A3C5E8114B21D68B3CBB75D2"
+    "791C586153C85B90CAA483E57A40E2D97950AAB84920A4396C950C87C7FFFE748358"
+    "42A0BF65445B26D40F05BE164B822CA96321F41D85A289C5F5CD5F438A78704C9683"
+    "422299D21899A22F853B0C93081CC9925E350132A0717A611DD932A68A0ACC6E4C7F"
+    "7F685EF8C1F4910AEA5DC00BB5A36FCA07FFEAA490C547F6E14A08FE87041AB803E1"
+    "BD9E23E4D367A2C35762F209073DFF48F3";
+const char *r_mp1404 = "12FF98621ABF63144BFFC3207AC8FC10D8D1A09";
+
+const char *q_mp13c =
+    "34584F700C15A341E40BF7BFDD88A6630C8FF2B2067469372D391342"
+    "BDAB6163963CD5A5C79F708BDE26E0CCF2DB66CD6D6089E29A877C45";
+const char *r_mp13c = "F2B050D226E6DA88";
+const char *q_mp9c16 = "F74A2876A1432698923B0767DA19DCF3D71795E";
+const char *r_mp9c16 = "E";
+
+const char *e_mp5d9 = "A8FD7145E727A20E52E73D22990D35D158090307A"
+                      "13A5215AAC4E9AB1E96BD34E531209E03310400";
+const char *e_mp78 = "AA5F72C737DFFD8CCD108008BFE7C79ADC01A819B"
+                     "32B75FB82EC0FB8CA83311DA36D4063F1E57857A2"
+                     "1AB226563D84A15BB63CE975FF1453BD6750C58D9"
+                     "D113175764F5D0B3C89B262D4702F4D9640A3";
+const char *me_mp817 = "E504493ACB02F7F802B327AB13BF25";
+const char *me_mp5d47 = "1D45ED0D78F2778157992C951DD2734C";
+const char *me_mp1512 = "FB5B2A28D902B9D9";
+const char *me_mp161718 = "423C6AC6DBD74";
+const char *me_mp5114 =
+    "64F0F72807993578BBA3C7C36FFB184028F9EB9A810C92079E1498D8A80FC848E1F0"
+    "25F1DE43B7F6AC063F5CC29D8A7C2D7A66269D72BF5CDC327AF88AF8EF9E601DCB0A"
+    "3F35BFF3525FB1B61CE3A25182F17C0A0633B4089EA15BDC47664A43FEF639748AAC"
+    "19CF58E83D8FA32CD10661D2D4210CC84792937E6F36CB601851356622E63ADD4BD5"
+    "542412C2E0C4958E51FD2524AABDC7D60CFB5DB332EEC9DC84210F10FAE0BA2018F2"
+    "14C9D6867C9D6E49CF28C18D06CE009FD4D04BFC8837C3FAAA773F5CCF6DED1C22DE"
+    "181786AFE188540586F2D74BF312E595244E6936AE52E45742109BAA76C36F2692F5"
+    "CEF97AD462B138BE92721194B163254CBAAEE9B9864B21CCDD5375BCAD0D24132724"
+    "113D3374B4BCF9AA49BA5ACBC12288C0BCF46DCE6CB4A241A91BD559B130B6E9CD3D"
+    "D7A2C8B280C2A278BA9BF5D93244D563015C9484B86D9FEB602501DC16EEBC3EFF19"
+    "53D7999682BF1A1E3B2E7B21F4BDCA3C355039FEF55B9C0885F98DC355CA7A6D8ECF"
+    "5F7F1A6E11A764F2343C823B879B44616B56BF6AE3FA2ACF5483660E618882018E3F"
+    "C8459313BACFE1F93CECC37B2576A5C0B2714BD3EEDEEC22F0E7E3E77B11396B9B99"
+    "D683F2447A4004BBD4A57F6A616CDDFEC595C4FC19884CC2FC21CF5BF5B0B81E0F83"
+    "B9DDA0CF4DFF35BB8D31245912BF4497FD0BD95F0C604E26EA5A8EA4F5EAE870A5BD"
+    "FE8C";
+
+const char *e_mpc2d3 = "100000000000000000000000000000000";
+
+const char *t_mp9 = "FB9B6E32FF0452A34746";
+const char *i_mp27 = "B6AD8DCCDAF92B6FE57D062FFEE3A99";
+const char *i_mp2019 =
+    "BDF3D88DC373A63EED92903115B03FC8501910AF68297B4C41870AED3EA9F839";
+/* "15E3FE09E8AE5523AABA197BD2D16318D3CA148EDF4AE1C1C52FC96AFAF5680B"; */
+
+const char *t_mp15 =
+    "795853094E59B0008093BCA8DECF68587C64BDCA2F3F7F8963DABC12F1CFFFA9B8C4"
+    "365232FD4751870A0EF6CA619287C5D8B7F1747D95076AB19645EF309773E9EACEA0"
+    "975FA4AE16251A8DA5865349C3A903E3B8A2C0DEA3C0720B6020C7FED69AFF62BB72"
+    "10FAC443F9FFA2950776F949E819260C2AF8D94E8A1431A40F8C23C1973DE5D49AA2"
+    "0B3FF5DA5C1D5324E712A78FF33A9B1748F83FA529905924A31DF38643B3F693EF9B"
+    "58D846BB1AEAE4523ECC843FF551C1B300A130B65C1677402778F98C51C10813250E"
+    "2496882877B069E877B59740DC1226F18A5C0F66F64A5F59A9FAFC5E9FC45AEC0E7A"
+    "BEE244F7DD3AC268CF512A0E52E4F5BE5B94";
+
+const char *g_mp71 = "1";
+const char *g_mp25 = "7";
+const char *l_mp1011 = "C589E3D7D64A6942A000";
+
+/* mp9 in radices from 5 to 64 inclusive */
+#define LOW_RADIX 5
+#define HIGH_RADIX 64
+const char *v_mp9[] = {
+    "404041130042310320100141302000203430214122130002340212132414134210033",
+    "44515230120451152500101352430105520150025145320010504454125502",
+    "644641136612541136016610100564613624243140151310023515322",
+    "173512120732412062323044435407317550316717172705712756",
+    "265785018434285762514442046172754680368422060744852",
+    "1411774500397290569709059837552310354075408897518",
+    "184064268501499311A17746095910428222A241708032A",
+    "47706011B225950B02BB45602AA039893118A85950892",
+    "1A188C826B982353CB58422563AC602B783101671A86",
+    "105957B358B89B018958908A9114BC3DDC410B77982",
+    "CB7B3387E23452178846C55DD9D70C7CA9AEA78E8",
+    "F74A2876A1432698923B0767DA19DCF3D71795EE",
+    "17BF7C3673B76D7G7A5GA836277296F806E7453A",
+    "2EBG8HH3HFA6185D6H0596AH96G24C966DD3HG2",
+    "6G3HGBFEG8I3F25EAF61B904EIA40CFDH2124F",
+    "10AHC3D29EBHDF3HD97905CG0JA8061855C3FI",
+    "3BA5A55J5K699B2D09C38A4B237CH51IHA132",
+    "EDEA90DJ0B5CB3FGG1C8587FEB99D3C143CA",
+    "31M26JI1BBD56K3I028MML4EEDMAJK60LGLE",
+    "GGG5M3142FKKG82EJ28111D70EMHC241E4E",
+    "4446F4D5H10982023N297BF0DKBBHLLJB0I",
+    "12E9DEEOBMKAKEP0IM284MIP7FO1O521M46",
+    "85NN0HD48NN2FDDB1F5BMMKIB8CK20MDPK",
+    "2D882A7A0O0JPCJ4APDRIB77IABAKDGJP2",
+    "MFMCI0R7S27AAA3O3L2S8K44HKA7O02CN",
+    "7IGQS73FFSHC50NNH44B6PTTNLC3M6H78",
+    "2KLUB3U9850CSN6ANIDNIF1LB29MJ43LH",
+    "UT52GTL18CJ9H4HR0TJTK6ESUFBHF5FE",
+    "BTVL87QQBMUGF8PFWU4W3VU7U922QTMW",
+    "4OG10HW0MSWJBIDEE2PDH24GA7RIHIAA",
+    "1W8W9AX2DRUX48GXOLMK0PE42H0FEUWN",
+    "SVWI84VBH069WR15W1U2VTK06USY8Z2",
+    "CPTPNPDa5TYCPPNLALENT9IMX2GL0W2",
+    "5QU21UJMRaUYYYYYN6GHSMPOYOXEEUY",
+    "2O2Q7C6RPPB1SXJ9bR4035SPaQQ3H2W",
+    "18d994IbT4PHbD7cGIPCRP00bbQO0bc",
+    "NcDUEEWRO7XT76260WGeBHPVa72RdA",
+    "BbX2WCF9VfSB5LPdJAdeXKV1fd6LC2",
+    "60QDKW67P4JSQaTdQg7JE9ISafLaVU",
+    "33ba9XbDbRdNF4BeDB2XYMhAVDaBdA",
+    "1RIPZJA8gT5L5H7fTcaRhQ39geMMTc",
+    "d65j70fBATjcDiidPYXUGcaBVVLME",
+    "LKA9jhPabDG612TXWkhfT2gMXNIP2",
+    "BgNaYhjfT0G8PBcYRP8khJCR3C9QE",
+    "6Wk8RhJTAgDh10fYAiUVB1aM0HacG",
+    "3dOCjaf78kd5EQNViUZWj3AfFL90I",
+    "290VWkL3aiJoW4MBbHk0Z0bDo22Ni",
+    "1DbDZ1hpPZNUDBUp6UigcJllEdC26",
+    "dFSOLBUM7UZX8Vnc6qokGIOiFo1h",
+    "NcoUYJOg0HVmKI9fR2ag0S8R2hrK",
+    "EOpiJ5Te7oDe2pn8ZhAUKkhFHlZh",
+    "8nXK8rp8neV8LWta1WDgd1QnlWsU",
+    "5T3d6bcSBtHgrH9bCbu84tblaa7r",
+    "3PlUDIYUvMqOVCir7AtquK5dWanq",
+    "2A70gDPX2AtiicvIGGk9poiMtgvu",
+    "1MjiRxjk10J6SVAxFguv9kZiUnIc",
+    "rpre2vIDeb4h3sp50r1YBbtEx9L",
+    "ZHcoip0AglDAfibrsUcJ9M1C8fm",
+    "NHP18+eoe6uU54W49Kc6ZK7+bT2",
+    "FTAA7QXGoQOaZi7PzePtFFN5vNk"
+};
+
+const unsigned char b_mp4[] = {
+    0x01,
+#if MP_DIGIT_MAX > MP_32BIT_MAX
+    0x00, 0x00, 0x00, 0x00,
+#endif
+    0x63, 0xDB, 0xC2, 0x26,
+    0x5B, 0x88, 0x26, 0x8D,
+    0xC8, 0x01, 0xC1, 0x0E,
+    0xA6, 0x84, 0x76, 0xB7,
+    0xBD, 0xE0, 0x09, 0x0F
+};
+
+/* Search for a test suite name in the names table  */
+int find_name(char *name);
+void reason(char *fmt, ...);
+
+/*------------------------------------------------------------------------*/
+/*------------------------------------------------------------------------*/
+
+char g_intbuf[4096]; /* buffer for integer comparison   */
+char a_intbuf[4096]; /* buffer for integer comparison   */
+int g_verbose = 1;   /* print out reasons for failure?  */
+int res;
+
+#define IFOK(x)                                            \
+    {                                                      \
+        if (MP_OKAY > (res = (x))) {                       \
+            reason("test %s failed: error %d\n", #x, res); \
+            return 1;                                      \
+        }                                                  \
+    }
+
+int
+main(int argc, char *argv[])
+{
+    int which, res;
+
+    srand((unsigned int)time(NULL));
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <test-suite> | list\n"
+                        "Type '%s help' for assistance\n",
+                argv[0], argv[0]);
+        return 2;
+    } else if (argc > 2) {
+        if (strcmp(argv[2], "quiet") == 0)
+            g_verbose = 0;
+    }
+
+    if (strcmp(argv[1], "help") == 0) {
+        fprintf(stderr, "Help for mpi-test\n\n"
+                        "This program is a test driver for the MPI library, which\n"
+                        "tests all the various functions in the library to make sure\n"
+                        "they are working correctly.  The syntax is:\n"
+                        "    %s <suite-name>\n"
+                        "...where <suite-name> is the name of the test you wish to\n"
+                        "run.  To get a list of the tests, use '%s list'.\n\n"
+                        "The program exits with a status of zero if the test passes,\n"
+                        "or non-zero if it fails.  Ordinarily, failure is accompanied\n"
+                        "by a diagnostic message to standard error.  To suppress this\n"
+                        "add the keyword 'quiet' after the suite-name on the command\n"
+                        "line.\n\n",
+                argv[0], argv[0]);
+        return 0;
+    }
+
+    if ((which = find_name(argv[1])) < 0) {
+        fprintf(stderr, "%s: test suite '%s' is not known\n", argv[0], argv[1]);
+        return 2;
+    }
+
+    if ((res = (g_tests[which])()) < 0) {
+        fprintf(stderr, "%s: test suite not implemented yet\n", argv[0]);
+        return 2;
+    } else {
+        return res;
+    }
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+find_name(char *name)
+{
+    int ix = 0;
+
+    while (ix < g_count) {
+        if (strcmp(name, g_names[ix]) == 0)
+            return ix;
+
+        ++ix;
+    }
+
+    return -1;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_list(void)
+{
+    int ix;
+
+    fprintf(stderr, "There are currently %d test suites available\n",
+            g_count);
+
+    for (ix = 1; ix < g_count; ix++)
+        fprintf(stdout, "%-20s %s\n", g_names[ix], g_descs[ix]);
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_copy(void)
+{
+    mp_int a, b;
+    int ix;
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, mp3, 16);
+    mp_copy(&a, &b);
+
+    if (SIGN(&a) != SIGN(&b) || USED(&a) != USED(&b)) {
+        if (SIGN(&a) != SIGN(&b)) {
+            reason("error: sign of original is %d, sign of copy is %d\n",
+                   SIGN(&a), SIGN(&b));
+        } else {
+            reason("error: original precision is %d, copy precision is %d\n",
+                   USED(&a), USED(&b));
+        }
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    for (ix = 0; ix < USED(&b); ix++) {
+        if (DIGIT(&a, ix) != DIGIT(&b, ix)) {
+            reason("error: digit %d " DIGIT_FMT " != " DIGIT_FMT "\n",
+                   ix, DIGIT(&a, ix), DIGIT(&b, ix));
+            mp_clear(&a);
+            mp_clear(&b);
+            return 1;
+        }
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_exch(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp7, 16);
+    mp_read_radix(&b, mp1, 16);
+
+    mp_exch(&a, &b);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, mp1) != 0) {
+        mp_clear(&b);
+        reason("error: exchange failed\n");
+        return 1;
+    }
+
+    mp_toradix(&b, g_intbuf, 16);
+
+    mp_clear(&b);
+    if (strcmp(g_intbuf, mp7) != 0) {
+        reason("error: exchange failed\n");
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_zero(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp7, 16);
+    mp_zero(&a);
+
+    if (USED(&a) != 1 || DIGIT(&a, 1) != 0) {
+        mp_toradix(&a, g_intbuf, 16);
+        reason("error: result is %s\n", g_intbuf);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_set(void)
+{
+    mp_int a;
+
+    /* Test single digit set */
+    mp_init(&a);
+    mp_set(&a, 5);
+    if (DIGIT(&a, 0) != 5) {
+        mp_toradix(&a, g_intbuf, 16);
+        reason("error: result is %s, expected 5\n", g_intbuf);
+        mp_clear(&a);
+        return 1;
+    }
+
+    /* Test integer set */
+    mp_set_int(&a, -4938110);
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    if (strcmp(g_intbuf, mp5a) != 0) {
+        reason("error: result is %s, expected %s\n", g_intbuf, mp5a);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_abs(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp4, 16);
+    mp_abs(&a, &a);
+
+    if (SIGN(&a) != ZPOS) {
+        reason("error: sign of result is negative\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_neg(void)
+{
+    mp_int a;
+    mp_sign s;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp4, 16);
+
+    s = SIGN(&a);
+    mp_neg(&a, &a);
+    if (SIGN(&a) == s) {
+        reason("error: sign of result is same as sign of nonzero input\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_add_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+
+    mp_read_radix(&a, mp5, 16);
+    mp_add_d(&a, md4, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp5d4) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp5d4);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp2, 16);
+    mp_add_d(&a, md5, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp2d5) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp2d5);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_add(void)
+{
+    mp_int a, b;
+    int res = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp3, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp13) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp13);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp34) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp34);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&b, mp6, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp46) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp46);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp14, 16);
+    mp_read_radix(&b, mp15, 16);
+    mp_add(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, s_mp1415) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, s_mp1415);
+        res = 1;
+    }
+
+CLEANUP:
+    mp_clear(&a);
+    mp_clear(&b);
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sub_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp5, 16);
+
+    mp_sub_d(&a, md4, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, d_mp5d4) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp5d4);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp6, 16);
+
+    mp_sub_d(&a, md2, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, d_mp6d2) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp6d2);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sub(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp2, 16);
+    mp_sub(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, d_mp12) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp12);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_sub(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, d_mp34) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, d_mp34);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mul_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp1, 16);
+
+    IFOK(mp_mul_d(&a, md4, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp1d4) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp1d4);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp8, 16);
+    IFOK(mp_mul_d(&a, md6, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, p_mp8d6) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp8d6);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mul(void)
+{
+    mp_int a, b;
+    int res = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp2, 16);
+
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp12) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp12);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp34) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp34);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&b, mp7, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp57) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp57);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp11, 16);
+    mp_read_radix(&b, mp13, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp1113) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp1113);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp14, 16);
+    mp_read_radix(&b, mp15, 16);
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, p_mp1415) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp1415);
+        res = 1;
+    }
+    mp_read_radix(&a, mp21, 10);
+    mp_read_radix(&b, mp21, 10);
+
+    IFOK(mp_mul(&a, &b, &a));
+    mp_toradix(&a, g_intbuf, 10);
+
+    if (strcmp(g_intbuf, p_mp2121) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp2121);
+        res = 1;
+        goto CLEANUP;
+    }
+
+CLEANUP:
+    mp_clear(&a);
+    mp_clear(&b);
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sqr(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp2, 16);
+
+    mp_sqr(&a, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, p_mp22) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, p_mp22);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div_d(void)
+{
+    mp_int a, q;
+    mp_digit r;
+    int err = 0;
+
+    mp_init(&a);
+    mp_init(&q);
+    mp_read_radix(&a, mp3, 16);
+
+    IFOK(mp_div_d(&a, md6, &q, &r));
+    mp_toradix(&q, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp3d6) != 0) {
+        reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp3d6);
+        ++err;
+    }
+
+    sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+
+    if (strcmp(g_intbuf, r_mp3d6) != 0) {
+        reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp3d6);
+        ++err;
+    }
+
+    mp_read_radix(&a, mp9, 16);
+    IFOK(mp_div_d(&a, 16, &q, &r));
+    mp_toradix(&q, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp9c16) != 0) {
+        reason("error: computed q = %s, expected %s\n", g_intbuf, q_mp9c16);
+        ++err;
+    }
+
+    sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+
+    if (strcmp(g_intbuf, r_mp9c16) != 0) {
+        reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp9c16);
+        ++err;
+    }
+
+    mp_clear(&a);
+    mp_clear(&q);
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div_2(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp7, 16);
+    IFOK(mp_div_2(&a, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, q_mp7c2) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, q_mp7c2);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div_2d(void)
+{
+    mp_int a, q, r;
+
+    mp_init(&q);
+    mp_init(&r);
+    mp_init(&a);
+    mp_read_radix(&a, mp13, 16);
+
+    IFOK(mp_div_2d(&a, 64, &q, &r));
+    mp_clear(&a);
+
+    mp_toradix(&q, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp13c) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, q_mp13c);
+        mp_clear(&q);
+        mp_clear(&r);
+        return 1;
+    }
+
+    mp_clear(&q);
+
+    mp_toradix(&r, g_intbuf, 16);
+    if (strcmp(g_intbuf, r_mp13c) != 0) {
+        reason("error, computed %s, expected %s\n", g_intbuf, r_mp13c);
+        mp_clear(&r);
+        return 1;
+    }
+
+    mp_clear(&r);
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_div(void)
+{
+    mp_int a, b, r;
+    int err = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&r);
+
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&b, mp2, 16);
+    IFOK(mp_div(&a, &b, &a, &r));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp42) != 0) {
+        reason("error: test 1 computed quot %s, expected %s\n", g_intbuf, q_mp42);
+        ++err;
+    }
+
+    mp_toradix(&r, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, r_mp42) != 0) {
+        reason("error: test 1 computed rem %s, expected %s\n", g_intbuf, r_mp42);
+        ++err;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&b, mp5a, 16);
+    IFOK(mp_div(&a, &b, &a, &r));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp45a) != 0) {
+        reason("error: test 2 computed quot %s, expected %s\n", g_intbuf, q_mp45a);
+        ++err;
+    }
+
+    mp_toradix(&r, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, r_mp45a) != 0) {
+        reason("error: test 2 computed rem %s, expected %s\n", g_intbuf, r_mp45a);
+        ++err;
+    }
+
+    mp_read_radix(&a, mp14, 16);
+    mp_read_radix(&b, mp4, 16);
+    IFOK(mp_div(&a, &b, &a, &r));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, q_mp1404) != 0) {
+        reason("error: test 3 computed quot %s, expected %s\n", g_intbuf, q_mp1404);
+        ++err;
+    }
+
+    mp_toradix(&r, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, r_mp1404) != 0) {
+        reason("error: test 3 computed rem %s, expected %s\n", g_intbuf, r_mp1404);
+        ++err;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&r);
+
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_expt_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp5, 16);
+    mp_expt_d(&a, md9, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    mp_clear(&a);
+    if (strcmp(g_intbuf, e_mp5d9) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, e_mp5d9);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_expt(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp7, 16);
+    mp_read_radix(&b, mp8, 16);
+
+    mp_expt(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+
+    if (strcmp(g_intbuf, e_mp78) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, e_mp78);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_2expt(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_2expt(&a, md3);
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+
+    if (strcmp(g_intbuf, e_mpc2d3) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, e_mpc2d3);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sqrt(void)
+{
+    mp_int a;
+    int res = 0;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp9, 16);
+    mp_sqrt(&a, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, t_mp9) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, t_mp9);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp15, 16);
+    mp_sqrt(&a, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, t_mp15) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, t_mp15);
+        res = 1;
+    }
+
+CLEANUP:
+    mp_clear(&a);
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mod_d(void)
+{
+    mp_int a;
+    mp_digit r;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp5, 16);
+    IFOK(mp_mod_d(&a, md5, &r));
+    sprintf(g_intbuf, ZS_DIGIT_FMT, r);
+    mp_clear(&a);
+
+    if (strcmp(g_intbuf, r_mp5d5) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, r_mp5d5);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mod(void)
+{
+    mp_int a, m;
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp4, 16);
+    mp_read_radix(&m, mp7, 16);
+    IFOK(mp_mod(&a, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, r_mp47) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, r_mp47);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_addmod(void)
+{
+    mp_int a, b, m;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_addmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, ms_mp345) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, ms_mp345);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_submod(void)
+{
+    mp_int a, b, m;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_submod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, md_mp345) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, md_mp345);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_mulmod(void)
+{
+    mp_int a, b, m;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_mulmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, mp_mp345) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, mp_mp345);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_sqrmod(void)
+{
+    mp_int a, m;
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&m, mp5, 16);
+
+    IFOK(mp_sqrmod(&a, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, mp_mp335) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, mp_mp335);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_exptmod(void)
+{
+    mp_int a, b, m;
+    int res = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, mp8, 16);
+    mp_read_radix(&b, mp1, 16);
+    mp_read_radix(&m, mp7, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp817) != 0) {
+        reason("case 1: error: computed %s, expected %s\n", g_intbuf, me_mp817);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp1, 16);
+    mp_read_radix(&b, mp5, 16);
+    mp_read_radix(&m, mp12, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp1512) != 0) {
+        reason("case 2: error: computed %s, expected %s\n", g_intbuf, me_mp1512);
+        res = 1;
+        goto CLEANUP;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&b, mp1, 16);
+    mp_read_radix(&m, mp14, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp5114) != 0) {
+        reason("case 3: error: computed %s, expected %s\n", g_intbuf, me_mp5114);
+        res = 1;
+    }
+
+    mp_read_radix(&a, mp16, 16);
+    mp_read_radix(&b, mp17, 16);
+    mp_read_radix(&m, mp18, 16);
+
+    IFOK(mp_exptmod(&a, &b, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, me_mp161718) != 0) {
+        reason("case 4: error: computed %s, expected %s\n", g_intbuf, me_mp161718);
+        res = 1;
+    }
+
+CLEANUP:
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_exptmod_d(void)
+{
+    mp_int a, m;
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&m, mp7, 16);
+
+    IFOK(mp_exptmod_d(&a, md4, &m, &a));
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, me_mp5d47) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, me_mp5d47);
+        return 1;
+    }
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_invmod(void)
+{
+    mp_int a, m, c;
+    mp_int p1, p2, p3, p4, p5;
+    mp_int t1, t2, t3, t4;
+    mp_err res;
+
+    /* 5 128-bit primes. */
+    static const char ivp1[] = { "AAD8A5A2A2BEF644BAEE7DB0CA643719" };
+    static const char ivp2[] = { "CB371AD2B79A90BCC88D0430663E40B9" };
+    static const char ivp3[] = { "C6C818D4DF2618406CA09280C0400099" };
+    static const char ivp4[] = { "CE949C04512E68918006B1F0D7E93F27" };
+    static const char ivp5[] = { "F8EE999B6416645040687440E0B89F51" };
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp2, 16);
+    mp_read_radix(&m, mp7, 16);
+
+    IFOK(mp_invmod(&a, &m, &a));
+
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, i_mp27) != 0) {
+        reason("error: invmod test 1 computed %s, expected %s\n", g_intbuf, i_mp27);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, mp20, 16);
+    mp_read_radix(&m, mp19, 16);
+
+    IFOK(mp_invmod(&a, &m, &a));
+
+    mp_toradix(&a, g_intbuf, 16);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    if (strcmp(g_intbuf, i_mp2019) != 0) {
+        reason("error: invmod test 2 computed %s, expected %s\n", g_intbuf, i_mp2019);
+        return 1;
+    }
+
+    /* Need the following test cases:
+      Odd modulus
+        - a is odd,      relatively prime to m
+        - a is odd,  not relatively prime to m
+        - a is even,     relatively prime to m
+        - a is even, not relatively prime to m
+      Even modulus
+        - a is even  (should fail)
+        - a is odd,  not relatively prime to m
+        - a is odd,      relatively prime to m,
+          m is not a power of 2
+        - m has factor 2**k, k < 32
+        - m has factor 2**k, k > 32
+          m is a power of 2, 2**k
+        - k < 32
+        - k > 32
+    */
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_init(&c);
+    mp_init(&p1);
+    mp_init(&p2);
+    mp_init(&p3);
+    mp_init(&p4);
+    mp_init(&p5);
+    mp_init(&t1);
+    mp_init(&t2);
+    mp_init(&t3);
+    mp_init(&t4);
+
+    mp_read_radix(&p1, ivp1, 16);
+    mp_read_radix(&p2, ivp2, 16);
+    mp_read_radix(&p3, ivp3, 16);
+    mp_read_radix(&p4, ivp4, 16);
+    mp_read_radix(&p5, ivp5, 16);
+
+    IFOK(mp_2expt(&t2, 68));  /* t2 = 2**68 */
+    IFOK(mp_2expt(&t3, 128)); /* t3 = 2**128 */
+    IFOK(mp_2expt(&t4, 31));  /* t4 = 2**31 */
+
+    /* test 3: Odd modulus - a is odd, relatively prime to m */
+
+    IFOK(mp_mul(&p1, &p2, &a));
+    IFOK(mp_mul(&p3, &p4, &m));
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 3 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&a);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 4: Odd modulus - a is odd, NOT relatively prime to m */
+
+    IFOK(mp_mul(&p1, &p3, &a));
+    /* reuse same m as before */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP4;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP4:
+        reason("error: invmod test 4 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&a);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 5: Odd modulus - a is even, relatively prime to m */
+
+    IFOK(mp_mul(&p1, &t2, &a));
+    /* reuse m */
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 5 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&a);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 6: Odd modulus - a is odd, NOT relatively prime to m */
+
+    /* reuse t2 */
+    IFOK(mp_mul(&t2, &p3, &a));
+    /* reuse same m as before */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP6;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP6:
+        reason("error: invmod test 6 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&m);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_init(&a);
+    mp_init(&m);
+    mp_init(&c);
+    mp_init(&t1);
+
+    /* test 7: Even modulus, even a, should fail */
+
+    IFOK(mp_mul(&p3, &t3, &m)); /* even m */
+    /* reuse t2 */
+    IFOK(mp_mul(&p1, &t2, &a)); /* even a */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP7;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP7:
+        reason("error: invmod test 7 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_init(&a);
+    mp_init(&c);
+    mp_init(&t1);
+
+    /* test 8: Even modulus    - a is odd,  not relatively prime to m */
+
+    /* reuse m */
+    IFOK(mp_mul(&p3, &p1, &a)); /* even a */
+
+    res = mp_invmod_xgcd(&a, &m, &c);
+    if (res != MP_UNDEF)
+        goto CLEANUP8;
+
+    res = mp_invmod(&a, &m, &t1); /* we expect this to fail. */
+    if (res != MP_UNDEF) {
+    CLEANUP8:
+        reason("error: invmod test 8 succeeded, should have failed.\n");
+        return 1;
+    }
+    mp_clear(&a);
+    mp_clear(&m);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_init(&a);
+    mp_init(&m);
+    mp_init(&c);
+    mp_init(&t1);
+
+    /* test 9: Even modulus    - m has factor 2**k, k < 32
+     *                     - a is odd, relatively prime to m,
+     */
+    IFOK(mp_mul(&p3, &t4, &m)); /* even m */
+    IFOK(mp_mul(&p1, &p2, &a));
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 9 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&m);
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&m);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 10: Even modulus    - m has factor 2**k, k > 32
+     *                      - a is odd, relatively prime to m,
+     */
+    IFOK(mp_mul(&p3, &t3, &m)); /* even m */
+    /* reuse a */
+    IFOK(mp_invmod(&a, &m, &t1));
+    IFOK(mp_invmod_xgcd(&a, &m, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 10 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 11: Even modulus    - m is a power of 2, 2**k | k < 32
+     *                          - a is odd, relatively prime to m,
+     */
+    IFOK(mp_invmod(&a, &t4, &t1));
+    IFOK(mp_invmod_xgcd(&a, &t4, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 11 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+    mp_clear(&t1);
+    mp_clear(&c);
+    mp_init(&t1);
+    mp_init(&c);
+
+    /* test 12: Even modulus    - m is a power of 2, 2**k | k > 32
+     *                          - a is odd, relatively prime to m,
+     */
+    IFOK(mp_invmod(&a, &t3, &t1));
+    IFOK(mp_invmod_xgcd(&a, &t3, &c));
+
+    if (mp_cmp(&t1, &c) != 0) {
+        mp_toradix(&t1, g_intbuf, 16);
+        mp_toradix(&c, a_intbuf, 16);
+        reason("error: invmod test 12 computed %s, expected %s\n",
+               g_intbuf, a_intbuf);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&m);
+    mp_clear(&c);
+    mp_clear(&t1);
+    mp_clear(&t2);
+    mp_clear(&t3);
+    mp_clear(&t4);
+    mp_clear(&p1);
+    mp_clear(&p2);
+    mp_clear(&p3);
+    mp_clear(&p4);
+    mp_clear(&p5);
+
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp_d(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp8, 16);
+
+    if (mp_cmp_d(&a, md8) >= 0) {
+        reason("error: %s >= " DIGIT_FMT "\n", mp8, md8);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+
+    if (mp_cmp_d(&a, md8) <= 0) {
+        reason("error: %s <= " DIGIT_FMT "\n", mp5, md8);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp6, 16);
+
+    if (mp_cmp_d(&a, md1) != 0) {
+        reason("error: %s != " DIGIT_FMT "\n", mp6, md1);
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp_z(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp6, 16);
+
+    if (mp_cmp_z(&a) != 0) {
+        reason("error: someone thinks a zero value is non-zero\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp1, 16);
+
+    if (mp_cmp_z(&a) <= 0) {
+        reason("error: someone thinks a positive value is non-positive\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp4, 16);
+
+    if (mp_cmp_z(&a) >= 0) {
+        reason("error: someone thinks a negative value is non-negative\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp3, 16);
+    mp_read_radix(&b, mp4, 16);
+
+    if (mp_cmp(&a, &b) <= 0) {
+        reason("error: %s <= %s\n", mp3, mp4);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&b, mp3, 16);
+    if (mp_cmp(&a, &b) != 0) {
+        reason("error: %s != %s\n", mp3, mp3);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp5, 16);
+    if (mp_cmp(&a, &b) >= 0) {
+        reason("error: %s >= %s\n", mp5, mp3);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_cmp_mag(void)
+{
+    mp_int a, b;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp5, 16);
+    mp_read_radix(&b, mp4, 16);
+
+    if (mp_cmp_mag(&a, &b) >= 0) {
+        reason("error: %s >= %s\n", mp5, mp4);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&b, mp5, 16);
+    if (mp_cmp_mag(&a, &b) != 0) {
+        reason("error: %s != %s\n", mp5, mp5);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp1, 16);
+    if (mp_cmp_mag(&b, &a) >= 0) {
+        reason("error: %s >= %s\n", mp5, mp1);
+        mp_clear(&a);
+        mp_clear(&b);
+        return 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_parity(void)
+{
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp1, 16);
+
+    if (!mp_isodd(&a)) {
+        reason("error: expected operand to be odd, but it isn't\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_read_radix(&a, mp6, 16);
+
+    if (!mp_iseven(&a)) {
+        reason("error: expected operand to be even, but it isn't\n");
+        mp_clear(&a);
+        return 1;
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_gcd(void)
+{
+    mp_int a, b;
+    int out = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp7, 16);
+    mp_read_radix(&b, mp1, 16);
+
+    mp_gcd(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, g_mp71) != 0) {
+        reason("error: computed %s, expected %s\n", g_intbuf, g_mp71);
+        out = 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    return out;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_lcm(void)
+{
+    mp_int a, b;
+    int out = 0;
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_read_radix(&a, mp10, 16);
+    mp_read_radix(&b, mp11, 16);
+
+    mp_lcm(&a, &b, &a);
+    mp_toradix(&a, g_intbuf, 16);
+
+    if (strcmp(g_intbuf, l_mp1011) != 0) {
+        reason("error: computed %s, expected%s\n", g_intbuf, l_mp1011);
+        out = 1;
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+
+    return out;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_convert(void)
+{
+    int ix;
+    mp_int a;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp9, 16);
+
+    for (ix = LOW_RADIX; ix <= HIGH_RADIX; ix++) {
+        mp_toradix(&a, g_intbuf, ix);
+
+        if (strcmp(g_intbuf, v_mp9[ix - LOW_RADIX]) != 0) {
+            reason("error: radix %d, computed %s, expected %s\n",
+                   ix, g_intbuf, v_mp9[ix - LOW_RADIX]);
+            mp_clear(&a);
+            return 1;
+        }
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_raw(void)
+{
+    int len, out = 0;
+    mp_int a;
+    char *buf;
+
+    mp_init(&a);
+    mp_read_radix(&a, mp4, 16);
+
+    len = mp_raw_size(&a);
+    if (len != sizeof(b_mp4)) {
+        reason("error: test_raw: expected length %d, computed %d\n", sizeof(b_mp4),
+               len);
+        mp_clear(&a);
+        return 1;
+    }
+
+    buf = calloc(len, sizeof(char));
+    mp_toraw(&a, buf);
+
+    if (memcmp(buf, b_mp4, sizeof(b_mp4)) != 0) {
+        reason("error: test_raw: binary output does not match test vector\n");
+        out = 1;
+    }
+
+    free(buf);
+    mp_clear(&a);
+
+    return out;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_pprime(void)
+{
+    mp_int p;
+    int err = 0;
+    mp_err res;
+
+    mp_init(&p);
+    mp_read_radix(&p, mp7, 16);
+
+    if (mpp_pprime(&p, 5) != MP_YES) {
+        reason("error: %s failed Rabin-Miller test, but is prime\n", mp7);
+        err = 1;
+    }
+
+    IFOK(mp_set_int(&p, 9));
+    res = mpp_pprime(&p, 50);
+    if (res == MP_YES) {
+        reason("error: 9 is composite but passed Rabin-Miller test\n");
+        err = 1;
+    } else if (res != MP_NO) {
+        reason("test mpp_pprime(9, 50) failed: error %d\n", res);
+        err = 1;
+    }
+
+    IFOK(mp_set_int(&p, 15));
+    res = mpp_pprime(&p, 50);
+    if (res == MP_YES) {
+        reason("error: 15 is composite but passed Rabin-Miller test\n");
+        err = 1;
+    } else if (res != MP_NO) {
+        reason("test mpp_pprime(15, 50) failed: error %d\n", res);
+        err = 1;
+    }
+
+    mp_clear(&p);
+
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+
+int
+test_fermat(void)
+{
+    mp_int p;
+    mp_err res;
+    int err = 0;
+
+    mp_init(&p);
+    mp_read_radix(&p, mp7, 16);
+
+    if ((res = mpp_fermat(&p, 2)) != MP_YES) {
+        reason("error: %s failed Fermat test on 2: %s\n", mp7,
+               mp_strerror(res));
+        ++err;
+    }
+
+    if ((res = mpp_fermat(&p, 3)) != MP_YES) {
+        reason("error: %s failed Fermat test on 3: %s\n", mp7,
+               mp_strerror(res));
+        ++err;
+    }
+
+    mp_clear(&p);
+
+    return err;
+}
+
+/*------------------------------------------------------------------------*/
+/* Like fprintf(), but only if we are behaving in a verbose manner        */
+
+void
+reason(char *fmt, ...)
+{
+    va_list ap;
+
+    if (!g_verbose)
+        return;
+
+    va_start(ap, fmt);
+    vfprintf(stderr, fmt, ap);
+    va_end(ap);
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/mpi.c b/nss/lib/freebl/mpi/mpi.c
new file mode 100644
index 0000000..e4b2645
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi.c
@@ -0,0 +1,4837 @@
+/*
+ *  mpi.c
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi-priv.h"
+#if defined(OSF1)
+#include <c_asm.h>
+#endif
+
+#if defined(__arm__) && \
+    ((defined(__thumb__) && !defined(__thumb2__)) || defined(__ARM_ARCH_3__))
+/* 16-bit thumb or ARM v3 doesn't work inlined assember version */
+#undef MP_ASSEMBLY_MULTIPLY
+#undef MP_ASSEMBLY_SQUARE
+#endif
+
+#if MP_LOGTAB
+/*
+  A table of the logs of 2 for various bases (the 0 and 1 entries of
+  this table are meaningless and should not be referenced).
+
+  This table is used to compute output lengths for the mp_toradix()
+  function.  Since a number n in radix r takes up about log_r(n)
+  digits, we estimate the output size by taking the least integer
+  greater than log_r(n), where:
+
+  log_r(n) = log_2(n) * log_r(2)
+
+  This table, therefore, is a table of log_r(2) for 2 <= r <= 36,
+  which are the output bases supported.
+ */
+#include "logtab.h"
+#endif
+
+#ifdef CT_VERIF
+#include <valgrind/memcheck.h>
+#endif
+
+/* {{{ Constant strings */
+
+/* Constant strings returned by mp_strerror() */
+static const char *mp_err_string[] = {
+    "unknown result code",     /* say what?            */
+    "boolean true",            /* MP_OKAY, MP_YES      */
+    "boolean false",           /* MP_NO                */
+    "out of memory",           /* MP_MEM               */
+    "argument out of range",   /* MP_RANGE             */
+    "invalid input parameter", /* MP_BADARG            */
+    "result is undefined"      /* MP_UNDEF             */
+};
+
+/* Value to digit maps for radix conversion   */
+
+/* s_dmap_1 - standard digits and letters */
+static const char *s_dmap_1 =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/";
+
+/* }}} */
+
+/* {{{ Default precision manipulation */
+
+/* Default precision for newly created mp_int's      */
+static mp_size s_mp_defprec = MP_DEFPREC;
+
+mp_size
+mp_get_prec(void)
+{
+    return s_mp_defprec;
+
+} /* end mp_get_prec() */
+
+void
+mp_set_prec(mp_size prec)
+{
+    if (prec == 0)
+        s_mp_defprec = MP_DEFPREC;
+    else
+        s_mp_defprec = prec;
+
+} /* end mp_set_prec() */
+
+/* }}} */
+
+#ifdef CT_VERIF
+void
+mp_taint(mp_int *mp)
+{
+    size_t i;
+    for (i = 0; i < mp->used; ++i) {
+        VALGRIND_MAKE_MEM_UNDEFINED(&(mp->dp[i]), sizeof(mp_digit));
+    }
+}
+
+void
+mp_untaint(mp_int *mp)
+{
+    size_t i;
+    for (i = 0; i < mp->used; ++i) {
+        VALGRIND_MAKE_MEM_DEFINED(&(mp->dp[i]), sizeof(mp_digit));
+    }
+}
+#endif
+
+/*------------------------------------------------------------------------*/
+/* {{{ mp_init(mp) */
+
+/*
+  mp_init(mp)
+
+  Initialize a new zero-valued mp_int.  Returns MP_OKAY if successful,
+  MP_MEM if memory could not be allocated for the structure.
+ */
+
+mp_err
+mp_init(mp_int *mp)
+{
+    return mp_init_size(mp, s_mp_defprec);
+
+} /* end mp_init() */
+
+/* }}} */
+
+/* {{{ mp_init_size(mp, prec) */
+
+/*
+  mp_init_size(mp, prec)
+
+  Initialize a new zero-valued mp_int with at least the given
+  precision; returns MP_OKAY if successful, or MP_MEM if memory could
+  not be allocated for the structure.
+ */
+
+mp_err
+mp_init_size(mp_int *mp, mp_size prec)
+{
+    ARGCHK(mp != NULL && prec > 0, MP_BADARG);
+
+    prec = MP_ROUNDUP(prec, s_mp_defprec);
+    if ((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL)
+        return MP_MEM;
+
+    SIGN(mp) = ZPOS;
+    USED(mp) = 1;
+    ALLOC(mp) = prec;
+
+    return MP_OKAY;
+
+} /* end mp_init_size() */
+
+/* }}} */
+
+/* {{{ mp_init_copy(mp, from) */
+
+/*
+  mp_init_copy(mp, from)
+
+  Initialize mp as an exact copy of from.  Returns MP_OKAY if
+  successful, MP_MEM if memory could not be allocated for the new
+  structure.
+ */
+
+mp_err
+mp_init_copy(mp_int *mp, const mp_int *from)
+{
+    ARGCHK(mp != NULL && from != NULL, MP_BADARG);
+
+    if (mp == from)
+        return MP_OKAY;
+
+    if ((DIGITS(mp) = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
+        return MP_MEM;
+
+    s_mp_copy(DIGITS(from), DIGITS(mp), USED(from));
+    USED(mp) = USED(from);
+    ALLOC(mp) = ALLOC(from);
+    SIGN(mp) = SIGN(from);
+
+    return MP_OKAY;
+
+} /* end mp_init_copy() */
+
+/* }}} */
+
+/* {{{ mp_copy(from, to) */
+
+/*
+  mp_copy(from, to)
+
+  Copies the mp_int 'from' to the mp_int 'to'.  It is presumed that
+  'to' has already been initialized (if not, use mp_init_copy()
+  instead). If 'from' and 'to' are identical, nothing happens.
+ */
+
+mp_err
+mp_copy(const mp_int *from, mp_int *to)
+{
+    ARGCHK(from != NULL && to != NULL, MP_BADARG);
+
+    if (from == to)
+        return MP_OKAY;
+
+    { /* copy */
+        mp_digit *tmp;
+
+        /*
+          If the allocated buffer in 'to' already has enough space to hold
+          all the used digits of 'from', we'll re-use it to avoid hitting
+          the memory allocater more than necessary; otherwise, we'd have
+          to grow anyway, so we just allocate a hunk and make the copy as
+          usual
+         */
+        if (ALLOC(to) >= USED(from)) {
+            s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from));
+            s_mp_copy(DIGITS(from), DIGITS(to), USED(from));
+
+        } else {
+            if ((tmp = s_mp_alloc(ALLOC(from), sizeof(mp_digit))) == NULL)
+                return MP_MEM;
+
+            s_mp_copy(DIGITS(from), tmp, USED(from));
+
+            if (DIGITS(to) != NULL) {
+                s_mp_setz(DIGITS(to), ALLOC(to));
+                s_mp_free(DIGITS(to));
+            }
+
+            DIGITS(to) = tmp;
+            ALLOC(to) = ALLOC(from);
+        }
+
+        /* Copy the precision and sign from the original */
+        USED(to) = USED(from);
+        SIGN(to) = SIGN(from);
+    } /* end copy */
+
+    return MP_OKAY;
+
+} /* end mp_copy() */
+
+/* }}} */
+
+/* {{{ mp_exch(mp1, mp2) */
+
+/*
+  mp_exch(mp1, mp2)
+
+  Exchange mp1 and mp2 without allocating any intermediate memory
+  (well, unless you count the stack space needed for this call and the
+  locals it creates...).  This cannot fail.
+ */
+
+void
+mp_exch(mp_int *mp1, mp_int *mp2)
+{
+#if MP_ARGCHK == 2
+    assert(mp1 != NULL && mp2 != NULL);
+#else
+    if (mp1 == NULL || mp2 == NULL)
+        return;
+#endif
+
+    s_mp_exch(mp1, mp2);
+
+} /* end mp_exch() */
+
+/* }}} */
+
+/* {{{ mp_clear(mp) */
+
+/*
+  mp_clear(mp)
+
+  Release the storage used by an mp_int, and void its fields so that
+  if someone calls mp_clear() again for the same int later, we won't
+  get tollchocked.
+ */
+
+void
+mp_clear(mp_int *mp)
+{
+    if (mp == NULL)
+        return;
+
+    if (DIGITS(mp) != NULL) {
+        s_mp_setz(DIGITS(mp), ALLOC(mp));
+        s_mp_free(DIGITS(mp));
+        DIGITS(mp) = NULL;
+    }
+
+    USED(mp) = 0;
+    ALLOC(mp) = 0;
+
+} /* end mp_clear() */
+
+/* }}} */
+
+/* {{{ mp_zero(mp) */
+
+/*
+  mp_zero(mp)
+
+  Set mp to zero.  Does not change the allocated size of the structure,
+  and therefore cannot fail (except on a bad argument, which we ignore)
+ */
+void
+mp_zero(mp_int *mp)
+{
+    if (mp == NULL)
+        return;
+
+    s_mp_setz(DIGITS(mp), ALLOC(mp));
+    USED(mp) = 1;
+    SIGN(mp) = ZPOS;
+
+} /* end mp_zero() */
+
+/* }}} */
+
+/* {{{ mp_set(mp, d) */
+
+void
+mp_set(mp_int *mp, mp_digit d)
+{
+    if (mp == NULL)
+        return;
+
+    mp_zero(mp);
+    DIGIT(mp, 0) = d;
+
+} /* end mp_set() */
+
+/* }}} */
+
+/* {{{ mp_set_int(mp, z) */
+
+mp_err
+mp_set_int(mp_int *mp, long z)
+{
+    int ix;
+    unsigned long v = labs(z);
+    mp_err res;
+
+    ARGCHK(mp != NULL, MP_BADARG);
+
+    mp_zero(mp);
+    if (z == 0)
+        return MP_OKAY; /* shortcut for zero */
+
+    if (sizeof v <= sizeof(mp_digit)) {
+        DIGIT(mp, 0) = v;
+    } else {
+        for (ix = sizeof(long) - 1; ix >= 0; ix--) {
+            if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
+                return res;
+
+            res = s_mp_add_d(mp, (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX));
+            if (res != MP_OKAY)
+                return res;
+        }
+    }
+    if (z < 0)
+        SIGN(mp) = NEG;
+
+    return MP_OKAY;
+
+} /* end mp_set_int() */
+
+/* }}} */
+
+/* {{{ mp_set_ulong(mp, z) */
+
+mp_err
+mp_set_ulong(mp_int *mp, unsigned long z)
+{
+    int ix;
+    mp_err res;
+
+    ARGCHK(mp != NULL, MP_BADARG);
+
+    mp_zero(mp);
+    if (z == 0)
+        return MP_OKAY; /* shortcut for zero */
+
+    if (sizeof z <= sizeof(mp_digit)) {
+        DIGIT(mp, 0) = z;
+    } else {
+        for (ix = sizeof(long) - 1; ix >= 0; ix--) {
+            if ((res = s_mp_mul_d(mp, (UCHAR_MAX + 1))) != MP_OKAY)
+                return res;
+
+            res = s_mp_add_d(mp, (mp_digit)((z >> (ix * CHAR_BIT)) & UCHAR_MAX));
+            if (res != MP_OKAY)
+                return res;
+        }
+    }
+    return MP_OKAY;
+} /* end mp_set_ulong() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Digit arithmetic */
+
+/* {{{ mp_add_d(a, d, b) */
+
+/*
+  mp_add_d(a, d, b)
+
+  Compute the sum b = a + d, for a single digit d.  Respects the sign of
+  its primary addend (single digits are unsigned anyway).
+ */
+
+mp_err
+mp_add_d(const mp_int *a, mp_digit d, mp_int *b)
+{
+    mp_int tmp;
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+        return res;
+
+    if (SIGN(&tmp) == ZPOS) {
+        if ((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
+            goto CLEANUP;
+    } else if (s_mp_cmp_d(&tmp, d) >= 0) {
+        if ((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
+            goto CLEANUP;
+    } else {
+        mp_neg(&tmp, &tmp);
+
+        DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
+    }
+
+    if (s_mp_cmp_d(&tmp, 0) == 0)
+        SIGN(&tmp) = ZPOS;
+
+    s_mp_exch(&tmp, b);
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+
+} /* end mp_add_d() */
+
+/* }}} */
+
+/* {{{ mp_sub_d(a, d, b) */
+
+/*
+  mp_sub_d(a, d, b)
+
+  Compute the difference b = a - d, for a single digit d.  Respects the
+  sign of its subtrahend (single digits are unsigned anyway).
+ */
+
+mp_err
+mp_sub_d(const mp_int *a, mp_digit d, mp_int *b)
+{
+    mp_int tmp;
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+        return res;
+
+    if (SIGN(&tmp) == NEG) {
+        if ((res = s_mp_add_d(&tmp, d)) != MP_OKAY)
+            goto CLEANUP;
+    } else if (s_mp_cmp_d(&tmp, d) >= 0) {
+        if ((res = s_mp_sub_d(&tmp, d)) != MP_OKAY)
+            goto CLEANUP;
+    } else {
+        mp_neg(&tmp, &tmp);
+
+        DIGIT(&tmp, 0) = d - DIGIT(&tmp, 0);
+        SIGN(&tmp) = NEG;
+    }
+
+    if (s_mp_cmp_d(&tmp, 0) == 0)
+        SIGN(&tmp) = ZPOS;
+
+    s_mp_exch(&tmp, b);
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+
+} /* end mp_sub_d() */
+
+/* }}} */
+
+/* {{{ mp_mul_d(a, d, b) */
+
+/*
+  mp_mul_d(a, d, b)
+
+  Compute the product b = a * d, for a single digit d.  Respects the sign
+  of its multiplicand (single digits are unsigned anyway)
+ */
+
+mp_err
+mp_mul_d(const mp_int *a, mp_digit d, mp_int *b)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if (d == 0) {
+        mp_zero(b);
+        return MP_OKAY;
+    }
+
+    if ((res = mp_copy(a, b)) != MP_OKAY)
+        return res;
+
+    res = s_mp_mul_d(b, d);
+
+    return res;
+
+} /* end mp_mul_d() */
+
+/* }}} */
+
+/* {{{ mp_mul_2(a, c) */
+
+mp_err
+mp_mul_2(const mp_int *a, mp_int *c)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_copy(a, c)) != MP_OKAY)
+        return res;
+
+    return s_mp_mul_2(c);
+
+} /* end mp_mul_2() */
+
+/* }}} */
+
+/* {{{ mp_div_d(a, d, q, r) */
+
+/*
+  mp_div_d(a, d, q, r)
+
+  Compute the quotient q = a / d and remainder r = a mod d, for a
+  single digit d.  Respects the sign of its divisor (single digits are
+  unsigned anyway).
+ */
+
+mp_err
+mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r)
+{
+    mp_err res;
+    mp_int qp;
+    mp_digit rem = 0;
+    int pow;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    if (d == 0)
+        return MP_RANGE;
+
+    /* Shortcut for powers of two ... */
+    if ((pow = s_mp_ispow2d(d)) >= 0) {
+        mp_digit mask;
+
+        mask = ((mp_digit)1 << pow) - 1;
+        rem = DIGIT(a, 0) & mask;
+
+        if (q) {
+            if ((res = mp_copy(a, q)) != MP_OKAY) {
+                return res;
+            }
+            s_mp_div_2d(q, pow);
+        }
+
+        if (r)
+            *r = rem;
+
+        return MP_OKAY;
+    }
+
+    if ((res = mp_init_copy(&qp, a)) != MP_OKAY)
+        return res;
+
+    res = s_mp_div_d(&qp, d, &rem);
+
+    if (s_mp_cmp_d(&qp, 0) == 0)
+        SIGN(q) = ZPOS;
+
+    if (r) {
+        *r = rem;
+    }
+
+    if (q)
+        s_mp_exch(&qp, q);
+
+    mp_clear(&qp);
+    return res;
+
+} /* end mp_div_d() */
+
+/* }}} */
+
+/* {{{ mp_div_2(a, c) */
+
+/*
+  mp_div_2(a, c)
+
+  Compute c = a / 2, disregarding the remainder.
+ */
+
+mp_err
+mp_div_2(const mp_int *a, mp_int *c)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_copy(a, c)) != MP_OKAY)
+        return res;
+
+    s_mp_div_2(c);
+
+    return MP_OKAY;
+
+} /* end mp_div_2() */
+
+/* }}} */
+
+/* {{{ mp_expt_d(a, d, b) */
+
+mp_err
+mp_expt_d(const mp_int *a, mp_digit d, mp_int *c)
+{
+    mp_int s, x;
+    mp_err res;
+
+    ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_init(&s)) != MP_OKAY)
+        return res;
+    if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+        goto X;
+
+    DIGIT(&s, 0) = 1;
+
+    while (d != 0) {
+        if (d & 1) {
+            if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+                goto CLEANUP;
+        }
+
+        d /= 2;
+
+        if ((res = s_mp_sqr(&x)) != MP_OKAY)
+            goto CLEANUP;
+    }
+
+    s_mp_exch(&s, c);
+
+CLEANUP:
+    mp_clear(&x);
+X:
+    mp_clear(&s);
+
+    return res;
+
+} /* end mp_expt_d() */
+
+/* }}} */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Full arithmetic */
+
+/* {{{ mp_abs(a, b) */
+
+/*
+  mp_abs(a, b)
+
+  Compute b = |a|.  'a' and 'b' may be identical.
+ */
+
+mp_err
+mp_abs(const mp_int *a, mp_int *b)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if ((res = mp_copy(a, b)) != MP_OKAY)
+        return res;
+
+    SIGN(b) = ZPOS;
+
+    return MP_OKAY;
+
+} /* end mp_abs() */
+
+/* }}} */
+
+/* {{{ mp_neg(a, b) */
+
+/*
+  mp_neg(a, b)
+
+  Compute b = -a.  'a' and 'b' may be identical.
+ */
+
+mp_err
+mp_neg(const mp_int *a, mp_int *b)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if ((res = mp_copy(a, b)) != MP_OKAY)
+        return res;
+
+    if (s_mp_cmp_d(b, 0) == MP_EQ)
+        SIGN(b) = ZPOS;
+    else
+        SIGN(b) = (SIGN(b) == NEG) ? ZPOS : NEG;
+
+    return MP_OKAY;
+
+} /* end mp_neg() */
+
+/* }}} */
+
+/* {{{ mp_add(a, b, c) */
+
+/*
+  mp_add(a, b, c)
+
+  Compute c = a + b.  All parameters may be identical.
+ */
+
+mp_err
+mp_add(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (SIGN(a) == SIGN(b)) { /* same sign:  add values, keep sign */
+        MP_CHECKOK(s_mp_add_3arg(a, b, c));
+    } else if (s_mp_cmp(a, b) >= 0) { /* different sign: |a| >= |b|   */
+        MP_CHECKOK(s_mp_sub_3arg(a, b, c));
+    } else { /* different sign: |a|  < |b|   */
+        MP_CHECKOK(s_mp_sub_3arg(b, a, c));
+    }
+
+    if (s_mp_cmp_d(c, 0) == MP_EQ)
+        SIGN(c) = ZPOS;
+
+CLEANUP:
+    return res;
+
+} /* end mp_add() */
+
+/* }}} */
+
+/* {{{ mp_sub(a, b, c) */
+
+/*
+  mp_sub(a, b, c)
+
+  Compute c = a - b.  All parameters may be identical.
+ */
+
+mp_err
+mp_sub(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_err res;
+    int magDiff;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (a == b) {
+        mp_zero(c);
+        return MP_OKAY;
+    }
+
+    if (MP_SIGN(a) != MP_SIGN(b)) {
+        MP_CHECKOK(s_mp_add_3arg(a, b, c));
+    } else if (!(magDiff = s_mp_cmp(a, b))) {
+        mp_zero(c);
+        res = MP_OKAY;
+    } else if (magDiff > 0) {
+        MP_CHECKOK(s_mp_sub_3arg(a, b, c));
+    } else {
+        MP_CHECKOK(s_mp_sub_3arg(b, a, c));
+        MP_SIGN(c) = !MP_SIGN(a);
+    }
+
+    if (s_mp_cmp_d(c, 0) == MP_EQ)
+        MP_SIGN(c) = MP_ZPOS;
+
+CLEANUP:
+    return res;
+
+} /* end mp_sub() */
+
+/* }}} */
+
+/* {{{ mp_mul(a, b, c) */
+
+/*
+  mp_mul(a, b, c)
+
+  Compute c = a * b.  All parameters may be identical.
+ */
+mp_err
+mp_mul(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_digit *pb;
+    mp_int tmp;
+    mp_err res;
+    mp_size ib;
+    mp_size useda, usedb;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (a == c) {
+        if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+            return res;
+        if (a == b)
+            b = &tmp;
+        a = &tmp;
+    } else if (b == c) {
+        if ((res = mp_init_copy(&tmp, b)) != MP_OKAY)
+            return res;
+        b = &tmp;
+    } else {
+        MP_DIGITS(&tmp) = 0;
+    }
+
+    if (MP_USED(a) < MP_USED(b)) {
+        const mp_int *xch = b; /* switch a and b, to do fewer outer loops */
+        b = a;
+        a = xch;
+    }
+
+    MP_USED(c) = 1;
+    MP_DIGIT(c, 0) = 0;
+    if ((res = s_mp_pad(c, USED(a) + USED(b))) != MP_OKAY)
+        goto CLEANUP;
+
+#ifdef NSS_USE_COMBA
+    if ((MP_USED(a) == MP_USED(b)) && IS_POWER_OF_2(MP_USED(b))) {
+        if (MP_USED(a) == 4) {
+            s_mp_mul_comba_4(a, b, c);
+            goto CLEANUP;
+        }
+        if (MP_USED(a) == 8) {
+            s_mp_mul_comba_8(a, b, c);
+            goto CLEANUP;
+        }
+        if (MP_USED(a) == 16) {
+            s_mp_mul_comba_16(a, b, c);
+            goto CLEANUP;
+        }
+        if (MP_USED(a) == 32) {
+            s_mp_mul_comba_32(a, b, c);
+            goto CLEANUP;
+        }
+    }
+#endif
+
+    pb = MP_DIGITS(b);
+    s_mpv_mul_d(MP_DIGITS(a), MP_USED(a), *pb++, MP_DIGITS(c));
+
+    /* Outer loop:  Digits of b */
+    useda = MP_USED(a);
+    usedb = MP_USED(b);
+    for (ib = 1; ib < usedb; ib++) {
+        mp_digit b_i = *pb++;
+
+        /* Inner product:  Digits of a */
+        if (b_i)
+            s_mpv_mul_d_add(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
+        else
+            MP_DIGIT(c, ib + useda) = b_i;
+    }
+
+    s_mp_clamp(c);
+
+    if (SIGN(a) == SIGN(b) || s_mp_cmp_d(c, 0) == MP_EQ)
+        SIGN(c) = ZPOS;
+    else
+        SIGN(c) = NEG;
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+} /* end mp_mul() */
+
+/* }}} */
+
+/* {{{ mp_sqr(a, sqr) */
+
+#if MP_SQUARE
+/*
+  Computes the square of a.  This can be done more
+  efficiently than a general multiplication, because many of the
+  computation steps are redundant when squaring.  The inner product
+  step is a bit more complicated, but we save a fair number of
+  iterations of the multiplication loop.
+ */
+
+/* sqr = a^2;   Caller provides both a and tmp; */
+mp_err
+mp_sqr(const mp_int *a, mp_int *sqr)
+{
+    mp_digit *pa;
+    mp_digit d;
+    mp_err res;
+    mp_size ix;
+    mp_int tmp;
+    int count;
+
+    ARGCHK(a != NULL && sqr != NULL, MP_BADARG);
+
+    if (a == sqr) {
+        if ((res = mp_init_copy(&tmp, a)) != MP_OKAY)
+            return res;
+        a = &tmp;
+    } else {
+        DIGITS(&tmp) = 0;
+        res = MP_OKAY;
+    }
+
+    ix = 2 * MP_USED(a);
+    if (ix > MP_ALLOC(sqr)) {
+        MP_USED(sqr) = 1;
+        MP_CHECKOK(s_mp_grow(sqr, ix));
+    }
+    MP_USED(sqr) = ix;
+    MP_DIGIT(sqr, 0) = 0;
+
+#ifdef NSS_USE_COMBA
+    if (IS_POWER_OF_2(MP_USED(a))) {
+        if (MP_USED(a) == 4) {
+            s_mp_sqr_comba_4(a, sqr);
+            goto CLEANUP;
+        }
+        if (MP_USED(a) == 8) {
+            s_mp_sqr_comba_8(a, sqr);
+            goto CLEANUP;
+        }
+        if (MP_USED(a) == 16) {
+            s_mp_sqr_comba_16(a, sqr);
+            goto CLEANUP;
+        }
+        if (MP_USED(a) == 32) {
+            s_mp_sqr_comba_32(a, sqr);
+            goto CLEANUP;
+        }
+    }
+#endif
+
+    pa = MP_DIGITS(a);
+    count = MP_USED(a) - 1;
+    if (count > 0) {
+        d = *pa++;
+        s_mpv_mul_d(pa, count, d, MP_DIGITS(sqr) + 1);
+        for (ix = 3; --count > 0; ix += 2) {
+            d = *pa++;
+            s_mpv_mul_d_add(pa, count, d, MP_DIGITS(sqr) + ix);
+        }                                    /* for(ix ...) */
+        MP_DIGIT(sqr, MP_USED(sqr) - 1) = 0; /* above loop stopped short of this. */
+
+        /* now sqr *= 2 */
+        s_mp_mul_2(sqr);
+    } else {
+        MP_DIGIT(sqr, 1) = 0;
+    }
+
+    /* now add the squares of the digits of a to sqr. */
+    s_mpv_sqr_add_prop(MP_DIGITS(a), MP_USED(a), MP_DIGITS(sqr));
+
+    SIGN(sqr) = ZPOS;
+    s_mp_clamp(sqr);
+
+CLEANUP:
+    mp_clear(&tmp);
+    return res;
+
+} /* end mp_sqr() */
+#endif
+
+/* }}} */
+
+/* {{{ mp_div(a, b, q, r) */
+
+/*
+  mp_div(a, b, q, r)
+
+  Compute q = a / b and r = a mod b.  Input parameters may be re-used
+  as output parameters.  If q or r is NULL, that portion of the
+  computation will be discarded (although it will still be computed)
+ */
+mp_err
+mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r)
+{
+    mp_err res;
+    mp_int *pQ, *pR;
+    mp_int qtmp, rtmp, btmp;
+    int cmp;
+    mp_sign signA;
+    mp_sign signB;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    signA = MP_SIGN(a);
+    signB = MP_SIGN(b);
+
+    if (mp_cmp_z(b) == MP_EQ)
+        return MP_RANGE;
+
+    DIGITS(&qtmp) = 0;
+    DIGITS(&rtmp) = 0;
+    DIGITS(&btmp) = 0;
+
+    /* Set up some temporaries... */
+    if (!r || r == a || r == b) {
+        MP_CHECKOK(mp_init_copy(&rtmp, a));
+        pR = &rtmp;
+    } else {
+        MP_CHECKOK(mp_copy(a, r));
+        pR = r;
+    }
+
+    if (!q || q == a || q == b) {
+        MP_CHECKOK(mp_init_size(&qtmp, MP_USED(a)));
+        pQ = &qtmp;
+    } else {
+        MP_CHECKOK(s_mp_pad(q, MP_USED(a)));
+        pQ = q;
+        mp_zero(pQ);
+    }
+
+    /*
+      If |a| <= |b|, we can compute the solution without division;
+      otherwise, we actually do the work required.
+     */
+    if ((cmp = s_mp_cmp(a, b)) <= 0) {
+        if (cmp) {
+            /* r was set to a above. */
+            mp_zero(pQ);
+        } else {
+            mp_set(pQ, 1);
+            mp_zero(pR);
+        }
+    } else {
+        MP_CHECKOK(mp_init_copy(&btmp, b));
+        MP_CHECKOK(s_mp_div(pR, &btmp, pQ));
+    }
+
+    /* Compute the signs for the output  */
+    MP_SIGN(pR) = signA;        /* Sr = Sa              */
+    /* Sq = ZPOS if Sa == Sb */ /* Sq = NEG if Sa != Sb */
+    MP_SIGN(pQ) = (signA == signB) ? ZPOS : NEG;
+
+    if (s_mp_cmp_d(pQ, 0) == MP_EQ)
+        SIGN(pQ) = ZPOS;
+    if (s_mp_cmp_d(pR, 0) == MP_EQ)
+        SIGN(pR) = ZPOS;
+
+    /* Copy output, if it is needed      */
+    if (q && q != pQ)
+        s_mp_exch(pQ, q);
+
+    if (r && r != pR)
+        s_mp_exch(pR, r);
+
+CLEANUP:
+    mp_clear(&btmp);
+    mp_clear(&rtmp);
+    mp_clear(&qtmp);
+
+    return res;
+
+} /* end mp_div() */
+
+/* }}} */
+
+/* {{{ mp_div_2d(a, d, q, r) */
+
+mp_err
+mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    if (q) {
+        if ((res = mp_copy(a, q)) != MP_OKAY)
+            return res;
+    }
+    if (r) {
+        if ((res = mp_copy(a, r)) != MP_OKAY)
+            return res;
+    }
+    if (q) {
+        s_mp_div_2d(q, d);
+    }
+    if (r) {
+        s_mp_mod_2d(r, d);
+    }
+
+    return MP_OKAY;
+
+} /* end mp_div_2d() */
+
+/* }}} */
+
+/* {{{ mp_expt(a, b, c) */
+
+/*
+  mp_expt(a, b, c)
+
+  Compute c = a ** b, that is, raise a to the b power.  Uses a
+  standard iterative square-and-multiply technique.
+ */
+
+mp_err
+mp_expt(mp_int *a, mp_int *b, mp_int *c)
+{
+    mp_int s, x;
+    mp_err res;
+    mp_digit d;
+    unsigned int dig, bit;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (mp_cmp_z(b) < 0)
+        return MP_RANGE;
+
+    if ((res = mp_init(&s)) != MP_OKAY)
+        return res;
+
+    mp_set(&s, 1);
+
+    if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+        goto X;
+
+    /* Loop over low-order digits in ascending order */
+    for (dig = 0; dig < (USED(b) - 1); dig++) {
+        d = DIGIT(b, dig);
+
+        /* Loop over bits of each non-maximal digit */
+        for (bit = 0; bit < DIGIT_BIT; bit++) {
+            if (d & 1) {
+                if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+                    goto CLEANUP;
+            }
+
+            d >>= 1;
+
+            if ((res = s_mp_sqr(&x)) != MP_OKAY)
+                goto CLEANUP;
+        }
+    }
+
+    /* Consider now the last digit... */
+    d = DIGIT(b, dig);
+
+    while (d) {
+        if (d & 1) {
+            if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+                goto CLEANUP;
+        }
+
+        d >>= 1;
+
+        if ((res = s_mp_sqr(&x)) != MP_OKAY)
+            goto CLEANUP;
+    }
+
+    if (mp_iseven(b))
+        SIGN(&s) = SIGN(a);
+
+    res = mp_copy(&s, c);
+
+CLEANUP:
+    mp_clear(&x);
+X:
+    mp_clear(&s);
+
+    return res;
+
+} /* end mp_expt() */
+
+/* }}} */
+
+/* {{{ mp_2expt(a, k) */
+
+/* Compute a = 2^k */
+
+mp_err
+mp_2expt(mp_int *a, mp_digit k)
+{
+    ARGCHK(a != NULL, MP_BADARG);
+
+    return s_mp_2expt(a, k);
+
+} /* end mp_2expt() */
+
+/* }}} */
+
+/* {{{ mp_mod(a, m, c) */
+
+/*
+  mp_mod(a, m, c)
+
+  Compute c = a (mod m).  Result will always be 0 <= c < m.
+ */
+
+mp_err
+mp_mod(const mp_int *a, const mp_int *m, mp_int *c)
+{
+    mp_err res;
+    int mag;
+
+    ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
+
+    if (SIGN(m) == NEG)
+        return MP_RANGE;
+
+    /*
+     If |a| > m, we need to divide to get the remainder and take the
+     absolute value.
+
+     If |a| < m, we don't need to do any division, just copy and adjust
+     the sign (if a is negative).
+
+     If |a| == m, we can simply set the result to zero.
+
+     This order is intended to minimize the average path length of the
+     comparison chain on common workloads -- the most frequent cases are
+     that |a| != m, so we do those first.
+     */
+    if ((mag = s_mp_cmp(a, m)) > 0) {
+        if ((res = mp_div(a, m, NULL, c)) != MP_OKAY)
+            return res;
+
+        if (SIGN(c) == NEG) {
+            if ((res = mp_add(c, m, c)) != MP_OKAY)
+                return res;
+        }
+
+    } else if (mag < 0) {
+        if ((res = mp_copy(a, c)) != MP_OKAY)
+            return res;
+
+        if (mp_cmp_z(a) < 0) {
+            if ((res = mp_add(c, m, c)) != MP_OKAY)
+                return res;
+        }
+
+    } else {
+        mp_zero(c);
+    }
+
+    return MP_OKAY;
+
+} /* end mp_mod() */
+
+/* }}} */
+
+/* {{{ mp_mod_d(a, d, c) */
+
+/*
+  mp_mod_d(a, d, c)
+
+  Compute c = a (mod d).  Result will always be 0 <= c < d
+ */
+mp_err
+mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c)
+{
+    mp_err res;
+    mp_digit rem;
+
+    ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+    if (s_mp_cmp_d(a, d) > 0) {
+        if ((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY)
+            return res;
+
+    } else {
+        if (SIGN(a) == NEG)
+            rem = d - DIGIT(a, 0);
+        else
+            rem = DIGIT(a, 0);
+    }
+
+    if (c)
+        *c = rem;
+
+    return MP_OKAY;
+
+} /* end mp_mod_d() */
+
+/* }}} */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Modular arithmetic */
+
+#if MP_MODARITH
+/* {{{ mp_addmod(a, b, m, c) */
+
+/*
+  mp_addmod(a, b, m, c)
+
+  Compute c = (a + b) mod m
+ */
+
+mp_err
+mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_add(a, b, c)) != MP_OKAY)
+        return res;
+    if ((res = mp_mod(c, m, c)) != MP_OKAY)
+        return res;
+
+    return MP_OKAY;
+}
+
+/* }}} */
+
+/* {{{ mp_submod(a, b, m, c) */
+
+/*
+  mp_submod(a, b, m, c)
+
+  Compute c = (a - b) mod m
+ */
+
+mp_err
+mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_sub(a, b, c)) != MP_OKAY)
+        return res;
+    if ((res = mp_mod(c, m, c)) != MP_OKAY)
+        return res;
+
+    return MP_OKAY;
+}
+
+/* }}} */
+
+/* {{{ mp_mulmod(a, b, m, c) */
+
+/*
+  mp_mulmod(a, b, m, c)
+
+  Compute c = (a * b) mod m
+ */
+
+mp_err
+mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_mul(a, b, c)) != MP_OKAY)
+        return res;
+    if ((res = mp_mod(c, m, c)) != MP_OKAY)
+        return res;
+
+    return MP_OKAY;
+}
+
+/* }}} */
+
+/* {{{ mp_sqrmod(a, m, c) */
+
+#if MP_SQUARE
+mp_err
+mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_sqr(a, c)) != MP_OKAY)
+        return res;
+    if ((res = mp_mod(c, m, c)) != MP_OKAY)
+        return res;
+
+    return MP_OKAY;
+
+} /* end mp_sqrmod() */
+#endif
+
+/* }}} */
+
+/* {{{ s_mp_exptmod(a, b, m, c) */
+
+/*
+  s_mp_exptmod(a, b, m, c)
+
+  Compute c = (a ** b) mod m.  Uses a standard square-and-multiply
+  method with modular reductions at each step. (This is basically the
+  same code as mp_expt(), except for the addition of the reductions)
+
+  The modular reductions are done using Barrett's algorithm (see
+  s_mp_reduce() below for details)
+ */
+
+mp_err
+s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
+{
+    mp_int s, x, mu;
+    mp_err res;
+    mp_digit d;
+    unsigned int dig, bit;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0)
+        return MP_RANGE;
+
+    if ((res = mp_init(&s)) != MP_OKAY)
+        return res;
+    if ((res = mp_init_copy(&x, a)) != MP_OKAY ||
+        (res = mp_mod(&x, m, &x)) != MP_OKAY)
+        goto X;
+    if ((res = mp_init(&mu)) != MP_OKAY)
+        goto MU;
+
+    mp_set(&s, 1);
+
+    /* mu = b^2k / m */
+    if ((res = s_mp_add_d(&mu, 1)) != MP_OKAY)
+        goto CLEANUP;
+    if ((res = s_mp_lshd(&mu, 2 * USED(m))) != MP_OKAY)
+        goto CLEANUP;
+    if ((res = mp_div(&mu, m, &mu, NULL)) != MP_OKAY)
+        goto CLEANUP;
+
+    /* Loop over digits of b in ascending order, except highest order */
+    for (dig = 0; dig < (USED(b) - 1); dig++) {
+        d = DIGIT(b, dig);
+
+        /* Loop over the bits of the lower-order digits */
+        for (bit = 0; bit < DIGIT_BIT; bit++) {
+            if (d & 1) {
+                if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+                    goto CLEANUP;
+                if ((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
+                    goto CLEANUP;
+            }
+
+            d >>= 1;
+
+            if ((res = s_mp_sqr(&x)) != MP_OKAY)
+                goto CLEANUP;
+            if ((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
+                goto CLEANUP;
+        }
+    }
+
+    /* Now do the last digit... */
+    d = DIGIT(b, dig);
+
+    while (d) {
+        if (d & 1) {
+            if ((res = s_mp_mul(&s, &x)) != MP_OKAY)
+                goto CLEANUP;
+            if ((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY)
+                goto CLEANUP;
+        }
+
+        d >>= 1;
+
+        if ((res = s_mp_sqr(&x)) != MP_OKAY)
+            goto CLEANUP;
+        if ((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY)
+            goto CLEANUP;
+    }
+
+    s_mp_exch(&s, c);
+
+CLEANUP:
+    mp_clear(&mu);
+MU:
+    mp_clear(&x);
+X:
+    mp_clear(&s);
+
+    return res;
+
+} /* end s_mp_exptmod() */
+
+/* }}} */
+
+/* {{{ mp_exptmod_d(a, d, m, c) */
+
+mp_err
+mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c)
+{
+    mp_int s, x;
+    mp_err res;
+
+    ARGCHK(a != NULL && c != NULL, MP_BADARG);
+
+    if ((res = mp_init(&s)) != MP_OKAY)
+        return res;
+    if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+        goto X;
+
+    mp_set(&s, 1);
+
+    while (d != 0) {
+        if (d & 1) {
+            if ((res = s_mp_mul(&s, &x)) != MP_OKAY ||
+                (res = mp_mod(&s, m, &s)) != MP_OKAY)
+                goto CLEANUP;
+        }
+
+        d /= 2;
+
+        if ((res = s_mp_sqr(&x)) != MP_OKAY ||
+            (res = mp_mod(&x, m, &x)) != MP_OKAY)
+            goto CLEANUP;
+    }
+
+    s_mp_exch(&s, c);
+
+CLEANUP:
+    mp_clear(&x);
+X:
+    mp_clear(&s);
+
+    return res;
+
+} /* end mp_exptmod_d() */
+
+/* }}} */
+#endif /* if MP_MODARITH */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Comparison functions */
+
+/* {{{ mp_cmp_z(a) */
+
+/*
+  mp_cmp_z(a)
+
+  Compare a <=> 0.  Returns <0 if a<0, 0 if a=0, >0 if a>0.
+ */
+
+int
+mp_cmp_z(const mp_int *a)
+{
+    if (SIGN(a) == NEG)
+        return MP_LT;
+    else if (USED(a) == 1 && DIGIT(a, 0) == 0)
+        return MP_EQ;
+    else
+        return MP_GT;
+
+} /* end mp_cmp_z() */
+
+/* }}} */
+
+/* {{{ mp_cmp_d(a, d) */
+
+/*
+  mp_cmp_d(a, d)
+
+  Compare a <=> d.  Returns <0 if a<d, 0 if a=d, >0 if a>d
+ */
+
+int
+mp_cmp_d(const mp_int *a, mp_digit d)
+{
+    ARGCHK(a != NULL, MP_EQ);
+
+    if (SIGN(a) == NEG)
+        return MP_LT;
+
+    return s_mp_cmp_d(a, d);
+
+} /* end mp_cmp_d() */
+
+/* }}} */
+
+/* {{{ mp_cmp(a, b) */
+
+int
+mp_cmp(const mp_int *a, const mp_int *b)
+{
+    ARGCHK(a != NULL && b != NULL, MP_EQ);
+
+    if (SIGN(a) == SIGN(b)) {
+        int mag;
+
+        if ((mag = s_mp_cmp(a, b)) == MP_EQ)
+            return MP_EQ;
+
+        if (SIGN(a) == ZPOS)
+            return mag;
+        else
+            return -mag;
+
+    } else if (SIGN(a) == ZPOS) {
+        return MP_GT;
+    } else {
+        return MP_LT;
+    }
+
+} /* end mp_cmp() */
+
+/* }}} */
+
+/* {{{ mp_cmp_mag(a, b) */
+
+/*
+  mp_cmp_mag(a, b)
+
+  Compares |a| <=> |b|, and returns an appropriate comparison result
+ */
+
+int
+mp_cmp_mag(const mp_int *a, const mp_int *b)
+{
+    ARGCHK(a != NULL && b != NULL, MP_EQ);
+
+    return s_mp_cmp(a, b);
+
+} /* end mp_cmp_mag() */
+
+/* }}} */
+
+/* {{{ mp_isodd(a) */
+
+/*
+  mp_isodd(a)
+
+  Returns a true (non-zero) value if a is odd, false (zero) otherwise.
+ */
+int
+mp_isodd(const mp_int *a)
+{
+    ARGCHK(a != NULL, 0);
+
+    return (int)(DIGIT(a, 0) & 1);
+
+} /* end mp_isodd() */
+
+/* }}} */
+
+/* {{{ mp_iseven(a) */
+
+int
+mp_iseven(const mp_int *a)
+{
+    return !mp_isodd(a);
+
+} /* end mp_iseven() */
+
+/* }}} */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ Number theoretic functions */
+
+/* {{{ mp_gcd(a, b, c) */
+
+/*
+  Like the old mp_gcd() function, except computes the GCD using the
+  binary algorithm due to Josef Stein in 1961 (via Knuth).
+ */
+mp_err
+mp_gcd(mp_int *a, mp_int *b, mp_int *c)
+{
+    mp_err res;
+    mp_int u, v, t;
+    mp_size k = 0;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ)
+        return MP_RANGE;
+    if (mp_cmp_z(a) == MP_EQ) {
+        return mp_copy(b, c);
+    } else if (mp_cmp_z(b) == MP_EQ) {
+        return mp_copy(a, c);
+    }
+
+    if ((res = mp_init(&t)) != MP_OKAY)
+        return res;
+    if ((res = mp_init_copy(&u, a)) != MP_OKAY)
+        goto U;
+    if ((res = mp_init_copy(&v, b)) != MP_OKAY)
+        goto V;
+
+    SIGN(&u) = ZPOS;
+    SIGN(&v) = ZPOS;
+
+    /* Divide out common factors of 2 until at least 1 of a, b is even */
+    while (mp_iseven(&u) && mp_iseven(&v)) {
+        s_mp_div_2(&u);
+        s_mp_div_2(&v);
+        ++k;
+    }
+
+    /* Initialize t */
+    if (mp_isodd(&u)) {
+        if ((res = mp_copy(&v, &t)) != MP_OKAY)
+            goto CLEANUP;
+
+        /* t = -v */
+        if (SIGN(&v) == ZPOS)
+            SIGN(&t) = NEG;
+        else
+            SIGN(&t) = ZPOS;
+
+    } else {
+        if ((res = mp_copy(&u, &t)) != MP_OKAY)
+            goto CLEANUP;
+    }
+
+    for (;;) {
+        while (mp_iseven(&t)) {
+            s_mp_div_2(&t);
+        }
+
+        if (mp_cmp_z(&t) == MP_GT) {
+            if ((res = mp_copy(&t, &u)) != MP_OKAY)
+                goto CLEANUP;
+
+        } else {
+            if ((res = mp_copy(&t, &v)) != MP_OKAY)
+                goto CLEANUP;
+
+            /* v = -t */
+            if (SIGN(&t) == ZPOS)
+                SIGN(&v) = NEG;
+            else
+                SIGN(&v) = ZPOS;
+        }
+
+        if ((res = mp_sub(&u, &v, &t)) != MP_OKAY)
+            goto CLEANUP;
+
+        if (s_mp_cmp_d(&t, 0) == MP_EQ)
+            break;
+    }
+
+    s_mp_2expt(&v, k);       /* v = 2^k   */
+    res = mp_mul(&u, &v, c); /* c = u * v */
+
+CLEANUP:
+    mp_clear(&v);
+V:
+    mp_clear(&u);
+U:
+    mp_clear(&t);
+
+    return res;
+
+} /* end mp_gcd() */
+
+/* }}} */
+
+/* {{{ mp_lcm(a, b, c) */
+
+/* We compute the least common multiple using the rule:
+
+   ab = [a, b](a, b)
+
+   ... by computing the product, and dividing out the gcd.
+ */
+
+mp_err
+mp_lcm(mp_int *a, mp_int *b, mp_int *c)
+{
+    mp_int gcd, prod;
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    /* Set up temporaries */
+    if ((res = mp_init(&gcd)) != MP_OKAY)
+        return res;
+    if ((res = mp_init(&prod)) != MP_OKAY)
+        goto GCD;
+
+    if ((res = mp_mul(a, b, &prod)) != MP_OKAY)
+        goto CLEANUP;
+    if ((res = mp_gcd(a, b, &gcd)) != MP_OKAY)
+        goto CLEANUP;
+
+    res = mp_div(&prod, &gcd, c, NULL);
+
+CLEANUP:
+    mp_clear(&prod);
+GCD:
+    mp_clear(&gcd);
+
+    return res;
+
+} /* end mp_lcm() */
+
+/* }}} */
+
+/* {{{ mp_xgcd(a, b, g, x, y) */
+
+/*
+  mp_xgcd(a, b, g, x, y)
+
+  Compute g = (a, b) and values x and y satisfying Bezout's identity
+  (that is, ax + by = g).  This uses the binary extended GCD algorithm
+  based on the Stein algorithm used for mp_gcd()
+  See algorithm 14.61 in Handbook of Applied Cryptogrpahy.
+ */
+
+mp_err
+mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y)
+{
+    mp_int gx, xc, yc, u, v, A, B, C, D;
+    mp_int *clean[9];
+    mp_err res;
+    int last = -1;
+
+    if (mp_cmp_z(b) == 0)
+        return MP_RANGE;
+
+    /* Initialize all these variables we need */
+    MP_CHECKOK(mp_init(&u));
+    clean[++last] = &u;
+    MP_CHECKOK(mp_init(&v));
+    clean[++last] = &v;
+    MP_CHECKOK(mp_init(&gx));
+    clean[++last] = &gx;
+    MP_CHECKOK(mp_init(&A));
+    clean[++last] = &A;
+    MP_CHECKOK(mp_init(&B));
+    clean[++last] = &B;
+    MP_CHECKOK(mp_init(&C));
+    clean[++last] = &C;
+    MP_CHECKOK(mp_init(&D));
+    clean[++last] = &D;
+    MP_CHECKOK(mp_init_copy(&xc, a));
+    clean[++last] = &xc;
+    mp_abs(&xc, &xc);
+    MP_CHECKOK(mp_init_copy(&yc, b));
+    clean[++last] = &yc;
+    mp_abs(&yc, &yc);
+
+    mp_set(&gx, 1);
+
+    /* Divide by two until at least one of them is odd */
+    while (mp_iseven(&xc) && mp_iseven(&yc)) {
+        mp_size nx = mp_trailing_zeros(&xc);
+        mp_size ny = mp_trailing_zeros(&yc);
+        mp_size n = MP_MIN(nx, ny);
+        s_mp_div_2d(&xc, n);
+        s_mp_div_2d(&yc, n);
+        MP_CHECKOK(s_mp_mul_2d(&gx, n));
+    }
+
+    MP_CHECKOK(mp_copy(&xc, &u));
+    MP_CHECKOK(mp_copy(&yc, &v));
+    mp_set(&A, 1);
+    mp_set(&D, 1);
+
+    /* Loop through binary GCD algorithm */
+    do {
+        while (mp_iseven(&u)) {
+            s_mp_div_2(&u);
+
+            if (mp_iseven(&A) && mp_iseven(&B)) {
+                s_mp_div_2(&A);
+                s_mp_div_2(&B);
+            } else {
+                MP_CHECKOK(mp_add(&A, &yc, &A));
+                s_mp_div_2(&A);
+                MP_CHECKOK(mp_sub(&B, &xc, &B));
+                s_mp_div_2(&B);
+            }
+        }
+
+        while (mp_iseven(&v)) {
+            s_mp_div_2(&v);
+
+            if (mp_iseven(&C) && mp_iseven(&D)) {
+                s_mp_div_2(&C);
+                s_mp_div_2(&D);
+            } else {
+                MP_CHECKOK(mp_add(&C, &yc, &C));
+                s_mp_div_2(&C);
+                MP_CHECKOK(mp_sub(&D, &xc, &D));
+                s_mp_div_2(&D);
+            }
+        }
+
+        if (mp_cmp(&u, &v) >= 0) {
+            MP_CHECKOK(mp_sub(&u, &v, &u));
+            MP_CHECKOK(mp_sub(&A, &C, &A));
+            MP_CHECKOK(mp_sub(&B, &D, &B));
+        } else {
+            MP_CHECKOK(mp_sub(&v, &u, &v));
+            MP_CHECKOK(mp_sub(&C, &A, &C));
+            MP_CHECKOK(mp_sub(&D, &B, &D));
+        }
+    } while (mp_cmp_z(&u) != 0);
+
+    /* copy results to output */
+    if (x)
+        MP_CHECKOK(mp_copy(&C, x));
+
+    if (y)
+        MP_CHECKOK(mp_copy(&D, y));
+
+    if (g)
+        MP_CHECKOK(mp_mul(&gx, &v, g));
+
+CLEANUP:
+    while (last >= 0)
+        mp_clear(clean[last--]);
+
+    return res;
+
+} /* end mp_xgcd() */
+
+/* }}} */
+
+mp_size
+mp_trailing_zeros(const mp_int *mp)
+{
+    mp_digit d;
+    mp_size n = 0;
+    unsigned int ix;
+
+    if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp))
+        return n;
+
+    for (ix = 0; !(d = MP_DIGIT(mp, ix)) && (ix < MP_USED(mp)); ++ix)
+        n += MP_DIGIT_BIT;
+    if (!d)
+        return 0; /* shouldn't happen, but ... */
+#if !defined(MP_USE_UINT_DIGIT)
+    if (!(d & 0xffffffffU)) {
+        d >>= 32;
+        n += 32;
+    }
+#endif
+    if (!(d & 0xffffU)) {
+        d >>= 16;
+        n += 16;
+    }
+    if (!(d & 0xffU)) {
+        d >>= 8;
+        n += 8;
+    }
+    if (!(d & 0xfU)) {
+        d >>= 4;
+        n += 4;
+    }
+    if (!(d & 0x3U)) {
+        d >>= 2;
+        n += 2;
+    }
+    if (!(d & 0x1U)) {
+        d >>= 1;
+        n += 1;
+    }
+#if MP_ARGCHK == 2
+    assert(0 != (d & 1));
+#endif
+    return n;
+}
+
+/* Given a and prime p, computes c and k such that a*c == 2**k (mod p).
+** Returns k (positive) or error (negative).
+** This technique from the paper "Fast Modular Reciprocals" (unpublished)
+** by Richard Schroeppel (a.k.a. Captain Nemo).
+*/
+mp_err
+s_mp_almost_inverse(const mp_int *a, const mp_int *p, mp_int *c)
+{
+    mp_err res;
+    mp_err k = 0;
+    mp_int d, f, g;
+
+    ARGCHK(a && p && c, MP_BADARG);
+
+    MP_DIGITS(&d) = 0;
+    MP_DIGITS(&f) = 0;
+    MP_DIGITS(&g) = 0;
+    MP_CHECKOK(mp_init(&d));
+    MP_CHECKOK(mp_init_copy(&f, a)); /* f = a */
+    MP_CHECKOK(mp_init_copy(&g, p)); /* g = p */
+
+    mp_set(c, 1);
+    mp_zero(&d);
+
+    if (mp_cmp_z(&f) == 0) {
+        res = MP_UNDEF;
+    } else
+        for (;;) {
+            int diff_sign;
+            while (mp_iseven(&f)) {
+                mp_size n = mp_trailing_zeros(&f);
+                if (!n) {
+                    res = MP_UNDEF;
+                    goto CLEANUP;
+                }
+                s_mp_div_2d(&f, n);
+                MP_CHECKOK(s_mp_mul_2d(&d, n));
+                k += n;
+            }
+            if (mp_cmp_d(&f, 1) == MP_EQ) { /* f == 1 */
+                res = k;
+                break;
+            }
+            diff_sign = mp_cmp(&f, &g);
+            if (diff_sign < 0) { /* f < g */
+                s_mp_exch(&f, &g);
+                s_mp_exch(c, &d);
+            } else if (diff_sign == 0) { /* f == g */
+                res = MP_UNDEF;          /* a and p are not relatively prime */
+                break;
+            }
+            if ((MP_DIGIT(&f, 0) % 4) == (MP_DIGIT(&g, 0) % 4)) {
+                MP_CHECKOK(mp_sub(&f, &g, &f)); /* f = f - g */
+                MP_CHECKOK(mp_sub(c, &d, c));   /* c = c - d */
+            } else {
+                MP_CHECKOK(mp_add(&f, &g, &f)); /* f = f + g */
+                MP_CHECKOK(mp_add(c, &d, c));   /* c = c + d */
+            }
+        }
+    if (res >= 0) {
+        while (MP_SIGN(c) != MP_ZPOS) {
+            MP_CHECKOK(mp_add(c, p, c));
+        }
+        res = k;
+    }
+
+CLEANUP:
+    mp_clear(&d);
+    mp_clear(&f);
+    mp_clear(&g);
+    return res;
+}
+
+/* Compute T = (P ** -1) mod MP_RADIX.  Also works for 16-bit mp_digits.
+** This technique from the paper "Fast Modular Reciprocals" (unpublished)
+** by Richard Schroeppel (a.k.a. Captain Nemo).
+*/
+mp_digit
+s_mp_invmod_radix(mp_digit P)
+{
+    mp_digit T = P;
+    T *= 2 - (P * T);
+    T *= 2 - (P * T);
+    T *= 2 - (P * T);
+    T *= 2 - (P * T);
+#if !defined(MP_USE_UINT_DIGIT)
+    T *= 2 - (P * T);
+    T *= 2 - (P * T);
+#endif
+    return T;
+}
+
+/* Given c, k, and prime p, where a*c == 2**k (mod p),
+** Compute x = (a ** -1) mod p.  This is similar to Montgomery reduction.
+** This technique from the paper "Fast Modular Reciprocals" (unpublished)
+** by Richard Schroeppel (a.k.a. Captain Nemo).
+*/
+mp_err
+s_mp_fixup_reciprocal(const mp_int *c, const mp_int *p, int k, mp_int *x)
+{
+    int k_orig = k;
+    mp_digit r;
+    mp_size ix;
+    mp_err res;
+
+    if (mp_cmp_z(c) < 0) {           /* c < 0 */
+        MP_CHECKOK(mp_add(c, p, x)); /* x = c + p */
+    } else {
+        MP_CHECKOK(mp_copy(c, x)); /* x = c */
+    }
+
+    /* make sure x is large enough */
+    ix = MP_HOWMANY(k, MP_DIGIT_BIT) + MP_USED(p) + 1;
+    ix = MP_MAX(ix, MP_USED(x));
+    MP_CHECKOK(s_mp_pad(x, ix));
+
+    r = 0 - s_mp_invmod_radix(MP_DIGIT(p, 0));
+
+    for (ix = 0; k > 0; ix++) {
+        int j = MP_MIN(k, MP_DIGIT_BIT);
+        mp_digit v = r * MP_DIGIT(x, ix);
+        if (j < MP_DIGIT_BIT) {
+            v &= ((mp_digit)1 << j) - 1; /* v = v mod (2 ** j) */
+        }
+        s_mp_mul_d_add_offset(p, v, x, ix); /* x += p * v * (RADIX ** ix) */
+        k -= j;
+    }
+    s_mp_clamp(x);
+    s_mp_div_2d(x, k_orig);
+    res = MP_OKAY;
+
+CLEANUP:
+    return res;
+}
+
+/* compute mod inverse using Schroeppel's method, only if m is odd */
+mp_err
+s_mp_invmod_odd_m(const mp_int *a, const mp_int *m, mp_int *c)
+{
+    int k;
+    mp_err res;
+    mp_int x;
+
+    ARGCHK(a && m && c, MP_BADARG);
+
+    if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+        return MP_RANGE;
+    if (mp_iseven(m))
+        return MP_UNDEF;
+
+    MP_DIGITS(&x) = 0;
+
+    if (a == c) {
+        if ((res = mp_init_copy(&x, a)) != MP_OKAY)
+            return res;
+        if (a == m)
+            m = &x;
+        a = &x;
+    } else if (m == c) {
+        if ((res = mp_init_copy(&x, m)) != MP_OKAY)
+            return res;
+        m = &x;
+    } else {
+        MP_DIGITS(&x) = 0;
+    }
+
+    MP_CHECKOK(s_mp_almost_inverse(a, m, c));
+    k = res;
+    MP_CHECKOK(s_mp_fixup_reciprocal(c, m, k, c));
+CLEANUP:
+    mp_clear(&x);
+    return res;
+}
+
+/* Known good algorithm for computing modular inverse.  But slow. */
+mp_err
+mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c)
+{
+    mp_int g, x;
+    mp_err res;
+
+    ARGCHK(a && m && c, MP_BADARG);
+
+    if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+        return MP_RANGE;
+
+    MP_DIGITS(&g) = 0;
+    MP_DIGITS(&x) = 0;
+    MP_CHECKOK(mp_init(&x));
+    MP_CHECKOK(mp_init(&g));
+
+    MP_CHECKOK(mp_xgcd(a, m, &g, &x, NULL));
+
+    if (mp_cmp_d(&g, 1) != MP_EQ) {
+        res = MP_UNDEF;
+        goto CLEANUP;
+    }
+
+    res = mp_mod(&x, m, c);
+    SIGN(c) = SIGN(a);
+
+CLEANUP:
+    mp_clear(&x);
+    mp_clear(&g);
+
+    return res;
+}
+
+/* modular inverse where modulus is 2**k. */
+/* c = a**-1 mod 2**k */
+mp_err
+s_mp_invmod_2d(const mp_int *a, mp_size k, mp_int *c)
+{
+    mp_err res;
+    mp_size ix = k + 4;
+    mp_int t0, t1, val, tmp, two2k;
+
+    static const mp_digit d2 = 2;
+    static const mp_int two = { MP_ZPOS, 1, 1, (mp_digit *)&d2 };
+
+    if (mp_iseven(a))
+        return MP_UNDEF;
+    if (k <= MP_DIGIT_BIT) {
+        mp_digit i = s_mp_invmod_radix(MP_DIGIT(a, 0));
+        if (k < MP_DIGIT_BIT)
+            i &= ((mp_digit)1 << k) - (mp_digit)1;
+        mp_set(c, i);
+        return MP_OKAY;
+    }
+    MP_DIGITS(&t0) = 0;
+    MP_DIGITS(&t1) = 0;
+    MP_DIGITS(&val) = 0;
+    MP_DIGITS(&tmp) = 0;
+    MP_DIGITS(&two2k) = 0;
+    MP_CHECKOK(mp_init_copy(&val, a));
+    s_mp_mod_2d(&val, k);
+    MP_CHECKOK(mp_init_copy(&t0, &val));
+    MP_CHECKOK(mp_init_copy(&t1, &t0));
+    MP_CHECKOK(mp_init(&tmp));
+    MP_CHECKOK(mp_init(&two2k));
+    MP_CHECKOK(s_mp_2expt(&two2k, k));
+    do {
+        MP_CHECKOK(mp_mul(&val, &t1, &tmp));
+        MP_CHECKOK(mp_sub(&two, &tmp, &tmp));
+        MP_CHECKOK(mp_mul(&t1, &tmp, &t1));
+        s_mp_mod_2d(&t1, k);
+        while (MP_SIGN(&t1) != MP_ZPOS) {
+            MP_CHECKOK(mp_add(&t1, &two2k, &t1));
+        }
+        if (mp_cmp(&t1, &t0) == MP_EQ)
+            break;
+        MP_CHECKOK(mp_copy(&t1, &t0));
+    } while (--ix > 0);
+    if (!ix) {
+        res = MP_UNDEF;
+    } else {
+        mp_exch(c, &t1);
+    }
+
+CLEANUP:
+    mp_clear(&t0);
+    mp_clear(&t1);
+    mp_clear(&val);
+    mp_clear(&tmp);
+    mp_clear(&two2k);
+    return res;
+}
+
+mp_err
+s_mp_invmod_even_m(const mp_int *a, const mp_int *m, mp_int *c)
+{
+    mp_err res;
+    mp_size k;
+    mp_int oddFactor, evenFactor; /* factors of the modulus */
+    mp_int oddPart, evenPart;     /* parts to combine via CRT. */
+    mp_int C2, tmp1, tmp2;
+
+    /*static const mp_digit d1 = 1; */
+    /*static const mp_int one = { MP_ZPOS, 1, 1, (mp_digit *)&d1 }; */
+
+    if ((res = s_mp_ispow2(m)) >= 0) {
+        k = res;
+        return s_mp_invmod_2d(a, k, c);
+    }
+    MP_DIGITS(&oddFactor) = 0;
+    MP_DIGITS(&evenFactor) = 0;
+    MP_DIGITS(&oddPart) = 0;
+    MP_DIGITS(&evenPart) = 0;
+    MP_DIGITS(&C2) = 0;
+    MP_DIGITS(&tmp1) = 0;
+    MP_DIGITS(&tmp2) = 0;
+
+    MP_CHECKOK(mp_init_copy(&oddFactor, m)); /* oddFactor = m */
+    MP_CHECKOK(mp_init(&evenFactor));
+    MP_CHECKOK(mp_init(&oddPart));
+    MP_CHECKOK(mp_init(&evenPart));
+    MP_CHECKOK(mp_init(&C2));
+    MP_CHECKOK(mp_init(&tmp1));
+    MP_CHECKOK(mp_init(&tmp2));
+
+    k = mp_trailing_zeros(m);
+    s_mp_div_2d(&oddFactor, k);
+    MP_CHECKOK(s_mp_2expt(&evenFactor, k));
+
+    /* compute a**-1 mod oddFactor. */
+    MP_CHECKOK(s_mp_invmod_odd_m(a, &oddFactor, &oddPart));
+    /* compute a**-1 mod evenFactor, where evenFactor == 2**k. */
+    MP_CHECKOK(s_mp_invmod_2d(a, k, &evenPart));
+
+    /* Use Chinese Remainer theorem to compute a**-1 mod m. */
+    /* let m1 = oddFactor,  v1 = oddPart,
+     * let m2 = evenFactor, v2 = evenPart.
+     */
+
+    /* Compute C2 = m1**-1 mod m2. */
+    MP_CHECKOK(s_mp_invmod_2d(&oddFactor, k, &C2));
+
+    /* compute u = (v2 - v1)*C2 mod m2 */
+    MP_CHECKOK(mp_sub(&evenPart, &oddPart, &tmp1));
+    MP_CHECKOK(mp_mul(&tmp1, &C2, &tmp2));
+    s_mp_mod_2d(&tmp2, k);
+    while (MP_SIGN(&tmp2) != MP_ZPOS) {
+        MP_CHECKOK(mp_add(&tmp2, &evenFactor, &tmp2));
+    }
+
+    /* compute answer = v1 + u*m1 */
+    MP_CHECKOK(mp_mul(&tmp2, &oddFactor, c));
+    MP_CHECKOK(mp_add(&oddPart, c, c));
+    /* not sure this is necessary, but it's low cost if not. */
+    MP_CHECKOK(mp_mod(c, m, c));
+
+CLEANUP:
+    mp_clear(&oddFactor);
+    mp_clear(&evenFactor);
+    mp_clear(&oddPart);
+    mp_clear(&evenPart);
+    mp_clear(&C2);
+    mp_clear(&tmp1);
+    mp_clear(&tmp2);
+    return res;
+}
+
+/* {{{ mp_invmod(a, m, c) */
+
+/*
+  mp_invmod(a, m, c)
+
+  Compute c = a^-1 (mod m), if there is an inverse for a (mod m).
+  This is equivalent to the question of whether (a, m) = 1.  If not,
+  MP_UNDEF is returned, and there is no inverse.
+ */
+
+mp_err
+mp_invmod(const mp_int *a, const mp_int *m, mp_int *c)
+{
+
+    ARGCHK(a && m && c, MP_BADARG);
+
+    if (mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0)
+        return MP_RANGE;
+
+    if (mp_isodd(m)) {
+        return s_mp_invmod_odd_m(a, m, c);
+    }
+    if (mp_iseven(a))
+        return MP_UNDEF; /* not invertable */
+
+    return s_mp_invmod_even_m(a, m, c);
+
+} /* end mp_invmod() */
+
+/* }}} */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ mp_print(mp, ofp) */
+
+#if MP_IOFUNC
+/*
+  mp_print(mp, ofp)
+
+  Print a textual representation of the given mp_int on the output
+  stream 'ofp'.  Output is generated using the internal radix.
+ */
+
+void
+mp_print(mp_int *mp, FILE *ofp)
+{
+    int ix;
+
+    if (mp == NULL || ofp == NULL)
+        return;
+
+    fputc((SIGN(mp) == NEG) ? '-' : '+', ofp);
+
+    for (ix = USED(mp) - 1; ix >= 0; ix--) {
+        fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix));
+    }
+
+} /* end mp_print() */
+
+#endif /* if MP_IOFUNC */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* {{{ More I/O Functions */
+
+/* {{{ mp_read_raw(mp, str, len) */
+
+/*
+   mp_read_raw(mp, str, len)
+
+   Read in a raw value (base 256) into the given mp_int
+ */
+
+mp_err
+mp_read_raw(mp_int *mp, char *str, int len)
+{
+    int ix;
+    mp_err res;
+    unsigned char *ustr = (unsigned char *)str;
+
+    ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
+
+    mp_zero(mp);
+
+    /* Get sign from first byte */
+    if (ustr[0])
+        SIGN(mp) = NEG;
+    else
+        SIGN(mp) = ZPOS;
+
+    /* Read the rest of the digits */
+    for (ix = 1; ix < len; ix++) {
+        if ((res = mp_mul_d(mp, 256, mp)) != MP_OKAY)
+            return res;
+        if ((res = mp_add_d(mp, ustr[ix], mp)) != MP_OKAY)
+            return res;
+    }
+
+    return MP_OKAY;
+
+} /* end mp_read_raw() */
+
+/* }}} */
+
+/* {{{ mp_raw_size(mp) */
+
+int
+mp_raw_size(mp_int *mp)
+{
+    ARGCHK(mp != NULL, 0);
+
+    return (USED(mp) * sizeof(mp_digit)) + 1;
+
+} /* end mp_raw_size() */
+
+/* }}} */
+
+/* {{{ mp_toraw(mp, str) */
+
+mp_err
+mp_toraw(mp_int *mp, char *str)
+{
+    int ix, jx, pos = 1;
+
+    ARGCHK(mp != NULL && str != NULL, MP_BADARG);
+
+    str[0] = (char)SIGN(mp);
+
+    /* Iterate over each digit... */
+    for (ix = USED(mp) - 1; ix >= 0; ix--) {
+        mp_digit d = DIGIT(mp, ix);
+
+        /* Unpack digit bytes, high order first */
+        for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+            str[pos++] = (char)(d >> (jx * CHAR_BIT));
+        }
+    }
+
+    return MP_OKAY;
+
+} /* end mp_toraw() */
+
+/* }}} */
+
+/* {{{ mp_read_radix(mp, str, radix) */
+
+/*
+  mp_read_radix(mp, str, radix)
+
+  Read an integer from the given string, and set mp to the resulting
+  value.  The input is presumed to be in base 10.  Leading non-digit
+  characters are ignored, and the function reads until a non-digit
+  character or the end of the string.
+ */
+
+mp_err
+mp_read_radix(mp_int *mp, const char *str, int radix)
+{
+    int ix = 0, val = 0;
+    mp_err res;
+    mp_sign sig = ZPOS;
+
+    ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX,
+           MP_BADARG);
+
+    mp_zero(mp);
+
+    /* Skip leading non-digit characters until a digit or '-' or '+' */
+    while (str[ix] &&
+           (s_mp_tovalue(str[ix], radix) < 0) &&
+           str[ix] != '-' &&
+           str[ix] != '+') {
+        ++ix;
+    }
+
+    if (str[ix] == '-') {
+        sig = NEG;
+        ++ix;
+    } else if (str[ix] == '+') {
+        sig = ZPOS; /* this is the default anyway... */
+        ++ix;
+    }
+
+    while ((val = s_mp_tovalue(str[ix], radix)) >= 0) {
+        if ((res = s_mp_mul_d(mp, radix)) != MP_OKAY)
+            return res;
+        if ((res = s_mp_add_d(mp, val)) != MP_OKAY)
+            return res;
+        ++ix;
+    }
+
+    if (s_mp_cmp_d(mp, 0) == MP_EQ)
+        SIGN(mp) = ZPOS;
+    else
+        SIGN(mp) = sig;
+
+    return MP_OKAY;
+
+} /* end mp_read_radix() */
+
+mp_err
+mp_read_variable_radix(mp_int *a, const char *str, int default_radix)
+{
+    int radix = default_radix;
+    int cx;
+    mp_sign sig = ZPOS;
+    mp_err res;
+
+    /* Skip leading non-digit characters until a digit or '-' or '+' */
+    while ((cx = *str) != 0 &&
+           (s_mp_tovalue(cx, radix) < 0) &&
+           cx != '-' &&
+           cx != '+') {
+        ++str;
+    }
+
+    if (cx == '-') {
+        sig = NEG;
+        ++str;
+    } else if (cx == '+') {
+        sig = ZPOS; /* this is the default anyway... */
+        ++str;
+    }
+
+    if (str[0] == '0') {
+        if ((str[1] | 0x20) == 'x') {
+            radix = 16;
+            str += 2;
+        } else {
+            radix = 8;
+            str++;
+        }
+    }
+    res = mp_read_radix(a, str, radix);
+    if (res == MP_OKAY) {
+        MP_SIGN(a) = (s_mp_cmp_d(a, 0) == MP_EQ) ? ZPOS : sig;
+    }
+    return res;
+}
+
+/* }}} */
+
+/* {{{ mp_radix_size(mp, radix) */
+
+int
+mp_radix_size(mp_int *mp, int radix)
+{
+    int bits;
+
+    if (!mp || radix < 2 || radix > MAX_RADIX)
+        return 0;
+
+    bits = USED(mp) * DIGIT_BIT - 1;
+
+    return s_mp_outlen(bits, radix);
+
+} /* end mp_radix_size() */
+
+/* }}} */
+
+/* {{{ mp_toradix(mp, str, radix) */
+
+mp_err
+mp_toradix(mp_int *mp, char *str, int radix)
+{
+    int ix, pos = 0;
+
+    ARGCHK(mp != NULL && str != NULL, MP_BADARG);
+    ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE);
+
+    if (mp_cmp_z(mp) == MP_EQ) {
+        str[0] = '0';
+        str[1] = '\0';
+    } else {
+        mp_err res;
+        mp_int tmp;
+        mp_sign sgn;
+        mp_digit rem, rdx = (mp_digit)radix;
+        char ch;
+
+        if ((res = mp_init_copy(&tmp, mp)) != MP_OKAY)
+            return res;
+
+        /* Save sign for later, and take absolute value */
+        sgn = SIGN(&tmp);
+        SIGN(&tmp) = ZPOS;
+
+        /* Generate output digits in reverse order      */
+        while (mp_cmp_z(&tmp) != 0) {
+            if ((res = mp_div_d(&tmp, rdx, &tmp, &rem)) != MP_OKAY) {
+                mp_clear(&tmp);
+                return res;
+            }
+
+            /* Generate digits, use capital letters */
+            ch = s_mp_todigit(rem, radix, 0);
+
+            str[pos++] = ch;
+        }
+
+        /* Add - sign if original value was negative */
+        if (sgn == NEG)
+            str[pos++] = '-';
+
+        /* Add trailing NUL to end the string        */
+        str[pos--] = '\0';
+
+        /* Reverse the digits and sign indicator     */
+        ix = 0;
+        while (ix < pos) {
+            char tmp = str[ix];
+
+            str[ix] = str[pos];
+            str[pos] = tmp;
+            ++ix;
+            --pos;
+        }
+
+        mp_clear(&tmp);
+    }
+
+    return MP_OKAY;
+
+} /* end mp_toradix() */
+
+/* }}} */
+
+/* {{{ mp_tovalue(ch, r) */
+
+int
+mp_tovalue(char ch, int r)
+{
+    return s_mp_tovalue(ch, r);
+
+} /* end mp_tovalue() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ mp_strerror(ec) */
+
+/*
+  mp_strerror(ec)
+
+  Return a string describing the meaning of error code 'ec'.  The
+  string returned is allocated in static memory, so the caller should
+  not attempt to modify or free the memory associated with this
+  string.
+ */
+const char *
+mp_strerror(mp_err ec)
+{
+    int aec = (ec < 0) ? -ec : ec;
+
+    /* Code values are negative, so the senses of these comparisons
+     are accurate */
+    if (ec < MP_LAST_CODE || ec > MP_OKAY) {
+        return mp_err_string[0]; /* unknown error code */
+    } else {
+        return mp_err_string[aec + 1];
+    }
+
+} /* end mp_strerror() */
+
+/* }}} */
+
+/*========================================================================*/
+/*------------------------------------------------------------------------*/
+/* Static function definitions (internal use only)                        */
+
+/* {{{ Memory management */
+
+/* {{{ s_mp_grow(mp, min) */
+
+/* Make sure there are at least 'min' digits allocated to mp              */
+mp_err
+s_mp_grow(mp_int *mp, mp_size min)
+{
+    if (min > ALLOC(mp)) {
+        mp_digit *tmp;
+
+        /* Set min to next nearest default precision block size */
+        min = MP_ROUNDUP(min, s_mp_defprec);
+
+        if ((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL)
+            return MP_MEM;
+
+        s_mp_copy(DIGITS(mp), tmp, USED(mp));
+
+        s_mp_setz(DIGITS(mp), ALLOC(mp));
+        s_mp_free(DIGITS(mp));
+        DIGITS(mp) = tmp;
+        ALLOC(mp) = min;
+    }
+
+    return MP_OKAY;
+
+} /* end s_mp_grow() */
+
+/* }}} */
+
+/* {{{ s_mp_pad(mp, min) */
+
+/* Make sure the used size of mp is at least 'min', growing if needed     */
+mp_err
+s_mp_pad(mp_int *mp, mp_size min)
+{
+    if (min > USED(mp)) {
+        mp_err res;
+
+        /* Make sure there is room to increase precision  */
+        if (min > ALLOC(mp)) {
+            if ((res = s_mp_grow(mp, min)) != MP_OKAY)
+                return res;
+        } else {
+            s_mp_setz(DIGITS(mp) + USED(mp), min - USED(mp));
+        }
+
+        /* Increase precision; should already be 0-filled */
+        USED(mp) = min;
+    }
+
+    return MP_OKAY;
+
+} /* end s_mp_pad() */
+
+/* }}} */
+
+/* {{{ s_mp_setz(dp, count) */
+
+/* Set 'count' digits pointed to by dp to be zeroes                       */
+void
+s_mp_setz(mp_digit *dp, mp_size count)
+{
+#if MP_MEMSET == 0
+    int ix;
+
+    for (ix = 0; ix < count; ix++)
+        dp[ix] = 0;
+#else
+    memset(dp, 0, count * sizeof(mp_digit));
+#endif
+
+} /* end s_mp_setz() */
+
+/* }}} */
+
+/* {{{ s_mp_copy(sp, dp, count) */
+
+/* Copy 'count' digits from sp to dp                                      */
+void
+s_mp_copy(const mp_digit *sp, mp_digit *dp, mp_size count)
+{
+#if MP_MEMCPY == 0
+    int ix;
+
+    for (ix = 0; ix < count; ix++)
+        dp[ix] = sp[ix];
+#else
+    memcpy(dp, sp, count * sizeof(mp_digit));
+#endif
+} /* end s_mp_copy() */
+
+/* }}} */
+
+/* {{{ s_mp_alloc(nb, ni) */
+
+/* Allocate ni records of nb bytes each, and return a pointer to that     */
+void *
+s_mp_alloc(size_t nb, size_t ni)
+{
+    return calloc(nb, ni);
+
+} /* end s_mp_alloc() */
+
+/* }}} */
+
+/* {{{ s_mp_free(ptr) */
+
+/* Free the memory pointed to by ptr                                      */
+void
+s_mp_free(void *ptr)
+{
+    if (ptr) {
+        free(ptr);
+    }
+} /* end s_mp_free() */
+
+/* }}} */
+
+/* {{{ s_mp_clamp(mp) */
+
+/* Remove leading zeroes from the given value                             */
+void
+s_mp_clamp(mp_int *mp)
+{
+    mp_size used = MP_USED(mp);
+    while (used > 1 && DIGIT(mp, used - 1) == 0)
+        --used;
+    MP_USED(mp) = used;
+} /* end s_mp_clamp() */
+
+/* }}} */
+
+/* {{{ s_mp_exch(a, b) */
+
+/* Exchange the data for a and b; (b, a) = (a, b)                         */
+void
+s_mp_exch(mp_int *a, mp_int *b)
+{
+    mp_int tmp;
+
+    tmp = *a;
+    *a = *b;
+    *b = tmp;
+
+} /* end s_mp_exch() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Arithmetic helpers */
+
+/* {{{ s_mp_lshd(mp, p) */
+
+/*
+   Shift mp leftward by p digits, growing if needed, and zero-filling
+   the in-shifted digits at the right end.  This is a convenient
+   alternative to multiplication by powers of the radix
+ */
+
+mp_err
+s_mp_lshd(mp_int *mp, mp_size p)
+{
+    mp_err res;
+    unsigned int ix;
+
+    if (p == 0)
+        return MP_OKAY;
+
+    if (MP_USED(mp) == 1 && MP_DIGIT(mp, 0) == 0)
+        return MP_OKAY;
+
+    if ((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY)
+        return res;
+
+    /* Shift all the significant figures over as needed */
+    for (ix = USED(mp) - p; ix-- > 0;) {
+        DIGIT(mp, ix + p) = DIGIT(mp, ix);
+    }
+
+    /* Fill the bottom digits with zeroes */
+    for (ix = 0; (mp_size)ix < p; ix++)
+        DIGIT(mp, ix) = 0;
+
+    return MP_OKAY;
+
+} /* end s_mp_lshd() */
+
+/* }}} */
+
+/* {{{ s_mp_mul_2d(mp, d) */
+
+/*
+  Multiply the integer by 2^d, where d is a number of bits.  This
+  amounts to a bitwise shift of the value.
+ */
+mp_err
+s_mp_mul_2d(mp_int *mp, mp_digit d)
+{
+    mp_err res;
+    mp_digit dshift, bshift;
+    mp_digit mask;
+
+    ARGCHK(mp != NULL, MP_BADARG);
+
+    dshift = d / MP_DIGIT_BIT;
+    bshift = d % MP_DIGIT_BIT;
+    /* bits to be shifted out of the top word */
+    if (bshift) {
+        mask = (mp_digit)~0 << (MP_DIGIT_BIT - bshift);
+        mask &= MP_DIGIT(mp, MP_USED(mp) - 1);
+    } else {
+        mask = 0;
+    }
+
+    if (MP_OKAY != (res = s_mp_pad(mp, MP_USED(mp) + dshift + (mask != 0))))
+        return res;
+
+    if (dshift && MP_OKAY != (res = s_mp_lshd(mp, dshift)))
+        return res;
+
+    if (bshift) {
+        mp_digit *pa = MP_DIGITS(mp);
+        mp_digit *alim = pa + MP_USED(mp);
+        mp_digit prev = 0;
+
+        for (pa += dshift; pa < alim;) {
+            mp_digit x = *pa;
+            *pa++ = (x << bshift) | prev;
+            prev = x >> (DIGIT_BIT - bshift);
+        }
+    }
+
+    s_mp_clamp(mp);
+    return MP_OKAY;
+} /* end s_mp_mul_2d() */
+
+/* {{{ s_mp_rshd(mp, p) */
+
+/*
+   Shift mp rightward by p digits.  Maintains the invariant that
+   digits above the precision are all zero.  Digits shifted off the
+   end are lost.  Cannot fail.
+ */
+
+void
+s_mp_rshd(mp_int *mp, mp_size p)
+{
+    mp_size ix;
+    mp_digit *src, *dst;
+
+    if (p == 0)
+        return;
+
+    /* Shortcut when all digits are to be shifted off */
+    if (p >= USED(mp)) {
+        s_mp_setz(DIGITS(mp), ALLOC(mp));
+        USED(mp) = 1;
+        SIGN(mp) = ZPOS;
+        return;
+    }
+
+    /* Shift all the significant figures over as needed */
+    dst = MP_DIGITS(mp);
+    src = dst + p;
+    for (ix = USED(mp) - p; ix > 0; ix--)
+        *dst++ = *src++;
+
+    MP_USED(mp) -= p;
+    /* Fill the top digits with zeroes */
+    while (p-- > 0)
+        *dst++ = 0;
+
+} /* end s_mp_rshd() */
+
+/* }}} */
+
+/* {{{ s_mp_div_2(mp) */
+
+/* Divide by two -- take advantage of radix properties to do it fast      */
+void
+s_mp_div_2(mp_int *mp)
+{
+    s_mp_div_2d(mp, 1);
+
+} /* end s_mp_div_2() */
+
+/* }}} */
+
+/* {{{ s_mp_mul_2(mp) */
+
+mp_err
+s_mp_mul_2(mp_int *mp)
+{
+    mp_digit *pd;
+    unsigned int ix, used;
+    mp_digit kin = 0;
+
+    /* Shift digits leftward by 1 bit */
+    used = MP_USED(mp);
+    pd = MP_DIGITS(mp);
+    for (ix = 0; ix < used; ix++) {
+        mp_digit d = *pd;
+        *pd++ = (d << 1) | kin;
+        kin = (d >> (DIGIT_BIT - 1));
+    }
+
+    /* Deal with rollover from last digit */
+    if (kin) {
+        if (ix >= ALLOC(mp)) {
+            mp_err res;
+            if ((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY)
+                return res;
+        }
+
+        DIGIT(mp, ix) = kin;
+        USED(mp) += 1;
+    }
+
+    return MP_OKAY;
+
+} /* end s_mp_mul_2() */
+
+/* }}} */
+
+/* {{{ s_mp_mod_2d(mp, d) */
+
+/*
+  Remainder the integer by 2^d, where d is a number of bits.  This
+  amounts to a bitwise AND of the value, and does not require the full
+  division code
+ */
+void
+s_mp_mod_2d(mp_int *mp, mp_digit d)
+{
+    mp_size ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT);
+    mp_size ix;
+    mp_digit dmask;
+
+    if (ndig >= USED(mp))
+        return;
+
+    /* Flush all the bits above 2^d in its digit */
+    dmask = ((mp_digit)1 << nbit) - 1;
+    DIGIT(mp, ndig) &= dmask;
+
+    /* Flush all digits above the one with 2^d in it */
+    for (ix = ndig + 1; ix < USED(mp); ix++)
+        DIGIT(mp, ix) = 0;
+
+    s_mp_clamp(mp);
+
+} /* end s_mp_mod_2d() */
+
+/* }}} */
+
+/* {{{ s_mp_div_2d(mp, d) */
+
+/*
+  Divide the integer by 2^d, where d is a number of bits.  This
+  amounts to a bitwise shift of the value, and does not require the
+  full division code (used in Barrett reduction, see below)
+ */
+void
+s_mp_div_2d(mp_int *mp, mp_digit d)
+{
+    int ix;
+    mp_digit save, next, mask;
+
+    s_mp_rshd(mp, d / DIGIT_BIT);
+    d %= DIGIT_BIT;
+    if (d) {
+        mask = ((mp_digit)1 << d) - 1;
+        save = 0;
+        for (ix = USED(mp) - 1; ix >= 0; ix--) {
+            next = DIGIT(mp, ix) & mask;
+            DIGIT(mp, ix) = (DIGIT(mp, ix) >> d) | (save << (DIGIT_BIT - d));
+            save = next;
+        }
+    }
+    s_mp_clamp(mp);
+
+} /* end s_mp_div_2d() */
+
+/* }}} */
+
+/* {{{ s_mp_norm(a, b, *d) */
+
+/*
+  s_mp_norm(a, b, *d)
+
+  Normalize a and b for division, where b is the divisor.  In order
+  that we might make good guesses for quotient digits, we want the
+  leading digit of b to be at least half the radix, which we
+  accomplish by multiplying a and b by a power of 2.  The exponent
+  (shift count) is placed in *pd, so that the remainder can be shifted
+  back at the end of the division process.
+ */
+
+mp_err
+s_mp_norm(mp_int *a, mp_int *b, mp_digit *pd)
+{
+    mp_digit d;
+    mp_digit mask;
+    mp_digit b_msd;
+    mp_err res = MP_OKAY;
+
+    d = 0;
+    mask = DIGIT_MAX & ~(DIGIT_MAX >> 1); /* mask is msb of digit */
+    b_msd = DIGIT(b, USED(b) - 1);
+    while (!(b_msd & mask)) {
+        b_msd <<= 1;
+        ++d;
+    }
+
+    if (d) {
+        MP_CHECKOK(s_mp_mul_2d(a, d));
+        MP_CHECKOK(s_mp_mul_2d(b, d));
+    }
+
+    *pd = d;
+CLEANUP:
+    return res;
+
+} /* end s_mp_norm() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Primitive digit arithmetic */
+
+/* {{{ s_mp_add_d(mp, d) */
+
+/* Add d to |mp| in place                                                 */
+mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    mp_word w, k = 0;
+    mp_size ix = 1;
+
+    w = (mp_word)DIGIT(mp, 0) + d;
+    DIGIT(mp, 0) = ACCUM(w);
+    k = CARRYOUT(w);
+
+    while (ix < USED(mp) && k) {
+        w = (mp_word)DIGIT(mp, ix) + k;
+        DIGIT(mp, ix) = ACCUM(w);
+        k = CARRYOUT(w);
+        ++ix;
+    }
+
+    if (k != 0) {
+        mp_err res;
+
+        if ((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY)
+            return res;
+
+        DIGIT(mp, ix) = (mp_digit)k;
+    }
+
+    return MP_OKAY;
+#else
+    mp_digit *pmp = MP_DIGITS(mp);
+    mp_digit sum, mp_i, carry = 0;
+    mp_err res = MP_OKAY;
+    int used = (int)MP_USED(mp);
+
+    mp_i = *pmp;
+    *pmp++ = sum = d + mp_i;
+    carry = (sum < d);
+    while (carry && --used > 0) {
+        mp_i = *pmp;
+        *pmp++ = sum = carry + mp_i;
+        carry = !sum;
+    }
+    if (carry && !used) {
+        /* mp is growing */
+        used = MP_USED(mp);
+        MP_CHECKOK(s_mp_pad(mp, used + 1));
+        MP_DIGIT(mp, used) = carry;
+    }
+CLEANUP:
+    return res;
+#endif
+} /* end s_mp_add_d() */
+
+/* }}} */
+
+/* {{{ s_mp_sub_d(mp, d) */
+
+/* Subtract d from |mp| in place, assumes |mp| > d                        */
+mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    mp_word w, b = 0;
+    mp_size ix = 1;
+
+    /* Compute initial subtraction    */
+    w = (RADIX + (mp_word)DIGIT(mp, 0)) - d;
+    b = CARRYOUT(w) ? 0 : 1;
+    DIGIT(mp, 0) = ACCUM(w);
+
+    /* Propagate borrows leftward     */
+    while (b && ix < USED(mp)) {
+        w = (RADIX + (mp_word)DIGIT(mp, ix)) - b;
+        b = CARRYOUT(w) ? 0 : 1;
+        DIGIT(mp, ix) = ACCUM(w);
+        ++ix;
+    }
+
+    /* Remove leading zeroes          */
+    s_mp_clamp(mp);
+
+    /* If we have a borrow out, it's a violation of the input invariant */
+    if (b)
+        return MP_RANGE;
+    else
+        return MP_OKAY;
+#else
+    mp_digit *pmp = MP_DIGITS(mp);
+    mp_digit mp_i, diff, borrow;
+    mp_size used = MP_USED(mp);
+
+    mp_i = *pmp;
+    *pmp++ = diff = mp_i - d;
+    borrow = (diff > mp_i);
+    while (borrow && --used) {
+        mp_i = *pmp;
+        *pmp++ = diff = mp_i - borrow;
+        borrow = (diff > mp_i);
+    }
+    s_mp_clamp(mp);
+    return (borrow && !used) ? MP_RANGE : MP_OKAY;
+#endif
+} /* end s_mp_sub_d() */
+
+/* }}} */
+
+/* {{{ s_mp_mul_d(a, d) */
+
+/* Compute a = a * d, single digit multiplication                         */
+mp_err
+s_mp_mul_d(mp_int *a, mp_digit d)
+{
+    mp_err res;
+    mp_size used;
+    int pow;
+
+    if (!d) {
+        mp_zero(a);
+        return MP_OKAY;
+    }
+    if (d == 1)
+        return MP_OKAY;
+    if (0 <= (pow = s_mp_ispow2d(d))) {
+        return s_mp_mul_2d(a, (mp_digit)pow);
+    }
+
+    used = MP_USED(a);
+    MP_CHECKOK(s_mp_pad(a, used + 1));
+
+    s_mpv_mul_d(MP_DIGITS(a), used, d, MP_DIGITS(a));
+
+    s_mp_clamp(a);
+
+CLEANUP:
+    return res;
+
+} /* end s_mp_mul_d() */
+
+/* }}} */
+
+/* {{{ s_mp_div_d(mp, d, r) */
+
+/*
+  s_mp_div_d(mp, d, r)
+
+  Compute the quotient mp = mp / d and remainder r = mp mod d, for a
+  single digit d.  If r is null, the remainder will be discarded.
+ */
+
+mp_err
+s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+    mp_word w = 0, q;
+#else
+    mp_digit w = 0, q;
+#endif
+    int ix;
+    mp_err res;
+    mp_int quot;
+    mp_int rem;
+
+    if (d == 0)
+        return MP_RANGE;
+    if (d == 1) {
+        if (r)
+            *r = 0;
+        return MP_OKAY;
+    }
+    /* could check for power of 2 here, but mp_div_d does that. */
+    if (MP_USED(mp) == 1) {
+        mp_digit n = MP_DIGIT(mp, 0);
+        mp_digit rem;
+
+        q = n / d;
+        rem = n % d;
+        MP_DIGIT(mp, 0) = q;
+        if (r)
+            *r = rem;
+        return MP_OKAY;
+    }
+
+    MP_DIGITS(&rem) = 0;
+    MP_DIGITS(&quot) = 0;
+    /* Make room for the quotient */
+    MP_CHECKOK(mp_init_size(&quot, USED(mp)));
+
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+    for (ix = USED(mp) - 1; ix >= 0; ix--) {
+        w = (w << DIGIT_BIT) | DIGIT(mp, ix);
+
+        if (w >= d) {
+            q = w / d;
+            w = w % d;
+        } else {
+            q = 0;
+        }
+
+        s_mp_lshd(&quot, 1);
+        DIGIT(&quot, 0) = (mp_digit)q;
+    }
+#else
+    {
+        mp_digit p;
+#if !defined(MP_ASSEMBLY_DIV_2DX1D)
+        mp_digit norm;
+#endif
+
+        MP_CHECKOK(mp_init_copy(&rem, mp));
+
+#if !defined(MP_ASSEMBLY_DIV_2DX1D)
+        MP_DIGIT(&quot, 0) = d;
+        MP_CHECKOK(s_mp_norm(&rem, &quot, &norm));
+        if (norm)
+            d <<= norm;
+        MP_DIGIT(&quot, 0) = 0;
+#endif
+
+        p = 0;
+        for (ix = USED(&rem) - 1; ix >= 0; ix--) {
+            w = DIGIT(&rem, ix);
+
+            if (p) {
+                MP_CHECKOK(s_mpv_div_2dx1d(p, w, d, &q, &w));
+            } else if (w >= d) {
+                q = w / d;
+                w = w % d;
+            } else {
+                q = 0;
+            }
+
+            MP_CHECKOK(s_mp_lshd(&quot, 1));
+            DIGIT(&quot, 0) = q;
+            p = w;
+        }
+#if !defined(MP_ASSEMBLY_DIV_2DX1D)
+        if (norm)
+            w >>= norm;
+#endif
+    }
+#endif
+
+    /* Deliver the remainder, if desired */
+    if (r) {
+        *r = (mp_digit)w;
+    }
+
+    s_mp_clamp(&quot);
+    mp_exch(&quot, mp);
+CLEANUP:
+    mp_clear(&quot);
+    mp_clear(&rem);
+
+    return res;
+} /* end s_mp_div_d() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Primitive full arithmetic */
+
+/* {{{ s_mp_add(a, b) */
+
+/* Compute a = |a| + |b|                                                  */
+mp_err s_mp_add(mp_int *a, const mp_int *b) /* magnitude addition      */
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    mp_word w = 0;
+#else
+    mp_digit d, sum, carry = 0;
+#endif
+    mp_digit *pa, *pb;
+    mp_size ix;
+    mp_size used;
+    mp_err res;
+
+    /* Make sure a has enough precision for the output value */
+    if ((USED(b) > USED(a)) && (res = s_mp_pad(a, USED(b))) != MP_OKAY)
+        return res;
+
+    /*
+      Add up all digits up to the precision of b.  If b had initially
+      the same precision as a, or greater, we took care of it by the
+      padding step above, so there is no problem.  If b had initially
+      less precision, we'll have to make sure the carry out is duly
+      propagated upward among the higher-order digits of the sum.
+     */
+    pa = MP_DIGITS(a);
+    pb = MP_DIGITS(b);
+    used = MP_USED(b);
+    for (ix = 0; ix < used; ix++) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+        w = w + *pa + *pb++;
+        *pa++ = ACCUM(w);
+        w = CARRYOUT(w);
+#else
+        d = *pa;
+        sum = d + *pb++;
+        d = (sum < d); /* detect overflow */
+        *pa++ = sum += carry;
+        carry = d + (sum < carry); /* detect overflow */
+#endif
+    }
+
+    /* If we run out of 'b' digits before we're actually done, make
+       sure the carries get propagated upward...
+     */
+    used = MP_USED(a);
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    while (w && ix < used) {
+        w = w + *pa;
+        *pa++ = ACCUM(w);
+        w = CARRYOUT(w);
+        ++ix;
+    }
+#else
+    while (carry && ix < used) {
+        sum = carry + *pa;
+        *pa++ = sum;
+        carry = !sum;
+        ++ix;
+    }
+#endif
+
+/* If there's an overall carry out, increase precision and include
+     it.  We could have done this initially, but why touch the memory
+     allocator unless we're sure we have to?
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    if (w) {
+        if ((res = s_mp_pad(a, used + 1)) != MP_OKAY)
+            return res;
+
+        DIGIT(a, ix) = (mp_digit)w;
+    }
+#else
+    if (carry) {
+        if ((res = s_mp_pad(a, used + 1)) != MP_OKAY)
+            return res;
+
+        DIGIT(a, used) = carry;
+    }
+#endif
+
+    return MP_OKAY;
+} /* end s_mp_add() */
+
+/* }}} */
+
+/* Compute c = |a| + |b|         */ /* magnitude addition      */
+mp_err
+s_mp_add_3arg(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_digit *pa, *pb, *pc;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    mp_word w = 0;
+#else
+    mp_digit sum, carry = 0, d;
+#endif
+    mp_size ix;
+    mp_size used;
+    mp_err res;
+
+    MP_SIGN(c) = MP_SIGN(a);
+    if (MP_USED(a) < MP_USED(b)) {
+        const mp_int *xch = a;
+        a = b;
+        b = xch;
+    }
+
+    /* Make sure a has enough precision for the output value */
+    if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
+        return res;
+
+    /*
+     Add up all digits up to the precision of b.  If b had initially
+     the same precision as a, or greater, we took care of it by the
+     exchange step above, so there is no problem.  If b had initially
+     less precision, we'll have to make sure the carry out is duly
+     propagated upward among the higher-order digits of the sum.
+    */
+    pa = MP_DIGITS(a);
+    pb = MP_DIGITS(b);
+    pc = MP_DIGITS(c);
+    used = MP_USED(b);
+    for (ix = 0; ix < used; ix++) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+        w = w + *pa++ + *pb++;
+        *pc++ = ACCUM(w);
+        w = CARRYOUT(w);
+#else
+        d = *pa++;
+        sum = d + *pb++;
+        d = (sum < d); /* detect overflow */
+        *pc++ = sum += carry;
+        carry = d + (sum < carry); /* detect overflow */
+#endif
+    }
+
+    /* If we run out of 'b' digits before we're actually done, make
+     sure the carries get propagated upward...
+   */
+    for (used = MP_USED(a); ix < used; ++ix) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+        w = w + *pa++;
+        *pc++ = ACCUM(w);
+        w = CARRYOUT(w);
+#else
+        *pc++ = sum = carry + *pa++;
+        carry = (sum < carry);
+#endif
+    }
+
+/* If there's an overall carry out, increase precision and include
+     it.  We could have done this initially, but why touch the memory
+     allocator unless we're sure we have to?
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    if (w) {
+        if ((res = s_mp_pad(c, used + 1)) != MP_OKAY)
+            return res;
+
+        DIGIT(c, used) = (mp_digit)w;
+        ++used;
+    }
+#else
+    if (carry) {
+        if ((res = s_mp_pad(c, used + 1)) != MP_OKAY)
+            return res;
+
+        DIGIT(c, used) = carry;
+        ++used;
+    }
+#endif
+    MP_USED(c) = used;
+    return MP_OKAY;
+}
+/* {{{ s_mp_add_offset(a, b, offset) */
+
+/* Compute a = |a| + ( |b| * (RADIX ** offset) )             */
+mp_err
+s_mp_add_offset(mp_int *a, mp_int *b, mp_size offset)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    mp_word w, k = 0;
+#else
+    mp_digit d, sum, carry = 0;
+#endif
+    mp_size ib;
+    mp_size ia;
+    mp_size lim;
+    mp_err res;
+
+    /* Make sure a has enough precision for the output value */
+    lim = MP_USED(b) + offset;
+    if ((lim > USED(a)) && (res = s_mp_pad(a, lim)) != MP_OKAY)
+        return res;
+
+    /*
+    Add up all digits up to the precision of b.  If b had initially
+    the same precision as a, or greater, we took care of it by the
+    padding step above, so there is no problem.  If b had initially
+    less precision, we'll have to make sure the carry out is duly
+    propagated upward among the higher-order digits of the sum.
+   */
+    lim = USED(b);
+    for (ib = 0, ia = offset; ib < lim; ib++, ia++) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+        w = (mp_word)DIGIT(a, ia) + DIGIT(b, ib) + k;
+        DIGIT(a, ia) = ACCUM(w);
+        k = CARRYOUT(w);
+#else
+        d = MP_DIGIT(a, ia);
+        sum = d + MP_DIGIT(b, ib);
+        d = (sum < d);
+        MP_DIGIT(a, ia) = sum += carry;
+        carry = d + (sum < carry);
+#endif
+    }
+
+/* If we run out of 'b' digits before we're actually done, make
+     sure the carries get propagated upward...
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    for (lim = MP_USED(a); k && (ia < lim); ++ia) {
+        w = (mp_word)DIGIT(a, ia) + k;
+        DIGIT(a, ia) = ACCUM(w);
+        k = CARRYOUT(w);
+    }
+#else
+    for (lim = MP_USED(a); carry && (ia < lim); ++ia) {
+        d = MP_DIGIT(a, ia);
+        MP_DIGIT(a, ia) = sum = d + carry;
+        carry = (sum < d);
+    }
+#endif
+
+/* If there's an overall carry out, increase precision and include
+     it.  We could have done this initially, but why touch the memory
+     allocator unless we're sure we have to?
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
+    if (k) {
+        if ((res = s_mp_pad(a, USED(a) + 1)) != MP_OKAY)
+            return res;
+
+        DIGIT(a, ia) = (mp_digit)k;
+    }
+#else
+    if (carry) {
+        if ((res = s_mp_pad(a, lim + 1)) != MP_OKAY)
+            return res;
+
+        DIGIT(a, lim) = carry;
+    }
+#endif
+    s_mp_clamp(a);
+
+    return MP_OKAY;
+
+} /* end s_mp_add_offset() */
+
+/* }}} */
+
+/* {{{ s_mp_sub(a, b) */
+
+/* Compute a = |a| - |b|, assumes |a| >= |b|                              */
+mp_err s_mp_sub(mp_int *a, const mp_int *b) /* magnitude subtract      */
+{
+    mp_digit *pa, *pb, *limit;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    mp_sword w = 0;
+#else
+    mp_digit d, diff, borrow = 0;
+#endif
+
+    /*
+    Subtract and propagate borrow.  Up to the precision of b, this
+    accounts for the digits of b; after that, we just make sure the
+    carries get to the right place.  This saves having to pad b out to
+    the precision of a just to make the loops work right...
+   */
+    pa = MP_DIGITS(a);
+    pb = MP_DIGITS(b);
+    limit = pb + MP_USED(b);
+    while (pb < limit) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+        w = w + *pa - *pb++;
+        *pa++ = ACCUM(w);
+        w >>= MP_DIGIT_BIT;
+#else
+        d = *pa;
+        diff = d - *pb++;
+        d = (diff > d); /* detect borrow */
+        if (borrow && --diff == MP_DIGIT_MAX)
+            ++d;
+        *pa++ = diff;
+        borrow = d;
+#endif
+    }
+    limit = MP_DIGITS(a) + MP_USED(a);
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    while (w && pa < limit) {
+        w = w + *pa;
+        *pa++ = ACCUM(w);
+        w >>= MP_DIGIT_BIT;
+    }
+#else
+    while (borrow && pa < limit) {
+        d = *pa;
+        *pa++ = diff = d - borrow;
+        borrow = (diff > d);
+    }
+#endif
+
+    /* Clobber any leading zeroes we created    */
+    s_mp_clamp(a);
+
+/*
+     If there was a borrow out, then |b| > |a| in violation
+     of our input invariant.  We've already done the work,
+     but we'll at least complain about it...
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    return w ? MP_RANGE : MP_OKAY;
+#else
+    return borrow ? MP_RANGE : MP_OKAY;
+#endif
+} /* end s_mp_sub() */
+
+/* }}} */
+
+/* Compute c = |a| - |b|, assumes |a| >= |b| */ /* magnitude subtract      */
+mp_err
+s_mp_sub_3arg(const mp_int *a, const mp_int *b, mp_int *c)
+{
+    mp_digit *pa, *pb, *pc;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    mp_sword w = 0;
+#else
+    mp_digit d, diff, borrow = 0;
+#endif
+    int ix, limit;
+    mp_err res;
+
+    MP_SIGN(c) = MP_SIGN(a);
+
+    /* Make sure a has enough precision for the output value */
+    if (MP_OKAY != (res = s_mp_pad(c, MP_USED(a))))
+        return res;
+
+    /*
+    Subtract and propagate borrow.  Up to the precision of b, this
+    accounts for the digits of b; after that, we just make sure the
+    carries get to the right place.  This saves having to pad b out to
+    the precision of a just to make the loops work right...
+   */
+    pa = MP_DIGITS(a);
+    pb = MP_DIGITS(b);
+    pc = MP_DIGITS(c);
+    limit = MP_USED(b);
+    for (ix = 0; ix < limit; ++ix) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+        w = w + *pa++ - *pb++;
+        *pc++ = ACCUM(w);
+        w >>= MP_DIGIT_BIT;
+#else
+        d = *pa++;
+        diff = d - *pb++;
+        d = (diff > d);
+        if (borrow && --diff == MP_DIGIT_MAX)
+            ++d;
+        *pc++ = diff;
+        borrow = d;
+#endif
+    }
+    for (limit = MP_USED(a); ix < limit; ++ix) {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+        w = w + *pa++;
+        *pc++ = ACCUM(w);
+        w >>= MP_DIGIT_BIT;
+#else
+        d = *pa++;
+        *pc++ = diff = d - borrow;
+        borrow = (diff > d);
+#endif
+    }
+
+    /* Clobber any leading zeroes we created    */
+    MP_USED(c) = ix;
+    s_mp_clamp(c);
+
+/*
+     If there was a borrow out, then |b| > |a| in violation
+     of our input invariant.  We've already done the work,
+     but we'll at least complain about it...
+   */
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_SUB_WORD)
+    return w ? MP_RANGE : MP_OKAY;
+#else
+    return borrow ? MP_RANGE : MP_OKAY;
+#endif
+}
+/* {{{ s_mp_mul(a, b) */
+
+/* Compute a = |a| * |b|                                                  */
+mp_err
+s_mp_mul(mp_int *a, const mp_int *b)
+{
+    return mp_mul(a, b, a);
+} /* end s_mp_mul() */
+
+/* }}} */
+
+#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
+/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
+#define MP_MUL_DxD(a, b, Phi, Plo)                              \
+    {                                                           \
+        unsigned long long product = (unsigned long long)a * b; \
+        Plo = (mp_digit)product;                                \
+        Phi = (mp_digit)(product >> MP_DIGIT_BIT);              \
+    }
+#elif defined(OSF1)
+#define MP_MUL_DxD(a, b, Phi, Plo)              \
+    {                                           \
+        Plo = asm("mulq %a0, %a1, %v0", a, b);  \
+        Phi = asm("umulh %a0, %a1, %v0", a, b); \
+    }
+#else
+#define MP_MUL_DxD(a, b, Phi, Plo)                                 \
+    {                                                              \
+        mp_digit a0b1, a1b0;                                       \
+        Plo = (a & MP_HALF_DIGIT_MAX) * (b & MP_HALF_DIGIT_MAX);   \
+        Phi = (a >> MP_HALF_DIGIT_BIT) * (b >> MP_HALF_DIGIT_BIT); \
+        a0b1 = (a & MP_HALF_DIGIT_MAX) * (b >> MP_HALF_DIGIT_BIT); \
+        a1b0 = (a >> MP_HALF_DIGIT_BIT) * (b & MP_HALF_DIGIT_MAX); \
+        a1b0 += a0b1;                                              \
+        Phi += a1b0 >> MP_HALF_DIGIT_BIT;                          \
+        if (a1b0 < a0b1)                                           \
+            Phi += MP_HALF_RADIX;                                  \
+        a1b0 <<= MP_HALF_DIGIT_BIT;                                \
+        Plo += a1b0;                                               \
+        if (Plo < a1b0)                                            \
+            ++Phi;                                                 \
+    }
+#endif
+
+#if !defined(MP_ASSEMBLY_MULTIPLY)
+/* c = a * b */
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+    mp_digit d = 0;
+
+    /* Inner product:  Digits of a */
+    while (a_len--) {
+        mp_word w = ((mp_word)b * *a++) + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+    *c = d;
+#else
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *a++;
+        mp_digit a0b0, a1b1;
+
+        MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+        a0b0 += carry;
+        if (a0b0 < carry)
+            ++a1b1;
+        *c++ = a0b0;
+        carry = a1b1;
+    }
+    *c = carry;
+#endif
+}
+
+/* c += a * b */
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b,
+                mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+    mp_digit d = 0;
+
+    /* Inner product:  Digits of a */
+    while (a_len--) {
+        mp_word w = ((mp_word)b * *a++) + *c + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+    *c = d;
+#else
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *a++;
+        mp_digit a0b0, a1b1;
+
+        MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+        a0b0 += carry;
+        if (a0b0 < carry)
+            ++a1b1;
+        a0b0 += a_i = *c;
+        if (a0b0 < a_i)
+            ++a1b1;
+        *c++ = a0b0;
+        carry = a1b1;
+    }
+    *c = carry;
+#endif
+}
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+    mp_digit d = 0;
+
+    /* Inner product:  Digits of a */
+    while (a_len--) {
+        mp_word w = ((mp_word)b * *a++) + *c + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+
+    while (d) {
+        mp_word w = (mp_word)*c + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+#else
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *a++;
+        mp_digit a0b0, a1b1;
+
+        MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+        a0b0 += carry;
+        if (a0b0 < carry)
+            ++a1b1;
+
+        a0b0 += a_i = *c;
+        if (a0b0 < a_i)
+            ++a1b1;
+
+        *c++ = a0b0;
+        carry = a1b1;
+    }
+    while (carry) {
+        mp_digit c_i = *c;
+        carry += c_i;
+        *c++ = carry;
+        carry = carry < c_i;
+    }
+#endif
+}
+#endif
+
+#if defined(MP_USE_UINT_DIGIT) && defined(MP_USE_LONG_LONG_MULTIPLY)
+/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
+#define MP_SQR_D(a, Phi, Plo)                                  \
+    {                                                          \
+        unsigned long long square = (unsigned long long)a * a; \
+        Plo = (mp_digit)square;                                \
+        Phi = (mp_digit)(square >> MP_DIGIT_BIT);              \
+    }
+#elif defined(OSF1)
+#define MP_SQR_D(a, Phi, Plo)                \
+    {                                        \
+        Plo = asm("mulq  %a0, %a0, %v0", a); \
+        Phi = asm("umulh %a0, %a0, %v0", a); \
+    }
+#else
+#define MP_SQR_D(a, Phi, Plo)                                      \
+    {                                                              \
+        mp_digit Pmid;                                             \
+        Plo = (a & MP_HALF_DIGIT_MAX) * (a & MP_HALF_DIGIT_MAX);   \
+        Phi = (a >> MP_HALF_DIGIT_BIT) * (a >> MP_HALF_DIGIT_BIT); \
+        Pmid = (a & MP_HALF_DIGIT_MAX) * (a >> MP_HALF_DIGIT_BIT); \
+        Phi += Pmid >> (MP_HALF_DIGIT_BIT - 1);                    \
+        Pmid <<= (MP_HALF_DIGIT_BIT + 1);                          \
+        Plo += Pmid;                                               \
+        if (Plo < Pmid)                                            \
+            ++Phi;                                                 \
+    }
+#endif
+
+#if !defined(MP_ASSEMBLY_SQUARE)
+/* Add the squares of the digits of a to the digits of b. */
+void
+s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
+{
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_MUL_WORD)
+    mp_word w;
+    mp_digit d;
+    mp_size ix;
+
+    w = 0;
+#define ADD_SQUARE(n)                     \
+    d = pa[n];                            \
+    w += (d * (mp_word)d) + ps[2 * n];    \
+    ps[2 * n] = ACCUM(w);                 \
+    w = (w >> DIGIT_BIT) + ps[2 * n + 1]; \
+    ps[2 * n + 1] = ACCUM(w);             \
+    w = (w >> DIGIT_BIT)
+
+    for (ix = a_len; ix >= 4; ix -= 4) {
+        ADD_SQUARE(0);
+        ADD_SQUARE(1);
+        ADD_SQUARE(2);
+        ADD_SQUARE(3);
+        pa += 4;
+        ps += 8;
+    }
+    if (ix) {
+        ps += 2 * ix;
+        pa += ix;
+        switch (ix) {
+            case 3:
+                ADD_SQUARE(-3); /* FALLTHRU */
+            case 2:
+                ADD_SQUARE(-2); /* FALLTHRU */
+            case 1:
+                ADD_SQUARE(-1); /* FALLTHRU */
+            case 0:
+                break;
+        }
+    }
+    while (w) {
+        w += *ps;
+        *ps++ = ACCUM(w);
+        w = (w >> DIGIT_BIT);
+    }
+#else
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *pa++;
+        mp_digit a0a0, a1a1;
+
+        MP_SQR_D(a_i, a1a1, a0a0);
+
+        /* here a1a1 and a0a0 constitute a_i ** 2 */
+        a0a0 += carry;
+        if (a0a0 < carry)
+            ++a1a1;
+
+        /* now add to ps */
+        a0a0 += a_i = *ps;
+        if (a0a0 < a_i)
+            ++a1a1;
+        *ps++ = a0a0;
+        a1a1 += a_i = *ps;
+        carry = (a1a1 < a_i);
+        *ps++ = a1a1;
+    }
+    while (carry) {
+        mp_digit s_i = *ps;
+        carry += s_i;
+        *ps++ = carry;
+        carry = carry < s_i;
+    }
+#endif
+}
+#endif
+
+#if (defined(MP_NO_MP_WORD) || defined(MP_NO_DIV_WORD)) && !defined(MP_ASSEMBLY_DIV_2DX1D)
+/*
+** Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+** so its high bit is 1.   This code is from NSPR.
+*/
+mp_err
+s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+                mp_digit *qp, mp_digit *rp)
+{
+    mp_digit d1, d0, q1, q0;
+    mp_digit r1, r0, m;
+
+    d1 = divisor >> MP_HALF_DIGIT_BIT;
+    d0 = divisor & MP_HALF_DIGIT_MAX;
+    r1 = Nhi % d1;
+    q1 = Nhi / d1;
+    m = q1 * d0;
+    r1 = (r1 << MP_HALF_DIGIT_BIT) | (Nlo >> MP_HALF_DIGIT_BIT);
+    if (r1 < m) {
+        q1--, r1 += divisor;
+        if (r1 >= divisor && r1 < m) {
+            q1--, r1 += divisor;
+        }
+    }
+    r1 -= m;
+    r0 = r1 % d1;
+    q0 = r1 / d1;
+    m = q0 * d0;
+    r0 = (r0 << MP_HALF_DIGIT_BIT) | (Nlo & MP_HALF_DIGIT_MAX);
+    if (r0 < m) {
+        q0--, r0 += divisor;
+        if (r0 >= divisor && r0 < m) {
+            q0--, r0 += divisor;
+        }
+    }
+    if (qp)
+        *qp = (q1 << MP_HALF_DIGIT_BIT) | q0;
+    if (rp)
+        *rp = r0 - m;
+    return MP_OKAY;
+}
+#endif
+
+#if MP_SQUARE
+/* {{{ s_mp_sqr(a) */
+
+mp_err
+s_mp_sqr(mp_int *a)
+{
+    mp_err res;
+    mp_int tmp;
+
+    if ((res = mp_init_size(&tmp, 2 * USED(a))) != MP_OKAY)
+        return res;
+    res = mp_sqr(a, &tmp);
+    if (res == MP_OKAY) {
+        s_mp_exch(&tmp, a);
+    }
+    mp_clear(&tmp);
+    return res;
+}
+
+/* }}} */
+#endif
+
+/* {{{ s_mp_div(a, b) */
+
+/*
+  s_mp_div(a, b)
+
+  Compute a = a / b and b = a mod b.  Assumes b > a.
+ */
+
+mp_err s_mp_div(mp_int *rem,  /* i: dividend, o: remainder */
+                mp_int *div,  /* i: divisor                */
+                mp_int *quot) /* i: 0;        o: quotient  */
+{
+    mp_int part, t;
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+    mp_word q_msd;
+#else
+    mp_digit q_msd;
+#endif
+    mp_err res;
+    mp_digit d;
+    mp_digit div_msd;
+    int ix;
+
+    if (mp_cmp_z(div) == 0)
+        return MP_RANGE;
+
+    DIGITS(&t) = 0;
+    /* Shortcut if divisor is power of two */
+    if ((ix = s_mp_ispow2(div)) >= 0) {
+        MP_CHECKOK(mp_copy(rem, quot));
+        s_mp_div_2d(quot, (mp_digit)ix);
+        s_mp_mod_2d(rem, (mp_digit)ix);
+
+        return MP_OKAY;
+    }
+
+    MP_SIGN(rem) = ZPOS;
+    MP_SIGN(div) = ZPOS;
+    MP_SIGN(&part) = ZPOS;
+
+    /* A working temporary for division     */
+    MP_CHECKOK(mp_init_size(&t, MP_ALLOC(rem)));
+
+    /* Normalize to optimize guessing       */
+    MP_CHECKOK(s_mp_norm(rem, div, &d));
+
+    /* Perform the division itself...woo!   */
+    MP_USED(quot) = MP_ALLOC(quot);
+
+    /* Find a partial substring of rem which is at least div */
+    /* If we didn't find one, we're finished dividing    */
+    while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) {
+        int i;
+        int unusedRem;
+        int partExtended = 0; /* set to true if we need to extend part */
+
+        unusedRem = MP_USED(rem) - MP_USED(div);
+        MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem;
+        MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem;
+        MP_USED(&part) = MP_USED(div);
+
+        /* We have now truncated the part of the remainder to the same length as
+     * the divisor. If part is smaller than div, extend part by one digit. */
+        if (s_mp_cmp(&part, div) < 0) {
+            --unusedRem;
+#if MP_ARGCHK == 2
+            assert(unusedRem >= 0);
+#endif
+            --MP_DIGITS(&part);
+            ++MP_USED(&part);
+            ++MP_ALLOC(&part);
+            partExtended = 1;
+        }
+
+        /* Compute a guess for the next quotient digit       */
+        q_msd = MP_DIGIT(&part, MP_USED(&part) - 1);
+        div_msd = MP_DIGIT(div, MP_USED(div) - 1);
+        if (!partExtended) {
+            /* In this case, q_msd /= div_msd is always 1. First, since div_msd is
+       * normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since
+       * we didn't extend part, q_msd >= div_msd. Therefore we know that
+       * div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we
+       * get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */
+            q_msd = 1;
+        } else {
+#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
+            q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2);
+            q_msd /= div_msd;
+            if (q_msd == RADIX)
+                --q_msd;
+#else
+            if (q_msd == div_msd) {
+                q_msd = MP_DIGIT_MAX;
+            } else {
+                mp_digit r;
+                MP_CHECKOK(s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2),
+                                           div_msd, &q_msd, &r));
+            }
+#endif
+        }
+#if MP_ARGCHK == 2
+        assert(q_msd > 0); /* This case should never occur any more. */
+#endif
+        if (q_msd <= 0)
+            break;
+
+        /* See what that multiplies out to                   */
+        mp_copy(div, &t);
+        MP_CHECKOK(s_mp_mul_d(&t, (mp_digit)q_msd));
+
+        /*
+       If it's too big, back it off.  We should not have to do this
+       more than once, or, in rare cases, twice.  Knuth describes a
+       method by which this could be reduced to a maximum of once, but
+       I didn't implement that here.
+     * When using s_mpv_div_2dx1d, we may have to do this 3 times.
+     */
+        for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) {
+            --q_msd;
+            MP_CHECKOK(s_mp_sub(&t, div)); /* t -= div */
+        }
+        if (i < 0) {
+            res = MP_RANGE;
+            goto CLEANUP;
+        }
+
+        /* At this point, q_msd should be the right next digit   */
+        MP_CHECKOK(s_mp_sub(&part, &t)); /* part -= t */
+        s_mp_clamp(rem);
+
+        /*
+      Include the digit in the quotient.  We allocated enough memory
+      for any quotient we could ever possibly get, so we should not
+      have to check for failures here
+     */
+        MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd;
+    }
+
+    /* Denormalize remainder                */
+    if (d) {
+        s_mp_div_2d(rem, d);
+    }
+
+    s_mp_clamp(quot);
+
+CLEANUP:
+    mp_clear(&t);
+
+    return res;
+
+} /* end s_mp_div() */
+
+/* }}} */
+
+/* {{{ s_mp_2expt(a, k) */
+
+mp_err
+s_mp_2expt(mp_int *a, mp_digit k)
+{
+    mp_err res;
+    mp_size dig, bit;
+
+    dig = k / DIGIT_BIT;
+    bit = k % DIGIT_BIT;
+
+    mp_zero(a);
+    if ((res = s_mp_pad(a, dig + 1)) != MP_OKAY)
+        return res;
+
+    DIGIT(a, dig) |= ((mp_digit)1 << bit);
+
+    return MP_OKAY;
+
+} /* end s_mp_2expt() */
+
+/* }}} */
+
+/* {{{ s_mp_reduce(x, m, mu) */
+
+/*
+  Compute Barrett reduction, x (mod m), given a precomputed value for
+  mu = b^2k / m, where b = RADIX and k = #digits(m).  This should be
+  faster than straight division, when many reductions by the same
+  value of m are required (such as in modular exponentiation).  This
+  can nearly halve the time required to do modular exponentiation,
+  as compared to using the full integer divide to reduce.
+
+  This algorithm was derived from the _Handbook of Applied
+  Cryptography_ by Menezes, Oorschot and VanStone, Ch. 14,
+  pp. 603-604.
+ */
+
+mp_err
+s_mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu)
+{
+    mp_int q;
+    mp_err res;
+
+    if ((res = mp_init_copy(&q, x)) != MP_OKAY)
+        return res;
+
+    s_mp_rshd(&q, USED(m) - 1); /* q1 = x / b^(k-1)  */
+    s_mp_mul(&q, mu);           /* q2 = q1 * mu      */
+    s_mp_rshd(&q, USED(m) + 1); /* q3 = q2 / b^(k+1) */
+
+    /* x = x mod b^(k+1), quick (no division) */
+    s_mp_mod_2d(x, DIGIT_BIT * (USED(m) + 1));
+
+    /* q = q * m mod b^(k+1), quick (no division) */
+    s_mp_mul(&q, m);
+    s_mp_mod_2d(&q, DIGIT_BIT * (USED(m) + 1));
+
+    /* x = x - q */
+    if ((res = mp_sub(x, &q, x)) != MP_OKAY)
+        goto CLEANUP;
+
+    /* If x < 0, add b^(k+1) to it */
+    if (mp_cmp_z(x) < 0) {
+        mp_set(&q, 1);
+        if ((res = s_mp_lshd(&q, USED(m) + 1)) != MP_OKAY)
+            goto CLEANUP;
+        if ((res = mp_add(x, &q, x)) != MP_OKAY)
+            goto CLEANUP;
+    }
+
+    /* Back off if it's too big */
+    while (mp_cmp(x, m) >= 0) {
+        if ((res = s_mp_sub(x, m)) != MP_OKAY)
+            break;
+    }
+
+CLEANUP:
+    mp_clear(&q);
+
+    return res;
+
+} /* end s_mp_reduce() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Primitive comparisons */
+
+/* {{{ s_mp_cmp(a, b) */
+
+/* Compare |a| <=> |b|, return 0 if equal, <0 if a<b, >0 if a>b           */
+int
+s_mp_cmp(const mp_int *a, const mp_int *b)
+{
+    mp_size used_a = MP_USED(a);
+    {
+        mp_size used_b = MP_USED(b);
+
+        if (used_a > used_b)
+            goto IS_GT;
+        if (used_a < used_b)
+            goto IS_LT;
+    }
+    {
+        mp_digit *pa, *pb;
+        mp_digit da = 0, db = 0;
+
+#define CMP_AB(n)                     \
+    if ((da = pa[n]) != (db = pb[n])) \
+    goto done
+
+        pa = MP_DIGITS(a) + used_a;
+        pb = MP_DIGITS(b) + used_a;
+        while (used_a >= 4) {
+            pa -= 4;
+            pb -= 4;
+            used_a -= 4;
+            CMP_AB(3);
+            CMP_AB(2);
+            CMP_AB(1);
+            CMP_AB(0);
+        }
+        while (used_a-- > 0 && ((da = *--pa) == (db = *--pb)))
+            /* do nothing */;
+    done:
+        if (da > db)
+            goto IS_GT;
+        if (da < db)
+            goto IS_LT;
+    }
+    return MP_EQ;
+IS_LT:
+    return MP_LT;
+IS_GT:
+    return MP_GT;
+} /* end s_mp_cmp() */
+
+/* }}} */
+
+/* {{{ s_mp_cmp_d(a, d) */
+
+/* Compare |a| <=> d, return 0 if equal, <0 if a<d, >0 if a>d             */
+int
+s_mp_cmp_d(const mp_int *a, mp_digit d)
+{
+    if (USED(a) > 1)
+        return MP_GT;
+
+    if (DIGIT(a, 0) < d)
+        return MP_LT;
+    else if (DIGIT(a, 0) > d)
+        return MP_GT;
+    else
+        return MP_EQ;
+
+} /* end s_mp_cmp_d() */
+
+/* }}} */
+
+/* {{{ s_mp_ispow2(v) */
+
+/*
+  Returns -1 if the value is not a power of two; otherwise, it returns
+  k such that v = 2^k, i.e. lg(v).
+ */
+int
+s_mp_ispow2(const mp_int *v)
+{
+    mp_digit d;
+    int extra = 0, ix;
+
+    ix = MP_USED(v) - 1;
+    d = MP_DIGIT(v, ix); /* most significant digit of v */
+
+    extra = s_mp_ispow2d(d);
+    if (extra < 0 || ix == 0)
+        return extra;
+
+    while (--ix >= 0) {
+        if (DIGIT(v, ix) != 0)
+            return -1; /* not a power of two */
+        extra += MP_DIGIT_BIT;
+    }
+
+    return extra;
+
+} /* end s_mp_ispow2() */
+
+/* }}} */
+
+/* {{{ s_mp_ispow2d(d) */
+
+int
+s_mp_ispow2d(mp_digit d)
+{
+    if ((d != 0) && ((d & (d - 1)) == 0)) { /* d is a power of 2 */
+        int pow = 0;
+#if defined(MP_USE_UINT_DIGIT)
+        if (d & 0xffff0000U)
+            pow += 16;
+        if (d & 0xff00ff00U)
+            pow += 8;
+        if (d & 0xf0f0f0f0U)
+            pow += 4;
+        if (d & 0xccccccccU)
+            pow += 2;
+        if (d & 0xaaaaaaaaU)
+            pow += 1;
+#elif defined(MP_USE_LONG_LONG_DIGIT)
+        if (d & 0xffffffff00000000ULL)
+            pow += 32;
+        if (d & 0xffff0000ffff0000ULL)
+            pow += 16;
+        if (d & 0xff00ff00ff00ff00ULL)
+            pow += 8;
+        if (d & 0xf0f0f0f0f0f0f0f0ULL)
+            pow += 4;
+        if (d & 0xccccccccccccccccULL)
+            pow += 2;
+        if (d & 0xaaaaaaaaaaaaaaaaULL)
+            pow += 1;
+#elif defined(MP_USE_LONG_DIGIT)
+        if (d & 0xffffffff00000000UL)
+            pow += 32;
+        if (d & 0xffff0000ffff0000UL)
+            pow += 16;
+        if (d & 0xff00ff00ff00ff00UL)
+            pow += 8;
+        if (d & 0xf0f0f0f0f0f0f0f0UL)
+            pow += 4;
+        if (d & 0xccccccccccccccccUL)
+            pow += 2;
+        if (d & 0xaaaaaaaaaaaaaaaaUL)
+            pow += 1;
+#else
+#error "unknown type for mp_digit"
+#endif
+        return pow;
+    }
+    return -1;
+
+} /* end s_mp_ispow2d() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ Primitive I/O helpers */
+
+/* {{{ s_mp_tovalue(ch, r) */
+
+/*
+  Convert the given character to its digit value, in the given radix.
+  If the given character is not understood in the given radix, -1 is
+  returned.  Otherwise the digit's numeric value is returned.
+
+  The results will be odd if you use a radix < 2 or > 62, you are
+  expected to know what you're up to.
+ */
+int
+s_mp_tovalue(char ch, int r)
+{
+    int val, xch;
+
+    if (r > 36)
+        xch = ch;
+    else
+        xch = toupper(ch);
+
+    if (isdigit(xch))
+        val = xch - '0';
+    else if (isupper(xch))
+        val = xch - 'A' + 10;
+    else if (islower(xch))
+        val = xch - 'a' + 36;
+    else if (xch == '+')
+        val = 62;
+    else if (xch == '/')
+        val = 63;
+    else
+        return -1;
+
+    if (val < 0 || val >= r)
+        return -1;
+
+    return val;
+
+} /* end s_mp_tovalue() */
+
+/* }}} */
+
+/* {{{ s_mp_todigit(val, r, low) */
+
+/*
+  Convert val to a radix-r digit, if possible.  If val is out of range
+  for r, returns zero.  Otherwise, returns an ASCII character denoting
+  the value in the given radix.
+
+  The results may be odd if you use a radix < 2 or > 64, you are
+  expected to know what you're doing.
+ */
+
+char
+s_mp_todigit(mp_digit val, int r, int low)
+{
+    char ch;
+
+    if (val >= r)
+        return 0;
+
+    ch = s_dmap_1[val];
+
+    if (r <= 36 && low)
+        ch = tolower(ch);
+
+    return ch;
+
+} /* end s_mp_todigit() */
+
+/* }}} */
+
+/* {{{ s_mp_outlen(bits, radix) */
+
+/*
+   Return an estimate for how long a string is needed to hold a radix
+   r representation of a number with 'bits' significant bits, plus an
+   extra for a zero terminator (assuming C style strings here)
+ */
+int
+s_mp_outlen(int bits, int r)
+{
+    return (int)((double)bits * LOG_V_2(r) + 1.5) + 1;
+
+} /* end s_mp_outlen() */
+
+/* }}} */
+
+/* }}} */
+
+/* {{{ mp_read_unsigned_octets(mp, str, len) */
+/* mp_read_unsigned_octets(mp, str, len)
+   Read in a raw value (base 256) into the given mp_int
+   No sign bit, number is positive.  Leading zeros ignored.
+ */
+
+mp_err
+mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len)
+{
+    int count;
+    mp_err res;
+    mp_digit d;
+
+    ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG);
+
+    mp_zero(mp);
+
+    count = len % sizeof(mp_digit);
+    if (count) {
+        for (d = 0; count-- > 0; --len) {
+            d = (d << 8) | *str++;
+        }
+        MP_DIGIT(mp, 0) = d;
+    }
+
+    /* Read the rest of the digits */
+    for (; len > 0; len -= sizeof(mp_digit)) {
+        for (d = 0, count = sizeof(mp_digit); count > 0; --count) {
+            d = (d << 8) | *str++;
+        }
+        if (MP_EQ == mp_cmp_z(mp)) {
+            if (!d)
+                continue;
+        } else {
+            if ((res = s_mp_lshd(mp, 1)) != MP_OKAY)
+                return res;
+        }
+        MP_DIGIT(mp, 0) = d;
+    }
+    return MP_OKAY;
+} /* end mp_read_unsigned_octets() */
+/* }}} */
+
+/* {{{ mp_unsigned_octet_size(mp) */
+unsigned int
+mp_unsigned_octet_size(const mp_int *mp)
+{
+    unsigned int bytes;
+    int ix;
+    mp_digit d = 0;
+
+    ARGCHK(mp != NULL, MP_BADARG);
+    ARGCHK(MP_ZPOS == SIGN(mp), MP_BADARG);
+
+    bytes = (USED(mp) * sizeof(mp_digit));
+
+    /* subtract leading zeros. */
+    /* Iterate over each digit... */
+    for (ix = USED(mp) - 1; ix >= 0; ix--) {
+        d = DIGIT(mp, ix);
+        if (d)
+            break;
+        bytes -= sizeof(d);
+    }
+    if (!bytes)
+        return 1;
+
+    /* Have MSD, check digit bytes, high order first */
+    for (ix = sizeof(mp_digit) - 1; ix >= 0; ix--) {
+        unsigned char x = (unsigned char)(d >> (ix * CHAR_BIT));
+        if (x)
+            break;
+        --bytes;
+    }
+    return bytes;
+} /* end mp_unsigned_octet_size() */
+/* }}} */
+
+/* {{{ mp_to_unsigned_octets(mp, str) */
+/* output a buffer of big endian octets no longer than specified. */
+mp_err
+mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
+{
+    int ix, pos = 0;
+    unsigned int bytes;
+
+    ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+    bytes = mp_unsigned_octet_size(mp);
+    ARGCHK(bytes <= maxlen, MP_BADARG);
+
+    /* Iterate over each digit... */
+    for (ix = USED(mp) - 1; ix >= 0; ix--) {
+        mp_digit d = DIGIT(mp, ix);
+        int jx;
+
+        /* Unpack digit bytes, high order first */
+        for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+            unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+            if (!pos && !x) /* suppress leading zeros */
+                continue;
+            str[pos++] = x;
+        }
+    }
+    if (!pos)
+        str[pos++] = 0;
+    return pos;
+} /* end mp_to_unsigned_octets() */
+/* }}} */
+
+/* {{{ mp_to_signed_octets(mp, str) */
+/* output a buffer of big endian octets no longer than specified. */
+mp_err
+mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
+{
+    int ix, pos = 0;
+    unsigned int bytes;
+
+    ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+    bytes = mp_unsigned_octet_size(mp);
+    ARGCHK(bytes <= maxlen, MP_BADARG);
+
+    /* Iterate over each digit... */
+    for (ix = USED(mp) - 1; ix >= 0; ix--) {
+        mp_digit d = DIGIT(mp, ix);
+        int jx;
+
+        /* Unpack digit bytes, high order first */
+        for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+            unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+            if (!pos) {
+                if (!x) /* suppress leading zeros */
+                    continue;
+                if (x & 0x80) { /* add one leading zero to make output positive.  */
+                    ARGCHK(bytes + 1 <= maxlen, MP_BADARG);
+                    if (bytes + 1 > maxlen)
+                        return MP_BADARG;
+                    str[pos++] = 0;
+                }
+            }
+            str[pos++] = x;
+        }
+    }
+    if (!pos)
+        str[pos++] = 0;
+    return pos;
+} /* end mp_to_signed_octets() */
+/* }}} */
+
+/* {{{ mp_to_fixlen_octets(mp, str) */
+/* output a buffer of big endian octets exactly as long as requested. */
+mp_err
+mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length)
+{
+    int ix, pos = 0;
+    unsigned int bytes;
+
+    ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
+
+    bytes = mp_unsigned_octet_size(mp);
+    ARGCHK(bytes <= length, MP_BADARG);
+
+    /* place any needed leading zeros */
+    for (; length > bytes; --length) {
+        *str++ = 0;
+    }
+
+    /* Iterate over each digit... */
+    for (ix = USED(mp) - 1; ix >= 0; ix--) {
+        mp_digit d = DIGIT(mp, ix);
+        int jx;
+
+        /* Unpack digit bytes, high order first */
+        for (jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
+            unsigned char x = (unsigned char)(d >> (jx * CHAR_BIT));
+            if (!pos && !x) /* suppress leading zeros */
+                continue;
+            str[pos++] = x;
+        }
+    }
+    if (!pos)
+        str[pos++] = 0;
+    return MP_OKAY;
+} /* end mp_to_fixlen_octets() */
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/mpi.h b/nss/lib/freebl/mpi/mpi.h
new file mode 100644
index 0000000..97af0f0
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi.h
@@ -0,0 +1,311 @@
+/*
+ *  mpi.h
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _H_MPI_
+#define _H_MPI_
+
+#include "mpi-config.h"
+
+#include "seccomon.h"
+SEC_BEGIN_PROTOS
+
+#if MP_DEBUG
+#undef MP_IOFUNC
+#define MP_IOFUNC 1
+#endif
+
+#if MP_IOFUNC
+#include <stdio.h>
+#include <ctype.h>
+#endif
+
+#include <limits.h>
+
+#if defined(BSDI)
+#undef ULLONG_MAX
+#endif
+
+#include <sys/types.h>
+
+#define MP_NEG 1
+#define MP_ZPOS 0
+
+#define MP_OKAY 0    /* no error, all is well */
+#define MP_YES 0     /* yes (boolean result)  */
+#define MP_NO -1     /* no (boolean result)   */
+#define MP_MEM -2    /* out of memory         */
+#define MP_RANGE -3  /* argument out of range */
+#define MP_BADARG -4 /* invalid parameter     */
+#define MP_UNDEF -5  /* answer is undefined   */
+#define MP_LAST_CODE MP_UNDEF
+
+typedef unsigned int mp_sign;
+typedef unsigned int mp_size;
+typedef int mp_err;
+
+#define MP_32BIT_MAX 4294967295U
+
+#if !defined(ULONG_MAX)
+#error "ULONG_MAX not defined"
+#elif !defined(UINT_MAX)
+#error "UINT_MAX not defined"
+#elif !defined(USHRT_MAX)
+#error "USHRT_MAX not defined"
+#endif
+
+#if defined(ULLONG_MAX) /* C99, Solaris */
+#define MP_ULONG_LONG_MAX ULLONG_MAX
+/* MP_ULONG_LONG_MAX was defined to be ULLONG_MAX */
+#elif defined(ULONG_LONG_MAX) /* HPUX */
+#define MP_ULONG_LONG_MAX ULONG_LONG_MAX
+#elif defined(ULONGLONG_MAX) /* IRIX, AIX */
+#define MP_ULONG_LONG_MAX ULONGLONG_MAX
+#endif
+
+/* We only use unsigned long for mp_digit iff long is more than 32 bits. */
+#if !defined(MP_USE_UINT_DIGIT) && ULONG_MAX > MP_32BIT_MAX
+typedef unsigned long mp_digit;
+#define MP_DIGIT_MAX ULONG_MAX
+#define MP_DIGIT_FMT "%016lX" /* printf() format for 1 digit */
+#define MP_HALF_DIGIT_MAX UINT_MAX
+#undef MP_NO_MP_WORD
+#define MP_NO_MP_WORD 1
+#undef MP_USE_LONG_DIGIT
+#define MP_USE_LONG_DIGIT 1
+#undef MP_USE_LONG_LONG_DIGIT
+
+#elif !defined(MP_USE_UINT_DIGIT) && defined(MP_ULONG_LONG_MAX)
+typedef unsigned long long mp_digit;
+#define MP_DIGIT_MAX MP_ULONG_LONG_MAX
+#define MP_DIGIT_FMT "%016llX" /* printf() format for 1 digit */
+#define MP_HALF_DIGIT_MAX UINT_MAX
+#undef MP_NO_MP_WORD
+#define MP_NO_MP_WORD 1
+#undef MP_USE_LONG_LONG_DIGIT
+#define MP_USE_LONG_LONG_DIGIT 1
+#undef MP_USE_LONG_DIGIT
+
+#else
+typedef unsigned int mp_digit;
+#define MP_DIGIT_MAX UINT_MAX
+#define MP_DIGIT_FMT "%08X" /* printf() format for 1 digit */
+#define MP_HALF_DIGIT_MAX USHRT_MAX
+#undef MP_USE_UINT_DIGIT
+#define MP_USE_UINT_DIGIT 1
+#undef MP_USE_LONG_LONG_DIGIT
+#undef MP_USE_LONG_DIGIT
+#endif
+
+#if !defined(MP_NO_MP_WORD)
+#if defined(MP_USE_UINT_DIGIT) && \
+    (defined(MP_ULONG_LONG_MAX) || (ULONG_MAX > UINT_MAX))
+
+#if (ULONG_MAX > UINT_MAX)
+typedef unsigned long mp_word;
+typedef long mp_sword;
+#define MP_WORD_MAX ULONG_MAX
+
+#else
+typedef unsigned long long mp_word;
+typedef long long mp_sword;
+#define MP_WORD_MAX MP_ULONG_LONG_MAX
+#endif
+
+#else
+#define MP_NO_MP_WORD 1
+#endif
+#endif /* !defined(MP_NO_MP_WORD) */
+
+#if !defined(MP_WORD_MAX) && defined(MP_DEFINE_SMALL_WORD)
+typedef unsigned int mp_word;
+typedef int mp_sword;
+#define MP_WORD_MAX UINT_MAX
+#endif
+
+#define MP_DIGIT_BIT (CHAR_BIT * sizeof(mp_digit))
+#define MP_WORD_BIT (CHAR_BIT * sizeof(mp_word))
+#define MP_RADIX (1 + (mp_word)MP_DIGIT_MAX)
+
+#define MP_HALF_DIGIT_BIT (MP_DIGIT_BIT / 2)
+#define MP_HALF_RADIX (1 + (mp_digit)MP_HALF_DIGIT_MAX)
+/* MP_HALF_RADIX really ought to be called MP_SQRT_RADIX, but it's named
+** MP_HALF_RADIX because it's the radix for MP_HALF_DIGITs, and it's
+** consistent with the other _HALF_ names.
+*/
+
+/* Macros for accessing the mp_int internals           */
+#define MP_SIGN(MP) ((MP)->sign)
+#define MP_USED(MP) ((MP)->used)
+#define MP_ALLOC(MP) ((MP)->alloc)
+#define MP_DIGITS(MP) ((MP)->dp)
+#define MP_DIGIT(MP, N) (MP)->dp[(N)]
+
+/* This defines the maximum I/O base (minimum is 2)   */
+#define MP_MAX_RADIX 64
+
+typedef struct {
+    mp_sign sign;  /* sign of this quantity      */
+    mp_size alloc; /* how many digits allocated  */
+    mp_size used;  /* how many digits used       */
+    mp_digit *dp;  /* the digits themselves      */
+} mp_int;
+
+/* Default precision       */
+mp_size mp_get_prec(void);
+void mp_set_prec(mp_size prec);
+
+/* Memory management       */
+mp_err mp_init(mp_int *mp);
+mp_err mp_init_size(mp_int *mp, mp_size prec);
+mp_err mp_init_copy(mp_int *mp, const mp_int *from);
+mp_err mp_copy(const mp_int *from, mp_int *to);
+void mp_exch(mp_int *mp1, mp_int *mp2);
+void mp_clear(mp_int *mp);
+void mp_zero(mp_int *mp);
+void mp_set(mp_int *mp, mp_digit d);
+mp_err mp_set_int(mp_int *mp, long z);
+#define mp_set_long(mp, z) mp_set_int(mp, z)
+mp_err mp_set_ulong(mp_int *mp, unsigned long z);
+
+/* Single digit arithmetic */
+mp_err mp_add_d(const mp_int *a, mp_digit d, mp_int *b);
+mp_err mp_sub_d(const mp_int *a, mp_digit d, mp_int *b);
+mp_err mp_mul_d(const mp_int *a, mp_digit d, mp_int *b);
+mp_err mp_mul_2(const mp_int *a, mp_int *c);
+mp_err mp_div_d(const mp_int *a, mp_digit d, mp_int *q, mp_digit *r);
+mp_err mp_div_2(const mp_int *a, mp_int *c);
+mp_err mp_expt_d(const mp_int *a, mp_digit d, mp_int *c);
+
+/* Sign manipulations      */
+mp_err mp_abs(const mp_int *a, mp_int *b);
+mp_err mp_neg(const mp_int *a, mp_int *b);
+
+/* Full arithmetic         */
+mp_err mp_add(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err mp_sub(const mp_int *a, const mp_int *b, mp_int *c);
+mp_err mp_mul(const mp_int *a, const mp_int *b, mp_int *c);
+#if MP_SQUARE
+mp_err mp_sqr(const mp_int *a, mp_int *b);
+#else
+#define mp_sqr(a, b) mp_mul(a, a, b)
+#endif
+mp_err mp_div(const mp_int *a, const mp_int *b, mp_int *q, mp_int *r);
+mp_err mp_div_2d(const mp_int *a, mp_digit d, mp_int *q, mp_int *r);
+mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c);
+mp_err mp_2expt(mp_int *a, mp_digit k);
+
+/* Modular arithmetic      */
+#if MP_MODARITH
+mp_err mp_mod(const mp_int *a, const mp_int *m, mp_int *c);
+mp_err mp_mod_d(const mp_int *a, mp_digit d, mp_digit *c);
+mp_err mp_addmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err mp_submod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+#if MP_SQUARE
+mp_err mp_sqrmod(const mp_int *a, const mp_int *m, mp_int *c);
+#else
+#define mp_sqrmod(a, m, c) mp_mulmod(a, a, m, c)
+#endif
+mp_err mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c);
+mp_err mp_exptmod_d(const mp_int *a, mp_digit d, const mp_int *m, mp_int *c);
+#endif /* MP_MODARITH */
+
+/* Comparisons             */
+int mp_cmp_z(const mp_int *a);
+int mp_cmp_d(const mp_int *a, mp_digit d);
+int mp_cmp(const mp_int *a, const mp_int *b);
+int mp_cmp_mag(const mp_int *a, const mp_int *b);
+int mp_isodd(const mp_int *a);
+int mp_iseven(const mp_int *a);
+
+/* Number theoretic        */
+mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c);
+mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c);
+mp_err mp_xgcd(const mp_int *a, const mp_int *b, mp_int *g, mp_int *x, mp_int *y);
+mp_err mp_invmod(const mp_int *a, const mp_int *m, mp_int *c);
+mp_err mp_invmod_xgcd(const mp_int *a, const mp_int *m, mp_int *c);
+
+/* Input and output        */
+#if MP_IOFUNC
+void mp_print(mp_int *mp, FILE *ofp);
+#endif /* end MP_IOFUNC */
+
+/* Base conversion         */
+mp_err mp_read_raw(mp_int *mp, char *str, int len);
+int mp_raw_size(mp_int *mp);
+mp_err mp_toraw(mp_int *mp, char *str);
+mp_err mp_read_radix(mp_int *mp, const char *str, int radix);
+mp_err mp_read_variable_radix(mp_int *a, const char *str, int default_radix);
+int mp_radix_size(mp_int *mp, int radix);
+mp_err mp_toradix(mp_int *mp, char *str, int radix);
+int mp_tovalue(char ch, int r);
+
+#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
+#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
+#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
+#define mp_tohex(M, S) mp_toradix((M), (S), 16)
+
+/* Error strings           */
+const char *mp_strerror(mp_err ec);
+
+/* Octet string conversion functions */
+mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len);
+unsigned int mp_unsigned_octet_size(const mp_int *mp);
+mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
+mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
+mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len);
+
+/* Miscellaneous */
+mp_size mp_trailing_zeros(const mp_int *mp);
+void freebl_cpuid(unsigned long op, unsigned long *eax,
+                  unsigned long *ebx, unsigned long *ecx,
+                  unsigned long *edx);
+
+#define MP_CHECKOK(x)          \
+    if (MP_OKAY > (res = (x))) \
+    goto CLEANUP
+#define MP_CHECKERR(x)         \
+    if (MP_OKAY > (res = (x))) \
+    goto CLEANUP
+
+#define NEG MP_NEG
+#define ZPOS MP_ZPOS
+#define DIGIT_MAX MP_DIGIT_MAX
+#define DIGIT_BIT MP_DIGIT_BIT
+#define DIGIT_FMT MP_DIGIT_FMT
+#define RADIX MP_RADIX
+#define MAX_RADIX MP_MAX_RADIX
+#define SIGN(MP) MP_SIGN(MP)
+#define USED(MP) MP_USED(MP)
+#define ALLOC(MP) MP_ALLOC(MP)
+#define DIGITS(MP) MP_DIGITS(MP)
+#define DIGIT(MP, N) MP_DIGIT(MP, N)
+
+#if MP_ARGCHK == 1
+#define ARGCHK(X, Y)    \
+    {                   \
+        if (!(X)) {     \
+            return (Y); \
+        }               \
+    }
+#elif MP_ARGCHK == 2
+#include <assert.h>
+#define ARGCHK(X, Y) assert(X)
+#else
+#define ARGCHK(X, Y) /*  */
+#endif
+
+#ifdef CT_VERIF
+void mp_taint(mp_int *mp);
+void mp_untaint(mp_int *mp);
+#endif
+
+SEC_END_PROTOS
+
+#endif /* end _H_MPI_ */
diff --git a/nss/lib/freebl/mpi/mpi_amd64.c b/nss/lib/freebl/mpi/mpi_amd64.c
new file mode 100644
index 0000000..9e538bb
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_amd64.c
@@ -0,0 +1,32 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MPI_AMD64
+#error This file only works on AMD64 platforms.
+#endif
+
+#include <mpi-priv.h>
+
+/*
+ * MPI glue
+ *
+ */
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+void MPI_ASM_DECL
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len,
+                     mp_digit b, mp_digit *c)
+{
+    mp_digit w;
+    mp_digit d;
+
+    d = s_mpv_mul_add_vec64(c, a, a_len, b);
+    c += a_len;
+    while (d) {
+        w = c[0] + d;
+        d = (w < c[0] || w < d);
+        *c++ = w;
+    }
+}
diff --git a/nss/lib/freebl/mpi/mpi_amd64_gas.s b/nss/lib/freebl/mpi/mpi_amd64_gas.s
new file mode 100644
index 0000000..ad6e2b9
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_amd64_gas.s
@@ -0,0 +1,389 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+# ------------------------------------------------------------------------
+#
+#  Implementation of s_mpv_mul_set_vec which exploits
+#  the 64X64->128 bit  unsigned multiply instruction.
+#
+# ------------------------------------------------------------------------
+
+# r = a * digit, r and a are vectors of length len
+# returns the carry digit
+# r and a are 64 bit aligned.
+#
+# uint64_t
+# s_mpv_mul_set_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+#
+
+.text; .align 16; .globl s_mpv_mul_set_vec64; .type s_mpv_mul_set_vec64, @function; s_mpv_mul_set_vec64:
+
+	xorq	%rax, %rax		# if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L17
+
+	movq	%rdx, %r8		# Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		# cy = 0
+
+.L15:
+	cmpq	$8, %r8			# 8 - len
+	jb	.L16
+	movq	0(%rsi), %rax		# rax = a[0]
+	movq	8(%rsi), %r11		# prefetch a[1]
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		# prefetch a[2]
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		# prefetch a[3]
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		# prefetch a[4]
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		# prefetch a[5]
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		# prefetch a[6]
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		# prefetch a[7]
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			# p = a[7] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 56(%rdi)		# r[7] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L17
+	jmp	.L15
+
+.L16:
+	movq	0(%rsi), %rax
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	8(%rsi), %rax
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	16(%rsi), %rax
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	24(%rsi), %rax
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	32(%rsi), %rax
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	40(%rsi), %rax
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	48(%rsi), %rax
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+
+.L17:
+	movq	%r9, %rax
+	ret
+
+.size s_mpv_mul_set_vec64, .-s_mpv_mul_set_vec64
+
+# ------------------------------------------------------------------------
+#
+#  Implementation of s_mpv_mul_add_vec which exploits
+#  the 64X64->128 bit  unsigned multiply instruction.
+#
+# ------------------------------------------------------------------------
+
+# r += a * digit, r and a are vectors of length len
+# returns the carry digit
+# r and a are 64 bit aligned.
+#
+# uint64_t
+# s_mpv_mul_add_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+#
+
+.text; .align 16; .globl s_mpv_mul_add_vec64; .type s_mpv_mul_add_vec64, @function; s_mpv_mul_add_vec64:
+
+	xorq	%rax, %rax		# if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L27
+
+	movq	%rdx, %r8		# Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		# cy = 0
+
+.L25:
+	cmpq	$8, %r8			# 8 - len
+	jb	.L26
+	movq	0(%rsi), %rax		# rax = a[0]
+	movq	0(%rdi), %r10		# r10 = r[0]
+	movq	8(%rsi), %r11		# prefetch a[1]
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[0]
+	movq	8(%rdi), %r10		# prefetch r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		# prefetch a[2]
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[1]
+	movq	16(%rdi), %r10		# prefetch r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		# prefetch a[3]
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[2]
+	movq	24(%rdi), %r10		# prefetch r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		# prefetch a[4]
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[3]
+	movq	32(%rdi), %r10		# prefetch r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		# prefetch a[5]
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[4]
+	movq	40(%rdi), %r10		# prefetch r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		# prefetch a[6]
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[5]
+	movq	48(%rdi), %r10		# prefetch r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		# prefetch a[7]
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[6]
+	movq	56(%rdi), %r10		# prefetch r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			# p = a[7] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 56(%rdi)		# r[7] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L27
+	jmp	.L25
+
+.L26:
+	movq	0(%rsi), %rax
+	movq	0(%rdi), %r10
+	mulq	%rcx			# p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[0]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 0(%rdi)		# r[0] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	8(%rsi), %rax
+	movq	8(%rdi), %r10
+	mulq	%rcx			# p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 8(%rdi)		# r[1] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	16(%rsi), %rax
+	movq	16(%rdi), %r10
+	mulq	%rcx			# p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 16(%rdi)		# r[2] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	24(%rsi), %rax
+	movq	24(%rdi), %r10
+	mulq	%rcx			# p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 24(%rdi)		# r[3] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	32(%rsi), %rax
+	movq	32(%rdi), %r10
+	mulq	%rcx			# p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 32(%rdi)		# r[4] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	40(%rsi), %rax
+	movq	40(%rdi), %r10
+	mulq	%rcx			# p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 40(%rdi)		# r[5] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	48(%rsi), %rax
+	movq	48(%rdi), %r10
+	mulq	%rcx			# p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		# p += r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		# p += cy
+	movq	%rax, 48(%rdi)		# r[6] = lo(p)
+	movq	%rdx, %r9		# cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+
+.L27:
+	movq	%r9, %rax
+	ret
+        
+.size s_mpv_mul_add_vec64, .-s_mpv_mul_add_vec64
+
+# Magic indicating no need for an executable stack
+.section .note.GNU-stack, "", @progbits
+.previous
diff --git a/nss/lib/freebl/mpi/mpi_amd64_masm.asm b/nss/lib/freebl/mpi/mpi_amd64_masm.asm
new file mode 100644
index 0000000..2120c18
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_amd64_masm.asm
@@ -0,0 +1,388 @@
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+;
+; This code is converted from mpi_amd64_gas.asm for MASM for x64.
+;
+
+; ------------------------------------------------------------------------
+;
+;  Implementation of s_mpv_mul_set_vec which exploits
+;  the 64X64->128 bit  unsigned multiply instruction.
+;
+; ------------------------------------------------------------------------
+
+; r = a * digit, r and a are vectors of length len
+; returns the carry digit
+; r and a are 64 bit aligned.
+;
+; uint64_t
+; s_mpv_mul_set_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+;
+
+.CODE
+
+s_mpv_mul_set_vec64 PROC
+
+        ; compatibilities for paramenter registers
+        ;
+        ; About GAS and MASM, the usage of parameter registers are different.
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+        mov edx, r8d
+        mov rcx, r9
+
+        xor rax, rax
+        test rdx, rdx
+        jz L17
+        mov r8, rdx
+        xor r9, r9
+
+L15:
+        cmp r8, 8
+        jb  L16
+        mov rax, [rsi]
+        mov r11, [8+rsi]
+        mul rcx
+        add rax, r9
+        adc rdx, 0
+        mov [0+rdi], rax
+        mov r9, rdx
+        mov rax,r11
+        mov r11, [16+rsi]
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [8+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [24+rsi]
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [16+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [32+rsi]
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [24+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [40+rsi]
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [32+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [48+rsi]
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [40+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [56+rsi]
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [48+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [56+rdi],rax
+        mov r9,rdx
+        add rsi, 64
+        add rdi, 64
+        sub r8, 8
+        jz L17
+        jmp L15
+
+L16:
+        mov rax, [0+rsi]
+        mul rcx
+        add rax, r9
+        adc rdx,0
+        mov [0+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L17
+        mov rax, [8+rsi]
+        mul rcx
+        add rax,r9
+        adc rdx,0
+        mov [8+rdi], rax
+        mov r9, rdx
+        dec r8
+        jz L17
+        mov rax, [16+rsi]
+        mul rcx
+        add rax, r9
+        adc rdx, 0
+        mov [16+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L17
+        mov rax, [24+rsi]
+        mul rcx
+        add rax, r9
+        adc rdx, 0
+        mov [24+rdi], rax
+        mov r9, rdx
+        dec r8
+        jz L17
+        mov rax, [32+rsi]
+        mul rcx
+        add rax, r9
+        adc rdx, 0
+        mov [32+rdi],rax
+        mov r9, rdx
+        dec r8
+        jz L17
+        mov rax, [40+rsi]
+        mul rcx
+        add rax, r9
+        adc rdx, 0
+        mov [40+rdi], rax
+        mov r9, rdx
+        dec r8
+        jz L17
+        mov rax, [48+rsi]
+        mul rcx
+        add rax, r9
+        adc rdx, 0
+        mov [48+rdi], rax
+        mov r9, rdx
+        dec r8
+        jz L17
+
+L17:
+        mov rax, r9
+        pop rsi
+        pop rdi
+        ret
+
+s_mpv_mul_set_vec64 ENDP
+
+
+;------------------------------------------------------------------------
+;
+; Implementation of s_mpv_mul_add_vec which exploits
+; the 64X64->128 bit  unsigned multiply instruction.
+;
+;------------------------------------------------------------------------
+
+; r += a * digit, r and a are vectors of length len
+; returns the carry digit
+; r and a are 64 bit aligned.
+;
+; uint64_t
+; s_mpv_mul_add_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+; 
+
+s_mpv_mul_add_vec64 PROC
+
+        ; compatibilities for paramenter registers
+        ;
+        ; About GAS and MASM, the usage of parameter registers are different.
+
+        push rdi
+        push rsi
+
+        mov rdi, rcx
+        mov rsi, rdx
+        mov edx, r8d
+        mov rcx, r9
+
+        xor rax, rax
+        test rdx, rdx
+        jz L27
+        mov r8, rdx
+        xor r9, r9
+
+L25:
+        cmp r8, 8
+        jb L26
+        mov rax, [0+rsi]
+        mov r10, [0+rdi]
+        mov r11, [8+rsi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        mov r10, [8+rdi]
+        add rax,r9
+        adc rdx,0
+        mov [0+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [16+rsi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        mov r10, [16+rdi]
+        add rax,r9
+        adc rdx,0
+        mov [8+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [24+rsi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        mov r10, [24+rdi]
+        add rax,r9
+        adc rdx,0
+        mov [16+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [32+rsi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        mov r10, [32+rdi]
+        add rax,r9
+        adc rdx,0
+        mov [24+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [40+rsi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        mov r10, [40+rdi]
+        add rax,r9
+        adc rdx,0
+        mov [32+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [48+rsi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        mov r10, [48+rdi]
+        add rax,r9
+        adc rdx,0
+        mov [40+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mov r11, [56+rsi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        mov r10, [56+rdi]
+        add rax,r9
+        adc rdx,0
+        mov [48+rdi],rax
+        mov r9,rdx
+        mov rax,r11
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax,r9
+        adc rdx,0
+        mov [56+rdi],rax
+        mov r9,rdx
+        add rsi,64
+        add rdi,64
+        sub r8, 8
+        jz L27
+        jmp L25
+
+L26:
+        mov rax, [0+rsi]
+        mov r10, [0+rdi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax,r9
+        adc rdx,0
+        mov [0+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L27
+        mov rax, [8+rsi]
+        mov r10, [8+rdi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax,r9
+        adc rdx,0
+        mov [8+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L27
+        mov rax, [16+rsi]
+        mov r10, [16+rdi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax,r9
+        adc rdx,0
+        mov [16+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L27
+        mov rax, [24+rsi]
+        mov r10, [24+rdi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax,r9
+        adc rdx,0
+        mov [24+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L27
+        mov rax, [32+rsi]
+        mov r10, [32+rdi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax,r9
+        adc rdx,0
+        mov [32+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L27
+        mov rax, [40+rsi]
+        mov r10, [40+rdi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax,r9
+        adc rdx,0
+        mov [40+rdi],rax
+        mov r9,rdx
+        dec r8
+        jz L27
+        mov rax, [48+rsi]
+        mov r10, [48+rdi]
+        mul rcx
+        add rax,r10
+        adc rdx,0
+        add rax, r9
+        adc rdx, 0
+        mov [48+rdi], rax
+        mov r9, rdx
+        dec r8
+        jz L27
+
+L27:
+        mov rax, r9
+
+        pop rsi
+        pop rdi
+        ret
+
+s_mpv_mul_add_vec64 ENDP
+
+END
diff --git a/nss/lib/freebl/mpi/mpi_amd64_sun.s b/nss/lib/freebl/mpi/mpi_amd64_sun.s
new file mode 100644
index 0000000..ddd5c40
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_amd64_sun.s
@@ -0,0 +1,385 @@
+/ This Source Code Form is subject to the terms of the Mozilla Public
+/ License, v. 2.0. If a copy of the MPL was not distributed with this
+/ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+/ ------------------------------------------------------------------------
+/
+/  Implementation of s_mpv_mul_set_vec which exploits
+/  the 64X64->128 bit  unsigned multiply instruction.
+/
+/ ------------------------------------------------------------------------
+
+/ r = a * digit, r and a are vectors of length len
+/ returns the carry digit
+/ r and a are 64 bit aligned.
+/
+/ uint64_t
+/ s_mpv_mul_set_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+/
+
+.text; .align 16; .globl s_mpv_mul_set_vec64; .type s_mpv_mul_set_vec64, @function; s_mpv_mul_set_vec64:
+
+	xorq	%rax, %rax		/ if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L17
+
+	movq	%rdx, %r8		/ Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		/ cy = 0
+
+.L15:
+	cmpq	$8, %r8			/ 8 - len
+	jb	.L16
+	movq	0(%rsi), %rax		/ rax = a[0]
+	movq	8(%rsi), %r11		/ prefetch a[1]
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		/ prefetch a[2]
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		/ prefetch a[3]
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		/ prefetch a[4]
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		/ prefetch a[5]
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		/ prefetch a[6]
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		/ prefetch a[7]
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			/ p = a[7] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 56(%rdi)		/ r[7] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L17
+	jmp	.L15
+
+.L16:
+	movq	0(%rsi), %rax
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	8(%rsi), %rax
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	16(%rsi), %rax
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	24(%rsi), %rax
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	32(%rsi), %rax
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	40(%rsi), %rax
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+	movq	48(%rsi), %rax
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L17
+
+
+.L17:
+	movq	%r9, %rax
+	ret
+
+.size s_mpv_mul_set_vec64, .-s_mpv_mul_set_vec64
+
+/ ------------------------------------------------------------------------
+/
+/  Implementation of s_mpv_mul_add_vec which exploits
+/  the 64X64->128 bit  unsigned multiply instruction.
+/
+/ ------------------------------------------------------------------------
+
+/ r += a * digit, r and a are vectors of length len
+/ returns the carry digit
+/ r and a are 64 bit aligned.
+/
+/ uint64_t
+/ s_mpv_mul_add_vec64(uint64_t *r, uint64_t *a, int len, uint64_t digit)
+/
+
+.text; .align 16; .globl s_mpv_mul_add_vec64; .type s_mpv_mul_add_vec64, @function; s_mpv_mul_add_vec64:
+
+	xorq	%rax, %rax		/ if (len == 0) return (0)
+	testq	%rdx, %rdx
+	jz	.L27
+
+	movq	%rdx, %r8		/ Use r8 for len; %rdx is used by mul
+	xorq	%r9, %r9		/ cy = 0
+
+.L25:
+	cmpq	$8, %r8			/ 8 - len
+	jb	.L26
+	movq	0(%rsi), %rax		/ rax = a[0]
+	movq	0(%rdi), %r10		/ r10 = r[0]
+	movq	8(%rsi), %r11		/ prefetch a[1]
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[0]
+	movq	8(%rdi), %r10		/ prefetch r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	16(%rsi), %r11		/ prefetch a[2]
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[1]
+	movq	16(%rdi), %r10		/ prefetch r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	24(%rsi), %r11		/ prefetch a[3]
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[2]
+	movq	24(%rdi), %r10		/ prefetch r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	32(%rsi), %r11		/ prefetch a[4]
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[3]
+	movq	32(%rdi), %r10		/ prefetch r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	40(%rsi), %r11		/ prefetch a[5]
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[4]
+	movq	40(%rdi), %r10		/ prefetch r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	48(%rsi), %r11		/ prefetch a[6]
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[5]
+	movq	48(%rdi), %r10		/ prefetch r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	movq	56(%rsi), %r11		/ prefetch a[7]
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[6]
+	movq	56(%rdi), %r10		/ prefetch r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	movq	%r11, %rax
+	mulq	%rcx			/ p = a[7] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[7]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 56(%rdi)		/ r[7] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+
+	addq	$64, %rsi
+	addq	$64, %rdi
+	subq	$8, %r8
+
+	jz	.L27
+	jmp	.L25
+
+.L26:
+	movq	0(%rsi), %rax
+	movq	0(%rdi), %r10
+	mulq	%rcx			/ p = a[0] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[0]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 0(%rdi)		/ r[0] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	8(%rsi), %rax
+	movq	8(%rdi), %r10
+	mulq	%rcx			/ p = a[1] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[1]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 8(%rdi)		/ r[1] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	16(%rsi), %rax
+	movq	16(%rdi), %r10
+	mulq	%rcx			/ p = a[2] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[2]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 16(%rdi)		/ r[2] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	24(%rsi), %rax
+	movq	24(%rdi), %r10
+	mulq	%rcx			/ p = a[3] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[3]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 24(%rdi)		/ r[3] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	32(%rsi), %rax
+	movq	32(%rdi), %r10
+	mulq	%rcx			/ p = a[4] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[4]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 32(%rdi)		/ r[4] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	40(%rsi), %rax
+	movq	40(%rdi), %r10
+	mulq	%rcx			/ p = a[5] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[5]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 40(%rdi)		/ r[5] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+	movq	48(%rsi), %rax
+	movq	48(%rdi), %r10
+	mulq	%rcx			/ p = a[6] * digit
+	addq	%r10, %rax
+	adcq	$0, %rdx		/ p += r[6]
+	addq	%r9, %rax
+	adcq	$0, %rdx		/ p += cy
+	movq	%rax, 48(%rdi)		/ r[6] = lo(p)
+	movq	%rdx, %r9		/ cy = hi(p)
+	decq	%r8
+	jz	.L27
+
+
+.L27:
+	movq	%r9, %rax
+	ret
+        
+.size s_mpv_mul_add_vec64, .-s_mpv_mul_add_vec64
diff --git a/nss/lib/freebl/mpi/mpi_arm.c b/nss/lib/freebl/mpi/mpi_arm.c
new file mode 100644
index 0000000..b5139f2
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_arm.c
@@ -0,0 +1,175 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This inlined version is for 32-bit ARM platform only */
+
+#if !defined(__arm__)
+#error "This is for ARM only"
+#endif
+
+/* 16-bit thumb doesn't work inlined assember version */
+#if (!defined(__thumb__) || defined(__thumb2__)) && !defined(__ARM_ARCH_3__)
+
+#include "mpi-priv.h"
+
+#ifdef MP_ASSEMBLY_MULTIPLY
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    __asm__ __volatile__(
+        "mov     r5, #0\n"
+#ifdef __thumb2__
+        "cbz     %1, 2f\n"
+#else
+        "cmp     %1, r5\n" /* r5 is 0 now */
+        "beq     2f\n"
+#endif
+
+        "1:\n"
+        "mov     r4, #0\n"
+        "ldr     r6, [%0], #4\n"
+        "umlal   r5, r4, r6, %2\n"
+        "str     r5, [%3], #4\n"
+        "mov     r5, r4\n"
+
+        "subs    %1, #1\n"
+        "bne     1b\n"
+
+        "2:\n"
+        "str     r5, [%3]\n"
+        :
+        : "r"(a), "r"(a_len), "r"(b), "r"(c)
+        : "memory", "cc", "%r4", "%r5", "%r6");
+}
+
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    __asm__ __volatile__(
+        "mov     r5, #0\n"
+#ifdef __thumb2__
+        "cbz     %1, 2f\n"
+#else
+        "cmp     %1, r5\n" /* r5 is 0 now */
+        "beq     2f\n"
+#endif
+
+        "1:\n"
+        "mov     r4, #0\n"
+        "ldr     r6, [%3]\n"
+        "adds    r5, r6\n"
+        "adc     r4, r4, #0\n"
+
+        "ldr     r6, [%0], #4\n"
+        "umlal   r5, r4, r6, %2\n"
+        "str     r5, [%3], #4\n"
+        "mov     r5, r4\n"
+
+        "subs    %1, #1\n"
+        "bne     1b\n"
+
+        "2:\n"
+        "str     r5, [%3]\n"
+        :
+        : "r"(a), "r"(a_len), "r"(b), "r"(c)
+        : "memory", "cc", "%r4", "%r5", "%r6");
+}
+
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    if (!a_len)
+        return;
+
+    __asm__ __volatile__(
+        "mov     r5, #0\n"
+
+        "1:\n"
+        "mov     r4, #0\n"
+        "ldr     r6, [%3]\n"
+        "adds    r5, r6\n"
+        "adc     r4, r4, #0\n"
+        "ldr     r6, [%0], #4\n"
+        "umlal   r5, r4, r6, %2\n"
+        "str     r5, [%3], #4\n"
+        "mov     r5, r4\n"
+
+        "subs    %1, #1\n"
+        "bne     1b\n"
+
+#ifdef __thumb2__
+        "cbz     r4, 3f\n"
+#else
+        "cmp     r4, #0\n"
+        "beq     3f\n"
+#endif
+
+        "2:\n"
+        "mov     r4, #0\n"
+        "ldr     r6, [%3]\n"
+        "adds    r5, r6\n"
+        "adc     r4, r4, #0\n"
+        "str     r5, [%3], #4\n"
+        "movs    r5, r4\n"
+        "bne     2b\n"
+
+        "3:\n"
+        :
+        : "r"(a), "r"(a_len), "r"(b), "r"(c)
+        : "memory", "cc", "%r4", "%r5", "%r6");
+}
+#endif
+
+#ifdef MP_ASSEMBLY_SQUARE
+void
+s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
+{
+    if (!a_len)
+        return;
+
+    __asm__ __volatile__(
+        "mov     r3, #0\n"
+
+        "1:\n"
+        "mov     r4, #0\n"
+        "ldr     r6, [%0], #4\n"
+        "ldr     r5, [%2]\n"
+        "adds    r3, r5\n"
+        "adc     r4, r4, #0\n"
+        "umlal   r3, r4, r6, r6\n" /* w = r3:r4 */
+        "str     r3, [%2], #4\n"
+
+        "ldr     r5, [%2]\n"
+        "adds    r3, r4, r5\n"
+        "mov     r4, #0\n"
+        "adc     r4, r4, #0\n"
+        "str     r3, [%2], #4\n"
+        "mov     r3, r4\n"
+
+        "subs    %1, #1\n"
+        "bne     1b\n"
+
+#ifdef __thumb2__
+        "cbz     r3, 3f\n"
+#else
+        "cmp     r3, #0\n"
+        "beq     3f\n"
+#endif
+
+        "2:\n"
+        "mov     r4, #0\n"
+        "ldr     r5, [%2]\n"
+        "adds    r3, r5\n"
+        "adc     r4, r4, #0\n"
+        "str     r3, [%2], #4\n"
+        "movs    r3, r4\n"
+        "bne     2b\n"
+
+        "3:"
+        :
+        : "r"(pa), "r"(a_len), "r"(ps)
+        : "memory", "cc", "%r3", "%r4", "%r5", "%r6");
+}
+#endif
+#endif
diff --git a/nss/lib/freebl/mpi/mpi_hp.c b/nss/lib/freebl/mpi/mpi_hp.c
new file mode 100644
index 0000000..0cea768
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_hp.c
@@ -0,0 +1,81 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file contains routines that perform vector multiplication.  */
+
+#include "mpi-priv.h"
+#include <unistd.h>
+
+#include <stddef.h>
+/* #include <sys/systeminfo.h> */
+#include <strings.h>
+
+extern void multacc512(
+    int length,                   /* doublewords in multiplicand vector. */
+    const mp_digit *scalaraddr,   /* Address of scalar. */
+    const mp_digit *multiplicand, /* The multiplicand vector. */
+    mp_digit *result);            /* Where to accumulate the result. */
+
+extern void maxpy_little(
+    int length,                   /* doublewords in multiplicand vector. */
+    const mp_digit *scalaraddr,   /* Address of scalar. */
+    const mp_digit *multiplicand, /* The multiplicand vector. */
+    mp_digit *result);            /* Where to accumulate the result. */
+
+extern void add_diag_little(
+    int length,           /* doublewords in input vector. */
+    const mp_digit *root, /* The vector to square. */
+    mp_digit *result);    /* Where to accumulate the result. */
+
+void
+s_mpv_sqr_add_prop(const mp_digit *pa, mp_size a_len, mp_digit *ps)
+{
+    add_diag_little(a_len, pa, ps);
+}
+
+#define MAX_STACK_DIGITS 258
+#define MULTACC512_LEN (512 / MP_DIGIT_BIT)
+#define HP_MPY_ADD_FN (a_len == MULTACC512_LEN ? multacc512 : maxpy_little)
+
+/* c = a * b */
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit x[MAX_STACK_DIGITS];
+    mp_digit *px = x;
+    size_t xSize = 0;
+
+    if (a == c) {
+        if (a_len > MAX_STACK_DIGITS) {
+            xSize = sizeof(mp_digit) * (a_len + 2);
+            px = malloc(xSize);
+            if (!px)
+                return;
+        }
+        memcpy(px, a, a_len * sizeof(*a));
+        a = px;
+    }
+    s_mp_setz(c, a_len + 1);
+    HP_MPY_ADD_FN(a_len, &b, a, c);
+    if (px != x && px) {
+        memset(px, 0, xSize);
+        free(px);
+    }
+}
+
+/* c += a * b, where a is a_len words long. */
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    c[a_len] = 0; /* so carry propagation stops here. */
+    HP_MPY_ADD_FN(a_len, &b, a, c);
+}
+
+/* c += a * b, where a is y words long. */
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b,
+                     mp_digit *c)
+{
+    HP_MPY_ADD_FN(a_len, &b, a, c);
+}
diff --git a/nss/lib/freebl/mpi/mpi_i86pc.s b/nss/lib/freebl/mpi/mpi_i86pc.s
new file mode 100644
index 0000000..f800396
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_i86pc.s
@@ -0,0 +1,313 @@
+/
+/ This Source Code Form is subject to the terms of the Mozilla Public
+/ License, v. 2.0. If a copy of the MPL was not distributed with this
+/ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+.text
+
+ /  ebp - 36:	caller's esi
+ /  ebp - 32:	caller's edi
+ /  ebp - 28:	
+ /  ebp - 24:	
+ /  ebp - 20:	
+ /  ebp - 16:	
+ /  ebp - 12:	
+ /  ebp - 8:	
+ /  ebp - 4:	
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	a	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	b	argument
+ /  ebp + 20:	c	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+.globl	s_mpv_mul_d
+.type	s_mpv_mul_d,@function
+s_mpv_mul_d:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		/ carry = 0
+    mov    12(%ebp),%ecx	/ ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     L2			/ jmp if a_len == 0
+    mov    8(%ebp),%esi		/ esi = a
+    cld
+L1:
+    lodsl			/ eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	/ edx = b
+    mull   %edx			/ edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		/ add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    %edx,%ebx		/ high half of product becomes next carry
+
+    stosl			/ [es:edi] = ax; edi += 4;
+    dec    %ecx			/ --a_len
+    jnz    L1			/ jmp if a_len != 0
+L2:
+    mov    %ebx,0(%edi)		/ *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /  ebp - 36:	caller's esi
+ /  ebp - 32:	caller's edi
+ /  ebp - 28:	
+ /  ebp - 24:	
+ /  ebp - 20:	
+ /  ebp - 16:	
+ /  ebp - 12:	
+ /  ebp - 8:	
+ /  ebp - 4:	
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	a	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	b	argument
+ /  ebp + 20:	c	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+.globl	s_mpv_mul_d_add
+.type	s_mpv_mul_d_add,@function
+s_mpv_mul_d_add:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		/ carry = 0
+    mov    12(%ebp),%ecx	/ ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     L4			/ jmp if a_len == 0
+    mov    8(%ebp),%esi		/ esi = a
+    cld
+L3:
+    lodsl			/ eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	/ edx = b
+    mull   %edx			/ edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		/ add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		/ add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		/ high half of product becomes next carry
+
+    stosl			/ [es:edi] = ax; edi += 4;
+    dec    %ecx			/ --a_len
+    jnz    L3			/ jmp if a_len != 0
+L4:
+    mov    %ebx,0(%edi)		/ *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /  ebp - 36:	caller's esi
+ /  ebp - 32:	caller's edi
+ /  ebp - 28:	
+ /  ebp - 24:	
+ /  ebp - 20:	
+ /  ebp - 16:	
+ /  ebp - 12:	
+ /  ebp - 8:	
+ /  ebp - 4:	
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	a	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	b	argument
+ /  ebp + 20:	c	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+.globl	s_mpv_mul_d_add_prop
+.type	s_mpv_mul_d_add_prop,@function
+s_mpv_mul_d_add_prop:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		/ carry = 0
+    mov    12(%ebp),%ecx	/ ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     L6			/ jmp if a_len == 0
+    cld
+    mov    8(%ebp),%esi		/ esi = a
+L5:
+    lodsl			/ eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	/ edx = b
+    mull   %edx			/ edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		/ add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		/ add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		/ high half of product becomes next carry
+
+    stosl			/ [es:edi] = ax; edi += 4;
+    dec    %ecx			/ --a_len
+    jnz    L5			/ jmp if a_len != 0
+L6:
+    cmp    $0,%ebx		/ is carry zero?
+    jz     L8
+    mov    0(%edi),%eax		/ add in current word from *c
+    add	   %ebx,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jnc    L8
+L7:
+    mov    0(%edi),%eax		/ add in current word from *c
+    adc	   $0,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jc     L7
+L8:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /  ebp - 20:	caller's esi
+ /  ebp - 16:	caller's edi
+ /  ebp - 12:	
+ /  ebp - 8:	carry
+ /  ebp - 4:	a_len	local
+ /  ebp + 0:	caller's ebp
+ /  ebp + 4:	return address
+ /  ebp + 8:	pa	argument
+ /  ebp + 12:	a_len	argument
+ /  ebp + 16:	ps	argument
+ /  ebp + 20:	
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+
+.globl	s_mpv_sqr_add_prop
+.type	s_mpv_sqr_add_prop,@function
+s_mpv_sqr_add_prop:
+     push   %ebp
+     mov    %esp,%ebp
+     sub    $12,%esp
+     push   %edi
+     push   %esi
+     push   %ebx
+     movl   $0,%ebx		/ carry = 0
+     mov    12(%ebp),%ecx	/ a_len
+     mov    16(%ebp),%edi	/ edi = ps
+     cmp    $0,%ecx
+     je     L11			/ jump if a_len == 0
+     cld
+     mov    8(%ebp),%esi	/ esi = pa
+L10:
+     lodsl			/ %eax = [ds:si]; si += 4;
+     mull   %eax
+
+     add    %ebx,%eax		/ add "carry"
+     adc    $0,%edx
+     mov    0(%edi),%ebx
+     add    %ebx,%eax		/ add low word from result
+     mov    4(%edi),%ebx
+     stosl			/ [es:di] = %eax; di += 4;
+     adc    %ebx,%edx		/ add high word from result
+     movl   $0,%ebx
+     mov    %edx,%eax
+     adc    $0,%ebx
+     stosl			/ [es:di] = %eax; di += 4;
+     dec    %ecx		/ --a_len
+     jnz    L10			/ jmp if a_len != 0
+L11:
+    cmp    $0,%ebx		/ is carry zero?
+    jz     L14
+    mov    0(%edi),%eax		/ add in current word from *c
+    add	   %ebx,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jnc    L14
+L12:
+    mov    0(%edi),%eax		/ add in current word from *c
+    adc	   $0,%eax
+    stosl			/ [es:edi] = ax; edi += 4;
+    jc     L12
+L14:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ /
+ / Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ / so its high bit is 1.   This code is from NSPR.
+ /
+ / mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ / 		          mp_digit *qp, mp_digit *rp)
+
+ /  esp +  0:   Caller's ebx
+ /  esp +  4:	return address
+ /  esp +  8:	Nhi	argument
+ /  esp + 12:	Nlo	argument
+ /  esp + 16:	divisor	argument
+ /  esp + 20:	qp	argument
+ /  esp + 24:   rp	argument
+ /  registers:
+ / 	eax:
+ /	ebx:	carry
+ /	ecx:	a_len
+ /	edx:
+ /	esi:	a ptr
+ /	edi:	c ptr
+ / 
+
+.globl	s_mpv_div_2dx1d
+.type	s_mpv_div_2dx1d,@function
+s_mpv_div_2dx1d:
+       push   %ebx
+       mov    8(%esp),%edx
+       mov    12(%esp),%eax
+       mov    16(%esp),%ebx
+       div    %ebx
+       mov    20(%esp),%ebx
+       mov    %eax,0(%ebx)
+       mov    24(%esp),%ebx
+       mov    %edx,0(%ebx)
+       xor    %eax,%eax		/ return zero
+       pop    %ebx
+       ret    
+       nop
+  
diff --git a/nss/lib/freebl/mpi/mpi_mips.s b/nss/lib/freebl/mpi/mpi_mips.s
new file mode 100644
index 0000000..455792b
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_mips.s
@@ -0,0 +1,472 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include <regdef.h>
+        .set    noreorder
+        .set    noat
+
+        .section        .text, 1, 0x00000006, 4, 4
+.text:
+        .section        .text
+
+        .ent    s_mpv_mul_d_add
+        .globl  s_mpv_mul_d_add
+
+s_mpv_mul_d_add: 
+ #/* c += a * b */
+ #void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, 
+ #			      mp_digit *c)
+ #{
+ #  mp_digit   a0, a1;	regs a4, a5
+ #  mp_digit   c0, c1;  regs a6, a7
+ #  mp_digit   cy = 0;  reg t2
+ #  mp_word    w0, w1;  regs t0, t1
+ #
+ #  if (a_len) {
+	beq	a1,zero,.L.1
+	move	t2,zero		# cy = 0
+	dsll32	a2,a2,0		# "b" is sometimes negative (?!?!)
+	dsrl32	a2,a2,0		# This clears the upper 32 bits.
+ #    a0 = a[0];
+	lwu	a4,0(a0)
+ #    w0 = ((mp_word)b * a0);
+	dmultu	a2,a4
+ #    if (--a_len) {
+	addiu	a1,a1,-1
+	beq	a1,zero,.L.2
+ #      while (a_len >= 2) {
+	sltiu	t3,a1,2
+	bne	t3,zero,.L.3
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+.L.4:
+ #	  a_len -= 2;
+        addiu	a1,a1,-2
+ #	  c0     = c[0];
+	lwu	a6,0(a3)
+ #	  w0    += cy;
+	mflo	t0
+	daddu	t0,t0,t2
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5			#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  a0     = a[2];
+	lwu	a4,8(a0)
+ #	  a     += 2;
+	addiu	a0,a0,8
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  w0     = (mp_word)b * a0;
+	dmultu	a2,a4			#
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  c     += 2;
+	addiu	a3,a3,8
+	sltiu	t3,a1,2
+	beq	t3,zero,.L.4
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+ #      }
+.L.3:
+ #      c0       = c[0];
+	lwu	a6,0(a3)
+ #      w0      += cy;
+ #      if (a_len) {
+	mflo	t0
+	beq	a1,zero,.L.5
+	daddu	t0,t0,t2
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5
+ #	  w0    += c0;
+	daddu	t0,t0,a6		#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c     += 1;
+	b	.L.6
+	addiu	a3,a3,4
+ #      } else {
+.L.5:
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  cy     = CARRYOUT(w0);
+	b	.L.6
+	dsrl32	t2,t0,0
+ #      }
+ #    } else {
+.L.2:
+ #      c0     = c[0];
+	lwu	a6,0(a3)
+ #      w0    += c0;
+	mflo	t0
+	daddu	t0,t0,a6
+ #      c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #      cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #    }
+.L.6:
+ #    c[1] = cy;
+	jr	ra
+	sw	t2,4(a3)
+ #  }
+.L.1:
+	jr	ra
+	nop
+ #}
+ #
+        .end    s_mpv_mul_d_add
+
+        .ent    s_mpv_mul_d_add_prop
+        .globl  s_mpv_mul_d_add_prop
+
+s_mpv_mul_d_add_prop: 
+ #/* c += a * b */
+ #void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, 
+ #			      mp_digit *c)
+ #{
+ #  mp_digit   a0, a1;	regs a4, a5
+ #  mp_digit   c0, c1;  regs a6, a7
+ #  mp_digit   cy = 0;  reg t2
+ #  mp_word    w0, w1;  regs t0, t1
+ #
+ #  if (a_len) {
+	beq	a1,zero,.M.1
+	move	t2,zero		# cy = 0
+	dsll32	a2,a2,0		# "b" is sometimes negative (?!?!)
+	dsrl32	a2,a2,0		# This clears the upper 32 bits.
+ #    a0 = a[0];
+	lwu	a4,0(a0)
+ #    w0 = ((mp_word)b * a0);
+	dmultu	a2,a4
+ #    if (--a_len) {
+	addiu	a1,a1,-1
+	beq	a1,zero,.M.2
+ #      while (a_len >= 2) {
+	sltiu	t3,a1,2
+	bne	t3,zero,.M.3
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+.M.4:
+ #	  a_len -= 2;
+        addiu	a1,a1,-2
+ #	  c0     = c[0];
+	lwu	a6,0(a3)
+ #	  w0    += cy;
+	mflo	t0
+	daddu	t0,t0,t2
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5			#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  a0     = a[2];
+	lwu	a4,8(a0)
+ #	  a     += 2;
+	addiu	a0,a0,8
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  w0     = (mp_word)b * a0;
+	dmultu	a2,a4			#
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  c     += 2;
+	addiu	a3,a3,8
+	sltiu	t3,a1,2
+	beq	t3,zero,.M.4
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+ #      }
+.M.3:
+ #      c0       = c[0];
+	lwu	a6,0(a3)
+ #      w0      += cy;
+ #      if (a_len) {
+	mflo	t0
+	beq	a1,zero,.M.5
+	daddu	t0,t0,t2
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5
+ #	  w0    += c0;
+	daddu	t0,t0,a6		#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  c1     = c[1];
+	lwu	a7,4(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  w1    += c1;
+	daddu	t1,t1,a7
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c     += 1;
+	b	.M.6
+	addiu	a3,a3,8
+ #      } else {
+.M.5:
+ #	  w0    += c0;
+	daddu	t0,t0,a6
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+	b	.M.6
+	addiu	a3,a3,4
+ #      }
+ #    } else {
+.M.2:
+ #      c0     = c[0];
+	lwu	a6,0(a3)
+ #      w0    += c0;
+	mflo	t0
+	daddu	t0,t0,a6
+ #      c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #      cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+	addiu	a3,a3,4
+ #    }
+.M.6:
+
+ #    while (cy) {
+	beq	t2,zero,.M.1
+	nop
+.M.7:
+ #      mp_word w = (mp_word)*c + cy;
+	lwu	a6,0(a3)
+	daddu	t2,t2,a6
+ #      *c++ = ACCUM(w);
+	sw	t2,0(a3)
+ #      cy = CARRYOUT(w);
+	dsrl32	t2,t2,0
+	bne	t2,zero,.M.7
+	addiu	a3,a3,4
+
+ #  }
+.M.1:
+	jr	ra
+	nop
+ #}
+ #
+        .end    s_mpv_mul_d_add_prop
+
+        .ent    s_mpv_mul_d
+        .globl  s_mpv_mul_d
+
+s_mpv_mul_d: 
+ #/* c = a * b */
+ #void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, 
+ #			      mp_digit *c)
+ #{
+ #  mp_digit   a0, a1;	regs a4, a5
+ #  mp_digit   cy = 0;  reg t2
+ #  mp_word    w0, w1;  regs t0, t1
+ #
+ #  if (a_len) {
+	beq	a1,zero,.N.1
+	move	t2,zero		# cy = 0
+	dsll32	a2,a2,0		# "b" is sometimes negative (?!?!)
+	dsrl32	a2,a2,0		# This clears the upper 32 bits.
+ #    a0 = a[0];
+	lwu	a4,0(a0)
+ #    w0 = ((mp_word)b * a0);
+	dmultu	a2,a4
+ #    if (--a_len) {
+	addiu	a1,a1,-1
+	beq	a1,zero,.N.2
+ #      while (a_len >= 2) {
+	sltiu	t3,a1,2
+	bne	t3,zero,.N.3
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+.N.4:
+ #	  a_len -= 2;
+        addiu	a1,a1,-2
+ #	  w0    += cy;
+	mflo	t0
+	daddu	t0,t0,t2
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5	
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  a0     = a[2];
+	lwu	a4,8(a0)
+ #	  a     += 2;
+	addiu	a0,a0,8
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  w0     = (mp_word)b * a0;
+	dmultu	a2,a4	
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  c     += 2;
+	addiu	a3,a3,8
+	sltiu	t3,a1,2
+	beq	t3,zero,.N.4
+ #	  a1     = a[1];
+	lwu	a5,4(a0)
+ #      }
+.N.3:
+ #      w0      += cy;
+ #      if (a_len) {
+	mflo	t0
+	beq	a1,zero,.N.5
+	daddu	t0,t0,t2
+ #	  w1     = (mp_word)b * a1; 
+	dmultu	a2,a5			#
+ #	  cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  w1    += cy;
+	mflo	t1
+	daddu	t1,t1,t2
+ #	  c[1]   = ACCUM(w1);
+	sw	t1,4(a3)
+ #	  cy     = CARRYOUT(w1);
+	dsrl32	t2,t1,0
+ #	  c     += 1;
+	b	.N.6
+	addiu	a3,a3,4
+ #      } else {
+.N.5:
+ #	  c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #	  cy     = CARRYOUT(w0);
+	b	.N.6
+	dsrl32	t2,t0,0
+ #      }
+ #    } else {
+.N.2:
+	mflo	t0
+ #      c[0]   = ACCUM(w0);
+	sw	t0,0(a3)
+ #      cy     = CARRYOUT(w0);
+	dsrl32	t2,t0,0
+ #    }
+.N.6:
+ #    c[1] = cy;
+	jr	ra
+	sw	t2,4(a3)
+ #  }
+.N.1:
+	jr	ra
+	nop
+ #}
+ #
+        .end    s_mpv_mul_d
+
+
+        .ent    s_mpv_sqr_add_prop
+        .globl  s_mpv_sqr_add_prop
+ #void   s_mpv_sqr_add_prop(const mp_digit *a, mp_size a_len, mp_digit *sqrs);
+ #	registers
+ #	a0		*a
+ #	a1		a_len
+ #	a2		*sqr
+ #	a3		digit from *a, a_i
+ #	a4		square of digit from a
+ #	a5,a6		next 2 digits in sqr
+ #	a7,t0		carry 
+s_mpv_sqr_add_prop:
+	move	a7,zero
+	move	t0,zero
+	lwu	a3,0(a0)
+	addiu	a1,a1,-1	# --a_len
+	dmultu	a3,a3
+	beq	a1,zero,.P.3	# jump if we've already done the only sqr
+	addiu	a0,a0,4		# ++a
+.P.2:
+        lwu	a5,0(a2)
+        lwu	a6,4(a2)
+	addiu	a2,a2,8		# sqrs += 2;
+	dsll32	a6,a6,0
+	daddu	a5,a5,a6
+	lwu	a3,0(a0)
+	addiu	a0,a0,4		# ++a
+	mflo	a4
+	daddu	a6,a5,a4
+	sltu	a7,a6,a5	# a7 = a6 < a5	detect overflow
+	dmultu	a3,a3
+	daddu	a4,a6,t0
+	sltu	t0,a4,a6
+	add	t0,t0,a7
+	sw	a4,-8(a2)
+	addiu	a1,a1,-1	# --a_len
+	dsrl32	a4,a4,0
+	bne	a1,zero,.P.2	# loop if a_len > 0
+	sw	a4,-4(a2)
+.P.3:
+        lwu	a5,0(a2)
+        lwu	a6,4(a2)
+	addiu	a2,a2,8		# sqrs += 2;
+	dsll32	a6,a6,0
+	daddu	a5,a5,a6
+	mflo	a4
+	daddu	a6,a5,a4
+	sltu	a7,a6,a5	# a7 = a6 < a5	detect overflow
+	daddu	a4,a6,t0
+	sltu	t0,a4,a6
+	add	t0,t0,a7
+	sw	a4,-8(a2)
+	beq	t0,zero,.P.9	# jump if no carry
+	dsrl32	a4,a4,0
+.P.8:
+	sw	a4,-4(a2)
+	/* propagate final carry */
+	lwu	a5,0(a2)
+	daddu	a6,a5,t0
+	sltu	t0,a6,a5
+	bne	t0,zero,.P.8	# loop if carry persists
+	addiu	a2,a2,4		# sqrs++
+.P.9:
+	jr	ra
+	sw	a4,-4(a2)
+
+        .end    s_mpv_sqr_add_prop
diff --git a/nss/lib/freebl/mpi/mpi_sparc.c b/nss/lib/freebl/mpi/mpi_sparc.c
new file mode 100644
index 0000000..1e88357
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_sparc.c
@@ -0,0 +1,226 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Multiplication performance enhancements for sparc v8+vis CPUs. */
+
+#include "mpi-priv.h"
+#include <stddef.h>
+#include <sys/systeminfo.h>
+#include <strings.h>
+
+/* In the functions below, */
+/* vector y must be 8-byte aligned, and n must be even */
+/* returns carry out of high order word of result */
+/* maximum n is 256 */
+
+/* vector x += vector y * scaler a; where y is of length n words. */
+extern mp_digit mul_add_inp(mp_digit *x, const mp_digit *y, int n, mp_digit a);
+
+/* vector z = vector x + vector y * scaler a; where y is of length n words. */
+extern mp_digit mul_add(mp_digit *z, const mp_digit *x, const mp_digit *y,
+                        int n, mp_digit a);
+
+/* v8 versions of these functions run on any Sparc v8 CPU. */
+
+/* This trick works on Sparc V8 CPUs with the Workshop compilers. */
+#define MP_MUL_DxD(a, b, Phi, Plo)                              \
+    {                                                           \
+        unsigned long long product = (unsigned long long)a * b; \
+        Plo = (mp_digit)product;                                \
+        Phi = (mp_digit)(product >> MP_DIGIT_BIT);              \
+    }
+
+/* c = a * b */
+static void
+v8_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD)
+    mp_digit d = 0;
+
+    /* Inner product:  Digits of a */
+    while (a_len--) {
+        mp_word w = ((mp_word)b * *a++) + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+    *c = d;
+#else
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *a++;
+        mp_digit a0b0, a1b1;
+
+        MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+        a0b0 += carry;
+        if (a0b0 < carry)
+            ++a1b1;
+        *c++ = a0b0;
+        carry = a1b1;
+    }
+    *c = carry;
+#endif
+}
+
+/* c += a * b */
+static void
+v8_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD)
+    mp_digit d = 0;
+
+    /* Inner product:  Digits of a */
+    while (a_len--) {
+        mp_word w = ((mp_word)b * *a++) + *c + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+    *c = d;
+#else
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *a++;
+        mp_digit a0b0, a1b1;
+
+        MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+        a0b0 += carry;
+        if (a0b0 < carry)
+            ++a1b1;
+        a0b0 += a_i = *c;
+        if (a0b0 < a_i)
+            ++a1b1;
+        *c++ = a0b0;
+        carry = a1b1;
+    }
+    *c = carry;
+#endif
+}
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+static void
+v8_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+#if !defined(MP_NO_MP_WORD)
+    mp_digit d = 0;
+
+    /* Inner product:  Digits of a */
+    while (a_len--) {
+        mp_word w = ((mp_word)b * *a++) + *c + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+
+    while (d) {
+        mp_word w = (mp_word)*c + d;
+        *c++ = ACCUM(w);
+        d = CARRYOUT(w);
+    }
+#else
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *a++;
+        mp_digit a0b0, a1b1;
+
+        MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+        a0b0 += carry;
+        if (a0b0 < carry)
+            ++a1b1;
+
+        a0b0 += a_i = *c;
+        if (a0b0 < a_i)
+            ++a1b1;
+
+        *c++ = a0b0;
+        carry = a1b1;
+    }
+    while (carry) {
+        mp_digit c_i = *c;
+        carry += c_i;
+        *c++ = carry;
+        carry = carry < c_i;
+    }
+#endif
+}
+
+/* These functions run only on v8plus+vis or v9+vis CPUs. */
+
+/* c = a * b */
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit d;
+    mp_digit x[258];
+    if (a_len <= 256) {
+        if (a == c || ((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+            mp_digit *px;
+            px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+            memcpy(px, a, a_len * sizeof(*a));
+            a = px;
+            if (a_len & 1) {
+                px[a_len] = 0;
+            }
+        }
+        s_mp_setz(c, a_len + 1);
+        d = mul_add_inp(c, a, a_len, b);
+        c[a_len] = d;
+    } else {
+        v8_mpv_mul_d(a, a_len, b, c);
+    }
+}
+
+/* c += a * b, where a is a_len words long. */
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit d;
+    mp_digit x[258];
+    if (a_len <= 256) {
+        if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+            mp_digit *px;
+            px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+            memcpy(px, a, a_len * sizeof(*a));
+            a = px;
+            if (a_len & 1) {
+                px[a_len] = 0;
+            }
+        }
+        d = mul_add_inp(c, a, a_len, b);
+        c[a_len] = d;
+    } else {
+        v8_mpv_mul_d_add(a, a_len, b, c);
+    }
+}
+
+/* c += a * b, where a is y words long. */
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    mp_digit d;
+    mp_digit x[258];
+    if (a_len <= 256) {
+        if (((ptrdiff_t)a & 0x7) != 0 || (a_len & 1) != 0) {
+            mp_digit *px;
+            px = (((ptrdiff_t)x & 0x7) != 0) ? x + 1 : x;
+            memcpy(px, a, a_len * sizeof(*a));
+            a = px;
+            if (a_len & 1) {
+                px[a_len] = 0;
+            }
+        }
+        d = mul_add_inp(c, a, a_len, b);
+        if (d) {
+            c += a_len;
+            do {
+                mp_digit sum = d + *c;
+                *c++ = sum;
+                d = sum < d;
+            } while (d);
+        }
+    } else {
+        v8_mpv_mul_d_add_prop(a, a_len, b, c);
+    }
+}
diff --git a/nss/lib/freebl/mpi/mpi_sse2.s b/nss/lib/freebl/mpi/mpi_sse2.s
new file mode 100644
index 0000000..16a4701
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_sse2.s
@@ -0,0 +1,294 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#ifdef DARWIN
+#define s_mpv_mul_d          _s_mpv_mul_d
+#define s_mpv_mul_d_add      _s_mpv_mul_d_add
+#define s_mpv_mul_d_add_prop _s_mpv_mul_d_add_prop
+#define s_mpv_sqr_add_prop   _s_mpv_sqr_add_prop
+#define s_mpv_div_2dx1d      _s_mpv_div_2dx1d
+#define TYPE_FUNCTION(x)
+#else
+#define TYPE_FUNCTION(x) .type x, @function
+#endif
+
+.text
+
+ #  ebp - 8:    caller's esi
+ #  ebp - 4:    caller's edi
+ #  ebp + 0:    caller's ebp
+ #  ebp + 4:    return address
+ #  ebp + 8:    a       argument
+ #  ebp + 12:   a_len   argument
+ #  ebp + 16:   b       argument
+ #  ebp + 20:   c       argument
+ #  registers:
+ #      ebx:
+ #      ecx:    a_len
+ #      esi:    a ptr
+ #      edi:    c ptr
+.globl s_mpv_mul_d
+.private_extern s_mpv_mul_d
+TYPE_FUNCTION(s_mpv_mul_d)
+s_mpv_mul_d:
+    push   %ebp
+    mov    %esp, %ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2, %mm2           # carry = 0
+    mov    12(%ebp), %ecx       # ecx = a_len
+    movd   16(%ebp), %mm1       # mm1 = b
+    mov    20(%ebp), %edi
+    cmp    $0, %ecx
+    je     2f                   # jmp if a_len == 0
+    mov    8(%ebp), %esi        # esi = a
+    cld
+1:
+    movd   0(%esi), %mm0        # mm0 = *a++
+    add    $4, %esi
+    pmuludq %mm1, %mm0          # mm0 = b * *a++
+    paddq  %mm0, %mm2           # add the carry
+    movd   %mm2, 0(%edi)        # store the 32bit result
+    add    $4, %edi
+    psrlq  $32, %mm2            # save the carry
+    dec    %ecx                 # --a_len
+    jnz    1b                   # jmp if a_len != 0
+2:
+    movd   %mm2, 0(%edi)        # *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 8:    caller's esi
+ #  ebp - 4:    caller's edi
+ #  ebp + 0:    caller's ebp
+ #  ebp + 4:    return address
+ #  ebp + 8:    a       argument
+ #  ebp + 12:   a_len   argument
+ #  ebp + 16:   b       argument
+ #  ebp + 20:   c       argument
+ #  registers:
+ #      ebx:
+ #      ecx:    a_len
+ #      esi:    a ptr
+ #      edi:    c ptr
+.globl s_mpv_mul_d_add
+.private_extern s_mpv_mul_d_add
+TYPE_FUNCTION(s_mpv_mul_d_add)
+s_mpv_mul_d_add:
+    push   %ebp
+    mov    %esp, %ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2, %mm2           # carry = 0
+    mov    12(%ebp), %ecx       # ecx = a_len
+    movd   16(%ebp), %mm1       # mm1 = b
+    mov    20(%ebp), %edi
+    cmp    $0, %ecx
+    je     2f                   # jmp if a_len == 0
+    mov    8(%ebp), %esi        # esi = a
+    cld
+1:
+    movd   0(%esi), %mm0        # mm0 = *a++
+    add    $4, %esi
+    pmuludq %mm1, %mm0          # mm0 = b * *a++
+    paddq  %mm0, %mm2           # add the carry
+    movd   0(%edi), %mm0
+    paddq  %mm0, %mm2           # add the carry
+    movd   %mm2, 0(%edi)        # store the 32bit result
+    add    $4, %edi
+    psrlq  $32, %mm2            # save the carry
+    dec    %ecx                 # --a_len
+    jnz    1b                   # jmp if a_len != 0
+2:
+    movd   %mm2, 0(%edi)        # *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 12:   caller's ebx
+ #  ebp - 8:    caller's esi
+ #  ebp - 4:    caller's edi
+ #  ebp + 0:    caller's ebp
+ #  ebp + 4:    return address
+ #  ebp + 8:    a       argument
+ #  ebp + 12:   a_len   argument
+ #  ebp + 16:   b       argument
+ #  ebp + 20:   c       argument
+ #  registers:
+ #      eax:
+ #      ebx:    carry
+ #      ecx:    a_len
+ #      esi:    a ptr
+ #      edi:    c ptr
+.globl s_mpv_mul_d_add_prop
+.private_extern s_mpv_mul_d_add_prop
+TYPE_FUNCTION(s_mpv_mul_d_add_prop)
+s_mpv_mul_d_add_prop:
+    push   %ebp
+    mov    %esp, %ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2, %mm2           # carry = 0
+    mov    12(%ebp), %ecx       # ecx = a_len
+    movd   16(%ebp), %mm1       # mm1 = b
+    mov    20(%ebp), %edi
+    cmp    $0, %ecx
+    je     2f                   # jmp if a_len == 0
+    mov    8(%ebp), %esi        # esi = a
+    cld
+1:
+    movd   0(%esi), %mm0        # mm0 = *a++
+    movd   0(%edi), %mm3        # fetch the sum
+    add    $4, %esi
+    pmuludq %mm1, %mm0          # mm0 = b * *a++
+    paddq  %mm0, %mm2           # add the carry
+    paddq  %mm3, %mm2           # add *c++
+    movd   %mm2, 0(%edi)        # store the 32bit result
+    add    $4, %edi
+    psrlq  $32, %mm2            # save the carry
+    dec    %ecx                 # --a_len
+    jnz    1b                   # jmp if a_len != 0
+2:
+    movd   %mm2, %ebx
+    cmp    $0, %ebx             # is carry zero?
+    jz     4f
+    mov    0(%edi), %eax
+    add    %ebx, %eax
+    stosl
+    jnc    4f
+3:
+    mov    0(%edi), %eax        # add in current word from *c
+    adc    $0, %eax
+    stosl                       # [es:edi] = ax; edi += 4;
+    jc     3b
+4:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 12:   caller's ebx
+ #  ebp - 8:    caller's esi
+ #  ebp - 4:    caller's edi
+ #  ebp + 0:    caller's ebp
+ #  ebp + 4:    return address
+ #  ebp + 8:    pa      argument
+ #  ebp + 12:   a_len   argument
+ #  ebp + 16:   ps      argument
+ #  registers:
+ #      eax:
+ #      ebx:    carry
+ #      ecx:    a_len
+ #      esi:    a ptr
+ #      edi:    c ptr
+.globl s_mpv_sqr_add_prop
+.private_extern s_mpv_sqr_add_prop
+TYPE_FUNCTION(s_mpv_sqr_add_prop)
+s_mpv_sqr_add_prop:
+    push   %ebp
+    mov    %esp, %ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2, %mm2           # carry = 0
+    mov    12(%ebp), %ecx       # ecx = a_len
+    mov    16(%ebp), %edi
+    cmp    $0, %ecx
+    je     2f                   # jmp if a_len == 0
+    mov    8(%ebp), %esi        # esi = a
+    cld
+1:
+    movd   0(%esi), %mm0        # mm0 = *a
+    movd   0(%edi), %mm3        # fetch the sum
+    add    $4, %esi
+    pmuludq %mm0, %mm0          # mm0 = sqr(a)
+    paddq  %mm0, %mm2           # add the carry
+    paddq  %mm3, %mm2           # add the low word
+    movd   4(%edi), %mm3
+    movd   %mm2, 0(%edi)        # store the 32bit result
+    psrlq  $32, %mm2
+    paddq  %mm3, %mm2           # add the high word
+    movd   %mm2, 4(%edi)        # store the 32bit result
+    psrlq  $32, %mm2            # save the carry.
+    add    $8, %edi
+    dec    %ecx                 # --a_len
+    jnz    1b                   # jmp if a_len != 0
+2:
+    movd   %mm2, %ebx
+    cmp    $0, %ebx             # is carry zero?
+    jz     4f
+    mov    0(%edi), %eax
+    add    %ebx, %eax
+    stosl
+    jnc    4f
+3:
+    mov    0(%edi), %eax        # add in current word from *c
+    adc    $0, %eax
+    stosl                       #  [es:edi] = ax; edi += 4;
+    jc     3b
+4:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #
+ # Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ # so its high bit is 1.   This code is from NSPR.
+ #
+ # mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ #                        mp_digit *qp, mp_digit *rp)
+
+ #  esp +  0:   Caller's ebx
+ #  esp +  4:   return address
+ #  esp +  8:   Nhi     argument
+ #  esp + 12:   Nlo     argument
+ #  esp + 16:   divisor argument
+ #  esp + 20:   qp      argument
+ #  esp + 24:   rp      argument
+ #  registers:
+ #      eax:
+ #      ebx:    carry
+ #      ecx:    a_len
+ #      edx:
+ #      esi:    a ptr
+ #      edi:    c ptr
+ # 
+.globl s_mpv_div_2dx1d
+.private_extern s_mpv_div_2dx1d
+TYPE_FUNCTION(s_mpv_div_2dx1d)
+s_mpv_div_2dx1d:
+       push   %ebx
+       mov    8(%esp), %edx
+       mov    12(%esp), %eax
+       mov    16(%esp), %ebx
+       div    %ebx
+       mov    20(%esp), %ebx
+       mov    %eax, 0(%ebx)
+       mov    24(%esp), %ebx
+       mov    %edx, 0(%ebx)
+       xor    %eax, %eax        # return zero
+       pop    %ebx
+       ret    
+       nop
+
+#ifndef DARWIN
+ # Magic indicating no need for an executable stack
+.section .note.GNU-stack, "", @progbits
+.previous
+#endif
diff --git a/nss/lib/freebl/mpi/mpi_x86.s b/nss/lib/freebl/mpi/mpi_x86.s
new file mode 100644
index 0000000..8f7e213
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_x86.s
@@ -0,0 +1,541 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+.data
+.align 4
+ #
+ # -1 means to call s_mpi_is_sse to determine if we support sse 
+ #    instructions.
+ #  0 means to use x86 instructions
+ #  1 means to use sse2 instructions
+.type	is_sse,@object
+.size	is_sse,4
+is_sse: .long	-1 
+
+#
+# sigh, handle the difference between -fPIC and not PIC
+# default to pic, since this file seems to be exclusively
+# linux right now (solaris uses mpi_i86pc.s and windows uses
+# mpi_x86_asm.c)
+#
+.ifndef NO_PIC
+.macro GET   var,reg
+    movl   \var@GOTOFF(%ebx),\reg
+.endm
+.macro PUT   reg,var
+    movl   \reg,\var@GOTOFF(%ebx)
+.endm
+.else
+.macro GET   var,reg
+    movl   \var,\reg
+.endm
+.macro PUT   reg,var
+    movl   \reg,\var
+.endm
+.endif
+
+.text
+
+
+ #  ebp - 36:	caller's esi
+ #  ebp - 32:	caller's edi
+ #  ebp - 28:	
+ #  ebp - 24:	
+ #  ebp - 20:	
+ #  ebp - 16:	
+ #  ebp - 12:	
+ #  ebp - 8:	
+ #  ebp - 4:	
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	s_mpv_mul_d
+.type	s_mpv_mul_d,@function
+s_mpv_mul_d:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     s_mpv_mul_d_x86
+    jg     s_mpv_mul_d_sse2
+    call   s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     s_mpv_mul_d_sse2
+s_mpv_mul_d_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     2f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+1:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    1b			# jmp if a_len != 0
+2:
+    mov    %ebx,0(%edi)		# *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_mul_d_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     6f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+5:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    5b			# jmp if a_len != 0
+6:
+    movd   %mm2,0(%edi)		# *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 36:	caller's esi
+ #  ebp - 32:	caller's edi
+ #  ebp - 28:	
+ #  ebp - 24:	
+ #  ebp - 20:	
+ #  ebp - 16:	
+ #  ebp - 12:	
+ #  ebp - 8:	
+ #  ebp - 4:	
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	s_mpv_mul_d_add
+.type	s_mpv_mul_d_add,@function
+s_mpv_mul_d_add:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     s_mpv_mul_d_add_x86
+    jg     s_mpv_mul_d_add_sse2
+    call   s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     s_mpv_mul_d_add_sse2
+s_mpv_mul_d_add_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     11f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+10:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		# add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    10b			# jmp if a_len != 0
+11:
+    mov    %ebx,0(%edi)		# *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_mul_d_add_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     16f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+15:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    movd   0(%edi),%mm0
+    paddq  %mm0,%mm2            # add the carry
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    15b			# jmp if a_len != 0
+16:
+    movd   %mm2,0(%edi)		# *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 8:	caller's esi
+ #  ebp - 4:	caller's edi
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	s_mpv_mul_d_add_prop
+.type	s_mpv_mul_d_add_prop,@function
+s_mpv_mul_d_add_prop:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     s_mpv_mul_d_add_prop_x86
+    jg     s_mpv_mul_d_add_prop_sse2
+    call   s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     s_mpv_mul_d_add_prop_sse2
+s_mpv_mul_d_add_prop_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     21f			# jmp if a_len == 0
+    cld
+    mov    8(%ebp),%esi		# esi = a
+20:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		# add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    20b			# jmp if a_len != 0
+21:
+    cmp    $0,%ebx		# is carry zero?
+    jz     23f
+    mov    0(%edi),%eax		# add in current word from *c
+    add	   %ebx,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jnc    23f
+22:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     22b
+23:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_mul_d_add_prop_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     26f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+25:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    movd   0(%edi),%mm3		# fetch the sum
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    paddq  %mm3,%mm2            # add *c++
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    25b			# jmp if a_len != 0
+26:
+    movd   %mm2,%ebx
+    cmp    $0,%ebx		# is carry zero?
+    jz     28f
+    mov    0(%edi),%eax
+    add    %ebx, %eax
+    stosl
+    jnc    28f
+27:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     27b
+28:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+
+ #  ebp - 20:	caller's esi
+ #  ebp - 16:	caller's edi
+ #  ebp - 12:	
+ #  ebp - 8:	carry
+ #  ebp - 4:	a_len	local
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	pa	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	ps	argument
+ #  ebp + 20:	
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+
+.globl	s_mpv_sqr_add_prop
+.type	s_mpv_sqr_add_prop,@function
+s_mpv_sqr_add_prop:
+     GET   is_sse,%eax
+     cmp    $0,%eax
+     je     s_mpv_sqr_add_prop_x86
+     jg     s_mpv_sqr_add_prop_sse2
+     call   s_mpi_is_sse2
+     PUT    %eax,is_sse
+     cmp    $0,%eax
+     jg     s_mpv_sqr_add_prop_sse2
+s_mpv_sqr_add_prop_x86:
+     push   %ebp
+     mov    %esp,%ebp
+     sub    $12,%esp
+     push   %edi
+     push   %esi
+     push   %ebx
+     movl   $0,%ebx		# carry = 0
+     mov    12(%ebp),%ecx	# a_len
+     mov    16(%ebp),%edi	# edi = ps
+     cmp    $0,%ecx
+     je     31f			# jump if a_len == 0
+     cld
+     mov    8(%ebp),%esi	# esi = pa
+30:
+     lodsl			# %eax = [ds:si]; si += 4;
+     mull   %eax
+
+     add    %ebx,%eax		# add "carry"
+     adc    $0,%edx
+     mov    0(%edi),%ebx
+     add    %ebx,%eax		# add low word from result
+     mov    4(%edi),%ebx
+     stosl			# [es:di] = %eax; di += 4;
+     adc    %ebx,%edx		# add high word from result
+     movl   $0,%ebx
+     mov    %edx,%eax
+     adc    $0,%ebx
+     stosl			# [es:di] = %eax; di += 4;
+     dec    %ecx		# --a_len
+     jnz    30b			# jmp if a_len != 0
+31:
+    cmp    $0,%ebx		# is carry zero?
+    jz     34f
+    mov    0(%edi),%eax		# add in current word from *c
+    add	   %ebx,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jnc    34f
+32:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     32b
+34:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+s_mpv_sqr_add_prop_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    16(%ebp),%edi
+    cmp    $0,%ecx
+    je     36f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+35:
+    movd   0(%esi),%mm0        # mm0 = *a
+    movd   0(%edi),%mm3	       # fetch the sum
+    add	   $4,%esi
+    pmuludq %mm0,%mm0          # mm0 = sqr(a)
+    paddq  %mm0,%mm2           # add the carry
+    paddq  %mm3,%mm2           # add the low word
+    movd   4(%edi),%mm3
+    movd   %mm2,0(%edi)        # store the 32bit result
+    psrlq  $32, %mm2	
+    paddq  %mm3,%mm2           # add the high word
+    movd   %mm2,4(%edi)        # store the 32bit result
+    psrlq  $32, %mm2	       # save the carry.
+    add    $8,%edi
+    dec    %ecx			# --a_len
+    jnz    35b			# jmp if a_len != 0
+36:
+    movd   %mm2,%ebx
+    cmp    $0,%ebx		# is carry zero?
+    jz     38f
+    mov    0(%edi),%eax
+    add    %ebx, %eax
+    stosl
+    jnc    38f
+37:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     37b
+38:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #
+ # Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ # so its high bit is 1.   This code is from NSPR.
+ #
+ # mp_err s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ # 		          mp_digit *qp, mp_digit *rp)
+
+ #  esp +  0:   Caller's ebx
+ #  esp +  4:	return address
+ #  esp +  8:	Nhi	argument
+ #  esp + 12:	Nlo	argument
+ #  esp + 16:	divisor	argument
+ #  esp + 20:	qp	argument
+ #  esp + 24:   rp	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+ # 
+
+.globl	s_mpv_div_2dx1d
+.type	s_mpv_div_2dx1d,@function
+s_mpv_div_2dx1d:
+       push   %ebx
+       mov    8(%esp),%edx
+       mov    12(%esp),%eax
+       mov    16(%esp),%ebx
+       div    %ebx
+       mov    20(%esp),%ebx
+       mov    %eax,0(%ebx)
+       mov    24(%esp),%ebx
+       mov    %edx,0(%ebx)
+       xor    %eax,%eax		# return zero
+       pop    %ebx
+       ret    
+       nop
+  
+ # Magic indicating no need for an executable stack
+.section .note.GNU-stack, "", @progbits
+.previous
diff --git a/nss/lib/freebl/mpi/mpi_x86_asm.c b/nss/lib/freebl/mpi/mpi_x86_asm.c
new file mode 100644
index 0000000..4faeef3
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_x86_asm.c
@@ -0,0 +1,531 @@
+/*
+ *  mpi_x86_asm.c - MSVC inline assembly implementation of s_mpv_ functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi-priv.h"
+
+static int is_sse = -1;
+extern unsigned long s_mpi_is_sse2();
+
+/*
+ *   ebp - 36:  caller's esi
+ *   ebp - 32:  caller's edi
+ *   ebp - 28:
+ *   ebp - 24:
+ *   ebp - 20:
+ *   ebp - 16:
+ *   ebp - 12:
+ *   ebp - 8:
+ *   ebp - 4:
+ *   ebp + 0:   caller's ebp
+ *   ebp + 4:   return address
+ *   ebp + 8:   a   argument
+ *   ebp + 12:  a_len   argument
+ *   ebp + 16:  b   argument
+ *   ebp + 20:  c   argument
+ *   registers:
+ *      eax:
+ *  ebx:    carry
+ *  ecx:    a_len
+ *  edx:
+ *  esi:    a ptr
+ *  edi:    c ptr
+ */
+__declspec(naked) void s_mpv_mul_d(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    __asm {
+    mov    eax, is_sse
+    cmp    eax, 0
+    je     s_mpv_mul_d_x86
+    jg     s_mpv_mul_d_sse2
+    call   s_mpi_is_sse2
+    mov    is_sse, eax
+    cmp    eax, 0
+    jg     s_mpv_mul_d_sse2
+s_mpv_mul_d_x86:
+    push   ebp
+    mov    ebp,esp
+    sub    esp,28
+    push   edi
+    push   esi
+    push   ebx
+    mov    ebx,0        ; carry = 0
+    mov    ecx,[ebp+12]     ; ecx = a_len
+    mov    edi,[ebp+20]
+    cmp    ecx,0
+    je     L_2          ; jmp if a_len == 0
+    mov    esi,[ebp+8]      ; esi = a
+    cld
+L_1:
+    lodsd           ; eax = [ds:esi]; esi += 4
+    mov    edx,[ebp+16]     ; edx = b
+    mul    edx          ; edx:eax = Phi:Plo = a_i * b
+
+    add    eax,ebx      ; add carry (ebx) to edx:eax
+    adc    edx,0
+    mov    ebx,edx      ; high half of product becomes next carry
+
+    stosd           ; [es:edi] = ax; edi += 4;
+    dec    ecx          ; --a_len
+    jnz    L_1          ; jmp if a_len != 0
+L_2:
+    mov    [edi],ebx        ; *c = carry
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+s_mpv_mul_d_sse2:
+    push   ebp
+    mov    ebp, esp
+    push   edi
+    push   esi
+    psubq  mm2, mm2     ; carry = 0
+    mov    ecx, [ebp+12]    ; ecx = a_len
+    movd   mm1, [ebp+16]    ; mm1 = b
+    mov    edi, [ebp+20]
+    cmp    ecx, 0
+    je     L_6          ; jmp if a_len == 0
+    mov    esi, [ebp+8]     ; esi = a
+    cld
+L_5:
+    movd   mm0, [esi]       ; mm0 = *a++
+    add    esi, 4
+    pmuludq mm0, mm1        ; mm0 = b * *a++
+    paddq  mm2, mm0     ; add the carry
+    movd   [edi], mm2       ; store the 32bit result
+    add    edi, 4
+    psrlq  mm2, 32      ; save the carry
+    dec    ecx          ; --a_len
+    jnz    L_5          ; jmp if a_len != 0
+L_6:
+    movd   [edi], mm2       ; *c = carry
+    emms
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+    }
+}
+
+/*
+ *   ebp - 36:  caller's esi
+ *   ebp - 32:  caller's edi
+ *   ebp - 28:
+ *   ebp - 24:
+ *   ebp - 20:
+ *   ebp - 16:
+ *   ebp - 12:
+ *   ebp - 8:
+ *   ebp - 4:
+ *   ebp + 0:   caller's ebp
+ *   ebp + 4:   return address
+ *   ebp + 8:   a   argument
+ *   ebp + 12:  a_len   argument
+ *   ebp + 16:  b   argument
+ *   ebp + 20:  c   argument
+ *   registers:
+ *      eax:
+ *  ebx:    carry
+ *  ecx:    a_len
+ *  edx:
+ *  esi:    a ptr
+ *  edi:    c ptr
+ */
+__declspec(naked) void s_mpv_mul_d_add(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    __asm {
+    mov    eax, is_sse
+    cmp    eax, 0
+    je     s_mpv_mul_d_add_x86
+    jg     s_mpv_mul_d_add_sse2
+    call   s_mpi_is_sse2
+    mov    is_sse, eax
+    cmp    eax, 0
+    jg     s_mpv_mul_d_add_sse2
+s_mpv_mul_d_add_x86:
+    push   ebp
+    mov    ebp,esp
+    sub    esp,28
+    push   edi
+    push   esi
+    push   ebx
+    mov    ebx,0        ; carry = 0
+    mov    ecx,[ebp+12]     ; ecx = a_len
+    mov    edi,[ebp+20]
+    cmp    ecx,0
+    je     L_11         ; jmp if a_len == 0
+    mov    esi,[ebp+8]      ; esi = a
+    cld
+L_10:
+    lodsd           ; eax = [ds:esi]; esi += 4
+    mov    edx,[ebp+16]     ; edx = b
+    mul    edx          ; edx:eax = Phi:Plo = a_i * b
+
+    add    eax,ebx      ; add carry (ebx) to edx:eax
+    adc    edx,0
+    mov    ebx,[edi]        ; add in current word from *c
+    add    eax,ebx
+    adc    edx,0
+    mov    ebx,edx      ; high half of product becomes next carry
+
+    stosd           ; [es:edi] = ax; edi += 4;
+    dec    ecx          ; --a_len
+    jnz    L_10         ; jmp if a_len != 0
+L_11:
+    mov    [edi],ebx        ; *c = carry
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+s_mpv_mul_d_add_sse2:
+    push   ebp
+    mov    ebp, esp
+    push   edi
+    push   esi
+    psubq  mm2, mm2     ; carry = 0
+    mov    ecx, [ebp+12]    ; ecx = a_len
+    movd   mm1, [ebp+16]    ; mm1 = b
+    mov    edi, [ebp+20]
+    cmp    ecx, 0
+    je     L_16         ; jmp if a_len == 0
+    mov    esi, [ebp+8]     ; esi = a
+    cld
+L_15:
+    movd   mm0, [esi]       ; mm0 = *a++
+    add    esi, 4
+    pmuludq mm0, mm1        ; mm0 = b * *a++
+    paddq  mm2, mm0     ; add the carry
+    movd   mm0, [edi]
+    paddq  mm2, mm0     ; add the carry
+    movd   [edi], mm2       ; store the 32bit result
+    add    edi, 4
+    psrlq  mm2, 32      ; save the carry
+    dec    ecx          ; --a_len
+    jnz    L_15         ; jmp if a_len != 0
+L_16:
+    movd   [edi], mm2       ; *c = carry
+    emms
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+    }
+}
+
+/*
+ *   ebp - 36:  caller's esi
+ *   ebp - 32:  caller's edi
+ *   ebp - 28:
+ *   ebp - 24:
+ *   ebp - 20:
+ *   ebp - 16:
+ *   ebp - 12:
+ *   ebp - 8:
+ *   ebp - 4:
+ *   ebp + 0:   caller's ebp
+ *   ebp + 4:   return address
+ *   ebp + 8:   a   argument
+ *   ebp + 12:  a_len   argument
+ *   ebp + 16:  b   argument
+ *   ebp + 20:  c   argument
+ *   registers:
+ *      eax:
+ *  ebx:    carry
+ *  ecx:    a_len
+ *  edx:
+ *  esi:    a ptr
+ *  edi:    c ptr
+ */
+__declspec(naked) void s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len, mp_digit b, mp_digit *c)
+{
+    __asm {
+    mov    eax, is_sse
+    cmp    eax, 0
+    je     s_mpv_mul_d_add_prop_x86
+    jg     s_mpv_mul_d_add_prop_sse2
+    call   s_mpi_is_sse2
+    mov    is_sse, eax
+    cmp    eax, 0
+    jg     s_mpv_mul_d_add_prop_sse2
+s_mpv_mul_d_add_prop_x86:
+    push   ebp
+    mov    ebp,esp
+    sub    esp,28
+    push   edi
+    push   esi
+    push   ebx
+    mov    ebx,0        ; carry = 0
+    mov    ecx,[ebp+12]     ; ecx = a_len
+    mov    edi,[ebp+20]
+    cmp    ecx,0
+    je     L_21         ; jmp if a_len == 0
+    cld
+    mov    esi,[ebp+8]      ; esi = a
+L_20:
+    lodsd           ; eax = [ds:esi]; esi += 4
+    mov    edx,[ebp+16]     ; edx = b
+    mul    edx          ; edx:eax = Phi:Plo = a_i * b
+
+    add    eax,ebx      ; add carry (ebx) to edx:eax
+    adc    edx,0
+    mov    ebx,[edi]        ; add in current word from *c
+    add    eax,ebx
+    adc    edx,0
+    mov    ebx,edx      ; high half of product becomes next carry
+
+    stosd           ; [es:edi] = ax; edi += 4;
+    dec    ecx          ; --a_len
+    jnz    L_20         ; jmp if a_len != 0
+L_21:
+    cmp    ebx,0        ; is carry zero?
+    jz     L_23
+    mov    eax,[edi]        ; add in current word from *c
+    add    eax,ebx
+    stosd           ; [es:edi] = ax; edi += 4;
+    jnc    L_23
+L_22:
+    mov    eax,[edi]        ; add in current word from *c
+    adc    eax,0
+    stosd           ; [es:edi] = ax; edi += 4;
+    jc     L_22
+L_23:
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+s_mpv_mul_d_add_prop_sse2:
+    push   ebp
+    mov    ebp, esp
+    push   edi
+    push   esi
+    push   ebx
+    psubq  mm2, mm2     ; carry = 0
+    mov    ecx, [ebp+12]    ; ecx = a_len
+    movd   mm1, [ebp+16]    ; mm1 = b
+    mov    edi, [ebp+20]
+    cmp    ecx, 0
+    je     L_26         ; jmp if a_len == 0
+    mov    esi, [ebp+8]     ; esi = a
+    cld
+L_25:
+    movd   mm0, [esi]       ; mm0 = *a++
+    movd   mm3, [edi]       ; fetch the sum
+    add    esi, 4
+    pmuludq mm0, mm1        ; mm0 = b * *a++
+    paddq  mm2, mm0     ; add the carry
+    paddq  mm2, mm3     ; add *c++
+    movd   [edi], mm2       ; store the 32bit result
+    add    edi, 4
+    psrlq  mm2, 32      ; save the carry
+    dec    ecx          ; --a_len
+    jnz    L_25         ; jmp if a_len != 0
+L_26:
+    movd   ebx, mm2
+    cmp    ebx, 0       ; is carry zero?
+    jz     L_28
+    mov    eax, [edi]
+    add    eax, ebx
+    stosd
+    jnc    L_28
+L_27:
+    mov    eax, [edi]       ; add in current word from *c
+    adc    eax, 0
+    stosd           ; [es:edi] = ax; edi += 4;
+    jc     L_27
+L_28:
+    emms
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+    }
+}
+
+/*
+ *   ebp - 20:  caller's esi
+ *   ebp - 16:  caller's edi
+ *   ebp - 12:
+ *   ebp - 8:   carry
+ *   ebp - 4:   a_len   local
+ *   ebp + 0:   caller's ebp
+ *   ebp + 4:   return address
+ *   ebp + 8:   pa  argument
+ *   ebp + 12:  a_len   argument
+ *   ebp + 16:  ps  argument
+ *   ebp + 20:
+ *   registers:
+ *      eax:
+ *  ebx:    carry
+ *  ecx:    a_len
+ *  edx:
+ *  esi:    a ptr
+ *  edi:    c ptr
+ */
+__declspec(naked) void s_mpv_sqr_add_prop(const mp_digit *a, mp_size a_len, mp_digit *sqrs)
+{
+    __asm {
+     mov    eax, is_sse
+     cmp    eax, 0
+     je     s_mpv_sqr_add_prop_x86
+     jg     s_mpv_sqr_add_prop_sse2
+     call   s_mpi_is_sse2
+     mov    is_sse, eax
+     cmp    eax, 0
+     jg     s_mpv_sqr_add_prop_sse2
+s_mpv_sqr_add_prop_x86:
+     push   ebp
+     mov    ebp,esp
+     sub    esp,12
+     push   edi
+     push   esi
+     push   ebx
+     mov    ebx,0       ; carry = 0
+     mov    ecx,[ebp+12]    ; a_len
+     mov    edi,[ebp+16]    ; edi = ps
+     cmp    ecx,0
+     je     L_31        ; jump if a_len == 0
+     cld
+     mov    esi,[ebp+8]     ; esi = pa
+L_30:
+     lodsd          ; eax = [ds:si]; si += 4;
+     mul    eax
+
+     add    eax,ebx     ; add "carry"
+     adc    edx,0
+     mov    ebx,[edi]
+     add    eax,ebx     ; add low word from result
+     mov    ebx,[edi+4]
+     stosd          ; [es:di] = eax; di += 4;
+     adc    edx,ebx     ; add high word from result
+     mov    ebx,0
+     mov    eax,edx
+     adc    ebx,0
+     stosd          ; [es:di] = eax; di += 4;
+     dec    ecx         ; --a_len
+     jnz    L_30        ; jmp if a_len != 0
+L_31:
+    cmp    ebx,0        ; is carry zero?
+    jz     L_34
+    mov    eax,[edi]        ; add in current word from *c
+    add    eax,ebx
+    stosd           ; [es:edi] = ax; edi += 4;
+    jnc    L_34
+L_32:
+    mov    eax,[edi]        ; add in current word from *c
+    adc    eax,0
+    stosd           ; [es:edi] = ax; edi += 4;
+    jc     L_32
+L_34:
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+s_mpv_sqr_add_prop_sse2:
+    push   ebp
+    mov    ebp, esp
+    push   edi
+    push   esi
+    push   ebx
+    psubq  mm2, mm2     ; carry = 0
+    mov    ecx, [ebp+12]    ; ecx = a_len
+    mov    edi, [ebp+16]
+    cmp    ecx, 0
+    je     L_36     ; jmp if a_len == 0
+    mov    esi, [ebp+8]     ; esi = a
+    cld
+L_35:
+    movd   mm0, [esi]       ; mm0 = *a
+    movd   mm3, [edi]       ; fetch the sum
+    add    esi, 4
+    pmuludq mm0, mm0        ; mm0 = sqr(a)
+    paddq  mm2, mm0     ; add the carry
+    paddq  mm2, mm3     ; add the low word
+    movd   mm3, [edi+4]
+    movd   [edi], mm2       ; store the 32bit result
+    psrlq  mm2, 32
+    paddq  mm2, mm3     ; add the high word
+    movd   [edi+4], mm2     ; store the 32bit result
+    psrlq  mm2, 32      ; save the carry.
+    add    edi, 8
+    dec    ecx          ; --a_len
+    jnz    L_35         ; jmp if a_len != 0
+L_36:
+    movd   ebx, mm2
+    cmp    ebx, 0       ; is carry zero?
+    jz     L_38
+    mov    eax, [edi]
+    add    eax, ebx
+    stosd
+    jnc    L_38
+L_37:
+    mov    eax, [edi]       ; add in current word from *c
+    adc    eax, 0
+    stosd           ; [es:edi] = ax; edi += 4;
+    jc     L_37
+L_38:
+    emms
+    pop    ebx
+    pop    esi
+    pop    edi
+    leave
+    ret
+    nop
+    }
+}
+
+/*
+ *  Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ *  so its high bit is 1.   This code is from NSPR.
+ *
+ *  Dump of assembler code for function s_mpv_div_2dx1d:
+ *
+ *   esp +  0:   Caller's ebx
+ *   esp +  4:  return address
+ *   esp +  8:  Nhi argument
+ *   esp + 12:  Nlo argument
+ *   esp + 16:  divisor argument
+ *   esp + 20:  qp  argument
+ *   esp + 24:   rp argument
+ *   registers:
+ *      eax:
+ *  ebx:    carry
+ *  ecx:    a_len
+ *  edx:
+ *  esi:    a ptr
+ *  edi:    c ptr
+ */
+__declspec(naked) mp_err
+    s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+                    mp_digit *qp, mp_digit *rp)
+{
+    __asm {
+       push   ebx
+       mov    edx,[esp+8]
+       mov    eax,[esp+12]
+       mov    ebx,[esp+16]
+       div    ebx
+       mov    ebx,[esp+20]
+       mov    [ebx],eax
+       mov    ebx,[esp+24]
+       mov    [ebx],edx
+       xor    eax,eax       ; return zero
+       pop    ebx
+       ret
+       nop
+    }
+}
diff --git a/nss/lib/freebl/mpi/mpi_x86_os2.s b/nss/lib/freebl/mpi/mpi_x86_os2.s
new file mode 100644
index 0000000..b903e25
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpi_x86_os2.s
@@ -0,0 +1,538 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+.data
+.align 4
+ #
+ # -1 means to call _s_mpi_is_sse to determine if we support sse 
+ #    instructions.
+ #  0 means to use x86 instructions
+ #  1 means to use sse2 instructions
+.type	is_sse,@object
+.size	is_sse,4
+is_sse: .long	-1 
+
+#
+# sigh, handle the difference between -fPIC and not PIC
+# default to pic, since this file seems to be exclusively
+# linux right now (solaris uses mpi_i86pc.s and windows uses
+# mpi_x86_asm.c)
+#
+#.ifndef NO_PIC
+#.macro GET   var,reg
+#    movl   \var@GOTOFF(%ebx),\reg
+#.endm
+#.macro PUT   reg,var
+#    movl   \reg,\var@GOTOFF(%ebx)
+#.endm
+#.else
+.macro GET   var,reg
+    movl   \var,\reg
+.endm
+.macro PUT   reg,var
+    movl   \reg,\var
+.endm
+#.endif
+
+.text
+
+
+ #  ebp - 36:	caller's esi
+ #  ebp - 32:	caller's edi
+ #  ebp - 28:	
+ #  ebp - 24:	
+ #  ebp - 20:	
+ #  ebp - 16:	
+ #  ebp - 12:	
+ #  ebp - 8:	
+ #  ebp - 4:	
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	_s_mpv_mul_d
+.type	_s_mpv_mul_d,@function
+_s_mpv_mul_d:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     _s_mpv_mul_d_x86
+    jg     _s_mpv_mul_d_sse2
+    call   _s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     _s_mpv_mul_d_sse2
+_s_mpv_mul_d_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     2f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+1:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    1b			# jmp if a_len != 0
+2:
+    mov    %ebx,0(%edi)		# *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+_s_mpv_mul_d_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     6f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+5:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    5b			# jmp if a_len != 0
+6:
+    movd   %mm2,0(%edi)		# *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 36:	caller's esi
+ #  ebp - 32:	caller's edi
+ #  ebp - 28:	
+ #  ebp - 24:	
+ #  ebp - 20:	
+ #  ebp - 16:	
+ #  ebp - 12:	
+ #  ebp - 8:	
+ #  ebp - 4:	
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	_s_mpv_mul_d_add
+.type	_s_mpv_mul_d_add,@function
+_s_mpv_mul_d_add:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     _s_mpv_mul_d_add_x86
+    jg     _s_mpv_mul_d_add_sse2
+    call   _s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     _s_mpv_mul_d_add_sse2
+_s_mpv_mul_d_add_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     11f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+10:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		# add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    10b			# jmp if a_len != 0
+11:
+    mov    %ebx,0(%edi)		# *c = carry
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+_s_mpv_mul_d_add_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     16f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+15:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    movd   0(%edi),%mm0
+    paddq  %mm0,%mm2            # add the carry
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    15b			# jmp if a_len != 0
+16:
+    movd   %mm2,0(%edi)		# *c = carry
+    emms
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #  ebp - 8:	caller's esi
+ #  ebp - 4:	caller's edi
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	a	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	b	argument
+ #  ebp + 20:	c	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+.globl	_s_mpv_mul_d_add_prop
+.type	_s_mpv_mul_d_add_prop,@function
+_s_mpv_mul_d_add_prop:
+    GET    is_sse,%eax
+    cmp    $0,%eax
+    je     _s_mpv_mul_d_add_prop_x86
+    jg     _s_mpv_mul_d_add_prop_sse2
+    call   _s_mpi_is_sse2
+    PUT    %eax,is_sse
+    cmp    $0,%eax
+    jg     _s_mpv_mul_d_add_prop_sse2
+_s_mpv_mul_d_add_prop_x86:
+    push   %ebp
+    mov    %esp,%ebp
+    sub    $28,%esp
+    push   %edi
+    push   %esi
+    push   %ebx
+    movl   $0,%ebx		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     21f			# jmp if a_len == 0
+    cld
+    mov    8(%ebp),%esi		# esi = a
+20:
+    lodsl			# eax = [ds:esi]; esi += 4
+    mov    16(%ebp),%edx	# edx = b
+    mull   %edx			# edx:eax = Phi:Plo = a_i * b
+
+    add    %ebx,%eax		# add carry (%ebx) to edx:eax
+    adc    $0,%edx
+    mov    0(%edi),%ebx		# add in current word from *c
+    add    %ebx,%eax		
+    adc    $0,%edx
+    mov    %edx,%ebx		# high half of product becomes next carry
+
+    stosl			# [es:edi] = ax; edi += 4;
+    dec    %ecx			# --a_len
+    jnz    20b			# jmp if a_len != 0
+21:
+    cmp    $0,%ebx		# is carry zero?
+    jz     23f
+    mov    0(%edi),%eax		# add in current word from *c
+    add	   %ebx,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jnc    23f
+22:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     22b
+23:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+_s_mpv_mul_d_add_prop_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    movd   16(%ebp),%mm1	# mm1 = b
+    mov    20(%ebp),%edi
+    cmp    $0,%ecx
+    je     26f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+25:
+    movd   0(%esi),%mm0         # mm0 = *a++
+    movd   0(%edi),%mm3		# fetch the sum
+    add    $4,%esi
+    pmuludq %mm1,%mm0           # mm0 = b * *a++
+    paddq  %mm0,%mm2            # add the carry
+    paddq  %mm3,%mm2            # add *c++
+    movd   %mm2,0(%edi)         # store the 32bit result
+    add    $4,%edi
+    psrlq  $32, %mm2		# save the carry
+    dec    %ecx			# --a_len
+    jnz    25b			# jmp if a_len != 0
+26:
+    movd   %mm2,%ebx
+    cmp    $0,%ebx		# is carry zero?
+    jz     28f
+    mov    0(%edi),%eax
+    add    %ebx, %eax
+    stosl
+    jnc    28f
+27:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     27b
+28:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+
+ #  ebp - 20:	caller's esi
+ #  ebp - 16:	caller's edi
+ #  ebp - 12:	
+ #  ebp - 8:	carry
+ #  ebp - 4:	a_len	local
+ #  ebp + 0:	caller's ebp
+ #  ebp + 4:	return address
+ #  ebp + 8:	pa	argument
+ #  ebp + 12:	a_len	argument
+ #  ebp + 16:	ps	argument
+ #  ebp + 20:	
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+
+.globl	_s_mpv_sqr_add_prop
+.type	_s_mpv_sqr_add_prop,@function
+_s_mpv_sqr_add_prop:
+     GET   is_sse,%eax
+     cmp    $0,%eax
+     je     _s_mpv_sqr_add_prop_x86
+     jg     _s_mpv_sqr_add_prop_sse2
+     call   _s_mpi_is_sse2
+     PUT    %eax,is_sse
+     cmp    $0,%eax
+     jg     _s_mpv_sqr_add_prop_sse2
+_s_mpv_sqr_add_prop_x86:
+     push   %ebp
+     mov    %esp,%ebp
+     sub    $12,%esp
+     push   %edi
+     push   %esi
+     push   %ebx
+     movl   $0,%ebx		# carry = 0
+     mov    12(%ebp),%ecx	# a_len
+     mov    16(%ebp),%edi	# edi = ps
+     cmp    $0,%ecx
+     je     31f			# jump if a_len == 0
+     cld
+     mov    8(%ebp),%esi	# esi = pa
+30:
+     lodsl			# %eax = [ds:si]; si += 4;
+     mull   %eax
+
+     add    %ebx,%eax		# add "carry"
+     adc    $0,%edx
+     mov    0(%edi),%ebx
+     add    %ebx,%eax		# add low word from result
+     mov    4(%edi),%ebx
+     stosl			# [es:di] = %eax; di += 4;
+     adc    %ebx,%edx		# add high word from result
+     movl   $0,%ebx
+     mov    %edx,%eax
+     adc    $0,%ebx
+     stosl			# [es:di] = %eax; di += 4;
+     dec    %ecx		# --a_len
+     jnz    30b			# jmp if a_len != 0
+31:
+    cmp    $0,%ebx		# is carry zero?
+    jz     34f
+    mov    0(%edi),%eax		# add in current word from *c
+    add	   %ebx,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jnc    34f
+32:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     32b
+34:
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+_s_mpv_sqr_add_prop_sse2:
+    push   %ebp
+    mov    %esp,%ebp
+    push   %edi
+    push   %esi
+    push   %ebx
+    psubq  %mm2,%mm2		# carry = 0
+    mov    12(%ebp),%ecx	# ecx = a_len
+    mov    16(%ebp),%edi
+    cmp    $0,%ecx
+    je     36f			# jmp if a_len == 0
+    mov    8(%ebp),%esi		# esi = a
+    cld
+35:
+    movd   0(%esi),%mm0        # mm0 = *a
+    movd   0(%edi),%mm3	       # fetch the sum
+    add	   $4,%esi
+    pmuludq %mm0,%mm0          # mm0 = sqr(a)
+    paddq  %mm0,%mm2           # add the carry
+    paddq  %mm3,%mm2           # add the low word
+    movd   4(%edi),%mm3
+    movd   %mm2,0(%edi)        # store the 32bit result
+    psrlq  $32, %mm2	
+    paddq  %mm3,%mm2           # add the high word
+    movd   %mm2,4(%edi)        # store the 32bit result
+    psrlq  $32, %mm2	       # save the carry.
+    add    $8,%edi
+    dec    %ecx			# --a_len
+    jnz    35b			# jmp if a_len != 0
+36:
+    movd   %mm2,%ebx
+    cmp    $0,%ebx		# is carry zero?
+    jz     38f
+    mov    0(%edi),%eax
+    add    %ebx, %eax
+    stosl
+    jnc    38f
+37:
+    mov    0(%edi),%eax		# add in current word from *c
+    adc	   $0,%eax
+    stosl			# [es:edi] = ax; edi += 4;
+    jc     37b
+38:
+    emms
+    pop    %ebx
+    pop    %esi
+    pop    %edi
+    leave  
+    ret    
+    nop
+
+ #
+ # Divide 64-bit (Nhi,Nlo) by 32-bit divisor, which must be normalized
+ # so its high bit is 1.   This code is from NSPR.
+ #
+ # mp_err _s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor,
+ # 		          mp_digit *qp, mp_digit *rp)
+
+ #  esp +  0:   Caller's ebx
+ #  esp +  4:	return address
+ #  esp +  8:	Nhi	argument
+ #  esp + 12:	Nlo	argument
+ #  esp + 16:	divisor	argument
+ #  esp + 20:	qp	argument
+ #  esp + 24:   rp	argument
+ #  registers:
+ # 	eax:
+ #	ebx:	carry
+ #	ecx:	a_len
+ #	edx:
+ #	esi:	a ptr
+ #	edi:	c ptr
+ # 
+
+.globl	_s_mpv_div_2dx1d
+.type	_s_mpv_div_2dx1d,@function
+_s_mpv_div_2dx1d:
+       push   %ebx
+       mov    8(%esp),%edx
+       mov    12(%esp),%eax
+       mov    16(%esp),%ebx
+       div    %ebx
+       mov    20(%esp),%ebx
+       mov    %eax,0(%ebx)
+       mov    24(%esp),%ebx
+       mov    %edx,0(%ebx)
+       xor    %eax,%eax		# return zero
+       pop    %ebx
+       ret    
+       nop
+  
diff --git a/nss/lib/freebl/mpi/mplogic.c b/nss/lib/freebl/mpi/mplogic.c
new file mode 100644
index 0000000..89fd03a
--- /dev/null
+++ b/nss/lib/freebl/mpi/mplogic.c
@@ -0,0 +1,443 @@
+/*
+ *  mplogic.c
+ *
+ *  Bitwise logical operations on MPI values
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi-priv.h"
+#include "mplogic.h"
+
+/* {{{ Lookup table for population count */
+
+static unsigned char bitc[] = {
+    0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,
+    1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+    1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+    1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+    3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+    1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+    3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+    2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,
+    3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+    3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,
+    4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8
+};
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_not(a, b)    - compute b = ~a
+  mpl_and(a, b, c) - compute c = a & b
+  mpl_or(a, b, c)  - compute c = a | b
+  mpl_xor(a, b, c) - compute c = a ^ b
+ */
+
+/* {{{ mpl_not(a, b) */
+
+mp_err
+mpl_not(mp_int *a, mp_int *b)
+{
+    mp_err res;
+    unsigned int ix;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if ((res = mp_copy(a, b)) != MP_OKAY)
+        return res;
+
+    /* This relies on the fact that the digit type is unsigned */
+    for (ix = 0; ix < USED(b); ix++)
+        DIGIT(b, ix) = ~DIGIT(b, ix);
+
+    s_mp_clamp(b);
+
+    return MP_OKAY;
+
+} /* end mpl_not() */
+
+/* }}} */
+
+/* {{{ mpl_and(a, b, c) */
+
+mp_err
+mpl_and(mp_int *a, mp_int *b, mp_int *c)
+{
+    mp_int *which, *other;
+    mp_err res;
+    unsigned int ix;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (USED(a) <= USED(b)) {
+        which = a;
+        other = b;
+    } else {
+        which = b;
+        other = a;
+    }
+
+    if ((res = mp_copy(which, c)) != MP_OKAY)
+        return res;
+
+    for (ix = 0; ix < USED(which); ix++)
+        DIGIT(c, ix) &= DIGIT(other, ix);
+
+    s_mp_clamp(c);
+
+    return MP_OKAY;
+
+} /* end mpl_and() */
+
+/* }}} */
+
+/* {{{ mpl_or(a, b, c) */
+
+mp_err
+mpl_or(mp_int *a, mp_int *b, mp_int *c)
+{
+    mp_int *which, *other;
+    mp_err res;
+    unsigned int ix;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (USED(a) >= USED(b)) {
+        which = a;
+        other = b;
+    } else {
+        which = b;
+        other = a;
+    }
+
+    if ((res = mp_copy(which, c)) != MP_OKAY)
+        return res;
+
+    for (ix = 0; ix < USED(which); ix++)
+        DIGIT(c, ix) |= DIGIT(other, ix);
+
+    return MP_OKAY;
+
+} /* end mpl_or() */
+
+/* }}} */
+
+/* {{{ mpl_xor(a, b, c) */
+
+mp_err
+mpl_xor(mp_int *a, mp_int *b, mp_int *c)
+{
+    mp_int *which, *other;
+    mp_err res;
+    unsigned int ix;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (USED(a) >= USED(b)) {
+        which = a;
+        other = b;
+    } else {
+        which = b;
+        other = a;
+    }
+
+    if ((res = mp_copy(which, c)) != MP_OKAY)
+        return res;
+
+    for (ix = 0; ix < USED(which); ix++)
+        DIGIT(c, ix) ^= DIGIT(other, ix);
+
+    s_mp_clamp(c);
+
+    return MP_OKAY;
+
+} /* end mpl_xor() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_rsh(a, b, d)     - b = a >> d
+  mpl_lsh(a, b, d)     - b = a << d
+ */
+
+/* {{{ mpl_rsh(a, b, d) */
+
+mp_err
+mpl_rsh(const mp_int *a, mp_int *b, mp_digit d)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if ((res = mp_copy(a, b)) != MP_OKAY)
+        return res;
+
+    s_mp_div_2d(b, d);
+
+    return MP_OKAY;
+
+} /* end mpl_rsh() */
+
+/* }}} */
+
+/* {{{ mpl_lsh(a, b, d) */
+
+mp_err
+mpl_lsh(const mp_int *a, mp_int *b, mp_digit d)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && b != NULL, MP_BADARG);
+
+    if ((res = mp_copy(a, b)) != MP_OKAY)
+        return res;
+
+    return s_mp_mul_2d(b, d);
+
+} /* end mpl_lsh() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_num_set(a, num)
+
+  Count the number of set bits in the binary representation of a.
+  Returns MP_OKAY and sets 'num' to be the number of such bits, if
+  possible.  If num is NULL, the result is thrown away, but it is
+  not considered an error.
+
+  mpl_num_clear() does basically the same thing for clear bits.
+ */
+
+/* {{{ mpl_num_set(a, num) */
+
+mp_err
+mpl_num_set(mp_int *a, int *num)
+{
+    unsigned int ix;
+    int db, nset = 0;
+    mp_digit cur;
+    unsigned char reg;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    for (ix = 0; ix < USED(a); ix++) {
+        cur = DIGIT(a, ix);
+
+        for (db = 0; db < sizeof(mp_digit); db++) {
+            reg = (unsigned char)(cur >> (CHAR_BIT * db));
+
+            nset += bitc[reg];
+        }
+    }
+
+    if (num)
+        *num = nset;
+
+    return MP_OKAY;
+
+} /* end mpl_num_set() */
+
+/* }}} */
+
+/* {{{ mpl_num_clear(a, num) */
+
+mp_err
+mpl_num_clear(mp_int *a, int *num)
+{
+    unsigned int ix;
+    int db, nset = 0;
+    mp_digit cur;
+    unsigned char reg;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    for (ix = 0; ix < USED(a); ix++) {
+        cur = DIGIT(a, ix);
+
+        for (db = 0; db < sizeof(mp_digit); db++) {
+            reg = (unsigned char)(cur >> (CHAR_BIT * db));
+
+            nset += bitc[UCHAR_MAX - reg];
+        }
+    }
+
+    if (num)
+        *num = nset;
+
+    return MP_OKAY;
+
+} /* end mpl_num_clear() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/*
+  mpl_parity(a)
+
+  Determines the bitwise parity of the value given.  Returns MP_EVEN
+  if an even number of digits are set, MP_ODD if an odd number are
+  set.
+ */
+
+/* {{{ mpl_parity(a) */
+
+mp_err
+mpl_parity(mp_int *a)
+{
+    unsigned int ix;
+    int par = 0;
+    mp_digit cur;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    for (ix = 0; ix < USED(a); ix++) {
+        int shft = (sizeof(mp_digit) * CHAR_BIT) / 2;
+
+        cur = DIGIT(a, ix);
+
+        /* Compute parity for current digit */
+        while (shft != 0) {
+            cur ^= (cur >> shft);
+            shft >>= 1;
+        }
+        cur &= 1;
+
+        /* XOR with running parity so far   */
+        par ^= cur;
+    }
+
+    if (par)
+        return MP_ODD;
+    else
+        return MP_EVEN;
+
+} /* end mpl_parity() */
+
+/* }}} */
+
+/*
+  mpl_set_bit
+
+  Returns MP_OKAY or some error code.
+  Grows a if needed to set a bit to 1.
+ */
+mp_err
+mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value)
+{
+    mp_size ix;
+    mp_err rv;
+    mp_digit mask;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    ix = bitNum / MP_DIGIT_BIT;
+    if (ix + 1 > MP_USED(a)) {
+        rv = s_mp_pad(a, ix + 1);
+        if (rv != MP_OKAY)
+            return rv;
+    }
+
+    bitNum = bitNum % MP_DIGIT_BIT;
+    mask = (mp_digit)1 << bitNum;
+    if (value)
+        MP_DIGIT(a, ix) |= mask;
+    else
+        MP_DIGIT(a, ix) &= ~mask;
+    s_mp_clamp(a);
+    return MP_OKAY;
+}
+
+/*
+  mpl_get_bit
+
+  returns 0 or 1 or some (negative) error code.
+ */
+mp_err
+mpl_get_bit(const mp_int *a, mp_size bitNum)
+{
+    mp_size bit, ix;
+    mp_err rv;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    ix = bitNum / MP_DIGIT_BIT;
+    ARGCHK(ix <= MP_USED(a) - 1, MP_RANGE);
+
+    bit = bitNum % MP_DIGIT_BIT;
+    rv = (mp_err)(MP_DIGIT(a, ix) >> bit) & 1;
+    return rv;
+}
+
+/*
+  mpl_get_bits
+  - Extracts numBits bits from a, where the least significant extracted bit
+  is bit lsbNum.  Returns a negative value if error occurs.
+  - Because sign bit is used to indicate error, maximum number of bits to
+  be returned is the lesser of (a) the number of bits in an mp_digit, or
+  (b) one less than the number of bits in an mp_err.
+  - lsbNum + numbits can be greater than the number of significant bits in
+  integer a, as long as bit lsbNum is in the high order digit of a.
+ */
+mp_err
+mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits)
+{
+    mp_size rshift = (lsbNum % MP_DIGIT_BIT);
+    mp_size lsWndx = (lsbNum / MP_DIGIT_BIT);
+    mp_digit *digit = MP_DIGITS(a) + lsWndx;
+    mp_digit mask = ((1 << numBits) - 1);
+
+    ARGCHK(numBits < CHAR_BIT * sizeof mask, MP_BADARG);
+    ARGCHK(MP_HOWMANY(lsbNum, MP_DIGIT_BIT) <= MP_USED(a), MP_RANGE);
+
+    if ((numBits + lsbNum % MP_DIGIT_BIT <= MP_DIGIT_BIT) ||
+        (lsWndx + 1 >= MP_USED(a))) {
+        mask &= (digit[0] >> rshift);
+    } else {
+        mask &= ((digit[0] >> rshift) | (digit[1] << (MP_DIGIT_BIT - rshift)));
+    }
+    return (mp_err)mask;
+}
+
+/*
+  mpl_significant_bits
+  returns number of significnant bits in abs(a).
+  returns 1 if value is zero.
+ */
+mp_size
+mpl_significant_bits(const mp_int *a)
+{
+    mp_size bits = 0;
+    int ix;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    for (ix = MP_USED(a); ix > 0;) {
+        mp_digit d;
+        d = MP_DIGIT(a, --ix);
+        if (d) {
+            while (d) {
+                ++bits;
+                d >>= 1;
+            }
+            break;
+        }
+    }
+    bits += ix * MP_DIGIT_BIT;
+    if (!bits)
+        bits = 1;
+    return bits;
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/mplogic.h b/nss/lib/freebl/mpi/mplogic.h
new file mode 100644
index 0000000..a4a6b77
--- /dev/null
+++ b/nss/lib/freebl/mpi/mplogic.h
@@ -0,0 +1,52 @@
+/*
+ *  mplogic.h
+ *
+ *  Bitwise logical operations on MPI values
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _H_MPLOGIC_
+#define _H_MPLOGIC_
+
+#include "mpi.h"
+
+/*
+  The logical operations treat an mp_int as if it were a bit vector,
+  without regard to its sign (an mp_int is represented in a signed
+  magnitude format).  Values are treated as if they had an infinite
+  string of zeros left of the most-significant bit.
+ */
+
+/* Parity results                    */
+
+#define MP_EVEN MP_YES
+#define MP_ODD MP_NO
+
+/* Bitwise functions                 */
+
+mp_err mpl_not(mp_int *a, mp_int *b);            /* one's complement  */
+mp_err mpl_and(mp_int *a, mp_int *b, mp_int *c); /* bitwise AND       */
+mp_err mpl_or(mp_int *a, mp_int *b, mp_int *c);  /* bitwise OR        */
+mp_err mpl_xor(mp_int *a, mp_int *b, mp_int *c); /* bitwise XOR       */
+
+/* Shift functions                   */
+
+mp_err mpl_rsh(const mp_int *a, mp_int *b, mp_digit d); /* right shift    */
+mp_err mpl_lsh(const mp_int *a, mp_int *b, mp_digit d); /* left shift     */
+
+/* Bit count and parity              */
+
+mp_err mpl_num_set(mp_int *a, int *num);   /* count set bits    */
+mp_err mpl_num_clear(mp_int *a, int *num); /* count clear bits  */
+mp_err mpl_parity(mp_int *a);              /* determine parity  */
+
+/* Get & Set the value of a bit */
+
+mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value);
+mp_err mpl_get_bit(const mp_int *a, mp_size bitNum);
+mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits);
+mp_size mpl_significant_bits(const mp_int *a);
+
+#endif /* end _H_MPLOGIC_ */
diff --git a/nss/lib/freebl/mpi/mpmontg.c b/nss/lib/freebl/mpi/mpmontg.c
new file mode 100644
index 0000000..06fd41b
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpmontg.c
@@ -0,0 +1,1141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This file implements moduluar exponentiation using Montgomery's
+ * method for modular reduction.  This file implements the method
+ * described as "Improvement 2" in the paper "A Cryptogrpahic Library for
+ * the Motorola DSP56000" by Stephen R. Dusse' and Burton S. Kaliski Jr.
+ * published in "Advances in Cryptology: Proceedings of EUROCRYPT '90"
+ * "Lecture Notes in Computer Science" volume 473, 1991, pg 230-244,
+ * published by Springer Verlag.
+ */
+
+#define MP_USING_CACHE_SAFE_MOD_EXP 1
+#include <string.h>
+#include "mpi-priv.h"
+#include "mplogic.h"
+#include "mpprime.h"
+#ifdef MP_USING_MONT_MULF
+#include "montmulf.h"
+#endif
+#include <stddef.h> /* ptrdiff_t */
+#include <assert.h>
+
+#define STATIC
+
+#define MAX_ODD_INTS 32 /* 2 ** (WINDOW_BITS - 1) */
+
+/*! computes T = REDC(T), 2^b == R
+    \param T < RN
+*/
+mp_err
+s_mp_redc(mp_int *T, mp_mont_modulus *mmm)
+{
+    mp_err res;
+    mp_size i;
+
+    i = (MP_USED(&mmm->N) << 1) + 1;
+    MP_CHECKOK(s_mp_pad(T, i));
+    for (i = 0; i < MP_USED(&mmm->N); ++i) {
+        mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime;
+        /* T += N * m_i * (MP_RADIX ** i); */
+        s_mp_mul_d_add_offset(&mmm->N, m_i, T, i);
+    }
+    s_mp_clamp(T);
+
+    /* T /= R */
+    s_mp_rshd(T, MP_USED(&mmm->N));
+
+    if ((res = s_mp_cmp(T, &mmm->N)) >= 0) {
+        /* T = T - N */
+        MP_CHECKOK(s_mp_sub(T, &mmm->N));
+#ifdef DEBUG
+        if ((res = mp_cmp(T, &mmm->N)) >= 0) {
+            res = MP_UNDEF;
+            goto CLEANUP;
+        }
+#endif
+    }
+    res = MP_OKAY;
+CLEANUP:
+    return res;
+}
+
+#if !defined(MP_MONT_USE_MP_MUL)
+
+/*! c <- REDC( a * b ) mod N
+    \param a < N  i.e. "reduced"
+    \param b < N  i.e. "reduced"
+    \param mmm modulus N and n0' of N
+*/
+mp_err
+s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,
+              mp_mont_modulus *mmm)
+{
+    mp_digit *pb;
+    mp_digit m_i;
+    mp_err res;
+    mp_size ib; /* "index b": index of current digit of B */
+    mp_size useda, usedb;
+
+    ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
+
+    if (MP_USED(a) < MP_USED(b)) {
+        const mp_int *xch = b; /* switch a and b, to do fewer outer loops */
+        b = a;
+        a = xch;
+    }
+
+    MP_USED(c) = 1;
+    MP_DIGIT(c, 0) = 0;
+    ib = (MP_USED(&mmm->N) << 1) + 1;
+    if ((res = s_mp_pad(c, ib)) != MP_OKAY)
+        goto CLEANUP;
+
+    useda = MP_USED(a);
+    pb = MP_DIGITS(b);
+    s_mpv_mul_d(MP_DIGITS(a), useda, *pb++, MP_DIGITS(c));
+    s_mp_setz(MP_DIGITS(c) + useda + 1, ib - (useda + 1));
+    m_i = MP_DIGIT(c, 0) * mmm->n0prime;
+    s_mp_mul_d_add_offset(&mmm->N, m_i, c, 0);
+
+    /* Outer loop:  Digits of b */
+    usedb = MP_USED(b);
+    for (ib = 1; ib < usedb; ib++) {
+        mp_digit b_i = *pb++;
+
+        /* Inner product:  Digits of a */
+        if (b_i)
+            s_mpv_mul_d_add_prop(MP_DIGITS(a), useda, b_i, MP_DIGITS(c) + ib);
+        m_i = MP_DIGIT(c, ib) * mmm->n0prime;
+        s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
+    }
+    if (usedb < MP_USED(&mmm->N)) {
+        for (usedb = MP_USED(&mmm->N); ib < usedb; ++ib) {
+            m_i = MP_DIGIT(c, ib) * mmm->n0prime;
+            s_mp_mul_d_add_offset(&mmm->N, m_i, c, ib);
+        }
+    }
+    s_mp_clamp(c);
+    s_mp_rshd(c, MP_USED(&mmm->N)); /* c /= R */
+    if (s_mp_cmp(c, &mmm->N) >= 0) {
+        MP_CHECKOK(s_mp_sub(c, &mmm->N));
+    }
+    res = MP_OKAY;
+
+CLEANUP:
+    return res;
+}
+#endif
+
+STATIC
+mp_err
+s_mp_to_mont(const mp_int *x, mp_mont_modulus *mmm, mp_int *xMont)
+{
+    mp_err res;
+
+    /* xMont = x * R mod N   where  N is modulus */
+    MP_CHECKOK(mp_copy(x, xMont));
+    MP_CHECKOK(s_mp_lshd(xMont, MP_USED(&mmm->N))); /* xMont = x << b */
+    MP_CHECKOK(mp_div(xMont, &mmm->N, 0, xMont));   /*         mod N */
+CLEANUP:
+    return res;
+}
+
+#ifdef MP_USING_MONT_MULF
+
+/* the floating point multiply is already cache safe,
+ * don't turn on cache safe unless we specifically
+ * force it */
+#ifndef MP_FORCE_CACHE_SAFE
+#undef MP_USING_CACHE_SAFE_MOD_EXP
+#endif
+
+unsigned int mp_using_mont_mulf = 1;
+
+/* computes montgomery square of the integer in mResult */
+#define SQR                                              \
+    conv_i32_to_d32_and_d16(dm1, d16Tmp, mResult, nLen); \
+    mont_mulf_noconv(mResult, dm1, d16Tmp,               \
+                     dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
+
+/* computes montgomery product of x and the integer in mResult */
+#define MUL(x)                                   \
+    conv_i32_to_d32(dm1, mResult, nLen);         \
+    mont_mulf_noconv(mResult, dm1, oddPowers[x], \
+                     dTmp, dn, MP_DIGITS(modulus), nLen, dn0)
+
+/* Do modular exponentiation using floating point multiply code. */
+mp_err
+mp_exptmod_f(const mp_int *montBase,
+             const mp_int *exponent,
+             const mp_int *modulus,
+             mp_int *result,
+             mp_mont_modulus *mmm,
+             int nLen,
+             mp_size bits_in_exponent,
+             mp_size window_bits,
+             mp_size odd_ints)
+{
+    mp_digit *mResult;
+    double *dBuf = 0, *dm1, *dn, *dSqr, *d16Tmp, *dTmp;
+    double dn0;
+    mp_size i;
+    mp_err res;
+    int expOff;
+    int dSize = 0, oddPowSize, dTmpSize;
+    mp_int accum1;
+    double *oddPowers[MAX_ODD_INTS];
+
+    /* function for computing n0prime only works if n0 is odd */
+
+    MP_DIGITS(&accum1) = 0;
+
+    for (i = 0; i < MAX_ODD_INTS; ++i)
+        oddPowers[i] = 0;
+
+    MP_CHECKOK(mp_init_size(&accum1, 3 * nLen + 2));
+
+    mp_set(&accum1, 1);
+    MP_CHECKOK(s_mp_to_mont(&accum1, mmm, &accum1));
+    MP_CHECKOK(s_mp_pad(&accum1, nLen));
+
+    oddPowSize = 2 * nLen + 1;
+    dTmpSize = 2 * oddPowSize;
+    dSize = sizeof(double) * (nLen * 4 + 1 +
+                              ((odd_ints + 1) * oddPowSize) + dTmpSize);
+    dBuf = (double *)malloc(dSize);
+    dm1 = dBuf;           /* array of d32 */
+    dn = dBuf + nLen;     /* array of d32 */
+    dSqr = dn + nLen;     /* array of d32 */
+    d16Tmp = dSqr + nLen; /* array of d16 */
+    dTmp = d16Tmp + oddPowSize;
+
+    for (i = 0; i < odd_ints; ++i) {
+        oddPowers[i] = dTmp;
+        dTmp += oddPowSize;
+    }
+    mResult = (mp_digit *)(dTmp + dTmpSize); /* size is nLen + 1 */
+
+    /* Make dn and dn0 */
+    conv_i32_to_d32(dn, MP_DIGITS(modulus), nLen);
+    dn0 = (double)(mmm->n0prime & 0xffff);
+
+    /* Make dSqr */
+    conv_i32_to_d32_and_d16(dm1, oddPowers[0], MP_DIGITS(montBase), nLen);
+    mont_mulf_noconv(mResult, dm1, oddPowers[0],
+                     dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
+    conv_i32_to_d32(dSqr, mResult, nLen);
+
+    for (i = 1; i < odd_ints; ++i) {
+        mont_mulf_noconv(mResult, dSqr, oddPowers[i - 1],
+                         dTmp, dn, MP_DIGITS(modulus), nLen, dn0);
+        conv_i32_to_d16(oddPowers[i], mResult, nLen);
+    }
+
+    s_mp_copy(MP_DIGITS(&accum1), mResult, nLen); /* from, to, len */
+
+    for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
+        mp_size smallExp;
+        MP_CHECKOK(mpl_get_bits(exponent, expOff, window_bits));
+        smallExp = (mp_size)res;
+
+        if (window_bits == 1) {
+            if (!smallExp) {
+                SQR;
+            } else if (smallExp & 1) {
+                SQR;
+                MUL(0);
+            } else {
+                abort();
+            }
+        } else if (window_bits == 4) {
+            if (!smallExp) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+            } else if (smallExp & 1) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 2);
+            } else if (smallExp & 2) {
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 4);
+                SQR;
+            } else if (smallExp & 4) {
+                SQR;
+                SQR;
+                MUL(smallExp / 8);
+                SQR;
+                SQR;
+            } else if (smallExp & 8) {
+                SQR;
+                MUL(smallExp / 16);
+                SQR;
+                SQR;
+                SQR;
+            } else {
+                abort();
+            }
+        } else if (window_bits == 5) {
+            if (!smallExp) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+            } else if (smallExp & 1) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 2);
+            } else if (smallExp & 2) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 4);
+                SQR;
+            } else if (smallExp & 4) {
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 8);
+                SQR;
+                SQR;
+            } else if (smallExp & 8) {
+                SQR;
+                SQR;
+                MUL(smallExp / 16);
+                SQR;
+                SQR;
+                SQR;
+            } else if (smallExp & 0x10) {
+                SQR;
+                MUL(smallExp / 32);
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+            } else {
+                abort();
+            }
+        } else if (window_bits == 6) {
+            if (!smallExp) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+            } else if (smallExp & 1) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 2);
+            } else if (smallExp & 2) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 4);
+                SQR;
+            } else if (smallExp & 4) {
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 8);
+                SQR;
+                SQR;
+            } else if (smallExp & 8) {
+                SQR;
+                SQR;
+                SQR;
+                MUL(smallExp / 16);
+                SQR;
+                SQR;
+                SQR;
+            } else if (smallExp & 0x10) {
+                SQR;
+                SQR;
+                MUL(smallExp / 32);
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+            } else if (smallExp & 0x20) {
+                SQR;
+                MUL(smallExp / 64);
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+                SQR;
+            } else {
+                abort();
+            }
+        } else {
+            abort();
+        }
+    }
+
+    s_mp_copy(mResult, MP_DIGITS(&accum1), nLen); /* from, to, len */
+
+    res = s_mp_redc(&accum1, mmm);
+    mp_exch(&accum1, result);
+
+CLEANUP:
+    mp_clear(&accum1);
+    if (dBuf) {
+        if (dSize)
+            memset(dBuf, 0, dSize);
+        free(dBuf);
+    }
+
+    return res;
+}
+#undef SQR
+#undef MUL
+#endif
+
+#define SQR(a, b)             \
+    MP_CHECKOK(mp_sqr(a, b)); \
+    MP_CHECKOK(s_mp_redc(b, mmm))
+
+#if defined(MP_MONT_USE_MP_MUL)
+#define MUL(x, a, b)                           \
+    MP_CHECKOK(mp_mul(a, oddPowers + (x), b)); \
+    MP_CHECKOK(s_mp_redc(b, mmm))
+#else
+#define MUL(x, a, b) \
+    MP_CHECKOK(s_mp_mul_mont(a, oddPowers + (x), b, mmm))
+#endif
+
+#define SWAPPA  \
+    ptmp = pa1; \
+    pa1 = pa2;  \
+    pa2 = ptmp
+
+/* Do modular exponentiation using integer multiply code. */
+mp_err
+mp_exptmod_i(const mp_int *montBase,
+             const mp_int *exponent,
+             const mp_int *modulus,
+             mp_int *result,
+             mp_mont_modulus *mmm,
+             int nLen,
+             mp_size bits_in_exponent,
+             mp_size window_bits,
+             mp_size odd_ints)
+{
+    mp_int *pa1, *pa2, *ptmp;
+    mp_size i;
+    mp_err res;
+    int expOff;
+    mp_int accum1, accum2, power2, oddPowers[MAX_ODD_INTS];
+
+    /* power2 = base ** 2; oddPowers[i] = base ** (2*i + 1); */
+    /* oddPowers[i] = base ** (2*i + 1); */
+
+    MP_DIGITS(&accum1) = 0;
+    MP_DIGITS(&accum2) = 0;
+    MP_DIGITS(&power2) = 0;
+    for (i = 0; i < MAX_ODD_INTS; ++i) {
+        MP_DIGITS(oddPowers + i) = 0;
+    }
+
+    MP_CHECKOK(mp_init_size(&accum1, 3 * nLen + 2));
+    MP_CHECKOK(mp_init_size(&accum2, 3 * nLen + 2));
+
+    MP_CHECKOK(mp_init_copy(&oddPowers[0], montBase));
+
+    MP_CHECKOK(mp_init_size(&power2, nLen + 2 * MP_USED(montBase) + 2));
+    MP_CHECKOK(mp_sqr(montBase, &power2)); /* power2 = montBase ** 2 */
+    MP_CHECKOK(s_mp_redc(&power2, mmm));
+
+    for (i = 1; i < odd_ints; ++i) {
+        MP_CHECKOK(mp_init_size(oddPowers + i, nLen + 2 * MP_USED(&power2) + 2));
+        MP_CHECKOK(mp_mul(oddPowers + (i - 1), &power2, oddPowers + i));
+        MP_CHECKOK(s_mp_redc(oddPowers + i, mmm));
+    }
+
+    /* set accumulator to montgomery residue of 1 */
+    mp_set(&accum1, 1);
+    MP_CHECKOK(s_mp_to_mont(&accum1, mmm, &accum1));
+    pa1 = &accum1;
+    pa2 = &accum2;
+
+    for (expOff = bits_in_exponent - window_bits; expOff >= 0; expOff -= window_bits) {
+        mp_size smallExp;
+        MP_CHECKOK(mpl_get_bits(exponent, expOff, window_bits));
+        smallExp = (mp_size)res;
+
+        if (window_bits == 1) {
+            if (!smallExp) {
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 1) {
+                SQR(pa1, pa2);
+                MUL(0, pa2, pa1);
+            } else {
+                abort();
+            }
+        } else if (window_bits == 4) {
+            if (!smallExp) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+            } else if (smallExp & 1) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp / 2, pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 2) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                MUL(smallExp / 4, pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 4) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp / 8, pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 8) {
+                SQR(pa1, pa2);
+                MUL(smallExp / 16, pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else {
+                abort();
+            }
+        } else if (window_bits == 5) {
+            if (!smallExp) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 1) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                MUL(smallExp / 2, pa2, pa1);
+            } else if (smallExp & 2) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp / 4, pa1, pa2);
+                SQR(pa2, pa1);
+            } else if (smallExp & 4) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                MUL(smallExp / 8, pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+            } else if (smallExp & 8) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp / 16, pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+            } else if (smallExp & 0x10) {
+                SQR(pa1, pa2);
+                MUL(smallExp / 32, pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+            } else {
+                abort();
+            }
+        } else if (window_bits == 6) {
+            if (!smallExp) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+            } else if (smallExp & 1) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp / 2, pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 2) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                MUL(smallExp / 4, pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 4) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp / 8, pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 8) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                MUL(smallExp / 16, pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 0x10) {
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp / 32, pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else if (smallExp & 0x20) {
+                SQR(pa1, pa2);
+                MUL(smallExp / 64, pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SWAPPA;
+            } else {
+                abort();
+            }
+        } else {
+            abort();
+        }
+    }
+
+    res = s_mp_redc(pa1, mmm);
+    mp_exch(pa1, result);
+
+CLEANUP:
+    mp_clear(&accum1);
+    mp_clear(&accum2);
+    mp_clear(&power2);
+    for (i = 0; i < odd_ints; ++i) {
+        mp_clear(oddPowers + i);
+    }
+    return res;
+}
+#undef SQR
+#undef MUL
+
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+unsigned int mp_using_cache_safe_exp = 1;
+#endif
+
+mp_err
+mp_set_safe_modexp(int value)
+{
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+    mp_using_cache_safe_exp = value;
+    return MP_OKAY;
+#else
+    if (value == 0) {
+        return MP_OKAY;
+    }
+    return MP_BADARG;
+#endif
+}
+
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+#define WEAVE_WORD_SIZE 4
+
+/*
+ * mpi_to_weave takes an array of bignums, a matrix in which each bignum
+ * occupies all the columns of a row, and transposes it into a matrix in
+ * which each bignum occupies a column of every row.  The first row of the
+ * input matrix becomes the first column of the output matrix.  The n'th
+ * row of input becomes the n'th column of output.  The input data is said
+ * to be "interleaved" or "woven" into the output matrix.
+ *
+ * The array of bignums is left in this woven form.  Each time a single
+ * bignum value is needed, it is recreated by fetching the n'th column,
+ * forming a single row which is the new bignum.
+ *
+ * The purpose of this interleaving is make it impossible to determine which
+ * of the bignums is being used in any one operation by examining the pattern
+ * of cache misses.
+ *
+ * The weaving function does not transpose the entire input matrix in one call.
+ * It transposes 4 rows of mp_ints into their respective columns of output.
+ *
+ * This implementation treats each mp_int bignum as an array of mp_digits,
+ * It stores those bytes as a column of mp_digits in the output matrix.  It
+ * doesn't care if the machine uses big-endian or little-endian byte ordering
+ * within mp_digits.
+ *
+ * "bignums" is an array of mp_ints.
+ * It points to four rows, four mp_ints, a subset of a larger array of mp_ints.
+ *
+ * "weaved" is the weaved output matrix.
+ * The first byte of bignums[0] is stored in weaved[0].
+ *
+ * "nBignums" is the total number of bignums in the array of which "bignums"
+ * is a part.
+ *
+ * "nDigits" is the size in mp_digits of each mp_int in the "bignums" array.
+ * mp_ints that use less than nDigits digits are logically padded with zeros
+ * while being stored in the weaved array.
+ */
+mp_err mpi_to_weave(const mp_int *bignums,
+                    mp_digit *weaved,
+                    mp_size nDigits,  /* in each mp_int of input */
+                    mp_size nBignums) /* in the entire source array */
+{
+    mp_size i;
+    mp_digit *endDest = weaved + (nDigits * nBignums);
+
+    for (i = 0; i < WEAVE_WORD_SIZE; i++) {
+        mp_size used = MP_USED(&bignums[i]);
+        mp_digit *pSrc = MP_DIGITS(&bignums[i]);
+        mp_digit *endSrc = pSrc + used;
+        mp_digit *pDest = weaved + i;
+
+        ARGCHK(MP_SIGN(&bignums[i]) == MP_ZPOS, MP_BADARG);
+        ARGCHK(used <= nDigits, MP_BADARG);
+
+        for (; pSrc < endSrc; pSrc++) {
+            *pDest = *pSrc;
+            pDest += nBignums;
+        }
+        while (pDest < endDest) {
+            *pDest = 0;
+            pDest += nBignums;
+        }
+    }
+
+    return MP_OKAY;
+}
+
+/*
+ * These functions return 0xffffffff if the output is true, and 0 otherwise.
+ */
+#define CONST_TIME_MSB(x) (0L - ((x) >> (8 * sizeof(x) - 1)))
+#define CONST_TIME_EQ_Z(x) CONST_TIME_MSB(~(x) & ((x)-1))
+#define CONST_TIME_EQ(a, b) CONST_TIME_EQ_Z((a) ^ (b))
+
+/* Reverse the operation above for one mp_int.
+ * Reconstruct one mp_int from its column in the weaved array.
+ * Every read accesses every element of the weaved array, in order to
+ * avoid timing attacks based on patterns of memory accesses.
+ */
+mp_err weave_to_mpi(mp_int *a,              /* out, result */
+                    const mp_digit *weaved, /* in, byte matrix */
+                    mp_size index,          /* which column to read */
+                    mp_size nDigits,        /* number of mp_digits in each bignum */
+                    mp_size nBignums)       /* width of the matrix */
+{
+    /* these are indices, but need to be the same size as mp_digit
+     * because of the CONST_TIME operations */
+    mp_digit i, j;
+    mp_digit d;
+    mp_digit *pDest = MP_DIGITS(a);
+
+    MP_SIGN(a) = MP_ZPOS;
+    MP_USED(a) = nDigits;
+
+    assert(weaved != NULL);
+
+    /* Fetch the proper column in constant time, indexing over the whole array */
+    for (i = 0; i < nDigits; ++i) {
+        d = 0;
+        for (j = 0; j < nBignums; ++j) {
+            d |= weaved[i * nBignums + j] & CONST_TIME_EQ(j, index);
+        }
+        pDest[i] = d;
+    }
+
+    s_mp_clamp(a);
+    return MP_OKAY;
+}
+
+#define SQR(a, b)             \
+    MP_CHECKOK(mp_sqr(a, b)); \
+    MP_CHECKOK(s_mp_redc(b, mmm))
+
+#if defined(MP_MONT_USE_MP_MUL)
+#define MUL_NOWEAVE(x, a, b)     \
+    MP_CHECKOK(mp_mul(a, x, b)); \
+    MP_CHECKOK(s_mp_redc(b, mmm))
+#else
+#define MUL_NOWEAVE(x, a, b) \
+    MP_CHECKOK(s_mp_mul_mont(a, x, b, mmm))
+#endif
+
+#define MUL(x, a, b)                                               \
+    MP_CHECKOK(weave_to_mpi(&tmp, powers, (x), nLen, num_powers)); \
+    MUL_NOWEAVE(&tmp, a, b)
+
+#define SWAPPA  \
+    ptmp = pa1; \
+    pa1 = pa2;  \
+    pa2 = ptmp
+#define MP_ALIGN(x, y) ((((ptrdiff_t)(x)) + ((y)-1)) & (((ptrdiff_t)0) - (y)))
+
+/* Do modular exponentiation using integer multiply code. */
+mp_err
+mp_exptmod_safe_i(const mp_int *montBase,
+                  const mp_int *exponent,
+                  const mp_int *modulus,
+                  mp_int *result,
+                  mp_mont_modulus *mmm,
+                  int nLen,
+                  mp_size bits_in_exponent,
+                  mp_size window_bits,
+                  mp_size num_powers)
+{
+    mp_int *pa1, *pa2, *ptmp;
+    mp_size i;
+    mp_size first_window;
+    mp_err res;
+    int expOff;
+    mp_int accum1, accum2, accum[WEAVE_WORD_SIZE];
+    mp_int tmp;
+    mp_digit *powersArray = NULL;
+    mp_digit *powers = NULL;
+
+    MP_DIGITS(&accum1) = 0;
+    MP_DIGITS(&accum2) = 0;
+    MP_DIGITS(&accum[0]) = 0;
+    MP_DIGITS(&accum[1]) = 0;
+    MP_DIGITS(&accum[2]) = 0;
+    MP_DIGITS(&accum[3]) = 0;
+    MP_DIGITS(&tmp) = 0;
+
+    /* grab the first window value. This allows us to preload accumulator1
+   * and save a conversion, some squares and a multiple*/
+    MP_CHECKOK(mpl_get_bits(exponent,
+                            bits_in_exponent - window_bits, window_bits));
+    first_window = (mp_size)res;
+
+    MP_CHECKOK(mp_init_size(&accum1, 3 * nLen + 2));
+    MP_CHECKOK(mp_init_size(&accum2, 3 * nLen + 2));
+
+    /* build the first WEAVE_WORD powers inline */
+    /* if WEAVE_WORD_SIZE is not 4, this code will have to change */
+    if (num_powers > 2) {
+        MP_CHECKOK(mp_init_size(&accum[0], 3 * nLen + 2));
+        MP_CHECKOK(mp_init_size(&accum[1], 3 * nLen + 2));
+        MP_CHECKOK(mp_init_size(&accum[2], 3 * nLen + 2));
+        MP_CHECKOK(mp_init_size(&accum[3], 3 * nLen + 2));
+        mp_set(&accum[0], 1);
+        MP_CHECKOK(s_mp_to_mont(&accum[0], mmm, &accum[0]));
+        MP_CHECKOK(mp_copy(montBase, &accum[1]));
+        SQR(montBase, &accum[2]);
+        MUL_NOWEAVE(montBase, &accum[2], &accum[3]);
+        powersArray = (mp_digit *)malloc(num_powers * (nLen * sizeof(mp_digit) + 1));
+        if (!powersArray) {
+            res = MP_MEM;
+            goto CLEANUP;
+        }
+        /* powers[i] = base ** (i); */
+        powers = (mp_digit *)MP_ALIGN(powersArray, num_powers);
+        MP_CHECKOK(mpi_to_weave(accum, powers, nLen, num_powers));
+        if (first_window < 4) {
+            MP_CHECKOK(mp_copy(&accum[first_window], &accum1));
+            first_window = num_powers;
+        }
+    } else {
+        if (first_window == 0) {
+            mp_set(&accum1, 1);
+            MP_CHECKOK(s_mp_to_mont(&accum1, mmm, &accum1));
+        } else {
+            /* assert first_window == 1? */
+            MP_CHECKOK(mp_copy(montBase, &accum1));
+        }
+    }
+
+    /*
+     * calculate all the powers in the powers array.
+     * this adds 2**(k-1)-2 square operations over just calculating the
+     * odd powers where k is the window size in the two other mp_modexpt
+     * implementations in this file. We will get some of that
+     * back by not needing the first 'k' squares and one multiply for the
+     * first window.
+     * Given the value of 4 for WEAVE_WORD_SIZE, this loop will only execute if
+     * num_powers > 2, in which case powers will have been allocated.
+     */
+    for (i = WEAVE_WORD_SIZE; i < num_powers; i++) {
+        int acc_index = i & (WEAVE_WORD_SIZE - 1); /* i % WEAVE_WORD_SIZE */
+        if (i & 1) {
+            MUL_NOWEAVE(montBase, &accum[acc_index - 1], &accum[acc_index]);
+            /* we've filled the array do our 'per array' processing */
+            if (acc_index == (WEAVE_WORD_SIZE - 1)) {
+                MP_CHECKOK(mpi_to_weave(accum, powers + i - (WEAVE_WORD_SIZE - 1),
+                                        nLen, num_powers));
+
+                if (first_window <= i) {
+                    MP_CHECKOK(mp_copy(&accum[first_window & (WEAVE_WORD_SIZE - 1)],
+                                       &accum1));
+                    first_window = num_powers;
+                }
+            }
+        } else {
+            /* up to 8 we can find 2^i-1 in the accum array, but at 8 we our source
+             * and target are the same so we need to copy.. After that, the
+             * value is overwritten, so we need to fetch it from the stored
+             * weave array */
+            if (i > 2 * WEAVE_WORD_SIZE) {
+                MP_CHECKOK(weave_to_mpi(&accum2, powers, i / 2, nLen, num_powers));
+                SQR(&accum2, &accum[acc_index]);
+            } else {
+                int half_power_index = (i / 2) & (WEAVE_WORD_SIZE - 1);
+                if (half_power_index == acc_index) {
+                    /* copy is cheaper than weave_to_mpi */
+                    MP_CHECKOK(mp_copy(&accum[half_power_index], &accum2));
+                    SQR(&accum2, &accum[acc_index]);
+                } else {
+                    SQR(&accum[half_power_index], &accum[acc_index]);
+                }
+            }
+        }
+    }
+/* if the accum1 isn't set, Then there is something wrong with our logic
+   * above and is an internal programming error.
+   */
+#if MP_ARGCHK == 2
+    assert(MP_USED(&accum1) != 0);
+#endif
+
+    /* set accumulator to montgomery residue of 1 */
+    pa1 = &accum1;
+    pa2 = &accum2;
+
+    /* tmp is not used if window_bits == 1. */
+    if (window_bits != 1) {
+        MP_CHECKOK(mp_init_size(&tmp, 3 * nLen + 2));
+    }
+
+    for (expOff = bits_in_exponent - window_bits * 2; expOff >= 0; expOff -= window_bits) {
+        mp_size smallExp;
+        MP_CHECKOK(mpl_get_bits(exponent, expOff, window_bits));
+        smallExp = (mp_size)res;
+
+        /* handle unroll the loops */
+        switch (window_bits) {
+            case 1:
+                if (!smallExp) {
+                    SQR(pa1, pa2);
+                    SWAPPA;
+                } else if (smallExp & 1) {
+                    SQR(pa1, pa2);
+                    MUL_NOWEAVE(montBase, pa2, pa1);
+                } else {
+                    abort();
+                }
+                break;
+            case 6:
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+            /* fall through */
+            case 4:
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                MUL(smallExp, pa1, pa2);
+                SWAPPA;
+                break;
+            case 5:
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                SQR(pa2, pa1);
+                SQR(pa1, pa2);
+                MUL(smallExp, pa2, pa1);
+                break;
+            default:
+                abort(); /* could do a loop? */
+        }
+    }
+
+    res = s_mp_redc(pa1, mmm);
+    mp_exch(pa1, result);
+
+CLEANUP:
+    mp_clear(&accum1);
+    mp_clear(&accum2);
+    mp_clear(&accum[0]);
+    mp_clear(&accum[1]);
+    mp_clear(&accum[2]);
+    mp_clear(&accum[3]);
+    mp_clear(&tmp);
+    /* PORT_Memset(powers,0,num_powers*nLen*sizeof(mp_digit)); */
+    free(powersArray);
+    return res;
+}
+#undef SQR
+#undef MUL
+#endif
+
+mp_err
+mp_exptmod(const mp_int *inBase, const mp_int *exponent,
+           const mp_int *modulus, mp_int *result)
+{
+    const mp_int *base;
+    mp_size bits_in_exponent, i, window_bits, odd_ints;
+    mp_err res;
+    int nLen;
+    mp_int montBase, goodBase;
+    mp_mont_modulus mmm;
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+    static unsigned int max_window_bits;
+#endif
+
+    /* function for computing n0prime only works if n0 is odd */
+    if (!mp_isodd(modulus))
+        return s_mp_exptmod(inBase, exponent, modulus, result);
+
+    MP_DIGITS(&montBase) = 0;
+    MP_DIGITS(&goodBase) = 0;
+
+    if (mp_cmp(inBase, modulus) < 0) {
+        base = inBase;
+    } else {
+        MP_CHECKOK(mp_init(&goodBase));
+        base = &goodBase;
+        MP_CHECKOK(mp_mod(inBase, modulus, &goodBase));
+    }
+
+    nLen = MP_USED(modulus);
+    MP_CHECKOK(mp_init_size(&montBase, 2 * nLen + 2));
+
+    mmm.N = *modulus; /* a copy of the mp_int struct */
+
+    /* compute n0', given n0, n0' = -(n0 ** -1) mod MP_RADIX
+    **        where n0 = least significant mp_digit of N, the modulus.
+    */
+    mmm.n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(modulus, 0));
+
+    MP_CHECKOK(s_mp_to_mont(base, &mmm, &montBase));
+
+    bits_in_exponent = mpl_significant_bits(exponent);
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+    if (mp_using_cache_safe_exp) {
+        if (bits_in_exponent > 780)
+            window_bits = 6;
+        else if (bits_in_exponent > 256)
+            window_bits = 5;
+        else if (bits_in_exponent > 20)
+            window_bits = 4;
+        /* RSA public key exponents are typically under 20 bits (common values
+         * are: 3, 17, 65537) and a 4-bit window is inefficient
+         */
+        else
+            window_bits = 1;
+    } else
+#endif
+        if (bits_in_exponent > 480)
+        window_bits = 6;
+    else if (bits_in_exponent > 160)
+        window_bits = 5;
+    else if (bits_in_exponent > 20)
+        window_bits = 4;
+    /* RSA public key exponents are typically under 20 bits (common values
+     * are: 3, 17, 65537) and a 4-bit window is inefficient
+     */
+    else
+        window_bits = 1;
+
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+    /*
+     * clamp the window size based on
+     * the cache line size.
+     */
+    if (!max_window_bits) {
+        unsigned long cache_size = s_mpi_getProcessorLineSize();
+        /* processor has no cache, use 'fast' code always */
+        if (cache_size == 0) {
+            mp_using_cache_safe_exp = 0;
+        }
+        if ((cache_size == 0) || (cache_size >= 64)) {
+            max_window_bits = 6;
+        } else if (cache_size >= 32) {
+            max_window_bits = 5;
+        } else if (cache_size >= 16) {
+            max_window_bits = 4;
+        } else
+            max_window_bits = 1; /* should this be an assert? */
+    }
+
+    /* clamp the window size down before we caclulate bits_in_exponent */
+    if (mp_using_cache_safe_exp) {
+        if (window_bits > max_window_bits) {
+            window_bits = max_window_bits;
+        }
+    }
+#endif
+
+    odd_ints = 1 << (window_bits - 1);
+    i = bits_in_exponent % window_bits;
+    if (i != 0) {
+        bits_in_exponent += window_bits - i;
+    }
+
+#ifdef MP_USING_MONT_MULF
+    if (mp_using_mont_mulf) {
+        MP_CHECKOK(s_mp_pad(&montBase, nLen));
+        res = mp_exptmod_f(&montBase, exponent, modulus, result, &mmm, nLen,
+                           bits_in_exponent, window_bits, odd_ints);
+    } else
+#endif
+#ifdef MP_USING_CACHE_SAFE_MOD_EXP
+        if (mp_using_cache_safe_exp) {
+        res = mp_exptmod_safe_i(&montBase, exponent, modulus, result, &mmm, nLen,
+                                bits_in_exponent, window_bits, 1 << window_bits);
+    } else
+#endif
+        res = mp_exptmod_i(&montBase, exponent, modulus, result, &mmm, nLen,
+                           bits_in_exponent, window_bits, odd_ints);
+
+CLEANUP:
+    mp_clear(&montBase);
+    mp_clear(&goodBase);
+    /* Don't mp_clear mmm.N because it is merely a copy of modulus.
+    ** Just zap it.
+    */
+    memset(&mmm, 0, sizeof mmm);
+    return res;
+}
diff --git a/nss/lib/freebl/mpi/mpprime.c b/nss/lib/freebl/mpi/mpprime.c
new file mode 100644
index 0000000..5828719
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpprime.c
@@ -0,0 +1,599 @@
+/*
+ *  mpprime.c
+ *
+ *  Utilities for finding and working with prime and pseudo-prime
+ *  integers
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi-priv.h"
+#include "mpprime.h"
+#include "mplogic.h"
+#include <stdlib.h>
+#include <string.h>
+
+#define SMALL_TABLE 0 /* determines size of hard-wired prime table */
+
+#define RANDOM() rand()
+
+#include "primes.c" /* pull in the prime digit table */
+
+/*
+   Test if any of a given vector of digits divides a.  If not, MP_NO
+   is returned; otherwise, MP_YES is returned and 'which' is set to
+   the index of the integer in the vector which divided a.
+ */
+mp_err s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which);
+
+/* {{{ mpp_divis(a, b) */
+
+/*
+  mpp_divis(a, b)
+
+  Returns MP_YES if a is divisible by b, or MP_NO if it is not.
+ */
+
+mp_err
+mpp_divis(mp_int *a, mp_int *b)
+{
+    mp_err res;
+    mp_int rem;
+
+    if ((res = mp_init(&rem)) != MP_OKAY)
+        return res;
+
+    if ((res = mp_mod(a, b, &rem)) != MP_OKAY)
+        goto CLEANUP;
+
+    if (mp_cmp_z(&rem) == 0)
+        res = MP_YES;
+    else
+        res = MP_NO;
+
+CLEANUP:
+    mp_clear(&rem);
+    return res;
+
+} /* end mpp_divis() */
+
+/* }}} */
+
+/* {{{ mpp_divis_d(a, d) */
+
+/*
+  mpp_divis_d(a, d)
+
+  Return MP_YES if a is divisible by d, or MP_NO if it is not.
+ */
+
+mp_err
+mpp_divis_d(mp_int *a, mp_digit d)
+{
+    mp_err res;
+    mp_digit rem;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    if (d == 0)
+        return MP_NO;
+
+    if ((res = mp_mod_d(a, d, &rem)) != MP_OKAY)
+        return res;
+
+    if (rem == 0)
+        return MP_YES;
+    else
+        return MP_NO;
+
+} /* end mpp_divis_d() */
+
+/* }}} */
+
+/* {{{ mpp_random(a) */
+
+/*
+  mpp_random(a)
+
+  Assigns a random value to a.  This value is generated using the
+  standard C library's rand() function, so it should not be used for
+  cryptographic purposes, but it should be fine for primality testing,
+  since all we really care about there is good statistical properties.
+
+  As many digits as a currently has are filled with random digits.
+ */
+
+mp_err
+mpp_random(mp_int *a)
+
+{
+    mp_digit next = 0;
+    unsigned int ix, jx;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    for (ix = 0; ix < USED(a); ix++) {
+        for (jx = 0; jx < sizeof(mp_digit); jx++) {
+            next = (next << CHAR_BIT) | (RANDOM() & UCHAR_MAX);
+        }
+        DIGIT(a, ix) = next;
+    }
+
+    return MP_OKAY;
+
+} /* end mpp_random() */
+
+/* }}} */
+
+/* {{{ mpp_random_size(a, prec) */
+
+mp_err
+mpp_random_size(mp_int *a, mp_size prec)
+{
+    mp_err res;
+
+    ARGCHK(a != NULL && prec > 0, MP_BADARG);
+
+    if ((res = s_mp_pad(a, prec)) != MP_OKAY)
+        return res;
+
+    return mpp_random(a);
+
+} /* end mpp_random_size() */
+
+/* }}} */
+
+/* {{{ mpp_divis_vector(a, vec, size, which) */
+
+/*
+  mpp_divis_vector(a, vec, size, which)
+
+  Determines if a is divisible by any of the 'size' digits in vec.
+  Returns MP_YES and sets 'which' to the index of the offending digit,
+  if it is; returns MP_NO if it is not.
+ */
+
+mp_err
+mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which)
+{
+    ARGCHK(a != NULL && vec != NULL && size > 0, MP_BADARG);
+
+    return s_mpp_divp(a, vec, size, which);
+
+} /* end mpp_divis_vector() */
+
+/* }}} */
+
+/* {{{ mpp_divis_primes(a, np) */
+
+/*
+  mpp_divis_primes(a, np)
+
+  Test whether a is divisible by any of the first 'np' primes.  If it
+  is, returns MP_YES and sets *np to the value of the digit that did
+  it.  If not, returns MP_NO.
+ */
+mp_err
+mpp_divis_primes(mp_int *a, mp_digit *np)
+{
+    int size, which;
+    mp_err res;
+
+    ARGCHK(a != NULL && np != NULL, MP_BADARG);
+
+    size = (int)*np;
+    if (size > prime_tab_size)
+        size = prime_tab_size;
+
+    res = mpp_divis_vector(a, prime_tab, size, &which);
+    if (res == MP_YES)
+        *np = prime_tab[which];
+
+    return res;
+
+} /* end mpp_divis_primes() */
+
+/* }}} */
+
+/* {{{ mpp_fermat(a, w) */
+
+/*
+  Using w as a witness, try pseudo-primality testing based on Fermat's
+  little theorem.  If a is prime, and (w, a) = 1, then w^a == w (mod
+  a).  So, we compute z = w^a (mod a) and compare z to w; if they are
+  equal, the test passes and we return MP_YES.  Otherwise, we return
+  MP_NO.
+ */
+mp_err
+mpp_fermat(mp_int *a, mp_digit w)
+{
+    mp_int base, test;
+    mp_err res;
+
+    if ((res = mp_init(&base)) != MP_OKAY)
+        return res;
+
+    mp_set(&base, w);
+
+    if ((res = mp_init(&test)) != MP_OKAY)
+        goto TEST;
+
+    /* Compute test = base^a (mod a) */
+    if ((res = mp_exptmod(&base, a, a, &test)) != MP_OKAY)
+        goto CLEANUP;
+
+    if (mp_cmp(&base, &test) == 0)
+        res = MP_YES;
+    else
+        res = MP_NO;
+
+CLEANUP:
+    mp_clear(&test);
+TEST:
+    mp_clear(&base);
+
+    return res;
+
+} /* end mpp_fermat() */
+
+/* }}} */
+
+/*
+  Perform the fermat test on each of the primes in a list until
+  a) one of them shows a is not prime, or
+  b) the list is exhausted.
+  Returns:  MP_YES if it passes tests.
+        MP_NO  if fermat test reveals it is composite
+        Some MP error code if some other error occurs.
+ */
+mp_err
+mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes)
+{
+    mp_err rv = MP_YES;
+
+    while (nPrimes-- > 0 && rv == MP_YES) {
+        rv = mpp_fermat(a, *primes++);
+    }
+    return rv;
+}
+
+/* {{{ mpp_pprime(a, nt) */
+
+/*
+  mpp_pprime(a, nt)
+
+  Performs nt iteration of the Miller-Rabin probabilistic primality
+  test on a.  Returns MP_YES if the tests pass, MP_NO if one fails.
+  If MP_NO is returned, the number is definitely composite.  If MP_YES
+  is returned, it is probably prime (but that is not guaranteed).
+ */
+
+mp_err
+mpp_pprime(mp_int *a, int nt)
+{
+    mp_err res;
+    mp_int x, amo, m, z; /* "amo" = "a minus one" */
+    int iter;
+    unsigned int jx;
+    mp_size b;
+
+    ARGCHK(a != NULL, MP_BADARG);
+
+    MP_DIGITS(&x) = 0;
+    MP_DIGITS(&amo) = 0;
+    MP_DIGITS(&m) = 0;
+    MP_DIGITS(&z) = 0;
+
+    /* Initialize temporaries... */
+    MP_CHECKOK(mp_init(&amo));
+    /* Compute amo = a - 1 for what follows...    */
+    MP_CHECKOK(mp_sub_d(a, 1, &amo));
+
+    b = mp_trailing_zeros(&amo);
+    if (!b) { /* a was even ? */
+        res = MP_NO;
+        goto CLEANUP;
+    }
+
+    MP_CHECKOK(mp_init_size(&x, MP_USED(a)));
+    MP_CHECKOK(mp_init(&z));
+    MP_CHECKOK(mp_init(&m));
+    MP_CHECKOK(mp_div_2d(&amo, b, &m, 0));
+
+    /* Do the test nt times... */
+    for (iter = 0; iter < nt; iter++) {
+
+        /* Choose a random value for 1 < x < a      */
+        MP_CHECKOK(s_mp_pad(&x, USED(a)));
+        mpp_random(&x);
+        MP_CHECKOK(mp_mod(&x, a, &x));
+        if (mp_cmp_d(&x, 1) <= 0) {
+            iter--;   /* don't count this iteration */
+            continue; /* choose a new x */
+        }
+
+        /* Compute z = (x ** m) mod a               */
+        MP_CHECKOK(mp_exptmod(&x, &m, a, &z));
+
+        if (mp_cmp_d(&z, 1) == 0 || mp_cmp(&z, &amo) == 0) {
+            res = MP_YES;
+            continue;
+        }
+
+        res = MP_NO; /* just in case the following for loop never executes. */
+        for (jx = 1; jx < b; jx++) {
+            /* z = z^2 (mod a) */
+            MP_CHECKOK(mp_sqrmod(&z, a, &z));
+            res = MP_NO; /* previous line set res to MP_YES */
+
+            if (mp_cmp_d(&z, 1) == 0) {
+                break;
+            }
+            if (mp_cmp(&z, &amo) == 0) {
+                res = MP_YES;
+                break;
+            }
+        } /* end testing loop */
+
+        /* If the test passes, we will continue iterating, but a failed
+           test means the candidate is definitely NOT prime, so we will
+           immediately break out of this loop
+         */
+        if (res == MP_NO)
+            break;
+
+    } /* end iterations loop */
+
+CLEANUP:
+    mp_clear(&m);
+    mp_clear(&z);
+    mp_clear(&x);
+    mp_clear(&amo);
+    return res;
+
+} /* end mpp_pprime() */
+
+/* }}} */
+
+/* Produce table of composites from list of primes and trial value.
+** trial must be odd. List of primes must not include 2.
+** sieve should have dimension >= MAXPRIME/2, where MAXPRIME is largest
+** prime in list of primes.  After this function is finished,
+** if sieve[i] is non-zero, then (trial + 2*i) is composite.
+** Each prime used in the sieve costs one division of trial, and eliminates
+** one or more values from the search space. (3 eliminates 1/3 of the values
+** alone!)  Each value left in the search space costs 1 or more modular
+** exponentations.  So, these divisions are a bargain!
+*/
+mp_err
+mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes,
+          unsigned char *sieve, mp_size nSieve)
+{
+    mp_err res;
+    mp_digit rem;
+    mp_size ix;
+    unsigned long offset;
+
+    memset(sieve, 0, nSieve);
+
+    for (ix = 0; ix < nPrimes; ix++) {
+        mp_digit prime = primes[ix];
+        mp_size i;
+        if ((res = mp_mod_d(trial, prime, &rem)) != MP_OKAY)
+            return res;
+
+        if (rem == 0) {
+            offset = 0;
+        } else {
+            offset = prime - rem;
+        }
+
+        for (i = offset; i < nSieve * 2; i += prime) {
+            if (i % 2 == 0) {
+                sieve[i / 2] = 1;
+            }
+        }
+    }
+
+    return MP_OKAY;
+}
+
+#define SIEVE_SIZE 32 * 1024
+
+mp_err
+mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
+               unsigned long *nTries)
+{
+    mp_digit np;
+    mp_err res;
+    unsigned int i = 0;
+    mp_int trial;
+    mp_int q;
+    mp_size num_tests;
+    unsigned char *sieve;
+
+    ARGCHK(start != 0, MP_BADARG);
+    ARGCHK(nBits > 16, MP_RANGE);
+
+    sieve = malloc(SIEVE_SIZE);
+    ARGCHK(sieve != NULL, MP_MEM);
+
+    MP_DIGITS(&trial) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_CHECKOK(mp_init(&trial));
+    MP_CHECKOK(mp_init(&q));
+    /* values originally taken from table 4.4,
+   * HandBook of Applied Cryptography, augmented by FIPS-186
+   * requirements, Table C.2 and C.3 */
+    if (nBits >= 2000) {
+        num_tests = 3;
+    } else if (nBits >= 1536) {
+        num_tests = 4;
+    } else if (nBits >= 1024) {
+        num_tests = 5;
+    } else if (nBits >= 550) {
+        num_tests = 6;
+    } else if (nBits >= 450) {
+        num_tests = 7;
+    } else if (nBits >= 400) {
+        num_tests = 8;
+    } else if (nBits >= 350) {
+        num_tests = 9;
+    } else if (nBits >= 300) {
+        num_tests = 10;
+    } else if (nBits >= 250) {
+        num_tests = 20;
+    } else if (nBits >= 200) {
+        num_tests = 41;
+    } else if (nBits >= 100) {
+        num_tests = 38; /* funny anomaly in the FIPS tables, for aux primes, the
+                         * required more iterations for larger aux primes */
+    } else
+        num_tests = 50;
+
+    if (strong)
+        --nBits;
+    MP_CHECKOK(mpl_set_bit(start, nBits - 1, 1));
+    MP_CHECKOK(mpl_set_bit(start, 0, 1));
+    for (i = mpl_significant_bits(start) - 1; i >= nBits; --i) {
+        MP_CHECKOK(mpl_set_bit(start, i, 0));
+    }
+    /* start sieveing with prime value of 3. */
+    MP_CHECKOK(mpp_sieve(start, prime_tab + 1, prime_tab_size - 1,
+                         sieve, SIEVE_SIZE));
+
+#ifdef DEBUG_SIEVE
+    res = 0;
+    for (i = 0; i < SIEVE_SIZE; ++i) {
+        if (!sieve[i])
+            ++res;
+    }
+    fprintf(stderr, "sieve found %d potential primes.\n", res);
+#define FPUTC(x, y) fputc(x, y)
+#else
+#define FPUTC(x, y)
+#endif
+
+    res = MP_NO;
+    for (i = 0; i < SIEVE_SIZE; ++i) {
+        if (sieve[i]) /* this number is composite */
+            continue;
+        MP_CHECKOK(mp_add_d(start, 2 * i, &trial));
+        FPUTC('.', stderr);
+        /* run a Fermat test */
+        res = mpp_fermat(&trial, 2);
+        if (res != MP_OKAY) {
+            if (res == MP_NO)
+                continue; /* was composite */
+            goto CLEANUP;
+        }
+
+        FPUTC('+', stderr);
+        /* If that passed, run some Miller-Rabin tests  */
+        res = mpp_pprime(&trial, num_tests);
+        if (res != MP_OKAY) {
+            if (res == MP_NO)
+                continue; /* was composite */
+            goto CLEANUP;
+        }
+        FPUTC('!', stderr);
+
+        if (!strong)
+            break; /* success !! */
+
+        /* At this point, we have strong evidence that our candidate
+           is itself prime.  If we want a strong prime, we need now
+           to test q = 2p + 1 for primality...
+        */
+        MP_CHECKOK(mp_mul_2(&trial, &q));
+        MP_CHECKOK(mp_add_d(&q, 1, &q));
+
+        /* Test q for small prime divisors ... */
+        np = prime_tab_size;
+        res = mpp_divis_primes(&q, &np);
+        if (res == MP_YES) { /* is composite */
+            mp_clear(&q);
+            continue;
+        }
+        if (res != MP_NO)
+            goto CLEANUP;
+
+        /* And test with Fermat, as with its parent ... */
+        res = mpp_fermat(&q, 2);
+        if (res != MP_YES) {
+            mp_clear(&q);
+            if (res == MP_NO)
+                continue; /* was composite */
+            goto CLEANUP;
+        }
+
+        /* And test with Miller-Rabin, as with its parent ... */
+        res = mpp_pprime(&q, num_tests);
+        if (res != MP_YES) {
+            mp_clear(&q);
+            if (res == MP_NO)
+                continue; /* was composite */
+            goto CLEANUP;
+        }
+
+        /* If it passed, we've got a winner */
+        mp_exch(&q, &trial);
+        mp_clear(&q);
+        break;
+
+    } /* end of loop through sieved values */
+    if (res == MP_YES)
+        mp_exch(&trial, start);
+CLEANUP:
+    mp_clear(&trial);
+    mp_clear(&q);
+    if (nTries)
+        *nTries += i;
+    if (sieve != NULL) {
+        memset(sieve, 0, SIEVE_SIZE);
+        free(sieve);
+    }
+    return res;
+}
+
+/*========================================================================*/
+/*------------------------------------------------------------------------*/
+/* Static functions visible only to the library internally                */
+
+/* {{{ s_mpp_divp(a, vec, size, which) */
+
+/*
+   Test for divisibility by members of a vector of digits.  Returns
+   MP_NO if a is not divisible by any of them; returns MP_YES and sets
+   'which' to the index of the offender, if it is.  Will stop on the
+   first digit against which a is divisible.
+ */
+
+mp_err
+s_mpp_divp(mp_int *a, const mp_digit *vec, int size, int *which)
+{
+    mp_err res;
+    mp_digit rem;
+
+    int ix;
+
+    for (ix = 0; ix < size; ix++) {
+        if ((res = mp_mod_d(a, vec[ix], &rem)) != MP_OKAY)
+            return res;
+
+        if (rem == 0) {
+            if (which)
+                *which = ix;
+            return MP_YES;
+        }
+    }
+
+    return MP_NO;
+
+} /* end s_mpp_divp() */
+
+/* }}} */
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/mpprime.h b/nss/lib/freebl/mpi/mpprime.h
new file mode 100644
index 0000000..885bccd
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpprime.h
@@ -0,0 +1,42 @@
+/*
+ *  mpprime.h
+ *
+ *  Utilities for finding and working with prime and pseudo-prime
+ *  integers
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _H_MP_PRIME_
+#define _H_MP_PRIME_
+
+#include "mpi.h"
+
+SEC_BEGIN_PROTOS
+
+extern const int prime_tab_size; /* number of primes available */
+extern const mp_digit prime_tab[];
+
+/* Tests for divisibility    */
+mp_err mpp_divis(mp_int *a, mp_int *b);
+mp_err mpp_divis_d(mp_int *a, mp_digit d);
+
+/* Random selection          */
+mp_err mpp_random(mp_int *a);
+mp_err mpp_random_size(mp_int *a, mp_size prec);
+
+/* Pseudo-primality testing  */
+mp_err mpp_divis_vector(mp_int *a, const mp_digit *vec, int size, int *which);
+mp_err mpp_divis_primes(mp_int *a, mp_digit *np);
+mp_err mpp_fermat(mp_int *a, mp_digit w);
+mp_err mpp_fermat_list(mp_int *a, const mp_digit *primes, mp_size nPrimes);
+mp_err mpp_pprime(mp_int *a, int nt);
+mp_err mpp_sieve(mp_int *trial, const mp_digit *primes, mp_size nPrimes,
+                 unsigned char *sieve, mp_size nSieve);
+mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
+                      unsigned long *nTries);
+
+SEC_END_PROTOS
+
+#endif /* end _H_MP_PRIME_ */
diff --git a/nss/lib/freebl/mpi/mpv_sparc.c b/nss/lib/freebl/mpi/mpv_sparc.c
new file mode 100644
index 0000000..423311b
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpv_sparc.c
@@ -0,0 +1,221 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "vis_proto.h"
+
+/***************************************************************/
+
+typedef int t_s32;
+typedef unsigned int t_u32;
+#if defined(__sparcv9)
+typedef long t_s64;
+typedef unsigned long t_u64;
+#else
+typedef long long t_s64;
+typedef unsigned long long t_u64;
+#endif
+typedef double t_d64;
+
+/***************************************************************/
+
+typedef union {
+    t_d64 d64;
+    struct {
+        t_s32 i0;
+        t_s32 i1;
+    } i32s;
+} d64_2_i32;
+
+/***************************************************************/
+
+#define BUFF_SIZE 256
+
+#define A_BITS 19
+#define A_MASK ((1 << A_BITS) - 1)
+
+/***************************************************************/
+
+static t_u64 mask_cnst[] = {
+    0x8000000080000000ull
+};
+
+/***************************************************************/
+
+#define DEF_VARS(N)                     \
+    t_d64 *py = (t_d64 *)y;             \
+    t_d64 mask = *((t_d64 *)mask_cnst); \
+    t_d64 ca = (1u << 31) - 1;          \
+    t_d64 da = (t_d64)a;                \
+    t_s64 buff[N], s;                   \
+    d64_2_i32 dy
+
+/***************************************************************/
+
+#define MUL_U32_S64_2(i)                           \
+    dy.d64 = vis_fxnor(mask, py[i]);               \
+    buff[2 * (i)] = (ca - (t_d64)dy.i32s.i0) * da; \
+    buff[2 * (i) + 1] = (ca - (t_d64)dy.i32s.i1) * da
+
+#define MUL_U32_S64_2_D(i)                \
+    dy.d64 = vis_fxnor(mask, py[i]);      \
+    d0 = ca - (t_d64)dy.i32s.i0;          \
+    d1 = ca - (t_d64)dy.i32s.i1;          \
+    buff[4 * (i)] = (t_s64)(d0 * da);     \
+    buff[4 * (i) + 1] = (t_s64)(d0 * db); \
+    buff[4 * (i) + 2] = (t_s64)(d1 * da); \
+    buff[4 * (i) + 3] = (t_s64)(d1 * db)
+
+/***************************************************************/
+
+#define ADD_S64_U32(i)      \
+    s = buff[i] + x[i] + c; \
+    z[i] = s;               \
+    c = (s >> 32)
+
+#define ADD_S64_U32_D(i)                                                      \
+    s = buff[2 * (i)] + (((t_s64)(buff[2 * (i) + 1])) << A_BITS) + x[i] + uc; \
+    z[i] = s;                                                                 \
+    uc = ((t_u64)s >> 32)
+
+/***************************************************************/
+
+#define MUL_U32_S64_8(i)  \
+    MUL_U32_S64_2(i);     \
+    MUL_U32_S64_2(i + 1); \
+    MUL_U32_S64_2(i + 2); \
+    MUL_U32_S64_2(i + 3)
+
+#define MUL_U32_S64_D_8(i)  \
+    MUL_U32_S64_2_D(i);     \
+    MUL_U32_S64_2_D(i + 1); \
+    MUL_U32_S64_2_D(i + 2); \
+    MUL_U32_S64_2_D(i + 3)
+
+/***************************************************************/
+
+#define ADD_S64_U32_8(i) \
+    ADD_S64_U32(i);      \
+    ADD_S64_U32(i + 1);  \
+    ADD_S64_U32(i + 2);  \
+    ADD_S64_U32(i + 3);  \
+    ADD_S64_U32(i + 4);  \
+    ADD_S64_U32(i + 5);  \
+    ADD_S64_U32(i + 6);  \
+    ADD_S64_U32(i + 7)
+
+#define ADD_S64_U32_D_8(i) \
+    ADD_S64_U32_D(i);      \
+    ADD_S64_U32_D(i + 1);  \
+    ADD_S64_U32_D(i + 2);  \
+    ADD_S64_U32_D(i + 3);  \
+    ADD_S64_U32_D(i + 4);  \
+    ADD_S64_U32_D(i + 5);  \
+    ADD_S64_U32_D(i + 6);  \
+    ADD_S64_U32_D(i + 7)
+
+/***************************************************************/
+
+t_u32
+mul_add(t_u32 *z, t_u32 *x, t_u32 *y, int n, t_u32 a)
+{
+    if (a < (1 << A_BITS)) {
+
+        if (n == 8) {
+            DEF_VARS(8);
+            t_s32 c = 0;
+
+            MUL_U32_S64_8(0);
+            ADD_S64_U32_8(0);
+
+            return c;
+
+        } else if (n == 16) {
+            DEF_VARS(16);
+            t_s32 c = 0;
+
+            MUL_U32_S64_8(0);
+            MUL_U32_S64_8(4);
+            ADD_S64_U32_8(0);
+            ADD_S64_U32_8(8);
+
+            return c;
+
+        } else {
+            DEF_VARS(BUFF_SIZE);
+            t_s32 i, c = 0;
+
+#pragma pipeloop(0)
+            for (i = 0; i < (n + 1) / 2; i++) {
+                MUL_U32_S64_2(i);
+            }
+
+#pragma pipeloop(0)
+            for (i = 0; i < n; i++) {
+                ADD_S64_U32(i);
+            }
+
+            return c;
+        }
+    } else {
+
+        if (n == 8) {
+            DEF_VARS(2 * 8);
+            t_d64 d0, d1, db;
+            t_u32 uc = 0;
+
+            da = (t_d64)(a & A_MASK);
+            db = (t_d64)(a >> A_BITS);
+
+            MUL_U32_S64_D_8(0);
+            ADD_S64_U32_D_8(0);
+
+            return uc;
+
+        } else if (n == 16) {
+            DEF_VARS(2 * 16);
+            t_d64 d0, d1, db;
+            t_u32 uc = 0;
+
+            da = (t_d64)(a & A_MASK);
+            db = (t_d64)(a >> A_BITS);
+
+            MUL_U32_S64_D_8(0);
+            MUL_U32_S64_D_8(4);
+            ADD_S64_U32_D_8(0);
+            ADD_S64_U32_D_8(8);
+
+            return uc;
+
+        } else {
+            DEF_VARS(2 * BUFF_SIZE);
+            t_d64 d0, d1, db;
+            t_u32 i, uc = 0;
+
+            da = (t_d64)(a & A_MASK);
+            db = (t_d64)(a >> A_BITS);
+
+#pragma pipeloop(0)
+            for (i = 0; i < (n + 1) / 2; i++) {
+                MUL_U32_S64_2_D(i);
+            }
+
+#pragma pipeloop(0)
+            for (i = 0; i < n; i++) {
+                ADD_S64_U32_D(i);
+            }
+
+            return uc;
+        }
+    }
+}
+
+/***************************************************************/
+
+t_u32
+mul_add_inp(t_u32 *x, t_u32 *y, int n, t_u32 a)
+{
+    return mul_add(x, x, y, n, a);
+}
+
+/***************************************************************/
diff --git a/nss/lib/freebl/mpi/mpv_sparcv8.s b/nss/lib/freebl/mpi/mpv_sparcv8.s
new file mode 100644
index 0000000..66122a1
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpv_sparcv8.s
@@ -0,0 +1,1607 @@
+! Inner multiply loop functions for hybrid 32/64-bit Sparc v8plus CPUs.
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   3 ( 0  0) */		.file	"mpv_sparc.c"
+/* 000000	  14 ( 0  0) */		.align	8
+!
+! SUBROUTINE .L_const_seg_900000106
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+        .L_const_seg_900000106:		/* frequency 1.0 confidence 0.0 */
+/* 000000	  19 ( 0  0) */		.word	1127219200,0
+/* 0x0008	  20 ( 0  0) */		.word	1105199103,-4194304
+/* 0x0010	  21 ( 0  0) */		.align	16
+/* 0x0010	  27 ( 0  0) */		.global	mul_add
+
+!
+! ENTRY mul_add
+!
+
+        .global mul_add
+        mul_add:		/* frequency 1.0 confidence 0.0 */
+/* 0x0010	  29 ( 0  1) */		sethi	%hi(0x1800),%g1
+/* 0x0014	  30 ( 0  1) */		sethi	%hi(mask_cnst),%g2
+/* 0x0018	  31 ( 1  2) */		xor	%g1,-984,%g1
+/* 0x001c	  32 ( 1  2) */		add	%g2,%lo(mask_cnst),%g2
+/* 0x0020	  33 ( 2  4) */		save	%sp,%g1,%sp
+
+!
+! ENTRY .L900000154
+!
+
+        .L900000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x0024	  35 ( 0  2) */		call	(.+0x8)	! params = 	! Result = 
+/* 0x0028	     ( 1  2) */		sethi	%hi((_GLOBAL_OFFSET_TABLE_-(.L900000154-.))),%g5
+/* 0x002c	 177 ( 2  3) */		sethi	%hi(.L_const_seg_900000106),%g3
+/* 0x0030	 178 ( 2  3) */		add	%g5,%lo((_GLOBAL_OFFSET_TABLE_-(.L900000154-.))),%g5
+/* 0x0034	 179 ( 3  4) */		or	%g0,%i4,%o1
+/* 0x0038	 180 ( 3  4) */		st	%o1,[%fp+84]
+/* 0x003c	 181 ( 3  4) */		add	%g5,%o7,%o3
+/* 0x0040	 182 ( 4  5) */		add	%g3,%lo(.L_const_seg_900000106),%g3
+/* 0x0044	 183 ( 4  6) */		ld	[%o3+%g2],%g2
+/* 0x0048	 184 ( 4  5) */		or	%g0,%i3,%o2
+/* 0x004c	 185 ( 5  6) */		sethi	%hi(0x80000),%g4
+/* 0x0050	 186 ( 5  7) */		ld	[%o3+%g3],%o0
+/* 0x0054	 187 ( 5  6) */		or	%g0,%i2,%g5
+/* 0x0058	 188 ( 6  7) */		or	%g0,%o2,%o3
+/* 0x005c	 189 ( 6 10) */		ldd	[%g2],%f0
+/* 0x0060	 190 ( 6  7) */		subcc	%o1,%g4,%g0
+/* 0x0064	 191 ( 6  7) */		bcc,pn	%icc,.L77000048	! tprob=0.50
+/* 0x0068	     ( 7  8) */		subcc	%o2,8,%g0
+/* 0x006c	 193 ( 7  8) */		bne,pn	%icc,.L77000037	! tprob=0.50
+/* 0x0070	     ( 8 12) */		ldd	[%o0],%f8
+/* 0x0074	 195 ( 9 13) */		ldd	[%g5],%f4
+/* 0x0078	 196 (10 14) */		ldd	[%g5+8],%f6
+/* 0x007c	 197 (11 15) */		ldd	[%g5+16],%f10
+/* 0x0080	 198 (11 14) */		fmovs	%f8,%f12
+/* 0x0084	 199 (12 16) */		fxnor	%f0,%f4,%f4
+/* 0x0088	 200 (12 14) */		ld	[%fp+84],%f13
+/* 0x008c	 201 (13 17) */		ldd	[%o0+8],%f14
+/* 0x0090	 202 (13 17) */		fxnor	%f0,%f6,%f6
+/* 0x0094	 203 (14 18) */		ldd	[%g5+24],%f16
+/* 0x0098	 204 (14 18) */		fxnor	%f0,%f10,%f10
+/* 0x009c	 208 (15 17) */		ld	[%i1],%g2
+/* 0x00a0	 209 (15 20) */		fsubd	%f12,%f8,%f8
+/* 0x00a4	 210 (16 21) */		fitod	%f4,%f18
+/* 0x00a8	 211 (16 18) */		ld	[%i1+4],%g3
+/* 0x00ac	 212 (17 22) */		fitod	%f5,%f4
+/* 0x00b0	 213 (17 19) */		ld	[%i1+8],%g4
+/* 0x00b4	 214 (18 23) */		fitod	%f6,%f20
+/* 0x00b8	 215 (18 20) */		ld	[%i1+12],%g5
+/* 0x00bc	 216 (19 21) */		ld	[%i1+16],%o0
+/* 0x00c0	 217 (19 24) */		fitod	%f7,%f6
+/* 0x00c4	 218 (20 22) */		ld	[%i1+20],%o1
+/* 0x00c8	 219 (20 24) */		fxnor	%f0,%f16,%f16
+/* 0x00cc	 220 (21 26) */		fsubd	%f14,%f18,%f12
+/* 0x00d0	 221 (21 23) */		ld	[%i1+24],%o2
+/* 0x00d4	 222 (22 27) */		fsubd	%f14,%f4,%f4
+/* 0x00d8	 223 (22 24) */		ld	[%i1+28],%o3
+/* 0x00dc	 224 (23 28) */		fitod	%f10,%f18
+/* 0x00e0	 225 (24 29) */		fsubd	%f14,%f20,%f20
+/* 0x00e4	 226 (25 30) */		fitod	%f11,%f10
+/* 0x00e8	 227 (26 31) */		fsubd	%f14,%f6,%f6
+/* 0x00ec	 228 (26 31) */		fmuld	%f12,%f8,%f12
+/* 0x00f0	 229 (27 32) */		fitod	%f16,%f22
+/* 0x00f4	 230 (27 32) */		fmuld	%f4,%f8,%f4
+/* 0x00f8	 231 (28 33) */		fsubd	%f14,%f18,%f18
+/* 0x00fc	 232 (29 34) */		fitod	%f17,%f16
+/* 0x0100	 233 (29 34) */		fmuld	%f20,%f8,%f20
+/* 0x0104	 234 (30 35) */		fsubd	%f14,%f10,%f10
+/* 0x0108	 235 (31 36) */		fdtox	%f12,%f12
+/* 0x010c	 236 (31 32) */		std	%f12,[%sp+152]
+/* 0x0110	 237 (31 36) */		fmuld	%f6,%f8,%f6
+/* 0x0114	 238 (32 37) */		fdtox	%f4,%f4
+/* 0x0118	 239 (32 33) */		std	%f4,[%sp+144]
+/* 0x011c	 240 (33 38) */		fsubd	%f14,%f22,%f4
+/* 0x0120	 241 (33 38) */		fmuld	%f18,%f8,%f12
+/* 0x0124	 242 (34 39) */		fdtox	%f20,%f18
+/* 0x0128	 243 (34 35) */		std	%f18,[%sp+136]
+/* 0x012c	 244 (35 37) */		ldx	[%sp+152],%o4
+/* 0x0130	 245 (35 40) */		fsubd	%f14,%f16,%f14
+/* 0x0134	 246 (35 40) */		fmuld	%f10,%f8,%f10
+/* 0x0138	 247 (36 41) */		fdtox	%f6,%f6
+/* 0x013c	 248 (36 37) */		std	%f6,[%sp+128]
+/* 0x0140	 249 (37 39) */		ldx	[%sp+144],%o5
+/* 0x0144	 250 (37 38) */		add	%o4,%g2,%o4
+/* 0x0148	 251 (38 39) */		st	%o4,[%i0]
+/* 0x014c	 252 (38 39) */		srax	%o4,32,%g2
+/* 0x0150	 253 (38 43) */		fdtox	%f12,%f6
+/* 0x0154	 254 (38 43) */		fmuld	%f4,%f8,%f4
+/* 0x0158	 255 (39 40) */		std	%f6,[%sp+120]
+/* 0x015c	 256 (39 40) */		add	%o5,%g3,%g3
+/* 0x0160	 257 (40 42) */		ldx	[%sp+136],%o7
+/* 0x0164	 258 (40 41) */		add	%g3,%g2,%g2
+/* 0x0168	 259 (40 45) */		fmuld	%f14,%f8,%f6
+/* 0x016c	 260 (40 45) */		fdtox	%f10,%f8
+/* 0x0170	 261 (41 42) */		std	%f8,[%sp+112]
+/* 0x0174	 262 (41 42) */		srax	%g2,32,%o5
+/* 0x0178	 263 (42 44) */		ldx	[%sp+128],%g3
+/* 0x017c	 264 (42 43) */		add	%o7,%g4,%g4
+/* 0x0180	 265 (43 44) */		st	%g2,[%i0+4]
+/* 0x0184	 266 (43 44) */		add	%g4,%o5,%g4
+/* 0x0188	 267 (43 48) */		fdtox	%f4,%f4
+/* 0x018c	 268 (44 46) */		ldx	[%sp+120],%o5
+/* 0x0190	 269 (44 45) */		add	%g3,%g5,%g3
+/* 0x0194	 270 (44 45) */		srax	%g4,32,%g5
+/* 0x0198	 271 (45 46) */		std	%f4,[%sp+104]
+/* 0x019c	 272 (45 46) */		add	%g3,%g5,%g3
+/* 0x01a0	 273 (45 50) */		fdtox	%f6,%f4
+/* 0x01a4	 274 (46 47) */		std	%f4,[%sp+96]
+/* 0x01a8	 275 (46 47) */		add	%o5,%o0,%o0
+/* 0x01ac	 276 (46 47) */		srax	%g3,32,%o5
+/* 0x01b0	 277 (47 49) */		ldx	[%sp+112],%g5
+/* 0x01b4	 278 (47 48) */		add	%o0,%o5,%o0
+/* 0x01b8	 279 (48 49) */		st	%g4,[%i0+8]
+/* 0x01bc	 280 (49 51) */		ldx	[%sp+104],%o5
+/* 0x01c0	 281 (49 50) */		add	%g5,%o1,%o1
+/* 0x01c4	 282 (49 50) */		srax	%o0,32,%g5
+/* 0x01c8	 283 (50 51) */		st	%o0,[%i0+16]
+/* 0x01cc	 284 (50 51) */		add	%o1,%g5,%o1
+/* 0x01d0	 285 (51 53) */		ldx	[%sp+96],%g5
+/* 0x01d4	 286 (51 52) */		add	%o5,%o2,%o2
+/* 0x01d8	 287 (51 52) */		srax	%o1,32,%o5
+/* 0x01dc	 288 (52 53) */		st	%o1,[%i0+20]
+/* 0x01e0	 289 (52 53) */		add	%o2,%o5,%o2
+/* 0x01e4	 290 (53 54) */		st	%o2,[%i0+24]
+/* 0x01e8	 291 (53 54) */		srax	%o2,32,%g4
+/* 0x01ec	 292 (53 54) */		add	%g5,%o3,%g2
+/* 0x01f0	 293 (54 55) */		st	%g3,[%i0+12]
+/* 0x01f4	 294 (54 55) */		add	%g2,%g4,%g2
+/* 0x01f8	 295 (55 56) */		st	%g2,[%i0+28]
+/* 0x01fc	 299 (55 56) */		srax	%g2,32,%o7
+/* 0x0200	 300 (56 57) */		or	%g0,%o7,%i0
+/* 0x0204	     (57 64) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0208	     (59 61) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000037
+!
+
+        .L77000037:		/* frequency 1.0 confidence 0.0 */
+/* 0x020c	 307 ( 0  1) */		subcc	%o2,16,%g0
+/* 0x0210	 308 ( 0  1) */		bne,pn	%icc,.L77000076	! tprob=0.50
+/* 0x0214	     ( 1  5) */		ldd	[%o0],%f8
+/* 0x0218	 310 ( 2  6) */		ldd	[%g5],%f4
+/* 0x021c	 311 ( 3  7) */		ldd	[%g5+8],%f6
+/* 0x0220	 317 ( 4  8) */		ldd	[%o0+8],%f14
+/* 0x0224	 318 ( 4  7) */		fmovs	%f8,%f12
+/* 0x0228	 319 ( 5  7) */		ld	[%fp+84],%f13
+/* 0x022c	 320 ( 5  9) */		fxnor	%f0,%f4,%f4
+/* 0x0230	 321 ( 6 10) */		ldd	[%g5+16],%f10
+/* 0x0234	 322 ( 6 10) */		fxnor	%f0,%f6,%f6
+/* 0x0238	 323 ( 7 11) */		ldd	[%g5+24],%f16
+/* 0x023c	 324 ( 8 12) */		ldd	[%g5+32],%f20
+/* 0x0240	 325 ( 8 13) */		fsubd	%f12,%f8,%f8
+/* 0x0244	 331 ( 9 11) */		ld	[%i1+40],%o7
+/* 0x0248	 332 ( 9 14) */		fitod	%f4,%f18
+/* 0x024c	 333 (10 14) */		ldd	[%g5+40],%f22
+/* 0x0250	 334 (10 15) */		fitod	%f5,%f4
+/* 0x0254	 335 (11 12) */		stx	%o7,[%sp+96]
+/* 0x0258	 336 (11 16) */		fitod	%f6,%f24
+/* 0x025c	 337 (12 14) */		ld	[%i1+44],%o7
+/* 0x0260	 338 (12 16) */		fxnor	%f0,%f10,%f10
+/* 0x0264	 339 (13 17) */		ldd	[%g5+48],%f26
+/* 0x0268	 340 (13 18) */		fitod	%f7,%f6
+/* 0x026c	 341 (14 15) */		stx	%o7,[%sp+104]
+/* 0x0270	 342 (14 19) */		fsubd	%f14,%f18,%f18
+/* 0x0274	 343 (15 17) */		ld	[%i1+48],%o7
+/* 0x0278	 344 (15 20) */		fsubd	%f14,%f4,%f4
+/* 0x027c	 345 (16 18) */		ld	[%i1+36],%o5
+/* 0x0280	 346 (16 21) */		fitod	%f10,%f28
+/* 0x0284	 347 (17 18) */		stx	%o7,[%sp+112]
+/* 0x0288	 348 (17 21) */		fxnor	%f0,%f16,%f16
+/* 0x028c	 349 (18 20) */		ld	[%i1],%g2
+/* 0x0290	 350 (18 23) */		fsubd	%f14,%f24,%f24
+/* 0x0294	 351 (19 20) */		stx	%o5,[%sp+120]
+/* 0x0298	 352 (19 24) */		fitod	%f11,%f10
+/* 0x029c	 353 (19 24) */		fmuld	%f18,%f8,%f18
+/* 0x02a0	 354 (20 22) */		ld	[%i1+52],%o5
+/* 0x02a4	 355 (20 25) */		fsubd	%f14,%f6,%f6
+/* 0x02a8	 356 (20 25) */		fmuld	%f4,%f8,%f4
+/* 0x02ac	 357 (21 26) */		fitod	%f16,%f30
+/* 0x02b0	 358 (22 26) */		fxnor	%f0,%f20,%f20
+/* 0x02b4	 359 (22 24) */		ld	[%i1+4],%g3
+/* 0x02b8	 360 (23 27) */		ldd	[%g5+56],%f2
+/* 0x02bc	 361 (23 28) */		fsubd	%f14,%f28,%f28
+/* 0x02c0	 362 (23 28) */		fmuld	%f24,%f8,%f24
+/* 0x02c4	 363 (24 25) */		stx	%o5,[%sp+128]
+/* 0x02c8	 364 (24 29) */		fdtox	%f18,%f18
+/* 0x02cc	 365 (25 26) */		std	%f18,[%sp+272]
+/* 0x02d0	 366 (25 30) */		fitod	%f17,%f16
+/* 0x02d4	 367 (25 30) */		fmuld	%f6,%f8,%f6
+/* 0x02d8	 368 (26 31) */		fsubd	%f14,%f10,%f10
+/* 0x02dc	 369 (27 32) */		fitod	%f20,%f18
+/* 0x02e0	 370 (28 33) */		fdtox	%f4,%f4
+/* 0x02e4	 371 (28 29) */		std	%f4,[%sp+264]
+/* 0x02e8	 372 (28 33) */		fmuld	%f28,%f8,%f28
+/* 0x02ec	 373 (29 31) */		ld	[%i1+8],%g4
+/* 0x02f0	 374 (29 34) */		fsubd	%f14,%f30,%f4
+/* 0x02f4	 375 (30 34) */		fxnor	%f0,%f22,%f22
+/* 0x02f8	 376 (30 32) */		ld	[%i1+12],%g5
+/* 0x02fc	 377 (31 33) */		ld	[%i1+16],%o0
+/* 0x0300	 378 (31 36) */		fitod	%f21,%f20
+/* 0x0304	 379 (31 36) */		fmuld	%f10,%f8,%f10
+/* 0x0308	 380 (32 34) */		ld	[%i1+20],%o1
+/* 0x030c	 381 (32 37) */		fdtox	%f24,%f24
+/* 0x0310	 382 (33 34) */		std	%f24,[%sp+256]
+/* 0x0314	 383 (33 38) */		fsubd	%f14,%f16,%f16
+/* 0x0318	 384 (34 36) */		ldx	[%sp+272],%o7
+/* 0x031c	 385 (34 39) */		fdtox	%f6,%f6
+/* 0x0320	 386 (34 39) */		fmuld	%f4,%f8,%f4
+/* 0x0324	 387 (35 36) */		std	%f6,[%sp+248]
+/* 0x0328	 388 (35 40) */		fitod	%f22,%f24
+/* 0x032c	 389 (36 38) */		ld	[%i1+32],%o4
+/* 0x0330	 390 (36 41) */		fsubd	%f14,%f18,%f6
+/* 0x0334	 391 (36 37) */		add	%o7,%g2,%g2
+/* 0x0338	 392 (37 39) */		ldx	[%sp+264],%o7
+/* 0x033c	 393 (37 41) */		fxnor	%f0,%f26,%f26
+/* 0x0340	 394 (37 38) */		srax	%g2,32,%o5
+/* 0x0344	 395 (38 39) */		st	%g2,[%i0]
+/* 0x0348	 396 (38 43) */		fitod	%f23,%f18
+/* 0x034c	 397 (38 43) */		fmuld	%f16,%f8,%f16
+/* 0x0350	 398 (39 41) */		ldx	[%sp+248],%g2
+/* 0x0354	 399 (39 44) */		fdtox	%f28,%f22
+/* 0x0358	 400 (39 40) */		add	%o7,%g3,%g3
+/* 0x035c	 401 (40 42) */		ldx	[%sp+256],%o7
+/* 0x0360	 402 (40 45) */		fsubd	%f14,%f20,%f20
+/* 0x0364	 403 (40 41) */		add	%g3,%o5,%g3
+/* 0x0368	 404 (41 42) */		std	%f22,[%sp+240]
+/* 0x036c	 405 (41 46) */		fitod	%f26,%f22
+/* 0x0370	 406 (41 42) */		srax	%g3,32,%o5
+/* 0x0374	 407 (41 42) */		add	%g2,%g5,%g2
+/* 0x0378	 408 (42 43) */		st	%g3,[%i0+4]
+/* 0x037c	 409 (42 47) */		fdtox	%f10,%f10
+/* 0x0380	 410 (42 43) */		add	%o7,%g4,%g4
+/* 0x0384	 411 (42 47) */		fmuld	%f6,%f8,%f6
+/* 0x0388	 412 (43 44) */		std	%f10,[%sp+232]
+/* 0x038c	 413 (43 47) */		fxnor	%f0,%f2,%f12
+/* 0x0390	 414 (43 44) */		add	%g4,%o5,%g4
+/* 0x0394	 415 (44 45) */		st	%g4,[%i0+8]
+/* 0x0398	 416 (44 45) */		srax	%g4,32,%o5
+/* 0x039c	 417 (44 49) */		fsubd	%f14,%f24,%f10
+/* 0x03a0	 418 (45 47) */		ldx	[%sp+240],%o7
+/* 0x03a4	 419 (45 50) */		fdtox	%f4,%f4
+/* 0x03a8	 420 (45 46) */		add	%g2,%o5,%g2
+/* 0x03ac	 421 (45 50) */		fmuld	%f20,%f8,%f20
+/* 0x03b0	 422 (46 47) */		std	%f4,[%sp+224]
+/* 0x03b4	 423 (46 47) */		srax	%g2,32,%g5
+/* 0x03b8	 424 (46 51) */		fsubd	%f14,%f18,%f4
+/* 0x03bc	 425 (47 48) */		st	%g2,[%i0+12]
+/* 0x03c0	 426 (47 52) */		fitod	%f27,%f24
+/* 0x03c4	 427 (47 48) */		add	%o7,%o0,%g3
+/* 0x03c8	 428 (48 50) */		ldx	[%sp+232],%o5
+/* 0x03cc	 429 (48 53) */		fdtox	%f16,%f16
+/* 0x03d0	 430 (48 49) */		add	%g3,%g5,%g2
+/* 0x03d4	 431 (49 50) */		std	%f16,[%sp+216]
+/* 0x03d8	 432 (49 50) */		srax	%g2,32,%g4
+/* 0x03dc	 433 (49 54) */		fitod	%f12,%f18
+/* 0x03e0	 434 (49 54) */		fmuld	%f10,%f8,%f10
+/* 0x03e4	 435 (50 51) */		st	%g2,[%i0+16]
+/* 0x03e8	 436 (50 55) */		fsubd	%f14,%f22,%f16
+/* 0x03ec	 437 (50 51) */		add	%o5,%o1,%g2
+/* 0x03f0	 438 (51 53) */		ld	[%i1+24],%o2
+/* 0x03f4	 439 (51 56) */		fitod	%f13,%f12
+/* 0x03f8	 440 (51 52) */		add	%g2,%g4,%g2
+/* 0x03fc	 441 (51 56) */		fmuld	%f4,%f8,%f22
+/* 0x0400	 442 (52 54) */		ldx	[%sp+224],%g3
+/* 0x0404	 443 (52 53) */		srax	%g2,32,%g4
+/* 0x0408	 444 (52 57) */		fdtox	%f6,%f6
+/* 0x040c	 445 (53 54) */		std	%f6,[%sp+208]
+/* 0x0410	 446 (53 58) */		fdtox	%f20,%f6
+/* 0x0414	 447 (54 55) */		stx	%o4,[%sp+136]
+/* 0x0418	 448 (54 59) */		fsubd	%f14,%f24,%f4
+/* 0x041c	 449 (55 56) */		std	%f6,[%sp+200]
+/* 0x0420	 450 (55 60) */		fsubd	%f14,%f18,%f6
+/* 0x0424	 451 (55 60) */		fmuld	%f16,%f8,%f16
+/* 0x0428	 452 (56 57) */		st	%g2,[%i0+20]
+/* 0x042c	 453 (56 57) */		add	%g3,%o2,%g2
+/* 0x0430	 454 (56 61) */		fdtox	%f10,%f10
+/* 0x0434	 455 (57 59) */		ld	[%i1+28],%o3
+/* 0x0438	 456 (57 58) */		add	%g2,%g4,%g2
+/* 0x043c	 457 (58 60) */		ldx	[%sp+216],%g5
+/* 0x0440	 458 (58 59) */		srax	%g2,32,%g4
+/* 0x0444	 459 (59 60) */		std	%f10,[%sp+192]
+/* 0x0448	 460 (59 64) */		fsubd	%f14,%f12,%f10
+/* 0x044c	 461 (59 64) */		fmuld	%f4,%f8,%f4
+/* 0x0450	 462 (60 61) */		st	%g2,[%i0+24]
+/* 0x0454	 463 (60 61) */		add	%g5,%o3,%g2
+/* 0x0458	 464 (60 65) */		fdtox	%f22,%f12
+/* 0x045c	 465 (60 65) */		fmuld	%f6,%f8,%f6
+/* 0x0460	 466 (61 63) */		ldx	[%sp+136],%o0
+/* 0x0464	 467 (61 62) */		add	%g2,%g4,%g2
+/* 0x0468	 468 (62 64) */		ldx	[%sp+208],%g3
+/* 0x046c	 469 (62 63) */		srax	%g2,32,%g4
+/* 0x0470	 470 (63 65) */		ldx	[%sp+120],%o1
+/* 0x0474	 471 (64 66) */		ldx	[%sp+200],%g5
+/* 0x0478	 472 (64 65) */		add	%g3,%o0,%g3
+/* 0x047c	 473 (64 69) */		fdtox	%f4,%f4
+/* 0x0480	 474 (64 69) */		fmuld	%f10,%f8,%f8
+/* 0x0484	 475 (65 66) */		std	%f12,[%sp+184]
+/* 0x0488	 476 (65 66) */		add	%g3,%g4,%g3
+/* 0x048c	 477 (65 70) */		fdtox	%f16,%f12
+/* 0x0490	 478 (66 67) */		std	%f12,[%sp+176]
+/* 0x0494	 479 (66 67) */		srax	%g3,32,%o0
+/* 0x0498	 480 (66 67) */		add	%g5,%o1,%g5
+/* 0x049c	 481 (67 69) */		ldx	[%sp+192],%o2
+/* 0x04a0	 482 (67 68) */		add	%g5,%o0,%g5
+/* 0x04a4	 483 (68 70) */		ldx	[%sp+96],%g4
+/* 0x04a8	 484 (68 69) */		srax	%g5,32,%o1
+/* 0x04ac	 485 (69 71) */		ld	[%i1+56],%o4
+/* 0x04b0	 486 (70 72) */		ldx	[%sp+104],%o0
+/* 0x04b4	 487 (70 71) */		add	%o2,%g4,%g4
+/* 0x04b8	 488 (71 72) */		std	%f4,[%sp+168]
+/* 0x04bc	 489 (71 72) */		add	%g4,%o1,%g4
+/* 0x04c0	 490 (71 76) */		fdtox	%f6,%f4
+/* 0x04c4	 491 (72 74) */		ldx	[%sp+184],%o3
+/* 0x04c8	 492 (72 73) */		srax	%g4,32,%o2
+/* 0x04cc	 493 (73 75) */		ldx	[%sp+112],%o1
+/* 0x04d0	 494 (74 75) */		std	%f4,[%sp+160]
+/* 0x04d4	 495 (74 75) */		add	%o3,%o0,%o0
+/* 0x04d8	 496 (74 79) */		fdtox	%f8,%f4
+/* 0x04dc	 497 (75 77) */		ldx	[%sp+176],%o5
+/* 0x04e0	 498 (75 76) */		add	%o0,%o2,%o0
+/* 0x04e4	 499 (76 77) */		stx	%o4,[%sp+144]
+/* 0x04e8	 500 (77 78) */		st	%g2,[%i0+28]
+/* 0x04ec	 501 (77 78) */		add	%o5,%o1,%g2
+/* 0x04f0	 502 (77 78) */		srax	%o0,32,%o1
+/* 0x04f4	 503 (78 79) */		std	%f4,[%sp+152]
+/* 0x04f8	 504 (78 79) */		add	%g2,%o1,%o1
+/* 0x04fc	 505 (79 81) */		ldx	[%sp+168],%o7
+/* 0x0500	 506 (79 80) */		srax	%o1,32,%o3
+/* 0x0504	 507 (80 82) */		ldx	[%sp+128],%o2
+/* 0x0508	 508 (81 83) */		ld	[%i1+60],%o4
+/* 0x050c	 509 (82 83) */		add	%o7,%o2,%o2
+/* 0x0510	 510 (83 84) */		add	%o2,%o3,%o2
+/* 0x0514	 511 (83 85) */		ldx	[%sp+144],%o5
+/* 0x0518	 512 (84 86) */		ldx	[%sp+160],%g2
+/* 0x051c	 513 (85 87) */		ldx	[%sp+152],%o3
+/* 0x0520	 514 (86 87) */		st	%g3,[%i0+32]
+/* 0x0524	 515 (86 87) */		add	%g2,%o5,%g2
+/* 0x0528	 516 (86 87) */		srax	%o2,32,%o5
+/* 0x052c	 517 (87 88) */		st	%g5,[%i0+36]
+/* 0x0530	 518 (87 88) */		add	%g2,%o5,%g2
+/* 0x0534	 519 (87 88) */		add	%o3,%o4,%g3
+/* 0x0538	 520 (88 89) */		st	%o0,[%i0+44]
+/* 0x053c	 521 (88 89) */		srax	%g2,32,%g5
+/* 0x0540	 522 (89 90) */		st	%o1,[%i0+48]
+/* 0x0544	 523 (89 90) */		add	%g3,%g5,%g3
+/* 0x0548	 524 (90 91) */		st	%o2,[%i0+52]
+/* 0x054c	 528 (90 91) */		srax	%g3,32,%o7
+/* 0x0550	 529 (91 92) */		st	%g4,[%i0+40]
+/* 0x0554	 530 (92 93) */		st	%g2,[%i0+56]
+/* 0x0558	 531 (93 94) */		st	%g3,[%i0+60]
+/* 0x055c	 532 (93 94) */		or	%g0,%o7,%i0
+/* 0x0560	     (94 101) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0564	     (96 98) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000076
+!
+
+        .L77000076:		/* frequency 1.0 confidence 0.0 */
+/* 0x0568	 540 ( 0  4) */		ldd	[%o0],%f6
+/* 0x056c	 546 ( 0  1) */		add	%o2,1,%g2
+/* 0x0570	 547 ( 0  3) */		fmovd	%f0,%f14
+/* 0x0574	 548 ( 0  1) */		or	%g0,0,%o7
+/* 0x0578	 549 ( 1  3) */		ld	[%fp+84],%f9
+/* 0x057c	 550 ( 1  2) */		srl	%g2,31,%g3
+/* 0x0580	 551 ( 1  2) */		add	%fp,-2264,%o5
+/* 0x0584	 552 ( 2  3) */		add	%g2,%g3,%g2
+/* 0x0588	 553 ( 2  6) */		ldd	[%o0+8],%f18
+/* 0x058c	 554 ( 2  3) */		add	%fp,-2256,%o4
+/* 0x0590	 555 ( 3  6) */		fmovs	%f6,%f8
+/* 0x0594	 556 ( 3  4) */		sra	%g2,1,%o1
+/* 0x0598	 557 ( 3  4) */		or	%g0,0,%g2
+/* 0x059c	 558 ( 4  5) */		subcc	%o1,0,%g0
+/* 0x05a0	 559 ( 4  5) */		sub	%o1,1,%o2
+/* 0x05a4	 563 ( 5  6) */		add	%g5,32,%o0
+/* 0x05a8	 564 ( 6 11) */		fsubd	%f8,%f6,%f16
+/* 0x05ac	 565 ( 6  7) */		ble,pt	%icc,.L900000161	! tprob=0.50
+/* 0x05b0	     ( 6  7) */		subcc	%o3,0,%g0
+/* 0x05b4	 567 ( 7  8) */		subcc	%o1,7,%g0
+/* 0x05b8	 568 ( 7  8) */		bl,pn	%icc,.L77000077	! tprob=0.50
+/* 0x05bc	     ( 7  8) */		sub	%o1,2,%o1
+/* 0x05c0	 570 ( 8 12) */		ldd	[%g5],%f2
+/* 0x05c4	 571 ( 9 13) */		ldd	[%g5+8],%f4
+/* 0x05c8	 572 ( 9 10) */		or	%g0,5,%g2
+/* 0x05cc	 573 (10 14) */		ldd	[%g5+16],%f0
+/* 0x05d0	 574 (11 15) */		fxnor	%f14,%f2,%f2
+/* 0x05d4	 575 (11 15) */		ldd	[%g5+24],%f12
+/* 0x05d8	 576 (12 16) */		fxnor	%f14,%f4,%f6
+/* 0x05dc	 577 (12 16) */		ldd	[%g5+32],%f10
+/* 0x05e0	 578 (13 17) */		fxnor	%f14,%f0,%f8
+/* 0x05e4	 579 (15 20) */		fitod	%f3,%f0
+/* 0x05e8	 580 (16 21) */		fitod	%f2,%f4
+/* 0x05ec	 581 (17 22) */		fitod	%f7,%f2
+/* 0x05f0	 582 (18 23) */		fitod	%f6,%f6
+/* 0x05f4	 583 (20 25) */		fsubd	%f18,%f0,%f0
+/* 0x05f8	 584 (21 26) */		fsubd	%f18,%f4,%f4
+
+!
+! ENTRY .L900000149
+!
+
+        .L900000149:		/* frequency 1.0 confidence 0.0 */
+/* 0x05fc	 586 ( 0  4) */		fxnor	%f14,%f12,%f22
+/* 0x0600	 587 ( 0  5) */		fmuld	%f4,%f16,%f4
+/* 0x0604	 588 ( 0  1) */		add	%g2,2,%g2
+/* 0x0608	 589 ( 0  1) */		add	%o4,32,%o4
+/* 0x060c	 590 ( 1  6) */		fitod	%f9,%f24
+/* 0x0610	 591 ( 1  6) */		fmuld	%f0,%f16,%f20
+/* 0x0614	 592 ( 1  2) */		add	%o0,8,%o0
+/* 0x0618	 593 ( 1  2) */		subcc	%g2,%o1,%g0
+/* 0x061c	 594 ( 2  6) */		ldd	[%o0],%f12
+/* 0x0620	 595 ( 2  7) */		fsubd	%f18,%f2,%f0
+/* 0x0624	 596 ( 2  3) */		add	%o5,32,%o5
+/* 0x0628	 597 ( 3  8) */		fsubd	%f18,%f6,%f2
+/* 0x062c	 598 ( 5 10) */		fdtox	%f4,%f4
+/* 0x0630	 599 ( 6 11) */		fdtox	%f20,%f6
+/* 0x0634	 600 ( 6  7) */		std	%f4,[%o5-32]
+/* 0x0638	 601 ( 7 12) */		fitod	%f8,%f4
+/* 0x063c	 602 ( 7  8) */		std	%f6,[%o4-32]
+/* 0x0640	 603 ( 8 12) */		fxnor	%f14,%f10,%f8
+/* 0x0644	 604 ( 8 13) */		fmuld	%f2,%f16,%f6
+/* 0x0648	 605 ( 9 14) */		fitod	%f23,%f2
+/* 0x064c	 606 ( 9 14) */		fmuld	%f0,%f16,%f20
+/* 0x0650	 607 ( 9 10) */		add	%o0,8,%o0
+/* 0x0654	 608 (10 14) */		ldd	[%o0],%f10
+/* 0x0658	 609 (10 15) */		fsubd	%f18,%f24,%f0
+/* 0x065c	 610 (12 17) */		fsubd	%f18,%f4,%f4
+/* 0x0660	 611 (13 18) */		fdtox	%f6,%f6
+/* 0x0664	 612 (14 19) */		fdtox	%f20,%f20
+/* 0x0668	 613 (14 15) */		std	%f6,[%o5-16]
+/* 0x066c	 614 (15 20) */		fitod	%f22,%f6
+/* 0x0670	 615 (15 16) */		ble,pt	%icc,.L900000149	! tprob=0.50
+/* 0x0674	     (15 16) */		std	%f20,[%o4-16]
+
+!
+! ENTRY .L900000152
+!
+
+        .L900000152:		/* frequency 1.0 confidence 0.0 */
+/* 0x0678	 618 ( 0  4) */		fxnor	%f14,%f12,%f12
+/* 0x067c	 619 ( 0  5) */		fmuld	%f0,%f16,%f22
+/* 0x0680	 620 ( 0  1) */		add	%o5,80,%o5
+/* 0x0684	 621 ( 0  1) */		add	%o4,80,%o4
+/* 0x0688	 622 ( 1  5) */		fxnor	%f14,%f10,%f0
+/* 0x068c	 623 ( 1  6) */		fmuld	%f4,%f16,%f24
+/* 0x0690	 624 ( 1  2) */		subcc	%g2,%o2,%g0
+/* 0x0694	 625 ( 1  2) */		add	%o0,8,%g5
+/* 0x0698	 626 ( 2  7) */		fitod	%f8,%f20
+/* 0x069c	 627 ( 3  8) */		fitod	%f9,%f8
+/* 0x06a0	 628 ( 4  9) */		fsubd	%f18,%f6,%f6
+/* 0x06a4	 629 ( 5 10) */		fitod	%f12,%f26
+/* 0x06a8	 630 ( 6 11) */		fitod	%f13,%f4
+/* 0x06ac	 631 ( 7 12) */		fsubd	%f18,%f2,%f12
+/* 0x06b0	 632 ( 8 13) */		fitod	%f0,%f2
+/* 0x06b4	 633 ( 9 14) */		fitod	%f1,%f0
+/* 0x06b8	 634 (10 15) */		fsubd	%f18,%f20,%f10
+/* 0x06bc	 635 (10 15) */		fmuld	%f6,%f16,%f20
+/* 0x06c0	 636 (11 16) */		fsubd	%f18,%f8,%f8
+/* 0x06c4	 637 (12 17) */		fsubd	%f18,%f26,%f6
+/* 0x06c8	 638 (12 17) */		fmuld	%f12,%f16,%f12
+/* 0x06cc	 639 (13 18) */		fsubd	%f18,%f4,%f4
+/* 0x06d0	 640 (14 19) */		fsubd	%f18,%f2,%f2
+/* 0x06d4	 641 (15 20) */		fsubd	%f18,%f0,%f0
+/* 0x06d8	 642 (15 20) */		fmuld	%f10,%f16,%f10
+/* 0x06dc	 643 (16 21) */		fdtox	%f24,%f24
+/* 0x06e0	 644 (16 17) */		std	%f24,[%o5-80]
+/* 0x06e4	 645 (16 21) */		fmuld	%f8,%f16,%f8
+/* 0x06e8	 646 (17 22) */		fdtox	%f22,%f22
+/* 0x06ec	 647 (17 18) */		std	%f22,[%o4-80]
+/* 0x06f0	 648 (17 22) */		fmuld	%f6,%f16,%f6
+/* 0x06f4	 649 (18 23) */		fdtox	%f20,%f20
+/* 0x06f8	 650 (18 19) */		std	%f20,[%o5-64]
+/* 0x06fc	 651 (18 23) */		fmuld	%f4,%f16,%f4
+/* 0x0700	 652 (19 24) */		fdtox	%f12,%f12
+/* 0x0704	 653 (19 20) */		std	%f12,[%o4-64]
+/* 0x0708	 654 (19 24) */		fmuld	%f2,%f16,%f2
+/* 0x070c	 655 (20 25) */		fdtox	%f10,%f10
+/* 0x0710	 656 (20 21) */		std	%f10,[%o5-48]
+/* 0x0714	 657 (20 25) */		fmuld	%f0,%f16,%f0
+/* 0x0718	 658 (21 26) */		fdtox	%f8,%f8
+/* 0x071c	 659 (21 22) */		std	%f8,[%o4-48]
+/* 0x0720	 660 (22 27) */		fdtox	%f6,%f6
+/* 0x0724	 661 (22 23) */		std	%f6,[%o5-32]
+/* 0x0728	 662 (23 28) */		fdtox	%f4,%f4
+/* 0x072c	 663 (23 24) */		std	%f4,[%o4-32]
+/* 0x0730	 664 (24 29) */		fdtox	%f2,%f2
+/* 0x0734	 665 (24 25) */		std	%f2,[%o5-16]
+/* 0x0738	 666 (25 30) */		fdtox	%f0,%f0
+/* 0x073c	 667 (25 26) */		bg,pn	%icc,.L77000043	! tprob=0.50
+/* 0x0740	     (25 26) */		std	%f0,[%o4-16]
+
+!
+! ENTRY .L77000077
+!
+
+        .L77000077:		/* frequency 1.0 confidence 0.0 */
+/* 0x0744	 670 ( 0  4) */		ldd	[%g5],%f0
+
+!
+! ENTRY .L900000160
+!
+
+        .L900000160:		/* frequency 1.0 confidence 0.0 */
+/* 0x0748	 672 ( 0  4) */		fxnor	%f14,%f0,%f0
+/* 0x074c	 673 ( 0  1) */		add	%g2,1,%g2
+/* 0x0750	 674 ( 0  1) */		add	%g5,8,%g5
+/* 0x0754	 675 ( 1  2) */		subcc	%g2,%o2,%g0
+/* 0x0758	 676 ( 4  9) */		fitod	%f0,%f2
+/* 0x075c	 677 ( 5 10) */		fitod	%f1,%f0
+/* 0x0760	 678 ( 9 14) */		fsubd	%f18,%f2,%f2
+/* 0x0764	 679 (10 15) */		fsubd	%f18,%f0,%f0
+/* 0x0768	 680 (14 19) */		fmuld	%f2,%f16,%f2
+/* 0x076c	 681 (15 20) */		fmuld	%f0,%f16,%f0
+/* 0x0770	 682 (19 24) */		fdtox	%f2,%f2
+/* 0x0774	 683 (19 20) */		std	%f2,[%o5]
+/* 0x0778	 684 (19 20) */		add	%o5,16,%o5
+/* 0x077c	 685 (20 25) */		fdtox	%f0,%f0
+/* 0x0780	 686 (20 21) */		std	%f0,[%o4]
+/* 0x0784	 687 (20 21) */		add	%o4,16,%o4
+/* 0x0788	 688 (20 21) */		ble,a,pt	%icc,.L900000160	! tprob=0.50
+/* 0x078c	     (23 27) */		ldd	[%g5],%f0
+
+!
+! ENTRY .L77000043
+!
+
+        .L77000043:		/* frequency 1.0 confidence 0.0 */
+/* 0x0790	 696 ( 0  1) */		subcc	%o3,0,%g0
+
+!
+! ENTRY .L900000161
+!
+
+        .L900000161:		/* frequency 1.0 confidence 0.0 */
+/* 0x0794	 698 ( 0  1) */		ble,a,pt	%icc,.L900000159	! tprob=0.50
+/* 0x0798	     ( 0  1) */		or	%g0,%o7,%i0
+/* 0x079c	 703 ( 0  2) */		ldx	[%fp-2256],%o2
+/* 0x07a0	 704 ( 0  1) */		or	%g0,%i1,%g3
+/* 0x07a4	 705 ( 1  2) */		sub	%o3,1,%o5
+/* 0x07a8	 706 ( 1  2) */		or	%g0,0,%g4
+/* 0x07ac	 707 ( 2  3) */		add	%fp,-2264,%g5
+/* 0x07b0	 708 ( 2  3) */		or	%g0,%i0,%g2
+/* 0x07b4	 709 ( 3  4) */		subcc	%o3,6,%g0
+/* 0x07b8	 710 ( 3  4) */		sub	%o5,2,%o4
+/* 0x07bc	 711 ( 3  4) */		bl,pn	%icc,.L77000078	! tprob=0.50
+/* 0x07c0	     ( 3  5) */		ldx	[%fp-2264],%o0
+/* 0x07c4	 713 ( 4  6) */		ld	[%g3],%o1
+/* 0x07c8	 714 ( 4  5) */		add	%g2,4,%g2
+/* 0x07cc	 715 ( 4  5) */		or	%g0,3,%g4
+/* 0x07d0	 716 ( 5  7) */		ld	[%g3+4],%o3
+/* 0x07d4	 717 ( 5  6) */		add	%g3,8,%g3
+/* 0x07d8	 718 ( 5  6) */		add	%fp,-2240,%g5
+/* 0x07dc	 719 ( 6  7) */		add	%o0,%o1,%o0
+/* 0x07e0	 720 ( 6  8) */		ldx	[%fp-2248],%o1
+/* 0x07e4	 721 ( 7  8) */		st	%o0,[%g2-4]
+/* 0x07e8	 722 ( 7  8) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000145
+!
+
+        .L900000145:		/* frequency 1.0 confidence 0.0 */
+/* 0x07ec	 724 ( 0  2) */		ld	[%g3],%o7
+/* 0x07f0	 725 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x07f4	 726 ( 0  1) */		sra	%o0,0,%o3
+/* 0x07f8	 727 ( 1  3) */		ldx	[%g5],%o0
+/* 0x07fc	 728 ( 1  2) */		add	%o2,%o3,%o2
+/* 0x0800	 729 ( 1  2) */		add	%g4,3,%g4
+/* 0x0804	 730 ( 2  3) */		st	%o2,[%g2]
+/* 0x0808	 731 ( 2  3) */		srax	%o2,32,%o3
+/* 0x080c	 732 ( 2  3) */		subcc	%g4,%o4,%g0
+/* 0x0810	 733 ( 3  5) */		ld	[%g3+4],%o2
+/* 0x0814	 734 ( 4  5) */		stx	%o2,[%sp+96]
+/* 0x0818	 735 ( 4  5) */		add	%o1,%o7,%o1
+/* 0x081c	 736 ( 5  7) */		ldx	[%g5+8],%o2
+/* 0x0820	 737 ( 5  6) */		add	%o1,%o3,%o1
+/* 0x0824	 738 ( 5  6) */		add	%g2,12,%g2
+/* 0x0828	 739 ( 6  7) */		st	%o1,[%g2-8]
+/* 0x082c	 740 ( 6  7) */		srax	%o1,32,%o7
+/* 0x0830	 741 ( 6  7) */		add	%g3,12,%g3
+/* 0x0834	 742 ( 7  9) */		ld	[%g3-4],%o3
+/* 0x0838	 743 ( 8 10) */		ldx	[%sp+96],%o1
+/* 0x083c	 744 (10 11) */		add	%o0,%o1,%o0
+/* 0x0840	 745 (10 12) */		ldx	[%g5+16],%o1
+/* 0x0844	 746 (11 12) */		add	%o0,%o7,%o0
+/* 0x0848	 747 (11 12) */		add	%g5,24,%g5
+/* 0x084c	 748 (11 12) */		st	%o0,[%g2-4]
+/* 0x0850	 749 (11 12) */		ble,pt	%icc,.L900000145	! tprob=0.50
+/* 0x0854	     (12 13) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000148
+!
+
+        .L900000148:		/* frequency 1.0 confidence 0.0 */
+/* 0x0858	 752 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x085c	 753 ( 0  1) */		sra	%o0,0,%o3
+/* 0x0860	 754 ( 0  2) */		ld	[%g3],%o0
+/* 0x0864	 755 ( 1  2) */		add	%o2,%o3,%o3
+/* 0x0868	 756 ( 1  2) */		add	%g2,8,%g2
+/* 0x086c	 757 ( 2  3) */		srax	%o3,32,%o2
+/* 0x0870	 758 ( 2  3) */		st	%o3,[%g2-8]
+/* 0x0874	 759 ( 2  3) */		add	%o1,%o0,%o0
+/* 0x0878	 760 ( 3  4) */		add	%o0,%o2,%o0
+/* 0x087c	 761 ( 3  4) */		st	%o0,[%g2-4]
+/* 0x0880	 762 ( 3  4) */		subcc	%g4,%o5,%g0
+/* 0x0884	 763 ( 3  4) */		bg,pn	%icc,.L77000061	! tprob=0.50
+/* 0x0888	     ( 4  5) */		srax	%o0,32,%o7
+/* 0x088c	 765 ( 4  5) */		add	%g3,4,%g3
+
+!
+! ENTRY .L77000078
+!
+
+        .L77000078:		/* frequency 1.0 confidence 0.0 */
+/* 0x0890	 767 ( 0  2) */		ld	[%g3],%o2
+
+!
+! ENTRY .L900000158
+!
+
+        .L900000158:		/* frequency 1.0 confidence 0.0 */
+/* 0x0894	 769 ( 0  2) */		ldx	[%g5],%o0
+/* 0x0898	 770 ( 0  1) */		sra	%o7,0,%o1
+/* 0x089c	 771 ( 0  1) */		add	%g4,1,%g4
+/* 0x08a0	 772 ( 1  2) */		add	%g3,4,%g3
+/* 0x08a4	 773 ( 1  2) */		add	%g5,8,%g5
+/* 0x08a8	 774 ( 2  3) */		add	%o0,%o2,%o0
+/* 0x08ac	 775 ( 2  3) */		subcc	%g4,%o5,%g0
+/* 0x08b0	 776 ( 3  4) */		add	%o0,%o1,%o0
+/* 0x08b4	 777 ( 3  4) */		st	%o0,[%g2]
+/* 0x08b8	 778 ( 3  4) */		add	%g2,4,%g2
+/* 0x08bc	 779 ( 4  5) */		srax	%o0,32,%o7
+/* 0x08c0	 780 ( 4  5) */		ble,a,pt	%icc,.L900000158	! tprob=0.50
+/* 0x08c4	     ( 4  6) */		ld	[%g3],%o2
+
+!
+! ENTRY .L77000047
+!
+
+        .L77000047:		/* frequency 1.0 confidence 0.0 */
+/* 0x08c8	 783 ( 0  1) */		or	%g0,%o7,%i0
+/* 0x08cc	     ( 1  8) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x08d0	     ( 3  5) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000048
+!
+
+        .L77000048:		/* frequency 1.0 confidence 0.0 */
+/* 0x08d4	 794 ( 0  1) */		bne,pn	%icc,.L77000050	! tprob=0.50
+/* 0x08d8	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x08dc	 796 ( 0  4) */		ldd	[%g5],%f4
+/* 0x08e0	 804 ( 0  1) */		srl	%o1,19,%g3
+/* 0x08e4	 805 ( 1  2) */		st	%g3,[%sp+240]
+/* 0x08e8	 806 ( 1  2) */		andn	%o1,%g2,%g2
+/* 0x08ec	 807 ( 2  6) */		ldd	[%o0],%f8
+/* 0x08f0	 808 ( 3  4) */		st	%g2,[%sp+244]
+/* 0x08f4	 809 ( 3  7) */		fxnor	%f0,%f4,%f4
+/* 0x08f8	 810 ( 4  8) */		ldd	[%g5+8],%f6
+/* 0x08fc	 814 ( 5  9) */		ldd	[%o0+8],%f18
+/* 0x0900	 815 ( 5  8) */		fmovs	%f8,%f12
+/* 0x0904	 816 ( 6 10) */		ldd	[%g5+16],%f10
+/* 0x0908	 817 ( 6  9) */		fmovs	%f8,%f16
+/* 0x090c	 818 ( 7 11) */		ldd	[%g5+24],%f20
+/* 0x0910	 819 ( 7 12) */		fitod	%f4,%f14
+/* 0x0914	 823 ( 8 10) */		ld	[%i1],%g2
+/* 0x0918	 824 ( 8 13) */		fitod	%f5,%f4
+/* 0x091c	 825 ( 9 11) */		ld	[%sp+240],%f13
+/* 0x0920	 826 ( 9 13) */		fxnor	%f0,%f6,%f6
+/* 0x0924	 827 (10 12) */		ld	[%sp+244],%f17
+/* 0x0928	 828 (10 14) */		fxnor	%f0,%f10,%f10
+/* 0x092c	 829 (11 13) */		ld	[%i1+28],%o3
+/* 0x0930	 830 (11 15) */		fxnor	%f0,%f20,%f20
+/* 0x0934	 831 (12 14) */		ld	[%i1+4],%g3
+/* 0x0938	 832 (12 17) */		fsubd	%f12,%f8,%f12
+/* 0x093c	 833 (13 14) */		stx	%o3,[%sp+96]
+/* 0x0940	 834 (13 18) */		fsubd	%f18,%f14,%f14
+/* 0x0944	 835 (14 16) */		ld	[%i1+8],%g4
+/* 0x0948	 836 (14 19) */		fsubd	%f16,%f8,%f8
+/* 0x094c	 837 (15 17) */		ld	[%i1+12],%g5
+/* 0x0950	 838 (15 20) */		fsubd	%f18,%f4,%f4
+/* 0x0954	 839 (16 18) */		ld	[%i1+16],%o0
+/* 0x0958	 840 (16 21) */		fitod	%f6,%f22
+/* 0x095c	 841 (17 19) */		ld	[%i1+20],%o1
+/* 0x0960	 842 (17 22) */		fitod	%f7,%f6
+/* 0x0964	 843 (18 20) */		ld	[%i1+24],%o2
+/* 0x0968	 844 (18 23) */		fitod	%f10,%f16
+/* 0x096c	 845 (18 23) */		fmuld	%f14,%f12,%f24
+/* 0x0970	 846 (19 24) */		fitod	%f20,%f28
+/* 0x0974	 847 (19 24) */		fmuld	%f14,%f8,%f14
+/* 0x0978	 848 (20 25) */		fitod	%f11,%f10
+/* 0x097c	 849 (20 25) */		fmuld	%f4,%f12,%f26
+/* 0x0980	 850 (21 26) */		fsubd	%f18,%f22,%f22
+/* 0x0984	 851 (21 26) */		fmuld	%f4,%f8,%f4
+/* 0x0988	 852 (22 27) */		fsubd	%f18,%f6,%f6
+/* 0x098c	 853 (23 28) */		fdtox	%f24,%f24
+/* 0x0990	 854 (23 24) */		std	%f24,[%sp+224]
+/* 0x0994	 855 (24 29) */		fdtox	%f14,%f14
+/* 0x0998	 856 (24 25) */		std	%f14,[%sp+232]
+/* 0x099c	 857 (25 30) */		fdtox	%f26,%f14
+/* 0x09a0	 858 (25 26) */		std	%f14,[%sp+208]
+/* 0x09a4	 859 (26 28) */		ldx	[%sp+224],%o4
+/* 0x09a8	 860 (26 31) */		fitod	%f21,%f20
+/* 0x09ac	 861 (26 31) */		fmuld	%f22,%f12,%f30
+/* 0x09b0	 862 (27 29) */		ldx	[%sp+232],%o5
+/* 0x09b4	 863 (27 32) */		fsubd	%f18,%f16,%f16
+/* 0x09b8	 864 (27 32) */		fmuld	%f22,%f8,%f22
+/* 0x09bc	 865 (28 29) */		sllx	%o4,19,%o4
+/* 0x09c0	 866 (28 33) */		fdtox	%f4,%f4
+/* 0x09c4	 867 (28 29) */		std	%f4,[%sp+216]
+/* 0x09c8	 868 (28 33) */		fmuld	%f6,%f12,%f24
+/* 0x09cc	 869 (29 34) */		fsubd	%f18,%f28,%f26
+/* 0x09d0	 870 (29 30) */		add	%o5,%o4,%o4
+/* 0x09d4	 871 (29 34) */		fmuld	%f6,%f8,%f6
+/* 0x09d8	 872 (30 35) */		fsubd	%f18,%f10,%f10
+/* 0x09dc	 873 (30 31) */		add	%o4,%g2,%g2
+/* 0x09e0	 874 (30 31) */		st	%g2,[%i0]
+/* 0x09e4	 875 (31 33) */		ldx	[%sp+208],%o7
+/* 0x09e8	 876 (31 32) */		srlx	%g2,32,%o5
+/* 0x09ec	 877 (31 36) */		fsubd	%f18,%f20,%f18
+/* 0x09f0	 878 (32 37) */		fdtox	%f30,%f28
+/* 0x09f4	 879 (32 33) */		std	%f28,[%sp+192]
+/* 0x09f8	 880 (32 37) */		fmuld	%f16,%f12,%f14
+/* 0x09fc	 881 (33 34) */		sllx	%o7,19,%o4
+/* 0x0a00	 882 (33 35) */		ldx	[%sp+216],%o7
+/* 0x0a04	 883 (33 38) */		fdtox	%f22,%f20
+/* 0x0a08	 884 (33 38) */		fmuld	%f16,%f8,%f16
+/* 0x0a0c	 885 (34 35) */		std	%f20,[%sp+200]
+/* 0x0a10	 886 (34 39) */		fdtox	%f24,%f20
+/* 0x0a14	 887 (34 39) */		fmuld	%f26,%f12,%f22
+/* 0x0a18	 888 (35 36) */		std	%f20,[%sp+176]
+/* 0x0a1c	 889 (35 36) */		add	%o7,%o4,%o4
+/* 0x0a20	 890 (35 40) */		fdtox	%f6,%f6
+/* 0x0a24	 891 (35 40) */		fmuld	%f10,%f12,%f4
+/* 0x0a28	 892 (36 38) */		ldx	[%sp+192],%o3
+/* 0x0a2c	 893 (36 37) */		add	%o4,%g3,%g3
+/* 0x0a30	 894 (36 41) */		fmuld	%f10,%f8,%f10
+/* 0x0a34	 895 (37 38) */		std	%f6,[%sp+184]
+/* 0x0a38	 896 (37 38) */		add	%g3,%o5,%g3
+/* 0x0a3c	 897 (37 42) */		fdtox	%f14,%f6
+/* 0x0a40	 898 (37 42) */		fmuld	%f26,%f8,%f20
+/* 0x0a44	 899 (38 40) */		ldx	[%sp+200],%o4
+/* 0x0a48	 900 (38 39) */		sllx	%o3,19,%o3
+/* 0x0a4c	 901 (38 39) */		srlx	%g3,32,%o5
+/* 0x0a50	 902 (38 43) */		fdtox	%f16,%f14
+/* 0x0a54	 903 (39 40) */		std	%f6,[%sp+160]
+/* 0x0a58	 904 (39 44) */		fmuld	%f18,%f12,%f12
+/* 0x0a5c	 905 (40 42) */		ldx	[%sp+176],%o7
+/* 0x0a60	 906 (40 41) */		add	%o4,%o3,%o3
+/* 0x0a64	 907 (40 45) */		fdtox	%f4,%f16
+/* 0x0a68	 908 (40 45) */		fmuld	%f18,%f8,%f18
+/* 0x0a6c	 909 (41 42) */		std	%f14,[%sp+168]
+/* 0x0a70	 910 (41 42) */		add	%o3,%g4,%g4
+/* 0x0a74	 911 (41 46) */		fdtox	%f10,%f4
+/* 0x0a78	 912 (42 44) */		ldx	[%sp+184],%o3
+/* 0x0a7c	 913 (42 43) */		sllx	%o7,19,%o4
+/* 0x0a80	 914 (42 43) */		add	%g4,%o5,%g4
+/* 0x0a84	 915 (42 47) */		fdtox	%f22,%f14
+/* 0x0a88	 916 (43 44) */		std	%f16,[%sp+144]
+/* 0x0a8c	 917 (43 44) */		srlx	%g4,32,%o5
+/* 0x0a90	 918 (43 48) */		fdtox	%f20,%f6
+/* 0x0a94	 919 (44 46) */		ldx	[%sp+160],%o7
+/* 0x0a98	 920 (44 45) */		add	%o3,%o4,%o3
+/* 0x0a9c	 921 (44 49) */		fdtox	%f12,%f16
+/* 0x0aa0	 922 (45 46) */		std	%f4,[%sp+152]
+/* 0x0aa4	 923 (45 46) */		add	%o3,%g5,%g5
+/* 0x0aa8	 924 (45 50) */		fdtox	%f18,%f8
+/* 0x0aac	 925 (46 48) */		ldx	[%sp+168],%o3
+/* 0x0ab0	 926 (46 47) */		sllx	%o7,19,%o4
+/* 0x0ab4	 927 (46 47) */		add	%g5,%o5,%g5
+/* 0x0ab8	 928 (47 48) */		std	%f14,[%sp+128]
+/* 0x0abc	 929 (47 48) */		srlx	%g5,32,%o5
+/* 0x0ac0	 930 (48 49) */		std	%f6,[%sp+136]
+/* 0x0ac4	 931 (48 49) */		add	%o3,%o4,%o3
+/* 0x0ac8	 932 (49 50) */		std	%f16,[%sp+112]
+/* 0x0acc	 933 (49 50) */		add	%o3,%o0,%o0
+/* 0x0ad0	 934 (50 52) */		ldx	[%sp+144],%o7
+/* 0x0ad4	 935 (50 51) */		add	%o0,%o5,%o0
+/* 0x0ad8	 936 (51 53) */		ldx	[%sp+152],%o3
+/* 0x0adc	 937 (52 53) */		std	%f8,[%sp+120]
+/* 0x0ae0	 938 (52 53) */		sllx	%o7,19,%o4
+/* 0x0ae4	 939 (52 53) */		srlx	%o0,32,%o7
+/* 0x0ae8	 940 (53 54) */		stx	%o0,[%sp+104]
+/* 0x0aec	 941 (53 54) */		add	%o3,%o4,%o3
+/* 0x0af0	 942 (54 56) */		ldx	[%sp+128],%o5
+/* 0x0af4	 943 (54 55) */		add	%o3,%o1,%o1
+/* 0x0af8	 944 (55 57) */		ldx	[%sp+136],%o0
+/* 0x0afc	 945 (55 56) */		add	%o1,%o7,%o1
+/* 0x0b00	 946 (56 57) */		st	%g3,[%i0+4]
+/* 0x0b04	 947 (56 57) */		sllx	%o5,19,%o3
+/* 0x0b08	 948 (57 59) */		ldx	[%sp+112],%o4
+/* 0x0b0c	 949 (57 58) */		add	%o0,%o3,%o3
+/* 0x0b10	 950 (58 60) */		ldx	[%sp+120],%o0
+/* 0x0b14	 951 (58 59) */		add	%o3,%o2,%o2
+/* 0x0b18	 952 (58 59) */		srlx	%o1,32,%o3
+/* 0x0b1c	 953 (59 60) */		st	%o1,[%i0+20]
+/* 0x0b20	 954 (59 60) */		sllx	%o4,19,%g2
+/* 0x0b24	 955 (59 60) */		add	%o2,%o3,%o2
+/* 0x0b28	 956 (60 62) */		ldx	[%sp+96],%o4
+/* 0x0b2c	 957 (60 61) */		srlx	%o2,32,%g3
+/* 0x0b30	 958 (60 61) */		add	%o0,%g2,%g2
+/* 0x0b34	 959 (61 63) */		ldx	[%sp+104],%o0
+/* 0x0b38	 960 (62 63) */		st	%o2,[%i0+24]
+/* 0x0b3c	 961 (62 63) */		add	%g2,%o4,%g2
+/* 0x0b40	 962 (63 64) */		st	%o0,[%i0+16]
+/* 0x0b44	 963 (63 64) */		add	%g2,%g3,%g2
+/* 0x0b48	 964 (64 65) */		st	%g4,[%i0+8]
+/* 0x0b4c	 968 (64 65) */		srlx	%g2,32,%o7
+/* 0x0b50	 969 (65 66) */		st	%g5,[%i0+12]
+/* 0x0b54	 970 (66 67) */		st	%g2,[%i0+28]
+/* 0x0b58	 971 (66 67) */		or	%g0,%o7,%i0
+/* 0x0b5c	     (67 74) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0b60	     (69 71) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000050
+!
+
+        .L77000050:		/* frequency 1.0 confidence 0.0 */
+/* 0x0b64	 978 ( 0  1) */		subcc	%o2,16,%g0
+/* 0x0b68	 979 ( 0  1) */		bne,pn	%icc,.L77000073	! tprob=0.50
+/* 0x0b6c	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x0b70	 981 ( 1  5) */		ldd	[%g5],%f4
+/* 0x0b74	 982 ( 2  6) */		ldd	[%g5+8],%f6
+/* 0x0b78	 989 ( 2  3) */		andn	%o1,%g2,%g2
+/* 0x0b7c	 993 ( 2  3) */		srl	%o1,19,%g3
+/* 0x0b80	 994 ( 3  7) */		ldd	[%g5+16],%f8
+/* 0x0b84	 995 ( 4  8) */		fxnor	%f0,%f4,%f4
+/* 0x0b88	 996 ( 4  5) */		st	%g2,[%sp+356]
+/* 0x0b8c	 997 ( 5  9) */		ldd	[%o0],%f20
+/* 0x0b90	 998 ( 5  9) */		fxnor	%f0,%f6,%f6
+/* 0x0b94	 999 ( 6  7) */		st	%g3,[%sp+352]
+/* 0x0b98	1000 ( 6 10) */		fxnor	%f0,%f8,%f8
+/* 0x0b9c	1005 ( 7 11) */		ldd	[%o0+8],%f30
+/* 0x0ba0	1006 ( 8 13) */		fitod	%f4,%f22
+/* 0x0ba4	1007 ( 8 12) */		ldd	[%g5+24],%f10
+/* 0x0ba8	1008 ( 9 12) */		fmovs	%f20,%f24
+/* 0x0bac	1009 ( 9 13) */		ldd	[%g5+32],%f12
+/* 0x0bb0	1010 (10 15) */		fitod	%f5,%f4
+/* 0x0bb4	1011 (10 14) */		ldd	[%g5+40],%f14
+/* 0x0bb8	1012 (11 14) */		fmovs	%f20,%f26
+/* 0x0bbc	1013 (11 15) */		ldd	[%g5+48],%f16
+/* 0x0bc0	1014 (12 14) */		ld	[%sp+356],%f25
+/* 0x0bc4	1015 (12 17) */		fitod	%f6,%f28
+/* 0x0bc8	1016 (13 15) */		ld	[%sp+352],%f27
+/* 0x0bcc	1017 (13 18) */		fitod	%f8,%f32
+/* 0x0bd0	1018 (14 19) */		fsubd	%f30,%f22,%f22
+/* 0x0bd4	1019 (14 18) */		ldd	[%g5+56],%f18
+/* 0x0bd8	1020 (15 20) */		fsubd	%f24,%f20,%f24
+/* 0x0bdc	1021 (16 21) */		fsubd	%f26,%f20,%f20
+/* 0x0be0	1022 (17 22) */		fsubd	%f30,%f4,%f4
+/* 0x0be4	1023 (18 23) */		fsubd	%f30,%f28,%f26
+/* 0x0be8	1024 (19 24) */		fitod	%f7,%f6
+/* 0x0bec	1025 (20 25) */		fsubd	%f30,%f32,%f28
+/* 0x0bf0	1026 (20 25) */		fmuld	%f22,%f24,%f32
+/* 0x0bf4	1027 (21 26) */		fmuld	%f22,%f20,%f22
+/* 0x0bf8	1028 (21 25) */		fxnor	%f0,%f10,%f10
+/* 0x0bfc	1029 (22 27) */		fmuld	%f4,%f24,%f44
+/* 0x0c00	1030 (22 27) */		fitod	%f9,%f8
+/* 0x0c04	1031 (23 28) */		fmuld	%f4,%f20,%f4
+/* 0x0c08	1032 (23 27) */		fxnor	%f0,%f12,%f12
+/* 0x0c0c	1033 (24 29) */		fsubd	%f30,%f6,%f6
+/* 0x0c10	1034 (24 29) */		fmuld	%f26,%f24,%f46
+/* 0x0c14	1035 (25 30) */		fitod	%f10,%f34
+/* 0x0c18	1036 (26 31) */		fdtox	%f22,%f22
+/* 0x0c1c	1037 (26 27) */		std	%f22,[%sp+336]
+/* 0x0c20	1038 (27 32) */		fmuld	%f26,%f20,%f22
+/* 0x0c24	1039 (27 32) */		fdtox	%f44,%f26
+/* 0x0c28	1040 (27 28) */		std	%f26,[%sp+328]
+/* 0x0c2c	1041 (28 33) */		fdtox	%f4,%f4
+/* 0x0c30	1042 (28 29) */		std	%f4,[%sp+320]
+/* 0x0c34	1043 (29 34) */		fmuld	%f6,%f24,%f26
+/* 0x0c38	1044 (29 34) */		fsubd	%f30,%f8,%f8
+/* 0x0c3c	1045 (30 35) */		fdtox	%f46,%f4
+/* 0x0c40	1046 (30 31) */		std	%f4,[%sp+312]
+/* 0x0c44	1047 (31 36) */		fmuld	%f28,%f24,%f4
+/* 0x0c48	1048 (31 36) */		fdtox	%f32,%f32
+/* 0x0c4c	1049 (31 32) */		std	%f32,[%sp+344]
+/* 0x0c50	1050 (32 37) */		fitod	%f11,%f10
+/* 0x0c54	1051 (32 37) */		fmuld	%f6,%f20,%f32
+/* 0x0c58	1052 (33 38) */		fsubd	%f30,%f34,%f34
+/* 0x0c5c	1053 (34 39) */		fdtox	%f22,%f6
+/* 0x0c60	1054 (34 35) */		std	%f6,[%sp+304]
+/* 0x0c64	1058 (35 40) */		fitod	%f12,%f36
+/* 0x0c68	1059 (35 40) */		fmuld	%f28,%f20,%f6
+/* 0x0c6c	1060 (36 41) */		fdtox	%f26,%f22
+/* 0x0c70	1061 (36 37) */		std	%f22,[%sp+296]
+/* 0x0c74	1062 (37 42) */		fmuld	%f8,%f24,%f22
+/* 0x0c78	1063 (37 42) */		fdtox	%f4,%f4
+/* 0x0c7c	1064 (37 38) */		std	%f4,[%sp+280]
+/* 0x0c80	1065 (38 43) */		fmuld	%f8,%f20,%f8
+/* 0x0c84	1066 (38 43) */		fsubd	%f30,%f10,%f10
+/* 0x0c88	1067 (39 44) */		fmuld	%f34,%f24,%f4
+/* 0x0c8c	1068 (39 44) */		fitod	%f13,%f12
+/* 0x0c90	1069 (40 45) */		fsubd	%f30,%f36,%f36
+/* 0x0c94	1070 (41 46) */		fdtox	%f6,%f6
+/* 0x0c98	1071 (41 42) */		std	%f6,[%sp+272]
+/* 0x0c9c	1072 (42 46) */		fxnor	%f0,%f14,%f14
+/* 0x0ca0	1073 (42 47) */		fmuld	%f34,%f20,%f6
+/* 0x0ca4	1074 (43 48) */		fdtox	%f22,%f22
+/* 0x0ca8	1075 (43 44) */		std	%f22,[%sp+264]
+/* 0x0cac	1076 (44 49) */		fdtox	%f8,%f8
+/* 0x0cb0	1077 (44 45) */		std	%f8,[%sp+256]
+/* 0x0cb4	1078 (44 49) */		fmuld	%f10,%f24,%f22
+/* 0x0cb8	1079 (45 50) */		fdtox	%f4,%f4
+/* 0x0cbc	1080 (45 46) */		std	%f4,[%sp+248]
+/* 0x0cc0	1081 (45 50) */		fmuld	%f10,%f20,%f8
+/* 0x0cc4	1082 (46 51) */		fsubd	%f30,%f12,%f4
+/* 0x0cc8	1083 (46 51) */		fmuld	%f36,%f24,%f10
+/* 0x0ccc	1084 (47 52) */		fitod	%f14,%f38
+/* 0x0cd0	1085 (48 53) */		fdtox	%f6,%f6
+/* 0x0cd4	1086 (48 49) */		std	%f6,[%sp+240]
+/* 0x0cd8	1087 (49 54) */		fdtox	%f22,%f12
+/* 0x0cdc	1088 (49 50) */		std	%f12,[%sp+232]
+/* 0x0ce0	1089 (49 54) */		fmuld	%f36,%f20,%f6
+/* 0x0ce4	1090 (50 55) */		fdtox	%f8,%f8
+/* 0x0ce8	1091 (50 51) */		std	%f8,[%sp+224]
+/* 0x0cec	1092 (51 56) */		fdtox	%f10,%f22
+/* 0x0cf0	1093 (51 52) */		std	%f22,[%sp+216]
+/* 0x0cf4	1094 (51 56) */		fmuld	%f4,%f24,%f8
+/* 0x0cf8	1095 (52 57) */		fitod	%f15,%f14
+/* 0x0cfc	1096 (52 57) */		fmuld	%f4,%f20,%f4
+/* 0x0d00	1097 (53 58) */		fsubd	%f30,%f38,%f22
+/* 0x0d04	1098 (54 58) */		fxnor	%f0,%f16,%f16
+/* 0x0d08	1099 (55 60) */		fdtox	%f6,%f6
+/* 0x0d0c	1100 (55 56) */		std	%f6,[%sp+208]
+/* 0x0d10	1101 (56 61) */		fdtox	%f8,%f6
+/* 0x0d14	1102 (56 57) */		std	%f6,[%sp+200]
+/* 0x0d18	1103 (57 62) */		fsubd	%f30,%f14,%f10
+/* 0x0d1c	1104 (58 63) */		fitod	%f16,%f40
+/* 0x0d20	1105 (58 63) */		fmuld	%f22,%f24,%f6
+/* 0x0d24	1106 (59 64) */		fdtox	%f4,%f4
+/* 0x0d28	1107 (59 60) */		std	%f4,[%sp+192]
+/* 0x0d2c	1108 (60 65) */		fitod	%f17,%f16
+/* 0x0d30	1109 (60 65) */		fmuld	%f22,%f20,%f4
+/* 0x0d34	1110 (61 65) */		fxnor	%f0,%f18,%f18
+/* 0x0d38	1111 (62 67) */		fdtox	%f32,%f32
+/* 0x0d3c	1112 (62 63) */		std	%f32,[%sp+288]
+/* 0x0d40	1113 (62 67) */		fmuld	%f10,%f24,%f8
+/* 0x0d44	1114 (63 68) */		fdtox	%f6,%f6
+/* 0x0d48	1115 (63 64) */		std	%f6,[%sp+184]
+/* 0x0d4c	1116 (63 68) */		fmuld	%f10,%f20,%f22
+/* 0x0d50	1117 (64 69) */		fsubd	%f30,%f40,%f6
+/* 0x0d54	1118 (65 70) */		fdtox	%f4,%f4
+/* 0x0d58	1119 (65 66) */		std	%f4,[%sp+176]
+/* 0x0d5c	1120 (66 71) */		fsubd	%f30,%f16,%f10
+/* 0x0d60	1121 (67 72) */		fdtox	%f8,%f4
+/* 0x0d64	1122 (67 68) */		std	%f4,[%sp+168]
+/* 0x0d68	1123 (68 73) */		fdtox	%f22,%f4
+/* 0x0d6c	1124 (68 69) */		std	%f4,[%sp+160]
+/* 0x0d70	1125 (69 74) */		fitod	%f18,%f42
+/* 0x0d74	1126 (69 74) */		fmuld	%f6,%f24,%f4
+/* 0x0d78	1127 (70 75) */		fmuld	%f6,%f20,%f22
+/* 0x0d7c	1128 (71 76) */		fmuld	%f10,%f24,%f6
+/* 0x0d80	1129 (72 77) */		fmuld	%f10,%f20,%f8
+/* 0x0d84	1130 (74 79) */		fdtox	%f4,%f4
+/* 0x0d88	1131 (74 75) */		std	%f4,[%sp+152]
+/* 0x0d8c	1132 (75 80) */		fsubd	%f30,%f42,%f4
+/* 0x0d90	1133 (76 81) */		fdtox	%f6,%f6
+/* 0x0d94	1134 (76 77) */		std	%f6,[%sp+136]
+/* 0x0d98	1135 (77 82) */		fdtox	%f22,%f22
+/* 0x0d9c	1136 (77 78) */		std	%f22,[%sp+144]
+/* 0x0da0	1137 (78 83) */		fdtox	%f8,%f22
+/* 0x0da4	1138 (78 79) */		std	%f22,[%sp+128]
+/* 0x0da8	1139 (79 84) */		fitod	%f19,%f22
+/* 0x0dac	1140 (80 85) */		fmuld	%f4,%f24,%f6
+/* 0x0db0	1141 (81 86) */		fmuld	%f4,%f20,%f4
+/* 0x0db4	1142 (84 89) */		fsubd	%f30,%f22,%f22
+/* 0x0db8	1143 (85 90) */		fdtox	%f6,%f6
+/* 0x0dbc	1144 (85 86) */		std	%f6,[%sp+120]
+/* 0x0dc0	1145 (86 91) */		fdtox	%f4,%f4
+/* 0x0dc4	1146 (86 87) */		std	%f4,[%sp+112]
+/* 0x0dc8	1150 (87 89) */		ldx	[%sp+336],%g2
+/* 0x0dcc	1151 (88 90) */		ldx	[%sp+344],%g3
+/* 0x0dd0	1152 (89 91) */		ld	[%i1],%g4
+/* 0x0dd4	1153 (89 90) */		sllx	%g2,19,%g2
+/* 0x0dd8	1154 (89 94) */		fmuld	%f22,%f20,%f4
+/* 0x0ddc	1155 (90 92) */		ldx	[%sp+328],%g5
+/* 0x0de0	1156 (90 91) */		add	%g3,%g2,%g2
+/* 0x0de4	1157 (90 95) */		fmuld	%f22,%f24,%f6
+/* 0x0de8	1158 (91 93) */		ldx	[%sp+320],%g3
+/* 0x0dec	1159 (91 92) */		add	%g2,%g4,%g4
+/* 0x0df0	1160 (92 94) */		ldx	[%sp+304],%o0
+/* 0x0df4	1161 (93 94) */		st	%g4,[%i0]
+/* 0x0df8	1162 (93 94) */		sllx	%g3,19,%g2
+/* 0x0dfc	1163 (93 94) */		srlx	%g4,32,%g4
+/* 0x0e00	1164 (94 96) */		ld	[%i1+4],%g3
+/* 0x0e04	1165 (94 95) */		add	%g5,%g2,%g2
+/* 0x0e08	1166 (94 99) */		fdtox	%f4,%f4
+/* 0x0e0c	1167 (95 97) */		ldx	[%sp+312],%g5
+/* 0x0e10	1168 (95 100) */		fdtox	%f6,%f6
+/* 0x0e14	1169 (96 98) */		ldx	[%sp+288],%o1
+/* 0x0e18	1170 (96 97) */		add	%g2,%g3,%g2
+/* 0x0e1c	1171 (96 97) */		sllx	%o0,19,%g3
+/* 0x0e20	1172 (97 99) */		ldx	[%sp+272],%o2
+/* 0x0e24	1173 (97 98) */		add	%g2,%g4,%g2
+/* 0x0e28	1174 (97 98) */		add	%g5,%g3,%g3
+/* 0x0e2c	1175 (98 100) */		ld	[%i1+8],%g4
+/* 0x0e30	1176 (98 99) */		srlx	%g2,32,%o0
+/* 0x0e34	1177 (99 101) */		ldx	[%sp+296],%g5
+/* 0x0e38	1178 (100 101) */		st	%g2,[%i0+4]
+/* 0x0e3c	1179 (100 101) */		sllx	%o2,19,%g2
+/* 0x0e40	1180 (100 101) */		add	%g3,%g4,%g3
+/* 0x0e44	1181 (101 103) */		ldx	[%sp+256],%o2
+/* 0x0e48	1182 (101 102) */		sllx	%o1,19,%g4
+/* 0x0e4c	1183 (101 102) */		add	%g3,%o0,%g3
+/* 0x0e50	1184 (102 104) */		ld	[%i1+12],%o0
+/* 0x0e54	1185 (102 103) */		srlx	%g3,32,%o1
+/* 0x0e58	1186 (102 103) */		add	%g5,%g4,%g4
+/* 0x0e5c	1187 (103 105) */		ldx	[%sp+280],%g5
+/* 0x0e60	1188 (104 105) */		st	%g3,[%i0+8]
+/* 0x0e64	1189 (104 105) */		sllx	%o2,19,%g3
+/* 0x0e68	1190 (104 105) */		add	%g4,%o0,%g4
+/* 0x0e6c	1191 (105 107) */		ld	[%i1+16],%o0
+/* 0x0e70	1192 (105 106) */		add	%g5,%g2,%g2
+/* 0x0e74	1193 (105 106) */		add	%g4,%o1,%g4
+/* 0x0e78	1194 (106 108) */		ldx	[%sp+264],%g5
+/* 0x0e7c	1195 (106 107) */		srlx	%g4,32,%o1
+/* 0x0e80	1196 (107 109) */		ldx	[%sp+240],%o2
+/* 0x0e84	1197 (107 108) */		add	%g2,%o0,%g2
+/* 0x0e88	1198 (108 110) */		ld	[%i1+20],%o0
+/* 0x0e8c	1199 (108 109) */		add	%g5,%g3,%g3
+/* 0x0e90	1200 (108 109) */		add	%g2,%o1,%g2
+/* 0x0e94	1201 (109 111) */		ldx	[%sp+248],%g5
+/* 0x0e98	1202 (109 110) */		srlx	%g2,32,%o1
+/* 0x0e9c	1203 (110 111) */		st	%g4,[%i0+12]
+/* 0x0ea0	1204 (110 111) */		sllx	%o2,19,%g4
+/* 0x0ea4	1205 (110 111) */		add	%g3,%o0,%g3
+/* 0x0ea8	1206 (111 113) */		ld	[%i1+24],%o0
+/* 0x0eac	1207 (111 112) */		add	%g5,%g4,%g4
+/* 0x0eb0	1208 (111 112) */		add	%g3,%o1,%g3
+/* 0x0eb4	1209 (112 114) */		ldx	[%sp+224],%o2
+/* 0x0eb8	1210 (112 113) */		srlx	%g3,32,%o1
+/* 0x0ebc	1211 (113 115) */		ldx	[%sp+232],%g5
+/* 0x0ec0	1212 (113 114) */		add	%g4,%o0,%g4
+/* 0x0ec4	1213 (114 115) */		st	%g2,[%i0+16]
+/* 0x0ec8	1214 (114 115) */		sllx	%o2,19,%g2
+/* 0x0ecc	1215 (114 115) */		add	%g4,%o1,%g4
+/* 0x0ed0	1216 (115 117) */		ld	[%i1+28],%o0
+/* 0x0ed4	1217 (115 116) */		srlx	%g4,32,%o1
+/* 0x0ed8	1218 (115 116) */		add	%g5,%g2,%g2
+/* 0x0edc	1222 (116 118) */		ldx	[%sp+208],%o2
+/* 0x0ee0	1223 (117 119) */		ldx	[%sp+216],%g5
+/* 0x0ee4	1224 (117 118) */		add	%g2,%o0,%g2
+/* 0x0ee8	1225 (118 119) */		st	%g3,[%i0+20]
+/* 0x0eec	1226 (118 119) */		sllx	%o2,19,%g3
+/* 0x0ef0	1227 (118 119) */		add	%g2,%o1,%g2
+/* 0x0ef4	1228 (119 121) */		ld	[%i1+32],%o0
+/* 0x0ef8	1229 (119 120) */		srlx	%g2,32,%o1
+/* 0x0efc	1230 (119 120) */		add	%g5,%g3,%g3
+/* 0x0f00	1231 (120 122) */		ldx	[%sp+192],%o2
+/* 0x0f04	1232 (121 123) */		ldx	[%sp+200],%g5
+/* 0x0f08	1233 (121 122) */		add	%g3,%o0,%g3
+/* 0x0f0c	1234 (122 123) */		st	%g4,[%i0+24]
+/* 0x0f10	1235 (122 123) */		sllx	%o2,19,%g4
+/* 0x0f14	1236 (122 123) */		add	%g3,%o1,%g3
+/* 0x0f18	1237 (123 125) */		ld	[%i1+36],%o0
+/* 0x0f1c	1238 (123 124) */		srlx	%g3,32,%o1
+/* 0x0f20	1239 (123 124) */		add	%g5,%g4,%g4
+/* 0x0f24	1240 (124 126) */		ldx	[%sp+176],%o2
+/* 0x0f28	1241 (125 127) */		ldx	[%sp+184],%g5
+/* 0x0f2c	1242 (125 126) */		add	%g4,%o0,%g4
+/* 0x0f30	1243 (126 127) */		st	%g2,[%i0+28]
+/* 0x0f34	1244 (126 127) */		sllx	%o2,19,%g2
+/* 0x0f38	1245 (126 127) */		add	%g4,%o1,%g4
+/* 0x0f3c	1246 (127 129) */		ld	[%i1+40],%o0
+/* 0x0f40	1247 (127 128) */		srlx	%g4,32,%o1
+/* 0x0f44	1248 (127 128) */		add	%g5,%g2,%g2
+/* 0x0f48	1249 (128 130) */		ldx	[%sp+160],%o2
+/* 0x0f4c	1250 (129 131) */		ldx	[%sp+168],%g5
+/* 0x0f50	1251 (129 130) */		add	%g2,%o0,%g2
+/* 0x0f54	1252 (130 131) */		st	%g3,[%i0+32]
+/* 0x0f58	1253 (130 131) */		sllx	%o2,19,%g3
+/* 0x0f5c	1254 (130 131) */		add	%g2,%o1,%g2
+/* 0x0f60	1255 (131 133) */		ld	[%i1+44],%o0
+/* 0x0f64	1256 (131 132) */		srlx	%g2,32,%o1
+/* 0x0f68	1257 (131 132) */		add	%g5,%g3,%g3
+/* 0x0f6c	1258 (132 134) */		ldx	[%sp+144],%o2
+/* 0x0f70	1259 (133 135) */		ldx	[%sp+152],%g5
+/* 0x0f74	1260 (133 134) */		add	%g3,%o0,%g3
+/* 0x0f78	1261 (134 135) */		st	%g4,[%i0+36]
+/* 0x0f7c	1262 (134 135) */		sllx	%o2,19,%g4
+/* 0x0f80	1263 (134 135) */		add	%g3,%o1,%g3
+/* 0x0f84	1264 (135 137) */		ld	[%i1+48],%o0
+/* 0x0f88	1265 (135 136) */		srlx	%g3,32,%o1
+/* 0x0f8c	1266 (135 136) */		add	%g5,%g4,%g4
+/* 0x0f90	1267 (136 138) */		ldx	[%sp+128],%o2
+/* 0x0f94	1268 (137 139) */		ldx	[%sp+136],%g5
+/* 0x0f98	1269 (137 138) */		add	%g4,%o0,%g4
+/* 0x0f9c	1270 (138 139) */		std	%f4,[%sp+96]
+/* 0x0fa0	1271 (138 139) */		add	%g4,%o1,%g4
+/* 0x0fa4	1272 (139 140) */		st	%g2,[%i0+40]
+/* 0x0fa8	1273 (139 140) */		sllx	%o2,19,%g2
+/* 0x0fac	1274 (139 140) */		srlx	%g4,32,%o1
+/* 0x0fb0	1275 (140 142) */		ld	[%i1+52],%o0
+/* 0x0fb4	1276 (140 141) */		add	%g5,%g2,%g2
+/* 0x0fb8	1277 (141 142) */		std	%f6,[%sp+104]
+/* 0x0fbc	1278 (142 144) */		ldx	[%sp+120],%g5
+/* 0x0fc0	1279 (142 143) */		add	%g2,%o0,%g2
+/* 0x0fc4	1280 (143 144) */		st	%g3,[%i0+44]
+/* 0x0fc8	1281 (143 144) */		add	%g2,%o1,%g2
+/* 0x0fcc	1282 (144 146) */		ldx	[%sp+112],%o2
+/* 0x0fd0	1283 (144 145) */		srlx	%g2,32,%o1
+/* 0x0fd4	1284 (145 147) */		ld	[%i1+56],%o0
+/* 0x0fd8	1285 (146 147) */		st	%g4,[%i0+48]
+/* 0x0fdc	1286 (146 147) */		sllx	%o2,19,%g3
+/* 0x0fe0	1287 (147 149) */		ldx	[%sp+96],%o2
+/* 0x0fe4	1288 (147 148) */		add	%g5,%g3,%g3
+/* 0x0fe8	1289 (148 150) */		ldx	[%sp+104],%g5
+/* 0x0fec	1290 (148 149) */		add	%g3,%o0,%g3
+/* 0x0ff0	1291 (149 151) */		ld	[%i1+60],%o0
+/* 0x0ff4	1292 (149 150) */		sllx	%o2,19,%g4
+/* 0x0ff8	1293 (149 150) */		add	%g3,%o1,%g3
+/* 0x0ffc	1294 (150 151) */		st	%g2,[%i0+52]
+/* 0x1000	1295 (150 151) */		srlx	%g3,32,%o1
+/* 0x1004	1296 (150 151) */		add	%g5,%g4,%g4
+/* 0x1008	1297 (151 152) */		st	%g3,[%i0+56]
+/* 0x100c	1298 (151 152) */		add	%g4,%o0,%g2
+/* 0x1010	1299 (152 153) */		add	%g2,%o1,%g2
+/* 0x1014	1300 (152 153) */		st	%g2,[%i0+60]
+/* 0x1018	1304 (153 154) */		srlx	%g2,32,%o7
+
+!
+! ENTRY .L77000061
+!
+
+        .L77000061:		/* frequency 1.0 confidence 0.0 */
+/* 0x119c	1437 ( 0  1) */		or	%g0,%o7,%i0
+
+!
+! ENTRY .L900000159
+!
+
+        .L900000159:		/* frequency 1.0 confidence 0.0 */
+/* 0x11a0	     ( 0  7) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x11a4	     ( 2  4) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000073
+!
+
+        .L77000073:		/* frequency 1.0 confidence 0.0 */
+	or	%g0, %i4, %o2
+	or	%g0, %o0, %o1
+	or	%g0, %i3, %o0
+
+!
+! ENTRY .L77000052
+!
+
+        .L77000052:		/* frequency 1.0 confidence 0.0 */
+/* 0x1028	1318 ( 0  1) */		andn	%o2,%g2,%g2
+/* 0x102c	1319 ( 0  1) */		st	%g2,[%sp+96]
+/* 0x1030	1325 ( 0  1) */		add	%o0,1,%g3
+/* 0x1034	1326 ( 0  1) */		fmovd	%f0,%f14
+/* 0x1038	1327 ( 1  2) */		srl	%o2,19,%g2
+/* 0x103c	1328 ( 1  2) */		st	%g2,[%sp+92]
+/* 0x1040	1329 ( 1  2) */		or	%g0,0,%o5
+/* 0x1044	1330 ( 2  3) */		srl	%g3,31,%g2
+/* 0x1048	1331 ( 2  5) */		ldd	[%o1],%f6
+/* 0x104c	1335 ( 2  3) */		sethi	%hi(0x1800),%g1
+/* 0x1050	1336 ( 3  4) */		add	%g3,%g2,%g2
+/* 0x1054	1337 ( 3  4) */		xor	%g1,-304,%g1
+/* 0x1058	1338 ( 3  6) */		ldd	[%o1+8],%f20
+/* 0x105c	1339 ( 4  5) */		sra	%g2,1,%o3
+/* 0x1060	1340 ( 4  5) */		fmovs	%f6,%f8
+/* 0x1064	1341 ( 4  5) */		add	%g1,%fp,%g3
+/* 0x1068	1342 ( 5  6) */		fmovs	%f6,%f10
+/* 0x106c	1343 ( 5  7) */		ld	[%sp+96],%f9
+/* 0x1070	1344 ( 5  6) */		subcc	%o3,0,%g0
+/* 0x1074	1345 ( 6  8) */		ld	[%sp+92],%f11
+/* 0x1078	1346 ( 6  7) */		sethi	%hi(0x1800),%g1
+/* 0x107c	1347 ( 6  7) */		or	%g0,%i2,%o1
+/* 0x1080	1348 ( 7 10) */		fsubd	%f8,%f6,%f18
+/* 0x1084	1349 ( 7  8) */		xor	%g1,-296,%g1
+/* 0x1088	1350 ( 7  8) */		or	%g0,0,%g4
+/* 0x108c	1351 ( 8 11) */		fsubd	%f10,%f6,%f16
+/* 0x1090	1352 ( 8  9) */		bleu,pt	%icc,.L990000162	! tprob=0.50
+/* 0x1094	     ( 8  9) */		subcc	%o0,0,%g0
+/* 0x1098	1354 ( 9 10) */		add	%g1,%fp,%g2
+/* 0x109c	1355 ( 9 10) */		sethi	%hi(0x1800),%g1
+/* 0x10a0	1356 (10 11) */		xor	%g1,-288,%g1
+/* 0x10a4	1357 (10 11) */		subcc	%o3,7,%g0
+/* 0x10a8	1358 (11 12) */		add	%g1,%fp,%o7
+/* 0x10ac	1359 (11 12) */		sethi	%hi(0x1800),%g1
+/* 0x10b0	1360 (12 13) */		xor	%g1,-280,%g1
+/* 0x10b4	1361 (13 14) */		add	%g1,%fp,%o4
+/* 0x10b8	1362 (13 14) */		bl,pn	%icc,.L77000054	! tprob=0.50
+/* 0x10bc	     (13 14) */		sub	%o3,2,%o2
+/* 0x10c0	1364 (14 17) */		ldd	[%o1],%f2
+/* 0x10c4	1365 (14 15) */		add	%o1,16,%g5
+/* 0x10c8	1366 (14 15) */		or	%g0,4,%g4
+/* 0x10cc	1367 (15 18) */		ldd	[%o1+8],%f0
+/* 0x10d0	1368 (15 16) */		add	%o1,8,%o1
+/* 0x10d4	1369 (16 18) */		fxnor	%f14,%f2,%f6
+/* 0x10d8	1370 (16 19) */		ldd	[%g5],%f4
+/* 0x10dc	1371 (16 17) */		add	%o1,16,%o1
+/* 0x10e0	1372 (17 19) */		fxnor	%f14,%f0,%f12
+/* 0x10e4	1373 (17 20) */		ldd	[%o1],%f0
+/* 0x10e8	1374 (17 18) */		add	%o1,8,%o1
+/* 0x10ec	1375 (18 21) */		fitod	%f7,%f2
+/* 0x10f0	1376 (19 22) */		fitod	%f6,%f6
+/* 0x10f4	1377 (20 22) */		fxnor	%f14,%f4,%f10
+/* 0x10f8	1378 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x10fc	1379 (22 24) */		fxnor	%f14,%f0,%f8
+/* 0x1100	1380 (23 26) */		fitod	%f13,%f4
+/* 0x1104	1381 (24 27) */		fsubd	%f20,%f6,%f6
+/* 0x1108	1382 (24 27) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000154
+!
+
+        .L990000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x110c	1384 ( 0  3) */		ldd	[%o1],%f24
+/* 0x1110	1385 ( 0  1) */		add	%g4,3,%g4
+/* 0x1114	1386 ( 0  1) */		add	%o4,96,%o4
+/* 0x1118	1387 ( 1  4) */		fitod	%f11,%f22
+/* 0x111c	1388 ( 2  5) */		fsubd	%f20,%f4,%f26
+/* 0x1120	1389 ( 2  3) */		subcc	%g4,%o2,%g0
+/* 0x1124	1390 ( 2  3) */		add	%o7,96,%o7
+/* 0x1128	1391 ( 2  5) */		fmuld	%f6,%f18,%f28
+/* 0x112c	1392 ( 3  6) */		fmuld	%f6,%f16,%f6
+/* 0x1130	1393 ( 3  4) */		add	%g2,96,%g2
+/* 0x1134	1394 ( 3  4) */		add	%g3,96,%g3
+/* 0x1138	1395 ( 4  7) */		fdtox	%f0,%f0
+/* 0x113c	1396 ( 5  8) */		fitod	%f12,%f4
+/* 0x1140	1397 ( 5  8) */		fmuld	%f2,%f18,%f2
+/* 0x1144	1398 ( 6  9) */		fdtox	%f28,%f12
+/* 0x1148	1399 ( 7 10) */		fdtox	%f6,%f6
+/* 0x114c	1400 ( 7  8) */		std	%f12,[%g3-96]
+/* 0x1150	1401 ( 8  9) */		std	%f6,[%g2-96]
+/* 0x1154	1402 ( 8 11) */		fdtox	%f2,%f2
+/* 0x1158	1403 ( 9 12) */		fsubd	%f20,%f4,%f6
+/* 0x115c	1404 ( 9 10) */		std	%f2,[%o7-96]
+/* 0x1160	1405 ( 9 10) */		add	%o1,8,%o1
+/* 0x1164	1406 (10 12) */		fxnor	%f14,%f24,%f12
+/* 0x1168	1407 (10 13) */		fmuld	%f26,%f16,%f4
+/* 0x116c	1408 (10 11) */		std	%f0,[%o4-96]
+/* 0x1170	1409 (11 14) */		ldd	[%o1],%f0
+/* 0x1174	1410 (11 14) */		fitod	%f9,%f2
+/* 0x1178	1411 (12 15) */		fsubd	%f20,%f22,%f28
+/* 0x117c	1412 (12 15) */		fmuld	%f6,%f18,%f24
+/* 0x1180	1413 (13 16) */		fmuld	%f6,%f16,%f22
+/* 0x1184	1414 (13 16) */		fdtox	%f4,%f4
+/* 0x1188	1415 (14 17) */		fitod	%f10,%f6
+/* 0x118c	1416 (14 17) */		fmuld	%f26,%f18,%f10
+/* 0x1190	1417 (15 18) */		fdtox	%f24,%f24
+/* 0x1194	1418 (16 19) */		fdtox	%f22,%f22
+/* 0x1198	1419 (16 17) */		std	%f24,[%g3-64]
+/* 0x119c	1420 (17 18) */		std	%f22,[%g2-64]
+/* 0x11a0	1421 (17 20) */		fdtox	%f10,%f10
+/* 0x11a4	1422 (18 21) */		fsubd	%f20,%f6,%f6
+/* 0x11a8	1423 (18 19) */		std	%f10,[%o7-64]
+/* 0x11ac	1424 (18 19) */		add	%o1,8,%o1
+/* 0x11b0	1425 (19 21) */		fxnor	%f14,%f0,%f10
+/* 0x11b4	1426 (19 22) */		fmuld	%f28,%f16,%f0
+/* 0x11b8	1427 (19 20) */		std	%f4,[%o4-64]
+/* 0x11bc	1428 (20 23) */		ldd	[%o1],%f22
+/* 0x11c0	1429 (20 23) */		fitod	%f13,%f4
+/* 0x11c4	1430 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x11c8	1431 (21 24) */		fmuld	%f6,%f18,%f26
+/* 0x11cc	1432 (22 25) */		fmuld	%f6,%f16,%f24
+/* 0x11d0	1433 (22 25) */		fdtox	%f0,%f0
+/* 0x11d4	1434 (23 26) */		fitod	%f8,%f6
+/* 0x11d8	1435 (23 26) */		fmuld	%f28,%f18,%f8
+/* 0x11dc	1436 (24 27) */		fdtox	%f26,%f26
+/* 0x11e0	1437 (25 28) */		fdtox	%f24,%f24
+/* 0x11e4	1438 (25 26) */		std	%f26,[%g3-32]
+/* 0x11e8	1439 (26 27) */		std	%f24,[%g2-32]
+/* 0x11ec	1440 (26 29) */		fdtox	%f8,%f8
+/* 0x11f0	1441 (27 30) */		fsubd	%f20,%f6,%f6
+/* 0x11f4	1442 (27 28) */		std	%f8,[%o7-32]
+/* 0x11f8	1443 (27 28) */		add	%o1,8,%o1
+/* 0x11fc	1444 (28 30) */		fxnor	%f14,%f22,%f8
+/* 0x1200	1445 (28 29) */		std	%f0,[%o4-32]
+/* 0x1204	1446 (28 29) */		bcs,pt	%icc,.L990000154	! tprob=0.50
+/* 0x1208	     (28 31) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000157
+!
+
+        .L990000157:		/* frequency 1.0 confidence 0.0 */
+/* 0x120c	1449 ( 0  3) */		fitod	%f12,%f28
+/* 0x1210	1450 ( 0  3) */		fmuld	%f6,%f18,%f24
+/* 0x1214	1451 ( 0  1) */		add	%g3,128,%g3
+/* 0x1218	1452 ( 1  4) */		fitod	%f10,%f12
+/* 0x121c	1453 ( 1  4) */		fmuld	%f6,%f16,%f26
+/* 0x1220	1454 ( 1  2) */		add	%g2,128,%g2
+/* 0x1224	1455 ( 2  5) */		fsubd	%f20,%f4,%f4
+/* 0x1228	1456 ( 2  5) */		fmuld	%f2,%f18,%f22
+/* 0x122c	1457 ( 2  3) */		add	%o7,128,%o7
+/* 0x1230	1458 ( 3  6) */		fdtox	%f24,%f6
+/* 0x1234	1459 ( 3  4) */		std	%f6,[%g3-128]
+/* 0x1238	1460 ( 3  4) */		add	%o4,128,%o4
+/* 0x123c	1461 ( 4  7) */		fsubd	%f20,%f28,%f2
+/* 0x1240	1462 ( 4  5) */		subcc	%g4,%o3,%g0
+/* 0x1244	1463 ( 5  8) */		fitod	%f11,%f6
+/* 0x1248	1464 ( 5  8) */		fmuld	%f4,%f18,%f24
+/* 0x124c	1465 ( 6  9) */		fdtox	%f26,%f10
+/* 0x1250	1466 ( 6  7) */		std	%f10,[%g2-128]
+/* 0x1254	1467 ( 7 10) */		fdtox	%f22,%f10
+/* 0x1258	1468 ( 7  8) */		std	%f10,[%o7-128]
+/* 0x125c	1469 ( 7 10) */		fmuld	%f2,%f18,%f26
+/* 0x1260	1470 ( 8 11) */		fsubd	%f20,%f12,%f10
+/* 0x1264	1471 ( 8 11) */		fmuld	%f2,%f16,%f2
+/* 0x1268	1472 ( 9 12) */		fsubd	%f20,%f6,%f22
+/* 0x126c	1473 ( 9 12) */		fmuld	%f4,%f16,%f12
+/* 0x1270	1474 (10 13) */		fdtox	%f0,%f0
+/* 0x1274	1475 (10 11) */		std	%f0,[%o4-128]
+/* 0x1278	1476 (11 14) */		fitod	%f8,%f4
+/* 0x127c	1477 (11 14) */		fmuld	%f10,%f18,%f6
+/* 0x1280	1478 (12 15) */		fdtox	%f26,%f0
+/* 0x1284	1479 (12 13) */		std	%f0,[%g3-96]
+/* 0x1288	1480 (12 15) */		fmuld	%f10,%f16,%f10
+/* 0x128c	1481 (13 16) */		fdtox	%f2,%f2
+/* 0x1290	1482 (13 14) */		std	%f2,[%g2-96]
+/* 0x1294	1483 (14 17) */		fitod	%f9,%f0
+/* 0x1298	1484 (14 17) */		fmuld	%f22,%f18,%f2
+/* 0x129c	1485 (15 18) */		fdtox	%f24,%f8
+/* 0x12a0	1486 (15 16) */		std	%f8,[%o7-96]
+/* 0x12a4	1487 (16 19) */		fsubd	%f20,%f4,%f4
+/* 0x12a8	1488 (16 19) */		fmuld	%f22,%f16,%f8
+/* 0x12ac	1489 (17 20) */		fdtox	%f12,%f12
+/* 0x12b0	1490 (17 18) */		std	%f12,[%o4-96]
+/* 0x12b4	1491 (18 21) */		fsubd	%f20,%f0,%f0
+/* 0x12b8	1492 (19 22) */		fdtox	%f6,%f6
+/* 0x12bc	1493 (19 20) */		std	%f6,[%g3-64]
+/* 0x12c0	1494 (20 23) */		fdtox	%f10,%f10
+/* 0x12c4	1495 (20 21) */		std	%f10,[%g2-64]
+/* 0x12c8	1496 (20 23) */		fmuld	%f4,%f18,%f6
+/* 0x12cc	1497 (21 24) */		fdtox	%f2,%f2
+/* 0x12d0	1498 (21 22) */		std	%f2,[%o7-64]
+/* 0x12d4	1499 (21 24) */		fmuld	%f4,%f16,%f4
+/* 0x12d8	1500 (22 25) */		fmuld	%f0,%f18,%f2
+/* 0x12dc	1501 (22 25) */		fdtox	%f8,%f8
+/* 0x12e0	1502 (22 23) */		std	%f8,[%o4-64]
+/* 0x12e4	1503 (23 26) */		fdtox	%f6,%f6
+/* 0x12e8	1504 (23 24) */		std	%f6,[%g3-32]
+/* 0x12ec	1505 (23 26) */		fmuld	%f0,%f16,%f0
+/* 0x12f0	1506 (24 27) */		fdtox	%f4,%f4
+/* 0x12f4	1507 (24 25) */		std	%f4,[%g2-32]
+/* 0x12f8	1508 (25 28) */		fdtox	%f2,%f2
+/* 0x12fc	1509 (25 26) */		std	%f2,[%o7-32]
+/* 0x1300	1510 (26 29) */		fdtox	%f0,%f0
+/* 0x1304	1511 (26 27) */		bcc,pn	%icc,.L77000056	! tprob=0.50
+/* 0x1308	     (26 27) */		std	%f0,[%o4-32]
+
+!
+! ENTRY .L77000054
+!
+
+        .L77000054:		/* frequency 1.0 confidence 0.0 */
+/* 0x130c	1514 ( 0  3) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L990000161
+!
+
+        .L990000161:		/* frequency 1.0 confidence 0.0 */
+/* 0x1310	1516 ( 0  2) */		fxnor	%f14,%f0,%f0
+/* 0x1314	1517 ( 0  1) */		add	%g4,1,%g4
+/* 0x1318	1518 ( 0  1) */		add	%o1,8,%o1
+/* 0x131c	1519 ( 1  2) */		subcc	%g4,%o3,%g0
+/* 0x1320	1520 ( 2  5) */		fitod	%f0,%f2
+/* 0x1324	1521 ( 3  6) */		fitod	%f1,%f0
+/* 0x1328	1522 ( 5  8) */		fsubd	%f20,%f2,%f2
+/* 0x132c	1523 ( 6  9) */		fsubd	%f20,%f0,%f0
+/* 0x1330	1524 ( 8 11) */		fmuld	%f2,%f18,%f6
+/* 0x1334	1525 ( 9 12) */		fmuld	%f2,%f16,%f4
+/* 0x1338	1526 (10 13) */		fmuld	%f0,%f18,%f2
+/* 0x133c	1527 (11 14) */		fdtox	%f6,%f6
+/* 0x1340	1528 (11 12) */		std	%f6,[%g3]
+/* 0x1344	1529 (11 14) */		fmuld	%f0,%f16,%f0
+/* 0x1348	1530 (12 15) */		fdtox	%f4,%f4
+/* 0x134c	1531 (12 13) */		std	%f4,[%g2]
+/* 0x1350	1532 (12 13) */		add	%g2,32,%g2
+/* 0x1354	1533 (13 16) */		fdtox	%f2,%f2
+/* 0x1358	1534 (13 14) */		std	%f2,[%o7]
+/* 0x135c	1535 (13 14) */		add	%o7,32,%o7
+/* 0x1360	1536 (14 17) */		fdtox	%f0,%f0
+/* 0x1364	1537 (14 15) */		std	%f0,[%o4]
+/* 0x1368	1538 (14 15) */		add	%o4,32,%o4
+/* 0x136c	1539 (15 16) */		add	%g3,32,%g3
+/* 0x1370	1540 (15 16) */		bcs,a,pt	%icc,.L990000161	! tprob=0.50
+/* 0x1374	     (16 19) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L77000056
+!
+
+         .L77000056:		/* frequency 1.0 confidence 0.0 */
+/* 0x1378	1548 ( 0  1) */		subcc	%o0,0,%g0
+
+!
+! ENTRY .L990000162
+!
+
+         .L990000162:		/* frequency 1.0 confidence 0.0 */
+/* 0x137c	1550 ( 0  1) */		bleu,pt	%icc,.L77770061	! tprob=0.50
+/* 0x1380	     ( 0  1) */		nop
+/* 0x1384	1555 ( 0  1) */		sethi	%hi(0x1800),%g1
+/* 0x1388	1556 ( 1  2) */		xor	%g1,-304,%g1
+/* 0x138c	1557 ( 1  2) */		or	%g0,%i1,%g4
+/* 0x1390	1558 ( 2  3) */		add	%g1,%fp,%g5
+/* 0x1394	1559 ( 2  3) */		sethi	%hi(0x1800),%g1
+/* 0x1398	1560 ( 3  4) */		xor	%g1,-296,%g1
+/* 0x139c	1561 ( 3  4) */		or	%g0,%o0,%o7
+/* 0x13a0	1562 ( 4  5) */		add	%g1,%fp,%g2
+/* 0x13a4	1563 ( 4  5) */		or	%g0,0,%i2
+/* 0x13a8	1564 ( 5  6) */		or	%g0,%i0,%g3
+/* 0x13ac	1565 ( 5  6) */		subcc	%o0,6,%g0
+/* 0x13b0	1566 ( 5  6) */		bl,pn	%icc,.L77000058	! tprob=0.50
+/* 0x13b4	     ( 6  7) */		sethi	%hi(0x1800),%g1
+/* 0x13b8	1568 ( 6  8) */		ld	[%g4],%o2
+/* 0x13bc	1569 ( 6  7) */		add	%g3,4,%g3
+/* 0x13c0	1570 ( 7  8) */		xor	%g1,-264,%g1
+/* 0x13c4	1571 ( 7  8) */		sub	%o7,3,%o4
+/* 0x13c8	1572 ( 8  9) */		add	%g1,%fp,%g2
+/* 0x13cc	1573 ( 8  9) */		sethi	%hi(0x1800),%g1
+/* 0x13d0	1574 ( 9 10) */		xor	%g1,-272,%g1
+/* 0x13d4	1575 ( 9 10) */		or	%g0,2,%i2
+/* 0x13d8	1576 (10 11) */		add	%g1,%fp,%g5
+/* 0x13dc	1577 (10 11) */		sethi	%hi(0x1800),%g1
+/* 0x13e0	1578 (11 12) */		xor	%g1,-296,%g1
+/* 0x13e4	1579 (12 13) */		add	%g1,%fp,%g1
+/* 0x13e8	1580 (13 15) */		ldx	[%g1],%o1
+/* 0x13ec	1581 (14 16) */		ldx	[%g1-8],%o0
+/* 0x13f0	1582 (15 16) */		sllx	%o1,19,%o1
+/* 0x13f4	1583 (15 17) */		ldx	[%g1+16],%o3
+/* 0x13f8	1584 (16 17) */		add	%o0,%o1,%o0
+/* 0x13fc	1585 (16 18) */		ld	[%g4+4],%o1
+/* 0x1400	1586 (16 17) */		add	%g4,8,%g4
+/* 0x1404	1587 (17 18) */		sllx	%o3,19,%o3
+/* 0x1408	1588 (17 18) */		add	%o0,%o2,%o0
+/* 0x140c	1589 (17 19) */		ldx	[%g1+8],%o2
+/* 0x1410	1590 (18 19) */		st	%o0,[%g3-4]
+/* 0x1414	1591 (18 19) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000142
+!
+
+        .L990000142:		/* frequency 1.0 confidence 0.0 */
+/* 0x1418	1593 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x141c	1594 ( 0  1) */		add	%i2,4,%i2
+/* 0x1420	1595 ( 0  2) */		ld	[%g4],%o3
+/* 0x1424	1596 ( 1  2) */		srl	%o0,0,%o5
+/* 0x1428	1597 ( 1  2) */		add	%o2,%o1,%o1
+/* 0x142c	1598 ( 1  3) */		ldx	[%g2],%o0
+/* 0x1430	1599 ( 3  4) */		sllx	%o0,19,%o2
+/* 0x1434	1600 ( 3  5) */		ldx	[%g5],%o0
+/* 0x1438	1601 ( 3  4) */		add	%o1,%o5,%o1
+/* 0x143c	1602 ( 4  5) */		st	%o1,[%g3]
+/* 0x1440	1603 ( 4  5) */		srlx	%o1,32,%o5
+/* 0x1444	1604 ( 4  5) */		subcc	%i2,%o4,%g0
+/* 0x1448	1605 ( 5  7) */		ldx	[%g2+16],%o1
+/* 0x144c	1606 ( 5  6) */		add	%o0,%o2,%o0
+/* 0x1450	1607 ( 5  6) */		add	%g3,16,%g3
+/* 0x1454	1608 ( 6  8) */		ld	[%g4+4],%o2
+/* 0x1458	1609 ( 6  7) */		add	%o0,%o3,%o0
+/* 0x145c	1610 ( 7  8) */		sllx	%o1,19,%o3
+/* 0x1460	1611 ( 7  9) */		ldx	[%g5+16],%o1
+/* 0x1464	1612 ( 7  8) */		add	%o0,%o5,%o0
+/* 0x1468	1613 ( 8  9) */		st	%o0,[%g3-12]
+/* 0x146c	1614 ( 8  9) */		srlx	%o0,32,%o5
+/* 0x1470	1615 ( 8  9) */		add	%g4,16,%g4
+/* 0x1474	1616 ( 9 11) */		ldx	[%g2+32],%o0
+/* 0x1478	1617 ( 9 10) */		add	%o1,%o3,%o1
+/* 0x147c	1618 ( 9 10) */		add	%g2,64,%g2
+/* 0x1480	1619 (10 12) */		ld	[%g4-8],%o3
+/* 0x1484	1620 (10 11) */		add	%o1,%o2,%o2
+/* 0x1488	1621 (11 12) */		sllx	%o0,19,%o1
+/* 0x148c	1622 (11 13) */		ldx	[%g5+32],%o0
+/* 0x1490	1623 (11 12) */		add	%o2,%o5,%o2
+/* 0x1494	1624 (12 13) */		st	%o2,[%g3-8]
+/* 0x1498	1625 (12 13) */		srlx	%o2,32,%o5
+/* 0x149c	1626 (12 13) */		add	%g5,64,%g5
+/* 0x14a0	1627 (13 15) */		ldx	[%g2-16],%o2
+/* 0x14a4	1628 (13 14) */		add	%o0,%o1,%o0
+/* 0x14a8	1629 (14 16) */		ld	[%g4-4],%o1
+/* 0x14ac	1630 (14 15) */		add	%o0,%o3,%o0
+/* 0x14b0	1631 (15 16) */		sllx	%o2,19,%o3
+/* 0x14b4	1632 (15 17) */		ldx	[%g5-16],%o2
+/* 0x14b8	1633 (15 16) */		add	%o0,%o5,%o0
+/* 0x14bc	1634 (16 17) */		st	%o0,[%g3-4]
+/* 0x14c0	1635 (16 17) */		bcs,pt	%icc,.L990000142	! tprob=0.50
+/* 0x14c4	     (16 17) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000145
+!
+
+        .L990000145:		/* frequency 1.0 confidence 0.0 */
+/* 0x14c8	1638 ( 0  1) */		add	%o2,%o3,%o3
+/* 0x14cc	1639 ( 0  1) */		add	%g3,4,%g3
+/* 0x14d0	1640 ( 1  2) */		srl	%o0,0,%o2
+/* 0x14d4	1641 ( 1  2) */		add	%o3,%o1,%o0
+/* 0x14d8	1642 ( 2  3) */		add	%o0,%o2,%o0
+/* 0x14dc	1643 ( 2  3) */		st	%o0,[%g3-4]
+/* 0x14e0	1644 ( 2  3) */		subcc	%i2,%o7,%g0
+/* 0x14e4	1645 ( 2  3) */		bcc,pn	%icc,.L77770061	! tprob=0.50
+/* 0x14e8	     ( 3  4) */		srlx	%o0,32,%o5
+
+!
+! ENTRY .L77000058
+!
+
+        .L77000058:		/* frequency 1.0 confidence 0.0 */
+/* 0x14ec	1648 ( 0  2) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L990000160
+!
+
+        .L990000160:		/* frequency 1.0 confidence 0.0 */
+/* 0x14f0	1650 ( 0  1) */		sllx	%o2,19,%o3
+/* 0x14f4	1651 ( 0  2) */		ldx	[%g5],%o0
+/* 0x14f8	1652 ( 0  1) */		add	%i2,1,%i2
+/* 0x14fc	1653 ( 1  2) */		srl	%o5,0,%o1
+/* 0x1500	1654 ( 1  3) */		ld	[%g4],%o2
+/* 0x1504	1655 ( 1  2) */		add	%g2,16,%g2
+/* 0x1508	1656 ( 2  3) */		add	%o0,%o3,%o0
+/* 0x150c	1657 ( 2  3) */		add	%g5,16,%g5
+/* 0x1510	1658 ( 3  4) */		add	%o0,%o2,%o0
+/* 0x1514	1659 ( 3  4) */		add	%g4,4,%g4
+/* 0x1518	1660 ( 4  5) */		add	%o0,%o1,%o0
+/* 0x151c	1661 ( 4  5) */		st	%o0,[%g3]
+/* 0x1520	1662 ( 4  5) */		subcc	%i2,%o7,%g0
+/* 0x1524	1663 ( 5  6) */		srlx	%o0,32,%o5
+/* 0x1528	1664 ( 5  6) */		add	%g3,4,%g3
+/* 0x152c	1665 ( 5  6) */		bcs,a,pt	%icc,.L990000160	! tprob=0.50
+/* 0x1530	     ( 6  8) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L77770061
+!
+
+        .L77770061:		/* frequency 1.0 confidence 0.0 */
+/* 0x1534	     ( 0  2) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x1538	     ( 2  3) */		restore	%g0,%o5,%o0
+
+/* 0x11a8	1441 ( 0  0) */		.type	mul_add,2
+/* 0x11a8	1442 ( 0  0) */		.size	mul_add,(.-mul_add)
+/* 0x11a8	1445 ( 0  0) */		.align	16
+/* 0x11b0	1451 ( 0  0) */		.global	mul_add_inp
+
+!
+! ENTRY mul_add_inp
+!
+
+        .global mul_add_inp
+        mul_add_inp:		/* frequency 1.0 confidence 0.0 */
+/* 0x11b0	1453 ( 0  1) */		or	%g0,%o2,%g1
+/* 0x11b4	1454 ( 0  1) */		or	%g0,%o3,%o4
+/* 0x11b8	1455 ( 1  2) */		or	%g0,%o0,%g3
+/* 0x11bc	1456 ( 1  2) */		or	%g0,%o1,%g2
+/* 0x11c0	1466 ( 2  3) */		or	%g0,%g1,%o3
+/* 0x11c4	1467 ( 2  3) */		or	%g0,%g3,%o1
+/* 0x11c8	1468 ( 3  4) */		or	%g0,%g2,%o2
+/* 0x11cc	1469 ( 3  4) */		or	%g0,%o7,%g1
+/* 0x11d0	1470 ( 4  6) */		call	mul_add	! params = 	! Result = 
+/* 0x11d4	     ( 5  6) */		or	%g0,%g1,%o7
+/* 0x11d8	1472 ( 0  0) */		.type	mul_add_inp,2
+/* 0x11d8	1473 ( 0  0) */		.size	mul_add_inp,(.-mul_add_inp)
+
+	.section	".data",#alloc,#write
+/* 0x11d8	   6 ( 0  0) */		.align	8
+
+!
+! ENTRY mask_cnst
+!
+
+        mask_cnst:		/* frequency 1.0 confidence 0.0 */
+/* 0x11d8	   8 ( 0  0) */		.word	-2147483648
+/* 0x11dc	   9 ( 0  0) */		.word	-2147483648
+/* 0x11e0	  10 ( 0  0) */		.type	mask_cnst,#object
+/* 0x11e0	  11 ( 0  0) */		.size	mask_cnst,8
+
diff --git a/nss/lib/freebl/mpi/mpv_sparcv9.s b/nss/lib/freebl/mpi/mpv_sparcv9.s
new file mode 100644
index 0000000..e2fbe0b
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpv_sparcv9.s
@@ -0,0 +1,1645 @@
+!
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.section	".text",#alloc,#execinstr
+/* 000000	   0 ( 0  0) */		.register	%g2,#scratch
+/* 000000	     ( 0  0) */		.register	%g3,#scratch
+/* 000000	   3 ( 0  0) */		.file	"mpv_sparc.c"
+/* 000000	  15 ( 0  0) */		.align	8
+!
+! SUBROUTINE .L_const_seg_900000101
+!
+! OFFSET    SOURCE LINE	LABEL	INSTRUCTION	(ISSUE TIME)	(COMPLETION TIME)
+
+                                   .L_const_seg_900000101:		/* frequency 1.0 confidence 0.0 */
+/* 000000	  20 ( 0  0) */		.word	1127219200,0
+/* 0x0008	  21 ( 0  0) */		.word	1105199103,-4194304
+/* 0x0010	  22 ( 0  0) */		.align	8
+/* 0x0010	  28 ( 0  0) */		.global	mul_add
+
+!
+! ENTRY mul_add
+!
+
+                                   	.global mul_add
+                                   mul_add:		/* frequency 1.0 confidence 0.0 */
+/* 0x0010	  30 ( 0  1) */		sethi	%hi(0x1c00),%g1
+/* 0x0014	  31 ( 0  1) */		sethi	%hi(mask_cnst),%g2
+/* 0x0018	  32 ( 1  2) */		xor	%g1,-48,%g1
+/* 0x001c	  33 ( 1  2) */		add	%g2,%lo(mask_cnst),%g2
+/* 0x0020	  34 ( 2  3) */		save	%sp,%g1,%sp
+
+!
+! ENTRY .L900000149
+!
+
+                                   .L900000149:		/* frequency 1.0 confidence 0.0 */
+/* 0x0024	  36 ( 0  2) */		call	(.+0x8)	! params = 	! Result = 
+/* 0x0028	     ( 1  2) */		sethi	%hi((_GLOBAL_OFFSET_TABLE_-(.L900000149-.))),%g5
+/* 0x002c	 178 ( 2  3) */		sethi	%hi(.L_const_seg_900000101),%g3
+/* 0x0030	 179 ( 2  3) */		add	%g5,%lo((_GLOBAL_OFFSET_TABLE_-(.L900000149-.))),%g5
+/* 0x0034	 180 ( 3  4) */		add	%g3,%lo(.L_const_seg_900000101),%g3
+/* 0x0038	 181 ( 3  4) */		add	%g5,%o7,%o1
+/* 0x003c	 182 ( 4  5) */		sethi	%hi(0x80000),%g4
+/* 0x0040	 183 ( 4  6) */		ldx	[%o1+%g2],%g2
+/* 0x0044	 184 ( 4  5) */		or	%g0,%i2,%o2
+/* 0x0048	 185 ( 5  6) */		subcc	%i4,%g4,%g0
+/* 0x004c	 186 ( 5  7) */		ldx	[%o1+%g3],%o0
+/* 0x0050	 187 ( 6  7) */		or	%g0,%i0,%o7
+/* 0x0054	 188 ( 6  7) */		or	%g0,%i1,%o5
+/* 0x0058	 189 ( 6  9) */		ldd	[%g2],%f0
+/* 0x005c	 190 ( 6  7) */		bcc,pn	%icc,.L77000048	! tprob=0.50
+/* 0x0060	     ( 7  8) */		subcc	%i3,8,%g0
+/* 0x0064	 192 ( 7  8) */		bne,pn	%icc,.L900000158	! tprob=0.50
+/* 0x0068	     ( 8  9) */		subcc	%i3,16,%g0
+/* 0x006c	 194 ( 9 12) */		ldd	[%o2],%f4
+/* 0x0070	 195 (10 11) */		st	%i4,[%sp+2287]
+/* 0x0074	 196 (11 14) */		ldd	[%o0],%f8
+/* 0x0078	 197 (11 13) */		fxnor	%f0,%f4,%f4
+/* 0x007c	 198 (12 15) */		ldd	[%o2+8],%f10
+/* 0x0080	 199 (13 16) */		fitod	%f4,%f12
+/* 0x0084	 200 (13 16) */		ldd	[%o0+8],%f14
+/* 0x0088	 201 (14 17) */		ld	[%sp+2287],%f7
+/* 0x008c	 202 (14 17) */		fitod	%f5,%f4
+/* 0x0090	 203 (15 17) */		fxnor	%f0,%f10,%f10
+/* 0x0094	 204 (15 18) */		ldd	[%o2+16],%f16
+/* 0x0098	 205 (16 19) */		ldd	[%o2+24],%f18
+/* 0x009c	 206 (17 20) */		fsubd	%f14,%f4,%f4
+/* 0x00a0	 210 (17 20) */		ld	[%i1],%g2
+/* 0x00a4	 211 (18 20) */		fxnor	%f0,%f16,%f16
+/* 0x00a8	 212 (18 21) */		ld	[%i1+4],%g3
+/* 0x00ac	 213 (19 22) */		ld	[%i1+8],%g4
+/* 0x00b0	 214 (20 23) */		fitod	%f16,%f20
+/* 0x00b4	 215 (20 23) */		ld	[%i1+16],%o0
+/* 0x00b8	 216 (21 24) */		ld	[%i1+12],%g5
+/* 0x00bc	 217 (22 25) */		ld	[%i1+20],%o1
+/* 0x00c0	 218 (23 26) */		ld	[%i1+24],%o2
+/* 0x00c4	 219 (24 25) */		fmovs	%f8,%f6
+/* 0x00c8	 220 (24 27) */		ld	[%i1+28],%o3
+/* 0x00cc	 221 (26 29) */		fsubd	%f6,%f8,%f6
+/* 0x00d0	 222 (27 30) */		fsubd	%f14,%f12,%f8
+/* 0x00d4	 223 (28 31) */		fitod	%f10,%f12
+/* 0x00d8	 224 (29 32) */		fmuld	%f4,%f6,%f4
+/* 0x00dc	 225 (29 32) */		fitod	%f11,%f10
+/* 0x00e0	 226 (30 33) */		fmuld	%f8,%f6,%f8
+/* 0x00e4	 227 (31 34) */		fsubd	%f14,%f12,%f12
+/* 0x00e8	 228 (32 35) */		fdtox	%f4,%f4
+/* 0x00ec	 229 (32 33) */		std	%f4,[%sp+2271]
+/* 0x00f0	 230 (33 36) */		fdtox	%f8,%f8
+/* 0x00f4	 231 (33 34) */		std	%f8,[%sp+2279]
+/* 0x00f8	 232 (34 37) */		fmuld	%f12,%f6,%f12
+/* 0x00fc	 233 (34 37) */		fsubd	%f14,%f10,%f10
+/* 0x0100	 234 (35 38) */		fsubd	%f14,%f20,%f4
+/* 0x0104	 235 (36 39) */		fitod	%f17,%f8
+/* 0x0108	 236 (37 39) */		fxnor	%f0,%f18,%f16
+/* 0x010c	 237 (37 39) */		ldx	[%sp+2279],%o4
+/* 0x0110	 238 (37 40) */		fmuld	%f10,%f6,%f10
+/* 0x0114	 239 (38 41) */		fdtox	%f12,%f12
+/* 0x0118	 240 (38 39) */		std	%f12,[%sp+2263]
+/* 0x011c	 241 (38 41) */		fmuld	%f4,%f6,%f4
+/* 0x0120	 242 (39 42) */		fitod	%f16,%f18
+/* 0x0124	 243 (39 40) */		add	%o4,%g2,%g2
+/* 0x0128	 244 (39 40) */		st	%g2,[%i0]
+/* 0x012c	 245 (40 42) */		ldx	[%sp+2271],%o4
+/* 0x0130	 246 (40 43) */		fsubd	%f14,%f8,%f8
+/* 0x0134	 247 (40 41) */		srax	%g2,32,%o5
+/* 0x0138	 248 (41 44) */		fdtox	%f10,%f10
+/* 0x013c	 249 (41 42) */		std	%f10,[%sp+2255]
+/* 0x0140	 250 (42 45) */		fdtox	%f4,%f4
+/* 0x0144	 251 (42 43) */		std	%f4,[%sp+2247]
+/* 0x0148	 252 (42 43) */		add	%o4,%g3,%o4
+/* 0x014c	 253 (43 46) */		fitod	%f17,%f12
+/* 0x0150	 254 (43 45) */		ldx	[%sp+2263],%g2
+/* 0x0154	 255 (43 44) */		add	%o4,%o5,%g3
+/* 0x0158	 256 (43 46) */		fmuld	%f8,%f6,%f8
+/* 0x015c	 257 (44 47) */		fsubd	%f14,%f18,%f10
+/* 0x0160	 258 (44 45) */		st	%g3,[%i0+4]
+/* 0x0164	 259 (44 45) */		srax	%g3,32,%g3
+/* 0x0168	 260 (45 46) */		add	%g2,%g4,%g4
+/* 0x016c	 261 (45 47) */		ldx	[%sp+2255],%g2
+/* 0x0170	 262 (46 49) */		fsubd	%f14,%f12,%f4
+/* 0x0174	 263 (46 47) */		add	%g4,%g3,%g3
+/* 0x0178	 264 (46 48) */		ldx	[%sp+2247],%g4
+/* 0x017c	 265 (47 50) */		fmuld	%f10,%f6,%f10
+/* 0x0180	 266 (47 50) */		fdtox	%f8,%f8
+/* 0x0184	 267 (47 48) */		std	%f8,[%sp+2239]
+/* 0x0188	 268 (48 49) */		add	%g4,%o0,%g4
+/* 0x018c	 269 (48 49) */		add	%g2,%g5,%g2
+/* 0x0190	 270 (48 49) */		st	%g3,[%i0+8]
+/* 0x0194	 271 (49 52) */		fmuld	%f4,%f6,%f4
+/* 0x0198	 272 (49 50) */		srax	%g3,32,%o0
+/* 0x019c	 273 (49 51) */		ldx	[%sp+2239],%g5
+/* 0x01a0	 274 (50 53) */		fdtox	%f10,%f6
+/* 0x01a4	 275 (50 51) */		std	%f6,[%sp+2231]
+/* 0x01a8	 276 (50 51) */		add	%g2,%o0,%g2
+/* 0x01ac	 277 (51 52) */		srax	%g2,32,%g3
+/* 0x01b0	 278 (51 52) */		add	%g5,%o1,%o1
+/* 0x01b4	 279 (51 52) */		st	%g2,[%i0+12]
+/* 0x01b8	 280 (52 55) */		fdtox	%f4,%f4
+/* 0x01bc	 281 (52 53) */		std	%f4,[%sp+2223]
+/* 0x01c0	 282 (52 53) */		add	%g4,%g3,%g3
+/* 0x01c4	 283 (53 54) */		srax	%g3,32,%g4
+/* 0x01c8	 284 (53 54) */		st	%g3,[%i0+16]
+/* 0x01cc	 285 (54 56) */		ldx	[%sp+2231],%o0
+/* 0x01d0	 286 (54 55) */		add	%o1,%g4,%g4
+/* 0x01d4	 287 (55 56) */		srax	%g4,32,%g2
+/* 0x01d8	 288 (55 57) */		ldx	[%sp+2223],%g5
+/* 0x01dc	 289 (56 57) */		add	%o0,%o2,%o2
+/* 0x01e0	 290 (56 57) */		st	%g4,[%i0+20]
+/* 0x01e4	 291 (57 58) */		add	%o2,%g2,%g2
+/* 0x01e8	 292 (57 58) */		add	%g5,%o3,%g5
+/* 0x01ec	 293 (57 58) */		st	%g2,[%i0+24]
+/* 0x01f0	 294 (58 59) */		srax	%g2,32,%g3
+/* 0x01f4	 295 (59 60) */		add	%g5,%g3,%g2
+/* 0x01f8	 296 (59 60) */		st	%g2,[%i0+28]
+/* 0x01fc	 300 (60 61) */		srax	%g2,32,%o3
+/* 0x0200	 301 (61 62) */		srl	%o3,0,%i0
+/* 0x0204	     (62 64) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0208	     (64 65) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L900000158
+!
+
+                                   .L900000158:		/* frequency 1.0 confidence 0.0 */
+/* 0x020c	 308 ( 0  1) */		bne,a,pn	%icc,.L900000157	! tprob=0.50
+/* 0x0210	     ( 0  1) */		st	%i4,[%sp+2223]
+/* 0x0214	 315 ( 1  4) */		ldd	[%o2],%f4
+/* 0x0218	 316 ( 2  3) */		st	%i4,[%sp+2351]
+/* 0x021c	 317 ( 3  6) */		ldd	[%o0],%f8
+/* 0x0220	 318 ( 3  5) */		fxnor	%f0,%f4,%f4
+/* 0x0224	 319 ( 4  7) */		ldd	[%o2+8],%f10
+/* 0x0228	 320 ( 5  8) */		ldd	[%o0+8],%f14
+/* 0x022c	 321 ( 5  8) */		fitod	%f4,%f12
+/* 0x0230	 322 ( 6  9) */		ld	[%sp+2351],%f7
+/* 0x0234	 323 ( 6  8) */		fxnor	%f0,%f10,%f10
+/* 0x0238	 324 ( 7 10) */		ldd	[%o2+16],%f16
+/* 0x023c	 325 ( 7 10) */		fitod	%f5,%f4
+/* 0x0240	 326 ( 8 11) */		ldd	[%o2+24],%f18
+/* 0x0244	 330 ( 9 12) */		ldd	[%o2+32],%f20
+/* 0x0248	 331 ( 9 11) */		fxnor	%f0,%f16,%f16
+/* 0x024c	 335 (10 13) */		ld	[%i1],%g2
+/* 0x0250	 336 (10 13) */		fsubd	%f14,%f4,%f4
+/* 0x0254	 337 (11 14) */		ldd	[%o2+40],%f22
+/* 0x0258	 338 (11 14) */		fitod	%f16,%f28
+/* 0x025c	 339 (12 15) */		ld	[%i1+4],%g3
+/* 0x0260	 340 (13 16) */		ld	[%i1+8],%g4
+/* 0x0264	 341 (13 15) */		fxnor	%f0,%f22,%f22
+/* 0x0268	 342 (14 17) */		ld	[%i1+12],%g5
+/* 0x026c	 343 (15 18) */		ld	[%i1+16],%o0
+/* 0x0270	 344 (16 19) */		ldd	[%o2+48],%f24
+/* 0x0274	 345 (17 20) */		ld	[%i1+20],%o1
+/* 0x0278	 346 (17 18) */		fmovs	%f8,%f6
+/* 0x027c	 347 (18 21) */		ldd	[%o2+56],%f26
+/* 0x0280	 348 (19 22) */		ld	[%i1+24],%o2
+/* 0x0284	 349 (19 22) */		fsubd	%f6,%f8,%f6
+/* 0x0288	 350 (20 23) */		ld	[%i1+28],%o3
+/* 0x028c	 351 (20 23) */		fsubd	%f14,%f12,%f8
+/* 0x0290	 355 (21 24) */		ld	[%i1+32],%o4
+/* 0x0294	 356 (21 24) */		fitod	%f10,%f12
+/* 0x0298	 357 (22 25) */		ld	[%i1+36],%o7
+/* 0x029c	 358 (22 25) */		fitod	%f11,%f10
+/* 0x02a0	 359 (22 25) */		fmuld	%f4,%f6,%f4
+/* 0x02a4	 360 (23 26) */		ld	[%i1+40],%l1
+/* 0x02a8	 361 (23 26) */		fmuld	%f8,%f6,%f8
+/* 0x02ac	 362 (24 27) */		ld	[%i1+56],%l5
+/* 0x02b0	 363 (24 27) */		fsubd	%f14,%f12,%f12
+/* 0x02b4	 364 (25 28) */		fsubd	%f14,%f10,%f10
+/* 0x02b8	 365 (26 29) */		fdtox	%f8,%f8
+/* 0x02bc	 366 (26 27) */		std	%f8,[%sp+2343]
+/* 0x02c0	 367 (27 30) */		fitod	%f17,%f8
+/* 0x02c4	 368 (27 30) */		fmuld	%f12,%f6,%f12
+/* 0x02c8	 369 (28 31) */		fdtox	%f4,%f4
+/* 0x02cc	 370 (28 29) */		std	%f4,[%sp+2335]
+/* 0x02d0	 371 (28 31) */		fmuld	%f10,%f6,%f10
+/* 0x02d4	 372 (29 31) */		fxnor	%f0,%f18,%f16
+/* 0x02d8	 373 (30 33) */		fdtox	%f12,%f12
+/* 0x02dc	 374 (30 31) */		std	%f12,[%sp+2327]
+/* 0x02e0	 375 (31 33) */		ldx	[%sp+2343],%o5
+/* 0x02e4	 376 (31 34) */		fsubd	%f14,%f8,%f8
+/* 0x02e8	 377 (32 35) */		fsubd	%f14,%f28,%f4
+/* 0x02ec	 378 (33 36) */		fitod	%f17,%f12
+/* 0x02f0	 379 (33 34) */		add	%o5,%g2,%g2
+/* 0x02f4	 380 (33 34) */		st	%g2,[%i0]
+/* 0x02f8	 381 (34 36) */		ldx	[%sp+2335],%o5
+/* 0x02fc	 382 (34 37) */		fitod	%f16,%f18
+/* 0x0300	 383 (34 35) */		srax	%g2,32,%l0
+/* 0x0304	 384 (35 37) */		fxnor	%f0,%f20,%f16
+/* 0x0308	 385 (35 38) */		fmuld	%f8,%f6,%f20
+/* 0x030c	 386 (36 39) */		fdtox	%f10,%f10
+/* 0x0310	 387 (36 37) */		std	%f10,[%sp+2319]
+/* 0x0314	 388 (36 37) */		add	%o5,%g3,%g3
+/* 0x0318	 389 (36 39) */		fmuld	%f4,%f6,%f4
+/* 0x031c	 390 (37 40) */		fitod	%f16,%f8
+/* 0x0320	 391 (37 38) */		add	%g3,%l0,%g3
+/* 0x0324	 392 (37 38) */		st	%g3,[%i0+4]
+/* 0x0328	 393 (38 40) */		ldx	[%sp+2327],%o5
+/* 0x032c	 394 (38 41) */		fsubd	%f14,%f18,%f18
+/* 0x0330	 395 (38 39) */		srax	%g3,32,%l3
+/* 0x0334	 396 (39 41) */		ldx	[%sp+2319],%l2
+/* 0x0338	 397 (39 42) */		fdtox	%f4,%f4
+/* 0x033c	 398 (40 41) */		std	%f4,[%sp+2311]
+/* 0x0340	 399 (40 43) */		fdtox	%f20,%f20
+/* 0x0344	 400 (40 41) */		add	%o5,%g4,%g4
+/* 0x0348	 401 (41 42) */		std	%f20,[%sp+2303]
+/* 0x034c	 402 (41 44) */		fsubd	%f14,%f12,%f4
+/* 0x0350	 403 (41 42) */		add	%g4,%l3,%g4
+/* 0x0354	 404 (41 44) */		fmuld	%f18,%f6,%f18
+/* 0x0358	 405 (42 43) */		st	%g4,[%i0+8]
+/* 0x035c	 406 (42 45) */		fitod	%f17,%f16
+/* 0x0360	 407 (42 43) */		srax	%g4,32,%l4
+/* 0x0364	 408 (43 46) */		ld	[%i1+44],%l0
+/* 0x0368	 409 (43 46) */		fsubd	%f14,%f8,%f20
+/* 0x036c	 410 (43 44) */		add	%l2,%g5,%l2
+/* 0x0370	 411 (44 46) */		ldx	[%sp+2311],%g5
+/* 0x0374	 412 (44 47) */		fitod	%f22,%f8
+/* 0x0378	 413 (44 45) */		add	%l2,%l4,%l2
+/* 0x037c	 414 (44 47) */		fmuld	%f4,%f6,%f4
+/* 0x0380	 415 (45 46) */		st	%l2,[%i0+12]
+/* 0x0384	 416 (45 48) */		fsubd	%f14,%f16,%f10
+/* 0x0388	 417 (46 49) */		ld	[%i1+52],%l3
+/* 0x038c	 418 (46 49) */		fdtox	%f18,%f18
+/* 0x0390	 419 (46 47) */		add	%g5,%o0,%l4
+/* 0x0394	 420 (46 49) */		fmuld	%f20,%f6,%f12
+/* 0x0398	 421 (47 48) */		std	%f18,[%sp+2295]
+/* 0x039c	 422 (47 48) */		srax	%l2,32,%o0
+/* 0x03a0	 423 (47 50) */		fitod	%f23,%f16
+/* 0x03a4	 424 (48 51) */		ld	[%i1+48],%o5
+/* 0x03a8	 425 (48 51) */		fsubd	%f14,%f8,%f8
+/* 0x03ac	 426 (48 49) */		add	%l4,%o0,%l4
+/* 0x03b0	 427 (49 50) */		st	%l4,[%i0+16]
+/* 0x03b4	 428 (49 50) */		srax	%l4,32,%o0
+/* 0x03b8	 429 (49 51) */		fxnor	%f0,%f24,%f18
+/* 0x03bc	 430 (50 52) */		ldx	[%sp+2303],%g5
+/* 0x03c0	 431 (50 53) */		fdtox	%f4,%f4
+/* 0x03c4	 432 (51 52) */		std	%f4,[%sp+2287]
+/* 0x03c8	 433 (51 54) */		fdtox	%f12,%f12
+/* 0x03cc	 434 (51 54) */		fmuld	%f10,%f6,%f4
+/* 0x03d0	 435 (52 53) */		std	%f12,[%sp+2279]
+/* 0x03d4	 436 (52 55) */		fsubd	%f14,%f16,%f12
+/* 0x03d8	 437 (52 53) */		add	%g5,%o1,%g2
+/* 0x03dc	 438 (52 55) */		fmuld	%f8,%f6,%f8
+/* 0x03e0	 439 (53 55) */		ldx	[%sp+2295],%g5
+/* 0x03e4	 440 (53 56) */		fitod	%f18,%f10
+/* 0x03e8	 441 (53 54) */		add	%g2,%o0,%g2
+/* 0x03ec	 442 (54 55) */		st	%g2,[%i0+20]
+/* 0x03f0	 443 (54 57) */		fitod	%f19,%f16
+/* 0x03f4	 444 (54 55) */		srax	%g2,32,%o0
+/* 0x03f8	 445 (55 58) */		fdtox	%f8,%f8
+/* 0x03fc	 446 (55 56) */		std	%f8,[%sp+2263]
+/* 0x0400	 447 (55 56) */		add	%g5,%o2,%g3
+/* 0x0404	 448 (56 58) */		ldx	[%sp+2287],%g5
+/* 0x0408	 449 (56 59) */		fsubd	%f14,%f10,%f10
+/* 0x040c	 450 (56 57) */		add	%g3,%o0,%g3
+/* 0x0410	 451 (57 58) */		st	%g3,[%i0+24]
+/* 0x0414	 452 (57 60) */		fsubd	%f14,%f16,%f8
+/* 0x0418	 453 (57 58) */		srax	%g3,32,%o0
+/* 0x041c	 454 (58 61) */		fdtox	%f4,%f4
+/* 0x0420	 455 (58 59) */		std	%f4,[%sp+2271]
+/* 0x0424	 456 (58 59) */		add	%g5,%o3,%g4
+/* 0x0428	 457 (59 61) */		fxnor	%f0,%f26,%f18
+/* 0x042c	 458 (59 62) */		fmuld	%f12,%f6,%f4
+/* 0x0430	 459 (59 60) */		add	%g4,%o0,%g4
+/* 0x0434	 460 (60 61) */		st	%g4,[%i0+28]
+/* 0x0438	 461 (60 63) */		fmuld	%f10,%f6,%f10
+/* 0x043c	 462 (60 61) */		srax	%g4,32,%o0
+/* 0x0440	 463 (61 63) */		ldx	[%sp+2279],%g5
+/* 0x0444	 464 (61 64) */		fitod	%f18,%f12
+/* 0x0448	 465 (61 64) */		fmuld	%f8,%f6,%f8
+/* 0x044c	 466 (62 65) */		fdtox	%f4,%f4
+/* 0x0450	 467 (62 63) */		std	%f4,[%sp+2255]
+/* 0x0454	 468 (63 64) */		add	%g5,%o4,%l2
+/* 0x0458	 469 (63 65) */		ldx	[%sp+2271],%g5
+/* 0x045c	 470 (63 66) */		fdtox	%f10,%f16
+/* 0x0460	 471 (64 67) */		fsubd	%f14,%f12,%f4
+/* 0x0464	 472 (64 65) */		std	%f16,[%sp+2247]
+/* 0x0468	 473 (64 65) */		add	%l2,%o0,%l2
+/* 0x046c	 474 (65 68) */		fdtox	%f8,%f8
+/* 0x0470	 475 (65 66) */		std	%f8,[%sp+2239]
+/* 0x0474	 476 (65 66) */		add	%g5,%o7,%l4
+/* 0x0478	 477 (66 69) */		fitod	%f19,%f10
+/* 0x047c	 478 (66 68) */		ldx	[%sp+2263],%g5
+/* 0x0480	 479 (66 67) */		srax	%l2,32,%o0
+/* 0x0484	 480 (67 68) */		add	%l4,%o0,%l4
+/* 0x0488	 481 (67 70) */		fmuld	%f4,%f6,%f4
+/* 0x048c	 482 (67 69) */		ldx	[%sp+2255],%o0
+/* 0x0490	 483 (68 69) */		srax	%l4,32,%o1
+/* 0x0494	 484 (68 69) */		add	%g5,%l1,%l1
+/* 0x0498	 485 (68 69) */		st	%l2,[%i0+32]
+/* 0x049c	 486 (69 72) */		fsubd	%f14,%f10,%f8
+/* 0x04a0	 487 (69 71) */		ldx	[%sp+2239],%o3
+/* 0x04a4	 488 (69 70) */		add	%l1,%o1,%o1
+/* 0x04a8	 489 (70 72) */		ldx	[%sp+2247],%g5
+/* 0x04ac	 490 (70 71) */		srax	%o1,32,%o2
+/* 0x04b0	 491 (70 71) */		add	%o0,%l0,%o0
+/* 0x04b4	 492 (71 74) */		fdtox	%f4,%f4
+/* 0x04b8	 493 (71 72) */		std	%f4,[%sp+2231]
+/* 0x04bc	 494 (71 72) */		add	%o0,%o2,%o2
+/* 0x04c0	 495 (72 73) */		add	%o3,%l3,%l3
+/* 0x04c4	 496 (72 75) */		fmuld	%f8,%f6,%f4
+/* 0x04c8	 497 (72 73) */		add	%g5,%o5,%g5
+/* 0x04cc	 498 (73 74) */		srax	%o2,32,%o3
+/* 0x04d0	 499 (73 74) */		st	%l4,[%i0+36]
+/* 0x04d4	 500 (74 75) */		add	%g5,%o3,%g2
+/* 0x04d8	 501 (74 76) */		ldx	[%sp+2231],%o0
+/* 0x04dc	 502 (75 76) */		srax	%g2,32,%g3
+/* 0x04e0	 503 (75 78) */		fdtox	%f4,%f4
+/* 0x04e4	 504 (75 76) */		std	%f4,[%sp+2223]
+/* 0x04e8	 505 (76 77) */		st	%o1,[%i0+40]
+/* 0x04ec	 506 (76 77) */		add	%l3,%g3,%g3
+/* 0x04f0	 507 (76 77) */		add	%o0,%l5,%g5
+/* 0x04f4	 508 (77 78) */		st	%o2,[%i0+44]
+/* 0x04f8	 509 (77 78) */		srax	%g3,32,%g4
+/* 0x04fc	 510 (78 79) */		st	%g2,[%i0+48]
+/* 0x0500	 511 (78 79) */		add	%g5,%g4,%g4
+/* 0x0504	 512 (79 80) */		st	%g3,[%i0+52]
+/* 0x0508	 513 (79 80) */		srax	%g4,32,%g5
+/* 0x050c	 514 (80 83) */		ld	[%i1+60],%g3
+/* 0x0510	 515 (81 83) */		ldx	[%sp+2223],%g2
+/* 0x0514	 516 (82 83) */		st	%g4,[%i0+56]
+/* 0x0518	 517 (83 84) */		add	%g2,%g3,%g2
+/* 0x051c	 518 (84 85) */		add	%g2,%g5,%g2
+/* 0x0520	 519 (84 85) */		st	%g2,[%i0+60]
+/* 0x0524	 523 (85 86) */		srax	%g2,32,%o3
+/* 0x0528	 524 (86 87) */		srl	%o3,0,%i0
+/* 0x052c	     (87 89) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0530	     (89 90) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L900000157
+!
+
+                                   .L900000157:		/* frequency 1.0 confidence 0.0 */
+/* 0x0534	 532 ( 0  1) */		fmovd	%f0,%f14
+/* 0x0538	 533 ( 0  3) */		ldd	[%o0],%f8
+/* 0x053c	 539 ( 0  1) */		add	%i3,1,%g2
+/* 0x0540	 540 ( 1  4) */		ld	[%sp+2223],%f7
+/* 0x0544	 541 ( 1  2) */		srl	%g2,31,%g3
+/* 0x0548	 545 ( 1  2) */		add	%fp,-217,%g4
+/* 0x054c	 546 ( 2  3) */		add	%g2,%g3,%g2
+/* 0x0550	 547 ( 2  3) */		or	%g0,0,%g5
+/* 0x0554	 548 ( 2  5) */		ldd	[%o0+8],%f18
+/* 0x0558	 549 ( 3  4) */		fmovs	%f8,%f6
+/* 0x055c	 550 ( 3  4) */		sra	%g2,1,%o1
+/* 0x0560	 551 ( 3  4) */		or	%g0,0,%o0
+/* 0x0564	 552 ( 4  5) */		subcc	%o1,0,%g0
+/* 0x0568	 553 ( 5  6) */		or	%g0,%o1,%o3
+/* 0x056c	 554 ( 5  8) */		fsubd	%f6,%f8,%f16
+/* 0x0570	 555 ( 5  6) */		ble,pt	%icc,.L900000156	! tprob=0.50
+/* 0x0574	     ( 6  7) */		subcc	%i3,0,%g0
+/* 0x0578	 557 ( 6  7) */		sub	%o1,1,%g2
+/* 0x057c	 558 ( 7  8) */		or	%g0,0,%i0
+/* 0x0580	 559 ( 7  8) */		or	%g0,1,%g3
+/* 0x0584	 560 ( 8  9) */		subcc	%o3,10,%g0
+/* 0x0588	 561 ( 8  9) */		bl,pn	%icc,.L77000077	! tprob=0.50
+/* 0x058c	     ( 9 10) */		or	%g0,0,%o1
+/* 0x0590	 563 ( 9 12) */		ldd	[%i2+8],%f0
+/* 0x0594	 564 ( 9 10) */		sub	%o3,3,%o3
+/* 0x0598	 565 (10 13) */		ldd	[%i2],%f2
+/* 0x059c	 566 (10 11) */		or	%g0,7,%o0
+/* 0x05a0	 567 (10 11) */		or	%g0,2,%i0
+/* 0x05a4	 568 (11 13) */		fxnor	%f14,%f0,%f8
+/* 0x05a8	 569 (11 14) */		ldd	[%i2+16],%f4
+/* 0x05ac	 570 (11 12) */		or	%g0,16,%o2
+/* 0x05b0	 571 (12 14) */		fxnor	%f14,%f2,%f2
+/* 0x05b4	 572 (12 15) */		ldd	[%i2+24],%f6
+/* 0x05b8	 573 (12 13) */		or	%g0,48,%o4
+/* 0x05bc	 574 (13 16) */		fitod	%f8,%f12
+/* 0x05c0	 575 (13 14) */		or	%g0,24,%o1
+/* 0x05c4	 576 (13 14) */		or	%g0,3,%g3
+/* 0x05c8	 577 (14 17) */		fitod	%f2,%f0
+/* 0x05cc	 578 (15 18) */		fitod	%f3,%f20
+/* 0x05d0	 579 (15 18) */		ldd	[%i2+32],%f2
+/* 0x05d4	 580 (16 19) */		fitod	%f9,%f10
+/* 0x05d8	 581 (16 19) */		ldd	[%i2+40],%f8
+/* 0x05dc	 582 (17 20) */		fsubd	%f18,%f0,%f0
+/* 0x05e0	 583 (18 21) */		fsubd	%f18,%f20,%f22
+/* 0x05e4	 584 (19 22) */		fsubd	%f18,%f12,%f20
+/* 0x05e8	 585 (19 22) */		ldd	[%i2+48],%f12
+/* 0x05ec	 586 (20 23) */		fsubd	%f18,%f10,%f10
+/* 0x05f0	 587 (20 23) */		fmuld	%f0,%f16,%f0
+/* 0x05f4	 588 (21 23) */		fxnor	%f14,%f4,%f4
+/* 0x05f8	 589 (21 24) */		fmuld	%f22,%f16,%f22
+/* 0x05fc	 590 (22 24) */		fxnor	%f14,%f6,%f6
+/* 0x0600	 591 (22 25) */		fmuld	%f20,%f16,%f20
+/* 0x0604	 592 (23 26) */		fdtox	%f0,%f0
+/* 0x0608	 593 (23 24) */		std	%f0,[%fp-217]
+/* 0x060c	 594 (23 26) */		fmuld	%f10,%f16,%f10
+/* 0x0610	 595 (24 27) */		fdtox	%f22,%f22
+/* 0x0614	 596 (24 25) */		std	%f22,[%fp-209]
+/* 0x0618	 597 (25 28) */		fitod	%f5,%f0
+/* 0x061c	 598 (26 29) */		fdtox	%f10,%f10
+/* 0x0620	 599 (27 30) */		fdtox	%f20,%f20
+/* 0x0624	 600 (27 28) */		std	%f20,[%fp-201]
+/* 0x0628	 601 (28 31) */		fitod	%f4,%f4
+/* 0x062c	 602 (28 29) */		std	%f10,[%fp-193]
+/* 0x0630	 603 (29 31) */		fxnor	%f14,%f2,%f10
+/* 0x0634	 604 (30 33) */		fitod	%f7,%f2
+/* 0x0638	 605 (31 34) */		fsubd	%f18,%f0,%f0
+/* 0x063c	 606 (32 35) */		fsubd	%f18,%f4,%f4
+/* 0x0640	 607 (33 35) */		fxnor	%f14,%f8,%f8
+
+!
+! ENTRY .L900000144
+!
+
+                                   .L900000144:		/* frequency 1.0 confidence 0.0 */
+/* 0x0644	 609 ( 0  3) */		fitod	%f11,%f22
+/* 0x0648	 610 ( 0  1) */		add	%o0,3,%o0
+/* 0x064c	 611 ( 0  1) */		add	%g3,6,%g3
+/* 0x0650	 612 ( 0  3) */		fmuld	%f0,%f16,%f0
+/* 0x0654	 613 ( 1  4) */		fmuld	%f4,%f16,%f24
+/* 0x0658	 614 ( 1  2) */		subcc	%o0,%o3,%g0
+/* 0x065c	 615 ( 1  2) */		add	%i0,6,%i0
+/* 0x0660	 616 ( 1  4) */		fsubd	%f18,%f2,%f2
+/* 0x0664	 617 ( 2  5) */		fitod	%f6,%f4
+/* 0x0668	 618 ( 3  6) */		fdtox	%f0,%f0
+/* 0x066c	 619 ( 3  4) */		add	%o4,8,%i1
+/* 0x0670	 620 ( 4  7) */		ldd	[%i2+%i1],%f20
+/* 0x0674	 621 ( 4  7) */		fdtox	%f24,%f6
+/* 0x0678	 622 ( 4  5) */		add	%o2,16,%o4
+/* 0x067c	 623 ( 5  8) */		fsubd	%f18,%f4,%f4
+/* 0x0680	 624 ( 5  6) */		std	%f6,[%o4+%g4]
+/* 0x0684	 625 ( 5  6) */		add	%o1,16,%o2
+/* 0x0688	 626 ( 6  8) */		fxnor	%f14,%f12,%f6
+/* 0x068c	 627 ( 6  7) */		std	%f0,[%o2+%g4]
+/* 0x0690	 628 ( 7 10) */		fitod	%f9,%f0
+/* 0x0694	 629 ( 7 10) */		fmuld	%f2,%f16,%f2
+/* 0x0698	 630 ( 8 11) */		fmuld	%f4,%f16,%f24
+/* 0x069c	 631 ( 8 11) */		fsubd	%f18,%f22,%f12
+/* 0x06a0	 632 ( 9 12) */		fitod	%f10,%f4
+/* 0x06a4	 633 (10 13) */		fdtox	%f2,%f2
+/* 0x06a8	 634 (10 11) */		add	%i1,8,%o1
+/* 0x06ac	 635 (11 14) */		ldd	[%i2+%o1],%f22
+/* 0x06b0	 636 (11 14) */		fdtox	%f24,%f10
+/* 0x06b4	 637 (11 12) */		add	%o4,16,%i4
+/* 0x06b8	 638 (12 15) */		fsubd	%f18,%f4,%f4
+/* 0x06bc	 639 (12 13) */		std	%f10,[%i4+%g4]
+/* 0x06c0	 640 (12 13) */		add	%o2,16,%i1
+/* 0x06c4	 641 (13 15) */		fxnor	%f14,%f20,%f10
+/* 0x06c8	 642 (13 14) */		std	%f2,[%i1+%g4]
+/* 0x06cc	 643 (14 17) */		fitod	%f7,%f2
+/* 0x06d0	 644 (14 17) */		fmuld	%f12,%f16,%f12
+/* 0x06d4	 645 (15 18) */		fmuld	%f4,%f16,%f24
+/* 0x06d8	 646 (15 18) */		fsubd	%f18,%f0,%f0
+/* 0x06dc	 647 (16 19) */		fitod	%f8,%f4
+/* 0x06e0	 648 (17 20) */		fdtox	%f12,%f20
+/* 0x06e4	 649 (17 18) */		add	%o1,8,%o4
+/* 0x06e8	 650 (18 21) */		ldd	[%i2+%o4],%f12
+/* 0x06ec	 651 (18 21) */		fdtox	%f24,%f8
+/* 0x06f0	 652 (18 19) */		add	%i4,16,%o2
+/* 0x06f4	 653 (19 22) */		fsubd	%f18,%f4,%f4
+/* 0x06f8	 654 (19 20) */		std	%f8,[%o2+%g4]
+/* 0x06fc	 655 (19 20) */		add	%i1,16,%o1
+/* 0x0700	 656 (20 22) */		fxnor	%f14,%f22,%f8
+/* 0x0704	 657 (20 21) */		ble,pt	%icc,.L900000144	! tprob=0.50
+/* 0x0708	     (20 21) */		std	%f20,[%o1+%g4]
+
+!
+! ENTRY .L900000147
+!
+
+                                   .L900000147:		/* frequency 1.0 confidence 0.0 */
+/* 0x070c	 660 ( 0  3) */		fitod	%f6,%f6
+/* 0x0710	 661 ( 0  3) */		fmuld	%f4,%f16,%f24
+/* 0x0714	 662 ( 0  1) */		add	%i4,32,%l4
+/* 0x0718	 663 ( 1  4) */		fsubd	%f18,%f2,%f2
+/* 0x071c	 664 ( 1  4) */		fmuld	%f0,%f16,%f22
+/* 0x0720	 665 ( 1  2) */		add	%i1,32,%l3
+/* 0x0724	 666 ( 2  5) */		fitod	%f10,%f28
+/* 0x0728	 667 ( 2  3) */		sra	%o0,0,%o2
+/* 0x072c	 668 ( 2  3) */		add	%i4,48,%l2
+/* 0x0730	 669 ( 3  6) */		fsubd	%f18,%f6,%f4
+/* 0x0734	 670 ( 3  4) */		add	%i1,48,%l1
+/* 0x0738	 671 ( 3  4) */		add	%i4,64,%l0
+/* 0x073c	 672 ( 4  7) */		fitod	%f11,%f26
+/* 0x0740	 673 ( 4  5) */		sllx	%o2,3,%o1
+/* 0x0744	 674 ( 4  5) */		add	%i1,64,%i5
+/* 0x0748	 675 ( 5  8) */		fitod	%f8,%f6
+/* 0x074c	 676 ( 5  6) */		add	%i4,80,%i4
+/* 0x0750	 677 ( 5  6) */		add	%i1,80,%i1
+/* 0x0754	 678 ( 6  8) */		fxnor	%f14,%f12,%f0
+/* 0x0758	 679 ( 6  9) */		fmuld	%f4,%f16,%f20
+/* 0x075c	 680 ( 6  7) */		add	%i4,16,%o4
+/* 0x0760	 681 ( 7 10) */		fitod	%f9,%f4
+/* 0x0764	 682 ( 7 10) */		fmuld	%f2,%f16,%f12
+/* 0x0768	 683 ( 7  8) */		add	%i1,16,%o3
+/* 0x076c	 684 ( 8 11) */		fsubd	%f18,%f28,%f10
+/* 0x0770	 685 ( 8  9) */		subcc	%o0,%g2,%g0
+/* 0x0774	 686 ( 8  9) */		add	%g3,12,%g3
+/* 0x0778	 687 ( 9 12) */		fitod	%f0,%f2
+/* 0x077c	 688 (10 13) */		fsubd	%f18,%f26,%f8
+/* 0x0780	 689 (11 14) */		fitod	%f1,%f0
+/* 0x0784	 690 (11 14) */		fmuld	%f10,%f16,%f10
+/* 0x0788	 691 (12 15) */		fdtox	%f24,%f24
+/* 0x078c	 692 (12 13) */		std	%f24,[%l4+%g4]
+/* 0x0790	 693 (12 13) */		add	%i0,12,%i0
+/* 0x0794	 694 (13 16) */		fsubd	%f18,%f6,%f6
+/* 0x0798	 695 (13 16) */		fmuld	%f8,%f16,%f8
+/* 0x079c	 696 (14 17) */		fdtox	%f22,%f22
+/* 0x07a0	 697 (14 15) */		std	%f22,[%l3+%g4]
+/* 0x07a4	 698 (15 18) */		fsubd	%f18,%f4,%f4
+/* 0x07a8	 699 (16 19) */		fdtox	%f20,%f20
+/* 0x07ac	 700 (16 17) */		std	%f20,[%l2+%g4]
+/* 0x07b0	 701 (16 19) */		fmuld	%f6,%f16,%f6
+/* 0x07b4	 702 (17 20) */		fsubd	%f18,%f2,%f2
+/* 0x07b8	 703 (18 21) */		fsubd	%f18,%f0,%f0
+/* 0x07bc	 704 (18 21) */		fmuld	%f4,%f16,%f4
+/* 0x07c0	 705 (19 22) */		fdtox	%f12,%f12
+/* 0x07c4	 706 (19 20) */		std	%f12,[%l1+%g4]
+/* 0x07c8	 707 (20 23) */		fdtox	%f10,%f10
+/* 0x07cc	 708 (20 21) */		std	%f10,[%l0+%g4]
+/* 0x07d0	 709 (20 23) */		fmuld	%f2,%f16,%f2
+/* 0x07d4	 710 (21 24) */		fdtox	%f8,%f8
+/* 0x07d8	 711 (21 22) */		std	%f8,[%i5+%g4]
+/* 0x07dc	 712 (21 24) */		fmuld	%f0,%f16,%f0
+/* 0x07e0	 713 (22 25) */		fdtox	%f6,%f6
+/* 0x07e4	 714 (22 23) */		std	%f6,[%i4+%g4]
+/* 0x07e8	 715 (23 26) */		fdtox	%f4,%f4
+/* 0x07ec	 716 (23 24) */		std	%f4,[%i1+%g4]
+/* 0x07f0	 717 (24 27) */		fdtox	%f2,%f2
+/* 0x07f4	 718 (24 25) */		std	%f2,[%o4+%g4]
+/* 0x07f8	 719 (25 28) */		fdtox	%f0,%f0
+/* 0x07fc	 720 (25 26) */		bg,pn	%icc,.L77000043	! tprob=0.50
+/* 0x0800	     (25 26) */		std	%f0,[%o3+%g4]
+
+!
+! ENTRY .L77000077
+!
+
+                                   .L77000077:		/* frequency 1.0 confidence 0.0 */
+/* 0x0804	 723 ( 0  3) */		ldd	[%i2+%o1],%f0
+
+!
+! ENTRY .L900000155
+!
+
+                                   .L900000155:		/* frequency 1.0 confidence 0.0 */
+/* 0x0808	 725 ( 0  2) */		fxnor	%f14,%f0,%f0
+/* 0x080c	 726 ( 0  1) */		sra	%i0,0,%o1
+/* 0x0810	 727 ( 0  1) */		add	%o0,1,%o0
+/* 0x0814	 728 ( 1  2) */		sllx	%o1,3,%i4
+/* 0x0818	 729 ( 1  2) */		add	%i0,2,%i0
+/* 0x081c	 730 ( 2  5) */		fitod	%f0,%f2
+/* 0x0820	 731 ( 2  3) */		sra	%g3,0,%o1
+/* 0x0824	 732 ( 2  3) */		add	%g3,2,%g3
+/* 0x0828	 733 ( 3  6) */		fitod	%f1,%f0
+/* 0x082c	 734 ( 3  4) */		sllx	%o1,3,%i1
+/* 0x0830	 735 ( 3  4) */		subcc	%o0,%g2,%g0
+/* 0x0834	 736 ( 4  5) */		sra	%o0,0,%o2
+/* 0x0838	 737 ( 5  8) */		fsubd	%f18,%f2,%f2
+/* 0x083c	 738 ( 5  6) */		sllx	%o2,3,%o1
+/* 0x0840	 739 ( 6  9) */		fsubd	%f18,%f0,%f0
+/* 0x0844	 740 ( 8 11) */		fmuld	%f2,%f16,%f2
+/* 0x0848	 741 ( 9 12) */		fmuld	%f0,%f16,%f0
+/* 0x084c	 742 (11 14) */		fdtox	%f2,%f2
+/* 0x0850	 743 (11 12) */		std	%f2,[%i4+%g4]
+/* 0x0854	 744 (12 15) */		fdtox	%f0,%f0
+/* 0x0858	 745 (12 13) */		std	%f0,[%i1+%g4]
+/* 0x085c	 746 (12 13) */		ble,a,pt	%icc,.L900000155	! tprob=0.50
+/* 0x0860	     (14 17) */		ldd	[%i2+%o1],%f0
+
+!
+! ENTRY .L77000043
+!
+
+                                   .L77000043:		/* frequency 1.0 confidence 0.0 */
+/* 0x0864	 754 ( 0  1) */		subcc	%i3,0,%g0
+
+!
+! ENTRY .L900000156
+!
+
+                                   .L900000156:		/* frequency 1.0 confidence 0.0 */
+/* 0x0868	 756 ( 0  1) */		ble,a,pt	%icc,.L77000061	! tprob=0.50
+/* 0x086c	     ( 0  1) */		or	%g0,%g5,%o3
+/* 0x0870	 761 ( 0  2) */		ldx	[%fp-209],%i1
+/* 0x0874	 762 ( 1  2) */		sub	%i3,1,%g3
+/* 0x0878	 763 ( 1  2) */		or	%g0,0,%i0
+/* 0x087c	 764 ( 2  3) */		subcc	%i3,5,%g0
+/* 0x0880	 765 ( 2  3) */		bl,pn	%icc,.L77000078	! tprob=0.50
+/* 0x0884	     ( 2  4) */		ldx	[%fp-217],%i2
+/* 0x0888	 767 ( 3  6) */		ld	[%o5],%i3
+/* 0x088c	 768 ( 3  4) */		or	%g0,8,%g2
+/* 0x0890	 769 ( 3  4) */		or	%g0,16,%o4
+/* 0x0894	 770 ( 4  5) */		sub	%g3,1,%o3
+/* 0x0898	 771 ( 4  5) */		or	%g0,3,%i0
+/* 0x089c	 772 ( 5  6) */		add	%i2,%i3,%o1
+/* 0x08a0	 773 ( 5  8) */		ld	[%o5+4],%i2
+/* 0x08a4	 774 ( 6  7) */		st	%o1,[%o7]
+/* 0x08a8	 775 ( 6  7) */		srax	%o1,32,%o1
+/* 0x08ac	 776 ( 7  9) */		ldx	[%fp-201],%o2
+/* 0x08b0	 777 ( 7  8) */		add	%i1,%i2,%o0
+/* 0x08b4	 778 ( 7  8) */		or	%g0,%o1,%i1
+/* 0x08b8	 779 ( 8 11) */		ld	[%o5+8],%o1
+/* 0x08bc	 780 ( 8  9) */		add	%o0,%i1,%o0
+/* 0x08c0	 781 ( 9 10) */		st	%o0,[%o7+4]
+/* 0x08c4	 782 ( 9 10) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000140
+!
+
+                                   .L900000140:		/* frequency 1.0 confidence 0.0 */
+/* 0x08c8	 784 ( 0  1) */		add	%g2,4,%i1
+/* 0x08cc	 785 ( 0  1) */		add	%o4,8,%o4
+/* 0x08d0	 786 ( 1  3) */		ldx	[%o4+%g4],%i2
+/* 0x08d4	 787 ( 1  2) */		sra	%o0,0,%g5
+/* 0x08d8	 788 ( 1  2) */		add	%o2,%o1,%o1
+/* 0x08dc	 789 ( 2  5) */		ld	[%o5+%i1],%o0
+/* 0x08e0	 790 ( 2  3) */		add	%o1,%g5,%o1
+/* 0x08e4	 791 ( 2  3) */		add	%i0,2,%i0
+/* 0x08e8	 792 ( 3  4) */		st	%o1,[%o7+%g2]
+/* 0x08ec	 793 ( 3  4) */		srax	%o1,32,%g5
+/* 0x08f0	 794 ( 3  4) */		subcc	%i0,%o3,%g0
+/* 0x08f4	 795 ( 4  5) */		add	%g2,8,%g2
+/* 0x08f8	 796 ( 4  5) */		add	%o4,8,%o4
+/* 0x08fc	 797 ( 5  7) */		ldx	[%o4+%g4],%o2
+/* 0x0900	 798 ( 5  6) */		add	%i2,%o0,%o0
+/* 0x0904	 799 ( 6  9) */		ld	[%o5+%g2],%o1
+/* 0x0908	 800 ( 6  7) */		add	%o0,%g5,%o0
+/* 0x090c	 801 ( 7  8) */		st	%o0,[%o7+%i1]
+/* 0x0910	 802 ( 7  8) */		ble,pt	%icc,.L900000140	! tprob=0.50
+/* 0x0914	     ( 7  8) */		srax	%o0,32,%o0
+
+!
+! ENTRY .L900000143
+!
+
+                                   .L900000143:		/* frequency 1.0 confidence 0.0 */
+/* 0x0918	 805 ( 0  1) */		sra	%o0,0,%o3
+/* 0x091c	 806 ( 0  1) */		add	%o2,%o1,%o0
+/* 0x0920	 807 ( 1  2) */		add	%o0,%o3,%o0
+/* 0x0924	 808 ( 1  2) */		st	%o0,[%o7+%g2]
+/* 0x0928	 809 ( 1  2) */		subcc	%i0,%g3,%g0
+/* 0x092c	 810 ( 2  3) */		srax	%o0,32,%g5
+/* 0x0930	 811 ( 2  3) */		bg,a,pn	%icc,.L77000061	! tprob=0.50
+/* 0x0934	     ( 3  4) */		or	%g0,%g5,%o3
+
+!
+! ENTRY .L77000078
+!
+
+                                   .L77000078:		/* frequency 1.0 confidence 0.0 */
+/* 0x0938	 814 ( 0  1) */		sra	%i0,0,%o0
+
+!
+! ENTRY .L900000154
+!
+
+                                   .L900000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x093c	 816 ( 0  1) */		sllx	%o0,2,%g2
+/* 0x0940	 817 ( 0  1) */		add	%i0,1,%i0
+/* 0x0944	 818 ( 1  2) */		sllx	%o0,3,%o4
+/* 0x0948	 819 ( 1  4) */		ld	[%o5+%g2],%o2
+/* 0x094c	 820 ( 1  2) */		subcc	%i0,%g3,%g0
+/* 0x0950	 821 ( 2  4) */		ldx	[%o4+%g4],%o0
+/* 0x0954	 822 ( 2  3) */		sra	%g5,0,%o1
+/* 0x0958	 823 ( 4  5) */		add	%o0,%o2,%o0
+/* 0x095c	 824 ( 5  6) */		add	%o0,%o1,%o0
+/* 0x0960	 825 ( 5  6) */		st	%o0,[%o7+%g2]
+/* 0x0964	 826 ( 6  7) */		srax	%o0,32,%g5
+/* 0x0968	 827 ( 6  7) */		ble,pt	%icc,.L900000154	! tprob=0.50
+/* 0x096c	     ( 7  8) */		sra	%i0,0,%o0
+
+!
+! ENTRY .L77000047
+!
+
+                                   .L77000047:		/* frequency 1.0 confidence 0.0 */
+/* 0x0970	 834 ( 0  1) */		or	%g0,%g5,%o3
+
+!
+! ENTRY .L77000061
+!
+
+                                  .L77000061:		/* frequency 1.0 confidence 0.0 */
+
+/* 0x0974	 835 ( 1  2) */		srl	%o3,0,%i0
+/* 0x0978	     ( 2  4) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x097c	     ( 4  5) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000048
+!
+
+                                   .L77000048:		/* frequency 1.0 confidence 0.0 */
+/* 0x0980	 844 ( 0  1) */		bne,pn	%icc,.L77000050	! tprob=0.50
+/* 0x0984	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x0988	 854 ( 0  3) */		ldd	[%o2],%f4
+/* 0x098c	 855 ( 1  4) */		ldd	[%o0],%f6
+/* 0x0990	 856 ( 1  2) */		srl	%i4,19,%g3
+/* 0x0994	 857 ( 1  2) */		andn	%i4,%g2,%g2
+/* 0x0998	 858 ( 2  3) */		st	%g3,[%sp+2351]
+/* 0x099c	 859 ( 2  4) */		fxnor	%f0,%f4,%f4
+/* 0x09a0	 860 ( 3  4) */		st	%g2,[%sp+2355]
+/* 0x09a4	 861 ( 4  7) */		ldd	[%o2+8],%f12
+/* 0x09a8	 862 ( 4  7) */		fitod	%f4,%f10
+/* 0x09ac	 863 ( 5  8) */		ldd	[%o0+8],%f16
+/* 0x09b0	 864 ( 5  8) */		fitod	%f5,%f4
+/* 0x09b4	 865 ( 6  9) */		ldd	[%o2+16],%f18
+/* 0x09b8	 866 ( 6  8) */		fxnor	%f0,%f12,%f12
+/* 0x09bc	 867 ( 7 10) */		ld	[%sp+2351],%f9
+/* 0x09c0	 868 ( 7 10) */		fsubd	%f16,%f10,%f10
+/* 0x09c4	 869 ( 8 11) */		ld	[%sp+2355],%f15
+/* 0x09c8	 870 ( 8 11) */		fitod	%f12,%f22
+/* 0x09cc	 871 ( 9 12) */		ldd	[%o2+24],%f20
+/* 0x09d0	 872 ( 9 12) */		fitod	%f13,%f12
+/* 0x09d4	 876 (10 13) */		ld	[%i1],%g2
+/* 0x09d8	 877 (10 13) */		fsubd	%f16,%f4,%f4
+/* 0x09dc	 878 (11 14) */		ld	[%i1+4],%g3
+/* 0x09e0	 879 (11 14) */		fsubd	%f16,%f22,%f22
+/* 0x09e4	 880 (12 15) */		ld	[%i1+8],%g4
+/* 0x09e8	 881 (12 14) */		fxnor	%f0,%f18,%f18
+/* 0x09ec	 882 (13 16) */		ld	[%i1+12],%g5
+/* 0x09f0	 883 (13 16) */		fsubd	%f16,%f12,%f12
+/* 0x09f4	 884 (14 17) */		ld	[%i1+16],%o0
+/* 0x09f8	 885 (14 17) */		fitod	%f18,%f26
+/* 0x09fc	 886 (15 18) */		ld	[%i1+20],%o1
+/* 0x0a00	 887 (15 17) */		fxnor	%f0,%f20,%f20
+/* 0x0a04	 888 (16 19) */		ld	[%i1+24],%o2
+/* 0x0a08	 889 (17 20) */		ld	[%i1+28],%o3
+/* 0x0a0c	 890 (19 20) */		fmovs	%f6,%f8
+/* 0x0a10	 891 (20 21) */		fmovs	%f6,%f14
+/* 0x0a14	 892 (22 25) */		fsubd	%f8,%f6,%f8
+/* 0x0a18	 893 (23 26) */		fsubd	%f14,%f6,%f6
+/* 0x0a1c	 894 (25 28) */		fmuld	%f10,%f8,%f14
+/* 0x0a20	 895 (26 29) */		fmuld	%f10,%f6,%f10
+/* 0x0a24	 896 (27 30) */		fmuld	%f4,%f8,%f24
+/* 0x0a28	 897 (28 31) */		fdtox	%f14,%f14
+/* 0x0a2c	 898 (28 29) */		std	%f14,[%sp+2335]
+/* 0x0a30	 899 (28 31) */		fmuld	%f22,%f8,%f28
+/* 0x0a34	 900 (29 32) */		fitod	%f19,%f14
+/* 0x0a38	 901 (29 32) */		fmuld	%f22,%f6,%f18
+/* 0x0a3c	 902 (30 33) */		fdtox	%f10,%f10
+/* 0x0a40	 903 (30 31) */		std	%f10,[%sp+2343]
+/* 0x0a44	 904 (30 33) */		fmuld	%f4,%f6,%f4
+/* 0x0a48	 905 (31 34) */		fmuld	%f12,%f8,%f22
+/* 0x0a4c	 906 (32 35) */		fdtox	%f18,%f18
+/* 0x0a50	 907 (32 33) */		std	%f18,[%sp+2311]
+/* 0x0a54	 908 (32 35) */		fmuld	%f12,%f6,%f10
+/* 0x0a58	 909 (33 35) */		ldx	[%sp+2335],%o4
+/* 0x0a5c	 910 (33 36) */		fdtox	%f24,%f12
+/* 0x0a60	 911 (34 35) */		std	%f12,[%sp+2319]
+/* 0x0a64	 912 (34 37) */		fsubd	%f16,%f26,%f12
+/* 0x0a68	 913 (35 37) */		ldx	[%sp+2343],%o5
+/* 0x0a6c	 914 (35 36) */		sllx	%o4,19,%o4
+/* 0x0a70	 915 (35 38) */		fdtox	%f4,%f4
+/* 0x0a74	 916 (36 37) */		std	%f4,[%sp+2327]
+/* 0x0a78	 917 (36 39) */		fdtox	%f28,%f24
+/* 0x0a7c	 918 (37 38) */		std	%f24,[%sp+2303]
+/* 0x0a80	 919 (37 40) */		fitod	%f20,%f4
+/* 0x0a84	 920 (37 38) */		add	%o5,%o4,%o4
+/* 0x0a88	 921 (37 40) */		fmuld	%f12,%f8,%f24
+/* 0x0a8c	 922 (38 40) */		ldx	[%sp+2319],%o7
+/* 0x0a90	 923 (38 41) */		fsubd	%f16,%f14,%f14
+/* 0x0a94	 924 (38 39) */		add	%o4,%g2,%o4
+/* 0x0a98	 925 (38 41) */		fmuld	%f12,%f6,%f12
+/* 0x0a9c	 926 (39 41) */		ldx	[%sp+2327],%o5
+/* 0x0aa0	 927 (39 42) */		fitod	%f21,%f18
+/* 0x0aa4	 928 (40 41) */		st	%o4,[%i0]
+/* 0x0aa8	 929 (40 41) */		sllx	%o7,19,%o7
+/* 0x0aac	 930 (40 43) */		fdtox	%f22,%f20
+/* 0x0ab0	 931 (41 42) */		std	%f20,[%sp+2287]
+/* 0x0ab4	 932 (41 44) */		fdtox	%f10,%f10
+/* 0x0ab8	 933 (41 42) */		add	%o5,%o7,%o5
+/* 0x0abc	 934 (41 44) */		fmuld	%f14,%f8,%f20
+/* 0x0ac0	 935 (42 43) */		std	%f10,[%sp+2295]
+/* 0x0ac4	 936 (42 43) */		srlx	%o4,32,%o7
+/* 0x0ac8	 937 (42 45) */		fsubd	%f16,%f4,%f4
+/* 0x0acc	 938 (42 45) */		fmuld	%f14,%f6,%f14
+/* 0x0ad0	 939 (43 45) */		ldx	[%sp+2311],%g2
+/* 0x0ad4	 940 (43 46) */		fdtox	%f24,%f10
+/* 0x0ad8	 941 (43 44) */		add	%o5,%g3,%g3
+/* 0x0adc	 942 (44 45) */		std	%f10,[%sp+2271]
+/* 0x0ae0	 943 (44 45) */		add	%g3,%o7,%g3
+/* 0x0ae4	 944 (44 47) */		fdtox	%f12,%f12
+/* 0x0ae8	 945 (45 47) */		ldx	[%sp+2303],%l0
+/* 0x0aec	 946 (45 48) */		fsubd	%f16,%f18,%f10
+/* 0x0af0	 947 (45 48) */		fmuld	%f4,%f8,%f16
+/* 0x0af4	 948 (46 47) */		std	%f12,[%sp+2279]
+/* 0x0af8	 949 (46 49) */		fdtox	%f20,%f12
+/* 0x0afc	 950 (46 49) */		fmuld	%f4,%f6,%f4
+/* 0x0b00	 951 (47 48) */		std	%f12,[%sp+2255]
+/* 0x0b04	 952 (47 48) */		sllx	%l0,19,%l0
+/* 0x0b08	 953 (47 50) */		fdtox	%f14,%f12
+/* 0x0b0c	 954 (48 50) */		ldx	[%sp+2287],%o5
+/* 0x0b10	 955 (48 49) */		add	%g2,%l0,%g2
+/* 0x0b14	 956 (48 51) */		fmuld	%f10,%f8,%f8
+/* 0x0b18	 957 (49 51) */		ldx	[%sp+2295],%l1
+/* 0x0b1c	 958 (49 50) */		srlx	%g3,32,%l0
+/* 0x0b20	 959 (49 50) */		add	%g2,%g4,%g4
+/* 0x0b24	 960 (49 52) */		fmuld	%f10,%f6,%f6
+/* 0x0b28	 961 (50 51) */		std	%f12,[%sp+2263]
+/* 0x0b2c	 962 (50 51) */		sllx	%o5,19,%g2
+/* 0x0b30	 963 (50 51) */		add	%g4,%l0,%g4
+/* 0x0b34	 964 (51 53) */		ldx	[%sp+2279],%l0
+/* 0x0b38	 965 (51 52) */		srlx	%g4,32,%o5
+/* 0x0b3c	 966 (51 52) */		add	%l1,%g2,%g2
+/* 0x0b40	 967 (52 53) */		st	%g3,[%i0+4]
+/* 0x0b44	 968 (52 53) */		add	%g2,%g5,%g2
+/* 0x0b48	 969 (52 55) */		fdtox	%f16,%f10
+/* 0x0b4c	 970 (53 55) */		ldx	[%sp+2271],%o7
+/* 0x0b50	 971 (53 54) */		add	%g2,%o5,%g2
+/* 0x0b54	 972 (53 56) */		fdtox	%f4,%f4
+/* 0x0b58	 973 (54 55) */		std	%f10,[%sp+2239]
+/* 0x0b5c	 974 (55 56) */		sllx	%o7,19,%o7
+/* 0x0b60	 975 (55 56) */		std	%f4,[%sp+2247]
+/* 0x0b64	 976 (55 58) */		fdtox	%f8,%f4
+/* 0x0b68	 977 (56 57) */		add	%l0,%o7,%o7
+/* 0x0b6c	 978 (56 58) */		ldx	[%sp+2263],%o5
+/* 0x0b70	 979 (57 58) */		add	%o7,%o0,%o0
+/* 0x0b74	 980 (57 58) */		std	%f4,[%sp+2223]
+/* 0x0b78	 981 (57 60) */		fdtox	%f6,%f4
+/* 0x0b7c	 982 (58 60) */		ldx	[%sp+2255],%g5
+/* 0x0b80	 983 (58 59) */		srlx	%g2,32,%o7
+/* 0x0b84	 984 (59 60) */		std	%f4,[%sp+2231]
+/* 0x0b88	 985 (59 60) */		add	%o0,%o7,%o0
+/* 0x0b8c	 986 (60 61) */		sllx	%g5,19,%g5
+/* 0x0b90	 987 (60 62) */		ldx	[%sp+2247],%l1
+/* 0x0b94	 988 (61 62) */		add	%o5,%g5,%g5
+/* 0x0b98	 989 (61 62) */		st	%g2,[%i0+12]
+/* 0x0b9c	 990 (62 64) */		ldx	[%sp+2239],%l0
+/* 0x0ba0	 991 (62 63) */		srlx	%o0,32,%o4
+/* 0x0ba4	 992 (62 63) */		add	%g5,%o1,%o1
+/* 0x0ba8	 993 (63 64) */		add	%o1,%o4,%o1
+/* 0x0bac	 994 (63 65) */		ldx	[%sp+2223],%o7
+/* 0x0bb0	 995 (64 65) */		sllx	%l0,19,%g3
+/* 0x0bb4	 996 (64 66) */		ldx	[%sp+2231],%o5
+/* 0x0bb8	 997 (65 66) */		add	%l1,%g3,%o4
+/* 0x0bbc	 998 (65 66) */		st	%o0,[%i0+16]
+/* 0x0bc0	 999 (66 67) */		add	%o4,%o2,%o2
+/* 0x0bc4	1000 (66 67) */		st	%o1,[%i0+20]
+/* 0x0bc8	1001 (67 68) */		srlx	%o1,32,%o4
+/* 0x0bcc	1002 (67 68) */		st	%g4,[%i0+8]
+/* 0x0bd0	1003 (68 69) */		sllx	%o7,19,%g2
+/* 0x0bd4	1004 (68 69) */		add	%o2,%o4,%o4
+/* 0x0bd8	1005 (68 69) */		st	%o4,[%i0+24]
+/* 0x0bdc	1006 (69 70) */		add	%o5,%g2,%g2
+/* 0x0be0	1007 (70 71) */		srlx	%o4,32,%g3
+/* 0x0be4	1008 (70 71) */		add	%g2,%o3,%g2
+/* 0x0be8	1009 (71 72) */		add	%g2,%g3,%g2
+/* 0x0bec	1010 (71 72) */		st	%g2,[%i0+28]
+/* 0x0bf0	1014 (72 73) */		srlx	%g2,32,%o3
+/* 0x0bf4	1015 (73 74) */		srl	%o3,0,%i0
+/* 0x0bf8	     (74 76) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x0bfc	     (76 77) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000050
+!
+
+                                   .L77000050:		/* frequency 1.0 confidence 0.0 */
+/* 0x0c00	1022 ( 0  1) */		subcc	%i3,16,%g0
+/* 0x0c04	1023 ( 0  1) */		bne,pn	%icc,.L77000073	! tprob=0.50
+/* 0x0c08	     ( 0  1) */		sethi	%hi(0xfff80000),%g2
+/* 0x0c0c	1034 ( 1  4) */		ldd	[%o2],%f4
+/* 0x0c10	1035 ( 1  2) */		andn	%i4,%g2,%g2
+/* 0x0c14	1036 ( 2  3) */		st	%g2,[%sp+2483]
+/* 0x0c18	1037 ( 2  3) */		srl	%i4,19,%g2
+/* 0x0c1c	1038 ( 3  4) */		st	%g2,[%sp+2479]
+/* 0x0c20	1039 ( 3  5) */		fxnor	%f0,%f4,%f4
+/* 0x0c24	1040 ( 4  7) */		ldd	[%o0],%f8
+/* 0x0c28	1041 ( 5  8) */		fitod	%f4,%f10
+/* 0x0c2c	1042 ( 5  8) */		ldd	[%o0+8],%f16
+/* 0x0c30	1043 ( 6  9) */		ldd	[%o2+8],%f14
+/* 0x0c34	1044 ( 6  9) */		fitod	%f5,%f4
+/* 0x0c38	1045 ( 7 10) */		ld	[%sp+2483],%f13
+/* 0x0c3c	1046 ( 8 11) */		ld	[%sp+2479],%f7
+/* 0x0c40	1047 ( 8 11) */		fsubd	%f16,%f10,%f10
+/* 0x0c44	1048 ( 9 11) */		fxnor	%f0,%f14,%f14
+/* 0x0c48	1049 (10 13) */		fsubd	%f16,%f4,%f4
+/* 0x0c4c	1050 (14 15) */		fmovs	%f8,%f12
+/* 0x0c50	1051 (15 16) */		fmovs	%f8,%f6
+/* 0x0c54	1052 (17 20) */		fsubd	%f12,%f8,%f12
+/* 0x0c58	1053 (18 21) */		fsubd	%f6,%f8,%f6
+/* 0x0c5c	1054 (19 22) */		fitod	%f14,%f8
+/* 0x0c60	1055 (20 23) */		fmuld	%f10,%f12,%f18
+/* 0x0c64	1056 (20 23) */		fitod	%f15,%f14
+/* 0x0c68	1057 (21 24) */		fmuld	%f10,%f6,%f10
+/* 0x0c6c	1058 (22 25) */		fsubd	%f16,%f8,%f8
+/* 0x0c70	1059 (22 25) */		fmuld	%f4,%f12,%f20
+/* 0x0c74	1060 (23 26) */		fmuld	%f4,%f6,%f4
+/* 0x0c78	1061 (23 26) */		fsubd	%f16,%f14,%f14
+/* 0x0c7c	1062 (24 27) */		fdtox	%f10,%f10
+/* 0x0c80	1063 (24 25) */		std	%f10,[%sp+2463]
+/* 0x0c84	1064 (25 28) */		fmuld	%f8,%f12,%f10
+/* 0x0c88	1065 (25 28) */		fdtox	%f18,%f18
+/* 0x0c8c	1066 (25 26) */		std	%f18,[%sp+2471]
+/* 0x0c90	1067 (26 29) */		fmuld	%f8,%f6,%f8
+/* 0x0c94	1068 (26 29) */		fdtox	%f4,%f4
+/* 0x0c98	1069 (26 27) */		std	%f4,[%sp+2447]
+/* 0x0c9c	1070 (27 30) */		fmuld	%f14,%f12,%f4
+/* 0x0ca0	1071 (27 30) */		fdtox	%f20,%f18
+/* 0x0ca4	1072 (27 28) */		std	%f18,[%sp+2455]
+/* 0x0ca8	1073 (28 31) */		fdtox	%f10,%f10
+/* 0x0cac	1074 (28 29) */		std	%f10,[%sp+2439]
+/* 0x0cb0	1075 (28 31) */		fmuld	%f14,%f6,%f14
+/* 0x0cb4	1076 (29 32) */		fdtox	%f8,%f8
+/* 0x0cb8	1077 (29 30) */		std	%f8,[%sp+2431]
+/* 0x0cbc	1078 (30 33) */		ldd	[%o2+16],%f10
+/* 0x0cc0	1079 (30 33) */		fdtox	%f4,%f4
+/* 0x0cc4	1080 (31 34) */		ldd	[%o2+24],%f8
+/* 0x0cc8	1081 (31 34) */		fdtox	%f14,%f14
+/* 0x0ccc	1082 (32 33) */		std	%f4,[%sp+2423]
+/* 0x0cd0	1083 (32 34) */		fxnor	%f0,%f10,%f10
+/* 0x0cd4	1084 (33 35) */		fxnor	%f0,%f8,%f4
+/* 0x0cd8	1085 (33 34) */		std	%f14,[%sp+2415]
+/* 0x0cdc	1086 (34 37) */		fitod	%f10,%f8
+/* 0x0ce0	1087 (35 38) */		fitod	%f11,%f10
+/* 0x0ce4	1088 (36 39) */		fitod	%f4,%f14
+/* 0x0ce8	1089 (37 40) */		fsubd	%f16,%f8,%f8
+/* 0x0cec	1090 (38 41) */		fsubd	%f16,%f10,%f10
+/* 0x0cf0	1091 (39 42) */		fsubd	%f16,%f14,%f14
+/* 0x0cf4	1092 (40 43) */		fmuld	%f8,%f12,%f18
+/* 0x0cf8	1093 (40 43) */		fitod	%f5,%f4
+/* 0x0cfc	1094 (41 44) */		fmuld	%f8,%f6,%f8
+/* 0x0d00	1095 (42 45) */		fmuld	%f10,%f12,%f20
+/* 0x0d04	1096 (43 46) */		fmuld	%f10,%f6,%f10
+/* 0x0d08	1097 (43 46) */		fsubd	%f16,%f4,%f4
+/* 0x0d0c	1098 (44 47) */		fdtox	%f8,%f8
+/* 0x0d10	1099 (44 45) */		std	%f8,[%sp+2399]
+/* 0x0d14	1100 (45 48) */		fmuld	%f14,%f12,%f8
+/* 0x0d18	1101 (45 48) */		fdtox	%f18,%f18
+/* 0x0d1c	1102 (45 46) */		std	%f18,[%sp+2407]
+/* 0x0d20	1103 (46 49) */		fdtox	%f10,%f10
+/* 0x0d24	1104 (46 47) */		std	%f10,[%sp+2383]
+/* 0x0d28	1105 (46 49) */		fmuld	%f14,%f6,%f14
+/* 0x0d2c	1106 (47 50) */		fmuld	%f4,%f12,%f10
+/* 0x0d30	1107 (47 50) */		fdtox	%f20,%f18
+/* 0x0d34	1108 (47 48) */		std	%f18,[%sp+2391]
+/* 0x0d38	1109 (48 51) */		fdtox	%f8,%f8
+/* 0x0d3c	1110 (48 49) */		std	%f8,[%sp+2375]
+/* 0x0d40	1111 (48 51) */		fmuld	%f4,%f6,%f4
+/* 0x0d44	1112 (49 52) */		fdtox	%f14,%f14
+/* 0x0d48	1113 (49 50) */		std	%f14,[%sp+2367]
+/* 0x0d4c	1117 (50 53) */		ldd	[%o2+32],%f8
+/* 0x0d50	1118 (50 53) */		fdtox	%f10,%f10
+/* 0x0d54	1119 (51 54) */		fdtox	%f4,%f4
+/* 0x0d58	1120 (51 52) */		std	%f4,[%sp+2351]
+/* 0x0d5c	1121 (52 54) */		fxnor	%f0,%f8,%f8
+/* 0x0d60	1122 (52 55) */		ldd	[%o2+40],%f14
+/* 0x0d64	1123 (53 54) */		std	%f10,[%sp+2359]
+/* 0x0d68	1124 (54 57) */		fitod	%f8,%f4
+/* 0x0d6c	1125 (55 57) */		fxnor	%f0,%f14,%f10
+/* 0x0d70	1126 (56 59) */		fitod	%f9,%f8
+/* 0x0d74	1127 (57 60) */		fsubd	%f16,%f4,%f4
+/* 0x0d78	1128 (58 61) */		fitod	%f10,%f14
+/* 0x0d7c	1129 (59 62) */		fsubd	%f16,%f8,%f8
+/* 0x0d80	1130 (60 63) */		fmuld	%f4,%f12,%f18
+/* 0x0d84	1131 (60 63) */		fitod	%f11,%f10
+/* 0x0d88	1132 (61 64) */		fmuld	%f4,%f6,%f4
+/* 0x0d8c	1133 (61 64) */		fsubd	%f16,%f14,%f14
+/* 0x0d90	1134 (62 65) */		fmuld	%f8,%f12,%f20
+/* 0x0d94	1135 (63 66) */		fmuld	%f8,%f6,%f8
+/* 0x0d98	1136 (63 66) */		fsubd	%f16,%f10,%f10
+/* 0x0d9c	1137 (64 67) */		fdtox	%f4,%f4
+/* 0x0da0	1138 (64 65) */		std	%f4,[%sp+2335]
+/* 0x0da4	1139 (65 68) */		fmuld	%f14,%f12,%f4
+/* 0x0da8	1140 (65 68) */		fdtox	%f18,%f18
+/* 0x0dac	1141 (65 66) */		std	%f18,[%sp+2343]
+/* 0x0db0	1142 (66 69) */		fdtox	%f8,%f8
+/* 0x0db4	1143 (66 67) */		std	%f8,[%sp+2319]
+/* 0x0db8	1144 (66 69) */		fmuld	%f14,%f6,%f14
+/* 0x0dbc	1145 (67 70) */		fmuld	%f10,%f12,%f8
+/* 0x0dc0	1146 (67 70) */		fdtox	%f20,%f18
+/* 0x0dc4	1147 (67 68) */		std	%f18,[%sp+2327]
+/* 0x0dc8	1148 (68 71) */		fdtox	%f4,%f4
+/* 0x0dcc	1149 (68 69) */		std	%f4,[%sp+2311]
+/* 0x0dd0	1150 (68 71) */		fmuld	%f10,%f6,%f10
+/* 0x0dd4	1151 (69 72) */		fdtox	%f14,%f14
+/* 0x0dd8	1152 (69 70) */		std	%f14,[%sp+2303]
+/* 0x0ddc	1153 (70 73) */		ldd	[%o2+48],%f4
+/* 0x0de0	1154 (70 73) */		fdtox	%f8,%f8
+/* 0x0de4	1155 (71 74) */		fdtox	%f10,%f10
+/* 0x0de8	1156 (71 72) */		std	%f10,[%sp+2287]
+/* 0x0dec	1157 (72 74) */		fxnor	%f0,%f4,%f4
+/* 0x0df0	1158 (72 75) */		ldd	[%o2+56],%f14
+/* 0x0df4	1159 (73 74) */		std	%f8,[%sp+2295]
+/* 0x0df8	1160 (74 77) */		fitod	%f4,%f10
+/* 0x0dfc	1161 (75 78) */		fitod	%f5,%f4
+/* 0x0e00	1162 (76 78) */		fxnor	%f0,%f14,%f8
+/* 0x0e04	1163 (77 80) */		fsubd	%f16,%f10,%f10
+/* 0x0e08	1164 (78 81) */		fsubd	%f16,%f4,%f4
+/* 0x0e0c	1165 (79 82) */		fitod	%f8,%f14
+/* 0x0e10	1166 (80 83) */		fmuld	%f10,%f12,%f18
+/* 0x0e14	1167 (80 83) */		fitod	%f9,%f8
+/* 0x0e18	1168 (81 84) */		fmuld	%f10,%f6,%f10
+/* 0x0e1c	1169 (82 85) */		fmuld	%f4,%f12,%f20
+/* 0x0e20	1170 (82 85) */		fsubd	%f16,%f14,%f14
+/* 0x0e24	1171 (83 86) */		fdtox	%f18,%f18
+/* 0x0e28	1172 (83 84) */		std	%f18,[%sp+2279]
+/* 0x0e2c	1173 (83 86) */		fmuld	%f4,%f6,%f4
+/* 0x0e30	1174 (84 87) */		fdtox	%f10,%f10
+/* 0x0e34	1175 (84 85) */		std	%f10,[%sp+2271]
+/* 0x0e38	1176 (85 88) */		fdtox	%f20,%f10
+/* 0x0e3c	1177 (85 86) */		std	%f10,[%sp+2263]
+/* 0x0e40	1178 (86 89) */		fdtox	%f4,%f4
+/* 0x0e44	1179 (86 87) */		std	%f4,[%sp+2255]
+/* 0x0e48	1180 (86 89) */		fmuld	%f14,%f12,%f10
+/* 0x0e4c	1181 (87 90) */		fmuld	%f14,%f6,%f4
+/* 0x0e50	1182 (89 92) */		fdtox	%f10,%f10
+/* 0x0e54	1183 (89 90) */		std	%f10,[%sp+2247]
+/* 0x0e58	1184 (90 93) */		fdtox	%f4,%f4
+/* 0x0e5c	1185 (90 91) */		std	%f4,[%sp+2239]
+/* 0x0e60	1189 (91 93) */		ldx	[%sp+2463],%g2
+/* 0x0e64	1190 (91 94) */		fsubd	%f16,%f8,%f4
+/* 0x0e68	1191 (92 94) */		ldx	[%sp+2471],%g3
+/* 0x0e6c	1192 (93 96) */		ld	[%i1],%g4
+/* 0x0e70	1193 (93 94) */		sllx	%g2,19,%g2
+/* 0x0e74	1194 (94 96) */		ldx	[%sp+2455],%g5
+/* 0x0e78	1195 (94 95) */		add	%g3,%g2,%g2
+/* 0x0e7c	1196 (94 97) */		fmuld	%f4,%f6,%f6
+/* 0x0e80	1197 (95 97) */		ldx	[%sp+2447],%g3
+/* 0x0e84	1198 (95 96) */		add	%g2,%g4,%g4
+/* 0x0e88	1199 (95 98) */		fmuld	%f4,%f12,%f4
+/* 0x0e8c	1200 (96 97) */		st	%g4,[%i0]
+/* 0x0e90	1201 (96 97) */		srlx	%g4,32,%g4
+/* 0x0e94	1202 (97 100) */		ld	[%i1+8],%o0
+/* 0x0e98	1203 (97 98) */		sllx	%g3,19,%g2
+/* 0x0e9c	1204 (97 100) */		fdtox	%f6,%f6
+/* 0x0ea0	1205 (98 101) */		ld	[%i1+4],%g3
+/* 0x0ea4	1206 (98 99) */		add	%g5,%g2,%g2
+/* 0x0ea8	1207 (98 101) */		fdtox	%f4,%f4
+/* 0x0eac	1208 (99 101) */		ldx	[%sp+2439],%g5
+/* 0x0eb0	1209 (100 103) */		ld	[%i1+12],%o1
+/* 0x0eb4	1210 (100 101) */		add	%g2,%g3,%g2
+/* 0x0eb8	1211 (101 103) */		ldx	[%sp+2431],%g3
+/* 0x0ebc	1212 (101 102) */		add	%g2,%g4,%g4
+/* 0x0ec0	1213 (102 103) */		st	%g4,[%i0+4]
+/* 0x0ec4	1214 (103 104) */		std	%f6,[%sp+2223]
+/* 0x0ec8	1215 (103 104) */		sllx	%g3,19,%g2
+/* 0x0ecc	1216 (104 106) */		ldx	[%sp+2423],%g3
+/* 0x0ed0	1217 (104 105) */		add	%g5,%g2,%g2
+/* 0x0ed4	1218 (105 107) */		ldx	[%sp+2415],%g5
+/* 0x0ed8	1219 (105 106) */		add	%g2,%o0,%g2
+/* 0x0edc	1220 (106 107) */		std	%f4,[%sp+2231]
+/* 0x0ee0	1221 (106 107) */		srlx	%g4,32,%o0
+/* 0x0ee4	1222 (107 109) */		ldx	[%sp+2407],%g4
+/* 0x0ee8	1223 (107 108) */		sllx	%g5,19,%g5
+/* 0x0eec	1224 (107 108) */		add	%g2,%o0,%g2
+/* 0x0ef0	1225 (108 109) */		st	%g2,[%i0+8]
+/* 0x0ef4	1226 (108 109) */		srlx	%g2,32,%o0
+/* 0x0ef8	1227 (108 109) */		add	%g3,%g5,%g3
+/* 0x0efc	1228 (109 111) */		ldx	[%sp+2399],%g5
+/* 0x0f00	1229 (109 110) */		add	%g3,%o1,%g3
+/* 0x0f04	1230 (110 113) */		ld	[%i1+16],%o1
+/* 0x0f08	1231 (110 111) */		add	%g3,%o0,%g3
+/* 0x0f0c	1232 (111 112) */		st	%g3,[%i0+12]
+/* 0x0f10	1233 (111 112) */		sllx	%g5,19,%g5
+/* 0x0f14	1234 (112 113) */		srlx	%g3,32,%o0
+/* 0x0f18	1235 (112 113) */		add	%g4,%g5,%g2
+/* 0x0f1c	1236 (112 114) */		ldx	[%sp+2383],%g5
+/* 0x0f20	1237 (113 115) */		ldx	[%sp+2391],%g4
+/* 0x0f24	1238 (113 114) */		add	%g2,%o1,%g2
+/* 0x0f28	1239 (114 117) */		ld	[%i1+20],%o1
+/* 0x0f2c	1240 (114 115) */		sllx	%g5,19,%g5
+/* 0x0f30	1241 (114 115) */		add	%g2,%o0,%g2
+/* 0x0f34	1242 (115 116) */		st	%g2,[%i0+16]
+/* 0x0f38	1243 (115 116) */		srlx	%g2,32,%o0
+/* 0x0f3c	1244 (115 116) */		add	%g4,%g5,%g3
+/* 0x0f40	1245 (116 118) */		ldx	[%sp+2367],%g5
+/* 0x0f44	1246 (116 117) */		add	%g3,%o1,%g3
+/* 0x0f48	1247 (117 119) */		ldx	[%sp+2375],%g4
+/* 0x0f4c	1248 (117 118) */		add	%g3,%o0,%g3
+/* 0x0f50	1249 (118 121) */		ld	[%i1+24],%o1
+/* 0x0f54	1250 (118 119) */		sllx	%g5,19,%g5
+/* 0x0f58	1251 (119 120) */		st	%g3,[%i0+20]
+/* 0x0f5c	1252 (119 120) */		add	%g4,%g5,%g2
+/* 0x0f60	1253 (120 122) */		ldx	[%sp+2351],%g5
+/* 0x0f64	1254 (120 121) */		srlx	%g3,32,%o0
+/* 0x0f68	1255 (120 121) */		add	%g2,%o1,%g2
+/* 0x0f6c	1256 (121 123) */		ldx	[%sp+2359],%g4
+/* 0x0f70	1257 (121 122) */		add	%g2,%o0,%g2
+/* 0x0f74	1258 (122 125) */		ld	[%i1+28],%o1
+/* 0x0f78	1259 (122 123) */		sllx	%g5,19,%g5
+/* 0x0f7c	1260 (123 124) */		st	%g2,[%i0+24]
+/* 0x0f80	1261 (123 124) */		add	%g4,%g5,%g3
+/* 0x0f84	1265 (124 126) */		ldx	[%sp+2335],%g5
+/* 0x0f88	1266 (124 125) */		srlx	%g2,32,%o0
+/* 0x0f8c	1267 (124 125) */		add	%g3,%o1,%g3
+/* 0x0f90	1268 (125 127) */		ldx	[%sp+2343],%g4
+/* 0x0f94	1269 (125 126) */		add	%g3,%o0,%g3
+/* 0x0f98	1270 (126 127) */		sllx	%g5,19,%g5
+/* 0x0f9c	1271 (126 129) */		ld	[%i1+32],%o1
+/* 0x0fa0	1272 (127 128) */		add	%g4,%g5,%g2
+/* 0x0fa4	1273 (127 129) */		ldx	[%sp+2319],%g5
+/* 0x0fa8	1274 (128 130) */		ldx	[%sp+2327],%g4
+/* 0x0fac	1275 (128 129) */		srlx	%g3,32,%o0
+/* 0x0fb0	1276 (128 129) */		add	%g2,%o1,%g2
+/* 0x0fb4	1277 (129 130) */		st	%g3,[%i0+28]
+/* 0x0fb8	1278 (129 130) */		sllx	%g5,19,%g5
+/* 0x0fbc	1279 (129 130) */		add	%g2,%o0,%g2
+/* 0x0fc0	1280 (130 133) */		ld	[%i1+36],%o1
+/* 0x0fc4	1281 (130 131) */		add	%g4,%g5,%g3
+/* 0x0fc8	1282 (131 133) */		ldx	[%sp+2303],%g5
+/* 0x0fcc	1283 (131 132) */		srlx	%g2,32,%o0
+/* 0x0fd0	1284 (132 134) */		ldx	[%sp+2311],%g4
+/* 0x0fd4	1285 (132 133) */		add	%g3,%o1,%g3
+/* 0x0fd8	1286 (133 134) */		sllx	%g5,19,%g5
+/* 0x0fdc	1287 (133 134) */		st	%g2,[%i0+32]
+/* 0x0fe0	1288 (133 134) */		add	%g3,%o0,%g3
+/* 0x0fe4	1289 (134 135) */		add	%g4,%g5,%g2
+/* 0x0fe8	1290 (134 136) */		ldx	[%sp+2287],%g5
+/* 0x0fec	1291 (135 137) */		ldx	[%sp+2295],%g4
+/* 0x0ff0	1292 (135 136) */		srlx	%g3,32,%o0
+/* 0x0ff4	1293 (136 139) */		ld	[%i1+40],%o1
+/* 0x0ff8	1294 (136 137) */		sllx	%g5,19,%g5
+/* 0x0ffc	1295 (137 138) */		st	%g3,[%i0+36]
+/* 0x1000	1296 (137 138) */		add	%g4,%g5,%g3
+/* 0x1004	1297 (138 140) */		ldx	[%sp+2271],%g5
+/* 0x1008	1298 (138 139) */		add	%g2,%o1,%g2
+/* 0x100c	1299 (139 141) */		ldx	[%sp+2279],%g4
+/* 0x1010	1300 (139 140) */		add	%g2,%o0,%g2
+/* 0x1014	1301 (140 143) */		ld	[%i1+44],%o1
+/* 0x1018	1302 (140 141) */		sllx	%g5,19,%g5
+/* 0x101c	1303 (141 142) */		st	%g2,[%i0+40]
+/* 0x1020	1304 (141 142) */		srlx	%g2,32,%o0
+/* 0x1024	1305 (141 142) */		add	%g4,%g5,%g2
+/* 0x1028	1306 (142 144) */		ldx	[%sp+2255],%g5
+/* 0x102c	1307 (142 143) */		add	%g3,%o1,%g3
+/* 0x1030	1308 (143 145) */		ldx	[%sp+2263],%g4
+/* 0x1034	1309 (143 144) */		add	%g3,%o0,%g3
+/* 0x1038	1310 (144 147) */		ld	[%i1+48],%o1
+/* 0x103c	1311 (144 145) */		sllx	%g5,19,%g5
+/* 0x1040	1312 (145 146) */		srlx	%g3,32,%o0
+/* 0x1044	1313 (145 146) */		st	%g3,[%i0+44]
+/* 0x1048	1314 (145 146) */		add	%g4,%g5,%g3
+/* 0x104c	1315 (146 148) */		ldx	[%sp+2239],%g5
+/* 0x1050	1316 (146 147) */		add	%g2,%o1,%g2
+/* 0x1054	1317 (147 150) */		ld	[%i1+52],%o1
+/* 0x1058	1318 (147 148) */		add	%g2,%o0,%g2
+/* 0x105c	1319 (148 150) */		ldx	[%sp+2247],%g4
+/* 0x1060	1320 (148 149) */		sllx	%g5,19,%g5
+/* 0x1064	1321 (149 150) */		srlx	%g2,32,%o0
+/* 0x1068	1322 (149 150) */		st	%g2,[%i0+48]
+/* 0x106c	1323 (149 150) */		add	%g3,%o1,%g3
+/* 0x1070	1324 (150 153) */		ld	[%i1+56],%o1
+/* 0x1074	1325 (150 151) */		add	%g4,%g5,%g2
+/* 0x1078	1326 (150 151) */		add	%g3,%o0,%g3
+/* 0x107c	1327 (151 153) */		ldx	[%sp+2223],%g5
+/* 0x1080	1328 (151 152) */		srlx	%g3,32,%o0
+/* 0x1084	1329 (152 154) */		ldx	[%sp+2231],%g4
+/* 0x1088	1330 (152 153) */		add	%g2,%o1,%g2
+/* 0x108c	1331 (153 154) */		sllx	%g5,19,%g5
+/* 0x1090	1332 (153 156) */		ld	[%i1+60],%o1
+/* 0x1094	1333 (153 154) */		add	%g2,%o0,%g2
+/* 0x1098	1334 (154 155) */		st	%g3,[%i0+52]
+/* 0x109c	1335 (154 155) */		add	%g4,%g5,%g3
+/* 0x10a0	1336 (155 156) */		st	%g2,[%i0+56]
+/* 0x10a4	1337 (155 156) */		srlx	%g2,32,%g2
+/* 0x10a8	1338 (155 156) */		add	%g3,%o1,%g3
+/* 0x10ac	1339 (156 157) */		add	%g3,%g2,%g2
+/* 0x10b0	1340 (156 157) */		st	%g2,[%i0+60]
+/* 0x10b4	1344 (157 158) */		srlx	%g2,32,%o3
+/* 0x10b8	1345 (158 159) */		srl	%o3,0,%i0
+/* 0x10bc	     (159 161) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x10c0	     (161 162) */		restore	%g0,%g0,%g0
+
+!
+! ENTRY .L77000073
+!
+
+                                   .L77000073:		/* frequency 1.0 confidence 0.0 */
+
+
+	or	%g0, %i4, %o2
+	or	%g0, %o0, %o1
+	or	%g0, %i3, %o0
+
+!
+! ENTRY .L77000052
+!
+
+                                   .L77000052:		/* frequency 1.0 confidence 0.0 */
+/* 0x1028	1318 ( 0  1) */		andn	%o2,%g2,%g2
+/* 0x102c	1319 ( 0  1) */		st	%g2,[%sp+2227]
+/* 0x1030	1325 ( 0  1) */		add	%o0,1,%g3
+/* 0x1034	1326 ( 0  1) */		fmovd	%f0,%f14
+/* 0x1038	1327 ( 1  2) */		srl	%o2,19,%g2
+/* 0x103c	1328 ( 1  2) */		st	%g2,[%sp+2223]
+/* 0x1040	1329 ( 1  2) */		or	%g0,0,%o5
+/* 0x1044	1330 ( 2  3) */		srl	%g3,31,%g2
+/* 0x1048	1331 ( 2  5) */		ldd	[%o1],%f6
+/* 0x104c	1335 ( 2  3) */		sethi	%hi(0x1000),%g1
+/* 0x1050	1336 ( 3  4) */		add	%g3,%g2,%g2
+/* 0x1054	1337 ( 3  4) */		xor	%g1,-625,%g1
+/* 0x1058	1338 ( 3  6) */		ldd	[%o1+8],%f20
+/* 0x105c	1339 ( 4  5) */		sra	%g2,1,%o3
+/* 0x1060	1340 ( 4  5) */		fmovs	%f6,%f8
+/* 0x1064	1341 ( 4  5) */		add	%g1,%fp,%g3
+/* 0x1068	1342 ( 5  6) */		fmovs	%f6,%f10
+/* 0x106c	1343 ( 5  7) */		ld	[%sp+2227],%f9
+/* 0x1070	1344 ( 5  6) */		subcc	%o3,0,%g0
+/* 0x1074	1345 ( 6  8) */		ld	[%sp+2223],%f11
+/* 0x1078	1346 ( 6  7) */		sethi	%hi(0x1000),%g1
+/* 0x107c	1347 ( 6  7) */		or	%g0,%i2,%o1
+/* 0x1080	1348 ( 7 10) */		fsubd	%f8,%f6,%f18
+/* 0x1084	1349 ( 7  8) */		xor	%g1,-617,%g1
+/* 0x1088	1350 ( 7  8) */		or	%g0,0,%g4
+/* 0x108c	1351 ( 8 11) */		fsubd	%f10,%f6,%f16
+/* 0x1090	1352 ( 8  9) */		bleu,pt	%icc,.L990000162	! tprob=0.50
+/* 0x1094	     ( 8  9) */		subcc	%o0,0,%g0
+/* 0x1098	1354 ( 9 10) */		add	%g1,%fp,%g2
+/* 0x109c	1355 ( 9 10) */		sethi	%hi(0x1000),%g1
+/* 0x10a0	1356 (10 11) */		xor	%g1,-609,%g1
+/* 0x10a4	1357 (10 11) */		subcc	%o3,7,%g0
+/* 0x10a8	1358 (11 12) */		add	%g1,%fp,%o7
+/* 0x10ac	1359 (11 12) */		sethi	%hi(0x1000),%g1
+/* 0x10b0	1360 (12 13) */		xor	%g1,-601,%g1
+/* 0x10b4	1361 (13 14) */		add	%g1,%fp,%o4
+/* 0x10b8	1362 (13 14) */		bl,pn	%icc,.L77000054	! tprob=0.50
+/* 0x10bc	     (13 14) */		sub	%o3,2,%o2
+/* 0x10c0	1364 (14 17) */		ldd	[%o1],%f2
+/* 0x10c4	1365 (14 15) */		add	%o1,16,%g5
+/* 0x10c8	1366 (14 15) */		or	%g0,4,%g4
+/* 0x10cc	1367 (15 18) */		ldd	[%o1+8],%f0
+/* 0x10d0	1368 (15 16) */		add	%o1,8,%o1
+/* 0x10d4	1369 (16 18) */		fxnor	%f14,%f2,%f6
+/* 0x10d8	1370 (16 19) */		ldd	[%g5],%f4
+/* 0x10dc	1371 (16 17) */		add	%o1,16,%o1
+/* 0x10e0	1372 (17 19) */		fxnor	%f14,%f0,%f12
+/* 0x10e4	1373 (17 20) */		ldd	[%o1],%f0
+/* 0x10e8	1374 (17 18) */		add	%o1,8,%o1
+/* 0x10ec	1375 (18 21) */		fitod	%f7,%f2
+/* 0x10f0	1376 (19 22) */		fitod	%f6,%f6
+/* 0x10f4	1377 (20 22) */		fxnor	%f14,%f4,%f10
+/* 0x10f8	1378 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x10fc	1379 (22 24) */		fxnor	%f14,%f0,%f8
+/* 0x1100	1380 (23 26) */		fitod	%f13,%f4
+/* 0x1104	1381 (24 27) */		fsubd	%f20,%f6,%f6
+/* 0x1108	1382 (24 27) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000154
+!
+
+                                   .L990000154:		/* frequency 1.0 confidence 0.0 */
+/* 0x110c	1384 ( 0  3) */		ldd	[%o1],%f24
+/* 0x1110	1385 ( 0  1) */		add	%g4,3,%g4
+/* 0x1114	1386 ( 0  1) */		add	%o4,96,%o4
+/* 0x1118	1387 ( 1  4) */		fitod	%f11,%f22
+/* 0x111c	1388 ( 2  5) */		fsubd	%f20,%f4,%f26
+/* 0x1120	1389 ( 2  3) */		subcc	%g4,%o2,%g0
+/* 0x1124	1390 ( 2  3) */		add	%o7,96,%o7
+/* 0x1128	1391 ( 2  5) */		fmuld	%f6,%f18,%f28
+/* 0x112c	1392 ( 3  6) */		fmuld	%f6,%f16,%f6
+/* 0x1130	1393 ( 3  4) */		add	%g2,96,%g2
+/* 0x1134	1394 ( 3  4) */		add	%g3,96,%g3
+/* 0x1138	1395 ( 4  7) */		fdtox	%f0,%f0
+/* 0x113c	1396 ( 5  8) */		fitod	%f12,%f4
+/* 0x1140	1397 ( 5  8) */		fmuld	%f2,%f18,%f2
+/* 0x1144	1398 ( 6  9) */		fdtox	%f28,%f12
+/* 0x1148	1399 ( 7 10) */		fdtox	%f6,%f6
+/* 0x114c	1400 ( 7  8) */		std	%f12,[%g3-96]
+/* 0x1150	1401 ( 8  9) */		std	%f6,[%g2-96]
+/* 0x1154	1402 ( 8 11) */		fdtox	%f2,%f2
+/* 0x1158	1403 ( 9 12) */		fsubd	%f20,%f4,%f6
+/* 0x115c	1404 ( 9 10) */		std	%f2,[%o7-96]
+/* 0x1160	1405 ( 9 10) */		add	%o1,8,%o1
+/* 0x1164	1406 (10 12) */		fxnor	%f14,%f24,%f12
+/* 0x1168	1407 (10 13) */		fmuld	%f26,%f16,%f4
+/* 0x116c	1408 (10 11) */		std	%f0,[%o4-96]
+/* 0x1170	1409 (11 14) */		ldd	[%o1],%f0
+/* 0x1174	1410 (11 14) */		fitod	%f9,%f2
+/* 0x1178	1411 (12 15) */		fsubd	%f20,%f22,%f28
+/* 0x117c	1412 (12 15) */		fmuld	%f6,%f18,%f24
+/* 0x1180	1413 (13 16) */		fmuld	%f6,%f16,%f22
+/* 0x1184	1414 (13 16) */		fdtox	%f4,%f4
+/* 0x1188	1415 (14 17) */		fitod	%f10,%f6
+/* 0x118c	1416 (14 17) */		fmuld	%f26,%f18,%f10
+/* 0x1190	1417 (15 18) */		fdtox	%f24,%f24
+/* 0x1194	1418 (16 19) */		fdtox	%f22,%f22
+/* 0x1198	1419 (16 17) */		std	%f24,[%g3-64]
+/* 0x119c	1420 (17 18) */		std	%f22,[%g2-64]
+/* 0x11a0	1421 (17 20) */		fdtox	%f10,%f10
+/* 0x11a4	1422 (18 21) */		fsubd	%f20,%f6,%f6
+/* 0x11a8	1423 (18 19) */		std	%f10,[%o7-64]
+/* 0x11ac	1424 (18 19) */		add	%o1,8,%o1
+/* 0x11b0	1425 (19 21) */		fxnor	%f14,%f0,%f10
+/* 0x11b4	1426 (19 22) */		fmuld	%f28,%f16,%f0
+/* 0x11b8	1427 (19 20) */		std	%f4,[%o4-64]
+/* 0x11bc	1428 (20 23) */		ldd	[%o1],%f22
+/* 0x11c0	1429 (20 23) */		fitod	%f13,%f4
+/* 0x11c4	1430 (21 24) */		fsubd	%f20,%f2,%f2
+/* 0x11c8	1431 (21 24) */		fmuld	%f6,%f18,%f26
+/* 0x11cc	1432 (22 25) */		fmuld	%f6,%f16,%f24
+/* 0x11d0	1433 (22 25) */		fdtox	%f0,%f0
+/* 0x11d4	1434 (23 26) */		fitod	%f8,%f6
+/* 0x11d8	1435 (23 26) */		fmuld	%f28,%f18,%f8
+/* 0x11dc	1436 (24 27) */		fdtox	%f26,%f26
+/* 0x11e0	1437 (25 28) */		fdtox	%f24,%f24
+/* 0x11e4	1438 (25 26) */		std	%f26,[%g3-32]
+/* 0x11e8	1439 (26 27) */		std	%f24,[%g2-32]
+/* 0x11ec	1440 (26 29) */		fdtox	%f8,%f8
+/* 0x11f0	1441 (27 30) */		fsubd	%f20,%f6,%f6
+/* 0x11f4	1442 (27 28) */		std	%f8,[%o7-32]
+/* 0x11f8	1443 (27 28) */		add	%o1,8,%o1
+/* 0x11fc	1444 (28 30) */		fxnor	%f14,%f22,%f8
+/* 0x1200	1445 (28 29) */		std	%f0,[%o4-32]
+/* 0x1204	1446 (28 29) */		bcs,pt	%icc,.L990000154	! tprob=0.50
+/* 0x1208	     (28 31) */		fmuld	%f2,%f16,%f0
+
+!
+! ENTRY .L990000157
+!
+
+                                   .L990000157:		/* frequency 1.0 confidence 0.0 */
+/* 0x120c	1449 ( 0  3) */		fitod	%f12,%f28
+/* 0x1210	1450 ( 0  3) */		fmuld	%f6,%f18,%f24
+/* 0x1214	1451 ( 0  1) */		add	%g3,128,%g3
+/* 0x1218	1452 ( 1  4) */		fitod	%f10,%f12
+/* 0x121c	1453 ( 1  4) */		fmuld	%f6,%f16,%f26
+/* 0x1220	1454 ( 1  2) */		add	%g2,128,%g2
+/* 0x1224	1455 ( 2  5) */		fsubd	%f20,%f4,%f4
+/* 0x1228	1456 ( 2  5) */		fmuld	%f2,%f18,%f22
+/* 0x122c	1457 ( 2  3) */		add	%o7,128,%o7
+/* 0x1230	1458 ( 3  6) */		fdtox	%f24,%f6
+/* 0x1234	1459 ( 3  4) */		std	%f6,[%g3-128]
+/* 0x1238	1460 ( 3  4) */		add	%o4,128,%o4
+/* 0x123c	1461 ( 4  7) */		fsubd	%f20,%f28,%f2
+/* 0x1240	1462 ( 4  5) */		subcc	%g4,%o3,%g0
+/* 0x1244	1463 ( 5  8) */		fitod	%f11,%f6
+/* 0x1248	1464 ( 5  8) */		fmuld	%f4,%f18,%f24
+/* 0x124c	1465 ( 6  9) */		fdtox	%f26,%f10
+/* 0x1250	1466 ( 6  7) */		std	%f10,[%g2-128]
+/* 0x1254	1467 ( 7 10) */		fdtox	%f22,%f10
+/* 0x1258	1468 ( 7  8) */		std	%f10,[%o7-128]
+/* 0x125c	1469 ( 7 10) */		fmuld	%f2,%f18,%f26
+/* 0x1260	1470 ( 8 11) */		fsubd	%f20,%f12,%f10
+/* 0x1264	1471 ( 8 11) */		fmuld	%f2,%f16,%f2
+/* 0x1268	1472 ( 9 12) */		fsubd	%f20,%f6,%f22
+/* 0x126c	1473 ( 9 12) */		fmuld	%f4,%f16,%f12
+/* 0x1270	1474 (10 13) */		fdtox	%f0,%f0
+/* 0x1274	1475 (10 11) */		std	%f0,[%o4-128]
+/* 0x1278	1476 (11 14) */		fitod	%f8,%f4
+/* 0x127c	1477 (11 14) */		fmuld	%f10,%f18,%f6
+/* 0x1280	1478 (12 15) */		fdtox	%f26,%f0
+/* 0x1284	1479 (12 13) */		std	%f0,[%g3-96]
+/* 0x1288	1480 (12 15) */		fmuld	%f10,%f16,%f10
+/* 0x128c	1481 (13 16) */		fdtox	%f2,%f2
+/* 0x1290	1482 (13 14) */		std	%f2,[%g2-96]
+/* 0x1294	1483 (14 17) */		fitod	%f9,%f0
+/* 0x1298	1484 (14 17) */		fmuld	%f22,%f18,%f2
+/* 0x129c	1485 (15 18) */		fdtox	%f24,%f8
+/* 0x12a0	1486 (15 16) */		std	%f8,[%o7-96]
+/* 0x12a4	1487 (16 19) */		fsubd	%f20,%f4,%f4
+/* 0x12a8	1488 (16 19) */		fmuld	%f22,%f16,%f8
+/* 0x12ac	1489 (17 20) */		fdtox	%f12,%f12
+/* 0x12b0	1490 (17 18) */		std	%f12,[%o4-96]
+/* 0x12b4	1491 (18 21) */		fsubd	%f20,%f0,%f0
+/* 0x12b8	1492 (19 22) */		fdtox	%f6,%f6
+/* 0x12bc	1493 (19 20) */		std	%f6,[%g3-64]
+/* 0x12c0	1494 (20 23) */		fdtox	%f10,%f10
+/* 0x12c4	1495 (20 21) */		std	%f10,[%g2-64]
+/* 0x12c8	1496 (20 23) */		fmuld	%f4,%f18,%f6
+/* 0x12cc	1497 (21 24) */		fdtox	%f2,%f2
+/* 0x12d0	1498 (21 22) */		std	%f2,[%o7-64]
+/* 0x12d4	1499 (21 24) */		fmuld	%f4,%f16,%f4
+/* 0x12d8	1500 (22 25) */		fmuld	%f0,%f18,%f2
+/* 0x12dc	1501 (22 25) */		fdtox	%f8,%f8
+/* 0x12e0	1502 (22 23) */		std	%f8,[%o4-64]
+/* 0x12e4	1503 (23 26) */		fdtox	%f6,%f6
+/* 0x12e8	1504 (23 24) */		std	%f6,[%g3-32]
+/* 0x12ec	1505 (23 26) */		fmuld	%f0,%f16,%f0
+/* 0x12f0	1506 (24 27) */		fdtox	%f4,%f4
+/* 0x12f4	1507 (24 25) */		std	%f4,[%g2-32]
+/* 0x12f8	1508 (25 28) */		fdtox	%f2,%f2
+/* 0x12fc	1509 (25 26) */		std	%f2,[%o7-32]
+/* 0x1300	1510 (26 29) */		fdtox	%f0,%f0
+/* 0x1304	1511 (26 27) */		bcc,pn	%icc,.L77000056	! tprob=0.50
+/* 0x1308	     (26 27) */		std	%f0,[%o4-32]
+
+!
+! ENTRY .L77000054
+!
+
+                                   .L77000054:		/* frequency 1.0 confidence 0.0 */
+/* 0x130c	1514 ( 0  3) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L990000161
+!
+
+                                   .L990000161:		/* frequency 1.0 confidence 0.0 */
+/* 0x1310	1516 ( 0  2) */		fxnor	%f14,%f0,%f0
+/* 0x1314	1517 ( 0  1) */		add	%g4,1,%g4
+/* 0x1318	1518 ( 0  1) */		add	%o1,8,%o1
+/* 0x131c	1519 ( 1  2) */		subcc	%g4,%o3,%g0
+/* 0x1320	1520 ( 2  5) */		fitod	%f0,%f2
+/* 0x1324	1521 ( 3  6) */		fitod	%f1,%f0
+/* 0x1328	1522 ( 5  8) */		fsubd	%f20,%f2,%f2
+/* 0x132c	1523 ( 6  9) */		fsubd	%f20,%f0,%f0
+/* 0x1330	1524 ( 8 11) */		fmuld	%f2,%f18,%f6
+/* 0x1334	1525 ( 9 12) */		fmuld	%f2,%f16,%f4
+/* 0x1338	1526 (10 13) */		fmuld	%f0,%f18,%f2
+/* 0x133c	1527 (11 14) */		fdtox	%f6,%f6
+/* 0x1340	1528 (11 12) */		std	%f6,[%g3]
+/* 0x1344	1529 (11 14) */		fmuld	%f0,%f16,%f0
+/* 0x1348	1530 (12 15) */		fdtox	%f4,%f4
+/* 0x134c	1531 (12 13) */		std	%f4,[%g2]
+/* 0x1350	1532 (12 13) */		add	%g2,32,%g2
+/* 0x1354	1533 (13 16) */		fdtox	%f2,%f2
+/* 0x1358	1534 (13 14) */		std	%f2,[%o7]
+/* 0x135c	1535 (13 14) */		add	%o7,32,%o7
+/* 0x1360	1536 (14 17) */		fdtox	%f0,%f0
+/* 0x1364	1537 (14 15) */		std	%f0,[%o4]
+/* 0x1368	1538 (14 15) */		add	%o4,32,%o4
+/* 0x136c	1539 (15 16) */		add	%g3,32,%g3
+/* 0x1370	1540 (15 16) */		bcs,a,pt	%icc,.L990000161	! tprob=0.50
+/* 0x1374	     (16 19) */		ldd	[%o1],%f0
+
+!
+! ENTRY .L77000056
+!
+
+                                   .L77000056:		/* frequency 1.0 confidence 0.0 */
+/* 0x1378	1548 ( 0  1) */		subcc	%o0,0,%g0
+
+!
+! ENTRY .L990000162
+!
+
+                                   .L990000162:		/* frequency 1.0 confidence 0.0 */
+/* 0x137c	1550 ( 0  1) */		bleu,pt	%icc,.L77770061	! tprob=0.50
+/* 0x1380	     ( 0  1) */		nop
+/* 0x1384	1555 ( 0  1) */		sethi	%hi(0x1000),%g1
+/* 0x1388	1556 ( 1  2) */		xor	%g1,-625,%g1
+/* 0x138c	1557 ( 1  2) */		or	%g0,%i1,%g4
+/* 0x1390	1558 ( 2  3) */		add	%g1,%fp,%g5
+/* 0x1394	1559 ( 2  3) */		sethi	%hi(0x1000),%g1
+/* 0x1398	1560 ( 3  4) */		xor	%g1,-617,%g1
+/* 0x139c	1561 ( 3  4) */		or	%g0,%o0,%o7
+/* 0x13a0	1562 ( 4  5) */		add	%g1,%fp,%g2
+/* 0x13a4	1563 ( 4  5) */		or	%g0,0,%i2
+/* 0x13a8	1564 ( 5  6) */		or	%g0,%i0,%g3
+/* 0x13ac	1565 ( 5  6) */		subcc	%o0,6,%g0
+/* 0x13b0	1566 ( 5  6) */		bl,pn	%icc,.L77000058	! tprob=0.50
+/* 0x13b4	     ( 6  7) */		sethi	%hi(0x1000),%g1
+/* 0x13b8	1568 ( 6  8) */		ld	[%g4],%o2
+/* 0x13bc	1569 ( 6  7) */		add	%g3,4,%g3
+/* 0x13c0	1570 ( 7  8) */		xor	%g1,-585,%g1
+/* 0x13c4	1571 ( 7  8) */		sub	%o7,3,%o4
+/* 0x13c8	1572 ( 8  9) */		add	%g1,%fp,%g2
+/* 0x13cc	1573 ( 8  9) */		sethi	%hi(0x1000),%g1
+/* 0x13d0	1574 ( 9 10) */		xor	%g1,-593,%g1
+/* 0x13d4	1575 ( 9 10) */		or	%g0,2,%i2
+/* 0x13d8	1576 (10 11) */		add	%g1,%fp,%g5
+/* 0x13dc	1577 (10 11) */		sethi	%hi(0x1000),%g1
+/* 0x13e0	1578 (11 12) */		xor	%g1,-617,%g1
+/* 0x13e4	1579 (12 13) */		add	%g1,%fp,%g1
+/* 0x13e8	1580 (13 15) */		ldx	[%g1],%o1
+/* 0x13ec	1581 (14 16) */		ldx	[%g1-8],%o0
+/* 0x13f0	1582 (15 16) */		sllx	%o1,19,%o1
+/* 0x13f4	1583 (15 17) */		ldx	[%g1+16],%o3
+/* 0x13f8	1584 (16 17) */		add	%o0,%o1,%o0
+/* 0x13fc	1585 (16 18) */		ld	[%g4+4],%o1
+/* 0x1400	1586 (16 17) */		add	%g4,8,%g4
+/* 0x1404	1587 (17 18) */		sllx	%o3,19,%o3
+/* 0x1408	1588 (17 18) */		add	%o0,%o2,%o0
+/* 0x140c	1589 (17 19) */		ldx	[%g1+8],%o2
+/* 0x1410	1590 (18 19) */		st	%o0,[%g3-4]
+/* 0x1414	1591 (18 19) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000142
+!
+
+                                   .L990000142:		/* frequency 1.0 confidence 0.0 */
+/* 0x1418	1593 ( 0  1) */		add	%o2,%o3,%o2
+/* 0x141c	1594 ( 0  1) */		add	%i2,4,%i2
+/* 0x1420	1595 ( 0  2) */		ld	[%g4],%o3
+/* 0x1424	1596 ( 1  2) */		srl	%o0,0,%o5
+/* 0x1428	1597 ( 1  2) */		add	%o2,%o1,%o1
+/* 0x142c	1598 ( 1  3) */		ldx	[%g2],%o0
+/* 0x1430	1599 ( 3  4) */		sllx	%o0,19,%o2
+/* 0x1434	1600 ( 3  5) */		ldx	[%g5],%o0
+/* 0x1438	1601 ( 3  4) */		add	%o1,%o5,%o1
+/* 0x143c	1602 ( 4  5) */		st	%o1,[%g3]
+/* 0x1440	1603 ( 4  5) */		srlx	%o1,32,%o5
+/* 0x1444	1604 ( 4  5) */		subcc	%i2,%o4,%g0
+/* 0x1448	1605 ( 5  7) */		ldx	[%g2+16],%o1
+/* 0x144c	1606 ( 5  6) */		add	%o0,%o2,%o0
+/* 0x1450	1607 ( 5  6) */		add	%g3,16,%g3
+/* 0x1454	1608 ( 6  8) */		ld	[%g4+4],%o2
+/* 0x1458	1609 ( 6  7) */		add	%o0,%o3,%o0
+/* 0x145c	1610 ( 7  8) */		sllx	%o1,19,%o3
+/* 0x1460	1611 ( 7  9) */		ldx	[%g5+16],%o1
+/* 0x1464	1612 ( 7  8) */		add	%o0,%o5,%o0
+/* 0x1468	1613 ( 8  9) */		st	%o0,[%g3-12]
+/* 0x146c	1614 ( 8  9) */		srlx	%o0,32,%o5
+/* 0x1470	1615 ( 8  9) */		add	%g4,16,%g4
+/* 0x1474	1616 ( 9 11) */		ldx	[%g2+32],%o0
+/* 0x1478	1617 ( 9 10) */		add	%o1,%o3,%o1
+/* 0x147c	1618 ( 9 10) */		add	%g2,64,%g2
+/* 0x1480	1619 (10 12) */		ld	[%g4-8],%o3
+/* 0x1484	1620 (10 11) */		add	%o1,%o2,%o2
+/* 0x1488	1621 (11 12) */		sllx	%o0,19,%o1
+/* 0x148c	1622 (11 13) */		ldx	[%g5+32],%o0
+/* 0x1490	1623 (11 12) */		add	%o2,%o5,%o2
+/* 0x1494	1624 (12 13) */		st	%o2,[%g3-8]
+/* 0x1498	1625 (12 13) */		srlx	%o2,32,%o5
+/* 0x149c	1626 (12 13) */		add	%g5,64,%g5
+/* 0x14a0	1627 (13 15) */		ldx	[%g2-16],%o2
+/* 0x14a4	1628 (13 14) */		add	%o0,%o1,%o0
+/* 0x14a8	1629 (14 16) */		ld	[%g4-4],%o1
+/* 0x14ac	1630 (14 15) */		add	%o0,%o3,%o0
+/* 0x14b0	1631 (15 16) */		sllx	%o2,19,%o3
+/* 0x14b4	1632 (15 17) */		ldx	[%g5-16],%o2
+/* 0x14b8	1633 (15 16) */		add	%o0,%o5,%o0
+/* 0x14bc	1634 (16 17) */		st	%o0,[%g3-4]
+/* 0x14c0	1635 (16 17) */		bcs,pt	%icc,.L990000142	! tprob=0.50
+/* 0x14c4	     (16 17) */		srlx	%o0,32,%o0
+
+!
+! ENTRY .L990000145
+!
+
+                                   .L990000145:		/* frequency 1.0 confidence 0.0 */
+/* 0x14c8	1638 ( 0  1) */		add	%o2,%o3,%o3
+/* 0x14cc	1639 ( 0  1) */		add	%g3,4,%g3
+/* 0x14d0	1640 ( 1  2) */		srl	%o0,0,%o2
+/* 0x14d4	1641 ( 1  2) */		add	%o3,%o1,%o0
+/* 0x14d8	1642 ( 2  3) */		add	%o0,%o2,%o0
+/* 0x14dc	1643 ( 2  3) */		st	%o0,[%g3-4]
+/* 0x14e0	1644 ( 2  3) */		subcc	%i2,%o7,%g0
+/* 0x14e4	1645 ( 2  3) */		bcc,pn	%icc,.L77770061	! tprob=0.50
+/* 0x14e8	     ( 3  4) */		srlx	%o0,32,%o5
+
+!
+! ENTRY .L77000058
+!
+
+                                   .L77000058:		/* frequency 1.0 confidence 0.0 */
+/* 0x14ec	1648 ( 0  2) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L990000160
+!
+
+                                   .L990000160:		/* frequency 1.0 confidence 0.0 */
+/* 0x14f0	1650 ( 0  1) */		sllx	%o2,19,%o3
+/* 0x14f4	1651 ( 0  2) */		ldx	[%g5],%o0
+/* 0x14f8	1652 ( 0  1) */		add	%i2,1,%i2
+/* 0x14fc	1653 ( 1  2) */		srl	%o5,0,%o1
+/* 0x1500	1654 ( 1  3) */		ld	[%g4],%o2
+/* 0x1504	1655 ( 1  2) */		add	%g2,16,%g2
+/* 0x1508	1656 ( 2  3) */		add	%o0,%o3,%o0
+/* 0x150c	1657 ( 2  3) */		add	%g5,16,%g5
+/* 0x1510	1658 ( 3  4) */		add	%o0,%o2,%o0
+/* 0x1514	1659 ( 3  4) */		add	%g4,4,%g4
+/* 0x1518	1660 ( 4  5) */		add	%o0,%o1,%o0
+/* 0x151c	1661 ( 4  5) */		st	%o0,[%g3]
+/* 0x1520	1662 ( 4  5) */		subcc	%i2,%o7,%g0
+/* 0x1524	1663 ( 5  6) */		srlx	%o0,32,%o5
+/* 0x1528	1664 ( 5  6) */		add	%g3,4,%g3
+/* 0x152c	1665 ( 5  6) */		bcs,a,pt	%icc,.L990000160	! tprob=0.50
+/* 0x1530	     ( 6  8) */		ldx	[%g2],%o2
+
+!
+! ENTRY .L77770061
+!
+
+                                   .L77770061:		/* frequency 1.0 confidence 0.0 */
+/* 0x1534	     ( 0  2) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x1538	     ( 2  3) */		restore	%g0,%o5,%o0
+
+
+/* 0x124c	1476 ( 0  0) */		.type	mul_add,2
+/* 0x124c	1477 ( 0  0) */		.size	mul_add,(.-mul_add)
+/* 0x124c	1480 ( 0  0) */		.align	8
+/* 0x1250	1486 ( 0  0) */		.global	mul_add_inp
+
+!
+! ENTRY mul_add_inp
+!
+
+                                   	.global mul_add_inp
+                                   mul_add_inp:		/* frequency 1.0 confidence 0.0 */
+/* 0x1250	1488 ( 0  1) */		save	%sp,-176,%sp
+/* 0x1254	1500 ( 1  2) */		sra	%i2,0,%o3
+/* 0x1258	1501 ( 1  2) */		or	%g0,%i1,%o2
+/* 0x125c	1502 ( 2  3) */		or	%g0,%i0,%o0
+/* 0x1260	1503 ( 2  3) */		or	%g0,%i0,%o1
+/* 0x1264	1504 ( 3  5) */		call	mul_add	! params = 	! Result = 
+/* 0x1268	     ( 4  5) */		srl	%i3,0,%o4
+/* 0x126c	1506 ( 5  6) */		srl	%o0,0,%i0
+/* 0x1270	     ( 6  8) */		ret	! Result =  %o1 %o0 %f0 %f1
+/* 0x1274	     ( 8  9) */		restore	%g0,%g0,%g0
+/* 0x1278	1509 ( 0  0) */		.type	mul_add_inp,2
+/* 0x1278	1510 ( 0  0) */		.size	mul_add_inp,(.-mul_add_inp)
+
+	.section	".data",#alloc,#write
+/* 0x1278	   6 ( 0  0) */		.align	8
+
+!
+! ENTRY mask_cnst
+!
+
+                                   mask_cnst:		/* frequency 1.0 confidence 0.0 */
+/* 0x1278	   8 ( 0  0) */		.xword	-9223372034707292160
+/* 0x1280	   9 ( 0  0) */		.type	mask_cnst,#object
+/* 0x1280	  10 ( 0  0) */		.size	mask_cnst,8
+
diff --git a/nss/lib/freebl/mpi/mpvalpha.c b/nss/lib/freebl/mpi/mpvalpha.c
new file mode 100644
index 0000000..94e86ee
--- /dev/null
+++ b/nss/lib/freebl/mpi/mpvalpha.c
@@ -0,0 +1,183 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi-priv.h"
+#include <c_asm.h>
+
+#define MP_MUL_DxD(a, b, Phi, Plo)              \
+    {                                           \
+        Plo = asm("mulq %a0, %a1, %v0", a, b);  \
+        Phi = asm("umulh %a0, %a1, %v0", a, b); \
+    }
+
+/* This is empty for the loop in s_mpv_mul_d    */
+#define CARRY_ADD
+
+#define ONE_MUL                     \
+    a_i = *a++;                     \
+    MP_MUL_DxD(a_i, b, a1b1, a0b0); \
+    a0b0 += carry;                  \
+    if (a0b0 < carry)               \
+        ++a1b1;                     \
+    CARRY_ADD                       \
+    *c++ = a0b0;                    \
+    carry = a1b1;
+
+#define FOUR_MUL \
+    ONE_MUL      \
+    ONE_MUL      \
+    ONE_MUL      \
+    ONE_MUL
+
+#define SIXTEEN_MUL \
+    FOUR_MUL        \
+    FOUR_MUL        \
+    FOUR_MUL        \
+    FOUR_MUL
+
+#define THIRTYTWO_MUL \
+    SIXTEEN_MUL       \
+    SIXTEEN_MUL
+
+#define ONETWENTYEIGHT_MUL \
+    THIRTYTWO_MUL          \
+    THIRTYTWO_MUL          \
+    THIRTYTWO_MUL          \
+    THIRTYTWO_MUL
+
+#define EXPAND_256(CALL)                     \
+    mp_digit carry = 0;                      \
+    mp_digit a_i;                            \
+    mp_digit a0b0, a1b1;                     \
+    if (a_len & 255) {                       \
+        if (a_len & 1) {                     \
+            ONE_MUL                          \
+        }                                    \
+        if (a_len & 2) {                     \
+            ONE_MUL                          \
+            ONE_MUL                          \
+        }                                    \
+        if (a_len & 4) {                     \
+            FOUR_MUL                         \
+        }                                    \
+        if (a_len & 8) {                     \
+            FOUR_MUL                         \
+            FOUR_MUL                         \
+        }                                    \
+        if (a_len & 16) {                    \
+            SIXTEEN_MUL                      \
+        }                                    \
+        if (a_len & 32) {                    \
+            THIRTYTWO_MUL                    \
+        }                                    \
+        if (a_len & 64) {                    \
+            THIRTYTWO_MUL                    \
+            THIRTYTWO_MUL                    \
+        }                                    \
+        if (a_len & 128) {                   \
+            ONETWENTYEIGHT_MUL               \
+        }                                    \
+        a_len = a_len & (-256);              \
+    }                                        \
+    if (a_len >= 256) {                      \
+        carry = CALL(a, a_len, b, c, carry); \
+        c += a_len;                          \
+    }
+
+#define FUNC_NAME(NAME)                    \
+    mp_digit NAME(const mp_digit *a,       \
+                  mp_size a_len,           \
+                  mp_digit b, mp_digit *c, \
+                  mp_digit carry)
+
+#define DECLARE_MUL_256(FNAME) \
+    FUNC_NAME(FNAME)           \
+    {                          \
+        mp_digit a_i;          \
+        mp_digit a0b0, a1b1;   \
+        while (a_len) {        \
+            ONETWENTYEIGHT_MUL \
+            ONETWENTYEIGHT_MUL \
+            a_len -= 256;      \
+        }                      \
+        return carry;          \
+    }
+
+/* Expanding the loop in s_mpv_mul_d appeared to slow down the
+   (admittedly) small number of tests (i.e., timetest) used to
+   measure performance, so this define disables that optimization. */
+#define DO_NOT_EXPAND 1
+
+/* Need forward declaration so it can be instantiated after
+   the routine that uses it; this helps locality somewhat  */
+#if !defined(DO_NOT_EXPAND)
+FUNC_NAME(s_mpv_mul_d_MUL256);
+#endif
+
+/* c = a * b */
+void
+s_mpv_mul_d(const mp_digit *a, mp_size a_len,
+            mp_digit b, mp_digit *c)
+{
+#if defined(DO_NOT_EXPAND)
+    mp_digit carry = 0;
+    while (a_len--) {
+        mp_digit a_i = *a++;
+        mp_digit a0b0, a1b1;
+
+        MP_MUL_DxD(a_i, b, a1b1, a0b0);
+
+        a0b0 += carry;
+        if (a0b0 < carry)
+            ++a1b1;
+        *c++ = a0b0;
+        carry = a1b1;
+    }
+#else
+    EXPAND_256(s_mpv_mul_d_MUL256)
+#endif
+    *c = carry;
+}
+
+#if !defined(DO_NOT_EXPAND)
+DECLARE_MUL_256(s_mpv_mul_d_MUL256)
+#endif
+
+#undef CARRY_ADD
+/* This is redefined for the loop in s_mpv_mul_d_add */
+#define CARRY_ADD     \
+    a0b0 += a_i = *c; \
+    if (a0b0 < a_i)   \
+        ++a1b1;
+
+/* Need forward declaration so it can be instantiated between the
+   two routines that use it; this helps locality somewhat  */
+FUNC_NAME(s_mpv_mul_d_add_MUL256);
+
+/* c += a * b */
+void
+s_mpv_mul_d_add(const mp_digit *a, mp_size a_len,
+                mp_digit b, mp_digit *c)
+{
+    EXPAND_256(s_mpv_mul_d_add_MUL256)
+    *c = carry;
+}
+
+/* Instantiate multiply 256 routine here */
+DECLARE_MUL_256(s_mpv_mul_d_add_MUL256)
+
+/* Presently, this is only used by the Montgomery arithmetic code. */
+/* c += a * b */
+void
+s_mpv_mul_d_add_prop(const mp_digit *a, mp_size a_len,
+                     mp_digit b, mp_digit *c)
+{
+    EXPAND_256(s_mpv_mul_d_add_MUL256)
+    while (carry) {
+        mp_digit c_i = *c;
+        carry += c_i;
+        *c++ = carry;
+        carry = carry < c_i;
+    }
+}
diff --git a/nss/lib/freebl/mpi/mulsqr.c b/nss/lib/freebl/mpi/mulsqr.c
new file mode 100644
index 0000000..461d40a
--- /dev/null
+++ b/nss/lib/freebl/mpi/mulsqr.c
@@ -0,0 +1,84 @@
+/*
+ * Test whether to include squaring code given the current settings
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <time.h>
+
+#define MP_SQUARE 1 /* make sure squaring code is included */
+
+#include "mpi.h"
+#include "mpprime.h"
+
+int
+main(int argc, char *argv[])
+{
+    int ntests, prec, ix;
+    unsigned int seed;
+    clock_t start, stop;
+    double multime, sqrtime;
+    mp_int a, c;
+
+    seed = (unsigned int)time(NULL);
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <ntests> <nbits>\n", argv[0]);
+        return 1;
+    }
+
+    if ((ntests = abs(atoi(argv[1]))) == 0) {
+        fprintf(stderr, "%s: must request at least 1 test.\n", argv[0]);
+        return 1;
+    }
+    if ((prec = abs(atoi(argv[2]))) < CHAR_BIT) {
+        fprintf(stderr, "%s: must request at least %d bits.\n", argv[0],
+                CHAR_BIT);
+        return 1;
+    }
+
+    prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+
+    mp_init_size(&a, prec);
+    mp_init_size(&c, 2 * prec);
+
+    /* Test multiplication by self */
+    srand(seed);
+    start = clock();
+    for (ix = 0; ix < ntests; ix++) {
+        mpp_random_size(&a, prec);
+        mp_mul(&a, &a, &c);
+    }
+    stop = clock();
+
+    multime = (double)(stop - start) / CLOCKS_PER_SEC;
+
+    /* Test squaring */
+    srand(seed);
+    start = clock();
+    for (ix = 0; ix < ntests; ix++) {
+        mpp_random_size(&a, prec);
+        mp_sqr(&a, &c);
+    }
+    stop = clock();
+
+    sqrtime = (double)(stop - start) / CLOCKS_PER_SEC;
+
+    printf("Multiply: %.4f\n", multime);
+    printf("Square:   %.4f\n", sqrtime);
+    if (multime < sqrtime) {
+        printf("Speedup:  %.1f%%\n", 100.0 * (1.0 - multime / sqrtime));
+        printf("Prefer:   multiply\n");
+    } else {
+        printf("Speedup:  %.1f%%\n", 100.0 * (1.0 - sqrtime / multime));
+        printf("Prefer:   square\n");
+    }
+
+    mp_clear(&a);
+    mp_clear(&c);
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/multest b/nss/lib/freebl/mpi/multest
new file mode 100755
index 0000000..24752e0
--- /dev/null
+++ b/nss/lib/freebl/mpi/multest
@@ -0,0 +1,76 @@
+#!/bin/sh
+#
+# multest
+#
+# Run multiply and square timing tests, to compute a chart for the
+# current processor and compiler combination.
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ECHO=/bin/echo
+MAKE=gmake
+
+$ECHO "\n** Running multiply and square timing tests\n"
+
+$ECHO "Bringing 'mulsqr' up to date ... "
+if $MAKE mulsqr ; then
+    :
+else
+    $ECHO "\nMake failed to build mulsqr.\n"
+    exit 1
+fi
+
+if [ ! -x ./mulsqr ] ; then
+    $ECHO "\nCannot find 'mulsqr' program, testing cannot continue.\n"
+    exit 1
+fi
+
+sizes='64 128 192 256 320 384 448 512 640 768 896 1024 1536 2048'
+ntests=500000
+
+$ECHO "Running timing tests, please wait ... "
+
+trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP
+
+touch tt$$.tmp
+$ECHO $ntests tests >> tt$$.tmp
+for size in $sizes ; do
+    $ECHO "$size bits ... \c"
+    set -A res `./mulsqr $ntests $size|head -3|tr -d '%'|awk '{print $2}'`
+    $ECHO $size"\t"${res[0]}"\t"${res[1]}"\t"${res[2]} >> tt$$.tmp
+    $ECHO "(done)"
+done
+mv tt$$.tmp mulsqr-results.txt
+rm -f tt$$.tmp
+
+$ECHO "\n** Running Karatsuba-Ofman multiplication tests\n"
+
+$ECHO "Brining 'karatsuba' up to date ... "
+if $MAKE karatsuba ; then
+    :
+else
+    $ECHO "\nMake failed to build karatsuba.\n"
+    exit 1
+fi
+
+if [ ! -x ./karatsuba ] ; then
+    $ECHO "\nCannot find 'karatsuba' program, testing cannot continue.\n"
+    exit 1
+fi
+
+ntests=100000
+
+trap 'echo "oop!";rm -f tt*.tmp;exit 0' INT HUP
+
+touch tt$$.tmp
+for size in $sizes ; do
+    $ECHO "$size bits ... "
+    ./karatsuba $ntests $size >> tt$$.tmp
+    tail -2 tt$$.tmp
+done
+mv tt$$.tmp karatsuba-results.txt
+rm -f tt$$.tmp
+
+exit 0
diff --git a/nss/lib/freebl/mpi/primes.c b/nss/lib/freebl/mpi/primes.c
new file mode 100644
index 0000000..c8bd93f
--- /dev/null
+++ b/nss/lib/freebl/mpi/primes.c
@@ -0,0 +1,841 @@
+/*
+ * These tables of primes wwere generated using the 'sieve' program
+ * (sieve.c) and converted to this format with 'ptab.pl'.
+ *
+ * The 'small' table is just the first 128 primes.  The 'large' table
+ * is a table of all the prime values that will fit into a single
+ * mp_digit (given the current size of an mp_digit, which is two bytes).
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#if SMALL_TABLE
+#define MP_PRIME_TAB_SIZE 128
+#else
+#define MP_PRIME_TAB_SIZE 6542
+#endif
+
+const int prime_tab_size = MP_PRIME_TAB_SIZE;
+const mp_digit prime_tab[] = {
+    0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
+    0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
+    0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
+    0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083,
+    0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
+    0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
+    0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
+    0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
+    0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
+    0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
+    0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
+    0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
+    0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
+    0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
+    0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
+    0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
+#if !SMALL_TABLE
+    0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
+    0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
+    0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
+    0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
+    0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
+    0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
+    0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
+    0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
+    0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
+    0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
+    0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
+    0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
+    0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
+    0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
+    0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
+    0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653,
+    0x0655, 0x065B, 0x0665, 0x0679, 0x067F, 0x0683, 0x0685, 0x069D,
+    0x06A1, 0x06A3, 0x06AD, 0x06B9, 0x06BB, 0x06C5, 0x06CD, 0x06D3,
+    0x06D9, 0x06DF, 0x06F1, 0x06F7, 0x06FB, 0x06FD, 0x0709, 0x0713,
+    0x071F, 0x0727, 0x0737, 0x0745, 0x074B, 0x074F, 0x0751, 0x0755,
+    0x0757, 0x0761, 0x076D, 0x0773, 0x0779, 0x078B, 0x078D, 0x079D,
+    0x079F, 0x07B5, 0x07BB, 0x07C3, 0x07C9, 0x07CD, 0x07CF, 0x07D3,
+    0x07DB, 0x07E1, 0x07EB, 0x07ED, 0x07F7, 0x0805, 0x080F, 0x0815,
+    0x0821, 0x0823, 0x0827, 0x0829, 0x0833, 0x083F, 0x0841, 0x0851,
+    0x0853, 0x0859, 0x085D, 0x085F, 0x0869, 0x0871, 0x0883, 0x089B,
+    0x089F, 0x08A5, 0x08AD, 0x08BD, 0x08BF, 0x08C3, 0x08CB, 0x08DB,
+    0x08DD, 0x08E1, 0x08E9, 0x08EF, 0x08F5, 0x08F9, 0x0905, 0x0907,
+    0x091D, 0x0923, 0x0925, 0x092B, 0x092F, 0x0935, 0x0943, 0x0949,
+    0x094D, 0x094F, 0x0955, 0x0959, 0x095F, 0x096B, 0x0971, 0x0977,
+    0x0985, 0x0989, 0x098F, 0x099B, 0x09A3, 0x09A9, 0x09AD, 0x09C7,
+    0x09D9, 0x09E3, 0x09EB, 0x09EF, 0x09F5, 0x09F7, 0x09FD, 0x0A13,
+    0x0A1F, 0x0A21, 0x0A31, 0x0A39, 0x0A3D, 0x0A49, 0x0A57, 0x0A61,
+    0x0A63, 0x0A67, 0x0A6F, 0x0A75, 0x0A7B, 0x0A7F, 0x0A81, 0x0A85,
+    0x0A8B, 0x0A93, 0x0A97, 0x0A99, 0x0A9F, 0x0AA9, 0x0AAB, 0x0AB5,
+    0x0ABD, 0x0AC1, 0x0ACF, 0x0AD9, 0x0AE5, 0x0AE7, 0x0AED, 0x0AF1,
+    0x0AF3, 0x0B03, 0x0B11, 0x0B15, 0x0B1B, 0x0B23, 0x0B29, 0x0B2D,
+    0x0B3F, 0x0B47, 0x0B51, 0x0B57, 0x0B5D, 0x0B65, 0x0B6F, 0x0B7B,
+    0x0B89, 0x0B8D, 0x0B93, 0x0B99, 0x0B9B, 0x0BB7, 0x0BB9, 0x0BC3,
+    0x0BCB, 0x0BCF, 0x0BDD, 0x0BE1, 0x0BE9, 0x0BF5, 0x0BFB, 0x0C07,
+    0x0C0B, 0x0C11, 0x0C25, 0x0C2F, 0x0C31, 0x0C41, 0x0C5B, 0x0C5F,
+    0x0C61, 0x0C6D, 0x0C73, 0x0C77, 0x0C83, 0x0C89, 0x0C91, 0x0C95,
+    0x0C9D, 0x0CB3, 0x0CB5, 0x0CB9, 0x0CBB, 0x0CC7, 0x0CE3, 0x0CE5,
+    0x0CEB, 0x0CF1, 0x0CF7, 0x0CFB, 0x0D01, 0x0D03, 0x0D0F, 0x0D13,
+    0x0D1F, 0x0D21, 0x0D2B, 0x0D2D, 0x0D3D, 0x0D3F, 0x0D4F, 0x0D55,
+    0x0D69, 0x0D79, 0x0D81, 0x0D85, 0x0D87, 0x0D8B, 0x0D8D, 0x0DA3,
+    0x0DAB, 0x0DB7, 0x0DBD, 0x0DC7, 0x0DC9, 0x0DCD, 0x0DD3, 0x0DD5,
+    0x0DDB, 0x0DE5, 0x0DE7, 0x0DF3, 0x0DFD, 0x0DFF, 0x0E09, 0x0E17,
+    0x0E1D, 0x0E21, 0x0E27, 0x0E2F, 0x0E35, 0x0E3B, 0x0E4B, 0x0E57,
+    0x0E59, 0x0E5D, 0x0E6B, 0x0E71, 0x0E75, 0x0E7D, 0x0E87, 0x0E8F,
+    0x0E95, 0x0E9B, 0x0EB1, 0x0EB7, 0x0EB9, 0x0EC3, 0x0ED1, 0x0ED5,
+    0x0EDB, 0x0EED, 0x0EEF, 0x0EF9, 0x0F07, 0x0F0B, 0x0F0D, 0x0F17,
+    0x0F25, 0x0F29, 0x0F31, 0x0F43, 0x0F47, 0x0F4D, 0x0F4F, 0x0F53,
+    0x0F59, 0x0F5B, 0x0F67, 0x0F6B, 0x0F7F, 0x0F95, 0x0FA1, 0x0FA3,
+    0x0FA7, 0x0FAD, 0x0FB3, 0x0FB5, 0x0FBB, 0x0FD1, 0x0FD3, 0x0FD9,
+    0x0FE9, 0x0FEF, 0x0FFB, 0x0FFD, 0x1003, 0x100F, 0x101F, 0x1021,
+    0x1025, 0x102B, 0x1039, 0x103D, 0x103F, 0x1051, 0x1069, 0x1073,
+    0x1079, 0x107B, 0x1085, 0x1087, 0x1091, 0x1093, 0x109D, 0x10A3,
+    0x10A5, 0x10AF, 0x10B1, 0x10BB, 0x10C1, 0x10C9, 0x10E7, 0x10F1,
+    0x10F3, 0x10FD, 0x1105, 0x110B, 0x1115, 0x1127, 0x112D, 0x1139,
+    0x1145, 0x1147, 0x1159, 0x115F, 0x1163, 0x1169, 0x116F, 0x1181,
+    0x1183, 0x118D, 0x119B, 0x11A1, 0x11A5, 0x11A7, 0x11AB, 0x11C3,
+    0x11C5, 0x11D1, 0x11D7, 0x11E7, 0x11EF, 0x11F5, 0x11FB, 0x120D,
+    0x121D, 0x121F, 0x1223, 0x1229, 0x122B, 0x1231, 0x1237, 0x1241,
+    0x1247, 0x1253, 0x125F, 0x1271, 0x1273, 0x1279, 0x127D, 0x128F,
+    0x1297, 0x12AF, 0x12B3, 0x12B5, 0x12B9, 0x12BF, 0x12C1, 0x12CD,
+    0x12D1, 0x12DF, 0x12FD, 0x1307, 0x130D, 0x1319, 0x1327, 0x132D,
+    0x1337, 0x1343, 0x1345, 0x1349, 0x134F, 0x1357, 0x135D, 0x1367,
+    0x1369, 0x136D, 0x137B, 0x1381, 0x1387, 0x138B, 0x1391, 0x1393,
+    0x139D, 0x139F, 0x13AF, 0x13BB, 0x13C3, 0x13D5, 0x13D9, 0x13DF,
+    0x13EB, 0x13ED, 0x13F3, 0x13F9, 0x13FF, 0x141B, 0x1421, 0x142F,
+    0x1433, 0x143B, 0x1445, 0x144D, 0x1459, 0x146B, 0x146F, 0x1471,
+    0x1475, 0x148D, 0x1499, 0x149F, 0x14A1, 0x14B1, 0x14B7, 0x14BD,
+    0x14CB, 0x14D5, 0x14E3, 0x14E7, 0x1505, 0x150B, 0x1511, 0x1517,
+    0x151F, 0x1525, 0x1529, 0x152B, 0x1537, 0x153D, 0x1541, 0x1543,
+    0x1549, 0x155F, 0x1565, 0x1567, 0x156B, 0x157D, 0x157F, 0x1583,
+    0x158F, 0x1591, 0x1597, 0x159B, 0x15B5, 0x15BB, 0x15C1, 0x15C5,
+    0x15CD, 0x15D7, 0x15F7, 0x1607, 0x1609, 0x160F, 0x1613, 0x1615,
+    0x1619, 0x161B, 0x1625, 0x1633, 0x1639, 0x163D, 0x1645, 0x164F,
+    0x1655, 0x1669, 0x166D, 0x166F, 0x1675, 0x1693, 0x1697, 0x169F,
+    0x16A9, 0x16AF, 0x16B5, 0x16BD, 0x16C3, 0x16CF, 0x16D3, 0x16D9,
+    0x16DB, 0x16E1, 0x16E5, 0x16EB, 0x16ED, 0x16F7, 0x16F9, 0x1709,
+    0x170F, 0x1723, 0x1727, 0x1733, 0x1741, 0x175D, 0x1763, 0x1777,
+    0x177B, 0x178D, 0x1795, 0x179B, 0x179F, 0x17A5, 0x17B3, 0x17B9,
+    0x17BF, 0x17C9, 0x17CB, 0x17D5, 0x17E1, 0x17E9, 0x17F3, 0x17F5,
+    0x17FF, 0x1807, 0x1813, 0x181D, 0x1835, 0x1837, 0x183B, 0x1843,
+    0x1849, 0x184D, 0x1855, 0x1867, 0x1871, 0x1877, 0x187D, 0x187F,
+    0x1885, 0x188F, 0x189B, 0x189D, 0x18A7, 0x18AD, 0x18B3, 0x18B9,
+    0x18C1, 0x18C7, 0x18D1, 0x18D7, 0x18D9, 0x18DF, 0x18E5, 0x18EB,
+    0x18F5, 0x18FD, 0x1915, 0x191B, 0x1931, 0x1933, 0x1945, 0x1949,
+    0x1951, 0x195B, 0x1979, 0x1981, 0x1993, 0x1997, 0x1999, 0x19A3,
+    0x19A9, 0x19AB, 0x19B1, 0x19B5, 0x19C7, 0x19CF, 0x19DB, 0x19ED,
+    0x19FD, 0x1A03, 0x1A05, 0x1A11, 0x1A17, 0x1A21, 0x1A23, 0x1A2D,
+    0x1A2F, 0x1A35, 0x1A3F, 0x1A4D, 0x1A51, 0x1A69, 0x1A6B, 0x1A7B,
+    0x1A7D, 0x1A87, 0x1A89, 0x1A93, 0x1AA7, 0x1AAB, 0x1AAD, 0x1AB1,
+    0x1AB9, 0x1AC9, 0x1ACF, 0x1AD5, 0x1AD7, 0x1AE3, 0x1AF3, 0x1AFB,
+    0x1AFF, 0x1B05, 0x1B23, 0x1B25, 0x1B2F, 0x1B31, 0x1B37, 0x1B3B,
+    0x1B41, 0x1B47, 0x1B4F, 0x1B55, 0x1B59, 0x1B65, 0x1B6B, 0x1B73,
+    0x1B7F, 0x1B83, 0x1B91, 0x1B9D, 0x1BA7, 0x1BBF, 0x1BC5, 0x1BD1,
+    0x1BD7, 0x1BD9, 0x1BEF, 0x1BF7, 0x1C09, 0x1C13, 0x1C19, 0x1C27,
+    0x1C2B, 0x1C2D, 0x1C33, 0x1C3D, 0x1C45, 0x1C4B, 0x1C4F, 0x1C55,
+    0x1C73, 0x1C81, 0x1C8B, 0x1C8D, 0x1C99, 0x1CA3, 0x1CA5, 0x1CB5,
+    0x1CB7, 0x1CC9, 0x1CE1, 0x1CF3, 0x1CF9, 0x1D09, 0x1D1B, 0x1D21,
+    0x1D23, 0x1D35, 0x1D39, 0x1D3F, 0x1D41, 0x1D4B, 0x1D53, 0x1D5D,
+    0x1D63, 0x1D69, 0x1D71, 0x1D75, 0x1D7B, 0x1D7D, 0x1D87, 0x1D89,
+    0x1D95, 0x1D99, 0x1D9F, 0x1DA5, 0x1DA7, 0x1DB3, 0x1DB7, 0x1DC5,
+    0x1DD7, 0x1DDB, 0x1DE1, 0x1DF5, 0x1DF9, 0x1E01, 0x1E07, 0x1E0B,
+    0x1E13, 0x1E17, 0x1E25, 0x1E2B, 0x1E2F, 0x1E3D, 0x1E49, 0x1E4D,
+    0x1E4F, 0x1E6D, 0x1E71, 0x1E89, 0x1E8F, 0x1E95, 0x1EA1, 0x1EAD,
+    0x1EBB, 0x1EC1, 0x1EC5, 0x1EC7, 0x1ECB, 0x1EDD, 0x1EE3, 0x1EEF,
+    0x1EF7, 0x1EFD, 0x1F01, 0x1F0D, 0x1F0F, 0x1F1B, 0x1F39, 0x1F49,
+    0x1F4B, 0x1F51, 0x1F67, 0x1F75, 0x1F7B, 0x1F85, 0x1F91, 0x1F97,
+    0x1F99, 0x1F9D, 0x1FA5, 0x1FAF, 0x1FB5, 0x1FBB, 0x1FD3, 0x1FE1,
+    0x1FE7, 0x1FEB, 0x1FF3, 0x1FFF, 0x2011, 0x201B, 0x201D, 0x2027,
+    0x2029, 0x202D, 0x2033, 0x2047, 0x204D, 0x2051, 0x205F, 0x2063,
+    0x2065, 0x2069, 0x2077, 0x207D, 0x2089, 0x20A1, 0x20AB, 0x20B1,
+    0x20B9, 0x20C3, 0x20C5, 0x20E3, 0x20E7, 0x20ED, 0x20EF, 0x20FB,
+    0x20FF, 0x210D, 0x2113, 0x2135, 0x2141, 0x2149, 0x214F, 0x2159,
+    0x215B, 0x215F, 0x2173, 0x217D, 0x2185, 0x2195, 0x2197, 0x21A1,
+    0x21AF, 0x21B3, 0x21B5, 0x21C1, 0x21C7, 0x21D7, 0x21DD, 0x21E5,
+    0x21E9, 0x21F1, 0x21F5, 0x21FB, 0x2203, 0x2209, 0x220F, 0x221B,
+    0x2221, 0x2225, 0x222B, 0x2231, 0x2239, 0x224B, 0x224F, 0x2263,
+    0x2267, 0x2273, 0x2275, 0x227F, 0x2285, 0x2287, 0x2291, 0x229D,
+    0x229F, 0x22A3, 0x22B7, 0x22BD, 0x22DB, 0x22E1, 0x22E5, 0x22ED,
+    0x22F7, 0x2303, 0x2309, 0x230B, 0x2327, 0x2329, 0x232F, 0x2333,
+    0x2335, 0x2345, 0x2351, 0x2353, 0x2359, 0x2363, 0x236B, 0x2383,
+    0x238F, 0x2395, 0x23A7, 0x23AD, 0x23B1, 0x23BF, 0x23C5, 0x23C9,
+    0x23D5, 0x23DD, 0x23E3, 0x23EF, 0x23F3, 0x23F9, 0x2405, 0x240B,
+    0x2417, 0x2419, 0x2429, 0x243D, 0x2441, 0x2443, 0x244D, 0x245F,
+    0x2467, 0x246B, 0x2479, 0x247D, 0x247F, 0x2485, 0x249B, 0x24A1,
+    0x24AF, 0x24B5, 0x24BB, 0x24C5, 0x24CB, 0x24CD, 0x24D7, 0x24D9,
+    0x24DD, 0x24DF, 0x24F5, 0x24F7, 0x24FB, 0x2501, 0x2507, 0x2513,
+    0x2519, 0x2527, 0x2531, 0x253D, 0x2543, 0x254B, 0x254F, 0x2573,
+    0x2581, 0x258D, 0x2593, 0x2597, 0x259D, 0x259F, 0x25AB, 0x25B1,
+    0x25BD, 0x25CD, 0x25CF, 0x25D9, 0x25E1, 0x25F7, 0x25F9, 0x2605,
+    0x260B, 0x260F, 0x2615, 0x2627, 0x2629, 0x2635, 0x263B, 0x263F,
+    0x264B, 0x2653, 0x2659, 0x2665, 0x2669, 0x266F, 0x267B, 0x2681,
+    0x2683, 0x268F, 0x269B, 0x269F, 0x26AD, 0x26B3, 0x26C3, 0x26C9,
+    0x26CB, 0x26D5, 0x26DD, 0x26EF, 0x26F5, 0x2717, 0x2719, 0x2735,
+    0x2737, 0x274D, 0x2753, 0x2755, 0x275F, 0x276B, 0x276D, 0x2773,
+    0x2777, 0x277F, 0x2795, 0x279B, 0x279D, 0x27A7, 0x27AF, 0x27B3,
+    0x27B9, 0x27C1, 0x27C5, 0x27D1, 0x27E3, 0x27EF, 0x2803, 0x2807,
+    0x280D, 0x2813, 0x281B, 0x281F, 0x2821, 0x2831, 0x283D, 0x283F,
+    0x2849, 0x2851, 0x285B, 0x285D, 0x2861, 0x2867, 0x2875, 0x2881,
+    0x2897, 0x289F, 0x28BB, 0x28BD, 0x28C1, 0x28D5, 0x28D9, 0x28DB,
+    0x28DF, 0x28ED, 0x28F7, 0x2903, 0x2905, 0x2911, 0x2921, 0x2923,
+    0x293F, 0x2947, 0x295D, 0x2965, 0x2969, 0x296F, 0x2975, 0x2983,
+    0x2987, 0x298F, 0x299B, 0x29A1, 0x29A7, 0x29AB, 0x29BF, 0x29C3,
+    0x29D5, 0x29D7, 0x29E3, 0x29E9, 0x29ED, 0x29F3, 0x2A01, 0x2A13,
+    0x2A1D, 0x2A25, 0x2A2F, 0x2A4F, 0x2A55, 0x2A5F, 0x2A65, 0x2A6B,
+    0x2A6D, 0x2A73, 0x2A83, 0x2A89, 0x2A8B, 0x2A97, 0x2A9D, 0x2AB9,
+    0x2ABB, 0x2AC5, 0x2ACD, 0x2ADD, 0x2AE3, 0x2AEB, 0x2AF1, 0x2AFB,
+    0x2B13, 0x2B27, 0x2B31, 0x2B33, 0x2B3D, 0x2B3F, 0x2B4B, 0x2B4F,
+    0x2B55, 0x2B69, 0x2B6D, 0x2B6F, 0x2B7B, 0x2B8D, 0x2B97, 0x2B99,
+    0x2BA3, 0x2BA5, 0x2BA9, 0x2BBD, 0x2BCD, 0x2BE7, 0x2BEB, 0x2BF3,
+    0x2BF9, 0x2BFD, 0x2C09, 0x2C0F, 0x2C17, 0x2C23, 0x2C2F, 0x2C35,
+    0x2C39, 0x2C41, 0x2C57, 0x2C59, 0x2C69, 0x2C77, 0x2C81, 0x2C87,
+    0x2C93, 0x2C9F, 0x2CAD, 0x2CB3, 0x2CB7, 0x2CCB, 0x2CCF, 0x2CDB,
+    0x2CE1, 0x2CE3, 0x2CE9, 0x2CEF, 0x2CFF, 0x2D07, 0x2D1D, 0x2D1F,
+    0x2D3B, 0x2D43, 0x2D49, 0x2D4D, 0x2D61, 0x2D65, 0x2D71, 0x2D89,
+    0x2D9D, 0x2DA1, 0x2DA9, 0x2DB3, 0x2DB5, 0x2DC5, 0x2DC7, 0x2DD3,
+    0x2DDF, 0x2E01, 0x2E03, 0x2E07, 0x2E0D, 0x2E19, 0x2E1F, 0x2E25,
+    0x2E2D, 0x2E33, 0x2E37, 0x2E39, 0x2E3F, 0x2E57, 0x2E5B, 0x2E6F,
+    0x2E79, 0x2E7F, 0x2E85, 0x2E93, 0x2E97, 0x2E9D, 0x2EA3, 0x2EA5,
+    0x2EB1, 0x2EB7, 0x2EC1, 0x2EC3, 0x2ECD, 0x2ED3, 0x2EE7, 0x2EEB,
+    0x2F05, 0x2F09, 0x2F0B, 0x2F11, 0x2F27, 0x2F29, 0x2F41, 0x2F45,
+    0x2F4B, 0x2F4D, 0x2F51, 0x2F57, 0x2F6F, 0x2F75, 0x2F7D, 0x2F81,
+    0x2F83, 0x2FA5, 0x2FAB, 0x2FB3, 0x2FC3, 0x2FCF, 0x2FD1, 0x2FDB,
+    0x2FDD, 0x2FE7, 0x2FED, 0x2FF5, 0x2FF9, 0x3001, 0x300D, 0x3023,
+    0x3029, 0x3037, 0x303B, 0x3055, 0x3059, 0x305B, 0x3067, 0x3071,
+    0x3079, 0x307D, 0x3085, 0x3091, 0x3095, 0x30A3, 0x30A9, 0x30B9,
+    0x30BF, 0x30C7, 0x30CB, 0x30D1, 0x30D7, 0x30DF, 0x30E5, 0x30EF,
+    0x30FB, 0x30FD, 0x3103, 0x3109, 0x3119, 0x3121, 0x3127, 0x312D,
+    0x3139, 0x3143, 0x3145, 0x314B, 0x315D, 0x3161, 0x3167, 0x316D,
+    0x3173, 0x317F, 0x3191, 0x3199, 0x319F, 0x31A9, 0x31B1, 0x31C3,
+    0x31C7, 0x31D5, 0x31DB, 0x31ED, 0x31F7, 0x31FF, 0x3209, 0x3215,
+    0x3217, 0x321D, 0x3229, 0x3235, 0x3259, 0x325D, 0x3263, 0x326B,
+    0x326F, 0x3275, 0x3277, 0x327B, 0x328D, 0x3299, 0x329F, 0x32A7,
+    0x32AD, 0x32B3, 0x32B7, 0x32C9, 0x32CB, 0x32CF, 0x32D1, 0x32E9,
+    0x32ED, 0x32F3, 0x32F9, 0x3307, 0x3325, 0x332B, 0x332F, 0x3335,
+    0x3341, 0x3347, 0x335B, 0x335F, 0x3367, 0x336B, 0x3373, 0x3379,
+    0x337F, 0x3383, 0x33A1, 0x33A3, 0x33AD, 0x33B9, 0x33C1, 0x33CB,
+    0x33D3, 0x33EB, 0x33F1, 0x33FD, 0x3401, 0x340F, 0x3413, 0x3419,
+    0x341B, 0x3437, 0x3445, 0x3455, 0x3457, 0x3463, 0x3469, 0x346D,
+    0x3481, 0x348B, 0x3491, 0x3497, 0x349D, 0x34A5, 0x34AF, 0x34BB,
+    0x34C9, 0x34D3, 0x34E1, 0x34F1, 0x34FF, 0x3509, 0x3517, 0x351D,
+    0x352D, 0x3533, 0x353B, 0x3541, 0x3551, 0x3565, 0x356F, 0x3571,
+    0x3577, 0x357B, 0x357D, 0x3581, 0x358D, 0x358F, 0x3599, 0x359B,
+    0x35A1, 0x35B7, 0x35BD, 0x35BF, 0x35C3, 0x35D5, 0x35DD, 0x35E7,
+    0x35EF, 0x3605, 0x3607, 0x3611, 0x3623, 0x3631, 0x3635, 0x3637,
+    0x363B, 0x364D, 0x364F, 0x3653, 0x3659, 0x3661, 0x366B, 0x366D,
+    0x368B, 0x368F, 0x36AD, 0x36AF, 0x36B9, 0x36BB, 0x36CD, 0x36D1,
+    0x36E3, 0x36E9, 0x36F7, 0x3701, 0x3703, 0x3707, 0x371B, 0x373F,
+    0x3745, 0x3749, 0x374F, 0x375D, 0x3761, 0x3775, 0x377F, 0x378D,
+    0x37A3, 0x37A9, 0x37AB, 0x37C9, 0x37D5, 0x37DF, 0x37F1, 0x37F3,
+    0x37F7, 0x3805, 0x380B, 0x3821, 0x3833, 0x3835, 0x3841, 0x3847,
+    0x384B, 0x3853, 0x3857, 0x385F, 0x3865, 0x386F, 0x3871, 0x387D,
+    0x388F, 0x3899, 0x38A7, 0x38B7, 0x38C5, 0x38C9, 0x38CF, 0x38D5,
+    0x38D7, 0x38DD, 0x38E1, 0x38E3, 0x38FF, 0x3901, 0x391D, 0x3923,
+    0x3925, 0x3929, 0x392F, 0x393D, 0x3941, 0x394D, 0x395B, 0x396B,
+    0x3979, 0x397D, 0x3983, 0x398B, 0x3991, 0x3995, 0x399B, 0x39A1,
+    0x39A7, 0x39AF, 0x39B3, 0x39BB, 0x39BF, 0x39CD, 0x39DD, 0x39E5,
+    0x39EB, 0x39EF, 0x39FB, 0x3A03, 0x3A13, 0x3A15, 0x3A1F, 0x3A27,
+    0x3A2B, 0x3A31, 0x3A4B, 0x3A51, 0x3A5B, 0x3A63, 0x3A67, 0x3A6D,
+    0x3A79, 0x3A87, 0x3AA5, 0x3AA9, 0x3AB7, 0x3ACD, 0x3AD5, 0x3AE1,
+    0x3AE5, 0x3AEB, 0x3AF3, 0x3AFD, 0x3B03, 0x3B11, 0x3B1B, 0x3B21,
+    0x3B23, 0x3B2D, 0x3B39, 0x3B45, 0x3B53, 0x3B59, 0x3B5F, 0x3B71,
+    0x3B7B, 0x3B81, 0x3B89, 0x3B9B, 0x3B9F, 0x3BA5, 0x3BA7, 0x3BAD,
+    0x3BB7, 0x3BB9, 0x3BC3, 0x3BCB, 0x3BD1, 0x3BD7, 0x3BE1, 0x3BE3,
+    0x3BF5, 0x3BFF, 0x3C01, 0x3C0D, 0x3C11, 0x3C17, 0x3C1F, 0x3C29,
+    0x3C35, 0x3C43, 0x3C4F, 0x3C53, 0x3C5B, 0x3C65, 0x3C6B, 0x3C71,
+    0x3C85, 0x3C89, 0x3C97, 0x3CA7, 0x3CB5, 0x3CBF, 0x3CC7, 0x3CD1,
+    0x3CDD, 0x3CDF, 0x3CF1, 0x3CF7, 0x3D03, 0x3D0D, 0x3D19, 0x3D1B,
+    0x3D1F, 0x3D21, 0x3D2D, 0x3D33, 0x3D37, 0x3D3F, 0x3D43, 0x3D6F,
+    0x3D73, 0x3D75, 0x3D79, 0x3D7B, 0x3D85, 0x3D91, 0x3D97, 0x3D9D,
+    0x3DAB, 0x3DAF, 0x3DB5, 0x3DBB, 0x3DC1, 0x3DC9, 0x3DCF, 0x3DF3,
+    0x3E05, 0x3E09, 0x3E0F, 0x3E11, 0x3E1D, 0x3E23, 0x3E29, 0x3E2F,
+    0x3E33, 0x3E41, 0x3E57, 0x3E63, 0x3E65, 0x3E77, 0x3E81, 0x3E87,
+    0x3EA1, 0x3EB9, 0x3EBD, 0x3EBF, 0x3EC3, 0x3EC5, 0x3EC9, 0x3ED7,
+    0x3EDB, 0x3EE1, 0x3EE7, 0x3EEF, 0x3EFF, 0x3F0B, 0x3F0D, 0x3F37,
+    0x3F3B, 0x3F3D, 0x3F41, 0x3F59, 0x3F5F, 0x3F65, 0x3F67, 0x3F79,
+    0x3F7D, 0x3F8B, 0x3F91, 0x3FAD, 0x3FBF, 0x3FCD, 0x3FD3, 0x3FDD,
+    0x3FE9, 0x3FEB, 0x3FF1, 0x3FFD, 0x401B, 0x4021, 0x4025, 0x402B,
+    0x4031, 0x403F, 0x4043, 0x4045, 0x405D, 0x4061, 0x4067, 0x406D,
+    0x4087, 0x4091, 0x40A3, 0x40A9, 0x40B1, 0x40B7, 0x40BD, 0x40DB,
+    0x40DF, 0x40EB, 0x40F7, 0x40F9, 0x4109, 0x410B, 0x4111, 0x4115,
+    0x4121, 0x4133, 0x4135, 0x413B, 0x413F, 0x4159, 0x4165, 0x416B,
+    0x4177, 0x417B, 0x4193, 0x41AB, 0x41B7, 0x41BD, 0x41BF, 0x41CB,
+    0x41E7, 0x41EF, 0x41F3, 0x41F9, 0x4205, 0x4207, 0x4219, 0x421F,
+    0x4223, 0x4229, 0x422F, 0x4243, 0x4253, 0x4255, 0x425B, 0x4261,
+    0x4273, 0x427D, 0x4283, 0x4285, 0x4289, 0x4291, 0x4297, 0x429D,
+    0x42B5, 0x42C5, 0x42CB, 0x42D3, 0x42DD, 0x42E3, 0x42F1, 0x4307,
+    0x430F, 0x431F, 0x4325, 0x4327, 0x4333, 0x4337, 0x4339, 0x434F,
+    0x4357, 0x4369, 0x438B, 0x438D, 0x4393, 0x43A5, 0x43A9, 0x43AF,
+    0x43B5, 0x43BD, 0x43C7, 0x43CF, 0x43E1, 0x43E7, 0x43EB, 0x43ED,
+    0x43F1, 0x43F9, 0x4409, 0x440B, 0x4417, 0x4423, 0x4429, 0x443B,
+    0x443F, 0x4445, 0x444B, 0x4451, 0x4453, 0x4459, 0x4465, 0x446F,
+    0x4483, 0x448F, 0x44A1, 0x44A5, 0x44AB, 0x44AD, 0x44BD, 0x44BF,
+    0x44C9, 0x44D7, 0x44DB, 0x44F9, 0x44FB, 0x4505, 0x4511, 0x4513,
+    0x452B, 0x4531, 0x4541, 0x4549, 0x4553, 0x4555, 0x4561, 0x4577,
+    0x457D, 0x457F, 0x458F, 0x45A3, 0x45AD, 0x45AF, 0x45BB, 0x45C7,
+    0x45D9, 0x45E3, 0x45EF, 0x45F5, 0x45F7, 0x4601, 0x4603, 0x4609,
+    0x4613, 0x4625, 0x4627, 0x4633, 0x4639, 0x463D, 0x4643, 0x4645,
+    0x465D, 0x4679, 0x467B, 0x467F, 0x4681, 0x468B, 0x468D, 0x469D,
+    0x46A9, 0x46B1, 0x46C7, 0x46C9, 0x46CF, 0x46D3, 0x46D5, 0x46DF,
+    0x46E5, 0x46F9, 0x4705, 0x470F, 0x4717, 0x4723, 0x4729, 0x472F,
+    0x4735, 0x4739, 0x474B, 0x474D, 0x4751, 0x475D, 0x476F, 0x4771,
+    0x477D, 0x4783, 0x4787, 0x4789, 0x4799, 0x47A5, 0x47B1, 0x47BF,
+    0x47C3, 0x47CB, 0x47DD, 0x47E1, 0x47ED, 0x47FB, 0x4801, 0x4807,
+    0x480B, 0x4813, 0x4819, 0x481D, 0x4831, 0x483D, 0x4847, 0x4855,
+    0x4859, 0x485B, 0x486B, 0x486D, 0x4879, 0x4897, 0x489B, 0x48A1,
+    0x48B9, 0x48CD, 0x48E5, 0x48EF, 0x48F7, 0x4903, 0x490D, 0x4919,
+    0x491F, 0x492B, 0x4937, 0x493D, 0x4945, 0x4955, 0x4963, 0x4969,
+    0x496D, 0x4973, 0x4997, 0x49AB, 0x49B5, 0x49D3, 0x49DF, 0x49E1,
+    0x49E5, 0x49E7, 0x4A03, 0x4A0F, 0x4A1D, 0x4A23, 0x4A39, 0x4A41,
+    0x4A45, 0x4A57, 0x4A5D, 0x4A6B, 0x4A7D, 0x4A81, 0x4A87, 0x4A89,
+    0x4A8F, 0x4AB1, 0x4AC3, 0x4AC5, 0x4AD5, 0x4ADB, 0x4AED, 0x4AEF,
+    0x4B07, 0x4B0B, 0x4B0D, 0x4B13, 0x4B1F, 0x4B25, 0x4B31, 0x4B3B,
+    0x4B43, 0x4B49, 0x4B59, 0x4B65, 0x4B6D, 0x4B77, 0x4B85, 0x4BAD,
+    0x4BB3, 0x4BB5, 0x4BBB, 0x4BBF, 0x4BCB, 0x4BD9, 0x4BDD, 0x4BDF,
+    0x4BE3, 0x4BE5, 0x4BE9, 0x4BF1, 0x4BF7, 0x4C01, 0x4C07, 0x4C0D,
+    0x4C0F, 0x4C15, 0x4C1B, 0x4C21, 0x4C2D, 0x4C33, 0x4C4B, 0x4C55,
+    0x4C57, 0x4C61, 0x4C67, 0x4C73, 0x4C79, 0x4C7F, 0x4C8D, 0x4C93,
+    0x4C99, 0x4CCD, 0x4CE1, 0x4CE7, 0x4CF1, 0x4CF3, 0x4CFD, 0x4D05,
+    0x4D0F, 0x4D1B, 0x4D27, 0x4D29, 0x4D2F, 0x4D33, 0x4D41, 0x4D51,
+    0x4D59, 0x4D65, 0x4D6B, 0x4D81, 0x4D83, 0x4D8D, 0x4D95, 0x4D9B,
+    0x4DB1, 0x4DB3, 0x4DC9, 0x4DCF, 0x4DD7, 0x4DE1, 0x4DED, 0x4DF9,
+    0x4DFB, 0x4E05, 0x4E0B, 0x4E17, 0x4E19, 0x4E1D, 0x4E2B, 0x4E35,
+    0x4E37, 0x4E3D, 0x4E4F, 0x4E53, 0x4E5F, 0x4E67, 0x4E79, 0x4E85,
+    0x4E8B, 0x4E91, 0x4E95, 0x4E9B, 0x4EA1, 0x4EAF, 0x4EB3, 0x4EB5,
+    0x4EC1, 0x4ECD, 0x4ED1, 0x4ED7, 0x4EE9, 0x4EFB, 0x4F07, 0x4F09,
+    0x4F19, 0x4F25, 0x4F2D, 0x4F3F, 0x4F49, 0x4F63, 0x4F67, 0x4F6D,
+    0x4F75, 0x4F7B, 0x4F81, 0x4F85, 0x4F87, 0x4F91, 0x4FA5, 0x4FA9,
+    0x4FAF, 0x4FB7, 0x4FBB, 0x4FCF, 0x4FD9, 0x4FDB, 0x4FFD, 0x4FFF,
+    0x5003, 0x501B, 0x501D, 0x5029, 0x5035, 0x503F, 0x5045, 0x5047,
+    0x5053, 0x5071, 0x5077, 0x5083, 0x5093, 0x509F, 0x50A1, 0x50B7,
+    0x50C9, 0x50D5, 0x50E3, 0x50ED, 0x50EF, 0x50FB, 0x5107, 0x510B,
+    0x510D, 0x5111, 0x5117, 0x5123, 0x5125, 0x5135, 0x5147, 0x5149,
+    0x5171, 0x5179, 0x5189, 0x518F, 0x5197, 0x51A1, 0x51A3, 0x51A7,
+    0x51B9, 0x51C1, 0x51CB, 0x51D3, 0x51DF, 0x51E3, 0x51F5, 0x51F7,
+    0x5209, 0x5213, 0x5215, 0x5219, 0x521B, 0x521F, 0x5227, 0x5243,
+    0x5245, 0x524B, 0x5261, 0x526D, 0x5273, 0x5281, 0x5293, 0x5297,
+    0x529D, 0x52A5, 0x52AB, 0x52B1, 0x52BB, 0x52C3, 0x52C7, 0x52C9,
+    0x52DB, 0x52E5, 0x52EB, 0x52FF, 0x5315, 0x531D, 0x5323, 0x5341,
+    0x5345, 0x5347, 0x534B, 0x535D, 0x5363, 0x5381, 0x5383, 0x5387,
+    0x538F, 0x5395, 0x5399, 0x539F, 0x53AB, 0x53B9, 0x53DB, 0x53E9,
+    0x53EF, 0x53F3, 0x53F5, 0x53FB, 0x53FF, 0x540D, 0x5411, 0x5413,
+    0x5419, 0x5435, 0x5437, 0x543B, 0x5441, 0x5449, 0x5453, 0x5455,
+    0x545F, 0x5461, 0x546B, 0x546D, 0x5471, 0x548F, 0x5491, 0x549D,
+    0x54A9, 0x54B3, 0x54C5, 0x54D1, 0x54DF, 0x54E9, 0x54EB, 0x54F7,
+    0x54FD, 0x5507, 0x550D, 0x551B, 0x5527, 0x552B, 0x5539, 0x553D,
+    0x554F, 0x5551, 0x555B, 0x5563, 0x5567, 0x556F, 0x5579, 0x5585,
+    0x5597, 0x55A9, 0x55B1, 0x55B7, 0x55C9, 0x55D9, 0x55E7, 0x55ED,
+    0x55F3, 0x55FD, 0x560B, 0x560F, 0x5615, 0x5617, 0x5623, 0x562F,
+    0x5633, 0x5639, 0x563F, 0x564B, 0x564D, 0x565D, 0x565F, 0x566B,
+    0x5671, 0x5675, 0x5683, 0x5689, 0x568D, 0x568F, 0x569B, 0x56AD,
+    0x56B1, 0x56D5, 0x56E7, 0x56F3, 0x56FF, 0x5701, 0x5705, 0x5707,
+    0x570B, 0x5713, 0x571F, 0x5723, 0x5747, 0x574D, 0x575F, 0x5761,
+    0x576D, 0x5777, 0x577D, 0x5789, 0x57A1, 0x57A9, 0x57AF, 0x57B5,
+    0x57C5, 0x57D1, 0x57D3, 0x57E5, 0x57EF, 0x5803, 0x580D, 0x580F,
+    0x5815, 0x5827, 0x582B, 0x582D, 0x5855, 0x585B, 0x585D, 0x586D,
+    0x586F, 0x5873, 0x587B, 0x588D, 0x5897, 0x58A3, 0x58A9, 0x58AB,
+    0x58B5, 0x58BD, 0x58C1, 0x58C7, 0x58D3, 0x58D5, 0x58DF, 0x58F1,
+    0x58F9, 0x58FF, 0x5903, 0x5917, 0x591B, 0x5921, 0x5945, 0x594B,
+    0x594D, 0x5957, 0x595D, 0x5975, 0x597B, 0x5989, 0x5999, 0x599F,
+    0x59B1, 0x59B3, 0x59BD, 0x59D1, 0x59DB, 0x59E3, 0x59E9, 0x59ED,
+    0x59F3, 0x59F5, 0x59FF, 0x5A01, 0x5A0D, 0x5A11, 0x5A13, 0x5A17,
+    0x5A1F, 0x5A29, 0x5A2F, 0x5A3B, 0x5A4D, 0x5A5B, 0x5A67, 0x5A77,
+    0x5A7F, 0x5A85, 0x5A95, 0x5A9D, 0x5AA1, 0x5AA3, 0x5AA9, 0x5ABB,
+    0x5AD3, 0x5AE5, 0x5AEF, 0x5AFB, 0x5AFD, 0x5B01, 0x5B0F, 0x5B19,
+    0x5B1F, 0x5B25, 0x5B2B, 0x5B3D, 0x5B49, 0x5B4B, 0x5B67, 0x5B79,
+    0x5B87, 0x5B97, 0x5BA3, 0x5BB1, 0x5BC9, 0x5BD5, 0x5BEB, 0x5BF1,
+    0x5BF3, 0x5BFD, 0x5C05, 0x5C09, 0x5C0B, 0x5C0F, 0x5C1D, 0x5C29,
+    0x5C2F, 0x5C33, 0x5C39, 0x5C47, 0x5C4B, 0x5C4D, 0x5C51, 0x5C6F,
+    0x5C75, 0x5C77, 0x5C7D, 0x5C87, 0x5C89, 0x5CA7, 0x5CBD, 0x5CBF,
+    0x5CC3, 0x5CC9, 0x5CD1, 0x5CD7, 0x5CDD, 0x5CED, 0x5CF9, 0x5D05,
+    0x5D0B, 0x5D13, 0x5D17, 0x5D19, 0x5D31, 0x5D3D, 0x5D41, 0x5D47,
+    0x5D4F, 0x5D55, 0x5D5B, 0x5D65, 0x5D67, 0x5D6D, 0x5D79, 0x5D95,
+    0x5DA3, 0x5DA9, 0x5DAD, 0x5DB9, 0x5DC1, 0x5DC7, 0x5DD3, 0x5DD7,
+    0x5DDD, 0x5DEB, 0x5DF1, 0x5DFD, 0x5E07, 0x5E0D, 0x5E13, 0x5E1B,
+    0x5E21, 0x5E27, 0x5E2B, 0x5E2D, 0x5E31, 0x5E39, 0x5E45, 0x5E49,
+    0x5E57, 0x5E69, 0x5E73, 0x5E75, 0x5E85, 0x5E8B, 0x5E9F, 0x5EA5,
+    0x5EAF, 0x5EB7, 0x5EBB, 0x5ED9, 0x5EFD, 0x5F09, 0x5F11, 0x5F27,
+    0x5F33, 0x5F35, 0x5F3B, 0x5F47, 0x5F57, 0x5F5D, 0x5F63, 0x5F65,
+    0x5F77, 0x5F7B, 0x5F95, 0x5F99, 0x5FA1, 0x5FB3, 0x5FBD, 0x5FC5,
+    0x5FCF, 0x5FD5, 0x5FE3, 0x5FE7, 0x5FFB, 0x6011, 0x6023, 0x602F,
+    0x6037, 0x6053, 0x605F, 0x6065, 0x606B, 0x6073, 0x6079, 0x6085,
+    0x609D, 0x60AD, 0x60BB, 0x60BF, 0x60CD, 0x60D9, 0x60DF, 0x60E9,
+    0x60F5, 0x6109, 0x610F, 0x6113, 0x611B, 0x612D, 0x6139, 0x614B,
+    0x6155, 0x6157, 0x615B, 0x616F, 0x6179, 0x6187, 0x618B, 0x6191,
+    0x6193, 0x619D, 0x61B5, 0x61C7, 0x61C9, 0x61CD, 0x61E1, 0x61F1,
+    0x61FF, 0x6209, 0x6217, 0x621D, 0x6221, 0x6227, 0x623B, 0x6241,
+    0x624B, 0x6251, 0x6253, 0x625F, 0x6265, 0x6283, 0x628D, 0x6295,
+    0x629B, 0x629F, 0x62A5, 0x62AD, 0x62D5, 0x62D7, 0x62DB, 0x62DD,
+    0x62E9, 0x62FB, 0x62FF, 0x6305, 0x630D, 0x6317, 0x631D, 0x632F,
+    0x6341, 0x6343, 0x634F, 0x635F, 0x6367, 0x636D, 0x6371, 0x6377,
+    0x637D, 0x637F, 0x63B3, 0x63C1, 0x63C5, 0x63D9, 0x63E9, 0x63EB,
+    0x63EF, 0x63F5, 0x6401, 0x6403, 0x6409, 0x6415, 0x6421, 0x6427,
+    0x642B, 0x6439, 0x6443, 0x6449, 0x644F, 0x645D, 0x6467, 0x6475,
+    0x6485, 0x648D, 0x6493, 0x649F, 0x64A3, 0x64AB, 0x64C1, 0x64C7,
+    0x64C9, 0x64DB, 0x64F1, 0x64F7, 0x64F9, 0x650B, 0x6511, 0x6521,
+    0x652F, 0x6539, 0x653F, 0x654B, 0x654D, 0x6553, 0x6557, 0x655F,
+    0x6571, 0x657D, 0x658D, 0x658F, 0x6593, 0x65A1, 0x65A5, 0x65AD,
+    0x65B9, 0x65C5, 0x65E3, 0x65F3, 0x65FB, 0x65FF, 0x6601, 0x6607,
+    0x661D, 0x6629, 0x6631, 0x663B, 0x6641, 0x6647, 0x664D, 0x665B,
+    0x6661, 0x6673, 0x667D, 0x6689, 0x668B, 0x6695, 0x6697, 0x669B,
+    0x66B5, 0x66B9, 0x66C5, 0x66CD, 0x66D1, 0x66E3, 0x66EB, 0x66F5,
+    0x6703, 0x6713, 0x6719, 0x671F, 0x6727, 0x6731, 0x6737, 0x673F,
+    0x6745, 0x6751, 0x675B, 0x676F, 0x6779, 0x6781, 0x6785, 0x6791,
+    0x67AB, 0x67BD, 0x67C1, 0x67CD, 0x67DF, 0x67E5, 0x6803, 0x6809,
+    0x6811, 0x6817, 0x682D, 0x6839, 0x683B, 0x683F, 0x6845, 0x684B,
+    0x684D, 0x6857, 0x6859, 0x685D, 0x6863, 0x6869, 0x686B, 0x6871,
+    0x6887, 0x6899, 0x689F, 0x68B1, 0x68BD, 0x68C5, 0x68D1, 0x68D7,
+    0x68E1, 0x68ED, 0x68EF, 0x68FF, 0x6901, 0x690B, 0x690D, 0x6917,
+    0x6929, 0x692F, 0x6943, 0x6947, 0x6949, 0x694F, 0x6965, 0x696B,
+    0x6971, 0x6983, 0x6989, 0x6997, 0x69A3, 0x69B3, 0x69B5, 0x69BB,
+    0x69C1, 0x69C5, 0x69D3, 0x69DF, 0x69E3, 0x69E5, 0x69F7, 0x6A07,
+    0x6A2B, 0x6A37, 0x6A3D, 0x6A4B, 0x6A67, 0x6A69, 0x6A75, 0x6A7B,
+    0x6A87, 0x6A8D, 0x6A91, 0x6A93, 0x6AA3, 0x6AC1, 0x6AC9, 0x6AE1,
+    0x6AE7, 0x6B05, 0x6B0F, 0x6B11, 0x6B23, 0x6B27, 0x6B2D, 0x6B39,
+    0x6B41, 0x6B57, 0x6B59, 0x6B5F, 0x6B75, 0x6B87, 0x6B89, 0x6B93,
+    0x6B95, 0x6B9F, 0x6BBD, 0x6BBF, 0x6BDB, 0x6BE1, 0x6BEF, 0x6BFF,
+    0x6C05, 0x6C19, 0x6C29, 0x6C2B, 0x6C31, 0x6C35, 0x6C55, 0x6C59,
+    0x6C5B, 0x6C5F, 0x6C65, 0x6C67, 0x6C73, 0x6C77, 0x6C7D, 0x6C83,
+    0x6C8F, 0x6C91, 0x6C97, 0x6C9B, 0x6CA1, 0x6CA9, 0x6CAF, 0x6CB3,
+    0x6CC7, 0x6CCB, 0x6CEB, 0x6CF5, 0x6CFD, 0x6D0D, 0x6D0F, 0x6D25,
+    0x6D27, 0x6D2B, 0x6D31, 0x6D39, 0x6D3F, 0x6D4F, 0x6D5D, 0x6D61,
+    0x6D73, 0x6D7B, 0x6D7F, 0x6D93, 0x6D99, 0x6DA5, 0x6DB1, 0x6DB7,
+    0x6DC1, 0x6DC3, 0x6DCD, 0x6DCF, 0x6DDB, 0x6DF7, 0x6E03, 0x6E15,
+    0x6E17, 0x6E29, 0x6E33, 0x6E3B, 0x6E45, 0x6E75, 0x6E77, 0x6E7B,
+    0x6E81, 0x6E89, 0x6E93, 0x6E95, 0x6E9F, 0x6EBD, 0x6EBF, 0x6EE3,
+    0x6EE9, 0x6EF3, 0x6EF9, 0x6EFB, 0x6F0D, 0x6F11, 0x6F17, 0x6F1F,
+    0x6F2F, 0x6F3D, 0x6F4D, 0x6F53, 0x6F61, 0x6F65, 0x6F79, 0x6F7D,
+    0x6F83, 0x6F85, 0x6F8F, 0x6F9B, 0x6F9D, 0x6FA3, 0x6FAF, 0x6FB5,
+    0x6FBB, 0x6FBF, 0x6FCB, 0x6FCD, 0x6FD3, 0x6FD7, 0x6FE3, 0x6FE9,
+    0x6FF1, 0x6FF5, 0x6FF7, 0x6FFD, 0x700F, 0x7019, 0x701F, 0x7027,
+    0x7033, 0x7039, 0x704F, 0x7051, 0x7057, 0x7063, 0x7075, 0x7079,
+    0x7087, 0x708D, 0x7091, 0x70A5, 0x70AB, 0x70BB, 0x70C3, 0x70C7,
+    0x70CF, 0x70E5, 0x70ED, 0x70F9, 0x70FF, 0x7105, 0x7115, 0x7121,
+    0x7133, 0x7151, 0x7159, 0x715D, 0x715F, 0x7163, 0x7169, 0x7183,
+    0x7187, 0x7195, 0x71AD, 0x71C3, 0x71C9, 0x71CB, 0x71D1, 0x71DB,
+    0x71E1, 0x71EF, 0x71F5, 0x71FB, 0x7207, 0x7211, 0x7217, 0x7219,
+    0x7225, 0x722F, 0x723B, 0x7243, 0x7255, 0x7267, 0x7271, 0x7277,
+    0x727F, 0x728F, 0x7295, 0x729B, 0x72A3, 0x72B3, 0x72C7, 0x72CB,
+    0x72CD, 0x72D7, 0x72D9, 0x72E3, 0x72EF, 0x72F5, 0x72FD, 0x7303,
+    0x730D, 0x7321, 0x732B, 0x733D, 0x7357, 0x735B, 0x7361, 0x737F,
+    0x7381, 0x7385, 0x738D, 0x7393, 0x739F, 0x73AB, 0x73BD, 0x73C1,
+    0x73C9, 0x73DF, 0x73E5, 0x73E7, 0x73F3, 0x7415, 0x741B, 0x742D,
+    0x7439, 0x743F, 0x7441, 0x745D, 0x746B, 0x747B, 0x7489, 0x748D,
+    0x749B, 0x74A7, 0x74AB, 0x74B1, 0x74B7, 0x74B9, 0x74DD, 0x74E1,
+    0x74E7, 0x74FB, 0x7507, 0x751F, 0x7525, 0x753B, 0x753D, 0x754D,
+    0x755F, 0x756B, 0x7577, 0x7589, 0x758B, 0x7591, 0x7597, 0x759D,
+    0x75A1, 0x75A7, 0x75B5, 0x75B9, 0x75BB, 0x75D1, 0x75D9, 0x75E5,
+    0x75EB, 0x75F5, 0x75FB, 0x7603, 0x760F, 0x7621, 0x762D, 0x7633,
+    0x763D, 0x763F, 0x7655, 0x7663, 0x7669, 0x766F, 0x7673, 0x7685,
+    0x768B, 0x769F, 0x76B5, 0x76B7, 0x76C3, 0x76DB, 0x76DF, 0x76F1,
+    0x7703, 0x7705, 0x771B, 0x771D, 0x7721, 0x772D, 0x7735, 0x7741,
+    0x774B, 0x7759, 0x775D, 0x775F, 0x7771, 0x7781, 0x77A7, 0x77AD,
+    0x77B3, 0x77B9, 0x77C5, 0x77CF, 0x77D5, 0x77E1, 0x77E9, 0x77EF,
+    0x77F3, 0x77F9, 0x7807, 0x7825, 0x782B, 0x7835, 0x783D, 0x7853,
+    0x7859, 0x7861, 0x786D, 0x7877, 0x7879, 0x7883, 0x7885, 0x788B,
+    0x7895, 0x7897, 0x78A1, 0x78AD, 0x78BF, 0x78D3, 0x78D9, 0x78DD,
+    0x78E5, 0x78FB, 0x7901, 0x7907, 0x7925, 0x792B, 0x7939, 0x793F,
+    0x794B, 0x7957, 0x795D, 0x7967, 0x7969, 0x7973, 0x7991, 0x7993,
+    0x79A3, 0x79AB, 0x79AF, 0x79B1, 0x79B7, 0x79C9, 0x79CD, 0x79CF,
+    0x79D5, 0x79D9, 0x79F3, 0x79F7, 0x79FF, 0x7A05, 0x7A0F, 0x7A11,
+    0x7A15, 0x7A1B, 0x7A23, 0x7A27, 0x7A2D, 0x7A4B, 0x7A57, 0x7A59,
+    0x7A5F, 0x7A65, 0x7A69, 0x7A7D, 0x7A93, 0x7A9B, 0x7A9F, 0x7AA1,
+    0x7AA5, 0x7AED, 0x7AF5, 0x7AF9, 0x7B01, 0x7B17, 0x7B19, 0x7B1D,
+    0x7B2B, 0x7B35, 0x7B37, 0x7B3B, 0x7B4F, 0x7B55, 0x7B5F, 0x7B71,
+    0x7B77, 0x7B8B, 0x7B9B, 0x7BA1, 0x7BA9, 0x7BAF, 0x7BB3, 0x7BC7,
+    0x7BD3, 0x7BE9, 0x7BEB, 0x7BEF, 0x7BF1, 0x7BFD, 0x7C07, 0x7C19,
+    0x7C1B, 0x7C31, 0x7C37, 0x7C49, 0x7C67, 0x7C69, 0x7C73, 0x7C81,
+    0x7C8B, 0x7C93, 0x7CA3, 0x7CD5, 0x7CDB, 0x7CE5, 0x7CED, 0x7CF7,
+    0x7D03, 0x7D09, 0x7D1B, 0x7D1D, 0x7D33, 0x7D39, 0x7D3B, 0x7D3F,
+    0x7D45, 0x7D4D, 0x7D53, 0x7D59, 0x7D63, 0x7D75, 0x7D77, 0x7D8D,
+    0x7D8F, 0x7D9F, 0x7DAD, 0x7DB7, 0x7DBD, 0x7DBF, 0x7DCB, 0x7DD5,
+    0x7DE9, 0x7DED, 0x7DFB, 0x7E01, 0x7E05, 0x7E29, 0x7E2B, 0x7E2F,
+    0x7E35, 0x7E41, 0x7E43, 0x7E47, 0x7E55, 0x7E61, 0x7E67, 0x7E6B,
+    0x7E71, 0x7E73, 0x7E79, 0x7E7D, 0x7E91, 0x7E9B, 0x7E9D, 0x7EA7,
+    0x7EAD, 0x7EB9, 0x7EBB, 0x7ED3, 0x7EDF, 0x7EEB, 0x7EF1, 0x7EF7,
+    0x7EFB, 0x7F13, 0x7F15, 0x7F19, 0x7F31, 0x7F33, 0x7F39, 0x7F3D,
+    0x7F43, 0x7F4B, 0x7F5B, 0x7F61, 0x7F63, 0x7F6D, 0x7F79, 0x7F87,
+    0x7F8D, 0x7FAF, 0x7FB5, 0x7FC3, 0x7FC9, 0x7FCD, 0x7FCF, 0x7FED,
+    0x8003, 0x800B, 0x800F, 0x8015, 0x801D, 0x8021, 0x8023, 0x803F,
+    0x8041, 0x8047, 0x804B, 0x8065, 0x8077, 0x808D, 0x808F, 0x8095,
+    0x80A5, 0x80AB, 0x80AD, 0x80BD, 0x80C9, 0x80CB, 0x80D7, 0x80DB,
+    0x80E1, 0x80E7, 0x80F5, 0x80FF, 0x8105, 0x810D, 0x8119, 0x811D,
+    0x812F, 0x8131, 0x813B, 0x8143, 0x8153, 0x8159, 0x815F, 0x817D,
+    0x817F, 0x8189, 0x819B, 0x819D, 0x81A7, 0x81AF, 0x81B3, 0x81BB,
+    0x81C7, 0x81DF, 0x8207, 0x8209, 0x8215, 0x821F, 0x8225, 0x8231,
+    0x8233, 0x823F, 0x8243, 0x8245, 0x8249, 0x824F, 0x8261, 0x826F,
+    0x827B, 0x8281, 0x8285, 0x8293, 0x82B1, 0x82B5, 0x82BD, 0x82C7,
+    0x82CF, 0x82D5, 0x82DF, 0x82F1, 0x82F9, 0x82FD, 0x830B, 0x831B,
+    0x8321, 0x8329, 0x832D, 0x8333, 0x8335, 0x833F, 0x8341, 0x834D,
+    0x8351, 0x8353, 0x8357, 0x835D, 0x8365, 0x8369, 0x836F, 0x838F,
+    0x83A7, 0x83B1, 0x83B9, 0x83CB, 0x83D5, 0x83D7, 0x83DD, 0x83E7,
+    0x83E9, 0x83ED, 0x83FF, 0x8405, 0x8411, 0x8413, 0x8423, 0x8425,
+    0x843B, 0x8441, 0x8447, 0x844F, 0x8461, 0x8465, 0x8477, 0x8483,
+    0x848B, 0x8491, 0x8495, 0x84A9, 0x84AF, 0x84CD, 0x84E3, 0x84EF,
+    0x84F1, 0x84F7, 0x8509, 0x850D, 0x854B, 0x854F, 0x8551, 0x855D,
+    0x8563, 0x856D, 0x856F, 0x857B, 0x8587, 0x85A3, 0x85A5, 0x85A9,
+    0x85B7, 0x85CD, 0x85D3, 0x85D5, 0x85DB, 0x85E1, 0x85EB, 0x85F9,
+    0x85FD, 0x85FF, 0x8609, 0x860F, 0x8617, 0x8621, 0x862F, 0x8639,
+    0x863F, 0x8641, 0x864D, 0x8663, 0x8675, 0x867D, 0x8687, 0x8699,
+    0x86A5, 0x86A7, 0x86B3, 0x86B7, 0x86C3, 0x86C5, 0x86CF, 0x86D1,
+    0x86D7, 0x86E9, 0x86EF, 0x86F5, 0x8717, 0x871D, 0x871F, 0x872B,
+    0x872F, 0x8735, 0x8747, 0x8759, 0x875B, 0x876B, 0x8771, 0x8777,
+    0x877F, 0x8785, 0x878F, 0x87A1, 0x87A9, 0x87B3, 0x87BB, 0x87C5,
+    0x87C7, 0x87CB, 0x87DD, 0x87F7, 0x8803, 0x8819, 0x881B, 0x881F,
+    0x8821, 0x8837, 0x883D, 0x8843, 0x8851, 0x8861, 0x8867, 0x887B,
+    0x8885, 0x8891, 0x8893, 0x88A5, 0x88CF, 0x88D3, 0x88EB, 0x88ED,
+    0x88F3, 0x88FD, 0x8909, 0x890B, 0x8911, 0x891B, 0x8923, 0x8927,
+    0x892D, 0x8939, 0x8945, 0x894D, 0x8951, 0x8957, 0x8963, 0x8981,
+    0x8995, 0x899B, 0x89B3, 0x89B9, 0x89C3, 0x89CF, 0x89D1, 0x89DB,
+    0x89EF, 0x89F5, 0x89FB, 0x89FF, 0x8A0B, 0x8A19, 0x8A23, 0x8A35,
+    0x8A41, 0x8A49, 0x8A4F, 0x8A5B, 0x8A5F, 0x8A6D, 0x8A77, 0x8A79,
+    0x8A85, 0x8AA3, 0x8AB3, 0x8AB5, 0x8AC1, 0x8AC7, 0x8ACB, 0x8ACD,
+    0x8AD1, 0x8AD7, 0x8AF1, 0x8AF5, 0x8B07, 0x8B09, 0x8B0D, 0x8B13,
+    0x8B21, 0x8B57, 0x8B5D, 0x8B91, 0x8B93, 0x8BA3, 0x8BA9, 0x8BAF,
+    0x8BBB, 0x8BD5, 0x8BD9, 0x8BDB, 0x8BE1, 0x8BF7, 0x8BFD, 0x8BFF,
+    0x8C0B, 0x8C17, 0x8C1D, 0x8C27, 0x8C39, 0x8C3B, 0x8C47, 0x8C53,
+    0x8C5D, 0x8C6F, 0x8C7B, 0x8C81, 0x8C89, 0x8C8F, 0x8C99, 0x8C9F,
+    0x8CA7, 0x8CAB, 0x8CAD, 0x8CB1, 0x8CC5, 0x8CDD, 0x8CE3, 0x8CE9,
+    0x8CF3, 0x8D01, 0x8D0B, 0x8D0D, 0x8D23, 0x8D29, 0x8D37, 0x8D41,
+    0x8D5B, 0x8D5F, 0x8D71, 0x8D79, 0x8D85, 0x8D91, 0x8D9B, 0x8DA7,
+    0x8DAD, 0x8DB5, 0x8DC5, 0x8DCB, 0x8DD3, 0x8DD9, 0x8DDF, 0x8DF5,
+    0x8DF7, 0x8E01, 0x8E15, 0x8E1F, 0x8E25, 0x8E51, 0x8E63, 0x8E69,
+    0x8E73, 0x8E75, 0x8E79, 0x8E7F, 0x8E8D, 0x8E91, 0x8EAB, 0x8EAF,
+    0x8EB1, 0x8EBD, 0x8EC7, 0x8ECF, 0x8ED3, 0x8EDB, 0x8EE7, 0x8EEB,
+    0x8EF7, 0x8EFF, 0x8F15, 0x8F1D, 0x8F23, 0x8F2D, 0x8F3F, 0x8F45,
+    0x8F4B, 0x8F53, 0x8F59, 0x8F65, 0x8F69, 0x8F71, 0x8F83, 0x8F8D,
+    0x8F99, 0x8F9F, 0x8FAB, 0x8FAD, 0x8FB3, 0x8FB7, 0x8FB9, 0x8FC9,
+    0x8FD5, 0x8FE1, 0x8FEF, 0x8FF9, 0x9007, 0x900D, 0x9017, 0x9023,
+    0x9025, 0x9031, 0x9037, 0x903B, 0x9041, 0x9043, 0x904F, 0x9053,
+    0x906D, 0x9073, 0x9085, 0x908B, 0x9095, 0x909B, 0x909D, 0x90AF,
+    0x90B9, 0x90C1, 0x90C5, 0x90DF, 0x90E9, 0x90FD, 0x9103, 0x9113,
+    0x9127, 0x9133, 0x913D, 0x9145, 0x914F, 0x9151, 0x9161, 0x9167,
+    0x917B, 0x9185, 0x9199, 0x919D, 0x91BB, 0x91BD, 0x91C1, 0x91C9,
+    0x91D9, 0x91DB, 0x91ED, 0x91F1, 0x91F3, 0x91F9, 0x9203, 0x9215,
+    0x9221, 0x922F, 0x9241, 0x9247, 0x9257, 0x926B, 0x9271, 0x9275,
+    0x927D, 0x9283, 0x9287, 0x928D, 0x9299, 0x92A1, 0x92AB, 0x92AD,
+    0x92B9, 0x92BF, 0x92C3, 0x92C5, 0x92CB, 0x92D5, 0x92D7, 0x92E7,
+    0x92F3, 0x9301, 0x930B, 0x9311, 0x9319, 0x931F, 0x933B, 0x933D,
+    0x9343, 0x9355, 0x9373, 0x9395, 0x9397, 0x93A7, 0x93B3, 0x93B5,
+    0x93C7, 0x93D7, 0x93DD, 0x93E5, 0x93EF, 0x93F7, 0x9401, 0x9409,
+    0x9413, 0x943F, 0x9445, 0x944B, 0x944F, 0x9463, 0x9467, 0x9469,
+    0x946D, 0x947B, 0x9497, 0x949F, 0x94A5, 0x94B5, 0x94C3, 0x94E1,
+    0x94E7, 0x9505, 0x9509, 0x9517, 0x9521, 0x9527, 0x952D, 0x9535,
+    0x9539, 0x954B, 0x9557, 0x955D, 0x955F, 0x9575, 0x9581, 0x9589,
+    0x958F, 0x959B, 0x959F, 0x95AD, 0x95B1, 0x95B7, 0x95B9, 0x95BD,
+    0x95CF, 0x95E3, 0x95E9, 0x95F9, 0x961F, 0x962F, 0x9631, 0x9635,
+    0x963B, 0x963D, 0x9665, 0x968F, 0x969D, 0x96A1, 0x96A7, 0x96A9,
+    0x96C1, 0x96CB, 0x96D1, 0x96D3, 0x96E5, 0x96EF, 0x96FB, 0x96FD,
+    0x970D, 0x970F, 0x9715, 0x9725, 0x972B, 0x9733, 0x9737, 0x9739,
+    0x9743, 0x9749, 0x9751, 0x975B, 0x975D, 0x976F, 0x977F, 0x9787,
+    0x9793, 0x97A5, 0x97B1, 0x97B7, 0x97C3, 0x97CD, 0x97D3, 0x97D9,
+    0x97EB, 0x97F7, 0x9805, 0x9809, 0x980B, 0x9815, 0x9829, 0x982F,
+    0x983B, 0x9841, 0x9851, 0x986B, 0x986F, 0x9881, 0x9883, 0x9887,
+    0x98A7, 0x98B1, 0x98B9, 0x98BF, 0x98C3, 0x98C9, 0x98CF, 0x98DD,
+    0x98E3, 0x98F5, 0x98F9, 0x98FB, 0x990D, 0x9917, 0x991F, 0x9929,
+    0x9931, 0x993B, 0x993D, 0x9941, 0x9947, 0x9949, 0x9953, 0x997D,
+    0x9985, 0x9991, 0x9995, 0x999B, 0x99AD, 0x99AF, 0x99BF, 0x99C7,
+    0x99CB, 0x99CD, 0x99D7, 0x99E5, 0x99F1, 0x99FB, 0x9A0F, 0x9A13,
+    0x9A1B, 0x9A25, 0x9A4B, 0x9A4F, 0x9A55, 0x9A57, 0x9A61, 0x9A75,
+    0x9A7F, 0x9A8B, 0x9A91, 0x9A9D, 0x9AB7, 0x9AC3, 0x9AC7, 0x9ACF,
+    0x9AEB, 0x9AF3, 0x9AF7, 0x9AFF, 0x9B17, 0x9B1D, 0x9B27, 0x9B2F,
+    0x9B35, 0x9B45, 0x9B51, 0x9B59, 0x9B63, 0x9B6F, 0x9B77, 0x9B8D,
+    0x9B93, 0x9B95, 0x9B9F, 0x9BA1, 0x9BA7, 0x9BB1, 0x9BB7, 0x9BBD,
+    0x9BC5, 0x9BCB, 0x9BCF, 0x9BDD, 0x9BF9, 0x9C01, 0x9C11, 0x9C23,
+    0x9C2B, 0x9C2F, 0x9C35, 0x9C49, 0x9C4D, 0x9C5F, 0x9C65, 0x9C67,
+    0x9C7F, 0x9C97, 0x9C9D, 0x9CA3, 0x9CAF, 0x9CBB, 0x9CBF, 0x9CC1,
+    0x9CD7, 0x9CD9, 0x9CE3, 0x9CE9, 0x9CF1, 0x9CFD, 0x9D01, 0x9D15,
+    0x9D27, 0x9D2D, 0x9D31, 0x9D3D, 0x9D55, 0x9D5B, 0x9D61, 0x9D97,
+    0x9D9F, 0x9DA5, 0x9DA9, 0x9DC3, 0x9DE7, 0x9DEB, 0x9DED, 0x9DF1,
+    0x9E0B, 0x9E17, 0x9E23, 0x9E27, 0x9E2D, 0x9E33, 0x9E3B, 0x9E47,
+    0x9E51, 0x9E53, 0x9E5F, 0x9E6F, 0x9E81, 0x9E87, 0x9E8F, 0x9E95,
+    0x9EA1, 0x9EB3, 0x9EBD, 0x9EBF, 0x9EF5, 0x9EF9, 0x9EFB, 0x9F05,
+    0x9F23, 0x9F2F, 0x9F37, 0x9F3B, 0x9F43, 0x9F53, 0x9F61, 0x9F6D,
+    0x9F73, 0x9F77, 0x9F7D, 0x9F89, 0x9F8F, 0x9F91, 0x9F95, 0x9FA3,
+    0x9FAF, 0x9FB3, 0x9FC1, 0x9FC7, 0x9FDF, 0x9FE5, 0x9FEB, 0x9FF5,
+    0xA001, 0xA00D, 0xA021, 0xA033, 0xA039, 0xA03F, 0xA04F, 0xA057,
+    0xA05B, 0xA061, 0xA075, 0xA079, 0xA099, 0xA09D, 0xA0AB, 0xA0B5,
+    0xA0B7, 0xA0BD, 0xA0C9, 0xA0D9, 0xA0DB, 0xA0DF, 0xA0E5, 0xA0F1,
+    0xA0F3, 0xA0FD, 0xA105, 0xA10B, 0xA10F, 0xA111, 0xA11B, 0xA129,
+    0xA12F, 0xA135, 0xA141, 0xA153, 0xA175, 0xA17D, 0xA187, 0xA18D,
+    0xA1A5, 0xA1AB, 0xA1AD, 0xA1B7, 0xA1C3, 0xA1C5, 0xA1E3, 0xA1ED,
+    0xA1FB, 0xA207, 0xA213, 0xA223, 0xA229, 0xA22F, 0xA231, 0xA243,
+    0xA247, 0xA24D, 0xA26B, 0xA279, 0xA27D, 0xA283, 0xA289, 0xA28B,
+    0xA291, 0xA295, 0xA29B, 0xA2A9, 0xA2AF, 0xA2B3, 0xA2BB, 0xA2C5,
+    0xA2D1, 0xA2D7, 0xA2F7, 0xA301, 0xA309, 0xA31F, 0xA321, 0xA32B,
+    0xA331, 0xA349, 0xA351, 0xA355, 0xA373, 0xA379, 0xA37B, 0xA387,
+    0xA397, 0xA39F, 0xA3A5, 0xA3A9, 0xA3AF, 0xA3B7, 0xA3C7, 0xA3D5,
+    0xA3DB, 0xA3E1, 0xA3E5, 0xA3E7, 0xA3F1, 0xA3FD, 0xA3FF, 0xA40F,
+    0xA41D, 0xA421, 0xA423, 0xA427, 0xA43B, 0xA44D, 0xA457, 0xA459,
+    0xA463, 0xA469, 0xA475, 0xA493, 0xA49B, 0xA4AD, 0xA4B9, 0xA4C3,
+    0xA4C5, 0xA4CB, 0xA4D1, 0xA4D5, 0xA4E1, 0xA4ED, 0xA4EF, 0xA4F3,
+    0xA4FF, 0xA511, 0xA529, 0xA52B, 0xA535, 0xA53B, 0xA543, 0xA553,
+    0xA55B, 0xA561, 0xA56D, 0xA577, 0xA585, 0xA58B, 0xA597, 0xA59D,
+    0xA5A3, 0xA5A7, 0xA5A9, 0xA5C1, 0xA5C5, 0xA5CB, 0xA5D3, 0xA5D9,
+    0xA5DD, 0xA5DF, 0xA5E3, 0xA5E9, 0xA5F7, 0xA5FB, 0xA603, 0xA60D,
+    0xA625, 0xA63D, 0xA649, 0xA64B, 0xA651, 0xA65D, 0xA673, 0xA691,
+    0xA693, 0xA699, 0xA6AB, 0xA6B5, 0xA6BB, 0xA6C1, 0xA6C9, 0xA6CD,
+    0xA6CF, 0xA6D5, 0xA6DF, 0xA6E7, 0xA6F1, 0xA6F7, 0xA6FF, 0xA70F,
+    0xA715, 0xA723, 0xA729, 0xA72D, 0xA745, 0xA74D, 0xA757, 0xA759,
+    0xA765, 0xA76B, 0xA76F, 0xA793, 0xA795, 0xA7AB, 0xA7B1, 0xA7B9,
+    0xA7BF, 0xA7C9, 0xA7D1, 0xA7D7, 0xA7E3, 0xA7ED, 0xA7FB, 0xA805,
+    0xA80B, 0xA81D, 0xA829, 0xA82B, 0xA837, 0xA83B, 0xA855, 0xA85F,
+    0xA86D, 0xA87D, 0xA88F, 0xA897, 0xA8A9, 0xA8B5, 0xA8C1, 0xA8C7,
+    0xA8D7, 0xA8E5, 0xA8FD, 0xA907, 0xA913, 0xA91B, 0xA931, 0xA937,
+    0xA939, 0xA943, 0xA97F, 0xA985, 0xA987, 0xA98B, 0xA993, 0xA9A3,
+    0xA9B1, 0xA9BB, 0xA9C1, 0xA9D9, 0xA9DF, 0xA9EB, 0xA9FD, 0xAA15,
+    0xAA17, 0xAA35, 0xAA39, 0xAA3B, 0xAA47, 0xAA4D, 0xAA57, 0xAA59,
+    0xAA5D, 0xAA6B, 0xAA71, 0xAA81, 0xAA83, 0xAA8D, 0xAA95, 0xAAAB,
+    0xAABF, 0xAAC5, 0xAAC9, 0xAAE9, 0xAAEF, 0xAB01, 0xAB05, 0xAB07,
+    0xAB0B, 0xAB0D, 0xAB11, 0xAB19, 0xAB4D, 0xAB5B, 0xAB71, 0xAB73,
+    0xAB89, 0xAB9D, 0xABA7, 0xABAF, 0xABB9, 0xABBB, 0xABC1, 0xABC5,
+    0xABD3, 0xABD7, 0xABDD, 0xABF1, 0xABF5, 0xABFB, 0xABFD, 0xAC09,
+    0xAC15, 0xAC1B, 0xAC27, 0xAC37, 0xAC39, 0xAC45, 0xAC4F, 0xAC57,
+    0xAC5B, 0xAC61, 0xAC63, 0xAC7F, 0xAC8B, 0xAC93, 0xAC9D, 0xACA9,
+    0xACAB, 0xACAF, 0xACBD, 0xACD9, 0xACE1, 0xACE7, 0xACEB, 0xACED,
+    0xACF1, 0xACF7, 0xACF9, 0xAD05, 0xAD3F, 0xAD45, 0xAD53, 0xAD5D,
+    0xAD5F, 0xAD65, 0xAD81, 0xADA1, 0xADA5, 0xADC3, 0xADCB, 0xADD1,
+    0xADD5, 0xADDB, 0xADE7, 0xADF3, 0xADF5, 0xADF9, 0xADFF, 0xAE05,
+    0xAE13, 0xAE23, 0xAE2B, 0xAE49, 0xAE4D, 0xAE4F, 0xAE59, 0xAE61,
+    0xAE67, 0xAE6B, 0xAE71, 0xAE8B, 0xAE8F, 0xAE9B, 0xAE9D, 0xAEA7,
+    0xAEB9, 0xAEC5, 0xAED1, 0xAEE3, 0xAEE5, 0xAEE9, 0xAEF5, 0xAEFD,
+    0xAF09, 0xAF13, 0xAF27, 0xAF2B, 0xAF33, 0xAF43, 0xAF4F, 0xAF57,
+    0xAF5D, 0xAF6D, 0xAF75, 0xAF7F, 0xAF8B, 0xAF99, 0xAF9F, 0xAFA3,
+    0xAFAB, 0xAFB7, 0xAFBB, 0xAFCF, 0xAFD5, 0xAFFD, 0xB005, 0xB015,
+    0xB01B, 0xB03F, 0xB041, 0xB047, 0xB04B, 0xB051, 0xB053, 0xB069,
+    0xB07B, 0xB07D, 0xB087, 0xB08D, 0xB0B1, 0xB0BF, 0xB0CB, 0xB0CF,
+    0xB0E1, 0xB0E9, 0xB0ED, 0xB0FB, 0xB105, 0xB107, 0xB111, 0xB119,
+    0xB11D, 0xB11F, 0xB131, 0xB141, 0xB14D, 0xB15B, 0xB165, 0xB173,
+    0xB179, 0xB17F, 0xB1A9, 0xB1B3, 0xB1B9, 0xB1BF, 0xB1D3, 0xB1DD,
+    0xB1E5, 0xB1F1, 0xB1F5, 0xB201, 0xB213, 0xB215, 0xB21F, 0xB22D,
+    0xB23F, 0xB249, 0xB25B, 0xB263, 0xB269, 0xB26D, 0xB27B, 0xB281,
+    0xB28B, 0xB2A9, 0xB2B7, 0xB2BD, 0xB2C3, 0xB2C7, 0xB2D3, 0xB2F9,
+    0xB2FD, 0xB2FF, 0xB303, 0xB309, 0xB311, 0xB31D, 0xB327, 0xB32D,
+    0xB33F, 0xB345, 0xB377, 0xB37D, 0xB381, 0xB387, 0xB393, 0xB39B,
+    0xB3A5, 0xB3C5, 0xB3CB, 0xB3E1, 0xB3E3, 0xB3ED, 0xB3F9, 0xB40B,
+    0xB40D, 0xB413, 0xB417, 0xB435, 0xB43D, 0xB443, 0xB449, 0xB45B,
+    0xB465, 0xB467, 0xB46B, 0xB477, 0xB48B, 0xB495, 0xB49D, 0xB4B5,
+    0xB4BF, 0xB4C1, 0xB4C7, 0xB4DD, 0xB4E3, 0xB4E5, 0xB4F7, 0xB501,
+    0xB50D, 0xB50F, 0xB52D, 0xB53F, 0xB54B, 0xB567, 0xB569, 0xB56F,
+    0xB573, 0xB579, 0xB587, 0xB58D, 0xB599, 0xB5A3, 0xB5AB, 0xB5AF,
+    0xB5BB, 0xB5D5, 0xB5DF, 0xB5E7, 0xB5ED, 0xB5FD, 0xB5FF, 0xB609,
+    0xB61B, 0xB629, 0xB62F, 0xB633, 0xB639, 0xB647, 0xB657, 0xB659,
+    0xB65F, 0xB663, 0xB66F, 0xB683, 0xB687, 0xB69B, 0xB69F, 0xB6A5,
+    0xB6B1, 0xB6B3, 0xB6D7, 0xB6DB, 0xB6E1, 0xB6E3, 0xB6ED, 0xB6EF,
+    0xB705, 0xB70D, 0xB713, 0xB71D, 0xB729, 0xB735, 0xB747, 0xB755,
+    0xB76D, 0xB791, 0xB795, 0xB7A9, 0xB7C1, 0xB7CB, 0xB7D1, 0xB7D3,
+    0xB7EF, 0xB7F5, 0xB807, 0xB80F, 0xB813, 0xB819, 0xB821, 0xB827,
+    0xB82B, 0xB82D, 0xB839, 0xB855, 0xB867, 0xB875, 0xB885, 0xB893,
+    0xB8A5, 0xB8AF, 0xB8B7, 0xB8BD, 0xB8C1, 0xB8C7, 0xB8CD, 0xB8D5,
+    0xB8EB, 0xB8F7, 0xB8F9, 0xB903, 0xB915, 0xB91B, 0xB91D, 0xB92F,
+    0xB939, 0xB93B, 0xB947, 0xB951, 0xB963, 0xB983, 0xB989, 0xB98D,
+    0xB993, 0xB999, 0xB9A1, 0xB9A7, 0xB9AD, 0xB9B7, 0xB9CB, 0xB9D1,
+    0xB9DD, 0xB9E7, 0xB9EF, 0xB9F9, 0xBA07, 0xBA0D, 0xBA17, 0xBA25,
+    0xBA29, 0xBA2B, 0xBA41, 0xBA53, 0xBA55, 0xBA5F, 0xBA61, 0xBA65,
+    0xBA79, 0xBA7D, 0xBA7F, 0xBAA1, 0xBAA3, 0xBAAF, 0xBAB5, 0xBABF,
+    0xBAC1, 0xBACB, 0xBADD, 0xBAE3, 0xBAF1, 0xBAFD, 0xBB09, 0xBB1F,
+    0xBB27, 0xBB2D, 0xBB3D, 0xBB43, 0xBB4B, 0xBB4F, 0xBB5B, 0xBB61,
+    0xBB69, 0xBB6D, 0xBB91, 0xBB97, 0xBB9D, 0xBBB1, 0xBBC9, 0xBBCF,
+    0xBBDB, 0xBBED, 0xBBF7, 0xBBF9, 0xBC03, 0xBC1D, 0xBC23, 0xBC33,
+    0xBC3B, 0xBC41, 0xBC45, 0xBC5D, 0xBC6F, 0xBC77, 0xBC83, 0xBC8F,
+    0xBC99, 0xBCAB, 0xBCB7, 0xBCB9, 0xBCD1, 0xBCD5, 0xBCE1, 0xBCF3,
+    0xBCFF, 0xBD0D, 0xBD17, 0xBD19, 0xBD1D, 0xBD35, 0xBD41, 0xBD4F,
+    0xBD59, 0xBD5F, 0xBD61, 0xBD67, 0xBD6B, 0xBD71, 0xBD8B, 0xBD8F,
+    0xBD95, 0xBD9B, 0xBD9D, 0xBDB3, 0xBDBB, 0xBDCD, 0xBDD1, 0xBDE3,
+    0xBDEB, 0xBDEF, 0xBE07, 0xBE09, 0xBE15, 0xBE21, 0xBE25, 0xBE27,
+    0xBE5B, 0xBE5D, 0xBE6F, 0xBE75, 0xBE79, 0xBE7F, 0xBE8B, 0xBE8D,
+    0xBE93, 0xBE9F, 0xBEA9, 0xBEB1, 0xBEB5, 0xBEB7, 0xBECF, 0xBED9,
+    0xBEDB, 0xBEE5, 0xBEE7, 0xBEF3, 0xBEF9, 0xBF0B, 0xBF33, 0xBF39,
+    0xBF4D, 0xBF5D, 0xBF5F, 0xBF6B, 0xBF71, 0xBF7B, 0xBF87, 0xBF89,
+    0xBF8D, 0xBF93, 0xBFA1, 0xBFAD, 0xBFB9, 0xBFCF, 0xBFD5, 0xBFDD,
+    0xBFE1, 0xBFE3, 0xBFF3, 0xC005, 0xC011, 0xC013, 0xC019, 0xC029,
+    0xC02F, 0xC031, 0xC037, 0xC03B, 0xC047, 0xC065, 0xC06D, 0xC07D,
+    0xC07F, 0xC091, 0xC09B, 0xC0B3, 0xC0B5, 0xC0BB, 0xC0D3, 0xC0D7,
+    0xC0D9, 0xC0EF, 0xC0F1, 0xC101, 0xC103, 0xC109, 0xC115, 0xC119,
+    0xC12B, 0xC133, 0xC137, 0xC145, 0xC149, 0xC15B, 0xC173, 0xC179,
+    0xC17B, 0xC181, 0xC18B, 0xC18D, 0xC197, 0xC1BD, 0xC1C3, 0xC1CD,
+    0xC1DB, 0xC1E1, 0xC1E7, 0xC1FF, 0xC203, 0xC205, 0xC211, 0xC221,
+    0xC22F, 0xC23F, 0xC24B, 0xC24D, 0xC253, 0xC25D, 0xC277, 0xC27B,
+    0xC27D, 0xC289, 0xC28F, 0xC293, 0xC29F, 0xC2A7, 0xC2B3, 0xC2BD,
+    0xC2CF, 0xC2D5, 0xC2E3, 0xC2FF, 0xC301, 0xC307, 0xC311, 0xC313,
+    0xC317, 0xC325, 0xC347, 0xC349, 0xC34F, 0xC365, 0xC367, 0xC371,
+    0xC37F, 0xC383, 0xC385, 0xC395, 0xC39D, 0xC3A7, 0xC3AD, 0xC3B5,
+    0xC3BF, 0xC3C7, 0xC3CB, 0xC3D1, 0xC3D3, 0xC3E3, 0xC3E9, 0xC3EF,
+    0xC401, 0xC41F, 0xC42D, 0xC433, 0xC437, 0xC455, 0xC457, 0xC461,
+    0xC46F, 0xC473, 0xC487, 0xC491, 0xC499, 0xC49D, 0xC4A5, 0xC4B7,
+    0xC4BB, 0xC4C9, 0xC4CF, 0xC4D3, 0xC4EB, 0xC4F1, 0xC4F7, 0xC509,
+    0xC51B, 0xC51D, 0xC541, 0xC547, 0xC551, 0xC55F, 0xC56B, 0xC56F,
+    0xC575, 0xC577, 0xC595, 0xC59B, 0xC59F, 0xC5A1, 0xC5A7, 0xC5C3,
+    0xC5D7, 0xC5DB, 0xC5EF, 0xC5FB, 0xC613, 0xC623, 0xC635, 0xC641,
+    0xC64F, 0xC655, 0xC659, 0xC665, 0xC685, 0xC691, 0xC697, 0xC6A1,
+    0xC6A9, 0xC6B3, 0xC6B9, 0xC6CB, 0xC6CD, 0xC6DD, 0xC6EB, 0xC6F1,
+    0xC707, 0xC70D, 0xC719, 0xC71B, 0xC72D, 0xC731, 0xC739, 0xC757,
+    0xC763, 0xC767, 0xC773, 0xC775, 0xC77F, 0xC7A5, 0xC7BB, 0xC7BD,
+    0xC7C1, 0xC7CF, 0xC7D5, 0xC7E1, 0xC7F9, 0xC7FD, 0xC7FF, 0xC803,
+    0xC811, 0xC81D, 0xC827, 0xC829, 0xC839, 0xC83F, 0xC853, 0xC857,
+    0xC86B, 0xC881, 0xC88D, 0xC88F, 0xC893, 0xC895, 0xC8A1, 0xC8B7,
+    0xC8CF, 0xC8D5, 0xC8DB, 0xC8DD, 0xC8E3, 0xC8E7, 0xC8ED, 0xC8EF,
+    0xC8F9, 0xC905, 0xC911, 0xC917, 0xC919, 0xC91F, 0xC92F, 0xC937,
+    0xC93D, 0xC941, 0xC953, 0xC95F, 0xC96B, 0xC979, 0xC97D, 0xC989,
+    0xC98F, 0xC997, 0xC99D, 0xC9AF, 0xC9B5, 0xC9BF, 0xC9CB, 0xC9D9,
+    0xC9DF, 0xC9E3, 0xC9EB, 0xCA01, 0xCA07, 0xCA09, 0xCA25, 0xCA37,
+    0xCA39, 0xCA4B, 0xCA55, 0xCA5B, 0xCA69, 0xCA73, 0xCA75, 0xCA7F,
+    0xCA8D, 0xCA93, 0xCA9D, 0xCA9F, 0xCAB5, 0xCABB, 0xCAC3, 0xCAC9,
+    0xCAD9, 0xCAE5, 0xCAED, 0xCB03, 0xCB05, 0xCB09, 0xCB17, 0xCB29,
+    0xCB35, 0xCB3B, 0xCB53, 0xCB59, 0xCB63, 0xCB65, 0xCB71, 0xCB87,
+    0xCB99, 0xCB9F, 0xCBB3, 0xCBB9, 0xCBC3, 0xCBD1, 0xCBD5, 0xCBD7,
+    0xCBDD, 0xCBE9, 0xCBFF, 0xCC0D, 0xCC19, 0xCC1D, 0xCC23, 0xCC2B,
+    0xCC41, 0xCC43, 0xCC4D, 0xCC59, 0xCC61, 0xCC89, 0xCC8B, 0xCC91,
+    0xCC9B, 0xCCA3, 0xCCA7, 0xCCD1, 0xCCE5, 0xCCE9, 0xCD09, 0xCD15,
+    0xCD1F, 0xCD25, 0xCD31, 0xCD3D, 0xCD3F, 0xCD49, 0xCD51, 0xCD57,
+    0xCD5B, 0xCD63, 0xCD67, 0xCD81, 0xCD93, 0xCD97, 0xCD9F, 0xCDBB,
+    0xCDC1, 0xCDD3, 0xCDD9, 0xCDE5, 0xCDE7, 0xCDF1, 0xCDF7, 0xCDFD,
+    0xCE0B, 0xCE15, 0xCE21, 0xCE2F, 0xCE47, 0xCE4D, 0xCE51, 0xCE65,
+    0xCE7B, 0xCE7D, 0xCE8F, 0xCE93, 0xCE99, 0xCEA5, 0xCEA7, 0xCEB7,
+    0xCEC9, 0xCED7, 0xCEDD, 0xCEE3, 0xCEE7, 0xCEED, 0xCEF5, 0xCF07,
+    0xCF0B, 0xCF19, 0xCF37, 0xCF3B, 0xCF4D, 0xCF55, 0xCF5F, 0xCF61,
+    0xCF65, 0xCF6D, 0xCF79, 0xCF7D, 0xCF89, 0xCF9B, 0xCF9D, 0xCFA9,
+    0xCFB3, 0xCFB5, 0xCFC5, 0xCFCD, 0xCFD1, 0xCFEF, 0xCFF1, 0xCFF7,
+    0xD013, 0xD015, 0xD01F, 0xD021, 0xD033, 0xD03D, 0xD04B, 0xD04F,
+    0xD069, 0xD06F, 0xD081, 0xD085, 0xD099, 0xD09F, 0xD0A3, 0xD0AB,
+    0xD0BD, 0xD0C1, 0xD0CD, 0xD0E7, 0xD0FF, 0xD103, 0xD117, 0xD12D,
+    0xD12F, 0xD141, 0xD157, 0xD159, 0xD15D, 0xD169, 0xD16B, 0xD171,
+    0xD177, 0xD17D, 0xD181, 0xD187, 0xD195, 0xD199, 0xD1B1, 0xD1BD,
+    0xD1C3, 0xD1D5, 0xD1D7, 0xD1E3, 0xD1FF, 0xD20D, 0xD211, 0xD217,
+    0xD21F, 0xD235, 0xD23B, 0xD247, 0xD259, 0xD261, 0xD265, 0xD279,
+    0xD27F, 0xD283, 0xD289, 0xD28B, 0xD29D, 0xD2A3, 0xD2A7, 0xD2B3,
+    0xD2BF, 0xD2C7, 0xD2E3, 0xD2E9, 0xD2F1, 0xD2FB, 0xD2FD, 0xD315,
+    0xD321, 0xD32B, 0xD343, 0xD34B, 0xD355, 0xD369, 0xD375, 0xD37B,
+    0xD387, 0xD393, 0xD397, 0xD3A5, 0xD3B1, 0xD3C9, 0xD3EB, 0xD3FD,
+    0xD405, 0xD40F, 0xD415, 0xD427, 0xD42F, 0xD433, 0xD43B, 0xD44B,
+    0xD459, 0xD45F, 0xD463, 0xD469, 0xD481, 0xD483, 0xD489, 0xD48D,
+    0xD493, 0xD495, 0xD4A5, 0xD4AB, 0xD4B1, 0xD4C5, 0xD4DD, 0xD4E1,
+    0xD4E3, 0xD4E7, 0xD4F5, 0xD4F9, 0xD50B, 0xD50D, 0xD513, 0xD51F,
+    0xD523, 0xD531, 0xD535, 0xD537, 0xD549, 0xD559, 0xD55F, 0xD565,
+    0xD567, 0xD577, 0xD58B, 0xD591, 0xD597, 0xD5B5, 0xD5B9, 0xD5C1,
+    0xD5C7, 0xD5DF, 0xD5EF, 0xD5F5, 0xD5FB, 0xD603, 0xD60F, 0xD62D,
+    0xD631, 0xD643, 0xD655, 0xD65D, 0xD661, 0xD67B, 0xD685, 0xD687,
+    0xD69D, 0xD6A5, 0xD6AF, 0xD6BD, 0xD6C3, 0xD6C7, 0xD6D9, 0xD6E1,
+    0xD6ED, 0xD709, 0xD70B, 0xD711, 0xD715, 0xD721, 0xD727, 0xD73F,
+    0xD745, 0xD74D, 0xD757, 0xD76B, 0xD77B, 0xD783, 0xD7A1, 0xD7A7,
+    0xD7AD, 0xD7B1, 0xD7B3, 0xD7BD, 0xD7CB, 0xD7D1, 0xD7DB, 0xD7FB,
+    0xD811, 0xD823, 0xD825, 0xD829, 0xD82B, 0xD82F, 0xD837, 0xD84D,
+    0xD855, 0xD867, 0xD873, 0xD88F, 0xD891, 0xD8A1, 0xD8AD, 0xD8BF,
+    0xD8CD, 0xD8D7, 0xD8E9, 0xD8F5, 0xD8FB, 0xD91B, 0xD925, 0xD933,
+    0xD939, 0xD943, 0xD945, 0xD94F, 0xD951, 0xD957, 0xD96D, 0xD96F,
+    0xD973, 0xD979, 0xD981, 0xD98B, 0xD991, 0xD99F, 0xD9A5, 0xD9A9,
+    0xD9B5, 0xD9D3, 0xD9EB, 0xD9F1, 0xD9F7, 0xD9FF, 0xDA05, 0xDA09,
+    0xDA0B, 0xDA0F, 0xDA15, 0xDA1D, 0xDA23, 0xDA29, 0xDA3F, 0xDA51,
+    0xDA59, 0xDA5D, 0xDA5F, 0xDA71, 0xDA77, 0xDA7B, 0xDA7D, 0xDA8D,
+    0xDA9F, 0xDAB3, 0xDABD, 0xDAC3, 0xDAC9, 0xDAE7, 0xDAE9, 0xDAF5,
+    0xDB11, 0xDB17, 0xDB1D, 0xDB23, 0xDB25, 0xDB31, 0xDB3B, 0xDB43,
+    0xDB55, 0xDB67, 0xDB6B, 0xDB73, 0xDB85, 0xDB8F, 0xDB91, 0xDBAD,
+    0xDBAF, 0xDBB9, 0xDBC7, 0xDBCB, 0xDBCD, 0xDBEB, 0xDBF7, 0xDC0D,
+    0xDC27, 0xDC31, 0xDC39, 0xDC3F, 0xDC49, 0xDC51, 0xDC61, 0xDC6F,
+    0xDC75, 0xDC7B, 0xDC85, 0xDC93, 0xDC99, 0xDC9D, 0xDC9F, 0xDCA9,
+    0xDCB5, 0xDCB7, 0xDCBD, 0xDCC7, 0xDCCF, 0xDCD3, 0xDCD5, 0xDCDF,
+    0xDCF9, 0xDD0F, 0xDD15, 0xDD17, 0xDD23, 0xDD35, 0xDD39, 0xDD53,
+    0xDD57, 0xDD5F, 0xDD69, 0xDD6F, 0xDD7D, 0xDD87, 0xDD89, 0xDD9B,
+    0xDDA1, 0xDDAB, 0xDDBF, 0xDDC5, 0xDDCB, 0xDDCF, 0xDDE7, 0xDDE9,
+    0xDDED, 0xDDF5, 0xDDFB, 0xDE0B, 0xDE19, 0xDE29, 0xDE3B, 0xDE3D,
+    0xDE41, 0xDE4D, 0xDE4F, 0xDE59, 0xDE5B, 0xDE61, 0xDE6D, 0xDE77,
+    0xDE7D, 0xDE83, 0xDE97, 0xDE9D, 0xDEA1, 0xDEA7, 0xDECD, 0xDED1,
+    0xDED7, 0xDEE3, 0xDEF1, 0xDEF5, 0xDF01, 0xDF09, 0xDF13, 0xDF1F,
+    0xDF2B, 0xDF33, 0xDF37, 0xDF3D, 0xDF4B, 0xDF55, 0xDF5B, 0xDF67,
+    0xDF69, 0xDF73, 0xDF85, 0xDF87, 0xDF99, 0xDFA3, 0xDFAB, 0xDFB5,
+    0xDFB7, 0xDFC3, 0xDFC7, 0xDFD5, 0xDFF1, 0xDFF3, 0xE003, 0xE005,
+    0xE017, 0xE01D, 0xE027, 0xE02D, 0xE035, 0xE045, 0xE053, 0xE071,
+    0xE07B, 0xE08F, 0xE095, 0xE09F, 0xE0B7, 0xE0B9, 0xE0D5, 0xE0D7,
+    0xE0E3, 0xE0F3, 0xE0F9, 0xE101, 0xE125, 0xE129, 0xE131, 0xE135,
+    0xE143, 0xE14F, 0xE159, 0xE161, 0xE16D, 0xE171, 0xE177, 0xE17F,
+    0xE183, 0xE189, 0xE197, 0xE1AD, 0xE1B5, 0xE1BB, 0xE1BF, 0xE1C1,
+    0xE1CB, 0xE1D1, 0xE1E5, 0xE1EF, 0xE1F7, 0xE1FD, 0xE203, 0xE219,
+    0xE22B, 0xE22D, 0xE23D, 0xE243, 0xE257, 0xE25B, 0xE275, 0xE279,
+    0xE287, 0xE29D, 0xE2AB, 0xE2AF, 0xE2BB, 0xE2C1, 0xE2C9, 0xE2CD,
+    0xE2D3, 0xE2D9, 0xE2F3, 0xE2FD, 0xE2FF, 0xE311, 0xE323, 0xE327,
+    0xE329, 0xE339, 0xE33B, 0xE34D, 0xE351, 0xE357, 0xE35F, 0xE363,
+    0xE369, 0xE375, 0xE377, 0xE37D, 0xE383, 0xE39F, 0xE3C5, 0xE3C9,
+    0xE3D1, 0xE3E1, 0xE3FB, 0xE3FF, 0xE401, 0xE40B, 0xE417, 0xE419,
+    0xE423, 0xE42B, 0xE431, 0xE43B, 0xE447, 0xE449, 0xE453, 0xE455,
+    0xE46D, 0xE471, 0xE48F, 0xE4A9, 0xE4AF, 0xE4B5, 0xE4C7, 0xE4CD,
+    0xE4D3, 0xE4E9, 0xE4EB, 0xE4F5, 0xE507, 0xE521, 0xE525, 0xE537,
+    0xE53F, 0xE545, 0xE54B, 0xE557, 0xE567, 0xE56D, 0xE575, 0xE585,
+    0xE58B, 0xE593, 0xE5A3, 0xE5A5, 0xE5CF, 0xE609, 0xE611, 0xE615,
+    0xE61B, 0xE61D, 0xE621, 0xE629, 0xE639, 0xE63F, 0xE653, 0xE657,
+    0xE663, 0xE66F, 0xE675, 0xE681, 0xE683, 0xE68D, 0xE68F, 0xE695,
+    0xE6AB, 0xE6AD, 0xE6B7, 0xE6BD, 0xE6C5, 0xE6CB, 0xE6D5, 0xE6E3,
+    0xE6E9, 0xE6EF, 0xE6F3, 0xE705, 0xE70D, 0xE717, 0xE71F, 0xE72F,
+    0xE73D, 0xE747, 0xE749, 0xE753, 0xE755, 0xE761, 0xE767, 0xE76B,
+    0xE77F, 0xE789, 0xE791, 0xE7C5, 0xE7CD, 0xE7D7, 0xE7DD, 0xE7DF,
+    0xE7E9, 0xE7F1, 0xE7FB, 0xE801, 0xE807, 0xE80F, 0xE819, 0xE81B,
+    0xE831, 0xE833, 0xE837, 0xE83D, 0xE84B, 0xE84F, 0xE851, 0xE869,
+    0xE875, 0xE879, 0xE893, 0xE8A5, 0xE8A9, 0xE8AF, 0xE8BD, 0xE8DB,
+    0xE8E1, 0xE8E5, 0xE8EB, 0xE8ED, 0xE903, 0xE90B, 0xE90F, 0xE915,
+    0xE917, 0xE92D, 0xE933, 0xE93B, 0xE94B, 0xE951, 0xE95F, 0xE963,
+    0xE969, 0xE97B, 0xE983, 0xE98F, 0xE995, 0xE9A1, 0xE9B9, 0xE9D7,
+    0xE9E7, 0xE9EF, 0xEA11, 0xEA19, 0xEA2F, 0xEA35, 0xEA43, 0xEA4D,
+    0xEA5F, 0xEA6D, 0xEA71, 0xEA7D, 0xEA85, 0xEA89, 0xEAAD, 0xEAB3,
+    0xEAB9, 0xEABB, 0xEAC5, 0xEAC7, 0xEACB, 0xEADF, 0xEAE5, 0xEAEB,
+    0xEAF5, 0xEB01, 0xEB07, 0xEB09, 0xEB31, 0xEB39, 0xEB3F, 0xEB5B,
+    0xEB61, 0xEB63, 0xEB6F, 0xEB81, 0xEB85, 0xEB9D, 0xEBAB, 0xEBB1,
+    0xEBB7, 0xEBC1, 0xEBD5, 0xEBDF, 0xEBED, 0xEBFD, 0xEC0B, 0xEC1B,
+    0xEC21, 0xEC29, 0xEC4D, 0xEC51, 0xEC5D, 0xEC69, 0xEC6F, 0xEC7B,
+    0xECAD, 0xECB9, 0xECBF, 0xECC3, 0xECC9, 0xECCF, 0xECD7, 0xECDD,
+    0xECE7, 0xECE9, 0xECF3, 0xECF5, 0xED07, 0xED11, 0xED1F, 0xED2F,
+    0xED37, 0xED3D, 0xED41, 0xED55, 0xED59, 0xED5B, 0xED65, 0xED6B,
+    0xED79, 0xED8B, 0xED95, 0xEDBB, 0xEDC5, 0xEDD7, 0xEDD9, 0xEDE3,
+    0xEDE5, 0xEDF1, 0xEDF5, 0xEDF7, 0xEDFB, 0xEE09, 0xEE0F, 0xEE19,
+    0xEE21, 0xEE49, 0xEE4F, 0xEE63, 0xEE67, 0xEE73, 0xEE7B, 0xEE81,
+    0xEEA3, 0xEEAB, 0xEEC1, 0xEEC9, 0xEED5, 0xEEDF, 0xEEE1, 0xEEF1,
+    0xEF1B, 0xEF27, 0xEF2F, 0xEF45, 0xEF4D, 0xEF63, 0xEF6B, 0xEF71,
+    0xEF93, 0xEF95, 0xEF9B, 0xEF9F, 0xEFAD, 0xEFB3, 0xEFC3, 0xEFC5,
+    0xEFDB, 0xEFE1, 0xEFE9, 0xF001, 0xF017, 0xF01D, 0xF01F, 0xF02B,
+    0xF02F, 0xF035, 0xF043, 0xF047, 0xF04F, 0xF067, 0xF06B, 0xF071,
+    0xF077, 0xF079, 0xF08F, 0xF0A3, 0xF0A9, 0xF0AD, 0xF0BB, 0xF0BF,
+    0xF0C5, 0xF0CB, 0xF0D3, 0xF0D9, 0xF0E3, 0xF0E9, 0xF0F1, 0xF0F7,
+    0xF107, 0xF115, 0xF11B, 0xF121, 0xF137, 0xF13D, 0xF155, 0xF175,
+    0xF17B, 0xF18D, 0xF193, 0xF1A5, 0xF1AF, 0xF1B7, 0xF1D5, 0xF1E7,
+    0xF1ED, 0xF1FD, 0xF209, 0xF20F, 0xF21B, 0xF21D, 0xF223, 0xF227,
+    0xF233, 0xF23B, 0xF241, 0xF257, 0xF25F, 0xF265, 0xF269, 0xF277,
+    0xF281, 0xF293, 0xF2A7, 0xF2B1, 0xF2B3, 0xF2B9, 0xF2BD, 0xF2BF,
+    0xF2DB, 0xF2ED, 0xF2EF, 0xF2F9, 0xF2FF, 0xF305, 0xF30B, 0xF319,
+    0xF341, 0xF359, 0xF35B, 0xF35F, 0xF367, 0xF373, 0xF377, 0xF38B,
+    0xF38F, 0xF3AF, 0xF3C1, 0xF3D1, 0xF3D7, 0xF3FB, 0xF403, 0xF409,
+    0xF40D, 0xF413, 0xF421, 0xF425, 0xF42B, 0xF445, 0xF44B, 0xF455,
+    0xF463, 0xF475, 0xF47F, 0xF485, 0xF48B, 0xF499, 0xF4A3, 0xF4A9,
+    0xF4AF, 0xF4BD, 0xF4C3, 0xF4DB, 0xF4DF, 0xF4ED, 0xF503, 0xF50B,
+    0xF517, 0xF521, 0xF529, 0xF535, 0xF547, 0xF551, 0xF563, 0xF56B,
+    0xF583, 0xF58D, 0xF595, 0xF599, 0xF5B1, 0xF5B7, 0xF5C9, 0xF5CF,
+    0xF5D1, 0xF5DB, 0xF5F9, 0xF5FB, 0xF605, 0xF607, 0xF60B, 0xF60D,
+    0xF635, 0xF637, 0xF653, 0xF65B, 0xF661, 0xF667, 0xF679, 0xF67F,
+    0xF689, 0xF697, 0xF69B, 0xF6AD, 0xF6CB, 0xF6DD, 0xF6DF, 0xF6EB,
+    0xF709, 0xF70F, 0xF72D, 0xF731, 0xF743, 0xF74F, 0xF751, 0xF755,
+    0xF763, 0xF769, 0xF773, 0xF779, 0xF781, 0xF787, 0xF791, 0xF79D,
+    0xF79F, 0xF7A5, 0xF7B1, 0xF7BB, 0xF7BD, 0xF7CF, 0xF7D3, 0xF7E7,
+    0xF7EB, 0xF7F1, 0xF7FF, 0xF805, 0xF80B, 0xF821, 0xF827, 0xF82D,
+    0xF835, 0xF847, 0xF859, 0xF863, 0xF865, 0xF86F, 0xF871, 0xF877,
+    0xF87B, 0xF881, 0xF88D, 0xF89F, 0xF8A1, 0xF8AB, 0xF8B3, 0xF8B7,
+    0xF8C9, 0xF8CB, 0xF8D1, 0xF8D7, 0xF8DD, 0xF8E7, 0xF8EF, 0xF8F9,
+    0xF8FF, 0xF911, 0xF91D, 0xF925, 0xF931, 0xF937, 0xF93B, 0xF941,
+    0xF94F, 0xF95F, 0xF961, 0xF96D, 0xF971, 0xF977, 0xF99D, 0xF9A3,
+    0xF9A9, 0xF9B9, 0xF9CD, 0xF9E9, 0xF9FD, 0xFA07, 0xFA0D, 0xFA13,
+    0xFA21, 0xFA25, 0xFA3F, 0xFA43, 0xFA51, 0xFA5B, 0xFA6D, 0xFA7B,
+    0xFA97, 0xFA99, 0xFA9D, 0xFAAB, 0xFABB, 0xFABD, 0xFAD9, 0xFADF,
+    0xFAE7, 0xFAED, 0xFB0F, 0xFB17, 0xFB1B, 0xFB2D, 0xFB2F, 0xFB3F,
+    0xFB47, 0xFB4D, 0xFB75, 0xFB7D, 0xFB8F, 0xFB93, 0xFBB1, 0xFBB7,
+    0xFBC3, 0xFBC5, 0xFBE3, 0xFBE9, 0xFBF3, 0xFC01, 0xFC29, 0xFC37,
+    0xFC41, 0xFC43, 0xFC4F, 0xFC59, 0xFC61, 0xFC65, 0xFC6D, 0xFC73,
+    0xFC79, 0xFC95, 0xFC97, 0xFC9B, 0xFCA7, 0xFCB5, 0xFCC5, 0xFCCD,
+    0xFCEB, 0xFCFB, 0xFD0D, 0xFD0F, 0xFD19, 0xFD2B, 0xFD31, 0xFD51,
+    0xFD55, 0xFD67, 0xFD6D, 0xFD6F, 0xFD7B, 0xFD85, 0xFD97, 0xFD99,
+    0xFD9F, 0xFDA9, 0xFDB7, 0xFDC9, 0xFDE5, 0xFDEB, 0xFDF3, 0xFE03,
+    0xFE05, 0xFE09, 0xFE1D, 0xFE27, 0xFE2F, 0xFE41, 0xFE4B, 0xFE4D,
+    0xFE57, 0xFE5F, 0xFE63, 0xFE69, 0xFE75, 0xFE7B, 0xFE8F, 0xFE93,
+    0xFE95, 0xFE9B, 0xFE9F, 0xFEB3, 0xFEBD, 0xFED7, 0xFEE9, 0xFEF3,
+    0xFEF5, 0xFF07, 0xFF0D, 0xFF1D, 0xFF2B, 0xFF2F, 0xFF49, 0xFF4D,
+    0xFF5B, 0xFF65, 0xFF71, 0xFF7F, 0xFF85, 0xFF8B, 0xFF8F, 0xFF9D,
+    0xFFA7, 0xFFA9, 0xFFC7, 0xFFD9, 0xFFEF, 0xFFF1,
+#endif
+};
diff --git a/nss/lib/freebl/mpi/stats b/nss/lib/freebl/mpi/stats
new file mode 100755
index 0000000..a5deb94
--- /dev/null
+++ b/nss/lib/freebl/mpi/stats
@@ -0,0 +1,39 @@
+#!/usr/bin/perl
+
+#
+# Treat each line as a sequence of comma and/or space delimited
+# floating point numbers, and compute basic statistics on them.
+# These are written to standard output
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$min = 1.7976931348623157E+308;
+$max = 2.2250738585072014E-308;
+$sum = $num = 0;
+
+while(<>) {
+    chomp;
+
+    @nums = split(/[\s,]+/, $_);
+    next if($#nums < 0);
+
+    $num += scalar @nums;
+    foreach (@nums) {
+	$min = $_ if($_ < $min);
+	$max = $_ if($_ > $max);
+	$sum += $_;
+    }
+}
+
+if($num) {
+    $avg = $sum / $num;
+} else {
+    $min = $max = 0;
+}
+
+printf "%d\tmin=%.2f, avg=%.2f, max=%.2f, sum=%.2f\n",
+    $num, $min, $avg, $max, $sum;
+
+# end
diff --git a/nss/lib/freebl/mpi/target.mk b/nss/lib/freebl/mpi/target.mk
new file mode 100644
index 0000000..dd74564
--- /dev/null
+++ b/nss/lib/freebl/mpi/target.mk
@@ -0,0 +1,233 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+##
+## Define CFLAGS to contain any local options your compiler
+## setup requires.
+##
+## Conditional compilation options are no longer here; see
+## the file 'mpi-config.h' instead.
+##
+MPICMN = -I. -DMP_API_COMPATIBLE -DMP_IOFUNC
+CFLAGS= -O $(MPICMN)
+#CFLAGS=-ansi -fullwarn -woff 1521 -O3 $(MPICMN)
+#CFLAGS=-ansi -pedantic -Wall -O3 $(MPICMN)
+#CFLAGS=-ansi -pedantic -Wall -g -O2 -DMP_DEBUG=1 $(MPICMN)
+
+ifeq ($(TARGET),mipsIRIX)
+#IRIX
+#MPICMN += -DMP_MONT_USE_MP_MUL 
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+MPICMN += -DMP_USE_UINT_DIGIT
+#MPICMN += -DMP_NO_MP_WORD
+AS_OBJS = mpi_mips.o
+#ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 -exceptions
+ASFLAGS = -O -OPT:Olimit=4000 -dollar -fullwarn -xansi -n32 -mips3 
+#CFLAGS=-ansi -n32 -O3 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
+CFLAGS=-ansi -n32 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
+#CFLAGS=-ansi -n32 -g -fullwarn -woff 1429 -D_SGI_SOURCE $(MPICMN)
+#CFLAGS=-ansi -64 -O2 -fullwarn -woff 1429 -D_SGI_SOURCE -DMP_NO_MP_WORD \
+ $(MPICMN)
+endif
+
+ifeq ($(TARGET),alphaOSF1)
+#Alpha/OSF1
+MPICMN += -DMP_ASSEMBLY_MULTIPLY
+AS_OBJS+= mpvalpha.o
+#CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT $(MPICMN)
+CFLAGS= -O -Olimit 4000 -ieee_with_inexact -std1 -DOSF1 -D_REENTRANT \
+ -DMP_NO_MP_WORD $(MPICMN)
+endif
+
+ifeq ($(TARGET),v9SOLARIS)
+#Solaris 64
+SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xchip=ultra -xarch=v9a -KPIC -mt
+#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v9a -KPIC -mt
+SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v9a -KPIC -mt 
+AS_OBJS += montmulfv9.o 
+AS_OBJS += mpi_sparc.o mpv_sparcv9.o
+MPICMN += -DMP_USE_UINT_DIGIT 
+#MPICMN += -DMP_NO_MP_WORD 
+MPICMN += -DMP_ASSEMBLY_MULTIPLY 
+MPICMN += -DMP_USING_MONT_MULF
+CFLAGS= -O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN)
+#CFLAGS= -g -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_8 -xarch=v9 -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),v8plusSOLARIS)
+#Solaris 32
+SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8plusa -KPIC -mt
+SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt 
+AS_OBJS += montmulfv8.o 
+AS_OBJS += mpi_sparc.o mpv_sparcv8.o
+#AS_OBJS = montmulf.o
+MPICMN += -DMP_ASSEMBLY_MULTIPLY 
+MPICMN += -DMP_USING_MONT_MULF 
+MPICMN += -DMP_USE_UINT_DIGIT
+MPICMN += -DMP_NO_MP_WORD
+CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_6 -xarch=v8plus -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),v8SOLARIS)
+#Solaris 32
+#SOLARIS_FPU_FLAGS = -fast -xO5 -xrestrict=%all -xdepend -xchip=ultra -xarch=v8 -KPIC -mt
+#SOLARIS_ASM_FLAGS = -xchip=ultra -xarch=v8plusa -KPIC -mt 
+#AS_OBJS = montmulfv8.o mpi_sparc.o mpv_sparcv8.o
+#AS_OBJS = montmulf.o
+#MPICMN += -DMP_USING_MONT_MULF
+#MPICMN += -DMP_ASSEMBLY_MULTIPLY 
+MPICMN += -DMP_USE_LONG_LONG_MULTIPLY -DMP_USE_UINT_DIGIT
+MPICMN += -DMP_NO_MP_WORD
+CFLAGS=-O -KPIC -DSVR4 -DSYSV -D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT \
+ -DSOLARIS2_6 -xarch=v8 -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),ia64HPUX)
+#HPUX 32 on ia64  -- 64 bit digits SCREAM.
+# This one is for DD32 which is the 32-bit ABI with 64-bit registers.
+CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+#CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD32 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+endif
+
+ifeq ($(TARGET),ia64HPUX64)
+#HPUX 32 on ia64
+# This one is for DD64 which is the 64-bit ABI 
+CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Aa +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +p +DD64 -DHPUX11 -DXP_UNIX -Wl,+k $(MPICMN)
+endif
+
+ifeq ($(TARGET),PA2.0WHPUX)
+#HPUX64 (HP PA 2.0 Wide) using MAXPY and 64-bit digits
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+AS_OBJS = mpi_hp.o hpma512.o hppa20.o 
+CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +O3 +DChpux -DHPUX11  -DXP_UNIX \
+ $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0W +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
+ $(MPICMN)
+AS = $(CC) $(CFLAGS) -c
+endif
+
+ifeq ($(TARGET),PA2.0NHPUX)
+#HPUX32 (HP PA 2.0 Narrow) hybrid model, using 32-bit digits
+# This one is for DA2.0 (N) which is the 32-bit ABI with 64-bit registers.
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+AS_OBJS = mpi_hp.o hpma512.o hppa20.o 
+CFLAGS= +O3 -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
+ -Wl,+k $(MPICMN)
+#CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE -Aa +e -z +DA2.0 +DS2.0 +DChpux -DHPUX11  -DXP_UNIX \
+ -Wl,+k $(MPICMN)
+AS = $(CC) $(CFLAGS) -c
+endif
+
+ifeq ($(TARGET),PA1.1HPUX)
+#HPUX32 (HP PA 1.1) Pure 32 bit
+MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD
+#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY
+CFLAGS= -O -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+ -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN)
+##CFLAGS= -g -DHPUX10 -D_POSIX_C_SOURCE=199506L -Ae +Z -DHPUX -Dhppa \
+# -D_HPUX_SOURCE +DAportable +DS1.1 -DHPUX11 -DXP_UNIX $(MPICMN)
+endif
+
+ifeq ($(TARGET),32AIX)
+#
+CC = xlC_r
+MPICMN += -DMP_USE_UINT_DIGIT
+MPICMN += -DMP_NO_DIV_WORD
+#MPICMN += -DMP_NO_MUL_WORD
+MPICMN += -DMP_NO_ADD_WORD
+MPICMN += -DMP_NO_SUB_WORD
+#MPICMN += -DMP_NO_MP_WORD
+#MPICMN += -DMP_USE_LONG_LONG_MULTIPLY
+CFLAGS = -O -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG  $(MPICMN)
+#CFLAGS = -g -DAIX -DSYSV -qarch=com -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG  $(MPICMN)
+#CFLAGS += -pg
+endif
+
+ifeq ($(TARGET),64AIX)
+#
+CC = xlC_r
+MPICMN += -DMP_USE_UINT_DIGIT
+CFLAGS = -O -O2 -DAIX -DSYSV -qarch=com -DAIX_64BIT -DAIX4_3 -DXP_UNIX -UDEBUG -DNDEBUG $(MPICMN)
+OBJECT_MODE=64
+export OBJECT_MODE
+endif
+
+ifeq ($(TARGET),x86LINUX)
+#Linux
+AS_OBJS = mpi_x86.o
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+MPICMN += -DMP_MONT_USE_MP_MUL -DMP_IS_LITTLE_ENDIAN
+CFLAGS= -O2 -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
+ -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
+ -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN)
+#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
+ -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
+ -DXP_UNIX -DDEBUG -UNDEBUG -D_REENTRANT $(MPICMN)
+#CFLAGS= -g -fPIC -DLINUX1_2 -Di386 -D_XOPEN_SOURCE -DLINUX2_1 -ansi -Wall \
+ -pipe -DLINUX -Dlinux -D_POSIX_SOURCE -D_BSD_SOURCE -DHAVE_STRERROR \
+ -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT $(MPICMN)
+endif
+
+ifeq ($(TARGET),armLINUX)
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE
+MPICMN += -DMP_USE_UINT_DIGIT 
+AS_OBJS += mpi_arm.o
+endif
+
+ifeq ($(TARGET),AMD64SOLARIS)
+ASFLAGS += -xarch=generic64
+AS_OBJS = mpi_amd64.o mpi_amd64_sun.o
+MP_CONFIG = -DMP_ASSEMBLY_MULTIPLY -DMPI_AMD64
+MP_CONFIG += -DMP_IS_LITTLE_ENDIAN
+CFLAGS = -xarch=generic64 -xO4 -I. -DMP_API_COMPATIBLE -DMP_IOFUNC $(MP_CONFIG)
+MPICMN += $(MP_CONFIG)
+
+mpi_amd64_asm.o: mpi_amd64_sun.s
+	$(AS) -xarch=generic64 -P -D_ASM mpi_amd64_sun.s
+endif
+
+ifeq ($(TARGET),WIN32)
+ifeq ($(CPU_ARCH),x86_64)
+AS_OBJS = mpi_amd64.obj mpi_amd64_masm.obj mp_comba_amd64_masm.asm
+CFLAGS  = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
+CFLAGS += -DWIN32 -DWIN64 -D_WINDOWS -D_AMD_64_ -D_M_AMD64 -DWIN95 -DXP_PC
+CFLAGS += $(MPICMN)
+
+$(AS_OBJS): %.obj : %.asm
+	ml64 -Cp -Sn -Zi -coff -nologo -c $<
+
+$(LIBOBJS): %.obj : %.c 
+	cl $(CFLAGS) -Fo$@ -c $<
+else
+AS_OBJS = mpi_x86.obj
+MPICMN += -DMP_ASSEMBLY_MULTIPLY -DMP_ASSEMBLY_SQUARE -DMP_ASSEMBLY_DIV_2DX1D
+MPICMN += -DMP_USE_UINT_DIGIT -DMP_NO_MP_WORD -DMP_API_COMPATIBLE 
+MPICMN += -DMP_MONT_USE_MP_MUL 
+MPICMN += -DMP_CHAR_STORE_SLOW -DMP_IS_LITTLE_ENDIAN
+CFLAGS  = -Od -Z7 -MDd -W3 -nologo -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USER)
+CFLAGS += -DWIN32 -D_WINDOWS -D_X86_ -DWIN95 -DXP_PC
+CFLAGS += $(MPICMN)
+
+$(AS_OBJS): %.obj : %.asm
+	ml -Cp -Sn -Zi -coff -nologo -c $<
+
+$(LIBOBJS): %.obj : %.c 
+	cl $(CFLAGS) -Fo$@ -c $<
+
+endif
+endif
diff --git a/nss/lib/freebl/mpi/test-arrays.txt b/nss/lib/freebl/mpi/test-arrays.txt
new file mode 100644
index 0000000..6c8908c
--- /dev/null
+++ b/nss/lib/freebl/mpi/test-arrays.txt
@@ -0,0 +1,55 @@
+#
+# Test suite table for MPI library
+#
+# Format of entries:
+# suite-name:function-name:description
+#
+# suite-name	The name used to identify this test in mpi-test
+# function-name	The function called to perform this test in mpi-test.c
+# description   A brief description of what the suite tests
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+list:test_list:print out a list of the available test suites
+copy:test_copy:test assignment of mp-int structures
+exchange:test_exch:test exchange of mp-int structures
+zero:test_zero:test zeroing of an mp-int
+set:test_set:test setting an mp-int to a small constant
+absolute-value:test_abs:test the absolute value function
+negate:test_neg:test the arithmetic negation function
+add-digit:test_add_d:test digit addition
+add:test_add:test full addition
+subtract-digit:test_sub_d:test digit subtraction
+subtract:test_sub:test full subtraction
+multiply-digit:test_mul_d:test digit multiplication
+multiply:test_mul:test full multiplication
+square:test_sqr:test full squaring function
+divide-digit:test_div_d:test digit division
+divide-2:test_div_2:test division by two
+divide-2d:test_div_2d:test division & remainder by 2^d
+divide:test_div:test full division
+expt-digit:test_expt_d:test digit exponentiation
+expt:test_expt:test full exponentiation
+expt-2:test_2expt:test power-of-two exponentiation
+modulo-digit:test_mod_d:test digit modular reduction
+modulo:test_mod:test full modular reduction
+mod-add:test_addmod:test modular addition
+mod-subtract:test_submod:test modular subtraction
+mod-multiply:test_mulmod:test modular multiplication
+mod-square:test_sqrmod:test modular squaring function
+mod-expt:test_exptmod:test full modular exponentiation
+mod-expt-digit:test_exptmod_d:test digit modular exponentiation
+mod-inverse:test_invmod:test modular inverse function
+compare-digit:test_cmp_d:test digit comparison function
+compare-zero:test_cmp_z:test zero comparison function
+compare:test_cmp:test general signed comparison
+compare-magnitude:test_cmp_mag:test general magnitude comparison
+parity:test_parity:test parity comparison functions
+gcd:test_gcd:test greatest common divisor functions
+lcm:test_lcm:test least common multiple function
+conversion:test_convert:test general radix conversion facilities
+binary:test_raw:test raw output format
+pprime:test_pprime:test probabilistic primality tester
+fermat:test_fermat:test Fermat pseudoprimality tester
diff --git a/nss/lib/freebl/mpi/test-info.c b/nss/lib/freebl/mpi/test-info.c
new file mode 100644
index 0000000..6c6c4ce
--- /dev/null
+++ b/nss/lib/freebl/mpi/test-info.c
@@ -0,0 +1,160 @@
+/*
+ *  test-info.c
+ *
+ *  Arbitrary precision integer arithmetic library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Table mapping test suite names to index numbers */
+const int g_count = 42;
+const char *g_names[] = {
+    "list",              /* print out a list of the available test suites */
+    "copy",              /* test assignment of mp-int structures          */
+    "exchange",          /* test exchange of mp-int structures            */
+    "zero",              /* test zeroing of an mp-int                     */
+    "set",               /* test setting an mp-int to a small constant    */
+    "absolute-value",    /* test the absolute value function              */
+    "negate",            /* test the arithmetic negation function         */
+    "add-digit",         /* test digit addition                           */
+    "add",               /* test full addition                            */
+    "subtract-digit",    /* test digit subtraction                        */
+    "subtract",          /* test full subtraction                         */
+    "multiply-digit",    /* test digit multiplication                     */
+    "multiply",          /* test full multiplication                      */
+    "square",            /* test full squaring function                   */
+    "divide-digit",      /* test digit division                           */
+    "divide-2",          /* test division by two                          */
+    "divide-2d",         /* test division & remainder by 2^d              */
+    "divide",            /* test full division                            */
+    "expt-digit",        /* test digit exponentiation                     */
+    "expt",              /* test full exponentiation                      */
+    "expt-2",            /* test power-of-two exponentiation              */
+    "square-root",       /* test integer square root function             */
+    "modulo-digit",      /* test digit modular reduction                  */
+    "modulo",            /* test full modular reduction                   */
+    "mod-add",           /* test modular addition                         */
+    "mod-subtract",      /* test modular subtraction                      */
+    "mod-multiply",      /* test modular multiplication                   */
+    "mod-square",        /* test modular squaring function                */
+    "mod-expt",          /* test full modular exponentiation              */
+    "mod-expt-digit",    /* test digit modular exponentiation             */
+    "mod-inverse",       /* test modular inverse function                 */
+    "compare-digit",     /* test digit comparison function                */
+    "compare-zero",      /* test zero comparison function                 */
+    "compare",           /* test general signed comparison                */
+    "compare-magnitude", /* test general magnitude comparison             */
+    "parity",            /* test parity comparison functions              */
+    "gcd",               /* test greatest common divisor functions        */
+    "lcm",               /* test least common multiple function           */
+    "conversion",        /* test general radix conversion facilities      */
+    "binary",            /* test raw output format                        */
+    "pprime",            /* test probabilistic primality tester           */
+    "fermat"             /* test Fermat pseudoprimality tester            */
+};
+
+/* Test function prototypes */
+int test_list(void);
+int test_copy(void);
+int test_exch(void);
+int test_zero(void);
+int test_set(void);
+int test_abs(void);
+int test_neg(void);
+int test_add_d(void);
+int test_add(void);
+int test_sub_d(void);
+int test_sub(void);
+int test_mul_d(void);
+int test_mul(void);
+int test_sqr(void);
+int test_div_d(void);
+int test_div_2(void);
+int test_div_2d(void);
+int test_div(void);
+int test_expt_d(void);
+int test_expt(void);
+int test_2expt(void);
+int test_sqrt(void);
+int test_mod_d(void);
+int test_mod(void);
+int test_addmod(void);
+int test_submod(void);
+int test_mulmod(void);
+int test_sqrmod(void);
+int test_exptmod(void);
+int test_exptmod_d(void);
+int test_invmod(void);
+int test_cmp_d(void);
+int test_cmp_z(void);
+int test_cmp(void);
+int test_cmp_mag(void);
+int test_parity(void);
+int test_gcd(void);
+int test_lcm(void);
+int test_convert(void);
+int test_raw(void);
+int test_pprime(void);
+int test_fermat(void);
+
+/* Table mapping index numbers to functions */
+int (*g_tests[])(void) = {
+    test_list, test_copy, test_exch, test_zero,
+    test_set, test_abs, test_neg, test_add_d,
+    test_add, test_sub_d, test_sub, test_mul_d,
+    test_mul, test_sqr, test_div_d, test_div_2,
+    test_div_2d, test_div, test_expt_d, test_expt,
+    test_2expt, test_sqrt, test_mod_d, test_mod,
+    test_addmod, test_submod, test_mulmod, test_sqrmod,
+    test_exptmod, test_exptmod_d, test_invmod, test_cmp_d,
+    test_cmp_z, test_cmp, test_cmp_mag, test_parity,
+    test_gcd, test_lcm, test_convert, test_raw,
+    test_pprime, test_fermat
+};
+
+/* Table mapping index numbers to descriptions */
+const char *g_descs[] = {
+    "print out a list of the available test suites",
+    "test assignment of mp-int structures",
+    "test exchange of mp-int structures",
+    "test zeroing of an mp-int",
+    "test setting an mp-int to a small constant",
+    "test the absolute value function",
+    "test the arithmetic negation function",
+    "test digit addition",
+    "test full addition",
+    "test digit subtraction",
+    "test full subtraction",
+    "test digit multiplication",
+    "test full multiplication",
+    "test full squaring function",
+    "test digit division",
+    "test division by two",
+    "test division & remainder by 2^d",
+    "test full division",
+    "test digit exponentiation",
+    "test full exponentiation",
+    "test power-of-two exponentiation",
+    "test integer square root function",
+    "test digit modular reduction",
+    "test full modular reduction",
+    "test modular addition",
+    "test modular subtraction",
+    "test modular multiplication",
+    "test modular squaring function",
+    "test full modular exponentiation",
+    "test digit modular exponentiation",
+    "test modular inverse function",
+    "test digit comparison function",
+    "test zero comparison function",
+    "test general signed comparison",
+    "test general magnitude comparison",
+    "test parity comparison functions",
+    "test greatest common divisor functions",
+    "test least common multiple function",
+    "test general radix conversion facilities",
+    "test raw output format",
+    "test probabilistic primality tester",
+    "test Fermat pseudoprimality tester"
+};
diff --git a/nss/lib/freebl/mpi/tests/LICENSE b/nss/lib/freebl/mpi/tests/LICENSE
new file mode 100644
index 0000000..c2c5d01
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/LICENSE
@@ -0,0 +1,6 @@
+Within this directory, each of the file listed below is licensed under 
+the terms given in the file LICENSE-MPL, also in this directory.
+
+pi1k.txt
+pi2k.txt
+pi5k.txt
diff --git a/nss/lib/freebl/mpi/tests/LICENSE-MPL b/nss/lib/freebl/mpi/tests/LICENSE-MPL
new file mode 100644
index 0000000..41dc232
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/LICENSE-MPL
@@ -0,0 +1,3 @@
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/tests/mptest-1.c b/nss/lib/freebl/mpi/tests/mptest-1.c
new file mode 100644
index 0000000..4491346
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-1.c
@@ -0,0 +1,43 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 1: Simple input test (drives single-digit multiply and add,
+ *         as well as I/O routines)
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#ifdef MAC_CW_SIOUX
+#include <console.h>
+#endif
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    int ix;
+    mp_int mp;
+
+#ifdef MAC_CW_SIOUX
+    argc = ccommand(&argv);
+#endif
+
+    mp_init(&mp);
+
+    for (ix = 1; ix < argc; ix++) {
+        mp_read_radix(&mp, argv[ix], 10);
+        mp_print(&mp, stdout);
+        fputc('\n', stdout);
+    }
+
+    mp_clear(&mp);
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-2.c b/nss/lib/freebl/mpi/tests/mptest-2.c
new file mode 100644
index 0000000..1505e6a
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-2.c
@@ -0,0 +1,62 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 2: Basic addition and subtraction test
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a, b, c;
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+        return 1;
+    }
+
+    printf("Test 2: Basic addition and subtraction\n\n");
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, argv[1], 10);
+    mp_read_radix(&b, argv[2], 10);
+    printf("a = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+
+    mp_init(&c);
+    printf("c = a + b\n");
+
+    mp_add(&a, &b, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("c = a - b\n");
+
+    mp_sub(&a, &b, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mp_clear(&c);
+    mp_clear(&b);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-3.c b/nss/lib/freebl/mpi/tests/mptest-3.c
new file mode 100644
index 0000000..86fb246
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-3.c
@@ -0,0 +1,105 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 3: Multiplication, division, and exponentiation test
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include <time.h>
+
+#include "mpi.h"
+
+#define EXPT 0 /* define nonzero to get exponentiate test */
+
+int
+main(int argc, char *argv[])
+{
+    int ix;
+    mp_int a, b, c, d;
+    mp_digit r;
+    mp_err res;
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+        return 1;
+    }
+
+    printf("Test 3: Multiplication and division\n\n");
+    srand(time(NULL));
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_variable_radix(&a, argv[1], 10);
+    mp_read_variable_radix(&b, argv[2], 10);
+    printf("a = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+
+    mp_init(&c);
+    printf("\nc = a * b\n");
+
+    mp_mul(&a, &b, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("\nc = b * 32523\n");
+
+    mp_mul_d(&b, 32523, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mp_init(&d);
+    printf("\nc = a / b, d = a mod b\n");
+
+    mp_div(&a, &b, &c, &d);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    printf("d = ");
+    mp_print(&d, stdout);
+    fputc('\n', stdout);
+
+    ix = rand() % 256;
+    printf("\nc = a / %d, r = a mod %d\n", ix, ix);
+    mp_div_d(&a, (mp_digit)ix, &c, &r);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    printf("r = %04X\n", r);
+
+#if EXPT
+    printf("\nc = a ** b\n");
+    mp_expt(&a, &b, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+#endif
+
+    ix = rand() % 256;
+    printf("\nc = 2^%d\n", ix);
+    mp_2expt(&c, ix);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mp_clear(&d);
+    mp_clear(&c);
+    mp_clear(&b);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-3a.c b/nss/lib/freebl/mpi/tests/mptest-3a.c
new file mode 100644
index 0000000..c6cea70
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-3a.c
@@ -0,0 +1,123 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 3a: Multiplication vs. squaring timing test
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include <time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+int
+main(int argc, char *argv[])
+{
+    int ix, num, prec = 8;
+    double d1, d2;
+    clock_t start, finish;
+    time_t seed;
+    mp_int a, c, d;
+
+    seed = time(NULL);
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
+        return 1;
+    }
+
+    if ((num = atoi(argv[1])) < 0)
+        num = -num;
+
+    if (!num) {
+        fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+        return 1;
+    }
+
+    if (argc > 2) {
+        if ((prec = atoi(argv[2])) <= 0)
+            prec = 8;
+        else
+            prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+    }
+
+    printf("Test 3a: Multiplication vs squaring timing test\n"
+           "Precision:  %d digits (%u bits)\n"
+           "# of tests: %d\n\n",
+           prec, prec * DIGIT_BIT, num);
+
+    mp_init_size(&a, prec);
+
+    mp_init(&c);
+    mp_init(&d);
+
+    printf("Verifying accuracy ... \n");
+    srand((unsigned int)seed);
+    for (ix = 0; ix < num; ix++) {
+        mpp_random_size(&a, prec);
+        mp_mul(&a, &a, &c);
+        mp_sqr(&a, &d);
+
+        if (mp_cmp(&c, &d) != 0) {
+            printf("Error!  Results not accurate:\n");
+            printf("a = ");
+            mp_print(&a, stdout);
+            fputc('\n', stdout);
+            printf("c = ");
+            mp_print(&c, stdout);
+            fputc('\n', stdout);
+            printf("d = ");
+            mp_print(&d, stdout);
+            fputc('\n', stdout);
+            mp_sub(&c, &d, &d);
+            printf("dif ");
+            mp_print(&d, stdout);
+            fputc('\n', stdout);
+            mp_clear(&c);
+            mp_clear(&d);
+            mp_clear(&a);
+            return 1;
+        }
+    }
+    printf("Accuracy is confirmed for the %d test samples\n", num);
+    mp_clear(&d);
+
+    printf("Testing squaring ... \n");
+    srand((unsigned int)seed);
+    start = clock();
+    for (ix = 0; ix < num; ix++) {
+        mpp_random_size(&a, prec);
+        mp_sqr(&a, &c);
+    }
+    finish = clock();
+
+    d2 = (double)(finish - start) / CLOCKS_PER_SEC;
+
+    printf("Testing multiplication ... \n");
+    srand((unsigned int)seed);
+    start = clock();
+    for (ix = 0; ix < num; ix++) {
+        mpp_random(&a);
+        mp_mul(&a, &a, &c);
+    }
+    finish = clock();
+
+    d1 = (double)(finish - start) / CLOCKS_PER_SEC;
+
+    printf("Multiplication time: %.3f sec (%.3f each)\n", d1, d1 / num);
+    printf("Squaring time:       %.3f sec (%.3f each)\n", d2, d2 / num);
+    printf("Improvement:         %.2f%%\n", (1.0 - (d2 / d1)) * 100.0);
+
+    mp_clear(&c);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-4.c b/nss/lib/freebl/mpi/tests/mptest-4.c
new file mode 100644
index 0000000..0f326ac
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-4.c
@@ -0,0 +1,111 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 4: Modular arithmetic tests
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    int ix;
+    mp_int a, b, c, m;
+    mp_digit r;
+
+    if (argc < 4) {
+        fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
+        return 1;
+    }
+
+    printf("Test 4: Modular arithmetic\n\n");
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+
+    mp_read_radix(&a, argv[1], 10);
+    mp_read_radix(&b, argv[2], 10);
+    mp_read_radix(&m, argv[3], 10);
+    printf("a = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+    printf("m = ");
+    mp_print(&m, stdout);
+    fputc('\n', stdout);
+
+    mp_init(&c);
+    printf("\nc = a (mod m)\n");
+
+    mp_mod(&a, &m, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("\nc = b (mod m)\n");
+
+    mp_mod(&b, &m, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("\nc = b (mod 1853)\n");
+
+    mp_mod_d(&b, 1853, &r);
+    printf("c = %04X\n", r);
+
+    printf("\nc = (a + b) mod m\n");
+
+    mp_addmod(&a, &b, &m, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("\nc = (a - b) mod m\n");
+
+    mp_submod(&a, &b, &m, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("\nc = (a * b) mod m\n");
+
+    mp_mulmod(&a, &b, &m, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("\nc = (a ** b) mod m\n");
+
+    mp_exptmod(&a, &b, &m, &c);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    printf("\nIn-place modular squaring test:\n");
+    for (ix = 0; ix < 5; ix++) {
+        printf("a = (a * a) mod m   a = ");
+        mp_sqrmod(&a, &m, &a);
+        mp_print(&a, stdout);
+        fputc('\n', stdout);
+    }
+
+    mp_clear(&c);
+    mp_clear(&m);
+    mp_clear(&b);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-4a.c b/nss/lib/freebl/mpi/tests/mptest-4a.c
new file mode 100644
index 0000000..0c8e188
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-4a.c
@@ -0,0 +1,109 @@
+/*
+ *  mptest4a - modular exponentiation speed test
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include <sys/time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+typedef struct {
+    unsigned int sec;
+    unsigned int usec;
+} instant_t;
+
+instant_t
+now(void)
+{
+    struct timeval clk;
+    instant_t res;
+
+    res.sec = res.usec = 0;
+
+    if (gettimeofday(&clk, NULL) != 0)
+        return res;
+
+    res.sec = clk.tv_sec;
+    res.usec = clk.tv_usec;
+
+    return res;
+}
+
+extern mp_err s_mp_pad();
+
+int
+main(int argc, char *argv[])
+{
+    int ix, num, prec = 8;
+    unsigned int d;
+    instant_t start, finish;
+    time_t seed;
+    mp_int a, m, c;
+
+    seed = time(NULL);
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <num-tests> [<precision>]\n", argv[0]);
+        return 1;
+    }
+
+    if ((num = atoi(argv[1])) < 0)
+        num = -num;
+
+    if (!num) {
+        fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+        return 1;
+    }
+
+    if (argc > 2) {
+        if ((prec = atoi(argv[2])) <= 0)
+            prec = 8;
+    }
+
+    printf("Test 3a: Modular exponentiation timing test\n"
+           "Precision:  %d digits (%d bits)\n"
+           "# of tests: %d\n\n",
+           prec, prec * DIGIT_BIT, num);
+
+    mp_init_size(&a, prec);
+    mp_init_size(&m, prec);
+    mp_init_size(&c, prec);
+    s_mp_pad(&a, prec);
+    s_mp_pad(&m, prec);
+    s_mp_pad(&c, prec);
+
+    printf("Testing modular exponentiation ... \n");
+    srand((unsigned int)seed);
+
+    start = now();
+    for (ix = 0; ix < num; ix++) {
+        mpp_random(&a);
+        mpp_random(&c);
+        mpp_random(&m);
+        mp_exptmod(&a, &c, &m, &c);
+    }
+    finish = now();
+
+    d = (finish.sec - start.sec) * 1000000;
+    d -= start.usec;
+    d += finish.usec;
+
+    printf("Total time elapsed:        %u usec\n", d);
+    printf("Time per exponentiation:   %u usec (%.3f sec)\n",
+           (d / num), (double)(d / num) / 1000000);
+
+    mp_clear(&c);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-4b.c b/nss/lib/freebl/mpi/tests/mptest-4b.c
new file mode 100644
index 0000000..1bb2f91
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-4b.c
@@ -0,0 +1,107 @@
+/*
+ * mptest-4b.c
+ *
+ * Test speed of a large modular exponentiation of a primitive element
+ * modulo a prime.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include <sys/time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+char *g_prime =
+    "34BD53C07350E817CCD49721020F1754527959C421C1533244769D4CF060A8B1C3DA"
+    "25094BE723FB1E2369B55FEEBBE0FAC16425161BF82684062B5EC5D7D47D1B23C117"
+    "0FA19745E44A55E148314E582EB813AC9EE5126295E2E380CACC2F6D206B293E5ED9"
+    "23B54EE961A8C69CD625CE4EC38B70C649D7F014432AEF3A1C93";
+char *g_gen = "5";
+
+typedef struct {
+    unsigned int sec;
+    unsigned int usec;
+} instant_t;
+
+instant_t
+now(void)
+{
+    struct timeval clk;
+    instant_t res;
+
+    res.sec = res.usec = 0;
+
+    if (gettimeofday(&clk, NULL) != 0)
+        return res;
+
+    res.sec = clk.tv_sec;
+    res.usec = clk.tv_usec;
+
+    return res;
+}
+
+extern mp_err s_mp_pad();
+
+int
+main(int argc, char *argv[])
+{
+    instant_t start, finish;
+    mp_int prime, gen, expt, res;
+    unsigned int ix, diff;
+    int num;
+
+    srand(time(NULL));
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
+        return 1;
+    }
+
+    if ((num = atoi(argv[1])) < 0)
+        num = -num;
+
+    if (num == 0)
+        ++num;
+
+    mp_init(&prime);
+    mp_init(&gen);
+    mp_init(&res);
+    mp_read_radix(&prime, g_prime, 16);
+    mp_read_radix(&gen, g_gen, 16);
+
+    mp_init_size(&expt, USED(&prime) - 1);
+    s_mp_pad(&expt, USED(&prime) - 1);
+
+    printf("Testing %d modular exponentations ... \n", num);
+
+    start = now();
+    for (ix = 0; ix < num; ix++) {
+        mpp_random(&expt);
+        mp_exptmod(&gen, &expt, &prime, &res);
+    }
+    finish = now();
+
+    diff = (finish.sec - start.sec) * 1000000;
+    diff += finish.usec;
+    diff -= start.usec;
+
+    printf("%d operations took %u usec (%.3f sec)\n",
+           num, diff, (double)diff / 1000000.0);
+    printf("That is %.3f sec per operation.\n",
+           ((double)diff / 1000000.0) / num);
+
+    mp_clear(&expt);
+    mp_clear(&res);
+    mp_clear(&gen);
+    mp_clear(&prime);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-5.c b/nss/lib/freebl/mpi/tests/mptest-5.c
new file mode 100644
index 0000000..dff3ed4
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-5.c
@@ -0,0 +1,85 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 5: Other number theoretic functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a, b, c, x, y;
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+        return 1;
+    }
+
+    printf("Test 5: Number theoretic functions\n\n");
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, argv[1], 10);
+    mp_read_radix(&b, argv[2], 10);
+
+    printf("a = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+
+    mp_init(&c);
+    printf("\nc = (a, b)\n");
+
+    mp_gcd(&a, &b, &c);
+    printf("Euclid: c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    /*
+      mp_bgcd(&a, &b, &c);
+      printf("Binary: c = "); mp_print(&c, stdout); fputc('\n', stdout);
+    */
+    mp_init(&x);
+    mp_init(&y);
+    printf("\nc = (a, b) = ax + by\n");
+
+    mp_xgcd(&a, &b, &c, &x, &y);
+    printf("c = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    printf("x = ");
+    mp_print(&x, stdout);
+    fputc('\n', stdout);
+    printf("y = ");
+    mp_print(&y, stdout);
+    fputc('\n', stdout);
+
+    printf("\nc = a^-1 (mod b)\n");
+    if (mp_invmod(&a, &b, &c) == MP_UNDEF) {
+        printf("a has no inverse mod b\n");
+    } else {
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+    }
+
+    mp_clear(&y);
+    mp_clear(&x);
+    mp_clear(&c);
+    mp_clear(&b);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-5a.c b/nss/lib/freebl/mpi/tests/mptest-5a.c
new file mode 100644
index 0000000..c410a6a
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-5a.c
@@ -0,0 +1,147 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test 5a: Greatest common divisor speed test, binary vs. Euclid
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#include <sys/time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+typedef struct {
+    unsigned int sec;
+    unsigned int usec;
+} instant_t;
+
+instant_t
+now(void)
+{
+    struct timeval clk;
+    instant_t res;
+
+    res.sec = res.usec = 0;
+
+    if (gettimeofday(&clk, NULL) != 0)
+        return res;
+
+    res.sec = clk.tv_sec;
+    res.usec = clk.tv_usec;
+
+    return res;
+}
+
+#define PRECISION 16
+
+int
+main(int argc, char *argv[])
+{
+    int ix, num, prec = PRECISION;
+    mp_int a, b, c, d;
+    instant_t start, finish;
+    time_t seed;
+    unsigned int d1, d2;
+
+    seed = time(NULL);
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <num-tests>\n", argv[0]);
+        return 1;
+    }
+
+    if ((num = atoi(argv[1])) < 0)
+        num = -num;
+
+    printf("Test 5a: Euclid vs. Binary, a GCD speed test\n\n"
+           "Number of tests: %d\n"
+           "Precision:       %d digits\n\n",
+           num, prec);
+
+    mp_init_size(&a, prec);
+    mp_init_size(&b, prec);
+    mp_init(&c);
+    mp_init(&d);
+
+    printf("Verifying accuracy ... \n");
+    srand((unsigned int)seed);
+    for (ix = 0; ix < num; ix++) {
+        mpp_random_size(&a, prec);
+        mpp_random_size(&b, prec);
+
+        mp_gcd(&a, &b, &c);
+        mp_bgcd(&a, &b, &d);
+
+        if (mp_cmp(&c, &d) != 0) {
+            printf("Error!  Results not accurate:\n");
+            printf("a = ");
+            mp_print(&a, stdout);
+            fputc('\n', stdout);
+            printf("b = ");
+            mp_print(&b, stdout);
+            fputc('\n', stdout);
+            printf("c = ");
+            mp_print(&c, stdout);
+            fputc('\n', stdout);
+            printf("d = ");
+            mp_print(&d, stdout);
+            fputc('\n', stdout);
+
+            mp_clear(&a);
+            mp_clear(&b);
+            mp_clear(&c);
+            mp_clear(&d);
+            return 1;
+        }
+    }
+    mp_clear(&d);
+    printf("Accuracy confirmed for the %d test samples\n", num);
+
+    printf("Testing Euclid ... \n");
+    srand((unsigned int)seed);
+    start = now();
+    for (ix = 0; ix < num; ix++) {
+        mpp_random_size(&a, prec);
+        mpp_random_size(&b, prec);
+        mp_gcd(&a, &b, &c);
+    }
+    finish = now();
+
+    d1 = (finish.sec - start.sec) * 1000000;
+    d1 -= start.usec;
+    d1 += finish.usec;
+
+    printf("Testing binary ... \n");
+    srand((unsigned int)seed);
+    start = now();
+    for (ix = 0; ix < num; ix++) {
+        mpp_random_size(&a, prec);
+        mpp_random_size(&b, prec);
+        mp_bgcd(&a, &b, &c);
+    }
+    finish = now();
+
+    d2 = (finish.sec - start.sec) * 1000000;
+    d2 -= start.usec;
+    d2 += finish.usec;
+
+    printf("Euclidean algorithm time: %u usec\n", d1);
+    printf("Binary algorithm time:    %u usec\n", d2);
+    printf("Improvement:              %.2f%%\n",
+           (1.0 - ((double)d2 / (double)d1)) * 100.0);
+
+    mp_clear(&c);
+    mp_clear(&b);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-6.c b/nss/lib/freebl/mpi/tests/mptest-6.c
new file mode 100644
index 0000000..4febf39
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-6.c
@@ -0,0 +1,78 @@
+/*
+ *  Simple test driver for MPI library
+ *
+ *  Test 6: Output functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mpi.h"
+
+void
+print_buf(FILE *ofp, char *buf, int len)
+{
+    int ix, brk = 0;
+
+    for (ix = 0; ix < len; ix++) {
+        fprintf(ofp, "%02X ", buf[ix]);
+
+        brk = (brk + 1) & 0xF;
+        if (!brk)
+            fputc('\n', ofp);
+    }
+
+    if (brk)
+        fputc('\n', ofp);
+}
+
+int
+main(int argc, char *argv[])
+{
+    int ix, size;
+    mp_int a;
+    char *buf;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+        return 1;
+    }
+
+    printf("Test 6: Output functions\n\n");
+
+    mp_init(&a);
+
+    mp_read_radix(&a, argv[1], 10);
+
+    printf("\nConverting to a string:\n");
+
+    printf("Rx Size Representation\n");
+    for (ix = 2; ix <= MAX_RADIX; ix++) {
+        size = mp_radix_size(&a, ix);
+
+        buf = calloc(size, sizeof(char));
+        mp_toradix(&a, buf, ix);
+        printf("%2d: %3d: %s\n", ix, size, buf);
+        free(buf);
+    }
+
+    printf("\nRaw output:\n");
+    size = mp_raw_size(&a);
+    buf = calloc(size, sizeof(char));
+
+    printf("Size:  %d bytes\n", size);
+
+    mp_toraw(&a, buf);
+    print_buf(stdout, buf, size);
+    free(buf);
+
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-7.c b/nss/lib/freebl/mpi/tests/mptest-7.c
new file mode 100644
index 0000000..1e83fbf
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-7.c
@@ -0,0 +1,85 @@
+/*
+ *  Simple test driver for MPI library
+ *
+ *  Test 7: Random and divisibility tests
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#define MP_IOFUNC 1
+#include "mpi.h"
+
+#include "mpprime.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_digit num;
+    mp_int a, b;
+
+    srand(time(NULL));
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+        return 1;
+    }
+
+    printf("Test 7: Random & divisibility tests\n\n");
+
+    mp_init(&a);
+    mp_init(&b);
+
+    mp_read_radix(&a, argv[1], 10);
+    mp_read_radix(&b, argv[2], 10);
+
+    printf("a = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+
+    if (mpp_divis(&a, &b) == MP_YES)
+        printf("a is divisible by b\n");
+    else
+        printf("a is not divisible by b\n");
+
+    if (mpp_divis(&b, &a) == MP_YES)
+        printf("b is divisible by a\n");
+    else
+        printf("b is not divisible by a\n");
+
+    printf("\nb = mpp_random()\n");
+    mpp_random(&b);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+    mpp_random(&b);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+    mpp_random(&b);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+
+    printf("\nTesting a for divisibility by first 170 primes\n");
+    num = 170;
+    if (mpp_divis_primes(&a, &num) == MP_YES)
+        printf("It is divisible by at least one of them\n");
+    else
+        printf("It is not divisible by any of them\n");
+
+    mp_clear(&b);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-8.c b/nss/lib/freebl/mpi/tests/mptest-8.c
new file mode 100644
index 0000000..a9d3aff
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-8.c
@@ -0,0 +1,68 @@
+/*
+ *  Simple test driver for MPI library
+ *
+ *  Test 8: Probabilistic primality tester
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#define MP_IOFUNC 1
+#include "mpi.h"
+
+#include "mpprime.h"
+
+int
+main(int argc, char *argv[])
+{
+    int ix;
+    mp_digit num;
+    mp_int a;
+
+    srand(time(NULL));
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+        return 1;
+    }
+
+    printf("Test 8: Probabilistic primality testing\n\n");
+
+    mp_init(&a);
+
+    mp_read_radix(&a, argv[1], 10);
+
+    printf("a = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+
+    printf("\nChecking for divisibility by small primes ... \n");
+    num = 170;
+    if (mpp_divis_primes(&a, &num) == MP_YES) {
+        printf("it is not prime\n");
+        goto CLEANUP;
+    }
+    printf("Passed that test (not divisible by any small primes).\n");
+
+    for (ix = 0; ix < 10; ix++) {
+        printf("\nPerforming Rabin-Miller test, iteration %d\n", ix + 1);
+
+        if (mpp_pprime(&a, 5) == MP_NO) {
+            printf("it is not prime\n");
+            goto CLEANUP;
+        }
+    }
+    printf("All tests passed; a is probably prime\n");
+
+CLEANUP:
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-9.c b/nss/lib/freebl/mpi/tests/mptest-9.c
new file mode 100644
index 0000000..133264e
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-9.c
@@ -0,0 +1,109 @@
+/*
+ *    mptest-9.c
+ *
+ *   Test logical functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mplogic.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a, b, c;
+    int pco;
+    mp_err res;
+
+    printf("Test 9: Logical functions\n\n");
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <b>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&c);
+    mp_read_radix(&a, argv[1], 16);
+    mp_read_radix(&b, argv[2], 16);
+
+    printf("a       = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+    printf("b       = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+
+    mpl_not(&a, &c);
+    printf("~a      = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mpl_and(&a, &b, &c);
+    printf("a & b   = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mpl_or(&a, &b, &c);
+    printf("a | b   = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mpl_xor(&a, &b, &c);
+    printf("a ^ b   = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mpl_rsh(&a, &c, 1);
+    printf("a >>  1 = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    mpl_rsh(&a, &c, 5);
+    printf("a >>  5 = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    mpl_rsh(&a, &c, 16);
+    printf("a >> 16 = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mpl_lsh(&a, &c, 1);
+    printf("a <<  1 = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    mpl_lsh(&a, &c, 5);
+    printf("a <<  5 = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+    mpl_lsh(&a, &c, 16);
+    printf("a << 16 = ");
+    mp_print(&c, stdout);
+    fputc('\n', stdout);
+
+    mpl_num_set(&a, &pco);
+    printf("population(a) = %d\n", pco);
+    mpl_num_set(&b, &pco);
+    printf("population(b) = %d\n", pco);
+
+    res = mpl_parity(&a);
+    if (res == MP_EVEN)
+        printf("a has even parity\n");
+    else
+        printf("a has odd parity\n");
+
+    mp_clear(&c);
+    mp_clear(&b);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/mptest-b.c b/nss/lib/freebl/mpi/tests/mptest-b.c
new file mode 100644
index 0000000..07f30ea
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/mptest-b.c
@@ -0,0 +1,230 @@
+/*
+ * Simple test driver for MPI library
+ *
+ * Test GF2m: Binary Polynomial Arithmetic
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <limits.h>
+
+#include "mp_gf2m.h"
+
+int
+main(int argc, char *argv[])
+{
+    int ix;
+    mp_int pp, a, b, x, y, order;
+    mp_int c, d, e;
+    mp_digit r;
+    mp_err res;
+    unsigned int p[] = { 163, 7, 6, 3, 0 };
+    unsigned int ptemp[10];
+
+    printf("Test b: Binary Polynomial Arithmetic\n\n");
+
+    mp_init(&pp);
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&x);
+    mp_init(&y);
+    mp_init(&order);
+
+    mp_read_radix(&pp, "0800000000000000000000000000000000000000C9", 16);
+    mp_read_radix(&a, "1", 16);
+    mp_read_radix(&b, "020A601907B8C953CA1481EB10512F78744A3205FD", 16);
+    mp_read_radix(&x, "03F0EBA16286A2D57EA0991168D4994637E8343E36", 16);
+    mp_read_radix(&y, "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1", 16);
+    mp_read_radix(&order, "040000000000000000000292FE77E70C12A4234C33", 16);
+    printf("pp = ");
+    mp_print(&pp, stdout);
+    fputc('\n', stdout);
+    printf("a = ");
+    mp_print(&a, stdout);
+    fputc('\n', stdout);
+    printf("b = ");
+    mp_print(&b, stdout);
+    fputc('\n', stdout);
+    printf("x = ");
+    mp_print(&x, stdout);
+    fputc('\n', stdout);
+    printf("y = ");
+    mp_print(&y, stdout);
+    fputc('\n', stdout);
+    printf("order = ");
+    mp_print(&order, stdout);
+    fputc('\n', stdout);
+
+    mp_init(&c);
+    mp_init(&d);
+    mp_init(&e);
+
+    /* Test polynomial conversion */
+    ix = mp_bpoly2arr(&pp, ptemp, 10);
+    if (
+        (ix != 5) ||
+        (ptemp[0] != p[0]) ||
+        (ptemp[1] != p[1]) ||
+        (ptemp[2] != p[2]) ||
+        (ptemp[3] != p[3]) ||
+        (ptemp[4] != p[4])) {
+        printf("Polynomial to array conversion not correct\n");
+        return -1;
+    }
+
+    printf("Polynomial conversion test #1 successful.\n");
+    MP_CHECKOK(mp_barr2poly(p, &c));
+    if (mp_cmp(&pp, &c) != 0) {
+        printf("Array to polynomial conversion not correct\n");
+        return -1;
+    }
+    printf("Polynomial conversion test #2 successful.\n");
+
+    /* Test addition */
+    MP_CHECKOK(mp_badd(&a, &a, &c));
+    if (mp_cmp_z(&c) != 0) {
+        printf("a+a should equal zero\n");
+        return -1;
+    }
+    printf("Addition test #1 successful.\n");
+    MP_CHECKOK(mp_badd(&a, &b, &c));
+    MP_CHECKOK(mp_badd(&b, &c, &c));
+    if (mp_cmp(&c, &a) != 0) {
+        printf("c = (a + b) + b should equal a\n");
+        printf("a = ");
+        mp_print(&a, stdout);
+        fputc('\n', stdout);
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Addition test #2 successful.\n");
+
+    /* Test multiplication */
+    mp_set(&c, 2);
+    MP_CHECKOK(mp_bmul(&b, &c, &c));
+    MP_CHECKOK(mp_badd(&b, &c, &c));
+    mp_set(&d, 3);
+    MP_CHECKOK(mp_bmul(&b, &d, &d));
+    if (mp_cmp(&c, &d) != 0) {
+        printf("c = (2 * b) + b should equal c = 3 * b\n");
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        printf("d = ");
+        mp_print(&d, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Multiplication test #1 successful.\n");
+
+    /* Test modular reduction */
+    MP_CHECKOK(mp_bmod(&b, p, &c));
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = b mod p should equal b\n");
+        printf("b = ");
+        mp_print(&b, stdout);
+        fputc('\n', stdout);
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular reduction test #1 successful.\n");
+    MP_CHECKOK(mp_badd(&b, &pp, &c));
+    MP_CHECKOK(mp_bmod(&c, p, &c));
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = (b + p) mod p should equal b\n");
+        printf("b = ");
+        mp_print(&b, stdout);
+        fputc('\n', stdout);
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular reduction test #2 successful.\n");
+    MP_CHECKOK(mp_bmul(&b, &pp, &c));
+    MP_CHECKOK(mp_bmod(&c, p, &c));
+    if (mp_cmp_z(&c) != 0) {
+        printf("c = (b * p) mod p should equal 0\n");
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular reduction test #3 successful.\n");
+
+    /* Test modular multiplication */
+    MP_CHECKOK(mp_bmulmod(&b, &pp, p, &c));
+    if (mp_cmp_z(&c) != 0) {
+        printf("c = (b * p) mod p should equal 0\n");
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular multiplication test #1 successful.\n");
+    mp_set(&c, 1);
+    MP_CHECKOK(mp_badd(&pp, &c, &c));
+    MP_CHECKOK(mp_bmulmod(&b, &c, p, &c));
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = (b * (p + 1)) mod p should equal b\n");
+        printf("b = ");
+        mp_print(&b, stdout);
+        fputc('\n', stdout);
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular multiplication test #2 successful.\n");
+
+    /* Test modular squaring */
+    MP_CHECKOK(mp_copy(&b, &c));
+    MP_CHECKOK(mp_bmulmod(&b, &c, p, &c));
+    MP_CHECKOK(mp_bsqrmod(&b, p, &d));
+    if (mp_cmp(&c, &d) != 0) {
+        printf("c = (b * b) mod p should equal d = b^2 mod p\n");
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        printf("d = ");
+        mp_print(&d, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular squaring test #1 successful.\n");
+
+    /* Test modular division */
+    MP_CHECKOK(mp_bdivmod(&b, &x, &pp, p, &c));
+    MP_CHECKOK(mp_bmulmod(&c, &x, p, &c));
+    if (mp_cmp(&b, &c) != 0) {
+        printf("c = (b / x) * x mod p should equal b\n");
+        printf("b = ");
+        mp_print(&b, stdout);
+        fputc('\n', stdout);
+        printf("c = ");
+        mp_print(&c, stdout);
+        fputc('\n', stdout);
+        return -1;
+    }
+    printf("Modular division test #1 successful.\n");
+
+CLEANUP:
+
+    mp_clear(&order);
+    mp_clear(&y);
+    mp_clear(&x);
+    mp_clear(&b);
+    mp_clear(&a);
+    mp_clear(&pp);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/tests/pi1k.txt b/nss/lib/freebl/mpi/tests/pi1k.txt
new file mode 100644
index 0000000..5ff6209
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/pi1k.txt
@@ -0,0 +1 @@
+31415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983729780499510597317328160963185950244594553469083026425223082533446850352619311881710100031378387528865875332083814206171776691473035982534904287554687311595628638823537875937519577818577805321712268066130019278766111959092164201989
diff --git a/nss/lib/freebl/mpi/tests/pi2k.txt b/nss/lib/freebl/mpi/tests/pi2k.txt
new file mode 100644
index 0000000..9ce82ac
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/pi2k.txt
@@ -0,0 +1 @@
+314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759010
diff --git a/nss/lib/freebl/mpi/tests/pi5k.txt b/nss/lib/freebl/mpi/tests/pi5k.txt
new file mode 100644
index 0000000..901fac2
--- /dev/null
+++ b/nss/lib/freebl/mpi/tests/pi5k.txt
@@ -0,0 +1 @@
+314159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759009946576407895126946839835259570982582262052248940772671947826848260147699090264013639443745530506820349625245174939965143142980919065925093722169646151570985838741059788595977297549893016175392846813826868386894277415599185592524595395943104997252468084598727364469584865383673622262609912460805124388439045124413654976278079771569143599770012961608944169486855584840635342207222582848864815845602850601684273945226746767889525213852254995466672782398645659611635488623057745649803559363456817432411251507606947945109659609402522887971089314566913686722874894056010150330861792868092087476091782493858900971490967598526136554978189312978482168299894872265880485756401427047755513237964145152374623436454285844479526586782105114135473573952311342716610213596953623144295248493718711014576540359027993440374200731057853906219838744780847848968332144571386875194350643021845319104848100537061468067491927819119793995206141966342875444064374512371819217999839101591956181467514269123974894090718649423196156794520809514655022523160388193014209376213785595663893778708303906979207734672218256259966150142150306803844773454920260541466592520149744285073251866600213243408819071048633173464965145390579626856100550810665879699816357473638405257145910289706414011097120628043903975951567715770042033786993600723055876317635942187312514712053292819182618612586732157919841484882916447060957527069572209175671167229109816909152801735067127485832228718352093539657251210835791513698820914442100675103346711031412671113699086585163983150197016515116851714376576183515565088490998985998238734552833163550764791853589322618548963213293308985706420467525907091548141654985946163718027098199430992448895757128289059232332609729971208443357326548938239119325974636673058360414281388303203824903758985243744170291327656180937734440307074692112019130203303801976211011004492932151608424448596376698389522868478312355265821314495768572624334418930396864262434107732269780280731891544110104468232527162010526522721116603966655730925471105578537634668206531098965269186205647693125705863566201855810072936065987648611791045334885034611365768675324944166803962657978771855608455296541266540853061434443185867697514566140680070023787765913440171274947042056223053899456131407112700040785473326993908145466464588079727082668306343285878569830523580893306575740679545716377525420211495576158140025012622859413021647155097925923099079654737612551765675135751782966645477917450112996148903046399471329621073404375189573596145890193897131117904297828564750320319869151402870808599048010941214722131794764777262241425485454033215718530614228813758504306332175182979866223717215916077166925474873898665494945011465406284336639379003976926567214638530673609657120918076383271664162748888007869256029022847210403172118608204190004229661711963779213375751149595015660496318629472654736425230817703675159067350235072835405670403867435136222247715891504953098444893330963408780769325993978054193414473774418426312986080998886874132604721
diff --git a/nss/lib/freebl/mpi/timetest b/nss/lib/freebl/mpi/timetest
new file mode 100755
index 0000000..c6f07bb
--- /dev/null
+++ b/nss/lib/freebl/mpi/timetest
@@ -0,0 +1,99 @@
+#!/bin/sh
+
+# Simple timing test for the MPI library.  Basically, we use prime
+# generation as a timing test, since it exercises most of the pathways
+# of the library fairly heavily.  The 'primegen' tool outputs a line
+# summarizing timing results.  We gather these and process them for
+# statistical information, which is collected into a file.
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Avoid using built-in shell echoes
+ECHO=/bin/echo
+MAKE=gmake
+PERL=perl
+
+# Use a fixed seed so timings will be more consistent
+# This one is the 11th-18th decimal digits of 'e'
+#export SEED=45904523
+SEED=45904523; export SEED
+
+#------------------------------------------------------------------------
+
+$ECHO "\n** Running timing tests for MPI library\n"
+
+$ECHO "Bringing 'metime' up to date ... "
+if $MAKE metime ; then
+    :
+else 
+    $ECHO "\nMake failed to build metime.\n"
+    exit 1
+fi
+
+if [ ! -x ./metime ] ; then 
+    $ECHO "\nCannot find 'metime' program, testing cannot continue.\n"
+    exit 1
+fi
+
+#------------------------------------------------------------------------
+
+$ECHO "Bringing 'primegen' up to date ... "
+if $MAKE primegen ; then
+    :
+else
+    $ECHO "\nMake failed to build primegen.\n"
+    exit 1
+fi
+
+if [ ! -x ./primegen ] ; then
+    $ECHO "\nCannot find 'primegen' program, testing cannot continue.\n"
+    exit 1
+fi
+
+#------------------------------------------------------------------------
+
+rm -f timing-results.txt
+touch timing-results.txt
+
+sizes="256 512 1024 2048"
+ntests=10
+
+trap 'echo "oop!";rm -f tt*.tmp timing-results.txt;exit 0' INT HUP
+
+$ECHO "\n-- Modular exponentiation\n"
+$ECHO "Modular exponentiation:" >> timing-results.txt
+
+$ECHO "Running $ntests modular exponentiations per test:"
+for size in $sizes ; do
+    $ECHO "- Gathering statistics for $size bits ... "
+    secs=`./metime $ntests $size | tail -1 | awk '{print $2}'`
+    $ECHO "$size: " $secs " seconds per op" >> timing-results.txt
+    tail -1 timing-results.txt
+done
+
+$ECHO "<done>";
+
+sizes="256 512 1024"
+ntests=1
+
+$ECHO "\n-- Prime generation\n"
+$ECHO "Prime generation:" >> timing-results.txt
+
+$ECHO "Generating $ntests prime values per test:"
+for size in $sizes ; do
+    $ECHO "- Gathering statistics for $size bits ... "
+    ./primegen $size $ntests | grep ticks | awk '{print $7}' | tr -d '(' > tt$$.tmp
+    $ECHO "$size:" >> timing-results.txt
+    $PERL stats tt$$.tmp >> timing-results.txt
+    tail -1 timing-results.txt
+    rm -f tt$$.tmp
+done
+
+$ECHO "<done>"
+
+trap 'rm -f tt*.tmp timing-results.txt' INT HUP
+
+exit 0
+
diff --git a/nss/lib/freebl/mpi/types.pl b/nss/lib/freebl/mpi/types.pl
new file mode 100755
index 0000000..c5f38af
--- /dev/null
+++ b/nss/lib/freebl/mpi/types.pl
@@ -0,0 +1,127 @@
+#!/usr/bin/perl
+
+#
+# types.pl - find recommended type definitions for digits and words
+#
+# This script scans the Makefile for the C compiler and compilation
+# flags currently in use, and using this combination, attempts to
+# compile a simple test program that outputs the sizes of the various
+# unsigned integer types, in bytes.  Armed with these, it finds all
+# the "viable" type combinations for mp_digit and mp_word, where
+# viability is defined by the requirement that mp_word be at least two
+# times the precision of mp_digit.
+#
+# Of these, the one with the largest digit size is chosen, and
+# appropriate typedef statements are written to standard output.
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+@_=split(/\//,$0);chomp($prog=pop(@_));
+
+# The array of integer types to be considered...
+@TYPES = ( 
+	   "unsigned char", 
+	   "unsigned short", 
+	   "unsigned int", 
+	   "unsigned long"
+);
+
+# Macro names for the maximum unsigned value of each type
+%TMAX = ( 
+	  "unsigned char"   => "UCHAR_MAX",
+	  "unsigned short"  => "USHRT_MAX",
+	  "unsigned int"    => "UINT_MAX",
+	  "unsigned long"   => "ULONG_MAX"
+);
+
+# Read the Makefile to find out which C compiler to use
+open(MFP, "<Makefile") or die "$prog: Makefile: $!\n";
+while(<MFP>) {
+    chomp;
+    if(/^CC=(.*)$/) {
+	$cc = $1;
+	last if $cflags;
+    } elsif(/^CFLAGS=(.*)$/) {
+	$cflags = $1;
+	last if $cc;
+    }
+}
+close(MFP);
+
+# If we couldn't find that, use 'cc' by default
+$cc = "cc" unless $cc;
+
+printf STDERR "Using '%s' as the C compiler.\n", $cc;
+
+print STDERR "Determining type sizes ... \n";
+open(OFP, ">tc$$.c") or die "$prog: tc$$.c: $!\n";
+print OFP "#include <stdio.h>\n\nint main(void)\n{\n";
+foreach $type (@TYPES) {
+    printf OFP "\tprintf(\"%%d\\n\", (int)sizeof(%s));\n", $type;
+}
+print OFP "\n\treturn 0;\n}\n";
+close(OFP);
+
+system("$cc $cflags -o tc$$ tc$$.c");
+
+die "$prog: unable to build test program\n" unless(-x "tc$$");
+
+open(IFP, "./tc$$|") or die "$prog: can't execute test program\n";
+$ix = 0;
+while(<IFP>) {
+    chomp;
+    $size{$TYPES[$ix++]} = $_;
+}
+close(IFP);
+
+unlink("tc$$");
+unlink("tc$$.c");
+
+print STDERR "Selecting viable combinations ... \n";
+while(($type, $size) = each(%size)) {
+    push(@ts, [ $size, $type ]);
+}
+
+# Sort them ascending by size 
+@ts = sort { $a->[0] <=> $b->[0] } @ts;
+
+# Try all possible combinations, finding pairs in which the word size
+# is twice the digit size.  The number of possible pairs is too small
+# to bother doing this more efficiently than by brute force
+for($ix = 0; $ix <= $#ts; $ix++) {
+    $w = $ts[$ix];
+
+    for($jx = 0; $jx <= $#ts; $jx++) {
+	$d = $ts[$jx];
+
+	if($w->[0] == 2 * $d->[0]) {
+	    push(@valid, [ $d, $w ]);
+	}
+    }
+}
+
+# Sort descending by digit size
+@valid = sort { $b->[0]->[0] <=> $a->[0]->[0] } @valid;
+
+# Select the maximum as the recommended combination
+$rec = shift(@valid);
+
+printf("typedef %-18s mp_sign;\n", "char");
+printf("typedef %-18s mp_digit;  /* %d byte type */\n", 
+       $rec->[0]->[1], $rec->[0]->[0]);
+printf("typedef %-18s mp_word;   /* %d byte type */\n", 
+       $rec->[1]->[1], $rec->[1]->[0]);
+printf("typedef %-18s mp_size;\n", "unsigned int");
+printf("typedef %-18s mp_err;\n\n", "int");
+
+printf("#define %-18s (CHAR_BIT*sizeof(mp_digit))\n", "DIGIT_BIT");
+printf("#define %-18s %s\n", "DIGIT_MAX", $TMAX{$rec->[0]->[1]});
+printf("#define %-18s (CHAR_BIT*sizeof(mp_word))\n", "MP_WORD_BIT");
+printf("#define %-18s %s\n\n", "MP_WORD_MAX", $TMAX{$rec->[1]->[1]});
+printf("#define %-18s (DIGIT_MAX+1)\n\n", "RADIX");
+
+printf("#define %-18s \"%%0%dX\"\n", "DIGIT_FMT", (2 * $rec->[0]->[0]));
+
+exit 0;
diff --git a/nss/lib/freebl/mpi/utils/LICENSE b/nss/lib/freebl/mpi/utils/LICENSE
new file mode 100644
index 0000000..5f96df7
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/LICENSE
@@ -0,0 +1,4 @@
+Within this directory, each of the file listed below is licensed under 
+the terms given in the file LICENSE-MPL, also in this directory.
+
+PRIMES
diff --git a/nss/lib/freebl/mpi/utils/LICENSE-MPL b/nss/lib/freebl/mpi/utils/LICENSE-MPL
new file mode 100644
index 0000000..41dc232
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/LICENSE-MPL
@@ -0,0 +1,3 @@
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/lib/freebl/mpi/utils/PRIMES b/nss/lib/freebl/mpi/utils/PRIMES
new file mode 100644
index 0000000..ed65703
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/PRIMES
@@ -0,0 +1,41 @@
+Probable primes (sorted by number of significant bits)
+
+ 128: 81386202757205669562183851789305348631
+
+ 128: 180241813863264101444573802809858694397
+
+ 128: 245274683055224433281596312431122059021
+
+ 128: 187522309397665259809392608791686659539
+
+ 256: 83252422946206411852330647237287722547866360773229941071371588246436\
+      513990159
+
+ 256: 79132571131322331023736933767063051273085304521895229780914612117520\
+      058517909
+
+ 256: 72081815425552909748220041100909735706208853818662000557743644603407\
+      965465527
+
+ 256: 87504602391905701494845474079163412737334477797316409702279059573654\
+      274811271
+
+ 512: 12233064210800062190450937494718705259777386009095453001870729392786\
+      63450255179083524798507997690270500580265258111668148238355016411719\
+      9168737693316468563
+
+ 512: 12003639081420725322369909586347545220275253633035565716386136197501\
+      88208318984400479275215620499883521216480724155582768193682335576385\
+      2069481074929084063
+
+1024: 16467877625718912296741904171202513097057724053648819680815842057593\
+      20371835940722471475475803725455063836431454757000451907612224427007\
+      63984592414360595161051906727075047683803534852982766542661204179549\
+      77327573530800542562611753617736693359790119074768292178493884576587\
+      0230450429880021317876149636714743053
+
+1024: 16602953991090311275234291158294516471009930684624948451178742895360\
+      86073703307475884280944414508444679430090561246728195735962931545473\
+      40743240318558456247740186704660778277799687988031119436541068736925\
+      20563780233711166724859277827382391527748470939542560819625727876091\
+      5372193745283891895989104479029844957
diff --git a/nss/lib/freebl/mpi/utils/README b/nss/lib/freebl/mpi/utils/README
new file mode 100644
index 0000000..61c8e2e
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/README
@@ -0,0 +1,206 @@
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Additional MPI utilities
+------------------------
+
+The files 'mpprime.h' and 'mpprime.c' define some useful extensions to
+the MPI library for dealing with prime numbers (in particular, testing
+for divisbility, and the Rabin-Miller probabilistic primality test).
+
+The files 'mplogic.h' and 'mplogic.c' define extensions to the MPI
+library for doing bitwise logical operations and shifting.
+
+This document assumes you have read the help file for the MPI library
+and understand its conventions.
+
+Divisibility (mpprime.h)
+------------
+
+To test a number for divisibility by another number:
+
+mpp_divis(a, b)		- test if b|a
+mpp_divis_d(a, d)	- test if d|a
+
+Each of these functions returns MP_YES if its initial argument is
+divisible by its second, or MP_NO if it is not.  Other errors may be
+returned as appropriate (such as MP_RANGE if you try to test for
+divisibility by zero).
+
+Randomness (mpprime.h)
+----------
+
+To generate random data:
+
+mpp_random(a)		- fill a with random data
+mpp_random_size(a, p)   - fill a with p digits of random data
+
+The mpp_random_size() function increases the precision of a to at
+least p, then fills all those digits randomly.  The mp_random()
+function fills a to its current precision (as determined by the number
+of significant digits, USED(a))
+
+Note that these functions simply use the C library's rand() function
+to fill a with random digits up to its precision.  This should be
+adequate for primality testing, but should not be used for
+cryptographic applications where truly random values are required for
+security.  
+
+You should call srand() in your driver program in order to seed the
+random generator; this function doesn't call it.
+
+Primality Testing (mpprime.h)
+-----------------
+
+mpp_divis_vector(a, v, s, w)   - is a divisible by any of the s values
+                                 in v, and if so, w = which.
+mpp_divis_primes(a, np)   - is a divisible by any of the first np primes?
+mpp_fermat(a, w)          - is a pseudoprime with respect to witness w?
+mpp_pprime(a, nt)	  - run nt iterations of Rabin-Miller on a.
+
+The mpp_divis_vector() function tests a for divisibility by each
+member of an array of digits.  The array is v, the size of that array
+is s.  Returns MP_YES if a is divisible, and stores the index of the
+offending digit in w.  Returns MP_NO if a is not divisible by any of
+the digits in the array.
+
+A small table of primes is compiled into the library (typically the
+first 128 primes, although you can change this by editing the file
+'primes.c' before you build).  The global variable prime_tab_size
+contains the number of primes in the table, and the values themselves
+are in the array prime_tab[], which is an array of mp_digit.
+
+The mpp_divis_primes() function is basically just a wrapper around
+mpp_divis_vector() that uses prime_tab[] as the test vector.  The np
+parameter is a pointer to an mp_digit -- on input, it should specify
+the number of primes to be tested against.  If a is divisible by any
+of the primes, MP_YES is returned and np is given the prime value that
+divided a (you can use this if you're factoring, for example).
+Otherwise, MP_NO is returned and np is untouched.
+
+The function mpp_fermat() performs Fermat's test, using w as a
+witness.  This test basically relies on the fact that if a is prime,
+and w is relatively prime to a, then:
+
+	w^a = w (mod a)
+
+That is,
+
+	w^(a - 1) = 1 (mod a)
+
+The function returns MP_YES if the test passes, MP_NO if it fails.  If
+w is relatively prime to a, and the test fails, a is definitely
+composite.  If w is relatively prime to a and the test passes, then a
+is either prime, or w is a false witness (the probability of this
+happening depends on the choice of w and of a ... consult a number
+theory textbook for more information about this).  
+
+Note:  If (w, a) != 1, the output of this test is meaningless.
+----
+
+The function mpp_pprime() performs the Rabin-Miller probabilistic
+primality test for nt rounds.  If all the tests pass, MP_YES is
+returned, and a is probably prime.  The probability that an answer of
+MP_YES is incorrect is no greater than 1 in 4^nt, and in fact is
+usually much less than that (this is a pessimistic estimate).  If any
+test fails, MP_NO is returned, and a is definitely composite.
+
+Bruce Schneier recommends at least 5 iterations of this test for most
+cryptographic applications; Knuth suggests that 25 are reasonable.
+Run it as many times as you feel are necessary.
+
+See the programs 'makeprime.c' and 'isprime.c' for reasonable examples
+of how to use these functions for primality testing.
+
+
+Bitwise Logic (mplogic.c)
+-------------
+
+The four commonest logical operations are implemented as:
+
+mpl_not(a, b)		- Compute bitwise (one's) complement, b = ~a
+
+mpl_and(a, b, c)	- Compute bitwise AND, c = a & b
+
+mpl_or(a, b, c)		- Compute bitwise OR, c = a | b
+
+mpl_xor(a, b, c)	- Compute bitwise XOR, c = a ^ b
+
+Left and right shifts are available as well.  These take a number to
+shift, a destination, and a shift amount.  The shift amount must be a
+digit value between 0 and DIGIT_BIT inclusive; if it is not, MP_RANGE
+will be returned and the shift will not happen.
+
+mpl_rsh(a, b, d)	- Compute logical right shift, b = a >> d
+
+mpl_lsh(a, b, d)	- Compute logical left shift, b = a << d
+
+Since these are logical shifts, they fill with zeroes (the library
+uses a signed magnitude representation, so there are no sign bits to
+extend anyway).
+
+
+Command-line Utilities
+----------------------
+
+A handful of interesting command-line utilities are provided.  These
+are:
+
+lap.c		- Find the order of a mod m.  Usage is 'lap <a> <m>'.
+                  This uses a dumb algorithm, so don't use it for 
+                  a really big modulus.
+
+invmod.c	- Find the inverse of a mod m, if it exists.  Usage
+		  is 'invmod <a> <m>'
+
+sieve.c		- A simple bitmap-based implementation of the Sieve
+		  of Eratosthenes.  Used to generate the table of 
+		  primes in primes.c.  Usage is 'sieve <nbits>'
+
+prng.c          - Uses the routines in bbs_rand.{h,c} to generate
+                  one or more 32-bit pseudo-random integers.  This
+                  is mainly an example, not intended for use in a
+                  cryptographic application (the system time is 
+                  the only source of entropy used)
+
+dec2hex.c       - Convert decimal to hexadecimal
+
+hex2dec.c       - Convert hexadecimal to decimal
+
+basecvt.c       - General radix conversion tool (supports 2-64)
+
+isprime.c       - Probabilistically test an integer for primality
+                  using the Rabin-Miller pseudoprime test combined
+                  with division by small primes.
+
+primegen.c      - Generate primes at random.
+
+exptmod.c       - Perform modular exponentiation
+
+ptab.pl		- A Perl script to munge the output of the sieve
+		  program into a compilable C structure.
+
+
+Other Files
+-----------
+
+PRIMES		- Some randomly generated numbers which are prime with
+		  extremely high probability.
+
+README		- You're reading me already.
+
+
+About the Author
+----------------
+
+This software was written by Michael J. Fromberger.  You can contact
+the author as follows:
+
+E-mail:	  <sting@linguist.dartmouth.edu>
+
+Postal:	  8000 Cummings Hall, Thayer School of Engineering
+	  Dartmouth College, Hanover, New Hampshire, USA
+
+PGP key:  http://linguist.dartmouth.edu/~sting/keys/mjf.html
+          9736 188B 5AFA 23D6 D6AA  BE0D 5856 4525 289D 9907
diff --git a/nss/lib/freebl/mpi/utils/basecvt.c b/nss/lib/freebl/mpi/utils/basecvt.c
new file mode 100644
index 0000000..0e99154
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/basecvt.c
@@ -0,0 +1,68 @@
+/*
+ *  basecvt.c
+ *
+ *  Convert integer values specified on the command line from one input
+ *  base to another.  Accepts input and output bases between 2 and 36
+ *  inclusive.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+#define IBASE 10
+#define OBASE 16
+#define USAGE "Usage: %s ibase obase [value]\n"
+#define MAXBASE 64
+#define MINBASE 2
+
+int
+main(int argc, char *argv[])
+{
+    int ix, ibase = IBASE, obase = OBASE;
+    mp_int val;
+
+    ix = 1;
+    if (ix < argc) {
+        ibase = atoi(argv[ix++]);
+
+        if (ibase < MINBASE || ibase > MAXBASE) {
+            fprintf(stderr, "%s: input radix must be between %d and %d inclusive\n",
+                    argv[0], MINBASE, MAXBASE);
+            return 1;
+        }
+    }
+    if (ix < argc) {
+        obase = atoi(argv[ix++]);
+
+        if (obase < MINBASE || obase > MAXBASE) {
+            fprintf(stderr, "%s: output radix must be between %d and %d inclusive\n",
+                    argv[0], MINBASE, MAXBASE);
+            return 1;
+        }
+    }
+
+    mp_init(&val);
+    while (ix < argc) {
+        char *out;
+        int outlen;
+
+        mp_read_radix(&val, argv[ix++], ibase);
+
+        outlen = mp_radix_size(&val, obase);
+        out = calloc(outlen, sizeof(char));
+        mp_toradix(&val, out, obase);
+
+        printf("%s\n", out);
+        free(out);
+    }
+
+    mp_clear(&val);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/utils/bbs_rand.c b/nss/lib/freebl/mpi/utils/bbs_rand.c
new file mode 100644
index 0000000..fed2fe2
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/bbs_rand.c
@@ -0,0 +1,65 @@
+/*
+ *  Blum, Blum & Shub PRNG using the MPI library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "bbs_rand.h"
+
+#define SEED 1
+#define MODULUS 2
+
+/* This modulus is the product of two randomly generated 512-bit
+   prime integers, each of which is congruent to 3 (mod 4).          */
+static char *bbs_modulus =
+    "75A2A6E1D27393B86562B9CE7279A8403CB4258A637DAB5233465373E37837383EDC"
+    "332282B8575927BC4172CE8C147B4894050EE9D2BDEED355C121037270CA2570D127"
+    "7D2390CD1002263326635CC6B259148DE3A1A03201980A925E395E646A5E9164B0EC"
+    "28559EBA58C87447245ADD0651EDA507056A1129E3A3E16E903D64B437";
+
+static int bbs_init = 0; /* flag set when library is initialized */
+static mp_int bbs_state; /* the current state of the generator   */
+
+/* Suggested size of random seed data */
+int bbs_seed_size = (sizeof(bbs_modulus) / 2);
+
+void
+bbs_srand(unsigned char *data, int len)
+{
+    if ((bbs_init & SEED) == 0) {
+        mp_init(&bbs_state);
+        bbs_init |= SEED;
+    }
+
+    mp_read_raw(&bbs_state, (char *)data, len);
+
+} /* end bbs_srand() */
+
+unsigned int
+bbs_rand(void)
+{
+    static mp_int modulus;
+    unsigned int result = 0, ix;
+
+    if ((bbs_init & MODULUS) == 0) {
+        mp_init(&modulus);
+        mp_read_radix(&modulus, bbs_modulus, 16);
+        bbs_init |= MODULUS;
+    }
+
+    for (ix = 0; ix < sizeof(unsigned int); ix++) {
+        mp_digit d;
+
+        mp_sqrmod(&bbs_state, &modulus, &bbs_state);
+        d = DIGIT(&bbs_state, 0);
+
+        result = (result << CHAR_BIT) | (d & UCHAR_MAX);
+    }
+
+    return result;
+
+} /* end bbs_rand() */
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/utils/bbs_rand.h b/nss/lib/freebl/mpi/utils/bbs_rand.h
new file mode 100644
index 0000000..d12269b
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/bbs_rand.h
@@ -0,0 +1,24 @@
+/*
+ *  bbs_rand.h
+ *
+ *  Blum, Blum & Shub PRNG using the MPI library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _H_BBSRAND_
+#define _H_BBSRAND_
+
+#include <limits.h>
+#include "mpi.h"
+
+#define BBS_RAND_MAX UINT_MAX
+
+/* Suggested length of seed data */
+extern int bbs_seed_size;
+
+void bbs_srand(unsigned char *data, int len);
+unsigned int bbs_rand(void);
+
+#endif /* end _H_BBSRAND_ */
diff --git a/nss/lib/freebl/mpi/utils/bbsrand.c b/nss/lib/freebl/mpi/utils/bbsrand.c
new file mode 100644
index 0000000..d9151e0
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/bbsrand.c
@@ -0,0 +1,35 @@
+/*
+ *  bbsrand.c
+ *
+ *  Test driver for routines in bbs_rand.h
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <limits.h>
+
+#include "bbs_rand.h"
+
+#define NUM_TESTS 100
+
+int
+main(void)
+{
+    unsigned int seed, result, ix;
+
+    seed = time(NULL);
+    bbs_srand((unsigned char *)&seed, sizeof(seed));
+
+    for (ix = 0; ix < NUM_TESTS; ix++) {
+        result = bbs_rand();
+
+        printf("Test %3u: %08X\n", ix + 1, result);
+    }
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/utils/dec2hex.c b/nss/lib/freebl/mpi/utils/dec2hex.c
new file mode 100644
index 0000000..ef3a520
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/dec2hex.c
@@ -0,0 +1,40 @@
+/*
+ *  dec2hex.c
+ *
+ *  Convert decimal integers into hexadecimal
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a;
+    char *buf;
+    int len;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_read_radix(&a, argv[1], 10);
+    len = mp_radix_size(&a, 16);
+    buf = malloc(len);
+    mp_toradix(&a, buf, 16);
+
+    printf("%s\n", buf);
+
+    free(buf);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/utils/exptmod.c b/nss/lib/freebl/mpi/utils/exptmod.c
new file mode 100644
index 0000000..3ac9078
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/exptmod.c
@@ -0,0 +1,55 @@
+/*
+ *  exptmod.c
+ *
+ * Command line tool to perform modular exponentiation on arbitrary
+ * precision integers.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a, b, m;
+    mp_err res;
+    char *str;
+    int len, rval = 0;
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <b> <m>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_init(&b);
+    mp_init(&m);
+    mp_read_radix(&a, argv[1], 10);
+    mp_read_radix(&b, argv[2], 10);
+    mp_read_radix(&m, argv[3], 10);
+
+    if ((res = mp_exptmod(&a, &b, &m, &a)) != MP_OKAY) {
+        fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+        rval = 1;
+    } else {
+        len = mp_radix_size(&a, 10);
+        str = calloc(len, sizeof(char));
+        mp_toradix(&a, str, 10);
+
+        printf("%s\n", str);
+
+        free(str);
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+    mp_clear(&m);
+
+    return rval;
+}
diff --git a/nss/lib/freebl/mpi/utils/fact.c b/nss/lib/freebl/mpi/utils/fact.c
new file mode 100644
index 0000000..da8e61a
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/fact.c
@@ -0,0 +1,84 @@
+/*
+ * fact.c
+ *
+ * Compute factorial of input integer
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+mp_err mp_fact(mp_int *a, mp_int *b);
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a;
+    mp_err res;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <number>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_read_radix(&a, argv[1], 10);
+
+    if ((res = mp_fact(&a, &a)) != MP_OKAY) {
+        fprintf(stderr, "%s: error: %s\n", argv[0],
+                mp_strerror(res));
+        mp_clear(&a);
+        return 1;
+    }
+
+    {
+        char *buf;
+        int len;
+
+        len = mp_radix_size(&a, 10);
+        buf = malloc(len);
+        mp_todecimal(&a, buf);
+
+        puts(buf);
+
+        free(buf);
+    }
+
+    mp_clear(&a);
+    return 0;
+}
+
+mp_err
+mp_fact(mp_int *a, mp_int *b)
+{
+    mp_int ix, s;
+    mp_err res = MP_OKAY;
+
+    if (mp_cmp_z(a) < 0)
+        return MP_UNDEF;
+
+    mp_init(&s);
+    mp_add_d(&s, 1, &s); /* s = 1  */
+    mp_init(&ix);
+    mp_add_d(&ix, 1, &ix); /* ix = 1 */
+
+    for (/*  */; mp_cmp(&ix, a) <= 0; mp_add_d(&ix, 1, &ix)) {
+        if ((res = mp_mul(&s, &ix, &s)) != MP_OKAY)
+            break;
+    }
+
+    mp_clear(&ix);
+
+    /* Copy out results if we got them */
+    if (res == MP_OKAY)
+        mp_copy(&s, b);
+
+    mp_clear(&s);
+
+    return res;
+}
diff --git a/nss/lib/freebl/mpi/utils/gcd.c b/nss/lib/freebl/mpi/utils/gcd.c
new file mode 100644
index 0000000..9f11a25
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/gcd.c
@@ -0,0 +1,95 @@
+/*
+ *  gcd.c
+ *
+ *  Greatest common divisor
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+char *g_prog = NULL;
+
+void print_mp_int(mp_int *mp, FILE *ofp);
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a, b, x, y;
+    mp_err res;
+    int ext = 0;
+
+    g_prog = argv[0];
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <b>\n", g_prog);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_read_radix(&a, argv[1], 10);
+    mp_init(&b);
+    mp_read_radix(&b, argv[2], 10);
+
+    /* If we were called 'xgcd', compute x, y so that g = ax + by */
+    if (strcmp(g_prog, "xgcd") == 0) {
+        ext = 1;
+        mp_init(&x);
+        mp_init(&y);
+    }
+
+    if (ext) {
+        if ((res = mp_xgcd(&a, &b, &a, &x, &y)) != MP_OKAY) {
+            fprintf(stderr, "%s: error: %s\n", g_prog, mp_strerror(res));
+            mp_clear(&a);
+            mp_clear(&b);
+            mp_clear(&x);
+            mp_clear(&y);
+            return 1;
+        }
+    } else {
+        if ((res = mp_gcd(&a, &b, &a)) != MP_OKAY) {
+            fprintf(stderr, "%s: error: %s\n", g_prog,
+                    mp_strerror(res));
+            mp_clear(&a);
+            mp_clear(&b);
+            return 1;
+        }
+    }
+
+    print_mp_int(&a, stdout);
+    if (ext) {
+        fputs("x = ", stdout);
+        print_mp_int(&x, stdout);
+        fputs("y = ", stdout);
+        print_mp_int(&y, stdout);
+    }
+
+    mp_clear(&a);
+    mp_clear(&b);
+
+    if (ext) {
+        mp_clear(&x);
+        mp_clear(&y);
+    }
+
+    return 0;
+}
+
+void
+print_mp_int(mp_int *mp, FILE *ofp)
+{
+    char *buf;
+    int len;
+
+    len = mp_radix_size(mp, 10);
+    buf = calloc(len, sizeof(char));
+    mp_todecimal(mp, buf);
+    fprintf(ofp, "%s\n", buf);
+    free(buf);
+}
diff --git a/nss/lib/freebl/mpi/utils/hex2dec.c b/nss/lib/freebl/mpi/utils/hex2dec.c
new file mode 100644
index 0000000..9b21d22
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/hex2dec.c
@@ -0,0 +1,40 @@
+/*
+ *  hex2dec.c
+ *
+ *  Convert decimal integers into hexadecimal
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a;
+    char *buf;
+    int len;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <a>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_read_radix(&a, argv[1], 16);
+    len = mp_radix_size(&a, 10);
+    buf = malloc(len);
+    mp_toradix(&a, buf, 10);
+
+    printf("%s\n", buf);
+
+    free(buf);
+    mp_clear(&a);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/utils/identest.c b/nss/lib/freebl/mpi/utils/identest.c
new file mode 100644
index 0000000..321d2c2
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/identest.c
@@ -0,0 +1,84 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "mpi.h"
+#include "mpprime.h"
+#include <sys/types.h>
+#include <time.h>
+
+#define MAX_PREC (4096 / MP_DIGIT_BIT)
+
+mp_err
+identity_test(void)
+{
+    mp_size preca, precb;
+    mp_err res;
+    mp_int a, b;
+    mp_int t1, t2, t3, t4, t5;
+
+    preca = (rand() % MAX_PREC) + 1;
+    precb = (rand() % MAX_PREC) + 1;
+
+    MP_DIGITS(&a) = 0;
+    MP_DIGITS(&b) = 0;
+    MP_DIGITS(&t1) = 0;
+    MP_DIGITS(&t2) = 0;
+    MP_DIGITS(&t3) = 0;
+    MP_DIGITS(&t4) = 0;
+    MP_DIGITS(&t5) = 0;
+
+    MP_CHECKOK(mp_init(&a));
+    MP_CHECKOK(mp_init(&b));
+    MP_CHECKOK(mp_init(&t1));
+    MP_CHECKOK(mp_init(&t2));
+    MP_CHECKOK(mp_init(&t3));
+    MP_CHECKOK(mp_init(&t4));
+    MP_CHECKOK(mp_init(&t5));
+
+    MP_CHECKOK(mpp_random_size(&a, preca));
+    MP_CHECKOK(mpp_random_size(&b, precb));
+
+    if (mp_cmp(&a, &b) < 0)
+        mp_exch(&a, &b);
+
+    MP_CHECKOK(mp_mod(&a, &b, &t1));       /* t1 = a%b */
+    MP_CHECKOK(mp_div(&a, &b, &t2, NULL)); /* t2 = a/b */
+    MP_CHECKOK(mp_mul(&b, &t2, &t3));      /* t3 = (a/b)*b */
+    MP_CHECKOK(mp_add(&t1, &t3, &t4));     /* t4 = a%b + (a/b)*b */
+    MP_CHECKOK(mp_sub(&t4, &a, &t5));      /* t5 = a%b + (a/b)*b - a */
+    if (mp_cmp_z(&t5) != 0) {
+        res = MP_UNDEF;
+        goto CLEANUP;
+    }
+
+CLEANUP:
+    mp_clear(&t5);
+    mp_clear(&t4);
+    mp_clear(&t3);
+    mp_clear(&t2);
+    mp_clear(&t1);
+    mp_clear(&b);
+    mp_clear(&a);
+    return res;
+}
+
+int
+main(void)
+{
+    unsigned int seed = (unsigned int)time(NULL);
+    unsigned long count = 0;
+    mp_err res;
+
+    srand(seed);
+
+    while (MP_OKAY == (res = identity_test())) {
+        if ((++count % 100) == 0)
+            fputc('.', stderr);
+    }
+
+    fprintf(stderr, "\ntest failed, err %d\n", res);
+    return res;
+}
diff --git a/nss/lib/freebl/mpi/utils/invmod.c b/nss/lib/freebl/mpi/utils/invmod.c
new file mode 100644
index 0000000..9b4b04d
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/invmod.c
@@ -0,0 +1,61 @@
+/*
+ *  invmod.c
+ *
+ *  Compute modular inverses
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mpi.h"
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a, m;
+    mp_err res;
+    char *buf;
+    int len, out = 0;
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_read_radix(&a, argv[1], 10);
+    mp_read_radix(&m, argv[2], 10);
+
+    if (mp_cmp(&a, &m) > 0)
+        mp_mod(&a, &m, &a);
+
+    switch ((res = mp_invmod(&a, &m, &a))) {
+        case MP_OKAY:
+            len = mp_radix_size(&a, 10);
+            buf = malloc(len);
+
+            mp_toradix(&a, buf, 10);
+            printf("%s\n", buf);
+            free(buf);
+            break;
+
+        case MP_UNDEF:
+            printf("No inverse\n");
+            out = 1;
+            break;
+
+        default:
+            printf("error: %s (%d)\n", mp_strerror(res), res);
+            out = 2;
+            break;
+    }
+
+    mp_clear(&a);
+    mp_clear(&m);
+
+    return out;
+}
diff --git a/nss/lib/freebl/mpi/utils/isprime.c b/nss/lib/freebl/mpi/utils/isprime.c
new file mode 100644
index 0000000..d2d8695
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/isprime.c
@@ -0,0 +1,89 @@
+/*
+ *  isprime.c
+ *
+ *  Probabilistic primality tester command-line tool
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+#define RM_TESTS 15  /* how many iterations of Rabin-Miller? */
+#define MINIMUM 1024 /* don't bother us with a < this        */
+
+int g_tests = RM_TESTS;
+char *g_prog = NULL;
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a;
+    mp_digit np = prime_tab_size; /* from mpprime.h */
+    int res = 0;
+
+    g_prog = argv[0];
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <a>, where <a> is a decimal integer\n"
+                        "Use '0x' prefix for a hexadecimal value\n",
+                g_prog);
+        return 1;
+    }
+
+    /* Read number of tests from environment, if present */
+    {
+        char *tmp;
+
+        if ((tmp = PR_GetEnvSecure("RM_TESTS")) != NULL) {
+            if ((g_tests = atoi(tmp)) <= 0)
+                g_tests = RM_TESTS;
+        }
+    }
+
+    mp_init(&a);
+    if (argv[1][0] == '0' && argv[1][1] == 'x')
+        mp_read_radix(&a, argv[1] + 2, 16);
+    else
+        mp_read_radix(&a, argv[1], 10);
+
+    if (mp_cmp_d(&a, MINIMUM) <= 0) {
+        fprintf(stderr, "%s: please use a value greater than %d\n",
+                g_prog, MINIMUM);
+        mp_clear(&a);
+        return 1;
+    }
+
+    /* Test for divisibility by small primes */
+    if (mpp_divis_primes(&a, &np) != MP_NO) {
+        printf("Not prime (divisible by small prime %d)\n", np);
+        res = 2;
+        goto CLEANUP;
+    }
+
+    /* Test with Fermat's test, using 2 as a witness */
+    if (mpp_fermat(&a, 2) != MP_YES) {
+        printf("Not prime (failed Fermat test)\n");
+        res = 2;
+        goto CLEANUP;
+    }
+
+    /* Test with Rabin-Miller probabilistic test */
+    if (mpp_pprime(&a, g_tests) == MP_NO) {
+        printf("Not prime (failed pseudoprime test)\n");
+        res = 2;
+        goto CLEANUP;
+    }
+
+    printf("Probably prime, 1 in 4^%d chance of false positive\n", g_tests);
+
+CLEANUP:
+    mp_clear(&a);
+
+    return res;
+}
diff --git a/nss/lib/freebl/mpi/utils/lap.c b/nss/lib/freebl/mpi/utils/lap.c
new file mode 100644
index 0000000..501e453
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/lap.c
@@ -0,0 +1,90 @@
+/*
+ *  lap.c
+ *
+ *  Find least annihilating power of a mod m
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+
+#include "mpi.h"
+
+void sig_catch(int ign);
+
+int g_quit = 0;
+
+int
+main(int argc, char *argv[])
+{
+    mp_int a, m, p, k;
+
+    if (argc < 3) {
+        fprintf(stderr, "Usage: %s <a> <m>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&a);
+    mp_init(&m);
+    mp_init(&p);
+    mp_add_d(&p, 1, &p);
+
+    mp_read_radix(&a, argv[1], 10);
+    mp_read_radix(&m, argv[2], 10);
+
+    mp_init_copy(&k, &a);
+
+    signal(SIGINT, sig_catch);
+#ifndef __OS2__
+    signal(SIGHUP, sig_catch);
+#endif
+    signal(SIGTERM, sig_catch);
+
+    while (mp_cmp(&p, &m) < 0) {
+        if (g_quit) {
+            int len;
+            char *buf;
+
+            len = mp_radix_size(&p, 10);
+            buf = malloc(len);
+            mp_toradix(&p, buf, 10);
+
+            fprintf(stderr, "Terminated at: %s\n", buf);
+            free(buf);
+            return 1;
+        }
+        if (mp_cmp_d(&k, 1) == 0) {
+            int len;
+            char *buf;
+
+            len = mp_radix_size(&p, 10);
+            buf = malloc(len);
+            mp_toradix(&p, buf, 10);
+
+            printf("%s\n", buf);
+
+            free(buf);
+            break;
+        }
+
+        mp_mulmod(&k, &a, &m, &k);
+        mp_add_d(&p, 1, &p);
+    }
+
+    if (mp_cmp(&p, &m) >= 0)
+        printf("No annihilating power.\n");
+
+    mp_clear(&p);
+    mp_clear(&m);
+    mp_clear(&a);
+    return 0;
+}
+
+void
+sig_catch(int ign)
+{
+    g_quit = 1;
+}
diff --git a/nss/lib/freebl/mpi/utils/makeprime.c b/nss/lib/freebl/mpi/utils/makeprime.c
new file mode 100644
index 0000000..401b753
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/makeprime.c
@@ -0,0 +1,116 @@
+/*
+ * makeprime.c
+ *
+ * A simple prime generator function (and test driver).  Prints out the
+ * first prime it finds greater than or equal to the starting value.
+ *
+ * Usage: makeprime <start>
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+
+/* These two must be included for make_prime() to work */
+
+#include "mpi.h"
+#include "mpprime.h"
+
+/*
+  make_prime(p, nr)
+
+  Find the smallest prime integer greater than or equal to p, where
+  primality is verified by 'nr' iterations of the Rabin-Miller
+  probabilistic primality test.  The caller is responsible for
+  generating the initial value of p.
+
+  Returns MP_OKAY if a prime has been generated, otherwise the error
+  code indicates some other problem.  The value of p is clobbered; the
+  caller should keep a copy if the value is needed.
+ */
+mp_err make_prime(mp_int *p, int nr);
+
+/* The main() is not required -- it's just a test driver */
+int
+main(int argc, char *argv[])
+{
+    mp_int start;
+    mp_err res;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <start-value>\n", argv[0]);
+        return 1;
+    }
+
+    mp_init(&start);
+    if (argv[1][0] == '0' && tolower(argv[1][1]) == 'x') {
+        mp_read_radix(&start, argv[1] + 2, 16);
+    } else {
+        mp_read_radix(&start, argv[1], 10);
+    }
+    mp_abs(&start, &start);
+
+    if ((res = make_prime(&start, 5)) != MP_OKAY) {
+        fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+        mp_clear(&start);
+
+        return 1;
+
+    } else {
+        char *buf = malloc(mp_radix_size(&start, 10));
+
+        mp_todecimal(&start, buf);
+        printf("%s\n", buf);
+        free(buf);
+
+        mp_clear(&start);
+
+        return 0;
+    }
+
+} /* end main() */
+
+/*------------------------------------------------------------------------*/
+
+mp_err
+make_prime(mp_int *p, int nr)
+{
+    mp_err res;
+
+    if (mp_iseven(p)) {
+        mp_add_d(p, 1, p);
+    }
+
+    do {
+        mp_digit which = prime_tab_size;
+
+        /*  First test for divisibility by a few small primes */
+        if ((res = mpp_divis_primes(p, &which)) == MP_YES)
+            continue;
+        else if (res != MP_NO)
+            goto CLEANUP;
+
+        /* If that passes, try one iteration of Fermat's test */
+        if ((res = mpp_fermat(p, 2)) == MP_NO)
+            continue;
+        else if (res != MP_YES)
+            goto CLEANUP;
+
+        /* If that passes, run Rabin-Miller as often as requested */
+        if ((res = mpp_pprime(p, nr)) == MP_YES)
+            break;
+        else if (res != MP_NO)
+            goto CLEANUP;
+
+    } while ((res = mp_add_d(p, 2, p)) == MP_OKAY);
+
+CLEANUP:
+    return res;
+
+} /* end make_prime() */
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/utils/metime.c b/nss/lib/freebl/mpi/utils/metime.c
new file mode 100644
index 0000000..122875e
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/metime.c
@@ -0,0 +1,102 @@
+/*
+ *  metime.c
+ *
+ * Modular exponentiation timing test
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mpprime.h"
+
+double clk_to_sec(clock_t start, clock_t stop);
+
+int
+main(int argc, char *argv[])
+{
+    int ix, num, prec = 8;
+    unsigned int seed;
+    clock_t start, stop;
+    double sec;
+
+    mp_int a, m, c;
+
+    if (PR_GetEnvSecure("SEED") != NULL)
+        seed = abs(atoi(PR_GetEnvSecure("SEED")));
+    else
+        seed = (unsigned int)time(NULL);
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <num-tests> [<nbits>]\n", argv[0]);
+        return 1;
+    }
+
+    if ((num = atoi(argv[1])) < 0)
+        num = -num;
+
+    if (!num) {
+        fprintf(stderr, "%s: must perform at least 1 test\n", argv[0]);
+        return 1;
+    }
+
+    if (argc > 2) {
+        if ((prec = atoi(argv[2])) <= 0)
+            prec = 8;
+        else
+            prec = (prec + (DIGIT_BIT - 1)) / DIGIT_BIT;
+    }
+
+    printf("Modular exponentiation timing test\n"
+           "Precision:  %d digits (%d bits)\n"
+           "# of tests: %d\n\n",
+           prec, prec * DIGIT_BIT, num);
+
+    mp_init_size(&a, prec);
+    mp_init_size(&m, prec);
+    mp_init_size(&c, prec);
+
+    srand(seed);
+
+    start = clock();
+    for (ix = 0; ix < num; ix++) {
+
+        mpp_random_size(&a, prec);
+        mpp_random_size(&c, prec);
+        mpp_random_size(&m, prec);
+        /* set msb and lsb of m */
+        DIGIT(&m, 0) |= 1;
+        DIGIT(&m, USED(&m) - 1) |= (mp_digit)1 << (DIGIT_BIT - 1);
+        if (mp_cmp(&a, &m) > 0)
+            mp_sub(&a, &m, &a);
+
+        mp_exptmod(&a, &c, &m, &c);
+    }
+    stop = clock();
+
+    sec = clk_to_sec(start, stop);
+
+    printf("Total:      %.3f seconds\n", sec);
+    printf("Individual: %.3f seconds\n", sec / num);
+
+    mp_clear(&c);
+    mp_clear(&a);
+    mp_clear(&m);
+
+    return 0;
+}
+
+double
+clk_to_sec(clock_t start, clock_t stop)
+{
+    return (double)(stop - start) / CLOCKS_PER_SEC;
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/utils/pi.c b/nss/lib/freebl/mpi/utils/pi.c
new file mode 100644
index 0000000..7e31097
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/pi.c
@@ -0,0 +1,171 @@
+/*
+ * pi.c
+ *
+ * Compute pi to an arbitrary number of digits.  Uses Machin's formula,
+ * like everyone else on the planet:
+ *
+ *    pi = 16 * arctan(1/5) - 4 * arctan(1/239)
+ *
+ * This is pretty effective for up to a few thousand digits, but it
+ * gets pretty slow after that.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+
+mp_err arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum);
+
+int
+main(int argc, char *argv[])
+{
+    mp_err res;
+    mp_digit ndigits;
+    mp_int sum1, sum2;
+    clock_t start, stop;
+    int out = 0;
+
+    /* Make the user specify precision on the command line */
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <num-digits>\n", argv[0]);
+        return 1;
+    }
+
+    if ((ndigits = abs(atoi(argv[1]))) == 0) {
+        fprintf(stderr, "%s: you must request at least 1 digit\n", argv[0]);
+        return 1;
+    }
+
+    start = clock();
+    mp_init(&sum1);
+    mp_init(&sum2);
+
+    /* sum1 = 16 * arctan(1/5)  */
+    if ((res = arctan(16, 5, ndigits, &sum1)) != MP_OKAY) {
+        fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
+        out = 1;
+        goto CLEANUP;
+    }
+
+    /* sum2 = 4 * arctan(1/239) */
+    if ((res = arctan(4, 239, ndigits, &sum2)) != MP_OKAY) {
+        fprintf(stderr, "%s: arctan: %s\n", argv[0], mp_strerror(res));
+        out = 1;
+        goto CLEANUP;
+    }
+
+    /* pi = sum1 - sum2         */
+    if ((res = mp_sub(&sum1, &sum2, &sum1)) != MP_OKAY) {
+        fprintf(stderr, "%s: mp_sub: %s\n", argv[0], mp_strerror(res));
+        out = 1;
+        goto CLEANUP;
+    }
+    stop = clock();
+
+    /* Write the output in decimal */
+    {
+        char *buf = malloc(mp_radix_size(&sum1, 10));
+
+        if (buf == NULL) {
+            fprintf(stderr, "%s: out of memory\n", argv[0]);
+            out = 1;
+            goto CLEANUP;
+        }
+        mp_todecimal(&sum1, buf);
+        printf("%s\n", buf);
+        free(buf);
+    }
+
+    fprintf(stderr, "Computation took %.2f sec.\n",
+            (double)(stop - start) / CLOCKS_PER_SEC);
+
+CLEANUP:
+    mp_clear(&sum1);
+    mp_clear(&sum2);
+
+    return out;
+}
+
+/* Compute sum := mul * arctan(1/x), to 'prec' digits of precision */
+mp_err
+arctan(mp_digit mul, mp_digit x, mp_digit prec, mp_int *sum)
+{
+    mp_int t, v;
+    mp_digit q = 1, rd;
+    mp_err res;
+    int sign = 1;
+
+    prec += 3; /* push inaccuracies off the end */
+
+    mp_init(&t);
+    mp_set(&t, 10);
+    mp_init(&v);
+    if ((res = mp_expt_d(&t, prec, &t)) != MP_OKAY || /* get 10^prec    */
+        (res = mp_mul_d(&t, mul, &t)) != MP_OKAY ||   /* ... times mul  */
+        (res = mp_mul_d(&t, x, &t)) != MP_OKAY)       /* ... times x    */
+        goto CLEANUP;
+
+    /*
+    The extra multiplication by x in the above takes care of what
+    would otherwise have to be a special case for 1 / x^1 during the
+    first loop iteration.  A little sneaky, but effective.
+
+    We compute arctan(1/x) by the formula:
+
+         1     1       1       1
+     - - ----- + ----- - ----- + ...
+     x   3 x^3   5 x^5   7 x^7
+
+    We multiply through by 'mul' beforehand, which gives us a couple
+    more iterations and more precision
+   */
+
+    x *= x; /* works as long as x < sqrt(RADIX), which it is here */
+
+    mp_zero(sum);
+
+    do {
+        if ((res = mp_div_d(&t, x, &t, &rd)) != MP_OKAY)
+            goto CLEANUP;
+
+        if (sign < 0 && rd != 0)
+            mp_add_d(&t, 1, &t);
+
+        if ((res = mp_div_d(&t, q, &v, &rd)) != MP_OKAY)
+            goto CLEANUP;
+
+        if (sign < 0 && rd != 0)
+            mp_add_d(&v, 1, &v);
+
+        if (sign > 0)
+            res = mp_add(sum, &v, sum);
+        else
+            res = mp_sub(sum, &v, sum);
+
+        if (res != MP_OKAY)
+            goto CLEANUP;
+
+        sign *= -1;
+        q += 2;
+
+    } while (mp_cmp_z(&t) != 0);
+
+    /* Chop off inaccurate low-order digits */
+    mp_div_d(sum, 1000, sum, NULL);
+
+CLEANUP:
+    mp_clear(&v);
+    mp_clear(&t);
+
+    return res;
+}
+
+/*------------------------------------------------------------------------*/
+/* HERE THERE BE DRAGONS                                                  */
diff --git a/nss/lib/freebl/mpi/utils/primegen.c b/nss/lib/freebl/mpi/utils/primegen.c
new file mode 100644
index 0000000..f62a56a
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/primegen.c
@@ -0,0 +1,159 @@
+/*
+ *  primegen.c
+ *
+ * Generates random integers which are prime with a high degree of
+ * probability using the Miller-Rabin probabilistic primality testing
+ * algorithm.
+ *
+ * Usage:
+ *    primegen <bits> [<num>]
+ *
+ *    <bits>   - number of significant bits each prime should have
+ *    <num>    - number of primes to generate
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <time.h>
+
+#include "mpi.h"
+#include "mplogic.h"
+#include "mpprime.h"
+
+#define NUM_TESTS 5 /* Number of Rabin-Miller iterations to test with */
+
+#ifdef DEBUG
+#define FPUTC(x, y) fputc(x, y)
+#else
+#define FPUTC(x, y)
+#endif
+
+int
+main(int argc, char *argv[])
+{
+    unsigned char *raw;
+    char *out;
+    unsigned long nTries;
+    int rawlen, bits, outlen, ngen, ix, jx;
+    int g_strong = 0;
+    mp_int testval;
+    mp_err res;
+    clock_t start, end;
+
+    /* We'll just use the C library's rand() for now, although this
+     won't be good enough for cryptographic purposes */
+    if ((out = PR_GetEnvSecure("SEED")) == NULL) {
+        srand((unsigned int)time(NULL));
+    } else {
+        srand((unsigned int)atoi(out));
+    }
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <bits> [<count> [strong]]\n", argv[0]);
+        return 1;
+    }
+
+    if ((bits = abs(atoi(argv[1]))) < CHAR_BIT) {
+        fprintf(stderr, "%s: please request at least %d bits.\n",
+                argv[0], CHAR_BIT);
+        return 1;
+    }
+
+    /* If optional third argument is given, use that as the number of
+     primes to generate; otherwise generate one prime only.
+   */
+    if (argc < 3) {
+        ngen = 1;
+    } else {
+        ngen = abs(atoi(argv[2]));
+    }
+
+    /* If fourth argument is given, and is the word "strong", we'll 
+     generate strong (Sophie Germain) primes. 
+   */
+    if (argc > 3 && strcmp(argv[3], "strong") == 0)
+        g_strong = 1;
+
+    /* testval - candidate being tested; nTries - number tried so far */
+    if ((res = mp_init(&testval)) != MP_OKAY) {
+        fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+        return 1;
+    }
+
+    if (g_strong) {
+        printf("Requested %d strong prime value(s) of %d bits.\n",
+               ngen, bits);
+    } else {
+        printf("Requested %d prime value(s) of %d bits.\n", ngen, bits);
+    }
+
+    rawlen = (bits / CHAR_BIT) + ((bits % CHAR_BIT) ? 1 : 0) + 1;
+
+    if ((raw = calloc(rawlen, sizeof(unsigned char))) == NULL) {
+        fprintf(stderr, "%s: out of memory, sorry.\n", argv[0]);
+        return 1;
+    }
+
+    /* This loop is one for each prime we need to generate */
+    for (jx = 0; jx < ngen; jx++) {
+
+        raw[0] = 0; /* sign is positive */
+
+        /*	Pack the initializer with random bytes	*/
+        for (ix = 1; ix < rawlen; ix++)
+            raw[ix] = (rand() * rand()) & UCHAR_MAX;
+
+        raw[1] |= 0x80;       /* set high-order bit of test value     */
+        raw[rawlen - 1] |= 1; /* set low-order bit of test value      */
+
+        /* Make an mp_int out of the initializer */
+        mp_read_raw(&testval, (char *)raw, rawlen);
+
+        /* Initialize candidate counter */
+        nTries = 0;
+
+        start = clock(); /* time generation for this prime */
+        do {
+            res = mpp_make_prime(&testval, bits, g_strong, &nTries);
+            if (res != MP_NO)
+                break;
+            /* This code works whether digits are 16 or 32 bits */
+            res = mp_add_d(&testval, 32 * 1024, &testval);
+            res = mp_add_d(&testval, 32 * 1024, &testval);
+            FPUTC(',', stderr);
+        } while (1);
+        end = clock();
+
+        if (res != MP_YES) {
+            break;
+        }
+        FPUTC('\n', stderr);
+        puts("The following value is probably prime:");
+        outlen = mp_radix_size(&testval, 10);
+        out = calloc(outlen, sizeof(unsigned char));
+        mp_toradix(&testval, (char *)out, 10);
+        printf("10: %s\n", out);
+        mp_toradix(&testval, (char *)out, 16);
+        printf("16: %s\n\n", out);
+        free(out);
+
+        printf("Number of candidates tried: %lu\n", nTries);
+        printf("This computation took %ld clock ticks (%.2f seconds)\n",
+               (end - start), ((double)(end - start) / CLOCKS_PER_SEC));
+
+        FPUTC('\n', stderr);
+    } /* end of loop to generate all requested primes */
+
+    if (res != MP_OKAY)
+        fprintf(stderr, "%s: error: %s\n", argv[0], mp_strerror(res));
+
+    free(raw);
+    mp_clear(&testval);
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/utils/prng.c b/nss/lib/freebl/mpi/utils/prng.c
new file mode 100644
index 0000000..38748d1
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/prng.c
@@ -0,0 +1,57 @@
+/*
+ *  prng.c
+ *
+ *  Command-line pseudo-random number generator
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <time.h>
+
+#ifdef __OS2__
+#include <types.h>
+#include <process.h>
+#else
+#include <unistd.h>
+#endif
+
+#include "bbs_rand.h"
+
+int
+main(int argc, char *argv[])
+{
+    unsigned char *seed;
+    unsigned int ix, num = 1;
+    pid_t pid;
+
+    if (argc > 1) {
+        num = atoi(argv[1]);
+        if (num <= 0)
+            num = 1;
+    }
+
+    pid = getpid();
+    srand(time(NULL) * (unsigned int)pid);
+
+    /* Not a perfect seed, but not bad */
+    seed = malloc(bbs_seed_size);
+    for (ix = 0; ix < bbs_seed_size; ix++) {
+        seed[ix] = rand() % UCHAR_MAX;
+    }
+
+    bbs_srand(seed, bbs_seed_size);
+    memset(seed, 0, bbs_seed_size);
+    free(seed);
+
+    while (num-- > 0) {
+        ix = bbs_rand();
+
+        printf("%u\n", ix);
+    }
+
+    return 0;
+}
diff --git a/nss/lib/freebl/mpi/utils/ptab.pl b/nss/lib/freebl/mpi/utils/ptab.pl
new file mode 100755
index 0000000..ef2e565
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/ptab.pl
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+while(<>) {
+    chomp;
+    push(@primes, $_);
+}
+
+printf("mp_size   prime_tab_size = %d;\n", ($#primes + 1));
+print "mp_digit  prime_tab[] = {\n";
+
+print "\t";
+$last = pop(@primes);
+foreach $prime (sort {$a<=>$b} @primes) {
+    printf("0x%04X, ", $prime);
+    $brk = ($brk + 1) % 8;
+    print "\n\t" if(!$brk);
+}
+printf("0x%04X", $last);
+print "\n" if($brk);
+print "};\n\n";
+
+exit 0;
diff --git a/nss/lib/freebl/mpi/utils/sieve.c b/nss/lib/freebl/mpi/utils/sieve.c
new file mode 100644
index 0000000..57768af
--- /dev/null
+++ b/nss/lib/freebl/mpi/utils/sieve.c
@@ -0,0 +1,243 @@
+/*
+ * sieve.c
+ *
+ * Finds prime numbers using the Sieve of Eratosthenes
+ *
+ * This implementation uses a bitmap to represent all odd integers in a
+ * given range.  We iterate over this bitmap, crossing off the
+ * multiples of each prime we find.  At the end, all the remaining set
+ * bits correspond to prime integers.
+ *
+ * Here, we make two passes -- once we have generated a sieve-ful of
+ * primes, we copy them out, reset the sieve using the highest
+ * generated prime from the first pass as a base.  Then we cross out
+ * all the multiples of all the primes we found the first time through,
+ * and re-sieve.  In this way, we get double use of the memory we
+ * allocated for the sieve the first time though.  Since we also
+ * implicitly ignore multiples of 2, this amounts to 4 times the
+ * values.
+ *
+ * This could (and probably will) be generalized to re-use the sieve a
+ * few more times.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+
+typedef unsigned char byte;
+
+typedef struct {
+    int size;
+    byte *bits;
+    long base;
+    int next;
+    int nbits;
+} sieve;
+
+void sieve_init(sieve *sp, long base, int nbits);
+void sieve_grow(sieve *sp, int nbits);
+long sieve_next(sieve *sp);
+void sieve_reset(sieve *sp, long base);
+void sieve_cross(sieve *sp, long val);
+void sieve_clear(sieve *sp);
+
+#define S_ISSET(S, B) (((S)->bits[(B) / CHAR_BIT] >> ((B) % CHAR_BIT)) & 1)
+#define S_SET(S, B) ((S)->bits[(B) / CHAR_BIT] |= (1 << ((B) % CHAR_BIT)))
+#define S_CLR(S, B) ((S)->bits[(B) / CHAR_BIT] &= ~(1 << ((B) % CHAR_BIT)))
+#define S_VAL(S, B) ((S)->base + (2 * (B)))
+#define S_BIT(S, V) (((V) - ((S)->base)) / 2)
+
+int
+main(int argc, char *argv[])
+{
+    sieve s;
+    long pr, *p;
+    int c, ix, cur = 0;
+
+    if (argc < 2) {
+        fprintf(stderr, "Usage: %s <width>\n", argv[0]);
+        return 1;
+    }
+
+    c = atoi(argv[1]);
+    if (c < 0)
+        c = -c;
+
+    fprintf(stderr, "%s: sieving to %d positions\n", argv[0], c);
+
+    sieve_init(&s, 3, c);
+
+    c = 0;
+    while ((pr = sieve_next(&s)) > 0) {
+        ++c;
+    }
+
+    p = calloc(c, sizeof(long));
+    if (!p) {
+        fprintf(stderr, "%s: out of memory after first half\n", argv[0]);
+        sieve_clear(&s);
+        exit(1);
+    }
+
+    fprintf(stderr, "%s: half done ... \n", argv[0]);
+
+    for (ix = 0; ix < s.nbits; ix++) {
+        if (S_ISSET(&s, ix)) {
+            p[cur] = S_VAL(&s, ix);
+            printf("%ld\n", p[cur]);
+            ++cur;
+        }
+    }
+
+    sieve_reset(&s, p[cur - 1]);
+    fprintf(stderr, "%s: crossing off %d found primes ... \n", argv[0], cur);
+    for (ix = 0; ix < cur; ix++) {
+        sieve_cross(&s, p[ix]);
+        if (!(ix % 1000))
+            fputc('.', stderr);
+    }
+    fputc('\n', stderr);
+
+    free(p);
+
+    fprintf(stderr, "%s: sieving again from %ld ... \n", argv[0], p[cur - 1]);
+    c = 0;
+    while ((pr = sieve_next(&s)) > 0) {
+        ++c;
+    }
+
+    fprintf(stderr, "%s: done!\n", argv[0]);
+    for (ix = 0; ix < s.nbits; ix++) {
+        if (S_ISSET(&s, ix)) {
+            printf("%ld\n", S_VAL(&s, ix));
+        }
+    }
+
+    sieve_clear(&s);
+
+    return 0;
+}
+
+void
+sieve_init(sieve *sp, long base, int nbits)
+{
+    sp->size = (nbits / CHAR_BIT);
+
+    if (nbits % CHAR_BIT)
+        ++sp->size;
+
+    sp->bits = calloc(sp->size, sizeof(byte));
+    memset(sp->bits, UCHAR_MAX, sp->size);
+    if (!(base & 1))
+        ++base;
+    sp->base = base;
+
+    sp->next = 0;
+    sp->nbits = sp->size * CHAR_BIT;
+}
+
+void
+sieve_grow(sieve *sp, int nbits)
+{
+    int ns = (nbits / CHAR_BIT);
+
+    if (nbits % CHAR_BIT)
+        ++ns;
+
+    if (ns > sp->size) {
+        byte *tmp;
+        int ix;
+
+        tmp = calloc(ns, sizeof(byte));
+        if (tmp == NULL) {
+            fprintf(stderr, "Error: out of memory in sieve_grow\n");
+            return;
+        }
+
+        memcpy(tmp, sp->bits, sp->size);
+        for (ix = sp->size; ix < ns; ix++) {
+            tmp[ix] = UCHAR_MAX;
+        }
+
+        free(sp->bits);
+        sp->bits = tmp;
+        sp->size = ns;
+
+        sp->nbits = sp->size * CHAR_BIT;
+    }
+}
+
+long
+sieve_next(sieve *sp)
+{
+    long out;
+    int ix = 0;
+    long val;
+
+    if (sp->next > sp->nbits)
+        return -1;
+
+    out = S_VAL(sp, sp->next);
+#ifdef DEBUG
+    fprintf(stderr, "Sieving %ld\n", out);
+#endif
+
+    /* Sieve out all multiples of the current prime */
+    val = out;
+    while (ix < sp->nbits) {
+        val += out;
+        ix = S_BIT(sp, val);
+        if ((val & 1) && ix < sp->nbits) { /* && S_ISSET(sp, ix)) { */
+            S_CLR(sp, ix);
+#ifdef DEBUG
+            fprintf(stderr, "Crossing out %ld (bit %d)\n", val, ix);
+#endif
+        }
+    }
+
+    /* Scan ahead to the next prime */
+    ++sp->next;
+    while (sp->next < sp->nbits && !S_ISSET(sp, sp->next))
+        ++sp->next;
+
+    return out;
+}
+
+void
+sieve_cross(sieve *sp, long val)
+{
+    int ix = 0;
+    long cur = val;
+
+    while (cur < sp->base)
+        cur += val;
+
+    ix = S_BIT(sp, cur);
+    while (ix < sp->nbits) {
+        if (cur & 1)
+            S_CLR(sp, ix);
+        cur += val;
+        ix = S_BIT(sp, cur);
+    }
+}
+
+void
+sieve_reset(sieve *sp, long base)
+{
+    memset(sp->bits, UCHAR_MAX, sp->size);
+    sp->base = base;
+    sp->next = 0;
+}
+
+void
+sieve_clear(sieve *sp)
+{
+    if (sp->bits)
+        free(sp->bits);
+
+    sp->bits = NULL;
+}
diff --git a/nss/lib/freebl/mpi/vis_32.il b/nss/lib/freebl/mpi/vis_32.il
new file mode 100644
index 0000000..d2e8024
--- /dev/null
+++ b/nss/lib/freebl/mpi/vis_32.il
@@ -0,0 +1,1291 @@
+! 
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+! The interface to the VIS instructions as declared below (and in the VIS
+! User's Manual) will not change, but the macro implementation might change
+! in the future.
+
+!--------------------------------------------------------------------
+! Pure edge handling instructions
+!
+! int vis_edge8(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8,8
+	edge8	%o0,%o1,%o0
+	.end
+!
+! int vis_edge8l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8l,8
+	edge8l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16,8
+	edge16	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16l,8
+	edge16l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32,8
+	edge32	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32l,8
+	edge32l	%o0,%o1,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Edge handling instructions with negative return values if cc set
+!
+! int vis_edge8cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8cc,8
+	edge8	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge8lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8lcc,8
+	edge8l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16cc,8
+	edge16	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16lcc,8
+	edge16l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32cc,8
+	edge32	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32lcc,8
+	edge32l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %icc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Alignment instructions
+!
+! void *vis_alignaddr(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddr,8
+	alignaddr	%o0,%o1,%o0
+	.end
+!
+! void *vis_alignaddrl(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddrl,8
+	alignaddrl	%o0,%o1,%o0
+	.end
+!
+! double vis_faligndata(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_faligndata,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	faligndata	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned comparison instructions
+!
+! int vis_fcmple16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmple16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpne16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpne16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmple32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmple32	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpne32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpne32	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpgt16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpgt16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpeq16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpeq16	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpgt32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpgt32	%f4,%f10,%o0
+	.end
+!
+! int vis_fcmpeq32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fcmpeq32	%f4,%f10,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned arithmetic
+!
+! double vis_fmul8x16(float /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16,12
+	st	%o0,[%sp+0x44]
+	ld	[%sp+0x44],%f4
+	st	%o1,[%sp+0x48]
+	st	%o2,[%sp+0x4c]
+	ldd	[%sp+0x48],%f10
+	fmul8x16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16_dummy,16
+	st	%o0,[%sp+0x44]
+	ld	[%sp+0x44],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fmul8x16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8x16au(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16au,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmul8x16au	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8x16al(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16al,8
+	st	%o0,[%sp+0x44]
+	ld	[%sp+0x44],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmul8x16al	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8sux16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8sux16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fmul8sux16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8ulx16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fmul8ulx16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8sux16,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmuld8sux16	%f4,%f10,%f0
+	.end
+!
+! double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8ulx16,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fmuld8ulx16	%f4,%f10,%f0
+	.end
+!
+! double vis_fpadd16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd16,16
+	std	%o0,[%sp+0x40]
+	ldd	[%sp+0x40],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpadd16	%f4,%f10,%f0
+	.end
+!
+! float vis_fpadd16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd16s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpadd16s	%f4,%f10,%f0
+	.end
+!
+! double vis_fpadd32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpadd32	%f4,%f10,%f0
+	.end
+!
+! float vis_fpadd32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd32s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpadd32s	%f4,%f10,%f0
+	.end
+!
+! double vis_fpsub16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub16,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpsub16	%f4,%f10,%f0
+	.end
+!
+! float vis_fpsub16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub16s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpsub16s	%f4,%f10,%f0
+	.end
+!
+! double vis_fpsub32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpsub32	%f4,%f10,%f0
+	.end
+!
+! float vis_fpsub32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub32s,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpsub32s	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel packing
+!
+! float vis_fpack16(double /*frs2*/);
+!
+	.inline vis_fpack16,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpack16	%f4,%f0
+	.end
+
+!
+! double vis_fpack16_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpack16_pair,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpack16	%f4,%f0
+	fpack16	%f10,%f1
+	.end
+!
+! void vis_st2_fpack16(double, double, double *)
+!
+	.inline vis_st2_fpack16,20
+ 	std	%o0,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f4
+ 	std	%o2,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f10
+ 	fpack16	%f4,%f0
+ 	fpack16	%f10,%f1
+ 	st	%f0,[%o4+0]
+ 	st	%f1,[%o4+4]
+ 	.end
+!
+! void vis_std_fpack16(double, double, double *)
+!
+	.inline vis_std_fpack16,20
+	std     %o0,[%sp+0x48]
+	ldd     [%sp+0x48],%f4
+	std     %o2,[%sp+0x48]
+	ldd     [%sp+0x48],%f10
+	fpack16 %f4,%f0
+	fpack16 %f10,%f1
+	std     %f0,[%o4]
+	.end
+!
+! void vis_st2_fpackfix(double, double, double *)
+!
+	.inline vis_st2_fpackfix,20
+ 	std	%o0,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f4
+ 	std	%o2,[%sp+0x48]
+ 	ldd	[%sp+0x48],%f10
+ 	fpackfix %f4,%f0
+ 	fpackfix %f10,%f1
+ 	st	%f0,[%o4+0]
+ 	st	%f1,[%o4+4]
+ 	.end
+!
+! double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_hi,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpack16	%f4,%f0
+	.end
+
+! double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_lo,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpack16	%f4,%f3
+	fmovs	%f3,%f1		/* without this, optimizer goes wrong */
+	.end
+
+!
+! double vis_fpack32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack32,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fpack32	%f4,%f10,%f0
+	.end
+!
+! float vis_fpackfix(double /*frs2*/);
+!
+	.inline vis_fpackfix,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fpackfix	%f4,%f0
+	.end
+!
+! double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpackfix_pair,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f6
+	fpackfix	%f4,%f0
+	fpackfix	%f6,%f1
+	.end
+
+!--------------------------------------------------------------------
+! Motion estimation
+!
+! double vis_pdist(double /*frs1*/, double /*frs2*/, double /*frd*/);
+!
+	.inline vis_pdist,24
+	std	%o4,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	pdist	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Channel merging
+!
+! double vis_fpmerge(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpmerge,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fpmerge	%f4,%f10,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel expansion
+!
+! double vis_fexpand(float /*frs2*/);
+!
+	.inline vis_fexpand,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	fexpand	%f4,%f0
+	.end
+
+! double vis_fexpand_hi(double /*frs2*/);
+!
+	.inline vis_fexpand_hi,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fexpand	%f4,%f0
+	.end
+
+! double vis_fexpand_lo(double /*frs2*/);
+!
+	.inline vis_fexpand_lo,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fmovs	%f5, %f2
+	fexpand	%f2,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Bitwise logical operations
+!
+! double vis_fnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnor,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fnor	%f4,%f10,%f0
+	.end
+!
+! float vis_fnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fnors	%f4,%f10,%f0
+	.end
+!
+! double vis_fandnot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fandnot,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fandnot1	%f4,%f10,%f0
+	.end
+!
+! float vis_fandnots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fandnots,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fandnot1s	%f4,%f10,%f0
+	.end
+!
+! double vis_fnot(double /*frs1*/);
+!
+	.inline vis_fnot,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fnot1	%f4,%f0
+	.end
+!
+! float vis_fnots(float /*frs1*/);
+!
+	.inline vis_fnots,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	fnot1s	%f4,%f0
+	.end
+!
+! double vis_fxor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxor,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fxor	%f4,%f10,%f0
+	.end
+!
+! float vis_fxors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fxors	%f4,%f10,%f0
+	.end
+!
+! double vis_fnand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnand,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fnand	%f4,%f10,%f0
+	.end
+!
+! float vis_fnands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnands,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fnands	%f4,%f10,%f0
+	.end
+!
+! double vis_fand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fand,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fand	%f4,%f10,%f0
+	.end
+!
+! float vis_fands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fands,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fands	%f4,%f10,%f0
+	.end
+!
+! double vis_fxnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxnor,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fxnor	%f4,%f10,%f0
+	.end
+!
+! float vis_fxnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxnors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fxnors	%f4,%f10,%f0
+	.end
+!
+! double vis_fsrc(double /*frs1*/);
+!
+	.inline vis_fsrc,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	fsrc1	%f4,%f0
+	.end
+!
+! float vis_fsrcs(float /*frs1*/);
+!
+	.inline vis_fsrcs,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	fsrc1s	%f4,%f0
+	.end
+!
+! double vis_fornot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fornot,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	fornot1	%f4,%f10,%f0
+	.end
+!
+! float vis_fornots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fornots,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fornot1s	%f4,%f10,%f0
+	.end
+!
+! double vis_for(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_for,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	std	%o2,[%sp+0x48]
+	ldd	[%sp+0x48],%f10
+	for	%f4,%f10,%f0
+	.end
+!
+! float vis_fors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fors,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	st	%o1,[%sp+0x48]
+	ld	[%sp+0x48],%f10
+	fors	%f4,%f10,%f0
+	.end
+!
+! double vis_fzero(/* void */)
+!
+	.inline	vis_fzero,0
+	fzero	%f0
+	.end
+!
+! float vis_fzeros(/* void */)
+!
+	.inline	vis_fzeros,0
+	fzeros	%f0
+	.end
+!
+! double vis_fone(/* void */)
+!
+	.inline	vis_fone,0
+	fone	%f0
+	.end
+!
+! float vis_fones(/* void */)
+!
+	.inline	vis_fones,0
+	fones	%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partial store instructions
+!
+! vis_stdfa_ASI_PST8P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8P,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8PL(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8PL,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc8	! ASI_PST8_PL
+	.end
+!
+! vis_stdfa_ASI_PST8P_int_pair(void *rs1, void *rs2, void *rs3, int rmask);
+!
+	.inline vis_stdfa_ASI_PST8P_int_pair,16
+        ld	[%o0],%f4
+        ld	[%o1],%f5
+	stda	%f4,[%o2]%o3,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8S,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc1	! ASI_PST8_S
+	.end
+!
+! vis_stdfa_ASI_PST16P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16P,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc2	! ASI_PST16_P
+	.end
+!
+! vis_stdfa_ASI_PST16S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16S,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc3	! ASI_PST16_S
+	.end
+!
+! vis_stdfa_ASI_PST32P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32P,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc4	! ASI_PST32_P
+	.end
+!
+! vis_stdfa_ASI_PST32S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32S,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]%o3,0xc5	! ASI_PST32_S
+	.end
+
+!--------------------------------------------------------------------
+! Short store instructions
+!
+! vis_stdfa_ASI_FL8P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8P,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd0	! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL8P_index,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2+%o3]0xd0 ! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8S,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd1	! ASI_FL8_S
+	.end
+!
+! vis_stdfa_ASI_FL16P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16P,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd2	! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL16P_index,16
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2+%o3]0xd2 ! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16S,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd3	! ASI_FL16_S
+	.end
+!
+! vis_stdfa_ASI_FL8PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8PL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd8	! ASI_FL8_PL
+	.end
+!
+! vis_stdfa_ASI_FL8SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8SL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xd9	! ASI_FL8_SL
+	.end
+!
+! vis_stdfa_ASI_FL16PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16PL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xda	! ASI_FL16_PL
+	.end
+!
+! vis_stdfa_ASI_FL16SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16SL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0xdb	! ASI_FL16_SL
+	.end
+
+!--------------------------------------------------------------------
+! Short load instructions
+!
+! double vis_lddfa_ASI_FL8P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8P,4
+	ldda	[%o0]0xd0,%f4	! ASI_FL8_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_FL8P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8P_index,8
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_hi(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_hi,8
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_lo(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_lo,8
+	sll     %o1,16,%o1
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8S,4
+	ldda	[%o0]0xd1,%f4	! ASI_FL8_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16P,4
+	ldda	[%o0]0xd2,%f4	! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16P_index,8
+	ldda	[%o0+%o1]0xd2,%f4 ! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16S,4
+	ldda	[%o0]0xd3,%f4	! ASI_FL16_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8PL,4
+	ldda	[%o0]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8PL_index,8
+	ldda	[%o0+%o1]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8SL,4
+	ldda	[%o0]0xd9,%f4	! ASI_FL8_SL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16PL,4
+	ldda	[%o0]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16PL_index,8
+	ldda	[%o0+%o1]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16SL,4
+	ldda	[%o0]0xdb,%f4	! ASI_FL16_SL
+	fmovd	%f4,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Graphics status register
+!
+! unsigned int vis_read_gsr(void)
+!
+	.inline vis_read_gsr,0
+	rd	%gsr,%o0
+	.end
+!
+! void vis_write_gsr(unsigned int /* GSR */)
+!
+	.inline vis_write_gsr,4
+	wr	%g0,%o0,%gsr
+	.end
+
+!--------------------------------------------------------------------
+! Voxel texture mapping
+!
+! unsigned long vis_array8(unsigned long long /*rs1 */, int /*rs2*/)
+!
+	.inline	vis_array8,12
+	sllx	%o0,32,%o0
+	srl	%o1,0,%o1	! clear the most significant 32 bits of %o1
+	or	%o0,%o1,%o3	! join %o0 and %o1 into %o3
+	array8	%o3,%o2,%o0
+	.end
+!
+! unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array16,12
+	sllx	%o0,32,%o0
+	srl	%o1,0,%o1	! clear the most significant 32 bits of %o1
+	or	%o0,%o1,%o3	! join %o0 and %o1 into %o3
+	array16	%o3,%o2,%o0
+	.end
+!
+! unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array32,12
+	sllx	%o0,32,%o0
+	srl	%o1,0,%o1	! clear the most significant 32 bits of %o1
+	or	%o0,%o1,%o3	! join %o0 and %o1 into %o3
+	array32	%o3,%o2,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Register aliasing and type casts
+!
+! float vis_read_hi(double /* frs1 */);
+!
+	.inline vis_read_hi,8
+	std	%o0,[%sp+0x48]	! store double frs1
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1; return %f0;
+	.end
+!
+! float vis_read_lo(double /* frs1 */);
+!
+	.inline vis_read_lo,8
+	std	%o0,[%sp+0x48]	! store double frs1
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1;
+	fmovs	%f1,%f0		! %f0 = low word (frs1); return %f0;
+	.end
+!
+! double vis_write_hi(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_hi,12
+	std	%o0,[%sp+0x48]	! store double frs1;
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1;
+	st	%o2,[%sp+0x44]	! store float frs2;
+	ld	[%sp+0x44],%f2	! %f2 = float frs2;
+	fmovs	%f2,%f0		! %f0 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_write_lo(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_lo,12
+	std	%o0,[%sp+0x48]	! store double frs1;
+	ldd	[%sp+0x48],%f0	! %f0:%f1 = double frs1;
+	st	%o2,[%sp+0x44]	! store float frs2;
+	ld	[%sp+0x44],%f2	! %f2 = float frs2;
+	fmovs	%f2,%f1		! %f1 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_freg_pair(float /* frs1 */, float /* frs2 */);
+!
+	.inline vis_freg_pair,8
+	st	%o0,[%sp+0x48]	! store float frs1
+	ld	[%sp+0x48],%f0
+	st	%o1,[%sp+0x48]	! store float frs2
+	ld	[%sp+0x48],%f1
+	.end
+!
+! float vis_to_float(unsigned int /*value*/);
+!
+	.inline vis_to_float,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f0
+	.end
+!
+! double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/);
+!
+	.inline vis_to_double,8
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f0
+	.end
+!
+! double vis_to_double_dup(unsigned int /*value*/);
+!
+	.inline vis_to_double_dup,4
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f1
+	fmovs	%f1,%f0		! duplicate value
+	.end
+!
+! double vis_ll_to_double(unsigned long long /*value*/);
+!
+	.inline vis_ll_to_double,8
+	std     %o0,[%sp+0x48]
+	ldd     [%sp+0x48],%f0
+	.end
+
+!--------------------------------------------------------------------
+! Address space identifier (ASI) register
+!
+! unsigned int vis_read_asi(void)
+!
+	.inline vis_read_asi,0
+	rd	%asi,%o0
+	.end
+!
+! void vis_write_asi(unsigned int /* ASI */)
+!
+	.inline vis_write_asi,4
+	wr	%g0,%o0,%asi
+	.end
+
+!--------------------------------------------------------------------
+! Load/store from/into alternate space
+!
+! float vis_ldfa_ASI_REG(void *rs1)
+!
+	.inline vis_ldfa_ASI_REG,4
+	lda	[%o0+0]%asi,%f4
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_P(void *rs1)
+!
+	.inline vis_ldfa_ASI_P,4
+	lda	[%o0]0x80,%f4	! ASI_P
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_PL(void *rs1)
+!
+	.inline vis_ldfa_ASI_PL,4
+	lda	[%o0]0x88,%f4	! ASI_PL
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_REG(void *rs1)
+!
+	.inline vis_lddfa_ASI_REG,4
+	ldda	[%o0+0]%asi,%f4
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_P(void *rs1)
+!
+	.inline vis_lddfa_ASI_P,4
+	ldda	[%o0]0x80,%f4	! ASI_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_PL,4
+	ldda	[%o0]0x88,%f4	! ASI_PL
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! vis_stfa_ASI_REG(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_REG,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	sta	%f4,[%o1+0]%asi
+	.end
+!
+! vis_stfa_ASI_P(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_P,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	sta	%f4,[%o1]0x80	! ASI_P
+	.end
+!
+! vis_stfa_ASI_PL(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_PL,8
+	st	%o0,[%sp+0x48]
+	ld	[%sp+0x48],%f4
+	sta	%f4,[%o1]0x88	! ASI_PL
+	.end
+!
+! vis_stdfa_ASI_REG(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_REG,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2+0]%asi
+	.end
+!
+! vis_stdfa_ASI_P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_P,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0x80	! ASI_P
+	.end
+!
+! vis_stdfa_ASI_PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_PL,12
+	std	%o0,[%sp+0x48]
+	ldd	[%sp+0x48],%f4
+	stda	%f4,[%o2]0x88	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_REG(void *rs1)
+!
+	.inline vis_lduha_ASI_REG,4
+	lduha	[%o0+0]%asi,%o0
+	.end
+!
+! unsigned short vis_lduha_ASI_P(void *rs1)
+!
+	.inline vis_lduha_ASI_P,4
+	lduha	[%o0]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL(void *rs1)
+!
+	.inline vis_lduha_ASI_PL,4
+	lduha	[%o0]0x88,%o0	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_P_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_P_index,8
+	lduha	[%o0+%o1]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_PL_index,8
+	lduha	[%o0+%o1]0x88,%o0	! ASI_PL
+	.end
+
+!--------------------------------------------------------------------
+! Prefetch
+!
+! void vis_prefetch_read(void * /*address*/);
+!
+	.inline vis_prefetch_read,4
+	prefetch	[%o0+0],0
+	.end
+!
+! void vis_prefetch_write(void * /*address*/);
+!
+	.inline vis_prefetch_write,4
+	prefetch	[%o0+0],2
+	.end
diff --git a/nss/lib/freebl/mpi/vis_64.il b/nss/lib/freebl/mpi/vis_64.il
new file mode 100644
index 0000000..cbe2b5a
--- /dev/null
+++ b/nss/lib/freebl/mpi/vis_64.il
@@ -0,0 +1,997 @@
+! 
+! This Source Code Form is subject to the terms of the Mozilla Public
+! License, v. 2.0. If a copy of the MPL was not distributed with this
+! file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+! This file is to be used in place of vis.il in 64-bit builds.
+
+!--------------------------------------------------------------------
+! Pure edge handling instructions
+!
+! int vis_edge8(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8,16
+	edge8	%o0,%o1,%o0
+	.end
+!
+! int vis_edge8l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8l,16
+	edge8l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16,16
+	edge16	%o0,%o1,%o0
+	.end
+!
+! int vis_edge16l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16l,16
+	edge16l	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32,16
+	edge32	%o0,%o1,%o0
+	.end
+!
+! int vis_edge32l(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32l,16
+	edge32l	%o0,%o1,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Edge handling instructions with negative return values if cc set
+!
+! int vis_edge8cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8cc,16
+	edge8	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge8lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge8lcc,16
+	edge8l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16cc,16
+	edge16	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge16lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge16lcc,16
+	edge16l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32cc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32cc,16
+	edge32	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+!
+! int vis_edge32lcc(void */*frs1*/, void */*frs2*/);
+!
+	.inline vis_edge32lcc,16
+	edge32l	%o0,%o1,%o0
+	mov     0,%o1
+	movgu   %xcc,-1024,%o1
+	or      %o1,%o0,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Alignment instructions
+!
+! void *vis_alignaddr(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddr,12
+	alignaddr	%o0,%o1,%o0
+	.end
+!
+! void *vis_alignaddrl(void */*rs1*/, int /*rs2*/);
+!
+	.inline vis_alignaddrl,12
+	alignaddrl	%o0,%o1,%o0
+	.end
+!
+! double vis_faligndata(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_faligndata,16
+	faligndata	%f0,%f2,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned comparison instructions
+!
+! int vis_fcmple16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple16,16
+	fcmple16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpne16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne16,16
+	fcmpne16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmple32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmple32,16
+	fcmple32	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpne32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpne32,16
+	fcmpne32	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpgt16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt16,16
+	fcmpgt16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpeq16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq16,16
+	fcmpeq16	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpgt32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpgt32,16
+	fcmpgt32	%f0,%f2,%o0
+	.end
+!
+! int vis_fcmpeq32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fcmpeq32,16
+	fcmpeq32	%f0,%f2,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Partitioned arithmetic
+!
+! double vis_fmul8x16(float /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16,12
+	fmul8x16	%f1,%f2,%f0
+	.end
+!
+! double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/);
+!
+	.inline vis_fmul8x16_dummy,16
+	fmul8x16	%f1,%f4,%f0
+	.end
+!
+! double vis_fmul8x16au(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16au,8
+	fmul8x16au	%f1,%f3,%f0
+	.end
+!
+! double vis_fmul8x16al(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmul8x16al,8
+	fmul8x16al	%f1,%f3,%f0
+	.end
+!
+! double vis_fmul8sux16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8sux16,16
+	fmul8sux16	%f0,%f2,%f0
+	.end
+!
+! double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fmul8ulx16,16
+	fmul8ulx16	%f0,%f2,%f0
+	.end
+!
+! double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8sux16,8
+	fmuld8sux16	%f1,%f3,%f0
+	.end
+!
+! double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fmuld8ulx16,8
+	fmuld8ulx16	%f1,%f3,%f0
+	.end
+!
+! double vis_fpadd16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd16,16
+	fpadd16	%f0,%f2,%f0
+	.end
+!
+! float vis_fpadd16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd16s,8
+	fpadd16s	%f1,%f3,%f0
+	.end
+!
+! double vis_fpadd32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpadd32,16
+	fpadd32	%f0,%f2,%f0
+	.end
+!
+! float vis_fpadd32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpadd32s,8
+	fpadd32s	%f1,%f3,%f0
+	.end
+!
+! double vis_fpsub16(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub16,16
+	fpsub16	%f0,%f2,%f0
+	.end
+!
+! float vis_fpsub16s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub16s,8
+	fpsub16s	%f1,%f3,%f0
+	.end
+!
+! double vis_fpsub32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpsub32,16
+	fpsub32	%f0,%f2,%f0
+	.end
+!
+! float vis_fpsub32s(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpsub32s,8
+	fpsub32s	%f1,%f3,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel packing
+!
+! float vis_fpack16(double /*frs2*/);
+!
+	.inline vis_fpack16,8
+	fpack16	%f0,%f0
+	.end
+!
+! double vis_fpack16_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpack16_pair,16
+	fpack16	%f0,%f0
+	fpack16	%f2,%f1
+	.end
+!
+! void vis_st2_fpack16(double, double, double *)
+!
+	.inline vis_st2_fpack16,24
+ 	fpack16	%f0,%f0
+ 	fpack16	%f2,%f1
+ 	st	%f0,[%o2+0]
+ 	st	%f1,[%o2+4]
+ 	.end
+!
+! void vis_std_fpack16(double, double, double *)
+!
+	.inline vis_std_fpack16,24
+	fpack16	%f0,%f0
+	fpack16	%f2,%f1
+	std	%f0,[%o2]
+	.end
+!
+! void vis_st2_fpackfix(double, double, double *)
+!
+	.inline vis_st2_fpackfix,24
+ 	fpackfix %f0,%f0
+ 	fpackfix %f2,%f1
+ 	st	%f0,[%o2+0]
+ 	st	%f1,[%o2+4]
+ 	.end
+!
+! double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_hi,16
+	fpack16	%f2,%f0
+	.end
+
+! double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack16_to_lo,16
+	fpack16	%f2,%f3
+	fmovs	%f3,%f1		/* without this, optimizer goes wrong */
+	.end
+
+!
+! double vis_fpack32(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fpack32,16
+	fpack32	%f0,%f2,%f0
+	.end
+!
+! float vis_fpackfix(double /*frs2*/);
+!
+	.inline vis_fpackfix,8
+	fpackfix	%f0,%f0
+	.end
+!
+! double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/);
+!
+	.inline vis_fpackfix_pair,16
+	fpackfix	%f0,%f0
+	fpackfix	%f2,%f1
+	.end
+
+!--------------------------------------------------------------------
+! Motion estimation
+!
+! double vis_pxldist64(double accum /*frd*/, double pxls1 /*frs1*/, 
+!		       double pxls2 /*frs2*/);
+!
+	.inline vis_pxldist64,24
+	pdist	%f2,%f4,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Channel merging
+!
+! double vis_fpmerge(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fpmerge,8
+	fpmerge	%f1,%f3,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Pixel expansion
+!
+! double vis_fexpand(float /*frs2*/);
+!
+	.inline vis_fexpand,4
+	fexpand	%f1,%f0
+	.end
+
+! double vis_fexpand_hi(double /*frs2*/);
+!
+	.inline vis_fexpand_hi,8
+	fexpand	%f0,%f0
+	.end
+
+! double vis_fexpand_lo(double /*frs2*/);
+!
+	.inline vis_fexpand_lo,8
+	fexpand	%f1,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Bitwise logical operations
+!
+! double vis_fnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnor,16
+	fnor	%f0,%f2,%f0
+	.end
+!
+! float vis_fnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnors,8
+	fnors	%f1,%f3,%f0
+	.end
+!
+! double vis_fandnot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fandnot,16
+	fandnot1 %f0,%f2,%f0
+	.end
+!
+! float vis_fandnots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fandnots,8
+	fandnot1s %f1,%f3,%f0
+	.end
+!
+! double vis_fnot(double /*frs1*/);
+!
+	.inline vis_fnot,8
+	fnot1	%f0,%f0
+	.end
+!
+! float vis_fnots(float /*frs1*/);
+!
+	.inline vis_fnots,4
+	fnot1s	%f1,%f0
+	.end
+!
+! double vis_fxor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxor,16
+	fxor	%f0,%f2,%f0
+	.end
+!
+! float vis_fxors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxors,8
+	fxors	%f1,%f3,%f0
+	.end
+!
+! double vis_fnand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fnand,16
+	fnand	%f0,%f2,%f0
+	.end
+!
+! float vis_fnands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fnands,8
+	fnands	%f1,%f3,%f0
+	.end
+!
+! double vis_fand(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fand,16
+	fand	%f0,%f2,%f0
+	.end
+!
+! float vis_fands(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fands,8
+	fands	%f1,%f3,%f0
+	.end
+!
+! double vis_fxnor(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fxnor,16
+	fxnor	%f0,%f2,%f0
+	.end
+!
+! float vis_fxnors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fxnors,8
+	fxnors	%f1,%f3,%f0
+	.end
+!
+! double vis_fsrc(double /*frs1*/);
+!
+	.inline vis_fsrc,8
+	fsrc1	%f0,%f0
+	.end
+!
+! float vis_fsrcs(float /*frs1*/);
+!
+	.inline vis_fsrcs,4
+	fsrc1s	%f1,%f0
+	.end
+!
+! double vis_fornot(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_fornot,16
+	fornot1	%f0,%f2,%f0
+	.end
+!
+! float vis_fornots(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fornots,8
+	fornot1s %f1,%f3,%f0
+	.end
+!
+! double vis_for(double /*frs1*/, double /*frs2*/);
+!
+	.inline vis_for,16
+	for	%f0,%f2,%f0
+	.end
+!
+! float vis_fors(float /*frs1*/, float /*frs2*/);
+!
+	.inline vis_fors,8
+	fors	%f1,%f3,%f0
+	.end
+!
+! double vis_fzero(/* void */)
+!
+	.inline	vis_fzero,0
+	fzero	%f0
+	.end
+!
+! float vis_fzeros(/* void */)
+!
+	.inline	vis_fzeros,0
+	fzeros	%f0
+	.end
+!
+! double vis_fone(/* void */)
+!
+	.inline	vis_fone,0
+	fone	%f0
+	.end
+!
+! float vis_fones(/* void */)
+!
+	.inline	vis_fones,0
+	fones	%f0
+	.end
+
+!--------------------------------------------------------------------
+! Partial store instructions
+!
+! vis_stdfa_ASI_PST8P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8P,20
+	stda	%f0,[%o1]%o2,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8PL(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8PL,20
+	stda	%f0,[%o1]%o2,0xc8	! ASI_PST8_PL
+	.end
+!
+! vis_stdfa_ASI_PST8P_int_pair(void *rs1, void *rs2, void *rs3, int rmask);
+!
+	.inline vis_stdfa_ASI_PST8P_int_pair,28
+        ld	[%o0],%f4
+        ld	[%o1],%f5
+	stda	%f4,[%o2]%o3,0xc0	! ASI_PST8_P
+	.end
+!
+! vis_stdfa_ASI_PST8S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST8S,20
+	stda	%f0,[%o1]%o2,0xc1	! ASI_PST8_S
+	.end
+!
+! vis_stdfa_ASI_PST16P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16P,20
+	stda	%f0,[%o1]%o2,0xc2	! ASI_PST16_P
+	.end
+!
+! vis_stdfa_ASI_PST16S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST16S,20
+	stda	%f0,[%o1]%o2,0xc3	! ASI_PST16_S
+	.end
+!
+! vis_stdfa_ASI_PST32P(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32P,20
+	stda	%f0,[%o1]%o2,0xc4	! ASI_PST32_P
+	.end
+!
+! vis_stdfa_ASI_PST32S(double frd, void *rs1, int rmask)
+!
+	.inline vis_stdfa_ASI_PST32S,20
+	stda	%f0,[%o1]%o2,0xc5	! ASI_PST32_S
+	.end
+
+!--------------------------------------------------------------------
+! Short store instructions
+!
+! vis_stdfa_ASI_FL8P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8P,16
+	stda	%f0,[%o1]0xd0	! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL8P_index,24
+	stda	%f0,[%o1+%o2]0xd0 ! ASI_FL8_P
+	.end
+!
+! vis_stdfa_ASI_FL8S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8S,16
+	stda	%f0,[%o1]0xd1	! ASI_FL8_S
+	.end
+!
+! vis_stdfa_ASI_FL16P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16P,16
+	stda	%f0,[%o1]0xd2	! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16P_index(double frd, void *rs1, long index)
+!
+	.inline vis_stdfa_ASI_FL16P_index,24
+	stda	%f0,[%o1+%o2]0xd2 ! ASI_FL16_P
+	.end
+!
+! vis_stdfa_ASI_FL16S(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16S,16
+	stda	%f0,[%o1]0xd3	! ASI_FL16_S
+	.end
+!
+! vis_stdfa_ASI_FL8PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8PL,16
+	stda	%f0,[%o1]0xd8	! ASI_FL8_PL
+	.end
+!
+! vis_stdfa_ASI_FL8SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL8SL,16
+	stda	%f0,[%o1]0xd9	! ASI_FL8_SL
+	.end
+!
+! vis_stdfa_ASI_FL16PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16PL,16
+	stda	%f0,[%o1]0xda	! ASI_FL16_PL
+	.end
+!
+! vis_stdfa_ASI_FL16SL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_FL16SL,16
+	stda	%f0,[%o1]0xdb	! ASI_FL16_SL
+	.end
+
+!--------------------------------------------------------------------
+! Short load instructions
+!
+! double vis_lddfa_ASI_FL8P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8P,8
+	ldda	[%o0]0xd0,%f4	! ASI_FL8_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_FL8P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8P_index,16
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_hi(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_hi,12
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8P_lo(void *rs1, unsigned int index)
+!
+	.inline vis_lddfa_ASI_FL8P_lo,12
+	sll     %o1,16,%o1
+	sra     %o1,16,%o1
+	ldda	[%o0+%o1]0xd0,%f4
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8S,8
+	ldda	[%o0]0xd1,%f4	! ASI_FL8_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16P,8
+	ldda	[%o0]0xd2,%f4	! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16P_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16P_index,16
+	ldda	[%o0+%o1]0xd2,%f4 ! ASI_FL16_P
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16S(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16S,8
+	ldda	[%o0]0xd3,%f4	! ASI_FL16_S
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8PL,8
+	ldda	[%o0]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL8PL_index,16
+	ldda	[%o0+%o1]0xd8,%f4	! ASI_FL8_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL8SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL8SL,8
+	ldda	[%o0]0xd9,%f4	! ASI_FL8_SL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16PL,8
+	ldda	[%o0]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16PL_index(void *rs1, long index)
+!
+	.inline vis_lddfa_ASI_FL16PL_index,16
+	ldda	[%o0+%o1]0xda,%f4	! ASI_FL16_PL
+	fmovd	%f4,%f0
+	.end
+!
+! double vis_lddfa_ASI_FL16SL(void *rs1)
+!
+	.inline vis_lddfa_ASI_FL16SL,8
+	ldda	[%o0]0xdb,%f4	! ASI_FL16_SL
+	fmovd	%f4,%f0
+	.end
+
+!--------------------------------------------------------------------
+! Graphics status register
+!
+! unsigned int vis_read_gsr(void)
+!
+	.inline vis_read_gsr,0
+	rd	%gsr,%o0
+	.end
+!
+! void vis_write_gsr(unsigned int /* GSR */)
+!
+	.inline vis_write_gsr,4
+	wr	%g0,%o0,%gsr
+	.end
+
+!--------------------------------------------------------------------
+! Voxel texture mapping
+!
+! unsigned long vis_array8(unsigned long long /*rs1 */, int /*rs2*/)
+!
+	.inline	vis_array8,12
+	array8	%o0,%o1,%o0
+	.end
+!
+! unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array16,12
+	array16	%o0,%o1,%o0
+	.end
+!
+! unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/)
+!
+	.inline	vis_array32,12
+	array32	%o0,%o1,%o0
+	.end
+
+!--------------------------------------------------------------------
+! Register aliasing and type casts
+!
+! float vis_read_hi(double /* frs1 */);
+!
+	.inline vis_read_hi,8
+	fmovs	%f0,%f0
+	.end
+!
+! float vis_read_lo(double /* frs1 */);
+!
+	.inline vis_read_lo,8
+	fmovs	%f1,%f0		! %f0 = low word (frs1); return %f0;
+	.end
+!
+! double vis_write_hi(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_hi,12
+	fmovs	%f3,%f0		! %f3 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_write_lo(double /* frs1 */, float /* frs2 */);
+!
+	.inline vis_write_lo,12
+	fmovs	%f3,%f1		! %f3 = float frs2; return %f0:f1;
+	.end
+!
+! double vis_freg_pair(float /* frs1 */, float /* frs2 */);
+!
+	.inline vis_freg_pair,8
+	fmovs	%f1,%f0		! %f1 = float frs1; put in hi;
+	fmovs	%f3,%f1		! %f3 = float frs2; put in lo; return %f0:f1;
+	.end
+!
+! float vis_to_float(unsigned int /*value*/);
+!
+	.inline vis_to_float,4
+	st	%o0,[%sp+2183]
+	ld	[%sp+2183],%f0
+	.end
+!
+! double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/);
+!
+	.inline vis_to_double,8
+	st	%o0,[%sp+2183]
+	ld	[%sp+2183],%f0
+	st	%o1,[%sp+2183]
+	ld	[%sp+2183],%f1
+	.end
+!
+! double vis_to_double_dup(unsigned int /*value*/);
+!
+	.inline vis_to_double_dup,4
+	st	%o0,[%sp+2183]
+	ld	[%sp+2183],%f1
+	fmovs	%f1,%f0		! duplicate value
+	.end
+!
+! double vis_ll_to_double(unsigned long long /*value*/);
+!
+	.inline vis_ll_to_double,8
+	stx     %o0,[%sp+2183]
+	ldd     [%sp+2183],%f0
+        .end
+
+!--------------------------------------------------------------------
+! Address space identifier (ASI) register
+!
+! unsigned int vis_read_asi(void)
+!
+	.inline vis_read_asi,0
+	rd	%asi,%o0
+	.end
+!
+! void vis_write_asi(unsigned int /* ASI */)
+!
+	.inline vis_write_asi,4
+	wr	%g0,%o0,%asi
+	.end
+
+!--------------------------------------------------------------------
+! Load/store from/into alternate space
+!
+! float vis_ldfa_ASI_REG(void *rs1)
+!
+	.inline vis_ldfa_ASI_REG,8
+	lda	[%o0+0]%asi,%f4
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_P(void *rs1)
+!
+	.inline vis_ldfa_ASI_P,8
+	lda	[%o0]0x80,%f4	! ASI_P
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! float vis_ldfa_ASI_PL(void *rs1)
+!
+	.inline vis_ldfa_ASI_PL,8
+	lda	[%o0]0x88,%f4	! ASI_PL
+	fmovs	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_REG(void *rs1)
+!
+	.inline vis_lddfa_ASI_REG,8
+	ldda	[%o0+0]%asi,%f4
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_P(void *rs1)
+!
+	.inline vis_lddfa_ASI_P,8
+	ldda	[%o0]0x80,%f4	! ASI_P
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! double vis_lddfa_ASI_PL(void *rs1)
+!
+	.inline vis_lddfa_ASI_PL,8
+	ldda	[%o0]0x88,%f4	! ASI_PL
+	fmovd	%f4,%f0	        ! Compiler can clean this up
+	.end
+!
+! vis_stfa_ASI_REG(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_REG,12
+	sta	%f1,[%o1+0]%asi
+	.end
+!
+! vis_stfa_ASI_P(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_P,12
+	sta	%f1,[%o1]0x80	! ASI_P
+	.end
+!
+! vis_stfa_ASI_PL(float frs, void *rs1)
+!
+	.inline vis_stfa_ASI_PL,12
+	sta	%f1,[%o1]0x88	! ASI_PL
+	.end
+!
+! vis_stdfa_ASI_REG(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_REG,16
+	stda	%f0,[%o1+0]%asi
+	.end
+!
+! vis_stdfa_ASI_P(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_P,16
+	stda	%f0,[%o1]0x80	! ASI_P
+	.end
+!
+! vis_stdfa_ASI_PL(double frd, void *rs1)
+!
+	.inline vis_stdfa_ASI_PL,16
+	stda	%f0,[%o1]0x88	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_REG(void *rs1)
+!
+	.inline vis_lduha_ASI_REG,8
+	lduha	[%o0+0]%asi,%o0
+	.end
+!
+! unsigned short vis_lduha_ASI_P(void *rs1)
+!
+	.inline vis_lduha_ASI_P,8
+	lduha	[%o0]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL(void *rs1)
+!
+	.inline vis_lduha_ASI_PL,8
+	lduha	[%o0]0x88,%o0	! ASI_PL
+	.end
+!
+! unsigned short vis_lduha_ASI_P_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_P_index,16
+	lduha	[%o0+%o1]0x80,%o0	! ASI_P
+	.end
+!
+! unsigned short vis_lduha_ASI_PL_index(void *rs1, long index)
+!
+	.inline vis_lduha_ASI_PL_index,16
+	lduha	[%o0+%o1]0x88,%o0	! ASI_PL
+	.end
+
+!--------------------------------------------------------------------
+! Prefetch
+!
+! void vis_prefetch_read(void * /*address*/);
+!
+	.inline vis_prefetch_read,8
+	prefetch	[%o0+0],0
+	.end
+!
+! void vis_prefetch_write(void * /*address*/);
+!
+	.inline vis_prefetch_write,8
+	prefetch	[%o0+0],2
+	.end
diff --git a/nss/lib/freebl/mpi/vis_proto.h b/nss/lib/freebl/mpi/vis_proto.h
new file mode 100644
index 0000000..275de59
--- /dev/null
+++ b/nss/lib/freebl/mpi/vis_proto.h
@@ -0,0 +1,234 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Prototypes for the inline templates in vis.il
+ */
+
+#ifndef VIS_PROTO_H
+#define VIS_PROTO_H
+
+#pragma ident "@(#)vis_proto.h	1.3	97/03/30 SMI"
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/* Pure edge handling instructions */
+int vis_edge8(void * /*frs1*/, void * /*frs2*/);
+int vis_edge8l(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16l(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32l(void * /*frs1*/, void * /*frs2*/);
+
+/* Edge handling instructions with negative return values if cc set. */
+int vis_edge8cc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge8lcc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16cc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge16lcc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32cc(void * /*frs1*/, void * /*frs2*/);
+int vis_edge32lcc(void * /*frs1*/, void * /*frs2*/);
+
+/* Alignment instructions. */
+void *vis_alignaddr(void * /*rs1*/, int /*rs2*/);
+void *vis_alignaddrl(void * /*rs1*/, int /*rs2*/);
+double vis_faligndata(double /*frs1*/, double /*frs2*/);
+
+/* Partitioned comparison instructions. */
+int vis_fcmple16(double /*frs1*/, double /*frs2*/);
+int vis_fcmpne16(double /*frs1*/, double /*frs2*/);
+int vis_fcmple32(double /*frs1*/, double /*frs2*/);
+int vis_fcmpne32(double /*frs1*/, double /*frs2*/);
+int vis_fcmpgt16(double /*frs1*/, double /*frs2*/);
+int vis_fcmpeq16(double /*frs1*/, double /*frs2*/);
+int vis_fcmpgt32(double /*frs1*/, double /*frs2*/);
+int vis_fcmpeq32(double /*frs1*/, double /*frs2*/);
+
+/* Partitioned multiplication. */
+#if 0
+double vis_fmul8x16(float /*frs1*/, double /*frs2*/);
+#endif
+double vis_fmul8x16_dummy(float /*frs1*/, int /*dummy*/, double /*frs2*/);
+double vis_fmul8x16au(float /*frs1*/, float /*frs2*/);
+double vis_fmul8x16al(float /*frs1*/, float /*frs2*/);
+double vis_fmul8sux16(double /*frs1*/, double /*frs2*/);
+double vis_fmul8ulx16(double /*frs1*/, double /*frs2*/);
+double vis_fmuld8ulx16(float /*frs1*/, float /*frs2*/);
+double vis_fmuld8sux16(float /*frs1*/, float /*frs2*/);
+
+/* Partitioned addition & subtraction. */
+double vis_fpadd16(double /*frs1*/, double /*frs2*/);
+float vis_fpadd16s(float /*frs1*/, float /*frs2*/);
+double vis_fpadd32(double /*frs1*/, double /*frs2*/);
+float vis_fpadd32s(float /*frs1*/, float /*frs2*/);
+double vis_fpsub16(double /*frs1*/, double /*frs2*/);
+float vis_fpsub16s(float /*frs1*/, float /*frs2*/);
+double vis_fpsub32(double /*frs1*/, double /*frs2*/);
+float vis_fpsub32s(float /*frs1*/, float /*frs2*/);
+
+/* Pixel packing & clamping. */
+float vis_fpack16(double /*frs2*/);
+double vis_fpack32(double /*frs1*/, double /*frs2*/);
+float vis_fpackfix(double /*frs2*/);
+
+/* Combined pack ops. */
+double vis_fpack16_pair(double /*frs2*/, double /*frs2*/);
+double vis_fpackfix_pair(double /*frs2*/, double /*frs2*/);
+void vis_st2_fpack16(double, double, double *);
+void vis_std_fpack16(double, double, double *);
+void vis_st2_fpackfix(double, double, double *);
+
+double vis_fpack16_to_hi(double /*frs1*/, double /*frs2*/);
+double vis_fpack16_to_lo(double /*frs1*/, double /*frs2*/);
+
+/* Motion estimation. */
+double vis_pdist(double /*frs1*/, double /*frs2*/, double /*frd*/);
+
+/* Channel merging. */
+double vis_fpmerge(float /*frs1*/, float /*frs2*/);
+
+/* Pixel expansion. */
+double vis_fexpand(float /*frs2*/);
+double vis_fexpand_hi(double /*frs2*/);
+double vis_fexpand_lo(double /*frs2*/);
+
+/* Bitwise logical operators. */
+double vis_fnor(double /*frs1*/, double /*frs2*/);
+float vis_fnors(float /*frs1*/, float /*frs2*/);
+double vis_fandnot(double /*frs1*/, double /*frs2*/);
+float vis_fandnots(float /*frs1*/, float /*frs2*/);
+double vis_fnot(double /*frs1*/);
+float vis_fnots(float /*frs1*/);
+double vis_fxor(double /*frs1*/, double /*frs2*/);
+float vis_fxors(float /*frs1*/, float /*frs2*/);
+double vis_fnand(double /*frs1*/, double /*frs2*/);
+float vis_fnands(float /*frs1*/, float /*frs2*/);
+double vis_fand(double /*frs1*/, double /*frs2*/);
+float vis_fands(float /*frs1*/, float /*frs2*/);
+double vis_fxnor(double /*frs1*/, double /*frs2*/);
+float vis_fxnors(float /*frs1*/, float /*frs2*/);
+double vis_fsrc(double /*frs1*/);
+float vis_fsrcs(float /*frs1*/);
+double vis_fornot(double /*frs1*/, double /*frs2*/);
+float vis_fornots(float /*frs1*/, float /*frs2*/);
+double vis_for(double /*frs1*/, double /*frs2*/);
+float vis_fors(float /*frs1*/, float /*frs2*/);
+double vis_fzero(void);
+float vis_fzeros(void);
+double vis_fone(void);
+float vis_fones(void);
+
+/* Partial stores. */
+void vis_stdfa_ASI_PST8P(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST8PL(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST8P_int_pair(void * /*rs1*/, void * /*rs2*/,
+                                  void * /*rs3*/, int /*rmask*/);
+void vis_stdfa_ASI_PST8S(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST16P(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST16S(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST32P(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+void vis_stdfa_ASI_PST32S(double /*frd*/, void * /*rs1*/, int /*rmask*/);
+
+/* Byte & short stores. */
+void vis_stdfa_ASI_FL8P(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL8P_index(double /*frd*/, void * /*rs1*/, long /*index*/);
+void vis_stdfa_ASI_FL8S(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16P(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16P_index(double /*frd*/, void * /*rs1*/, long /*index*/);
+void vis_stdfa_ASI_FL16S(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL8PL(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL8SL(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16PL(double /*frd*/, void * /*rs1*/);
+void vis_stdfa_ASI_FL16SL(double /*frd*/, void * /*rs1*/);
+
+/* Byte & short loads. */
+double vis_lddfa_ASI_FL8P(void * /*rs1*/);
+double vis_lddfa_ASI_FL8P_index(void * /*rs1*/, long /*index*/);
+double vis_lddfa_ASI_FL8P_hi(void * /*rs1*/, unsigned int /*index*/);
+double vis_lddfa_ASI_FL8P_lo(void * /*rs1*/, unsigned int /*index*/);
+double vis_lddfa_ASI_FL8S(void * /*rs1*/);
+double vis_lddfa_ASI_FL16P(void * /*rs1*/);
+double vis_lddfa_ASI_FL16P_index(void * /*rs1*/, long /*index*/);
+double vis_lddfa_ASI_FL16S(void * /*rs1*/);
+double vis_lddfa_ASI_FL8PL(void * /*rs1*/);
+double vis_lddfa_ASI_FL8SL(void * /*rs1*/);
+double vis_lddfa_ASI_FL16PL(void * /*rs1*/);
+double vis_lddfa_ASI_FL16SL(void * /*rs1*/);
+
+/* Direct write to GSR, read from GSR */
+void vis_write_gsr(unsigned int /*GSR*/);
+unsigned int vis_read_gsr(void);
+
+/* Voxel texture mapping. */
+#if !defined(_NO_LONGLONG)
+unsigned long vis_array8(unsigned long long /*rs1*/, int /*rs2*/);
+unsigned long vis_array16(unsigned long long /*rs1*/, int /*rs2*/);
+unsigned long vis_array32(unsigned long long /*rs1*/, int /*rs2*/);
+#endif /* !defined(_NO_LONGLONG) */
+
+/* Register aliasing and type casts. */
+float vis_read_hi(double /*frs1*/);
+float vis_read_lo(double /*frs1*/);
+double vis_write_hi(double /*frs1*/, float /*frs2*/);
+double vis_write_lo(double /*frs1*/, float /*frs2*/);
+double vis_freg_pair(float /*frs1*/, float /*frs2*/);
+float vis_to_float(unsigned int /*value*/);
+double vis_to_double(unsigned int /*value1*/, unsigned int /*value2*/);
+double vis_to_double_dup(unsigned int /*value*/);
+#if !defined(_NO_LONGLONG)
+double vis_ll_to_double(unsigned long long /*value*/);
+#endif /* !defined(_NO_LONGLONG) */
+
+/* Miscellany (no inlines) */
+void vis_error(char * /*fmt*/, int /*a0*/);
+void vis_sim_init(void);
+
+/* For better performance */
+#define vis_fmul8x16(farg, darg) vis_fmul8x16_dummy((farg), 0, (darg))
+
+/* Nicknames for explicit ASI loads and stores. */
+#define vis_st_u8 vis_stdfa_ASI_FL8P
+#define vis_st_u8_i vis_stdfa_ASI_FL8P_index
+#define vis_st_u8_le vis_stdfa_ASI_FL8PL
+#define vis_st_u16 vis_stdfa_ASI_FL16P
+#define vis_st_u16_i vis_stdfa_ASI_FL16P_index
+#define vis_st_u16_le vis_stdfa_ASI_FL16PL
+
+#define vis_ld_u8 vis_lddfa_ASI_FL8P
+#define vis_ld_u8_i vis_lddfa_ASI_FL8P_index
+#define vis_ld_u8_le vis_lddfa_ASI_FL8PL
+#define vis_ld_u16 vis_lddfa_ASI_FL16P
+#define vis_ld_u16_i vis_lddfa_ASI_FL16P_index
+#define vis_ld_u16_le vis_lddfa_ASI_FL16PL
+
+#define vis_pst_8 vis_stdfa_ASI_PST8P
+#define vis_pst_16 vis_stdfa_ASI_PST16P
+#define vis_pst_32 vis_stdfa_ASI_PST32P
+
+#define vis_st_u8s vis_stdfa_ASI_FL8S
+#define vis_st_u8s_le vis_stdfa_ASI_FL8SL
+#define vis_st_u16s vis_stdfa_ASI_FL16S
+#define vis_st_u16s_le vis_stdfa_ASI_FL16SL
+
+#define vis_ld_u8s vis_lddfa_ASI_FL8S
+#define vis_ld_u8s_le vis_lddfa_ASI_FL8SL
+#define vis_ld_u16s vis_lddfa_ASI_FL16S
+#define vis_ld_u16s_le vis_lddfa_ASI_FL16SL
+
+#define vis_pst_8s vis_stdfa_ASI_PST8S
+#define vis_pst_16s vis_stdfa_ASI_PST16S
+#define vis_pst_32s vis_stdfa_ASI_PST32S
+
+/* "<" and ">=" may be implemented in terms of ">" and "<=". */
+#define vis_fcmplt16(a, b) vis_fcmpgt16((b), (a))
+#define vis_fcmplt32(a, b) vis_fcmpgt32((b), (a))
+#define vis_fcmpge16(a, b) vis_fcmple16((b), (a))
+#define vis_fcmpge32(a, b) vis_fcmple32((b), (a))
+
+#ifdef __cplusplus
+} // End of extern "C"
+#endif /* __cplusplus */
+
+#endif /* VIS_PROTO_H */
diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c
new file mode 100644
index 0000000..5ed0396
--- /dev/null
+++ b/nss/lib/freebl/nsslowhash.c
@@ -0,0 +1,150 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+#include "prtypes.h"
+#include "secerr.h"
+#include "blapi.h"
+#include "hasht.h"
+#include "plhash.h"
+#include "nsslowhash.h"
+#include "blapii.h"
+
+struct NSSLOWInitContextStr {
+    int count;
+};
+
+struct NSSLOWHASHContextStr {
+    const SECHashObject *hashObj;
+    void *hashCtxt;
+};
+
+static int
+nsslow_GetFIPSEnabled(void)
+{
+#ifdef LINUX
+    FILE *f;
+    char d;
+    size_t size;
+
+    f = fopen("/proc/sys/crypto/fips_enabled", "r");
+    if (!f)
+        return 0;
+
+    size = fread(&d, 1, 1, f);
+    fclose(f);
+    if (size != 1)
+        return 0;
+    if (d != '1')
+        return 0;
+#endif
+    return 1;
+}
+
+static NSSLOWInitContext dummyContext = { 0 };
+static PRBool post_failed = PR_TRUE;
+
+NSSLOWInitContext *
+NSSLOW_Init(void)
+{
+#ifdef FREEBL_NO_DEPEND
+    (void)FREEBL_InitStubs();
+#endif
+
+    /* make sure the FIPS product is installed if we are trying to
+     * go into FIPS mode */
+    if (nsslow_GetFIPSEnabled()) {
+        if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            post_failed = PR_TRUE;
+            return NULL;
+        }
+    }
+    post_failed = PR_FALSE;
+
+    return &dummyContext;
+}
+
+void
+NSSLOW_Shutdown(NSSLOWInitContext *context)
+{
+    PORT_Assert(context == &dummyContext);
+    return;
+}
+
+void
+NSSLOW_Reset(NSSLOWInitContext *context)
+{
+    PORT_Assert(context == &dummyContext);
+    return;
+}
+
+NSSLOWHASHContext *
+NSSLOWHASH_NewContext(NSSLOWInitContext *initContext,
+                      HASH_HashType hashType)
+{
+    NSSLOWHASHContext *context;
+
+    if (post_failed) {
+        PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
+        return NULL;
+    }
+
+    if (initContext != &dummyContext) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return (NULL);
+    }
+
+    context = PORT_ZNew(NSSLOWHASHContext);
+    if (!context) {
+        return NULL;
+    }
+    context->hashObj = HASH_GetRawHashObject(hashType);
+    if (!context->hashObj) {
+        PORT_Free(context);
+        return NULL;
+    }
+    context->hashCtxt = context->hashObj->create();
+    if (!context->hashCtxt) {
+        PORT_Free(context);
+        return NULL;
+    }
+
+    return context;
+}
+
+void
+NSSLOWHASH_Begin(NSSLOWHASHContext *context)
+{
+    return context->hashObj->begin(context->hashCtxt);
+}
+
+void
+NSSLOWHASH_Update(NSSLOWHASHContext *context, const unsigned char *buf,
+                  unsigned int len)
+{
+    return context->hashObj->update(context->hashCtxt, buf, len);
+}
+
+void
+NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned char *buf,
+               unsigned int *ret, unsigned int len)
+{
+    return context->hashObj->end(context->hashCtxt, buf, ret, len);
+}
+
+void
+NSSLOWHASH_Destroy(NSSLOWHASHContext *context)
+{
+    context->hashObj->destroy(context->hashCtxt, PR_TRUE);
+    PORT_Free(context);
+}
+
+unsigned int
+NSSLOWHASH_Length(NSSLOWHASHContext *context)
+{
+    return context->hashObj->length;
+}
diff --git a/nss/lib/freebl/nsslowhash.h b/nss/lib/freebl/nsslowhash.h
new file mode 100644
index 0000000..d8f0587
--- /dev/null
+++ b/nss/lib/freebl/nsslowhash.h
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Provide FIPS validated hashing for applications that only need hashing.
+ * NOTE: mac'ing requires keys and will not work in this interface.
+ * Also NOTE: this only works with Hashing. Only the FIPS interface is enabled.
+ */
+
+#ifndef _NSSLOWHASH_H_
+#define _NSSLOWHASH_H_
+
+typedef struct NSSLOWInitContextStr NSSLOWInitContext;
+typedef struct NSSLOWHASHContextStr NSSLOWHASHContext;
+
+NSSLOWInitContext *NSSLOW_Init(void);
+void NSSLOW_Shutdown(NSSLOWInitContext *context);
+void NSSLOW_Reset(NSSLOWInitContext *context);
+NSSLOWHASHContext *NSSLOWHASH_NewContext(
+    NSSLOWInitContext *initContext,
+    HASH_HashType hashType);
+void NSSLOWHASH_Begin(NSSLOWHASHContext *context);
+void NSSLOWHASH_Update(NSSLOWHASHContext *context,
+                       const unsigned char *buf,
+                       unsigned int len);
+void NSSLOWHASH_End(NSSLOWHASHContext *context,
+                    unsigned char *buf,
+                    unsigned int *ret, unsigned int len);
+void NSSLOWHASH_Destroy(NSSLOWHASHContext *context);
+unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context);
+
+#endif
diff --git a/nss/lib/freebl/os2_rand.c b/nss/lib/freebl/os2_rand.c
new file mode 100644
index 0000000..407b080
--- /dev/null
+++ b/nss/lib/freebl/os2_rand.c
@@ -0,0 +1,334 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#define INCL_DOS
+#define INCL_DOSERRORS
+#include <os2.h>
+#include "secrng.h"
+#include "prerror.h"
+#include <stdlib.h>
+#include <time.h>
+#include <stdio.h>
+#include <sys/stat.h>
+
+static BOOL
+clockTickTime(unsigned long *phigh, unsigned long *plow)
+{
+    APIRET rc = NO_ERROR;
+    QWORD qword = { 0, 0 };
+
+    rc = DosTmrQueryTime(&qword);
+    if (rc != NO_ERROR)
+        return FALSE;
+
+    *phigh = qword.ulHi;
+    *plow = qword.ulLo;
+
+    return TRUE;
+}
+
+size_t
+RNG_GetNoise(void *buf, size_t maxbuf)
+{
+    unsigned long high = 0;
+    unsigned long low = 0;
+    clock_t val = 0;
+    int n = 0;
+    int nBytes = 0;
+    time_t sTime;
+
+    if (maxbuf <= 0)
+        return 0;
+
+    clockTickTime(&high, &low);
+
+    /* get the maximally changing bits first */
+    nBytes = sizeof(low) > maxbuf ? maxbuf : sizeof(low);
+    memcpy(buf, &low, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    nBytes = sizeof(high) > maxbuf ? maxbuf : sizeof(high);
+    memcpy(((char *)buf) + n, &high, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    /* get the number of milliseconds that have elapsed since application started */
+    val = clock();
+
+    nBytes = sizeof(val) > maxbuf ? maxbuf : sizeof(val);
+    memcpy(((char *)buf) + n, &val, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    /* get the time in seconds since midnight Jan 1, 1970 */
+    time(&sTime);
+    nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
+    memcpy(((char *)buf) + n, &sTime, nBytes);
+    n += nBytes;
+
+    return n;
+}
+
+static BOOL
+EnumSystemFiles(void (*func)(const char *))
+{
+    APIRET rc;
+    ULONG sysInfo = 0;
+    char bootLetter[2];
+    char sysDir[_MAX_PATH] = "";
+    char filename[_MAX_PATH];
+    HDIR hdir = HDIR_CREATE;
+    ULONG numFiles = 1;
+    FILEFINDBUF3 fileBuf = { 0 };
+    ULONG buflen = sizeof(FILEFINDBUF3);
+
+    if (DosQuerySysInfo(QSV_BOOT_DRIVE, QSV_BOOT_DRIVE, (PVOID)&sysInfo,
+                        sizeof(ULONG)) == NO_ERROR) {
+        bootLetter[0] = sysInfo + 'A' - 1;
+        bootLetter[1] = '\0';
+        strcpy(sysDir, bootLetter);
+        strcpy(sysDir + 1, ":\\OS2\\");
+
+        strcpy(filename, sysDir);
+        strcat(filename, "*.*");
+    }
+
+    rc = DosFindFirst(filename, &hdir, FILE_NORMAL, &fileBuf, buflen,
+                      &numFiles, FIL_STANDARD);
+    if (rc == NO_ERROR) {
+        do {
+            // pass the full pathname to the callback
+            sprintf(filename, "%s%s", sysDir, fileBuf.achName);
+            (*func)(filename);
+
+            numFiles = 1;
+            rc = DosFindNext(hdir, &fileBuf, buflen, &numFiles);
+            if (rc != NO_ERROR && rc != ERROR_NO_MORE_FILES)
+                printf("DosFindNext errod code = %d\n", rc);
+        } while (rc == NO_ERROR);
+
+        rc = DosFindClose(hdir);
+        if (rc != NO_ERROR)
+            printf("DosFindClose error code = %d", rc);
+    } else
+        printf("DosFindFirst error code = %d", rc);
+
+    return TRUE;
+}
+
+static int dwNumFiles, dwReadEvery, dwFileToRead = 0;
+
+static void
+CountFiles(const char *file)
+{
+    dwNumFiles++;
+}
+
+static void
+ReadFiles(const char *file)
+{
+    if ((dwNumFiles % dwReadEvery) == 0)
+        RNG_FileForRNG(file);
+
+    dwNumFiles++;
+}
+
+static void
+ReadSingleFile(const char *filename)
+{
+    unsigned char buffer[1024];
+    FILE *file;
+
+    file = fopen((char *)filename, "rb");
+    if (file != NULL) {
+        while (fread(buffer, 1, sizeof(buffer), file) > 0)
+            ;
+        fclose(file);
+    }
+}
+
+static void
+ReadOneFile(const char *file)
+{
+    if (dwNumFiles == dwFileToRead) {
+        ReadSingleFile(file);
+    }
+
+    dwNumFiles++;
+}
+
+static void
+ReadSystemFiles(void)
+{
+    // first count the number of files
+    dwNumFiles = 0;
+    if (!EnumSystemFiles(CountFiles))
+        return;
+
+    RNG_RandomUpdate(&dwNumFiles, sizeof(dwNumFiles));
+
+    // now read 10 files
+    if (dwNumFiles == 0)
+        return;
+
+    dwReadEvery = dwNumFiles / 10;
+    if (dwReadEvery == 0)
+        dwReadEvery = 1; // less than 10 files
+
+    dwNumFiles = 0;
+    EnumSystemFiles(ReadFiles);
+}
+
+void
+RNG_SystemInfoForRNG(void)
+{
+    unsigned long *plong = 0;
+    PTIB ptib;
+    PPIB ppib;
+    APIRET rc = NO_ERROR;
+    DATETIME dt;
+    COUNTRYCODE cc = { 0 };
+    COUNTRYINFO ci = { 0 };
+    unsigned long actual = 0;
+    char path[_MAX_PATH] = "";
+    char fullpath[_MAX_PATH] = "";
+    unsigned long pathlength = sizeof(path);
+    FSALLOCATE fsallocate;
+    FILESTATUS3 fstatus;
+    unsigned long defaultdrive = 0;
+    unsigned long logicaldrives = 0;
+    unsigned long sysInfo[QSV_MAX] = { 0 };
+    char buffer[20];
+    int nBytes = 0;
+
+    nBytes = RNG_GetNoise(buffer, sizeof(buffer));
+    RNG_RandomUpdate(buffer, nBytes);
+
+    /* allocate memory and use address and memory */
+    plong = (unsigned long *)malloc(sizeof(*plong));
+    RNG_RandomUpdate(&plong, sizeof(plong));
+    RNG_RandomUpdate(plong, sizeof(*plong));
+    free(plong);
+
+    /* process info */
+    rc = DosGetInfoBlocks(&ptib, &ppib);
+    if (rc == NO_ERROR) {
+        RNG_RandomUpdate(ptib, sizeof(*ptib));
+        RNG_RandomUpdate(ppib, sizeof(*ppib));
+    }
+
+    /* time */
+    rc = DosGetDateTime(&dt);
+    if (rc == NO_ERROR) {
+        RNG_RandomUpdate(&dt, sizeof(dt));
+    }
+
+    /* country */
+    rc = DosQueryCtryInfo(sizeof(ci), &cc, &ci, &actual);
+    if (rc == NO_ERROR) {
+        RNG_RandomUpdate(&cc, sizeof(cc));
+        RNG_RandomUpdate(&ci, sizeof(ci));
+        RNG_RandomUpdate(&actual, sizeof(actual));
+    }
+
+    /* current directory */
+    rc = DosQueryCurrentDir(0, path, &pathlength);
+    strcat(fullpath, "\\");
+    strcat(fullpath, path);
+    if (rc == NO_ERROR) {
+        RNG_RandomUpdate(fullpath, strlen(fullpath));
+        // path info
+        rc = DosQueryPathInfo(fullpath, FIL_STANDARD, &fstatus, sizeof(fstatus));
+        if (rc == NO_ERROR) {
+            RNG_RandomUpdate(&fstatus, sizeof(fstatus));
+        }
+    }
+
+    /* file system info */
+    rc = DosQueryFSInfo(0, FSIL_ALLOC, &fsallocate, sizeof(fsallocate));
+    if (rc == NO_ERROR) {
+        RNG_RandomUpdate(&fsallocate, sizeof(fsallocate));
+    }
+
+    /* drive info */
+    rc = DosQueryCurrentDisk(&defaultdrive, &logicaldrives);
+    if (rc == NO_ERROR) {
+        RNG_RandomUpdate(&defaultdrive, sizeof(defaultdrive));
+        RNG_RandomUpdate(&logicaldrives, sizeof(logicaldrives));
+    }
+
+    /* system info */
+    rc = DosQuerySysInfo(1L, QSV_MAX, (PVOID)&sysInfo, sizeof(ULONG) * QSV_MAX);
+    if (rc == NO_ERROR) {
+        RNG_RandomUpdate(&sysInfo, sizeof(sysInfo));
+    }
+
+    // now let's do some files
+    ReadSystemFiles();
+
+    /* more noise */
+    nBytes = RNG_GetNoise(buffer, sizeof(buffer));
+    RNG_RandomUpdate(buffer, nBytes);
+}
+
+void
+RNG_FileForRNG(const char *filename)
+{
+    struct stat stat_buf;
+    unsigned char buffer[1024];
+    FILE *file = 0;
+    int nBytes = 0;
+    static int totalFileBytes = 0;
+
+    if (stat((char *)filename, &stat_buf) < 0)
+        return;
+
+    RNG_RandomUpdate((unsigned char *)&stat_buf, sizeof(stat_buf));
+
+    file = fopen((char *)filename, "r");
+    if (file != NULL) {
+        for (;;) {
+            size_t bytes = fread(buffer, 1, sizeof(buffer), file);
+
+            if (bytes == 0)
+                break;
+
+            RNG_RandomUpdate(buffer, bytes);
+            totalFileBytes += bytes;
+            if (totalFileBytes > 250000)
+                break;
+        }
+        fclose(file);
+    }
+
+    nBytes = RNG_GetNoise(buffer, 20);
+    RNG_RandomUpdate(buffer, nBytes);
+}
+
+static void
+rng_systemJitter(void)
+{
+    dwNumFiles = 0;
+    EnumSystemFiles(ReadOneFile);
+    dwFileToRead++;
+    if (dwFileToRead >= dwNumFiles) {
+        dwFileToRead = 0;
+    }
+}
+
+size_t
+RNG_SystemRNG(void *dest, size_t maxLen)
+{
+    return rng_systemFromNoise(dest, maxLen);
+}
diff --git a/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c b/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
new file mode 100644
index 0000000..3c803c1
--- /dev/null
+++ b/nss/lib/freebl/poly1305-donna-x64-sse2-incremental-source.c
@@ -0,0 +1,881 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This implementation of poly1305 is by Andrew Moon
+ * (https://github.com/floodyberry/poly1305-donna) and released as public
+ * domain. It implements SIMD vectorization based on the algorithm described in
+ * http://cr.yp.to/papers.html#neoncrypto. Unrolled to 2 powers, i.e. 64 byte
+ * block size. */
+
+#include <emmintrin.h>
+#include <stdint.h>
+
+#include "poly1305.h"
+#include "blapii.h"
+
+#define ALIGN(x) __attribute__((aligned(x)))
+#define INLINE inline
+#define U8TO64_LE(m) (*(uint64_t *)(m))
+#define U8TO32_LE(m) (*(uint32_t *)(m))
+#define U64TO8_LE(m, v) (*(uint64_t *)(m)) = v
+
+typedef __m128i xmmi;
+typedef unsigned __int128 uint128_t;
+
+static const uint32_t ALIGN(16) poly1305_x64_sse2_message_mask[4] = { (1 << 26) - 1, 0, (1 << 26) - 1, 0 };
+static const uint32_t ALIGN(16) poly1305_x64_sse2_5[4] = { 5, 0, 5, 0 };
+static const uint32_t ALIGN(16) poly1305_x64_sse2_1shl128[4] = { (1 << 24), 0, (1 << 24), 0 };
+
+static uint128_t INLINE
+add128(uint128_t a, uint128_t b)
+{
+    return a + b;
+}
+
+static uint128_t INLINE
+add128_64(uint128_t a, uint64_t b)
+{
+    return a + b;
+}
+
+static uint128_t INLINE
+mul64x64_128(uint64_t a, uint64_t b)
+{
+    return (uint128_t)a * b;
+}
+
+static uint64_t INLINE
+lo128(uint128_t a)
+{
+    return (uint64_t)a;
+}
+
+static uint64_t INLINE
+shr128(uint128_t v, const int shift)
+{
+    return (uint64_t)(v >> shift);
+}
+
+static uint64_t INLINE
+shr128_pair(uint64_t hi, uint64_t lo, const int shift)
+{
+    return (uint64_t)((((uint128_t)hi << 64) | lo) >> shift);
+}
+
+typedef struct poly1305_power_t {
+    union {
+        xmmi v;
+        uint64_t u[2];
+        uint32_t d[4];
+    } R20, R21, R22, R23, R24, S21, S22, S23, S24;
+} poly1305_power;
+
+typedef struct poly1305_state_internal_t {
+    poly1305_power P[2]; /* 288 bytes, top 32 bit halves unused = 144 bytes of free storage */
+    union {
+        xmmi H[5]; /*  80 bytes  */
+        uint64_t HH[10];
+    };
+    /* uint64_t r0,r1,r2;       [24 bytes] */
+    /* uint64_t pad0,pad1;      [16 bytes] */
+    uint64_t started;      /*   8 bytes  */
+    uint64_t leftover;     /*   8 bytes  */
+    uint8_t buffer[64];    /*  64 bytes  */
+} poly1305_state_internal; /* 448 bytes total + 63 bytes for alignment = 511 bytes raw */
+
+static poly1305_state_internal INLINE
+    *
+    poly1305_aligned_state(poly1305_state *state)
+{
+    return (poly1305_state_internal *)(((uint64_t)state + 63) & ~63);
+}
+
+/* copy 0-63 bytes */
+static void INLINE NO_SANITIZE_ALIGNMENT
+poly1305_block_copy(uint8_t *dst, const uint8_t *src, size_t bytes)
+{
+    size_t offset = src - dst;
+    if (bytes & 32) {
+        _mm_storeu_si128((xmmi *)(dst + 0), _mm_loadu_si128((xmmi *)(dst + offset + 0)));
+        _mm_storeu_si128((xmmi *)(dst + 16), _mm_loadu_si128((xmmi *)(dst + offset + 16)));
+        dst += 32;
+    }
+    if (bytes & 16) {
+        _mm_storeu_si128((xmmi *)dst, _mm_loadu_si128((xmmi *)(dst + offset)));
+        dst += 16;
+    }
+    if (bytes & 8) {
+        *(uint64_t *)dst = *(uint64_t *)(dst + offset);
+        dst += 8;
+    }
+    if (bytes & 4) {
+        *(uint32_t *)dst = *(uint32_t *)(dst + offset);
+        dst += 4;
+    }
+    if (bytes & 2) {
+        *(uint16_t *)dst = *(uint16_t *)(dst + offset);
+        dst += 2;
+    }
+    if (bytes & 1) {
+        *(uint8_t *)dst = *(uint8_t *)(dst + offset);
+    }
+}
+
+/* zero 0-15 bytes */
+static void INLINE
+poly1305_block_zero(uint8_t *dst, size_t bytes)
+{
+    if (bytes & 8) {
+        *(uint64_t *)dst = 0;
+        dst += 8;
+    }
+    if (bytes & 4) {
+        *(uint32_t *)dst = 0;
+        dst += 4;
+    }
+    if (bytes & 2) {
+        *(uint16_t *)dst = 0;
+        dst += 2;
+    }
+    if (bytes & 1) {
+        *(uint8_t *)dst = 0;
+    }
+}
+
+static size_t INLINE
+poly1305_min(size_t a, size_t b)
+{
+    return (a < b) ? a : b;
+}
+
+void
+Poly1305Init(poly1305_state *state, const unsigned char key[32])
+{
+    poly1305_state_internal *st = poly1305_aligned_state(state);
+    poly1305_power *p;
+    uint64_t r0, r1, r2;
+    uint64_t t0, t1;
+
+    /* clamp key */
+    t0 = U8TO64_LE(key + 0);
+    t1 = U8TO64_LE(key + 8);
+    r0 = t0 & 0xffc0fffffff;
+    t0 >>= 44;
+    t0 |= t1 << 20;
+    r1 = t0 & 0xfffffc0ffff;
+    t1 >>= 24;
+    r2 = t1 & 0x00ffffffc0f;
+
+    /* store r in un-used space of st->P[1] */
+    p = &st->P[1];
+    p->R20.d[1] = (uint32_t)(r0);
+    p->R20.d[3] = (uint32_t)(r0 >> 32);
+    p->R21.d[1] = (uint32_t)(r1);
+    p->R21.d[3] = (uint32_t)(r1 >> 32);
+    p->R22.d[1] = (uint32_t)(r2);
+    p->R22.d[3] = (uint32_t)(r2 >> 32);
+
+    /* store pad */
+    p->R23.d[1] = U8TO32_LE(key + 16);
+    p->R23.d[3] = U8TO32_LE(key + 20);
+    p->R24.d[1] = U8TO32_LE(key + 24);
+    p->R24.d[3] = U8TO32_LE(key + 28);
+
+    /* H = 0 */
+    st->H[0] = _mm_setzero_si128();
+    st->H[1] = _mm_setzero_si128();
+    st->H[2] = _mm_setzero_si128();
+    st->H[3] = _mm_setzero_si128();
+    st->H[4] = _mm_setzero_si128();
+
+    st->started = 0;
+    st->leftover = 0;
+}
+
+static void
+poly1305_first_block(poly1305_state_internal *st, const uint8_t *m)
+{
+    const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
+    const xmmi FIVE = _mm_load_si128((xmmi *)poly1305_x64_sse2_5);
+    const xmmi HIBIT = _mm_load_si128((xmmi *)poly1305_x64_sse2_1shl128);
+    xmmi T5, T6;
+    poly1305_power *p;
+    uint128_t d[3];
+    uint64_t r0, r1, r2;
+    uint64_t r20, r21, r22, s22;
+    uint64_t pad0, pad1;
+    uint64_t c;
+    uint64_t i;
+
+    /* pull out stored info */
+    p = &st->P[1];
+
+    r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
+    r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
+    r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
+    pad0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1];
+    pad1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1];
+
+    /* compute powers r^2,r^4 */
+    r20 = r0;
+    r21 = r1;
+    r22 = r2;
+    for (i = 0; i < 2; i++) {
+        s22 = r22 * (5 << 2);
+
+        d[0] = add128(mul64x64_128(r20, r20), mul64x64_128(r21 * 2, s22));
+        d[1] = add128(mul64x64_128(r22, s22), mul64x64_128(r20 * 2, r21));
+        d[2] = add128(mul64x64_128(r21, r21), mul64x64_128(r22 * 2, r20));
+
+        r20 = lo128(d[0]) & 0xfffffffffff;
+        c = shr128(d[0], 44);
+        d[1] = add128_64(d[1], c);
+        r21 = lo128(d[1]) & 0xfffffffffff;
+        c = shr128(d[1], 44);
+        d[2] = add128_64(d[2], c);
+        r22 = lo128(d[2]) & 0x3ffffffffff;
+        c = shr128(d[2], 42);
+        r20 += c * 5;
+        c = (r20 >> 44);
+        r20 = r20 & 0xfffffffffff;
+        r21 += c;
+
+        p->R20.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)(r20)&0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+        p->R21.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r20 >> 26) | (r21 << 18)) & 0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+        p->R22.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 8)) & 0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+        p->R23.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r21 >> 34) | (r22 << 10)) & 0x3ffffff), _MM_SHUFFLE(1, 0, 1, 0));
+        p->R24.v = _mm_shuffle_epi32(_mm_cvtsi32_si128((uint32_t)((r22 >> 16))), _MM_SHUFFLE(1, 0, 1, 0));
+        p->S21.v = _mm_mul_epu32(p->R21.v, FIVE);
+        p->S22.v = _mm_mul_epu32(p->R22.v, FIVE);
+        p->S23.v = _mm_mul_epu32(p->R23.v, FIVE);
+        p->S24.v = _mm_mul_epu32(p->R24.v, FIVE);
+        p--;
+    }
+
+    /* put saved info back */
+    p = &st->P[1];
+    p->R20.d[1] = (uint32_t)(r0);
+    p->R20.d[3] = (uint32_t)(r0 >> 32);
+    p->R21.d[1] = (uint32_t)(r1);
+    p->R21.d[3] = (uint32_t)(r1 >> 32);
+    p->R22.d[1] = (uint32_t)(r2);
+    p->R22.d[3] = (uint32_t)(r2 >> 32);
+    p->R23.d[1] = (uint32_t)(pad0);
+    p->R23.d[3] = (uint32_t)(pad0 >> 32);
+    p->R24.d[1] = (uint32_t)(pad1);
+    p->R24.d[3] = (uint32_t)(pad1 >> 32);
+
+    /* H = [Mx,My] */
+    T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
+    T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
+    st->H[0] = _mm_and_si128(MMASK, T5);
+    st->H[1] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+    T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+    st->H[2] = _mm_and_si128(MMASK, T5);
+    st->H[3] = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+    st->H[4] = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+}
+
+static void
+poly1305_blocks(poly1305_state_internal *st, const uint8_t *m, size_t bytes)
+{
+    const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
+    const xmmi FIVE = _mm_load_si128((xmmi *)poly1305_x64_sse2_5);
+    const xmmi HIBIT = _mm_load_si128((xmmi *)poly1305_x64_sse2_1shl128);
+
+    poly1305_power *p;
+    xmmi H0, H1, H2, H3, H4;
+    xmmi T0, T1, T2, T3, T4, T5, T6;
+    xmmi M0, M1, M2, M3, M4;
+    xmmi C1, C2;
+
+    H0 = st->H[0];
+    H1 = st->H[1];
+    H2 = st->H[2];
+    H3 = st->H[3];
+    H4 = st->H[4];
+
+    while (bytes >= 64) {
+        /* H *= [r^4,r^4] */
+        p = &st->P[0];
+        T0 = _mm_mul_epu32(H0, p->R20.v);
+        T1 = _mm_mul_epu32(H0, p->R21.v);
+        T2 = _mm_mul_epu32(H0, p->R22.v);
+        T3 = _mm_mul_epu32(H0, p->R23.v);
+        T4 = _mm_mul_epu32(H0, p->R24.v);
+        T5 = _mm_mul_epu32(H1, p->S24.v);
+        T6 = _mm_mul_epu32(H1, p->R20.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H2, p->S23.v);
+        T6 = _mm_mul_epu32(H2, p->S24.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H3, p->S22.v);
+        T6 = _mm_mul_epu32(H3, p->S23.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H4, p->S21.v);
+        T6 = _mm_mul_epu32(H4, p->S22.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H1, p->R21.v);
+        T6 = _mm_mul_epu32(H1, p->R22.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H2, p->R20.v);
+        T6 = _mm_mul_epu32(H2, p->R21.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H3, p->S24.v);
+        T6 = _mm_mul_epu32(H3, p->R20.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H4, p->S23.v);
+        T6 = _mm_mul_epu32(H4, p->S24.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H1, p->R23.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(H2, p->R22.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(H3, p->R21.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(H4, p->R20.v);
+        T4 = _mm_add_epi64(T4, T5);
+
+        /* H += [Mx,My]*[r^2,r^2] */
+        T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
+        T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
+        M0 = _mm_and_si128(MMASK, T5);
+        M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+        T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+        M2 = _mm_and_si128(MMASK, T5);
+        M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+        M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+
+        p = &st->P[1];
+        T5 = _mm_mul_epu32(M0, p->R20.v);
+        T6 = _mm_mul_epu32(M0, p->R21.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(M1, p->S24.v);
+        T6 = _mm_mul_epu32(M1, p->R20.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(M2, p->S23.v);
+        T6 = _mm_mul_epu32(M2, p->S24.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(M3, p->S22.v);
+        T6 = _mm_mul_epu32(M3, p->S23.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(M4, p->S21.v);
+        T6 = _mm_mul_epu32(M4, p->S22.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(M0, p->R22.v);
+        T6 = _mm_mul_epu32(M0, p->R23.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(M1, p->R21.v);
+        T6 = _mm_mul_epu32(M1, p->R22.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(M2, p->R20.v);
+        T6 = _mm_mul_epu32(M2, p->R21.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(M3, p->S24.v);
+        T6 = _mm_mul_epu32(M3, p->R20.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(M4, p->S23.v);
+        T6 = _mm_mul_epu32(M4, p->S24.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(M0, p->R24.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(M1, p->R23.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(M2, p->R22.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(M3, p->R21.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(M4, p->R20.v);
+        T4 = _mm_add_epi64(T4, T5);
+
+        /* H += [Mx,My] */
+        T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 32)), _mm_loadl_epi64((xmmi *)(m + 48)));
+        T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 40)), _mm_loadl_epi64((xmmi *)(m + 56)));
+        M0 = _mm_and_si128(MMASK, T5);
+        M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+        T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+        M2 = _mm_and_si128(MMASK, T5);
+        M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+        M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+
+        T0 = _mm_add_epi64(T0, M0);
+        T1 = _mm_add_epi64(T1, M1);
+        T2 = _mm_add_epi64(T2, M2);
+        T3 = _mm_add_epi64(T3, M3);
+        T4 = _mm_add_epi64(T4, M4);
+
+        /* reduce */
+        C1 = _mm_srli_epi64(T0, 26);
+        C2 = _mm_srli_epi64(T3, 26);
+        T0 = _mm_and_si128(T0, MMASK);
+        T3 = _mm_and_si128(T3, MMASK);
+        T1 = _mm_add_epi64(T1, C1);
+        T4 = _mm_add_epi64(T4, C2);
+        C1 = _mm_srli_epi64(T1, 26);
+        C2 = _mm_srli_epi64(T4, 26);
+        T1 = _mm_and_si128(T1, MMASK);
+        T4 = _mm_and_si128(T4, MMASK);
+        T2 = _mm_add_epi64(T2, C1);
+        T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
+        C1 = _mm_srli_epi64(T2, 26);
+        C2 = _mm_srli_epi64(T0, 26);
+        T2 = _mm_and_si128(T2, MMASK);
+        T0 = _mm_and_si128(T0, MMASK);
+        T3 = _mm_add_epi64(T3, C1);
+        T1 = _mm_add_epi64(T1, C2);
+        C1 = _mm_srli_epi64(T3, 26);
+        T3 = _mm_and_si128(T3, MMASK);
+        T4 = _mm_add_epi64(T4, C1);
+
+        /* H = (H*[r^4,r^4] + [Mx,My]*[r^2,r^2] + [Mx,My]) */
+        H0 = T0;
+        H1 = T1;
+        H2 = T2;
+        H3 = T3;
+        H4 = T4;
+
+        m += 64;
+        bytes -= 64;
+    }
+
+    st->H[0] = H0;
+    st->H[1] = H1;
+    st->H[2] = H2;
+    st->H[3] = H3;
+    st->H[4] = H4;
+}
+
+static size_t
+poly1305_combine(poly1305_state_internal *st, const uint8_t *m, size_t bytes)
+{
+    const xmmi MMASK = _mm_load_si128((xmmi *)poly1305_x64_sse2_message_mask);
+    const xmmi HIBIT = _mm_load_si128((xmmi *)poly1305_x64_sse2_1shl128);
+    const xmmi FIVE = _mm_load_si128((xmmi *)poly1305_x64_sse2_5);
+
+    poly1305_power *p;
+    xmmi H0, H1, H2, H3, H4;
+    xmmi M0, M1, M2, M3, M4;
+    xmmi T0, T1, T2, T3, T4, T5, T6;
+    xmmi C1, C2;
+
+    uint64_t r0, r1, r2;
+    uint64_t t0, t1, t2, t3, t4;
+    uint64_t c;
+    size_t consumed = 0;
+
+    H0 = st->H[0];
+    H1 = st->H[1];
+    H2 = st->H[2];
+    H3 = st->H[3];
+    H4 = st->H[4];
+
+    /* p = [r^2,r^2] */
+    p = &st->P[1];
+
+    if (bytes >= 32) {
+        /* H *= [r^2,r^2] */
+        T0 = _mm_mul_epu32(H0, p->R20.v);
+        T1 = _mm_mul_epu32(H0, p->R21.v);
+        T2 = _mm_mul_epu32(H0, p->R22.v);
+        T3 = _mm_mul_epu32(H0, p->R23.v);
+        T4 = _mm_mul_epu32(H0, p->R24.v);
+        T5 = _mm_mul_epu32(H1, p->S24.v);
+        T6 = _mm_mul_epu32(H1, p->R20.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H2, p->S23.v);
+        T6 = _mm_mul_epu32(H2, p->S24.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H3, p->S22.v);
+        T6 = _mm_mul_epu32(H3, p->S23.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H4, p->S21.v);
+        T6 = _mm_mul_epu32(H4, p->S22.v);
+        T0 = _mm_add_epi64(T0, T5);
+        T1 = _mm_add_epi64(T1, T6);
+        T5 = _mm_mul_epu32(H1, p->R21.v);
+        T6 = _mm_mul_epu32(H1, p->R22.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H2, p->R20.v);
+        T6 = _mm_mul_epu32(H2, p->R21.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H3, p->S24.v);
+        T6 = _mm_mul_epu32(H3, p->R20.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H4, p->S23.v);
+        T6 = _mm_mul_epu32(H4, p->S24.v);
+        T2 = _mm_add_epi64(T2, T5);
+        T3 = _mm_add_epi64(T3, T6);
+        T5 = _mm_mul_epu32(H1, p->R23.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(H2, p->R22.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(H3, p->R21.v);
+        T4 = _mm_add_epi64(T4, T5);
+        T5 = _mm_mul_epu32(H4, p->R20.v);
+        T4 = _mm_add_epi64(T4, T5);
+
+        /* H += [Mx,My] */
+        T5 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 0)), _mm_loadl_epi64((xmmi *)(m + 16)));
+        T6 = _mm_unpacklo_epi64(_mm_loadl_epi64((xmmi *)(m + 8)), _mm_loadl_epi64((xmmi *)(m + 24)));
+        M0 = _mm_and_si128(MMASK, T5);
+        M1 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+        T5 = _mm_or_si128(_mm_srli_epi64(T5, 52), _mm_slli_epi64(T6, 12));
+        M2 = _mm_and_si128(MMASK, T5);
+        M3 = _mm_and_si128(MMASK, _mm_srli_epi64(T5, 26));
+        M4 = _mm_or_si128(_mm_srli_epi64(T6, 40), HIBIT);
+
+        T0 = _mm_add_epi64(T0, M0);
+        T1 = _mm_add_epi64(T1, M1);
+        T2 = _mm_add_epi64(T2, M2);
+        T3 = _mm_add_epi64(T3, M3);
+        T4 = _mm_add_epi64(T4, M4);
+
+        /* reduce */
+        C1 = _mm_srli_epi64(T0, 26);
+        C2 = _mm_srli_epi64(T3, 26);
+        T0 = _mm_and_si128(T0, MMASK);
+        T3 = _mm_and_si128(T3, MMASK);
+        T1 = _mm_add_epi64(T1, C1);
+        T4 = _mm_add_epi64(T4, C2);
+        C1 = _mm_srli_epi64(T1, 26);
+        C2 = _mm_srli_epi64(T4, 26);
+        T1 = _mm_and_si128(T1, MMASK);
+        T4 = _mm_and_si128(T4, MMASK);
+        T2 = _mm_add_epi64(T2, C1);
+        T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
+        C1 = _mm_srli_epi64(T2, 26);
+        C2 = _mm_srli_epi64(T0, 26);
+        T2 = _mm_and_si128(T2, MMASK);
+        T0 = _mm_and_si128(T0, MMASK);
+        T3 = _mm_add_epi64(T3, C1);
+        T1 = _mm_add_epi64(T1, C2);
+        C1 = _mm_srli_epi64(T3, 26);
+        T3 = _mm_and_si128(T3, MMASK);
+        T4 = _mm_add_epi64(T4, C1);
+
+        /* H = (H*[r^2,r^2] + [Mx,My]) */
+        H0 = T0;
+        H1 = T1;
+        H2 = T2;
+        H3 = T3;
+        H4 = T4;
+
+        consumed = 32;
+    }
+
+    /* finalize, H *= [r^2,r] */
+    r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
+    r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
+    r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
+
+    p->R20.d[2] = (uint32_t)(r0)&0x3ffffff;
+    p->R21.d[2] = (uint32_t)((r0 >> 26) | (r1 << 18)) & 0x3ffffff;
+    p->R22.d[2] = (uint32_t)((r1 >> 8)) & 0x3ffffff;
+    p->R23.d[2] = (uint32_t)((r1 >> 34) | (r2 << 10)) & 0x3ffffff;
+    p->R24.d[2] = (uint32_t)((r2 >> 16));
+    p->S21.d[2] = p->R21.d[2] * 5;
+    p->S22.d[2] = p->R22.d[2] * 5;
+    p->S23.d[2] = p->R23.d[2] * 5;
+    p->S24.d[2] = p->R24.d[2] * 5;
+
+    /* H *= [r^2,r] */
+    T0 = _mm_mul_epu32(H0, p->R20.v);
+    T1 = _mm_mul_epu32(H0, p->R21.v);
+    T2 = _mm_mul_epu32(H0, p->R22.v);
+    T3 = _mm_mul_epu32(H0, p->R23.v);
+    T4 = _mm_mul_epu32(H0, p->R24.v);
+    T5 = _mm_mul_epu32(H1, p->S24.v);
+    T6 = _mm_mul_epu32(H1, p->R20.v);
+    T0 = _mm_add_epi64(T0, T5);
+    T1 = _mm_add_epi64(T1, T6);
+    T5 = _mm_mul_epu32(H2, p->S23.v);
+    T6 = _mm_mul_epu32(H2, p->S24.v);
+    T0 = _mm_add_epi64(T0, T5);
+    T1 = _mm_add_epi64(T1, T6);
+    T5 = _mm_mul_epu32(H3, p->S22.v);
+    T6 = _mm_mul_epu32(H3, p->S23.v);
+    T0 = _mm_add_epi64(T0, T5);
+    T1 = _mm_add_epi64(T1, T6);
+    T5 = _mm_mul_epu32(H4, p->S21.v);
+    T6 = _mm_mul_epu32(H4, p->S22.v);
+    T0 = _mm_add_epi64(T0, T5);
+    T1 = _mm_add_epi64(T1, T6);
+    T5 = _mm_mul_epu32(H1, p->R21.v);
+    T6 = _mm_mul_epu32(H1, p->R22.v);
+    T2 = _mm_add_epi64(T2, T5);
+    T3 = _mm_add_epi64(T3, T6);
+    T5 = _mm_mul_epu32(H2, p->R20.v);
+    T6 = _mm_mul_epu32(H2, p->R21.v);
+    T2 = _mm_add_epi64(T2, T5);
+    T3 = _mm_add_epi64(T3, T6);
+    T5 = _mm_mul_epu32(H3, p->S24.v);
+    T6 = _mm_mul_epu32(H3, p->R20.v);
+    T2 = _mm_add_epi64(T2, T5);
+    T3 = _mm_add_epi64(T3, T6);
+    T5 = _mm_mul_epu32(H4, p->S23.v);
+    T6 = _mm_mul_epu32(H4, p->S24.v);
+    T2 = _mm_add_epi64(T2, T5);
+    T3 = _mm_add_epi64(T3, T6);
+    T5 = _mm_mul_epu32(H1, p->R23.v);
+    T4 = _mm_add_epi64(T4, T5);
+    T5 = _mm_mul_epu32(H2, p->R22.v);
+    T4 = _mm_add_epi64(T4, T5);
+    T5 = _mm_mul_epu32(H3, p->R21.v);
+    T4 = _mm_add_epi64(T4, T5);
+    T5 = _mm_mul_epu32(H4, p->R20.v);
+    T4 = _mm_add_epi64(T4, T5);
+
+    C1 = _mm_srli_epi64(T0, 26);
+    C2 = _mm_srli_epi64(T3, 26);
+    T0 = _mm_and_si128(T0, MMASK);
+    T3 = _mm_and_si128(T3, MMASK);
+    T1 = _mm_add_epi64(T1, C1);
+    T4 = _mm_add_epi64(T4, C2);
+    C1 = _mm_srli_epi64(T1, 26);
+    C2 = _mm_srli_epi64(T4, 26);
+    T1 = _mm_and_si128(T1, MMASK);
+    T4 = _mm_and_si128(T4, MMASK);
+    T2 = _mm_add_epi64(T2, C1);
+    T0 = _mm_add_epi64(T0, _mm_mul_epu32(C2, FIVE));
+    C1 = _mm_srli_epi64(T2, 26);
+    C2 = _mm_srli_epi64(T0, 26);
+    T2 = _mm_and_si128(T2, MMASK);
+    T0 = _mm_and_si128(T0, MMASK);
+    T3 = _mm_add_epi64(T3, C1);
+    T1 = _mm_add_epi64(T1, C2);
+    C1 = _mm_srli_epi64(T3, 26);
+    T3 = _mm_and_si128(T3, MMASK);
+    T4 = _mm_add_epi64(T4, C1);
+
+    /* H = H[0]+H[1] */
+    H0 = _mm_add_epi64(T0, _mm_srli_si128(T0, 8));
+    H1 = _mm_add_epi64(T1, _mm_srli_si128(T1, 8));
+    H2 = _mm_add_epi64(T2, _mm_srli_si128(T2, 8));
+    H3 = _mm_add_epi64(T3, _mm_srli_si128(T3, 8));
+    H4 = _mm_add_epi64(T4, _mm_srli_si128(T4, 8));
+
+    t0 = _mm_cvtsi128_si32(H0);
+    c = (t0 >> 26);
+    t0 &= 0x3ffffff;
+    t1 = _mm_cvtsi128_si32(H1) + c;
+    c = (t1 >> 26);
+    t1 &= 0x3ffffff;
+    t2 = _mm_cvtsi128_si32(H2) + c;
+    c = (t2 >> 26);
+    t2 &= 0x3ffffff;
+    t3 = _mm_cvtsi128_si32(H3) + c;
+    c = (t3 >> 26);
+    t3 &= 0x3ffffff;
+    t4 = _mm_cvtsi128_si32(H4) + c;
+    c = (t4 >> 26);
+    t4 &= 0x3ffffff;
+    t0 = t0 + (c * 5);
+    c = (t0 >> 26);
+    t0 &= 0x3ffffff;
+    t1 = t1 + c;
+
+    st->HH[0] = ((t0) | (t1 << 26)) & 0xfffffffffffull;
+    st->HH[1] = ((t1 >> 18) | (t2 << 8) | (t3 << 34)) & 0xfffffffffffull;
+    st->HH[2] = ((t3 >> 10) | (t4 << 16)) & 0x3ffffffffffull;
+
+    return consumed;
+}
+
+void
+Poly1305Update(poly1305_state *state, const unsigned char *m, size_t bytes)
+{
+    poly1305_state_internal *st = poly1305_aligned_state(state);
+    size_t want;
+
+    /* need at least 32 initial bytes to start the accelerated branch */
+    if (!st->started) {
+        if ((st->leftover == 0) && (bytes > 32)) {
+            poly1305_first_block(st, m);
+            m += 32;
+            bytes -= 32;
+        } else {
+            want = poly1305_min(32 - st->leftover, bytes);
+            poly1305_block_copy(st->buffer + st->leftover, m, want);
+            bytes -= want;
+            m += want;
+            st->leftover += want;
+            if ((st->leftover < 32) || (bytes == 0))
+                return;
+            poly1305_first_block(st, st->buffer);
+            st->leftover = 0;
+        }
+        st->started = 1;
+    }
+
+    /* handle leftover */
+    if (st->leftover) {
+        want = poly1305_min(64 - st->leftover, bytes);
+        poly1305_block_copy(st->buffer + st->leftover, m, want);
+        bytes -= want;
+        m += want;
+        st->leftover += want;
+        if (st->leftover < 64)
+            return;
+        poly1305_blocks(st, st->buffer, 64);
+        st->leftover = 0;
+    }
+
+    /* process 64 byte blocks */
+    if (bytes >= 64) {
+        want = (bytes & ~63);
+        poly1305_blocks(st, m, want);
+        m += want;
+        bytes -= want;
+    }
+
+    if (bytes) {
+        poly1305_block_copy(st->buffer + st->leftover, m, bytes);
+        st->leftover += bytes;
+    }
+}
+
+void
+Poly1305Finish(poly1305_state *state, unsigned char mac[16])
+{
+    poly1305_state_internal *st = poly1305_aligned_state(state);
+    size_t leftover = st->leftover;
+    uint8_t *m = st->buffer;
+    uint128_t d[3];
+    uint64_t h0, h1, h2;
+    uint64_t t0, t1;
+    uint64_t g0, g1, g2, c, nc;
+    uint64_t r0, r1, r2, s1, s2;
+    poly1305_power *p;
+
+    if (st->started) {
+        size_t consumed = poly1305_combine(st, m, leftover);
+        leftover -= consumed;
+        m += consumed;
+    }
+
+    /* st->HH will either be 0 or have the combined result */
+    h0 = st->HH[0];
+    h1 = st->HH[1];
+    h2 = st->HH[2];
+
+    p = &st->P[1];
+    r0 = ((uint64_t)p->R20.d[3] << 32) | (uint64_t)p->R20.d[1];
+    r1 = ((uint64_t)p->R21.d[3] << 32) | (uint64_t)p->R21.d[1];
+    r2 = ((uint64_t)p->R22.d[3] << 32) | (uint64_t)p->R22.d[1];
+    s1 = r1 * (5 << 2);
+    s2 = r2 * (5 << 2);
+
+    if (leftover < 16)
+        goto poly1305_donna_atmost15bytes;
+
+poly1305_donna_atleast16bytes:
+    t0 = U8TO64_LE(m + 0);
+    t1 = U8TO64_LE(m + 8);
+    h0 += t0 & 0xfffffffffff;
+    t0 = shr128_pair(t1, t0, 44);
+    h1 += t0 & 0xfffffffffff;
+    h2 += (t1 >> 24) | ((uint64_t)1 << 40);
+
+poly1305_donna_mul:
+    d[0] = add128(add128(mul64x64_128(h0, r0), mul64x64_128(h1, s2)), mul64x64_128(h2, s1));
+    d[1] = add128(add128(mul64x64_128(h0, r1), mul64x64_128(h1, r0)), mul64x64_128(h2, s2));
+    d[2] = add128(add128(mul64x64_128(h0, r2), mul64x64_128(h1, r1)), mul64x64_128(h2, r0));
+    h0 = lo128(d[0]) & 0xfffffffffff;
+    c = shr128(d[0], 44);
+    d[1] = add128_64(d[1], c);
+    h1 = lo128(d[1]) & 0xfffffffffff;
+    c = shr128(d[1], 44);
+    d[2] = add128_64(d[2], c);
+    h2 = lo128(d[2]) & 0x3ffffffffff;
+    c = shr128(d[2], 42);
+    h0 += c * 5;
+
+    m += 16;
+    leftover -= 16;
+    if (leftover >= 16)
+        goto poly1305_donna_atleast16bytes;
+
+/* final bytes */
+poly1305_donna_atmost15bytes:
+    if (!leftover)
+        goto poly1305_donna_finish;
+
+    m[leftover++] = 1;
+    poly1305_block_zero(m + leftover, 16 - leftover);
+    leftover = 16;
+
+    t0 = U8TO64_LE(m + 0);
+    t1 = U8TO64_LE(m + 8);
+    h0 += t0 & 0xfffffffffff;
+    t0 = shr128_pair(t1, t0, 44);
+    h1 += t0 & 0xfffffffffff;
+    h2 += (t1 >> 24);
+
+    goto poly1305_donna_mul;
+
+poly1305_donna_finish:
+    c = (h0 >> 44);
+    h0 &= 0xfffffffffff;
+    h1 += c;
+    c = (h1 >> 44);
+    h1 &= 0xfffffffffff;
+    h2 += c;
+    c = (h2 >> 42);
+    h2 &= 0x3ffffffffff;
+    h0 += c * 5;
+
+    g0 = h0 + 5;
+    c = (g0 >> 44);
+    g0 &= 0xfffffffffff;
+    g1 = h1 + c;
+    c = (g1 >> 44);
+    g1 &= 0xfffffffffff;
+    g2 = h2 + c - ((uint64_t)1 << 42);
+
+    c = (g2 >> 63) - 1;
+    nc = ~c;
+    h0 = (h0 & nc) | (g0 & c);
+    h1 = (h1 & nc) | (g1 & c);
+    h2 = (h2 & nc) | (g2 & c);
+
+    /* pad */
+    t0 = ((uint64_t)p->R23.d[3] << 32) | (uint64_t)p->R23.d[1];
+    t1 = ((uint64_t)p->R24.d[3] << 32) | (uint64_t)p->R24.d[1];
+    h0 += (t0 & 0xfffffffffff);
+    c = (h0 >> 44);
+    h0 &= 0xfffffffffff;
+    t0 = shr128_pair(t1, t0, 44);
+    h1 += (t0 & 0xfffffffffff) + c;
+    c = (h1 >> 44);
+    h1 &= 0xfffffffffff;
+    t1 = (t1 >> 24);
+    h2 += (t1) + c;
+
+    U64TO8_LE(mac + 0, ((h0) | (h1 << 44)));
+    U64TO8_LE(mac + 8, ((h1 >> 20) | (h2 << 24)));
+}
diff --git a/nss/lib/freebl/poly1305.c b/nss/lib/freebl/poly1305.c
new file mode 100644
index 0000000..eb3e3cd
--- /dev/null
+++ b/nss/lib/freebl/poly1305.c
@@ -0,0 +1,314 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This implementation of poly1305 is by Andrew Moon
+ * (https://github.com/floodyberry/poly1305-donna) and released as public
+ * domain. */
+
+#include <string.h>
+
+#include "poly1305.h"
+
+#if defined(_MSC_VER) && _MSC_VER < 1600
+#include "prtypes.h"
+typedef PRUint32 uint32_t;
+typedef PRUint64 uint64_t;
+#else
+#include <stdint.h>
+#endif
+
+#if defined(NSS_X86) || defined(NSS_X64)
+/* We can assume little-endian. */
+static uint32_t
+U8TO32_LE(const unsigned char *m)
+{
+    uint32_t r;
+    memcpy(&r, m, sizeof(r));
+    return r;
+}
+
+static void
+U32TO8_LE(unsigned char *m, uint32_t v)
+{
+    memcpy(m, &v, sizeof(v));
+}
+#else
+static uint32_t
+U8TO32_LE(const unsigned char *m)
+{
+    return (uint32_t)m[0] |
+           (uint32_t)m[1] << 8 |
+           (uint32_t)m[2] << 16 |
+           (uint32_t)m[3] << 24;
+}
+
+static void
+U32TO8_LE(unsigned char *m, uint32_t v)
+{
+    m[0] = v;
+    m[1] = v >> 8;
+    m[2] = v >> 16;
+    m[3] = v >> 24;
+}
+#endif
+
+static uint64_t
+mul32x32_64(uint32_t a, uint32_t b)
+{
+    return (uint64_t)a * b;
+}
+
+struct poly1305_state_st {
+    uint32_t r0, r1, r2, r3, r4;
+    uint32_t s1, s2, s3, s4;
+    uint32_t h0, h1, h2, h3, h4;
+    unsigned char buf[16];
+    unsigned int buf_used;
+    unsigned char key[16];
+};
+
+/* update updates |state| given some amount of input data. This function may
+ * only be called with a |len| that is not a multiple of 16 at the end of the
+ * data. Otherwise the input must be buffered into 16 byte blocks. */
+static void
+update(struct poly1305_state_st *state, const unsigned char *in,
+       size_t len)
+{
+    uint32_t t0, t1, t2, t3;
+    uint64_t t[5];
+    uint32_t b;
+    uint64_t c;
+    size_t j;
+    unsigned char mp[16];
+
+    if (len < 16)
+        goto poly1305_donna_atmost15bytes;
+
+poly1305_donna_16bytes:
+    t0 = U8TO32_LE(in);
+    t1 = U8TO32_LE(in + 4);
+    t2 = U8TO32_LE(in + 8);
+    t3 = U8TO32_LE(in + 12);
+
+    in += 16;
+    len -= 16;
+
+    state->h0 += t0 & 0x3ffffff;
+    state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
+    state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
+    state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
+    state->h4 += (t3 >> 8) | (1 << 24);
+
+poly1305_donna_mul:
+    t[0] = mul32x32_64(state->h0, state->r0) +
+           mul32x32_64(state->h1, state->s4) +
+           mul32x32_64(state->h2, state->s3) +
+           mul32x32_64(state->h3, state->s2) +
+           mul32x32_64(state->h4, state->s1);
+    t[1] = mul32x32_64(state->h0, state->r1) +
+           mul32x32_64(state->h1, state->r0) +
+           mul32x32_64(state->h2, state->s4) +
+           mul32x32_64(state->h3, state->s3) +
+           mul32x32_64(state->h4, state->s2);
+    t[2] = mul32x32_64(state->h0, state->r2) +
+           mul32x32_64(state->h1, state->r1) +
+           mul32x32_64(state->h2, state->r0) +
+           mul32x32_64(state->h3, state->s4) +
+           mul32x32_64(state->h4, state->s3);
+    t[3] = mul32x32_64(state->h0, state->r3) +
+           mul32x32_64(state->h1, state->r2) +
+           mul32x32_64(state->h2, state->r1) +
+           mul32x32_64(state->h3, state->r0) +
+           mul32x32_64(state->h4, state->s4);
+    t[4] = mul32x32_64(state->h0, state->r4) +
+           mul32x32_64(state->h1, state->r3) +
+           mul32x32_64(state->h2, state->r2) +
+           mul32x32_64(state->h3, state->r1) +
+           mul32x32_64(state->h4, state->r0);
+
+    state->h0 = (uint32_t)t[0] & 0x3ffffff;
+    c = (t[0] >> 26);
+    t[1] += c;
+    state->h1 = (uint32_t)t[1] & 0x3ffffff;
+    b = (uint32_t)(t[1] >> 26);
+    t[2] += b;
+    state->h2 = (uint32_t)t[2] & 0x3ffffff;
+    b = (uint32_t)(t[2] >> 26);
+    t[3] += b;
+    state->h3 = (uint32_t)t[3] & 0x3ffffff;
+    b = (uint32_t)(t[3] >> 26);
+    t[4] += b;
+    state->h4 = (uint32_t)t[4] & 0x3ffffff;
+    b = (uint32_t)(t[4] >> 26);
+    state->h0 += b * 5;
+
+    if (len >= 16)
+        goto poly1305_donna_16bytes;
+
+/* final bytes */
+poly1305_donna_atmost15bytes:
+    if (!len)
+        return;
+
+    for (j = 0; j < len; j++)
+        mp[j] = in[j];
+    mp[j++] = 1;
+    for (; j < 16; j++)
+        mp[j] = 0;
+    len = 0;
+
+    t0 = U8TO32_LE(mp + 0);
+    t1 = U8TO32_LE(mp + 4);
+    t2 = U8TO32_LE(mp + 8);
+    t3 = U8TO32_LE(mp + 12);
+
+    state->h0 += t0 & 0x3ffffff;
+    state->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
+    state->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
+    state->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
+    state->h4 += (t3 >> 8);
+
+    goto poly1305_donna_mul;
+}
+
+void
+Poly1305Init(poly1305_state *statep, const unsigned char key[32])
+{
+    struct poly1305_state_st *state = (struct poly1305_state_st *)statep;
+    uint32_t t0, t1, t2, t3;
+
+    t0 = U8TO32_LE(key + 0);
+    t1 = U8TO32_LE(key + 4);
+    t2 = U8TO32_LE(key + 8);
+    t3 = U8TO32_LE(key + 12);
+
+    /* precompute multipliers */
+    state->r0 = t0 & 0x3ffffff;
+    t0 >>= 26;
+    t0 |= t1 << 6;
+    state->r1 = t0 & 0x3ffff03;
+    t1 >>= 20;
+    t1 |= t2 << 12;
+    state->r2 = t1 & 0x3ffc0ff;
+    t2 >>= 14;
+    t2 |= t3 << 18;
+    state->r3 = t2 & 0x3f03fff;
+    t3 >>= 8;
+    state->r4 = t3 & 0x00fffff;
+
+    state->s1 = state->r1 * 5;
+    state->s2 = state->r2 * 5;
+    state->s3 = state->r3 * 5;
+    state->s4 = state->r4 * 5;
+
+    /* init state */
+    state->h0 = 0;
+    state->h1 = 0;
+    state->h2 = 0;
+    state->h3 = 0;
+    state->h4 = 0;
+
+    state->buf_used = 0;
+    memcpy(state->key, key + 16, sizeof(state->key));
+}
+
+void
+Poly1305Update(poly1305_state *statep, const unsigned char *in,
+               size_t in_len)
+{
+    unsigned int i;
+    struct poly1305_state_st *state = (struct poly1305_state_st *)statep;
+
+    if (state->buf_used) {
+        unsigned int todo = 16 - state->buf_used;
+        if (todo > in_len)
+            todo = in_len;
+        for (i = 0; i < todo; i++)
+            state->buf[state->buf_used + i] = in[i];
+        state->buf_used += todo;
+        in_len -= todo;
+        in += todo;
+
+        if (state->buf_used == 16) {
+            update(state, state->buf, 16);
+            state->buf_used = 0;
+        }
+    }
+
+    if (in_len >= 16) {
+        size_t todo = in_len & ~0xf;
+        update(state, in, todo);
+        in += todo;
+        in_len &= 0xf;
+    }
+
+    if (in_len) {
+        for (i = 0; i < in_len; i++)
+            state->buf[i] = in[i];
+        state->buf_used = in_len;
+    }
+}
+
+void
+Poly1305Finish(poly1305_state *statep, unsigned char mac[16])
+{
+    struct poly1305_state_st *state = (struct poly1305_state_st *)statep;
+    uint64_t f0, f1, f2, f3;
+    uint32_t g0, g1, g2, g3, g4;
+    uint32_t b, nb;
+
+    if (state->buf_used)
+        update(state, state->buf, state->buf_used);
+
+    b = state->h0 >> 26;
+    state->h0 = state->h0 & 0x3ffffff;
+    state->h1 += b;
+    b = state->h1 >> 26;
+    state->h1 = state->h1 & 0x3ffffff;
+    state->h2 += b;
+    b = state->h2 >> 26;
+    state->h2 = state->h2 & 0x3ffffff;
+    state->h3 += b;
+    b = state->h3 >> 26;
+    state->h3 = state->h3 & 0x3ffffff;
+    state->h4 += b;
+    b = state->h4 >> 26;
+    state->h4 = state->h4 & 0x3ffffff;
+    state->h0 += b * 5;
+
+    g0 = state->h0 + 5;
+    b = g0 >> 26;
+    g0 &= 0x3ffffff;
+    g1 = state->h1 + b;
+    b = g1 >> 26;
+    g1 &= 0x3ffffff;
+    g2 = state->h2 + b;
+    b = g2 >> 26;
+    g2 &= 0x3ffffff;
+    g3 = state->h3 + b;
+    b = g3 >> 26;
+    g3 &= 0x3ffffff;
+    g4 = state->h4 + b - (1 << 26);
+
+    b = (g4 >> 31) - 1;
+    nb = ~b;
+    state->h0 = (state->h0 & nb) | (g0 & b);
+    state->h1 = (state->h1 & nb) | (g1 & b);
+    state->h2 = (state->h2 & nb) | (g2 & b);
+    state->h3 = (state->h3 & nb) | (g3 & b);
+    state->h4 = (state->h4 & nb) | (g4 & b);
+
+    f0 = ((state->h0) | (state->h1 << 26)) + (uint64_t)U8TO32_LE(&state->key[0]);
+    f1 = ((state->h1 >> 6) | (state->h2 << 20)) + (uint64_t)U8TO32_LE(&state->key[4]);
+    f2 = ((state->h2 >> 12) | (state->h3 << 14)) + (uint64_t)U8TO32_LE(&state->key[8]);
+    f3 = ((state->h3 >> 18) | (state->h4 << 8)) + (uint64_t)U8TO32_LE(&state->key[12]);
+
+    U32TO8_LE(&mac[0], (uint32_t)f0);
+    f1 += (f0 >> 32);
+    U32TO8_LE(&mac[4], (uint32_t)f1);
+    f2 += (f1 >> 32);
+    U32TO8_LE(&mac[8], (uint32_t)f2);
+    f3 += (f2 >> 32);
+    U32TO8_LE(&mac[12], (uint32_t)f3);
+}
diff --git a/nss/lib/freebl/poly1305.h b/nss/lib/freebl/poly1305.h
new file mode 100644
index 0000000..0a46348
--- /dev/null
+++ b/nss/lib/freebl/poly1305.h
@@ -0,0 +1,28 @@
+/*
+ * poly1305.h - header file for Poly1305 implementation.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef FREEBL_POLY1305_H_
+#define FREEBL_POLY1305_H_
+
+typedef unsigned char poly1305_state[512];
+
+/* Poly1305Init sets up |state| so that it can be used to calculate an
+ * authentication tag with the one-time key |key|. Note that |key| is a
+ * one-time key and therefore there is no `reset' method because that would
+ * enable several messages to be authenticated with the same key. */
+extern void Poly1305Init(poly1305_state* state, const unsigned char key[32]);
+
+/* Poly1305Update processes |in_len| bytes from |in|. It can be called zero or
+ * more times after poly1305_init. */
+extern void Poly1305Update(poly1305_state* state, const unsigned char* in,
+                           size_t inLen);
+
+/* Poly1305Finish completes the poly1305 calculation and writes a 16 byte
+ * authentication tag to |mac|. */
+extern void Poly1305Finish(poly1305_state* state, unsigned char mac[16]);
+
+#endif /* FREEBL_POLY1305_H_ */
diff --git a/nss/lib/freebl/pqg.c b/nss/lib/freebl/pqg.c
new file mode 100644
index 0000000..2f24afd
--- /dev/null
+++ b/nss/lib/freebl/pqg.c
@@ -0,0 +1,1878 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * PQG parameter generation/verification.  Based on FIPS 186-3.
+ */
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+#include "secitem.h"
+#include "mpi.h"
+#include "mpprime.h"
+#include "mplogic.h"
+#include "secmpi.h"
+
+#define MAX_ITERATIONS 1000 /* Maximum number of iterations of primegen */
+
+typedef enum {
+    FIPS186_1_TYPE,   /* Probablistic */
+    FIPS186_3_TYPE,   /* Probablistic */
+    FIPS186_3_ST_TYPE /* Shawe-Taylor provable */
+} pqgGenType;
+
+/*
+ * These test iterations are quite a bit larger than we previously had.
+ * This is because FIPS 186-3 is worried about the primes in PQG generation.
+ * It may be possible to purposefully construct composites which more
+ * iterations of Miller-Rabin than the for your normal randomly selected
+ * numbers.There are 3 ways to counter this: 1) use one of the cool provably
+ * prime algorithms (which would require a lot more work than DSA-2 deservers.
+ * 2) add a Lucas primality test (which requires coding a Lucas primality test,
+ * or 3) use a larger M-R test count. I chose the latter. It increases the time
+ * that it takes to prove the selected prime, but it shouldn't increase the
+ * overall time to run the algorithm (non-primes should still faile M-R
+ * realively quickly). If you want to get that last bit of performance,
+ * implement Lucas and adjust these two functions.  See FIPS 186-3 Appendix C
+ * and F for more information.
+ */
+static int
+prime_testcount_p(int L, int N)
+{
+    switch (L) {
+        case 1024:
+            return 40;
+        case 2048:
+            return 56;
+        case 3072:
+            return 64;
+        default:
+            break;
+    }
+    return 50; /* L = 512-960 */
+}
+
+/* The q numbers are different if you run M-R followd by Lucas. I created
+ * a separate function so if someone wanted to add the Lucas check, they
+ * could do so fairly easily */
+static int
+prime_testcount_q(int L, int N)
+{
+    return prime_testcount_p(L, N);
+}
+
+/*
+ * generic function to make sure our input matches DSA2 requirements
+ * this gives us one place to go if we need to bump the requirements in the
+ * future.
+ */
+static SECStatus
+pqg_validate_dsa2(unsigned int L, unsigned int N)
+{
+
+    switch (L) {
+        case 1024:
+            if (N != DSA1_Q_BITS) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            break;
+        case 2048:
+            if ((N != 224) && (N != 256)) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            break;
+        case 3072:
+            if (N != 256) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static unsigned int
+pqg_get_default_N(unsigned int L)
+{
+    unsigned int N = 0;
+    switch (L) {
+        case 1024:
+            N = DSA1_Q_BITS;
+            break;
+        case 2048:
+            N = 224;
+            break;
+        case 3072:
+            N = 256;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            break; /* N already set to zero */
+    }
+    return N;
+}
+
+/*
+ * Select the lowest hash algorithm usable
+ */
+static HASH_HashType
+getFirstHash(unsigned int L, unsigned int N)
+{
+    if (N < 224) {
+        return HASH_AlgSHA1;
+    }
+    if (N < 256) {
+        return HASH_AlgSHA224;
+    }
+    if (N < 384) {
+        return HASH_AlgSHA256;
+    }
+    if (N < 512) {
+        return HASH_AlgSHA384;
+    }
+    return HASH_AlgSHA512;
+}
+
+/*
+ * find the next usable hash algorthim
+ */
+static HASH_HashType
+getNextHash(HASH_HashType hashtype)
+{
+    switch (hashtype) {
+        case HASH_AlgSHA1:
+            hashtype = HASH_AlgSHA224;
+            break;
+        case HASH_AlgSHA224:
+            hashtype = HASH_AlgSHA256;
+            break;
+        case HASH_AlgSHA256:
+            hashtype = HASH_AlgSHA384;
+            break;
+        case HASH_AlgSHA384:
+            hashtype = HASH_AlgSHA512;
+            break;
+        case HASH_AlgSHA512:
+        default:
+            hashtype = HASH_AlgTOTAL;
+            break;
+    }
+    return hashtype;
+}
+
+static unsigned int
+HASH_ResultLen(HASH_HashType type)
+{
+    const SECHashObject *hash_obj = HASH_GetRawHashObject(type);
+    PORT_Assert(hash_obj != NULL);
+    if (hash_obj == NULL) {
+        /* type is always a valid HashType. Thus a null hash_obj must be a bug */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return 0;
+    }
+    PORT_Assert(hash_obj->length != 0);
+    return hash_obj->length;
+}
+
+static SECStatus
+HASH_HashBuf(HASH_HashType type, unsigned char *dest,
+             const unsigned char *src, PRUint32 src_len)
+{
+    const SECHashObject *hash_obj = HASH_GetRawHashObject(type);
+    void *hashcx = NULL;
+    unsigned int dummy;
+
+    if (hash_obj == NULL) {
+        return SECFailure;
+    }
+
+    hashcx = hash_obj->create();
+    if (hashcx == NULL) {
+        return SECFailure;
+    }
+    hash_obj->begin(hashcx);
+    hash_obj->update(hashcx, src, src_len);
+    hash_obj->end(hashcx, dest, &dummy, hash_obj->length);
+    hash_obj->destroy(hashcx, PR_TRUE);
+    return SECSuccess;
+}
+
+unsigned int
+PQG_GetLength(const SECItem *obj)
+{
+    unsigned int len = obj->len;
+
+    if (obj->data == NULL) {
+        return 0;
+    }
+    if (len > 1 && obj->data[0] == 0) {
+        len--;
+    }
+    return len;
+}
+
+SECStatus
+PQG_Check(const PQGParams *params)
+{
+    unsigned int L, N;
+    SECStatus rv = SECSuccess;
+
+    if (params == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    L = PQG_GetLength(&params->prime) * PR_BITS_PER_BYTE;
+    N = PQG_GetLength(&params->subPrime) * PR_BITS_PER_BYTE;
+
+    if (L < 1024) {
+        int j;
+
+        /* handle DSA1 pqg parameters with less thatn 1024 bits*/
+        if (N != DSA1_Q_BITS) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        j = PQG_PBITS_TO_INDEX(L);
+        if (j < 0) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+    } else {
+        /* handle DSA2 parameters (includes DSA1, 1024 bits) */
+        rv = pqg_validate_dsa2(L, N);
+    }
+    return rv;
+}
+
+HASH_HashType
+PQG_GetHashType(const PQGParams *params)
+{
+    unsigned int L, N;
+
+    if (params == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return HASH_AlgNULL;
+    }
+
+    L = PQG_GetLength(&params->prime) * PR_BITS_PER_BYTE;
+    N = PQG_GetLength(&params->subPrime) * PR_BITS_PER_BYTE;
+    return getFirstHash(L, N);
+}
+
+/* Get a seed for generating P and Q.  If in testing mode, copy in the
+** seed from FIPS 186-1 appendix 5.  Otherwise, obtain bytes from the
+** global random number generator.
+*/
+static SECStatus
+getPQseed(SECItem *seed, PLArenaPool *arena)
+{
+    SECStatus rv;
+
+    if (!seed->data) {
+        seed->data = (unsigned char *)PORT_ArenaZAlloc(arena, seed->len);
+    }
+    if (!seed->data) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    rv = RNG_GenerateGlobalRandomBytes(seed->data, seed->len);
+    /*
+     * NIST CMVP disallows a sequence of 20 bytes with the most
+     * significant byte equal to 0.  Perhaps they interpret
+     * "a sequence of at least 160 bits" as "a number >= 2^159".
+     * So we always set the most significant bit to 1. (bug 334533)
+     */
+    seed->data[0] |= 0x80;
+    return rv;
+}
+
+/* Generate a candidate h value.  If in testing mode, use the h value
+** specified in FIPS 186-1 appendix 5, h = 2.  Otherwise, obtain bytes
+** from the global random number generator.
+*/
+static SECStatus
+generate_h_candidate(SECItem *hit, mp_int *H)
+{
+    SECStatus rv = SECSuccess;
+    mp_err err = MP_OKAY;
+#ifdef FIPS_186_1_A5_TEST
+    memset(hit->data, 0, hit->len);
+    hit->data[hit->len - 1] = 0x02;
+#else
+    rv = RNG_GenerateGlobalRandomBytes(hit->data, hit->len);
+#endif
+    if (rv)
+        return SECFailure;
+    err = mp_read_unsigned_octets(H, hit->data, hit->len);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+addToSeed(const SECItem *seed,
+          unsigned long addend,
+          int seedlen, /* g in 186-1 */
+          SECItem *seedout)
+{
+    mp_int s, sum, modulus, tmp;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&s) = 0;
+    MP_DIGITS(&sum) = 0;
+    MP_DIGITS(&modulus) = 0;
+    MP_DIGITS(&tmp) = 0;
+    CHECK_MPI_OK(mp_init(&s));
+    CHECK_MPI_OK(mp_init(&sum));
+    CHECK_MPI_OK(mp_init(&modulus));
+    SECITEM_TO_MPINT(*seed, &s); /* s = seed */
+    /* seed += addend */
+    if (addend < MP_DIGIT_MAX) {
+        CHECK_MPI_OK(mp_add_d(&s, (mp_digit)addend, &s));
+    } else {
+        CHECK_MPI_OK(mp_init(&tmp));
+        CHECK_MPI_OK(mp_set_ulong(&tmp, addend));
+        CHECK_MPI_OK(mp_add(&s, &tmp, &s));
+    }
+    /*sum = s mod 2**seedlen */
+    CHECK_MPI_OK(mp_div_2d(&s, (mp_digit)seedlen, NULL, &sum));
+    if (seedout->data != NULL) {
+        SECITEM_ZfreeItem(seedout, PR_FALSE);
+    }
+    MPINT_TO_SECITEM(&sum, seedout, NULL);
+cleanup:
+    mp_clear(&s);
+    mp_clear(&sum);
+    mp_clear(&modulus);
+    mp_clear(&tmp);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        return SECFailure;
+    }
+    return rv;
+}
+
+/* Compute Hash[(SEED + addend) mod 2**g]
+** Result is placed in shaOutBuf.
+** This computation is used in steps 2 and 7 of FIPS 186 Appendix 2.2  and
+** step 11.2 of FIPS 186-3 Appendix A.1.1.2 .
+*/
+static SECStatus
+addToSeedThenHash(HASH_HashType hashtype,
+                  const SECItem *seed,
+                  unsigned long addend,
+                  int seedlen, /* g in 186-1 */
+                  unsigned char *hashOutBuf)
+{
+    SECItem str = { 0, 0, 0 };
+    SECStatus rv;
+    rv = addToSeed(seed, addend, seedlen, &str);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    rv = HASH_HashBuf(hashtype, hashOutBuf, str.data, str.len); /* hash result */
+    if (str.data)
+        SECITEM_ZfreeItem(&str, PR_FALSE);
+    return rv;
+}
+
+/*
+**  Perform steps 2 and 3 of FIPS 186-1, appendix 2.2.
+**  Generate Q from seed.
+*/
+static SECStatus
+makeQfromSeed(
+    unsigned int g,      /* input.  Length of seed in bits. */
+    const SECItem *seed, /* input.  */
+    mp_int *Q)           /* output. */
+{
+    unsigned char sha1[SHA1_LENGTH];
+    unsigned char sha2[SHA1_LENGTH];
+    unsigned char U[SHA1_LENGTH];
+    SECStatus rv = SECSuccess;
+    mp_err err = MP_OKAY;
+    int i;
+    /* ******************************************************************
+    ** Step 2.
+    ** "Compute U = SHA[SEED] XOR SHA[(SEED+1) mod 2**g]."
+    **/
+    CHECK_SEC_OK(SHA1_HashBuf(sha1, seed->data, seed->len));
+    CHECK_SEC_OK(addToSeedThenHash(HASH_AlgSHA1, seed, 1, g, sha2));
+    for (i = 0; i < SHA1_LENGTH; ++i)
+        U[i] = sha1[i] ^ sha2[i];
+    /* ******************************************************************
+    ** Step 3.
+    ** "Form Q from U by setting the most signficant bit (the 2**159 bit)
+    **  and the least signficant bit to 1.  In terms of boolean operations,
+    **  Q = U OR 2**159 OR 1.  Note that 2**159 < Q < 2**160."
+    */
+    U[0] |= 0x80; /* U is MSB first */
+    U[SHA1_LENGTH - 1] |= 0x01;
+    err = mp_read_unsigned_octets(Q, U, SHA1_LENGTH);
+cleanup:
+    memset(U, 0, SHA1_LENGTH);
+    memset(sha1, 0, SHA1_LENGTH);
+    memset(sha2, 0, SHA1_LENGTH);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        return SECFailure;
+    }
+    return rv;
+}
+
+/*
+**  Perform steps 6 and 7 of FIPS 186-3, appendix A.1.1.2.
+**  Generate Q from seed.
+*/
+static SECStatus
+makeQ2fromSeed(
+    HASH_HashType hashtype, /* selected Hashing algorithm */
+    unsigned int N,         /* input.  Length of q in bits. */
+    const SECItem *seed,    /* input.  */
+    mp_int *Q)              /* output. */
+{
+    unsigned char U[HASH_LENGTH_MAX];
+    SECStatus rv = SECSuccess;
+    mp_err err = MP_OKAY;
+    int N_bytes = N / PR_BITS_PER_BYTE; /* length of N in bytes rather than bits */
+    int hashLen = HASH_ResultLen(hashtype);
+    int offset = 0;
+
+    /* ******************************************************************
+    ** Step 6.
+    ** "Compute U = hash[SEED] mod 2**N-1]."
+    **/
+    CHECK_SEC_OK(HASH_HashBuf(hashtype, U, seed->data, seed->len));
+    /* mod 2**N . Step 7 will explicitly set the top bit to 1, so no need
+     * to handle mod 2**N-1 */
+    if (hashLen > N_bytes) {
+        offset = hashLen - N_bytes;
+    }
+    /* ******************************************************************
+    ** Step 7.
+    ** computed_q = 2**(N-1) + U + 1 - (U mod 2)
+    **
+    ** This is the same as:
+    ** computed_q = 2**(N-1) | U | 1;
+    */
+    U[offset] |= 0x80; /* U is MSB first */
+    U[hashLen - 1] |= 0x01;
+    err = mp_read_unsigned_octets(Q, &U[offset], N_bytes);
+cleanup:
+    memset(U, 0, HASH_LENGTH_MAX);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        return SECFailure;
+    }
+    return rv;
+}
+
+/*
+**  Perform steps from  FIPS 186-3, Appendix A.1.2.1 and Appendix C.6
+**
+**  This generates a provable prime from two smaller prime. The resulting
+**  prime p will have q0 as a multiple of p-1. q0 can be 1.
+**
+** This implments steps 4 thorough 22 of FIPS 186-3 A.1.2.1 and
+**                steps 16 through 34 of FIPS 186-2 C.6
+*/
+#define MAX_ST_SEED_BITS (HASH_LENGTH_MAX * PR_BITS_PER_BYTE)
+static SECStatus
+makePrimefromPrimesShaweTaylor(
+    HASH_HashType hashtype,          /* selected Hashing algorithm */
+    unsigned int length,             /* input. Length of prime in bits. */
+    mp_int *c0,                      /* seed prime */
+    mp_int *q,                       /* sub prime, can be 1 */
+    mp_int *prime,                   /* output.  */
+    SECItem *prime_seed,             /* input/output.  */
+    unsigned int *prime_gen_counter) /* input/output.  */
+{
+    mp_int c;
+    mp_int c0_2;
+    mp_int t;
+    mp_int a;
+    mp_int z;
+    mp_int two_length_minus_1;
+    SECStatus rv = SECFailure;
+    int hashlen = HASH_ResultLen(hashtype);
+    int outlen = hashlen * PR_BITS_PER_BYTE;
+    int offset;
+    unsigned char bit, mask;
+    /* x needs to hold roundup(L/outlen)*outlen.
+     * This can be no larger than L+outlen-1, So we set it's size to
+     * our max L + max outlen and know we are safe */
+    unsigned char x[DSA_MAX_P_BITS / 8 + HASH_LENGTH_MAX];
+    mp_err err = MP_OKAY;
+    int i;
+    int iterations;
+    int old_counter;
+
+    MP_DIGITS(&c) = 0;
+    MP_DIGITS(&c0_2) = 0;
+    MP_DIGITS(&t) = 0;
+    MP_DIGITS(&a) = 0;
+    MP_DIGITS(&z) = 0;
+    MP_DIGITS(&two_length_minus_1) = 0;
+    CHECK_MPI_OK(mp_init(&c));
+    CHECK_MPI_OK(mp_init(&c0_2));
+    CHECK_MPI_OK(mp_init(&t));
+    CHECK_MPI_OK(mp_init(&a));
+    CHECK_MPI_OK(mp_init(&z));
+    CHECK_MPI_OK(mp_init(&two_length_minus_1));
+
+    /*
+    ** There is a slight mapping of variable names depending on which
+    ** FIPS 186 steps are being carried out. The mapping is as follows:
+    **  variable          A.1.2.1           C.6
+    **    c0                p0               c0
+    **    q                 q                1
+    **    c                 p                c
+    **    c0_2            2*p0*q            2*c0
+    **    length            L               length
+    **    prime_seed       pseed            prime_seed
+    **  prime_gen_counter pgen_counter     prime_gen_counter
+    **
+    ** Also note: or iterations variable is actually iterations+1, since
+    ** iterations+1 works better in C.
+    */
+
+    /* Step 4/16 iterations = ceiling(length/outlen)-1 */
+    iterations = (length + outlen - 1) / outlen; /* NOTE: iterations +1 */
+    /* Step 5/17 old_counter = prime_gen_counter */
+    old_counter = *prime_gen_counter;
+    /*
+    ** Comment: Generate a pseudorandom integer x in the interval
+    ** [2**(lenght-1), 2**length].
+    **
+    ** Step 6/18 x = 0
+    */
+    PORT_Memset(x, 0, sizeof(x));
+    /*
+    ** Step 7/19 for i = 0 to iterations do
+    **  x = x + (HASH(prime_seed + i) * 2^(i*outlen))
+    */
+    for (i = 0; i < iterations; i++) {
+        /* is bigger than prime_seed should get to */
+        CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, i,
+                                       MAX_ST_SEED_BITS, &x[(iterations - i - 1) * hashlen]));
+    }
+    /* Step 8/20 prime_seed = prime_seed + iterations + 1 */
+    CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS,
+                           prime_seed));
+    /*
+    ** Step 9/21 x = 2 ** (length-1) + x mod 2 ** (length-1)
+    **
+    **   This step mathematically sets the high bit and clears out
+    **  all the other bits higher than length. 'x' is stored
+    **  in the x array, MSB first. The above formula gives us an 'x'
+    **  which is length bytes long and has the high bit set. We also know
+    **  that length <= iterations*outlen since
+    **  iterations=ceiling(length/outlen). First we find the offset in
+    **  bytes into the array where the high bit is.
+    */
+    offset = (outlen * iterations - length) / PR_BITS_PER_BYTE;
+    /* now we want to set the 'high bit', since length may not be a
+     * multiple of 8,*/
+    bit = 1 << ((length - 1) & 0x7); /* select the proper bit in the byte */
+    /* we need to zero out the rest of the bits in the byte above */
+    mask = (bit - 1);
+    /* now we set it */
+    x[offset] = (mask & x[offset]) | bit;
+    /*
+    ** Comment: Generate a candidate prime c in the interval
+    ** [2**(lenght-1), 2**length].
+    **
+    ** Step 10 t = ceiling(x/(2q(p0)))
+    ** Step 22 t = ceiling(x/(2(c0)))
+    */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&t, &x[offset],
+                                         hashlen * iterations - offset)); /* t = x */
+    CHECK_MPI_OK(mp_mul(c0, q, &c0_2));                                   /* c0_2 is now c0*q */
+    CHECK_MPI_OK(mp_add(&c0_2, &c0_2, &c0_2));                            /* c0_2 is now 2*q*c0 */
+    CHECK_MPI_OK(mp_add(&t, &c0_2, &t));                                  /* t = x+2*q*c0 */
+    CHECK_MPI_OK(mp_sub_d(&t, (mp_digit)1, &t));                          /* t = x+2*q*c0 -1 */
+    /* t = floor((x+2qc0-1)/2qc0) = ceil(x/2qc0) */
+    CHECK_MPI_OK(mp_div(&t, &c0_2, &t, NULL));
+    /*
+    ** step 11: if (2tqp0 +1 > 2**length), then t = ceiling(2**(length-1)/2qp0)
+    ** step 12: t = 2tqp0 +1.
+    **
+    ** step 23: if (2tc0 +1 > 2**length), then t = ceiling(2**(length-1)/2c0)
+    ** step 24: t = 2tc0 +1.
+    */
+    CHECK_MPI_OK(mp_2expt(&two_length_minus_1, length - 1));
+step_23:
+    CHECK_MPI_OK(mp_mul(&t, &c0_2, &c));                /* c = t*2qc0 */
+    CHECK_MPI_OK(mp_add_d(&c, (mp_digit)1, &c));        /* c= 2tqc0 + 1*/
+    if (mpl_significant_bits(&c) > length) {            /* if c > 2**length */
+        CHECK_MPI_OK(mp_sub_d(&c0_2, (mp_digit)1, &t)); /* t = 2qc0-1 */
+        /* t = 2**(length-1) + 2qc0 -1 */
+        CHECK_MPI_OK(mp_add(&two_length_minus_1, &t, &t));
+        /* t = floor((2**(length-1)+2qc0 -1)/2qco)
+         *   = ceil(2**(lenght-2)/2qc0) */
+        CHECK_MPI_OK(mp_div(&t, &c0_2, &t, NULL));
+        CHECK_MPI_OK(mp_mul(&t, &c0_2, &c));
+        CHECK_MPI_OK(mp_add_d(&c, (mp_digit)1, &c)); /* c= 2tqc0 + 1*/
+    }
+    /* Step 13/25 prime_gen_counter = prime_gen_counter + 1*/
+    (*prime_gen_counter)++;
+    /*
+    ** Comment: Test the candidate prime c for primality; first pick an
+    ** integer a between 2 and c-2.
+    **
+    ** Step 14/26 a=0
+    */
+    PORT_Memset(x, 0, sizeof(x)); /* use x for a */
+    /*
+    ** Step 15/27 for i = 0 to iterations do
+    **  a = a + (HASH(prime_seed + i) * 2^(i*outlen))
+    **
+    ** NOTE: we reuse the x array for 'a' initially.
+    */
+    for (i = 0; i < iterations; i++) {
+        /* MAX_ST_SEED_BITS is bigger than prime_seed should get to */
+        CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, i,
+                                       MAX_ST_SEED_BITS, &x[(iterations - i - 1) * hashlen]));
+    }
+    /* Step 16/28 prime_seed = prime_seed + iterations + 1 */
+    CHECK_SEC_OK(addToSeed(prime_seed, iterations, MAX_ST_SEED_BITS,
+                           prime_seed));
+    /* Step 17/29 a = 2 + (a mod (c-3)). */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&a, x, iterations * hashlen));
+    CHECK_MPI_OK(mp_sub_d(&c, (mp_digit)3, &z)); /* z = c -3 */
+    CHECK_MPI_OK(mp_mod(&a, &z, &a));            /* a = a mod c -3 */
+    CHECK_MPI_OK(mp_add_d(&a, (mp_digit)2, &a)); /* a = 2 + a mod c -3 */
+    /*
+    ** Step 18 z = a**(2tq) mod p.
+    ** Step 30 z = a**(2t) mod c.
+    */
+    CHECK_MPI_OK(mp_mul(&t, q, &z));          /* z = tq */
+    CHECK_MPI_OK(mp_add(&z, &z, &z));         /* z = 2tq */
+    CHECK_MPI_OK(mp_exptmod(&a, &z, &c, &z)); /* z = a**(2tq) mod c */
+    /*
+    ** Step 19 if (( 1 == GCD(z-1,p)) and ( 1 == z**p0 mod p )), then
+    ** Step 31 if (( 1 == GCD(z-1,c)) and ( 1 == z**c0 mod c )), then
+    */
+    CHECK_MPI_OK(mp_sub_d(&z, (mp_digit)1, &a));
+    CHECK_MPI_OK(mp_gcd(&a, &c, &a));
+    if (mp_cmp_d(&a, (mp_digit)1) == 0) {
+        CHECK_MPI_OK(mp_exptmod(&z, c0, &c, &a));
+        if (mp_cmp_d(&a, (mp_digit)1) == 0) {
+            /* Step 31.1 prime = c */
+            CHECK_MPI_OK(mp_copy(&c, prime));
+            /*
+        ** Step 31.2 return Success, prime, prime_seed,
+        **    prime_gen_counter
+        */
+            rv = SECSuccess;
+            goto cleanup;
+        }
+    }
+    /*
+    ** Step 20/32 If (prime_gen_counter > 4 * length + old_counter then
+    **   return (FAILURE, 0, 0, 0).
+    ** NOTE: the test is reversed, so we fall through on failure to the
+    ** cleanup routine
+    */
+    if (*prime_gen_counter < (4 * length + old_counter)) {
+        /* Step 21/33 t = t + 1 */
+        CHECK_MPI_OK(mp_add_d(&t, (mp_digit)1, &t));
+        /* Step 22/34 Go to step 23/11 */
+        goto step_23;
+    }
+
+    /* if (prime_gencont > (4*length + old_counter), fall through to failure */
+    rv = SECFailure; /* really is already set, but paranoia is good */
+
+cleanup:
+    mp_clear(&c);
+    mp_clear(&c0_2);
+    mp_clear(&t);
+    mp_clear(&a);
+    mp_clear(&z);
+    mp_clear(&two_length_minus_1);
+    PORT_Memset(x, 0, sizeof(x));
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv == SECFailure) {
+        mp_zero(prime);
+        if (prime_seed->data) {
+            SECITEM_FreeItem(prime_seed, PR_FALSE);
+        }
+        *prime_gen_counter = 0;
+    }
+    return rv;
+}
+
+/*
+**  Perform steps from  FIPS 186-3, Appendix C.6
+**
+**  This generates a provable prime from a seed
+*/
+static SECStatus
+makePrimefromSeedShaweTaylor(
+    HASH_HashType hashtype,          /* selected Hashing algorithm */
+    unsigned int length,             /* input.  Length of prime in bits. */
+    const SECItem *input_seed,       /* input.  */
+    mp_int *prime,                   /* output.  */
+    SECItem *prime_seed,             /* output.  */
+    unsigned int *prime_gen_counter) /* output.  */
+{
+    mp_int c;
+    mp_int c0;
+    mp_int one;
+    SECStatus rv = SECFailure;
+    int hashlen = HASH_ResultLen(hashtype);
+    int outlen = hashlen * PR_BITS_PER_BYTE;
+    int offset;
+    unsigned char bit, mask;
+    unsigned char x[HASH_LENGTH_MAX * 2];
+    mp_digit dummy;
+    mp_err err = MP_OKAY;
+    int i;
+
+    MP_DIGITS(&c) = 0;
+    MP_DIGITS(&c0) = 0;
+    MP_DIGITS(&one) = 0;
+    CHECK_MPI_OK(mp_init(&c));
+    CHECK_MPI_OK(mp_init(&c0));
+    CHECK_MPI_OK(mp_init(&one));
+
+    /* Step 1. if length < 2 then return (FAILURE, 0, 0, 0) */
+    if (length < 2) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+    /* Step 2. if length >= 33 then goto step 14 */
+    if (length >= 33) {
+        mp_zero(&one);
+        CHECK_MPI_OK(mp_add_d(&one, (mp_digit)1, &one));
+
+        /* Step 14 (status, c0, prime_seed, prime_gen_counter) =
+    ** (ST_Random_Prime((ceil(length/2)+1, input_seed)
+    */
+        rv = makePrimefromSeedShaweTaylor(hashtype, (length + 1) / 2 + 1,
+                                          input_seed, &c0, prime_seed, prime_gen_counter);
+        /* Step 15 if FAILURE is returned, return (FAILURE, 0, 0, 0). */
+        if (rv != SECSuccess) {
+            goto cleanup;
+        }
+        /* Steps 16-34 */
+        rv = makePrimefromPrimesShaweTaylor(hashtype, length, &c0, &one,
+                                            prime, prime_seed, prime_gen_counter);
+        goto cleanup; /* we're done, one way or the other */
+    }
+    /* Step 3 prime_seed = input_seed */
+    CHECK_SEC_OK(SECITEM_CopyItem(NULL, prime_seed, input_seed));
+    /* Step 4 prime_gen_count = 0 */
+    *prime_gen_counter = 0;
+
+step_5:
+    /* Step 5 c = Hash(prime_seed) xor Hash(prime_seed+1). */
+    CHECK_SEC_OK(HASH_HashBuf(hashtype, x, prime_seed->data, prime_seed->len));
+    CHECK_SEC_OK(addToSeedThenHash(hashtype, prime_seed, 1,
+                                   MAX_ST_SEED_BITS, &x[hashlen]));
+    for (i = 0; i < hashlen; i++) {
+        x[i] = x[i] ^ x[i + hashlen];
+    }
+    /* Step 6 c = 2**length-1 + c mod 2**length-1 */
+    /*   This step mathematically sets the high bit and clears out
+    **  all the other bits higher than length. Right now c is stored
+    **  in the x array, MSB first. The above formula gives us a c which
+    **  is length bytes long and has the high bit set. We also know that
+    **  length < outlen since the smallest outlen is 160 bits and the largest
+    **  length at this point is 32 bits. So first we find the offset in bytes
+    **  into the array where the high bit is.
+    */
+    offset = (outlen - length) / PR_BITS_PER_BYTE;
+    /* now we want to set the 'high bit'. We have to calculate this since
+     * length may not be a multiple of 8.*/
+    bit = 1 << ((length - 1) & 0x7); /* select the proper bit in the byte */
+    /* we need to zero out the rest of the bits  in the byte above */
+    mask = (bit - 1);
+    /* now we set it */
+    x[offset] = (mask & x[offset]) | bit;
+    /* Step 7 c = c*floor(c/2) + 1 */
+    /* set the low bit. much easier to find (the end of the array) */
+    x[hashlen - 1] |= 1;
+    /* now that we've set our bits, we can create our candidate "c" */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&c, &x[offset], hashlen - offset));
+    /* Step 8 prime_gen_counter = prime_gen_counter + 1 */
+    (*prime_gen_counter)++;
+    /* Step 9 prime_seed = prime_seed + 2 */
+    CHECK_SEC_OK(addToSeed(prime_seed, 2, MAX_ST_SEED_BITS, prime_seed));
+    /* Step 10 Perform deterministic primality test on c. For example, since
+    ** c is small, it's primality can be tested by trial division, See
+    ** See Appendic C.7.
+    **
+    ** We in fact test with trial division. mpi has a built int trial divider
+    ** that divides all divisors up to 2^16.
+    */
+    if (prime_tab[prime_tab_size - 1] < 0xFFF1) {
+        /* we aren't testing all the primes between 0 and 2^16, we really
+     * can't use this construction. Just fail. */
+        rv = SECFailure;
+        goto cleanup;
+    }
+    dummy = prime_tab_size;
+    err = mpp_divis_primes(&c, &dummy);
+    /* Step 11 if c is prime then */
+    if (err == MP_NO) {
+        /* Step 11.1 prime = c */
+        CHECK_MPI_OK(mp_copy(&c, prime));
+        /* Step 11.2 return SUCCESS prime, prime_seed, prime_gen_counter */
+        err = MP_OKAY;
+        rv = SECSuccess;
+        goto cleanup;
+    } else if (err != MP_YES) {
+        goto cleanup; /* function failed, bail out */
+    } else {
+        /* reset mp_err */
+        err = MP_OKAY;
+    }
+    /*
+    ** Step 12 if (prime_gen_counter > (4*len))
+    ** then return (FAILURE, 0, 0, 0))
+    ** Step 13 goto step 5
+    */
+    if (*prime_gen_counter <= (4 * length)) {
+        goto step_5;
+    }
+    /* if (prime_gencont > 4*length), fall through to failure */
+    rv = SECFailure; /* really is already set, but paranoia is good */
+
+cleanup:
+    mp_clear(&c);
+    mp_clear(&c0);
+    mp_clear(&one);
+    PORT_Memset(x, 0, sizeof(x));
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv == SECFailure) {
+        mp_zero(prime);
+        if (prime_seed->data) {
+            SECITEM_FreeItem(prime_seed, PR_FALSE);
+        }
+        *prime_gen_counter = 0;
+    }
+    return rv;
+}
+
+/*
+ * Find a Q and algorithm from Seed.
+ */
+static SECStatus
+findQfromSeed(
+    unsigned int L,             /* input.  Length of p in bits. */
+    unsigned int N,             /* input.  Length of q in bits. */
+    unsigned int g,             /* input.  Length of seed in bits. */
+    const SECItem *seed,        /* input.  */
+    mp_int *Q,                  /* input. */
+    mp_int *Q_,                 /* output. */
+    unsigned int *qseed_len,    /* output */
+    HASH_HashType *hashtypePtr, /* output. Hash uses */
+    pqgGenType *typePtr)        /* output. Generation Type used */
+{
+    HASH_HashType hashtype;
+    SECItem firstseed = { 0, 0, 0 };
+    SECItem qseed = { 0, 0, 0 };
+    SECStatus rv;
+
+    *qseed_len = 0; /* only set if FIPS186_3_ST_TYPE */
+
+    /* handle legacy small DSA first can only be FIPS186_1_TYPE */
+    if (L < 1024) {
+        rv = makeQfromSeed(g, seed, Q_);
+        if ((rv == SECSuccess) && (mp_cmp(Q, Q_) == 0)) {
+            *hashtypePtr = HASH_AlgSHA1;
+            *typePtr = FIPS186_1_TYPE;
+            return SECSuccess;
+        }
+        return SECFailure;
+    }
+    /* 1024 could use FIPS186_1 or FIPS186_3 algorithms, we need to try
+     * them both */
+    if (L == 1024) {
+        rv = makeQfromSeed(g, seed, Q_);
+        if (rv == SECSuccess) {
+            if (mp_cmp(Q, Q_) == 0) {
+                *hashtypePtr = HASH_AlgSHA1;
+                *typePtr = FIPS186_1_TYPE;
+                return SECSuccess;
+            }
+        }
+        /* fall through for FIPS186_3 types */
+    }
+    /* at this point we know we aren't using FIPS186_1, start trying FIPS186_3
+     * with appropriate hash types */
+    for (hashtype = getFirstHash(L, N); hashtype != HASH_AlgTOTAL;
+         hashtype = getNextHash(hashtype)) {
+        rv = makeQ2fromSeed(hashtype, N, seed, Q_);
+        if (rv != SECSuccess) {
+            continue;
+        }
+        if (mp_cmp(Q, Q_) == 0) {
+            *hashtypePtr = hashtype;
+            *typePtr = FIPS186_3_TYPE;
+            return SECSuccess;
+        }
+    }
+    /*
+     * OK finally try FIPS186_3 Shawe-Taylor
+     */
+    firstseed = *seed;
+    firstseed.len = seed->len / 3;
+    for (hashtype = getFirstHash(L, N); hashtype != HASH_AlgTOTAL;
+         hashtype = getNextHash(hashtype)) {
+        unsigned int count;
+
+        rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_,
+                                          &qseed, &count);
+        if (rv != SECSuccess) {
+            continue;
+        }
+        if (mp_cmp(Q, Q_) == 0) {
+            /* check qseed as well... */
+            int offset = seed->len - qseed.len;
+            if ((offset < 0) ||
+                (PORT_Memcmp(&seed->data[offset], qseed.data, qseed.len) != 0)) {
+                /* we found q, but the seeds don't match. This isn't an
+         * accident, someone has been tweeking with the seeds, just
+         * fail a this point. */
+                SECITEM_FreeItem(&qseed, PR_FALSE);
+                return SECFailure;
+            }
+            *qseed_len = qseed.len;
+            *hashtypePtr = hashtype;
+            *typePtr = FIPS186_3_ST_TYPE;
+            SECITEM_FreeItem(&qseed, PR_FALSE);
+            return SECSuccess;
+        }
+        SECITEM_FreeItem(&qseed, PR_FALSE);
+    }
+    /* no hash algorithms found which match seed to Q, fail */
+    return SECFailure;
+}
+
+/*
+**  Perform steps 7, 8 and 9 of FIPS 186, appendix 2.2.
+**  which are the same as steps 11.1-11.5 of FIPS 186-2, App A.1.1.2
+**  Generate P from Q, seed, L, and offset.
+*/
+static SECStatus
+makePfromQandSeed(
+    HASH_HashType hashtype, /* selected Hashing algorithm */
+    unsigned int L,         /* Length of P in bits.  Per FIPS 186. */
+    unsigned int N,         /* Length of Q in bits.  Per FIPS 186. */
+    unsigned int offset,    /* Per FIPS 186, App 2.2. & 186-3 App A.1.1.2 */
+    unsigned int seedlen,   /* input. Length of seed in bits. (g in 186-1)*/
+    const SECItem *seed,    /* input.  */
+    const mp_int *Q,        /* input.  */
+    mp_int *P)              /* output. */
+{
+    unsigned int j;       /* Per FIPS 186-3 App. A.1.1.2  (k in 186-1)*/
+    unsigned int n;       /* Per FIPS 186, appendix 2.2. */
+    mp_digit b;           /* Per FIPS 186, appendix 2.2. */
+    unsigned int outlen;  /* Per FIPS 186-3 App. A.1.1.2 */
+    unsigned int hashlen; /* outlen in bytes */
+    unsigned char V_j[HASH_LENGTH_MAX];
+    mp_int W, X, c, twoQ, V_n, tmp;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    /* Initialize bignums */
+    MP_DIGITS(&W) = 0;
+    MP_DIGITS(&X) = 0;
+    MP_DIGITS(&c) = 0;
+    MP_DIGITS(&twoQ) = 0;
+    MP_DIGITS(&V_n) = 0;
+    MP_DIGITS(&tmp) = 0;
+    CHECK_MPI_OK(mp_init(&W));
+    CHECK_MPI_OK(mp_init(&X));
+    CHECK_MPI_OK(mp_init(&c));
+    CHECK_MPI_OK(mp_init(&twoQ));
+    CHECK_MPI_OK(mp_init(&tmp));
+    CHECK_MPI_OK(mp_init(&V_n));
+
+    hashlen = HASH_ResultLen(hashtype);
+    outlen = hashlen * PR_BITS_PER_BYTE;
+
+    /* L - 1 = n*outlen + b */
+    n = (L - 1) / outlen;
+    b = (L - 1) % outlen;
+
+    /* ******************************************************************
+    ** Step 11.1 (Step 7 in 186-1)
+    **  "for j = 0 ... n let
+    **           V_j = SHA[(SEED + offset + j) mod 2**seedlen]."
+    **
+    ** Step 11.2 (Step 8 in 186-1)
+    **   "W = V_0 + (V_1 * 2**outlen) + ... + (V_n-1 * 2**((n-1)*outlen))
+    **         + ((V_n mod 2**b) * 2**(n*outlen))
+    */
+    for (j = 0; j < n; ++j) { /* Do the first n terms of V_j */
+        /* Do step 11.1 for iteration j.
+    ** V_j = HASH[(seed + offset + j) mod 2**g]
+    */
+        CHECK_SEC_OK(addToSeedThenHash(hashtype, seed, offset + j, seedlen, V_j));
+        /* Do step 11.2 for iteration j.
+    ** W += V_j * 2**(j*outlen)
+    */
+        OCTETS_TO_MPINT(V_j, &tmp, hashlen);           /* get bignum V_j     */
+        CHECK_MPI_OK(mpl_lsh(&tmp, &tmp, j * outlen)); /* tmp=V_j << j*outlen */
+        CHECK_MPI_OK(mp_add(&W, &tmp, &W));            /* W += tmp           */
+    }
+    /* Step 11.2, continued.
+    **   [W += ((V_n mod 2**b) * 2**(n*outlen))]
+    */
+    CHECK_SEC_OK(addToSeedThenHash(hashtype, seed, offset + n, seedlen, V_j));
+    OCTETS_TO_MPINT(V_j, &V_n, hashlen);           /* get bignum V_n     */
+    CHECK_MPI_OK(mp_div_2d(&V_n, b, NULL, &tmp));  /* tmp = V_n mod 2**b */
+    CHECK_MPI_OK(mpl_lsh(&tmp, &tmp, n * outlen)); /* tmp = tmp << n*outlen */
+    CHECK_MPI_OK(mp_add(&W, &tmp, &W));            /* W += tmp           */
+    /* Step 11.3, (Step 8 in 186-1)
+    ** "X = W + 2**(L-1).
+    **  Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L."
+    */
+    CHECK_MPI_OK(mpl_set_bit(&X, (mp_size)(L - 1), 1)); /* X = 2**(L-1) */
+    CHECK_MPI_OK(mp_add(&X, &W, &X));                   /* X += W       */
+    /*************************************************************
+    ** Step 11.4. (Step 9 in 186-1)
+    ** "c = X mod 2q"
+    */
+    CHECK_MPI_OK(mp_mul_2(Q, &twoQ));    /* 2q           */
+    CHECK_MPI_OK(mp_mod(&X, &twoQ, &c)); /* c = X mod 2q */
+    /*************************************************************
+    ** Step 11.5. (Step 9 in 186-1)
+    ** "p = X - (c - 1).
+    **  Note that p is congruent to 1 mod 2q."
+    */
+    CHECK_MPI_OK(mp_sub_d(&c, 1, &c)); /* c -= 1       */
+    CHECK_MPI_OK(mp_sub(&X, &c, P));   /* P = X - c    */
+cleanup:
+    mp_clear(&W);
+    mp_clear(&X);
+    mp_clear(&c);
+    mp_clear(&twoQ);
+    mp_clear(&V_n);
+    mp_clear(&tmp);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        return SECFailure;
+    }
+    return rv;
+}
+
+/*
+** Generate G from h, P, and Q.
+*/
+static SECStatus
+makeGfromH(const mp_int *P, /* input.  */
+           const mp_int *Q, /* input.  */
+           mp_int *H,       /* input and output. */
+           mp_int *G,       /* output. */
+           PRBool *passed)
+{
+    mp_int exp, pm1;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    *passed = PR_FALSE;
+    MP_DIGITS(&exp) = 0;
+    MP_DIGITS(&pm1) = 0;
+    CHECK_MPI_OK(mp_init(&exp));
+    CHECK_MPI_OK(mp_init(&pm1));
+    CHECK_MPI_OK(mp_sub_d(P, 1, &pm1));   /* P - 1            */
+    if (mp_cmp(H, &pm1) >= 0)             /* H >= P-1         */
+        CHECK_MPI_OK(mp_sub(H, &pm1, H)); /* H = H mod (P-1)  */
+    /* Let b = 2**n (smallest power of 2 greater than P).
+    ** Since P-1 >= b/2, and H < b, quotient(H/(P-1)) = 0 or 1
+    ** so the above operation safely computes H mod (P-1)
+    */
+    /* Check for H = to 0 or 1.  Regen H if so.  (Regen means return error). */
+    if (mp_cmp_d(H, 1) <= 0) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+    /* Compute G, according to the equation  G = (H ** ((P-1)/Q)) mod P */
+    CHECK_MPI_OK(mp_div(&pm1, Q, &exp, NULL)); /* exp = (P-1)/Q      */
+    CHECK_MPI_OK(mp_exptmod(H, &exp, P, G));   /* G = H ** exp mod P */
+    /* Check for G == 0 or G == 1, return error if so. */
+    if (mp_cmp_d(G, 1) <= 0) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+    *passed = PR_TRUE;
+cleanup:
+    mp_clear(&exp);
+    mp_clear(&pm1);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+** Generate G from seed, index, P, and Q.
+*/
+static SECStatus
+makeGfromIndex(HASH_HashType hashtype,
+               const mp_int *P,     /* input.  */
+               const mp_int *Q,     /* input.  */
+               const SECItem *seed, /* input. */
+               unsigned char index, /* input. */
+               mp_int *G)           /* input/output */
+{
+    mp_int e, pm1, W;
+    unsigned int count;
+    unsigned char data[HASH_LENGTH_MAX];
+    unsigned int len;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    const SECHashObject *hashobj = NULL;
+    void *hashcx = NULL;
+
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&pm1) = 0;
+    MP_DIGITS(&W) = 0;
+    CHECK_MPI_OK(mp_init(&e));
+    CHECK_MPI_OK(mp_init(&pm1));
+    CHECK_MPI_OK(mp_init(&W));
+
+    /* initialize our hash stuff */
+    hashobj = HASH_GetRawHashObject(hashtype);
+    if (hashobj == NULL) {
+        /* shouldn't happen */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    hashcx = hashobj->create();
+    if (hashcx == NULL) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+
+    CHECK_MPI_OK(mp_sub_d(P, 1, &pm1)); /* P - 1            */
+    /* Step 3 e = (p-1)/q */
+    CHECK_MPI_OK(mp_div(&pm1, Q, &e, NULL)); /* e = (P-1)/Q      */
+/* Steps 4, 5, and 6 */
+/* count is a 16 bit value in the spec. We actually represent count
+     * as more than 16 bits so we can easily detect the 16 bit overflow */
+#define MAX_COUNT 0x10000
+    for (count = 1; count < MAX_COUNT; count++) {
+        /* step 7
+         * U = domain_param_seed || "ggen" || index || count
+             * step 8
+         * W = HASH(U)
+         */
+        hashobj->begin(hashcx);
+        hashobj->update(hashcx, seed->data, seed->len);
+        hashobj->update(hashcx, (unsigned char *)"ggen", 4);
+        hashobj->update(hashcx, &index, 1);
+        data[0] = (count >> 8) & 0xff;
+        data[1] = count & 0xff;
+        hashobj->update(hashcx, data, 2);
+        hashobj->end(hashcx, data, &len, sizeof(data));
+        OCTETS_TO_MPINT(data, &W, len);
+        /* step 9. g = W**e mod p */
+        CHECK_MPI_OK(mp_exptmod(&W, &e, P, G));
+        /* step 10. if (g < 2) then goto step 5 */
+        /* NOTE: this weird construct is to keep the flow according to the spec.
+     * the continue puts us back to step 5 of the for loop */
+        if (mp_cmp_d(G, 2) < 0) {
+            continue;
+        }
+        break; /* step 11 follows step 10 if the test condition is false */
+    }
+    if (count >= MAX_COUNT) {
+        rv = SECFailure; /* last part of step 6 */
+    }
+/* step 11.
+     * return valid G */
+cleanup:
+    PORT_Memset(data, 0, sizeof(data));
+    if (hashcx) {
+        hashobj->destroy(hashcx, PR_TRUE);
+    }
+    mp_clear(&e);
+    mp_clear(&pm1);
+    mp_clear(&W);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/* This code uses labels and gotos, so that it can follow the numbered
+** steps in the algorithms from FIPS 186-3 appendix A.1.1.2 very closely,
+** and so that the correctness of this code can be easily verified.
+** So, please forgive the ugly c code.
+**/
+static SECStatus
+pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
+             unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int n;       /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+    unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2  (was 'g' 186-1)*/
+    unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+    unsigned int offset;  /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+    unsigned int outlen;  /* Per FIPS 186-3, appendix A.1.1.2. */
+    unsigned int maxCount;
+    HASH_HashType hashtype;
+    SECItem *seed; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+    PLArenaPool *arena = NULL;
+    PQGParams *params = NULL;
+    PQGVerify *verify = NULL;
+    PRBool passed;
+    SECItem hit = { 0, 0, 0 };
+    SECItem firstseed = { 0, 0, 0 };
+    SECItem qseed = { 0, 0, 0 };
+    SECItem pseed = { 0, 0, 0 };
+    mp_int P, Q, G, H, l, p0;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECFailure;
+    int iterations = 0;
+
+    /* Step 1. L and N already checked by caller*/
+    /* Step 2. if (seedlen < N) return INVALID; */
+    if (seedBytes < N / PR_BITS_PER_BYTE || !pParams || !pVfy) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* Initialize bignums */
+    MP_DIGITS(&P) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&G) = 0;
+    MP_DIGITS(&H) = 0;
+    MP_DIGITS(&l) = 0;
+    MP_DIGITS(&p0) = 0;
+    CHECK_MPI_OK(mp_init(&P));
+    CHECK_MPI_OK(mp_init(&Q));
+    CHECK_MPI_OK(mp_init(&G));
+    CHECK_MPI_OK(mp_init(&H));
+    CHECK_MPI_OK(mp_init(&l));
+    CHECK_MPI_OK(mp_init(&p0));
+
+    /* parameters have been passed in, only generate G */
+    if (*pParams != NULL) {
+        /* we only support G index generation if generating separate from PQ */
+        if ((*pVfy == NULL) || (type == FIPS186_1_TYPE) ||
+            ((*pVfy)->h.len != 1) || ((*pVfy)->h.data == NULL) ||
+            ((*pVfy)->seed.data == NULL) || ((*pVfy)->seed.len == 0)) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        params = *pParams;
+        verify = *pVfy;
+
+        /* fill in P Q,  */
+        SECITEM_TO_MPINT((*pParams)->prime, &P);
+        SECITEM_TO_MPINT((*pParams)->subPrime, &Q);
+        hashtype = getFirstHash(L, N);
+        CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &(*pVfy)->seed,
+                                    (*pVfy)->h.data[0], &G));
+        MPINT_TO_SECITEM(&G, &(*pParams)->base, (*pParams)->arena);
+        goto cleanup;
+    }
+    /* Initialize an arena for the params. */
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    params = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
+    if (!params) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    }
+    params->arena = arena;
+    /* Initialize an arena for the verify. */
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_FreeArena(params->arena, PR_TRUE);
+        return SECFailure;
+    }
+    verify = (PQGVerify *)PORT_ArenaZAlloc(arena, sizeof(PQGVerify));
+    if (!verify) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_FreeArena(arena, PR_TRUE);
+        PORT_FreeArena(params->arena, PR_TRUE);
+        return SECFailure;
+    }
+    verify->arena = arena;
+    seed = &verify->seed;
+    arena = NULL;
+
+    /* Select Hash and Compute lengths. */
+    /* getFirstHash gives us the smallest acceptable hash for this key
+     * strength */
+    hashtype = getFirstHash(L, N);
+    outlen = HASH_ResultLen(hashtype) * PR_BITS_PER_BYTE;
+
+    /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
+    n = (L - 1) / outlen;
+    /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */
+    seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */
+step_5:
+    /* ******************************************************************
+    ** Step 5. (Step 1 in 186-1)
+    ** "Choose an abitrary sequence of at least N bits and call it SEED.
+    **  Let g be the length of SEED in bits."
+    */
+    if (++iterations > MAX_ITERATIONS) { /* give up after a while */
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        goto cleanup;
+    }
+    seed->len = seedBytes;
+    CHECK_SEC_OK(getPQseed(seed, verify->arena));
+    /* ******************************************************************
+    ** Step 6. (Step 2 in 186-1)
+    **
+    ** "Compute U = SHA[SEED] XOR SHA[(SEED+1) mod 2**g].  (186-1)"
+    ** "Compute U = HASH[SEED] 2**(N-1).  (186-3)"
+    **
+    ** Step 7. (Step 3 in 186-1)
+    ** "Form Q from U by setting the most signficant bit (the 2**159 bit)
+    **  and the least signficant bit to 1.  In terms of boolean operations,
+    **  Q = U OR 2**159 OR 1.  Note that 2**159 < Q < 2**160. (186-1)"
+    **
+    ** "q = 2**(N-1) + U + 1 - (U mod 2) (186-3)
+    **
+    ** Note: Both formulations are the same for U < 2**(N-1) and N=160
+    **
+    ** If using Shawe-Taylor, We do the entire A.1.2.1.2 setps in the block
+    ** FIPS186_3_ST_TYPE.
+    */
+    if (type == FIPS186_1_TYPE) {
+        CHECK_SEC_OK(makeQfromSeed(seedlen, seed, &Q));
+    } else if (type == FIPS186_3_TYPE) {
+        CHECK_SEC_OK(makeQ2fromSeed(hashtype, N, seed, &Q));
+    } else {
+        /* FIPS186_3_ST_TYPE */
+        unsigned int qgen_counter, pgen_counter;
+
+        /* Step 1 (L,N) already checked for acceptability */
+
+        firstseed = *seed;
+        qgen_counter = 0;
+        /* Step 2. Use N and firstseed to  generate random prime q
+     * using Apendix C.6 */
+        CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q,
+                                                  &qseed, &qgen_counter));
+        /* Step 3. Use floor(L/2+1) and qseed to generate random prime p0
+     * using Appendix C.6 */
+        pgen_counter = 0;
+        CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, (L + 1) / 2 + 1,
+                                                  &qseed, &p0, &pseed, &pgen_counter));
+        /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
+        CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L,
+                                                    &p0, &Q, &P, &pseed, &pgen_counter));
+
+        /* combine all the seeds */
+        seed->len = firstseed.len + qseed.len + pseed.len;
+        seed->data = PORT_ArenaZAlloc(verify->arena, seed->len);
+        if (seed->data == NULL) {
+            goto cleanup;
+        }
+        PORT_Memcpy(seed->data, firstseed.data, firstseed.len);
+        PORT_Memcpy(seed->data + firstseed.len, pseed.data, pseed.len);
+        PORT_Memcpy(seed->data + firstseed.len + pseed.len, qseed.data, qseed.len);
+        counter = 0; /* (qgen_counter << 16) | pgen_counter; */
+
+        /* we've generated both P and Q now, skip to generating G */
+        goto generate_G;
+    }
+    /* ******************************************************************
+    ** Step 8. (Step 4 in 186-1)
+    ** "Use a robust primality testing algorithm to test whether q is prime."
+    **
+    ** Appendix 2.1 states that a Rabin test with at least 50 iterations
+    ** "will give an acceptable probability of error."
+    */
+    /*CHECK_SEC_OK( prm_RabinTest(&Q, &passed) );*/
+    err = mpp_pprime(&Q, prime_testcount_q(L, N));
+    passed = (err == MP_YES) ? SECSuccess : SECFailure;
+    /* ******************************************************************
+    ** Step 9. (Step 5 in 186-1) "If q is not prime, goto step 5 (1 in 186-1)."
+    */
+    if (passed != SECSuccess)
+        goto step_5;
+    /* ******************************************************************
+    ** Step 10.
+    **      offset = 1;
+    **(     Step 6b 186-1)"Let counter = 0 and offset = 2."
+    */
+    offset = (type == FIPS186_1_TYPE) ? 2 : 1;
+    /*
+    ** Step 11. (Step 6a,13a,14 in 186-1)
+    **  For counter - 0 to (4L-1) do
+    **
+    */
+    maxCount = L >= 1024 ? (4 * L - 1) : 4095;
+    for (counter = 0; counter <= maxCount; counter++) {
+        /* ******************************************************************
+    ** Step 11.1  (Step 7 in 186-1)
+    ** "for j = 0 ... n let
+    **          V_j = HASH[(SEED + offset + j) mod 2**seedlen]."
+    **
+    ** Step 11.2 (Step 8 in 186-1)
+    ** "W = V_0 + V_1*2**outlen+...+ V_n-1 * 2**((n-1)*outlen) +
+    **                               ((Vn* mod 2**b)*2**(n*outlen))"
+    ** Step 11.3 (Step 8 in 186-1)
+    ** "X = W + 2**(L-1)
+    **  Note that 0 <= W < 2**(L-1) and hence 2**(L-1) <= X < 2**L."
+    **
+    ** Step 11.4 (Step 9 in 186-1).
+    ** "c = X mod 2q"
+    **
+    ** Step 11.5 (Step 9 in 186-1).
+    ** " p = X - (c - 1).
+    **  Note that p is congruent to 1 mod 2q."
+    */
+        CHECK_SEC_OK(makePfromQandSeed(hashtype, L, N, offset, seedlen,
+                                       seed, &Q, &P));
+        /*************************************************************
+    ** Step 11.6. (Step 10 in 186-1)
+    ** "if p < 2**(L-1), then goto step 11.9. (step 13 in 186-1)"
+    */
+        CHECK_MPI_OK(mpl_set_bit(&l, (mp_size)(L - 1), 1)); /* l = 2**(L-1) */
+        if (mp_cmp(&P, &l) < 0)
+            goto step_11_9;
+        /************************************************************
+    ** Step 11.7 (step 11 in 186-1)
+    ** "Perform a robust primality test on p."
+    */
+        /*CHECK_SEC_OK( prm_RabinTest(&P, &passed) );*/
+        err = mpp_pprime(&P, prime_testcount_p(L, N));
+        passed = (err == MP_YES) ? SECSuccess : SECFailure;
+        /* ******************************************************************
+    ** Step 11.8. "If p is determined to be primed return VALID
+        ** values of p, q, seed and counter."
+    */
+        if (passed == SECSuccess)
+            break;
+    step_11_9:
+        /* ******************************************************************
+    ** Step 11.9.  "offset = offset + n + 1."
+    */
+        offset += n + 1;
+    }
+    /* ******************************************************************
+    ** Step 12.  "goto step 5."
+    **
+    ** NOTE: if counter <= maxCount, then we exited the loop at Step 11.8
+    ** and now need to return p,q, seed, and counter.
+    */
+    if (counter > maxCount)
+        goto step_5;
+
+generate_G:
+    /* ******************************************************************
+    ** returning p, q, seed and counter
+    */
+    if (type == FIPS186_1_TYPE) {
+        /* Generate g, This is called the "Unverifiable Generation of g
+     * in FIPA186-3 Appedix A.2.1. For compatibility we maintain
+     * this version of the code */
+        SECITEM_AllocItem(NULL, &hit, L / 8); /* h is no longer than p */
+        if (!hit.data)
+            goto cleanup;
+        do {
+            /* loop generate h until 1<h<p-1 and (h**[(p-1)/q])mod p > 1 */
+            CHECK_SEC_OK(generate_h_candidate(&hit, &H));
+            CHECK_SEC_OK(makeGfromH(&P, &Q, &H, &G, &passed));
+        } while (passed != PR_TRUE);
+        MPINT_TO_SECITEM(&H, &verify->h, verify->arena);
+    } else {
+        unsigned char index = 1; /* default to 1 */
+        verify->h.data = (unsigned char *)PORT_ArenaZAlloc(verify->arena, 1);
+        if (verify->h.data == NULL) {
+            goto cleanup;
+        }
+        verify->h.len = 1;
+        verify->h.data[0] = index;
+        /* Generate g, using the FIPS 186-3 Appendix A.23 */
+        CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, seed, index, &G));
+    }
+    /* All generation is done.  Now, save the PQG params.  */
+    MPINT_TO_SECITEM(&P, &params->prime, params->arena);
+    MPINT_TO_SECITEM(&Q, &params->subPrime, params->arena);
+    MPINT_TO_SECITEM(&G, &params->base, params->arena);
+    verify->counter = counter;
+    *pParams = params;
+    *pVfy = verify;
+cleanup:
+    if (pseed.data) {
+        PORT_Free(pseed.data);
+    }
+    if (qseed.data) {
+        PORT_Free(qseed.data);
+    }
+    mp_clear(&P);
+    mp_clear(&Q);
+    mp_clear(&G);
+    mp_clear(&H);
+    mp_clear(&l);
+    mp_clear(&p0);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv) {
+        if (params) {
+            PORT_FreeArena(params->arena, PR_TRUE);
+        }
+        if (verify) {
+            PORT_FreeArena(verify->arena, PR_TRUE);
+        }
+    }
+    if (hit.data) {
+        SECITEM_FreeItem(&hit, PR_FALSE);
+    }
+    return rv;
+}
+
+SECStatus
+PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int L; /* Length of P in bits.  Per FIPS 186. */
+    unsigned int seedBytes;
+
+    if (j > 8 || !pParams || !pVfy) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    L = 512 + (j * 64); /* bits in P */
+    seedBytes = L / 8;
+    return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
+                        pParams, pVfy);
+}
+
+SECStatus
+PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes,
+                    PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int L; /* Length of P in bits.  Per FIPS 186. */
+
+    if (j > 8 || !pParams || !pVfy) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    L = 512 + (j * 64); /* bits in P */
+    return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
+                        pParams, pVfy);
+}
+
+SECStatus
+PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
+               PQGParams **pParams, PQGVerify **pVfy)
+{
+    if (N == 0) {
+        N = pqg_get_default_N(L);
+    }
+    if (seedBytes == 0) {
+        /* seedBytes == L/8 for probable primes, N/8 for Shawe-Taylor Primes */
+        seedBytes = N / 8;
+    }
+    if (pqg_validate_dsa2(L, N) != SECSuccess) {
+        /* error code already set */
+        return SECFailure;
+    }
+    return pqg_ParamGen(L, N, FIPS186_3_ST_TYPE, seedBytes, pParams, pVfy);
+}
+
+/*
+ * verify can use vfy structures returned from either FIPS186-1 or
+ * FIPS186-2, and can handle differences in selected Hash functions to
+ * generate the parameters.
+ */
+SECStatus
+PQG_VerifyParams(const PQGParams *params,
+                 const PQGVerify *vfy, SECStatus *result)
+{
+    SECStatus rv = SECSuccess;
+    unsigned int g, n, L, N, offset, outlen;
+    mp_int p0, P, Q, G, P_, Q_, G_, r, h;
+    mp_err err = MP_OKAY;
+    int j;
+    unsigned int counter_max = 0; /* handle legacy L < 1024 */
+    unsigned int qseed_len;
+    SECItem pseed_ = { 0, 0, 0 };
+    HASH_HashType hashtype;
+    pqgGenType type;
+
+#define CHECKPARAM(cond)      \
+    if (!(cond)) {            \
+        *result = SECFailure; \
+        goto cleanup;         \
+    }
+    if (!params || !vfy || !result) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* always need at least p, q, and seed for any meaningful check */
+    if ((params->prime.len == 0) || (params->subPrime.len == 0) ||
+        (vfy->seed.len == 0)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* we want to either check PQ or G or both. If we don't have G, make
+     * sure we have count so we can check P. */
+    if ((params->base.len == 0) && (vfy->counter == -1)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    MP_DIGITS(&p0) = 0;
+    MP_DIGITS(&P) = 0;
+    MP_DIGITS(&Q) = 0;
+    MP_DIGITS(&G) = 0;
+    MP_DIGITS(&P_) = 0;
+    MP_DIGITS(&Q_) = 0;
+    MP_DIGITS(&G_) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&h) = 0;
+    CHECK_MPI_OK(mp_init(&p0));
+    CHECK_MPI_OK(mp_init(&P));
+    CHECK_MPI_OK(mp_init(&Q));
+    CHECK_MPI_OK(mp_init(&G));
+    CHECK_MPI_OK(mp_init(&P_));
+    CHECK_MPI_OK(mp_init(&Q_));
+    CHECK_MPI_OK(mp_init(&G_));
+    CHECK_MPI_OK(mp_init(&r));
+    CHECK_MPI_OK(mp_init(&h));
+    *result = SECSuccess;
+    SECITEM_TO_MPINT(params->prime, &P);
+    SECITEM_TO_MPINT(params->subPrime, &Q);
+    /* if G isn't specified, just check P and Q */
+    if (params->base.len != 0) {
+        SECITEM_TO_MPINT(params->base, &G);
+    }
+    /* 1.  Check (L,N) pair */
+    N = mpl_significant_bits(&Q);
+    L = mpl_significant_bits(&P);
+    if (L < 1024) {
+        /* handle DSA1 pqg parameters with less thatn 1024 bits*/
+        CHECKPARAM(N == DSA1_Q_BITS);
+        j = PQG_PBITS_TO_INDEX(L);
+        CHECKPARAM(j >= 0 && j <= 8);
+        counter_max = 4096;
+    } else {
+        /* handle DSA2 parameters (includes DSA1, 1024 bits) */
+        CHECKPARAM(pqg_validate_dsa2(L, N) == SECSuccess);
+        counter_max = 4 * L;
+    }
+    /* 3.  G < P */
+    if (params->base.len != 0) {
+        CHECKPARAM(mp_cmp(&G, &P) < 0);
+    }
+    /* 4.  P % Q == 1 */
+    CHECK_MPI_OK(mp_mod(&P, &Q, &r));
+    CHECKPARAM(mp_cmp_d(&r, 1) == 0);
+    /* 5.  Q is prime */
+    CHECKPARAM(mpp_pprime(&Q, prime_testcount_q(L, N)) == MP_YES);
+    /* 6.  P is prime */
+    CHECKPARAM(mpp_pprime(&P, prime_testcount_p(L, N)) == MP_YES);
+    /* Steps 7-12 are done only if the optional PQGVerify is supplied. */
+    /* continue processing P */
+    /* 7.  counter < 4*L */
+    CHECKPARAM((vfy->counter == -1) || (vfy->counter < counter_max));
+    /* 8.  g >= N and g < 2*L   (g is length of seed in bits) */
+    g = vfy->seed.len * 8;
+    CHECKPARAM(g >= N && g < counter_max / 2);
+    /* 9.  Q generated from SEED matches Q in PQGParams. */
+    /* This function checks all possible hash and generation types to
+     * find a Q_ which matches Q. */
+    CHECKPARAM(findQfromSeed(L, N, g, &vfy->seed, &Q, &Q_, &qseed_len,
+                             &hashtype, &type) == SECSuccess);
+    CHECKPARAM(mp_cmp(&Q, &Q_) == 0);
+    if (type == FIPS186_3_ST_TYPE) {
+        SECItem qseed = { 0, 0, 0 };
+        SECItem pseed = { 0, 0, 0 };
+        unsigned int first_seed_len;
+        unsigned int pgen_counter = 0;
+
+        /* extract pseed and qseed from domain_parameter_seed, which is
+         * first_seed || pseed || qseed. qseed is first_seed + small_integer
+         * pseed is qseed + small_integer. This means most of the time
+         * first_seed.len == qseed.len == pseed.len. Rarely qseed.len and/or
+         * pseed.len will be one greater than first_seed.len, so we can
+         * depend on the fact that
+         *   first_seed.len = floor(domain_parameter_seed.len/3).
+         * findQfromSeed returned qseed.len, so we can calculate pseed.len as
+         *   pseed.len = domain_parameter_seed.len - first_seed.len - qseed.len
+         * this is probably over kill, since 99.999% of the time they will all
+         * be equal.
+         *
+         * With the lengths, we can now find the offsets;
+         * first_seed.data = domain_parameter_seed.data + 0
+         * pseed.data = domain_parameter_seed.data + first_seed.len
+         * qseed.data = domain_parameter_seed.data
+         *         + domain_paramter_seed.len - qseed.len
+         *
+         */
+        first_seed_len = vfy->seed.len / 3;
+        CHECKPARAM(qseed_len < vfy->seed.len);
+        CHECKPARAM(first_seed_len * 8 > N - 1);
+        CHECKPARAM(first_seed_len + qseed_len < vfy->seed.len);
+        qseed.len = qseed_len;
+        qseed.data = vfy->seed.data + vfy->seed.len - qseed.len;
+        pseed.len = vfy->seed.len - (first_seed_len + qseed_len);
+        pseed.data = vfy->seed.data + first_seed_len;
+
+        /*
+         * now complete FIPS 186-3 A.1.2.1.2. Step 1 was completed
+         * above in our initial checks, Step 2 was completed by
+         * findQfromSeed */
+
+        /* Step 3 (status, c0, prime_seed, prime_gen_counter) =
+        ** (ST_Random_Prime((ceil(length/2)+1, input_seed)
+        */
+        CHECK_SEC_OK(makePrimefromSeedShaweTaylor(hashtype, (L + 1) / 2 + 1,
+                                                  &qseed, &p0, &pseed_, &pgen_counter));
+        /* Steps 4-22 FIPS 186-3 appendix A.1.2.1.2 */
+        CHECK_SEC_OK(makePrimefromPrimesShaweTaylor(hashtype, L,
+                                                    &p0, &Q_, &P_, &pseed_, &pgen_counter));
+        CHECKPARAM(mp_cmp(&P, &P_) == 0);
+        /* make sure pseed wasn't tampered with (since it is part of
+         * calculating G) */
+        CHECKPARAM(SECITEM_CompareItem(&pseed, &pseed_) == SECEqual);
+    } else if (vfy->counter == -1) {
+        /* If counter is set to -1, we are really only verifying G, skip
+         * the remainder of the checks for P */
+        CHECKPARAM(type != FIPS186_1_TYPE); /* we only do this for DSA2 */
+    } else {
+        /* 10. P generated from (L, counter, g, SEED, Q) matches P
+         * in PQGParams. */
+        outlen = HASH_ResultLen(hashtype) * PR_BITS_PER_BYTE;
+        n = (L - 1) / outlen;
+        offset = vfy->counter * (n + 1) + ((type == FIPS186_1_TYPE) ? 2 : 1);
+        CHECK_SEC_OK(makePfromQandSeed(hashtype, L, N, offset, g, &vfy->seed,
+                                       &Q, &P_));
+        CHECKPARAM(mp_cmp(&P, &P_) == 0);
+    }
+
+    /* now check G, skip if don't have a g */
+    if (params->base.len == 0)
+        goto cleanup;
+
+    /* first Always check that G is OK  FIPS186-3 A.2.2  & A.2.4*/
+    /* 1. 2 < G < P-1 */
+    /* P is prime, p-1 == zero 1st bit */
+    CHECK_MPI_OK(mpl_set_bit(&P, 0, 0));
+    CHECKPARAM(mp_cmp_d(&G, 2) > 0 && mp_cmp(&G, &P) < 0);
+    CHECK_MPI_OK(mpl_set_bit(&P, 0, 1)); /* set it back */
+    /* 2. verify g**q mod p == 1 */
+    CHECK_MPI_OK(mp_exptmod(&G, &Q, &P, &h)); /* h = G ** Q mod P */
+    CHECKPARAM(mp_cmp_d(&h, 1) == 0);
+
+    /* no h, the above is the best we can do */
+    if (vfy->h.len == 0) {
+        if (type != FIPS186_1_TYPE) {
+            *result = SECWouldBlock;
+        }
+        goto cleanup;
+    }
+
+    /*
+     * If h is one byte and FIPS186-3 was used to generate Q (we've verified
+     * Q was generated from seed already, then we assume that FIPS 186-3
+     * appendix A.2.3 was used to generate G. Otherwise we assume A.2.1 was
+     * used to generate G.
+     */
+    if ((vfy->h.len == 1) && (type != FIPS186_1_TYPE)) {
+        /* A.2.3 */
+        CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &vfy->seed,
+                                    vfy->h.data[0], &G_));
+        CHECKPARAM(mp_cmp(&G, &G_) == 0);
+    } else {
+        int passed;
+        /* A.2.1 */
+        SECITEM_TO_MPINT(vfy->h, &h);
+        /* 11. 1 < h < P-1 */
+        /* P is prime, p-1 == zero 1st bit */
+        CHECK_MPI_OK(mpl_set_bit(&P, 0, 0));
+        CHECKPARAM(mp_cmp_d(&G, 2) > 0 && mp_cmp(&G, &P));
+        CHECK_MPI_OK(mpl_set_bit(&P, 0, 1)); /* set it back */
+                                             /* 12. G generated from h matches G in PQGParams. */
+        CHECK_SEC_OK(makeGfromH(&P, &Q, &h, &G_, &passed));
+        CHECKPARAM(passed && mp_cmp(&G, &G_) == 0);
+    }
+cleanup:
+    mp_clear(&p0);
+    mp_clear(&P);
+    mp_clear(&Q);
+    mp_clear(&G);
+    mp_clear(&P_);
+    mp_clear(&Q_);
+    mp_clear(&G_);
+    mp_clear(&r);
+    mp_clear(&h);
+    if (pseed_.data) {
+        SECITEM_FreeItem(&pseed_, PR_FALSE);
+    }
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/**************************************************************************
+ *  Free the PQGParams struct and the things it points to.                *
+ **************************************************************************/
+void
+PQG_DestroyParams(PQGParams *params)
+{
+    if (params == NULL)
+        return;
+    if (params->arena != NULL) {
+        PORT_FreeArena(params->arena, PR_FALSE); /* don't zero it */
+    } else {
+        SECITEM_FreeItem(&params->prime, PR_FALSE);    /* don't free prime */
+        SECITEM_FreeItem(&params->subPrime, PR_FALSE); /* don't free subPrime */
+        SECITEM_FreeItem(&params->base, PR_FALSE);     /* don't free base */
+        PORT_Free(params);
+    }
+}
+
+/**************************************************************************
+ *  Free the PQGVerify struct and the things it points to.                *
+ **************************************************************************/
+
+void
+PQG_DestroyVerify(PQGVerify *vfy)
+{
+    if (vfy == NULL)
+        return;
+    if (vfy->arena != NULL) {
+        PORT_FreeArena(vfy->arena, PR_FALSE); /* don't zero it */
+    } else {
+        SECITEM_FreeItem(&vfy->seed, PR_FALSE); /* don't free seed */
+        SECITEM_FreeItem(&vfy->h, PR_FALSE);    /* don't free h */
+        PORT_Free(vfy);
+    }
+}
diff --git a/nss/lib/freebl/pqg.h b/nss/lib/freebl/pqg.h
new file mode 100644
index 0000000..c4eecd5
--- /dev/null
+++ b/nss/lib/freebl/pqg.h
@@ -0,0 +1,25 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  pqg.h
+ *
+ *  header file for pqg functions exported just to freebl
+ */
+
+#ifndef _PQG_H_
+#define _PQG_H_ 1
+
+/* PQG_GetLength returns the significant bytes in the SECItem object (that is
+ * the length of the object minus any leading zeros. Any SECItem may be used,
+ * though this function is usually used for P, Q, or G values */
+unsigned int PQG_GetLength(const SECItem *obj);
+/* Check to see the PQG parameters patch a NIST defined DSA size,
+ * returns SECFaillure and sets SEC_ERROR_INVALID_ARGS if it doesn't.
+ * See blapi.h for legal DSA PQG sizes. */
+SECStatus PQG_Check(const PQGParams *params);
+/* Return the prefered hash algorithm for the given PQGParameters. */
+HASH_HashType PQG_GetHashType(const PQGParams *params);
+
+#endif /* _PQG_H_ */
diff --git a/nss/lib/freebl/rawhash.c b/nss/lib/freebl/rawhash.c
new file mode 100644
index 0000000..551727b
--- /dev/null
+++ b/nss/lib/freebl/rawhash.c
@@ -0,0 +1,154 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "nspr.h"
+#include "hasht.h"
+#include "blapi.h" /* below the line */
+#include "secerr.h"
+
+static void *
+null_hash_new_context(void)
+{
+    return NULL;
+}
+
+static void *
+null_hash_clone_context(void *v)
+{
+    PORT_Assert(v == NULL);
+    return NULL;
+}
+
+static void
+null_hash_begin(void *v)
+{
+}
+
+static void
+null_hash_update(void *v, const unsigned char *input, unsigned int length)
+{
+}
+
+static void
+null_hash_end(void *v, unsigned char *output, unsigned int *outLen,
+              unsigned int maxOut)
+{
+    *outLen = 0;
+}
+
+static void
+null_hash_destroy_context(void *v, PRBool b)
+{
+    PORT_Assert(v == NULL);
+}
+
+const SECHashObject SECRawHashObjects[] = {
+    { 0,
+      (void *(*)(void))null_hash_new_context,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))null_hash_destroy_context,
+      (void (*)(void *))null_hash_begin,
+      (void (*)(void *, const unsigned char *, unsigned int))null_hash_update,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))null_hash_end,
+      0,
+      HASH_AlgNULL,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))null_hash_end },
+    {
+        MD2_LENGTH,
+        (void *(*)(void))MD2_NewContext,
+        (void *(*)(void *))null_hash_clone_context,
+        (void (*)(void *, PRBool))MD2_DestroyContext,
+        (void (*)(void *))MD2_Begin,
+        (void (*)(void *, const unsigned char *, unsigned int))MD2_Update,
+        (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD2_End,
+        MD2_BLOCK_LENGTH,
+        HASH_AlgMD2,
+        NULL /* end_raw */
+    },
+    { MD5_LENGTH,
+      (void *(*)(void))MD5_NewContext,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))MD5_DestroyContext,
+      (void (*)(void *))MD5_Begin,
+      (void (*)(void *, const unsigned char *, unsigned int))MD5_Update,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_End,
+      MD5_BLOCK_LENGTH,
+      HASH_AlgMD5,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_EndRaw },
+    { SHA1_LENGTH,
+      (void *(*)(void))SHA1_NewContext,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))SHA1_DestroyContext,
+      (void (*)(void *))SHA1_Begin,
+      (void (*)(void *, const unsigned char *, unsigned int))SHA1_Update,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))SHA1_End,
+      SHA1_BLOCK_LENGTH,
+      HASH_AlgSHA1,
+      (void (*)(void *, unsigned char *, unsigned int *, unsigned int))
+          SHA1_EndRaw },
+    { SHA256_LENGTH,
+      (void *(*)(void))SHA256_NewContext,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))SHA256_DestroyContext,
+      (void (*)(void *))SHA256_Begin,
+      (void (*)(void *, const unsigned char *, unsigned int))SHA256_Update,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA256_End,
+      SHA256_BLOCK_LENGTH,
+      HASH_AlgSHA256,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA256_EndRaw },
+    { SHA384_LENGTH,
+      (void *(*)(void))SHA384_NewContext,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))SHA384_DestroyContext,
+      (void (*)(void *))SHA384_Begin,
+      (void (*)(void *, const unsigned char *, unsigned int))SHA384_Update,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA384_End,
+      SHA384_BLOCK_LENGTH,
+      HASH_AlgSHA384,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA384_EndRaw },
+    { SHA512_LENGTH,
+      (void *(*)(void))SHA512_NewContext,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))SHA512_DestroyContext,
+      (void (*)(void *))SHA512_Begin,
+      (void (*)(void *, const unsigned char *, unsigned int))SHA512_Update,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA512_End,
+      SHA512_BLOCK_LENGTH,
+      HASH_AlgSHA512,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA512_EndRaw },
+    { SHA224_LENGTH,
+      (void *(*)(void))SHA224_NewContext,
+      (void *(*)(void *))null_hash_clone_context,
+      (void (*)(void *, PRBool))SHA224_DestroyContext,
+      (void (*)(void *))SHA224_Begin,
+      (void (*)(void *, const unsigned char *, unsigned int))SHA224_Update,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA224_End,
+      SHA224_BLOCK_LENGTH,
+      HASH_AlgSHA224,
+      (void (*)(void *, unsigned char *, unsigned int *,
+                unsigned int))SHA224_EndRaw },
+};
+
+const SECHashObject *
+HASH_GetRawHashObject(HASH_HashType hashType)
+{
+    if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    return &SECRawHashObjects[hashType];
+}
diff --git a/nss/lib/freebl/ret_cr16.s b/nss/lib/freebl/ret_cr16.s
new file mode 100644
index 0000000..1f53fc9
--- /dev/null
+++ b/nss/lib/freebl/ret_cr16.s
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef __LP64__
+        .LEVEL   2.0W
+#else
+        .LEVEL   1.1
+#endif
+
+	.CODE	; equivalent to the following two lines
+;       .SPACE   $TEXT$,SORT=8
+;       .SUBSPA  $CODE$,QUAD=0,ALIGN=4,ACCESS=0x2c,CODE_ONLY,SORT=24
+
+ret_cr16
+	.PROC
+	.CALLINFO 	FRAME=0, NO_CALLS
+	.EXPORT 	ret_cr16,ENTRY
+	.ENTRY
+;	BV		%r0(%rp)
+	BV		0(%rp)
+	MFCTL		%cr16,%ret0
+        BV %r0(%rp)
+        .EXIT
+        NOP
+        .PROCEND
+        .END
diff --git a/nss/lib/freebl/rijndael.c b/nss/lib/freebl/rijndael.c
new file mode 100644
index 0000000..4bb1826
--- /dev/null
+++ b/nss/lib/freebl/rijndael.c
@@ -0,0 +1,1375 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prinit.h"
+#include "prenv.h"
+#include "prerr.h"
+#include "secerr.h"
+
+#include "prtypes.h"
+#include "blapi.h"
+#include "rijndael.h"
+
+#include "cts.h"
+#include "ctr.h"
+#include "gcm.h"
+
+#ifdef USE_HW_AES
+#include "intel-aes.h"
+#endif
+
+#include "mpi.h"
+
+#ifdef USE_HW_AES
+static int has_intel_aes = 0;
+static PRBool use_hw_aes = PR_FALSE;
+
+#ifdef INTEL_GCM
+#include "intel-gcm.h"
+static int has_intel_avx = 0;
+static int has_intel_clmul = 0;
+static PRBool use_hw_gcm = PR_FALSE;
+#if defined(_MSC_VER) && !defined(_M_IX86)
+#include <intrin.h> /* for _xgetbv() */
+#endif
+#endif
+#endif /* USE_HW_AES */
+
+/*
+ * There are currently five ways to build this code, varying in performance
+ * and code size.
+ *
+ * RIJNDAEL_INCLUDE_TABLES         Include all tables from rijndael32.tab
+ * RIJNDAEL_GENERATE_TABLES        Generate tables on first
+ *                                 encryption/decryption, then store them;
+ *                                 use the function gfm
+ * RIJNDAEL_GENERATE_TABLES_MACRO  Same as above, but use macros to do
+ *                                 the generation
+ * RIJNDAEL_GENERATE_VALUES        Do not store tables, generate the table
+ *                                 values "on-the-fly", using gfm
+ * RIJNDAEL_GENERATE_VALUES_MACRO  Same as above, but use macros
+ *
+ * The default is RIJNDAEL_INCLUDE_TABLES.
+ */
+
+/*
+ * When building RIJNDAEL_INCLUDE_TABLES, includes S**-1, Rcon, T[0..4],
+ *                                                 T**-1[0..4], IMXC[0..4]
+ * When building anything else, includes S, S**-1, Rcon
+ */
+#include "rijndael32.tab"
+
+#if defined(RIJNDAEL_INCLUDE_TABLES)
+/*
+ * RIJNDAEL_INCLUDE_TABLES
+ */
+#define T0(i) _T0[i]
+#define T1(i) _T1[i]
+#define T2(i) _T2[i]
+#define T3(i) _T3[i]
+#define TInv0(i) _TInv0[i]
+#define TInv1(i) _TInv1[i]
+#define TInv2(i) _TInv2[i]
+#define TInv3(i) _TInv3[i]
+#define IMXC0(b) _IMXC0[b]
+#define IMXC1(b) _IMXC1[b]
+#define IMXC2(b) _IMXC2[b]
+#define IMXC3(b) _IMXC3[b]
+/* The S-box can be recovered from the T-tables */
+#ifdef IS_LITTLE_ENDIAN
+#define SBOX(b) ((PRUint8)_T3[b])
+#else
+#define SBOX(b) ((PRUint8)_T1[b])
+#endif
+#define SINV(b) (_SInv[b])
+
+#else /* not RIJNDAEL_INCLUDE_TABLES */
+
+/*
+ * Code for generating T-table values.
+ */
+
+#ifdef IS_LITTLE_ENDIAN
+#define WORD4(b0, b1, b2, b3) \
+    ((((PRUint32)b3) << 24) | \
+     (((PRUint32)b2) << 16) | \
+     (((PRUint32)b1) << 8) |  \
+     ((PRUint32)b0))
+#else
+#define WORD4(b0, b1, b2, b3) \
+    ((((PRUint32)b0) << 24) | \
+     (((PRUint32)b1) << 16) | \
+     (((PRUint32)b2) << 8) |  \
+     ((PRUint32)b3))
+#endif
+
+/*
+ * Define the S and S**-1 tables (both have been stored)
+ */
+#define SBOX(b) (_S[b])
+#define SINV(b) (_SInv[b])
+
+/*
+ * The function xtime, used for Galois field multiplication
+ */
+#define XTIME(a) \
+    ((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1))
+
+/* Choose GFM method (macros or function) */
+#if defined(RIJNDAEL_GENERATE_TABLES_MACRO) || \
+    defined(RIJNDAEL_GENERATE_VALUES_MACRO)
+
+/*
+ * Galois field GF(2**8) multipliers, in macro form
+ */
+#define GFM01(a) \
+    (a) /* a * 01 = a, the identity */
+#define GFM02(a) \
+    (XTIME(a) & 0xff) /* a * 02 = xtime(a) */
+#define GFM04(a) \
+    (GFM02(GFM02(a))) /* a * 04 = xtime**2(a) */
+#define GFM08(a) \
+    (GFM02(GFM04(a))) /* a * 08 = xtime**3(a) */
+#define GFM03(a) \
+    (GFM01(a) ^ GFM02(a)) /* a * 03 = a * (01 + 02) */
+#define GFM09(a) \
+    (GFM01(a) ^ GFM08(a)) /* a * 09 = a * (01 + 08) */
+#define GFM0B(a) \
+    (GFM01(a) ^ GFM02(a) ^ GFM08(a)) /* a * 0B = a * (01 + 02 + 08) */
+#define GFM0D(a) \
+    (GFM01(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0D = a * (01 + 04 + 08) */
+#define GFM0E(a) \
+    (GFM02(a) ^ GFM04(a) ^ GFM08(a)) /* a * 0E = a * (02 + 04 + 08) */
+
+#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_VALUES */
+
+/* GF_MULTIPLY
+ *
+ * multiply two bytes represented in GF(2**8), mod (x**4 + 1)
+ */
+PRUint8
+gfm(PRUint8 a, PRUint8 b)
+{
+    PRUint8 res = 0;
+    while (b > 0) {
+        res = (b & 0x01) ? res ^ a : res;
+        a = XTIME(a);
+        b >>= 1;
+    }
+    return res;
+}
+
+#define GFM01(a) \
+    (a) /* a * 01 = a, the identity */
+#define GFM02(a) \
+    (XTIME(a) & 0xff) /* a * 02 = xtime(a) */
+#define GFM03(a) \
+    (gfm(a, 0x03)) /* a * 03 */
+#define GFM09(a) \
+    (gfm(a, 0x09)) /* a * 09 */
+#define GFM0B(a) \
+    (gfm(a, 0x0B)) /* a * 0B */
+#define GFM0D(a) \
+    (gfm(a, 0x0D)) /* a * 0D */
+#define GFM0E(a) \
+    (gfm(a, 0x0E)) /* a * 0E */
+
+#endif /* choosing GFM function */
+
+/*
+ * The T-tables
+ */
+#define G_T0(i) \
+    (WORD4(GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i))))
+#define G_T1(i) \
+    (WORD4(GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i)), GFM01(SBOX(i))))
+#define G_T2(i) \
+    (WORD4(GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i)), GFM01(SBOX(i))))
+#define G_T3(i) \
+    (WORD4(GFM01(SBOX(i)), GFM01(SBOX(i)), GFM03(SBOX(i)), GFM02(SBOX(i))))
+
+/*
+ * The inverse T-tables
+ */
+#define G_TInv0(i) \
+    (WORD4(GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i))))
+#define G_TInv1(i) \
+    (WORD4(GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i)), GFM0D(SINV(i))))
+#define G_TInv2(i) \
+    (WORD4(GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i)), GFM09(SINV(i))))
+#define G_TInv3(i) \
+    (WORD4(GFM09(SINV(i)), GFM0D(SINV(i)), GFM0B(SINV(i)), GFM0E(SINV(i))))
+
+/*
+ * The inverse mix column tables
+ */
+#define G_IMXC0(i) \
+    (WORD4(GFM0E(i), GFM09(i), GFM0D(i), GFM0B(i)))
+#define G_IMXC1(i) \
+    (WORD4(GFM0B(i), GFM0E(i), GFM09(i), GFM0D(i)))
+#define G_IMXC2(i) \
+    (WORD4(GFM0D(i), GFM0B(i), GFM0E(i), GFM09(i)))
+#define G_IMXC3(i) \
+    (WORD4(GFM09(i), GFM0D(i), GFM0B(i), GFM0E(i)))
+
+/* Now choose the T-table indexing method */
+#if defined(RIJNDAEL_GENERATE_VALUES)
+/* generate values for the tables with a function*/
+static PRUint32
+gen_TInvXi(PRUint8 tx, PRUint8 i)
+{
+    PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E;
+    si01 = SINV(i);
+    si02 = XTIME(si01);
+    si04 = XTIME(si02);
+    si08 = XTIME(si04);
+    si03 = si02 ^ si01;
+    si09 = si08 ^ si01;
+    si0B = si08 ^ si03;
+    si0D = si09 ^ si04;
+    si0E = si08 ^ si04 ^ si02;
+    switch (tx) {
+        case 0:
+            return WORD4(si0E, si09, si0D, si0B);
+        case 1:
+            return WORD4(si0B, si0E, si09, si0D);
+        case 2:
+            return WORD4(si0D, si0B, si0E, si09);
+        case 3:
+            return WORD4(si09, si0D, si0B, si0E);
+    }
+    return -1;
+}
+#define T0(i) G_T0(i)
+#define T1(i) G_T1(i)
+#define T2(i) G_T2(i)
+#define T3(i) G_T3(i)
+#define TInv0(i) gen_TInvXi(0, i)
+#define TInv1(i) gen_TInvXi(1, i)
+#define TInv2(i) gen_TInvXi(2, i)
+#define TInv3(i) gen_TInvXi(3, i)
+#define IMXC0(b) G_IMXC0(b)
+#define IMXC1(b) G_IMXC1(b)
+#define IMXC2(b) G_IMXC2(b)
+#define IMXC3(b) G_IMXC3(b)
+#elif defined(RIJNDAEL_GENERATE_VALUES_MACRO)
+/* generate values for the tables with macros */
+#define T0(i) G_T0(i)
+#define T1(i) G_T1(i)
+#define T2(i) G_T2(i)
+#define T3(i) G_T3(i)
+#define TInv0(i) G_TInv0(i)
+#define TInv1(i) G_TInv1(i)
+#define TInv2(i) G_TInv2(i)
+#define TInv3(i) G_TInv3(i)
+#define IMXC0(b) G_IMXC0(b)
+#define IMXC1(b) G_IMXC1(b)
+#define IMXC2(b) G_IMXC2(b)
+#define IMXC3(b) G_IMXC3(b)
+#else /* RIJNDAEL_GENERATE_TABLES or RIJNDAEL_GENERATE_TABLES_MACRO */
+/* Generate T and T**-1 table values and store, then index */
+/* The inverse mix column tables are still generated */
+#define T0(i) rijndaelTables->T0[i]
+#define T1(i) rijndaelTables->T1[i]
+#define T2(i) rijndaelTables->T2[i]
+#define T3(i) rijndaelTables->T3[i]
+#define TInv0(i) rijndaelTables->TInv0[i]
+#define TInv1(i) rijndaelTables->TInv1[i]
+#define TInv2(i) rijndaelTables->TInv2[i]
+#define TInv3(i) rijndaelTables->TInv3[i]
+#define IMXC0(b) G_IMXC0(b)
+#define IMXC1(b) G_IMXC1(b)
+#define IMXC2(b) G_IMXC2(b)
+#define IMXC3(b) G_IMXC3(b)
+#endif /* choose T-table indexing method */
+
+#endif /* not RIJNDAEL_INCLUDE_TABLES */
+
+#if defined(RIJNDAEL_GENERATE_TABLES) || \
+    defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+
+/* Code to generate and store the tables */
+
+struct rijndael_tables_str {
+    PRUint32 T0[256];
+    PRUint32 T1[256];
+    PRUint32 T2[256];
+    PRUint32 T3[256];
+    PRUint32 TInv0[256];
+    PRUint32 TInv1[256];
+    PRUint32 TInv2[256];
+    PRUint32 TInv3[256];
+};
+
+static struct rijndael_tables_str *rijndaelTables = NULL;
+static PRCallOnceType coRTInit = { 0, 0, 0 };
+static PRStatus
+init_rijndael_tables(void)
+{
+    PRUint32 i;
+    PRUint8 si01, si02, si03, si04, si08, si09, si0B, si0D, si0E;
+    struct rijndael_tables_str *rts;
+    rts = (struct rijndael_tables_str *)
+        PORT_Alloc(sizeof(struct rijndael_tables_str));
+    if (!rts)
+        return PR_FAILURE;
+    for (i = 0; i < 256; i++) {
+        /* The forward values */
+        si01 = SBOX(i);
+        si02 = XTIME(si01);
+        si03 = si02 ^ si01;
+        rts->T0[i] = WORD4(si02, si01, si01, si03);
+        rts->T1[i] = WORD4(si03, si02, si01, si01);
+        rts->T2[i] = WORD4(si01, si03, si02, si01);
+        rts->T3[i] = WORD4(si01, si01, si03, si02);
+        /* The inverse values */
+        si01 = SINV(i);
+        si02 = XTIME(si01);
+        si04 = XTIME(si02);
+        si08 = XTIME(si04);
+        si03 = si02 ^ si01;
+        si09 = si08 ^ si01;
+        si0B = si08 ^ si03;
+        si0D = si09 ^ si04;
+        si0E = si08 ^ si04 ^ si02;
+        rts->TInv0[i] = WORD4(si0E, si09, si0D, si0B);
+        rts->TInv1[i] = WORD4(si0B, si0E, si09, si0D);
+        rts->TInv2[i] = WORD4(si0D, si0B, si0E, si09);
+        rts->TInv3[i] = WORD4(si09, si0D, si0B, si0E);
+    }
+    /* wait until all the values are in to set */
+    rijndaelTables = rts;
+    return PR_SUCCESS;
+}
+
+#endif /* code to generate tables */
+
+/**************************************************************************
+ *
+ * Stuff related to the Rijndael key schedule
+ *
+ *************************************************************************/
+
+#define SUBBYTE(w)                                \
+    ((((PRUint32)SBOX((w >> 24) & 0xff)) << 24) | \
+     (((PRUint32)SBOX((w >> 16) & 0xff)) << 16) | \
+     (((PRUint32)SBOX((w >> 8) & 0xff)) << 8) |   \
+     (((PRUint32)SBOX((w)&0xff))))
+
+#ifdef IS_LITTLE_ENDIAN
+#define ROTBYTE(b) \
+    ((b >> 8) | (b << 24))
+#else
+#define ROTBYTE(b) \
+    ((b << 8) | (b >> 24))
+#endif
+
+/* rijndael_key_expansion7
+ *
+ * Generate the expanded key from the key input by the user.
+ * XXX
+ * Nk == 7 (224 key bits) is a weird case.  Since Nk > 6, an added SubByte
+ * transformation is done periodically.  The period is every 4 bytes, and
+ * since 7%4 != 0 this happens at different times for each key word (unlike
+ * Nk == 8 where it happens twice in every key word, in the same positions).
+ * For now, I'm implementing this case "dumbly", w/o any unrolling.
+ */
+static SECStatus
+rijndael_key_expansion7(AESContext *cx, const unsigned char *key, unsigned int Nk)
+{
+    unsigned int i;
+    PRUint32 *W;
+    PRUint32 *pW;
+    PRUint32 tmp;
+    W = cx->expandedKey;
+    /* 1.  the first Nk words contain the cipher key */
+    memcpy(W, key, Nk * 4);
+    i = Nk;
+    /* 2.  loop until full expanded key is obtained */
+    pW = W + i - 1;
+    for (; i < cx->Nb * (cx->Nr + 1); ++i) {
+        tmp = *pW++;
+        if (i % Nk == 0)
+            tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+        else if (i % Nk == 4)
+            tmp = SUBBYTE(tmp);
+        *pW = W[i - Nk] ^ tmp;
+    }
+    return SECSuccess;
+}
+
+/* rijndael_key_expansion
+ *
+ * Generate the expanded key from the key input by the user.
+ */
+static SECStatus
+rijndael_key_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk)
+{
+    unsigned int i;
+    PRUint32 *W;
+    PRUint32 *pW;
+    PRUint32 tmp;
+    unsigned int round_key_words = cx->Nb * (cx->Nr + 1);
+    if (Nk == 7)
+        return rijndael_key_expansion7(cx, key, Nk);
+    W = cx->expandedKey;
+    /* The first Nk words contain the input cipher key */
+    memcpy(W, key, Nk * 4);
+    i = Nk;
+    pW = W + i - 1;
+    /* Loop over all sets of Nk words, except the last */
+    while (i < round_key_words - Nk) {
+        tmp = *pW++;
+        tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+        *pW = W[i++ - Nk] ^ tmp;
+        tmp = *pW++;
+        *pW = W[i++ - Nk] ^ tmp;
+        tmp = *pW++;
+        *pW = W[i++ - Nk] ^ tmp;
+        tmp = *pW++;
+        *pW = W[i++ - Nk] ^ tmp;
+        if (Nk == 4)
+            continue;
+        switch (Nk) {
+            case 8:
+                tmp = *pW++;
+                tmp = SUBBYTE(tmp);
+                *pW = W[i++ - Nk] ^ tmp;
+            case 7:
+                tmp = *pW++;
+                *pW = W[i++ - Nk] ^ tmp;
+            case 6:
+                tmp = *pW++;
+                *pW = W[i++ - Nk] ^ tmp;
+            case 5:
+                tmp = *pW++;
+                *pW = W[i++ - Nk] ^ tmp;
+        }
+    }
+    /* Generate the last word */
+    tmp = *pW++;
+    tmp = SUBBYTE(ROTBYTE(tmp)) ^ Rcon[i / Nk - 1];
+    *pW = W[i++ - Nk] ^ tmp;
+    /* There may be overflow here, if Nk % (Nb * (Nr + 1)) > 0.  However,
+     * since the above loop generated all but the last Nk key words, there
+     * is no more need for the SubByte transformation.
+     */
+    if (Nk < 8) {
+        for (; i < round_key_words; ++i) {
+            tmp = *pW++;
+            *pW = W[i - Nk] ^ tmp;
+        }
+    } else {
+        /* except in the case when Nk == 8.  Then one more SubByte may have
+         * to be performed, at i % Nk == 4.
+         */
+        for (; i < round_key_words; ++i) {
+            tmp = *pW++;
+            if (i % Nk == 4)
+                tmp = SUBBYTE(tmp);
+            *pW = W[i - Nk] ^ tmp;
+        }
+    }
+    return SECSuccess;
+}
+
+/* rijndael_invkey_expansion
+ *
+ * Generate the expanded key for the inverse cipher from the key input by
+ * the user.
+ */
+static SECStatus
+rijndael_invkey_expansion(AESContext *cx, const unsigned char *key, unsigned int Nk)
+{
+    unsigned int r;
+    PRUint32 *roundkeyw;
+    PRUint8 *b;
+    int Nb = cx->Nb;
+    /* begins like usual key expansion ... */
+    if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
+        return SECFailure;
+    /* ... but has the additional step of InvMixColumn,
+     * excepting the first and last round keys.
+     */
+    roundkeyw = cx->expandedKey + cx->Nb;
+    for (r = 1; r < cx->Nr; ++r) {
+        /* each key word, roundkeyw, represents a column in the key
+         * matrix.  Each column is multiplied by the InvMixColumn matrix.
+         *   [ 0E 0B 0D 09 ]   [ b0 ]
+         *   [ 09 0E 0B 0D ] * [ b1 ]
+         *   [ 0D 09 0E 0B ]   [ b2 ]
+         *   [ 0B 0D 09 0E ]   [ b3 ]
+         */
+        b = (PRUint8 *)roundkeyw;
+        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+        b = (PRUint8 *)roundkeyw;
+        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+        b = (PRUint8 *)roundkeyw;
+        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+        b = (PRUint8 *)roundkeyw;
+        *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^ IMXC2(b[2]) ^ IMXC3(b[3]);
+        if (Nb <= 4)
+            continue;
+        switch (Nb) {
+            case 8:
+                b = (PRUint8 *)roundkeyw;
+                *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+                               IMXC2(b[2]) ^ IMXC3(b[3]);
+            case 7:
+                b = (PRUint8 *)roundkeyw;
+                *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+                               IMXC2(b[2]) ^ IMXC3(b[3]);
+            case 6:
+                b = (PRUint8 *)roundkeyw;
+                *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+                               IMXC2(b[2]) ^ IMXC3(b[3]);
+            case 5:
+                b = (PRUint8 *)roundkeyw;
+                *roundkeyw++ = IMXC0(b[0]) ^ IMXC1(b[1]) ^
+                               IMXC2(b[2]) ^ IMXC3(b[3]);
+        }
+    }
+    return SECSuccess;
+}
+/**************************************************************************
+ *
+ * Stuff related to Rijndael encryption/decryption, optimized for
+ * a 128-bit blocksize.
+ *
+ *************************************************************************/
+
+#ifdef IS_LITTLE_ENDIAN
+#define BYTE0WORD(w) ((w)&0x000000ff)
+#define BYTE1WORD(w) ((w)&0x0000ff00)
+#define BYTE2WORD(w) ((w)&0x00ff0000)
+#define BYTE3WORD(w) ((w)&0xff000000)
+#else
+#define BYTE0WORD(w) ((w)&0xff000000)
+#define BYTE1WORD(w) ((w)&0x00ff0000)
+#define BYTE2WORD(w) ((w)&0x0000ff00)
+#define BYTE3WORD(w) ((w)&0x000000ff)
+#endif
+
+typedef union {
+    PRUint32 w[4];
+    PRUint8 b[16];
+} rijndael_state;
+
+#define COLUMN_0(state) state.w[0]
+#define COLUMN_1(state) state.w[1]
+#define COLUMN_2(state) state.w[2]
+#define COLUMN_3(state) state.w[3]
+
+#define STATE_BYTE(i) state.b[i]
+
+static SECStatus NO_SANITIZE_ALIGNMENT
+rijndael_encryptBlock128(AESContext *cx,
+                         unsigned char *output,
+                         const unsigned char *input)
+{
+    unsigned int r;
+    PRUint32 *roundkeyw;
+    rijndael_state state;
+    PRUint32 C0, C1, C2, C3;
+#if defined(NSS_X86_OR_X64)
+#define pIn input
+#define pOut output
+#else
+    unsigned char *pIn, *pOut;
+    PRUint32 inBuf[4], outBuf[4];
+
+    if ((ptrdiff_t)input & 0x3) {
+        memcpy(inBuf, input, sizeof inBuf);
+        pIn = (unsigned char *)inBuf;
+    } else {
+        pIn = (unsigned char *)input;
+    }
+    if ((ptrdiff_t)output & 0x3) {
+        pOut = (unsigned char *)outBuf;
+    } else {
+        pOut = (unsigned char *)output;
+    }
+#endif
+    roundkeyw = cx->expandedKey;
+    /* Step 1: Add Round Key 0 to initial state */
+    COLUMN_0(state) = *((PRUint32 *)(pIn)) ^ *roundkeyw++;
+    COLUMN_1(state) = *((PRUint32 *)(pIn + 4)) ^ *roundkeyw++;
+    COLUMN_2(state) = *((PRUint32 *)(pIn + 8)) ^ *roundkeyw++;
+    COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw++;
+    /* Step 2: Loop over rounds [1..NR-1] */
+    for (r = 1; r < cx->Nr; ++r) {
+        /* Do ShiftRow, ByteSub, and MixColumn all at once */
+        C0 = T0(STATE_BYTE(0)) ^
+             T1(STATE_BYTE(5)) ^
+             T2(STATE_BYTE(10)) ^
+             T3(STATE_BYTE(15));
+        C1 = T0(STATE_BYTE(4)) ^
+             T1(STATE_BYTE(9)) ^
+             T2(STATE_BYTE(14)) ^
+             T3(STATE_BYTE(3));
+        C2 = T0(STATE_BYTE(8)) ^
+             T1(STATE_BYTE(13)) ^
+             T2(STATE_BYTE(2)) ^
+             T3(STATE_BYTE(7));
+        C3 = T0(STATE_BYTE(12)) ^
+             T1(STATE_BYTE(1)) ^
+             T2(STATE_BYTE(6)) ^
+             T3(STATE_BYTE(11));
+        /* Round key addition */
+        COLUMN_0(state) = C0 ^ *roundkeyw++;
+        COLUMN_1(state) = C1 ^ *roundkeyw++;
+        COLUMN_2(state) = C2 ^ *roundkeyw++;
+        COLUMN_3(state) = C3 ^ *roundkeyw++;
+    }
+    /* Step 3: Do the last round */
+    /* Final round does not employ MixColumn */
+    C0 = ((BYTE0WORD(T2(STATE_BYTE(0)))) |
+          (BYTE1WORD(T3(STATE_BYTE(5)))) |
+          (BYTE2WORD(T0(STATE_BYTE(10)))) |
+          (BYTE3WORD(T1(STATE_BYTE(15))))) ^
+         *roundkeyw++;
+    C1 = ((BYTE0WORD(T2(STATE_BYTE(4)))) |
+          (BYTE1WORD(T3(STATE_BYTE(9)))) |
+          (BYTE2WORD(T0(STATE_BYTE(14)))) |
+          (BYTE3WORD(T1(STATE_BYTE(3))))) ^
+         *roundkeyw++;
+    C2 = ((BYTE0WORD(T2(STATE_BYTE(8)))) |
+          (BYTE1WORD(T3(STATE_BYTE(13)))) |
+          (BYTE2WORD(T0(STATE_BYTE(2)))) |
+          (BYTE3WORD(T1(STATE_BYTE(7))))) ^
+         *roundkeyw++;
+    C3 = ((BYTE0WORD(T2(STATE_BYTE(12)))) |
+          (BYTE1WORD(T3(STATE_BYTE(1)))) |
+          (BYTE2WORD(T0(STATE_BYTE(6)))) |
+          (BYTE3WORD(T1(STATE_BYTE(11))))) ^
+         *roundkeyw++;
+    *((PRUint32 *)pOut) = C0;
+    *((PRUint32 *)(pOut + 4)) = C1;
+    *((PRUint32 *)(pOut + 8)) = C2;
+    *((PRUint32 *)(pOut + 12)) = C3;
+#if defined(NSS_X86_OR_X64)
+#undef pIn
+#undef pOut
+#else
+    if ((ptrdiff_t)output & 0x3) {
+        memcpy(output, outBuf, sizeof outBuf);
+    }
+#endif
+    return SECSuccess;
+}
+
+static SECStatus NO_SANITIZE_ALIGNMENT
+rijndael_decryptBlock128(AESContext *cx,
+                         unsigned char *output,
+                         const unsigned char *input)
+{
+    int r;
+    PRUint32 *roundkeyw;
+    rijndael_state state;
+    PRUint32 C0, C1, C2, C3;
+#if defined(NSS_X86_OR_X64)
+#define pIn input
+#define pOut output
+#else
+    unsigned char *pIn, *pOut;
+    PRUint32 inBuf[4], outBuf[4];
+
+    if ((ptrdiff_t)input & 0x3) {
+        memcpy(inBuf, input, sizeof inBuf);
+        pIn = (unsigned char *)inBuf;
+    } else {
+        pIn = (unsigned char *)input;
+    }
+    if ((ptrdiff_t)output & 0x3) {
+        pOut = (unsigned char *)outBuf;
+    } else {
+        pOut = (unsigned char *)output;
+    }
+#endif
+    roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3;
+    /* reverse the final key addition */
+    COLUMN_3(state) = *((PRUint32 *)(pIn + 12)) ^ *roundkeyw--;
+    COLUMN_2(state) = *((PRUint32 *)(pIn + 8)) ^ *roundkeyw--;
+    COLUMN_1(state) = *((PRUint32 *)(pIn + 4)) ^ *roundkeyw--;
+    COLUMN_0(state) = *((PRUint32 *)(pIn)) ^ *roundkeyw--;
+    /* Loop over rounds in reverse [NR..1] */
+    for (r = cx->Nr; r > 1; --r) {
+        /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
+        C0 = TInv0(STATE_BYTE(0)) ^
+             TInv1(STATE_BYTE(13)) ^
+             TInv2(STATE_BYTE(10)) ^
+             TInv3(STATE_BYTE(7));
+        C1 = TInv0(STATE_BYTE(4)) ^
+             TInv1(STATE_BYTE(1)) ^
+             TInv2(STATE_BYTE(14)) ^
+             TInv3(STATE_BYTE(11));
+        C2 = TInv0(STATE_BYTE(8)) ^
+             TInv1(STATE_BYTE(5)) ^
+             TInv2(STATE_BYTE(2)) ^
+             TInv3(STATE_BYTE(15));
+        C3 = TInv0(STATE_BYTE(12)) ^
+             TInv1(STATE_BYTE(9)) ^
+             TInv2(STATE_BYTE(6)) ^
+             TInv3(STATE_BYTE(3));
+        /* Invert the key addition step */
+        COLUMN_3(state) = C3 ^ *roundkeyw--;
+        COLUMN_2(state) = C2 ^ *roundkeyw--;
+        COLUMN_1(state) = C1 ^ *roundkeyw--;
+        COLUMN_0(state) = C0 ^ *roundkeyw--;
+    }
+    /* inverse sub */
+    pOut[0] = SINV(STATE_BYTE(0));
+    pOut[1] = SINV(STATE_BYTE(13));
+    pOut[2] = SINV(STATE_BYTE(10));
+    pOut[3] = SINV(STATE_BYTE(7));
+    pOut[4] = SINV(STATE_BYTE(4));
+    pOut[5] = SINV(STATE_BYTE(1));
+    pOut[6] = SINV(STATE_BYTE(14));
+    pOut[7] = SINV(STATE_BYTE(11));
+    pOut[8] = SINV(STATE_BYTE(8));
+    pOut[9] = SINV(STATE_BYTE(5));
+    pOut[10] = SINV(STATE_BYTE(2));
+    pOut[11] = SINV(STATE_BYTE(15));
+    pOut[12] = SINV(STATE_BYTE(12));
+    pOut[13] = SINV(STATE_BYTE(9));
+    pOut[14] = SINV(STATE_BYTE(6));
+    pOut[15] = SINV(STATE_BYTE(3));
+    /* final key addition */
+    *((PRUint32 *)(pOut + 12)) ^= *roundkeyw--;
+    *((PRUint32 *)(pOut + 8)) ^= *roundkeyw--;
+    *((PRUint32 *)(pOut + 4)) ^= *roundkeyw--;
+    *((PRUint32 *)pOut) ^= *roundkeyw--;
+#if defined(NSS_X86_OR_X64)
+#undef pIn
+#undef pOut
+#else
+    if ((ptrdiff_t)output & 0x3) {
+        memcpy(output, outBuf, sizeof outBuf);
+    }
+#endif
+    return SECSuccess;
+}
+
+/**************************************************************************
+ *
+ * Stuff related to general Rijndael encryption/decryption, for blocksizes
+ * greater than 128 bits.
+ *
+ * XXX This code is currently untested!  So far, AES specs have only been
+ *     released for 128 bit blocksizes.  This will be tested, but for now
+ *     only the code above has been tested using known values.
+ *
+ *************************************************************************/
+
+#define COLUMN(array, j) *((PRUint32 *)(array + j))
+
+SECStatus
+rijndael_encryptBlock(AESContext *cx,
+                      unsigned char *output,
+                      const unsigned char *input)
+{
+    return SECFailure;
+#ifdef rijndael_large_blocks_fixed
+    unsigned int j, r, Nb;
+    unsigned int c2 = 0, c3 = 0;
+    PRUint32 *roundkeyw;
+    PRUint8 clone[RIJNDAEL_MAX_STATE_SIZE];
+    Nb = cx->Nb;
+    roundkeyw = cx->expandedKey;
+    /* Step 1: Add Round Key 0 to initial state */
+    for (j = 0; j < 4 * Nb; j += 4) {
+        COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw++;
+    }
+    /* Step 2: Loop over rounds [1..NR-1] */
+    for (r = 1; r < cx->Nr; ++r) {
+        for (j = 0; j < Nb; ++j) {
+            COLUMN(output, j) = T0(STATE_BYTE(4 * j)) ^
+                                T1(STATE_BYTE(4 * ((j + 1) % Nb) + 1)) ^
+                                T2(STATE_BYTE(4 * ((j + c2) % Nb) + 2)) ^
+                                T3(STATE_BYTE(4 * ((j + c3) % Nb) + 3));
+        }
+        for (j = 0; j < 4 * Nb; j += 4) {
+            COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw++;
+        }
+    }
+    /* Step 3: Do the last round */
+    /* Final round does not employ MixColumn */
+    for (j = 0; j < Nb; ++j) {
+        COLUMN(output, j) = ((BYTE0WORD(T2(STATE_BYTE(4 * j)))) |
+                             (BYTE1WORD(T3(STATE_BYTE(4 * (j + 1) % Nb) + 1))) |
+                             (BYTE2WORD(T0(STATE_BYTE(4 * (j + c2) % Nb) + 2))) |
+                             (BYTE3WORD(T1(STATE_BYTE(4 * (j + c3) % Nb) + 3)))) ^
+                            *roundkeyw++;
+    }
+    return SECSuccess;
+#endif
+}
+
+SECStatus
+rijndael_decryptBlock(AESContext *cx,
+                      unsigned char *output,
+                      const unsigned char *input)
+{
+    return SECFailure;
+#ifdef rijndael_large_blocks_fixed
+    int j, r, Nb;
+    int c2 = 0, c3 = 0;
+    PRUint32 *roundkeyw;
+    PRUint8 clone[RIJNDAEL_MAX_STATE_SIZE];
+    Nb = cx->Nb;
+    roundkeyw = cx->expandedKey + cx->Nb * cx->Nr + 3;
+    /* reverse key addition */
+    for (j = 4 * Nb; j >= 0; j -= 4) {
+        COLUMN(clone, j) = COLUMN(input, j) ^ *roundkeyw--;
+    }
+    /* Loop over rounds in reverse [NR..1] */
+    for (r = cx->Nr; r > 1; --r) {
+        /* Invert the (InvByteSub*InvMixColumn)(InvShiftRow(state)) */
+        for (j = 0; j < Nb; ++j) {
+            COLUMN(output, 4 * j) = TInv0(STATE_BYTE(4 * j)) ^
+                                    TInv1(STATE_BYTE(4 * (j + Nb - 1) % Nb) + 1) ^
+                                    TInv2(STATE_BYTE(4 * (j + Nb - c2) % Nb) + 2) ^
+                                    TInv3(STATE_BYTE(4 * (j + Nb - c3) % Nb) + 3);
+        }
+        /* Invert the key addition step */
+        for (j = 4 * Nb; j >= 0; j -= 4) {
+            COLUMN(clone, j) = COLUMN(output, j) ^ *roundkeyw--;
+        }
+    }
+    /* inverse sub */
+    for (j = 0; j < 4 * Nb; ++j) {
+        output[j] = SINV(clone[j]);
+    }
+    /* final key addition */
+    for (j = 4 * Nb; j >= 0; j -= 4) {
+        COLUMN(output, j) ^= *roundkeyw--;
+    }
+    return SECSuccess;
+#endif
+}
+
+/**************************************************************************
+ *
+ *  Rijndael modes of operation (ECB and CBC)
+ *
+ *************************************************************************/
+
+static SECStatus
+rijndael_encryptECB(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen,
+                    unsigned int blocksize)
+{
+    SECStatus rv;
+    AESBlockFunc *encryptor;
+
+    encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+                    ? &rijndael_encryptBlock128
+                    : &rijndael_encryptBlock;
+    while (inputLen > 0) {
+        rv = (*encryptor)(cx, output, input);
+        if (rv != SECSuccess)
+            return rv;
+        output += blocksize;
+        input += blocksize;
+        inputLen -= blocksize;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+rijndael_encryptCBC(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen,
+                    unsigned int blocksize)
+{
+    unsigned int j;
+    SECStatus rv;
+    AESBlockFunc *encryptor;
+    unsigned char *lastblock;
+    unsigned char inblock[RIJNDAEL_MAX_STATE_SIZE * 8];
+
+    if (!inputLen)
+        return SECSuccess;
+    lastblock = cx->iv;
+    encryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+                    ? &rijndael_encryptBlock128
+                    : &rijndael_encryptBlock;
+    while (inputLen > 0) {
+        /* XOR with the last block (IV if first block) */
+        for (j = 0; j < blocksize; ++j)
+            inblock[j] = input[j] ^ lastblock[j];
+        /* encrypt */
+        rv = (*encryptor)(cx, output, inblock);
+        if (rv != SECSuccess)
+            return rv;
+        /* move to the next block */
+        lastblock = output;
+        output += blocksize;
+        input += blocksize;
+        inputLen -= blocksize;
+    }
+    memcpy(cx->iv, lastblock, blocksize);
+    return SECSuccess;
+}
+
+static SECStatus
+rijndael_decryptECB(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen,
+                    unsigned int blocksize)
+{
+    SECStatus rv;
+    AESBlockFunc *decryptor;
+
+    decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+                    ? &rijndael_decryptBlock128
+                    : &rijndael_decryptBlock;
+    while (inputLen > 0) {
+        rv = (*decryptor)(cx, output, input);
+        if (rv != SECSuccess)
+            return rv;
+        output += blocksize;
+        input += blocksize;
+        inputLen -= blocksize;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+rijndael_decryptCBC(AESContext *cx, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxOutputLen,
+                    const unsigned char *input, unsigned int inputLen,
+                    unsigned int blocksize)
+{
+    SECStatus rv;
+    AESBlockFunc *decryptor;
+    const unsigned char *in;
+    unsigned char *out;
+    unsigned int j;
+    unsigned char newIV[RIJNDAEL_MAX_BLOCKSIZE];
+
+    if (!inputLen)
+        return SECSuccess;
+    PORT_Assert(output - input >= 0 || input - output >= (int)inputLen);
+    decryptor = (blocksize == RIJNDAEL_MIN_BLOCKSIZE)
+                    ? &rijndael_decryptBlock128
+                    : &rijndael_decryptBlock;
+    in = input + (inputLen - blocksize);
+    memcpy(newIV, in, blocksize);
+    out = output + (inputLen - blocksize);
+    while (inputLen > blocksize) {
+        rv = (*decryptor)(cx, out, in);
+        if (rv != SECSuccess)
+            return rv;
+        for (j = 0; j < blocksize; ++j)
+            out[j] ^= in[(int)(j - blocksize)];
+        out -= blocksize;
+        in -= blocksize;
+        inputLen -= blocksize;
+    }
+    if (in == input) {
+        rv = (*decryptor)(cx, out, in);
+        if (rv != SECSuccess)
+            return rv;
+        for (j = 0; j < blocksize; ++j)
+            out[j] ^= cx->iv[j];
+    }
+    memcpy(cx->iv, newIV, blocksize);
+    return SECSuccess;
+}
+
+/************************************************************************
+ *
+ * BLAPI Interface functions
+ *
+ * The following functions implement the encryption routines defined in
+ * BLAPI for the AES cipher, Rijndael.
+ *
+ ***********************************************************************/
+
+AESContext *
+AES_AllocateContext(void)
+{
+    return PORT_ZNew(AESContext);
+}
+
+#ifdef INTEL_GCM
+/*
+ * Adapted from the example code in "How to detect New Instruction support in
+ * the 4th generation Intel Core processor family" by Max Locktyukhin.
+ *
+ * XGETBV:
+ *   Reads an extended control register (XCR) specified by ECX into EDX:EAX.
+ */
+static PRBool
+check_xcr0_ymm()
+{
+    PRUint32 xcr0;
+#if defined(_MSC_VER)
+#if defined(_M_IX86)
+    __asm {
+        mov ecx, 0
+        xgetbv
+        mov xcr0, eax
+    }
+#else
+    xcr0 = (PRUint32)_xgetbv(0); /* Requires VS2010 SP1 or later. */
+#endif
+#else
+    __asm__("xgetbv"
+            : "=a"(xcr0)
+            : "c"(0)
+            : "%edx");
+#endif
+    /* Check if xmm and ymm state are enabled in XCR0. */
+    return (xcr0 & 6) == 6;
+}
+#endif
+
+/*
+** Initialize a new AES context suitable for AES encryption/decryption in
+** the ECB or CBC mode.
+**  "mode" the mode of operation, which must be NSS_AES or NSS_AES_CBC
+*/
+static SECStatus
+aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
+                const unsigned char *iv, int mode, unsigned int encrypt,
+                unsigned int blocksize)
+{
+    unsigned int Nk;
+    /* According to Rijndael AES Proposal, section 12.1, block and key
+     * lengths between 128 and 256 bits are supported, as long as the
+     * length in bytes is divisible by 4.
+     */
+    if (key == NULL ||
+        keysize < RIJNDAEL_MIN_BLOCKSIZE ||
+        keysize > RIJNDAEL_MAX_BLOCKSIZE ||
+        keysize % 4 != 0 ||
+        blocksize < RIJNDAEL_MIN_BLOCKSIZE ||
+        blocksize > RIJNDAEL_MAX_BLOCKSIZE ||
+        blocksize % 4 != 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (mode != NSS_AES && mode != NSS_AES_CBC) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (mode == NSS_AES_CBC && iv == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+#ifdef USE_HW_AES
+    if (has_intel_aes == 0) {
+        unsigned long eax, ebx, ecx, edx;
+        char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
+
+        if (disable_hw_aes == NULL) {
+            freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
+            has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
+#ifdef INTEL_GCM
+            has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1;
+            if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 &&
+                check_xcr0_ymm()) {
+                has_intel_avx = 1;
+            } else {
+                has_intel_avx = -1;
+            }
+#endif
+        } else {
+            has_intel_aes = -1;
+#ifdef INTEL_GCM
+            has_intel_avx = -1;
+            has_intel_clmul = -1;
+#endif
+        }
+    }
+    use_hw_aes = (PRBool)(has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
+#ifdef INTEL_GCM
+    use_hw_gcm = (PRBool)(use_hw_aes && has_intel_avx > 0 && has_intel_clmul > 0);
+#endif
+#endif /* USE_HW_AES */
+    /* Nb = (block size in bits) / 32 */
+    cx->Nb = blocksize / 4;
+    /* Nk = (key size in bits) / 32 */
+    Nk = keysize / 4;
+    /* Obtain number of rounds from "table" */
+    cx->Nr = RIJNDAEL_NUM_ROUNDS(Nk, cx->Nb);
+    /* copy in the iv, if neccessary */
+    if (mode == NSS_AES_CBC) {
+        memcpy(cx->iv, iv, blocksize);
+#ifdef USE_HW_AES
+        if (use_hw_aes) {
+            cx->worker = (freeblCipherFunc)
+                intel_aes_cbc_worker(encrypt, keysize);
+        } else
+#endif
+        {
+            cx->worker = (freeblCipherFunc)(encrypt
+                                                ? &rijndael_encryptCBC
+                                                : &rijndael_decryptCBC);
+        }
+    } else {
+#ifdef USE_HW_AES
+        if (use_hw_aes) {
+            cx->worker = (freeblCipherFunc)
+                intel_aes_ecb_worker(encrypt, keysize);
+        } else
+#endif
+        {
+            cx->worker = (freeblCipherFunc)(encrypt
+                                                ? &rijndael_encryptECB
+                                                : &rijndael_decryptECB);
+        }
+    }
+    PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
+    if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        goto cleanup;
+    }
+#ifdef USE_HW_AES
+    if (use_hw_aes) {
+        intel_aes_init(encrypt, keysize);
+    } else
+#endif
+    {
+
+#if defined(RIJNDAEL_GENERATE_TABLES) || \
+    defined(RIJNDAEL_GENERATE_TABLES_MACRO)
+        if (rijndaelTables == NULL) {
+            if (PR_CallOnce(&coRTInit, init_rijndael_tables) != PR_SUCCESS) {
+                return SecFailure;
+            }
+        }
+#endif
+        /* Generate expanded key */
+        if (encrypt) {
+            if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
+                goto cleanup;
+        } else {
+            if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
+                goto cleanup;
+        }
+    }
+    cx->worker_cx = cx;
+    cx->destroy = NULL;
+    cx->isBlock = PR_TRUE;
+    return SECSuccess;
+cleanup:
+    return SECFailure;
+}
+
+SECStatus
+AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
+                const unsigned char *iv, int mode, unsigned int encrypt,
+                unsigned int blocksize)
+{
+    int basemode = mode;
+    PRBool baseencrypt = encrypt;
+    SECStatus rv;
+
+    switch (mode) {
+        case NSS_AES_CTS:
+            basemode = NSS_AES_CBC;
+            break;
+        case NSS_AES_GCM:
+        case NSS_AES_CTR:
+            basemode = NSS_AES;
+            baseencrypt = PR_TRUE;
+            break;
+    }
+    /* make sure enough is initializes so we can safely call Destroy */
+    cx->worker_cx = NULL;
+    cx->destroy = NULL;
+    rv = aes_InitContext(cx, key, keysize, iv, basemode,
+                         baseencrypt, blocksize);
+    if (rv != SECSuccess) {
+        AES_DestroyContext(cx, PR_FALSE);
+        return rv;
+    }
+    cx->mode = mode;
+
+    /* finally, set up any mode specific contexts */
+    switch (mode) {
+        case NSS_AES_CTS:
+            cx->worker_cx = CTS_CreateContext(cx, cx->worker, iv, blocksize);
+            cx->worker = (freeblCipherFunc)(encrypt ? CTS_EncryptUpdate : CTS_DecryptUpdate);
+            cx->destroy = (freeblDestroyFunc)CTS_DestroyContext;
+            cx->isBlock = PR_FALSE;
+            break;
+        case NSS_AES_GCM:
+#ifdef INTEL_GCM
+            if (use_hw_gcm) {
+                cx->worker_cx = intel_AES_GCM_CreateContext(cx, cx->worker, iv, blocksize);
+                cx->worker = (freeblCipherFunc)(encrypt ? intel_AES_GCM_EncryptUpdate : intel_AES_GCM_DecryptUpdate);
+                cx->destroy = (freeblDestroyFunc)intel_AES_GCM_DestroyContext;
+                cx->isBlock = PR_FALSE;
+            } else
+#endif
+            {
+                cx->worker_cx = GCM_CreateContext(cx, cx->worker, iv, blocksize);
+                cx->worker = (freeblCipherFunc)(encrypt ? GCM_EncryptUpdate : GCM_DecryptUpdate);
+                cx->destroy = (freeblDestroyFunc)GCM_DestroyContext;
+                cx->isBlock = PR_FALSE;
+            }
+            break;
+        case NSS_AES_CTR:
+            cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize);
+#if defined(USE_HW_AES) && defined(_MSC_VER)
+            if (use_hw_aes) {
+                cx->worker = (freeblCipherFunc)CTR_Update_HW_AES;
+            } else
+#endif
+            {
+                cx->worker = (freeblCipherFunc)CTR_Update;
+            }
+            cx->destroy = (freeblDestroyFunc)CTR_DestroyContext;
+            cx->isBlock = PR_FALSE;
+            break;
+        default:
+            /* everything has already been set up by aes_InitContext, just
+     * return */
+            return SECSuccess;
+    }
+    /* check to see if we succeeded in getting the worker context */
+    if (cx->worker_cx == NULL) {
+        /* no, just destroy the existing context */
+        cx->destroy = NULL; /* paranoia, though you can see a dozen lines */
+                            /* below that this isn't necessary */
+        AES_DestroyContext(cx, PR_FALSE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* AES_CreateContext
+ *
+ * create a new context for Rijndael operations
+ */
+AESContext *
+AES_CreateContext(const unsigned char *key, const unsigned char *iv,
+                  int mode, int encrypt,
+                  unsigned int keysize, unsigned int blocksize)
+{
+    AESContext *cx = AES_AllocateContext();
+    if (cx) {
+        SECStatus rv = AES_InitContext(cx, key, keysize, iv, mode, encrypt,
+                                       blocksize);
+        if (rv != SECSuccess) {
+            AES_DestroyContext(cx, PR_TRUE);
+            cx = NULL;
+        }
+    }
+    return cx;
+}
+
+/*
+ * AES_DestroyContext
+ *
+ * Zero an AES cipher context.  If freeit is true, also free the pointer
+ * to the context.
+ */
+void
+AES_DestroyContext(AESContext *cx, PRBool freeit)
+{
+    if (cx->worker_cx && cx->destroy) {
+        (*cx->destroy)(cx->worker_cx, PR_TRUE);
+        cx->worker_cx = NULL;
+        cx->destroy = NULL;
+    }
+    if (freeit)
+        PORT_Free(cx);
+}
+
+/*
+ * AES_Encrypt
+ *
+ * Encrypt an arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus
+AES_Encrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    int blocksize;
+    /* Check args */
+    if (cx == NULL || output == NULL || (input == NULL && inputLen != 0)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    blocksize = 4 * cx->Nb;
+    if (cx->isBlock && (inputLen % blocksize != 0)) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    *outputLen = inputLen;
+#if UINT_MAX > MP_32BIT_MAX
+    /*
+     * we can guarentee that GSM won't overlfow if we limit the input to
+     * 2^36 bytes. For simplicity, we are limiting it to 2^32 for now.
+     *
+     * We do it here to cover both hardware and software GCM operations.
+     */
+    {
+        PR_STATIC_ASSERT(sizeof(unsigned int) > 4);
+    }
+    if ((cx->mode == NSS_AES_GCM) && (inputLen > MP_32BIT_MAX)) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+#else
+    /* if we can't pass in a 32_bit number, then no such check needed */
+    {
+        PR_STATIC_ASSERT(sizeof(unsigned int) <= 4);
+    }
+#endif
+
+    return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,
+                         input, inputLen, blocksize);
+}
+
+/*
+ * AES_Decrypt
+ *
+ * Decrypt and arbitrary-length buffer.  The output buffer must already be
+ * allocated to at least inputLen.
+ */
+SECStatus
+AES_Decrypt(AESContext *cx, unsigned char *output,
+            unsigned int *outputLen, unsigned int maxOutputLen,
+            const unsigned char *input, unsigned int inputLen)
+{
+    int blocksize;
+    /* Check args */
+    if (cx == NULL || output == NULL || (input == NULL && inputLen != 0)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    blocksize = 4 * cx->Nb;
+    if (cx->isBlock && (inputLen % blocksize != 0)) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+    if (maxOutputLen < inputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    *outputLen = inputLen;
+    return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,
+                         input, inputLen, blocksize);
+}
diff --git a/nss/lib/freebl/rijndael.h b/nss/lib/freebl/rijndael.h
new file mode 100644
index 0000000..0e14ec2
--- /dev/null
+++ b/nss/lib/freebl/rijndael.h
@@ -0,0 +1,67 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _RIJNDAEL_H_
+#define _RIJNDAEL_H_ 1
+
+#include "blapii.h"
+
+#define RIJNDAEL_MIN_BLOCKSIZE 16 /* bytes */
+#define RIJNDAEL_MAX_BLOCKSIZE 32 /* bytes */
+
+typedef SECStatus AESBlockFunc(AESContext *cx,
+                               unsigned char *output,
+                               const unsigned char *input);
+
+/* RIJNDAEL_NUM_ROUNDS
+ *
+ * Number of rounds per execution
+ * Nk - number of key bytes
+ * Nb - blocksize (in bytes)
+ */
+#define RIJNDAEL_NUM_ROUNDS(Nk, Nb) \
+    (PR_MAX(Nk, Nb) + 6)
+
+/* RIJNDAEL_MAX_STATE_SIZE
+ *
+ * Maximum number of bytes in the state (spec includes up to 256-bit block
+ * size)
+ */
+#define RIJNDAEL_MAX_STATE_SIZE 32
+
+/*
+ * This magic number is (Nb_max * (Nr_max + 1))
+ * where Nb_max is the maximum block size in 32-bit words,
+ *       Nr_max is the maximum number of rounds, which is Nb_max + 6
+ */
+#define RIJNDAEL_MAX_EXP_KEY_SIZE (8 * 15)
+
+/* AESContextStr
+ *
+ * Values which maintain the state for Rijndael encryption/decryption.
+ *
+ * iv          - initialization vector for CBC mode
+ * Nb          - the number of bytes in a block, specified by user
+ * Nr          - the number of rounds, specified by a table
+ * expandedKey - the round keys in 4-byte words, the length is Nr * Nb
+ * worker      - the encryption/decryption function to use with worker_cx
+ * destroy     - if not NULL, the destroy function to use with worker_cx
+ * worker_cx   - the context for worker and destroy
+ * isBlock     - is the mode of operation a block cipher or a stream cipher?
+ */
+struct AESContextStr {
+    unsigned int Nb;
+    unsigned int Nr;
+    freeblCipherFunc worker;
+    /* NOTE: The offsets of iv and expandedKey are hardcoded in intel-aes.s.
+     * Don't add new members before them without updating intel-aes.s. */
+    unsigned char iv[RIJNDAEL_MAX_BLOCKSIZE];
+    PRUint32 expandedKey[RIJNDAEL_MAX_EXP_KEY_SIZE];
+    freeblDestroyFunc destroy;
+    void *worker_cx;
+    PRBool isBlock;
+    int mode;
+};
+
+#endif /* _RIJNDAEL_H_ */
diff --git a/nss/lib/freebl/rijndael32.tab b/nss/lib/freebl/rijndael32.tab
new file mode 100644
index 0000000..59be7c2
--- /dev/null
+++ b/nss/lib/freebl/rijndael32.tab
@@ -0,0 +1,1219 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef RIJNDAEL_INCLUDE_TABLES
+static const PRUint8 _S[256] = 
+{
+ 99, 124, 119, 123, 242, 107, 111, 197,  48,   1, 103,  43, 254, 215, 171, 118,
+202, 130, 201, 125, 250,  89,  71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
+183, 253, 147,  38,  54,  63, 247, 204,  52, 165, 229, 241, 113, 216,  49,  21,
+  4, 199,  35, 195,  24, 150,   5, 154,   7,  18, 128, 226, 235,  39, 178, 117,
+  9, 131,  44,  26,  27, 110,  90, 160,  82,  59, 214, 179,  41, 227,  47, 132,
+ 83, 209,   0, 237,  32, 252, 177,  91, 106, 203, 190,  57,  74,  76,  88, 207,
+208, 239, 170, 251,  67,  77,  51, 133,  69, 249,   2, 127,  80,  60, 159, 168,
+ 81, 163,  64, 143, 146, 157,  56, 245, 188, 182, 218,  33,  16, 255, 243, 210,
+205,  12,  19, 236,  95, 151,  68,  23, 196, 167, 126,  61, 100,  93,  25, 115,
+ 96, 129,  79, 220,  34,  42, 144, 136,  70, 238, 184,  20, 222,  94,  11, 219,
+224,  50,  58,  10,  73,   6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121,
+231, 200,  55, 109, 141, 213,  78, 169, 108,  86, 244, 234, 101, 122, 174,   8,
+186, 120,  37,  46,  28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138,
+112,  62, 181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158,
+225, 248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223,
+140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15, 176,  84, 187,  22 
+};
+#endif /* not RIJNDAEL_INCLUDE_TABLES */
+
+static const PRUint8 _SInv[256] = 
+{
+ 82,   9, 106, 213,  48,  54, 165,  56, 191,  64, 163, 158, 129, 243, 215, 251,
+124, 227,  57, 130, 155,  47, 255, 135,  52, 142,  67,  68, 196, 222, 233, 203,
+ 84, 123, 148,  50, 166, 194,  35,  61, 238,  76, 149,  11,  66, 250, 195,  78,
+  8,  46, 161, 102,  40, 217,  36, 178, 118,  91, 162,  73, 109, 139, 209,  37,
+114, 248, 246, 100, 134, 104, 152,  22, 212, 164,  92, 204,  93, 101, 182, 146,
+108, 112,  72,  80, 253, 237, 185, 218,  94,  21,  70,  87, 167, 141, 157, 132,
+144, 216, 171,   0, 140, 188, 211,  10, 247, 228,  88,   5, 184, 179,  69,   6,
+208,  44,  30, 143, 202,  63,  15,   2, 193, 175, 189,   3,   1,  19, 138, 107,
+ 58, 145,  17,  65,  79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
+150, 172, 116,  34, 231, 173,  53, 133, 226, 249,  55, 232,  28, 117, 223, 110,
+ 71, 241,  26, 113,  29,  41, 197, 137, 111, 183,  98,  14, 170,  24, 190,  27,
+252,  86,  62,  75, 198, 210, 121,  32, 154, 219, 192, 254, 120, 205,  90, 244,
+ 31, 221, 168,  51, 136,   7, 199,  49, 177,  18,  16,  89,  39, 128, 236,  95,
+ 96,  81, 127, 169,  25, 181,  74,  13,  45, 229, 122, 159, 147, 201, 156, 239,
+160, 224,  59,  77, 174,  42, 245, 176, 200, 235, 187,  60, 131,  83, 153,  97,
+ 23,  43,   4, 126, 186, 119, 214,  38, 225, 105,  20,  99,  85,  33,  12, 125 
+};
+
+#ifdef RIJNDAEL_INCLUDE_TABLES
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T0[256] = 
+{
+0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 0xbd6b6bd6,
+0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f,
+0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453,
+0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551,
+0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637,
+0x0f05050a, 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d,
+0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd,
+0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d,
+0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a,
+0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d,
+0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5,
+0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755,
+0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54,
+0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264,
+0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531,
+0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac,
+0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657,
+0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c,
+0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199,
+0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c,
+0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7,
+0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c  
+};
+#else
+static const PRUint32 _T0[256] = 
+{
+0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd,
+0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d,
+0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7,
+0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4,
+0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1,
+0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e,
+0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e,
+0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46,
+0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7,
+0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe,
+0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a,
+0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2,
+0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e,
+0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256,
+0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4,
+0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa,
+0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1,
+0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42,
+0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158,
+0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22,
+0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631,
+0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T1[256] = 
+{
+0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd,
+0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d,
+0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, 0xcaca8f45, 0x82821f9d,
+0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
+0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7,
+0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
+0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 0x3434685c, 0xa5a551f4,
+0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
+0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1,
+0x05050a0f, 0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
+0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, 0x83831d9e,
+0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
+0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e,
+0x2f2f5e71, 0x84841397, 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
+0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46,
+0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
+0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7,
+0x33336655, 0x85851194, 0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81,
+0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe,
+0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
+0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 0xffffe51a,
+0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f,
+0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 0xc4c49357, 0xa7a755f2,
+0x7e7efc82, 0x3d3d7a47, 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
+0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e,
+0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
+0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, 0xe0e0db3b, 0x32326456,
+0x3a3a744e, 0x0a0a141e, 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4,
+0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4,
+0xe4e4d337, 0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
+0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 0x5656acfa,
+0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018,
+0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1,
+0xb4b473c7, 0xc6c69751, 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
+0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42,
+0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12,
+0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958,
+0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
+0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22,
+0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
+0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 0xe6e6d731,
+0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11,
+0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a  
+};
+#else
+static const PRUint32 _T1[256] = 
+{
+0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, 0x0dfff2f2, 0xbdd66b6b,
+0xb1de6f6f, 0x5491c5c5, 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b,
+0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, 0x458fcaca, 0x9d1f8282,
+0x4089c9c9, 0x87fa7d7d, 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0,
+0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, 0xbf239c9c, 0xf753a4a4,
+0x96e47272, 0x5b9bc0c0, 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626,
+0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc, 0x5c683434, 0xf451a5a5,
+0x34d1e5e5, 0x08f9f1f1, 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515,
+0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, 0x28301818, 0xa1379696,
+0x0f0a0505, 0xb52f9a9a, 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2,
+0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, 0x1b120909, 0x9e1d8383,
+0x74582c2c, 0x2e341a1a, 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0,
+0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, 0x7b522929, 0x3edde3e3,
+0x715e2f2f, 0x97138484, 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded,
+0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, 0xbed46a6a, 0x468dcbcb,
+0xd967bebe, 0x4b723939, 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf,
+0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, 0xc5864343, 0xd79a4d4d,
+0x55663333, 0x94118585, 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f,
+0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, 0xf3a25151, 0xfe5da3a3,
+0xc0804040, 0x8a058f8f, 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5,
+0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, 0x30201010, 0x1ae5ffff,
+0x0efdf3f3, 0x6dbfd2d2, 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec,
+0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, 0x5793c4c4, 0xf255a7a7,
+0x82fc7e7e, 0x477a3d3d, 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373,
+0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, 0x66442222, 0x7e542a2a,
+0xab3b9090, 0x830b8888, 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414,
+0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, 0x3bdbe0e0, 0x56643232,
+0x4e743a3a, 0x1e140a0a, 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c,
+0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, 0xa8399191, 0xa4319595,
+0x37d3e4e4, 0x8bf27979, 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d,
+0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, 0xb4d86c6c, 0xfaac5656,
+0x07f3f4f4, 0x25cfeaea, 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808,
+0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, 0x24381c1c, 0xf157a6a6,
+0xc773b4b4, 0x5197c6c6, 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f,
+0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, 0x90e07070, 0x427c3e3e,
+0xc471b5b5, 0xaacc6666, 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e,
+0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, 0x91178686, 0x5899c1c1,
+0x273a1d1d, 0xb9279e9e, 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111,
+0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, 0xb62d9b9b, 0x223c1e1e,
+0x92158787, 0x20c9e9e9, 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf,
+0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, 0xda65bfbf, 0x31d7e6e6,
+0xc6844242, 0xb8d06868, 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f,
+0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T2[256] = 
+{
+0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b,
+0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b,
+0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, 0xca8f45ca, 0x821f9d82,
+0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
+0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4,
+0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
+0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 0x34685c34, 0xa551f4a5,
+0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
+0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196,
+0x050a0f05, 0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
+0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, 0x831d9e83,
+0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
+0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3,
+0x2f5e712f, 0x84139784, 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced,
+0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb,
+0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
+0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d,
+0x33665533, 0x85119485, 0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f,
+0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3,
+0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
+0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 0xffe51aff,
+0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec,
+0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 0xc49357c4, 0xa755f2a7,
+0x7efc827e, 0x3d7a473d, 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
+0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a,
+0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
+0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, 0xe0db3be0, 0x32645632,
+0x3a744e3a, 0x0a141e0a, 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c,
+0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495,
+0xe4d337e4, 0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
+0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 0x56acfa56,
+0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808,
+0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 0x1c38241c, 0xa657f1a6,
+0xb473c7b4, 0xc69751c6, 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
+0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e,
+0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e,
+0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1,
+0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
+0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e,
+0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
+0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 0xe6d731e6,
+0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f,
+0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16  
+};
+#else
+static const PRUint32 _T2[256] = 
+{
+0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b, 0xf20dfff2, 0x6bbdd66b,
+0x6fb1de6f, 0xc55491c5, 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b,
+0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76, 0xca458fca, 0x829d1f82,
+0xc94089c9, 0x7d87fa7d, 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0,
+0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af, 0x9cbf239c, 0xa4f753a4,
+0x7296e472, 0xc05b9bc0, 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26,
+0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc, 0x345c6834, 0xa5f451a5,
+0xe534d1e5, 0xf108f9f1, 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15,
+0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3, 0x18283018, 0x96a13796,
+0x050f0a05, 0x9ab52f9a, 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2,
+0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75, 0x091b1209, 0x839e1d83,
+0x2c74582c, 0x1a2e341a, 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0,
+0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3, 0x297b5229, 0xe33edde3,
+0x2f715e2f, 0x84971384, 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed,
+0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b, 0x6abed46a, 0xcb468dcb,
+0xbed967be, 0x394b7239, 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf,
+0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb, 0x43c58643, 0x4dd79a4d,
+0x33556633, 0x85941185, 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f,
+0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8, 0x51f3a251, 0xa3fe5da3,
+0x40c08040, 0x8f8a058f, 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5,
+0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221, 0x10302010, 0xff1ae5ff,
+0xf30efdf3, 0xd26dbfd2, 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec,
+0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17, 0xc45793c4, 0xa7f255a7,
+0x7e82fc7e, 0x3d477a3d, 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673,
+0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc, 0x22664422, 0x2a7e542a,
+0x90ab3b90, 0x88830b88, 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814,
+0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb, 0xe03bdbe0, 0x32566432,
+0x3a4e743a, 0x0a1e140a, 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c,
+0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462, 0x91a83991, 0x95a43195,
+0xe437d3e4, 0x798bf279, 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d,
+0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9, 0x6cb4d86c, 0x56faac56,
+0xf407f3f4, 0xea25cfea, 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008,
+0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e, 0x1c24381c, 0xa6f157a6,
+0xb4c773b4, 0xc65197c6, 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f,
+0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a, 0x7090e070, 0x3e427c3e,
+0xb5c471b5, 0x66aacc66, 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e,
+0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9, 0x86911786, 0xc15899c1,
+0x1d273a1d, 0x9eb9279e, 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211,
+0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394, 0x9bb62d9b, 0x1e223c1e,
+0x87921587, 0xe920c9e9, 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df,
+0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d, 0xbfda65bf, 0xe631d7e6,
+0x42c68442, 0x68b8d068, 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f,
+0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _T3[256] = 
+{
+0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b,
+0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b,
+0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, 0x8f45caca, 0x1f9d8282,
+0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
+0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4,
+0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
+0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 0x685c3434, 0x51f4a5a5,
+0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
+0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696,
+0x0a0f0505, 0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
+0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 0x1d9e8383,
+0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
+0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3,
+0x5e712f2f, 0x13978484, 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded,
+0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb,
+0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
+0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d,
+0x66553333, 0x11948585, 0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f,
+0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3,
+0x80c04040, 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
+0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 0xe51affff,
+0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
+0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 0x9357c4c4, 0x55f2a7a7,
+0xfc827e7e, 0x7a473d3d, 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
+0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a,
+0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
+0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 0xdb3be0e0, 0x64563232,
+0x744e3a3a, 0x141e0a0a, 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c,
+0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595,
+0xd337e4e4, 0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
+0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 0xacfa5656,
+0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
+0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 0x38241c1c, 0x57f1a6a6,
+0x73c7b4b4, 0x9751c6c6, 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
+0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e,
+0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e,
+0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1,
+0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
+0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e,
+0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
+0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6,
+0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
+0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616  
+};
+#else
+static const PRUint32 _T3[256] = 
+{
+0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6, 0xf2f20dff, 0x6b6bbdd6,
+0x6f6fb1de, 0xc5c55491, 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56,
+0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec, 0xcaca458f, 0x82829d1f,
+0xc9c94089, 0x7d7d87fa, 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb,
+0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45, 0x9c9cbf23, 0xa4a4f753,
+0x727296e4, 0xc0c05b9b, 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c,
+0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83, 0x34345c68, 0xa5a5f451,
+0xe5e534d1, 0xf1f108f9, 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a,
+0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d, 0x18182830, 0x9696a137,
+0x05050f0a, 0x9a9ab52f, 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf,
+0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea, 0x09091b12, 0x83839e1d,
+0x2c2c7458, 0x1a1a2e34, 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b,
+0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d, 0x29297b52, 0xe3e33edd,
+0x2f2f715e, 0x84849713, 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1,
+0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6, 0x6a6abed4, 0xcbcb468d,
+0xbebed967, 0x39394b72, 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85,
+0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed, 0x4343c586, 0x4d4dd79a,
+0x33335566, 0x85859411, 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe,
+0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b, 0x5151f3a2, 0xa3a3fe5d,
+0x4040c080, 0x8f8f8a05, 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1,
+0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342, 0x10103020, 0xffff1ae5,
+0xf3f30efd, 0xd2d26dbf, 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3,
+0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e, 0xc4c45793, 0xa7a7f255,
+0x7e7e82fc, 0x3d3d477a, 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6,
+0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3, 0x22226644, 0x2a2a7e54,
+0x9090ab3b, 0x8888830b, 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28,
+0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad, 0xe0e03bdb, 0x32325664,
+0x3a3a4e74, 0x0a0a1e14, 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8,
+0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4, 0x9191a839, 0x9595a431,
+0xe4e437d3, 0x79798bf2, 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da,
+0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049, 0x6c6cb4d8, 0x5656faac,
+0xf4f407f3, 0xeaea25cf, 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810,
+0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c, 0x1c1c2438, 0xa6a6f157,
+0xb4b4c773, 0xc6c65197, 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e,
+0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f, 0x707090e0, 0x3e3e427c,
+0xb5b5c471, 0x6666aacc, 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c,
+0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069, 0x86869117, 0xc1c15899,
+0x1d1d273a, 0x9e9eb927, 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322,
+0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733, 0x9b9bb62d, 0x1e1e223c,
+0x87879215, 0xe9e920c9, 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5,
+0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a, 0xbfbfda65, 0xe6e631d7,
+0x4242c684, 0x6868b8d0, 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e,
+0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv0[256] = 
+{
+0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f,
+0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
+0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25,
+0x980eea45, 0xe1c0fe5d, 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
+0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458,
+0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
+0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5,
+0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
+0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72,
+0x578f1fe3, 0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3,
+0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7,
+0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
+0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040,
+0x069f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
+0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6,
+0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
+0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 0x83868009, 0x48ed2b32,
+0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
+0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793,
+0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
+0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, 0xadc78bf2,
+0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
+0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb,
+0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
+0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc,
+0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
+0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9,
+0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
+0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890,
+0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
+0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, 0xf418596e,
+0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef,
+0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a,
+0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
+0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43,
+0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
+0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92,
+0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
+0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255,
+0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
+0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0x0c25e2bc,
+0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
+0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0  
+};
+#else
+static const PRUint32 _TInv0[256] = 
+{
+0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, 0x3bab6bcb, 0x1f9d45f1,
+0xacfa58ab, 0x4be30393, 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, 0xdeb15a49, 0x25ba1b67,
+0x45ea0e98, 0x5dfec0e1, 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, 0xd4be832d, 0x587421d3,
+0x49e06929, 0x8ec9c844, 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, 0x63df4a18, 0xe51a3182,
+0x97513360, 0x62537f45, 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, 0xab73d323, 0x724b02e2,
+0xe31f8f57, 0x6655ab2a, 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, 0x8acf1c2b, 0xa779b492,
+0xf307f2f0, 0x4e69e2a1, 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, 0x0b83ec39, 0x4060efaa,
+0x5e719f06, 0xbd6e1051, 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, 0x1998fb24, 0xd6bde997,
+0x894043cc, 0x67d99e77, 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, 0x09808683, 0x322bed48,
+0x1e1170ac, 0x6c5a724e, 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, 0x0c0a67b1, 0x9357e70f,
+0xb4ee96d2, 0x1b9b919e, 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, 0x0e090d0b, 0xf28bc7ad,
+0x2db6a8b9, 0x141ea9c8, 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, 0x8b432976, 0xcb23c6dc,
+0xb6edfc68, 0xb8e4f163, 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, 0x1d9e2f4b, 0xdcb230f3,
+0x0d8652ec, 0x77c1e3d0, 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, 0x87494ec7, 0xd938d1c1,
+0x8ccaa2fe, 0x98d40b36, 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, 0xf68d13c2, 0x90d8b8e8,
+0x2e39f75e, 0x82c3aff5, 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, 0xcd267809, 0x6e5918f4,
+0xec9ab701, 0x834f9aa8, 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, 0x31a4b2af, 0x2a3f2331,
+0xc6a59430, 0x35a266c0, 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, 0x764dd68d, 0x43efb04d,
+0xccaa4d54, 0xe49604df, 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, 0xb3671d5a, 0x92dbd252,
+0xe9105633, 0x6dd64713, 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, 0x9cd2df59, 0x55f2733f,
+0x1814ce79, 0x73c737bf, 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, 0x161dc372, 0xbce2250c,
+0x283c498b, 0xff0d9541, 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv1[256] = 
+{
+0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 0x459d1ff1,
+0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,
+0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, 0x5ab1de49, 0x1bba2567,
+0x0eea4598, 0xc0fe5de1, 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
+0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3,
+0x69e04929, 0xc8c98e44, 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,
+0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 0x4adf6318, 0x311ae582,
+0x33519760, 0x7f536245, 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,
+0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x024b72e2,
+0x8f1fe357, 0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5,
+0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, 0xb479a792,
+0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,
+0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 0xec830b39, 0xef6040aa,
+0x9f715e06, 0x106ebd51, 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46,
+0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, 0xfb981924, 0xe9bdd697,
+0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
+0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, 0x86800983, 0xed2b3248,
+0x70111eac, 0x725a6c4e, 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,
+0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f,
+0x96eeb4d2, 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,
+0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0x0d090e0b, 0xc78bf2ad,
+0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd,
+0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, 0x29438b76, 0xc623cbdc,
+0xfcedb668, 0xf1e4b863, 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,
+0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3,
+0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,
+0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, 0x4e4987c7, 0xd138d9c1,
+0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
+0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8,
+0xf7392e5e, 0xafc382f5, 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,
+0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, 0x18596ef4,
+0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,
+0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6, 0xb2a431af, 0x233f2a31,
+0x94a5c630, 0x66a235c0, 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
+0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d,
+0x4daacc54, 0x0496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,
+0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 0x1d67b35a, 0xd2db9252,
+0x5610e933, 0x47d66d13, 0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89,
+0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, 0xdfd29c59, 0x73f2553f,
+0xce141879, 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
+0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 0x25e2bc0c,
+0x493c288b, 0x950dff41, 0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,
+0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042  
+};
+#else
+static const PRUint32 _TInv1[256] = 
+{
+0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, 0xcb3bab6b, 0xf11f9d45,
+0xabacfa58, 0x934be303, 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c,
+0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, 0x49deb15a, 0x6725ba1b,
+0x9845ea0e, 0xe15dfec0, 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9,
+0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, 0x2dd4be83, 0xd3587421,
+0x2949e069, 0x448ec9c8, 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971,
+0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, 0x1863df4a, 0x82e51a31,
+0x60975133, 0x4562537f, 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b,
+0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, 0x23ab73d3, 0xe2724b02,
+0x57e31f8f, 0x2a6655ab, 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708,
+0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, 0x2b8acf1c, 0x92a779b4,
+0xf0f307f2, 0xa14e69e2, 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe,
+0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, 0x390b83ec, 0xaa4060ef,
+0x065e719f, 0x51bd6e10, 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd,
+0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015, 0x241998fb, 0x97d6bde9,
+0xcc894043, 0x7767d99e, 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee,
+0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000, 0x83098086, 0x48322bed,
+0xac1e1170, 0x4e6c5a72, 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39,
+0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, 0xb10c0a67, 0x0f9357e7,
+0xd2b4ee96, 0x9e1b9b91, 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a,
+0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, 0x0b0e090d, 0xadf28bc7,
+0xb92db6a8, 0xc8141ea9, 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60,
+0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, 0x768b4329, 0xdccb23c6,
+0x68b6edfc, 0x63b8e4f1, 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611,
+0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, 0x4b1d9e2f, 0xf3dcb230,
+0xec0d8652, 0xd077c1e3, 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964,
+0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, 0xc787494e, 0xc1d938d1,
+0xfe8ccaa2, 0x3698d40b, 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf,
+0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46, 0xc2f68d13, 0xe890d8b8,
+0x5e2e39f7, 0xf582c3af, 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512,
+0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, 0x09cd2678, 0xf46e5918,
+0x01ec9ab7, 0xa8834f9a, 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8,
+0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, 0xaf31a4b2, 0x312a3f23,
+0x30c6a594, 0xc035a266, 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8,
+0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6, 0x8d764dd6, 0x4d43efb0,
+0x54ccaa4d, 0xdfe49604, 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551,
+0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, 0x5ab3671d, 0x5292dbd2,
+0x33e91056, 0x136dd647, 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c,
+0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, 0x599cd2df, 0x3f55f273,
+0x791814ce, 0xbf73c737, 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db,
+0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, 0x72161dc3, 0x0cbce225,
+0x8b283c49, 0x41ff0d95, 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1,
+0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv2[256] = 
+{
+0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 0x9d1ff145,
+0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c,
+0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, 0xb1de495a, 0xba25671b,
+0xea45980e, 0xfe5de1c0, 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
+0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321,
+0xe0492969, 0xc98e44c8, 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,
+0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 0xdf63184a, 0x1ae58231,
+0x51976033, 0x5362457f, 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b,
+0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202,
+0x1fe3578f, 0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
+0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, 0xcf8a2b1c, 0x79a792b4,
+0x07f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe,
+0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 0x830b39ec, 0x6040aaef,
+0x715e069f, 0x6ebd5110, 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,
+0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15, 0x981924fb, 0xbdd697e9,
+0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
+0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, 0x80098386, 0x2b3248ed,
+0x111eac70, 0x5a6c4e72, 0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,
+0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, 0x0a0cb167, 0x57930fe7,
+0xeeb4d296, 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,
+0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x090e0b0d, 0x8bf2adc7,
+0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
+0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, 0x438b7629, 0x23cbdcc6,
+0xedb668fc, 0xe4b863f1, 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,
+0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330,
+0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,
+0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, 0x4987c74e, 0x38d9c1d1,
+0xca8cfea2, 0xd498360b, 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
+0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8,
+0x392e5ef7, 0xc382f5af, 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,
+0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, 0x596ef418,
+0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,
+0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, 0xa431afb2, 0x3f2a3123,
+0xa5c63094, 0xa235c066, 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
+0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0,
+0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,
+0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, 0x67b35a1d, 0xdb9252d2,
+0x10e93356, 0xd66d1347, 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,
+0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, 0xd29c59df, 0xf2553f73,
+0x141879ce, 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
+0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 0xe2bc0c25,
+0x3c288b49, 0x0dff4195, 0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1,
+0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257  
+};
+#else
+static const PRUint32 _TInv2[256] = 
+{
+0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27, 0x6bcb3bab, 0x45f11f9d,
+0x58abacfa, 0x03934be3, 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502,
+0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562, 0x5a49deb1, 0x1b6725ba,
+0x0e9845ea, 0xc0e15dfe, 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3,
+0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552, 0x832dd4be, 0x21d35874,
+0x692949e0, 0xc8448ec9, 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9,
+0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce, 0x4a1863df, 0x3182e51a,
+0x33609751, 0x7f456253, 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908,
+0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b, 0xd323ab73, 0x02e2724b,
+0x8f57e31f, 0xab2a6655, 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337,
+0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16, 0x1c2b8acf, 0xb492a779,
+0xf2f0f307, 0xe2a14e69, 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6,
+0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6, 0xec390b83, 0xefaa4060,
+0x9f065e71, 0x1051bd6e, 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6,
+0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050, 0xfb241998, 0xe997d6bd,
+0x43cc8940, 0x9e7767d9, 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8,
+0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000, 0x86830980, 0xed48322b,
+0x70ac1e11, 0x724e6c5a, 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d,
+0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436, 0x67b10c0a, 0xe70f9357,
+0x96d2b4ee, 0x919e1b9b, 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12,
+0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b, 0x0d0b0e09, 0xc7adf28b,
+0xa8b92db6, 0xa9c8141e, 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f,
+0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb, 0x29768b43, 0xc6dccb23,
+0xfc68b6ed, 0xf163b8e4, 0xdccad731, 0x85104263, 0x22401397, 0x112084c6,
+0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729, 0x2f4b1d9e, 0x30f3dcb2,
+0x52ec0d86, 0xe3d077c1, 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9,
+0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233, 0x4ec78749, 0xd1c1d938,
+0xa2fe8cca, 0x0b3698d4, 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad,
+0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e, 0x13c2f68d, 0xb8e890d8,
+0xf75e2e39, 0xaff582c3, 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25,
+0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b, 0x7809cd26, 0x18f46e59,
+0xb701ec9a, 0x9aa8834f, 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15,
+0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0, 0xb2af31a4, 0x23312a3f,
+0x9430c6a5, 0x66c035a2, 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7,
+0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791, 0xd68d764d, 0xb04d43ef,
+0x4d54ccaa, 0x04dfe496, 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665,
+0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b, 0x1d5ab367, 0xd25292db,
+0x5633e910, 0x47136dd6, 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13,
+0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47, 0xdf599cd2, 0x733f55f2,
+0xce791814, 0x37bf73c7, 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844,
+0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3, 0xc372161d, 0x250cbce2,
+0x498b283c, 0x9541ff0d, 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456,
+0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _TInv3[256] = 
+{
+0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 0x1ff1459d,
+0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,
+0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, 0xde495ab1, 0x25671bba,
+0x45980eea, 0x5de1c0fe, 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
+0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174,
+0x492969e0, 0x8e44c8c9, 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,
+0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 0x63184adf, 0xe582311a,
+0x97603351, 0x62457f53, 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,
+0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b,
+0xe3578f1f, 0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
+0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, 0x8a2b1ccf, 0xa792b479,
+0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6,
+0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6, 0x0b39ec83, 0x40aaef60,
+0x5e069f71, 0xbd51106e, 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,
+0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550, 0x1924fb98, 0xd697e9bd,
+0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8,
+0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, 0x09838680, 0x3248ed2b,
+0x1eac7011, 0x6c4e725a, 0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d,
+0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, 0x0cb1670a, 0x930fe757,
+0xb4d296ee, 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,
+0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0x0e0b0d09, 0xf2adc78b,
+0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
+0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, 0x8b762943, 0xcbdcc623,
+0xb668fced, 0xb863f1e4, 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,
+0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2,
+0x0dec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,
+0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, 0x87c74e49, 0xd9c1d138,
+0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
+0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8,
+0x2e5ef739, 0x82f5afc3, 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,
+0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, 0x6ef41859,
+0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,
+0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, 0x31afb2a4, 0x2a31233f,
+0xc63094a5, 0x35c066a2, 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
+0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef,
+0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,
+0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, 0xb35a1d67, 0x9252d2db,
+0xe9335610, 0x6d1347d6, 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,
+0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, 0x9c59dfd2, 0x553f73f2,
+0x1879ce14, 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
+0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 0xbc0c25e2,
+0x288b493c, 0xff41950d, 0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156,
+0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8  
+};
+#else
+static const PRUint32 _TInv3[256] = 
+{
+0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a, 0xab6bcb3b, 0x9d45f11f,
+0xfa58abac, 0xe303934b, 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5,
+0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5, 0xb15a49de, 0xba1b6725,
+0xea0e9845, 0xfec0e15d, 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b,
+0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95, 0xbe832dd4, 0x7421d358,
+0xe0692949, 0xc9c8448e, 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27,
+0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d, 0xdf4a1863, 0x1a3182e5,
+0x51336097, 0x537f4562, 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9,
+0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752, 0x73d323ab, 0x4b02e272,
+0x1f8f57e3, 0x55ab2a66, 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3,
+0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced, 0xcf1c2b8a, 0x79b492a7,
+0x07f2f0f3, 0x69e2a14e, 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4,
+0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4, 0x83ec390b, 0x60efaa40,
+0x719f065e, 0x6e1051bd, 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d,
+0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60, 0x98fb2419, 0xbde997d6,
+0x4043cc89, 0xd99e7767, 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79,
+0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000, 0x80868309, 0x2bed4832,
+0x1170ac1e, 0x5a724e6c, 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736,
+0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24, 0x0a67b10c, 0x57e70f93,
+0xee96d2b4, 0x9b919e1b, 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c,
+0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12, 0x090d0b0e, 0x8bc7adf2,
+0xb6a8b92d, 0x1ea9c814, 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3,
+0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b, 0x4329768b, 0x23c6dccb,
+0xedfc68b6, 0xe4f163b8, 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084,
+0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7, 0x9e2f4b1d, 0xb230f3dc,
+0x8652ec0d, 0xc1e3d077, 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247,
+0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22, 0x494ec787, 0x38d1c1d9,
+0xcaa2fe8c, 0xd40b3698, 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f,
+0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254, 0x8d13c2f6, 0xd8b8e890,
+0x39f75e2e, 0xc3aff582, 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf,
+0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb, 0x267809cd, 0x5918f46e,
+0x9ab701ec, 0x4f9aa883, 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef,
+0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629, 0xa4b2af31, 0x3f23312a,
+0xa59430c6, 0xa266c035, 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533,
+0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17, 0x4dd68d76, 0xefb04d43,
+0xaa4d54cc, 0x9604dfe4, 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46,
+0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb, 0x671d5ab3, 0xdbd25292,
+0x105633e9, 0xd647136d, 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb,
+0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a, 0xd2df599c, 0xf2733f55,
+0x14ce7918, 0xc737bf73, 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678,
+0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2, 0x1dc37216, 0xe2250cbc,
+0x3c498b28, 0x0d9541ff, 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064,
+0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC0[256] = 
+{
+0x00000000, 0x0b0d090e, 0x161a121c, 0x1d171b12, 0x2c342438, 0x27392d36,
+0x3a2e3624, 0x31233f2a, 0x58684870, 0x5365417e, 0x4e725a6c, 0x457f5362,
+0x745c6c48, 0x7f516546, 0x62467e54, 0x694b775a, 0xb0d090e0, 0xbbdd99ee,
+0xa6ca82fc, 0xadc78bf2, 0x9ce4b4d8, 0x97e9bdd6, 0x8afea6c4, 0x81f3afca,
+0xe8b8d890, 0xe3b5d19e, 0xfea2ca8c, 0xf5afc382, 0xc48cfca8, 0xcf81f5a6,
+0xd296eeb4, 0xd99be7ba, 0x7bbb3bdb, 0x70b632d5, 0x6da129c7, 0x66ac20c9,
+0x578f1fe3, 0x5c8216ed, 0x41950dff, 0x4a9804f1, 0x23d373ab, 0x28de7aa5,
+0x35c961b7, 0x3ec468b9, 0x0fe75793, 0x04ea5e9d, 0x19fd458f, 0x12f04c81,
+0xcb6bab3b, 0xc066a235, 0xdd71b927, 0xd67cb029, 0xe75f8f03, 0xec52860d,
+0xf1459d1f, 0xfa489411, 0x9303e34b, 0x980eea45, 0x8519f157, 0x8e14f859,
+0xbf37c773, 0xb43ace7d, 0xa92dd56f, 0xa220dc61, 0xf66d76ad, 0xfd607fa3,
+0xe07764b1, 0xeb7a6dbf, 0xda595295, 0xd1545b9b, 0xcc434089, 0xc74e4987,
+0xae053edd, 0xa50837d3, 0xb81f2cc1, 0xb31225cf, 0x82311ae5, 0x893c13eb,
+0x942b08f9, 0x9f2601f7, 0x46bde64d, 0x4db0ef43, 0x50a7f451, 0x5baafd5f,
+0x6a89c275, 0x6184cb7b, 0x7c93d069, 0x779ed967, 0x1ed5ae3d, 0x15d8a733,
+0x08cfbc21, 0x03c2b52f, 0x32e18a05, 0x39ec830b, 0x24fb9819, 0x2ff69117,
+0x8dd64d76, 0x86db4478, 0x9bcc5f6a, 0x90c15664, 0xa1e2694e, 0xaaef6040,
+0xb7f87b52, 0xbcf5725c, 0xd5be0506, 0xdeb30c08, 0xc3a4171a, 0xc8a91e14,
+0xf98a213e, 0xf2872830, 0xef903322, 0xe49d3a2c, 0x3d06dd96, 0x360bd498,
+0x2b1ccf8a, 0x2011c684, 0x1132f9ae, 0x1a3ff0a0, 0x0728ebb2, 0x0c25e2bc,
+0x656e95e6, 0x6e639ce8, 0x737487fa, 0x78798ef4, 0x495ab1de, 0x4257b8d0,
+0x5f40a3c2, 0x544daacc, 0xf7daec41, 0xfcd7e54f, 0xe1c0fe5d, 0xeacdf753,
+0xdbeec879, 0xd0e3c177, 0xcdf4da65, 0xc6f9d36b, 0xafb2a431, 0xa4bfad3f,
+0xb9a8b62d, 0xb2a5bf23, 0x83868009, 0x888b8907, 0x959c9215, 0x9e919b1b,
+0x470a7ca1, 0x4c0775af, 0x51106ebd, 0x5a1d67b3, 0x6b3e5899, 0x60335197,
+0x7d244a85, 0x7629438b, 0x1f6234d1, 0x146f3ddf, 0x097826cd, 0x02752fc3,
+0x335610e9, 0x385b19e7, 0x254c02f5, 0x2e410bfb, 0x8c61d79a, 0x876cde94,
+0x9a7bc586, 0x9176cc88, 0xa055f3a2, 0xab58faac, 0xb64fe1be, 0xbd42e8b0,
+0xd4099fea, 0xdf0496e4, 0xc2138df6, 0xc91e84f8, 0xf83dbbd2, 0xf330b2dc,
+0xee27a9ce, 0xe52aa0c0, 0x3cb1477a, 0x37bc4e74, 0x2aab5566, 0x21a65c68,
+0x10856342, 0x1b886a4c, 0x069f715e, 0x0d927850, 0x64d90f0a, 0x6fd40604,
+0x72c31d16, 0x79ce1418, 0x48ed2b32, 0x43e0223c, 0x5ef7392e, 0x55fa3020,
+0x01b79aec, 0x0aba93e2, 0x17ad88f0, 0x1ca081fe, 0x2d83bed4, 0x268eb7da,
+0x3b99acc8, 0x3094a5c6, 0x59dfd29c, 0x52d2db92, 0x4fc5c080, 0x44c8c98e,
+0x75ebf6a4, 0x7ee6ffaa, 0x63f1e4b8, 0x68fcedb6, 0xb1670a0c, 0xba6a0302,
+0xa77d1810, 0xac70111e, 0x9d532e34, 0x965e273a, 0x8b493c28, 0x80443526,
+0xe90f427c, 0xe2024b72, 0xff155060, 0xf418596e, 0xc53b6644, 0xce366f4a,
+0xd3217458, 0xd82c7d56, 0x7a0ca137, 0x7101a839, 0x6c16b32b, 0x671bba25,
+0x5638850f, 0x5d358c01, 0x40229713, 0x4b2f9e1d, 0x2264e947, 0x2969e049,
+0x347efb5b, 0x3f73f255, 0x0e50cd7f, 0x055dc471, 0x184adf63, 0x1347d66d,
+0xcadc31d7, 0xc1d138d9, 0xdcc623cb, 0xd7cb2ac5, 0xe6e815ef, 0xede51ce1,
+0xf0f207f3, 0xfbff0efd, 0x92b479a7, 0x99b970a9, 0x84ae6bbb, 0x8fa362b5,
+0xbe805d9f, 0xb58d5491, 0xa89a4f83, 0xa397468d  
+};
+#else
+static const PRUint32 _IMXC0[256] = 
+{
+0x00000000, 0x0e090d0b, 0x1c121a16, 0x121b171d, 0x3824342c, 0x362d3927,
+0x24362e3a, 0x2a3f2331, 0x70486858, 0x7e416553, 0x6c5a724e, 0x62537f45,
+0x486c5c74, 0x4665517f, 0x547e4662, 0x5a774b69, 0xe090d0b0, 0xee99ddbb,
+0xfc82caa6, 0xf28bc7ad, 0xd8b4e49c, 0xd6bde997, 0xc4a6fe8a, 0xcaaff381,
+0x90d8b8e8, 0x9ed1b5e3, 0x8ccaa2fe, 0x82c3aff5, 0xa8fc8cc4, 0xa6f581cf,
+0xb4ee96d2, 0xbae79bd9, 0xdb3bbb7b, 0xd532b670, 0xc729a16d, 0xc920ac66,
+0xe31f8f57, 0xed16825c, 0xff0d9541, 0xf104984a, 0xab73d323, 0xa57ade28,
+0xb761c935, 0xb968c43e, 0x9357e70f, 0x9d5eea04, 0x8f45fd19, 0x814cf012,
+0x3bab6bcb, 0x35a266c0, 0x27b971dd, 0x29b07cd6, 0x038f5fe7, 0x0d8652ec,
+0x1f9d45f1, 0x119448fa, 0x4be30393, 0x45ea0e98, 0x57f11985, 0x59f8148e,
+0x73c737bf, 0x7dce3ab4, 0x6fd52da9, 0x61dc20a2, 0xad766df6, 0xa37f60fd,
+0xb16477e0, 0xbf6d7aeb, 0x955259da, 0x9b5b54d1, 0x894043cc, 0x87494ec7,
+0xdd3e05ae, 0xd33708a5, 0xc12c1fb8, 0xcf2512b3, 0xe51a3182, 0xeb133c89,
+0xf9082b94, 0xf701269f, 0x4de6bd46, 0x43efb04d, 0x51f4a750, 0x5ffdaa5b,
+0x75c2896a, 0x7bcb8461, 0x69d0937c, 0x67d99e77, 0x3daed51e, 0x33a7d815,
+0x21bccf08, 0x2fb5c203, 0x058ae132, 0x0b83ec39, 0x1998fb24, 0x1791f62f,
+0x764dd68d, 0x7844db86, 0x6a5fcc9b, 0x6456c190, 0x4e69e2a1, 0x4060efaa,
+0x527bf8b7, 0x5c72f5bc, 0x0605bed5, 0x080cb3de, 0x1a17a4c3, 0x141ea9c8,
+0x3e218af9, 0x302887f2, 0x223390ef, 0x2c3a9de4, 0x96dd063d, 0x98d40b36,
+0x8acf1c2b, 0x84c61120, 0xaef93211, 0xa0f03f1a, 0xb2eb2807, 0xbce2250c,
+0xe6956e65, 0xe89c636e, 0xfa877473, 0xf48e7978, 0xdeb15a49, 0xd0b85742,
+0xc2a3405f, 0xccaa4d54, 0x41ecdaf7, 0x4fe5d7fc, 0x5dfec0e1, 0x53f7cdea,
+0x79c8eedb, 0x77c1e3d0, 0x65daf4cd, 0x6bd3f9c6, 0x31a4b2af, 0x3fadbfa4,
+0x2db6a8b9, 0x23bfa5b2, 0x09808683, 0x07898b88, 0x15929c95, 0x1b9b919e,
+0xa17c0a47, 0xaf75074c, 0xbd6e1051, 0xb3671d5a, 0x99583e6b, 0x97513360,
+0x854a247d, 0x8b432976, 0xd134621f, 0xdf3d6f14, 0xcd267809, 0xc32f7502,
+0xe9105633, 0xe7195b38, 0xf5024c25, 0xfb0b412e, 0x9ad7618c, 0x94de6c87,
+0x86c57b9a, 0x88cc7691, 0xa2f355a0, 0xacfa58ab, 0xbee14fb6, 0xb0e842bd,
+0xea9f09d4, 0xe49604df, 0xf68d13c2, 0xf8841ec9, 0xd2bb3df8, 0xdcb230f3,
+0xcea927ee, 0xc0a02ae5, 0x7a47b13c, 0x744ebc37, 0x6655ab2a, 0x685ca621,
+0x42638510, 0x4c6a881b, 0x5e719f06, 0x5078920d, 0x0a0fd964, 0x0406d46f,
+0x161dc372, 0x1814ce79, 0x322bed48, 0x3c22e043, 0x2e39f75e, 0x2030fa55,
+0xec9ab701, 0xe293ba0a, 0xf088ad17, 0xfe81a01c, 0xd4be832d, 0xdab78e26,
+0xc8ac993b, 0xc6a59430, 0x9cd2df59, 0x92dbd252, 0x80c0c54f, 0x8ec9c844,
+0xa4f6eb75, 0xaaffe67e, 0xb8e4f163, 0xb6edfc68, 0x0c0a67b1, 0x02036aba,
+0x10187da7, 0x1e1170ac, 0x342e539d, 0x3a275e96, 0x283c498b, 0x26354480,
+0x7c420fe9, 0x724b02e2, 0x605015ff, 0x6e5918f4, 0x44663bc5, 0x4a6f36ce,
+0x587421d3, 0x567d2cd8, 0x37a10c7a, 0x39a80171, 0x2bb3166c, 0x25ba1b67,
+0x0f853856, 0x018c355d, 0x13972240, 0x1d9e2f4b, 0x47e96422, 0x49e06929,
+0x5bfb7e34, 0x55f2733f, 0x7fcd500e, 0x71c45d05, 0x63df4a18, 0x6dd64713,
+0xd731dcca, 0xd938d1c1, 0xcb23c6dc, 0xc52acbd7, 0xef15e8e6, 0xe11ce5ed,
+0xf307f2f0, 0xfd0efffb, 0xa779b492, 0xa970b999, 0xbb6bae84, 0xb562a38f,
+0x9f5d80be, 0x91548db5, 0x834f9aa8, 0x8d4697a3  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC1[256] = 
+{
+0x00000000, 0x0d090e0b, 0x1a121c16, 0x171b121d, 0x3424382c, 0x392d3627,
+0x2e36243a, 0x233f2a31, 0x68487058, 0x65417e53, 0x725a6c4e, 0x7f536245,
+0x5c6c4874, 0x5165467f, 0x467e5462, 0x4b775a69, 0xd090e0b0, 0xdd99eebb,
+0xca82fca6, 0xc78bf2ad, 0xe4b4d89c, 0xe9bdd697, 0xfea6c48a, 0xf3afca81,
+0xb8d890e8, 0xb5d19ee3, 0xa2ca8cfe, 0xafc382f5, 0x8cfca8c4, 0x81f5a6cf,
+0x96eeb4d2, 0x9be7bad9, 0xbb3bdb7b, 0xb632d570, 0xa129c76d, 0xac20c966,
+0x8f1fe357, 0x8216ed5c, 0x950dff41, 0x9804f14a, 0xd373ab23, 0xde7aa528,
+0xc961b735, 0xc468b93e, 0xe757930f, 0xea5e9d04, 0xfd458f19, 0xf04c8112,
+0x6bab3bcb, 0x66a235c0, 0x71b927dd, 0x7cb029d6, 0x5f8f03e7, 0x52860dec,
+0x459d1ff1, 0x489411fa, 0x03e34b93, 0x0eea4598, 0x19f15785, 0x14f8598e,
+0x37c773bf, 0x3ace7db4, 0x2dd56fa9, 0x20dc61a2, 0x6d76adf6, 0x607fa3fd,
+0x7764b1e0, 0x7a6dbfeb, 0x595295da, 0x545b9bd1, 0x434089cc, 0x4e4987c7,
+0x053eddae, 0x0837d3a5, 0x1f2cc1b8, 0x1225cfb3, 0x311ae582, 0x3c13eb89,
+0x2b08f994, 0x2601f79f, 0xbde64d46, 0xb0ef434d, 0xa7f45150, 0xaafd5f5b,
+0x89c2756a, 0x84cb7b61, 0x93d0697c, 0x9ed96777, 0xd5ae3d1e, 0xd8a73315,
+0xcfbc2108, 0xc2b52f03, 0xe18a0532, 0xec830b39, 0xfb981924, 0xf691172f,
+0xd64d768d, 0xdb447886, 0xcc5f6a9b, 0xc1566490, 0xe2694ea1, 0xef6040aa,
+0xf87b52b7, 0xf5725cbc, 0xbe0506d5, 0xb30c08de, 0xa4171ac3, 0xa91e14c8,
+0x8a213ef9, 0x872830f2, 0x903322ef, 0x9d3a2ce4, 0x06dd963d, 0x0bd49836,
+0x1ccf8a2b, 0x11c68420, 0x32f9ae11, 0x3ff0a01a, 0x28ebb207, 0x25e2bc0c,
+0x6e95e665, 0x639ce86e, 0x7487fa73, 0x798ef478, 0x5ab1de49, 0x57b8d042,
+0x40a3c25f, 0x4daacc54, 0xdaec41f7, 0xd7e54ffc, 0xc0fe5de1, 0xcdf753ea,
+0xeec879db, 0xe3c177d0, 0xf4da65cd, 0xf9d36bc6, 0xb2a431af, 0xbfad3fa4,
+0xa8b62db9, 0xa5bf23b2, 0x86800983, 0x8b890788, 0x9c921595, 0x919b1b9e,
+0x0a7ca147, 0x0775af4c, 0x106ebd51, 0x1d67b35a, 0x3e58996b, 0x33519760,
+0x244a857d, 0x29438b76, 0x6234d11f, 0x6f3ddf14, 0x7826cd09, 0x752fc302,
+0x5610e933, 0x5b19e738, 0x4c02f525, 0x410bfb2e, 0x61d79a8c, 0x6cde9487,
+0x7bc5869a, 0x76cc8891, 0x55f3a2a0, 0x58faacab, 0x4fe1beb6, 0x42e8b0bd,
+0x099fead4, 0x0496e4df, 0x138df6c2, 0x1e84f8c9, 0x3dbbd2f8, 0x30b2dcf3,
+0x27a9ceee, 0x2aa0c0e5, 0xb1477a3c, 0xbc4e7437, 0xab55662a, 0xa65c6821,
+0x85634210, 0x886a4c1b, 0x9f715e06, 0x9278500d, 0xd90f0a64, 0xd406046f,
+0xc31d1672, 0xce141879, 0xed2b3248, 0xe0223c43, 0xf7392e5e, 0xfa302055,
+0xb79aec01, 0xba93e20a, 0xad88f017, 0xa081fe1c, 0x83bed42d, 0x8eb7da26,
+0x99acc83b, 0x94a5c630, 0xdfd29c59, 0xd2db9252, 0xc5c0804f, 0xc8c98e44,
+0xebf6a475, 0xe6ffaa7e, 0xf1e4b863, 0xfcedb668, 0x670a0cb1, 0x6a0302ba,
+0x7d1810a7, 0x70111eac, 0x532e349d, 0x5e273a96, 0x493c288b, 0x44352680,
+0x0f427ce9, 0x024b72e2, 0x155060ff, 0x18596ef4, 0x3b6644c5, 0x366f4ace,
+0x217458d3, 0x2c7d56d8, 0x0ca1377a, 0x01a83971, 0x16b32b6c, 0x1bba2567,
+0x38850f56, 0x358c015d, 0x22971340, 0x2f9e1d4b, 0x64e94722, 0x69e04929,
+0x7efb5b34, 0x73f2553f, 0x50cd7f0e, 0x5dc47105, 0x4adf6318, 0x47d66d13,
+0xdc31d7ca, 0xd138d9c1, 0xc623cbdc, 0xcb2ac5d7, 0xe815efe6, 0xe51ce1ed,
+0xf207f3f0, 0xff0efdfb, 0xb479a792, 0xb970a999, 0xae6bbb84, 0xa362b58f,
+0x805d9fbe, 0x8d5491b5, 0x9a4f83a8, 0x97468da3  
+};
+#else
+static const PRUint32 _IMXC1[256] = 
+{
+0x00000000, 0x0b0e090d, 0x161c121a, 0x1d121b17, 0x2c382434, 0x27362d39,
+0x3a24362e, 0x312a3f23, 0x58704868, 0x537e4165, 0x4e6c5a72, 0x4562537f,
+0x74486c5c, 0x7f466551, 0x62547e46, 0x695a774b, 0xb0e090d0, 0xbbee99dd,
+0xa6fc82ca, 0xadf28bc7, 0x9cd8b4e4, 0x97d6bde9, 0x8ac4a6fe, 0x81caaff3,
+0xe890d8b8, 0xe39ed1b5, 0xfe8ccaa2, 0xf582c3af, 0xc4a8fc8c, 0xcfa6f581,
+0xd2b4ee96, 0xd9bae79b, 0x7bdb3bbb, 0x70d532b6, 0x6dc729a1, 0x66c920ac,
+0x57e31f8f, 0x5ced1682, 0x41ff0d95, 0x4af10498, 0x23ab73d3, 0x28a57ade,
+0x35b761c9, 0x3eb968c4, 0x0f9357e7, 0x049d5eea, 0x198f45fd, 0x12814cf0,
+0xcb3bab6b, 0xc035a266, 0xdd27b971, 0xd629b07c, 0xe7038f5f, 0xec0d8652,
+0xf11f9d45, 0xfa119448, 0x934be303, 0x9845ea0e, 0x8557f119, 0x8e59f814,
+0xbf73c737, 0xb47dce3a, 0xa96fd52d, 0xa261dc20, 0xf6ad766d, 0xfda37f60,
+0xe0b16477, 0xebbf6d7a, 0xda955259, 0xd19b5b54, 0xcc894043, 0xc787494e,
+0xaedd3e05, 0xa5d33708, 0xb8c12c1f, 0xb3cf2512, 0x82e51a31, 0x89eb133c,
+0x94f9082b, 0x9ff70126, 0x464de6bd, 0x4d43efb0, 0x5051f4a7, 0x5b5ffdaa,
+0x6a75c289, 0x617bcb84, 0x7c69d093, 0x7767d99e, 0x1e3daed5, 0x1533a7d8,
+0x0821bccf, 0x032fb5c2, 0x32058ae1, 0x390b83ec, 0x241998fb, 0x2f1791f6,
+0x8d764dd6, 0x867844db, 0x9b6a5fcc, 0x906456c1, 0xa14e69e2, 0xaa4060ef,
+0xb7527bf8, 0xbc5c72f5, 0xd50605be, 0xde080cb3, 0xc31a17a4, 0xc8141ea9,
+0xf93e218a, 0xf2302887, 0xef223390, 0xe42c3a9d, 0x3d96dd06, 0x3698d40b,
+0x2b8acf1c, 0x2084c611, 0x11aef932, 0x1aa0f03f, 0x07b2eb28, 0x0cbce225,
+0x65e6956e, 0x6ee89c63, 0x73fa8774, 0x78f48e79, 0x49deb15a, 0x42d0b857,
+0x5fc2a340, 0x54ccaa4d, 0xf741ecda, 0xfc4fe5d7, 0xe15dfec0, 0xea53f7cd,
+0xdb79c8ee, 0xd077c1e3, 0xcd65daf4, 0xc66bd3f9, 0xaf31a4b2, 0xa43fadbf,
+0xb92db6a8, 0xb223bfa5, 0x83098086, 0x8807898b, 0x9515929c, 0x9e1b9b91,
+0x47a17c0a, 0x4caf7507, 0x51bd6e10, 0x5ab3671d, 0x6b99583e, 0x60975133,
+0x7d854a24, 0x768b4329, 0x1fd13462, 0x14df3d6f, 0x09cd2678, 0x02c32f75,
+0x33e91056, 0x38e7195b, 0x25f5024c, 0x2efb0b41, 0x8c9ad761, 0x8794de6c,
+0x9a86c57b, 0x9188cc76, 0xa0a2f355, 0xabacfa58, 0xb6bee14f, 0xbdb0e842,
+0xd4ea9f09, 0xdfe49604, 0xc2f68d13, 0xc9f8841e, 0xf8d2bb3d, 0xf3dcb230,
+0xeecea927, 0xe5c0a02a, 0x3c7a47b1, 0x37744ebc, 0x2a6655ab, 0x21685ca6,
+0x10426385, 0x1b4c6a88, 0x065e719f, 0x0d507892, 0x640a0fd9, 0x6f0406d4,
+0x72161dc3, 0x791814ce, 0x48322bed, 0x433c22e0, 0x5e2e39f7, 0x552030fa,
+0x01ec9ab7, 0x0ae293ba, 0x17f088ad, 0x1cfe81a0, 0x2dd4be83, 0x26dab78e,
+0x3bc8ac99, 0x30c6a594, 0x599cd2df, 0x5292dbd2, 0x4f80c0c5, 0x448ec9c8,
+0x75a4f6eb, 0x7eaaffe6, 0x63b8e4f1, 0x68b6edfc, 0xb10c0a67, 0xba02036a,
+0xa710187d, 0xac1e1170, 0x9d342e53, 0x963a275e, 0x8b283c49, 0x80263544,
+0xe97c420f, 0xe2724b02, 0xff605015, 0xf46e5918, 0xc544663b, 0xce4a6f36,
+0xd3587421, 0xd8567d2c, 0x7a37a10c, 0x7139a801, 0x6c2bb316, 0x6725ba1b,
+0x560f8538, 0x5d018c35, 0x40139722, 0x4b1d9e2f, 0x2247e964, 0x2949e069,
+0x345bfb7e, 0x3f55f273, 0x0e7fcd50, 0x0571c45d, 0x1863df4a, 0x136dd647,
+0xcad731dc, 0xc1d938d1, 0xdccb23c6, 0xd7c52acb, 0xe6ef15e8, 0xede11ce5,
+0xf0f307f2, 0xfbfd0eff, 0x92a779b4, 0x99a970b9, 0x84bb6bae, 0x8fb562a3,
+0xbe9f5d80, 0xb591548d, 0xa8834f9a, 0xa38d4697  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC2[256] = 
+{
+0x00000000, 0x090e0b0d, 0x121c161a, 0x1b121d17, 0x24382c34, 0x2d362739,
+0x36243a2e, 0x3f2a3123, 0x48705868, 0x417e5365, 0x5a6c4e72, 0x5362457f,
+0x6c48745c, 0x65467f51, 0x7e546246, 0x775a694b, 0x90e0b0d0, 0x99eebbdd,
+0x82fca6ca, 0x8bf2adc7, 0xb4d89ce4, 0xbdd697e9, 0xa6c48afe, 0xafca81f3,
+0xd890e8b8, 0xd19ee3b5, 0xca8cfea2, 0xc382f5af, 0xfca8c48c, 0xf5a6cf81,
+0xeeb4d296, 0xe7bad99b, 0x3bdb7bbb, 0x32d570b6, 0x29c76da1, 0x20c966ac,
+0x1fe3578f, 0x16ed5c82, 0x0dff4195, 0x04f14a98, 0x73ab23d3, 0x7aa528de,
+0x61b735c9, 0x68b93ec4, 0x57930fe7, 0x5e9d04ea, 0x458f19fd, 0x4c8112f0,
+0xab3bcb6b, 0xa235c066, 0xb927dd71, 0xb029d67c, 0x8f03e75f, 0x860dec52,
+0x9d1ff145, 0x9411fa48, 0xe34b9303, 0xea45980e, 0xf1578519, 0xf8598e14,
+0xc773bf37, 0xce7db43a, 0xd56fa92d, 0xdc61a220, 0x76adf66d, 0x7fa3fd60,
+0x64b1e077, 0x6dbfeb7a, 0x5295da59, 0x5b9bd154, 0x4089cc43, 0x4987c74e,
+0x3eddae05, 0x37d3a508, 0x2cc1b81f, 0x25cfb312, 0x1ae58231, 0x13eb893c,
+0x08f9942b, 0x01f79f26, 0xe64d46bd, 0xef434db0, 0xf45150a7, 0xfd5f5baa,
+0xc2756a89, 0xcb7b6184, 0xd0697c93, 0xd967779e, 0xae3d1ed5, 0xa73315d8,
+0xbc2108cf, 0xb52f03c2, 0x8a0532e1, 0x830b39ec, 0x981924fb, 0x91172ff6,
+0x4d768dd6, 0x447886db, 0x5f6a9bcc, 0x566490c1, 0x694ea1e2, 0x6040aaef,
+0x7b52b7f8, 0x725cbcf5, 0x0506d5be, 0x0c08deb3, 0x171ac3a4, 0x1e14c8a9,
+0x213ef98a, 0x2830f287, 0x3322ef90, 0x3a2ce49d, 0xdd963d06, 0xd498360b,
+0xcf8a2b1c, 0xc6842011, 0xf9ae1132, 0xf0a01a3f, 0xebb20728, 0xe2bc0c25,
+0x95e6656e, 0x9ce86e63, 0x87fa7374, 0x8ef47879, 0xb1de495a, 0xb8d04257,
+0xa3c25f40, 0xaacc544d, 0xec41f7da, 0xe54ffcd7, 0xfe5de1c0, 0xf753eacd,
+0xc879dbee, 0xc177d0e3, 0xda65cdf4, 0xd36bc6f9, 0xa431afb2, 0xad3fa4bf,
+0xb62db9a8, 0xbf23b2a5, 0x80098386, 0x8907888b, 0x9215959c, 0x9b1b9e91,
+0x7ca1470a, 0x75af4c07, 0x6ebd5110, 0x67b35a1d, 0x58996b3e, 0x51976033,
+0x4a857d24, 0x438b7629, 0x34d11f62, 0x3ddf146f, 0x26cd0978, 0x2fc30275,
+0x10e93356, 0x19e7385b, 0x02f5254c, 0x0bfb2e41, 0xd79a8c61, 0xde94876c,
+0xc5869a7b, 0xcc889176, 0xf3a2a055, 0xfaacab58, 0xe1beb64f, 0xe8b0bd42,
+0x9fead409, 0x96e4df04, 0x8df6c213, 0x84f8c91e, 0xbbd2f83d, 0xb2dcf330,
+0xa9ceee27, 0xa0c0e52a, 0x477a3cb1, 0x4e7437bc, 0x55662aab, 0x5c6821a6,
+0x63421085, 0x6a4c1b88, 0x715e069f, 0x78500d92, 0x0f0a64d9, 0x06046fd4,
+0x1d1672c3, 0x141879ce, 0x2b3248ed, 0x223c43e0, 0x392e5ef7, 0x302055fa,
+0x9aec01b7, 0x93e20aba, 0x88f017ad, 0x81fe1ca0, 0xbed42d83, 0xb7da268e,
+0xacc83b99, 0xa5c63094, 0xd29c59df, 0xdb9252d2, 0xc0804fc5, 0xc98e44c8,
+0xf6a475eb, 0xffaa7ee6, 0xe4b863f1, 0xedb668fc, 0x0a0cb167, 0x0302ba6a,
+0x1810a77d, 0x111eac70, 0x2e349d53, 0x273a965e, 0x3c288b49, 0x35268044,
+0x427ce90f, 0x4b72e202, 0x5060ff15, 0x596ef418, 0x6644c53b, 0x6f4ace36,
+0x7458d321, 0x7d56d82c, 0xa1377a0c, 0xa8397101, 0xb32b6c16, 0xba25671b,
+0x850f5638, 0x8c015d35, 0x97134022, 0x9e1d4b2f, 0xe9472264, 0xe0492969,
+0xfb5b347e, 0xf2553f73, 0xcd7f0e50, 0xc471055d, 0xdf63184a, 0xd66d1347,
+0x31d7cadc, 0x38d9c1d1, 0x23cbdcc6, 0x2ac5d7cb, 0x15efe6e8, 0x1ce1ede5,
+0x07f3f0f2, 0x0efdfbff, 0x79a792b4, 0x70a999b9, 0x6bbb84ae, 0x62b58fa3,
+0x5d9fbe80, 0x5491b58d, 0x4f83a89a, 0x468da397  
+};
+#else
+static const PRUint32 _IMXC2[256] = 
+{
+0x00000000, 0x0d0b0e09, 0x1a161c12, 0x171d121b, 0x342c3824, 0x3927362d,
+0x2e3a2436, 0x23312a3f, 0x68587048, 0x65537e41, 0x724e6c5a, 0x7f456253,
+0x5c74486c, 0x517f4665, 0x4662547e, 0x4b695a77, 0xd0b0e090, 0xddbbee99,
+0xcaa6fc82, 0xc7adf28b, 0xe49cd8b4, 0xe997d6bd, 0xfe8ac4a6, 0xf381caaf,
+0xb8e890d8, 0xb5e39ed1, 0xa2fe8cca, 0xaff582c3, 0x8cc4a8fc, 0x81cfa6f5,
+0x96d2b4ee, 0x9bd9bae7, 0xbb7bdb3b, 0xb670d532, 0xa16dc729, 0xac66c920,
+0x8f57e31f, 0x825ced16, 0x9541ff0d, 0x984af104, 0xd323ab73, 0xde28a57a,
+0xc935b761, 0xc43eb968, 0xe70f9357, 0xea049d5e, 0xfd198f45, 0xf012814c,
+0x6bcb3bab, 0x66c035a2, 0x71dd27b9, 0x7cd629b0, 0x5fe7038f, 0x52ec0d86,
+0x45f11f9d, 0x48fa1194, 0x03934be3, 0x0e9845ea, 0x198557f1, 0x148e59f8,
+0x37bf73c7, 0x3ab47dce, 0x2da96fd5, 0x20a261dc, 0x6df6ad76, 0x60fda37f,
+0x77e0b164, 0x7aebbf6d, 0x59da9552, 0x54d19b5b, 0x43cc8940, 0x4ec78749,
+0x05aedd3e, 0x08a5d337, 0x1fb8c12c, 0x12b3cf25, 0x3182e51a, 0x3c89eb13,
+0x2b94f908, 0x269ff701, 0xbd464de6, 0xb04d43ef, 0xa75051f4, 0xaa5b5ffd,
+0x896a75c2, 0x84617bcb, 0x937c69d0, 0x9e7767d9, 0xd51e3dae, 0xd81533a7,
+0xcf0821bc, 0xc2032fb5, 0xe132058a, 0xec390b83, 0xfb241998, 0xf62f1791,
+0xd68d764d, 0xdb867844, 0xcc9b6a5f, 0xc1906456, 0xe2a14e69, 0xefaa4060,
+0xf8b7527b, 0xf5bc5c72, 0xbed50605, 0xb3de080c, 0xa4c31a17, 0xa9c8141e,
+0x8af93e21, 0x87f23028, 0x90ef2233, 0x9de42c3a, 0x063d96dd, 0x0b3698d4,
+0x1c2b8acf, 0x112084c6, 0x3211aef9, 0x3f1aa0f0, 0x2807b2eb, 0x250cbce2,
+0x6e65e695, 0x636ee89c, 0x7473fa87, 0x7978f48e, 0x5a49deb1, 0x5742d0b8,
+0x405fc2a3, 0x4d54ccaa, 0xdaf741ec, 0xd7fc4fe5, 0xc0e15dfe, 0xcdea53f7,
+0xeedb79c8, 0xe3d077c1, 0xf4cd65da, 0xf9c66bd3, 0xb2af31a4, 0xbfa43fad,
+0xa8b92db6, 0xa5b223bf, 0x86830980, 0x8b880789, 0x9c951592, 0x919e1b9b,
+0x0a47a17c, 0x074caf75, 0x1051bd6e, 0x1d5ab367, 0x3e6b9958, 0x33609751,
+0x247d854a, 0x29768b43, 0x621fd134, 0x6f14df3d, 0x7809cd26, 0x7502c32f,
+0x5633e910, 0x5b38e719, 0x4c25f502, 0x412efb0b, 0x618c9ad7, 0x6c8794de,
+0x7b9a86c5, 0x769188cc, 0x55a0a2f3, 0x58abacfa, 0x4fb6bee1, 0x42bdb0e8,
+0x09d4ea9f, 0x04dfe496, 0x13c2f68d, 0x1ec9f884, 0x3df8d2bb, 0x30f3dcb2,
+0x27eecea9, 0x2ae5c0a0, 0xb13c7a47, 0xbc37744e, 0xab2a6655, 0xa621685c,
+0x85104263, 0x881b4c6a, 0x9f065e71, 0x920d5078, 0xd9640a0f, 0xd46f0406,
+0xc372161d, 0xce791814, 0xed48322b, 0xe0433c22, 0xf75e2e39, 0xfa552030,
+0xb701ec9a, 0xba0ae293, 0xad17f088, 0xa01cfe81, 0x832dd4be, 0x8e26dab7,
+0x993bc8ac, 0x9430c6a5, 0xdf599cd2, 0xd25292db, 0xc54f80c0, 0xc8448ec9,
+0xeb75a4f6, 0xe67eaaff, 0xf163b8e4, 0xfc68b6ed, 0x67b10c0a, 0x6aba0203,
+0x7da71018, 0x70ac1e11, 0x539d342e, 0x5e963a27, 0x498b283c, 0x44802635,
+0x0fe97c42, 0x02e2724b, 0x15ff6050, 0x18f46e59, 0x3bc54466, 0x36ce4a6f,
+0x21d35874, 0x2cd8567d, 0x0c7a37a1, 0x017139a8, 0x166c2bb3, 0x1b6725ba,
+0x38560f85, 0x355d018c, 0x22401397, 0x2f4b1d9e, 0x642247e9, 0x692949e0,
+0x7e345bfb, 0x733f55f2, 0x500e7fcd, 0x5d0571c4, 0x4a1863df, 0x47136dd6,
+0xdccad731, 0xd1c1d938, 0xc6dccb23, 0xcbd7c52a, 0xe8e6ef15, 0xe5ede11c,
+0xf2f0f307, 0xfffbfd0e, 0xb492a779, 0xb999a970, 0xae84bb6b, 0xa38fb562,
+0x80be9f5d, 0x8db59154, 0x9aa8834f, 0x97a38d46  
+};
+#endif
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 _IMXC3[256] = 
+{
+0x00000000, 0x0e0b0d09, 0x1c161a12, 0x121d171b, 0x382c3424, 0x3627392d,
+0x243a2e36, 0x2a31233f, 0x70586848, 0x7e536541, 0x6c4e725a, 0x62457f53,
+0x48745c6c, 0x467f5165, 0x5462467e, 0x5a694b77, 0xe0b0d090, 0xeebbdd99,
+0xfca6ca82, 0xf2adc78b, 0xd89ce4b4, 0xd697e9bd, 0xc48afea6, 0xca81f3af,
+0x90e8b8d8, 0x9ee3b5d1, 0x8cfea2ca, 0x82f5afc3, 0xa8c48cfc, 0xa6cf81f5,
+0xb4d296ee, 0xbad99be7, 0xdb7bbb3b, 0xd570b632, 0xc76da129, 0xc966ac20,
+0xe3578f1f, 0xed5c8216, 0xff41950d, 0xf14a9804, 0xab23d373, 0xa528de7a,
+0xb735c961, 0xb93ec468, 0x930fe757, 0x9d04ea5e, 0x8f19fd45, 0x8112f04c,
+0x3bcb6bab, 0x35c066a2, 0x27dd71b9, 0x29d67cb0, 0x03e75f8f, 0x0dec5286,
+0x1ff1459d, 0x11fa4894, 0x4b9303e3, 0x45980eea, 0x578519f1, 0x598e14f8,
+0x73bf37c7, 0x7db43ace, 0x6fa92dd5, 0x61a220dc, 0xadf66d76, 0xa3fd607f,
+0xb1e07764, 0xbfeb7a6d, 0x95da5952, 0x9bd1545b, 0x89cc4340, 0x87c74e49,
+0xddae053e, 0xd3a50837, 0xc1b81f2c, 0xcfb31225, 0xe582311a, 0xeb893c13,
+0xf9942b08, 0xf79f2601, 0x4d46bde6, 0x434db0ef, 0x5150a7f4, 0x5f5baafd,
+0x756a89c2, 0x7b6184cb, 0x697c93d0, 0x67779ed9, 0x3d1ed5ae, 0x3315d8a7,
+0x2108cfbc, 0x2f03c2b5, 0x0532e18a, 0x0b39ec83, 0x1924fb98, 0x172ff691,
+0x768dd64d, 0x7886db44, 0x6a9bcc5f, 0x6490c156, 0x4ea1e269, 0x40aaef60,
+0x52b7f87b, 0x5cbcf572, 0x06d5be05, 0x08deb30c, 0x1ac3a417, 0x14c8a91e,
+0x3ef98a21, 0x30f28728, 0x22ef9033, 0x2ce49d3a, 0x963d06dd, 0x98360bd4,
+0x8a2b1ccf, 0x842011c6, 0xae1132f9, 0xa01a3ff0, 0xb20728eb, 0xbc0c25e2,
+0xe6656e95, 0xe86e639c, 0xfa737487, 0xf478798e, 0xde495ab1, 0xd04257b8,
+0xc25f40a3, 0xcc544daa, 0x41f7daec, 0x4ffcd7e5, 0x5de1c0fe, 0x53eacdf7,
+0x79dbeec8, 0x77d0e3c1, 0x65cdf4da, 0x6bc6f9d3, 0x31afb2a4, 0x3fa4bfad,
+0x2db9a8b6, 0x23b2a5bf, 0x09838680, 0x07888b89, 0x15959c92, 0x1b9e919b,
+0xa1470a7c, 0xaf4c0775, 0xbd51106e, 0xb35a1d67, 0x996b3e58, 0x97603351,
+0x857d244a, 0x8b762943, 0xd11f6234, 0xdf146f3d, 0xcd097826, 0xc302752f,
+0xe9335610, 0xe7385b19, 0xf5254c02, 0xfb2e410b, 0x9a8c61d7, 0x94876cde,
+0x869a7bc5, 0x889176cc, 0xa2a055f3, 0xacab58fa, 0xbeb64fe1, 0xb0bd42e8,
+0xead4099f, 0xe4df0496, 0xf6c2138d, 0xf8c91e84, 0xd2f83dbb, 0xdcf330b2,
+0xceee27a9, 0xc0e52aa0, 0x7a3cb147, 0x7437bc4e, 0x662aab55, 0x6821a65c,
+0x42108563, 0x4c1b886a, 0x5e069f71, 0x500d9278, 0x0a64d90f, 0x046fd406,
+0x1672c31d, 0x1879ce14, 0x3248ed2b, 0x3c43e022, 0x2e5ef739, 0x2055fa30,
+0xec01b79a, 0xe20aba93, 0xf017ad88, 0xfe1ca081, 0xd42d83be, 0xda268eb7,
+0xc83b99ac, 0xc63094a5, 0x9c59dfd2, 0x9252d2db, 0x804fc5c0, 0x8e44c8c9,
+0xa475ebf6, 0xaa7ee6ff, 0xb863f1e4, 0xb668fced, 0x0cb1670a, 0x02ba6a03,
+0x10a77d18, 0x1eac7011, 0x349d532e, 0x3a965e27, 0x288b493c, 0x26804435,
+0x7ce90f42, 0x72e2024b, 0x60ff1550, 0x6ef41859, 0x44c53b66, 0x4ace366f,
+0x58d32174, 0x56d82c7d, 0x377a0ca1, 0x397101a8, 0x2b6c16b3, 0x25671bba,
+0x0f563885, 0x015d358c, 0x13402297, 0x1d4b2f9e, 0x472264e9, 0x492969e0,
+0x5b347efb, 0x553f73f2, 0x7f0e50cd, 0x71055dc4, 0x63184adf, 0x6d1347d6,
+0xd7cadc31, 0xd9c1d138, 0xcbdcc623, 0xc5d7cb2a, 0xefe6e815, 0xe1ede51c,
+0xf3f0f207, 0xfdfbff0e, 0xa792b479, 0xa999b970, 0xbb84ae6b, 0xb58fa362,
+0x9fbe805d, 0x91b58d54, 0x83a89a4f, 0x8da39746  
+};
+#else
+static const PRUint32 _IMXC3[256] = 
+{
+0x00000000, 0x090d0b0e, 0x121a161c, 0x1b171d12, 0x24342c38, 0x2d392736,
+0x362e3a24, 0x3f23312a, 0x48685870, 0x4165537e, 0x5a724e6c, 0x537f4562,
+0x6c5c7448, 0x65517f46, 0x7e466254, 0x774b695a, 0x90d0b0e0, 0x99ddbbee,
+0x82caa6fc, 0x8bc7adf2, 0xb4e49cd8, 0xbde997d6, 0xa6fe8ac4, 0xaff381ca,
+0xd8b8e890, 0xd1b5e39e, 0xcaa2fe8c, 0xc3aff582, 0xfc8cc4a8, 0xf581cfa6,
+0xee96d2b4, 0xe79bd9ba, 0x3bbb7bdb, 0x32b670d5, 0x29a16dc7, 0x20ac66c9,
+0x1f8f57e3, 0x16825ced, 0x0d9541ff, 0x04984af1, 0x73d323ab, 0x7ade28a5,
+0x61c935b7, 0x68c43eb9, 0x57e70f93, 0x5eea049d, 0x45fd198f, 0x4cf01281,
+0xab6bcb3b, 0xa266c035, 0xb971dd27, 0xb07cd629, 0x8f5fe703, 0x8652ec0d,
+0x9d45f11f, 0x9448fa11, 0xe303934b, 0xea0e9845, 0xf1198557, 0xf8148e59,
+0xc737bf73, 0xce3ab47d, 0xd52da96f, 0xdc20a261, 0x766df6ad, 0x7f60fda3,
+0x6477e0b1, 0x6d7aebbf, 0x5259da95, 0x5b54d19b, 0x4043cc89, 0x494ec787,
+0x3e05aedd, 0x3708a5d3, 0x2c1fb8c1, 0x2512b3cf, 0x1a3182e5, 0x133c89eb,
+0x082b94f9, 0x01269ff7, 0xe6bd464d, 0xefb04d43, 0xf4a75051, 0xfdaa5b5f,
+0xc2896a75, 0xcb84617b, 0xd0937c69, 0xd99e7767, 0xaed51e3d, 0xa7d81533,
+0xbccf0821, 0xb5c2032f, 0x8ae13205, 0x83ec390b, 0x98fb2419, 0x91f62f17,
+0x4dd68d76, 0x44db8678, 0x5fcc9b6a, 0x56c19064, 0x69e2a14e, 0x60efaa40,
+0x7bf8b752, 0x72f5bc5c, 0x05bed506, 0x0cb3de08, 0x17a4c31a, 0x1ea9c814,
+0x218af93e, 0x2887f230, 0x3390ef22, 0x3a9de42c, 0xdd063d96, 0xd40b3698,
+0xcf1c2b8a, 0xc6112084, 0xf93211ae, 0xf03f1aa0, 0xeb2807b2, 0xe2250cbc,
+0x956e65e6, 0x9c636ee8, 0x877473fa, 0x8e7978f4, 0xb15a49de, 0xb85742d0,
+0xa3405fc2, 0xaa4d54cc, 0xecdaf741, 0xe5d7fc4f, 0xfec0e15d, 0xf7cdea53,
+0xc8eedb79, 0xc1e3d077, 0xdaf4cd65, 0xd3f9c66b, 0xa4b2af31, 0xadbfa43f,
+0xb6a8b92d, 0xbfa5b223, 0x80868309, 0x898b8807, 0x929c9515, 0x9b919e1b,
+0x7c0a47a1, 0x75074caf, 0x6e1051bd, 0x671d5ab3, 0x583e6b99, 0x51336097,
+0x4a247d85, 0x4329768b, 0x34621fd1, 0x3d6f14df, 0x267809cd, 0x2f7502c3,
+0x105633e9, 0x195b38e7, 0x024c25f5, 0x0b412efb, 0xd7618c9a, 0xde6c8794,
+0xc57b9a86, 0xcc769188, 0xf355a0a2, 0xfa58abac, 0xe14fb6be, 0xe842bdb0,
+0x9f09d4ea, 0x9604dfe4, 0x8d13c2f6, 0x841ec9f8, 0xbb3df8d2, 0xb230f3dc,
+0xa927eece, 0xa02ae5c0, 0x47b13c7a, 0x4ebc3774, 0x55ab2a66, 0x5ca62168,
+0x63851042, 0x6a881b4c, 0x719f065e, 0x78920d50, 0x0fd9640a, 0x06d46f04,
+0x1dc37216, 0x14ce7918, 0x2bed4832, 0x22e0433c, 0x39f75e2e, 0x30fa5520,
+0x9ab701ec, 0x93ba0ae2, 0x88ad17f0, 0x81a01cfe, 0xbe832dd4, 0xb78e26da,
+0xac993bc8, 0xa59430c6, 0xd2df599c, 0xdbd25292, 0xc0c54f80, 0xc9c8448e,
+0xf6eb75a4, 0xffe67eaa, 0xe4f163b8, 0xedfc68b6, 0x0a67b10c, 0x036aba02,
+0x187da710, 0x1170ac1e, 0x2e539d34, 0x275e963a, 0x3c498b28, 0x35448026,
+0x420fe97c, 0x4b02e272, 0x5015ff60, 0x5918f46e, 0x663bc544, 0x6f36ce4a,
+0x7421d358, 0x7d2cd856, 0xa10c7a37, 0xa8017139, 0xb3166c2b, 0xba1b6725,
+0x8538560f, 0x8c355d01, 0x97224013, 0x9e2f4b1d, 0xe9642247, 0xe0692949,
+0xfb7e345b, 0xf2733f55, 0xcd500e7f, 0xc45d0571, 0xdf4a1863, 0xd647136d,
+0x31dccad7, 0x38d1c1d9, 0x23c6dccb, 0x2acbd7c5, 0x15e8e6ef, 0x1ce5ede1,
+0x07f2f0f3, 0x0efffbfd, 0x79b492a7, 0x70b999a9, 0x6bae84bb, 0x62a38fb5,
+0x5d80be9f, 0x548db591, 0x4f9aa883, 0x4697a38d  
+};
+#endif
+
+#endif /* RIJNDAEL_INCLUDE_TABLES */
+
+#ifdef IS_LITTLE_ENDIAN
+static const PRUint32 Rcon[30] = {
+0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020,
+0x00000040, 0x00000080, 0x0000001b, 0x00000036, 0x0000006c, 0x000000d8,
+0x000000ab, 0x0000004d, 0x0000009a, 0x0000002f, 0x0000005e, 0x000000bc,
+0x00000063, 0x000000c6, 0x00000097, 0x00000035, 0x0000006a, 0x000000d4,
+0x000000b3, 0x0000007d, 0x000000fa, 0x000000ef, 0x000000c5, 0x00000091 
+};
+#else
+static const PRUint32 Rcon[30] = {
+0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000,
+0x40000000, 0x80000000, 0x1b000000, 0x36000000, 0x6c000000, 0xd8000000,
+0xab000000, 0x4d000000, 0x9a000000, 0x2f000000, 0x5e000000, 0xbc000000,
+0x63000000, 0xc6000000, 0x97000000, 0x35000000, 0x6a000000, 0xd4000000,
+0xb3000000, 0x7d000000, 0xfa000000, 0xef000000, 0xc5000000, 0x91000000 
+};
+#endif
+
diff --git a/nss/lib/freebl/rijndael_tables.c b/nss/lib/freebl/rijndael_tables.c
new file mode 100644
index 0000000..78dd85a
--- /dev/null
+++ b/nss/lib/freebl/rijndael_tables.c
@@ -0,0 +1,215 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "stdio.h"
+#include "prtypes.h"
+#include "blapi.h"
+
+/*
+ * what follows is code thrown together to generate the myriad of tables
+ * used by Rijndael, the AES cipher.
+ */
+
+#define WORD_LE(b0, b1, b2, b3) \
+    (((b3) << 24) | ((b2) << 16) | ((b1) << 8) | b0)
+
+#define WORD_BE(b0, b1, b2, b3) \
+    (((b0) << 24) | ((b1) << 16) | ((b2) << 8) | b3)
+
+static const PRUint8 __S[256] =
+    {
+      99, 124, 119, 123, 242, 107, 111, 197, 48, 1, 103, 43, 254, 215, 171, 118,
+      202, 130, 201, 125, 250, 89, 71, 240, 173, 212, 162, 175, 156, 164, 114, 192,
+      183, 253, 147, 38, 54, 63, 247, 204, 52, 165, 229, 241, 113, 216, 49, 21,
+      4, 199, 35, 195, 24, 150, 5, 154, 7, 18, 128, 226, 235, 39, 178, 117,
+      9, 131, 44, 26, 27, 110, 90, 160, 82, 59, 214, 179, 41, 227, 47, 132,
+      83, 209, 0, 237, 32, 252, 177, 91, 106, 203, 190, 57, 74, 76, 88, 207,
+      208, 239, 170, 251, 67, 77, 51, 133, 69, 249, 2, 127, 80, 60, 159, 168,
+      81, 163, 64, 143, 146, 157, 56, 245, 188, 182, 218, 33, 16, 255, 243, 210,
+      205, 12, 19, 236, 95, 151, 68, 23, 196, 167, 126, 61, 100, 93, 25, 115,
+      96, 129, 79, 220, 34, 42, 144, 136, 70, 238, 184, 20, 222, 94, 11, 219,
+      224, 50, 58, 10, 73, 6, 36, 92, 194, 211, 172, 98, 145, 149, 228, 121,
+      231, 200, 55, 109, 141, 213, 78, 169, 108, 86, 244, 234, 101, 122, 174, 8,
+      186, 120, 37, 46, 28, 166, 180, 198, 232, 221, 116, 31, 75, 189, 139, 138,
+      112, 62, 181, 102, 72, 3, 246, 14, 97, 53, 87, 185, 134, 193, 29, 158,
+      225, 248, 152, 17, 105, 217, 142, 148, 155, 30, 135, 233, 206, 85, 40, 223,
+      140, 161, 137, 13, 191, 230, 66, 104, 65, 153, 45, 15, 176, 84, 187, 22,
+    };
+
+static const PRUint8 __SInv[256] =
+    {
+      82, 9, 106, 213, 48, 54, 165, 56, 191, 64, 163, 158, 129, 243, 215, 251,
+      124, 227, 57, 130, 155, 47, 255, 135, 52, 142, 67, 68, 196, 222, 233, 203,
+      84, 123, 148, 50, 166, 194, 35, 61, 238, 76, 149, 11, 66, 250, 195, 78,
+      8, 46, 161, 102, 40, 217, 36, 178, 118, 91, 162, 73, 109, 139, 209, 37,
+      114, 248, 246, 100, 134, 104, 152, 22, 212, 164, 92, 204, 93, 101, 182, 146,
+      108, 112, 72, 80, 253, 237, 185, 218, 94, 21, 70, 87, 167, 141, 157, 132,
+      144, 216, 171, 0, 140, 188, 211, 10, 247, 228, 88, 5, 184, 179, 69, 6,
+      208, 44, 30, 143, 202, 63, 15, 2, 193, 175, 189, 3, 1, 19, 138, 107,
+      58, 145, 17, 65, 79, 103, 220, 234, 151, 242, 207, 206, 240, 180, 230, 115,
+      150, 172, 116, 34, 231, 173, 53, 133, 226, 249, 55, 232, 28, 117, 223, 110,
+      71, 241, 26, 113, 29, 41, 197, 137, 111, 183, 98, 14, 170, 24, 190, 27,
+      252, 86, 62, 75, 198, 210, 121, 32, 154, 219, 192, 254, 120, 205, 90, 244,
+      31, 221, 168, 51, 136, 7, 199, 49, 177, 18, 16, 89, 39, 128, 236, 95,
+      96, 81, 127, 169, 25, 181, 74, 13, 45, 229, 122, 159, 147, 201, 156, 239,
+      160, 224, 59, 77, 174, 42, 245, 176, 200, 235, 187, 60, 131, 83, 153, 97,
+      23, 43, 4, 126, 186, 119, 214, 38, 225, 105, 20, 99, 85, 33, 12, 125
+    };
+
+/* GF_MULTIPLY
+ *
+ * multiply two bytes represented in GF(2**8), mod (x**4 + 1)
+ */
+PRUint8
+gf_multiply(PRUint8 a, PRUint8 b)
+{
+    PRUint8 res = 0;
+    while (b > 0) {
+        res = (b & 0x01) ? res ^ a : res;
+        a = (a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1);
+        b >>= 1;
+    }
+    return res;
+}
+
+void
+make_T_Table(char *table, const PRUint8 Sx[256], FILE *file,
+             unsigned char m0, unsigned char m1,
+             unsigned char m2, unsigned char m3)
+{
+    PRUint32 Ti;
+    int i;
+    fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
+    fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
+    for (i = 0; i < 256; i++) {
+        Ti = WORD_LE(gf_multiply(Sx[i], m0),
+                     gf_multiply(Sx[i], m1),
+                     gf_multiply(Sx[i], m2),
+                     gf_multiply(Sx[i], m3));
+        if (Ti == 0)
+            fprintf(file, "0x00000000%c%c", (i == 255) ? ' ' : ',',
+                    (i % 6 == 5) ? '\n' : ' ');
+        else
+            fprintf(file, "%#.8x%c%c", Ti, (i == 255) ? ' ' : ',',
+                    (i % 6 == 5) ? '\n' : ' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#else\n");
+    fprintf(file, "static const PRUint32 _T%s[256] = \n{\n", table);
+    for (i = 0; i < 256; i++) {
+        Ti = WORD_BE(gf_multiply(Sx[i], m0),
+                     gf_multiply(Sx[i], m1),
+                     gf_multiply(Sx[i], m2),
+                     gf_multiply(Sx[i], m3));
+        if (Ti == 0)
+            fprintf(file, "0x00000000%c%c", (i == 255) ? ' ' : ',',
+                    (i % 6 == 5) ? '\n' : ' ');
+        else
+            fprintf(file, "%#.8x%c%c", Ti, (i == 255) ? ' ' : ',',
+                    (i % 6 == 5) ? '\n' : ' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#endif\n\n");
+}
+
+void
+make_InvMixCol_Table(int num, FILE *file, PRUint8 m0, PRUint8 m1, PRUint8 m2, PRUint8 m3)
+{
+    PRUint16 i;
+    PRUint8 b0, b1, b2, b3;
+    fprintf(file, "#ifdef IS_LITTLE_ENDIAN\n");
+    fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
+    for (i = 0; i < 256; i++) {
+        b0 = gf_multiply(i, m0);
+        b1 = gf_multiply(i, m1);
+        b2 = gf_multiply(i, m2);
+        b3 = gf_multiply(i, m3);
+        fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b3, b2, b1, b0, (i == 255) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#else\n");
+    fprintf(file, "static const PRUint32 _IMXC%d[256] = \n{\n", num);
+    for (i = 0; i < 256; i++) {
+        b0 = gf_multiply(i, m0);
+        b1 = gf_multiply(i, m1);
+        b2 = gf_multiply(i, m2);
+        b3 = gf_multiply(i, m3);
+        fprintf(file, "0x%.2x%.2x%.2x%.2x%c%c", b0, b1, b2, b3, (i == 255) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
+    }
+    fprintf(file, "\n};\n");
+    fprintf(file, "#endif\n\n");
+}
+
+int
+main()
+{
+    int i, j;
+    PRUint8 cur, last;
+    PRUint32 tmp;
+    FILE *optfile;
+    optfile = fopen("rijndael32.tab", "w");
+    /* output S, if there are no T tables */
+    fprintf(optfile, "#ifndef RIJNDAEL_INCLUDE_TABLES\n");
+    fprintf(optfile, "static const PRUint8 _S[256] = \n{\n");
+    for (i = 0; i < 256; i++) {
+        fprintf(optfile, "%3d%c%c", __S[i], (i == 255) ? ' ' : ',',
+                (i % 16 == 15) ? '\n' : ' ');
+    }
+    fprintf(optfile, "};\n#endif /* not RIJNDAEL_INCLUDE_TABLES */\n\n");
+    /* output S**-1 */
+    fprintf(optfile, "static const PRUint8 _SInv[256] = \n{\n");
+    for (i = 0; i < 256; i++) {
+        fprintf(optfile, "%3d%c%c", __SInv[i], (i == 255) ? ' ' : ',',
+                (i % 16 == 15) ? '\n' : ' ');
+    }
+    fprintf(optfile, "};\n\n");
+    fprintf(optfile, "#ifdef RIJNDAEL_INCLUDE_TABLES\n");
+    /* The 32-bit word tables for optimized implementation */
+    /* T0 = [ S[a] * 02, S[a], S[a], S[a] * 03 ] */
+    make_T_Table("0", __S, optfile, 0x02, 0x01, 0x01, 0x03);
+    /* T1 = [ S[a] * 03, S[a] * 02, S[a], S[a] ] */
+    make_T_Table("1", __S, optfile, 0x03, 0x02, 0x01, 0x01);
+    /* T2 = [ S[a], S[a] * 03, S[a] * 02, S[a] ] */
+    make_T_Table("2", __S, optfile, 0x01, 0x03, 0x02, 0x01);
+    /* T3 = [ S[a], S[a], S[a] * 03, S[a] * 02 ] */
+    make_T_Table("3", __S, optfile, 0x01, 0x01, 0x03, 0x02);
+    /* TInv0 = [ Si[a] * 0E, Si[a] * 09, Si[a] * 0D, Si[a] * 0B ] */
+    make_T_Table("Inv0", __SInv, optfile, 0x0e, 0x09, 0x0d, 0x0b);
+    /* TInv1 = [ Si[a] * 0B, Si[a] * 0E, Si[a] * 09, Si[a] * 0D ] */
+    make_T_Table("Inv1", __SInv, optfile, 0x0b, 0x0e, 0x09, 0x0d);
+    /* TInv2 = [ Si[a] * 0D, Si[a] * 0B, Si[a] * 0E, Si[a] * 09 ] */
+    make_T_Table("Inv2", __SInv, optfile, 0x0d, 0x0b, 0x0e, 0x09);
+    /* TInv3 = [ Si[a] * 09, Si[a] * 0D, Si[a] * 0B, Si[a] * 0E ] */
+    make_T_Table("Inv3", __SInv, optfile, 0x09, 0x0d, 0x0b, 0x0e);
+    /* byte multiply tables for inverse key expansion (mimics InvMixColumn) */
+    make_InvMixCol_Table(0, optfile, 0x0e, 0x09, 0x0d, 0x0b);
+    make_InvMixCol_Table(1, optfile, 0x0b, 0x0E, 0x09, 0x0d);
+    make_InvMixCol_Table(2, optfile, 0x0d, 0x0b, 0x0e, 0x09);
+    make_InvMixCol_Table(3, optfile, 0x09, 0x0d, 0x0b, 0x0e);
+    fprintf(optfile, "#endif /* RIJNDAEL_INCLUDE_TABLES */\n\n");
+    /* round constants for key expansion */
+    fprintf(optfile, "#ifdef IS_LITTLE_ENDIAN\n");
+    fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
+    cur = 0x01;
+    for (i = 0; i < 30; i++) {
+        fprintf(optfile, "%#.8x%c%c", WORD_LE(cur, 0, 0, 0),
+                (i == 29) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
+        last = cur;
+        cur = gf_multiply(last, 0x02);
+    }
+    fprintf(optfile, "};\n");
+    fprintf(optfile, "#else\n");
+    fprintf(optfile, "static const PRUint32 Rcon[30] = {\n");
+    cur = 0x01;
+    for (i = 0; i < 30; i++) {
+        fprintf(optfile, "%#.8x%c%c", WORD_BE(cur, 0, 0, 0),
+                (i == 29) ? ' ' : ',', (i % 6 == 5) ? '\n' : ' ');
+        last = cur;
+        cur = gf_multiply(last, 0x02);
+    }
+    fprintf(optfile, "};\n");
+    fprintf(optfile, "#endif\n\n");
+    fclose(optfile);
+    return 0;
+}
diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c
new file mode 100644
index 0000000..3617afa
--- /dev/null
+++ b/nss/lib/freebl/rsa.c
@@ -0,0 +1,1628 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * RSA key generation, public key op, private key op.
+ */
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "secerr.h"
+
+#include "prclist.h"
+#include "nssilock.h"
+#include "prinit.h"
+#include "blapi.h"
+#include "mpi.h"
+#include "mpprime.h"
+#include "mplogic.h"
+#include "secmpi.h"
+#include "secitem.h"
+#include "blapii.h"
+
+/*
+** Number of times to attempt to generate a prime (p or q) from a random
+** seed (the seed changes for each iteration).
+*/
+#define MAX_PRIME_GEN_ATTEMPTS 10
+/*
+** Number of times to attempt to generate a key.  The primes p and q change
+** for each attempt.
+*/
+#define MAX_KEY_GEN_ATTEMPTS 10
+
+/* Blinding Parameters max cache size  */
+#define RSA_BLINDING_PARAMS_MAX_CACHE_SIZE 20
+
+/* exponent should not be greater than modulus */
+#define BAD_RSA_KEY_SIZE(modLen, expLen)                           \
+    ((expLen) > (modLen) || (modLen) > RSA_MAX_MODULUS_BITS / 8 || \
+     (expLen) > RSA_MAX_EXPONENT_BITS / 8)
+
+struct blindingParamsStr;
+typedef struct blindingParamsStr blindingParams;
+
+struct blindingParamsStr {
+    blindingParams *next;
+    mp_int f, g; /* blinding parameter                 */
+    int counter; /* number of remaining uses of (f, g) */
+};
+
+/*
+** RSABlindingParamsStr
+**
+** For discussion of Paul Kocher's timing attack against an RSA private key
+** operation, see http://www.cryptography.com/timingattack/paper.html.  The
+** countermeasure to this attack, known as blinding, is also discussed in
+** the Handbook of Applied Cryptography, 11.118-11.119.
+*/
+struct RSABlindingParamsStr {
+    /* Blinding-specific parameters */
+    PRCList link;              /* link to list of structs            */
+    SECItem modulus;           /* list element "key"                 */
+    blindingParams *free, *bp; /* Blinding parameters queue          */
+    blindingParams array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE];
+};
+typedef struct RSABlindingParamsStr RSABlindingParams;
+
+/*
+** RSABlindingParamsListStr
+**
+** List of key-specific blinding params.  The arena holds the volatile pool
+** of memory for each entry and the list itself.  The lock is for list
+** operations, in this case insertions and iterations, as well as control
+** of the counter for each set of blinding parameters.
+*/
+struct RSABlindingParamsListStr {
+    PZLock *lock;    /* Lock for the list   */
+    PRCondVar *cVar; /* Condidtion Variable */
+    int waitCount;   /* Number of threads waiting on cVar */
+    PRCList head;    /* Pointer to the list */
+};
+
+/*
+** The master blinding params list.
+*/
+static struct RSABlindingParamsListStr blindingParamsList = { 0 };
+
+/* Number of times to reuse (f, g).  Suggested by Paul Kocher */
+#define RSA_BLINDING_PARAMS_MAX_REUSE 50
+
+/* Global, allows optional use of blinding.  On by default. */
+/* Cannot be changed at the moment, due to thread-safety issues. */
+static PRBool nssRSAUseBlinding = PR_TRUE;
+
+static SECStatus
+rsa_build_from_primes(const mp_int *p, const mp_int *q,
+                      mp_int *e, PRBool needPublicExponent,
+                      mp_int *d, PRBool needPrivateExponent,
+                      RSAPrivateKey *key, unsigned int keySizeInBits)
+{
+    mp_int n, phi;
+    mp_int psub1, qsub1, tmp;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&phi) = 0;
+    MP_DIGITS(&psub1) = 0;
+    MP_DIGITS(&qsub1) = 0;
+    MP_DIGITS(&tmp) = 0;
+    CHECK_MPI_OK(mp_init(&n));
+    CHECK_MPI_OK(mp_init(&phi));
+    CHECK_MPI_OK(mp_init(&psub1));
+    CHECK_MPI_OK(mp_init(&qsub1));
+    CHECK_MPI_OK(mp_init(&tmp));
+    /* p and q must be distinct. */
+    if (mp_cmp(p, q) == 0) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    /* 1.  Compute n = p*q */
+    CHECK_MPI_OK(mp_mul(p, q, &n));
+    /*     verify that the modulus has the desired number of bits */
+    if ((unsigned)mpl_significant_bits(&n) != keySizeInBits) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        rv = SECFailure;
+        goto cleanup;
+    }
+
+    /* at least one exponent must be given */
+    PORT_Assert(!(needPublicExponent && needPrivateExponent));
+
+    /* 2.  Compute phi = (p-1)*(q-1) */
+    CHECK_MPI_OK(mp_sub_d(p, 1, &psub1));
+    CHECK_MPI_OK(mp_sub_d(q, 1, &qsub1));
+    if (needPublicExponent || needPrivateExponent) {
+        CHECK_MPI_OK(mp_lcm(&psub1, &qsub1, &phi));
+        /* 3.  Compute d = e**-1 mod(phi) */
+        /*     or      e = d**-1 mod(phi) as necessary */
+        if (needPublicExponent) {
+            err = mp_invmod(d, &phi, e);
+        } else {
+            err = mp_invmod(e, &phi, d);
+        }
+    } else {
+        err = MP_OKAY;
+    }
+    /*     Verify that phi(n) and e have no common divisors */
+    if (err != MP_OKAY) {
+        if (err == MP_UNDEF) {
+            PORT_SetError(SEC_ERROR_NEED_RANDOM);
+            err = MP_OKAY; /* to keep PORT_SetError from being called again */
+            rv = SECFailure;
+        }
+        goto cleanup;
+    }
+
+    /* 4.  Compute exponent1 = d mod (p-1) */
+    CHECK_MPI_OK(mp_mod(d, &psub1, &tmp));
+    MPINT_TO_SECITEM(&tmp, &key->exponent1, key->arena);
+    /* 5.  Compute exponent2 = d mod (q-1) */
+    CHECK_MPI_OK(mp_mod(d, &qsub1, &tmp));
+    MPINT_TO_SECITEM(&tmp, &key->exponent2, key->arena);
+    /* 6.  Compute coefficient = q**-1 mod p */
+    CHECK_MPI_OK(mp_invmod(q, p, &tmp));
+    MPINT_TO_SECITEM(&tmp, &key->coefficient, key->arena);
+
+    /* copy our calculated results, overwrite what is there */
+    key->modulus.data = NULL;
+    MPINT_TO_SECITEM(&n, &key->modulus, key->arena);
+    key->privateExponent.data = NULL;
+    MPINT_TO_SECITEM(d, &key->privateExponent, key->arena);
+    key->publicExponent.data = NULL;
+    MPINT_TO_SECITEM(e, &key->publicExponent, key->arena);
+    key->prime1.data = NULL;
+    MPINT_TO_SECITEM(p, &key->prime1, key->arena);
+    key->prime2.data = NULL;
+    MPINT_TO_SECITEM(q, &key->prime2, key->arena);
+cleanup:
+    mp_clear(&n);
+    mp_clear(&phi);
+    mp_clear(&psub1);
+    mp_clear(&qsub1);
+    mp_clear(&tmp);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+static SECStatus
+generate_prime(mp_int *prime, int primeLen)
+{
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    unsigned long counter = 0;
+    int piter;
+    unsigned char *pb = NULL;
+    pb = PORT_Alloc(primeLen);
+    if (!pb) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto cleanup;
+    }
+    for (piter = 0; piter < MAX_PRIME_GEN_ATTEMPTS; piter++) {
+        CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(pb, primeLen));
+        pb[0] |= 0xC0;            /* set two high-order bits */
+        pb[primeLen - 1] |= 0x01; /* set low-order bit       */
+        CHECK_MPI_OK(mp_read_unsigned_octets(prime, pb, primeLen));
+        err = mpp_make_prime(prime, primeLen * 8, PR_FALSE, &counter);
+        if (err != MP_NO)
+            goto cleanup;
+        /* keep going while err == MP_NO */
+    }
+cleanup:
+    if (pb)
+        PORT_ZFree(pb, primeLen);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+ *  make sure the key components meet fips186 requirements.
+ */
+static PRBool
+rsa_fips186_verify(mp_int *p, mp_int *q, mp_int *d, int keySizeInBits)
+{
+    mp_int pq_diff;
+    mp_err err = MP_OKAY;
+    PRBool ret = PR_FALSE;
+
+    if (keySizeInBits < 250) {
+        /* not a valid FIPS length, no point in our other tests */
+        /* if you are here, and in FIPS mode, you are outside the security
+         * policy */
+        return PR_TRUE;
+    }
+
+    /* p & q are already known to be greater then sqrt(2)*2^(keySize/2-1) */
+    /* we also know that gcd(p-1,e) = 1 and gcd(q-1,e) = 1 because the
+     * mp_invmod() function will fail. */
+    /* now check p-q > 2^(keysize/2-100) */
+    MP_DIGITS(&pq_diff) = 0;
+    CHECK_MPI_OK(mp_init(&pq_diff));
+    /* NSS always has p > q, so we know pq_diff is positive */
+    CHECK_MPI_OK(mp_sub(p, q, &pq_diff));
+    if ((unsigned)mpl_significant_bits(&pq_diff) < (keySizeInBits / 2 - 100)) {
+        goto cleanup;
+    }
+    /* now verify d is large enough*/
+    if ((unsigned)mpl_significant_bits(d) < (keySizeInBits / 2)) {
+        goto cleanup;
+    }
+    ret = PR_TRUE;
+
+cleanup:
+    mp_clear(&pq_diff);
+    return ret;
+}
+
+/*
+** Generate and return a new RSA public and private key.
+**  Both keys are encoded in a single RSAPrivateKey structure.
+**  "cx" is the random number generator context
+**  "keySizeInBits" is the size of the key to be generated, in bits.
+**     512, 1024, etc.
+**  "publicExponent" when not NULL is a pointer to some data that
+**     represents the public exponent to use. The data is a byte
+**     encoded integer, in "big endian" order.
+*/
+RSAPrivateKey *
+RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
+{
+    unsigned int primeLen;
+    mp_int p, q, e, d;
+    int kiter;
+    int max_attempts;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    int prerr = 0;
+    RSAPrivateKey *key = NULL;
+    PLArenaPool *arena = NULL;
+    /* Require key size to be a multiple of 16 bits. */
+    if (!publicExponent || keySizeInBits % 16 != 0 ||
+        BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits / 8, publicExponent->len)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    /* 1. Allocate arena & key */
+    arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    key = PORT_ArenaZNew(arena, RSAPrivateKey);
+    if (!key) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_FreeArena(arena, PR_TRUE);
+        return NULL;
+    }
+    key->arena = arena;
+    /* length of primes p and q (in bytes) */
+    primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&d) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&e));
+    CHECK_MPI_OK(mp_init(&d));
+    /* 2.  Set the version number (PKCS1 v1.5 says it should be zero) */
+    SECITEM_AllocItem(arena, &key->version, 1);
+    key->version.data[0] = 0;
+    /* 3.  Set the public exponent */
+    SECITEM_TO_MPINT(*publicExponent, &e);
+    kiter = 0;
+    max_attempts = 5 * (keySizeInBits / 2); /* FIPS 186-4 B.3.3 steps 4.7 and 5.8 */
+    do {
+        prerr = 0;
+        PORT_SetError(0);
+        CHECK_SEC_OK(generate_prime(&p, primeLen));
+        CHECK_SEC_OK(generate_prime(&q, primeLen));
+        /* Assure p > q */
+        /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
+         * implementation optimization that requires p > q. We can remove
+         * this code in the future.
+         */
+        if (mp_cmp(&p, &q) < 0)
+            mp_exch(&p, &q);
+        /* Attempt to use these primes to generate a key */
+        rv = rsa_build_from_primes(&p, &q,
+                                   &e, PR_FALSE, /* needPublicExponent=false */
+                                   &d, PR_TRUE,  /* needPrivateExponent=true */
+                                   key, keySizeInBits);
+        if (rv == SECSuccess) {
+            if (rsa_fips186_verify(&p, &q, &d, keySizeInBits)) {
+                break;
+            }
+            prerr = SEC_ERROR_NEED_RANDOM; /* retry with different values */
+        } else {
+            prerr = PORT_GetError();
+        }
+        kiter++;
+        /* loop until have primes */
+    } while (prerr == SEC_ERROR_NEED_RANDOM && kiter < max_attempts);
+    if (prerr)
+        goto cleanup;
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&e);
+    mp_clear(&d);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv && arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+        key = NULL;
+    }
+    return key;
+}
+
+mp_err
+rsa_is_prime(mp_int *p)
+{
+    int res;
+
+    /* run a Fermat test */
+    res = mpp_fermat(p, 2);
+    if (res != MP_OKAY) {
+        return res;
+    }
+
+    /* If that passed, run some Miller-Rabin tests */
+    res = mpp_pprime(p, 2);
+    return res;
+}
+
+/*
+ * Factorize a RSA modulus n into p and q by using the exponents e and d.
+ *
+ * In: e, d, n
+ * Out: p, q
+ *
+ * See Handbook of Applied Cryptography, 8.2.2(i).
+ *
+ * The algorithm is probabilistic, it is run 64 times and each run has a 50%
+ * chance of succeeding with a runtime of O(log(e*d)).
+ *
+ * The returned p might be smaller than q.
+ */
+static mp_err
+rsa_factorize_n_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
+                               mp_int *n)
+{
+    /* lambda is the private modulus: e*d = 1 mod lambda */
+    /* so: e*d - 1 = k*lambda = t*2^s where t is odd */
+    mp_int klambda;
+    mp_int t, onetwentyeight;
+    unsigned long s = 0;
+    unsigned long i;
+
+    /* cand = a^(t * 2^i) mod n, next_cand = a^(t * 2^(i+1)) mod n */
+    mp_int a;
+    mp_int cand;
+    mp_int next_cand;
+
+    mp_int n_minus_one;
+    mp_err err = MP_OKAY;
+
+    MP_DIGITS(&klambda) = 0;
+    MP_DIGITS(&t) = 0;
+    MP_DIGITS(&a) = 0;
+    MP_DIGITS(&cand) = 0;
+    MP_DIGITS(&n_minus_one) = 0;
+    MP_DIGITS(&next_cand) = 0;
+    MP_DIGITS(&onetwentyeight) = 0;
+    CHECK_MPI_OK(mp_init(&klambda));
+    CHECK_MPI_OK(mp_init(&t));
+    CHECK_MPI_OK(mp_init(&a));
+    CHECK_MPI_OK(mp_init(&cand));
+    CHECK_MPI_OK(mp_init(&n_minus_one));
+    CHECK_MPI_OK(mp_init(&next_cand));
+    CHECK_MPI_OK(mp_init(&onetwentyeight));
+
+    mp_set_int(&onetwentyeight, 128);
+
+    /* calculate k*lambda = e*d - 1 */
+    CHECK_MPI_OK(mp_mul(e, d, &klambda));
+    CHECK_MPI_OK(mp_sub_d(&klambda, 1, &klambda));
+
+    /* factorize klambda into t*2^s */
+    CHECK_MPI_OK(mp_copy(&klambda, &t));
+    while (mpp_divis_d(&t, 2) == MP_YES) {
+        CHECK_MPI_OK(mp_div_2(&t, &t));
+        s += 1;
+    }
+
+    /* precompute n_minus_one = n - 1 */
+    CHECK_MPI_OK(mp_copy(n, &n_minus_one));
+    CHECK_MPI_OK(mp_sub_d(&n_minus_one, 1, &n_minus_one));
+
+    /* pick random bases a, each one has a 50% leading to a factorization */
+    CHECK_MPI_OK(mp_set_int(&a, 2));
+    /* The following is equivalent to for (a=2, a <= 128, a+=2) */
+    while (mp_cmp(&a, &onetwentyeight) <= 0) {
+        /* compute the base cand = a^(t * 2^0) [i = 0] */
+        CHECK_MPI_OK(mp_exptmod(&a, &t, n, &cand));
+
+        for (i = 0; i < s; i++) {
+            /* condition 1: skip the base if we hit a trivial factor of n */
+            if (mp_cmp(&cand, &n_minus_one) == 0 || mp_cmp_d(&cand, 1) == 0) {
+                break;
+            }
+
+            /* increase i in a^(t * 2^i) by squaring the number */
+            CHECK_MPI_OK(mp_exptmod_d(&cand, 2, n, &next_cand));
+
+            /* condition 2: a^(t * 2^(i+1)) = 1 mod n */
+            if (mp_cmp_d(&next_cand, 1) == 0) {
+                /* conditions verified, gcd(a^(t * 2^i) - 1, n) is a factor */
+                CHECK_MPI_OK(mp_sub_d(&cand, 1, &cand));
+                CHECK_MPI_OK(mp_gcd(&cand, n, p));
+                if (mp_cmp_d(p, 1) == 0) {
+                    CHECK_MPI_OK(mp_add_d(&cand, 1, &cand));
+                    break;
+                }
+                CHECK_MPI_OK(mp_div(n, p, q, NULL));
+                goto cleanup;
+            }
+            CHECK_MPI_OK(mp_copy(&next_cand, &cand));
+        }
+
+        CHECK_MPI_OK(mp_add_d(&a, 2, &a));
+    }
+
+    /* if we reach here it's likely (2^64 - 1 / 2^64) that d is wrong */
+    err = MP_RANGE;
+
+cleanup:
+    mp_clear(&klambda);
+    mp_clear(&t);
+    mp_clear(&a);
+    mp_clear(&cand);
+    mp_clear(&n_minus_one);
+    mp_clear(&next_cand);
+    mp_clear(&onetwentyeight);
+    return err;
+}
+
+/*
+ * Try to find the two primes based on 2 exponents plus a prime.
+ *
+ * In: e, d and p.
+ * Out: p,q.
+ *
+ * Step 1, Since d = e**-1 mod phi, we know that d*e == 1 mod phi, or
+ *  d*e = 1+k*phi, or d*e-1 = k*phi. since d is less than phi and e is
+ *  usually less than d, then k must be an integer between e-1 and 1
+ *  (probably on the order of e).
+ * Step 1a, We can divide k*phi by prime-1 and get k*(q-1). This will reduce
+ *      the size of our division through the rest of the loop.
+ * Step 2, Loop through the values k=e-1 to 1 looking for k. k should be on
+ *  the order or e, and e is typically small. This may take a while for
+ *  a large random e. We are looking for a k that divides kphi
+ *  evenly. Once we find a k that divides kphi evenly, we assume it
+ *  is the true k. It's possible this k is not the 'true' k but has
+ *  swapped factors of p-1 and/or q-1. Because of this, we
+ *  tentatively continue Steps 3-6 inside this loop, and may return looking
+ *  for another k on failure.
+ * Step 3, Calculate our tentative phi=kphi/k. Note: real phi is (p-1)*(q-1).
+ * Step 4a, kphi is k*(q-1), so phi is our tenative q-1. q = phi+1.
+ *      If k is correct, q should be the right length and prime.
+ * Step 4b, It's possible q-1 and k could have swapped factors. We now have a
+ *  possible solution that meets our criteria. It may not be the only
+ *      solution, however, so we keep looking. If we find more than one,
+ *      we will fail since we cannot determine which is the correct
+ *      solution, and returning the wrong modulus will compromise both
+ *      moduli. If no other solution is found, we return the unique solution.
+ *
+ * This will return p & q. q may be larger than p in the case that p was given
+ * and it was the smaller prime.
+ */
+static mp_err
+rsa_get_prime_from_exponents(mp_int *e, mp_int *d, mp_int *p, mp_int *q,
+                             mp_int *n, unsigned int keySizeInBits)
+{
+    mp_int kphi; /* k*phi */
+    mp_int k;    /* current guess at 'k' */
+    mp_int phi;  /* (p-1)(q-1) */
+    mp_int r;    /* remainder */
+    mp_int tmp;  /* p-1 if p is given */
+    mp_err err = MP_OKAY;
+    unsigned int order_k;
+
+    MP_DIGITS(&kphi) = 0;
+    MP_DIGITS(&phi) = 0;
+    MP_DIGITS(&k) = 0;
+    MP_DIGITS(&r) = 0;
+    MP_DIGITS(&tmp) = 0;
+    CHECK_MPI_OK(mp_init(&kphi));
+    CHECK_MPI_OK(mp_init(&phi));
+    CHECK_MPI_OK(mp_init(&k));
+    CHECK_MPI_OK(mp_init(&r));
+    CHECK_MPI_OK(mp_init(&tmp));
+
+    /* our algorithm looks for a factor k whose maximum size is dependent
+     * on the size of our smallest exponent, which had better be the public
+     * exponent (if it's the private, the key is vulnerable to a brute force
+     * attack).
+     *
+     * since our factor search is linear, we need to limit the maximum
+     * size of the public key. this should not be a problem normally, since
+     * public keys are usually small.
+     *
+     * if we want to handle larger public key sizes, we should have
+     * a version which tries to 'completely' factor k*phi (where completely
+     * means 'factor into primes, or composites with which are products of
+     * large primes). Once we have all the factors, we can sort them out and
+     * try different combinations to form our phi. The risk is if (p-1)/2,
+     * (q-1)/2, and k are all large primes. In any case if the public key
+     * is small (order of 20 some bits), then a linear search for k is
+     * manageable.
+     */
+    if (mpl_significant_bits(e) > 23) {
+        err = MP_RANGE;
+        goto cleanup;
+    }
+
+    /* calculate k*phi = e*d - 1 */
+    CHECK_MPI_OK(mp_mul(e, d, &kphi));
+    CHECK_MPI_OK(mp_sub_d(&kphi, 1, &kphi));
+
+    /* kphi is (e*d)-1, which is the same as k*(p-1)(q-1)
+     * d < (p-1)(q-1), therefor k must be less than e-1
+     * We can narrow down k even more, though. Since p and q are odd and both
+     * have their high bit set, then we know that phi must be on order of
+     * keySizeBits.
+     */
+    order_k = (unsigned)mpl_significant_bits(&kphi) - keySizeInBits;
+
+    /* for (k=kinit; order(k) >= order_k; k--) { */
+    /* k=kinit: k can't be bigger than  kphi/2^(keySizeInBits -1) */
+    CHECK_MPI_OK(mp_2expt(&k, keySizeInBits - 1));
+    CHECK_MPI_OK(mp_div(&kphi, &k, &k, NULL));
+    if (mp_cmp(&k, e) >= 0) {
+        /* also can't be bigger then e-1 */
+        CHECK_MPI_OK(mp_sub_d(e, 1, &k));
+    }
+
+    /* calculate our temp value */
+    /* This saves recalculating this value when the k guess is wrong, which
+     * is reasonably frequent. */
+    /* tmp = p-1 (used to calculate q-1= phi/tmp) */
+    CHECK_MPI_OK(mp_sub_d(p, 1, &tmp));
+    CHECK_MPI_OK(mp_div(&kphi, &tmp, &kphi, &r));
+    if (mp_cmp_z(&r) != 0) {
+        /* p-1 doesn't divide kphi, some parameter wasn't correct */
+        err = MP_RANGE;
+        goto cleanup;
+    }
+    mp_zero(q);
+    /* kphi is now k*(q-1) */
+
+    /* rest of the for loop */
+    for (; (err == MP_OKAY) && (mpl_significant_bits(&k) >= order_k);
+         err = mp_sub_d(&k, 1, &k)) {
+        CHECK_MPI_OK(err);
+        /* looking for k as a factor of kphi */
+        CHECK_MPI_OK(mp_div(&kphi, &k, &phi, &r));
+        if (mp_cmp_z(&r) != 0) {
+            /* not a factor, try the next one */
+            continue;
+        }
+        /* we have a possible phi, see if it works */
+        if ((unsigned)mpl_significant_bits(&phi) != keySizeInBits / 2) {
+            /* phi is not the right size */
+            continue;
+        }
+        /* phi should be divisible by 2, since
+         * q is odd and phi=(q-1). */
+        if (mpp_divis_d(&phi, 2) == MP_NO) {
+            /* phi is not divisible by 4 */
+            continue;
+        }
+        /* we now have a candidate for the second prime */
+        CHECK_MPI_OK(mp_add_d(&phi, 1, &tmp));
+
+        /* check to make sure it is prime */
+        err = rsa_is_prime(&tmp);
+        if (err != MP_OKAY) {
+            if (err == MP_NO) {
+                /* No, then we still have the wrong phi */
+                continue;
+            }
+            goto cleanup;
+        }
+        /*
+         * It is possible that we have the wrong phi if
+         * k_guess*(q_guess-1) = k*(q-1) (k and q-1 have swapped factors).
+         * since our q_quess is prime, however. We have found a valid
+         * rsa key because:
+         *   q is the correct order of magnitude.
+         *   phi = (p-1)(q-1) where p and q are both primes.
+         *   e*d mod phi = 1.
+         * There is no way to know from the info given if this is the
+         * original key. We never want to return the wrong key because if
+         * two moduli with the same factor is known, then euclid's gcd
+         * algorithm can be used to find that factor. Even though the
+         * caller didn't pass the original modulus, it doesn't mean the
+         * modulus wasn't known or isn't available somewhere. So to be safe
+         * if we can't be sure we have the right q, we don't return any.
+         *
+         * So to make sure we continue looking for other valid q's. If none
+         * are found, then we can safely return this one, otherwise we just
+         * fail */
+        if (mp_cmp_z(q) != 0) {
+            /* this is the second valid q, don't return either,
+             * just fail */
+            err = MP_RANGE;
+            break;
+        }
+        /* we only have one q so far, save it and if no others are found,
+         * it's safe to return it */
+        CHECK_MPI_OK(mp_copy(&tmp, q));
+        continue;
+    }
+    if ((unsigned)mpl_significant_bits(&k) < order_k) {
+        if (mp_cmp_z(q) == 0) {
+            /* If we get here, something was wrong with the parameters we
+             * were given */
+            err = MP_RANGE;
+        }
+    }
+cleanup:
+    mp_clear(&kphi);
+    mp_clear(&phi);
+    mp_clear(&k);
+    mp_clear(&r);
+    mp_clear(&tmp);
+    return err;
+}
+
+/*
+ * take a private key with only a few elements and fill out the missing pieces.
+ *
+ * All the entries will be overwritten with data allocated out of the arena
+ * If no arena is supplied, one will be created.
+ *
+ * The following fields must be supplied in order for this function
+ * to succeed:
+ *   one of either publicExponent or privateExponent
+ *   two more of the following 5 parameters.
+ *      modulus (n)
+ *      prime1  (p)
+ *      prime2  (q)
+ *      publicExponent (e)
+ *      privateExponent (d)
+ *
+ * NOTE: if only the publicExponent, privateExponent, and one prime is given,
+ * then there may be more than one RSA key that matches that combination.
+ *
+ * All parameters will be replaced in the key structure with new parameters
+ * Allocated out of the arena. There is no attempt to free the old structures.
+ * Prime1 will always be greater than prime2 (even if the caller supplies the
+ * smaller prime as prime1 or the larger prime as prime2). The parameters are
+ * not overwritten on failure.
+ *
+ *  How it works:
+ *     We can generate all the parameters from one of the exponents, plus the
+ *        two primes. (rsa_build_key_from_primes)
+ *     If we are given one of the exponents and both primes, we are done.
+ *     If we are given one of the exponents, the modulus and one prime, we
+ *        caclulate the second prime by dividing the modulus by the given
+ *        prime, giving us an exponent and 2 primes.
+ *     If we are given 2 exponents and one of the primes we calculate
+ *        k*phi = d*e-1, where k is an integer less than d which
+ *        divides d*e-1. We find factor k so we can isolate phi.
+ *            phi = (p-1)(q-1)
+ *        We can use phi to find the other prime as follows:
+ *        q = (phi/(p-1)) + 1. We now have 2 primes and an exponent.
+ *        (NOTE: if more then one prime meets this condition, the operation
+ *        will fail. See comments elsewhere in this file about this).
+ *        (rsa_get_prime_from_exponents)
+ *     If we are given 2 exponents and the modulus we factor the modulus to
+ *        get the 2 missing primes (rsa_factorize_n_from_exponents)
+ *
+ */
+SECStatus
+RSA_PopulatePrivateKey(RSAPrivateKey *key)
+{
+    PLArenaPool *arena = NULL;
+    PRBool needPublicExponent = PR_TRUE;
+    PRBool needPrivateExponent = PR_TRUE;
+    PRBool hasModulus = PR_FALSE;
+    unsigned int keySizeInBits = 0;
+    int prime_count = 0;
+    /* standard RSA nominclature */
+    mp_int p, q, e, d, n;
+    /* remainder */
+    mp_int r;
+    mp_err err = 0;
+    SECStatus rv = SECFailure;
+
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&d) = 0;
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&r) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&e));
+    CHECK_MPI_OK(mp_init(&d));
+    CHECK_MPI_OK(mp_init(&n));
+    CHECK_MPI_OK(mp_init(&r));
+
+    /* if the key didn't already have an arena, create one. */
+    if (key->arena == NULL) {
+        arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            goto cleanup;
+        }
+        key->arena = arena;
+    }
+
+    /* load up the known exponents */
+    if (key->publicExponent.data) {
+        SECITEM_TO_MPINT(key->publicExponent, &e);
+        needPublicExponent = PR_FALSE;
+    }
+    if (key->privateExponent.data) {
+        SECITEM_TO_MPINT(key->privateExponent, &d);
+        needPrivateExponent = PR_FALSE;
+    }
+    if (needPrivateExponent && needPublicExponent) {
+        /* Not enough information, we need at least one exponent */
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
+    /* load up the known primes. If only one prime is given, it will be
+     * assigned 'p'. Once we have both primes, well make sure p is the larger.
+     * The value prime_count tells us howe many we have acquired.
+     */
+    if (key->prime1.data) {
+        int primeLen = key->prime1.len;
+        if (key->prime1.data[0] == 0) {
+            primeLen--;
+        }
+        keySizeInBits = primeLen * 2 * PR_BITS_PER_BYTE;
+        SECITEM_TO_MPINT(key->prime1, &p);
+        prime_count++;
+    }
+    if (key->prime2.data) {
+        int primeLen = key->prime2.len;
+        if (key->prime2.data[0] == 0) {
+            primeLen--;
+        }
+        keySizeInBits = primeLen * 2 * PR_BITS_PER_BYTE;
+        SECITEM_TO_MPINT(key->prime2, prime_count ? &q : &p);
+        prime_count++;
+    }
+    /* load up the modulus */
+    if (key->modulus.data) {
+        int modLen = key->modulus.len;
+        if (key->modulus.data[0] == 0) {
+            modLen--;
+        }
+        keySizeInBits = modLen * PR_BITS_PER_BYTE;
+        SECITEM_TO_MPINT(key->modulus, &n);
+        hasModulus = PR_TRUE;
+    }
+    /* if we have the modulus and one prime, calculate the second. */
+    if ((prime_count == 1) && (hasModulus)) {
+        if (mp_div(&n, &p, &q, &r) != MP_OKAY || mp_cmp_z(&r) != 0) {
+            /* p is not a factor or n, fail */
+            err = MP_BADARG;
+            goto cleanup;
+        }
+        prime_count++;
+    }
+
+    /* If we didn't have enough primes try to calculate the primes from
+     * the exponents */
+    if (prime_count < 2) {
+        /* if we don't have at least 2 primes at this point, then we need both
+         * exponents and one prime or a modulus*/
+        if (!needPublicExponent && !needPrivateExponent &&
+            (prime_count > 0)) {
+            CHECK_MPI_OK(rsa_get_prime_from_exponents(&e, &d, &p, &q, &n,
+                                                      keySizeInBits));
+        } else if (!needPublicExponent && !needPrivateExponent && hasModulus) {
+            CHECK_MPI_OK(rsa_factorize_n_from_exponents(&e, &d, &p, &q, &n));
+        } else {
+            /* not enough given parameters to get both primes */
+            err = MP_BADARG;
+            goto cleanup;
+        }
+    }
+
+    /* Assure p > q */
+    /* NOTE: PKCS #1 does not require p > q, and NSS doesn't use any
+      * implementation optimization that requires p > q. We can remove
+      * this code in the future.
+      */
+    if (mp_cmp(&p, &q) < 0)
+        mp_exch(&p, &q);
+
+    /* we now have our 2 primes and at least one exponent, we can fill
+      * in the key */
+    rv = rsa_build_from_primes(&p, &q,
+                               &e, needPublicExponent,
+                               &d, needPrivateExponent,
+                               key, keySizeInBits);
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&e);
+    mp_clear(&d);
+    mp_clear(&n);
+    mp_clear(&r);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    if (rv && arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+        key->arena = NULL;
+    }
+    return rv;
+}
+
+static unsigned int
+rsa_modulusLen(SECItem *modulus)
+{
+    unsigned char byteZero = modulus->data[0];
+    unsigned int modLen = modulus->len - !byteZero;
+    return modLen;
+}
+
+/*
+** Perform a raw public-key operation
+**  Length of input and output buffers are equal to key's modulus len.
+*/
+SECStatus
+RSA_PublicKeyOp(RSAPublicKey *key,
+                unsigned char *output,
+                const unsigned char *input)
+{
+    unsigned int modLen, expLen, offset;
+    mp_int n, e, m, c;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    if (!key || !output || !input) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&m) = 0;
+    MP_DIGITS(&c) = 0;
+    CHECK_MPI_OK(mp_init(&n));
+    CHECK_MPI_OK(mp_init(&e));
+    CHECK_MPI_OK(mp_init(&m));
+    CHECK_MPI_OK(mp_init(&c));
+    modLen = rsa_modulusLen(&key->modulus);
+    expLen = rsa_modulusLen(&key->publicExponent);
+    /* 1.  Obtain public key (n, e) */
+    if (BAD_RSA_KEY_SIZE(modLen, expLen)) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    SECITEM_TO_MPINT(key->modulus, &n);
+    SECITEM_TO_MPINT(key->publicExponent, &e);
+    if (e.used > n.used) {
+        /* exponent should not be greater than modulus */
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    /* 2. check input out of range (needs to be in range [0..n-1]) */
+    offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */
+    if (memcmp(input, key->modulus.data + offset, modLen) >= 0) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        rv = SECFailure;
+        goto cleanup;
+    }
+    /* 2 bis.  Represent message as integer in range [0..n-1] */
+    CHECK_MPI_OK(mp_read_unsigned_octets(&m, input, modLen));
+/* 3.  Compute c = m**e mod n */
+#ifdef USE_MPI_EXPT_D
+    /* XXX see which is faster */
+    if (MP_USED(&e) == 1) {
+        CHECK_MPI_OK(mp_exptmod_d(&m, MP_DIGIT(&e, 0), &n, &c));
+    } else
+#endif
+        CHECK_MPI_OK(mp_exptmod(&m, &e, &n, &c));
+    /* 4.  result c is ciphertext */
+    err = mp_to_fixlen_octets(&c, output, modLen);
+    if (err >= 0)
+        err = MP_OKAY;
+cleanup:
+    mp_clear(&n);
+    mp_clear(&e);
+    mp_clear(&m);
+    mp_clear(&c);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+**  RSA Private key operation (no CRT).
+*/
+static SECStatus
+rsa_PrivateKeyOpNoCRT(RSAPrivateKey *key, mp_int *m, mp_int *c, mp_int *n,
+                      unsigned int modLen)
+{
+    mp_int d;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&d) = 0;
+    CHECK_MPI_OK(mp_init(&d));
+    SECITEM_TO_MPINT(key->privateExponent, &d);
+    /* 1. m = c**d mod n */
+    CHECK_MPI_OK(mp_exptmod(c, &d, n, m));
+cleanup:
+    mp_clear(&d);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+**  RSA Private key operation using CRT.
+*/
+static SECStatus
+rsa_PrivateKeyOpCRTNoCheck(RSAPrivateKey *key, mp_int *m, mp_int *c)
+{
+    mp_int p, q, d_p, d_q, qInv;
+    mp_int m1, m2, h, ctmp;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&d_p) = 0;
+    MP_DIGITS(&d_q) = 0;
+    MP_DIGITS(&qInv) = 0;
+    MP_DIGITS(&m1) = 0;
+    MP_DIGITS(&m2) = 0;
+    MP_DIGITS(&h) = 0;
+    MP_DIGITS(&ctmp) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&d_p));
+    CHECK_MPI_OK(mp_init(&d_q));
+    CHECK_MPI_OK(mp_init(&qInv));
+    CHECK_MPI_OK(mp_init(&m1));
+    CHECK_MPI_OK(mp_init(&m2));
+    CHECK_MPI_OK(mp_init(&h));
+    CHECK_MPI_OK(mp_init(&ctmp));
+    /* copy private key parameters into mp integers */
+    SECITEM_TO_MPINT(key->prime1, &p);         /* p */
+    SECITEM_TO_MPINT(key->prime2, &q);         /* q */
+    SECITEM_TO_MPINT(key->exponent1, &d_p);    /* d_p  = d mod (p-1) */
+    SECITEM_TO_MPINT(key->exponent2, &d_q);    /* d_q  = d mod (q-1) */
+    SECITEM_TO_MPINT(key->coefficient, &qInv); /* qInv = q**-1 mod p */
+    /* 1. m1 = c**d_p mod p */
+    CHECK_MPI_OK(mp_mod(c, &p, &ctmp));
+    CHECK_MPI_OK(mp_exptmod(&ctmp, &d_p, &p, &m1));
+    /* 2. m2 = c**d_q mod q */
+    CHECK_MPI_OK(mp_mod(c, &q, &ctmp));
+    CHECK_MPI_OK(mp_exptmod(&ctmp, &d_q, &q, &m2));
+    /* 3.  h = (m1 - m2) * qInv mod p */
+    CHECK_MPI_OK(mp_submod(&m1, &m2, &p, &h));
+    CHECK_MPI_OK(mp_mulmod(&h, &qInv, &p, &h));
+    /* 4.  m = m2 + h * q */
+    CHECK_MPI_OK(mp_mul(&h, &q, m));
+    CHECK_MPI_OK(mp_add(m, &m2, m));
+cleanup:
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&d_p);
+    mp_clear(&d_q);
+    mp_clear(&qInv);
+    mp_clear(&m1);
+    mp_clear(&m2);
+    mp_clear(&h);
+    mp_clear(&ctmp);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/*
+** An attack against RSA CRT was described by Boneh, DeMillo, and Lipton in:
+** "On the Importance of Eliminating Errors in Cryptographic Computations",
+** http://theory.stanford.edu/~dabo/papers/faults.ps.gz
+**
+** As a defense against the attack, carry out the private key operation,
+** followed up with a public key operation to invert the result.
+** Verify that result against the input.
+*/
+static SECStatus
+rsa_PrivateKeyOpCRTCheckedPubKey(RSAPrivateKey *key, mp_int *m, mp_int *c)
+{
+    mp_int n, e, v;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&v) = 0;
+    CHECK_MPI_OK(mp_init(&n));
+    CHECK_MPI_OK(mp_init(&e));
+    CHECK_MPI_OK(mp_init(&v));
+    CHECK_SEC_OK(rsa_PrivateKeyOpCRTNoCheck(key, m, c));
+    SECITEM_TO_MPINT(key->modulus, &n);
+    SECITEM_TO_MPINT(key->publicExponent, &e);
+    /* Perform a public key operation v = m ** e mod n */
+    CHECK_MPI_OK(mp_exptmod(m, &e, &n, &v));
+    if (mp_cmp(&v, c) != 0) {
+        rv = SECFailure;
+    }
+cleanup:
+    mp_clear(&n);
+    mp_clear(&e);
+    mp_clear(&v);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+static PRCallOnceType coBPInit = { 0, 0, 0 };
+static PRStatus
+init_blinding_params_list(void)
+{
+    blindingParamsList.lock = PZ_NewLock(nssILockOther);
+    if (!blindingParamsList.lock) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return PR_FAILURE;
+    }
+    blindingParamsList.cVar = PR_NewCondVar(blindingParamsList.lock);
+    if (!blindingParamsList.cVar) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return PR_FAILURE;
+    }
+    blindingParamsList.waitCount = 0;
+    PR_INIT_CLIST(&blindingParamsList.head);
+    return PR_SUCCESS;
+}
+
+static SECStatus
+generate_blinding_params(RSAPrivateKey *key, mp_int *f, mp_int *g, mp_int *n,
+                         unsigned int modLen)
+{
+    SECStatus rv = SECSuccess;
+    mp_int e, k;
+    mp_err err = MP_OKAY;
+    unsigned char *kb = NULL;
+
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&k) = 0;
+    CHECK_MPI_OK(mp_init(&e));
+    CHECK_MPI_OK(mp_init(&k));
+    SECITEM_TO_MPINT(key->publicExponent, &e);
+    /* generate random k < n */
+    kb = PORT_Alloc(modLen);
+    if (!kb) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto cleanup;
+    }
+    CHECK_SEC_OK(RNG_GenerateGlobalRandomBytes(kb, modLen));
+    CHECK_MPI_OK(mp_read_unsigned_octets(&k, kb, modLen));
+    /* k < n */
+    CHECK_MPI_OK(mp_mod(&k, n, &k));
+    /* f = k**e mod n */
+    CHECK_MPI_OK(mp_exptmod(&k, &e, n, f));
+    /* g = k**-1 mod n */
+    CHECK_MPI_OK(mp_invmod(&k, n, g));
+cleanup:
+    if (kb)
+        PORT_ZFree(kb, modLen);
+    mp_clear(&k);
+    mp_clear(&e);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+static SECStatus
+init_blinding_params(RSABlindingParams *rsabp, RSAPrivateKey *key,
+                     mp_int *n, unsigned int modLen)
+{
+    blindingParams *bp = rsabp->array;
+    int i = 0;
+
+    /* Initialize the list pointer for the element */
+    PR_INIT_CLIST(&rsabp->link);
+    for (i = 0; i < RSA_BLINDING_PARAMS_MAX_CACHE_SIZE; ++i, ++bp) {
+        bp->next = bp + 1;
+        MP_DIGITS(&bp->f) = 0;
+        MP_DIGITS(&bp->g) = 0;
+        bp->counter = 0;
+    }
+    /* The last bp->next value was initialized with out
+     * of rsabp->array pointer and must be set to NULL
+     */
+    rsabp->array[RSA_BLINDING_PARAMS_MAX_CACHE_SIZE - 1].next = NULL;
+
+    bp = rsabp->array;
+    rsabp->bp = NULL;
+    rsabp->free = bp;
+
+    /* List elements are keyed using the modulus */
+    return SECITEM_CopyItem(NULL, &rsabp->modulus, &key->modulus);
+}
+
+static SECStatus
+get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen,
+                    mp_int *f, mp_int *g)
+{
+    RSABlindingParams *rsabp = NULL;
+    blindingParams *bpUnlinked = NULL;
+    blindingParams *bp;
+    PRCList *el;
+    SECStatus rv = SECSuccess;
+    mp_err err = MP_OKAY;
+    int cmp = -1;
+    PRBool holdingLock = PR_FALSE;
+
+    do {
+        if (blindingParamsList.lock == NULL) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+        /* Acquire the list lock */
+        PZ_Lock(blindingParamsList.lock);
+        holdingLock = PR_TRUE;
+
+        /* Walk the list looking for the private key */
+        for (el = PR_NEXT_LINK(&blindingParamsList.head);
+             el != &blindingParamsList.head;
+             el = PR_NEXT_LINK(el)) {
+            rsabp = (RSABlindingParams *)el;
+            cmp = SECITEM_CompareItem(&rsabp->modulus, &key->modulus);
+            if (cmp >= 0) {
+                /* The key is found or not in the list. */
+                break;
+            }
+        }
+
+        if (cmp) {
+            /* At this point, the key is not in the list.  el should point to
+            ** the list element before which this key should be inserted.
+            */
+            rsabp = PORT_ZNew(RSABlindingParams);
+            if (!rsabp) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto cleanup;
+            }
+
+            rv = init_blinding_params(rsabp, key, n, modLen);
+            if (rv != SECSuccess) {
+                PORT_ZFree(rsabp, sizeof(RSABlindingParams));
+                goto cleanup;
+            }
+
+            /* Insert the new element into the list
+            ** If inserting in the middle of the list, el points to the link
+            ** to insert before.  Otherwise, the link needs to be appended to
+            ** the end of the list, which is the same as inserting before the
+            ** head (since el would have looped back to the head).
+            */
+            PR_INSERT_BEFORE(&rsabp->link, el);
+        }
+
+        /* We've found (or created) the RSAblindingParams struct for this key.
+         * Now, search its list of ready blinding params for a usable one.
+         */
+        while (0 != (bp = rsabp->bp)) {
+#ifndef UNSAFE_FUZZER_MODE
+            if (--(bp->counter) > 0)
+#endif
+            {
+                /* Found a match and there are still remaining uses left */
+                /* Return the parameters */
+                CHECK_MPI_OK(mp_copy(&bp->f, f));
+                CHECK_MPI_OK(mp_copy(&bp->g, g));
+
+                PZ_Unlock(blindingParamsList.lock);
+                return SECSuccess;
+            }
+            /* exhausted this one, give its values to caller, and
+             * then retire it.
+             */
+            mp_exch(&bp->f, f);
+            mp_exch(&bp->g, g);
+            mp_clear(&bp->f);
+            mp_clear(&bp->g);
+            bp->counter = 0;
+            /* Move to free list */
+            rsabp->bp = bp->next;
+            bp->next = rsabp->free;
+            rsabp->free = bp;
+            /* In case there're threads waiting for new blinding
+             * value - notify 1 thread the value is ready
+             */
+            if (blindingParamsList.waitCount > 0) {
+                PR_NotifyCondVar(blindingParamsList.cVar);
+                blindingParamsList.waitCount--;
+            }
+            PZ_Unlock(blindingParamsList.lock);
+            return SECSuccess;
+        }
+        /* We did not find a usable set of blinding params.  Can we make one? */
+        /* Find a free bp struct. */
+        if ((bp = rsabp->free) != NULL) {
+            /* unlink this bp */
+            rsabp->free = bp->next;
+            bp->next = NULL;
+            bpUnlinked = bp; /* In case we fail */
+
+            PZ_Unlock(blindingParamsList.lock);
+            holdingLock = PR_FALSE;
+            /* generate blinding parameter values for the current thread */
+            CHECK_SEC_OK(generate_blinding_params(key, f, g, n, modLen));
+
+            /* put the blinding parameter values into cache */
+            CHECK_MPI_OK(mp_init(&bp->f));
+            CHECK_MPI_OK(mp_init(&bp->g));
+            CHECK_MPI_OK(mp_copy(f, &bp->f));
+            CHECK_MPI_OK(mp_copy(g, &bp->g));
+
+            /* Put this at head of queue of usable params. */
+            PZ_Lock(blindingParamsList.lock);
+            holdingLock = PR_TRUE;
+            (void)holdingLock;
+            /* initialize RSABlindingParamsStr */
+            bp->counter = RSA_BLINDING_PARAMS_MAX_REUSE;
+            bp->next = rsabp->bp;
+            rsabp->bp = bp;
+            bpUnlinked = NULL;
+            /* In case there're threads waiting for new blinding value
+             * just notify them the value is ready
+             */
+            if (blindingParamsList.waitCount > 0) {
+                PR_NotifyAllCondVar(blindingParamsList.cVar);
+                blindingParamsList.waitCount = 0;
+            }
+            PZ_Unlock(blindingParamsList.lock);
+            return SECSuccess;
+        }
+        /* Here, there are no usable blinding parameters available,
+         * and no free bp blocks, presumably because they're all
+         * actively having parameters generated for them.
+         * So, we need to wait here and not eat up CPU until some
+         * change happens.
+         */
+        blindingParamsList.waitCount++;
+        PR_WaitCondVar(blindingParamsList.cVar, PR_INTERVAL_NO_TIMEOUT);
+        PZ_Unlock(blindingParamsList.lock);
+        holdingLock = PR_FALSE;
+        (void)holdingLock;
+    } while (1);
+
+cleanup:
+    /* It is possible to reach this after the lock is already released.  */
+    if (bpUnlinked) {
+        if (!holdingLock) {
+            PZ_Lock(blindingParamsList.lock);
+            holdingLock = PR_TRUE;
+        }
+        bp = bpUnlinked;
+        mp_clear(&bp->f);
+        mp_clear(&bp->g);
+        bp->counter = 0;
+        /* Must put the unlinked bp back on the free list */
+        bp->next = rsabp->free;
+        rsabp->free = bp;
+    }
+    if (holdingLock) {
+        PZ_Unlock(blindingParamsList.lock);
+    }
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+    }
+    return SECFailure;
+}
+
+/*
+** Perform a raw private-key operation
+**  Length of input and output buffers are equal to key's modulus len.
+*/
+static SECStatus
+rsa_PrivateKeyOp(RSAPrivateKey *key,
+                 unsigned char *output,
+                 const unsigned char *input,
+                 PRBool check)
+{
+    unsigned int modLen;
+    unsigned int offset;
+    SECStatus rv = SECSuccess;
+    mp_err err;
+    mp_int n, c, m;
+    mp_int f, g;
+    if (!key || !output || !input) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    /* check input out of range (needs to be in range [0..n-1]) */
+    modLen = rsa_modulusLen(&key->modulus);
+    offset = (key->modulus.data[0] == 0) ? 1 : 0; /* may be leading 0 */
+    if (memcmp(input, key->modulus.data + offset, modLen) >= 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&c) = 0;
+    MP_DIGITS(&m) = 0;
+    MP_DIGITS(&f) = 0;
+    MP_DIGITS(&g) = 0;
+    CHECK_MPI_OK(mp_init(&n));
+    CHECK_MPI_OK(mp_init(&c));
+    CHECK_MPI_OK(mp_init(&m));
+    CHECK_MPI_OK(mp_init(&f));
+    CHECK_MPI_OK(mp_init(&g));
+    SECITEM_TO_MPINT(key->modulus, &n);
+    OCTETS_TO_MPINT(input, &c, modLen);
+    /* If blinding, compute pre-image of ciphertext by multiplying by
+    ** blinding factor
+    */
+    if (nssRSAUseBlinding) {
+        CHECK_SEC_OK(get_blinding_params(key, &n, modLen, &f, &g));
+        /* c' = c*f mod n */
+        CHECK_MPI_OK(mp_mulmod(&c, &f, &n, &c));
+    }
+    /* Do the private key operation m = c**d mod n */
+    if (key->prime1.len == 0 ||
+        key->prime2.len == 0 ||
+        key->exponent1.len == 0 ||
+        key->exponent2.len == 0 ||
+        key->coefficient.len == 0) {
+        CHECK_SEC_OK(rsa_PrivateKeyOpNoCRT(key, &m, &c, &n, modLen));
+    } else if (check) {
+        CHECK_SEC_OK(rsa_PrivateKeyOpCRTCheckedPubKey(key, &m, &c));
+    } else {
+        CHECK_SEC_OK(rsa_PrivateKeyOpCRTNoCheck(key, &m, &c));
+    }
+    /* If blinding, compute post-image of plaintext by multiplying by
+    ** blinding factor
+    */
+    if (nssRSAUseBlinding) {
+        /* m = m'*g mod n */
+        CHECK_MPI_OK(mp_mulmod(&m, &g, &n, &m));
+    }
+    err = mp_to_fixlen_octets(&m, output, modLen);
+    if (err >= 0)
+        err = MP_OKAY;
+cleanup:
+    mp_clear(&n);
+    mp_clear(&c);
+    mp_clear(&m);
+    mp_clear(&f);
+    mp_clear(&g);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+SECStatus
+RSA_PrivateKeyOp(RSAPrivateKey *key,
+                 unsigned char *output,
+                 const unsigned char *input)
+{
+    return rsa_PrivateKeyOp(key, output, input, PR_FALSE);
+}
+
+SECStatus
+RSA_PrivateKeyOpDoubleChecked(RSAPrivateKey *key,
+                              unsigned char *output,
+                              const unsigned char *input)
+{
+    return rsa_PrivateKeyOp(key, output, input, PR_TRUE);
+}
+
+SECStatus
+RSA_PrivateKeyCheck(const RSAPrivateKey *key)
+{
+    mp_int p, q, n, psub1, qsub1, e, d, d_p, d_q, qInv, res;
+    mp_err err = MP_OKAY;
+    SECStatus rv = SECSuccess;
+    MP_DIGITS(&p) = 0;
+    MP_DIGITS(&q) = 0;
+    MP_DIGITS(&n) = 0;
+    MP_DIGITS(&psub1) = 0;
+    MP_DIGITS(&qsub1) = 0;
+    MP_DIGITS(&e) = 0;
+    MP_DIGITS(&d) = 0;
+    MP_DIGITS(&d_p) = 0;
+    MP_DIGITS(&d_q) = 0;
+    MP_DIGITS(&qInv) = 0;
+    MP_DIGITS(&res) = 0;
+    CHECK_MPI_OK(mp_init(&p));
+    CHECK_MPI_OK(mp_init(&q));
+    CHECK_MPI_OK(mp_init(&n));
+    CHECK_MPI_OK(mp_init(&psub1));
+    CHECK_MPI_OK(mp_init(&qsub1));
+    CHECK_MPI_OK(mp_init(&e));
+    CHECK_MPI_OK(mp_init(&d));
+    CHECK_MPI_OK(mp_init(&d_p));
+    CHECK_MPI_OK(mp_init(&d_q));
+    CHECK_MPI_OK(mp_init(&qInv));
+    CHECK_MPI_OK(mp_init(&res));
+
+    if (!key->modulus.data || !key->prime1.data || !key->prime2.data ||
+        !key->publicExponent.data || !key->privateExponent.data ||
+        !key->exponent1.data || !key->exponent2.data ||
+        !key->coefficient.data) {
+        /* call RSA_PopulatePrivateKey first, if the application wishes to
+         * recover these parameters */
+        err = MP_BADARG;
+        goto cleanup;
+    }
+
+    SECITEM_TO_MPINT(key->modulus, &n);
+    SECITEM_TO_MPINT(key->prime1, &p);
+    SECITEM_TO_MPINT(key->prime2, &q);
+    SECITEM_TO_MPINT(key->publicExponent, &e);
+    SECITEM_TO_MPINT(key->privateExponent, &d);
+    SECITEM_TO_MPINT(key->exponent1, &d_p);
+    SECITEM_TO_MPINT(key->exponent2, &d_q);
+    SECITEM_TO_MPINT(key->coefficient, &qInv);
+    /* p and q must be distinct. */
+    if (mp_cmp(&p, &q) == 0) {
+        rv = SECFailure;
+        goto cleanup;
+    }
+#define VERIFY_MPI_EQUAL(m1, m2) \
+    if (mp_cmp(m1, m2) != 0) {   \
+        rv = SECFailure;         \
+        goto cleanup;            \
+    }
+#define VERIFY_MPI_EQUAL_1(m)  \
+    if (mp_cmp_d(m, 1) != 0) { \
+        rv = SECFailure;       \
+        goto cleanup;          \
+    }
+    /* n == p * q */
+    CHECK_MPI_OK(mp_mul(&p, &q, &res));
+    VERIFY_MPI_EQUAL(&res, &n);
+    /* gcd(e, p-1) == 1 */
+    CHECK_MPI_OK(mp_sub_d(&p, 1, &psub1));
+    CHECK_MPI_OK(mp_gcd(&e, &psub1, &res));
+    VERIFY_MPI_EQUAL_1(&res);
+    /* gcd(e, q-1) == 1 */
+    CHECK_MPI_OK(mp_sub_d(&q, 1, &qsub1));
+    CHECK_MPI_OK(mp_gcd(&e, &qsub1, &res));
+    VERIFY_MPI_EQUAL_1(&res);
+    /* d*e == 1 mod p-1 */
+    CHECK_MPI_OK(mp_mulmod(&d, &e, &psub1, &res));
+    VERIFY_MPI_EQUAL_1(&res);
+    /* d*e == 1 mod q-1 */
+    CHECK_MPI_OK(mp_mulmod(&d, &e, &qsub1, &res));
+    VERIFY_MPI_EQUAL_1(&res);
+    /* d_p == d mod p-1 */
+    CHECK_MPI_OK(mp_mod(&d, &psub1, &res));
+    VERIFY_MPI_EQUAL(&res, &d_p);
+    /* d_q == d mod q-1 */
+    CHECK_MPI_OK(mp_mod(&d, &qsub1, &res));
+    VERIFY_MPI_EQUAL(&res, &d_q);
+    /* q * q**-1 == 1 mod p */
+    CHECK_MPI_OK(mp_mulmod(&q, &qInv, &p, &res));
+    VERIFY_MPI_EQUAL_1(&res);
+
+cleanup:
+    mp_clear(&n);
+    mp_clear(&p);
+    mp_clear(&q);
+    mp_clear(&psub1);
+    mp_clear(&qsub1);
+    mp_clear(&e);
+    mp_clear(&d);
+    mp_clear(&d_p);
+    mp_clear(&d_q);
+    mp_clear(&qInv);
+    mp_clear(&res);
+    if (err) {
+        MP_TO_SEC_ERROR(err);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+static SECStatus
+RSA_Init(void)
+{
+    if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+BL_Init(void)
+{
+    return RSA_Init();
+}
+
+/* cleanup at shutdown */
+void
+RSA_Cleanup(void)
+{
+    blindingParams *bp = NULL;
+    if (!coBPInit.initialized)
+        return;
+
+    while (!PR_CLIST_IS_EMPTY(&blindingParamsList.head)) {
+        RSABlindingParams *rsabp =
+            (RSABlindingParams *)PR_LIST_HEAD(&blindingParamsList.head);
+        PR_REMOVE_LINK(&rsabp->link);
+        /* clear parameters cache */
+        while (rsabp->bp != NULL) {
+            bp = rsabp->bp;
+            rsabp->bp = rsabp->bp->next;
+            mp_clear(&bp->f);
+            mp_clear(&bp->g);
+        }
+        SECITEM_FreeItem(&rsabp->modulus, PR_FALSE);
+        PORT_Free(rsabp);
+    }
+
+    if (blindingParamsList.cVar) {
+        PR_DestroyCondVar(blindingParamsList.cVar);
+        blindingParamsList.cVar = NULL;
+    }
+
+    if (blindingParamsList.lock) {
+        SKIP_AFTER_FORK(PZ_DestroyLock(blindingParamsList.lock));
+        blindingParamsList.lock = NULL;
+    }
+
+    coBPInit.initialized = 0;
+    coBPInit.inProgress = 0;
+    coBPInit.status = 0;
+}
+
+/*
+ * need a central place for this function to free up all the memory that
+ * free_bl may have allocated along the way. Currently only RSA does this,
+ * so I've put it here for now.
+ */
+void
+BL_Cleanup(void)
+{
+    RSA_Cleanup();
+}
+
+PRBool bl_parentForkedAfterC_Initialize;
+
+/*
+ * Set fork flag so it can be tested in SKIP_AFTER_FORK on relevant platforms.
+ */
+void
+BL_SetForkState(PRBool forked)
+{
+    bl_parentForkedAfterC_Initialize = forked;
+}
diff --git a/nss/lib/freebl/rsapkcs.c b/nss/lib/freebl/rsapkcs.c
new file mode 100644
index 0000000..9cdbdb0
--- /dev/null
+++ b/nss/lib/freebl/rsapkcs.c
@@ -0,0 +1,1425 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * RSA PKCS#1 v2.1 (RFC 3447) operations
+ */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "secerr.h"
+
+#include "blapi.h"
+#include "secitem.h"
+#include "blapii.h"
+
+#define RSA_BLOCK_MIN_PAD_LEN 8
+#define RSA_BLOCK_FIRST_OCTET 0x00
+#define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff
+#define RSA_BLOCK_AFTER_PAD_OCTET 0x00
+
+/*
+ * RSA block types
+ *
+ * The values of RSA_BlockPrivate and RSA_BlockPublic are fixed.
+ * The value of RSA_BlockRaw isn't fixed by definition, but we are keeping
+ * the value that NSS has been using in the past.
+ */
+typedef enum {
+    RSA_BlockPrivate = 1, /* pad for a private-key operation */
+    RSA_BlockPublic = 2,  /* pad for a public-key operation */
+    RSA_BlockRaw = 4      /* simply justify the block appropriately */
+} RSA_BlockType;
+
+/* Needed for RSA-PSS functions */
+static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+/* Constant time comparison of a single byte.
+ * Returns 1 iff a == b, otherwise returns 0.
+ * Note: For ranges of bytes, use constantTimeCompare.
+ */
+static unsigned char
+constantTimeEQ8(unsigned char a, unsigned char b)
+{
+    unsigned char c = ~((a - b) | (b - a));
+    c >>= 7;
+    return c;
+}
+
+/* Constant time comparison of a range of bytes.
+ * Returns 1 iff len bytes of a are identical to len bytes of b, otherwise
+ * returns 0.
+ */
+static unsigned char
+constantTimeCompare(const unsigned char *a,
+                    const unsigned char *b,
+                    unsigned int len)
+{
+    unsigned char tmp = 0;
+    unsigned int i;
+    for (i = 0; i < len; ++i, ++a, ++b)
+        tmp |= *a ^ *b;
+    return constantTimeEQ8(0x00, tmp);
+}
+
+/* Constant time conditional.
+ * Returns a if c is 1, or b if c is 0. The result is undefined if c is
+ * not 0 or 1.
+ */
+static unsigned int
+constantTimeCondition(unsigned int c,
+                      unsigned int a,
+                      unsigned int b)
+{
+    return (~(c - 1) & a) | ((c - 1) & b);
+}
+
+static unsigned int
+rsa_modulusLen(SECItem *modulus)
+{
+    unsigned char byteZero = modulus->data[0];
+    unsigned int modLen = modulus->len - !byteZero;
+    return modLen;
+}
+
+static unsigned int
+rsa_modulusBits(SECItem *modulus)
+{
+    unsigned char byteZero = modulus->data[0];
+    unsigned int numBits = (modulus->len - 1) * 8;
+
+    if (byteZero == 0) {
+        numBits -= 8;
+        byteZero = modulus->data[1];
+    }
+
+    while (byteZero > 0) {
+        numBits++;
+        byteZero >>= 1;
+    }
+
+    return numBits;
+}
+
+/*
+ * Format one block of data for public/private key encryption using
+ * the rules defined in PKCS #1.
+ */
+static unsigned char *
+rsa_FormatOneBlock(unsigned modulusLen,
+                   RSA_BlockType blockType,
+                   SECItem *data)
+{
+    unsigned char *block;
+    unsigned char *bp;
+    int padLen;
+    int i, j;
+    SECStatus rv;
+
+    block = (unsigned char *)PORT_Alloc(modulusLen);
+    if (block == NULL)
+        return NULL;
+
+    bp = block;
+
+    /*
+     * All RSA blocks start with two octets:
+     *  0x00 || BlockType
+     */
+    *bp++ = RSA_BLOCK_FIRST_OCTET;
+    *bp++ = (unsigned char)blockType;
+
+    switch (blockType) {
+
+        /*
+       * Blocks intended for private-key operation.
+       */
+        case RSA_BlockPrivate: /* preferred method */
+            /*
+         * 0x00 || BT || Pad || 0x00 || ActualData
+         *   1      1   padLen    1      data->len
+         * Pad is either all 0x00 or all 0xff bytes, depending on blockType.
+         */
+            padLen = modulusLen - data->len - 3;
+            PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
+            if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
+                PORT_Free(block);
+                return NULL;
+            }
+            PORT_Memset(bp, RSA_BLOCK_PRIVATE_PAD_OCTET, padLen);
+            bp += padLen;
+            *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
+            PORT_Memcpy(bp, data->data, data->len);
+            break;
+
+        /*
+         * Blocks intended for public-key operation.
+         */
+        case RSA_BlockPublic:
+            /*
+             * 0x00 || BT || Pad || 0x00 || ActualData
+             *   1      1   padLen    1      data->len
+             * Pad is all non-zero random bytes.
+             *
+             * Build the block left to right.
+             * Fill the entire block from Pad to the end with random bytes.
+             * Use the bytes after Pad as a supply of extra random bytes from
+             * which to find replacements for the zero bytes in Pad.
+             * If we need more than that, refill the bytes after Pad with
+             * new random bytes as necessary.
+             */
+            padLen = modulusLen - (data->len + 3);
+            PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
+            if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
+                PORT_Free(block);
+                return NULL;
+            }
+            j = modulusLen - 2;
+            rv = RNG_GenerateGlobalRandomBytes(bp, j);
+            if (rv == SECSuccess) {
+                for (i = 0; i < padLen;) {
+                    unsigned char repl;
+                    /* Pad with non-zero random data. */
+                    if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) {
+                        ++i;
+                        continue;
+                    }
+                    if (j <= padLen) {
+                        rv = RNG_GenerateGlobalRandomBytes(bp + padLen,
+                                                           modulusLen - (2 + padLen));
+                        if (rv != SECSuccess)
+                            break;
+                        j = modulusLen - 2;
+                    }
+                    do {
+                        repl = bp[--j];
+                    } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen);
+                    if (repl != RSA_BLOCK_AFTER_PAD_OCTET) {
+                        bp[i++] = repl;
+                    }
+                }
+            }
+            if (rv != SECSuccess) {
+                PORT_Free(block);
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                return NULL;
+            }
+            bp += padLen;
+            *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
+            PORT_Memcpy(bp, data->data, data->len);
+            break;
+
+        default:
+            PORT_Assert(0);
+            PORT_Free(block);
+            return NULL;
+    }
+
+    return block;
+}
+
+static SECStatus
+rsa_FormatBlock(SECItem *result,
+                unsigned modulusLen,
+                RSA_BlockType blockType,
+                SECItem *data)
+{
+    switch (blockType) {
+        case RSA_BlockPrivate:
+        case RSA_BlockPublic:
+            /*
+             * 0x00 || BT || Pad || 0x00 || ActualData
+             *
+             * The "3" below is the first octet + the second octet + the 0x00
+             * octet that always comes just before the ActualData.
+             */
+            PORT_Assert(data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
+
+            result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
+            if (result->data == NULL) {
+                result->len = 0;
+                return SECFailure;
+            }
+            result->len = modulusLen;
+
+            break;
+
+        case RSA_BlockRaw:
+            /*
+             * Pad || ActualData
+             * Pad is zeros. The application is responsible for recovering
+             * the actual data.
+             */
+            if (data->len > modulusLen) {
+                return SECFailure;
+            }
+            result->data = (unsigned char *)PORT_ZAlloc(modulusLen);
+            result->len = modulusLen;
+            PORT_Memcpy(result->data + (modulusLen - data->len),
+                        data->data, data->len);
+            break;
+
+        default:
+            PORT_Assert(0);
+            result->data = NULL;
+            result->len = 0;
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Mask generation function MGF1 as defined in PKCS #1 v2.1 / RFC 3447.
+ */
+static SECStatus
+MGF1(HASH_HashType hashAlg,
+     unsigned char *mask,
+     unsigned int maskLen,
+     const unsigned char *mgfSeed,
+     unsigned int mgfSeedLen)
+{
+    unsigned int digestLen;
+    PRUint32 counter;
+    PRUint32 rounds;
+    unsigned char *tempHash;
+    unsigned char *temp;
+    const SECHashObject *hash;
+    void *hashContext;
+    unsigned char C[4];
+
+    hash = HASH_GetRawHashObject(hashAlg);
+    if (hash == NULL)
+        return SECFailure;
+
+    hashContext = (*hash->create)();
+    rounds = (maskLen + hash->length - 1) / hash->length;
+    for (counter = 0; counter < rounds; counter++) {
+        C[0] = (unsigned char)((counter >> 24) & 0xff);
+        C[1] = (unsigned char)((counter >> 16) & 0xff);
+        C[2] = (unsigned char)((counter >> 8) & 0xff);
+        C[3] = (unsigned char)(counter & 0xff);
+
+        /* This could be optimized when the clone functions in
+         * rawhash.c are implemented. */
+        (*hash->begin)(hashContext);
+        (*hash->update)(hashContext, mgfSeed, mgfSeedLen);
+        (*hash->update)(hashContext, C, sizeof C);
+
+        tempHash = mask + counter * hash->length;
+        if (counter != (rounds - 1)) {
+            (*hash->end)(hashContext, tempHash, &digestLen, hash->length);
+        } else { /* we're in the last round and need to cut the hash */
+            temp = (unsigned char *)PORT_Alloc(hash->length);
+            (*hash->end)(hashContext, temp, &digestLen, hash->length);
+            PORT_Memcpy(tempHash, temp, maskLen - counter * hash->length);
+            PORT_Free(temp);
+        }
+    }
+    (*hash->destroy)(hashContext, PR_TRUE);
+
+    return SECSuccess;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_SignRaw(RSAPrivateKey *key,
+            unsigned char *output,
+            unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *data,
+            unsigned int dataLen)
+{
+    SECStatus rv = SECSuccess;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    SECItem formatted;
+    SECItem unformatted;
+
+    if (maxOutputLen < modulusLen)
+        return SECFailure;
+
+    unformatted.len = dataLen;
+    unformatted.data = (unsigned char *)data;
+    formatted.data = NULL;
+    rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw, &unformatted);
+    if (rv != SECSuccess)
+        goto done;
+
+    rv = RSA_PrivateKeyOpDoubleChecked(key, output, formatted.data);
+    *outputLen = modulusLen;
+
+done:
+    if (formatted.data != NULL)
+        PORT_ZFree(formatted.data, modulusLen);
+    return rv;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_CheckSignRaw(RSAPublicKey *key,
+                 const unsigned char *sig,
+                 unsigned int sigLen,
+                 const unsigned char *hash,
+                 unsigned int hashLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned char *buffer;
+
+    if (sigLen != modulusLen)
+        goto failure;
+    if (hashLen > modulusLen)
+        goto failure;
+
+    buffer = (unsigned char *)PORT_Alloc(modulusLen + 1);
+    if (!buffer)
+        goto failure;
+
+    rv = RSA_PublicKeyOp(key, buffer, sig);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /*
+     * make sure we get the same results
+     */
+    /* XXX(rsleevi): Constant time */
+    /* NOTE: should we verify the leading zeros? */
+    if (PORT_Memcmp(buffer + (modulusLen - hashLen), hash, hashLen) != 0)
+        goto loser;
+
+    PORT_Free(buffer);
+    return SECSuccess;
+
+loser:
+    PORT_Free(buffer);
+failure:
+    return SECFailure;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_CheckSignRecoverRaw(RSAPublicKey *key,
+                        unsigned char *data,
+                        unsigned int *dataLen,
+                        unsigned int maxDataLen,
+                        const unsigned char *sig,
+                        unsigned int sigLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+
+    if (sigLen != modulusLen)
+        goto failure;
+    if (maxDataLen < modulusLen)
+        goto failure;
+
+    rv = RSA_PublicKeyOp(key, data, sig);
+    if (rv != SECSuccess)
+        goto failure;
+
+    *dataLen = modulusLen;
+    return SECSuccess;
+
+failure:
+    return SECFailure;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_EncryptRaw(RSAPublicKey *key,
+               unsigned char *output,
+               unsigned int *outputLen,
+               unsigned int maxOutputLen,
+               const unsigned char *input,
+               unsigned int inputLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    SECItem formatted;
+    SECItem unformatted;
+
+    formatted.data = NULL;
+    if (maxOutputLen < modulusLen)
+        goto failure;
+
+    unformatted.len = inputLen;
+    unformatted.data = (unsigned char *)input;
+    formatted.data = NULL;
+    rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw, &unformatted);
+    if (rv != SECSuccess)
+        goto failure;
+
+    rv = RSA_PublicKeyOp(key, output, formatted.data);
+    if (rv != SECSuccess)
+        goto failure;
+
+    PORT_ZFree(formatted.data, modulusLen);
+    *outputLen = modulusLen;
+    return SECSuccess;
+
+failure:
+    if (formatted.data != NULL)
+        PORT_ZFree(formatted.data, modulusLen);
+    return SECFailure;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_DecryptRaw(RSAPrivateKey *key,
+               unsigned char *output,
+               unsigned int *outputLen,
+               unsigned int maxOutputLen,
+               const unsigned char *input,
+               unsigned int inputLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+
+    if (modulusLen > maxOutputLen)
+        goto failure;
+    if (inputLen != modulusLen)
+        goto failure;
+
+    rv = RSA_PrivateKeyOp(key, output, input);
+    if (rv != SECSuccess)
+        goto failure;
+
+    *outputLen = modulusLen;
+    return SECSuccess;
+
+failure:
+    return SECFailure;
+}
+
+/*
+ * Decodes an EME-OAEP encoded block, validating the encoding in constant
+ * time.
+ * Described in RFC 3447, section 7.1.2.
+ * input contains the encoded block, after decryption.
+ * label is the optional value L that was associated with the message.
+ * On success, the original message and message length will be stored in
+ * output and outputLen.
+ */
+static SECStatus
+eme_oaep_decode(unsigned char *output,
+                unsigned int *outputLen,
+                unsigned int maxOutputLen,
+                const unsigned char *input,
+                unsigned int inputLen,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen)
+{
+    const SECHashObject *hash;
+    void *hashContext;
+    SECStatus rv = SECFailure;
+    unsigned char labelHash[HASH_LENGTH_MAX];
+    unsigned int i;
+    unsigned int maskLen;
+    unsigned int paddingOffset;
+    unsigned char *mask = NULL;
+    unsigned char *tmpOutput = NULL;
+    unsigned char isGood;
+    unsigned char foundPaddingEnd;
+
+    hash = HASH_GetRawHashObject(hashAlg);
+
+    /* 1.c */
+    if (inputLen < (hash->length * 2) + 2) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    /* Step 3.a - Generate lHash */
+    hashContext = (*hash->create)();
+    if (hashContext == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    (*hash->begin)(hashContext);
+    if (labelLen > 0)
+        (*hash->update)(hashContext, label, labelLen);
+    (*hash->end)(hashContext, labelHash, &i, sizeof(labelHash));
+    (*hash->destroy)(hashContext, PR_TRUE);
+
+    tmpOutput = (unsigned char *)PORT_Alloc(inputLen);
+    if (tmpOutput == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto done;
+    }
+
+    maskLen = inputLen - hash->length - 1;
+    mask = (unsigned char *)PORT_Alloc(maskLen);
+    if (mask == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto done;
+    }
+
+    PORT_Memcpy(tmpOutput, input, inputLen);
+
+    /* 3.c - Generate seedMask */
+    MGF1(maskHashAlg, mask, hash->length, &tmpOutput[1 + hash->length],
+         inputLen - hash->length - 1);
+    /* 3.d - Unmask seed */
+    for (i = 0; i < hash->length; ++i)
+        tmpOutput[1 + i] ^= mask[i];
+
+    /* 3.e - Generate dbMask */
+    MGF1(maskHashAlg, mask, maskLen, &tmpOutput[1], hash->length);
+    /* 3.f - Unmask DB */
+    for (i = 0; i < maskLen; ++i)
+        tmpOutput[1 + hash->length + i] ^= mask[i];
+
+    /* 3.g - Compare Y, lHash, and PS in constant time
+     * Warning: This code is timing dependent and must not disclose which of
+     * these were invalid.
+     */
+    paddingOffset = 0;
+    isGood = 1;
+    foundPaddingEnd = 0;
+
+    /* Compare Y */
+    isGood &= constantTimeEQ8(0x00, tmpOutput[0]);
+
+    /* Compare lHash and lHash' */
+    isGood &= constantTimeCompare(&labelHash[0],
+                                  &tmpOutput[1 + hash->length],
+                                  hash->length);
+
+    /* Compare that the padding is zero or more zero octets, followed by a
+     * 0x01 octet */
+    for (i = 1 + (hash->length * 2); i < inputLen; ++i) {
+        unsigned char isZero = constantTimeEQ8(0x00, tmpOutput[i]);
+        unsigned char isOne = constantTimeEQ8(0x01, tmpOutput[i]);
+        /* non-constant time equivalent:
+         * if (tmpOutput[i] == 0x01 && !foundPaddingEnd)
+         *     paddingOffset = i;
+         */
+        paddingOffset = constantTimeCondition(isOne & ~foundPaddingEnd, i,
+                                              paddingOffset);
+        /* non-constant time equivalent:
+         * if (tmpOutput[i] == 0x01)
+         *    foundPaddingEnd = true;
+         *
+         * Note: This may yield false positives, as it will be set whenever
+         * a 0x01 byte is encountered. If there was bad padding (eg:
+         * 0x03 0x02 0x01), foundPaddingEnd will still be set to true, and
+         * paddingOffset will still be set to 2.
+         */
+        foundPaddingEnd = constantTimeCondition(isOne, 1, foundPaddingEnd);
+        /* non-constant time equivalent:
+         * if (tmpOutput[i] != 0x00 && tmpOutput[i] != 0x01 &&
+         *     !foundPaddingEnd) {
+         *    isGood = false;
+         * }
+         *
+         * Note: This may yield false positives, as a message (and padding)
+         * that is entirely zeros will result in isGood still being true. Thus
+         * it's necessary to check foundPaddingEnd is positive below.
+         */
+        isGood = constantTimeCondition(~foundPaddingEnd & ~isZero, 0, isGood);
+    }
+
+    /* While both isGood and foundPaddingEnd may have false positives, they
+     * cannot BOTH have false positives. If both are not true, then an invalid
+     * message was received. Note, this comparison must still be done in constant
+     * time so as not to leak either condition.
+     */
+    if (!(isGood & foundPaddingEnd)) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        goto done;
+    }
+
+    /* End timing dependent code */
+
+    ++paddingOffset; /* Skip the 0x01 following the end of PS */
+
+    *outputLen = inputLen - paddingOffset;
+    if (*outputLen > maxOutputLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        goto done;
+    }
+
+    if (*outputLen)
+        PORT_Memcpy(output, &tmpOutput[paddingOffset], *outputLen);
+    rv = SECSuccess;
+
+done:
+    if (mask)
+        PORT_ZFree(mask, maskLen);
+    if (tmpOutput)
+        PORT_ZFree(tmpOutput, inputLen);
+    return rv;
+}
+
+/*
+ * Generate an EME-OAEP encoded block for encryption
+ * Described in RFC 3447, section 7.1.1
+ * We use input instead of M for the message to be encrypted
+ * label is the optional value L to be associated with the message.
+ */
+static SECStatus
+eme_oaep_encode(unsigned char *em,
+                unsigned int emLen,
+                const unsigned char *input,
+                unsigned int inputLen,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen,
+                const unsigned char *seed,
+                unsigned int seedLen)
+{
+    const SECHashObject *hash;
+    void *hashContext;
+    SECStatus rv;
+    unsigned char *mask;
+    unsigned int reservedLen;
+    unsigned int dbMaskLen;
+    unsigned int i;
+
+    hash = HASH_GetRawHashObject(hashAlg);
+    PORT_Assert(seed == NULL || seedLen == hash->length);
+
+    /* Step 1.b */
+    reservedLen = (2 * hash->length) + 2;
+    if (emLen < reservedLen || inputLen > (emLen - reservedLen)) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    /*
+     * From RFC 3447, Section 7.1
+     *                      +----------+---------+-------+
+     *                 DB = |  lHash   |    PS   |   M   |
+     *                      +----------+---------+-------+
+     *                                     |
+     *           +----------+              V
+     *           |   seed   |--> MGF ---> xor
+     *           +----------+              |
+     *                 |                   |
+     *        +--+     V                   |
+     *        |00|    xor <----- MGF <-----|
+     *        +--+     |                   |
+     *          |      |                   |
+     *          V      V                   V
+     *        +--+----------+----------------------------+
+     *  EM =  |00|maskedSeed|          maskedDB          |
+     *        +--+----------+----------------------------+
+     *
+     * We use mask to hold the result of the MGF functions, and all other
+     * values are generated in their final resting place.
+     */
+    *em = 0x00;
+
+    /* Step 2.a - Generate lHash */
+    hashContext = (*hash->create)();
+    if (hashContext == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    (*hash->begin)(hashContext);
+    if (labelLen > 0)
+        (*hash->update)(hashContext, label, labelLen);
+    (*hash->end)(hashContext, &em[1 + hash->length], &i, hash->length);
+    (*hash->destroy)(hashContext, PR_TRUE);
+
+    /* Step 2.b - Generate PS */
+    if (emLen - reservedLen - inputLen > 0) {
+        PORT_Memset(em + 1 + (hash->length * 2), 0x00,
+                    emLen - reservedLen - inputLen);
+    }
+
+    /* Step 2.c. - Generate DB
+     * DB = lHash || PS || 0x01 || M
+     * Note that PS and lHash have already been placed into em at their
+     * appropriate offsets. This just copies M into place
+     */
+    em[emLen - inputLen - 1] = 0x01;
+    if (inputLen)
+        PORT_Memcpy(em + emLen - inputLen, input, inputLen);
+
+    if (seed == NULL) {
+        /* Step 2.d - Generate seed */
+        rv = RNG_GenerateGlobalRandomBytes(em + 1, hash->length);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    } else {
+        /* For Known Answer Tests, copy the supplied seed. */
+        PORT_Memcpy(em + 1, seed, seedLen);
+    }
+
+    /* Step 2.e - Generate dbMask*/
+    dbMaskLen = emLen - hash->length - 1;
+    mask = (unsigned char *)PORT_Alloc(dbMaskLen);
+    if (mask == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    MGF1(maskHashAlg, mask, dbMaskLen, em + 1, hash->length);
+    /* Step 2.f - Compute maskedDB*/
+    for (i = 0; i < dbMaskLen; ++i)
+        em[1 + hash->length + i] ^= mask[i];
+
+    /* Step 2.g - Generate seedMask */
+    MGF1(maskHashAlg, mask, hash->length, &em[1 + hash->length], dbMaskLen);
+    /* Step 2.h - Compute maskedSeed */
+    for (i = 0; i < hash->length; ++i)
+        em[1 + i] ^= mask[i];
+
+    PORT_ZFree(mask, dbMaskLen);
+    return SECSuccess;
+}
+
+SECStatus
+RSA_EncryptOAEP(RSAPublicKey *key,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen,
+                const unsigned char *seed,
+                unsigned int seedLen,
+                unsigned char *output,
+                unsigned int *outputLen,
+                unsigned int maxOutputLen,
+                const unsigned char *input,
+                unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned char *oaepEncoded = NULL;
+
+    if (maxOutputLen < modulusLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    if ((hashAlg == HASH_AlgNULL) || (maskHashAlg == HASH_AlgNULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    if ((labelLen == 0 && label != NULL) ||
+        (labelLen > 0 && label == NULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    oaepEncoded = (unsigned char *)PORT_Alloc(modulusLen);
+    if (oaepEncoded == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    rv = eme_oaep_encode(oaepEncoded, modulusLen, input, inputLen,
+                         hashAlg, maskHashAlg, label, labelLen, seed, seedLen);
+    if (rv != SECSuccess)
+        goto done;
+
+    rv = RSA_PublicKeyOp(key, output, oaepEncoded);
+    if (rv != SECSuccess)
+        goto done;
+    *outputLen = modulusLen;
+
+done:
+    PORT_Free(oaepEncoded);
+    return rv;
+}
+
+SECStatus
+RSA_DecryptOAEP(RSAPrivateKey *key,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *label,
+                unsigned int labelLen,
+                unsigned char *output,
+                unsigned int *outputLen,
+                unsigned int maxOutputLen,
+                const unsigned char *input,
+                unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned char *oaepEncoded = NULL;
+
+    if ((hashAlg == HASH_AlgNULL) || (maskHashAlg == HASH_AlgNULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    if (inputLen != modulusLen) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return SECFailure;
+    }
+
+    if ((labelLen == 0 && label != NULL) ||
+        (labelLen > 0 && label == NULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    oaepEncoded = (unsigned char *)PORT_Alloc(modulusLen);
+    if (oaepEncoded == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    rv = RSA_PrivateKeyOpDoubleChecked(key, oaepEncoded, input);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+    rv = eme_oaep_decode(output, outputLen, maxOutputLen, oaepEncoded,
+                         modulusLen, hashAlg, maskHashAlg, label,
+                         labelLen);
+
+done:
+    if (oaepEncoded)
+        PORT_ZFree(oaepEncoded, modulusLen);
+    return rv;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_EncryptBlock(RSAPublicKey *key,
+                 unsigned char *output,
+                 unsigned int *outputLen,
+                 unsigned int maxOutputLen,
+                 const unsigned char *input,
+                 unsigned int inputLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    SECItem formatted;
+    SECItem unformatted;
+
+    formatted.data = NULL;
+    if (maxOutputLen < modulusLen)
+        goto failure;
+
+    unformatted.len = inputLen;
+    unformatted.data = (unsigned char *)input;
+    formatted.data = NULL;
+    rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPublic,
+                         &unformatted);
+    if (rv != SECSuccess)
+        goto failure;
+
+    rv = RSA_PublicKeyOp(key, output, formatted.data);
+    if (rv != SECSuccess)
+        goto failure;
+
+    PORT_ZFree(formatted.data, modulusLen);
+    *outputLen = modulusLen;
+    return SECSuccess;
+
+failure:
+    if (formatted.data != NULL)
+        PORT_ZFree(formatted.data, modulusLen);
+    return SECFailure;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_DecryptBlock(RSAPrivateKey *key,
+                 unsigned char *output,
+                 unsigned int *outputLen,
+                 unsigned int maxOutputLen,
+                 const unsigned char *input,
+                 unsigned int inputLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned int i;
+    unsigned char *buffer;
+
+    if (inputLen != modulusLen)
+        goto failure;
+
+    buffer = (unsigned char *)PORT_Alloc(modulusLen + 1);
+    if (!buffer)
+        goto failure;
+
+    rv = RSA_PrivateKeyOp(key, buffer, input);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* XXX(rsleevi): Constant time */
+    if (buffer[0] != RSA_BLOCK_FIRST_OCTET ||
+        buffer[1] != (unsigned char)RSA_BlockPublic) {
+        goto loser;
+    }
+    *outputLen = 0;
+    for (i = 2; i < modulusLen; i++) {
+        if (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) {
+            *outputLen = modulusLen - i - 1;
+            break;
+        }
+    }
+    if (*outputLen == 0)
+        goto loser;
+    if (*outputLen > maxOutputLen)
+        goto loser;
+
+    PORT_Memcpy(output, buffer + modulusLen - *outputLen, *outputLen);
+
+    PORT_Free(buffer);
+    return SECSuccess;
+
+loser:
+    PORT_Free(buffer);
+failure:
+    return SECFailure;
+}
+
+/*
+ * Encode a RSA-PSS signature.
+ * Described in RFC 3447, section 9.1.1.
+ * We use mHash instead of M as input.
+ * emBits from the RFC is just modBits - 1, see section 8.1.1.
+ * We only support MGF1 as the MGF.
+ */
+static SECStatus
+emsa_pss_encode(unsigned char *em,
+                unsigned int emLen,
+                unsigned int emBits,
+                const unsigned char *mHash,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                const unsigned char *salt,
+                unsigned int saltLen)
+{
+    const SECHashObject *hash;
+    void *hash_context;
+    unsigned char *dbMask;
+    unsigned int dbMaskLen;
+    unsigned int i;
+    SECStatus rv;
+
+    hash = HASH_GetRawHashObject(hashAlg);
+    dbMaskLen = emLen - hash->length - 1;
+
+    /* Step 3 */
+    if (emLen < hash->length + saltLen + 2) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    /* Step 4 */
+    if (salt == NULL) {
+        rv = RNG_GenerateGlobalRandomBytes(&em[dbMaskLen - saltLen], saltLen);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    } else {
+        PORT_Memcpy(&em[dbMaskLen - saltLen], salt, saltLen);
+    }
+
+    /* Step 5 + 6 */
+    /* Compute H and store it at its final location &em[dbMaskLen]. */
+    hash_context = (*hash->create)();
+    if (hash_context == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    (*hash->begin)(hash_context);
+    (*hash->update)(hash_context, eightZeros, 8);
+    (*hash->update)(hash_context, mHash, hash->length);
+    (*hash->update)(hash_context, &em[dbMaskLen - saltLen], saltLen);
+    (*hash->end)(hash_context, &em[dbMaskLen], &i, hash->length);
+    (*hash->destroy)(hash_context, PR_TRUE);
+
+    /* Step 7 + 8 */
+    PORT_Memset(em, 0, dbMaskLen - saltLen - 1);
+    em[dbMaskLen - saltLen - 1] = 0x01;
+
+    /* Step 9 */
+    dbMask = (unsigned char *)PORT_Alloc(dbMaskLen);
+    if (dbMask == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    MGF1(maskHashAlg, dbMask, dbMaskLen, &em[dbMaskLen], hash->length);
+
+    /* Step 10 */
+    for (i = 0; i < dbMaskLen; i++)
+        em[i] ^= dbMask[i];
+    PORT_Free(dbMask);
+
+    /* Step 11 */
+    em[0] &= 0xff >> (8 * emLen - emBits);
+
+    /* Step 12 */
+    em[emLen - 1] = 0xbc;
+
+    return SECSuccess;
+}
+
+/*
+ * Verify a RSA-PSS signature.
+ * Described in RFC 3447, section 9.1.2.
+ * We use mHash instead of M as input.
+ * emBits from the RFC is just modBits - 1, see section 8.1.2.
+ * We only support MGF1 as the MGF.
+ */
+static SECStatus
+emsa_pss_verify(const unsigned char *mHash,
+                const unsigned char *em,
+                unsigned int emLen,
+                unsigned int emBits,
+                HASH_HashType hashAlg,
+                HASH_HashType maskHashAlg,
+                unsigned int saltLen)
+{
+    const SECHashObject *hash;
+    void *hash_context;
+    unsigned char *db;
+    unsigned char *H_; /* H' from the RFC */
+    unsigned int i;
+    unsigned int dbMaskLen;
+    unsigned int zeroBits;
+    SECStatus rv;
+
+    hash = HASH_GetRawHashObject(hashAlg);
+    dbMaskLen = emLen - hash->length - 1;
+
+    /* Step 3 + 4 */
+    if ((emLen < (hash->length + saltLen + 2)) ||
+        (em[emLen - 1] != 0xbc)) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        return SECFailure;
+    }
+
+    /* Step 6 */
+    zeroBits = 8 * emLen - emBits;
+    if (em[0] >> (8 - zeroBits)) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        return SECFailure;
+    }
+
+    /* Step 7 */
+    db = (unsigned char *)PORT_Alloc(dbMaskLen);
+    if (db == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    /* &em[dbMaskLen] points to H, used as mgfSeed */
+    MGF1(maskHashAlg, db, dbMaskLen, &em[dbMaskLen], hash->length);
+
+    /* Step 8 */
+    for (i = 0; i < dbMaskLen; i++) {
+        db[i] ^= em[i];
+    }
+
+    /* Step 9 */
+    db[0] &= 0xff >> zeroBits;
+
+    /* Step 10 */
+    for (i = 0; i < (dbMaskLen - saltLen - 1); i++) {
+        if (db[i] != 0) {
+            PORT_Free(db);
+            PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+            return SECFailure;
+        }
+    }
+    if (db[dbMaskLen - saltLen - 1] != 0x01) {
+        PORT_Free(db);
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        return SECFailure;
+    }
+
+    /* Step 12 + 13 */
+    H_ = (unsigned char *)PORT_Alloc(hash->length);
+    if (H_ == NULL) {
+        PORT_Free(db);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    hash_context = (*hash->create)();
+    if (hash_context == NULL) {
+        PORT_Free(db);
+        PORT_Free(H_);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    (*hash->begin)(hash_context);
+    (*hash->update)(hash_context, eightZeros, 8);
+    (*hash->update)(hash_context, mHash, hash->length);
+    (*hash->update)(hash_context, &db[dbMaskLen - saltLen], saltLen);
+    (*hash->end)(hash_context, H_, &i, hash->length);
+    (*hash->destroy)(hash_context, PR_TRUE);
+
+    PORT_Free(db);
+
+    /* Step 14 */
+    if (PORT_Memcmp(H_, &em[dbMaskLen], hash->length) != 0) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        rv = SECFailure;
+    } else {
+        rv = SECSuccess;
+    }
+
+    PORT_Free(H_);
+    return rv;
+}
+
+SECStatus
+RSA_SignPSS(RSAPrivateKey *key,
+            HASH_HashType hashAlg,
+            HASH_HashType maskHashAlg,
+            const unsigned char *salt,
+            unsigned int saltLength,
+            unsigned char *output,
+            unsigned int *outputLen,
+            unsigned int maxOutputLen,
+            const unsigned char *input,
+            unsigned int inputLen)
+{
+    SECStatus rv = SECSuccess;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned int modulusBits = rsa_modulusBits(&key->modulus);
+    unsigned int emLen = modulusLen;
+    unsigned char *pssEncoded, *em;
+
+    if (maxOutputLen < modulusLen) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    if ((hashAlg == HASH_AlgNULL) || (maskHashAlg == HASH_AlgNULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    pssEncoded = em = (unsigned char *)PORT_Alloc(modulusLen);
+    if (pssEncoded == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    /* len(em) == ceil((modulusBits - 1) / 8). */
+    if (modulusBits % 8 == 1) {
+        em[0] = 0;
+        emLen--;
+        em++;
+    }
+    rv = emsa_pss_encode(em, emLen, modulusBits - 1, input, hashAlg,
+                         maskHashAlg, salt, saltLength);
+    if (rv != SECSuccess)
+        goto done;
+
+    rv = RSA_PrivateKeyOpDoubleChecked(key, output, pssEncoded);
+    *outputLen = modulusLen;
+
+done:
+    PORT_Free(pssEncoded);
+    return rv;
+}
+
+SECStatus
+RSA_CheckSignPSS(RSAPublicKey *key,
+                 HASH_HashType hashAlg,
+                 HASH_HashType maskHashAlg,
+                 unsigned int saltLength,
+                 const unsigned char *sig,
+                 unsigned int sigLen,
+                 const unsigned char *hash,
+                 unsigned int hashLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned int modulusBits = rsa_modulusBits(&key->modulus);
+    unsigned int emLen = modulusLen;
+    unsigned char *buffer, *em;
+
+    if (sigLen != modulusLen) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        return SECFailure;
+    }
+
+    if ((hashAlg == HASH_AlgNULL) || (maskHashAlg == HASH_AlgNULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    buffer = em = (unsigned char *)PORT_Alloc(modulusLen);
+    if (!buffer) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    rv = RSA_PublicKeyOp(key, buffer, sig);
+    if (rv != SECSuccess) {
+        PORT_Free(buffer);
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        return SECFailure;
+    }
+
+    /* len(em) == ceil((modulusBits - 1) / 8). */
+    if (modulusBits % 8 == 1) {
+        emLen--;
+        em++;
+    }
+    rv = emsa_pss_verify(hash, em, emLen, modulusBits - 1, hashAlg,
+                         maskHashAlg, saltLength);
+
+    PORT_Free(buffer);
+    return rv;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_Sign(RSAPrivateKey *key,
+         unsigned char *output,
+         unsigned int *outputLen,
+         unsigned int maxOutputLen,
+         const unsigned char *input,
+         unsigned int inputLen)
+{
+    SECStatus rv = SECSuccess;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    SECItem formatted;
+    SECItem unformatted;
+
+    if (maxOutputLen < modulusLen)
+        return SECFailure;
+
+    unformatted.len = inputLen;
+    unformatted.data = (unsigned char *)input;
+    formatted.data = NULL;
+    rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPrivate,
+                         &unformatted);
+    if (rv != SECSuccess)
+        goto done;
+
+    rv = RSA_PrivateKeyOpDoubleChecked(key, output, formatted.data);
+    *outputLen = modulusLen;
+
+    goto done;
+
+done:
+    if (formatted.data != NULL)
+        PORT_ZFree(formatted.data, modulusLen);
+    return rv;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_CheckSign(RSAPublicKey *key,
+              const unsigned char *sig,
+              unsigned int sigLen,
+              const unsigned char *data,
+              unsigned int dataLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned int i;
+    unsigned char *buffer;
+
+    if (sigLen != modulusLen)
+        goto failure;
+    /*
+     * 0x00 || BT || Pad || 0x00 || ActualData
+     *
+     * The "3" below is the first octet + the second octet + the 0x00
+     * octet that always comes just before the ActualData.
+     */
+    if (dataLen > modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))
+        goto failure;
+
+    buffer = (unsigned char *)PORT_Alloc(modulusLen + 1);
+    if (!buffer)
+        goto failure;
+
+    rv = RSA_PublicKeyOp(key, buffer, sig);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /*
+     * check the padding that was used
+     */
+    if (buffer[0] != RSA_BLOCK_FIRST_OCTET ||
+        buffer[1] != (unsigned char)RSA_BlockPrivate) {
+        goto loser;
+    }
+    for (i = 2; i < modulusLen - dataLen - 1; i++) {
+        if (buffer[i] != RSA_BLOCK_PRIVATE_PAD_OCTET)
+            goto loser;
+    }
+    if (buffer[i] != RSA_BLOCK_AFTER_PAD_OCTET)
+        goto loser;
+
+    /*
+     * make sure we get the same results
+     */
+    if (PORT_Memcmp(buffer + modulusLen - dataLen, data, dataLen) != 0)
+        goto loser;
+
+    PORT_Free(buffer);
+    return SECSuccess;
+
+loser:
+    PORT_Free(buffer);
+failure:
+    return SECFailure;
+}
+
+/* XXX Doesn't set error code */
+SECStatus
+RSA_CheckSignRecover(RSAPublicKey *key,
+                     unsigned char *output,
+                     unsigned int *outputLen,
+                     unsigned int maxOutputLen,
+                     const unsigned char *sig,
+                     unsigned int sigLen)
+{
+    SECStatus rv;
+    unsigned int modulusLen = rsa_modulusLen(&key->modulus);
+    unsigned int i;
+    unsigned char *buffer;
+
+    if (sigLen != modulusLen)
+        goto failure;
+
+    buffer = (unsigned char *)PORT_Alloc(modulusLen + 1);
+    if (!buffer)
+        goto failure;
+
+    rv = RSA_PublicKeyOp(key, buffer, sig);
+    if (rv != SECSuccess)
+        goto loser;
+    *outputLen = 0;
+
+    /*
+     * check the padding that was used
+     */
+    if (buffer[0] != RSA_BLOCK_FIRST_OCTET ||
+        buffer[1] != (unsigned char)RSA_BlockPrivate) {
+        goto loser;
+    }
+    for (i = 2; i < modulusLen; i++) {
+        if (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) {
+            *outputLen = modulusLen - i - 1;
+            break;
+        }
+        if (buffer[i] != RSA_BLOCK_PRIVATE_PAD_OCTET)
+            goto loser;
+    }
+    if (*outputLen == 0)
+        goto loser;
+    if (*outputLen > maxOutputLen)
+        goto loser;
+
+    PORT_Memcpy(output, buffer + modulusLen - *outputLen, *outputLen);
+
+    PORT_Free(buffer);
+    return SECSuccess;
+
+loser:
+    PORT_Free(buffer);
+failure:
+    return SECFailure;
+}
diff --git a/nss/lib/freebl/secmpi.h b/nss/lib/freebl/secmpi.h
new file mode 100644
index 0000000..5e8fd11
--- /dev/null
+++ b/nss/lib/freebl/secmpi.h
@@ -0,0 +1,54 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mpi.h"
+
+#define CHECK_SEC_OK(func)         \
+    if (SECSuccess != (rv = func)) \
+    goto cleanup
+
+#define CHECK_MPI_OK(func)      \
+    if (MP_OKAY > (err = func)) \
+    goto cleanup
+
+#define OCTETS_TO_MPINT(oc, mp, len) \
+    CHECK_MPI_OK(mp_read_unsigned_octets((mp), oc, len))
+
+#define SECITEM_TO_MPINT(it, mp) \
+    CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len))
+
+#define MPINT_TO_SECITEM(mp, it, arena)                         \
+    do {                                                        \
+        int mpintLen = mp_unsigned_octet_size(mp);              \
+        if (mpintLen <= 0) {                                    \
+            err = MP_RANGE;                                     \
+            goto cleanup;                                       \
+        }                                                       \
+        SECITEM_AllocItem(arena, (it), mpintLen);               \
+        if ((it)->data == NULL) {                               \
+            err = MP_MEM;                                       \
+            goto cleanup;                                       \
+        }                                                       \
+        err = mp_to_unsigned_octets(mp, (it)->data, (it)->len); \
+        if (err < 0)                                            \
+            goto cleanup;                                       \
+        else                                                    \
+            err = MP_OKAY;                                      \
+    } while (0)
+
+#define MP_TO_SEC_ERROR(err)                          \
+    switch (err) {                                    \
+        case MP_MEM:                                  \
+            PORT_SetError(SEC_ERROR_NO_MEMORY);       \
+            break;                                    \
+        case MP_RANGE:                                \
+            PORT_SetError(SEC_ERROR_BAD_DATA);        \
+            break;                                    \
+        case MP_BADARG:                               \
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);    \
+            break;                                    \
+        default:                                      \
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); \
+            break;                                    \
+    }
diff --git a/nss/lib/freebl/secrng.h b/nss/lib/freebl/secrng.h
new file mode 100644
index 0000000..19eae48
--- /dev/null
+++ b/nss/lib/freebl/secrng.h
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECRNG_H_
+#define _SECRNG_H_
+/*
+ * secrng.h - public data structures and prototypes for the secure random
+ *	      number generator
+ */
+
+/******************************************/
+/*
+** Random number generation. A cryptographically strong random number
+** generator.
+*/
+
+#include "blapi.h"
+
+/* the number of bytes to read from the system random number generator */
+#define SYSTEM_RNG_SEED_COUNT 1024
+
+SEC_BEGIN_PROTOS
+
+/*
+** The following functions are provided by the security library
+** but are differently implemented for the UNIX, Win, and OS/2
+** versions
+*/
+
+/*
+** Get the "noisiest" information available on the system.
+** The amount of data returned depends on the system implementation.
+** It will not exceed maxbytes, but may be (much) less.
+** Returns number of noise bytes copied into buf, or zero if error.
+*/
+extern size_t RNG_GetNoise(void *buf, size_t maxbytes);
+
+/*
+** RNG_SystemInfoForRNG should be called before any use of SSL. It
+** gathers up the system specific information to help seed the
+** state of the global random number generator.
+*/
+extern void RNG_SystemInfoForRNG(void);
+
+/*
+** Use the contents (and stat) of a file to help seed the
+** global random number generator.
+*/
+extern void RNG_FileForRNG(const char *filename);
+
+/*
+** Get maxbytes bytes of random data from the system random number
+** generator.
+** Returns the number of bytes copied into buf -- maxbytes if success
+** or zero if error.
+** Errors:
+**   PR_NOT_IMPLEMENTED_ERROR   There is no system RNG on the platform.
+**   SEC_ERROR_NEED_RANDOM      The system RNG failed.
+*/
+extern size_t RNG_SystemRNG(void *buf, size_t maxbytes);
+
+SEC_END_PROTOS
+
+#endif /* _SECRNG_H_ */
diff --git a/nss/lib/freebl/seed.c b/nss/lib/freebl/seed.c
new file mode 100644
index 0000000..f198cce
--- /dev/null
+++ b/nss/lib/freebl/seed.c
@@ -0,0 +1,641 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stddef.h>
+#ifdef WIN32
+#include <memory.h>
+#endif
+
+#include "seed.h"
+#include "secerr.h"
+
+static const seed_word SS[4][256] = {
+    { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
+      0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+      0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+      0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+      0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
+      0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+      0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
+      0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+      0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+      0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+      0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
+      0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+      0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
+      0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+      0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+      0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+      0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
+      0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+      0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
+      0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+      0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+      0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+      0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
+      0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+      0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
+      0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+      0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+      0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+      0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
+      0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+      0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
+      0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+      0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+      0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+      0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
+      0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+      0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
+      0x36063234, 0x15051114, 0x22022220, 0x38083038,
+      0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+      0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+      0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
+      0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+      0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
+      0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+      0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+      0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+      0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
+      0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+      0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
+      0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+      0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+      0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+      0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
+      0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+      0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
+      0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+      0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+      0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+      0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
+      0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+      0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
+      0x22426260, 0x29092128, 0x07070304, 0x33033330,
+      0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+      0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298 },
+    { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
+      0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+      0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+      0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+      0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
+      0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+      0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
+      0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+      0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+      0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+      0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
+      0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+      0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
+      0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+      0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+      0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+      0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
+      0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+      0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
+      0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+      0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+      0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+      0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
+      0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+      0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
+      0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+      0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+      0x20220222, 0x04040400, 0x68284860, 0x70314171,
+      0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
+      0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+      0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
+      0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+      0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+      0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+      0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
+      0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+      0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
+      0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+      0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+      0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+      0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
+      0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+      0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
+      0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+      0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+      0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+      0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
+      0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+      0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
+      0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+      0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+      0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+      0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
+      0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+      0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
+      0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+      0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+      0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+      0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
+      0x30320232, 0x84048480, 0x68294961, 0x90138393,
+      0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
+      0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+      0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+      0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3 },
+    { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
+      0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+      0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+      0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+      0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
+      0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+      0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
+      0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+      0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+      0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+      0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
+      0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+      0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
+      0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+      0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+      0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+      0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
+      0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+      0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
+      0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+      0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+      0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+      0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
+      0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+      0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
+      0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+      0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+      0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+      0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
+      0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+      0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
+      0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+      0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+      0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+      0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
+      0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+      0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
+      0x32343606, 0x11141505, 0x22202202, 0x30383808,
+      0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+      0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+      0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
+      0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+      0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
+      0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+      0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+      0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+      0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
+      0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+      0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
+      0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+      0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+      0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+      0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
+      0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+      0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
+      0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+      0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+      0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+      0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
+      0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+      0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
+      0x62602242, 0x21282909, 0x03040707, 0x33303303,
+      0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+      0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a },
+    { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
+      0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+      0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+      0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+      0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
+      0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+      0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
+      0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+      0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+      0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+      0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
+      0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+      0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
+      0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+      0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+      0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+      0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
+      0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+      0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
+      0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+      0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+      0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+      0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
+      0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+      0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
+      0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+      0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+      0x02222022, 0x04000404, 0x48606828, 0x41717031,
+      0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
+      0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+      0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
+      0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+      0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+      0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+      0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
+      0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+      0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
+      0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+      0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+      0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+      0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
+      0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+      0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
+      0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+      0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+      0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+      0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
+      0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+      0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
+      0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+      0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+      0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+      0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
+      0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+      0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
+      0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+      0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+      0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+      0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
+      0x02323032, 0x84808404, 0x49616829, 0x83939013,
+      0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
+      0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+      0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+      0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437 }
+};
+
+/* key schedule constants - golden ratio */
+#define KC0 0x9e3779b9
+#define KC1 0x3c6ef373
+#define KC2 0x78dde6e6
+#define KC3 0xf1bbcdcc
+#define KC4 0xe3779b99
+#define KC5 0xc6ef3733
+#define KC6 0x8dde6e67
+#define KC7 0x1bbcdccf
+#define KC8 0x3779b99e
+#define KC9 0x6ef3733c
+#define KC10 0xdde6e678
+#define KC11 0xbbcdccf1
+#define KC12 0x779b99e3
+#define KC13 0xef3733c6
+#define KC14 0xde6e678d
+#define KC15 0xbcdccf1b
+
+void
+SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+             SEED_KEY_SCHEDULE *ks)
+{
+    seed_word K0, K1, K2, K3;
+    seed_word t0, t1;
+
+    char2word(rawkey, K0);
+    char2word(rawkey + 4, K1);
+    char2word(rawkey + 8, K2);
+    char2word(rawkey + 12, K3);
+
+    t0 = (K0 + K2 - KC0);
+    t1 = (K1 - K3 + KC0);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC1);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+    KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC2);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC3);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+    KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC4);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC5);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+    KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC6);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC7);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+    KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC8);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC9);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+    KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC10);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC11);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+    KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC12);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC13);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+    KEYSCHEDULE_UPDATE0(t0, t1, K0, K1, K2, K3, KC14);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+    KEYSCHEDULE_UPDATE1(t0, t1, K0, K1, K2, K3, KC15);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+}
+
+void
+SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+             unsigned char d[SEED_BLOCK_SIZE],
+             const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word L0, L1, R0, R1;
+    seed_word t0, t1;
+
+    char2word(s, L0);
+    char2word(s + 4, L1);
+    char2word(s + 8, R0);
+    char2word(s + 12, R1);
+
+    E_SEED(t0, t1, L0, L1, R0, R1, 0);
+    E_SEED(t0, t1, R0, R1, L0, L1, 2);
+    E_SEED(t0, t1, L0, L1, R0, R1, 4);
+    E_SEED(t0, t1, R0, R1, L0, L1, 6);
+    E_SEED(t0, t1, L0, L1, R0, R1, 8);
+    E_SEED(t0, t1, R0, R1, L0, L1, 10);
+    E_SEED(t0, t1, L0, L1, R0, R1, 12);
+    E_SEED(t0, t1, R0, R1, L0, L1, 14);
+    E_SEED(t0, t1, L0, L1, R0, R1, 16);
+    E_SEED(t0, t1, R0, R1, L0, L1, 18);
+    E_SEED(t0, t1, L0, L1, R0, R1, 20);
+    E_SEED(t0, t1, R0, R1, L0, L1, 22);
+    E_SEED(t0, t1, L0, L1, R0, R1, 24);
+    E_SEED(t0, t1, R0, R1, L0, L1, 26);
+    E_SEED(t0, t1, L0, L1, R0, R1, 28);
+    E_SEED(t0, t1, R0, R1, L0, L1, 30);
+
+    word2char(R0, d);
+    word2char(R1, d + 4);
+    word2char(L0, d + 8);
+    word2char(L1, d + 12);
+}
+
+void
+SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+             unsigned char d[SEED_BLOCK_SIZE],
+             const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word L0, L1, R0, R1;
+    seed_word t0, t1;
+
+    char2word(s, L0);
+    char2word(s + 4, L1);
+    char2word(s + 8, R0);
+    char2word(s + 12, R1);
+
+    E_SEED(t0, t1, L0, L1, R0, R1, 30);
+    E_SEED(t0, t1, R0, R1, L0, L1, 28);
+    E_SEED(t0, t1, L0, L1, R0, R1, 26);
+    E_SEED(t0, t1, R0, R1, L0, L1, 24);
+    E_SEED(t0, t1, L0, L1, R0, R1, 22);
+    E_SEED(t0, t1, R0, R1, L0, L1, 20);
+    E_SEED(t0, t1, L0, L1, R0, R1, 18);
+    E_SEED(t0, t1, R0, R1, L0, L1, 16);
+    E_SEED(t0, t1, L0, L1, R0, R1, 14);
+    E_SEED(t0, t1, R0, R1, L0, L1, 12);
+    E_SEED(t0, t1, L0, L1, R0, R1, 10);
+    E_SEED(t0, t1, R0, R1, L0, L1, 8);
+    E_SEED(t0, t1, L0, L1, R0, R1, 6);
+    E_SEED(t0, t1, R0, R1, L0, L1, 4);
+    E_SEED(t0, t1, L0, L1, R0, R1, 2);
+    E_SEED(t0, t1, R0, R1, L0, L1, 0);
+
+    word2char(R0, d);
+    word2char(R1, d + 4);
+    word2char(L0, d + 8);
+    word2char(L1, d + 12);
+}
+
+void
+SEED_ecb_encrypt(const unsigned char *in,
+                 unsigned char *out,
+                 const SEED_KEY_SCHEDULE *ks, int enc)
+{
+    if (enc) {
+        SEED_encrypt(in, out, ks);
+    } else {
+        SEED_decrypt(in, out, ks);
+    }
+}
+
+void
+SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                 size_t len, const SEED_KEY_SCHEDULE *ks,
+                 unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+{
+    size_t n;
+    unsigned char tmp[SEED_BLOCK_SIZE];
+    const unsigned char *iv = ivec;
+
+    if (enc) {
+        while (len >= SEED_BLOCK_SIZE) {
+            for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                out[n] = in[n] ^ iv[n];
+
+            SEED_encrypt(out, out, ks);
+            iv = out;
+            len -= SEED_BLOCK_SIZE;
+            in += SEED_BLOCK_SIZE;
+            out += SEED_BLOCK_SIZE;
+        }
+
+        if (len) {
+            for (n = 0; n < len; ++n)
+                out[n] = in[n] ^ iv[n];
+
+            for (n = len; n < SEED_BLOCK_SIZE; ++n)
+                out[n] = iv[n];
+
+            SEED_encrypt(out, out, ks);
+            iv = out;
+        }
+
+        memcpy(ivec, iv, SEED_BLOCK_SIZE);
+    } else if (in != out) {
+        while (len >= SEED_BLOCK_SIZE) {
+            SEED_decrypt(in, out, ks);
+
+            for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+
+            iv = in;
+            len -= SEED_BLOCK_SIZE;
+            in += SEED_BLOCK_SIZE;
+            out += SEED_BLOCK_SIZE;
+        }
+
+        if (len) {
+            SEED_decrypt(in, tmp, ks);
+
+            for (n = 0; n < len; ++n)
+                out[n] = tmp[n] ^ iv[n];
+
+            iv = in;
+        }
+
+        memcpy(ivec, iv, SEED_BLOCK_SIZE);
+    } else {
+        while (len >= SEED_BLOCK_SIZE) {
+            memcpy(tmp, in, SEED_BLOCK_SIZE);
+            SEED_decrypt(in, out, ks);
+
+            for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                out[n] ^= ivec[n];
+
+            memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+            len -= SEED_BLOCK_SIZE;
+            in += SEED_BLOCK_SIZE;
+            out += SEED_BLOCK_SIZE;
+        }
+
+        if (len) {
+            memcpy(tmp, in, SEED_BLOCK_SIZE);
+            SEED_decrypt(tmp, tmp, ks);
+
+            for (n = 0; n < len; ++n)
+                out[n] = tmp[n] ^ ivec[n];
+
+            memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+        }
+    }
+}
+
+SEEDContext *
+SEED_AllocateContext(void)
+{
+    return PORT_ZNew(SEEDContext);
+}
+
+SECStatus
+SEED_InitContext(SEEDContext *cx, const unsigned char *key,
+                 unsigned int keylen, const unsigned char *iv,
+                 int mode, unsigned int encrypt, unsigned int unused)
+{
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (mode) {
+        case NSS_SEED:
+            SEED_set_key(key, &cx->ks);
+            cx->mode = NSS_SEED;
+            cx->encrypt = encrypt;
+            break;
+
+        case NSS_SEED_CBC:
+            memcpy(cx->iv, iv, 16);
+            SEED_set_key(key, &cx->ks);
+            cx->mode = NSS_SEED_CBC;
+            cx->encrypt = encrypt;
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SEEDContext *
+SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
+                   int mode, PRBool encrypt)
+{
+    SEEDContext *cx = PORT_ZNew(SEEDContext);
+    SECStatus rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode,
+                                    encrypt, 0);
+
+    if (rv != SECSuccess) {
+        PORT_ZFree(cx, sizeof *cx);
+        cx = NULL;
+    }
+
+    return cx;
+}
+
+void
+SEED_DestroyContext(SEEDContext *cx, PRBool freeit)
+{
+    if (cx) {
+        memset(cx, 0, sizeof *cx);
+
+        if (freeit)
+            PORT_Free(cx);
+    }
+}
+
+SECStatus
+SEED_Encrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
+             unsigned int maxOutLen, const unsigned char *in,
+             unsigned int inLen)
+{
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!cx->encrypt) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (cx->mode) {
+        case NSS_SEED:
+            SEED_ecb_encrypt(in, out, &cx->ks, 1);
+            *outLen = inLen;
+            break;
+
+        case NSS_SEED_CBC:
+            SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 1);
+            *outLen = inLen;
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SEED_Decrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen,
+             unsigned int maxOutLen, const unsigned char *in,
+             unsigned int inLen)
+{
+    if (!cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (cx->encrypt) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (cx->mode) {
+        case NSS_SEED:
+            SEED_ecb_encrypt(in, out, &cx->ks, 0);
+            *outLen = inLen;
+            break;
+
+        case NSS_SEED_CBC:
+            SEED_cbc_encrypt(in, out, inLen, &cx->ks, cx->iv, 0);
+            *outLen = inLen;
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
diff --git a/nss/lib/freebl/seed.h b/nss/lib/freebl/seed.h
new file mode 100644
index 0000000..f527165
--- /dev/null
+++ b/nss/lib/freebl/seed.h
@@ -0,0 +1,125 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef HEADER_SEED_H
+#define HEADER_SEED_H
+
+#include <string.h>
+#include "blapi.h"
+
+#if !defined(NO_SYS_TYPES_H)
+#include <sys/types.h>
+#endif
+
+typedef PRUint32 seed_word;
+
+#define G_FUNC(v)                   \
+    SS[0][((v)&0xff)] ^             \
+        SS[1][((v) >> 8 & 0xff)] ^  \
+        SS[2][((v) >> 16 & 0xff)] ^ \
+        SS[3][((v) >> 24 & 0xff)]
+
+#define char2word(c, i)                    \
+    (i) = ((((seed_word)((c)[0])) << 24) | \
+           (((seed_word)((c)[1])) << 16) | \
+           (((seed_word)((c)[2])) << 8) |  \
+           ((seed_word)((c)[3])))
+
+#define word2char(l, c)                      \
+    *((c) + 0) = (unsigned char)((l) >> 24); \
+    *((c) + 1) = (unsigned char)((l) >> 16); \
+    *((c) + 2) = (unsigned char)((l) >> 8);  \
+    *((c) + 3) = (unsigned char)((l))
+
+#define KEYSCHEDULE_UPDATE0(T0, T1, K0, K1, K2, K3, KC) \
+    (T0) = (K2);                                        \
+    (K2) = (((K2) << 8) ^ ((K3) >> 24));                \
+    (K3) = (((K3) << 8) ^ ((T0) >> 24));                \
+    (T0) = ((K0) + (K2) - (KC));                        \
+    (T1) = ((K1) + (KC) - (K3))
+
+#define KEYSCHEDULE_UPDATE1(T0, T1, K0, K1, K2, K3, KC) \
+    (T0) = (K0);                                        \
+    (K0) = (((K0) >> 8) ^ ((K1) << 24));                \
+    (K1) = (((K1) >> 8) ^ ((T0) << 24));                \
+    (T0) = ((K0) + (K2) - (KC));                        \
+    (T1) = ((K1) + (KC) - (K3))
+
+#define KEYUPDATE_TEMP(T0, T1, K) \
+    (K)[0] = G_FUNC((T0));        \
+    (K)[1] = G_FUNC((T1))
+
+#define XOR_SEEDBLOCK(DST, SRC) \
+    (DST)[0] ^= (SRC)[0];       \
+    (DST)[1] ^= (SRC)[1];       \
+    (DST)[2] ^= (SRC)[2];       \
+    (DST)[3] ^= (SRC)[3]
+
+#define MOV_SEEDBLOCK(DST, SRC) \
+    (DST)[0] = (SRC)[0];        \
+    (DST)[1] = (SRC)[1];        \
+    (DST)[2] = (SRC)[2];        \
+    (DST)[3] = (SRC)[3]
+
+#define CHAR2WORD(C, I)         \
+    char2word((C), (I)[0]);     \
+    char2word((C) + 4, (I)[1]); \
+    char2word((C) + 8, (I)[2]); \
+    char2word((C) + 12, (I)[3])
+
+#define WORD2CHAR(I, C)         \
+    word2char((I)[0], (C));     \
+    word2char((I)[1], (C + 4)); \
+    word2char((I)[2], (C + 8)); \
+    word2char((I)[3], (C + 12))
+
+#define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \
+    (T0) = (X3) ^ (ks->data)[(rbase)];        \
+    (T1) = (X4) ^ (ks->data)[(rbase) + 1];    \
+    (T1) ^= (T0);                             \
+    (T1) = G_FUNC(T1);                        \
+    (T0) += (T1);                             \
+    (T0) = G_FUNC(T0);                        \
+    (T1) += (T0);                             \
+    (T1) = G_FUNC(T1);                        \
+    (T0) += (T1);                             \
+    (X1) ^= (T0);                             \
+    (X2) ^= (T1)
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct seed_key_st {
+    PRUint32 data[32];
+} SEED_KEY_SCHEDULE;
+
+struct SEEDContextStr {
+    unsigned char iv[SEED_BLOCK_SIZE];
+    SEED_KEY_SCHEDULE ks;
+    int mode;
+    unsigned int encrypt;
+};
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+                  SEED_KEY_SCHEDULE *ks);
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_SEED_H */
diff --git a/nss/lib/freebl/sha-fast-amd64-sun.s b/nss/lib/freebl/sha-fast-amd64-sun.s
new file mode 100644
index 0000000..6430469
--- /dev/null
+++ b/nss/lib/freebl/sha-fast-amd64-sun.s
@@ -0,0 +1,2151 @@
+/ This Source Code Form is subject to the terms of the Mozilla Public
+/ License, v. 2.0. If a copy of the MPL was not distributed with this
+/ file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+	.file	"sha_fast.c"
+	.text
+	.align 16
+.globl SHA1_Begin
+	.type	SHA1_Begin, @function
+SHA1_Begin:
+.LFB4:
+	movl	$4023233417, %ecx
+	movl	$2562383102, %edx
+	movl	$3285377520, %eax
+	movq	$0, 64(%rdi)
+	movq	$1732584193, 72(%rdi)
+	movq	%rcx, 80(%rdi)
+	movq	%rdx, 88(%rdi)
+	movq	$271733878, 96(%rdi)
+	movq	%rax, 104(%rdi)
+	ret
+.LFE4:
+	.size	SHA1_Begin, .-SHA1_Begin
+	.align 16
+	.type	shaCompress, @function
+shaCompress:
+.LFB7:
+	pushq	%r15
+.LCFI0:
+	pushq	%r14
+.LCFI1:
+	pushq	%r13
+.LCFI2:
+	pushq	%r12
+.LCFI3:
+	movq	-88(%rdi), %r12
+	movq	-80(%rdi), %r10
+	movq	-72(%rdi), %r13
+	movq	-64(%rdi), %r8
+	pushq	%rbx
+.LCFI4:
+	movq	-56(%rdi), %rcx
+	movl	(%rsi), %eax
+	movl	%r12d, %edx
+	movq	%r13, %r9
+	roll	$5, %edx
+	movl	4(%rsi), %ebx
+	xorq	%r8, %r9 
+/APP
+	bswap %eax
+/NO_APP
+	andq	%r10, %r9
+	mov	%eax, %r15d
+	roll	$30, %r10d
+	movq	%r15, -48(%rdi)
+	xorq	%r8, %r9 
+	movq	-48(%rdi), %r14
+	addq	%r9, %rdx
+	movq	%r10, %rax
+	movl	%r12d, %r15d
+	addq	%rcx, %rdx
+	xorq	%r13, %rax 
+	roll	$30, %r15d
+	leaq	1518500249(%rdx,%r14), %rdx
+	andq	%r12, %rax
+	movq	%r15, %r12
+/APP
+	bswap %ebx
+/NO_APP
+	movl	%edx, %ecx
+	mov	%ebx, %r11d
+	xorq	%r13, %rax 
+	movq	%r11, -40(%rdi)
+	roll	$5, %ecx
+	movq	-40(%rdi), %r9
+	addq	%rax, %rcx
+	xorq	%r10, %r12 
+	movl	8(%rsi), %r14d
+	addq	%r8, %rcx
+	andq	%rdx, %r12
+	movl	%edx, %r11d
+	leaq	1518500249(%rcx,%r9), %rcx
+	xorq	%r10, %r12 
+	roll	$30, %r11d
+/APP
+	bswap %r14d
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%r14d, %ebx
+	movl	12(%rsi), %r9d
+	movq	%rbx, -32(%rdi)
+	roll	$5, %r8d
+	movq	-32(%rdi), %rax
+	addq	%r12, %r8
+	movq	%r11, %r12
+	movl	%ecx, %ebx
+	addq	%r13, %r8
+	xorq	%r15, %r12 
+	roll	$30, %ebx
+	leaq	1518500249(%r8,%rax), %r8
+	andq	%rcx, %r12
+	movl	16(%rsi), %eax
+/APP
+	bswap %r9d
+/NO_APP
+	movl	%r8d, %edx
+	mov	%r9d, %r14d
+	xorq	%r15, %r12 
+	movq	%r14, -24(%rdi)
+	roll	$5, %edx
+	movq	-24(%rdi), %r13
+	addq	%r12, %rdx
+	movq	%rbx, %r12
+	movl	%r8d, %r14d
+	addq	%r10, %rdx
+	leaq	1518500249(%rdx,%r13), %rdx
+	movl	20(%rsi), %r13d
+/APP
+	bswap %eax
+/NO_APP
+	movl	%edx, %ecx
+	mov	%eax, %r9d
+	roll	$5, %ecx
+	xorq	%r11, %r12 
+	movq	%r9, -16(%rdi)
+	andq	%r8, %r12
+	movq	-16(%rdi), %r10
+	roll	$30, %r14d
+	xorq	%r11, %r12 
+	movq	%r14, %rax
+	movl	%edx, %r9d
+	addq	%r12, %rcx
+	xorq	%rbx, %rax 
+	roll	$30, %r9d
+	addq	%r15, %rcx
+	andq	%rdx, %rax
+	leaq	1518500249(%rcx,%r10), %rcx
+	xorq	%rbx, %rax 
+	movl	24(%rsi), %r10d
+/APP
+	bswap %r13d
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%r13d, %r15d
+	movq	%r15, -8(%rdi)
+	roll	$5, %r8d
+	movq	-8(%rdi), %r12
+	addq	%rax, %r8
+	movl	%ecx, %r15d
+	addq	%r11, %r8
+	movq	%r9, %r11
+	roll	$30, %r15d
+	leaq	1518500249(%r8,%r12), %r8
+	xorq	%r14, %r11 
+	movl	28(%rsi), %r12d
+/APP
+	bswap %r10d
+/NO_APP
+	andq	%rcx, %r11
+	mov	%r10d, %r13d
+	movl	%r8d, %edx
+	movq	%r13, (%rdi)
+	xorq	%r14, %r11 
+	movq	(%rdi), %rax
+	roll	$5, %edx
+	movq	%r15, %r10
+	movl	%r8d, %r13d
+	addq	%r11, %rdx
+	xorq	%r9, %r10 
+	roll	$30, %r13d
+	addq	%rbx, %rdx
+	andq	%r8, %r10
+	leaq	1518500249(%rdx,%rax), %rdx
+	xorq	%r9, %r10 
+	movl	32(%rsi), %eax
+/APP
+	bswap %r12d
+/NO_APP
+	movl	%edx, %ecx
+	mov	%r12d, %ebx
+	movq	%rbx, 8(%rdi)
+	roll	$5, %ecx
+	movq	8(%rdi), %r11
+	addq	%r10, %rcx
+	movq	%r13, %r10
+	movl	%edx, %ebx
+	addq	%r14, %rcx
+	leaq	1518500249(%rcx,%r11), %rcx
+/APP
+	bswap %eax
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%eax, %r12d
+	roll	$5, %r8d
+	xorq	%r15, %r10 
+	movq	%r12, 16(%rdi)
+	andq	%rdx, %r10
+	movq	16(%rdi), %r14
+	roll	$30, %ebx
+	xorq	%r15, %r10 
+	movq	%rbx, %rax
+	movl	36(%rsi), %r11d
+	addq	%r10, %r8
+	xorq	%r13, %rax 
+	movl	%ecx, %r12d
+	addq	%r9, %r8
+	andq	%rcx, %rax
+	roll	$30, %r12d
+	leaq	1518500249(%r8,%r14), %r8
+	xorq	%r13, %rax 
+	movl	40(%rsi), %r14d
+/APP
+	bswap %r11d
+/NO_APP
+	movl	%r8d, %edx
+	mov	%r11d, %r9d
+	movq	%r12, %r11
+	movq	%r9, 24(%rdi)
+	roll	$5, %edx
+	movq	24(%rdi), %r10
+	addq	%rax, %rdx
+	xorq	%rbx, %r11 
+	movl	%r8d, %r9d
+	addq	%r15, %rdx
+	andq	%r8, %r11
+	roll	$30, %r9d
+	leaq	1518500249(%rdx,%r10), %rdx
+	xorq	%rbx, %r11 
+	movl	44(%rsi), %r10d
+/APP
+	bswap %r14d
+/NO_APP
+	movl	%edx, %ecx
+	mov	%r14d, %r15d
+	movq	%r15, 32(%rdi)
+	roll	$5, %ecx
+	movq	32(%rdi), %rax
+	addq	%r11, %rcx
+	movq	%r9, %r11
+	movl	%edx, %r15d
+	addq	%r13, %rcx
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	leaq	1518500249(%rcx,%rax), %rcx
+	andq	%rdx, %r11
+	movl	48(%rsi), %eax
+/APP
+	bswap %r10d
+/NO_APP
+	movl	%ecx, %r8d
+	mov	%r10d, %r14d
+	xorq	%r12, %r11 
+	movq	%r14, 40(%rdi)
+	roll	$5, %r8d
+	movq	40(%rdi), %r13
+	addq	%r11, %r8
+	movq	%r15, %r10
+	movl	%ecx, %r14d
+	addq	%rbx, %r8
+	xorq	%r9, %r10 
+	leaq	1518500249(%r8,%r13), %r8
+	movl	52(%rsi), %r13d
+/APP
+	bswap %eax
+/NO_APP
+	movl	%r8d, %edx
+	mov	%eax, %ebx
+	roll	$5, %edx
+	andq	%rcx, %r10
+	movq	%rbx, 48(%rdi)
+	xorq	%r9, %r10 
+	movq	48(%rdi), %r11
+	roll	$30, %r14d
+	addq	%r10, %rdx
+	movq	%r14, %rax
+	movl	%r8d, %ebx
+	addq	%r12, %rdx
+	xorq	%r15, %rax 
+	roll	$30, %ebx
+	leaq	1518500249(%rdx,%r11), %rdx
+	andq	%r8, %rax
+	movl	56(%rsi), %r11d
+/APP
+	bswap %r13d
+/NO_APP
+	movl	%edx, %ecx
+	mov	%r13d, %r12d
+	xorq	%r15, %rax 
+	movq	%r12, 56(%rdi)
+	roll	$5, %ecx
+	movq	56(%rdi), %r10
+	addq	%rax, %rcx
+	movl	%edx, %r12d
+	addq	%r9, %rcx
+	movq	%rbx, %r9
+	roll	$30, %r12d
+	leaq	1518500249(%rcx,%r10), %rcx
+	xorq	%r14, %r9 
+	movl	60(%rsi), %r10d
+/APP
+	bswap %r11d
+/NO_APP
+	andq	%rdx, %r9
+	mov	%r11d, %r13d
+	movl	%ecx, %r8d
+	movq	%r13, 64(%rdi)
+	xorq	%r14, %r9 
+	movq	64(%rdi), %rax
+	roll	$5, %r8d
+	movq	%r12, %r11
+	movl	%ecx, %r13d
+	addq	%r9, %r8
+	xorq	%rbx, %r11 
+	roll	$30, %r13d
+	addq	%r15, %r8
+	andq	%rcx, %r11
+	leaq	1518500249(%r8,%rax), %r8
+	xorq	%rbx, %r11 
+/APP
+	bswap %r10d
+/NO_APP
+	movl	%r8d, %esi
+	mov	%r10d, %r15d
+	movq	%r15, 72(%rdi)
+	roll	$5, %esi
+	movq	72(%rdi), %r9
+	movq	56(%rdi), %r10
+	movq	16(%rdi), %rcx
+	addq	%r11, %rsi
+	movq	-32(%rdi), %rdx
+	addq	%r14, %rsi
+	movq	-48(%rdi), %rax
+	leaq	1518500249(%rsi,%r9), %r14
+	movq	%r13, %r11
+	movl	%r8d, %r15d
+	xorq	%rcx, %r10 
+	xorq	%rdx, %r10 
+	movl	%r14d, %ecx
+	xorl	%eax, %r10d
+	roll	%r10d
+	roll	$5, %ecx
+	xorq	%r12, %r11 
+	andq	%r8, %r11
+	movq	%r10, -48(%rdi)
+	movq	-48(%rdi), %r9
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	movl	%r14d, %r10d
+	addq	%r11, %rcx
+	movq	64(%rdi), %r11
+	movq	24(%rdi), %rdx
+	addq	%rbx, %rcx
+	movq	-24(%rdi), %rbx
+	movq	-40(%rdi), %rax
+	leaq	1518500249(%rcx,%r9), %rcx
+	movq	%r15, %r8
+	roll	$30, %r10d
+	xorq	%rdx, %r11 
+	xorq	%r13, %r8 
+	xorq	%rbx, %r11 
+	andq	%r14, %r8
+	movl	%ecx, %r9d
+	xorl	%eax, %r11d
+	xorq	%r13, %r8 
+	roll	$5, %r9d
+	roll	%r11d
+	addq	%r8, %r9
+	movq	%r10, %rax
+	movq	%r11, -40(%rdi)
+	movq	-40(%rdi), %rsi
+	addq	%r12, %r9
+	movq	72(%rdi), %rbx
+	movq	32(%rdi), %rdx
+	xorq	%r15, %rax 
+	movq	-16(%rdi), %r14
+	movq	-32(%rdi), %r12
+	andq	%rcx, %rax
+	leaq	1518500249(%r9,%rsi), %r9
+	xorq	%r15, %rax 
+	movl	%ecx, %r11d
+	xorq	%rdx, %rbx 
+	roll	$30, %r11d
+	xorq	%r14, %rbx 
+	movl	%r9d, %esi
+	xorl	%r12d, %ebx
+	roll	$5, %esi
+	roll	%ebx
+	addq	%rax, %rsi
+	movq	%rbx, -32(%rdi)
+	movq	-32(%rdi), %r8
+	addq	%r13, %rsi
+	movq	-48(%rdi), %r12
+	movq	40(%rdi), %rdx
+	movq	%r11, %r13
+	movq	-8(%rdi), %r14
+	movq	-24(%rdi), %rcx
+	movl	%r9d, %ebx
+	leaq	1518500249(%rsi,%r8), %rsi
+	xorq	%rdx, %r12 
+	xorq	%r14, %r12 
+	movl	%esi, %r8d
+	xorl	%ecx, %r12d
+	roll	%r12d
+	roll	$5, %r8d
+	xorq	%r10, %r13 
+	andq	%r9, %r13
+	movq	%r12, -24(%rdi)
+	movq	-24(%rdi), %rax
+	xorq	%r10, %r13 
+	roll	$30, %ebx
+	movl	%esi, %r12d
+	addq	%r13, %r8
+	xorq	%rbx, %rsi 
+	roll	$30, %r12d
+	addq	%r15, %r8
+	movq	-40(%rdi), %r15
+	movq	48(%rdi), %rdx
+	movq	(%rdi), %r14
+	movq	-16(%rdi), %r9
+	leaq	1518500249(%r8,%rax), %r13
+	xorq	%r11, %rsi 
+	xorq	%rdx, %r15 
+	movl	%r13d, %ecx
+	xorq	%r14, %r15 
+	roll	$5, %ecx
+	xorl	%r9d, %r15d
+	addq	%rsi, %rcx
+	roll	%r15d
+	addq	%r10, %rcx
+	movq	%r15, -16(%rdi)
+	movq	-16(%rdi), %rsi
+	movl	%r13d, %r15d
+	movq	-32(%rdi), %r14
+	movq	56(%rdi), %rax
+	xorq	%r12, %r13 
+	movq	8(%rdi), %rdx
+	movq	-8(%rdi), %r10
+	xorq	%rbx, %r13 
+	leaq	1859775393(%rcx,%rsi), %r9
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rdx, %r14 
+	movl	%r9d, %esi
+	xorl	%r10d, %r14d
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r13, %rsi
+	movq	%r14, -8(%rdi)
+	movq	-8(%rdi), %r8
+	addq	%r11, %rsi
+	movq	-24(%rdi), %r13
+	movq	64(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	16(%rdi), %rdx
+	movq	(%rdi), %r11
+	xorq	%r15, %r9 
+	leaq	1859775393(%rsi,%r8), %r10
+	xorq	%rax, %r13 
+	xorq	%rdx, %r13 
+	movl	%r10d, %r8d
+	xorl	%r11d, %r13d
+	roll	$5, %r8d
+	roll	%r13d
+	xorq	%r12, %r9 
+	roll	$30, %r14d
+	addq	%r9, %r8
+	movq	%r13, (%rdi)
+	movq	(%rdi), %rcx
+	addq	%rbx, %r8
+	movq	-16(%rdi), %rbx
+	movq	72(%rdi), %rax
+	movq	24(%rdi), %rdx
+	movq	8(%rdi), %r9
+	movl	%r10d, %r13d
+	leaq	1859775393(%r8,%rcx), %r11
+	xorq	%r14, %r10 
+	roll	$30, %r13d
+	xorq	%rax, %rbx 
+	xorq	%r15, %r10 
+	xorq	%rdx, %rbx 
+	movl	%r11d, %ecx
+	xorl	%r9d, %ebx
+	roll	$5, %ecx
+	roll	%ebx
+	addq	%r10, %rcx
+	movq	%rbx, 8(%rdi)
+	movq	8(%rdi), %rsi
+	addq	%r12, %rcx
+	movq	-8(%rdi), %r12
+	movq	-48(%rdi), %rax
+	movl	%r11d, %ebx
+	movq	32(%rdi), %rdx
+	movq	16(%rdi), %r9
+	xorq	%r13, %r11 
+	leaq	1859775393(%rcx,%rsi), %r10
+	xorq	%r14, %r11 
+	roll	$30, %ebx
+	xorq	%rax, %r12 
+	xorq	%rdx, %r12 
+	movl	%r10d, %esi
+	xorl	%r9d, %r12d
+	roll	$5, %esi
+	roll	%r12d
+	addq	%r11, %rsi
+	movq	%r12, 16(%rdi)
+	addq	%r15, %rsi
+	movq	16(%rdi), %r8
+	movq	(%rdi), %r15
+	movq	-40(%rdi), %rax
+	movl	%r10d, %r12d
+	movq	40(%rdi), %rdx
+	movq	24(%rdi), %r9
+	xorq	%rbx, %r10 
+	leaq	1859775393(%rsi,%r8), %r11
+	xorq	%r13, %r10 
+	xorq	%rax, %r15 
+	xorq	%rdx, %r15 
+	movl	%r11d, %r8d
+	xorl	%r9d, %r15d
+	roll	$5, %r8d
+	roll	%r15d
+	addq	%r10, %r8
+	movq	%r15, 24(%rdi)
+	movq	24(%rdi), %rcx
+	addq	%r14, %r8
+	movq	8(%rdi), %r14
+	movq	-32(%rdi), %rax
+	roll	$30, %r12d
+	movq	48(%rdi), %rdx
+	movq	32(%rdi), %r10
+	movl	%r11d, %r15d
+	leaq	1859775393(%r8,%rcx), %r9
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rbx, %r11 
+	xorq	%rdx, %r14 
+	movl	%r9d, %ecx
+	xorl	%r10d, %r14d
+	roll	$5, %ecx
+	roll	%r14d
+	addq	%r11, %rcx
+	movq	%r14, 32(%rdi)
+	addq	%r13, %rcx
+	movq	32(%rdi), %rsi
+	movq	16(%rdi), %r13
+	movq	-24(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	56(%rdi), %rdx
+	movq	40(%rdi), %r11
+	xorq	%r15, %r9 
+	leaq	1859775393(%rcx,%rsi), %r10
+	xorq	%r12, %r9 
+	roll	$30, %r14d
+	xorq	%rax, %r13 
+	xorq	%rdx, %r13 
+	movl	%r10d, %esi
+	xorl	%r11d, %r13d
+	roll	$5, %esi
+	roll	%r13d
+	addq	%r9, %rsi
+	movq	%r13, 40(%rdi)
+	movq	40(%rdi), %r8
+	addq	%rbx, %rsi
+	movq	24(%rdi), %rbx
+	movq	-16(%rdi), %rax
+	movl	%r10d, %r13d
+	movq	64(%rdi), %rdx
+	movq	48(%rdi), %r9
+	xorq	%r14, %r10 
+	leaq	1859775393(%rsi,%r8), %r11
+	xorq	%r15, %r10 
+	roll	$30, %r13d
+	xorq	%rax, %rbx 
+	xorq	%rdx, %rbx 
+	movl	%r11d, %r8d
+	xorl	%r9d, %ebx
+	roll	$5, %r8d
+	roll	%ebx
+	addq	%r10, %r8
+	movq	%rbx, 48(%rdi)
+	addq	%r12, %r8
+	movq	48(%rdi), %rcx
+	movq	32(%rdi), %r12
+	movq	-8(%rdi), %rax
+	movl	%r11d, %ebx
+	movq	72(%rdi), %rdx
+	movq	56(%rdi), %r9
+	leaq	1859775393(%r8,%rcx), %r10
+	xorq	%rax, %r12 
+	xorq	%rdx, %r12 
+	movl	%r10d, %ecx
+	xorl	%r9d, %r12d
+	xorq	%r13, %r11 
+	roll	$5, %ecx
+	xorq	%r14, %r11 
+	roll	%r12d
+	roll	$30, %ebx
+	addq	%r11, %rcx
+	movq	%r12, 56(%rdi)
+	movq	56(%rdi), %rsi
+	addq	%r15, %rcx
+	movq	40(%rdi), %r15
+	movq	(%rdi), %rax
+	movq	-48(%rdi), %rdx
+	movq	64(%rdi), %r9
+	movl	%r10d, %r12d
+	leaq	1859775393(%rcx,%rsi), %r11
+	xorq	%rbx, %r10 
+	roll	$30, %r12d
+	xorq	%rax, %r15 
+	xorq	%r13, %r10 
+	xorq	%rdx, %r15 
+	movl	%r11d, %esi
+	xorl	%r9d, %r15d
+	roll	$5, %esi
+	roll	%r15d
+	addq	%r10, %rsi
+	movq	%r15, 64(%rdi)
+	movq	64(%rdi), %r8
+	addq	%r14, %rsi
+	movq	48(%rdi), %r14
+	movq	8(%rdi), %rax
+	movl	%r11d, %r15d
+	movq	-40(%rdi), %rdx
+	movq	72(%rdi), %r10
+	xorq	%r12, %r11 
+	leaq	1859775393(%rsi,%r8), %r9
+	xorq	%rbx, %r11 
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rdx, %r14 
+	movl	%r9d, %r8d
+	xorl	%r10d, %r14d
+	roll	$5, %r8d
+	roll	%r14d
+	addq	%r11, %r8
+	movq	%r14, 72(%rdi)
+	addq	%r13, %r8
+	movq	72(%rdi), %rcx
+	movq	56(%rdi), %r13
+	movq	16(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	-32(%rdi), %rdx
+	movq	-48(%rdi), %r11
+	leaq	1859775393(%r8,%rcx), %r10
+	xorq	%rax, %r13 
+	xorq	%rdx, %r13 
+	movl	%r10d, %ecx
+	xorl	%r11d, %r13d
+	roll	$5, %ecx
+	roll	%r13d
+	xorq	%r15, %r9 
+	roll	$30, %r14d
+	xorq	%r12, %r9 
+	movq	%r13, -48(%rdi)
+	movq	-48(%rdi), %rsi
+	addq	%r9, %rcx
+	movl	%r10d, %r13d
+	xorq	%r14, %r10 
+	addq	%rbx, %rcx
+	movq	64(%rdi), %rbx
+	movq	24(%rdi), %rax
+	movq	-24(%rdi), %rdx
+	leaq	1859775393(%rcx,%rsi), %r11
+	movq	-40(%rdi), %r9
+	xorq	%r15, %r10 
+	roll	$30, %r13d
+	xorq	%rax, %rbx 
+	movl	%r11d, %esi
+	xorq	%rdx, %rbx 
+	roll	$5, %esi
+	xorl	%r9d, %ebx
+	addq	%r10, %rsi
+	roll	%ebx
+	addq	%r12, %rsi
+	movq	%rbx, -40(%rdi)
+	movq	-40(%rdi), %r8
+	movl	%r11d, %ebx
+	movq	72(%rdi), %r12
+	movq	32(%rdi), %rax
+	xorq	%r13, %r11 
+	movq	-16(%rdi), %rdx
+	movq	-32(%rdi), %r9
+	xorq	%r14, %r11 
+	leaq	1859775393(%rsi,%r8), %r10
+	roll	$30, %ebx
+	xorq	%rax, %r12 
+	xorq	%rdx, %r12 
+	movl	%r10d, %r8d
+	xorl	%r9d, %r12d
+	roll	$5, %r8d
+	roll	%r12d
+	addq	%r11, %r8
+	movq	%r12, -32(%rdi)
+	movq	-32(%rdi), %rcx
+	addq	%r15, %r8
+	movq	-48(%rdi), %r15
+	movq	40(%rdi), %rax
+	movl	%r10d, %r12d
+	movq	-8(%rdi), %rdx
+	movq	-24(%rdi), %r9
+	xorq	%rbx, %r10 
+	leaq	1859775393(%r8,%rcx), %r11
+	xorq	%r13, %r10 
+	xorq	%rax, %r15 
+	xorq	%rdx, %r15 
+	movl	%r11d, %ecx
+	xorl	%r9d, %r15d
+	roll	$5, %ecx
+	roll	%r15d
+	addq	%r10, %rcx
+	addq	%r14, %rcx
+	movq	%r15, -24(%rdi)
+	movq	-24(%rdi), %rsi
+	movq	-40(%rdi), %r14
+	movq	48(%rdi), %rax
+	roll	$30, %r12d
+	movq	(%rdi), %rdx
+	movq	-16(%rdi), %r10
+	movl	%r11d, %r15d
+	leaq	1859775393(%rcx,%rsi), %r9
+	xorq	%r12, %r11 
+	roll	$30, %r15d
+	xorq	%rax, %r14 
+	xorq	%rbx, %r11 
+	xorq	%rdx, %r14 
+	movl	%r9d, %esi
+	xorl	%r10d, %r14d
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r11, %rsi
+	movq	%r14, -16(%rdi)
+	movq	-16(%rdi), %r8
+	addq	%r13, %rsi
+	movq	-32(%rdi), %r11
+	movq	56(%rdi), %rax
+	movl	%r9d, %r14d
+	movq	8(%rdi), %rdx
+	movq	-8(%rdi), %r10
+	xorq	%r15, %r9 
+	leaq	1859775393(%rsi,%r8), %r13
+	xorq	%r12, %r9 
+	roll	$30, %r14d
+	xorq	%rax, %r11 
+	xorq	%rdx, %r11 
+	movl	%r13d, %r8d
+	xorl	%r10d, %r11d
+	roll	$5, %r8d
+	movl	%r13d, %r10d
+	roll	%r11d
+	addq	%r9, %r8
+	xorq	%r14, %r13 
+	movq	%r11, -8(%rdi)
+	addq	%rbx, %r8
+	movq	-8(%rdi), %rbx
+	movq	-24(%rdi), %r9
+	movq	64(%rdi), %rax
+	xorq	%r15, %r13 
+	movq	16(%rdi), %rdx
+	movq	(%rdi), %rcx
+	leaq	1859775393(%r8,%rbx), %r11
+	xorq	%rax, %r9 
+	xorq	%rdx, %r9 
+	movl	%r11d, %ebx
+	xorl	%ecx, %r9d
+	roll	$5, %ebx
+	roll	%r9d
+	addq	%r13, %rbx
+	movq	%r9, (%rdi)
+	movq	(%rdi), %rsi
+	addq	%r12, %rbx
+	movq	-16(%rdi), %r12
+	movq	72(%rdi), %r13
+	movl	%r11d, %r9d
+	leaq	1859775393(%rbx,%rsi), %rcx
+	movl	%r10d, %ebx
+	movq	24(%rdi), %r10
+	movq	8(%rdi), %rax
+	xorq	%r13, %r12 
+	roll	$30, %ebx
+	movl	%ecx, %esi
+	xorq	%r10, %r12 
+	xorq	%rbx, %r11 
+	roll	$5, %esi
+	xorl	%eax, %r12d
+	xorq	%r14, %r11 
+	roll	$30, %r9d
+	roll	%r12d
+	addq	%r11, %rsi
+	movq	%rcx, %rax
+	movq	%r12, 8(%rdi)
+	movq	8(%rdi), %rdx
+	addq	%r15, %rsi
+	movq	-8(%rdi), %r11
+	movq	-48(%rdi), %r13
+	movl	%ecx, %r12d
+	movq	32(%rdi), %r10
+	movq	16(%rdi), %r8
+	orq	%r9, %rcx
+	leaq	1859775393(%rsi,%rdx), %rsi
+	andq	%rbx, %rcx
+	andq	%r9, %rax
+	xorq	%r13, %r11 
+	orq	%rcx, %rax
+	roll	$30, %r12d
+	xorq	%r10, %r11 
+	movq	%rsi, %r10
+	xorl	%r8d, %r11d
+	movl	%esi, %r8d
+	andq	%r12, %r10
+	roll	%r11d
+	roll	$5, %r8d
+	movq	%r11, 16(%rdi)
+	addq	%rax, %r8
+	movq	16(%rdi), %r15
+	movq	(%rdi), %r13
+	movq	-40(%rdi), %rdx
+	addq	%r14, %r8
+	movq	40(%rdi), %r14
+	movq	24(%rdi), %rcx
+	movl	%esi, %r11d
+	addq	%r15, %r8
+	movl	$2400959708, %r15d
+	orq	%r12, %rsi
+	xorq	%rdx, %r13 
+	addq	%r15, %r8
+	andq	%r9, %rsi
+	xorq	%r14, %r13 
+	orq	%rsi, %r10
+	xorl	%ecx, %r13d
+	movl	%r8d, %ecx
+	roll	%r13d
+	roll	$5, %ecx
+	movq	%r13, 24(%rdi)
+	addq	%r10, %rcx
+	movq	24(%rdi), %rax
+	movq	8(%rdi), %r14
+	movq	-32(%rdi), %rdx
+	addq	%rbx, %rcx
+	movq	48(%rdi), %rbx
+	movq	32(%rdi), %rsi
+	roll	$30, %r11d
+	addq	%rax, %rcx
+	movl	%r8d, %r13d
+	movq	%r8, %r10
+	xorq	%rdx, %r14 
+	addq	%r15, %rcx
+	orq	%r11, %r8
+	xorq	%rbx, %r14 
+	andq	%r12, %r8
+	andq	%r11, %r10
+	xorl	%esi, %r14d
+	movl	%ecx, %esi
+	orq	%r8, %r10
+	roll	$5, %esi
+	roll	%r14d
+	roll	$30, %r13d
+	addq	%r10, %rsi
+	movq	%r14, 32(%rdi)
+	movq	32(%rdi), %rax
+	addq	%r9, %rsi
+	movq	16(%rdi), %r9
+	movq	-24(%rdi), %rdx
+	movq	56(%rdi), %rbx
+	movq	40(%rdi), %r8
+	movl	%ecx, %r14d
+	addq	%rax, %rsi
+	movq	%rcx, %r10
+	orq	%r13, %rcx
+	xorq	%rdx, %r9 
+	addq	%r15, %rsi
+	andq	%r11, %rcx
+	xorq	%rbx, %r9 
+	andq	%r13, %r10
+	roll	$30, %r14d
+	xorl	%r8d, %r9d
+	movl	%esi, %r8d
+	orq	%rcx, %r10
+	roll	%r9d
+	roll	$5, %r8d
+	movq	%r9, 40(%rdi)
+	addq	%r10, %r8
+	movq	40(%rdi), %rax
+	movq	24(%rdi), %r10
+	movq	-16(%rdi), %rdx
+	addq	%r12, %r8
+	movq	64(%rdi), %rbx
+	movq	48(%rdi), %rcx
+	movl	%esi, %r9d
+	addq	%rax, %r8
+	movq	%rsi, %r12
+	xorq	%rdx, %r10 
+	addq	%r15, %r8
+	xorq	%rbx, %r10 
+	orq	%r14, %rsi
+	andq	%r14, %r12
+	andq	%r13, %rsi
+	xorl	%ecx, %r10d
+	movl	%r8d, %ecx
+	orq	%rsi, %r12
+	roll	%r10d
+	roll	$5, %ecx
+	movq	%r10, 48(%rdi)
+	addq	%r12, %rcx
+	movq	48(%rdi), %rax
+	movq	32(%rdi), %r12
+	movq	-8(%rdi), %rdx
+	addq	%r11, %rcx
+	movq	72(%rdi), %rbx
+	movq	56(%rdi), %rsi
+	roll	$30, %r9d
+	addq	%rax, %rcx
+	movl	%r8d, %r10d
+	movq	%r8, %r11
+	xorq	%rdx, %r12 
+	addq	%r15, %rcx
+	orq	%r9, %r8
+	xorq	%rbx, %r12 
+	andq	%r14, %r8
+	andq	%r9, %r11
+	xorl	%esi, %r12d
+	movl	%ecx, %esi
+	orq	%r8, %r11
+	roll	%r12d
+	roll	$5, %esi
+	roll	$30, %r10d
+	movq	%r12, 56(%rdi)
+	addq	%r11, %rsi
+	movq	56(%rdi), %rax
+	movq	40(%rdi), %r11
+	movq	(%rdi), %rdx
+	addq	%r13, %rsi
+	movq	-48(%rdi), %rbx
+	movq	64(%rdi), %r8
+	movq	%rcx, %r13
+	addq	%rax, %rsi
+	andq	%r10, %r13
+	movl	%ecx, %r12d
+	xorq	%rdx, %r11 
+	addq	%r15, %rsi
+	xorq	%rbx, %r11 
+	xorl	%r8d, %r11d
+	movl	%esi, %r8d
+	roll	%r11d
+	roll	$5, %r8d
+	orq	%r10, %rcx
+	andq	%r9, %rcx
+	movq	%r11, 64(%rdi)
+	movq	64(%rdi), %rax
+	orq	%rcx, %r13
+	roll	$30, %r12d
+	movl	%esi, %r11d
+	addq	%r13, %r8
+	movq	48(%rdi), %r13
+	movq	8(%rdi), %rdx
+	movq	-40(%rdi), %rbx
+	addq	%r14, %r8
+	movq	72(%rdi), %rcx
+	addq	%rax, %r8
+	movq	%rsi, %r14
+	orq	%r12, %rsi
+	xorq	%rdx, %r13 
+	addq	%r15, %r8
+	andq	%r10, %rsi
+	xorq	%rbx, %r13 
+	andq	%r12, %r14
+	roll	$30, %r11d
+	xorl	%ecx, %r13d
+	movl	%r8d, %ecx
+	orq	%rsi, %r14
+	roll	%r13d
+	roll	$5, %ecx
+	movq	%r13, 72(%rdi)
+	addq	%r14, %rcx
+	movq	72(%rdi), %rax
+	movq	56(%rdi), %r14
+	movq	16(%rdi), %rdx
+	addq	%r9, %rcx
+	movq	-32(%rdi), %rbx
+	movq	-48(%rdi), %rsi
+	movl	%r8d, %r13d
+	addq	%rax, %rcx
+	movq	%r8, %r9
+	orq	%r11, %r8
+	xorq	%rdx, %r14 
+	addq	%r15, %rcx
+	andq	%r12, %r8
+	xorq	%rbx, %r14 
+	andq	%r11, %r9
+	xorl	%esi, %r14d
+	movl	%ecx, %esi
+	orq	%r8, %r9
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r9, %rsi
+	movq	%r14, -48(%rdi)
+	movq	-48(%rdi), %rax
+	addq	%r10, %rsi
+	movq	64(%rdi), %r10
+	movq	24(%rdi), %rdx
+	movq	-24(%rdi), %rbx
+	movq	-40(%rdi), %r8
+	movl	%ecx, %r14d
+	addq	%rax, %rsi
+	roll	$30, %r13d
+	movq	%rcx, %r9
+	xorq	%rdx, %r10 
+	addq	%r15, %rsi
+	orq	%r13, %rcx
+	xorq	%rbx, %r10 
+	andq	%r11, %rcx
+	andq	%r13, %r9
+	xorl	%r8d, %r10d
+	movl	%esi, %r8d
+	orq	%rcx, %r9
+	roll	$5, %r8d
+	roll	%r10d
+	roll	$30, %r14d
+	addq	%r9, %r8
+	movq	%r10, -40(%rdi)
+	movq	-40(%rdi), %rax
+	addq	%r12, %r8
+	movq	72(%rdi), %r12
+	movq	32(%rdi), %rdx
+	movq	-16(%rdi), %rbx
+	movq	-32(%rdi), %rcx
+	movl	%esi, %r10d
+	addq	%rax, %r8
+	movq	%rsi, %r9
+	orq	%r14, %rsi
+	xorq	%rdx, %r12 
+	addq	%r15, %r8
+	andq	%r13, %rsi
+	xorq	%rbx, %r12 
+	andq	%r14, %r9
+	roll	$30, %r10d
+	xorl	%ecx, %r12d
+	movl	%r8d, %ecx
+	orq	%rsi, %r9
+	roll	$5, %ecx
+	roll	%r12d
+	addq	%r9, %rcx
+	movq	%r12, -32(%rdi)
+	movq	-32(%rdi), %rax
+	addq	%r11, %rcx
+	movq	-48(%rdi), %r11
+	movq	40(%rdi), %rdx
+	movq	-8(%rdi), %rbx
+	movq	-24(%rdi), %rsi
+	movl	%r8d, %r12d
+	addq	%rax, %rcx
+	movq	%r8, %r9
+	xorq	%rdx, %r11 
+	addq	%r15, %rcx
+	xorq	%rbx, %r11 
+	xorl	%esi, %r11d
+	orq	%r10, %r8
+	andq	%r10, %r9
+	andq	%r14, %r8
+	movl	%ecx, %esi
+	roll	%r11d
+	orq	%r8, %r9
+	roll	$5, %esi
+	movq	%r11, -24(%rdi)
+	addq	%r9, %rsi
+	movq	-24(%rdi), %rax
+	roll	$30, %r12d
+	addq	%r13, %rsi
+	movq	-40(%rdi), %r13
+	movq	48(%rdi), %rdx
+	movq	(%rdi), %rbx
+	movq	-16(%rdi), %r8
+	movl	%ecx, %r11d
+	addq	%rax, %rsi
+	movq	%rcx, %r9
+	orq	%r12, %rcx
+	xorq	%rdx, %r13 
+	addq	%r15, %rsi
+	andq	%r10, %rcx
+	xorq	%rbx, %r13 
+	andq	%r12, %r9
+	roll	$30, %r11d
+	xorl	%r8d, %r13d
+	movl	%esi, %r8d
+	orq	%rcx, %r9
+	roll	%r13d
+	roll	$5, %r8d
+	movq	%r13, -16(%rdi)
+	addq	%r9, %r8
+	movq	-16(%rdi), %rax
+	movq	-32(%rdi), %r9
+	movq	56(%rdi), %rdx
+	addq	%r14, %r8
+	movq	8(%rdi), %rcx
+	movq	-8(%rdi), %rbx
+	movl	%esi, %r13d
+	addq	%rax, %r8
+	movq	%rsi, %r14
+	orq	%r11, %rsi
+	xorq	%rdx, %r9 
+	addq	%r15, %r8
+	andq	%r11, %r14
+	xorq	%rcx, %r9 
+	xorl	%ebx, %r9d
+	movl	%r8d, %ebx
+	roll	%r9d
+	roll	$5, %ebx
+	andq	%r12, %rsi
+	orq	%rsi, %r14
+	movq	%r9, -8(%rdi)
+	movq	-8(%rdi), %rax
+	addq	%r14, %rbx
+	movq	-24(%rdi), %r14
+	movq	64(%rdi), %rdx
+	movq	16(%rdi), %rcx
+	addq	%r10, %rbx
+	movq	(%rdi), %rsi
+	roll	$30, %r13d
+	addq	%rax, %rbx
+	movl	%r8d, %r9d
+	xorq	%rdx, %r14 
+	addq	%r15, %rbx
+	movq	%r8, %r10
+	xorq	%rcx, %r14 
+	orq	%r13, %r8
+	andq	%r13, %r10
+	andq	%r11, %r8
+	xorl	%esi, %r14d
+	movl	%ebx, %esi
+	orq	%r8, %r10
+	roll	$5, %esi
+	roll	%r14d
+	addq	%r10, %rsi
+	movq	%r14, (%rdi)
+	movq	(%rdi), %rax
+	addq	%r12, %rsi
+	movq	-16(%rdi), %r12
+	movq	72(%rdi), %rdx
+	movq	24(%rdi), %rcx
+	movq	8(%rdi), %r8
+	roll	$30, %r9d
+	addq	%rax, %rsi
+	movl	%ebx, %r14d
+	movq	%rbx, %r10
+	xorq	%rdx, %r12 
+	addq	%r15, %rsi
+	orq	%r9, %rbx
+	xorq	%rcx, %r12 
+	andq	%r13, %rbx
+	andq	%r9, %r10
+	xorl	%r8d, %r12d
+	movl	%esi, %r8d
+	orq	%rbx, %r10
+	roll	%r12d
+	roll	$5, %r8d
+	movq	%r12, 8(%rdi)
+	movq	8(%rdi), %rax
+	addq	%r10, %r8
+	movq	-8(%rdi), %rbx
+	movq	-48(%rdi), %rdx
+	addq	%r11, %r8
+	movq	32(%rdi), %r11
+	movq	16(%rdi), %rcx
+	movl	%esi, %r12d
+	addq	%rax, %r8
+	movq	%rsi, %r10
+	addq	%r15, %r8
+	xorq	%rdx, %rbx 
+	roll	$30, %r14d
+	xorq	%r11, %rbx 
+	orq	%r14, %rsi
+	andq	%r14, %r10
+	xorl	%ecx, %ebx
+	andq	%r9, %rsi
+	movl	%r8d, %ecx
+	roll	%ebx
+	orq	%rsi, %r10
+	roll	$5, %ecx
+	movq	%rbx, 16(%rdi)
+	movq	16(%rdi), %rsi
+	addq	%r10, %rcx
+	movq	(%rdi), %r11
+	movq	-40(%rdi), %rax
+	addq	%r13, %rcx
+	movq	40(%rdi), %rdx
+	movq	24(%rdi), %r13
+	roll	$30, %r12d
+	addq	%rsi, %rcx
+	movl	%r8d, %ebx
+	movq	%r8, %r10
+	xorq	%rax, %r11 
+	addq	%r15, %rcx
+	orq	%r12, %r8
+	xorq	%rdx, %r11 
+	andq	%r14, %r8
+	andq	%r12, %r10
+	xorl	%r13d, %r11d
+	movl	%ecx, %r13d
+	orq	%r8, %r10
+	roll	%r11d
+	roll	$5, %r13d
+	roll	$30, %ebx
+	movq	%r11, 24(%rdi)
+	addq	%r10, %r13
+	movq	24(%rdi), %rsi
+	movq	8(%rdi), %r10
+	movq	-32(%rdi), %rax
+	addq	%r9, %r13
+	movq	48(%rdi), %rdx
+	movq	32(%rdi), %r8
+	movl	%ecx, %r11d
+	addq	%rsi, %r13
+	movq	%rcx, %r9
+	xorq	%rax, %r10 
+	addq	%r15, %r13
+	xorq	%rdx, %r10 
+	xorl	%r8d, %r10d
+	movl	%r13d, %r8d
+	roll	%r10d
+	orq	%rbx, %rcx
+	andq	%rbx, %r9
+	movq	%r10, 32(%rdi)
+	andq	%r12, %rcx
+	movl	%r13d, %r10d
+	orq	%rcx, %r9
+	roll	$5, %r10d
+	movq	32(%rdi), %rsi
+	addq	%r9, %r10
+	roll	$30, %r11d
+	movq	%r13, %rcx
+	addq	%r14, %r10
+	movq	16(%rdi), %r14
+	movq	-24(%rdi), %rax
+	movq	56(%rdi), %rdx
+	movq	40(%rdi), %r9
+	addq	%rsi, %r10
+	addq	%r15, %r10
+	orq	%r11, %r13
+	andq	%r11, %rcx
+	xorq	%rax, %r14 
+	andq	%rbx, %r13
+	xorq	%rdx, %r14 
+	orq	%r13, %rcx
+	xorl	%r9d, %r14d
+	movl	%r10d, %r9d
+	roll	%r14d
+	roll	$5, %r9d
+	movq	%r14, 40(%rdi)
+	movq	40(%rdi), %rsi
+	addq	%rcx, %r9
+	movq	24(%rdi), %r13
+	addq	%r12, %r9
+	movq	-16(%rdi), %r12
+	movq	64(%rdi), %rax
+	movl	%r10d, %r14d
+	addq	%rsi, %r9
+	movl	%r8d, %esi
+	addq	%r15, %r9
+	movq	48(%rdi), %r15
+	xorq	%r12, %r13 
+	roll	$30, %esi
+	xorq	%rax, %r13 
+	xorq	%rsi, %r10 
+	xorl	%r15d, %r13d
+	movl	%r9d, %r15d
+	xorq	%r11, %r10 
+	roll	$5, %r15d
+	roll	%r13d
+	addq	%r10, %r15
+	movq	%r13, 48(%rdi)
+	movq	48(%rdi), %r10
+	addq	%rbx, %r15
+	movq	32(%rdi), %rbx
+	movq	-8(%rdi), %r8
+	movq	72(%rdi), %rdx
+	movq	56(%rdi), %rcx
+	roll	$30, %r14d
+	addq	%r10, %r15
+	movl	$3395469782, %r10d
+	movl	%r9d, %r13d
+	xorq	%r8, %rbx 
+	addq	%r10, %r15
+	xorq	%r14, %r9 
+	xorq	%rdx, %rbx 
+	xorq	%rsi, %r9 
+	roll	$30, %r13d
+	xorl	%ecx, %ebx
+	movl	%r15d, %ecx
+	roll	%ebx
+	roll	$5, %ecx
+	movq	%rbx, 56(%rdi)
+	addq	%r9, %rcx
+	movq	56(%rdi), %r12
+	movq	40(%rdi), %r9
+	movq	(%rdi), %rax
+	addq	%r11, %rcx
+	movq	-48(%rdi), %r8
+	movq	64(%rdi), %r11
+	movl	%r15d, %ebx
+	addq	%r12, %rcx
+	xorq	%r13, %r15 
+	roll	$30, %ebx
+	xorq	%rax, %r9 
+	addq	%r10, %rcx
+	xorq	%r14, %r15 
+	xorq	%r8, %r9 
+	xorl	%r11d, %r9d
+	movl	%ecx, %r11d
+	roll	%r9d
+	roll	$5, %r11d
+	movq	%r9, 64(%rdi)
+	addq	%r15, %r11
+	movq	64(%rdi), %rdx
+	movq	48(%rdi), %r15
+	movq	8(%rdi), %r12
+	addq	%rsi, %r11
+	movq	-40(%rdi), %rax
+	movq	72(%rdi), %r8
+	movl	%ecx, %r9d
+	addq	%rdx, %r11
+	xorq	%r12, %r15 
+	addq	%r10, %r11
+	xorq	%rax, %r15 
+	xorl	%r8d, %r15d
+	movl	%r11d, %r8d
+	roll	%r15d
+	roll	$5, %r8d
+	xorq	%rbx, %rcx 
+	xorq	%r13, %rcx 
+	movq	%r15, 72(%rdi)
+	movq	72(%rdi), %rsi
+	addq	%rcx, %r8
+	movq	56(%rdi), %r12
+	movq	16(%rdi), %rcx
+	movq	-32(%rdi), %rdx
+	addq	%r14, %r8
+	movq	-48(%rdi), %r14
+	addq	%rsi, %r8
+	roll	$30, %r9d
+	movl	%r11d, %r15d
+	xorq	%rcx, %r12 
+	addq	%r10, %r8
+	xorq	%r9, %r11 
+	xorq	%rdx, %r12 
+	xorq	%rbx, %r11 
+	roll	$30, %r15d
+	xorl	%r14d, %r12d
+	movl	%r8d, %r14d
+	roll	$5, %r14d
+	roll	%r12d
+	addq	%r11, %r14
+	movq	%r12, -48(%rdi)
+	movq	-48(%rdi), %rax
+	addq	%r13, %r14
+	movq	64(%rdi), %r13
+	movq	24(%rdi), %rsi
+	movq	-24(%rdi), %rcx
+	movq	-40(%rdi), %r11
+	movl	%r8d, %r12d
+	addq	%rax, %r14
+	xorq	%r15, %r8 
+	roll	$30, %r12d
+	xorq	%rsi, %r13 
+	addq	%r10, %r14
+	xorq	%r9, %r8 
+	xorq	%rcx, %r13 
+	xorl	%r11d, %r13d
+	movl	%r14d, %r11d
+	roll	$5, %r11d
+	roll	%r13d
+	addq	%r8, %r11
+	movq	%r13, -40(%rdi)
+	movq	-40(%rdi), %rdx
+	addq	%rbx, %r11
+	movq	72(%rdi), %rbx
+	movq	32(%rdi), %rax
+	movq	-16(%rdi), %rsi
+	movq	-32(%rdi), %r8
+	movl	%r14d, %r13d
+	addq	%rdx, %r11
+	xorq	%rax, %rbx 
+	addq	%r10, %r11
+	xorq	%rsi, %rbx 
+	xorl	%r8d, %ebx
+	xorq	%r12, %r14 
+	movl	%r11d, %r8d
+	xorq	%r15, %r14 
+	roll	%ebx
+	roll	$5, %r8d
+	movq	%rbx, -32(%rdi)
+	addq	%r14, %r8
+	movq	-32(%rdi), %rcx
+	movq	-48(%rdi), %r14
+	movq	40(%rdi), %rdx
+	addq	%r9, %r8
+	movq	-8(%rdi), %rax
+	movq	-24(%rdi), %r9
+	roll	$30, %r13d
+	addq	%rcx, %r8
+	movl	%r11d, %ebx
+	xorq	%r13, %r11 
+	xorq	%rdx, %r14 
+	addq	%r10, %r8
+	xorq	%r12, %r11 
+	xorq	%rax, %r14 
+	roll	$30, %ebx
+	xorl	%r9d, %r14d
+	movl	%r8d, %r9d
+	roll	$5, %r9d
+	roll	%r14d
+	addq	%r11, %r9
+	movq	%r14, -24(%rdi)
+	movq	-24(%rdi), %rsi
+	addq	%r15, %r9
+	movq	-40(%rdi), %r15
+	movq	48(%rdi), %rcx
+	movq	(%rdi), %rdx
+	movq	-16(%rdi), %r11
+	movl	%r8d, %r14d
+	addq	%rsi, %r9
+	xorq	%rbx, %r8 
+	xorq	%rcx, %r15 
+	addq	%r10, %r9
+	xorq	%r13, %r8 
+	xorq	%rdx, %r15 
+	xorl	%r11d, %r15d
+	movl	%r9d, %r11d
+	roll	%r15d
+	roll	$5, %r11d
+	movq	%r15, -16(%rdi)
+	addq	%r8, %r11
+	movq	-16(%rdi), %rax
+	addq	%r12, %r11
+	movq	-32(%rdi), %r12
+	movq	56(%rdi), %rsi
+	movq	8(%rdi), %rcx
+	movq	-8(%rdi), %r8
+	movl	%r9d, %r15d
+	addq	%rax, %r11
+	addq	%r10, %r11
+	roll	$30, %r14d
+	xorq	%rsi, %r12 
+	xorq	%rcx, %r12 
+	xorq	%r14, %r9 
+	roll	$30, %r15d
+	xorl	%r8d, %r12d
+	movl	%r11d, %r8d
+	xorq	%rbx, %r9 
+	roll	$5, %r8d
+	roll	%r12d
+	addq	%r9, %r8
+	movq	%r12, -8(%rdi)
+	movq	-8(%rdi), %rdx
+	addq	%r13, %r8
+	movq	-24(%rdi), %r13
+	movq	64(%rdi), %rax
+	movq	16(%rdi), %rsi
+	movq	(%rdi), %rcx
+	movl	%r11d, %r12d
+	addq	%rdx, %r8
+	xorq	%r15, %r11 
+	roll	$30, %r12d
+	xorq	%rax, %r13 
+	addq	%r10, %r8
+	xorq	%r14, %r11 
+	xorq	%rsi, %r13 
+	xorl	%ecx, %r13d
+	movl	%r8d, %ecx
+	roll	$5, %ecx
+	roll	%r13d
+	addq	%r11, %rcx
+	movq	%r13, (%rdi)
+	movq	(%rdi), %r9
+	addq	%rbx, %rcx
+	movq	-16(%rdi), %rbx
+	movq	72(%rdi), %rdx
+	movq	24(%rdi), %rax
+	movq	8(%rdi), %rsi
+	movl	%r8d, %r13d
+	addq	%r9, %rcx
+	xorq	%r12, %r8 
+	xorq	%rdx, %rbx 
+	addq	%r10, %rcx
+	xorq	%r15, %r8 
+	xorq	%rax, %rbx 
+	xorl	%esi, %ebx
+	movl	%ecx, %esi
+	roll	$5, %esi
+	roll	%ebx
+	addq	%r8, %rsi
+	movq	%rbx, 8(%rdi)
+	movq	8(%rdi), %r11
+	addq	%r14, %rsi
+	movq	-8(%rdi), %r14
+	movq	-48(%rdi), %r9
+	movq	32(%rdi), %rdx
+	movq	16(%rdi), %r8
+	roll	$30, %r13d
+	addq	%r11, %rsi
+	movl	%ecx, %ebx
+	xorq	%r13, %rcx 
+	xorq	%r9, %r14 
+	addq	%r10, %rsi
+	xorq	%r12, %rcx 
+	xorq	%rdx, %r14 
+	roll	$30, %ebx
+	xorl	%r8d, %r14d
+	movl	%esi, %r8d
+	roll	$5, %r8d
+	roll	%r14d
+	addq	%rcx, %r8
+	movq	%r14, 16(%rdi)
+	movq	16(%rdi), %rax
+	addq	%r15, %r8
+	movq	(%rdi), %r15
+	movq	-40(%rdi), %r11
+	movq	40(%rdi), %r9
+	movq	24(%rdi), %rcx
+	movl	%esi, %r14d
+	addq	%rax, %r8
+	xorq	%rbx, %rsi 
+	roll	$30, %r14d
+	xorq	%r11, %r15 
+	addq	%r10, %r8
+	xorq	%r13, %rsi 
+	xorq	%r9, %r15 
+	xorl	%ecx, %r15d
+	movl	%r8d, %ecx
+	roll	%r15d
+	roll	$5, %ecx
+	movq	%r15, 24(%rdi)
+	addq	%rsi, %rcx
+	movq	24(%rdi), %rdx
+	movq	8(%rdi), %r11
+	movq	-32(%rdi), %rax
+	addq	%r12, %rcx
+	movq	48(%rdi), %r12
+	movq	32(%rdi), %rsi
+	movl	%r8d, %r15d
+	addq	%rdx, %rcx
+	xorq	%rax, %r11 
+	addq	%r10, %rcx
+	xorq	%r12, %r11 
+	xorl	%esi, %r11d
+	movl	%ecx, %esi
+	roll	%r11d
+	movq	%r11, 32(%rdi)
+	movl	%ecx, %r11d
+	movq	32(%rdi), %r9
+	roll	$5, %r11d
+	xorq	%r14, %r8 
+	movq	16(%rdi), %r12
+	xorq	%rbx, %r8 
+	movq	-24(%rdi), %rdx
+	movq	56(%rdi), %rax
+	addq	%r8, %r11
+	movq	40(%rdi), %r8
+	roll	$30, %r15d
+	addq	%r13, %r11
+	xorq	%r15, %rcx 
+	addq	%r9, %r11
+	xorq	%rdx, %r12 
+	xorq	%r14, %rcx 
+	addq	%r10, %r11
+	xorq	%rax, %r12 
+	xorl	%r8d, %r12d
+	movl	%r11d, %r8d
+	roll	$5, %r8d
+	roll	%r12d
+	addq	%rcx, %r8
+	movq	%r12, 40(%rdi)
+	movq	40(%rdi), %r13
+	addq	%rbx, %r8
+	movq	24(%rdi), %rbx
+	movq	-16(%rdi), %r9
+	movq	64(%rdi), %rdx
+	movq	48(%rdi), %rcx
+	movl	%r11d, %r12d
+	addq	%r13, %r8
+	movl	%esi, %r13d
+	roll	$30, %r12d
+	xorq	%r9, %rbx 
+	addq	%r10, %r8
+	roll	$30, %r13d
+	xorq	%rdx, %rbx 
+	xorq	%r13, %r11 
+	xorl	%ecx, %ebx
+	movl	%r8d, %ecx
+	xorq	%r15, %r11 
+	roll	%ebx
+	roll	$5, %ecx
+	movq	%rbx, 48(%rdi)
+	addq	%r11, %rcx
+	movq	48(%rdi), %rax
+	movq	32(%rdi), %r11
+	movq	-8(%rdi), %rsi
+	addq	%r14, %rcx
+	movq	72(%rdi), %r9
+	movq	56(%rdi), %r14
+	movl	%r8d, %ebx
+	addq	%rax, %rcx
+	xorq	%rsi, %r11 
+	addq	%r10, %rcx
+	xorq	%r9, %r11 
+	xorl	%r14d, %r11d
+	xorq	%r12, %r8 
+	movl	%ecx, %r14d
+	xorq	%r13, %r8 
+	roll	%r11d
+	roll	$5, %r14d
+	movq	%r11, 56(%rdi)
+	addq	%r8, %r14
+	movq	56(%rdi), %rdx
+	movq	40(%rdi), %r8
+	movq	(%rdi), %rax
+	addq	%r15, %r14
+	movq	-48(%rdi), %r15
+	movq	64(%rdi), %rsi
+	roll	$30, %ebx
+	addq	%rdx, %r14
+	movl	%ecx, %r11d
+	xorq	%rbx, %rcx 
+	xorq	%rax, %r8 
+	addq	%r10, %r14
+	xorq	%r12, %rcx 
+	xorq	%r15, %r8 
+	roll	$30, %r11d
+	xorl	%esi, %r8d
+	movl	%r14d, %esi
+	roll	%r8d
+	roll	$5, %esi
+	movq	%r8, 64(%rdi)
+	movq	64(%rdi), %r9
+	addq	%rcx, %rsi
+	movq	48(%rdi), %r15
+	movq	8(%rdi), %rcx
+	addq	%r13, %rsi
+	movq	-40(%rdi), %rdx
+	movq	72(%rdi), %rax
+	movl	%r14d, %r8d
+	addq	%r9, %rsi
+	xorq	%r11, %r14 
+	addq	%r10, %rsi
+	xorq	%rcx, %r15 
+	xorq	%rbx, %r14 
+	xorq	%rdx, %r15 
+	movl	%esi, %r13d
+	xorl	%eax, %r15d
+	roll	$5, %r13d
+	roll	%r15d
+	addq	%r14, %r13
+	movq	%r15, 72(%rdi)
+	addq	%r12, %r13
+	movq	72(%rdi), %r12
+	addq	%r12, %r13
+	addq	%r10, %r13
+	movq	-88(%rdi), %r10
+	roll	$30, %r8d
+	addq	%r13, %r10
+	movq	%r10, -88(%rdi)
+	movq	-80(%rdi), %r9
+	addq	%rsi, %r9
+	movq	%r9, -80(%rdi)
+	movq	-72(%rdi), %rcx
+	addq	%r8, %rcx
+	movq	%rcx, -72(%rdi)
+	movq	-64(%rdi), %rdx
+	addq	%r11, %rdx
+	movq	%rdx, -64(%rdi)
+	movq	-56(%rdi), %rax
+	addq	%rbx, %rax
+	popq	%rbx
+	popq	%r12
+	popq	%r13
+	popq	%r14
+	popq	%r15
+	movq	%rax, -56(%rdi)
+	ret
+.LFE7:
+	.size	shaCompress, .-shaCompress
+	.align 16
+.globl SHA1_Update
+	.type	SHA1_Update, @function
+SHA1_Update:
+.LFB5:
+	pushq	%rbp
+.LCFI5:
+	movq	%rsp, %rbp
+.LCFI6:
+	movq	%r13, -24(%rbp)
+.LCFI7:
+	movq	%r14, -16(%rbp)
+.LCFI8:
+	movl	%edx, %r13d
+	movq	%r15, -8(%rbp)
+.LCFI9:
+	movq	%rbx, -40(%rbp)
+.LCFI10:
+	movq	%rdi, %r15
+	movq	%r12, -32(%rbp)
+.LCFI11:
+	subq	$48, %rsp
+.LCFI12:
+	testl	%edx, %edx
+	movq	%rsi, %r14
+	je	.L243
+	movq	64(%rdi), %rdx
+	mov	%r13d, %ecx
+	leaq	(%rdx,%rcx), %rax
+	movq	%rax, 64(%rdi)
+	movl	%edx, %eax
+	andl	$63, %eax
+	movl	%eax, -44(%rbp)
+	jne	.L256
+.L245:
+	cmpl	$63, %r13d
+	jbe	.L253
+	leaq	160(%r15), %rbx
+	.align 16
+.L250:
+	movq	%r14, %rsi
+	subl	$64, %r13d
+	movq	%rbx, %rdi
+	call	shaCompress
+	addq	$64, %r14
+	cmpl	$63, %r13d
+	ja	.L250
+.L253:
+	testl	%r13d, %r13d
+	je	.L243
+	mov	%r13d, %edx
+	movq	%r14, %rsi
+	movq	%r15, %rdi
+	movq	-40(%rbp), %rbx
+	movq	-32(%rbp), %r12
+	movq	-24(%rbp), %r13
+	movq	-16(%rbp), %r14
+	movq	-8(%rbp), %r15
+	leave
+	jmp	memcpy@PLT
+	.align 16
+.L243:
+	movq	-40(%rbp), %rbx
+	movq	-32(%rbp), %r12
+	movq	-24(%rbp), %r13
+	movq	-16(%rbp), %r14
+	movq	-8(%rbp), %r15
+	leave
+	ret
+.L256:
+	movl	$64, %ebx
+	mov	%eax, %edi
+	subl	%eax, %ebx
+	cmpl	%ebx, %r13d
+	cmovb	%r13d, %ebx
+	addq	%r15, %rdi
+	mov	%ebx, %r12d
+	subl	%ebx, %r13d
+	movq	%r12, %rdx
+	addq	%r12, %r14
+	call	memcpy@PLT
+	addl	-44(%rbp), %ebx
+	andl	$63, %ebx
+	jne	.L245
+	leaq	160(%r15), %rdi
+	movq	%r15, %rsi
+	call	shaCompress
+	jmp	.L245
+.LFE5:
+	.size	SHA1_Update, .-SHA1_Update
+	.section	.rodata
+	.align 32
+	.type	bulk_pad.0, @object
+	.size	bulk_pad.0, 64
+bulk_pad.0:
+	.byte	-128
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.byte	0
+	.text
+	.align 16
+.globl SHA1_End
+	.type	SHA1_End, @function
+SHA1_End:
+.LFB6:
+	pushq	%rbp
+.LCFI13:
+	movq	%rsp, %rbp
+.LCFI14:
+	movq	%r12, -24(%rbp)
+.LCFI15:
+	movq	%r13, -16(%rbp)
+.LCFI16:
+	movq	%rsi, %r13
+	movq	%r14, -8(%rbp)
+.LCFI17:
+	movq	%rbx, -32(%rbp)
+.LCFI18:
+	subq	$32, %rsp
+.LCFI19:
+	movq	64(%rdi), %rbx
+	movq	%rdx, %r14
+	movl	$119, %edx
+	leaq	bulk_pad.0(%rip), %rsi
+	movq	%rdi, %r12
+	movl	%ebx, %r8d
+	salq	$3, %rbx
+	andl	$63, %r8d
+	subl	%r8d, %edx
+	andl	$63, %edx
+	incl	%edx
+	call	SHA1_Update@PLT
+	movq	%rbx, %rdi
+	movq	%r12, %rsi
+	shrq	$32, %rdi
+/APP
+	bswap %edi
+/NO_APP
+	movl	%edi, 56(%r12)
+	leaq	160(%r12), %rdi
+/APP
+	bswap %ebx
+/NO_APP
+	movl	%ebx, 60(%r12)
+	call	shaCompress
+	movl	72(%r12), %esi
+	movl	80(%r12), %ebx
+	movl	88(%r12), %ecx
+	movl	96(%r12), %edx
+	movl	104(%r12), %eax
+	movq	8(%rsp), %r12
+/APP
+	bswap %ebx
+	bswap %esi
+/NO_APP
+	movl	%ebx, 4(%r13)
+	movl	%esi, (%r13)
+/APP
+	bswap %ecx
+	bswap %edx
+/NO_APP
+	movl	%ecx, 8(%r13)
+	movl	%edx, 12(%r13)
+/APP
+	bswap %eax
+/NO_APP
+	movq	(%rsp), %rbx
+	movl	%eax, 16(%r13)
+        cmpq    $0, %r14
+        je      .L133
+	movl	$20, (%r14)
+.L133:
+	movq	16(%rsp), %r13
+	movq	24(%rsp), %r14
+	leave
+	ret
+.LFE6:
+	.size	SHA1_End, .-SHA1_End
+	.align 16
+.globl SHA1_NewContext
+	.type	SHA1_NewContext, @function
+SHA1_NewContext:
+.LFB8:
+	movl	$248, %edi
+	jmp	PORT_Alloc_Util@PLT
+.LFE8:
+	.size	SHA1_NewContext, .-SHA1_NewContext
+	.align 16
+.globl SHA1_DestroyContext
+	.type	SHA1_DestroyContext, @function
+SHA1_DestroyContext:
+.LFB9:
+	pushq	%rbp
+.LCFI20:
+	movl	$248, %edx
+	movq	%rsp, %rbp
+.LCFI21:
+	movq	%rbx, -16(%rbp)
+.LCFI22:
+	movq	%r12, -8(%rbp)
+.LCFI23:
+	movl	%esi, %ebx
+	subq	$16, %rsp
+.LCFI24:
+	xorl	%esi, %esi
+	movq	%rdi, %r12
+	call	memset@PLT
+	testl	%ebx, %ebx
+	jne	.L268
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	ret
+	.align 16
+.L268:
+	movq	%r12, %rdi
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	jmp	PORT_Free_Util@PLT
+.LFE9:
+	.size	SHA1_DestroyContext, .-SHA1_DestroyContext
+	.align 16
+.globl SHA1_HashBuf
+	.type	SHA1_HashBuf, @function
+SHA1_HashBuf:
+.LFB10:
+	pushq	%rbp
+.LCFI25:
+	movq	%rsp, %rbp
+.LCFI26:
+	movq	%rbx, -32(%rbp)
+.LCFI27:
+	leaq	-288(%rbp), %rbx
+	movq	%r12, -24(%rbp)
+.LCFI28:
+	movq	%r13, -16(%rbp)
+.LCFI29:
+	movq	%r14, -8(%rbp)
+.LCFI30:
+	movq	%rsi, %r13
+	subq	$304, %rsp
+.LCFI31:
+	movq	%rdi, %r14
+	movl	%edx, %r12d
+	movq	%rbx, %rdi
+	call	SHA1_Begin@PLT
+	movl	%r12d, %edx
+	movq	%r13, %rsi
+	movq	%rbx, %rdi
+	call	SHA1_Update@PLT
+	leaq	-292(%rbp), %rdx
+	movq	%r14, %rsi
+	movq	%rbx, %rdi
+	movl	$20, %ecx
+	call	SHA1_End@PLT
+	movq	-32(%rbp), %rbx
+	movq	-24(%rbp), %r12
+	xorl	%eax, %eax
+	movq	-16(%rbp), %r13
+	movq	-8(%rbp), %r14
+	leave
+	ret
+.LFE10:
+	.size	SHA1_HashBuf, .-SHA1_HashBuf
+	.align 16
+.globl SHA1_Hash
+	.type	SHA1_Hash, @function
+SHA1_Hash:
+.LFB11:
+	pushq	%rbp
+.LCFI32:
+	movq	%rsp, %rbp
+.LCFI33:
+	movq	%rbx, -16(%rbp)
+.LCFI34:
+	movq	%r12, -8(%rbp)
+.LCFI35:
+	movq	%rsi, %rbx
+	subq	$16, %rsp
+.LCFI36:
+	movq	%rdi, %r12
+	movq	%rsi, %rdi
+	call	strlen@PLT
+	movq	%rbx, %rsi
+	movq	%r12, %rdi
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	movl	%eax, %edx
+	jmp	SHA1_HashBuf@PLT
+.LFE11:
+	.size	SHA1_Hash, .-SHA1_Hash
+	.align 16
+.globl SHA1_FlattenSize
+	.type	SHA1_FlattenSize, @function
+SHA1_FlattenSize:
+.LFB12:
+	movl	$248, %eax
+	ret
+.LFE12:
+	.size	SHA1_FlattenSize, .-SHA1_FlattenSize
+	.align 16
+.globl SHA1_Flatten
+	.type	SHA1_Flatten, @function
+SHA1_Flatten:
+.LFB13:
+	pushq	%rbp
+.LCFI37:
+	movq	%rsi, %rax
+	movl	$248, %edx
+	movq	%rdi, %rsi
+	movq	%rax, %rdi
+	movq	%rsp, %rbp
+.LCFI38:
+	call	memcpy@PLT
+	leave
+	xorl	%eax, %eax
+	ret
+.LFE13:
+	.size	SHA1_Flatten, .-SHA1_Flatten
+	.align 16
+.globl SHA1_Resurrect
+	.type	SHA1_Resurrect, @function
+SHA1_Resurrect:
+.LFB14:
+	pushq	%rbp
+.LCFI39:
+	movq	%rsp, %rbp
+.LCFI40:
+	movq	%rbx, -16(%rbp)
+.LCFI41:
+	movq	%r12, -8(%rbp)
+.LCFI42:
+	subq	$16, %rsp
+.LCFI43:
+	movq	%rdi, %r12
+	call	SHA1_NewContext@PLT
+	movq	%rax, %rbx
+	xorl	%eax, %eax
+	testq	%rbx, %rbx
+	je	.L273
+	movl	$248, %edx
+	movq	%r12, %rsi
+	movq	%rbx, %rdi
+	call	memcpy@PLT
+	movq	%rbx, %rax
+.L273:
+	movq	(%rsp), %rbx
+	movq	8(%rsp), %r12
+	leave
+	ret
+.LFE14:
+	.size	SHA1_Resurrect, .-SHA1_Resurrect
+	.align 16
+.globl SHA1_Clone
+	.type	SHA1_Clone, @function
+SHA1_Clone:
+.LFB15:
+	movl	$248, %edx
+	jmp	memcpy@PLT
+.LFE15:
+	.size	SHA1_Clone, .-SHA1_Clone
+	.align 16
+.globl SHA1_TraceState
+	.type	SHA1_TraceState, @function
+SHA1_TraceState:
+.LFB16:
+	movl	$-5992, %edi
+	jmp	PORT_SetError_Util@PLT
+.LFE16:
+	.size	SHA1_TraceState, .-SHA1_TraceState
+	.align 16
+.globl SHA1_EndRaw
+        .type   SHA1_EndRaw, @function
+SHA1_EndRaw:
+.LFB50:
+        movq    72(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, (%rsi)
+        movq    80(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, 4(%rsi)
+        movq    88(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, 8(%rsi)
+        movq    96(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        movl    %eax, 12(%rsi)
+        movq    104(%rdi), %rax
+/APP
+        bswap %eax
+/NO_APP
+        testq   %rdx, %rdx
+        movl    %eax, 16(%rsi)
+        je      .L14
+        movl    $20, (%rdx)
+.L14:
+        rep
+        ret
+.LFE50:
+        .size   SHA1_EndRaw, .-SHA1_EndRaw
diff --git a/nss/lib/freebl/sha256.h b/nss/lib/freebl/sha256.h
new file mode 100644
index 0000000..c65ca15
--- /dev/null
+++ b/nss/lib/freebl/sha256.h
@@ -0,0 +1,19 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SHA_256_H_
+#define _SHA_256_H_
+
+#include "prtypes.h"
+
+struct SHA256ContextStr {
+    union {
+        PRUint32 w[64]; /* message schedule, input buffer, plus 48 words */
+        PRUint8 b[256];
+    } u;
+    PRUint32 h[8];           /* 8 state variables */
+    PRUint32 sizeHi, sizeLo; /* 64-bit count of hashed bytes. */
+};
+
+#endif /* _SHA_256_H_ */
diff --git a/nss/lib/freebl/sha512.c b/nss/lib/freebl/sha512.c
new file mode 100644
index 0000000..528f884
--- /dev/null
+++ b/nss/lib/freebl/sha512.c
@@ -0,0 +1,1655 @@
+/*
+ * sha512.c - implementation of SHA224, SHA256, SHA384 and SHA512
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "prcpucfg.h"
+#if defined(NSS_X86) || defined(SHA_NO_LONG_LONG)
+#define NOUNROLL512 1
+#undef HAVE_LONG_LONG
+#endif
+#include "prtypes.h" /* for PRUintXX */
+#include "prlong.h"
+#include "secport.h" /* for PORT_XXX */
+#include "blapi.h"
+#include "sha256.h" /* for struct SHA256ContextStr */
+
+/* ============= Common constants and defines ======================= */
+
+#define W ctx->u.w
+#define B ctx->u.b
+#define H ctx->h
+
+#define SHR(x, n) (x >> n)
+#define SHL(x, n) (x << n)
+#define Ch(x, y, z) ((x & y) ^ (~x & z))
+#define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
+#define SHA_MIN(a, b) (a < b ? a : b)
+
+/* Padding used with all flavors of SHA */
+static const PRUint8 pad[240] = {
+    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+    /* compiler will fill the rest in with zeros */
+};
+
+/* ============= SHA256 implementation ================================== */
+
+/* SHA-256 constants, K256. */
+static const PRUint32 K256[64] = {
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+};
+
+/* SHA-256 initial hash values */
+static const PRUint32 H256[8] = {
+    0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+    0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+};
+
+#if defined(IS_LITTLE_ENDIAN)
+#if (_MSC_VER >= 1300)
+#include <stdlib.h>
+#pragma intrinsic(_byteswap_ulong)
+#define SHA_HTONL(x) _byteswap_ulong(x)
+#elif defined(_MSC_VER) && defined(NSS_X86_OR_X64)
+#ifndef FORCEINLINE
+#if (_MSC_VER >= 1200)
+#define FORCEINLINE __forceinline
+#else
+#define FORCEINLINE __inline
+#endif
+#endif
+#define FASTCALL __fastcall
+
+static FORCEINLINE PRUint32 FASTCALL
+swap4b(PRUint32 dwd)
+{
+    __asm {
+        mov   eax,dwd
+    bswap eax
+    }
+}
+
+#define SHA_HTONL(x) swap4b(x)
+
+#elif defined(__GNUC__) && defined(NSS_X86_OR_X64)
+static __inline__ PRUint32
+swap4b(PRUint32 value)
+{
+    __asm__("bswap %0"
+            : "+r"(value));
+    return (value);
+}
+#define SHA_HTONL(x) swap4b(x)
+
+#elif defined(__GNUC__) && (defined(__thumb2__) ||         \
+                            (!defined(__thumb__) &&        \
+                             (defined(__ARM_ARCH_6__) ||   \
+                              defined(__ARM_ARCH_6J__) ||  \
+                              defined(__ARM_ARCH_6K__) ||  \
+                              defined(__ARM_ARCH_6Z__) ||  \
+                              defined(__ARM_ARCH_6ZK__) || \
+                              defined(__ARM_ARCH_6T2__) || \
+                              defined(__ARM_ARCH_7__) ||   \
+                              defined(__ARM_ARCH_7A__) ||  \
+                              defined(__ARM_ARCH_7R__))))
+static __inline__ PRUint32
+swap4b(PRUint32 value)
+{
+    PRUint32 ret;
+    __asm__("rev %0, %1"
+            : "=r"(ret)
+            : "r"(value));
+    return ret;
+}
+#define SHA_HTONL(x) swap4b(x)
+
+#else
+#define SWAP4MASK 0x00FF00FF
+static PRUint32
+swap4b(PRUint32 value)
+{
+    PRUint32 t1 = (value << 16) | (value >> 16);
+    return ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK);
+}
+#define SHA_HTONL(x) swap4b(x)
+#endif
+#define BYTESWAP4(x) x = SHA_HTONL(x)
+#endif /* defined(IS_LITTLE_ENDIAN) */
+
+#if defined(_MSC_VER)
+#pragma intrinsic(_lrotr, _lrotl)
+#define ROTR32(x, n) _lrotr(x, n)
+#define ROTL32(x, n) _lrotl(x, n)
+#else
+#define ROTR32(x, n) ((x >> n) | (x << ((8 * sizeof x) - n)))
+#define ROTL32(x, n) ((x << n) | (x >> ((8 * sizeof x) - n)))
+#endif
+
+/* Capitol Sigma and lower case sigma functions */
+#define S0(x) (ROTR32(x, 2) ^ ROTR32(x, 13) ^ ROTR32(x, 22))
+#define S1(x) (ROTR32(x, 6) ^ ROTR32(x, 11) ^ ROTR32(x, 25))
+#define s0(x) (ROTR32(x, 7) ^ ROTR32(x, 18) ^ SHR(x, 3))
+#define s1(x) (ROTR32(x, 17) ^ ROTR32(x, 19) ^ SHR(x, 10))
+
+SHA256Context *
+SHA256_NewContext(void)
+{
+    SHA256Context *ctx = PORT_New(SHA256Context);
+    return ctx;
+}
+
+void
+SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
+{
+    memset(ctx, 0, sizeof *ctx);
+    if (freeit) {
+        PORT_Free(ctx);
+    }
+}
+
+void
+SHA256_Begin(SHA256Context *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+    memcpy(H, H256, sizeof H256);
+}
+
+static void
+SHA256_Compress(SHA256Context *ctx)
+{
+    {
+#if defined(IS_LITTLE_ENDIAN)
+        BYTESWAP4(W[0]);
+        BYTESWAP4(W[1]);
+        BYTESWAP4(W[2]);
+        BYTESWAP4(W[3]);
+        BYTESWAP4(W[4]);
+        BYTESWAP4(W[5]);
+        BYTESWAP4(W[6]);
+        BYTESWAP4(W[7]);
+        BYTESWAP4(W[8]);
+        BYTESWAP4(W[9]);
+        BYTESWAP4(W[10]);
+        BYTESWAP4(W[11]);
+        BYTESWAP4(W[12]);
+        BYTESWAP4(W[13]);
+        BYTESWAP4(W[14]);
+        BYTESWAP4(W[15]);
+#endif
+
+#define INITW(t) W[t] = (s1(W[t - 2]) + W[t - 7] + s0(W[t - 15]) + W[t - 16])
+
+/* prepare the "message schedule"   */
+#ifdef NOUNROLL256
+        {
+            int t;
+            for (t = 16; t < 64; ++t) {
+                INITW(t);
+            }
+        }
+#else
+        INITW(16);
+        INITW(17);
+        INITW(18);
+        INITW(19);
+
+        INITW(20);
+        INITW(21);
+        INITW(22);
+        INITW(23);
+        INITW(24);
+        INITW(25);
+        INITW(26);
+        INITW(27);
+        INITW(28);
+        INITW(29);
+
+        INITW(30);
+        INITW(31);
+        INITW(32);
+        INITW(33);
+        INITW(34);
+        INITW(35);
+        INITW(36);
+        INITW(37);
+        INITW(38);
+        INITW(39);
+
+        INITW(40);
+        INITW(41);
+        INITW(42);
+        INITW(43);
+        INITW(44);
+        INITW(45);
+        INITW(46);
+        INITW(47);
+        INITW(48);
+        INITW(49);
+
+        INITW(50);
+        INITW(51);
+        INITW(52);
+        INITW(53);
+        INITW(54);
+        INITW(55);
+        INITW(56);
+        INITW(57);
+        INITW(58);
+        INITW(59);
+
+        INITW(60);
+        INITW(61);
+        INITW(62);
+        INITW(63);
+
+#endif
+#undef INITW
+    }
+    {
+        PRUint32 a, b, c, d, e, f, g, h;
+
+        a = H[0];
+        b = H[1];
+        c = H[2];
+        d = H[3];
+        e = H[4];
+        f = H[5];
+        g = H[6];
+        h = H[7];
+
+#define ROUND(n, a, b, c, d, e, f, g, h)       \
+    h += S1(e) + Ch(e, f, g) + K256[n] + W[n]; \
+    d += h;                                    \
+    h += S0(a) + Maj(a, b, c);
+
+#ifdef NOUNROLL256
+        {
+            int t;
+            for (t = 0; t < 64; t += 8) {
+                ROUND(t + 0, a, b, c, d, e, f, g, h)
+                ROUND(t + 1, h, a, b, c, d, e, f, g)
+                ROUND(t + 2, g, h, a, b, c, d, e, f)
+                ROUND(t + 3, f, g, h, a, b, c, d, e)
+                ROUND(t + 4, e, f, g, h, a, b, c, d)
+                ROUND(t + 5, d, e, f, g, h, a, b, c)
+                ROUND(t + 6, c, d, e, f, g, h, a, b)
+                ROUND(t + 7, b, c, d, e, f, g, h, a)
+            }
+        }
+#else
+        ROUND(0, a, b, c, d, e, f, g, h)
+        ROUND(1, h, a, b, c, d, e, f, g)
+        ROUND(2, g, h, a, b, c, d, e, f)
+        ROUND(3, f, g, h, a, b, c, d, e)
+        ROUND(4, e, f, g, h, a, b, c, d)
+        ROUND(5, d, e, f, g, h, a, b, c)
+        ROUND(6, c, d, e, f, g, h, a, b)
+        ROUND(7, b, c, d, e, f, g, h, a)
+
+        ROUND(8, a, b, c, d, e, f, g, h)
+        ROUND(9, h, a, b, c, d, e, f, g)
+        ROUND(10, g, h, a, b, c, d, e, f)
+        ROUND(11, f, g, h, a, b, c, d, e)
+        ROUND(12, e, f, g, h, a, b, c, d)
+        ROUND(13, d, e, f, g, h, a, b, c)
+        ROUND(14, c, d, e, f, g, h, a, b)
+        ROUND(15, b, c, d, e, f, g, h, a)
+
+        ROUND(16, a, b, c, d, e, f, g, h)
+        ROUND(17, h, a, b, c, d, e, f, g)
+        ROUND(18, g, h, a, b, c, d, e, f)
+        ROUND(19, f, g, h, a, b, c, d, e)
+        ROUND(20, e, f, g, h, a, b, c, d)
+        ROUND(21, d, e, f, g, h, a, b, c)
+        ROUND(22, c, d, e, f, g, h, a, b)
+        ROUND(23, b, c, d, e, f, g, h, a)
+
+        ROUND(24, a, b, c, d, e, f, g, h)
+        ROUND(25, h, a, b, c, d, e, f, g)
+        ROUND(26, g, h, a, b, c, d, e, f)
+        ROUND(27, f, g, h, a, b, c, d, e)
+        ROUND(28, e, f, g, h, a, b, c, d)
+        ROUND(29, d, e, f, g, h, a, b, c)
+        ROUND(30, c, d, e, f, g, h, a, b)
+        ROUND(31, b, c, d, e, f, g, h, a)
+
+        ROUND(32, a, b, c, d, e, f, g, h)
+        ROUND(33, h, a, b, c, d, e, f, g)
+        ROUND(34, g, h, a, b, c, d, e, f)
+        ROUND(35, f, g, h, a, b, c, d, e)
+        ROUND(36, e, f, g, h, a, b, c, d)
+        ROUND(37, d, e, f, g, h, a, b, c)
+        ROUND(38, c, d, e, f, g, h, a, b)
+        ROUND(39, b, c, d, e, f, g, h, a)
+
+        ROUND(40, a, b, c, d, e, f, g, h)
+        ROUND(41, h, a, b, c, d, e, f, g)
+        ROUND(42, g, h, a, b, c, d, e, f)
+        ROUND(43, f, g, h, a, b, c, d, e)
+        ROUND(44, e, f, g, h, a, b, c, d)
+        ROUND(45, d, e, f, g, h, a, b, c)
+        ROUND(46, c, d, e, f, g, h, a, b)
+        ROUND(47, b, c, d, e, f, g, h, a)
+
+        ROUND(48, a, b, c, d, e, f, g, h)
+        ROUND(49, h, a, b, c, d, e, f, g)
+        ROUND(50, g, h, a, b, c, d, e, f)
+        ROUND(51, f, g, h, a, b, c, d, e)
+        ROUND(52, e, f, g, h, a, b, c, d)
+        ROUND(53, d, e, f, g, h, a, b, c)
+        ROUND(54, c, d, e, f, g, h, a, b)
+        ROUND(55, b, c, d, e, f, g, h, a)
+
+        ROUND(56, a, b, c, d, e, f, g, h)
+        ROUND(57, h, a, b, c, d, e, f, g)
+        ROUND(58, g, h, a, b, c, d, e, f)
+        ROUND(59, f, g, h, a, b, c, d, e)
+        ROUND(60, e, f, g, h, a, b, c, d)
+        ROUND(61, d, e, f, g, h, a, b, c)
+        ROUND(62, c, d, e, f, g, h, a, b)
+        ROUND(63, b, c, d, e, f, g, h, a)
+#endif
+
+        H[0] += a;
+        H[1] += b;
+        H[2] += c;
+        H[3] += d;
+        H[4] += e;
+        H[5] += f;
+        H[6] += g;
+        H[7] += h;
+    }
+#undef ROUND
+}
+
+#undef s0
+#undef s1
+#undef S0
+#undef S1
+
+void
+SHA256_Update(SHA256Context *ctx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    unsigned int inBuf = ctx->sizeLo & 0x3f;
+    if (!inputLen)
+        return;
+
+    /* Add inputLen into the count of bytes processed, before processing */
+    if ((ctx->sizeLo += inputLen) < inputLen)
+        ctx->sizeHi++;
+
+    /* if data already in buffer, attemp to fill rest of buffer */
+    if (inBuf) {
+        unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
+        if (inputLen < todo)
+            todo = inputLen;
+        memcpy(B + inBuf, input, todo);
+        input += todo;
+        inputLen -= todo;
+        if (inBuf + todo == SHA256_BLOCK_LENGTH)
+            SHA256_Compress(ctx);
+    }
+
+    /* if enough data to fill one or more whole buffers, process them. */
+    while (inputLen >= SHA256_BLOCK_LENGTH) {
+        memcpy(B, input, SHA256_BLOCK_LENGTH);
+        input += SHA256_BLOCK_LENGTH;
+        inputLen -= SHA256_BLOCK_LENGTH;
+        SHA256_Compress(ctx);
+    }
+    /* if data left over, fill it into buffer */
+    if (inputLen)
+        memcpy(B, input, inputLen);
+}
+
+void
+SHA256_End(SHA256Context *ctx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    unsigned int inBuf = ctx->sizeLo & 0x3f;
+    unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);
+    PRUint32 hi, lo;
+
+    hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29);
+    lo = (ctx->sizeLo << 3);
+
+    SHA256_Update(ctx, pad, padLen);
+
+#if defined(IS_LITTLE_ENDIAN)
+    W[14] = SHA_HTONL(hi);
+    W[15] = SHA_HTONL(lo);
+#else
+    W[14] = hi;
+    W[15] = lo;
+#endif
+    SHA256_Compress(ctx);
+
+/* now output the answer */
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP4(H[0]);
+    BYTESWAP4(H[1]);
+    BYTESWAP4(H[2]);
+    BYTESWAP4(H[3]);
+    BYTESWAP4(H[4]);
+    BYTESWAP4(H[5]);
+    BYTESWAP4(H[6]);
+    BYTESWAP4(H[7]);
+#endif
+    padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
+    memcpy(digest, H, padLen);
+    if (digestLen)
+        *digestLen = padLen;
+}
+
+void
+SHA256_EndRaw(SHA256Context *ctx, unsigned char *digest,
+              unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    PRUint32 h[8];
+    unsigned int len;
+
+    memcpy(h, ctx->h, sizeof(h));
+
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP4(h[0]);
+    BYTESWAP4(h[1]);
+    BYTESWAP4(h[2]);
+    BYTESWAP4(h[3]);
+    BYTESWAP4(h[4]);
+    BYTESWAP4(h[5]);
+    BYTESWAP4(h[6]);
+    BYTESWAP4(h[7]);
+#endif
+
+    len = PR_MIN(SHA256_LENGTH, maxDigestLen);
+    memcpy(digest, h, len);
+    if (digestLen)
+        *digestLen = len;
+}
+
+SECStatus
+SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
+               PRUint32 src_length)
+{
+    SHA256Context ctx;
+    unsigned int outLen;
+
+    SHA256_Begin(&ctx);
+    SHA256_Update(&ctx, src, src_length);
+    SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);
+    memset(&ctx, 0, sizeof ctx);
+
+    return SECSuccess;
+}
+
+SECStatus
+SHA256_Hash(unsigned char *dest, const char *src)
+{
+    return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+void
+SHA256_TraceState(SHA256Context *ctx)
+{
+}
+
+unsigned int
+SHA256_FlattenSize(SHA256Context *ctx)
+{
+    return sizeof *ctx;
+}
+
+SECStatus
+SHA256_Flatten(SHA256Context *ctx, unsigned char *space)
+{
+    PORT_Memcpy(space, ctx, sizeof *ctx);
+    return SECSuccess;
+}
+
+SHA256Context *
+SHA256_Resurrect(unsigned char *space, void *arg)
+{
+    SHA256Context *ctx = SHA256_NewContext();
+    if (ctx)
+        PORT_Memcpy(ctx, space, sizeof *ctx);
+    return ctx;
+}
+
+void
+SHA256_Clone(SHA256Context *dest, SHA256Context *src)
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+/* ============= SHA224 implementation ================================== */
+
+/* SHA-224 initial hash values */
+static const PRUint32 H224[8] = {
+    0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
+    0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
+};
+
+SHA224Context *
+SHA224_NewContext(void)
+{
+    return SHA256_NewContext();
+}
+
+void
+SHA224_DestroyContext(SHA224Context *ctx, PRBool freeit)
+{
+    SHA256_DestroyContext(ctx, freeit);
+}
+
+void
+SHA224_Begin(SHA224Context *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+    memcpy(H, H224, sizeof H224);
+}
+
+void
+SHA224_Update(SHA224Context *ctx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    SHA256_Update(ctx, input, inputLen);
+}
+
+void
+SHA224_End(SHA256Context *ctx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
+    SHA256_End(ctx, digest, digestLen, maxLen);
+}
+
+void
+SHA224_EndRaw(SHA256Context *ctx, unsigned char *digest,
+              unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
+    SHA256_EndRaw(ctx, digest, digestLen, maxLen);
+}
+
+SECStatus
+SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
+               PRUint32 src_length)
+{
+    SHA256Context ctx;
+    unsigned int outLen;
+
+    SHA224_Begin(&ctx);
+    SHA256_Update(&ctx, src, src_length);
+    SHA256_End(&ctx, dest, &outLen, SHA224_LENGTH);
+    memset(&ctx, 0, sizeof ctx);
+
+    return SECSuccess;
+}
+
+SECStatus
+SHA224_Hash(unsigned char *dest, const char *src)
+{
+    return SHA224_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+void
+SHA224_TraceState(SHA224Context *ctx)
+{
+}
+
+unsigned int
+SHA224_FlattenSize(SHA224Context *ctx)
+{
+    return SHA256_FlattenSize(ctx);
+}
+
+SECStatus
+SHA224_Flatten(SHA224Context *ctx, unsigned char *space)
+{
+    return SHA256_Flatten(ctx, space);
+}
+
+SHA224Context *
+SHA224_Resurrect(unsigned char *space, void *arg)
+{
+    return SHA256_Resurrect(space, arg);
+}
+
+void
+SHA224_Clone(SHA224Context *dest, SHA224Context *src)
+{
+    SHA256_Clone(dest, src);
+}
+
+/* ======= SHA512 and SHA384 common constants and defines ================= */
+
+/* common #defines for SHA512 and SHA384 */
+#if defined(HAVE_LONG_LONG)
+#if defined(_MSC_VER)
+#pragma intrinsic(_rotr64, _rotl64)
+#define ROTR64(x, n) _rotr64(x, n)
+#define ROTL64(x, n) _rotl64(x, n)
+#else
+#define ROTR64(x, n) ((x >> n) | (x << (64 - n)))
+#define ROTL64(x, n) ((x << n) | (x >> (64 - n)))
+#endif
+
+#define S0(x) (ROTR64(x, 28) ^ ROTR64(x, 34) ^ ROTR64(x, 39))
+#define S1(x) (ROTR64(x, 14) ^ ROTR64(x, 18) ^ ROTR64(x, 41))
+#define s0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SHR(x, 7))
+#define s1(x) (ROTR64(x, 19) ^ ROTR64(x, 61) ^ SHR(x, 6))
+
+#if PR_BYTES_PER_LONG == 8
+#define ULLC(hi, lo) 0x##hi##lo##UL
+#elif defined(_MSC_VER)
+#define ULLC(hi, lo) 0x##hi##lo##ui64
+#else
+#define ULLC(hi, lo) 0x##hi##lo##ULL
+#endif
+
+#if defined(IS_LITTLE_ENDIAN)
+#if defined(_MSC_VER)
+#pragma intrinsic(_byteswap_uint64)
+#define SHA_HTONLL(x) _byteswap_uint64(x)
+
+#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
+static __inline__ PRUint64
+swap8b(PRUint64 value)
+{
+    __asm__("bswapq %0"
+            : "+r"(value));
+    return (value);
+}
+#define SHA_HTONLL(x) swap8b(x)
+
+#else
+#define SHA_MASK16 ULLC(0000FFFF, 0000FFFF)
+#define SHA_MASK8 ULLC(00FF00FF, 00FF00FF)
+static PRUint64
+swap8b(PRUint64 x)
+{
+    PRUint64 t1 = x;
+    t1 = ((t1 & SHA_MASK8) << 8) | ((t1 >> 8) & SHA_MASK8);
+    t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16);
+    return (t1 >> 32) | (t1 << 32);
+}
+#define SHA_HTONLL(x) swap8b(x)
+#endif
+#define BYTESWAP8(x) x = SHA_HTONLL(x)
+#endif /* defined(IS_LITTLE_ENDIAN) */
+
+#else /* no long long */
+
+#if defined(IS_LITTLE_ENDIAN)
+#define ULLC(hi, lo)         \
+    {                        \
+        0x##lo##U, 0x##hi##U \
+    }
+#define SHA_HTONLL(x) (BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
+                       x.hi ^= x.lo ^= x.hi ^= x.lo, x)
+#define BYTESWAP8(x)     \
+    do {                 \
+        PRUint32 tmp;    \
+        BYTESWAP4(x.lo); \
+        BYTESWAP4(x.hi); \
+        tmp = x.lo;      \
+        x.lo = x.hi;     \
+        x.hi = tmp;      \
+    } while (0)
+#else
+#define ULLC(hi, lo)         \
+    {                        \
+        0x##hi##U, 0x##lo##U \
+    }
+#endif
+
+#endif
+
+/* SHA-384 and SHA-512 constants, K512. */
+static const PRUint64 K512[80] = {
+#if PR_BYTES_PER_LONG == 8
+    0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
+    0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
+    0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
+    0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
+    0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
+    0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
+    0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
+    0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
+    0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
+    0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
+    0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
+    0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
+    0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
+    0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
+    0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
+    0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
+    0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
+    0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
+    0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
+    0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
+    0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
+    0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
+    0xd192e819d6ef5218UL, 0xd69906245565a910UL,
+    0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
+    0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
+    0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
+    0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
+    0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
+    0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
+    0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
+    0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
+    0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
+    0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
+    0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
+    0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
+    0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
+    0x28db77f523047d84UL, 0x32caab7b40c72493UL,
+    0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
+    0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
+    0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
+#else
+    ULLC(428a2f98, d728ae22), ULLC(71374491, 23ef65cd),
+    ULLC(b5c0fbcf, ec4d3b2f), ULLC(e9b5dba5, 8189dbbc),
+    ULLC(3956c25b, f348b538), ULLC(59f111f1, b605d019),
+    ULLC(923f82a4, af194f9b), ULLC(ab1c5ed5, da6d8118),
+    ULLC(d807aa98, a3030242), ULLC(12835b01, 45706fbe),
+    ULLC(243185be, 4ee4b28c), ULLC(550c7dc3, d5ffb4e2),
+    ULLC(72be5d74, f27b896f), ULLC(80deb1fe, 3b1696b1),
+    ULLC(9bdc06a7, 25c71235), ULLC(c19bf174, cf692694),
+    ULLC(e49b69c1, 9ef14ad2), ULLC(efbe4786, 384f25e3),
+    ULLC(0fc19dc6, 8b8cd5b5), ULLC(240ca1cc, 77ac9c65),
+    ULLC(2de92c6f, 592b0275), ULLC(4a7484aa, 6ea6e483),
+    ULLC(5cb0a9dc, bd41fbd4), ULLC(76f988da, 831153b5),
+    ULLC(983e5152, ee66dfab), ULLC(a831c66d, 2db43210),
+    ULLC(b00327c8, 98fb213f), ULLC(bf597fc7, beef0ee4),
+    ULLC(c6e00bf3, 3da88fc2), ULLC(d5a79147, 930aa725),
+    ULLC(06ca6351, e003826f), ULLC(14292967, 0a0e6e70),
+    ULLC(27b70a85, 46d22ffc), ULLC(2e1b2138, 5c26c926),
+    ULLC(4d2c6dfc, 5ac42aed), ULLC(53380d13, 9d95b3df),
+    ULLC(650a7354, 8baf63de), ULLC(766a0abb, 3c77b2a8),
+    ULLC(81c2c92e, 47edaee6), ULLC(92722c85, 1482353b),
+    ULLC(a2bfe8a1, 4cf10364), ULLC(a81a664b, bc423001),
+    ULLC(c24b8b70, d0f89791), ULLC(c76c51a3, 0654be30),
+    ULLC(d192e819, d6ef5218), ULLC(d6990624, 5565a910),
+    ULLC(f40e3585, 5771202a), ULLC(106aa070, 32bbd1b8),
+    ULLC(19a4c116, b8d2d0c8), ULLC(1e376c08, 5141ab53),
+    ULLC(2748774c, df8eeb99), ULLC(34b0bcb5, e19b48a8),
+    ULLC(391c0cb3, c5c95a63), ULLC(4ed8aa4a, e3418acb),
+    ULLC(5b9cca4f, 7763e373), ULLC(682e6ff3, d6b2b8a3),
+    ULLC(748f82ee, 5defb2fc), ULLC(78a5636f, 43172f60),
+    ULLC(84c87814, a1f0ab72), ULLC(8cc70208, 1a6439ec),
+    ULLC(90befffa, 23631e28), ULLC(a4506ceb, de82bde9),
+    ULLC(bef9a3f7, b2c67915), ULLC(c67178f2, e372532b),
+    ULLC(ca273ece, ea26619c), ULLC(d186b8c7, 21c0c207),
+    ULLC(eada7dd6, cde0eb1e), ULLC(f57d4f7f, ee6ed178),
+    ULLC(06f067aa, 72176fba), ULLC(0a637dc5, a2c898a6),
+    ULLC(113f9804, bef90dae), ULLC(1b710b35, 131c471b),
+    ULLC(28db77f5, 23047d84), ULLC(32caab7b, 40c72493),
+    ULLC(3c9ebe0a, 15c9bebc), ULLC(431d67c4, 9c100d4c),
+    ULLC(4cc5d4be, cb3e42b6), ULLC(597f299c, fc657e2a),
+    ULLC(5fcb6fab, 3ad6faec), ULLC(6c44198c, 4a475817)
+#endif
+};
+
+struct SHA512ContextStr {
+    union {
+        PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
+        PRUint32 l[160];
+        PRUint8 b[640];
+    } u;
+    PRUint64 h[8];   /* 8 state variables */
+    PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
+};
+
+/* =========== SHA512 implementation ===================================== */
+
+/* SHA-512 initial hash values */
+static const PRUint64 H512[8] = {
+#if PR_BYTES_PER_LONG == 8
+    0x6a09e667f3bcc908UL, 0xbb67ae8584caa73bUL,
+    0x3c6ef372fe94f82bUL, 0xa54ff53a5f1d36f1UL,
+    0x510e527fade682d1UL, 0x9b05688c2b3e6c1fUL,
+    0x1f83d9abfb41bd6bUL, 0x5be0cd19137e2179UL
+#else
+    ULLC(6a09e667, f3bcc908), ULLC(bb67ae85, 84caa73b),
+    ULLC(3c6ef372, fe94f82b), ULLC(a54ff53a, 5f1d36f1),
+    ULLC(510e527f, ade682d1), ULLC(9b05688c, 2b3e6c1f),
+    ULLC(1f83d9ab, fb41bd6b), ULLC(5be0cd19, 137e2179)
+#endif
+};
+
+SHA512Context *
+SHA512_NewContext(void)
+{
+    SHA512Context *ctx = PORT_New(SHA512Context);
+    return ctx;
+}
+
+void
+SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
+{
+    memset(ctx, 0, sizeof *ctx);
+    if (freeit) {
+        PORT_Free(ctx);
+    }
+}
+
+void
+SHA512_Begin(SHA512Context *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+    memcpy(H, H512, sizeof H512);
+}
+
+#if defined(SHA512_TRACE)
+#if defined(HAVE_LONG_LONG)
+#define DUMP(n, a, d, e, h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
+                                   n, #e, d, #a, h);
+#else
+#define DUMP(n, a, d, e, h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
+                                   n, #e, d.hi, d.lo, #a, h.hi, h.lo);
+#endif
+#else
+#define DUMP(n, a, d, e, h)
+#endif
+
+#if defined(HAVE_LONG_LONG)
+
+#define ADDTO(x, y) y += x
+
+#define INITW(t) W[t] = (s1(W[t - 2]) + W[t - 7] + s0(W[t - 15]) + W[t - 16])
+
+#define ROUND(n, a, b, c, d, e, f, g, h)       \
+    h += S1(e) + Ch(e, f, g) + K512[n] + W[n]; \
+    d += h;                                    \
+    h += S0(a) + Maj(a, b, c);                 \
+    DUMP(n, a, d, e, h)
+
+#else /* use only 32-bit variables, and don't unroll loops */
+
+#undef NOUNROLL512
+#define NOUNROLL512 1
+
+#define ADDTO(x, y) \
+    y.lo += x.lo;   \
+    y.hi += x.hi + (x.lo > y.lo)
+
+#define ROTR64a(x, n, lo, hi) (x.lo >> n | x.hi << (32 - n))
+#define ROTR64A(x, n, lo, hi) (x.lo << (64 - n) | x.hi >> (n - 32))
+#define SHR64a(x, n, lo, hi) (x.lo >> n | x.hi << (32 - n))
+
+/* Capitol Sigma and lower case sigma functions */
+#define s0lo(x) (ROTR64a(x, 1, lo, hi) ^ ROTR64a(x, 8, lo, hi) ^ SHR64a(x, 7, lo, hi))
+#define s0hi(x) (ROTR64a(x, 1, hi, lo) ^ ROTR64a(x, 8, hi, lo) ^ (x.hi >> 7))
+
+#define s1lo(x) (ROTR64a(x, 19, lo, hi) ^ ROTR64A(x, 61, lo, hi) ^ SHR64a(x, 6, lo, hi))
+#define s1hi(x) (ROTR64a(x, 19, hi, lo) ^ ROTR64A(x, 61, hi, lo) ^ (x.hi >> 6))
+
+#define S0lo(x) (ROTR64a(x, 28, lo, hi) ^ ROTR64A(x, 34, lo, hi) ^ ROTR64A(x, 39, lo, hi))
+#define S0hi(x) (ROTR64a(x, 28, hi, lo) ^ ROTR64A(x, 34, hi, lo) ^ ROTR64A(x, 39, hi, lo))
+
+#define S1lo(x) (ROTR64a(x, 14, lo, hi) ^ ROTR64a(x, 18, lo, hi) ^ ROTR64A(x, 41, lo, hi))
+#define S1hi(x) (ROTR64a(x, 14, hi, lo) ^ ROTR64a(x, 18, hi, lo) ^ ROTR64A(x, 41, hi, lo))
+
+/* 32-bit versions of Ch and Maj */
+#define Chxx(x, y, z, lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
+#define Majx(x, y, z, lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
+
+#define INITW(t)                                                                      \
+    do {                                                                              \
+        PRUint32 lo, tm;                                                              \
+        PRUint32 cy = 0;                                                              \
+        lo = s1lo(W[t - 2]);                                                          \
+        lo += (tm = W[t - 7].lo);                                                     \
+        if (lo < tm)                                                                  \
+            cy++;                                                                     \
+        lo += (tm = s0lo(W[t - 15]));                                                 \
+        if (lo < tm)                                                                  \
+            cy++;                                                                     \
+        lo += (tm = W[t - 16].lo);                                                    \
+        if (lo < tm)                                                                  \
+            cy++;                                                                     \
+        W[t].lo = lo;                                                                 \
+        W[t].hi = cy + s1hi(W[t - 2]) + W[t - 7].hi + s0hi(W[t - 15]) + W[t - 16].hi; \
+    } while (0)
+
+#define ROUND(n, a, b, c, d, e, f, g, h)                                 \
+    {                                                                    \
+        PRUint32 lo, tm, cy;                                             \
+        lo = S1lo(e);                                                    \
+        lo += (tm = Chxx(e, f, g, lo));                                  \
+        cy = (lo < tm);                                                  \
+        lo += (tm = K512[n].lo);                                         \
+        if (lo < tm)                                                     \
+            cy++;                                                        \
+        lo += (tm = W[n].lo);                                            \
+        if (lo < tm)                                                     \
+            cy++;                                                        \
+        h.lo += lo;                                                      \
+        if (h.lo < lo)                                                   \
+            cy++;                                                        \
+        h.hi += cy + S1hi(e) + Chxx(e, f, g, hi) + K512[n].hi + W[n].hi; \
+        d.lo += h.lo;                                                    \
+        d.hi += h.hi + (d.lo < h.lo);                                    \
+        lo = S0lo(a);                                                    \
+        lo += (tm = Majx(a, b, c, lo));                                  \
+        cy = (lo < tm);                                                  \
+        h.lo += lo;                                                      \
+        if (h.lo < lo)                                                   \
+            cy++;                                                        \
+        h.hi += cy + S0hi(a) + Majx(a, b, c, hi);                        \
+        DUMP(n, a, d, e, h)                                              \
+    }
+#endif
+
+static void
+SHA512_Compress(SHA512Context *ctx)
+{
+#if defined(IS_LITTLE_ENDIAN)
+    {
+        BYTESWAP8(W[0]);
+        BYTESWAP8(W[1]);
+        BYTESWAP8(W[2]);
+        BYTESWAP8(W[3]);
+        BYTESWAP8(W[4]);
+        BYTESWAP8(W[5]);
+        BYTESWAP8(W[6]);
+        BYTESWAP8(W[7]);
+        BYTESWAP8(W[8]);
+        BYTESWAP8(W[9]);
+        BYTESWAP8(W[10]);
+        BYTESWAP8(W[11]);
+        BYTESWAP8(W[12]);
+        BYTESWAP8(W[13]);
+        BYTESWAP8(W[14]);
+        BYTESWAP8(W[15]);
+    }
+#endif
+
+    {
+#ifdef NOUNROLL512
+        {
+            /* prepare the "message schedule"   */
+            int t;
+            for (t = 16; t < 80; ++t) {
+                INITW(t);
+            }
+        }
+#else
+        INITW(16);
+        INITW(17);
+        INITW(18);
+        INITW(19);
+
+        INITW(20);
+        INITW(21);
+        INITW(22);
+        INITW(23);
+        INITW(24);
+        INITW(25);
+        INITW(26);
+        INITW(27);
+        INITW(28);
+        INITW(29);
+
+        INITW(30);
+        INITW(31);
+        INITW(32);
+        INITW(33);
+        INITW(34);
+        INITW(35);
+        INITW(36);
+        INITW(37);
+        INITW(38);
+        INITW(39);
+
+        INITW(40);
+        INITW(41);
+        INITW(42);
+        INITW(43);
+        INITW(44);
+        INITW(45);
+        INITW(46);
+        INITW(47);
+        INITW(48);
+        INITW(49);
+
+        INITW(50);
+        INITW(51);
+        INITW(52);
+        INITW(53);
+        INITW(54);
+        INITW(55);
+        INITW(56);
+        INITW(57);
+        INITW(58);
+        INITW(59);
+
+        INITW(60);
+        INITW(61);
+        INITW(62);
+        INITW(63);
+        INITW(64);
+        INITW(65);
+        INITW(66);
+        INITW(67);
+        INITW(68);
+        INITW(69);
+
+        INITW(70);
+        INITW(71);
+        INITW(72);
+        INITW(73);
+        INITW(74);
+        INITW(75);
+        INITW(76);
+        INITW(77);
+        INITW(78);
+        INITW(79);
+#endif
+    }
+#ifdef SHA512_TRACE
+    {
+        int i;
+        for (i = 0; i < 80; ++i) {
+#ifdef HAVE_LONG_LONG
+            printf("W[%2d] = %016lx\n", i, W[i]);
+#else
+            printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
+#endif
+        }
+    }
+#endif
+    {
+        PRUint64 a, b, c, d, e, f, g, h;
+
+        a = H[0];
+        b = H[1];
+        c = H[2];
+        d = H[3];
+        e = H[4];
+        f = H[5];
+        g = H[6];
+        h = H[7];
+
+#ifdef NOUNROLL512
+        {
+            int t;
+            for (t = 0; t < 80; t += 8) {
+                ROUND(t + 0, a, b, c, d, e, f, g, h)
+                ROUND(t + 1, h, a, b, c, d, e, f, g)
+                ROUND(t + 2, g, h, a, b, c, d, e, f)
+                ROUND(t + 3, f, g, h, a, b, c, d, e)
+                ROUND(t + 4, e, f, g, h, a, b, c, d)
+                ROUND(t + 5, d, e, f, g, h, a, b, c)
+                ROUND(t + 6, c, d, e, f, g, h, a, b)
+                ROUND(t + 7, b, c, d, e, f, g, h, a)
+            }
+        }
+#else
+        ROUND(0, a, b, c, d, e, f, g, h)
+        ROUND(1, h, a, b, c, d, e, f, g)
+        ROUND(2, g, h, a, b, c, d, e, f)
+        ROUND(3, f, g, h, a, b, c, d, e)
+        ROUND(4, e, f, g, h, a, b, c, d)
+        ROUND(5, d, e, f, g, h, a, b, c)
+        ROUND(6, c, d, e, f, g, h, a, b)
+        ROUND(7, b, c, d, e, f, g, h, a)
+
+        ROUND(8, a, b, c, d, e, f, g, h)
+        ROUND(9, h, a, b, c, d, e, f, g)
+        ROUND(10, g, h, a, b, c, d, e, f)
+        ROUND(11, f, g, h, a, b, c, d, e)
+        ROUND(12, e, f, g, h, a, b, c, d)
+        ROUND(13, d, e, f, g, h, a, b, c)
+        ROUND(14, c, d, e, f, g, h, a, b)
+        ROUND(15, b, c, d, e, f, g, h, a)
+
+        ROUND(16, a, b, c, d, e, f, g, h)
+        ROUND(17, h, a, b, c, d, e, f, g)
+        ROUND(18, g, h, a, b, c, d, e, f)
+        ROUND(19, f, g, h, a, b, c, d, e)
+        ROUND(20, e, f, g, h, a, b, c, d)
+        ROUND(21, d, e, f, g, h, a, b, c)
+        ROUND(22, c, d, e, f, g, h, a, b)
+        ROUND(23, b, c, d, e, f, g, h, a)
+
+        ROUND(24, a, b, c, d, e, f, g, h)
+        ROUND(25, h, a, b, c, d, e, f, g)
+        ROUND(26, g, h, a, b, c, d, e, f)
+        ROUND(27, f, g, h, a, b, c, d, e)
+        ROUND(28, e, f, g, h, a, b, c, d)
+        ROUND(29, d, e, f, g, h, a, b, c)
+        ROUND(30, c, d, e, f, g, h, a, b)
+        ROUND(31, b, c, d, e, f, g, h, a)
+
+        ROUND(32, a, b, c, d, e, f, g, h)
+        ROUND(33, h, a, b, c, d, e, f, g)
+        ROUND(34, g, h, a, b, c, d, e, f)
+        ROUND(35, f, g, h, a, b, c, d, e)
+        ROUND(36, e, f, g, h, a, b, c, d)
+        ROUND(37, d, e, f, g, h, a, b, c)
+        ROUND(38, c, d, e, f, g, h, a, b)
+        ROUND(39, b, c, d, e, f, g, h, a)
+
+        ROUND(40, a, b, c, d, e, f, g, h)
+        ROUND(41, h, a, b, c, d, e, f, g)
+        ROUND(42, g, h, a, b, c, d, e, f)
+        ROUND(43, f, g, h, a, b, c, d, e)
+        ROUND(44, e, f, g, h, a, b, c, d)
+        ROUND(45, d, e, f, g, h, a, b, c)
+        ROUND(46, c, d, e, f, g, h, a, b)
+        ROUND(47, b, c, d, e, f, g, h, a)
+
+        ROUND(48, a, b, c, d, e, f, g, h)
+        ROUND(49, h, a, b, c, d, e, f, g)
+        ROUND(50, g, h, a, b, c, d, e, f)
+        ROUND(51, f, g, h, a, b, c, d, e)
+        ROUND(52, e, f, g, h, a, b, c, d)
+        ROUND(53, d, e, f, g, h, a, b, c)
+        ROUND(54, c, d, e, f, g, h, a, b)
+        ROUND(55, b, c, d, e, f, g, h, a)
+
+        ROUND(56, a, b, c, d, e, f, g, h)
+        ROUND(57, h, a, b, c, d, e, f, g)
+        ROUND(58, g, h, a, b, c, d, e, f)
+        ROUND(59, f, g, h, a, b, c, d, e)
+        ROUND(60, e, f, g, h, a, b, c, d)
+        ROUND(61, d, e, f, g, h, a, b, c)
+        ROUND(62, c, d, e, f, g, h, a, b)
+        ROUND(63, b, c, d, e, f, g, h, a)
+
+        ROUND(64, a, b, c, d, e, f, g, h)
+        ROUND(65, h, a, b, c, d, e, f, g)
+        ROUND(66, g, h, a, b, c, d, e, f)
+        ROUND(67, f, g, h, a, b, c, d, e)
+        ROUND(68, e, f, g, h, a, b, c, d)
+        ROUND(69, d, e, f, g, h, a, b, c)
+        ROUND(70, c, d, e, f, g, h, a, b)
+        ROUND(71, b, c, d, e, f, g, h, a)
+
+        ROUND(72, a, b, c, d, e, f, g, h)
+        ROUND(73, h, a, b, c, d, e, f, g)
+        ROUND(74, g, h, a, b, c, d, e, f)
+        ROUND(75, f, g, h, a, b, c, d, e)
+        ROUND(76, e, f, g, h, a, b, c, d)
+        ROUND(77, d, e, f, g, h, a, b, c)
+        ROUND(78, c, d, e, f, g, h, a, b)
+        ROUND(79, b, c, d, e, f, g, h, a)
+#endif
+
+        ADDTO(a, H[0]);
+        ADDTO(b, H[1]);
+        ADDTO(c, H[2]);
+        ADDTO(d, H[3]);
+        ADDTO(e, H[4]);
+        ADDTO(f, H[5]);
+        ADDTO(g, H[6]);
+        ADDTO(h, H[7]);
+    }
+}
+
+void
+SHA512_Update(SHA512Context *ctx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    unsigned int inBuf;
+    if (!inputLen)
+        return;
+
+#if defined(HAVE_LONG_LONG)
+    inBuf = (unsigned int)ctx->sizeLo & 0x7f;
+    /* Add inputLen into the count of bytes processed, before processing */
+    ctx->sizeLo += inputLen;
+#else
+    inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
+    ctx->sizeLo.lo += inputLen;
+    if (ctx->sizeLo.lo < inputLen)
+        ctx->sizeLo.hi++;
+#endif
+
+    /* if data already in buffer, attemp to fill rest of buffer */
+    if (inBuf) {
+        unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
+        if (inputLen < todo)
+            todo = inputLen;
+        memcpy(B + inBuf, input, todo);
+        input += todo;
+        inputLen -= todo;
+        if (inBuf + todo == SHA512_BLOCK_LENGTH)
+            SHA512_Compress(ctx);
+    }
+
+    /* if enough data to fill one or more whole buffers, process them. */
+    while (inputLen >= SHA512_BLOCK_LENGTH) {
+        memcpy(B, input, SHA512_BLOCK_LENGTH);
+        input += SHA512_BLOCK_LENGTH;
+        inputLen -= SHA512_BLOCK_LENGTH;
+        SHA512_Compress(ctx);
+    }
+    /* if data left over, fill it into buffer */
+    if (inputLen)
+        memcpy(B, input, inputLen);
+}
+
+void
+SHA512_End(SHA512Context *ctx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+#if defined(HAVE_LONG_LONG)
+    unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
+#else
+    unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
+#endif
+    unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
+    PRUint64 lo;
+    LL_SHL(lo, ctx->sizeLo, 3);
+
+    SHA512_Update(ctx, pad, padLen);
+
+#if defined(HAVE_LONG_LONG)
+    W[14] = 0;
+#else
+    W[14].lo = 0;
+    W[14].hi = 0;
+#endif
+
+    W[15] = lo;
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP8(W[15]);
+#endif
+    SHA512_Compress(ctx);
+
+/* now output the answer */
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP8(H[0]);
+    BYTESWAP8(H[1]);
+    BYTESWAP8(H[2]);
+    BYTESWAP8(H[3]);
+    BYTESWAP8(H[4]);
+    BYTESWAP8(H[5]);
+    BYTESWAP8(H[6]);
+    BYTESWAP8(H[7]);
+#endif
+    padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
+    memcpy(digest, H, padLen);
+    if (digestLen)
+        *digestLen = padLen;
+}
+
+void
+SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest,
+              unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    PRUint64 h[8];
+    unsigned int len;
+
+    memcpy(h, ctx->h, sizeof(h));
+
+#if defined(IS_LITTLE_ENDIAN)
+    BYTESWAP8(h[0]);
+    BYTESWAP8(h[1]);
+    BYTESWAP8(h[2]);
+    BYTESWAP8(h[3]);
+    BYTESWAP8(h[4]);
+    BYTESWAP8(h[5]);
+    BYTESWAP8(h[6]);
+    BYTESWAP8(h[7]);
+#endif
+    len = PR_MIN(SHA512_LENGTH, maxDigestLen);
+    memcpy(digest, h, len);
+    if (digestLen)
+        *digestLen = len;
+}
+
+SECStatus
+SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
+               PRUint32 src_length)
+{
+    SHA512Context ctx;
+    unsigned int outLen;
+
+    SHA512_Begin(&ctx);
+    SHA512_Update(&ctx, src, src_length);
+    SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);
+    memset(&ctx, 0, sizeof ctx);
+
+    return SECSuccess;
+}
+
+SECStatus
+SHA512_Hash(unsigned char *dest, const char *src)
+{
+    return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+void
+SHA512_TraceState(SHA512Context *ctx)
+{
+}
+
+unsigned int
+SHA512_FlattenSize(SHA512Context *ctx)
+{
+    return sizeof *ctx;
+}
+
+SECStatus
+SHA512_Flatten(SHA512Context *ctx, unsigned char *space)
+{
+    PORT_Memcpy(space, ctx, sizeof *ctx);
+    return SECSuccess;
+}
+
+SHA512Context *
+SHA512_Resurrect(unsigned char *space, void *arg)
+{
+    SHA512Context *ctx = SHA512_NewContext();
+    if (ctx)
+        PORT_Memcpy(ctx, space, sizeof *ctx);
+    return ctx;
+}
+
+void
+SHA512_Clone(SHA512Context *dest, SHA512Context *src)
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+/* ======================================================================= */
+/* SHA384 uses a SHA512Context as the real context.
+** The only differences between SHA384 an SHA512 are:
+** a) the intialization values for the context, and
+** b) the number of bytes of data produced as output.
+*/
+
+/* SHA-384 initial hash values */
+static const PRUint64 H384[8] = {
+#if PR_BYTES_PER_LONG == 8
+    0xcbbb9d5dc1059ed8UL, 0x629a292a367cd507UL,
+    0x9159015a3070dd17UL, 0x152fecd8f70e5939UL,
+    0x67332667ffc00b31UL, 0x8eb44a8768581511UL,
+    0xdb0c2e0d64f98fa7UL, 0x47b5481dbefa4fa4UL
+#else
+    ULLC(cbbb9d5d, c1059ed8), ULLC(629a292a, 367cd507),
+    ULLC(9159015a, 3070dd17), ULLC(152fecd8, f70e5939),
+    ULLC(67332667, ffc00b31), ULLC(8eb44a87, 68581511),
+    ULLC(db0c2e0d, 64f98fa7), ULLC(47b5481d, befa4fa4)
+#endif
+};
+
+SHA384Context *
+SHA384_NewContext(void)
+{
+    return SHA512_NewContext();
+}
+
+void
+SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
+{
+    SHA512_DestroyContext(ctx, freeit);
+}
+
+void
+SHA384_Begin(SHA384Context *ctx)
+{
+    memset(ctx, 0, sizeof *ctx);
+    memcpy(H, H384, sizeof H384);
+}
+
+void
+SHA384_Update(SHA384Context *ctx, const unsigned char *input,
+              unsigned int inputLen)
+{
+    SHA512_Update(ctx, input, inputLen);
+}
+
+void
+SHA384_End(SHA384Context *ctx, unsigned char *digest,
+           unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
+    SHA512_End(ctx, digest, digestLen, maxLen);
+}
+
+void
+SHA384_EndRaw(SHA384Context *ctx, unsigned char *digest,
+              unsigned int *digestLen, unsigned int maxDigestLen)
+{
+    unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
+    SHA512_EndRaw(ctx, digest, digestLen, maxLen);
+}
+
+SECStatus
+SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
+               PRUint32 src_length)
+{
+    SHA512Context ctx;
+    unsigned int outLen;
+
+    SHA384_Begin(&ctx);
+    SHA512_Update(&ctx, src, src_length);
+    SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
+    memset(&ctx, 0, sizeof ctx);
+
+    return SECSuccess;
+}
+
+SECStatus
+SHA384_Hash(unsigned char *dest, const char *src)
+{
+    return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+void
+SHA384_TraceState(SHA384Context *ctx)
+{
+}
+
+unsigned int
+SHA384_FlattenSize(SHA384Context *ctx)
+{
+    return sizeof(SHA384Context);
+}
+
+SECStatus
+SHA384_Flatten(SHA384Context *ctx, unsigned char *space)
+{
+    return SHA512_Flatten(ctx, space);
+}
+
+SHA384Context *
+SHA384_Resurrect(unsigned char *space, void *arg)
+{
+    return SHA512_Resurrect(space, arg);
+}
+
+void
+SHA384_Clone(SHA384Context *dest, SHA384Context *src)
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+/* ======================================================================= */
+#ifdef SELFTEST
+#include <stdio.h>
+
+static const char abc[] = { "abc" };
+static const char abcdbc[] = {
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+};
+static const char abcdef[] = {
+    "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+    "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+};
+
+void
+dumpHash32(const unsigned char *buf, unsigned int bufLen)
+{
+    unsigned int i;
+    for (i = 0; i < bufLen; i += 4) {
+        printf(" %02x%02x%02x%02x", buf[i], buf[i + 1], buf[i + 2], buf[i + 3]);
+    }
+    printf("\n");
+}
+
+void
+test256(void)
+{
+    unsigned char outBuf[SHA256_LENGTH];
+
+    printf("SHA256, input = %s\n", abc);
+    SHA256_Hash(outBuf, abc);
+    dumpHash32(outBuf, sizeof outBuf);
+
+    printf("SHA256, input = %s\n", abcdbc);
+    SHA256_Hash(outBuf, abcdbc);
+    dumpHash32(outBuf, sizeof outBuf);
+}
+
+void
+test224(void)
+{
+    SHA224Context ctx;
+    unsigned char a1000times[1000];
+    unsigned int outLen;
+    unsigned char outBuf[SHA224_LENGTH];
+    int i;
+
+    /* Test Vector 1 */
+    printf("SHA224, input = %s\n", abc);
+    SHA224_Hash(outBuf, abc);
+    dumpHash32(outBuf, sizeof outBuf);
+
+    /* Test Vector 2 */
+    printf("SHA224, input = %s\n", abcdbc);
+    SHA224_Hash(outBuf, abcdbc);
+    dumpHash32(outBuf, sizeof outBuf);
+
+    /* Test Vector 3 */
+
+    /* to hash one million 'a's perform 1000
+     * sha224 updates on a buffer with 1000 'a's
+     */
+    memset(a1000times, 'a', 1000);
+    printf("SHA224, input = %s\n", "a one million times");
+    SHA224_Begin(&ctx);
+    for (i = 0; i < 1000; i++)
+        SHA224_Update(&ctx, a1000times, 1000);
+    SHA224_End(&ctx, outBuf, &outLen, SHA224_LENGTH);
+    dumpHash32(outBuf, sizeof outBuf);
+}
+
+void
+dumpHash64(const unsigned char *buf, unsigned int bufLen)
+{
+    unsigned int i;
+    for (i = 0; i < bufLen; i += 8) {
+        if (i % 32 == 0)
+            printf("\n");
+        printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
+               buf[i], buf[i + 1], buf[i + 2], buf[i + 3],
+               buf[i + 4], buf[i + 5], buf[i + 6], buf[i + 7]);
+    }
+    printf("\n");
+}
+
+void
+test512(void)
+{
+    unsigned char outBuf[SHA512_LENGTH];
+
+    printf("SHA512, input = %s\n", abc);
+    SHA512_Hash(outBuf, abc);
+    dumpHash64(outBuf, sizeof outBuf);
+
+    printf("SHA512, input = %s\n", abcdef);
+    SHA512_Hash(outBuf, abcdef);
+    dumpHash64(outBuf, sizeof outBuf);
+}
+
+void
+time512(void)
+{
+    unsigned char outBuf[SHA512_LENGTH];
+
+    SHA512_Hash(outBuf, abc);
+    SHA512_Hash(outBuf, abcdef);
+}
+
+void
+test384(void)
+{
+    unsigned char outBuf[SHA384_LENGTH];
+
+    printf("SHA384, input = %s\n", abc);
+    SHA384_Hash(outBuf, abc);
+    dumpHash64(outBuf, sizeof outBuf);
+
+    printf("SHA384, input = %s\n", abcdef);
+    SHA384_Hash(outBuf, abcdef);
+    dumpHash64(outBuf, sizeof outBuf);
+}
+
+int
+main(int argc, char *argv[], char *envp[])
+{
+    int i = 1;
+    if (argc > 1) {
+        i = atoi(argv[1]);
+    }
+    if (i < 2) {
+        test224();
+        test256();
+        test384();
+        test512();
+    } else {
+        while (i-- > 0) {
+            time512();
+        }
+        printf("done\n");
+    }
+    return 0;
+}
+
+void *
+PORT_Alloc(size_t len)
+{
+    return malloc(len);
+}
+void
+PORT_Free(void *ptr)
+{
+    free(ptr);
+}
+void
+PORT_ZFree(void *ptr, size_t len)
+{
+    memset(ptr, 0, len);
+    free(ptr);
+}
+#endif
diff --git a/nss/lib/freebl/sha_fast.c b/nss/lib/freebl/sha_fast.c
new file mode 100644
index 0000000..52071f0
--- /dev/null
+++ b/nss/lib/freebl/sha_fast.c
@@ -0,0 +1,545 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include <memory.h>
+#include "blapi.h"
+#include "sha_fast.h"
+#include "prerror.h"
+
+#ifdef TRACING_SSL
+#include "ssl.h"
+#include "ssltrace.h"
+#endif
+
+static void shaCompress(volatile SHA_HW_t *X, const PRUint32 *datain);
+
+#define W u.w
+#define B u.b
+
+#define SHA_F1(X, Y, Z) ((((Y) ^ (Z)) & (X)) ^ (Z))
+#define SHA_F2(X, Y, Z) ((X) ^ (Y) ^ (Z))
+#define SHA_F3(X, Y, Z) (((X) & (Y)) | ((Z) & ((X) | (Y))))
+#define SHA_F4(X, Y, Z) ((X) ^ (Y) ^ (Z))
+
+#define SHA_MIX(n, a, b, c) XW(n) = SHA_ROTL(XW(a) ^ XW(b) ^ XW(c) ^ XW(n), 1)
+
+/*
+ *  SHA: initialize context
+ */
+void
+SHA1_Begin(SHA1Context *ctx)
+{
+    ctx->size = 0;
+    /*
+   *  Initialize H with constants from FIPS180-1.
+   */
+    ctx->H[0] = 0x67452301L;
+    ctx->H[1] = 0xefcdab89L;
+    ctx->H[2] = 0x98badcfeL;
+    ctx->H[3] = 0x10325476L;
+    ctx->H[4] = 0xc3d2e1f0L;
+}
+
+/* Explanation of H array and index values:
+ * The context's H array is actually the concatenation of two arrays
+ * defined by SHA1, the H array of state variables (5 elements),
+ * and the W array of intermediate values, of which there are 16 elements.
+ * The W array starts at H[5], that is W[0] is H[5].
+ * Although these values are defined as 32-bit values, we use 64-bit
+ * variables to hold them because the AMD64 stores 64 bit values in
+ * memory MUCH faster than it stores any smaller values.
+ *
+ * Rather than passing the context structure to shaCompress, we pass
+ * this combined array of H and W values.  We do not pass the address
+ * of the first element of this array, but rather pass the address of an
+ * element in the middle of the array, element X.  Presently X[0] is H[11].
+ * So we pass the address of H[11] as the address of array X to shaCompress.
+ * Then shaCompress accesses the members of the array using positive AND
+ * negative indexes.
+ *
+ * Pictorially: (each element is 8 bytes)
+ * H | H0 H1 H2 H3 H4 W0 W1 W2 W3 W4 W5 W6 W7 W8 W9 Wa Wb Wc Wd We Wf |
+ * X |-11-10 -9 -8 -7 -6 -5 -4 -3 -2 -1 X0 X1 X2 X3 X4 X5 X6 X7 X8 X9 |
+ *
+ * The byte offset from X[0] to any member of H and W is always
+ * representable in a signed 8-bit value, which will be encoded
+ * as a single byte offset in the X86-64 instruction set.
+ * If we didn't pass the address of H[11], and instead passed the
+ * address of H[0], the offsets to elements H[16] and above would be
+ * greater than 127, not representable in a signed 8-bit value, and the
+ * x86-64 instruction set would encode every such offset as a 32-bit
+ * signed number in each instruction that accessed element H[16] or
+ * higher.  This results in much bigger and slower code.
+ */
+#if !defined(SHA_PUT_W_IN_STACK)
+#define H2X 11 /* X[0] is H[11], and H[0] is X[-11] */
+#define W2X 6  /* X[0] is W[6],  and W[0] is X[-6]  */
+#else
+#define H2X 0
+#endif
+
+/*
+ *  SHA: Add data to context.
+ */
+void
+SHA1_Update(SHA1Context *ctx, const unsigned char *dataIn, unsigned int len)
+{
+    register unsigned int lenB;
+    register unsigned int togo;
+
+    if (!len)
+        return;
+
+    /* accumulate the byte count. */
+    lenB = (unsigned int)(ctx->size) & 63U;
+
+    ctx->size += len;
+
+    /*
+   *  Read the data into W and process blocks as they get full
+   */
+    if (lenB > 0) {
+        togo = 64U - lenB;
+        if (len < togo)
+            togo = len;
+        memcpy(ctx->B + lenB, dataIn, togo);
+        len -= togo;
+        dataIn += togo;
+        lenB = (lenB + togo) & 63U;
+        if (!lenB) {
+            shaCompress(&ctx->H[H2X], ctx->W);
+        }
+    }
+#if !defined(HAVE_UNALIGNED_ACCESS)
+    if ((ptrdiff_t)dataIn % sizeof(PRUint32)) {
+        while (len >= 64U) {
+            memcpy(ctx->B, dataIn, 64);
+            len -= 64U;
+            shaCompress(&ctx->H[H2X], ctx->W);
+            dataIn += 64U;
+        }
+    } else
+#endif
+    {
+        while (len >= 64U) {
+            len -= 64U;
+            shaCompress(&ctx->H[H2X], (PRUint32 *)dataIn);
+            dataIn += 64U;
+        }
+    }
+    if (len) {
+        memcpy(ctx->B, dataIn, len);
+    }
+}
+
+/*
+ *  SHA: Generate hash value from context
+ */
+void NO_SANITIZE_ALIGNMENT
+SHA1_End(SHA1Context *ctx, unsigned char *hashout,
+         unsigned int *pDigestLen, unsigned int maxDigestLen)
+{
+    register PRUint64 size;
+    register PRUint32 lenB;
+
+    static const unsigned char bulk_pad[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+                                                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+                                                0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+#define tmp lenB
+
+    PORT_Assert(maxDigestLen >= SHA1_LENGTH);
+
+    /*
+   *  Pad with a binary 1 (e.g. 0x80), then zeroes, then length in bits
+   */
+    size = ctx->size;
+
+    lenB = (PRUint32)size & 63;
+    SHA1_Update(ctx, bulk_pad, (((55 + 64) - lenB) & 63) + 1);
+    PORT_Assert(((PRUint32)ctx->size & 63) == 56);
+    /* Convert size from bytes to bits. */
+    size <<= 3;
+    ctx->W[14] = SHA_HTONL((PRUint32)(size >> 32));
+    ctx->W[15] = SHA_HTONL((PRUint32)size);
+    shaCompress(&ctx->H[H2X], ctx->W);
+
+    /*
+     *  Output hash
+     */
+    SHA_STORE_RESULT;
+    if (pDigestLen) {
+        *pDigestLen = SHA1_LENGTH;
+    }
+#undef tmp
+}
+
+void
+SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout,
+            unsigned int *pDigestLen, unsigned int maxDigestLen)
+{
+#if defined(SHA_NEED_TMP_VARIABLE)
+    register PRUint32 tmp;
+#endif
+    PORT_Assert(maxDigestLen >= SHA1_LENGTH);
+
+    SHA_STORE_RESULT;
+    if (pDigestLen)
+        *pDigestLen = SHA1_LENGTH;
+}
+
+#undef B
+/*
+ *  SHA: Compression function, unrolled.
+ *
+ * Some operations in shaCompress are done as 5 groups of 16 operations.
+ * Others are done as 4 groups of 20 operations.
+ * The code below shows that structure.
+ *
+ * The functions that compute the new values of the 5 state variables
+ * A-E are done in 4 groups of 20 operations (or you may also think
+ * of them as being done in 16 groups of 5 operations).  They are
+ * done by the SHA_RNDx macros below, in the right column.
+ *
+ * The functions that set the 16 values of the W array are done in
+ * 5 groups of 16 operations.  The first group is done by the
+ * LOAD macros below, the latter 4 groups are done by SHA_MIX below,
+ * in the left column.
+ *
+ * gcc's optimizer observes that each member of the W array is assigned
+ * a value 5 times in this code.  It reduces the number of store
+ * operations done to the W array in the context (that is, in the X array)
+ * by creating a W array on the stack, and storing the W values there for
+ * the first 4 groups of operations on W, and storing the values in the
+ * context's W array only in the fifth group.  This is undesirable.
+ * It is MUCH bigger code than simply using the context's W array, because
+ * all the offsets to the W array in the stack are 32-bit signed offsets,
+ * and it is no faster than storing the values in the context's W array.
+ *
+ * The original code for sha_fast.c prevented this creation of a separate
+ * W array in the stack by creating a W array of 80 members, each of
+ * whose elements is assigned only once. It also separated the computations
+ * of the W array values and the computations of the values for the 5
+ * state variables into two separate passes, W's, then A-E's so that the
+ * second pass could be done all in registers (except for accessing the W
+ * array) on machines with fewer registers.  The method is suboptimal
+ * for machines with enough registers to do it all in one pass, and it
+ * necessitates using many instructions with 32-bit offsets.
+ *
+ * This code eliminates the separate W array on the stack by a completely
+ * different means: by declaring the X array volatile.  This prevents
+ * the optimizer from trying to reduce the use of the X array by the
+ * creation of a MORE expensive W array on the stack. The result is
+ * that all instructions use signed 8-bit offsets and not 32-bit offsets.
+ *
+ * The combination of this code and the -O3 optimizer flag on GCC 3.4.3
+ * results in code that is 3 times faster than the previous NSS sha_fast
+ * code on AMD64.
+ */
+static void NO_SANITIZE_ALIGNMENT
+shaCompress(volatile SHA_HW_t *X, const PRUint32 *inbuf)
+{
+    register SHA_HW_t A, B, C, D, E;
+
+#if defined(SHA_NEED_TMP_VARIABLE)
+    register PRUint32 tmp;
+#endif
+
+#if !defined(SHA_PUT_W_IN_STACK)
+#define XH(n) X[n - H2X]
+#define XW(n) X[n - W2X]
+#else
+    SHA_HW_t w_0, w_1, w_2, w_3, w_4, w_5, w_6, w_7,
+        w_8, w_9, w_10, w_11, w_12, w_13, w_14, w_15;
+#define XW(n) w_##n
+#define XH(n) X[n]
+#endif
+
+#define K0 0x5a827999L
+#define K1 0x6ed9eba1L
+#define K2 0x8f1bbcdcL
+#define K3 0xca62c1d6L
+
+#define SHA_RND1(a, b, c, d, e, n)                         \
+    a = SHA_ROTL(b, 5) + SHA_F1(c, d, e) + a + XW(n) + K0; \
+    c = SHA_ROTL(c, 30)
+#define SHA_RND2(a, b, c, d, e, n)                         \
+    a = SHA_ROTL(b, 5) + SHA_F2(c, d, e) + a + XW(n) + K1; \
+    c = SHA_ROTL(c, 30)
+#define SHA_RND3(a, b, c, d, e, n)                         \
+    a = SHA_ROTL(b, 5) + SHA_F3(c, d, e) + a + XW(n) + K2; \
+    c = SHA_ROTL(c, 30)
+#define SHA_RND4(a, b, c, d, e, n)                         \
+    a = SHA_ROTL(b, 5) + SHA_F4(c, d, e) + a + XW(n) + K3; \
+    c = SHA_ROTL(c, 30)
+
+#define LOAD(n) XW(n) = SHA_HTONL(inbuf[n])
+
+    A = XH(0);
+    B = XH(1);
+    C = XH(2);
+    D = XH(3);
+    E = XH(4);
+
+    LOAD(0);
+    SHA_RND1(E, A, B, C, D, 0);
+    LOAD(1);
+    SHA_RND1(D, E, A, B, C, 1);
+    LOAD(2);
+    SHA_RND1(C, D, E, A, B, 2);
+    LOAD(3);
+    SHA_RND1(B, C, D, E, A, 3);
+    LOAD(4);
+    SHA_RND1(A, B, C, D, E, 4);
+    LOAD(5);
+    SHA_RND1(E, A, B, C, D, 5);
+    LOAD(6);
+    SHA_RND1(D, E, A, B, C, 6);
+    LOAD(7);
+    SHA_RND1(C, D, E, A, B, 7);
+    LOAD(8);
+    SHA_RND1(B, C, D, E, A, 8);
+    LOAD(9);
+    SHA_RND1(A, B, C, D, E, 9);
+    LOAD(10);
+    SHA_RND1(E, A, B, C, D, 10);
+    LOAD(11);
+    SHA_RND1(D, E, A, B, C, 11);
+    LOAD(12);
+    SHA_RND1(C, D, E, A, B, 12);
+    LOAD(13);
+    SHA_RND1(B, C, D, E, A, 13);
+    LOAD(14);
+    SHA_RND1(A, B, C, D, E, 14);
+    LOAD(15);
+    SHA_RND1(E, A, B, C, D, 15);
+
+    SHA_MIX(0, 13, 8, 2);
+    SHA_RND1(D, E, A, B, C, 0);
+    SHA_MIX(1, 14, 9, 3);
+    SHA_RND1(C, D, E, A, B, 1);
+    SHA_MIX(2, 15, 10, 4);
+    SHA_RND1(B, C, D, E, A, 2);
+    SHA_MIX(3, 0, 11, 5);
+    SHA_RND1(A, B, C, D, E, 3);
+
+    SHA_MIX(4, 1, 12, 6);
+    SHA_RND2(E, A, B, C, D, 4);
+    SHA_MIX(5, 2, 13, 7);
+    SHA_RND2(D, E, A, B, C, 5);
+    SHA_MIX(6, 3, 14, 8);
+    SHA_RND2(C, D, E, A, B, 6);
+    SHA_MIX(7, 4, 15, 9);
+    SHA_RND2(B, C, D, E, A, 7);
+    SHA_MIX(8, 5, 0, 10);
+    SHA_RND2(A, B, C, D, E, 8);
+    SHA_MIX(9, 6, 1, 11);
+    SHA_RND2(E, A, B, C, D, 9);
+    SHA_MIX(10, 7, 2, 12);
+    SHA_RND2(D, E, A, B, C, 10);
+    SHA_MIX(11, 8, 3, 13);
+    SHA_RND2(C, D, E, A, B, 11);
+    SHA_MIX(12, 9, 4, 14);
+    SHA_RND2(B, C, D, E, A, 12);
+    SHA_MIX(13, 10, 5, 15);
+    SHA_RND2(A, B, C, D, E, 13);
+    SHA_MIX(14, 11, 6, 0);
+    SHA_RND2(E, A, B, C, D, 14);
+    SHA_MIX(15, 12, 7, 1);
+    SHA_RND2(D, E, A, B, C, 15);
+
+    SHA_MIX(0, 13, 8, 2);
+    SHA_RND2(C, D, E, A, B, 0);
+    SHA_MIX(1, 14, 9, 3);
+    SHA_RND2(B, C, D, E, A, 1);
+    SHA_MIX(2, 15, 10, 4);
+    SHA_RND2(A, B, C, D, E, 2);
+    SHA_MIX(3, 0, 11, 5);
+    SHA_RND2(E, A, B, C, D, 3);
+    SHA_MIX(4, 1, 12, 6);
+    SHA_RND2(D, E, A, B, C, 4);
+    SHA_MIX(5, 2, 13, 7);
+    SHA_RND2(C, D, E, A, B, 5);
+    SHA_MIX(6, 3, 14, 8);
+    SHA_RND2(B, C, D, E, A, 6);
+    SHA_MIX(7, 4, 15, 9);
+    SHA_RND2(A, B, C, D, E, 7);
+
+    SHA_MIX(8, 5, 0, 10);
+    SHA_RND3(E, A, B, C, D, 8);
+    SHA_MIX(9, 6, 1, 11);
+    SHA_RND3(D, E, A, B, C, 9);
+    SHA_MIX(10, 7, 2, 12);
+    SHA_RND3(C, D, E, A, B, 10);
+    SHA_MIX(11, 8, 3, 13);
+    SHA_RND3(B, C, D, E, A, 11);
+    SHA_MIX(12, 9, 4, 14);
+    SHA_RND3(A, B, C, D, E, 12);
+    SHA_MIX(13, 10, 5, 15);
+    SHA_RND3(E, A, B, C, D, 13);
+    SHA_MIX(14, 11, 6, 0);
+    SHA_RND3(D, E, A, B, C, 14);
+    SHA_MIX(15, 12, 7, 1);
+    SHA_RND3(C, D, E, A, B, 15);
+
+    SHA_MIX(0, 13, 8, 2);
+    SHA_RND3(B, C, D, E, A, 0);
+    SHA_MIX(1, 14, 9, 3);
+    SHA_RND3(A, B, C, D, E, 1);
+    SHA_MIX(2, 15, 10, 4);
+    SHA_RND3(E, A, B, C, D, 2);
+    SHA_MIX(3, 0, 11, 5);
+    SHA_RND3(D, E, A, B, C, 3);
+    SHA_MIX(4, 1, 12, 6);
+    SHA_RND3(C, D, E, A, B, 4);
+    SHA_MIX(5, 2, 13, 7);
+    SHA_RND3(B, C, D, E, A, 5);
+    SHA_MIX(6, 3, 14, 8);
+    SHA_RND3(A, B, C, D, E, 6);
+    SHA_MIX(7, 4, 15, 9);
+    SHA_RND3(E, A, B, C, D, 7);
+    SHA_MIX(8, 5, 0, 10);
+    SHA_RND3(D, E, A, B, C, 8);
+    SHA_MIX(9, 6, 1, 11);
+    SHA_RND3(C, D, E, A, B, 9);
+    SHA_MIX(10, 7, 2, 12);
+    SHA_RND3(B, C, D, E, A, 10);
+    SHA_MIX(11, 8, 3, 13);
+    SHA_RND3(A, B, C, D, E, 11);
+
+    SHA_MIX(12, 9, 4, 14);
+    SHA_RND4(E, A, B, C, D, 12);
+    SHA_MIX(13, 10, 5, 15);
+    SHA_RND4(D, E, A, B, C, 13);
+    SHA_MIX(14, 11, 6, 0);
+    SHA_RND4(C, D, E, A, B, 14);
+    SHA_MIX(15, 12, 7, 1);
+    SHA_RND4(B, C, D, E, A, 15);
+
+    SHA_MIX(0, 13, 8, 2);
+    SHA_RND4(A, B, C, D, E, 0);
+    SHA_MIX(1, 14, 9, 3);
+    SHA_RND4(E, A, B, C, D, 1);
+    SHA_MIX(2, 15, 10, 4);
+    SHA_RND4(D, E, A, B, C, 2);
+    SHA_MIX(3, 0, 11, 5);
+    SHA_RND4(C, D, E, A, B, 3);
+    SHA_MIX(4, 1, 12, 6);
+    SHA_RND4(B, C, D, E, A, 4);
+    SHA_MIX(5, 2, 13, 7);
+    SHA_RND4(A, B, C, D, E, 5);
+    SHA_MIX(6, 3, 14, 8);
+    SHA_RND4(E, A, B, C, D, 6);
+    SHA_MIX(7, 4, 15, 9);
+    SHA_RND4(D, E, A, B, C, 7);
+    SHA_MIX(8, 5, 0, 10);
+    SHA_RND4(C, D, E, A, B, 8);
+    SHA_MIX(9, 6, 1, 11);
+    SHA_RND4(B, C, D, E, A, 9);
+    SHA_MIX(10, 7, 2, 12);
+    SHA_RND4(A, B, C, D, E, 10);
+    SHA_MIX(11, 8, 3, 13);
+    SHA_RND4(E, A, B, C, D, 11);
+    SHA_MIX(12, 9, 4, 14);
+    SHA_RND4(D, E, A, B, C, 12);
+    SHA_MIX(13, 10, 5, 15);
+    SHA_RND4(C, D, E, A, B, 13);
+    SHA_MIX(14, 11, 6, 0);
+    SHA_RND4(B, C, D, E, A, 14);
+    SHA_MIX(15, 12, 7, 1);
+    SHA_RND4(A, B, C, D, E, 15);
+
+    XH(0) += A;
+    XH(1) += B;
+    XH(2) += C;
+    XH(3) += D;
+    XH(4) += E;
+}
+
+/*************************************************************************
+** Code below this line added to make SHA code support BLAPI interface
+*/
+
+SHA1Context *
+SHA1_NewContext(void)
+{
+    SHA1Context *cx;
+
+    /* no need to ZNew, SHA1_Begin will init the context */
+    cx = PORT_New(SHA1Context);
+    return cx;
+}
+
+/* Zero and free the context */
+void
+SHA1_DestroyContext(SHA1Context *cx, PRBool freeit)
+{
+    memset(cx, 0, sizeof *cx);
+    if (freeit) {
+        PORT_Free(cx);
+    }
+}
+
+SECStatus
+SHA1_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length)
+{
+    SHA1Context ctx;
+    unsigned int outLen;
+
+    SHA1_Begin(&ctx);
+    SHA1_Update(&ctx, src, src_length);
+    SHA1_End(&ctx, dest, &outLen, SHA1_LENGTH);
+    memset(&ctx, 0, sizeof ctx);
+    return SECSuccess;
+}
+
+/* Hash a null-terminated character string. */
+SECStatus
+SHA1_Hash(unsigned char *dest, const char *src)
+{
+    return SHA1_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
+}
+
+/*
+ * need to support save/restore state in pkcs11. Stores all the info necessary
+ * for a structure into just a stream of bytes.
+ */
+unsigned int
+SHA1_FlattenSize(SHA1Context *cx)
+{
+    return sizeof(SHA1Context);
+}
+
+SECStatus
+SHA1_Flatten(SHA1Context *cx, unsigned char *space)
+{
+    PORT_Memcpy(space, cx, sizeof(SHA1Context));
+    return SECSuccess;
+}
+
+SHA1Context *
+SHA1_Resurrect(unsigned char *space, void *arg)
+{
+    SHA1Context *cx = SHA1_NewContext();
+    if (cx == NULL)
+        return NULL;
+
+    PORT_Memcpy(cx, space, sizeof(SHA1Context));
+    return cx;
+}
+
+void
+SHA1_Clone(SHA1Context *dest, SHA1Context *src)
+{
+    memcpy(dest, src, sizeof *dest);
+}
+
+void
+SHA1_TraceState(SHA1Context *ctx)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+}
diff --git a/nss/lib/freebl/sha_fast.h b/nss/lib/freebl/sha_fast.h
new file mode 100644
index 0000000..4f37d13
--- /dev/null
+++ b/nss/lib/freebl/sha_fast.h
@@ -0,0 +1,176 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SHA_FAST_H_
+#define _SHA_FAST_H_
+
+#include "prlong.h"
+#include "blapii.h"
+
+#define SHA1_INPUT_LEN 64
+
+#if defined(IS_64) && !defined(__sparc)
+typedef PRUint64 SHA_HW_t;
+#define SHA1_USING_64_BIT 1
+#else
+typedef PRUint32 SHA_HW_t;
+#endif
+
+struct SHA1ContextStr {
+    union {
+        PRUint32 w[16]; /* input buffer */
+        PRUint8 b[64];
+    } u;
+    PRUint64 size;  /* count of hashed bytes. */
+    SHA_HW_t H[22]; /* 5 state variables, 16 tmp values, 1 extra */
+};
+
+#if defined(_MSC_VER)
+#include <stdlib.h>
+#if defined(IS_LITTLE_ENDIAN)
+#if (_MSC_VER >= 1300)
+#pragma intrinsic(_byteswap_ulong)
+#define SHA_HTONL(x) _byteswap_ulong(x)
+#elif defined(NSS_X86_OR_X64)
+#ifndef FORCEINLINE
+#if (_MSC_VER >= 1200)
+#define FORCEINLINE __forceinline
+#else
+#define FORCEINLINE __inline
+#endif /* _MSC_VER */
+#endif /* !defined FORCEINLINE */
+#define FASTCALL __fastcall
+
+static FORCEINLINE PRUint32 FASTCALL
+swap4b(PRUint32 dwd)
+{
+    __asm {
+    	mov   eax,dwd
+	bswap eax
+    }
+}
+
+#define SHA_HTONL(x) swap4b(x)
+#endif /* NSS_X86_OR_X64 */
+#endif /* IS_LITTLE_ENDIAN */
+
+#pragma intrinsic(_lrotr, _lrotl)
+#define SHA_ROTL(x, n) _lrotl(x, n)
+#define SHA_ROTL_IS_DEFINED 1
+#endif /* _MSC_VER */
+
+#if defined(__GNUC__)
+/* __x86_64__  and __x86_64 are defined by GCC on x86_64 CPUs */
+#if defined(SHA1_USING_64_BIT)
+static __inline__ PRUint64
+SHA_ROTL(PRUint64 x, PRUint32 n)
+{
+    PRUint32 t = (PRUint32)x;
+    return ((t << n) | (t >> (32 - n)));
+}
+#else
+static __inline__ PRUint32
+SHA_ROTL(PRUint32 t, PRUint32 n)
+{
+    return ((t << n) | (t >> (32 - n)));
+}
+#endif
+#define SHA_ROTL_IS_DEFINED 1
+
+#if defined(NSS_X86_OR_X64)
+static __inline__ PRUint32
+swap4b(PRUint32 value)
+{
+    __asm__("bswap %0"
+            : "+r"(value));
+    return (value);
+}
+#define SHA_HTONL(x) swap4b(x)
+
+#elif defined(__thumb2__) ||       \
+    (!defined(__thumb__) &&        \
+     (defined(__ARM_ARCH_6__) ||   \
+      defined(__ARM_ARCH_6J__) ||  \
+      defined(__ARM_ARCH_6K__) ||  \
+      defined(__ARM_ARCH_6Z__) ||  \
+      defined(__ARM_ARCH_6ZK__) || \
+      defined(__ARM_ARCH_6T2__) || \
+      defined(__ARM_ARCH_7__) ||   \
+      defined(__ARM_ARCH_7A__) ||  \
+      defined(__ARM_ARCH_7R__)))
+static __inline__ PRUint32
+swap4b(PRUint32 value)
+{
+    PRUint32 ret;
+    __asm__("rev %0, %1"
+            : "=r"(ret)
+            : "r"(value));
+    return ret;
+}
+#define SHA_HTONL(x) swap4b(x)
+
+#endif /* x86 family */
+
+#endif /* __GNUC__ */
+
+#if !defined(SHA_ROTL_IS_DEFINED)
+#define SHA_NEED_TMP_VARIABLE 1
+#define SHA_ROTL(X, n) (tmp = (X), ((tmp) << (n)) | ((tmp) >> (32 - (n))))
+#endif
+
+#if !defined(SHA_HTONL)
+#define SHA_MASK 0x00FF00FF
+#if defined(IS_LITTLE_ENDIAN)
+#undef SHA_NEED_TMP_VARIABLE
+#define SHA_NEED_TMP_VARIABLE 1
+#define SHA_HTONL(x) (tmp = (x), tmp = (tmp << 16) | (tmp >> 16), \
+                      ((tmp & SHA_MASK) << 8) | ((tmp >> 8) & SHA_MASK))
+#else
+#define SHA_HTONL(x) (x)
+#endif
+#endif
+
+#define SHA_BYTESWAP(x) x = SHA_HTONL(x)
+
+#define SHA_STORE(n) ((PRUint32*)hashout)[n] = SHA_HTONL(ctx->H[n])
+#if defined(HAVE_UNALIGNED_ACCESS)
+#define SHA_STORE_RESULT \
+    SHA_STORE(0);        \
+    SHA_STORE(1);        \
+    SHA_STORE(2);        \
+    SHA_STORE(3);        \
+    SHA_STORE(4);
+
+#elif defined(IS_LITTLE_ENDIAN) || defined(SHA1_USING_64_BIT)
+#define SHA_STORE_RESULT                            \
+    if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
+        SHA_STORE(0);                               \
+        SHA_STORE(1);                               \
+        SHA_STORE(2);                               \
+        SHA_STORE(3);                               \
+        SHA_STORE(4);                               \
+    } else {                                        \
+        PRUint32 tmpbuf[5];                         \
+        tmpbuf[0] = SHA_HTONL(ctx->H[0]);           \
+        tmpbuf[1] = SHA_HTONL(ctx->H[1]);           \
+        tmpbuf[2] = SHA_HTONL(ctx->H[2]);           \
+        tmpbuf[3] = SHA_HTONL(ctx->H[3]);           \
+        tmpbuf[4] = SHA_HTONL(ctx->H[4]);           \
+        memcpy(hashout, tmpbuf, SHA1_LENGTH);       \
+    }
+
+#else
+#define SHA_STORE_RESULT                            \
+    if (!((ptrdiff_t)hashout % sizeof(PRUint32))) { \
+        SHA_STORE(0);                               \
+        SHA_STORE(1);                               \
+        SHA_STORE(2);                               \
+        SHA_STORE(3);                               \
+        SHA_STORE(4);                               \
+    } else {                                        \
+        memcpy(hashout, ctx->H, SHA1_LENGTH);       \
+    }
+#endif
+
+#endif /* _SHA_FAST_H_ */
diff --git a/nss/lib/freebl/shsign.h b/nss/lib/freebl/shsign.h
new file mode 100644
index 0000000..590c0e6
--- /dev/null
+++ b/nss/lib/freebl/shsign.h
@@ -0,0 +1,14 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SHSIGN_H_
+#define _SHSIGN_H_
+
+#define SGN_SUFFIX ".chk"
+#define NSS_SIGN_CHK_MAGIC1 0xf1
+#define NSS_SIGN_CHK_MAGIC2 0xc5
+#define NSS_SIGN_CHK_MAJOR_VERSION 0x01
+#define NSS_SIGN_CHK_MINOR_VERSION 0x02
+
+#endif /* _SHSIGN_H_ */
diff --git a/nss/lib/freebl/shvfy.c b/nss/lib/freebl/shvfy.c
new file mode 100644
index 0000000..af4a34f
--- /dev/null
+++ b/nss/lib/freebl/shvfy.c
@@ -0,0 +1,534 @@
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "shsign.h"
+#include "prlink.h"
+#include "prio.h"
+#include "blapi.h"
+#include "seccomon.h"
+#include "stdio.h"
+#include "prmem.h"
+#include "hasht.h"
+#include "pqg.h"
+#include "blapii.h"
+
+/*
+ * Most modern version of Linux support a speed optimization scheme where an
+ * application called prelink modifies programs and shared libraries to quickly
+ * load if they fit into an already designed address space. In short, prelink
+ * scans the list of programs and libraries on your system, assigns them a
+ * predefined space in the the address space, then provides the fixups to the
+ * library.
+
+ * The modification of the shared library is correctly detected by the freebl
+ * FIPS checksum scheme where we check a signed hash of the library against the
+ * library itself.
+ *
+ * The prelink command itself can reverse the process of modification and
+ * output the prestine shared library as it was before prelink made it's
+ * changes. If FREEBL_USE_PRELINK is set Freebl uses prelink to output the
+ * original copy of the shared library before prelink modified it.
+ */
+#ifdef FREEBL_USE_PRELINK
+#ifndef FREELB_PRELINK_COMMAND
+#define FREEBL_PRELINK_COMMAND "/usr/sbin/prelink -u -o -"
+#endif
+#include "private/pprio.h"
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+
+/*
+ * This function returns an NSPR PRFileDesc * which the caller can read to
+ * obtain the prestine value of the shared library, before any OS related
+ * changes to it (usually address fixups).
+ *
+ * If prelink is installed, this
+ * file descriptor is a pipe connecting the output of
+ *            /usr/sbin/prelink -u -o - {Library}
+ * and *pid returns the process id of the prelink child.
+ *
+ * If prelink is not installed, it returns a normal readonly handle to the
+ * library itself and *pid is set to '0'.
+ */
+PRFileDesc *
+bl_OpenUnPrelink(const char *shName, int *pid)
+{
+    char *command = strdup(FREEBL_PRELINK_COMMAND);
+    char *argString = NULL;
+    char **argv = NULL;
+    char *shNameArg = NULL;
+    char *cp;
+    pid_t child;
+    int argc = 0, argNext = 0;
+    struct stat statBuf;
+    int pipefd[2] = { -1, -1 };
+    int ret;
+
+    *pid = 0;
+
+    /* make sure the prelink command exists first. If not, fall back to
+     * just reading the file */
+    for (cp = command; *cp; cp++) {
+        if (*cp == ' ') {
+            *cp++ = 0;
+            argString = cp;
+            break;
+        }
+    }
+    memset(&statBuf, 0, sizeof(statBuf));
+    /* stat the file, follow the link */
+    ret = stat(command, &statBuf);
+    if (ret < 0) {
+        free(command);
+        return PR_Open(shName, PR_RDONLY, 0);
+    }
+    /* file exits, make sure it's an executable */
+    if (!S_ISREG(statBuf.st_mode) ||
+        ((statBuf.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0)) {
+        free(command);
+        return PR_Open(shName, PR_RDONLY, 0);
+    }
+
+    /* OK, the prelink command exists and looks correct, use it */
+    /* build the arglist while we can still malloc */
+    /* count the args if any */
+    if (argString && *argString) {
+        /* argString may have leading spaces, strip them off*/
+        for (cp = argString; *cp && *cp == ' '; cp++)
+            ;
+        argString = cp;
+        if (*cp) {
+            /* there is at least one arg.. */
+            argc = 1;
+        }
+
+        /* count the rest: Note there is no provision for escaped
+         * spaces here */
+        for (cp = argString; *cp; cp++) {
+            if (*cp == ' ') {
+                while (*cp && *cp == ' ')
+                    cp++;
+                if (*cp)
+                    argc++;
+            }
+        }
+    }
+
+    /* add the additional args: argv[0] (command), shName, NULL*/
+    argc += 3;
+    argv = PORT_NewArray(char *, argc);
+    if (argv == NULL) {
+        goto loser;
+    }
+
+    /* fill in the arglist */
+    argv[argNext++] = command;
+    if (argString && *argString) {
+        argv[argNext++] = argString;
+        for (cp = argString; *cp; cp++) {
+            if (*cp == ' ') {
+                *cp++ = 0;
+                while (*cp && *cp == ' ')
+                    cp++;
+                if (*cp)
+                    argv[argNext++] = cp;
+            }
+        }
+    }
+    /* exec doesn't advertise taking const char **argv, do the paranoid
+     * copy */
+    shNameArg = strdup(shName);
+    if (shNameArg == NULL) {
+        goto loser;
+    }
+    argv[argNext++] = shNameArg;
+    argv[argNext++] = 0;
+
+    ret = pipe(pipefd);
+    if (ret < 0) {
+        goto loser;
+    }
+
+    /* use vfork() so we don't trigger the pthread_at_fork() handlers */
+    child = vfork();
+    if (child < 0)
+        goto loser;
+    if (child == 0) {
+        /* set up the file descriptors */
+        /* if we need to support BSD, this will need to be an open of
+         * /dev/null and dup2(nullFD, 0)*/
+        close(0);
+        /* associate pipefd[1] with stdout */
+        if (pipefd[1] != 1)
+            dup2(pipefd[1], 1);
+        close(2);
+        close(pipefd[0]);
+        /* should probably close the other file descriptors? */
+
+        execv(command, argv);
+        /* avoid at_exit() handlers */
+        _exit(1); /* shouldn't reach here except on an error */
+    }
+    close(pipefd[1]);
+    pipefd[1] = -1;
+
+    /* this is safe because either vfork() as full fork() semantics, and thus
+     * already has it's own address space, or because vfork() has paused
+     * the parent util the exec or exit */
+    free(command);
+    free(shNameArg);
+    PORT_Free(argv);
+
+    *pid = child;
+
+    return PR_ImportPipe(pipefd[0]);
+
+loser:
+    if (pipefd[0] != -1) {
+        close(pipefd[0]);
+    }
+    if (pipefd[1] != -1) {
+        close(pipefd[1]);
+    }
+    free(command);
+    free(shNameArg);
+    PORT_Free(argv);
+
+    return NULL;
+}
+
+/*
+ * bl_CloseUnPrelink -
+ *
+ * This closes the file descripter and reaps and children openned and crated by
+ * b;_OpenUnprelink. It's primary difference between it and just close is
+ * that it calls wait on the pid if one is supplied, preventing zombie children
+ * from hanging around.
+ */
+void
+bl_CloseUnPrelink(PRFileDesc *file, int pid)
+{
+    /* close the file descriptor */
+    PR_Close(file);
+    /* reap the child */
+    if (pid) {
+        waitpid(pid, NULL, 0);
+    }
+}
+#endif
+
+/* #define DEBUG_SHVERIFY 1 */
+
+static char *
+mkCheckFileName(const char *libName)
+{
+    int ln_len = PORT_Strlen(libName);
+    char *output = PORT_Alloc(ln_len + sizeof(SGN_SUFFIX));
+    int index = ln_len + 1 - sizeof("." SHLIB_SUFFIX);
+
+    if ((index > 0) &&
+        (PORT_Strncmp(&libName[index],
+                      "." SHLIB_SUFFIX, sizeof("." SHLIB_SUFFIX)) == 0)) {
+        ln_len = index;
+    }
+    PORT_Memcpy(output, libName, ln_len);
+    PORT_Memcpy(&output[ln_len], SGN_SUFFIX, sizeof(SGN_SUFFIX));
+    return output;
+}
+
+static int
+decodeInt(unsigned char *buf)
+{
+    return (buf[3]) | (buf[2] << 8) | (buf[1] << 16) | (buf[0] << 24);
+}
+
+static SECStatus
+readItem(PRFileDesc *fd, SECItem *item)
+{
+    unsigned char buf[4];
+    int bytesRead;
+
+    bytesRead = PR_Read(fd, buf, 4);
+    if (bytesRead != 4) {
+        return SECFailure;
+    }
+    item->len = decodeInt(buf);
+
+    item->data = PORT_Alloc(item->len);
+    if (item->data == NULL) {
+        item->len = 0;
+        return SECFailure;
+    }
+    bytesRead = PR_Read(fd, item->data, item->len);
+    if (bytesRead != item->len) {
+        PORT_Free(item->data);
+        item->data = NULL;
+        item->len = 0;
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self);
+
+static PRBool
+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self)
+{
+    PRBool result = PR_FALSE; /* if anything goes wrong,
+                   * the signature does not verify */
+    /* find our shared library name */
+    char *shName = PR_GetLibraryFilePathname(name, addr);
+    if (!shName) {
+        goto loser;
+    }
+    result = blapi_SHVerifyFile(shName, self);
+
+loser:
+    if (shName != NULL) {
+        PR_Free(shName);
+    }
+
+    return result;
+}
+
+PRBool
+BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+{
+    return blapi_SHVerify(name, addr, PR_FALSE);
+}
+
+PRBool
+BLAPI_SHVerifyFile(const char *shName)
+{
+    return blapi_SHVerifyFile(shName, PR_FALSE);
+}
+
+static PRBool
+blapi_SHVerifyFile(const char *shName, PRBool self)
+{
+    char *checkName = NULL;
+    PRFileDesc *checkFD = NULL;
+    PRFileDesc *shFD = NULL;
+    void *hashcx = NULL;
+    const SECHashObject *hashObj = NULL;
+    SECItem signature = { 0, NULL, 0 };
+    SECItem hash;
+    int bytesRead, offset;
+    SECStatus rv;
+    DSAPublicKey key;
+    int count;
+#ifdef FREEBL_USE_PRELINK
+    int pid = 0;
+#endif
+
+    PRBool result = PR_FALSE; /* if anything goes wrong,
+                   * the signature does not verify */
+    unsigned char buf[4096];
+    unsigned char hashBuf[HASH_LENGTH_MAX];
+
+    PORT_Memset(&key, 0, sizeof(key));
+    hash.data = hashBuf;
+    hash.len = sizeof(hashBuf);
+
+    /* If our integrity check was never ran or failed, fail any other
+     * integrity checks to prevent any token going into FIPS mode. */
+    if (!self && (BL_FIPSEntryOK(PR_FALSE) != SECSuccess)) {
+        return PR_FALSE;
+    }
+
+    if (!shName) {
+        goto loser;
+    }
+
+    /* figure out the name of our check file */
+    checkName = mkCheckFileName(shName);
+    if (!checkName) {
+        goto loser;
+    }
+
+    /* open the check File */
+    checkFD = PR_Open(checkName, PR_RDONLY, 0);
+    if (checkFD == NULL) {
+#ifdef DEBUG_SHVERIFY
+        fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
+                checkName, (int)PR_GetError(), (int)PR_GetOSError());
+#endif /* DEBUG_SHVERIFY */
+        goto loser;
+    }
+
+    /* read and Verify the headerthe header */
+    bytesRead = PR_Read(checkFD, buf, 12);
+    if (bytesRead != 12) {
+        goto loser;
+    }
+    if ((buf[0] != NSS_SIGN_CHK_MAGIC1) || (buf[1] != NSS_SIGN_CHK_MAGIC2)) {
+        goto loser;
+    }
+    if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) ||
+        (buf[3] < NSS_SIGN_CHK_MINOR_VERSION)) {
+        goto loser;
+    }
+#ifdef notdef
+    if (decodeInt(&buf[8]) != CKK_DSA) {
+        goto loser;
+    }
+#endif
+
+    /* seek past any future header extensions */
+    offset = decodeInt(&buf[4]);
+    if (PR_Seek(checkFD, offset, PR_SEEK_SET) < 0) {
+        goto loser;
+    }
+
+    /* read the key */
+    rv = readItem(checkFD, &key.params.prime);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = readItem(checkFD, &key.params.subPrime);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = readItem(checkFD, &key.params.base);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = readItem(checkFD, &key.publicValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* read the siganture */
+    rv = readItem(checkFD, &signature);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* done with the check file */
+    PR_Close(checkFD);
+    checkFD = NULL;
+
+    hashObj = HASH_GetRawHashObject(PQG_GetHashType(&key.params));
+    if (hashObj == NULL) {
+        goto loser;
+    }
+
+/* open our library file */
+#ifdef FREEBL_USE_PRELINK
+    shFD = bl_OpenUnPrelink(shName, &pid);
+#else
+    shFD = PR_Open(shName, PR_RDONLY, 0);
+#endif
+    if (shFD == NULL) {
+#ifdef DEBUG_SHVERIFY
+        fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
+                shName, (int)PR_GetError(), (int)PR_GetOSError());
+#endif /* DEBUG_SHVERIFY */
+        goto loser;
+    }
+
+    /* hash our library file with SHA1 */
+    hashcx = hashObj->create();
+    if (hashcx == NULL) {
+        goto loser;
+    }
+    hashObj->begin(hashcx);
+
+    count = 0;
+    while ((bytesRead = PR_Read(shFD, buf, sizeof(buf))) > 0) {
+        hashObj->update(hashcx, buf, bytesRead);
+        count += bytesRead;
+    }
+#ifdef FREEBL_USE_PRELINK
+    bl_CloseUnPrelink(shFD, pid);
+#else
+    PR_Close(shFD);
+#endif
+    shFD = NULL;
+
+    hashObj->end(hashcx, hash.data, &hash.len, hash.len);
+
+    /* verify the hash against the check file */
+    if (DSA_VerifyDigest(&key, &signature, &hash) == SECSuccess) {
+        result = PR_TRUE;
+    }
+#ifdef DEBUG_SHVERIFY
+    {
+        int i, j;
+        fprintf(stderr, "File %s: %d bytes\n", shName, count);
+        fprintf(stderr, "  hash: %d bytes\n", hash.len);
+#define STEP 10
+        for (i = 0; i < hash.len; i += STEP) {
+            fprintf(stderr, "   ");
+            for (j = 0; j < STEP && (i + j) < hash.len; j++) {
+                fprintf(stderr, " %02x", hash.data[i + j]);
+            }
+            fprintf(stderr, "\n");
+        }
+        fprintf(stderr, "  signature: %d bytes\n", signature.len);
+        for (i = 0; i < signature.len; i += STEP) {
+            fprintf(stderr, "   ");
+            for (j = 0; j < STEP && (i + j) < signature.len; j++) {
+                fprintf(stderr, " %02x", signature.data[i + j]);
+            }
+            fprintf(stderr, "\n");
+        }
+        fprintf(stderr, "Verified : %s\n", result ? "TRUE" : "FALSE");
+    }
+#endif /* DEBUG_SHVERIFY */
+
+loser:
+    if (checkName != NULL) {
+        PORT_Free(checkName);
+    }
+    if (checkFD != NULL) {
+        PR_Close(checkFD);
+    }
+    if (shFD != NULL) {
+        PR_Close(shFD);
+    }
+    if (hashcx != NULL) {
+        if (hashObj) {
+            hashObj->destroy(hashcx, PR_TRUE);
+        }
+    }
+    if (signature.data != NULL) {
+        PORT_Free(signature.data);
+    }
+    if (key.params.prime.data != NULL) {
+        PORT_Free(key.params.prime.data);
+    }
+    if (key.params.subPrime.data != NULL) {
+        PORT_Free(key.params.subPrime.data);
+    }
+    if (key.params.base.data != NULL) {
+        PORT_Free(key.params.base.data);
+    }
+    if (key.publicValue.data != NULL) {
+        PORT_Free(key.publicValue.data);
+    }
+
+    return result;
+}
+
+PRBool
+BLAPI_VerifySelf(const char *name)
+{
+    if (name == NULL) {
+        /*
+         * If name is NULL, freebl is statically linked into softoken.
+         * softoken will call BLAPI_SHVerify next to verify itself.
+         */
+        return PR_TRUE;
+    }
+    return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE);
+}
diff --git a/nss/lib/freebl/stubs.c b/nss/lib/freebl/stubs.c
new file mode 100644
index 0000000..8e07849
--- /dev/null
+++ b/nss/lib/freebl/stubs.c
@@ -0,0 +1,711 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Allow freebl and softoken to be loaded without util or NSPR.
+ *
+ * These symbols are overridden once real NSPR, and libutil are attached.
+ */
+#define _GNU_SOURCE 1
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <fcntl.h>
+#include <time.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <dlfcn.h>
+#include <prio.h>
+#include <prlink.h>
+#include <prlog.h>
+#include <prthread.h>
+#include <plstr.h>
+#include <prinit.h>
+#include <prlock.h>
+#include <prmem.h>
+#include <prerror.h>
+#include <prmon.h>
+#include <pratom.h>
+#include <prsystem.h>
+#include <prinrval.h>
+#include <prtime.h>
+#include <prcvar.h>
+#include <secasn1.h>
+#include <secdig.h>
+#include <secport.h>
+#include <secitem.h>
+#include <blapi.h>
+#include <private/pprio.h>
+
+#define FREEBL_NO_WEAK 1
+
+#define WEAK __attribute__((weak))
+
+#ifdef FREEBL_NO_WEAK
+
+/*
+ * This uses function pointers.
+ *
+ * CONS:  A separate function is needed to
+ * fill in the function pointers.
+ *
+ * PROS: it works on all platforms.
+ *  it allows for dynamically finding nspr and libutil, even once
+ *  softoken is loaded and running. (NOTE: this may be a problem if
+ *  we switch between the stubs and real NSPR on the fly. NSPR will
+ *  do bad things if passed an _FakeArena to free or allocate from).
+ */
+#define STUB_DECLARE(ret, fn, args) \
+    typedef ret(*type_##fn) args;   \
+    static type_##fn ptr_##fn = NULL
+
+#define STUB_SAFE_CALL0(fn) \
+    if (ptr_##fn) {         \
+        return ptr_##fn();  \
+    }
+#define STUB_SAFE_CALL1(fn, a1) \
+    if (ptr_##fn) {             \
+        return ptr_##fn(a1);    \
+    }
+#define STUB_SAFE_CALL2(fn, a1, a2) \
+    if (ptr_##fn) {                 \
+        return ptr_##fn(a1, a2);    \
+    }
+#define STUB_SAFE_CALL3(fn, a1, a2, a3) \
+    if (ptr_##fn) {                     \
+        return ptr_##fn(a1, a2, a3);    \
+    }
+#define STUB_SAFE_CALL4(fn, a1, a2, a3, a4) \
+    if (ptr_##fn) {                         \
+        return ptr_##fn(a1, a2, a3, a4);    \
+    }
+#define STUB_SAFE_CALL6(fn, a1, a2, a3, a4, a5, a6) \
+    if (ptr_##fn) {                                 \
+        return ptr_##fn(a1, a2, a3, a4, a5, a6);    \
+    }
+
+#define STUB_FETCH_FUNCTION(fn)            \
+    ptr_##fn = (type_##fn)dlsym(lib, #fn); \
+    if (ptr_##fn == NULL) {                \
+        return SECFailure;                 \
+    }
+
+#else
+/*
+ * this uses the loader weak attribute. it works automatically, but once
+ * freebl is loaded, the symbols are 'fixed' (later loading of NSPR or
+ * libutil will not resolve these symbols).
+ */
+
+#define STUB_DECLARE(ret, fn, args) \
+    WEAK extern ret fn args
+
+#define STUB_SAFE_CALL0(fn) \
+    if (fn) {               \
+        return fn();        \
+    }
+#define STUB_SAFE_CALL1(fn, a1) \
+    if (fn) {                   \
+        return fn(a1);          \
+    }
+#define STUB_SAFE_CALL2(fn, a1, a2) \
+    if (fn) {                       \
+        return fn(a1, a2);          \
+    }
+#define STUB_SAFE_CALL3(fn, a1, a2, a3) \
+    if (fn) {                           \
+        return fn(a1, a2, a3);          \
+    }
+#define STUB_SAFE_CALL4(fn, a1, a2, a3, a4) \
+    if (fn) {                               \
+        return fn(a1, a2, a3, a4);          \
+    }
+#define STUB_SAFE_CALL6(fn, a1, a2, a3, a4, a5, a6) \
+    if (fn) {                                       \
+        return fn(a1, a2, a3, a4, a5, a6);          \
+    }
+#endif
+
+STUB_DECLARE(void *, PORT_Alloc_Util, (size_t len));
+STUB_DECLARE(void *, PORT_ArenaAlloc_Util, (PLArenaPool * arena, size_t size));
+STUB_DECLARE(void *, PORT_ArenaZAlloc_Util, (PLArenaPool * arena, size_t size));
+STUB_DECLARE(void, PORT_Free_Util, (void *ptr));
+STUB_DECLARE(void, PORT_FreeArena_Util, (PLArenaPool * arena, PRBool zero));
+STUB_DECLARE(int, PORT_GetError_Util, (void));
+STUB_DECLARE(PLArenaPool *, PORT_NewArena_Util, (unsigned long chunksize));
+STUB_DECLARE(void, PORT_SetError_Util, (int value));
+STUB_DECLARE(void *, PORT_ZAlloc_Util, (size_t len));
+STUB_DECLARE(void, PORT_ZFree_Util, (void *ptr, size_t len));
+
+STUB_DECLARE(void, PR_Assert, (const char *s, const char *file, PRIntn ln));
+STUB_DECLARE(PRStatus, PR_Access, (const char *name, PRAccessHow how));
+STUB_DECLARE(PRStatus, PR_CallOnce, (PRCallOnceType * once, PRCallOnceFN func));
+STUB_DECLARE(PRStatus, PR_Close, (PRFileDesc * fd));
+STUB_DECLARE(void, PR_DestroyLock, (PRLock * lock));
+STUB_DECLARE(void, PR_DestroyCondVar, (PRCondVar * cvar));
+STUB_DECLARE(void, PR_Free, (void *ptr));
+STUB_DECLARE(char *, PR_GetLibraryFilePathname, (const char *name,
+                                                 PRFuncPtr addr));
+STUB_DECLARE(PRFileDesc *, PR_ImportPipe, (PROsfd osfd));
+STUB_DECLARE(void, PR_Lock, (PRLock * lock));
+STUB_DECLARE(PRCondVar *, PR_NewCondVar, (PRLock * lock));
+STUB_DECLARE(PRLock *, PR_NewLock, (void));
+STUB_DECLARE(PRStatus, PR_NotifyCondVar, (PRCondVar * cvar));
+STUB_DECLARE(PRStatus, PR_NotifyAllCondVar, (PRCondVar * cvar));
+STUB_DECLARE(PRFileDesc *, PR_Open, (const char *name, PRIntn flags,
+                                     PRIntn mode));
+STUB_DECLARE(PRInt32, PR_Read, (PRFileDesc * fd, void *buf, PRInt32 amount));
+STUB_DECLARE(PROffset32, PR_Seek, (PRFileDesc * fd, PROffset32 offset,
+                                   PRSeekWhence whence));
+STUB_DECLARE(PRStatus, PR_Sleep, (PRIntervalTime ticks));
+STUB_DECLARE(PRStatus, PR_Unlock, (PRLock * lock));
+STUB_DECLARE(PRStatus, PR_WaitCondVar, (PRCondVar * cvar,
+                                        PRIntervalTime timeout));
+STUB_DECLARE(char *, PR_GetEnvSecure, (const char *));
+
+STUB_DECLARE(SECItem *, SECITEM_AllocItem_Util, (PLArenaPool * arena,
+                                                 SECItem *item, unsigned int len));
+STUB_DECLARE(SECComparison, SECITEM_CompareItem_Util, (const SECItem *a,
+                                                       const SECItem *b));
+STUB_DECLARE(SECStatus, SECITEM_CopyItem_Util, (PLArenaPool * arena,
+                                                SECItem *to, const SECItem *from));
+STUB_DECLARE(void, SECITEM_FreeItem_Util, (SECItem * zap, PRBool freeit));
+STUB_DECLARE(void, SECITEM_ZfreeItem_Util, (SECItem * zap, PRBool freeit));
+STUB_DECLARE(SECOidTag, SECOID_FindOIDTag_Util, (const SECItem *oid));
+STUB_DECLARE(int, NSS_SecureMemcmp, (const void *a, const void *b, size_t n));
+
+#define PORT_ZNew_stub(type) (type *)PORT_ZAlloc_stub(sizeof(type))
+#define PORT_New_stub(type) (type *)PORT_Alloc_stub(sizeof(type))
+#define PORT_ZNewArray_stub(type, num) \
+    (type *)PORT_ZAlloc_stub(sizeof(type) * (num))
+
+/*
+ * NOTE: in order to support hashing only the memory allocation stubs,
+ * the get library name stubs, and the file io stubs are needed (the latter
+ * two are for the library verification). The remaining stubs are simply to
+ * compile. Attempts to use the library for other operations without NSPR
+ * will most likely fail.
+ */
+
+/* memory */
+extern void *
+PORT_Alloc_stub(size_t len)
+{
+    STUB_SAFE_CALL1(PORT_Alloc_Util, len);
+    return malloc(len);
+}
+
+extern void
+PORT_Free_stub(void *ptr)
+{
+    STUB_SAFE_CALL1(PORT_Free_Util, ptr);
+    return free(ptr);
+}
+
+extern void *
+PORT_ZAlloc_stub(size_t len)
+{
+    STUB_SAFE_CALL1(PORT_ZAlloc_Util, len);
+    void *ptr = malloc(len);
+    if (ptr) {
+        memset(ptr, 0, len);
+    }
+    return ptr;
+}
+
+extern void
+PORT_ZFree_stub(void *ptr, size_t len)
+{
+    STUB_SAFE_CALL2(PORT_ZFree_Util, ptr, len);
+    memset(ptr, 0, len);
+    return free(ptr);
+}
+
+extern void
+PR_Free_stub(void *ptr)
+{
+    STUB_SAFE_CALL1(PR_Free, ptr);
+    return free(ptr);
+}
+
+/*
+ * arenas
+ *
+ */
+extern PLArenaPool *
+PORT_NewArena_stub(unsigned long chunksize)
+{
+    STUB_SAFE_CALL1(PORT_NewArena_Util, chunksize);
+    abort();
+    return NULL;
+}
+
+extern void *
+PORT_ArenaAlloc_stub(PLArenaPool *arena, size_t size)
+{
+
+    STUB_SAFE_CALL2(PORT_ArenaZAlloc_Util, arena, size);
+    abort();
+    return NULL;
+}
+
+extern void *
+PORT_ArenaZAlloc_stub(PLArenaPool *arena, size_t size)
+{
+
+    STUB_SAFE_CALL2(PORT_ArenaZAlloc_Util, arena, size);
+    abort();
+    return NULL;
+}
+
+extern void
+PORT_FreeArena_stub(PLArenaPool *arena, PRBool zero)
+{
+
+    STUB_SAFE_CALL2(PORT_FreeArena_Util, arena, zero);
+    abort();
+}
+
+/* io */
+extern PRFileDesc *
+PR_Open_stub(const char *name, PRIntn flags, PRIntn mode)
+{
+    int *lfd = NULL;
+    int fd;
+    int lflags = 0;
+
+    STUB_SAFE_CALL3(PR_Open, name, flags, mode);
+
+    if (flags & PR_RDWR) {
+        lflags = O_RDWR;
+    } else if (flags & PR_WRONLY) {
+        lflags = O_WRONLY;
+    } else {
+        lflags = O_RDONLY;
+    }
+
+    if (flags & PR_EXCL)
+        lflags |= O_EXCL;
+    if (flags & PR_APPEND)
+        lflags |= O_APPEND;
+    if (flags & PR_TRUNCATE)
+        lflags |= O_TRUNC;
+
+    fd = open(name, lflags, mode);
+    if (fd >= 0) {
+        lfd = PORT_New_stub(int);
+        if (lfd != NULL) {
+            *lfd = fd;
+        } else {
+            close(fd);
+        }
+    }
+    return (PRFileDesc *)lfd;
+}
+
+extern PRFileDesc *
+PR_ImportPipe_stub(PROsfd fd)
+{
+    int *lfd = NULL;
+
+    STUB_SAFE_CALL1(PR_ImportPipe, fd);
+
+    lfd = PORT_New_stub(int);
+    if (lfd != NULL) {
+        *lfd = fd;
+    }
+    return (PRFileDesc *)lfd;
+}
+
+extern PRStatus
+PR_Close_stub(PRFileDesc *fd)
+{
+    int *lfd;
+    STUB_SAFE_CALL1(PR_Close, fd);
+
+    lfd = (int *)fd;
+    close(*lfd);
+    PORT_Free_stub(lfd);
+
+    return PR_SUCCESS;
+}
+
+extern PRInt32
+PR_Read_stub(PRFileDesc *fd, void *buf, PRInt32 amount)
+{
+    int *lfd;
+    STUB_SAFE_CALL3(PR_Read, fd, buf, amount);
+
+    lfd = (int *)fd;
+    return read(*lfd, buf, amount);
+}
+
+extern PROffset32
+PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence)
+{
+    int *lfd;
+    int lwhence = SEEK_SET;
+    STUB_SAFE_CALL3(PR_Seek, fd, offset, whence);
+    lfd = (int *)fd;
+    switch (whence) {
+        case PR_SEEK_CUR:
+            lwhence = SEEK_CUR;
+            break;
+        case PR_SEEK_END:
+            lwhence = SEEK_END;
+            break;
+        case PR_SEEK_SET:
+            break;
+    }
+
+    return lseek(*lfd, offset, lwhence);
+}
+
+PRStatus
+PR_Access_stub(const char *name, PRAccessHow how)
+{
+    int mode = F_OK;
+    int rv;
+    STUB_SAFE_CALL2(PR_Access, name, how);
+    switch (how) {
+        case PR_ACCESS_WRITE_OK:
+            mode = W_OK;
+            break;
+        case PR_ACCESS_READ_OK:
+            mode = R_OK;
+            break;
+        /* assume F_OK for all others */
+        default:
+            break;
+    }
+    rv = access(name, mode);
+    if (rv == 0) {
+        return PR_SUCCESS;
+    }
+    return PR_FAILURE;
+}
+
+/*
+ * library
+ */
+extern char *
+PR_GetLibraryFilePathname_stub(const char *name, PRFuncPtr addr)
+{
+    Dl_info dli;
+    char *result;
+
+    STUB_SAFE_CALL2(PR_GetLibraryFilePathname, name, addr);
+
+    if (dladdr((void *)addr, &dli) == 0) {
+        return NULL;
+    }
+    result = PORT_Alloc_stub(strlen(dli.dli_fname) + 1);
+    if (result != NULL) {
+        strcpy(result, dli.dli_fname);
+    }
+    return result;
+}
+
+#include <errno.h>
+
+/* errors */
+extern int
+PORT_GetError_stub(void)
+{
+    STUB_SAFE_CALL0(PORT_GetError_Util);
+    return errno;
+}
+
+extern void
+PORT_SetError_stub(int value)
+{
+    STUB_SAFE_CALL1(PORT_SetError_Util, value);
+    errno = value;
+}
+
+/* misc */
+extern void
+PR_Assert_stub(const char *s, const char *file, PRIntn ln)
+{
+    STUB_SAFE_CALL3(PR_Assert, s, file, ln);
+    fprintf(stderr, "%s line %d: %s\n", file, ln, s);
+    abort();
+}
+
+/* time */
+extern PRStatus
+PR_Sleep_stub(PRIntervalTime ticks)
+{
+    STUB_SAFE_CALL1(PR_Sleep, ticks);
+    usleep(ticks * 1000);
+    return PR_SUCCESS;
+}
+
+/* locking */
+extern PRLock *
+PR_NewLock_stub(void)
+{
+    STUB_SAFE_CALL0(PR_NewLock);
+    abort();
+    return NULL;
+}
+
+extern PRStatus
+PR_Unlock_stub(PRLock *lock)
+{
+    STUB_SAFE_CALL1(PR_Unlock, lock);
+    abort();
+    return PR_FAILURE;
+}
+
+extern void
+PR_Lock_stub(PRLock *lock)
+{
+    STUB_SAFE_CALL1(PR_Lock, lock);
+    abort();
+    return;
+}
+
+extern void
+PR_DestroyLock_stub(PRLock *lock)
+{
+    STUB_SAFE_CALL1(PR_DestroyLock, lock);
+    abort();
+    return;
+}
+
+extern PRCondVar *
+PR_NewCondVar_stub(PRLock *lock)
+{
+    STUB_SAFE_CALL1(PR_NewCondVar, lock);
+    abort();
+    return NULL;
+}
+
+extern PRStatus
+PR_NotifyCondVar_stub(PRCondVar *cvar)
+{
+    STUB_SAFE_CALL1(PR_NotifyCondVar, cvar);
+    abort();
+    return PR_FAILURE;
+}
+
+extern PRStatus
+PR_NotifyAllCondVar_stub(PRCondVar *cvar)
+{
+    STUB_SAFE_CALL1(PR_NotifyAllCondVar, cvar);
+    abort();
+    return PR_FAILURE;
+}
+
+extern PRStatus
+PR_WaitCondVar_stub(PRCondVar *cvar, PRIntervalTime timeout)
+{
+    STUB_SAFE_CALL2(PR_WaitCondVar, cvar, timeout);
+    abort();
+    return PR_FAILURE;
+}
+
+extern char *
+PR_GetEnvSecure_stub(const char *var)
+{
+    STUB_SAFE_CALL1(PR_GetEnvSecure, var);
+    abort();
+    return NULL;
+}
+
+extern void
+PR_DestroyCondVar_stub(PRCondVar *cvar)
+{
+    STUB_SAFE_CALL1(PR_DestroyCondVar, cvar);
+    abort();
+    return;
+}
+
+/*
+ * NOTE: this presupposes GCC 4.1
+ */
+extern PRStatus
+PR_CallOnce_stub(PRCallOnceType *once, PRCallOnceFN func)
+{
+    STUB_SAFE_CALL2(PR_CallOnce, once, func);
+    abort();
+    return PR_FAILURE;
+}
+
+/*
+ * SECITEMS implement Item Utilities
+ */
+extern void
+SECITEM_FreeItem_stub(SECItem *zap, PRBool freeit)
+{
+    STUB_SAFE_CALL2(SECITEM_FreeItem_Util, zap, freeit);
+    abort();
+}
+
+extern SECItem *
+SECITEM_AllocItem_stub(PLArenaPool *arena, SECItem *item, unsigned int len)
+{
+    STUB_SAFE_CALL3(SECITEM_AllocItem_Util, arena, item, len);
+    abort();
+    return NULL;
+}
+
+extern SECComparison
+SECITEM_CompareItem_stub(const SECItem *a, const SECItem *b)
+{
+    STUB_SAFE_CALL2(SECITEM_CompareItem_Util, a, b);
+    abort();
+    return SECEqual;
+}
+
+extern SECStatus
+SECITEM_CopyItem_stub(PLArenaPool *arena, SECItem *to, const SECItem *from)
+{
+    STUB_SAFE_CALL3(SECITEM_CopyItem_Util, arena, to, from);
+    abort();
+    return SECFailure;
+}
+
+extern SECOidTag
+SECOID_FindOIDTag_stub(const SECItem *oid)
+{
+    STUB_SAFE_CALL1(SECOID_FindOIDTag_Util, oid);
+    abort();
+    return SEC_OID_UNKNOWN;
+}
+
+extern void
+SECITEM_ZfreeItem_stub(SECItem *zap, PRBool freeit)
+{
+    STUB_SAFE_CALL2(SECITEM_ZfreeItem_Util, zap, freeit);
+    abort();
+}
+
+extern int
+NSS_SecureMemcmp_stub(const void *a, const void *b, size_t n)
+{
+    STUB_SAFE_CALL3(NSS_SecureMemcmp, a, b, n);
+    abort();
+}
+
+#ifdef FREEBL_NO_WEAK
+
+static const char *nsprLibName = SHLIB_PREFIX "nspr4." SHLIB_SUFFIX;
+static const char *nssutilLibName = SHLIB_PREFIX "nssutil3." SHLIB_SUFFIX;
+
+static SECStatus
+freebl_InitNSPR(void *lib)
+{
+    STUB_FETCH_FUNCTION(PR_Free);
+    STUB_FETCH_FUNCTION(PR_Open);
+    STUB_FETCH_FUNCTION(PR_ImportPipe);
+    STUB_FETCH_FUNCTION(PR_Close);
+    STUB_FETCH_FUNCTION(PR_Read);
+    STUB_FETCH_FUNCTION(PR_Seek);
+    STUB_FETCH_FUNCTION(PR_GetLibraryFilePathname);
+    STUB_FETCH_FUNCTION(PR_Assert);
+    STUB_FETCH_FUNCTION(PR_Access);
+    STUB_FETCH_FUNCTION(PR_Sleep);
+    STUB_FETCH_FUNCTION(PR_CallOnce);
+    STUB_FETCH_FUNCTION(PR_NewCondVar);
+    STUB_FETCH_FUNCTION(PR_NotifyCondVar);
+    STUB_FETCH_FUNCTION(PR_NotifyAllCondVar);
+    STUB_FETCH_FUNCTION(PR_WaitCondVar);
+    STUB_FETCH_FUNCTION(PR_DestroyCondVar);
+    STUB_FETCH_FUNCTION(PR_NewLock);
+    STUB_FETCH_FUNCTION(PR_Unlock);
+    STUB_FETCH_FUNCTION(PR_Lock);
+    STUB_FETCH_FUNCTION(PR_DestroyLock);
+    STUB_FETCH_FUNCTION(PR_GetEnvSecure);
+    return SECSuccess;
+}
+
+static SECStatus
+freebl_InitNSSUtil(void *lib)
+{
+    STUB_FETCH_FUNCTION(PORT_Alloc_Util);
+    STUB_FETCH_FUNCTION(PORT_Free_Util);
+    STUB_FETCH_FUNCTION(PORT_ZAlloc_Util);
+    STUB_FETCH_FUNCTION(PORT_ZFree_Util);
+    STUB_FETCH_FUNCTION(PORT_NewArena_Util);
+    STUB_FETCH_FUNCTION(PORT_ArenaAlloc_Util);
+    STUB_FETCH_FUNCTION(PORT_ArenaZAlloc_Util);
+    STUB_FETCH_FUNCTION(PORT_FreeArena_Util);
+    STUB_FETCH_FUNCTION(PORT_GetError_Util);
+    STUB_FETCH_FUNCTION(PORT_SetError_Util);
+    STUB_FETCH_FUNCTION(SECITEM_FreeItem_Util);
+    STUB_FETCH_FUNCTION(SECITEM_AllocItem_Util);
+    STUB_FETCH_FUNCTION(SECITEM_CompareItem_Util);
+    STUB_FETCH_FUNCTION(SECITEM_CopyItem_Util);
+    STUB_FETCH_FUNCTION(SECITEM_ZfreeItem_Util);
+    STUB_FETCH_FUNCTION(SECOID_FindOIDTag_Util);
+    STUB_FETCH_FUNCTION(NSS_SecureMemcmp);
+    return SECSuccess;
+}
+
+/*
+ * fetch the library if it's loaded. For NSS it should already be loaded
+ */
+#define freebl_getLibrary(libName) \
+    dlopen(libName, RTLD_LAZY | RTLD_NOLOAD)
+
+#define freebl_releaseLibrary(lib) \
+    if (lib)                       \
+    dlclose(lib)
+
+static void *FREEBLnsprGlobalLib = NULL;
+static void *FREEBLnssutilGlobalLib = NULL;
+
+void __attribute((destructor)) FREEBL_unload()
+{
+    freebl_releaseLibrary(FREEBLnsprGlobalLib);
+    freebl_releaseLibrary(FREEBLnssutilGlobalLib);
+}
+#endif
+
+/*
+ * load the symbols from the real libraries if available.
+ *
+ * if force is set, explicitly load the libraries if they are not already
+ * loaded. If we could not use the real libraries, return failure.
+ */
+extern SECStatus
+FREEBL_InitStubs()
+{
+    SECStatus rv = SECSuccess;
+#ifdef FREEBL_NO_WEAK
+    void *nspr = NULL;
+    void *nssutil = NULL;
+
+    /* NSPR should be first */
+    if (!FREEBLnsprGlobalLib) {
+        nspr = freebl_getLibrary(nsprLibName);
+        if (!nspr) {
+            return SECFailure;
+        }
+        rv = freebl_InitNSPR(nspr);
+        if (rv != SECSuccess) {
+            freebl_releaseLibrary(nspr);
+            return rv;
+        }
+        FREEBLnsprGlobalLib = nspr; /* adopt */
+    }
+    /* now load NSSUTIL */
+    if (!FREEBLnssutilGlobalLib) {
+        nssutil = freebl_getLibrary(nssutilLibName);
+        if (!nssutil) {
+            return SECFailure;
+        }
+        rv = freebl_InitNSSUtil(nssutil);
+        if (rv != SECSuccess) {
+            freebl_releaseLibrary(nssutil);
+            return rv;
+        }
+        FREEBLnssutilGlobalLib = nssutil; /* adopt */
+    }
+#endif
+
+    return rv;
+}
diff --git a/nss/lib/freebl/stubs.h b/nss/lib/freebl/stubs.h
new file mode 100644
index 0000000..25ec394
--- /dev/null
+++ b/nss/lib/freebl/stubs.h
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Allow freebl and softoken to be loaded without util or NSPR.
+ *
+ * These symbols are overridden once real NSPR, and libutil are attached.
+ */
+
+#ifndef _STUBS_H
+#define _STUBS_H_ 1
+
+#ifdef _LIBUTIL_H_
+/* must be included before util */
+/*#error stubs.h included too late */
+#define MP_DIGITES(x) "stubs included too late"
+#endif
+
+/* hide libutil rename */
+#define _LIBUTIL_H_ 1
+
+#define PORT_Alloc PORT_Alloc_stub
+#define PORT_ArenaAlloc PORT_ArenaAlloc_stub
+#define PORT_ArenaZAlloc PORT_ArenaZAlloc_stub
+#define PORT_Free PORT_Free_stub
+#define PORT_FreeArena PORT_FreeArena_stub
+#define PORT_GetError PORT_GetError_stub
+#define PORT_NewArena PORT_NewArena_stub
+#define PORT_SetError PORT_SetError_stub
+#define PORT_ZAlloc PORT_ZAlloc_stub
+#define PORT_ZFree PORT_ZFree_stub
+
+#define SECITEM_AllocItem SECITEM_AllocItem_stub
+#define SECITEM_CompareItem SECITEM_CompareItem_stub
+#define SECITEM_CopyItem SECITEM_CopyItem_stub
+#define SECITEM_FreeItem SECITEM_FreeItem_stub
+#define SECITEM_ZfreeItem SECITEM_ZfreeItem_stub
+#define SECOID_FindOIDTag SECOID_FindOIDTag_stub
+#define NSS_SecureMemcmp NSS_SecureMemcmp_stub
+
+#define PR_Assert PR_Assert_stub
+#define PR_Access PR_Access_stub
+#define PR_CallOnce PR_CallOnce_stub
+#define PR_Close PR_Close_stub
+#define PR_DestroyCondVar PR_DestroyCondVar_stub
+#define PR_DestroyLock PR_DestroyLock_stub
+#define PR_Free PR_Free_stub
+#define PR_GetLibraryFilePathname PR_GetLibraryFilePathname_stub
+#define PR_ImportPipe PR_ImportPipe_stub
+#define PR_Lock PR_Lock_stub
+#define PR_NewCondVar PR_NewCondVar_stub
+#define PR_NewLock PR_NewLock_stub
+#define PR_NotifyCondVar PR_NotifyCondVar_stub
+#define PR_NotifyAllCondVar PR_NotifyAllCondVar_stub
+#define PR_Open PR_Open_stub
+#define PR_Read PR_Read_stub
+#define PR_Seek PR_Seek_stub
+#define PR_Sleep PR_Sleep_stub
+#define PR_Unlock PR_Unlock_stub
+#define PR_WaitCondVar PR_WaitCondVar_stub
+#define PR_GetEnvSecure PR_GetEnvSecure_stub
+
+extern int FREEBL_InitStubs(void);
+
+#endif
diff --git a/nss/lib/freebl/sysrand.c b/nss/lib/freebl/sysrand.c
new file mode 100644
index 0000000..1b6cbdf
--- /dev/null
+++ b/nss/lib/freebl/sysrand.c
@@ -0,0 +1,16 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "seccomon.h"
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+#include "unix_rand.c"
+#endif
+#ifdef XP_WIN
+#include "win_rand.c"
+#endif
diff --git a/nss/lib/freebl/tlsprfalg.c b/nss/lib/freebl/tlsprfalg.c
new file mode 100644
index 0000000..1e5e678
--- /dev/null
+++ b/nss/lib/freebl/tlsprfalg.c
@@ -0,0 +1,134 @@
+/* tlsprfalg.c - TLS Pseudo Random Function (PRF) implementation
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+
+#include "blapi.h"
+#include "hasht.h"
+#include "alghmac.h"
+
+#define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX
+
+/* TLS P_hash function */
+SECStatus
+TLS_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label,
+           SECItem *seed, SECItem *result, PRBool isFIPS)
+{
+    unsigned char state[PHASH_STATE_MAX_LEN];
+    unsigned char outbuf[PHASH_STATE_MAX_LEN];
+    unsigned int state_len = 0, label_len = 0, outbuf_len = 0, chunk_size;
+    unsigned int remaining;
+    unsigned char *res;
+    SECStatus status;
+    HMACContext *cx;
+    SECStatus rv = SECFailure;
+    const SECHashObject *hashObj = HASH_GetRawHashObject(hashType);
+
+    PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
+    PORT_Assert((seed != NULL) && (seed->data != NULL));
+    PORT_Assert((result != NULL) && (result->data != NULL));
+
+    remaining = result->len;
+    res = result->data;
+
+    if (label != NULL)
+        label_len = PORT_Strlen(label);
+
+    cx = HMAC_Create(hashObj, secret->data, secret->len, isFIPS);
+    if (cx == NULL)
+        goto loser;
+
+    /* initialize the state = A(1) = HMAC_hash(secret, seed) */
+    HMAC_Begin(cx);
+    HMAC_Update(cx, (unsigned char *)label, label_len);
+    HMAC_Update(cx, seed->data, seed->len);
+    status = HMAC_Finish(cx, state, &state_len, sizeof(state));
+    if (status != SECSuccess)
+        goto loser;
+
+    /* generate a block at a time until we're done */
+    while (remaining > 0) {
+
+        HMAC_Begin(cx);
+        HMAC_Update(cx, state, state_len);
+        if (label_len)
+            HMAC_Update(cx, (unsigned char *)label, label_len);
+        HMAC_Update(cx, seed->data, seed->len);
+        status = HMAC_Finish(cx, outbuf, &outbuf_len, sizeof(outbuf));
+        if (status != SECSuccess)
+            goto loser;
+
+        /* Update the state = A(i) = HMAC_hash(secret, A(i-1)) */
+        HMAC_Begin(cx);
+        HMAC_Update(cx, state, state_len);
+        status = HMAC_Finish(cx, state, &state_len, sizeof(state));
+        if (status != SECSuccess)
+            goto loser;
+
+        chunk_size = PR_MIN(outbuf_len, remaining);
+        PORT_Memcpy(res, &outbuf, chunk_size);
+        res += chunk_size;
+        remaining -= chunk_size;
+    }
+
+    rv = SECSuccess;
+
+loser:
+    /* clear out state so it's not left on the stack */
+    if (cx)
+        HMAC_Destroy(cx, PR_TRUE);
+    PORT_Memset(state, 0, sizeof(state));
+    PORT_Memset(outbuf, 0, sizeof(outbuf));
+    return rv;
+}
+
+SECStatus
+TLS_PRF(const SECItem *secret, const char *label, SECItem *seed,
+        SECItem *result, PRBool isFIPS)
+{
+    SECStatus rv = SECFailure, status;
+    unsigned int i;
+    SECItem tmp = { siBuffer, NULL, 0 };
+    SECItem S1;
+    SECItem S2;
+
+    PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
+    PORT_Assert((seed != NULL) && (seed->data != NULL));
+    PORT_Assert((result != NULL) && (result->data != NULL));
+
+    S1.type = siBuffer;
+    S1.len = (secret->len / 2) + (secret->len & 1);
+    S1.data = secret->data;
+
+    S2.type = siBuffer;
+    S2.len = S1.len;
+    S2.data = secret->data + (secret->len - S2.len);
+
+    tmp.data = (unsigned char *)PORT_Alloc(result->len);
+    if (tmp.data == NULL)
+        goto loser;
+    tmp.len = result->len;
+
+    status = TLS_P_hash(HASH_AlgMD5, &S1, label, seed, result, isFIPS);
+    if (status != SECSuccess)
+        goto loser;
+
+    status = TLS_P_hash(HASH_AlgSHA1, &S2, label, seed, &tmp, isFIPS);
+    if (status != SECSuccess)
+        goto loser;
+
+    for (i = 0; i < result->len; i++)
+        result->data[i] ^= tmp.data[i];
+
+    rv = SECSuccess;
+
+loser:
+    if (tmp.data != NULL)
+        PORT_ZFree(tmp.data, tmp.len);
+    return rv;
+}
diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c
new file mode 100644
index 0000000..775e117
--- /dev/null
+++ b/nss/lib/freebl/unix_rand.c
@@ -0,0 +1,1083 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <unistd.h>
+#include <limits.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include "secrng.h"
+#include "secerr.h"
+#include "prerror.h"
+#include "prthread.h"
+#include "prprf.h"
+#include "prenv.h"
+
+size_t RNG_FileUpdate(const char *fileName, size_t limit);
+
+/*
+ * When copying data to the buffer we want the least signicant bytes
+ * from the input since those bits are changing the fastest. The address
+ * of least significant byte depends upon whether we are running on
+ * a big-endian or little-endian machine.
+ *
+ * Does this mean the least signicant bytes are the most significant
+ * to us? :-)
+ */
+
+static size_t
+CopyLowBits(void *dst, size_t dstlen, void *src, size_t srclen)
+{
+    union endianness {
+        PRInt32 i;
+        char c[4];
+    } u;
+
+    if (srclen <= dstlen) {
+        memcpy(dst, src, srclen);
+        return srclen;
+    }
+    u.i = 0x01020304;
+    if (u.c[0] == 0x01) {
+        /* big-endian case */
+        memcpy(dst, (char *)src + (srclen - dstlen), dstlen);
+    } else {
+        /* little-endian case */
+        memcpy(dst, src, dstlen);
+    }
+    return dstlen;
+}
+
+#ifdef SOLARIS
+
+#include <kstat.h>
+
+static const PRUint32 entropy_buf_len = 4096; /* buffer up to 4 KB */
+
+/* Buffer entropy data, and feed it to the RNG, entropy_buf_len bytes at a time.
+ * Returns error if RNG_RandomUpdate fails. Also increments *total_fed
+ * by the number of bytes successfully buffered.
+ */
+static SECStatus
+BufferEntropy(char *inbuf, PRUint32 inlen,
+              char *entropy_buf, PRUint32 *entropy_buffered,
+              PRUint32 *total_fed)
+{
+    PRUint32 tocopy = 0;
+    PRUint32 avail = 0;
+    SECStatus rv = SECSuccess;
+
+    while (inlen) {
+        avail = entropy_buf_len - *entropy_buffered;
+        if (!avail) {
+            /* Buffer is full, time to feed it to the RNG. */
+            rv = RNG_RandomUpdate(entropy_buf, entropy_buf_len);
+            if (SECSuccess != rv) {
+                break;
+            }
+            *entropy_buffered = 0;
+            avail = entropy_buf_len;
+        }
+        tocopy = PR_MIN(avail, inlen);
+        memcpy(entropy_buf + *entropy_buffered, inbuf, tocopy);
+        *entropy_buffered += tocopy;
+        inlen -= tocopy;
+        inbuf += tocopy;
+        *total_fed += tocopy;
+    }
+    return rv;
+}
+
+/* Feed kernel statistics structures and ks_data field to the RNG.
+ * Returns status as well as the number of bytes successfully fed to the RNG.
+ */
+static SECStatus
+RNG_kstat(PRUint32 *fed)
+{
+    kstat_ctl_t *kc = NULL;
+    kstat_t *ksp = NULL;
+    PRUint32 entropy_buffered = 0;
+    char *entropy_buf = NULL;
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(fed);
+    if (!fed) {
+        return SECFailure;
+    }
+    *fed = 0;
+
+    kc = kstat_open();
+    PORT_Assert(kc);
+    if (!kc) {
+        return SECFailure;
+    }
+    entropy_buf = (char *)PORT_Alloc(entropy_buf_len);
+    PORT_Assert(entropy_buf);
+    if (entropy_buf) {
+        for (ksp = kc->kc_chain; ksp != NULL; ksp = ksp->ks_next) {
+            if (-1 == kstat_read(kc, ksp, NULL)) {
+                /* missing data from a single kstat shouldn't be fatal */
+                continue;
+            }
+            rv = BufferEntropy((char *)ksp, sizeof(kstat_t),
+                               entropy_buf, &entropy_buffered,
+                               fed);
+            if (SECSuccess != rv) {
+                break;
+            }
+
+            if (ksp->ks_data && ksp->ks_data_size > 0 && ksp->ks_ndata > 0) {
+                rv = BufferEntropy((char *)ksp->ks_data, ksp->ks_data_size,
+                                   entropy_buf, &entropy_buffered,
+                                   fed);
+                if (SECSuccess != rv) {
+                    break;
+                }
+            }
+        }
+        if (SECSuccess == rv && entropy_buffered) {
+            /* Buffer is not empty, time to feed it to the RNG */
+            rv = RNG_RandomUpdate(entropy_buf, entropy_buffered);
+        }
+        PORT_Free(entropy_buf);
+    } else {
+        rv = SECFailure;
+    }
+    if (kstat_close(kc)) {
+        PORT_Assert(0);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+#endif
+
+#if defined(SCO) || defined(UNIXWARE) || defined(BSDI) || defined(FREEBSD) || defined(NETBSD) || defined(DARWIN) || defined(OPENBSD) || defined(NTO) || defined(__riscos__) || defined(__GNU__) || defined(__FreeBSD_kernel__) || defined(__NetBSD_kernel__)
+#include <sys/times.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    int ticks;
+    struct tms buffer;
+
+    ticks = times(&buffer);
+    return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
+}
+
+static void
+GiveSystemInfo(void)
+{
+    long si;
+
+    /*
+     * Is this really necessary?  Why not use rand48 or something?
+     */
+    si = sysconf(_SC_CHILD_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+
+    si = sysconf(_SC_STREAM_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+
+    si = sysconf(_SC_OPEN_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+}
+#endif
+
+#if defined(__sun)
+#if defined(__svr4) || defined(SVR4)
+#include <sys/systeminfo.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+}
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    hrtime_t t;
+    t = gethrtime();
+    if (t) {
+        return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+    }
+    return 0;
+}
+#else /* SunOS (Sun, but not SVR4) */
+
+extern long sysconf(int name);
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    long si;
+
+    /* This is not very good */
+    si = sysconf(_SC_CHILD_MAX);
+    RNG_RandomUpdate(&si, sizeof(si));
+}
+#endif
+#endif /* Sun */
+
+#if defined(__hpux)
+#include <sys/unistd.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+#if defined(__ia64)
+#include <ia64/sys/inline.h>
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    PRUint64 t;
+
+    t = _Asm_mov_from_ar(_AREG44);
+    return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+}
+#else
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    extern int ret_cr16();
+    int cr16val;
+
+    cr16val = ret_cr16();
+    return CopyLowBits(buf, maxbytes, &cr16val, sizeof(cr16val));
+}
+#endif
+
+static void
+GiveSystemInfo(void)
+{
+    long si;
+
+    /* This is not very good */
+    si = sysconf(_AES_OS_VERSION);
+    RNG_RandomUpdate(&si, sizeof(si));
+    si = sysconf(_SC_CPU_VERSION);
+    RNG_RandomUpdate(&si, sizeof(si));
+}
+#endif /* HPUX */
+
+#if defined(OSF1)
+#include <sys/types.h>
+#include <sys/sysinfo.h>
+#include <sys/systeminfo.h>
+#include <c_asm.h>
+
+static void
+GiveSystemInfo(void)
+{
+    char buf[BUFSIZ];
+    int rv;
+    int off = 0;
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+}
+
+/*
+ * Use the "get the cycle counter" instruction on the alpha.
+ * The low 32 bits completely turn over in less than a minute.
+ * The high 32 bits are some non-counter gunk that changes sometimes.
+ */
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    unsigned long t;
+
+    t = asm("rpcc %v0");
+    return CopyLowBits(buf, maxbytes, &t, sizeof(t));
+}
+
+#endif /* Alpha */
+
+#if defined(_IBMR2)
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    /* XXX haven't found any yet! */
+}
+#endif /* IBM R2 */
+
+#if defined(LINUX)
+#include <sys/sysinfo.h>
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+#ifndef NO_SYSINFO
+    struct sysinfo si;
+    if (sysinfo(&si) == 0) {
+        RNG_RandomUpdate(&si, sizeof(si));
+    }
+#endif
+}
+#endif /* LINUX */
+
+#if defined(NCR)
+
+#include <sys/utsname.h>
+#include <sys/systeminfo.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+}
+
+#endif /* NCR */
+
+#if defined(sgi)
+#include <fcntl.h>
+#undef PRIVATE
+#include <sys/mman.h>
+#include <sys/syssgi.h>
+#include <sys/immu.h>
+#include <sys/systeminfo.h>
+#include <sys/utsname.h>
+#include <wait.h>
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[4096];
+
+    rv = syssgi(SGI_SYSID, &buf[0]);
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, MAXSYSIDSIZE);
+    }
+#ifdef SGI_RDUBLK
+    rv = syssgi(SGI_RDUBLK, getpid(), &buf[0], sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, sizeof(buf));
+    }
+#endif /* SGI_RDUBLK */
+    rv = syssgi(SGI_INVENT, SGI_INV_READ, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, sizeof(buf));
+    }
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+}
+
+static size_t
+GetHighResClock(void *buf, size_t maxbuf)
+{
+    unsigned phys_addr, raddr, cycleval;
+    static volatile unsigned *iotimer_addr = NULL;
+    static int tries = 0;
+    static int cntr_size;
+    int mfd;
+    long s0[2];
+    struct timeval tv;
+
+#ifndef SGI_CYCLECNTR_SIZE
+#define SGI_CYCLECNTR_SIZE 165 /* Size user needs to use to read CC */
+#endif
+
+    if (iotimer_addr == NULL) {
+        if (tries++ > 1) {
+            /* Don't keep trying if it didn't work */
+            return 0;
+        }
+
+        /*
+        ** For SGI machines we can use the cycle counter, if it has one,
+        ** to generate some truly random numbers
+        */
+        phys_addr = syssgi(SGI_QUERY_CYCLECNTR, &cycleval);
+        if (phys_addr) {
+            int pgsz = getpagesize();
+            int pgoffmask = pgsz - 1;
+
+            raddr = phys_addr & ~pgoffmask;
+            mfd = open("/dev/mmem", O_RDONLY);
+            if (mfd < 0) {
+                return 0;
+            }
+            iotimer_addr = (unsigned *)
+                mmap(0, pgoffmask, PROT_READ, MAP_PRIVATE, mfd, (int)raddr);
+            if (iotimer_addr == (void *)-1) {
+                close(mfd);
+                iotimer_addr = NULL;
+                return 0;
+            }
+            iotimer_addr = (unsigned *)((__psint_t)iotimer_addr | (phys_addr & pgoffmask));
+            /*
+             * The file 'mfd' is purposefully not closed.
+             */
+            cntr_size = syssgi(SGI_CYCLECNTR_SIZE);
+            if (cntr_size < 0) {
+                struct utsname utsinfo;
+
+                /*
+                 * We must be executing on a 6.0 or earlier system, since the
+                 * SGI_CYCLECNTR_SIZE call is not supported.
+                 *
+                 * The only pre-6.1 platforms with 64-bit counters are
+                 * IP19 and IP21 (Challenge, PowerChallenge, Onyx).
+                 */
+                uname(&utsinfo);
+                if (!strncmp(utsinfo.machine, "IP19", 4) ||
+                    !strncmp(utsinfo.machine, "IP21", 4))
+                    cntr_size = 64;
+                else
+                    cntr_size = 32;
+            }
+            cntr_size /= 8; /* Convert from bits to bytes */
+        }
+    }
+
+    s0[0] = *iotimer_addr;
+    if (cntr_size > 4)
+        s0[1] = *(iotimer_addr + 1);
+    memcpy(buf, (char *)&s0[0], cntr_size);
+    return CopyLowBits(buf, maxbuf, &s0, cntr_size);
+}
+#endif
+
+#if defined(sony)
+#include <sys/systeminfo.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+}
+#endif /* sony */
+
+#if defined(sinix)
+#include <sys/systeminfo.h>
+#include <sys/times.h>
+
+int gettimeofday(struct timeval *, struct timezone *);
+int gethostname(char *, int);
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    int ticks;
+    struct tms buffer;
+
+    ticks = times(&buffer);
+    return CopyLowBits(buf, maxbytes, &ticks, sizeof(ticks));
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+}
+#endif /* sinix */
+
+#ifdef BEOS
+#include <be/kernel/OS.h>
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    bigtime_t bigtime; /* Actually a int64 */
+
+    bigtime = real_time_clock_usecs();
+    return CopyLowBits(buf, maxbytes, &bigtime, sizeof(bigtime));
+}
+
+static void
+GiveSystemInfo(void)
+{
+    system_info *info = NULL;
+    PRInt32 val;
+    get_system_info(info);
+    if (info) {
+        val = info->boot_time;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_pages;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_ports;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_threads;
+        RNG_RandomUpdate(&val, sizeof(val));
+        val = info->used_teams;
+        RNG_RandomUpdate(&val, sizeof(val));
+    }
+}
+#endif /* BEOS */
+
+#if defined(nec_ews)
+#include <sys/systeminfo.h>
+
+#define getdtablesize() sysconf(_SC_OPEN_MAX)
+
+static size_t
+GetHighResClock(void *buf, size_t maxbytes)
+{
+    return 0;
+}
+
+static void
+GiveSystemInfo(void)
+{
+    int rv;
+    char buf[2000];
+
+    rv = sysinfo(SI_MACHINE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+    rv = sysinfo(SI_HW_SERIAL, buf, sizeof(buf));
+    if (rv > 0) {
+        RNG_RandomUpdate(buf, rv);
+    }
+}
+#endif /* nec_ews */
+
+size_t
+RNG_GetNoise(void *buf, size_t maxbytes)
+{
+    struct timeval tv;
+    int n = 0;
+    int c;
+
+    n = GetHighResClock(buf, maxbytes);
+    maxbytes -= n;
+
+    (void)gettimeofday(&tv, 0);
+    c = CopyLowBits((char *)buf + n, maxbytes, &tv.tv_usec, sizeof(tv.tv_usec));
+    n += c;
+    maxbytes -= c;
+    c = CopyLowBits((char *)buf + n, maxbytes, &tv.tv_sec, sizeof(tv.tv_sec));
+    n += c;
+    return n;
+}
+
+#define SAFE_POPEN_MAXARGS 10 /* must be at least 2 */
+
+/*
+ * safe_popen is static to this module and we know what arguments it is
+ * called with. Note that this version only supports a single open child
+ * process at any time.
+ */
+static pid_t safe_popen_pid;
+static struct sigaction oldact;
+
+static FILE *
+safe_popen(char *cmd)
+{
+    int p[2], fd, argc;
+    pid_t pid;
+    char *argv[SAFE_POPEN_MAXARGS + 1];
+    FILE *fp;
+    static char blank[] = " \t";
+    static struct sigaction newact;
+
+    if (pipe(p) < 0)
+        return 0;
+
+    fp = fdopen(p[0], "r");
+    if (fp == 0) {
+        close(p[0]);
+        close(p[1]);
+        return 0;
+    }
+
+    /* Setup signals so that SIGCHLD is ignored as we want to do waitpid */
+    newact.sa_handler = SIG_DFL;
+    newact.sa_flags = 0;
+    sigfillset(&newact.sa_mask);
+    sigaction(SIGCHLD, &newact, &oldact);
+
+    pid = fork();
+    switch (pid) {
+        int ndesc;
+
+        case -1:
+            fclose(fp); /* this closes p[0], the fd associated with fp */
+            close(p[1]);
+            sigaction(SIGCHLD, &oldact, NULL);
+            return 0;
+
+        case 0:
+            /* dup write-side of pipe to stderr and stdout */
+            if (p[1] != 1)
+                dup2(p[1], 1);
+            if (p[1] != 2)
+                dup2(p[1], 2);
+
+            /*
+             * close the other file descriptors, except stdin which we
+             * try reassociating with /dev/null, first (bug 174993)
+             */
+            if (!freopen("/dev/null", "r", stdin))
+                close(0);
+            ndesc = getdtablesize();
+            for (fd = PR_MIN(65536, ndesc); --fd > 2; close(fd))
+                ;
+
+            /* clean up environment in the child process */
+            putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin:/etc:/usr/etc");
+            putenv("SHELL=/bin/sh");
+            putenv("IFS= \t");
+
+            /*
+             * The caller may have passed us a string that is in text
+             * space. It may be illegal to modify the string
+             */
+            cmd = strdup(cmd);
+            /* format argv */
+            argv[0] = strtok(cmd, blank);
+            argc = 1;
+            while ((argv[argc] = strtok(0, blank)) != 0) {
+                if (++argc == SAFE_POPEN_MAXARGS) {
+                    argv[argc] = 0;
+                    break;
+                }
+            }
+
+            /* and away we go */
+            execvp(argv[0], argv);
+            exit(127);
+            break;
+
+        default:
+            close(p[1]);
+            break;
+    }
+
+    /* non-zero means there's a cmd running */
+    safe_popen_pid = pid;
+    return fp;
+}
+
+static int
+safe_pclose(FILE *fp)
+{
+    pid_t pid;
+    int status = -1, rv;
+
+    if ((pid = safe_popen_pid) == 0)
+        return -1;
+    safe_popen_pid = 0;
+
+    fclose(fp);
+
+    /* yield the processor so the child gets some time to exit normally */
+    PR_Sleep(PR_INTERVAL_NO_WAIT);
+
+    /* if the child hasn't exited, kill it -- we're done with its output */
+    while ((rv = waitpid(pid, &status, WNOHANG)) == -1 && errno == EINTR)
+        ;
+    if (rv == 0) {
+        kill(pid, SIGKILL);
+        while ((rv = waitpid(pid, &status, 0)) == -1 && errno == EINTR)
+            ;
+    }
+
+    /* Reset SIGCHLD signal hander before returning */
+    sigaction(SIGCHLD, &oldact, NULL);
+
+    return status;
+}
+
+#ifdef DARWIN
+#include <TargetConditionals.h>
+#if !TARGET_OS_IPHONE
+#include <crt_externs.h>
+#endif
+#endif
+
+/* Fork netstat to collect its output by default. Do not unset this unless
+ * another source of entropy is available
+ */
+#define DO_NETSTAT 1
+
+void
+RNG_SystemInfoForRNG(void)
+{
+    FILE *fp;
+    char buf[BUFSIZ];
+    size_t bytes;
+    const char *const *cp;
+    char *randfile;
+#ifdef DARWIN
+#if TARGET_OS_IPHONE
+    /* iOS does not expose a way to access environ. */
+    char **environ = NULL;
+#else
+    char **environ = *_NSGetEnviron();
+#endif
+#else
+    extern char **environ;
+#endif
+#ifdef BEOS
+    static const char *const files[] = {
+        "/boot/var/swap",
+        "/boot/var/log/syslog",
+        "/boot/var/tmp",
+        "/boot/home/config/settings",
+        "/boot/home",
+        0
+    };
+#else
+    static const char *const files[] = {
+        "/etc/passwd",
+        "/etc/utmp",
+        "/tmp",
+        "/var/tmp",
+        "/usr/tmp",
+        0
+    };
+#endif
+
+#if defined(BSDI)
+    static char netstat_ni_cmd[] = "netstat -nis";
+#else
+    static char netstat_ni_cmd[] = "netstat -ni";
+#endif
+
+    GiveSystemInfo();
+
+    bytes = RNG_GetNoise(buf, sizeof(buf));
+    RNG_RandomUpdate(buf, bytes);
+
+    /*
+     * Pass the C environment and the addresses of the pointers to the
+     * hash function. This makes the random number function depend on the
+     * execution environment of the user and on the platform the program
+     * is running on.
+     */
+    if (environ != NULL) {
+        cp = (const char *const *)environ;
+        while (*cp) {
+            RNG_RandomUpdate(*cp, strlen(*cp));
+            cp++;
+        }
+        RNG_RandomUpdate(environ, (char *)cp - (char *)environ);
+    }
+
+    /* Give in system information */
+    if (gethostname(buf, sizeof(buf)) == 0) {
+        RNG_RandomUpdate(buf, strlen(buf));
+    }
+    GiveSystemInfo();
+
+    /* grab some data from system's PRNG before any other files. */
+    bytes = RNG_FileUpdate("/dev/urandom", SYSTEM_RNG_SEED_COUNT);
+    if (!bytes) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+    }
+
+    /* If the user points us to a random file, pass it through the rng */
+    randfile = PR_GetEnvSecure("NSRANDFILE");
+    if ((randfile != NULL) && (randfile[0] != '\0')) {
+        char *randCountString = PR_GetEnvSecure("NSRANDCOUNT");
+        int randCount = randCountString ? atoi(randCountString) : 0;
+        if (randCount != 0) {
+            RNG_FileUpdate(randfile, randCount);
+        } else {
+            RNG_FileForRNG(randfile);
+        }
+    }
+
+    /* pass other files through */
+    for (cp = files; *cp; cp++)
+        RNG_FileForRNG(*cp);
+
+/*
+ * Bug 100447: On BSD/OS 4.2 and 4.3, we have problem calling safe_popen
+ * in a pthreads environment.  Therefore, we call safe_popen last and on
+ * BSD/OS we do not call safe_popen when we succeeded in getting data
+ * from /dev/urandom.
+ *
+ * Bug 174993: On platforms providing /dev/urandom, don't fork netstat
+ * either, if data has been gathered successfully.
+ */
+
+#if defined(BSDI) || defined(FREEBSD) || defined(NETBSD) || defined(OPENBSD) || defined(DARWIN) || defined(LINUX) || defined(HPUX)
+    if (bytes)
+        return;
+#endif
+
+#ifdef SOLARIS
+
+/*
+ * On Solaris, NSS may be initialized automatically from libldap in
+ * applications that are unaware of the use of NSS. safe_popen forks, and
+ * sometimes creates issues with some applications' pthread_atfork handlers.
+ * We always have /dev/urandom on Solaris 9 and above as an entropy source,
+ * and for Solaris 8 we have the libkstat interface, so we don't need to
+ * fork netstat.
+ */
+
+#undef DO_NETSTAT
+    if (!bytes) {
+        /* On Solaris 8, /dev/urandom isn't available, so we use libkstat. */
+        PRUint32 kstat_bytes = 0;
+        if (SECSuccess != RNG_kstat(&kstat_bytes)) {
+            PORT_Assert(0);
+        }
+        bytes += kstat_bytes;
+        PORT_Assert(bytes);
+    }
+#endif
+
+#ifdef DO_NETSTAT
+    fp = safe_popen(netstat_ni_cmd);
+    if (fp != NULL) {
+        while ((bytes = fread(buf, 1, sizeof(buf), fp)) > 0)
+            RNG_RandomUpdate(buf, bytes);
+        safe_pclose(fp);
+    }
+#endif
+}
+
+#define TOTAL_FILE_LIMIT 1000000 /* one million */
+
+size_t
+RNG_FileUpdate(const char *fileName, size_t limit)
+{
+    FILE *file;
+    int fd;
+    int bytes;
+    size_t fileBytes = 0;
+    struct stat stat_buf;
+    unsigned char buffer[BUFSIZ];
+    static size_t totalFileBytes = 0;
+
+    /* suppress valgrind warnings due to holes in struct stat */
+    memset(&stat_buf, 0, sizeof(stat_buf));
+
+    if (stat((char *)fileName, &stat_buf) < 0)
+        return fileBytes;
+    RNG_RandomUpdate(&stat_buf, sizeof(stat_buf));
+
+    file = fopen(fileName, "r");
+    if (file != NULL) {
+        /* Read from the underlying file descriptor directly to bypass stdio
+         * buffering and avoid reading more bytes than we need from
+         * /dev/urandom. NOTE: we can't use fread with unbuffered I/O because
+         * fread may return EOF in unbuffered I/O mode on Android.
+         *
+         * Moreover, we read into a buffer of size BUFSIZ, so buffered I/O
+         * has no performance advantage. */
+        fd = fileno(file);
+        /* 'file' was just opened, so this should not fail. */
+        PORT_Assert(fd != -1);
+        while (limit > fileBytes && fd != -1) {
+            bytes = PR_MIN(sizeof buffer, limit - fileBytes);
+            bytes = read(fd, buffer, bytes);
+            if (bytes <= 0)
+                break;
+            RNG_RandomUpdate(buffer, bytes);
+            fileBytes += bytes;
+            totalFileBytes += bytes;
+            /* after TOTAL_FILE_LIMIT has been reached, only read in first
+            ** buffer of data from each subsequent file.
+            */
+            if (totalFileBytes > TOTAL_FILE_LIMIT)
+                break;
+        }
+        fclose(file);
+    }
+    /*
+     * Pass yet another snapshot of our highest resolution clock into
+     * the hash function.
+     */
+    bytes = RNG_GetNoise(buffer, sizeof(buffer));
+    RNG_RandomUpdate(buffer, bytes);
+    return fileBytes;
+}
+
+void
+RNG_FileForRNG(const char *fileName)
+{
+    RNG_FileUpdate(fileName, TOTAL_FILE_LIMIT);
+}
+
+#define _POSIX_PTHREAD_SEMANTICS
+#include <dirent.h>
+
+PRBool
+ReadFileOK(char *dir, char *file)
+{
+    struct stat stat_buf;
+    char filename[PATH_MAX];
+    int count = snprintf(filename, sizeof filename, "%s/%s", dir, file);
+
+    if (count <= 0) {
+        return PR_FALSE; /* name too long, can't read it anyway */
+    }
+
+    if (stat(filename, &stat_buf) < 0)
+        return PR_FALSE; /* can't stat, probably can't read it then as well */
+    return S_ISREG(stat_buf.st_mode) ? PR_TRUE : PR_FALSE;
+}
+
+size_t
+RNG_SystemRNG(void *dest, size_t maxLen)
+{
+    FILE *file;
+    int fd;
+    int bytes;
+    size_t fileBytes = 0;
+    unsigned char *buffer = dest;
+
+    file = fopen("/dev/urandom", "r");
+    if (file == NULL) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM);
+        return 0;
+    }
+    /* Read from the underlying file descriptor directly to bypass stdio
+     * buffering and avoid reading more bytes than we need from /dev/urandom.
+     * NOTE: we can't use fread with unbuffered I/O because fread may return
+     * EOF in unbuffered I/O mode on Android.
+     */
+    fd = fileno(file);
+    /* 'file' was just opened, so this should not fail. */
+    PORT_Assert(fd != -1);
+    while (maxLen > fileBytes && fd != -1) {
+        bytes = maxLen - fileBytes;
+        bytes = read(fd, buffer, bytes);
+        if (bytes <= 0)
+            break;
+        fileBytes += bytes;
+        buffer += bytes;
+    }
+    fclose(file);
+    if (fileBytes != maxLen) {
+        PORT_SetError(SEC_ERROR_NEED_RANDOM); /* system RNG failed */
+        fileBytes = 0;
+    }
+    return fileBytes;
+}
diff --git a/nss/lib/freebl/win_rand.c b/nss/lib/freebl/win_rand.c
new file mode 100644
index 0000000..b863776
--- /dev/null
+++ b/nss/lib/freebl/win_rand.c
@@ -0,0 +1,161 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secrng.h"
+
+#ifdef XP_WIN
+#include <windows.h>
+#include <time.h>
+
+static BOOL
+CurrentClockTickTime(LPDWORD lpdwHigh, LPDWORD lpdwLow)
+{
+    LARGE_INTEGER liCount;
+
+    if (!QueryPerformanceCounter(&liCount))
+        return FALSE;
+
+    *lpdwHigh = liCount.u.HighPart;
+    *lpdwLow = liCount.u.LowPart;
+    return TRUE;
+}
+
+size_t
+RNG_GetNoise(void *buf, size_t maxbuf)
+{
+    DWORD dwHigh, dwLow, dwVal;
+    int n = 0;
+    int nBytes;
+    time_t sTime;
+
+    if (maxbuf <= 0)
+        return 0;
+
+    CurrentClockTickTime(&dwHigh, &dwLow);
+
+    // get the maximally changing bits first
+    nBytes = sizeof(dwLow) > maxbuf ? maxbuf : sizeof(dwLow);
+    memcpy((char *)buf, &dwLow, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    nBytes = sizeof(dwHigh) > maxbuf ? maxbuf : sizeof(dwHigh);
+    memcpy(((char *)buf) + n, &dwHigh, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    // get the number of milliseconds that have elapsed since Windows started
+    dwVal = GetTickCount();
+
+    nBytes = sizeof(dwVal) > maxbuf ? maxbuf : sizeof(dwVal);
+    memcpy(((char *)buf) + n, &dwVal, nBytes);
+    n += nBytes;
+    maxbuf -= nBytes;
+
+    if (maxbuf <= 0)
+        return n;
+
+    // get the time in seconds since midnight Jan 1, 1970
+    time(&sTime);
+    nBytes = sizeof(sTime) > maxbuf ? maxbuf : sizeof(sTime);
+    memcpy(((char *)buf) + n, &sTime, nBytes);
+    n += nBytes;
+
+    return n;
+}
+
+void
+RNG_SystemInfoForRNG(void)
+{
+    DWORD dwVal;
+    char buffer[256];
+    int nBytes;
+    MEMORYSTATUS sMem;
+    HANDLE hVal;
+    DWORD dwSerialNum;
+    DWORD dwComponentLen;
+    DWORD dwSysFlags;
+    char volName[128];
+    DWORD dwSectors, dwBytes, dwFreeClusters, dwNumClusters;
+
+    nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
+    RNG_RandomUpdate(buffer, nBytes);
+
+    sMem.dwLength = sizeof(sMem);
+    GlobalMemoryStatus(&sMem); // assorted memory stats
+    RNG_RandomUpdate(&sMem, sizeof(sMem));
+
+    dwVal = GetLogicalDrives();
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal)); // bitfields in bits 0-25
+
+    dwVal = sizeof(buffer);
+    if (GetComputerName(buffer, &dwVal))
+        RNG_RandomUpdate(buffer, dwVal);
+
+    hVal = GetCurrentProcess(); // 4 or 8 byte pseudo handle (a
+                                // constant!) of current process
+    RNG_RandomUpdate(&hVal, sizeof(hVal));
+
+    dwVal = GetCurrentProcessId(); // process ID (4 bytes)
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal));
+
+    dwVal = GetCurrentThreadId(); // thread ID (4 bytes)
+    RNG_RandomUpdate(&dwVal, sizeof(dwVal));
+
+    volName[0] = '\0';
+    buffer[0] = '\0';
+    GetVolumeInformation(NULL,
+                         volName,
+                         sizeof(volName),
+                         &dwSerialNum,
+                         &dwComponentLen,
+                         &dwSysFlags,
+                         buffer,
+                         sizeof(buffer));
+
+    RNG_RandomUpdate(volName, strlen(volName));
+    RNG_RandomUpdate(&dwSerialNum, sizeof(dwSerialNum));
+    RNG_RandomUpdate(&dwComponentLen, sizeof(dwComponentLen));
+    RNG_RandomUpdate(&dwSysFlags, sizeof(dwSysFlags));
+    RNG_RandomUpdate(buffer, strlen(buffer));
+
+    if (GetDiskFreeSpace(NULL, &dwSectors, &dwBytes, &dwFreeClusters,
+                         &dwNumClusters)) {
+        RNG_RandomUpdate(&dwSectors, sizeof(dwSectors));
+        RNG_RandomUpdate(&dwBytes, sizeof(dwBytes));
+        RNG_RandomUpdate(&dwFreeClusters, sizeof(dwFreeClusters));
+        RNG_RandomUpdate(&dwNumClusters, sizeof(dwNumClusters));
+    }
+
+    nBytes = RNG_GetNoise(buffer, 20); // get up to 20 bytes
+    RNG_RandomUpdate(buffer, nBytes);
+}
+
+/*
+ * The RtlGenRandom function is declared in <ntsecapi.h>, but the
+ * declaration is missing a calling convention specifier. So we
+ * declare it manually here.
+ */
+#define RtlGenRandom SystemFunction036
+DECLSPEC_IMPORT BOOLEAN WINAPI RtlGenRandom(
+    PVOID RandomBuffer,
+    ULONG RandomBufferLength);
+
+size_t
+RNG_SystemRNG(void *dest, size_t maxLen)
+{
+    size_t bytes = 0;
+
+    if (RtlGenRandom(dest, maxLen)) {
+        bytes = maxLen;
+    }
+    return bytes;
+}
+#endif /* is XP_WIN */
diff --git a/nss/lib/jar/Makefile b/nss/lib/jar/Makefile
new file mode 100644
index 0000000..245c127
--- /dev/null
+++ b/nss/lib/jar/Makefile
@@ -0,0 +1,11 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
diff --git a/nss/lib/jar/config.mk b/nss/lib/jar/config.mk
new file mode 100644
index 0000000..1412dcc
--- /dev/null
+++ b/nss/lib/jar/config.mk
@@ -0,0 +1,26 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
+# NSS_X86 means the target is a 32-bits x86 CPU architecture
+# NSS_X64 means the target is a 64-bits x64 CPU architecture
+# NSS_X86_OR_X64 means the target is either x86 or x64
+ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
+        DEFINES += -DNSS_X86_OR_X64
+ifdef USE_64
+        DEFINES += -DNSS_X64
+else
+        DEFINES += -DNSS_X86
+endif
+endif
diff --git a/nss/lib/jar/exports.gyp b/nss/lib/jar/exports.gyp
new file mode 100644
index 0000000..94ee144
--- /dev/null
+++ b/nss/lib/jar/exports.gyp
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_jar_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'jar-ds.h',
+            'jar.h',
+            'jarfile.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/jar/jar-ds.c b/nss/lib/jar/jar-ds.c
new file mode 100644
index 0000000..8962305
--- /dev/null
+++ b/nss/lib/jar/jar-ds.c
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "jar.h"
+
+/* These are old DS_* routines renamed to ZZ_* */
+ZZList *
+ZZ_NewList(void)
+{
+    ZZList *list = (ZZList *)PORT_ZAlloc(sizeof(ZZList));
+    if (list)
+        ZZ_InitList(list);
+    return list;
+}
+
+ZZLink *
+ZZ_NewLink(JAR_Item *thing)
+{
+    ZZLink *link = (ZZLink *)PORT_ZAlloc(sizeof(ZZLink));
+    if (link)
+        link->thing = thing;
+    return link;
+}
+
+void
+ZZ_DestroyLink(ZZLink *link)
+{
+    PORT_Free(link);
+}
+
+void
+ZZ_DestroyList(ZZList *list)
+{
+    PORT_Free(list);
+}
diff --git a/nss/lib/jar/jar-ds.h b/nss/lib/jar/jar-ds.h
new file mode 100644
index 0000000..9818c66
--- /dev/null
+++ b/nss/lib/jar/jar-ds.h
@@ -0,0 +1,77 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __JAR_DS_h_
+#define __JAR_DS_h_
+
+/* Typedefs */
+typedef struct ZZLinkStr ZZLink;
+typedef struct ZZListStr ZZList;
+
+/*
+** Circular linked list. Each link contains a pointer to the object that
+** is actually in the list.
+*/
+struct ZZLinkStr {
+    ZZLink *next;
+    ZZLink *prev;
+    JAR_Item *thing;
+};
+
+struct ZZListStr {
+    ZZLink link;
+};
+
+#define ZZ_InitList(lst)                 \
+    {                                    \
+        (lst)->link.next = &(lst)->link; \
+        (lst)->link.prev = &(lst)->link; \
+        (lst)->link.thing = 0;           \
+    }
+
+#define ZZ_ListEmpty(lst) ((lst)->link.next == &(lst)->link)
+
+#define ZZ_ListHead(lst) ((lst)->link.next)
+
+#define ZZ_ListTail(lst) ((lst)->link.prev)
+
+#define ZZ_ListIterDone(lst, lnk) ((lnk) == &(lst)->link)
+
+#define ZZ_AppendLink(lst, lnk)         \
+    {                                   \
+        (lnk)->next = &(lst)->link;     \
+        (lnk)->prev = (lst)->link.prev; \
+        (lst)->link.prev->next = (lnk); \
+        (lst)->link.prev = (lnk);       \
+    }
+
+#define ZZ_InsertLink(lst, lnk)         \
+    {                                   \
+        (lnk)->next = (lst)->link.next; \
+        (lnk)->prev = &(lst)->link;     \
+        (lst)->link.next->prev = (lnk); \
+        (lst)->link.next = (lnk);       \
+    }
+
+#define ZZ_RemoveLink(lnk)               \
+    {                                    \
+        (lnk)->next->prev = (lnk)->prev; \
+        (lnk)->prev->next = (lnk)->next; \
+        (lnk)->next = 0;                 \
+        (lnk)->prev = 0;                 \
+    }
+
+extern ZZLink *
+ZZ_NewLink(JAR_Item *thing);
+
+extern void
+ZZ_DestroyLink(ZZLink *link);
+
+extern ZZList *
+ZZ_NewList(void);
+
+extern void
+ZZ_DestroyList(ZZList *list);
+
+#endif /* __JAR_DS_h_ */
diff --git a/nss/lib/jar/jar.c b/nss/lib/jar/jar.c
new file mode 100644
index 0000000..00a5546
--- /dev/null
+++ b/nss/lib/jar/jar.c
@@ -0,0 +1,687 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  JAR.C
+ *
+ *  Jarnature.
+ *  Routines common to signing and validating.
+ *
+ */
+
+#include "jar.h"
+#include "jarint.h"
+#include "portreg.h"
+
+static void
+jar_destroy_list(ZZList *list);
+
+static int
+jar_find_first_cert(JAR_Signer *signer, int type, JAR_Item **it);
+
+/*
+ *  J A R _ n e w
+ *
+ *  Create a new instantiation of a manifest representation.
+ *  Use this as a token to any calls to this API.
+ *
+ */
+JAR *
+JAR_new(void)
+{
+    JAR *jar;
+
+    if ((jar = (JAR *)PORT_ZAlloc(sizeof(JAR))) == NULL)
+        goto loser;
+    if ((jar->manifest = ZZ_NewList()) == NULL)
+        goto loser;
+    if ((jar->hashes = ZZ_NewList()) == NULL)
+        goto loser;
+    if ((jar->phy = ZZ_NewList()) == NULL)
+        goto loser;
+    if ((jar->metainfo = ZZ_NewList()) == NULL)
+        goto loser;
+    if ((jar->signers = ZZ_NewList()) == NULL)
+        goto loser;
+    return jar;
+
+loser:
+    if (jar) {
+        if (jar->manifest)
+            ZZ_DestroyList(jar->manifest);
+        if (jar->hashes)
+            ZZ_DestroyList(jar->hashes);
+        if (jar->phy)
+            ZZ_DestroyList(jar->phy);
+        if (jar->metainfo)
+            ZZ_DestroyList(jar->metainfo);
+        if (jar->signers)
+            ZZ_DestroyList(jar->signers);
+        PORT_Free(jar);
+    }
+    return NULL;
+}
+
+/*
+ *  J A R _ d e s t r o y
+ */
+void PR_CALLBACK
+JAR_destroy(JAR *jar)
+{
+    PORT_Assert(jar != NULL);
+
+    if (jar == NULL)
+        return;
+
+    if (jar->fp)
+        JAR_FCLOSE((PRFileDesc *)jar->fp);
+    if (jar->url)
+        PORT_Free(jar->url);
+    if (jar->filename)
+        PORT_Free(jar->filename);
+    if (jar->globalmeta)
+        PORT_Free(jar->globalmeta);
+
+    /* Free the linked list elements */
+    jar_destroy_list(jar->manifest);
+    ZZ_DestroyList(jar->manifest);
+    jar_destroy_list(jar->hashes);
+    ZZ_DestroyList(jar->hashes);
+    jar_destroy_list(jar->phy);
+    ZZ_DestroyList(jar->phy);
+    jar_destroy_list(jar->metainfo);
+    ZZ_DestroyList(jar->metainfo);
+    jar_destroy_list(jar->signers);
+    ZZ_DestroyList(jar->signers);
+    PORT_Free(jar);
+}
+
+static void
+jar_destroy_list(ZZList *list)
+{
+    ZZLink *link, *oldlink;
+    JAR_Item *it;
+    JAR_Physical *phy;
+    JAR_Digest *dig;
+    JAR_Cert *fing;
+    JAR_Metainfo *met;
+    JAR_Signer *signer;
+
+    if (list && !ZZ_ListEmpty(list)) {
+        link = ZZ_ListHead(list);
+        while (!ZZ_ListIterDone(list, link)) {
+            it = link->thing;
+            if (!it)
+                goto next;
+            if (it->pathname)
+                PORT_Free(it->pathname);
+
+            switch (it->type) {
+                case jarTypeMeta:
+                    met = (JAR_Metainfo *)it->data;
+                    if (met) {
+                        if (met->header)
+                            PORT_Free(met->header);
+                        if (met->info)
+                            PORT_Free(met->info);
+                        PORT_Free(met);
+                    }
+                    break;
+
+                case jarTypePhy:
+                    phy = (JAR_Physical *)it->data;
+                    if (phy)
+                        PORT_Free(phy);
+                    break;
+
+                case jarTypeSign:
+                    fing = (JAR_Cert *)it->data;
+                    if (fing) {
+                        if (fing->cert)
+                            CERT_DestroyCertificate(fing->cert);
+                        if (fing->key)
+                            PORT_Free(fing->key);
+                        PORT_Free(fing);
+                    }
+                    break;
+
+                case jarTypeSect:
+                case jarTypeMF:
+                case jarTypeSF:
+                    dig = (JAR_Digest *)it->data;
+                    if (dig) {
+                        PORT_Free(dig);
+                    }
+                    break;
+
+                case jarTypeOwner:
+                    signer = (JAR_Signer *)it->data;
+                    if (signer)
+                        JAR_destroy_signer(signer);
+                    break;
+
+                default:
+                    /* PORT_Assert( 1 != 2 ); */
+                    break;
+            }
+            PORT_Free(it);
+
+        next:
+            oldlink = link;
+            link = link->next;
+            ZZ_DestroyLink(oldlink);
+        }
+    }
+}
+
+/*
+ *  J A R _ g e t _ m e t a i n f o
+ *
+ *  Retrieve meta information from the manifest file.
+ *  It doesn't matter whether it's from .MF or .SF, does it?
+ *
+ */
+
+int
+JAR_get_metainfo(JAR *jar, char *name, char *header, void **info,
+                 unsigned long *length)
+{
+    JAR_Item *it;
+    ZZLink *link;
+    ZZList *list;
+
+    PORT_Assert(jar != NULL && header != NULL);
+
+    if (jar == NULL || header == NULL)
+        return JAR_ERR_PNF;
+
+    list = jar->metainfo;
+
+    if (ZZ_ListEmpty(list))
+        return JAR_ERR_PNF;
+
+    for (link = ZZ_ListHead(list);
+         !ZZ_ListIterDone(list, link);
+         link = link->next) {
+        it = link->thing;
+        if (it->type == jarTypeMeta) {
+            JAR_Metainfo *met;
+
+            if ((name && !it->pathname) || (!name && it->pathname))
+                continue;
+            if (name && it->pathname && strcmp(it->pathname, name))
+                continue;
+            met = (JAR_Metainfo *)it->data;
+            if (!PORT_Strcasecmp(met->header, header)) {
+                *info = PORT_Strdup(met->info);
+                *length = PORT_Strlen(met->info);
+                return 0;
+            }
+        }
+    }
+    return JAR_ERR_PNF;
+}
+
+/*
+ *  J A R _ f i n d
+ *
+ *  Establish the search pattern for use
+ *  by JAR_find_next, to traverse the filenames
+ *  or certificates in the JAR structure.
+ *
+ *  See jar.h for a description on how to use.
+ *
+ */
+JAR_Context *
+JAR_find(JAR *jar, char *pattern, jarType type)
+{
+    JAR_Context *ctx;
+
+    PORT_Assert(jar != NULL);
+
+    if (!jar)
+        return NULL;
+
+    ctx = (JAR_Context *)PORT_ZAlloc(sizeof(JAR_Context));
+    if (ctx == NULL)
+        return NULL;
+
+    ctx->jar = jar;
+    if (pattern) {
+        if ((ctx->pattern = PORT_Strdup(pattern)) == NULL) {
+            PORT_Free(ctx);
+            return NULL;
+        }
+    }
+    ctx->finding = type;
+
+    switch (type) {
+        case jarTypeMF:
+            ctx->next = ZZ_ListHead(jar->hashes);
+            break;
+
+        case jarTypeSF:
+        case jarTypeSign:
+            ctx->next = NULL;
+            ctx->nextsign = ZZ_ListHead(jar->signers);
+            break;
+
+        case jarTypeSect:
+            ctx->next = ZZ_ListHead(jar->manifest);
+            break;
+
+        case jarTypePhy:
+            ctx->next = ZZ_ListHead(jar->phy);
+            break;
+
+        case jarTypeOwner:
+            if (jar->signers)
+                ctx->next = ZZ_ListHead(jar->signers);
+            else
+                ctx->next = NULL;
+            break;
+
+        case jarTypeMeta:
+            ctx->next = ZZ_ListHead(jar->metainfo);
+            break;
+
+        default:
+            PORT_Assert(1 != 2);
+            break;
+    }
+    return ctx;
+}
+
+/*
+ *  J A R _ f i n d _ e n d
+ *
+ *  Destroy the find iterator context.
+ *
+ */
+void
+JAR_find_end(JAR_Context *ctx)
+{
+    PORT_Assert(ctx != NULL);
+    if (ctx) {
+        if (ctx->pattern)
+            PORT_Free(ctx->pattern);
+        PORT_Free(ctx);
+    }
+}
+
+/*
+ *  J A R _ f i n d _ n e x t
+ *
+ *  Return the next item of the given type
+ *  from one of the JAR linked lists.
+ *
+ */
+
+int
+JAR_find_next(JAR_Context *ctx, JAR_Item **it)
+{
+    JAR *jar;
+    ZZList *list = NULL;
+    int finding;
+    JAR_Signer *signer = NULL;
+
+    PORT_Assert(ctx != NULL);
+    PORT_Assert(ctx->jar != NULL);
+
+    jar = ctx->jar;
+
+    /* Internally, convert jarTypeSign to jarTypeSF, and return
+       the actual attached certificate later */
+    finding = (ctx->finding == jarTypeSign) ? jarTypeSF : ctx->finding;
+    if (ctx->nextsign) {
+        if (ZZ_ListIterDone(jar->signers, ctx->nextsign)) {
+            *it = NULL;
+            return -1;
+        }
+        PORT_Assert(ctx->nextsign->thing != NULL);
+        signer = (JAR_Signer *)ctx->nextsign->thing->data;
+    }
+
+    /* Find out which linked list to traverse. Then if
+       necessary, advance to the next linked list. */
+    while (1) {
+        switch (finding) {
+            case jarTypeSign: /* not any more */
+                PORT_Assert(finding != jarTypeSign);
+                list = signer->certs;
+                break;
+
+            case jarTypeSect:
+                list = jar->manifest;
+                break;
+
+            case jarTypePhy:
+                list = jar->phy;
+                break;
+
+            case jarTypeSF: /* signer, not jar */
+                PORT_Assert(signer != NULL);
+                list = signer ? signer->sf : NULL;
+                break;
+
+            case jarTypeMF:
+                list = jar->hashes;
+                break;
+
+            case jarTypeOwner:
+                list = jar->signers;
+                break;
+
+            case jarTypeMeta:
+                list = jar->metainfo;
+                break;
+
+            default:
+                PORT_Assert(1 != 2);
+                list = NULL;
+                break;
+        }
+        if (list == NULL) {
+            *it = NULL;
+            return -1;
+        }
+        /* When looping over lists of lists, advance to the next signer.
+	   This is done when multiple signers are possible. */
+        if (ZZ_ListIterDone(list, ctx->next)) {
+            if (ctx->nextsign && jar->signers) {
+                ctx->nextsign = ctx->nextsign->next;
+                if (!ZZ_ListIterDone(jar->signers, ctx->nextsign)) {
+                    PORT_Assert(ctx->nextsign->thing != NULL);
+                    signer = (JAR_Signer *)ctx->nextsign->thing->data;
+                    PORT_Assert(signer != NULL);
+                    ctx->next = NULL;
+                    continue;
+                }
+            }
+            *it = NULL;
+            return -1;
+        }
+
+        /* if the signer changed, still need to fill in the "next" link */
+        if (ctx->nextsign && ctx->next == NULL) {
+            switch (finding) {
+                case jarTypeSF:
+                    ctx->next = ZZ_ListHead(signer->sf);
+                    break;
+
+                case jarTypeSign:
+                    ctx->next = ZZ_ListHead(signer->certs);
+                    break;
+            }
+        }
+        PORT_Assert(ctx->next != NULL);
+        if (ctx->next == NULL) {
+            *it = NULL;
+            return -1;
+        }
+        while (!ZZ_ListIterDone(list, ctx->next)) {
+            *it = ctx->next->thing;
+            ctx->next = ctx->next->next;
+            if (!*it || (*it)->type != finding)
+                continue;
+            if (ctx->pattern && *ctx->pattern) {
+                if (PORT_RegExpSearch((*it)->pathname, ctx->pattern))
+                    continue;
+            }
+            /* We have a valid match. If this is a jarTypeSign
+	       return the certificate instead.. */
+            if (ctx->finding == jarTypeSign) {
+                JAR_Item *itt;
+
+                /* just the first one for now */
+                if (jar_find_first_cert(signer, jarTypeSign, &itt) >= 0) {
+                    *it = itt;
+                    return 0;
+                }
+                continue;
+            }
+            return 0;
+        }
+    } /* end while */
+}
+
+static int
+jar_find_first_cert(JAR_Signer *signer, int type, JAR_Item **it)
+{
+    ZZLink *link;
+    ZZList *list = signer->certs;
+    int status = JAR_ERR_PNF;
+
+    *it = NULL;
+    if (ZZ_ListEmpty(list)) {
+        /* empty list */
+        return JAR_ERR_PNF;
+    }
+
+    for (link = ZZ_ListHead(list);
+         !ZZ_ListIterDone(list, link);
+         link = link->next) {
+        if (link->thing->type == type) {
+            *it = link->thing;
+            status = 0;
+            break;
+        }
+    }
+    return status;
+}
+
+JAR_Signer *
+JAR_new_signer(void)
+{
+    JAR_Signer *signer = (JAR_Signer *)PORT_ZAlloc(sizeof(JAR_Signer));
+    if (signer == NULL)
+        goto loser;
+
+    /* certs */
+    signer->certs = ZZ_NewList();
+    if (signer->certs == NULL)
+        goto loser;
+
+    /* sf */
+    signer->sf = ZZ_NewList();
+    if (signer->sf == NULL)
+        goto loser;
+    return signer;
+
+loser:
+    if (signer) {
+        if (signer->certs)
+            ZZ_DestroyList(signer->certs);
+        if (signer->sf)
+            ZZ_DestroyList(signer->sf);
+        PORT_Free(signer);
+    }
+    return NULL;
+}
+
+void
+JAR_destroy_signer(JAR_Signer *signer)
+{
+    if (signer) {
+        if (signer->owner)
+            PORT_Free(signer->owner);
+        if (signer->digest)
+            PORT_Free(signer->digest);
+        jar_destroy_list(signer->sf);
+        ZZ_DestroyList(signer->sf);
+        jar_destroy_list(signer->certs);
+        ZZ_DestroyList(signer->certs);
+        PORT_Free(signer);
+    }
+}
+
+JAR_Signer *
+jar_get_signer(JAR *jar, char *basename)
+{
+    JAR_Item *it;
+    JAR_Context *ctx = JAR_find(jar, NULL, jarTypeOwner);
+    JAR_Signer *candidate;
+    JAR_Signer *signer = NULL;
+
+    if (ctx == NULL)
+        return NULL;
+
+    while (JAR_find_next(ctx, &it) >= 0) {
+        candidate = (JAR_Signer *)it->data;
+        if (*basename == '*' || !PORT_Strcmp(candidate->owner, basename)) {
+            signer = candidate;
+            break;
+        }
+    }
+    JAR_find_end(ctx);
+    return signer;
+}
+
+/*
+ *  J A R _ g e t _ f i l e n a m e
+ *
+ *  Returns the filename associated with
+ *  a JAR structure.
+ *
+ */
+char *
+JAR_get_filename(JAR *jar)
+{
+    return jar->filename;
+}
+
+/*
+ *  J A R _ g e t _ u r l
+ *
+ *  Returns the URL associated with
+ *  a JAR structure. Nobody really uses this now.
+ *
+ */
+char *
+JAR_get_url(JAR *jar)
+{
+    return jar->url;
+}
+
+/*
+ *  J A R _ s e t _ c a l l b a c k
+ *
+ *  Register some manner of callback function for this jar.
+ *
+ */
+int
+JAR_set_callback(int type, JAR *jar, jar_settable_callback_fn *fn)
+{
+    if (type == JAR_CB_SIGNAL) {
+        jar->signal = fn;
+        return 0;
+    }
+    return -1;
+}
+
+/*
+ *  Callbacks
+ *
+ */
+
+/* To return an error string */
+char *(*jar_fn_GetString)(int) = NULL;
+
+/* To return an MWContext for Java */
+void *(*jar_fn_FindSomeContext)(void) = NULL;
+
+/* To fabricate an MWContext for FE_GetPassword */
+void *(*jar_fn_GetInitContext)(void) = NULL;
+
+void
+JAR_init_callbacks(char *(*string_cb)(int),
+                   void *(*find_cx)(void),
+                   void *(*init_cx)(void))
+{
+    jar_fn_GetString = string_cb;
+    jar_fn_FindSomeContext = find_cx;
+    jar_fn_GetInitContext = init_cx;
+}
+
+/*
+ *  J A R _ g e t _ e r r o r
+ *
+ *  This is provided to map internal JAR errors to strings for
+ *  the Java console. Also, a DLL may call this function if it does
+ *  not have access to the XP_GetString function.
+ *
+ *  These strings aren't UI, since they are Java console only.
+ *
+ */
+char *
+JAR_get_error(int status)
+{
+    char *errstring = NULL;
+
+    switch (status) {
+        case JAR_ERR_GENERAL:
+            errstring = "General JAR file error";
+            break;
+
+        case JAR_ERR_FNF:
+            errstring = "JAR file not found";
+            break;
+
+        case JAR_ERR_CORRUPT:
+            errstring = "Corrupt JAR file";
+            break;
+
+        case JAR_ERR_MEMORY:
+            errstring = "Out of memory";
+            break;
+
+        case JAR_ERR_DISK:
+            errstring = "Disk error (perhaps out of space)";
+            break;
+
+        case JAR_ERR_ORDER:
+            errstring = "Inconsistent files in META-INF directory";
+            break;
+
+        case JAR_ERR_SIG:
+            errstring = "Invalid digital signature file";
+            break;
+
+        case JAR_ERR_METADATA:
+            errstring = "JAR metadata failed verification";
+            break;
+
+        case JAR_ERR_ENTRY:
+            errstring = "No Manifest entry for this JAR entry";
+            break;
+
+        case JAR_ERR_HASH:
+            errstring = "Invalid Hash of this JAR entry";
+            break;
+
+        case JAR_ERR_PK7:
+            errstring = "Strange PKCS7 or RSA failure";
+            break;
+
+        case JAR_ERR_PNF:
+            errstring = "Path not found inside JAR file";
+            break;
+
+        default:
+            if (jar_fn_GetString) {
+                errstring = jar_fn_GetString(status);
+            } else {
+                /* this is not a normal situation, and would only be
+	       called in cases of improper initialization */
+                char *err = (char *)PORT_Alloc(40);
+                if (err)
+                    PR_snprintf(err, 39, "Error %d\n", status); /* leak me! */
+                else
+                    err = "Error! Bad! Out of memory!";
+                return err;
+            }
+            break;
+    }
+    return errstring;
+}
diff --git a/nss/lib/jar/jar.gyp b/nss/lib/jar/jar.gyp
new file mode 100644
index 0000000..e38b4ab
--- /dev/null
+++ b/nss/lib/jar/jar.gyp
@@ -0,0 +1,76 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'jar',
+      'type': 'static_library',
+      'sources': [
+        'jar-ds.c',
+        'jar.c',
+        'jarfile.c',
+        'jarint.c',
+        'jarsign.c',
+        'jarver.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'MOZILLA_CLIENT=1',
+    ],
+    'conditions': [
+      [ 'OS=="win"', {
+        'configurations': {
+          'x86_Base': {
+            'msvs_settings': {
+              'VCCLCompilerTool': {
+                'PreprocessorDefinitions': [
+                  'NSS_X86_OR_X64',
+                  'NSS_X86',
+                ],
+              },
+            },
+          },
+          'x64_Base': {
+            'msvs_settings': {
+              'VCCLCompilerTool': {
+                'PreprocessorDefinitions': [
+                  'NSS_USE_64',
+                  'NSS_X86_OR_X64',
+                  'NSS_X64',
+                ],
+              },
+            },
+          },
+        },
+      }, {
+        'conditions': [
+          [ 'target_arch=="x64"', {
+            'defines': [
+              'NSS_USE_64',
+              'NSS_X86_OR_X64',
+              'NSS_X64',
+            ],
+          }],
+          [ 'target_arch=="ia32"', {
+            'defines': [
+              'NSS_X86_OR_X64',
+              'NSS_X86',
+            ],
+          }],
+        ],
+      }],
+    ],
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/jar/jar.h b/nss/lib/jar/jar.h
new file mode 100644
index 0000000..d337cef
--- /dev/null
+++ b/nss/lib/jar/jar.h
@@ -0,0 +1,372 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __JAR_h_
+#define __JAR_h_
+
+/*
+ *  In general, any functions that return pointers
+ *  have memory owned by the caller.
+ *
+ */
+
+/* security includes */
+#include "cert.h"
+#include "hasht.h"
+
+/* nspr 2.0 includes */
+#include "prio.h"
+
+#define ZHUGEP
+
+#include <stdio.h>
+
+/* various types */
+
+typedef enum {
+    jarTypeMF = 2,
+    jarTypeSF = 3,
+    jarTypeMeta = 6,
+    jarTypePhy = 7,
+    jarTypeSign = 10,
+    jarTypeSect = 11,
+    jarTypeOwner = 13
+} jarType;
+
+/* void data in ZZList's contain JAR_Item type */
+typedef struct JAR_Item_ {
+    char *pathname; /* relative. inside zip file */
+    jarType type;   /* various types */
+    size_t size;    /* size of data below */
+    void *data;     /* totally opaque */
+} JAR_Item;
+
+/* hashes */
+typedef enum {
+    jarHashNone = 0,
+    jarHashBad = 1,
+    jarHashPresent = 2
+} jarHash;
+
+typedef struct JAR_Digest_ {
+    jarHash md5_status;
+    unsigned char md5[MD5_LENGTH];
+    jarHash sha1_status;
+    unsigned char sha1[SHA1_LENGTH];
+} JAR_Digest;
+
+/* physical archive formats */
+typedef enum {
+    jarArchGuess = 0,
+    jarArchNone = 1,
+    jarArchZip = 2,
+    jarArchTar = 3
+} jarArch;
+
+#include "jar-ds.h"
+
+struct JAR_;
+
+typedef int jar_settable_callback_fn(int status, struct JAR_ *jar,
+                                     const char *metafile, char *pathname,
+                                     char *errortext);
+
+/* jar object */
+typedef struct JAR_ {
+    jarArch format; /* physical archive format */
+
+    char *url;      /* Where it came from */
+    char *filename; /* Disk location */
+    FILE *fp;       /* For multiple extractions */
+    /* JAR_FILE */
+
+    /* various linked lists */
+    ZZList *manifest; /* Digests of MF sections */
+    ZZList *hashes;   /* Digests of actual signed files */
+    ZZList *phy;      /* Physical layout of JAR file */
+    ZZList *metainfo; /* Global metainfo */
+
+    JAR_Digest *globalmeta; /* digest of .MF global portion */
+
+    /* Below will change to a linked list to support multiple sigs */
+    int pkcs7; /* Enforced opaqueness */
+    int valid; /* PKCS7 signature validated */
+
+    ZZList *signers; /* the above, per signer */
+
+    /* Window context, very necessary for PKCS11 now */
+    void *mw; /* MWContext window context */
+
+    /* Signal callback function */
+    jar_settable_callback_fn *signal;
+} JAR;
+
+/*
+ *  Iterator
+ *
+ *  Context for iterative operations. Certain operations
+ *  require iterating multiple linked lists because of
+ *  multiple signers. "nextsign" is used for this purpose.
+ *
+ */
+typedef struct JAR_Context_ {
+    JAR *jar;         /* Jar we are searching */
+    char *pattern;    /* Regular expression */
+    jarType finding;  /* Type of item to find */
+    ZZLink *next;     /* Next item in find */
+    ZZLink *nextsign; /* Next signer, sometimes */
+} JAR_Context;
+
+typedef struct JAR_Signer_ {
+    int pkcs7;          /* Enforced opaqueness */
+    int valid;          /* PKCS7 signature validated */
+    char *owner;        /* name of .RSA file */
+    JAR_Digest *digest; /* of .SF file */
+    ZZList *sf;         /* Linked list of .SF file contents */
+    ZZList *certs;      /* Signing information */
+} JAR_Signer;
+
+/* Meta informaton, or "policy", from the manifest file.
+   Right now just one tuple per JAR_Item. */
+typedef struct JAR_Metainfo_ {
+    char *header;
+    char *info;
+} JAR_Metainfo;
+
+/* This should not be global */
+typedef struct JAR_Physical_ {
+    unsigned char compression;
+    unsigned long offset;
+    unsigned long length;
+    unsigned long uncompressed_length;
+#if defined(XP_UNIX) || defined(XP_BEOS)
+    PRUint16 mode;
+#endif
+} JAR_Physical;
+
+typedef struct JAR_Cert_ {
+    size_t length;
+    void *key;
+    CERTCertificate *cert;
+} JAR_Cert;
+
+/* certificate stuff */
+typedef enum {
+    jarCertCompany = 1,
+    jarCertCA = 2,
+    jarCertSerial = 3,
+    jarCertExpires = 4,
+    jarCertNickname = 5,
+    jarCertFinger = 6,
+    jarCertJavaHack = 100
+} jarCert;
+
+/* callback types */
+#define JAR_CB_SIGNAL 1
+
+/*
+ *  This is the base for the JAR error codes. It will
+ *  change when these are incorporated into allxpstr.c,
+ *  but right now they won't let me put them there.
+ *
+ */
+#ifndef SEC_ERR_BASE
+#define SEC_ERR_BASE (-0x2000)
+#endif
+
+#define JAR_BASE SEC_ERR_BASE + 300
+
+/* Jar specific error definitions */
+
+#define JAR_ERR_GENERAL (JAR_BASE + 1)
+#define JAR_ERR_FNF (JAR_BASE + 2)
+#define JAR_ERR_CORRUPT (JAR_BASE + 3)
+#define JAR_ERR_MEMORY (JAR_BASE + 4)
+#define JAR_ERR_DISK (JAR_BASE + 5)
+#define JAR_ERR_ORDER (JAR_BASE + 6)
+#define JAR_ERR_SIG (JAR_BASE + 7)
+#define JAR_ERR_METADATA (JAR_BASE + 8)
+#define JAR_ERR_ENTRY (JAR_BASE + 9)
+#define JAR_ERR_HASH (JAR_BASE + 10)
+#define JAR_ERR_PK7 (JAR_BASE + 11)
+#define JAR_ERR_PNF (JAR_BASE + 12)
+
+/* Function declarations */
+
+extern JAR *JAR_new(void);
+
+extern void PR_CALLBACK JAR_destroy(JAR *jar);
+
+extern char *JAR_get_error(int status);
+
+extern int JAR_set_callback(int type, JAR *jar, jar_settable_callback_fn *fn);
+
+extern void
+JAR_init_callbacks(char *(*string_cb)(int),
+                   void *(*find_cx)(void),
+                   void *(*init_cx)(void));
+
+/*
+ *  JAR_set_context
+ *
+ *  PKCS11 may require a password to be entered by the user
+ *  before any crypto routines may be called. This will require
+ *  a window context if used from inside Mozilla.
+ *
+ *  Call this routine with your context before calling
+ *  verifying or signing. If you have no context, call with NULL
+ *  and one will be chosen for you.
+ *
+ */
+int JAR_set_context(JAR *jar, void /*MWContext*/ *mw);
+
+/*
+ *  Iterative operations
+ *
+ *  JAR_find sets up for repeated calls with JAR_find_next.
+ *  I never liked findfirst and findnext, this is nicer.
+ *
+ *  Pattern contains a relative pathname to match inside the
+ *  archive. It is currently assumed to be "*".
+ *
+ *  To use:
+ *
+ *     JAR_Item *item;
+ *     JAR_find (jar, "*.class", jarTypeMF);
+ *     while (JAR_find_next (jar, &item) >= 0)
+ *   { do stuff }
+ *
+ */
+
+/* Replacement functions with an external context */
+
+extern JAR_Context *JAR_find(JAR *jar, char *pattern, jarType type);
+
+extern int JAR_find_next(JAR_Context *ctx, JAR_Item **it);
+
+extern void JAR_find_end(JAR_Context *ctx);
+
+/*
+ *  Function to parse manifest file:
+ *
+ *  Many signatures may be attached to a single filename located
+ *  inside the zip file. We only support one.
+ *
+ *  Several manifests may be included in the zip file.
+ *
+ *  You must pass the MANIFEST.MF file before any .SF files.
+ *
+ *  Right now this returns a big ole list, privately in the jar structure.
+ *  If you need to traverse it, use JAR_find if possible.
+ *
+ *  The path is needed to determine what type of binary signature is
+ *  being passed, though it is technically not needed for manifest files.
+ *
+ *  When parsing an ASCII file, null terminate the ASCII raw_manifest
+ *  prior to sending it, and indicate a length of 0. For binary digital
+ *  signatures only, indicate the true length of the signature.
+ *  (This is legacy behavior.)
+ *
+ *  You may free the manifest after parsing it.
+ *
+ */
+
+extern int
+JAR_parse_manifest(JAR *jar, char *raw_manifest, long length, const char *path,
+                   const char *url);
+
+/*
+ *  Verify data (nonstreaming). The signature is actually
+ *  checked by JAR_parse_manifest or JAR_pass_archive.
+ *
+ */
+
+extern JAR_Digest *PR_CALLBACK
+JAR_calculate_digest(void *data, long length);
+
+extern int PR_CALLBACK
+JAR_verify_digest(JAR *jar, const char *name, JAR_Digest *dig);
+
+extern int
+JAR_digest_file(char *filename, JAR_Digest *dig);
+
+/*
+ *  Meta information
+ *
+ *  Currently, since this call does not support passing of an owner
+ *  (certificate, or physical name of the .sf file), it is restricted to
+ *  returning information located in the manifest.mf file.
+ *
+ *  Meta information is a name/value pair inside the archive file. Here,
+ *  the name is passed in *header and value returned in **info.
+ *
+ *  Pass a NULL as the name to retrieve metainfo from the global section.
+ *
+ *  Data is returned in **info, of size *length. The return value
+ *  will indicate if no data was found.
+ *
+ */
+
+extern int
+JAR_get_metainfo(JAR *jar, char *name, char *header, void **info,
+                 unsigned long *length);
+
+extern char *JAR_get_filename(JAR *jar);
+
+extern char *JAR_get_url(JAR *jar);
+
+/* save the certificate with this fingerprint in persistent
+   storage, somewhere, for retrieval in a future session when there
+   is no corresponding JAR structure. */
+extern int PR_CALLBACK
+JAR_stash_cert(JAR *jar, long keylen, void *key);
+
+/* retrieve a certificate presumably stashed with the above
+   function, but may be any certificate. Type is &CERTCertificate */
+CERTCertificate *
+JAR_fetch_cert(long length, void *key);
+
+/*
+ *  New functions to handle archives alone
+ *    (call JAR_new beforehand)
+ *
+ *  JAR_pass_archive acts much like parse_manifest. Certificates
+ *  are returned in the JAR structure but as opaque data. When calling
+ *  JAR_verified_extract you still need to decide which of these
+ *  certificates to honor.
+ *
+ *  Code to examine a JAR structure is in jarbert.c. You can obtain both
+ *  a list of filenames and certificates from traversing the linked list.
+ *
+ */
+extern int
+JAR_pass_archive(JAR *jar, jarArch format, char *filename, const char *url);
+
+/*
+ * Same thing, but don't check signatures
+ */
+extern int
+JAR_pass_archive_unverified(JAR *jar, jarArch format, char *filename,
+                            const char *url);
+
+/*
+ *  Extracts a relative pathname from the archive and places it
+ *  in the filename specified.
+ *
+ *  Call JAR_set_nailed if you want to keep the file descriptors
+ *  open between multiple calls to JAR_verify_extract.
+ *
+ */
+extern int
+JAR_verified_extract(JAR *jar, char *path, char *outpath);
+
+/*
+ *  JAR_extract does no crypto checking. This can be used if you
+ *  need to extract a manifest file or signature, etc.
+ *
+ */
+extern int
+JAR_extract(JAR *jar, char *path, char *outpath);
+
+#endif /* __JAR_h_ */
diff --git a/nss/lib/jar/jarfile.c b/nss/lib/jar/jarfile.c
new file mode 100644
index 0000000..e2470a1
--- /dev/null
+++ b/nss/lib/jar/jarfile.c
@@ -0,0 +1,966 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  JARFILE
+ *
+ *  Parsing of a Jar file
+ */
+#define JAR_SIZE 256
+
+#include "jar.h"
+#include "jarint.h"
+#include "jarfile.h"
+
+/* commercial compression */
+#include "jzlib.h"
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+#include "sys/stat.h"
+#endif
+
+#include "sechash.h" /* for HASH_GetHashObject() */
+
+PR_STATIC_ASSERT(46 == sizeof(struct ZipCentral));
+PR_STATIC_ASSERT(30 == sizeof(struct ZipLocal));
+PR_STATIC_ASSERT(22 == sizeof(struct ZipEnd));
+PR_STATIC_ASSERT(512 == sizeof(union TarEntry));
+
+/* extracting */
+static int
+jar_guess_jar(const char *filename, JAR_FILE fp);
+
+static int
+jar_inflate_memory(unsigned int method, long *length, long expected_out_len,
+                   char **data);
+
+static int
+jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset,
+                        unsigned long length);
+
+static int
+jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset,
+                     unsigned long length, unsigned int method);
+
+static int
+jar_verify_extract(JAR *jar, char *path, char *physical_path);
+
+static JAR_Physical *
+jar_get_physical(JAR *jar, char *pathname);
+
+static int
+jar_extract_manifests(JAR *jar, jarArch format, JAR_FILE fp);
+
+static int
+jar_extract_mf(JAR *jar, jarArch format, JAR_FILE fp, char *ext);
+
+/* indexing */
+static int
+jar_gen_index(JAR *jar, jarArch format, JAR_FILE fp);
+
+static int
+jar_listtar(JAR *jar, JAR_FILE fp);
+
+static int
+jar_listzip(JAR *jar, JAR_FILE fp);
+
+/* conversions */
+static int
+dosdate(char *date, const char *s);
+
+static int
+dostime(char *time, const char *s);
+
+#ifdef NSS_X86_OR_X64
+/* The following macros throw up warnings. */
+#if defined(__GNUC__) && !defined(NSS_NO_GCC48)
+#pragma GCC diagnostic ignored "-Wstrict-aliasing"
+#endif
+#define x86ShortToUint32(ii) ((const PRUint32) * ((const PRUint16 *)(ii)))
+#define x86LongToUint32(ii) (*(const PRUint32 *)(ii))
+#else
+static PRUint32
+x86ShortToUint32(const void *ii);
+
+static PRUint32
+x86LongToUint32(const void *ll);
+#endif
+
+static long
+octalToLong(const char *s);
+
+/*
+ *  J A R _ p a s s _ a r c h i v e
+ *
+ *  For use by naive clients. Slam an entire archive file
+ *  into this function. We extract manifests, parse, index
+ *  the archive file, and do whatever nastiness.
+ *
+ */
+int
+JAR_pass_archive(JAR *jar, jarArch format, char *filename, const char *url)
+{
+    JAR_FILE fp;
+    int status = 0;
+
+    if (filename == NULL)
+        return JAR_ERR_GENERAL;
+
+    if ((fp = JAR_FOPEN(filename, "rb")) != NULL) {
+        if (format == jarArchGuess)
+            format = (jarArch)jar_guess_jar(filename, fp);
+
+        jar->format = format;
+        jar->url = url ? PORT_Strdup(url) : NULL;
+        jar->filename = PORT_Strdup(filename);
+
+        status = jar_gen_index(jar, format, fp);
+        if (status == 0)
+            status = jar_extract_manifests(jar, format, fp);
+
+        JAR_FCLOSE(fp);
+        if (status < 0)
+            return status;
+
+        /* people were expecting it this way */
+        return jar->valid;
+    }
+    /* file not found */
+    return JAR_ERR_FNF;
+}
+
+/*
+ *  J A R _ p a s s _ a r c h i v e _ u n v e r i f i e d
+ *
+ * Same as JAR_pass_archive, but doesn't parse signatures.
+ *
+ */
+int
+JAR_pass_archive_unverified(JAR *jar, jarArch format, char *filename,
+                            const char *url)
+{
+    JAR_FILE fp;
+    int status = 0;
+
+    if (filename == NULL) {
+        return JAR_ERR_GENERAL;
+    }
+
+    if ((fp = JAR_FOPEN(filename, "rb")) != NULL) {
+        if (format == jarArchGuess) {
+            format = (jarArch)jar_guess_jar(filename, fp);
+        }
+
+        jar->format = format;
+        jar->url = url ? PORT_Strdup(url) : NULL;
+        jar->filename = PORT_Strdup(filename);
+
+        status = jar_gen_index(jar, format, fp);
+        if (status == 0) {
+            status = jar_extract_mf(jar, format, fp, "mf");
+        }
+
+        JAR_FCLOSE(fp);
+        if (status < 0) {
+            return status;
+        }
+
+        /* people were expecting it this way */
+        return jar->valid;
+    }
+    /* file not found */
+    return JAR_ERR_FNF;
+}
+
+/*
+ *  J A R _ v e r i f i e d _ e x t r a c t
+ *
+ *  Optimization: keep a file descriptor open
+ *  inside the JAR structure, so we don't have to
+ *  open the file 25 times to run java.
+ *
+ */
+
+int
+JAR_verified_extract(JAR *jar, char *path, char *outpath)
+{
+    int status = JAR_extract(jar, path, outpath);
+
+    if (status >= 0)
+        return jar_verify_extract(jar, path, outpath);
+    return status;
+}
+
+int
+JAR_extract(JAR *jar, char *path, char *outpath)
+{
+    int result;
+    JAR_Physical *phy;
+
+    if (jar->fp == NULL && jar->filename) {
+        jar->fp = (FILE *)JAR_FOPEN(jar->filename, "rb");
+    }
+    if (jar->fp == NULL) {
+        /* file not found */
+        return JAR_ERR_FNF;
+    }
+
+    phy = jar_get_physical(jar, path);
+    if (phy) {
+        if (phy->compression != 0 && phy->compression != 8) {
+            /* unsupported compression method */
+            result = JAR_ERR_CORRUPT;
+        }
+        if (phy->compression == 0) {
+            result = jar_physical_extraction((PRFileDesc *)jar->fp, outpath, phy->offset, phy->length);
+        } else {
+            result = jar_physical_inflate((PRFileDesc *)jar->fp, outpath,
+                                          phy->offset, phy->length,
+                                          (unsigned int)phy->compression);
+        }
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+        if (phy->mode)
+            chmod(outpath, 0400 | (mode_t)phy->mode);
+#endif
+    } else {
+        /* pathname not found in archive */
+        result = JAR_ERR_PNF;
+    }
+    return result;
+}
+
+/*
+ *  p h y s i c a l _ e x t r a c t i o n
+ *
+ *  This needs to be done in chunks of say 32k, instead of
+ *  in one bulk calloc. (Necessary under Win16 platform.)
+ *  This is done for uncompressed entries only.
+ *
+ */
+
+#define CHUNK 32768
+
+static int
+jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset,
+                        unsigned long length)
+{
+    JAR_FILE out;
+    char *buffer = (char *)PORT_ZAlloc(CHUNK);
+    int status = 0;
+
+    if (buffer == NULL)
+        return JAR_ERR_MEMORY;
+
+    if ((out = JAR_FOPEN(outpath, "wb")) != NULL) {
+        unsigned long at = 0;
+
+        JAR_FSEEK(fp, offset, (PRSeekWhence)0);
+        while (at < length) {
+            long chunk = (at + CHUNK <= length) ? CHUNK : length - at;
+            if (JAR_FREAD(fp, buffer, chunk) != chunk) {
+                status = JAR_ERR_DISK;
+                break;
+            }
+            at += chunk;
+            if (JAR_FWRITE(out, buffer, chunk) < chunk) {
+                /* most likely a disk full error */
+                status = JAR_ERR_DISK;
+                break;
+            }
+        }
+        JAR_FCLOSE(out);
+    } else {
+        /* error opening output file */
+        status = JAR_ERR_DISK;
+    }
+    PORT_Free(buffer);
+    return status;
+}
+
+/*
+ *  j a r _ p h y s i c a l _ i n f l a t e
+ *
+ *  Inflate a range of bytes in a file, writing the inflated
+ *  result to "outpath". Chunk based.
+ *
+ */
+/* input and output chunks differ, assume 4x compression */
+
+#define ICHUNK 8192
+#define OCHUNK 32768
+
+static int
+jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length,
+                     unsigned int method)
+{
+    char *inbuf, *outbuf;
+    int status = 0;
+    z_stream zs;
+    JAR_FILE out;
+
+    /* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */
+    if ((inbuf = (char *)PORT_ZAlloc(ICHUNK + 1)) == NULL)
+        return JAR_ERR_MEMORY;
+
+    if ((outbuf = (char *)PORT_ZAlloc(OCHUNK)) == NULL) {
+        PORT_Free(inbuf);
+        return JAR_ERR_MEMORY;
+    }
+
+    PORT_Memset(&zs, 0, sizeof(zs));
+    status = inflateInit2(&zs, -MAX_WBITS);
+    if (status != Z_OK) {
+        PORT_Free(inbuf);
+        PORT_Free(outbuf);
+        return JAR_ERR_GENERAL;
+    }
+
+    if ((out = JAR_FOPEN(outpath, "wb")) != NULL) {
+        unsigned long at = 0;
+
+        JAR_FSEEK(fp, offset, (PRSeekWhence)0);
+        while (at < length) {
+            unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at;
+            unsigned long tin;
+
+            if (JAR_FREAD(fp, inbuf, chunk) != chunk) {
+                /* incomplete read */
+                JAR_FCLOSE(out);
+                PORT_Free(inbuf);
+                PORT_Free(outbuf);
+                return JAR_ERR_CORRUPT;
+            }
+            at += chunk;
+            if (at == length) {
+                /* add an extra dummy byte at the end */
+                inbuf[chunk++] = 0xDD;
+            }
+            zs.next_in = (Bytef *)inbuf;
+            zs.avail_in = chunk;
+            zs.avail_out = OCHUNK;
+            tin = zs.total_in;
+            while ((zs.total_in - tin < chunk) || (zs.avail_out == 0)) {
+                unsigned long prev_total = zs.total_out;
+                unsigned long ochunk;
+
+                zs.next_out = (Bytef *)outbuf;
+                zs.avail_out = OCHUNK;
+                status = inflate(&zs, Z_NO_FLUSH);
+                if (status != Z_OK && status != Z_STREAM_END) {
+                    /* error during decompression */
+                    JAR_FCLOSE(out);
+                    PORT_Free(inbuf);
+                    PORT_Free(outbuf);
+                    return JAR_ERR_CORRUPT;
+                }
+                ochunk = zs.total_out - prev_total;
+                if (JAR_FWRITE(out, outbuf, ochunk) < (long)ochunk) {
+                    /* most likely a disk full error */
+                    status = JAR_ERR_DISK;
+                    break;
+                }
+                if (status == Z_STREAM_END)
+                    break;
+            }
+        }
+        JAR_FCLOSE(out);
+        status = inflateEnd(&zs);
+    } else {
+        /* error opening output file */
+        status = JAR_ERR_DISK;
+    }
+    PORT_Free(inbuf);
+    PORT_Free(outbuf);
+    return status;
+}
+
+/*
+ *  j a r _ i n f l a t e _ m e m o r y
+ *
+ *  Call zlib to inflate the given memory chunk. It is re-XP_ALLOC'd,
+ *  and thus appears to operate inplace to the caller.
+ *
+ */
+static int
+jar_inflate_memory(unsigned int method, long *length, long expected_out_len,
+                   char **data)
+{
+    char *inbuf = *data;
+    char *outbuf = (char *)PORT_ZAlloc(expected_out_len);
+    long insz = *length;
+    int status;
+    z_stream zs;
+
+    if (outbuf == NULL)
+        return JAR_ERR_MEMORY;
+
+    PORT_Memset(&zs, 0, sizeof zs);
+    status = inflateInit2(&zs, -MAX_WBITS);
+    if (status < 0) {
+        /* error initializing zlib stream */
+        PORT_Free(outbuf);
+        return JAR_ERR_GENERAL;
+    }
+
+    zs.next_in = (Bytef *)inbuf;
+    zs.next_out = (Bytef *)outbuf;
+    zs.avail_in = insz;
+    zs.avail_out = expected_out_len;
+
+    status = inflate(&zs, Z_FINISH);
+    if (status != Z_OK && status != Z_STREAM_END) {
+        /* error during deflation */
+        PORT_Free(outbuf);
+        return JAR_ERR_GENERAL;
+    }
+
+    status = inflateEnd(&zs);
+    if (status != Z_OK) {
+        /* error during deflation */
+        PORT_Free(outbuf);
+        return JAR_ERR_GENERAL;
+    }
+    PORT_Free(*data);
+    *data = outbuf;
+    *length = zs.total_out;
+    return 0;
+}
+
+/*
+ *  v e r i f y _ e x t r a c t
+ *
+ *  Validate signature on the freshly extracted file.
+ *
+ */
+static int
+jar_verify_extract(JAR *jar, char *path, char *physical_path)
+{
+    int status;
+    JAR_Digest dig;
+
+    PORT_Memset(&dig, 0, sizeof dig);
+    status = JAR_digest_file(physical_path, &dig);
+    if (!status)
+        status = JAR_verify_digest(jar, path, &dig);
+    return status;
+}
+
+/*
+ *  g e t _ p h y s i c a l
+ *
+ *  Let's get physical.
+ *  Obtains the offset and length of this file in the jar file.
+ *
+ */
+static JAR_Physical *
+jar_get_physical(JAR *jar, char *pathname)
+{
+    ZZLink *link;
+    ZZList *list = jar->phy;
+
+    if (ZZ_ListEmpty(list))
+        return NULL;
+
+    for (link = ZZ_ListHead(list);
+         !ZZ_ListIterDone(list, link);
+         link = link->next) {
+        JAR_Item *it = link->thing;
+
+        if (it->type == jarTypePhy &&
+            it->pathname && !PORT_Strcmp(it->pathname, pathname)) {
+            JAR_Physical *phy = (JAR_Physical *)it->data;
+            return phy;
+        }
+    }
+    return NULL;
+}
+
+/*
+ *  j a r _ e x t r a c t _ m a n i f e s t s
+ *
+ *  Extract the manifest files and parse them,
+ *  from an open archive file whose contents are known.
+ *
+ */
+static int
+jar_extract_manifests(JAR *jar, jarArch format, JAR_FILE fp)
+{
+    int status, signatures;
+
+    if (format != jarArchZip && format != jarArchTar)
+        return JAR_ERR_CORRUPT;
+
+    if ((status = jar_extract_mf(jar, format, fp, "mf")) < 0)
+        return status;
+    if (!status)
+        return JAR_ERR_ORDER;
+    if ((status = jar_extract_mf(jar, format, fp, "sf")) < 0)
+        return status;
+    if (!status)
+        return JAR_ERR_ORDER;
+    if ((status = jar_extract_mf(jar, format, fp, "rsa")) < 0)
+        return status;
+    signatures = status;
+    if ((status = jar_extract_mf(jar, format, fp, "dsa")) < 0)
+        return status;
+    if (!(signatures += status))
+        return JAR_ERR_SIG;
+    return 0;
+}
+
+/*
+ *  j a r _ e x t r a c t _ m f
+ *
+ *  Extracts manifest files based on an extension, which
+ *  should be .MF, .SF, .RSA, etc. Order of the files is now no
+ *  longer important when zipping jar files.
+ *
+ */
+static int
+jar_extract_mf(JAR *jar, jarArch format, JAR_FILE fp, char *ext)
+{
+    ZZLink *link;
+    ZZList *list = jar->phy;
+    int ret = 0;
+
+    if (ZZ_ListEmpty(list))
+        return JAR_ERR_PNF;
+
+    for (link = ZZ_ListHead(list);
+         ret >= 0 && !ZZ_ListIterDone(list, link);
+         link = link->next) {
+        JAR_Item *it = link->thing;
+
+        if (it->type == jarTypePhy &&
+            !PORT_Strncmp(it->pathname, "META-INF", 8)) {
+            JAR_Physical *phy = (JAR_Physical *)it->data;
+            char *fn = it->pathname + 8;
+            char *e;
+            char *manifest;
+            long length;
+            int num, status;
+
+            if (PORT_Strlen(it->pathname) < 8)
+                continue;
+
+            if (*fn == '/' || *fn == '\\')
+                fn++;
+            if (*fn == 0) {
+                /* just a directory entry */
+                continue;
+            }
+
+            /* skip to extension */
+            for (e = fn; *e && *e != '.'; e++)
+                /* yip */;
+
+            /* and skip dot */
+            if (*e == '.')
+                e++;
+            if (PORT_Strcasecmp(ext, e)) {
+                /* not the right extension */
+                continue;
+            }
+            if (phy->length == 0 || phy->length > 0xFFFF) {
+                /* manifest files cannot be zero length or too big! */
+                /* the 0xFFFF limit is per J2SE SDK */
+                return JAR_ERR_CORRUPT;
+            }
+
+            /* Read in the manifest and parse it */
+            /* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */
+            manifest = (char *)PORT_ZAlloc(phy->length + 1);
+            if (!manifest)
+                return JAR_ERR_MEMORY;
+
+            JAR_FSEEK(fp, phy->offset, (PRSeekWhence)0);
+            num = JAR_FREAD(fp, manifest, phy->length);
+            if (num != phy->length) {
+                /* corrupt archive file */
+                PORT_Free(manifest);
+                return JAR_ERR_CORRUPT;
+            }
+
+            if (phy->compression == 8) {
+                length = phy->length;
+                /* add an extra dummy byte at the end */
+                manifest[length++] = 0xDD;
+                status = jar_inflate_memory((unsigned int)phy->compression,
+                                            &length,
+                                            phy->uncompressed_length,
+                                            &manifest);
+                if (status < 0) {
+                    PORT_Free(manifest);
+                    return status;
+                }
+            } else if (phy->compression) {
+                /* unsupported compression method */
+                PORT_Free(manifest);
+                return JAR_ERR_CORRUPT;
+            } else
+                length = phy->length;
+
+            status = JAR_parse_manifest(jar, manifest, length,
+                                        it->pathname, "url");
+            PORT_Free(manifest);
+            if (status < 0)
+                ret = status;
+            else
+                ++ret;
+        } else if (it->type == jarTypePhy) {
+            /* ordinary file */
+        }
+    }
+    return ret;
+}
+
+/*
+ *  j a r _ g e n _ i n d e x
+ *
+ *  Generate an index for the various types of
+ *  known archive files. Right now .ZIP and .TAR
+ *
+ */
+static int
+jar_gen_index(JAR *jar, jarArch format, JAR_FILE fp)
+{
+    int result = JAR_ERR_CORRUPT;
+
+    JAR_FSEEK(fp, 0, (PRSeekWhence)0);
+    switch (format) {
+        case jarArchZip:
+            result = jar_listzip(jar, fp);
+            break;
+
+        case jarArchTar:
+            result = jar_listtar(jar, fp);
+            break;
+
+        case jarArchGuess:
+        case jarArchNone:
+            return JAR_ERR_GENERAL;
+    }
+    JAR_FSEEK(fp, 0, (PRSeekWhence)0);
+    return result;
+}
+
+/*
+ *  j a r _ l i s t z i p
+ *
+ *  List the physical contents of a Phil Katz
+ *  style .ZIP file into the JAR linked list.
+ *
+ */
+static int
+jar_listzip(JAR *jar, JAR_FILE fp)
+{
+    ZZLink *ent;
+    JAR_Item *it = NULL;
+    JAR_Physical *phy = NULL;
+    struct ZipLocal *Local = PORT_ZNew(struct ZipLocal);
+    struct ZipCentral *Central = PORT_ZNew(struct ZipCentral);
+    struct ZipEnd *End = PORT_ZNew(struct ZipEnd);
+
+    int err = 0;
+    long pos = 0L;
+    unsigned int compression;
+    unsigned int filename_len, extra_len;
+
+    char filename[JAR_SIZE];
+    char date[9], time[9];
+    char sig[4];
+
+    if (!Local || !Central || !End) {
+        /* out of memory */
+        err = JAR_ERR_MEMORY;
+        goto loser;
+    }
+
+    while (1) {
+        PRUint32 sigVal;
+        JAR_FSEEK(fp, pos, (PRSeekWhence)0);
+
+        if (JAR_FREAD(fp, sig, sizeof sig) != sizeof sig) {
+            /* zip file ends prematurely */
+            err = JAR_ERR_CORRUPT;
+            goto loser;
+        }
+
+        JAR_FSEEK(fp, pos, (PRSeekWhence)0);
+        sigVal = x86LongToUint32(sig);
+        if (sigVal == LSIG) {
+            JAR_FREAD(fp, Local, sizeof *Local);
+
+            filename_len = x86ShortToUint32(Local->filename_len);
+            extra_len = x86ShortToUint32(Local->extrafield_len);
+            if (filename_len >= JAR_SIZE) {
+                /* corrupt zip file */
+                err = JAR_ERR_CORRUPT;
+                goto loser;
+            }
+
+            if (JAR_FREAD(fp, filename, filename_len) != filename_len) {
+                /* truncated archive file */
+                err = JAR_ERR_CORRUPT;
+                goto loser;
+            }
+            filename[filename_len] = 0;
+            /* Add this to our jar chain */
+            phy = PORT_ZNew(JAR_Physical);
+            if (phy == NULL) {
+                err = JAR_ERR_MEMORY;
+                goto loser;
+            }
+
+            /* We will index any file that comes our way, but when it comes
+               to actually extraction, compression must be 0 or 8 */
+            compression = x86ShortToUint32(Local->method);
+            phy->compression = (compression <= 255) ? compression : 222;
+            /* XXX 222 is bad magic. */
+
+            phy->offset = pos + (sizeof *Local) + filename_len + extra_len;
+            phy->length = x86LongToUint32(Local->size);
+            phy->uncompressed_length = x86LongToUint32(Local->orglen);
+
+            dosdate(date, Local->date);
+            dostime(time, Local->time);
+
+            it = PORT_ZNew(JAR_Item);
+            if (it == NULL) {
+                err = JAR_ERR_MEMORY;
+                goto loser;
+            }
+
+            it->pathname = PORT_Strdup(filename);
+            it->type = jarTypePhy;
+            it->data = (unsigned char *)phy;
+            it->size = sizeof(JAR_Physical);
+
+            ent = ZZ_NewLink(it);
+            if (ent == NULL) {
+                err = JAR_ERR_MEMORY;
+                goto loser;
+            }
+
+            ZZ_AppendLink(jar->phy, ent);
+            pos = phy->offset + phy->length;
+        } else if (sigVal == CSIG) {
+            unsigned int attr = 0;
+            if (JAR_FREAD(fp, Central, sizeof *Central) != sizeof *Central) {
+                /* apparently truncated archive */
+                err = JAR_ERR_CORRUPT;
+                goto loser;
+            }
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+            /* with unix we need to locate any bits from
+               the protection mask in the external attributes. */
+            attr = Central->external_attributes[2]; /* magic */
+            if (attr) {
+                /* we have to read the filename, again */
+                filename_len = x86ShortToUint32(Central->filename_len);
+                if (filename_len >= JAR_SIZE) {
+                    /* corrupt in central directory */
+                    err = JAR_ERR_CORRUPT;
+                    goto loser;
+                }
+
+                if (JAR_FREAD(fp, filename, filename_len) != filename_len) {
+                    /* truncated in central directory */
+                    err = JAR_ERR_CORRUPT;
+                    goto loser;
+                }
+                filename[filename_len] = 0;
+
+                /* look up this name again */
+                phy = jar_get_physical(jar, filename);
+                if (phy) {
+                    /* always allow access by self */
+                    phy->mode = 0400 | attr;
+                }
+            }
+#endif
+            pos += sizeof(struct ZipCentral) +
+                   x86ShortToUint32(Central->filename_len) +
+                   x86ShortToUint32(Central->commentfield_len) +
+                   x86ShortToUint32(Central->extrafield_len);
+        } else if (sigVal == ESIG) {
+            if (JAR_FREAD(fp, End, sizeof *End) != sizeof *End) {
+                err = JAR_ERR_CORRUPT;
+                goto loser;
+            }
+            break;
+        } else {
+            /* garbage in archive */
+            err = JAR_ERR_CORRUPT;
+            goto loser;
+        }
+    }
+
+loser:
+    if (Local)
+        PORT_Free(Local);
+    if (phy && it == NULL)
+        PORT_Free(phy);
+    if (Central)
+        PORT_Free(Central);
+    if (End)
+        PORT_Free(End);
+    return err;
+}
+
+/*
+ *  j a r _ l i s t t a r
+ *
+ *  List the physical contents of a Unix
+ *  .tar file into the JAR linked list.
+ *
+ */
+static int
+jar_listtar(JAR *jar, JAR_FILE fp)
+{
+    char *s;
+    JAR_Physical *phy;
+    long pos = 0L;
+    long sz;
+    union TarEntry tarball;
+
+    while (1) {
+        JAR_FSEEK(fp, pos, (PRSeekWhence)0);
+
+        if (JAR_FREAD(fp, &tarball, sizeof tarball) < sizeof tarball)
+            break;
+
+        if (!*tarball.val.filename)
+            break;
+
+        sz = octalToLong(tarball.val.size);
+
+        /* Tag the end of filename */
+        s = tarball.val.filename;
+        while (*s && *s != ' ')
+            s++;
+        *s = 0;
+
+        /* Add to our linked list */
+        phy = PORT_ZNew(JAR_Physical);
+        if (phy == NULL)
+            return JAR_ERR_MEMORY;
+
+        phy->compression = 0;
+        phy->offset = pos + sizeof tarball;
+        phy->length = sz;
+
+        ADDITEM(jar->phy, jarTypePhy, tarball.val.filename, phy,
+                sizeof *phy);
+
+        /* Advance to next file entry */
+        sz = PR_ROUNDUP(sz, sizeof tarball);
+        pos += sz + sizeof tarball;
+    }
+
+    return 0;
+}
+
+/*
+ *  d o s d a t e
+ *
+ *  Not used right now, but keep it in here because
+ *  it will be needed.
+ *
+ */
+static int
+dosdate(char *date, const char *s)
+{
+    PRUint32 num = x86ShortToUint32(s);
+
+    PR_snprintf(date, 9, "%02d-%02d-%02d", ((num >> 5) & 0x0F), (num & 0x1F),
+                ((num >> 9) + 80));
+    return 0;
+}
+
+/*
+ *  d o s t i m e
+ *
+ *  Not used right now, but keep it in here because
+ *  it will be needed.
+ *
+ */
+static int
+dostime(char *time, const char *s)
+{
+    PRUint32 num = x86ShortToUint32(s);
+
+    PR_snprintf(time, 6, "%02d:%02d", ((num >> 11) & 0x1F),
+                ((num >> 5) & 0x3F));
+    return 0;
+}
+
+#ifndef NSS_X86_OR_X64
+/*
+ *  Simulates an x86 (little endian, unaligned) ushort fetch from any address.
+ */
+static PRUint32
+x86ShortToUint32(const void *v)
+{
+    const unsigned char *ii = (const unsigned char *)v;
+    PRUint32 ret = (PRUint32)(ii[0]) | ((PRUint32)(ii[1]) << 8);
+    return ret;
+}
+
+/*
+ *  Simulates an x86 (little endian, unaligned) uint fetch from any address.
+ */
+static PRUint32
+x86LongToUint32(const void *v)
+{
+    const unsigned char *ll = (const unsigned char *)v;
+    PRUint32 ret;
+
+    ret = ((((PRUint32)(ll[0])) << 0) |
+           (((PRUint32)(ll[1])) << 8) |
+           (((PRUint32)(ll[2])) << 16) |
+           (((PRUint32)(ll[3])) << 24));
+    return ret;
+}
+#endif
+
+/*
+ *  ASCII octal to binary long.
+ *  Used for integer encoding inside tar files.
+ *
+ */
+static long
+octalToLong(const char *s)
+{
+    long num = 0L;
+
+    while (*s == ' ')
+        s++;
+    while (*s >= '0' && *s <= '7') {
+        num <<= 3;
+        num += *s++ - '0';
+    }
+    return num;
+}
+
+/*
+ *  g u e s s _ j a r
+ *
+ *  Try to guess what kind of JAR file this is.
+ *  Maybe tar, maybe zip. Look in the file for magic
+ *  or at its filename.
+ *
+ */
+static int
+jar_guess_jar(const char *filename, JAR_FILE fp)
+{
+    PRInt32 len = PORT_Strlen(filename);
+    const char *ext = filename + len - 4; /* 4 for ".tar" */
+
+    if (len >= 4 && !PL_strcasecmp(ext, ".tar"))
+        return jarArchTar;
+    return jarArchZip;
+}
diff --git a/nss/lib/jar/jarfile.h b/nss/lib/jar/jarfile.h
new file mode 100644
index 0000000..52d4f1f
--- /dev/null
+++ b/nss/lib/jar/jarfile.h
@@ -0,0 +1,76 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  JARFILE.H
+ *
+ *  Certain constants and structures for the archive format.
+ *
+ */
+
+/* ZIP */
+struct ZipLocal { /* 30 bytes */
+    char signature[4];
+    char word[2];
+    char bitflag[2];
+    char method[2];
+    char time[2];
+    char date[2];
+    char crc32[4];
+    char size[4];
+    char orglen[4];
+    char filename_len[2];
+    char extrafield_len[2];
+};
+
+struct ZipCentral { /* 46 bytes */
+    char signature[4];
+    char version_made_by[2];
+    char version[2];
+    char bitflag[2];
+    char method[2];
+    char time[2];
+    char date[2];
+    char crc32[4];
+    char size[4];
+    char orglen[4];
+    char filename_len[2];
+    char extrafield_len[2];
+    char commentfield_len[2];
+    char diskstart_number[2];
+    char internal_attributes[2];
+    char external_attributes[4];
+    char localhdr_offset[4];
+};
+
+struct ZipEnd { /* 22 bytes */
+    char signature[4];
+    char disk_nr[2];
+    char start_central_dir[2];
+    char total_entries_disk[2];
+    char total_entries_archive[2];
+    char central_dir_size[4];
+    char offset_central_dir[4];
+    char commentfield_len[2];
+};
+
+#define LSIG 0x04034B50l
+#define CSIG 0x02014B50l
+#define ESIG 0x06054B50l
+
+/* TAR */
+union TarEntry {    /* 512 bytes */
+    struct header { /* 257 bytes */
+        char filename[100];
+        char mode[8];
+        char uid[8];
+        char gid[8];
+        char size[12];
+        char time[12];
+        char checksum[8];
+        char linkflag;
+        char linkname[100];
+    } val;
+    char buffer[512];
+};
diff --git a/nss/lib/jar/jarint.c b/nss/lib/jar/jarint.c
new file mode 100644
index 0000000..b0ef7fb
--- /dev/null
+++ b/nss/lib/jar/jarint.c
@@ -0,0 +1,52 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Internal libjar routines.
+ */
+
+#include "jar.h"
+#include "jarint.h"
+
+/*-----------------------------------------------------------------------
+ * JAR_FOPEN_to_PR_Open
+ * Translate JAR_FOPEN arguments to PR_Open arguments
+ */
+PRFileDesc*
+JAR_FOPEN_to_PR_Open(const char* name, const char* mode)
+{
+
+    PRIntn prflags = 0, prmode = 0;
+
+    /* Get read/write flags */
+    if (strchr(mode, 'r') && !strchr(mode, '+')) {
+        prflags |= PR_RDONLY;
+    } else if ((strchr(mode, 'w') || strchr(mode, 'a')) &&
+               !strchr(mode, '+')) {
+        prflags |= PR_WRONLY;
+    } else {
+        prflags |= PR_RDWR;
+    }
+
+    /* Create a new file? */
+    if (strchr(mode, 'w') || strchr(mode, 'a')) {
+        prflags |= PR_CREATE_FILE;
+    }
+
+    /* Append? */
+    if (strchr(mode, 'a')) {
+        prflags |= PR_APPEND;
+    }
+
+    /* Truncate? */
+    if (strchr(mode, 'w')) {
+        prflags |= PR_TRUNCATE;
+    }
+
+    /* We can't do umask because it isn't XP.  Choose some default
+	   mode for created files */
+    prmode = 0755;
+
+    return PR_Open(name, prflags, prmode);
+}
diff --git a/nss/lib/jar/jarint.h b/nss/lib/jar/jarint.h
new file mode 100644
index 0000000..21aecef
--- /dev/null
+++ b/nss/lib/jar/jarint.h
@@ -0,0 +1,54 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* JAR internal routines */
+
+#include "nspr.h"
+#include "key.h"
+#include "base64.h"
+
+extern CERTCertDBHandle *JAR_open_database(void);
+
+extern int JAR_close_database(CERTCertDBHandle *certdb);
+
+extern int jar_close_key_database(void *keydb);
+
+extern void *jar_open_key_database(void);
+
+extern JAR_Signer *JAR_new_signer(void);
+
+extern void JAR_destroy_signer(JAR_Signer *signer);
+
+extern JAR_Signer *jar_get_signer(JAR *jar, char *basename);
+
+extern int
+jar_append(ZZList *list, int type, char *pathname, void *data, size_t size);
+
+/* Translate fopen mode arg to PR_Open flags and mode */
+PRFileDesc *
+JAR_FOPEN_to_PR_Open(const char *name, const char *mode);
+
+#define ADDITEM(list, type, pathname, data, size)               \
+    {                                                           \
+        int err = jar_append(list, type, pathname, data, size); \
+        if (err < 0)                                            \
+            return err;                                         \
+    }
+
+/* Here is some ugliness in the event it is necessary to link
+   with NSPR 1.0 libraries, which do not include an FSEEK. It is
+   difficult to fudge an FSEEK into 1.0 so we use stdio. */
+
+/* nspr 2.0 suite */
+#define JAR_FILE PRFileDesc *
+#define JAR_FOPEN(fn, mode) JAR_FOPEN_to_PR_Open(fn, mode)
+#define JAR_FCLOSE PR_Close
+#define JAR_FSEEK PR_Seek
+#define JAR_FREAD PR_Read
+#define JAR_FWRITE PR_Write
+
+int
+jar_create_pk7(CERTCertDBHandle *certdb, void *keydb,
+               CERTCertificate *cert, char *password, JAR_FILE infp,
+               JAR_FILE outfp);
diff --git a/nss/lib/jar/jarnav.c b/nss/lib/jar/jarnav.c
new file mode 100644
index 0000000..8b72a52
--- /dev/null
+++ b/nss/lib/jar/jarnav.c
@@ -0,0 +1,63 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  JARNAV.C
+ *
+ *  JAR stuff needed for client only.
+ *
+ */
+
+#include "jar.h"
+#include "jarint.h"
+
+/* from proto.h */
+extern MWContext *FE_GetInitContext(void);
+
+/* To return an MWContext for Java */
+static MWContext *(*jar_fn_FindSomeContext)(void) = NULL;
+
+/* To fabricate an MWContext for FE_GetPassword */
+static MWContext *(*jar_fn_GetInitContext)(void) = NULL;
+
+/*
+ *  J A R _ i n i t
+ *
+ *  Initialize the JAR functions.
+ *
+ */
+
+void
+JAR_init(void)
+{
+    JAR_init_callbacks(XP_GetString, NULL, NULL);
+}
+
+/*
+ *  J A R _ s e t _ c o n t e x t
+ *
+ *  Set the jar window context for use by PKCS11, since
+ *  it may be needed to prompt the user for a password.
+ *
+ */
+int
+JAR_set_context(JAR *jar, MWContext *mw)
+{
+    if (mw) {
+        jar->mw = mw;
+    } else {
+        /* jar->mw = XP_FindSomeContext(); */
+        jar->mw = NULL;
+        /*
+         * We can't find a context because we're in startup state and none
+         * exist yet. go get an FE_InitContext that only works at
+         * initialization time.
+         */
+        /* Turn on the mac when we get the FE_ function */
+        if (jar->mw == NULL) {
+            jar->mw = jar_fn_GetInitContext();
+        }
+    }
+    return 0;
+}
diff --git a/nss/lib/jar/jarsign.c b/nss/lib/jar/jarsign.c
new file mode 100644
index 0000000..601a7fd
--- /dev/null
+++ b/nss/lib/jar/jarsign.c
@@ -0,0 +1,250 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  JARSIGN
+ *
+ *  Routines used in signing archives.
+ */
+
+#include "jar.h"
+#include "jarint.h"
+#include "secpkcs7.h"
+#include "pk11func.h"
+#include "sechash.h"
+
+/* from libevent.h */
+typedef void (*ETVoidPtrFunc)(void *data);
+
+/* key database wrapper */
+/* static SECKEYKeyDBHandle *jar_open_key_database (void); */
+/* CHUNQ is our bite size */
+
+#define CHUNQ 64000
+#define FILECHUNQ 32768
+
+/*
+ *  J A R _ c a l c u l a t e _ d i g e s t
+ *
+ *  Quick calculation of a digest for
+ *  the specified block of memory. Will calculate
+ *  for all supported algorithms, now MD5.
+ *
+ *  This version supports huge pointers for WIN16.
+ *
+ */
+JAR_Digest *PR_CALLBACK
+JAR_calculate_digest(void *data, long length)
+{
+    PK11Context *md5 = 0;
+    PK11Context *sha1 = 0;
+    JAR_Digest *dig = PORT_ZNew(JAR_Digest);
+    long chunq;
+    unsigned int md5_length, sha1_length;
+
+    if (dig == NULL) {
+        /* out of memory allocating digest */
+        return NULL;
+    }
+
+    md5 = PK11_CreateDigestContext(SEC_OID_MD5);
+    if (md5 == NULL) {
+        PORT_ZFree(dig, sizeof(JAR_Digest));
+        return NULL;
+    }
+    sha1 = PK11_CreateDigestContext(SEC_OID_SHA1);
+    if (sha1 == NULL) {
+        PK11_DestroyContext(md5, PR_TRUE);
+        /* added due to bug Bug 1250214 - prevent the 2nd memory leak */
+        PORT_ZFree(dig, sizeof(JAR_Digest));
+        return NULL;
+    }
+
+    if (length >= 0) {
+        PK11_DigestBegin(md5);
+        PK11_DigestBegin(sha1);
+
+        do {
+            chunq = length;
+
+            PK11_DigestOp(md5, (unsigned char *)data, chunq);
+            PK11_DigestOp(sha1, (unsigned char *)data, chunq);
+            length -= chunq;
+            data = ((char *)data + chunq);
+        } while (length > 0);
+
+        PK11_DigestFinal(md5, dig->md5, &md5_length, MD5_LENGTH);
+        PK11_DigestFinal(sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
+
+        PK11_DestroyContext(md5, PR_TRUE);
+        PK11_DestroyContext(sha1, PR_TRUE);
+    }
+    return dig;
+}
+
+/*
+ *  J A R _ d i g e s t _ f i l e
+ *
+ *  Calculates the MD5 and SHA1 digests for a file
+ *  present on disk, and returns these in JAR_Digest struct.
+ *
+ */
+int
+JAR_digest_file(char *filename, JAR_Digest *dig)
+{
+    JAR_FILE fp;
+    PK11Context *md5 = 0;
+    PK11Context *sha1 = 0;
+    unsigned char *buf = (unsigned char *)PORT_ZAlloc(FILECHUNQ);
+    int num;
+    unsigned int md5_length, sha1_length;
+
+    if (buf == NULL) {
+        /* out of memory */
+        return JAR_ERR_MEMORY;
+    }
+
+    if ((fp = JAR_FOPEN(filename, "rb")) == 0) {
+        /* perror (filename); FIX XXX XXX XXX XXX XXX XXX */
+        PORT_Free(buf);
+        return JAR_ERR_FNF;
+    }
+
+    md5 = PK11_CreateDigestContext(SEC_OID_MD5);
+    sha1 = PK11_CreateDigestContext(SEC_OID_SHA1);
+
+    if (md5 == NULL || sha1 == NULL) {
+        if (md5) {
+            PK11_DestroyContext(md5, PR_TRUE);
+        }
+        if (sha1) {
+            PK11_DestroyContext(sha1, PR_TRUE);
+        }
+        /* can't generate digest contexts */
+        PORT_Free(buf);
+        JAR_FCLOSE(fp);
+        return JAR_ERR_GENERAL;
+    }
+
+    PK11_DigestBegin(md5);
+    PK11_DigestBegin(sha1);
+
+    while (1) {
+        if ((num = JAR_FREAD(fp, buf, FILECHUNQ)) == 0)
+            break;
+
+        PK11_DigestOp(md5, buf, num);
+        PK11_DigestOp(sha1, buf, num);
+    }
+
+    PK11_DigestFinal(md5, dig->md5, &md5_length, MD5_LENGTH);
+    PK11_DigestFinal(sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
+
+    PK11_DestroyContext(md5, PR_TRUE);
+    PK11_DestroyContext(sha1, PR_TRUE);
+
+    PORT_Free(buf);
+    JAR_FCLOSE(fp);
+
+    return 0;
+}
+
+/*
+ *  J A R _ o p e n _ k e y _ d a t a b a s e
+ *
+ */
+
+void *
+jar_open_key_database(void)
+{
+    return NULL;
+}
+
+int
+jar_close_key_database(void *keydb)
+{
+    /* We never do close it */
+    return 0;
+}
+
+/*
+ *  j a r _ c r e a t e _ p k 7
+ *
+ */
+
+static void
+jar_pk7_out(void *arg, const char *buf, unsigned long len)
+{
+    JAR_FWRITE((JAR_FILE)arg, buf, len);
+}
+
+int
+jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert,
+               char *password, JAR_FILE infp, JAR_FILE outfp)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    const SECHashObject *hashObj;
+    void *mw = NULL;
+    void *hashcx;
+    unsigned int len;
+    int status = 0;
+    SECStatus rv;
+    SECItem digest;
+    unsigned char digestdata[32];
+    unsigned char buffer[4096];
+
+    if (outfp == NULL || infp == NULL || cert == NULL)
+        return JAR_ERR_GENERAL;
+
+    /* we sign with SHA */
+    hashObj = HASH_GetHashObject(HASH_AlgSHA1);
+
+    hashcx = (*hashObj->create)();
+    if (hashcx == NULL)
+        return JAR_ERR_GENERAL;
+
+    (*hashObj->begin)(hashcx);
+    while (1) {
+        int nb = JAR_FREAD(infp, buffer, sizeof buffer);
+        if (nb == 0) { /* eof */
+            break;
+        }
+        (*hashObj->update)(hashcx, buffer, nb);
+    }
+    (*hashObj->end)(hashcx, digestdata, &len, 32);
+    (*hashObj->destroy)(hashcx, PR_TRUE);
+
+    digest.data = digestdata;
+    digest.len = len;
+
+    /* signtool must use any old context it can find since it's
+       calling from inside javaland. */
+    PORT_SetError(0);
+    cinfo = SEC_PKCS7CreateSignedData(cert, certUsageObjectSigner, NULL,
+                                      SEC_OID_SHA1, &digest, NULL, mw);
+    if (cinfo == NULL)
+        return JAR_ERR_PK7;
+
+    rv = SEC_PKCS7IncludeCertChain(cinfo, NULL);
+    if (rv != SECSuccess) {
+        status = PORT_GetError();
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return status;
+    }
+
+    /* Having this here forces signtool to always include signing time. */
+    rv = SEC_PKCS7AddSigningTime(cinfo);
+    /* don't check error */
+    PORT_SetError(0);
+
+    /* if calling from mozilla thread*/
+    rv = SEC_PKCS7Encode(cinfo, jar_pk7_out, outfp, NULL, NULL, mw);
+    if (rv != SECSuccess)
+        status = PORT_GetError();
+    SEC_PKCS7DestroyContentInfo(cinfo);
+    if (rv != SECSuccess) {
+        return ((status < 0) ? status : JAR_ERR_GENERAL);
+    }
+    return 0;
+}
diff --git a/nss/lib/jar/jarver.c b/nss/lib/jar/jarver.c
new file mode 100644
index 0000000..38d73c2
--- /dev/null
+++ b/nss/lib/jar/jarver.c
@@ -0,0 +1,1167 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  JARVER
+ *
+ *  Jarnature Parsing & Verification
+ */
+
+#include "nssrenam.h"
+#include "jar.h"
+#include "jarint.h"
+#include "certdb.h"
+#include "certt.h"
+#include "secpkcs7.h"
+#include "secder.h"
+
+#define SZ 512
+
+static int
+jar_validate_pkcs7(JAR *jar, JAR_Signer *signer, char *data, long length);
+
+static void
+jar_catch_bytes(void *arg, const char *buf, unsigned long len);
+
+static int
+jar_gather_signers(JAR *jar, JAR_Signer *signer, SEC_PKCS7ContentInfo *cinfo);
+
+static char *
+jar_eat_line(int lines, int eating, char *data, long *len);
+
+static JAR_Digest *
+jar_digest_section(char *manifest, long length);
+
+static JAR_Digest *jar_get_mf_digest(JAR *jar, char *path);
+
+static int
+jar_parse_digital_signature(char *raw_manifest, JAR_Signer *signer,
+                            long length, JAR *jar);
+
+static int
+jar_add_cert(JAR *jar, JAR_Signer *signer, int type, CERTCertificate *cert);
+
+static char *jar_basename(const char *path);
+
+static int
+jar_signal(int status, JAR *jar, const char *metafile, char *pathname);
+
+#ifdef DEBUG
+static int jar_insanity_check(char *data, long length);
+#endif
+
+int
+jar_parse_mf(JAR *jar, char *raw_manifest, long length,
+             const char *path, const char *url);
+
+int
+jar_parse_sf(JAR *jar, char *raw_manifest, long length,
+             const char *path, const char *url);
+
+int
+jar_parse_sig(JAR *jar, const char *path, char *raw_manifest,
+              long length);
+
+int
+jar_parse_any(JAR *jar, int type, JAR_Signer *signer,
+              char *raw_manifest, long length, const char *path,
+              const char *url);
+
+static int
+jar_internal_digest(JAR *jar, const char *path, char *x_name, JAR_Digest *dig);
+
+/*
+ *  J A R _ p a r s e _ m a n i f e s t
+ *
+ *  Pass manifest files to this function. They are
+ *  decoded and placed into internal representations.
+ *
+ *  Accepts both signature and manifest files. Use
+ *  the same "jar" for both.
+ *
+ */
+int
+JAR_parse_manifest(JAR *jar, char *raw_manifest, long length,
+                   const char *path, const char *url)
+{
+    int filename_free = 0;
+
+    /* fill in the path, if supplied. This is the location
+       of the jar file on disk, if known */
+
+    if (jar->filename == NULL && path) {
+        jar->filename = PORT_Strdup(path);
+        if (jar->filename == NULL)
+            return JAR_ERR_MEMORY;
+        filename_free = 1;
+    }
+
+    /* fill in the URL, if supplied. This is the place
+       from which the jar file was retrieved. */
+
+    if (jar->url == NULL && url) {
+        jar->url = PORT_Strdup(url);
+        if (jar->url == NULL) {
+            if (filename_free) {
+                PORT_Free(jar->filename);
+            }
+            return JAR_ERR_MEMORY;
+        }
+    }
+
+    /* Determine what kind of file this is from the META-INF
+       directory. It could be MF, SF, or a binary RSA/DSA file */
+
+    if (!PORT_Strncasecmp(raw_manifest, "Manifest-Version:", 17)) {
+        return jar_parse_mf(jar, raw_manifest, length, path, url);
+    } else if (!PORT_Strncasecmp(raw_manifest, "Signature-Version:", 18)) {
+        return jar_parse_sf(jar, raw_manifest, length, path, url);
+    } else {
+        /* This is probably a binary signature */
+        return jar_parse_sig(jar, path, raw_manifest, length);
+    }
+}
+
+/*
+ *  j a r _ p a r s e _ s i g
+ *
+ *  Pass some manner of RSA or DSA digital signature
+ *  on, after checking to see if it comes at an appropriate state.
+ *
+ */
+int
+jar_parse_sig(JAR *jar, const char *path, char *raw_manifest,
+              long length)
+{
+    JAR_Signer *signer;
+    int status = JAR_ERR_ORDER;
+
+    if (length <= 128) {
+        /* signature is way too small */
+        return JAR_ERR_SIG;
+    }
+
+    /* make sure that MF and SF have already been processed */
+
+    if (jar->globalmeta == NULL)
+        return JAR_ERR_ORDER;
+
+    /* Determine whether or not this RSA file has
+       has an associated SF file */
+
+    if (path) {
+        char *owner;
+        owner = jar_basename(path);
+
+        if (owner == NULL)
+            return JAR_ERR_MEMORY;
+
+        signer = jar_get_signer(jar, owner);
+        PORT_Free(owner);
+    } else
+        signer = jar_get_signer(jar, "*");
+
+    if (signer == NULL)
+        return JAR_ERR_ORDER;
+
+    /* Do not pass a huge pointer to this function,
+       since the underlying security code is unaware. We will
+       never pass >64k through here. */
+
+    if (length > 64000) {
+        /* this digital signature is way too big */
+        return JAR_ERR_SIG;
+    }
+
+    /* don't expense unneeded calloc overhead on non-win16 */
+    status = jar_parse_digital_signature(raw_manifest, signer, length, jar);
+
+    return status;
+}
+
+/*
+ *  j a r _ p a r s e _ m f
+ *
+ *  Parse the META-INF/manifest.mf file, whose
+ *  information applies to all signers.
+ *
+ */
+int
+jar_parse_mf(JAR *jar, char *raw_manifest, long length,
+             const char *path, const char *url)
+{
+    if (jar->globalmeta) {
+        /* refuse a second manifest file, if passed for some reason */
+        return JAR_ERR_ORDER;
+    }
+
+    /* remember a digest for the global section */
+    jar->globalmeta = jar_digest_section(raw_manifest, length);
+    if (jar->globalmeta == NULL)
+        return JAR_ERR_MEMORY;
+    return jar_parse_any(jar, jarTypeMF, NULL, raw_manifest, length,
+                         path, url);
+}
+
+/*
+ *  j a r _ p a r s e _ s f
+ *
+ *  Parse META-INF/xxx.sf, a digitally signed file
+ *  pointing to a subset of MF sections.
+ *
+ */
+int
+jar_parse_sf(JAR *jar, char *raw_manifest, long length,
+             const char *path, const char *url)
+{
+    JAR_Signer *signer = NULL;
+    int status = JAR_ERR_MEMORY;
+
+    if (jar->globalmeta == NULL) {
+        /* It is a requirement that the MF file be passed before the SF file */
+        return JAR_ERR_ORDER;
+    }
+
+    signer = JAR_new_signer();
+    if (signer == NULL)
+        goto loser;
+
+    if (path) {
+        signer->owner = jar_basename(path);
+        if (signer->owner == NULL)
+            goto loser;
+    }
+
+    /* check for priors. When someone doctors a jar file
+       to contain identical path entries, prevent the second
+       one from affecting JAR functions */
+    if (jar_get_signer(jar, signer->owner)) {
+        /* someone is trying to spoof us */
+        status = JAR_ERR_ORDER;
+        goto loser;
+    }
+
+    /* remember its digest */
+    signer->digest = JAR_calculate_digest(raw_manifest, length);
+    if (signer->digest == NULL)
+        goto loser;
+
+    /* Add this signer to the jar */
+    ADDITEM(jar->signers, jarTypeOwner, signer->owner, signer,
+            sizeof(JAR_Signer));
+
+    return jar_parse_any(jar, jarTypeSF, signer, raw_manifest, length,
+                         path, url);
+
+loser:
+    if (signer)
+        JAR_destroy_signer(signer);
+    return status;
+}
+
+/*
+ *  j a r _ p a r s e _ a n y
+ *
+ *  Parse a MF or SF manifest file.
+ *
+ */
+int
+jar_parse_any(JAR *jar, int type, JAR_Signer *signer,
+              char *raw_manifest, long length, const char *path,
+              const char *url)
+{
+    int status;
+    long raw_len;
+    JAR_Digest *dig, *mfdig = NULL;
+    char line[SZ];
+    char x_name[SZ], x_md5[SZ], x_sha[SZ];
+    char *x_info;
+    char *sf_md5 = NULL, *sf_sha1 = NULL;
+
+    *x_name = 0;
+    *x_md5 = 0;
+    *x_sha = 0;
+
+    PORT_Assert(length > 0);
+    raw_len = length;
+
+#ifdef DEBUG
+    if ((status = jar_insanity_check(raw_manifest, raw_len)) < 0)
+        return status;
+#endif
+
+    /* null terminate the first line */
+    raw_manifest = jar_eat_line(0, PR_TRUE, raw_manifest, &raw_len);
+
+    /* skip over the preliminary section */
+    /* This is one section at the top of the file with global metainfo */
+    while (raw_len > 0) {
+        JAR_Metainfo *met;
+
+        raw_manifest = jar_eat_line(1, PR_TRUE, raw_manifest, &raw_len);
+        if (raw_len <= 0 || !*raw_manifest)
+            break;
+
+        met = PORT_ZNew(JAR_Metainfo);
+        if (met == NULL)
+            return JAR_ERR_MEMORY;
+
+        /* Parse out the header & info */
+        if (PORT_Strlen(raw_manifest) >= SZ) {
+            /* almost certainly nonsense */
+            PORT_Free(met);
+            continue;
+        }
+
+        PORT_Strcpy(line, raw_manifest);
+        x_info = line;
+
+        while (*x_info && *x_info != ' ' && *x_info != '\t' && *x_info != ':')
+            x_info++;
+
+        if (*x_info)
+            *x_info++ = 0;
+
+        while (*x_info == ' ' || *x_info == '\t')
+            x_info++;
+
+        /* metainfo (name, value) pair is now (line, x_info) */
+        met->header = PORT_Strdup(line);
+        met->info = PORT_Strdup(x_info);
+
+        if (type == jarTypeMF) {
+            ADDITEM(jar->metainfo, jarTypeMeta,
+                    /* pathname */ NULL, met, sizeof(JAR_Metainfo));
+        }
+
+        /* For SF files, this metadata may be the digests
+           of the MF file, still in the "met" structure. */
+
+        if (type == jarTypeSF) {
+            if (!PORT_Strcasecmp(line, "MD5-Digest")) {
+                sf_md5 = (char *)met->info;
+            } else if (!PORT_Strcasecmp(line, "SHA1-Digest") ||
+                       !PORT_Strcasecmp(line, "SHA-Digest")) {
+                sf_sha1 = (char *)met->info;
+            } else {
+                PORT_Free(met->info);
+                met->info = NULL;
+            }
+        }
+
+        if (type != jarTypeMF) {
+            PORT_Free(met->header);
+            if ((type != jarTypeSF || !jar->globalmeta) && met->info) {
+                PORT_Free(met->info);
+            }
+            PORT_Free(met);
+        }
+    }
+
+    if (type == jarTypeSF && jar->globalmeta) {
+        /* this is a SF file which may contain a digest of the manifest.mf's
+           global metainfo. */
+
+        int match = 0;
+        JAR_Digest *glob = jar->globalmeta;
+
+        if (sf_md5) {
+            unsigned int md5_length;
+            unsigned char *md5_digest;
+
+            md5_digest = ATOB_AsciiToData(sf_md5, &md5_length);
+            PORT_Assert(md5_length == MD5_LENGTH);
+            PORT_Free(sf_md5);
+
+            if (md5_length != MD5_LENGTH)
+                return JAR_ERR_CORRUPT;
+
+            match = PORT_Memcmp(md5_digest, glob->md5, MD5_LENGTH);
+            PORT_Free(md5_digest);
+        }
+
+        if (sf_sha1 && match == 0) {
+            unsigned int sha1_length;
+            unsigned char *sha1_digest;
+
+            sha1_digest = ATOB_AsciiToData(sf_sha1, &sha1_length);
+            PORT_Assert(sha1_length == SHA1_LENGTH);
+            PORT_Free(sf_sha1);
+
+            if (sha1_length != SHA1_LENGTH)
+                return JAR_ERR_CORRUPT;
+
+            match = PORT_Memcmp(sha1_digest, glob->sha1, SHA1_LENGTH);
+            PORT_Free(sha1_digest);
+        }
+
+        if (match != 0) {
+            /* global digest doesn't match, SF file therefore invalid */
+            jar->valid = JAR_ERR_METADATA;
+            return JAR_ERR_METADATA;
+        }
+    }
+
+    /* done with top section of global data */
+    while (raw_len > 0) {
+        *x_md5 = 0;
+        *x_sha = 0;
+        *x_name = 0;
+
+        /* If this is a manifest file, attempt to get a digest of the following
+           section, without damaging it. This digest will be saved later. */
+
+        if (type == jarTypeMF) {
+            char *sec;
+            long sec_len = raw_len;
+
+            if (!*raw_manifest || *raw_manifest == '\n') {
+                /* skip the blank line */
+                sec = jar_eat_line(1, PR_FALSE, raw_manifest, &sec_len);
+            } else
+                sec = raw_manifest;
+
+            if (sec_len > 0 && !PORT_Strncasecmp(sec, "Name:", 5)) {
+                if (type == jarTypeMF)
+                    mfdig = jar_digest_section(sec, sec_len);
+                else
+                    mfdig = NULL;
+            }
+        }
+
+        while (raw_len > 0) {
+            raw_manifest = jar_eat_line(1, PR_TRUE, raw_manifest, &raw_len);
+            if (raw_len <= 0 || !*raw_manifest)
+                break; /* blank line, done with this entry */
+
+            if (PORT_Strlen(raw_manifest) >= SZ) {
+                /* almost certainly nonsense */
+                continue;
+            }
+
+            /* Parse out the name/value pair */
+            PORT_Strcpy(line, raw_manifest);
+            x_info = line;
+
+            while (*x_info && *x_info != ' ' && *x_info != '\t' &&
+                   *x_info != ':')
+                x_info++;
+
+            if (*x_info)
+                *x_info++ = 0;
+
+            while (*x_info == ' ' || *x_info == '\t')
+                x_info++;
+
+            if (!PORT_Strcasecmp(line, "Name"))
+                PORT_Strcpy(x_name, x_info);
+            else if (!PORT_Strcasecmp(line, "MD5-Digest"))
+                PORT_Strcpy(x_md5, x_info);
+            else if (!PORT_Strcasecmp(line, "SHA1-Digest") ||
+                     !PORT_Strcasecmp(line, "SHA-Digest"))
+                PORT_Strcpy(x_sha, x_info);
+
+            /* Algorithm list is meta info we don't care about; keeping it out
+               of metadata saves significant space for large jar files */
+            else if (!PORT_Strcasecmp(line, "Digest-Algorithms") ||
+                     !PORT_Strcasecmp(line, "Hash-Algorithms"))
+                continue;
+
+            /* Meta info is only collected for the manifest.mf file,
+               since the JAR_get_metainfo call does not support identity */
+            else if (type == jarTypeMF) {
+                JAR_Metainfo *met;
+
+                /* this is meta-data */
+                met = PORT_ZNew(JAR_Metainfo);
+                if (met == NULL)
+                    return JAR_ERR_MEMORY;
+
+                /* metainfo (name, value) pair is now (line, x_info) */
+                if ((met->header = PORT_Strdup(line)) == NULL) {
+                    PORT_Free(met);
+                    return JAR_ERR_MEMORY;
+                }
+
+                if ((met->info = PORT_Strdup(x_info)) == NULL) {
+                    PORT_Free(met->header);
+                    PORT_Free(met);
+                    return JAR_ERR_MEMORY;
+                }
+
+                ADDITEM(jar->metainfo, jarTypeMeta,
+                        x_name, met, sizeof(JAR_Metainfo));
+            }
+        }
+
+        if (!*x_name) {
+            /* Whatever that was, it wasn't an entry, because we didn't get a
+               name. We don't really have anything, so don't record this. */
+            continue;
+        }
+
+        dig = PORT_ZNew(JAR_Digest);
+        if (dig == NULL)
+            return JAR_ERR_MEMORY;
+
+        if (*x_md5) {
+            unsigned int binary_length;
+            unsigned char *binary_digest;
+
+            binary_digest = ATOB_AsciiToData(x_md5, &binary_length);
+            PORT_Assert(binary_length == MD5_LENGTH);
+            if (binary_length != MD5_LENGTH) {
+                PORT_Free(dig);
+                return JAR_ERR_CORRUPT;
+            }
+            memcpy(dig->md5, binary_digest, MD5_LENGTH);
+            dig->md5_status = jarHashPresent;
+            PORT_Free(binary_digest);
+        }
+
+        if (*x_sha) {
+            unsigned int binary_length;
+            unsigned char *binary_digest;
+
+            binary_digest = ATOB_AsciiToData(x_sha, &binary_length);
+            PORT_Assert(binary_length == SHA1_LENGTH);
+            if (binary_length != SHA1_LENGTH) {
+                PORT_Free(dig);
+                return JAR_ERR_CORRUPT;
+            }
+            memcpy(dig->sha1, binary_digest, SHA1_LENGTH);
+            dig->sha1_status = jarHashPresent;
+            PORT_Free(binary_digest);
+        }
+
+        PORT_Assert(type == jarTypeMF || type == jarTypeSF);
+        if (type == jarTypeMF) {
+            ADDITEM(jar->hashes, jarTypeMF, x_name, dig, sizeof(JAR_Digest));
+        } else if (type == jarTypeSF) {
+            ADDITEM(signer->sf, jarTypeSF, x_name, dig, sizeof(JAR_Digest));
+        } else {
+            PORT_Free(dig);
+            return JAR_ERR_ORDER;
+        }
+
+        /* we're placing these calculated digests of manifest.mf
+           sections in a list where they can subsequently be forgotten */
+        if (type == jarTypeMF && mfdig) {
+            ADDITEM(jar->manifest, jarTypeSect,
+                    x_name, mfdig, sizeof(JAR_Digest));
+            mfdig = NULL;
+        }
+
+        /* Retrieve our saved SHA1 digest from saved copy and check digests.
+           This is just comparing the digest of the MF section as indicated in
+           the SF file with the one we remembered from parsing the MF file */
+
+        if (type == jarTypeSF) {
+            if ((status = jar_internal_digest(jar, path, x_name, dig)) < 0)
+                return status;
+        }
+    }
+
+    return 0;
+}
+
+static int
+jar_internal_digest(JAR *jar, const char *path, char *x_name, JAR_Digest *dig)
+{
+    int cv;
+    int status;
+
+    JAR_Digest *savdig;
+
+    savdig = jar_get_mf_digest(jar, x_name);
+    if (savdig == NULL) {
+        /* no .mf digest for this pathname */
+        status = jar_signal(JAR_ERR_ENTRY, jar, path, x_name);
+        if (status < 0)
+            return 0; /* was continue; */
+        return status;
+    }
+
+    /* check for md5 consistency */
+    if (dig->md5_status) {
+        cv = PORT_Memcmp(savdig->md5, dig->md5, MD5_LENGTH);
+        /* md5 hash of .mf file is not what expected */
+        if (cv) {
+            status = jar_signal(JAR_ERR_HASH, jar, path, x_name);
+
+            /* bad hash, man */
+            dig->md5_status = jarHashBad;
+            savdig->md5_status = jarHashBad;
+
+            if (status < 0)
+                return 0; /* was continue; */
+            return status;
+        }
+    }
+
+    /* check for sha1 consistency */
+    if (dig->sha1_status) {
+        cv = PORT_Memcmp(savdig->sha1, dig->sha1, SHA1_LENGTH);
+        /* sha1 hash of .mf file is not what expected */
+        if (cv) {
+            status = jar_signal(JAR_ERR_HASH, jar, path, x_name);
+
+            /* bad hash, man */
+            dig->sha1_status = jarHashBad;
+            savdig->sha1_status = jarHashBad;
+
+            if (status < 0)
+                return 0; /* was continue; */
+            return status;
+        }
+    }
+    return 0;
+}
+
+#ifdef DEBUG
+/*
+ *  j a r _ i n s a n i t y _ c h e c k
+ *
+ *  Check for illegal characters (or possibly so)
+ *  in the manifest files, to detect potential memory
+ *  corruption by our neighbors. Debug only, since
+ *  not I18N safe.
+ *
+ */
+static int
+jar_insanity_check(char *data, long length)
+{
+    int c;
+    long off;
+
+    for (off = 0; off < length; off++) {
+        c = data[off];
+        if (c == '\n' || c == '\r' || (c >= ' ' && c <= 128))
+            continue;
+        return JAR_ERR_CORRUPT;
+    }
+    return 0;
+}
+#endif
+
+/*
+ *  j a r _ p a r s e _ d i g i t a l _ s i g n a t u r e
+ *
+ *  Parse an RSA or DSA (or perhaps other) digital signature.
+ *  Right now everything is PKCS7.
+ *
+ */
+static int
+jar_parse_digital_signature(char *raw_manifest, JAR_Signer *signer,
+                            long length, JAR *jar)
+{
+    return jar_validate_pkcs7(jar, signer, raw_manifest, length);
+}
+
+/*
+ *  j a r _ a d d _ c e r t
+ *
+ *  Add information for the given certificate
+ *  (or whatever) to the JAR linked list. A pointer
+ *  is passed for some relevant reference, say
+ *  for example the original certificate.
+ *
+ */
+static int
+jar_add_cert(JAR *jar, JAR_Signer *signer, int type, CERTCertificate *cert)
+{
+    JAR_Cert *fing;
+    unsigned char *keyData;
+
+    if (cert == NULL)
+        return JAR_ERR_ORDER;
+
+    fing = PORT_ZNew(JAR_Cert);
+    if (fing == NULL)
+        goto loser;
+
+    fing->cert = CERT_DupCertificate(cert);
+
+    /* get the certkey */
+    fing->length = cert->derIssuer.len + 2 + cert->serialNumber.len;
+    fing->key = keyData = (unsigned char *)PORT_ZAlloc(fing->length);
+    if (fing->key == NULL)
+        goto loser;
+    keyData[0] = ((cert->derIssuer.len) >> 8) & 0xff;
+    keyData[1] = ((cert->derIssuer.len) & 0xff);
+    PORT_Memcpy(&keyData[2], cert->derIssuer.data, cert->derIssuer.len);
+    PORT_Memcpy(&keyData[2 + cert->derIssuer.len], cert->serialNumber.data,
+                cert->serialNumber.len);
+
+    ADDITEM(signer->certs, type, NULL, fing, sizeof(JAR_Cert));
+    return 0;
+
+loser:
+    if (fing) {
+        if (fing->cert)
+            CERT_DestroyCertificate(fing->cert);
+        PORT_Free(fing);
+    }
+    return JAR_ERR_MEMORY;
+}
+
+/*
+ *  e a t _ l i n e
+ *
+ * Reads and/or modifies input buffer "data" of length "*len".
+ * This function does zero, one or two of the following tasks:
+ * 1) if "lines" is non-zero, it reads and discards that many lines from
+ *    the input.  NUL characters are treated as end-of-line characters,
+ *    not as end-of-input characters.  The input is NOT NUL terminated.
+ *    Note: presently, all callers pass either 0 or 1 for lines.
+ * 2) After skipping the specified number of input lines, if "eating" is
+ *    non-zero, it finds the end of the next line of input and replaces
+ *    the end of line character(s) with a NUL character.
+ *  This function modifies the input buffer, containing the file, in place.
+ *  This function handles PC, Mac, and Unix style text files.
+ *  On entry, *len contains the maximum number of characters that this
+ *  function should ever examine, starting with the character in *data.
+ *  On return, *len is reduced by the number of characters skipped by the
+ *  first task, if any;
+ *  If lines is zero and eating is false, this function returns
+ *  the value in the data argument, but otherwise does nothing.
+ */
+static char *
+jar_eat_line(int lines, int eating, char *data, long *len)
+{
+    char *start = data;
+    long maxLen = *len;
+
+    if (maxLen <= 0)
+        return start;
+
+#define GO_ON ((data - start) < maxLen)
+
+    /* Eat the requisite number of lines, if any;
+       prior to terminating the current line with a 0. */
+    for (/* yip */; lines > 0; lines--) {
+        while (GO_ON && *data && *data != '\r' && *data != '\n')
+            data++;
+
+        /* Eat any leading CR */
+        if (GO_ON && *data == '\r')
+            data++;
+
+        /* After the CR, ok to eat one LF */
+        if (GO_ON && *data == '\n')
+            data++;
+
+        /* If there are NULs, this function probably put them there */
+        while (GO_ON && !*data)
+            data++;
+    }
+    maxLen -= data - start; /* we have this many characters left. */
+    *len = maxLen;
+    start = data; /* now start again here.            */
+    if (maxLen > 0 && eating) {
+        /* Terminate this line with a 0 */
+        while (GO_ON && *data && *data != '\n' && *data != '\r')
+            data++;
+
+        /* If not past the end, we are allowed to eat one CR */
+        if (GO_ON && *data == '\r')
+            *data++ = 0;
+
+        /* After the CR (if any), if not past the end, ok to eat one LF */
+        if (GO_ON && *data == '\n')
+            *data++ = 0;
+    }
+    return start;
+}
+#undef GO_ON
+
+/*
+ *  j a r _ d i g e s t _ s e c t i o n
+ *
+ *  Return the digests of the next section of the manifest file.
+ *  Does not damage the manifest file, unlike parse_manifest.
+ *
+ */
+static JAR_Digest *
+jar_digest_section(char *manifest, long length)
+{
+    long global_len;
+    char *global_end;
+
+    global_end = manifest;
+    global_len = length;
+
+    while (global_len > 0) {
+        global_end = jar_eat_line(1, PR_FALSE, global_end, &global_len);
+        if (global_len > 0 && (*global_end == 0 || *global_end == '\n'))
+            break;
+    }
+    return JAR_calculate_digest(manifest, global_end - manifest);
+}
+
+/*
+ *  J A R _ v e r i f y _ d i g e s t
+ *
+ *  Verifies that a precalculated digest matches the
+ *  expected value in the manifest.
+ *
+ */
+int PR_CALLBACK
+JAR_verify_digest(JAR *jar, const char *name, JAR_Digest *dig)
+{
+    JAR_Item *it;
+    JAR_Digest *shindig;
+    ZZLink *link;
+    ZZList *list = jar->hashes;
+    int result1 = 0;
+    int result2 = 0;
+
+    if (jar->valid < 0) {
+        /* signature not valid */
+        return JAR_ERR_SIG;
+    }
+    if (ZZ_ListEmpty(list)) {
+        /* empty list */
+        return JAR_ERR_PNF;
+    }
+
+    for (link = ZZ_ListHead(list);
+         !ZZ_ListIterDone(list, link);
+         link = link->next) {
+        it = link->thing;
+        if (it->type == jarTypeMF &&
+            it->pathname && !PORT_Strcmp(it->pathname, name)) {
+            shindig = (JAR_Digest *)it->data;
+            if (shindig->md5_status) {
+                if (shindig->md5_status == jarHashBad)
+                    return JAR_ERR_HASH;
+                result1 = memcmp(dig->md5, shindig->md5, MD5_LENGTH);
+            }
+            if (shindig->sha1_status) {
+                if (shindig->sha1_status == jarHashBad)
+                    return JAR_ERR_HASH;
+                result2 = memcmp(dig->sha1, shindig->sha1, SHA1_LENGTH);
+            }
+            return (result1 == 0 && result2 == 0) ? 0 : JAR_ERR_HASH;
+        }
+    }
+    return JAR_ERR_PNF;
+}
+
+/*
+ *  J A R _ f e t c h _ c e r t
+ *
+ *  Given an opaque identifier of a certificate,
+ *  return the full certificate.
+ *
+ * The new function, which retrieves by key.
+ *
+ */
+CERTCertificate *
+JAR_fetch_cert(long length, void *key)
+{
+    CERTIssuerAndSN issuerSN;
+    CERTCertificate *cert = NULL;
+    CERTCertDBHandle *certdb;
+
+    certdb = JAR_open_database();
+    if (certdb) {
+        unsigned char *keyData = (unsigned char *)key;
+        issuerSN.derIssuer.len = (keyData[0] << 8) + keyData[0];
+        issuerSN.derIssuer.data = &keyData[2];
+        issuerSN.serialNumber.len = length - (2 + issuerSN.derIssuer.len);
+        issuerSN.serialNumber.data = &keyData[2 + issuerSN.derIssuer.len];
+        cert = CERT_FindCertByIssuerAndSN(certdb, &issuerSN);
+        JAR_close_database(certdb);
+    }
+    return cert;
+}
+
+/*
+ *  j a r _ g e t _ m f _ d i g e s t
+ *
+ *  Retrieve a corresponding saved digest over a section
+ *  of the main manifest file.
+ *
+ */
+static JAR_Digest *
+jar_get_mf_digest(JAR *jar, char *pathname)
+{
+    JAR_Item *it;
+    JAR_Digest *dig;
+    ZZLink *link;
+    ZZList *list = jar->manifest;
+
+    if (ZZ_ListEmpty(list))
+        return NULL;
+
+    for (link = ZZ_ListHead(list);
+         !ZZ_ListIterDone(list, link);
+         link = link->next) {
+        it = link->thing;
+        if (it->type == jarTypeSect &&
+            it->pathname && !PORT_Strcmp(it->pathname, pathname)) {
+            dig = (JAR_Digest *)it->data;
+            return dig;
+        }
+    }
+    return NULL;
+}
+
+/*
+ *  j a r _ b a s e n a m e
+ *
+ *  Return the basename -- leading components of path stripped off,
+ *  extension ripped off -- of a path.
+ *
+ */
+static char *
+jar_basename(const char *path)
+{
+    char *pith, *e, *basename, *ext;
+
+    if (path == NULL)
+        return PORT_Strdup("");
+
+    pith = PORT_Strdup(path);
+    basename = pith;
+    while (1) {
+        for (e = basename; *e && *e != '/' && *e != '\\'; e++)
+            /* yip */;
+        if (*e)
+            basename = ++e;
+        else
+            break;
+    }
+
+    if ((ext = PORT_Strrchr(basename, '.')) != NULL)
+        *ext = 0;
+
+    /* We already have the space allocated */
+    PORT_Strcpy(pith, basename);
+    return pith;
+}
+
+/*
+ *  + + + + + + + + + + + + + + +
+ *
+ *  CRYPTO ROUTINES FOR JAR
+ *
+ *  The following functions are the cryptographic
+ *  interface to PKCS7 for Jarnatures.
+ *
+ *  + + + + + + + + + + + + + + +
+ *
+ */
+
+/*
+ *  j a r _ c a t c h _ b y t e s
+ *
+ *  In the event signatures contain enveloped data, it will show up here.
+ *  But note that the lib/pkcs7 routines aren't ready for it.
+ *
+ */
+static void
+jar_catch_bytes(void *arg, const char *buf, unsigned long len)
+{
+    /* Actually this should never be called, since there is
+     presumably no data in the signature itself. */
+}
+
+/*
+ *  j a r _ v a l i d a t e _ p k c s 7
+ *
+ *  Validate (and decode, if necessary) a binary pkcs7
+ *  signature in DER format.
+ *
+ */
+static int
+jar_validate_pkcs7(JAR *jar, JAR_Signer *signer, char *data, long length)
+{
+
+    SEC_PKCS7ContentInfo *cinfo = NULL;
+    SEC_PKCS7DecoderContext *dcx;
+    PRBool goodSig;
+    int status = 0;
+    SECItem detdig;
+
+    PORT_Assert(jar != NULL && signer != NULL);
+
+    if (jar == NULL || signer == NULL)
+        return JAR_ERR_ORDER;
+
+    signer->valid = JAR_ERR_SIG;
+
+    /* We need a context if we can get one */
+    dcx = SEC_PKCS7DecoderStart(jar_catch_bytes, NULL /*cb_arg*/,
+                                NULL /*getpassword*/, jar->mw,
+                                NULL, NULL, NULL);
+    if (dcx == NULL) {
+        /* strange pkcs7 failure */
+        return JAR_ERR_PK7;
+    }
+
+    SEC_PKCS7DecoderUpdate(dcx, data, length);
+    cinfo = SEC_PKCS7DecoderFinish(dcx);
+    if (cinfo == NULL) {
+        /* strange pkcs7 failure */
+        return JAR_ERR_PK7;
+    }
+    if (SEC_PKCS7ContentIsEncrypted(cinfo)) {
+        /* content was encrypted, fail */
+        return JAR_ERR_PK7;
+    }
+    if (SEC_PKCS7ContentIsSigned(cinfo) == PR_FALSE) {
+        /* content was not signed, fail */
+        return JAR_ERR_PK7;
+    }
+
+    PORT_SetError(0);
+
+    /* use SHA1 only */
+    detdig.len = SHA1_LENGTH;
+    detdig.data = signer->digest->sha1;
+    goodSig = SEC_PKCS7VerifyDetachedSignature(cinfo,
+                                               certUsageObjectSigner,
+                                               &detdig, HASH_AlgSHA1,
+                                               PR_FALSE);
+    jar_gather_signers(jar, signer, cinfo);
+    if (goodSig == PR_TRUE) {
+        /* signature is valid */
+        signer->valid = 0;
+    } else {
+        status = PORT_GetError();
+        PORT_Assert(status < 0);
+        if (status >= 0)
+            status = JAR_ERR_SIG;
+        jar->valid = status;
+        signer->valid = status;
+    }
+    jar->pkcs7 = PR_TRUE;
+    signer->pkcs7 = PR_TRUE;
+    SEC_PKCS7DestroyContentInfo(cinfo);
+    return status;
+}
+
+/*
+ *  j a r _ g a t h e r _ s i g n e r s
+ *
+ *  Add the single signer of this signature to the
+ *  certificate linked list.
+ *
+ */
+static int
+jar_gather_signers(JAR *jar, JAR_Signer *signer, SEC_PKCS7ContentInfo *cinfo)
+{
+    int result;
+    CERTCertificate *cert;
+    CERTCertDBHandle *certdb;
+    SEC_PKCS7SignedData *sdp = cinfo->content.signedData;
+    SEC_PKCS7SignerInfo **pksigners, *pksigner;
+
+    if (sdp == NULL)
+        return JAR_ERR_PK7;
+
+    pksigners = sdp->signerInfos;
+    /* permit exactly one signer */
+    if (pksigners == NULL || pksigners[0] == NULL || pksigners[1] != NULL)
+        return JAR_ERR_PK7;
+
+    pksigner = *pksigners;
+    cert = pksigner->cert;
+
+    if (cert == NULL)
+        return JAR_ERR_PK7;
+
+    certdb = JAR_open_database();
+    if (certdb == NULL)
+        return JAR_ERR_GENERAL;
+
+    result = jar_add_cert(jar, signer, jarTypeSign, cert);
+    JAR_close_database(certdb);
+    return result;
+}
+
+/*
+ *  j a r _ o p e n _ d a t a b a s e
+ *
+ *  Open the certificate database,
+ *  for use by JAR functions.
+ *
+ */
+CERTCertDBHandle *
+JAR_open_database(void)
+{
+    return CERT_GetDefaultCertDB();
+}
+
+/*
+ *  j a r _ c l o s e _ d a t a b a s e
+ *
+ *  Close the certificate database.
+ *  For use by JAR functions.
+ *
+ */
+int
+JAR_close_database(CERTCertDBHandle *certdb)
+{
+    return 0;
+}
+
+/*
+ *  j a r _ s i g n a l
+ *
+ *  Nonfatal errors come here to callback Java.
+ *
+ */
+static int
+jar_signal(int status, JAR *jar, const char *metafile, char *pathname)
+{
+    char *errstring = JAR_get_error(status);
+    if (jar->signal) {
+        (*jar->signal)(status, jar, metafile, pathname, errstring);
+        return 0;
+    }
+    return status;
+}
+
+/*
+ *  j a r _ a p p e n d
+ *
+ *  Tack on an element to one of a JAR's linked
+ *  lists, with rudimentary error handling.
+ *
+ */
+int
+jar_append(ZZList *list, int type, char *pathname, void *data, size_t size)
+{
+    JAR_Item *it = PORT_ZNew(JAR_Item);
+    ZZLink *entity;
+
+    if (it == NULL)
+        goto loser;
+
+    if (pathname) {
+        it->pathname = PORT_Strdup(pathname);
+        if (it->pathname == NULL)
+            goto loser;
+    }
+
+    it->type = (jarType)type;
+    it->data = (unsigned char *)data;
+    it->size = size;
+    entity = ZZ_NewLink(it);
+    if (entity) {
+        ZZ_AppendLink(list, entity);
+        return 0;
+    }
+
+loser:
+    if (it) {
+        if (it->pathname)
+            PORT_Free(it->pathname);
+        PORT_Free(it);
+    }
+    return JAR_ERR_MEMORY;
+}
diff --git a/nss/lib/jar/jzconf.h b/nss/lib/jar/jzconf.h
new file mode 100644
index 0000000..7687eb3
--- /dev/null
+++ b/nss/lib/jar/jzconf.h
@@ -0,0 +1,189 @@
+/* zconf.h -- configuration of the zlib compression library
+ * Copyright (C) 1995-1996 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+/* This file was modified since it was taken from the zlib distribution */
+
+#ifndef _ZCONF_H
+#define _ZCONF_H
+
+/*
+ * If you *really* need a unique prefix for all types and library functions,
+ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
+ */
+#ifdef Z_PREFIX
+#define deflateInit_ z_deflateInit_
+#define deflate z_deflate
+#define deflateEnd z_deflateEnd
+#define inflateInit_ z_inflateInit_
+#define inflate z_inflate
+#define inflateEnd z_inflateEnd
+#define deflateInit2_ z_deflateInit2_
+#define deflateSetDictionary z_deflateSetDictionary
+#define deflateCopy z_deflateCopy
+#define deflateReset z_deflateReset
+#define deflateParams z_deflateParams
+#define inflateInit2_ z_inflateInit2_
+#define inflateSetDictionary z_inflateSetDictionary
+#define inflateSync z_inflateSync
+#define inflateReset z_inflateReset
+#define compress z_compress
+#define uncompress z_uncompress
+#define adler32 z_adler32
+#define crc32 z_crc32
+#define get_crc_table z_get_crc_table
+
+#define Byte z_Byte
+#define uInt z_uInt
+#define uLong z_uLong
+#define Bytef z_Bytef
+#define charf z_charf
+#define intf z_intf
+#define uIntf z_uIntf
+#define uLongf z_uLongf
+#define voidpf z_voidpf
+#define voidp z_voidp
+#endif
+
+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
+#define WIN32
+#endif
+#if defined(__GNUC__) || defined(WIN32) || defined(__386__) || defined(i386)
+#ifndef __32BIT__
+#define __32BIT__
+#endif
+#endif
+#if defined(__MSDOS__) && !defined(MSDOS)
+#define MSDOS
+#endif
+
+/*
+ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
+ * than 64k bytes at a time (needed on systems with 16-bit int).
+ */
+#if defined(MSDOS) && !defined(__32BIT__)
+#define MAXSEG_64K
+#endif
+#ifdef MSDOS
+#define UNALIGNED_OK
+#endif
+
+#if (defined(MSDOS) || defined(_WINDOWS) || defined(WIN32) || defined(XP_OS2)) && !defined(STDC)
+#define STDC
+#endif
+#if (defined(__STDC__) || defined(__cplusplus)) && !defined(STDC)
+#define STDC
+#endif
+
+#ifndef STDC
+#ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
+#define const
+#endif
+#endif
+
+/* Some Mac compilers merge all .h files incorrectly: */
+#if defined(__MWERKS__) || defined(applec) || defined(THINK_C) || defined(__SC__)
+#define NO_DUMMY_DECL
+#endif
+
+/* Maximum value for memLevel in deflateInit2 */
+#ifndef MAX_MEM_LEVEL
+#ifdef MAXSEG_64K
+#define MAX_MEM_LEVEL 8
+#else
+#define MAX_MEM_LEVEL 9
+#endif
+#endif
+
+/* Maximum value for windowBits in deflateInit2 and inflateInit2 */
+#ifndef MAX_WBITS
+#define MAX_WBITS 15 /* 32K LZ77 window */
+#endif
+
+/* The memory requirements for deflate are (in bytes):
+            1 << (windowBits+2)   +  1 << (memLevel+9)
+ that is: 128K for windowBits=15  +  128K for memLevel = 8  (default values)
+ plus a few kilobytes for small objects. For example, if you want to reduce
+ the default memory requirements from 256K to 128K, compile with
+     make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
+ Of course this will generally degrade compression (there's no free lunch).
+
+   The memory requirements for inflate are (in bytes) 1 << windowBits
+ that is, 32K for windowBits=15 (default value) plus a few kilobytes
+ for small objects.
+*/
+
+/* Type declarations */
+
+#ifndef OF /* function prototypes */
+#ifdef STDC
+#define OF(args) args
+#else
+#define OF(args) ()
+#endif
+#endif
+
+/* The following definitions for FAR are needed only for MSDOS mixed
+ * model programming (small or medium model with some far allocations).
+ * This was tested only with MSC; for other MSDOS compilers you may have
+ * to define NO_MEMCPY in zutil.h.  If you don't need the mixed model,
+ * just define FAR to be empty.
+ */
+#if (defined(M_I86SM) || defined(M_I86MM)) && !defined(__32BIT__)
+/* MSC small or medium model */
+#define SMALL_MEDIUM
+#ifdef _MSC_VER
+#define FAR __far
+#else
+#define FAR far
+#endif
+#endif
+#if defined(__BORLANDC__) && (defined(__SMALL__) || defined(__MEDIUM__))
+#ifndef __32BIT__
+#define SMALL_MEDIUM
+#define FAR __far
+#endif
+#endif
+#ifndef FAR
+#define FAR
+#endif
+
+typedef unsigned char Byte;  /* 8 bits */
+typedef unsigned int uInt;   /* 16 bits or more */
+typedef unsigned long uLong; /* 32 bits or more */
+
+#if defined(__BORLANDC__) && defined(SMALL_MEDIUM)
+/* Borland C/C++ ignores FAR inside typedef */
+#define Bytef Byte FAR
+#else
+typedef Byte FAR Bytef;
+#endif
+typedef char FAR charf;
+typedef int FAR intf;
+typedef uInt FAR uIntf;
+typedef uLong FAR uLongf;
+
+#ifdef STDC
+typedef void FAR *voidpf;
+typedef void *voidp;
+#else
+typedef Byte FAR *voidpf;
+typedef Byte *voidp;
+#endif
+
+#ifdef MOZILLA_CLIENT
+#include "prtypes.h"
+#else
+/* Compile with -DZLIB_DLL for Windows DLL support */
+#if (defined(_WINDOWS) || defined(WINDOWS)) && defined(ZLIB_DLL)
+#include <windows.h>
+#define EXPORT WINAPI
+#else
+#define EXPORT
+#endif
+
+#define PR_PUBLIC_API(type) type
+
+#endif /* MOZILLA_CLIENT */
+
+#endif /* _ZCONF_H */
diff --git a/nss/lib/jar/jzlib.h b/nss/lib/jar/jzlib.h
new file mode 100644
index 0000000..92d3d5b
--- /dev/null
+++ b/nss/lib/jar/jzlib.h
@@ -0,0 +1,916 @@
+/* zlib.h -- interface of the 'zlib' general purpose compression library
+  version 1.0.4, Jul 24th, 1996.
+
+  Copyright (C) 1995-1996 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  gzip@prep.ai.mit.edu    madler@alumni.caltech.edu
+
+
+  The data format used by the zlib library is described by RFCs (Request for
+  Comments) 1950 to 1952 in the files ftp://ds.internic.net/rfc/rfc1950.txt
+  (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
+*/
+/* This file was modified since it was taken from the zlib distribution */
+
+#ifndef _ZLIB_H
+#define _ZLIB_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef MOZILLA_CLIENT
+#include "jzconf.h"
+#else
+#include "zconf.h"
+#endif
+
+#define ZLIB_VERSION "1.0.4"
+
+/*
+     The 'zlib' compression library provides in-memory compression and
+  decompression functions, including integrity checks of the uncompressed
+  data.  This version of the library supports only one compression method
+  (deflation) but other algorithms may be added later and will have the same
+  stream interface.
+
+     For compression the application must provide the output buffer and
+  may optionally provide the input buffer for optimization. For decompression,
+  the application must provide the input buffer and may optionally provide
+  the output buffer for optimization.
+
+     Compression can be done in a single step if the buffers are large
+  enough (for example if an input file is mmap'ed), or can be done by
+  repeated calls of the compression function.  In the latter case, the
+  application must provide more input and/or consume the output
+  (providing more output space) before each call.
+
+     The library does not install any signal handler. It is recommended to
+  add at least a handler for SIGSEGV when decompressing; the library checks
+  the consistency of the input data whenever possible but may go nuts
+  for some forms of corrupted input.
+*/
+
+typedef voidpf(*alloc_func) OF((voidpf opaque, uInt items, uInt size));
+typedef void(*free_func) OF((voidpf opaque, voidpf address));
+
+struct internal_state;
+
+typedef struct z_stream_s {
+    Bytef *next_in; /* next input byte */
+    uInt avail_in;  /* number of bytes available at next_in */
+    uLong total_in; /* total nb of input bytes read so far */
+
+    Bytef *next_out; /* next output byte should be put there */
+    uInt avail_out;  /* remaining free space at next_out */
+    uLong total_out; /* total nb of bytes output so far */
+
+    char *msg;                        /* last error message, NULL if no error */
+    struct internal_state FAR *state; /* not visible by applications */
+
+    alloc_func zalloc; /* used to allocate the internal state */
+    free_func zfree;   /* used to free the internal state */
+    voidpf opaque;     /* private data object passed to zalloc and zfree */
+
+    int data_type;  /* best guess about the data type: ascii or binary */
+    uLong adler;    /* adler32 value of the uncompressed data */
+    uLong reserved; /* reserved for future use */
+} z_stream;
+
+typedef z_stream FAR *z_streamp;
+
+/*
+   The application must update next_in and avail_in when avail_in has
+   dropped to zero. It must update next_out and avail_out when avail_out
+   has dropped to zero. The application must initialize zalloc, zfree and
+   opaque before calling the init function. All other fields are set by the
+   compression library and must not be updated by the application.
+
+   The opaque value provided by the application will be passed as the first
+   parameter for calls of zalloc and zfree. This can be useful for custom
+   memory management. The compression library attaches no meaning to the
+   opaque value.
+
+   zalloc must return Z_NULL if there is not enough memory for the object.
+   On 16-bit systems, the functions zalloc and zfree must be able to allocate
+   exactly 65536 bytes, but will not be required to allocate more than this
+   if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
+   pointers returned by zalloc for objects of exactly 65536 bytes *must*
+   have their offset normalized to zero. The default allocation function
+   provided by this library ensures this (see zutil.c). To reduce memory
+   requirements and avoid any allocation of 64K objects, at the expense of
+   compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
+
+   The fields total_in and total_out can be used for statistics or
+   progress reports. After compression, total_in holds the total size of
+   the uncompressed data and may be saved for use in the decompressor
+   (particularly if the decompressor wants to decompress everything in
+   a single step).
+*/
+
+/* constants */
+
+#define Z_NO_FLUSH 0
+#define Z_PARTIAL_FLUSH 1
+#define Z_SYNC_FLUSH 2
+#define Z_FULL_FLUSH 3
+#define Z_FINISH 4
+/* Allowed flush values; see deflate() below for details */
+
+#define Z_OK 0
+#define Z_STREAM_END 1
+#define Z_NEED_DICT 2
+#define Z_ERRNO (-1)
+#define Z_STREAM_ERROR (-2)
+#define Z_DATA_ERROR (-3)
+#define Z_MEM_ERROR (-4)
+#define Z_BUF_ERROR (-5)
+#define Z_VERSION_ERROR (-6)
+/* Return codes for the compression/decompression functions. Negative
+ * values are errors, positive values are used for special but normal events.
+ */
+
+#define Z_NO_COMPRESSION 0
+#define Z_BEST_SPEED 1
+#define Z_BEST_COMPRESSION 9
+#define Z_DEFAULT_COMPRESSION (-1)
+/* compression levels */
+
+#define Z_FILTERED 1
+#define Z_HUFFMAN_ONLY 2
+#define Z_DEFAULT_STRATEGY 0
+/* compression strategy; see deflateInit2() below for details */
+
+#define Z_BINARY 0
+#define Z_ASCII 1
+#define Z_UNKNOWN 2
+/* Possible values of the data_type field */
+
+#define Z_DEFLATED 8
+/* The deflate compression method (the only one supported in this version) */
+
+#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
+
+#define zlib_version zlibVersion()
+/* for compatibility with versions < 1.0.2 */
+
+/* basic functions */
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(const char *)
+zlibVersion(void);
+#else
+extern const char *EXPORT zlibVersion OF((void));
+#endif
+/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
+   If the first character differs, the library code actually used is
+   not compatible with the zlib.h header file used by the application.
+   This check is automatically made by deflateInit and inflateInit.
+ */
+
+/*
+extern int EXPORT deflateInit OF((z_streamp strm, int level));
+
+     Initializes the internal stream state for compression. The fields
+   zalloc, zfree and opaque must be initialized before by the caller.
+   If zalloc and zfree are set to Z_NULL, deflateInit updates them to
+   use default allocation functions.
+
+     The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
+   1 gives best speed, 9 gives best compression, 0 gives no compression at
+   all (the input data is simply copied a block at a time).
+   Z_DEFAULT_COMPRESSION requests a default compromise between speed and
+   compression (currently equivalent to level 6).
+
+     deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if level is not a valid compression level,
+   Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
+   with the version assumed by the caller (ZLIB_VERSION).
+   msg is set to null if there is no error message.  deflateInit does not
+   perform any compression: this will be done by deflate().
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+deflate(z_streamp strm, int flush);
+#else
+extern int EXPORT deflate OF((z_streamp strm, int flush));
+#endif
+/*
+  Performs one or both of the following actions:
+
+  - Compress more input starting at next_in and update next_in and avail_in
+    accordingly. If not all input can be processed (because there is not
+    enough room in the output buffer), next_in and avail_in are updated and
+    processing will resume at this point for the next call of deflate().
+
+  - Provide more output starting at next_out and update next_out and avail_out
+    accordingly. This action is forced if the parameter flush is non zero.
+    Forcing flush frequently degrades the compression ratio, so this parameter
+    should be set only when necessary (in interactive applications).
+    Some output may be provided even if flush is not set.
+
+  Before the call of deflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming
+  more output, and updating avail_in or avail_out accordingly; avail_out
+  should never be zero before the call. The application can consume the
+  compressed output when it wants, for example when the output buffer is full
+  (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
+  and with zero avail_out, it must be called again after making room in the
+  output buffer because there might be more output pending.
+
+    If the parameter flush is set to Z_PARTIAL_FLUSH, the current compression
+  block is terminated and flushed to the output buffer so that the
+  decompressor can get all input data available so far. For method 9, a future
+  variant on method 8, the current block will be flushed but not terminated.
+  Z_SYNC_FLUSH has the same effect as partial flush except that the compressed
+  output is byte aligned (the compressor can clear its internal bit buffer)
+  and the current block is always terminated; this can be useful if the
+  compressor has to be restarted from scratch after an interruption (in which
+  case the internal state of the compressor may be lost).
+    If flush is set to Z_FULL_FLUSH, the compression block is terminated, a
+  special marker is output and the compression dictionary is discarded; this
+  is useful to allow the decompressor to synchronize if one compressed block
+  has been damaged (see inflateSync below).  Flushing degrades compression and
+  so should be used only when necessary.  Using Z_FULL_FLUSH too often can
+  seriously degrade the compression. If deflate returns with avail_out == 0,
+  this function must be called again with the same value of the flush
+  parameter and more output space (updated avail_out), until the flush is
+  complete (deflate returns with non-zero avail_out).
+
+    If the parameter flush is set to Z_FINISH, pending input is processed,
+  pending output is flushed and deflate returns with Z_STREAM_END if there
+  was enough output space; if deflate returns with Z_OK, this function must be
+  called again with Z_FINISH and more output space (updated avail_out) but no
+  more input data, until it returns with Z_STREAM_END or an error. After
+  deflate has returned Z_STREAM_END, the only possible operations on the
+  stream are deflateReset or deflateEnd.
+
+    Z_FINISH can be used immediately after deflateInit if all the compression
+  is to be done in a single step. In this case, avail_out must be at least
+  0.1% larger than avail_in plus 12 bytes.  If deflate does not return
+  Z_STREAM_END, then it must be called again as described above.
+
+    deflate() may update data_type if it can make a good guess about
+  the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
+  binary. This field is only for information purposes and does not affect
+  the compression algorithm in any manner.
+
+    deflate() returns Z_OK if some progress has been made (more input
+  processed or more output produced), Z_STREAM_END if all input has been
+  consumed and all output has been produced (only when flush is set to
+  Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
+  if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+deflateEnd(z_streamp strm);
+#else
+extern int EXPORT deflateEnd OF((z_streamp strm));
+#endif
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any
+   pending output.
+
+     deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
+   stream state was inconsistent, Z_DATA_ERROR if the stream was freed
+   prematurely (some input or output was discarded). In the error case,
+   msg may be set but then points to a static string (which must not be
+   deallocated).
+*/
+
+/*
+extern int EXPORT inflateInit OF((z_streamp strm));
+
+     Initializes the internal stream state for decompression. The fields
+   zalloc, zfree and opaque must be initialized before by the caller.  If
+   zalloc and zfree are set to Z_NULL, inflateInit updates them to use default
+   allocation functions.
+
+     inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_VERSION_ERROR if the zlib library version is incompatible
+   with the version assumed by the caller.  msg is set to null if there is no
+   error message. inflateInit does not perform any decompression: this will be
+   done by inflate().
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+inflate(z_streamp strm, int flush);
+#else
+extern int EXPORT inflate OF((z_streamp strm, int flush));
+#endif
+/*
+  Performs one or both of the following actions:
+
+  - Decompress more input starting at next_in and update next_in and avail_in
+    accordingly. If not all input can be processed (because there is not
+    enough room in the output buffer), next_in is updated and processing
+    will resume at this point for the next call of inflate().
+
+  - Provide more output starting at next_out and update next_out and avail_out
+    accordingly.  inflate() provides as much output as possible, until there
+    is no more input data or no more space in the output buffer (see below
+    about the flush parameter).
+
+  Before the call of inflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming
+  more output, and updating the next_* and avail_* values accordingly.
+  The application can consume the uncompressed output when it wants, for
+  example when the output buffer is full (avail_out == 0), or after each
+  call of inflate(). If inflate returns Z_OK and with zero avail_out, it
+  must be called again after making room in the output buffer because there
+  might be more output pending.
+
+    If the parameter flush is set to Z_PARTIAL_FLUSH, inflate flushes as much
+  output as possible to the output buffer. The flushing behavior of inflate is
+  not specified for values of the flush parameter other than Z_PARTIAL_FLUSH
+  and Z_FINISH, but the current implementation actually flushes as much output
+  as possible anyway.
+
+    inflate() should normally be called until it returns Z_STREAM_END or an
+  error. However if all decompression is to be performed in a single step
+  (a single call of inflate), the parameter flush should be set to
+  Z_FINISH. In this case all pending input is processed and all pending
+  output is flushed; avail_out must be large enough to hold all the
+  uncompressed data. (The size of the uncompressed data may have been saved
+  by the compressor for this purpose.) The next operation on this stream must
+  be inflateEnd to deallocate the decompression state. The use of Z_FINISH
+  is never required, but can be used to inform inflate that a faster routine
+  may be used for the single inflate() call.
+
+    inflate() returns Z_OK if some progress has been made (more input
+  processed or more output produced), Z_STREAM_END if the end of the
+  compressed data has been reached and all uncompressed output has been
+  produced, Z_NEED_DICT if a preset dictionary is needed at this point (see
+  inflateSetDictionary below), Z_DATA_ERROR if the input data was corrupted,
+  Z_STREAM_ERROR if the stream structure was inconsistent (for example if
+  next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory,
+  Z_BUF_ERROR if no progress is possible or if there was not enough room in
+  the output buffer when Z_FINISH is used. In the Z_DATA_ERROR case, the
+  application may then call inflateSync to look for a good compression block.
+  In the Z_NEED_DICT case, strm->adler is set to the Adler32 value of the
+  dictionary chosen by the compressor.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+inflateEnd(z_streamp strm);
+#else
+extern int EXPORT inflateEnd OF((z_streamp strm));
+#endif
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any
+   pending output.
+
+     inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
+   was inconsistent. In the error case, msg may be set but then points to a
+   static string (which must not be deallocated).
+*/
+
+/* Advanced functions */
+
+/*
+    The following functions are needed only in some special applications.
+*/
+
+/*
+extern int EXPORT deflateInit2 OF((z_streamp strm,
+                                   int  level,
+                                   int  method,
+                                   int  windowBits,
+                                   int  memLevel,
+                                   int  strategy));
+
+     This is another version of deflateInit with more compression options. The
+   fields next_in, zalloc, zfree and opaque must be initialized before by
+   the caller.
+
+     The method parameter is the compression method. It must be Z_DEFLATED in
+   this version of the library. (Method 9 will allow a 64K history buffer and
+   partial block flushes.)
+
+     The windowBits parameter is the base two logarithm of the window size
+   (the size of the history buffer).  It should be in the range 8..15 for this
+   version of the library (the value 16 will be allowed for method 9). Larger
+   values of this parameter result in better compression at the expense of
+   memory usage. The default value is 15 if deflateInit is used instead.
+
+     The memLevel parameter specifies how much memory should be allocated
+   for the internal compression state. memLevel=1 uses minimum memory but
+   is slow and reduces compression ratio; memLevel=9 uses maximum memory
+   for optimal speed. The default value is 8. See zconf.h for total memory
+   usage as a function of windowBits and memLevel.
+
+     The strategy parameter is used to tune the compression algorithm. Use the
+   value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
+   filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman encoding only (no
+   string match).  Filtered data consists mostly of small values with a
+   somewhat random distribution. In this case, the compression algorithm is
+   tuned to compress them better. The effect of Z_FILTERED is to force more
+   Huffman coding and less string matching; it is somewhat intermediate
+   between Z_DEFAULT and Z_HUFFMAN_ONLY. The strategy parameter only affects
+   the compression ratio but not the correctness of the compressed output even
+   if it is not set appropriately.
+
+     If next_in is not null, the library will use this buffer to hold also
+   some history information; the buffer must either hold the entire input
+   data, or have at least 1<<(windowBits+1) bytes and be writable. If next_in
+   is null, the library will allocate its own history buffer (and leave next_in
+   null). next_out need not be provided here but must be provided by the
+   application for the next call of deflate().
+
+     If the history buffer is provided by the application, next_in must
+   must never be changed by the application since the compressor maintains
+   information inside this buffer from call to call; the application
+   must provide more input only by increasing avail_in. next_in is always
+   reset by the library in this case.
+
+      deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
+   not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
+   an invalid method). msg is set to null if there is no error message.
+   deflateInit2 does not perform any compression: this will be done by
+   deflate().
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+deflateSetDictionary(z_streamp strm,
+                     const Bytef *dictionary,
+                     uInt dictLength);
+#else
+extern int EXPORT deflateSetDictionary OF((z_streamp strm,
+                                           const Bytef *dictionary,
+                                           uInt dictLength));
+#endif
+/*
+     Initializes the compression dictionary (history buffer) from the given
+   byte sequence without producing any compressed output. This function must
+   be called immediately after deflateInit or deflateInit2, before any call
+   of deflate. The compressor and decompressor must use exactly the same
+   dictionary (see inflateSetDictionary).
+     The dictionary should consist of strings (byte sequences) that are likely
+   to be encountered later in the data to be compressed, with the most commonly
+   used strings preferably put towards the end of the dictionary. Using a
+   dictionary is most useful when the data to be compressed is short and
+   can be predicted with good accuracy; the data can then be compressed better
+   than with the default empty dictionary. In this version of the library,
+   only the last 32K bytes of the dictionary are used.
+     Upon return of this function, strm->adler is set to the Adler32 value
+   of the dictionary; the decompressor may later use this value to determine
+   which dictionary has been used by the compressor. (The Adler32 value
+   applies to the whole dictionary even if only a subset of the dictionary is
+   actually used by the compressor.)
+
+     deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
+   parameter is invalid (such as NULL dictionary) or the stream state
+   is inconsistent (for example if deflate has already been called for this
+   stream). deflateSetDictionary does not perform any compression: this will
+   be done by deflate().
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+deflateCopy(z_streamp dest, z_streamp source);
+#else
+extern int EXPORT deflateCopy OF((z_streamp dest, z_streamp source));
+#endif
+/*
+     Sets the destination stream as a complete copy of the source stream.  If
+   the source stream is using an application-supplied history buffer, a new
+   buffer is allocated for the destination stream.  The compressed output
+   buffer is always application-supplied. It's the responsibility of the
+   application to provide the correct values of next_out and avail_out for the
+   next call of deflate.
+
+     This function can be useful when several compression strategies will be
+   tried, for example when there are several ways of pre-processing the input
+   data with a filter. The streams that will be discarded should then be freed
+   by calling deflateEnd.  Note that deflateCopy duplicates the internal
+   compression state which can be quite large, so this strategy is slow and
+   can consume lots of memory.
+
+     deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
+   (such as zalloc being NULL). msg is left unchanged in both source and
+   destination.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+deflateReset(z_streamp strm);
+#else
+extern int EXPORT deflateReset OF((z_streamp strm));
+#endif
+/*
+     This function is equivalent to deflateEnd followed by deflateInit,
+   but does not free and reallocate all the internal compression state.
+   The stream will keep the same compression level and any other attributes
+   that may have been set by deflateInit2.
+
+      deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being NULL).
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+deflateParams(z_streamp strm, int level, int strategy);
+#else
+extern int EXPORT deflateParams OF((z_streamp strm, int level, int strategy));
+#endif
+/*
+     Dynamically update the compression level and compression strategy.
+   This can be used to switch between compression and straight copy of
+   the input data, or to switch to a different kind of input data requiring
+   a different strategy. If the compression level is changed, the input
+   available so far is compressed with the old level (and may be flushed);
+   the new level will take effect only at the next call of deflate().
+
+     Before the call of deflateParams, the stream state must be set as for
+   a call of deflate(), since the currently available input may have to
+   be compressed and flushed. In particular, strm->avail_out must be non-zero.
+
+     deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
+   stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
+   if strm->avail_out was zero.
+*/
+
+/*
+extern int EXPORT inflateInit2 OF((z_streamp strm,
+                                   int  windowBits));
+
+     This is another version of inflateInit with more compression options. The
+   fields next_out, zalloc, zfree and opaque must be initialized before by
+   the caller.
+
+     The windowBits parameter is the base two logarithm of the maximum window
+   size (the size of the history buffer).  It should be in the range 8..15 for
+   this version of the library (the value 16 will be allowed soon). The
+   default value is 15 if inflateInit is used instead. If a compressed stream
+   with a larger window size is given as input, inflate() will return with
+   the error code Z_DATA_ERROR instead of trying to allocate a larger window.
+
+     If next_out is not null, the library will use this buffer for the history
+   buffer; the buffer must either be large enough to hold the entire output
+   data, or have at least 1<<windowBits bytes.  If next_out is null, the
+   library will allocate its own buffer (and leave next_out null). next_in
+   need not be provided here but must be provided by the application for the
+   next call of inflate().
+
+     If the history buffer is provided by the application, next_out must
+   never be changed by the application since the decompressor maintains
+   history information inside this buffer from call to call; the application
+   can only reset next_out to the beginning of the history buffer when
+   avail_out is zero and all output has been consumed.
+
+      inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
+   not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
+   windowBits < 8). msg is set to null if there is no error message.
+   inflateInit2 does not perform any decompression: this will be done by
+   inflate().
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+inflateSetDictionary(z_streamp strm,
+                     const Bytef *dictionary,
+                     uInt dictLength);
+#else
+extern int EXPORT inflateSetDictionary OF((z_streamp strm,
+                                           const Bytef *dictionary,
+                                           uInt dictLength));
+#endif
+/*
+     Initializes the decompression dictionary (history buffer) from the given
+   uncompressed byte sequence. This function must be called immediately after
+   a call of inflate if this call returned Z_NEED_DICT. The dictionary chosen
+   by the compressor can be determined from the Adler32 value returned by this
+   call of inflate. The compressor and decompressor must use exactly the same
+   dictionary (see deflateSetDictionary).
+
+     inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
+   parameter is invalid (such as NULL dictionary) or the stream state is
+   inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
+   expected one (incorrect Adler32 value). inflateSetDictionary does not
+   perform any decompression: this will be done by subsequent calls of
+   inflate().
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+inflateSync(z_streamp strm);
+#else
+extern int EXPORT inflateSync OF((z_streamp strm));
+#endif
+/*
+    Skips invalid compressed data until the special marker (see deflate()
+  above) can be found, or until all available input is skipped. No output
+  is provided.
+
+    inflateSync returns Z_OK if the special marker has been found, Z_BUF_ERROR
+  if no more input was provided, Z_DATA_ERROR if no marker has been found,
+  or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
+  case, the application may save the current current value of total_in which
+  indicates where valid compressed data was found. In the error case, the
+  application may repeatedly call inflateSync, providing more input each time,
+  until success or end of the input data.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+inflateReset(z_streamp strm);
+#else
+extern int EXPORT inflateReset OF((z_streamp strm));
+#endif
+/*
+     This function is equivalent to inflateEnd followed by inflateInit,
+   but does not free and reallocate all the internal decompression state.
+   The stream will keep attributes that may have been set by inflateInit2.
+
+      inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being NULL).
+*/
+
+/* utility functions */
+
+/*
+     The following utility functions are implemented on top of the
+   basic stream-oriented functions. To simplify the interface, some
+   default options are assumed (compression level, window size,
+   standard memory allocation functions). The source code of these
+   utility functions can easily be modified if you need special options.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+compress(Bytef *dest, uLongf *destLen,
+         const Bytef *source, uLong sourceLen);
+#else
+extern int EXPORT compress OF((Bytef * dest, uLongf *destLen,
+                               const Bytef *source, uLong sourceLen));
+#endif
+/*
+     Compresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer. Upon entry, destLen is the total
+   size of the destination buffer, which must be at least 0.1% larger than
+   sourceLen plus 12 bytes. Upon exit, destLen is the actual size of the
+   compressed buffer.
+     This function can be used to compress a whole file at once if the
+   input file is mmap'ed.
+     compress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+uncompress(Bytef *dest, uLongf *destLen,
+           const Bytef *source, uLong sourceLen);
+#else
+extern int EXPORT uncompress OF((Bytef * dest, uLongf *destLen,
+                                 const Bytef *source, uLong sourceLen));
+#endif
+/*
+     Decompresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer. Upon entry, destLen is the total
+   size of the destination buffer, which must be large enough to hold the
+   entire uncompressed data. (The size of the uncompressed data must have
+   been saved previously by the compressor and transmitted to the decompressor
+   by some mechanism outside the scope of this compression library.)
+   Upon exit, destLen is the actual size of the compressed buffer.
+     This function can be used to decompress a whole file at once if the
+   input file is mmap'ed.
+
+     uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer, or Z_DATA_ERROR if the input data was corrupted.
+*/
+
+typedef voidp gzFile;
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(gzFile)
+gzopen(const char *path, const char *mode);
+#else
+extern gzFile EXPORT gzopen OF((const char *path, const char *mode));
+#endif
+/*
+     Opens a gzip (.gz) file for reading or writing. The mode parameter
+   is as in fopen ("rb" or "wb") but can also include a compression level
+   ("wb9").  gzopen can be used to read a file which is not in gzip format;
+   in this case gzread will directly read from the file without decompression.
+     gzopen returns NULL if the file could not be opened or if there was
+   insufficient memory to allocate the (de)compression state; errno
+   can be checked to distinguish the two cases (if errno is zero, the
+   zlib error is Z_MEM_ERROR).
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(gzFile)
+gzdopen(int fd, const char *mode);
+#else
+extern gzFile EXPORT gzdopen OF((int fd, const char *mode));
+#endif
+/*
+     gzdopen() associates a gzFile with the file descriptor fd.  File
+   descriptors are obtained from calls like open, dup, creat, pipe or
+   fileno (in the file has been previously opened with fopen).
+   The mode parameter is as in gzopen.
+     The next call of gzclose on the returned gzFile will also close the
+   file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
+   descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
+     gzdopen returns NULL if there was insufficient memory to allocate
+   the (de)compression state.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+gzread(gzFile file, voidp buf, unsigned len);
+#else
+extern int EXPORT gzread OF((gzFile file, voidp buf, unsigned len));
+#endif
+/*
+     Reads the given number of uncompressed bytes from the compressed file.
+   If the input file was not in gzip format, gzread copies the given number
+   of bytes into the buffer.
+     gzread returns the number of uncompressed bytes actually read (0 for
+   end of file, -1 for error). */
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+gzwrite(gzFile file, const voidp buf, unsigned len);
+#else
+extern int EXPORT gzwrite OF((gzFile file, const voidp buf, unsigned len));
+#endif
+/*
+     Writes the given number of uncompressed bytes into the compressed file.
+   gzwrite returns the number of uncompressed bytes actually written
+   (0 in case of error).
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+gzflush(gzFile file, int flush);
+#else
+extern int EXPORT gzflush OF((gzFile file, int flush));
+#endif
+/*
+     Flushes all pending output into the compressed file. The parameter
+   flush is as in the deflate() function. The return value is the zlib
+   error number (see function gzerror below). gzflush returns Z_OK if
+   the flush parameter is Z_FINISH and all output could be flushed.
+     gzflush should be called only when strictly necessary because it can
+   degrade compression.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+gzclose(gzFile file);
+#else
+extern int EXPORT gzclose OF((gzFile file));
+#endif
+/*
+     Flushes all pending output if necessary, closes the compressed file
+   and deallocates all the (de)compression state. The return value is the zlib
+   error number (see function gzerror below).
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(const char *)
+gzerror(gzFile file, int *errnum);
+#else
+extern const char *EXPORT gzerror OF((gzFile file, int *errnum));
+#endif
+/*
+     Returns the error message for the last error which occurred on the
+   given compressed file. errnum is set to zlib error number. If an
+   error occurred in the file system and not in the compression library,
+   errnum is set to Z_ERRNO and the application may consult errno
+   to get the exact error code.
+*/
+
+/* checksum functions */
+
+/*
+     These functions are not related to compression but are exported
+   anyway because they might be useful in applications using the
+   compression library.
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(uLong)
+adler32(uLong adler, const Bytef *buf, uInt len);
+#else
+extern uLong EXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
+#endif
+
+/*
+     Update a running Adler-32 checksum with the bytes buf[0..len-1] and
+   return the updated checksum. If buf is NULL, this function returns
+   the required initial value for the checksum.
+   An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
+   much faster. Usage example:
+
+     uLong adler = adler32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       adler = adler32(adler, buffer, length);
+     }
+     if (adler != original_adler) error();
+*/
+
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(uLong)
+crc32(uLong crc, const Bytef *buf, uInt len);
+#else
+extern uLong EXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
+#endif
+/*
+     Update a running crc with the bytes buf[0..len-1] and return the updated
+   crc. If buf is NULL, this function returns the required initial value
+   for the crc. Pre- and post-conditioning (one's complement) is performed
+   within this function so it shouldn't be done by the application.
+   Usage example:
+
+     uLong crc = crc32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       crc = crc32(crc, buffer, length);
+     }
+     if (crc != original_crc) error();
+*/
+
+/* various hacks, don't look :) */
+
+/* deflateInit and inflateInit are macros to allow checking the zlib version
+ * and the compiler's view of z_stream:
+ */
+#ifdef MOZILLA_CLIENT
+PR_EXTERN(int)
+deflateInit(z_streamp strm, int level, const char *version,
+            int stream_size);
+PR_EXTERN(int)
+inflateInit_(z_streamp strm, const char *version,
+             int stream_size);
+PR_EXTERN(int)
+deflateInit2_(z_streamp strm, int level, int method,
+              int windowBits, int memLevel, int strategy,
+              const char *version, int stream_size);
+PR_EXTERN(int)
+inflateInit2_(z_streamp strm, int windowBits,
+              const char *version, int stream_size);
+#else
+extern int EXPORT deflateInit_ OF((z_streamp strm, int level, const char *version,
+                                   int stream_size));
+extern int EXPORT inflateInit_ OF((z_streamp strm, const char *version,
+                                   int stream_size));
+extern int EXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
+                                    int windowBits, int memLevel, int strategy,
+                                    const char *version, int stream_size));
+extern int EXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
+                                    const char *version, int stream_size));
+#endif /* MOZILLA_CLIENT */
+
+#define deflateInit(strm, level) \
+    deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
+#define inflateInit(strm) \
+    inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
+#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
+    deflateInit2_((strm), (level), (method), (windowBits), (memLevel),    \
+                  (strategy), ZLIB_VERSION, sizeof(z_stream))
+#define inflateInit2(strm, windowBits) \
+    inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
+
+#if !defined(_Z_UTIL_H) && !defined(NO_DUMMY_DECL)
+struct internal_state {
+    int dummy;
+}; /* hack for buggy compilers */
+#endif
+
+uLongf *get_crc_table OF((void)); /* can be used by asm versions of crc32() */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _ZLIB_H */
diff --git a/nss/lib/jar/manifest.mn b/nss/lib/jar/manifest.mn
new file mode 100644
index 0000000..5b51688
--- /dev/null
+++ b/nss/lib/jar/manifest.mn
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MODULE = nss
+
+LIBRARY_NAME = jar
+
+CORE_DEPTH = ../..
+
+CSRCS =	\
+	jarver.c \
+	jarsign.c \
+	jar.c \
+	jar-ds.c \
+	jarfile.c \
+	jarint.c \
+	$(NULL)
+
+EXPORTS	 = jar.h jar-ds.h jarfile.h
+
+DEFINES = -DMOZILLA_CLIENT=1
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/libpkix/Makefile b/nss/lib/libpkix/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/config.mk b/nss/lib/libpkix/config.mk
new file mode 100755
index 0000000..5d75e1c
--- /dev/null
+++ b/nss/lib/libpkix/config.mk
@@ -0,0 +1,16 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+#  DEFINES+=-DPKIX_LISTDEBUG Can be used to turn on debug compilation
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/include/Makefile b/nss/lib/libpkix/include/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/include/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/include/config.mk b/nss/lib/libpkix/include/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/include/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/include/exports.gyp b/nss/lib/libpkix/include/exports.gyp
new file mode 100644
index 0000000..92baaaa
--- /dev/null
+++ b/nss/lib/libpkix/include/exports.gyp
@@ -0,0 +1,38 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_include_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix.h',
+            'pkix_certsel.h',
+            'pkix_certstore.h',
+            'pkix_checker.h',
+            'pkix_crlsel.h',
+            'pkix_errorstrings.h',
+            'pkix_params.h',
+            'pkix_pl_pki.h',
+            'pkix_pl_system.h',
+            'pkix_results.h',
+            'pkix_revchecker.h',
+            'pkix_sample_modules.h',
+            'pkix_util.h',
+            'pkixt.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/include/include.gyp b/nss/lib/libpkix/include/include.gyp
new file mode 100644
index 0000000..c435015
--- /dev/null
+++ b/nss/lib/libpkix/include/include.gyp
@@ -0,0 +1,12 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/include/manifest.mn b/nss/lib/libpkix/include/manifest.mn
new file mode 100755
index 0000000..cc74890
--- /dev/null
+++ b/nss/lib/libpkix/include/manifest.mn
@@ -0,0 +1,32 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix.h \
+	pkix_crlsel.h \
+	pkix_errorstrings.h \
+	pkix_results.h \
+	pkixt.h \
+	pkix_certsel.h \
+	pkix_params.h \
+	pkix_revchecker.h \
+	pkix_certstore.h \
+	pkix_pl_pki.h \
+	pkix_sample_modules.h \
+	pkix_checker.h \
+	pkix_pl_system.h \
+	pkix_util.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	$(NULL)
+
+REQUIRES = dbm
diff --git a/nss/lib/libpkix/include/pkix.h b/nss/lib/libpkix/include/pkix.h
new file mode 100755
index 0000000..4ef3cf1
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix.h
@@ -0,0 +1,301 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines the public API for libpkix. These are the top-level
+ * functions in the library. They perform the primary operations of this
+ * library: building and validating chains of X.509 certificates.
+ *
+ */
+
+#ifndef _PKIX_H
+#define _PKIX_H
+
+#include "pkixt.h"
+#include "pkix_util.h"
+#include "pkix_results.h"
+#include "pkix_certstore.h"
+#include "pkix_certsel.h"
+#include "pkix_crlsel.h"
+#include "pkix_checker.h"
+#include "pkix_revchecker.h"
+#include "pkix_pl_system.h"
+#include "pkix_pl_pki.h"
+#include "pkix_params.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/*
+ * FUNCTION: PKIX_Initialize
+ * DESCRIPTION:
+ *
+ * No PKIX_* types and functions should be used before this function is called
+ * and returns successfully. This function should only be called once. If it
+ * is called more than once, the behavior is undefined.
+ *
+ * NSS applications are expected to call NSS_Init, and need not know that
+ * NSS will call this function (with "platformInitNeeded" set to PKIX_FALSE).
+ * PKIX applications are expected instead to call this function with
+ * "platformInitNeeded" set to PKIX_TRUE.
+ *
+ * This function initializes data structures critical to the operation of
+ * libpkix. It also ensures that the API version (major.minor) desired by the
+ * caller (the "desiredMajorVersion", "minDesiredMinorVersion", and
+ * "maxDesiredMinorVersion") is compatible with the API version supported by
+ * the library. As such, the library must support the "desiredMajorVersion"
+ * of the API and must support a minor version that falls between
+ * "minDesiredMinorVersion" and "maxDesiredMinorVersion", inclusive. If
+ * compatibility exists, the function returns NULL and stores the library's
+ * actual minor version at "pActualMinorVersion" (which may be greater than
+ * "desiredMinorVersion"). If no compatibility exists, the function returns a
+ * PKIX_Error pointer. If the caller wishes to specify that the largest
+ * minor version available should be used, then maxDesiredMinorVersion should
+ * be set to the macro PKIX_MAX_MINOR_VERSION (defined in pkixt.h).
+ *
+ * PARAMETERS:
+ *  "platformInitNeeded"
+ *      Boolean indicating whether the platform layer initialization code
+ *      has previously been run, or should be called from this function.
+ *  "desiredMajorVersion"
+ *      The major version of the libpkix API the application wishes to use.
+ *  "minDesiredMinorVersion"
+ *      The minimum minor version of the libpkix API the application wishes
+ *      to use.
+ *  "maxDesiredMinorVersion"
+ *      The maximum minor version of the libpkix API the application wishes
+ *      to use.
+ *  "pActualMinorVersion"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "pPlContext"
+ *      Address at which platform-specific context pointer is stored. Must
+ *      be non-NULL.
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Initialize Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Initialize(
+        PKIX_Boolean platformInitNeeded,
+        PKIX_UInt32 desiredMajorVersion,
+        PKIX_UInt32 minDesiredMinorVersion,
+        PKIX_UInt32 maxDesiredMinorVersion,
+        PKIX_UInt32 *pActualMinorVersion,
+        void **pPlContext);
+
+/*
+ * FUNCTION: PKIX_Shutdown
+ * DESCRIPTION:
+ *
+ *  This function deallocates any memory used by libpkix and shuts down any
+ *  ongoing operations. This function should only be called once. If it is
+ *  called more than once, the behavior is undefined.
+ *
+ *  No PKIX_* types and functions should be used after this function is called
+ *  and returns successfully.
+ * PARAMETERS:
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Shutdown(void *plContext);
+
+/*
+ * FUNCTION: PKIX_ValidateChain
+ * DESCRIPTION:
+ *
+ *  This function attempts to validate the CertChain that has been set in the
+ *  ValidateParams pointed to by "params" using an RFC 3280-compliant
+ *  algorithm. If successful, this function returns NULL and stores the
+ *  ValidateResult at "pResult", which holds additional information, such as
+ *  the policy tree and the target's public key. If unsuccessful, an Error is
+ *  returned. Note: This function does not currently support non-blocking I/O.
+ *
+ *  If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which
+ *  tracks the results of the validation. That is, either each node in the
+ *  chain has a NULL Error component, or the last node contains an Error
+ *  which indicates why the validation failed.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ValidateParams used to validate CertChain. Must be non-NULL.
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "pVerifyTree"
+ *      Address where a VerifyTree is stored, if non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (See Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Validate Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ValidateChain(
+        PKIX_ValidateParams *params,
+        PKIX_ValidateResult **pResult,
+	PKIX_VerifyNode **pVerifyTree,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ValidateChain_NB
+ * DESCRIPTION:
+ *
+ *  This function is the equivalent of PKIX_ValidateChain, except that it
+ *  supports non-blocking I/O. When called with "pNBIOContext" pointing to NULL
+ *  it initiates a new chain validation as in PKIX_ValidateChain, ignoring the
+ *  value in all input variables except "params". If forced to suspend
+ *  processing by a WOULDBLOCK return from some operation, such as a CertStore
+ *  request, it stores the platform-dependent I/O context at "pNBIOContext" and
+ *  stores other intermediate variables at "pCertIndex", "pAnchorIndex", 
+ *  "pCheckerIndex", "pRevChecking", and "pCheckers".
+ *
+ *  When called subsequently with that non-NULL value at "pNBIOContext", it
+ *  relies on those intermediate values to be untouched, and it resumes chain
+ *  validation where it left off. Its behavior is undefined if any of the
+ *  intermediate values was not preserved.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ValidateParams used to validate CertChain. Must be non-NULL.
+ *  "pCertIndex"
+ *      The UInt32 value of the index to the Cert chain, indicating which Cert
+ *      is currently being processed.
+ *  "pAnchorIndex"
+ *      The UInt32 value of the index to the Anchor chain, indicating which
+ *      Trust Anchor is currently being processed.
+ *  "pCheckerIndex"
+ *      The UInt32 value of the index to the List of CertChainCheckers,
+ *      indicating which Checker is currently processing.
+ *  "pRevChecking"
+ *      The Boolean flag indicating whether normal checking or revocation
+ *      checking is occurring for the Cert indicated by "pCertIndex".
+ *  "pCheckers"
+ *      The address of the List of CertChainCheckers. Must be non-NULL.
+ *  "pNBIOContext"
+ *      The address of the platform-dependend I/O context. Must be a non-NULL
+ *      pointer to a NULL value for the call to initiate chain validation.
+ *  "pResult"
+ *      Address where ValidateResult object pointer will be stored. Must be
+ *      non-NULL.
+ *  "pVerifyTree"
+ *      Address where a VerifyTree is stored, if non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a VALIDATE Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */PKIX_Error *
+PKIX_ValidateChain_NB(
+	PKIX_ValidateParams *params,
+	PKIX_UInt32 *pCertIndex,
+	PKIX_UInt32 *pAnchorIndex,
+	PKIX_UInt32 *pCheckerIndex,
+	PKIX_Boolean *pRevChecking,
+	PKIX_List **pCheckers,
+	void **pNBIOContext,
+	PKIX_ValidateResult **pResult,
+	PKIX_VerifyNode **pVerifyTree,
+	void *plContext);
+
+/*
+ * FUNCTION: PKIX_BuildChain
+ * DESCRIPTION:
+ *
+ *  If called with a NULL "state", this function attempts to build and validate
+ *  a CertChain according to the ProcessingParams pointed to by "params", using
+ *  an RFC 3280-compliant validation algorithm. If successful, this function
+ *  returns NULL and stores the BuildResult at "pResult", which holds the built
+ *  CertChain, as well as additional information, such as the policy tree and
+ *  the target's public key. If unsuccessful, an Error is returned.
+ *
+ *  If the chain building is blocked by a CertStore using non-blocking I/O, this
+ *  function stores platform-dependent non-blocking I/O context at
+ *  "pNBIOContext", its state at "pState", and NULL at "pResult". The caller
+ *  may be able to determine, in a platform-dependent way, when the I/O has
+ *  completed. In any case, calling the function again with "pState" containing
+ *  the returned value will allow the chain building to resume.
+ *
+ *  If chain building is completed, either successfully or unsuccessfully, NULL
+ *  is stored at "pNBIOContext".
+ *
+ *  If "pVerifyTree" is non-NULL, a tree of VerifyNodes is created which
+ *  tracks the results of the building. That is, each node of the tree either
+ *  has a NULL Error component, or it is a leaf node and it contains an Error
+ *  which indicates why the chain building could not proceed on this branch.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams used to build and validate CertChain.
+ *      Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address where platform-dependent information is store if the build
+ *      is suspended waiting for non-blocking I/O. Must be non-NULL.
+ *  "pState"
+ *      Address of BuildChain state. Must be NULL on initial call, and the
+ *      value previously returned on subsequent calls.
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "pVerifyTree"
+ *      Address where a VerifyTree is stored, if non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (See Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_BuildChain(
+        PKIX_ProcessingParams *params,
+        void **pNBIOContext,
+        void **pState,
+        PKIX_BuildResult **pResult,
+	PKIX_VerifyNode **pVerifyNode,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_H */
diff --git a/nss/lib/libpkix/include/pkix_certsel.h b/nss/lib/libpkix/include/pkix_certsel.h
new file mode 100755
index 0000000..e6b20c8
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_certsel.h
@@ -0,0 +1,1826 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the PKIX_CertSelector and the
+ * PKIX_ComCertSelParams types.
+ *
+ */
+
+#ifndef _PKIX_CERTSEL_H
+#define _PKIX_CERTSEL_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_CertSelector
+ *
+ * PKIX_CertSelectors provide a standard way for the caller to select
+ * certificates based on particular criteria. A CertSelector is typically used
+ * by the caller to specify the constraints they wish to impose on the target
+ * certificate in a chain. (see pkix_params.h) A CertSelector is also often
+ * used to retrieve certificates from a CertStore that match the selector's
+ * criteria. (See pkix_certstore.h) For example, the caller may wish to only
+ * select those certificates that have a particular Subject Distinguished Name
+ * and a particular value for a private certificate extension. The
+ * MatchCallback allows the caller to specify the custom matching logic to be
+ * used by a CertSelector.
+ *
+ * By default, the MatchCallback is set to point to the default implementation
+ * provided by libpkix, which understands how to process the most common
+ * parameters. If the default implementation is used, the caller should set
+ * these common parameters using PKIX_CertSelector_SetCommonCertSelectorParams.
+ * Any common parameter that is not set is assumed to be disabled, which means
+ * the default MatchCallback implementation will select all certificates
+ * without regard to that particular disabled parameter. For example, if the
+ * SerialNumber parameter is not set, MatchCallback will not filter out any
+ * certificate based on its serial number. As such, if no parameters are set,
+ * all are disabled and any certificate will match. If a parameter is
+ * disabled, its associated PKIX_ComCertSelParams_Get* function returns a
+ * default value of NULL, or -1 for PKIX_ComCertSelParams_GetBasicConstraints
+ * and PKIX_ComCertSelParams_GetVersion, or 0 for
+ * PKIX_ComCertSelParams_GetKeyUsage.
+ *
+ * If a custom implementation is desired, the default implementation can be
+ * overridden by calling PKIX_CertSelector_SetMatchCallback. In this case, the
+ * CertSelector can be initialized with a certSelectorContext, which is where
+ * the caller can specify the desired parameters the caller wishes to match
+ * against. Note that this certSelectorContext must be an Object (although any
+ * object type), allowing it to be reference-counted and allowing it to
+ * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
+ * Duplicate).
+ *
+ */
+
+/*
+ * FUNCTION: PKIX_CertSelector_MatchCallback
+ * DESCRIPTION:
+ *
+ *  This callback function determines whether the specified Cert pointed to by
+ *  "cert" matches the criteria of the CertSelector pointed to by "selector".
+ *  If the Cert does not matches the CertSelector's criteria, an exception will
+ *  be thrown.
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CertSelector whose MatchCallback logic and parameters are
+ *      to be used. Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched using "selector".
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CertSelector_MatchCallback)(
+        PKIX_CertSelector *selector,
+        PKIX_PL_Cert *cert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertSelector_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CertSelector using the Object pointed to by
+ *  "certSelectorContext" (if any) and stores it at "pSelector". As noted
+ *  above, by default, the MatchCallback is set to point to the default
+ *  implementation provided by libpkix, which understands how to process
+ *  ComCertSelParams objects. This is overridden if the MatchCallback pointed
+ *  to by "callback" is not NULL, in which case the parameters are specified
+ *  using the certSelectorContext.
+ *
+ * PARAMETERS:
+ *  "callback"
+ *      The MatchCallback function to be used.
+ *  "certSelectorContext"
+ *      Address of Object representing the CertSelector's context (if any).
+ *  "pSelector"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertSelector_Create(
+        PKIX_CertSelector_MatchCallback callback,
+        PKIX_PL_Object *certSelectorContext,
+        PKIX_CertSelector **pSelector,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertSelector_GetMatchCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "selector's" Match callback function and puts it in
+ *  "pCallback".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      The CertSelector whose Match callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where Match callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertSelector_GetMatchCallback(
+        PKIX_CertSelector *selector,
+        PKIX_CertSelector_MatchCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertSelector_GetCertSelectorContext
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
+ *  of the CertSelector pointed to by "selector" and stores it at
+ *  "pCertSelectorContext".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CertSelector whose context is to be stored.
+ *      Must be non-NULL.
+ *  "pCertSelectorContext"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertSelector_GetCertSelectorContext(
+        PKIX_CertSelector *selector,
+        PKIX_PL_Object **pCertSelectorContext,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the ComCertSelParams object that represent the
+ *  common parameters of the CertSelector pointed to by "selector" and stores
+ *  it at "pCommonCertSelectorParams". If there are no common parameters
+ *  stored with the CertSelector, this function stores NULL at
+ *  "pCommonCertSelectorParams".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CertSelector whose ComCertSelParams object is to be stored.
+ *      Must be non-NULL.
+ *  "pCommonCertSelectorParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertSelector_GetCommonCertSelectorParams(
+        PKIX_CertSelector *selector,
+        PKIX_ComCertSelParams **pCommonCertSelectorParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
+ * DESCRIPTION:
+ *
+ *  Sets the common parameters for the CertSelector pointed to by "selector"
+ *  using the ComCertSelParams object pointed to by "commonCertSelectorParams".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CertSelector whose common parameters are to be set.
+ *      Must be non-NULL.
+ *  "commonCertSelectorParams"
+ *      Address of ComCertSelParams object representing the common parameters.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "selector"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertSelector_SetCommonCertSelectorParams(
+        PKIX_CertSelector *selector,
+        PKIX_ComCertSelParams *commonCertSelectorParams,
+        void *plContext);
+
+/* PKIX_ComCertSelParams
+ *
+ * PKIX_ComCertSelParams objects are X.509 parameters commonly used with
+ * CertSelectors, especially when enforcing constraints on a target
+ * certificate or determining which certificates to retrieve from a CertStore.
+ * ComCertSelParams objects are typically used with those CertSelectors that
+ * use the default implementation of MatchCallback, which understands how to
+ * process ComCertSelParams objects.
+ */
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new ComCertSelParams object and stores it at "pParams".
+ *
+ * PARAMETERS:
+ *  "pParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_Create(
+        PKIX_ComCertSelParams **pParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of GeneralNames (if any) representing the
+ *  subject alternative names criterion that is set in the ComCertSelParams
+ *  object pointed to by "params" and stores it at "pNames". In order to match
+ *  against this criterion, a certificate must contain all or at least one of
+ *  the criterion's subject alternative names (depending on the result of
+ *  PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default behavior
+ *  requires a certificate to contain all of the criterion's subject
+ *  alternative names in order to match.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pNames", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject alternative names
+ *      criterion (if any) is to be stored. Must be non-NULL.
+ *  "pNames"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
+ * DESCRIPTION:
+ *
+ *  Sets the subject alternative names criterion of the ComCertSelParams object
+ *  pointed to by "params" using a List of GeneralNames pointed to by "names".
+ *  In order to match against this criterion, a certificate must contain all or
+ *  at least one of the criterion's subject alternative names (depending on the
+ *  result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
+ *  behavior requires a certificate to contain all of the criterion's subject
+ *  alternative names in order to match.
+ *
+ *  If "names" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject alternative
+ *      names criterion is to be set. Must be non-NULL.
+ *  "names"
+ *      Address of List of GeneralNames used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *names,  /* list of PKIX_PL_GeneralName */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_AddSubjAltName
+ * DESCRIPTION:
+ *
+ *  Adds to the subject alternative names criterion of the ComCertSelParams
+ *  object pointed to by "params" using the GeneralName pointed to by "name".
+ *  In order to match against this criterion, a certificate must contain all
+ *  or at least one of the criterion's subject alternative names (depending on
+ *  the result of PKIX_ComCertSelParams_GetMatchAllSubjAltNames). The default
+ *  behavior requires a certificate to contain all of the criterion's subject
+ *  alternative names in order to match.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject alternative names
+ *      criterion is to be added to. Must be non-NULL.
+ *  "name"
+ *      Address of GeneralName to be added.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_AddSubjAltName(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_GeneralName *name,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetPathToNames
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of GeneralNames (if any) representing the
+ *  path to names criterion that is set in the ComCertSelParams object pointed
+ *  to by "params" and stores it at "pNames". In order to match against this
+ *  criterion, a certificate must not include name constraints that would
+ *  prohibit building a path to the criterion's specified names.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pNames", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose path to names criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pNames"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetPathToNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pNames,  /* list of PKIX_PL_GeneralName */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetPathToNames
+ * DESCRIPTION:
+ *
+ *  Sets the path to names criterion of the ComCertSelParams object pointed to
+ *  by "params" using a List of GeneralNames pointed to by "names". In order to
+ *  match against this criterion, a certificate must not include name
+ *  constraints that would prohibit building a path to the criterion's
+ *  specified names.
+ *
+ *  If "names" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose path to names criterion
+ *      is to be set. Must be non-NULL.
+ *  "names"
+ *      Address of List of GeneralNames used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetPathToNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *names,    /* list of PKIX_PL_GeneralName */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_AddPathToName
+ * DESCRIPTION:
+ *
+ *  Adds to the path to names criterion of the ComCertSelParams object pointed
+ *  to by "params" using the GeneralName pointed to by "pathToName". In order
+ *  to match against this criterion, a certificate must not include name
+ *  constraints that would prohibit building a path to the criterion's
+ *  specified names.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose path to names criterion is to
+ *      be added to. Must be non-NULL.
+ *  "pathToName"
+ *      Address of GeneralName to be added.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_AddPathToName(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_GeneralName *pathToName,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the ByteArray (if any) representing the authority
+ *  key identifier criterion that is set in the ComCertSelParams object
+ *  pointed to by "params" and stores it at "pAuthKeyId". In order to match
+ *  against this criterion, a certificate must contain an
+ *  AuthorityKeyIdentifier extension whose value matches the criterion's
+ *  authority key identifier value.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pAuthKeyId", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose authority key identifier
+ *      criterion (if any) is to be stored. Must be non-NULL.
+ *  "pAuthKeyId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray **pAuthKeyId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
+ * DESCRIPTION:
+ *
+ *  Sets the authority key identifier criterion of the ComCertSelParams object
+ *  pointed to by "params" to the ByteArray pointed to by "authKeyId". In
+ *  order to match against this criterion, a certificate must contain an
+ *  AuthorityKeyIdentifier extension whose value matches the criterion's
+ *  authority key identifier value.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose authority key identifier
+ *      criterion is to be set. Must be non-NULL.
+ *  "authKeyId"
+ *      Address of ByteArray used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray *authKeyId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the ByteArray (if any) representing the subject key
+ *  identifier criterion that is set in the ComCertSelParams object pointed to
+ *  by "params" and stores it at "pSubjKeyId". In order to match against this
+ *  criterion, a certificate must contain a SubjectKeyIdentifier extension
+ *  whose value matches the criterion's subject key identifier value.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pSubjKeyId", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject key identifier
+ *      criterion (if any) is to be stored. Must be non-NULL.
+ *  "pSubjKeyId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray **pSubjKeyId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
+ * DESCRIPTION:
+ *
+ *  Sets the subject key identifier criterion of the ComCertSelParams object
+ *  pointed to by "params" using a ByteArray pointed to by "subjKeyId". In
+ *  order to match against this criterion, a certificate must contain an
+ *  SubjectKeyIdentifier extension whose value matches the criterion's subject
+ *  key identifier value.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject key identifier
+ *      criterion is to be set. Must be non-NULL.
+ *  "subjKeyId"
+ *      Address of ByteArray used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray *subKeyId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the PublicKey (if any) representing the subject
+ *  public key criterion that is set in the ComCertSelParams object pointed to
+ *  by "params" and stores it at "pPubKey". In order to match against this
+ *  criterion, a certificate must contain a SubjectPublicKey that matches the
+ *  criterion's public key.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pPubKey", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject public key criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pPubKey"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjPubKey(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_PublicKey **pPubKey,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
+ * DESCRIPTION:
+ *
+ *  Sets the subject public key criterion of the ComCertSelParams object
+ *  pointed to by "params" using a PublicKey pointed to by "pubKey". In order
+ *  to match against this criterion, a certificate must contain a
+ *  SubjectPublicKey that matches the criterion's public key.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject public key
+ *      criterion is to be set. Must be non-NULL.
+ *  "pubKey"
+ *      Address of PublicKey used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjPubKey(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_PublicKey *pubKey,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the OID (if any) representing the subject public key
+ *  algorithm identifier criterion that is set in the ComCertSelParams object
+ *  pointed to by "params" and stores it at "pPubKey". In order to match
+ *  against this criterion, a certificate must contain a SubjectPublicKey with
+ *  an algorithm that matches the criterion's algorithm.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pAlgId", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject public key algorithm
+ *      identifier (if any) is to be stored. Must be non-NULL.
+ *  "pAlgId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjPKAlgId(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_OID **pAlgId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
+ * DESCRIPTION:
+ *
+ *  Sets the subject public key algorithm identifier criterion of the
+ *  ComCertSelParams object pointed to by "params" using an OID pointed to by
+ *  "algId". In order to match against this criterion, a certificate must
+ *  contain a SubjectPublicKey with an algorithm that matches the criterion's
+ *  algorithm.
+ *
+ *  If "algId" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject public key
+ *      algorithm identifier criterion is to be set. Must be non-NULL.
+ *  "algId"
+ *      Address of OID used to set criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjPKAlgId(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_OID *algId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the minimum path length (if any) representing the
+ *  basic constraints criterion that is set in the ComCertSelParams object
+ *  pointed to by "params" and stores it at "pMinPathLength". In order to
+ *  match against this criterion, there are several possibilities.
+ *
+ *  1) If the criterion's minimum path length is greater than or equal to zero,
+ *  a certificate must include a BasicConstraints extension with a pathLen of
+ *  at least this value.
+ *
+ *  2) If the criterion's minimum path length is -2, a certificate must be an
+ *  end-entity certificate.
+ *
+ *  3) If the criterion's minimum path length is -1, no basic constraints check
+ *  is done and all certificates are considered to match this criterion.
+ *
+ *  The semantics of other values of the criterion's minimum path length are
+ *  undefined but may be defined in future versions of the API.
+ *
+ *  If "params" does not have this criterion set, this function stores -1 at
+ *  "pMinPathLength", in which case all certificates are considered to match
+ *  this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose basic constraints criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pMinPathLength"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetBasicConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_Int32 *pMinPathLength,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
+ * DESCRIPTION:
+ *
+ *  Sets the basic constraints criterion of the ComCertSelParams object
+ *  pointed to by "params" using the integer value of "minPathLength". In
+ *  order to match against this criterion, there are several possibilities.
+ *
+ *  1) If the criterion's minimum path length is greater than or equal to zero,
+ *  a certificate must include a BasicConstraints extension with a pathLen of
+ *  at least this value.
+ *
+ *  2) If the criterion's minimum path length is -2, a certificate must be an
+ *  end-entity certificate.
+ *
+ *  3) If the criterion's minimum path length is -1, no basic constraints check
+ *  is done and all certificates are considered to match this criterion.
+ *
+ *  The semantics of other values of the criterion's minimum path length are
+ *  undefined but may be defined in future versions of the API.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose basic constraints
+ *      criterion is to be set. Must be non-NULL.
+ *  "minPathLength"
+ *      Value of PKIX_Int32 used to set the criterion
+ *      (or -1 to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetBasicConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_Int32 minPathLength,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetCertificate
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Cert (if any) representing the certificate
+ *  criterion that is set in the ComCertSelParams object pointed to by
+ *  "params" and stores it at "pCert". In order to match against this
+ *  criterion, a certificate must be equal to the criterion's certificate. If
+ *  this criterion is specified, it is usually not necessary to specify any
+ *  other criteria, since this criterion requires an exact certificate match.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pCert", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose certificate criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pCert"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetCertificate(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert **pCert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetCertificate
+ * DESCRIPTION:
+ *
+ *  Sets the certificate criterion of the ComCertSelParams object pointed to by
+ * "params" using a Cert pointed to by "cert". In order to match against this
+ *  criterion, a certificate must be equal to the criterion's certificate.
+ *  If this criterion is specified, it is usually not necessary to specify
+ *  any other criteria, since this criterion requires an exact certificate
+ *  match.
+ *
+ *  If "cert" is NULL, all certificates are considered to match this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose certificate criterion is to be
+ *      set. Must be non-NULL.
+ *  "cert"
+ *      Address of Cert used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetCertificate(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Date (if any) representing the certificate
+ *  validity criterion that is set in the ComCertSelParams object pointed to by
+ *  "params" and stores it at "pDate". In order to match against this
+ *  criterion, a certificate's validity period must include the criterion's
+ *  Date.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pDate", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose certificate validity criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pDate"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetCertificateValid(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
+ * DESCRIPTION:
+ *
+ *  Sets the certificate validity criterion of the ComCertSelParams object
+ *  pointed to by "params" using a Date pointed to by "date". In order to
+ *  match against this criterion, a certificate's validity period must include
+ *  the criterion's Date.
+ *
+ *  If "date" is NULL, all certificates are considered to match this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose certificate validity criterion
+ *      is to be set. Must be non-NULL.
+ *  "date"
+ *      Address of Date used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetCertificateValid(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Date *date,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the BigInt (if any) representing the serial number
+ *  criterion that is set in the ComCertSelParams object pointed to by
+ *  "params" and stores it at "pSerialNumber". In order to match against this
+ *  criterion, a certificate must have a serial number equal to the
+ *  criterion's serial number.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pSerialNumber", in which case all certificates are considered to match
+ *  this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose serial number criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pSerialNumber"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSerialNumber(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_BigInt **pSerialNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
+ * DESCRIPTION:
+ *
+ *  Sets the serial number criterion of the ComCertSelParams object pointed to
+ *  by "params" using a BigInt pointed to by "serialNumber". In order to match
+ *  against this criterion, a certificate must have a serial number equal to
+ *  the criterion's serial number.
+ *
+ *  If "serialNumber" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose serial number criterion is to
+ *      be set. Must be non-NULL.
+ *  "serialNumber"
+ *      Address of BigInt used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSerialNumber(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_BigInt *serialNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetVersion
+ * DESCRIPTION:
+ *
+ *  Retrieves a PKIX_UInt32 (if any) representing the version criterion that is
+ *  set in the ComCertSelParams object pointed to by "params" and stores it at
+ *  "pVersion". In order to match against this criterion, a certificate's
+ *  version must be equal to the criterion's version.
+ *
+ *  The version number will either be 0, 1, or 2 (corresponding to
+ *  v1, v2, or v3, respectively).
+ *
+ *  If "params" does not have this criterion set, this function stores
+ *  0xFFFFFFFF at "pVersion", in which case all certificates are considered
+ *  to match this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose version criterion (if any) is
+ *      to be stored. Must be non-NULL.
+ *  "pVersion"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetVersion(
+        PKIX_ComCertSelParams *params,
+        PKIX_UInt32 *pVersion,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetVersion
+ * DESCRIPTION:
+ *
+ *  Sets the version criterion of the ComCertSelParams object pointed to by
+ *  "params" using the integer value of "version". In order to match against
+ *  this criterion, a certificate's version must be equal to the criterion's
+ *  version. If the criterion's version is -1, no version check is done and
+ *  all certificates are considered to match this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose version criterion is to be
+ *      set. Must be non-NULL.
+ *  "version"
+ *      Value of PKIX_Int32 used to set the criterion
+ *      (or -1 to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetVersion(
+        PKIX_ComCertSelParams *params,
+        PKIX_Int32 version,
+        void *plContext);
+
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
+ * DESCRIPTION:
+ *
+ *  Retrieves a PKIX_UInt32 (if any) representing the key usage criterion that
+ *  is set in the ComCertSelParams object pointed to by "params" and stores it
+ *  at "pKeyUsage". In order to match against this criterion, a certificate
+ *  must allow the criterion's key usage values. Note that a certificate that
+ *  has no KeyUsage extension implicity allows all key usages. Note also that
+ *  this functions supports a maximum of 32 key usage bits.
+ *
+ *  If "params" does not have this criterion set, this function stores zero at
+ *  "pKeyUsage", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose key usage criterion (if any)
+ *      is to be stored. Must be non-NULL.
+ *  "pKeyUsage"
+ *      Address where PKIX_UInt32 will be stored. Must not be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_UInt32 *pKeyUsage,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
+ * DESCRIPTION:
+ *
+ *  Sets the key usage criterion of the ComCertSelParams object pointed to by
+ *  "params" using the integer value of "keyUsage". In order to match against
+ *  this criterion, a certificate must allow the criterion's key usage values.
+ *  Note that a certificate that has no KeyUsage extension implicity allows
+ *  all key usages. Note also that this functions supports a maximum of 32 key
+ *  usage bits.
+ *
+ *  If the criterion's key usage value is zero, no key usage check is done and
+ *  all certificates are considered to match this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose key usage criterion is to be
+ *      set. Must be non-NULL.
+ *  "keyUsage"
+ *      Value of PKIX_Int32 used to set the criterion
+ *      (or zero to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_UInt32 keyUsage,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of OIDs (if any) representing the extended
+ *  key usage criterion that is set in the ComCertSelParams object pointed to
+ *  by "params" and stores it at "pExtKeyUsage". In order to match against this
+ *  criterion, a certificate's ExtendedKeyUsage extension must allow the
+ *  criterion's extended key usages. Note that a certificate that has no
+ *  ExtendedKeyUsage extension implicity allows all key purposes.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pExtKeyUsage", in which case all certificates are considered to match
+ *  this criterion.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose extended key usage criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pExtKeyUsage"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetExtendedKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
+ * DESCRIPTION:
+ *
+ *  Sets the extended key usage criterion of the ComCertSelParams object
+ *  pointed to by "params" using a List of OIDs pointed to by "extKeyUsage".
+ *  In order to match against this criterion, a certificate's ExtendedKeyUsage
+ *  extension must allow the criterion's extended key usages. Note that a
+ *  certificate that has no ExtendedKeyUsage extension implicitly allows all
+ *  key purposes.
+ *
+ *  If "extKeyUsage" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose extended key usage criterion
+ *      is to be set. Must be non-NULL.
+ *  "extKeyUsage"
+ *      Address of List of OIDs used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetExtendedKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *extKeyUsage,  /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetPolicy
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of OIDs (if any) representing the policy
+ *  criterion that is set in the ComCertSelParams object pointed to by
+ *  "params" and stores it at "pPolicy". In order to match against this
+ *  criterion, a certificate's CertificatePolicies extension must include at
+ *  least one of the criterion's policies. If "params" has this criterion set,
+ *  but the List of OIDs is empty, then a certificate's CertificatePolicies
+ *  extension must include at least some policy.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pPolicy", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose policy criterion (if any) is
+ *      to be stored. Must be non-NULL.
+ *  "pPolicy"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetPolicy(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pPolicy,  /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetPolicy
+ * DESCRIPTION:
+ *
+ *  Sets the policy criterion of the ComCertSelParams object pointed to by
+ *  "params" using a List of OIDs pointed to by "policy". In order to match
+ *  against this criterion, a certificate's CertificatePolicies extension must
+ *  include at least one of the criterion's policies. If "params" has this
+ *  criterion set, but the List of OIDs is empty, then a certificate's
+ *  CertificatePolicies extension must include at least some policy.
+ *
+ *  If "policy" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose policy criterion is to be set.
+ *      Must be non-NULL.
+ *  "policy"
+ *      Address of List of OIDs used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetPolicy(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *policy,    /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetIssuer
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the X500Name (if any) representing the issuer
+ *  criterion that is set in the ComCertSelParams object pointed to by
+ *  "params" and stores it at "pIssuer". In order to match against this
+ *  criterion, a certificate's IssuerName must match the criterion's issuer
+ *  name.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pIssuer", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose issuer criterion (if any) is
+ *      to be stored. Must be non-NULL.
+ *  "pIssuer"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetIssuer(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name **pIssuer,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetIssuer
+ * DESCRIPTION:
+ *
+ *  Sets the issuer criterion of the ComCertSelParams object pointed to by
+ *  "params" using an X500Name pointed to by "issuer". In order to match
+ *  against this criterion, a certificate's IssuerName must match the
+ *  criterion's issuer name.
+ *
+ *  If "issuer" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose issuer criterion is to be set.
+ *      Must be non-NULL.
+ *  "issuer"
+ *      Address of X500Name used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetIssuer(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name *issuer,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubject
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the X500Name (if any) representing the subject
+ *  criterion that is set in the ComCertSelParams object pointed to by
+ *  "params" and stores it at "pSubject". In order to match against this
+ *  criterion, a certificate's SubjectName must match the criterion's subject
+ *  name.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pSubject", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject criterion (if any) is
+ *      to be stored. Must be non-NULL.
+ *  "pSubject"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubject(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name **pSubject,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubject
+ * DESCRIPTION:
+ *
+ *  Sets the subject criterion of the ComCertSelParams object pointed to by
+ *  "params" using an X500Name pointed to by "subject". In order to match
+ *  against this criterion, a certificate's SubjectName must match the
+ *  criterion's subject name.
+ *
+ *  If "subject" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject criterion is to be
+ *      set. Must be non-NULL.
+ *  "subject"
+ *      Address of X500Name used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubject(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name *subject,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjectAsByteArray
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the ByteArray (if any) representing the subject
+ *  criterion that is set in the ComCertSelParams object pointed to by
+ *  "params" and stores it at "pSubject". In order to match against this
+ *  criterion, a certificate's SubjectName must match the criterion's subject
+ *  name.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pSubject", in which case all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject criterion (if any) is
+ *      to be stored. Must be non-NULL.
+ *  "pSubject"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjectAsByteArray(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray **pSubject,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjectAsByteArray
+ * DESCRIPTION:
+ *
+ *  Sets the subject criterion of the ComCertSelParams object pointed to by
+ *  "params" using a ByteArray pointed to by "subject". In order to match
+ *  against this criterion, a certificate's SubjectName must match the
+ *  criterion's subject name.
+ *
+ *  If "subject" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose subject criterion is to be
+ *      set. Must be non-NULL.
+ *  "subject"
+ *      Address of ByteArray used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjectAsByteArray(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray *subject,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the X500Name (if any) representing the name
+ *  constraints criterion that is set in the ComCertSelParams object pointed
+ *  to by "params" and stores it at "pConstraints". In order to match against
+ *  this criterion, a certificate's subject and subject alternative names must
+ *  be allowed by the criterion's name constraints.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pConstraints", in which case all certificates are considered to match
+ *  this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose name constraints criterion
+ *      (if any) is to be stored. Must be non-NULL.
+ *  "pConstraints"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetNameConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_CertNameConstraints **pConstraints,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
+ * DESCRIPTION:
+ *
+ *  Sets the name constraints criterion of the ComCertSelParams object pointed
+ *  to by "params" using the CertNameConstraints pointed to by "constraints".
+ *  In order to match against this criterion, a certificate's subject and
+ *  subject alternative names must be allowed by the criterion's name
+ *  constraints.
+ *
+ *  If "constraints" is NULL, all certificates are considered to match this
+ *  criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose name constraints criterion is
+ *      to be set. Must be non-NULL.
+ *  "constraints"
+ *      Address of CertNameConstraints used to set the criterion
+ *      (or NULL to disable the criterion).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetNameConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_CertNameConstraints *constraints,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
+ * DESCRIPTION:
+ *
+ *  Checks whether the ComCertSelParams object pointed to by "params" indicate
+ *  that all subject alternative names are to be matched and stores the Boolean
+ *  result at "pMatch". This Boolean value determines the behavior of the
+ *  subject alternative names criterion.
+ *
+ *  In order to match against the subject alternative names criterion, if the
+ *  Boolean value at "pMatch" is PKIX_TRUE, a certificate must contain all of
+ *  the criterion's subject alternative names. If the Boolean value at
+ *  "pMatch" is PKIX_FALSE, a certificate must contain at least one of the
+ *  criterion's subject alternative names. The default behavior is as if the
+ *  Boolean value at "pMatch" is PKIX_TRUE.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object used to determine whether all
+ *      subject alternative names must be matched. Must be non-NULL.
+ *  "pMatch"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean *pMatch,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
+ * DESCRIPTION:
+ *
+ *  Sets the match flag of the ComCertSelParams object pointed to by "params"
+ *  using the Boolean value of "match". This Boolean value determines the
+ *  behavior of the subject alternative names criterion.
+ *
+ *  In order to match against the subject alternative names criterion, if the
+ *  "match" is PKIX_TRUE, a certificate must contain all of the criterion's
+ *  subject alternative names. If the "match" is PKIX_FALSE, a certificate
+ *  must contain at least one of the criterion's subject alternative names.
+ *  The default behavior is as if "match" is PKIX_TRUE.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose match flag is to be set.
+ *      Must be non-NULL.
+ *  "match"
+ *      Boolean value used to set the match flag.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean match,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
+ * DESCRIPTION:
+ *
+ * Return "leafCert" flag of the ComCertSelParams structure. If set to true,
+ * the flag indicates that a selector should filter out all cert that are not
+ * qualified to be a leaf cert according to the specified key/ekey usages.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object used to determine whether all
+ *      subject alternative names must be matched. Must be non-NULL.
+ *  "pLeafFlag"
+ *      Address of returned value.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error*
+PKIX_ComCertSelParams_GetLeafCertFlag(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean *pLeafFlag,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
+ * DESCRIPTION:
+ *
+ * Sets a flag that if its value is true, indicates that the selector
+ * should only pick certs that qualifies to be leaf for this cert path
+ * validation.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams object whose match flag is to be set.
+ *      Must be non-NULL.
+ *  "leafFlag"
+ *      Boolean value used to set the leaf flag.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetLeafCertFlag(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean leafFlag,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CERTSEL_H */
diff --git a/nss/lib/libpkix/include/pkix_certstore.h b/nss/lib/libpkix/include/pkix_certstore.h
new file mode 100755
index 0000000..fb70564
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_certstore.h
@@ -0,0 +1,714 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the PKIX_CertStore type.
+ *
+ */
+
+#ifndef _PKIX_CERTSTORE_H
+#define _PKIX_CERTSTORE_H
+
+#include "pkixt.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_CertStore
+ *
+ * A PKIX_CertStore provides a standard way for the caller to retrieve
+ * certificates and CRLs from a particular repository (or "store") of
+ * certificates and CRLs, including LDAP directories, flat files, local
+ * databases, etc. The CertCallback allows custom certificate retrieval logic
+ * to be used while the CRLCallback allows custom CRL retrieval logic to be
+ * used. Additionally, a CertStore can be initialized with a certStoreContext,
+ * which is where the caller can specify configuration data such as the host
+ * name of an LDAP server. Note that this certStoreContext must be an
+ * Object (although any object type), allowing it to be reference-counted and
+ * allowing it to provide the standard Object functions (Equals, Hashcode,
+ * ToString, Compare, Duplicate). Please note that each certStoreContext must
+ * provide Equals and Hashcode functions in order for the caching (on Cert and
+ * CertChain) to work correctly. When providing those two functions, it is not
+ * required that all the components of the object be hashed or checked for 
+ * equality, but merely that the functions distinguish between unique
+ * instances of the certStoreContext.
+ *
+ * Once the caller has created the CertStore object, the caller then specifies
+ * these CertStore objects in a ProcessingParams object and passes that object
+ * to PKIX_ValidateChain or PKIX_BuildChain, which uses the objects to call the
+ * user's callback functions as needed during the validation or building
+ * process.
+ *
+ * The order of CertStores stored (as a list) at ProcessingParams determines
+ * the order in which certificates are retrieved. Trusted CertStores should
+ * precede non-trusted ones on the list of CertStores so their certificates
+ * are evaluated ahead of other certificates selected on the basis of the same
+ * selector criteria.
+ *
+ * The CheckTrustCallback function is used when the CertStore object
+ * supports trust status, which means a Cert's trust status can be altered
+ * dynamically. When a CertStore object is created, if the
+ * CheckTrustCallback is initialized to be non-NULL, this CertStore is
+ * defaulted as supporting trust. Then whenever a Cert needs to (re)check its
+ * trust status, this callback can be invoked. When a Cert is retrieved by
+ * a CertStore supports trust, at its GetCertCallback, the CertStore
+ * information should be updated in Cert's data structure so the link between
+ * the Cert and CertStore exists.
+ *
+ */
+
+/*
+ * FUNCTION: PKIX_CertStore_CertCallback
+ * DESCRIPTION:
+ *
+ *  This callback function retrieves from the CertStore pointed to by "store"
+ *  all the certificates that match the CertSelector pointed to by "selector".
+ *  It places these certificates in a List and stores a pointer to the List at
+ *  "pCerts". If no certificates are found which match the CertSelector's
+ *  criteria, this function stores an empty List at "pCerts". In either case, if
+ *  the operation is completed, NULL is stored at "pNBIOContext".
+ *
+ *  A CertStore which uses non-blocking I/O may store platform-dependent
+ *  information at "pNBIOContext" and NULL at "pCerts" to indicate that I/O is
+ *  pending. A subsequent call to PKIX_CertStore_CertContinue is required to
+ *  finish the operation and to obtain the List of Certs.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore from which Certs are to be retrieved.
+ *      Must be non-NULL.
+ *  "selector"
+ *      Address of CertSelector whose criteria must be satisfied.
+ *      Must be non-NULL.
+ *  "verifyNode"
+ *      Parent log node for tracking of filtered out certs.
+ *  "pNBIOContext"
+ *      Address at which platform-dependent information is stored if the
+ *      operation is suspended for non-blocking I/O. Must be non-NULL.
+ *  "pCerts"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CertStore_CertCallback)(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCerts,  /* list of PKIX_PL_Cert */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_CertContinue
+ * DESCRIPTION:
+ *
+ *  This function continues the non-blocking operation initiated by an earlier
+ *  call to the CertCallback function, for the CertStore pointed to by "store". 
+ *  If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
+ *  value returned in "pNBIOContext") calling this function will return a fatal
+ *  error. If the operation is completed the certificates found are placed in a
+ *  List, a pointer to which is stored at "pCerts". If no certificates are found
+ *  which match the CertSelector's criteria, this function stores an empty List
+ *  at "pCerts". In either case, if the operation is completed, NULL is stored
+ *  at "pNBIOContext".
+ *
+ *  If non-blocking I/O is still pending this function stores platform-dependent
+ *  information at "pNBIOContext" and NULL at "pCerts". A subsequent call to
+ *  PKIX_CertStore_CertContinue is required to finish the operation and to
+ *  obtain the List of Certs.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore from which Certs are to be retrieved.
+ *      Must be non-NULL.
+ *  "selector"
+ *      Address of CertSelector whose criteria must be satisfied.
+ *      Must be non-NULL.
+ *  "verifyNode"
+ *      Parent log node for tracking of filtered out certs.
+ *  "pNBIOContext"
+ *      Address at which platform-dependent information is stored if the
+ *      operation is suspended for non-blocking I/O. Must be non-NULL.
+ *  "pCerts"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_CertContinue(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCerts,  /* list of PKIX_PL_Cert */
+        void *plContext);
+
+typedef PKIX_Error *
+(*PKIX_CertStore_CertContinueFunction)(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCerts,  /* list of PKIX_PL_Cert */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_CRLCallback
+ * DESCRIPTION:
+ *
+ *  This callback function retrieves from the CertStore pointed to by "store"
+ *  all the CRLs that match the CRLSelector pointed to by "selector". It
+ *  places these CRLs in a List and stores a pointer to the List at "pCRLs".
+ *  If no CRLs are found which match the CRLSelector's criteria, this function
+ *  stores an empty List at "pCRLs". In either case, if the operation is
+ *  completed, NULL is stored at "pNBIOContext".
+ *
+ *  A CertStore which uses non-blocking I/O may store platform-dependent
+ *  information at "pNBIOContext" and NULL at "pCrls" to indicate that I/O is
+ *  pending. A subsequent call to PKIX_CertStore_CRLContinue is required to
+ *  finish the operation and to obtain the List of Crls.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore from which CRLs are to be retrieved.
+ *      Must be non-NULL.
+ *  "selector"
+ *      Address of CRLSelector whose criteria must be satisfied.
+ *      Must be non-NULL.
+ *  "pCrls"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CertStore_CRLCallback)(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrls,  /* list of PKIX_PL_CRL */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_ImportCrlCallback
+ * DESCRIPTION:
+ *
+ * The function imports crl list into a cert store. Stores that
+ * have local cache may only have that function defined.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore from which CRLs are to be retrieved.
+ *      Must be non-NULL.
+ *  "issuerName"
+ *      Name of the issuer that will be used to track bad der crls.
+ *  "crlList"
+ *      Address on the importing crl list.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CertStore_ImportCrlCallback)(
+        PKIX_CertStore *store,
+        PKIX_PL_X500Name *issuerName,
+        PKIX_List *crlList,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_CheckRevokationByCrlCallback
+ * DESCRIPTION:
+ *
+ * The function checks revocation status of a cert with specified
+ * issuer, date. It returns revocation status of a cert and
+ * a reason code(if any) if a cert was revoked.
+ * 
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore from which CRLs are to be retrieved.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Certificate which revocation status will be checked.
+ *  "issuer"
+ *      Issuer certificate of the "crl".
+ *  "date"
+ *      Date of the revocation check.
+ *  "crlDownloadDone"
+ *      Indicates, that all needed crl downloads are done by the time of
+ *      the revocation check.
+ *  "reasonCode"
+ *      If cert is revoked, returned reason code for  which a cert was revoked.
+ *  "revStatus"
+ *      Returned revocation status of the cert. See PKIX_RevocationStatus
+ *      for more details
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CertStore_CheckRevokationByCrlCallback)(
+        PKIX_CertStore *store,
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        PKIX_Boolean  crlDownloadDone,
+        CERTCRLEntryReasonCode *reasonCode,
+        PKIX_RevocationStatus *revStatus,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_CrlContinue
+ * DESCRIPTION:
+ *
+ *  This function continues the non-blocking operation initiated by an earlier
+ *  call to the CRLCallback function, for the CertStore pointed to by "store". 
+ *  If an earlier call did not terminate with the WOULDBLOCK indication (non-NULL
+ *  value returned in "pNBIOContext") calling this function will return a fatal
+ *  error. If the operation is completed the crls found are placed in a List, a
+ *  pointer to which is stored at "pCrls". If no crls are found which match the
+ *  CRLSelector's criteria, this function stores an empty List at "pCrls". In
+ *  either case, if the operation is completed, NULL is stored at "pNBIOContext".
+ *
+ *  If non-blocking I/O is still pending this function stores platform-dependent
+ *  information at "pNBIOContext" and NULL at "pCrls". A subsequent call to
+ *  PKIX_CertStore_CrlContinue is required to finish the operation and to
+ *  obtain the List of Crls.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore from which Crls are to be retrieved.
+ *      Must be non-NULL.
+ *  "selector"
+ *      Address of CRLSelector whose criteria must be satisfied.
+ *      Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which platform-dependent information is stored if the
+ *      operation is suspended for non-blocking I/O. Must be non-NULL.
+ *  "pCrls"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_CrlContinue(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrls,  /* list of PKIX_PL_CRL */
+        void *plContext);
+
+typedef PKIX_Error *
+(*PKIX_CertStore_CrlContinueFunction)(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrls,  /* list of PKIX_PL_CRL */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_CheckTrustCallback
+ * DESCRIPTION:
+ *
+ *  This callback function rechecks "cert's" trust status from the CertStore
+ *  pointed to by "store".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore from which Certs are to be checked.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert whose trust status needs to be rechecked.
+ *      Must be non-NULL.
+ *  "pTrusted"
+ *      Address of PKIX_Boolean where the trust status is returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CertStore_CheckTrustCallback)(
+        PKIX_CertStore *store,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pTrusted,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CertStore and stores it at "pStore". The new CertStore uses
+ *  the CertCallback pointed to by "certCallback" and the CRLCallback pointed
+ *  to by "crlCallback" as its callback functions and uses the Object pointed
+ *  to by "certStoreContext" as its context . Note that this certStoreContext
+ *  must be an Object (although any object type), allowing it to be
+ *  reference-counted and allowing it to provide the standard Object functions
+ *  (Equals, Hashcode, ToString, Compare, Duplicate). Once created, a
+ *  CertStore object is immutable, although the underlying repository can
+ *  change. For example, a CertStore will often be a front-end for a database
+ *  or directory. The contents of that directory can change after the
+ *  CertStore object is created, but the CertStore object remains immutable.
+ *
+ * PARAMETERS:
+ *  "certCallback"
+ *      The CertCallback function to be used. Must be non-NULL.
+ *  "crlCallback"
+ *      The CRLCallback function to be used. Must be non-NULL.
+ *  "certContinue"
+ *      The function to be used to resume a certCallback that returned with a
+ *      WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
+ *      I/O.
+ *  "crlContinue"
+ *      The function to be used to resume a crlCallback that returned with a
+ *      WOULDBLOCK condition. Must be non-NULL if certStore supports non-blocking
+ *      I/O.
+ *  "trustCallback"
+ *      Address of PKIX_CertStore_CheckTrustCallback which is called to
+ *      verify the trust status of Certs in this CertStore.
+ *  "certStoreContext"
+ *      Address of Object representing the CertStore's context (if any).
+ *  "cachedFlag"
+ *      If TRUE indicates data retrieved from CertStore should be cached.
+ *  "localFlag"
+ *      Boolean value indicating whether this CertStore is local.
+ *  "pStore"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_Create(
+        PKIX_CertStore_CertCallback certCallback,
+        PKIX_CertStore_CRLCallback crlCallback,
+        PKIX_CertStore_CertContinueFunction certContinue,
+        PKIX_CertStore_CrlContinueFunction crlContinue,
+        PKIX_CertStore_CheckTrustCallback trustCallback,
+        PKIX_CertStore_ImportCrlCallback importCrlCallback,
+        PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
+        PKIX_PL_Object *certStoreContext,
+        PKIX_Boolean cachedFlag,
+        PKIX_Boolean localFlag,
+        PKIX_CertStore **pStore,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCertCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "store's" Cert callback function and put it in
+ *  "pCallback".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      The CertStore whose Cert callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where Cert callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetCertCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CertCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCRLCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "store's" CRL callback function and put it in
+ *  "pCallback".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      The CertStore whose CRL callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where CRL callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetCRLCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CRLCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetImportCrlCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "store's" Import CRL callback function and put it in
+ *  "pCallback".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      The CertStore whose CRL callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where CRL callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetImportCrlCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_ImportCrlCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCheckRevByCrl
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "store's" CRL revocation checker callback function
+ *  and put it in "pCallback".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      The CertStore whose CRL callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where CRL callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetCrlCheckerFn(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetTrustCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves the function pointer to the CheckTrust callback function of the
+ *  CertStore pointed to by "store" and stores it at "pCallback".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      The CertStore whose CheckTrust callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where CheckTrust callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetTrustCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CheckTrustCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCertStoreContext
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Object representing the context (if any)
+ *  of the CertStore pointed to by "store" and stores it at
+ *  "pCertStoreContext".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore whose context is to be stored. Must be non-NULL.
+ *  "pCertStoreContext"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetCertStoreContext(
+        PKIX_CertStore *store,
+        PKIX_PL_Object **pCertStoreContext,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
+ * DESCRIPTION:
+ *
+ *  Retrieves the Boolean cache flag of the CertStore pointed to by "store" and
+ *  stores it at "pCachedFlag".
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore whose cache flag is to be stored. Must be non-NULL.
+ *  "pCacheFlag"
+ *      Address where the result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetCertStoreCacheFlag(
+        PKIX_CertStore *store,
+        PKIX_Boolean *pCacheFlag,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertStore_GetLocalFlag
+ * DESCRIPTION:
+ *
+ *  Retrieves the Boolean localFlag for the CertStore pointed to by "store" and
+ *  stores it at "pLocalFlag". The localFlag is TRUE if the CertStore can
+ *  fulfill a request without performing network I/O.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      The CertStore whose Local flag is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where the Boolean LocalFlag will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertStore_GetLocalFlag(
+        PKIX_CertStore *store,
+        PKIX_Boolean *pLocalFlag,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CERTSTORE_H */
diff --git a/nss/lib/libpkix/include/pkix_checker.h b/nss/lib/libpkix/include/pkix_checker.h
new file mode 100755
index 0000000..97e29a8
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_checker.h
@@ -0,0 +1,394 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the PKIX_CertChainChecker type.
+ *
+ */
+
+#ifndef _PKIX_CHECKER_H
+#define _PKIX_CHECKER_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_CertChainChecker
+ *
+ * PKIX_CertChainCheckers provide a standard way for the caller to insert their
+ * own custom checks to validate certificates. This may be useful in many
+ * scenarios, including when the caller wishes to validate private certificate
+ * extensions. The CheckCallback allows custom certificate processing to take
+ * place. Additionally, a CertChainChecker can optionally maintain state
+ * between successive calls to the CheckCallback. This certChainCheckerState
+ * must be an Object (although any object type), allowing it to be
+ * reference-counted and allowing it to provide the standard Object functions
+ * (Equals, Hashcode, ToString, Compare, Duplicate). If the caller wishes
+ * their CertChainChecker to be used during chain building, their
+ * certChainCheckerState object must implement an appropriate Duplicate
+ * function. The builder uses this Duplicate function when backtracking.
+ *
+ * Once the caller has created a CertChainChecker object, the caller then
+ * specifies a CertChainChecker object in a ProcessingParams object
+ * and passes the ProcessingParams object to PKIX_ValidateChain or
+ * PKIX_BuildChain, which uses the objects to call the user's callback
+ * functions as needed during the validation or building process.
+ *
+ * A CertChainChecker may be presented certificates in the "reverse" direction
+ * (from trust anchor to target) or in the "forward" direction (from target to
+ * trust anchor). All CertChainCheckers must support "reverse checking", while
+ * support for "forward checking" is optional, but recommended. If "forward
+ * checking" is not supported, building chains may be much less efficient. The
+ * PKIX_CertChainChecker_IsForwardCheckingSupported function is used to
+ * determine whether forward checking is supported, and the
+ * PKIX_CertChainChecker_IsForwardDirectionExpected function is used to
+ * determine whether the CertChainChecker has been initialized to expect the
+ * certificates to be presented in the "forward" direction.
+ */
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_CheckCallback
+ * DESCRIPTION:
+ *
+ *  This callback function checks whether the specified Cert pointed to by
+ *  "cert" is valid using "checker's" internal certChainCheckerState (if any)
+ *  and removes the critical extensions that it processes (if any) from the
+ *  List of OIDs (possibly empty) pointed to by "unresolvedCriticalExtensions".
+ *  If the checker finds that the certificate is not valid, an Error pointer is
+ *  returned.
+ *
+ *  If the checker uses non-blocking I/O, the address of a platform-dependent
+ *  non-blocking I/O context ("nbioContext") will be stored at "pNBIOContext",
+ *  which the caller may use, in a platform-dependent way, to wait, poll, or
+ *  otherwise determine when to try again. If the checker does not use
+ *  non-blocking I/O, NULL will always be stored at "pNBIOContext". If a non-NULL
+ *  value was stored, on a subsequent call the checker will attempt to complete
+ *  the pending I/O and, if successful, NULL will be stored at "pNBIOContext".
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      Address of CertChainChecker whose certChainCheckerState and
+ *      CheckCallback logic is to be used. Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be validated using "checker".
+ *      Must be non-NULL.
+ *  "unresolvedCriticalExtensions"
+ *      Address of List of OIDs that represents the critical certificate
+ *      extensions that have yet to be resolved. This parameter may be
+ *      modified during the function call. Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which is stored a platform-dependent structure indicating
+ *      whether checking was suspended for non-blocking I/O. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CertChainChecker_CheckCallback)(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,  /* list of PKIX_PL_OID */
+        void **pNBIOContext,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CertChainChecker and stores it at "pChecker". The new
+ *  CertChainChecker uses the CheckCallback pointed to by "callback" as its
+ *  callback function. It uses the Object pointed to by "initialState" (if
+ *  any) as its initial state. As noted above, the initial state Object must
+ *  provide a custom implementation of PKIX_PL_Object_Duplicate if the
+ *  CertChainChecker is to be used during certificate chain building.
+ *
+ *  A CertChainChecker may be presented certificates in the "reverse"
+ *  direction (from trust anchor to target) or in the "forward" direction
+ *  (from target to trust anchor). All CertChainCheckers must support
+ *  "reverse checking", while support for "forward checking" is optional. The
+ *  CertChainChecker is initialized with two Boolean flags that deal with this
+ *  distinction: "forwardCheckingSupported" and "forwardDirectionExpected".
+ *  If the "forwardCheckingSupported" Boolean flag is TRUE, it indicates that
+ *  this CertChainChecker is capable of checking certificates in the "forward"
+ *  direction (as well as the "reverse" direction, which all CertChainCheckers
+ *  MUST support). The "forwardDirectionExpected" Boolean flag indicates in
+ *  which direction the CertChainChecker should expect the certificates to be
+ *  presented. This is particularly useful for CertChainCheckers that are
+ *  capable of checking in either the "forward" direction or the "reverse"
+ *  direction, but have different processing steps depending on the direction.
+ *
+ *  The CertChainChecker also uses the List of OIDs pointed to by "extensions"
+ *  as the supported certificate extensions. All certificate extensions that
+ *  the CertChainChecker might possibly recognize and be able to process
+ *  should be included in the List of supported extensions. If "checker" does
+ *  not recognize or process any certificate extensions, "extensions" should
+ *  be set to NULL.
+ *
+ * PARAMETERS:
+ *  "callback"
+ *      The CheckCallback function to be used. Must be non-NULL.
+ *  "forwardCheckingSupported"
+ *      A Boolean value indicating whether or not this CertChainChecker is
+ *      capable of checking certificates in the "forward" direction.
+ *  "forwardDirectionExpected"
+ *      A Boolean value indicating whether or not this CertChainChecker should
+ *      be used to check in the "forward" direction.
+ *  "extensions"
+ *      Address of List of OIDs representing the supported extensions.
+ *  "initialState"
+ *      Address of Object representing the CertChainChecker's initial state
+ *      (if any).
+ *  "pChecker"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertChainChecker_Create(
+    PKIX_CertChainChecker_CheckCallback callback,
+    PKIX_Boolean forwardCheckingSupported,
+    PKIX_Boolean forwardDirectionExpected,
+    PKIX_List *extensions,  /* list of PKIX_PL_OID */
+    PKIX_PL_Object *initialState,
+    PKIX_CertChainChecker **pChecker,
+    void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_GetCheckCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "checker's" Check callback function and puts it in
+ *  "pCallback".
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      The CertChainChecker whose Check callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where Check callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertChainChecker_GetCheckCallback(
+        PKIX_CertChainChecker *checker,
+        PKIX_CertChainChecker_CheckCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
+ * DESCRIPTION:
+ *
+ *  Checks whether forward checking is supported by the CertChainChecker
+ *  pointed to by "checker" and stores the Boolean result at
+ *  "pForwardCheckingSupported".
+ *
+ *  A CertChainChecker may be presented certificates in the "reverse"
+ *  direction (from trust anchor to target) or in the "forward" direction
+ *  (from target to trust anchor). All CertChainCheckers must support
+ *  "reverse checking", while support for "forward checking" is optional. This
+ *  function is used to determine whether forward checking is supported.
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      The CertChainChecker whose ability to validate certificates in the
+ *      "forward" direction is to be checked. Must be non-NULL.
+ *  "pForwardCheckingSupported"
+ *      Destination of the Boolean result. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertChainChecker_IsForwardCheckingSupported(
+        PKIX_CertChainChecker *checker,
+        PKIX_Boolean *pForwardCheckingSupported,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
+ * DESCRIPTION:
+ *
+ *  Checks whether the CertChainChecker pointed to by "checker" has been
+ *  initialized to expect the certificates to be presented in the "forward"
+ *  direction and stores the Boolean result at "pForwardDirectionExpected".
+ *
+ *  A CertChainChecker may be presented certificates in the "reverse"
+ *  direction (from trust anchor to target) or in the "forward" direction
+ *  (from target to trust anchor). All CertChainCheckers must support
+ *  "reverse checking", while support for "forward checking" is optional. This
+ *  function is used to determine in which direction the CertChainChecker
+ *  expects the certificates to be presented.
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      The CertChainChecker that has been initialized to expect certificates
+ *      in either the "forward" or "reverse" directions. Must be non-NULL.
+ *  "pForwardDirectionExpected"
+ *      Destination of the Boolean result. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertChainChecker_IsForwardDirectionExpected(
+        PKIX_CertChainChecker *checker,
+        PKIX_Boolean *pForwardDirectionExpected,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a List of OIDs (each OID corresponding to a
+ *  certificate extension supported by the CertChainChecker pointed to by
+ *  "checker") and stores it at "pExtensions". All certificate extensions that
+ *  the CertChainChecker might possibly recognize and be able to process
+ *  should be included in the List of supported extensions. If "checker" does
+ *  not recognize or process any certificate extensions, this function stores
+ *  NULL at "pExtensions".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      Address of CertChainChecker whose supported extension OIDs are to be
+ *      stored. Must be non-NULL.
+ *  "pExtensions"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertChainChecker_GetSupportedExtensions(
+        PKIX_CertChainChecker *checker,
+        PKIX_List **pExtensions, /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a PKIX_PL_Object representing the internal state
+ *  (if any) of the CertChainChecker pointed to by "checker" and stores it at
+ *  "pCertChainCheckerState".
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      Address of CertChainChecker whose state is to be stored.
+ *      Must be non-NULL.
+ *  "pCertChainCheckerState"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertChainChecker_GetCertChainCheckerState(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Object **pCertChainCheckerState,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
+ * DESCRIPTION:
+ *
+ *  Sets the internal state of the CertChainChecker pointed to by "checker"
+ *  using the Object pointed to by "certChainCheckerState". If "checker" needs
+ *  a NULL internal state, "certChainCheckerState" should be set to NULL.
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      Address of CertChainChecker whose state is to be set. Must be non-NULL.
+ *  "certChainCheckerState"
+ *      Address of Object representing internal state.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "checker"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CertChainChecker_SetCertChainCheckerState(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Object *certChainCheckerState,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CHECKER_H */
diff --git a/nss/lib/libpkix/include/pkix_crlsel.h b/nss/lib/libpkix/include/pkix_crlsel.h
new file mode 100755
index 0000000..491e72f
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_crlsel.h
@@ -0,0 +1,759 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the PKIX_CRLSelector and the
+ * PKIX_ComCRLSelParams types.
+ *
+ */
+
+
+#ifndef _PKIX_CRLSEL_H
+#define _PKIX_CRLSEL_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_CRLSelector
+ *
+ * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
+ * based on particular criteria. A CRLSelector is typically used by libpkix
+ * to retrieve CRLs from a CertStore during certificate chain validation or
+ * building. (see pkix_certstore.h) For example, the caller may wish to only
+ * select those CRLs that have a particular issuer or a particular value for a
+ * private CRL extension. The MatchCallback allows the caller to specify the
+ * custom matching logic to be used by a CRLSelector.
+
+ * By default, the MatchCallback is set to point to the default implementation
+ * provided by libpkix, which understands how to process the most common
+ * parameters. If the default implementation is used, the caller should set
+ * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
+ * Any common parameter that is not set is assumed to be disabled, which means
+ * the default MatchCallback implementation will select all CRLs without
+ * regard to that particular disabled parameter. For example, if the
+ * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
+ * CRL based on its CRL number. As such, if no parameters are set, all are
+ * disabled and any CRL will match. If a parameter is disabled, its associated
+ * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
+ *
+ * If a custom implementation is desired, the default implementation can be
+ * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
+ * CRLSelector can be initialized with a crlSelectorContext, which is where
+ * the caller can specify the desired parameters the caller wishes to match
+ * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
+ * allowing it to be reference-counted and allowing it to provide the standard
+ * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
+ *
+ */
+
+/*
+ * FUNCTION: PKIX_CRLSelector_MatchCallback
+ * DESCRIPTION:
+ *
+ *  This callback function determines whether the specified CRL pointed to by
+ *  "crl" matches the criteria of the CRLSelector pointed to by "selector".
+ *  If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
+ *  "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CRLSelector whose MatchCallback logic and parameters are
+ *      to be used. Must be non-NULL.
+ *  "crl"
+ *      Address of CRL that is to be matched using "selector". Must be non-NULL.
+ *  "pMatch"
+ *      Address at which Boolean result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_CRLSelector_MatchCallback)(
+        PKIX_CRLSelector *selector,
+        PKIX_PL_CRL *crl,
+        PKIX_Boolean *pMatch,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CRLSelector using the Object pointed to by
+ *  "crlSelectorContext" (if any) and stores it at "pSelector". As noted
+ *  above, by default, the MatchCallback is set to point to the default
+ *  implementation provided by libpkix, which understands how to process
+ *  ComCRLSelParams. This is overridden if the MatchCallback pointed to by
+ *  "callback" is not NULL, in which case the parameters are specified using
+ *  the Object pointed to by "crlSelectorContext".
+ *
+ * PARAMETERS:
+ *  "issue"
+ *      crl issuer.
+ *  "crlDpList"
+ *      distribution points list
+ *  "callback"
+ *      The MatchCallback function to be used.
+ *  "pSelector"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_Create(
+        PKIX_PL_Cert *issuer,
+        PKIX_List *crlDpList,
+        PKIX_PL_Date *date,
+        PKIX_CRLSelector **pSelector,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetMatchCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "selector's" Match callback function and puts it in
+ *  "pCallback".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      The CRLSelector whose Match callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where Match callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetMatchCallback(
+        PKIX_CRLSelector *selector,
+        PKIX_CRLSelector_MatchCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
+ *  of the CRLSelector pointed to by "selector" and stores it at
+ *  "pCRLSelectorContext".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CRLSelector whose context is to be stored. Must be non-NULL.
+ *  "pCRLSelectorContext"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCRLSelectorContext(
+        PKIX_CRLSelector *selector,
+        void **pCRLSelectorContext,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the ComCRLSelParams object that represent the common
+ *  parameters of the CRLSelector pointed to by "selector" and stores it at
+ *  "pCommonCRLSelectorParams". If there are no common parameters stored with
+ *  the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CRLSelector whose ComCRLSelParams are to be stored.
+ *      Must be non-NULL.
+ *  "pCommonCRLSelectorParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCommonCRLSelectorParams(
+        PKIX_CRLSelector *selector,
+        PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
+ * DESCRIPTION:
+ *
+ *  Sets the common parameters for the CRLSelector pointed to by "selector"
+ *  using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CRLSelector whose common parameters are to be set.
+ *      Must be non-NULL.
+ *  "commonCRLSelectorParams"
+ *      Address of ComCRLSelParams representing the common parameters.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "selector"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_CRLSelector_SetCommonCRLSelectorParams(
+        PKIX_CRLSelector *selector,
+        PKIX_ComCRLSelParams *commonCRLSelectorParams,
+        void *plContext);
+
+/* PKIX_ComCRLSelParams
+ *
+ * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
+ * especially determining which CRLs to retrieve from a CertStore.
+ * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
+ * the default implementation of MatchCallback, which understands how to
+ * process ComCRLSelParams.
+ */
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new ComCRLSelParams object and stores it at "pParams".
+ *
+ * PARAMETERS:
+ *  "pParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_Create(
+        PKIX_ComCRLSelParams **pParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of X500Names (if any) representing the
+ *  issuer names criterion that is set in the ComCRLSelParams pointed to by
+ *  "params" and stores it at "pNames". In order to match against this
+ *  criterion, a CRL's IssuerName must match at least one of the criterion's
+ *  issuer names.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pNames", in which case all CRLs are considered to match.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose issuer names criterion (if any) is to
+ *      be stored. Must be non-NULL.
+ *  "pNames"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetIssuerNames(
+        PKIX_ComCRLSelParams *params,
+        PKIX_List **pNames,  /* list of PKIX_PL_X500Name */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
+ * DESCRIPTION:
+ *
+ *  Sets the issuer names criterion of the ComCRLSelParams pointed to by
+ *  "params" using a List of X500Names pointed to by "names". In order to match
+ *  against this criterion, a CRL's IssuerName must match at least one of the
+ *  criterion's issuer names.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParamsParams whose issuer names criterion is to be
+ *      set. Must be non-NULL.
+ *  "names"
+ *      Address of List of X500Names used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetIssuerNames(
+        PKIX_ComCRLSelParams *params,
+        PKIX_List *names,   /* list of PKIX_PL_X500Name */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
+ * DESCRIPTION:
+ *
+ *  Adds to the issuer names criterion of the ComCRLSelParams pointed to by
+ *  "params" using the X500Name pointed to by "name". In order to match
+ *  against this criterion, a CRL's IssuerName must match at least one of the
+ *  criterion's issuer names.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose issuer names criterion is to be added
+ *      to. Must be non-NULL.
+ *  "name"
+ *      Address of X500Name to be added.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_AddIssuerName(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_X500Name *name,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Cert (if any) representing the certificate whose
+ *  revocation status is being checked. This is not a criterion. It is simply
+ *  optional information that may help a CertStore find relevant CRLs.
+ *
+ *  If "params" does not have a certificate set, this function stores NULL at
+ *  "pCert", in which case there is no optional information to provide.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose certificate being checked (if any) is
+ *      to be stored. Must be non-NULL.
+ *  "pCert"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetCertificateChecking(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Cert **pCert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
+ * DESCRIPTION:
+ *
+ *  Sets the ComCRLSelParams pointed to by "params" with the certificate
+ *  (pointed to by "cert") whose revocation status is being checked. This is
+ *  not a criterion. It is simply optional information that may help a
+ *  CertStore find relevant CRLs.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose certificate being checked is to be
+ *      set. Must be non-NULL.
+ *  "cert"
+ *      Address of Cert whose revocation status is being checked
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetCertificateChecking(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Cert *cert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Date (if any) representing the dateAndTime
+ *  criterion that is set in the ComCRLSelParams pointed to by "params" and
+ *  stores it at "pDate". In order to match against this criterion, a CRL's
+ *  thisUpdate component must be less than or equal to the criterion's
+ *  dateAndTime and the CRL's nextUpdate component must be later than the
+ *  criterion's dateAndTime. There is no match if the CRL does not contain a
+ *  nextUpdate component.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pDate", in which case all CRLs are considered to match.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
+ *      be stored. Must be non-NULL.
+ *  "pDate"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetDateAndTime(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
+ * DESCRIPTION:
+ *
+ *  Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
+ *  "params" using a Date pointed to by "date". In order to match against this
+ *  criterion, a CRL's thisUpdate component must be less than or equal to the
+ *  criterion's dateAndTime and the CRL's nextUpdate component must be later
+ *  than the criterion's dateAndTime. There is no match if the CRL does not
+ *  contain a nextUpdate component.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
+ *      set. Must be non-NULL.
+ *  "date"
+ *      Address of Date used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetDateAndTime(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Date *date,
+        void *plContext);
+
+/* 
+ * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Boolean representing the NIST CRL policy
+ *  activation flag that is set in the ComCRLSelParams pointed to by "params"
+ *  and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
+ *
+ *  Default value for this flag is TRUE.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose NIST CRL policy criterion  is to
+ *      be stored. Must be non-NULL.
+ *  "pEnabled"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
+        PKIX_ComCRLSelParams *params,
+        PKIX_Boolean *pEnabled,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
+ * DESCRIPTION:
+ *
+ *  Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
+ *  "params" using a "enabled" flag. In order to match against this
+ *  criterion, a CRL's nextUpdate must be available and criterion's
+ *  dataAndTime must be within thisUpdate and nextUpdate time period.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParamsParams whose NIST CRL policy criterion
+ *      is to be set. Must be non-NULL.
+ *  "enabled"
+ *      Address of Bollean used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
+        PKIX_ComCRLSelParams *params,
+        PKIX_Boolean enabled,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
+ *  criterion that is set in the ComCRLSelParams pointed to by "params" and
+ *  stores it at "pNumber". In order to match against this criterion, a CRL
+ *  must have a CRL number extension whose value is less than or equal to the
+ *  criterion's value.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pNumber", in which case all CRLs are considered to match.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
+ *      be stored. Must be non-NULL.
+ *  "pNumber"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMaxCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt **pNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
+ * DESCRIPTION:
+ *
+ *  Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
+ *  "params" using a BigInt pointed to by "number". In order to match against
+ *  this criterion, a CRL must have a CRL number extension whose value is less
+ *  than or equal to the criterion's value.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
+ *      set. Must be non-NULL.
+ *  "number"
+ *      Address of BigInt used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMaxCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt *number,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
+ *  criterion that is set in the ComCRLSelParams pointed to by "params" and
+ *  stores it at "pNumber". In order to match against this criterion, a CRL
+ *  must have a CRL number extension whose value is greater than or equal to
+ *  the criterion's value.
+ *
+ *  If "params" does not have this criterion set, this function stores NULL at
+ *  "pNumber", in which case all CRLs are considered to match.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
+ *      be stored. Must be non-NULL.
+ *  "pNumber"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMinCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt **pNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
+ * DESCRIPTION:
+ *
+ *  Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
+ *  "params" using a BigInt pointed to by "number". In order to match against
+ *  this criterion, a CRL must have a CRL number extension whose value is
+ *  greater than or equal to the criterion's value.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
+ *      set. Must be non-NULL.
+ *  "number"
+ *      Address of BigInt used to set the criterion
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMinCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt *number,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
+ * DESCRIPTION:
+ *
+ * Sets crldp list that can be used to download a crls.
+ * 
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
+ *      set. Must be non-NULL.
+ *  "crldpList"
+ *      A list of CRLDPs. Can be an emptry list.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error*
+PKIX_ComCRLSelParams_SetCrlDp(
+         PKIX_ComCRLSelParams *params,
+         PKIX_List *crldpList,
+         void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CRLSEL_H */
diff --git a/nss/lib/libpkix/include/pkix_errorstrings.h b/nss/lib/libpkix/include/pkix_errorstrings.h
new file mode 100755
index 0000000..e7e898f
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_errorstrings.h
@@ -0,0 +1,1099 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This file is intended to be included after different definitions of
+ * PKIX_ERRORENTRY. It is included in pkixt.h to define a number for each error
+ * by defining PKIX_ERRORENTRY(x,y) as PKIX_ ## x  and then listing thim within
+ * an enum. It is included in pkix_error.c to define an array of error strings
+ * by defining PKIX_ERRORENTRY(x,y) #y and then listing thim within an array
+ * const char * const PKIX_ErrorText[]
+ */
+/* ALLOCERROR should always be the first */
+PKIX_ERRORENTRY(ALLOCERROR,Allocation Error,SEC_ERROR_NO_MEMORY),
+PKIX_ERRORENTRY(ADDHEADERFUNCTIONNOTSUPPORTED,AddHeader function not supported,0),
+PKIX_ERRORENTRY(ADDTOVERIFYLOGFAILED,pkix_AddToVerifyLog failed,0),
+PKIX_ERRORENTRY(AIAMGRCREATEFAILED,PKIX_PL_AIAMgr_Create failed,0),
+PKIX_ERRORENTRY(AIAMGRFINDLDAPCLIENTFAILED,pkix_pl_AiaMgr_FindLDAPClient failed,0),
+PKIX_ERRORENTRY(AIAMGRGETAIACERTSFAILED,PKIX_PL_AIAMgr_GetAIACerts failed,SEC_ERROR_UNKNOWN_ISSUER),
+PKIX_ERRORENTRY(AIAMGRGETHTTPCERTSFAILED,pkix_pl_AIAMgr_GetHTTPCerts failed,0),
+PKIX_ERRORENTRY(AIAMGRGETLDAPCERTSFAILED,pkix_pl_AIAMgr_GetLDAPCerts failed,0),
+PKIX_ERRORENTRY(ALGORITHMBYTESLENGTH0,Algorithm bytes length is 0,0),
+PKIX_ERRORENTRY(ALLOCATENEWCERTGENERALNAMEFAILED,Allocate new CERTGeneralName failed,0),
+PKIX_ERRORENTRY(AMBIGUOUSPARENTAGEOFVERIFYNODE,Ambiguous parentage of VerifyNode,0),
+PKIX_ERRORENTRY(ANCHORDIDNOTCHAINTOCERT,Anchor did not chain to Cert,SEC_ERROR_UNKNOWN_ISSUER),
+PKIX_ERRORENTRY(ANCHORDIDNOTPASSCERTSELECTORCRITERIA,Anchor did not pass CertSelector criteria,0),
+PKIX_ERRORENTRY(APPENDLISTFAILED,pkix_pl_AppendList failed,0),
+PKIX_ERRORENTRY(ARGUMENTNOTSTRING,Argument is not a String,0),
+PKIX_ERRORENTRY(ARGUMENTSNOTBIGINTS,Arguments are not BigInts,0),
+PKIX_ERRORENTRY(ARGUMENTSNOTBYTEARRAYS,Arguments are not Byte Arrays,0),
+PKIX_ERRORENTRY(ARGUMENTSNOTDATES,Arguments are not Dates,0),
+PKIX_ERRORENTRY(ARGUMENTSNOTOIDS,Arguments are not OIDs,0),
+PKIX_ERRORENTRY(ATTEMPTTOADDDUPLICATEKEY,Attempt to add duplicate key,0),
+PKIX_ERRORENTRY(ATTEMPTTODECODEANINCOMPLETERESPONSE,Attempt to decode an incomplete response,SEC_ERROR_BAD_DER),
+PKIX_ERRORENTRY(ATTEMPTTODECREFALLOCERROR,Attempt to DecRef Alloc Error,0),
+PKIX_ERRORENTRY(ATTEMPTTOINCREFALLOCERROR,Attempt to IncRef Alloc Error,0),
+PKIX_ERRORENTRY(BADHTTPRESPONSE,Bad Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
+PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERINITIALIZEFAILED,pkix_BasicConstraintsChecker_Initialize failed,0),
+PKIX_ERRORENTRY(BASICCONSTRAINTSCHECKERSTATECREATEFAILED,PKIX_BasicConstraintsCheckerState_Create failed,0),
+PKIX_ERRORENTRY(BASICCONSTRAINTSGETCAFLAGFAILED,PKIX_PL_BasicConstraints_GetCAFlag failed,0),
+PKIX_ERRORENTRY(BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED,PKIX_PL_BasicConstraints_GetPathLenConstraint failed,0),
+PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDCA,PKIX_BasicConstraints validation failed: CA Flag not set,SEC_ERROR_CA_CERT_INVALID),
+PKIX_ERRORENTRY(BASICCONSTRAINTSVALIDATIONFAILEDLN,PKIX_BasicConstraints validation failed: maximum length mismatch,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID),
+PKIX_ERRORENTRY(BIGINTCOMPARATORFAILED,pkix_pl_BigInt_Comparator failed,0),
+PKIX_ERRORENTRY(BIGINTCREATEWITHBYTESFAILED,pkix_pl_BigInt_CreateWithBytes failed,0),
+PKIX_ERRORENTRY(BIGINTEQUALSFAILED,PKIX_PL_BigInt_Equals failed,0),
+PKIX_ERRORENTRY(BIGINTLENGTH0INVALID,BigInt length 0 is invalid,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(BIGINTTOSTRINGFAILED,pkix_pl_BigInt_ToString failed,0),
+PKIX_ERRORENTRY(BIGINTTOSTRINGHELPERFAILED,PKIX_PL_BigInt_ToString_Helper failed,0),
+PKIX_ERRORENTRY(BINDREJECTEDBYSERVER,BIND rejected by server,SEC_ERROR_BAD_LDAP_RESPONSE),
+PKIX_ERRORENTRY(BUILDANDVALIDATECHAINFAILED,Failed to build and validate a chain,0),
+PKIX_ERRORENTRY(BUILDBUILDSELECTORANDPARAMSFAILED,pkix_Build_BuildSelectorAndParams failed,0),
+PKIX_ERRORENTRY(BUILDCOMBINEWITHTRUSTFAILED,pkix_Build_CombineWithTrust failed,0),
+PKIX_ERRORENTRY(BUILDFORWARDDEPTHFIRSTSEARCHFAILED,pkix_BuildForwardDepthFirstSearch failed,0),
+PKIX_ERRORENTRY(BUILDGATHERCERTSFAILED,pkix_Build_GatherCerts failed,0),
+PKIX_ERRORENTRY(BUILDGETRESOURCELIMITSFAILED,pkix_Build_GetResourceLimits failed,0),
+PKIX_ERRORENTRY(BUILDINITIATEBUILDCHAINFAILED,pkix_Build_InitiateBuildChain failed,0),
+PKIX_ERRORENTRY(BUILDRESULTCREATEFAILED,pkix_BuildResult_Create failed,0),
+PKIX_ERRORENTRY(BUILDRESULTGETCERTCHAINFAILED,PKIX_BuildResult_GetCertChain failed,0),
+PKIX_ERRORENTRY(BUILDRESULTGETVALIDATERESULTFAILED,PKIX_BuildResult_GetValidateResult failed,0),
+PKIX_ERRORENTRY(BUILDREVCHECKPREPFAILED,pkix_Build_RevCheckPrep failed,0),
+PKIX_ERRORENTRY(BUILDSORTCANDIDATECERTSFAILED,pkix_Build_SortCandidateCerts failed,0),
+PKIX_ERRORENTRY(BUILDSTATECREATEFAILED,pkix_BuildState_Create failed,0),
+PKIX_ERRORENTRY(BUILDTRYSHORTCUTFAILED,pkix_Build_TryShortcut failed,0),
+PKIX_ERRORENTRY(BUILDUPDATEDATEFAILED,pkix_Build_UpdateDate failed,0),
+PKIX_ERRORENTRY(BUILDVALIDATEENTIRECHAINFAILED,pkix_Build_ValidateEntireChain failed,0),
+PKIX_ERRORENTRY(BUILDVALIDATIONCHECKERSFAILED,pkix_Build_ValidationCheckers failed,0),
+PKIX_ERRORENTRY(BUILDVERIFYCERTIFICATEFAILED,pkix_Build_VerifyCertificate failed,0),
+PKIX_ERRORENTRY(BYTEARRAYCOMPARATORFAILED,pkix_pl_ByteArray_Comparator failed,0),
+PKIX_ERRORENTRY(BYTEARRAYCREATEFAILED,PKIX_PL_ByteArray_Create failed,0),
+PKIX_ERRORENTRY(BYTEARRAYEQUALSFAILED,PKIX_PL_ByteArray_Equals failed,0),
+PKIX_ERRORENTRY(BYTEARRAYGETLENGTHFAILED,PKIX_PL_ByteArray_GetLength failed,0),
+PKIX_ERRORENTRY(BYTEARRAYGETPOINTERFAILED,PKIX_PL_ByteArray_GetPointer failed,0),
+PKIX_ERRORENTRY(BYTEARRAYTOHEXSTRINGFAILED,pkix_pl_ByteArray_ToHexString failed,0),
+PKIX_ERRORENTRY(BYTEARRAYTOSTRINGFAILED,PKIX_PL_ByteArray_ToString failed,0),
+PKIX_ERRORENTRY(CACHECERTADDFAILED,pkix_CacheCert_Add failed,0),
+PKIX_ERRORENTRY(CACHECERTCHAINADDFAILED,pkix_CacheCertChain_Add failed,0),
+PKIX_ERRORENTRY(CACHECERTCHAINLOOKUPFAILED,pkix_CacheCertChain_Lookup failed,0),
+PKIX_ERRORENTRY(CACHECERTCHAINREMOVEFAILED,pkix_CacheCertChain_Remove failed,0),
+PKIX_ERRORENTRY(CACHECRLENTRYADDFAILED,pkix_CacheCrlEntry_Add failed,0),
+PKIX_ERRORENTRY(CACHECRLENTRYLOOKUPFAILED,pkix_CacheCrlEntry_Lookup failed,0),
+PKIX_ERRORENTRY(CALLOCFAILED,PKIX_PL_Calloc failed,0),
+PKIX_ERRORENTRY(CANNOTAQUIRECRLDER,Failed to get DER CRL,0),
+PKIX_ERRORENTRY(CANNOTCONVERTCERTUSAGETOPKIXKEYANDEKUSAGES, Fail to convert certificate usage to pkix KU and EKU,0),
+PKIX_ERRORENTRY(CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY,Cannot open CollectionCertStoreContext directory,0),
+PKIX_ERRORENTRY(CANTCREATESTRING,Cannot create PKIX_PL_String,0),
+PKIX_ERRORENTRY(CANTDECODEBINDRESPONSEFROMSERVER,Cannot decode BIND response from server,SEC_ERROR_BAD_LDAP_RESPONSE),
+PKIX_ERRORENTRY(CANTDECODESEARCHRESPONSEFROMSERVER,Cannot decode SEARCH response from server,SEC_ERROR_BAD_LDAP_RESPONSE),
+PKIX_ERRORENTRY(CANTENABLEREVOCATIONWITHOUTCERTSTORE,Cannot enable Revocation without CertStore,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(CANTLOADLIBSMIME,Cannot load smime3 library,0),
+PKIX_ERRORENTRY(CANTREREGISTERSYSTEMTYPE,Cannot reregister system type,0),
+PKIX_ERRORENTRY(CERTARECERTPOLICIESCRITICALFAILED,PKIX_PL_Cert_AreCertPoliciesCritical failed,0),
+PKIX_ERRORENTRY(CERTBASICCONSTRAINTSCREATEFAILED,pkix_pl_CertBasicConstraints_Create failed,0),
+PKIX_ERRORENTRY(CERTBASICCONSTRAINTSTOSTRINGFAILED,PKIX_PL_CertBasicConstraints_ToString failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKCALLBACKFAILED,PKIX_CertChainChecker_CheckCallback failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERCHECKFAILED,PKIX_CertChainChecker_Check failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERCREATEFAILED,PKIX_CertChainChecker_Create failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_GetCertChainCheckerState failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERGETCHECKCALLBACKFAILED,PKIX_CertChainChecker_GetCheckCallback failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED,PKIX_CertChainChecker_GetSupportedExtensions failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED,PKIX_CertChainChecker_IsForwardCheckingSupported failed,0),
+PKIX_ERRORENTRY(CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED,PKIX_CertChainChecker_SetCertChainCheckerState failed,0),
+PKIX_ERRORENTRY(CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION,CertChain fails Certificate Policy validation,SEC_ERROR_POLICY_VALIDATION_FAILED),
+PKIX_ERRORENTRY(CERTCHAINTONSSCHAINFAILED,Fail to convert pkix cert chain to nss cert chain,0),
+PKIX_ERRORENTRY(CERTCHAINTOPKIXCERTLISTFAILED,Failed to convert nss cert chain to pkix cert chain,0),
+PKIX_ERRORENTRY(CERTCHECKCERTTYPEFAILED,Check cert type failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
+PKIX_ERRORENTRY(CERTCHECKCERTVALIDTIMESFAILED,CERT_CheckCertValidTimes failed,SEC_ERROR_EXPIRED_CERTIFICATE),
+PKIX_ERRORENTRY(CERTCHECKCRLFAILED,Fail to get crl cache issued by cert,0),
+PKIX_ERRORENTRY(CERTCHECKEXTENDEDKEYUSAGEFAILED,pkix_pl_Cert_CheckExtendedKeyUsage failed,0),
+PKIX_ERRORENTRY(CERTCHECKKEYUSAGEFAILED,CERT_CheckKeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE),
+PKIX_ERRORENTRY(CERTCHECKNAMECONSTRAINTSFAILED,PKIX_PL_Cert_CheckNameConstraints failed,0),
+PKIX_ERRORENTRY(CERTCHECKVALIDITYFAILED,PKIX_PL_Cert_CheckValidity failed,0),
+PKIX_ERRORENTRY(CERTCOMPLETECRLDECODEDENTRIESFAILED,CERT_CompleteCRLDecodedEntries failed,0),
+PKIX_ERRORENTRY(CERTCOPYNAMECONSTRAINTFAILED,CERT_CopyNameConstraint failed,0),
+PKIX_ERRORENTRY(CERTCOPYNAMEFAILED,CERT_CopyName failed,0),
+PKIX_ERRORENTRY(CERTCREATEFAILED,PKIX_PL_Cert_Create failed,0),
+PKIX_ERRORENTRY(CERTCREATEGENERALNAMELISTFAILED,CERT_CreateGeneralNameList failed,0),
+PKIX_ERRORENTRY(CERTCREATETOLISTFAILED,pkix_pl_Cert_CreateToList failed,0),
+PKIX_ERRORENTRY(CERTCREATEWITHNSSCERTFAILED,pkix_pl_Cert_CreateWithNSSCert failed,0),
+PKIX_ERRORENTRY(CERTDECODEALTNAMEEXTENSIONFAILED,CERT_DecodeAltNameExtension failed,0),
+PKIX_ERRORENTRY(CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED,CERT_DecodeCertificatePoliciesExtension failed,0),
+PKIX_ERRORENTRY(CERTDECODEDERCERTIFICATEFAILED,CERT_DecodeDERCertificate failed,0),
+PKIX_ERRORENTRY(CERTDECODEDERCRLFAILED,CERT_DecodeDERCrl failed,0),
+PKIX_ERRORENTRY(CERTDECODEINHIBITANYEXTENSIONFAILED,CERT_DecodeInhibitAnyExtension failed,0),
+PKIX_ERRORENTRY(CERTDECODEINHIBITANYPOLICYFAILED,pkix_pl_Cert_DecodeInhibitAnyPolicy failed,0),
+PKIX_ERRORENTRY(CERTDECODEOIDSEQUENCEFAILED,CERT_DecodeOidSequence failed,0),
+PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED,CERT_DecodePolicyConstraintsExtension failed,0),
+PKIX_ERRORENTRY(CERTDECODEPOLICYCONSTRAINTSFAILED,pkix_pl_Cert_DecodePolicyConstraints failed,0),
+PKIX_ERRORENTRY(CERTDECODEPOLICYINFOFAILED,pkix_pl_Cert_DecodePolicyInfo failed,0),
+PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGFAILED,pkix_pl_Cert_DecodePolicyMapping failed,0),
+PKIX_ERRORENTRY(CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED,CERT_DecodePolicyMappingsExtension failed,0),
+PKIX_ERRORENTRY(CERTEQUALSFAILED,pkix_pl_Cert_Equals failed,0),
+PKIX_ERRORENTRY(CERTFAILEDNAMECONSTRAINTSCHECKING,Cert failed NameConstraints checking,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
+PKIX_ERRORENTRY(CERTGETALLSUBJECTNAMESFAILED,PKIX_PL_Cert_GetAllSubjectNames failed,0),
+PKIX_ERRORENTRY(CERTGETAUTHORITYINFOACCESSFAILED,PKIX_PL_Cert_GetAuthorityInfoAccess failed,0),
+PKIX_ERRORENTRY(CERTGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetAuthorityKeyIdentifier failed,0),
+PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTFAILED,PKIX_PL_Cert_GetBasicConstraint failed,0),
+PKIX_ERRORENTRY(CERTGETBASICCONSTRAINTSFAILED,PKIX_PL_Cert_GetBasicConstraints failed,0),
+PKIX_ERRORENTRY(CERTGETCACHEFLAGFAILED,PKIX_Cert_GetCacheFlag failed,0),
+PKIX_ERRORENTRY(CERTGETCERTCERTIFICATEFAILED,PKIX_PL_Cert_GetCERTCertificate failed,0),
+PKIX_ERRORENTRY(CERTGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_Cert_GetCriticalExtensionOIDs failed,0),
+PKIX_ERRORENTRY(CERTGETCRLDPFAILED,Failed to get cert crldp extension, 0),
+PKIX_ERRORENTRY(CERTGETEXTENDEDKEYUSAGEFAILED,PKIX_PL_Cert_GetExtendedKeyUsage failed,0),
+PKIX_ERRORENTRY(CERTGETINHIBITANYPOLICYFAILED,PKIX_PL_Cert_GetInhibitAnyPolicy failed,0),
+PKIX_ERRORENTRY(CERTGETISSUERFAILED,PKIX_PL_Cert_GetIssuer failed,0),
+PKIX_ERRORENTRY(CERTGETNAMECONSTRAINTSFAILED,PKIX_PL_CertGetNameConstraints failed,0),
+PKIX_ERRORENTRY(CERTGETNSSSUBJECTALTNAMESFAILED,pkix_pl_Cert_GetNssSubjectAltNames failed,0),
+PKIX_ERRORENTRY(CERTGETPOLICYINFORMATIONFAILED,PKIX_PL_Cert_GetPolicyInformation failed,0),
+PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGINHIBITEDFAILED,PKIX_PL_Cert_GetPolicyMappingInhibited failed,0),
+PKIX_ERRORENTRY(CERTGETPOLICYMAPPINGSFAILED,PKIX_PL_Cert_GetPolicyMappings failed,0),
+PKIX_ERRORENTRY(CERTGETREQUIREEXPLICITPOLICYFAILED,PKIX_PL_Cert_GetRequireExplicitPolicy failed,0),
+PKIX_ERRORENTRY(CERTGETSERIALNUMBERFAILED,PKIX_PL_Cert_GetSerialNumber failed,0),
+PKIX_ERRORENTRY(CERTGETSUBJALTNAMESFAILED,PKIX_PL_Cert_GetSubjAltNames failed,0),
+PKIX_ERRORENTRY(CERTGETSUBJECTALTNAMESFAILED,PKIX_PL_Cert_GetSubjectAltNames failed,0),
+PKIX_ERRORENTRY(CERTGETSUBJECTFAILED,PKIX_PL_Cert_GetSubject failed,0),
+PKIX_ERRORENTRY(CERTGETSUBJECTINFOACCESSFAILED,PKIX_PL_Cert_GetSubjectInfoAccess failed,0),
+PKIX_ERRORENTRY(CERTGETSUBJECTKEYIDENTIFIERFAILED,PKIX_PL_Cert_GetSubjectKeyIdentifier failed,0),
+PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYALGIDFAILED,PKIX_PL_Cert_GetSubjectPublicKeyAlgId failed,0),
+PKIX_ERRORENTRY(CERTGETSUBJECTPUBLICKEYFAILED,PKIX_PL_Cert_GetSubjectPublicKey failed,0),
+PKIX_ERRORENTRY(CERTGETVALIDITYNOTAFTERFAILED,PKIX_PL_Cert_GetValidityNotAfter failed,0),
+PKIX_ERRORENTRY(CERTGETVERSIONFAILED,PKIX_PL_Cert_GetVersion failed,0),
+PKIX_ERRORENTRY(CERTHASHCODEFAILED,PKIX_PL_Cert_Hashcode failed,0),
+PKIX_ERRORENTRY(CERTIFICATEDOESNTHAVEVALIDCRL,Certificate does not have a valid CRL,SEC_ERROR_CRL_NOT_FOUND),
+PKIX_ERRORENTRY(CERTIFICATEREVOKED,Certificate is revoked,SEC_ERROR_REVOKED_CERTIFICATE),
+PKIX_ERRORENTRY(CERTIMPORTCERTIFICATEFUNCTIONFAILED,CERTImportCertificate function failed,0),
+PKIX_ERRORENTRY(CERTISCERTTRUSTEDFAILED,PKIX_PL_Cert_IsCertTrusted failed,SEC_ERROR_UNTRUSTED_CERT),
+PKIX_ERRORENTRY(CERTISEXTENSIONCRITICALFAILED,pkix_pl_Cert_IsExtensionCritical failed,0),
+PKIX_ERRORENTRY(CERTMERGENAMECONSTRAINTSFAILED,PKIX_PL_Cert_MergeNameConstraints failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMEINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNameInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESINNAMESPACEFAILED,PKIX_PL_CertNameConstraints_CheckNamesInNameSpace failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED,pkix_pl_CertNameConstraints_CheckNameSpaceNssNames failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED,pkix_pl_CertNameConstraints_CopyNssNameConstraints failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEBYMERGEFAILED,pkix_pl_CertNameConstraints_CreateByMerge failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEFAILED,pkix_pl_CertNameConstraints_Create failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSCREATEHELPERFAILED,pkix_pl_CertNameConstraints_Create_Helper failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETEXCLUDEDFAILED,pkix_pl_CertNameConstraints_GetExcluded failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSGETPERMITTEDFAILED,pkix_pl_CertNameConstraints_GetPermitted failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSMERGEFAILED,pkix_pl_CertNameConstraints_Merge failed,0),
+PKIX_ERRORENTRY(CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED,pkix_pl_CertNameConstraints_ToString_Helper failed,0),
+PKIX_ERRORENTRY(CERTNAMETOASCIIFAILED,CERT_NameToAscii failed,0),
+PKIX_ERRORENTRY(CERTNOTALLOWEDTOSIGNCERTIFICATES,Cert not allowed to sign certificates,SEC_ERROR_CA_CERT_INVALID),
+PKIX_ERRORENTRY(CERTPOLICYINFOCREATEFAILED,pkix_pl_CertPolicyInfo_Create failed,0),
+PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLICYIDFAILED,PKIX_PL_CertPolicyInfo_GetPolicyId failed,0),
+PKIX_ERRORENTRY(CERTPOLICYINFOGETPOLQUALIFIERSFAILED,PKIX_PL_CertPolicyInfo_GetPolQualifiers failed,0),
+PKIX_ERRORENTRY(CERTPOLICYMAPCREATEFAILED,pkix_pl_CertPolicyMap_Create failed,0),
+PKIX_ERRORENTRY(CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy failed,0),
+PKIX_ERRORENTRY(CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED,PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy failed,0),
+PKIX_ERRORENTRY(CERTPOLICYQUALIFIERCREATEFAILED,pkix_pl_CertPolicyQualifier_Create failed,0),
+PKIX_ERRORENTRY(CERTREJECTEDBYREVOCATIONCHECKER,Cert rejected by revocation checker,0),
+PKIX_ERRORENTRY(CERTSELECTORCHECKFAILED,Validation failed: CertSelector check failed,0),
+PKIX_ERRORENTRY(CERTSELECTORCREATEFAILED,PKIX_CertSelector_Create failed,0),
+PKIX_ERRORENTRY(CERTSELECTORFAILED,certSelector failed,0),
+PKIX_ERRORENTRY(CERTSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CertSelector_GetComCertSelParams failed,0),
+PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED,PKIX_CertSelector_GetCommonCertSelectorParam failed,0),
+PKIX_ERRORENTRY(CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_GetCommonCertSelectorParams failed,0),
+PKIX_ERRORENTRY(CERTSELECTORGETMATCHCALLBACKFAILED,PKIX_CertSelector_GetMatchCallback failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHAUTHKEYIDFAILED,pkix_CertSelector_Match_AuthKeyId failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHBASICCONSTRAINTFAILED,pkix_CertSelector_Match_BasicConstraint failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHCALLBACKFAILED,PKIX_CertSelector_MatchCallback failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHCERTIFICATEVALIDFAILED,pkix_CertSelector_Match_CertificateValid failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHCERTISSUERFAILED,cert does not match issuer name,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHCERTOBJECTFAILED,cert does not match cert object,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSERIALNUMFAILED,cert does not match serial number,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHCERTSUBJECTFAILED,cert does not match subject name,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHCERTVERSIONFAILED,cert does not match cert version,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED,pkix_CertSelector_Match_ExtendedKeyUsage failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
+PKIX_ERRORENTRY(CERTSELECTORMATCHFAILED,certSelectorMatch failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHKEYUSAGEFAILED,pkix_CertSelector_Match_KeyUsage failed,SEC_ERROR_INADEQUATE_KEY_USAGE),
+PKIX_ERRORENTRY(CERTSELECTORMATCHNAMECONSTRAINTSFAILED,pkix_CertSelector_Match_NameConstraints failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHPATHTONAMESFAILED,pkix_CertSelector_Match_PathToNames failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHPOLICIESFAILED,pkix_CertSelector_Match_Policies failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJALTNAMESFAILED,pkix_CertSelector_Match_SubjAltNames failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJKEYIDFAILED,pkix_CertSelector_Match_SubjKeyId failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPKALGIDFAILED,pkix_CertSelector_Match_SubjPKAlgId failed,0),
+PKIX_ERRORENTRY(CERTSELECTORMATCHSUBJPUBKEYFAILED,pkix_CertSelector_Match_SubjPubKey failed,0),
+PKIX_ERRORENTRY(CERTSELECTORSELECTFAILED,pkix_CertSelector_Select failed,0),
+PKIX_ERRORENTRY(CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED,PKIX_CertSelector_SetCommonCertSelectorParams failed,0),
+PKIX_ERRORENTRY(CERTSETASTRUSTANCHORFAILED, PKIX_PL_Cert_SetAsTrustAnchor failed, 0),
+PKIX_ERRORENTRY(CERTSETCACHEFLAGFAILED,PKIX_PL_Cert_SetCacheFlag failed,0),
+PKIX_ERRORENTRY(CERTSETTRUSTCERTSTOREFAILED,PKIX_PL_Cert_SetTrustCertStore failed,0),
+PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFAILED,PKIX_CertStore_CertContinue failed,0),
+PKIX_ERRORENTRY(CERTSTORECERTCONTINUEFUNCTIONFAILED,PKIX_CertStore_CertContinueFunction failed,0),
+PKIX_ERRORENTRY(CERTSTORECREATEFAILED,PKIX_CertStore_Create failed,0),
+PKIX_ERRORENTRY(CERTSTORECRLCONTINUEFAILED,PKIX_CertStore_CrlContinue failed,0),
+PKIX_ERRORENTRY(CERTSTOREEQUALSFAILED,pkix_CertStore_Equals failed,0),
+PKIX_ERRORENTRY(CERTSTORECRLCHECKFAILED,Fail to check cert crl revocation,0),
+PKIX_ERRORENTRY(CERTSTOREGETCHECKREVBYCRLFAILED,Can not get revocation check function,0),
+PKIX_ERRORENTRY(CERTSTOREFAILTOIMPORTCRLLIST,Fail to import crls,0),
+PKIX_ERRORENTRY(CERTSTOREGETCERTCALLBACKFAILED,PKIX_CertStore_GetCertCallback failed,0),
+PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECACHEFLAGFAILED,PKIX_CertStore_GetCertStoreCacheFlag failed,0),
+PKIX_ERRORENTRY(CERTSTOREGETCERTSTORECONTEXTFAILED,PKIX_CertStore_GetCertStoreContext failed,0),
+PKIX_ERRORENTRY(CERTSTOREGETCRLCALLBACKFAILED,PKIX_CertStore_GetCRLCallback failed,0),
+PKIX_ERRORENTRY(CERTSTOREGETLOCALFLAGFAILED,PKIX_CertStore_GetLocalFlag failed,0),
+PKIX_ERRORENTRY(CERTSTOREGETTRUSTCALLBACKFAILED,PKIX_CertStore_GetTrustCallback failed,0),
+PKIX_ERRORENTRY(CERTSTOREHASHCODEFAILED,pkix_CertStore_Hashcode failed,0),
+PKIX_ERRORENTRY(CERTTOSTRINGFAILED,PKIX_PL_Cert_ToString failed,0),
+PKIX_ERRORENTRY(CERTTOSTRINGHELPERFAILED,pkix_pl_Cert_ToString_Helper failed,0),
+PKIX_ERRORENTRY(CERTVERIFYCERTTYPEFAILED,PKIX_PL_Cert_VerifyCertAndKeyType failed,0),
+PKIX_ERRORENTRY(CERTVERIFYKEYUSAGEFAILED,PKIX_PL_Cert_VerifyKeyUsage failed,0),
+PKIX_ERRORENTRY(CERTVERIFYSIGNATUREFAILED,PKIX_PL_Cert_VerifySignature failed,0),
+PKIX_ERRORENTRY(CHAINVERIFYCALLBACKFAILED,Chain rejected by Application Callback,SEC_ERROR_APPLICATION_CALLBACK_ERROR),
+PKIX_ERRORENTRY(CHECKCERTAGAINSTANCHORFAILED,pkix_CheckCertAgainstAnchor failed,0),
+PKIX_ERRORENTRY(CHECKCERTFAILED,pkix_CheckCert failed,0),
+PKIX_ERRORENTRY(CHECKCHAINFAILED,pkix_CheckChain failed,0),
+PKIX_ERRORENTRY(CHECKTRUSTCALLBACKFAILED,CheckTrustCallback failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTOREPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCrl failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECERTFAILED,pkix_pl_CollectionCertStoreContext_CreateCert failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTCREATECRLFAILED,pkix_pl_CollectionCertStoreContext_CreateCRL failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCERTFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCert failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED,pkix_pl_CollectionCertStoreContext_GetSelectCRL failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECERTFAILED,pkix_pl_CollectionCertStoreContext_PopulateCert failed,0),
+PKIX_ERRORENTRY(COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED,pkix_pl_CollectionCertStoreContext_PopulateCRL failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSCREATEFAILED,PKIX_ComCertSelParams_Create failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETAUTHORITYKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetAuthorityKeyIdentifier failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_GetBasicConstraints failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEFAILED,PKIX_ComCertSelParams_GetCertificate failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_GetCertificateValid failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED,PKIX_ComCertSelParams_GetExtendedKeyUsage failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETISSUERFAILED,PKIX_ComCertSelParams_GetIssuer failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETKEYUSAGEFAILED,PKIX_ComCertSelParams_GetKeyUsage failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_GetLeafCertFlag failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETMATCHALLSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetMatchAllSubjAltNames failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED,PKIX_ComCertSelParams_GetNameConstraints failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETPATHTONAMESFAILED,PKIX_ComCertSelParams_GetPathToNames failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETPOLICYFAILED,PKIX_ComCertSelParams_GetPolicy failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETSERIALNUMBERFAILED,PKIX_ComCertSelParams_GetSerialNumber failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJALTNAMESFAILED,PKIX_ComCertSelParams_GetSubjAltNames failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJECTFAILED,PKIX_ComCertSelParams_GetSubject failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_GetSubjKeyIdentifier failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPKALGIDFAILED,PKIX_ComCertSelParams_GetSubjPKAlgId failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETSUBJPUBKEYFAILED,PKIX_ComCertSelParams_GetSubjPubKey failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSGETVERSIONFAILED,PKIX_ComCertSelParams_GetVersion failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED,PKIX_ComCertSelParams_SetBasicConstraints failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEFAILED,PKIX_ComCertSelParams_SetCertificate failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED,PKIX_ComCertSelParams_SetCertificateValid failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETEXTKEYUSAGEFAILED,PKIX_ComCertSelParams_SetExtendedKeyUsage failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETKEYUSAGEFAILED,PKIX_ComCertSelParams_SetKeyUsage failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETLEAFCERTFLAGFAILED,PKIX_ComCertSelParams_SetLeafCertFlag failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETNISTPOLICYENABLEDFAILED,PKIX_ComCertSelParams_SetNISTPolicyEnabled failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETPATHTONAMESFAILED,PKIX_ComCertSelParams_SetPathToNames failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETSUBJECTFAILED,PKIX_ComCertSelParams_SetSubject failed,0),
+PKIX_ERRORENTRY(COMCERTSELPARAMSSETSUBJKEYIDENTIFIERFAILED,PKIX_ComCertSelParams_SetSubjKeyIdentifier failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSADDISSUERNAMEFAILED,PKIX_ComCRLSelParams_AddIssuerName failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSCREATEFAILED,PKIX_ComCRLSelParams_Create failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSEQUALSFAILED,pkix_ComCRLSelParams_Equals failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSGETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_GetDateAndTime failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSGETISSUERNAMESFAILED,PKIX_ComCRLSelParams_GetIssuerNames failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSGETMAXCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMaxCRLNumber failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSGETMINCRLNUMBERFAILED,PKIX_ComCRLSelParams_GetMinCRLNumber failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED,PKIX_ComCRLSelParams_GetNISTPolicyEnabled failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSSETCERTFAILED,PKIX_ComCRLSelParams_SetCertificateChecking failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSSETDATEANDTIMEFAILED,PKIX_ComCRLSelParams_SetDateAndTime failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGFAILED,pkix_ComCRLSelParams_ToString failed,0),
+PKIX_ERRORENTRY(COMCRLSELPARAMSTOSTRINGHELPERFAILED,pkix_ComCRLSelParams_ToString_Helper failed,0),
+PKIX_ERRORENTRY(COMPARATORCALLBACKFAILED,comparator callback failed,0),
+PKIX_ERRORENTRY(CONTENTTYPENOTPKCS7MIME,Content type is not application/pkcs7-mime,0),
+PKIX_ERRORENTRY(CONTENTTYPENOTPKIXCRL,Content type is not application/pkix-crl,SEC_ERROR_BAD_HTTP_RESPONSE),
+PKIX_ERRORENTRY(COULDNOTALLOCATEMEMORY,Could not allocate memory,0),
+PKIX_ERRORENTRY(COULDNOTALLOCATENEWSTRINGOBJECT,Could not allocate new string object,0),
+PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST,Could not append child to parent PolicyNode list,0),
+PKIX_ERRORENTRY(COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST,Could not append child to parent VerifyNode list,0),
+PKIX_ERRORENTRY(COULDNOTCREATEAIAMGROBJECT,Could not create AiaMgr object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT,Could not create basic constraints state object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEBUILDPARAMSOBJECT,Could not create build params object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEBUILDRESULTOBJECT,Could not create build result object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTBASICCONSTRAINTSOBJECT,Could not create a CertBasicConstraints object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTCHAINCHECKEROBJECT,Could not create cert chain checker object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTNAMECONSTRAINTSOBJECT,Could not create CertNameConstraints object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYINFOOBJECT,Could not create a CertPolicyInfo object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYMAPOBJECT,Could not create a CertPolicyMap object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTPOLICYQUALIFIEROBJECT,Could not create a CertPolicyQualifier object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTSELECTOROBJECT,Could not create cert selector object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECERTSTOREOBJECT,Could not create CertStore object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT,Could not create CollectionCertStoreContext object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECOMMONCERTSELPARAMSOBJECT,Could not create common certsel params object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT,Could not create common crl selector params object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECRLENTRYOBJECT,Could not create CRLENTRY object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECRLOBJECT,Could not create CRL object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECRLSELECTOROBJECT,Could not create CRLSelector object,0),
+PKIX_ERRORENTRY(COULDNOTCREATECRLCHECKEROBJECT,Could not create CRLChecker object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEOCSPCHECKEROBJECT,Could not create OcspChecker object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEREVOCATIONMETHODOBJECT,Could not create RevocationMethod object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEDEFAULTREVOCATIONCHECKEROBJECT,Could not create DefaultRevocationChecker object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEEKUCHECKERSTATEOBJECT,Could not create EkuCheckerState object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEFORWARDBUILDERSTATEOBJECT,Could not create forwardBuilder state object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEHASHTABLEOBJECT,Could not create HashTable object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEHTTPDEFAULTCLIENTOBJECT,Could not create HttpDefaultClient object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEINFOACCESSOBJECT,Could not create InfoAccess object,0),
+PKIX_ERRORENTRY(COULDNOTCREATELDAPDEFAULTCLIENTOBJECT,Could not create LdapDefaultClient object,0),
+PKIX_ERRORENTRY(COULDNOTCREATELOCKOBJECT,Could not create lock object,0),
+PKIX_ERRORENTRY(COULDNOTCREATELOGGEROBJECT,Could not create Logger object,0),
+PKIX_ERRORENTRY(COULDNOTCREATENAMECONSTRAINTSCHECKERSTATEOBJECT,Could not create NameConstraintsCheckerState object,0),
+PKIX_ERRORENTRY(COULDNOTCREATENSSDN,Could not create NSS DN,0),
+PKIX_ERRORENTRY(COULDNOTCREATEOBJECT,Could not create object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEOBJECTSTORAGE,Could not create object storage,0),
+PKIX_ERRORENTRY(COULDNOTCREATEPOLICYCHECKERSTATEOBJECT,Could not create policyChecker state object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEPOLICYNODEOBJECT,Could not create a PolicyNode object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEPROCESSINGPARAMSOBJECT,Could not create processing params object,0),
+PKIX_ERRORENTRY(COULDNOTCREATERESOURCELIMITOBJECT,Could not create ResourceLimit object,0),
+PKIX_ERRORENTRY(COULDNOTCREATESIGNATURECHECKERSTATEOBJECT,Could not create SignatureCheckerState object,0),
+PKIX_ERRORENTRY(COULDNOTCREATESOCKETOBJECT,Could not create Socket object,0),
+PKIX_ERRORENTRY(COULDNOTCREATESTRING,Could not create string,0),
+PKIX_ERRORENTRY(COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT,Could not create target cert checker state object,0),
+PKIX_ERRORENTRY(COULDNOTCREATETRUSTANCHOROBJECT,Could not create trust anchor object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEVALIDATEPARAMSOBJECT,Could not create validate params object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEVALIDATERESULTOBJECT,Could not create validate result object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEVERIFYNODEOBJECT,Could not create a VerifyNode object,0),
+PKIX_ERRORENTRY(COULDNOTCREATEX500NAMEOBJECT,Could not create X500Name object,0),
+PKIX_ERRORENTRY(COULDNOTGETFIRSTOBJECTTYPE,Could not get first object type,0),
+PKIX_ERRORENTRY(COULDNOTGETSECONDOBJECTTYPE,Could not get second object type,0),
+PKIX_ERRORENTRY(COULDNOTGETTYPEOFSECONDARGUMENT,Could not get type of second argument,0),
+PKIX_ERRORENTRY(COULDNOTLOOKUPINHASHTABLE,Could not lookup in hashtable,0),
+PKIX_ERRORENTRY(COULDNOTMALLOCNEWKEY,Could not malloc new key,0),
+PKIX_ERRORENTRY(COULDNOTTESTWHETHERKEYSEQUAL,Could not test whether keys are equal,0),
+PKIX_ERRORENTRY(CREATECERTFAILED,CreateCert failed,0),
+PKIX_ERRORENTRY(CREATECRLSELECTORDUPLICATEOBJECTFAILED,Create CRLSelector Duplicate Object failed,0),
+PKIX_ERRORENTRY(CREATEPROCESSINGPARAMSFAILED,Failed to create processing parameters,0),
+PKIX_ERRORENTRY(CRLCHECKERCREATEFAILED,pkix_CRLChecker_Create failed,0),
+PKIX_ERRORENTRY(CRLCHECKERINITIALIZEFAILED,pkix_CRLChecker_Initialize failed,0),
+PKIX_ERRORENTRY(CRLCHECKERNOLOCALCERTSTOREFOUND,No local cert store found, 0),
+PKIX_ERRORENTRY(CRLCHECKERSETSELECTORFAILED,pkix_CRLChecker_SetSelector failed,0),
+PKIX_ERRORENTRY(CRLCREATEFAILED,PKIX_PL_CRL_Create failed,0),
+PKIX_ERRORENTRY(CRLCREATETOLISTFAILED,pkix_pl_CRL_CreateToList failed,0),
+PKIX_ERRORENTRY(CRLCREATEWITHSIGNEDCRLFAILED,pkix_pl_CRL_CreateWithSignedCRL failed,0),
+PKIX_ERRORENTRY(CRLCRITICALEXTENSIONOIDSNOTPROCESSED,CRL Critical Extension OIDs not processed,0),
+PKIX_ERRORENTRY(CRLDPCREATEFAILED, Failed to create CRL DP,0),
+PKIX_ERRORENTRY(CRLENTRYCREATEFAILED,pkix_pl_CRLEntry_Create failed,0),
+PKIX_ERRORENTRY(CRLENTRYCRITICALEXTENSIONWASNOTPROCESSED,CRLEntry Critical Extension was not processed,0),
+PKIX_ERRORENTRY(CRLENTRYEXTENSIONSEQUALSFAILED,PKIX_PL_CRLEntry_Extensions_Equals failed,0),
+PKIX_ERRORENTRY(CRLENTRYEXTENSIONSHASHCODEFAILED,pkix_pl_CRLEntry_Extensions_Hashcode failed,0),
+PKIX_ERRORENTRY(CRLENTRYGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRLEntry_GetCriticalExtensionOIDs failed,0),
+PKIX_ERRORENTRY(CRLENTRYGETCRLENTRYREASONCODEFAILED,PKIX_PL_CRLEntry_GetCRLEntryReasonCode failed,0),
+PKIX_ERRORENTRY(CRLENTRYTOSTRINGHELPERFAILED,pkix_pl_CRLEntry_ToString_Helper failed,0),
+PKIX_ERRORENTRY(CRLGETCRITICALEXTENSIONOIDSFAILED,PKIX_PL_CRL_GetCriticalExtensionOIDs failed,0),
+PKIX_ERRORENTRY(CRLGETCRLENTRIESFAILED,pkix_pl_CRL_GetCRLEntries failed,0),
+PKIX_ERRORENTRY(CRLGETCRLENTRYFORSERIALNUMBERFAILED,PKIX_PL_CRL_GetCRLEntryForSerialNumber failed,0),
+PKIX_ERRORENTRY(CRLGETCRLNUMBERFAILED,PKIX_PL_CRL_GetCRLNumber failed,0),
+PKIX_ERRORENTRY(CRLGETISSUERFAILED,PKIX_PL_CRL_GetIssuer failed,0),
+PKIX_ERRORENTRY(CRLGETPARTITIONEDFLAGFAILED,PKIX_PL_CRL_IsPartitioned failed,0),
+PKIX_ERRORENTRY(CRLGETSIGNATUREALGIDFAILED,pkix_pl_CRL_GetSignatureAlgId failed,0),
+PKIX_ERRORENTRY(CRLGETVERSIONFAILED,pkix_pl_CRL_GetVersion failed,0),
+PKIX_ERRORENTRY(CRLISSUECERTEXPIRED,CRL issue cert has expired,0),
+PKIX_ERRORENTRY(CRLMAXNUMBERRANGEMATCHFAILED,CRL MaxNumber Range Match Failed,0),
+PKIX_ERRORENTRY(CRLSELECTORCREATEFAILED,PKIX_CRLSelector_Create failed,0),
+PKIX_ERRORENTRY(CRLSELECTORFAILED,crlSelector failed,0),
+PKIX_ERRORENTRY(CRLSELECTORGETCOMCERTSELPARAMSFAILED,PKIX_CRLSelector_GetComCertSelParams failed,0),
+PKIX_ERRORENTRY(CRLSELECTORGETMATCHCALLBACKFAILED,PKIX_CRLSelector_GetMatchCallback failed,0),
+PKIX_ERRORENTRY(CRLSELECTORMATCHCALLBACKFAILED,PKIX_CRLSelector_MatchCallback failed,0),
+PKIX_ERRORENTRY(CRLSELECTORMATCHFAILED,crlSelectorMatch failed,0),
+PKIX_ERRORENTRY(CRLSELECTORSELECTFAILED,pkix_CRLSelector_Select failed,0),
+PKIX_ERRORENTRY(CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED,PKIX_CRLSelector_SetCommonCRLSelectorParams failed,0),
+PKIX_ERRORENTRY(CRLSELECTORTOSTRINGHELPERFAILED,pkix_CRLSelector_ToString_Helper failed,0),
+PKIX_ERRORENTRY(CRLTOSTRINGHELPERFAILED,pkix_pl_CRL_ToString_Helper failed,0),
+PKIX_ERRORENTRY(CRLVERIFYUPDATETIMEFAILED,pkix_pl_CRL_VerifyUpdateTime failed,0),
+PKIX_ERRORENTRY(DATECREATECURRENTOFFBYSECONDSFAILED,PKIX_PL_Date_Create_CurrentOffBySeconds failed,0),
+PKIX_ERRORENTRY(DATECREATEFROMPRTIMEFAILED,pkix_pl_Date_CreateFromPRTime failed,0),
+PKIX_ERRORENTRY(DATECREATEUTCTIMEFAILED,PKIX_PL_Date_Create_UTCTime failed,0),
+PKIX_ERRORENTRY(DATEDERTIMETOPRTIMEFAILED,Fail to convert encoded time to PRTime,0),
+PKIX_ERRORENTRY(DATEEQUALSFAILED,PKIX_PL_Date_Equals failed,0),
+PKIX_ERRORENTRY(DATEGETPRTIMEFAILED,pkix_pl_Date_GetPRTime failed,0),
+PKIX_ERRORENTRY(DATEHASHCODEFAILED,PKIX_PL_Date_Hashcode failed,0),
+PKIX_ERRORENTRY(DATETOSTRINGFAILED,PKIX_Date_ToString failed,0),
+PKIX_ERRORENTRY(DATETOSTRINGHELPERFAILED,pkix_pl_Date_ToString_Helper failed,0),
+PKIX_ERRORENTRY(DECIPHERONLYKEYUSAGENOTSUPPORTED,decipherOnly key usage not supported,0),
+PKIX_ERRORENTRY(DECODINGCERTNAMECONSTRAINTSFAILED,Decoding Cert NameConstraints failed,0),
+PKIX_ERRORENTRY(DEFAULTREVCHECKERCREATEFAILED,pkix_DefaultRevChecker_Create failed,0),
+PKIX_ERRORENTRY(DEFAULTREVCHECKERINITIALIZEFAILED,pkix_DefaultRevChecker_Initialize failed,0),
+PKIX_ERRORENTRY(DEPTHWOULDEXCEEDRESOURCELIMITS,Depth would exceed Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS),
+PKIX_ERRORENTRY(DERASCIITOTIMEFAILED,DER_AsciiToTime failed,0),
+PKIX_ERRORENTRY(DERDECODETIMECHOICEFAILED,DER_DecodeTimeChoice failed,0),
+PKIX_ERRORENTRY(DERDECODETIMECHOICEFORLASTUPDATEFAILED,DER_DecodeTimeChoice for lastUpdate failed,0),
+PKIX_ERRORENTRY(DERDECODETIMECHOICEFORNEXTUPDATEFAILED,DER_DecodeTimeChoice for nextUpdate failed,0),
+PKIX_ERRORENTRY(DERENCODETIMECHOICEFAILED,DER_EncodeTimeChoice failed,0),
+PKIX_ERRORENTRY(DERGENERALIZEDDAYTOASCIIFAILED,DER_GeneralizedDayToAscii failed,0),
+PKIX_ERRORENTRY(DERTIMETOUTCTIMEFAILED,DER_TimeToUTCTime failed,0),
+PKIX_ERRORENTRY(DERUTCTIMETOASCIIFAILED,DER_UTCTimeToAscii failed,0),
+PKIX_ERRORENTRY(DESTROYSPKIFAILED,pkix_pl_DestroySPKI failed,0),
+PKIX_ERRORENTRY(DIRECTORYNAMECREATEFAILED,pkix_pl_DirectoryName_Create failed,0),
+PKIX_ERRORENTRY(DUPLICATEIMMUTABLEFAILED,pkix_duplicateImmutable failed,0),
+PKIX_ERRORENTRY(CANNOTSORTIMMUTABLELIST,pkix_List_BubbleSort can not sort immutable list,0),
+PKIX_ERRORENTRY(EKUCHECKERGETREQUIREDEKUFAILED,pkix_pl_EkuChecker_GetRequiredEku failed,0),
+PKIX_ERRORENTRY(EKUCHECKERINITIALIZEFAILED,PKIX_PL_EkuChecker_Initialize failed,0),
+PKIX_ERRORENTRY(EKUCHECKERSTATECREATEFAILED,pkix_pl_EkuCheckerState_Create failed,0),
+PKIX_ERRORENTRY(ENABLEREVOCATIONWITHOUTCERTSTORE,Enable Revocation without CertStore,0),
+PKIX_ERRORENTRY(ERRORALLOCATINGMONITORLOCK,Error Allocating MonitorLock,0),
+PKIX_ERRORENTRY(ERRORALLOCATINGRWLOCK,Error Allocating RWLock,0),
+PKIX_ERRORENTRY(ERRORCREATINGCHILDSTRING,Error creating child string,0),
+PKIX_ERRORENTRY(ERRORCREATINGFORMATSTRING,Error creating format string,0),
+PKIX_ERRORENTRY(ERRORCREATINGINDENTSTRING,Error creating indent string,0),
+PKIX_ERRORENTRY(ERRORCREATINGITEMSTRING,Error creating item string,0),
+PKIX_ERRORENTRY(ERRORCREATINGLISTITEM,Error Creating List Item,0),
+PKIX_ERRORENTRY(ERRORCREATINGSUBTREESTRING,Error creating subtree string,0),
+PKIX_ERRORENTRY(ERRORCREATINGTABLELOCK,Error creating table lock,0),
+PKIX_ERRORENTRY(ERRORFINDINGORPROCESSINGURI,Error finding or processing URI,0),
+PKIX_ERRORENTRY(ERRORGETTINGCAUSESTRING,Error getting cause string,0),
+PKIX_ERRORENTRY(ERRORGETTINGCLASSTABLEENTRY,Error getting class table entry,0),
+PKIX_ERRORENTRY(ERRORGETTINGHASHCODE,Error getting hashcode,0),
+PKIX_ERRORENTRY(ERRORGETTINGSECONDOBJECTTYPE,Error getting second object type,0),
+PKIX_ERRORENTRY(ERRORINBYTEARRAYHASHCODE,Error in PKIX_PL_ByteArray_Hashcode,0),
+PKIX_ERRORENTRY(ERRORINGETTINGDESTRUCTOR,Error in getting destructor,0),
+PKIX_ERRORENTRY(ERRORINHASH,Error in pkix_hash,0),
+PKIX_ERRORENTRY(ERRORINLISTHASHCODE,Error in PKIX_List_Hashcode,0),
+PKIX_ERRORENTRY(ERRORINOBJECTDEFINEDESTROY,Error in object-defined destroy callback,0),
+PKIX_ERRORENTRY(ERRORINOIDHASHCODE,Error in PKIX_PL_OID_Hashcode,0),
+PKIX_ERRORENTRY(ERRORINRECURSIVEEQUALSCALL,Error in recursive equals call,0),
+PKIX_ERRORENTRY(ERRORINSINGLEPOLICYNODETOSTRING,Error in pkix_SinglePolicyNode_ToString,0),
+PKIX_ERRORENTRY(ERRORINSINGLEVERIFYNODETOSTRING,Error in pkix_SingleVerifyNode_ToString,0),
+PKIX_ERRORENTRY(ERRORINSPRINTF,Error in PKIX_PL_Sprintf,0),
+PKIX_ERRORENTRY(ERRORINSTRINGCREATE,Error in PKIX_PL_String_Create,0),
+PKIX_ERRORENTRY(ERRORLOCKINGOBJECT,Error locking object,0),
+PKIX_ERRORENTRY(ERRORTOSTRINGFAILED,PKIX_Error_ToString failed,0),
+PKIX_ERRORENTRY(ERRORTRAVERSINGBUCKET,Error traversing bucket,0),
+PKIX_ERRORENTRY(ERRORUNLOCKINGMUTEX,Error unlocking mutex,0),
+PKIX_ERRORENTRY(ERRORUNLOCKINGOBJECT,Error unlocking object,0),
+PKIX_ERRORENTRY(ESCASCIITOUTF16FAILED,pkix_EscASCII_to_UTF16 failed,0),
+PKIX_ERRORENTRY(EXPIRATIONCHECKERINITIALIZEFAILED,pkix_ExpirationChecker_Initialize failed,0),
+PKIX_ERRORENTRY(EXTENDEDKEYUSAGECHECKINGFAILED,Extended Key Usage Checking failed,SEC_ERROR_INADEQUATE_CERT_TYPE),
+PKIX_ERRORENTRY(EXTENDEDKEYUSAGEUSEROBJECT,Extended Key Usage User Object,0),
+PKIX_ERRORENTRY(EXTRACTPARAMETERSFAILED,pkix_ExtractParameters failed,0),
+PKIX_ERRORENTRY(FAILEDINENCODINGSEARCHREQUEST,failed in encoding searchRequest,SEC_ERROR_FAILED_TO_ENCODE_DATA),
+PKIX_ERRORENTRY(FAILEDTODECODECRL, failed to decode CRL,SEC_ERROR_BAD_DER),
+PKIX_ERRORENTRY(FAILEDTOGETNSSTRUSTANCHORS,Failed to get nss trusted roots,0),
+PKIX_ERRORENTRY(FAILEDTOGETTRUST, failed to get trust from the cert,0),
+PKIX_ERRORENTRY(FAILTOREMOVEDPFROMLIST, failed to remove dp from the list,0),
+PKIX_ERRORENTRY(FAILTOSELECTCERTSFROMANCHORS,failed to select certs from anchors,0),
+PKIX_ERRORENTRY(FAILUREHASHINGCERT,Failure hashing Cert,0),
+PKIX_ERRORENTRY(FAILUREHASHINGERROR,Failure hashing Error,0),
+PKIX_ERRORENTRY(FAILUREHASHINGLISTEXPECTEDPOLICYSET,Failure hashing PKIX_List expectedPolicySet,0),
+PKIX_ERRORENTRY(FAILUREHASHINGLISTQUALIFIERSET,Failure hashing PKIX_List qualifierSet,0),
+PKIX_ERRORENTRY(FAILUREHASHINGOIDVALIDPOLICY,Failure hashing PKIX_PL_OID validPolicy,0),
+PKIX_ERRORENTRY(FANOUTEXCEEDSRESOURCELIMITS,Fanout exceeds Resource Limits,0),
+PKIX_ERRORENTRY(FETCHINGCACHEDCRLFAILED,Fetching Cached CRLfailed,0),
+PKIX_ERRORENTRY(FILLINPROCESSINGPARAMSFAILED,Fail to fill in parameters,0),
+PKIX_ERRORENTRY(FILLINRETURNRESULTSFAILED,Fail to fill in return results,0),
+PKIX_ERRORENTRY(FIRSTARGUMENTNOTBYTEARRAY,FirstObject is not a ByteArray,0),
+PKIX_ERRORENTRY(FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT,First argument is not a CertBasicConstraints Object,0),
+PKIX_ERRORENTRY(FIRSTDOUBLEHEXMUSTNOTBE00,First DoubleHex MUST NOT be 00,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(FIRSTFIELDMUSTBEBETWEEN02,First field must be between 0-2,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTANOCSPRESPONSE,FirstObject is not an OcspResponse,0),
+PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPREQUEST,FirstObject is not a LdapRequest,0),
+PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTLDAPRESPONSE,FirstObject is not a LdapResponse,0),
+PKIX_ERRORENTRY(FIRSTOBJARGUMENTNOTOCSPREQUEST,FirstObject is not a OcspRequest,0),
+PKIX_ERRORENTRY(FIRSTOBJECTARGUMENTNOTANX500NAME,FirstObject is not an X500Name,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTANERROROBJECT,FirstObject is not an Error object,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTBIGINT,FirstObject not a BigInt,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDPARAMS,FirstObject is not a BuildParams,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTBUILDRESULT,FirstObject is not a BuildResult,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCERT,FirstObject is not a Cert,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTBASICCONSTRAINTS,FirstObject is not a CertBasicConstraints,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTNAMECONSTRAINTS,FirstObject is not a CertNameConstraints,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYINFO,FirstObject is not a CertPolicyInfo,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYMAP,FirstObject is not a CertPolicyMap,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCERTPOLICYQUALIFIER,FirstObject is not a CertPolicyQualifier,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCOMCRLSELPARAMS,FirstObject is not a ComCRLSelParams,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCRL,FirstObject is not a CRL,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLENTRY,FirstObject is not a CRLEntry,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTCRLSELECTOR,FirstObject is not a CRLSelector,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTDATE,FirstObject is not a Date,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTERROR,FirstObject is not an Error,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTGENERALNAME,FirstObject is not a GeneralName,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTINFOACCESS,FirstObject is not a InfoAccess,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTLIST,FirstObject is not a List,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTLOGGER,FirstObject is not a Logger,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTPOLICYNODE,FirstObject is not a PolicyNode,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTPROCESSINGPARAMS,FirstObject is not a ProcessingParams,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTPUBLICKEY,FirstObject is not a PublicKey,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTRESOURCELIMITS,FirstObject is not a ResourceLimits,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTSTRING,FirstObject is not a String,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTTRUSTANCHOR,FirstObject is not a TrustAnchor,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATEPARAMS,FirstObject is not a ValidateParams,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTVALIDATERESULT,FirstObject is not a ValidateResult,0),
+PKIX_ERRORENTRY(FIRSTOBJECTNOTVERIFYNODE,FirstObject is not a VerifyNode,0),
+PKIX_ERRORENTRY(FIRSTPUBKEYTYPENULLKEY,firstPubKeyType is nullKey,0),
+PKIX_ERRORENTRY(FUNCTIONMUSTNOTBEUSED,Function MUST not be used,SEC_ERROR_LIBPKIX_INTERNAL),
+PKIX_ERRORENTRY(FORWARDBUILDERSTATEDUMPSTATEFAILED,pkix_ForwardBuilderState_DumpState failed,0),
+PKIX_ERRORENTRY(FORWARDBUILDERSTATEISIOPENDINGFAILED,pkix_ForwardBuilderState_IsIOPending failed,0),
+PKIX_ERRORENTRY(FORWARDBUILDSTATECREATEFAILED,pkix_ForwardBuildState_Create failed,0),
+PKIX_ERRORENTRY(FREEFAILED,PKIX_PL_Free failed,0),
+PKIX_ERRORENTRY(GENERALNAMECREATEFAILED,pkix_pl_GeneralName_Create failed,0),
+PKIX_ERRORENTRY(GENERALNAMEGETNSSGENERALNAMEFAILED,pkix_pl_GeneralName_GetNssGeneralName failed,0),
+PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGDOUBLESLASH,GeneralName string missing double slash,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGLOCATIONTYPE,GeneralName string missing location type,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+PKIX_ERRORENTRY(GENERALNAMESTRINGMISSINGSERVERSITE,GeneralName string missing server-site,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+PKIX_ERRORENTRY(GENERALNAMETOSTRINGFAILED,pkix_pl_GeneralName_ToString failed,0),
+PKIX_ERRORENTRY(GENERALNAMETOSTRINGHELPERFAILED,pkix_pl_GeneralName_ToString_Helper failed,0),
+PKIX_ERRORENTRY(GENERICCLIENTNOTANLDAPDEFAULTCLIENT,genericClient is not an LdapDefaultClient,0),
+PKIX_ERRORENTRY(GETATTRIBUTESCALLEDFORNONENTRYMESSAGE,GetAttributes called for non-Entry message,SEC_ERROR_BAD_LDAP_RESPONSE),
+PKIX_ERRORENTRY(GETCERTSFAILED,getCerts failed,0),
+PKIX_ERRORENTRY(GETCRITICALEXTENSIONOIDSFAILED,pkix_GetCriticalExtensionOIDs failed,0),
+PKIX_ERRORENTRY(GETCRLSFAILED,getCrls failed,0),
+PKIX_ERRORENTRY(GETOIDTOKENFAILED,pkix_pl_getOIDToken failed,0),
+PKIX_ERRORENTRY(GETPKIXERRORCODEFAILED,Get PKIX error code failed,0),
+PKIX_ERRORENTRY(GETREQCERTIFICATEUSAGESFAILED,Fail to get required certificate usages,0),
+PKIX_ERRORENTRY(GETRESULTCODECALLEDFORNONRESULTMESSAGE,GetResultCode called for non-Result message,SEC_ERROR_BAD_LDAP_RESPONSE),
+PKIX_ERRORENTRY(GETRETCERTIFICATEUSAGESFAILED,Fail to get returned certificate usages,0),
+PKIX_ERRORENTRY(GETTRUSTEDCERTLISTFAILED,Fail to get trusted cert list,0),
+PKIX_ERRORENTRY(HASHFAILED,pkix_hash failed,0),
+PKIX_ERRORENTRY(HASHTABLEADDFAILED,PKIX_PL_HashTable_Add failed,0),
+PKIX_ERRORENTRY(HASHTABLECREATEFAILED,PKIX_PL_HashTable_Create failed,0),
+PKIX_ERRORENTRY(HASHTABLELOOKUPFAILED,PKIX_PL_HashTable_Lookup failed,0),
+PKIX_ERRORENTRY(HASHTABLEREMOVEFAILED,PKIX_PL_HashTable_Remove failed,0),
+PKIX_ERRORENTRY(HELPERBYTES2ASCIIFAILED,pkix_pl_helperBytes2Ascii failed,0),
+PKIX_ERRORENTRY(HELPERBYTES2ASCIINUMTOKENSZERO,pkix_pl_helperBytes2Ascii: numTokens is zero,0),
+PKIX_ERRORENTRY(HTTPCERTSTORECREATEREQUESTSESSIONFAILED,pkix_pl_HttpCertStore_CreateRequestSession failed,0),
+PKIX_ERRORENTRY(HTTPCERTSTORECREATEWITHASCIINAMEFAILED,PKIX_PL_HttpCertStore_CreateWithAsciiName failed,0),
+PKIX_ERRORENTRY(HTTPCERTSTOREDECODECERTPACKAGEFAILED,pkix_pl_HttpCertStore_DecodeCertPackage failed,0),
+PKIX_ERRORENTRY(HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED,pkix_HttpCertStore_FindSocketConnection failed,0),
+PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCERTRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCertResponse failed,0),
+PKIX_ERRORENTRY(HTTPCERTSTOREPROCESSCRLRESPONSEFAILED,pkix_pl_HttpCertStore_ProcessCrlResponse failed,0),
+PKIX_ERRORENTRY(HTTPCLIENTCREATESESSIONFAILED,HttpClient->CreateSession failed,0),
+PKIX_ERRORENTRY(HTTPCLIENTININVALIDSTATE,HttpClient in invalid state,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_HttpDefaultClient_ConnectContinue failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTCREATEFAILED,pkix_pl_HttpDefaultClient_Create failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_HttpDefaultClient_Dispatch failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED,pkix_pl_HttpDefaultClient_HdrCheckComplete failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTINILLEGALSTATE,HttpDefaultClient in illegal state,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvBodyContinue failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVBODYFAILED,pkix_pl_HttpDefaultClient_RecvBody failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRCONTINUEFAILED,pkix_pl_HttpDefaultClient_RecvHdrContinue failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTRECVHDRFAILED,pkix_pl_HttpDefaultClient_RecvHdr failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_HttpDefaultClient_SendContinue failed,0),
+PKIX_ERRORENTRY(HTTPDEFAULTCLIENTSENDFAILED,pkix_pl_HttpDefaultClient_Send failed,0),
+PKIX_ERRORENTRY(HTTPSERVERERROR,HTTP Server Error,0),
+PKIX_ERRORENTRY(ILLEGALCHARACTERINESCAPEDASCII,Illegal character in Escaped ASCII String,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(ILLEGALCHARACTERINOID,Illegal character in OID,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(ILLEGALDOTINOID,Illegal period in OID,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(ILLEGALSURROGATEPAIR,Illegal surrogate pair in EscapedASCII,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(ILLEGALUNICODECHARACTER,Illegal Unicode character in EscapedASCII,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(ILLEGALUSEOFAMP,Illegal use of ampersand character,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(IMPOSSIBLECRITERIONFORCRLQUERY,Impossible criterion for Crl Query,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(INDEXOUTOFBOUNDS,Index out of bounds,SEC_ERROR_LIBPKIX_INTERNAL),
+PKIX_ERRORENTRY(INESCAPEDASCII,in EscapedASCII,0),
+PKIX_ERRORENTRY(INFOACCESSCREATEFAILED,pkix_pl_InfoAccess_Create failed,0),
+PKIX_ERRORENTRY(INFOACCESSCREATELISTFAILED,pkix_pl_InfoAccess_CreateList failed,0),
+PKIX_ERRORENTRY(INFOACCESSGETLOCATIONFAILED,PKIX_PL_InfoAccess_GetLocation failed,0),
+PKIX_ERRORENTRY(INFOACCESSGETLOCATIONTYPEFAILED,PKIX_PL_InfoAccess_GetLocationType failed,0),
+PKIX_ERRORENTRY(INFOACCESSGETMETHODFAILED,PKIX_PL_InfoAccess_GetMethod failed,0),
+#ifndef NSS_PKIX_NO_LDAP
+PKIX_ERRORENTRY(INFOACCESSPARSELOCATIONFAILED,pkix_pl_InfoAccess_ParseLocation failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+#endif
+PKIX_ERRORENTRY(INFOACCESSPARSETOKENSFAILED,pkix_pl_InfoAccess_ParseTokens failed,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+PKIX_ERRORENTRY(INITIALIZECHECKERSFAILED,pkix_InitializeCheckers failed,0),
+PKIX_ERRORENTRY(INITIALIZEFAILED,PKIX_PL_Initialize failed,0),
+PKIX_ERRORENTRY(INPUTLISTMUSTBEHEADER,Input List must be header,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(INPUTLISTSMUSTBELISTHEADERS,Input Lists must be list headers,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCERTQUERY,Insufficient criteria for Cert query,0),
+PKIX_ERRORENTRY(INSUFFICIENTCRITERIAFORCRLQUERY,Insufficient criteria for Crl Query,0),
+PKIX_ERRORENTRY(INTRUSTEDCERT,in Trusted Cert,0),
+PKIX_ERRORENTRY(INVALIDCHARACTERINBIGINT,Invalid character in BigInt,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(INVALIDDERENCODINGFOROID,Invalid DER-encoding for OID,0),
+PKIX_ERRORENTRY(INVALIDENCODINGOIDTOKENVALUETOOBIG,Invalid encoding: OID token value too big,0),
+PKIX_ERRORENTRY(INVALIDPOLICYMAPPINGINCLUDESANYPOLICY,Invalid policyMapping includes anyPolicy,SEC_ERROR_INVALID_POLICY_MAPPING),
+PKIX_ERRORENTRY(INVALIDREVOCATIONMETHOD,Invalid revocation method,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(INVALIDSIGNINGCERTINOCSPRESPONSE,Invalid signing Cert in OCSP response,SEC_ERROR_OCSP_INVALID_SIGNING_CERT),
+PKIX_ERRORENTRY(INVALIDSTATUS,INVALID STATUS,0),
+PKIX_ERRORENTRY(INVALIDSTORETYPEFORSETTINGCONFIGDIR,Invalid Store type for Setting ConfigDir,0),
+PKIX_ERRORENTRY(IPADDRBYTES2ASCIIDATALENGTHZERO,pkix_pl_ipAddrBytes2Ascii: data length is zero,0),
+PKIX_ERRORENTRY(IPADDRBYTES2ASCIIFAILED,pkix_pl_ipAddrBytes2Ascii failed,0),
+PKIX_ERRORENTRY(ISCERTSELFISSUEDFAILED,pkix_IsCertSelfIssued failed,0),
+PKIX_ERRORENTRY(ISCERTSELFISSUEFAILED,pkix_IsCertSelfIssue failed,0),
+PKIX_ERRORENTRY(KEYUSAGEKEYCERTSIGNBITNOTON,Validation failed: KeyUsage KeyCertSign bit is not on,SEC_ERROR_CA_CERT_INVALID),
+PKIX_ERRORENTRY(KEYUSAGEKEYCRLSIGNBITNOTON,Validation failed: KeyUsage CRLSign bit is not on,0),
+PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCERTLISTFAILED,pkix_pl_LdapCertStore_BuildCertList failed,0),
+PKIX_ERRORENTRY(LDAPCERTSTOREBUILDCRLLISTFAILED,pkix_pl_LdapCertStore_BuildCrlList failed,0),
+PKIX_ERRORENTRY(LDAPCERTSTOREDECODECROSSCERTPAIRFAILED,pkix_pl_LdapCertStore_DecodeCrossCertPair failed,0),
+PKIX_ERRORENTRY(LDAPCERTSTOREDESTROYAVALISTFAILED,pkix_pl_LdapCertStore_DestroyAVAList failed,0),
+PKIX_ERRORENTRY(LDAPCERTSTOREINILLEGALSTATE,LDAP CertStore in illegal state,0),
+PKIX_ERRORENTRY(LDAPCERTSTOREMAKENAMEAVALISTFAILED,pkix_pl_LdapCertStore_MakeNameAVAList failed,0),
+PKIX_ERRORENTRY(LDAPCLIENTINITIATEREQUESTFAILED,PKIX_PL_LdapClient_InitiateRequest failed,0),
+PKIX_ERRORENTRY(LDAPCLIENTRESUMEREQUESTFAILED,PKIX_PL_LdapClient_ResumeRequest failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTABANDONCONTINUEFAILED,pkix_pl_LdapDefaultClient_AbandonContinue failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDCONTINUEFAILED,pkix_pl_LdapDefaultClient_BindContinue failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDFAILED,pkix_pl_LdapDefaultClient_Bind failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSECONTINUEFAILED,pkix_pl_LdapDefaultClient_BindResponseContinue failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_BindResponse failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCONNECTCONTINUEFAILED,pkix_pl_LdapDefaultClient_ConnectContinue failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEBYNAMEFAILED,PKIX_PL_LdapDefaultClient_CreateByName failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTCREATEHELPERFAILED,pkix_pl_LdapDefaultClient_CreateHelper failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDECODEBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_DecodeBindResponse failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTDISPATCHFAILED,pkix_pl_LdapDefaultClient_Dispatch failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTINILLEGALSTATE,LDAP DefaultClient in illegal state,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEABANDONFAILED,pkix_pl_LdapDefaultClient_MakeAbandon failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEANDFILTERFAILED,pkix_pl_LdapDefaultClient_MakeAndFilter failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEBINDFAILED,pkix_pl_LdapDefaultClient_MakeBind failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTMAKEUNBINDFAILED,pkix_pl_LdapDefaultClient_MakeUnbind failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED,pkix_pl_LdapDefaultClient_RecvCheckComplete failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVCONTINUEFAILED,pkix_pl_LdapDefaultClient_RecvContinue failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVFAILED,pkix_pl_LdapDefaultClient_Recv failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVINITIALFAILED,pkix_pl_LdapDefaultClient_RecvInitial failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTRECVNONINITIALFAILED,pkix_pl_LdapDefaultClient_RecvNonInitial failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDCONTINUEFAILED,pkix_pl_LdapDefaultClient_SendContinue failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTSENDFAILED,pkix_pl_LdapDefaultClient_Send failed,0),
+PKIX_ERRORENTRY(LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED,pkix_pl_LdapDefaultClient_VerifyBindResponse failed,0),
+PKIX_ERRORENTRY(LDAPREQUESTATTRSTRINGTOBITFAILED,pkix_pl_LdapRequest_AttrStringToBit failed,0),
+PKIX_ERRORENTRY(LDAPREQUESTATTRTYPETOBITFAILED,pkix_pl_LdapRequest_AttrTypeToBit failed,0),
+PKIX_ERRORENTRY(LDAPREQUESTCREATEFAILED,pkix_pl_LdapRequest_Create failed,0),
+PKIX_ERRORENTRY(LDAPREQUESTENCODEATTRSFAILED,pkix_pl_LdapRequest_EncodeAttrs failed,0),
+PKIX_ERRORENTRY(LDAPREQUESTGETENCODEDFAILED,pkix_pl_LdapRequest_GetEncoded failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSEAPPENDFAILED,pkix_pl_LdapResponse_Append failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSECREATEFAILED,pkix_pl_LdapResponseCreate failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSEDECODEFAILED,pkix_pl_LDAPResponse_Decode failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSEGETCAPACITYFAILED,pkix_pl_LdapResponse_GetCapacity failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGEFAILED,pkix_pl_LdapResponse_GetMessage failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSEGETMESSAGETYPEFAILED,pkix_pl_LdapResponse_GetMessageType failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSEGETRESULTCODEFAILED,pkix_pl_LdapResponse_GetResultCode failed,0),
+PKIX_ERRORENTRY(LDAPRESPONSEISCOMPLETEFAILED,pkix_pl_LdapResponse_IsComplete failed,0),
+PKIX_ERRORENTRY(LISTAPPENDFAILED,PKIX_List_Append failed,0),
+PKIX_ERRORENTRY(LISTAPPENDITEMFAILED,PKIX_List_AppendItem failed,0),
+PKIX_ERRORENTRY(LISTAPPENDLISTFAILED,pkix_List_AppendList failed,0),
+PKIX_ERRORENTRY(LISTAPPENDUNIQUEFAILED,pkix_List_AppendUnique failed,0),
+PKIX_ERRORENTRY(LISTBUBBLESORTFAILED,pkix_List_BubbleSort failed,0),
+PKIX_ERRORENTRY(LISTCONTAINSFAILED,pkix_List_Contains failed,0),
+PKIX_ERRORENTRY(LISTCREATEFAILED,PKIX_List_Create failed,0),
+PKIX_ERRORENTRY(LISTCREATEINTERNALFAILED,pkix_List_Create_Internal failed,0),
+PKIX_ERRORENTRY(LISTDELETEITEMFAILED,PKIX_List_DeleteItem failed,0),
+PKIX_ERRORENTRY(LISTDUPLICATEFAILED,pkix_List_Duplicate failed,0),
+PKIX_ERRORENTRY(LISTEQUALSFAILED,PKIX_List_Equals failed,0),
+PKIX_ERRORENTRY(LISTGETELEMENTFAILED,pkix_List_GetElement failed,0),
+PKIX_ERRORENTRY(LISTGETITEMFAILED,PKIX_List_GetItem failed,0),
+PKIX_ERRORENTRY(LISTGETLENGTHFAILED,PKIX_List_GetLength failed,0),
+PKIX_ERRORENTRY(LISTHASHCODEFAILED,pkix_List_Hashcode failed,0),
+PKIX_ERRORENTRY(LISTINSERTITEMFAILED,PKIX_List_InsertItem failed,0),
+PKIX_ERRORENTRY(LISTISEMPTYFAILED,PKIX_List_IsEmpty failed,0),
+PKIX_ERRORENTRY(LISTMERGEFAILED,pkix_List_MergeList failed,0),
+PKIX_ERRORENTRY(LISTQUICKSORTFAILED,pkix_List_QuickSort failed,0),
+PKIX_ERRORENTRY(LISTREMOVEFAILED,pkix_List_Remove failed,0),
+PKIX_ERRORENTRY(LISTREMOVEITEMSFAILED,pkix_List_RemoveItems failed,0),
+PKIX_ERRORENTRY(LISTREVERSELISTFAILED,PKIX_List_ReverseList failed,0),
+PKIX_ERRORENTRY(LISTSETIMMUTABLEFAILED,PKIX_List_SetImmutable failed,0),
+PKIX_ERRORENTRY(LISTSETITEMFAILED,PKIX_List_SetItem failed,0),
+PKIX_ERRORENTRY(LISTTOSTRINGFAILED,pkix_List_ToString failed,0),
+PKIX_ERRORENTRY(LISTTOSTRINGHELPERFAILED,pkix_List_ToString Helper failed,0),
+PKIX_ERRORENTRY(LOCATIONSTRINGNOTPROPERLYTERMINATED,Location string not properly terminated,0),
+PKIX_ERRORENTRY(LOCKHASNONZEROREADCOUNT,Lock has non-zero read count,0),
+PKIX_ERRORENTRY(LOCKOBJECTFAILED,pkix_LockObject failed,0),
+PKIX_ERRORENTRY(LOGGERDUPLICATEFAILED,pkix_Logger_Duplicate failed,0),
+PKIX_ERRORENTRY(LOGGINGLEVELEXCEEDSMAXIMUM,Logging Level exceeds Maximum,0),
+PKIX_ERRORENTRY(LOOPDISCOVEREDDUPCERTSNOTALLOWED,Loop discovered: duplicate certificates not allowed,SEC_ERROR_UNTRUSTED_ISSUER),
+PKIX_ERRORENTRY(LOOPOFERRORCAUSEDETECTED,Loop of error causes detected,0),
+PKIX_ERRORENTRY(MAJORVERSIONSDONTMATCH,Major versions do not match,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(MALLOCFAILED,PKIX_PL_Malloc failed,0),
+PKIX_ERRORENTRY(MEMLEAKGENERATEDERROR,Error generated for memory leak testing,SEC_ERROR_NO_MEMORY),
+PKIX_ERRORENTRY(MINORVERSIONNOTBETWEENDESIREDMINANDMAX,Minor version does not fall between desired minimum and maximum,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(MISSINGDSAPARAMETERS,Missing DSA parameters in Trusted Cert,SEC_ERROR_INVALID_KEY),
+PKIX_ERRORENTRY(MONITORLOCKCREATEFAILED,PKIX_PL_MonitorLock_Create failed,0),
+PKIX_ERRORENTRY(MONITORLOCKENTERFAILED,PKIX_PL_MonitorLock_Enter failed,0),
+PKIX_ERRORENTRY(MONITORLOCKEXITFAILED,PKIX_PL_MonitorLock_Exit failed,0),
+PKIX_ERRORENTRY(MUTEXLOCKFAILED,PKIX_PL_Mutex_Lock failed,0),
+PKIX_ERRORENTRY(NAMECHAININGCHECKERINITIALIZEFAILED,pkix_NameChainingChecker_Initialize failed,0),
+PKIX_ERRORENTRY(NAMECHAININGCHECKFAILED,Name Chaining Check failed,SEC_ERROR_UNKNOWN_ISSUER),
+PKIX_ERRORENTRY(NAMECOMPONENTWITHNOEQ,Name Component with no equal sign,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERINITIALIZEFAILED,pkix_NameConstraintsChecker_Initialize failed,0),
+PKIX_ERRORENTRY(NAMECONSTRAINTSCHECKERSTATECREATEFAILED,pkix_NameConstraintsCheckerState_Create failed,0),
+PKIX_ERRORENTRY(NAMETYPENOTSUPPORTED,name type not supported,0),
+PKIX_ERRORENTRY(NOCONTENTTYPEINHTTPRESPONSE,No content type in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
+PKIX_ERRORENTRY(NODESMISSINGFROMCHAIN,Nodes missing from chain,0),
+PKIX_ERRORENTRY(NOREGISTEREDHTTPCLIENT,No registered Http Client,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(NORESPONSEDATAINHTTPRESPONSE,No responseData in Http Response,SEC_ERROR_BAD_HTTP_RESPONSE),
+PKIX_ERRORENTRY(NOTARGETCERTSUPPLIED,No target cert supplied,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(NOTCONFORMINGCRLDP,Cert CRL DP does not conform to the rfc, 0),
+PKIX_ERRORENTRY(NOTDERPACKAGE,Not a DER package,0),
+PKIX_ERRORENTRY(NOTENOUGHNAMECOMPONENTSINGENERALNAME,Not enough name components in GeneralName,SEC_ERROR_BAD_INFO_ACCESS_LOCATION),
+PKIX_ERRORENTRY(NSSCERTIFICATEUSAGETOPKIXKUANDEKUFAILED,Failed to convert nss certificate usage to pkix ku and eku data structures,0),
+PKIX_ERRORENTRY(NSSCONTEXTCREATEFAILED,PKIX_PL_NssContext_Create failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTDESTROYFAILED,PKIX_PL_NssContext_Destroy failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTGETCHECKALLUSAGESFAILED, pkix_pl_NssContext_GetCheckAllUsages failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTGETRETURNUSAGESFAILED, pkix_pl_NssContext_GetReturnUsages failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTGETWINCXFAILED,pkix_pl_NssContext_GetWincx failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTSETCERTSIGNCHECKFAILED, pkix_pl_NssContext_SetCertSignatureCheck,0),
+PKIX_ERRORENTRY(NSSCONTEXTSETCERTUSAGEFAILED, pkix_pl_NssContext_SetCertUsage failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTSETCHECKALLUSAGESFAILED, pkix_pl_NssContext_SetCheckAllUsages failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTSETRETURNEDCERTUSAGEFAILED, pkix_pl_NssContext_SetReturnedCertUsage,0),
+PKIX_ERRORENTRY(NSSCONTEXTSETRETURNUSAGESFAILED, pkix_pl_NssContext_SetReturnUsages failed,0),
+PKIX_ERRORENTRY(NSSCONTEXTVALIDATINGRESPONDERCERTFAILED,pkix_pl_NssContext_ValidatingResponderCert failed,0),
+PKIX_ERRORENTRY(NSSTRUSTEDLISTISEMPTY,nss trusted roots list is empty,0),
+PKIX_ERRORENTRY(NULLARGUMENT,Null argument,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(NUMBUCKETSEQUALSZERO,NumBuckets equals zero,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(OBJECTALLOCFAILED,PKIX_PL_Object_Alloc failed,0),
+PKIX_ERRORENTRY(OBJECTARGUMENTNOTPOLICYMAP,object argument is not a PolicyMap,0),
+PKIX_ERRORENTRY(OBJECTCOMPARATORFAILED,PKIX_PL_Object_Comparator failed,0),
+PKIX_ERRORENTRY(OBJECTDEFINED,object-defined ,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATECERTFAILED,PKIX_PL_Object_Duplicate Cert failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATECONTEXTFAILED,PKIX_PL_Object_Duplicate Context failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATEDATEFAILED,PKIX_PL_Object_Duplicate Date failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATEFAILED,PKIX_PL_Object_Duplicate failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATEISSUERNAMESFAILED,PKIX_PL_Object_Duplicate IssuerNames failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATELISTFAILED,PKIX_PL_Object_Duplicate List failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATEMAXCRLNUMBERFAILED,PKIX_PL_Object_Duplicate maxCRLNumber failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATEMINCRLNUMBERFAILED,PKIX_PL_Object_Duplicate minCRLNumber failed,0),
+PKIX_ERRORENTRY(OBJECTDUPLICATEPARAMSFAILED,PKIX_PL_Object_Duplicate Params failed,0),
+PKIX_ERRORENTRY(OBJECTEQUALSFAILED,PKIX_PL_Object_Equals failed,0),
+PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONCHILDREN,PKIX_PL_Object_Equals failed on children,0),
+PKIX_ERRORENTRY(OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS,PKIX_PL_Object_Equals failed on expectedPolicySets,0),
+PKIX_ERRORENTRY(OBJECTGETTYPEFAILED,PKIX_PL_Object_GetType failed,0),
+PKIX_ERRORENTRY(OBJECTHASHCODEFAILED,PKIX_PL_Object_Hashcode failed,0),
+PKIX_ERRORENTRY(OBJECTINVALIDATECACHEFAILED,PKIX_PL_Object_InvalidateCache failed,0),
+PKIX_ERRORENTRY(OBJECTISTYPEREGISTEREDFAILED,PKIX_PL_Object_IsTypeRegistered failed,0),
+PKIX_ERRORENTRY(OBJECTLOCKFAILED,PKIX_PL_Object_Lock failed,0),
+PKIX_ERRORENTRY(OBJECTNOTAIAMGR,Object is not a AIAMgr,0),
+PKIX_ERRORENTRY(OBJECTNOTANEKUCHECKERSTATE,Object is not an EKU Checker State,0),
+PKIX_ERRORENTRY(OBJECTNOTANERROR,Object is not an Error,0),
+PKIX_ERRORENTRY(OBJECTNOTANHTTPCERTSTORECONTEXT,Object is not an HttpCertStoreContext,0),
+PKIX_ERRORENTRY(OBJECTNOTANHTTPDEFAULTCLIENT,Object is not an HttpDefaultClient,0),
+PKIX_ERRORENTRY(OBJECTNOTANINFOACCESS,Object is not an InfoAccess,0),
+PKIX_ERRORENTRY(OBJECTNOTANLDAPDEFAULTCLIENT,Object is not an LdapDefaultClient,0),
+PKIX_ERRORENTRY(OBJECTNOTANOCSPRESPONSE,Object is not an OcspResponse,0),
+PKIX_ERRORENTRY(OBJECTNOTANOID,Object is not an OID,0),
+PKIX_ERRORENTRY(OBJECTNOTANSOCKET,Object is not an Socket,0),
+PKIX_ERRORENTRY(OBJECTNOTANX500NAME,Object is not an X500Name,0),
+PKIX_ERRORENTRY(OBJECTNOTBASICCONSTRAINTSCHECKERSTATE,Object is not a basic constraints checker state,0),
+PKIX_ERRORENTRY(OBJECTNOTBIGINT,Object is not a BigInt,0),
+PKIX_ERRORENTRY(OBJECTNOTBUILDPARAMS,Object is not a BuildParams,0),
+PKIX_ERRORENTRY(OBJECTNOTBUILDRESULT,Object is not a BuildResult,0),
+PKIX_ERRORENTRY(OBJECTNOTBYTEARRAY,Object is not a bytearray,0),
+PKIX_ERRORENTRY(OBJECTNOTCERT,Object is not a Cert,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTBASICCONSTRAINTS,Object is not a CertBasicConstraints,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTCHAINCHECKER,Object is not a cert chain checker,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTNAMECONSTRAINTS,Object is not a CertNameConstraints,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYINFO,Object is not a CertPolicyInfo,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYMAP,Object is not a CertPolicyMap,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTPOLICYQUALIFIER,Object is not a CertPolicyQualifier,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTSELECTOR,Object is not a cert selector,0),
+PKIX_ERRORENTRY(OBJECTNOTCERTSTORE,Object is not a CertStore,0),
+PKIX_ERRORENTRY(OBJECTNOTCOLLECTIONCERTSTORECONTEXT,Object is not a CollectionCertStoreContext,0),
+PKIX_ERRORENTRY(OBJECTNOTCOMCERTSELPARAMS,Object is not a comCertSelParams,0),
+PKIX_ERRORENTRY(OBJECTNOTCOMCRLSELPARAMS,Object is not a ComCRLSelParams,0),
+PKIX_ERRORENTRY(OBJECTNOTCRL,Object is not a CRL,0),
+PKIX_ERRORENTRY(OBJECTNOTCRLENTRY,Object is not a CRLEntry,0),
+PKIX_ERRORENTRY(OBJECTNOTCRLSELECTOR,Object is not a CRLSelector,0),
+PKIX_ERRORENTRY(OBJECTNOTDATE,Object is not a Date,0),
+PKIX_ERRORENTRY(OBJECTNOTCRLCHECKER,Object is not a CRLChecker,0),
+PKIX_ERRORENTRY(OBJECTNOTDEFAULTREVOCATIONCHECKER,Object is not a DefaultRevocationChecker,0),
+PKIX_ERRORENTRY(OBJECTNOTFORWARDBUILDERSTATE,Object is not a PKIX_ForwardBuilderState,0),
+PKIX_ERRORENTRY(OBJECTNOTGENERALNAME,Object is not a GeneralName,0),
+PKIX_ERRORENTRY(OBJECTNOTHASHTABLE,Object is not a hashtable,0),
+PKIX_ERRORENTRY(OBJECTNOTINFOACCESS,Object is not a InfoAccess,0),
+PKIX_ERRORENTRY(OBJECTNOTLDAPREQUEST,Object is not a LdapRequest,0),
+PKIX_ERRORENTRY(OBJECTNOTLDAPRESPONSE,Object is not a LdapResponse,0),
+PKIX_ERRORENTRY(OBJECTNOTLIST,Object is not a list,0),
+PKIX_ERRORENTRY(OBJECTNOTLOGGER,Object is not a Logger,0),
+PKIX_ERRORENTRY(OBJECTNOTMONITORLOCK,Object is not a MonitorLock,0),
+PKIX_ERRORENTRY(OBJECTNOTMUTEX,Object is not a Mutex,0),
+PKIX_ERRORENTRY(OBJECTNOTNAMECONSTRAINTSCHECKERSTATE,Object is not a name constraints checker state,0),
+PKIX_ERRORENTRY(OBJECTNOTOCSPCERTID,Object is not an OcspCertID,0),
+PKIX_ERRORENTRY(OBJECTNOTOCSPCHECKER,Object is not an OCSPChecker,0),
+PKIX_ERRORENTRY(OBJECTNOTOCSPREQUEST,Object is not an OcspRequest,0),
+PKIX_ERRORENTRY(OBJECTNOTPOLICYCHECKERSTATE,Object is not a PKIX_PolicyCheckerState,0),
+PKIX_ERRORENTRY(OBJECTNOTPOLICYNODE,Object is not a PolicyNode,0),
+PKIX_ERRORENTRY(OBJECTNOTPROCESSINGPARAMS,Object is not a ProcessingParams,0),
+PKIX_ERRORENTRY(OBJECTNOTPUBLICKEY,Object is not a PublicKey,0),
+PKIX_ERRORENTRY(OBJECTNOTRESOURCELIMITS,Object is not a ResourceLimits,0),
+PKIX_ERRORENTRY(OBJECTNOTREVOCATIONCHECKER,Object is not a revocation checker,0),
+PKIX_ERRORENTRY(OBJECTNOTRWLOCK,Object is not a RWLock,0),
+PKIX_ERRORENTRY(OBJECTNOTSIGNATURECHECKERSTATE,Object is not a signature checker state,0),
+PKIX_ERRORENTRY(OBJECTNOTSOCKET,Object is not a Socket,0),
+PKIX_ERRORENTRY(OBJECTNOTSTRING,Object is not a string,0),
+PKIX_ERRORENTRY(OBJECTNOTTARGETCERTCHECKERSTATE,Object is not a target cert checker state,0),
+PKIX_ERRORENTRY(OBJECTNOTTRUSTANCHOR,Object is not a trustAnchor,0),
+PKIX_ERRORENTRY(OBJECTNOTVALIDATEPARAMS,Object is not a ValidateParams,0),
+PKIX_ERRORENTRY(OBJECTNOTVALIDATERESULT,Object is not a ValidateResult,0),
+PKIX_ERRORENTRY(OBJECTNOTVERIFYNODE,Object is not a VerifyNode,0),
+PKIX_ERRORENTRY(OBJECTREGISTERTYPEFAILED,PKIX_PL_Object_RegisterType failed,0),
+PKIX_ERRORENTRY(OBJECTRETRIEVEEQUALSCALLBACKFAILED,pkix_pl_Object_RetrieveEqualsCallback failed,0),
+PKIX_ERRORENTRY(OBJECTSPECIFICFUNCTIONFAILED,object-specific function failed,0),
+PKIX_ERRORENTRY(OBJECTSTILLREFERENCED,Object is still referenced,0),
+PKIX_ERRORENTRY(OBJECTTOSTRINGFAILED,PKIX_PL_Object_ToString failed,0),
+PKIX_ERRORENTRY(OBJECTTYPESDONOTMATCH,Object types do not match,0),
+PKIX_ERRORENTRY(OBJECTWITHNONPOSITIVEREFERENCES,Object with non-positive references,0),
+PKIX_ERRORENTRY(OCSPCERTIDCREATEFAILED,PKIX_PL_OcspCertID_Create failed,0),
+PKIX_ERRORENTRY(OCSPCERTIDGETFRESHCACHESTATUSFAILED,PKIX_PL_OcspCertID_GetFreshCacheStatus returned an error,0),
+PKIX_ERRORENTRY(OCSPCERTIDREMEMBEROCSPFAILUREDFAILED,PKIX_PL_OcspCertID_RememberOCSPProcessingFailure,0),
+PKIX_ERRORENTRY(OCSPCHECKERCREATEFAILED,PKIX_OcspChecker_Create failed,0),
+PKIX_ERRORENTRY(OCSPBADHTTPRESPONSE,Bad Http Response,SEC_ERROR_OCSP_BAD_HTTP_RESPONSE),
+PKIX_ERRORENTRY(OCSPREQUESTCREATEFAILED,PKIX_PL_OcspRequest_Create failed,0),
+PKIX_ERRORENTRY(OCSPREQUESTGETCERTIDFAILED,pkix_pl_OcspRequest_GetCertID failed,0),
+PKIX_ERRORENTRY(OCSPREQUESTGETENCODEDFAILED,pkix_pl_OcspRequest_GetEncoded failed,0),
+PKIX_ERRORENTRY(OCSPREQUESTGETLOCATIONFAILED,pkix_pl_OcspRequest_GetLocation failed,0),
+PKIX_ERRORENTRY(OCSPRESPONSECREATEFAILED,pkix_pl_OcspResponse_Create failed,0),
+PKIX_ERRORENTRY(OCSPRESPONSEDECODEFAILED,pkix_pl_OcspResponse_Decode failed,0),
+PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSFORCERTFAILED,pkix_pl_OcspResponse_GetStatusForCert failed,0),
+PKIX_ERRORENTRY(OCSPRESPONSEGETSTATUSRETURNEDANERROR,pkix_pl_OcspResponse_GetStatus returned an error,0),
+PKIX_ERRORENTRY(OCSPRESPONSESAYSCERTREVOKED,OCSP response says Cert revoked,SEC_ERROR_REVOKED_CERTIFICATE_OCSP),
+PKIX_ERRORENTRY(OCSPRESPONSEVERIFYSIGNATUREFAILED,pkix_pl_OcspResponse_VerifySignature failed,0),
+PKIX_ERRORENTRY(OCSPSERVERERROR,OCSP Server Error,SEC_ERROR_OCSP_SERVER_ERROR),
+PKIX_ERRORENTRY(OIDBYTES2ASCIIDATALENGTHZERO,pkix_pl_oidBytes2Ascii: data length is zero,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(OIDBYTES2ASCIIFAILED,pkix_pl_oidBytes2Ascii failed,0),
+PKIX_ERRORENTRY(OIDBYTESLENGTH0,Oid bytes length is 0,0),
+PKIX_ERRORENTRY(OIDCOMPARATORFAILED,pkix_pl_OID_Comparator failed,0),
+PKIX_ERRORENTRY(OIDCOMPONENTTOOBIG,Overflow error: OID component > 2^32,0),
+PKIX_ERRORENTRY(OIDCREATEFAILED,PKIX_PL_OID_Create failed,0),
+PKIX_ERRORENTRY(OIDEQUALFAILED,PKIX_PL_OID_Equal failed,0),
+PKIX_ERRORENTRY(OIDEQUALSFAILED,PKIX_PL_OID_Equals failed,0),
+PKIX_ERRORENTRY(OIDGETNEXTTOKENFAILED,pkix_pl_OID_GetNextToken failed,0),
+PKIX_ERRORENTRY(OIDHASHCODEFAILED,PKIX_PL_OID_Hashcode failed,0),
+PKIX_ERRORENTRY(OIDLENGTHTOOSHORT,OID length too short,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(OIDNEEDS2ORMOREFIELDS,OID needs 2 or more fields,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(OIDTOSTRINGFAILED,PKIX_PL_OID_ToString failed,0),
+PKIX_ERRORENTRY(OPERATIONNOTPERMITTEDONIMMUTABLELIST,Operation not permitted on Immutable List,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(OTHERNAMECREATEFAILED,pkix_pl_OtherName_Create failed,0),
+PKIX_ERRORENTRY(OUTOFMEMORY,Out of Memory,0),
+PKIX_ERRORENTRY(PATHLENCONSTRAINTINVALID,Certificate path length constraint is invalid,SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID),
+PKIX_ERRORENTRY(PK11CERTSTORECERTQUERYFAILED,pkix_pl_Pk11CertStore_CertQuery failed,0),
+PKIX_ERRORENTRY(PK11CERTSTORECREATEFAILED,PKIX_PL_Pk11CertStore_Create failed,0),
+PKIX_ERRORENTRY(PK11CERTSTORECRLQUERYFAILED,pkix_pl_Pk11CertStore_CrlQuery failed,0),
+PKIX_ERRORENTRY(PKIXUNKNOWNERROR,PKIX uninitialized error code,0),
+PKIX_ERRORENTRY(POLICYCHECKERCALCULATEINTERSECTIONFAILED,pkix_PolicyChecker_CalculateIntersection failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERCHECKANYFAILED,pkix_PolicyChecker_CheckAny failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERCHECKPOLICYRECURSIVEFAILED,pkix_PolicyChecker_CheckPolicyRecursive failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERERROR,PolicyChecker Error,0),
+PKIX_ERRORENTRY(POLICYCHECKERINITIALIZEFAILED,pkix_PolicyChecker_Initialize failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERMAKEMUTABLECOPYFAILED,pkix_PolicyChecker_MakeMutableCopy failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERMAKESINGLETONFAILED,pkix_PolicyChecker_MakeSingleton failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERMAPCONTAINSFAILED,pkix_PolicyChecker_MapContains failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED,pkix_PolicyChecker_MapGetMappedPolicies failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED,pkix_PolicyChecker_MapGetSubjectDomainPolicies failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERSPAWNFAILED,pkix_PolicyChecker_Spawn failed,0),
+PKIX_ERRORENTRY(POLICYCHECKERSTATECREATEFAILED,PKIX_PolicyCheckerState_Create failed,0),
+PKIX_ERRORENTRY(POLICYNODEADDTOPARENTFAILED,pkix_PolicyNode_AddToParent failed,0),
+PKIX_ERRORENTRY(POLICYNODECREATEFAILED,pkix_PolicyNode_Create failed,0),
+PKIX_ERRORENTRY(POLICYNODEDUPLICATEHELPERFAILED,pkix_PolicyNode_DuplicateHelper failed,0),
+PKIX_ERRORENTRY(POLICYNODEGETCHILDRENMUTABLEFAILED,pkix_PolicyNode_GetChildrenMutable failed,0),
+PKIX_ERRORENTRY(POLICYNODEGETDEPTHFAILED,PKIX_PolicyNode_GetDepth failed,0),
+PKIX_ERRORENTRY(POLICYNODEGETEXPECTEDPOLICIESFAILED,PKIX_PolicyNode_GetExpectedPolicies failed,0),
+PKIX_ERRORENTRY(POLICYNODEGETPARENTFAILED,PKIX_PolicyNode_GetParent failed,0),
+PKIX_ERRORENTRY(POLICYNODEGETPOLICYQUALIFIERSFAILED,PKIX_PolicyNode_GetPolicyQualifiers failed,0),
+PKIX_ERRORENTRY(POLICYNODEGETVALIDPOLICYFAILED,PKIX_PolicyNode_GetValidPolicy failed,0),
+PKIX_ERRORENTRY(POLICYNODEISCRITICALFAILED,PKIX_PolicyNode_IsCritical failed,0),
+PKIX_ERRORENTRY(POLICYNODEPRUNEFAILED,pkix_PolicyNode_Prune failed,0),
+PKIX_ERRORENTRY(POLICYTREETOOIDSFAILED,Failed to convert policy tree to oid,0),
+PKIX_ERRORENTRY(PORTARENAALLOCFAILED,PORT Arena Allocation failed, 0),
+PKIX_ERRORENTRY(PORTUCS2UTF8CONVERSIONFAILED,PORT_UCS2_UTF8Conversion failed.,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(PRACCEPTFAILED,PR_Accept failed,0),
+PKIX_ERRORENTRY(PRBINDFAILED,PR_Bind failed,0),
+PKIX_ERRORENTRY(PRCONNECTCONTINUEFAILED,PR_ConnectContinue failed,0),
+PKIX_ERRORENTRY(PRCONNECTFAILED,PR_Connect failed,0),
+PKIX_ERRORENTRY(PRECONDITIONFAILED,Function precondition failed,SEC_ERROR_LIBPKIX_INTERNAL),
+PKIX_ERRORENTRY(PRENUMERATEHOSTENTFAILED,PR_EnumerateHostEnt failed.,0),
+PKIX_ERRORENTRY(PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT,PR_GetHostByName rejects hostname argument.,0),
+PKIX_ERRORENTRY(PRIMHASHTABLEADDFAILED,pkix_pl_PrimHashTable_Add failed,0),
+PKIX_ERRORENTRY(PRIMHASHTABLECREATEFAILED,pkix_pl_PrimHashTable_Create failed,0),
+PKIX_ERRORENTRY(PRIMHASHTABLEDESTROYFAILED,pkix_pl_PrimHashTable_Destroy failed,0),
+PKIX_ERRORENTRY(PRIMHASHTABLEGETBUCKETSIZEFAILED,pkix_pl_PrimHashTable_GetBucketSize failed,0),
+PKIX_ERRORENTRY(PRIMHASHTABLELOOKUPFAILED,pkix_pl_PrimHashTable_Lookup failed,0),
+PKIX_ERRORENTRY(PRIMHASHTABLEREMOVEFAILED,pkix_pl_PrimHashTable_Remove failed,0),
+PKIX_ERRORENTRY(PRLISTENFAILED,PR_Listen failed,0),
+PKIX_ERRORENTRY(PRNEWTCPSOCKETFAILED,PR_NewTCPSocket failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTCHAINCHECKERFAILED,PKIX_ProcessingParams_AddCertChainChecker failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSADDCERTSTOREFAILED,PKIX_ProcessingParams_AddCertStore failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSADDREVMETHODFAILED,PKIX_ProcessingParams_AddRevocationMethod failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSCREATEFAILED,PKIX_ProcessingParams_Create failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED,PKIX_ProcessingParams_GetCertChainCheckers failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETCERTSTORESFAILED,PKIX_ProcessingParams_GetCertStores failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETDATEFAILED,PKIX_ProcessingParams_GetDate failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETHINTCERTSFAILED,PKIX_ProcessingParams_GetHintCerts failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETINITIALPOLICIESFAILED,PKIX_ProcessingParams_GetInitialPolicies failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETNISTREVPOLICYENABLEDFAILED,pkix_ProcessingParams_GetNISTRevocationPolicyEnabled failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED,PKIX_ProcessingParams_GetPolicyQualifiersRejected failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETRESOURCELIMITSFAILED,PKIX_ProcessingParams_GetResourceLimits failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_GetRevocationChecker failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_GetRevocationEnabled failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_GetTargetCertConstraints failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSGETTRUSTANCHORSFAILED,PKIX_ProcessingParams_GetTrustAnchors failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED,PKIX_ProcessingParams_IsAnyPolicyInhibited failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED,PKIX_ProcessingParams_IsExplicitPolicyRequired failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED,PKIX_ProcessingParams_IsPolicyMappingInhibited failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETANYPOLICYINHIBITED,PKIX_ProcessingParams_SetAnyPolicyInhibited failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETCERTSTORESFAILED,PKIX_ProcessingParams_SetCertStores failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETDATEFAILED,PKIX_ProcessingParams_SetDate failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETEXPLICITPOLICYREQUIRED,PKIX_ProcessingParams_SetExplicitPolicyRequired failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETHINTCERTSFAILED,PKIX_ProcessingParams_SetHintCerts failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETINITIALPOLICIESFAILED,PKIX_ProcessingParams_SetInitialPolicies failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETNISTREVOCATIONENABLEDFAILED,PKIX_ProcessingParams_SetNISTRevocationEnabled failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETPOLICYMAPPINGINHIBITED,PKIX_ProcessingParams_SetPolicyMappingInhibited failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETREVOCATIONCHECKERFAILED,PKIX_ProcessingParams_SetRevocationChecker failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED,PKIX_ProcessingParams_SetTargetCertConstraints failed,0),
+PKIX_ERRORENTRY(PROCESSINGPARAMSSETQUALIFYTARGETCERTFLAGFAILED,ProcessingParams_SetQualifyTargetCertFlag failed,0),
+PKIX_ERRORENTRY(PRPOLLFAILED,PR_Poll failed,0),
+PKIX_ERRORENTRY(PRPOLLRETBADFILENUM,PR_Poll failed,0),
+PKIX_ERRORENTRY(PRRECVFAILED,PR_Recv failed,0),
+PKIX_ERRORENTRY(PRRECVREPORTSNETWORKCONNECTIONCLOSED,PR_Recv reports network connection is closed,0),
+PKIX_ERRORENTRY(PRSENDFAILED,PR_Send failed,0),
+PKIX_ERRORENTRY(PRSHUTDOWNFAILED,PR_Shutdown failed,0),
+PKIX_ERRORENTRY(PRSMPRINTFFAILED,PR_smprintf failed,0),
+PKIX_ERRORENTRY(PRSNPRINTFFAILED,PR_snprintf failed,0),
+PKIX_ERRORENTRY(PUBKEYTYPENULLKEY,pubKeyType is nullKey,0),
+PKIX_ERRORENTRY(PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED,PKIX_PL_PublicKey_MakeInheritedDSAPublicKey failed,0),
+PKIX_ERRORENTRY(PUBLICKEYNEEDSDSAPARAMETERSFAILED,PKIX_PL_PublicKey_NeedsDSAParameters failed,0),
+PKIX_ERRORENTRY(PUBLICKEYTOSTRINGFAILED,PKIX_PL_PublicKey_ToString failed,0),
+PKIX_ERRORENTRY(PUBLICKEYTOSTRINGHELPERFAILED,pkix_pl_PublicKey_ToString_Helper failed,0),
+PKIX_ERRORENTRY(QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION,Qualifiers in critical Certificate Policy extension,0),
+PKIX_ERRORENTRY(REALLOCFAILED,PKIX_PL_Realloc failed,0),
+PKIX_ERRORENTRY(RECEIVEDCORRUPTEDOBJECTARGUMENT,Received corrupted object argument,0),
+PKIX_ERRORENTRY(REGISTERCERTSTOREFAILED,RegisterCertStores failed,0),
+PKIX_ERRORENTRY(REMOVEDUPUNTRUSTEDCERTSFAILED, pkix_Build_RemoveDupUntrustedCerts failed,0),
+PKIX_ERRORENTRY(REQUESTNOTANHTTPDEFAULTCLIENT,request is not an HttpDefaultClient,0),
+PKIX_ERRORENTRY(RESOURCELIMITSGETMAXDEPTHFAILED,PKIX_ResourceLimits_GetMaxDepth failed,0),
+PKIX_ERRORENTRY(RESOURCELIMITSGETMAXFANOUTFAILED,PKIX_ResourceLimits_GetMaxFanout failed,0),
+PKIX_ERRORENTRY(RESOURCELIMITSGETMAXTIMEFAILED,PKIX_ResourceLimits_GetMaxTime failed,0),
+PKIX_ERRORENTRY(RETRIEVEOUTPUTSFAILED,pkix_RetrieveOutputs failed,0),
+PKIX_ERRORENTRY(REVCHECKCERTFAILED,pkix_RevCheckCert failed,0),
+PKIX_ERRORENTRY(REVCHECKERCHECKFAILED,revCheckerCheck failed,0),
+PKIX_ERRORENTRY(REVOCATIONCHECKERADDMETHODFAILED,Can not add revocation method,0),
+PKIX_ERRORENTRY(REVOCATIONCHECKERCREATEFAILED,PKIX_RevocationChecker_Create failed,0),
+PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCALLBACKFAILED,PKIX_RevocationChecker_GetRevCallback failed,0),
+PKIX_ERRORENTRY(REVOCATIONCHECKERGETREVCHECKERCONTEXTFAILED,PKIX_RevocationChecker_GetRevCheckerContext failed,0),
+PKIX_ERRORENTRY(REVOCATIONCHECKERWASNOTSET,Revocation chekcer was not set,0),
+PKIX_ERRORENTRY(REVOKEDBYUNKNOWNCRLREASONCODE,Revoked by Unknown CRL ReasonCode,0),
+PKIX_ERRORENTRY(SEARCHRESPONSEPACKETOFUNKNOWNTYPE,SearchResponse packet of unknown type,SEC_ERROR_BAD_LDAP_RESPONSE),
+PKIX_ERRORENTRY(SECASN1ENCODEITEMFAILED,SEC_ASN1EncodeItem failed,SEC_ERROR_FAILED_TO_ENCODE_DATA),
+PKIX_ERRORENTRY(SECERRORUNKNOWNISSUER,Nss legacy err code: build failed. Issuer is unknown.,SEC_ERROR_UNKNOWN_ISSUER),
+PKIX_ERRORENTRY(SECKEYCOPYSUBJECTPUBLICKEYINFOFAILED,SECKEY_CopySubjectPublicKeyInfo failed,0),
+PKIX_ERRORENTRY(SECKEYEXTRACTPUBLICKEYFAILED,SECKEY_ExtractPublicKey failed,0),
+PKIX_ERRORENTRY(SECOIDCOPYALGORITHMIDFAILED,SECOID_CopyAlgorithmID failed,0),
+PKIX_ERRORENTRY(SECOIDFINDOIDTAGDESCRIPTIONFAILED,SECOID_FindOIDTag Description failed,0),
+PKIX_ERRORENTRY(SECONDFIELDMUSTBEBETWEEN039,Second field must be between 0-39,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(SECONDKEYDSAPUBLICKEY,Second key is a DSA public key but has null parameters,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(SECONDKEYNOTDSAPUBLICKEY,Second key is not a DSA public key,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(SECONDPUBKEYTYPENULLKEY,secondPubKeyType is nullKey,0),
+PKIX_ERRORENTRY(SECQUICKDERDECODERFAILED,SEC_QuickDERDecodeItem failed,0),
+PKIX_ERRORENTRY(SECREADPKCS7CERTSFAILED,SEC_ReadPKCS7Certs failed,0),
+PKIX_ERRORENTRY(SELECTORMATCHFAILED,selectorMatch failed,0),
+PKIX_ERRORENTRY(SESSIONNOTANHTTPDEFAULTCLIENT,session is not an HttpDefaultClient,0),
+PKIX_ERRORENTRY(SETPOLICIESFAILED,Fail to set cert validation policies,0),
+PKIX_ERRORENTRY(SHUTDOWNFAILED,PKIX_PL_Shutdown failed,0),
+PKIX_ERRORENTRY(SIGNATURECHECKERINITIALIZEFAILED,pkix_SignatureChecker_Initialize failed,0),
+PKIX_ERRORENTRY(SIGNATURECHECKERSTATECREATEFAILED,pkix_SignatureCheckerState_Create failed,0),
+PKIX_ERRORENTRY(SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY,Signature did not verify with the public key,0),
+PKIX_ERRORENTRY(SINGLEPOLICYNODEEQUALSFAILED,PKIX_PL_SinglePolicyNode_Equals failed,0),
+PKIX_ERRORENTRY(SINGLEPOLICYNODEHASHCODEFAILED,pkix_SinglePolicyNode_Hashcode failed,0),
+PKIX_ERRORENTRY(SINGLEPOLICYNODETOSTRINGFAILED,pkix_SinglePolicyNode_ToString failed,0),
+PKIX_ERRORENTRY(SINGLEVERIFYNODEEQUALSFAILED,PKIX_PL_SingleVerifyNode_Equals failed,0),
+PKIX_ERRORENTRY(SINGLEVERIFYNODEHASHCODEFAILED,pkix_SingleVerifyNode_Hashcode failed,0),
+PKIX_ERRORENTRY(SOCKETCONNECTCONTINUEFAILED,pkix_pl_Socket_ConnectContinue failed,0),
+PKIX_ERRORENTRY(SOCKETCONNECTFAILED,pkix_pl_Socket_Connect failed,0),
+PKIX_ERRORENTRY(SOCKETCREATEBYHOSTANDPORTFAILED,pkix_pl_Socket_CreateByHostAndPort failed,0),
+PKIX_ERRORENTRY(SOCKETCREATEBYNAMEFAILED,pkix_pl_Socket_CreateByName failed,0),
+PKIX_ERRORENTRY(SOCKETCREATECLIENTFAILED,pkix_pl_Socket_CreateClient failed,0),
+PKIX_ERRORENTRY(SOCKETCREATEFAILED,pkix_pl_Socket_Create failed,0),
+PKIX_ERRORENTRY(SOCKETCREATESERVERFAILED,pkix_pl_Socket_CreateServer failed,0),
+PKIX_ERRORENTRY(SOCKETEQUALSFAILED,PKIX_PL_Socket_Equals failed,0),
+PKIX_ERRORENTRY(SOCKETGETCALLBACKLISTFAILED,pkix_pl_Socket_GetCallbackList failed,0),
+PKIX_ERRORENTRY(SOCKETGETPRFILEDESCFAILED,pkix_pl_Socket_GetPRFileDesc failed,0),
+PKIX_ERRORENTRY(SOCKETHASHCODEFAILED,PKIX_PL_Socket_Hashcode failed,0),
+PKIX_ERRORENTRY(SOCKETPOLLFAILED,pkix_pl_Socket_Poll failed,0),
+PKIX_ERRORENTRY(SOCKETRECVFAILED,pkix_pl_Socket_Recv failed,0),
+PKIX_ERRORENTRY(SOCKETSENDFAILED,pkix_pl_Socket_Send failed,0),
+PKIX_ERRORENTRY(SOCKETSETNONBLOCKINGFAILED,pkix_pl_Socket_SetNonBlocking failed,0),
+PKIX_ERRORENTRY(SOURCESTRINGHASINVALIDLENGTH,Source string has invalid length,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(SPRINTFFAILED,PKIX_PL_Sprintf failed,0),
+PKIX_ERRORENTRY(STRINGCOMPARATORFAILED,pkix_pl_String_Comparator failed,0),
+PKIX_ERRORENTRY(STRINGCREATEFAILED,PKIX_PL_String_Create failed,0),
+PKIX_ERRORENTRY(STRINGEQUALSFAILED,pkix_pl_String_Equals failed,0),
+PKIX_ERRORENTRY(STRINGGETENCODEDFAILED,PKIX_PL_String_GetEncoded failed,0),
+PKIX_ERRORENTRY(STRINGHASHCODEFAILED,pkix_pl_String_Hashcode failed,0),
+PKIX_ERRORENTRY(SUBJALTNAMECHECKFAILED,Validation failed: SubjAltNamecheck failed,0),
+PKIX_ERRORENTRY(TARGETCERTCHECKERINITIALIZEFAILED,pkix_TargetCertChecker_Initialize failed,0),
+PKIX_ERRORENTRY(TARGETCERTCHECKERSTATECREATEFAILED,pkix_TargetCertCheckerState_Create failed,0),
+PKIX_ERRORENTRY(TESTANOTHERERRORMESSAGE, Another Error Message,0),
+PKIX_ERRORENTRY(TESTERRORMESSAGE, Error Message,0),
+PKIX_ERRORENTRY(TESTNOMATCHINGPOLICY, No Matching Policy,0),
+PKIX_ERRORENTRY(TESTNOTANERRORCRLSELECTMISMATCH, Not an error CRL Select mismatch,0),
+PKIX_ERRORENTRY(TESTPOLICYEXTWITHNOPOLICYQUALIFIERS, Policies extension but no Policy Qualifiers,0),
+PKIX_ERRORENTRY(TIMECONSUMEDEXCEEDSRESOURCELIMITS,Time consumed exceeds Resource Limits,SEC_ERROR_OUT_OF_SEARCH_LIMITS),
+PKIX_ERRORENTRY(TOOLITTLEDATAINDERSEQUENCE,Too little data in DER Sequence,0),
+PKIX_ERRORENTRY(TOOMUCHDATAINDERSEQUENCE,Too much data in DER Sequence,0),
+PKIX_ERRORENTRY(TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED,ToString for this GeneralName type not supported,0),
+PKIX_ERRORENTRY(TRUNCATEDUNICODEINESCAPEDASCII,Truncated Unicode in EscapedASCII,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(TRUSTANCHORCREATEWITHCERTFAILED,PKIX_TrustAnchor_CreateWithCert failed,0),
+PKIX_ERRORENTRY(TRUSTANCHORGETCANAMEFAILED,PKIX_TrustAnchor_GetCAName failed,0),
+PKIX_ERRORENTRY(TRUSTANCHORGETCAPUBLICKEYFAILED,PKIX_TrustAnchor_GetCAPublicKey failed,0),
+PKIX_ERRORENTRY(TRUSTANCHORGETNAMECONSTRAINTSFAILED,PKIX_TrustAnchor_GetNameConstraints failed,0),
+PKIX_ERRORENTRY(TRUSTANCHORGETTRUSTEDCERTFAILED,PKIX_TrustAnchor_GetTrustedCert failed,0),
+PKIX_ERRORENTRY(TRUSTANCHORTOCERTFAILED,Fail to convert trust anchor to cert,0),
+PKIX_ERRORENTRY(TYPEALREADYREGISTERED,Type is already registered,0),
+PKIX_ERRORENTRY(UNABLETOADDACCEPTABLERESPONSESTOREQUEST,Unable to add acceptableResponses to request,0),
+PKIX_ERRORENTRY(UNABLETOADDCERTTOCERTLIST,Unable to add Cert to CertList,0),
+PKIX_ERRORENTRY(UNABLETOBUILDCHAIN,Unable to build chain,0),
+PKIX_ERRORENTRY(UNABLETOCREATECERTOCSPREQUEST,Unable to create a CertOCSPRequest,0),
+PKIX_ERRORENTRY(UNABLETOCREATECRLSTRING,Unable to create crlString,0),
+PKIX_ERRORENTRY(UNABLETOCREATEGENERALNAMEOFTHISTYPE,Unable to create GeneralName of this type,0),
+PKIX_ERRORENTRY(UNABLETOCREATEISSUER,Unable to create Issuer,0),
+PKIX_ERRORENTRY(UNABLETOCREATELIST,Unable to create list,0),
+PKIX_ERRORENTRY(UNABLETOCREATENEWCERTLIST,Unable to create a new CertList,0),
+PKIX_ERRORENTRY(UNABLETOCREATEPSTRING,Unable to create pString,0),
+PKIX_ERRORENTRY(UNABLETOFINDSTATUSINOCSPRESPONSE,Unable to find status in OCSP response,SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS),
+PKIX_ERRORENTRY(UNABLETOMAKELISTIMMUTABLE,Unable to make list immutable,0),
+PKIX_ERRORENTRY(UNABLETOOPENCERTFILE,Unable to open cert file,0),
+PKIX_ERRORENTRY(UNABLETOOPENCRLFILE,Unable to open crl file,0),
+PKIX_ERRORENTRY(UNABLETOPARSEOCSPRESPONSE,Unable to parse OCSP response,SEC_ERROR_OCSP_MALFORMED_RESPONSE),
+PKIX_ERRORENTRY(UNABLETOREADDERFROMCERTFILE,Unable to read DER from cert file,0),
+PKIX_ERRORENTRY(UNABLETOREADDERFROMCRLFILE,Unable to read DER from crl file,0),
+PKIX_ERRORENTRY(UNABLETOSETSOCKETTONONBLOCKING,Unable to set socket to non-blocking I/O,0),
+PKIX_ERRORENTRY(UNDEFINEDCALLBACK,Undefined callback,0),
+PKIX_ERRORENTRY(UNDEFINEDCLASSTABLEENTRY,Undefined class table entry,0),
+PKIX_ERRORENTRY(UNDEFINEDCOMPARATOR,Undefined Comparator,0),
+PKIX_ERRORENTRY(UNDEFINEDDUPLICATEFUNCTION,Undefined Duplicate function,0),
+PKIX_ERRORENTRY(UNDEFINEDEQUALSCALLBACK,Undefined equals callback,0),
+PKIX_ERRORENTRY(UNEXPECTEDERRORINESTABLISHINGCONNECTION,Unexpected error in establishing connection,0),
+PKIX_ERRORENTRY(UNEXPECTEDRESULTCODEINRESPONSE,Unexpected result code in Response,SEC_ERROR_BAD_LDAP_RESPONSE),
+PKIX_ERRORENTRY(UNKNOWNFORMAT,Unknown format,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(UNKNOWNINFOACCESSMETHOD,Unknown InfoAccess method,SEC_ERROR_BAD_INFO_ACCESS_METHOD),
+PKIX_ERRORENTRY(UNKNOWNOBJECTOID,Unknown object OID,0),
+PKIX_ERRORENTRY(UNKNOWNOBJECTTYPE,Unknown object type,0),
+PKIX_ERRORENTRY(UNKNOWNTYPEARGUMENT,Unknown type argument,0),
+PKIX_ERRORENTRY(UNLOCKOBJECTFAILED,pkix_UnlockObject failed,0),
+PKIX_ERRORENTRY(UNRECOGNIZEDCRITICALEXTENSION,Unrecognized Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION),
+PKIX_ERRORENTRY(UNRECOGNIZEDCRLENTRYCRITICALEXTENSION,Unrecognized CRLEntry Critical Extension,SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION),
+PKIX_ERRORENTRY(UNRECOGNIZEDPROTOCOLREQUESTED,Unrecognized protocol requested,0),
+PKIX_ERRORENTRY(UNRECOGNIZEDREQUESTMETHOD,Unrecognized request method,0),
+PKIX_ERRORENTRY(UNRECOGNIZEDTIMETYPE,Unrecognized time type,0),
+PKIX_ERRORENTRY(UNSUPPORTEDCRLDPTYPE,CrlDp type is not supported,0),
+PKIX_ERRORENTRY(UNSUPPORTEDVERSIONOFHTTPCLIENT,Unsupported version of Http Client,0),
+PKIX_ERRORENTRY(UNSUPPORTEDCERTUSAGE,Specified certificate usage is unsupported,SEC_ERROR_CERT_USAGES_INVALID),
+PKIX_ERRORENTRY(URLPARSINGFAILED,URL Parsing failed,0),
+PKIX_ERRORENTRY(USERCHECKERCHECKFAILED,userCheckerCheck failed,0),
+PKIX_ERRORENTRY(UTF16ALIGNMENTERROR,UTF16 Alignment Error,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(UTF16HIGHZONEALIGNMENTERROR,UTF16 High Zone Alignment Error,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(UTF16LOWZONEERROR,UTF16 Low Zone Error,SEC_ERROR_INVALID_ARGS),
+PKIX_ERRORENTRY(UTF16TOESCASCIIFAILED,pkix_UTF16_to_EscASCII failed,0),
+PKIX_ERRORENTRY(UTF16TOUTF8FAILED,pkix_UTF16_to_UTF8 failed,0),
+PKIX_ERRORENTRY(UTF8TOUTF16FAILED,pkix_UTF8_to_UTF16 failed,0),
+PKIX_ERRORENTRY(VALIDATEBUILDUSEROIDSFAILED,pkix_Validate_BuildUserOIDs failed,0),
+PKIX_ERRORENTRY(VALIDATECERTCHAINFAILED,Failed to validate cert chain,0),
+PKIX_ERRORENTRY(VALIDATECHAINFAILED,PKIX_ValidateChain failed,0),
+PKIX_ERRORENTRY(VALIDATEPARAMSGETCERTCHAINFAILED,PKIX_ValidateParams_GetCertChain failed,0),
+PKIX_ERRORENTRY(VALIDATEPARAMSGETPROCESSINGPARAMSFAILED,PKIX_ValidateParams_GetProcessingParams failed,0),
+PKIX_ERRORENTRY(VALIDATERESULTCREATEFAILED,pkix_ValidateResult_Create failed,0),
+PKIX_ERRORENTRY(VALIDATERESULTGETPOLICYTREEFAILED,PKIX_ValidateResult_GetPolicyTree failed,0),
+PKIX_ERRORENTRY(VALIDATERESULTGETTRUSTANCHORFAILED,PKIX_ValidateResult_GetTrustAnchor failed,0),
+PKIX_ERRORENTRY(VALIDATIONFAILEDCERTSIGNATURECHECKING,Validation failed: Cert Signature checking,0),
+PKIX_ERRORENTRY(VALIDATIONFAILEDNULLCERTPOINTER,Validation failed: NULL Cert pointer,0),
+PKIX_ERRORENTRY(VALIDATIONFAILEDPATHTONAMECHECKFAILED,Validation failed: PathToName check failed,SEC_ERROR_CERT_NOT_IN_NAME_SPACE),
+PKIX_ERRORENTRY(VALUEINESCAPEDASCII,value in EscapedASCII,0),
+PKIX_ERRORENTRY(VERIFYNODEADDTOCHAINFAILED,pkix_VerifyNode_AddToChain failed,0),
+PKIX_ERRORENTRY(VERIFYNODEADDTOTREEFAILED,pkix_VerifyNode_AddToTree failed,0),
+PKIX_ERRORENTRY(VERIFYNODECREATEFAILED,pkix_VerifyNode_Create failed,0),
+PKIX_ERRORENTRY(VERIFYNODEDUPLICATEHELPERFAILED,pkix_VerifyNode_DuplicateHelper failed,0),
+PKIX_ERRORENTRY(VERIFYNODEFINDERRORFAILED,pkix_VerifyNode_FindError failed,0),
+PKIX_ERRORENTRY(VERIFYNODESETDEPTHFAILED,pkix_VerifyNode_SetDepth failed,0),
+PKIX_ERRORENTRY(VERIFYNODESETERRORFAILED,pkix_VerifyNode_SetError failed,0),
+PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1ORV2,Version value must be V1(0) or V2(1),SEC_ERROR_CRL_INVALID),
+PKIX_ERRORENTRY(VERSIONVALUEMUSTBEV1V2ORV3,Version value must be v1(0) v2(1) or v3(2),SEC_ERROR_CERT_VALID),
+PKIX_ERRORENTRY(X500NAMECOMPAREDERBYTESFAILED,pkix_pl_X500Name_CompareDERBytes failed,0),
+PKIX_ERRORENTRY(X500NAMECREATEFAILED,PKIX_PL_X500Name_Create failed,0),
+PKIX_ERRORENTRY(X500NAMECREATEFROMCERTNAMEFAILED,pkix_pl_X500Name_CreateFromCERTName failed,0),
+PKIX_ERRORENTRY(X500NAMECREATEFROMUTF8FAILED,pkix_pl_X500Name_CreateFromUtf8 failed,0),
+PKIX_ERRORENTRY(X500NAMEEQUALSFAILED,PKIX_PL_X500Name_Equals failed,0),
+PKIX_ERRORENTRY(X500NAMEGETCOMMONNAMEFAILED,pkix_pl_X500Name_GetCommonName failed,0),
+PKIX_ERRORENTRY(X500NAMEGETCOUNTRYNAMEFAILED,pkix_pl_X500Name_GetCountryName failed,0),
+PKIX_ERRORENTRY(X500NAMEGETORGNAMEFAILED,pkix_pl_X500Name_GetOrgName failed,0),
+PKIX_ERRORENTRY(X500NAMEGETSECNAMEFAILED,pkix_pl_X500Name_GetSECName failed,0),
+PKIX_ERRORENTRY(X500NAMEHASHCODEFAILED,PKIX_PL_X500Name_Hashcode failed,0),
+PKIX_ERRORENTRY(X500NAMEMATCHFAILED,PKIX_PL_X500Name_Match failed,0),
+PKIX_ERRORENTRY(X500NAMETOSTRINGFAILED,PKIX_PL_X500Name_ToString failed,0),
+PKIX_ERRORENTRY(ZEROLENGTHBYTEARRAYFORCRLENCODING,Zero-length ByteArray for CRL encoding,0),
+PKIX_ERRORENTRY(INVALIDOCSPHTTPMETHOD,Unsupported HTTP Method for OCSP retrieval,0),
+PKIX_ERRORENTRY(OCSPGETREQUESTTOOBIG,OCSP request too big for HTTP GET method,0),
+PKIX_ERRORENTRY(CERTISBLACKLISTEDATISSUANCETIME,Issuer Certificate is distrusted at the time the subordinate certifiate was issued,SEC_ERROR_UNTRUSTED_ISSUER)
diff --git a/nss/lib/libpkix/include/pkix_params.h b/nss/lib/libpkix/include/pkix_params.h
new file mode 100755
index 0000000..a4d8e48
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_params.h
@@ -0,0 +1,1793 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the various parameters used
+ * by the top-level functions.
+ *
+ */
+
+#ifndef _PKIX_PARAMS_H
+#define _PKIX_PARAMS_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_ProcessingParams
+ *
+ * PKIX_ProcessingParams are parameters used when validating or building a
+ * chain of certificates. Using the parameters, the caller can specify several
+ * things, including the various inputs to the PKIX chain validation
+ * algorithm (such as trust anchors, initial policies, etc), any customized
+ * functionality (such as CertChainCheckers, RevocationCheckers, CertStores),
+ * and whether revocation checking should be disabled.
+ *
+ * Once the caller has created the ProcessingParams object, the caller then
+ * passes it to PKIX_ValidateChain or PKIX_BuildChain, which uses it to call
+ * the user's callback functions as needed during the validation or building
+ * process.
+ *
+ * If a parameter is not set (or is set to NULL), it will be set to the
+ * default value for that parameter. The default value for the Date parameter
+ * is NULL, which indicates the current time when the path is validated. The
+ * default for the remaining parameters is the least constrained.
+ */
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new ProcessingParams object. Trust anchor list is set to
+ *  newly created empty list of trust. In this case trust anchors will
+ *  be taken from provided cert store. Pointed to the created
+ *  ProcessingParams object is stored in "pParams".
+ *
+ * PARAMETERS:
+ *  "anchors"
+ *      Address of List of (non-empty) TrustAnchors to be used.
+ *      Must be non-NULL.
+ *  "pParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_Create(
+        PKIX_ProcessingParams **pParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of CertChainCheckers (if any) that are set
+ *  in the ProcessingParams pointed to by "params" and stores it at
+ *  "pCheckers". Each CertChainChecker represents a custom certificate
+ *  validation check used by PKIX_ValidateChain or PKIX_BuildChain as needed
+ *  during the validation or building process. If "params" does not have any
+ *  CertChainCheckers, this function stores an empty List at "pCheckers".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of CertChainCheckers (if any)
+ *      are to be stored. Must be non-NULL.
+ *  "pCheckers"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetCertChainCheckers(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pCheckers, /* list of PKIX_CertChainChecker */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
+ * DESCRIPTION:
+ *
+ *  Sets the ProcessingParams pointed to by "params" with a List of
+ *  CertChainCheckers pointed to by "checkers". Each CertChainChecker
+ *  represents a custom certificate validation check used by
+ *  PKIX_ValidateChain or PKIX_BuildChain as needed during the validation or
+ *  building process. If "checkers" is NULL, no CertChainCheckers will be used.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of CertChainCheckers is to be
+ *      set. Must be non-NULL.
+ *  "checkers"
+ *      Address of List of CertChainCheckers to be set. If NULL, no
+ *      CertChainCheckers will be used.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params" and "checkers"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetCertChainCheckers(
+        PKIX_ProcessingParams *params,
+        PKIX_List *checkers,  /* list of PKIX_CertChainChecker */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_AddCertChainChecker
+ * DESCRIPTION:
+ *
+ *  Adds the CertChainChecker pointed to by "checker" to the ProcessingParams
+ *  pointed to by "params". The CertChainChecker represents a custom
+ *  certificate validation check used by PKIX_ValidateChain or PKIX_BuildChain
+ *  as needed during the validation or building process.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams to be added to. Must be non-NULL.
+ *  "checker"
+ *      Address of CertChainChecker to be added. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_AddCertChainChecker(
+        PKIX_ProcessingParams *params,
+        PKIX_CertChainChecker *checker,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the RevocationChecker that are set
+ *  in the ProcessingParams pointed to by "params" and stores it at
+ *  "pRevChecker". Each RevocationChecker represents a revocation
+ *  check used by PKIX_ValidateChain or PKIX_BuildChain as needed during the
+ *  validation or building process. If "params" does not have any
+ *  RevocationCheckers, this function stores an empty List at "pRevChecker".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of RevocationCheckers
+ *      is to be stored. Must be non-NULL.
+ *  "pRevChecker"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetRevocationChecker(
+        PKIX_ProcessingParams *params,
+        PKIX_RevocationChecker **pChecker,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
+ * DESCRIPTION:
+ *
+ *  Sets the ProcessingParams pointed to by "params" with a 
+ *  RevocationChecker pointed to by "revChecker". Revocation
+ *  checker object should be created and assigned to processing
+ *  parameters before chain build or validation can begin.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of RevocationCheckers is to be
+ *      set. Must be non-NULL.
+ *  "revChecker"
+ *      Address of RevocationChecker to be set. Must be set before chain
+ *      building or validation.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetRevocationChecker(
+        PKIX_ProcessingParams *params,
+        PKIX_RevocationChecker *revChecker,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetCertStores
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of CertStores (if any) that are set in the
+ *  ProcessingParams pointed to by "params" and stores it at "pStores". Each
+ *  CertStore represents a particular repository from which certificates and
+ *  CRLs can be retrieved by PKIX_ValidateChain or PKIX_BuildChain as needed
+ *  during the validation or building process. If "params" does not have any
+ *  CertStores, this function stores an empty List at "pStores".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of CertStores (if any) are to
+ *      be stored. Must be non-NULL.
+ *  "pStores"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetCertStores(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pStores,  /* list of PKIX_CertStore */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetCertStores
+ * DESCRIPTION:
+ *
+ *  Sets the ProcessingParams pointed to by "params" with a List of CertStores
+ *  pointed to by "stores". Each CertStore represents a particular repository
+ *  from which certificates and CRLs can be retrieved by PKIX_ValidateChain or
+ *  PKIX_BuildChain as needed during the validation or building process. If
+ *  "stores" is NULL, no CertStores will be used.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of CertStores is to be set.
+ *      Must be non-NULL.
+ *  "stores"
+ *      Address of List of CertStores to be set. If NULL, no CertStores will
+ *      be used.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetCertStores(
+        PKIX_ProcessingParams *params,
+        PKIX_List *stores,  /* list of PKIX_CertStore */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_AddCertStore
+ * DESCRIPTION:
+ *
+ *  Adds the CertStore pointed to by "store" to the ProcessingParams pointed
+ *  to by "params". The CertStore represents a particular repository from
+ *  which certificates and CRLs can be retrieved by PKIX_ValidateChain or
+ *  PKIX_BuildChain as needed during the validation or building process.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams to be added to. Must be non-NULL.
+ *  "store"
+ *      Address of CertStore to be added.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_AddCertStore(
+        PKIX_ProcessingParams *params,
+        PKIX_CertStore *store,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetDate
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Date (if any) that is set in the
+ *  ProcessingParams pointed to by "params" and stores it at "pDate". The
+ *  Date represents the time for which the validation of the certificate chain
+ *  should be determined. If "params" does not have any Date set, this function
+ *  stores NULL at "pDate".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose Date (if any) is to be stored.
+ *      Must be non-NULL.
+ *  "pDate"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetDate(
+        PKIX_ProcessingParams *params,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetDate
+ * DESCRIPTION:
+ *
+ *  Sets the ProcessingParams pointed to by "params" with a Date pointed to by
+ *  "date". The Date represents the time for which the validation of the
+ *  certificate chain should be determined. If "date" is NULL, the current
+ *  time is used during validation.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose Date is to be set. Must be non-NULL.
+ *  "date"
+ *      Address of Date to be set. If NULL, current time is used.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetDate(
+        PKIX_ProcessingParams *params,
+        PKIX_PL_Date *date,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of OIDs (if any) that are set in the
+ *  ProcessingParams pointed to by "params" and stores it at "pInitPolicies".
+ *  Each OID represents an initial policy identifier, indicating that any
+ *  one of these policies would be acceptable to the certificate user for
+ *  the purposes of certification path processing. If "params" does not have
+ *  any initial policies, this function stores an empty List at
+ *  "pInitPolicies".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of OIDs (if any) are to be
+ *      stored. Must be non-NULL.
+ *  "pInitPolicies"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetInitialPolicies(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pInitPolicies,    /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
+ * DESCRIPTION:
+ *
+ *  Sets the ProcessingParams pointed to by "params" with a List of OIDs
+ *  pointed to by "initPolicies".
+ *
+ *  Each OID represents an initial policy identifier, indicating that any
+ *  one of these policies would be acceptable to the certificate user for
+ *  the purposes of certification path processing. By default, any policy
+ *  is acceptable (i.e. all policies), so a user that wants to allow any
+ *  policy as acceptable does not need to call this method. Similarly, if
+ *  initPolicies is NULL or points to an empty List, all policies are
+ *  acceptable.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of OIDs is to be set.
+ *      Must be non-NULL.
+ *  "initPolicies"
+ *      Address of List of OIDs to be set. If NULL or if pointing to an empty
+ *      List, all policies are acceptable.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetInitialPolicies(
+        PKIX_ProcessingParams *params,
+        PKIX_List *initPolicies,    /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
+ * DESCRIPTION:
+ *
+ *  Checks whether the ProcessingParams pointed to by "params" indicate that
+ *  policy qualifiers should be rejected and stores the Boolean result at
+ *  "pRejected".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams used to determine whether or not policy
+ *      qualifiers should be rejected. Must be non-NULL.
+ *  "pRejected"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetPolicyQualifiersRejected(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pRejected,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
+ * DESCRIPTION:
+ *
+ *  Specifies in the ProcessingParams pointed to by "params" whether policy
+ *  qualifiers are rejected using the Boolean value of "rejected".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams to be set. Must be non-NULL.
+ *  "rejected"
+ *      Boolean value indicating whether policy qualifiers are to be rejected.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetPolicyQualifiersRejected(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean rejected,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the CertSelector (if any) that is set in the
+ *  ProcessingParams pointed to by "params" and stores it at "pConstraints".
+ *  The CertSelector represents the constraints to be placed on the target
+ *  certificate. If "params" does not have any CertSelector set, this function
+ *  stores NULL at "pConstraints".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose CertSelector (if any) is to be
+ *      stored. Must be non-NULL.
+ *  "pConstraints"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetTargetCertConstraints(
+        PKIX_ProcessingParams *params,
+        PKIX_CertSelector **pConstraints,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
+ * DESCRIPTION:
+ *
+ *  Sets the ProcessingParams pointed to by "params" with a CertSelector
+ *  pointed to by "constraints". The CertSelector represents the constraints
+ *  to be placed on the target certificate. If "constraints" is NULL, no
+ *  constraints are defined.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose CertSelector is to be set.
+ *      Must be non-NULL.
+ *  "constraints"
+ *      Address of CertSelector to be set. If NULL, no constraints are defined.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetTargetCertConstraints(
+        PKIX_ProcessingParams *params,
+        PKIX_CertSelector *constraints,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of TrustAnchors that are set in
+ *  the ProcessingParams pointed to by "params" and stores it at "pAnchors".
+ *  If the function succeeds, the pointer to the List is guaranteed to be
+ *  non-NULL and the List is guaranteed to be non-empty.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of TrustAnchors are to
+ *      be stored. Must be non-NULL.
+ *  "pAnchors"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pAnchors,  /* list of TrustAnchor */
+        void *plContext);
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
+ * DESCRIPTION:
+ *
+ * Sets user defined set of trust anchors. The handling of the trust anchors
+ * may be furthered alter via PKIX_ProcessingParams_SetUseOnlyTrustAnchors.
+ * By default, a certificate will be considered invalid if it does not chain
+ * to a trusted anchor from this list.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of TrustAnchors are to
+ *      be stored. Must be non-NULL.
+ *  "anchors"
+ *      Address of the trust anchors list object. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_List *pAnchors,  /* list of TrustAnchor */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetUseOnlyTrustAnchors
+ * DESCRIPTION:
+ *
+ * Retrieves a pointer to the Boolean. The boolean value represents
+ * the switch value that is used to identify whether trust anchors, if
+ * specified, should be the exclusive source of trust information.
+ * If the function succeeds, the pointer to the Boolean is guaranteed to be
+ * non-NULL.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams. Must be non-NULL.
+ *  "pUseOnlyTrustAnchors"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetUseOnlyTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pUseOnlyTrustAnchors,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors
+ * DESCRIPTION:
+ *
+ * Configures whether trust anchors are used as the exclusive source of trust.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams. Must be non-NULL.
+ *  "useOnlyTrustAnchors"
+ *      If true, indicates that trust anchors should be used exclusively when
+ *      they have been specified via PKIX_ProcessingParams_SetTrustAnchors. A
+ *      certificate will be considered invalid if it does not chain to a
+ *      trusted anchor from that list.
+ *      If false, indicates that the trust anchors are additive to whatever
+ *      existing trust stores are configured. A certificate is considered
+ *      valid if it chains to EITHER a trusted anchor from that list OR a
+ *      certificate marked trusted in a trust store.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetUseOnlyTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean useOnlyTrustAnchors,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Boolean. The boolean value represents
+ *  the switch value that is used to identify if url in cert AIA extension
+ *  may be used for cert fetching.
+ *  If the function succeeds, the pointer to the Boolean is guaranteed to be
+ *  non-NULL.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams. Must be non-NULL.
+ *  "pUseAIA"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetUseAIAForCertFetching(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pUseAIA,  /* list of TrustAnchor */
+        void *plContext);
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
+ * DESCRIPTION:
+ *
+ * Sets switch value that defines if url in cert AIA extension
+ * may be used for cert fetching.
+ * 
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams.
+ *  "useAIA"
+ *      Address of the trust anchors list object. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetUseAIAForCertFetching(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean useAIA,  
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
+ * DESCRIPTION:
+ *
+ * Sets a boolean value that tells if libpkix needs to check that
+ * the target certificate satisfies the conditions set in processing
+ * parameters. Includes but not limited to date, ku and eku checks.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of TrustAnchors are to
+ *      be stored. Must be non-NULL.
+ *  "qualifyTargetCert"
+ *      boolean value if set to true will trigger qualification of the
+ *      target certificate.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetQualifyTargetCert(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean qualifyTargetCert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetHintCerts
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a List of Certs supplied by the user as a suggested
+ *  partial CertChain (subject to verification), that are set in the
+ *  ProcessingParams pointed to by "params", and stores it at "pHintCerts".
+ *  The List returned may be empty or NULL.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of TrustAnchors are to
+ *      be stored. Must be non-NULL.
+ *  "pHintCerts"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetHintCerts(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pHintCerts,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetHintCerts
+ * DESCRIPTION:
+ *
+ *  Stores a pointer to a List of Certs supplied by the user as a suggested
+ *  partial CertChain (subject to verification), as an element in the
+ *  ProcessingParams pointed to by "params". The List may be empty or NULL.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose List of HintCerts is to be stored.
+ *      Must be non-NULL.
+ *  "hintCerts"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetHintCerts(
+        PKIX_ProcessingParams *params,
+        PKIX_List *hintCerts,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the ResourceLimits (if any) that is set in the
+ *  ProcessingParams pointed to by "params" and stores it at "pResourceLimits".
+ *  The ResourceLimits represent the maximum resource usage that the caller 
+ *  desires (such as MaxTime). The ValidateChain or BuildChain call will not
+ *  exceed these maximum limits. If "params" does not have any ResourceLimits
+ *  set, this function stores NULL at "pResourceLimits".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose ResourceLimits (if any) are to be
+ *      stored. Must be non-NULL.
+ *  "pResourceLimits"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetResourceLimits(
+        PKIX_ProcessingParams *params,
+        PKIX_ResourceLimits **pResourceLimits,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
+ * DESCRIPTION:
+ *
+ *  Sets the ProcessingParams pointed to by "params" with a ResourceLimits
+ *  object pointed to by "resourceLimits". The ResourceLimits represent the
+ *  maximum resource usage that the caller desires (such as MaxTime). The
+ *  ValidateChain or BuildChain call will not exceed these maximum limits.
+ *  If "resourceLimits" is NULL, no ResourceLimits are defined.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams whose ResourceLimits are to be set.
+ *      Must be non-NULL.
+ *  "resourceLimits"
+ *      Address of ResourceLimits to be set. If NULL, no limits are defined.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetResourceLimits(
+        PKIX_ProcessingParams *params,
+        PKIX_ResourceLimits *resourceLimits,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
+ * DESCRIPTION:
+ *
+ *  Checks whether the ProcessingParams pointed to by "params" indicate that
+ *  anyPolicy is inhibited and stores the Boolean result at "pInhibited".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams used to determine whether or not anyPolicy
+ *      inhibited. Must be non-NULL.
+ *  "pInhibited"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsAnyPolicyInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pInhibited,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
+ * DESCRIPTION:
+ *
+ *  Specifies in the ProcessingParams pointed to by "params" whether anyPolicy
+ *  is inhibited using the Boolean value of "inhibited".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams to be set. Must be non-NULL.
+ *  "inhibited"
+ *      Boolean value indicating whether anyPolicy is to be inhibited.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetAnyPolicyInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean inhibited,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
+ * DESCRIPTION:
+ *
+ *  Checks whether the ProcessingParams pointed to by "params" indicate that
+ *  explicit policies are required and stores the Boolean result at
+ *  "pRequired".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams used to determine whether or not explicit
+ *      policies are required. Must be non-NULL.
+ *  "pRequired"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsExplicitPolicyRequired(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pRequired,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
+ * DESCRIPTION:
+ *
+ *  Specifies in the ProcessingParams pointed to by "params" whether explicit
+ *  policies are required using the Boolean value of "required".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams to be set. Must be non-NULL.
+ *  "required"
+ *      Boolean value indicating whether explicit policies are to be required.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetExplicitPolicyRequired(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean required,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
+ * DESCRIPTION:
+ *
+ *  Checks whether the ProcessingParams pointed to by "params" indicate that
+ *  policyMapping is inhibited and stores the Boolean result at "pInhibited".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams used to determine whether or not policy
+ *      mappings are inhibited. Must be non-NULL.
+ *  "pInhibited"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsPolicyMappingInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pInhibited,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
+ * DESCRIPTION:
+ *
+ *  Specifies in the ProcessingParams pointed to by "params" whether policy
+ *  mapping is inhibited using the Boolean value of "inhibited".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ProcessingParams to be set. Must be non-NULL.
+ *  "inhibited"
+ *      Boolean value indicating whether policy mapping is to be inhibited.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetPolicyMappingInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean inhibited,
+        void *plContext);
+
+
+/* PKIX_ValidateParams
+ *
+ * PKIX_ValidateParams consists of a ProcessingParams object as well as the
+ * List of Certs (certChain) that the caller is trying to validate.
+ */
+
+/*
+ * FUNCTION: PKIX_ValidateParams_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new ValidateParams object and stores it at "pParams".
+ *
+ * PARAMETERS:
+ *  "procParams"
+ *      Address of ProcessingParams to be used. Must be non-NULL.
+ *  "chain"
+ *      Address of List of Certs (certChain) to be validated. Must be non-NULL.
+ *  "pParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ValidateParams_Create(
+        PKIX_ProcessingParams *procParams,
+        PKIX_List *chain,
+        PKIX_ValidateParams **pParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ValidateParams_GetProcessingParams
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the ProcessingParams that represent the basic
+ *  certificate processing parameters used during chain validation and chain
+ *  building from the ValidateParams pointed to by "valParams" and stores it
+ *  at "pProcParams". If the function succeeds, the pointer to the
+ *  ProcessingParams is guaranteed to be non-NULL.
+ *
+ * PARAMETERS:
+ *  "valParams"
+ *      Address of ValidateParams whose ProcessingParams are to be stored.
+ *      Must be non-NULL.
+ *  "pProcParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ValidateParams_GetProcessingParams(
+        PKIX_ValidateParams *valParams,
+        PKIX_ProcessingParams **pProcParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ValidateParams_GetCertChain
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of Certs (certChain) that is set in the
+ *  ValidateParams pointed to by "valParams" and stores it at "pChain". If the
+ *  function succeeds, the pointer to the CertChain is guaranteed to be
+ *  non-NULL.
+ *
+ * PARAMETERS:
+ *  "valParams"
+ *      Address of ValidateParams whose CertChain is to be stored.
+ *      Must be non-NULL.
+ *  "pChain"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ValidateParams_GetCertChain(
+        PKIX_ValidateParams *valParams,
+        PKIX_List **pChain,
+        void *plContext);
+
+/* PKIX_TrustAnchor
+ *
+ * A PKIX_TrustAnchor represents a trusted entity and can be specified using a
+ * self-signed certificate or using the trusted CA's name and public key. In
+ * order to limit the trust in the trusted entity, name constraints can also
+ * be imposed on the trust anchor.
+ */
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_CreateWithCert
+ * DESCRIPTION:
+ *
+ *  Creates a new TrustAnchor object using the Cert pointed to by "cert" as
+ *  the trusted certificate and stores it at "pAnchor". Once created, a
+ *  TrustAnchor is immutable.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert to use as trusted certificate. Must be non-NULL.
+ *  "pAnchor"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithCert(
+        PKIX_PL_Cert *cert,
+        PKIX_TrustAnchor **pAnchor,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
+ * DESCRIPTION:
+ *
+ *  Creates a new TrustAnchor object using the X500Name pointed to by "name",
+ *  and the PublicKey pointed to by "pubKey" and stores it at "pAnchor". The
+ *  CertNameConstraints pointed to by "nameConstraints" (if any) are used to
+ *  limit the trust placed in this trust anchor. To indicate that name
+ *  constraints don't apply, set "nameConstraints" to NULL. Once created, a
+ *  TrustAnchor is immutable.
+ *
+ * PARAMETERS:
+ *  "name"
+ *      Address of X500Name to use as name of trusted CA. Must be non-NULL.
+ *  "pubKey"
+ *      Address of PublicKey to use as trusted public key. Must be non-NULL.
+ *  "nameConstraints"
+ *      Address of CertNameConstraints to use as initial name constraints.
+ *      If NULL, no name constraints are applied.
+ *  "pAnchor"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithNameKeyPair(
+        PKIX_PL_X500Name *name,
+        PKIX_PL_PublicKey *pubKey,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_TrustAnchor **pAnchor,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetTrustedCert
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Cert that is set in the TrustAnchor pointed to
+ *  by "anchor" and stores it at "pCert". If "anchor" does not have a Cert
+ *  set, this function stores NULL at "pCert".
+ *
+ * PARAMETERS:
+ *  "anchor"
+ *      Address of TrustAnchor whose Cert is to be stored. Must be non-NULL.
+ *  "pChain"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetTrustedCert(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_Cert **pCert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetCAName
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the CA's X500Name (if any) that is set in the
+ *  TrustAnchor pointed to by "anchor" and stores it at "pCAName". If "anchor"
+ *  does not have an X500Name set, this function stores NULL at "pCAName".
+ *
+ * PARAMETERS:
+ *  "anchor"
+ *      Address of TrustAnchor whose CA Name is to be stored. Must be non-NULL.
+ *  "pCAName"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetCAName(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_X500Name **pCAName,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the CA's PublicKey (if any) that is set in the
+ *  TrustAnchor pointed to by "anchor" and stores it at "pPubKey". If "anchor"
+ *  does not have a PublicKey set, this function stores NULL at "pPubKey".
+ *
+ * PARAMETERS:
+ *  "anchor"
+ *      Address of TrustAnchor whose CA PublicKey is to be stored.
+ *      Must be non-NULL.
+ *  "pPubKey"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetCAPublicKey(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_PublicKey **pPubKey,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the CertNameConstraints (if any) set in the
+ *  TrustAnchor pointed to by "anchor" and stores it at "pConstraints". If
+ *  "anchor" does not have any CertNameConstraints set, this function stores
+ *  NULL at "pConstraints".
+ *
+ * PARAMETERS:
+ *  "anchor"
+ *      Address of TrustAnchor whose CertNameConstraints are to be stored.
+ *      Must be non-NULL.
+ *  "pConstraints"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Params Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetNameConstraints(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext);
+
+/* PKIX_ResourceLimits
+ *
+ *  A PKIX_ResourceLimits object represents the maximum resource usage that
+ *  the caller desires. The ValidateChain or BuildChain call
+ *  will not exceed these maximum limits. For example, the caller may want
+ *  a timeout value of 1 minute, meaning that if the ValidateChain or
+ *  BuildChain function is unable to finish in 1 minute, it should abort
+ *  with an Error.
+ */
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new ResourceLimits object and stores it at "pResourceLimits".
+ *
+ * PARAMETERS:
+ *  "pResourceLimits"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_Create(
+        PKIX_ResourceLimits **pResourceLimits,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxTime
+ * DESCRIPTION:
+ *
+ *  Retrieves a PKIX_UInt32 (if any) representing the maximum time that is
+ *  set in the ResourceLimits object pointed to by "resourceLimits" and stores
+ *  it at "pMaxTime". This maximum time (in seconds) should not be exceeded
+ *  by the function whose ProcessingParams contain this ResourceLimits object
+ *  (typically ValidateChain or BuildChain). It essentially functions as a
+ *  time-out value and is only appropriate if blocking I/O is being used.
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum time (in seconds) is
+ *      to be stored. Must be non-NULL.
+ *  "pMaxTime"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxTime(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 *pMaxTime,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxTime
+ * DESCRIPTION:
+ *
+ *  Sets the maximum time of the ResourceLimits object pointed to by
+ *  "resourceLimits" using the PKIX_UInt32 value of "maxTime". This
+ *  maximum time (in seconds) should not be exceeded by the function
+ *  whose ProcessingParams contain this ResourceLimits object
+ *  (typically ValidateChain or BuildChain). It essentially functions as a
+ *  time-out value and is only appropriate if blocking I/O is being used.
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum time (in seconds) is
+ *      to be set. Must be non-NULL.
+ *  "maxTime"
+ *      Value of PKIX_UInt32 representing the maximum time (in seconds)
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxTime(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 maxTime,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
+ * DESCRIPTION:
+ *
+ *  Retrieves a PKIX_UInt32 (if any) representing the maximum fanout that is
+ *  set in the ResourceLimits object pointed to by "resourceLimits" and stores
+ *  it at "pMaxFanout". This maximum fanout (number of certs) should not be
+ *  exceeded by the function whose ProcessingParams contain this ResourceLimits
+ *  object (typically ValidateChain or BuildChain). If the builder encounters
+ *  more than this maximum number of certificates when searching for the next
+ *  candidate certificate, it should abort and return an error. This
+ *  parameter is only relevant for ValidateChain if it needs to internally call
+ *  BuildChain (e.g. in order to build the chain to a CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum fanout (number of certs)
+ *      is to be stored. Must be non-NULL.
+ *  "pMaxFanout"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxFanout(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 *pMaxFanout,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
+ * DESCRIPTION:
+ *
+ *  Sets the maximum fanout of the ResourceLimits object pointed to by
+ *  "resourceLimits" using the PKIX_UInt32 value of "maxFanout". This maximum
+ *  fanout (number of certs) should not be exceeded by the function whose
+ *  ProcessingParams contain this ResourceLimits object (typically ValidateChain
+ *  or BuildChain). If the builder encounters more than this maximum number of
+ *  certificates when searching for the next candidate certificate, it should
+ *  abort and return an Error. This parameter is only relevant for ValidateChain
+ *  if it needs to internally call BuildChain (e.g. in order to build the
+ *  chain to a CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum fanout (number of certs)
+ *      is to be set. Must be non-NULL.
+ *  "maxFanout"
+ *      Value of PKIX_UInt32 representing the maximum fanout (number of certs)
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxFanout(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 maxFanout,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
+ * DESCRIPTION:
+ *
+ *  Retrieves a PKIX_UInt32 (if any) representing the maximum depth that is
+ *  set in the ResourceLimits object pointed to by "resourceLimits" and stores
+ *  it at "pMaxDepth". This maximum depth (number of certs) should not be
+ *  exceeded by the function whose ProcessingParams contain this ResourceLimits
+ *  object (typically ValidateChain or BuildChain). If the builder encounters
+ *  more than this maximum number of certificates when searching for the next
+ *  candidate certificate, it should abort and return an error. This
+ *  parameter is only relevant for ValidateChain if it needs to internally call
+ *  BuildChain (e.g. in order to build the chain to a CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum depth (number of certs)
+ *      is to be stored. Must be non-NULL.
+ *  "pMaxDepth"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxDepth(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 *pMaxDepth,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
+ * DESCRIPTION:
+ *
+ *  Sets the maximum depth of the ResourceLimits object pointed to by
+ *  "resourceLimits" using the PKIX_UInt32 value of "maxDepth". This maximum
+ *  depth (number of certs) should not be exceeded by the function whose
+ *  ProcessingParams contain this ResourceLimits object (typically ValidateChain
+ *  or BuildChain). If the builder encounters more than this maximum number of
+ *  certificates when searching for the next candidate certificate, it should
+ *  abort and return an Error. This parameter is only relevant for ValidateChain
+ *  if it needs to internally call BuildChain (e.g. in order to build the
+ *  chain to a CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum depth (number of certs)
+ *      is to be set. Must be non-NULL.
+ *  "maxDepth"
+ *      Value of PKIX_UInt32 representing the maximum depth (number of certs)
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxDepth(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 maxDepth,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
+ * DESCRIPTION:
+ *
+ *  Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
+ *  certs that is set in the ResourceLimits object pointed to by "resourceLimits"
+ *  and stores it at "pMaxNumber". This maximum number of traversed certs should
+ *  not be exceeded by the function whose ProcessingParams contain this ResourceLimits
+ *  object (typically ValidateChain or BuildChain). If the builder traverses more
+ *  than this number of certs during the build process, it should abort and
+ *  return an Error. This parameter is only relevant for ValidateChain if it
+ *  needs to internally call BuildChain (e.g. in order to build the chain to a
+ *  CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum number of traversed certs
+ *      is to be stored. Must be non-NULL.
+ *  "pMaxNumber"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxNumberOfCerts(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 *pMaxNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
+ * DESCRIPTION:
+ *
+ *  Sets the maximum number of traversed certs of the ResourceLimits object
+ *  pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
+ *  This maximum number of traversed certs should not be exceeded by the function 
+ *  whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
+ *  or BuildChain). If the builder traverses more than this number of certs
+ *  during the build process, it should abort and return an Error. This parameter
+ *  is only relevant for ValidateChain if it needs to internally call BuildChain
+ *  (e.g. in order to build the chain to a CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum number of traversed certs
+ *      is to be set. Must be non-NULL.
+ *  "maxNumber"
+ *      Value of PKIX_UInt32 representing the maximum number of traversed certs
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxNumberOfCerts(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 maxNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
+ * DESCRIPTION:
+ *
+ *  Retrieves a PKIX_UInt32 (if any) representing the maximum number of traversed
+ *  CRLs that is set in the ResourceLimits object pointed to by "resourceLimits"
+ *  and stores it at "pMaxNumber". This maximum number of traversed CRLs should
+ *  not be exceeded by the function whose ProcessingParams contain this ResourceLimits
+ *  object (typically ValidateChain or BuildChain). If the builder traverses more
+ *  than this number of CRLs during the build process, it should abort and
+ *  return an Error. This parameter is only relevant for ValidateChain if it
+ *  needs to internally call BuildChain (e.g. in order to build the chain to a
+ *  CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum number of traversed CRLs
+ *      is to be stored. Must be non-NULL.
+ *  "pMaxNumber"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxNumberOfCRLs(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 *pMaxNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
+ * DESCRIPTION:
+ *
+ *  Sets the maximum number of traversed CRLs of the ResourceLimits object
+ *  pointed to by "resourceLimits" using the PKIX_UInt32 value of "maxNumber".
+ *  This maximum number of traversed CRLs should not be exceeded by the function 
+ *  whose ProcessingParams contain this ResourceLimits object (typically ValidateChain
+ *  or BuildChain). If the builder traverses more than this number of CRLs
+ *  during the build process, it should abort and return an Error. This parameter
+ *  is only relevant for ValidateChain if it needs to internally call BuildChain
+ *  (e.g. in order to build the chain to a CRL's issuer).
+ *
+ * PARAMETERS:
+ *  "resourceLimits"
+ *      Address of ResourceLimits object whose maximum number of traversed CRLs
+ *      is to be set. Must be non-NULL.
+ *  "maxNumber"
+ *      Value of PKIX_UInt32 representing the maximum number of traversed CRLs
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "params"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ResourceLimits Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxNumberOfCRLs(
+        PKIX_ResourceLimits *resourceLimits,
+        PKIX_UInt32 maxNumber,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PARAMS_H */
diff --git a/nss/lib/libpkix/include/pkix_pl_pki.h b/nss/lib/libpkix/include/pkix_pl_pki.h
new file mode 100755
index 0000000..0a449b9
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_pl_pki.h
@@ -0,0 +1,2735 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines several platform independent functions to
+ * manipulate certificates and CRLs in a portable manner.
+ *
+ */
+
+#ifndef _PKIX_PL_PKI_H
+#define _PKIX_PL_PKI_H
+
+#include "pkixt.h"
+#include "seccomon.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/*
+ * Cert
+ *
+ * A Cert represents an X.509 certificate. It can be created using the bytes
+ * of a valid ASN.1 DER encoding. Once created, a Cert is immutable. The
+ * following functions include accessors (gettors) for the various components
+ * of an X.509 certificate. Also included are functions to perform various
+ * checks on a certificate, including name constraints, key usage, validity
+ * (expiration), and signature verification.
+ */
+
+/*
+ * FUNCTION: PKIX_PL_Cert_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new certificate using the bytes in the ByteArray pointed to by
+ *  "byteArray" and stores it at "pCert". If the bytes are not a valid ASN.1
+ *  DER encoding of a certificate, a PKIX_Error pointer is returned. Once
+ *  created, a Cert is immutable.
+ *
+ *  Certificate  ::=  SEQUENCE  {
+ *      tbsCertificate          TBSCertificate,
+ *      signatureAlgorithm      AlgorithmIdentifier,
+ *      signatureValue          BIT STRING  }
+ *
+ *  AlgorithmIdentifier  ::=  SEQUENCE  {
+ *      algorithm               OBJECT IDENTIFIER,
+ *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+ *
+ *  TBSCertificate  ::=  SEQUENCE  {
+ *      version         [0]  EXPLICIT Version DEFAULT v1,
+ *      serialNumber    CertificateSerialNumber,
+ *      signature       AlgorithmIdentifier,
+ *      issuer          Name,
+ *      validity        Validity,
+ *      subject         Name,
+ *      subjectPublicKeyInfo SubjectPublicKeyInfo,
+ *      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+ *                          -- If present, version MUST be v2 or v3
+ *      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+ *                              -- If present, version MUST be v2 or v3
+ *      extensions      [3]  EXPLICIT Extensions OPTIONAL
+ *                              -- If present, version MUST be v3
+ *      }
+ *
+ *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+ *
+ *  CertificateSerialNumber  ::=  INTEGER
+ *
+ *  Validity ::= SEQUENCE {
+ *      notBefore       Time,
+ *      notAfter        Time }
+ *
+ *  Time ::= CHOICE {
+ *      utcTime         UTCTime,
+ *      generalTime     GeneralizedTime }
+ *
+ *  UniqueIdentifier  ::=  BIT STRING
+ *
+ *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+ *      algorithm               AlgorithmIdentifier,
+ *      subjectPublicKey        BIT STRING  }
+ *
+ *  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+ *
+ *  Extension  ::=  SEQUENCE  {
+ *      extnID          OBJECT IDENTIFIER,
+ *      critical        BOOLEAN DEFAULT FALSE,
+ *      extnValue       OCTET STRING  }
+ *
+ * PARAMETERS:
+ *  "byteArray"
+ *      Address of ByteArray representing the CERT's DER encoding.
+ *      Must be non-NULL.
+ *  "pCert"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_Create(
+        PKIX_PL_ByteArray *byteArray,
+        PKIX_PL_Cert **pCert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
+ * DESCRIPTION:
+ *
+ * Creates a new certificate using passed in CERTCertificate object.
+ *
+ * PARAMETERS:
+ *  "nssCert"
+ *      The object that will be used to create new PKIX_PL_Cert.
+ *  "pCert"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_CreateFromCERTCertificate(
+        const CERTCertificate *nssCert,
+        PKIX_PL_Cert **pCert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCERTCertificate
+ * DESCRIPTION:
+ *
+ * Returns underlying CERTCertificate structure. Return CERTCertificate
+ * object is duplicated and should be destroyed by caller.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of PKIX_PL_Cert. Must be non-NULL.
+ *  "pCert"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCERTCertificate(
+        PKIX_PL_Cert *cert,
+        CERTCertificate **pnssCert, 
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetVersion
+ * DESCRIPTION:
+ *
+ *  Retrieves the version of the Cert pointed to by "cert" and stores it at
+ *  "pVersion". The version number will either be 0, 1, or 2 (corresponding to
+ *  v1, v2, or v3, respectively).
+ *
+ *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose version is to be stored. Must be non-NULL.
+ *  "pVersion"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetVersion(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 *pVersion,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSerialNumber
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the BigInt that represents the serial number of the
+ *  Cert pointed to by "cert" and stores it at "pSerialNumber".
+ *
+ *  CertificateSerialNumber  ::=  INTEGER
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose serial number is to be stored. Must be non-NULL.
+ *  "pSerial"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSerialNumber(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_BigInt **pSerial,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetIssuer
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the X500Name that represents the issuer DN of the
+ *  Cert pointed to by "cert" and stores it at "pIssuer".
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose issuer is to be stored. Must be non-NULL.
+ *  "pIssuer"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetIssuer(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_X500Name **pIssuer,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubject
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the X500Name that represents the subject DN of the
+ *  Cert pointed to by "cert" and stores it at "pSubject". If the Cert does not
+ *  have a subject DN, this function stores NULL at "pSubject".
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose subject is to be stored. Must be non-NULL.
+ *  "pSubject"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubject(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_X500Name **pSubject,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the OID that represents the subject public key
+ *  algorithm of the Cert pointed to by "cert" and stores it at
+ *  "pSubjKeyAlgId".
+ *
+ *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+ *      algorithm               AlgorithmIdentifier,
+ *      subjectPublicKey        BIT STRING  }
+ *
+ *  AlgorithmIdentifier  ::=  SEQUENCE  {
+ *      algorithm               OBJECT IDENTIFIER,
+ *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose subject public key algorithm OID is to be stored.
+ *      Must be non-NULL.
+ *  "pSubjKeyAlgId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_OID **pSubjKeyAlgId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the PublicKey that represents the subject public key
+ *  of the Cert pointed to by "cert" and stores it at "pPublicKey".
+ *
+ *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
+ *      algorithm               AlgorithmIdentifier,
+ *      subjectPublicKey        BIT STRING  }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose subject public key is to be stored.
+ *      Must be non-NULL.
+ *  "pPublicKey"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectPublicKey(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_PublicKey **pPublicKey,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
+ * DESCRIPTION:
+ *
+ * Determines if the PublicKey pointed to by "pubKey" is a DSA Key with null
+ * parameters and stores the result at "pNeedsParams". 
+ *
+ * PARAMETERS:
+ *  "pubKey"
+ *      Address of the Public Key of interest. Must be non-NULL.
+ *  "pNeedsParams"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PublicKey Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_PublicKey_NeedsDSAParameters(
+        PKIX_PL_PublicKey *pubKey,
+        PKIX_Boolean *pNeedsParams,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
+ * DESCRIPTION:
+ *
+ * This function is used for DSA key parameter inheritance, which allows a
+ * first DSA key with omitted parameters (pointed to by "firstKey") to inherit
+ * the PQG parameters of a second DSA key that does have parameters. (pointed
+ * to by "secondKey"). Once created, a PublicKey is immutable.
+ *
+ * Specifically, the algorithm used by the function is:
+ *
+ * If the first PublicKey is not a DSA public key with omitted parameters,
+ *      the function stores NULL at "pResultKey". (No Error is returned)
+ * Else if the second PublicKey is not a DSA public key with non-NULL,
+ *      parameters, the function returns an Error.
+ * Else
+ *      the function creates a third PublicKey with a "Y" value from the
+ *      first PublicKey and the DSA parameters from the second PublicKey,
+ *      and stores it at "pResultKey".
+ *
+ * PARAMETERS:
+ *  "firstKey"
+ *      Address of a Public Key that needs to inherit DSA parameters.
+ *      Must be non-NULL.
+ *  "secondKey"
+ *      Address of a Public Key that has DSA parameters that will be inherited
+ *      by "firstKey". Must be non-NULL.
+ *  "pResultKey"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PublicKey Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
+        PKIX_PL_PublicKey *firstKey,
+        PKIX_PL_PublicKey *secondKey,
+        PKIX_PL_PublicKey **pResultKey,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of OIDs (each OID corresponding to a
+ *  critical extension of the Cert pointed to by "cert") and stores it at
+ *  "pExtensions". If "cert" does not have any critical extensions, this
+ *  function stores an empty List at "pExtensions".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose critical extension OIDs are to be stored.
+ *      Must be non-NULL.
+ *  "pExtensions"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCriticalExtensionOIDs(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pExtensions,  /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a ByteArray representing the authority key
+ *  identifier extension of the Cert pointed to by "cert" and stores it at
+ *  "pAuthKeyId".
+ *
+ *  Note that this function only retrieves the keyIdentifier component
+ *  (OCTET STRING) of the AuthorityKeyIdentifier extension, when present.
+ *
+ *  If "cert" does not have an AuthorityKeyIdentifier extension or if the
+ *  keyIdentifier component of the AuthorityKeyIdentifier extension is not
+ *  present, this function stores NULL at "pAuthKeyId".
+ *
+ *  AuthorityKeyIdentifier ::= SEQUENCE {
+ *      keyIdentifier                   [0] KeyIdentifier           OPTIONAL,
+ *      authorityCertIssuer             [1] GeneralNames            OPTIONAL,
+ *      authorityCertSerialNumber       [2] CertificateSerialNumber OPTIONAL  }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose authority key identifier is to be stored.
+ *      Must be non-NULL.
+ *  "pAuthKeyId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetAuthorityKeyIdentifier(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_ByteArray **pAuthKeyId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a ByteArray representing the subject key identifier
+ *  extension of the Cert pointed to by "cert" and stores it at "pSubjKeyId".
+ *  If "cert" does not have a SubjectKeyIdentifier extension, this function
+ *  stores NULL at "pSubjKeyId".
+ *
+ *  SubjectKeyIdentifier ::= KeyIdentifier
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose subject key identifier is to be stored.
+ *      Must be non-NULL.
+ *  "pSubjKeyId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectKeyIdentifier(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_ByteArray **pSubjKeyId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of GeneralNames (each GeneralName
+ *  representing a subject alternative name found in the subject alternative
+ *  names extension of the Cert pointed to by "cert") and stores it at
+ *  "pSubjectAltNames". If "cert" does not have a SubjectAlternativeNames
+ *  extension, this function stores NULL at "pSubjectAltNames".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ *  SubjectAltName ::= GeneralNames
+ *
+ *  GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+ *
+ *  GeneralName ::= CHOICE {
+ *      otherName                       [0]     OtherName,
+ *      rfc822Name                      [1]     IA5String,
+ *      dNSName                         [2]     IA5String,
+ *      x400Address                     [3]     ORAddress,
+ *      directoryName                   [4]     Name,
+ *      ediPartyName                    [5]     EDIPartyName,
+ *      uniformResourceIdentifier       [6]     IA5String,
+ *      iPAddress                       [7]     OCTET STRING,
+ *      registeredID                    [8]     OBJECT IDENTIFIER }
+ *
+ *  OtherName ::= SEQUENCE {
+ *      type-id                         OBJECT IDENTIFIER,
+ *      value                           [0] EXPLICIT ANY DEFINED BY type-id }
+ *
+ *  EDIPartyName ::= SEQUENCE {
+ *      nameAssigner                    [0]     DirectoryString OPTIONAL,
+ *      partyName                       [1]     DirectoryString }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose subjectAltNames are to be stored.
+ *      Must be non-NULL.
+ *  "pSubjectAltNames"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectAltNames(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pSubjectAltNames,  /* list of PKIX_PL_GeneralName */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of GeneralNames (each GeneralName
+ *  representing a subject DN or a subject alternative name found in the
+ *  subject alternative names extension of the Cert pointed to by "cert") and
+ *  stores it at "pAllSubjectNames".If the Subject DN of "cert" is empty and
+ *  it does not have a SubjectAlternativeNames extension, this function stores
+ *  NULL at "pAllSubjectNames".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose subject DN and subjectAltNames are to be stored.
+ *      Must be non-NULL.
+ *  "pAllSubjectNames"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetAllSubjectNames(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pAllSubjectNames,  /* list of PKIX_PL_GeneralName */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a List of OIDs (each OID corresponding to an
+ *  extended key usage of the Cert pointed to by "cert") and stores it at
+ *  "pKeyUsage". If "cert" does not have an extended key usage extension, this
+ *  function stores a NULL at "pKeyUsage".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ *  ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+ *
+ *  KeyPurposeId ::= OBJECT IDENTIFIER
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose extended key usage OIDs are to be stored.
+ *      Must be non-NULL.
+ *  "pKeyUsage"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetExtendedKeyUsage(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pKeyUsage,  /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetNameConstraints
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a CertNameConstraints object representing the name
+ *  constraints extension of the Cert pointed to by "cert" and stores it at
+ *  "pNameConstraints".
+ *
+ *  If "cert" does not have a name constraints extension, this function stores
+ *  NULL at "pNameConstraints".
+ *
+ *  NameConstraints ::= SEQUENCE {
+ *      permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
+ *      excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
+ *
+ *  GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+ *
+ *  GeneralSubtree ::= SEQUENCE {
+ *      base                    GeneralName,
+ *      minimum         [0]     BaseDistance DEFAULT 0,
+ *      maximum         [1]     BaseDistance OPTIONAL }
+ *
+ *  BaseDistance ::= INTEGER (0..MAX)
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose name constraints extension is to be stored.
+ *      Must be non-NULL.
+ *  "pNameConstraints"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetNameConstraints(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetBasicConstraints
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a CertBasicConstraints object representing the basic
+ *  constraints extension of the Cert pointed to by "cert" and stores it at
+ *  "pBasicConstraints".
+ *
+ *  If "cert" does not have a basic constraints extension, this function stores
+ *  NULL at "pBasicConstraints". Once created, a CertBasicConstraints object
+ *  is immutable.
+ *
+ *  BasicConstraints ::= SEQUENCE {
+ *      cA                      BOOLEAN DEFAULT FALSE,
+ *      pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose basic constraints extension is to be stored.
+ *      Must be non-NULL.
+ *  "pBasicConstraints"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetBasicConstraints(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_CertBasicConstraints **pBasicConstraints,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a Boolean value representing the cA Flag component
+ *  of the CertBasicConstraints object pointed to by "basicConstraints" and
+ *  stores it at "pResult".
+ *
+ *  BasicConstraints ::= SEQUENCE {
+ *      cA                      BOOLEAN DEFAULT FALSE,
+ *      pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+ *
+ * PARAMETERS:
+ *  "basicConstraints"
+ *      Address of CertBasicConstraints whose cA Flag is to be stored.
+ *      Must be non-NULL.
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_BasicConstraints_GetCAFlag(
+        PKIX_PL_CertBasicConstraints *basicConstraints,
+        PKIX_Boolean *pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to an integer value representing the pathLenConstraint
+ *  component of the CertBasicConstraints object pointed to by
+ *  "basicConstraints" and stores it at "pPathLenConstraint". If the
+ *  pathLenConstraint component is not present, this function stores -1 at
+ *  "pPathLenConstraint".
+ *
+ * PARAMETERS:
+ *  "basicConstraints"
+ *      Address of CertBasicConstraints whose pathLen is to be stored.
+ *      Must be non-NULL.
+ *  "pPathLenConstraint"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_BasicConstraints_GetPathLenConstraint(
+        PKIX_PL_CertBasicConstraints *basicConstraints,
+        PKIX_Int32 *pPathLenConstraint,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetPolicyInformation
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a List of CertPolicyInfos found in the certificate
+ *  policies extension of the Cert pointed to by "cert" and stores it at
+ *  "pPolicyInfo". If "cert" does not have a certificate policies extension,
+ *  this function stores NULL at "pPolicyInfo". Once created, a CertPolicyInfo
+ *  object is immutable.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ *  certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+ *
+ *  PolicyInformation ::= SEQUENCE {
+ *      policyIdentifier   CertPolicyId,
+ *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+ *                              PolicyQualifierInfo OPTIONAL }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose CertPolicyInfos are to be stored.
+ *      Must be non-NULL.
+ *  "pPolicyInfo"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetPolicyInformation(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pPolicyInfo, /* list of PKIX_PL_CertPolicyInfo */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to an OID representing the policyIdentifier of the
+ *  CertPolicyInfo pointed to by "policyInfo" and stores it at "pCertPolicyId".
+ *
+ *  certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+ *
+ *  PolicyInformation ::= SEQUENCE {
+ *      policyIdentifier   CertPolicyId,
+ *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+ *                              PolicyQualifierInfo OPTIONAL }
+ *
+ *  CertPolicyId ::= OBJECT IDENTIFIER
+ *
+ * PARAMETERS:
+ *  "policyInfo"
+ *      Address of CertPolicyInfo whose policy identifier is to be stored.
+ *      Must be non-NULL.
+ *  "pCertPolicyId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyInfo_GetPolicyId(
+        PKIX_PL_CertPolicyInfo *policyInfo,
+        PKIX_PL_OID **pCertPolicyId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a List of the CertPolicyQualifiers representing
+ *  the policyQualifiers of the CertPolicyInfo pointed to by "policyInfo" and
+ *  stores it at "pPolicyQualifiers". If "policyInfo" does not have any
+ *  policyQualifiers, this function stores NULL at "pPolicyQualifiers". Once
+ *  created, a CertPolicyQualifier is immutable.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ *  certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+ *
+ *  PolicyInformation ::= SEQUENCE {
+ *      policyIdentifier   CertPolicyId,
+ *      policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+ *                              PolicyQualifierInfo OPTIONAL }
+ *
+ *  PolicyQualifierInfo ::= SEQUENCE {
+ *      policyQualifierId  PolicyQualifierId,
+ *      qualifier       ANY DEFINED BY policyQualifierId }
+ *
+ * PARAMETERS:
+ *  "policyInfo"
+ *      Address of CertPolicyInfo whose policy qualifiers List is to be stored.
+ *      Must be non-NULL.
+ *  "pPolicyQualifiers"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyInfo_GetPolQualifiers(
+        PKIX_PL_CertPolicyInfo *policyInfo,
+        PKIX_List **pPolicyQualifiers, /* list of PKIX_PL_CertPolicyQualifier */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to an OID representing the policyQualifierId of the
+ *  CertPolicyQualifier pointed to by "policyQualifier" and stores it at
+ *  "pPolicyQualifierId".
+ *
+ *  PolicyQualifierInfo ::= SEQUENCE {
+ *      policyQualifierId       PolicyQualifierId,
+ *      qualifier               ANY DEFINED BY policyQualifierId }
+ *
+ *  PolicyQualifierId ::=
+ *      OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+ *
+ * PARAMETERS:
+ *  "policyQualifier"
+ *      Address of CertPolQualifier whose policyQualifierId is to be stored.
+ *      Must be non-NULL.
+ *  "pPolicyQualifierId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_PolicyQualifier_GetPolicyQualifierId(
+        PKIX_PL_CertPolicyQualifier *policyQualifier,
+        PKIX_PL_OID **pPolicyQualifierId,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a ByteArray representing the qualifier of the
+ *  CertPolicyQualifier pointed to by "policyQualifier" and stores it at
+ *  "pQualifier".
+ *
+ *  PolicyQualifierInfo ::= SEQUENCE {
+ *      policyQualifierId       PolicyQualifierId,
+ *      qualifier               ANY DEFINED BY policyQualifierId }
+ *
+ * PARAMETERS:
+ *  "policyQualifier"
+ *      Address of CertPolicyQualifier whose qualifier is to be stored.
+ *      Must be non-NULL.
+ *  "pQualifier"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_PolicyQualifier_GetQualifier(
+        PKIX_PL_CertPolicyQualifier *policyQualifier,
+        PKIX_PL_ByteArray **pQualifier,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetPolicyMappings
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a List of CertPolicyMaps found in the policy
+ *  mappings extension of the Cert pointed to by "cert" and stores it at
+ *  "pPolicyMappings". If "cert" does not have a policy mappings extension,
+ *  this function stores NULL at "pPolicyMappings". Once created, a
+ *  CertPolicyMap is immutable.
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ *  PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+ *      issuerDomainPolicy      CertPolicyId,
+ *      subjectDomainPolicy     CertPolicyId }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose CertPolicyMaps are to be stored.
+ *      Must be non-NULL.
+ *  "pPolicyMappings"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetPolicyMappings(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to an OID representing the issuerDomainPolicy of the
+ *  CertPolicyMap pointed to by "policyMapping" and stores it at
+ *  "pIssuerDomainPolicy".
+ *
+ *  PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+ *      issuerDomainPolicy      CertPolicyId,
+ *      subjectDomainPolicy     CertPolicyId }
+ *
+ * PARAMETERS:
+ *  "policyMapping"
+ *      Address of CertPolicyMap whose issuerDomainPolicy is to be stored.
+ *      Must be non-NULL.
+ *  "pIssuerDomainPolicy"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(
+        PKIX_PL_CertPolicyMap *policyMapping,
+        PKIX_PL_OID **pIssuerDomainPolicy,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to an OID representing the subjectDomainPolicy of the
+ *  CertPolicyMap pointed to by "policyMapping" and stores it at
+ *  "pSubjectDomainPolicy".
+ *
+ *  PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+ *      issuerDomainPolicy      CertPolicyId,
+ *      subjectDomainPolicy     CertPolicyId }
+ *
+ * PARAMETERS:
+ *  "policyMapping"
+ *      Address of CertPolicyMap whose subjectDomainPolicy is to be stored.
+ *      Must be non-NULL.
+ *  "pSubjectDomainPolicy"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(
+        PKIX_PL_CertPolicyMap *policyMapping,
+        PKIX_PL_OID **pSubjectDomainPolicy,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
+ * DESCRIPTION:
+ *
+ *  Retrieves the requireExplicitPolicy value of the policy constraints
+ *  extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
+ *  If "cert" does not have a policy constraints extension or the
+ *  requireExplicitPolicy component is not populated, this function stores -1
+ *  at "pSkipCerts".
+ *
+ *  PolicyConstraints ::= SEQUENCE {
+ *      requireExplicitPolicy   [0] SkipCerts OPTIONAL,
+ *      inhibitPolicyMapping    [1] SkipCerts OPTIONAL }
+ *
+ *  SkipCerts ::= INTEGER (0..MAX)
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose requireExplicitPolicy value is to be stored.
+ *      Must be non-NULL.
+ *  "pSkipCerts"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetRequireExplicitPolicy(
+        PKIX_PL_Cert *cert,
+        PKIX_Int32 *pSkipCerts,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
+ * DESCRIPTION:
+ *
+ *  Retrieves the inhibitPolicyMapping value of the policy constraints
+ *  extension of the Cert pointed to by "cert" and stores it at "pSkipCerts".
+ *  If "cert" does not have a policy constraints extension or the
+ *  inhibitPolicyMapping component is not populated, this function stores -1
+ *  at "pSkipCerts".
+ *
+ *  PolicyConstraints ::= SEQUENCE {
+ *      requireExplicitPolicy   [0] SkipCerts OPTIONAL,
+ *      inhibitPolicyMapping    [1] SkipCerts OPTIONAL }
+ *
+ *  SkipCerts ::= INTEGER (0..MAX)
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose requireExplicitPolicy value is to be stored.
+ *      Must be non-NULL.
+ *  "pSkipCerts"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetPolicyMappingInhibited(
+        PKIX_PL_Cert *cert,
+        PKIX_Int32 *pSkipCerts,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy
+ * DESCRIPTION:
+ *
+ *  Retrieves the value of the inhibit any-policy extension of the Cert
+ *  pointed to by "cert" and stores it at "pSkipCerts". If "cert" does not have
+ *  an inhibit any-policy extension, this function stores -1 at "pSkipCerts".
+ *
+ *  InhibitAnyPolicy ::= SkipCerts
+ *
+ *  SkipCerts ::= INTEGER (0..MAX)
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose inhibit any-policy extensions value is to be
+ *      stored. Must be non-NULL.
+ *  "pSkipCerts"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetInhibitAnyPolicy(
+        PKIX_PL_Cert *cert,
+        PKIX_Int32 *pSkipCerts,
+        void *plContext);
+
+/* policy processing functions */
+
+/*
+ * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
+ * DESCRIPTION:
+ *
+ *  Checks whether the certificate policies extension of the Cert pointed to
+ *  by "cert" is critical and stores the Boolean result at "pCritical". If
+ *  "cert" does not have a certificate policies extension, this function
+ *  stores NULL at "pCritical".
+ *
+ *  XXX what distinguishes NULL from PKIX_FALSE?
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose certificate policies extension's criticality is
+ *      to be determined. Must be non-NULL.
+ *  "pCritical"
+ *      Address where PKIX_Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_AreCertPoliciesCritical(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pCritical,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_CheckNameConstraints
+ * DESCRIPTION:
+ *
+ *  Checks whether the subject distinguished name and subject alternative names
+ *  of the Cert pointed to by "cert" satisfy the CertNameConstraints pointed
+ *  to by "nameConstraints". If the CertNameConstraints are not satisfied, a
+ *  PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function
+ *  does nothing.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose subject names are to be checked.
+ *      Must be non-NULL.
+ *  "nameConstraints"
+ *      Address of CertNameConstraints that need to be satisfied.
+ *  "treatCommonNameAsDNSName"
+ *      PKIX_TRUE if the subject common name should be considered a dNSName
+ *      when evaluating name constraints.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_CheckNameConstraints(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean treatCommonNameAsDNSName,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
+ * DESCRIPTION:
+ *
+ *  Merges the CertNameConstraints pointed to by "firstNC" and the
+ *  CertNameConstraints pointed to by "secondNC" and stores the merged
+ *  CertNameConstraints at "pResultNC". If "secondNC" is NULL, the
+ *  CertNameConstraints pointed to by "firstNC" is stored at "pResultNC".
+ *
+ *  Once created, a CertNameConstraints object is immutable.
+ *
+ * PARAMETERS:
+ *  "firstNC"
+ *      Address of first CertNameConstraints to be merged. Must be non-NULL.
+ *  "secondNC"
+ *      Address of second CertNameConstraints to be merged
+ *  "pResultNC"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_MergeNameConstraints(
+        PKIX_PL_CertNameConstraints *firstNC,
+        PKIX_PL_CertNameConstraints *secondNC,
+        PKIX_PL_CertNameConstraints **pResultNC,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage
+ * DESCRIPTION:
+ *
+ *  Verifies that the keyUsage bit(s) specified by "keyUsage" appear in the
+ *  keyUsage extension of the Cert pointed to by "cert". The keyUsage bit
+ *  values specified in pkixt.h are supported, and can be bitwise or'ed if
+ *  multiple bit values are to be verified. If the keyUsages do not all appear
+ *  in the keyUsage extension of "cert", a PKIX_Error pointer is returned.
+ *
+ *  KeyUsage ::= BIT STRING {
+ *      digitalSignature        (0),
+ *      nonRepudiation          (1),
+ *      keyEncipherment         (2),
+ *      dataEncipherment        (3),
+ *      keyAgreement            (4),
+ *      keyCertSign             (5),
+ *      cRLSign                 (6),
+ *      encipherOnly            (7),
+ *      decipherOnly            (8) }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose keyUsage bits are to be verified.
+ *      Must be non-NULL.
+ *  "keyUsage"
+ *      Constant representing keyUsage bit(s) that all must appear in keyUsage
+ *      extension of "cert".
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_VerifyKeyUsage(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 keyUsage,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType
+ * DESCRIPTION:
+ *
+ * Verifies cert and key types against certificate usage that is
+ * a part of plContext(pkix_pl_nsscontext) structure. Throws an error
+ * if cert or key types does not match.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose keyUsage bits are to be verified.
+ *      Must be non-NULL.
+ *  "isLeafCert"
+ *      What type of a cert has been verified.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_VerifyCertAndKeyType(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean isChainCert,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_CheckValidity
+ * DESCRIPTION:
+ *
+ *  Checks whether the Cert pointed to by "cert" would be valid at the time
+ *  represented by the Date pointed to by "date". If "date" is NULL, then this
+ *  function checks whether the Cert would be valid at the current time. If the
+ *  Cert would not be valid at the specified Date, a PKIX_Error pointer is
+ *  returned.
+ *
+ *  Validity ::= SEQUENCE {
+ *      notBefore       Time,
+ *      notAfter        Time }
+ *
+ *  Time ::= CHOICE {
+ *      utcTime         UTCTime,
+ *      generalTime     GeneralizedTime }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose validity is to be checked. Must be non-NULL.
+ *  "date"
+ *      Address of Date at which the Cert is being checked for validity.
+ *      If NULL, the current time is used for the Date.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_CheckValidity(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Date *date,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the Date that represents the notAfter time of the
+ *  Certificate pointed to by "cert" and stores it at "pDate".
+ *
+ *  Validity ::= SEQUENCE {
+ *      notBefore       Time,
+ *      notAfter        Time }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose validity time is to be retrieved. Must be
+ *      non-NULL.
+ *  "date"
+ *      Address of Date at which the Cert's notAfter time is being retrieved.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetValidityNotAfter(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_VerifySignature
+ * DESCRIPTION:
+ *
+ *  Verifies the signature on the Cert pointed to by "cert" using the
+ *  PublicKey pointed to by "pubKey". If the signature doesn't verify, an
+ *  Error pointer is returned.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose signature is to be verified. Must be non-NULL.
+ *  "pubKey"
+ *      Address of a Public Key used to verify the signature. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_VerifySignature(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_PublicKey *pubKey,
+        void *plContext);
+
+/* A set of flags to indicate how explicitly configured trust anchors should be
+ * handled by PKIX_PL_Cert_IsCertTrusted
+ */
+typedef enum PKIX_PL_TrustAnchorModeEnum {
+        /* Indicates trust anchors should be ignored; only the underlying
+         * platform's trust settings should be used.
+         */
+        PKIX_PL_TrustAnchorMode_Ignore,
+
+        /* Indicates that explicitly configured trust anchors may be considered
+         * trustworthy, if present.
+         * Note: If the underlying platform supports marking a certificate as
+         *       explicitly untrustworthy, explicitly configured trust anchors
+         *       MAY be ignored/rejected.
+         */
+        PKIX_PL_TrustAnchorMode_Additive,
+
+        /* Indicates that ONLY trust anchors should be considered as
+         * trustworthy.
+         * Note: If the underlying platform supports marking a certificate as
+         *       explicitly untrustworthy, explicitly configured trust anchors
+         *       MAY be ignored/rejected.
+         */
+        PKIX_PL_TrustAnchorMode_Exclusive
+} PKIX_PL_TrustAnchorMode;
+
+/*
+ * FUNCTION: PKIX_PL_Cert_IsCertTrusted
+ * DESCRIPTION:
+ *
+ *  Checks the Cert specified by "cert" to determine, in a manner that depends
+ *  on the underlying platform, whether it is trusted, and stores the result in
+ *  "pTrusted". If a certificate is trusted it means that a chain built to that
+ *  certificate, and satisfying all the usage, policy, validity, and other
+ *  tests, is a valid chain and the End Entity certificate from which it was
+ *  built can be trusted.
+ *
+ *  If the Certificate is not intrinsically trustworthy, it still might end up a
+ *  component in a successful chain.
+ *
+ *  If the Certificate is intrinsically untrustworthy, this function will return
+ *  an error. 
+ *
+ * PARAMETERS
+ *  "cert"
+ *      Address of Cert whose trustworthiness is to be determined. Must be
+ *      non-NULL.
+ *  "trustAnchorMode"
+ *      A PKIX_PL_TrustAnchorMode that indicates how explicitly defined user
+ *      trust anchors should be handled.
+ *  "pTrusted"
+ *      Address where the Boolean value will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CERT Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_IsCertTrusted(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_TrustAnchorMode trustAnchorMode,
+        PKIX_Boolean *pTrusted,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_IsLeafCertTrusted
+ * DESCRIPTION:
+ *
+ *  Checks the Leaf Cert specified by "cert" to determine, in a manner that 
+ *  depends on the underlying platform, whether it is trusted, and stores the 
+ *  result in "pTrusted". If a certificate is trusted it means that this
+ *  End Entify certificate has been marked as trusted for the requested usage,
+ *  policy, validity, and other tests.
+ *
+ *  If the Certificate is not intrinsically trustworthy, we can still try to 
+ *  build a successful chain.
+ *
+ *  If the Certificate is intrinsically untrustworthy, this function will return
+ *  an error. 
+ *
+ * PARAMETERS
+ *  "cert"
+ *      Address of Cert whose trustworthiness is to be determined. Must be
+ *      non-NULL.
+ *  "pTrusted"
+ *      Address where the Boolean value will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CERT Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_IsLeafCertTrusted(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pTrusted,
+        void *plContext);
+
+/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
+PKIX_Error*
+PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert, 
+                              void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCacheFlag
+ * DESCRIPTION:
+ *
+ *  Retrieves the value of the cache flag in "cert" and return it at address
+ *  pointed by "pCacheFlag". The initila cache flag is determined by the
+ *  CertStore this "cert" is fetched from. When CertStore is created, user
+ *  need to specify if the data should be cached.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose cache flag is fetched. Must be non-NULL.
+ *  "pCacheFlag"
+ *      Address where PKIX_Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCacheFlag(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pCacheFlag,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_SetCacheFlag
+ * DESCRIPTION:
+ *
+ *  Set the value of the cache flag in "cert" base on the boolean value stored
+ *  at "cacheFlag". This function is meant to be used by CertStore after a
+ *  Cert is created.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert where "cacheFlag" is stored. Must be non-NULL.
+ *  "cacheFlag"
+ *      PKIX_Boolean flag for cache flag.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_SetCacheFlag(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean cacheFlag,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetTrustCertStore
+ * DESCRIPTION:
+ *
+ *  Retrieves the value of the CertStore in "cert" and return it at address
+ *  pointed by "pCertStore".
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose CertStore is fetched. Must be non-NULL.
+ *  "pTrustCertStore"
+ *      Address where CertStore will be stored and returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetTrustCertStore(
+        PKIX_PL_Cert *cert,
+        PKIX_CertStore **pTrustCertStore,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Cert_SetTrustCertStore
+ * DESCRIPTION:
+ *
+ *  Set the value of the CertStore "certStore" in "cert".
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert where "certStore" will be stored. Must be non-NULL.
+ *  "trustCertStore"
+ *      Address where the CertStore is. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_SetTrustCertStore(
+        PKIX_PL_Cert *cert,
+        PKIX_CertStore *trustCertStore,
+        void *plContext);
+
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
+ * DESCRIPTION:
+ *
+ *  Retrieves the value(s) of the Authority Information Access in "cert" and
+ *  returns it in a list at address pointed by "pAuthorityInfoAccess".
+ *
+ *  SubjectInfoAccess ::=
+ *    SEQUENCE SIZE (1..MAX) of AccessDescription
+ *    AccessDescription ::= SEQUENCE {
+ *        accessMethod     OBJECT IDENTIFIER,
+ *        accessLocation   GeneralName
+ *    }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose Authority Information Access is fetched.
+ *      Must be non-NULL.
+ *  "pAuthorityInfoAccess"
+ *      Address where Authority InfoAccess will be stored and returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetAuthorityInfoAccess(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
+        void *plContext);
+
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
+ * DESCRIPTION:
+ *
+ *  Retrieves the value(s) of the Subject Information Access in "cert" and
+ *  returns it in a list at address pointed by "pSubjectInfoAccess".
+ *
+ *  SubjectInfoAccess ::=
+ *    SEQUENCE SIZE (1..MAX) of AccessDescription
+ *    AccessDescription ::= SEQUENCE {
+ *        accessMethod     OBJECT IDENTIFIER,
+ *        accessLocation   GeneralName
+ *    }
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose Subject Information Access is fetched.
+ *      Must be non-NULL.
+ *  "pSubjectInfoAccess"
+ *      Address where Subject InfoAccess will be stored and returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectInfoAccess(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
+        void *plContext);
+
+
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCrlDp
+ * DESCRIPTION:
+ *
+ *  Retrieves the value(s) of the CRL Distribution Point Extension and
+ *  returns it in a list at address pointed by "pDpList".
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose Subject Information Access is fetched.
+ *      Must be non-NULL.
+ *  "pDpList"
+ *      Address where CRL DP will be stored and returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCrlDp(PKIX_PL_Cert *cert,
+                      PKIX_List **pDpList,
+                      void *plContext);
+
+
+/*
+ * InfoAccess 
+ *
+ * To hold Authority Information Access or Subject Information Access
+ * retrieved from a Certificate.
+ */
+
+#define PKIX_INFOACCESS_OCSP          1
+#define PKIX_INFOACCESS_CA_ISSUERS    2
+#define PKIX_INFOACCESS_TIMESTAMPING  3
+#define PKIX_INFOACCESS_CA_REPOSITORY 5
+
+#define PKIX_INFOACCESS_LOCATION_UNKNOWN 0
+#define PKIX_INFOACCESS_LOCATION_HTTP    1
+#ifndef NSS_PKIX_NO_LDAP
+#define PKIX_INFOACCESS_LOCATION_LDAP    2
+#endif
+
+/*
+ * FUNCTION: PKIX_PL_InfoAccess_GetMethod
+ * DESCRIPTION:
+ *
+ *  Stores the method of the Information Access from "infoAccess" and
+ *  returns in "pMethod".
+ *
+ *  SubjectInfoAccess ::=
+ *    AccessDescription ::= SEQUENCE {
+ *        accessMethod     OBJECT IDENTIFIER,
+ *        accessLocation   GeneralName
+ *    }
+ *
+ * PARAMETERS:
+ *  "infoAccess"
+ *      Address of PKIX_PL_InfoAccess that has the access data.
+ *      Must be non-NULL.
+ *  "pMethod"
+ *      Address where access method will be stored and returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_InfoAccess_GetMethod(
+        PKIX_PL_InfoAccess *infoAccess,
+        PKIX_UInt32 *pMethod,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_InfoAccess_GetLocation
+ * DESCRIPTION:
+ *
+ *  Stores the location of the Information Access from "infoAccess" and
+ *  returns in "pLocation".
+ *
+ *  SubjectInfoAccess ::=
+ *    AccessDescription ::= SEQUENCE {
+ *        accessMethod     OBJECT IDENTIFIER,
+ *        accessLocation   GeneralName
+ *    }
+ *
+ * PARAMETERS:
+ *  "infoAccess"
+ *      Address of PKIX_PL_InfoAccess that has the access data.
+ *      Must be non-NULL.
+ *  "pLocation"
+ *      Address where access location will be stored and returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_InfoAccess_GetLocation(
+        PKIX_PL_InfoAccess *infoAccess,
+        PKIX_PL_GeneralName **pLocation,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_InfoAccess_GetLocationType
+ * DESCRIPTION:
+ *
+ *  Stores the type of location of the Information Access from "infoAccess" and
+ *  returns in "pType".
+ *
+ *  SubjectInfoAccess ::=
+ *    AccessDescription ::= SEQUENCE {
+ *        accessMethod     OBJECT IDENTIFIER,
+ *        accessLocation   GeneralName
+ *    }
+ *
+ * PARAMETERS:
+ *  "infoAccess"
+ *      Address of PKIX_PL_InfoAccess that has the access data.
+ *      Must be non-NULL.
+ *  "pType"
+ *      Address where access location type will be stored and returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_InfoAccess_GetLocationType(
+        PKIX_PL_InfoAccess *infoAccess,
+        PKIX_UInt32 *pType,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_InfoAccess_GetAIACerts(
+        PKIX_PL_InfoAccess *ia,
+        void **pNBIOContext,
+        void **pHandle,
+        PKIX_List **pCerts,
+        void *plContext);
+
+/*
+ * CRL
+ *
+ * A CRL represents an X.509 certificate revocation list. It can be created
+ * using the bytes of a valid ASN.1 DER encoding. Once created, a CRL is
+ * immutable. The following functions include accessors (gettors) for the
+ * various components of an X.509 CRL, as well as a function for signature
+ * verification.
+ */
+
+/*
+ * FUNCTION: PKIX_PL_CRL_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CRL using the bytes in the ByteArray pointed to by
+ *  "byteArray" and stores it at "pCRL". If the bytes are not a valid ASN.1
+ *  DER encoding of a CRL, a PKIX_Error pointer is returned. Once created, a
+ *  CRL is immutable.
+ *
+ *  CertificateList  ::=  SEQUENCE  {
+ *      tbsCertList             TBSCertList,
+ *      signatureAlgorithm      AlgorithmIdentifier,
+ *      signatureValue          BIT STRING  }
+ *
+ *  TBSCertList  ::=  SEQUENCE  {
+ *      version                 Version OPTIONAL,
+ *                              -- if present, MUST be v2
+ *      signature               AlgorithmIdentifier,
+ *      issuer                  Name,
+ *      thisUpdate              Time,
+ *      nextUpdate              Time OPTIONAL,
+ *      revokedCertificates     SEQUENCE OF SEQUENCE  {
+ *              userCertificate         CertificateSerialNumber,
+ *              revocationDate          Time,
+ *              crlEntryExtensions      Extensions OPTIONAL
+ *                                      -- if present, MUST be v2
+ *                              }  OPTIONAL,
+ *      crlExtensions           [0]  EXPLICIT Extensions OPTIONAL
+ *                                      -- if present, MUST be v2
+ *      }
+ *
+ * PARAMETERS:
+ *  "byteArray"
+ *      Address of ByteArray representing the CRL's DER encoding.
+ *      Must be non-NULL.
+ *  "pCRL"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_Create(
+        PKIX_PL_ByteArray *byteArray,
+        PKIX_PL_CRL **pCRL,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRL_GetIssuer
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the X500Name that represents the issuer of the CRL
+ *  pointed to by "crl" and stores it at "pCRLIssuer".
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose issuer is to be stored. Must be non-NULL.
+ *  "pCRLIssuer"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_GetIssuer(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_X500Name **pCRLIssuer,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of OIDs (each OID corresponding to a
+ *  critical extension of the CRL pointed to by "crl") and stores it at
+ *  "pExtensions". If "crl" does not have any critical extensions, this
+ *  function stores an empty List at "pExtensions".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose critical extension OIDs are to be stored.
+ *      Must be non-NULL.
+ *  "pExtensions"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_GetCriticalExtensionOIDs(
+        PKIX_PL_CRL *crl,
+        PKIX_List **pExtensions,   /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRL_GetCRLEntryForSerialNumber
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the CRLEntry (found in the CRL pointed to by "crl")
+ *  corresponding to the BigInt pointed to by "serialNumber" and stores it at
+ *  "pCRLEntry". If there is no such CRLEntry, this functions stores NULL at
+ *  "pCRLEntry". Once created, a CRLEntry is immutable.
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose CRL Entries are to be searched. Must be non-NULL.
+ *  "serialNumber"
+ *      Address of BigInt representing serial number of certificate whose
+ *      CRLEntry is to be found. Must be non-NULL.
+ *  "pCRLEntry"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_GetCRLEntryForSerialNumber(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_BigInt *serialNumber,
+        PKIX_PL_CRLEntry **pCRLEntry,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRL_GetCRLNumber
+ * DESCRIPTION:
+ *  Retrieves the CRL Number from extension. This is non-critical extension.
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose version is to be stored. Must be non-NULL.
+ *  "pCrlNumber"
+ *      Address where a CRL Number will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_GetCRLNumber(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_BigInt **pCrlNumber,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime
+ * DESCRIPTION:
+ *
+ *  Checks whether the CRL pointed to by "crl" would be valid at the time
+ *  represented by the Date pointed to by "date" and stores the Boolean result
+ *  at "pResult". This check is done only when NIST policy is enforced.
+ *
+ *  Time ::= CHOICE {
+ *      utcTime         UTCTime,
+ *      generalTime     GeneralizedTime }
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose validity is to be checked. Must be non-NULL.
+ *  "date"
+ *      Address of Date at which the CRL is being checked for validity.
+ *      Must be non-NULL.
+ *  "pResult"
+ *      Address of Boolean result. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_VerifyUpdateTime(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_Date *date,
+        PKIX_Boolean *pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRL_VerifySignature
+ * DESCRIPTION:
+ *
+ *  Verifies the signature on the CRL pointed to by "crl" using the PublicKey
+ *  pointed to by "pubKey". If the signature doesn't verify, a PKIX_Error
+ *  pointer is returned.
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose signature is to be verified. Must be non-NULL.
+ *  "pubKey"
+ *      Address of a Public Key used to verify the signature. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_VerifySignature(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_PublicKey *pubKey,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRL_ReleaseDerCrl
+ * DESCRIPTION:
+ *
+ * Relinguish the ownership for the crl der. The operation will succeed if
+ * a crl owns the der. If the crl was created from existing crl and does not
+ * own the der, then the function will return null.
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose signature is to be verified. Must be non-NULL.
+ *  "derCrl"
+ *      Pointer to a SECItem that has der crl.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl,
+                         SECItem **derCrl,
+                         void *plContext);
+/*
+ * FUNCTION: PKIX_PL_CRL_AdoptDerCrl
+ * DESCRIPTION:
+ *
+ * Adopt memory of the der. The secItem that contains der will be
+ * freed with destruction of parent pkix crl structure.
+ *
+ * * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose signature is to be verified. Must be non-NULL.
+ *  "derCrl"
+ *      Pointer to a SECItem that has der crl.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl,
+                        SECItem *derCrl,
+                        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
+ * DESCRIPTION:
+ *
+ *  Retrieves the value of the reason code extension of the CRLEntry pointed
+ *  to by "crlEntry" and stores it at "pReason". If the "crlEntry" has no
+ *  reason code extension, this function stores -1 at "pReason".
+ *
+ *  CRLReason ::= ENUMERATED {
+ *      unspecified             (0),
+ *      keyCompromise           (1),
+ *      cACompromise            (2),
+ *      affiliationChanged      (3),
+ *      superseded              (4),
+ *      cessationOfOperation    (5),
+ *      certificateHold         (6),
+ *      removeFromCRL           (8),
+ *      privilegeWithdrawn      (9),
+ *      aACompromise            (10) }
+ *
+ * PARAMETERS:
+ *  "crlEntry"
+ *      Address of CRLEntry whose reason code bit values are to be returned
+ *      at "pReason". Must be non-NULL.
+ *  "pReason"
+ *      Address of PKIX_Int32 where reason code is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRLEntry_GetCRLEntryReasonCode(
+        PKIX_PL_CRLEntry *crlEntry,
+        PKIX_Int32 *pReason,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of OIDs (each OID corresponding to a
+ *  critical extension of the CRLEntry pointed to by "crlEntry") and stores it
+ *  at "pExtensions". If "crlEntry" does not have any critical extensions, this
+ *  function stores an empty List at "pExtensions".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "crlEntry"
+ *      Address of CRLEntry whose critical extension OIDs are to be stored.
+ *      Must be non-NULL.
+ *  "pExtensions"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CRLEntry_GetCriticalExtensionOIDs(
+        PKIX_PL_CRLEntry *crlEntry,
+        PKIX_List **pExtensions,  /* list of PKIX_PL_OID */
+        void *plContext);
+
+#ifdef BUILD_LIBPKIX_TESTS
+/*
+ * FUNCTION: PKIX_PL_X500Name_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new X500Name using the UTF8 string representation pointed to by
+ *  "stringRep" and stores it at "pName". Once created, an X500Name is
+ *  immutable.
+ *
+ *  Name ::= CHOICE {
+ *    RDNSequence }
+ *
+ *  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ *
+ *  RelativeDistinguishedName ::=
+ *    SET OF AttributeTypeAndValue
+ *
+ *  AttributeTypeAndValue ::= SEQUENCE {
+ *      type    AttributeType,
+ *      value   AttributeValue }
+ *
+ *  AttributeType ::= OBJECT IDENTIFIER
+ *
+ *  AttributeValue ::= ANY DEFINED BY AttributeType
+ *
+ *  DirectoryString ::= CHOICE {
+ *      teletexString           TeletexString (SIZE (1..MAX)),
+ *      printableString         PrintableString (SIZE (1..MAX)),
+ *      universalString         UniversalString (SIZE (1..MAX)),
+ *      utf8String              UTF8String (SIZE (1..MAX)),
+ *      bmpString               BMPString (SIZE (1..MAX)) }
+ *
+ * PARAMETERS:
+ *  "stringRep"
+ *      Address of UTF8 String representation of X500Name. Must be non-NULL.
+ *  "pName"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an X500Name Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_X500Name_Create (
+        PKIX_PL_String *stringRep,
+        PKIX_PL_X500Name **pName,
+        void *plContext);
+
+#endif /* BUILD_LIBPKIX_TESTS */
+
+/*
+ * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName
+ * DESCRIPTION:
+ * 
+ * The function creates x500Name using der encoded DN and/or pointer to
+ * CERTName. If arument "name" is NULL, but derName is supplied when
+ * the function generates nssDN(CERTName type) from der data. If derName
+ * is not supplied, CERTName *name will not be used to generate DN DER
+ * encoding.
+ *
+ * PARAMETERS:
+ *  "derName"
+ *      Address of DER representation of X500Name. Can be NULL
+ *  "name"
+ *      Address of CERTName representation of X500Name. Can be NULL
+ *  "pName"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an X500Name Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_X500Name_CreateFromCERTName(
+        SECItem *derName,
+        CERTName *name,
+        PKIX_PL_X500Name **pName,
+        void *plContext);
+
+
+/*
+ * TYPE: PKIX_PL_X500Name_Match
+ * DESCRIPTION:
+ *  Checks whether the X500Name pointed to by "firstX500Name" MATCHES the
+ *  X500Name pointed to by "secondX500Name" and stores the boolean result at
+ *  "pResult". Two X500Names MATCH if they meet the conditions specified by
+ *  RFC 3280 (section 4.1.2.4). Namely:
+ *
+ *      "This specification requires only a subset of the name comparison
+ *      functionality specified in the X.500 series of specifications.
+ *      Conforming implementations are REQUIRED to implement the following
+ *      name comparison rules:
+ *
+ *      (a)  attribute values encoded in different types (e.g., PrintableString
+ *      and BMPString) MAY be assumed to represent different strings;
+ *
+ *      (b) attribute values in types other than PrintableString are case
+ *      sensitive (this permits matching of attribute values as binary objects)
+ *
+ *      (c)  attribute values in PrintableString are not case sensitive
+ *      (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and
+ *
+ *      (d)  attribute values in PrintableString are compared after removing
+ *      leading and trailing white space and converting internal substrings of
+ *      one or more consecutive white space characters to a single space."
+ *
+ * PARAMETERS:
+ *  "firstX500Name"
+ *      Address of first X500Name to compare. Must be non-NULL.
+ *  "secondX500Name"
+ *      Address of second X500Name to compare. Must be non-NULL.
+ *  "pResult"
+ *      Address of Boolean result. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an X500Name Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_X500Name_Match(
+        PKIX_PL_X500Name *firstX500Name,
+        PKIX_PL_X500Name *secondX500Name,
+        PKIX_Boolean *pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Date_Create_UTCTime
+ * DESCRIPTION:
+ *  Creates a new Date of type UTCTime using the string representation pointed
+ *  to by "stringRep" and stores it at "pDate". The UTCTime restriction means
+ *  that the year can only be specified by the least significant two digits
+ *  (YY). As such, Only the years 1950-2049 can be represented. If "stringRep"
+ *  is NULL, this function creates a new Date representing the current time
+ *  and stores it at "pDate". Once created, a Date is immutable.
+ *
+ *  If YY is greater than or equal to 50, the year is interpreted as 19YY.
+ *  If YY is less than 50, the year is interpreted as 20YY.
+ *
+ *  The string representation of the date must be in the following form:
+ *      "YYMMDDhhmmssZ" where:
+ *
+ *  YY is the least significant two digits of the year
+ *  MM is the month (01 to 12)
+ *  DD is the day (01 to 31)
+ *  hh is the hour (00 to 23)
+ *  mm are the minutes (00 to 59)
+ *  ss are the seconds (00 to 59)
+ *  Z indicates that local time is GMT
+ *
+ * PARAMETERS:
+ *  "stringRep"
+ *      Address of String representation of Date.
+ *      If NULL, current time is used.
+ *  "pDate"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Date Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Date_Create_UTCTime (
+        PKIX_PL_String *stringRep,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Date_Create_UTCTime
+ * DESCRIPTION:
+ *  Creates a new Date from PRTime data.
+ *
+ * PARAMETERS:
+ *  "time"
+ *      Represented time in PRTime type.
+ *  "pDate"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Date Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Date_CreateFromPRTime(
+        PRTime time,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
+ * DESCRIPTION:
+ *  Creates a new Date of type UTCTime for current time with seconds off by
+ *  "secondsOffset" and returns it at "pDate".
+ *
+ * PARAMETERS:
+ *  "secondsOffset"
+ *      A PKIX_Int32 indicates the time offset from current. If "secondsOffset"
+ *      is negative, the time is in past.
+ *  "pDate"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Date Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Date_Create_CurrentOffBySeconds(
+        PKIX_Int32 secondsOffset,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+#ifdef BUILD_LIBPKIX_TESTS
+/*
+ * FUNCTION: PKIX_PL_GeneralName_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new GeneralName of type "nameType" using the string
+ *  representation pointed to by "stringRep" and stores it at "pGName".
+ *  All of the GeneralName type format values specified in pkixt.h are
+ *  supported, with the exception of PKIX_OTHER_NAME, PKIX_EDIPARTY_NAME,
+ *  PKIX_IP_NAME, and PKIX_X400_ADDRESS. A PKIX_ESCASCII string representation
+ *  should be used for all supported nameTypes, with the exception of
+ *  registeredID and directoryName. For registeredID, the string representation
+ *  should be the same as that used by PKIX_PL_OID_Create. For directoryName,
+ *  the string representation should be the same as that used by
+ *  PKIX_PL_X500Name_Create. If an unsupported name type is used, an Error is
+ *  returned. Once created, a GeneralName is immutable.
+ *
+ *  GeneralName ::= CHOICE {
+ *      otherName                       [0]     OtherName,
+ *      rfc822Name                      [1]     IA5String,
+ *      dNSName                         [2]     IA5String,
+ *      x400Address                     [3]     ORAddress,
+ *      directoryName                   [4]     Name,
+ *      ediPartyName                    [5]     EDIPartyName,
+ *      uniformResourceIdentifier       [6]     IA5String,
+ *      iPAddress                       [7]     OCTET STRING,
+ *      registeredID                    [8]     OBJECT IDENTIFIER }
+ *
+ *
+ * NOTE: This function is allowed to be called only by pkix tests programs.
+ * 
+ * PARAMETERS:
+ *  "nameType"
+ *      Type of GeneralName to be created. This must be one of the GeneralName
+ *      type format values specified in pkixt.h
+ *  "stringRep"
+ *      Address of String representation of GeneralName. Must be non-NULL.
+ *  "pGName"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a GeneralName Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_GeneralName_Create (
+        PKIX_UInt32 nameType,
+        PKIX_PL_String *stringRep,
+        PKIX_PL_GeneralName **pGName,
+        void *plContext);
+#endif /* BUILD_LIBPKIX_TESTS */
+
+/*
+ * FUNCTION: PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
+ * DESCRIPTION:
+ *
+ *  This function checks whether names in "nameList" comply with
+ *  "nameConstraints". It stores PKIX_TRUE at "pCheckPass" if the names meet the
+ *  requirement of the NameConstraints, PKIX_FALSE otherwise.
+ *
+ * PARAMETERS
+ *  "nameList"
+ *      List of GeneralNames that are checked for compliance. May be empty
+ *      or NULL.
+ *  "nameConstraints"
+ *      Address of CertNameConstraints that provides lists of permitted
+ *      and excluded names. Must be non-NULL.
+ *  "pCheckPass"
+ *      Address where PKIX_TRUE is returned if the all names in "nameList" are
+ *      valid. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a
+ *  non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
+        PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean *pCheckPass,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_AIAMgr_Create
+ * DESCRIPTION:
+ *
+ *  This function creates an AIAMgr to handle retrieval of Certs and CRLs
+ *  from servers given by AIA Certificate extensions. It manages connections
+ *  and caches. The manager created is stored at "pAIAMgr".
+ *
+ * PARAMETERS:
+ *  "pAIAMgr"
+ *      The address at which the result is stored. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an AIAMgr Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_AIAMgr_Create(
+        PKIX_PL_AIAMgr **pAIAMgr,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts
+ * DESCRIPTION:
+ *
+ *  This function uses the AIAMgr pointed to by "aiaMgr" to retrieve the Certs
+ *  specified by an AIA certificate extension, if any, in the Cert pointed to by
+ *  "prevCert", storing the results at "pCerts". If the certificate has no such
+ *  extension, this function stores NULL at "pCerts".
+ *
+ *  If the request is suspended for non-blocking I/O, a platform-dependent
+ *  context is stored at "pNBIOContext" and NULL is stored at "pCerts". This
+ *  return is referred to as the WOULDBLOCK state. Note that the caller must
+ *  check for a non-NULL value at "pNBIOContext", to distinguish this state from
+ *  the "no such extension" return described in the first paragraph. (The
+ *  alternative would be to return an empty List, but it seemed wrong to incur
+ *  the overhead of creating and destroying an empty List for the most common
+ *  situation.)
+ *
+ *  After a WOULDBLOCK return, the user may continue the operation by calling
+ *  pkix_AIAMgr_GetAIACerts (possibly more than once, if the function again
+ *  returns in the WOULDBLOCK state) with the previously-returned non-NULL
+ *  value of "pNBIOContext". When results are complete, NULL is stored at
+ *  "pNBIOContext", and the results (which may be NULL) are stored at "pCerts".
+ *
+ * PARAMETERS:
+ *  "aiaMgr"
+ *      The AIAMgr which controls the retrieval of certificates. Must be
+ *      non-NULL.
+ *  "prevCert"
+ *      Address of PKIX_PL_Cert which may provide an AIA or SIA extension. Must
+ *      be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which platform-dependent information is returned if request
+ *      is suspended for non-blocking I/O. Must be non-NULL.
+ *  "pCerts"
+ *      Address at which the returned List is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an AIAMgr Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_AIAMgr_GetAIACerts(
+        PKIX_PL_AIAMgr *aiaMgr,
+        PKIX_PL_Cert *prevCert,
+        void **pNBIOContext,
+        PKIX_List **pCerts,
+        void *plContext);
+
+typedef PKIX_Error *
+(*PKIX_PL_VerifyCallback)(
+        PKIX_PL_Object *signedObject,
+        PKIX_PL_Cert *signerCert, /* can be unknown */
+        PKIX_PL_Date *producedAt,
+        PKIX_ProcessingParams *procParams,
+        void **pNBIOContext,
+        void **pState,
+        PKIX_BuildResult **pBuildResult,
+        PKIX_VerifyNode **pVerifyTree,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_PKI_H */
diff --git a/nss/lib/libpkix/include/pkix_pl_system.h b/nss/lib/libpkix/include/pkix_pl_system.h
new file mode 100755
index 0000000..57d5df7
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_pl_system.h
@@ -0,0 +1,1545 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines several platform independent functions to make system
+ * calls in a portable manner.
+ *
+ */
+
+#ifndef _PKIX_PL_SYSTEM_H
+#define _PKIX_PL_SYSTEM_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/*
+ * FUNCTION: PKIX_PL_Initialize
+ * DESCRIPTION:
+ *
+ *  XXX If this function is really only meant to be used by PKIX_Initialize,
+ *  why don't we just put it in a private header file rather than the public
+ *  API. I think it may confuse users.
+ *
+ *  This function should NOT be called by applications. It is only meant to
+ *  be used internally. The application needs only to call PKIX_Initialize,
+ *  which in turn will call this function.
+ *
+ *  This function initializes data structures critical to the operation of
+ *  libpkix. If initialization is not successful, an Error pointer is
+ *  returned. This function should only be called once. If it is called more
+ *  than once, the behavior is undefined.
+ *
+ *  No PKIX_* types and functions should be used before this function is
+ *  called and returns successfully.
+ *
+ * PARAMETERS:
+ *  "platformInitNeeded"
+ *      Boolean indicating whether platform initialization is to be called
+ *  "useArenas"
+ *      Boolean indicating whether allocation is to be done using arenas or
+ *      individual allocation (malloc).
+ *  "pPlContext"
+ *      Address at which platform-specific context pointer is stored. Must be
+ *      non-NULL.
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ *
+ *  This function assumes that no other thread is calling this function while
+ *  it is executing.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Initialize(
+        PKIX_Boolean platformInitNeeded,
+        PKIX_Boolean useArenas,
+        void **pPlContext);
+
+/*
+ * FUNCTION: PKIX_PL_Shutdown
+ * DESCRIPTION:
+ *
+ *  XXX If this function is really only meant to be used by PKIX_Shutdown,
+ *  why don't we just put it in a private header file rather than the public
+ *  API. I think it may confuse users.
+ *
+ *  This function should NOT be called by applications. It is only meant to
+ *  be used internally. The application needs only to call PKIX_Shutdown,
+ *  which in turn will call this function.
+ *
+ *  This function deallocates any memory used by the Portability Layer (PL)
+ *  component of the libpkix library and shuts down any ongoing operations.
+ *  This function should only be called once. If it is called more than once,
+ *  the behavior is undefined.
+ *
+ *  No PKIX_* types and functions should be used after this function is called
+ *  and returns successfully.
+ *
+ * PARAMETERS:
+ *  "platformInitNeeded"
+ *      Boolean value of whether PKIX initialized NSS: PKIX_TRUE if we
+ *      called nssInit, PKIX_FALSE otherwise
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ *
+ *  This function makes use of global variables and should only be called once.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Shutdown(void *plContext);
+
+/* standard memory management operations (not reference-counted) */
+
+/*
+ * FUNCTION: PKIX_PL_Malloc
+ * DESCRIPTION:
+ *
+ *  Allocates a block of "size" bytes. The bytes are not initialized. A
+ *  pointer to the newly allocated memory will be stored at "pMemory". The
+ *  memory allocated by PKIX_PL_Malloc() may only be freed by PKIX_PL_Free().
+ *  If "size" equals zero, this function stores NULL at "pMemory".
+ *
+ * PARAMETERS:
+ *  "size"
+ *      Number of bytes to allocate.
+ *  "pMemory"
+ *      Address where newly allocated pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on underlying thread safety of platform used by PL.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Malloc(
+        PKIX_UInt32 size,
+        void **pMemory,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Calloc
+ * DESCRIPTION:
+ *
+ *  Allocates memory for an array of "nElem" elements, with each element
+ *  requiring "elSize" bytes, and with all the bits initialized to zero. A
+ *  pointer to the newly allocated memory will be stored at "pMemory". The
+ *  memory allocated by PKIX_PL_Calloc() may only be freed by PKIX_PL_Free().
+ *  If "nElem" equals zero or "elSize" equals zero, this function stores NULL
+ *  at "pMemory".
+ *
+ * PARAMETERS:
+ *  "nElem"
+ *      Number of elements needed.
+ *  "elSize"
+ *      Number of bytes needed per element.
+ *  "pMemory"
+ *      Address where newly allocated pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on underlying thread safety of platform used by PL.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Calloc(
+        PKIX_UInt32 nElem,
+        PKIX_UInt32 elSize,
+        void **pMemory,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Realloc
+ * DESCRIPTION:
+ *
+ *  Resizes an existing block of memory (pointed to by "ptr") to "size" bytes.
+ *  Stores a pointer to the resized memory at "pNewPtr". The "ptr" must
+ *  originate from either PKIX_PL_Malloc(), PKIX_PL_Realloc(), or
+ *  PKIX_PL_Calloc(). If "ptr" is NULL, this function behaves as if
+ *  PKIX_PL_Malloc were called. If "ptr" is not NULL and "size" equals zero,
+ *  the memory pointed to by "ptr" is deallocated and this function stores
+ *  NULL at "pPtr".
+ *
+ * PARAMETERS:
+ *  "ptr"
+ *      A pointer to an existing block of memory.
+ *  "size"
+ *      New size in bytes.
+ *  "pPtr"
+ *      Address where newly allocated pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on underlying thread safety of platform used by PL.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Realloc(
+        void *ptr,
+        PKIX_UInt32 size,
+        void **pNewPtr,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Free
+ * DESCRIPTION:
+ *
+ *  Frees a block of memory pointed to by "ptr". This value must originate with
+ *  either PKIX_PL_Malloc(), PKIX_PL_Calloc, or PKIX_PL_Realloc(). If "ptr" is
+ *  NULL, the function has no effect.
+ *
+ * PARAMETERS:
+ *  "ptr"
+ *      A pointer to an existing block of memory.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on underlying thread safety of platform used by PL.
+ * RETURNS:
+ *  Returns NULL always.
+ */
+PKIX_Error *
+PKIX_PL_Free(
+        void *ptr,
+        void *plContext);
+
+/* Callback Types
+ *
+ * The next few typedefs define function pointer types for the standard
+ * functions associated with every object type. See the Implementation
+ * Guidelines or the comments below for more information.
+ */
+
+/*
+ * TYPE: PKIX_PL_DestructorCallback
+ * DESCRIPTION:
+ *
+ *  This callback function destroys (or DecRef's) any pointers contained in
+ *  the user data for the Object pointed to by "object" before the Object is
+ *  destroyed.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object to destroy. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts (as long as they're not operating on the same
+ *  object and nobody else is performing an operation on the object at the
+ *  same time). Both of these conditions should be guaranteed by the fact that
+ *  the object's ref count was reduced to 0 in a lock that's still held when
+ *  this callback is called.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_PL_DestructorCallback)(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+/*
+ * TYPE: PKIX_PL_EqualsCallback
+ * DESCRIPTION:
+ *
+ *  This callback function compares the Object pointed to by "firstObject" with
+ *  the Object pointed to by "secondObject" for equality and stores the result
+ *  at "pResult" (PKIX_TRUE if equal; PKIX_FALSE if not).
+ *
+ * PARAMETERS:
+ *  "firstObject"
+ *      Address of first object to compare. Must be non-NULL.
+ *  "secondObject"
+ *      Address of second object to compare. Must be non-NULL.
+ *  "pResult"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_PL_EqualsCallback)(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext);
+
+/*
+ * TYPE: PKIX_PL_HashcodeCallback
+ * DESCRIPTION:
+ *
+ *  This callback function computes the hashcode of the Object pointed to by
+ *  "object" and stores the result at "pValue".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose hashcode is desired. Must be non-NULL.
+ *  "pValue"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_PL_HashcodeCallback)(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pValue,
+        void *plContext);
+
+/*
+ * TYPE: PKIX_PL_ToStringCallback
+ * DESCRIPTION:
+ *
+ *  This callback function converts the Object pointed to by "object" to a
+ *  string representation and stores the result at "pString".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Object to get a string representation from. Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_PL_ToStringCallback)(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+/*
+ * TYPE: PKIX_PL_ComparatorCallback
+ * DESCRIPTION:
+ *
+ *  This callback function determines how the Object pointed to by
+ *  "firstObject" compares to the Object pointed to by "secondObject" and
+ *  stores the result at "pResult".
+ *
+ *  Result is less than 0 if firstObject < secondObject
+ *  Result equals 0 if firstObject = secondObject
+ *  Result is greater than 0 if firstObject > secondObject
+ *
+ * PARAMETERS:
+ *  "firstObject"
+ *      Address of the first Object to compare. Must be non-NULL.
+ *  "secondObject"
+ *      Address of the second Object to compare. Must be non-NULL.
+ *  "pResult"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_PL_ComparatorCallback)(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext);
+
+/*
+ * TYPE: PKIX_PL_DuplicateCallback
+ * DESCRIPTION:
+ *
+ *  This callback function creates a copy of the Object pointed to by "object"
+ *  and stores it at "pNewObject". Changes to the copy will not affect the
+ *  original and vice versa.
+ *
+ *  Note that if "object" is immutable, the Duplicate callback function simply
+ *  needs to increment the reference count on "object" and return a reference
+ *  to "object".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of the object to be copied. Must be non-NULL.
+ *  "pNewObject"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_PL_DuplicateCallback)(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext);
+
+/* reference-counted objects */
+
+/*
+ * FUNCTION: PKIX_PL_Object_Alloc
+ * DESCRIPTION:
+ *
+ *  Allocates a new Object of type "type" with "size" bytes and stores the
+ *  resulting pointer at "pObject". The reference count of the newly
+ *  allocated object will be initialized to 1. To improve performance, each
+ *  object maintains a small cache for the results of Hashcode and ToString.
+ *  Mutable objects should call InvalidateCache whenever changes are made to
+ *  the object's state (after creation). If an error occurs during allocation,
+ *  "pObject" will be set to NULL. If "size" equals zero, this function creates
+ *  an Object with a reference count of 1, and places a pointer to unallocated
+ *  memory at "pMemory".
+ *
+ * PARAMETERS:
+ *  "type"
+ *      The type code of this object. See pkixt.h for codes. The type code
+ *      must be previously registered with PKIX_PL_Object_RegisterType().
+ *  "size"
+ *      The number of bytes needed for this object.
+ *  "pMemory"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_Alloc(
+        PKIX_TYPENUM type,
+        PKIX_UInt32 size,
+        PKIX_PL_Object **pObject,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_IsTypeRegistered
+ * DESCRIPTION:
+ *
+ *  Checks whether "type" has been registered by a previous call to
+ *  PKIX_PL_Object_RegisterType() and stores the Boolean result at "pBool".
+ *  This function will typically only be called by constructors for specific
+ *  types.
+ *
+ * PARAMETERS:
+ *  "type"
+ *      The type code to check if valid.
+ *  "pBool"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_IsTypeRegistered(
+        PKIX_UInt32 type,
+        PKIX_Boolean *pBool,
+        void *plContext);
+
+#ifdef PKIX_USER_OBJECT_TYPE
+/*
+ * FUNCTION: PKIX_PL_Object_RegisterType
+ * DESCRIPTION:
+ *
+ *  Registers a new Object with type value "type" and associates it with a set
+ *  of functions ("destructor", "equalsFunction", "hashcodeFunction",
+ *  "toStringFunction", "comparator", "duplicateFunction"). The new type value
+ *  is also associated with a string pointed to by "description", which is used
+ *  by the default ToStringCallback. This function may only be called with a
+ *  particular "type" value once. If "destructor", "equalsFunction",
+ *  "hashcodeFunction", or "toStringFunction" are NULL, default functions will
+ *  be registered. However, if "comparator" and "duplicateFunction" are NULL,
+ *  no functions will be registered and calls to PKIX_PL_Object_Compare and
+ *  PKIX_PL_Object_Duplicate will result in an error.
+ *
+ * PARAMETERS:
+ *  "type"
+ *      The type code.
+ *  "description"
+ *      The string used by the default ToStringCallback. Default used if NULL.
+ *  "destructor"
+ *      The DestructorCallback function to be set. Default used if NULL.
+ *  "equalsFunction"
+ *      The EqualsCallback function to be set. Default used if NULL.
+ *  "hashcodeFunction"
+ *      The HashcodeCallback function to be set. Default used if NULL.

+ *  "toStringFunction"
+ *      The ToStringCallback function to be set. Default used if NULL.
+ *  "comparator"
+ *      The ComparatorCallback function to be set. None set if NULL. If no
+ *      callback function is set in this field, calls to
+ *      PKIX_PL_Object_Compare() will result in an error.
+ *  "duplicateFunction"
+ *      The DuplicateCallback function to be set. None set if NULL. If no
+ *      callback function is set in this field, calls to
+ *      PKIX_PL_Object_Duplicate() will result in an error.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if "type" is already registered.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_RegisterType(
+        PKIX_UInt32 type,
+        char *description,
+        PKIX_PL_DestructorCallback destructor,
+        PKIX_PL_EqualsCallback equalsFunction,
+        PKIX_PL_HashcodeCallback hashcodeFunction,
+        PKIX_PL_ToStringCallback toStringFunction,
+        PKIX_PL_ComparatorCallback comparator,
+        PKIX_PL_DuplicateCallback duplicateFunction,
+        void *plContext);
+
+#endif
+/*
+ * FUNCTION: PKIX_PL_Object_InvalidateCache
+ * DESCRIPTION:
+ *
+ *  Invalidates the cache of the Object pointed to by "object". The cache
+ *  contains results of Hashcode and ToString. This function should be used by
+ *  mutable objects whenever changes are made to the Object's state (after
+ *  creation).
+ *
+ *  For example, if ToString is called on a mutable Object, the result will be
+ *  computed, cached, and returned. If the Object's state does not change, a
+ *  subsequent call to ToString will recognize that the relevant result is
+ *  cached and will simply return the result (without calling the Object's
+ *  ToStringCallback to recompute it). However, when the Object's state
+ *  changes, the cache needs to be invalidated in order to force a subsequent
+ *  call to ToString to recompute the result.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose cache is to be invalidated. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY
+ *  Thread Safe - Object Type Table is locked during modification.
+ *
+ *  Multiple threads can safely call this function without worrying about
+ *  conflicts, even if they're operating on the same object.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_InvalidateCache(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_IncRef
+ * DESCRIPTION:
+ *
+ *  Increments the reference count of the Object pointed to by "object".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose reference count is to be incremented.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_IncRef(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_DecRef
+ * DESCRIPTION:
+ *
+ *  Decrements the reference count of the Object pointed to by "object". If the
+ *  resulting reference count is zero, the destructor (if any) registered for
+ *  the Object's type (by PKIX_PL_RegisterType) will be called and then the
+ *  Object will be destroyed.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose reference count is to be decremented.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  If destructor is not called, multiple threads can safely call this function
+ *  without worrying about conflicts, even if they're operating on the same
+ *  object. If destructor is called, thread safety depends on the callback
+ *  defined by PKIX_PL_RegisterType().
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_DecRef(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_Equals
+ * DESCRIPTION:
+ *
+ *  Compares the Object pointed to by "firstObject" with the Object pointed to
+ *  by "secondObject" for equality using the callback function registered for
+ *  "firstObject"'s type, and stores the Boolean result at "pResult". While
+ *  typical callbacks will return PKIX_FALSE if the objects are of different
+ *  types, other callbacks may be capable of comparing objects of different
+ *  types [which may correctly result in cases where Equals(first, second)
+ *  differs from Equals(second, first)].
+ *
+ * PARAMETERS:
+ *  "firstObject"
+ *      Address of the first Object to compare. Must be non-NULL.
+ *      The EqualsCallback for this Object will be called.
+ *  "secondObject"
+ *      Address of the second Object to compare. Must be non-NULL.
+ *  "pResult"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on the callback defined by PKIX_PL_RegisterType().
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_Hashcode
+ * DESCRIPTION:
+ *
+ *  Computes a hashcode of the Object pointed to by "object" using the
+ *  callback registered for "object"'s type and stores it at "pValue". Two
+ *  objects which are equal should have the same hashcode. Once a call to
+ *  Hashcode has been made, the results are cached and subsequent calls to
+ *  Hashcode will return the cached value. For mutable objects, an
+ *  InvalidateCache function is provided, which should be called whenever
+ *  changes are made to the object's state (after creation).
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of the Object whose hashcode is desired. Must be non-NULL.
+ *      The HashcodeCallback for this object will be called.
+ *  "pValue"
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread safety depends on the callback defined by PKIX_PL_RegisterType().
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pValue,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_ToString
+ * DESCRIPTION:
+ *
+ *  Creates a string representation of the Object pointed to by "object" using
+ *  the callback registered for "object"'s type and stores it at "pString".
+ *  Once a call to ToString has been made, the results are cached and
+ *  subsequent calls to ToString will return the cached value. For mutable
+ *  objects, an InvalidateCache function is provided, which should be called
+ *  whenever changes are made to the object's state (after creation).
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose string representation is desired.
+ *      Must be non-NULL. The ToStringCallback for this object will be called.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on the callback defined by PKIX_PL_RegisterType().
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_Compare
+ * DESCRIPTION:
+ *
+ *  Compares the Object pointed to by "firstObject" and the Object pointed to
+ *  by "secondObject" using the comparator registered for "firstObject"'s type
+ *  and stores the result at "pResult". Different types may be compared. This
+ *  may correctly result in cases where Compare(first, second) is not the
+ *  opposite of Compare(second, first). The PKIX_Int32 value stored at
+ *  "pResult" will be:
+ *   Less than 0 if "firstObject" < "secondObject"
+ *   Equals to 0 if "firstObject" = "secondObject"
+ *   Greater than 0 if "firstObject" > "secondObject"
+ *
+ * PARAMETERS:
+ *  "firstObject"
+ *      Address of first Object to compare. Must be non-NULL.
+ *      The ComparatorCallback for this object will be called.
+ *  "secondObject"
+ *      Address of second object to compare. Must be non-NULL.
+ *  "pResult
+ *      Address where PKIX_Int32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on the comparator defined by PKIX_PL_RegisterType().
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_Compare(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_Duplicate
+ * DESCRIPTION:
+ *
+ *  Creates a duplicate copy of the Object pointed to by "object" using the
+ *  callback registered for "object"'s type and stores the copy at
+ *  "pNewObject". Changes to the new object will not affect the original and
+ *  vice versa.
+ *
+ *  Note that if "object" is immutable, the Duplicate callback function simply
+ *  needs to increment the reference count on "object" and return a reference
+ *  to "object".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object to be duplicated. Must be non-NULL.
+ *      The DuplicateCallback for this Object will be called.
+ *  "pNewObject"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread safety depends on the callback defined by PKIX_PL_RegisterType().
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_GetType
+ * DESCRIPTION:
+ *
+ *  Retrieves the type code of the Object pointed to by "object" and stores it
+ *  at "pType". See pkixt.h for type codes.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose type is desired. Must be non-NULL.
+ *  "pType"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_GetType(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pType,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_Lock
+ * DESCRIPTION:
+ *
+ *  Locks the Mutex associated with the Object pointed to by "object". When an
+ *  object is created, it is associated with an object-specific Mutex to allow
+ *  for synchronization when the fields of the object are modified.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose Mutex is to be locked. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_Lock(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Object_Unlock
+ * DESCRIPTION:
+ *
+ *  Unlocks the Mutex associated with the Object pointed to by "object". When
+ *  an object is created, it is associated with an object-specific Mutex to
+ *  allow for synchronization when the fields of the object are modified.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose Mutex is to be unlocked. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Object_Unlock(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+/* mutexes (locks) */
+
+/*
+ * FUNCTION: PKIX_PL_Mutex_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new Mutex and stores it at "pNewLock".
+ *
+ * PARAMETERS:
+ *  "pNewLock"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Mutex_Create(
+        PKIX_PL_Mutex **pNewLock,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Mutex_Lock
+ * DESCRIPTION:
+ *
+ *  Locks the Mutex pointed to by "lock". If the Mutex is already locked, this
+ *  function will block the current thread until the mutex can be locked by
+ *  this thread.
+ *
+ * PARAMETERS:
+ *  "lock"
+ *      Address of Mutex to lock. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Mutex_Lock(
+        PKIX_PL_Mutex *lock,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Mutex_Unlock
+ * DESCRIPTION:
+ *
+ *  Unlocks the Mutex pointed to by "lock" if the current thread holds the
+ *  Mutex.
+ *
+ * PARAMETERS:
+ *  "lock"
+ *      Address of Mutex to unlock. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Mutex_Unlock(
+        PKIX_PL_Mutex *lock,
+        void *plContext);
+
+/* monitor (locks) */
+
+/*
+ * FUNCTION: PKIX_PL_MonitorLock_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new PKIX_PL_MonitorLock and stores it at "pNewLock".
+ *
+ * PARAMETERS:
+ *  "pNewLock"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_MonitorLock_Create(
+        PKIX_PL_MonitorLock **pNewLock,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_MonitorLock_Enter
+ * DESCRIPTION:
+ *
+ *  Locks the MonitorLock pointed to by "lock". If the MonitorLock is already
+ *  locked by other thread, this function will block the current thread. If
+ *  the "lock" had been locked by current thread, this function will NOT block.
+ *
+ * PARAMETERS:
+ *  "lock"
+ *      Address of MonitorLock to lock. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_MonitorLock_Enter(
+        PKIX_PL_MonitorLock *lock,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_MonitorLock_Exit
+ * DESCRIPTION:
+ *
+ *  Unlocks the MonitorLock pointed to by "lock" if the lock counter of 
+ *  current thread holds the MonitorLock reach 0, the lock is released.
+ *
+ * PARAMETERS:
+ *  "lock"
+ *      Address of MonitorLock to unlock. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_MonitorLock_Exit(
+        PKIX_PL_MonitorLock *lock,
+        void *plContext);
+
+/* strings and formatted printing */
+
+/*
+ * FUNCTION: PKIX_PL_String_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new String using the data pointed to by "pString", the
+ *  PKIX_UInt32 pointed to by "stringLen", and the PKIX_UInt32 pointed to by
+ *  "fmtIndicator" and stores it at "pString". If the format is PKIX_ESCASCII
+ *  the "stringLen" parameter is ignored and the string extends until a zero
+ *  byte is  found. Once created, a String object is immutable.
+ *
+ *  Valid formats are:
+ *      PKIX_ESCASCII
+ *      PKIX_ESCASCII_DEBUG
+ *      PKIX_UTF8
+ *      PKIX_UTF8_NULL_TERM
+ *      PKIX_UTF16
+ *
+ * PARAMETERS:
+ *  "fmtIndicator"
+ *      Format that "stringRep" is encoded with. Must be non-NULL.
+ *  "stringRep"
+ *      Address of encoded string representation. Must be non-NULL.
+ *  "stringLen"
+ *      Length of data stored at stringRep.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_String_Create(
+        PKIX_UInt32 fmtIndicator,
+        const void *stringRep,
+        PKIX_UInt32 stringLen,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_Sprintf
+ * DESCRIPTION:
+ *
+ *  Creates a formatted string at "pOut" using the given format "fmt" and a
+ *  variable length list of arguments. The format flags are identical to
+ *  standard C with the exception that %s expects a PKIX_PL_String*, rather
+ *  than a char *, and that {%d, %i, %o, %u, %x, %X} expect PKIX_UInt32 or
+ *  PKIX_Int32 instead of int or unsigned int.
+ *
+ * PARAMETERS:
+ *  "pOut"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *  "fmt"
+ *      Address of format string. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Not Thread Safe - Caller must have exclusive access to all arguments.
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Sprintf(
+        PKIX_PL_String **pOut,
+        void *plContext,
+        const PKIX_PL_String *fmt, ...);
+
+/*
+ * FUNCTION: PKIX_PL_GetString
+ * DESCRIPTION:
+ *
+ *  Retrieves the String associated with the value of "stringID" (if any) and
+ *  stores it at "pString". If no such string is associated with "stringID",
+ *  this function uses "defaultString" to create a String and stores it at
+ *  "pString".
+ *
+ * PARAMETERS:
+ *  "stringID"
+ *      PKIX_UInt32 valud of string identifier.
+ *  "defaultString"
+ *      Address of a PKIX_ESCASCII encoded string representation.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_GetString(
+        PKIX_UInt32 stringID,
+        char *defaultString,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_String_GetEncoded
+ * DESCRIPTION:
+ *
+ *  Retrieves the value of the String pointed to by "string" in the encoding
+ *  specified by "fmtIndicator" and stores the result in "pStringRep" and
+ *  "pLength", respectively. Note that "pStringRep" is not reference counted
+ *  and will need to be freed with PKIX_PL_Free().
+ *
+ * PARAMETERS:
+ *  "string"
+ *      Address of String whose encoded value is desired. Must be non-NULL.
+ *  "fmtIndicator"
+ *      Format of encoding. Supported formats are:
+ *      PKIX_ESCASCII, PKIX_ESCASII_DEBUG, PKIX_UTF8, PKIX_UTF8_NULL_TERM, and
+ *      PKIX_UTF16. XXX Where are these documented?
+ *  "pStringRep"
+ *      Address where pointer to encoded value will be stored.
+ *      Must be non-NULL.
+ *  "pLength"
+ *      Address where byte length of encoded value will be stored.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_String_GetEncoded(
+        PKIX_PL_String *string,
+        PKIX_UInt32 fmtIndicator,
+        void **pStringRep,
+        PKIX_UInt32 *pLength,
+        void *plContext);
+
+/*
+ * Hashtable
+ *
+ * A hashtable is a very efficient data structure used for mapping keys to
+ * values. Any non-null PKIX_PL_Object can be used as a key or as a value,
+ * provided that it correctly implements the PKIX_PL_EqualsCallback and the
+ * PKIX_PL_HashcodeCallback. A hashtable consists of several buckets, with
+ * each bucket capable of holding a linked list of key/value mappings. When
+ * adding, retrieving, or deleting a value, the hashcode of the key is used to
+ * determine which bucket's linked list is relevant. The corresponding
+ * key/value pair is then appended, retrieved, or deleted.
+ */
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new Hashtable with an initial capacity of "numBuckets" buckets
+ *  and "maxEntriesPerBucket" of entries limit for each bucket and stores it
+ *  at "pResult".
+ *
+ * PARAMETERS:
+ *  "numBuckets"
+ *      The initial number of hash table buckets. Must be non-zero.
+ *  "maxEntriesPerBucket"
+ *      The limit of entries per bucket. Zero means no limit.
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Create(
+        PKIX_UInt32 numBuckets,
+        PKIX_UInt32 maxEntriesPerBucket,
+        PKIX_PL_HashTable **pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Add
+ * DESCRIPTION:
+ *
+ *  Adds a key/value mapping using the Objects pointed to by "key" and "value"
+ *  to the Hashtable pointed to by "ht".
+ *
+ *  Function increments key/value reference counts. Caller is responsible to
+ *  to decrement(destroy) key/value ref counts(objects). 
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of Hashtable to be added to. Must be non-NULL.
+ *  "key"
+ *      Address of Object to be associated with "value". Must be non-NULL.
+ *  "value"
+ *      Address of Object to be added to Hashtable. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "ht"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Hashtable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Add(
+        PKIX_PL_HashTable *ht,
+        PKIX_PL_Object *key,
+        PKIX_PL_Object *value,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Remove
+ * DESCRIPTION:
+ *
+ *  Removes the Object value whose key is equal to the Object pointed to by
+ *  "key" from the Hashtable pointed to by "ht". If no such object exists,
+ *  this function throws an Error.
+ *
+ *  Function frees "value" object. Caller is responsible to free "key"
+ *  object.
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of Hashtable to remove object from. Must be non-NULL.
+ *  "key"
+ *      Address of Object used for lookup. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "ht"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Hashtable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Remove(
+        PKIX_PL_HashTable *ht,
+        PKIX_PL_Object *key,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Lookup
+ * DESCRIPTION:
+ *
+ *  Retrieves the Object whose key equals the Object pointed to by "key" from
+ *  the Hashtable associated with "ht" and stores it at "pResult". If no
+ *  Object is found, this function stores NULL at "pResult".
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of Hashtable to lookup Object from. Must be non-NULL.
+ *  "key"
+ *      Address of key Object used for lookup. Must be non-NULL.
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Hashtable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Lookup(
+        PKIX_PL_HashTable *ht,
+        PKIX_PL_Object *key,
+        PKIX_PL_Object **pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_ByteArray_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new ByteArray using "length" bytes of data pointed to by "array"
+ *  and stores it at "pByteArray". Once created, a ByteArray is immutable.
+ *
+ * PARAMETERS:
+ *  "array"
+ *      Address of source data.
+ *  "length"
+ *      Number of bytes to copy.
+ *  "pByteArray"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_ByteArray_Create(
+        void *array,
+        PKIX_UInt32 length,
+        PKIX_PL_ByteArray **pByteArray,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_ByteArray_GetPointer
+ * DESCRIPTION:
+ *
+ *  Allocates enough memory to hold the contents of the ByteArray pointed to
+ *  by "byteArray", copies the data from the ByteArray pointed to by
+ *  "byteArray" into the newly allocated memory, and stores a pointer to the
+ *  memory at "pArray". Note that "pArray" is not reference counted. It will
+ *  need to be freed with PKIX_PL_Free().
+ *
+ * PARAMETERS:
+ *  "byteArray"
+ *      Address of ByteArray whose data is desired. Must be non-NULL.
+ *  "pArray"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_ByteArray_GetPointer(
+        PKIX_PL_ByteArray *byteArray,
+        void **pArray,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_ByteArray_GetLength
+ * DESCRIPTION:
+ *
+ *  Retrieves the length of the ByteArray pointed to by "byteArray" and stores
+ *  the length at "pLength".
+ *
+ * PARAMETERS:
+ *  "byteArray"
+ *      Address of ByteArray whose length is desired. Must be non-NULL.
+ *  "pLength"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_ByteArray_GetLength(
+        PKIX_PL_ByteArray *byteArray,
+        PKIX_UInt32 *pLength,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_OID_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new OID using NSS oid tag.
+ *
+ * PARAMETERS:
+ *  "idtag"
+ *      nss oid id tag.
+ *  "pOID"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_OID_Create(
+        SECOidTag idtag,
+        PKIX_PL_OID **pOID,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_OID_CreateBySECItem
+ * DESCRIPTION:
+ *
+ *  Creates a new OID using a DER encoded OID stored as SECItem.
+ *
+ * PARAMETERS:
+ *  "derOid"
+ *      Address of SECItem that holds DER encoded OID.
+ *  "pOID"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_OID_CreateBySECItem(
+        SECItem *derOid,
+        PKIX_PL_OID **pOID,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_BigInt_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new BigInt using the source String pointed to by "stringRep" and
+ *  stores it at "pBigInt". Valid source Strings consist of an even number of
+ *  hexadecimal digits, which are always interpreted as a positive number.
+ *  Once created, a BigInt is immutable.
+ *
+ *  The regexp format is:
+ *      HexDigit  ::= [0-9] | [A-F] | [a-f]
+ *      DoubleHex ::= HexDigit HexDigit
+ *      BigIntSrc ::= (DoubleHex)+
+ *
+ *  Note that since we are using DoubleHex, the number of characters in the
+ *  source MUST be even. Additionally, the first DoubleHex MUST NOT be "00"
+ *  unless it is the only DoubleHex.
+ *
+ *  Valid  :    "09"
+ *  Valid  :    "00"    (special case where first and only DoubleHex is "00")
+ *  Invalid:    "9"     (not DoubleHex: odd number of characters)
+ *  Invalid:    "0009"  (first DoubleHex is "00")
+ *
+ *  XXX Why does this take a String object while OID_Create takes a char* ?
+ *  Perhaps because OID_Create is often used with constant strings and
+ *  this function isn't. That's a good reason, but we should explain it
+ *  (if it's right)
+ * PARAMETERS:
+ *  "stringRep"
+ *      Address of String representing a BigInt. Must be non-NULL.
+ *  "pBigInt"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a BigInt Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_BigInt_Create(
+        PKIX_PL_String *stringRep,
+        PKIX_PL_BigInt **pBigInt,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+/*
+ * FUNCTION: PKIX_PL_GetPLErrorCode
+ * DESCRIPTION:
+ *
+ *  Returns error code from PL layer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  PL layer error code. 
+ */
+int
+PKIX_PL_GetPLErrorCode();
+
+#endif /* _LIBPKIX_SYSTEM_H */
diff --git a/nss/lib/libpkix/include/pkix_results.h b/nss/lib/libpkix/include/pkix_results.h
new file mode 100755
index 0000000..bf4a381
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_results.h
@@ -0,0 +1,425 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the results used
+ * by the top-level functions.
+ *
+ */
+
+#ifndef _PKIX_RESULTS_H
+#define _PKIX_RESULTS_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+/* PKIX_ValidateResult
+ *
+ * PKIX_ValidateResult represents the result of a PKIX_ValidateChain call. It
+ * consists of the valid policy tree and public key resulting from validation,
+ * as well as the trust anchor used for this chain. Once created, a
+ * ValidateResult object is immutable.
+ */
+
+/*
+ * FUNCTION: PKIX_ValidateResult_GetPolicyTree
+ * DESCRIPTION:
+ *
+ *  Retrieves the PolicyNode component (representing the valid_policy_tree)
+ *  from the ValidateResult object pointed to by "result" and stores it at
+ *  "pPolicyTree".
+ *
+ * PARAMETERS:
+ *  "result"
+ *      Address of ValidateResult whose policy tree is to be stored. Must be
+ *      non-NULL.
+ *  "pPolicyTree"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ValidateResult_GetPolicyTree(
+        PKIX_ValidateResult *result,
+        PKIX_PolicyNode **pPolicyTree,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ValidateResult_GetPublicKey
+ * DESCRIPTION:
+ *
+ *  Retrieves the PublicKey component (representing the valid public_key) of
+ *  the ValidateResult object pointed to by "result" and stores it at
+ *  "pPublicKey".
+ *
+ * PARAMETERS:
+ *  "result"
+ *      Address of ValidateResult whose public key is to be stored.
+ *      Must be non-NULL.
+ *  "pPublicKey"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ValidateResult_GetPublicKey(
+        PKIX_ValidateResult *result,
+        PKIX_PL_PublicKey **pPublicKey,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_ValidateResult_GetTrustAnchor
+ * DESCRIPTION:
+ *
+ *  Retrieves the TrustAnchor component (representing the trust anchor used
+ *  during chain validation) of the ValidateResult object pointed to by
+ *  "result" and stores it at "pTrustAnchor".
+ *
+ * PARAMETERS:
+ *  "result"
+ *      Address of ValidateResult whose trust anchor is to be stored.
+ *      Must be non-NULL.
+ *  "pTrustAnchor"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_ValidateResult_GetTrustAnchor(
+        PKIX_ValidateResult *result,
+        PKIX_TrustAnchor **pTrustAnchor,
+        void *plContext);
+
+/* PKIX_BuildResult
+ *
+ * PKIX_BuildResult represents the result of a PKIX_BuildChain call. It
+ * consists of a ValidateResult object, as well as the built and validated
+ * CertChain. Once created, a BuildResult object is immutable.
+ */
+
+/*
+ * FUNCTION: PKIX_BuildResult_GetValidateResult
+ * DESCRIPTION:
+ *
+ *  Retrieves the ValidateResult component (representing the build's validate
+ *  result) of the BuildResult object pointed to by "result" and stores it at
+ *  "pResult".
+ *
+ * PARAMETERS:
+ *  "result"
+ *      Address of BuildResult whose ValidateResult component is to be stored.
+ *      Must be non-NULL.
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_BuildResult_GetValidateResult(
+        PKIX_BuildResult *result,
+        PKIX_ValidateResult **pResult,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_BuildResult_GetCertChain
+ * DESCRIPTION:
+ *
+ *  Retrieves the List of Certs (certChain) component (representing the built
+ *  and validated CertChain) of the BuildResult object pointed to by "result"
+ *  and stores it at "pChain".
+ *
+ * PARAMETERS:
+ *  "result"
+ *      Address of BuildResult whose CertChain component is to be stored.
+ *      Must be non-NULL.
+ *  "pChain"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_BuildResult_GetCertChain(
+        PKIX_BuildResult *result,
+        PKIX_List **pChain,
+        void *plContext);
+
+/* PKIX_PolicyNode
+ *
+ * PKIX_PolicyNode represents a node in the policy tree returned in
+ * ValidateResult. The policy tree is the same length as the validated
+ * certificate chain and the nodes are associated with a particular depth
+ * (corresponding to a particular certificate in the chain).
+ * PKIX_ValidateResult_GetPolicyTree returns the root node of the valid policy
+ * tree. Other nodes can be accessed using the getChildren and getParents
+ * functions, and individual elements of a node can be accessed with the
+ * appropriate gettors. Once created, a PolicyNode is immutable.
+ */
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetChildren
+ * DESCRIPTION:
+ *
+ *  Retrieves the List of PolicyNodes representing the child nodes of the
+ *  Policy Node pointed to by "node" and stores it at "pChildren". If "node"
+ *  has no child nodes, this function stores an empty List at "pChildren".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose child nodes are to be stored.
+ *      Must be non-NULL.
+ *  "pChildren"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetChildren(
+        PKIX_PolicyNode *node,
+        PKIX_List **pChildren,  /* list of PKIX_PolicyNode */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetParent
+ * DESCRIPTION:
+ *
+ *  Retrieves the PolicyNode representing the parent node of the PolicyNode
+ *  pointed to by "node" and stores it at "pParent". If "node" has no parent
+ *  node, this function stores NULL at "pParent".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose parent node is to be stored.
+ *      Must be non-NULL.
+ *  "pParent"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetParent(
+        PKIX_PolicyNode *node,
+        PKIX_PolicyNode **pParent,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetValidPolicy
+ * DESCRIPTION:
+ *
+ *  Retrieves the OID representing the valid policy of the PolicyNode pointed
+ *  to by "node" and stores it at "pValidPolicy".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose valid policy is to be stored.
+ *      Must be non-NULL.
+ *  "pValidPolicy"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetValidPolicy(
+        PKIX_PolicyNode *node,
+        PKIX_PL_OID **pValidPolicy,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
+ * DESCRIPTION:
+ *
+ *  Retrieves the List of CertPolicyQualifiers representing the policy
+ *  qualifiers associated with the PolicyNode pointed to by "node" and stores
+ *  it at "pQualifiers". If "node" has no policy qualifiers, this function
+ *  stores an empty List at "pQualifiers".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose policy qualifiers are to be stored.
+ *      Must be non-NULL.
+ *  "pQualifiers"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetPolicyQualifiers(
+        PKIX_PolicyNode *node,
+        PKIX_List **pQualifiers,  /* list of PKIX_PL_CertPolicyQualifier */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
+ * DESCRIPTION:
+ *
+ *  Retrieves the List of OIDs representing the expected policies associated
+ *  with the PolicyNode pointed to by "node" and stores it at "pExpPolicies".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose expected policies are to be stored.
+ *      Must be non-NULL.
+ *  "pExpPolicies"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetExpectedPolicies(
+        PKIX_PolicyNode *node,
+        PKIX_List **pExpPolicies,  /* list of PKIX_PL_OID */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PolicyNode_IsCritical
+ * DESCRIPTION:
+ *
+ *  Checks the criticality field of the PolicyNode pointed to by "node" and
+ *  stores the Boolean result at "pCritical".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose criticality field is examined.
+ *      Must be non-NULL.
+ *  "pCritical"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PolicyNode_IsCritical(
+        PKIX_PolicyNode *node,
+        PKIX_Boolean *pCritical,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetDepth
+ * DESCRIPTION:
+ *
+ *  Retrieves the depth component of the PolicyNode pointed to by "node" and
+ *  stores it at "pDepth".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose depth component is to be stored.
+ *      Must be non-NULL.
+ *  "pDepth"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Result Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetDepth(
+        PKIX_PolicyNode *node,
+        PKIX_UInt32 *pDepth,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_RESULTS_H */
diff --git a/nss/lib/libpkix/include/pkix_revchecker.h b/nss/lib/libpkix/include/pkix_revchecker.h
new file mode 100755
index 0000000..a16d23a
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_revchecker.h
@@ -0,0 +1,215 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with the PKIX_RevocationChecker
+ * type.
+ *
+ */
+
+#ifndef _PKIX_REVCHECKER_H
+#define _PKIX_REVCHECKER_H
+
+#include "pkixt.h"
+#include "pkix_pl_pki.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_RevocationChecker
+ *
+ * PKIX_RevocationChecker provides a standard way of revocation checking.
+ * Caller should configure two set of tests(represented at lists of
+ * RevocationMethod objects) to be performed on the leaf and on the rest of
+ * the chain certificates.
+ *
+ * PKIX_RevocationMethods provide a standard way for the caller to insert
+ * their own custom revocation checks to verify the revocation status of
+ * certificates. This may be useful in many scenarios, including when the
+ * caller wishes to use their own revocation checking mechanism instead of (or
+ * in addition to) the default revocation checking mechanism provided by
+ * libpkix, which uses CRLs and OCSP. 
+ *
+ * Once the caller has created the RevocationMethod object(s), the caller
+ * then specifies the RevocationMethod object(s) in a RevocationCheck object
+ * and sets it into a ProcessingParams.
+ */
+
+/*
+ * FUNCTION: PKIX_RevocationChecker_Create
+ * DESCRIPTION:
+ *
+ * Creates a revocation checker object with the given flags. Revocation will
+ * be checked at the current date.
+ *
+ * PARAMETERS:
+ *  "leafMethodListFlags"
+ *      Defines a set of method independent flags that will be used to check
+ *      revocation of the leaf cert in the chain.
+ *  "chainMethodListFlags"
+ *      Defines a set of method independent flags that will be used to check
+ *      revocation of the remaining certs in the chain.
+ *  "pChecker"
+ *      The return address of created checker.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a RevocationChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_RevocationChecker_Create(
+    PKIX_UInt32 leafMethodListFlags,
+    PKIX_UInt32 chainMethodListFlags,
+    PKIX_RevocationChecker **pChecker,
+    void *plContext);
+
+/*
+ * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
+ * DESCRIPTION:
+ *
+ * Creates revocation method object with given parameters and adds it
+ * to revocation checker method list.
+ *
+ * PARAMETERS:
+ *  "revChecker"
+ *      Address of revocation checker structure.
+ *  "procParams"
+ *      Address of ProcessingParams used to initialize the checker.
+ *      Must be non-NULL.
+ *  "methodType"
+ *      Type of the method. Currently only two types are
+ *      supported: crl and ocsp. (See PKIX_RevocationMethodType enum).
+ *  "methodFlags"
+ *      Set of flags for the method.
+ *  "methodPriority"
+ *      Method priority. (0 corresponds to the highest priority)
+ *  "verificationFn"
+ *      User call back function that will perform validation of fetched
+ *      revocation information(new crl or ocsp response)
+ *  "isLeafMethod"
+ *      Boolean flag that if set to true indicates that the method should
+ *      should be used for leaf cert revocation test(false for chain set
+ *      methods).
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a RevocationChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_RevocationChecker_CreateAndAddMethod(
+    PKIX_RevocationChecker *revChecker,
+    PKIX_ProcessingParams *params,
+    PKIX_RevocationMethodType methodType,
+    PKIX_UInt32 methodFlags,
+    PKIX_UInt32 methodPriority,
+    PKIX_PL_VerifyCallback verificationFn,
+    PKIX_Boolean isLeafMethod,
+    void *plContext);
+
+/*
+ * FUNCTION: PKIX_RevocationChecker_Check
+ * DESCRIPTION:
+ *
+ * Verifies revocation status of the certificate. Issuer cert is given to
+ * be used in verification of revocation information. Performed verification
+ * check depends on configured revocation methods(ocsp, crl. See
+ * PKIX_RevocationChecker_CreateAndAddMethod function) and a point of chain
+ * building process at which PKIX_RevocationChecker_Check was invoked.
+ * For security reasons, the cert status is checked only against cached
+ * revocation information during chain building stage(no trust anchor yes has
+ * been found). The fresh revocation information fetching is done only at chain
+ * verification stage after trust anchor was identified.
+ * 
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert whose revocation status is to be determined.
+ *      Must be non-NULL.
+ *  "issuer"
+ *      Issuer cert that potentially holds public key that will be used
+ *      to verify revocation info.
+ *  "revChecker"
+ *      Address of revocation checker structure.
+ *  "procParams"
+ *      Address of ProcessingParams used to initialize the checker.
+ *      Must be non-NULL.
+ *  "chainVerificationState"
+ *     Need to be set to true, if the check was called during chain verification
+ *     as an opposite to chain building.
+ *  "testingLeafCert"
+ *     Set to true if verifying revocation status of a leaf cert.
+ *  "revStatus"
+ *     Address of the returned revocation status of the cert.
+ *  "pResultCode"
+ *      Address where revocation status will be stored. Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which platform-dependent non-blocking I/O context is stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a RevocationChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_RevocationChecker_Check(PKIX_PL_Cert *cert,
+                             PKIX_PL_Cert *issuer,
+                             PKIX_RevocationChecker *revChecker,
+                             PKIX_ProcessingParams *procParams,
+                             PKIX_Boolean chainVerificationState,
+                             PKIX_Boolean testingLeafCert,
+                             PKIX_RevocationStatus *revStatus,
+                             PKIX_UInt32 *pReasonCode,
+                             void **pNbioContext,
+                             void *plContext);
+    
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_REVCHECKER_H */
diff --git a/nss/lib/libpkix/include/pkix_sample_modules.h b/nss/lib/libpkix/include/pkix_sample_modules.h
new file mode 100755
index 0000000..75d9618
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_sample_modules.h
@@ -0,0 +1,420 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines functions associated with CertStore types.
+ *
+ */
+
+
+#ifndef _PKIX_SAMPLEMODULES_H
+#define _PKIX_SAMPLEMODULES_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_PL_CollectionCertStore
+ *
+ * A PKIX_CollectionCertStore provides an example for showing how to retrieve
+ * certificates and CRLs from a repository, such as a directory in the system.
+ * It is expected the directory is an absolute directory which contains CRL
+ * and Cert data files.  CRL files are expected to have the suffix of .crl
+ * and Cert files are expected to have the suffix of .crt .
+ *
+ * Once the caller has created the CollectionCertStoreContext object, the caller
+ * then can call pkix_pl_CollectionCertStore_GetCert or
+ * pkix_pl_CollectionCertStore_GetCRL to obtain Lists of PKIX_PL_Cert or
+ * PKIX_PL_CRL objects, respectively.
+ */
+
+/*
+ * FUNCTION: PKIX_PL_CollectionCertStore_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CollectionCertStore and returns it at
+ *      "pColCertStore".
+ *
+ * PARAMETERS:
+ *  "storeDir"
+ *      The absolute path where *.crl files are located.
+ *  "pColCertStoreContext"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_CollectionCertStore_Create(
+        PKIX_PL_String *storeDir,
+        PKIX_CertStore **pCertStore,
+        void *plContext);
+
+/* PKIX_PL_PK11CertStore
+ *
+ * A PKIX_PL_PK11CertStore retrieves certificates and CRLs from a PKCS11
+ * database. The directory that contains the cert8.db, key3.db, and secmod.db
+ * files that comprise a PKCS11 database are specified in NSS initialization.
+ *
+ * Once the caller has created the Pk11CertStore object, the caller can call
+ * pkix_pl_Pk11CertStore_GetCert or pkix_pl_Pk11CertStore_GetCert to obtain
+ * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
+ */
+
+/*
+ * FUNCTION: PKIX_PL_Pk11CertStore_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new Pk11CertStore and returns it at "pPk11CertStore".
+ *
+ * PARAMETERS:
+ *  "pPk11CertStore"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_Pk11CertStore_Create(
+        PKIX_CertStore **pPk11CertStore,
+        void *plContext);
+
+#ifndef NSS_PKIX_NO_LDAP
+/* PKIX_PL_LdapCertStore
+ *
+ * A PKIX_PL_LdapCertStore retrieves certificates and CRLs from an LDAP server
+ * over a socket connection. It used the LDAP protocol as described in RFC1777.
+ *
+ * Once the caller has created the LdapCertStore object, the caller can call
+ * pkix_pl_LdapCertStore_GetCert or pkix_pl_LdapCertStore_GetCert to obtain
+ * a List of PKIX_PL_Certs or PKIX_PL_CRL objects, respectively.
+ */
+
+/*
+ * FUNCTION: PKIX_PL_LdapDefaultClient_Create
+ * DESCRIPTION:
+ *
+ *  Creates an LdapDefaultClient using the PRNetAddr poined to by "sockaddr",
+ *  with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
+ *  and stores the address of the default LdapClient at "pClient".
+ *
+ *  At the time of this version, there are unresolved questions about the LDAP
+ *  protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
+ *  clear whether they are appropriate to this application. We have tested only
+ *  using servers that do not expect authentication, and that reject BIND
+ *  messages. It is not clear what values might be appropriate for the bindname
+ *  and authentication fields, which are currently implemented as char strings
+ *  supplied by the caller. (If this changes, the API and possibly the templates
+ *  will have to change.) Therefore the Client_Create API contains a BindAPI
+ *  structure, a union, which will have to be revised and extended when this
+ *  area of the protocol is better understood.
+ *
+ * PARAMETERS:
+ *  "sockaddr"
+ *      Address of the PRNetAddr to be used for the socket connection. Must be
+ *      non-NULL.
+ *  "timeout"
+ *      The PRIntervalTime value to be used as a timeout value in socket calls;
+ *      a zero value indicates non-blocking I/O is to be used.
+ *  "bindAPI"
+ *      The address of a BindAPI to be used if a BIND message is required. If
+ *      this argument is NULL, no Bind (or Unbind) will be sent.
+ *  "pClient"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_LdapDefaultClient_Create(
+        PRNetAddr *sockaddr,
+        PRIntervalTime timeout,
+        LDAPBindAPI *bindAPI,
+        PKIX_PL_LdapDefaultClient **pClient,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName
+ * DESCRIPTION:
+ *
+ *  Creates an LdapDefaultClient using the hostname poined to by "hostname",
+ *  with a timeout value of "timeout", and a BindAPI pointed to by "bindAPI";
+ *  and stores the address of the default LdapClient at "pClient".
+ *
+ *  At the time of this version, there are unresolved questions about the LDAP
+ *  protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
+ *  clear whether they are appropriate to this application. We have tested only
+ *  using servers that do not expect authentication, and that reject BIND
+ *  messages. It is not clear what values might be appropriate for the bindname
+ *  and authentication fields, which are currently implemented as char strings
+ *  supplied by the caller. (If this changes, the API and possibly the templates
+ *  will have to change.) Therefore the Client_Create API contains a BindAPI
+ *  structure, a union, which will have to be revised and extended when this
+ *  area of the protocol is better understood.
+ *
+ * PARAMETERS:
+ *  "hostname"
+ *      Address of the hostname to be used for the socket connection. Must be
+ *      non-NULL.
+ *  "timeout"
+ *      The PRIntervalTime value to be used as a timeout value in socket calls;
+ *      a zero value indicates non-blocking I/O is to be used.
+ *  "bindAPI"
+ *      The address of a BindAPI to be used if a BIND message is required. If
+ *      this argument is NULL, no Bind (or Unbind) will be sent.
+ *  "pClient"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_LdapDefaultClient_CreateByName(
+        char *hostname,
+        PRIntervalTime timeout,
+        LDAPBindAPI *bindAPI,
+        PKIX_PL_LdapDefaultClient **pClient,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_LdapCertStore_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new LdapCertStore using the LdapClient pointed to by "client",
+ *  and stores the address of the CertStore at "pCertStore".
+ *
+ * PARAMETERS:
+ *  "client"
+ *      Address of the LdapClient to be used. Must be non-NULL.
+ *  "pCertStore"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_LdapCertStore_Create(
+        PKIX_PL_LdapClient *client,
+        PKIX_CertStore **pCertStore,
+        void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
+
+/* PKIX_PL_NssContext
+ *
+ * A PKIX_PL_NssContext provides an example showing how the "plContext"
+ * argument, that is part of every libpkix function call, can be used.
+ * The "plContext" is the Portability Layer Context, which can be used
+ * to communicate layer-specific information from the application to the
+ * underlying Portability Layer (while bypassing the Portable Code, which
+ * blindly passes the plContext on to every function call).
+ *
+ * In this case, NSS serves as both the application and the Portability Layer.
+ * We define an NSS-specific structure, which includes an arena and a number
+ * of SECCertificateUsage bit flags encoded as a PKIX_UInt32. A third argument,
+ * wincx, is used on Windows platforms for PKCS11 access, and should be set to
+ * NULL for other platforms.
+ * Before calling any of the libpkix functions, the caller should create the NSS
+ * context, by calling PKIX_PL_NssContext_Create, and provide that NSS context
+ * as the "plContext" argument in every libpkix function call the caller makes.
+ * When the caller is finished using the NSS context (usually just after he
+ * calls PKIX_Shutdown), the caller should call PKIX_PL_NssContext_Destroy to
+ * free the NSS context structure.
+ */
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new NssContext using the certificate usage(s) specified by
+ *  "certUsage" and stores it at "pNssContext". This function also internally
+ *  creates an arena and stores it as part of the NssContext structure. Unlike
+ *  most other libpkix API functions, this function does not take a "plContext"
+ *  parameter.
+ *
+ * PARAMETERS:
+ *  "certUsage"
+ *      The desired SECCertificateUsage(s).
+ *  "useNssArena"
+ *      Boolean flag indicates NSS Arena is used for memory allocation.
+ *  "wincx"
+ *      A Windows-dependent pointer for PKCS11 token handling.
+ *  "pNssContext"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Context Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_NssContext_Create(
+        PKIX_UInt32 certificateUsage,
+        PKIX_Boolean useNssArena,
+        void *wincx,
+        void **pNssContext);
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_Destroy
+ * DESCRIPTION:
+ *
+ *  Frees the structure pointed to by "nssContext" along with any of its
+ *  associated memory. Unlike most other libpkix API functions, this function
+ *  does not take a "plContext" parameter.
+ *
+ * PARAMETERS:
+ *  "nssContext"
+ *      Address of NssContext to be destroyed. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Context Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_NssContext_Destroy(
+        void *nssContext);
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetTimeout
+ * DESCRIPTION:
+ *
+ * Sets IO timeout for network operations like OCSP response and cert
+ * fetching.
+ *
+ * PARAMETERS:
+ *  "nssContext"
+ *      Address of NssContext to be destroyed. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Context Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout, PKIX_PL_NssContext *nssContext);
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen
+ * DESCRIPTION:
+ *
+ * Sets maximum responce length allowed during network IO operations.
+ *
+ * PARAMETERS:
+ *  "nssContext"
+ *      Address of NssContext to be destroyed. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Context Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len, PKIX_PL_NssContext *nssContext);
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay
+ * DESCRIPTION:
+ *
+ * Sets user defined timeout between attempts to load crl using
+ * CRLDP.
+ *
+ * PARAMETERS:
+ *  "delaySeconds"
+ *      Reload delay in seconds.
+ *  "nssContext"
+ *      Address of NssContext to be destroyed. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Context Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delaySeconds,
+                                       PKIX_PL_NssContext *nssContext);
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay
+ * DESCRIPTION:
+ *
+ * Sets user defined timeout between attempts to load crls
+ * that failed to decode.
+ *
+ * PARAMETERS:
+ *  "delaySeconds"
+ *      Reload delay in seconds.
+ *  "nssContext"
+ *      Address of NssContext to be destroyed. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Context Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delaySeconds,
+                                           PKIX_PL_NssContext *nssContext);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_SAMPLEMODULES_H */
diff --git a/nss/lib/libpkix/include/pkix_util.h b/nss/lib/libpkix/include/pkix_util.h
new file mode 100755
index 0000000..e42f608
--- /dev/null
+++ b/nss/lib/libpkix/include/pkix_util.h
@@ -0,0 +1,941 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * These functions provide support for a number of other functions
+ * by creating and manipulating data structures used by those functions.
+ *
+ */
+
+#ifndef _PKIX_UTIL_H
+#define _PKIX_UTIL_H
+
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* General
+ *
+ * Please refer to the libpkix Programmer's Guide for detailed information
+ * about how to use the libpkix library. Certain key warnings and notices from
+ * that document are repeated here for emphasis.
+ *
+ * All identifiers in this file (and all public identifiers defined in
+ * libpkix) begin with "PKIX_". Private identifiers only intended for use
+ * within the library begin with "pkix_".
+ *
+ * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
+ *
+ * Unless otherwise noted, for all accessor (gettor) functions that return a
+ * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
+ * shared object. Therefore, the caller should treat this shared object as
+ * read-only and should not modify this shared object. When done using the
+ * shared object, the caller should release the reference to the object by
+ * using the PKIX_PL_Object_DecRef function.
+ *
+ * While a function is executing, if its arguments (or anything referred to by
+ * its arguments) are modified, free'd, or destroyed, the function's behavior
+ * is undefined.
+ *
+ */
+
+/* PKIX_Logger
+ *
+ * PKIX_Loggers provide a standard way for the caller to insert custom logging
+ * facilities. These are used by libpkix to log errors, debug information,
+ * status, etc. The LogCallback allows custom logging to take place.
+ * Additionally, a Logger can be initialized with a loggerContext, which is
+ * where the caller can specify configuration data such as the name of a
+ * logfile or database. Note that this loggerContext must be a PKIX_PL_Object,
+ * allowing it to be reference-counted and allowing it to provide the standard
+ * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
+ *
+ * Once the caller has created the Logger object(s) (and set the loggerContext
+ * (if any) and the Log callback), the caller then registers these Loggers
+ * with the system by calling PKIX_SetLoggers or PKIX_AddLogger. All log
+ * entries will then be logged using the specified Loggers. If multiple
+ * Loggers are specified, every log entry will be logged with each of them.
+ *
+ * XXX Maybe give some guidance somewhere on how much detail each logging
+ * level should have and where component boundaries should be. Maybe in
+ * Implementor's Guide or Programmer's Guide.
+ */
+
+#define PKIX_LOGGER_LEVEL_TRACE                5
+#define PKIX_LOGGER_LEVEL_DEBUG                4
+#define PKIX_LOGGER_LEVEL_WARNING              3
+#define PKIX_LOGGER_LEVEL_ERROR                2
+#define PKIX_LOGGER_LEVEL_FATALERROR           1
+
+#define PKIX_LOGGER_LEVEL_MAX                  5
+
+/*
+ * FUNCTION: PKIX_Logger_LogCallback
+ * DESCRIPTION:
+ *
+ *  This callback function logs a log entry containing the String pointed to
+ *  by "message", the integer value of logLevel, and the String pointed to by
+ *  "logComponent". A log entry can be associated with a particular log
+ *  level (i.e. level 3) and a particular log component (i.e. "CertStore").
+ *  For example, someone reading the log may only be interested in very general
+ *  log entries so they look only for log level 1. Similarly, they may only be
+ *  interested in log entries pertaining to the CertStore component so they
+ *  look only for that log component. This function can be used before calling
+ *  PKIX_Initialize.
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of logger whose LogCallback is to be used. Must be non-NULL.
+ *  "message"
+ *      Address of String that is to be logged used "logger". Must be non-NULL.
+ *  "logLevel"
+ *      Integer value representing the log level for this entry. The higher the
+ *      level, the more detail. Must be non-NULL.
+ *  "logComponent"
+ *      PKIXERRORNUM value (defined in pkixt.h) designating the log component
+ *      for this entry.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe
+ *
+ *  Multiple threads must be able to safely call this function without
+ *  worrying about conflicts, even if they're operating on the same objects.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+typedef PKIX_Error *
+(*PKIX_Logger_LogCallback)(
+        PKIX_Logger *logger,
+        PKIX_PL_String *message,
+        PKIX_UInt32 logLevel,
+        PKIX_ERRORCLASS logComponent,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Logger_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new Logger using the Object pointed to by "loggerContext"
+ *  (if any) and stores it at "pLogger". The new Logger uses the LogCallback
+ *  pointed to by "callback". The Logger's maximum logging level is initially
+ *  set to a very high level and its logging component is set to NULL (all
+ *  components).
+ *
+ * PARAMETERS:
+ *  "callback"
+ *      The LogCallback function to be used. Must be non-NULL.
+ *  "loggerContext"
+ *      Address of Object representing the Logger's context (if any).
+ *  "pLogger"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Logger_Create(
+        PKIX_Logger_LogCallback callback,
+        PKIX_PL_Object *loggerContext,
+        PKIX_Logger **pLogger,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Logger_GetLogCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to "logger's" Log callback function and puts it in
+ *  "pCallback".
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of Logger whose Log callback is desired. Must be non-NULL.
+ *  "pCallback"
+ *      Address where Log callback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Logger_GetLogCallback(
+        PKIX_Logger *logger,
+        PKIX_Logger_LogCallback *pCallback,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Logger_GetLoggerContext
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
+ *  of the Logger pointed to by "logger" and stores it at "pLoggerContext".
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of Logger whose context is to be stored. Must be non-NULL.
+ *  "pLoggerContext"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Logger_GetLoggerContext(
+        PKIX_Logger *logger,
+        PKIX_PL_Object **pLoggerContext,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Logger_GetMaxLoggingLevel
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a PKIX_UInt32 representing the maximum logging
+ *  level of the Logger pointed to by "logger" and stores it at "pLevel". Only
+ *  log entries whose log level is less than or equal to this maximum logging
+ *  level will be logged.
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of Logger whose maximum logging level is to be stored.
+ *      Must be non-NULL.
+ *  "pLevel"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Logger_GetMaxLoggingLevel(
+        PKIX_Logger *logger,
+        PKIX_UInt32 *pLevel,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Logger_SetMaxLoggingLevel
+ * DESCRIPTION:
+ *
+ *  Sets the maximum logging level of the Logger pointed to by "logger" with
+ *  the integer value of "level".
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of Logger whose maximum logging level is to be set.
+ *      Must be non-NULL.
+ *  "level"
+ *      Maximum logging level to be set
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "logger"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Logger_SetMaxLoggingLevel(
+        PKIX_Logger *logger,
+        PKIX_UInt32 level,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Logger_GetLoggingComponent
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to a String representing the logging component of the
+ *  Logger pointed to by "logger" and stores it at "pComponent". Only log
+ *  entries whose log component matches the specified logging component will
+ *  be logged.
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of Logger whose logging component is to be stored.
+ *      Must be non-NULL.
+ *  "pComponent"
+ *      Address where PKIXERRORNUM will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Logger_GetLoggingComponent(
+        PKIX_Logger *logger,
+        PKIX_ERRORCLASS *pComponent,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Logger_SetLoggingComponent
+ * DESCRIPTION:
+ *
+ *  Sets the logging component of the Logger pointed to by "logger" with the
+ *  PKIXERRORNUM pointed to by "component". To match a small set of components,
+ *  create a Logger for each.
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of Logger whose logging component is to be set.
+ *      Must be non-NULL.
+ *  "component"
+ *      PKIXERRORNUM value representing logging component to be set.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "logger"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Logger_SetLoggingComponent(
+        PKIX_Logger *logger,
+        PKIX_ERRORCLASS component,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_GetLoggers
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of Loggers (if any) being used for logging
+ *  by libpkix and stores it at "pLoggers". If no loggers are being used, this
+ *  function stores an empty List at "pLoggers".
+ *
+ *  Note that the List returned by this function is immutable.
+ *
+ * PARAMETERS:
+ *  "pLoggers"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_GetLoggers(
+        PKIX_List **pLoggers,  /* list of PKIX_Logger */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_SetLoggers
+ * DESCRIPTION:
+ *
+ *  Sets the Loggers to be used by libpkix to the List of Loggers pointed to
+ *  by "loggers". If "loggers" is NULL, no Loggers will be used.
+ *
+ * PARAMETERS:
+ *  "loggers"
+ *      Address of List of Loggers to be set. NULL for no Loggers.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_SetLoggers(
+        PKIX_List *loggers,  /* list of PKIX_Logger */
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_AddLogger
+ * DESCRIPTION:
+ *
+ *  Adds the Logger pointed to by "logger" to the List of Loggers used by
+ *  libpkix.
+ *
+ * PARAMETERS:
+ *  "logger"
+ *      Address of Logger to be added. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Logger Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_AddLogger(
+        PKIX_Logger *logger,
+        void *plContext);
+
+/* Functions pertaining to the PKIX_Error type */
+
+/* Error
+ *
+ * An Error object is returned by a function upon encountering some error
+ * condition. Each Error is associated with an errorCode specified in pkixt.h.
+ * The remaining components of an Error are optional. An Error's description
+ * specifies a text message describing the Error. An Error's supplementary info
+ * specifies additional information that might be useful. Finally, an Error's
+ * cause specifies the underlying Error (if any) that resulted in this Error
+ * being returned, thereby allowing Errors to be chained so that an entire
+ * "error stack trace" can be represented. Once created, an Error is immutable.
+ *
+ * Note that the Error's supplementary info must be an Object (although any
+ * object type), allowing it to be reference-counted and allowing it to
+ * provide the standard Object functions (Equals, Hashcode, ToString, Compare,
+ * Duplicate).
+ *
+ * Errors are classified as either being fatal or non-fatal. If a function
+ * fails in an unrecoverable way, it returns an Error whose errorCode is
+ * PKIX_FATAL_ERROR. If such an error is encountered, the caller should
+ * not attempt to recover since something seriously wrong has happened
+ * (e.g. corrupted memory, memory finished, etc.). All other errorCodes
+ * are considered non-fatal errors and can be handled by the caller as they
+ * see fit.
+ */
+
+/*
+ * FUNCTION: PKIX_Error_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new Error using the value of "errorCode", the Error pointed to by
+ *  "cause" (if any), the Object pointed to by "info" (if any), and the String
+ *  pointed to by "desc" and stores it at "pError". If any error occurs during
+ *  error allocation, it will be returned without chaining, since new errors
+ *  cannot be created. Once created, an Error is immutable.
+ *
+ * PARAMETERS:
+ *  "errorCode"
+ *      Value of error code.
+ *  "cause"
+ *      Address of Error representing error's cause.
+ *      NULL if none or unspecified.
+ *  "info"
+ *      Address of Object representing error's supplementary information.
+ *      NULL if none.
+ *  "desc"
+ *      Address of String representing error's description. NULL if none.
+ *  "pError"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Error_Create(
+        PKIX_ERRORCLASS errClass,
+        PKIX_Error *cause,
+        PKIX_PL_Object *info,
+        PKIX_ERRORCODE errCode,
+        PKIX_Error **pError,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Error_GetErrorClass
+ * DESCRIPTION:
+ *
+ *  Retrieves the error class of the Error pointed to by "error" and 
+ *  stores it at "pClass". Supported error codes are defined in pkixt.h.
+ *
+ * PARAMETERS:
+ *  "error"
+ *      Address of Error whose error code is desired. Must be non-NULL.
+ *  "pClass"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Error_GetErrorClass(
+        PKIX_Error *error,
+        PKIX_ERRORCLASS *pClass,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Error_GetErrorCode
+ * DESCRIPTION:
+ *
+ *  Retrieves the error code of the Error pointed to by "error" and 
+ *  stores it at "pCode". Supported error codes are defined in pkixt.h.
+ *
+ * PARAMETERS:
+ *  "error"
+ *      Address of Error whose error code is desired. Must be non-NULL.
+ *  "pCode"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Error_GetErrorCode(
+        PKIX_Error *error,
+        PKIX_ERRORCODE *pCode,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Error_GetCause
+ * DESCRIPTION:
+ *
+ *  Retrieves the cause of the Error pointed to by "error" and stores it at
+ *  "pCause". If no cause was specified, NULL will be stored at "pCause".
+ *
+ * PARAMETERS:
+ *  "error"
+ *      Address of Error whose cause is desired. Must be non-NULL.
+ *  "pCause"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Error_GetCause(
+        PKIX_Error *error,
+        PKIX_Error **pCause,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Error_GetSupplementaryInfo
+ * DESCRIPTION:
+ *
+ *  Retrieves the supplementary info of the Error pointed to by "error" and
+ *  stores it at "pInfo".
+ *
+ * PARAMETERS:
+ *  "error"
+ *      Address of Error whose info is desired. Must be non-NULL.
+ *  "pInfo"
+ *      Address where info pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Error_GetSupplementaryInfo(
+        PKIX_Error *error,
+        PKIX_PL_Object **pInfo,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_Error_GetDescription
+ * DESCRIPTION:
+ *
+ *  Retrieves the description of the Error pointed to by "error" and stores it
+ *  at "pDesc". If no description was specified, NULL will be stored at
+ *  "pDesc".
+ *
+ * PARAMETERS:
+ *  "error"
+ *      Address of Error whose description is desired. Must be non-NULL.
+ *  "pDesc"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_Error_GetDescription(
+        PKIX_Error *error,
+        PKIX_PL_String **pDesc,
+        void *plContext);
+
+/* PKIX_List
+ *
+ * Represents a collection of items. NULL is considered a valid item.
+ */
+
+/*
+ * FUNCTION: PKIX_List_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new List and stores it at "pList". The List is initially empty
+ *  and holds no items. To initially add items to the List, use
+ *  PKIX_List_AppendItem
+ *
+ * PARAMETERS:
+ *  "pList"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_Create(
+        PKIX_List **pList,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_SetImmutable
+ * DESCRIPTION:
+ *
+ *  Sets the List pointed to by "list" to be immutable. If a caller tries to
+ *  change a List after it has been marked immutable (i.e. by calling
+ *  PKIX_List_AppendItem, PKIX_List_InsertItem, PKIX_List_SetItem, or
+ *  PKIX_List_DeleteItem), an Error is returned.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List to be marked immutable. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "list"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_SetImmutable(
+        PKIX_List *list,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_IsImmutable
+ * DESCRIPTION:
+ *
+ *  Checks whether the List pointed to by "list" is immutable and stores
+ *  the Boolean result at "pImmutable". If a caller tries to change a List
+ *  after it has been marked immutable (i.e. by calling PKIX_List_AppendItem,
+ *  PKIX_List_InsertItem, PKIX_List_SetItem, or PKIX_List_DeleteItem), an
+ *  Error is returned.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List whose immutability is to be determined.
+ *      Must be non-NULL.
+ *  "pImmutable"
+ *      Address where PKIX_Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_IsImmutable(
+        PKIX_List *list,
+        PKIX_Boolean *pImmutable,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_GetLength
+ * DESCRIPTION:
+ *
+ *  Retrieves the length of the List pointed to by "list" and stores it at
+ *  "pLength".
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List whose length is desired. Must be non-NULL.
+ *  "pLength"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_GetLength(
+        PKIX_List *list,
+        PKIX_UInt32 *pLength,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_IsEmpty
+ * DESCRIPTION:
+ *
+ *  Checks whether the List pointed to by "list" is empty and stores
+ *  the Boolean result at "pEmpty".
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List whose emptiness is to be determined. Must be non-NULL.
+ *  "pEmpty"
+ *      Address where PKIX_Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_IsEmpty(
+        PKIX_List *list,
+        PKIX_Boolean *pEmpty,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_AppendItem
+ * DESCRIPTION:
+ *
+ *  Appends the Object pointed to by "item" after the last non-NULL item in
+ *  List pointed to by "list", if any. Note that a List may validly contain
+ *  NULL items. Appending "c" into the List ("a", NULL, "b", NULL) will result
+ *  in ("a", NULL, "b", "c").
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List to append to. Must be non-NULL.
+ *  "item"
+ *      Address of new item to append.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "list"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_AppendItem(
+        PKIX_List *list,
+        PKIX_PL_Object *item,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_InsertItem
+ * DESCRIPTION:
+ *
+ *  Inserts the Object pointed to by "item" into the List pointed to by "list"
+ *  at the given "index". The index counts from zero and must be less than the
+ *  List's length. Existing list entries at or after this index will be moved
+ *  to the next highest index.
+ *
+ *  XXX why not allow equal to length which would be equivalent to AppendItem?
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List to insert into. Must be non-NULL.
+ *  "index"
+ *      Position to insert into. Must be less than List's length.
+ *  "item"
+ *      Address of new item to append.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "list"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_InsertItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        PKIX_PL_Object *item,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_GetItem
+ * DESCRIPTION:
+ *
+ *  Copies the "list"'s item at "index" into "pItem". The index counts from
+ *  zero and must be less than the list's length. Increments the reference
+ *  count on the returned object, if non-NULL.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List to get item from. Must be non-NULL.
+ *  "index"
+ *      Index of list to get item from. Must be less than List's length.
+ *  "pItem"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_GetItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        PKIX_PL_Object **pItem,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_SetItem
+ * DESCRIPTION:
+ *
+ *  Sets the item at "index" of the List pointed to by "list" with the Object
+ *  pointed to by "item". The index counts from zero and must be less than the
+ *  List's length. The previous entry at this index will have its reference
+ *  count decremented and the new entry will have its reference count
+ *  incremented.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List to modify. Must be non-NULL.
+ *  "index"
+ *      Position in List to set. Must be less than List's length.
+ *  "item"
+ *      Address of Object to set at "index".
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "list"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_SetItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        PKIX_PL_Object *item,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_DeleteItem
+ *
+ *  Deletes the item at "index" from the List pointed to by "list". The index
+ *  counts from zero and must be less than the List's length. Note that this
+ *  function does not destroy the List. It simply decrements the reference
+ *  count of the item at "index" in the List, deletes that item from the list
+ *  and moves all subsequent entries to a lower index in the list. If there is
+ *  only a single element in the List and that element is deleted, then the
+ *  List will be empty.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List to delete from. Must be non-NULL.
+ *  "index"
+ *      Position in List to delete. Must be less than List's length.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "list"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_DeleteItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_List_ReverseList
+ * DESCRIPTION:
+ *
+ *  Creates a new List whose elements are in the reverse order as the elements
+ *  of the Object pointed to by "list" and stores the copy at "pReversedList".
+ *  If "list" is empty, the new reversed List will be a copy of "list".
+ *  Changes to the new object will not affect the original and vice versa.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List whose elements are to be reversed. Must be non-NULL.
+ *  "pReversedList"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_List_ReverseList(
+        PKIX_List *list,
+        PKIX_List **pReversedList,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_UTIL_H */
diff --git a/nss/lib/libpkix/include/pkixt.h b/nss/lib/libpkix/include/pkixt.h
new file mode 100755
index 0000000..71997f7
--- /dev/null
+++ b/nss/lib/libpkix/include/pkixt.h
@@ -0,0 +1,485 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file defines the types in the libpkix API.
+ * XXX Maybe we should specify the API version number in all API header files
+ *
+ */
+
+#ifndef _PKIXT_H
+#define _PKIXT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "secerr.h"
+
+/* Types
+ *
+ * This header file provides typedefs for the abstract types used by libpkix.
+ * It also provides several useful macros.
+ *
+ * Note that all these abstract types are typedef'd as opaque structures. This
+ * is intended to discourage the caller from looking at the contents directly,
+ * since the format of the contents may change from one version of the library
+ * to the next. Instead, callers should only access these types using the
+ * functions defined in the public header files.
+ *
+ * An instance of an abstract type defined in this file is called an "object"
+ * here, although C does not have real support for objects.
+ *
+ * Because C does not typically have automatic garbage collection, the caller
+ * is expected to release the reference to any object that they create or that
+ * is returned to them by a libpkix function. The caller should do this by
+ * using the PKIX_PL_Object_DecRef function. Note that the caller should not
+ * release the reference to an object if the object has been passed to a
+ * libpkix function and that function has not returned.
+ *
+ * Please refer to libpkix Programmer's Guide for more details.
+ */
+
+/* Version
+ *
+ * These macros specify the major and minor version of the libpkix API defined
+ * by this header file.
+ */
+
+#define PKIX_MAJOR_VERSION              ((PKIX_UInt32) 0)
+#define PKIX_MINOR_VERSION              ((PKIX_UInt32) 3)
+
+/* Maximum minor version
+ *
+ * This macro is used to specify that the caller wants the largest minor
+ * version available.
+ */
+
+#define PKIX_MAX_MINOR_VERSION          ((PKIX_UInt32) 4000000000)
+
+/* Define Cert Store type for database access */
+#define PKIX_STORE_TYPE_NONE            0
+#define PKIX_STORE_TYPE_PK11            1
+
+/* Portable Code (PC) data types
+ *
+ * These types are used to perform the primary operations of this library:
+ * building and validating chains of X.509 certificates.
+ */
+
+typedef struct PKIX_ErrorStruct PKIX_Error;
+typedef struct PKIX_ProcessingParamsStruct PKIX_ProcessingParams;
+typedef struct PKIX_ValidateParamsStruct PKIX_ValidateParams;
+typedef struct PKIX_ValidateResultStruct PKIX_ValidateResult;
+typedef struct PKIX_ResourceLimitsStruct PKIX_ResourceLimits;
+typedef struct PKIX_BuildResultStruct PKIX_BuildResult;
+typedef struct PKIX_CertStoreStruct PKIX_CertStore;
+typedef struct PKIX_CertChainCheckerStruct PKIX_CertChainChecker;
+typedef struct PKIX_RevocationCheckerStruct PKIX_RevocationChecker;
+typedef struct PKIX_CertSelectorStruct PKIX_CertSelector;
+typedef struct PKIX_CRLSelectorStruct PKIX_CRLSelector;
+typedef struct PKIX_ComCertSelParamsStruct PKIX_ComCertSelParams;
+typedef struct PKIX_ComCRLSelParamsStruct PKIX_ComCRLSelParams;
+typedef struct PKIX_TrustAnchorStruct PKIX_TrustAnchor;
+typedef struct PKIX_PolicyNodeStruct PKIX_PolicyNode;
+typedef struct PKIX_LoggerStruct PKIX_Logger;
+typedef struct PKIX_ListStruct PKIX_List;
+typedef struct PKIX_ForwardBuilderStateStruct PKIX_ForwardBuilderState;
+typedef struct PKIX_DefaultRevocationCheckerStruct
+                        PKIX_DefaultRevocationChecker;
+typedef struct PKIX_VerifyNodeStruct PKIX_VerifyNode;
+
+/* Portability Layer (PL) data types
+ *
+ * These types are used are used as portable data types that are defined
+ * consistently across platforms
+ */
+
+typedef struct PKIX_PL_NssContextStruct PKIX_PL_NssContext;
+typedef struct PKIX_PL_ObjectStruct PKIX_PL_Object;
+typedef struct PKIX_PL_ByteArrayStruct PKIX_PL_ByteArray;
+typedef struct PKIX_PL_HashTableStruct PKIX_PL_HashTable;
+typedef struct PKIX_PL_MutexStruct PKIX_PL_Mutex;
+typedef struct PKIX_PL_RWLockStruct PKIX_PL_RWLock;
+typedef struct PKIX_PL_MonitorLockStruct PKIX_PL_MonitorLock;
+typedef struct PKIX_PL_BigIntStruct PKIX_PL_BigInt;
+typedef struct PKIX_PL_StringStruct PKIX_PL_String;
+typedef struct PKIX_PL_OIDStruct PKIX_PL_OID;
+typedef struct PKIX_PL_CertStruct PKIX_PL_Cert;
+typedef struct PKIX_PL_GeneralNameStruct PKIX_PL_GeneralName;
+typedef struct PKIX_PL_X500NameStruct PKIX_PL_X500Name;
+typedef struct PKIX_PL_PublicKeyStruct PKIX_PL_PublicKey;
+typedef struct PKIX_PL_DateStruct PKIX_PL_Date;
+typedef struct PKIX_PL_CertNameConstraintsStruct PKIX_PL_CertNameConstraints;
+typedef struct PKIX_PL_CertBasicConstraintsStruct PKIX_PL_CertBasicConstraints;
+typedef struct PKIX_PL_CertPoliciesStruct PKIX_PL_CertPolicies;
+typedef struct PKIX_PL_CertPolicyInfoStruct PKIX_PL_CertPolicyInfo;
+typedef struct PKIX_PL_CertPolicyQualifierStruct PKIX_PL_CertPolicyQualifier;
+typedef struct PKIX_PL_CertPolicyMapStruct PKIX_PL_CertPolicyMap;
+typedef struct PKIX_PL_CRLStruct PKIX_PL_CRL;
+typedef struct PKIX_PL_CRLEntryStruct PKIX_PL_CRLEntry;
+typedef struct PKIX_PL_CollectionCertStoreStruct PKIX_PL_CollectionCertStore;
+typedef struct PKIX_PL_CollectionCertStoreContext
+                        PKIX_PL_CollectionCertStoreContext;
+typedef struct PKIX_PL_LdapCertStoreContext PKIX_PL_LdapCertStoreContext;
+typedef struct PKIX_PL_LdapRequestStruct PKIX_PL_LdapRequest;
+typedef struct PKIX_PL_LdapResponseStruct PKIX_PL_LdapResponse;
+typedef struct PKIX_PL_LdapDefaultClientStruct PKIX_PL_LdapDefaultClient;
+typedef struct PKIX_PL_SocketStruct PKIX_PL_Socket;
+typedef struct PKIX_PL_InfoAccessStruct PKIX_PL_InfoAccess;
+typedef struct PKIX_PL_AIAMgrStruct PKIX_PL_AIAMgr;
+typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;
+typedef struct PKIX_PL_OcspRequestStruct PKIX_PL_OcspRequest;
+typedef struct PKIX_PL_OcspResponseStruct PKIX_PL_OcspResponse;
+typedef struct PKIX_PL_HttpClientStruct PKIX_PL_HttpClient;
+typedef struct PKIX_PL_HttpDefaultClientStruct PKIX_PL_HttpDefaultClient;
+typedef struct PKIX_PL_HttpCertStoreContextStruct PKIX_PL_HttpCertStoreContext;
+
+/* Primitive types
+ *
+ * In order to guarantee desired behavior as well as platform-independence, we
+ * typedef these types depending on the platform. XXX This needs more work!
+ */
+
+/* XXX Try compiling these files (and maybe the whole libpkix-nss) on Win32.
+ * We don't know what type is at least 32 bits long. ISO C probably requires
+ * at least 32 bits for long. we could default to that and only list platforms
+ * where that's not true.
+ *
+ * #elif
+ * #error
+ * #endif
+ */
+
+/* currently, int is 32 bits on all our supported platforms */
+
+typedef unsigned int PKIX_UInt32;
+typedef int PKIX_Int32;
+
+typedef int PKIX_Boolean;
+
+/* Object Types
+ *
+ * Every reference-counted PKIX_PL_Object is associated with an integer type.
+ */
+#define PKIX_TYPES \
+    TYPEMACRO(AIAMGR), \
+    TYPEMACRO(BASICCONSTRAINTSCHECKERSTATE), \
+    TYPEMACRO(BIGINT), \
+    TYPEMACRO(BUILDRESULT), \
+    TYPEMACRO(BYTEARRAY), \
+    TYPEMACRO(CERT), \
+    TYPEMACRO(CERTBASICCONSTRAINTS), \
+    TYPEMACRO(CERTCHAINCHECKER), \
+    TYPEMACRO(CERTNAMECONSTRAINTS), \
+    TYPEMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
+    TYPEMACRO(CERTPOLICYCHECKERSTATE), \
+    TYPEMACRO(CERTPOLICYINFO), \
+    TYPEMACRO(CERTPOLICYMAP), \
+    TYPEMACRO(CERTPOLICYNODE), \
+    TYPEMACRO(CERTPOLICYQUALIFIER), \
+    TYPEMACRO(CERTSELECTOR), \
+    TYPEMACRO(CERTSTORE), \
+    TYPEMACRO(COLLECTIONCERTSTORECONTEXT), \
+    TYPEMACRO(COMCERTSELPARAMS), \
+    TYPEMACRO(COMCRLSELPARAMS), \
+    TYPEMACRO(CRL), \
+    TYPEMACRO(CRLDP), \
+    TYPEMACRO(CRLENTRY), \
+    TYPEMACRO(CRLSELECTOR), \
+    TYPEMACRO(DATE), \
+    TYPEMACRO(CRLCHECKER), \
+    TYPEMACRO(EKUCHECKER), \
+    TYPEMACRO(ERROR), \
+    TYPEMACRO(FORWARDBUILDERSTATE), \
+    TYPEMACRO(GENERALNAME), \
+    TYPEMACRO(HASHTABLE), \
+    TYPEMACRO(HTTPCERTSTORECONTEXT), \
+    TYPEMACRO(HTTPDEFAULTCLIENT), \
+    TYPEMACRO(INFOACCESS), \
+    TYPEMACRO(LDAPDEFAULTCLIENT), \
+    TYPEMACRO(LDAPREQUEST), \
+    TYPEMACRO(LDAPRESPONSE), \
+    TYPEMACRO(LIST), \
+    TYPEMACRO(LOGGER), \
+    TYPEMACRO(MONITORLOCK), \
+    TYPEMACRO(MUTEX), \
+    TYPEMACRO(OBJECT), \
+    TYPEMACRO(OCSPCERTID), \
+    TYPEMACRO(OCSPCHECKER), \
+    TYPEMACRO(OCSPREQUEST), \
+    TYPEMACRO(OCSPRESPONSE), \
+    TYPEMACRO(OID), \
+    TYPEMACRO(REVOCATIONCHECKER), \
+    TYPEMACRO(PROCESSINGPARAMS), \
+    TYPEMACRO(PUBLICKEY), \
+    TYPEMACRO(RESOURCELIMITS), \
+    TYPEMACRO(RWLOCK), \
+    TYPEMACRO(SIGNATURECHECKERSTATE), \
+    TYPEMACRO(SOCKET), \
+    TYPEMACRO(STRING), \
+    TYPEMACRO(TARGETCERTCHECKERSTATE), \
+    TYPEMACRO(TRUSTANCHOR), \
+    TYPEMACRO(VALIDATEPARAMS), \
+    TYPEMACRO(VALIDATERESULT), \
+    TYPEMACRO(VERIFYNODE), \
+    TYPEMACRO(X500NAME)
+
+#define TYPEMACRO(type) PKIX_ ## type ## _TYPE
+
+typedef enum {     /* Now invoke all those TYPEMACROs to assign the numbers */
+   PKIX_TYPES,
+   PKIX_NUMTYPES   /* This gets PKIX_NUMTYPES defined as the total number */
+} PKIX_TYPENUM;
+
+
+#ifdef PKIX_USER_OBJECT_TYPE
+
+/* User Define Object Types
+ *
+ * User may define their own object types offset from PKIX_USER_OBJECT_TYPE
+ */
+#define PKIX_USER_OBJECT_TYPEBASE 1000
+
+#endif /* PKIX_USER_OBJECT_TYPE */
+
+/* Error Codes
+ *
+ * This list is used to define a set of PKIX_Error exception class numbers.
+ * ERRMACRO is redefined to produce a corresponding set of
+ * strings in the table "const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES]" in
+ * pkix_error.c. For example, since the fifth ERRMACRO entry is MUTEX, then
+ * PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and PKIX_ERRORCLASSNAMES[4] is
+ * initialized in pkix_error.c with the value "MUTEX".
+ */
+#define PKIX_ERRORCLASSES \
+   ERRMACRO(AIAMGR), \
+   ERRMACRO(BASICCONSTRAINTSCHECKERSTATE), \
+   ERRMACRO(BIGINT), \
+   ERRMACRO(BUILD), \
+   ERRMACRO(BUILDRESULT), \
+   ERRMACRO(BYTEARRAY), \
+   ERRMACRO(CERT), \
+   ERRMACRO(CERTBASICCONSTRAINTS), \
+   ERRMACRO(CERTCHAINCHECKER), \
+   ERRMACRO(CERTNAMECONSTRAINTS), \
+   ERRMACRO(CERTNAMECONSTRAINTSCHECKERSTATE), \
+   ERRMACRO(CERTPOLICYCHECKERSTATE), \
+   ERRMACRO(CERTPOLICYINFO), \
+   ERRMACRO(CERTPOLICYMAP), \
+   ERRMACRO(CERTPOLICYNODE), \
+   ERRMACRO(CERTPOLICYQUALIFIER), \
+   ERRMACRO(CERTSELECTOR), \
+   ERRMACRO(CERTSTORE), \
+   ERRMACRO(CERTVFYPKIX), \
+   ERRMACRO(COLLECTIONCERTSTORECONTEXT), \
+   ERRMACRO(COMCERTSELPARAMS), \
+   ERRMACRO(COMCRLSELPARAMS), \
+   ERRMACRO(CONTEXT), \
+   ERRMACRO(CRL), \
+   ERRMACRO(CRLDP), \
+   ERRMACRO(CRLENTRY), \
+   ERRMACRO(CRLSELECTOR), \
+   ERRMACRO(CRLCHECKER), \
+   ERRMACRO(DATE), \
+   ERRMACRO(EKUCHECKER), \
+   ERRMACRO(ERROR), \
+   ERRMACRO(FATAL), \
+   ERRMACRO(FORWARDBUILDERSTATE), \
+   ERRMACRO(GENERALNAME), \
+   ERRMACRO(HASHTABLE), \
+   ERRMACRO(HTTPCERTSTORECONTEXT), \
+   ERRMACRO(HTTPDEFAULTCLIENT), \
+   ERRMACRO(INFOACCESS), \
+   ERRMACRO(LDAPCLIENT), \
+   ERRMACRO(LDAPDEFAULTCLIENT), \
+   ERRMACRO(LDAPREQUEST), \
+   ERRMACRO(LDAPRESPONSE), \
+   ERRMACRO(LIFECYCLE), \
+   ERRMACRO(LIST), \
+   ERRMACRO(LOGGER), \
+   ERRMACRO(MEM), \
+   ERRMACRO(MONITORLOCK), \
+   ERRMACRO(MUTEX), \
+   ERRMACRO(OBJECT), \
+   ERRMACRO(OCSPCERTID), \
+   ERRMACRO(OCSPCHECKER), \
+   ERRMACRO(OCSPREQUEST), \
+   ERRMACRO(OCSPRESPONSE), \
+   ERRMACRO(OID), \
+   ERRMACRO(PROCESSINGPARAMS), \
+   ERRMACRO(PUBLICKEY), \
+   ERRMACRO(RESOURCELIMITS), \
+   ERRMACRO(REVOCATIONMETHOD), \
+   ERRMACRO(REVOCATIONCHECKER), \
+   ERRMACRO(RWLOCK), \
+   ERRMACRO(SIGNATURECHECKERSTATE), \
+   ERRMACRO(SOCKET), \
+   ERRMACRO(STRING), \
+   ERRMACRO(TARGETCERTCHECKERSTATE), \
+   ERRMACRO(TRUSTANCHOR), \
+   ERRMACRO(USERDEFINEDMODULES), \
+   ERRMACRO(VALIDATE), \
+   ERRMACRO(VALIDATEPARAMS), \
+   ERRMACRO(VALIDATERESULT), \
+   ERRMACRO(VERIFYNODE), \
+   ERRMACRO(X500NAME)
+
+#define ERRMACRO(type) PKIX_ ## type ## _ERROR
+
+typedef enum {     /* Now invoke all those ERRMACROs to assign the numbers */
+   PKIX_ERRORCLASSES,
+   PKIX_NUMERRORCLASSES   /* This gets PKIX_NUMERRORCLASSES defined as the total number */
+} PKIX_ERRORCLASS;
+
+/* Now define error strings (for internationalization) */
+
+#define PKIX_ERRORENTRY(name,desc,plerr) PKIX_ ## name
+
+/* Define all the error numbers */
+typedef enum    {
+#include "pkix_errorstrings.h"
+, PKIX_NUMERRORCODES
+} PKIX_ERRORCODE;
+
+extern const char * const PKIX_ErrorText[];
+
+/* String Formats
+ *
+ * These formats specify supported encoding formats for Strings.
+ */
+
+#define PKIX_ESCASCII           0
+#define PKIX_UTF8               1
+#define PKIX_UTF16              2
+#define PKIX_UTF8_NULL_TERM     3
+#define PKIX_ESCASCII_DEBUG     4
+
+/* Name Types
+ *
+ * These types specify supported formats for GeneralNames.
+ */
+
+#define PKIX_OTHER_NAME         1
+#define PKIX_RFC822_NAME        2
+#define PKIX_DNS_NAME           3
+#define PKIX_X400_ADDRESS       4
+#define PKIX_DIRECTORY_NAME     5
+#define PKIX_EDIPARTY_NAME      6
+#define PKIX_URI_NAME           7
+#define PKIX_IP_NAME            8
+#define PKIX_OID_NAME           9
+
+/* Key Usages
+ *
+ * These types specify supported Key Usages
+ */
+
+#define PKIX_DIGITAL_SIGNATURE  0x001
+#define PKIX_NON_REPUDIATION    0x002
+#define PKIX_KEY_ENCIPHERMENT   0x004
+#define PKIX_DATA_ENCIPHERMENT  0x008
+#define PKIX_KEY_AGREEMENT      0x010
+#define PKIX_KEY_CERT_SIGN      0x020
+#define PKIX_CRL_SIGN           0x040
+#define PKIX_ENCIPHER_ONLY      0x080
+#define PKIX_DECIPHER_ONLY      0x100
+
+/* Reason Flags
+ *
+ * These macros specify supported Reason Flags
+ */
+
+#define PKIX_UNUSED                     0x001
+#define PKIX_KEY_COMPROMISE             0x002
+#define PKIX_CA_COMPROMISE              0x004
+#define PKIX_AFFILIATION_CHANGED        0x008
+#define PKIX_SUPERSEDED                 0x010
+#define PKIX_CESSATION_OF_OPERATION     0x020
+#define PKIX_CERTIFICATE_HOLD           0x040
+#define PKIX_PRIVILEGE_WITHDRAWN        0x080
+#define PKIX_AA_COMPROMISE              0x100
+
+/* Boolean values
+ *
+ * These macros specify the Boolean values of TRUE and FALSE
+ * XXX Is it the case that any non-zero value is actually considered TRUE
+ * and this is just a convenient mnemonic macro?
+ */
+
+#define PKIX_TRUE                       ((PKIX_Boolean) 1)
+#define PKIX_FALSE                      ((PKIX_Boolean) 0)
+
+/*
+ * Define constants for basic constraints selector
+ *      (see comments in pkix_certsel.h)
+ */
+
+#define PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH (-2)
+#define PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH (-1)
+
+/*
+ * PKIX_ALLOC_ERROR is a special error object hard-coded into the pkix_error.o
+ * object file. It is thrown if system memory cannot be allocated or may be
+ * thrown for other unrecoverable errors. PKIX_ALLOC_ERROR is immutable.
+ * IncRef, DecRef and all Settor functions cannot be called.
+ * XXX Does anyone actually need to know about this?
+ * XXX Why no DecRef? Would be good to handle it the same.
+ */
+
+PKIX_Error* PKIX_ALLOC_ERROR(void);
+
+/*
+ * In a CertBasicConstraints extension, if the CA flag is set,
+ * indicating the certificate refers to a Certification
+ * Authority, then the pathLen field indicates how many intermediate
+ * certificates (not counting self-signed ones) can exist in a valid
+ * chain following this certificate. If the pathLen has the value
+ * of this constant, then the length of the chain is unlimited
+ */
+#define PKIX_UNLIMITED_PATH_CONSTRAINT ((PKIX_Int32) -1)
+
+/*
+ * Define Certificate Extension hard-coded OID's
+ */
+#define PKIX_UNKNOWN_OID                       SEC_OID_UNKNOWN
+#define PKIX_CERTKEYUSAGE_OID                  SEC_OID_X509_KEY_USAGE
+#define PKIX_CERTSUBJALTNAME_OID               SEC_OID_X509_SUBJECT_ALT_NAME
+#define PKIX_BASICCONSTRAINTS_OID              SEC_OID_X509_BASIC_CONSTRAINTS
+#define PKIX_CRLREASONCODE_OID                 SEC_OID_X509_REASON_CODE
+#define PKIX_NAMECONSTRAINTS_OID               SEC_OID_X509_NAME_CONSTRAINTS
+#define PKIX_CERTIFICATEPOLICIES_OID           SEC_OID_X509_CERTIFICATE_POLICIES
+#define PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID SEC_OID_X509_ANY_POLICY
+#define PKIX_POLICYMAPPINGS_OID                SEC_OID_X509_POLICY_MAPPINGS
+#define PKIX_POLICYCONSTRAINTS_OID             SEC_OID_X509_POLICY_CONSTRAINTS
+#define PKIX_EXTENDEDKEYUSAGE_OID              SEC_OID_X509_EXT_KEY_USAGE
+#define PKIX_INHIBITANYPOLICY_OID              SEC_OID_X509_INHIBIT_ANY_POLICY 
+#define PKIX_NSCERTTYPE_OID                    SEC_OID_NS_CERT_EXT_CERT_TYPE
+#define PKIX_KEY_USAGE_SERVER_AUTH_OID         SEC_OID_EXT_KEY_USAGE_SERVER_AUTH
+#define PKIX_KEY_USAGE_CLIENT_AUTH_OID         SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH
+#define PKIX_KEY_USAGE_CODE_SIGN_OID           SEC_OID_EXT_KEY_USAGE_CODE_SIGN
+#define PKIX_KEY_USAGE_EMAIL_PROTECT_OID       SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT
+#define PKIX_KEY_USAGE_TIME_STAMP_OID          SEC_OID_EXT_KEY_USAGE_TIME_STAMP
+#define PKIX_KEY_USAGE_OCSP_RESPONDER_OID      SEC_OID_OCSP_RESPONDER
+
+
+/* Available revocation method types. */
+typedef enum PKIX_RevocationMethodTypeEnum {
+    PKIX_RevocationMethod_CRL = 0,
+    PKIX_RevocationMethod_OCSP,
+    PKIX_RevocationMethod_MAX
+} PKIX_RevocationMethodType;
+
+/* A set of statuses revocation checker operates on */
+typedef enum PKIX_RevocationStatusEnum {
+    PKIX_RevStatus_NoInfo = 0,
+    PKIX_RevStatus_Revoked,
+    PKIX_RevStatus_Success
+} PKIX_RevocationStatus;
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIXT_H */
diff --git a/nss/lib/libpkix/manifest.mn b/nss/lib/libpkix/manifest.mn
new file mode 100755
index 0000000..31990da
--- /dev/null
+++ b/nss/lib/libpkix/manifest.mn
@@ -0,0 +1,13 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
+
+#
+DIRS =  include pkix pkix_pl_nss \
+	$(NULL)
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/libpkix/pkix/Makefile b/nss/lib/libpkix/pkix/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/certsel/Makefile b/nss/lib/libpkix/pkix/certsel/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/certsel/certsel.gyp b/nss/lib/libpkix/pkix/certsel/certsel.gyp
new file mode 100644
index 0000000..a7ff65c
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/certsel.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixcertsel',
+      'type': 'static_library',
+      'sources': [
+        'pkix_certselector.c',
+        'pkix_comcertselparams.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix/certsel/config.mk b/nss/lib/libpkix/pkix/certsel/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/certsel/exports.gyp b/nss/lib/libpkix/pkix/certsel/exports.gyp
new file mode 100644
index 0000000..9cbd847
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/exports.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_certsel_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_certselector.h',
+            'pkix_comcertselparams.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/certsel/manifest.mn b/nss/lib/libpkix/pkix/certsel/manifest.mn
new file mode 100755
index 0000000..525ee09
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_certselector.h \
+	pkix_comcertselparams.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_certselector.c \
+	pkix_comcertselparams.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixcertsel
+
diff --git a/nss/lib/libpkix/pkix/certsel/pkix_certselector.c b/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
new file mode 100755
index 0000000..89bddd9
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
@@ -0,0 +1,1637 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_certselector.c
+ *
+ * CertSelector Object Functions
+ *
+ */
+
+#include "pkix_certselector.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_CertSelector_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CertSelector_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_CertSelector *selector = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a cert selector */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSELECTOR_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTSELECTOR);
+
+        selector = (PKIX_CertSelector *)object;
+        PKIX_DECREF(selector->params);
+        PKIX_DECREF(selector->context);
+
+cleanup:
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CertSelector_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_CertSelector *certSelector = NULL;
+        PKIX_CertSelector *certSelectorDuplicate = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSELECTOR_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTSELECTOR);
+
+        certSelector = (PKIX_CertSelector *)object;
+
+        PKIX_CHECK(PKIX_CertSelector_Create
+                    (certSelector->matchCallback,
+                    certSelector->context,
+                    &certSelectorDuplicate,
+                    plContext),
+                    PKIX_CERTSELECTORCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_Duplicate
+                    ((PKIX_PL_Object *)certSelector->params,
+                    (PKIX_PL_Object **)&certSelectorDuplicate->params,
+                    plContext),
+                    PKIX_OBJECTDUPLICATEFAILED);
+
+        *pNewObject = (PKIX_PL_Object *)certSelectorDuplicate;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(certSelectorDuplicate);
+        }
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_BasicConstraint
+ * DESCRIPTION:
+ *
+ *  Determines whether the Cert pointed to by "cert" matches the basic
+ *  constraints criterion using the basic constraints field of the
+ *  ComCertSelParams pointed to by "params". If the basic constraints field is
+ *  -1, no basic constraints check is done and the Cert is considered to match
+ *  the basic constraints criterion. If the Cert does not match the basic
+ *  constraints criterion, an Error pointer is returned.
+ *
+ *  In order to match against this criterion, there are several possibilities.
+ *
+ *  1) If the criterion's minimum path length is greater than or equal to zero,
+ *  a certificate must include a BasicConstraints extension with a pathLen of
+ *  at least this value.
+ *
+ *  2) If the criterion's minimum path length is -2, a certificate must be an
+ *  end-entity certificate.
+ *
+ *  3) If the criterion's minimum path length is -1, no basic constraints check
+ *  is done and all certificates are considered to match this criterion.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose basic constraints field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * OUTPUT PARAMETERS ON FAILURE:
+ *   If the function returns a failure,
+ *   the output parameters of this function are undefined.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_BasicConstraint(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
+        PKIX_Boolean caFlag = PKIX_FALSE; /* EE Cert by default */
+        PKIX_Int32 pathLength = 0;
+        PKIX_Int32 minPathLength = 0;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_BasicConstraint");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+        *pResult = PKIX_TRUE;
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetBasicConstraints
+                (params, &minPathLength, plContext),
+                PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED);
+
+        /* If the minPathLength is unlimited (-1), no checking */
+        if (minPathLength == PKIX_CERTSEL_ALL_MATCH_MIN_PATHLENGTH) {
+                goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
+                    (cert, &basicConstraints, plContext),
+                    PKIX_CERTGETBASICCONSTRAINTSFAILED);
+
+        if (basicConstraints != NULL) {
+                PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
+                            (basicConstraints, &caFlag, plContext),
+                            PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
+
+                PKIX_CHECK(PKIX_PL_BasicConstraints_GetPathLenConstraint
+                        (basicConstraints, &pathLength, plContext),
+                        PKIX_BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED);
+        }
+
+        /*
+         * if minPathLength >= 0, the cert must have a BasicConstraints ext and
+         * the pathLength in this cert
+         * BasicConstraints needs to be >= minPathLength.
+         */
+        if (minPathLength >= 0){
+                if ((!basicConstraints) || (caFlag == PKIX_FALSE)){
+                        PKIX_ERROR(PKIX_CERTNOTALLOWEDTOSIGNCERTIFICATES);
+                } else if ((pathLength != PKIX_UNLIMITED_PATH_CONSTRAINT) &&
+                            (pathLength < minPathLength)){
+                        PKIX_CERTSELECTOR_DEBUG
+                            ("Basic Constraints path length match failed\n");
+                        *pResult = PKIX_FALSE;
+                        PKIX_ERROR(PKIX_PATHLENCONSTRAINTINVALID);
+                }
+        }
+
+        /* if the minPathLength is -2, this cert must be an end-entity cert. */
+        if (minPathLength == PKIX_CERTSEL_ENDENTITY_MIN_PATHLENGTH) {
+                if (caFlag == PKIX_TRUE) {
+                    PKIX_CERTSELECTOR_DEBUG
+                        ("Basic Constraints end-entity match failed\n");
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_PATHLENCONSTRAINTINVALID);
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(basicConstraints);
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_Policies
+ * DESCRIPTION:
+ *
+ *  Determines whether the Cert pointed to by "cert" matches the policy
+ *  constraints specified in the ComCertsSelParams given by "params".
+ *  If "params" specifies a policy constraint of NULL, all certificates
+ *  match. If "params" specifies an empty list, "cert" must have at least
+ *  some policy. Otherwise "cert" must include at least one of the
+ *  policies in the list. See the description of PKIX_CertSelector in
+ *  pkix_certsel.h for more.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose policy criterion (if any) is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_Policies(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 numConstraintPolicies = 0;
+        PKIX_UInt32 numCertPolicies = 0;
+        PKIX_UInt32 certPolicyIndex = 0;
+        PKIX_Boolean result = PKIX_FALSE;
+        PKIX_List *constraintPolicies = NULL; /* List of PKIX_PL_OID */
+        PKIX_List *certPolicyInfos = NULL; /* List of PKIX_PL_CertPolicyInfo */
+        PKIX_PL_CertPolicyInfo *policyInfo = NULL;
+        PKIX_PL_OID *polOID = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_Policies");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetPolicy
+                (params, &constraintPolicies, plContext),
+                PKIX_COMCERTSELPARAMSGETPOLICYFAILED);
+
+        /* If constraintPolicies is NULL, all certificates "match" */
+        if (constraintPolicies) {
+            PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformation
+                (cert, &certPolicyInfos, plContext),
+                PKIX_CERTGETPOLICYINFORMATIONFAILED);
+
+            /* No hope of a match if cert has no policies */
+            if (!certPolicyInfos) {
+                PKIX_CERTSELECTOR_DEBUG("Certificate has no policies\n");
+                *pResult = PKIX_FALSE;
+                PKIX_ERROR(PKIX_CERTSELECTORMATCHPOLICIESFAILED);
+            }
+
+            PKIX_CHECK(PKIX_List_GetLength
+                (constraintPolicies, &numConstraintPolicies, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+            if (numConstraintPolicies > 0) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (certPolicyInfos, &numCertPolicies, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                for (certPolicyIndex = 0;
+                        ((!result) && (certPolicyIndex < numCertPolicies));
+                        certPolicyIndex++) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (certPolicyInfos,
+                                certPolicyIndex,
+                                (PKIX_PL_Object **)&policyInfo,
+                                plContext),
+                                PKIX_LISTGETELEMENTFAILED);
+                        PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolicyId
+                                (policyInfo, &polOID, plContext),
+                                PKIX_CERTPOLICYINFOGETPOLICYIDFAILED);
+
+                        PKIX_CHECK(pkix_List_Contains
+                                (constraintPolicies,
+                                (PKIX_PL_Object *)polOID,
+                                &result,
+                                plContext),
+                                PKIX_LISTCONTAINSFAILED);
+                        PKIX_DECREF(policyInfo);
+                        PKIX_DECREF(polOID);
+                }
+                if (!result) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHPOLICIESFAILED);
+                }
+            }
+        }
+
+cleanup:
+
+        PKIX_DECREF(constraintPolicies);
+        PKIX_DECREF(certPolicyInfos);
+        PKIX_DECREF(policyInfo);
+        PKIX_DECREF(polOID);
+
+        PKIX_RETURN(CERTSELECTOR);
+
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_CertificateValid
+ * DESCRIPTION:
+ *
+ *  Determines whether the Cert pointed to by "cert" matches the certificate
+ *  validity criterion using the CertificateValid field of the
+ *  ComCertSelParams pointed to by "params". If the CertificateValid field is
+ *  NULL, no validity check is done and the Cert is considered to match
+ *  the CertificateValid criterion. If the CertificateValid field specifies a
+ *  Date prior to the notBefore field in the Cert, or greater than the notAfter
+ *  field in the Cert, an Error is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose certValid field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_CertificateValid(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_Date *validityTime = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_CertificateValid");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid
+                (params, &validityTime, plContext),
+                PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED);
+
+        /* If the validityTime is not set, all certificates are acceptable */
+        if (validityTime) {
+                PKIX_CHECK(PKIX_PL_Cert_CheckValidity
+                        (cert, validityTime, plContext),
+                        PKIX_CERTCHECKVALIDITYFAILED);
+        }
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+            *pResult = PKIX_FALSE;
+        }
+        PKIX_DECREF(validityTime);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_NameConstraints
+ * DESCRIPTION:
+ *
+ *  Determines whether the Cert pointed to by "cert" matches the name
+ *  constraints criterion specified in the ComCertSelParams pointed to by
+ *  "params". If the name constraints field is NULL, no name constraints check
+ *  is done and the Cert is considered to match the name constraints criterion.
+ *  If the Cert does not match the name constraints criterion, an Error pointer
+ *  is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose name constraints field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_NameConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_NameConstraints");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetNameConstraints
+                (params, &nameConstraints, plContext),
+                PKIX_COMCERTSELPARAMSGETNAMECONSTRAINTSFAILED);
+
+        if (nameConstraints != NULL) {
+                /* As only the end-entity certificate should have
+                 * the common name constrained as if it was a dNSName,
+                 * do not constrain the common name when building a
+                 * forward path.
+                 */
+                PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
+                    (cert, nameConstraints, PKIX_FALSE, plContext),
+                    PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
+        }
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+            *pResult = PKIX_FALSE;
+        }
+
+        PKIX_DECREF(nameConstraints);
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_PathToNames
+ * DESCRIPTION:
+ *
+ *  Determines whether the names at pathToNames in "params" complies with the
+ *  NameConstraints pointed to by "cert". If the pathToNames field is NULL
+ *  or there is no name constraints for this "cert", no checking is done
+ *  and the Cert is considered to match the name constraints criterion.
+ *  If the Cert does not match the name constraints criterion, an Error
+ *  pointer is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose PathToNames field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_PathToNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_List *pathToNamesList = NULL;
+        PKIX_Boolean passed = PKIX_FALSE;
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_PathToNames");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames
+                (params, &pathToNamesList, plContext),
+                PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED);
+
+        if (pathToNamesList != NULL) {
+
+            PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+                    (cert, &nameConstraints, plContext),
+                    PKIX_CERTGETNAMECONSTRAINTSFAILED);
+
+            if (nameConstraints != NULL) {
+
+                PKIX_CHECK(PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
+                        (pathToNamesList, nameConstraints, &passed, plContext),
+                        PKIX_CERTNAMECONSTRAINTSCHECKNAMESINNAMESPACEFAILED);
+
+                if (passed != PKIX_TRUE) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHPATHTONAMESFAILED);
+                }
+            }
+
+        }
+
+cleanup:
+
+        PKIX_DECREF(nameConstraints);
+        PKIX_DECREF(pathToNamesList);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_SubjAltNames
+ * DESCRIPTION:
+ *
+ *  Determines whether the names at subjAltNames in "params" match with the
+ *  SubjAltNames pointed to by "cert". If the subjAltNames field is NULL,
+ *  no name checking is done and the Cert is considered to match the
+ *  criterion. If the Cert does not match the criterion, an Error pointer
+ *  is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose SubjAltNames field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_SubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_List *subjAltNamesList = NULL;
+        PKIX_List *certSubjAltNames = NULL;
+        PKIX_PL_GeneralName *name = NULL;
+        PKIX_Boolean checkPassed = PKIX_FALSE;
+        PKIX_Boolean matchAll = PKIX_TRUE;
+        PKIX_UInt32 i, numItems;
+        PKIX_UInt32 matchCount = 0;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjAltNames");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
+                    (params, &matchAll, plContext),
+                    PKIX_COMCERTSELPARAMSGETMATCHALLSUBJALTNAMESFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames
+                    (params, &subjAltNamesList, plContext),
+                    PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
+
+        if (subjAltNamesList != NULL) {
+
+            PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames
+                    (cert, &certSubjAltNames, plContext),
+                    PKIX_CERTGETSUBJALTNAMESFAILED);
+
+            if (certSubjAltNames == NULL) {
+                *pResult = PKIX_FALSE;
+                PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED);
+            }
+
+            PKIX_CHECK(PKIX_List_GetLength
+                       (subjAltNamesList, &numItems, plContext),
+                       PKIX_LISTGETLENGTHFAILED);
+            
+            for (i = 0; i < numItems; i++) {
+                
+                PKIX_CHECK(PKIX_List_GetItem
+                           (subjAltNamesList,
+                            i,
+                            (PKIX_PL_Object **) &name,
+                            plContext),
+                           PKIX_LISTGETITEMFAILED);
+                
+                PKIX_CHECK(pkix_List_Contains
+                           (certSubjAltNames,
+                            (PKIX_PL_Object *) name,
+                            &checkPassed,
+                            plContext),
+                           PKIX_LISTCONTAINSFAILED);
+                
+                PKIX_DECREF(name);
+                
+                if (checkPassed == PKIX_TRUE) {
+                    
+                    if (matchAll == PKIX_FALSE) {
+                        /* one match is good enough */
+                        matchCount = numItems;
+                        break;
+                    } else {
+                        /* else continue checking next */
+                        matchCount++;
+                    }
+                    
+                }
+                
+            }
+            
+            if (matchCount != numItems) {
+                *pResult = PKIX_FALSE;
+                PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED);
+            }
+        }
+
+cleanup:
+
+        PKIX_DECREF(name);
+        PKIX_DECREF(certSubjAltNames);
+        PKIX_DECREF(subjAltNamesList);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_ExtendedKeyUsage
+ * DESCRIPTION:
+ *
+ *  Determines whether the names at ExtKeyUsage in "params" matches with the
+ *  ExtKeyUsage pointed to by "cert". If the ExtKeyUsage criterion or
+ *  ExtKeyUsage in "cert" is NULL, no checking is done and the Cert is
+ *  considered a match. If the Cert does not match, an Error pointer is
+ *  returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose ExtKeyUsage field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_ExtendedKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_List *extKeyUsageList = NULL;
+        PKIX_List *certExtKeyUsageList = NULL;
+        PKIX_PL_OID *ekuOid = NULL;
+        PKIX_Boolean isContained = PKIX_FALSE;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_ExtendedKeyUsage");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
+                    (params, &extKeyUsageList, plContext),
+                    PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
+
+        if (extKeyUsageList == NULL) {
+                goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage
+                    (cert, &certExtKeyUsageList, plContext),
+                    PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
+
+        if (certExtKeyUsageList != NULL) {
+
+            PKIX_CHECK(PKIX_List_GetLength
+                    (extKeyUsageList, &numItems, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+            for (i = 0; i < numItems; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                    (extKeyUsageList, i, (PKIX_PL_Object **)&ekuOid, plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(pkix_List_Contains
+                    (certExtKeyUsageList,
+                    (PKIX_PL_Object *)ekuOid,
+                    &isContained,
+                    plContext),
+                    PKIX_LISTCONTAINSFAILED);
+
+                PKIX_DECREF(ekuOid);
+
+                if (isContained != PKIX_TRUE) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED);
+                }
+            }
+        }
+
+cleanup:
+
+        PKIX_DECREF(ekuOid);
+        PKIX_DECREF(extKeyUsageList);
+        PKIX_DECREF(certExtKeyUsageList);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_KeyUsage
+ * DESCRIPTION:
+ *
+ *  Determines whether the bits at KeyUsage in "params" matches with the
+ *  KeyUsage pointed to by "cert". If the KeyUsage in params is 0
+ *  no checking is done and the Cert is considered a match. If the Cert does
+ *  not match, an Error pointer is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose ExtKeyUsage field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_KeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 keyUsage = 0;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_KeyUsage");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetKeyUsage
+                    (params, &keyUsage, plContext),
+                    PKIX_COMCERTSELPARAMSGETKEYUSAGEFAILED);
+
+        if (keyUsage != 0) {
+
+            PKIX_CHECK(PKIX_PL_Cert_VerifyKeyUsage
+                        (cert, keyUsage, plContext),
+                        PKIX_CERTVERIFYKEYUSAGEFAILED);
+
+        }
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+            *pResult = PKIX_FALSE;
+        }
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_SubjKeyId
+ * DESCRIPTION:
+ *
+ *  Determines whether the bytes at subjKeyId in "params" matches with the
+ *  Subject Key Identifier pointed to by "cert". If the subjKeyId in params is
+ *  set to NULL or the Cert doesn't have a Subject Key Identifier, no checking
+ *  is done and the Cert is considered a match. If the Cert does not match, an
+ *  Error pointer is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose subjKeyId field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_SubjKeyId(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *selSubjKeyId = NULL;
+        PKIX_PL_ByteArray *certSubjKeyId = NULL;
+        PKIX_Boolean equals = PKIX_FALSE;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjKeyId");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubjKeyIdentifier
+                    (params, &selSubjKeyId, plContext),
+                    PKIX_COMCERTSELPARAMSGETSUBJKEYIDENTIFIERFAILED);
+
+        if (selSubjKeyId != NULL) {
+
+                PKIX_CHECK(PKIX_PL_Cert_GetSubjectKeyIdentifier
+                    (cert, &certSubjKeyId, plContext),
+                    PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED);
+
+                if (certSubjKeyId == NULL) {
+                    goto cleanup;
+                }
+
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                           ((PKIX_PL_Object *)selSubjKeyId,
+                            (PKIX_PL_Object *)certSubjKeyId,
+                            &equals,
+                            plContext),
+                           PKIX_OBJECTEQUALSFAILED);
+                
+                if (equals == PKIX_FALSE) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED);
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(selSubjKeyId);
+        PKIX_DECREF(certSubjKeyId);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_AuthKeyId
+ * DESCRIPTION:
+ *
+ *  Determines whether the bytes at authKeyId in "params" matches with the
+ *  Authority Key Identifier pointed to by "cert". If the authKeyId in params
+ *  is set to NULL, no checking is done and the Cert is considered a match. If
+ *  the Cert does not match, an Error pointer is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose authKeyId field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_AuthKeyId(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *selAuthKeyId = NULL;
+        PKIX_PL_ByteArray *certAuthKeyId = NULL;
+        PKIX_Boolean equals = PKIX_FALSE;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_AuthKeyId");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
+                    (params, &selAuthKeyId, plContext),
+                    PKIX_COMCERTSELPARAMSGETAUTHORITYKEYIDENTIFIERFAILED);
+
+        if (selAuthKeyId != NULL) {
+
+                PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifier
+                    (cert, &certAuthKeyId, plContext),
+                    PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED);
+
+                if (certAuthKeyId == NULL) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED);
+                }
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                           ((PKIX_PL_Object *)selAuthKeyId,
+                            (PKIX_PL_Object *)certAuthKeyId,
+                            &equals,
+                            plContext),
+                           PKIX_OBJECTEQUALSFAILED);
+                
+                if (equals != PKIX_TRUE) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED);
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(selAuthKeyId);
+        PKIX_DECREF(certAuthKeyId);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_SubjPKAlgId
+ * DESCRIPTION:
+ *
+ *  Determines whether the OID at subjPKAlgId in "params" matches with the
+ *  Subject Public Key Alg Id pointed to by "cert". If the subjPKAlgId in params
+ *  is set to NULL, no checking is done and the Cert is considered a match. If
+ *  the Cert does not match, an Error pointer is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose subjPKAlgId field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_SubjPKAlgId(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_OID *selPKAlgId = NULL;
+        PKIX_PL_OID *certPKAlgId = NULL;
+        PKIX_Boolean equals = PKIX_FALSE;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjPKAlgId");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubjPKAlgId
+                    (params, &selPKAlgId, plContext),
+                    PKIX_COMCERTSELPARAMSGETSUBJPKALGIDFAILED);
+
+        if (selPKAlgId != NULL) {
+
+                PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKeyAlgId
+                    (cert, &certPKAlgId, plContext),
+                    PKIX_CERTGETSUBJECTPUBLICKEYALGIDFAILED);
+
+                if (certPKAlgId != NULL) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED);
+                }
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                           ((PKIX_PL_Object *)selPKAlgId,
+                            (PKIX_PL_Object *)certPKAlgId,
+                            &equals,
+                            plContext),
+                           PKIX_OBJECTEQUALSFAILED);
+                
+                if (equals != PKIX_TRUE) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED);
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(selPKAlgId);
+        PKIX_DECREF(certPKAlgId);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Match_SubjPubKey
+ * DESCRIPTION:
+ *
+ *  Determines whether the key at subjPubKey in "params" matches with the
+ *  Subject Public Key pointed to by "cert". If the subjPubKey in params
+ *  is set to NULL, no checking is done and the Cert is considered a match. If
+ *  the Cert does not match, an Error pointer is returned.
+ *
+ * PARAMETERS:
+ *  "params"
+ *      Address of ComCertSelParams whose subPubKey field is used.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched. Must be non-NULL.
+ *  "pResult"
+ *      Address of PKIX_Boolean that returns the match result.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_Match_SubjPubKey(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_PublicKey *selPK = NULL;
+        PKIX_PL_PublicKey *certPK = NULL;
+        PKIX_Boolean equals = PKIX_FALSE;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_Match_SubjPubKey");
+        PKIX_NULLCHECK_THREE(params, cert, pResult);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubjPubKey
+                    (params, &selPK, plContext),
+                    PKIX_COMCERTSELPARAMSGETSUBJPUBKEYFAILED);
+
+        if (selPK != NULL) {
+
+                PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
+                    (cert, &certPK, plContext),
+                    PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
+
+                if (certPK == NULL) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED);
+                }
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                           ((PKIX_PL_Object *)selPK,
+                            (PKIX_PL_Object *)certPK,
+                            &equals,
+                            plContext),
+                           PKIX_OBJECTEQUALSFAILED);
+                
+                if (equals != PKIX_TRUE) {
+                    *pResult = PKIX_FALSE;
+                    PKIX_ERROR(PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED);
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(selPK);
+        PKIX_DECREF(certPK);
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_DefaultMatch
+ * DESCRIPTION:
+ *
+ *  This default match function determines whether the specified Cert pointed
+ *  to by "cert" matches the criteria of the CertSelector pointed to by
+ *  "selector". If the Cert does not match the CertSelector's
+ *  criteria, an error will be thrown.
+ *
+ *  This default match function understands how to process the most common
+ *  parameters. Any common parameter that is not set is assumed to be disabled,
+ *  which means this function will select all certificates without regard to
+ *  that particular disabled parameter. For example, if the SerialNumber
+ *  parameter is not set, this function will not filter out any certificate
+ *  based on its serial number. As such, if no parameters are set, all are
+ *  disabled and any certificate will match. If a parameter is disabled, its
+ *  associated PKIX_ComCertSelParams_Get* function returns a default value.
+ *  That value is -1 for PKIX_ComCertSelParams_GetBasicConstraints and
+ *  PKIX_ComCertSelParams_GetVersion, 0 for PKIX_ComCertSelParams_GetKeyUsage,
+ *  and NULL for all other Get functions.
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CertSelector whose MatchCallback logic and parameters are
+ *      to be used. Must be non-NULL.
+ *  "cert"
+ *      Address of Cert that is to be matched using "selector".
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CertSelector_DefaultMatch(
+        PKIX_CertSelector *selector,
+        PKIX_PL_Cert *cert,
+        void *plContext)
+{
+        PKIX_ComCertSelParams *params = NULL;
+        PKIX_PL_X500Name *certSubject = NULL;
+        PKIX_PL_X500Name *selSubject = NULL;
+        PKIX_PL_X500Name *certIssuer = NULL;
+        PKIX_PL_X500Name *selIssuer = NULL;
+        PKIX_PL_BigInt *certSerialNumber = NULL;
+        PKIX_PL_BigInt *selSerialNumber = NULL;
+        PKIX_PL_Cert *selCert = NULL;
+        PKIX_PL_Date *selDate = NULL;
+        PKIX_UInt32 selVersion = 0xFFFFFFFF;
+        PKIX_UInt32 certVersion = 0;
+        PKIX_Boolean result = PKIX_TRUE;
+        PKIX_Boolean isLeafCert = PKIX_TRUE;
+
+#ifdef PKIX_BUILDDEBUG
+        PKIX_PL_String *certString = NULL;
+        void *certAscii = NULL;
+        PKIX_UInt32 certAsciiLen;
+#endif
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_DefaultMatch");
+        PKIX_NULLCHECK_TWO(selector, cert);
+
+        PKIX_INCREF(selector->params);
+        params = selector->params;
+
+        /* Are we looking for CAs? */
+        PKIX_CHECK(PKIX_ComCertSelParams_GetLeafCertFlag
+                    (params, &isLeafCert, plContext),
+                    PKIX_COMCERTSELPARAMSGETLEAFCERTFLAGFAILED);
+
+        if (params == NULL){
+                goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetVersion
+                    (params, &selVersion, plContext),
+                    PKIX_COMCERTSELPARAMSGETVERSIONFAILED);
+
+        if (selVersion != 0xFFFFFFFF){
+                PKIX_CHECK(PKIX_PL_Cert_GetVersion
+                            (cert, &certVersion, plContext),
+                            PKIX_CERTGETVERSIONFAILED);
+
+                if (selVersion != certVersion) {
+                        PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTVERSIONFAILED);
+                }
+        }
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
+                    (params, &selSubject, plContext),
+                    PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
+
+        if (selSubject){
+                PKIX_CHECK(PKIX_PL_Cert_GetSubject
+                            (cert, &certSubject, plContext),
+                            PKIX_CERTGETSUBJECTFAILED);
+
+                if (certSubject){
+                        PKIX_CHECK(PKIX_PL_X500Name_Match
+                            (selSubject, certSubject, &result, plContext),
+                            PKIX_X500NAMEMATCHFAILED);
+
+                        if (result == PKIX_FALSE){
+                            PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSUBJECTFAILED);
+                        }
+                } else { /* cert has no subject */
+                        PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSUBJECTFAILED);
+                }
+        }
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetIssuer
+                    (params, &selIssuer, plContext),
+                    PKIX_COMCERTSELPARAMSGETISSUERFAILED);
+
+        if (selIssuer){
+                PKIX_CHECK(PKIX_PL_Cert_GetIssuer
+                            (cert, &certIssuer, plContext),
+                            PKIX_CERTGETISSUERFAILED);
+
+                PKIX_CHECK(PKIX_PL_X500Name_Match
+                            (selIssuer, certIssuer, &result, plContext),
+                            PKIX_X500NAMEMATCHFAILED);
+
+                if (result == PKIX_FALSE){
+                        PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTISSUERFAILED);
+                }
+        }
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSerialNumber
+                    (params, &selSerialNumber, plContext),
+                    PKIX_COMCERTSELPARAMSGETSERIALNUMBERFAILED);
+
+        if (selSerialNumber){
+                PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber
+                            (cert, &certSerialNumber, plContext),
+                            PKIX_CERTGETSERIALNUMBERFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object *)selSerialNumber,
+                            (PKIX_PL_Object *)certSerialNumber,
+                            &result,
+                            plContext),
+                            PKIX_OBJECTEQUALSFAILED);
+
+                if (result == PKIX_FALSE){
+                        PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTSERIALNUMFAILED);
+                }
+        }
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetCertificate
+                    (params, &selCert, plContext),
+                    PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED);
+
+        if (selCert){
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object *) selCert,
+                            (PKIX_PL_Object *) cert,
+                            &result,
+                            plContext),
+                            PKIX_OBJECTEQUALSFAILED);
+
+                if (result == PKIX_FALSE){
+                        PKIX_ERROR(PKIX_CERTSELECTORMATCHCERTOBJECTFAILED);
+                }
+        }
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid
+                    (params, &selDate, plContext),
+                    PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED);
+
+        if (selDate){
+                PKIX_CHECK(PKIX_PL_Cert_CheckValidity
+                            (cert, selDate, plContext),
+                            PKIX_CERTCHECKVALIDITYFAILED);
+        }
+
+        PKIX_CHECK(pkix_CertSelector_Match_BasicConstraint
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHBASICCONSTRAINTFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_Policies
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHPOLICIESFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_CertificateValid
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHCERTIFICATEVALIDFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_NameConstraints
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHNAMECONSTRAINTSFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_PathToNames
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHPATHTONAMESFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_SubjAltNames
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHSUBJALTNAMESFAILED);
+
+        /* Check key usage and cert type based on certificate usage. */
+        PKIX_CHECK(PKIX_PL_Cert_VerifyCertAndKeyType(cert, !isLeafCert,
+                                                     plContext),
+                   PKIX_CERTVERIFYCERTTYPEFAILED);
+
+        /* Next two check are for user supplied additional KU and EKU. */
+        PKIX_CHECK(pkix_CertSelector_Match_ExtendedKeyUsage
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHEXTENDEDKEYUSAGEFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_KeyUsage
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHKEYUSAGEFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_SubjKeyId
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHSUBJKEYIDFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_AuthKeyId
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHAUTHKEYIDFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_SubjPKAlgId
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHSUBJPKALGIDFAILED);
+
+        PKIX_CHECK(pkix_CertSelector_Match_SubjPubKey
+                    (params, cert, &result, plContext),
+                    PKIX_CERTSELECTORMATCHSUBJPUBKEYFAILED);
+
+        /* if we reach here, the cert has successfully matched criteria */
+
+
+#ifdef PKIX_BUILDDEBUG
+
+        PKIX_CHECK(pkix_pl_Cert_ToString_Helper
+                    (cert, PKIX_TRUE, &certString, plContext),
+                    PKIX_CERTTOSTRINGHELPERFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                (certString,
+                PKIX_ESCASCII,
+                &certAscii,
+                &certAsciiLen,
+                plContext),
+                PKIX_STRINGGETENCODEDFAILED);
+
+        PKIX_CERTSELECTOR_DEBUG_ARG("Cert Selected:\n%s\n", certAscii);
+
+#endif
+
+cleanup:
+
+#ifdef PKIX_BUILDDEBUG
+        PKIX_DECREF(certString);
+        PKIX_FREE(certAscii);
+#endif
+
+        PKIX_DECREF(certSubject);
+        PKIX_DECREF(selSubject);
+        PKIX_DECREF(certIssuer);
+        PKIX_DECREF(selIssuer);
+        PKIX_DECREF(certSerialNumber);
+        PKIX_DECREF(selSerialNumber);
+        PKIX_DECREF(selCert);
+        PKIX_DECREF(selDate);
+        PKIX_DECREF(params);
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTSELECTOR_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_CertSelector_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTSELECTOR, "pkix_CertSelector_RegisterSelf");
+
+        entry.description = "CertSelector";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_CertSelector);
+        entry.destructor = pkix_CertSelector_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_CertSelector_Duplicate;
+
+        systemClasses[PKIX_CERTSELECTOR_TYPE] = entry;
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+
+/*
+ * FUNCTION: PKIX_CertSelector_Create (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_CertSelector_Create(
+        PKIX_CertSelector_MatchCallback callback,
+        PKIX_PL_Object *certSelectorContext,
+        PKIX_CertSelector **pSelector,
+        void *plContext)
+{
+        PKIX_CertSelector *selector = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_Create");
+        PKIX_NULLCHECK_ONE(pSelector);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CERTSELECTOR_TYPE,
+                    sizeof (PKIX_CertSelector),
+                    (PKIX_PL_Object **)&selector,
+                    plContext),
+                    PKIX_COULDNOTCREATECERTSELECTOROBJECT);
+
+        /*
+         * if user specified a particular match callback, we use that one.
+         * otherwise, we use the default match implementation which
+         * understands how to process PKIX_ComCertSelParams
+         */
+
+        if (callback){
+                selector->matchCallback = callback;
+        } else {
+                selector->matchCallback = pkix_CertSelector_DefaultMatch;
+        }
+
+        /* initialize other fields */
+        selector->params = NULL;
+
+        PKIX_INCREF(certSelectorContext);
+        selector->context = certSelectorContext;
+
+        *pSelector = selector;
+
+cleanup:
+
+        PKIX_RETURN(CERTSELECTOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_CertSelector_GetMatchCallback
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_CertSelector_GetMatchCallback(
+        PKIX_CertSelector *selector,
+        PKIX_CertSelector_MatchCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_GetMatchCallback");
+        PKIX_NULLCHECK_TWO(selector, pCallback);
+
+        *pCallback = selector->matchCallback;
+
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CertSelector_GetCertSelectorContext
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_CertSelector_GetCertSelectorContext(
+        PKIX_CertSelector *selector,
+        PKIX_PL_Object **pCertSelectorContext,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_GetCertSelectorContext");
+        PKIX_NULLCHECK_TWO(selector, pCertSelectorContext);
+
+        PKIX_INCREF(selector->context);
+
+        *pCertSelectorContext = selector->context;
+
+cleanup:
+        PKIX_RETURN(CERTSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CertSelector_GetCommonCertSelectorParams
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_CertSelector_GetCommonCertSelectorParams(
+        PKIX_CertSelector *selector,
+        PKIX_ComCertSelParams **pParams,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSELECTOR,
+                    "PKIX_CertSelector_GetCommonCertSelectorParams");
+
+        PKIX_NULLCHECK_TWO(selector, pParams);
+
+        PKIX_INCREF(selector->params);
+        *pParams = selector->params;
+
+cleanup:
+        PKIX_RETURN(CERTSELECTOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_CertSelector_SetCommonCertSelectorParams
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_CertSelector_SetCommonCertSelectorParams(
+        PKIX_CertSelector *selector,
+        PKIX_ComCertSelParams *params,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSELECTOR,
+                    "PKIX_CertSelector_SetCommonCertSelectorParams");
+
+        PKIX_NULLCHECK_ONE(selector);
+
+        PKIX_DECREF(selector->params);
+        PKIX_INCREF(params);
+        selector->params = params;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)selector, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CERTSELECTOR);
+
+}
+
+/*
+ * FUNCTION: pkix_CertSelector_Select
+ * DESCRIPTION:
+ *
+ *  This function applies the selector pointed to by "selector" to each Cert,
+ *  in turn, in the List pointed to by "before", and creates a List containing
+ *  all the Certs that matched, or passed the selection process, storing that
+ *  List at "pAfter". If no Certs match, an empty List is stored at "pAfter".
+ *
+ *  The List returned in "pAfter" is immutable.
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CertSelelector to be applied to the List. Must be non-NULL.
+ *  "before"
+ *      Address of List that is to be filtered. Must be non-NULL.
+ *  "pAfter"
+ *      Address at which resulting List, possibly empty, is stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CertSelector_Select(
+	PKIX_CertSelector *selector,
+	PKIX_List *before,
+	PKIX_List **pAfter,
+	void *plContext)
+{
+	PKIX_UInt32 numBefore = 0;
+	PKIX_UInt32 i = 0;
+	PKIX_List *filtered = NULL;
+	PKIX_PL_Cert *candidate = NULL;
+
+        PKIX_ENTER(CERTSELECTOR, "PKIX_CertSelector_Select");
+        PKIX_NULLCHECK_THREE(selector, before, pAfter);
+
+        PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (i = 0; i < numBefore; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (before, i, (PKIX_PL_Object **)&candidate, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK_ONLY_FATAL(selector->matchCallback
+                        (selector, candidate, plContext),
+                        PKIX_CERTSELECTORMATCHCALLBACKFAILED);
+
+                if (!(PKIX_ERROR_RECEIVED)) {
+
+                        PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
+                                (filtered,
+                                (PKIX_PL_Object *)candidate,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                }
+
+                pkixTempErrorReceived = PKIX_FALSE;
+                PKIX_DECREF(candidate);
+        }
+
+        PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        /* Don't throw away the list if one Cert was bad! */
+        pkixTempErrorReceived = PKIX_FALSE;
+
+        *pAfter = filtered;
+        filtered = NULL;
+
+cleanup:
+
+        PKIX_DECREF(filtered);
+        PKIX_DECREF(candidate);
+
+        PKIX_RETURN(CERTSELECTOR);
+
+}
diff --git a/nss/lib/libpkix/pkix/certsel/pkix_certselector.h b/nss/lib/libpkix/pkix/certsel/pkix_certselector.h
new file mode 100755
index 0000000..33b6483
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/pkix_certselector.h
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_certselector.h
+ *
+ * CertSelector Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_CERTSELECTOR_H
+#define _PKIX_CERTSELECTOR_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_CertSelectorStruct {
+        PKIX_CertSelector_MatchCallback matchCallback;
+        PKIX_ComCertSelParams *params;
+        PKIX_PL_Object *context;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_CertSelector_Select(
+	PKIX_CertSelector *selector,
+	PKIX_List *before,
+	PKIX_List **pAfter,
+	void *plContext);
+
+PKIX_Error *pkix_CertSelector_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CERTSELECTOR_H */
diff --git a/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c b/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c
new file mode 100755
index 0000000..a62f78d
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.c
@@ -0,0 +1,1188 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_comcertselparams.c
+ *
+ * ComCertSelParams Object Functions
+ *
+ */
+
+#include "pkix_comcertselparams.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ComCertSelParams_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCertSelParams_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ComCertSelParams *params = NULL;
+
+        PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a comCertSelParams object */
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_COMCERTSELPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTCOMCERTSELPARAMS);
+
+        params = (PKIX_ComCertSelParams *)object;
+
+        PKIX_DECREF(params->subject);
+        PKIX_DECREF(params->policies);
+        PKIX_DECREF(params->cert);
+        PKIX_DECREF(params->nameConstraints);
+        PKIX_DECREF(params->pathToNames);
+        PKIX_DECREF(params->subjAltNames);
+        PKIX_DECREF(params->date);
+        PKIX_DECREF(params->extKeyUsage);
+        PKIX_DECREF(params->certValid);
+        PKIX_DECREF(params->issuer);
+        PKIX_DECREF(params->serialNumber);
+        PKIX_DECREF(params->authKeyId);
+        PKIX_DECREF(params->subjKeyId);
+        PKIX_DECREF(params->subjPubKey);
+        PKIX_DECREF(params->subjPKAlgId);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCertSelParams_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCertSelParams_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_ComCertSelParams *params = NULL;
+        PKIX_ComCertSelParams *paramsDuplicate = NULL;
+
+        PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_COMCERTSELPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTCOMCERTSELPARAMS);
+
+        params = (PKIX_ComCertSelParams *)object;
+
+        PKIX_CHECK(PKIX_ComCertSelParams_Create(&paramsDuplicate, plContext),
+                    PKIX_COMCERTSELPARAMSCREATEFAILED);
+
+        paramsDuplicate->minPathLength = params->minPathLength;
+        paramsDuplicate->matchAllSubjAltNames = params->matchAllSubjAltNames;
+
+        PKIX_DUPLICATE(params->subject, &paramsDuplicate->subject, plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE(params->policies, &paramsDuplicate->policies, plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        if (params->cert){
+                PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            ((PKIX_PL_Object *)params->cert,
+                            (PKIX_PL_Object **)&paramsDuplicate->cert,
+                            plContext),
+                            PKIX_OBJECTDUPLICATEFAILED);
+        }
+
+        PKIX_DUPLICATE
+                (params->nameConstraints,
+                &paramsDuplicate->nameConstraints,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->pathToNames,
+                &paramsDuplicate->pathToNames,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->subjAltNames,
+                &paramsDuplicate->subjAltNames,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        if (params->date){
+                PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            ((PKIX_PL_Object *)params->date,
+                            (PKIX_PL_Object **)&paramsDuplicate->date,
+                            plContext),
+                            PKIX_OBJECTDUPLICATEFAILED);
+        }
+
+        paramsDuplicate->keyUsage = params->keyUsage;
+
+        PKIX_DUPLICATE(params->certValid,
+                &paramsDuplicate->certValid,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE(params->issuer,
+                &paramsDuplicate->issuer,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE(params->serialNumber,
+                &paramsDuplicate->serialNumber,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE(params->authKeyId,
+                &paramsDuplicate->authKeyId,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE(params->subjKeyId,
+                &paramsDuplicate->subjKeyId,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE(params->subjPubKey,
+                &paramsDuplicate->subjPubKey,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE(params->subjPKAlgId,
+                &paramsDuplicate->subjPKAlgId,
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        paramsDuplicate->leafCertFlag = params->leafCertFlag;
+
+        *pNewObject = (PKIX_PL_Object *)paramsDuplicate;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(paramsDuplicate);
+        }
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCertSelParams_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_COMCERTSELPARAMS_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_ComCertSelParams_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry* entry = &systemClasses[PKIX_COMCERTSELPARAMS_TYPE];
+
+        PKIX_ENTER(COMCERTSELPARAMS, "pkix_ComCertSelParams_RegisterSelf");
+
+        entry->description = "ComCertSelParams";
+        entry->typeObjectSize = sizeof(PKIX_ComCertSelParams);
+        entry->destructor = pkix_ComCertSelParams_Destroy;
+        entry->duplicateFunction = pkix_ComCertSelParams_Duplicate;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_Create (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_Create(
+        PKIX_ComCertSelParams **pParams,
+        void *plContext)
+{
+        PKIX_ComCertSelParams *params = NULL;
+
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_Create");
+        PKIX_NULLCHECK_ONE(pParams);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_COMCERTSELPARAMS_TYPE,
+                    sizeof (PKIX_ComCertSelParams),
+                    (PKIX_PL_Object **)&params,
+                    plContext),
+                    PKIX_COULDNOTCREATECOMMONCERTSELPARAMSOBJECT);
+
+        /* initialize fields */
+        params->version = 0xFFFFFFFF;
+        params->minPathLength = -1;
+        params->matchAllSubjAltNames = PKIX_TRUE;
+        params->subject = NULL;
+        params->policies = NULL;
+        params->cert = NULL;
+        params->nameConstraints = NULL;
+        params->pathToNames = NULL;
+        params->subjAltNames = NULL;
+        params->extKeyUsage = NULL;
+        params->keyUsage = 0;
+        params->extKeyUsage = NULL;
+        params->keyUsage = 0;
+        params->date = NULL;
+        params->certValid = NULL;
+        params->issuer = NULL;
+        params->serialNumber = NULL;
+        params->authKeyId = NULL;
+        params->subjKeyId = NULL;
+        params->subjPubKey = NULL;
+        params->subjPKAlgId = NULL;
+        params->leafCertFlag = PKIX_FALSE;
+
+        *pParams = params;
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubject (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubject(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name **pSubject,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubject");
+        PKIX_NULLCHECK_TWO(params, pSubject);
+
+        PKIX_INCREF(params->subject);
+
+        *pSubject = params->subject;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubject (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubject(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name *subject,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubject");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->subject);
+
+        PKIX_INCREF(subject);
+
+        params->subject = subject;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetBasicConstraints
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetBasicConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_Int32 *pMinPathLength,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_GetBasicConstraints");
+        PKIX_NULLCHECK_TWO(params, pMinPathLength);
+
+        *pMinPathLength = params->minPathLength;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetBasicConstraints
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetBasicConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_Int32 minPathLength,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_SetBasicConstraints");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->minPathLength = minPathLength;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetPolicy (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetPolicy(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pPolicy, /* List of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetPolicy");
+        PKIX_NULLCHECK_TWO(params, pPolicy);
+
+        PKIX_INCREF(params->policies);
+        *pPolicy = params->policies;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetPolicy (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetPolicy(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *policy, /* List of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPolicy");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->policies);
+        PKIX_INCREF(policy);
+        params->policies = policy;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetCertificate
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetCertificate(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert **pCert,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetCertificate");
+        PKIX_NULLCHECK_TWO(params, pCert);
+
+        PKIX_INCREF(params->cert);
+        *pCert = params->cert;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetCertificate
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetCertificate(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Cert *cert,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetCertificate");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->cert);
+        PKIX_INCREF(cert);
+        params->cert = cert;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetCertificateValid
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetCertificateValid(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_GetCertificateValid");
+
+        PKIX_NULLCHECK_TWO(params, pDate);
+
+        PKIX_INCREF(params->date);
+        *pDate = params->date;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetCertificateValid
+ *      (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetCertificateValid(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_Date *date,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_SetCertificateValid");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->date);
+        PKIX_INCREF(date);
+        params->date = date;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetNameConstraints
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetNameConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_GetNameConstraints");
+        PKIX_NULLCHECK_TWO(params, pNameConstraints);
+
+        PKIX_INCREF(params->nameConstraints);
+
+        *pNameConstraints = params->nameConstraints;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetNameConstraints
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetNameConstraints(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_SetNameConstraints");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->nameConstraints);
+        PKIX_INCREF(nameConstraints);
+        params->nameConstraints = nameConstraints;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetPathToNames
+ * (see comments in pkix_certsel.h)
+ */PKIX_Error *
+PKIX_ComCertSelParams_GetPathToNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pNames,  /* list of PKIX_PL_GeneralName */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetPathToNames");
+        PKIX_NULLCHECK_TWO(params, pNames);
+
+        PKIX_INCREF(params->pathToNames);
+
+        *pNames = params->pathToNames;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetPathToNames
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetPathToNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *names,  /* list of PKIX_PL_GeneralName */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetPathToNames");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->pathToNames);
+        PKIX_INCREF(names);
+
+        params->pathToNames = names;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_AddPathToName
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_AddPathToName(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_GeneralName *name,
+        void *plContext)
+{
+        PKIX_List *pathToNamesList = NULL;
+
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddPathToName");
+        PKIX_NULLCHECK_ONE(params);
+
+        if (name == NULL) {
+                goto cleanup;
+        }
+
+        if (params->pathToNames == NULL) {
+                /* Create a list for name item */
+                PKIX_CHECK(PKIX_List_Create(&pathToNamesList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+                params->pathToNames = pathToNamesList;
+        }
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (params->pathToNames, (PKIX_PL_Object *)name, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjAltNames
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pNames, /* list of PKIX_PL_GeneralName */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjAltNames");
+        PKIX_NULLCHECK_TWO(params, pNames);
+
+        PKIX_INCREF(params->subjAltNames);
+
+        *pNames = params->subjAltNames;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjAltNames
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *names,  /* list of PKIX_PL_GeneralName */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjAltNames");
+        PKIX_NULLCHECK_TWO(params, names);
+
+        PKIX_DECREF(params->subjAltNames);
+        PKIX_INCREF(names);
+
+        params->subjAltNames = names;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_AddSubjAltNames
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_AddSubjAltName(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_GeneralName *name,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_AddSubjAltName");
+        PKIX_NULLCHECK_TWO(params, name);
+
+        if (params->subjAltNames == NULL) {
+                PKIX_CHECK(PKIX_List_Create(&list, plContext),
+                        PKIX_LISTCREATEFAILED);
+                params->subjAltNames = list;
+        }
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (params->subjAltNames, (PKIX_PL_Object *)name, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS)
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetMatchAllSubjAltNames
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetMatchAllSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean *pMatch,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_GetMatchAllSubjAltNames");
+        PKIX_NULLCHECK_TWO(params, pMatch);
+
+        *pMatch = params->matchAllSubjAltNames;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetMatchAllSubjAltNames
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetMatchAllSubjAltNames(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean match,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_SetMatchAllSubjAltNames");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->matchAllSubjAltNames = match;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetExtendedKeyUsage
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetExtendedKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pExtKeyUsage, /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_GetExtendedKeyUsage");
+        PKIX_NULLCHECK_TWO(params, pExtKeyUsage);
+
+        PKIX_INCREF(params->extKeyUsage);
+        *pExtKeyUsage = params->extKeyUsage;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetExtendedKeyUsage
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetExtendedKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_List *extKeyUsage,  /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_SetExtendedKeyUsage");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->extKeyUsage);
+        PKIX_INCREF(extKeyUsage);
+
+        params->extKeyUsage = extKeyUsage;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetKeyUsage
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_UInt32 *pKeyUsage,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_GetKeyUsage");
+        PKIX_NULLCHECK_TWO(params, pKeyUsage);
+
+        *pKeyUsage = params->keyUsage;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetKeyUsage
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetKeyUsage(
+        PKIX_ComCertSelParams *params,
+        PKIX_UInt32 keyUsage,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                "PKIX_ComCertSelParams_SetKeyUsage");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->keyUsage = keyUsage;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetIssuer
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetIssuer(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name **pIssuer,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetIssuer");
+        PKIX_NULLCHECK_TWO(params, pIssuer);
+
+        PKIX_INCREF(params->issuer);
+        *pIssuer = params->issuer;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetIssuer
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetIssuer(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_X500Name *issuer,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetIssuer");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->issuer);
+        PKIX_INCREF(issuer);
+        params->issuer = issuer;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSerialNumber
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSerialNumber(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_BigInt **pSerialNumber,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSerialNumber");
+        PKIX_NULLCHECK_TWO(params, pSerialNumber);
+
+        PKIX_INCREF(params->serialNumber);
+        *pSerialNumber = params->serialNumber;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSerialNumber
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSerialNumber(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_BigInt *serialNumber,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSerialNumber");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->serialNumber);
+        PKIX_INCREF(serialNumber);
+        params->serialNumber = serialNumber;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetVersion
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetVersion(
+        PKIX_ComCertSelParams *params,
+        PKIX_UInt32 *pVersion,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetVersion");
+        PKIX_NULLCHECK_TWO(params, pVersion);
+
+        *pVersion = params->version;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetVersion
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetVersion(
+        PKIX_ComCertSelParams *params,
+        PKIX_Int32 version,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetVersion");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->version = version;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjKeyIdentifier
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray **pSubjKeyId,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_GetSubjKeyIdentifier");
+        PKIX_NULLCHECK_TWO(params, pSubjKeyId);
+
+        PKIX_INCREF(params->subjKeyId);
+
+        *pSubjKeyId = params->subjKeyId;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjKeyIdentifier
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray *subjKeyId,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_SetSubjKeyIdentifier");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->subjKeyId);
+        PKIX_INCREF(subjKeyId);
+
+        params->subjKeyId = subjKeyId;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetAuthorityKeyIdentifier
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetAuthorityKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray **pAuthKeyId,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_GetAuthorityKeyIdentifier");
+        PKIX_NULLCHECK_TWO(params, pAuthKeyId);
+
+        PKIX_INCREF(params->authKeyId);
+
+        *pAuthKeyId = params->authKeyId;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetAuthorityKeyIdentifier
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetAuthorityKeyIdentifier(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_ByteArray *authKeyId,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_SetAuthKeyIdentifier");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->authKeyId);
+        PKIX_INCREF(authKeyId);
+
+        params->authKeyId = authKeyId;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjPubKey
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjPubKey(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_PublicKey **pSubjPubKey,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjPubKey");
+        PKIX_NULLCHECK_TWO(params, pSubjPubKey);
+
+        PKIX_INCREF(params->subjPubKey);
+
+        *pSubjPubKey = params->subjPubKey;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjPubKey
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjPubKey(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_PublicKey *subjPubKey,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS,
+                    "PKIX_ComCertSelParams_SetSubjPubKey");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->subjPubKey);
+        PKIX_INCREF(subjPubKey);
+
+        params->subjPubKey = subjPubKey;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetSubjPKAlgId
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_GetSubjPKAlgId(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_OID **pAlgId,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetSubjPKAlgId");
+        PKIX_NULLCHECK_TWO(params, pAlgId);
+
+        PKIX_INCREF(params->subjPKAlgId);
+
+        *pAlgId = params->subjPKAlgId;
+
+cleanup:
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetSubjPKAlgId
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetSubjPKAlgId(
+        PKIX_ComCertSelParams *params,
+        PKIX_PL_OID *algId,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetSubjPKAlgId");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->subjPKAlgId);
+        PKIX_INCREF(algId);
+
+        params->subjPKAlgId = algId;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_GetLeafCertFlag
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error*
+PKIX_ComCertSelParams_GetLeafCertFlag(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean *pLeafFlag,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_GetLeafCertFlag");
+        PKIX_NULLCHECK_TWO(params, pLeafFlag);
+
+        *pLeafFlag = params->leafCertFlag;
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCertSelParams_SetLeafCertFlag
+ * (see comments in pkix_certsel.h)
+ */
+PKIX_Error *
+PKIX_ComCertSelParams_SetLeafCertFlag(
+        PKIX_ComCertSelParams *params,
+        PKIX_Boolean leafFlag,
+        void *plContext)
+{
+        PKIX_ENTER(COMCERTSELPARAMS, "PKIX_ComCertSelParams_SetLeafCertFlag");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->leafCertFlag = leafFlag;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCERTSELPARAMS);
+}
diff --git a/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h b/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h
new file mode 100755
index 0000000..935c639
--- /dev/null
+++ b/nss/lib/libpkix/pkix/certsel/pkix_comcertselparams.h
@@ -0,0 +1,57 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_comcertselparams.h
+ *
+ * ComCertSelParams Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_COMCERTSELPARAMS_H
+#define _PKIX_COMCERTSELPARAMS_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * pathToNamesConstraint is Name Constraints generated based on the
+ * pathToNames. We save a cached copy to save regeneration for each
+ * check. SubjAltNames also has its cache, since SubjAltNames are
+ * verified by checker, its cache copy is stored in checkerstate.
+ */
+struct PKIX_ComCertSelParamsStruct {
+        PKIX_Int32 version;
+        PKIX_Int32 minPathLength;
+        PKIX_Boolean matchAllSubjAltNames;
+        PKIX_PL_X500Name *subject;
+        PKIX_List *policies; /* List of PKIX_PL_OID */
+        PKIX_PL_Cert *cert;
+        PKIX_PL_CertNameConstraints *nameConstraints;
+        PKIX_List *pathToNames; /* List of PKIX_PL_GeneralNames */
+        PKIX_List *subjAltNames; /* List of PKIX_PL_GeneralNames */
+        PKIX_List *extKeyUsage; /* List of PKIX_PL_OID */
+        PKIX_UInt32 keyUsage;
+        PKIX_PL_Date *date;
+        PKIX_PL_Date *certValid;
+        PKIX_PL_X500Name *issuer;
+        PKIX_PL_BigInt *serialNumber;
+        PKIX_PL_ByteArray *authKeyId;
+        PKIX_PL_ByteArray *subjKeyId;
+        PKIX_PL_PublicKey *subjPubKey;
+        PKIX_PL_OID *subjPKAlgId;
+        PKIX_Boolean leafCertFlag;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ComCertSelParams_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_COMCERTSELPARAMS_H */
diff --git a/nss/lib/libpkix/pkix/checker/Makefile b/nss/lib/libpkix/pkix/checker/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/checker/checker.gyp b/nss/lib/libpkix/pkix/checker/checker.gyp
new file mode 100644
index 0000000..ac260fc
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/checker.gyp
@@ -0,0 +1,35 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixchecker',
+      'type': 'static_library',
+      'sources': [
+        'pkix_basicconstraintschecker.c',
+        'pkix_certchainchecker.c',
+        'pkix_crlchecker.c',
+        'pkix_ekuchecker.c',
+        'pkix_expirationchecker.c',
+        'pkix_namechainingchecker.c',
+        'pkix_nameconstraintschecker.c',
+        'pkix_ocspchecker.c',
+        'pkix_policychecker.c',
+        'pkix_revocationchecker.c',
+        'pkix_revocationmethod.c',
+        'pkix_signaturechecker.c',
+        'pkix_targetcertchecker.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix/checker/config.mk b/nss/lib/libpkix/pkix/checker/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/checker/exports.gyp b/nss/lib/libpkix/pkix/checker/exports.gyp
new file mode 100644
index 0000000..4bd68b3
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/exports.gyp
@@ -0,0 +1,37 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_checker_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_basicconstraintschecker.h',
+            'pkix_certchainchecker.h',
+            'pkix_crlchecker.h',
+            'pkix_ekuchecker.h',
+            'pkix_expirationchecker.h',
+            'pkix_namechainingchecker.h',
+            'pkix_nameconstraintschecker.h',
+            'pkix_ocspchecker.h',
+            'pkix_policychecker.h',
+            'pkix_revocationchecker.h',
+            'pkix_revocationmethod.h',
+            'pkix_signaturechecker.h',
+            'pkix_targetcertchecker.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/checker/manifest.mn b/nss/lib/libpkix/pkix/checker/manifest.mn
new file mode 100755
index 0000000..eba69d0
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/manifest.mn
@@ -0,0 +1,45 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_basicconstraintschecker.h \
+	pkix_certchainchecker.h \
+	pkix_crlchecker.h \
+        pkix_ekuchecker.h \
+	pkix_expirationchecker.h \
+	pkix_namechainingchecker.h \
+	pkix_nameconstraintschecker.h \
+	pkix_ocspchecker.h \
+	pkix_policychecker.h \
+	pkix_revocationmethod.h \
+	pkix_revocationchecker.h \
+	pkix_signaturechecker.h \
+	pkix_targetcertchecker.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_basicconstraintschecker.c \
+	pkix_certchainchecker.c \
+	pkix_crlchecker.c \
+	pkix_ekuchecker.c \
+	pkix_expirationchecker.c \
+	pkix_namechainingchecker.c \
+	pkix_nameconstraintschecker.c \
+	pkix_ocspchecker.c \
+	pkix_revocationmethod.c \
+	pkix_revocationchecker.c \
+	pkix_policychecker.c \
+	pkix_signaturechecker.c \
+	pkix_targetcertchecker.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixchecker
+
diff --git a/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c b/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
new file mode 100755
index 0000000..0e7a879
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.c
@@ -0,0 +1,306 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_basicconstraintschecker.c
+ *
+ * Functions for basic constraints validation
+ *
+ */
+
+#include "pkix_basicconstraintschecker.h"
+
+/* --Private-BasicConstraintsCheckerState-Functions------------------------- */
+
+/*
+ * FUNCTION: pkix_BasicConstraintsCheckerState_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_BasicConstraintsCheckerState_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        pkix_BasicConstraintsCheckerState *state = NULL;
+
+        PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
+                    "pkix_BasicConstraintsCheckerState_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a basic constraints checker state */
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE, plContext),
+                PKIX_OBJECTNOTBASICCONSTRAINTSCHECKERSTATE);
+
+        state = (pkix_BasicConstraintsCheckerState *)object;
+
+        PKIX_DECREF(state->basicConstraintsOID);
+
+cleanup:
+
+        PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_BasicConstraintsCheckerState_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_BasicConstraintsCheckerState_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
+                "pkix_BasicConstraintsCheckerState_RegisterSelf");
+
+        entry.description = "BasicConstraintsCheckerState";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(pkix_BasicConstraintsCheckerState);
+        entry.destructor = pkix_BasicConstraintsCheckerState_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE] = entry;
+
+        PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_BasicConstraintsCheckerState_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new BasicConstraintsCheckerState using the number of certs in
+ *  the chain represented by "certsRemaining" and stores it at "pState".
+ *
+ * PARAMETERS:
+ *  "certsRemaining"
+ *      Number of certificates in the chain.
+ *  "pState"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a BasicConstraintsCheckerState Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_BasicConstraintsCheckerState_Create(
+        PKIX_UInt32 certsRemaining,
+        pkix_BasicConstraintsCheckerState **pState,
+        void *plContext)
+{
+        pkix_BasicConstraintsCheckerState *state = NULL;
+
+        PKIX_ENTER(BASICCONSTRAINTSCHECKERSTATE,
+                    "pkix_BasicConstraintsCheckerState_Create");
+
+        PKIX_NULLCHECK_ONE(pState);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_BASICCONSTRAINTSCHECKERSTATE_TYPE,
+                    sizeof (pkix_BasicConstraintsCheckerState),
+                    (PKIX_PL_Object **)&state,
+                    plContext),
+                    PKIX_COULDNOTCREATEBASICCONSTRAINTSSTATEOBJECT);
+
+        /* initialize fields */
+        state->certsRemaining = certsRemaining;
+        state->maxPathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                    (PKIX_BASICCONSTRAINTS_OID,
+                    &state->basicConstraintsOID,
+                    plContext),
+                    PKIX_OIDCREATEFAILED);
+
+        *pState = state;
+        state = NULL;
+
+cleanup:
+
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(BASICCONSTRAINTSCHECKERSTATE);
+}
+
+/* --Private-BasicConstraintsChecker-Functions------------------------------ */
+
+/*
+ * FUNCTION: pkix_BasicConstraintsChecker_Check
+ * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
+ */
+PKIX_Error *
+pkix_BasicConstraintsChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,  /* list of PKIX_PL_OID */
+        void **pNBIOContext,
+        void *plContext)
+{
+        PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
+        pkix_BasicConstraintsCheckerState *state = NULL;
+        PKIX_Boolean caFlag = PKIX_FALSE;
+        PKIX_Int32 pathLength = 0;
+        PKIX_Int32 maxPathLength_now;
+        PKIX_Boolean isSelfIssued = PKIX_FALSE;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Check");
+        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
+
+        *pNBIOContext = NULL; /* we never block on pending I/O */
+
+        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                    (checker, (PKIX_PL_Object **)&state, plContext),
+                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        state->certsRemaining--;
+
+        if (state->certsRemaining != 0) {
+
+                PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
+                    (cert, &basicConstraints, plContext),
+                    PKIX_CERTGETBASICCONSTRAINTSFAILED);
+
+                /* get CA Flag and path length */
+                if (basicConstraints != NULL) {
+                        PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
+                            (basicConstraints,
+                            &caFlag,
+                            plContext),
+                            PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
+
+                if (caFlag == PKIX_TRUE) {
+                        PKIX_CHECK
+                            (PKIX_PL_BasicConstraints_GetPathLenConstraint
+                            (basicConstraints,
+                            &pathLength,
+                            plContext),
+                            PKIX_BASICCONSTRAINTSGETPATHLENCONSTRAINTFAILED);
+                }
+
+                }else{
+                        caFlag = PKIX_FALSE;
+                        pathLength = PKIX_UNLIMITED_PATH_CONSTRAINT;
+                }
+
+                PKIX_CHECK(pkix_IsCertSelfIssued
+                        (cert,
+                        &isSelfIssued,
+                        plContext),
+                        PKIX_ISCERTSELFISSUEDFAILED);
+
+                maxPathLength_now = state->maxPathLength;
+
+                if (isSelfIssued != PKIX_TRUE) {
+
+                    /* Not last CA Cert, but maxPathLength is down to zero */
+                    if (maxPathLength_now == 0) {
+                        PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDLN);
+                    }
+
+                    if (caFlag == PKIX_FALSE) {
+                        PKIX_ERROR(PKIX_BASICCONSTRAINTSVALIDATIONFAILEDCA);
+                    }
+
+                    if (maxPathLength_now > 0) { /* can be unlimited (-1) */
+                        maxPathLength_now--;
+                    }
+
+                }
+
+                if (caFlag == PKIX_TRUE) {
+                    if (maxPathLength_now == PKIX_UNLIMITED_PATH_CONSTRAINT){
+                            maxPathLength_now = pathLength;
+                    } else {
+                            /* If pathLength is not specified, don't set */
+                        if (pathLength != PKIX_UNLIMITED_PATH_CONSTRAINT) {
+                            maxPathLength_now =
+                                    (maxPathLength_now > pathLength)?
+                                    pathLength:maxPathLength_now;
+                        }
+                    }
+                }
+
+                state->maxPathLength = maxPathLength_now;
+        }
+
+        /* Remove Basic Constraints Extension OID from list */
+        if (unresolvedCriticalExtensions != NULL) {
+
+                PKIX_CHECK(pkix_List_Remove
+                            (unresolvedCriticalExtensions,
+                            (PKIX_PL_Object *) state->basicConstraintsOID,
+                            plContext),
+                            PKIX_LISTREMOVEFAILED);
+        }
+
+
+        PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
+                    (checker, (PKIX_PL_Object *)state, plContext),
+                    PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
+
+
+cleanup:
+        PKIX_DECREF(state);
+        PKIX_DECREF(basicConstraints);
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: pkix_BasicConstraintsChecker_Initialize
+ * DESCRIPTION:
+ *  Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_BasicConstraintsChecker_Initialize(
+        PKIX_UInt32 certsRemaining,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext)
+{
+        pkix_BasicConstraintsCheckerState *state = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_BasicConstraintsChecker_Initialize");
+        PKIX_NULLCHECK_ONE(pChecker);
+
+        PKIX_CHECK(pkix_BasicConstraintsCheckerState_Create
+                    (certsRemaining, &state, plContext),
+                    PKIX_BASICCONSTRAINTSCHECKERSTATECREATEFAILED);
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                    (pkix_BasicConstraintsChecker_Check,
+                    PKIX_FALSE,
+                    PKIX_FALSE,
+                    NULL,
+                    (PKIX_PL_Object *)state,
+                    pChecker,
+                    plContext),
+                    PKIX_CERTCHAINCHECKERCHECKFAILED);
+
+cleanup:
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h b/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h
new file mode 100755
index 0000000..7a8b09c
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_basicconstraintschecker.h
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_basicconstraintschecker.h
+ *
+ * Header file for basic constraints checker.
+ *
+ */
+
+#ifndef _PKIX_BASICCONSTRAINTSCHECKER_H
+#define _PKIX_BASICCONSTRAINTSCHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct pkix_BasicConstraintsCheckerStateStruct \
+        pkix_BasicConstraintsCheckerState;
+
+struct pkix_BasicConstraintsCheckerStateStruct{
+        PKIX_PL_OID *basicConstraintsOID;
+        PKIX_Int32 certsRemaining;
+        PKIX_Int32 maxPathLength;
+};
+
+PKIX_Error *
+pkix_BasicConstraintsChecker_Initialize(
+        PKIX_UInt32 numCerts,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext);
+
+PKIX_Error *
+pkix_BasicConstraintsCheckerState_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_BASICCONSTRAINTSCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c b/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c
new file mode 100755
index 0000000..a6ea50d
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.c
@@ -0,0 +1,322 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_certchainchecker.c
+ *
+ * CertChainChecker Object Functions
+ *
+ */
+
+#include "pkix_certchainchecker.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_CertChainChecker_Destroy
+ *      (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CertChainChecker_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_CertChainChecker *checker = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a cert chain checker */
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTCHAINCHECKER);
+
+        checker = (PKIX_CertChainChecker *)object;
+
+        PKIX_DECREF(checker->extensions);
+        PKIX_DECREF(checker->state);
+
+cleanup:
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_CertChainChecker_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CertChainChecker_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_CertChainChecker *checker = NULL;
+        PKIX_CertChainChecker *checkerDuplicate = NULL;
+        PKIX_List *extensionsDuplicate = NULL;
+        PKIX_PL_Object *stateDuplicate = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_CERTCHAINCHECKER_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTCHAINCHECKER);
+
+        checker = (PKIX_CertChainChecker *)object;
+
+        if (checker->extensions){
+                PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            ((PKIX_PL_Object *)checker->extensions,
+                            (PKIX_PL_Object **)&extensionsDuplicate,
+                            plContext),
+                            PKIX_OBJECTDUPLICATEFAILED);
+        }
+
+        if (checker->state){
+                PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            ((PKIX_PL_Object *)checker->state,
+                            (PKIX_PL_Object **)&stateDuplicate,
+                            plContext),
+                            PKIX_OBJECTDUPLICATEFAILED);
+        }
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                    (checker->checkCallback,
+                    checker->forwardChecking,
+                    checker->isForwardDirectionExpected,
+                    extensionsDuplicate,
+                    stateDuplicate,
+                    &checkerDuplicate,
+                    plContext),
+                    PKIX_CERTCHAINCHECKERCREATEFAILED);
+
+        *pNewObject = (PKIX_PL_Object *)checkerDuplicate;
+
+cleanup:
+
+        PKIX_DECREF(extensionsDuplicate);
+        PKIX_DECREF(stateDuplicate);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_CertChainChecker_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTCHAINCHECKER_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_CertChainChecker_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_CertChainChecker_RegisterSelf");
+
+        entry.description = "CertChainChecker";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_CertChainChecker);
+        entry.destructor = pkix_CertChainChecker_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_CertChainChecker_Duplicate;
+
+        systemClasses[PKIX_CERTCHAINCHECKER_TYPE] = entry;
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_Create (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_CertChainChecker_Create(
+    PKIX_CertChainChecker_CheckCallback callback,
+    PKIX_Boolean forwardCheckingSupported,
+    PKIX_Boolean isForwardDirectionExpected,
+    PKIX_List *list,  /* list of PKIX_PL_OID */
+    PKIX_PL_Object *initialState,
+    PKIX_CertChainChecker **pChecker,
+    void *plContext)
+{
+        PKIX_CertChainChecker *checker = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_Create");
+        PKIX_NULLCHECK_ONE(pChecker);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CERTCHAINCHECKER_TYPE,
+                    sizeof (PKIX_CertChainChecker),
+                    (PKIX_PL_Object **)&checker,
+                    plContext),
+                    PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
+
+        /* initialize fields */
+        checker->checkCallback = callback;
+        checker->forwardChecking = forwardCheckingSupported;
+        checker->isForwardDirectionExpected = isForwardDirectionExpected;
+
+        PKIX_INCREF(list);
+        checker->extensions = list;
+
+        PKIX_INCREF(initialState);
+        checker->state = initialState;
+
+        *pChecker = checker;
+        checker = NULL;
+cleanup:
+        
+        PKIX_DECREF(checker);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_GetCheckCallback
+ *      (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_CertChainChecker_GetCheckCallback(
+        PKIX_CertChainChecker *checker,
+        PKIX_CertChainChecker_CheckCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CertChainChecker_GetCheckCallback");
+        PKIX_NULLCHECK_TWO(checker, pCallback);
+
+        *pCallback = checker->checkCallback;
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_IsForwardCheckingSupported
+ *      (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_CertChainChecker_IsForwardCheckingSupported(
+        PKIX_CertChainChecker *checker,
+        PKIX_Boolean *pForwardCheckingSupported,
+        void *plContext)
+{
+        PKIX_ENTER
+                (CERTCHAINCHECKER,
+                "PKIX_CertChainChecker_IsForwardCheckingSupported");
+        PKIX_NULLCHECK_TWO(checker, pForwardCheckingSupported);
+
+        *pForwardCheckingSupported = checker->forwardChecking;
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_IsForwardDirectionExpected
+ *      (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_CertChainChecker_IsForwardDirectionExpected(
+        PKIX_CertChainChecker *checker,
+        PKIX_Boolean *pForwardDirectionExpected,
+        void *plContext)
+{
+        PKIX_ENTER
+                (CERTCHAINCHECKER,
+                "PKIX_CertChainChecker_IsForwardDirectionExpected");
+        PKIX_NULLCHECK_TWO(checker, pForwardDirectionExpected);
+
+        *pForwardDirectionExpected = checker->isForwardDirectionExpected;
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_GetCertChainCheckerState
+ *      (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_CertChainChecker_GetCertChainCheckerState(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Object **pCertChainCheckerState,
+        void *plContext)
+{
+        PKIX_ENTER(CERTCHAINCHECKER,
+                    "PKIX_CertChainChecker_GetCertChainCheckerState");
+
+        PKIX_NULLCHECK_TWO(checker, pCertChainCheckerState);
+
+        PKIX_INCREF(checker->state);
+
+        *pCertChainCheckerState = checker->state;
+
+cleanup:
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_SetCertChainCheckerState
+ *      (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_CertChainChecker_SetCertChainCheckerState(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Object *certChainCheckerState,
+        void *plContext)
+{
+        PKIX_ENTER(CERTCHAINCHECKER,
+                    "PKIX_CertChainChecker_SetCertChainCheckerState");
+
+        PKIX_NULLCHECK_ONE(checker);
+
+        /* DecRef old contents */
+        PKIX_DECREF(checker->state);
+
+        PKIX_INCREF(certChainCheckerState);
+        checker->state = certChainCheckerState;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)checker, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_CertChainChecker_GetSupportedExtensions
+ *      (see comments in pkix_checker.h)
+ */
+PKIX_Error *
+PKIX_CertChainChecker_GetSupportedExtensions(
+        PKIX_CertChainChecker *checker,
+        PKIX_List **pExtensions, /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_ENTER(CERTCHAINCHECKER,
+                    "PKIX_CertChainChecker_GetSupportedExtensions");
+
+        PKIX_NULLCHECK_TWO(checker, pExtensions);
+
+        PKIX_INCREF(checker->extensions);
+
+        *pExtensions = checker->extensions;
+
+cleanup:
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h b/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h
new file mode 100755
index 0000000..ff64547
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_certchainchecker.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_certchainchecker.h
+ *
+ * CertChainChecker Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_CERTCHAINCHECKER_H
+#define _PKIX_CERTCHAINCHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_CertChainCheckerStruct {
+        PKIX_CertChainChecker_CheckCallback checkCallback;
+        PKIX_List *extensions;
+        PKIX_PL_Object *state;
+        PKIX_Boolean forwardChecking;
+        PKIX_Boolean isForwardDirectionExpected;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_CertChainChecker_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CERTCHAINCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c b/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
new file mode 100644
index 0000000..d6f5b6b
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c
@@ -0,0 +1,438 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_defaultcrlchecker.c
+ *
+ * Functions for default CRL Checkers
+ *
+ */
+#include "pkix.h"
+#include "pkix_crlchecker.h"
+#include "pkix_tools.h"
+
+/* --Private-CRLChecker-Data-and-Types------------------------------- */
+
+typedef struct pkix_CrlCheckerStruct {
+    /* RevocationMethod is the super class of CrlChecker. */
+    pkix_RevocationMethod method;
+    PKIX_List *certStores; /* list of CertStore */
+    PKIX_PL_VerifyCallback crlVerifyFn;
+} pkix_CrlChecker;
+
+
+/* --Private-CRLChecker-Functions----------------------------------- */
+
+/*
+ * FUNCTION: pkix_CrlCheckerstate_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CrlChecker_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        pkix_CrlChecker *state = NULL;
+
+        PKIX_ENTER(CRLCHECKER, "pkix_CrlChecker_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a default CRL checker state */
+        PKIX_CHECK(
+            pkix_CheckType(object, PKIX_CRLCHECKER_TYPE, plContext),
+            PKIX_OBJECTNOTCRLCHECKER);
+
+        state = (pkix_CrlChecker *)object;
+
+        PKIX_DECREF(state->certStores);
+
+cleanup:
+
+        PKIX_RETURN(CRLCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_CrlChecker_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_CRLCHECKER_TYPE and its related functions
+ *  with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_CrlChecker_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry* entry = &systemClasses[PKIX_CRLCHECKER_TYPE];
+
+        PKIX_ENTER(CRLCHECKER, "pkix_CrlChecker_RegisterSelf");
+
+        entry->description = "CRLChecker";
+        entry->typeObjectSize = sizeof(pkix_CrlChecker);
+        entry->destructor = pkix_CrlChecker_Destroy;
+
+        PKIX_RETURN(CRLCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_CrlChecker_Create
+ *
+ * DESCRIPTION:
+ *  Allocate and initialize CRLChecker state data.
+ *
+ * PARAMETERS
+ *  "certStores"
+ *      Address of CertStore List to be stored in state. Must be non-NULL.
+ *  "testDate"
+ *      Address of PKIX_PL_Date to be checked. May be NULL.
+ *  "trustedPubKey"
+ *      Trusted Anchor Public Key for verifying first Cert in the chain.
+ *      Must be non-NULL.
+ *  "certsRemaining"
+ *      Number of certificates remaining in the chain.
+ *  "nistCRLPolicyEnabled"
+ *      If enabled, enforce nist crl policy.
+ *  "pChecker"
+ *      Address of CRLChecker that is returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a DefaultCrlChecker Error if the function fails in a
+ *  non-fatal way.
+ *  Returns a Fatal Error
+ */
+PKIX_Error *
+pkix_CrlChecker_Create(PKIX_RevocationMethodType methodType,
+                       PKIX_UInt32 flags,
+                       PKIX_UInt32 priority,
+                       pkix_LocalRevocationCheckFn localRevChecker,
+                       pkix_ExternalRevocationCheckFn externalRevChecker,
+                       PKIX_List *certStores,
+                       PKIX_PL_VerifyCallback crlVerifyFn,
+                       pkix_RevocationMethod **pChecker,
+                       void *plContext)
+{
+        pkix_CrlChecker *crlChecker = NULL;
+        
+        PKIX_ENTER(CRLCHECKER, "pkix_CrlChecker_Create");
+        PKIX_NULLCHECK_TWO(certStores, pChecker);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CRLCHECKER_TYPE,
+                    sizeof (pkix_CrlChecker),
+                    (PKIX_PL_Object **)&crlChecker,
+                    plContext),
+                    PKIX_COULDNOTCREATECRLCHECKEROBJECT);
+
+        pkixErrorResult = pkix_RevocationMethod_Init(
+            (pkix_RevocationMethod*)crlChecker, methodType, flags,  priority,
+            localRevChecker, externalRevChecker, plContext);
+        if (pkixErrorResult) {
+            goto cleanup;
+        }
+
+        /* Initialize fields */
+        PKIX_INCREF(certStores);
+        crlChecker->certStores = certStores;
+
+        crlChecker->crlVerifyFn = crlVerifyFn;
+        *pChecker = (pkix_RevocationMethod*)crlChecker;
+        crlChecker = NULL;
+
+cleanup:
+        PKIX_DECREF(crlChecker);
+
+        PKIX_RETURN(CRLCHECKER);
+}
+
+/* --Private-CRLChecker-Functions------------------------------------ */
+
+/*
+ * FUNCTION: pkix_CrlChecker_CheckLocal
+ *
+ * DESCRIPTION:
+ *  Check if the Cert has been revoked based the CRLs data.  This function
+ *  maintains the checker state to be current.
+ *
+ * PARAMETERS
+ *  "checker"
+ *      Address of CertChainChecker which has the state data.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Certificate that is to be validated. Must be non-NULL.
+ *  "unreslvdCrtExts"
+ *      A List OIDs. Not **yet** used in this checker function.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error
+ */
+PKIX_Error *
+pkix_CrlChecker_CheckLocal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_Boolean chainVerificationState,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *pReasonCode,
+        void *plContext)
+{
+    PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn;
+    PKIX_CertStore *certStore = NULL;
+    pkix_CrlChecker *state = NULL;
+    PKIX_UInt32 crlStoreIndex = 0;
+    PKIX_UInt32 numCrlStores = 0;
+    PKIX_Boolean storeIsLocal = PKIX_FALSE;
+    PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
+
+    PKIX_ENTER(CERTCHAINCHECKER, "pkix_CrlChecker_CheckLocal");
+    PKIX_NULLCHECK_FOUR(cert, issuer, checkerObject, checkerObject);
+    
+    state = (pkix_CrlChecker*)checkerObject;
+
+    PKIX_CHECK(
+        PKIX_List_GetLength(state->certStores, &numCrlStores, plContext),
+        PKIX_LISTGETLENGTHFAILED);
+
+    for (;crlStoreIndex < numCrlStores;crlStoreIndex++) {
+        PKIX_CHECK(
+            PKIX_List_GetItem(state->certStores, crlStoreIndex,
+                              (PKIX_PL_Object **)&certStore,
+                              plContext),
+            PKIX_LISTGETITEMFAILED);
+        
+        PKIX_CHECK(
+            PKIX_CertStore_GetLocalFlag(certStore, &storeIsLocal,
+                                        plContext),
+            PKIX_CERTSTOREGETLOCALFLAGFAILED);
+        if (storeIsLocal) {
+            PKIX_CHECK(
+                PKIX_CertStore_GetCrlCheckerFn(certStore,
+                                               &storeCheckRevocationFn,
+                                               plContext),
+                PKIX_CERTSTOREGETCHECKREVBYCRLFAILED);
+
+            if (storeCheckRevocationFn) {
+                PKIX_CHECK(
+                    (*storeCheckRevocationFn)(certStore, cert, issuer,
+                                         /* delay sig check if building
+                                          * a chain by not specifying the time*/
+                                          chainVerificationState ? date : NULL,
+                                         /* crl downloading is not done. */
+                                          PKIX_FALSE,   
+                                          pReasonCode, &revStatus, plContext),
+                    PKIX_CERTSTORECRLCHECKFAILED);
+                if (revStatus == PKIX_RevStatus_Revoked) {
+                    break;
+                }
+            }
+        }
+        PKIX_DECREF(certStore);
+    } /* while */
+
+cleanup:
+    *pRevStatus = revStatus;
+    PKIX_DECREF(certStore);
+
+    PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_CrlChecker_CheckRemote
+ *
+ * DESCRIPTION:
+ *  Check if the Cert has been revoked based the CRLs data.  This function
+ *  maintains the checker state to be current.
+ *
+ * PARAMETERS
+ *  "checker"
+ *      Address of CertChainChecker which has the state data.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Certificate that is to be validated. Must be non-NULL.
+ *  "unreslvdCrtExts"
+ *      A List OIDs. Not **yet** used in this checker function.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error
+ */
+PKIX_Error *
+pkix_CrlChecker_CheckExternal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *pReasonCode,
+        void **pNBIOContext,
+        void *plContext)
+{
+    PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn = NULL;
+    PKIX_CertStore_ImportCrlCallback storeImportCrlFn = NULL;
+    PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
+    PKIX_CertStore *certStore = NULL;
+    PKIX_CertStore *localStore = NULL;
+    PKIX_CRLSelector *crlSelector = NULL;
+    PKIX_PL_X500Name *issuerName = NULL;
+    pkix_CrlChecker *state = NULL; 
+    PKIX_UInt32 crlStoreIndex = 0;
+    PKIX_UInt32 numCrlStores = 0;
+    PKIX_Boolean storeIsLocal = PKIX_FALSE;
+    PKIX_List *crlList = NULL;
+    PKIX_List *dpList = NULL;
+    void *nbioContext = NULL;
+
+    PKIX_ENTER(CERTCHAINCHECKER, "pkix_CrlChecker_CheckExternal");
+    PKIX_NULLCHECK_FOUR(cert, issuer, checkerObject, pNBIOContext);
+    
+    nbioContext = *pNBIOContext;
+    *pNBIOContext = NULL; /* prepare for Error exit */
+
+    state = (pkix_CrlChecker*)checkerObject;
+    
+    PKIX_CHECK(
+        PKIX_List_GetLength(state->certStores, &numCrlStores, plContext),
+        PKIX_LISTGETLENGTHFAILED);
+
+    /* Find a cert store that is capable of storing crls */
+    for (;crlStoreIndex < numCrlStores;crlStoreIndex++) {
+        PKIX_CHECK(
+            PKIX_List_GetItem(state->certStores, crlStoreIndex,
+                              (PKIX_PL_Object **)&certStore,
+                              plContext),
+            PKIX_LISTGETITEMFAILED);
+        
+        PKIX_CHECK(
+            PKIX_CertStore_GetLocalFlag(certStore, &storeIsLocal,
+                                        plContext),
+            PKIX_CERTSTOREGETLOCALFLAGFAILED);
+        if (storeIsLocal) {
+            PKIX_CHECK(
+                PKIX_CertStore_GetImportCrlCallback(certStore,
+                                                    &storeImportCrlFn,
+                                                    plContext),
+                PKIX_CERTSTOREGETCHECKREVBYCRLFAILED);
+            
+            PKIX_CHECK(
+                PKIX_CertStore_GetCrlCheckerFn(certStore,
+                                               &storeCheckRevocationFn,
+                                               plContext),
+                PKIX_CERTSTOREGETCHECKREVBYCRLFAILED);
+            
+            if (storeImportCrlFn && storeCheckRevocationFn) {
+                localStore = certStore;
+                certStore = NULL;
+                break;
+            }
+        }
+        PKIX_DECREF(certStore);
+    } /* while */
+
+    /* Report unknown status if we can not check crl in one of the
+     * local stores. */
+    if (!localStore) {
+        PKIX_ERROR_FATAL(PKIX_CRLCHECKERNOLOCALCERTSTOREFOUND);
+    }
+    PKIX_CHECK(
+        PKIX_PL_Cert_VerifyKeyUsage(issuer, PKIX_CRL_SIGN, plContext),
+        PKIX_CERTCHECKKEYUSAGEFAILED);
+    PKIX_CHECK(
+        PKIX_PL_Cert_GetCrlDp(cert, &dpList, plContext),
+        PKIX_CERTGETCRLDPFAILED);
+    if (!(methodFlags & PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE) &&
+        (!dpList || !dpList->length)) {
+        goto cleanup;
+    }
+    PKIX_CHECK(
+        PKIX_PL_Cert_GetIssuer(cert, &issuerName, plContext),
+        PKIX_CERTGETISSUERFAILED);
+    PKIX_CHECK(
+        PKIX_CRLSelector_Create(issuer, dpList, date, &crlSelector, plContext),
+        PKIX_CRLCHECKERSETSELECTORFAILED);
+    /* Fetch crl and store in a local cert store */
+    for (crlStoreIndex = 0;crlStoreIndex < numCrlStores;crlStoreIndex++) {
+        PKIX_CertStore_CRLCallback getCrlsFn;
+
+        PKIX_CHECK(
+            PKIX_List_GetItem(state->certStores, crlStoreIndex,
+                              (PKIX_PL_Object **)&certStore,
+                              plContext),
+            PKIX_LISTGETITEMFAILED);
+        
+        PKIX_CHECK(
+            PKIX_CertStore_GetCRLCallback(certStore, &getCrlsFn,
+                                          plContext),
+            PKIX_CERTSTOREGETCRLCALLBACKFAILED);
+        
+        PKIX_CHECK(
+            (*getCrlsFn)(certStore, crlSelector, &nbioContext,
+                      &crlList, plContext),
+            PKIX_GETCRLSFAILED);
+
+        PKIX_CHECK(
+            (*storeImportCrlFn)(localStore, issuerName, crlList, plContext),
+            PKIX_CERTSTOREFAILTOIMPORTCRLLIST);
+        
+        PKIX_CHECK(
+            (*storeCheckRevocationFn)(certStore, cert, issuer, date,
+                                      /* done with crl downloading */
+                                      PKIX_TRUE,
+                                      pReasonCode, &revStatus, plContext),
+            PKIX_CERTSTORECRLCHECKFAILED);
+        if (revStatus != PKIX_RevStatus_NoInfo) {
+            break;
+        }
+        PKIX_DECREF(crlList);
+        PKIX_DECREF(certStore);
+    } /* while */
+
+cleanup:
+    /* Update return flags */
+    if (revStatus == PKIX_RevStatus_NoInfo && 
+	((dpList && dpList->length > 0) ||
+	 (methodFlags & PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE)) &&
+        methodFlags & PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
+        revStatus = PKIX_RevStatus_Revoked;
+    }
+    *pRevStatus = revStatus;
+
+    PKIX_DECREF(dpList);
+    PKIX_DECREF(crlList);
+    PKIX_DECREF(certStore);
+    PKIX_DECREF(issuerName);
+    PKIX_DECREF(localStore);
+    PKIX_DECREF(crlSelector);
+
+    PKIX_RETURN(CERTCHAINCHECKER);
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h b/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h
new file mode 100644
index 0000000..35f1a47
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_defaultcrlchecker.h
+ *
+ * Header file for default CRL function
+ *
+ */
+
+#ifndef _PKIX_CRLCHECKER_H
+#define _PKIX_CRLCHECKER_H
+
+#include "pkixt.h"
+#include "pkix_revocationmethod.h"
+#include "pkix_crlsel.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* NOTE: nbio logic removed. Will be replaced later. */
+
+PKIX_Error *
+pkix_CrlChecker_CheckLocal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_Boolean chainVerificationState,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *reasonCode,
+        void *plContext);
+
+PKIX_Error *
+pkix_CrlChecker_CheckExternal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *reasonCode,
+        void **pNBIOContext,
+        void *plContext);
+
+PKIX_Error *
+pkix_CrlChecker_Create(PKIX_RevocationMethodType methodType,
+                       PKIX_UInt32 flags,
+                       PKIX_UInt32 priority,
+                       pkix_LocalRevocationCheckFn localRevChecker,
+                       pkix_ExternalRevocationCheckFn externalRevChecker,
+                       PKIX_List *certStores,
+                       PKIX_PL_VerifyCallback crlVerifyFn,
+                       pkix_RevocationMethod **pChecker,
+                       void *plContext);
+
+PKIX_Error *
+pkix_CrlChecker_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CRLCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c b/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c
new file mode 100644
index 0000000..a2b8437
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.c
@@ -0,0 +1,328 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_ekuchecker.c
+ *
+ * User Defined ExtenedKeyUsage Function Definitions
+ *
+ */
+
+#include "pkix_ekuchecker.h"
+
+SECOidTag ekuOidStrings[] = {
+    PKIX_KEY_USAGE_SERVER_AUTH_OID,
+    PKIX_KEY_USAGE_CLIENT_AUTH_OID,
+    PKIX_KEY_USAGE_CODE_SIGN_OID,
+    PKIX_KEY_USAGE_EMAIL_PROTECT_OID,
+    PKIX_KEY_USAGE_TIME_STAMP_OID,
+    PKIX_KEY_USAGE_OCSP_RESPONDER_OID,
+    PKIX_UNKNOWN_OID
+};
+
+typedef struct pkix_EkuCheckerStruct {
+    PKIX_List *requiredExtKeyUsageOids;
+    PKIX_PL_OID *ekuOID;
+} pkix_EkuChecker;
+
+
+/*
+ * FUNCTION: pkix_EkuChecker_Destroy
+ * (see comments for PKIX_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_EkuChecker_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        pkix_EkuChecker *ekuCheckerState = NULL;
+
+        PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_EKUCHECKER_TYPE, plContext),
+                    PKIX_OBJECTNOTANEKUCHECKERSTATE);
+
+        ekuCheckerState = (pkix_EkuChecker *)object;
+
+        PKIX_DECREF(ekuCheckerState->ekuOID);
+        PKIX_DECREF(ekuCheckerState->requiredExtKeyUsageOids);
+
+cleanup:
+
+        PKIX_RETURN(EKUCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_EkuChecker_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_PL_HTTPCERTSTORECONTEXT_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_EkuChecker_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry *entry = &systemClasses[PKIX_EKUCHECKER_TYPE];
+
+        PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_RegisterSelf");
+
+        entry->description = "EkuChecker";
+        entry->typeObjectSize = sizeof(pkix_EkuChecker);
+        entry->destructor = pkix_EkuChecker_Destroy;
+
+        PKIX_RETURN(EKUCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_EkuChecker_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new Extend Key Usage CheckerState using "params" to retrieve
+ *  application specified EKU for verification and stores it at "pState".
+ *
+ * PARAMETERS:
+ *  "params"
+ *      a PKIX_ProcessingParams links to PKIX_ComCertSelParams where a list of
+ *      Extended Key Usage OIDs specified by application can be retrieved for
+ *      verification.
+ *  "pState"
+ *      Address where state pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a UserDefinedModules Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_EkuChecker_Create(
+        PKIX_ProcessingParams *params,
+        pkix_EkuChecker **pState,
+        void *plContext)
+{
+        pkix_EkuChecker *state = NULL;
+        PKIX_CertSelector *certSelector = NULL;
+        PKIX_ComCertSelParams *comCertSelParams = NULL;
+        PKIX_List *requiredOids = NULL;
+
+        PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_Create");
+        PKIX_NULLCHECK_TWO(params, pState);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_EKUCHECKER_TYPE,
+                    sizeof (pkix_EkuChecker),
+                    (PKIX_PL_Object **)&state,
+                    plContext),
+                    PKIX_COULDNOTCREATEEKUCHECKERSTATEOBJECT);
+
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
+                    (params, &certSelector, plContext),
+                    PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
+
+        if (certSelector != NULL) {
+
+            /* Get initial EKU OIDs from ComCertSelParams, if set */
+            PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
+                       (certSelector, &comCertSelParams, plContext),
+                       PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
+
+            if (comCertSelParams != NULL) {
+                PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
+                           (comCertSelParams, &requiredOids, plContext),
+                           PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
+
+            }
+        }
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                    (PKIX_EXTENDEDKEYUSAGE_OID,
+                    &state->ekuOID,
+                    plContext),
+                    PKIX_OIDCREATEFAILED);
+
+        state->requiredExtKeyUsageOids = requiredOids;
+        requiredOids = NULL;
+        *pState = state;
+        state = NULL;
+
+cleanup:
+
+        PKIX_DECREF(certSelector);
+        PKIX_DECREF(comCertSelParams);
+        PKIX_DECREF(requiredOids);
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(EKUCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_EkuChecker_Check
+ * DESCRIPTION:
+ *
+ *  This function determines the Extended Key Usage OIDs specified by the
+ *  application is included in the Extended Key Usage OIDs of this "cert".
+ *
+ * PARAMETERS:
+ *  "checker"
+ *      Address of CertChainChecker which has the state data.
+ *      Must be non-NULL.
+ *  "cert"
+ *      Address of Certificate that is to be validated. Must be non-NULL.
+ *  "unresolvedCriticalExtensions"
+ *      A List OIDs. The OID for Extended Key Usage is removed.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a UserDefinedModules Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_EkuChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,
+        void **pNBIOContext,
+        void *plContext)
+{
+        pkix_EkuChecker *state = NULL;
+        PKIX_List *requiredExtKeyUsageList = NULL;
+        PKIX_List *certExtKeyUsageList = NULL;
+        PKIX_PL_OID *ekuOid = NULL;
+        PKIX_Boolean isContained = PKIX_FALSE;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+        PKIX_Boolean checkResult = PKIX_TRUE;
+
+        PKIX_ENTER(EKUCHECKER, "pkix_EkuChecker_Check");
+        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
+
+        *pNBIOContext = NULL; /* no non-blocking IO */
+
+        PKIX_CHECK(
+            PKIX_CertChainChecker_GetCertChainCheckerState
+            (checker, (PKIX_PL_Object **)&state, plContext),
+            PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        requiredExtKeyUsageList = state->requiredExtKeyUsageOids;
+        if (requiredExtKeyUsageList == NULL) {
+            goto cleanup;
+        }
+
+        PKIX_CHECK(
+            PKIX_List_GetLength(requiredExtKeyUsageList, &numItems,
+                                plContext),
+            PKIX_LISTGETLENGTHFAILED);
+        if (numItems == 0) {
+            goto cleanup;
+        }
+
+        PKIX_CHECK(
+            PKIX_PL_Cert_GetExtendedKeyUsage(cert, &certExtKeyUsageList,
+                                             plContext),
+            PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
+
+        if (certExtKeyUsageList == NULL) {
+            goto cleanup;
+        }
+        
+        for (i = 0; i < numItems; i++) {
+            
+            PKIX_CHECK(
+                PKIX_List_GetItem(requiredExtKeyUsageList, i,
+                                  (PKIX_PL_Object **)&ekuOid, plContext),
+                PKIX_LISTGETITEMFAILED);
+
+            PKIX_CHECK(
+                pkix_List_Contains(certExtKeyUsageList,
+                                   (PKIX_PL_Object *)ekuOid,
+                                   &isContained,
+                                   plContext),
+                PKIX_LISTCONTAINSFAILED);
+            
+            PKIX_DECREF(ekuOid);
+            if (isContained != PKIX_TRUE) {
+                checkResult = PKIX_FALSE;
+                goto cleanup;
+            }
+        }
+
+cleanup:
+        if (!pkixErrorResult && checkResult == PKIX_FALSE) {
+            pkixErrorReceived = PKIX_TRUE;
+            pkixErrorCode = PKIX_EXTENDEDKEYUSAGECHECKINGFAILED;
+        }
+        
+        PKIX_DECREF(ekuOid);
+        PKIX_DECREF(certExtKeyUsageList);
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(EKUCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_EkuChecker_Initialize
+ * (see comments in pkix_sample_modules.h)
+ */
+PKIX_Error *
+PKIX_EkuChecker_Create(
+        PKIX_ProcessingParams *params,
+        PKIX_CertChainChecker **pEkuChecker,
+        void *plContext)
+{
+        pkix_EkuChecker *state = NULL;
+        PKIX_List *critExtOIDsList = NULL;
+
+        PKIX_ENTER(EKUCHECKER, "PKIX_EkuChecker_Initialize");
+        PKIX_NULLCHECK_ONE(params);
+
+        /*
+         * This function and functions in this file provide an example of how
+         * an application defined checker can be hooked into libpkix.
+         */
+
+        PKIX_CHECK(pkix_EkuChecker_Create
+                    (params, &state, plContext),
+                    PKIX_EKUCHECKERSTATECREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_Create(&critExtOIDsList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (critExtOIDsList,
+                    (PKIX_PL_Object *)state->ekuOID,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                (pkix_EkuChecker_Check,
+                PKIX_TRUE,                 /* forwardCheckingSupported */
+                PKIX_FALSE,                /* forwardDirectionExpected */
+                critExtOIDsList,
+                (PKIX_PL_Object *) state,
+                pEkuChecker,
+                plContext),
+                PKIX_CERTCHAINCHECKERCREATEFAILED);
+cleanup:
+
+        PKIX_DECREF(critExtOIDsList);
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(EKUCHECKER);
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h b/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h
new file mode 100644
index 0000000..e542dda
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_ekuchecker.h
@@ -0,0 +1,92 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_ekuchecker.h
+ *
+ * User Defined Object Type Extended Key Usage Definition
+ *
+ */
+
+#ifndef _PKIX_EKUCHECKER_H
+#define _PKIX_EKUCHECKER_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * FUNCTION: PKIX_PL_EkuChecker_Create
+ *
+ * DESCRIPTION:
+ *  Create a CertChainChecker with EkuCheckerState and add it into
+ *  PKIX_ProcessingParams object.
+ *
+ * PARAMETERS
+ *  "params"
+ *      a PKIX_ProcessingParams links to PKIX_ComCertSelParams where a list of
+ *      Extended Key Usage OIDs specified by application can be retrieved for
+ *      verification.
+ *  "ekuChecker" 
+ *      Address of created ekuchecker.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a UserDefinedModules Error if the function fails in a non-fatal
+ *  way.
+ *  Returns a Fatal Error
+ */
+PKIX_Error *
+PKIX_EkuChecker_Create(
+        PKIX_ProcessingParams *params,
+        PKIX_CertChainChecker **ekuChecker,
+        void *plContext);
+
+/*
+ * FUNCTION: PKIX_PL_EkuChecker_GetRequiredEku
+ *
+ * DESCRIPTION:
+ *  This function retrieves application specified ExtenedKeyUsage(s) from
+ *  ComCertSetparams and converts its OID representations to SECCertUsageEnum.
+ *  The result is stored and returned in bit mask at "pRequiredExtKeyUsage".
+ *
+ * PARAMETERS
+ *  "certSelector"
+ *      a PKIX_CertSelector links to PKIX_ComCertSelParams where a list of
+ *      Extended Key Usage OIDs specified by application can be retrieved for
+ *      verification. Must be non-NULL.
+ *  "pRequiredExtKeyUsage"
+ *      Address where the result is returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a UserDefinedModules Error if the function fails in a non-fatal
+ *  way.
+ *  Returns a Fatal Error
+ */
+PKIX_Error *
+pkix_EkuChecker_GetRequiredEku(
+        PKIX_CertSelector *certSelector,
+        PKIX_UInt32 *pRequiredExtKeyUsage,
+        void *plContext);
+
+/* see source file for function documentation */
+PKIX_Error *pkix_EkuChecker_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_EKUCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c b/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
new file mode 100755
index 0000000..4f101ee
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.c
@@ -0,0 +1,113 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_expirationchecker.c
+ *
+ * Functions for expiration validation
+ *
+ */
+
+
+#include "pkix_expirationchecker.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ExpirationChecker_Check
+ * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
+ */
+PKIX_Error *
+pkix_ExpirationChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,
+        void **pNBIOContext,
+        void *plContext)
+{
+        PKIX_PL_Date *testDate = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Check");
+        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
+
+        *pNBIOContext = NULL; /* we never block on pending I/O */
+
+        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                    (checker, (PKIX_PL_Object **)&testDate, plContext),
+                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_CheckValidity(cert, testDate, plContext),
+                    PKIX_CERTCHECKVALIDITYFAILED);
+
+cleanup:
+
+        PKIX_DECREF(testDate);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: pkix_ExpirationChecker_Initialize
+ * DESCRIPTION:
+ *
+ *  Creates a new CertChainChecker and stores it at "pChecker", where it will
+ *  used by pkix_ExpirationChecker_Check to check that the certificate has not
+ *  expired with respect to the Date pointed to by "testDate." If "testDate"
+ *  is NULL, then the CertChainChecker will check that a certificate has not
+ *  expired with respect to the current date and time.
+ *
+ * PARAMETERS:
+ *  "testDate"
+ *      Address of Date representing the point in time at which the cert is to
+ *      be validated. If "testDate" is NULL, the current date and time is used.
+ *  "pChecker"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_ExpirationChecker_Initialize(
+        PKIX_PL_Date *testDate,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext)
+{
+        PKIX_PL_Date *myDate = NULL;
+        PKIX_PL_Date *nowDate = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_ExpirationChecker_Initialize");
+        PKIX_NULLCHECK_ONE(pChecker);
+
+        /* if testDate is NULL, we use the current time */
+        if (!testDate){
+                PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
+                            (NULL, &nowDate, plContext),
+                            PKIX_DATECREATEUTCTIMEFAILED);
+                myDate = nowDate;
+        } else {
+                myDate = testDate;
+        }
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                    (pkix_ExpirationChecker_Check,
+                    PKIX_TRUE,
+                    PKIX_FALSE,
+                    NULL,
+                    (PKIX_PL_Object *)myDate,
+                    pChecker,
+                    plContext),
+                    PKIX_CERTCHAINCHECKERCREATEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(nowDate);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h b/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h
new file mode 100755
index 0000000..17b5c1b
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_expirationchecker.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_expirationchecker.h
+ *
+ * Header file for validate expiration function
+ *
+ */
+
+#ifndef _PKIX_EXPIRATIONCHECKER_H
+#define _PKIX_EXPIRATIONCHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+PKIX_Error *
+pkix_ExpirationChecker_Initialize(
+        PKIX_PL_Date *testDate,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_EXPIRATIONCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c b/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c
new file mode 100755
index 0000000..873d19c
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.c
@@ -0,0 +1,121 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_namechainingchecker.c
+ *
+ * Functions for name chaining validation
+ *
+ */
+
+
+#include "pkix_namechainingchecker.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_NameChainingChecker_Check
+ * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
+ */
+PKIX_Error *
+pkix_NameChainingChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,
+        void **pNBIOContext,
+        void *plContext)
+{
+        PKIX_PL_X500Name *prevSubject = NULL;
+        PKIX_PL_X500Name *currIssuer = NULL;
+        PKIX_PL_X500Name *currSubject = NULL;
+        PKIX_Boolean result;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameChainingChecker_Check");
+        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
+
+        *pNBIOContext = NULL; /* we never block on pending I/O */
+
+        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                    (checker, (PKIX_PL_Object **)&prevSubject, plContext),
+                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &currIssuer, plContext),
+                    PKIX_CERTGETISSUERFAILED);
+
+        if (prevSubject){
+                PKIX_CHECK(PKIX_PL_X500Name_Match
+                            (prevSubject, currIssuer, &result, plContext),
+                            PKIX_X500NAMEMATCHFAILED);
+                if (!result){
+                        PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
+                }
+        } else {
+                PKIX_ERROR(PKIX_NAMECHAININGCHECKFAILED);
+        }
+
+        PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &currSubject, plContext),
+                    PKIX_CERTGETSUBJECTFAILED);
+
+        PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
+                    (checker, (PKIX_PL_Object *)currSubject, plContext),
+                    PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(prevSubject);
+        PKIX_DECREF(currIssuer);
+        PKIX_DECREF(currSubject);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: pkix_NameChainingChecker_Initialize
+ * DESCRIPTION:
+ *
+ *  Creates a new CertChainChecker and stores it at "pChecker", where it will
+ *  be used by pkix_NameChainingChecker_Check to check that the issuer name
+ *  of the certificate matches the subject name in the checker's state. The
+ *  X500Name pointed to by "trustedCAName" is used to initialize the checker's
+ *  state.
+ *
+ * PARAMETERS:
+ *  "trustedCAName"
+ *      Address of X500Name representing the trusted CA Name used to
+ *      initialize the state of this checker. Must be non-NULL.
+ *  "pChecker"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_NameChainingChecker_Initialize(
+        PKIX_PL_X500Name *trustedCAName,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext)
+{
+        PKIX_ENTER(CERTCHAINCHECKER, "PKIX_NameChainingChecker_Initialize");
+        PKIX_NULLCHECK_TWO(pChecker, trustedCAName);
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                    (pkix_NameChainingChecker_Check,
+                    PKIX_FALSE,
+                    PKIX_FALSE,
+                    NULL,
+                    (PKIX_PL_Object *)trustedCAName,
+                    pChecker,
+                    plContext),
+                    PKIX_CERTCHAINCHECKERCREATEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h b/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h
new file mode 100755
index 0000000..bc413f4
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_namechainingchecker.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_namechainingchecker.h
+ *
+ * Header file for name chaining checker.
+ *
+ */
+
+#ifndef _PKIX_NAMECHAININGCHECKER_H
+#define _PKIX_NAMECHAININGCHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+PKIX_Error *
+pkix_NameChainingChecker_Initialize(
+        PKIX_PL_X500Name *trustedCAName,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_NAMECHAININGCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c b/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
new file mode 100755
index 0000000..7c9430d
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.c
@@ -0,0 +1,308 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_nameconstraintschecker.c
+ *
+ * Functions for Name Constraints Checkers
+ *
+ */
+
+#include "pkix_nameconstraintschecker.h"
+
+/* --Private-NameConstraintsCheckerState-Functions---------------------- */
+
+/*
+ * FUNCTION: pkix_NameConstraintsCheckerstate_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_NameConstraintsCheckerState_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        pkix_NameConstraintsCheckerState *state = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
+                    "pkix_NameConstraintsCheckerState_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that object type */
+        PKIX_CHECK(pkix_CheckType
+            (object, PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE, plContext),
+            PKIX_OBJECTNOTNAMECONSTRAINTSCHECKERSTATE);
+
+        state = (pkix_NameConstraintsCheckerState *)object;
+
+        PKIX_DECREF(state->nameConstraints);
+        PKIX_DECREF(state->nameConstraintsOID);
+
+cleanup:
+
+        PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_NameConstraintsCheckerState_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_NameConstraintsCheckerState_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
+                    "pkix_NameConstraintsCheckerState_RegisterSelf");
+
+        entry.description = "NameConstraintsCheckerState";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(pkix_NameConstraintsCheckerState);
+        entry.destructor = pkix_NameConstraintsCheckerState_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE] = entry;
+
+        PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_NameConstraintsCheckerState_Create
+ *
+ * DESCRIPTION:
+ *  Allocate and initialize NameConstraintsChecker state data.
+ *
+ * PARAMETERS
+ *  "nameConstraints"
+ *      Address of NameConstraints to be stored in state. May be NULL.
+ *  "numCerts"
+ *      Number of certificates in the validation chain. This data is used
+ *      to identify end-entity.
+ *  "pCheckerState"
+ *      Address of NameConstraintsCheckerState that is returned. Must be
+ *      non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CERTNAMECONSTRAINTSCHECKERSTATE Error if the function fails in
+ *  a non-fatal way.
+ *  Returns a Fatal Error
+ */
+static PKIX_Error *
+pkix_NameConstraintsCheckerState_Create(
+    PKIX_PL_CertNameConstraints *nameConstraints,
+    PKIX_UInt32 numCerts,
+    pkix_NameConstraintsCheckerState **pCheckerState,
+    void *plContext)
+{
+        pkix_NameConstraintsCheckerState *state = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTSCHECKERSTATE,
+                    "pkix_NameConstraintsCheckerState_Create");
+        PKIX_NULLCHECK_ONE(pCheckerState);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_TYPE,
+                    sizeof (pkix_NameConstraintsCheckerState),
+                    (PKIX_PL_Object **)&state,
+                    plContext),
+                    PKIX_COULDNOTCREATENAMECONSTRAINTSCHECKERSTATEOBJECT);
+
+        /* Initialize fields */
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                    (PKIX_NAMECONSTRAINTS_OID,
+                    &state->nameConstraintsOID,
+                    plContext),
+                    PKIX_OIDCREATEFAILED);
+
+        PKIX_INCREF(nameConstraints);
+
+        state->nameConstraints = nameConstraints;
+        state->certsRemaining = numCerts;
+
+        *pCheckerState = state;
+        state = NULL;
+
+cleanup:
+
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(CERTNAMECONSTRAINTSCHECKERSTATE);
+}
+
+/* --Private-NameConstraintsChecker-Functions------------------------- */
+
+/*
+ * FUNCTION: pkix_NameConstraintsChecker_Check
+ * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
+ */
+static PKIX_Error *
+pkix_NameConstraintsChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,
+        void **pNBIOContext,
+        void *plContext)
+{
+        pkix_NameConstraintsCheckerState *state = NULL;
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        PKIX_PL_CertNameConstraints *mergedNameConstraints = NULL;
+        PKIX_Boolean selfIssued = PKIX_FALSE;
+        PKIX_Boolean lastCert = PKIX_FALSE;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Check");
+        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
+
+        *pNBIOContext = NULL; /* we never block on pending I/O */
+
+        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                    (checker, (PKIX_PL_Object **)&state, plContext),
+                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        state->certsRemaining--;
+        lastCert = state->certsRemaining == 0;
+
+        /* Get status of self issued */
+        PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
+                    PKIX_ISCERTSELFISSUEDFAILED);
+
+        /* Check on non self-issued and if so only for last cert */
+        if (selfIssued == PKIX_FALSE ||
+            (selfIssued == PKIX_TRUE && lastCert)) {
+                PKIX_CHECK(PKIX_PL_Cert_CheckNameConstraints
+                    (cert, state->nameConstraints, lastCert,
+                      plContext),
+                    PKIX_CERTCHECKNAMECONSTRAINTSFAILED);
+        }
+
+        if (!lastCert) {
+
+            PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+                    (cert, &nameConstraints, plContext),
+                    PKIX_CERTGETNAMECONSTRAINTSFAILED);
+
+            /* Merge with previous name constraints kept in state */
+
+            if (nameConstraints != NULL) {
+
+                if (state->nameConstraints == NULL) {
+
+                        state->nameConstraints = nameConstraints;
+
+                } else {
+
+                        PKIX_CHECK(PKIX_PL_Cert_MergeNameConstraints
+                                (nameConstraints,
+                                state->nameConstraints,
+                                &mergedNameConstraints,
+                                plContext),
+                                PKIX_CERTMERGENAMECONSTRAINTSFAILED);
+
+                        PKIX_DECREF(nameConstraints);
+                        PKIX_DECREF(state->nameConstraints);
+
+                        state->nameConstraints = mergedNameConstraints;
+                }
+
+                /* Remove Name Constraints Extension OID from list */
+                if (unresolvedCriticalExtensions != NULL) {
+                        PKIX_CHECK(pkix_List_Remove
+                                    (unresolvedCriticalExtensions,
+                                    (PKIX_PL_Object *)state->nameConstraintsOID,
+                                    plContext),
+                                    PKIX_LISTREMOVEFAILED);
+                }
+            }
+        }
+
+        PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
+                    (checker, (PKIX_PL_Object *)state, plContext),
+                    PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_NameConstraintsChecker_Initialize
+ *
+ * DESCRIPTION:
+ *  Create a CertChainChecker with a NameConstraintsCheckerState. The
+ *  NameConstraintsCheckerState is created with "trustedNC" and "numCerts"
+ *  as its initial state. The CertChainChecker for the NameConstraints is
+ *  returned at address of "pChecker".
+ *
+ * PARAMETERS
+ *  "trustedNC"
+ *      The NameConstraints from trusted anchor Cert is stored at "trustedNC"
+ *      for initialization. May be NULL.
+ *  "numCerts"
+ *      Number of certificates in the validation chain. This data is used
+ *      to identify end-entity.
+ *  "pChecker"
+ *      Address of CertChainChecker to bo created and returned.
+ *      Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CERTCHAINCHECKER Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error
+ */
+PKIX_Error *
+pkix_NameConstraintsChecker_Initialize(
+        PKIX_PL_CertNameConstraints *trustedNC,
+        PKIX_UInt32 numCerts,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext)
+{
+        pkix_NameConstraintsCheckerState *state = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_NameConstraintsChecker_Initialize");
+        PKIX_NULLCHECK_ONE(pChecker);
+
+        PKIX_CHECK(pkix_NameConstraintsCheckerState_Create
+                    (trustedNC, numCerts, &state, plContext),
+                    PKIX_NAMECONSTRAINTSCHECKERSTATECREATEFAILED);
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                    (pkix_NameConstraintsChecker_Check,
+                    PKIX_FALSE,
+                    PKIX_FALSE,
+                    NULL,
+                    (PKIX_PL_Object *) state,
+                    pChecker,
+                    plContext),
+                    PKIX_CERTCHAINCHECKERCREATEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h b/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h
new file mode 100755
index 0000000..ac3de34
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_nameconstraintschecker.h
@@ -0,0 +1,43 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_nameconstraintschecker.h
+ *
+ * Header file for validate Name Constraints Checker function
+ *
+ */
+
+#ifndef _PKIX_NAMECONSTRAINTSCHECKER_H
+#define _PKIX_NAMECONSTRAINTSCHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct pkix_NameConstraintsCheckerState \
+        pkix_NameConstraintsCheckerState;
+
+struct pkix_NameConstraintsCheckerState {
+        PKIX_PL_CertNameConstraints *nameConstraints;
+        PKIX_PL_OID *nameConstraintsOID;
+        PKIX_UInt32 certsRemaining;
+};
+
+PKIX_Error *
+pkix_NameConstraintsChecker_Initialize(
+        PKIX_PL_CertNameConstraints *trustedNC,
+        PKIX_UInt32 numCerts,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext);
+
+PKIX_Error *
+pkix_NameConstraintsCheckerState_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_NAMECONSTRAINTSCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
new file mode 100644
index 0000000..b6fca9a
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c
@@ -0,0 +1,419 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_ocspchecker.c
+ *
+ * OcspChecker Object Functions
+ *
+ */
+
+#include "pkix_ocspchecker.h"
+#include "pkix_pl_ocspcertid.h"
+#include "pkix_error.h"
+
+
+/* --Private-Data-and-Types--------------------------------------- */
+
+typedef struct pkix_OcspCheckerStruct {
+    /* RevocationMethod is the super class of OcspChecker. */
+    pkix_RevocationMethod method;
+    PKIX_PL_VerifyCallback certVerifyFcn;
+} pkix_OcspChecker;
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_OcspChecker_Destroy
+ *      (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_OcspChecker_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+    return NULL;
+}
+
+/*
+ * FUNCTION: pkix_OcspChecker_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_OCSPCHECKER_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_OcspChecker_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry* entry = &systemClasses[PKIX_OCSPCHECKER_TYPE];
+
+        PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_RegisterSelf");
+
+        entry->description = "OcspChecker";
+        entry->typeObjectSize = sizeof(pkix_OcspChecker);
+        entry->destructor = pkix_OcspChecker_Destroy;
+
+        PKIX_RETURN(OCSPCHECKER);
+}
+
+
+/*
+ * FUNCTION: pkix_OcspChecker_Create
+ */
+PKIX_Error *
+pkix_OcspChecker_Create(PKIX_RevocationMethodType methodType,
+                        PKIX_UInt32 flags,
+                        PKIX_UInt32 priority,
+                        pkix_LocalRevocationCheckFn localRevChecker,
+                        pkix_ExternalRevocationCheckFn externalRevChecker,
+                        PKIX_PL_VerifyCallback verifyFn,
+                        pkix_RevocationMethod **pChecker,
+                        void *plContext)
+{
+        pkix_OcspChecker *method = NULL;
+
+        PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_Create");
+        PKIX_NULLCHECK_ONE(pChecker);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_OCSPCHECKER_TYPE,
+                    sizeof (pkix_OcspChecker),
+                    (PKIX_PL_Object **)&method,
+                    plContext),
+                    PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
+
+        pkixErrorResult = pkix_RevocationMethod_Init(
+            (pkix_RevocationMethod*)method, methodType, flags,  priority,
+            localRevChecker, externalRevChecker, plContext);
+        if (pkixErrorResult) {
+            goto cleanup;
+        }
+        method->certVerifyFcn = (PKIX_PL_VerifyCallback)verifyFn;
+
+        *pChecker = (pkix_RevocationMethod*)method;
+        method = NULL;
+
+cleanup:
+        PKIX_DECREF(method);
+
+        PKIX_RETURN(OCSPCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_OcspChecker_MapResultCodeToRevStatus
+ */
+PKIX_RevocationStatus
+pkix_OcspChecker_MapResultCodeToRevStatus(SECErrorCodes resultCode)
+{
+        switch (resultCode) {
+            case SEC_ERROR_REVOKED_CERTIFICATE:
+                return PKIX_RevStatus_Revoked;
+            default:
+                return PKIX_RevStatus_NoInfo;
+        }
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_OcspChecker_Check (see comments in pkix_checker.h)
+ */
+
+/*
+ * The OCSPChecker is created in an idle state, and remains in this state until
+ * either (a) the default Responder has been set and enabled, and a Check
+ * request is received with no responder specified, or (b) a Check request is
+ * received with a specified responder. A request message is constructed and
+ * given to the HttpClient. If non-blocking I/O is used the client may return
+ * with WOULDBLOCK, in which case the OCSPChecker returns the WOULDBLOCK
+ * condition to its caller in turn. On a subsequent call the I/O is resumed.
+ * When a response is received it is decoded and the results provided to the
+ * caller.
+ *
+ */
+PKIX_Error *
+pkix_OcspChecker_CheckLocal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_Boolean chainVerificationState,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *pReasonCode,
+        void *plContext)
+{
+        PKIX_PL_OcspCertID    *cid = NULL;
+        PKIX_Boolean           hasFreshStatus = PKIX_FALSE;
+        PKIX_Boolean           statusIsGood = PKIX_FALSE;
+        SECErrorCodes          resultCode = SEC_ERROR_REVOKED_CERTIFICATE_OCSP;
+        PKIX_RevocationStatus  revStatus = PKIX_RevStatus_NoInfo;
+
+        PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_CheckLocal");
+
+        PKIX_CHECK(
+            PKIX_PL_OcspCertID_Create(cert, NULL, &cid,
+                                      plContext),
+            PKIX_OCSPCERTIDCREATEFAILED);
+        if (!cid) {
+            goto cleanup;
+        }
+
+        PKIX_CHECK(
+            PKIX_PL_OcspCertID_GetFreshCacheStatus(cid, date,
+                                                   &hasFreshStatus,
+                                                   &statusIsGood,
+                                                   &resultCode,
+                                                   plContext),
+            PKIX_OCSPCERTIDGETFRESHCACHESTATUSFAILED);
+        if (hasFreshStatus) {
+            if (statusIsGood) {
+                revStatus = PKIX_RevStatus_Success;
+                resultCode = 0;
+            } else {
+                revStatus = pkix_OcspChecker_MapResultCodeToRevStatus(resultCode);
+            }
+        }
+
+cleanup:
+        *pRevStatus = revStatus;
+
+        /* ocsp carries only tree statuses: good, bad, and unknown.
+         * revStatus is used to pass them. reasonCode is always set
+         * to be unknown. */
+        *pReasonCode = crlEntryReasonUnspecified;
+        PKIX_DECREF(cid);
+
+        PKIX_RETURN(OCSPCHECKER);
+}
+
+
+/*
+ * The OCSPChecker is created in an idle state, and remains in this state until
+ * either (a) the default Responder has been set and enabled, and a Check
+ * request is received with no responder specified, or (b) a Check request is
+ * received with a specified responder. A request message is constructed and
+ * given to the HttpClient. When a response is received it is decoded and the
+ * results provided to the caller.
+ *
+ * During the most recent enhancement of this function, it has been found that
+ * it doesn't correctly implement non-blocking I/O.
+ * 
+ * The nbioContext is used in two places, for "response-obtaining" and
+ * for "response-verification".
+ * 
+ * However, if this function gets called to resume, it always
+ * repeats the "request creation" and "response fetching" steps!
+ * As a result, the earlier operation is never resumed.
+ */
+PKIX_Error *
+pkix_OcspChecker_CheckExternal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *pReasonCode,
+        void **pNBIOContext,
+        void *plContext)
+{
+        SECErrorCodes resultCode = SEC_ERROR_REVOKED_CERTIFICATE_OCSP;
+        PKIX_Boolean uriFound = PKIX_FALSE;
+        PKIX_Boolean passed = PKIX_TRUE;
+        pkix_OcspChecker *checker = NULL;
+        PKIX_PL_OcspCertID *cid = NULL;
+        PKIX_PL_OcspRequest *request = NULL;
+        PKIX_PL_OcspResponse *response = NULL;
+        PKIX_PL_Date *validity = NULL;
+        PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
+        void *nbioContext = NULL;
+        enum { stageGET, stagePOST } currentStage;
+        PRBool retry = PR_FALSE;
+
+        PKIX_ENTER(OCSPCHECKER, "pkix_OcspChecker_CheckExternal");
+
+        PKIX_CHECK(
+            pkix_CheckType((PKIX_PL_Object*)checkerObject,
+                           PKIX_OCSPCHECKER_TYPE, plContext),
+                PKIX_OBJECTNOTOCSPCHECKER);
+
+        checker = (pkix_OcspChecker *)checkerObject;
+
+        PKIX_CHECK(
+            PKIX_PL_OcspCertID_Create(cert, NULL, &cid,
+                                      plContext),
+            PKIX_OCSPCERTIDCREATEFAILED);
+        
+        /* create request */
+        PKIX_CHECK(
+            pkix_pl_OcspRequest_Create(cert, cid, validity, NULL, 
+                                       methodFlags, &uriFound, &request,
+                                       plContext),
+            PKIX_OCSPREQUESTCREATEFAILED);
+        
+        if (uriFound == PKIX_FALSE) {
+            /* no caching for certs lacking URI */
+            resultCode = 0;
+            goto cleanup;
+        }
+
+        if (methodFlags & CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP) {
+            /* Do not try HTTP GET, only HTTP POST */
+            currentStage = stagePOST;
+        } else {
+            /* Try HTTP GET first, falling back to POST */
+            currentStage = stageGET;
+        }
+
+        do {
+                const char *method;
+                passed = PKIX_TRUE;
+
+                retry = PR_FALSE;
+                if (currentStage == stageGET) {
+                        method = "GET";
+                } else {
+                        PORT_Assert(currentStage == stagePOST);
+                        method = "POST";
+                }
+
+                /* send request and create a response object */
+                PKIX_CHECK_NO_GOTO(
+                    pkix_pl_OcspResponse_Create(request, method, NULL,
+                                                checker->certVerifyFcn,
+                                                &nbioContext,
+                                                &response,
+                                                plContext),
+                    PKIX_OCSPRESPONSECREATEFAILED);
+
+                if (pkixErrorResult) {
+                    passed = PKIX_FALSE;
+                }
+
+                if (passed && nbioContext != 0) {
+                        *pNBIOContext = nbioContext;
+                        goto cleanup;
+                }
+
+                if (passed){
+                        PKIX_CHECK_NO_GOTO(
+                            pkix_pl_OcspResponse_Decode(response, &passed,
+                                                        &resultCode, plContext),
+                            PKIX_OCSPRESPONSEDECODEFAILED);
+                        if (pkixErrorResult) {
+                            passed = PKIX_FALSE;
+                        }
+                }
+                
+                if (passed){
+                        PKIX_CHECK_NO_GOTO(
+                            pkix_pl_OcspResponse_GetStatus(response, &passed,
+                                                           &resultCode, plContext),
+                            PKIX_OCSPRESPONSEGETSTATUSRETURNEDANERROR);
+                        if (pkixErrorResult) {
+                            passed = PKIX_FALSE;
+                        }
+                }
+
+                if (passed){
+                        PKIX_CHECK_NO_GOTO(
+                            pkix_pl_OcspResponse_VerifySignature(response, cert,
+                                                                 procParams, &passed, 
+                                                                 &nbioContext, plContext),
+                            PKIX_OCSPRESPONSEVERIFYSIGNATUREFAILED);
+                        if (pkixErrorResult) {
+                            passed = PKIX_FALSE;
+                        } else {
+                                if (nbioContext != 0) {
+                                        *pNBIOContext = nbioContext;
+                                        goto cleanup;
+                                }
+                        }
+                }
+
+                if (!passed && currentStage == stagePOST) {
+                        /* We won't retry a POST failure, so it's final.
+                         * Because the following block with its call to
+                         *   pkix_pl_OcspResponse_GetStatusForCert
+                         * will take care of caching good or bad state,
+                         * but we only execute that next block if there hasn't
+                         * been a failure yet, we must cache the POST
+                         * failure now.
+                         */
+                         
+                        if (cid && cid->certID) {
+                                /* Caching MIGHT consume the cid. */
+                                PKIX_Error *err;
+                                err = PKIX_PL_OcspCertID_RememberOCSPProcessingFailure(
+                                        cid, plContext);
+                                if (err) {
+                                        PKIX_PL_Object_DecRef((PKIX_PL_Object*)err, plContext);
+                                }
+                        }
+                }
+
+                if (passed){
+                        PKIX_Boolean allowCachingOfFailures =
+                                (currentStage == stagePOST) ? PKIX_TRUE : PKIX_FALSE;
+                        
+                        PKIX_CHECK_NO_GOTO(
+                            pkix_pl_OcspResponse_GetStatusForCert(cid, response,
+                                                                  allowCachingOfFailures,
+                                                                  date,
+                                                                  &passed, &resultCode,
+                                                                  plContext),
+                            PKIX_OCSPRESPONSEGETSTATUSFORCERTFAILED);
+                        if (pkixErrorResult) {
+                            passed = PKIX_FALSE;
+                        } else if (passed == PKIX_FALSE) {
+                                revStatus = pkix_OcspChecker_MapResultCodeToRevStatus(resultCode);
+                        } else {
+                                revStatus = PKIX_RevStatus_Success;
+                        }
+                }
+
+                if (currentStage == stageGET && revStatus != PKIX_RevStatus_Success &&
+                                                revStatus != PKIX_RevStatus_Revoked) {
+                        /* we'll retry */
+                        PKIX_DECREF(response);
+                        retry = PR_TRUE;
+                        currentStage = stagePOST;
+                        revStatus = PKIX_RevStatus_NoInfo;
+                        if (pkixErrorResult) {
+                                PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
+                                                      plContext);
+                                pkixErrorResult = NULL;
+                        }
+                }
+        } while (retry);
+
+cleanup:
+        if (revStatus == PKIX_RevStatus_NoInfo && (uriFound || 
+	    methodFlags & PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE) &&
+            methodFlags & PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
+            revStatus = PKIX_RevStatus_Revoked;
+        }
+        *pRevStatus = revStatus;
+
+        /* ocsp carries only three statuses: good, bad, and unknown.
+         * revStatus is used to pass them. reasonCode is always set
+         * to be unknown. */
+        *pReasonCode = crlEntryReasonUnspecified;
+
+        PKIX_DECREF(cid);
+        PKIX_DECREF(request);
+        PKIX_DECREF(response);
+
+        PKIX_RETURN(OCSPCHECKER);
+}
+
+
diff --git a/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
new file mode 100644
index 0000000..fbec315
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h
@@ -0,0 +1,67 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_ocspchecker.h
+ *
+ * OcspChecker Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_OCSPCHECKER_H
+#define _PKIX_OCSPCHECKER_H
+
+#include "pkix_tools.h"
+#include "pkix_revocationmethod.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* NOTE: nbio logic removed. Will be replaced later. */
+
+PKIX_Error *
+pkix_OcspChecker_CheckLocal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_Boolean chainVerificationState,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *reasonCode,
+        void *plContext);
+
+PKIX_Error *
+pkix_OcspChecker_CheckExternal(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Cert *issuer,
+        PKIX_PL_Date *date,
+        pkix_RevocationMethod *checkerObject,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 methodFlags,
+        PKIX_RevocationStatus *pRevStatus,
+        CERTCRLEntryReasonCode *reasonCode,
+        void **pNBIOContext,
+        void *plContext);
+
+PKIX_Error *
+pkix_OcspChecker_Create(PKIX_RevocationMethodType methodType,
+                        PKIX_UInt32 flags,
+                        PKIX_UInt32 priority,
+                        pkix_LocalRevocationCheckFn localRevChecker,
+                        pkix_ExternalRevocationCheckFn externalRevChecker,
+                        PKIX_PL_VerifyCallback certVerifyFn,
+                        pkix_RevocationMethod **pChecker,
+                        void *plContext);
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_OcspChecker_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_OCSPCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_policychecker.c b/nss/lib/libpkix/pkix/checker/pkix_policychecker.c
new file mode 100755
index 0000000..8e40596
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_policychecker.c
@@ -0,0 +1,2783 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_policychecker.c
+ *
+ * Functions for Policy Checker
+ *
+ */
+#include "pkix_policychecker.h"
+
+/* --Forward declarations----------------------------------------------- */
+
+static PKIX_Error *
+pkix_PolicyChecker_MakeSingleton(
+        PKIX_PL_Object *listItem,
+        PKIX_Boolean immutability,
+        PKIX_List **pList,
+        void *plContext);
+
+/* --Private-PolicyCheckerState-Functions---------------------------------- */
+
+/*
+ * FUNCTION:pkix_PolicyCheckerState_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_PolicyCheckerState_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PolicyCheckerState *checkerState = NULL;
+
+        PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE, plContext),
+                PKIX_OBJECTNOTPOLICYCHECKERSTATE);
+
+        checkerState = (PKIX_PolicyCheckerState *)object;
+
+        PKIX_DECREF(checkerState->certPoliciesExtension);
+        PKIX_DECREF(checkerState->policyMappingsExtension);
+        PKIX_DECREF(checkerState->policyConstraintsExtension);
+        PKIX_DECREF(checkerState->inhibitAnyPolicyExtension);
+        PKIX_DECREF(checkerState->anyPolicyOID);
+        PKIX_DECREF(checkerState->validPolicyTree);
+        PKIX_DECREF(checkerState->userInitialPolicySet);
+        PKIX_DECREF(checkerState->mappedUserInitialPolicySet);
+
+        checkerState->policyQualifiersRejected = PKIX_FALSE;
+        checkerState->explicitPolicy = 0;
+        checkerState->inhibitAnyPolicy = 0;
+        checkerState->policyMapping = 0;
+        checkerState->numCerts = 0;
+        checkerState->certsProcessed = 0;
+        checkerState->certPoliciesCritical = PKIX_FALSE;
+
+        PKIX_DECREF(checkerState->anyPolicyNodeAtBottom);
+        PKIX_DECREF(checkerState->newAnyPolicyNode);
+        PKIX_DECREF(checkerState->mappedPolicyOIDs);
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyCheckerState_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_PolicyCheckerState_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pCheckerStateString,
+        void *plContext)
+{
+        PKIX_PolicyCheckerState *state = NULL;
+        PKIX_PL_String *resultString = NULL;
+        PKIX_PL_String *policiesExtOIDString = NULL;
+        PKIX_PL_String *policyMapOIDString = NULL;
+        PKIX_PL_String *policyConstrOIDString = NULL;
+        PKIX_PL_String *inhAnyPolOIDString = NULL;
+        PKIX_PL_String *anyPolicyOIDString = NULL;
+        PKIX_PL_String *validPolicyTreeString = NULL;
+        PKIX_PL_String *userInitialPolicySetString = NULL;
+        PKIX_PL_String *mappedUserPolicySetString = NULL;
+        PKIX_PL_String *mappedPolicyOIDsString = NULL;
+        PKIX_PL_String *anyAtBottomString = NULL;
+        PKIX_PL_String *newAnyPolicyString = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *trueString = NULL;
+        PKIX_PL_String *falseString = NULL;
+        PKIX_PL_String *nullString = NULL;
+        PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
+        PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
+        PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
+        PKIX_Boolean initialIsAnyPolicy = PKIX_FALSE;
+        PKIX_Boolean policyQualifiersRejected = PKIX_FALSE;
+        PKIX_Boolean certPoliciesCritical = PKIX_FALSE;
+        char *asciiFormat =
+                "{\n"
+                "\tcertPoliciesExtension:    \t%s\n"
+                "\tpolicyMappingsExtension:  \t%s\n"
+                "\tpolicyConstraintsExtension:\t%s\n"
+                "\tinhibitAnyPolicyExtension:\t%s\n"
+                "\tanyPolicyOID:             \t%s\n"
+                "\tinitialIsAnyPolicy:       \t%s\n"
+                "\tvalidPolicyTree:          \t%s\n"
+                "\tuserInitialPolicySet:     \t%s\n"
+                "\tmappedUserPolicySet:      \t%s\n"
+                "\tpolicyQualifiersRejected: \t%s\n"
+                "\tinitialPolMappingInhibit: \t%s\n"
+                "\tinitialExplicitPolicy:    \t%s\n"
+                "\tinitialAnyPolicyInhibit:  \t%s\n"
+                "\texplicitPolicy:           \t%d\n"
+                "\tinhibitAnyPolicy:         \t%d\n"
+                "\tpolicyMapping:            \t%d\n"
+                "\tnumCerts:                 \t%d\n"
+                "\tcertsProcessed:           \t%d\n"
+                "\tanyPolicyNodeAtBottom:    \t%s\n"
+                "\tnewAnyPolicyNode:         \t%s\n"
+                "\tcertPoliciesCritical:     \t%s\n"
+                "\tmappedPolicyOIDs:         \t%s\n"
+                "}";
+
+        PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_ToString");
+
+        PKIX_NULLCHECK_TWO(object, pCheckerStateString);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYCHECKERSTATE_TYPE, plContext),
+                PKIX_OBJECTNOTPOLICYCHECKERSTATE);
+
+        state = (PKIX_PolicyCheckerState *)object;
+        PKIX_NULLCHECK_THREE
+                (state->certPoliciesExtension,
+                state->policyMappingsExtension,
+                state->policyConstraintsExtension);
+        PKIX_NULLCHECK_THREE
+                (state->inhibitAnyPolicyExtension,
+                state->anyPolicyOID,
+                state->userInitialPolicySet);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
+                PKIX_STRINGCREATEFAILED);
+        /*
+         * Create TRUE, FALSE, and "NULL" PKIX_PL_Strings. But creating a
+         * PKIX_PL_String is complicated enough, it's worth checking, for
+         * each, to make sure the string is needed.
+         */
+        initialPolicyMappingInhibit = state->initialPolicyMappingInhibit;
+        initialExplicitPolicy = state->initialExplicitPolicy;
+        initialAnyPolicyInhibit = state->initialAnyPolicyInhibit;
+        initialIsAnyPolicy = state->initialIsAnyPolicy;
+        policyQualifiersRejected = state->policyQualifiersRejected;
+        certPoliciesCritical = state->certPoliciesCritical;
+
+        if (initialPolicyMappingInhibit || initialExplicitPolicy ||
+            initialAnyPolicyInhibit || initialIsAnyPolicy ||
+            policyQualifiersRejected || certPoliciesCritical) {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII, "TRUE", 0, &trueString, plContext),
+                        PKIX_STRINGCREATEFAILED);
+        }
+        if (!initialPolicyMappingInhibit || !initialExplicitPolicy ||
+            !initialAnyPolicyInhibit || !initialIsAnyPolicy ||
+            !policyQualifiersRejected || !certPoliciesCritical) {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII, "FALSE", 0, &falseString, plContext),
+                        PKIX_STRINGCREATEFAILED);
+        }
+        if (!(state->anyPolicyNodeAtBottom) || !(state->newAnyPolicyNode)) {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII, "(null)", 0, &nullString, plContext),
+                        PKIX_STRINGCREATEFAILED);
+        }
+
+        PKIX_TOSTRING
+                (state->certPoliciesExtension, &policiesExtOIDString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->policyMappingsExtension,
+                &policyMapOIDString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->policyConstraintsExtension,
+                &policyConstrOIDString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->inhibitAnyPolicyExtension,
+                &inhAnyPolOIDString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING(state->anyPolicyOID, &anyPolicyOIDString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING(state->validPolicyTree, &validPolicyTreeString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->userInitialPolicySet,
+                &userInitialPolicySetString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->mappedUserInitialPolicySet,
+                &mappedUserPolicySetString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        if (state->anyPolicyNodeAtBottom) {
+                PKIX_CHECK(pkix_SinglePolicyNode_ToString
+                        (state->anyPolicyNodeAtBottom,
+                        &anyAtBottomString,
+                        plContext),
+                        PKIX_SINGLEPOLICYNODETOSTRINGFAILED);
+        } else {
+                PKIX_INCREF(nullString);
+                anyAtBottomString = nullString;
+        }
+
+        if (state->newAnyPolicyNode) {
+                PKIX_CHECK(pkix_SinglePolicyNode_ToString
+                        (state->newAnyPolicyNode,
+                        &newAnyPolicyString,
+                        plContext),
+                        PKIX_SINGLEPOLICYNODETOSTRINGFAILED);
+        } else {
+                PKIX_INCREF(nullString);
+                newAnyPolicyString = nullString;
+        }
+
+        PKIX_TOSTRING
+                (state->mappedPolicyOIDs,
+                &mappedPolicyOIDsString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&resultString,
+                plContext,
+                formatString,
+                policiesExtOIDString,
+                policyMapOIDString,
+                policyConstrOIDString,
+                inhAnyPolOIDString,
+                anyPolicyOIDString,
+                initialIsAnyPolicy?trueString:falseString,
+                validPolicyTreeString,
+                userInitialPolicySetString,
+                mappedUserPolicySetString,
+                policyQualifiersRejected?trueString:falseString,
+                initialPolicyMappingInhibit?trueString:falseString,
+                initialExplicitPolicy?trueString:falseString,
+                initialAnyPolicyInhibit?trueString:falseString,
+                state->explicitPolicy,
+                state->inhibitAnyPolicy,
+                state->policyMapping,
+                state->numCerts,
+                state->certsProcessed,
+                anyAtBottomString,
+                newAnyPolicyString,
+                certPoliciesCritical?trueString:falseString,
+                mappedPolicyOIDsString),
+                PKIX_SPRINTFFAILED);
+
+        *pCheckerStateString = resultString;
+
+cleanup:
+        PKIX_DECREF(policiesExtOIDString);
+        PKIX_DECREF(policyMapOIDString);
+        PKIX_DECREF(policyConstrOIDString);
+        PKIX_DECREF(inhAnyPolOIDString);
+        PKIX_DECREF(anyPolicyOIDString);
+        PKIX_DECREF(validPolicyTreeString);
+        PKIX_DECREF(userInitialPolicySetString);
+        PKIX_DECREF(mappedUserPolicySetString);
+        PKIX_DECREF(anyAtBottomString);
+        PKIX_DECREF(newAnyPolicyString);
+        PKIX_DECREF(mappedPolicyOIDsString);
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(trueString);
+        PKIX_DECREF(falseString);
+        PKIX_DECREF(nullString);
+
+        PKIX_RETURN(CERTPOLICYCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyCheckerState_RegisterSelf
+ * DESCRIPTION:
+ *
+ *  Registers PKIX_POLICYCHECKERSTATE_TYPE and its related functions
+ *      with systemClasses[]
+ *
+ * PARAMETERS:
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_PolicyCheckerState_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER
+                (CERTPOLICYCHECKERSTATE,
+                "pkix_PolicyCheckerState_RegisterSelf");
+
+        entry.description = "PolicyCheckerState";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PolicyCheckerState);
+        entry.destructor = pkix_PolicyCheckerState_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = pkix_PolicyCheckerState_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_CERTPOLICYCHECKERSTATE_TYPE] = entry;
+
+        PKIX_RETURN(CERTPOLICYCHECKERSTATE);
+}
+
+/*
+ * FUNCTION:pkix_PolicyCheckerState_Create
+ * DESCRIPTION:
+ *
+ *  Creates a PolicyCheckerState Object, using the List pointed to
+ *  by "initialPolicies" for the user-initial-policy-set, the Boolean value
+ *  of "policyQualifiersRejected" for the policyQualifiersRejected parameter,
+ *  the Boolean value of "initialPolicyMappingInhibit" for the
+ *  inhibitPolicyMappings parameter, the Boolean value of
+ *  "initialExplicitPolicy" for the initialExplicitPolicy parameter, the
+ *  Boolean value of "initialAnyPolicyInhibit" for the inhibitAnyPolicy
+ *  parameter, and the UInt32 value of "numCerts" as the number of
+ *  certificates in the chain; and stores the Object at "pCheckerState".
+ *
+ * PARAMETERS:
+ *  "initialPolicies"
+ *      Address of List of OIDs comprising the user-initial-policy-set; the List
+ *      may be empty, but must be non-NULL
+ *  "policyQualifiersRejected"
+ *      Boolean value of the policyQualifiersRejected parameter
+ *  "initialPolicyMappingInhibit"
+ *      Boolean value of the inhibitPolicyMappings parameter
+ *  "initialExplicitPolicy"
+ *      Boolean value of the initialExplicitPolicy parameter
+ *  "initialAnyPolicyInhibit"
+ *      Boolean value of the inhibitAnyPolicy parameter
+ *  "numCerts"
+ *      Number of certificates in the chain to be validated
+ *  "pCheckerState"
+ *      Address where PolicyCheckerState will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertPolicyCheckerState Error if the functions fails in a
+ *      non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyCheckerState_Create(
+        PKIX_List *initialPolicies,
+        PKIX_Boolean policyQualifiersRejected,
+        PKIX_Boolean initialPolicyMappingInhibit,
+        PKIX_Boolean initialExplicitPolicy,
+        PKIX_Boolean initialAnyPolicyInhibit,
+        PKIX_UInt32 numCerts,
+        PKIX_PolicyCheckerState **pCheckerState,
+        void *plContext)
+{
+        PKIX_PolicyCheckerState *checkerState = NULL;
+        PKIX_PolicyNode *policyNode = NULL;
+        PKIX_List *anyPolicyList = NULL;
+        PKIX_Boolean initialPoliciesIsEmpty = PKIX_FALSE;
+
+        PKIX_ENTER(CERTPOLICYCHECKERSTATE, "pkix_PolicyCheckerState_Create");
+        PKIX_NULLCHECK_TWO(initialPolicies, pCheckerState);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_CERTPOLICYCHECKERSTATE_TYPE,
+                sizeof (PKIX_PolicyCheckerState),
+                (PKIX_PL_Object **)&checkerState,
+                plContext),
+                PKIX_COULDNOTCREATEPOLICYCHECKERSTATEOBJECT);
+
+        /* Create constant PKIX_PL_OIDs: */
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                (PKIX_CERTIFICATEPOLICIES_OID,
+                &(checkerState->certPoliciesExtension),
+                plContext),
+                PKIX_OIDCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                (PKIX_POLICYMAPPINGS_OID,
+                &(checkerState->policyMappingsExtension),
+                plContext),
+                PKIX_OIDCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                (PKIX_POLICYCONSTRAINTS_OID,
+                &(checkerState->policyConstraintsExtension),
+                plContext),
+                PKIX_OIDCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                (PKIX_INHIBITANYPOLICY_OID,
+                &(checkerState->inhibitAnyPolicyExtension),
+                plContext),
+                PKIX_OIDCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                (PKIX_CERTIFICATEPOLICIES_ANYPOLICY_OID,
+                &(checkerState->anyPolicyOID),
+                plContext),
+                PKIX_OIDCREATEFAILED);
+
+        /* Create an initial policy set from argument supplied */
+        PKIX_INCREF(initialPolicies);
+        checkerState->userInitialPolicySet = initialPolicies;
+        PKIX_INCREF(initialPolicies);
+        checkerState->mappedUserInitialPolicySet = initialPolicies;
+
+        PKIX_CHECK(PKIX_List_IsEmpty
+                (initialPolicies,
+                &initialPoliciesIsEmpty,
+                plContext),
+                PKIX_LISTISEMPTYFAILED);
+        if (initialPoliciesIsEmpty) {
+                checkerState->initialIsAnyPolicy = PKIX_TRUE;
+        } else {
+                PKIX_CHECK(pkix_List_Contains
+                        (initialPolicies,
+                        (PKIX_PL_Object *)(checkerState->anyPolicyOID),
+                        &(checkerState->initialIsAnyPolicy),
+                        plContext),
+                        PKIX_LISTCONTAINSFAILED);
+        }
+
+        checkerState->policyQualifiersRejected =
+                policyQualifiersRejected;
+        checkerState->initialExplicitPolicy = initialExplicitPolicy;
+        checkerState->explicitPolicy =
+                (initialExplicitPolicy? 0: numCerts + 1);
+        checkerState->initialAnyPolicyInhibit = initialAnyPolicyInhibit;
+        checkerState->inhibitAnyPolicy =
+                (initialAnyPolicyInhibit? 0: numCerts + 1);
+        checkerState->initialPolicyMappingInhibit = initialPolicyMappingInhibit;
+        checkerState->policyMapping =
+                (initialPolicyMappingInhibit? 0: numCerts + 1);
+                ;
+        checkerState->numCerts = numCerts;
+        checkerState->certsProcessed = 0;
+        checkerState->certPoliciesCritical = PKIX_FALSE;
+
+        /* Create a valid_policy_tree as in RFC3280 6.1.2(a) */
+        PKIX_CHECK(pkix_PolicyChecker_MakeSingleton
+                ((PKIX_PL_Object *)(checkerState->anyPolicyOID),
+                PKIX_TRUE,
+                &anyPolicyList,
+                plContext),
+                PKIX_POLICYCHECKERMAKESINGLETONFAILED);
+
+        PKIX_CHECK(pkix_PolicyNode_Create
+                (checkerState->anyPolicyOID,    /* validPolicy */
+                NULL,                           /* qualifier set */
+                PKIX_FALSE,                     /* criticality */
+                anyPolicyList,                  /* expectedPolicySet */
+                &policyNode,
+                plContext),
+                PKIX_POLICYNODECREATEFAILED);
+        checkerState->validPolicyTree = policyNode;
+
+        /*
+         * Since the initial validPolicyTree specifies
+         * ANY_POLICY, begin with a pointer to the root node.
+         */
+        PKIX_INCREF(policyNode);
+        checkerState->anyPolicyNodeAtBottom = policyNode;
+
+        checkerState->newAnyPolicyNode = NULL;
+
+        checkerState->mappedPolicyOIDs = NULL;
+
+        *pCheckerState = checkerState;
+        checkerState = NULL;
+
+cleanup:
+
+        PKIX_DECREF(checkerState);
+
+        PKIX_DECREF(anyPolicyList);
+
+        PKIX_RETURN(CERTPOLICYCHECKERSTATE);
+}
+
+/* --Private-PolicyChecker-Functions--------------------------------------- */
+
+/*
+ * FUNCTION: pkix_PolicyChecker_MapContains
+ * DESCRIPTION:
+ *
+ *  Checks the List of CertPolicyMaps pointed to by "certPolicyMaps", to
+ *  determine whether the OID pointed to by "policy" is among the
+ *  issuerDomainPolicies or subjectDomainPolicies of "certPolicyMaps", and
+ *  stores the result in "pFound".
+ *
+ *  This function is intended to allow an efficient check that the proscription
+ *  against anyPolicy being mapped, described in RFC3280 Section 6.1.4(a), is
+ *  not violated.
+ *
+ * PARAMETERS:
+ *  "certPolicyMaps"
+ *      Address of List of CertPolicyMaps to be searched. May be empty, but
+ *      must be non-NULL
+ *  "policy"
+ *      Address of OID to be checked for. Must be non-NULL
+ *  "pFound"
+ *      Address where the result of the search will be stored. Must be non-NULL.
+ *  "plContext"
+ *      platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_PolicyChecker_MapContains(
+        PKIX_List *certPolicyMaps,
+        PKIX_PL_OID *policy,
+        PKIX_Boolean *pFound,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *map = NULL;
+        PKIX_UInt32 numEntries = 0;
+        PKIX_UInt32 index = 0;
+        PKIX_Boolean match = PKIX_FALSE;
+        PKIX_PL_OID *issuerDomainPolicy = NULL;
+        PKIX_PL_OID *subjectDomainPolicy = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MapContains");
+        PKIX_NULLCHECK_THREE(certPolicyMaps, policy, pFound);
+
+        PKIX_CHECK(PKIX_List_GetLength(certPolicyMaps, &numEntries, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (index = 0; (!match) && (index < numEntries); index++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                    (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+                PKIX_NULLCHECK_ONE(map);
+
+                PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
+                        (map, &issuerDomainPolicy, plContext),
+                        PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED);
+
+                PKIX_EQUALS
+                        (policy, issuerDomainPolicy, &match, plContext,
+                        PKIX_OBJECTEQUALSFAILED);
+
+                if (!match) {
+                        PKIX_CHECK(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
+                                (map, &subjectDomainPolicy, plContext),
+                                PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED);
+
+                        PKIX_EQUALS
+                                (policy, subjectDomainPolicy, &match, plContext,
+                                PKIX_OBJECTEQUALSFAILED);
+                }
+
+                PKIX_DECREF(map);
+                PKIX_DECREF(issuerDomainPolicy);
+                PKIX_DECREF(subjectDomainPolicy);
+        }
+
+        *pFound = match;
+
+cleanup:
+
+        PKIX_DECREF(map);
+        PKIX_DECREF(issuerDomainPolicy);
+        PKIX_DECREF(subjectDomainPolicy);
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_MapGetSubjectDomainPolicies
+ * DESCRIPTION:
+ *
+ *  Checks the List of CertPolicyMaps pointed to by "certPolicyMaps", to create
+ *  a list of all SubjectDomainPolicies for which the IssuerDomainPolicy is the
+ *  policy pointed to by "policy", and stores the result in
+ *  "pSubjectDomainPolicies".
+ *
+ *  If the List of CertPolicyMaps provided in "certPolicyMaps" is NULL, the
+ *  resulting List will be NULL. If there are CertPolicyMaps, but none that
+ *  include "policy" as an IssuerDomainPolicy, the returned List pointer will
+ *  be NULL. Otherwise, the returned List will contain the SubjectDomainPolicies
+ *  of all CertPolicyMaps for which "policy" is the IssuerDomainPolicy. If a
+ *  List is returned it will be immutable.
+ *
+ * PARAMETERS:
+ *  "certPolicyMaps"
+ *      Address of List of CertPolicyMaps to be searched. May be empty or NULL.
+ *  "policy"
+ *      Address of OID to be checked for. Must be non-NULL
+ *  "pSubjectDomainPolicies"
+ *      Address where the result of the search will be stored. Must be non-NULL.
+ *  "plContext"
+ *      platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_PolicyChecker_MapGetSubjectDomainPolicies(
+        PKIX_List *certPolicyMaps,
+        PKIX_PL_OID *policy,
+        PKIX_List **pSubjectDomainPolicies,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *map = NULL;
+        PKIX_List *subjectList = NULL;
+        PKIX_UInt32 numEntries = 0;
+        PKIX_UInt32 index = 0;
+        PKIX_Boolean match = PKIX_FALSE;
+        PKIX_PL_OID *issuerDomainPolicy = NULL;
+        PKIX_PL_OID *subjectDomainPolicy = NULL;
+
+        PKIX_ENTER
+                (CERTCHAINCHECKER,
+                "pkix_PolicyChecker_MapGetSubjectDomainPolicies");
+        PKIX_NULLCHECK_TWO(policy, pSubjectDomainPolicies);
+
+        if (certPolicyMaps) {
+                PKIX_CHECK(PKIX_List_GetLength
+                    (certPolicyMaps,
+                    &numEntries,
+                    plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+        }
+
+        for (index = 0; index < numEntries; index++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                    (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+                PKIX_NULLCHECK_ONE(map);
+
+                PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
+                        (map, &issuerDomainPolicy, plContext),
+                        PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED);
+
+                PKIX_EQUALS
+                    (policy, issuerDomainPolicy, &match, plContext,
+                    PKIX_OBJECTEQUALSFAILED);
+
+                if (match) {
+                    if (!subjectList) {
+                        PKIX_CHECK(PKIX_List_Create(&subjectList, plContext),
+                                PKIX_LISTCREATEFAILED);
+                    }
+
+                    PKIX_CHECK(PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
+                        (map, &subjectDomainPolicy, plContext),
+                        PKIX_CERTPOLICYMAPGETSUBJECTDOMAINPOLICYFAILED);
+
+                    PKIX_CHECK(PKIX_List_AppendItem
+                        (subjectList,
+                        (PKIX_PL_Object *)subjectDomainPolicy,
+                        plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+                }
+
+                PKIX_DECREF(map);
+                PKIX_DECREF(issuerDomainPolicy);
+                PKIX_DECREF(subjectDomainPolicy);
+        }
+
+        if (subjectList) {
+                PKIX_CHECK(PKIX_List_SetImmutable(subjectList, plContext),
+                        PKIX_LISTSETIMMUTABLEFAILED);
+        }
+
+        *pSubjectDomainPolicies = subjectList;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(subjectList);
+        }
+
+        PKIX_DECREF(map);
+        PKIX_DECREF(issuerDomainPolicy);
+        PKIX_DECREF(subjectDomainPolicy);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_MapGetMappedPolicies
+ * DESCRIPTION:
+ *
+ *  Checks the List of CertPolicyMaps pointed to by "certPolicyMaps" to create a
+ *  List of all IssuerDomainPolicies, and stores the result in
+ * "pMappedPolicies".
+ *
+ *  The caller may not rely on the IssuerDomainPolicies to be in any particular
+ *  order. IssuerDomainPolicies that appear in more than one CertPolicyMap will
+ *  only appear once in "pMappedPolicies". If "certPolicyMaps" is empty the
+ *  result will be an empty List. The created List is mutable.
+ *
+ * PARAMETERS:
+ *  "certPolicyMaps"
+ *      Address of List of CertPolicyMaps to be searched. May be empty, but
+ *      must be non-NULL.
+ *  "pMappedPolicies"
+ *      Address where the result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_PolicyChecker_MapGetMappedPolicies(
+        PKIX_List *certPolicyMaps,
+        PKIX_List **pMappedPolicies,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *map = NULL;
+        PKIX_List *mappedList = NULL;
+        PKIX_UInt32 numEntries = 0;
+        PKIX_UInt32 index = 0;
+        PKIX_Boolean isContained = PKIX_FALSE;
+        PKIX_PL_OID *issuerDomainPolicy = NULL;
+
+        PKIX_ENTER
+                (CERTCHAINCHECKER, "pkix_PolicyChecker_MapGetMappedPolicies");
+        PKIX_NULLCHECK_TWO(certPolicyMaps, pMappedPolicies);
+
+        PKIX_CHECK(PKIX_List_Create(&mappedList, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(certPolicyMaps, &numEntries, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (index = 0; index < numEntries; index++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                    (certPolicyMaps, index, (PKIX_PL_Object **)&map, plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+                PKIX_NULLCHECK_ONE(map);
+
+                PKIX_CHECK(PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
+                        (map, &issuerDomainPolicy, plContext),
+                        PKIX_CERTPOLICYMAPGETISSUERDOMAINPOLICYFAILED);
+
+                PKIX_CHECK(pkix_List_Contains
+                        (mappedList,
+                        (PKIX_PL_Object *)issuerDomainPolicy,
+                        &isContained,
+                        plContext),
+                        PKIX_LISTCONTAINSFAILED);
+
+                if (isContained == PKIX_FALSE) {
+                        PKIX_CHECK(PKIX_List_AppendItem
+                                (mappedList,
+                                (PKIX_PL_Object *)issuerDomainPolicy,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                }
+
+                PKIX_DECREF(map);
+                PKIX_DECREF(issuerDomainPolicy);
+        }
+
+        *pMappedPolicies = mappedList;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(mappedList);
+        }
+
+        PKIX_DECREF(map);
+        PKIX_DECREF(issuerDomainPolicy);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_MakeMutableCopy
+ * DESCRIPTION:
+ *
+ *  Creates a mutable copy of the List pointed to by "list", which may or may
+ *  not be immutable, and stores the address at "pMutableCopy".
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List to be copied. Must be non-NULL.
+ *  "pMutableCopy"
+ *      Address where mutable copy will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_MakeMutableCopy(
+        PKIX_List *list,
+        PKIX_List **pMutableCopy,
+        void *plContext)
+{
+        PKIX_List *newList = NULL;
+        PKIX_UInt32 listLen = 0;
+        PKIX_UInt32 listIx = 0;
+        PKIX_PL_Object *object = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MakeMutableCopy");
+        PKIX_NULLCHECK_TWO(list, pMutableCopy);
+
+        PKIX_CHECK(PKIX_List_Create(&newList, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(list, &listLen, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (listIx = 0; listIx < listLen; listIx++) {
+
+                PKIX_CHECK(PKIX_List_GetItem(list, listIx, &object, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem(newList, object, plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(object);
+        }
+
+        *pMutableCopy = newList;
+        newList = NULL;
+        
+cleanup:
+        PKIX_DECREF(newList);
+        PKIX_DECREF(object);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_MakeSingleton
+ * DESCRIPTION:
+ *
+ *  Creates a new List containing the Object pointed to by "listItem", using
+ *  the Boolean value of "immutability" to determine whether to set the List
+ *  immutable, and stores the address at "pList".
+ *
+ * PARAMETERS:
+ *  "listItem"
+ *      Address of Object to be inserted into the new List. Must be non-NULL.
+ *  "immutability"
+ *      Boolean value indicating whether new List is to be immutable
+ *  "pList"
+ *      Address where List will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_MakeSingleton(
+        PKIX_PL_Object *listItem,
+        PKIX_Boolean immutability,
+        PKIX_List **pList,
+        void *plContext)
+{
+        PKIX_List *newList = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_MakeSingleton");
+        PKIX_NULLCHECK_TWO(listItem, pList);
+
+        PKIX_CHECK(PKIX_List_Create(&newList, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (newList, (PKIX_PL_Object *)listItem, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        if (immutability) {
+                PKIX_CHECK(PKIX_List_SetImmutable(newList, plContext),
+                        PKIX_LISTSETIMMUTABLEFAILED);
+        }
+
+        *pList = newList;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(newList);
+        }
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_Spawn
+ * DESCRIPTION:
+ *
+ *  Creates a new childNode for the parent pointed to by "parent", using
+ *  the OID pointed to by "policyOID", the List of CertPolicyQualifiers
+ *  pointed to by "qualifiers", the List of OIDs pointed to by
+ *  "subjectDomainPolicies", and the PolicyCheckerState pointed to by
+ *  "state". The new node will be added to "parent".
+ *
+ *  The validPolicy of the new node is set from the OID pointed to by
+ *  "policyOID". The policy qualifiers for the new node is set from the
+ *  List of qualifiers pointed to by "qualifiers", and may be NULL or
+ *  empty if the argument provided was NULL or empty. The criticality is
+ *  set according to the criticality obtained from the PolicyCheckerState.
+ *  If "subjectDomainPolicies" is NULL, the expectedPolicySet of the
+ *  child is set to contain the same policy as the validPolicy. If
+ *  "subjectDomainPolicies" is not NULL, it is used as the value for
+ *  the expectedPolicySet.
+ *
+ *  The PolicyCheckerState also contains a constant, anyPolicy, which is
+ *  compared to "policyOID". If they match, the address of the childNode
+ * is saved in the state's newAnyPolicyNode.
+ *
+ * PARAMETERS:
+ *  "parent"
+ *      Address of PolicyNode to which the child will be linked. Must be
+ *      non-NULL.
+ *  "policyOID"
+ *      Address of OID of the new child's validPolicy and also, if
+ *      subjectDomainPolicies is NULL, of the new child's expectedPolicySet.
+ *      Must be non-NULL.
+ *  "qualifiers"
+ *      Address of List of CertPolicyQualifiers. May be NULL or empty.
+ *  "subjectDomainPolicies"
+ *      Address of List of OIDs indicating the policies to which "policy" is
+ *      mapped. May be empty or NULL.
+ *  "state"
+ *      Address of the current PKIX_PolicyCheckerState. Must be non-NULL..
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_Spawn(
+        PKIX_PolicyNode *parent,
+        PKIX_PL_OID *policyOID,
+        PKIX_List *qualifiers,  /* CertPolicyQualifiers */
+        PKIX_List *subjectDomainPolicies,
+        PKIX_PolicyCheckerState *state,
+        void *plContext)
+{
+        PKIX_List *expectedSet = NULL; /* OIDs */
+        PKIX_PolicyNode *childNode = NULL;
+        PKIX_Boolean match = PKIX_FALSE;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Spawn");
+        PKIX_NULLCHECK_THREE(policyOID, parent, state);
+
+        if (subjectDomainPolicies) {
+
+                PKIX_INCREF(subjectDomainPolicies);
+                expectedSet = subjectDomainPolicies;
+
+        } else {
+                /* Create the child's ExpectedPolicy Set */
+                PKIX_CHECK(pkix_PolicyChecker_MakeSingleton
+                        ((PKIX_PL_Object *)policyOID,
+                        PKIX_TRUE,      /* make expectedPolicySet immutable */
+                        &expectedSet,
+                        plContext),
+                        PKIX_POLICYCHECKERMAKESINGLETONFAILED);
+        }
+
+        PKIX_CHECK(pkix_PolicyNode_Create
+                (policyOID,
+                qualifiers,
+                state->certPoliciesCritical,
+                expectedSet,
+                &childNode,
+                plContext),
+                PKIX_POLICYNODECREATEFAILED);
+
+        /*
+         * If we had a non-empty mapping, we know the new node could not
+         * have been created with a validPolicy of anyPolicy. Otherwise,
+         * check whether we just created a new node with anyPolicy, because
+         * in that case we want to save the child pointer in newAnyPolicyNode.
+         */
+        if (!subjectDomainPolicies) {
+                PKIX_EQUALS(policyOID, state->anyPolicyOID, &match, plContext,
+                        PKIX_OBJECTEQUALSFAILED);
+
+                if (match) {
+                        PKIX_DECREF(state->newAnyPolicyNode);
+                        PKIX_INCREF(childNode);
+                        state->newAnyPolicyNode = childNode;
+                }
+        }
+
+        PKIX_CHECK(pkix_PolicyNode_AddToParent(parent, childNode, plContext),
+                PKIX_POLICYNODEADDTOPARENTFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)state, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+        PKIX_DECREF(childNode);
+        PKIX_DECREF(expectedSet);
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_CheckPolicyRecursive
+ * DESCRIPTION:
+ *
+ *  Performs policy processing for the policy whose OID is pointed to by
+ *  "policyOID" and whose List of CertPolicyQualifiers is pointed to by
+ *  "policyQualifiers", using the List of policy OIDs pointed to by
+ *  "subjectDomainPolicies" and the PolicyNode pointed to by "currentNode",
+ *  in accordance with the current PolicyCheckerState pointed to by "state",
+ *  and setting "pChildNodeCreated" to TRUE if a new childNode is created.
+ *  Note: "pChildNodeCreated" is not set to FALSE if no childNode is created.
+ *  The intent of the design is that the caller can set a variable to FALSE
+ *  initially, prior to a recursive set of calls. At the end, the variable
+ *  can be tested to see whether *any* of the calls created a child node.
+ *
+ *  If the currentNode is not at the bottom of the tree, this function
+ *  calls itself recursively for each child of currentNode. At the bottom of
+ *  the tree, it creates new child nodes as appropriate. This function will
+ *  never be called with policy = anyPolicy.
+ *
+ *  This function implements the processing described in RFC3280
+ *  Section 6.1.3(d)(1)(i).
+ *
+ * PARAMETERS:
+ *  "policyOID"
+ *      Address of OID of the policy to be checked for. Must be non-NULL.
+ *  "policyQualifiers"
+ *      Address of List of CertPolicyQualifiers of the policy to be checked for.
+ *      May be empty or NULL.
+ *  "subjectDomainPolicies"
+ *      Address of List of OIDs indicating the policies to which "policy" is
+ *      mapped. May be empty or NULL.
+ *  "currentNode"
+ *      Address of PolicyNode whose descendants will be checked, if not at the
+ *      bottom of the tree; or whose expectedPolicySet will be compared to
+ *      "policy", if at the bottom. Must be non-NULL.
+ *  "state"
+ *      Address of PolicyCheckerState of the current PolicyChecker. Must be
+ *      non-NULL.
+ *  "pChildNodeCreated"
+ *      Address of the Boolean that will be set TRUE if this function
+ *      creates a child node. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_CheckPolicyRecursive(
+        PKIX_PL_OID *policyOID,
+        PKIX_List *policyQualifiers,
+        PKIX_List *subjectDomainPolicies,
+        PKIX_PolicyNode *currentNode,
+        PKIX_PolicyCheckerState *state,
+        PKIX_Boolean *pChildNodeCreated,
+        void *plContext)
+{
+        PKIX_UInt32 depth = 0;
+        PKIX_UInt32 numChildren = 0;
+        PKIX_UInt32 childIx = 0;
+        PKIX_Boolean isIncluded = PKIX_FALSE;
+        PKIX_List *children = NULL;     /* PolicyNodes */
+        PKIX_PolicyNode *childNode = NULL;
+        PKIX_List *expectedPolicies = NULL; /* OIDs */
+
+        PKIX_ENTER
+                (CERTCHAINCHECKER,
+                "pkix_PolicyChecker_CheckPolicyRecursive");
+        PKIX_NULLCHECK_FOUR(policyOID, currentNode, state, pChildNodeCreated);
+
+        /* if not at the bottom of the tree */
+        PKIX_CHECK(PKIX_PolicyNode_GetDepth
+                (currentNode, &depth, plContext),
+                PKIX_POLICYNODEGETDEPTHFAILED);
+
+        if (depth < (state->certsProcessed)) {
+                PKIX_CHECK(pkix_PolicyNode_GetChildrenMutable
+                        (currentNode, &children, plContext),
+                        PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED);
+
+                if (children) {
+                        PKIX_CHECK(PKIX_List_GetLength
+                                (children, &numChildren, plContext),
+                                PKIX_LISTGETLENGTHFAILED);
+                }
+
+                for (childIx = 0; childIx < numChildren; childIx++) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                            (children,
+                            childIx,
+                            (PKIX_PL_Object **)&childNode,
+                            plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(pkix_PolicyChecker_CheckPolicyRecursive
+                            (policyOID,
+                            policyQualifiers,
+                            subjectDomainPolicies,
+                            childNode,
+                            state,
+                            pChildNodeCreated,
+                            plContext),
+                            PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED);
+
+                        PKIX_DECREF(childNode);
+                }
+        } else { /* if at the bottom of the tree */
+
+                /* Check whether policy is in this node's expectedPolicySet */
+                PKIX_CHECK(PKIX_PolicyNode_GetExpectedPolicies
+                        (currentNode, &expectedPolicies, plContext),
+                        PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED);
+
+                PKIX_NULLCHECK_ONE(expectedPolicies);
+
+                PKIX_CHECK(pkix_List_Contains
+                        (expectedPolicies,
+                        (PKIX_PL_Object *)policyOID,
+                        &isIncluded,
+                        plContext),
+                        PKIX_LISTCONTAINSFAILED);
+
+                if (isIncluded) {
+                        PKIX_CHECK(pkix_PolicyChecker_Spawn
+                                (currentNode,
+                                policyOID,
+                                policyQualifiers,
+                                subjectDomainPolicies,
+                                state,
+                                plContext),
+                                PKIX_POLICYCHECKERSPAWNFAILED);
+
+                        *pChildNodeCreated = PKIX_TRUE;
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(children);
+        PKIX_DECREF(childNode);
+        PKIX_DECREF(expectedPolicies);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_CheckPolicy
+ * DESCRIPTION:
+ *
+ *  Performs the non-recursive portion of the policy processing for the policy
+ *  whose OID is pointed to by "policyOID" and whose List of
+ *  CertPolicyQualifiers is pointed to by "policyQualifiers", for the
+ *  Certificate pointed to by "cert" with the List of CertPolicyMaps pointed
+ *  to by "maps", in accordance with the current PolicyCheckerState pointed
+ *  to by "state".
+ *
+ *  This function implements the processing described in RFC3280
+ *  Section 6.1.3(d)(1)(i).
+ *
+ * PARAMETERS:
+ *  "policyOID"
+ *      Address of OID of the policy to be checked for. Must be non-NULL.
+ *  "policyQualifiers"
+ *      Address of List of CertPolicyQualifiers of the policy to be checked for.
+ *      May be empty or NULL.
+ *  "cert"
+ *      Address of the current certificate. Must be non-NULL.
+ *  "maps"
+ *      Address of List of CertPolicyMaps for the current certificate
+ *  "state"
+ *      Address of PolicyCheckerState of the current PolicyChecker. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_CheckPolicy(
+        PKIX_PL_OID *policyOID,
+        PKIX_List *policyQualifiers,
+        PKIX_PL_Cert *cert,
+        PKIX_List *maps,
+        PKIX_PolicyCheckerState *state,
+        void *plContext)
+{
+        PKIX_Boolean childNodeCreated = PKIX_FALSE;
+        PKIX_Boolean okToSpawn = PKIX_FALSE;
+        PKIX_Boolean found = PKIX_FALSE;
+        PKIX_List *subjectDomainPolicies = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_CheckPolicy");
+        PKIX_NULLCHECK_THREE(policyOID, cert, state);
+
+        /*
+         * If this is not the last certificate, get the set of
+         * subjectDomainPolicies that "policy" maps to, according to the
+         * current cert's policy mapping extension. That set will be NULL
+         * if the current cert does not have a policy mapping extension,
+         * or if the current policy is not mapped.
+         */
+        if (state->certsProcessed != (state->numCerts - 1)) {
+            PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPolicies
+                (maps, policyOID, &subjectDomainPolicies, plContext),
+                PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
+        }
+
+        /*
+         * Section 6.1.4(b)(2) tells us that if policyMapping is zero, we
+         * will have to delete any nodes created with validPolicies equal to
+         * policies that appear as issuerDomainPolicies in a policy mapping
+         * extension. Let's avoid creating any such nodes.
+         */
+        if ((state->policyMapping) == 0) {
+                if (subjectDomainPolicies) {
+                        goto cleanup;
+                }
+        }
+
+        PKIX_CHECK(pkix_PolicyChecker_CheckPolicyRecursive
+                (policyOID,
+                policyQualifiers,
+                subjectDomainPolicies,
+                state->validPolicyTree,
+                state,
+                &childNodeCreated,
+                plContext),
+                PKIX_POLICYCHECKERCHECKPOLICYRECURSIVEFAILED);
+
+        if (!childNodeCreated) {
+                /*
+                 * Section 6.1.3(d)(1)(ii)
+                 * There was no match. If there was a node at
+                 * depth i-1 with valid policy anyPolicy,
+                 * generate a node subordinate to that.
+                 *
+                 * But that means this created node would be in
+                 * the valid-policy-node-set, and will be
+                 * pruned in 6.1.5(g)(iii)(2) unless it is in
+                 * the user-initial-policy-set or the user-
+                 * initial-policy-set is {anyPolicy}. So check,
+                 * and don't create it if it will be pruned.
+                 */
+                if (state->anyPolicyNodeAtBottom) {
+                        if (state->initialIsAnyPolicy) {
+                                okToSpawn = PKIX_TRUE;
+                        } else {
+                                PKIX_CHECK(pkix_List_Contains
+                                        (state->mappedUserInitialPolicySet,
+                                        (PKIX_PL_Object *)policyOID,
+                                        &okToSpawn,
+                                        plContext),
+                                        PKIX_LISTCONTAINSFAILED);
+                        }
+                        if (okToSpawn) {
+                                PKIX_CHECK(pkix_PolicyChecker_Spawn
+                                        (state->anyPolicyNodeAtBottom,
+                                        policyOID,
+                                        policyQualifiers,
+                                        subjectDomainPolicies,
+                                        state,
+                                        plContext),
+                                        PKIX_POLICYCHECKERSPAWNFAILED);
+                                childNodeCreated = PKIX_TRUE;
+                        }
+                }
+        }
+
+        if (childNodeCreated) {
+                /*
+                 * If this policy had qualifiers, and the certificate policies
+                 * extension was marked critical, and the user cannot deal with
+                 * policy qualifiers, throw an error.
+                 */
+                if (policyQualifiers &&
+                    state->certPoliciesCritical &&
+                    state->policyQualifiersRejected) {
+                    PKIX_ERROR
+                        (PKIX_QUALIFIERSINCRITICALCERTIFICATEPOLICYEXTENSION);
+                }
+                /*
+                 * If the policy we just propagated was in the list of mapped
+                 * policies, remove it from the list. That list is used, at the
+                 * end, to determine policies that have not been propagated.
+                 */
+                if (state->mappedPolicyOIDs) {
+                        PKIX_CHECK(pkix_List_Contains
+                                (state->mappedPolicyOIDs,
+                                (PKIX_PL_Object *)policyOID,
+                                &found,
+                                plContext),
+                                PKIX_LISTCONTAINSFAILED);
+                        if (found) {
+                                PKIX_CHECK(pkix_List_Remove
+                                        (state->mappedPolicyOIDs,
+                                        (PKIX_PL_Object *)policyOID,
+                                        plContext),
+                                        PKIX_LISTREMOVEFAILED);
+                        }
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(subjectDomainPolicies);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_CheckAny
+ * DESCRIPTION:
+ *  Performs the creation of PolicyNodes, for the PolicyNode pointed to by
+ *  "currentNode" and PolicyNodes subordinate to it, using the List of
+ *  qualifiers pointed to by "qualsOfAny", in accordance with the current
+ *  certificate's PolicyMaps pointed to by "policyMaps" and the current
+ *  PolicyCheckerState pointed to by "state".
+ *
+ *  If the currentNode is not just above the bottom of the validPolicyTree, this
+ *  function calls itself recursively for each child of currentNode. At the
+ *  level just above the bottom, for each policy in the currentNode's
+ *  expectedPolicySet not already present in a child node, it creates a new
+ *  child node. The validPolicy of the child created, and its expectedPolicySet,
+ *  will be the policy from the currentNode's expectedPolicySet. The policy
+ *  qualifiers will be the qualifiers from the current certificate's anyPolicy,
+ *  the "qualsOfAny" parameter. If the currentNode's expectedSet includes
+ *  anyPolicy, a childNode will be created with a policy of anyPolicy. This is
+ *  the only way such a node can be created.
+ *
+ *  This function is called only when anyPolicy is one of the current
+ *  certificate's policies. This function implements the processing described
+ *  in RFC3280 Section 6.1.3(d)(2).
+ *
+ * PARAMETERS:
+ *  "currentNode"
+ *      Address of PolicyNode whose descendants will be checked, if not at the
+ *      bottom of the tree; or whose expectedPolicySet will be compared to those
+ *      in "alreadyPresent", if at the bottom. Must be non-NULL.
+ *  "qualsOfAny"
+ *      Address of List of qualifiers of the anyPolicy in the current
+ *      certificate. May be empty or NULL.
+ *  "policyMaps"
+ *      Address of the List of PolicyMaps of the current certificate. May be
+ *      empty or NULL.
+ *  "state"
+ *      Address of the current state of the PKIX_PolicyChecker.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_CheckAny(
+        PKIX_PolicyNode *currentNode,
+        PKIX_List *qualsOfAny,  /* CertPolicyQualifiers */
+        PKIX_List *policyMaps,  /* CertPolicyMaps */
+        PKIX_PolicyCheckerState *state,
+        void *plContext)
+{
+        PKIX_UInt32 depth = 0;
+        PKIX_UInt32 numChildren = 0;
+        PKIX_UInt32 childIx = 0;
+        PKIX_UInt32 numPolicies = 0;
+        PKIX_UInt32 polx = 0;
+        PKIX_Boolean isIncluded = PKIX_FALSE;
+        PKIX_List *children = NULL;     /* PolicyNodes */
+        PKIX_PolicyNode *childNode = NULL;
+        PKIX_List *expectedPolicies = NULL; /* OIDs */
+        PKIX_PL_OID *policyOID = NULL;
+        PKIX_PL_OID *childPolicy = NULL;
+        PKIX_List *subjectDomainPolicies = NULL;  /* OIDs */
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_CheckAny");
+        PKIX_NULLCHECK_TWO(currentNode, state);
+
+        PKIX_CHECK(PKIX_PolicyNode_GetDepth
+                (currentNode, &depth, plContext),
+                PKIX_POLICYNODEGETDEPTHFAILED);
+
+        PKIX_CHECK(pkix_PolicyNode_GetChildrenMutable
+                (currentNode, &children, plContext),
+                PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED);
+
+        if (children) {
+                PKIX_CHECK(PKIX_List_GetLength
+                        (children, &numChildren, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+        }
+
+        if (depth < (state->certsProcessed)) {
+                for (childIx = 0; childIx < numChildren; childIx++) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (children,
+                                childIx,
+                                (PKIX_PL_Object **)&childNode,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        PKIX_NULLCHECK_ONE(childNode);
+                        PKIX_CHECK(pkix_PolicyChecker_CheckAny
+                                (childNode,
+                                qualsOfAny,
+                                policyMaps,
+                                state,
+                                plContext),
+                                PKIX_POLICYCHECKERCHECKANYFAILED);
+
+                        PKIX_DECREF(childNode);
+                }
+        } else { /* if at the bottom of the tree */
+
+            PKIX_CHECK(PKIX_PolicyNode_GetExpectedPolicies
+                (currentNode, &expectedPolicies, plContext),
+                PKIX_POLICYNODEGETEXPECTEDPOLICIESFAILED);
+
+            /* Expected Policy Set is not allowed to be NULL */
+            PKIX_NULLCHECK_ONE(expectedPolicies);
+
+            PKIX_CHECK(PKIX_List_GetLength
+                (expectedPolicies, &numPolicies, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+            for (polx = 0; polx < numPolicies; polx++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                    (expectedPolicies,
+                    polx,
+                    (PKIX_PL_Object **)&policyOID,
+                    plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+                PKIX_NULLCHECK_ONE(policyOID);
+
+                isIncluded = PKIX_FALSE;
+
+                for (childIx = 0;
+                    (!isIncluded && (childIx < numChildren));
+                    childIx++) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (children,
+                        childIx,
+                        (PKIX_PL_Object **)&childNode,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    PKIX_NULLCHECK_ONE(childNode);
+
+                    PKIX_CHECK(PKIX_PolicyNode_GetValidPolicy
+                        (childNode, &childPolicy, plContext),
+                        PKIX_POLICYNODEGETVALIDPOLICYFAILED);
+
+                    PKIX_NULLCHECK_ONE(childPolicy);
+
+                    PKIX_EQUALS(policyOID, childPolicy, &isIncluded, plContext,
+                        PKIX_OBJECTEQUALSFAILED);
+
+                    PKIX_DECREF(childNode);
+                    PKIX_DECREF(childPolicy);
+                }
+
+                if (!isIncluded) {
+                    if (policyMaps) {
+                        PKIX_CHECK
+                          (pkix_PolicyChecker_MapGetSubjectDomainPolicies
+                          (policyMaps,
+                          policyOID,
+                          &subjectDomainPolicies,
+                          plContext),
+                          PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
+                    }
+                    PKIX_CHECK(pkix_PolicyChecker_Spawn
+                        (currentNode,
+                        policyOID,
+                        qualsOfAny,
+                        subjectDomainPolicies,
+                        state,
+                        plContext),
+                        PKIX_POLICYCHECKERSPAWNFAILED);
+                    PKIX_DECREF(subjectDomainPolicies);
+                }
+
+                PKIX_DECREF(policyOID);
+            }
+        }
+
+cleanup:
+
+        PKIX_DECREF(children);
+        PKIX_DECREF(childNode);
+        PKIX_DECREF(expectedPolicies);
+        PKIX_DECREF(policyOID);
+        PKIX_DECREF(childPolicy);
+        PKIX_DECREF(subjectDomainPolicies);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_CalculateIntersection
+ * DESCRIPTION:
+ *
+ *  Processes the PolicyNode pointed to by "currentNode", and its descendants,
+ *  using the PolicyCheckerState pointed to by "state", using the List at
+ *  the address pointed to by "nominees" the OIDs of policies that are in the
+ *  user-initial-policy-set but are not represented among the nodes at the
+ *  bottom of the tree, and storing at "pShouldBePruned" the value TRUE if
+ *  currentNode is childless at the end of this processing, FALSE if it has
+ *  children or is at the bottom of the tree.
+ *
+ *  When this function is called at the top level, "nominees" should be the List
+ *  of all policies in the user-initial-policy-set. Policies that are
+ *  represented in the valid-policy-node-set are removed from this List. As a
+ *  result when nodes are created according to 6.1.5.(g)(iii)(3)(b), a node will
+ *  be created for each policy remaining in this List.
+ *
+ *  This function implements the calculation of the intersection of the
+ *  validPolicyTree with the user-initial-policy-set, as described in
+ *  RFC 3280 6.1.5(g)(iii).
+ *
+ * PARAMETERS:
+ *  "currentNode"
+ *      Address of PolicyNode whose descendants will be processed as described.
+ *      Must be non-NULL.
+ *  "state"
+ *      Address of the current state of the PKIX_PolicyChecker. Must be non-NULL
+ *  "nominees"
+ *      Address of List of the OIDs for which nodes should be created to replace
+ *      anyPolicy nodes. Must be non-NULL but may be empty.
+ *  "pShouldBePruned"
+ *      Address where Boolean return value, set to TRUE if this PolicyNode
+ *      should be deleted, is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_CalculateIntersection(
+        PKIX_PolicyNode *currentNode,
+        PKIX_PolicyCheckerState *state,
+        PKIX_List *nominees, /* OIDs */
+        PKIX_Boolean *pShouldBePruned,
+        void *plContext)
+{
+        PKIX_Boolean currentPolicyIsAny = PKIX_FALSE;
+        PKIX_Boolean parentPolicyIsAny = PKIX_FALSE;
+        PKIX_Boolean currentPolicyIsValid = PKIX_FALSE;
+        PKIX_Boolean shouldBePruned = PKIX_FALSE;
+        PKIX_Boolean priorCriticality = PKIX_FALSE;
+        PKIX_UInt32 depth = 0;
+        PKIX_UInt32 numChildren = 0;
+        PKIX_UInt32 childIndex = 0;
+        PKIX_UInt32 numNominees = 0;
+        PKIX_UInt32 polIx = 0;
+        PKIX_PL_OID *currentPolicy = NULL;
+        PKIX_PL_OID *parentPolicy = NULL;
+        PKIX_PL_OID *substPolicy = NULL;
+        PKIX_PolicyNode *parent = NULL;
+        PKIX_PolicyNode *child = NULL;
+        PKIX_List *children = NULL; /* PolicyNodes */
+        PKIX_List *policyQualifiers = NULL;
+
+        PKIX_ENTER
+                (CERTCHAINCHECKER,
+                "pkix_PolicyChecker_CalculateIntersection");
+
+        /*
+         * We call this function if the valid_policy_tree is not NULL and
+         * the user-initial-policy-set is not any-policy.
+         */
+        if (!state->validPolicyTree || state->initialIsAnyPolicy) {
+                PKIX_ERROR(PKIX_PRECONDITIONFAILED);
+        }
+
+        PKIX_NULLCHECK_FOUR(currentNode, state, nominees, pShouldBePruned);
+
+        PKIX_CHECK(PKIX_PolicyNode_GetValidPolicy
+                (currentNode, &currentPolicy, plContext),
+                PKIX_POLICYNODEGETVALIDPOLICYFAILED);
+
+        PKIX_NULLCHECK_TWO(state->anyPolicyOID, currentPolicy);
+
+        PKIX_EQUALS
+                (state->anyPolicyOID,
+                currentPolicy,
+                &currentPolicyIsAny,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        PKIX_CHECK(PKIX_PolicyNode_GetParent(currentNode, &parent, plContext),
+                PKIX_POLICYNODEGETPARENTFAILED);
+
+        if (currentPolicyIsAny == PKIX_FALSE) {
+
+                /*
+                 * If we are at the top of the tree, or if our
+                 * parent's validPolicy is anyPolicy, we are in
+                 * the valid policy node set.
+                 */
+                if (parent) {
+                        PKIX_CHECK(PKIX_PolicyNode_GetValidPolicy
+                                (parent, &parentPolicy, plContext),
+                                PKIX_POLICYNODEGETVALIDPOLICYFAILED);
+
+                        PKIX_NULLCHECK_ONE(parentPolicy);
+
+                        PKIX_EQUALS
+                                (state->anyPolicyOID,
+                                parentPolicy,
+                                &parentPolicyIsAny,
+                                plContext,
+                                PKIX_OBJECTEQUALSFAILED);
+                }
+
+                /*
+                 * Section 6.1.5(g)(iii)(2)
+                 * If this node's policy is not in the user-initial-policy-set,
+                 * it is not in the intersection. Prune it.
+                 */
+                if (!parent || parentPolicyIsAny) {
+                        PKIX_CHECK(pkix_List_Contains
+                                (state->userInitialPolicySet,
+                                (PKIX_PL_Object *)currentPolicy,
+                                &currentPolicyIsValid,
+                                plContext),
+                                PKIX_LISTCONTAINSFAILED);
+                        if (!currentPolicyIsValid) {
+                                *pShouldBePruned = PKIX_TRUE;
+                                goto cleanup;
+                        }
+
+                        /*
+                         * If this node's policy is in the user-initial-policy-
+                         * set, it will propagate that policy into the next
+                         * level of the tree. Remove the policy from the list
+                         * of policies that an anyPolicy will spawn.
+                         */
+                        PKIX_CHECK(pkix_List_Remove
+                                (nominees,
+                                (PKIX_PL_Object *)currentPolicy,
+                                plContext),
+                                PKIX_LISTREMOVEFAILED);
+                }
+        }
+
+
+        /* Are we at the bottom of the tree? */
+
+        PKIX_CHECK(PKIX_PolicyNode_GetDepth
+                (currentNode, &depth, plContext),
+                PKIX_POLICYNODEGETDEPTHFAILED);
+
+        if (depth == (state->numCerts)) {
+                /*
+                 * Section 6.1.5(g)(iii)(3)
+                 * Replace anyPolicy nodes...
+                 */
+                if (currentPolicyIsAny == PKIX_TRUE) {
+
+                        /* replace this node */
+
+                        PKIX_CHECK(PKIX_List_GetLength
+                            (nominees, &numNominees, plContext),
+                            PKIX_LISTGETLENGTHFAILED);
+
+                        if (numNominees) {
+
+                            PKIX_CHECK(PKIX_PolicyNode_GetPolicyQualifiers
+                                (currentNode,
+                                &policyQualifiers,
+                                plContext),
+                                PKIX_POLICYNODEGETPOLICYQUALIFIERSFAILED);
+
+                            PKIX_CHECK(PKIX_PolicyNode_IsCritical
+                                (currentNode, &priorCriticality, plContext),
+                                PKIX_POLICYNODEISCRITICALFAILED);
+                        }
+
+                        PKIX_NULLCHECK_ONE(parent);
+
+                        for (polIx = 0; polIx < numNominees; polIx++) {
+
+                            PKIX_CHECK(PKIX_List_GetItem
+                                (nominees,
+                                polIx,
+                                (PKIX_PL_Object **)&substPolicy,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                            PKIX_CHECK(pkix_PolicyChecker_Spawn
+                                (parent,
+                                substPolicy,
+                                policyQualifiers,
+                                NULL,
+                                state,
+                                plContext),
+                                PKIX_POLICYCHECKERSPAWNFAILED);
+
+                            PKIX_DECREF(substPolicy);
+
+                        }
+                        /* remove currentNode from parent */
+                        *pShouldBePruned = PKIX_TRUE;
+                        /*
+                         * We can get away with augmenting the parent's List
+                         * of children because we started at the end and went
+                         * toward the beginning. New nodes are added at the end.
+                         */
+                }
+        } else {
+                /*
+                 * Section 6.1.5(g)(iii)(4)
+                 * Prune any childless nodes above the bottom level
+                 */
+                PKIX_CHECK(pkix_PolicyNode_GetChildrenMutable
+                        (currentNode, &children, plContext),
+                        PKIX_POLICYNODEGETCHILDRENMUTABLEFAILED);
+
+                /* CurrentNode should have been pruned if childless. */
+                PKIX_NULLCHECK_ONE(children);
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (children, &numChildren, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                for (childIndex = numChildren; childIndex > 0; childIndex--) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (children,
+                        childIndex - 1,
+                        (PKIX_PL_Object **)&child,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    PKIX_CHECK(pkix_PolicyChecker_CalculateIntersection
+                        (child, state, nominees, &shouldBePruned, plContext),
+                        PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED);
+
+                    if (PKIX_TRUE == shouldBePruned) {
+
+                        PKIX_CHECK(PKIX_List_DeleteItem
+                                (children, childIndex - 1, plContext),
+                                PKIX_LISTDELETEITEMFAILED);
+                        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                                ((PKIX_PL_Object *)state, plContext),
+                                PKIX_OBJECTINVALIDATECACHEFAILED);
+                    }
+
+                    PKIX_DECREF(child);
+                }
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (children, &numChildren, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                if (numChildren == 0) {
+                        *pShouldBePruned = PKIX_TRUE;
+                }
+        }
+cleanup:
+        PKIX_DECREF(currentPolicy);
+        PKIX_DECREF(parentPolicy);
+        PKIX_DECREF(substPolicy);
+        PKIX_DECREF(parent);
+        PKIX_DECREF(child);
+        PKIX_DECREF(children);
+        PKIX_DECREF(policyQualifiers);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_PolicyMapProcessing
+ * DESCRIPTION:
+ *
+ *  Performs the processing of Policies in the List of CertPolicyMaps pointed
+ *  to by "policyMaps", using and updating the PolicyCheckerState pointed to by
+ *  "state".
+ *
+ *  This function implements the policyMap processing described in RFC3280
+ *  Section 6.1.4(b)(1), after certificate i has been processed, in preparation
+ *  for certificate i+1. Section references are to that document.
+ *
+ * PARAMETERS:
+ *  "policyMaps"
+ *      Address of the List of CertPolicyMaps presented by certificate i.
+ *      Must be non-NULL.
+ *  "certPoliciesIncludeAny"
+ *      Boolean value which is PKIX_TRUE if the current certificate asserts
+ *      anyPolicy, PKIX_FALSE otherwise.
+ *  "qualsOfAny"
+ *      Address of List of qualifiers of the anyPolicy in the current
+ *      certificate. May be empty or NULL.
+ *  "state"
+ *      Address of the current state of the PKIX_PolicyChecker.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_PolicyMapProcessing(
+        PKIX_List *policyMaps,  /* CertPolicyMaps */
+        PKIX_Boolean certPoliciesIncludeAny,
+        PKIX_List *qualsOfAny,
+        PKIX_PolicyCheckerState *state,
+        void *plContext)
+{
+        PKIX_UInt32 numPolicies = 0;
+        PKIX_UInt32 polX = 0;
+        PKIX_PL_OID *policyOID = NULL;
+        PKIX_List *newMappedPolicies = NULL;  /* OIDs */
+        PKIX_List *subjectDomainPolicies = NULL;  /* OIDs */
+
+        PKIX_ENTER
+                (CERTCHAINCHECKER,
+                "pkix_PolicyChecker_PolicyMapProcessing");
+        PKIX_NULLCHECK_THREE
+                (policyMaps,
+                state,
+                state->mappedUserInitialPolicySet);
+
+        /*
+         * For each policy in mappedUserInitialPolicySet, if it is not mapped,
+         * append it to new policySet; if it is mapped, append its
+         * subjectDomainPolicies to new policySet. When done, this new
+         * policySet will replace mappedUserInitialPolicySet.
+         */
+        PKIX_CHECK(PKIX_List_Create
+                (&newMappedPolicies, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength
+                (state->mappedUserInitialPolicySet,
+                &numPolicies,
+                plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (polX = 0; polX < numPolicies; polX++) {
+
+            PKIX_CHECK(PKIX_List_GetItem
+                (state->mappedUserInitialPolicySet,
+                polX,
+                (PKIX_PL_Object **)&policyOID,
+                plContext),
+                PKIX_LISTGETITEMFAILED);
+
+            PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPolicies
+                (policyMaps,
+                policyOID,
+                &subjectDomainPolicies,
+                plContext),
+                PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
+
+            if (subjectDomainPolicies) {
+
+                PKIX_CHECK(pkix_List_AppendUnique
+                        (newMappedPolicies,
+                        subjectDomainPolicies,
+                        plContext),
+                        PKIX_LISTAPPENDUNIQUEFAILED);
+
+                PKIX_DECREF(subjectDomainPolicies);
+
+            } else {
+                PKIX_CHECK(PKIX_List_AppendItem
+                        (newMappedPolicies,
+                        (PKIX_PL_Object *)policyOID,
+                        plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+            }
+            PKIX_DECREF(policyOID);
+        }
+
+        /*
+         * For each policy ID-P remaining in mappedPolicyOIDs, it has not been
+         * propagated to the bottom of the tree (depth i). If policyMapping
+         * is greater than zero and this cert contains anyPolicy and the tree
+         * contains an anyPolicy node at depth i-1, then we must create a node
+         * with validPolicy ID-P, the policy qualifiers of anyPolicy in
+         * this certificate, and expectedPolicySet the subjectDomainPolicies
+         * that ID-P maps to. We also then add those subjectDomainPolicies to
+         * the list of policies that will be accepted in the next certificate,
+         * the mappedUserInitialPolicySet.
+         */
+
+        if ((state->policyMapping > 0) && (certPoliciesIncludeAny) &&
+            (state->anyPolicyNodeAtBottom) && (state->mappedPolicyOIDs)) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                    (state->mappedPolicyOIDs,
+                    &numPolicies,
+                    plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+                for (polX = 0; polX < numPolicies; polX++) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (state->mappedPolicyOIDs,
+                        polX,
+                        (PKIX_PL_Object **)&policyOID,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    PKIX_CHECK(pkix_PolicyChecker_MapGetSubjectDomainPolicies
+                        (policyMaps,
+                        policyOID,
+                        &subjectDomainPolicies,
+                        plContext),
+                        PKIX_POLICYCHECKERMAPGETSUBJECTDOMAINPOLICIESFAILED);
+
+                    PKIX_CHECK(pkix_PolicyChecker_Spawn
+                        (state->anyPolicyNodeAtBottom,
+                        policyOID,
+                        qualsOfAny,
+                        subjectDomainPolicies,
+                        state,
+                        plContext),
+                        PKIX_POLICYCHECKERSPAWNFAILED);
+
+                    PKIX_CHECK(pkix_List_AppendUnique
+                        (newMappedPolicies,
+                        subjectDomainPolicies,
+                        plContext),
+                        PKIX_LISTAPPENDUNIQUEFAILED);
+
+                    PKIX_DECREF(subjectDomainPolicies);
+                    PKIX_DECREF(policyOID);
+                }
+        }
+
+        PKIX_CHECK(PKIX_List_SetImmutable(newMappedPolicies, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        PKIX_DECREF(state->mappedUserInitialPolicySet);
+        PKIX_INCREF(newMappedPolicies);
+
+        state->mappedUserInitialPolicySet = newMappedPolicies;
+
+cleanup:
+
+        PKIX_DECREF(policyOID);
+        PKIX_DECREF(newMappedPolicies);
+        PKIX_DECREF(subjectDomainPolicies);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_WrapUpProcessing
+ * DESCRIPTION:
+ *
+ *  Performs the wrap-up processing for the Cert pointed to by "cert",
+ *  using and updating the PolicyCheckerState pointed to by "state".
+ *
+ *  This function implements the wrap-up processing described in RFC3280
+ *  Section 6.1.5, after the final certificate has been processed. Section
+ *  references in the comments are to that document.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of the current (presumably the end entity) certificate.
+ *      Must be non-NULL.
+ *  "state"
+ *      Address of the current state of the PKIX_PolicyChecker.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+static PKIX_Error *
+pkix_PolicyChecker_WrapUpProcessing(
+        PKIX_PL_Cert *cert,
+        PKIX_PolicyCheckerState *state,
+        void *plContext)
+{
+        PKIX_Int32 explicitPolicySkipCerts = 0;
+        PKIX_Boolean isSelfIssued = PKIX_FALSE;
+        PKIX_Boolean shouldBePruned = PKIX_FALSE;
+        PKIX_List *nominees = NULL; /* OIDs */
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+        PKIX_PL_String *stateString = NULL;
+        char *stateAscii = NULL;
+        PKIX_UInt32 length;
+#endif
+
+        PKIX_ENTER
+                (CERTCHAINCHECKER,
+                "pkix_PolicyChecker_WrapUpProcessing");
+        PKIX_NULLCHECK_THREE(cert, state, state->userInitialPolicySet);
+
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object*)state, &stateString, plContext),
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (stateString,
+                    PKIX_ESCASCII,
+                    (void **)&stateAscii,
+                    &length,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+        PKIX_DEBUG_ARG("%s\n", stateAscii);
+
+        PKIX_FREE(stateAscii);
+        PKIX_DECREF(stateString);
+#endif
+
+        /* Section 6.1.5(a) ... */
+        PKIX_CHECK(pkix_IsCertSelfIssued
+                (cert, &isSelfIssued, plContext),
+                PKIX_ISCERTSELFISSUEDFAILED);
+
+        if (!isSelfIssued) {
+                if (state->explicitPolicy > 0) {
+
+                        state->explicitPolicy--;
+
+                        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                                ((PKIX_PL_Object *)state, plContext),
+                                PKIX_OBJECTINVALIDATECACHEFAILED);
+                }
+        }
+
+        /* Section 6.1.5(b) ... */
+        PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicy
+                (cert, &explicitPolicySkipCerts, plContext),
+                PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED);
+
+        if (explicitPolicySkipCerts  == 0) {
+                state->explicitPolicy = 0;
+        }
+
+        /* Section 6.1.5(g)(i) ... */
+
+        if (!(state->validPolicyTree)) {
+                goto cleanup;
+        }
+
+        /* Section 6.1.5(g)(ii) ... */
+
+        if (state->initialIsAnyPolicy) {
+                goto cleanup;
+        }
+
+        /*
+         * Section 6.1.5(g)(iii) ...
+         * Create a list of policies which could be substituted for anyPolicy.
+         * Start with a (mutable) copy of user-initial-policy-set.
+         */
+        PKIX_CHECK(pkix_PolicyChecker_MakeMutableCopy
+                (state->userInitialPolicySet, &nominees, plContext),
+                PKIX_POLICYCHECKERMAKEMUTABLECOPYFAILED);
+
+        PKIX_CHECK(pkix_PolicyChecker_CalculateIntersection
+                (state->validPolicyTree, /* node at top of tree */
+                state,
+                nominees,
+                &shouldBePruned,
+                plContext),
+                PKIX_POLICYCHECKERCALCULATEINTERSECTIONFAILED);
+
+        if (PKIX_TRUE == shouldBePruned) {
+                PKIX_DECREF(state->validPolicyTree);
+        }
+
+        if (state->validPolicyTree) {
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)state->validPolicyTree, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)state, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+        if (state->validPolicyTree) {
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                        ((PKIX_PL_Object*)state, &stateString, plContext),
+                        PKIX_OBJECTTOSTRINGFAILED);
+
+                PKIX_CHECK(PKIX_PL_String_GetEncoded
+                            (stateString,
+                            PKIX_ESCASCII,
+                            (void **)&stateAscii,
+                            &length,
+                            plContext),
+                            PKIX_STRINGGETENCODEDFAILED);
+
+                PKIX_DEBUG_ARG
+                        ("After CalculateIntersection:\n%s\n", stateAscii);
+
+                PKIX_FREE(stateAscii);
+                PKIX_DECREF(stateString);
+        } else {
+                PKIX_DEBUG("validPolicyTree is NULL\n");
+        }
+#endif
+
+        /* Section 6.1.5(g)(iii)(4) ... */
+
+        if (state->validPolicyTree) {
+
+                PKIX_CHECK(pkix_PolicyNode_Prune
+                        (state->validPolicyTree,
+                        state->numCerts,
+                        &shouldBePruned,
+                        plContext),
+                        PKIX_POLICYNODEPRUNEFAILED);
+
+                if (shouldBePruned) {
+                        PKIX_DECREF(state->validPolicyTree);
+                }
+        }
+
+        if (state->validPolicyTree) {
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)state->validPolicyTree, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)state, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object*)state, &stateString, plContext),
+                PKIX_OBJECTTOSTRINGFAILED);
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (stateString,
+                    PKIX_ESCASCII,
+                    (void **)&stateAscii,
+                    &length,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+        PKIX_DEBUG_ARG("%s\n", stateAscii);
+
+        PKIX_FREE(stateAscii);
+        PKIX_DECREF(stateString);
+#endif
+
+cleanup:
+
+        PKIX_DECREF(nominees);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+
+/*
+ * FUNCTION: pkix_PolicyChecker_Check
+ * (see comments in pkix_checker.h for PKIX_CertChainChecker_CheckCallback)
+ *
+ * Labels referring to sections, such as "Section 6.1.3(d)", refer to
+ * sections of RFC3280, Section 6.1.3 Basic Certificate Processing.
+ *
+ * If a non-fatal error occurs, it is unlikely that policy processing can
+ * continue. But it is still possible that chain validation could succeed if
+ * policy processing is non-critical. So if this function receives a non-fatal
+ * error from a lower level routine, it aborts policy processing by setting
+ * the validPolicyTree to NULL and tries to continue.
+ *
+ */
+static PKIX_Error *
+pkix_PolicyChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticals,  /* OIDs */
+        void **pNBIOContext,
+        void *plContext)
+{
+        PKIX_UInt32 numPolicies = 0;
+        PKIX_UInt32 polX = 0;
+        PKIX_Boolean result = PKIX_FALSE;
+        PKIX_Int32 inhibitMappingSkipCerts = 0;
+        PKIX_Int32 explicitPolicySkipCerts = 0;
+        PKIX_Int32 inhibitAnyPolicySkipCerts = 0;
+        PKIX_Boolean shouldBePruned = PKIX_FALSE;
+        PKIX_Boolean isSelfIssued = PKIX_FALSE;
+        PKIX_Boolean certPoliciesIncludeAny = PKIX_FALSE;
+        PKIX_Boolean doAnyPolicyProcessing = PKIX_FALSE;
+
+        PKIX_PolicyCheckerState *state = NULL;
+        PKIX_List *certPolicyInfos = NULL; /* CertPolicyInfos */
+        PKIX_PL_CertPolicyInfo *policy = NULL;
+        PKIX_PL_OID *policyOID = NULL;
+        PKIX_List *qualsOfAny = NULL; /* CertPolicyQualifiers */
+        PKIX_List *policyQualifiers = NULL; /* CertPolicyQualifiers */
+        PKIX_List *policyMaps = NULL; /* CertPolicyMaps */
+        PKIX_List *mappedPolicies = NULL; /* OIDs */
+        PKIX_Error *subroutineErr = NULL;
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+        PKIX_PL_String *stateString = NULL;
+        char *stateAscii = NULL;
+        PKIX_PL_String *certString = NULL;
+        char *certAscii = NULL;
+        PKIX_UInt32 length;
+#endif
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Check");
+        PKIX_NULLCHECK_FOUR(checker, cert, unresolvedCriticals, pNBIOContext);
+
+        *pNBIOContext = NULL; /* we never block on pending I/O */
+
+        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                    (checker, (PKIX_PL_Object **)&state, plContext),
+                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        PKIX_NULLCHECK_TWO(state, state->certPoliciesExtension);
+
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object*)state, &stateString, plContext),
+                PKIX_OBJECTTOSTRINGFAILED);
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (stateString,
+                    PKIX_ESCASCII,
+                    (void **)&stateAscii,
+                    &length,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+        PKIX_DEBUG_ARG("On entry %s\n", stateAscii);
+        PKIX_FREE(stateAscii);
+        PKIX_DECREF(stateString);
+#endif
+
+        /*
+         * Section 6.1.4(a)
+         * If this is not the last certificate, and if
+         * policyMapping extension is present, check that no
+         * issuerDomainPolicy or subjectDomainPolicy is equal to the
+         * special policy anyPolicy.
+         */
+        if (state->certsProcessed != (state->numCerts - 1)) {
+                PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappings
+                        (cert, &policyMaps, plContext),
+                        PKIX_CERTGETPOLICYMAPPINGSFAILED);
+        }
+
+        if (policyMaps) {
+
+                PKIX_CHECK(pkix_PolicyChecker_MapContains
+                        (policyMaps, state->anyPolicyOID, &result, plContext),
+                        PKIX_POLICYCHECKERMAPCONTAINSFAILED);
+
+                if (result) {
+                        PKIX_ERROR(PKIX_INVALIDPOLICYMAPPINGINCLUDESANYPOLICY);
+                }
+
+                PKIX_CHECK(pkix_PolicyChecker_MapGetMappedPolicies
+                        (policyMaps, &mappedPolicies, plContext),
+                        PKIX_POLICYCHECKERMAPGETMAPPEDPOLICIESFAILED);
+
+                PKIX_DECREF(state->mappedPolicyOIDs);
+                PKIX_INCREF(mappedPolicies);
+                state->mappedPolicyOIDs = mappedPolicies;
+        }
+
+        /* Section 6.1.3(d) */
+        if (state->validPolicyTree) {
+
+            PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformation
+                (cert, &certPolicyInfos, plContext),
+                PKIX_CERTGETPOLICYINFORMATIONFAILED);
+
+            if (certPolicyInfos) {
+                PKIX_CHECK(PKIX_List_GetLength
+                        (certPolicyInfos, &numPolicies, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+            }
+
+            if (numPolicies > 0) {
+
+                PKIX_CHECK(PKIX_PL_Cert_AreCertPoliciesCritical
+                        (cert, &(state->certPoliciesCritical), plContext),
+                        PKIX_CERTARECERTPOLICIESCRITICALFAILED);
+
+                /* Section 6.1.3(d)(1) For each policy not equal to anyPolicy */
+                for (polX = 0; polX < numPolicies; polX++) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (certPolicyInfos,
+                        polX,
+                        (PKIX_PL_Object **)&policy,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolicyId
+                        (policy, &policyOID, plContext),
+                        PKIX_CERTPOLICYINFOGETPOLICYIDFAILED);
+
+                    PKIX_CHECK(PKIX_PL_CertPolicyInfo_GetPolQualifiers
+                        (policy, &policyQualifiers, plContext),
+                        PKIX_CERTPOLICYINFOGETPOLQUALIFIERSFAILED);
+
+                    PKIX_EQUALS
+                        (state->anyPolicyOID,
+                        policyOID,
+                        &result,
+                        plContext,
+                        PKIX_OIDEQUALFAILED);
+
+                    if (result == PKIX_FALSE) {
+
+                        /* Section 6.1.3(d)(1)(i) */
+                        subroutineErr = pkix_PolicyChecker_CheckPolicy
+                                (policyOID,
+                                policyQualifiers,
+                                cert,
+                                policyMaps,
+                                state,
+                                plContext);
+                        if (subroutineErr) {
+                                goto subrErrorCleanup;
+                        }
+
+                    } else {
+                        /*
+                         * No descent (yet) for anyPolicy, but we will need
+                         * the policyQualifiers for anyPolicy in 6.1.3(d)(2)
+                         */
+                        PKIX_DECREF(qualsOfAny);
+                        PKIX_INCREF(policyQualifiers);
+                        qualsOfAny = policyQualifiers;
+                        certPoliciesIncludeAny = PKIX_TRUE;
+                    }
+                    PKIX_DECREF(policy);
+                    PKIX_DECREF(policyOID);
+                    PKIX_DECREF(policyQualifiers);
+                }
+
+                /* Section 6.1.3(d)(2) */
+                if (certPoliciesIncludeAny == PKIX_TRUE) {
+                        if (state->inhibitAnyPolicy > 0) {
+                                doAnyPolicyProcessing = PKIX_TRUE;
+                        } else {
+                            /* We haven't yet counted the current cert */
+                            if (((state->certsProcessed) + 1) <
+                                (state->numCerts)) {
+
+                                PKIX_CHECK(pkix_IsCertSelfIssued
+                                        (cert,
+                                        &doAnyPolicyProcessing,
+                                        plContext),
+                                        PKIX_ISCERTSELFISSUEDFAILED);
+                            }
+                        }
+                        if (doAnyPolicyProcessing) {
+                            subroutineErr = pkix_PolicyChecker_CheckAny
+                                (state->validPolicyTree,
+                                qualsOfAny,
+                                policyMaps,
+                                state,
+                                plContext);
+                            if (subroutineErr) {
+                                goto subrErrorCleanup;
+                            }
+                        }
+                }
+
+                /* Section 6.1.3(d)(3) */
+                if (state->validPolicyTree) {
+                        subroutineErr = pkix_PolicyNode_Prune
+                                (state->validPolicyTree,
+                                state->certsProcessed + 1,
+                                &shouldBePruned,
+                                plContext);
+                        if (subroutineErr) {
+                                goto subrErrorCleanup;
+                        }
+                        if (shouldBePruned) {
+                                PKIX_DECREF(state->validPolicyTree);
+                                PKIX_DECREF(state->anyPolicyNodeAtBottom);
+                        }
+                }
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)state, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+
+            } else {
+                /* Section 6.1.3(e) */
+                PKIX_DECREF(state->validPolicyTree);
+                PKIX_DECREF(state->anyPolicyNodeAtBottom);
+                PKIX_DECREF(state->newAnyPolicyNode);
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)state, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+            }
+        }
+
+        /* Section 6.1.3(f) */
+        if ((0 == state->explicitPolicy) && (!state->validPolicyTree)) {
+                PKIX_ERROR(PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION);
+        }
+
+        /*
+         * Remove Policy OIDs from list of unresolved critical
+         * extensions, if present.
+         */
+        PKIX_CHECK(pkix_List_Remove
+                (unresolvedCriticals,
+                (PKIX_PL_Object *)state->certPoliciesExtension,
+                plContext),
+                PKIX_LISTREMOVEFAILED);
+
+        PKIX_CHECK(pkix_List_Remove
+                (unresolvedCriticals,
+                (PKIX_PL_Object *)state->policyMappingsExtension,
+                plContext),
+                PKIX_LISTREMOVEFAILED);
+
+        PKIX_CHECK(pkix_List_Remove
+                (unresolvedCriticals,
+                (PKIX_PL_Object *)state->policyConstraintsExtension,
+                plContext),
+                PKIX_LISTREMOVEFAILED);
+
+        PKIX_CHECK(pkix_List_Remove
+                (unresolvedCriticals,
+                (PKIX_PL_Object *)state->inhibitAnyPolicyExtension,
+                plContext),
+                PKIX_LISTREMOVEFAILED);
+
+        state->certsProcessed++;
+
+        /* If this was not the last certificate, do next-cert preparation */
+        if (state->certsProcessed != state->numCerts) {
+
+                if (policyMaps) {
+                        subroutineErr = pkix_PolicyChecker_PolicyMapProcessing
+                                (policyMaps,
+                                certPoliciesIncludeAny,
+                                qualsOfAny,
+                                state,
+                                plContext);
+                        if (subroutineErr) {
+                                goto subrErrorCleanup;
+                        }
+                }
+
+                /* update anyPolicyNodeAtBottom pointer */
+                PKIX_DECREF(state->anyPolicyNodeAtBottom);
+                state->anyPolicyNodeAtBottom = state->newAnyPolicyNode;
+                state->newAnyPolicyNode = NULL;
+
+                /* Section 6.1.4(h) */
+                PKIX_CHECK(pkix_IsCertSelfIssued
+                        (cert, &isSelfIssued, plContext),
+                        PKIX_ISCERTSELFISSUEDFAILED);
+
+                if (!isSelfIssued) {
+                        if (state->explicitPolicy > 0) {
+                            state->explicitPolicy--;
+                        }
+                        if (state->policyMapping > 0) {
+                            state->policyMapping--;
+                        }
+                        if (state->inhibitAnyPolicy > 0) {
+                            state->inhibitAnyPolicy--;
+                        }
+                }
+
+                /* Section 6.1.4(i) */
+                PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicy
+                        (cert, &explicitPolicySkipCerts, plContext),
+                        PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED);
+
+                if (explicitPolicySkipCerts != -1) {
+                        if (((PKIX_UInt32)explicitPolicySkipCerts) <
+                            (state->explicitPolicy)) {
+                                state->explicitPolicy =
+                                   ((PKIX_UInt32) explicitPolicySkipCerts);
+                        }
+                }
+
+                PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingInhibited
+                        (cert, &inhibitMappingSkipCerts, plContext),
+                        PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED);
+
+                if (inhibitMappingSkipCerts != -1) {
+                        if (((PKIX_UInt32)inhibitMappingSkipCerts) <
+                            (state->policyMapping)) {
+                                state->policyMapping =
+                                    ((PKIX_UInt32)inhibitMappingSkipCerts);
+                        }
+                }
+
+                PKIX_CHECK(PKIX_PL_Cert_GetInhibitAnyPolicy
+                        (cert, &inhibitAnyPolicySkipCerts, plContext),
+                        PKIX_CERTGETINHIBITANYPOLICYFAILED);
+
+                if (inhibitAnyPolicySkipCerts != -1) {
+                        if (((PKIX_UInt32)inhibitAnyPolicySkipCerts) <
+                            (state->inhibitAnyPolicy)) {
+                                state->inhibitAnyPolicy =
+                                    ((PKIX_UInt32)inhibitAnyPolicySkipCerts);
+                        }
+                }
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)state, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        } else { /* If this was the last certificate, do wrap-up processing */
+
+                /* Section 6.1.5 */
+                subroutineErr = pkix_PolicyChecker_WrapUpProcessing
+                        (cert, state, plContext);
+                if (subroutineErr) {
+                        goto subrErrorCleanup;
+                }
+
+                if ((0 == state->explicitPolicy) && (!state->validPolicyTree)) {
+                    PKIX_ERROR(PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION);
+                }
+
+                PKIX_DECREF(state->anyPolicyNodeAtBottom);
+                PKIX_DECREF(state->newAnyPolicyNode);
+        }
+
+
+        if (subroutineErr) {
+
+subrErrorCleanup:
+                /* We had an error. Was it a fatal error? */
+                pkixErrorClass = subroutineErr->errClass;
+                if (pkixErrorClass == PKIX_FATAL_ERROR) {
+                    pkixErrorResult = subroutineErr;
+                    subroutineErr = NULL;
+                    goto cleanup;
+                }
+                /*
+                 * Abort policy processing, and then determine whether
+                 * we can continue without policy processing.
+                 */
+                PKIX_DECREF(state->validPolicyTree);
+                PKIX_DECREF(state->anyPolicyNodeAtBottom);
+                PKIX_DECREF(state->newAnyPolicyNode);
+                if (state->explicitPolicy == 0) {
+                    PKIX_ERROR
+                        (PKIX_CERTCHAINFAILSCERTIFICATEPOLICYVALIDATION);
+                }
+        }
+
+        /* Checking is complete. Save state for the next certificate. */
+        PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
+                (checker, (PKIX_PL_Object *)state, plContext),
+                PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
+
+cleanup:
+
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+        if (cert) {
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                        ((PKIX_PL_Object*)cert, &certString, plContext),
+                        PKIX_OBJECTTOSTRINGFAILED);
+                PKIX_CHECK(PKIX_PL_String_GetEncoded
+                            (certString,
+                            PKIX_ESCASCII,
+                            (void **)&certAscii,
+                            &length,
+                            plContext),
+                            PKIX_STRINGGETENCODEDFAILED);
+                PKIX_DEBUG_ARG("Cert was %s\n", certAscii);
+                PKIX_FREE(certAscii);
+                PKIX_DECREF(certString);
+        }
+        if (state) {
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                        ((PKIX_PL_Object*)state, &stateString, plContext),
+                        PKIX_OBJECTTOSTRINGFAILED);
+                PKIX_CHECK(PKIX_PL_String_GetEncoded
+                            (stateString,
+                            PKIX_ESCASCII,
+                            (void **)&stateAscii,
+                            &length,
+                            plContext),
+                            PKIX_STRINGGETENCODEDFAILED);
+                PKIX_DEBUG_ARG("On exit %s\n", stateAscii);
+                PKIX_FREE(stateAscii);
+                PKIX_DECREF(stateString);
+        }
+#endif
+
+        PKIX_DECREF(state);
+        PKIX_DECREF(certPolicyInfos);
+        PKIX_DECREF(policy);
+        PKIX_DECREF(qualsOfAny);
+        PKIX_DECREF(policyQualifiers);
+        PKIX_DECREF(policyOID);
+        PKIX_DECREF(subroutineErr);
+        PKIX_DECREF(policyMaps);
+        PKIX_DECREF(mappedPolicies);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_PolicyChecker_Initialize
+ * DESCRIPTION:
+ *
+ *  Creates and initializes a PolicyChecker, using the List pointed to
+ *  by "initialPolicies" for the user-initial-policy-set, the Boolean value
+ *  of "policyQualifiersRejected" for the policyQualifiersRejected parameter,
+ *  the Boolean value of "initialPolicyMappingInhibit" for the
+ *  inhibitPolicyMappings parameter, the Boolean value of
+ *  "initialExplicitPolicy" for the initialExplicitPolicy parameter, the
+ *  Boolean value of "initialAnyPolicyInhibit" for the inhibitAnyPolicy
+ *  parameter, and the UInt32 value of "numCerts" as the number of
+ *  certificates in the chain; and stores the Checker at "pChecker".
+ *
+ * PARAMETERS:
+ *  "initialPolicies"
+ *      Address of List of OIDs comprising the user-initial-policy-set; the List
+ *      may be empty or NULL
+ *  "policyQualifiersRejected"
+ *      Boolean value of the policyQualifiersRejected parameter
+ *  "initialPolicyMappingInhibit"
+ *      Boolean value of the inhibitPolicyMappings parameter
+ *  "initialExplicitPolicy"
+ *      Boolean value of the initialExplicitPolicy parameter
+ *  "initialAnyPolicyInhibit"
+ *      Boolean value of the inhibitAnyPolicy parameter
+ *  "numCerts"
+ *      Number of certificates in the chain to be validated
+ *  "pChecker"
+ *      Address to store the created PolicyChecker. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a CertChainChecker Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_PolicyChecker_Initialize(
+        PKIX_List *initialPolicies,
+        PKIX_Boolean policyQualifiersRejected,
+        PKIX_Boolean initialPolicyMappingInhibit,
+        PKIX_Boolean initialExplicitPolicy,
+        PKIX_Boolean initialAnyPolicyInhibit,
+        PKIX_UInt32 numCerts,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext)
+{
+        PKIX_PolicyCheckerState *polCheckerState = NULL;
+        PKIX_List *policyExtensions = NULL;     /* OIDs */
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_PolicyChecker_Initialize");
+        PKIX_NULLCHECK_ONE(pChecker);
+
+        PKIX_CHECK(pkix_PolicyCheckerState_Create
+                (initialPolicies,
+                policyQualifiersRejected,
+                initialPolicyMappingInhibit,
+                initialExplicitPolicy,
+                initialAnyPolicyInhibit,
+                numCerts,
+                &polCheckerState,
+                plContext),
+                PKIX_POLICYCHECKERSTATECREATEFAILED);
+
+        /* Create the list of extensions that we handle */
+        PKIX_CHECK(pkix_PolicyChecker_MakeSingleton
+                ((PKIX_PL_Object *)(polCheckerState->certPoliciesExtension),
+                PKIX_TRUE,
+                &policyExtensions,
+                plContext),
+                PKIX_POLICYCHECKERMAKESINGLETONFAILED);
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                (pkix_PolicyChecker_Check,
+                PKIX_FALSE,     /* forwardCheckingSupported */
+                PKIX_FALSE,
+                policyExtensions,
+                (PKIX_PL_Object *)polCheckerState,
+                pChecker,
+                plContext),
+                PKIX_CERTCHAINCHECKERCREATEFAILED);
+
+cleanup:
+        PKIX_DECREF(polCheckerState);
+        PKIX_DECREF(policyExtensions);
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_policychecker.h b/nss/lib/libpkix/pkix/checker/pkix_policychecker.h
new file mode 100755
index 0000000..8b87ac1
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_policychecker.h
@@ -0,0 +1,73 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_policychecker.h
+ *
+ * Header file for policy checker.
+ *
+ */
+
+#ifndef _PKIX_POLICYCHECKER_H
+#define _PKIX_POLICYCHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct PKIX_PolicyCheckerStateStruct PKIX_PolicyCheckerState;
+
+struct PKIX_PolicyCheckerStateStruct{
+        PKIX_PL_OID *certPoliciesExtension;             /* const */
+        PKIX_PL_OID *policyMappingsExtension;           /* const */
+        PKIX_PL_OID *policyConstraintsExtension;        /* const */
+        PKIX_PL_OID *inhibitAnyPolicyExtension;         /* const */
+        PKIX_PL_OID *anyPolicyOID;                      /* const */
+        PKIX_Boolean initialIsAnyPolicy;                /* const */
+        PKIX_PolicyNode *validPolicyTree;
+        PKIX_List *userInitialPolicySet;                /* immutable */
+        PKIX_List *mappedUserInitialPolicySet;
+        PKIX_Boolean policyQualifiersRejected;
+        PKIX_Boolean initialPolicyMappingInhibit;
+        PKIX_Boolean initialExplicitPolicy;
+        PKIX_Boolean initialAnyPolicyInhibit;
+        PKIX_UInt32 explicitPolicy;
+        PKIX_UInt32 inhibitAnyPolicy;
+        PKIX_UInt32 policyMapping;
+        PKIX_UInt32 numCerts;
+        PKIX_UInt32 certsProcessed;
+        PKIX_PolicyNode *anyPolicyNodeAtBottom;
+        PKIX_PolicyNode *newAnyPolicyNode;
+        /*
+         * The following variables do not survive from one
+         * certificate to the next. They are needed at each
+         * level of recursive routines, any by placing them
+         * in the state object we can pass fewer arguments.
+         */
+        PKIX_Boolean certPoliciesCritical;
+        PKIX_List *mappedPolicyOIDs;
+};
+
+PKIX_Error *
+pkix_PolicyChecker_Initialize(
+        PKIX_List *initialPolicies,
+        PKIX_Boolean policyQualifiersRejected,
+        PKIX_Boolean initialPolicyMappingInhibit,
+        PKIX_Boolean initialExplicitPolicy,
+        PKIX_Boolean initialAnyPolicyInhibit,
+        PKIX_UInt32 numCerts,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext);
+
+/* --Private-Functions-------------------------------------------- */
+
+PKIX_Error *
+pkix_PolicyCheckerState_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_POLICYCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c
new file mode 100755
index 0000000..7bed9b8
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c
@@ -0,0 +1,475 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_revocationchecker.c
+ *
+ * RevocationChecker Object Functions
+ *
+ */
+
+#include "pkix_revocationchecker.h"
+#include "pkix_tools.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_RevocationChecker_Destroy
+ *      (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_RevocationChecker_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_RevocationChecker *checker = NULL;
+
+        PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a revocation checker */
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
+                    PKIX_OBJECTNOTREVOCATIONCHECKER);
+
+        checker = (PKIX_RevocationChecker *)object;
+
+        PKIX_DECREF(checker->leafMethodList);
+        PKIX_DECREF(checker->chainMethodList);
+        
+cleanup:
+
+        PKIX_RETURN(REVOCATIONCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_RevocationChecker_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_RevocationChecker_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_RevocationChecker *checker = NULL;
+        PKIX_RevocationChecker *checkerDuplicate = NULL;
+        PKIX_List *dupLeafList = NULL;
+        PKIX_List *dupChainList = NULL;
+
+        PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_REVOCATIONCHECKER_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTCHAINCHECKER);
+
+        checker = (PKIX_RevocationChecker *)object;
+
+        if (checker->leafMethodList){
+                PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            ((PKIX_PL_Object *)checker->leafMethodList,
+                            (PKIX_PL_Object **)&dupLeafList,
+                            plContext),
+                            PKIX_OBJECTDUPLICATEFAILED);
+        }
+        if (checker->chainMethodList){
+                PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            ((PKIX_PL_Object *)checker->chainMethodList,
+                            (PKIX_PL_Object **)&dupChainList,
+                            plContext),
+                            PKIX_OBJECTDUPLICATEFAILED);
+        }
+
+        PKIX_CHECK(
+            PKIX_RevocationChecker_Create(checker->leafMethodListFlags,
+                                          checker->chainMethodListFlags,
+                                          &checkerDuplicate,
+                                          plContext),
+            PKIX_REVOCATIONCHECKERCREATEFAILED);
+
+        checkerDuplicate->leafMethodList = dupLeafList;
+        checkerDuplicate->chainMethodList = dupChainList;
+        dupLeafList = NULL;
+        dupChainList = NULL;
+
+        *pNewObject = (PKIX_PL_Object *)checkerDuplicate;
+
+cleanup:
+        PKIX_DECREF(dupLeafList);
+        PKIX_DECREF(dupChainList);
+
+        PKIX_RETURN(REVOCATIONCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_RevocationChecker_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_REVOCATIONCHECKER_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_RevocationChecker_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(REVOCATIONCHECKER, "pkix_RevocationChecker_RegisterSelf");
+
+        entry.description = "RevocationChecker";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_RevocationChecker);
+        entry.destructor = pkix_RevocationChecker_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_RevocationChecker_Duplicate;
+
+        systemClasses[PKIX_REVOCATIONCHECKER_TYPE] = entry;
+
+        PKIX_RETURN(REVOCATIONCHECKER);
+}
+
+/* Sort methods by their priorities (lower priority = higher preference) */
+static PKIX_Error *
+pkix_RevocationChecker_SortComparator(
+        PKIX_PL_Object *obj1,
+        PKIX_PL_Object *obj2,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+    pkix_RevocationMethod *method1 = NULL, *method2 = NULL;
+    
+    PKIX_ENTER(BUILD, "pkix_RevocationChecker_SortComparator");
+    
+    method1 = (pkix_RevocationMethod *)obj1;
+    method2 = (pkix_RevocationMethod *)obj2;
+    
+    if (method1->priority < method2->priority) {
+      *pResult = -1;
+    } else if (method1->priority > method2->priority) {
+      *pResult = 1;
+    } else {
+      *pResult = 0;
+    }
+    
+    PKIX_RETURN(BUILD);
+}
+
+
+/* --Public-Functions--------------------------------------------- */
+
+
+/*
+ * FUNCTION: PKIX_RevocationChecker_Create (see comments in pkix_revchecker.h)
+ */
+PKIX_Error *
+PKIX_RevocationChecker_Create(
+    PKIX_UInt32 leafMethodListFlags,
+    PKIX_UInt32 chainMethodListFlags,
+    PKIX_RevocationChecker **pChecker,
+    void *plContext)
+{
+    PKIX_RevocationChecker *checker = NULL;
+    
+    PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Create");
+    PKIX_NULLCHECK_ONE(pChecker);
+    
+    PKIX_CHECK(
+        PKIX_PL_Object_Alloc(PKIX_REVOCATIONCHECKER_TYPE,
+                             sizeof (PKIX_RevocationChecker),
+                             (PKIX_PL_Object **)&checker,
+                             plContext),
+        PKIX_COULDNOTCREATECERTCHAINCHECKEROBJECT);
+    
+    checker->leafMethodListFlags = leafMethodListFlags;
+    checker->chainMethodListFlags = chainMethodListFlags;
+    checker->leafMethodList = NULL;
+    checker->chainMethodList = NULL;
+    
+    *pChecker = checker;
+    checker = NULL;
+    
+cleanup:
+    PKIX_DECREF(checker);
+    
+    PKIX_RETURN(REVOCATIONCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_RevocationChecker_CreateAndAddMethod
+ */
+PKIX_Error *
+PKIX_RevocationChecker_CreateAndAddMethod(
+    PKIX_RevocationChecker *revChecker,
+    PKIX_ProcessingParams *params,
+    PKIX_RevocationMethodType methodType,
+    PKIX_UInt32 flags,
+    PKIX_UInt32 priority,
+    PKIX_PL_VerifyCallback verificationFn,
+    PKIX_Boolean isLeafMethod,
+    void *plContext)
+{
+    PKIX_List **methodList = NULL;
+    PKIX_List  *unsortedList = NULL;
+    PKIX_List  *certStores = NULL;
+    pkix_RevocationMethod *method = NULL;
+    pkix_LocalRevocationCheckFn *localRevChecker = NULL;
+    pkix_ExternalRevocationCheckFn *externRevChecker = NULL;
+    PKIX_UInt32 miFlags;
+    
+    PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_CreateAndAddMethod");
+    PKIX_NULLCHECK_ONE(revChecker);
+
+    /* If the caller has said "Either one is sufficient, then don't let the 
+     * absence of any one method's info lead to an overall failure.
+     */
+    miFlags = isLeafMethod ? revChecker->leafMethodListFlags 
+	                   : revChecker->chainMethodListFlags;
+    if (miFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE)
+	flags &= ~PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO;
+
+    switch (methodType) {
+    case PKIX_RevocationMethod_CRL:
+        localRevChecker = pkix_CrlChecker_CheckLocal;
+        externRevChecker = pkix_CrlChecker_CheckExternal;
+        PKIX_CHECK(
+            PKIX_ProcessingParams_GetCertStores(params, &certStores,
+                                                plContext),
+            PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
+        PKIX_CHECK(
+            pkix_CrlChecker_Create(methodType, flags, priority,
+                                   localRevChecker, externRevChecker,
+                                   certStores, verificationFn,
+                                   &method,
+                                   plContext),
+            PKIX_COULDNOTCREATECRLCHECKEROBJECT);
+        break;
+    case PKIX_RevocationMethod_OCSP:
+        localRevChecker = pkix_OcspChecker_CheckLocal;
+        externRevChecker = pkix_OcspChecker_CheckExternal;
+        PKIX_CHECK(
+            pkix_OcspChecker_Create(methodType, flags, priority,
+                                    localRevChecker, externRevChecker,
+                                    verificationFn,
+                                    &method,
+                                    plContext),
+            PKIX_COULDNOTCREATEOCSPCHECKEROBJECT);
+        break;
+    default:
+        PKIX_ERROR(PKIX_INVALIDREVOCATIONMETHOD);
+    }
+
+    if (isLeafMethod) {
+        methodList = &revChecker->leafMethodList;
+    } else {
+        methodList = &revChecker->chainMethodList;
+    }
+    
+    if (*methodList == NULL) {
+        PKIX_CHECK(
+            PKIX_List_Create(methodList, plContext),
+            PKIX_LISTCREATEFAILED);
+    }
+    unsortedList = *methodList;
+    PKIX_CHECK(
+        PKIX_List_AppendItem(unsortedList, (PKIX_PL_Object*)method, plContext),
+        PKIX_LISTAPPENDITEMFAILED);
+    PKIX_CHECK(
+        pkix_List_BubbleSort(unsortedList, 
+                             pkix_RevocationChecker_SortComparator,
+                             methodList, plContext),
+        PKIX_LISTBUBBLESORTFAILED);
+
+cleanup:
+    PKIX_DECREF(method);
+    PKIX_DECREF(unsortedList);
+    PKIX_DECREF(certStores);
+    
+    PKIX_RETURN(REVOCATIONCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_RevocationChecker_Check
+ */
+PKIX_Error *
+PKIX_RevocationChecker_Check(
+    PKIX_PL_Cert *cert,
+    PKIX_PL_Cert *issuer,
+    PKIX_RevocationChecker *revChecker,
+    PKIX_ProcessingParams *procParams,
+    PKIX_Boolean chainVerificationState,
+    PKIX_Boolean testingLeafCert,
+    PKIX_RevocationStatus *pRevStatus,
+    PKIX_UInt32 *pReasonCode,
+    void **pNbioContext,
+    void *plContext)
+{
+    PKIX_RevocationStatus overallStatus = PKIX_RevStatus_NoInfo;
+    PKIX_RevocationStatus methodStatus[PKIX_RevocationMethod_MAX];
+    PKIX_Boolean onlyUseRemoteMethods = PKIX_FALSE;
+    PKIX_UInt32 revFlags = 0;
+    PKIX_List *revList = NULL;
+    PKIX_PL_Date *date = NULL;
+    pkix_RevocationMethod *method = NULL;
+    void *nbioContext;
+    int tries;
+    
+    PKIX_ENTER(REVOCATIONCHECKER, "PKIX_RevocationChecker_Check");
+    PKIX_NULLCHECK_TWO(revChecker, procParams);
+
+    nbioContext = *pNbioContext;
+    *pNbioContext = NULL;
+    
+    if (testingLeafCert) {
+        revList = revChecker->leafMethodList;
+        revFlags = revChecker->leafMethodListFlags;        
+    } else {
+        revList = revChecker->chainMethodList;
+        revFlags = revChecker->chainMethodListFlags;
+    }
+    if (!revList) {
+        /* Return NoInfo status */
+        goto cleanup;
+    }
+
+    PORT_Memset(methodStatus, PKIX_RevStatus_NoInfo,
+                sizeof(PKIX_RevocationStatus) * PKIX_RevocationMethod_MAX);
+
+    date = procParams->date;
+
+    /* Need to have two loops if we testing all local info first:
+     *    first we are going to test all local(cached) info
+     *    second, all remote info(fetching) */
+    for (tries = 0;tries < 2;tries++) {
+        unsigned int methodNum = 0;
+        for (;methodNum < revList->length;methodNum++) {
+            PKIX_UInt32 methodFlags = 0;
+
+            PKIX_DECREF(method);
+            PKIX_CHECK(
+                PKIX_List_GetItem(revList, methodNum,
+                                  (PKIX_PL_Object**)&method, plContext),
+                PKIX_LISTGETITEMFAILED);
+            methodFlags = method->flags;
+            if (!(methodFlags & PKIX_REV_M_TEST_USING_THIS_METHOD)) {
+                /* Will not check with this method. Skipping... */
+                continue;
+            }
+            if (!onlyUseRemoteMethods &&
+                methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
+                PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
+                PKIX_CHECK_NO_GOTO(
+                    (*method->localRevChecker)(cert, issuer, date,
+                                               method, procParams,
+                                               methodFlags, 
+                                               chainVerificationState,
+                                               &revStatus,
+                                               (CERTCRLEntryReasonCode *)pReasonCode,
+                                               plContext),
+                    PKIX_REVCHECKERCHECKFAILED);
+                methodStatus[methodNum] = revStatus;
+                if (revStatus == PKIX_RevStatus_Revoked) {
+                    /* if error was generated use it as final error. */
+                    overallStatus = PKIX_RevStatus_Revoked;
+                    goto cleanup;
+                }
+                if (pkixErrorResult) {
+                    /* Disregard errors. Only returned revStatus matters. */
+                    PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
+                                          plContext);
+                    pkixErrorResult = NULL;
+                }
+            }
+            if ((!(revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST) ||
+                 onlyUseRemoteMethods) &&
+                chainVerificationState &&
+                methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
+                if (!(methodFlags & PKIX_REV_M_FORBID_NETWORK_FETCHING)) {
+                    PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
+                    PKIX_CHECK_NO_GOTO(
+                        (*method->externalRevChecker)(cert, issuer, date,
+                                                      method,
+                                                      procParams, methodFlags,
+                                                      &revStatus,
+                                                      (CERTCRLEntryReasonCode *)pReasonCode,
+                                                      &nbioContext, plContext),
+                        PKIX_REVCHECKERCHECKFAILED);
+                    methodStatus[methodNum] = revStatus;
+                    if (revStatus == PKIX_RevStatus_Revoked) {
+                        /* if error was generated use it as final error. */
+                        overallStatus = PKIX_RevStatus_Revoked;
+                        goto cleanup;
+                    }
+                    if (pkixErrorResult) {
+                        /* Disregard errors. Only returned revStatus matters. */
+                        PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorResult,
+                                              plContext);
+                        pkixErrorResult = NULL;
+                    }
+                } else if (methodFlags &
+                           PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO) {
+                    /* Info is not in the local cache. Network fetching is not
+                     * allowed. If need to fail on missing fresh info for the
+                     * the method, then we should fail right here.*/
+                    overallStatus = PKIX_RevStatus_Revoked;
+                    goto cleanup;
+                }
+            }
+            /* If success and we should not check the next method, then
+             * return a success. */
+            if (methodStatus[methodNum] == PKIX_RevStatus_Success &&
+                !(methodFlags & PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO)) {
+                overallStatus = PKIX_RevStatus_Success;
+                goto cleanup;
+            }
+        } /* inner loop */
+        if (!onlyUseRemoteMethods &&
+            revFlags & PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST &&
+            chainVerificationState) {
+            onlyUseRemoteMethods = PKIX_TRUE;
+            continue;
+        }
+        break;
+    } /* outer loop */
+    
+    if (overallStatus == PKIX_RevStatus_NoInfo &&
+        chainVerificationState) {
+        /* The following check makes sence only for chain
+         * validation step, sinse we do not fetch info while
+         * in the process of finding trusted anchor. 
+         * For chain building step it is enough to know, that
+         * the cert was not directly revoked by any of the
+         * methods. */
+
+        /* Still have no info. But one of the method could
+         * have returned success status(possible if CONTINUE
+         * TESTING ON FRESH INFO flag was used).
+         * If any of the methods have returned Success status,
+         * the overallStatus should be success. */
+        int methodNum = 0;
+        for (;methodNum < PKIX_RevocationMethod_MAX;methodNum++) {
+            if (methodStatus[methodNum] == PKIX_RevStatus_Success) {
+                overallStatus = PKIX_RevStatus_Success;
+                goto cleanup;
+            }
+        }
+        if (revFlags & PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE) {
+            overallStatus = PKIX_RevStatus_Revoked;
+        }
+    }
+
+cleanup:
+    *pRevStatus = overallStatus;
+    PKIX_DECREF(method);
+
+    PKIX_RETURN(REVOCATIONCHECKER);
+}
+
diff --git a/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h
new file mode 100755
index 0000000..20dfe37
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h
@@ -0,0 +1,151 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_revocationchecker.h
+ *
+ * RevocationChecker Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_REVOCATIONCHECKER_H
+#define _PKIX_REVOCATIONCHECKER_H
+
+#include "pkixt.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* NOTE: nbio logistic removed. Will be replaced later. */
+
+/*
+ * All Flags are prefixed by CERT_REV_M_, where _M_ indicates
+ * this is a method dependent flag.
+ */
+
+/*
+ * Whether or not to use a method for revocation testing.
+ * If set to "do not test", then all other flags are ignored.
+ */
+#define PKIX_REV_M_DO_NOT_TEST_USING_THIS_METHOD     0x00L
+#define PKIX_REV_M_TEST_USING_THIS_METHOD            0x01L
+
+/*
+ * Whether or not NSS is allowed to attempt to fetch fresh information
+ *         from the network.
+ * (Although fetching will never happen if fresh information for the
+ *           method is already locally available.)
+ */
+#define PKIX_REV_M_ALLOW_NETWORK_FETCHING            0x00L
+#define PKIX_REV_M_FORBID_NETWORK_FETCHING           0x02L
+
+/*
+ * Example for an implicit default source:
+ *         The globally configured default OCSP responder.
+ * IGNORE means:
+ *        ignore the implicit default source, whether it's configured or not.
+ * ALLOW means:
+ *       if an implicit default source is configured, 
+ *          then it overrides any available or missing source in the cert.
+ *       if no implicit default source is configured,
+ *          then we continue to use what's available (or not available) 
+ *          in the certs.
+ */ 
+#define PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE     0x00L
+#define PKIX_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE    0x04L /* OCSP only */
+
+/*
+ * Defines the behavior if no fresh information is available,
+ *   fetching from the network is allowed, but the source of revocation
+ *   information is unknown (even after considering implicit sources,
+ *   if allowed by other flags).
+ * SKIPT_TEST means:
+ *          We ignore that no fresh information is available and 
+ *          skip this test.
+ * REQUIRE_INFO means:
+ *          We still require that fresh information is available.
+ *          Other flags define what happens on missing fresh info.
+ */
+
+#define PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE       0x00L
+#define PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE    0x08L
+
+/*
+ * Defines the behavior if we are unable to obtain fresh information.
+ * INGORE means:
+ *      Return "cert status unknown"
+ * FAIL means:
+ *      Return "cert revoked".
+ */
+
+#define PKIX_REV_M_IGNORE_MISSING_FRESH_INFO         0x00L
+#define PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO        0x10L
+
+/*
+ * What should happen if we were able to find fresh information using
+ * this method, and the data indicated the cert is good?
+ * STOP_TESTING means:
+ *              Our success is sufficient, do not continue testing
+ *              other methods.
+ * CONTINUE_TESTING means:
+ *                  We will continue and test the next allowed
+ *                  specified method.
+ */
+
+#define PKIX_REV_M_STOP_TESTING_ON_FRESH_INFO        0x00L
+#define PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO    0x20L
+
+/*
+ * All Flags are prefixed by PKIX_REV_MI_, where _MI_ indicates
+ * this is a method independent flag.
+ */
+
+/*
+ * This defines the order to checking.
+ * EACH_METHOD_SEPARATELY means:
+ *      Do all tests related to a particular allowed method
+ *      (both local information and network fetching) in a single step.
+ *      Only after testing for a particular method is done,
+ *      then switching to the next method will happen.
+ * ALL_LOCAL_INFORMATION_FIRST means:
+ *      Start by testing the information for all allowed methods
+ *      which are already locally available. Only after that is done
+ *      consider to fetch from the network (as allowed by other flags).
+ */
+#define PKIX_REV_MI_TEST_EACH_METHOD_SEPARATELY       0x00L
+#define PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST  0x01L
+
+/*
+ * Use this flag to specify that it's necessary that fresh information
+ * is available for at least one of the allowed methods, but it's
+ * irrelevant which of the mechanisms succeeded.
+ * NO_OVERALL_INFO_REQUIREMENT means:
+ *     We strictly follow the requirements for each individual method.
+ * REQUIRE_SOME_FRESH_INFO_AVAILABLE means:
+ *     After the individual tests have been executed, we must have
+ *     been able to find fresh information using at least one method.
+ *     If we were unable to find fresh info, it's a failure.
+ */
+#define PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT       0x00L
+#define PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 0x02L
+
+/* Defines check time for the cert, revocation methods lists and
+ * flags for leaf and chain certs revocation tests. */
+struct PKIX_RevocationCheckerStruct {
+    PKIX_List *leafMethodList;
+    PKIX_List *chainMethodList;
+    PKIX_UInt32 leafMethodListFlags;
+    PKIX_UInt32 chainMethodListFlags;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_RevocationChecker_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_REVOCATIONCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c b/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c
new file mode 100644
index 0000000..ee18dde
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.c
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_revocationmethod.c
+ *
+ * RevocationMethod Object Functions
+ *
+ */
+
+#include "pkix_revocationmethod.h"
+#include "pkix_tools.h"
+
+/* Constructor of revocation method object. Does not create an object,
+ * but just initializez PKIX_RevocationMethodStruct fields. Object
+ * suppose to be already created. */
+PKIX_Error *
+pkix_RevocationMethod_Init(
+    pkix_RevocationMethod *method,
+    PKIX_RevocationMethodType methodType,
+    PKIX_UInt32 flags,
+    PKIX_UInt32 priority,
+    pkix_LocalRevocationCheckFn localRevChecker,
+    pkix_ExternalRevocationCheckFn externalRevChecker,
+    void *plContext) 
+{
+    PKIX_ENTER(REVOCATIONMETHOD, "PKIX_RevocationMethod_Init");
+    
+    method->methodType = methodType;
+    method->flags = flags;
+    method->priority = priority;
+    method->localRevChecker = localRevChecker;
+    method->externalRevChecker = externalRevChecker;
+
+    PKIX_RETURN(REVOCATIONMETHOD);
+}
+
+/* Data duplication data. Not create an object. Only initializes fields
+ * in the new object by data from "object". */
+PKIX_Error *
+pkix_RevocationMethod_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object *newObject,
+        void *plContext)
+{
+        pkix_RevocationMethod *method = NULL;
+
+        PKIX_ENTER(REVOCATIONMETHOD, "pkix_RevocationMethod_Duplicate");
+        PKIX_NULLCHECK_TWO(object, newObject);
+
+        method = (pkix_RevocationMethod *)object;
+
+        PKIX_CHECK(
+            pkix_RevocationMethod_Init((pkix_RevocationMethod*)newObject,
+                                       method->methodType,
+                                       method->flags,
+                                       method->priority,
+                                       method->localRevChecker,
+                                       method->externalRevChecker,
+                                       plContext),
+            PKIX_COULDNOTCREATEREVOCATIONMETHODOBJECT);
+
+cleanup:
+
+        PKIX_RETURN(REVOCATIONMETHOD);
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h
new file mode 100644
index 0000000..a97c762
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h
@@ -0,0 +1,81 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_revocationmethod.h
+ *
+ * RevocationMethod Object
+ *
+ */
+
+#ifndef _PKIX_REVOCATIONMETHOD_H
+#define _PKIX_REVOCATIONMETHOD_H
+
+#include "pkixt.h"
+#include "pkix_revocationchecker.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct pkix_RevocationMethodStruct pkix_RevocationMethod;
+
+/* Local revocation check function prototype definition.
+ * Revocation methods capable of checking revocation though local
+ * means(cache) should implement this prototype. */
+typedef PKIX_Error *
+pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
+                            PKIX_PL_Date *date, 
+                            pkix_RevocationMethod *checkerObject,
+                            PKIX_ProcessingParams *procParams,
+                            PKIX_UInt32 methodFlags,
+                            PKIX_Boolean chainVerificationState,
+                            PKIX_RevocationStatus *pRevStatus,
+                            CERTCRLEntryReasonCode *reasonCode,
+                            void *plContext);
+
+/* External revocation check function prototype definition.
+ * Revocation methods that required external communications(crldp
+ * ocsp) shoult implement this prototype. */
+typedef PKIX_Error *
+pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
+                               PKIX_PL_Date *date,
+                               pkix_RevocationMethod *checkerObject,
+                               PKIX_ProcessingParams *procParams,
+                               PKIX_UInt32 methodFlags,
+                               PKIX_RevocationStatus *pRevStatus,
+                               CERTCRLEntryReasonCode *reasonCode,
+                               void **pNBIOContext, void *plContext);
+
+/* Revocation method structure assosiates revocation types with
+ * a set of flags on the method, a priority of the method (0
+ * corresponds to the highest priority), and method local/external
+ * checker functions. */
+struct pkix_RevocationMethodStruct {
+    PKIX_RevocationMethodType methodType;
+    PKIX_UInt32 flags;
+    PKIX_UInt32 priority;
+    pkix_LocalRevocationCheckFn (*localRevChecker);
+    pkix_ExternalRevocationCheckFn (*externalRevChecker);
+};
+
+PKIX_Error *
+pkix_RevocationMethod_Duplicate(PKIX_PL_Object *object,
+                                PKIX_PL_Object *newObject,
+                                void *plContext);
+
+PKIX_Error *
+pkix_RevocationMethod_Init(pkix_RevocationMethod *method,
+                           PKIX_RevocationMethodType methodType,
+                           PKIX_UInt32 flags,
+                           PKIX_UInt32 priority,
+                           pkix_LocalRevocationCheckFn localRevChecker,
+                           pkix_ExternalRevocationCheckFn externalRevChecker,
+                           void *plContext);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_REVOCATIONMETHOD_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c b/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
new file mode 100755
index 0000000..0ed9ffa
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.c
@@ -0,0 +1,443 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_signaturechecker.c
+ *
+ * Functions for signature validation
+ *
+ */
+
+#include "pkix_signaturechecker.h"
+
+/*
+ * FUNCTION: pkix_SignatureCheckerstate_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_SignatureCheckerState_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        pkix_SignatureCheckerState *state = NULL;
+
+        PKIX_ENTER(SIGNATURECHECKERSTATE,
+                    "pkix_SignatureCheckerState_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a signature checker state */
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_SIGNATURECHECKERSTATE_TYPE, plContext),
+                    PKIX_OBJECTNOTSIGNATURECHECKERSTATE);
+
+        state = (pkix_SignatureCheckerState *) object;
+
+        state->prevCertCertSign = PKIX_FALSE;
+
+        PKIX_DECREF(state->prevPublicKey);
+        PKIX_DECREF(state->prevPublicKeyList);
+        PKIX_DECREF(state->keyUsageOID);
+
+cleanup:
+
+        PKIX_RETURN(SIGNATURECHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_SignatureCheckerState_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_SIGNATURECHECKERSTATE_TYPE and its related functions
+ *  with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_SignatureCheckerState_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(SIGNATURECHECKERSTATE,
+                    "pkix_SignatureCheckerState_RegisterSelf");
+
+        entry.description = "SignatureCheckerState";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(pkix_SignatureCheckerState);
+        entry.destructor = pkix_SignatureCheckerState_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_SIGNATURECHECKERSTATE_TYPE] = entry;
+
+        PKIX_RETURN(SIGNATURECHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_SignatureCheckerState_Create
+ *
+ * DESCRIPTION:
+ *  Allocate and initialize SignatureChecker state data.
+ *
+ * PARAMETERS
+ *  "trustedPubKey"
+ *      Address of trusted Anchor Public Key for verifying first Cert in the
+ *      chain. Must be non-NULL.
+ *  "certsRemaining"
+ *      Number of certificates remaining in the chain.
+ *  "pCheckerState"
+ *      Address where SignatureCheckerState will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a SignatureCheckerState Error if the function fails in a
+ *  non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_SignatureCheckerState_Create(
+    PKIX_PL_PublicKey *trustedPubKey,
+    PKIX_UInt32 certsRemaining,
+    pkix_SignatureCheckerState **pCheckerState,
+    void *plContext)
+{
+        pkix_SignatureCheckerState *state = NULL;
+        PKIX_PL_OID *keyUsageOID = NULL;
+
+        PKIX_ENTER(SIGNATURECHECKERSTATE, "pkix_SignatureCheckerState_Create");
+        PKIX_NULLCHECK_TWO(trustedPubKey, pCheckerState);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_SIGNATURECHECKERSTATE_TYPE,
+                    sizeof (pkix_SignatureCheckerState),
+                    (PKIX_PL_Object **)&state,
+                    plContext),
+                    PKIX_COULDNOTCREATESIGNATURECHECKERSTATEOBJECT);
+
+        /* Initialize fields */
+
+        state->prevCertCertSign = PKIX_TRUE;
+        state->prevPublicKeyList = NULL;
+        state->certsRemaining = certsRemaining;
+
+        PKIX_INCREF(trustedPubKey);
+        state->prevPublicKey = trustedPubKey;
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                    (PKIX_CERTKEYUSAGE_OID,
+                    &keyUsageOID,
+                    plContext),
+                    PKIX_OIDCREATEFAILED);
+
+        state->keyUsageOID = keyUsageOID;
+        keyUsageOID = NULL;
+
+        *pCheckerState = state;
+        state = NULL;
+
+cleanup:
+
+        PKIX_DECREF(keyUsageOID);
+        PKIX_DECREF(state); 
+
+        PKIX_RETURN(SIGNATURECHECKERSTATE);
+}
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_SignatureChecker_Check
+ * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
+ */
+PKIX_Error *
+pkix_SignatureChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,
+        void **pNBIOContext,
+        void *plContext)
+{
+        pkix_SignatureCheckerState *state = NULL;
+        PKIX_PL_PublicKey *prevPubKey = NULL;
+        PKIX_PL_PublicKey *currPubKey = NULL;
+        PKIX_PL_PublicKey *newPubKey = NULL;
+        PKIX_PL_PublicKey *pKey = NULL;
+        PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
+        PKIX_Error *checkKeyUsageFail = NULL;
+        PKIX_Error *verifyFail = NULL;
+        PKIX_Boolean certVerified = PKIX_FALSE;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_SignatureChecker_Check");
+        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
+
+        *pNBIOContext = NULL; /* we never block on pending I/O */
+
+        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                    (checker, (PKIX_PL_Object **)&state, plContext),
+                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        (state->certsRemaining)--;
+
+        PKIX_INCREF(state->prevPublicKey);
+        prevPubKey = state->prevPublicKey;
+
+        /*
+         * Previous Cert doesn't have CertSign bit on for signature
+         * verification and it is not a self-issued Cert so there is no
+         * old key saved. This is considered error.
+         */
+        if (state->prevCertCertSign == PKIX_FALSE &&
+                state->prevPublicKeyList == NULL) {
+                    PKIX_ERROR(PKIX_KEYUSAGEKEYCERTSIGNBITNOTON);
+        }
+
+        /* Previous Cert is valid for signature verification, try it first */
+        if (state->prevCertCertSign == PKIX_TRUE) {
+                verifyFail = PKIX_PL_Cert_VerifySignature
+                        (cert, prevPubKey, plContext);
+                if (verifyFail == NULL) {
+                        certVerified = PKIX_TRUE;
+                } else {
+                        certVerified = PKIX_FALSE;
+                }
+        }
+
+#ifdef NIST_TEST_4_5_4_AND_4_5_6
+
+        /*
+         * Following codes under this compiler flag is implemented for
+         * special cases of NIST tests 4.5.4 and 4.5.6. We are not sure
+         * we should handle these two tests as what is implemented so the
+         * codes are commented out, and the tests fails (for now).
+         * For Cert chain validation, our assumption is all the Certs on
+         * the chain are using its previous Cert's public key to decode
+         * its current key. But for thses two tests, keys are used not
+         * in this precedent order, we can either
+         * 1) Use what is implemented here: take in what Cert order NIST
+         *    specified and for continuous self-issued Certs, stacking up
+         *    their keys and tries all of them in FILO order.
+         *    But this method breaks the idea of chain key presdency.
+         * 2) Use Build Chain facility: we will specify the valid Certs
+         *    order (means key precedency is kept) and count on Build Chain
+         *    to get the Certs that can fill for the needed keys. This may have
+         *    performance impact.
+         * 3) Fetch Certs from CertStore: we will specifiy the valid Certs
+         *    order and use CertSelector on SubjectName to get a list of
+         *    candidates Certs to fill in for the needed keys.
+         * Anyhow, the codes are kept around just in case we want to use
+         * solution one...
+         */
+
+        /* If failed and previous key is self-issued, try its old key(s) */
+        if (certVerified == PKIX_FALSE && state->prevPublicKeyList != NULL) {
+
+                /* Verify from keys on the list */
+                PKIX_CHECK(PKIX_List_GetLength
+                        (state->prevPublicKeyList, &numKeys, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                for (i = numKeys - 1; i >= 0; i--) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (state->prevPublicKeyList,
+                                i,
+                                (PKIX_PL_Object **) &pKey,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        PKIX_DECREF(verifyFail);
+                        verifyFail = PKIX_PL_Cert_VerifySignature
+                                (cert, pKey, plContext);
+
+                        if (verifyFail == NULL) {
+                                certVerified = PKIX_TRUE;
+                                break;
+                        } else {
+                                certVerified = PKIX_FALSE;
+                        }
+
+                        PKIX_DECREF(pKey);
+                }
+        }
+#endif
+
+        if (certVerified == PKIX_FALSE) {
+                pkixErrorResult = verifyFail;
+                verifyFail = NULL;
+                PKIX_ERROR(PKIX_VALIDATIONFAILEDCERTSIGNATURECHECKING);
+        }
+
+#ifdef NIST_TEST_4_5_4_AND_4_5_6
+        /*
+         * Check if Cert is self-issued. If so, the old key(s) is saved, in
+         * conjunction to the new key, for verifying CERT validity later.
+         */
+        PKIX_CHECK(pkix_IsCertSelfIssued(cert, &selfIssued, plContext),
+                    PKIX_ISCERTSELFISSUEFAILED);
+
+        /*
+         * Check if Cert is self-issued. If so, the public key of the Cert
+         * that issues this Cert (old key) can be used together with this
+         * current key (new key) for key verification. If there are multiple
+         * self-issued certs, keys of those Certs (old keys) can also be used
+         * for key verification. Old key(s) is saved in a list (PrevPublickKey-
+         * List) and cleared when a Cert is no longer self-issued. PrevPublic-
+         * Key keep key of the previous Cert.
+         */
+        if (selfIssued == PKIX_TRUE) {
+
+            /* Make sure previous Cert is valid for signature verification */
+            if (state->prevCertCertSign == PKIX_TRUE) {
+
+                if (state->prevPublicKeyList == NULL) {
+
+                        PKIX_CHECK(PKIX_List_Create
+                                (&state->prevPublicKeyList, plContext),
+                                PKIX_LISTCREATEFALIED);
+
+                }
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                            (state->prevPublicKeyList,
+                            (PKIX_PL_Object *) state->prevPublicKey,
+                            plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+            }
+
+        } else {
+            /* Not self-issued Cert any more, clear old key(s) saved */
+            PKIX_DECREF(state->prevPublicKeyList);
+        }
+#endif
+
+        /* Save current key as prevPublicKey */
+        PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
+                    (cert, &currPubKey, plContext),
+                    PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
+
+        PKIX_CHECK(PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
+                    (currPubKey, prevPubKey, &newPubKey, plContext),
+                    PKIX_PUBLICKEYMAKEINHERITEDDSAPUBLICKEYFAILED);
+
+        if (newPubKey == NULL){
+                PKIX_INCREF(currPubKey);
+                newPubKey = currPubKey;
+        }
+
+        PKIX_INCREF(newPubKey);
+        PKIX_DECREF(state->prevPublicKey);
+
+        state->prevPublicKey = newPubKey;
+
+        /* Save this Cert key usage CertSign bit */
+        if (state->certsRemaining != 0) {
+                checkKeyUsageFail = PKIX_PL_Cert_VerifyKeyUsage
+                        (cert, PKIX_KEY_CERT_SIGN, plContext);
+
+                state->prevCertCertSign = (checkKeyUsageFail == NULL)?
+                        PKIX_TRUE:PKIX_FALSE;
+
+                PKIX_DECREF(checkKeyUsageFail);
+        }
+
+        /* Remove Key Usage Extension OID from list */
+        if (unresolvedCriticalExtensions != NULL) {
+
+                PKIX_CHECK(pkix_List_Remove
+                            (unresolvedCriticalExtensions,
+                            (PKIX_PL_Object *) state->keyUsageOID,
+                            plContext),
+                            PKIX_LISTREMOVEFAILED);
+        }
+
+        PKIX_CHECK(PKIX_CertChainChecker_SetCertChainCheckerState
+                    (checker, (PKIX_PL_Object *)state, plContext),
+                    PKIX_CERTCHAINCHECKERSETCERTCHAINCHECKERSTATEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(state);
+        PKIX_DECREF(pKey);
+        PKIX_DECREF(prevPubKey);
+        PKIX_DECREF(currPubKey);
+        PKIX_DECREF(newPubKey);
+        PKIX_DECREF(basicConstraints);
+        PKIX_DECREF(verifyFail);
+        PKIX_DECREF(checkKeyUsageFail);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: pkix_SignatureChecker_Initialize
+ * DESCRIPTION:
+ *
+ *  Creates a new CertChainChecker and stores it at "pChecker", where it will
+ *  be used by pkix_SignatureChecker_Check to check that the public key in
+ *  the checker's state is able to successfully validate the certificate's
+ *  signature. The PublicKey pointed to by "trustedPubKey" is used to
+ *  initialize the checker's state.
+ *
+ * PARAMETERS:
+ *  "trustedPubKey"
+ *      Address of PublicKey representing the trusted public key used to
+ *      initialize the state of this checker. Must be non-NULL.
+ *  "certsRemaining"
+ *      Number of certificates remaining in the chain.
+ *  "pChecker"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_SignatureChecker_Initialize(
+        PKIX_PL_PublicKey *trustedPubKey,
+        PKIX_UInt32 certsRemaining,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext)
+{
+        pkix_SignatureCheckerState* state = NULL;
+        PKIX_ENTER(CERTCHAINCHECKER, "PKIX_SignatureChecker_Initialize");
+        PKIX_NULLCHECK_TWO(pChecker, trustedPubKey);
+
+        PKIX_CHECK(pkix_SignatureCheckerState_Create
+                    (trustedPubKey, certsRemaining, &state, plContext),
+                    PKIX_SIGNATURECHECKERSTATECREATEFAILED);
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                    (pkix_SignatureChecker_Check,
+                    PKIX_FALSE,
+                    PKIX_FALSE,
+                    NULL,
+                    (PKIX_PL_Object *) state,
+                    pChecker,
+                    plContext),
+                    PKIX_CERTCHAINCHECKERCREATEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h b/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h
new file mode 100755
index 0000000..ccfb578
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_signaturechecker.h
@@ -0,0 +1,44 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_signaturechecker.h
+ *
+ * Header file for validate signature function
+ *
+ */
+
+#ifndef _PKIX_SIGNATURECHECKER_H
+#define _PKIX_SIGNATURECHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct pkix_SignatureCheckerState pkix_SignatureCheckerState;
+
+struct pkix_SignatureCheckerState {
+        PKIX_Boolean prevCertCertSign;
+        PKIX_UInt32 certsRemaining;
+        PKIX_PL_PublicKey *prevPublicKey; /* Subject PubKey of last cert */
+        PKIX_List *prevPublicKeyList; /* of PKIX_PL_PublicKey */
+        PKIX_PL_OID *keyUsageOID;
+};
+
+PKIX_Error *
+pkix_SignatureChecker_Initialize(
+        PKIX_PL_PublicKey *trustedPubKey,
+        PKIX_UInt32 certsRemaining,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext);
+
+PKIX_Error *
+pkix_SignatureCheckerState_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_SIGNATURECHECKER_H */
diff --git a/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c b/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c
new file mode 100755
index 0000000..46fe071
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.c
@@ -0,0 +1,516 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_targetcertchecker.c
+ *
+ * Functions for target cert validation
+ *
+ */
+
+
+#include "pkix_targetcertchecker.h"
+
+/* --Private-TargetCertCheckerState-Functions------------------------------- */
+
+/*
+ * FUNCTION: pkix_TargetCertCheckerState_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TargetCertCheckerState_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        pkix_TargetCertCheckerState *state = NULL;
+
+        PKIX_ENTER(TARGETCERTCHECKERSTATE,
+                    "pkix_TargetCertCheckerState_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a target cert checker state */
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_TARGETCERTCHECKERSTATE_TYPE, plContext),
+                    PKIX_OBJECTNOTTARGETCERTCHECKERSTATE);
+
+        state = (pkix_TargetCertCheckerState *)object;
+
+        PKIX_DECREF(state->certSelector);
+        PKIX_DECREF(state->extKeyUsageOID);
+        PKIX_DECREF(state->subjAltNameOID);
+        PKIX_DECREF(state->pathToNameList);
+        PKIX_DECREF(state->extKeyUsageList);
+        PKIX_DECREF(state->subjAltNameList);
+
+cleanup:
+
+        PKIX_RETURN(TARGETCERTCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_TargetCertCheckerState_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_TARGETCERTCHECKERSTATE_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_TargetCertCheckerState_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(TARGETCERTCHECKERSTATE,
+                    "pkix_TargetCertCheckerState_RegisterSelf");
+
+        entry.description = "TargetCertCheckerState";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(pkix_TargetCertCheckerState);
+        entry.destructor = pkix_TargetCertCheckerState_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_TARGETCERTCHECKERSTATE_TYPE] = entry;
+
+        PKIX_RETURN(TARGETCERTCHECKERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_TargetCertCheckerState_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new TargetCertCheckerState using the CertSelector pointed to
+ *  by "certSelector" and the number of certs represented by "certsRemaining"
+ *  and stores it at "pState".
+ *
+ * PARAMETERS:
+ *  "certSelector"
+ *      Address of CertSelector representing the criteria against which the
+ *      final certificate in a chain is to be matched. Must be non-NULL.
+ *  "certsRemaining"
+ *      Number of certificates remaining in the chain.
+ *  "pState"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a TargetCertCheckerState Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_TargetCertCheckerState_Create(
+    PKIX_CertSelector *certSelector,
+    PKIX_UInt32 certsRemaining,
+    pkix_TargetCertCheckerState **pState,
+    void *plContext)
+{
+        pkix_TargetCertCheckerState *state = NULL;
+        PKIX_ComCertSelParams *certSelectorParams = NULL;
+        PKIX_List *pathToNameList = NULL;
+        PKIX_List *extKeyUsageList = NULL;
+        PKIX_List *subjAltNameList = NULL;
+        PKIX_PL_OID *extKeyUsageOID = NULL;
+        PKIX_PL_OID *subjAltNameOID = NULL;
+        PKIX_Boolean subjAltNameMatchAll = PKIX_TRUE;
+
+        PKIX_ENTER(TARGETCERTCHECKERSTATE,
+                    "pkix_TargetCertCheckerState_Create");
+        PKIX_NULLCHECK_ONE(pState);
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                    (PKIX_EXTENDEDKEYUSAGE_OID,
+                    &extKeyUsageOID,
+                    plContext),
+                    PKIX_OIDCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_OID_Create
+                    (PKIX_CERTSUBJALTNAME_OID,
+                    &subjAltNameOID,
+                    plContext),
+                    PKIX_OIDCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_TARGETCERTCHECKERSTATE_TYPE,
+                    sizeof (pkix_TargetCertCheckerState),
+                    (PKIX_PL_Object **)&state,
+                    plContext),
+                    PKIX_COULDNOTCREATETARGETCERTCHECKERSTATEOBJECT);
+
+        /* initialize fields */
+
+        if (certSelector != NULL) {
+
+                PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
+                        (certSelector, &certSelectorParams, plContext),
+                        PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMFAILED);
+
+                if (certSelectorParams != NULL) {
+
+                        PKIX_CHECK(PKIX_ComCertSelParams_GetPathToNames
+                            (certSelectorParams,
+                            &pathToNameList,
+                            plContext),
+                            PKIX_COMCERTSELPARAMSGETPATHTONAMESFAILED);
+
+                        PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
+                            (certSelectorParams,
+                            &extKeyUsageList,
+                            plContext),
+                            PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
+
+                        PKIX_CHECK(PKIX_ComCertSelParams_GetSubjAltNames
+                            (certSelectorParams,
+                            &subjAltNameList,
+                            plContext),
+                            PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
+
+                        PKIX_CHECK(PKIX_ComCertSelParams_GetMatchAllSubjAltNames
+                            (certSelectorParams,
+                            &subjAltNameMatchAll,
+                            plContext),
+                            PKIX_COMCERTSELPARAMSGETSUBJALTNAMESFAILED);
+                }
+        }
+
+        state->certsRemaining = certsRemaining;
+        state->subjAltNameMatchAll = subjAltNameMatchAll;
+
+        PKIX_INCREF(certSelector);
+        state->certSelector = certSelector;
+
+        state->pathToNameList = pathToNameList;
+        pathToNameList = NULL;
+
+        state->extKeyUsageList = extKeyUsageList;
+        extKeyUsageList = NULL;
+
+        state->subjAltNameList = subjAltNameList;
+        subjAltNameList = NULL;
+
+        state->extKeyUsageOID = extKeyUsageOID;
+        extKeyUsageOID = NULL;
+
+        state->subjAltNameOID = subjAltNameOID;
+        subjAltNameOID = NULL;
+
+        *pState = state;
+        state = NULL;
+
+cleanup:
+        
+        PKIX_DECREF(extKeyUsageOID);
+        PKIX_DECREF(subjAltNameOID);
+        PKIX_DECREF(pathToNameList);
+        PKIX_DECREF(extKeyUsageList);
+        PKIX_DECREF(subjAltNameList);
+        PKIX_DECREF(state);
+
+        PKIX_DECREF(certSelectorParams);
+
+        PKIX_RETURN(TARGETCERTCHECKERSTATE);
+
+}
+
+/* --Private-TargetCertChecker-Functions------------------------------- */
+
+/*
+ * FUNCTION: pkix_TargetCertChecker_Check
+ * (see comments for PKIX_CertChainChecker_CheckCallback in pkix_checker.h)
+ */
+PKIX_Error *
+pkix_TargetCertChecker_Check(
+        PKIX_CertChainChecker *checker,
+        PKIX_PL_Cert *cert,
+        PKIX_List *unresolvedCriticalExtensions,
+        void **pNBIOContext,
+        void *plContext)
+{
+        pkix_TargetCertCheckerState *state = NULL;
+        PKIX_CertSelector_MatchCallback certSelectorMatch = NULL;
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        PKIX_List *certSubjAltNames = NULL;
+        PKIX_List *certExtKeyUsageList = NULL;
+        PKIX_PL_GeneralName *name = NULL;
+        PKIX_PL_X500Name *certSubjectName = NULL;
+        PKIX_Boolean checkPassed = PKIX_FALSE;
+        PKIX_UInt32 numItems, i;
+        PKIX_UInt32 matchCount = 0;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_TargetCertChecker_Check");
+        PKIX_NULLCHECK_THREE(checker, cert, pNBIOContext);
+
+        *pNBIOContext = NULL; /* we never block on pending I/O */
+
+        PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                    (checker, (PKIX_PL_Object **)&state, plContext),
+                    PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+        (state->certsRemaining)--;
+
+        if (state->pathToNameList != NULL) {
+
+                PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+                    (cert, &nameConstraints, plContext),
+                    PKIX_CERTGETNAMECONSTRAINTSFAILED);
+
+                /*
+                 * XXX We should either make the following call a public one
+                 * so it is legal to call from the portability layer or we
+                 * should try to create pathToNameList as CertNameConstraints
+                 * then call the existing check function.
+                 */
+                PKIX_CHECK(PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
+                    (state->pathToNameList,
+                    nameConstraints,
+                    &checkPassed,
+                    plContext),
+                    PKIX_CERTNAMECONSTRAINTSCHECKNAMEINNAMESPACEFAILED);
+
+                if (checkPassed != PKIX_TRUE) {
+                    PKIX_ERROR(PKIX_VALIDATIONFAILEDPATHTONAMECHECKFAILED);
+                }
+
+        }
+
+        PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames
+                    (cert, &certSubjAltNames, plContext),
+                    PKIX_CERTGETSUBJALTNAMESFAILED);
+
+        if (state->subjAltNameList != NULL && certSubjAltNames != NULL) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (state->subjAltNameList, &numItems, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < numItems; i++) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                            (state->subjAltNameList,
+                            i,
+                            (PKIX_PL_Object **) &name,
+                            plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(pkix_List_Contains
+                            (certSubjAltNames,
+                            (PKIX_PL_Object *) name,
+                            &checkPassed,
+                            plContext),
+                            PKIX_LISTCONTAINSFAILED);
+
+                        PKIX_DECREF(name);
+
+                        if (checkPassed == PKIX_TRUE) {
+
+                            if (state->subjAltNameMatchAll == PKIX_FALSE) {
+                                matchCount = numItems;
+                                break;
+                            } else {
+                                /* else continue checking next */
+                                matchCount++;
+                            }
+
+                        }
+                }
+
+                if (matchCount != numItems) {
+                        PKIX_ERROR(PKIX_SUBJALTNAMECHECKFAILED);
+
+                }
+        }
+
+        if (state->certsRemaining == 0) {
+
+            if (state->certSelector != NULL) {
+                PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
+                           (state->certSelector,
+                            &certSelectorMatch,
+                            plContext),
+                           PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
+
+                PKIX_CHECK(certSelectorMatch
+                           (state->certSelector,
+                            cert,
+                            plContext),
+                           PKIX_CERTSELECTORMATCHFAILED);
+            } else {
+                /* Check at least cert/key usages if target cert selector
+                 * is not set. */
+                PKIX_CHECK(PKIX_PL_Cert_VerifyCertAndKeyType(cert,
+                                         PKIX_FALSE  /* is chain cert*/,
+                                         plContext),
+                           PKIX_CERTVERIFYCERTTYPEFAILED);
+            }
+            /*
+             * There are two Extended Key Usage Checkings
+             * available :
+             * 1) here at the targetcertchecker where we
+             *    verify the Extended Key Usage OIDs application
+             *    specifies via ComCertSelParams are included
+             *    in Cert's Extended Key Usage OID's. Note,
+             *    this is an OID to OID comparison and only last
+             *    Cert is checked.
+             * 2) at user defined ekuchecker where checking
+             *    is applied to all Certs on the chain and
+             *    the NSS Extended Key Usage algorithm is
+             *    used. In order to invoke this checking, not
+             *    only does the ComCertSelparams needs to be
+             *    set, the EKU initialize call is required to
+             *    activate the checking.
+             *
+             * XXX We use the same ComCertSelParams Set/Get
+             * functions to set the parameters for both cases.
+             * We may want to separate them in the future.
+             */
+            
+            PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage
+                       (cert, &certExtKeyUsageList, plContext),
+                       PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
+            
+            
+            if (state->extKeyUsageList != NULL &&
+                certExtKeyUsageList != NULL) {
+                
+                PKIX_CHECK(PKIX_List_GetLength
+                           (state->extKeyUsageList, &numItems, plContext),
+                           PKIX_LISTGETLENGTHFAILED);
+                
+                for (i = 0; i < numItems; i++) {
+                    
+                    PKIX_CHECK(PKIX_List_GetItem
+                               (state->extKeyUsageList,
+                                i,
+                                (PKIX_PL_Object **) &name,
+                                plContext),
+                               PKIX_LISTGETITEMFAILED);
+                    
+                    PKIX_CHECK(pkix_List_Contains
+                               (certExtKeyUsageList,
+                                (PKIX_PL_Object *) name,
+                                &checkPassed,
+                                plContext),
+                               PKIX_LISTCONTAINSFAILED);
+                    
+                    PKIX_DECREF(name);
+                    
+                    if (checkPassed != PKIX_TRUE) {
+                        PKIX_ERROR
+                            (PKIX_EXTENDEDKEYUSAGECHECKINGFAILED);
+                        
+                    }
+                }
+            }
+        } else {
+            /* Check key usage and cert type based on certificate usage. */
+            PKIX_CHECK(PKIX_PL_Cert_VerifyCertAndKeyType(cert, PKIX_TRUE,
+                                                         plContext),
+                       PKIX_CERTVERIFYCERTTYPEFAILED);
+        }
+
+        /* Remove Critical Extension OID from list */
+        if (unresolvedCriticalExtensions != NULL) {
+
+                PKIX_CHECK(pkix_List_Remove
+                            (unresolvedCriticalExtensions,
+                            (PKIX_PL_Object *) state->extKeyUsageOID,
+                            plContext),
+                            PKIX_LISTREMOVEFAILED);
+
+                PKIX_CHECK(PKIX_PL_Cert_GetSubject
+                            (cert, &certSubjectName, plContext),
+                            PKIX_CERTGETSUBJECTFAILED);
+
+                if (certSubjAltNames != NULL) {
+                        PKIX_CHECK(pkix_List_Remove
+                            (unresolvedCriticalExtensions,
+                            (PKIX_PL_Object *) state->subjAltNameOID,
+                            plContext),
+                            PKIX_LISTREMOVEFAILED);
+                }
+
+        }
+
+cleanup:
+
+        PKIX_DECREF(name);
+        PKIX_DECREF(nameConstraints);
+        PKIX_DECREF(certSubjAltNames);
+        PKIX_DECREF(certExtKeyUsageList);
+        PKIX_DECREF(certSubjectName);
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+
+}
+
+/*
+ * FUNCTION: pkix_TargetCertChecker_Initialize
+ * DESCRIPTION:
+ *
+ *  Creates a new CertChainChecker and stores it at "pChecker", where it will
+ *  used by pkix_TargetCertChecker_Check to check that the final certificate
+ *  of a chain meets the criteria of the CertSelector pointed to by
+ *  "certSelector". The number of certs remaining in the chain, represented by
+ *  "certsRemaining" is used to initialize the checker's state.
+ *
+ * PARAMETERS:
+ *  "certSelector"
+ *      Address of CertSelector representing the criteria against which the
+ *      final certificate in a chain is to be matched. May be NULL.
+ *  "certsRemaining"
+ *      Number of certificates remaining in the chain.
+ *  "pChecker"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertChainChecker Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_TargetCertChecker_Initialize(
+        PKIX_CertSelector *certSelector,
+        PKIX_UInt32 certsRemaining,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext)
+{
+        pkix_TargetCertCheckerState *state = NULL;
+
+        PKIX_ENTER(CERTCHAINCHECKER, "pkix_TargetCertChecker_Initialize");
+        PKIX_NULLCHECK_ONE(pChecker);
+
+        PKIX_CHECK(pkix_TargetCertCheckerState_Create
+                    (certSelector, certsRemaining, &state, plContext),
+                    PKIX_TARGETCERTCHECKERSTATECREATEFAILED);
+
+        PKIX_CHECK(PKIX_CertChainChecker_Create
+                    (pkix_TargetCertChecker_Check,
+                    PKIX_FALSE,
+                    PKIX_FALSE,
+                    NULL,
+                    (PKIX_PL_Object *)state,
+                    pChecker,
+                    plContext),
+                    PKIX_CERTCHAINCHECKERCREATEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(CERTCHAINCHECKER);
+}
diff --git a/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h b/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h
new file mode 100755
index 0000000..4592d10
--- /dev/null
+++ b/nss/lib/libpkix/pkix/checker/pkix_targetcertchecker.h
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_targetcertchecker.h
+ *
+ * Header file for validate target cert function
+ *
+ */
+
+#ifndef _PKIX_TARGETCERTCHECKER_H
+#define _PKIX_TARGETCERTCHECKER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct pkix_TargetCertCheckerState pkix_TargetCertCheckerState;
+
+struct pkix_TargetCertCheckerState {
+        PKIX_CertSelector *certSelector;
+        PKIX_List *pathToNameList;
+        PKIX_List *extKeyUsageList; /* List of PKIX_PL_OID */
+        PKIX_List *subjAltNameList;
+        PKIX_Boolean subjAltNameMatchAll;
+        PKIX_UInt32 certsRemaining;
+        PKIX_PL_OID *extKeyUsageOID;
+        PKIX_PL_OID *subjAltNameOID;
+};
+
+PKIX_Error *
+pkix_TargetCertChecker_Initialize(
+        PKIX_CertSelector *certSelector,
+        PKIX_UInt32 certsRemaining,
+        PKIX_CertChainChecker **pChecker,
+        void *plContext);
+
+PKIX_Error *
+pkix_TargetCertCheckerState_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_TARGETCERTCHECKER_H */
diff --git a/nss/lib/libpkix/pkix/config.mk b/nss/lib/libpkix/pkix/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/crlsel/Makefile b/nss/lib/libpkix/pkix/crlsel/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/crlsel/config.mk b/nss/lib/libpkix/pkix/crlsel/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/crlsel/crlsel.gyp b/nss/lib/libpkix/pkix/crlsel/crlsel.gyp
new file mode 100644
index 0000000..894569e
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/crlsel.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixcrlsel',
+      'type': 'static_library',
+      'sources': [
+        'pkix_comcrlselparams.c',
+        'pkix_crlselector.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix/crlsel/exports.gyp b/nss/lib/libpkix/pkix/crlsel/exports.gyp
new file mode 100644
index 0000000..a7001ff
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/exports.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_crlsel_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_comcrlselparams.h',
+            'pkix_crlselector.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/crlsel/manifest.mn b/nss/lib/libpkix/pkix/crlsel/manifest.mn
new file mode 100755
index 0000000..8ea0f59
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/manifest.mn
@@ -0,0 +1,23 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_comcrlselparams.h \
+	pkix_crlselector.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_crlselector.c \
+	pkix_comcrlselparams.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixcrlsel
+
diff --git a/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c b/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c
new file mode 100755
index 0000000..90380c5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.c
@@ -0,0 +1,826 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_comcrlselparams.c
+ *
+ * ComCRLSelParams Function Definitions
+ *
+ */
+
+#include "pkix_comcrlselparams.h"
+
+/* --ComCRLSelParams-Private-Functions------------------------------------ */
+
+/*
+ * FUNCTION: pkix_ComCrlSelParams_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ComCRLSelParams *params = NULL;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+        params = (PKIX_ComCRLSelParams *)object;
+
+        PKIX_DECREF(params->issuerNames);
+        PKIX_DECREF(params->cert);
+        PKIX_DECREF(params->date);
+        PKIX_DECREF(params->maxCRLNumber);
+        PKIX_DECREF(params->minCRLNumber);
+        PKIX_DECREF(params->crldpList);
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of ComCRLSelParams
+ *  pointed to by "crlParams" and stores the result at "pString".
+ *
+ * PARAMETERS
+ *  "crlParams"
+ *      Address of ComCRLSelParams whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address of object pointer's destination. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLEntry Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_ToString_Helper(
+        PKIX_ComCRLSelParams *crlParams,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *crlIssuerNamesString = NULL;
+        PKIX_PL_String *crlDateString = NULL;
+        PKIX_PL_String *crlMaxCRLNumberString = NULL;
+        PKIX_PL_String *crlMinCRLNumberString = NULL;
+        PKIX_PL_String *crlCertString = NULL;
+        PKIX_PL_String *crlParamsString = NULL;
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString_Helper");
+        PKIX_NULLCHECK_TWO(crlParams, pString);
+
+        asciiFormat =
+                "\n\t[\n"
+                "\tIssuerNames:     %s\n"
+                "\tDate:            %s\n"
+                "\tmaxCRLNumber:    %s\n"
+                "\tminCRLNumber:    %s\n"
+                "\tCertificate:     %s\n"
+                "\t]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_TOSTRING
+                (crlParams->issuerNames, &crlIssuerNamesString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_TOSTRING(crlParams->date, &crlDateString, plContext,
+                PKIX_DATETOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (crlParams->maxCRLNumber, &crlMaxCRLNumberString, plContext,
+                PKIX_BIGINTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (crlParams->minCRLNumber, &crlMinCRLNumberString, plContext,
+                PKIX_BIGINTTOSTRINGFAILED);
+
+        PKIX_TOSTRING(crlParams->cert, &crlCertString, plContext,
+                PKIX_CERTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&crlParamsString,
+                    plContext,
+                    formatString,
+                    crlIssuerNamesString,
+                    crlDateString,
+                    crlMaxCRLNumberString,
+                    crlMinCRLNumberString,
+                    crlCertString),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = crlParamsString;
+
+cleanup:
+
+        PKIX_DECREF(crlIssuerNamesString);
+        PKIX_DECREF(crlDateString);
+        PKIX_DECREF(crlMaxCRLNumberString);
+        PKIX_DECREF(crlMinCRLNumberString);
+        PKIX_DECREF(crlCertString);
+        PKIX_DECREF(formatString);
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *crlParamsString = NULL;
+        PKIX_ComCRLSelParams *crlParams = NULL;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+        crlParams = (PKIX_ComCRLSelParams *) object;
+
+        PKIX_CHECK(pkix_ComCRLSelParams_ToString_Helper
+                    (crlParams, &crlParamsString, plContext),
+                    PKIX_COMCRLSELPARAMSTOSTRINGHELPERFAILED);
+
+        *pString = crlParamsString;
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_ComCRLSelParams *crlParams = NULL;
+        PKIX_UInt32 namesHash = 0;
+        PKIX_UInt32 certHash = 0;
+        PKIX_UInt32 dateHash = 0;
+        PKIX_UInt32 maxCRLNumberHash = 0;
+        PKIX_UInt32 minCRLNumberHash = 0;
+        PKIX_UInt32 hash = 0;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+        crlParams = (PKIX_ComCRLSelParams *)object;
+
+        PKIX_HASHCODE(crlParams->issuerNames, &namesHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(crlParams->cert, &certHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(crlParams->date, &dateHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(crlParams->maxCRLNumber, &maxCRLNumberHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(crlParams->minCRLNumber, &minCRLNumberHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+
+        hash = (((namesHash << 3) + certHash) << 3) + dateHash;
+        hash = (hash << 3) + maxCRLNumberHash + minCRLNumberHash;
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_ComCRLSelParams *firstCrlParams = NULL;
+        PKIX_ComCRLSelParams *secondCrlParams = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult = PKIX_FALSE;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a ComCRLSelParams */
+        PKIX_CHECK(pkix_CheckType
+                    (firstObject, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTCOMCRLSELPARAMS);
+
+        firstCrlParams = (PKIX_ComCRLSelParams *)firstObject;
+        secondCrlParams = (PKIX_ComCRLSelParams *)secondObject;
+
+        /*
+         * Since we know firstObject is a ComCRLSelParams, if both references
+         * are identical, they must be equal
+         */
+        if (firstCrlParams == secondCrlParams){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondComCRLSelParams isn't a ComCRLSelParams, we don't
+         * throw an error. We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    ((PKIX_PL_Object *)secondCrlParams, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        if (secondType != PKIX_COMCRLSELPARAMS_TYPE) {
+                goto cleanup;
+        }
+
+        /* Compare Issuer Names */
+        PKIX_EQUALS
+                    (firstCrlParams->issuerNames,
+                    secondCrlParams->issuerNames,
+                    &cmpResult,
+                    plContext,
+                    PKIX_LISTEQUALSFAILED);
+
+        if (cmpResult != PKIX_TRUE) {
+                goto cleanup;
+        }
+
+        /* Compare Date */
+        PKIX_EQUALS
+                    (firstCrlParams->date,
+                    secondCrlParams->date,
+                    &cmpResult,
+                    plContext,
+                    PKIX_DATEEQUALSFAILED);
+
+        if (cmpResult != PKIX_TRUE) {
+                goto cleanup;
+        }
+
+        /* Compare Max CRL Number */
+        PKIX_EQUALS
+                    (firstCrlParams->maxCRLNumber,
+                    secondCrlParams->maxCRLNumber,
+                    &cmpResult,
+                    plContext,
+                    PKIX_BIGINTEQUALSFAILED);
+
+        if (cmpResult != PKIX_TRUE) {
+                goto cleanup;
+        }
+
+        /* Compare Min CRL Number */
+        PKIX_EQUALS
+                    (firstCrlParams->minCRLNumber,
+                    secondCrlParams->minCRLNumber,
+                    &cmpResult,
+                    plContext,
+                    PKIX_BIGINTEQUALSFAILED);
+
+        if (cmpResult != PKIX_TRUE) {
+                goto cleanup;
+        }
+
+        /* Compare Cert */
+        PKIX_EQUALS
+                    (firstCrlParams->cert,
+                    secondCrlParams->cert,
+                    &cmpResult,
+                    plContext,
+                    PKIX_CERTEQUALSFAILED);
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCRLSelParams_Duplicate
+ * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ComCRLSelParams_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_ComCRLSelParams *old;
+        PKIX_ComCRLSelParams *new = NULL;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_COMCRLSELPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTCOMCRLSELPARAMS);
+
+        old = (PKIX_ComCRLSelParams *)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_COMCRLSELPARAMS_TYPE,
+                    (PKIX_UInt32)(sizeof (PKIX_ComCRLSelParams)),
+                    (PKIX_PL_Object **)&new,
+                    plContext),
+                    PKIX_OBJECTALLOCFAILED);
+
+        PKIX_DUPLICATE(old->cert, &new->cert, plContext,
+                    PKIX_OBJECTDUPLICATECERTFAILED);
+
+        PKIX_DUPLICATE(old->crldpList, &new->crldpList, plContext,
+                    PKIX_OBJECTDUPLICATECERTFAILED);
+
+        PKIX_DUPLICATE(old->issuerNames, &new->issuerNames, plContext,
+                    PKIX_OBJECTDUPLICATEISSUERNAMESFAILED);
+
+        PKIX_DUPLICATE(old->date, &new->date, plContext,
+                    PKIX_OBJECTDUPLICATEDATEFAILED);
+
+        PKIX_DUPLICATE(old->maxCRLNumber, &new->maxCRLNumber, plContext,
+                    PKIX_OBJECTDUPLICATEMAXCRLNUMBERFAILED);
+
+        PKIX_DUPLICATE(old->minCRLNumber, &new->minCRLNumber, plContext,
+                    PKIX_OBJECTDUPLICATEMINCRLNUMBERFAILED);
+
+        *pNewObject = (PKIX_PL_Object *)new;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(new);
+        }
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ComCrlSelParams_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_COMCRLSELPARAMS_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_ComCRLSelParams_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "pkix_ComCRLSelParams_RegisterSelf");
+
+        entry.description = "ComCRLSelParams";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_ComCRLSelParams);
+        entry.destructor = pkix_ComCRLSelParams_Destroy;
+        entry.equalsFunction = pkix_ComCRLSelParams_Equals;
+        entry.hashcodeFunction = pkix_ComCRLSelParams_Hashcode;
+        entry.toStringFunction = pkix_ComCRLSelParams_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_ComCRLSelParams_Duplicate;
+
+        systemClasses[PKIX_COMCRLSELPARAMS_TYPE] = entry;
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/* --ComCRLSelParams-Public-Functions------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_Create (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_Create(
+        PKIX_ComCRLSelParams **pParams,
+        void *plContext)
+{
+        PKIX_ComCRLSelParams *params = NULL;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_Create");
+        PKIX_NULLCHECK_ONE(pParams);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_COMCRLSELPARAMS_TYPE,
+                    sizeof (PKIX_ComCRLSelParams),
+                    (PKIX_PL_Object **)&params,
+                    plContext),
+                    PKIX_COULDNOTCREATECOMMONCRLSELECTORPARAMSOBJECT);
+
+        /* initialize fields */
+        params->issuerNames = NULL;
+        params->cert = NULL;
+        params->crldpList = NULL;
+        params->date = NULL;
+        params->nistPolicyEnabled = PKIX_TRUE;
+        params->maxCRLNumber = NULL;
+        params->minCRLNumber = NULL;
+
+        *pParams = params;
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetIssuerNames(
+        PKIX_ComCRLSelParams *params,
+        PKIX_List **pIssuerNames,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_GetIssuerNames");
+        PKIX_NULLCHECK_TWO(params, pIssuerNames);
+
+        PKIX_INCREF(params->issuerNames);
+
+        *pIssuerNames = params->issuerNames;
+
+cleanup:
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetIssuerNames(
+        PKIX_ComCRLSelParams *params,
+        PKIX_List *names,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_SetIssuerNames");
+        PKIX_NULLCHECK_ONE(params); /* allows null for names from spec */
+
+        PKIX_DECREF(params->issuerNames);
+
+        PKIX_INCREF(names); /* if NULL, allows to reset for no action */
+
+        params->issuerNames = names;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_AddIssuerName(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_X500Name *name,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+
+        PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_AddIssuerName");
+        PKIX_NULLCHECK_ONE(params);
+
+        if (name != NULL) {
+
+                if (params->issuerNames == NULL) {
+
+                    PKIX_CHECK(PKIX_List_Create(&list, plContext),
+                        PKIX_LISTCREATEFAILED);
+                        params->issuerNames = list;
+                }
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                    (params->issuerNames, (PKIX_PL_Object *)name, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        }
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetCertificateChecking(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Cert **pCert,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_GetCertificateChecking");
+        PKIX_NULLCHECK_TWO(params, pCert);
+
+        PKIX_INCREF(params->cert);
+
+        *pCert = params->cert;
+
+cleanup:
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetCertificateChecking(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Cert *cert,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_SetCertificateChecking");
+        PKIX_NULLCHECK_ONE(params); /* allows cert to be NULL from spec */
+
+        PKIX_DECREF(params->cert);
+
+        PKIX_INCREF(cert);
+
+        params->cert = cert;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetDateAndTime(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_GetDateAndTime");
+        PKIX_NULLCHECK_TWO(params, pDate);
+
+        PKIX_INCREF(params->date);
+
+        *pDate = params->date;
+
+cleanup:
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetDateAndTime(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_Date *date,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_SetDateAndTime");
+        PKIX_NULLCHECK_ONE(params); /* allows date to be NULL from spec */
+
+        PKIX_DECREF (params->date);
+
+        PKIX_INCREF(date);
+
+        params->date = date;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
+        PKIX_ComCRLSelParams *params,
+        PKIX_Boolean *pEnabled,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_GetNISTPolicyEnabled");
+        PKIX_NULLCHECK_TWO(params, pEnabled);
+
+        *pEnabled = params->nistPolicyEnabled;
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
+        PKIX_ComCRLSelParams *params,
+        PKIX_Boolean enabled,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_SetNISTPolicyEnabled");
+        PKIX_NULLCHECK_ONE(params); /* allows date to be NULL from spec */
+
+        params->nistPolicyEnabled = enabled;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMaxCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt **pMaxCRLNumber,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_GetMaxCRLNumber");
+        PKIX_NULLCHECK_TWO(params, pMaxCRLNumber);
+
+        PKIX_INCREF(params->maxCRLNumber);
+
+        *pMaxCRLNumber = params->maxCRLNumber;
+
+cleanup:
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMaxCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt *maxCRLNumber,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_SetMaxCRLNumber");
+        PKIX_NULLCHECK_ONE(params); /* maxCRLNumber can be NULL - from spec */
+
+        PKIX_DECREF(params->maxCRLNumber);
+
+        PKIX_INCREF(maxCRLNumber);
+
+        params->maxCRLNumber = maxCRLNumber;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_GetMinCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt **pMinCRLNumber,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_GetMinCRLNumber");
+        PKIX_NULLCHECK_TWO(params, pMinCRLNumber);
+
+        PKIX_INCREF(params->minCRLNumber);
+
+        *pMinCRLNumber = params->minCRLNumber;
+
+cleanup:
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_ComCRLSelParams_SetMinCRLNumber(
+        PKIX_ComCRLSelParams *params,
+        PKIX_PL_BigInt *minCRLNumber,
+        void *plContext)
+{
+        PKIX_ENTER(COMCRLSELPARAMS,
+                    "PKIX_ComCRLSelParams_SetMinCRLNumber");
+        PKIX_NULLCHECK_ONE(params); /* minCRLNumber can be NULL - from spec */
+
+        PKIX_DECREF(params->minCRLNumber);
+
+        PKIX_INCREF(minCRLNumber);
+
+        params->minCRLNumber = minCRLNumber;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
+
+
+PKIX_Error*
+PKIX_ComCRLSelParams_SetCrlDp(
+         PKIX_ComCRLSelParams *params,
+         PKIX_List *crldpList,
+         void *plContext)
+{
+    PKIX_ENTER(COMCRLSELPARAMS, "PKIX_ComCRLSelParams_SetCrlDp");
+    PKIX_NULLCHECK_ONE(params); /* minCRLNumber can be NULL - from spec */
+
+    PKIX_INCREF(crldpList);
+    params->crldpList = crldpList;
+
+    PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+               ((PKIX_PL_Object *)params, plContext),
+               PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+
+        PKIX_RETURN(COMCRLSELPARAMS);
+}
diff --git a/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h b/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h
new file mode 100755
index 0000000..0835137
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/pkix_comcrlselparams.h
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_comcrlselparams.h
+ *
+ * ComCrlSelParams Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_COMCRLSELPARAMS_H
+#define _PKIX_COMCRLSELPARAMS_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ComCRLSelParamsStruct {
+        PKIX_List *issuerNames; /* list of PKIX_PL_X500Name */
+        PKIX_PL_Cert *cert; /* certificate being checked */
+        PKIX_List *crldpList;
+        PKIX_PL_Date *date;
+        PKIX_Boolean nistPolicyEnabled;
+        PKIX_PL_BigInt *maxCRLNumber;
+        PKIX_PL_BigInt *minCRLNumber;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ComCRLSelParams_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_COMCRLSELPARAMS_H */
diff --git a/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c
new file mode 100755
index 0000000..e9a9c03
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c
@@ -0,0 +1,870 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_crlselector.c
+ *
+ * CRLSelector Function Definitions
+ *
+ */
+
+#include "pkix_crlselector.h"
+
+/* --CRLSelector Private-Functions-------------------------------------- */
+
+/*
+ * FUNCTION: pkix_CRLSelector_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_CRLSelector *selector = NULL;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
+                    PKIX_OBJECTNOTCRLSELECTOR);
+
+        selector = (PKIX_CRLSelector *)object;
+
+        selector->matchCallback = NULL;
+
+        PKIX_DECREF(selector->params);
+        PKIX_DECREF(selector->context);
+
+cleanup:
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_ToString_Helper
+ *
+ * DESCRIPTION:
+ *  Helper function that creates a string representation of CRLSelector
+ *  pointed to by "crlParams" and stores its address in the object pointed to
+ *  by "pString".
+ *
+ * PARAMETERS
+ *  "list"
+ *      Address of CRLSelector whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address of object pointer's destination. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CRLSelector_ToString_Helper(
+        PKIX_CRLSelector *crlSelector,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *crlSelectorString = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *crlParamsString = NULL;
+        PKIX_PL_String *crlContextString = NULL;
+        char *asciiFormat = NULL;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString_Helper");
+        PKIX_NULLCHECK_TWO(crlSelector, pString);
+        PKIX_NULLCHECK_ONE(crlSelector->params);
+
+        asciiFormat =
+                "\n\t[\n"
+                "\tMatchCallback: 0x%x\n"
+                "\tParams:          %s\n"
+                "\tContext:         %s\n"
+                "\t]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        /* Params */
+        PKIX_TOSTRING
+                    ((PKIX_PL_Object *)crlSelector->params,
+                    &crlParamsString,
+                    plContext,
+                    PKIX_COMCRLSELPARAMSTOSTRINGFAILED);
+
+        /* Context */
+        PKIX_TOSTRING(crlSelector->context, &crlContextString, plContext,
+                    PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&crlSelectorString,
+                    plContext,
+                    formatString,
+                    crlSelector->matchCallback,
+                    crlParamsString,
+                    crlContextString),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = crlSelectorString;
+
+cleanup:
+
+        PKIX_DECREF(crlParamsString);
+        PKIX_DECREF(crlContextString);
+        PKIX_DECREF(formatString);
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *crlSelectorString = NULL;
+        PKIX_CRLSelector *crlSelector = NULL;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
+                    PKIX_OBJECTNOTCRLSELECTOR);
+
+        crlSelector = (PKIX_CRLSelector *) object;
+
+        PKIX_CHECK(pkix_CRLSelector_ToString_Helper
+                    (crlSelector, &crlSelectorString, plContext),
+                    PKIX_CRLSELECTORTOSTRINGHELPERFAILED);
+
+        *pString = crlSelectorString;
+
+cleanup:
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_UInt32 paramsHash = 0;
+        PKIX_UInt32 contextHash = 0;
+        PKIX_UInt32 hash = 0;
+
+        PKIX_CRLSelector *crlSelector = NULL;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLSELECTOR_TYPE, plContext),
+                    PKIX_OBJECTNOTCRLSELECTOR);
+
+        crlSelector = (PKIX_CRLSelector *)object;
+
+        PKIX_HASHCODE(crlSelector->params, &paramsHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(crlSelector->context, &contextHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) +
+                    (contextHash << 3)) + paramsHash;
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_CRLSelector *firstCrlSelector = NULL;
+        PKIX_CRLSelector *secondCrlSelector = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult = PKIX_FALSE;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CRLSelector */
+        PKIX_CHECK(pkix_CheckType
+                    (firstObject, PKIX_CRLSELECTOR_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTCRLSELECTOR);
+
+        firstCrlSelector = (PKIX_CRLSelector *)firstObject;
+        secondCrlSelector = (PKIX_CRLSelector *)secondObject;
+
+        /*
+         * Since we know firstObject is a CRLSelector, if both references are
+         * identical, they must be equal
+         */
+        if (firstCrlSelector == secondCrlSelector){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondCRLSelector isn't a CRLSelector, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    ((PKIX_PL_Object *)secondCrlSelector,
+                    &secondType,
+                    plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        if (secondType != PKIX_CRLSELECTOR_TYPE) {
+                goto cleanup;
+        }
+
+        /* Compare MatchCallback address */
+        cmpResult = (firstCrlSelector->matchCallback ==
+                    secondCrlSelector->matchCallback);
+
+        if (cmpResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        /* Compare Common CRL Selector Params */
+        PKIX_EQUALS
+                (firstCrlSelector->params,
+                secondCrlSelector->params,
+                &cmpResult,
+                plContext,
+                PKIX_COMCRLSELPARAMSEQUALSFAILED);
+
+
+        if (cmpResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        /* Compare Context */
+        PKIX_EQUALS
+                (firstCrlSelector->context,
+                secondCrlSelector->context,
+                &cmpResult,
+                plContext,
+                PKIX_COMCRLSELPARAMSEQUALSFAILED);
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Duplicate
+ * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CRLSelector_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_CRLSelector *old;
+        PKIX_CRLSelector *new = NULL;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_CRLSELECTOR_TYPE, plContext),
+                    PKIX_OBJECTNOTCRLSELECTOR);
+
+        old = (PKIX_CRLSelector *)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CRLSELECTOR_TYPE,
+                    (PKIX_UInt32)(sizeof (PKIX_CRLSelector)),
+                    (PKIX_PL_Object **)&new,
+                    plContext),
+                    PKIX_CREATECRLSELECTORDUPLICATEOBJECTFAILED);
+
+        new->matchCallback = old->matchCallback;
+
+        PKIX_DUPLICATE(old->params, &new->params, plContext,
+                    PKIX_OBJECTDUPLICATEPARAMSFAILED);
+
+        PKIX_DUPLICATE(old->context, &new->context, plContext,
+                PKIX_OBJECTDUPLICATECONTEXTFAILED);
+
+        *pNewObject = (PKIX_PL_Object *)new;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(new);
+        }
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_DefaultMatch
+ *
+ * DESCRIPTION:
+ *  This function compares the parameter values (Issuer, date, and CRL number)
+ *  set in the ComCRLSelParams of the CRLSelector pointed to by "selector" with
+ *  the corresponding values in the CRL pointed to by "crl". When all the
+ *  criteria set in the parameter values match the values in "crl", PKIX_TRUE is
+ *  stored at "pMatch". If the CRL does not match the CRLSelector's criteria,
+ *  PKIX_FALSE is stored at "pMatch".
+ *
+ * PARAMETERS
+ *  "selector"
+ *      Address of CRLSelector which is verified for a match
+ *      Must be non-NULL.
+ *  "crl"
+ *      Address of the CRL object to be verified. Must be non-NULL.
+ *  "pMatch"
+ *      Address at which Boolean result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CRLSelector_DefaultMatch(
+        PKIX_CRLSelector *selector,
+        PKIX_PL_CRL *crl,
+        PKIX_Boolean *pMatch,
+        void *plContext)
+{
+        PKIX_ComCRLSelParams *params = NULL;
+        PKIX_PL_X500Name *crlIssuerName = NULL;
+        PKIX_PL_X500Name *issuerName = NULL;
+        PKIX_List *selIssuerNames = NULL;
+        PKIX_PL_Date *selDate = NULL;
+        PKIX_Boolean result = PKIX_TRUE;
+        PKIX_UInt32 numIssuers = 0;
+        PKIX_UInt32 i;
+        PKIX_PL_BigInt *minCRLNumber = NULL;
+        PKIX_PL_BigInt *maxCRLNumber = NULL;
+        PKIX_PL_BigInt *crlNumber = NULL;
+        PKIX_Boolean nistPolicyEnabled = PKIX_FALSE;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_DefaultMatch");
+        PKIX_NULLCHECK_TWO(selector, crl);
+
+        *pMatch = PKIX_TRUE;
+        params = selector->params;
+
+        /* No matching parameter provided, just a match */
+        if (params == NULL) {
+                goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames
+                    (params, &selIssuerNames, plContext),
+                    PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);
+
+        /* Check for Issuers */
+        if (selIssuerNames != NULL){
+
+                result = PKIX_FALSE;
+
+                PKIX_CHECK(PKIX_PL_CRL_GetIssuer
+                            (crl, &crlIssuerName, plContext),
+                            PKIX_CRLGETISSUERFAILED);
+
+                PKIX_CHECK(PKIX_List_GetLength
+                            (selIssuerNames, &numIssuers, plContext),
+                            PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < numIssuers; i++){
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                                    (selIssuerNames,
+                                    i,
+                                    (PKIX_PL_Object **)&issuerName,
+                                    plContext),
+                                    PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(PKIX_PL_X500Name_Match
+                                    (crlIssuerName,
+                                    issuerName,
+                                    &result,
+                                    plContext),
+                                    PKIX_X500NAMEMATCHFAILED);
+
+                        PKIX_DECREF(issuerName);
+
+                        if (result == PKIX_TRUE) {
+                                break;
+                        }
+                }
+
+                if (result == PKIX_FALSE) {
+                        PKIX_CRLSELECTOR_DEBUG("Issuer Match Failed\N");
+                        *pMatch = PKIX_FALSE;
+                        goto cleanup;
+                }
+
+        }
+
+        PKIX_CHECK(PKIX_ComCRLSelParams_GetDateAndTime
+                    (params, &selDate, plContext),
+                    PKIX_COMCRLSELPARAMSGETDATEANDTIMEFAILED);
+
+        /* Check for Date */
+        if (selDate != NULL){
+
+                PKIX_CHECK(PKIX_ComCRLSelParams_GetNISTPolicyEnabled
+                            (params, &nistPolicyEnabled, plContext),
+                           PKIX_COMCRLSELPARAMSGETNISTPOLICYENABLEDFAILED);
+
+                /* check crl dates only for if NIST policies enforced */
+                if (nistPolicyEnabled) {
+                        result = PKIX_FALSE;
+                    
+                        PKIX_CHECK(PKIX_PL_CRL_VerifyUpdateTime
+                                   (crl, selDate, &result, plContext),
+                                   PKIX_CRLVERIFYUPDATETIMEFAILED);
+                    
+                        if (result == PKIX_FALSE) {
+                                *pMatch = PKIX_FALSE;
+                                goto cleanup;
+                        }
+                }
+
+        }
+
+        /* Check for CRL number in range */
+        PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber(crl, &crlNumber, plContext),
+                    PKIX_CRLGETCRLNUMBERFAILED);
+
+        if (crlNumber != NULL) {
+                result = PKIX_FALSE;
+
+                PKIX_CHECK(PKIX_ComCRLSelParams_GetMinCRLNumber
+                            (params, &minCRLNumber, plContext),
+                            PKIX_COMCRLSELPARAMSGETMINCRLNUMBERFAILED);
+
+                if (minCRLNumber != NULL) {
+
+                        PKIX_CHECK(PKIX_PL_Object_Compare
+                                    ((PKIX_PL_Object *)minCRLNumber,
+                                    (PKIX_PL_Object *)crlNumber,
+                                    &result,
+                                    plContext),
+                                    PKIX_OBJECTCOMPARATORFAILED);
+
+                        if (result == 1) {
+                                PKIX_CRLSELECTOR_DEBUG
+					("CRL MinNumber Range Match Failed\n");
+                        	*pMatch = PKIX_FALSE;
+	                        goto cleanup;
+                        }
+                }
+
+                PKIX_CHECK(PKIX_ComCRLSelParams_GetMaxCRLNumber
+                            (params, &maxCRLNumber, plContext),
+                            PKIX_COMCRLSELPARAMSGETMAXCRLNUMBERFAILED);
+
+                if (maxCRLNumber != NULL) {
+
+                        PKIX_CHECK(PKIX_PL_Object_Compare
+                                    ((PKIX_PL_Object *)crlNumber,
+                                    (PKIX_PL_Object *)maxCRLNumber,
+                                    &result,
+                                    plContext),
+                                    PKIX_OBJECTCOMPARATORFAILED);
+
+                        if (result == 1) {
+                               PKIX_CRLSELECTOR_DEBUG 
+					(PKIX_CRLMAXNUMBERRANGEMATCHFAILED);
+                        	*pMatch = PKIX_FALSE;
+	                        goto cleanup;
+                        }
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(selIssuerNames);
+        PKIX_DECREF(selDate);
+        PKIX_DECREF(crlIssuerName);
+        PKIX_DECREF(issuerName);
+        PKIX_DECREF(crlNumber);
+        PKIX_DECREF(minCRLNumber);
+        PKIX_DECREF(maxCRLNumber);
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CRLSELECTOR_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_CRLSelector_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CRLSELECTOR, "pkix_CRLSelector_RegisterSelf");
+
+        entry.description = "CRLSelector";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_CRLSelector);
+        entry.destructor = pkix_CRLSelector_Destroy;
+        entry.equalsFunction = pkix_CRLSelector_Equals;
+        entry.hashcodeFunction = pkix_CRLSelector_Hashcode;
+        entry.toStringFunction = pkix_CRLSelector_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_CRLSelector_Duplicate;
+
+        systemClasses[PKIX_CRLSELECTOR_TYPE] = entry;
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/* --CRLSelector-Public-Functions---------------------------------------- */
+PKIX_Error *
+pkix_CRLSelector_Create(
+        PKIX_CRLSelector_MatchCallback callback,
+        PKIX_PL_Object *crlSelectorContext,
+        PKIX_CRLSelector **pSelector,
+        void *plContext)
+{
+        PKIX_CRLSelector *selector = NULL;
+
+        PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Create");
+        PKIX_NULLCHECK_ONE(pSelector);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CRLSELECTOR_TYPE,
+                    sizeof (PKIX_CRLSelector),
+                    (PKIX_PL_Object **)&selector,
+                    plContext),
+                    PKIX_COULDNOTCREATECRLSELECTOROBJECT);
+
+        /*
+         * if user specified a particular match callback, we use that one.
+         * otherwise, we use the default match provided.
+         */
+
+        if (callback != NULL){
+                selector->matchCallback = callback;
+        } else {
+                selector->matchCallback = pkix_CRLSelector_DefaultMatch;
+        }
+
+        /* initialize other fields */
+        selector->params = NULL;
+
+        PKIX_INCREF(crlSelectorContext);
+        selector->context = crlSelectorContext;
+
+        *pSelector = selector;
+        selector = NULL;
+
+cleanup:
+
+        PKIX_DECREF(selector);
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_Create (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_Create(
+        PKIX_PL_Cert *issuer,
+        PKIX_List *crldpList,
+        PKIX_PL_Date *date,
+        PKIX_CRLSelector **pCrlSelector,
+        void *plContext)
+{
+    PKIX_PL_X500Name *issuerName = NULL;
+    PKIX_PL_Date *nowDate = NULL;
+    PKIX_ComCRLSelParams *comCrlSelParams = NULL;
+    PKIX_CRLSelector *crlSelector = NULL;
+
+    PKIX_ENTER(CERTCHAINCHECKER, "PKIX_CrlSelector_Create");
+    PKIX_NULLCHECK_ONE(issuer);
+
+    PKIX_CHECK( 
+        PKIX_PL_Cert_GetSubject(issuer, &issuerName, plContext),
+        PKIX_CERTGETISSUERFAILED);
+
+    if (date != NULL) {
+            PKIX_INCREF(date);
+            nowDate = date;
+    } else {
+        PKIX_CHECK(
+                PKIX_PL_Date_Create_UTCTime(NULL, &nowDate, plContext),
+                PKIX_DATECREATEUTCTIMEFAILED);
+    }
+
+    PKIX_CHECK(
+        PKIX_ComCRLSelParams_Create(&comCrlSelParams, plContext),
+            PKIX_COMCRLSELPARAMSCREATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_ComCRLSelParams_AddIssuerName(comCrlSelParams, issuerName,
+                                           plContext),
+        PKIX_COMCRLSELPARAMSADDISSUERNAMEFAILED);
+
+    PKIX_CHECK(
+        PKIX_ComCRLSelParams_SetCrlDp(comCrlSelParams, crldpList,
+                                      plContext),
+        PKIX_COMCRLSELPARAMSSETCERTFAILED);
+
+    PKIX_CHECK(
+        PKIX_ComCRLSelParams_SetDateAndTime(comCrlSelParams, nowDate,
+                                            plContext),
+        PKIX_COMCRLSELPARAMSSETDATEANDTIMEFAILED);
+
+    PKIX_CHECK(
+        pkix_CRLSelector_Create(NULL, NULL, &crlSelector, plContext),
+        PKIX_CRLSELECTORCREATEFAILED);
+
+    PKIX_CHECK(
+        PKIX_CRLSelector_SetCommonCRLSelectorParams(crlSelector,
+                                                    comCrlSelParams,
+                                                    plContext),
+        PKIX_CRLSELECTORSETCOMMONCRLSELECTORPARAMSFAILED);
+
+    *pCrlSelector = crlSelector;
+    crlSelector = NULL;
+
+cleanup:
+
+    PKIX_DECREF(issuerName);
+    PKIX_DECREF(nowDate);
+    PKIX_DECREF(comCrlSelParams);
+    PKIX_DECREF(crlSelector);
+
+    PKIX_RETURN(CERTCHAINCHECKER);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetMatchCallback (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetMatchCallback(
+        PKIX_CRLSelector *selector,
+        PKIX_CRLSelector_MatchCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetMatchCallback");
+        PKIX_NULLCHECK_TWO(selector, pCallback);
+
+        *pCallback = selector->matchCallback;
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCRLSelectorContext(
+        PKIX_CRLSelector *selector,
+        void **pCrlSelectorContext,
+        void *plContext)
+{
+        PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCRLSelectorContext");
+        PKIX_NULLCHECK_TWO(selector, pCrlSelectorContext);
+
+        PKIX_INCREF(selector->context);
+
+        *pCrlSelectorContext = selector->context;
+
+cleanup:
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_GetCommonCRLSelectorParams(
+        PKIX_CRLSelector *selector,
+        PKIX_ComCRLSelParams **pParams,
+        void *plContext)
+{
+        PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_GetCommonCRLSelectorParams");
+        PKIX_NULLCHECK_TWO(selector, pParams);
+
+        PKIX_INCREF(selector->params);
+
+        *pParams = selector->params;
+
+cleanup:
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
+ * (see comments in pkix_crlsel.h)
+ */
+PKIX_Error *
+PKIX_CRLSelector_SetCommonCRLSelectorParams(
+        PKIX_CRLSelector *selector,
+        PKIX_ComCRLSelParams *params,
+        void *plContext)
+{
+        PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_SetCommonCRLSelectorParams");
+        PKIX_NULLCHECK_TWO(selector, params);
+
+        PKIX_DECREF(selector->params);
+
+        PKIX_INCREF(params);
+        selector->params = params;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)selector, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CRLSELECTOR);
+}
+
+/*
+ * FUNCTION: pkix_CRLSelector_Select
+ * DESCRIPTION:
+ *
+ *  This function applies the selector pointed to by "selector" to each CRL,
+ *  in turn, in the List pointed to by "before", and creates a List containing
+ *  all the CRLs that matched, or passed the selection process, storing that
+ *  List at "pAfter". If no CRLs match, an empty List is stored at "pAfter".
+ *
+ *  The List returned in "pAfter" is immutable.
+ *
+ * PARAMETERS:
+ *  "selector"
+ *      Address of CRLSelelector to be applied to the List. Must be non-NULL.
+ *  "before"
+ *      Address of List that is to be filtered. Must be non-NULL.
+ *  "pAfter"
+ *      Address at which resulting List, possibly empty, is stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLSelector Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CRLSelector_Select(
+	PKIX_CRLSelector *selector,
+	PKIX_List *before,
+	PKIX_List **pAfter,
+	void *plContext)
+{
+	PKIX_Boolean match = PKIX_FALSE;
+	PKIX_UInt32 numBefore = 0;
+	PKIX_UInt32 i = 0;
+	PKIX_List *filtered = NULL;
+	PKIX_PL_CRL *candidate = NULL;
+
+        PKIX_ENTER(CRLSELECTOR, "PKIX_CRLSelector_Select");
+        PKIX_NULLCHECK_THREE(selector, before, pAfter);
+
+        PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(before, &numBefore, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (i = 0; i < numBefore; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (before, i, (PKIX_PL_Object **)&candidate, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK_ONLY_FATAL(selector->matchCallback
+                        (selector, candidate, &match, plContext),
+                        PKIX_CRLSELECTORMATCHCALLBACKFAILED);
+
+                if (!(PKIX_ERROR_RECEIVED) && match == PKIX_TRUE) {
+
+                        PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
+                                (filtered,
+                                (PKIX_PL_Object *)candidate,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                }
+
+                pkixTempErrorReceived = PKIX_FALSE;
+                PKIX_DECREF(candidate);
+        }
+
+        PKIX_CHECK(PKIX_List_SetImmutable(filtered, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        /* Don't throw away the list if one CRL was bad! */
+        pkixTempErrorReceived = PKIX_FALSE;
+
+        *pAfter = filtered;
+        filtered = NULL;
+
+cleanup:
+
+        PKIX_DECREF(filtered);
+        PKIX_DECREF(candidate);
+
+        PKIX_RETURN(CRLSELECTOR);
+
+}
diff --git a/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h b/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h
new file mode 100755
index 0000000..4f44cc7
--- /dev/null
+++ b/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_crlselector.h
+ *
+ * CrlSelector Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_CRLSELECTOR_H
+#define _PKIX_CRLSELECTOR_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_CRLSelectorStruct {
+        PKIX_CRLSelector_MatchCallback matchCallback;
+        PKIX_ComCRLSelParams *params;
+        PKIX_PL_Object *context;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_CRLSelector_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_CRLSelector_Select(
+	PKIX_CRLSelector *selector,
+	PKIX_List *before,
+	PKIX_List **pAfter,
+	void *plContext);
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_CRLSELECTOR_H */
diff --git a/nss/lib/libpkix/pkix/manifest.mn b/nss/lib/libpkix/pkix/manifest.mn
new file mode 100755
index 0000000..dcb6f0c
--- /dev/null
+++ b/nss/lib/libpkix/pkix/manifest.mn
@@ -0,0 +1,11 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../..
+DEPTH      = ../../..
+
+#
+DIRS =  certsel crlsel checker params results store top util \
+	$(NULL)
+
diff --git a/nss/lib/libpkix/pkix/params/Makefile b/nss/lib/libpkix/pkix/params/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/params/config.mk b/nss/lib/libpkix/pkix/params/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/params/exports.gyp b/nss/lib/libpkix/pkix/params/exports.gyp
new file mode 100644
index 0000000..921f2ce
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/exports.gyp
@@ -0,0 +1,28 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_params_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_procparams.h',
+            'pkix_resourcelimits.h',
+            'pkix_trustanchor.h',
+            'pkix_valparams.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/params/manifest.mn b/nss/lib/libpkix/pkix/params/manifest.mn
new file mode 100755
index 0000000..f26e588
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/manifest.mn
@@ -0,0 +1,27 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_procparams.h \
+	pkix_trustanchor.h \
+	pkix_valparams.h \
+	pkix_resourcelimits.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_trustanchor.c \
+	pkix_procparams.c \
+	pkix_valparams.c \
+	pkix_resourcelimits.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixparams
+
diff --git a/nss/lib/libpkix/pkix/params/params.gyp b/nss/lib/libpkix/pkix/params/params.gyp
new file mode 100644
index 0000000..a1463c4
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/params.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixparams',
+      'type': 'static_library',
+      'sources': [
+        'pkix_procparams.c',
+        'pkix_resourcelimits.c',
+        'pkix_trustanchor.c',
+        'pkix_valparams.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix/params/pkix_procparams.c b/nss/lib/libpkix/pkix/params/pkix_procparams.c
new file mode 100755
index 0000000..260b007
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_procparams.c
@@ -0,0 +1,1417 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_procparams.c
+ *
+ * ProcessingParams Object Functions
+ *
+ */
+
+#include "pkix_procparams.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ProcessingParams *params = NULL;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a processing params object */
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+        params = (PKIX_ProcessingParams *)object;
+
+        PKIX_DECREF(params->trustAnchors);
+        PKIX_DECREF(params->hintCerts);
+        PKIX_DECREF(params->constraints);
+        PKIX_DECREF(params->date);
+        PKIX_DECREF(params->initialPolicies);
+        PKIX_DECREF(params->certChainCheckers);
+        PKIX_DECREF(params->revChecker);
+        PKIX_DECREF(params->certStores);
+        PKIX_DECREF(params->resourceLimits);
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_ProcessingParams *firstProcParams = NULL;
+        PKIX_ProcessingParams *secondProcParams = NULL;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_CheckType(first, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTPROCESSINGPARAMS);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_PROCESSINGPARAMS_TYPE) goto cleanup;
+
+        firstProcParams = (PKIX_ProcessingParams *)first;
+        secondProcParams = (PKIX_ProcessingParams *)second;
+
+        /* Do the simplest tests first */
+        if ((firstProcParams->qualifiersRejected) !=
+            (secondProcParams->qualifiersRejected)) {
+                goto cleanup;
+        }
+
+        if (firstProcParams->isCrlRevocationCheckingEnabled !=
+            secondProcParams->isCrlRevocationCheckingEnabled) {
+                goto cleanup;
+        }
+        if (firstProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy !=
+            secondProcParams->isCrlRevocationCheckingEnabledWithNISTPolicy) {
+                goto cleanup;
+        }
+
+        /* trustAnchors can never be NULL */
+
+        PKIX_EQUALS
+                (firstProcParams->trustAnchors,
+                secondProcParams->trustAnchors,
+                &cmpResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        PKIX_EQUALS
+                (firstProcParams->hintCerts,
+                secondProcParams->hintCerts,
+                &cmpResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        PKIX_EQUALS
+                (firstProcParams->date,
+                secondProcParams->date,
+                &cmpResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        PKIX_EQUALS
+                (firstProcParams->constraints,
+                secondProcParams->constraints,
+                &cmpResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        PKIX_EQUALS
+                (firstProcParams->initialPolicies,
+                secondProcParams->initialPolicies,
+                &cmpResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        /* There is no Equals function for CertChainCheckers */
+
+        PKIX_EQUALS
+                    ((PKIX_PL_Object *)firstProcParams->certStores,
+                    (PKIX_PL_Object *)secondProcParams->certStores,
+                    &cmpResult,
+                    plContext,
+                    PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        PKIX_EQUALS
+                (firstProcParams->resourceLimits,
+                secondProcParams->resourceLimits,
+                &cmpResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (cmpResult == PKIX_FALSE) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_ProcessingParams *procParams = NULL;
+        PKIX_UInt32 hash = 0;
+        PKIX_UInt32 anchorsHash = 0;
+        PKIX_UInt32 hintCertsHash = 0;
+        PKIX_UInt32 dateHash = 0;
+        PKIX_UInt32 constraintsHash = 0;
+        PKIX_UInt32 initialHash = 0;
+        PKIX_UInt32 rejectedHash = 0;
+        PKIX_UInt32 certChainCheckersHash = 0;
+        PKIX_UInt32 revCheckerHash = 0;
+        PKIX_UInt32 certStoresHash = 0;
+        PKIX_UInt32 resourceLimitsHash = 0;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+        procParams = (PKIX_ProcessingParams*)object;
+
+        PKIX_HASHCODE(procParams->trustAnchors, &anchorsHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(procParams->hintCerts, &hintCertsHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(procParams->date, &dateHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(procParams->constraints, &constraintsHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(procParams->initialPolicies, &initialHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        rejectedHash = procParams->qualifiersRejected;
+
+        /* There is no Hash function for CertChainCheckers */
+
+        PKIX_HASHCODE(procParams->certStores, &certStoresHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE(procParams->resourceLimits,
+                &resourceLimitsHash,
+                plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        hash = (31 * ((31 * anchorsHash) + hintCertsHash + dateHash)) +
+                constraintsHash + initialHash + rejectedHash;
+
+        hash += ((((certStoresHash + resourceLimitsHash) << 7) +
+                certChainCheckersHash + revCheckerHash +
+                procParams->isCrlRevocationCheckingEnabled +
+                procParams->isCrlRevocationCheckingEnabledWithNISTPolicy) << 7);
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_ProcessingParams *procParams = NULL;
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *procParamsString = NULL;
+        PKIX_PL_String *anchorsString = NULL;
+        PKIX_PL_String *dateString = NULL;
+        PKIX_PL_String *constraintsString = NULL;
+        PKIX_PL_String *InitialPoliciesString = NULL;
+        PKIX_PL_String *qualsRejectedString = NULL;
+        PKIX_List *certStores = NULL;
+        PKIX_PL_String *certStoresString = NULL;
+        PKIX_PL_String *resourceLimitsString = NULL;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+        asciiFormat =
+                "[\n"
+                "\tTrust Anchors: \n"
+                "\t********BEGIN LIST OF TRUST ANCHORS********\n"
+                "\t\t%s\n"
+                "\t********END LIST OF TRUST ANCHORS********\n"
+                "\tDate:    \t\t%s\n"
+                "\tTarget Constraints:    %s\n"
+                "\tInitial Policies:      %s\n"
+                "\tQualifiers Rejected:   %s\n"
+                "\tCert Stores:           %s\n"
+                "\tResource Limits:       %s\n"
+                "\tCRL Checking Enabled:  %d\n"
+                "]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        procParams = (PKIX_ProcessingParams*)object;
+
+        PKIX_TOSTRING(procParams->trustAnchors, &anchorsString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING(procParams->date, &dateString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING(procParams->constraints, &constraintsString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (procParams->initialPolicies, &InitialPoliciesString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII,
+                (procParams->qualifiersRejected)?"TRUE":"FALSE",
+                0,
+                &qualsRejectedString,
+                plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        /* There is no ToString function for CertChainCheckers */
+
+       PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
+                (procParams, &certStores, plContext),
+                PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
+
+        PKIX_TOSTRING(certStores, &certStoresString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_TOSTRING(procParams->resourceLimits,
+                &resourceLimitsString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&procParamsString,
+                plContext,
+                formatString,
+                anchorsString,
+                dateString,
+                constraintsString,
+                InitialPoliciesString,
+                qualsRejectedString,
+                certStoresString,
+                resourceLimitsString,
+                procParams->isCrlRevocationCheckingEnabled,
+                procParams->isCrlRevocationCheckingEnabledWithNISTPolicy),
+                PKIX_SPRINTFFAILED);
+
+        *pString = procParamsString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(anchorsString);
+        PKIX_DECREF(dateString);
+        PKIX_DECREF(constraintsString);
+        PKIX_DECREF(InitialPoliciesString);
+        PKIX_DECREF(qualsRejectedString);
+        PKIX_DECREF(certStores);
+        PKIX_DECREF(certStoresString);
+        PKIX_DECREF(resourceLimitsString);
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ProcessingParams_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_ProcessingParams *params = NULL;
+        PKIX_ProcessingParams *paramsDuplicate = NULL;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_PROCESSINGPARAMS_TYPE, plContext),
+                PKIX_OBJECTNOTPROCESSINGPARAMS);
+
+        params = (PKIX_ProcessingParams *)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_PROCESSINGPARAMS_TYPE,
+                sizeof (PKIX_ProcessingParams),
+                (PKIX_PL_Object **)&paramsDuplicate,
+                plContext),
+                PKIX_PROCESSINGPARAMSCREATEFAILED);
+
+        /* initialize fields */
+        PKIX_DUPLICATE
+                (params->trustAnchors,
+                &(paramsDuplicate->trustAnchors),
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->hintCerts, &(paramsDuplicate->hintCerts), plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->constraints,
+                &(paramsDuplicate->constraints),
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->date, &(paramsDuplicate->date), plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->initialPolicies,
+                &(paramsDuplicate->initialPolicies),
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        paramsDuplicate->initialPolicyMappingInhibit =
+                params->initialPolicyMappingInhibit;
+        paramsDuplicate->initialAnyPolicyInhibit =
+                params->initialAnyPolicyInhibit;
+        paramsDuplicate->initialExplicitPolicy = params->initialExplicitPolicy;
+        paramsDuplicate->qualifiersRejected = params->qualifiersRejected;
+
+        PKIX_DUPLICATE
+                (params->certChainCheckers,
+                &(paramsDuplicate->certChainCheckers),
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->revChecker,
+                &(paramsDuplicate->revChecker),
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->certStores, &(paramsDuplicate->certStores), plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        PKIX_DUPLICATE
+                (params->resourceLimits,
+                &(paramsDuplicate->resourceLimits),
+                plContext,
+                PKIX_OBJECTDUPLICATEFAILED);
+
+        paramsDuplicate->isCrlRevocationCheckingEnabled =
+                params->isCrlRevocationCheckingEnabled;
+
+        paramsDuplicate->isCrlRevocationCheckingEnabledWithNISTPolicy =
+                params->isCrlRevocationCheckingEnabledWithNISTPolicy;
+
+        *pNewObject = (PKIX_PL_Object *)paramsDuplicate;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(paramsDuplicate);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+
+}
+
+/*
+ * FUNCTION: pkix_ProcessingParams_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_PROCESSINGPARAMS_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_ProcessingParams_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "pkix_ProcessingParams_RegisterSelf");
+
+        entry.description = "ProcessingParams";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_ProcessingParams);
+        entry.destructor = pkix_ProcessingParams_Destroy;
+        entry.equalsFunction = pkix_ProcessingParams_Equals;
+        entry.hashcodeFunction = pkix_ProcessingParams_Hashcode;
+        entry.toStringFunction = pkix_ProcessingParams_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_ProcessingParams_Duplicate;
+
+        systemClasses[PKIX_PROCESSINGPARAMS_TYPE] = entry;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_Create (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_Create(
+        PKIX_ProcessingParams **pParams,
+        void *plContext)
+{
+        PKIX_ProcessingParams *params = NULL;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_Create");
+        PKIX_NULLCHECK_ONE(pParams);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_PROCESSINGPARAMS_TYPE,
+                    sizeof (PKIX_ProcessingParams),
+                    (PKIX_PL_Object **)&params,
+                    plContext),
+                    PKIX_COULDNOTCREATEPROCESSINGPARAMSOBJECT);
+
+        /* initialize fields */
+        PKIX_CHECK(PKIX_List_Create(&params->trustAnchors, plContext),
+                   PKIX_LISTCREATEFAILED);
+        PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
+                    PKIX_LISTSETIMMUTABLEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
+                   (NULL, &params->date, plContext),
+                   PKIX_DATECREATEUTCTIMEFAILED);
+
+        params->hintCerts = NULL;
+        params->constraints = NULL;
+        params->initialPolicies = NULL;
+        params->initialPolicyMappingInhibit = PKIX_FALSE;
+        params->initialAnyPolicyInhibit = PKIX_FALSE;
+        params->initialExplicitPolicy = PKIX_FALSE;
+        params->qualifiersRejected = PKIX_FALSE;
+        params->certChainCheckers = NULL;
+        params->revChecker = NULL;
+        params->certStores = NULL;
+        params->resourceLimits = NULL;
+
+        params->isCrlRevocationCheckingEnabled = PKIX_TRUE;
+
+        params->isCrlRevocationCheckingEnabledWithNISTPolicy = PKIX_TRUE;
+
+        params->useAIAForCertFetching = PKIX_FALSE;
+        params->qualifyTargetCert = PKIX_TRUE;
+        params->useOnlyTrustAnchors = PKIX_TRUE;
+
+        *pParams = params;
+        params = NULL;
+
+cleanup:
+
+        PKIX_DECREF(params);
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetUseAIAForCertFetching
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetUseAIAForCertFetching(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pUseAIA,  /* list of TrustAnchor */
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetUseAIAForCertFetching");
+        PKIX_NULLCHECK_TWO(params, pUseAIA);
+
+        *pUseAIA = params->useAIAForCertFetching;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetUseAIAForCertFetching
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetUseAIAForCertFetching(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean useAIA,  
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetUseAIAForCertFetching");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->useAIAForCertFetching = useAIA;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetQualifyTargetCert
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetValidateTargetCert(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pQualifyTargetCert,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_GetValidateTargetCert");
+        PKIX_NULLCHECK_TWO(params, pQualifyTargetCert);
+
+        *pQualifyTargetCert = params->qualifyTargetCert;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetQualifyTargetCert
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetQualifyTargetCert(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean qualifyTargetCert,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_SetQualifyTargetCert");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->qualifyTargetCert = qualifyTargetCert;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_List *anchors,  /* list of TrustAnchor */
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetTrustAnchors");
+        PKIX_NULLCHECK_TWO(params, anchors);
+
+        PKIX_DECREF(params->trustAnchors);
+
+        PKIX_INCREF(anchors);
+        params->trustAnchors = anchors;
+        PKIX_CHECK(PKIX_List_SetImmutable(params->trustAnchors, plContext),
+                    PKIX_LISTSETIMMUTABLEFAILED);
+
+cleanup:
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pAnchors,  /* list of TrustAnchor */
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetTrustAnchors");
+        PKIX_NULLCHECK_TWO(params, pAnchors);
+
+        PKIX_INCREF(params->trustAnchors);
+
+        *pAnchors = params->trustAnchors;
+
+cleanup:
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/**
+ * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetUseOnlyTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pUseOnlyTrustAnchors,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_SetUseTrustAnchorsOnly");
+        PKIX_NULLCHECK_TWO(params, pUseOnlyTrustAnchors);
+
+        *pUseOnlyTrustAnchors = params->useOnlyTrustAnchors;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/**
+ * FUNCTION: PKIX_ProcessingParams_SetUseOnlyTrustAnchors
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetUseOnlyTrustAnchors(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean useOnlyTrustAnchors,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_SetUseTrustAnchorsOnly");
+        PKIX_NULLCHECK_ONE(params);
+
+        params->useOnlyTrustAnchors = useOnlyTrustAnchors;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetDate (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetDate(
+        PKIX_ProcessingParams *params,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetDate");
+        PKIX_NULLCHECK_TWO(params, pDate);
+
+        PKIX_INCREF(params->date);
+        *pDate = params->date;
+
+cleanup:
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetDate (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetDate(
+        PKIX_ProcessingParams *params,
+        PKIX_PL_Date *date,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetDate");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->date);
+
+        PKIX_INCREF(date);
+        params->date = date;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED && params) {
+            PKIX_DECREF(params->date);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetTargetCertConstraints
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetTargetCertConstraints(
+        PKIX_ProcessingParams *params,
+        PKIX_CertSelector **pConstraints,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                    "PKIX_ProcessingParams_GetTargetCertConstraints");
+
+        PKIX_NULLCHECK_TWO(params, pConstraints);
+
+        PKIX_INCREF(params->constraints);
+        *pConstraints = params->constraints;
+
+cleanup:
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetTargetCertConstraints
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetTargetCertConstraints(
+        PKIX_ProcessingParams *params,
+        PKIX_CertSelector *constraints,
+        void *plContext)
+{
+
+        PKIX_ENTER(PROCESSINGPARAMS,
+                    "PKIX_ProcessingParams_SetTargetCertConstraints");
+
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->constraints);
+
+        PKIX_INCREF(constraints);
+        params->constraints = constraints;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED && params) {
+            PKIX_DECREF(params->constraints);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetInitialPolicies
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetInitialPolicies(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pInitPolicies, /* list of PKIX_PL_OID */
+        void *plContext)
+{
+
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_GetInitialPolicies");
+
+        PKIX_NULLCHECK_TWO(params, pInitPolicies);
+
+        if (params->initialPolicies == NULL) {
+                PKIX_CHECK(PKIX_List_Create
+                        (&params->initialPolicies, plContext),
+                        PKIX_UNABLETOCREATELIST);
+                PKIX_CHECK(PKIX_List_SetImmutable
+                        (params->initialPolicies, plContext),
+                        PKIX_UNABLETOMAKELISTIMMUTABLE);
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)params, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+        }
+
+        PKIX_INCREF(params->initialPolicies);
+        *pInitPolicies = params->initialPolicies;
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetInitialPolicies
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetInitialPolicies(
+        PKIX_ProcessingParams *params,
+        PKIX_List *initPolicies, /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_SetInitialPolicies");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->initialPolicies);
+
+        PKIX_INCREF(initPolicies);
+        params->initialPolicies = initPolicies;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)params, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED && params) {
+            PKIX_DECREF(params->initialPolicies);
+        }
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetPolicyQualifiersRejected
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetPolicyQualifiersRejected(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pRejected,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_GetPolicyQualifiersRejected");
+
+        PKIX_NULLCHECK_TWO(params, pRejected);
+
+        *pRejected = params->qualifiersRejected;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetPolicyQualifiersRejected
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetPolicyQualifiersRejected(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean rejected,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_SetPolicyQualifiersRejected");
+
+        PKIX_NULLCHECK_ONE(params);
+
+        params->qualifiersRejected = rejected;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)params, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetCertChainCheckers
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetCertChainCheckers(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pCheckers,  /* list of PKIX_CertChainChecker */
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_GetCertChainCheckers");
+        PKIX_NULLCHECK_TWO(params, pCheckers);
+
+        PKIX_INCREF(params->certChainCheckers);
+        *pCheckers = params->certChainCheckers;
+
+cleanup:
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetCertChainCheckers
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetCertChainCheckers(
+        PKIX_ProcessingParams *params,
+        PKIX_List *checkers,  /* list of PKIX_CertChainChecker */
+        void *plContext)
+{
+
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_SetCertChainCheckers");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->certChainCheckers);
+
+        PKIX_INCREF(checkers);
+        params->certChainCheckers = checkers;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)params, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED && params) {
+            PKIX_DECREF(params->certChainCheckers);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_AddCertChainCheckers
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_AddCertChainChecker(
+        PKIX_ProcessingParams *params,
+        PKIX_CertChainChecker *checker,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_AddCertChainChecker");
+        PKIX_NULLCHECK_TWO(params, checker);
+
+        if (params->certChainCheckers == NULL) {
+
+                PKIX_CHECK(PKIX_List_Create(&list, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+                params->certChainCheckers = list;
+        }
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (params->certChainCheckers, (PKIX_PL_Object *)checker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+            ((PKIX_PL_Object *)params, plContext),
+            PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        list = NULL;
+
+cleanup:
+
+        if (list && params) {
+            PKIX_DECREF(params->certChainCheckers);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetRevocationChecker
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetRevocationChecker(
+        PKIX_ProcessingParams *params,
+        PKIX_RevocationChecker **pChecker,
+        void *plContext)
+{
+
+        PKIX_ENTER
+            (PROCESSINGPARAMS, "PKIX_ProcessingParams_GetRevocationCheckers");
+        PKIX_NULLCHECK_TWO(params, pChecker);
+
+        PKIX_INCREF(params->revChecker);
+        *pChecker = params->revChecker;
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetRevocationChecker
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetRevocationChecker(
+        PKIX_ProcessingParams *params,
+        PKIX_RevocationChecker *checker,
+        void *plContext)
+{
+
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_InitRevocationChecker");
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->revChecker);
+        PKIX_INCREF(checker);
+        params->revChecker = checker;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)params, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetCertStores
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetCertStores(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pStores,  /* list of PKIX_CertStore */
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetCertStores");
+
+        PKIX_NULLCHECK_TWO(params, pStores);
+
+        if (!params->certStores){
+                PKIX_CHECK(PKIX_List_Create(&params->certStores, plContext),
+                            PKIX_UNABLETOCREATELIST);
+        }
+
+        PKIX_INCREF(params->certStores);
+        *pStores = params->certStores;
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetCertStores
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetCertStores(
+        PKIX_ProcessingParams *params,
+        PKIX_List *stores,  /* list of PKIX_CertStore */
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetCertStores");
+
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->certStores);
+
+        PKIX_INCREF(stores);
+        params->certStores = stores;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)params, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED && params) {
+            PKIX_DECREF(params->certStores);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_AddCertStore
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_AddCertStore(
+        PKIX_ProcessingParams *params,
+        PKIX_CertStore *store,
+        void *plContext)
+{
+        PKIX_List *certStores = NULL;
+
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_AddCertStore");
+        PKIX_NULLCHECK_TWO(params, store);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
+                    (params, &certStores, plContext),
+                    PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (certStores, (PKIX_PL_Object *)store, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(certStores);
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetResourceLimits
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetResourceLimits(
+        PKIX_ProcessingParams *params,
+        PKIX_ResourceLimits *resourceLimits,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_SetResourceLimits");
+
+        PKIX_NULLCHECK_TWO(params, resourceLimits);
+
+        PKIX_DECREF(params->resourceLimits);
+        PKIX_INCREF(resourceLimits);
+        params->resourceLimits = resourceLimits;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED && params) {
+            PKIX_DECREF(params->resourceLimits);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetResourceLimits
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetResourceLimits(
+        PKIX_ProcessingParams *params,
+        PKIX_ResourceLimits **pResourceLimits,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                   "PKIX_ProcessingParams_GetResourceLimits");
+
+        PKIX_NULLCHECK_TWO(params, pResourceLimits);
+
+        PKIX_INCREF(params->resourceLimits);
+        *pResourceLimits = params->resourceLimits;
+
+cleanup:
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsAnyPolicyInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsAnyPolicyInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pInhibited,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_IsAnyPolicyInhibited");
+
+        PKIX_NULLCHECK_TWO(params, pInhibited);
+
+        *pInhibited = params->initialAnyPolicyInhibit;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetAnyPolicyInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetAnyPolicyInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean inhibited,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_SetAnyPolicyInhibited");
+
+        PKIX_NULLCHECK_ONE(params);
+
+        params->initialAnyPolicyInhibit = inhibited;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsExplicitPolicyRequired
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsExplicitPolicyRequired(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pRequired,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_IsExplicitPolicyRequired");
+
+        PKIX_NULLCHECK_TWO(params, pRequired);
+
+        *pRequired = params->initialExplicitPolicy;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetExplicitPolicyRequired
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetExplicitPolicyRequired(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean required,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_SetExplicitPolicyRequired");
+
+        PKIX_NULLCHECK_ONE(params);
+
+        params->initialExplicitPolicy = required;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_IsPolicyMappingInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_IsPolicyMappingInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean *pInhibited,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_IsPolicyMappingInhibited");
+
+        PKIX_NULLCHECK_TWO(params, pInhibited);
+
+        *pInhibited = params->initialPolicyMappingInhibit;
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetPolicyMappingInhibited
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetPolicyMappingInhibited(
+        PKIX_ProcessingParams *params,
+        PKIX_Boolean inhibited,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS,
+                "PKIX_ProcessingParams_SetPolicyMappingInhibited");
+
+        PKIX_NULLCHECK_ONE(params);
+
+        params->initialPolicyMappingInhibit = inhibited;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)params, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_SetHintCerts
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_SetHintCerts(
+        PKIX_ProcessingParams *params,
+        PKIX_List *hintCerts,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_SetHintCerts");
+
+        PKIX_NULLCHECK_ONE(params);
+
+        PKIX_DECREF(params->hintCerts);
+        PKIX_INCREF(hintCerts);
+        params->hintCerts = hintCerts;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED && params) {
+            PKIX_DECREF(params->hintCerts);
+        }
+
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ProcessingParams_GetHintCerts
+ * (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ProcessingParams_GetHintCerts(
+        PKIX_ProcessingParams *params,
+        PKIX_List **pHintCerts,
+        void *plContext)
+{
+        PKIX_ENTER(PROCESSINGPARAMS, "PKIX_ProcessingParams_GetHintCerts");
+
+        PKIX_NULLCHECK_TWO(params, pHintCerts);
+
+        PKIX_INCREF(params->hintCerts);
+        *pHintCerts = params->hintCerts;
+
+cleanup:
+        PKIX_RETURN(PROCESSINGPARAMS);
+}
diff --git a/nss/lib/libpkix/pkix/params/pkix_procparams.h b/nss/lib/libpkix/pkix/params/pkix_procparams.h
new file mode 100755
index 0000000..599f5d4
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_procparams.h
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_procparams.h
+ *
+ * ProcessingParams Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PROCESSINGPARAMS_H
+#define _PKIX_PROCESSINGPARAMS_H
+
+#include "pkix_tools.h"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ProcessingParamsStruct {
+        PKIX_List *trustAnchors;        /* Never NULL */
+        PKIX_List *hintCerts;	/* user-supplied partial chain, may be NULL */
+        PKIX_CertSelector *constraints;
+        PKIX_PL_Date *date;
+        PKIX_List *initialPolicies;     /* list of PKIX_PL_OID */
+        PKIX_Boolean initialPolicyMappingInhibit;
+        PKIX_Boolean initialAnyPolicyInhibit;
+        PKIX_Boolean initialExplicitPolicy;
+        PKIX_Boolean qualifiersRejected;
+        PKIX_List *certChainCheckers;
+        PKIX_List *certStores;
+        PKIX_Boolean isCrlRevocationCheckingEnabled;
+        PKIX_Boolean isCrlRevocationCheckingEnabledWithNISTPolicy;
+        PKIX_RevocationChecker *revChecker;
+        PKIX_ResourceLimits *resourceLimits;
+        PKIX_Boolean useAIAForCertFetching;
+        PKIX_Boolean qualifyTargetCert;
+        PKIX_Boolean useOnlyTrustAnchors;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ProcessingParams_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PROCESSINGPARAMS_H */
diff --git a/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c b/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c
new file mode 100755
index 0000000..de93e9d
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_resourcelimits.c
@@ -0,0 +1,433 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_resourcelimits.c
+ *
+ * Resourcelimits Params Object Functions
+ *
+ */
+
+#include "pkix_resourcelimits.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ResourceLimits_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ResourceLimits *rLimits = NULL;
+
+        PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a ResourceLimits object */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
+                    PKIX_OBJECTNOTRESOURCELIMITS);
+
+        rLimits = (PKIX_ResourceLimits *)object;
+
+        rLimits->maxTime = 0;
+        rLimits->maxFanout = 0;
+        rLimits->maxDepth = 0;
+        rLimits->maxCertsNumber = 0;
+        rLimits->maxCrlsNumber = 0;
+
+cleanup:
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_ResourceLimits *firstRLimits = NULL;
+        PKIX_ResourceLimits *secondRLimits = NULL;
+
+        PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_CheckType(first, PKIX_RESOURCELIMITS_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTRESOURCELIMITS);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_RESOURCELIMITS_TYPE) goto cleanup;
+
+        firstRLimits = (PKIX_ResourceLimits *)first;
+        secondRLimits = (PKIX_ResourceLimits *)second;
+
+        cmpResult = (firstRLimits->maxTime == secondRLimits->maxTime) &&
+                    (firstRLimits->maxFanout == secondRLimits->maxFanout) &&
+                    (firstRLimits->maxDepth == secondRLimits->maxDepth) &&
+                    (firstRLimits->maxCertsNumber == 
+                        secondRLimits->maxCertsNumber) &&
+                    (firstRLimits->maxCrlsNumber == 
+                        secondRLimits->maxCrlsNumber);
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_ResourceLimits *rLimits = NULL;
+        PKIX_UInt32 hash = 0;
+
+        PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
+                    PKIX_OBJECTNOTRESOURCELIMITS);
+
+        rLimits = (PKIX_ResourceLimits*)object;
+
+        hash = 31 * rLimits->maxTime + (rLimits->maxFanout << 1) +
+                (rLimits->maxDepth << 2) + (rLimits->maxCertsNumber << 3) +
+                rLimits->maxCrlsNumber;
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ResourceLimits_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_ResourceLimits *rLimits = NULL;
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *rLimitsString = NULL;
+
+        PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_RESOURCELIMITS_TYPE, plContext),
+                    PKIX_OBJECTNOTRESOURCELIMITS);
+
+        /* maxCertsNumber and maxCrlsNumber are not supported */
+        asciiFormat =
+                "[\n"
+                "\tMaxTime:           \t\t%d\n"
+                "\tMaxFanout:         \t\t%d\n"
+                "\tMaxDepth:         \t\t%d\n"
+                "]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        rLimits = (PKIX_ResourceLimits*)object;
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&rLimitsString,
+                    plContext,
+                    formatString,
+                    rLimits->maxTime,
+                    rLimits->maxFanout,
+                    rLimits->maxDepth),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = rLimitsString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: pkix_ResourceLimits_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_RESOURCELIMITS_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_ResourceLimits_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(RESOURCELIMITS, "pkix_ResourceLimits_RegisterSelf");
+
+        entry.description = "ResourceLimits";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_ResourceLimits);
+        entry.destructor = pkix_ResourceLimits_Destroy;
+        entry.equalsFunction = pkix_ResourceLimits_Equals;
+        entry.hashcodeFunction = pkix_ResourceLimits_Hashcode;
+        entry.toStringFunction = pkix_ResourceLimits_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_RESOURCELIMITS_TYPE] = entry;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_Create (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_Create(
+        PKIX_ResourceLimits **pResourceLimits,
+        void *plContext)
+{
+        PKIX_ResourceLimits *rLimits = NULL;
+
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_Create");
+        PKIX_NULLCHECK_ONE(pResourceLimits);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_RESOURCELIMITS_TYPE,
+                    sizeof (PKIX_ResourceLimits),
+                    (PKIX_PL_Object **)&rLimits,
+                    plContext),
+                    PKIX_COULDNOTCREATERESOURCELIMITOBJECT);
+
+        /* initialize fields */
+        rLimits->maxTime = 0;
+        rLimits->maxFanout = 0;
+        rLimits->maxDepth = 0;
+        rLimits->maxCertsNumber = 0;
+        rLimits->maxCrlsNumber = 0;
+
+        *pResourceLimits = rLimits;
+
+cleanup:
+
+        PKIX_RETURN(RESOURCELIMITS);
+
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxTime
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxTime(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 *pMaxTime,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxTime");
+        PKIX_NULLCHECK_TWO(rLimits, pMaxTime);
+
+        *pMaxTime = rLimits->maxTime;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxTime
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxTime(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 maxTime,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxTime");
+        PKIX_NULLCHECK_ONE(rLimits);
+
+        rLimits->maxTime = maxTime;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxFanout
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxFanout(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 *pMaxFanout,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxFanout");
+        PKIX_NULLCHECK_TWO(rLimits, pMaxFanout);
+
+        *pMaxFanout = rLimits->maxFanout;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxFanout
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxFanout(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 maxFanout,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxFanout");
+        PKIX_NULLCHECK_ONE(rLimits);
+
+        rLimits->maxFanout = maxFanout;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxDepth
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxDepth(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 *pMaxDepth,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxDepth");
+        PKIX_NULLCHECK_TWO(rLimits, pMaxDepth);
+
+        *pMaxDepth = rLimits->maxDepth;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxDepth
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxDepth(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 maxDepth,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxDepth");
+        PKIX_NULLCHECK_ONE(rLimits);
+
+        rLimits->maxDepth = maxDepth;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCerts
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxNumberOfCerts(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 *pMaxNumber,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCerts");
+        PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
+
+        *pMaxNumber = rLimits->maxCertsNumber;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCerts
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxNumberOfCerts(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 maxNumber,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCerts");
+        PKIX_NULLCHECK_ONE(rLimits);
+
+        rLimits->maxCertsNumber = maxNumber;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_GetMaxNumberOfCRLs
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_GetMaxNumberOfCRLs(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 *pMaxNumber,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_GetMaxNumberOfCRLs");
+        PKIX_NULLCHECK_TWO(rLimits, pMaxNumber);
+
+        *pMaxNumber = rLimits->maxCrlsNumber;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
+
+/*
+ * FUNCTION: PKIX_ResourceLimits_SetMaxNumberOfCRLs
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ResourceLimits_SetMaxNumberOfCRLs(
+        PKIX_ResourceLimits *rLimits,
+        PKIX_UInt32 maxNumber,
+        void *plContext)
+{
+        PKIX_ENTER(RESOURCELIMITS, "PKIX_ResourceLimits_SetMaxNumberOfCRLs");
+        PKIX_NULLCHECK_ONE(rLimits);
+
+        rLimits->maxCrlsNumber = maxNumber;
+
+        PKIX_RETURN(RESOURCELIMITS);
+}
diff --git a/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h b/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h
new file mode 100755
index 0000000..c4f582c
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_resourcelimits.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_resourcelimits.h
+ *
+ * ResourceLimits Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_RESOURCELIMITS_H
+#define _PKIX_RESOURCELIMITS_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ResourceLimitsStruct {
+        PKIX_UInt32 maxTime;
+        PKIX_UInt32 maxFanout;
+        PKIX_UInt32 maxDepth;
+        PKIX_UInt32 maxCertsNumber;
+        PKIX_UInt32 maxCrlsNumber;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ResourceLimits_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_RESOURCELIMITS_H */
diff --git a/nss/lib/libpkix/pkix/params/pkix_trustanchor.c b/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
new file mode 100755
index 0000000..ced16d2
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_trustanchor.c
@@ -0,0 +1,525 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_trustanchor.c
+ *
+ * TrustAnchor Object Functions
+ *
+ */
+
+#include "pkix_trustanchor.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_TrustAnchor_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_TrustAnchor *anchor = NULL;
+
+        PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a trust anchor */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+                    PKIX_OBJECTNOTTRUSTANCHOR);
+
+        anchor = (PKIX_TrustAnchor *)object;
+
+        PKIX_DECREF(anchor->trustedCert);
+        PKIX_DECREF(anchor->caName);
+        PKIX_DECREF(anchor->caPubKey);
+        PKIX_DECREF(anchor->nameConstraints);
+
+cleanup:
+
+        PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_TrustAnchor *firstAnchor = NULL;
+        PKIX_TrustAnchor *secondAnchor = NULL;
+        PKIX_PL_Cert *firstCert = NULL;
+        PKIX_PL_Cert *secondCert = NULL;
+
+        PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_CheckType(first, PKIX_TRUSTANCHOR_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTTRUSTANCHOR);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_TRUSTANCHOR_TYPE) goto cleanup;
+
+        firstAnchor = (PKIX_TrustAnchor *)first;
+        secondAnchor = (PKIX_TrustAnchor *)second;
+
+        firstCert = firstAnchor->trustedCert;
+        secondCert = secondAnchor->trustedCert;
+
+        if ((firstCert && !secondCert) || (!firstCert && secondCert)){
+                goto cleanup;
+        }
+
+        if (firstCert && secondCert){
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object *)firstCert,
+                            (PKIX_PL_Object *)secondCert,
+                            &cmpResult,
+                            plContext),
+                            PKIX_OBJECTEQUALSFAILED);
+        } else {
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object *)firstAnchor->caName,
+                            (PKIX_PL_Object *)secondAnchor->caName,
+                            &cmpResult,
+                            plContext),
+                            PKIX_OBJECTEQUALSFAILED);
+
+                if (!cmpResult) goto cleanup;
+
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object *)firstAnchor->caPubKey,
+                            (PKIX_PL_Object *)secondAnchor->caPubKey,
+                            &cmpResult,
+                            plContext),
+                            PKIX_OBJECTEQUALSFAILED);
+
+                if (!cmpResult) goto cleanup;
+
+                PKIX_EQUALS
+                        (firstAnchor->nameConstraints,
+                        secondAnchor->nameConstraints,
+                        &cmpResult,
+                        plContext,
+                        PKIX_OBJECTEQUALSFAILED);
+
+                if (!cmpResult) goto cleanup;
+
+        }
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_TrustAnchor *anchor = NULL;
+        PKIX_PL_Cert *cert = NULL;
+        PKIX_UInt32 hash = 0;
+        PKIX_UInt32 certHash = 0;
+        PKIX_UInt32 nameHash = 0;
+        PKIX_UInt32 pubKeyHash = 0;
+        PKIX_UInt32 ncHash = 0;
+
+        PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+                    PKIX_OBJECTNOTTRUSTANCHOR);
+
+        anchor = (PKIX_TrustAnchor*)object;
+        cert = anchor->trustedCert;
+
+        if (cert){
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                            ((PKIX_PL_Object *)cert,
+                            &certHash,
+                            plContext),
+                            PKIX_OBJECTHASHCODEFAILED);
+
+                hash = certHash;
+
+        } else {
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                            ((PKIX_PL_Object *)anchor->caName,
+                            &nameHash,
+                            plContext),
+                            PKIX_OBJECTHASHCODEFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                            ((PKIX_PL_Object *)anchor->caPubKey,
+                            &pubKeyHash,
+                            plContext),
+                            PKIX_OBJECTHASHCODEFAILED);
+
+                PKIX_HASHCODE(anchor->nameConstraints, &ncHash, plContext,
+                        PKIX_OBJECTHASHCODEFAILED);
+
+                hash = 31 * nameHash + pubKeyHash + ncHash;
+
+        }
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_TrustAnchor_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_TrustAnchor *anchor = NULL;
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *anchorString = NULL;
+        PKIX_PL_String *certString = NULL;
+        PKIX_PL_String *nameString = NULL;
+        PKIX_PL_String *pubKeyString = NULL;
+        PKIX_PL_String *nameConstraintsString = NULL;
+
+        PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_TRUSTANCHOR_TYPE, plContext),
+                    PKIX_OBJECTNOTTRUSTANCHOR);
+
+        anchor = (PKIX_TrustAnchor*)object;
+
+        if (anchor->trustedCert){
+                asciiFormat =
+                        "[\n"
+                        "\tTrusted Cert:	%s\n"
+                        "]\n";
+
+                PKIX_CHECK(PKIX_PL_String_Create
+                            (PKIX_ESCASCII,
+                            asciiFormat,
+                            0,
+                            &formatString,
+                            plContext),
+                            PKIX_STRINGCREATEFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                            ((PKIX_PL_Object *)anchor->trustedCert,
+                            &certString,
+                            plContext),
+                            PKIX_OBJECTTOSTRINGFAILED);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (&anchorString,
+                            plContext,
+                            formatString,
+                            certString),
+                            PKIX_SPRINTFFAILED);
+        } else {
+                asciiFormat =
+                        "[\n"
+                        "\tTrusted CA Name:         %s\n"
+                        "\tTrusted CA PublicKey:    %s\n"
+                        "\tInitial Name Constraints:%s\n"
+                        "]\n";
+
+                PKIX_CHECK(PKIX_PL_String_Create
+                            (PKIX_ESCASCII,
+                            asciiFormat,
+                            0,
+                            &formatString,
+                            plContext),
+                            PKIX_STRINGCREATEFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                            ((PKIX_PL_Object *)anchor->caName,
+                            &nameString,
+                            plContext),
+                            PKIX_OBJECTTOSTRINGFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                            ((PKIX_PL_Object *)anchor->caPubKey,
+                            &pubKeyString,
+                            plContext),
+                            PKIX_OBJECTTOSTRINGFAILED);
+
+                PKIX_TOSTRING
+                        (anchor->nameConstraints,
+                        &nameConstraintsString,
+                        plContext,
+                        PKIX_OBJECTTOSTRINGFAILED);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (&anchorString,
+                            plContext,
+                            formatString,
+                            nameString,
+                            pubKeyString,
+                            nameConstraintsString),
+                            PKIX_SPRINTFFAILED);
+        }
+
+        *pString = anchorString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(certString);
+        PKIX_DECREF(nameString);
+        PKIX_DECREF(pubKeyString);
+        PKIX_DECREF(nameConstraintsString);
+
+        PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: pkix_TrustAnchor_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_TRUSTANCHOR_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_TrustAnchor_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(TRUSTANCHOR, "pkix_TrustAnchor_RegisterSelf");
+
+        entry.description = "TrustAnchor";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_TrustAnchor);
+        entry.destructor = pkix_TrustAnchor_Destroy;
+        entry.equalsFunction = pkix_TrustAnchor_Equals;
+        entry.hashcodeFunction = pkix_TrustAnchor_Hashcode;
+        entry.toStringFunction = pkix_TrustAnchor_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_TRUSTANCHOR_TYPE] = entry;
+
+        PKIX_RETURN(TRUSTANCHOR);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_CreateWithCert (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithCert(
+        PKIX_PL_Cert *cert,
+        PKIX_TrustAnchor **pAnchor,
+        void *plContext)
+{
+        PKIX_TrustAnchor *anchor = NULL;
+
+        PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithCert");
+        PKIX_NULLCHECK_TWO(cert, pAnchor);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_TRUSTANCHOR_TYPE,
+                    sizeof (PKIX_TrustAnchor),
+                    (PKIX_PL_Object **)&anchor,
+                    plContext),
+                    PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
+
+        /* initialize fields */
+        PKIX_CHECK(
+            PKIX_PL_Cert_SetAsTrustAnchor(cert, plContext),
+            PKIX_CERTSETASTRUSTANCHORFAILED);
+
+        PKIX_INCREF(cert);
+        anchor->trustedCert = cert;
+
+        anchor->caName = NULL;
+        anchor->caPubKey = NULL;
+
+        PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+                    (anchor->trustedCert, &anchor->nameConstraints, plContext),
+                    PKIX_CERTGETNAMECONSTRAINTSFAILED);
+
+
+        *pAnchor = anchor;
+        anchor = NULL;
+
+cleanup:
+
+        PKIX_DECREF(anchor);
+
+        PKIX_RETURN(TRUSTANCHOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_CreateWithNameKeyPair
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_CreateWithNameKeyPair(
+        PKIX_PL_X500Name *name,
+        PKIX_PL_PublicKey *pubKey,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_TrustAnchor **pAnchor,
+        void *plContext)
+{
+        PKIX_TrustAnchor *anchor = NULL;
+
+        PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_CreateWithNameKeyPair");
+
+#ifndef BUILD_LIBPKIX_TESTS
+        /* Nss creates trust anchors by using PKIX_TrustAnchor_CreateWithCert
+         * function as the complete trusted cert structure, and not only cert
+         * public key, is required for chain building and validation processes. 
+         * Restricting this function for been used only in libpkix unit
+         * tests. */
+        PKIX_ERROR(PKIX_FUNCTIONMUSTNOTBEUSED);
+#endif
+
+        PKIX_NULLCHECK_THREE(name, pubKey, pAnchor);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_TRUSTANCHOR_TYPE,
+                    sizeof (PKIX_TrustAnchor),
+                    (PKIX_PL_Object **)&anchor,
+                    plContext),
+                    PKIX_COULDNOTCREATETRUSTANCHOROBJECT);
+
+        /* initialize fields */
+        anchor->trustedCert = NULL;
+
+        PKIX_INCREF(name);
+        anchor->caName = name;
+
+        PKIX_INCREF(pubKey);
+        anchor->caPubKey = pubKey;
+
+        PKIX_INCREF(nameConstraints);
+        anchor->nameConstraints = nameConstraints;
+
+        *pAnchor = anchor;
+        anchor = NULL;
+cleanup:
+
+        PKIX_DECREF(anchor);
+
+        PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetTrustedCert (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetTrustedCert(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_Cert **pCert,
+        void *plContext)
+{
+        PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetTrustedCert");
+        PKIX_NULLCHECK_TWO(anchor, pCert);
+
+        PKIX_INCREF(anchor->trustedCert);
+
+        *pCert = anchor->trustedCert;
+
+cleanup:
+        PKIX_RETURN(TRUSTANCHOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetCAName (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetCAName(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_X500Name **pCAName,
+        void *plContext)
+{
+        PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAName");
+        PKIX_NULLCHECK_TWO(anchor, pCAName);
+
+        PKIX_INCREF(anchor->caName);
+
+        *pCAName = anchor->caName;
+
+cleanup:
+        PKIX_RETURN(TRUSTANCHOR);
+
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetCAPublicKey (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetCAPublicKey(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_PublicKey **pPubKey,
+        void *plContext)
+{
+        PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetCAPublicKey");
+        PKIX_NULLCHECK_TWO(anchor, pPubKey);
+
+        PKIX_INCREF(anchor->caPubKey);
+
+        *pPubKey = anchor->caPubKey;
+
+cleanup:
+        PKIX_RETURN(TRUSTANCHOR);
+}
+
+/*
+ * FUNCTION: PKIX_TrustAnchor_GetNameConstraints
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_TrustAnchor_GetNameConstraints(
+        PKIX_TrustAnchor *anchor,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext)
+{
+        PKIX_ENTER(TRUSTANCHOR, "PKIX_TrustAnchor_GetNameConstraints");
+        PKIX_NULLCHECK_TWO(anchor, pNameConstraints);
+
+        PKIX_INCREF(anchor->nameConstraints);
+
+        *pNameConstraints = anchor->nameConstraints;
+
+cleanup:
+        PKIX_RETURN(TRUSTANCHOR);
+}
diff --git a/nss/lib/libpkix/pkix/params/pkix_trustanchor.h b/nss/lib/libpkix/pkix/params/pkix_trustanchor.h
new file mode 100755
index 0000000..e3ceb7f
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_trustanchor.h
@@ -0,0 +1,35 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_trustanchor.h
+ *
+ * TrustAnchor Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_TRUSTANCHOR_H
+#define _PKIX_TRUSTANCHOR_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_TrustAnchorStruct {
+        PKIX_PL_Cert *trustedCert;
+        PKIX_PL_X500Name *caName;
+        PKIX_PL_PublicKey *caPubKey;
+        PKIX_PL_CertNameConstraints *nameConstraints;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_TrustAnchor_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_TRUSTANCHOR_H */
diff --git a/nss/lib/libpkix/pkix/params/pkix_valparams.c b/nss/lib/libpkix/pkix/params/pkix_valparams.c
new file mode 100755
index 0000000..83c3d2b
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_valparams.c
@@ -0,0 +1,335 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_valparams.c
+ *
+ * Validate Params Object Functions
+ *
+ */
+
+#include "pkix_valparams.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ValidateParams_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ValidateParams *params = NULL;
+
+        PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a validate params object */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTVALIDATEPARAMS);
+
+        params = (PKIX_ValidateParams *)object;
+
+        PKIX_DECREF(params->procParams);
+        PKIX_DECREF(params->chain);
+
+cleanup:
+
+        PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_ValidateParams *firstValParams = NULL;
+        PKIX_ValidateParams *secondValParams = NULL;
+
+        PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATEPARAMS_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTVALIDATEPARAMS);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_VALIDATEPARAMS_TYPE) goto cleanup;
+
+        firstValParams = (PKIX_ValidateParams *)first;
+        secondValParams = (PKIX_ValidateParams *)second;
+
+        PKIX_CHECK(PKIX_PL_Object_Equals
+                    ((PKIX_PL_Object *)firstValParams->procParams,
+                    (PKIX_PL_Object *)secondValParams->procParams,
+                    &cmpResult,
+                    plContext),
+                    PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        PKIX_CHECK(PKIX_PL_Object_Equals
+                    ((PKIX_PL_Object *)firstValParams->chain,
+                    (PKIX_PL_Object *)secondValParams->chain,
+                    &cmpResult,
+                    plContext),
+                    PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_ValidateParams *valParams = NULL;
+        PKIX_UInt32 hash = 0;
+        PKIX_UInt32 procParamsHash = 0;
+        PKIX_UInt32 chainHash = 0;
+
+        PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTVALIDATEPARAMS);
+
+        valParams = (PKIX_ValidateParams*)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                    ((PKIX_PL_Object *)valParams->procParams,
+                    &procParamsHash,
+                    plContext),
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                    ((PKIX_PL_Object *)valParams->chain,
+                    &chainHash,
+                    plContext),
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        hash = 31 * procParamsHash + chainHash;
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateParams_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_ValidateParams *valParams = NULL;
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *valParamsString = NULL;
+
+        PKIX_PL_String *procParamsString = NULL;
+        PKIX_PL_String *chainString = NULL;
+
+        PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATEPARAMS_TYPE, plContext),
+                    PKIX_OBJECTNOTVALIDATEPARAMS);
+
+        asciiFormat =
+                "[\n"
+                "\tProcessing Params: \n"
+                "\t********BEGIN PROCESSING PARAMS********\n"
+                "\t\t%s\n"
+                "\t********END PROCESSING PARAMS********\n"
+                "\tChain:    \t\t%s\n"
+                "]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        valParams = (PKIX_ValidateParams*)object;
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                    ((PKIX_PL_Object*)valParams->procParams,
+                    &procParamsString,
+                    plContext),
+                    PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                    ((PKIX_PL_Object *)valParams->chain,
+                    &chainString,
+                    plContext),
+                    PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&valParamsString,
+                    plContext,
+                    formatString,
+                    procParamsString,
+                    chainString),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = valParamsString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(procParamsString);
+        PKIX_DECREF(chainString);
+
+        PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: pkix_ValidateParams_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_VALIDATEPARAMS_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_ValidateParams_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(VALIDATEPARAMS, "pkix_ValidateParams_RegisterSelf");
+
+        entry.description = "ValidateParams";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_ValidateParams);
+        entry.destructor = pkix_ValidateParams_Destroy;
+        entry.equalsFunction = pkix_ValidateParams_Equals;
+        entry.hashcodeFunction = pkix_ValidateParams_Hashcode;
+        entry.toStringFunction = pkix_ValidateParams_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_VALIDATEPARAMS_TYPE] = entry;
+
+        PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ValidateParams_Create (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ValidateParams_Create(
+        PKIX_ProcessingParams *procParams,
+        PKIX_List *chain,
+        PKIX_ValidateParams **pParams,
+        void *plContext)
+{
+        PKIX_ValidateParams *params = NULL;
+
+        PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_Create");
+        PKIX_NULLCHECK_THREE(procParams, chain, pParams);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_VALIDATEPARAMS_TYPE,
+                    sizeof (PKIX_ValidateParams),
+                    (PKIX_PL_Object **)&params,
+                    plContext),
+                    PKIX_COULDNOTCREATEVALIDATEPARAMSOBJECT);
+
+        /* initialize fields */
+        PKIX_INCREF(procParams);
+        params->procParams = procParams;
+
+        PKIX_INCREF(chain);
+        params->chain = chain;
+
+        *pParams = params;
+        params = NULL;
+
+cleanup:
+
+        PKIX_DECREF(params);
+
+        PKIX_RETURN(VALIDATEPARAMS);
+
+}
+
+/*
+ * FUNCTION: PKIX_ValidateParams_GetProcessingParams
+ *      (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ValidateParams_GetProcessingParams(
+        PKIX_ValidateParams *valParams,
+        PKIX_ProcessingParams **pProcParams,
+        void *plContext)
+{
+        PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetProcessingParams");
+        PKIX_NULLCHECK_TWO(valParams, pProcParams);
+
+        PKIX_INCREF(valParams->procParams);
+
+        *pProcParams = valParams->procParams;
+
+cleanup:
+        PKIX_RETURN(VALIDATEPARAMS);
+}
+
+/*
+ * FUNCTION: PKIX_ValidateParams_GetCertChain (see comments in pkix_params.h)
+ */
+PKIX_Error *
+PKIX_ValidateParams_GetCertChain(
+        PKIX_ValidateParams *valParams,
+        PKIX_List **pChain,
+        void *plContext)
+{
+        PKIX_ENTER(VALIDATEPARAMS, "PKIX_ValidateParams_GetCertChain");
+        PKIX_NULLCHECK_TWO(valParams, pChain);
+
+        PKIX_INCREF(valParams->chain);
+
+        *pChain = valParams->chain;
+
+cleanup:
+        PKIX_RETURN(VALIDATEPARAMS);
+}
diff --git a/nss/lib/libpkix/pkix/params/pkix_valparams.h b/nss/lib/libpkix/pkix/params/pkix_valparams.h
new file mode 100755
index 0000000..93b754f
--- /dev/null
+++ b/nss/lib/libpkix/pkix/params/pkix_valparams.h
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_valparams.h
+ *
+ * ValidateParams Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_VALIDATEPARAMS_H
+#define _PKIX_VALIDATEPARAMS_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ValidateParamsStruct {
+        PKIX_ProcessingParams *procParams;      /* Never NULL */
+        PKIX_List *chain;                       /* Never NULL */
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_ValidateParams_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_VALIDATEPARAMS_H */
diff --git a/nss/lib/libpkix/pkix/results/Makefile b/nss/lib/libpkix/pkix/results/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/results/config.mk b/nss/lib/libpkix/pkix/results/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/results/exports.gyp b/nss/lib/libpkix/pkix/results/exports.gyp
new file mode 100644
index 0000000..dfff689
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/exports.gyp
@@ -0,0 +1,28 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_results_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_buildresult.h',
+            'pkix_policynode.h',
+            'pkix_valresult.h',
+            'pkix_verifynode.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/results/manifest.mn b/nss/lib/libpkix/pkix/results/manifest.mn
new file mode 100755
index 0000000..c082ada
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/manifest.mn
@@ -0,0 +1,27 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_buildresult.h \
+	pkix_policynode.h \
+	pkix_valresult.h \
+	pkix_verifynode.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_buildresult.c \
+	pkix_policynode.c \
+	pkix_valresult.c \
+	pkix_verifynode.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixresults
+
diff --git a/nss/lib/libpkix/pkix/results/pkix_buildresult.c b/nss/lib/libpkix/pkix/results/pkix_buildresult.c
new file mode 100755
index 0000000..7d35119
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_buildresult.c
@@ -0,0 +1,362 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_buildresult.c
+ *
+ * BuildResult Object Functions
+ *
+ */
+
+#include "pkix_buildresult.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_BuildResult_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_BuildResult_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_BuildResult *result = NULL;
+
+        PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a build result object */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
+                    PKIX_OBJECTNOTBUILDRESULT);
+
+        result = (PKIX_BuildResult *)object;
+
+        PKIX_DECREF(result->valResult);
+        PKIX_DECREF(result->certChain);
+
+cleanup:
+
+        PKIX_RETURN(BUILDRESULT);
+}
+
+/*
+ * FUNCTION: pkix_BuildResult_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_BuildResult_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_BuildResult *firstBuildResult = NULL;
+        PKIX_BuildResult *secondBuildResult = NULL;
+
+        PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_CheckType(first, PKIX_BUILDRESULT_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTBUILDRESULT);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_BUILDRESULT_TYPE) goto cleanup;
+
+        firstBuildResult = (PKIX_BuildResult *)first;
+        secondBuildResult = (PKIX_BuildResult *)second;
+
+        PKIX_CHECK(PKIX_PL_Object_Equals
+                    ((PKIX_PL_Object *)firstBuildResult->valResult,
+                    (PKIX_PL_Object *)secondBuildResult->valResult,
+                    &cmpResult,
+                    plContext),
+                    PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        PKIX_CHECK(PKIX_PL_Object_Equals
+                    ((PKIX_PL_Object *)firstBuildResult->certChain,
+                    (PKIX_PL_Object *)secondBuildResult->certChain,
+                    &cmpResult,
+                    plContext),
+                    PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        /*
+         * The remaining case is that both are null,
+         * which we consider equality.
+         *      cmpResult = PKIX_TRUE;
+         */
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(BUILDRESULT);
+}
+
+/*
+ * FUNCTION: pkix_BuildResult_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_BuildResult_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_BuildResult *buildResult = NULL;
+        PKIX_UInt32 hash = 0;
+        PKIX_UInt32 valResultHash = 0;
+        PKIX_UInt32 certChainHash = 0;
+
+        PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
+                    PKIX_OBJECTNOTBUILDRESULT);
+
+        buildResult = (PKIX_BuildResult*)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                    ((PKIX_PL_Object *)buildResult->valResult,
+                    &valResultHash,
+                    plContext),
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                    ((PKIX_PL_Object *)buildResult->certChain,
+                    &certChainHash,
+                    plContext),
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        hash = 31*(31 * valResultHash + certChainHash);
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(BUILDRESULT);
+}
+
+/*
+ * FUNCTION: pkix_BuildResult_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_BuildResult_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_BuildResult *buildResult = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *buildResultString = NULL;
+
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_List *certChain = NULL;
+
+        PKIX_PL_String *valResultString = NULL;
+        PKIX_PL_String *certChainString = NULL;
+
+        char *asciiFormat =
+                "[\n"
+                "\tValidateResult: \t\t%s"
+                "\tCertChain:    \t\t%s\n"
+                "]\n";
+
+        PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BUILDRESULT_TYPE, plContext),
+                PKIX_OBJECTNOTBUILDRESULT);
+
+        buildResult = (PKIX_BuildResult*)object;
+
+        valResult = buildResult->valResult;
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)valResult, &valResultString, plContext),
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        certChain = buildResult->certChain;
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)certChain, &certChainString, plContext),
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&buildResultString,
+                plContext,
+                formatString,
+                valResultString,
+                certChainString),
+                PKIX_SPRINTFFAILED);
+
+        *pString = buildResultString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(valResultString);
+        PKIX_DECREF(certChainString);
+
+        PKIX_RETURN(BUILDRESULT);
+}
+
+/*
+ * FUNCTION: pkix_BuildResult_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_BUILDRESULT_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_BuildResult_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_RegisterSelf");
+
+        entry.description = "BuildResult";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_BuildResult);
+        entry.destructor = pkix_BuildResult_Destroy;
+        entry.equalsFunction = pkix_BuildResult_Equals;
+        entry.hashcodeFunction = pkix_BuildResult_Hashcode;
+        entry.toStringFunction = pkix_BuildResult_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_BUILDRESULT_TYPE] = entry;
+
+        PKIX_RETURN(BUILDRESULT);
+}
+
+/*
+ * FUNCTION: pkix_BuildResult_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new BuildResult Object using the ValidateResult pointed to by
+ *  "valResult" and the List pointed to by "certChain", and stores it at
+ *  "pResult".
+ *
+ * PARAMETERS
+ *  "valResult"
+ *      Address of ValidateResult component. Must be non-NULL.
+ *  "certChain
+ *      Address of List component. Must be non-NULL.
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_BuildResult_Create(
+        PKIX_ValidateResult *valResult,
+        PKIX_List *certChain,
+        PKIX_BuildResult **pResult,
+        void *plContext)
+{
+        PKIX_BuildResult *result = NULL;
+
+        PKIX_ENTER(BUILDRESULT, "pkix_BuildResult_Create");
+        PKIX_NULLCHECK_THREE(valResult, certChain, pResult);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_BUILDRESULT_TYPE,
+                    sizeof (PKIX_BuildResult),
+                    (PKIX_PL_Object **)&result,
+                    plContext),
+                    PKIX_COULDNOTCREATEBUILDRESULTOBJECT);
+
+        /* initialize fields */
+
+        PKIX_INCREF(valResult);
+        result->valResult = valResult;
+
+        PKIX_INCREF(certChain);
+        result->certChain = certChain;
+
+        PKIX_CHECK(PKIX_List_SetImmutable(result->certChain, plContext),
+                     PKIX_LISTSETIMMUTABLEFAILED);
+
+        *pResult = result;
+        result = NULL;
+
+cleanup:
+
+        PKIX_DECREF(result);
+
+        PKIX_RETURN(BUILDRESULT);
+
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+
+/*
+ * FUNCTION: PKIX_BuildResult_GetValidateResult
+ *      (see comments in pkix_result.h)
+ */
+PKIX_Error *
+PKIX_BuildResult_GetValidateResult(
+        PKIX_BuildResult *result,
+        PKIX_ValidateResult **pResult,
+        void *plContext)
+{
+        PKIX_ENTER(BUILDRESULT, "PKIX_BuildResult_GetValidateResult");
+        PKIX_NULLCHECK_TWO(result, pResult);
+
+        PKIX_INCREF(result->valResult);
+        *pResult = result->valResult;
+
+cleanup:
+        PKIX_RETURN(BUILDRESULT);
+}
+
+
+
+/*
+ * FUNCTION: PKIX_BuildResult_GetCertChain
+ *      (see comments in pkix_result.h)
+ */
+PKIX_Error *
+PKIX_BuildResult_GetCertChain(
+        PKIX_BuildResult *result,
+        PKIX_List **pChain,
+        void *plContext)
+{
+        PKIX_ENTER(BUILDRESULT, "PKIX_BuildResult_GetCertChain");
+        PKIX_NULLCHECK_TWO(result, pChain);
+
+        PKIX_INCREF(result->certChain);
+        *pChain = result->certChain;
+
+cleanup:
+        PKIX_RETURN(BUILDRESULT);
+}
diff --git a/nss/lib/libpkix/pkix/results/pkix_buildresult.h b/nss/lib/libpkix/pkix/results/pkix_buildresult.h
new file mode 100755
index 0000000..b43f12b
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_buildresult.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_buildresult.h
+ *
+ * BuildResult Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_BUILDRESULT_H
+#define _PKIX_BUILDRESULT_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_BuildResultStruct {
+        PKIX_ValidateResult *valResult;
+        PKIX_List *certChain;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_BuildResult_Create(
+        PKIX_ValidateResult *valResult,
+        PKIX_List *certChain,
+        PKIX_BuildResult **pResult,
+        void *plContext);
+
+PKIX_Error *pkix_BuildResult_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_BUILDRESULT_H */
diff --git a/nss/lib/libpkix/pkix/results/pkix_policynode.c b/nss/lib/libpkix/pkix/results/pkix_policynode.c
new file mode 100755
index 0000000..fd8cee9
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_policynode.c
@@ -0,0 +1,1377 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_policynode.c
+ *
+ * Policy Node Object Type Definition
+ *
+ */
+
+#include "pkix_policynode.h"
+
+/* --Private-PolicyNode-Functions---------------------------------- */
+
+/*
+ * FUNCTION: pkix_PolicyNode_GetChildrenMutable
+ * DESCRIPTION:
+ *
+ *  Retrieves the List of PolicyNodes representing the child nodes of the
+ *  Policy Node pointed to by "node" and stores it at "pChildren". If "node"
+ *  has no List of child nodes, this function stores NULL at "pChildren".
+ *
+ *  Note that the List returned by this function may be mutable. This function
+ *  differs from the public function PKIX_PolicyNode_GetChildren in that
+ *  respect. (It also differs in that the public function creates an empty
+ *  List, if necessary, rather than storing NULL.)
+ *
+ *  During certificate processing, children Lists are created and modified.
+ *  Once the list is accessed using the public call, the List is set immutable.
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode whose child nodes are to be stored.
+ *      Must be non-NULL.
+ *  "pChildren"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_PolicyNode_GetChildrenMutable(
+        PKIX_PolicyNode *node,
+        PKIX_List **pChildren,  /* list of PKIX_PolicyNode */
+        void *plContext)
+{
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_GetChildrenMutable");
+
+        PKIX_NULLCHECK_TWO(node, pChildren);
+
+        PKIX_INCREF(node->children);
+
+        *pChildren = node->children;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new PolicyNode using the OID pointed to by "validPolicy", the List
+ *  of CertPolicyQualifiers pointed to by "qualifierSet", the criticality
+ *  indicated by the Boolean value of "criticality", and the List of OIDs
+ *  pointed to by "expectedPolicySet", and stores the result at "pObject". The
+ *  criticality should be derived from whether the certificate policy extension
+ *  was marked as critical in the certificate that led to creation of this
+ *  PolicyNode. The "qualifierSet" and "expectedPolicySet" Lists are made
+ *  immutable. The PolicyNode pointers to parent and to children are initialized
+ *  to NULL, and the depth is set to zero; those values should be set by using
+ *  the pkix_PolicyNode_AddToParent function.
+ *
+ * PARAMETERS
+ *  "validPolicy"
+ *      Address of OID of the valid policy for the path. Must be non-NULL
+ *  "qualifierSet"
+ *      Address of List of CertPolicyQualifiers associated with the validpolicy.
+ *      May be NULL
+ *  "criticality"
+ *      Boolean indicator of whether the criticality should be set in this
+ *      PolicyNode
+ *  "expectedPolicySet"
+ *      Address of List of OIDs that would satisfy this policy in the next
+ *      certificate. Must be non-NULL
+ *  "pObject"
+ *      Address where the PolicyNode pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PolicyNode Error if the function fails  in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_PolicyNode_Create(
+        PKIX_PL_OID *validPolicy,
+        PKIX_List *qualifierSet,
+        PKIX_Boolean criticality,
+        PKIX_List *expectedPolicySet,
+        PKIX_PolicyNode **pObject,
+        void *plContext)
+{
+        PKIX_PolicyNode *node = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Create");
+
+        PKIX_NULLCHECK_THREE(validPolicy, expectedPolicySet, pObject);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_CERTPOLICYNODE_TYPE,
+                sizeof (PKIX_PolicyNode),
+                (PKIX_PL_Object **)&node,
+                plContext),
+                PKIX_COULDNOTCREATEPOLICYNODEOBJECT);
+
+        PKIX_INCREF(validPolicy);
+        node->validPolicy = validPolicy;
+
+        PKIX_INCREF(qualifierSet);
+        node->qualifierSet = qualifierSet;
+        if (qualifierSet) {
+                PKIX_CHECK(PKIX_List_SetImmutable(qualifierSet, plContext),
+                        PKIX_LISTSETIMMUTABLEFAILED);
+        }
+
+        node->criticality = criticality;
+
+        PKIX_INCREF(expectedPolicySet);
+        node->expectedPolicySet = expectedPolicySet;
+        PKIX_CHECK(PKIX_List_SetImmutable(expectedPolicySet, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        node->parent = NULL;
+        node->children = NULL;
+        node->depth = 0;
+
+        *pObject = node;
+        node = NULL;
+
+cleanup:
+
+        PKIX_DECREF(node);
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_AddToParent
+ * DESCRIPTION:
+ *
+ *  Adds the PolicyNode pointed to by "child" to the List of children of
+ *  the PolicyNode pointed to by "parentNode". If "parentNode" had a
+ *  NULL pointer for the List of children, a new List is created containing
+ *  "child". Otherwise "child" is appended to the existing List. The
+ *  parent field in "child" is set to "parent", and the depth field is
+ *  set to one more than the corresponding value in "parent".
+ *
+ *  Depth, in this context, means distance from the root node, which
+ *  is at depth zero.
+ *
+ * PARAMETERS:
+ *  "parentNode"
+ *      Address of PolicyNode whose List of child PolicyNodes is to be
+ *      created or appended to. Must be non-NULL.
+ *  "child"
+ *      Address of PolicyNode to be added to parentNode's List. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_PolicyNode_AddToParent(
+        PKIX_PolicyNode *parentNode,
+        PKIX_PolicyNode *child,
+        void *plContext)
+{
+        PKIX_List *listOfChildren = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_AddToParent");
+
+        PKIX_NULLCHECK_TWO(parentNode, child);
+
+        listOfChildren = parentNode->children;
+        if (listOfChildren == NULL) {
+                PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
+                        PKIX_LISTCREATEFAILED);
+                parentNode->children = listOfChildren;
+        }
+
+        /*
+         * Note: this link is not reference-counted. The link from parent
+         * to child is counted (actually, the parent "owns" a List which
+         * "owns" children), but the children do not "own" the parent.
+         * Otherwise, there would be loops.
+         */
+        child->parent = parentNode;
+
+        child->depth = 1 + (parentNode->depth);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (listOfChildren, (PKIX_PL_Object *)child, plContext),
+                PKIX_COULDNOTAPPENDCHILDTOPARENTSPOLICYNODELIST);
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)parentNode, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)child, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_Prune
+ * DESCRIPTION:
+ *
+ *  Prunes a tree below the PolicyNode whose address is pointed to by "node",
+ *  using the UInt32 value of "height" as the distance from the leaf level,
+ *  and storing at "pDelete" the Boolean value of whether this PolicyNode is,
+ *  after pruning, childless and should be pruned.
+ *
+ *  Any PolicyNode at height 0 is allowed to survive. If the height is greater
+ *  than zero, pkix_PolicyNode_Prune is called recursively for each child of
+ *  the current PolicyNode. After this process, a node with no children
+ *  stores PKIX_TRUE in "pDelete" to indicate that it should be deleted.
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of the PolicyNode to be pruned. Must be non-NULL.
+ *  "height"
+ *      UInt32 value for the distance from the leaf level
+ *  "pDelete"
+ *      Address to store the Boolean return value of PKIX_TRUE if this node
+ *      should be pruned, or PKIX_FALSE if there remains at least one
+ *      branch of the required height. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_PolicyNode_Prune(
+        PKIX_PolicyNode *node,
+        PKIX_UInt32 height,
+        PKIX_Boolean *pDelete,
+        void *plContext)
+{
+        PKIX_Boolean childless = PKIX_FALSE;
+        PKIX_Boolean shouldBePruned = PKIX_FALSE;
+        PKIX_UInt32 listSize = 0;
+        PKIX_UInt32 listIndex = 0;
+        PKIX_PolicyNode *candidate = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Prune");
+
+        PKIX_NULLCHECK_TWO(node, pDelete);
+
+        /* Don't prune at the leaf */
+        if (height == 0) {
+                goto cleanup;
+        }
+
+        /* Above the bottom level, childless nodes get pruned */
+        if (!(node->children)) {
+                childless = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * This node has children. If they are leaf nodes,
+         * we know they will live. Otherwise, check them out.
+         */
+        if (height > 1) {
+                PKIX_CHECK(PKIX_List_GetLength
+                        (node->children, &listSize, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+                /*
+                 * By working backwards from the end of the list,
+                 * we avoid having to worry about possible
+                 * decreases in the size of the list, as we
+                 * delete items. The only nuisance is that since the
+                 * index is UInt32, we can't check for it to reach -1;
+                 * we have to use the 1-based index, rather than the
+                 * 0-based index that PKIX_List functions require.
+                 */
+                for (listIndex = listSize; listIndex > 0; listIndex--) {
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (node->children,
+                                (listIndex - 1),
+                                (PKIX_PL_Object **)&candidate,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(pkix_PolicyNode_Prune
+                                (candidate,
+                                height - 1,
+                                &shouldBePruned,
+                                plContext),
+                                PKIX_POLICYNODEPRUNEFAILED);
+
+                        if (shouldBePruned == PKIX_TRUE) {
+                                PKIX_CHECK(PKIX_List_DeleteItem
+                                        (node->children,
+                                        (listIndex - 1),
+                                        plContext),
+                                        PKIX_LISTDELETEITEMFAILED);
+                        }
+
+                        PKIX_DECREF(candidate);
+                }
+        }
+
+        /* Prune if this node has *become* childless */
+        PKIX_CHECK(PKIX_List_GetLength
+                (node->children, &listSize, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+        if (listSize == 0) {
+                childless = PKIX_TRUE;
+        }
+
+        /*
+         * Even if we did not change this node, or any of its children,
+         * maybe a [great-]*grandchild was pruned.
+         */
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)node, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+        *pDelete = childless;
+
+        PKIX_DECREF(candidate);
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_SinglePolicyNode_ToString
+ * DESCRIPTION:
+ *
+ *  Creates a String representation of the attributes of the PolicyNode
+ *  pointed to by "node", other than its parents or children, and
+ *  stores the result at "pString".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode to be described by the string. Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+PKIX_Error *
+pkix_SinglePolicyNode_ToString(
+        PKIX_PolicyNode *node,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *fmtString = NULL;
+        PKIX_PL_String *validString = NULL;
+        PKIX_PL_String *qualifierString = NULL;
+        PKIX_PL_String *criticalityString = NULL;
+        PKIX_PL_String *expectedString = NULL;
+        PKIX_PL_String *outString = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_ToString");
+        PKIX_NULLCHECK_TWO(node, pString);
+        PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII,
+                "{%s,%s,%s,%s,%d}",
+                0,
+                &fmtString,
+                plContext),
+                PKIX_CANTCREATESTRING);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)(node->validPolicy),
+                &validString,
+                plContext),
+                PKIX_OIDTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)(node->expectedPolicySet),
+                &expectedString,
+                plContext),
+                PKIX_LISTTOSTRINGFAILED);
+
+        if (node->qualifierSet) {
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                        ((PKIX_PL_Object *)(node->qualifierSet),
+                        &qualifierString,
+                        plContext),
+                        PKIX_LISTTOSTRINGFAILED);
+        } else {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        "{}",
+                        0,
+                        &qualifierString,
+                        plContext),
+                        PKIX_CANTCREATESTRING);
+        }
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII,
+                (node->criticality)?"Critical":"Not Critical",
+                0,
+                &criticalityString,
+                plContext),
+                PKIX_CANTCREATESTRING);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&outString,
+                plContext,
+                fmtString,
+                validString,
+                qualifierString,
+                criticalityString,
+                expectedString,
+                node->depth),
+                PKIX_SPRINTFFAILED);
+
+        *pString = outString;
+
+cleanup:
+
+        PKIX_DECREF(fmtString);
+        PKIX_DECREF(validString);
+        PKIX_DECREF(qualifierString);
+        PKIX_DECREF(criticalityString);
+        PKIX_DECREF(expectedString);
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Produces a String representation of a PolicyNode tree below the PolicyNode
+ *  pointed to by "rootNode", with each line of output prefixed by the String
+ *  pointed to by "indent", and stores the result at "pTreeString". It is
+ *  called recursively, with ever-increasing indentation, for successively
+ *  lower nodes on the tree.
+ *
+ * PARAMETERS:
+ *  "rootNode"
+ *      Address of PolicyNode subtree. Must be non-NULL.
+ *  "indent"
+ *      Address of String to be prefixed to each line of output. May be NULL
+ *      if no indentation is desired
+ *  "pTreeString"
+ *      Address where the resulting String will be stored; must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_PolicyNode_ToString_Helper(
+        PKIX_PolicyNode *rootNode,
+        PKIX_PL_String *indent,
+        PKIX_PL_String **pTreeString,
+        void *plContext)
+{
+        PKIX_PL_String *nextIndentFormat = NULL;
+        PKIX_PL_String *thisNodeFormat = NULL;
+        PKIX_PL_String *childrenFormat = NULL;
+        PKIX_PL_String *nextIndentString = NULL;
+        PKIX_PL_String *resultString = NULL;
+        PKIX_PL_String *thisItemString = NULL;
+        PKIX_PL_String *childString = NULL;
+        PKIX_PolicyNode *childNode = NULL;
+        PKIX_UInt32 numberOfChildren = 0;
+        PKIX_UInt32 childIndex = 0;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString_Helper");
+
+        PKIX_NULLCHECK_TWO(rootNode, pTreeString);
+
+        /* Create a string for this node */
+        PKIX_CHECK(pkix_SinglePolicyNode_ToString
+                (rootNode, &thisItemString, plContext),
+                PKIX_ERRORINSINGLEPOLICYNODETOSTRING);
+
+        if (indent) {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        "%s%s",
+                        0,
+                        &thisNodeFormat,
+                        plContext),
+                        PKIX_ERRORCREATINGFORMATSTRING);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                        (&resultString,
+                        plContext,
+                        thisNodeFormat,
+                        indent,
+                        thisItemString),
+                        PKIX_ERRORINSPRINTF);
+        } else {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        "%s",
+                        0,
+                        &thisNodeFormat,
+                        plContext),
+                        PKIX_ERRORCREATINGFORMATSTRING);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                        (&resultString,
+                        plContext,
+                        thisNodeFormat,
+                        thisItemString),
+                        PKIX_ERRORINSPRINTF);
+        }
+
+        PKIX_DECREF(thisItemString);
+        thisItemString = resultString;
+
+        /* if no children, we are done */
+        if (rootNode->children) {
+                PKIX_CHECK(PKIX_List_GetLength
+                        (rootNode->children, &numberOfChildren, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+        }
+
+        if (numberOfChildren != 0) {
+                /*
+                 * We create a string for each child in turn,
+                 * concatenating them to thisItemString.
+                 */
+
+                /* Prepare an indent string for each child */
+                if (indent) {
+                        PKIX_CHECK(PKIX_PL_String_Create
+                                (PKIX_ESCASCII,
+                                "%s. ",
+                                0,
+                                &nextIndentFormat,
+                                plContext),
+                                PKIX_ERRORCREATINGFORMATSTRING);
+
+                        PKIX_CHECK(PKIX_PL_Sprintf
+                                (&nextIndentString,
+                                plContext,
+                                nextIndentFormat,
+                                indent),
+                                PKIX_ERRORINSPRINTF);
+                } else {
+                        PKIX_CHECK(PKIX_PL_String_Create
+                                (PKIX_ESCASCII,
+                                ". ",
+                                0,
+                                &nextIndentString,
+                                plContext),
+                                PKIX_ERRORCREATINGINDENTSTRING);
+                }
+
+                /* Prepare the format for concatenation. */
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        "%s\n%s",
+                        0,
+                        &childrenFormat,
+                        plContext),
+                        PKIX_ERRORCREATINGFORMATSTRING);
+
+                for (childIndex = 0;
+                        childIndex < numberOfChildren;
+                        childIndex++) {
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (rootNode->children,
+                                childIndex,
+                                (PKIX_PL_Object **)&childNode,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(pkix_PolicyNode_ToString_Helper
+                                (childNode,
+                                nextIndentString,
+                                &childString,
+                                plContext),
+                                PKIX_ERRORCREATINGCHILDSTRING);
+
+
+                        PKIX_CHECK(PKIX_PL_Sprintf
+                                (&resultString,
+                                plContext,
+                                childrenFormat,
+                                thisItemString,
+                                childString),
+                        PKIX_ERRORINSPRINTF);
+
+                        PKIX_DECREF(childNode);
+                        PKIX_DECREF(childString);
+                        PKIX_DECREF(thisItemString);
+
+                        thisItemString = resultString;
+                }
+        }
+
+        *pTreeString = thisItemString;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(thisItemString);
+        }
+
+        PKIX_DECREF(nextIndentFormat);
+        PKIX_DECREF(thisNodeFormat);
+        PKIX_DECREF(childrenFormat);
+        PKIX_DECREF(nextIndentString);
+        PKIX_DECREF(childString);
+        PKIX_DECREF(childNode);
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_PolicyNode_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pTreeString,
+        void *plContext)
+{
+        PKIX_PolicyNode *rootNode = NULL;
+        PKIX_PL_String *resultString = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_ToString");
+
+        PKIX_NULLCHECK_TWO(object, pTreeString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTPOLICYNODE);
+
+        rootNode = (PKIX_PolicyNode *)object;
+
+        PKIX_CHECK(pkix_PolicyNode_ToString_Helper
+                (rootNode, NULL, &resultString, plContext),
+                PKIX_ERRORCREATINGSUBTREESTRING);
+
+        *pTreeString = resultString;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_PolicyNode_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PolicyNode *node = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTPOLICYNODE);
+
+        node = (PKIX_PolicyNode*)object;
+
+        node->criticality = PKIX_FALSE;
+        PKIX_DECREF(node->validPolicy);
+        PKIX_DECREF(node->qualifierSet);
+        PKIX_DECREF(node->expectedPolicySet);
+        PKIX_DECREF(node->children);
+
+        /*
+         * Note: the link to parent is not reference-counted. See comment
+         * in pkix_PolicyNode_AddToParent for more details.
+         */
+        node->parent = NULL;
+        node->depth = 0;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_SinglePolicyNode_Hashcode
+ * DESCRIPTION:
+ *
+ *  Computes the hashcode of the attributes of the PolicyNode pointed to by
+ *  "node", other than its parents and children, and stores the result at
+ *  "pHashcode".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of PolicyNode to be hashcoded; must be non-NULL
+ *  "pHashcode"
+ *      Address where UInt32 result will be stored; must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+static PKIX_Error *
+pkix_SinglePolicyNode_Hashcode(
+        PKIX_PolicyNode *node,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_UInt32 componentHash = 0;
+        PKIX_UInt32 nodeHash = 0;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Hashcode");
+        PKIX_NULLCHECK_TWO(node, pHashcode);
+        PKIX_NULLCHECK_TWO(node->validPolicy, node->expectedPolicySet);
+
+        PKIX_HASHCODE
+                (node->qualifierSet,
+                &nodeHash,
+                plContext,
+                PKIX_FAILUREHASHINGLISTQUALIFIERSET);
+
+        if (PKIX_TRUE == (node->criticality)) {
+                nodeHash = 31*nodeHash + 0xff;
+        } else {
+                nodeHash = 31*nodeHash + 0x00;
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                ((PKIX_PL_Object *)node->validPolicy,
+                &componentHash,
+                plContext),
+                PKIX_FAILUREHASHINGOIDVALIDPOLICY);
+
+        nodeHash = 31*nodeHash + componentHash;
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                ((PKIX_PL_Object *)node->expectedPolicySet,
+                &componentHash,
+                plContext),
+                PKIX_FAILUREHASHINGLISTEXPECTEDPOLICYSET);
+
+        nodeHash = 31*nodeHash + componentHash;
+
+        *pHashcode = nodeHash;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_PolicyNode_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PolicyNode *node = NULL;
+        PKIX_UInt32 childrenHash = 0;
+        PKIX_UInt32 nodeHash = 0;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTPOLICYNODE);
+
+        node = (PKIX_PolicyNode *)object;
+
+        PKIX_CHECK(pkix_SinglePolicyNode_Hashcode
+                (node, &nodeHash, plContext),
+                PKIX_SINGLEPOLICYNODEHASHCODEFAILED);
+
+        nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL);
+
+        PKIX_HASHCODE
+                (node->children,
+                &childrenHash,
+                plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        nodeHash = 31*nodeHash + childrenHash;
+
+        *pHashcode = nodeHash;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_SinglePolicyNode_Equals
+ * DESCRIPTION:
+ *
+ *  Compares for equality the components of the PolicyNode pointed to by
+ *  "firstPN", other than its parents and children, with those of the
+ *  PolicyNode pointed to by "secondPN" and stores the result at "pResult"
+ *  (PKIX_TRUE if equal; PKIX_FALSE if not).
+ *
+ * PARAMETERS:
+ *  "firstPN"
+ *      Address of first of the PolicyNodes to be compared; must be non-NULL
+ *  "secondPN"
+ *      Address of second of the PolicyNodes to be compared; must be non-NULL
+ *  "pResult"
+ *      Address where Boolean will be stored; must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+static PKIX_Error *
+pkix_SinglePolicyNode_Equals(
+        PKIX_PolicyNode *firstPN,
+        PKIX_PolicyNode *secondPN,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_Boolean compResult = PKIX_FALSE;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_SinglePolicyNode_Equals");
+        PKIX_NULLCHECK_THREE(firstPN, secondPN, pResult);
+
+        /* If both references are identical, they must be equal */
+        if (firstPN == secondPN) {
+                compResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * It seems we have to do the comparisons. Do
+         * the easiest ones first.
+         */
+        if ((firstPN->criticality) != (secondPN->criticality)) {
+                goto cleanup;
+        }
+        if ((firstPN->depth) != (secondPN->depth)) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS
+                (firstPN->qualifierSet,
+                secondPN->qualifierSet,
+                &compResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (compResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        /* These fields must be non-NULL */
+        PKIX_NULLCHECK_TWO(firstPN->validPolicy, secondPN->validPolicy);
+
+        PKIX_EQUALS
+                (firstPN->validPolicy,
+                secondPN->validPolicy,
+                &compResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (compResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        /* These fields must be non-NULL */
+        PKIX_NULLCHECK_TWO
+                (firstPN->expectedPolicySet, secondPN->expectedPolicySet);
+
+        PKIX_EQUALS
+                (firstPN->expectedPolicySet,
+                secondPN->expectedPolicySet,
+                &compResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILEDONEXPECTEDPOLICYSETS);
+
+cleanup:
+
+        *pResult = compResult;
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_PolicyNode_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PolicyNode *firstPN = NULL;
+        PKIX_PolicyNode *secondPN = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean compResult = PKIX_FALSE;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a PolicyNode */
+        PKIX_CHECK(pkix_CheckType
+                (firstObject, PKIX_CERTPOLICYNODE_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTPOLICYNODE);
+
+        /*
+         * Since we know firstObject is a PolicyNode,
+         * if both references are identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                compResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a PolicyNode, we
+         * don't throw an error. We simply return FALSE.
+         */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        if (secondType != PKIX_CERTPOLICYNODE_TYPE) {
+                goto cleanup;
+        }
+
+        /*
+         * Oh, well, we have to do the comparisons. Do
+         * the easiest ones first.
+         */
+        firstPN = (PKIX_PolicyNode *)firstObject;
+        secondPN = (PKIX_PolicyNode *)secondObject;
+
+        /*
+         * We don't require the parents to be identical. In the
+         * course of traversing the tree, we will have checked the
+         * attributes of the parent nodes, and checking the lists
+         * of children will determine whether they match.
+         */
+
+        PKIX_EQUALS
+                (firstPN->children,
+                secondPN->children,
+                &compResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILEDONCHILDREN);
+
+        if (compResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_SinglePolicyNode_Equals
+                (firstPN, secondPN, &compResult, plContext),
+                PKIX_SINGLEPOLICYNODEEQUALSFAILED);
+
+cleanup:
+
+        *pResult = compResult;
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_DuplicateHelper
+ * DESCRIPTION:
+ *
+ *  Duplicates the PolicyNode whose address is pointed to by "original",
+ *  and stores the result at "pNewNode", if a non-NULL pointer is provided
+ *  for "pNewNode". In addition, the created PolicyNode is added as a child
+ *  to "parent", if a non-NULL pointer is provided for "parent". Then this
+ *  function is called recursively to duplicate each of the children of
+ *  "original". At the top level this function is called with a null
+ *  "parent" and a non-NULL "pNewNode". Below the top level "parent" will
+ *  be non-NULL and "pNewNode" will be NULL.
+ *
+ * PARAMETERS:
+ *  "original"
+ *      Address of PolicyNode to be copied; must be non-NULL
+ *  "parent"
+ *      Address of PolicyNode to which the created node is to be added as a
+ *      child; NULL for the top-level call and non-NULL below the top level
+ *  "pNewNode"
+ *      Address to store the node created; should be NULL if "parent" is
+ *      non-NULL and vice versa
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a PolicyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+static PKIX_Error *
+pkix_PolicyNode_DuplicateHelper(
+        PKIX_PolicyNode *original,
+        PKIX_PolicyNode *parent,
+        PKIX_PolicyNode **pNewNode,
+        void *plContext)
+{
+        PKIX_UInt32 numChildren = 0;
+        PKIX_UInt32 childIndex = 0;
+        PKIX_List *children = NULL; /* List of PKIX_PolicyNode */
+        PKIX_PolicyNode *copy = NULL;
+        PKIX_PolicyNode *child = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_DuplicateHelper");
+
+        PKIX_NULLCHECK_THREE
+                (original, original->validPolicy, original->expectedPolicySet);
+
+        /*
+         * These components are immutable, so copying the pointers
+         * is sufficient. The create function increments the reference
+         * counts as it stores the pointers into the new object.
+         */
+        PKIX_CHECK(pkix_PolicyNode_Create
+                (original->validPolicy,
+                original->qualifierSet,
+                original->criticality,
+                original->expectedPolicySet,
+                &copy,
+                plContext),
+                PKIX_POLICYNODECREATEFAILED);
+
+        if (parent) {
+                PKIX_CHECK(pkix_PolicyNode_AddToParent(parent, copy, plContext),
+                        PKIX_POLICYNODEADDTOPARENTFAILED);
+        }
+
+        /* Are there any children to duplicate? */
+        children = original->children;
+
+        if (children) {
+            PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+        }
+
+        for (childIndex = 0; childIndex < numChildren; childIndex++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                        (children,
+                        childIndex,
+                        (PKIX_PL_Object **)&child,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
+                        (child, copy, NULL, plContext),
+                        PKIX_POLICYNODEDUPLICATEHELPERFAILED);
+
+                PKIX_DECREF(child);
+        }
+
+        if (pNewNode) {
+                *pNewNode = copy;
+                copy = NULL; /* no DecRef if we give our handle away */
+        }
+
+cleanup:
+        PKIX_DECREF(copy);
+        PKIX_DECREF(child);
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_Duplicate
+ * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_PolicyNode_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_PolicyNode *original = NULL;
+        PKIX_PolicyNode *copy = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_Duplicate");
+
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTPOLICYNODE);
+
+        original = (PKIX_PolicyNode *)object;
+
+        PKIX_CHECK(pkix_PolicyNode_DuplicateHelper
+                (original, NULL, &copy, plContext),
+                PKIX_POLICYNODEDUPLICATEHELPERFAILED);
+
+        *pNewObject = (PKIX_PL_Object *)copy;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: pkix_PolicyNode_RegisterSelf
+ * DESCRIPTION:
+ *
+ *  Registers PKIX_CERTPOLICYNODE_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize,
+ *  which should only be called once, it is acceptable that
+ *  this function is not thread-safe.
+ */
+PKIX_Error *
+pkix_PolicyNode_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTPOLICYNODE, "pkix_PolicyNode_RegisterSelf");
+
+        entry.description = "PolicyNode";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PolicyNode);
+        entry.destructor = pkix_PolicyNode_Destroy;
+        entry.equalsFunction = pkix_PolicyNode_Equals;
+        entry.hashcodeFunction = pkix_PolicyNode_Hashcode;
+        entry.toStringFunction = pkix_PolicyNode_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_PolicyNode_Duplicate;
+
+        systemClasses[PKIX_CERTPOLICYNODE_TYPE] = entry;
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+
+/* --Public-PolicyNode-Functions----------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetChildren
+ * (see description of this function in pkix_results.h)
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetChildren(
+        PKIX_PolicyNode *node,
+        PKIX_List **pChildren,  /* list of PKIX_PolicyNode */
+        void *plContext)
+{
+        PKIX_List *children = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetChildren");
+
+        PKIX_NULLCHECK_TWO(node, pChildren);
+
+        PKIX_INCREF(node->children);
+        children = node->children;
+
+        if (!children) {
+                PKIX_CHECK(PKIX_List_Create(&children, plContext),
+                        PKIX_LISTCREATEFAILED);
+        }
+
+        PKIX_CHECK(PKIX_List_SetImmutable(children, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        *pChildren = children;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(children);
+        }
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetParent
+ * (see description of this function in pkix_results.h)
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetParent(
+        PKIX_PolicyNode *node,
+        PKIX_PolicyNode **pParent,
+        void *plContext)
+{
+
+        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetParent");
+
+        PKIX_NULLCHECK_TWO(node, pParent);
+
+        PKIX_INCREF(node->parent);
+        *pParent = node->parent;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetValidPolicy
+ * (see description of this function in pkix_results.h)
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetValidPolicy(
+        PKIX_PolicyNode *node,
+        PKIX_PL_OID **pValidPolicy,
+        void *plContext)
+{
+
+        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetValidPolicy");
+
+        PKIX_NULLCHECK_TWO(node, pValidPolicy);
+
+        PKIX_INCREF(node->validPolicy);
+        *pValidPolicy = node->validPolicy;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetPolicyQualifiers
+ * (see description of this function in pkix_results.h)
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetPolicyQualifiers(
+        PKIX_PolicyNode *node,
+        PKIX_List **pQualifiers,  /* list of PKIX_PL_CertPolicyQualifier */
+        void *plContext)
+{
+        PKIX_List *qualifiers = NULL;
+
+        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetPolicyQualifiers");
+
+        PKIX_NULLCHECK_TWO(node, pQualifiers);
+
+        PKIX_INCREF(node->qualifierSet);
+        qualifiers = node->qualifierSet;
+
+        if (!qualifiers) {
+                PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),
+                        PKIX_LISTCREATEFAILED);
+        }
+
+        PKIX_CHECK(PKIX_List_SetImmutable(qualifiers, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        *pQualifiers = qualifiers;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetExpectedPolicies
+ * (see description of this function in pkix_results.h)
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetExpectedPolicies(
+        PKIX_PolicyNode *node,
+        PKIX_List **pExpPolicies,  /* list of PKIX_PL_OID */
+        void *plContext)
+{
+
+        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetExpectedPolicies");
+
+        PKIX_NULLCHECK_TWO(node, pExpPolicies);
+
+        PKIX_INCREF(node->expectedPolicySet);
+        *pExpPolicies = node->expectedPolicySet;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: PKIX_PolicyNode_IsCritical
+ * (see description of this function in pkix_results.h)
+ */
+PKIX_Error *
+PKIX_PolicyNode_IsCritical(
+        PKIX_PolicyNode *node,
+        PKIX_Boolean *pCritical,
+        void *plContext)
+{
+
+        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_IsCritical");
+
+        PKIX_NULLCHECK_TWO(node, pCritical);
+
+        *pCritical = node->criticality;
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
+
+/*
+ * FUNCTION: PKIX_PolicyNode_GetDepth
+ * (see description of this function in pkix_results.h)
+ */
+PKIX_Error *
+PKIX_PolicyNode_GetDepth(
+        PKIX_PolicyNode *node,
+        PKIX_UInt32 *pDepth,
+        void *plContext)
+{
+
+        PKIX_ENTER(CERTPOLICYNODE, "PKIX_PolicyNode_GetDepth");
+
+        PKIX_NULLCHECK_TWO(node, pDepth);
+
+        *pDepth = node->depth;
+
+        PKIX_RETURN(CERTPOLICYNODE);
+}
diff --git a/nss/lib/libpkix/pkix/results/pkix_policynode.h b/nss/lib/libpkix/pkix/results/pkix_policynode.h
new file mode 100755
index 0000000..799b7a6
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_policynode.h
@@ -0,0 +1,74 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_policynode.h
+ *
+ * PolicyNode Type Definitions
+ *
+ */
+
+#ifndef _PKIX_POLICYNODE_H
+#define _PKIX_POLICYNODE_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This structure reflects the contents of a policy node...
+ */
+struct PKIX_PolicyNodeStruct {
+    PKIX_PL_OID *validPolicy;
+    PKIX_List *qualifierSet;    /* CertPolicyQualifiers */
+    PKIX_Boolean criticality;
+    PKIX_List *expectedPolicySet;       /* OIDs */
+    PKIX_PolicyNode *parent;
+    PKIX_List *children;                /* PolicyNodes */
+    PKIX_UInt32 depth;
+};
+
+PKIX_Error *
+pkix_SinglePolicyNode_ToString(
+        PKIX_PolicyNode *node,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+PKIX_Error *
+pkix_PolicyNode_GetChildrenMutable(
+        PKIX_PolicyNode *node,
+        PKIX_List **pChildren,  /* PolicyNodes */
+        void *plContext);
+
+PKIX_Error *
+pkix_PolicyNode_Create(
+        PKIX_PL_OID *validPolicy,
+        PKIX_List *qualifierSet,        /* CertPolicyQualifiers */
+        PKIX_Boolean criticality,
+        PKIX_List *expectedPolicySet,   /* OIDs */
+        PKIX_PolicyNode **pObject,
+        void *plContext);
+
+PKIX_Error *
+pkix_PolicyNode_AddToParent(
+        PKIX_PolicyNode *parentNode,
+        PKIX_PolicyNode *child,
+        void *plContext);
+
+PKIX_Error *
+pkix_PolicyNode_Prune(
+        PKIX_PolicyNode *node,
+        PKIX_UInt32 depth,
+        PKIX_Boolean *pDelete,
+        void *plContext);
+
+PKIX_Error *
+pkix_PolicyNode_RegisterSelf(
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_POLICYNODE_H */
diff --git a/nss/lib/libpkix/pkix/results/pkix_valresult.c b/nss/lib/libpkix/pkix/results/pkix_valresult.c
new file mode 100755
index 0000000..25b69e5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_valresult.c
@@ -0,0 +1,442 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_valresult.c
+ *
+ * ValidateResult Object Functions
+ *
+ */
+
+#include "pkix_valresult.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_ValidateResult_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateResult_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ValidateResult *result = NULL;
+
+        PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a validate result object */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
+                PKIX_OBJECTNOTVALIDATERESULT);
+
+        result = (PKIX_ValidateResult *)object;
+
+        PKIX_DECREF(result->anchor);
+        PKIX_DECREF(result->pubKey);
+        PKIX_DECREF(result->policyTree);
+
+cleanup:
+
+        PKIX_RETURN(VALIDATERESULT);
+}
+
+/*
+ * FUNCTION: pkix_ValidateResult_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateResult_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_ValidateResult *firstValResult = NULL;
+        PKIX_ValidateResult *secondValResult = NULL;
+        PKIX_TrustAnchor *firstAnchor = NULL;
+        PKIX_TrustAnchor *secondAnchor = NULL;
+        PKIX_PolicyNode *firstTree = NULL;
+        PKIX_PolicyNode *secondTree = NULL;
+
+        PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_CheckType(first, PKIX_VALIDATERESULT_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTVALIDATERESULT);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_VALIDATERESULT_TYPE) goto cleanup;
+
+        firstValResult = (PKIX_ValidateResult *)first;
+        secondValResult = (PKIX_ValidateResult *)second;
+
+        PKIX_CHECK(PKIX_PL_Object_Equals
+                ((PKIX_PL_Object *)firstValResult->pubKey,
+                (PKIX_PL_Object *)secondValResult->pubKey,
+                &cmpResult,
+                plContext),
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (!cmpResult) goto cleanup;
+
+        firstAnchor = firstValResult->anchor;
+        secondAnchor = secondValResult->anchor;
+
+        if ((firstAnchor != NULL) && (secondAnchor != NULL)) {
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                        ((PKIX_PL_Object *)firstAnchor,
+                        (PKIX_PL_Object *)secondAnchor,
+                        &cmpResult,
+                        plContext),
+                        PKIX_OBJECTEQUALSFAILED);
+        } else {
+                cmpResult = (firstAnchor == secondAnchor);
+        }
+
+        if (!cmpResult) goto cleanup;
+
+        firstTree = firstValResult->policyTree;
+        secondTree = secondValResult->policyTree;
+
+        if ((firstTree != NULL) && (secondTree != NULL)) {
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                        ((PKIX_PL_Object *)firstTree,
+                        (PKIX_PL_Object *)secondTree,
+                        &cmpResult,
+                        plContext),
+                        PKIX_OBJECTEQUALSFAILED);
+        } else {
+                cmpResult = (firstTree == secondTree);
+        }
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(VALIDATERESULT);
+}
+
+/*
+ * FUNCTION: pkix_ValidateResult_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateResult_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_UInt32 hash = 0;
+        PKIX_UInt32 pubKeyHash = 0;
+        PKIX_UInt32 anchorHash = 0;
+        PKIX_UInt32 policyTreeHash = 0;
+
+        PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
+                PKIX_OBJECTNOTVALIDATERESULT);
+
+        valResult = (PKIX_ValidateResult*)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                ((PKIX_PL_Object *)valResult->pubKey, &pubKeyHash, plContext),
+                PKIX_OBJECTHASHCODEFAILED);
+
+        if (valResult->anchor) {
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                        ((PKIX_PL_Object *)valResult->anchor,
+                        &anchorHash,
+                        plContext),
+                        PKIX_OBJECTHASHCODEFAILED);
+        }
+
+        if (valResult->policyTree) {
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                        ((PKIX_PL_Object *)valResult->policyTree,
+                        &policyTreeHash,
+                        plContext),
+                        PKIX_OBJECTHASHCODEFAILED);
+        }
+
+        hash = 31*(31 * pubKeyHash + anchorHash) + policyTreeHash;
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(VALIDATERESULT);
+}
+
+/*
+ * FUNCTION: pkix_ValidateResult_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ValidateResult_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *valResultString = NULL;
+
+        PKIX_TrustAnchor *anchor = NULL;
+        PKIX_PL_PublicKey *pubKey = NULL;
+        PKIX_PolicyNode *policyTree = NULL;
+
+        PKIX_PL_String *anchorString = NULL;
+        PKIX_PL_String *pubKeyString = NULL;
+        PKIX_PL_String *treeString = NULL;
+        char *asciiNullString = "(null)";
+        char *asciiFormat =
+                "[\n"
+                "\tTrustAnchor: \t\t%s"
+                "\tPubKey:    \t\t%s\n"
+                "\tPolicyTree:  \t\t%s\n"
+                "]\n";
+
+        PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VALIDATERESULT_TYPE, plContext),
+                PKIX_OBJECTNOTVALIDATERESULT);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        valResult = (PKIX_ValidateResult*)object;
+
+        anchor = valResult->anchor;
+
+        if (anchor) {
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                        ((PKIX_PL_Object *)anchor, &anchorString, plContext),
+                        PKIX_OBJECTTOSTRINGFAILED);
+        } else {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        asciiNullString,
+                        0,
+                        &anchorString,
+                        plContext),
+                        PKIX_STRINGCREATEFAILED);
+        }
+
+        pubKey = valResult->pubKey;
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)pubKey, &pubKeyString, plContext),
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        policyTree = valResult->policyTree;
+
+        if (policyTree) {
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                        ((PKIX_PL_Object *)policyTree, &treeString, plContext),
+                        PKIX_OBJECTTOSTRINGFAILED);
+        } else {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        asciiNullString,
+                        0,
+                        &treeString,
+                        plContext),
+                        PKIX_STRINGCREATEFAILED);
+        }
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&valResultString,
+                plContext,
+                formatString,
+                anchorString,
+                pubKeyString,
+                treeString),
+                PKIX_SPRINTFFAILED);
+
+        *pString = valResultString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(anchorString);
+        PKIX_DECREF(pubKeyString);
+        PKIX_DECREF(treeString);
+
+        PKIX_RETURN(VALIDATERESULT);
+}
+
+/*
+ * FUNCTION: pkix_ValidateResult_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_VALIDATERESULT_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_ValidateResult_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_RegisterSelf");
+
+        entry.description = "ValidateResult";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_ValidateResult);
+        entry.destructor = pkix_ValidateResult_Destroy;
+        entry.equalsFunction = pkix_ValidateResult_Equals;
+        entry.hashcodeFunction = pkix_ValidateResult_Hashcode;
+        entry.toStringFunction = pkix_ValidateResult_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_VALIDATERESULT_TYPE] = entry;
+
+        PKIX_RETURN(VALIDATERESULT);
+}
+
+/*
+ * FUNCTION: pkix_ValidateResult_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new ValidateResult Object using the PublicKey pointed to by
+ *  "pubKey", the TrustAnchor pointed to by "anchor", and the PolicyNode
+ *  pointed to by "policyTree", and stores it at "pResult".
+ *
+ * PARAMETERS
+ *  "pubKey"
+ *      PublicKey of the desired ValidateResult. Must be non-NULL.
+ *  "anchor"
+ *      TrustAnchor of the desired Validateresult. May be NULL.
+ *  "policyTree"
+ *      PolicyNode of the desired ValidateResult; may be NULL
+ *  "pResult"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_ValidateResult_Create(
+        PKIX_PL_PublicKey *pubKey,
+        PKIX_TrustAnchor *anchor,
+        PKIX_PolicyNode *policyTree,
+        PKIX_ValidateResult **pResult,
+        void *plContext)
+{
+        PKIX_ValidateResult *result = NULL;
+
+        PKIX_ENTER(VALIDATERESULT, "pkix_ValidateResult_Create");
+        PKIX_NULLCHECK_TWO(pubKey, pResult);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_VALIDATERESULT_TYPE,
+                    sizeof (PKIX_ValidateResult),
+                    (PKIX_PL_Object **)&result,
+                    plContext),
+                    PKIX_COULDNOTCREATEVALIDATERESULTOBJECT);
+
+        /* initialize fields */
+
+        PKIX_INCREF(pubKey);
+        result->pubKey = pubKey;
+
+        PKIX_INCREF(anchor);
+        result->anchor = anchor;
+
+        PKIX_INCREF(policyTree);
+        result->policyTree = policyTree;
+
+        *pResult = result;
+        result = NULL;
+
+cleanup:
+
+        PKIX_DECREF(result);
+
+        PKIX_RETURN(VALIDATERESULT);
+
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ValidateResult_GetPublicKey
+ *      (see comments in pkix_result.h)
+ */
+PKIX_Error *
+PKIX_ValidateResult_GetPublicKey(
+        PKIX_ValidateResult *result,
+        PKIX_PL_PublicKey **pPublicKey,
+        void *plContext)
+{
+        PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetPublicKey");
+        PKIX_NULLCHECK_TWO(result, pPublicKey);
+
+        PKIX_INCREF(result->pubKey);
+        *pPublicKey = result->pubKey;
+
+cleanup:
+        PKIX_RETURN(VALIDATERESULT);
+}
+
+/*
+ * FUNCTION: PKIX_ValidateResult_GetTrustAnchor
+ *      (see comments in pkix_result.h)
+ */
+PKIX_Error *
+PKIX_ValidateResult_GetTrustAnchor(
+        PKIX_ValidateResult *result,
+        PKIX_TrustAnchor **pTrustAnchor,
+        void *plContext)
+{
+        PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetTrustAnchor");
+        PKIX_NULLCHECK_TWO(result, pTrustAnchor);
+
+        PKIX_INCREF(result->anchor);
+        *pTrustAnchor = result->anchor;
+
+cleanup:
+        PKIX_RETURN(VALIDATERESULT);
+}
+
+/*
+ * FUNCTION: PKIX_ValidateResult_GetPolicyTree
+ *      (see comments in pkix_result.h)
+ */
+PKIX_Error *
+PKIX_ValidateResult_GetPolicyTree(
+        PKIX_ValidateResult *result,
+        PKIX_PolicyNode **pPolicyTree,
+        void *plContext)
+{
+        PKIX_ENTER(VALIDATERESULT, "PKIX_ValidateResult_GetPolicyTree");
+        PKIX_NULLCHECK_TWO(result, pPolicyTree);
+
+        PKIX_INCREF(result->policyTree);
+        (*pPolicyTree) = result->policyTree;
+
+cleanup:
+        PKIX_RETURN(VALIDATERESULT);
+}
diff --git a/nss/lib/libpkix/pkix/results/pkix_valresult.h b/nss/lib/libpkix/pkix/results/pkix_valresult.h
new file mode 100755
index 0000000..8011ae8
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_valresult.h
@@ -0,0 +1,43 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_valresult.h
+ *
+ * ValidateResult Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_VALIDATERESULT_H
+#define _PKIX_VALIDATERESULT_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ValidateResultStruct {
+        PKIX_PL_PublicKey *pubKey;
+        PKIX_TrustAnchor *anchor;
+        PKIX_PolicyNode *policyTree;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_ValidateResult_Create(
+        PKIX_PL_PublicKey *pubKey,
+        PKIX_TrustAnchor *anchor,
+        PKIX_PolicyNode *policyTree,
+        PKIX_ValidateResult **pResult,
+        void *plContext);
+
+PKIX_Error *pkix_ValidateResult_RegisterSelf(void *plContext);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_VALIDATERESULT_H */
diff --git a/nss/lib/libpkix/pkix/results/pkix_verifynode.c b/nss/lib/libpkix/pkix/results/pkix_verifynode.c
new file mode 100755
index 0000000..b52f83f
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_verifynode.c
@@ -0,0 +1,1182 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_verifynode.c
+ *
+ * Verify Node Object Type Definition
+ *
+ */
+
+#include "pkix_verifynode.h"
+
+/* --Private-VerifyNode-Functions---------------------------------- */
+
+/*
+ * FUNCTION: pkix_VerifyNode_Create
+ * DESCRIPTION:
+ *
+ *  This function creates a VerifyNode using the Cert pointed to by "cert",
+ *  the depth given by "depth", and the Error pointed to by "error", storing
+ *  the result at "pObject".
+ *
+ * PARAMETERS
+ *  "cert"
+ *      Address of Cert for the node. Must be non-NULL
+ *  "depth"
+ *      UInt32 value of the depth for this node.
+ *  "error"
+ *      Address of Error for the node.
+ *  "pObject"
+ *      Address where the VerifyNode pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_VerifyNode_Create(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 depth,
+        PKIX_Error *error,
+        PKIX_VerifyNode **pObject,
+        void *plContext)
+{
+        PKIX_VerifyNode *node = NULL;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Create");
+        PKIX_NULLCHECK_TWO(cert, pObject);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_VERIFYNODE_TYPE,
+                sizeof (PKIX_VerifyNode),
+                (PKIX_PL_Object **)&node,
+                plContext),
+                PKIX_COULDNOTCREATEVERIFYNODEOBJECT);
+
+        PKIX_INCREF(cert);
+        node->verifyCert = cert;
+
+        PKIX_INCREF(error);
+        node->error = error;
+
+        node->depth = depth;
+
+        node->children = NULL;
+
+        *pObject = node;
+        node = NULL;
+
+cleanup:
+
+        PKIX_DECREF(node);
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_AddToChain
+ * DESCRIPTION:
+ *
+ *  Adds the VerifyNode pointed to by "child", at the appropriate depth, to the
+ *  List of children of the VerifyNode pointed to by "parentNode". The chain of
+ *  VerifyNodes is traversed until a VerifyNode is found at a depth one less
+ *  than that specified in "child". An Error is returned if there is no parent
+ *  at a suitable depth.
+ *
+ *  If "parentNode" has a NULL pointer for the List of children, a new List is
+ *  created containing "child". Otherwise "child" is appended to the existing
+ *  List.
+ *
+ *  Depth, in this context, means distance from the root node, which
+ *  is at depth zero.
+ *
+ * PARAMETERS:
+ *  "parentNode"
+ *      Address of VerifyNode whose List of child VerifyNodes is to be
+ *      created or appended to. Must be non-NULL.
+ *  "child"
+ *      Address of VerifyNode to be added to parentNode's List. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a VerifyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_VerifyNode_AddToChain(
+        PKIX_VerifyNode *parentNode,
+        PKIX_VerifyNode *child,
+        void *plContext)
+{
+        PKIX_VerifyNode *successor = NULL;
+        PKIX_List *listOfChildren = NULL;
+        PKIX_UInt32 numChildren = 0;
+        PKIX_UInt32 parentDepth = 0;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToChain");
+        PKIX_NULLCHECK_TWO(parentNode, child);
+
+        parentDepth = parentNode->depth;
+        listOfChildren = parentNode->children;
+        if (listOfChildren == NULL) {
+
+                if (parentDepth != (child->depth - 1)) {
+                        PKIX_ERROR(PKIX_NODESMISSINGFROMCHAIN);
+                }
+
+                PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
+                        PKIX_LISTCREATEFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                        (listOfChildren, (PKIX_PL_Object *)child, plContext),
+                        PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
+
+                parentNode->children = listOfChildren;
+        } else {
+                /* get number of children */
+                PKIX_CHECK(PKIX_List_GetLength
+                        (listOfChildren, &numChildren, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                if (numChildren != 1) {
+                        PKIX_ERROR(PKIX_AMBIGUOUSPARENTAGEOFVERIFYNODE);
+                }
+
+                /* successor = listOfChildren[0] */
+                PKIX_CHECK(PKIX_List_GetItem
+                        (listOfChildren,
+                        0,
+                        (PKIX_PL_Object **)&successor,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(pkix_VerifyNode_AddToChain
+                        (successor, child, plContext),
+                        PKIX_VERIFYNODEADDTOCHAINFAILED);
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)parentNode, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+        PKIX_DECREF(successor);
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_SetDepth
+ * DESCRIPTION:
+ *
+ *  The function sets the depth field of each VerifyNode in the List "children"
+ *  to the value given by "depth", and recursively sets the depth of any
+ *  successive generations to the successive values.
+ *
+ * PARAMETERS:
+ *  "children"
+ *      The List of VerifyNodes. Must be non-NULL.
+ *  "depth"
+ *      The value of the depth field to be set in members of the List.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_VerifyNode_SetDepth(PKIX_List *children,
+        PKIX_UInt32 depth,
+        void *plContext)
+{
+        PKIX_UInt32 numChildren = 0;
+        PKIX_UInt32 chIx = 0;
+        PKIX_VerifyNode *child = NULL;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_SetDepth");
+        PKIX_NULLCHECK_ONE(children);
+
+        PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (chIx = 0; chIx < numChildren; chIx++) {
+               PKIX_CHECK(PKIX_List_GetItem
+                        (children, chIx, (PKIX_PL_Object **)&child, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                child->depth = depth;
+
+                if (child->children != NULL) {
+                        PKIX_CHECK(pkix_VerifyNode_SetDepth
+                                (child->children, depth + 1, plContext),
+                                PKIX_VERIFYNODESETDEPTHFAILED);
+                }
+
+                PKIX_DECREF(child);
+        }
+
+cleanup:
+
+        PKIX_DECREF(child);
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_AddToTree
+ * DESCRIPTION:
+ *
+ *  Adds the VerifyNode pointed to by "child" to the List of children of the
+ *  VerifyNode pointed to by "parentNode". If "parentNode" has a NULL pointer
+ *  for the List of children, a new List is created containing "child".
+ *  Otherwise "child" is appended to the existing List. The depth field of
+ *  "child" is set to one more than the corresponding value in "parent", and
+ *  if the "child" itself has child nodes, their depth fields are updated
+ *  accordingly.
+ *
+ *  Depth, in this context, means distance from the root node, which
+ *  is at depth zero.
+ *
+ * PARAMETERS:
+ *  "parentNode"
+ *      Address of VerifyNode whose List of child VerifyNodes is to be
+ *      created or appended to. Must be non-NULL.
+ *  "child"
+ *      Address of VerifyNode to be added to parentNode's List. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_VerifyNode_AddToTree(
+        PKIX_VerifyNode *parentNode,
+        PKIX_VerifyNode *child,
+        void *plContext)
+{
+        PKIX_List *listOfChildren = NULL;
+        PKIX_UInt32 parentDepth = 0;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_AddToTree");
+        PKIX_NULLCHECK_TWO(parentNode, child);
+
+        parentDepth = parentNode->depth;
+        listOfChildren = parentNode->children;
+        if (listOfChildren == NULL) {
+
+                PKIX_CHECK(PKIX_List_Create(&listOfChildren, plContext),
+                        PKIX_LISTCREATEFAILED);
+
+                parentNode->children = listOfChildren;
+        }
+
+        child->depth = parentDepth + 1;
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (parentNode->children, (PKIX_PL_Object *)child, plContext),
+                PKIX_COULDNOTAPPENDCHILDTOPARENTSVERIFYNODELIST);
+
+        if (child->children != NULL) {
+                PKIX_CHECK(pkix_VerifyNode_SetDepth
+                        (child->children, child->depth + 1, plContext),
+                        PKIX_VERIFYNODESETDEPTHFAILED);
+        }
+
+
+cleanup:
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_SingleVerifyNode_ToString
+ * DESCRIPTION:
+ *
+ *  Creates a String representation of the attributes of the VerifyNode pointed
+ *  to by "node", other than its children, and stores the result at "pString".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of VerifyNode to be described by the string. Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a VerifyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+PKIX_Error *
+pkix_SingleVerifyNode_ToString(
+        PKIX_VerifyNode *node,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *fmtString = NULL;
+        PKIX_PL_String *errorString = NULL;
+        PKIX_PL_String *outString = NULL;
+
+        PKIX_PL_X500Name *issuerName = NULL;
+        PKIX_PL_X500Name *subjectName = NULL;
+        PKIX_PL_String *issuerString = NULL;
+        PKIX_PL_String *subjectString = NULL;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_ToString");
+        PKIX_NULLCHECK_THREE(node, pString, node->verifyCert);
+
+        PKIX_TOSTRING(node->error, &errorString, plContext,
+                PKIX_ERRORTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetIssuer
+                (node->verifyCert, &issuerName, plContext),
+                PKIX_CERTGETISSUERFAILED);
+
+        PKIX_TOSTRING(issuerName, &issuerString, plContext,
+                PKIX_X500NAMETOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetSubject
+                (node->verifyCert, &subjectName, plContext),
+                PKIX_CERTGETSUBJECTFAILED);
+
+        PKIX_TOSTRING(subjectName, &subjectString, plContext,
+                PKIX_X500NAMETOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII,
+                "CERT[Issuer:%s, Subject:%s], depth=%d, error=%s",
+                0,
+                &fmtString,
+                plContext),
+                PKIX_CANTCREATESTRING);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&outString,
+                plContext,
+                fmtString,
+                issuerString,
+                subjectString,
+                node->depth,
+                errorString),
+                PKIX_SPRINTFFAILED);
+
+        *pString = outString;
+
+cleanup:
+
+        PKIX_DECREF(fmtString);
+        PKIX_DECREF(errorString);
+        PKIX_DECREF(issuerName);
+        PKIX_DECREF(subjectName);
+        PKIX_DECREF(issuerString);
+        PKIX_DECREF(subjectString);
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Produces a String representation of a VerifyNode tree below the VerifyNode
+ *  pointed to by "rootNode", with each line of output prefixed by the String
+ *  pointed to by "indent", and stores the result at "pTreeString". It is
+ *  called recursively, with ever-increasing indentation, for successively
+ *  lower nodes on the tree.
+ *
+ * PARAMETERS:
+ *  "rootNode"
+ *      Address of VerifyNode subtree. Must be non-NULL.
+ *  "indent"
+ *      Address of String to be prefixed to each line of output. May be NULL
+ *      if no indentation is desired
+ *  "pTreeString"
+ *      Address where the resulting String will be stored; must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a VerifyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_VerifyNode_ToString_Helper(
+        PKIX_VerifyNode *rootNode,
+        PKIX_PL_String *indent,
+        PKIX_PL_String **pTreeString,
+        void *plContext)
+{
+        PKIX_PL_String *nextIndentFormat = NULL;
+        PKIX_PL_String *thisNodeFormat = NULL;
+        PKIX_PL_String *childrenFormat = NULL;
+        PKIX_PL_String *nextIndentString = NULL;
+        PKIX_PL_String *resultString = NULL;
+        PKIX_PL_String *thisItemString = NULL;
+        PKIX_PL_String *childString = NULL;
+        PKIX_VerifyNode *childNode = NULL;
+        PKIX_UInt32 numberOfChildren = 0;
+        PKIX_UInt32 childIndex = 0;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString_Helper");
+
+        PKIX_NULLCHECK_TWO(rootNode, pTreeString);
+
+        /* Create a string for this node */
+        PKIX_CHECK(pkix_SingleVerifyNode_ToString
+                (rootNode, &thisItemString, plContext),
+                PKIX_ERRORINSINGLEVERIFYNODETOSTRING);
+
+        if (indent) {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        "%s%s",
+                        0,
+                        &thisNodeFormat,
+                        plContext),
+                        PKIX_ERRORCREATINGFORMATSTRING);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                        (&resultString,
+                        plContext,
+                        thisNodeFormat,
+                        indent,
+                        thisItemString),
+                        PKIX_ERRORINSPRINTF);
+        } else {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        "%s",
+                        0,
+                        &thisNodeFormat,
+                        plContext),
+                        PKIX_ERRORCREATINGFORMATSTRING);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                        (&resultString,
+                        plContext,
+                        thisNodeFormat,
+                        thisItemString),
+                        PKIX_ERRORINSPRINTF);
+        }
+
+        PKIX_DECREF(thisItemString);
+        thisItemString = resultString;
+
+        /* if no children, we are done */
+        if (rootNode->children) {
+                PKIX_CHECK(PKIX_List_GetLength
+                        (rootNode->children, &numberOfChildren, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+        }
+
+        if (numberOfChildren != 0) {
+                /*
+                 * We create a string for each child in turn,
+                 * concatenating them to thisItemString.
+                 */
+
+                /* Prepare an indent string for each child */
+                if (indent) {
+                        PKIX_CHECK(PKIX_PL_String_Create
+                                (PKIX_ESCASCII,
+                                "%s. ",
+                                0,
+                                &nextIndentFormat,
+                                plContext),
+                                PKIX_ERRORCREATINGFORMATSTRING);
+
+                        PKIX_CHECK(PKIX_PL_Sprintf
+                                (&nextIndentString,
+                                plContext,
+                                nextIndentFormat,
+                                indent),
+                                PKIX_ERRORINSPRINTF);
+                } else {
+                        PKIX_CHECK(PKIX_PL_String_Create
+                                (PKIX_ESCASCII,
+                                ". ",
+                                0,
+                                &nextIndentString,
+                                plContext),
+                                PKIX_ERRORCREATINGINDENTSTRING);
+                }
+
+                /* Prepare the format for concatenation. */
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        "%s\n%s",
+                        0,
+                        &childrenFormat,
+                        plContext),
+                        PKIX_ERRORCREATINGFORMATSTRING);
+
+                for (childIndex = 0;
+                        childIndex < numberOfChildren;
+                        childIndex++) {
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (rootNode->children,
+                                childIndex,
+                                (PKIX_PL_Object **)&childNode,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(pkix_VerifyNode_ToString_Helper
+                                (childNode,
+                                nextIndentString,
+                                &childString,
+                                plContext),
+                                PKIX_ERRORCREATINGCHILDSTRING);
+
+
+                        PKIX_CHECK(PKIX_PL_Sprintf
+                                (&resultString,
+                                plContext,
+                                childrenFormat,
+                                thisItemString,
+                                childString),
+                        PKIX_ERRORINSPRINTF);
+
+                        PKIX_DECREF(childNode);
+                        PKIX_DECREF(childString);
+                        PKIX_DECREF(thisItemString);
+
+                        thisItemString = resultString;
+                }
+        }
+
+        *pTreeString = thisItemString;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(thisItemString);
+        }
+
+        PKIX_DECREF(nextIndentFormat);
+        PKIX_DECREF(thisNodeFormat);
+        PKIX_DECREF(childrenFormat);
+        PKIX_DECREF(nextIndentString);
+        PKIX_DECREF(childString);
+        PKIX_DECREF(childNode);
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_VerifyNode_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pTreeString,
+        void *plContext)
+{
+        PKIX_VerifyNode *rootNode = NULL;
+        PKIX_PL_String *resultString = NULL;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_ToString");
+
+        PKIX_NULLCHECK_TWO(object, pTreeString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VERIFYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTVERIFYNODE);
+
+        rootNode = (PKIX_VerifyNode *)object;
+
+        PKIX_CHECK(pkix_VerifyNode_ToString_Helper
+                (rootNode, NULL, &resultString, plContext),
+                PKIX_ERRORCREATINGSUBTREESTRING);
+
+        *pTreeString = resultString;
+
+cleanup:
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_VerifyNode_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_VerifyNode *node = NULL;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_VERIFYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTVERIFYNODE);
+
+        node = (PKIX_VerifyNode*)object;
+
+        PKIX_DECREF(node->verifyCert);
+        PKIX_DECREF(node->children);
+        PKIX_DECREF(node->error);
+
+        node->depth = 0;
+
+cleanup:
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_SingleVerifyNode_Hashcode
+ * DESCRIPTION:
+ *
+ *  Computes the hashcode of the attributes of the VerifyNode pointed to by
+ *  "node", other than its parents and children, and stores the result at
+ *  "pHashcode".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      Address of VerifyNode to be hashcoded; must be non-NULL
+ *  "pHashcode"
+ *      Address where UInt32 result will be stored; must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a VerifyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+static PKIX_Error *
+pkix_SingleVerifyNode_Hashcode(
+        PKIX_VerifyNode *node,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_UInt32 errorHash = 0;
+        PKIX_UInt32 nodeHash = 0;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_Hashcode");
+        PKIX_NULLCHECK_TWO(node, pHashcode);
+
+        PKIX_HASHCODE
+                (node->verifyCert,
+                &nodeHash,
+                plContext,
+                PKIX_FAILUREHASHINGCERT);
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                ((PKIX_PL_Object *)node->error,
+                &errorHash,
+                plContext),
+                PKIX_FAILUREHASHINGERROR);
+
+        nodeHash = 31*nodeHash + errorHash;
+        *pHashcode = nodeHash;
+
+cleanup:
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_VerifyNode_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_VerifyNode *node = NULL;
+        PKIX_UInt32 childrenHash = 0;
+        PKIX_UInt32 nodeHash = 0;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_VERIFYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTVERIFYNODE);
+
+        node = (PKIX_VerifyNode *)object;
+
+        PKIX_CHECK(pkix_SingleVerifyNode_Hashcode
+                (node, &nodeHash, plContext),
+                PKIX_SINGLEVERIFYNODEHASHCODEFAILED);
+
+        PKIX_HASHCODE
+                (node->children,
+                &childrenHash,
+                plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        nodeHash = 31*nodeHash + childrenHash;
+
+        *pHashcode = nodeHash;
+
+cleanup:
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_SingleVerifyNode_Equals
+ * DESCRIPTION:
+ *
+ *  Compares for equality the components of the VerifyNode pointed to by
+ *  "firstPN", other than its parents and children, with those of the
+ *  VerifyNode pointed to by "secondPN" and stores the result at "pResult"
+ *  (PKIX_TRUE if equal; PKIX_FALSE if not).
+ *
+ * PARAMETERS:
+ *  "firstPN"
+ *      Address of first of the VerifyNodes to be compared; must be non-NULL
+ *  "secondPN"
+ *      Address of second of the VerifyNodes to be compared; must be non-NULL
+ *  "pResult"
+ *      Address where Boolean will be stored; must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a VerifyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+static PKIX_Error *
+pkix_SingleVerifyNode_Equals(
+        PKIX_VerifyNode *firstVN,
+        PKIX_VerifyNode *secondVN,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_Boolean compResult = PKIX_FALSE;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_SingleVerifyNode_Equals");
+        PKIX_NULLCHECK_THREE(firstVN, secondVN, pResult);
+
+        /* If both references are identical, they must be equal */
+        if (firstVN == secondVN) {
+                compResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * It seems we have to do the comparisons. Do
+         * the easiest ones first.
+         */
+        if ((firstVN->depth) != (secondVN->depth)) {
+                goto cleanup;
+        }
+
+        /* These fields must be non-NULL */
+        PKIX_NULLCHECK_TWO(firstVN->verifyCert, secondVN->verifyCert);
+
+        PKIX_EQUALS
+                (firstVN->verifyCert,
+                secondVN->verifyCert,
+                &compResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (compResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS
+                (firstVN->error,
+                secondVN->error,
+                &compResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+cleanup:
+
+        *pResult = compResult;
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_VerifyNode_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_VerifyNode *firstVN = NULL;
+        PKIX_VerifyNode *secondVN = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean compResult = PKIX_FALSE;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a VerifyNode */
+        PKIX_CHECK(pkix_CheckType
+                (firstObject, PKIX_VERIFYNODE_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTVERIFYNODE);
+
+        /*
+         * Since we know firstObject is a VerifyNode,
+         * if both references are identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                compResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a VerifyNode, we
+         * don't throw an error. We simply return FALSE.
+         */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        if (secondType != PKIX_VERIFYNODE_TYPE) {
+                goto cleanup;
+        }
+
+        /*
+         * Oh, well, we have to do the comparisons. Do
+         * the easiest ones first.
+         */
+        firstVN = (PKIX_VerifyNode *)firstObject;
+        secondVN = (PKIX_VerifyNode *)secondObject;
+
+        PKIX_CHECK(pkix_SingleVerifyNode_Equals
+                (firstVN, secondVN, &compResult, plContext),
+                PKIX_SINGLEVERIFYNODEEQUALSFAILED);
+
+        if (compResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS
+                (firstVN->children,
+                secondVN->children,
+                &compResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILEDONCHILDREN);
+
+cleanup:
+
+        *pResult = compResult;
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_DuplicateHelper
+ * DESCRIPTION:
+ *
+ *  Duplicates the VerifyNode whose address is pointed to by "original",
+ *  and stores the result at "pNewNode", if a non-NULL pointer is provided
+ *  for "pNewNode". In addition, the created VerifyNode is added as a child
+ *  to "parent", if a non-NULL pointer is provided for "parent". Then this
+ *  function is called recursively to duplicate each of the children of
+ *  "original". At the top level this function is called with a null
+ *  "parent" and a non-NULL "pNewNode". Below the top level "parent" will
+ *  be non-NULL and "pNewNode" will be NULL.
+ *
+ * PARAMETERS:
+ *  "original"
+ *      Address of VerifyNode to be copied; must be non-NULL
+ *  "parent"
+ *      Address of VerifyNode to which the created node is to be added as a
+ *      child; NULL for the top-level call and non-NULL below the top level
+ *  "pNewNode"
+ *      Address to store the node created; should be NULL if "parent" is
+ *      non-NULL and vice versa
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if function succeeds
+ *  Returns a VerifyNode Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in a fatal way
+ */
+static PKIX_Error *
+pkix_VerifyNode_DuplicateHelper(
+        PKIX_VerifyNode *original,
+        PKIX_VerifyNode *parent,
+        PKIX_VerifyNode **pNewNode,
+        void *plContext)
+{
+        PKIX_UInt32 numChildren = 0;
+        PKIX_UInt32 childIndex = 0;
+        PKIX_List *children = NULL; /* List of PKIX_VerifyNode */
+        PKIX_VerifyNode *copy = NULL;
+        PKIX_VerifyNode *child = NULL;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_DuplicateHelper");
+
+        PKIX_NULLCHECK_TWO
+                (original, original->verifyCert);
+
+        /*
+         * These components are immutable, so copying the pointers
+         * is sufficient. The create function increments the reference
+         * counts as it stores the pointers into the new object.
+         */
+        PKIX_CHECK(pkix_VerifyNode_Create
+                (original->verifyCert,
+                original->depth,
+                original->error,
+                &copy,
+                plContext),
+                PKIX_VERIFYNODECREATEFAILED);
+
+        /* Are there any children to duplicate? */
+        children = original->children;
+
+        if (children) {
+            PKIX_CHECK(PKIX_List_GetLength(children, &numChildren, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+        }
+
+        for (childIndex = 0; childIndex < numChildren; childIndex++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                        (children,
+                        childIndex,
+                        (PKIX_PL_Object **)&child,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(pkix_VerifyNode_DuplicateHelper
+                        (child, copy, NULL, plContext),
+                        PKIX_VERIFYNODEDUPLICATEHELPERFAILED);
+
+                PKIX_DECREF(child);
+        }
+
+        if (pNewNode) {
+                *pNewNode = copy;
+                copy = NULL; /* no DecRef if we give our handle away */
+        }
+
+cleanup:
+        PKIX_DECREF(copy);
+        PKIX_DECREF(child);
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_Duplicate
+ * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_VerifyNode_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_VerifyNode *original = NULL;
+        PKIX_VerifyNode *copy = NULL;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Duplicate");
+
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_VERIFYNODE_TYPE, plContext),
+                PKIX_OBJECTNOTVERIFYNODE);
+
+        original = (PKIX_VerifyNode *)object;
+
+        PKIX_CHECK(pkix_VerifyNode_DuplicateHelper
+                (original, NULL, &copy, plContext),
+                PKIX_VERIFYNODEDUPLICATEHELPERFAILED);
+
+        *pNewObject = (PKIX_PL_Object *)copy;
+
+cleanup:
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: pkix_VerifyNode_RegisterSelf
+ * DESCRIPTION:
+ *
+ *  Registers PKIX_VERIFYNODE_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize,
+ *  which should only be called once, it is acceptable that
+ *  this function is not thread-safe.
+ */
+PKIX_Error *
+pkix_VerifyNode_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_RegisterSelf");
+
+        entry.description = "VerifyNode";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_VerifyNode);
+        entry.destructor = pkix_VerifyNode_Destroy;
+        entry.equalsFunction = pkix_VerifyNode_Equals;
+        entry.hashcodeFunction = pkix_VerifyNode_Hashcode;
+        entry.toStringFunction = pkix_VerifyNode_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_VerifyNode_Duplicate;
+
+        systemClasses[PKIX_VERIFYNODE_TYPE] = entry;
+
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/* --Public-VerifyNode-Functions----------------------------------- */
+
+/*
+ * FUNCTION: PKIX_VerifyNode_SetError
+ * DESCRIPTION:
+ *
+ *  This function sets the Error field of the VerifyNode pointed to by "node"
+ *  to contain the Error pointed to by "error".
+ *
+ * PARAMETERS:
+ *  "node"
+ *      The address of the VerifyNode to be modified. Must be non-NULL.
+ *  "error"
+ *      The address of the Error to be stored.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_VerifyNode_SetError(
+        PKIX_VerifyNode *node,
+        PKIX_Error *error,
+        void *plContext)
+{
+
+        PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_SetError");
+
+        PKIX_NULLCHECK_TWO(node, error);
+
+        PKIX_DECREF(node->error); /* should have been NULL */
+        PKIX_INCREF(error);
+        node->error = error;
+
+cleanup:
+        PKIX_RETURN(VERIFYNODE);
+}
+
+/*
+ * FUNCTION: PKIX_VerifyNode_FindError
+ * DESCRIPTION:
+ *
+ * Finds meaningful error in the log. For now, just returns the first
+ * error it finds in. In the future the function should be changed to
+ * return a top priority error.
+ *
+ * PARAMETERS:
+ *  "node"
+ *      The address of the VerifyNode to be modified. Must be non-NULL.
+ *  "error"
+ *      The address of a pointer the error will be returned to.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_VerifyNode_FindError(
+        PKIX_VerifyNode *node,
+        PKIX_Error **error,
+        void *plContext)
+{
+    PKIX_VerifyNode *childNode = NULL;
+
+    PKIX_ENTER(VERIFYNODE, "PKIX_VerifyNode_FindError");
+
+    /* Make sure the return address is initialized with NULL */
+    PKIX_DECREF(*error);
+
+    if (!node)
+        goto cleanup;
+    
+    /* First, try to get error from lowest level. */
+    if (node->children) {
+        PKIX_UInt32 length = 0;
+        PKIX_UInt32 index = 0;
+
+        PKIX_CHECK(
+            PKIX_List_GetLength(node->children, &length,
+                                plContext),
+            PKIX_LISTGETLENGTHFAILED);
+        for (index = 0;index < length;index++) {
+            PKIX_CHECK(
+                PKIX_List_GetItem(node->children, index,
+                                  (PKIX_PL_Object**)&childNode, plContext),
+                PKIX_LISTGETITEMFAILED);
+            if (!childNode)
+                continue;
+            PKIX_CHECK(
+                pkix_VerifyNode_FindError(childNode, error,
+                                          plContext),
+                PKIX_VERIFYNODEFINDERRORFAILED);
+            PKIX_DECREF(childNode);
+            if (*error) {
+                goto cleanup;
+            }
+        }
+    }
+    
+    if (node->error && node->error->plErr) {
+        PKIX_INCREF(node->error);
+        *error = node->error;
+    }
+
+cleanup:
+    PKIX_DECREF(childNode);
+    
+    PKIX_RETURN(VERIFYNODE);
+}
diff --git a/nss/lib/libpkix/pkix/results/pkix_verifynode.h b/nss/lib/libpkix/pkix/results/pkix_verifynode.h
new file mode 100755
index 0000000..c943ae4
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/pkix_verifynode.h
@@ -0,0 +1,75 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_verifynode.h
+ *
+ * VerifyNode Type Definitions
+ *
+ */
+
+#ifndef _PKIX_VERIFYNODE_H
+#define _PKIX_VERIFYNODE_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This structure reflects the contents of a verify node...
+ */
+struct PKIX_VerifyNodeStruct {
+    PKIX_PL_Cert *verifyCert;
+    PKIX_List *children;                /* VerifyNodes */
+    PKIX_UInt32 depth;
+    PKIX_Error *error;
+};
+
+PKIX_Error *
+pkix_SingleVerifyNode_ToString(
+        PKIX_VerifyNode *node,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+PKIX_Error *
+pkix_VerifyNode_Create(
+        PKIX_PL_Cert *verifyCert,
+        PKIX_UInt32 depth,
+        PKIX_Error *error,
+        PKIX_VerifyNode **pObject,
+        void *plContext);
+
+PKIX_Error *
+pkix_VerifyNode_AddToChain(
+        PKIX_VerifyNode *parentNode,
+        PKIX_VerifyNode *child,
+        void *plContext);
+
+PKIX_Error *
+pkix_VerifyNode_AddToTree(
+        PKIX_VerifyNode *parentNode,
+        PKIX_VerifyNode *child,
+        void *plContext);
+
+PKIX_Error *
+pkix_VerifyNode_SetError(
+        PKIX_VerifyNode *node,
+        PKIX_Error *error,
+        void *plContext);
+
+PKIX_Error *
+pkix_VerifyNode_RegisterSelf(
+        void *plContext);
+
+PKIX_Error *
+pkix_VerifyNode_FindError(
+        PKIX_VerifyNode *node,
+        PKIX_Error **error,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_VERIFYNODE_H */
diff --git a/nss/lib/libpkix/pkix/results/results.gyp b/nss/lib/libpkix/pkix/results/results.gyp
new file mode 100644
index 0000000..962fdb9
--- /dev/null
+++ b/nss/lib/libpkix/pkix/results/results.gyp
@@ -0,0 +1,26 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixresults',
+      'type': 'static_library',
+      'sources': [
+        'pkix_buildresult.c',
+        'pkix_policynode.c',
+        'pkix_valresult.c',
+        'pkix_verifynode.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix/store/Makefile b/nss/lib/libpkix/pkix/store/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/store/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/store/config.mk b/nss/lib/libpkix/pkix/store/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/store/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/store/exports.gyp b/nss/lib/libpkix/pkix/store/exports.gyp
new file mode 100644
index 0000000..52f13f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/store/exports.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_store_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_store.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/store/manifest.mn b/nss/lib/libpkix/pkix/store/manifest.mn
new file mode 100755
index 0000000..4df8eb6
--- /dev/null
+++ b/nss/lib/libpkix/pkix/store/manifest.mn
@@ -0,0 +1,21 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_store.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_store.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixstore
+
diff --git a/nss/lib/libpkix/pkix/store/pkix_store.c b/nss/lib/libpkix/pkix/store/pkix_store.c
new file mode 100755
index 0000000..af8be2b
--- /dev/null
+++ b/nss/lib/libpkix/pkix/store/pkix_store.c
@@ -0,0 +1,415 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_store.c
+ *
+ * CertStore Function Definitions
+ *
+ */
+
+#include "pkix_store.h"
+
+/* --CertStore-Private-Functions----------------------------------------- */
+
+/*
+ * FUNCTION: pkix_CertStore_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CertStore_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_CertStore *certStore = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_CertStore_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a CertStore object */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSTORE_TYPE, plContext),
+                PKIX_OBJECTNOTCERTSTORE);
+
+        certStore = (PKIX_CertStore *)object;
+
+        certStore->certCallback = NULL;
+        certStore->crlCallback = NULL;
+        certStore->certContinue = NULL;
+        certStore->crlContinue = NULL;
+        certStore->trustCallback = NULL;
+
+        PKIX_DECREF(certStore->certStoreContext);
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_CertStore_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CertStore_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_CertStore *certStore = NULL;
+        PKIX_UInt32 tempHash = 0;
+
+        PKIX_ENTER(CERTSTORE, "pkix_CertStore_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTSTORE_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTSTORE);
+
+        certStore = (PKIX_CertStore *)object;
+
+        if (certStore->certStoreContext) {
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                    ((PKIX_PL_Object *) certStore->certStoreContext,
+                    &tempHash,
+                    plContext),
+                   PKIX_CERTSTOREHASHCODEFAILED);
+        }
+
+        *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) +
+                     (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) +
+                     (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) +
+                     (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) +
+                     (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) +
+                     (tempHash << 7);
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_CertStore_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_CertStore_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_CertStore *firstCS = NULL;
+        PKIX_CertStore *secondCS = NULL;
+        PKIX_Boolean cmpResult = PKIX_FALSE;
+
+        PKIX_ENTER(CERTSTORE, "pkix_CertStore_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        PKIX_CHECK(pkix_CheckTypes
+                    (firstObject, secondObject, PKIX_CERTSTORE_TYPE, plContext),
+                    PKIX_ARGUMENTSNOTDATES);
+
+        firstCS = (PKIX_CertStore *)firstObject;
+        secondCS = (PKIX_CertStore *)secondObject;
+
+        cmpResult = (firstCS->certCallback == secondCS->certCallback) &&
+            (firstCS->crlCallback == secondCS->crlCallback) &&
+            (firstCS->certContinue == secondCS->certContinue) &&
+            (firstCS->crlContinue == secondCS->crlContinue) &&
+            (firstCS->trustCallback == secondCS->trustCallback);
+
+        if (cmpResult &&
+            (firstCS->certStoreContext != secondCS->certStoreContext)) {
+
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                    ((PKIX_PL_Object *) firstCS->certStoreContext,
+                    (PKIX_PL_Object *) secondCS->certStoreContext,
+                    &cmpResult,
+                    plContext),
+                    PKIX_CERTSTOREEQUALSFAILED);
+        }
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_CertStore_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTSTORE_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_CertStore_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTSTORE, "pkix_CertStore_RegisterSelf");
+
+        entry.description = "CertStore";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_CertStore);
+        entry.destructor = pkix_CertStore_Destroy;
+        entry.equalsFunction = pkix_CertStore_Equals;
+        entry.hashcodeFunction = pkix_CertStore_Hashcode;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_CERTSTORE_TYPE] = entry;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/* --CertStore-Public-Functions------------------------------------------ */
+
+/*
+ * FUNCTION: PKIX_CertStore_Create (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_Create(
+        PKIX_CertStore_CertCallback certCallback,
+        PKIX_CertStore_CRLCallback crlCallback,
+        PKIX_CertStore_CertContinueFunction certContinue,
+        PKIX_CertStore_CrlContinueFunction crlContinue,
+        PKIX_CertStore_CheckTrustCallback trustCallback,
+        PKIX_CertStore_ImportCrlCallback importCrlCallback,
+        PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback,
+        PKIX_PL_Object *certStoreContext,
+        PKIX_Boolean cacheFlag,
+        PKIX_Boolean localFlag,
+        PKIX_CertStore **pStore,
+        void *plContext)
+{
+        PKIX_CertStore *certStore = NULL;
+
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_Create");
+        PKIX_NULLCHECK_THREE(certCallback, crlCallback, pStore);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CERTSTORE_TYPE,
+                    sizeof (PKIX_CertStore),
+                    (PKIX_PL_Object **)&certStore,
+                    plContext),
+                    PKIX_COULDNOTCREATECERTSTOREOBJECT);
+
+        certStore->certCallback = certCallback;
+        certStore->crlCallback = crlCallback;
+        certStore->certContinue = certContinue;
+        certStore->crlContinue = crlContinue;
+        certStore->trustCallback = trustCallback;
+        certStore->importCrlCallback = importCrlCallback;
+        certStore->checkRevByCrlCallback = checkRevByCrlCallback;
+        certStore->cacheFlag = cacheFlag;
+        certStore->localFlag = localFlag;
+
+        PKIX_INCREF(certStoreContext);
+        certStore->certStoreContext = certStoreContext;
+
+        *pStore = certStore;
+        certStore = NULL;
+
+cleanup:
+
+        PKIX_DECREF(certStore);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCertCallback (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetCertCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CertCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertCallback");
+        PKIX_NULLCHECK_TWO(store, pCallback);
+
+        *pCallback = store->certCallback;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCRLCallback (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetCRLCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CRLCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCRLCallback");
+        PKIX_NULLCHECK_TWO(store, pCallback);
+
+        *pCallback = store->crlCallback;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_CertContinue (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_CertContinue(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCertList,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_CertContinue");
+        PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCertList);
+
+        PKIX_CHECK(store->certContinue
+                   (store, selector, verifyNode,
+                    pNBIOContext, pCertList, plContext),
+                PKIX_CERTSTORECERTCONTINUEFUNCTIONFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_CrlContinue (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_CrlContinue(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_CrlContinue");
+        PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList);
+
+        PKIX_CHECK(store->crlContinue
+                (store, selector, pNBIOContext, pCrlList, plContext),
+                PKIX_CERTSTORECRLCONTINUEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetTrustCallback (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetTrustCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CheckTrustCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetTrustCallback");
+        PKIX_NULLCHECK_TWO(store, pCallback);
+
+        *pCallback = store->trustCallback;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetImportCrlCallback (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetImportCrlCallback(
+        PKIX_CertStore *store,
+        PKIX_CertStore_ImportCrlCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetTrustCallback");
+        PKIX_NULLCHECK_TWO(store, pCallback);
+
+        *pCallback = store->importCrlCallback;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCheckRevByCrl (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetCrlCheckerFn(
+        PKIX_CertStore *store,
+        PKIX_CertStore_CheckRevokationByCrlCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetTrustCallback");
+        PKIX_NULLCHECK_TWO(store, pCallback);
+
+        *pCallback = store->checkRevByCrlCallback;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCertStoreContext
+ * (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetCertStoreContext(
+        PKIX_CertStore *store,
+        PKIX_PL_Object **pCertStoreContext,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertStoreContext");
+        PKIX_NULLCHECK_TWO(store, pCertStoreContext);
+
+        PKIX_INCREF(store->certStoreContext);
+        *pCertStoreContext = store->certStoreContext;
+
+cleanup:
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetCertStoreCacheFlag
+ * (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetCertStoreCacheFlag(
+        PKIX_CertStore *store,
+        PKIX_Boolean *pCacheFlag,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetCertStoreCacheFlag");
+        PKIX_NULLCHECK_TWO(store, pCacheFlag);
+
+        *pCacheFlag = store->cacheFlag;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_CertStore_GetLocalFlag
+ * (see comments in pkix_certstore.h)
+ */
+PKIX_Error *
+PKIX_CertStore_GetLocalFlag(
+        PKIX_CertStore *store,
+        PKIX_Boolean *pLocalFlag,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "PKIX_CertStore_GetLocalFlag");
+        PKIX_NULLCHECK_TWO(store, pLocalFlag);
+
+        *pLocalFlag = store->localFlag;
+
+        PKIX_RETURN(CERTSTORE);
+}
diff --git a/nss/lib/libpkix/pkix/store/pkix_store.h b/nss/lib/libpkix/pkix/store/pkix_store.h
new file mode 100755
index 0000000..9d116ff
--- /dev/null
+++ b/nss/lib/libpkix/pkix/store/pkix_store.h
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_store.h
+ *
+ * CertStore Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_STORE_H
+#define _PKIX_STORE_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_CertStoreStruct {
+        PKIX_CertStore_CertCallback certCallback;
+        PKIX_CertStore_CRLCallback crlCallback;
+        PKIX_CertStore_CertContinueFunction certContinue;
+        PKIX_CertStore_CrlContinueFunction crlContinue;
+        PKIX_CertStore_CheckTrustCallback trustCallback;
+        PKIX_CertStore_ImportCrlCallback importCrlCallback;
+        PKIX_CertStore_CheckRevokationByCrlCallback checkRevByCrlCallback;
+        PKIX_PL_Object *certStoreContext;
+        PKIX_Boolean cacheFlag;
+        PKIX_Boolean localFlag; /* TRUE if CertStore is local */
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_CertStore_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_STORE_H */
diff --git a/nss/lib/libpkix/pkix/store/store.gyp b/nss/lib/libpkix/pkix/store/store.gyp
new file mode 100644
index 0000000..43aa177
--- /dev/null
+++ b/nss/lib/libpkix/pkix/store/store.gyp
@@ -0,0 +1,23 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixstore',
+      'type': 'static_library',
+      'sources': [
+        'pkix_store.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix/top/Makefile b/nss/lib/libpkix/pkix/top/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/top/config.mk b/nss/lib/libpkix/pkix/top/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/top/exports.gyp b/nss/lib/libpkix/pkix/top/exports.gyp
new file mode 100644
index 0000000..d41f2b5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/exports.gyp
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_top_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_build.h',
+            'pkix_lifecycle.h',
+            'pkix_validate.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/top/manifest.mn b/nss/lib/libpkix/pkix/top/manifest.mn
new file mode 100755
index 0000000..c499410
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/manifest.mn
@@ -0,0 +1,25 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_build.h \
+	pkix_lifecycle.h \
+	pkix_validate.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_validate.c \
+	pkix_lifecycle.c \
+	pkix_build.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixtop
+
diff --git a/nss/lib/libpkix/pkix/top/pkix_build.c b/nss/lib/libpkix/pkix/top/pkix_build.c
new file mode 100755
index 0000000..0c87ba3
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/pkix_build.c
@@ -0,0 +1,3763 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_build.c
+ *
+ * Top level buildChain function
+ *
+ */
+
+/* #define PKIX_BUILDDEBUG 1 */
+/* #define PKIX_FORWARDBUILDERSTATEDEBUG 1 */
+
+#include "pkix_build.h"
+
+extern PRLogModuleInfo *pkixLog;
+
+/*
+ * List of critical extension OIDs associate with what build chain has
+ * checked. Those OIDs need to be removed from the unresolved critical
+ * extension OIDs list manually (instead of by checker automatically).
+ */
+static SECOidTag buildCheckedCritExtOIDs[] = {
+        PKIX_CERTKEYUSAGE_OID,
+        PKIX_CERTSUBJALTNAME_OID,
+        PKIX_BASICCONSTRAINTS_OID,
+        PKIX_NAMECONSTRAINTS_OID,
+        PKIX_EXTENDEDKEYUSAGE_OID,
+        PKIX_NSCERTTYPE_OID,
+        PKIX_UNKNOWN_OID
+};
+
+/* --Private-ForwardBuilderState-Functions---------------------------------- */
+
+/*
+ * FUNCTION: pkix_ForwardBuilderState_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ForwardBuilderState_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ForwardBuilderState *state = NULL;
+
+        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_FORWARDBUILDERSTATE_TYPE, plContext),
+                PKIX_OBJECTNOTFORWARDBUILDERSTATE);
+
+        state = (PKIX_ForwardBuilderState *)object;
+
+        state->status = BUILD_INITIAL;
+        state->traversedCACerts = 0;
+        state->certStoreIndex = 0;
+        state->numCerts = 0;
+        state->numAias = 0;
+        state->certIndex = 0;
+        state->aiaIndex = 0;
+        state->certCheckedIndex = 0;
+        state->checkerIndex = 0;
+        state->hintCertIndex = 0;
+        state->numFanout = 0;
+        state->numDepth = 0;
+        state->reasonCode = 0;
+        state->canBeCached = PKIX_FALSE;
+        state->useOnlyLocal = PKIX_FALSE;
+        state->revChecking = PKIX_FALSE;
+        state->usingHintCerts = PKIX_FALSE;
+        state->certLoopingDetected = PKIX_FALSE;
+        PKIX_DECREF(state->validityDate);
+        PKIX_DECREF(state->prevCert);
+        PKIX_DECREF(state->candidateCert);
+        PKIX_DECREF(state->traversedSubjNames);
+        PKIX_DECREF(state->trustChain);
+        PKIX_DECREF(state->aia);
+        PKIX_DECREF(state->candidateCerts);
+        PKIX_DECREF(state->reversedCertChain);
+        PKIX_DECREF(state->checkedCritExtOIDs);
+        PKIX_DECREF(state->checkerChain);
+        PKIX_DECREF(state->certSel);
+        PKIX_DECREF(state->verifyNode);
+        PKIX_DECREF(state->client);
+
+        /*
+         * If we ever add a child link we have to be careful not to have loops
+         * in the Destroy process. But with one-way links we should be okay.
+         */
+        if (state->parentState == NULL) {
+                state->buildConstants.numAnchors = 0;
+                state->buildConstants.numCertStores = 0;
+                state->buildConstants.numHintCerts = 0;
+                state->buildConstants.procParams = 0;
+                PKIX_DECREF(state->buildConstants.testDate);
+                PKIX_DECREF(state->buildConstants.timeLimit);
+                PKIX_DECREF(state->buildConstants.targetCert);
+                PKIX_DECREF(state->buildConstants.targetPubKey);
+                PKIX_DECREF(state->buildConstants.certStores);
+                PKIX_DECREF(state->buildConstants.anchors);
+                PKIX_DECREF(state->buildConstants.userCheckers);
+                PKIX_DECREF(state->buildConstants.hintCerts);
+                PKIX_DECREF(state->buildConstants.revChecker);
+                PKIX_DECREF(state->buildConstants.aiaMgr);
+        } else {
+                PKIX_DECREF(state->parentState);
+        }
+
+cleanup:
+
+        PKIX_RETURN(FORWARDBUILDERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_ForwardBuilderState_Create
+ *
+ * DESCRIPTION:
+ *  Allocate and initialize a ForwardBuilderState.
+ *
+ * PARAMETERS
+ *  "traversedCACerts"
+ *      Number of CA certificates traversed.
+ *  "numFanout"
+ *      Number of Certs that can be considered at this level (0 = no limit)
+ *  "numDepth"
+ *      Number of additional levels that can be searched (0 = no limit)
+ *  "canBeCached"
+ *      Boolean value indicating whether all certs on the chain can be cached.
+ *  "validityDate"
+ *      Address of Date at which build chain Certs' most restricted validity
+ *      time is kept. May be NULL.
+ *  "prevCert"
+ *      Address of Cert just traversed. Must be non-NULL.
+ *  "traversedSubjNames"
+ *      Address of List of GeneralNames that have been traversed.
+ *      Must be non-NULL.
+ *  "trustChain"
+ *      Address of List of certificates traversed. Must be non-NULL.
+ *  "parentState"
+ *      Address of previous ForwardBuilderState
+ *  "pState"
+ *      Address where ForwardBuilderState will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_ForwardBuilderState_Create(
+        PKIX_Int32 traversedCACerts,
+        PKIX_UInt32 numFanout,
+        PKIX_UInt32 numDepth,
+        PKIX_Boolean canBeCached,
+        PKIX_PL_Date *validityDate,
+        PKIX_PL_Cert *prevCert,
+        PKIX_List *traversedSubjNames,
+        PKIX_List *trustChain,
+        PKIX_ForwardBuilderState *parentState,
+        PKIX_ForwardBuilderState **pState,
+        void *plContext)
+{
+        PKIX_ForwardBuilderState *state = NULL;
+
+        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_Create");
+        PKIX_NULLCHECK_FOUR(prevCert, traversedSubjNames, pState, trustChain);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_FORWARDBUILDERSTATE_TYPE,
+                sizeof (PKIX_ForwardBuilderState),
+                (PKIX_PL_Object **)&state,
+                plContext),
+                PKIX_COULDNOTCREATEFORWARDBUILDERSTATEOBJECT);
+
+        state->status = BUILD_INITIAL;
+        state->traversedCACerts = traversedCACerts;
+        state->certStoreIndex = 0;
+        state->numCerts = 0;
+        state->numAias = 0;
+        state->certIndex = 0;
+        state->aiaIndex = 0;
+        state->certCheckedIndex = 0;
+        state->checkerIndex = 0;
+        state->hintCertIndex = 0;
+        state->numFanout = numFanout;
+        state->numDepth = numDepth;
+        state->reasonCode = 0;
+        state->revChecking = numDepth;
+        state->canBeCached = canBeCached;
+        state->useOnlyLocal = PKIX_TRUE;
+        state->revChecking = PKIX_FALSE;
+        state->usingHintCerts = PKIX_FALSE;
+        state->certLoopingDetected = PKIX_FALSE;
+
+        PKIX_INCREF(validityDate);
+        state->validityDate = validityDate;
+
+        PKIX_INCREF(prevCert);
+        state->prevCert = prevCert;
+
+        state->candidateCert = NULL;
+
+        PKIX_INCREF(traversedSubjNames);
+        state->traversedSubjNames = traversedSubjNames;
+
+        PKIX_INCREF(trustChain);
+        state->trustChain = trustChain;
+
+        state->aia = NULL;
+        state->candidateCerts = NULL;
+        state->reversedCertChain = NULL;
+        state->checkedCritExtOIDs = NULL;
+        state->checkerChain = NULL;
+        state->certSel = NULL;
+        state->verifyNode = NULL;
+        state->client = NULL;
+
+        PKIX_INCREF(parentState);
+        state->parentState = parentState;
+
+        if (parentState != NULL) {
+                state->buildConstants.numAnchors =
+                         parentState->buildConstants.numAnchors;
+                state->buildConstants.numCertStores = 
+                        parentState->buildConstants.numCertStores; 
+                state->buildConstants.numHintCerts = 
+                        parentState->buildConstants.numHintCerts; 
+                state->buildConstants.maxFanout =
+                        parentState->buildConstants.maxFanout;
+                state->buildConstants.maxDepth =
+                        parentState->buildConstants.maxDepth;
+                state->buildConstants.maxTime =
+                        parentState->buildConstants.maxTime;
+                state->buildConstants.procParams = 
+                        parentState->buildConstants.procParams; 
+                state->buildConstants.testDate =
+                        parentState->buildConstants.testDate;
+                state->buildConstants.timeLimit =
+                        parentState->buildConstants.timeLimit;
+                state->buildConstants.targetCert =
+                        parentState->buildConstants.targetCert;
+                state->buildConstants.targetPubKey =
+                        parentState->buildConstants.targetPubKey;
+                state->buildConstants.certStores =
+                        parentState->buildConstants.certStores;
+                state->buildConstants.anchors =
+                        parentState->buildConstants.anchors;
+                state->buildConstants.userCheckers =
+                        parentState->buildConstants.userCheckers;
+                state->buildConstants.hintCerts =
+                        parentState->buildConstants.hintCerts;
+                state->buildConstants.revChecker =
+                        parentState->buildConstants.revChecker;
+                state->buildConstants.aiaMgr =
+                        parentState->buildConstants.aiaMgr;
+                state->buildConstants.trustOnlyUserAnchors =
+                        parentState->buildConstants.trustOnlyUserAnchors;
+        }
+
+        *pState = state;
+        state = NULL;
+cleanup:
+        
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(FORWARDBUILDERSTATE);
+}
+
+/*
+ * FUNCTION: pkix_Build_GetResourceLimits
+ *
+ * DESCRIPTION:
+ *  Retrieve Resource Limits from ProcessingParams and initialize them in
+ *  BuildConstants.
+ *
+ * PARAMETERS
+ *  "buildConstants"
+ *      Address of a BuildConstants structure containing objects and values
+ *      that remain constant throughout the building of a chain. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_GetResourceLimits(
+        BuildConstants *buildConstants,
+        void *plContext)
+{
+        PKIX_ResourceLimits *resourceLimits = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_GetResourceLimits");
+        PKIX_NULLCHECK_ONE(buildConstants);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetResourceLimits
+                (buildConstants->procParams, &resourceLimits, plContext),
+                PKIX_PROCESSINGPARAMSGETRESOURCELIMITSFAILED);
+
+        buildConstants->maxFanout = 0;
+        buildConstants->maxDepth = 0;
+        buildConstants->maxTime = 0;
+
+        if (resourceLimits) {
+
+                PKIX_CHECK(PKIX_ResourceLimits_GetMaxFanout
+                        (resourceLimits, &buildConstants->maxFanout, plContext),
+                        PKIX_RESOURCELIMITSGETMAXFANOUTFAILED);
+
+                PKIX_CHECK(PKIX_ResourceLimits_GetMaxDepth
+                        (resourceLimits, &buildConstants->maxDepth, plContext),
+                        PKIX_RESOURCELIMITSGETMAXDEPTHFAILED);
+
+                PKIX_CHECK(PKIX_ResourceLimits_GetMaxTime
+                        (resourceLimits, &buildConstants->maxTime, plContext),
+                        PKIX_RESOURCELIMITSGETMAXTIMEFAILED);
+        }
+
+cleanup:
+
+        PKIX_DECREF(resourceLimits);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_ForwardBuilderState_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_ForwardBuilderState_ToString
+        (PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_ForwardBuilderState *state = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *resultString = NULL;
+        PKIX_PL_String *buildStatusString = NULL;
+        PKIX_PL_String *validityDateString = NULL;
+        PKIX_PL_String *prevCertString = NULL;
+        PKIX_PL_String *candidateCertString = NULL;
+        PKIX_PL_String *traversedSubjNamesString = NULL;
+        PKIX_PL_String *trustChainString = NULL;
+        PKIX_PL_String *candidateCertsString = NULL;
+        PKIX_PL_String *certSelString = NULL;
+        PKIX_PL_String *verifyNodeString = NULL;
+        PKIX_PL_String *parentStateString = NULL;
+        char *asciiFormat = "\n"
+                "\t{buildStatus: \t%s\n"
+                "\ttraversedCACerts: \t%d\n"
+                "\tcertStoreIndex: \t%d\n"
+                "\tnumCerts: \t%d\n"
+                "\tnumAias: \t%d\n"
+                "\tcertIndex: \t%d\n"
+                "\taiaIndex: \t%d\n"
+                "\tnumFanout: \t%d\n"
+                "\tnumDepth:  \t%d\n"
+                "\treasonCode:  \t%d\n"
+                "\tcanBeCached: \t%d\n"
+                "\tuseOnlyLocal: \t%d\n"
+                "\trevChecking: \t%d\n"
+                "\tvalidityDate: \t%s\n"
+                "\tprevCert: \t%s\n"
+                "\tcandidateCert: \t%s\n"
+                "\ttraversedSubjNames: \t%s\n"
+                "\ttrustChain: \t%s\n"
+                "\tcandidateCerts: \t%s\n"
+                "\tcertSel: \t%s\n"
+                "\tverifyNode: \t%s\n"
+                "\tparentState: \t%s}\n";
+        char *asciiStatus = NULL;
+
+        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_FORWARDBUILDERSTATE_TYPE, plContext),
+                PKIX_OBJECTNOTFORWARDBUILDERSTATE);
+
+        state = (PKIX_ForwardBuilderState *)object;
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        switch (state->status) {
+            case BUILD_SHORTCUTPENDING: asciiStatus = "BUILD_SHORTCUTPENDING";
+                                        break;
+            case BUILD_INITIAL:         asciiStatus = "BUILD_INITIAL";
+                                        break;
+            case BUILD_TRYAIA:          asciiStatus = "BUILD_TRYAIA";
+                                        break;
+            case BUILD_AIAPENDING:      asciiStatus = "BUILD_AIAPENDING";
+                                        break;
+            case BUILD_COLLECTINGCERTS: asciiStatus = "BUILD_COLLECTINGCERTS";
+                                        break;
+            case BUILD_GATHERPENDING:   asciiStatus = "BUILD_GATHERPENDING";
+                                        break;
+            case BUILD_CERTVALIDATING:  asciiStatus = "BUILD_CERTVALIDATING";
+                                        break;
+            case BUILD_ABANDONNODE:     asciiStatus = "BUILD_ABANDONNODE";
+                                        break;
+            case BUILD_DATEPREP:        asciiStatus = "BUILD_DATEPREP";
+                                        break;
+            case BUILD_CHECKTRUSTED:    asciiStatus = "BUILD_CHECKTRUSTED";
+                                        break;
+            case BUILD_CHECKTRUSTED2:   asciiStatus = "BUILD_CHECKTRUSTED2";
+                                        break;
+            case BUILD_ADDTOCHAIN:      asciiStatus = "BUILD_ADDTOCHAIN";
+                                        break;
+            case BUILD_VALCHAIN:        asciiStatus = "BUILD_VALCHAIN";
+                                        break;
+            case BUILD_VALCHAIN2:       asciiStatus = "BUILD_VALCHAIN2";
+                                        break;
+            case BUILD_EXTENDCHAIN:     asciiStatus = "BUILD_EXTENDCHAIN";
+                                        break;
+            case BUILD_GETNEXTCERT:     asciiStatus = "BUILD_GETNEXTCERT";
+                                        break;
+            default:                    asciiStatus = "INVALID STATUS";
+                                        break;
+        }
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, asciiStatus, 0, &buildStatusString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        PKIX_TOSTRING
+               (state->validityDate, &validityDateString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+               (state->prevCert, &prevCertString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->candidateCert, &candidateCertString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->traversedSubjNames,
+                &traversedSubjNamesString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->trustChain, &trustChainString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->candidateCerts, &candidateCertsString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->certSel, &certSelString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->verifyNode, &verifyNodeString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (state->parentState, &parentStateString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&resultString,
+                plContext,
+                formatString,
+                buildStatusString,
+                (PKIX_Int32)state->traversedCACerts,
+                (PKIX_UInt32)state->certStoreIndex,
+                (PKIX_UInt32)state->numCerts,
+                (PKIX_UInt32)state->numAias,
+                (PKIX_UInt32)state->certIndex,
+                (PKIX_UInt32)state->aiaIndex,
+                (PKIX_UInt32)state->numFanout,
+                (PKIX_UInt32)state->numDepth,
+                (PKIX_UInt32)state->reasonCode,
+                state->canBeCached,
+                state->useOnlyLocal,
+                state->revChecking,
+                validityDateString,
+                prevCertString,
+                candidateCertString,
+                traversedSubjNamesString,
+                trustChainString,
+                candidateCertsString,
+                certSelString,
+                verifyNodeString,
+                parentStateString),
+                PKIX_SPRINTFFAILED);
+
+        *pString = resultString;
+
+cleanup:
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(buildStatusString);
+        PKIX_DECREF(validityDateString);
+        PKIX_DECREF(prevCertString);
+        PKIX_DECREF(candidateCertString);
+        PKIX_DECREF(traversedSubjNamesString);
+        PKIX_DECREF(trustChainString);
+        PKIX_DECREF(candidateCertsString);
+        PKIX_DECREF(certSelString);
+        PKIX_DECREF(verifyNodeString);
+        PKIX_DECREF(parentStateString);
+
+        PKIX_RETURN(FORWARDBUILDERSTATE);
+
+}
+
+/*
+ * FUNCTION: pkix_ForwardBuilderState_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_FORWARDBUILDERSTATE_TYPE and its related functions
+ *  with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_ForwardBuilderState_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(FORWARDBUILDERSTATE,
+                    "pkix_ForwardBuilderState_RegisterSelf");
+
+        entry.description = "ForwardBuilderState";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_ForwardBuilderState);
+        entry.destructor = pkix_ForwardBuilderState_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = pkix_ForwardBuilderState_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_FORWARDBUILDERSTATE_TYPE] = entry;
+
+        PKIX_RETURN(FORWARDBUILDERSTATE);
+}
+
+#if PKIX_FORWARDBUILDERSTATEDEBUG
+/*
+ * FUNCTION: pkix_ForwardBuilderState_DumpState
+ *
+ * DESCRIPTION:
+ *  This function invokes the ToString function on the argument pointed to
+ *  by "state".
+ * PARAMETERS:
+ *  "state"
+ *      The address of the ForwardBuilderState object. Must be non-NULL.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ */
+PKIX_Error *
+pkix_ForwardBuilderState_DumpState(
+        PKIX_ForwardBuilderState *state,
+        void *plContext)
+{
+        PKIX_PL_String *stateString = NULL;
+        char *stateAscii = NULL;
+        PKIX_UInt32 length;
+
+        PKIX_ENTER(FORWARDBUILDERSTATE,"pkix_ForwardBuilderState_DumpState");
+        PKIX_NULLCHECK_ONE(state);
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)state, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object*)state, &stateString, plContext),
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (stateString,
+                    PKIX_ESCASCII,
+                    (void **)&stateAscii,
+                    &length,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+        PKIX_DEBUG_ARG("In Phase 1: state = %s\n", stateAscii);
+
+        PKIX_FREE(stateAscii);
+        PKIX_DECREF(stateString);
+
+cleanup:
+        PKIX_RETURN(FORWARDBUILDERSTATE);
+}
+#endif
+
+/*
+ * FUNCTION: pkix_ForwardBuilderState_IsIOPending
+ * DESCRIPTION:
+ *
+ *  This function determines whether the state of the ForwardBuilderState
+ *  pointed to by "state" indicates I/O is in progress, and stores the Boolean
+ *  result at "pPending".
+ *
+ * PARAMETERS:
+ *  "state"
+ *      The address of the ForwardBuilderState object. Must be non-NULL.
+ *  "pPending"
+ *      The address at which the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a ForwardBuilderState Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error*
+pkix_ForwardBuilderState_IsIOPending(
+        PKIX_ForwardBuilderState *state,
+        PKIX_Boolean *pPending,
+        void *plContext)
+{
+        PKIX_ENTER(FORWARDBUILDERSTATE, "pkix_ForwardBuilderState_IsIOPending");
+        PKIX_NULLCHECK_TWO(state, pPending);
+
+        if ((state->status == BUILD_GATHERPENDING) ||
+            (state->status == BUILD_CHECKTRUSTED2) ||
+            (state->status == BUILD_VALCHAIN2) ||
+            (state->status == BUILD_AIAPENDING)) {
+                *pPending = PKIX_TRUE;
+        } else {
+                *pPending = PKIX_FALSE;
+        }
+
+        PKIX_RETURN(FORWARDBUILDERSTATE);
+}
+
+/* --Private-BuildChain-Functions------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_Build_SortCertComparator
+ * DESCRIPTION:
+ *
+ *  This Function takes two Certificates cast in "obj1" and "obj2",
+ *  compares them to determine which is a more preferable certificate
+ *  for chain building. This Function is suitable for use as a
+ *  comparator callback for pkix_List_BubbleSort, setting "*pResult" to
+ *  > 0 if "obj1" is less desirable than "obj2" and < 0 if "obj1"
+ *  is more desirable than "obj2".
+ *
+ * PARAMETERS:
+ *  "obj1"
+ *      Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert.
+ *      Must be non-NULL.
+ *  "obj2"
+ *      Address of the PKIX_PL_Object that is a cast of PKIX_PL_Cert.
+ *      Must be non-NULL.
+ *  "pResult"
+ *      Address where the comparison result is returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_SortCertComparator(
+        PKIX_PL_Object *obj1,
+        PKIX_PL_Object *obj2,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_PL_Date *date1 = NULL;
+        PKIX_PL_Date *date2 = NULL;
+        PKIX_Int32 result = 0;
+
+        PKIX_ENTER(BUILD, "pkix_Build_SortCertComparator");
+        PKIX_NULLCHECK_THREE(obj1, obj2, pResult);
+
+        /*
+         * For sorting candidate certificates, we use NotAfter date as the
+         * comparison key for now (can be expanded if desired in the future).
+         *
+         * In PKIX_BuildChain, the List of CertStores was reordered so that
+         * trusted CertStores are ahead of untrusted CertStores. That sort, or
+         * this one, could be taken out if it is determined that it doesn't help
+         * performance, or in some way hinders the solution of choosing desired
+         * candidates.
+         */
+
+        PKIX_CHECK(pkix_CheckType(obj1, PKIX_CERT_TYPE, plContext),
+                    PKIX_OBJECTNOTCERT);
+        PKIX_CHECK(pkix_CheckType(obj2, PKIX_CERT_TYPE, plContext),
+                    PKIX_OBJECTNOTCERT);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
+                ((PKIX_PL_Cert *)obj1, &date1, plContext),
+                PKIX_CERTGETVALIDITYNOTAFTERFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
+                ((PKIX_PL_Cert *)obj2, &date2, plContext),
+                PKIX_CERTGETVALIDITYNOTAFTERFAILED);
+        
+        PKIX_CHECK(PKIX_PL_Object_Compare
+                ((PKIX_PL_Object *)date1,
+                (PKIX_PL_Object *)date2,
+                &result,
+                plContext),
+                PKIX_OBJECTCOMPARATORFAILED);
+
+        /*
+         * Invert the result, so that if date1 is greater than date2,
+         * obj1 is sorted before obj2. This is because pkix_List_BubbleSort
+         * sorts in ascending order.
+         */
+        *pResult = -result;
+
+cleanup:
+
+        PKIX_DECREF(date1);
+        PKIX_DECREF(date2);
+
+        PKIX_RETURN(BUILD);
+}
+
+/* This local error check macro */
+#define ERROR_CHECK(errCode) \
+    if (pkixErrorResult) { \
+        if (pkixLog) { \
+            PR_LOG(pkixLog, PR_LOG_DEBUG, ("====> ERROR_CHECK code %s\n", #errCode)); \
+        } \
+        pkixTempErrorReceived = PKIX_TRUE; \
+        pkixErrorClass = pkixErrorResult->errClass; \
+        if (pkixErrorClass == PKIX_FATAL_ERROR) { \
+            goto cleanup; \
+        } \
+        if (verifyNode) { \
+            PKIX_DECREF(verifyNode->error); \
+            PKIX_INCREF(pkixErrorResult); \
+            verifyNode->error = pkixErrorResult; \
+        } \
+        pkixErrorCode = errCode; \
+        goto cleanup; \
+    }
+
+/*
+ * FUNCTION: pkix_Build_VerifyCertificate
+ * DESCRIPTION:
+ *
+ *  Checks whether the previous Cert stored in the ForwardBuilderState pointed
+ *  to by "state" successfully chains, including signature verification, to the
+ *  candidate Cert also stored in "state", using the Boolean value in "trusted"
+ *  to determine whether "candidateCert" is trusted.
+ *
+ *  First it checks whether "candidateCert" has already been traversed by
+ *  determining whether it is contained in the List of traversed Certs. It then
+ *  checks the candidate Cert with user checkers, if any, in the List pointed to
+ *  by "userCheckers". Finally, it runs the signature validation.
+ *
+ *  If this Certificate fails verification, and state->verifyNode is non-NULL,
+ *  this function sets the Error code into the verifyNode.
+ *
+ * PARAMETERS:
+ *  "state"
+ *      Address of ForwardBuilderState to be used. Must be non-NULL.
+ *  "userCheckers"
+ *      Address of a List of CertChainCheckers to be used, if present, to
+ *      validate the candidateCert.
+ *  "trusted"
+ *      Boolean value of trust for the candidate Cert
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_VerifyCertificate(
+        PKIX_ForwardBuilderState *state,
+        PKIX_List *userCheckers,
+        PKIX_Boolean *pTrusted,
+        PKIX_VerifyNode *verifyNode,
+        void *plContext)
+{
+        PKIX_UInt32 numUserCheckers = 0;
+        PKIX_UInt32 i = 0;
+        PKIX_Boolean loopFound = PKIX_FALSE;
+        PKIX_Boolean supportForwardChecking = PKIX_FALSE;
+        PKIX_Boolean trusted = PKIX_FALSE;
+        PKIX_PL_Cert *candidateCert = NULL;
+        PKIX_PL_PublicKey *candidatePubKey = NULL;
+        PKIX_CertChainChecker *userChecker = NULL;
+        PKIX_CertChainChecker_CheckCallback checkerCheck = NULL;
+        PKIX_PL_TrustAnchorMode trustAnchorMode =
+                PKIX_PL_TrustAnchorMode_Ignore;
+        void *nbioContext = NULL;
+        
+        PKIX_ENTER(BUILD, "pkix_Build_VerifyCertificate");
+        PKIX_NULLCHECK_TWO(state, pTrusted);
+        PKIX_NULLCHECK_THREE
+                (state->candidateCerts, state->prevCert, state->trustChain);
+
+        PKIX_INCREF(state->candidateCert);
+        candidateCert = state->candidateCert;
+
+        if (state->buildConstants.numAnchors) {
+            if (state->buildConstants.trustOnlyUserAnchors) {
+                trustAnchorMode = PKIX_PL_TrustAnchorMode_Exclusive;
+            } else {
+                trustAnchorMode = PKIX_PL_TrustAnchorMode_Additive;
+            }
+        } else {
+            trustAnchorMode = PKIX_PL_TrustAnchorMode_Ignore;
+        }
+
+        PKIX_CHECK(
+            PKIX_PL_Cert_IsCertTrusted(candidateCert, trustAnchorMode,
+                                       &trusted, plContext),
+            PKIX_CERTISCERTTRUSTEDFAILED);
+
+        *pTrusted = trusted;
+
+        /* check for loops */
+        PKIX_CHECK(pkix_List_Contains
+                (state->trustChain,
+                (PKIX_PL_Object *)candidateCert,
+                &loopFound,
+                plContext),
+                PKIX_LISTCONTAINSFAILED);
+
+        if (loopFound) {
+                if (verifyNode != NULL) {
+                        PKIX_Error *verifyError = NULL;
+                        PKIX_ERROR_CREATE
+                                (BUILD,
+                                PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
+                                verifyError);
+                        PKIX_DECREF(verifyNode->error);
+                        verifyNode->error = verifyError;
+                }
+                /* Even if error logged, still need to abort
+                 * if cert is not trusted. */
+                if (!trusted) {
+                        PKIX_ERROR(PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED);
+                }
+                state->certLoopingDetected = PKIX_TRUE;
+        }
+
+        if (userCheckers != NULL) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                    (userCheckers, &numUserCheckers, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < numUserCheckers; i++) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (userCheckers,
+                        i,
+                        (PKIX_PL_Object **) &userChecker,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    PKIX_CHECK
+                        (PKIX_CertChainChecker_IsForwardCheckingSupported
+                        (userChecker, &supportForwardChecking, plContext),
+                        PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED);
+
+                    if (supportForwardChecking == PKIX_TRUE) {
+
+                        PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallback
+                            (userChecker, &checkerCheck, plContext),
+                            PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED);
+
+                        pkixErrorResult =
+                            checkerCheck(userChecker, candidateCert, NULL,
+                                         &nbioContext, plContext);
+
+                        ERROR_CHECK(PKIX_USERCHECKERCHECKFAILED);
+                    }
+
+                    PKIX_DECREF(userChecker);
+                }
+        }
+
+        /* Check that public key of the trusted dsa cert has
+         * dsa parameters */
+        if (trusted) {
+            PKIX_Boolean paramsNeeded = PKIX_FALSE;
+            PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
+                       (candidateCert, &candidatePubKey, plContext),
+                       PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
+            PKIX_CHECK(PKIX_PL_PublicKey_NeedsDSAParameters
+                       (candidatePubKey, &paramsNeeded, plContext),
+                       PKIX_PUBLICKEYNEEDSDSAPARAMETERSFAILED);
+            if (paramsNeeded) {
+                PKIX_ERROR(PKIX_MISSINGDSAPARAMETERS);
+            }
+        }
+
+cleanup:
+        PKIX_DECREF(candidateCert);
+        PKIX_DECREF(candidatePubKey);
+        PKIX_DECREF(userChecker);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_ValidationCheckers
+ * DESCRIPTION:
+ *
+ *  Creates a List of Objects to be used in determining whether the List of
+ *  Certs pointed to by "certChain" successfully validates using the
+ *  ForwardBuilderState pointed to by "state", and the TrustAnchor pointed to by
+ *  "anchor". These objects are a reversed Cert Chain, consisting of the certs
+ *  in "certChain" in reversed order, suitable for presenting to the
+ *  CertChainCheckers; a List of critical extension OIDS that have already been
+ *  processed in forward building; a List of CertChainCheckers to be called, and
+ *  a List of RevocationCheckers to be called. These results are stored in
+ *  fields of "state".
+ *
+ * PARAMETERS:
+ *  "state"
+ *      Address of ForwardBuilderState to be used. Must be non-NULL.
+ *  "certChain"
+ *      Address of List of Certs to be validated. Must be non-NULL.
+ *  "anchor"
+ *      Address of TrustAnchor to be used. Must be non-NULL.
+ *  "addEkuChecker"
+ *      Boolean flags that tells to add eku checker to the list
+ *      of checkers. Only needs to be done for existing chain revalidation.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_ValidationCheckers(
+        PKIX_ForwardBuilderState *state,
+        PKIX_List *certChain,
+        PKIX_TrustAnchor *anchor,
+        PKIX_Boolean chainRevalidationStage,
+        void *plContext)
+{
+        PKIX_List *checkers = NULL;
+        PKIX_List *initialPolicies = NULL;
+        PKIX_List *reversedCertChain = NULL;
+        PKIX_List *buildCheckedCritExtOIDsList = NULL;
+        PKIX_ProcessingParams *procParams = NULL;
+        PKIX_PL_Cert *trustedCert = NULL;
+        PKIX_PL_PublicKey *trustedPubKey = NULL;
+        PKIX_PL_CertNameConstraints *trustedNC = NULL;
+        PKIX_CertChainChecker *sigChecker = NULL;
+        PKIX_CertChainChecker *policyChecker = NULL;
+        PKIX_CertChainChecker *userChecker = NULL;
+        PKIX_CertChainChecker *nameConstraintsChecker = NULL;
+        PKIX_CertChainChecker *checker = NULL;
+        PKIX_CertSelector *certSelector = NULL;
+        PKIX_List *userCheckerExtOIDs = NULL;
+        PKIX_PL_OID *oid = NULL;
+        PKIX_Boolean supportForwardChecking = PKIX_FALSE;
+        PKIX_Boolean policyQualifiersRejected = PKIX_FALSE;
+        PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
+        PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
+        PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
+        PKIX_UInt32 numChainCerts;
+        PKIX_UInt32 numCertCheckers;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(BUILD, "pkix_Build_ValidationCheckers");
+        PKIX_NULLCHECK_THREE(state, certChain, anchor);
+
+        PKIX_CHECK(PKIX_List_Create(&checkers, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_ReverseList
+                (certChain, &reversedCertChain, plContext),
+                PKIX_LISTREVERSELISTFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength
+                (reversedCertChain, &numChainCerts, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        procParams = state->buildConstants.procParams;
+
+        /* Do need to add a number of checker to revalidate
+         * a built chain. KU, EKU, CertType and Validity Date
+         * get checked by certificate selector during chain
+         * construction, but needed to be checked for chain from
+         * the cache.*/
+        if (chainRevalidationStage) {
+            PKIX_CHECK(pkix_ExpirationChecker_Initialize
+                       (state->buildConstants.testDate, &checker, plContext),
+                       PKIX_EXPIRATIONCHECKERINITIALIZEFAILED);
+            PKIX_CHECK(PKIX_List_AppendItem
+                       (checkers, (PKIX_PL_Object *)checker, plContext),
+                       PKIX_LISTAPPENDITEMFAILED);
+            PKIX_DECREF(checker);
+            
+            PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
+                       (procParams, &certSelector, plContext),
+                    PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
+
+            PKIX_CHECK(pkix_TargetCertChecker_Initialize
+                       (certSelector, numChainCerts, &checker, plContext),
+                       PKIX_EXPIRATIONCHECKERINITIALIZEFAILED);
+            PKIX_CHECK(PKIX_List_AppendItem
+                       (checkers, (PKIX_PL_Object *)checker, plContext),
+                       PKIX_LISTAPPENDITEMFAILED);
+            PKIX_DECREF(checker);
+        }
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetInitialPolicies
+                (procParams, &initialPolicies, plContext),
+                PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetPolicyQualifiersRejected
+                (procParams, &policyQualifiersRejected, plContext),
+                PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_IsPolicyMappingInhibited
+                (procParams, &initialPolicyMappingInhibit, plContext),
+                PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_IsAnyPolicyInhibited
+                (procParams, &initialAnyPolicyInhibit, plContext),
+                PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_IsExplicitPolicyRequired
+                (procParams, &initialExplicitPolicy, plContext),
+                PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED);
+
+        PKIX_CHECK(pkix_PolicyChecker_Initialize
+                (initialPolicies,
+                policyQualifiersRejected,
+                initialPolicyMappingInhibit,
+                initialExplicitPolicy,
+                initialAnyPolicyInhibit,
+                numChainCerts,
+                &policyChecker,
+                plContext),
+                PKIX_POLICYCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (checkers, (PKIX_PL_Object *)policyChecker, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        /*
+         * Create an OID list that contains critical extensions processed
+         * by BuildChain. These are specified in a static const array.
+         */
+        PKIX_CHECK(PKIX_List_Create(&buildCheckedCritExtOIDsList, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        for (i = 0; buildCheckedCritExtOIDs[i] != PKIX_UNKNOWN_OID; i++) {
+                PKIX_CHECK(PKIX_PL_OID_Create
+                        (buildCheckedCritExtOIDs[i], &oid, plContext),
+                        PKIX_OIDCREATEFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                        (buildCheckedCritExtOIDsList,
+                        (PKIX_PL_Object *) oid,
+                        plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(oid);
+        }
+
+        if (state->buildConstants.userCheckers != NULL) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (state->buildConstants.userCheckers,
+                        &numCertCheckers,
+                        plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < numCertCheckers; i++) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                            (state->buildConstants.userCheckers,
+                            i,
+                            (PKIX_PL_Object **) &userChecker,
+                            plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK
+                            (PKIX_CertChainChecker_IsForwardCheckingSupported
+                            (userChecker, &supportForwardChecking, plContext),
+                            PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
+
+                        /*
+                         * If this userChecker supports forwardChecking then it
+                         * should have been checked during build chain. Skip
+                         * checking but need to add checker's extension OIDs
+                         * to buildCheckedCritExtOIDsList.
+                         */
+                        if (supportForwardChecking == PKIX_TRUE) {
+
+                          PKIX_CHECK
+                            (PKIX_CertChainChecker_GetSupportedExtensions
+                            (userChecker, &userCheckerExtOIDs, plContext),
+                            PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
+
+                          if (userCheckerExtOIDs != NULL) {
+                            PKIX_CHECK(pkix_List_AppendList
+                                (buildCheckedCritExtOIDsList,
+                                userCheckerExtOIDs,
+                                plContext),
+                                PKIX_LISTAPPENDLISTFAILED);
+                          }
+
+                        } else {
+                            PKIX_CHECK(PKIX_List_AppendItem
+                                (checkers,
+                                (PKIX_PL_Object *)userChecker,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                        }
+
+                        PKIX_DECREF(userCheckerExtOIDs);
+                        PKIX_DECREF(userChecker);
+                }
+        }
+
+        /* Enabling post chain building signature check on the certs. */
+        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
+                   (anchor, &trustedCert, plContext),
+                   PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
+        
+        PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
+                   (trustedCert, &trustedPubKey, plContext),
+                   PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
+        
+        PKIX_CHECK(pkix_SignatureChecker_Initialize
+                   (trustedPubKey,
+                    numChainCerts,
+                    &sigChecker,
+                    plContext),
+                   PKIX_SIGNATURECHECKERINITIALIZEFAILED);
+        
+        PKIX_CHECK(PKIX_List_AppendItem
+                   (checkers,
+                    (PKIX_PL_Object *)sigChecker,
+                    plContext),
+                   PKIX_LISTAPPENDITEMFAILED);
+
+        /* Enabling post chain building name constraints check on the certs. */
+        PKIX_CHECK(PKIX_TrustAnchor_GetNameConstraints
+                  (anchor, &trustedNC, plContext),
+                  PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED);
+
+        PKIX_CHECK(pkix_NameConstraintsChecker_Initialize
+                  (trustedNC, numChainCerts, &nameConstraintsChecker,
+                   plContext),
+                  PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                  (checkers,
+                   (PKIX_PL_Object *)nameConstraintsChecker,
+                   plContext),
+                  PKIX_LISTAPPENDITEMFAILED);
+
+
+        PKIX_DECREF(state->reversedCertChain);
+        PKIX_INCREF(reversedCertChain);
+        state->reversedCertChain = reversedCertChain;
+        PKIX_DECREF(state->checkedCritExtOIDs);
+        PKIX_INCREF(buildCheckedCritExtOIDsList);
+        state->checkedCritExtOIDs = buildCheckedCritExtOIDsList;
+        PKIX_DECREF(state->checkerChain);
+        state->checkerChain = checkers;
+        checkers = NULL;
+        state->certCheckedIndex = 0;
+        state->checkerIndex = 0;
+        state->revChecking = PKIX_FALSE;
+
+
+cleanup:
+
+        PKIX_DECREF(oid);
+        PKIX_DECREF(reversedCertChain);
+        PKIX_DECREF(buildCheckedCritExtOIDsList);
+        PKIX_DECREF(checker);
+        PKIX_DECREF(checkers);
+        PKIX_DECREF(initialPolicies);
+        PKIX_DECREF(trustedCert);
+        PKIX_DECREF(trustedPubKey);
+        PKIX_DECREF(certSelector);
+        PKIX_DECREF(sigChecker);
+        PKIX_DECREF(trustedNC);
+        PKIX_DECREF(nameConstraintsChecker);
+        PKIX_DECREF(policyChecker);
+        PKIX_DECREF(userChecker);
+        PKIX_DECREF(userCheckerExtOIDs);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_ValidateEntireChain
+ * DESCRIPTION:
+ *
+ *  Checks whether the current List of Certs successfully validates using the 
+ *  TrustAnchor pointed to by "anchor" and other parameters contained, as was
+ *  the Cert List, in "state".
+ *
+ *  If a checker using non-blocking I/O returns with a non-NULL non-blocking I/O
+ *  context (NBIOContext), an indication that I/O is in progress and the
+ *  checking has not been completed, this function stores that context at
+ *  "pNBIOContext". Otherwise, it stores NULL at "pNBIOContext".
+ *
+ *  If not awaiting I/O and if successful, a ValidateResult is created
+ *  containing the Public Key of the target certificate (including DSA parameter
+ *  inheritance, if any) and the PolicyNode representing the policy tree output
+ *  by the validation algorithm.  If not successful, an Error pointer is
+ *  returned.
+ *
+ * PARAMETERS:
+ *  "state"
+ *      Address of ForwardBuilderState to be used. Must be non-NULL.
+ *  "anchor"
+ *      Address of TrustAnchor to be used. Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which the NBIOContext is stored indicating whether the
+ *      validation is complete. Must be non-NULL.
+ *  "pValResult"
+ *      Address at which the ValidateResult is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_ValidateEntireChain(
+        PKIX_ForwardBuilderState *state,
+        PKIX_TrustAnchor *anchor,
+        void **pNBIOContext,
+        PKIX_ValidateResult **pValResult,
+        PKIX_VerifyNode *verifyNode,
+        void *plContext)
+{
+        PKIX_UInt32 numChainCerts = 0;
+        PKIX_PL_PublicKey *subjPubKey = NULL;
+        PKIX_PolicyNode *policyTree = NULL;
+        PKIX_ValidateResult *valResult = NULL;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_ValidateEntireChain");
+        PKIX_NULLCHECK_FOUR(state, anchor, pNBIOContext, pValResult);
+
+        *pNBIOContext = NULL; /* prepare for case of error exit */
+
+        PKIX_CHECK(PKIX_List_GetLength
+                (state->reversedCertChain, &numChainCerts, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        pkixErrorResult =
+            pkix_CheckChain(state->reversedCertChain, numChainCerts, anchor,
+                            state->checkerChain,
+                            state->buildConstants.revChecker,
+                            state->checkedCritExtOIDs,
+                            state->buildConstants.procParams,
+                            &state->certCheckedIndex, &state->checkerIndex,
+                            &state->revChecking, &state->reasonCode,
+                            &nbioContext, &subjPubKey, &policyTree, NULL,
+                            plContext);
+
+        if (nbioContext != NULL) {
+                *pNBIOContext = nbioContext;
+                goto cleanup;
+        }
+
+        ERROR_CHECK(PKIX_CHECKCHAINFAILED);
+
+        /* XXX Remove this assertion after 2014-12-31. See bug 946984. */
+        PORT_Assert(state->reasonCode == 0);
+
+        PKIX_CHECK(pkix_ValidateResult_Create
+                (subjPubKey, anchor, policyTree, &valResult, plContext),
+                PKIX_VALIDATERESULTCREATEFAILED);
+
+        *pValResult = valResult;
+        valResult = NULL;
+
+cleanup:
+        PKIX_DECREF(subjPubKey);
+        PKIX_DECREF(policyTree);
+        PKIX_DECREF(valResult);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_SortCandidateCerts
+ * DESCRIPTION:
+ *
+ *  This function sorts a List of candidate Certs pointed to by "candidates"
+ *  using an algorithm that places Certs most likely to produce a successful
+ *  chain at the front of the list, storing the resulting sorted List at
+ *  "pSortedCandidates".
+ *
+ *  At present the only sort criterion is that trusted Certs go ahead of
+ *  untrusted Certs.
+ *
+ * PARAMETERS:
+ *  "candidates"
+ *      Address of List of Candidate Certs to be sorted. Must be non-NULL.
+ *  "pSortedCandidates"
+ *      Address at which sorted List is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_SortCandidateCerts(
+        PKIX_List *candidates,
+        PKIX_List **pSortedCandidates,
+        void *plContext)
+{
+        PKIX_List *sortedList = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_SortCandidateCerts");
+        PKIX_NULLCHECK_TWO(candidates, pSortedCandidates);
+
+        /*
+         * Both bubble and quick sort algorithms are available.
+         * For a list of fewer than around 100 items, the bubble sort is more
+         * efficient. (This number was determined by experimenting with both
+         * algorithms on a Java List.)
+         * If the candidate list is very small, using the sort can drag down
+         * the performance a little bit.
+         */
+
+        PKIX_CHECK(pkix_List_BubbleSort
+                (candidates,
+                pkix_Build_SortCertComparator,
+                &sortedList,
+                plContext),
+                PKIX_LISTBUBBLESORTFAILED);
+
+        *pSortedCandidates = sortedList;
+
+cleanup:
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_BuildSelectorAndParams
+ * DESCRIPTION:
+ *
+ *  This function creates a CertSelector, initialized with an appropriate
+ *  ComCertSelParams, using the variables provided in the ForwardBuilderState
+ *  pointed to by "state". The CertSelector created is stored in the certsel
+ *  element of "state".
+ *
+ * PARAMETERS:
+ *  "state"
+ *      Address of ForwardBuilderState to be used. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_BuildSelectorAndParams(
+        PKIX_ForwardBuilderState *state,
+        void *plContext)
+{
+        PKIX_ComCertSelParams *certSelParams = NULL;
+        PKIX_CertSelector *certSel = NULL;
+        PKIX_PL_X500Name *currentIssuer = NULL;
+        PKIX_PL_ByteArray *authKeyId = NULL;
+        PKIX_PL_Date *testDate = NULL;
+        PKIX_CertSelector *callerCertSelector = NULL;
+        PKIX_ComCertSelParams *callerComCertSelParams = NULL;
+        PKIX_UInt32 reqKu = 0;
+        PKIX_List   *reqEkuOids = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_BuildSelectorAndParams");
+        PKIX_NULLCHECK_THREE(state, state->prevCert, state->traversedSubjNames);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetIssuer
+                (state->prevCert, &currentIssuer, plContext),
+                PKIX_CERTGETISSUERFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifier
+                (state->prevCert, &authKeyId, plContext),
+                PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_Create(&certSelParams, plContext),
+                PKIX_COMCERTSELPARAMSCREATEFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_SetSubject
+                (certSelParams, currentIssuer, plContext),
+                PKIX_COMCERTSELPARAMSSETSUBJECTFAILED);
+
+        if (authKeyId != NULL) {
+            PKIX_CHECK(PKIX_ComCertSelParams_SetSubjKeyIdentifier
+                    (certSelParams, authKeyId, plContext),
+                    PKIX_COMCERTSELPARAMSSETSUBJKEYIDENTIFIERFAILED);
+        }
+
+        PKIX_INCREF(state->buildConstants.testDate);
+        testDate = state->buildConstants.testDate;
+
+        PKIX_CHECK(PKIX_ComCertSelParams_SetCertificateValid
+                (certSelParams, testDate, plContext),
+                PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_SetBasicConstraints
+                (certSelParams, state->traversedCACerts, plContext),
+                PKIX_COMCERTSELPARAMSSETBASICCONSTRAINTSFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_SetPathToNames
+                (certSelParams, state->traversedSubjNames, plContext),
+                PKIX_COMCERTSELPARAMSSETPATHTONAMESFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
+                    (state->buildConstants.procParams,
+                     &callerCertSelector, plContext),
+                    PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
+
+        if (callerCertSelector != NULL) {
+
+            /* Get initial EKU OIDs from ComCertSelParams, if set */
+            PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
+                       (callerCertSelector, &callerComCertSelParams, plContext),
+                       PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
+
+            if (callerComCertSelParams != NULL) {
+                PKIX_CHECK(PKIX_ComCertSelParams_GetExtendedKeyUsage
+                           (callerComCertSelParams, &reqEkuOids, plContext),
+                           PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
+
+                PKIX_CHECK(PKIX_ComCertSelParams_GetKeyUsage
+                           (callerComCertSelParams, &reqKu, plContext),
+                           PKIX_COMCERTSELPARAMSGETEXTENDEDKEYUSAGEFAILED);
+            }
+        }
+
+        PKIX_CHECK(
+            PKIX_ComCertSelParams_SetKeyUsage(certSelParams, reqKu,
+                                              plContext),
+            PKIX_COMCERTSELPARAMSSETKEYUSAGEFAILED);
+        
+        PKIX_CHECK(
+            PKIX_ComCertSelParams_SetExtendedKeyUsage(certSelParams,
+                                                      reqEkuOids,
+                                                      plContext),
+            PKIX_COMCERTSELPARAMSSETEXTKEYUSAGEFAILED);
+
+        PKIX_CHECK(PKIX_CertSelector_Create
+                (NULL, NULL, &state->certSel, plContext),
+                PKIX_CERTSELECTORCREATEFAILED);
+
+        PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
+                (state->certSel, certSelParams, plContext),
+                PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
+
+        PKIX_CHECK(PKIX_List_Create(&state->candidateCerts, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        state->certStoreIndex = 0;
+
+cleanup:
+        PKIX_DECREF(certSelParams);
+        PKIX_DECREF(certSel);
+        PKIX_DECREF(currentIssuer);
+        PKIX_DECREF(authKeyId);
+        PKIX_DECREF(testDate);
+        PKIX_DECREF(reqEkuOids);
+        PKIX_DECREF(callerComCertSelParams);
+        PKIX_DECREF(callerCertSelector);
+
+        PKIX_RETURN(BUILD);
+}
+
+/* Match trust anchor to select params in order to find next cert. */
+static PKIX_Error*
+pkix_Build_SelectCertsFromTrustAnchors(
+    PKIX_List *trustAnchorsList,
+    PKIX_ComCertSelParams *certSelParams,
+    PKIX_List **pMatchList,
+    void *plContext) 
+{
+    unsigned int anchorIndex = 0;
+    PKIX_TrustAnchor *anchor = NULL;
+    PKIX_PL_Cert *trustedCert = NULL;
+    PKIX_List *matchList = NULL;
+    PKIX_CertSelector *certSel = NULL;
+    PKIX_CertSelector_MatchCallback selectorMatchCB = NULL;
+
+    PKIX_ENTER(BUILD, "pkix_Build_SelectCertsFromTrustAnchors");
+    
+    PKIX_CHECK(PKIX_CertSelector_Create
+               (NULL, NULL, &certSel, plContext),
+               PKIX_CERTSELECTORCREATEFAILED);
+    PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
+               (certSel, certSelParams, plContext),
+               PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
+    PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
+               (certSel, &selectorMatchCB, plContext),
+               PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
+
+    for (anchorIndex = 0;anchorIndex < trustAnchorsList->length; anchorIndex++) {
+        PKIX_CHECK(
+            PKIX_List_GetItem(trustAnchorsList,
+                              anchorIndex,
+                              (PKIX_PL_Object **)&anchor,
+                              plContext),
+            PKIX_LISTGETITEMFAILED);
+        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
+                   (anchor, &trustedCert, plContext),
+                   PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
+        pkixErrorResult =
+            (*selectorMatchCB)(certSel, trustedCert, plContext);
+        if (!pkixErrorResult) {
+            if (!matchList) {
+                PKIX_CHECK(PKIX_List_Create(&matchList,
+                                            plContext),
+                           PKIX_LISTCREATEFAILED);
+            }
+            PKIX_CHECK(
+                PKIX_List_AppendItem(matchList,
+                    (PKIX_PL_Object*)trustedCert,
+                                     plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+        } else {
+            PKIX_DECREF(pkixErrorResult);
+        }
+        PKIX_DECREF(trustedCert);
+        PKIX_DECREF(anchor);
+     }
+    
+    *pMatchList = matchList;
+    matchList = NULL;
+
+cleanup:
+    PKIX_DECREF(matchList);
+    PKIX_DECREF(trustedCert);
+    PKIX_DECREF(anchor);
+    PKIX_DECREF(certSel);
+    
+    PKIX_RETURN(BUILD);
+}
+
+
+static PKIX_Error*
+pkix_Build_RemoveDupUntrustedCerts(
+    PKIX_List *trustedCertList,
+    PKIX_List *certsFound,
+    void *plContext)
+{
+    PKIX_UInt32 trustIndex;
+    PKIX_PL_Cert *trustCert = NULL, *cert = NULL;
+
+    PKIX_ENTER(BUILD, "pkix_Build_RemoveDupUntrustedCerts");
+    if (trustedCertList == NULL || certsFound == NULL) {
+        goto cleanup;
+    }
+    for (trustIndex = 0;trustIndex < trustedCertList->length;
+        trustIndex++) {
+        PKIX_UInt32 certIndex = 0;
+        PKIX_CHECK(
+            PKIX_List_GetItem(trustedCertList,
+                              trustIndex,
+                              (PKIX_PL_Object **)&trustCert,
+                              plContext),
+            PKIX_LISTGETITEMFAILED);
+        
+        while (certIndex < certsFound->length) {
+            PKIX_Boolean result = PKIX_FALSE;
+            PKIX_DECREF(cert);
+            PKIX_CHECK(
+                PKIX_List_GetItem(certsFound, certIndex,
+                                  (PKIX_PL_Object **)&cert,
+                                  plContext),
+                PKIX_LISTGETITEMFAILED);
+            PKIX_CHECK(
+                PKIX_PL_Object_Equals((PKIX_PL_Object *)trustCert,
+                                      (PKIX_PL_Object *)cert,
+                                      &result,
+                                      plContext),
+                PKIX_OBJECTEQUALSFAILED);
+            if (!result) {
+                certIndex += 1;
+                continue;
+            }
+            PKIX_CHECK(
+                PKIX_List_DeleteItem(certsFound, certIndex,
+                                     plContext),
+                PKIX_LISTDELETEITEMFAILED);
+        }
+        PKIX_DECREF(trustCert);
+    }
+cleanup:
+    PKIX_DECREF(cert);
+    PKIX_DECREF(trustCert);
+
+    PKIX_RETURN(BUILD);
+}
+
+
+/*
+ * FUNCTION: pkix_Build_GatherCerts
+ * DESCRIPTION:
+ *
+ *  This function traverses the CertStores in the List of CertStores contained
+ *  in "state",  using the certSelector and other parameters contained in
+ *  "state", to obtain a List of all available Certs that satisfy the criteria.
+ *  If a CertStore has a cache, "certSelParams" is used both to query the cache
+ *  and, if an actual CertStore search occurred, to update the cache. (Behavior
+ *  is undefined if "certSelParams" is different from the parameters that were
+ *  used to initialize the certSelector in "state".)
+ * 
+ *  If a CertStore using non-blocking I/O returns with an indication that I/O is
+ *  in progress and the checking has not been completed, this function stores
+ *  platform-dependent information at "pNBIOContext". Otherwise it stores NULL
+ *  at "pNBIOContext", and state is updated with the results of the search.
+ *
+ * PARAMETERS:
+ *  "state"
+ *      Address of ForwardBuilderState to be used. Must be non-NULL.
+ *  "certSelParams"
+ *      Address of ComCertSelParams which were used in creating the current
+ *      CertSelector, and to be used in querying and updating any caches that
+ *      may be associated with with the CertStores.
+ *  "pNBIOContext"
+ *      Address at which platform-dependent information is returned if request
+ *      is suspended for non-blocking I/O. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+/* return NULL if wouldblock, empty list if none found, else list of found */
+static PKIX_Error *
+pkix_Build_GatherCerts(
+        PKIX_ForwardBuilderState *state,
+        PKIX_ComCertSelParams *certSelParams,
+        void **pNBIOContext,
+        void *plContext)
+{
+        PKIX_Boolean certStoreIsCached = PKIX_FALSE;
+        PKIX_Boolean certStoreIsLocal = PKIX_FALSE;
+        PKIX_Boolean foundInCache = PKIX_FALSE;
+        PKIX_CertStore *certStore = NULL;
+        PKIX_CertStore_CertCallback getCerts = NULL;
+        PKIX_List *certsFound = NULL;
+        PKIX_List *trustedCertList = NULL;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_GatherCerts");
+        PKIX_NULLCHECK_THREE(state, certSelParams, pNBIOContext);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        PKIX_DECREF(state->candidateCerts);
+
+        while (state->certStoreIndex < state->buildConstants.numCertStores) {
+
+                /* Get the current CertStore */
+                PKIX_CHECK(PKIX_List_GetItem
+                        (state->buildConstants.certStores,
+                        state->certStoreIndex,
+                        (PKIX_PL_Object **)&certStore,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_CertStore_GetLocalFlag
+                           (certStore, &certStoreIsLocal, plContext),
+                           PKIX_CERTSTOREGETLOCALFLAGFAILED);
+
+                if (state->useOnlyLocal == certStoreIsLocal) {
+                    /* If GATHERPENDING, we've already checked the cache */
+                    if (state->status == BUILD_GATHERPENDING) {
+                        certStoreIsCached = PKIX_FALSE;
+                        foundInCache = PKIX_FALSE;
+                    } else {
+                        PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
+                                (certStore, &certStoreIsCached, plContext),
+                                PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
+
+                        if (certStoreIsCached) {
+                        /*
+                         * Look for Certs in the cache, using the SubjectName as
+                         * the key. Then the ComCertSelParams are used to filter
+                         * for qualified certs. If none are found, then the
+                         * certStores are queried. When we eventually add items
+                         * to the cache, we will only add items that passed the
+                         * ComCertSelParams filter, rather than all Certs which
+                         * matched the SubjectName.
+                         */
+
+                                PKIX_CHECK(pkix_CacheCert_Lookup
+                                        (certStore,
+                                        certSelParams,
+                                        state->buildConstants.testDate,
+                                        &foundInCache,
+                                        &certsFound,
+                                        plContext),
+                                        PKIX_CACHECERTCHAINLOOKUPFAILED);
+
+                        }
+                    }
+
+                    /*
+                     * XXX need to verify if Cert is trusted, hence may not
+                     * be worth it to have the Cert Cached or
+                     * If it is trusted, don't cache, but once there is cached
+                     * certs, we won't get certs from database any more.
+                     * can use flag to force not getting certs from cache
+                     */
+                    if (!foundInCache) {
+
+                        if (nbioContext == NULL) {
+                                PKIX_CHECK(PKIX_CertStore_GetCertCallback
+                                        (certStore, &getCerts, plContext),
+                                        PKIX_CERTSTOREGETCERTCALLBACKFAILED);
+
+                                PKIX_CHECK(getCerts
+                                        (certStore,
+                                        state->certSel,
+                                        state->verifyNode,
+                                        &nbioContext,
+                                        &certsFound,
+                                        plContext),
+                                        PKIX_GETCERTSFAILED);
+                        } else {
+                                PKIX_CHECK(PKIX_CertStore_CertContinue
+                                        (certStore,
+                                        state->certSel,
+                                        state->verifyNode,
+                                        &nbioContext,
+                                        &certsFound,
+                                        plContext),
+                                        PKIX_CERTSTORECERTCONTINUEFAILED);
+                        }
+
+                        if (certStoreIsCached && certsFound) {
+
+                                PKIX_CHECK(pkix_CacheCert_Add
+                                        (certStore,
+                                        certSelParams,
+                                        certsFound,
+                                        plContext),
+                                        PKIX_CACHECERTADDFAILED);
+                        }
+                    }
+
+                    /*
+                     * getCerts returns an empty list for "NONE FOUND",
+                     * a NULL list for "would block"
+                     */
+                    if (certsFound == NULL) {
+                        state->status = BUILD_GATHERPENDING;
+                        *pNBIOContext = nbioContext;
+                        goto cleanup;
+                    }
+                }
+
+                /* Are there any more certStores to query? */
+                PKIX_DECREF(certStore);
+                ++(state->certStoreIndex);
+        }
+
+        if (certsFound && certsFound->length > 1) {
+            PKIX_List *sorted = NULL;
+            
+            /* sort Certs to try to optimize search */
+            PKIX_CHECK(pkix_Build_SortCandidateCerts
+                       (certsFound, &sorted, plContext),
+                       PKIX_BUILDSORTCANDIDATECERTSFAILED);
+            PKIX_DECREF(certsFound);
+            certsFound = sorted;
+        }
+
+        PKIX_CHECK(
+            pkix_Build_SelectCertsFromTrustAnchors(
+                state->buildConstants.anchors,
+                certSelParams, &trustedCertList,
+                plContext),
+            PKIX_FAILTOSELECTCERTSFROMANCHORS);
+        PKIX_CHECK(
+            pkix_Build_RemoveDupUntrustedCerts(trustedCertList,
+                                               certsFound,
+                                               plContext),
+            PKIX_REMOVEDUPUNTRUSTEDCERTSFAILED);
+
+        PKIX_CHECK(
+            pkix_List_MergeLists(trustedCertList,
+                                 certsFound,
+                                 &state->candidateCerts,
+                                 plContext),
+            PKIX_LISTMERGEFAILED);
+
+        /* No, return the list we have gathered */
+        PKIX_CHECK(PKIX_List_GetLength
+                (state->candidateCerts, &state->numCerts, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        state->certIndex = 0;
+
+cleanup:
+        PKIX_DECREF(trustedCertList);
+        PKIX_DECREF(certStore);
+        PKIX_DECREF(certsFound);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_UpdateDate
+ * DESCRIPTION:
+ *
+ *  This function updates the validityDate contained in "state", for the current
+ *  CertChain contained in "state", to include the validityDate of the
+ *  candidateCert contained in "state". The validityDate of a chain is the
+ *  earliest of all the notAfter dates contained in the respective Certificates.
+ *
+ * PARAMETERS:
+ *  "state"
+ *      Address of ForwardBuilderState to be used. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_UpdateDate(
+        PKIX_ForwardBuilderState *state,
+        void *plContext)
+{
+        PKIX_Boolean canBeCached = PKIX_FALSE;
+        PKIX_Int32 comparison = 0;
+        PKIX_PL_Date *notAfter = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_UpdateDate");
+        PKIX_NULLCHECK_ONE(state);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetCacheFlag
+                (state->candidateCert, &canBeCached, plContext),
+                PKIX_CERTGETCACHEFLAGFAILED);
+
+        state->canBeCached = state->canBeCached && canBeCached;
+        if (state->canBeCached == PKIX_TRUE) {
+
+                /*
+                 * So far, all certs can be cached. Update cert
+                 * chain validity time, which is the earliest of
+                 * all certs' notAfter times.
+                 */
+                PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
+                        (state->candidateCert, &notAfter, plContext),
+                        PKIX_CERTGETVALIDITYNOTAFTERFAILED);
+
+                if (state->validityDate == NULL) {
+                        state->validityDate = notAfter;
+                        notAfter = NULL;
+                } else {
+                        PKIX_CHECK(PKIX_PL_Object_Compare
+                                ((PKIX_PL_Object *)state->validityDate,
+                                (PKIX_PL_Object *)notAfter,
+                                &comparison,
+                                plContext),
+                                PKIX_OBJECTCOMPARATORFAILED);
+                        if (comparison > 0) {
+                                PKIX_DECREF(state->validityDate);
+                                state->validityDate = notAfter;
+                                notAfter = NULL;
+                        }
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(notAfter);
+
+        PKIX_RETURN(BUILD);
+}
+
+/* Prepare 'state' for the AIA round. */
+static void
+pkix_PrepareForwardBuilderStateForAIA(
+        PKIX_ForwardBuilderState *state)
+{
+        PORT_Assert(state->useOnlyLocal == PKIX_TRUE);
+        state->useOnlyLocal = PKIX_FALSE;
+        state->certStoreIndex = 0;
+        state->numFanout = state->buildConstants.maxFanout;
+        state->status = BUILD_TRYAIA;
+}
+
+extern SECStatus
+isIssuerCertAllowedAtCertIssuanceTime(CERTCertificate *issuerCert,
+                                      CERTCertificate *referenceCert);
+
+/*
+ * FUNCTION: pkix_BuildForwardDepthFirstSearch
+ * DESCRIPTION:
+ *
+ *  This function performs a depth first search in the "forward" direction (from
+ *  the target Cert to the trust anchor). A non-NULL targetCert must be stored
+ *  in the ForwardBuilderState before this function is called. It is not written
+ *  recursively since execution may be suspended in in any of several places
+ *  pending completion of non-blocking I/O. This iterative structure makes it
+ *  much easier to resume where it left off.
+ *
+ *  Since the nature of the search is recursive, the recursion is handled by
+ *  chaining states. That is, each new step involves creating a new
+ *  ForwardBuilderState linked to its predecessor. If a step turns out to be
+ *  fruitless, the state of the predecessor is restored and the next alternative
+ *  is tried. When a search is successful, values needed from the last state
+ *  (canBeCached and validityDate) are copied to the state provided by the
+ *  caller, so that the caller can retrieve those values.
+ *
+ *  There are three return arguments, the NBIOContext, the ValidateResult and
+ *  the ForwardBuilderState. If NBIOContext is non-NULL, it means the search is
+ *  suspended until the results of a non-blocking IO become available. The
+ *  caller may wait for the completion using platform-dependent methods and then
+ *  call this function again, allowing it to resume the search. If NBIOContext
+ *  is NULL and the ValidateResult is non-NULL, it means the search has
+ *  concluded successfully. If the NBIOContext is NULL but the ValidateResult is
+ *  NULL, it means the search was unsuccessful.
+ *
+ *  This function performs several steps at each node in the constructed chain:
+ *
+ *  1) It retrieves Certs from the registered CertStores that match the
+ *  criteria established by the ForwardBuilderState pointed to by "state", such
+ *  as a subject name matching the issuer name of the previous Cert. If there
+ *  are no matching Certs, the function returns to the previous, or "parent",
+ *  state and tries to continue the chain building with another of the Certs
+ *  obtained from the CertStores as possible issuers for that parent Cert.
+ *
+ *  2) For each candidate Cert returned by the CertStores, this function checks
+ *  whether the Cert is valid. If it is trusted, this function checks whether
+ *  this Cert might serve as a TrustAnchor for a complete chain.
+ *
+ *  3) It determines whether this Cert, in conjunction with any of the
+ *  TrustAnchors, might complete a chain. A complete chain, from this or the
+ *  preceding step, is checked to see whether it is valid as a complete
+ *  chain, including the checks that cannot be done in the forward direction.
+ *
+ *  4) If this Cert chains successfully, but is not a complete chain, that is,
+ *  we have not reached a trusted Cert, a new ForwardBuilderState is created
+ *  with this Cert as the immediate predecessor, and we continue in step (1),
+ *  attempting to get Certs from the CertStores with this Certs "issuer" as
+ *  their subject.
+ *
+ *  5) If an entire chain validates successfully, then we are done. A
+ *  ValidateResult is created containing the Public Key of the target
+ *  certificate (including DSA parameter inheritance, if any) and the
+ *  PolicyNode representing the policy tree output by the validation algorithm,
+ *  and stored at pValResult, and the function exits returning NULL.
+ *
+ *  5) If the entire chain does not validate successfully, the algorithm
+ *  discards the latest Cert and continues in step 2 with the next candidate
+ *  Cert, backing up to a parent state when no more possibilities exist at a
+ *  given level, and returning failure when we try to back up but discover we
+ *  are at the top level.
+ *
+ * PARAMETERS:
+ *  "pNBIOContext"
+ *      Address at which platform-dependent information is returned if building
+ *      is suspended for non-blocking I/O. Must be non-NULL.
+ *  "pState"
+ *      Address at which input ForwardBuilderState is found, and at which output
+ *      ForwardBuilderState is stored. Must be non-NULL.
+ *  "pValResult"
+ *      Address at which the ValidateResult is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_BuildForwardDepthFirstSearch(
+        void **pNBIOContext,
+        PKIX_ForwardBuilderState *state,
+        PKIX_ValidateResult **pValResult,
+        void *plContext)
+{
+        PKIX_Boolean outOfOptions = PKIX_FALSE;
+        PKIX_Boolean trusted = PKIX_FALSE;
+        PKIX_Boolean isSelfIssued = PKIX_FALSE;
+        PKIX_Boolean canBeCached = PKIX_FALSE;
+        PKIX_Boolean ioPending = PKIX_FALSE;
+        PKIX_PL_Date *validityDate = NULL;
+        PKIX_PL_Date *currTime  = NULL;
+        PKIX_Int32 childTraversedCACerts = 0;
+        PKIX_UInt32 numSubjectNames = 0;
+        PKIX_UInt32 numChained = 0;
+        PKIX_Int32 cmpTimeResult = 0;
+        PKIX_UInt32 i = 0;
+        PKIX_UInt32 certsSoFar = 0;
+        PKIX_List *childTraversedSubjNames = NULL;
+        PKIX_List *subjectNames = NULL;
+        PKIX_List *unfilteredCerts = NULL;
+        PKIX_List *filteredCerts = NULL;
+        PKIX_PL_Object *subjectName = NULL;
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_ForwardBuilderState *childState = NULL;
+        PKIX_ForwardBuilderState *parentState = NULL;
+        PKIX_PL_Object *revCheckerState = NULL;
+        PKIX_ComCertSelParams *certSelParams = NULL;
+        PKIX_TrustAnchor *trustAnchor = NULL;
+        PKIX_PL_Cert *trustedCert = NULL;
+        PKIX_PL_Cert *targetCert = NULL;
+        PKIX_VerifyNode *verifyNode = NULL;
+        PKIX_Error *verifyError = NULL;
+        PKIX_Error *finalError = NULL;
+        void *nbio = NULL;
+        PKIX_UInt32 numIterations = 0;
+
+        PKIX_ENTER(BUILD, "pkix_BuildForwardDepthFirstSearch");
+        PKIX_NULLCHECK_THREE(pNBIOContext, state, pValResult);
+
+        nbio = *pNBIOContext;
+        *pNBIOContext = NULL;
+        PKIX_INCREF(state->validityDate);
+        validityDate = state->validityDate;
+        canBeCached = state->canBeCached;
+        PKIX_DECREF(*pValResult);
+        targetCert = state->buildConstants.targetCert;
+
+        /*
+         * We return if successful; if we fall off the end
+         * of this "while" clause our search has failed.
+         */
+        while (outOfOptions == PKIX_FALSE) {
+            /*
+             * The maximum number of iterations works around a bug that
+             * causes this while loop to never exit when AIA and cross
+             * certificates are involved.  See bug xxxxx.
+             */
+            if (numIterations++ > 250)
+                    PKIX_ERROR(PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS);
+
+            if (state->buildConstants.maxTime != 0) {
+                    PKIX_DECREF(currTime);
+                    PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
+                            (NULL, &currTime, plContext),
+                            PKIX_DATECREATEUTCTIMEFAILED);
+
+                    PKIX_CHECK(PKIX_PL_Object_Compare
+                             ((PKIX_PL_Object *)state->buildConstants.timeLimit,
+                             (PKIX_PL_Object *)currTime,
+                             &cmpTimeResult,
+                             plContext),
+                             PKIX_OBJECTCOMPARATORFAILED);
+
+                    if (cmpTimeResult < 0) {
+                        if (state->verifyNode != NULL) {
+                                PKIX_ERROR_CREATE
+                                    (BUILD,
+                                    PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS,
+                                    verifyError);
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
+                                    (state->verifyNode,
+                                    verifyError,
+                                    plContext),
+                                    PKIX_VERIFYNODESETERRORFAILED);
+                                PKIX_DECREF(finalError);
+                                finalError = verifyError;
+                                verifyError = NULL;
+                        }
+                        /* Even if we logged error, we still have to abort */
+                        PKIX_ERROR(PKIX_TIMECONSUMEDEXCEEDSRESOURCELIMITS);
+                    }
+            }
+
+            if (state->status == BUILD_INITIAL) {
+
+                PKIX_CHECK(pkix_Build_BuildSelectorAndParams(state, plContext),
+                        PKIX_BUILDBUILDSELECTORANDPARAMSFAILED);
+
+                /*
+                 * If the caller supplied a partial certChain (hintCerts) try
+                 * the next one from that List before we go to the certStores.
+                 */
+                if (state->buildConstants.numHintCerts > 0) {
+                        /* How many Certs does our trust chain have already? */
+                        PKIX_CHECK(PKIX_List_GetLength
+                                (state->trustChain, &certsSoFar, plContext),
+                                PKIX_LISTGETLENGTHFAILED);
+
+                        /* That includes the target Cert. Don't count it. */
+                        certsSoFar--;
+
+                        /* Are we still within range of the partial chain? */
+                        if (certsSoFar >= state->buildConstants.numHintCerts) {
+                                state->status = BUILD_TRYAIA;
+                        } else {
+                                /*
+                                 * If we already have n certs, we want the n+1th
+                                 * (i.e., index = n) from the list of hints.
+                                 */
+                                PKIX_DECREF(state->candidateCert);
+                                PKIX_CHECK(PKIX_List_GetItem
+                                    (state->buildConstants.hintCerts,
+                                    certsSoFar,
+                                    (PKIX_PL_Object **)&state->candidateCert,
+                                    plContext),
+                                    PKIX_LISTGETITEMFAILED);
+
+                                PKIX_CHECK(PKIX_List_AppendItem
+                                    (state->candidateCerts,
+                                    (PKIX_PL_Object *)state->candidateCert,
+                                    plContext),
+                                    PKIX_LISTAPPENDITEMFAILED);
+
+                                state->numCerts = 1;
+                                state->usingHintCerts = PKIX_TRUE;
+                                state->status = BUILD_CERTVALIDATING;
+                        }
+                } else {
+                        state->status = BUILD_TRYAIA;
+                }
+
+            }
+
+            if (state->status == BUILD_TRYAIA) {
+                if (state->useOnlyLocal == PKIX_TRUE) {
+                        state->status = BUILD_COLLECTINGCERTS;
+                } else {
+                        state->status = BUILD_AIAPENDING;
+                }
+            }
+
+            if (state->status == BUILD_AIAPENDING &&
+                state->buildConstants.aiaMgr) {
+                pkixErrorResult = PKIX_PL_AIAMgr_GetAIACerts
+                        (state->buildConstants.aiaMgr,
+                        state->prevCert,
+                        &nbio,
+                        &unfilteredCerts,
+                         plContext);
+
+                if (nbio != NULL) {
+                        /* IO still pending, resume later */
+                        *pNBIOContext = nbio;
+                        goto cleanup;
+                }
+                state->numCerts = 0;
+                if (pkixErrorResult) {
+                    pkixErrorClass = pkixErrorResult->errClass;
+                    if (pkixErrorClass == PKIX_FATAL_ERROR) {
+                        goto fatal;
+                    }
+                    PKIX_DECREF(finalError);
+                    finalError = pkixErrorResult;
+                    pkixErrorResult = NULL;
+                    if (state->verifyNode != NULL) {
+                        /* state->verifyNode is the object that contains a list
+                         * of verifyNodes. verifyNodes contains cert chain
+                         * build failures that occurred on this level of chain
+                         * building.  Here, creating new verify node
+                         * to log the failure and adding it to the list. */
+                        PKIX_CHECK_FATAL(pkix_VerifyNode_Create
+                                         (state->prevCert,
+                                          0, NULL,
+                                          &verifyNode,
+                                          plContext),
+                                         PKIX_VERIFYNODECREATEFAILED);
+                        PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
+                                         (verifyNode, finalError, plContext),
+                                         PKIX_VERIFYNODESETERRORFAILED);
+                        PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
+                                         (state->verifyNode,
+                                          verifyNode,
+                                          plContext),
+                                         PKIX_VERIFYNODEADDTOTREEFAILED);
+                        PKIX_DECREF(verifyNode);
+                    }
+                }
+#ifdef PKIX_BUILDDEBUG
+                /* Turn this on to trace the List of Certs, before CertSelect */
+                {
+                                PKIX_PL_String *unString;
+                                char *unAscii;
+                                PKIX_UInt32 length;
+                                PKIX_TOSTRING
+                                        ((PKIX_PL_Object*)unfilteredCerts,
+                                        &unString,
+                                        plContext,
+                                        PKIX_OBJECTTOSTRINGFAILED);
+
+                                PKIX_CHECK(PKIX_PL_String_GetEncoded
+                                        (unString,
+                                        PKIX_ESCASCII,
+                                        (void **)&unAscii,
+                                        &length,
+                                        plContext),
+                                        PKIX_STRINGGETENCODEDFAILED);
+
+                                PKIX_DEBUG_ARG
+                                        ("unfilteredCerts = %s\n", unAscii);
+                                PKIX_DECREF(unString);
+                                PKIX_FREE(unAscii);
+                }
+#endif
+
+                /* Note: Certs winnowed here don't get into VerifyTree. */
+                if (unfilteredCerts) {
+                        PKIX_CHECK(pkix_CertSelector_Select
+                                (state->certSel,
+                                unfilteredCerts,
+                                &filteredCerts,
+                                plContext),
+                                PKIX_CERTSELECTORSELECTFAILED);
+
+                        PKIX_DECREF(unfilteredCerts);
+
+                        PKIX_CHECK(PKIX_List_GetLength
+                                (filteredCerts, &(state->numCerts), plContext),
+                                PKIX_LISTGETLENGTHFAILED);
+
+#ifdef PKIX_BUILDDEBUG
+                /* Turn this on to trace the List of Certs, after CertSelect */
+                {
+                        PKIX_PL_String *unString;
+                        char *unAscii;
+                        PKIX_UInt32 length;
+                        PKIX_TOSTRING
+                                ((PKIX_PL_Object*)filteredCerts,
+                                &unString,
+                                plContext,
+                                PKIX_OBJECTTOSTRINGFAILED);
+
+                        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                                    (unString,
+                                    PKIX_ESCASCII,
+                                    (void **)&unAscii,
+                                    &length,
+                                    plContext),
+                                    PKIX_STRINGGETENCODEDFAILED);
+
+                        PKIX_DEBUG_ARG("filteredCerts = %s\n", unAscii);
+                        PKIX_DECREF(unString);
+                        PKIX_FREE(unAscii);
+                }
+#endif
+
+                        PKIX_DECREF(state->candidateCerts);
+                        state->candidateCerts = filteredCerts;
+                        state->certIndex = 0;
+                        filteredCerts = NULL;
+                }
+
+                /* Are there any Certs to try? */
+                if (state->numCerts > 0) {
+                        state->status = BUILD_CERTVALIDATING;
+                } else {
+                        state->status = BUILD_COLLECTINGCERTS;
+                }
+            }
+
+            PKIX_DECREF(certSelParams);
+            PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
+                (state->certSel, &certSelParams, plContext),
+                PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
+
+            /* **** Querying the CertStores ***** */
+            if ((state->status == BUILD_COLLECTINGCERTS) ||
+                (state->status == BUILD_GATHERPENDING)) {
+
+#if PKIX_FORWARDBUILDERSTATEDEBUG
+                PKIX_CHECK(pkix_ForwardBuilderState_DumpState
+                        (state, plContext),
+                        PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED);
+#endif
+
+                PKIX_CHECK(pkix_Build_GatherCerts
+                        (state, certSelParams, &nbio, plContext),
+                        PKIX_BUILDGATHERCERTSFAILED);
+
+                if (nbio != NULL) {
+                        /* IO still pending, resume later */
+                        *pNBIOContext = nbio;
+                        goto cleanup;
+                }
+
+                /* Are there any Certs to try? */
+                if (state->numCerts > 0) {
+                        state->status = BUILD_CERTVALIDATING;
+                } else {
+                        state->status = BUILD_ABANDONNODE;
+                }
+            }
+
+            /* ****Phase 2 - Chain building***** */
+
+#if PKIX_FORWARDBUILDERSTATEDEBUG
+            PKIX_CHECK(pkix_ForwardBuilderState_DumpState(state, plContext),
+                    PKIX_FORWARDBUILDERSTATEDUMPSTATEFAILED);
+#endif
+
+            if (state->status == BUILD_CERTVALIDATING) {
+                    PKIX_DECREF(state->candidateCert);
+                    PKIX_CHECK(PKIX_List_GetItem
+                            (state->candidateCerts,
+                            state->certIndex,
+                            (PKIX_PL_Object **)&(state->candidateCert),
+                            plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                    if (isIssuerCertAllowedAtCertIssuanceTime(
+                          state->candidateCert->nssCert, targetCert->nssCert)
+                            != SECSuccess) {
+                        PKIX_ERROR(PKIX_CERTISBLACKLISTEDATISSUANCETIME);
+                    }
+
+                    if ((state->verifyNode) != NULL) {
+                            PKIX_CHECK_FATAL(pkix_VerifyNode_Create
+                                    (state->candidateCert,
+                                    0,
+                                    NULL,
+                                    &verifyNode,
+                                    plContext),
+                                    PKIX_VERIFYNODECREATEFAILED);
+                    }
+
+                    /* If failure, this function sets Error in verifyNode */
+                    verifyError = pkix_Build_VerifyCertificate
+                            (state,
+                            state->buildConstants.userCheckers,
+                            &trusted,
+                            verifyNode,
+                            plContext);
+
+                    if (verifyError) {
+                            pkixTempErrorReceived = PKIX_TRUE;
+                            pkixErrorClass = verifyError->errClass;
+                            if (pkixErrorClass == PKIX_FATAL_ERROR) {
+                                pkixErrorResult = verifyError;
+                                verifyError = NULL;
+                                goto fatal;
+                            }
+                    }
+
+                    if (PKIX_ERROR_RECEIVED) {
+                            if (state->verifyNode != NULL) {
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
+                                    (verifyNode, verifyError, plContext),
+                                    PKIX_VERIFYNODESETERRORFAILED);
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
+                                        (state->verifyNode,
+                                        verifyNode,
+                                        plContext),
+                                        PKIX_VERIFYNODEADDTOTREEFAILED);
+                                PKIX_DECREF(verifyNode);
+                            }
+                            pkixTempErrorReceived = PKIX_FALSE;
+                            PKIX_DECREF(finalError);
+                            finalError = verifyError;
+                            verifyError = NULL;
+                            if (state->certLoopingDetected) {
+                                PKIX_ERROR
+                                    (PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED);
+                            }
+                            state->status = BUILD_GETNEXTCERT;
+                    } else {
+                            state->status = BUILD_DATEPREP;
+                    }
+            }
+
+            if (state->status == BUILD_DATEPREP) {
+                    /* Keep track of whether this chain can be cached */
+                    PKIX_CHECK(pkix_Build_UpdateDate(state, plContext),
+                            PKIX_BUILDUPDATEDATEFAILED);
+    
+                    canBeCached = state->canBeCached;
+                    PKIX_DECREF(validityDate);
+                    PKIX_INCREF(state->validityDate);
+                    validityDate = state->validityDate;
+                    if (trusted == PKIX_TRUE) {
+                            state->status = BUILD_CHECKTRUSTED;
+                    } else {
+                            state->status = BUILD_ADDTOCHAIN;
+                    }
+            }
+
+            if (state->status == BUILD_CHECKTRUSTED) {
+
+                    /*
+                     * If this cert is trusted, try to validate the entire
+                     * chain using this certificate as trust anchor.
+                     */
+                    PKIX_CHECK(PKIX_TrustAnchor_CreateWithCert
+                      (state->candidateCert,
+                      &trustAnchor,
+                      plContext),
+                      PKIX_TRUSTANCHORCREATEWITHCERTFAILED);
+
+                    PKIX_CHECK(pkix_Build_ValidationCheckers
+                      (state,
+                      state->trustChain,
+                      trustAnchor,
+                      PKIX_FALSE, /* do not add eku checker
+                                   * since eku was already
+                                   * checked */
+                      plContext),
+                      PKIX_BUILDVALIDATIONCHECKERSFAILED);
+
+                    state->status = BUILD_CHECKTRUSTED2;
+            }
+
+            if (state->status == BUILD_CHECKTRUSTED2) {
+                    verifyError = 
+                        pkix_Build_ValidateEntireChain(state,
+                                                       trustAnchor,
+                                                       &nbio, &valResult,
+                                                       verifyNode,
+                                                       plContext);
+                    if (nbio != NULL) {
+                            /* IO still pending, resume later */
+                            goto cleanup;
+                    } else {
+                            /* checking the error for fatal status */
+                            if (verifyError) {
+                                pkixTempErrorReceived = PKIX_TRUE;
+                                pkixErrorClass = verifyError->errClass;
+                                if (pkixErrorClass == PKIX_FATAL_ERROR) {
+                                    pkixErrorResult = verifyError;
+                                    verifyError = NULL;
+                                    goto fatal;
+                                }
+                            }
+                            if (state->verifyNode != NULL) {
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
+                                        (state->verifyNode,
+                                        verifyNode,
+                                        plContext),
+                                        PKIX_VERIFYNODEADDTOTREEFAILED);
+                                PKIX_DECREF(verifyNode);
+                            }
+                            if (!PKIX_ERROR_RECEIVED) {
+                                *pValResult = valResult;
+                                valResult = NULL;
+                                /* Change state so IsIOPending is FALSE */
+                                state->status = BUILD_CHECKTRUSTED;
+                                goto cleanup;
+                            }
+                            PKIX_DECREF(finalError);
+                            finalError = verifyError;
+                            verifyError = NULL;
+                            /* Reset temp error that was set by 
+                             * PKIX_CHECK_ONLY_FATAL and continue */
+                            pkixTempErrorReceived = PKIX_FALSE;
+                            PKIX_DECREF(trustAnchor);
+                    }
+
+                    /*
+                     * If chain doesn't validate with a trusted Cert,
+                     * adding more Certs to it can't help.
+                     */
+                    if (state->certLoopingDetected) {
+                            PKIX_DECREF(verifyError);
+                            PKIX_ERROR_CREATE(BUILD, 
+                                         PKIX_LOOPDISCOVEREDDUPCERTSNOTALLOWED,
+                                         verifyError);
+                            PKIX_CHECK_FATAL(
+                                pkix_VerifyNode_SetError(state->verifyNode,
+                                                         verifyError,
+                                                         plContext),
+                                PKIX_VERIFYNODESETERRORFAILED);
+                            PKIX_DECREF(verifyError);
+                    }
+                    state->status = BUILD_GETNEXTCERT;
+            }
+
+            /*
+             * This Cert was not trusted. Add it to our chain, and
+             * continue building. If we don't reach a trust anchor,
+             * we'll take it off later and continue without it.
+             */
+            if (state->status == BUILD_ADDTOCHAIN) {
+                    PKIX_CHECK(PKIX_List_AppendItem
+                            (state->trustChain,
+                            (PKIX_PL_Object *)state->candidateCert,
+                            plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+
+                    state->status = BUILD_EXTENDCHAIN;
+            }
+
+            if (state->status == BUILD_EXTENDCHAIN) {
+
+                    /* Check whether we are allowed to extend the chain */
+                    if ((state->buildConstants.maxDepth != 0) &&
+                        (state->numDepth <= 1)) {
+
+                        if (state->verifyNode != NULL) {
+                                PKIX_ERROR_CREATE
+                                    (BUILD,
+                                    PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS,
+                                    verifyError);
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_SetError
+                                    (verifyNode, verifyError, plContext),
+                                    PKIX_VERIFYNODESETERRORFAILED);
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
+                                    (state->verifyNode, verifyNode, plContext),
+                                    PKIX_VERIFYNODEADDTOTREEFAILED);
+                                PKIX_DECREF(verifyNode);
+                                PKIX_DECREF(finalError);
+                                finalError = verifyError;
+                                verifyError = NULL;
+                        }
+                        /* Even if error logged, still need to abort */
+                        PKIX_ERROR(PKIX_DEPTHWOULDEXCEEDRESOURCELIMITS);
+                    }
+
+                    PKIX_CHECK(pkix_IsCertSelfIssued
+                            (state->candidateCert, &isSelfIssued, plContext),
+                            PKIX_ISCERTSELFISSUEDFAILED);
+                 
+                    PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            ((PKIX_PL_Object *)state->traversedSubjNames,
+                            (PKIX_PL_Object **)&childTraversedSubjNames,
+                            plContext),
+                            PKIX_OBJECTDUPLICATEFAILED);
+         
+                    if (isSelfIssued) {
+                            childTraversedCACerts = state->traversedCACerts;
+                    } else {
+                            childTraversedCACerts = state->traversedCACerts + 1;
+                 
+                            PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNames
+                                (state->candidateCert,
+                                &subjectNames,
+                                plContext),
+                                PKIX_CERTGETALLSUBJECTNAMESFAILED);
+                 
+                            if (subjectNames) {
+                                PKIX_CHECK(PKIX_List_GetLength
+                                    (subjectNames,
+                                    &numSubjectNames,
+                                    plContext),
+                                    PKIX_LISTGETLENGTHFAILED);
+         
+                            } else {
+                                numSubjectNames = 0;
+                            }
+
+                            for (i = 0; i < numSubjectNames; i++) {
+                                PKIX_CHECK(PKIX_List_GetItem
+                                    (subjectNames,
+                                    i,
+                                    &subjectName,
+                                    plContext),
+                                    PKIX_LISTGETITEMFAILED);
+                                PKIX_NULLCHECK_ONE
+                                    (state->traversedSubjNames);
+                                PKIX_CHECK(PKIX_List_AppendItem
+                                    (state->traversedSubjNames,
+                                    subjectName,
+                                    plContext),
+                                    PKIX_LISTAPPENDITEMFAILED);
+                                PKIX_DECREF(subjectName);
+                            }
+                            PKIX_DECREF(subjectNames);
+                        }
+            
+                        PKIX_CHECK(pkix_ForwardBuilderState_Create
+                            (childTraversedCACerts,
+                            state->buildConstants.maxFanout,
+                            state->numDepth - 1,
+                            canBeCached,
+                            validityDate,
+                            state->candidateCert,
+                            childTraversedSubjNames,
+                            state->trustChain,
+                            state,
+                            &childState,
+                            plContext),
+                            PKIX_FORWARDBUILDSTATECREATEFAILED);
+
+                        PKIX_DECREF(childTraversedSubjNames);
+                        PKIX_DECREF(certSelParams);
+                        childState->verifyNode = verifyNode;
+                        verifyNode = NULL;
+                        PKIX_DECREF(state);
+                        state = childState; /* state->status == BUILD_INITIAL */
+                        childState = NULL;
+                        continue; /* with while (!outOfOptions) */
+            }
+
+            if (state->status == BUILD_GETNEXTCERT) {
+                    pkixTempErrorReceived = PKIX_FALSE;
+                    PKIX_DECREF(state->candidateCert);
+
+                    /*
+                     * If we were using a Cert from the callier-supplied partial
+                     * chain, delete it and go to the certStores.
+                     */
+                    if (state->usingHintCerts == PKIX_TRUE) {
+                            PKIX_DECREF(state->candidateCerts);
+                            PKIX_CHECK(PKIX_List_Create
+                                (&state->candidateCerts, plContext),
+                                PKIX_LISTCREATEFAILED);
+
+                            state->numCerts = 0;
+                            state->usingHintCerts = PKIX_FALSE;
+                            state->status = BUILD_TRYAIA;
+                            continue;
+                    } else if (++(state->certIndex) < (state->numCerts)) {
+                            if ((state->buildConstants.maxFanout != 0) &&
+                                (--(state->numFanout) == 0)) {
+
+                                if (state->verifyNode != NULL) {
+                                        PKIX_ERROR_CREATE
+                                            (BUILD,
+                                            PKIX_FANOUTEXCEEDSRESOURCELIMITS,
+                                            verifyError);
+                                        PKIX_CHECK_FATAL
+                                            (pkix_VerifyNode_SetError
+                                            (state->verifyNode,
+                                            verifyError,
+                                            plContext),
+                                            PKIX_VERIFYNODESETERRORFAILED);
+                                        PKIX_DECREF(finalError);
+                                        finalError = verifyError;
+                                        verifyError = NULL;
+                                }
+                                /* Even if error logged, still need to abort */
+                                PKIX_ERROR
+                                        (PKIX_FANOUTEXCEEDSRESOURCELIMITS);
+                            }
+                            state->status = BUILD_CERTVALIDATING;
+                            continue;
+                    }
+            }
+
+            /*
+             * Adding the current cert to the chain didn't help. If our search
+             * has been restricted to local certStores, try opening up the
+             * search and see whether that helps. Otherwise, back up to the
+             * parent cert, and see if there are any more to try.
+             */
+            if (state->useOnlyLocal == PKIX_TRUE) {
+                pkix_PrepareForwardBuilderStateForAIA(state);
+            } else do {
+                if (state->parentState == NULL) {
+                        /* We are at the top level, and can't back up! */
+                        outOfOptions = PKIX_TRUE;
+                } else {
+                        /*
+                         * Try the next cert, if any, for this parent.
+                         * Otherwise keep backing up until we reach a
+                         * parent with more certs to try.
+                         */
+                        PKIX_CHECK(PKIX_List_GetLength
+                                (state->trustChain, &numChained, plContext),
+                                PKIX_LISTGETLENGTHFAILED);
+                        PKIX_CHECK(PKIX_List_DeleteItem
+                                (state->trustChain, numChained - 1, plContext),
+                                PKIX_LISTDELETEITEMFAILED);
+                        
+                        /* local and aia fetching returned no good certs.
+                         * Creating a verify node in the parent that tells
+                         * us this. */
+                        if (!state->verifyNode) {
+                            PKIX_CHECK_FATAL(
+                                pkix_VerifyNode_Create(state->prevCert,
+                                                       0, NULL, 
+                                                       &state->verifyNode,
+                                                       plContext),
+                                PKIX_VERIFYNODECREATEFAILED);
+                        }
+                        /* Updating the log with the error. */
+                        PKIX_DECREF(verifyError);
+                        PKIX_ERROR_CREATE(BUILD, PKIX_SECERRORUNKNOWNISSUER,
+                                          verifyError);
+                        PKIX_CHECK_FATAL(
+                            pkix_VerifyNode_SetError(state->verifyNode,
+                                                     verifyError,
+                                                     plContext),
+                            PKIX_VERIFYNODESETERRORFAILED);
+                        PKIX_DECREF(verifyError);
+
+                        PKIX_INCREF(state->parentState);
+                        parentState = state->parentState;
+                        PKIX_DECREF(verifyNode);
+                        verifyNode = state->verifyNode;
+                        state->verifyNode = NULL;
+                        PKIX_DECREF(state);
+                        state = parentState;
+                        parentState = NULL;
+                        if (state->verifyNode != NULL && verifyNode) {
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
+                                        (state->verifyNode,
+                                        verifyNode,
+                                        plContext),
+                                        PKIX_VERIFYNODEADDTOTREEFAILED);
+                                PKIX_DECREF(verifyNode);
+                        }
+                        PKIX_DECREF(validityDate);
+                        PKIX_INCREF(state->validityDate);
+                        validityDate = state->validityDate;
+                        canBeCached = state->canBeCached;
+
+                        /* Are there any more Certs to try? */
+                        if (++(state->certIndex) < (state->numCerts)) {
+                                state->status = BUILD_CERTVALIDATING;
+                                PKIX_DECREF(state->candidateCert);
+                                break;
+                        }
+                        if (state->useOnlyLocal == PKIX_TRUE) {
+                            /* Clean up and go for AIA round. */
+                            pkix_PrepareForwardBuilderStateForAIA(state);
+                            break;
+                        }
+                }
+                PKIX_DECREF(state->candidateCert);
+            } while (outOfOptions == PKIX_FALSE);
+
+        } /* while (outOfOptions == PKIX_FALSE) */
+
+cleanup:
+
+        if (pkixErrorClass == PKIX_FATAL_ERROR) {
+            goto fatal;
+        }
+
+        /* verifyNode should be equal to NULL at this point. Assert it.
+         * Temporarelly use verifyError to store an error ref to which we
+         * have in pkixErrorResult. This is done to prevent error cloberring
+         * while using macros below. */
+        PORT_Assert(verifyError == NULL);
+        verifyError = pkixErrorResult;
+
+        /*
+         * We were called with an initialState that had no parent. If we are
+         * returning with an error or with a result, we must destroy any state
+         * that we created (any state with a parent).
+         */
+
+        PKIX_CHECK_FATAL(pkix_ForwardBuilderState_IsIOPending
+                         (state, &ioPending, plContext),
+                PKIX_FORWARDBUILDERSTATEISIOPENDINGFAILED);
+
+        if (ioPending == PKIX_FALSE) {
+                while (state->parentState) {
+                        PKIX_INCREF(state->parentState);
+                        parentState = state->parentState;
+                        PKIX_DECREF(verifyNode);
+                        verifyNode = state->verifyNode;
+                        state->verifyNode = NULL;
+                        PKIX_DECREF(state);
+                        state = parentState;
+                        parentState = NULL;
+                        if (state->verifyNode != NULL && verifyNode) {
+                                PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
+                                        (state->verifyNode,
+                                        verifyNode,
+                                        plContext),
+                                        PKIX_VERIFYNODEADDTOTREEFAILED);
+                                PKIX_DECREF(verifyNode);
+                        }
+                }
+                state->canBeCached = canBeCached;
+                PKIX_DECREF(state->validityDate);
+                state->validityDate = validityDate;
+                validityDate = NULL;
+        }
+        if (!*pValResult && !verifyError) {
+            if (!finalError) {
+                PKIX_CHECK_FATAL(
+                    pkix_VerifyNode_FindError(state->verifyNode,
+                                              &finalError,
+                                              plContext),
+                    PKIX_VERIFYNODEFINDERRORFAILED);
+            }
+            if (finalError) {
+                pkixErrorResult = finalError;
+                pkixErrorCode = PKIX_BUILDFORWARDDEPTHFIRSTSEARCHFAILED;
+                finalError = NULL;
+                goto fatal;
+            }
+            pkixErrorCode = PKIX_SECERRORUNKNOWNISSUER;
+            pkixErrorReceived = PKIX_TRUE;
+            PKIX_ERROR_CREATE(BUILD, PKIX_SECERRORUNKNOWNISSUER,
+                              verifyError);
+            PKIX_CHECK_FATAL(
+                pkix_VerifyNode_SetError(state->verifyNode, verifyError,
+                                         plContext),
+                PKIX_VERIFYNODESETERRORFAILED);
+        } else {
+            pkixErrorResult = verifyError;
+            verifyError = NULL;
+        }
+
+fatal:
+        if (state->parentState) {
+            /* parentState in "state" object should be NULL at this point.
+             * If itn't, that means that we got fatal error(we have jumped to
+             * "fatal" label) and we should destroy all state except the top one. */
+            while (state->parentState) {
+                PKIX_Error *error = NULL;
+                PKIX_ForwardBuilderState *prntState = state->parentState;
+                /* Dumb: need to increment parentState to avoid destruction
+                 * of "build constants"(they get destroyed when parentState is
+                 * set to NULL. */
+                PKIX_INCREF(prntState);
+                error = PKIX_PL_Object_DecRef((PKIX_PL_Object*)state, plContext);
+                if (error) {
+                    PKIX_PL_Object_DecRef((PKIX_PL_Object*)error, plContext);
+                }
+                /* No need to decref the parent state. It was already done by
+                 * pkix_ForwardBuilderState_Destroy function. */
+                state = prntState;
+            }
+        }
+        PKIX_DECREF(parentState);
+        PKIX_DECREF(childState);
+        PKIX_DECREF(valResult);
+        PKIX_DECREF(verifyError);
+        PKIX_DECREF(finalError);
+        PKIX_DECREF(verifyNode);
+        PKIX_DECREF(childTraversedSubjNames);
+        PKIX_DECREF(certSelParams);
+        PKIX_DECREF(subjectNames);
+        PKIX_DECREF(subjectName);
+        PKIX_DECREF(trustAnchor);
+        PKIX_DECREF(validityDate);
+        PKIX_DECREF(revCheckerState);
+        PKIX_DECREF(currTime);
+        PKIX_DECREF(filteredCerts);
+        PKIX_DECREF(unfilteredCerts);
+        PKIX_DECREF(trustedCert);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_CheckInCache
+ * DESCRIPTION:
+ *
+ * The function tries to locate a chain for a cert in the cert chain cache.
+ * If found, the chain goes through revocation chacking and returned back to
+ * caller. Chains that fail revocation check get removed from cache.
+ * 
+ * PARAMETERS:
+ *  "state"
+ *      Address of ForwardBuilderState to be used. Must be non-NULL.
+ *  "pBuildResult"
+ *      Address at which the BuildResult is stored, after a successful build.
+ *      Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which the NBIOContext is stored indicating whether the
+ *      validation is complete. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error*
+pkix_Build_CheckInCache(
+        PKIX_ForwardBuilderState *state,
+        PKIX_BuildResult **pBuildResult,
+        void **pNBIOContext,
+        void *plContext)
+{
+        PKIX_PL_Cert *targetCert = NULL;
+        PKIX_List *anchors = NULL;
+        PKIX_PL_Date *testDate = NULL;
+        PKIX_BuildResult *buildResult = NULL;
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_Error *buildError = NULL;
+        PKIX_TrustAnchor *matchingAnchor = NULL;
+        PKIX_PL_Cert *trustedCert = NULL;
+        PKIX_List *certList = NULL;
+        PKIX_Boolean cacheHit = PKIX_FALSE;
+        PKIX_Boolean trusted = PKIX_FALSE;
+        PKIX_Boolean stillValid = PKIX_FALSE;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_CheckInCache");
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        targetCert = state->buildConstants.targetCert;
+        anchors = state->buildConstants.anchors;
+        testDate = state->buildConstants.testDate;
+
+        /* Check whether this cert verification has been cached. */
+        PKIX_CHECK(pkix_CacheCertChain_Lookup
+                   (targetCert,
+                    anchors,
+                    testDate,
+                    &cacheHit,
+                    &buildResult,
+                    plContext),
+                   PKIX_CACHECERTCHAINLOOKUPFAILED);
+        
+        if (!cacheHit) {
+            goto cleanup;
+        }
+        
+        /*
+         * We found something in cache. Verify that the anchor
+         * cert is still trusted,
+         */
+        PKIX_CHECK(PKIX_BuildResult_GetValidateResult
+                   (buildResult, &valResult, plContext),
+                   PKIX_BUILDRESULTGETVALIDATERESULTFAILED);
+        
+        PKIX_CHECK(PKIX_ValidateResult_GetTrustAnchor
+                       (valResult, &matchingAnchor, plContext),
+                   PKIX_VALIDATERESULTGETTRUSTANCHORFAILED);
+        
+        PKIX_DECREF(valResult);
+        
+        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
+                   (matchingAnchor, &trustedCert, plContext),
+                   PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
+        
+        if (anchors && state->buildConstants.numAnchors) {
+            /* Check if it is one of the trust anchors */
+            PKIX_CHECK(
+                pkix_List_Contains(anchors,
+                                   (PKIX_PL_Object *)matchingAnchor,
+                                   &trusted,
+                                   plContext),
+                PKIX_LISTCONTAINSFAILED);
+        }
+
+        if ((!trusted && !state->buildConstants.trustOnlyUserAnchors) ||
+            !state->buildConstants.numAnchors) {
+            /* If it is not one of the trust anchors and the trust anchors
+             * are supplemental, or if there are no trust anchors, then check
+             * if the cert is trusted directly.
+             */
+            PKIX_CHECK(
+                PKIX_PL_Cert_IsCertTrusted(trustedCert,
+                                           PKIX_PL_TrustAnchorMode_Ignore,
+                                           &trusted, plContext),
+                PKIX_CERTISCERTTRUSTEDFAILED);
+        }
+
+        if (!trusted) {
+            goto cleanup;
+        }
+        /*
+         * Since the key usage may vary for different
+         * applications, we need to verify the chain again.
+         * Reverification will be improved with a fix for 397805.
+         */
+        PKIX_CHECK(PKIX_BuildResult_GetCertChain
+                   (buildResult, &certList, plContext),
+                   PKIX_BUILDRESULTGETCERTCHAINFAILED);
+        
+        PKIX_CHECK(pkix_Build_ValidationCheckers
+                   (state,
+                    certList,
+                    matchingAnchor,
+                    PKIX_TRUE,  /* Chain revalidation stage. */
+                    plContext),
+                   PKIX_BUILDVALIDATIONCHECKERSFAILED);
+
+        PKIX_CHECK_ONLY_FATAL(
+            pkix_Build_ValidateEntireChain(state, matchingAnchor,
+                                           &nbioContext, &valResult,
+                                           state->verifyNode, plContext),
+            PKIX_BUILDVALIDATEENTIRECHAINFAILED);
+
+        if (nbioContext != NULL) {
+            /* IO still pending, resume later */
+            *pNBIOContext = nbioContext;
+            goto cleanup;
+        }
+        if (!PKIX_ERROR_RECEIVED) {
+            /* The result from cache is still valid. But we replace an old*/
+            *pBuildResult = buildResult;
+            buildResult = NULL;
+            stillValid = PKIX_TRUE;
+        }
+
+cleanup:
+
+        if (!nbioContext && cacheHit && !(trusted && stillValid)) {
+            /* The anchor of this chain is no longer trusted or
+             * chain cert(s) has been revoked.
+             * Invalidate this result in the cache */
+            buildError = pkixErrorResult;
+            PKIX_CHECK_FATAL(pkix_CacheCertChain_Remove
+                       (targetCert,
+                        anchors,
+                        plContext),
+                       PKIX_CACHECERTCHAINREMOVEFAILED);
+            pkixErrorResult = buildError;
+            buildError = NULL;
+        }
+
+fatal:
+       PKIX_DECREF(buildResult);
+       PKIX_DECREF(valResult);
+       PKIX_DECREF(buildError);
+       PKIX_DECREF(certList);
+       PKIX_DECREF(matchingAnchor);
+       PKIX_DECREF(trustedCert);
+
+       
+       PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_InitiateBuildChain
+ * DESCRIPTION:
+ *
+ *  This function initiates the search for a BuildChain, using the parameters
+ *  provided in "procParams" and, if continuing a search that was suspended
+ *  for I/O, using the ForwardBuilderState pointed to by "pState".
+ *
+ *  If a successful chain is built, this function stores the BuildResult at
+ *  "pBuildResult". Alternatively, if an operation using non-blocking I/O
+ *  is in progress and the operation has not been completed, this function
+ *  stores the platform-dependent non-blocking I/O context (nbioContext) at
+ *  "pNBIOContext", the FowardBuilderState at "pState", and NULL at
+ *  "pBuildResult". Finally, if chain building was unsuccessful, this function
+ *  stores NULL at both "pState" and at "pBuildResult".
+ *
+ *  Note: This function is re-entered only for the case of non-blocking I/O
+ *  in the "short-cut" attempt to build a chain using the target Certificate
+ *  directly with one of the trustAnchors. For all other cases, resumption
+ *  after non-blocking I/O is via pkix_Build_ResumeBuildChain.
+ *
+ * PARAMETERS:
+ *  "procParams"
+ *      Address of the ProcessingParams for the search. Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which the NBIOContext is stored indicating whether the
+ *      validation is complete. Must be non-NULL.
+ *  "pState"
+ *      Address at which the ForwardBuilderState is stored, if the chain
+ *      building is suspended for waiting I/O; also, the address at which the
+ *      ForwardBuilderState is provided for resumption of the chain building
+ *      attempt. Must be non-NULL.
+ *  "pBuildResult"
+ *      Address at which the BuildResult is stored, after a successful build.
+ *      Must be non-NULL.
+ *  "pVerifyNode"
+ *      Address at which a VerifyNode chain is returned, if non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_InitiateBuildChain(
+        PKIX_ProcessingParams *procParams,
+        void **pNBIOContext,
+        PKIX_ForwardBuilderState **pState,
+        PKIX_BuildResult **pBuildResult,
+        PKIX_VerifyNode **pVerifyNode,
+        void *plContext)
+{
+        PKIX_UInt32 numAnchors = 0;
+        PKIX_UInt32 numCertStores = 0;
+        PKIX_UInt32 numHintCerts = 0;
+        PKIX_UInt32 i = 0;
+        PKIX_Boolean isDuplicate = PKIX_FALSE;
+        PKIX_PL_Cert *trustedCert = NULL;
+        PKIX_CertSelector *targetConstraints = NULL;
+        PKIX_ComCertSelParams *targetParams = NULL;
+        PKIX_List *anchors = NULL;
+        PKIX_List *targetSubjNames = NULL;
+        PKIX_PL_Cert *targetCert = NULL;
+        PKIX_PL_Object *firstHintCert = NULL;
+        PKIX_RevocationChecker *revChecker = NULL;
+        PKIX_List *certStores = NULL;
+        PKIX_CertStore *certStore = NULL;
+        PKIX_List *userCheckers = NULL;
+        PKIX_List *hintCerts = NULL;
+        PKIX_PL_Date *testDate = NULL;
+        PKIX_PL_PublicKey *targetPubKey = NULL;
+        void *nbioContext = NULL;
+        BuildConstants buildConstants;
+
+        PKIX_List *tentativeChain = NULL;
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_BuildResult *buildResult = NULL;
+        PKIX_List *certList = NULL;
+        PKIX_ForwardBuilderState *state = NULL;
+        PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
+        PKIX_CertSelector_MatchCallback selectorCallback = NULL;
+        PKIX_Boolean trusted = PKIX_FALSE;
+        PKIX_PL_AIAMgr *aiaMgr = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_InitiateBuildChain");
+        PKIX_NULLCHECK_FOUR(procParams, pNBIOContext, pState, pBuildResult);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        state = *pState;
+        *pState = NULL; /* no net change in reference count */
+
+        if (state == NULL) {
+            PKIX_CHECK(PKIX_ProcessingParams_GetDate
+                    (procParams, &testDate, plContext),
+                    PKIX_PROCESSINGPARAMSGETDATEFAILED);
+    
+            PKIX_CHECK(PKIX_ProcessingParams_GetTrustAnchors
+                    (procParams, &anchors, plContext),
+                    PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED);
+    
+            PKIX_CHECK(PKIX_List_GetLength(anchors, &numAnchors, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+    
+            /* retrieve stuff from targetCertConstraints */
+            PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
+                       (procParams, &targetConstraints, plContext),
+                       PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
+    
+            PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
+                    (targetConstraints, &targetParams, plContext),
+                    PKIX_CERTSELECTORGETCOMMONCERTSELECTORPARAMSFAILED);
+    
+            PKIX_CHECK(PKIX_ComCertSelParams_GetCertificate
+                    (targetParams, &targetCert, plContext),
+                    PKIX_COMCERTSELPARAMSGETCERTIFICATEFAILED);
+    
+            PKIX_CHECK(
+                PKIX_ComCertSelParams_SetLeafCertFlag(targetParams,
+                                                      PKIX_TRUE, plContext),
+                PKIX_COMCERTSELPARAMSSETLEAFCERTFLAGFAILED);
+
+            PKIX_CHECK(PKIX_ProcessingParams_GetHintCerts
+                        (procParams, &hintCerts, plContext),
+                        PKIX_PROCESSINGPARAMSGETHINTCERTSFAILED);
+    
+            if (hintCerts != NULL) {
+                    PKIX_CHECK(PKIX_List_GetLength
+                            (hintCerts, &numHintCerts, plContext),
+                            PKIX_LISTGETLENGTHFAILED);
+            }
+
+            /*
+             * Caller must provide either a target Cert
+             * (in ComCertSelParams->Certificate) or a partial Cert
+             * chain (in ProcParams->HintCerts).
+             */
+
+            if (targetCert == NULL) {
+
+                    /* Use first cert of hintCerts as the targetCert */
+                    if (numHintCerts == 0) {
+                            PKIX_ERROR(PKIX_NOTARGETCERTSUPPLIED);
+                    }
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                            (hintCerts,
+                            0,
+                            (PKIX_PL_Object **)&targetCert,
+                            plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                    PKIX_CHECK(PKIX_List_DeleteItem(hintCerts, 0, plContext),
+                            PKIX_LISTGETITEMFAILED);
+            } else {
+
+                    /*
+                     * If the first hintCert is the same as the targetCert,
+                     * delete it from hintCerts.
+                     */ 
+                    if (numHintCerts != 0) {
+                            PKIX_CHECK(PKIX_List_GetItem
+                                    (hintCerts, 0, &firstHintCert, plContext),
+                                    PKIX_LISTGETITEMFAILED);
+
+                            PKIX_CHECK(PKIX_PL_Object_Equals
+                                    ((PKIX_PL_Object *)targetCert,
+                                    firstHintCert,
+                                    &isDuplicate,
+                                    plContext),
+                                    PKIX_OBJECTEQUALSFAILED);
+
+                            if (isDuplicate) {
+                                    PKIX_CHECK(PKIX_List_DeleteItem
+                                    (hintCerts, 0, plContext),
+                                    PKIX_LISTGETITEMFAILED);
+                            }
+                            PKIX_DECREF(firstHintCert);
+                    }
+
+            }
+
+            if (targetCert == NULL) {
+                PKIX_ERROR(PKIX_NOTARGETCERTSUPPLIED);
+            }
+
+            PKIX_CHECK(PKIX_PL_Cert_IsLeafCertTrusted
+                    (targetCert,
+                    &trusted, 
+                    plContext),
+                    PKIX_CERTISCERTTRUSTEDFAILED);
+
+            PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNames
+                    (targetCert,
+                    &targetSubjNames,
+                    plContext),
+                    PKIX_CERTGETALLSUBJECTNAMESFAILED);
+    
+            PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
+                    (targetCert, &targetPubKey, plContext),
+                    PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
+    
+            PKIX_CHECK(PKIX_List_Create(&tentativeChain, plContext),
+                    PKIX_LISTCREATEFAILED);
+    
+            PKIX_CHECK(PKIX_List_AppendItem
+                    (tentativeChain, (PKIX_PL_Object *)targetCert, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+    
+            if (procParams->qualifyTargetCert) {
+                /* EE cert validation */
+                /* Sync up the time on the target selector parameter struct. */
+                PKIX_CHECK(
+                    PKIX_ComCertSelParams_SetCertificateValid(targetParams,
+                                                              testDate,
+                                                              plContext),
+                    PKIX_COMCERTSELPARAMSSETCERTIFICATEVALIDFAILED);
+                
+                PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
+                           (targetConstraints, &selectorCallback, plContext),
+                           PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
+                
+                pkixErrorResult =
+                    (*selectorCallback)(targetConstraints, targetCert,
+                                        plContext);
+                if (pkixErrorResult) {
+                    pkixErrorClass = pkixErrorResult->errClass;
+                    if (pkixErrorClass == PKIX_FATAL_ERROR) {
+                        goto cleanup;
+                    }
+                    if (pVerifyNode != NULL) {
+                            PKIX_Error *tempResult =
+                                pkix_VerifyNode_Create(targetCert, 0,
+                                                       pkixErrorResult,
+                                                       pVerifyNode,
+                                                       plContext);
+                            if (tempResult) {
+                                PKIX_DECREF(pkixErrorResult);
+                                pkixErrorResult = tempResult;
+                                pkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
+                                pkixErrorClass = PKIX_FATAL_ERROR;
+                                goto cleanup;
+                            }
+                    }
+                    pkixErrorCode = PKIX_CERTCHECKVALIDITYFAILED;
+                    goto cleanup;
+                }
+            }
+
+            /* If the EE cert is trusted, force success. We only want to do
+             * this if we aren't validating against a policy (like EV). */
+            if (trusted && procParams->initialPolicies == NULL) {
+                if (pVerifyNode != NULL) {
+                    PKIX_Error *tempResult =
+                        pkix_VerifyNode_Create(targetCert, 0, NULL,
+                                               pVerifyNode,
+                                               plContext);
+                    if (tempResult) {
+                        pkixErrorResult = tempResult;
+                        pkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
+                        pkixErrorClass = PKIX_FATAL_ERROR;
+                        goto cleanup;
+                    }
+                }
+                PKIX_CHECK(pkix_ValidateResult_Create
+                        (targetPubKey, NULL /* anchor */,
+                         NULL /* policyTree */, &valResult, plContext),
+                        PKIX_VALIDATERESULTCREATEFAILED);
+                PKIX_CHECK(
+                    pkix_BuildResult_Create(valResult, tentativeChain,
+                                            &buildResult, plContext),
+                    PKIX_BUILDRESULTCREATEFAILED);
+                *pBuildResult = buildResult;
+                /* Note that *pState is NULL.   The only side effect is that
+                 * the cert chain won't be cached in PKIX_BuildChain, which
+                 * is fine. */
+                goto cleanup;
+            }
+    
+            PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
+                    (procParams, &certStores, plContext),
+                    PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
+    
+            PKIX_CHECK(PKIX_List_GetLength
+                    (certStores, &numCertStores, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+    
+            /* Reorder CertStores so trusted are at front of the List */
+            if (numCertStores > 1) {
+                for (i = numCertStores - 1; i > 0; i--) {
+                    PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItem
+                        (certStores,
+                        i,
+                        (PKIX_PL_Object **)&certStore,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+                    PKIX_CHECK_ONLY_FATAL(PKIX_CertStore_GetTrustCallback
+                        (certStore, &trustCallback, plContext),
+                        PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
+    
+                    if (trustCallback != NULL) {
+                        /* Is a trusted Cert, move CertStore to front */
+                        PKIX_CHECK(PKIX_List_DeleteItem
+                            (certStores, i, plContext),
+                            PKIX_LISTDELETEITEMFAILED);
+                        PKIX_CHECK(PKIX_List_InsertItem
+                            (certStores,
+                            0,
+                            (PKIX_PL_Object *)certStore,
+                            plContext),
+                        PKIX_LISTINSERTITEMFAILED);
+    
+                    }
+    
+                    PKIX_DECREF(certStore);
+                }
+            }
+    
+            PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
+                        (procParams, &userCheckers, plContext),
+                        PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
+    
+            PKIX_CHECK(PKIX_ProcessingParams_GetRevocationChecker
+                        (procParams, &revChecker, plContext),
+                       PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED);
+            /* Do not initialize AIA manager if we are not going to fetch
+             * cert using aia url. */
+            if (procParams->useAIAForCertFetching) {
+                PKIX_CHECK(PKIX_PL_AIAMgr_Create(&aiaMgr, plContext),
+                           PKIX_AIAMGRCREATEFAILED);
+            }
+
+            /*
+             * We initialize all the fields of buildConstants here, in one place,
+             * just to help keep track and ensure that we got everything.
+             */
+    
+            buildConstants.numAnchors = numAnchors;
+            buildConstants.numCertStores = numCertStores;
+            buildConstants.numHintCerts = numHintCerts;
+            buildConstants.procParams = procParams;
+            buildConstants.testDate = testDate;
+            buildConstants.timeLimit = NULL;
+            buildConstants.targetCert = targetCert;
+            buildConstants.targetPubKey = targetPubKey;
+            buildConstants.certStores = certStores;
+            buildConstants.anchors = anchors;
+            buildConstants.userCheckers = userCheckers;
+            buildConstants.hintCerts = hintCerts;
+            buildConstants.revChecker = revChecker;
+            buildConstants.aiaMgr = aiaMgr;
+            buildConstants.trustOnlyUserAnchors =
+                    procParams->useOnlyTrustAnchors;
+
+            PKIX_CHECK(pkix_Build_GetResourceLimits(&buildConstants, plContext),
+                    PKIX_BUILDGETRESOURCELIMITSFAILED);
+    
+            PKIX_CHECK(pkix_ForwardBuilderState_Create
+                    (0,              /* PKIX_UInt32 traversedCACerts */
+                    buildConstants.maxFanout,
+                    buildConstants.maxDepth,
+                    PKIX_TRUE,       /* PKIX_Boolean canBeCached */
+                    NULL,            /* PKIX_Date *validityDate */
+                    targetCert,      /* PKIX_PL_Cert *prevCert */
+                    targetSubjNames, /* PKIX_List *traversedSubjNames */
+                    tentativeChain,  /* PKIX_List *trustChain */
+                    NULL,            /* PKIX_ForwardBuilderState *parent */
+                    &state,          /* PKIX_ForwardBuilderState **pState */
+                    plContext),
+                    PKIX_BUILDSTATECREATEFAILED);
+    
+            state->buildConstants.numAnchors = buildConstants.numAnchors;
+            state->buildConstants.numCertStores = buildConstants.numCertStores; 
+            state->buildConstants.numHintCerts = buildConstants.numHintCerts;
+            state->buildConstants.maxFanout = buildConstants.maxFanout;
+            state->buildConstants.maxDepth = buildConstants.maxDepth;
+            state->buildConstants.maxTime = buildConstants.maxTime;
+            state->buildConstants.procParams = buildConstants.procParams; 
+            PKIX_INCREF(buildConstants.testDate);
+            state->buildConstants.testDate = buildConstants.testDate;
+            state->buildConstants.timeLimit = buildConstants.timeLimit;
+            PKIX_INCREF(buildConstants.targetCert);
+            state->buildConstants.targetCert = buildConstants.targetCert;
+            PKIX_INCREF(buildConstants.targetPubKey);
+            state->buildConstants.targetPubKey =
+                    buildConstants.targetPubKey;
+            PKIX_INCREF(buildConstants.certStores);
+            state->buildConstants.certStores = buildConstants.certStores;
+            PKIX_INCREF(buildConstants.anchors);
+            state->buildConstants.anchors = buildConstants.anchors;
+            PKIX_INCREF(buildConstants.userCheckers);
+            state->buildConstants.userCheckers =
+                    buildConstants.userCheckers;
+            PKIX_INCREF(buildConstants.hintCerts);
+            state->buildConstants.hintCerts = buildConstants.hintCerts;
+            PKIX_INCREF(buildConstants.revChecker);
+            state->buildConstants.revChecker = buildConstants.revChecker;
+            state->buildConstants.aiaMgr = buildConstants.aiaMgr;
+            aiaMgr = NULL;
+            state->buildConstants.trustOnlyUserAnchors =
+                    buildConstants.trustOnlyUserAnchors;
+
+            if (buildConstants.maxTime != 0) {
+                    PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
+                            (buildConstants.maxTime,
+                            &state->buildConstants.timeLimit,
+                            plContext),
+                            PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
+            }
+
+            if (pVerifyNode != NULL) {
+                PKIX_Error *tempResult =
+                    pkix_VerifyNode_Create(targetCert, 0, NULL,
+                                           &(state->verifyNode),
+                                           plContext);
+                if (tempResult) {
+                    pkixErrorResult = tempResult;
+                    pkixErrorCode = PKIX_VERIFYNODECREATEFAILED;
+                    pkixErrorClass = PKIX_FATAL_ERROR;
+                    goto cleanup;
+                }
+            }
+
+            PKIX_CHECK_ONLY_FATAL(
+                pkix_Build_CheckInCache(state, &buildResult,
+                                        &nbioContext, plContext),
+                PKIX_UNABLETOBUILDCHAIN);
+            if (nbioContext) {
+                *pNBIOContext = nbioContext;
+                *pState = state;
+                state = NULL;
+                goto cleanup;
+            }
+            if (buildResult) {
+                *pBuildResult = buildResult;
+                if (pVerifyNode != NULL) {
+                    *pVerifyNode = state->verifyNode;
+                    state->verifyNode = NULL;
+                }
+                goto cleanup;
+            }
+        }
+
+        /* If we're resuming after non-blocking I/O we need to get SubjNames */
+        if (targetSubjNames == NULL) {
+            PKIX_CHECK(PKIX_PL_Cert_GetAllSubjectNames
+                    (state->buildConstants.targetCert,
+                    &targetSubjNames,
+                    plContext),
+                    PKIX_CERTGETALLSUBJECTNAMESFAILED);
+        }
+
+        state->status = BUILD_INITIAL;
+
+        pkixErrorResult =
+            pkix_BuildForwardDepthFirstSearch(&nbioContext, state,
+                                              &valResult, plContext);
+
+        /* non-null nbioContext means the build would block */
+        if (pkixErrorResult == NULL && nbioContext != NULL) {
+
+                *pNBIOContext = nbioContext;
+                *pBuildResult = NULL;
+
+        /* no valResult means the build has failed */
+        } else {
+                if (pVerifyNode != NULL) {
+                        PKIX_INCREF(state->verifyNode);
+                        *pVerifyNode = state->verifyNode;
+                }
+
+                if (valResult == NULL || pkixErrorResult)
+                        PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
+                PKIX_CHECK(
+                    pkix_BuildResult_Create(valResult, state->trustChain,
+                                            &buildResult, plContext),
+                    PKIX_BUILDRESULTCREATEFAILED);
+                *pBuildResult = buildResult;
+        }
+
+        *pState = state;
+        state = NULL;
+
+cleanup:
+
+        PKIX_DECREF(targetConstraints);
+        PKIX_DECREF(targetParams);
+        PKIX_DECREF(anchors);
+        PKIX_DECREF(targetSubjNames);
+        PKIX_DECREF(targetCert);
+        PKIX_DECREF(revChecker);
+        PKIX_DECREF(certStores);
+        PKIX_DECREF(certStore);
+        PKIX_DECREF(userCheckers);
+        PKIX_DECREF(hintCerts);
+        PKIX_DECREF(firstHintCert);
+        PKIX_DECREF(testDate);
+        PKIX_DECREF(targetPubKey);
+        PKIX_DECREF(tentativeChain);
+        PKIX_DECREF(valResult);
+        PKIX_DECREF(certList);
+        PKIX_DECREF(trustedCert);
+        PKIX_DECREF(state);
+        PKIX_DECREF(aiaMgr);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_Build_ResumeBuildChain
+ * DESCRIPTION:
+ *
+ *  This function continues the search for a BuildChain, using the parameters
+ *  provided in "procParams" and the ForwardBuilderState pointed to by "state".
+ *
+ *  If a successful chain is built, this function stores the BuildResult at
+ *  "pBuildResult". Alternatively, if an operation using non-blocking I/O
+ *  is in progress and the operation has not been completed, this function
+ *  stores the FowardBuilderState at "pState" and NULL at "pBuildResult".
+ *  Finally, if chain building was unsuccessful, this function stores NULL
+ *  at both "pState" and at "pBuildResult".
+ *
+ * PARAMETERS:
+ *  "pNBIOContext"
+ *      Address at which the NBIOContext is stored indicating whether the
+ *      validation is complete. Must be non-NULL.
+ *  "pState"
+ *     Address at which the ForwardBuilderState is provided for resumption of
+ *     the chain building attempt; also, the address at which the
+ *     ForwardBuilderStateis stored, if the chain building is suspended for
+ *     waiting I/O. Must be non-NULL.
+ *  "pBuildResult"
+ *      Address at which the BuildResult is stored, after a successful build.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Build Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Build_ResumeBuildChain(
+        void **pNBIOContext,
+        PKIX_ForwardBuilderState *state,
+        PKIX_BuildResult **pBuildResult,
+        PKIX_VerifyNode **pVerifyNode,
+        void *plContext)
+{
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_BuildResult *buildResult = NULL;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_Build_ResumeBuildChain");
+        PKIX_NULLCHECK_TWO(state, pBuildResult);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        pkixErrorResult =
+            pkix_BuildForwardDepthFirstSearch(&nbioContext, state,
+                                              &valResult, plContext);
+
+        /* non-null nbioContext means the build would block */
+        if (pkixErrorResult == NULL && nbioContext != NULL) {
+
+                *pNBIOContext = nbioContext;
+                *pBuildResult = NULL;
+
+        /* no valResult means the build has failed */
+        } else {
+                if (pVerifyNode != NULL) {
+                    PKIX_INCREF(state->verifyNode);
+                    *pVerifyNode = state->verifyNode;
+                }
+
+                if (valResult == NULL || pkixErrorResult)
+                    PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
+
+                PKIX_CHECK(
+                    pkix_BuildResult_Create(valResult, state->trustChain,
+                                            &buildResult, plContext),
+                    PKIX_BUILDRESULTCREATEFAILED);
+                *pBuildResult = buildResult;
+        }
+
+cleanup:
+
+        PKIX_DECREF(valResult);
+
+        PKIX_RETURN(BUILD);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_BuildChain (see comments in pkix.h)
+ */
+PKIX_Error *
+PKIX_BuildChain(
+        PKIX_ProcessingParams *procParams,
+        void **pNBIOContext,
+        void **pState,
+        PKIX_BuildResult **pBuildResult,
+        PKIX_VerifyNode **pVerifyNode,
+        void *plContext)
+{
+        PKIX_ForwardBuilderState *state = NULL;
+        PKIX_BuildResult *buildResult = NULL;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(BUILD, "PKIX_BuildChain");
+        PKIX_NULLCHECK_FOUR(procParams, pNBIOContext, pState, pBuildResult);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        if (*pState == NULL) {
+                PKIX_CHECK(pkix_Build_InitiateBuildChain
+                        (procParams,
+                        &nbioContext,
+                        &state,
+                        &buildResult,
+                        pVerifyNode,
+                        plContext),
+                        PKIX_BUILDINITIATEBUILDCHAINFAILED);
+        } else {
+                state = (PKIX_ForwardBuilderState *)(*pState);
+                *pState = NULL; /* no net change in reference count */
+                if (state->status == BUILD_SHORTCUTPENDING) {
+                        PKIX_CHECK(pkix_Build_InitiateBuildChain
+                                (procParams,
+                                &nbioContext,
+                                &state,
+                                &buildResult,
+                                pVerifyNode,
+                                plContext),
+                                PKIX_BUILDINITIATEBUILDCHAINFAILED);
+                } else {
+                        PKIX_CHECK(pkix_Build_ResumeBuildChain
+                                (&nbioContext,
+                                state,
+                                &buildResult,
+                                pVerifyNode,
+                                plContext),
+                                PKIX_BUILDINITIATEBUILDCHAINFAILED);
+                }
+        }
+
+        /* non-null nbioContext means the build would block */
+        if (nbioContext != NULL) {
+
+                *pNBIOContext = nbioContext;
+                *pState = state;
+                state = NULL;
+                *pBuildResult = NULL;
+
+        /* no buildResult means the build has failed */
+        } else if (buildResult == NULL) {
+                PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
+        } else {
+                /*
+                 * If we made a successful chain by combining the target Cert
+                 * with one of the Trust Anchors, we may have never created a
+                 * validityDate. We treat this situation as
+                 * canBeCached = PKIX_FALSE.
+                 */
+                if ((state != NULL) &&
+                    ((state->validityDate) != NULL) &&
+                    (state->canBeCached)) {
+                        PKIX_CHECK(pkix_CacheCertChain_Add
+                                (state->buildConstants.targetCert,
+                                state->buildConstants.anchors,
+                                state->validityDate,
+                                buildResult,
+                                plContext),
+                                PKIX_CACHECERTCHAINADDFAILED);
+                }
+
+                *pState = NULL;
+                *pBuildResult = buildResult;
+                buildResult = NULL;
+        }
+
+cleanup:
+        PKIX_DECREF(buildResult);
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(BUILD);
+}
diff --git a/nss/lib/libpkix/pkix/top/pkix_build.h b/nss/lib/libpkix/pkix/top/pkix_build.h
new file mode 100755
index 0000000..eeba923
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/pkix_build.h
@@ -0,0 +1,120 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_build.h
+ *
+ * Header file for buildChain function
+ *
+ */
+
+#ifndef _PKIX_BUILD_H
+#define _PKIX_BUILD_H
+#include "pkix_tools.h"
+#ifndef NSS_PKIX_NO_LDAP
+#include "pkix_pl_ldapt.h"
+#endif
+#include "pkix_ekuchecker.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+        BUILD_SHORTCUTPENDING,
+        BUILD_INITIAL,
+        BUILD_TRYAIA,
+        BUILD_AIAPENDING,
+        BUILD_COLLECTINGCERTS,
+        BUILD_GATHERPENDING,
+        BUILD_CERTVALIDATING,
+        BUILD_ABANDONNODE,
+        BUILD_DATEPREP,
+        BUILD_CHECKTRUSTED,
+        BUILD_CHECKTRUSTED2,
+        BUILD_ADDTOCHAIN,
+        BUILD_VALCHAIN,
+        BUILD_VALCHAIN2,
+        BUILD_EXTENDCHAIN,
+        BUILD_GETNEXTCERT
+} BuildStatus;
+
+typedef struct BuildConstantsStruct BuildConstants;
+
+/*
+ * These fields (the ones that are objects) are not reference-counted
+ * in *each* state, but only in the root, the state that has no parent.
+ * That saves time in creation and destruction of child states, but is
+ * safe enough since they are constants.
+ */
+struct BuildConstantsStruct {
+        PKIX_UInt32 numAnchors;
+        PKIX_UInt32 numCertStores;
+        PKIX_UInt32 numHintCerts;
+        PKIX_UInt32 maxDepth;
+        PKIX_UInt32 maxFanout;
+        PKIX_UInt32 maxTime;
+        PKIX_ProcessingParams *procParams;
+        PKIX_PL_Date *testDate;
+        PKIX_PL_Date *timeLimit;
+        PKIX_PL_Cert *targetCert;
+        PKIX_PL_PublicKey *targetPubKey;
+        PKIX_List *certStores;
+        PKIX_List *anchors;
+        PKIX_List *userCheckers;
+        PKIX_List *hintCerts;
+        PKIX_RevocationChecker *revChecker;
+        PKIX_PL_AIAMgr *aiaMgr;
+        PKIX_Boolean useAIAForCertFetching;
+        PKIX_Boolean trustOnlyUserAnchors;
+};
+
+struct PKIX_ForwardBuilderStateStruct{
+        BuildStatus status;
+        PKIX_Int32 traversedCACerts;
+        PKIX_UInt32 certStoreIndex;
+        PKIX_UInt32 numCerts;
+        PKIX_UInt32 numAias;
+        PKIX_UInt32 certIndex;
+        PKIX_UInt32 aiaIndex;
+        PKIX_UInt32 certCheckedIndex;
+        PKIX_UInt32 checkerIndex;
+        PKIX_UInt32 hintCertIndex;
+        PKIX_UInt32 numFanout;
+        PKIX_UInt32 numDepth;
+        PKIX_UInt32 reasonCode;
+        PKIX_Boolean canBeCached;
+        PKIX_Boolean useOnlyLocal;
+        PKIX_Boolean revChecking;
+        PKIX_Boolean usingHintCerts;
+        PKIX_Boolean certLoopingDetected;
+        PKIX_PL_Date *validityDate;
+        PKIX_PL_Cert *prevCert;
+        PKIX_PL_Cert *candidateCert;
+        PKIX_List *traversedSubjNames;
+        PKIX_List *trustChain;
+        PKIX_List *aia;
+        PKIX_List *candidateCerts;
+        PKIX_List *reversedCertChain;
+        PKIX_List *checkedCritExtOIDs;
+        PKIX_List *checkerChain;
+        PKIX_CertSelector *certSel;
+        PKIX_VerifyNode *verifyNode;
+        void *client; /* messageHandler, such as LDAPClient */
+        PKIX_ForwardBuilderState *parentState;
+        BuildConstants buildConstants;
+};
+
+/* --Private-Functions-------------------------------------------- */
+
+PKIX_Error *
+pkix_ForwardBuilderState_RegisterSelf(void *plContext);
+
+PKIX_Error *
+PKIX_Build_GetNBIOContext(void *state, void **pNBIOContext, void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_BUILD_H */
diff --git a/nss/lib/libpkix/pkix/top/pkix_lifecycle.c b/nss/lib/libpkix/pkix/top/pkix_lifecycle.c
new file mode 100755
index 0000000..aad0e1a
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/pkix_lifecycle.c
@@ -0,0 +1,210 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_lifecycle.c
+ *
+ * Top level initialize and shutdown functions
+ *
+ */
+
+#include "pkix_lifecycle.h"
+
+static PKIX_Boolean pkixIsInitialized;
+
+/* Lock used by Logger - is reentrant by the same thread */
+extern PKIX_PL_MonitorLock *pkixLoggerLock;
+
+/* 
+ * Following pkix_* variables are for debugging purpose. They should be taken
+ * out eventually. The purpose is to verify cache tables usage (via debugger).
+ */
+int pkix_ccAddCount = 0;
+int pkix_ccLookupCount = 0;
+int pkix_ccRemoveCount = 0;
+int pkix_cAddCount = 0;
+int pkix_cLookupCount = 0;
+int pkix_cRemoveCount = 0;
+int pkix_ceAddCount = 0;
+int pkix_ceLookupCount = 0;
+
+PKIX_PL_HashTable *cachedCrlSigTable = NULL;
+PKIX_PL_HashTable *cachedCertSigTable = NULL;
+PKIX_PL_HashTable *cachedCertChainTable = NULL;
+PKIX_PL_HashTable *cachedCertTable = NULL;
+PKIX_PL_HashTable *cachedCrlEntryTable = NULL;
+PKIX_PL_HashTable *aiaConnectionCache = NULL;
+PKIX_PL_HashTable *httpSocketCache = NULL;
+
+extern PKIX_List *pkixLoggers;
+extern PKIX_List *pkixLoggersErrors;
+extern PKIX_List *pkixLoggersDebugTrace;
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_Initialize (see comments in pkix.h)
+ */
+PKIX_Error *
+PKIX_Initialize(
+        PKIX_Boolean platformInitNeeded,
+        PKIX_UInt32 desiredMajorVersion,
+        PKIX_UInt32 minDesiredMinorVersion,
+        PKIX_UInt32 maxDesiredMinorVersion,
+        PKIX_UInt32 *pActualMinorVersion,
+        void **pPlContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(LIFECYCLE, "PKIX_Initialize");
+        PKIX_NULLCHECK_ONE(pPlContext);
+
+        /*
+         * If we are called a second time other than in the situation handled
+         * above, we return a positive status.
+         */
+        if (pkixIsInitialized){
+                /* Already initialized */
+                PKIX_RETURN(LIFECYCLE);
+        }
+
+        PKIX_CHECK(PKIX_PL_Initialize
+                (platformInitNeeded, PKIX_FALSE, &plContext),
+                PKIX_INITIALIZEFAILED);
+
+        *pPlContext = plContext;
+
+        if (desiredMajorVersion != PKIX_MAJOR_VERSION){
+                PKIX_ERROR(PKIX_MAJORVERSIONSDONTMATCH);
+        }
+
+        if ((minDesiredMinorVersion > PKIX_MINOR_VERSION) ||
+            (maxDesiredMinorVersion < PKIX_MINOR_VERSION)){
+                PKIX_ERROR(PKIX_MINORVERSIONNOTBETWEENDESIREDMINANDMAX);
+        }
+
+        *pActualMinorVersion = PKIX_MINOR_VERSION;
+
+        /* Create Cache Tables
+         * Do not initialize hash tables for object leak test */
+#if !defined(PKIX_OBJECT_LEAK_TEST)
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                   (32, 0, &cachedCertSigTable, plContext),
+                   PKIX_HASHTABLECREATEFAILED);
+        
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                   (32, 0, &cachedCrlSigTable, plContext),
+                   PKIX_HASHTABLECREATEFAILED);
+        
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                       (32, 10, &cachedCertChainTable, plContext),
+                   PKIX_HASHTABLECREATEFAILED);
+        
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                       (32, 10, &cachedCertTable, plContext),
+                   PKIX_HASHTABLECREATEFAILED);
+        
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                   (32, 10, &cachedCrlEntryTable, plContext),
+                   PKIX_HASHTABLECREATEFAILED);
+        
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                   (5, 5, &aiaConnectionCache, plContext),
+                   PKIX_HASHTABLECREATEFAILED);
+        
+#ifdef PKIX_SOCKETCACHE
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                   (5, 5, &httpSocketCache, plContext),
+                   PKIX_HASHTABLECREATEFAILED);
+#endif
+        if (pkixLoggerLock == NULL) {
+            PKIX_CHECK(PKIX_PL_MonitorLock_Create
+                       (&pkixLoggerLock, plContext),
+                       PKIX_MONITORLOCKCREATEFAILED);
+        }
+#else
+        fnInvTable = PL_NewHashTable(0, pkix_ErrorGen_Hash,
+                                     PL_CompareValues,
+                                     PL_CompareValues, NULL, NULL);
+        if (!fnInvTable) {
+            PKIX_ERROR(PKIX_HASHTABLECREATEFAILED);
+        }
+        
+        fnStackNameArr = PORT_ZNewArray(char*, MAX_STACK_DEPTH);
+        if (!fnStackNameArr) {
+            PKIX_ERROR(PKIX_HASHTABLECREATEFAILED);
+        }
+
+        fnStackInvCountArr = PORT_ZNewArray(PKIX_UInt32, MAX_STACK_DEPTH);
+        if (!fnStackInvCountArr) {
+            PKIX_ERROR(PKIX_HASHTABLECREATEFAILED);
+        }
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        pkixIsInitialized = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(LIFECYCLE);
+}
+
+/*
+ * FUNCTION: PKIX_Shutdown (see comments in pkix.h)
+ */
+PKIX_Error *
+PKIX_Shutdown(void *plContext)
+{
+        PKIX_List *savedPkixLoggers = NULL;
+        PKIX_List *savedPkixLoggersErrors = NULL;
+        PKIX_List *savedPkixLoggersDebugTrace = NULL;
+
+        PKIX_ENTER(LIFECYCLE, "PKIX_Shutdown");
+
+        if (!pkixIsInitialized){
+                /* The library was not initialized */
+                PKIX_RETURN(LIFECYCLE);
+        }
+
+        pkixIsInitialized = PKIX_FALSE;
+
+        if (pkixLoggers) {
+                savedPkixLoggers = pkixLoggers;
+                savedPkixLoggersErrors = pkixLoggersErrors;
+                savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
+                pkixLoggers = NULL;
+                pkixLoggersErrors = NULL;
+                pkixLoggersDebugTrace = NULL;
+                PKIX_DECREF(savedPkixLoggers);
+                PKIX_DECREF(savedPkixLoggersErrors);
+                PKIX_DECREF(savedPkixLoggersDebugTrace);
+        }
+        PKIX_DECREF(pkixLoggerLock);
+
+        /* Destroy Cache Tables */
+        PKIX_DECREF(cachedCertSigTable);
+        PKIX_DECREF(cachedCrlSigTable);
+        PKIX_DECREF(cachedCertChainTable);
+        PKIX_DECREF(cachedCertTable);
+        PKIX_DECREF(cachedCrlEntryTable);
+        PKIX_DECREF(aiaConnectionCache);
+        PKIX_DECREF(httpSocketCache);
+
+        /* Clean up any temporary errors that happened during shutdown */
+        if (pkixErrorList) {
+            PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorList, plContext);
+            pkixErrorList = NULL;
+        }
+
+        PKIX_CHECK(PKIX_PL_Shutdown(plContext),
+                PKIX_SHUTDOWNFAILED);
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+        PORT_Free(fnStackInvCountArr);
+        PORT_Free(fnStackNameArr);
+        PL_HashTableDestroy(fnInvTable);
+#endif
+
+cleanup:
+
+        PKIX_RETURN(LIFECYCLE);
+}
diff --git a/nss/lib/libpkix/pkix/top/pkix_lifecycle.h b/nss/lib/libpkix/pkix/top/pkix_lifecycle.h
new file mode 100755
index 0000000..0263122
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/pkix_lifecycle.h
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_lifecycle.h
+ *
+ * Header file for initialize and shutdown functions.
+ *
+ */
+
+#ifndef _PKIX_LIFECYCLE_H
+#define _PKIX_LIFECYCLE_H
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_LIFECYCLE_H */
diff --git a/nss/lib/libpkix/pkix/top/pkix_validate.c b/nss/lib/libpkix/pkix/top/pkix_validate.c
new file mode 100755
index 0000000..1e5dec7
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/pkix_validate.c
@@ -0,0 +1,1451 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_validate.c
+ *
+ * Top level validateChain function
+ *
+ */
+
+#include "pkix_validate.h"
+#include "pkix_pl_common.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_AddToVerifyLog
+ * DESCRIPTION:
+ *
+ *  This function returns immediately if the address for the VerifyNode tree
+ *  pointed to by "pVerifyTree" is NULL. Otherwise it creates a new VerifyNode
+ *  from the Cert pointed to by "cert" and the Error pointed to by "error",
+ *  and inserts it at the depth in the VerifyNode tree determined by "depth". A
+ *  depth of zero means that this function creates the root node of a new tree.
+ *
+ *  Note: this function does not include the means of choosing among branches
+ *  of a tree. It is intended for non-branching trees, that is, where each
+ *  parent node has only a single child node.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      The address of the Cert to be included in the new VerifyNode. Must be
+ *      non-NULL.
+ *  "depth"
+ *      The UInt32 value of the depth.
+ *  "error"
+ *      The address of the Error to be included in the new VerifyNode.
+ *  "pVerifyTree"
+ *      The address of the VerifyNode tree into which the created VerifyNode
+ *      is to be inserted. The node is not created if VerifyTree is NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Validate Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_AddToVerifyLog(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 depth,
+        PKIX_Error *error,
+        PKIX_VerifyNode **pVerifyTree,
+        void *plContext)
+{
+
+        PKIX_VerifyNode *verifyNode = NULL;
+
+        PKIX_ENTER(VALIDATE, "pkix_AddToVerifyLog");
+        PKIX_NULLCHECK_ONE(cert);
+
+        if (pVerifyTree) { /* nothing to do if no address given for log */
+
+                PKIX_CHECK(pkix_VerifyNode_Create
+                        (cert, depth, error, &verifyNode, plContext),
+                        PKIX_VERIFYNODECREATEFAILED);
+
+                if (depth == 0) {
+                        /* We just created the root node */
+                        *pVerifyTree = verifyNode;
+                } else {
+                        PKIX_CHECK(pkix_VerifyNode_AddToChain
+                                (*pVerifyTree, verifyNode, plContext),
+                                PKIX_VERIFYNODEADDTOCHAINFAILED);
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(VALIDATE);
+
+}
+
+/*
+ * FUNCTION: pkix_CheckCert
+ * DESCRIPTION:
+ *
+ *  Checks whether the Cert pointed to by "cert" successfully validates
+ *  using the List of CertChainCheckers pointed to by "checkers". If the
+ *  certificate does not validate, an Error pointer is returned.
+ *
+ *  This function should be called initially with the UInt32 pointed to by
+ *  "pCheckerIndex" containing zero, and the pointer at "pNBIOContext"
+ *  containing NULL. If a checker does non-blocking I/O, this function will
+ *  return with the index of that checker stored at "pCheckerIndex" and a
+ *  platform-dependent non-blocking I/O context stored at "pNBIOContext".
+ *  A subsequent call to this function with those values intact will allow the
+ *  checking to resume where it left off. This should be repeated until the
+ *  function returns with NULL stored at "pNBIOContext".
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert to validate. Must be non-NULL.
+ *  "checkers"
+ *      List of CertChainCheckers which must each validate the certificate.
+ *      Must be non-NULL.
+ *  "checkedExtOIDs"
+ *      List of PKIX_PL_OID that has been processed. If called from building
+ *      chain, it is the list of critical extension OIDs that has been
+ *      processed prior to validation. May be NULL.
+ *  "pCheckerIndex"
+ *      Address at which is stored the the index, within the List "checkers",
+ *      of a checker whose processing was interrupted by non-blocking I/O.
+ *      Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which is stored platform-specific non-blocking I/O context.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Validate Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_CheckCert(
+        PKIX_PL_Cert *cert,
+        PKIX_List *checkers,
+        PKIX_List *checkedExtOIDsList,
+        PKIX_UInt32 *pCheckerIndex,
+        void **pNBIOContext,
+        void *plContext)
+{
+        PKIX_CertChainChecker_CheckCallback checkerCheck = NULL;
+        PKIX_CertChainChecker *checker = NULL;
+        PKIX_List *unresCritExtOIDs = NULL;
+        PKIX_UInt32 numCheckers;
+        PKIX_UInt32 numUnresCritExtOIDs = 0;
+        PKIX_UInt32 checkerIndex = 0;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(VALIDATE, "pkix_CheckCert");
+        PKIX_NULLCHECK_FOUR(cert, checkers, pCheckerIndex, pNBIOContext);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL; /* prepare for case of error exit */
+
+        PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDs
+                    (cert, &unresCritExtOIDs, plContext),
+                    PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+        for (checkerIndex = *pCheckerIndex;
+                checkerIndex < numCheckers;
+                checkerIndex++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (checkers,
+                        checkerIndex,
+                        (PKIX_PL_Object **)&checker,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_CertChainChecker_GetCheckCallback
+                        (checker, &checkerCheck, plContext),
+                        PKIX_CERTCHAINCHECKERGETCHECKCALLBACKFAILED);
+
+                PKIX_CHECK(checkerCheck(checker, cert, unresCritExtOIDs,
+                                        &nbioContext,  plContext),
+                           PKIX_CERTCHAINCHECKERCHECKFAILED);
+
+                if (nbioContext != NULL) {
+                        *pCheckerIndex = checkerIndex;
+                        *pNBIOContext = nbioContext;
+                        goto cleanup;
+                }
+
+                PKIX_DECREF(checker);
+        }
+
+        if (unresCritExtOIDs){
+
+#ifdef PKIX_VALIDATEDEBUG
+                {
+                        PKIX_PL_String *oidString = NULL;
+                        PKIX_UInt32 length;
+                        char *oidAscii = NULL;
+                        PKIX_TOSTRING(unresCritExtOIDs, &oidString, plContext,
+                                PKIX_LISTTOSTRINGFAILED);
+                        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                                (oidString,
+                                PKIX_ESCASCII,
+                                (void **) &oidAscii,
+                                &length,
+                                plContext),
+                                PKIX_STRINGGETENCODEDFAILED);
+                        PKIX_VALIDATE_DEBUG_ARG
+                                ("unrecognized critical extension OIDs:"
+                                " %s\n", oidAscii);
+                        PKIX_DECREF(oidString);
+                        PKIX_PL_Free(oidAscii, plContext);
+                }
+#endif
+
+                if (checkedExtOIDsList != NULL) {
+                 /* Take out OID's that had been processed, if any */
+                        PKIX_CHECK(pkix_List_RemoveItems
+                                (unresCritExtOIDs,
+                                checkedExtOIDsList,
+                                plContext),
+                                PKIX_LISTREMOVEITEMSFAILED);
+                }
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (unresCritExtOIDs, &numUnresCritExtOIDs, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                if (numUnresCritExtOIDs != 0){
+                        PKIX_ERROR(PKIX_UNRECOGNIZEDCRITICALEXTENSION);
+                }
+
+        }
+
+cleanup:
+
+        PKIX_DECREF(checker);
+        PKIX_DECREF(unresCritExtOIDs);
+
+        PKIX_RETURN(VALIDATE);
+
+}
+
+/*
+ * FUNCTION: pkix_InitializeCheckers
+ * DESCRIPTION:
+ *
+ *  Creates several checkers and initializes them with values derived from the
+ *  TrustAnchor pointed to by "anchor", the ProcessingParams pointed to by
+ *  "procParams", and the number of Certs in the Chain, represented by
+ *  "numCerts". The List of checkers is stored at "pCheckers".
+ *
+ * PARAMETERS:
+ *  "anchor"
+ *      Address of TrustAnchor used to initialize the SignatureChecker and
+ *      NameChainingChecker. Must be non-NULL.
+ *  "procParams"
+ *      Address of ProcessingParams used to initialize the ExpirationChecker
+ *      and TargetCertChecker. Must be non-NULL.
+ *  "numCerts"
+ *      Number of certificates in the CertChain.
+ *  "pCheckers"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Validate Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_InitializeCheckers(
+        PKIX_TrustAnchor *anchor,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 numCerts,
+        PKIX_List **pCheckers,
+        void *plContext)
+{
+        PKIX_CertChainChecker *targetCertChecker = NULL;
+        PKIX_CertChainChecker *expirationChecker = NULL;
+        PKIX_CertChainChecker *nameChainingChecker = NULL;
+        PKIX_CertChainChecker *nameConstraintsChecker = NULL;
+        PKIX_CertChainChecker *basicConstraintsChecker = NULL;
+        PKIX_CertChainChecker *policyChecker = NULL;
+        PKIX_CertChainChecker *sigChecker = NULL;
+        PKIX_CertChainChecker *defaultCrlChecker = NULL;
+        PKIX_CertChainChecker *userChecker = NULL;
+        PKIX_PL_X500Name *trustedCAName = NULL;
+        PKIX_PL_PublicKey *trustedPubKey = NULL;
+        PKIX_List *checkers = NULL;
+        PKIX_PL_Date *testDate = NULL;
+        PKIX_CertSelector *certSelector = NULL;
+        PKIX_PL_Cert *trustedCert = NULL;
+        PKIX_PL_CertNameConstraints *trustedNC = NULL;
+        PKIX_List *initialPolicies = NULL;
+        PKIX_Boolean policyQualifiersRejected = PKIX_FALSE;
+        PKIX_Boolean initialPolicyMappingInhibit = PKIX_FALSE;
+        PKIX_Boolean initialAnyPolicyInhibit = PKIX_FALSE;
+        PKIX_Boolean initialExplicitPolicy = PKIX_FALSE;
+        PKIX_List *userCheckersList = NULL;
+        PKIX_List *certStores = NULL;
+        PKIX_UInt32 numCertCheckers = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(VALIDATE, "pkix_InitializeCheckers");
+        PKIX_NULLCHECK_THREE(anchor, procParams, pCheckers);
+        PKIX_CHECK(PKIX_List_Create(&checkers, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        /*
+         * The TrustAnchor may have been created using CreateWithCert
+         * (in which case GetCAPublicKey and GetCAName will return NULL)
+         * or may have been created using CreateWithNameKeyPair (in which
+         * case GetTrustedCert will return NULL. So we call GetTrustedCert
+         * and populate trustedPubKey and trustedCAName accordingly.
+         */
+
+        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
+                (anchor, &trustedCert, plContext),
+                    PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
+
+        if (trustedCert){
+                PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
+                            (trustedCert, &trustedPubKey, plContext),
+                            PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
+
+                PKIX_CHECK(PKIX_PL_Cert_GetSubject
+                            (trustedCert, &trustedCAName, plContext),
+                            PKIX_CERTGETSUBJECTFAILED);
+        } else {
+                PKIX_CHECK(PKIX_TrustAnchor_GetCAPublicKey
+                            (anchor, &trustedPubKey, plContext),
+                            PKIX_TRUSTANCHORGETCAPUBLICKEYFAILED);
+
+                PKIX_CHECK(PKIX_TrustAnchor_GetCAName
+                            (anchor, &trustedCAName, plContext),
+                            PKIX_TRUSTANCHORGETCANAMEFAILED);
+        }
+
+        PKIX_NULLCHECK_TWO(trustedPubKey, trustedCAName);
+
+        PKIX_CHECK(PKIX_TrustAnchor_GetNameConstraints
+                (anchor, &trustedNC, plContext),
+                PKIX_TRUSTANCHORGETNAMECONSTRAINTSFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetTargetCertConstraints
+                (procParams, &certSelector, plContext),
+                PKIX_PROCESSINGPARAMSGETTARGETCERTCONSTRAINTSFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetDate
+                (procParams, &testDate, plContext),
+                PKIX_PROCESSINGPARAMSGETDATEFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetInitialPolicies
+                (procParams, &initialPolicies, plContext),
+                PKIX_PROCESSINGPARAMSGETINITIALPOLICIESFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetPolicyQualifiersRejected
+                (procParams, &policyQualifiersRejected, plContext),
+                PKIX_PROCESSINGPARAMSGETPOLICYQUALIFIERSREJECTEDFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_IsPolicyMappingInhibited
+                (procParams, &initialPolicyMappingInhibit, plContext),
+                PKIX_PROCESSINGPARAMSISPOLICYMAPPINGINHIBITEDFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_IsAnyPolicyInhibited
+                (procParams, &initialAnyPolicyInhibit, plContext),
+                PKIX_PROCESSINGPARAMSISANYPOLICYINHIBITEDFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_IsExplicitPolicyRequired
+                (procParams, &initialExplicitPolicy, plContext),
+                PKIX_PROCESSINGPARAMSISEXPLICITPOLICYREQUIREDFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetCertStores
+                (procParams, &certStores, plContext),
+                PKIX_PROCESSINGPARAMSGETCERTSTORESFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
+                (procParams, &userCheckersList, plContext),
+                PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
+
+        /* now, initialize all the checkers */
+        PKIX_CHECK(pkix_TargetCertChecker_Initialize
+                (certSelector, numCerts, &targetCertChecker, plContext),
+                PKIX_TARGETCERTCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(pkix_ExpirationChecker_Initialize
+                (testDate, &expirationChecker, plContext),
+                PKIX_EXPIRATIONCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(pkix_NameChainingChecker_Initialize
+                (trustedCAName, &nameChainingChecker, plContext),
+                PKIX_NAMECHAININGCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(pkix_NameConstraintsChecker_Initialize
+                (trustedNC, numCerts, &nameConstraintsChecker, plContext),
+                PKIX_NAMECONSTRAINTSCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(pkix_BasicConstraintsChecker_Initialize
+                (numCerts, &basicConstraintsChecker, plContext),
+                PKIX_BASICCONSTRAINTSCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(pkix_PolicyChecker_Initialize
+                (initialPolicies,
+                policyQualifiersRejected,
+                initialPolicyMappingInhibit,
+                initialExplicitPolicy,
+                initialAnyPolicyInhibit,
+                numCerts,
+                &policyChecker,
+                plContext),
+                PKIX_POLICYCHECKERINITIALIZEFAILED);
+
+        PKIX_CHECK(pkix_SignatureChecker_Initialize
+                    (trustedPubKey, numCerts, &sigChecker, plContext),
+                    PKIX_SIGNATURECHECKERINITIALIZEFAILED);
+
+        if (userCheckersList != NULL) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                    (userCheckersList, &numCertCheckers, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < numCertCheckers; i++) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                            (userCheckersList,
+                            i,
+                            (PKIX_PL_Object **) &userChecker,
+                            plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(PKIX_List_AppendItem
+                            (checkers,
+                            (PKIX_PL_Object *)userChecker,
+                            plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+
+                        PKIX_DECREF(userChecker);
+                }
+        }
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (checkers, (PKIX_PL_Object *)targetCertChecker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (checkers, (PKIX_PL_Object *)expirationChecker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (checkers, (PKIX_PL_Object *)nameChainingChecker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (checkers, (PKIX_PL_Object *)nameConstraintsChecker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (checkers, (PKIX_PL_Object *)basicConstraintsChecker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (checkers, (PKIX_PL_Object *)policyChecker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+            (checkers, (PKIX_PL_Object *)sigChecker, plContext),
+            PKIX_LISTAPPENDITEMFAILED);
+
+        *pCheckers = checkers;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(checkers);
+        }
+
+        PKIX_DECREF(certSelector);
+        PKIX_DECREF(testDate);
+        PKIX_DECREF(initialPolicies);
+        PKIX_DECREF(targetCertChecker);
+        PKIX_DECREF(expirationChecker);
+        PKIX_DECREF(nameChainingChecker);
+        PKIX_DECREF(nameConstraintsChecker);
+        PKIX_DECREF(basicConstraintsChecker);
+        PKIX_DECREF(policyChecker);
+        PKIX_DECREF(sigChecker);
+        PKIX_DECREF(trustedCAName);
+        PKIX_DECREF(trustedPubKey);
+        PKIX_DECREF(trustedNC);
+        PKIX_DECREF(trustedCert);
+        PKIX_DECREF(defaultCrlChecker);
+        PKIX_DECREF(userCheckersList);
+        PKIX_DECREF(certStores);
+        PKIX_DECREF(userChecker);
+
+        PKIX_RETURN(VALIDATE);
+}
+
+/*
+ * FUNCTION: pkix_RetrieveOutputs
+ * DESCRIPTION:
+ *
+ *  This function queries the respective states of the List of checkers in
+ *  "checkers" to to obtain the final public key from the SignatureChecker
+ *  and the policy tree from the PolicyChecker, storing those values at
+ *  "pFinalSubjPubKey" and "pPolicyTree", respectively.
+ *
+ * PARAMETERS:
+ *  "checkers"
+ *      Address of List of checkers to be queried. Must be non-NULL.
+ *  "pFinalSubjPubKey"
+ *      Address where final public key will be stored. Must be non-NULL.
+ *  "pPolicyTree"
+ *      Address where policy tree will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Validate Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_RetrieveOutputs(
+        PKIX_List *checkers,
+        PKIX_PL_PublicKey **pFinalSubjPubKey,
+        PKIX_PolicyNode **pPolicyTree,
+        void *plContext)
+{
+        PKIX_PL_PublicKey *finalSubjPubKey = NULL;
+        PKIX_PolicyNode *validPolicyTree = NULL;
+        PKIX_CertChainChecker *checker = NULL;
+        PKIX_PL_Object *state = NULL;
+        PKIX_UInt32 numCheckers = 0;
+        PKIX_UInt32 type;
+        PKIX_Int32 j;
+
+        PKIX_ENTER(VALIDATE, "pkix_RetrieveOutputs");
+
+        PKIX_NULLCHECK_TWO(checkers, pPolicyTree);
+
+        /*
+         * To optimize the search, we guess that the sigChecker is
+         * last in the tree and is preceded by the policyChecker. We
+         * search toward the front of the chain. Remember that List
+         * items are indexed 0..(numItems - 1).
+         */
+
+        PKIX_CHECK(PKIX_List_GetLength(checkers, &numCheckers, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (j = numCheckers - 1; j >= 0; j--){
+                PKIX_CHECK(PKIX_List_GetItem
+                        (checkers, j, (PKIX_PL_Object **)&checker, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_CertChainChecker_GetCertChainCheckerState
+                        (checker, &state, plContext),
+                        PKIX_CERTCHAINCHECKERGETCERTCHAINCHECKERSTATEFAILED);
+
+                /* user defined checker may have no state */
+                if (state != NULL) {
+
+                    PKIX_CHECK(PKIX_PL_Object_GetType(state, &type, plContext),
+                            PKIX_OBJECTGETTYPEFAILED);
+
+                    if (type == PKIX_SIGNATURECHECKERSTATE_TYPE){
+                        /* final pubKey will include any inherited DSA params */
+                        finalSubjPubKey =
+                            ((pkix_SignatureCheckerState *)state)->
+                                prevPublicKey;
+                        PKIX_INCREF(finalSubjPubKey);
+                        *pFinalSubjPubKey = finalSubjPubKey;
+                    }
+
+                    if (type == PKIX_CERTPOLICYCHECKERSTATE_TYPE) {
+                        validPolicyTree =
+                            ((PKIX_PolicyCheckerState *)state)->validPolicyTree;
+                        break;
+                    }
+                }
+
+                PKIX_DECREF(checker);
+                PKIX_DECREF(state);
+        }
+
+        PKIX_INCREF(validPolicyTree);
+        *pPolicyTree = validPolicyTree;
+
+cleanup:
+
+        PKIX_DECREF(checker);
+        PKIX_DECREF(state);
+
+        PKIX_RETURN(VALIDATE);
+
+}
+
+/*
+ * FUNCTION: pkix_CheckChain
+ * DESCRIPTION:
+ *
+ *  Checks whether the List of Certs pointed to by "certs", containing
+ *  "numCerts" entries, successfully validates using each CertChainChecker in
+ *  the List pointed to by "checkers" and has not been revoked, according to any
+ *  of the Revocation Checkers in the List pointed to by "revChecker". Checkers
+ *  are expected to remove from "removeCheckedExtOIDs" and extensions that they
+ *  process. Indices to the certChain and the checkerChain are obtained and
+ *  returned in "pCertCheckedIndex" and "pCheckerIndex", respectively. These
+ *  should be set to zero prior to the initial call, but may be changed (and
+ *  must be supplied on subsequent calls) if processing is suspended for non-
+ *  blocking I/O. Each time a Cert passes from being validated by one of the
+ *  CertChainCheckers to being checked by a Revocation Checker, the Boolean
+ *  stored at "pRevChecking" is changed from FALSE to TRUE. If the Cert is
+ *  rejected by a Revocation Checker, its reason code is returned at
+ *  "pReasonCode. If the List of Certs successfully validates, the public key i
+ *  the final certificate is obtained and stored at "pFinalSubjPubKey" and the
+ *  validPolicyTree, which could be NULL, is stored at pPolicyTree. If the List
+ *  of Certs fails to validate, an Error pointer is returned.
+ *
+ *  If "pVerifyTree" is non-NULL, a chain of VerifyNodes is created which
+ *  tracks the results of the validation. That is, either each node in the
+ *  chain has a NULL Error component, or the last node contains an Error
+ *  which indicates why the validation failed.
+ *
+ *  The number of Certs in the List, represented by "numCerts", is used to
+ *  determine which Cert is the final Cert.
+ *
+ * PARAMETERS:
+ *  "certs"
+ *      Address of List of Certs to validate. Must be non-NULL.
+ *  "numCerts"
+ *      Number of certificates in the List of certificates.
+ *  "checkers"
+ *      List of CertChainCheckers which must each validate the List of
+ *      certificates. Must be non-NULL.
+ *  "revChecker"
+ *      List of RevocationCheckers which must each not reject the List of
+ *      certificates. May be empty, but must be non-NULL.
+ *  "removeCheckedExtOIDs"
+ *      List of PKIX_PL_OID that has been processed. If called from building
+ *      chain, it is the list of critical extension OIDs that has been
+ *      processed prior to validation. Extension OIDs that may be processed by
+ *      user defined checker processes are also in the list. May be NULL.
+ *  "procParams"
+ *      Address of ProcessingParams used to initialize various checkers. Must
+ *      be non-NULL.
+ *  "pCertCheckedIndex"
+ *      Address where Int32 index to the Cert chain is obtained and
+ *      returned. Must be non-NULL.
+ *  "pCheckerIndex"
+ *      Address where Int32 index to the CheckerChain is obtained and
+ *      returned. Must be non-NULL.
+ *  "pRevChecking"
+ *      Address where Boolean is obtained and returned, indicating, if FALSE,
+ *      that CertChainCheckers are being called; or, if TRUE, that RevChecker
+ *      are being called. Must be non-NULL.
+ *  "pReasonCode"
+ *      Address where UInt32 results of revocation checking are stored. Must be
+ *      non-NULL.
+ *  "pNBIOContext"
+ *      Address where platform-dependent context is stored if checking is
+ *      suspended for non-blocking I/O. Must be non-NULL.
+ *  "pFinalSubjPubKey"
+ *      Address where the final public key will be stored. Must be non-NULL.
+ *  "pPolicyTree"
+ *      Address where the final validPolicyTree is stored. Must be non-NULL.
+ *  "pVerifyTree"
+ *      Address where a VerifyTree is stored, if non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Validate Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CheckChain(
+        PKIX_List *certs,
+        PKIX_UInt32 numCerts,
+        PKIX_TrustAnchor *anchor,
+        PKIX_List *checkers,
+        PKIX_RevocationChecker *revChecker,
+        PKIX_List *removeCheckedExtOIDs,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 *pCertCheckedIndex,
+        PKIX_UInt32 *pCheckerIndex,
+        PKIX_Boolean *pRevChecking,
+        PKIX_UInt32 *pReasonCode,
+        void **pNBIOContext,
+        PKIX_PL_PublicKey **pFinalSubjPubKey,
+        PKIX_PolicyNode **pPolicyTree,
+        PKIX_VerifyNode **pVerifyTree,
+        void *plContext)
+{
+        PKIX_UInt32 j = 0;
+        PKIX_Boolean revChecking = PKIX_FALSE;
+        PKIX_Error *checkCertError = NULL;
+        void *nbioContext = NULL;
+        PKIX_PL_Cert *cert = NULL;
+        PKIX_PL_Cert *issuer = NULL;
+        PKIX_PL_NssContext *nssContext = NULL;
+        CERTCertList *certList = NULL;
+        const CERTChainVerifyCallback *chainVerifyCallback = NULL;
+        CERTCertificate *nssCert = NULL;
+
+        PKIX_ENTER(VALIDATE, "pkix_CheckChain");
+        PKIX_NULLCHECK_FOUR(certs, checkers, revChecker, pCertCheckedIndex);
+        PKIX_NULLCHECK_FOUR(pCheckerIndex, pRevChecking, pReasonCode, anchor);
+        PKIX_NULLCHECK_THREE(pNBIOContext, pFinalSubjPubKey, pPolicyTree);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+        revChecking = *pRevChecking;
+        nssContext = (PKIX_PL_NssContext *)plContext;
+        chainVerifyCallback = &nssContext->chainVerifyCallback;
+
+        if (chainVerifyCallback->isChainValid != NULL) {
+                PRBool chainOK = PR_FALSE; /*assume failure*/
+                SECStatus rv;
+
+                certList = CERT_NewCertList();
+                if (certList == NULL) {
+                        PKIX_ERROR_ALLOC_ERROR();
+                }
+
+                /* Add the trust anchor to the list */
+                PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
+                        (anchor, &cert, plContext),
+                        PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
+
+                PKIX_CHECK(
+                        PKIX_PL_Cert_GetCERTCertificate(cert, &nssCert, plContext),
+                        PKIX_CERTGETCERTCERTIFICATEFAILED);
+
+                rv = CERT_AddCertToListHead(certList, nssCert);
+                if (rv != SECSuccess) {
+                        PKIX_ERROR_ALLOC_ERROR();
+                }
+                /* the certList takes ownership of nssCert on success */
+                nssCert = NULL;
+                PKIX_DECREF(cert);
+
+                /* Add the rest of the chain to the list */
+                for (j = *pCertCheckedIndex; j < numCerts; j++) {
+                        PKIX_CHECK(PKIX_List_GetItem(
+                                certs, j, (PKIX_PL_Object **)&cert, plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(
+                                PKIX_PL_Cert_GetCERTCertificate(cert, &nssCert, plContext),
+                                PKIX_CERTGETCERTCERTIFICATEFAILED);
+
+                        rv = CERT_AddCertToListHead(certList, nssCert);
+                        if (rv != SECSuccess) {
+                                PKIX_ERROR_ALLOC_ERROR();
+                        }
+                        /* the certList takes ownership of nssCert on success */
+                        nssCert = NULL;
+                        PKIX_DECREF(cert);
+                }
+
+                rv = (*chainVerifyCallback->isChainValid)
+                     (chainVerifyCallback->isChainValidArg, certList, &chainOK);
+                if (rv != SECSuccess) {
+                       PKIX_ERROR_FATAL(PKIX_CHAINVERIFYCALLBACKFAILED);
+                }
+
+                if (!chainOK) {
+                        PKIX_ERROR(PKIX_CHAINVERIFYCALLBACKFAILED);
+                }
+
+        }
+
+        PKIX_CHECK(PKIX_TrustAnchor_GetTrustedCert
+                (anchor, &cert, plContext),
+                   PKIX_TRUSTANCHORGETTRUSTEDCERTFAILED);
+
+        for (j = *pCertCheckedIndex; j < numCerts; j++) {
+
+                PORT_Assert(cert);
+                PKIX_DECREF(issuer);
+                issuer = cert;
+                cert = NULL;
+
+                PKIX_CHECK(PKIX_List_GetItem(
+                               certs, j, (PKIX_PL_Object **)&cert, plContext),
+                           PKIX_LISTGETITEMFAILED);
+                
+                /* check if cert pointer is valid */
+                PORT_Assert(cert);
+                if (cert == NULL) {
+                    continue;
+                }
+
+                if (revChecking == PKIX_FALSE) {
+
+                        PKIX_CHECK(pkix_CheckCert
+                                (cert,
+                                checkers,
+                                removeCheckedExtOIDs,
+                                pCheckerIndex,
+                                &nbioContext,
+                                plContext),
+                                PKIX_CHECKCERTFAILED);
+
+                        if (nbioContext != NULL) {
+                                *pCertCheckedIndex = j;
+                                *pRevChecking = revChecking;
+                                *pNBIOContext = nbioContext;
+                                goto cleanup;
+                        }
+
+                        revChecking = PKIX_TRUE;
+                        *pCheckerIndex = 0;
+                }
+
+                if (revChecking == PKIX_TRUE) {
+                        PKIX_RevocationStatus revStatus;
+                        pkixErrorResult =
+                            PKIX_RevocationChecker_Check(
+                                      cert, issuer, revChecker,
+                                      procParams, PKIX_TRUE,
+                                      (j == numCerts - 1) ? PKIX_TRUE : PKIX_FALSE,
+                                      &revStatus, pReasonCode,
+                                      &nbioContext, plContext);
+                        if (nbioContext != NULL) {
+                                *pCertCheckedIndex = j;
+                                *pRevChecking = revChecking;
+                                *pNBIOContext = nbioContext;
+                                goto cleanup;
+                        }
+                        if (revStatus == PKIX_RevStatus_Revoked ||
+                            pkixErrorResult) {
+                            if (!pkixErrorResult) {
+                                /* if pkixErrorResult is returned then
+                                 * use it as it has a detailed revocation
+                                 * error code. Otherwise create a new error */
+                                PKIX_ERROR_CREATE(VALIDATE,
+                                                  PKIX_CERTIFICATEREVOKED,
+                                                  pkixErrorResult);
+                            }
+                            goto cleanup;
+                        }
+                        revChecking = PKIX_FALSE;
+                        *pCheckerIndex = 0;
+                }
+
+                PKIX_CHECK(pkix_AddToVerifyLog
+                        (cert, j, NULL, pVerifyTree, plContext),
+                        PKIX_ADDTOVERIFYLOGFAILED);
+        }
+
+        PKIX_CHECK(pkix_RetrieveOutputs
+                    (checkers, pFinalSubjPubKey, pPolicyTree, plContext),
+                    PKIX_RETRIEVEOUTPUTSFAILED);
+
+        *pNBIOContext = NULL;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED && cert) {
+            checkCertError = pkixErrorResult;
+            
+            PKIX_CHECK_FATAL(
+                pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree,
+                                    plContext),
+                PKIX_ADDTOVERIFYLOGFAILED);
+            pkixErrorResult = checkCertError;
+            pkixErrorCode = pkixErrorResult->errCode;
+            checkCertError = NULL;
+        }
+
+fatal:
+        if (nssCert) {
+                CERT_DestroyCertificate(nssCert);
+        }
+
+        if (certList) {
+                CERT_DestroyCertList(certList);
+        }
+
+        PKIX_DECREF(checkCertError);
+        PKIX_DECREF(cert);
+        PKIX_DECREF(issuer);
+
+        PKIX_RETURN(VALIDATE);
+}
+
+/*
+ * FUNCTION: pkix_ExtractParameters
+ * DESCRIPTION:
+ *
+ *  Extracts several parameters from the ValidateParams object pointed to by
+ *  "valParams" and stores the CertChain at "pChain", the List of Certs at
+ *  "pCerts", the number of Certs in the chain at "pNumCerts", the
+ *  ProcessingParams object at "pProcParams", the List of TrustAnchors at
+ *  "pAnchors", and the number of TrustAnchors at "pNumAnchors".
+ *
+ * PARAMETERS:
+ *  "valParams"
+ *      Address of ValidateParams from which the parameters are extracted.
+ *      Must be non-NULL.
+ *  "pCerts"
+ *      Address where object pointer for List of Certs will be stored.
+ *      Must be non-NULL.
+ *  "pNumCerts"
+ *      Address where number of Certs will be stored. Must be non-NULL.
+ *  "pProcParams"
+ *      Address where object pointer for ProcessingParams will be stored.
+ *      Must be non-NULL.
+ *  "pAnchors"
+ *      Address where object pointer for List of Anchors will be stored.
+ *      Must be non-NULL.
+ *  "pNumAnchors"
+ *      Address where number of Anchors will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Validate Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_ExtractParameters(
+        PKIX_ValidateParams *valParams,
+        PKIX_List **pCerts,
+        PKIX_UInt32 *pNumCerts,
+        PKIX_ProcessingParams **pProcParams,
+        PKIX_List **pAnchors,
+        PKIX_UInt32 *pNumAnchors,
+        void *plContext)
+{
+        PKIX_ENTER(VALIDATE, "pkix_ExtractParameters");
+        PKIX_NULLCHECK_THREE(valParams, pCerts, pNumCerts);
+        PKIX_NULLCHECK_THREE(pProcParams, pAnchors, pNumAnchors);
+
+        /* extract relevant parameters from chain */
+        PKIX_CHECK(PKIX_ValidateParams_GetCertChain
+                (valParams, pCerts, plContext),
+                PKIX_VALIDATEPARAMSGETCERTCHAINFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(*pCerts, pNumCerts, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        /* extract relevant parameters from procParams */
+        PKIX_CHECK(PKIX_ValidateParams_GetProcessingParams
+                (valParams, pProcParams, plContext),
+                PKIX_VALIDATEPARAMSGETPROCESSINGPARAMSFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetTrustAnchors
+                (*pProcParams, pAnchors, plContext),
+                PKIX_PROCESSINGPARAMSGETTRUSTANCHORSFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(*pAnchors, pNumAnchors, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+cleanup:
+
+        PKIX_RETURN(VALIDATE);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_ValidateChain (see comments in pkix.h)
+ */
+PKIX_Error *
+PKIX_ValidateChain(
+        PKIX_ValidateParams *valParams,
+        PKIX_ValidateResult **pResult,
+        PKIX_VerifyNode **pVerifyTree,
+        void *plContext)
+{
+        PKIX_Error *chainFailed = NULL;
+
+        PKIX_ProcessingParams *procParams = NULL;
+        PKIX_CertChainChecker *userChecker = NULL;
+        PKIX_RevocationChecker *revChecker = NULL;
+        PKIX_List *certs = NULL;
+        PKIX_List *checkers = NULL;
+        PKIX_List *anchors = NULL;
+        PKIX_List *userCheckers = NULL;
+        PKIX_List *userCheckerExtOIDs = NULL;
+        PKIX_List *validateCheckedCritExtOIDsList = NULL;
+        PKIX_TrustAnchor *anchor = NULL;
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_PL_PublicKey *finalPubKey = NULL;
+        PKIX_PolicyNode *validPolicyTree = NULL;
+        PKIX_Boolean supportForwarding = PKIX_FALSE;
+        PKIX_Boolean revChecking = PKIX_FALSE;
+        PKIX_UInt32 i, numCerts, numAnchors;
+        PKIX_UInt32 numUserCheckers = 0;
+        PKIX_UInt32 certCheckedIndex = 0;
+        PKIX_UInt32 checkerIndex = 0;
+        PKIX_UInt32 reasonCode = 0;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(VALIDATE, "PKIX_ValidateChain");
+        PKIX_NULLCHECK_TWO(valParams, pResult);
+
+        /* extract various parameters from valParams */
+        PKIX_CHECK(pkix_ExtractParameters
+                    (valParams,
+                    &certs,
+                    &numCerts,
+                    &procParams,
+                    &anchors,
+                    &numAnchors,
+                    plContext),
+                    PKIX_EXTRACTPARAMETERSFAILED);
+
+        /*
+         * setup an extension OID list that user had defined for his checker
+         * processing. User checker is not responsible for taking out OIDs
+         * from unresolved critical extension list as the libpkix checker
+         * is doing. Here we add those user checkers' OIDs to the removal
+         * list to be taken out by CheckChain
+         */
+        PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
+                    (procParams, &userCheckers, plContext),
+                    PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
+
+        if (userCheckers != NULL) {
+
+                PKIX_CHECK(PKIX_List_Create
+                    (&validateCheckedCritExtOIDsList,
+                    plContext),
+                    PKIX_LISTCREATEFAILED);
+
+                PKIX_CHECK(PKIX_List_GetLength
+                    (userCheckers, &numUserCheckers, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < numUserCheckers; i++) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (userCheckers,
+                        i,
+                        (PKIX_PL_Object **) &userChecker,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    PKIX_CHECK
+                        (PKIX_CertChainChecker_IsForwardCheckingSupported
+                        (userChecker, &supportForwarding, plContext),
+                        PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED);
+
+                    if (supportForwarding == PKIX_FALSE) {
+
+                        PKIX_CHECK
+                            (PKIX_CertChainChecker_GetSupportedExtensions
+                            (userChecker, &userCheckerExtOIDs, plContext),
+                            PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
+
+                        if (userCheckerExtOIDs != NULL) {
+                            PKIX_CHECK(pkix_List_AppendList
+                                (validateCheckedCritExtOIDsList,
+                                userCheckerExtOIDs,
+                                plContext),
+                                PKIX_LISTAPPENDLISTFAILED);
+                        }
+                    }
+
+                    PKIX_DECREF(userCheckerExtOIDs);
+                    PKIX_DECREF(userChecker);
+                }
+        }
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetRevocationChecker
+                (procParams, &revChecker, plContext),
+                PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED);
+
+        /* try to validate the chain with each anchor */
+        for (i = 0; i < numAnchors; i++){
+
+                /* get trust anchor */
+                PKIX_CHECK(PKIX_List_GetItem
+                        (anchors, i, (PKIX_PL_Object **)&anchor, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                /* initialize checkers using information from trust anchor */
+                PKIX_CHECK(pkix_InitializeCheckers
+                        (anchor, procParams, numCerts, &checkers, plContext),
+                        PKIX_INITIALIZECHECKERSFAILED);
+
+                /*
+                 * Validate the chain using this trust anchor and these
+                 * checkers. (WARNING: checkers that use non-blocking I/O
+                 * are not currently supported.)
+                 */
+                certCheckedIndex = 0;
+                checkerIndex = 0;
+                revChecking = PKIX_FALSE;
+                chainFailed = pkix_CheckChain
+                        (certs,
+                        numCerts,
+                        anchor,
+                        checkers,
+                        revChecker,
+                        validateCheckedCritExtOIDsList,
+                        procParams,
+                        &certCheckedIndex,
+                        &checkerIndex,
+                        &revChecking,
+                        &reasonCode,
+                        &nbioContext,
+                        &finalPubKey,
+                        &validPolicyTree,
+                        pVerifyTree,
+                        plContext);
+
+                if (chainFailed) {
+
+                        /* cert chain failed to validate */
+
+                        PKIX_DECREF(chainFailed);
+                        PKIX_DECREF(anchor);
+                        PKIX_DECREF(checkers);
+                        PKIX_DECREF(validPolicyTree);
+
+                        /* if last anchor, we fail; else, we try next anchor */
+                        if (i == (numAnchors - 1)) { /* last anchor */
+                                PKIX_ERROR(PKIX_VALIDATECHAINFAILED);
+                        }
+
+                } else {
+
+                        /* XXX Remove this assertion after 2014-12-31.
+                         * See bug 946984. */
+                        PORT_Assert(reasonCode == 0);
+
+                        /* cert chain successfully validated! */
+                        PKIX_CHECK(pkix_ValidateResult_Create
+                                (finalPubKey,
+                                anchor,
+                                validPolicyTree,
+                                &valResult,
+                                plContext),
+                                PKIX_VALIDATERESULTCREATEFAILED);
+
+                        *pResult = valResult;
+
+                        /* no need to try any more anchors in the loop */
+                        goto cleanup;
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(finalPubKey);
+        PKIX_DECREF(certs);
+        PKIX_DECREF(anchors);
+        PKIX_DECREF(anchor);
+        PKIX_DECREF(checkers);
+        PKIX_DECREF(revChecker);
+        PKIX_DECREF(validPolicyTree);
+        PKIX_DECREF(chainFailed);
+        PKIX_DECREF(procParams);
+        PKIX_DECREF(userCheckers);
+        PKIX_DECREF(validateCheckedCritExtOIDsList);
+
+        PKIX_RETURN(VALIDATE);
+}
+
+/*
+ * FUNCTION: pkix_Validate_BuildUserOIDs
+ * DESCRIPTION:
+ *
+ *  This function creates a List of the OIDs that are processed by the user
+ *  checkers in the List pointed to by "userCheckers", storing the resulting
+ *  List at "pUserCritOIDs". If the List of userCheckers is NULL, the output
+ *  List will be NULL. Otherwise the output List will be non-NULL, but may be
+ *  empty.
+ *
+ * PARAMETERS:
+ *  "userCheckers"
+ *      The address of the List of userCheckers.
+ *  "pUserCritOIDs"
+ *      The address at which the List is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a VALIDATE Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_Validate_BuildUserOIDs(
+        PKIX_List *userCheckers,
+        PKIX_List **pUserCritOIDs,
+        void *plContext)
+{
+        PKIX_UInt32 numUserCheckers = 0;
+        PKIX_UInt32 i = 0;
+        PKIX_List *userCritOIDs = NULL;
+        PKIX_List *userCheckerExtOIDs = NULL;
+        PKIX_Boolean supportForwarding = PKIX_FALSE;
+        PKIX_CertChainChecker *userChecker = NULL;
+
+        PKIX_ENTER(VALIDATE, "pkix_Validate_BuildUserOIDs");
+        PKIX_NULLCHECK_ONE(pUserCritOIDs);
+
+        if (userCheckers != NULL) {
+            PKIX_CHECK(PKIX_List_Create(&userCritOIDs, plContext),
+                PKIX_LISTCREATEFAILED);
+
+            PKIX_CHECK(PKIX_List_GetLength
+                (userCheckers, &numUserCheckers, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+            for (i = 0; i < numUserCheckers; i++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                    (userCheckers,
+                    i,
+                    (PKIX_PL_Object **) &userChecker,
+                    plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_CertChainChecker_IsForwardCheckingSupported
+                    (userChecker, &supportForwarding, plContext),
+                    PKIX_CERTCHAINCHECKERISFORWARDCHECKINGSUPPORTEDFAILED);
+
+                if (supportForwarding == PKIX_FALSE) {
+
+                    PKIX_CHECK(PKIX_CertChainChecker_GetSupportedExtensions
+                        (userChecker, &userCheckerExtOIDs, plContext),
+                        PKIX_CERTCHAINCHECKERGETSUPPORTEDEXTENSIONSFAILED);
+
+                    if (userCheckerExtOIDs != NULL) {
+                        PKIX_CHECK(pkix_List_AppendList
+                            (userCritOIDs, userCheckerExtOIDs, plContext),
+                            PKIX_LISTAPPENDLISTFAILED);
+                    }
+                }
+
+                PKIX_DECREF(userCheckerExtOIDs);
+                PKIX_DECREF(userChecker);
+            }
+        }
+
+        *pUserCritOIDs = userCritOIDs;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(userCritOIDs);
+        }
+
+        PKIX_DECREF(userCheckerExtOIDs);
+        PKIX_DECREF(userChecker);
+
+        PKIX_RETURN(VALIDATE);
+}
+
+/*
+ * FUNCTION: PKIX_ValidateChain_nb (see comments in pkix.h)
+ */
+PKIX_Error *
+PKIX_ValidateChain_NB(
+        PKIX_ValidateParams *valParams,
+        PKIX_UInt32 *pCertIndex,
+        PKIX_UInt32 *pAnchorIndex,
+        PKIX_UInt32 *pCheckerIndex,
+        PKIX_Boolean *pRevChecking,
+        PKIX_List **pCheckers,
+        void **pNBIOContext,
+        PKIX_ValidateResult **pResult,
+        PKIX_VerifyNode **pVerifyTree,
+        void *plContext)
+{
+        PKIX_UInt32 numCerts = 0;
+        PKIX_UInt32 numAnchors = 0;
+        PKIX_UInt32 i = 0;
+        PKIX_UInt32 certIndex = 0;
+        PKIX_UInt32 anchorIndex = 0;
+        PKIX_UInt32 checkerIndex = 0;
+        PKIX_UInt32 reasonCode = 0;
+        PKIX_Boolean revChecking = PKIX_FALSE;
+        PKIX_List *certs = NULL;
+        PKIX_List *anchors = NULL;
+        PKIX_List *checkers = NULL;
+        PKIX_List *userCheckers = NULL;
+        PKIX_List *validateCheckedCritExtOIDsList = NULL;
+        PKIX_TrustAnchor *anchor = NULL;
+        PKIX_ValidateResult *valResult = NULL;
+        PKIX_PL_PublicKey *finalPubKey = NULL;
+        PKIX_PolicyNode *validPolicyTree = NULL;
+        PKIX_ProcessingParams *procParams = NULL;
+        PKIX_RevocationChecker *revChecker = NULL;
+        PKIX_Error *chainFailed = NULL;
+        void *nbioContext = NULL;
+
+        PKIX_ENTER(VALIDATE, "PKIX_ValidateChain_NB");
+        PKIX_NULLCHECK_FOUR
+                (valParams, pCertIndex, pAnchorIndex, pCheckerIndex);
+        PKIX_NULLCHECK_FOUR(pRevChecking, pCheckers, pNBIOContext, pResult);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        /* extract various parameters from valParams */
+        PKIX_CHECK(pkix_ExtractParameters
+                    (valParams,
+                    &certs,
+                    &numCerts,
+                    &procParams,
+                    &anchors,
+                    &numAnchors,
+                    plContext),
+                    PKIX_EXTRACTPARAMETERSFAILED);
+
+        /*
+         * Create a List of the OIDs that will be processed by the user
+         * checkers. User checkers are not responsible for removing OIDs from
+         * the List of unresolved critical extensions, as libpkix checkers are.
+         * So we add those user checkers' OIDs to the removal list to be taken
+         * out by CheckChain.
+         */
+        PKIX_CHECK(PKIX_ProcessingParams_GetCertChainCheckers
+                (procParams, &userCheckers, plContext),
+                PKIX_PROCESSINGPARAMSGETCERTCHAINCHECKERSFAILED);
+
+        PKIX_CHECK(pkix_Validate_BuildUserOIDs
+                (userCheckers, &validateCheckedCritExtOIDsList, plContext),
+                PKIX_VALIDATEBUILDUSEROIDSFAILED);
+
+        PKIX_CHECK(PKIX_ProcessingParams_GetRevocationChecker
+                (procParams, &revChecker, plContext),
+                PKIX_PROCESSINGPARAMSGETREVOCATIONCHECKERFAILED);
+
+        /* Are we resuming after a WOULDBLOCK return, or starting anew ? */
+        if (nbioContext != NULL) {
+                /* Resuming */
+                certIndex = *pCertIndex;
+                anchorIndex = *pAnchorIndex;
+                checkerIndex = *pCheckerIndex;
+                revChecking = *pRevChecking;
+                checkers = *pCheckers;
+                *pCheckers = NULL;
+        }
+
+        /* try to validate the chain with each anchor */
+        for (i = anchorIndex; i < numAnchors; i++) {
+
+                /* get trust anchor */
+                PKIX_CHECK(PKIX_List_GetItem
+                        (anchors, i, (PKIX_PL_Object **)&anchor, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                /* initialize checkers using information from trust anchor */
+                if (nbioContext == NULL) {
+                        PKIX_CHECK(pkix_InitializeCheckers
+                                (anchor,
+                                procParams,
+                                numCerts,
+                                &checkers,
+                                plContext),
+                                PKIX_INITIALIZECHECKERSFAILED);
+                }
+
+                /*
+                 * Validate the chain using this trust anchor and these
+                 * checkers.
+                 */
+                chainFailed = pkix_CheckChain
+                        (certs,
+                        numCerts,
+                        anchor,
+                        checkers,
+                        revChecker,
+                        validateCheckedCritExtOIDsList,
+                        procParams,
+                        &certIndex,
+                        &checkerIndex,
+                        &revChecking,
+                        &reasonCode,
+                        &nbioContext,
+                        &finalPubKey,
+                        &validPolicyTree,
+                        pVerifyTree,
+                        plContext);
+
+                if (nbioContext != NULL) {
+                        *pCertIndex = certIndex;
+                        *pAnchorIndex = anchorIndex;
+                        *pCheckerIndex = checkerIndex;
+                        *pRevChecking = revChecking;
+                        PKIX_INCREF(checkers);
+                        *pCheckers = checkers;
+                        *pNBIOContext = nbioContext;
+                        goto cleanup;
+                }
+
+                if (chainFailed) {
+
+                        /* cert chain failed to validate */
+
+                        PKIX_DECREF(chainFailed);
+                        PKIX_DECREF(anchor);
+                        PKIX_DECREF(checkers);
+                        PKIX_DECREF(validPolicyTree);
+
+                        /* if last anchor, we fail; else, we try next anchor */
+                        if (i == (numAnchors - 1)) { /* last anchor */
+                                PKIX_ERROR(PKIX_VALIDATECHAINFAILED);
+                        }
+
+                } else {
+
+                        /* XXX Remove this assertion after 2014-12-31.
+                         * See bug 946984. */
+                        PORT_Assert(reasonCode == 0);
+
+                        /* cert chain successfully validated! */
+                        PKIX_CHECK(pkix_ValidateResult_Create
+                                (finalPubKey,
+                                anchor,
+                                validPolicyTree,
+                                &valResult,
+                                plContext),
+                                PKIX_VALIDATERESULTCREATEFAILED);
+
+                        *pResult = valResult;
+
+                        /* no need to try any more anchors in the loop */
+                        goto cleanup;
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(finalPubKey);
+        PKIX_DECREF(certs);
+        PKIX_DECREF(anchors);
+        PKIX_DECREF(anchor);
+        PKIX_DECREF(checkers);
+        PKIX_DECREF(revChecker);
+        PKIX_DECREF(validPolicyTree);
+        PKIX_DECREF(chainFailed);
+        PKIX_DECREF(procParams);
+        PKIX_DECREF(userCheckers);
+        PKIX_DECREF(validateCheckedCritExtOIDsList);
+
+        PKIX_RETURN(VALIDATE);
+}
diff --git a/nss/lib/libpkix/pkix/top/pkix_validate.h b/nss/lib/libpkix/pkix/top/pkix_validate.h
new file mode 100755
index 0000000..7692e3b
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/pkix_validate.h
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_validate.h
+ *
+ * Header file for validateChain function
+ *
+ */
+
+#ifndef _PKIX_VALIDATE_H
+#define _PKIX_VALIDATE_H
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+PKIX_Error *
+pkix_CheckChain(
+        PKIX_List *certs,
+        PKIX_UInt32 numCerts,
+        PKIX_TrustAnchor *anchor,
+        PKIX_List *checkers,
+        PKIX_RevocationChecker *revChecker,
+        PKIX_List *buildCheckedExtOIDs,
+        PKIX_ProcessingParams *procParams,
+        PKIX_UInt32 *pCertCheckedIndex,
+        PKIX_UInt32 *pCheckerIndex,
+        PKIX_Boolean *pRevChecking,
+        PKIX_UInt32 *pReasonCode,
+        void **pNBIOContext,
+        PKIX_PL_PublicKey **pFinalSubjPubKey,
+        PKIX_PolicyNode **pPolicyTree,
+        PKIX_VerifyNode **pVerifyTree,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_VALIDATE_H */
diff --git a/nss/lib/libpkix/pkix/top/top.gyp b/nss/lib/libpkix/pkix/top/top.gyp
new file mode 100644
index 0000000..fb1b08e
--- /dev/null
+++ b/nss/lib/libpkix/pkix/top/top.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixtop',
+      'type': 'static_library',
+      'sources': [
+        'pkix_build.c',
+        'pkix_lifecycle.c',
+        'pkix_validate.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix/util/Makefile b/nss/lib/libpkix/pkix/util/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix/util/config.mk b/nss/lib/libpkix/pkix/util/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix/util/exports.gyp b/nss/lib/libpkix/pkix/util/exports.gyp
new file mode 100644
index 0000000..8318c6c
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/exports.gyp
@@ -0,0 +1,28 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_util_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_error.h',
+            'pkix_list.h',
+            'pkix_logger.h',
+            'pkix_tools.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix/util/manifest.mn b/nss/lib/libpkix/pkix/util/manifest.mn
new file mode 100755
index 0000000..9c068ae
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/manifest.mn
@@ -0,0 +1,28 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_tools.h \
+	pkix_error.h \
+	pkix_logger.h \
+	pkix_list.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_tools.c \
+	pkix_error.c \
+	pkix_logger.c \
+	pkix_list.c \
+	pkix_errpaths.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixutil
+
diff --git a/nss/lib/libpkix/pkix/util/pkix_error.c b/nss/lib/libpkix/pkix/util/pkix_error.c
new file mode 100755
index 0000000..9d730ca
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_error.c
@@ -0,0 +1,565 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_error.c
+ *
+ * Error Object Functions
+ *
+ */
+
+#include "pkix_error.h"
+
+#undef PKIX_ERRORENTRY
+
+#define PKIX_ERRORENTRY(name,desc,nsserr) #desc
+
+#if defined PKIX_ERROR_DESCRIPTION
+
+const char * const PKIX_ErrorText[] =
+{
+#include "pkix_errorstrings.h"
+};
+
+#else
+
+#include "prprf.h"
+
+#endif /* PKIX_ERROR_DESCRIPTION */
+
+extern const PKIX_Int32 PKIX_PLErrorIndex[];
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_Error_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Error_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_Error *firstError = NULL;
+        PKIX_Error *secondError = NULL;
+        PKIX_Error *firstCause = NULL;
+        PKIX_Error *secondCause = NULL;
+        PKIX_PL_Object *firstInfo = NULL;
+        PKIX_PL_Object *secondInfo = NULL;
+        PKIX_ERRORCLASS firstClass, secondClass;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean boolResult, unequalFlag;
+
+        PKIX_ENTER(ERROR, "pkix_Error_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        unequalFlag = PKIX_FALSE;
+
+        /* First just compare pointer values to save time */
+        if (firstObject == secondObject) {
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        } else {
+                /* Result will only be set to true if all tests pass */
+                *pResult = PKIX_FALSE;
+        }
+
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_ERROR_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTANERROROBJECT);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_ERRORGETTINGSECONDOBJECTTYPE);
+
+        /* If types differ, then return false. Result is already set */
+        if (secondType != PKIX_ERROR_TYPE) goto cleanup;
+
+        /* It is safe to cast to PKIX_Error */
+        firstError = (PKIX_Error *) firstObject;
+        secondError = (PKIX_Error *) secondObject;
+
+        /* Compare error codes */
+        firstClass = firstError->errClass;
+        secondClass = secondError->errClass;
+
+        /* If codes differ, return false. Result is already set */
+        if (firstClass != secondClass) goto cleanup;
+
+        /* Compare causes */
+        firstCause = firstError->cause;
+        secondCause = secondError->cause;
+
+        /* Ensure that either both or none of the causes are NULL */
+        if (((firstCause != NULL) && (secondCause == NULL))||
+            ((firstCause == NULL) && (secondCause != NULL)))
+                unequalFlag = PKIX_TRUE;
+
+        if ((firstCause != NULL) && (secondCause != NULL)) {
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object*)firstCause,
+                            (PKIX_PL_Object*)secondCause,
+                            &boolResult,
+                            plContext),
+                            PKIX_ERRORINRECURSIVEEQUALSCALL);
+
+                /* Set the unequalFlag so that we return after dec refing */
+                if (boolResult == 0) unequalFlag = PKIX_TRUE;
+        }
+
+        /* If the cause errors are not equal, return null */
+        if (unequalFlag) goto cleanup;
+
+        /* Compare info fields */
+        firstInfo = firstError->info;
+        secondInfo = secondError->info;
+
+        if (firstInfo != secondInfo) goto cleanup;
+
+        /* Ensure that either both or none of the infos are NULL */
+        if (((firstInfo != NULL) && (secondInfo == NULL))||
+            ((firstInfo == NULL) && (secondInfo != NULL)))
+                unequalFlag = PKIX_TRUE;
+
+        if ((firstInfo != NULL) && (secondInfo != NULL)) {
+
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object*)firstInfo,
+                            (PKIX_PL_Object*)secondInfo,
+                            &boolResult,
+                            plContext),
+                            PKIX_ERRORINRECURSIVEEQUALSCALL);
+
+                /* Set the unequalFlag so that we return after dec refing */
+                if (boolResult == 0) unequalFlag = PKIX_TRUE;
+        }
+
+        /* If the infos are not equal, return null */
+        if (unequalFlag) goto cleanup;
+
+
+        /* Compare descs */
+        if (firstError->errCode != secondError->errCode) {
+                unequalFlag = PKIX_TRUE;
+        }
+
+        if (firstError->plErr != secondError->plErr) {
+                unequalFlag = PKIX_TRUE;
+        }
+
+        /* If the unequalFlag was set, return false */
+        if (unequalFlag) goto cleanup;
+
+        /* Errors are equal in all fields at this point */
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(ERROR);
+}
+
+/*
+ * FUNCTION: pkix_Error_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Error_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_Error *error = NULL;
+
+        PKIX_ENTER(ERROR, "pkix_Error_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext),
+                PKIX_OBJECTNOTANERROR);
+
+        error = (PKIX_Error *)object;
+
+        PKIX_DECREF(error->cause);
+
+        PKIX_DECREF(error->info);
+
+cleanup:
+
+        PKIX_RETURN(ERROR);
+}
+
+
+/* XXX This is not thread safe */
+static PKIX_UInt32 pkix_error_cause_depth = 1;
+
+/*
+ * FUNCTION: pkix_Error_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Error_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_Error *error = NULL;
+        PKIX_Error *cause = NULL;
+        PKIX_PL_String *desc = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *causeString = NULL;
+        PKIX_PL_String *optCauseString = NULL;
+        PKIX_PL_String *errorNameString = NULL;
+        char *format = NULL;
+        PKIX_ERRORCLASS errClass;
+
+        PKIX_ENTER(ERROR, "pkix_Error_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_ERROR_TYPE, plContext),
+                PKIX_OBJECTNOTANERROR);
+
+        error = (PKIX_Error *)object;
+
+        /* Get this error's errClass, description and the string of its cause */
+        errClass = error->errClass;
+
+        /* Get the description string */
+        PKIX_Error_GetDescription(error, &desc, plContext);
+            
+        /* Get the cause */
+        cause = error->cause;
+
+        /* Get the causes's description string */
+        if (cause != NULL) {
+                pkix_error_cause_depth++;
+
+                /* Get the cause string */
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                            ((PKIX_PL_Object*)cause, &causeString, plContext),
+                            PKIX_ERRORGETTINGCAUSESTRING);
+
+                format = "\n*** Cause (%d): %s";
+
+                PKIX_CHECK(PKIX_PL_String_Create
+                            (PKIX_ESCASCII,
+                            format,
+                            0,
+                            &formatString,
+                            plContext),
+                            PKIX_STRINGCREATEFAILED);
+
+                /* Create the optional Cause String */
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (&optCauseString,
+                            plContext,
+                            formatString,
+                            pkix_error_cause_depth,
+                            causeString),
+                            PKIX_SPRINTFFAILED);
+
+                PKIX_DECREF(formatString);
+
+                pkix_error_cause_depth--;
+        }
+
+        /* Create the Format String */
+        if (optCauseString != NULL) {
+                format = "*** %s Error- %s%s";
+        } else {
+                format = "*** %s Error- %s";
+        }
+
+        /* Ensure that error errClass is known, otherwise default to Object */
+        if (errClass >= PKIX_NUMERRORCLASSES) {
+                errClass = 0;
+        }
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    (void *)PKIX_ERRORCLASSNAMES[errClass],
+                    0,
+                    &errorNameString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    format,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        /* Create the output String */
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (pString,
+                    plContext,
+                    formatString,
+                    errorNameString,
+                    desc,
+                    optCauseString),
+                    PKIX_SPRINTFFAILED);
+
+cleanup:
+
+        PKIX_DECREF(desc);
+        PKIX_DECREF(causeString);
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(optCauseString);
+        PKIX_DECREF(errorNameString);
+
+        PKIX_RETURN(ERROR);
+}
+
+/*
+ * FUNCTION: pkix_Error_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Error_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pResult,
+        void *plContext)
+{
+        PKIX_ENTER(ERROR, "pkix_Error_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pResult);
+
+        /* XXX Unimplemented */
+        /* XXX Need to make hashcodes equal when two errors are equal */
+        *pResult = (PKIX_UInt32)((char *)object - (char *)NULL);
+
+        PKIX_RETURN(ERROR);
+}
+
+/* --Initializers------------------------------------------------- */
+
+/*
+ * PKIX_ERRORCLASSNAMES is an array of strings, with each string holding a
+ * descriptive name for an error errClass. This is used by the default
+ * PKIX_PL_Error_ToString function.
+ *
+ * Note: PKIX_ERRORCLASSES is defined in pkixt.h as a list of error types.
+ * (More precisely, as a list of invocations of ERRMACRO(type).) The
+ * macro is expanded in pkixt.h to define error numbers, and here to
+ * provide corresponding strings. For example, since the fifth ERRMACRO
+ * entry is MUTEX, then PKIX_MUTEX_ERROR is defined in pkixt.h as 4, and
+ * PKIX_ERRORCLASSNAMES[4] is initialized here with the value "MUTEX".
+ */
+#undef ERRMACRO
+#define ERRMACRO(type) #type
+
+const char *
+PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES] =
+{
+    PKIX_ERRORCLASSES
+};
+
+/*
+ * FUNCTION: pkix_Error_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_ERROR_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_Error_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(ERROR, "pkix_Error_RegisterSelf");
+
+        entry.description = "Error";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_Error);
+        entry.destructor = pkix_Error_Destroy;
+        entry.equalsFunction = pkix_Error_Equals;
+        entry.hashcodeFunction = pkix_Error_Hashcode;
+        entry.toStringFunction = pkix_Error_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_ERROR_TYPE] = entry;
+
+        PKIX_RETURN(ERROR);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_Error_Create (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Error_Create(
+        PKIX_ERRORCLASS errClass,
+        PKIX_Error *cause,
+        PKIX_PL_Object *info,
+        PKIX_ERRORCODE errCode,
+        PKIX_Error **pError,
+        void *plContext)
+{
+        PKIX_Error *tempCause = NULL;
+        PKIX_Error *error = NULL;
+
+        PKIX_ENTER(ERROR, "PKIX_Error_Create");
+
+        PKIX_NULLCHECK_ONE(pError);
+
+        /*
+         * when called here, if PKIX_PL_Object_Alloc returns an error,
+         * it must be a PKIX_ALLOC_ERROR
+         */
+        pkixErrorResult = PKIX_PL_Object_Alloc
+                (PKIX_ERROR_TYPE,
+                ((PKIX_UInt32)(sizeof (PKIX_Error))),
+                (PKIX_PL_Object **)&error,
+                plContext);
+
+        if (pkixErrorResult) return (pkixErrorResult);
+
+        error->errClass = errClass;
+
+        /* Ensure we don't have a loop. Follow causes until NULL */
+        for (tempCause = cause;
+            tempCause != NULL;
+            tempCause = tempCause->cause) {
+                /* If we detect a loop, throw a new error */
+                if (tempCause == error) {
+                        PKIX_ERROR(PKIX_LOOPOFERRORCAUSEDETECTED);
+                }
+        }
+
+        PKIX_INCREF(cause);
+        error->cause = cause;
+
+        PKIX_INCREF(info);
+        error->info = info;
+
+        error->errCode = errCode;
+
+        error->plErr = PKIX_PLErrorIndex[error->errCode];
+
+        *pError = error;
+        error = NULL;
+
+cleanup:
+        /* PKIX-XXX Fix for leak during error creation */
+        PKIX_DECREF(error);
+
+        PKIX_RETURN(ERROR);
+}
+
+/*
+ * FUNCTION: PKIX_Error_GetErrorClass (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Error_GetErrorClass(
+        PKIX_Error *error,
+        PKIX_ERRORCLASS *pClass,
+        void *plContext)
+{
+        PKIX_ENTER(ERROR, "PKIX_Error_GetErrorClass");
+        PKIX_NULLCHECK_TWO(error, pClass);
+
+        *pClass = error->errClass;
+
+        PKIX_RETURN(ERROR);
+}
+
+/*
+ * FUNCTION: PKIX_Error_GetErrorCode (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Error_GetErrorCode(
+        PKIX_Error *error,
+        PKIX_ERRORCODE *pCode,
+        void *plContext)
+{
+        PKIX_ENTER(ERROR, "PKIX_Error_GetErrorCode");
+        PKIX_NULLCHECK_TWO(error, pCode);
+
+        *pCode = error->errCode;
+
+        PKIX_RETURN(ERROR);
+}
+
+/*
+ * FUNCTION: PKIX_Error_GetCause (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Error_GetCause(
+        PKIX_Error *error,
+        PKIX_Error **pCause,
+        void *plContext)
+{
+        PKIX_ENTER(ERROR, "PKIX_Error_GetCause");
+        PKIX_NULLCHECK_TWO(error, pCause);
+
+        if (error->cause != PKIX_ALLOC_ERROR()){
+                PKIX_INCREF(error->cause);
+        }
+
+        *pCause = error->cause;
+
+cleanup:
+        PKIX_RETURN(ERROR);
+}
+
+/*
+ * FUNCTION: PKIX_Error_GetSupplementaryInfo (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Error_GetSupplementaryInfo(
+        PKIX_Error *error,
+        PKIX_PL_Object **pInfo,
+        void *plContext)
+{
+        PKIX_ENTER(ERROR, "PKIX_Error_GetSupplementaryInfo");
+        PKIX_NULLCHECK_TWO(error, pInfo);
+
+        PKIX_INCREF(error->info);
+
+        *pInfo = error->info;
+
+cleanup:
+        PKIX_RETURN(ERROR);
+}
+
+/*
+ * FUNCTION: PKIX_Error_GetDescription (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Error_GetDescription(
+        PKIX_Error *error,
+        PKIX_PL_String **pDesc,
+        void *plContext)
+{
+        PKIX_PL_String *descString = NULL;
+#ifndef PKIX_ERROR_DESCRIPTION
+        char errorStr[32];
+#endif
+
+        PKIX_ENTER(ERROR, "PKIX_Error_GetDescription");
+        PKIX_NULLCHECK_TWO(error, pDesc);
+
+#ifndef PKIX_ERROR_DESCRIPTION
+        PR_snprintf(errorStr, 32, "Error code: %d", error->errCode);
+#endif
+
+        PKIX_PL_String_Create(PKIX_ESCASCII,
+#if defined PKIX_ERROR_DESCRIPTION
+                              (void *)PKIX_ErrorText[error->errCode],
+#else
+                              errorStr,
+#endif
+                              0,
+                              &descString,
+                              plContext);
+
+        *pDesc = descString;
+
+        PKIX_RETURN(ERROR);
+}
diff --git a/nss/lib/libpkix/pkix/util/pkix_error.h b/nss/lib/libpkix/pkix/util/pkix_error.h
new file mode 100755
index 0000000..ca4171a
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_error.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_error.h
+ *
+ * Error Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_ERROR_H
+#define _PKIX_ERROR_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_ErrorStruct {
+        PKIX_ERRORCODE errCode;
+        PKIX_ERRORCLASS errClass;  /* was formerly "code" */
+        PKIX_Int32 plErr;
+        PKIX_Error *cause;
+        PKIX_PL_Object *info;
+};
+
+/* see source file for function documentation */
+
+extern PKIX_Error * pkix_Error_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_ERROR_H */
diff --git a/nss/lib/libpkix/pkix/util/pkix_errpaths.c b/nss/lib/libpkix/pkix/util/pkix_errpaths.c
new file mode 100644
index 0000000..a33ccf7
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_errpaths.c
@@ -0,0 +1,103 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_errpaths.c
+ *
+ * Error Handling Helper Functions
+ *
+ */
+
+#define PKIX_STDVARS_POINTER
+#include "pkix_error.h"
+
+const PKIX_StdVars zeroStdVars;
+
+PKIX_Error*
+PKIX_DoThrow(PKIX_StdVars * stdVars, PKIX_ERRORCLASS errClass, 
+             PKIX_ERRORCODE errCode, PKIX_ERRORCLASS overrideClass,
+             void *plContext)
+{
+    if (!pkixErrorReceived && !pkixErrorResult && pkixErrorList) { 
+        pkixTempResult = PKIX_List_GetItem(pkixErrorList, 0, 
+                         (PKIX_PL_Object**)&pkixReturnResult,
+                                           plContext); 
+    } else { 
+        pkixTempResult = (PKIX_Error*)pkix_Throw(errClass, myFuncName, errCode,
+                                                 overrideClass, pkixErrorResult,
+                                                 &pkixReturnResult, plContext);
+    }
+    if (pkixReturnResult) {
+        if (pkixErrorResult != PKIX_ALLOC_ERROR()) {
+            PKIX_DECREF(pkixErrorResult);
+        }
+        pkixTempResult = pkixReturnResult;
+    } else if (pkixErrorResult) {
+        if (pkixTempResult != PKIX_ALLOC_ERROR()) {
+            PKIX_DECREF(pkixTempResult);
+        }
+        pkixTempResult = pkixErrorResult;
+    }
+    if (pkixErrorList) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object*)pkixErrorList, plContext);
+        pkixErrorList = NULL;
+    }
+    return pkixTempResult;
+}
+
+PKIX_Error *
+PKIX_DoReturn(PKIX_StdVars * stdVars, PKIX_ERRORCLASS errClass,
+              PKIX_Boolean doLogger, void *plContext)
+{
+    PKIX_OBJECT_UNLOCK(lockedObject);
+    if (pkixErrorReceived || pkixErrorResult || pkixErrorList)
+	return PKIX_DoThrow(stdVars, errClass, pkixErrorCode, pkixErrorClass,
+                             plContext);
+    /* PKIX_DEBUG_EXIT(type); */
+    if (doLogger)
+	_PKIX_DEBUG_TRACE(pkixLoggersDebugTrace, "<<<", PKIX_LOGGER_LEVEL_TRACE);
+    return NULL;
+}
+
+/* PKIX_DoAddError - creates the list of received error if it does not exist
+ * yet and adds newly received error into the list. */
+void
+PKIX_DoAddError(PKIX_StdVars *stdVars, PKIX_Error *error, void * plContext)
+{
+    PKIX_List *localList = NULL;
+    PKIX_Error *localError = NULL;
+    PKIX_Boolean listCreated = PKIX_FALSE;
+
+    if (!pkixErrorList) {
+        localError = PKIX_List_Create(&localList, plContext);
+        if (localError)
+            goto cleanup;
+        listCreated = PKIX_TRUE;
+    } else {
+        localList = pkixErrorList;
+    }
+
+    localError = PKIX_List_AppendItem(localList, (PKIX_PL_Object*)error,
+                                      plContext);
+    PORT_Assert (localError == NULL);
+    if (localError != NULL) {
+        if (listCreated) {
+            /* ignore the error code of DecRef function */
+            PKIX_PL_Object_DecRef((PKIX_PL_Object*)localList, plContext);
+            localList = NULL;
+        }
+    } else {
+        pkixErrorList = localList;
+    }
+
+cleanup:
+
+    if (localError && localError != PKIX_ALLOC_ERROR()) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object*)localError, plContext);
+    }
+
+    if (error && error != PKIX_ALLOC_ERROR()) {
+        PKIX_PL_Object_DecRef((PKIX_PL_Object*)error, plContext);
+    }
+}
+
diff --git a/nss/lib/libpkix/pkix/util/pkix_list.c b/nss/lib/libpkix/pkix/util/pkix_list.c
new file mode 100755
index 0000000..d02b66e
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_list.c
@@ -0,0 +1,1701 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_list.c
+ *
+ * List Object Functions
+ *
+ */
+
+#include "pkix_list.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_List_Create_Internal
+ * DESCRIPTION:
+ *
+ *  Creates a new List, using the Boolean value of "isHeader" to determine
+ *  whether the new List should be a header, and stores it at "pList". The
+ *  List is initially empty and holds no items. To initially add items to
+ *  the List, use PKIX_List_AppendItem.
+ *
+ * PARAMETERS:
+ *  "isHeader"
+ *      Boolean value indicating whether new List should be a header.
+ *  "pList"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_List_Create_Internal(
+        PKIX_Boolean isHeader,
+        PKIX_List **pList,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+
+        PKIX_ENTER(LIST, "pkix_List_Create_Internal");
+        PKIX_NULLCHECK_ONE(pList);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_LIST_TYPE,
+                    ((PKIX_UInt32)(sizeof (PKIX_List))),
+                    (PKIX_PL_Object **)&list, plContext),
+                    PKIX_ERRORCREATINGLISTITEM);
+
+        list->item = NULL;
+        list->next = NULL;
+        list->immutable = PKIX_FALSE;
+        list->length = 0;
+        list->isHeader = isHeader;
+
+        *pList = list;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_List_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+        PKIX_List *nextItem = NULL;
+
+        PKIX_ENTER(LIST, "pkix_List_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a list */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
+                    PKIX_OBJECTNOTLIST);
+
+        list = (PKIX_List *)object;
+
+        /* We have a valid list. DecRef its item and recurse on next */
+        PKIX_DECREF(list->item);
+        while ((nextItem = list->next) != NULL) {
+            list->next = nextItem->next;
+            nextItem->next = NULL;
+            PKIX_DECREF(nextItem);
+        }      
+        list->immutable = PKIX_FALSE;
+        list->length = 0;
+        list->isHeader = PKIX_FALSE;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of the List pointed
+ *  to by "list" and stores its address in the object pointed to by "pString".
+ *
+ * PARAMETERS
+ *  "list"
+ *      Address of List whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address of object pointer's destination. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a List Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_List_ToString_Helper(
+        PKIX_List *list,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *itemString = NULL;
+        PKIX_PL_String *nextString = NULL;
+        PKIX_PL_String *format = NULL;
+        PKIX_Boolean empty;
+
+        PKIX_ENTER(LIST, "pkix_List_ToString_Helper");
+        PKIX_NULLCHECK_TWO(list, pString);
+
+        /* special case when list is the header */
+        if (list->isHeader){
+
+                PKIX_CHECK(PKIX_List_IsEmpty(list, &empty, plContext),
+                            PKIX_LISTISEMPTYFAILED);
+
+                if (empty){
+                        PKIX_CHECK(PKIX_PL_String_Create
+                                    (PKIX_ESCASCII,
+                                    "EMPTY",
+                                    0,
+                                    &itemString,
+                                    plContext),
+                                    PKIX_ERRORCREATINGITEMSTRING);
+                        (*pString) = itemString;
+                        PKIX_DEBUG_EXIT(LIST);
+                        return (NULL);
+                } else {
+                        PKIX_CHECK(pkix_List_ToString_Helper
+                                    (list->next, &itemString, plContext),
+                                    PKIX_LISTTOSTRINGHELPERFAILED);
+                }
+
+                /* Create a string object from the format */
+                PKIX_CHECK(PKIX_PL_String_Create
+                            (PKIX_ESCASCII, "%s", 0, &format, plContext),
+                            PKIX_STRINGCREATEFAILED);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (pString, plContext, format, itemString),
+                            PKIX_SPRINTFFAILED);
+        } else {
+                /* Get a string for this list's item */
+                if (list->item == NULL) {
+                        PKIX_CHECK(PKIX_PL_String_Create
+                                    (PKIX_ESCASCII,
+                                    "(null)",
+                                    0,
+                                    &itemString,
+                                    plContext),
+                                    PKIX_STRINGCREATEFAILED);
+                } else {
+                        PKIX_CHECK(PKIX_PL_Object_ToString
+                                    ((PKIX_PL_Object*)list->item,
+                                    &itemString,
+                                    plContext),
+                                    PKIX_OBJECTTOSTRINGFAILED);
+                }
+                if (list->next == NULL) {
+                        /* Just return the itemstring */
+                        (*pString) = itemString;
+                        PKIX_DEBUG_EXIT(LIST);
+                        return (NULL);
+                }
+
+                /* Recursive call to get string for this list's next pointer */
+                PKIX_CHECK(pkix_List_ToString_Helper
+                            (list->next, &nextString, plContext),
+                            PKIX_LISTTOSTRINGHELPERFAILED);
+
+                /* Create a string object from the format */
+                PKIX_CHECK(PKIX_PL_String_Create
+                            (PKIX_ESCASCII,
+                            "%s, %s",
+                            0,
+                            &format,
+                            plContext),
+                            PKIX_STRINGCREATEFAILED);
+
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (pString,
+                            plContext,
+                            format,
+                            itemString,
+                            nextString),
+                            PKIX_SPRINTFFAILED);
+        }
+
+cleanup:
+
+        PKIX_DECREF(itemString);
+        PKIX_DECREF(nextString);
+        PKIX_DECREF(format);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_List_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+        PKIX_PL_String *listString = NULL;
+        PKIX_PL_String *format = NULL;
+
+        PKIX_ENTER(LIST, "pkix_List_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
+                    PKIX_OBJECTNOTLIST);
+
+        list = (PKIX_List *)object;
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        PKIX_CHECK(pkix_List_ToString_Helper(list, &listString, plContext),
+                    PKIX_LISTTOSTRINGHELPERFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII, "(%s)", 0, &format, plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf(pString, plContext, format, listString),
+                    PKIX_SPRINTFFAILED);
+
+cleanup:
+
+        PKIX_DECREF(listString);
+        PKIX_DECREF(format);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_List_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_List *firstList = NULL;
+        PKIX_List *secondList = NULL;
+        PKIX_UInt32 firstLength = 0;
+        PKIX_UInt32 secondLength = 0;
+        PKIX_PL_Object *firstItem = NULL;
+        PKIX_PL_Object *secondItem = NULL;
+        PKIX_UInt32 i = 0;
+
+        PKIX_ENTER(LIST, "pkix_List_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        /* test that first is a List */
+        PKIX_CHECK(pkix_CheckType(first, PKIX_LIST_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTLIST);
+
+        /*
+         * Since we know first is a List, if both references are
+         * identical, they must be equal
+         */
+        if (first == second){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If second isn't a List, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_LIST_TYPE) goto cleanup;
+
+        firstList = (PKIX_List *)first;
+        secondList = (PKIX_List *)second;
+
+        if ((!firstList->isHeader) && (!secondList->isHeader)){
+                PKIX_ERROR(PKIX_INPUTLISTSMUSTBELISTHEADERS);
+        }
+
+        firstLength = firstList->length;
+        secondLength = secondList->length;
+
+        cmpResult = PKIX_FALSE;
+        if (firstLength == secondLength){
+                for (i = 0, cmpResult = PKIX_TRUE;
+                    ((i < firstLength) && cmpResult);
+                    i++){
+                        PKIX_CHECK(PKIX_List_GetItem
+                                    (firstList, i, &firstItem, plContext),
+                                    PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                                    (secondList, i, &secondItem, plContext),
+                                    PKIX_LISTGETITEMFAILED);
+
+                        if ((!firstItem && secondItem) ||
+                            (firstItem && !secondItem)){
+                                        cmpResult = PKIX_FALSE;
+                        } else if (!firstItem && !secondItem){
+                                continue;
+                        } else {
+                                PKIX_CHECK(PKIX_PL_Object_Equals
+                                            (firstItem,
+                                            secondItem,
+                                            &cmpResult,
+                                            plContext),
+                                            PKIX_OBJECTEQUALSFAILED);
+
+                                PKIX_DECREF(firstItem);
+                                PKIX_DECREF(secondItem);
+                        }
+                }
+        }
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_DECREF(firstItem);
+        PKIX_DECREF(secondItem);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_List_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+        PKIX_PL_Object *element = NULL;
+        PKIX_UInt32 hash = 0;
+        PKIX_UInt32 tempHash = 0;
+        PKIX_UInt32 length, i;
+
+        PKIX_ENTER(LIST, "pkix_List_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
+                    PKIX_OBJECTNOTLIST);
+
+        list = (PKIX_List *)object;
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        length = list->length;
+
+        for (i = 0; i < length; i++){
+                PKIX_CHECK(PKIX_List_GetItem(list, i, &element, plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                if (!element){
+                        tempHash = 100;
+                } else {
+                        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                                    (element, &tempHash, plContext),
+                                    PKIX_LISTHASHCODEFAILED);
+                }
+
+                hash = 31 * hash + tempHash;
+
+                PKIX_DECREF(element);
+        }
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_DECREF(element);
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_List_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+        PKIX_List *listDuplicate = NULL;
+
+        PKIX_ENTER(LIST, "pkix_List_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LIST_TYPE, plContext),
+                    PKIX_OBJECTNOTLIST);
+
+        list = (PKIX_List *)object;
+
+        if (list->immutable){
+                PKIX_CHECK(pkix_duplicateImmutable
+                            (object, pNewObject, plContext),
+                            PKIX_DUPLICATEIMMUTABLEFAILED);
+        } else {
+
+                PKIX_CHECK(pkix_List_Create_Internal
+                            (list->isHeader, &listDuplicate, plContext),
+                            PKIX_LISTCREATEINTERNALFAILED);
+
+                listDuplicate->length = list->length;
+
+                PKIX_INCREF(list->item);
+                listDuplicate->item = list->item;
+
+                if (list->next == NULL){
+                        listDuplicate->next = NULL;
+                } else {
+                        /* Recursively Duplicate list */
+                        PKIX_CHECK(pkix_List_Duplicate
+                                    ((PKIX_PL_Object *)list->next,
+                                    (PKIX_PL_Object **)&listDuplicate->next,
+                                    plContext),
+                                    PKIX_LISTDUPLICATEFAILED);
+                }
+
+                *pNewObject = (PKIX_PL_Object *)listDuplicate;
+        }
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(listDuplicate);
+        }
+
+        PKIX_RETURN(LIST);
+}
+
+
+/*
+ * FUNCTION: pkix_List_GetElement
+ * DESCRIPTION:
+ *
+ *  Copies the "list"'s element at "index" into "element". The input List must
+ *  be the header of the List (as opposed to being an element of the List). The
+ *  index counts from zero and must be less than the List's length. This
+ *  function does NOT increment the reference count of the List element since
+ *  the returned element's reference will not be stored by the calling
+ *  function.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Address of List (must be header) to get element from. Must be non-NULL.
+ *  "index"
+ *      Index of list to get element from. Must be less than List's length.
+ *  "pElement"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_List_GetElement(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        PKIX_List **pElement,
+        void *plContext)
+{
+        PKIX_List *iterator = NULL;
+        PKIX_UInt32 length;
+        PKIX_UInt32 position = 0;
+
+        PKIX_ENTER(LIST, "pkix_List_GetElement");
+        PKIX_NULLCHECK_TWO(list, pElement);
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        length = list->length;
+
+        if (index >= length) {
+                PKIX_ERROR(PKIX_INDEXOUTOFBOUNDS);
+        }
+
+        for (iterator = list; position++ <= index; iterator = iterator->next)
+                ;
+
+        (*pElement) = iterator;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+
+/*
+ * FUNCTION: pkix_List_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_LIST_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_List_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(LIST, "pkix_List_RegisterSelf");
+
+        entry.description = "List";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_List);
+        entry.destructor = pkix_List_Destroy;
+        entry.equalsFunction = pkix_List_Equals;
+        entry.hashcodeFunction = pkix_List_Hashcode;
+        entry.toStringFunction = pkix_List_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_List_Duplicate;
+
+        systemClasses[PKIX_LIST_TYPE] = entry;
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_Contains
+ * DESCRIPTION:
+ *
+ *  Checks a List pointed to by "list", to determine whether it includes
+ *  an entry that is equal to the Object pointed to by "object", and stores
+ *  the result in "pFound".
+ *
+ * PARAMETERS:
+ *  "list"
+ *      List to be searched; may be empty; must be non-NULL
+ *  "object"
+ *      Object to be checked for; must be non-NULL
+ *  "pFound"
+ *      Address where the result of the search will be stored. Must
+ *      be non-NULL
+ *  "plContext"
+ *      platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_Contains(
+        PKIX_List *list,
+        PKIX_PL_Object *object,
+        PKIX_Boolean *pFound,
+        void *plContext)
+{
+        PKIX_PL_Object *current = NULL;
+        PKIX_UInt32 numEntries = 0;
+        PKIX_UInt32 index = 0;
+        PKIX_Boolean match = PKIX_FALSE;
+
+        PKIX_ENTER(LIST, "pkix_List_Contains");
+        PKIX_NULLCHECK_THREE(list, object, pFound);
+
+        PKIX_CHECK(PKIX_List_GetLength(list, &numEntries, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (index = 0; index < numEntries; index++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                        (list, index, &current, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                if (current) {
+                        PKIX_CHECK(PKIX_PL_Object_Equals
+                                (object, current, &match, plContext),
+                                PKIX_OBJECTEQUALSFAILED);
+
+                        PKIX_DECREF(current);
+                }
+
+                if (match) {
+                        break;
+                }
+        }
+
+        *pFound = match;
+
+cleanup:
+
+        PKIX_DECREF(current);
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_Remove
+ * DESCRIPTION:
+ *
+ *  Traverses the List pointed to by "list", to find and delete an entry
+ *  that is equal to the Object pointed to by "object". If no such entry
+ *  is found the function does not return an error.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      List to be searched; may be empty; must be non-NULL
+ *  "object"
+ *      Object to be checked for and deleted, if found; must be non-NULL
+ *  "plContext"
+ *      platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Validate Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_Remove(
+        PKIX_List *list,
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Object *current = NULL;
+        PKIX_UInt32 numEntries = 0;
+        PKIX_UInt32 index = 0;
+        PKIX_Boolean match = PKIX_FALSE;
+
+        PKIX_ENTER(LIST, "pkix_List_Remove");
+        PKIX_NULLCHECK_TWO(list, object);
+
+        PKIX_CHECK(PKIX_List_GetLength(list, &numEntries, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (index = 0; index < numEntries; index++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                        (list, index, &current, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                if (current) {
+                        PKIX_CHECK(PKIX_PL_Object_Equals
+                                (object, current, &match, plContext),
+                                PKIX_OBJECTEQUALSFAILED);
+
+                        PKIX_DECREF(current);
+                }
+
+                if (match) {
+                        PKIX_CHECK(PKIX_List_DeleteItem
+                                (list, index, plContext),
+                                PKIX_LISTDELETEITEMFAILED);
+                        break;
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(current);
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_RemoveItems
+ * DESCRIPTION:
+ *
+ *  Traverses the List pointed to by "list", to find and delete an entry
+ *  that is equal to the Object in the "deleteList". If no such entry
+ *  is found the function does not return an error.
+ *
+ * PARAMETERS:
+ *  "list"
+ *      Object in "list" is checked for object in "deleteList" and deleted if
+ *      found; may be empty; must be non-NULL
+ *  "deleteList"
+ *      List of objects to be searched ; may be empty; must be non-NULL
+ *  "plContext"
+ *      platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Validate Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_RemoveItems(
+        PKIX_List *list,
+        PKIX_List *deleteList,
+        void *plContext)
+{
+        PKIX_PL_Object *current = NULL;
+        PKIX_UInt32 numEntries = 0;
+        PKIX_UInt32 index = 0;
+
+        PKIX_ENTER(LIST, "pkix_List_RemoveItems");
+        PKIX_NULLCHECK_TWO(list, deleteList);
+
+        PKIX_CHECK(PKIX_List_GetLength(deleteList, &numEntries, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (index = 0; index < numEntries; index++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                        (deleteList, index, &current, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                if (current) {
+                        PKIX_CHECK(pkix_List_Remove
+                                (list, current, plContext),
+                                PKIX_OBJECTEQUALSFAILED);
+
+                        PKIX_DECREF(current);
+                }
+        }
+
+cleanup:
+
+        PKIX_DECREF(current);
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_MergeLists
+ * DESCRIPTION:
+ *
+ *  Creates a new list consisting of the items from "firstList", followed by
+ *  the items on "secondList", returns the new list at "pMergedList". If
+ *  both input lists are NULL or empty, the result is an empty list. If an error
+ *  occurs, the result is NULL.
+ *
+ * PARAMETERS:
+ *  "firstList"
+ *      Address of list to be merged from. May be NULL or empty.
+ *  "secondList"
+ *      Address of list to be merged from. May be NULL or empty.
+ *  "pMergedList"
+ *      Address where returned object is stored.
+ *  "plContext"
+ *      platform-specific context pointer * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a List Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_MergeLists(
+        PKIX_List *firstList,
+        PKIX_List *secondList,
+        PKIX_List **pMergedList,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+        PKIX_PL_Object *item = NULL;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(LIST, "pkix_List_MergeLists");
+        PKIX_NULLCHECK_ONE(pMergedList);
+
+        *pMergedList = NULL;
+
+        PKIX_CHECK(PKIX_List_Create(&list, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        if (firstList != NULL) {
+
+                PKIX_CHECK(PKIX_List_GetLength(firstList, &numItems, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+        }
+
+        for (i = 0; i < numItems; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem(firstList, i, &item, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem(list, item, plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(item);
+        }
+
+        numItems = 0;
+        if (secondList != NULL) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (secondList,
+                        &numItems,
+                        plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+        }
+
+        for (i = 0; i < numItems; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (secondList, i, &item, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                        (list, item, plContext), PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(item);
+        }
+
+        *pMergedList = list;
+        list = NULL;
+
+cleanup:
+        PKIX_DECREF(list);
+        PKIX_DECREF(item);
+ 
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_AppendList
+ * DESCRIPTION:
+ *
+ *  Append items on "fromList" to the "toList". Item reference count on
+ *  "toList" is not incremented, but items appended from "fromList" are
+ *  incremented.
+ *
+ * PARAMETERS:
+ *  "toList"
+ *      Address of list to be appended to. Must be non-NULL.
+ *  "fromList"
+ *      Address of list to be appended from. May be NULL or empty.
+ *  "plContext"
+ *      platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a List Error if the functions fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_AppendList(
+        PKIX_List *toList,
+        PKIX_List *fromList,
+        void *plContext)
+{
+        PKIX_PL_Object *item = NULL;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(LIST, "pkix_List_AppendList");
+        PKIX_NULLCHECK_ONE(toList);
+
+        /* if fromList is NULL or is an empty list, no action */
+
+        if (fromList == NULL) {
+                goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_List_GetLength(fromList, &numItems, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+        if (numItems == 0) {
+                goto cleanup;
+        }
+
+        for (i = 0; i < numItems; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (fromList, i, &item, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem(toList, item, plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(item);
+        }
+
+cleanup:
+
+        PKIX_DECREF(item);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_AppendUnique
+ * DESCRIPTION:
+ *
+ *  Adds each Object in the List pointed to by "fromList" to the List pointed
+ *  to by "toList", if it is not already a member of that List. In other words,
+ *  "toList" becomes the union of the two sets.
+ *
+ * PARAMETERS:
+ *  "toList"
+ *      Address of a List of Objects to be augmented by "fromList". Must be
+ *      non-NULL, but may be empty.
+ *  "fromList"
+ *      Address of a List of Objects to be added, if not already present, to
+ *      "toList". Must be non-NULL, but may be empty.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "toList"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_AppendUnique(
+        PKIX_List *toList,
+        PKIX_List *fromList,
+        void *plContext)
+{
+        PKIX_Boolean isContained = PKIX_FALSE;
+        PKIX_UInt32 listLen = 0;
+        PKIX_UInt32 listIx = 0;
+        PKIX_PL_Object *object = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_List_AppendUnique");
+        PKIX_NULLCHECK_TWO(fromList, toList);
+
+        PKIX_CHECK(PKIX_List_GetLength(fromList, &listLen, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (listIx = 0; listIx < listLen; listIx++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (fromList, listIx, &object, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(pkix_List_Contains
+                        (toList, object, &isContained, plContext),
+                        PKIX_LISTCONTAINSFAILED);
+
+                if (isContained == PKIX_FALSE) {
+                        PKIX_CHECK(PKIX_List_AppendItem
+                                (toList, object, plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                }
+
+                PKIX_DECREF(object);
+        }
+
+cleanup:
+
+        PKIX_DECREF(object);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_QuickSort
+ * DESCRIPTION:
+ *
+ *  Sorts List of Objects "fromList" using "comparatorCallback"'s result as
+ *  comasrison key and returns the sorted List at "pSortedList". The sorting
+ *  algorithm used is quick sort (n*logn).
+ *
+ * PARAMETERS:
+ *  "fromList"
+ *      Address of a List of Objects to be sorted. Must be non-NULL, but may be
+ *      empty.
+ *  "comparatorCallback"
+ *      Address of callback function that will compare two Objects on the List.
+ *      It should return -1 for less, 0 for equal and 1 for greater. The
+ *      callback implementation chooses what in Objects to be compared. Must be
+ *      non-NULL.
+ *  "pSortedList"
+ *      Address of a List of Objects that shall be sorted and returned. Must be
+ *      non-NULL, but may be empty.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "toList"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_QuickSort(
+        PKIX_List *fromList,
+        PKIX_List_SortComparatorCallback comparator,
+        PKIX_List **pSortedList,
+        void *plContext)
+{
+        PKIX_List *sortedList = NULL;
+        PKIX_List *lessList = NULL;
+        PKIX_List *greaterList = NULL;
+        PKIX_List *sortedLessList = NULL;
+        PKIX_List *sortedGreaterList = NULL;
+        PKIX_PL_Object *object = NULL;
+        PKIX_PL_Object *cmpObj = NULL;
+        PKIX_Int32 cmpResult = 0;
+        PKIX_UInt32 size = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(BUILD, "pkix_List_QuickSort");
+        PKIX_NULLCHECK_THREE(fromList, comparator, pSortedList);
+
+        PKIX_CHECK(PKIX_List_GetLength(fromList, &size, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        PKIX_CHECK(PKIX_List_Create(&lessList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_Create(&greaterList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetItem
+                (fromList, 0, &object, plContext),
+                PKIX_LISTGETITEMFAILED);
+
+        /*
+         * Pick the first item on the list as the one to be compared.
+         * Separate rest of the itmes into two lists: less-than or greater-
+         * than lists. Sort those two lists recursively. Insert sorted
+         * less-than list before the picked item and append the greater-
+         * than list after the picked item.
+         */
+        for (i = 1; i < size; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (fromList, i, &cmpObj, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(comparator(object, cmpObj, &cmpResult, plContext),
+                        PKIX_COMPARATORCALLBACKFAILED);
+
+                if (cmpResult >= 0) {
+                        PKIX_CHECK(PKIX_List_AppendItem
+                                (lessList, cmpObj, plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                } else {
+                        PKIX_CHECK(PKIX_List_AppendItem
+                                (greaterList, cmpObj, plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                }
+                PKIX_DECREF(cmpObj);
+        }
+
+        PKIX_CHECK(PKIX_List_Create(&sortedList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(lessList, &size, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        if (size > 1) {
+
+                PKIX_CHECK(pkix_List_QuickSort
+                        (lessList, comparator, &sortedLessList, plContext),
+                        PKIX_LISTQUICKSORTFAILED);
+
+                PKIX_CHECK(pkix_List_AppendList
+                        (sortedList, sortedLessList, plContext),
+                        PKIX_LISTAPPENDLISTFAILED);
+        } else {
+                PKIX_CHECK(pkix_List_AppendList
+                        (sortedList, lessList, plContext),
+                        PKIX_LISTAPPENDLISTFAILED);
+        }
+
+        PKIX_CHECK(PKIX_List_AppendItem(sortedList, object, plContext),
+                PKIX_LISTAPPENDFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(greaterList, &size, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        if (size > 1) {
+
+                PKIX_CHECK(pkix_List_QuickSort
+                        (greaterList, comparator, &sortedGreaterList, plContext),
+                        PKIX_LISTQUICKSORTFAILED);
+
+                PKIX_CHECK(pkix_List_AppendList
+                        (sortedList, sortedGreaterList, plContext),
+                        PKIX_LISTAPPENDLISTFAILED);
+        } else {
+                PKIX_CHECK(pkix_List_AppendList
+                        (sortedList, greaterList, plContext),
+                        PKIX_LISTAPPENDLISTFAILED);
+        }
+
+        *pSortedList = sortedList;
+
+cleanup:
+
+        PKIX_DECREF(cmpObj);
+        PKIX_DECREF(object);
+        PKIX_DECREF(sortedGreaterList);
+        PKIX_DECREF(sortedLessList);
+        PKIX_DECREF(greaterList);
+        PKIX_DECREF(lessList);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: pkix_List_BubbleSort
+ * DESCRIPTION:
+ *
+ *  Sorts List of Objects "fromList" using "comparatorCallback"'s result as
+ *  comasrison key and returns the sorted List at "pSortedList". The sorting
+ *  algorithm used is bubble sort (n*n).
+ *
+ * PARAMETERS:
+ *  "fromList"
+ *      Address of a List of Objects to be sorted. Must be non-NULL, but may be
+ *      empty.
+ *  "comparatorCallback"
+ *      Address of callback function that will compare two Objects on the List.
+ *      It should return -1 for less, 0 for equal and 1 for greater. The
+ *      callback implementation chooses what in Objects to be compared. Must be
+ *      non-NULL.
+ *  "pSortedList"
+ *      Address of a List of Objects that shall be sorted and returned. Must be
+ *      non-NULL, but may be empty.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "toList"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_List_BubbleSort(
+        PKIX_List *fromList,
+        PKIX_List_SortComparatorCallback comparator,
+        PKIX_List **pSortedList,
+        void *plContext)
+{
+        PKIX_List *sortedList = NULL;
+        PKIX_PL_Object *cmpObj = NULL;
+        PKIX_PL_Object *leastObj = NULL;
+        PKIX_Int32 cmpResult = 0;
+        PKIX_UInt32 size = 0;
+        PKIX_UInt32 i, j;
+
+        PKIX_ENTER(BUILD, "pkix_List_BubbleSort");
+        PKIX_NULLCHECK_THREE(fromList, comparator, pSortedList);
+        
+        if (fromList->immutable) {
+            PKIX_ERROR(PKIX_CANNOTSORTIMMUTABLELIST);
+        }
+        PKIX_CHECK(pkix_List_Duplicate
+                ((PKIX_PL_Object *) fromList,
+                (PKIX_PL_Object **) &sortedList,
+                 plContext),
+                PKIX_LISTDUPLICATEFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(sortedList, &size, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        if (size > 1) {
+
+        /*
+         * Move from the first of the item on the list, For each iteration,
+         * compare and swap the least value to the head of the comparisoning
+         * sub-list.
+         */
+            for (i = 0; i < size - 1; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (sortedList, i, &leastObj, plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                for (j = i + 1; j < size; j++) {
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (sortedList, j, &cmpObj, plContext),
+                                PKIX_LISTGETITEMFAILED);
+                        PKIX_CHECK(comparator
+                                (leastObj, cmpObj, &cmpResult, plContext),
+                                PKIX_COMPARATORCALLBACKFAILED);
+                        if (cmpResult > 0) {
+                                PKIX_CHECK(PKIX_List_SetItem
+                                           (sortedList, j, leastObj, plContext),
+                                           PKIX_LISTSETITEMFAILED);
+
+                                PKIX_DECREF(leastObj);
+                                leastObj = cmpObj;
+                                cmpObj = NULL;
+                        } else {
+                                PKIX_DECREF(cmpObj);
+                        }
+                }
+                PKIX_CHECK(PKIX_List_SetItem
+                           (sortedList, i, leastObj, plContext),
+                           PKIX_LISTSETITEMFAILED);
+
+                PKIX_DECREF(leastObj);
+            }
+                
+        }
+
+        *pSortedList = sortedList;
+        sortedList = NULL;
+cleanup:
+
+        PKIX_DECREF(sortedList);
+        PKIX_DECREF(leastObj);
+        PKIX_DECREF(cmpObj);
+
+        PKIX_RETURN(LIST);
+}
+
+/* --Public-List-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_List_Create (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_Create(
+        PKIX_List **pList,
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+
+        PKIX_ENTER(LIST, "PKIX_List_Create");
+        PKIX_NULLCHECK_ONE(pList);
+
+        PKIX_CHECK(pkix_List_Create_Internal(PKIX_TRUE, &list, plContext),
+                    PKIX_LISTCREATEINTERNALFAILED);
+
+        *pList = list;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_SetImmutable (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_SetImmutable(
+        PKIX_List *list,
+        void *plContext)
+{
+        PKIX_ENTER(LIST, "PKIX_List_SetImmutable");
+        PKIX_NULLCHECK_ONE(list);
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        list->immutable = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_IsImmutable (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_IsImmutable(
+        PKIX_List *list,
+        PKIX_Boolean *pImmutable,
+        void *plContext)
+{
+        PKIX_ENTER(LIST, "PKIX_List_IsImmutable");
+        PKIX_NULLCHECK_TWO(list, pImmutable);
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        *pImmutable = list->immutable;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_GetLength (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_GetLength(
+        PKIX_List *list,
+        PKIX_UInt32 *pLength,
+        void *plContext)
+{
+        PKIX_ENTER(LIST, "PKIX_List_GetLength");
+        PKIX_NULLCHECK_TWO(list, pLength);
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        *pLength = list->length;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_IsEmpty (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_IsEmpty(
+        PKIX_List *list,
+        PKIX_Boolean *pEmpty,
+        void *plContext)
+{
+        PKIX_UInt32 length;
+
+        PKIX_ENTER(LIST, "PKIX_List_IsEmpty");
+        PKIX_NULLCHECK_TWO(list, pEmpty);
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        length = list->length;
+
+        if (length == 0){
+                *pEmpty = PKIX_TRUE;
+        } else {
+                *pEmpty = PKIX_FALSE;
+        }
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_AppendItem (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_AppendItem(
+        PKIX_List *list,
+        PKIX_PL_Object *item,
+        void *plContext)
+{
+        PKIX_List *lastElement = NULL;
+        PKIX_List *newElement = NULL;
+        PKIX_UInt32 length, i;
+
+        PKIX_ENTER(LIST, "PKIX_List_AppendItem");
+        PKIX_NULLCHECK_ONE(list);
+
+        if (list->immutable){
+                PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
+        }
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        length = list->length;
+
+        /* find last element of list and create new element there */
+
+        lastElement = list;
+        for (i = 0; i < length; i++){
+                lastElement = lastElement->next;
+        }
+
+        PKIX_CHECK(pkix_List_Create_Internal
+                    (PKIX_FALSE, &newElement, plContext),
+                    PKIX_LISTCREATEINTERNALFAILED);
+
+        PKIX_INCREF(item);
+        newElement->item = item;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)list, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        lastElement->next = newElement;
+        newElement = NULL;
+        list->length += 1;
+
+cleanup:
+
+        PKIX_DECREF(newElement);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_InsertItem (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_InsertItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        PKIX_PL_Object *item,
+        void *plContext)
+{
+        PKIX_List *element = NULL;
+        PKIX_List *newElem = NULL;
+
+        PKIX_ENTER(LIST, "PKIX_List_InsertItem");
+        PKIX_NULLCHECK_ONE(list);
+
+
+        if (list->immutable){
+                PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
+        }
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        /* Create a new list object */
+        PKIX_CHECK(pkix_List_Create_Internal(PKIX_FALSE, &newElem, plContext),
+                    PKIX_LISTCREATEINTERNALFAILED);
+
+        if (list->length) {
+            PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
+                       PKIX_LISTGETELEMENTFAILED);
+            /* Copy the old element's contents into the new element */
+            newElem->item = element->item;
+            /* Add new item to the list */
+            PKIX_INCREF(item);
+            element->item = item;
+            /* Set the new element's next pointer to the old element's next */
+            newElem->next = element->next;
+            /* Set the old element's next pointer to the new element */
+            element->next = newElem;
+            newElem = NULL;
+        } else {
+            PKIX_INCREF(item);
+            newElem->item = item;
+            newElem->next = NULL;
+            list->next = newElem;
+            newElem = NULL;
+        }
+        list->length++;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)list, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+cleanup:
+        PKIX_DECREF(newElem);
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_GetItem (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_GetItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        PKIX_PL_Object **pItem,
+        void *plContext)
+{
+        PKIX_List *element = NULL;
+
+        PKIX_ENTER(LIST, "PKIX_List_GetItem");
+        PKIX_NULLCHECK_TWO(list, pItem);
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
+                    PKIX_LISTGETELEMENTFAILED);
+
+        PKIX_INCREF(element->item);
+        *pItem = element->item;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_SetItem (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_SetItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        PKIX_PL_Object *item,
+        void *plContext)
+{
+        PKIX_List *element;
+
+        PKIX_ENTER(LIST, "PKIX_List_SetItem");
+        PKIX_NULLCHECK_ONE(list);
+
+        if (list->immutable){
+                PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
+        }
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
+                    PKIX_LISTGETELEMENTFAILED);
+
+        /* DecRef old contents */
+        PKIX_DECREF(element->item);
+
+        /* Set New Contents */
+        PKIX_INCREF(item);
+        element->item = item;
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)list, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_DeleteItem (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_DeleteItem(
+        PKIX_List *list,
+        PKIX_UInt32 index,
+        void *plContext)
+{
+        PKIX_List *element = NULL;
+        PKIX_List *prevElement = NULL;
+        PKIX_List *nextElement = NULL;
+
+        PKIX_ENTER(LIST, "PKIX_List_DeleteItem");
+        PKIX_NULLCHECK_ONE(list);
+
+        if (list->immutable){
+                PKIX_ERROR(PKIX_OPERATIONNOTPERMITTEDONIMMUTABLELIST);
+        }
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        PKIX_CHECK(pkix_List_GetElement(list, index, &element, plContext),
+                    PKIX_LISTGETELEMENTFAILED);
+
+        /* DecRef old contents */
+        PKIX_DECREF(element->item);
+
+        nextElement = element->next;
+
+        if (nextElement != NULL) {
+                /* If the next element exists, splice it out. */
+
+                /* Don't need to change ref counts for targets of next */
+                element->item = nextElement->item;
+                nextElement->item = NULL;
+
+                /* Don't need to change ref counts for targets of next */
+                element->next = nextElement->next;
+                nextElement->next = NULL;
+
+                PKIX_DECREF(nextElement);
+
+        } else { /* The element is at the tail of the list */
+                if (index != 0) {
+                        PKIX_CHECK(pkix_List_GetElement
+                                    (list, index-1, &prevElement, plContext),
+                                    PKIX_LISTGETELEMENTFAILED);
+                } else if (index == 0){ /* prevElement must be header */
+                        prevElement = list;
+                }
+                prevElement->next = NULL;
+
+                /* Delete the element */
+                PKIX_DECREF(element);
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                    ((PKIX_PL_Object *)list, plContext),
+                    PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        list->length = list->length - 1;
+
+cleanup:
+
+        PKIX_RETURN(LIST);
+}
+
+/*
+ * FUNCTION: PKIX_List_ReverseList (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_List_ReverseList(
+        PKIX_List *list,
+        PKIX_List **pReversedList,
+        void *plContext)
+{
+        PKIX_List *reversedList = NULL;
+        PKIX_PL_Object *item = NULL;
+        PKIX_PL_Object *duplicateItem = NULL;
+        PKIX_UInt32 length, i;
+
+        PKIX_ENTER(LIST, "pkix_List_ReverseList");
+        PKIX_NULLCHECK_TWO(list, pReversedList);
+
+        if (!list->isHeader){
+                PKIX_ERROR(PKIX_INPUTLISTMUSTBEHEADER);
+        }
+
+        length = list->length;
+
+        /* Create a new list object */
+        PKIX_CHECK(PKIX_List_Create(&reversedList, plContext),
+                    PKIX_LISTCREATEINTERNALFAILED);
+
+        /*
+         * Starting with the last item and traversing backwards (from
+         * the original list), append each item to the reversed list
+         */
+
+        for (i = 1; i <= length; i++){
+                PKIX_CHECK(PKIX_List_GetItem
+                            (list, (length - i), &item, plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_Duplicate
+                            (item, &duplicateItem, plContext),
+                            PKIX_LISTDUPLICATEFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                            (reversedList, duplicateItem, plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(item);
+                PKIX_DECREF(duplicateItem);
+        }
+
+        *pReversedList = reversedList;
+
+cleanup:
+
+        PKIX_DECREF(item);
+        PKIX_DECREF(duplicateItem);
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(reversedList);
+        }
+
+        PKIX_RETURN(LIST);
+}
diff --git a/nss/lib/libpkix/pkix/util/pkix_list.h b/nss/lib/libpkix/pkix/util/pkix_list.h
new file mode 100755
index 0000000..13e104f
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_list.h
@@ -0,0 +1,95 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_list.h
+ *
+ * List Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_LIST_H
+#define _PKIX_LIST_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef PKIX_Error *
+(*PKIX_List_SortComparatorCallback)(
+        PKIX_PL_Object *obj1,
+        PKIX_PL_Object *obj2,
+        PKIX_Int32 *pResult,
+        void *plContext);
+
+struct PKIX_ListStruct {
+        PKIX_PL_Object *item;
+        PKIX_List *next;
+        PKIX_Boolean immutable;
+        PKIX_UInt32 length;
+        PKIX_Boolean isHeader;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_List_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_List_Contains(
+        PKIX_List *list,
+        PKIX_PL_Object *object,
+        PKIX_Boolean *pFound,
+        void *plContext);
+
+PKIX_Error *
+pkix_List_Remove(
+        PKIX_List *list,
+        PKIX_PL_Object *target,
+        void *plContext);
+
+PKIX_Error *
+pkix_List_MergeLists(
+        PKIX_List *firstList,
+        PKIX_List *secondList,
+        PKIX_List **pMergedList,
+        void *plContext);
+
+PKIX_Error *
+pkix_List_AppendList(
+        PKIX_List *toList,
+        PKIX_List *fromList,
+        void *plContext);
+
+PKIX_Error *
+pkix_List_AppendUnique(
+        PKIX_List *toList,
+        PKIX_List *fromList,
+        void *plContext);
+
+PKIX_Error *
+pkix_List_RemoveItems(
+        PKIX_List *list,
+        PKIX_List *deleteList,
+        void *plContext);
+
+PKIX_Error *
+pkix_List_QuickSort(
+        PKIX_List *fromList,
+        PKIX_List_SortComparatorCallback comparator,
+        PKIX_List **pSortedList,
+        void *plContext);
+
+PKIX_Error *
+pkix_List_BubbleSort(
+        PKIX_List *fromList,
+        PKIX_List_SortComparatorCallback comparator,
+        PKIX_List **pSortedList,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_LIST_H */
diff --git a/nss/lib/libpkix/pkix/util/pkix_logger.c b/nss/lib/libpkix/pkix/util/pkix_logger.c
new file mode 100644
index 0000000..a916e6e
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_logger.c
@@ -0,0 +1,1088 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_logger.c
+ *
+ * Logger Object Functions
+ *
+ */
+
+#include "pkix_logger.h"
+#ifndef PKIX_ERROR_DESCRIPTION
+#include "prprf.h"
+#endif
+
+/* Global variable to keep PKIX_Logger List */
+PKIX_List *pkixLoggers = NULL;
+
+/*
+ * Once the Logger has been set, for any logging related operations, we have
+ * to go through the List to find a match, and if found, issue the
+ * corresponding callback. The overhead to check for DEBUG and TRACE in each
+ * PKIX function entering and exiting is very expensive (400X), and redundant
+ * if they are not the interest of the Logger. Therefore, the PKIX_Logger List
+ * pkixLoggers is separated into two lists based on its Loggers' trace level.
+ *
+ * Whenever the pkixLoggers List is updated by PKIX_Logger_AddLogger() or
+ * PKIX_Logger_SetLoggers(), we destroy and reconstruct pkixLoggersErrors
+ * and pkixLoggersDebugTrace Logger Lists. The ERROR, FATAL_ERROR and
+ * WARNING goes to pkixLoggersErrors and the DEBUG and TRACE goes to
+ * pkixLoggersDebugTrace.
+ *
+ * Currently we provide five logging levels and the default setting are by:
+ *
+ *     PKIX_FATAL_ERROR() macro invokes pkix_Logger_Check of FATAL_ERROR level
+ *     PKIX_ERROR() macro invokes pkix_Logger_Check of ERROR level
+ *     WARNING is not invoked as default
+ *     PKIX_DEBUG() macro invokes pkix_Logger_Check of DEBUG level. This needs
+ *         compilation -DPKIX_<component>DEBUG flag to turn on 
+ *     PKIX_ENTER() and PKIX_RETURN() macros invoke pkix_Logger_Check of TRACE
+ *         level. TRACE provides duplicate information of DEBUG, but needs no
+ *         recompilation and cannot choose component. To allow application
+ *         to use DEBUG level, TRACE is put as last.
+ *
+ */
+PKIX_List *pkixLoggersErrors = NULL;
+PKIX_List *pkixLoggersDebugTrace = NULL;
+
+/* To ensure atomic update on pkixLoggers lists */
+PKIX_PL_MonitorLock *pkixLoggerLock = NULL;
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_Logger_CheckErrors
+ * DESCRIPTION:
+ *
+ *  This function goes through each PKIX_Logger at "pkixLoggersList" and
+ *  checks if "maxLevel" and "logComponent" satisfies what is specified in the
+ *  PKIX_Logger. If satisfies, it invokes the callback in PKIX_Logger and
+ *  passes a PKIX_PL_String that is the concatenation of "message" and 
+ *  "message2" to the application for processing. 
+ *  Since this call is inserted into a handful of PKIX macros, no macros are
+ *  applied in this function, to avoid infinite recursion.
+ *  If an error occurs, this call is aborted.
+ *
+ * PARAMETERS:
+ *  "pkixLoggersList"
+ *      A list of PKIX_Loggers to be examined for invoking callback. Must be
+ *      non-NULL.
+ *  "message"
+ *      Address of "message" to be logged. Must be non-NULL.
+ *  "message2"
+ *      Address of "message2" to be concatenated and logged. May be NULL.
+ *  "logComponent"
+ *      A PKIX_UInt32 that indicates the component the message is from.
+ *  "maxLevel"
+ *      A PKIX_UInt32 that represents the level of severity of the message.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Fatal Error if the function fails in an unrecoverable way
+ */
+PKIX_Error *
+pkix_Logger_Check(
+        PKIX_List *pkixLoggersList,
+        const char *message,
+        const char *message2,
+        PKIX_ERRORCLASS logComponent,
+        PKIX_UInt32 currentLevel,
+        void *plContext)
+{
+        PKIX_Logger *logger = NULL;
+        PKIX_List *savedPkixLoggersErrors = NULL;
+        PKIX_List *savedPkixLoggersDebugTrace = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *messageString = NULL;
+        PKIX_PL_String *message2String = NULL;
+        PKIX_PL_String *msgString = NULL;
+        PKIX_Error *error = NULL;
+        PKIX_Boolean needLogging = PKIX_FALSE;
+        PKIX_UInt32 i, length;
+
+        /*
+         * We cannot use any the PKIX_ macros here, since this function is
+         * called from some of these macros. It can create infinite recursion.
+         */
+
+        if ((pkixLoggersList == NULL) || (message == NULL)) {
+                return(NULL);
+        }
+
+        /*
+         * Disable all subsequent loggings to avoid recursion. The result is
+         * if other thread is calling this function at the same time, there
+         * won't be any logging because the pkixLoggersErrors and
+         * pkixLoggersDebugTrace are set to null.
+         * It would be nice if we provide control per thread (e.g. make
+         * plContext threadable) then we can avoid the recursion by setting
+         * flag at plContext. Then other thread's logging won't be affected.
+         *
+         * Also we need to use a reentrant Lock. Although we avoid recursion
+         * for TRACE. When there is an ERROR occurs in subsequent call, this
+         * function will be called.
+         */
+
+        error = PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext);
+        if (error) { return(NULL); }
+
+        savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
+        pkixLoggersDebugTrace = NULL;
+        savedPkixLoggersErrors = pkixLoggersErrors;
+        pkixLoggersErrors = NULL;
+
+        /* Convert message and message2 to String */
+        error = PKIX_PL_String_Create
+                    (PKIX_ESCASCII, message, 0, &messageString, plContext);
+        if (error) { goto cleanup; }
+
+        if (message2) {
+                error = PKIX_PL_String_Create
+                    (PKIX_ESCASCII, message2, 0, &message2String, plContext);
+                if (error) { goto cleanup; }
+                error = PKIX_PL_String_Create
+                    (PKIX_ESCASCII, "%s %s", 0, &formatString, plContext);
+                if (error) { goto cleanup; }
+
+        } else {
+                error = PKIX_PL_String_Create
+                    (PKIX_ESCASCII, "%s", 0, &formatString, plContext);
+                if (error) { goto cleanup; }
+
+        }
+
+        error = PKIX_PL_Sprintf
+                    (&msgString,
+                    plContext,
+                    formatString,
+                    messageString,
+                    message2String);
+        if (error) { goto cleanup; }
+
+        /* Go through the Logger list */
+
+        error = PKIX_List_GetLength(pkixLoggersList, &length, plContext);
+        if (error) { goto cleanup; }
+
+        for (i = 0; i < length; i++) {
+
+                error = PKIX_List_GetItem
+                    (pkixLoggersList,
+                    i,
+                    (PKIX_PL_Object **) &logger,
+                    plContext);
+                if (error) { goto cleanup; }
+
+                /* Intended logging level less or equal than the max */
+                needLogging = (currentLevel <= logger->maxLevel);
+
+                if (needLogging && (logger->callback)) {
+
+                    /*
+                     * We separate Logger into two lists based on log level
+                     * but log level is not modified. We need to check here to
+                     * avoid logging the higher log level (lower value) twice.
+                     */
+                    if (pkixLoggersList == pkixLoggersErrors) {
+                            needLogging = needLogging && 
+                                (currentLevel <= PKIX_LOGGER_LEVEL_WARNING);
+                    } else if (pkixLoggersList == pkixLoggersDebugTrace) {
+                            needLogging = needLogging && 
+                                (currentLevel > PKIX_LOGGER_LEVEL_WARNING);
+                    }
+                
+                    if (needLogging) {
+                        if (logComponent == logger->logComponent) {
+                            needLogging = PKIX_TRUE;
+                        } else {
+                            needLogging = PKIX_FALSE;
+                        }
+                    }
+
+                    if (needLogging) {
+                        error = logger->callback
+                                (logger,
+                                msgString,
+                                currentLevel,
+                                logComponent,
+                                plContext);
+                        if (error) { goto cleanup; }
+                    }
+                }
+
+                error = PKIX_PL_Object_DecRef
+                        ((PKIX_PL_Object *)logger, plContext);
+                logger = NULL;
+                if (error) { goto cleanup; }
+
+        }
+
+cleanup:
+
+        if (formatString) {
+                error = PKIX_PL_Object_DecRef
+                        ((PKIX_PL_Object *)formatString, plContext);
+        }
+
+        if (messageString) {
+                error = PKIX_PL_Object_DecRef
+                         ((PKIX_PL_Object *)messageString, plContext);
+        }
+
+        if (message2String) {
+                error = PKIX_PL_Object_DecRef
+                        ((PKIX_PL_Object *)message2String, plContext);
+        }
+
+        if (msgString) {
+                error = PKIX_PL_Object_DecRef
+                        ((PKIX_PL_Object *)msgString, plContext);
+        }
+
+        if (logger) {
+                error = PKIX_PL_Object_DecRef
+                        ((PKIX_PL_Object *)logger, plContext);
+        }
+
+        if (pkixLoggersErrors == NULL && savedPkixLoggersErrors != NULL) {
+                pkixLoggersErrors = savedPkixLoggersErrors;
+        } 
+
+        if (pkixLoggersDebugTrace == NULL && 
+           savedPkixLoggersDebugTrace != NULL) {
+                pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
+        }
+
+        error = PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext);
+        if (error) { return(NULL); }
+
+        return(NULL);
+}
+
+PKIX_Error *
+pkix_Logger_CheckWithCode(
+        PKIX_List *pkixLoggersList,
+        PKIX_UInt32 errorCode,
+        const char *message2,
+        PKIX_ERRORCLASS logComponent,
+        PKIX_UInt32 currentLevel,
+        void *plContext)
+{
+    char error[32];
+    char *errorString = NULL;
+
+    PKIX_ENTER(LOGGER, "pkix_Logger_CheckWithCode");
+#if defined PKIX_ERROR_DESCRIPTION
+    errorString = PKIX_ErrorText[errorCode];
+#else
+    PR_snprintf(error, 32, "Error code: %d", errorCode);
+    errorString = error;
+#endif /* PKIX_ERROR_DESCRIPTION */
+
+    pkixErrorResult = pkix_Logger_Check(pkixLoggersList, errorString,
+                                        message2, logComponent,
+                                        currentLevel, plContext);
+    PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: pkix_Logger_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Logger_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_Logger *logger = NULL;
+
+        PKIX_ENTER(LOGGER, "pkix_Logger_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Check that this object is a logger */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext),
+                    PKIX_OBJECTNOTLOGGER);
+
+        logger = (PKIX_Logger *)object;
+
+        /* We have a valid logger. DecRef its item and recurse on next */
+
+        logger->callback = NULL;
+        PKIX_DECREF(logger->context);
+        logger->logComponent = (PKIX_ERRORCLASS)NULL;
+
+cleanup:
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: pkix_Logger_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Logger_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_Logger *logger = NULL;
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *contextString = NULL;
+        PKIX_PL_String *componentString = NULL;
+        PKIX_PL_String *loggerString = NULL;
+
+        PKIX_ENTER(LOGGER, "pkix_Logger_ToString_Helper");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        /* Check that this object is a logger */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext),
+                    PKIX_OBJECTNOTLOGGER);
+
+        logger = (PKIX_Logger *)object;
+
+        asciiFormat =
+                "[\n"
+                "\tLogger: \n"
+                "\tContext:          %s\n"
+                "\tMaximum Level:    %d\n"
+                "\tComponent Name:   %s\n"
+                "]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_TOSTRING(logger->context, &contextString, plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII,
+                (void *)PKIX_ERRORCLASSNAMES[logger->logComponent],
+                0,
+                &componentString,
+                plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&loggerString,
+                plContext,
+                formatString,
+                contextString,
+                logger->maxLevel,
+                componentString),
+                PKIX_SPRINTFFAILED);
+
+        *pString = loggerString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(contextString);
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: pkix_Logger_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Logger_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+        PKIX_Logger *firstLogger = NULL;
+        PKIX_Logger *secondLogger = NULL;
+
+        PKIX_ENTER(LOGGER, "pkix_Logger_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        /* test that first is a Logger */
+        PKIX_CHECK(pkix_CheckType(first, PKIX_LOGGER_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTLOGGER);
+
+        /*
+         * Since we know first is a Logger, if both references are
+         * identical, they must be equal
+         */
+        if (first == second){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If second isn't a Logger, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_LOGGER_TYPE) goto cleanup;
+
+        firstLogger = (PKIX_Logger *)first;
+        secondLogger = (PKIX_Logger *)second;
+
+        cmpResult = PKIX_FALSE;
+
+        if (firstLogger->callback != secondLogger->callback) {
+                goto cleanup;
+        }
+
+        if (firstLogger->logComponent != secondLogger->logComponent) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS  
+                (firstLogger->context,
+                secondLogger->context,
+                &cmpResult,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (cmpResult == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        if (firstLogger->maxLevel != secondLogger->maxLevel) {
+                goto cleanup;
+        }
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: pkix_Logger_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Logger_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_Logger *logger = NULL;
+        PKIX_UInt32 hash = 0;
+        PKIX_UInt32 tempHash = 0;
+
+        PKIX_ENTER(LOGGER, "pkix_Logger_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext),
+                    PKIX_OBJECTNOTLOGGER);
+
+        logger = (PKIX_Logger *)object;
+
+        PKIX_HASHCODE(logger->context, &tempHash, plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) +
+                logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent;
+
+        *pHashcode = hash;
+
+cleanup:
+
+        PKIX_RETURN(LOGGER);
+}
+
+
+/*
+ * FUNCTION: pkix_Logger_Duplicate
+ * (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_Logger_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_Logger *logger = NULL;
+        PKIX_Logger *dupLogger = NULL;
+
+        PKIX_ENTER(LOGGER, "pkix_Logger_Duplicate");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                    ((PKIX_PL_Object *)object, PKIX_LOGGER_TYPE, plContext),
+                    PKIX_OBJECTNOTLOGGER);
+
+        logger = (PKIX_Logger *) object;
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_LOGGER_TYPE,
+                    sizeof (PKIX_Logger),
+                    (PKIX_PL_Object **)&dupLogger,
+                    plContext),
+                    PKIX_COULDNOTCREATELOGGEROBJECT);
+
+        dupLogger->callback = logger->callback;
+        dupLogger->maxLevel = logger->maxLevel;
+        
+        PKIX_DUPLICATE
+                    (logger->context,
+                    &dupLogger->context,
+                    plContext,
+                    PKIX_OBJECTDUPLICATEFAILED);
+
+        dupLogger->logComponent = logger->logComponent;
+
+        *pNewObject = (PKIX_PL_Object *) dupLogger;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(dupLogger);
+        }
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: pkix_Logger_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_LOGGER_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_Logger_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(LOGGER, "pkix_Logger_RegisterSelf");
+
+        entry.description = "Logger";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_Logger);
+        entry.destructor = pkix_Logger_Destroy;
+        entry.equalsFunction = pkix_Logger_Equals;
+        entry.hashcodeFunction = pkix_Logger_Hashcode;
+        entry.toStringFunction = pkix_Logger_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_Logger_Duplicate;
+
+        systemClasses[PKIX_LOGGER_TYPE] = entry;
+
+        PKIX_RETURN(LOGGER);
+}
+
+/* --Public-Logger-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_Logger_Create (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Logger_Create(
+        PKIX_Logger_LogCallback callback,
+        PKIX_PL_Object *loggerContext,
+        PKIX_Logger **pLogger,
+        void *plContext)
+{
+        PKIX_Logger *logger = NULL;
+
+        PKIX_ENTER(LOGGER, "PKIX_Logger_Create");
+        PKIX_NULLCHECK_ONE(pLogger);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_LOGGER_TYPE,
+                    sizeof (PKIX_Logger),
+                    (PKIX_PL_Object **)&logger,
+                    plContext),
+                    PKIX_COULDNOTCREATELOGGEROBJECT);
+
+        logger->callback = callback;
+        logger->maxLevel = 0;
+        logger->logComponent = (PKIX_ERRORCLASS)NULL;
+
+        PKIX_INCREF(loggerContext);
+        logger->context = loggerContext;
+
+        *pLogger = logger;
+        logger = NULL;
+
+cleanup:
+
+        PKIX_DECREF(logger);
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_GetLogCallback (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Logger_GetLogCallback(
+        PKIX_Logger *logger,
+        PKIX_Logger_LogCallback *pCallback,
+        void *plContext)
+{
+        PKIX_ENTER(LOGGER, "PKIX_Logger_GetLogCallback");
+        PKIX_NULLCHECK_TWO(logger, pCallback);
+
+        *pCallback = logger->callback;
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_GetLoggerContext (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Logger_GetLoggerContext(
+        PKIX_Logger *logger,
+        PKIX_PL_Object **pLoggerContext,
+        void *plContext)
+{
+        PKIX_ENTER(LOGGER, "PKIX_Logger_GetLoggerContex");
+        PKIX_NULLCHECK_TWO(logger, pLoggerContext);
+
+        PKIX_INCREF(logger->context);
+        *pLoggerContext = logger->context;
+
+cleanup:
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_GetMaxLoggingLevel (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Logger_GetMaxLoggingLevel(
+        PKIX_Logger *logger,
+        PKIX_UInt32 *pLevel,
+        void *plContext)
+{
+        PKIX_ENTER(LOGGER, "PKIX_Logger_GetMaxLoggingLevel");
+        PKIX_NULLCHECK_TWO(logger, pLevel);
+
+        *pLevel = logger->maxLevel;
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_SetMaxLoggingLevel (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Logger_SetMaxLoggingLevel(
+        PKIX_Logger *logger,
+        PKIX_UInt32 level,
+        void *plContext)
+{
+        PKIX_ENTER(LOGGER, "PKIX_Logger_SetMaxLoggingLevel");
+        PKIX_NULLCHECK_ONE(logger);
+
+        if (level > PKIX_LOGGER_LEVEL_MAX) {
+                PKIX_ERROR(PKIX_LOGGINGLEVELEXCEEDSMAXIMUM);
+        } else {
+                logger->maxLevel = level;
+        }
+
+cleanup:
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_GetLoggingComponent (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Logger_GetLoggingComponent(
+        PKIX_Logger *logger,
+        PKIX_ERRORCLASS *pComponent,
+        void *plContext)
+{
+        PKIX_ENTER(LOGGER, "PKIX_Logger_GetLoggingComponent");
+        PKIX_NULLCHECK_TWO(logger, pComponent);
+
+        *pComponent = logger->logComponent;
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_SetLoggingComponent (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_Logger_SetLoggingComponent(
+        PKIX_Logger *logger,
+        PKIX_ERRORCLASS component,
+        void *plContext)
+{
+        PKIX_ENTER(LOGGER, "PKIX_Logger_SetLoggingComponent");
+        PKIX_NULLCHECK_ONE(logger);
+
+        logger->logComponent = component;
+
+        PKIX_RETURN(LOGGER);
+}
+
+
+/*
+ * Following PKIX_GetLoggers(), PKIX_SetLoggers() and PKIX_AddLogger() are
+ * documented as not thread-safe. However they are thread-safe now. We need
+ * the lock when accessing the logger lists.
+ */
+
+/*
+ * FUNCTION: PKIX_Logger_GetLoggers (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_GetLoggers(
+        PKIX_List **pLoggers,  /* list of PKIX_Logger */
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+        PKIX_List *savedPkixLoggersDebugTrace = NULL;
+        PKIX_List *savedPkixLoggersErrors = NULL;
+        PKIX_Logger *logger = NULL;
+        PKIX_Logger *dupLogger = NULL;
+        PKIX_UInt32 i, length;
+        PKIX_Boolean locked = PKIX_FALSE;
+
+        PKIX_ENTER(LOGGER, "PKIX_Logger_GetLoggers");
+        PKIX_NULLCHECK_ONE(pLoggers);
+
+        PKIX_CHECK(PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext),
+                PKIX_MONITORLOCKENTERFAILED);
+        locked = PKIX_TRUE;
+
+        /*
+         * Temporarily disable DEBUG/TRACE Logging to avoid possible
+         * deadlock:
+         * When the Logger List is being accessed, e.g. by PKIX_ENTER or
+         * PKIX_DECREF, pkix_Logger_Check may check whether logging
+         * is requested, creating a deadlock situation.
+         */
+        savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
+        pkixLoggersDebugTrace = NULL;
+        savedPkixLoggersErrors = pkixLoggersErrors;
+        pkixLoggersErrors = NULL;
+
+        if (pkixLoggers == NULL) {
+                length = 0;
+        } else {
+                PKIX_CHECK(PKIX_List_GetLength
+                    (pkixLoggers, &length, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+        }
+
+        /* Create a list and copy the pkixLoggers item to the list */
+        PKIX_CHECK(PKIX_List_Create(&list, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        for (i = 0; i < length; i++) {
+
+            PKIX_CHECK(PKIX_List_GetItem
+                        (pkixLoggers,
+                        i,
+                        (PKIX_PL_Object **) &logger,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+            PKIX_CHECK(pkix_Logger_Duplicate
+                        ((PKIX_PL_Object *)logger,
+                        (PKIX_PL_Object **)&dupLogger,
+                        plContext),
+                        PKIX_LOGGERDUPLICATEFAILED);
+
+            PKIX_CHECK(PKIX_List_AppendItem
+                        (list,
+                        (PKIX_PL_Object *) dupLogger,
+                        plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+
+            PKIX_DECREF(logger);
+            PKIX_DECREF(dupLogger);
+        }
+
+        /* Set the list to be immutable */
+        PKIX_CHECK(PKIX_List_SetImmutable(list, plContext),
+                        PKIX_LISTSETIMMUTABLEFAILED);
+
+        *pLoggers = list;
+
+cleanup:
+
+        PKIX_DECREF(logger);
+
+        /* Restore logging capability */
+        pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
+        pkixLoggersErrors = savedPkixLoggersErrors;
+
+        if (locked) {
+                PKIX_CHECK(PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext),
+                        PKIX_MONITORLOCKEXITFAILED);
+        }
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_SetLoggers (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_SetLoggers(
+        PKIX_List *loggers,  /* list of PKIX_Logger */
+        void *plContext)
+{
+        PKIX_List *list = NULL;
+        PKIX_List *savedPkixLoggersErrors = NULL;
+        PKIX_List *savedPkixLoggersDebugTrace = NULL;
+        PKIX_Logger *logger = NULL;
+        PKIX_Logger *dupLogger = NULL;
+        PKIX_Boolean locked = PKIX_FALSE;
+        PKIX_UInt32 i, length;
+
+        PKIX_ENTER(LOGGER, "PKIX_SetLoggers");
+
+        PKIX_CHECK(PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext),
+                PKIX_MONITORLOCKENTERFAILED);
+        locked = PKIX_TRUE;
+
+        /* Disable tracing, etc. to avoid recursion and deadlock */
+        savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
+        pkixLoggersDebugTrace = NULL;
+        savedPkixLoggersErrors = pkixLoggersErrors;
+        pkixLoggersErrors = NULL;
+
+        /* discard any prior loggers */
+        PKIX_DECREF(pkixLoggers);
+        PKIX_DECREF(savedPkixLoggersErrors);
+        PKIX_DECREF(savedPkixLoggersDebugTrace);
+
+        if (loggers != NULL) {
+
+                PKIX_CHECK(PKIX_List_Create(&list, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+                PKIX_CHECK(PKIX_List_GetLength(loggers, &length, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < length; i++) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (loggers,
+                        i,
+                        (PKIX_PL_Object **) &logger,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    PKIX_CHECK(pkix_Logger_Duplicate
+                        ((PKIX_PL_Object *)logger,
+                        (PKIX_PL_Object **)&dupLogger,
+                        plContext),
+                        PKIX_LOGGERDUPLICATEFAILED);
+
+                    PKIX_CHECK(PKIX_List_AppendItem
+                        (list,
+                        (PKIX_PL_Object *) dupLogger,
+                        plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+
+                    /* Make two lists */
+
+                    /* Put in pkixLoggersErrors in any case*/
+
+                    if (savedPkixLoggersErrors == NULL) {
+
+                        PKIX_CHECK(PKIX_List_Create
+                                (&savedPkixLoggersErrors,
+                                plContext),
+                                PKIX_LISTCREATEFAILED);
+                    }
+        
+                    PKIX_CHECK(PKIX_List_AppendItem
+                            (savedPkixLoggersErrors,
+                            (PKIX_PL_Object *) dupLogger,
+                            plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+
+                    if (logger->maxLevel > PKIX_LOGGER_LEVEL_WARNING) {
+
+                        /* Put in pkixLoggersDebugTrace */
+
+                        if (savedPkixLoggersDebugTrace == NULL) {
+
+                            PKIX_CHECK(PKIX_List_Create
+                                    (&savedPkixLoggersDebugTrace,
+                                    plContext),
+                                    PKIX_LISTCREATEFAILED);
+                        }
+        
+                        PKIX_CHECK(PKIX_List_AppendItem
+                                (savedPkixLoggersDebugTrace,
+                                (PKIX_PL_Object *) dupLogger,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                    }
+                    PKIX_DECREF(logger);
+                    PKIX_DECREF(dupLogger);
+
+                }
+
+                pkixLoggers = list;
+        }
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(list);
+                PKIX_DECREF(savedPkixLoggersErrors);
+                PKIX_DECREF(savedPkixLoggersDebugTrace);
+                pkixLoggers = NULL;
+        }
+
+        PKIX_DECREF(logger);
+
+        /* Reenable logging capability with new lists */
+        pkixLoggersErrors = savedPkixLoggersErrors;
+        pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
+
+        if (locked) {
+                PKIX_CHECK(PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext),
+                        PKIX_MONITORLOCKEXITFAILED);
+        }
+
+        PKIX_RETURN(LOGGER);
+}
+
+/*
+ * FUNCTION: PKIX_Logger_AddLogger (see comments in pkix_util.h)
+ */
+PKIX_Error *
+PKIX_AddLogger(
+        PKIX_Logger *logger,
+        void *plContext)
+{
+        PKIX_Logger *dupLogger = NULL;
+        PKIX_Logger *addLogger = NULL;
+        PKIX_List *savedPkixLoggersErrors = NULL;
+        PKIX_List *savedPkixLoggersDebugTrace = NULL;
+        PKIX_Boolean locked = PKIX_FALSE;
+        PKIX_UInt32 i, length;
+
+        PKIX_ENTER(LOGGER, "PKIX_Logger_AddLogger");
+        PKIX_NULLCHECK_ONE(logger);
+
+        PKIX_CHECK(PKIX_PL_MonitorLock_Enter(pkixLoggerLock, plContext),
+                PKIX_MONITORLOCKENTERFAILED);
+        locked = PKIX_TRUE;
+
+        savedPkixLoggersDebugTrace = pkixLoggersDebugTrace;
+        pkixLoggersDebugTrace = NULL;
+        savedPkixLoggersErrors = pkixLoggersErrors;
+        pkixLoggersErrors = NULL;
+
+        PKIX_DECREF(savedPkixLoggersErrors);
+        PKIX_DECREF(savedPkixLoggersDebugTrace);
+
+        if (pkixLoggers == NULL) {
+
+            PKIX_CHECK(PKIX_List_Create(&pkixLoggers, plContext),
+                    PKIX_LISTCREATEFAILED);
+        }
+
+        PKIX_CHECK(pkix_Logger_Duplicate
+                    ((PKIX_PL_Object *)logger,
+                    (PKIX_PL_Object **)&dupLogger,
+                    plContext),
+                    PKIX_LOGGERDUPLICATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (pkixLoggers,
+                    (PKIX_PL_Object *) dupLogger,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(pkixLoggers, &length, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+        /* Reconstruct pkixLoggersErrors and pkixLoggersDebugTrace */
+        for (i = 0; i < length; i++) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (pkixLoggers,
+                        i,
+                        (PKIX_PL_Object **) &addLogger,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+
+                /* Put in pkixLoggersErrors */
+
+                if (savedPkixLoggersErrors == NULL) {
+
+                        PKIX_CHECK(PKIX_List_Create
+                                    (&savedPkixLoggersErrors,
+                                    plContext),
+                                    PKIX_LISTCREATEFAILED);
+                }
+        
+                PKIX_CHECK(PKIX_List_AppendItem
+                        (savedPkixLoggersErrors,
+                        (PKIX_PL_Object *) addLogger,
+                        plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+                            
+                if (addLogger->maxLevel > PKIX_LOGGER_LEVEL_WARNING) {
+
+                        /* Put in pkixLoggersDebugTrace */
+
+                        if (savedPkixLoggersDebugTrace == NULL) {
+
+                            PKIX_CHECK(PKIX_List_Create
+                                    (&savedPkixLoggersDebugTrace,
+                                    plContext),
+                                    PKIX_LISTCREATEFAILED);
+                        }
+
+                        PKIX_CHECK(PKIX_List_AppendItem
+                                (savedPkixLoggersDebugTrace,
+                                (PKIX_PL_Object *) addLogger,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                }
+
+                PKIX_DECREF(addLogger);
+
+        }
+
+cleanup:
+
+        PKIX_DECREF(dupLogger);
+        PKIX_DECREF(addLogger);
+
+        /* Restore logging capability */
+        pkixLoggersErrors = savedPkixLoggersErrors;
+        pkixLoggersDebugTrace = savedPkixLoggersDebugTrace;
+
+        if (locked) {
+                PKIX_CHECK(PKIX_PL_MonitorLock_Exit(pkixLoggerLock, plContext),
+                        PKIX_MONITORLOCKEXITFAILED);
+        }
+
+       PKIX_RETURN(LOGGER);
+}
diff --git a/nss/lib/libpkix/pkix/util/pkix_logger.h b/nss/lib/libpkix/pkix/util/pkix_logger.h
new file mode 100644
index 0000000..9411aed
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_logger.h
@@ -0,0 +1,57 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_logger.h
+ *
+ * Logger Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_LOGGER_H
+#define _PKIX_LOGGER_H
+
+#include "pkix_tools.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern PKIX_List *pkixLoggers;
+extern PKIX_List *pkixLoggersErrors;
+extern PKIX_List *pkixLoggersDebugTrace;
+
+struct PKIX_LoggerStruct {
+        PKIX_Logger_LogCallback callback;
+        PKIX_PL_Object *context;
+        PKIX_UInt32 maxLevel;
+        PKIX_ERRORCLASS logComponent;
+};
+
+PKIX_Error *
+pkix_Logger_Check(
+        PKIX_List *pkixLoggersList,
+        const char *message,
+        const char *message2,
+        PKIX_ERRORCLASS logComponent,
+        PKIX_UInt32 maxLevel,
+        void *plContext);
+
+PKIX_Error *
+pkix_Logger_CheckWithCode(
+        PKIX_List *pkixLoggersList,
+        PKIX_UInt32 errorCode,
+        const char *message2,
+        PKIX_ERRORCLASS logComponent,
+        PKIX_UInt32 maxLevel,
+        void *plContext);
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_Logger_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_LOGGER_H */
diff --git a/nss/lib/libpkix/pkix/util/pkix_tools.c b/nss/lib/libpkix/pkix/util/pkix_tools.c
new file mode 100755
index 0000000..6348b89
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_tools.c
@@ -0,0 +1,1519 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_tools.c
+ *
+ * Private Utility Functions
+ *
+ */
+
+#include "pkix_tools.h"
+
+#define CACHE_ITEM_PERIOD_SECONDS  (3600)  /* one hour */
+
+/*
+ * This cahce period is only for CertCache. A Cert from a trusted CertStore
+ * should be checked more frequently for update new arrival, etc.
+ */
+#define CACHE_TRUST_ITEM_PERIOD_SECONDS  (CACHE_ITEM_PERIOD_SECONDS/10)
+
+extern PKIX_PL_HashTable *cachedCertChainTable;
+extern PKIX_PL_HashTable *cachedCertTable;
+extern PKIX_PL_HashTable *cachedCrlEntryTable;
+
+/* Following variables are used to checked cache hits - can be taken out */
+extern int pkix_ccAddCount;
+extern int pkix_ccLookupCount;
+extern int pkix_ccRemoveCount;
+extern int pkix_cAddCount;
+extern int pkix_cLookupCount;
+extern int pkix_cRemoveCount;
+extern int pkix_ceAddCount;
+extern int pkix_ceLookupCount;
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+/* Following variables are used for object leak test */
+char *nonNullValue = "Non Empty Value";
+PKIX_Boolean noErrorState = PKIX_TRUE;
+PKIX_Boolean runningLeakTest;
+PKIX_Boolean errorGenerated;
+PKIX_UInt32 stackPosition;
+PKIX_UInt32 *fnStackInvCountArr;
+char **fnStackNameArr;
+PLHashTable *fnInvTable;
+PKIX_UInt32 testStartFnStackPosition;
+char *errorFnStackString;
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+/* --Private-Functions-------------------------------------------- */
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+/*
+ * FUNCTION: pkix_ErrorGen_Hash
+ * DESCRIPTION:
+ *
+ * Hash function to be used in object leak test hash table.
+ *
+ */
+PLHashNumber PR_CALLBACK
+pkix_ErrorGen_Hash (const void *key)
+{
+    char *str = NULL;
+    PLHashNumber rv = (*(PRUint8*)key) << 5;
+    PRUint32 i, counter = 0;
+    PRUint8 *rvc = (PRUint8 *)&rv;
+
+    while ((str = fnStackNameArr[counter++]) != NULL) {
+        PRUint32 len = strlen(str);
+        for( i = 0; i < len; i++ ) {
+            rvc[ i % sizeof(rv) ] ^= *str;
+            str++;
+        }
+    }
+
+    return rv;
+}
+
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+/*
+ * FUNCTION: pkix_IsCertSelfIssued
+ * DESCRIPTION:
+ *
+ *  Checks whether the Cert pointed to by "cert" is self-issued and stores the
+ *  Boolean result at "pSelfIssued". A Cert is considered self-issued if the
+ *  Cert's issuer matches the Cert's subject. If the subject or issuer is
+ *  not specified, a PKIX_FALSE is returned.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *      Address of Cert used to determine whether Cert is self-issued.
+ *      Must be non-NULL.
+ *  "pSelfIssued"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_IsCertSelfIssued(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pSelfIssued,
+        void *plContext)
+{
+        PKIX_PL_X500Name *subject = NULL;
+        PKIX_PL_X500Name *issuer = NULL;
+
+        PKIX_ENTER(CERT, "pkix_IsCertSelfIssued");
+        PKIX_NULLCHECK_TWO(cert, pSelfIssued);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &subject, plContext),
+                    PKIX_CERTGETSUBJECTFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetIssuer(cert, &issuer, plContext),
+                    PKIX_CERTGETISSUERFAILED);
+
+        if (subject == NULL || issuer == NULL) {
+                *pSelfIssued = PKIX_FALSE;
+        } else {
+
+                PKIX_CHECK(PKIX_PL_X500Name_Match
+                    (subject, issuer, pSelfIssued, plContext),
+                    PKIX_X500NAMEMATCHFAILED);
+        }
+
+cleanup:
+        PKIX_DECREF(subject);
+        PKIX_DECREF(issuer);
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_Throw
+ * DESCRIPTION:
+ *
+ *  Creates an Error using the value of "errorCode", the character array
+ *  pointed to by "funcName", the character array pointed to by "errorText",
+ *  and the Error pointed to by "cause" (if any), and stores it at "pError".
+ *
+ *  If "cause" is not NULL and has an errorCode of "PKIX_FATAL_ERROR",
+ *  then there is no point creating a new Error object. Rather, we simply
+ *  store "cause" at "pError".
+ *
+ * PARAMETERS:
+ *  "errorCode"
+ *      Value of error code.
+ *  "funcName"
+ *      Address of EscASCII array representing name of function throwing error.
+ *      Must be non-NULL.
+ *  "errnum"
+ *      PKIX_ERRMSGNUM of error description for new error.
+ *  "cause"
+ *      Address of Error representing error's cause.
+ *  "pError"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_Throw(
+        PKIX_ERRORCLASS errorClass,
+        const char *funcName,
+        PKIX_ERRORCODE errorCode,
+        PKIX_ERRORCLASS overrideClass,
+        PKIX_Error *cause,
+        PKIX_Error **pError,
+        void *plContext)
+{
+        PKIX_Error *error = NULL;
+
+        PKIX_ENTER(ERROR, "pkix_Throw");
+        PKIX_NULLCHECK_TWO(funcName, pError);
+
+        *pError = NULL;
+
+#ifdef PKIX_OBJECT_LEAK_TEST        
+        noErrorState = PKIX_TRUE;
+        if (pkixLog) {
+#ifdef PKIX_ERROR_DESCRIPTION            
+            PR_LOG(pkixLog, 4, ("Error in function \"%s\":\"%s\" with cause \"%s\"\n",
+                                funcName, PKIX_ErrorText[errorCode],
+                                (cause ? PKIX_ErrorText[cause->errCode] : "null")));
+#else
+            PR_LOG(pkixLog, 4, ("Error in function \"%s\": error code \"%d\"\n",
+                                funcName, errorCode));
+#endif /* PKIX_ERROR_DESCRIPTION */
+            PORT_Assert(strcmp(funcName, "PKIX_PL_Object_DecRef"));
+        }
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        /* if cause has error class of PKIX_FATAL_ERROR, return immediately */
+        if (cause) {
+                if (cause->errClass == PKIX_FATAL_ERROR){
+                        PKIX_INCREF(cause);
+                        *pError = cause;
+                        goto cleanup;
+                }
+        }
+        
+        if (overrideClass == PKIX_FATAL_ERROR){
+                errorClass = overrideClass;
+        }
+
+       pkixTempResult = PKIX_Error_Create(errorClass, cause, NULL,
+                                           errorCode, &error, plContext);
+       
+       if (!pkixTempResult) {
+           /* Setting plErr error code:
+            *    get it from PORT_GetError if it is a leaf error and
+            *    default error code does not exist(eq 0)               */
+           if (!cause && !error->plErr) {
+               error->plErr = PKIX_PL_GetPLErrorCode();
+           }
+       }
+
+       *pError = error;
+
+cleanup:
+
+        PKIX_DEBUG_EXIT(ERROR);
+        pkixErrorClass = 0;
+#ifdef PKIX_OBJECT_LEAK_TEST        
+        noErrorState = PKIX_FALSE;
+
+        if (runningLeakTest && fnStackNameArr) {
+            PR_LOG(pkixLog, 5,
+                   ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "),
+                    stackPosition, " ", fnStackNameArr[stackPosition],
+                    stackPosition, myFuncName));
+            fnStackNameArr[stackPosition--] = NULL;
+        }
+#endif /* PKIX_OBJECT_LEAK_TEST */
+        return (pkixTempResult);
+}
+
+/*
+ * FUNCTION: pkix_CheckTypes
+ * DESCRIPTION:
+ *
+ *  Checks that the types of the Object pointed to by "first" and the Object
+ *  pointed to by "second" are both equal to the value of "type". If they
+ *  are not equal, a PKIX_Error is returned.
+ *
+ * PARAMETERS:
+ *  "first"
+ *      Address of first Object. Must be non-NULL.
+ *  "second"
+ *      Address of second Object. Must be non-NULL.
+ *  "type"
+ *      Value of type to check against.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CheckTypes(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_UInt32 type,
+        void *plContext)
+{
+        PKIX_UInt32 firstType, secondType;
+
+        PKIX_ENTER(OBJECT, "pkix_CheckTypes");
+        PKIX_NULLCHECK_TWO(first, second);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(first, &firstType, plContext),
+                    PKIX_COULDNOTGETFIRSTOBJECTTYPE);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETSECONDOBJECTTYPE);
+
+        if ((firstType != type)||(firstType != secondType)) {
+                PKIX_ERROR(PKIX_OBJECTTYPESDONOTMATCH);
+        }
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_CheckType
+ * DESCRIPTION:
+ *
+ *  Checks that the type of the Object pointed to by "object" is equal to the
+ *  value of "type". If it is not equal, a PKIX_Error is returned.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object. Must be non-NULL.
+ *  "type"
+ *      Value of type to check against.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CheckType(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 type,
+        void *plContext)
+{
+        return (pkix_CheckTypes(object, object, type, plContext));
+}
+
+/*
+ * FUNCTION: pkix_hash
+ * DESCRIPTION:
+ *
+ *  Computes a hash value for "length" bytes starting at the array of bytes
+ *  pointed to by "bytes" and stores the result at "pHash".
+ *
+ *  XXX To speed this up, we could probably read 32 bits at a time from
+ *  bytes (maybe even 64 bits on some platforms)
+ *
+ * PARAMETERS:
+ *  "bytes"
+ *      Address of array of bytes to hash. Must be non-NULL.
+ *  "length"
+ *      Number of bytes to hash.
+ *  "pHash"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_hash(
+        const unsigned char *bytes,
+        PKIX_UInt32 length,
+        PKIX_UInt32 *pHash,
+        void *plContext)
+{
+        PKIX_UInt32 i;
+        PKIX_UInt32 hash;
+
+        PKIX_ENTER(OBJECT, "pkix_hash");
+        if (length != 0) {
+                PKIX_NULLCHECK_ONE(bytes);
+        }
+        PKIX_NULLCHECK_ONE(pHash);
+
+        hash = 0;
+        for (i = 0; i < length; i++) {
+                /* hash = 31 * hash + bytes[i]; */
+                hash = (hash << 5) - hash + bytes[i];
+        }
+
+        *pHash = hash;
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_countArray
+ * DESCRIPTION:
+ *
+ *  Counts the number of elements in the  null-terminated array of pointers
+ *  pointed to by "array" and returns the result.
+ *
+ * PARAMETERS
+ *  "array"
+ *      Address of null-terminated array of pointers.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns the number of elements in the array.
+ */
+PKIX_UInt32
+pkix_countArray(void **array)
+{
+        PKIX_UInt32 count = 0;
+
+        if (array) {
+                while (*array++) {
+                        count++;
+                }
+        }
+        return (count);
+}
+
+/*
+ * FUNCTION: pkix_duplicateImmutable
+ * DESCRIPTION:
+ *
+ *  Convenience callback function used for duplicating immutable objects.
+ *  Since the objects can not be modified, this function simply increments the
+ *  reference count on the object, and returns a reference to that object.
+ *
+ *  (see comments for PKIX_PL_DuplicateCallback in pkix_pl_system.h)
+ */
+PKIX_Error *
+pkix_duplicateImmutable(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_ENTER(OBJECT, "pkix_duplicateImmutable");
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_INCREF(object);
+
+        *pNewObject = object;
+
+cleanup:
+        PKIX_RETURN(OBJECT);
+}
+
+/* --String-Encoding-Conversion-Functions------------------------ */
+
+/*
+ * FUNCTION: pkix_hex2i
+ * DESCRIPTION:
+ *
+ *  Converts hexadecimal character "c" to its integer value and returns result.
+ *
+ * PARAMETERS
+ *  "c"
+ *      Character to convert to a hex value.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  The hexadecimal value of "c". Otherwise -1. (Unsigned 0xFFFFFFFF).
+ */
+PKIX_UInt32
+pkix_hex2i(char c)
+{
+        if ((c >= '0')&&(c <= '9'))
+                return (c-'0');
+        else if ((c >= 'a')&&(c <= 'f'))
+                return (c-'a'+10);
+        else if ((c >= 'A')&&(c <= 'F'))
+                return (c-'A'+10);
+        else
+                return ((PKIX_UInt32)(-1));
+}
+
+/*
+ * FUNCTION: pkix_i2hex
+ * DESCRIPTION:
+ *
+ *  Converts integer value "digit" to its ASCII hex value
+ *
+ * PARAMETERS
+ *  "digit"
+ *      Value of integer to convert to ASCII hex value. Must be 0-15.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  The ASCII hexadecimal value of "digit".
+ */
+char
+pkix_i2hex(char digit)
+{
+        if ((digit >= 0)&&(digit <= 9))
+                return (digit+'0');
+        else if ((digit >= 0xa)&&(digit <= 0xf))
+                return (digit - 10 + 'a');
+        else
+                return (-1);
+}
+
+/*
+ * FUNCTION: pkix_isPlaintext
+ * DESCRIPTION:
+ *
+ *  Returns whether character "c" is plaintext using EscASCII or EscASCII_Debug
+ *  depending on the value of "debug".
+ *
+ *  In EscASCII, [01, 7E] except '&' are plaintext.
+ *  In EscASCII_Debug [20, 7E] except '&' are plaintext.
+ *
+ * PARAMETERS:
+ *  "c"
+ *      Character to check.
+ *  "debug"
+ *      Value of debug flag.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  True if "c" is plaintext.
+ */
+PKIX_Boolean
+pkix_isPlaintext(unsigned char c, PKIX_Boolean debug) {
+        return ((c >= 0x01)&&(c <= 0x7E)&&(c != '&')&&(!debug || (c >= 20)));
+}
+
+/* --Cache-Functions------------------------ */
+
+/*
+ * FUNCTION: pkix_CacheCertChain_Lookup
+ * DESCRIPTION:
+ *
+ *  Look up CertChain Hash Table for a cached BuildResult based on "targetCert"
+ *  and "anchors" as the hash keys. If there is no item to match the key,
+ *  PKIX_FALSE is stored at "pFound". If an item is found, its cache time is
+ *  compared to "testDate". If expired, the item is removed and PKIX_FALSE is
+ *  stored at "pFound". Otherwise, PKIX_TRUE is stored at "pFound" and the 
+ *  BuildResult is stored at "pBuildResult".
+ *  The hashtable is maintained in the following ways:
+ *  1) When creating the hashtable, maximum bucket size can be specified (0 for
+ *     unlimited). If items in a bucket reaches its full size, an new addition
+ *     will trigger the removal of the old as FIFO sequence.
+ *  2) A PKIX_PL_Date created with current time offset by constant 
+ *     CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
+ *     When an item is retrieved, this date is compared against "testDate" for
+ *     validity. If comparison indicates this item is expired, the item is
+ *     removed from the bucket.
+ *
+ * PARAMETERS:
+ *  "targetCert"
+ *      Address of Target Cert as key to retrieve this CertChain. Must be 
+ *      non-NULL.
+ *  "anchors"
+ *      Address of PKIX_List of "anchors" is used as key to retrive CertChain.
+ *      Must be non-NULL.
+ *  "testDate"
+ *      Address of PKIX_PL_Date for verifying time validity and cache validity.
+ *      May be NULL. If testDate is NULL, this cache item will not be out-dated.
+ *  "pFound"
+ *      Address of PKIX_Boolean indicating valid data is found.
+ *      Must be non-NULL.
+ *  "pBuildResult"
+ *      Address where BuildResult will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CacheCertChain_Lookup(
+        PKIX_PL_Cert* targetCert,
+        PKIX_List* anchors,
+        PKIX_PL_Date *testDate,
+        PKIX_Boolean *pFound,
+        PKIX_BuildResult **pBuildResult,
+        void *plContext)
+{
+        PKIX_List *cachedValues = NULL;
+        PKIX_List *cachedKeys = NULL;
+        PKIX_Error *cachedCertChainError = NULL;
+        PKIX_PL_Date *cacheValidUntilDate = NULL;
+        PKIX_PL_Date *validityDate = NULL;
+        PKIX_Int32 cmpValidTimeResult = 0;
+        PKIX_Int32 cmpCacheTimeResult = 0;
+
+        PKIX_ENTER(BUILD, "pkix_CacheCertChain_Lookup");
+
+        PKIX_NULLCHECK_FOUR(targetCert, anchors, pFound, pBuildResult);
+
+        *pFound = PKIX_FALSE;
+
+        /* use trust anchors and target cert as hash key */
+
+        PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys,
+                    (PKIX_PL_Object *)targetCert,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys,
+                    (PKIX_PL_Object *)anchors,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        cachedCertChainError = PKIX_PL_HashTable_Lookup
+                    (cachedCertChainTable,
+                    (PKIX_PL_Object *) cachedKeys,
+                    (PKIX_PL_Object **) &cachedValues,
+                    plContext);
+
+        pkix_ccLookupCount++;
+
+        /* retrieve data from hashed value list */
+
+        if (cachedValues != NULL && cachedCertChainError == NULL) {
+
+            PKIX_CHECK(PKIX_List_GetItem
+                    (cachedValues,
+                    0,
+                    (PKIX_PL_Object **) &cacheValidUntilDate,
+                    plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+            /* check validity time and cache age time */
+            PKIX_CHECK(PKIX_List_GetItem
+                    (cachedValues,
+                    1,
+                    (PKIX_PL_Object **) &validityDate,
+                    plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+            /* if testDate is not set, this cache item is not out-dated */
+            if (testDate) {
+
+                PKIX_CHECK(PKIX_PL_Object_Compare
+                     ((PKIX_PL_Object *)testDate,
+                     (PKIX_PL_Object *)cacheValidUntilDate,
+                     &cmpCacheTimeResult,
+                     plContext),
+                     PKIX_OBJECTCOMPARATORFAILED);
+
+                PKIX_CHECK(PKIX_PL_Object_Compare
+                     ((PKIX_PL_Object *)testDate,
+                     (PKIX_PL_Object *)validityDate,
+                     &cmpValidTimeResult,
+                     plContext),
+                     PKIX_OBJECTCOMPARATORFAILED);
+            }
+
+            /* certs' date are all valid and cache item is not old */
+            if (cmpValidTimeResult <= 0 && cmpCacheTimeResult <=0) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                    (cachedValues,
+                    2,
+                    (PKIX_PL_Object **) pBuildResult,
+                    plContext),
+                    PKIX_LISTGETITEMFAILED);
+
+                *pFound = PKIX_TRUE;
+
+            } else {
+
+                pkix_ccRemoveCount++;
+                *pFound = PKIX_FALSE;
+
+                /* out-dated item, remove it from cache */
+                PKIX_CHECK(PKIX_PL_HashTable_Remove
+                    (cachedCertChainTable,
+                    (PKIX_PL_Object *) cachedKeys,
+                    plContext),
+                    PKIX_HASHTABLEREMOVEFAILED);
+            }
+        }
+
+cleanup:
+
+        PKIX_DECREF(cachedValues);
+        PKIX_DECREF(cachedKeys);
+        PKIX_DECREF(cachedCertChainError);
+        PKIX_DECREF(cacheValidUntilDate);
+        PKIX_DECREF(validityDate);
+
+        PKIX_RETURN(BUILD);
+
+}
+
+/*
+ * FUNCTION: pkix_CacheCertChain_Remove
+ * DESCRIPTION:
+ *
+ *  Remove CertChain Hash Table entry based on "targetCert" and "anchors"
+ *  as the hash keys. If there is no item to match the key, no action is
+ *  taken.
+ *  The hashtable is maintained in the following ways:
+ *  1) When creating the hashtable, maximum bucket size can be specified (0 for
+ *     unlimited). If items in a bucket reaches its full size, an new addition
+ *     will trigger the removal of the old as FIFO sequence.
+ *  2) A PKIX_PL_Date created with current time offset by constant 
+ *     CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
+ *     When an item is retrieved, this date is compared against "testDate" for
+ *     validity. If comparison indicates this item is expired, the item is
+ *     removed from the bucket.
+ *
+ * PARAMETERS:
+ *  "targetCert"
+ *      Address of Target Cert as key to retrieve this CertChain. Must be 
+ *      non-NULL.
+ *  "anchors"
+ *      Address of PKIX_List of "anchors" is used as key to retrive CertChain.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CacheCertChain_Remove(
+        PKIX_PL_Cert* targetCert,
+        PKIX_List* anchors,
+        void *plContext)
+{
+        PKIX_List *cachedKeys = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_CacheCertChain_Remove");
+        PKIX_NULLCHECK_TWO(targetCert, anchors);
+
+        /* use trust anchors and target cert as hash key */
+
+        PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys,
+                    (PKIX_PL_Object *)targetCert,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys,
+                    (PKIX_PL_Object *)anchors,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK_ONLY_FATAL(PKIX_PL_HashTable_Remove
+                    (cachedCertChainTable,
+                    (PKIX_PL_Object *) cachedKeys,
+                    plContext),
+                    PKIX_HASHTABLEREMOVEFAILED);
+
+        pkix_ccRemoveCount++;
+
+cleanup:
+
+        PKIX_DECREF(cachedKeys);
+
+        PKIX_RETURN(BUILD);
+
+}
+
+/*
+ * FUNCTION: pkix_CacheCertChain_Add
+ * DESCRIPTION:
+ *
+ *  Add a BuildResult to the CertChain Hash Table for a "buildResult" with
+ *  "targetCert" and "anchors" as the hash keys.
+ *  "validityDate" is the most restricted notAfter date of all Certs in
+ *  this CertChain and is verified when this BuildChain is retrieved.
+ *  The hashtable is maintained in the following ways:
+ *  1) When creating the hashtable, maximum bucket size can be specified (0 for
+ *     unlimited). If items in a bucket reaches its full size, an new addition
+ *     will trigger the removal of the old as FIFO sequence.
+ *  2) A PKIX_PL_Date created with current time offset by constant 
+ *     CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
+ *     When an item is retrieved, this date is compared against "testDate" for
+ *     validity. If comparison indicates this item is expired, the item is
+ *     removed from the bucket.
+ *
+ * PARAMETERS:
+ *  "targetCert"
+ *      Address of Target Cert as key to retrieve this CertChain. Must be 
+ *      non-NULL.
+ *  "anchors"
+ *      Address of PKIX_List of "anchors" is used as key to retrive CertChain.
+ *      Must be non-NULL.
+ *  "validityDate"
+ *      Address of PKIX_PL_Date contains the most restriced notAfter time of
+ *      all "certs". Must be non-NULL.
+ *      Address of PKIX_Boolean indicating valid data is found.
+ *      Must be non-NULL.
+ *  "buildResult"
+ *      Address of BuildResult to be cached. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CacheCertChain_Add(
+        PKIX_PL_Cert* targetCert,
+        PKIX_List* anchors,
+        PKIX_PL_Date *validityDate,
+        PKIX_BuildResult *buildResult,
+        void *plContext)
+{
+        PKIX_List *cachedValues = NULL;
+        PKIX_List *cachedKeys = NULL;
+        PKIX_Error *cachedCertChainError = NULL;
+        PKIX_PL_Date *cacheValidUntilDate = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_CacheCertChain_Add");
+
+        PKIX_NULLCHECK_FOUR(targetCert, anchors, validityDate, buildResult);
+
+        PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedKeys, (PKIX_PL_Object *)targetCert, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedKeys, (PKIX_PL_Object *)anchors, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
+                (CACHE_ITEM_PERIOD_SECONDS,
+                &cacheValidUntilDate,
+                plContext),
+               PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedValues,
+                (PKIX_PL_Object *)cacheValidUntilDate,
+                plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedValues, (PKIX_PL_Object *)validityDate, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedValues, (PKIX_PL_Object *)buildResult, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        cachedCertChainError = PKIX_PL_HashTable_Add
+                (cachedCertChainTable,
+                (PKIX_PL_Object *) cachedKeys,
+                (PKIX_PL_Object *) cachedValues,
+                plContext);
+
+        pkix_ccAddCount++;
+
+        if (cachedCertChainError != NULL) {
+                PKIX_DEBUG("PKIX_PL_HashTable_Add for CertChain skipped: "
+                        "entry existed\n");
+        }
+
+cleanup:
+
+        PKIX_DECREF(cachedValues);
+        PKIX_DECREF(cachedKeys);
+        PKIX_DECREF(cachedCertChainError);
+        PKIX_DECREF(cacheValidUntilDate);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_CacheCert_Lookup
+ * DESCRIPTION:
+ *
+ *  Look up Cert Hash Table for a cached item based on "store" and Subject in
+ *  "certSelParams" as the hash keys and returns values Certs in "pCerts".
+ *  If there isn't an item to match the key, a PKIX_FALSE is returned at
+ *  "pFound". The item's cache time is verified with "testDate". If out-dated,
+ *  this item is removed and PKIX_FALSE is returned at "pFound".
+ *  This hashtable is maintained in the following ways:
+ *  1) When creating the hashtable, maximum bucket size can be specified (0 for
+ *     unlimited). If items in a bucket reaches its full size, an new addition
+ *     will trigger the removal of the old as FIFO sequence.
+ *  2) A PKIX_PL_Date created with current time offset by constant 
+ *     CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
+ *     If the CertStore this Cert is from is a trusted one, the cache period is
+ *     shorter so cache can be updated more frequently.
+ *     When an item is retrieved, this date is compared against "testDate" for
+ *     validity. If comparison indicates this item is expired, the item is
+ *     removed from the bucket.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore as key to retrieve this CertChain. Must be 
+ *      non-NULL.
+ *  "certSelParams"
+ *      Address of ComCertSelParams that its subject is used as key to retrieve
+ *      this CertChain. Must be non-NULL.
+ *  "testDate"
+ *      Address of PKIX_PL_Date for verifying time cache validity.
+ *      Must be non-NULL. If testDate is NULL, this cache item won't be out
+ *      dated.
+ *  "pFound"
+ *      Address of KPKIX_Boolean indicating valid data is found.
+ *      Must be non-NULL.
+ *  "pCerts"
+ *      Address PKIX_List where the CertChain will be stored. Must be no-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CacheCert_Lookup(
+        PKIX_CertStore *store,
+        PKIX_ComCertSelParams *certSelParams,
+        PKIX_PL_Date *testDate,
+        PKIX_Boolean *pFound,
+        PKIX_List** pCerts,
+        void *plContext)
+{
+        PKIX_PL_Cert *cert = NULL;
+        PKIX_List *cachedKeys = NULL;
+        PKIX_List *cachedValues = NULL;
+        PKIX_List *cachedCertList = NULL;
+        PKIX_List *selCertList = NULL;
+        PKIX_PL_X500Name *subject = NULL;
+        PKIX_PL_Date *invalidAfterDate = NULL;
+        PKIX_PL_Date *cacheValidUntilDate = NULL;
+        PKIX_CertSelector *certSel = NULL;
+        PKIX_Error *cachedCertError = NULL;
+        PKIX_Error *selectorError = NULL;
+        PKIX_CertSelector_MatchCallback selectorMatch = NULL;
+        PKIX_Int32 cmpValidTimeResult = PKIX_FALSE;
+        PKIX_Int32 cmpCacheTimeResult = 0;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(BUILD, "pkix_CacheCert_Lookup");
+        PKIX_NULLCHECK_TWO(store, certSelParams);
+        PKIX_NULLCHECK_TWO(pFound, pCerts);
+
+        *pFound = PKIX_FALSE;
+
+        PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedKeys, (PKIX_PL_Object *)store, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
+                (certSelParams, &subject, plContext),
+                PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
+
+        PKIX_NULLCHECK_ONE(subject);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedKeys, (PKIX_PL_Object *)subject, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        cachedCertError = PKIX_PL_HashTable_Lookup
+                    (cachedCertTable,
+                    (PKIX_PL_Object *) cachedKeys,
+                    (PKIX_PL_Object **) &cachedValues,
+                    plContext);
+        pkix_cLookupCount++;
+
+        if (cachedValues != NULL && cachedCertError == NULL) {
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (cachedValues,
+                        0,
+                        (PKIX_PL_Object **) &cacheValidUntilDate,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                if (testDate) {
+                    PKIX_CHECK(PKIX_PL_Object_Compare
+                         ((PKIX_PL_Object *)testDate,
+                         (PKIX_PL_Object *)cacheValidUntilDate,
+                         &cmpCacheTimeResult,
+                         plContext),
+                         PKIX_OBJECTCOMPARATORFAILED);
+                }
+
+                if (cmpCacheTimeResult <= 0) {
+
+                    PKIX_CHECK(PKIX_List_GetItem
+                        (cachedValues,
+                        1,
+                        (PKIX_PL_Object **) &cachedCertList,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                    /*
+                     * Certs put on cache satifies only for Subject,
+                     * user selector and ComCertSelParams to filter.
+                     */
+                    PKIX_CHECK(PKIX_CertSelector_Create
+                          (NULL, NULL, &certSel, plContext),
+                          PKIX_CERTSELECTORCREATEFAILED);
+
+                    PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
+                          (certSel, certSelParams, plContext),
+                          PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
+
+                    PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
+                          (certSel, &selectorMatch, plContext),
+                          PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
+
+                    PKIX_CHECK(PKIX_List_Create(&selCertList, plContext),
+                            PKIX_LISTCREATEFAILED);
+
+                    /* 
+                     * If any of the Cert on the list is out-dated, invalidate
+                     * this cache item.
+                     */
+                    PKIX_CHECK(PKIX_List_GetLength
+                        (cachedCertList, &numItems, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                    for (i = 0; i < numItems; i++){
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                            (cachedCertList,
+                            i,
+                            (PKIX_PL_Object **)&cert,
+                            plContext),
+                            PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(PKIX_PL_Cert_GetValidityNotAfter
+                            (cert, &invalidAfterDate, plContext),
+                            PKIX_CERTGETVALIDITYNOTAFTERFAILED);
+
+                        if (testDate) {
+                            PKIX_CHECK(PKIX_PL_Object_Compare
+                                ((PKIX_PL_Object *)invalidAfterDate,
+                                (PKIX_PL_Object *)testDate,
+                                &cmpValidTimeResult,
+                                plContext),
+                                PKIX_OBJECTCOMPARATORFAILED);
+                        }
+
+                        if (cmpValidTimeResult < 0) {
+
+                            pkix_cRemoveCount++;
+                            *pFound = PKIX_FALSE;
+
+                            /* one cert is out-dated, remove item from cache */
+                            PKIX_CHECK(PKIX_PL_HashTable_Remove
+                                    (cachedCertTable,
+                                    (PKIX_PL_Object *) cachedKeys,
+                                    plContext),
+                                    PKIX_HASHTABLEREMOVEFAILED);
+                            goto cleanup;
+                        }
+
+                        selectorError = selectorMatch(certSel, cert, plContext);
+                        if (!selectorError){
+                            /* put on the return list */
+                            PKIX_CHECK(PKIX_List_AppendItem
+                                   (selCertList,
+                                   (PKIX_PL_Object *)cert,
+                                   plContext),
+                                  PKIX_LISTAPPENDITEMFAILED);
+                        } else {
+                            PKIX_DECREF(selectorError);
+                        }
+
+                        PKIX_DECREF(cert);
+                        PKIX_DECREF(invalidAfterDate);
+
+                    }
+
+                    if (*pFound) {
+                        PKIX_INCREF(selCertList);
+                        *pCerts = selCertList;
+                    }
+
+                } else {
+
+                    pkix_cRemoveCount++;
+                    *pFound = PKIX_FALSE;
+                    /* cache item is out-dated, remove it from cache */
+                    PKIX_CHECK(PKIX_PL_HashTable_Remove
+                                (cachedCertTable,
+                                (PKIX_PL_Object *) cachedKeys,
+                                plContext),
+                                PKIX_HASHTABLEREMOVEFAILED);
+                }
+
+        } 
+
+cleanup:
+
+        PKIX_DECREF(subject);
+        PKIX_DECREF(certSel);
+        PKIX_DECREF(cachedKeys);
+        PKIX_DECREF(cachedValues);
+        PKIX_DECREF(cacheValidUntilDate);
+        PKIX_DECREF(cert);
+        PKIX_DECREF(cachedCertList);
+        PKIX_DECREF(selCertList);
+        PKIX_DECREF(invalidAfterDate);
+        PKIX_DECREF(cachedCertError);
+        PKIX_DECREF(selectorError);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_CacheCert_Add
+ * DESCRIPTION:
+ *
+ *  Add Cert Hash Table for a cached item based on "store" and Subject in
+ *  "certSelParams" as the hash keys and have "certs" as the key value.
+ *  This hashtable is maintained in the following ways:
+ *  1) When creating the hashtable, maximum bucket size can be specified (0 for
+ *     unlimited). If items in a bucket reaches its full size, an new addition
+ *     will trigger the removal of the old as FIFO sequence.
+ *  2) A PKIX_PL_Date created with current time offset by constant 
+ *     CACHE_ITEM_PERIOD_SECONDS is attached to each item in the Hash Table.
+ *     If the CertStore this Cert is from is a trusted one, the cache period is
+ *     shorter so cache can be updated more frequently.
+ *     When an item is retrieved, this date is compared against "testDate" for
+ *     validity. If comparison indicates this item is expired, the item is
+ *     removed from the bucket.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore as key to retrieve this CertChain. Must be 
+ *      non-NULL.
+ *  "certSelParams"
+ *      Address of ComCertSelParams that its subject is used as key to retrieve
+ *      this CertChain. Must be non-NULL.
+ *  "certs"
+ *      Address PKIX_List of Certs will be stored. Must be no-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CacheCert_Add(
+        PKIX_CertStore *store,
+        PKIX_ComCertSelParams *certSelParams,
+        PKIX_List* certs,
+        void *plContext)
+{
+        PKIX_List *cachedKeys = NULL;
+        PKIX_List *cachedValues = NULL;
+        PKIX_PL_Date *cacheValidUntilDate = NULL;
+        PKIX_PL_X500Name *subject = NULL;
+        PKIX_Error *cachedCertError = NULL;
+        PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
+        PKIX_UInt32 cachePeriod = CACHE_ITEM_PERIOD_SECONDS;
+        PKIX_UInt32 numCerts = 0;
+
+        PKIX_ENTER(BUILD, "pkix_CacheCert_Add");
+        PKIX_NULLCHECK_THREE(store, certSelParams, certs);
+
+        PKIX_CHECK(PKIX_List_GetLength(certs, &numCerts,
+                                       plContext),
+                   PKIX_LISTGETLENGTHFAILED);
+        if (numCerts == 0) {
+            /* Don't want to add an empty list. */
+            goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedKeys, (PKIX_PL_Object *)store, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
+                (certSelParams, &subject, plContext),
+                PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
+
+        PKIX_NULLCHECK_ONE(subject);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedKeys, (PKIX_PL_Object *)subject, plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_Create(&cachedValues, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_CertStore_GetTrustCallback
+                (store, &trustCallback, plContext),
+                PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
+
+        if (trustCallback) {
+                cachePeriod = CACHE_TRUST_ITEM_PERIOD_SECONDS;
+        }
+
+        PKIX_CHECK(PKIX_PL_Date_Create_CurrentOffBySeconds
+               (cachePeriod, &cacheValidUntilDate, plContext),
+               PKIX_DATECREATECURRENTOFFBYSECONDSFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedValues,
+                (PKIX_PL_Object *)cacheValidUntilDate,
+                plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                (cachedValues,
+                (PKIX_PL_Object *)certs,
+                plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+
+        cachedCertError = PKIX_PL_HashTable_Add
+                    (cachedCertTable,
+                    (PKIX_PL_Object *) cachedKeys,
+                    (PKIX_PL_Object *) cachedValues,
+                    plContext);
+
+        pkix_cAddCount++;
+
+        if (cachedCertError != NULL) {
+                PKIX_DEBUG("PKIX_PL_HashTable_Add for Certs skipped: "
+                        "entry existed\n");
+        }
+
+cleanup:
+
+        PKIX_DECREF(subject);
+        PKIX_DECREF(cachedKeys);
+        PKIX_DECREF(cachedValues);
+        PKIX_DECREF(cacheValidUntilDate);
+        PKIX_DECREF(cachedCertError);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_CacheCrlEntry_Lookup
+ * DESCRIPTION:
+ *
+ *  Look up CrlEntry Hash Table for a cached item based on "store",
+ *  "certIssuer" and "certSerialNumber" as the hash keys and returns values
+ *  "pCrls". If there isn't an item to match the key, a PKIX_FALSE is
+ *  returned at "pFound".
+ *  This hashtable is maintained in the following way:
+ *  1) When creating the hashtable, maximum bucket size can be specified (0 for
+ *     unlimited). If items in a bucket reaches its full size, an new addition
+ *     will trigger the removal of the old as FIFO sequence.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore as key to retrieve this CertChain. Must be 
+ *      non-NULL.
+ *  "certIssuer"
+ *      Address of X500Name that is used as key to retrieve the CRLEntries.
+ *      Must be non-NULL.
+ *  "certSerialNumber"
+ *      Address of BigInt that is used as key to retrieve the CRLEntries.
+ *      Must be non-NULL.
+ *  "pFound"
+ *      Address of KPKIX_Boolean indicating valid data is found.
+ *      Must be non-NULL.
+ *  "pCrls"
+ *      Address PKIX_List where the CRLEntry will be stored. Must be no-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CacheCrlEntry_Lookup(
+        PKIX_CertStore *store,
+        PKIX_PL_X500Name *certIssuer,
+        PKIX_PL_BigInt *certSerialNumber,
+        PKIX_Boolean *pFound,
+        PKIX_List** pCrls,
+        void *plContext)
+{
+        PKIX_List *cachedKeys = NULL;
+        PKIX_List *cachedCrlEntryList = NULL;
+        PKIX_Error *cachedCrlEntryError = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Lookup");
+        PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
+        PKIX_NULLCHECK_TWO(pFound, pCrls);
+
+        *pFound = PKIX_FALSE;
+
+        /* Find CrlEntry(s) by issuer and serial number */
+         
+        PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys, (PKIX_PL_Object *)store, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys,
+                    (PKIX_PL_Object *)certSerialNumber,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        cachedCrlEntryError = PKIX_PL_HashTable_Lookup
+                    (cachedCrlEntryTable,
+                    (PKIX_PL_Object *) cachedKeys,
+                    (PKIX_PL_Object **) &cachedCrlEntryList,
+                    plContext);
+        pkix_ceLookupCount++;
+
+        /* 
+         * We don't need check Date to invalidate this cache item,
+         * the item is uniquely defined and won't be reverted. Let
+         * the FIFO for cleaning up.
+         */
+
+        if (cachedCrlEntryList != NULL && cachedCrlEntryError == NULL ) {
+
+                PKIX_INCREF(cachedCrlEntryList);
+                *pCrls = cachedCrlEntryList;
+
+                *pFound = PKIX_TRUE;
+
+        } else {
+
+                *pFound = PKIX_FALSE;
+        }
+
+cleanup:
+
+        PKIX_DECREF(cachedKeys);
+        PKIX_DECREF(cachedCrlEntryList);
+        PKIX_DECREF(cachedCrlEntryError);
+
+        PKIX_RETURN(BUILD);
+}
+
+/*
+ * FUNCTION: pkix_CacheCrlEntry_Add
+ * DESCRIPTION:
+ *
+ *  Look up CrlEntry Hash Table for a cached item based on "store",
+ *  "certIssuer" and "certSerialNumber" as the hash keys and have "pCrls" as
+ *  the hash value. If there isn't an item to match the key, a PKIX_FALSE is
+ *  returned at "pFound".
+ *  This hashtable is maintained in the following way:
+ *  1) When creating the hashtable, maximum bucket size can be specified (0 for
+ *     unlimited). If items in a bucket reaches its full size, an new addition
+ *     will trigger the removal of the old as FIFO sequence.
+ *
+ * PARAMETERS:
+ *  "store"
+ *      Address of CertStore as key to retrieve this CertChain. Must be 
+ *      non-NULL.
+ *  "certIssuer"
+ *      Address of X500Name that is used as key to retrieve the CRLEntries.
+ *      Must be non-NULL.
+ *  "certSerialNumber"
+ *      Address of BigInt that is used as key to retrieve the CRLEntries.
+ *      Must be non-NULL.
+ *  "crls"
+ *      Address PKIX_List where the CRLEntry is stored. Must be no-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Error Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_CacheCrlEntry_Add(
+        PKIX_CertStore *store,
+        PKIX_PL_X500Name *certIssuer,
+        PKIX_PL_BigInt *certSerialNumber,
+        PKIX_List* crls,
+        void *plContext)
+{
+        PKIX_List *cachedKeys = NULL;
+        PKIX_Error *cachedCrlEntryError = NULL;
+
+        PKIX_ENTER(BUILD, "pkix_CacheCrlEntry_Add");
+        PKIX_NULLCHECK_THREE(store, certIssuer, certSerialNumber);
+        PKIX_NULLCHECK_ONE(crls);
+
+        /* Add CrlEntry(s) by issuer and serial number */
+         
+        PKIX_CHECK(PKIX_List_Create(&cachedKeys, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys, (PKIX_PL_Object *)store, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys, (PKIX_PL_Object *)certIssuer, plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                    (cachedKeys,
+                    (PKIX_PL_Object *)certSerialNumber,
+                    plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+
+        cachedCrlEntryError = PKIX_PL_HashTable_Add
+                    (cachedCrlEntryTable,
+                    (PKIX_PL_Object *) cachedKeys,
+                    (PKIX_PL_Object *) crls,
+                    plContext);
+        pkix_ceAddCount++;
+
+cleanup:
+
+        PKIX_DECREF(cachedKeys);
+        PKIX_DECREF(cachedCrlEntryError);
+
+        PKIX_RETURN(BUILD);
+}
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+
+/* TEST_START_FN and testStartFnStackPosition define at what state
+ * of the stack the object leak testing should begin. The condition
+ * in pkix_CheckForGeneratedError works the following way: do leak
+ * testing if at position testStartFnStackPosition in stack array
+ * (fnStackNameArr) we have called function TEST_START_FN.
+ * Note, that stack array get filled only when executing libpkix
+ * functions.
+ * */
+#define TEST_START_FN "PKIX_BuildChain"
+
+PKIX_Error*
+pkix_CheckForGeneratedError(PKIX_StdVars * stdVars, 
+                            PKIX_ERRORCLASS errClass, 
+                            char * fnName,
+                            PKIX_Boolean *errSetFlag,
+                            void * plContext)
+{
+    PKIX_Error *genErr = NULL;
+    PKIX_UInt32 pos = 0;
+    PKIX_UInt32 strLen = 0;
+
+    if (fnName) { 
+        if (fnStackNameArr[testStartFnStackPosition] == NULL ||
+            strcmp(fnStackNameArr[testStartFnStackPosition], TEST_START_FN)
+            ) {
+            /* return with out error if not with in boundary */
+            return NULL;
+        }
+        if (!strcmp(fnName, TEST_START_FN)) {
+            *errSetFlag = PKIX_TRUE;
+            noErrorState = PKIX_FALSE;
+            errorGenerated = PKIX_FALSE;
+        }
+    }   
+
+    if (noErrorState || errorGenerated)  return NULL;
+
+    if (fnName && (
+        !strcmp(fnName, "PKIX_PL_Object_DecRef") ||
+        !strcmp(fnName, "PKIX_PL_Object_Unlock") ||
+        !strcmp(fnName, "pkix_UnlockObject") ||
+        !strcmp(fnName, "pkix_Throw") ||
+        !strcmp(fnName, "pkix_trace_dump_cert") ||
+        !strcmp(fnName, "PKIX_PL_Free"))) {
+        /* do not generate error for this functions */
+        noErrorState = PKIX_TRUE;
+        *errSetFlag = PKIX_TRUE;
+        return NULL;
+    }
+
+    if (PL_HashTableLookup(fnInvTable, &fnStackInvCountArr[stackPosition - 1])) {
+        return NULL;
+    }
+
+    PL_HashTableAdd(fnInvTable, &fnStackInvCountArr[stackPosition - 1], nonNullValue);
+    errorGenerated = PKIX_TRUE;
+    noErrorState = PKIX_TRUE;
+    genErr = PKIX_DoThrow(stdVars, errClass, PKIX_MEMLEAKGENERATEDERROR,
+                          errClass, plContext);
+    while(fnStackNameArr[pos]) {
+        strLen += PORT_Strlen(fnStackNameArr[pos++]) + 1;
+    }
+    strLen += 1; /* end of line. */
+    pos = 0;
+    errorFnStackString = PORT_ZAlloc(strLen);
+    while(fnStackNameArr[pos]) {
+        strcat(errorFnStackString, "/");
+        strcat(errorFnStackString, fnStackNameArr[pos++]);
+    }
+    noErrorState = PKIX_FALSE;
+    
+    return genErr;
+}
+#endif /* PKIX_OBJECT_LEAK_TEST */
diff --git a/nss/lib/libpkix/pkix/util/pkix_tools.h b/nss/lib/libpkix/pkix/util/pkix_tools.h
new file mode 100755
index 0000000..5a8ef27
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/pkix_tools.h
@@ -0,0 +1,1588 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_tools.h
+ *
+ * Header for Utility Functions and Macros
+ *
+ */
+
+#ifndef _PKIX_TOOLS_H
+#define _PKIX_TOOLS_H
+
+#include "pkix.h"
+#include <stddef.h>
+#include <stdio.h>
+#include "secport.h"
+#include "prlong.h"
+
+/* private PKIX system headers */
+#include "pkix_basicconstraintschecker.h"
+#include "pkix_buildresult.h"
+#include "pkix_certchainchecker.h"
+#include "pkix_certselector.h"
+#include "pkix_comcertselparams.h"
+#include "pkix_comcrlselparams.h"
+#include "pkix_crlselector.h"
+#include "pkix_error.h"
+#include "pkix_expirationchecker.h"
+#include "pkix_list.h"
+#include "pkix_logger.h"
+#include "pkix_namechainingchecker.h"
+#include "pkix_nameconstraintschecker.h"
+#include "pkix_policychecker.h"
+#include "pkix_policynode.h"
+#include "pkix_procparams.h"
+#include "pkix_resourcelimits.h"
+#include "pkix_revocationmethod.h"
+#include "pkix_revocationchecker.h"
+#include "pkix_crlchecker.h"
+#include "pkix_ocspchecker.h"
+#include "pkix_signaturechecker.h"
+#include "pkix_store.h"
+#include "pkix_targetcertchecker.h"
+#include "pkix_validate.h"
+#include "pkix_valresult.h"
+#include "pkix_verifynode.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct pkixStdVarsStr {
+    const char        *aMyFuncName;
+    PKIX_Error        *aPkixErrorResult;
+    PKIX_Error        *aPkixTempResult;
+    PKIX_Error        *aPkixReturnResult;
+    PKIX_ERRORCODE     aPkixErrorCode;
+    PKIX_Boolean       aPkixErrorReceived;
+    PKIX_Boolean       aPkixTempErrorReceived;
+    PKIX_ERRORCLASS    aPkixErrorClass;
+    PKIX_UInt32        aPkixType;
+    PKIX_PL_Object    *aLockedObject;
+    PKIX_List         *aPkixErrorList;
+} PKIX_StdVars;
+
+#ifdef PKIX_STDVARS_POINTER
+#define myFuncName                  stdVars->aMyFuncName
+#define pkixErrorResult             stdVars->aPkixErrorResult
+#define pkixTempResult              stdVars->aPkixTempResult
+#define pkixReturnResult            stdVars->aPkixReturnResult
+#define pkixErrorCode               stdVars->aPkixErrorCode
+#define pkixErrorReceived           stdVars->aPkixErrorReceived
+#define pkixTempErrorReceived       stdVars->aPkixTempErrorReceived 
+#define pkixErrorClass              stdVars->aPkixErrorClass
+#define pkixType                    stdVars->aPkixType
+#define lockedObject                stdVars->aLockedObject
+#define pkixErrorList               stdVars->aPkixErrorList
+#define stdVarsPtr                  stdVars
+#else
+#define myFuncName                  stdVars.aMyFuncName
+#define pkixErrorResult             stdVars.aPkixErrorResult
+#define pkixTempResult              stdVars.aPkixTempResult
+#define pkixReturnResult            stdVars.aPkixReturnResult
+#define pkixErrorCode               stdVars.aPkixErrorCode
+#define pkixErrorReceived           stdVars.aPkixErrorReceived
+#define pkixTempErrorReceived       stdVars.aPkixTempErrorReceived 
+#define pkixErrorClass              stdVars.aPkixErrorClass
+#define pkixType                    stdVars.aPkixType
+#define lockedObject                stdVars.aLockedObject
+#define pkixErrorList               stdVars.aPkixErrorList
+#define stdVarsPtr                  &stdVars
+#endif
+
+extern PKIX_Error * PKIX_DoReturn(PKIX_StdVars * stdVars, 
+                                  PKIX_ERRORCLASS errClass, 
+                                  PKIX_Boolean doLogger,
+                                  void * plContext);
+
+extern PKIX_Error * PKIX_DoThrow(PKIX_StdVars * stdVars, 
+                                 PKIX_ERRORCLASS errClass, 
+                                 PKIX_ERRORCODE errCode,
+                                 PKIX_ERRORCLASS overrideClass, 
+                                 void * plContext);
+
+extern void PKIX_DoAddError(PKIX_StdVars * stdVars, 
+                            PKIX_Error * error,
+                            void * plContext);
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+extern PKIX_Error * pkix_CheckForGeneratedError(PKIX_StdVars * stdVars, 
+                                                PKIX_ERRORCLASS errClass, 
+                                                char * fnName,
+                                                PKIX_Boolean *errorStateSet,
+                                                void * plContext);
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+extern const PKIX_StdVars zeroStdVars;
+
+extern PRLogModuleInfo *pkixLog;
+
+/*
+ * UTILITY MACROS
+ * Documentation for these common utility macros can be found in the
+ * Implementation Guidelines document (Section 4.3)
+ *
+ * In general, macros with multiple statements (or a single "if" statement)
+ * use the "do {<body>} while (0)" technique in order to convert the multiple
+ * statements into one statement, thus avoiding the dangling else problem.
+ * For macros which ALWAYS exit with a "return" or "goto", there is no
+ * need to use this technique (and it yields compiler warnings of "statement
+ * not reached"), so we just use "{<body>}" to group the statements together.
+ */
+
+#if !defined (PKIX_OBJECT_LEAK_TEST)
+
+#define PKIX_STD_VARS(funcName) \
+    static const char cMyFuncName[] = {funcName}; \
+    PKIX_StdVars      stdVars = zeroStdVars; \
+    myFuncName = cMyFuncName
+
+
+#else /* PKIX_OBJECT_LEAK_TEST */
+
+extern char **fnStackNameArr;
+extern PKIX_UInt32 *fnStackInvCountArr;
+extern PKIX_UInt32  stackPosition;
+extern PKIX_Boolean noErrorState;
+extern PKIX_Boolean errorGenerated;
+extern PKIX_Boolean runningLeakTest;
+extern PLHashTable *fnInvTable;
+extern PKIX_UInt32 testStartFnStackPosition;
+extern char *errorFnStackString;
+
+extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key);
+
+#define PKIX_STD_VARS(funcName) \
+    static const char cMyFuncName[] = {funcName}; \
+    PKIX_StdVars      stdVars = zeroStdVars; \
+    PKIX_Boolean      errorSetFlag = PKIX_FALSE; \
+    myFuncName = cMyFuncName; \
+    if (runningLeakTest) { \
+        if (fnStackNameArr) { \
+            fnStackInvCountArr[stackPosition] += 1; \
+            stackPosition += 1; \
+            fnStackInvCountArr[stackPosition] = 0; \
+            fnStackNameArr[stackPosition] = (char*)myFuncName; \
+            fnStackNameArr[stackPosition + 1] = NULL; \
+            PR_LOG(pkixLog, 5, \
+                    ("%s%*s+> %s(%d) - %s\n", (errorGenerated ? "*" : " "), \
+                             stackPosition, " ", fnStackNameArr[stackPosition], \
+                             stackPosition, myFuncName)); \
+        } \
+        do { \
+            pkixErrorResult = pkix_CheckForGeneratedError(&stdVars, PKIX_MEM_ERROR, \
+                                                          funcName, &errorSetFlag, \
+                                                          plContext); \
+            if (pkixErrorResult) { \
+                 PR_LOG(pkixLog, 5, \
+                    ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "), \
+                              stackPosition, " ", fnStackNameArr[stackPosition], \
+                              stackPosition, myFuncName)); \
+                 fnStackNameArr[stackPosition--] = NULL; \
+                 if (errorSetFlag) { \
+                       noErrorState = (noErrorState) ? PKIX_FALSE : PKIX_TRUE; \
+                 } \
+                 return pkixErrorResult; \
+            } \
+        } while (0); \
+    }
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+#ifdef DEBUG
+#define _PKIX_DEBUG_TRACE(cond, prefix, level) \
+    do { \
+	if (cond) { \
+	    pkix_Logger_Check(pkixLoggersDebugTrace, myFuncName, \
+	                      prefix, pkixType, level, plContext); \
+	} \
+    } while (0)
+#else
+#define _PKIX_DEBUG_TRACE(cond, prefix, level) 
+#endif
+
+#define _PKIX_LOG_ERROR(code, level) \
+    { \
+	if (pkixLoggersErrors) { \
+	    pkix_Logger_CheckWithCode(pkixLoggersErrors, code, \
+	                      NULL, pkixType, level, plContext); \
+	} \
+    }
+
+#define PKIX_ENTER(type, funcName) \
+    PKIX_STD_VARS(funcName); \
+    pkixType = PKIX_ ## type ## _ERROR; \
+    PKIX_DEBUG_ENTER(type); \
+    _PKIX_DEBUG_TRACE(pkixLoggersDebugTrace, ">>>", PKIX_LOGGER_LEVEL_TRACE);
+
+#define PKIX_ENTER_NO_LOGGER(type, funcName) \
+    PKIX_STD_VARS(funcName); \
+    pkixType = PKIX_ ## type ## _ERROR; \
+    PKIX_DEBUG_ENTER(type);
+
+#define PKIX_DEBUG_ENTER(type) \
+    PKIX_ ## type ## _DEBUG_ARG("( Entering %s).\n", myFuncName)
+
+#define PKIX_DEBUG_EXIT(type) \
+    PKIX_ ## type ## _DEBUG_ARG("( Exiting %s).\n", myFuncName)
+
+#define PKIX_OBJECT_UNLOCK(obj) \
+    do { \
+	if (obj && lockedObject == (PKIX_PL_Object *)(obj)){ \
+	    pkixTempResult = \
+		    PKIX_PL_Object_Unlock \
+		    ((PKIX_PL_Object *)(obj), plContext); \
+	    if (pkixTempResult) { \
+		PKIX_DoAddError(stdVarsPtr, pkixTempResult, plContext); \
+		pkixTempResult = NULL; \
+	    } \
+	    lockedObject = NULL; \
+	} else { \
+	    PORT_Assert(lockedObject == NULL); \
+	} \
+    } while (0)
+
+#define PKIX_DECREF(obj) \
+    do { \
+	if (obj){ \
+	    pkixTempResult = PKIX_PL_Object_DecRef \
+			((PKIX_PL_Object *)(obj), plContext); \
+	    if (pkixTempResult) { \
+		PKIX_DoAddError(stdVarsPtr, pkixTempResult, plContext); \
+		pkixTempResult = NULL; \
+	    } \
+	    obj = NULL; \
+	} \
+    } while (0)
+
+#define PKIX_THROW(type, descNum) \
+    return PKIX_DoThrow(&stdVars, (PKIX_ ## type ## _ERROR), descNum, \
+                        pkixErrorClass, plContext);
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+#define PKIX_RETURN(type) \
+    if (runningLeakTest && fnStackNameArr) { \
+        PR_LOG(pkixLog, 5, \
+               ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "), \
+               stackPosition, " ", fnStackNameArr[stackPosition], \
+               stackPosition, myFuncName)); \
+        fnStackNameArr[stackPosition--] = NULL; \
+        if (errorSetFlag) noErrorState = (noErrorState) ? PKIX_FALSE : PKIX_TRUE; \
+    } \
+    return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_TRUE, plContext);
+#else
+#define PKIX_RETURN(type) \
+    return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_TRUE, plContext);
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+
+#if defined(DEBUG) && !defined(DEBUG_nb95248)
+#define PKIX_RETURN_NO_LOGGER(type) \
+    { \
+	PKIX_OBJECT_UNLOCK(lockedObject); \
+	if ((pkixErrorReceived) || (pkixErrorResult) || pkixErrorList) \
+	    PKIX_THROW(type, pkixErrorCode); \
+	PKIX_DEBUG_EXIT(type); \
+	return NULL; \
+    }
+#else
+#define PKIX_RETURN_NO_LOGGER(type) \
+    return PKIX_DoReturn(&stdVars, (PKIX_ ## type ## _ERROR), PKIX_FALSE, plContext);
+#endif
+
+/* disable to disable ;-) */
+/* #define WANT_TRACE_CHECK_FAILURES */
+
+#ifdef WANT_TRACE_CHECK_FAILURES
+#define TRACE_CHECK_FAILURE(what, errorstring) \
+    if (pkixLog) { \
+      PR_LOG(pkixLog, PR_LOG_DEBUG, \
+        ("====> [%s] failed: %s\n", #what, errorstring)); \
+    }
+#else
+#define TRACE_CHECK_FAILURE(what, errorstring)
+#endif
+
+#define PKIX_CHECK(func, descNum) \
+    do { \
+	pkixErrorResult = (func); \
+	if (pkixErrorResult) { \
+            TRACE_CHECK_FAILURE((func), PKIX_ErrorText[descNum]) \
+	    pkixErrorClass = pkixErrorResult->errClass; \
+	    pkixErrorCode = descNum; \
+	    goto cleanup; \
+	} \
+    } while (0)
+
+/* like PKIX_CHECK but without goto cleanup */
+#define PKIX_CHECK_NO_GOTO(func, descNum) \
+    do { \
+	pkixErrorResult = (func); \
+	if (pkixErrorResult) { \
+            TRACE_CHECK_FAILURE((func), PKIX_ErrorText[descNum]) \
+	    pkixErrorClass = pkixErrorResult->errClass; \
+	    pkixErrorCode = descNum; \
+	} \
+    } while (0)
+
+#define PKIX_CHECK_ONLY_FATAL(func, descNum) \
+    do { \
+	pkixTempErrorReceived = PKIX_FALSE; \
+	pkixErrorResult = (func); \
+	if (pkixErrorResult) { \
+            TRACE_CHECK_FAILURE((func), PKIX_ErrorText[descNum]) \
+	    pkixTempErrorReceived = PKIX_TRUE; \
+	    pkixErrorClass = pkixErrorResult->errClass; \
+            if (pkixErrorClass == PKIX_FATAL_ERROR) { \
+	         goto cleanup; \
+	    } \
+	    PKIX_DECREF(pkixErrorResult); \
+	} \
+    } while (0)
+
+#define PKIX_LOG_ERROR(descNum) \
+    _PKIX_LOG_ERROR(descNum, PKIX_LOGGER_LEVEL_ERROR)
+
+#define PKIX_ERROR(descNum) \
+    { \
+	PKIX_LOG_ERROR(descNum) \
+	pkixErrorReceived = PKIX_TRUE; \
+	pkixErrorCode = descNum; \
+	goto cleanup; \
+    }
+
+#define PKIX_ERROR_ALLOC_ERROR() \
+    { \
+	PKIX_LOG_ERROR(PKIX_ALLOCERROR) \
+	pkixErrorReceived = PKIX_TRUE; \
+	pkixErrorResult = PKIX_ALLOC_ERROR(); \
+	goto cleanup; \
+    }
+
+#define PKIX_ERROR_FATAL(descNum) \
+    { \
+	pkixErrorReceived = PKIX_TRUE; \
+	pkixErrorCode = descNum; \
+	pkixErrorClass = PKIX_FATAL_ERROR; \
+	_PKIX_LOG_ERROR(pkixErrorCode, PKIX_LOGGER_LEVEL_FATALERROR); \
+	goto cleanup; \
+    }
+
+#define PKIX_CHECK_FATAL(func, descNum) \
+    do { \
+	pkixErrorResult = (func); \
+	if (pkixErrorResult) { \
+                TRACE_CHECK_FAILURE((func), PKIX_ErrorText[descNum]) \
+		pkixErrorReceived = PKIX_TRUE; \
+		pkixErrorCode = descNum; \
+		pkixErrorClass = PKIX_FATAL_ERROR; \
+		_PKIX_LOG_ERROR(pkixErrorCode, PKIX_LOGGER_LEVEL_FATALERROR); \
+		goto fatal; \
+	} \
+    } while (0)
+
+#define PKIX_NULLCHECK_ONE(a) \
+    do { \
+	if ((a) == NULL){ \
+	    pkixErrorReceived = PKIX_TRUE; \
+	    pkixErrorCode = PKIX_NULLARGUMENT; \
+	    PKIX_RETURN(FATAL); \
+	} \
+    } while (0)
+
+#define PKIX_NULLCHECK_TWO(a, b) \
+    do { \
+	if (((a) == NULL) || ((b) == NULL)){ \
+	    pkixErrorReceived = PKIX_TRUE; \
+	    pkixErrorCode = PKIX_NULLARGUMENT; \
+	    PKIX_RETURN(FATAL); \
+	} \
+    } while (0)
+
+#define PKIX_NULLCHECK_THREE(a, b, c) \
+    do { \
+	if (((a) == NULL) || ((b) == NULL) || ((c) == NULL)){ \
+	    pkixErrorReceived = PKIX_TRUE; \
+	    pkixErrorCode = PKIX_NULLARGUMENT; \
+	    PKIX_RETURN(FATAL); \
+	} \
+    } while (0)
+
+#define PKIX_NULLCHECK_FOUR(a, b, c, d) \
+    do { \
+	if (((a) == NULL) || ((b) == NULL) || \
+	    ((c) == NULL) || ((d) == NULL)){ \
+	    pkixErrorReceived = PKIX_TRUE; \
+	    pkixErrorCode = PKIX_NULLARGUMENT; \
+	    PKIX_RETURN(FATAL); \
+	} \
+    } while (0)
+
+#define PKIX_OBJECT_LOCK(obj) \
+    do { \
+	if (obj) { \
+	    pkixTempResult = \
+		PKIX_PL_Object_Lock((PKIX_PL_Object*)(obj), plContext); \
+	    if (pkixTempResult) { \
+		PKIX_DoAddError(stdVarsPtr, pkixTempResult, plContext); \
+		pkixTempResult = NULL; \
+		pkixErrorCode = PKIX_OBJECTLOCKFAILED; \
+		goto cleanup; \
+	    } \
+	    lockedObject = (PKIX_PL_Object *)(obj); \
+	} \
+    } while (0)
+
+#define PKIX_ERROR_CREATE(type, descNum, error) \
+    { \
+	pkixTempResult = (PKIX_Error*)pkix_Throw \
+		(PKIX_ ## type ## _ERROR,  myFuncName, \
+		descNum, PKIX_ ## type ## _ERROR, pkixErrorResult, \
+		&error, plContext); \
+	if (pkixTempResult) { \
+	    error = pkixTempResult; \
+	    pkixTempResult = NULL; \
+	} \
+    }
+		
+
+#define PKIX_ERROR_RECEIVED \
+    (pkixErrorReceived || pkixErrorResult || pkixTempErrorReceived || \
+     pkixErrorList)
+
+#define PKIX_INCREF(obj) \
+    do { \
+	if (obj){ \
+	    pkixTempResult = PKIX_PL_Object_IncRef \
+			((PKIX_PL_Object *)(obj), plContext); \
+	    if (pkixTempResult) { \
+		PKIX_DoAddError(&stdVars, pkixTempResult, plContext); \
+		pkixTempResult = NULL; \
+		goto cleanup; \
+	    } \
+	} \
+    } while (0)
+
+#define PKIX_FREE(obj) \
+    do { \
+	if (obj) { \
+	    pkixTempResult = PKIX_PL_Free((obj), plContext); \
+	    if (pkixTempResult) { \
+		PKIX_DoAddError(&stdVars, pkixTempResult, plContext); \
+		pkixTempResult = NULL; \
+	    } \
+	    obj = NULL; \
+	} \
+    } while (0)
+
+#define PKIX_EXACTLY_ONE_NULL(a, b) (((a) && !(b)) || ((b) && !(a)))
+
+/* DIGIT MACROS */
+
+#define PKIX_ISDIGIT(c) (((c) >= '0') && ((c) <= '9'))
+
+#define PKIX_ISXDIGIT(c) \
+    (PKIX_ISDIGIT(c) || ( (((c)|0x20) >= 'a') && (((c)|0x20) <= 'f') ))
+
+#define PKIX_TOSTRING(a, b, c, d) \
+    do { \
+	int descNum; \
+	if ((a) != NULL) { \
+	    pkixErrorResult =  \
+		PKIX_PL_Object_ToString((PKIX_PL_Object *)(a), (b), (c)); \
+	    descNum = (d); \
+	} else { \
+	    pkixErrorResult =  \
+		PKIX_PL_String_Create(PKIX_ESCASCII, "(null)", 0, (b), (c)); \
+	    descNum = PKIX_STRINGCREATEFAILED; \
+	} \
+	PKIX_CHECK(pkixErrorResult, descNum); \
+    } while (0)
+
+#define PKIX_EQUALS(a, b, c, d, e) \
+    do { \
+	if ((a) != NULL && (b) != NULL) { \
+	    PKIX_CHECK(PKIX_PL_Object_Equals\
+			((PKIX_PL_Object *)(a), \
+			(PKIX_PL_Object*)(b), \
+			(c), \
+			(d)), \
+			(e)); \
+	} else if ((a) == NULL && (b) == NULL) { \
+	    *(c) = PKIX_TRUE; \
+	} else { \
+	    *(c) = PKIX_FALSE; \
+	} \
+    } while (0)
+
+#define PKIX_HASHCODE(a, b, c, d) \
+    do { \
+	if ((a) != NULL) { \
+	    PKIX_CHECK(PKIX_PL_Object_Hashcode\
+		((PKIX_PL_Object *)(a), (b), (c)), (d)); \
+	} else { \
+	    *(b) = 0; \
+	} \
+    } while (0)
+
+#define PKIX_DUPLICATE(a, b, c, d) \
+    do { \
+	if ((a) != NULL) { \
+	    PKIX_CHECK(PKIX_PL_Object_Duplicate\
+			((PKIX_PL_Object *)(a), \
+			(PKIX_PL_Object **)(b), \
+			(c)), \
+			(d)); \
+	} else { \
+	    *(b) = (a); \
+	} \
+    } while (0)
+
+/*
+ * DEBUG MACROS
+ *
+ * Each type has an associated debug flag, which can
+ * be set on the compiler line using "-D<debugflag>". For convenience,
+ * "-DPKIX_DEBUGALL" turns on debug for all the components.
+ *
+ * If a type's debug flag is defined, then its two associated macros
+ * are defined: PKIX_type_DEBUG(expr) and PKIX_type_DEBUG_ARG(expr, arg),
+ * which call PKIX_DEBUG(expr) and PKIX_DEBUG_ARG(expr, arg) respectively,
+ * which, in turn, enable standard and consistently formatted output.
+ *
+ * If a type's debug flag is not defined, the two associated macros
+ * are defined as a NO-OP. As such, any PKIX_type_DEBUG or PKIX_type_DEBUG_ARG
+ * macros for an undefined type will be stripped from the code during
+ * pre-processing, thereby reducing code size.
+ */
+
+#ifdef PKIX_DEBUGALL
+#define PKIX_REFCOUNTDEBUG                        1
+#define PKIX_MEMDEBUG                             1
+#define PKIX_MUTEXDEBUG                           1
+#define PKIX_OBJECTDEBUG                          1
+#define PKIX_STRINGDEBUG                          1
+#define PKIX_OIDDEBUG                             1
+#define PKIX_LISTDEBUG                            1
+#define PKIX_ERRORDEBUG                           1
+#define PKIX_BYTEARRAYDEBUG                       1
+#define PKIX_RWLOCKDEBUG                          1
+#define PKIX_BIGINTDEBUG                          1
+#define PKIX_HASHTABLEDEBUG                       1
+#define PKIX_X500NAMEDEBUG                        1
+#define PKIX_GENERALNAMEDEBUG                     1
+#define PKIX_PUBLICKEYDEBUG                       1
+#define PKIX_CERTDEBUG                            1
+#define PKIX_HTTPCLIENTDEBUG                      1
+#define PKIX_DATEDEBUG                            1
+#define PKIX_TRUSTANCHORDEBUG                     1
+#define PKIX_PROCESSINGPARAMSDEBUG                1
+#define PKIX_VALIDATEPARAMSDEBUG                  1
+#define PKIX_VALIDATERESULTDEBUG                  1
+#define PKIX_VALIDATEDEBUG                        1
+#define PKIX_CERTCHAINCHECKERDEBUG                1
+#define PKIX_REVOCATIONCHECKERDEBUG               1
+#define PKIX_CERTSELECTORDEBUG                    1
+#define PKIX_COMCERTSELPARAMSDEBUG                1
+#define PKIX_TARGETCERTCHECKERSTATEDEBUG          1
+#define PKIX_INITIALIZEPARAMSDEBUG                1
+#define PKIX_CERTBASICCONSTRAINTSDEBUG            1
+#define PKIX_CERTNAMECONSTRAINTSDEBUG             1
+#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATEDEBUG 1
+#define PKIX_SUBJALTNAMECHECKERSTATEDEBUG         1
+
+#define PKIX_CERTPOLICYQUALIFIERDEBUG             1
+#define PKIX_CERTPOLICYINFODEBUG                  1
+#define PKIX_CERTPOLICYNODEDEBUG                  1
+#define PKIX_CERTPOLICYCHECKERSTATEDEBUG          1
+#define PKIX_LIFECYCLEDEBUG                       1
+#define PKIX_BASICCONSTRAINTSCHECKERSTATEDEBUG    1
+#define PKIX_CRLDEBUG                             1
+#define PKIX_CRLENTRYDEBUG                        1
+#define PKIX_CRLSELECTORDEBUG                     1
+#define PKIX_COMCRLSELPARAMSDEBUG                 1
+#define PKIX_CERTSTOREDEBUG                       1
+#define PKIX_COLLECTIONCERTSTORECONTEXTDEBUG      1
+#define PKIX_DEFAULTCRLCHECKERSTATEDEBUG          1
+#define PKIX_CERTPOLICYMAPDEBUG                   1
+#define PKIX_BUILDDEBUG                           1
+#define PKIX_BUILDRESULTDEBUG                     1
+#define PKIX_FORWARDBUILDERSTATEDEBUG             1
+#define PKIX_SIGNATURECHECKERSTATEDEBUG           1
+#define PKIX_USERDEFINEDMODULESDEBUG              1
+#define PKIX_CONTEXTDEBUG                         1
+#define PKIX_DEFAULTREVOCATIONCHECKERDEBUG        1
+#define PKIX_LDAPREQUESTDEBUG                     1
+#define PKIX_LDAPRESPONSEDEBUG                    1
+#define PKIX_LDAPCLIENTDEBUG                      1
+#define PKIX_LDAPDEFAULTCLIENTDEBUG               1
+#define PKIX_SOCKETDEBUG                          1
+#define PKIX_RESOURCELIMITSDEBUG                  1
+#define PKIX_LOGGERDEBUG                          1
+#define PKIX_MONITORLOCKDEBUG                     1
+#define PKIX_INFOACCESSDEBUG                      1
+#define PKIX_AIAMGRDEBUG                          1
+#define PKIX_OCSPCHECKERDEBUG                     1
+#define PKIX_OCSPREQUESTDEBUG                     1
+#define PKIX_OCSPRESPONSEDEBUG                    1
+#define PKIX_HTTPDEFAULTCLIENTDEBUG               1
+#define PKIX_HTTPCERTSTORECONTEXTDEBUG            1
+#define PKIX_VERIFYNODEDEBUG                      1
+#endif
+
+/*
+ * XXX Both PKIX_DEBUG and PKIX_DEBUG_ARG currently use printf.
+ * This needs to be replaced with Loggers.
+ */
+
+#ifdef DEBUG
+#define PKIX_DEBUG(expr) \
+    do { \
+	_PKIX_DEBUG_TRACE(pkixLoggersErrors, expr, PKIX_LOGGER_LEVEL_DEBUG); \
+	(void) fprintf(stderr, "(%s: ", myFuncName); \
+        (void) fprintf(stderr, expr);                \
+    } while (0)
+#else
+#define PKIX_DEBUG(expr)
+#endif
+
+/* Logging doesn't support DEBUG with ARG: cannot convert control and arg */
+#define PKIX_DEBUG_ARG(expr, arg) \
+    do { \
+	(void) printf("(%s: ", myFuncName); \
+	(void) printf(expr, arg); \
+    } while (0)
+
+#if PKIX_FATALDEBUG
+#define PKIX_FATAL_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_FATAL_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_FATAL_DEBUG(expr)
+#define PKIX_FATAL_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_REFCOUNTDEBUG
+#define PKIX_REF_COUNT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_REF_COUNT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_REF_COUNT_DEBUG(expr)
+#define PKIX_REF_COUNT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_MEMDEBUG
+#define PKIX_MEM_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_MEM_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_MEM_DEBUG(expr)
+#define PKIX_MEM_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_MUTEXDEBUG
+#define PKIX_MUTEX_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_MUTEX_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_MUTEX_DEBUG(expr)
+#define PKIX_MUTEX_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_OBJECTDEBUG
+#define PKIX_OBJECT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_OBJECT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_OBJECT_DEBUG(expr)
+#define PKIX_OBJECT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_ERRORDEBUG
+#define PKIX_ERROR_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_ERROR_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_ERROR_DEBUG(expr)
+#define PKIX_ERROR_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_STRINGDEBUG
+#define PKIX_STRING_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_STRING_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_STRING_DEBUG(expr)
+#define PKIX_STRING_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_OIDDEBUG
+#define PKIX_OID_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_OID_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_OID_DEBUG(expr)
+#define PKIX_OID_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_LISTDEBUG
+#define PKIX_LIST_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_LIST_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_LIST_DEBUG(expr)
+#define PKIX_LIST_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_RWLOCKDEBUG
+#define PKIX_RWLOCK_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_RWLOCK_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_RWLOCK_DEBUG(expr)
+#define PKIX_RWLOCK_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_BYTEARRAYDEBUG
+#define PKIX_BYTEARRAY_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_BYTEARRAY_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_BYTEARRAY_DEBUG(expr)
+#define PKIX_BYTEARRAY_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_HASHTABLEDEBUG
+#define PKIX_HASHTABLE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_HASHTABLE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_HASHTABLE_DEBUG(expr)
+#define PKIX_HASHTABLE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_X500NAMEDEBUG
+#define PKIX_X500NAME_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_X500NAME_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_X500NAME_DEBUG(expr)
+#define PKIX_X500NAME_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_GENERALNAMEDEBUG
+#define PKIX_GENERALNAME_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_GENERALNAME_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_GENERALNAME_DEBUG(expr)
+#define PKIX_GENERALNAME_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_PUBLICKEYDEBUG
+#define PKIX_PUBLICKEY_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_PUBLICKEY_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_PUBLICKEY_DEBUG(expr)
+#define PKIX_PUBLICKEY_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTDEBUG
+#define PKIX_CERT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERT_DEBUG(expr)
+#define PKIX_CERT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CRLDPDEBUG
+#define PKIX_CRLDP_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CRLDP_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CRLDP_DEBUG(expr)
+#define PKIX_CRLDP_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_HTTPCLIENTDEBUG
+#define PKIX_HTTPCLIENT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_HTTPCLIENT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_HTTPCLIENT_DEBUG(expr)
+#define PKIX_HTTPCLIENT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_BIGINTDEBUG
+#define PKIX_BIGINT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_BIGINT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_BIGINT_DEBUG(expr)
+#define PKIX_BIGINT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_DATEDEBUG
+#define PKIX_DATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_DATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_DATE_DEBUG(expr)
+#define PKIX_DATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_TRUSTANCHORDEBUG
+#define PKIX_TRUSTANCHOR_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_TRUSTANCHOR_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_TRUSTANCHOR_DEBUG(expr)
+#define PKIX_TRUSTANCHOR_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_PROCESSINGPARAMSDEBUG
+#define PKIX_PROCESSINGPARAMS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_PROCESSINGPARAMS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_PROCESSINGPARAMS_DEBUG(expr)
+#define PKIX_PROCESSINGPARAMS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_VALIDATEPARAMSDEBUG
+#define PKIX_VALIDATEPARAMS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_VALIDATEPARAMS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_VALIDATEPARAMS_DEBUG(expr)
+#define PKIX_VALIDATEPARAMS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_VALIDATERESULTDEBUG
+#define PKIX_VALIDATERESULT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_VALIDATERESULT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_VALIDATERESULT_DEBUG(expr)
+#define PKIX_VALIDATERESULT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_VALIDATEDEBUG
+#define PKIX_VALIDATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_VALIDATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_VALIDATE_DEBUG(expr)
+#define PKIX_VALIDATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_BUILDDEBUG
+#define PKIX_BUILD_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_BUILD_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_BUILD_DEBUG(expr)
+#define PKIX_BUILD_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTCHAINCHECKERDEBUG
+#define PKIX_CERTCHAINCHECKER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTCHAINCHECKER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTCHAINCHECKER_DEBUG(expr)
+#define PKIX_CERTCHAINCHECKER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_REVOCATIONCHECKERDEBUG
+#define PKIX_REVOCATIONCHECKER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_REVOCATIONCHECKER_DEBUG(expr)
+#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_REVOCATIONMETHODDEBUG
+#define PKIX_REVOCATIONMETHOD_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_REVOCATIONMETHOD_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_REVOCATIONMETHOD_DEBUG(expr)
+#define PKIX_REVOCATIONMETHOD_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTSELECTORDEBUG
+#define PKIX_CERTSELECTOR_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTSELECTOR_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTSELECTOR_DEBUG(expr)
+#define PKIX_CERTSELECTOR_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_COMCERTSELPARAMSDEBUG
+#define PKIX_COMCERTSELPARAMS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_COMCERTSELPARAMS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_COMCERTSELPARAMS_DEBUG(expr)
+#define PKIX_COMCERTSELPARAMS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_TARGETCERTCHECKERSTATEDEBUG
+#define PKIX_TARGETCERTCHECKERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_TARGETCERTCHECKERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_TARGETCERTCHECKERSTATE_DEBUG(expr)
+#define PKIX_TARGETCERTCHECKERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_BASICCONSTRAINTSCHECKERSTATEDEBUG
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr)
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_INITIALIZEPARAMSDEBUG
+#define PKIX_INITIALIZEPARAMS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_INITIALIZEPARAMS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_INITIALIZEPARAMS_DEBUG(expr)
+#define PKIX_INITIALIZEPARAMS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTBASICCONSTRAINTSDEBUG
+#define PKIX_CERTBASICCONSTRAINTS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTBASICCONSTRAINTS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTBASICCONSTRAINTS_DEBUG(expr)
+#define PKIX_CERTBASICCONSTRAINTS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTNAMECONSTRAINTSDEBUG
+#define PKIX_CERTNAMECONSTRAINTS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTNAMECONSTRAINTS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTNAMECONSTRAINTS_DEBUG(expr)
+#define PKIX_CERTNAMECONSTRAINTS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTNAMECONSTRAINTSCHECKERSTATEDEBUG
+#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG(expr)
+#define PKIX_CERTNAMECONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_SUBJALTNAMECHECKERSTATEDEBUG
+#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG(expr)
+#define PKIX_SUBJALTNAMECHECKERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTPOLICYQUALIFIERDEBUG
+#define PKIX_CERTPOLICYQUALIFIER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTPOLICYQUALIFIER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTPOLICYQUALIFIER_DEBUG(expr)
+#define PKIX_CERTPOLICYQUALIFIER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTPOLICYINFODEBUG
+#define PKIX_CERTPOLICYINFO_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTPOLICYINFO_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTPOLICYINFO_DEBUG(expr)
+#define PKIX_CERTPOLICYINFO_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTPOLICYNODEDEBUG
+#define PKIX_CERTPOLICYNODE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTPOLICYNODE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTPOLICYNODE_DEBUG(expr)
+#define PKIX_CERTPOLICYNODE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTPOLICYCHECKERSTATEDEBUG
+#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG(expr)
+#define PKIX_CERTPOLICYCHECKERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_LIFECYCLEDEBUG
+#define PKIX_LIFECYCLE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_LIFECYCLE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_LIFECYCLE_DEBUG(expr)
+#define PKIX_LIFECYCLE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_BASICCONSTRAINTSCHECKERSTATEDEBUG
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG(expr)
+#define PKIX_BASICCONSTRAINTSCHECKERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CRLDEBUG
+#define PKIX_CRL_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CRL_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CRL_DEBUG(expr)
+#define PKIX_CRL_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CRLENTRYDEBUG
+#define PKIX_CRLENTRY_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CRLENTRY_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CRLENTRY_DEBUG(expr)
+#define PKIX_CRLENTRY_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CRLSELECTORDEBUG
+#define PKIX_CRLSELECTOR_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CRLSELECTOR_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CRLSELECTOR_DEBUG(expr)
+#define PKIX_CRLSELECTOR_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_COMCRLSELPARAMSDEBUG
+#define PKIX_COMCRLSELPARAMS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_COMCRLSELPARAMS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_COMCRLSELPARAMS_DEBUG(expr)
+#define PKIX_COMCRLSELPARAMS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTSTOREDEBUG
+#define PKIX_CERTSTORE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTSTORE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTSTORE_DEBUG(expr)
+#define PKIX_CERTSTORE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_COLLECTIONCERTSTORECONTEXTDEBUG
+#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG(expr)
+#define PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CRLCHECKERDEBUG
+#define PKIX_CRLCHECKER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CRLCHECKER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CRLCHECKER_DEBUG(expr)
+#define PKIX_CRLCHECKER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTPOLICYMAPDEBUG
+#define PKIX_CERTPOLICYMAP_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTPOLICYMAP_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTPOLICYMAP_DEBUG(expr)
+#define PKIX_CERTPOLICYMAP_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_BUILDRESULTDEBUG
+#define PKIX_BUILDRESULT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_BUILDRESULT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_BUILDRESULT_DEBUG(expr)
+#define PKIX_BUILDRESULT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_FORWARDBUILDERSTATEDEBUG
+#define PKIX_FORWARDBUILDERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_FORWARDBUILDERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_FORWARDBUILDERSTATE_DEBUG(expr)
+#define PKIX_FORWARDBUILDERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_SIGNATURECHECKERSTATEDEBUG
+#define PKIX_SIGNATURECHECKERSTATE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_SIGNATURECHECKERSTATE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_SIGNATURECHECKERSTATE_DEBUG(expr)
+#define PKIX_SIGNATURECHECKERSTATE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_USERDEFINEDMODULESDEBUG
+#define PKIX_USERDEFINEDMODULES_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_USERDEFINEDMODULES_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_USERDEFINEDMODULES_DEBUG(expr)
+#define PKIX_USERDEFINEDMODULES_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CONTEXTDEBUG
+#define PKIX_CONTEXT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CONTEXT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CONTEXT_DEBUG(expr)
+#define PKIX_CONTEXT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_REVOCATIONCHECKERDEBUG
+#define PKIX_REVOCATIONCHECKER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_REVOCATIONCHECKER_DEBUG(expr)
+#define PKIX_REVOCATIONCHECKER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_LDAPREQUESTDEBUG
+#define PKIX_LDAPREQUEST_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_LDAPREQUEST_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_LDAPREQUEST_DEBUG(expr)
+#define PKIX_LDAPREQUEST_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_LDAPRESPONSEDEBUG
+#define PKIX_LDAPRESPONSE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_LDAPRESPONSE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_LDAPRESPONSE_DEBUG(expr)
+#define PKIX_LDAPRESPONSE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_LDAPCLIENTDEBUG
+#define PKIX_LDAPCLIENT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_LDAPCLIENT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_LDAPCLIENT_DEBUG(expr)
+#define PKIX_LDAPCLIENT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_LDAPDEFAULTCLIENTDEBUG
+#define PKIX_LDAPDEFAULTCLIENT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_LDAPDEFAULTCLIENT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_LDAPDEFAULTCLIENT_DEBUG(expr)
+#define PKIX_LDAPDEFAULTCLIENT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_SOCKETDEBUG
+#define PKIX_SOCKET_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_SOCKET_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_SOCKET_DEBUG(expr)
+#define PKIX_SOCKET_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_RESOURCELIMITSDEBUG
+#define PKIX_RESOURCELIMITS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_RESOURCELIMITS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_RESOURCELIMITS_DEBUG(expr)
+#define PKIX_RESOURCELIMITS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_LOGGERDEBUG
+#define PKIX_LOGGER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_LOGGER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_LOGGER_DEBUG(expr)
+#define PKIX_LOGGER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_MONITORLOCKDEBUG
+#define PKIX_MONITORLOCK_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_MONITORLOCK_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_MONITORLOCK_DEBUG(expr)
+#define PKIX_MONITORLOCK_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_INFOACCESSDEBUG
+#define PKIX_INFOACCESS_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_INFOACCESS_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_INFOACCESS_DEBUG(expr)
+#define PKIX_INFOACCESS_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_AIAMGRDEBUG
+#define PKIX_AIAMGR_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_AIAMGR_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_AIAMGR_DEBUG(expr)
+#define PKIX_AIAMGR_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_OCSPCHECKERDEBUG
+#define PKIX_OCSPCHECKER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_OCSPCHECKER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_OCSPCHECKER_DEBUG(expr)
+#define PKIX_OCSPCHECKER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_OCSPCERTIDDEBUG
+#define PKIX_OCSPCERTID_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_OCSPCERTID_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_OCSPCERTID_DEBUG(expr)
+#define PKIX_OCSPCERTID_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_OCSPREQUESTDEBUG
+#define PKIX_OCSPREQUEST_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_OCSPREQUEST_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_OCSPREQUEST_DEBUG(expr)
+#define PKIX_OCSPREQUEST_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_OCSPRESPONSEDEBUG
+#define PKIX_OCSPRESPONSE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_OCSPRESPONSE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_OCSPRESPONSE_DEBUG(expr)
+#define PKIX_OCSPRESPONSE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_HTTPDEFAULTCLIENTDEBUG
+#define PKIX_HTTPDEFAULTCLIENT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_HTTPDEFAULTCLIENT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_HTTPDEFAULTCLIENT_DEBUG(expr)
+#define PKIX_HTTPDEFAULTCLIENT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_HTTPCERTSTORECONTEXTDEBUG
+#define PKIX_HTTPCERTSTORECONTEXT_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_HTTPCERTSTORECONTEXT_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_HTTPCERTSTORECONTEXT_DEBUG(expr)
+#define PKIX_HTTPCERTSTORECONTEXT_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_VERIFYNODEDEBUG
+#define PKIX_VERIFYNODE_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_VERIFYNODE_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_VERIFYNODE_DEBUG(expr)
+#define PKIX_VERIFYNODE_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_EKUCHECKER
+#define PKIX_EKUCHECKER_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_EKUCHECKER_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_EKUCHECKER_DEBUG(expr)
+#define PKIX_EKUCHECKER_DEBUG_ARG(expr, arg)
+#endif
+
+#if PKIX_CERTVFYPKIXDEBUG
+#define PKIX_CERTVFYPKIX_DEBUG(expr) \
+        PKIX_DEBUG(expr)
+#define PKIX_CERTVFYPKIX_DEBUG_ARG(expr, arg) \
+        PKIX_DEBUG_ARG(expr, arg)
+#else
+#define PKIX_CERTVFYPKIX_DEBUG(expr)
+#define PKIX_CERTVFYPKIX_DEBUG_ARG(expr, arg)
+#endif
+
+/*
+ * All object types register themselves with the system using a
+ * pkix_ClassTable_Entry, which consists of a set of functions for that
+ * type and an ASCII string (char *) which is used by the default
+ * ToStringCallback (if necessary). System types register themselves directly
+ * when their respective PKIX_"type"_RegisterSelf functions are called.
+ * User-defined types can be registered using PKIX_PL_Object_RegisterType.
+ * (see comments in pkix_pl_system.h)
+ */
+
+typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry;
+struct pkix_ClassTable_EntryStruct {
+        char *description;
+        PKIX_UInt32 objCounter;
+        PKIX_UInt32 typeObjectSize;
+        PKIX_PL_DestructorCallback destructor;
+        PKIX_PL_EqualsCallback equalsFunction;
+        PKIX_PL_HashcodeCallback hashcodeFunction;
+        PKIX_PL_ToStringCallback toStringFunction;
+        PKIX_PL_ComparatorCallback comparator;
+        PKIX_PL_DuplicateCallback duplicateFunction;
+};
+
+/*
+ * PKIX_ERRORCLASSNAMES is an array of strings, with each string holding a
+ * descriptive name for an error code. This is used by the default
+ * PKIX_PL_Error_ToString function.
+ */
+extern const char *PKIX_ERRORCLASSNAMES[PKIX_NUMERRORCLASSES];
+
+#define MAX_STACK_DEPTH         1000
+
+extern PRLogModuleInfo *pkixLog;
+
+#define PKIX_MAGIC_HEADER           PR_UINT64(0xFEEDC0FFEEFACADE)
+#define PKIX_MAGIC_HEADER_DESTROYED PR_UINT64(0xBAADF00DDEADBEEF)
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_IsCertSelfIssued(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pSelfIssued,
+        void *plContext);
+
+PKIX_Error *
+pkix_Throw(
+        PKIX_ERRORCLASS errClass,
+        const char *funcName,
+        PKIX_ERRORCODE errorTextCode,
+        PKIX_ERRORCLASS overrideClass,
+        PKIX_Error *cause,
+        PKIX_Error **pError,
+        void *plContext);
+
+PKIX_Error *
+pkix_CheckTypes(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_UInt32 type,
+        void *plContext);
+
+PKIX_Error *
+pkix_CheckType(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 type,
+        void *plContext);
+
+PKIX_Error *
+pkix_hash(
+        const unsigned char *bytes,
+        PKIX_UInt32 length,
+        PKIX_UInt32 *hash,
+        void *plContext);
+
+PKIX_Error *
+pkix_duplicateImmutable(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext);
+
+PKIX_UInt32
+pkix_countArray(void **array);
+
+PKIX_UInt32
+pkix_hex2i(char c);
+
+char
+pkix_i2hex(char c);
+
+PKIX_Boolean
+pkix_isPlaintext(unsigned char c, PKIX_Boolean debug);
+
+PKIX_Error *
+pkix_CacheCertChain_Lookup(
+        PKIX_PL_Cert* targetCert,
+        PKIX_List* anchors,
+        PKIX_PL_Date *testDate,
+        PKIX_Boolean *pFound,
+        PKIX_BuildResult **pBuildResult,
+        void *plContext);
+
+PKIX_Error *
+pkix_CacheCertChain_Remove(
+        PKIX_PL_Cert* targetCert,
+        PKIX_List* anchors,
+        void *plContext);
+
+PKIX_Error *
+pkix_CacheCertChain_Add(
+        PKIX_PL_Cert* targetCert,
+        PKIX_List* anchors,
+        PKIX_PL_Date *validityDate,
+        PKIX_BuildResult *buildResult,
+        void *plContext);
+
+PKIX_Error *
+pkix_CacheCert_Lookup(
+        PKIX_CertStore *store,
+        PKIX_ComCertSelParams *certSelParams,
+        PKIX_PL_Date *testDate,
+        PKIX_Boolean *pFound,
+        PKIX_List** pCerts,
+        void *plContext);
+
+PKIX_Error *
+pkix_CacheCert_Add(
+        PKIX_CertStore *store,
+        PKIX_ComCertSelParams *certSelParams,
+        PKIX_List* certs,
+        void *plContext);
+
+PKIX_Error *
+pkix_CacheCrlEntry_Lookup(
+        PKIX_CertStore *store,
+        PKIX_PL_X500Name *certIssuer,
+        PKIX_PL_BigInt *certSerialNumber,
+        PKIX_Boolean *pFound,
+        PKIX_List** pCrlEntryList,
+        void *plContext);
+
+PKIX_Error *
+pkix_CacheCrlEntry_Add(
+        PKIX_CertStore *store,
+        PKIX_PL_X500Name *certIssuer,
+        PKIX_PL_BigInt *certSerialNumber,
+        PKIX_List* crlEntryList,
+        void *plContext);
+
+#ifdef PR_LOGGING
+void
+pkix_trace_dump_cert(
+        const char *info, 
+        PKIX_PL_Cert *cert, 
+        void *plContext);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_TOOLS_H */
diff --git a/nss/lib/libpkix/pkix/util/util.gyp b/nss/lib/libpkix/pkix/util/util.gyp
new file mode 100644
index 0000000..078852f
--- /dev/null
+++ b/nss/lib/libpkix/pkix/util/util.gyp
@@ -0,0 +1,27 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixutil',
+      'type': 'static_library',
+      'sources': [
+        'pkix_error.c',
+        'pkix_errpaths.c',
+        'pkix_list.c',
+        'pkix_logger.c',
+        'pkix_tools.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix_pl_nss/Makefile b/nss/lib/libpkix/pkix_pl_nss/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/config.mk b/nss/lib/libpkix/pkix_pl_nss/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/manifest.mn b/nss/lib/libpkix/pkix_pl_nss/manifest.mn
new file mode 100755
index 0000000..f3c8351
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/manifest.mn
@@ -0,0 +1,11 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../..
+DEPTH      = ../../..
+
+#
+DIRS =  pki system module \
+	$(NULL)
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/Makefile b/nss/lib/libpkix/pkix_pl_nss/module/Makefile
new file mode 100755
index 0000000..36524f5
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/config.mk b/nss/lib/libpkix/pkix_pl_nss/module/config.mk
new file mode 100755
index 0000000..2926747
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/config.mk
@@ -0,0 +1,35 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
+ifdef NSS_PKIX_NO_LDAP
+LDAP_HEADERS =
+LDAP_CSRCS =
+else
+LDAP_HEADERS = \
+	pkix_pl_ldapt.h \
+	pkix_pl_ldapcertstore.h \
+	pkix_pl_ldapresponse.h \
+	pkix_pl_ldaprequest.h \
+	pkix_pl_ldapdefaultclient.h \
+ 	$(NULL)
+ 
+LDAP_CSRCS = \
+	pkix_pl_ldaptemplates.c \
+	pkix_pl_ldapcertstore.c \
+	pkix_pl_ldapresponse.c \
+	pkix_pl_ldaprequest.c \
+	pkix_pl_ldapdefaultclient.c \
+ 	$(NULL)
+endif
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/exports.gyp b/nss/lib/libpkix/pkix_pl_nss/module/exports.gyp
new file mode 100644
index 0000000..064a17c
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/exports.gyp
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_pl_nss_module_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_pl_aiamgr.h',
+            'pkix_pl_colcertstore.h',
+            'pkix_pl_httpcertstore.h',
+            'pkix_pl_httpdefaultclient.h',
+            'pkix_pl_ldapcertstore.h',
+            'pkix_pl_ldapdefaultclient.h',
+            'pkix_pl_ldaprequest.h',
+            'pkix_pl_ldapresponse.h',
+            'pkix_pl_ldapt.h',
+            'pkix_pl_nsscontext.h',
+            'pkix_pl_pk11certstore.h',
+            'pkix_pl_socket.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn b/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
new file mode 100755
index 0000000..63bfd70
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/manifest.mn
@@ -0,0 +1,38 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_pl_aiamgr.h \
+	pkix_pl_colcertstore.h \
+	pkix_pl_httpcertstore.h \
+	pkix_pl_httpdefaultclient.h \
+	$(LDAP_HEADERS) \
+	pkix_pl_nsscontext.h \
+	pkix_pl_pk11certstore.h \
+	pkix_pl_socket.h \
+	$(NULL)
+
+MODULE = nss
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
+
+
+CSRCS = \
+	pkix_pl_aiamgr.c \
+	pkix_pl_colcertstore.c \
+	pkix_pl_httpcertstore.c \
+	pkix_pl_httpdefaultclient.c \
+	$(LDAP_CSRCS) \
+	pkix_pl_nsscontext.c \
+	pkix_pl_pk11certstore.c \
+	pkix_pl_socket.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixmodule
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/module.gyp b/nss/lib/libpkix/pkix_pl_nss/module/module.gyp
new file mode 100644
index 0000000..8d7459d
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/module.gyp
@@ -0,0 +1,41 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixmodule',
+      'type': 'static_library',
+      'sources': [
+        'pkix_pl_aiamgr.c',
+        'pkix_pl_colcertstore.c',
+        'pkix_pl_httpcertstore.c',
+        'pkix_pl_httpdefaultclient.c',
+        'pkix_pl_ldapcertstore.c',
+        'pkix_pl_ldapdefaultclient.c',
+        'pkix_pl_ldaprequest.c',
+        'pkix_pl_ldapresponse.c',
+        'pkix_pl_ldaptemplates.c',
+        'pkix_pl_nsscontext.c',
+        'pkix_pl_pk11certstore.c',
+        'pkix_pl_socket.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+      'SHLIB_PREFIX=\"<(dll_prefix)\"',
+      'SHLIB_VERSION=\"\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
new file mode 100644
index 0000000..d9f5662
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
@@ -0,0 +1,699 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_aiamgr.c
+ *
+ * AIAMgr Object Definitions
+ *
+ */
+
+#include "pkix_pl_aiamgr.h"
+extern PKIX_PL_HashTable *aiaConnectionCache;
+
+#ifndef NSS_PKIX_NO_LDAP
+/* --Virtual-LdapClient-Functions------------------------------------ */
+
+PKIX_Error *
+PKIX_PL_LdapClient_InitiateRequest(
+        PKIX_PL_LdapClient *client,
+        LDAPRequestParams *requestParams,
+        void **pNBIO,
+        PKIX_List **pResponse,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPCLIENT, "PKIX_PL_LdapClient_InitiateRequest");
+        PKIX_NULLCHECK_TWO(client, client->initiateFcn);
+
+        PKIX_CHECK(client->initiateFcn
+                (client, requestParams, pNBIO, pResponse, plContext),
+                PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
+cleanup:
+
+        PKIX_RETURN(LDAPCLIENT);
+
+}
+
+PKIX_Error *
+PKIX_PL_LdapClient_ResumeRequest(
+        PKIX_PL_LdapClient *client,
+        void **pNBIO,
+        PKIX_List **pResponse,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPCLIENT, "PKIX_PL_LdapClient_ResumeRequest");
+        PKIX_NULLCHECK_TWO(client, client->resumeFcn);
+
+        PKIX_CHECK(client->resumeFcn
+                (client, pNBIO, pResponse, plContext),
+                PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
+cleanup:
+
+        PKIX_RETURN(LDAPCLIENT);
+
+}
+#endif /* !NSS_PKIX_NO_LDAP */
+
+/* --Private-AIAMgr-Functions----------------------------------*/
+
+/*
+ * FUNCTION: pkix_pl_AIAMgr_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_pki.h)
+ */
+static PKIX_Error *
+pkix_pl_AIAMgr_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_AIAMgr *aiaMgr = NULL;
+
+        PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_AIAMGR_TYPE, plContext),
+                PKIX_OBJECTNOTAIAMGR);
+
+        aiaMgr = (PKIX_PL_AIAMgr *)object;
+
+        /* pointer to cert cache */
+        /* pointer to crl cache */
+        aiaMgr->method = 0;
+        aiaMgr->aiaIndex = 0;
+        aiaMgr->numAias = 0;
+        PKIX_DECREF(aiaMgr->aia);
+        PKIX_DECREF(aiaMgr->location);
+        PKIX_DECREF(aiaMgr->results);
+#ifndef NSS_PKIX_NO_LDAP
+        PKIX_DECREF(aiaMgr->client.ldapClient);
+#endif
+
+cleanup:
+
+        PKIX_RETURN(AIAMGR);
+}
+
+/*
+ * FUNCTION: pkix_pl_AIAMgr_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_AIAMGR_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_AIAMgr_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry *entry = &systemClasses[PKIX_AIAMGR_TYPE];
+
+        PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_RegisterSelf");
+
+        entry->description = "AIAMgr";
+        entry->typeObjectSize = sizeof(PKIX_PL_AIAMgr);
+        entry->destructor = pkix_pl_AIAMgr_Destroy;
+
+        PKIX_RETURN(AIAMGR);
+}
+
+#ifndef NSS_PKIX_NO_LDAP
+/*
+ * FUNCTION: pkix_pl_AiaMgr_FindLDAPClient
+ * DESCRIPTION:
+ *
+ *  This function checks the collection of LDAPClient connections held by the
+ *  AIAMgr pointed to by "aiaMgr" for one matching the domain name given by
+ *  "domainName". The string may include a port number: e.g., "betty.nist.gov"
+ *  or "nss.red.iplanet.com:1389". If a match is found, that LDAPClient is
+ *  stored at "pClient". Otherwise, an LDAPClient is created and added to the
+ *  collection, and then stored at "pClient".
+ *
+ * PARAMETERS:
+ *  "aiaMgr"
+ *      The AIAMgr whose LDAPClient connected are to be managed. Must be
+ *      non-NULL.
+ *  "domainName"
+ *      Address of a string pointing to a server name. Must be non-NULL.
+ *      An empty string (which means no <host> is given in the LDAP URL) is
+ *      not supported.
+ *  "pClient"
+ *      Address at which the returned LDAPClient is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an AIAMgr Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_AiaMgr_FindLDAPClient(
+        PKIX_PL_AIAMgr *aiaMgr,
+        char *domainName,
+        PKIX_PL_LdapClient **pClient,
+        void *plContext)
+{
+        PKIX_PL_String *domainString = NULL;
+        PKIX_PL_LdapDefaultClient *client = NULL;
+
+        PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient");
+        PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient);
+
+        /*
+         * An LDAP URL may not have a <host> part, for example,
+         *     ldap:///o=University%20of%20Michigan,c=US
+         * PKIX_PL_LdapDefaultClient doesn't know how to discover the default
+         * LDAP server, so we don't support this kind of LDAP URL.
+         */
+        if (*domainName == '\0') {
+                /* Simulate a PKIX_PL_LdapDefaultClient_CreateByName failure. */
+                PKIX_ERROR(PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
+        }
+
+        /* create PKIX_PL_String from domain name */
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, domainName, 0, &domainString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        /* Is this domainName already in cache? */
+        PKIX_CHECK(PKIX_PL_HashTable_Lookup
+                (aiaConnectionCache,
+                (PKIX_PL_Object *)domainString,
+                (PKIX_PL_Object **)&client,
+                plContext),
+                PKIX_HASHTABLELOOKUPFAILED);
+
+        if (client == NULL) {
+
+                /* No, create a connection (and cache it) */
+                PKIX_CHECK(PKIX_PL_LdapDefaultClient_CreateByName
+                        (domainName,
+                         /* Do not use NBIO until we verify, that
+                          * it is working. For now use 1 min timeout. */
+                        PR_SecondsToInterval(
+                            ((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
+                        NULL,
+                        &client,
+                        plContext),
+                        PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
+
+                PKIX_CHECK(PKIX_PL_HashTable_Add
+                        (aiaConnectionCache,
+                        (PKIX_PL_Object *)domainString,
+                        (PKIX_PL_Object *)client,
+                        plContext),
+                        PKIX_HASHTABLEADDFAILED);
+
+        }
+
+        *pClient = (PKIX_PL_LdapClient *)client;
+
+cleanup:
+
+        PKIX_DECREF(domainString);
+
+        PKIX_RETURN(AIAMGR);
+}
+#endif /* !NSS_PKIX_NO_LDAP */
+
+PKIX_Error *
+pkix_pl_AIAMgr_GetHTTPCerts(
+        PKIX_PL_AIAMgr *aiaMgr,
+	PKIX_PL_InfoAccess *ia,
+	void **pNBIOContext,
+	PKIX_List **pCerts,
+        void *plContext)
+{
+        PKIX_PL_GeneralName *location = NULL;
+        PKIX_PL_String *locationString = NULL;
+	PKIX_UInt32 len = 0;
+	PRUint16 port = 0;
+	const SEC_HttpClientFcn *httpClient = NULL;
+	const SEC_HttpClientFcnV1 *hcv1 = NULL;
+	SECStatus rv = SECFailure;
+	SEC_HTTP_SERVER_SESSION serverSession = NULL;
+	SEC_HTTP_REQUEST_SESSION requestSession = NULL;	
+	char *path = NULL;
+	char *hostname = NULL;
+	char *locationAscii = NULL;
+	void *nbio = NULL;
+	PRUint16 responseCode = 0;
+	const char *responseContentType = NULL;
+	const char *responseData = NULL;
+
+        PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_GetHTTPCerts");
+        PKIX_NULLCHECK_FOUR(aiaMgr, ia, pNBIOContext, pCerts);
+
+        nbio = *pNBIOContext;
+        *pNBIOContext = NULL;
+        *pCerts = NULL;
+
+        if (nbio == NULL) { /* a new request */
+
+                PKIX_CHECK(PKIX_PL_InfoAccess_GetLocation
+                        (ia, &location, plContext),
+                       PKIX_INFOACCESSGETLOCATIONFAILED);
+
+                /* find or create httpClient = default client */
+		httpClient = SEC_GetRegisteredHttpClient();
+		aiaMgr->client.hdata.httpClient = httpClient;
+		if (!httpClient)
+		    PKIX_ERROR(PKIX_OUTOFMEMORY);
+
+		if (httpClient->version == 1) {
+
+                        PKIX_UInt32 timeout =
+                             ((PKIX_PL_NssContext*)plContext)->timeoutSeconds;
+
+			hcv1 = &(httpClient->fcnTable.ftable1);
+
+			/* create server session */
+			PKIX_TOSTRING(location, &locationString, plContext,
+				PKIX_GENERALNAMETOSTRINGFAILED);
+
+			PKIX_CHECK(PKIX_PL_String_GetEncoded
+				(locationString,
+				PKIX_ESCASCII,
+				(void **)&locationAscii,
+				&len,
+				plContext),
+				PKIX_STRINGGETENCODEDFAILED);
+
+                        rv = CERT_ParseURL(locationAscii, &hostname, &port,
+                                            &path);
+			if ((rv != SECSuccess) ||
+			    (hostname == NULL) ||
+			    (path == NULL)) {
+				PKIX_ERROR(PKIX_URLPARSINGFAILED);
+			}
+
+                        rv = (*hcv1->createSessionFcn)(hostname, port, 
+                                                       &serverSession);
+	                if (rv != SECSuccess) {
+				PKIX_ERROR(PKIX_HTTPCLIENTCREATESESSIONFAILED);
+			}
+
+			aiaMgr->client.hdata.serverSession = serverSession;
+
+			/* create request session */
+                        rv = (*hcv1->createFcn)(serverSession, "http", path,
+                        	"GET", PR_SecondsToInterval(timeout),
+                                 &requestSession);
+                	if (rv != SECSuccess) {
+                        	PKIX_ERROR(PKIX_HTTPSERVERERROR);
+                	}
+
+			aiaMgr->client.hdata.requestSession = requestSession;
+		} else {
+			PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+		}
+	}
+
+	httpClient = aiaMgr->client.hdata.httpClient;
+
+	if (httpClient->version == 1) {
+                PRUint32 responseDataLen = 
+                   ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
+
+		hcv1 = &(httpClient->fcnTable.ftable1);
+		requestSession = aiaMgr->client.hdata.requestSession;
+
+		/* trySendAndReceive */
+                rv = (*hcv1->trySendAndReceiveFcn)(requestSession,
+                                 (PRPollDesc **)&nbio,
+                                 &responseCode,
+                                 (const char **)&responseContentType,
+                                 NULL, /* &responseHeaders */
+                                 (const char **)&responseData,
+                                 &responseDataLen);
+
+                if (rv != SECSuccess) {
+                        PKIX_ERROR(PKIX_HTTPSERVERERROR);
+                }
+
+                if (nbio != 0) {
+                        *pNBIOContext = nbio;
+                        goto cleanup;
+                }
+
+		PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse
+	                (responseCode,
+	                responseContentType,
+	                responseData,
+	                responseDataLen,
+	                pCerts,
+	                plContext),
+	                PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED);
+                
+                /* Session and request cleanup in case of success */
+                if (aiaMgr->client.hdata.requestSession != NULL) {
+                    (*hcv1->freeFcn)(aiaMgr->client.hdata.requestSession);
+                    aiaMgr->client.hdata.requestSession = NULL;
+                }
+                if (aiaMgr->client.hdata.serverSession != NULL) {
+                    (*hcv1->freeSessionFcn)(aiaMgr->client.hdata.serverSession);
+                    aiaMgr->client.hdata.serverSession = NULL;
+                }
+                aiaMgr->client.hdata.httpClient = 0; /* callback fn */
+
+        } else  {
+		PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+	}
+
+cleanup:
+        /* Session and request cleanup in case of error. Passing through without cleanup
+         * if interrupted by blocked IO. */
+        if (PKIX_ERROR_RECEIVED) {
+            if (aiaMgr->client.hdata.requestSession != NULL) {
+                (*hcv1->freeFcn)(aiaMgr->client.hdata.requestSession);
+                aiaMgr->client.hdata.requestSession = NULL;
+            }
+            if (aiaMgr->client.hdata.serverSession != NULL) {
+                (*hcv1->freeSessionFcn)(aiaMgr->client.hdata.serverSession);
+                aiaMgr->client.hdata.serverSession = NULL;
+            }
+            aiaMgr->client.hdata.httpClient = 0; /* callback fn */
+        }
+
+        PKIX_DECREF(location);
+        PKIX_DECREF(locationString);
+
+        if (locationAscii) {
+            PORT_Free(locationAscii);
+        }
+        if (hostname) {
+            PORT_Free(hostname);
+        }
+        if (path) {
+            PORT_Free(path);
+        }
+
+        PKIX_RETURN(AIAMGR);
+}
+
+#ifndef NSS_PKIX_NO_LDAP
+PKIX_Error *
+pkix_pl_AIAMgr_GetLDAPCerts(
+        PKIX_PL_AIAMgr *aiaMgr,
+	PKIX_PL_InfoAccess *ia,
+	void **pNBIOContext,
+	PKIX_List **pCerts,
+        void *plContext)
+{
+        PKIX_List *result = NULL;
+        PKIX_PL_GeneralName *location = NULL;
+        PKIX_PL_LdapClient *client = NULL;
+        LDAPRequestParams request;
+        PLArenaPool *arena = NULL;
+        char *domainName = NULL;
+	void *nbio = NULL;
+
+        PKIX_ENTER(AIAMGR, "pkix_pl_AIAMgr_GetLDAPCerts");
+        PKIX_NULLCHECK_FOUR(aiaMgr, ia, pNBIOContext, pCerts);
+
+        nbio = *pNBIOContext;
+        *pNBIOContext = NULL;
+        *pCerts = NULL;
+
+        if (nbio == NULL) { /* a new request */
+
+                /* Initiate an LDAP request */
+
+                request.scope = WHOLE_SUBTREE;
+                request.derefAliases = NEVER_DEREF;
+                request.sizeLimit = 0;
+                request.timeLimit = 0;
+
+                PKIX_CHECK(PKIX_PL_InfoAccess_GetLocation
+                        (ia, &location, plContext),
+                        PKIX_INFOACCESSGETLOCATIONFAILED);
+
+                /*
+                 * Get a short-lived arena. We'll be done with
+                 * this space once the request is encoded.
+                 */
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (!arena) {
+                        PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
+                }
+
+                PKIX_CHECK(pkix_pl_InfoAccess_ParseLocation
+                        (location, arena, &request, &domainName, plContext),
+                        PKIX_INFOACCESSPARSELOCATIONFAILED);
+
+                PKIX_DECREF(location);
+
+                /* Find or create a connection to LDAP server */
+                PKIX_CHECK(pkix_pl_AiaMgr_FindLDAPClient
+                        (aiaMgr, domainName, &client, plContext),
+                        PKIX_AIAMGRFINDLDAPCLIENTFAILED);
+
+                aiaMgr->client.ldapClient = client;
+
+                PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequest
+                        (aiaMgr->client.ldapClient,
+			&request,
+			&nbio,
+			&result,
+			plContext),
+                        PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
+
+                PKIX_PL_NSSCALL(AIAMGR, PORT_FreeArena, (arena, PR_FALSE));
+
+        } else {
+
+                PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequest
+                        (aiaMgr->client.ldapClient, &nbio, &result, plContext),
+                        PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
+
+        }
+
+        if (nbio != NULL) { /* WOULDBLOCK */
+                *pNBIOContext = nbio;
+                *pCerts = NULL;
+                goto cleanup;
+        }
+
+	PKIX_DECREF(aiaMgr->client.ldapClient);
+
+	if (result == NULL) {
+		*pCerts = NULL;
+	} else {
+		PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
+			(result, pCerts, plContext),
+			PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
+	}
+
+	*pNBIOContext = nbio;
+
+cleanup:
+
+        if (arena && (PKIX_ERROR_RECEIVED)) {
+                PKIX_PL_NSSCALL(AIAMGR, PORT_FreeArena, (arena, PR_FALSE));
+        }
+
+        if (PKIX_ERROR_RECEIVED) {
+	        PKIX_DECREF(aiaMgr->client.ldapClient);
+	}
+
+        PKIX_DECREF(location);
+
+        PKIX_RETURN(AIAMGR);
+}
+#endif /* !NSS_PKIX_NO_LDAP */
+
+/*
+ * FUNCTION: PKIX_PL_AIAMgr_Create
+ * DESCRIPTION:
+ *
+ *  This function creates an AIAMgr, storing the result at "pAIAMgr".
+ *
+ * PARAMETERS:
+ *  "pAIAMGR"
+ *      Address at which the returned AIAMgr is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an AIAMgr Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_AIAMgr_Create(
+        PKIX_PL_AIAMgr **pAIAMgr,
+        void *plContext)
+{
+        PKIX_PL_AIAMgr *aiaMgr = NULL;
+
+        PKIX_ENTER(AIAMGR, "PKIX_PL_AIAMgr_Create");
+        PKIX_NULLCHECK_ONE(pAIAMgr);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_AIAMGR_TYPE,
+                sizeof(PKIX_PL_AIAMgr),
+                (PKIX_PL_Object **)&aiaMgr,
+                plContext),
+                PKIX_COULDNOTCREATEAIAMGROBJECT);
+        /* pointer to cert cache */
+        /* pointer to crl cache */
+        aiaMgr->method = 0;
+        aiaMgr->aiaIndex = 0;
+        aiaMgr->numAias = 0;
+        aiaMgr->aia = NULL;
+        aiaMgr->location = NULL;
+        aiaMgr->results = NULL;
+        aiaMgr->client.hdata.httpClient = NULL;
+	aiaMgr->client.hdata.serverSession = NULL;
+	aiaMgr->client.hdata.requestSession = NULL;
+
+        *pAIAMgr = aiaMgr;
+
+cleanup:
+
+        PKIX_RETURN(AIAMGR);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_AIAMgr_GetAIACerts (see description in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_AIAMgr_GetAIACerts(
+        PKIX_PL_AIAMgr *aiaMgr,
+        PKIX_PL_Cert *prevCert,
+        void **pNBIOContext,
+        PKIX_List **pCerts,
+        void *plContext)
+{
+        PKIX_UInt32 numAias = 0;
+        PKIX_UInt32 aiaIndex = 0;
+        PKIX_UInt32 iaType = PKIX_INFOACCESS_LOCATION_UNKNOWN;
+        PKIX_List *certs = NULL;
+        PKIX_PL_InfoAccess *ia = NULL;
+        void *nbio = NULL;
+
+        PKIX_ENTER(AIAMGR, "PKIX_PL_AIAMgr_GetAIACerts");
+        PKIX_NULLCHECK_FOUR(aiaMgr, prevCert, pNBIOContext, pCerts);
+
+        nbio = *pNBIOContext;
+        *pCerts = NULL;
+        *pNBIOContext = NULL;
+
+        if (nbio == NULL) { /* a new request */
+
+                /* Does this Cert have an AIA extension? */
+                PKIX_CHECK(PKIX_PL_Cert_GetAuthorityInfoAccess
+                        (prevCert, &aiaMgr->aia, plContext),
+                        PKIX_CERTGETAUTHORITYINFOACCESSFAILED);
+
+                if (aiaMgr->aia != NULL) {
+                        PKIX_CHECK(PKIX_List_GetLength
+                                (aiaMgr->aia, &numAias, plContext),
+                                PKIX_LISTGETLENGTHFAILED);
+                }
+
+                /* And if so, does it have any entries? */
+                if ((aiaMgr->aia == NULL) || (numAias == 0)) {
+                        *pCerts = NULL;
+                        goto cleanup;
+                }
+
+                aiaMgr->aiaIndex = 0;
+                aiaMgr->numAias = numAias;
+                aiaMgr->results = NULL;
+
+        }
+
+        for (aiaIndex = aiaMgr->aiaIndex;
+                aiaIndex < aiaMgr->numAias;
+                aiaIndex ++) {
+                PKIX_UInt32 method = 0;
+
+                PKIX_CHECK(PKIX_List_GetItem
+                        (aiaMgr->aia,
+                        aiaIndex,
+                        (PKIX_PL_Object **)&ia,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(PKIX_PL_InfoAccess_GetMethod
+                        (ia, &method, plContext),
+                        PKIX_INFOACCESSGETMETHODFAILED);
+
+                if (method != PKIX_INFOACCESS_CA_ISSUERS &&
+                    method != PKIX_INFOACCESS_CA_REPOSITORY) {
+                    PKIX_DECREF(ia);
+                    continue;
+                }
+                
+                PKIX_CHECK(PKIX_PL_InfoAccess_GetLocationType
+                        (ia, &iaType, plContext),
+                        PKIX_INFOACCESSGETLOCATIONTYPEFAILED);
+
+                if (iaType == PKIX_INFOACCESS_LOCATION_HTTP) {
+			PKIX_CHECK(pkix_pl_AIAMgr_GetHTTPCerts
+				(aiaMgr, ia, &nbio, &certs, plContext),
+				PKIX_AIAMGRGETHTTPCERTSFAILED);
+#ifndef NSS_PKIX_NO_LDAP
+                } else if (iaType == PKIX_INFOACCESS_LOCATION_LDAP) {
+			PKIX_CHECK(pkix_pl_AIAMgr_GetLDAPCerts
+				(aiaMgr, ia, &nbio, &certs, plContext),
+				PKIX_AIAMGRGETLDAPCERTSFAILED);
+#endif
+                } else {
+                        /* We only support http and ldap requests. */
+                        PKIX_DECREF(ia);
+                        continue;
+                }
+
+                if (nbio != NULL) { /* WOULDBLOCK */
+                        aiaMgr->aiaIndex = aiaIndex;
+                        *pNBIOContext = nbio;
+                        *pCerts = NULL;
+                        goto cleanup;
+                }
+
+                /*
+                 * We can't just use and modify the List we received.
+                 * Because it's cached, it's set immutable.
+                 */
+                if (aiaMgr->results == NULL) {
+                        PKIX_CHECK(PKIX_List_Create
+                                (&(aiaMgr->results), plContext),
+                                PKIX_LISTCREATEFAILED);
+                }
+                PKIX_CHECK(pkix_List_AppendList
+                        (aiaMgr->results, certs, plContext),
+                        PKIX_APPENDLISTFAILED);
+                PKIX_DECREF(certs);
+
+                PKIX_DECREF(ia);
+        }
+
+        PKIX_DECREF(aiaMgr->aia);
+
+        *pNBIOContext = NULL;
+        *pCerts = aiaMgr->results;
+        aiaMgr->results = NULL;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(aiaMgr->aia);
+                PKIX_DECREF(aiaMgr->results);
+#ifndef NSS_PKIX_NO_LDAP
+                PKIX_DECREF(aiaMgr->client.ldapClient);
+#endif
+        }
+
+        PKIX_DECREF(certs);
+        PKIX_DECREF(ia);
+
+        PKIX_RETURN(AIAMGR);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
new file mode 100644
index 0000000..356c1ec
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.h
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_aiamgr.h
+ *
+ * AIAMgr Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_AIAMGR_H
+#define _PKIX_PL_AIAMGR_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_AIAMgrStruct {
+        /* pointer to cert cache */
+        /* pointer to crl cache */
+        PKIX_UInt32 method;
+        PKIX_UInt32 aiaIndex;
+        PKIX_UInt32 numAias;
+        PKIX_List *aia;
+        PKIX_PL_GeneralName *location;
+        PKIX_List *results;
+	union {
+#ifndef NSS_PKIX_NO_LDAP
+	        PKIX_PL_LdapClient *ldapClient;
+#endif
+		struct {
+		        const SEC_HttpClientFcn *httpClient;
+			SEC_HTTP_SERVER_SESSION serverSession;
+			SEC_HTTP_REQUEST_SESSION requestSession;
+			char *path;
+		} hdata;
+	} client;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_AIAMgr_RegisterSelf(void *plContext);
+
+#ifndef NSS_PKIX_NO_LDAP
+PKIX_Error *PKIX_PL_LdapClient_InitiateRequest(
+        PKIX_PL_LdapClient *client,
+        LDAPRequestParams *requestParams,
+        void **pPollDesc,
+        PKIX_List **pResponse,
+        void *plContext);
+
+PKIX_Error *PKIX_PL_LdapClient_ResumeRequest(
+        PKIX_PL_LdapClient *client,
+        void **pPollDesc,
+        PKIX_List **pResponse,
+        void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_AIAMGR_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c
new file mode 100755
index 0000000..57004b7
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c
@@ -0,0 +1,1282 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_colcertstore.c
+ *
+ * CollectionCertStore Function Definitions
+ *
+ */
+
+#include "pkix_pl_colcertstore.h"
+
+/*
+ * This Object is going to be taken out from libpkix SOON. The following
+ * function is copied from nss/cmd library, but not supported by NSS as
+ * public API. We use it since ColCertStore are read in Cert/Crl from
+ * files and need this support.
+ */
+
+static SECStatus
+SECU_FileToItem(SECItem *dst, PRFileDesc *src)
+{
+    PRFileInfo info;
+    PRInt32 numBytes;
+    PRStatus prStatus;
+
+    prStatus = PR_GetOpenFileInfo(src, &info);
+
+    if (prStatus != PR_SUCCESS) {
+        PORT_SetError(SEC_ERROR_IO);
+        return SECFailure;
+    }
+
+    /* XXX workaround for 3.1, not all utils zero dst before sending */
+    dst->data = 0;
+    if (!SECITEM_AllocItem(NULL, dst, info.size))
+        goto loser;
+
+    numBytes = PR_Read(src, dst->data, info.size);
+    if (numBytes != info.size) {
+        PORT_SetError(SEC_ERROR_IO);
+        goto loser;
+    }
+
+    return SECSuccess;
+loser:
+    SECITEM_FreeItem(dst, PR_FALSE);
+    return SECFailure;
+}
+
+static SECStatus
+SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii)
+{
+    SECStatus rv;
+    if (ascii) {
+        /* First convert ascii to binary */
+        SECItem filedata;
+        char *asc, *body;
+
+        /* Read in ascii data */
+        rv = SECU_FileToItem(&filedata, inFile);
+        asc = (char *)filedata.data;
+        if (!asc) {
+            fprintf(stderr, "unable to read data from input file\n");
+            return SECFailure;
+        }
+
+        /* check for headers and trailers and remove them */
+        if ((body = strstr(asc, "-----BEGIN")) != NULL) {
+            char *trailer = NULL;
+            asc = body;
+            body = PORT_Strchr(body, '\n');
+            if (!body)
+                body = PORT_Strchr(asc, '\r'); /* maybe this is a MAC file */
+            if (body)
+                trailer = strstr(++body, "-----END");
+            if (trailer != NULL) {
+                *trailer = '\0';
+            } else {
+                fprintf(stderr, "input has header but no trailer\n");
+                PORT_Free(filedata.data);
+                return SECFailure;
+            }
+        } else {
+            body = asc;
+        }
+     
+        /* Convert to binary */
+        rv = ATOB_ConvertAsciiToItem(der, body);
+        if (rv) {
+            return SECFailure;
+        }
+
+        PORT_Free(filedata.data);
+    } else {
+        /* Read in binary der */
+        rv = SECU_FileToItem(der, inFile);
+        if (rv) {
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+/*
+ * FUNCTION: PKIX_PL_CollectionCertStoreContext_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CollectionCertStoreContext using the String pointed to
+ *  by "storeDir" and stores it at "pColCertStoreContext".
+ *
+ * PARAMETERS:
+ *  "storeDir"
+ *      The absolute path where *.crl and *.crt files are located.
+ *  "pColCertStoreContext"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_Create(
+        PKIX_PL_String *storeDir,
+        PKIX_PL_CollectionCertStoreContext **pColCertStoreContext,
+        void *plContext)
+{
+        PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_Create");
+        PKIX_NULLCHECK_TWO(storeDir, pColCertStoreContext);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
+                    sizeof (PKIX_PL_CollectionCertStoreContext),
+                    (PKIX_PL_Object **)&colCertStoreContext,
+                    plContext),
+                    PKIX_COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT);
+
+        PKIX_INCREF(storeDir);
+        colCertStoreContext->storeDir = storeDir;
+
+        colCertStoreContext->crlList = NULL;
+        colCertStoreContext->certList = NULL;
+
+        *pColCertStoreContext = colCertStoreContext;
+        colCertStoreContext = NULL;
+
+cleanup:
+
+        PKIX_DECREF(colCertStoreContext);
+
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_COLLECTIONCERTSTORECONTEXT_TYPE, plContext),
+                    PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
+
+        colCertStoreContext = (PKIX_PL_CollectionCertStoreContext *)object;
+
+        PKIX_DECREF(colCertStoreContext->storeDir);
+        PKIX_DECREF(colCertStoreContext->crlList);
+        PKIX_DECREF(colCertStoreContext->certList);
+
+cleanup:
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_CollectionCertStoreContext *collectionCSContext = NULL;
+        PKIX_UInt32 tempHash = 0;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object,
+                    PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
+                    plContext),
+                    PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
+
+        collectionCSContext = (PKIX_PL_CollectionCertStoreContext *)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                    ((PKIX_PL_Object *) collectionCSContext->storeDir,
+                    &tempHash,
+                    plContext),
+                   PKIX_STRINGHASHCODEFAILED);
+
+        *pHashcode = tempHash << 7;
+
+        /* should not hash on crlList and certList, values are dynamic */
+
+cleanup:
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_PL_CollectionCertStoreContext *firstCCSContext = NULL;
+        PKIX_PL_CollectionCertStoreContext *secondCCSContext = NULL;
+        PKIX_Boolean cmpResult = 0;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        PKIX_CHECK(pkix_CheckTypes
+                    (firstObject,
+                    secondObject,
+                    PKIX_COLLECTIONCERTSTORECONTEXT_TYPE,
+                    plContext),
+                    PKIX_OBJECTNOTCOLLECTIONCERTSTORECONTEXT);
+
+        firstCCSContext = (PKIX_PL_CollectionCertStoreContext *)firstObject;
+        secondCCSContext = (PKIX_PL_CollectionCertStoreContext *)secondObject;
+
+        if (firstCCSContext->storeDir == secondCCSContext->storeDir) {
+
+                cmpResult = PKIX_TRUE;
+
+        } else {
+
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                    ((PKIX_PL_Object *) firstCCSContext->storeDir,
+                    (PKIX_PL_Object *) secondCCSContext->storeDir,
+                    &cmpResult,
+                    plContext),
+                    PKIX_STRINGEQUALSFAILED);
+        }
+
+        *pResult = cmpResult;
+
+        /* should not check equal on crlList and certList, data are dynamic */
+
+cleanup:
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStore_CheckTrust
+ * DESCRIPTION:
+ * This function checks the trust status of this "cert" that was retrieved
+ * from the CertStore "store" and returns its trust status at "pTrusted".
+ *
+ * PARAMETERS:
+ * "store"
+ *      Address of the CertStore. Must be non-NULL.
+ * "cert"
+ *      Address of the Cert. Must be non-NULL.
+ * "pTrusted"
+ *      Address of PKIX_Boolean where the "cert" trust status is returned.
+ *      Must be non-NULL.
+ * "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStore_CheckTrust(
+        PKIX_CertStore *store,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pTrusted,
+        void *plContext)
+{
+        PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_CheckTrust");
+        PKIX_NULLCHECK_THREE(store, cert, pTrusted);
+
+        *pTrusted = PKIX_TRUE;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_CreateCert
+ * DESCRIPTION:
+ *
+ *  Creates Cert using data file path name pointed to by "certFileName" and
+ *  stores it at "pCert". If the Cert can not be decoded, NULL is stored
+ *  at "pCert".
+ *
+ * PARAMETERS
+ *  "certFileName" - Address of Cert data file path name. Must be non-NULL.
+ *  "pCert" - Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *              a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_CreateCert(
+        const char *certFileName,
+        PKIX_PL_Cert **pCert,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *byteArray = NULL;
+        PKIX_PL_Cert *cert = NULL;
+        PRFileDesc *inFile = NULL;
+        SECItem certDER;
+        void *buf = NULL;
+        PKIX_UInt32 len;
+        SECStatus rv;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_CreateCert");
+        PKIX_NULLCHECK_TWO(certFileName, pCert);
+
+        *pCert = NULL;
+        certDER.data = NULL;
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_Open.\n");
+        inFile = PR_Open(certFileName, PR_RDONLY, 0);
+
+        if (!inFile){
+                PKIX_ERROR(PKIX_UNABLETOOPENCERTFILE);
+        } else {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling SECU_ReadDerFromFile.\n");
+                rv = SECU_ReadDERFromFile(&certDER, inFile, PR_FALSE);
+                if (!rv){
+                        buf = (void *)certDER.data;
+                        len = certDER.len;
+
+                        PKIX_CHECK(PKIX_PL_ByteArray_Create
+                                    (buf, len, &byteArray, plContext),
+                                    PKIX_BYTEARRAYCREATEFAILED);
+
+                        PKIX_CHECK(PKIX_PL_Cert_Create
+                                    (byteArray, &cert, plContext),
+                                    PKIX_CERTCREATEFAILED);
+
+                        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                ("\t\t Calling SECITEM_FreeItem.\n");
+                        SECITEM_FreeItem(&certDER, PR_FALSE);
+
+                } else {
+                        PKIX_ERROR(PKIX_UNABLETOREADDERFROMCERTFILE);
+                }
+        }
+
+        *pCert = cert;
+
+cleanup:
+        if (inFile){
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_CloseDir.\n");
+                PR_Close(inFile);
+        }
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling SECITEM_FreeItem).\n");
+                SECITEM_FreeItem(&certDER, PR_FALSE);
+
+                PKIX_DECREF(cert);
+        }
+        PKIX_DECREF(byteArray);
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_CreateCRL
+ * DESCRIPTION:
+ *
+ *  Creates CRL using data file path name pointed to by "crlFileName" and
+ *  stores it at "pCrl". If the CRL can not be decoded, NULL is stored
+ *  at "pCrl".
+ *
+ * PARAMETERS
+ *  "crlFileName" - Address of CRL data file path name. Must be non-NULL.
+ *  "pCrl" - Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *              a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_CreateCRL(
+        const char *crlFileName,
+        PKIX_PL_CRL **pCrl,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *byteArray = NULL;
+        PKIX_PL_CRL *crl = NULL;
+        PRFileDesc *inFile = NULL;
+        SECItem crlDER;
+        void *buf = NULL;
+        PKIX_UInt32 len;
+        SECStatus rv;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_CreateCRL");
+        PKIX_NULLCHECK_TWO(crlFileName, pCrl);
+
+        *pCrl = NULL;
+        crlDER.data = NULL;
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_Open.\n");
+        inFile = PR_Open(crlFileName, PR_RDONLY, 0);
+
+        if (!inFile){
+                PKIX_ERROR(PKIX_UNABLETOOPENCRLFILE);
+        } else {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling SECU_ReadDerFromFile.\n");
+                rv = SECU_ReadDERFromFile(&crlDER, inFile, PR_FALSE);
+                if (!rv){
+                        buf = (void *)crlDER.data;
+                        len = crlDER.len;
+
+                        PKIX_CHECK(PKIX_PL_ByteArray_Create
+                                (buf, len, &byteArray, plContext),
+                                PKIX_BYTEARRAYCREATEFAILED);
+
+                        PKIX_CHECK(PKIX_PL_CRL_Create
+                                (byteArray, &crl, plContext),
+                                PKIX_CRLCREATEFAILED);
+
+                        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                ("\t\t Calling SECITEM_FreeItem.\n");
+                        SECITEM_FreeItem(&crlDER, PR_FALSE);
+
+                } else {
+                        PKIX_ERROR(PKIX_UNABLETOREADDERFROMCRLFILE);
+                }
+        }
+
+        *pCrl = crl;
+
+cleanup:
+        if (inFile){
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_CloseDir.\n");
+                PR_Close(inFile);
+        }
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling SECITEM_FreeItem).\n");
+                SECITEM_FreeItem(&crlDER, PR_FALSE);
+
+                PKIX_DECREF(crl);
+                if (crlDER.data != NULL) {
+                        SECITEM_FreeItem(&crlDER, PR_FALSE);
+                }
+        }
+
+        PKIX_DECREF(byteArray);
+
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_PopulateCert
+ * DESCRIPTION:
+ *
+ *  Create list of Certs from *.crt files at directory specified in dirName,
+ *  Not recursive to sub-directory. Also assume the directory contents are
+ *  not changed dynamically.
+ *
+ * PARAMETERS
+ *  "colCertStoreContext" - Address of CollectionCertStoreContext
+ *              where the dirName is specified and where the return
+ *              Certs are stored as a list. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - A lock at top level is required.
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *              a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_PopulateCert(
+        PKIX_PL_CollectionCertStoreContext *colCertStoreContext,
+        void *plContext)
+{
+        PKIX_List *certList = NULL;
+        PKIX_PL_Cert *certItem = NULL;
+        char *dirName = NULL;
+        char *pathName = NULL;
+        PKIX_UInt32 dirNameLen = 0;
+        PRErrorCode prError = 0;
+        PRDir *dir = NULL;
+        PRDirEntry *dirEntry = NULL;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_PopulateCert");
+        PKIX_NULLCHECK_ONE(colCertStoreContext);
+
+        /* convert directory to ascii */
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (colCertStoreContext->storeDir,
+                    PKIX_ESCASCII,
+                    (void **)&dirName,
+                    &dirNameLen,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+        /* create cert list, if no cert file, should return an empty list */
+
+        PKIX_CHECK(PKIX_List_Create(&certList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        /* open directory and read in .crt files */
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_OpenDir.\n");
+        dir = PR_OpenDir(dirName);
+
+        if (!dir) {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG
+                        ("\t\t Directory Name:%s\n", dirName);
+                PKIX_ERROR(PKIX_CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY);
+        }
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_ReadDir.\n");
+        dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
+
+        if (!dirEntry) {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Empty directory.\n");
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_GetError.\n");
+                prError = PR_GetError();
+        }
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_SetError.\n");
+        PR_SetError(0, 0);
+
+        while (dirEntry != NULL && prError == 0) {
+                if (PL_strrstr(dirEntry->name, ".crt") ==
+                    dirEntry->name + PL_strlen(dirEntry->name) - 4) {
+
+                        PKIX_CHECK_ONLY_FATAL
+                                (PKIX_PL_Malloc
+                                (dirNameLen + PL_strlen(dirEntry->name) + 2,
+                                (void **)&pathName,
+                                plContext),
+                                PKIX_MALLOCFAILED);
+
+                        if ((!PKIX_ERROR_RECEIVED) && (pathName != NULL)){
+
+                                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                    ("\t\t Calling PL_strcpy for dirName.\n");
+                                PL_strcpy(pathName, dirName);
+                                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                    ("\t\t Calling PL_strcat for dirName.\n");
+                                PL_strcat(pathName, "/");
+                                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                        ("\t\t Calling PL_strcat for /.\n");
+                                PL_strcat(pathName, dirEntry->name);
+
+                                PKIX_CHECK_ONLY_FATAL
+                                (pkix_pl_CollectionCertStoreContext_CreateCert
+                                    (pathName, &certItem, plContext),
+                              PKIX_COLLECTIONCERTSTORECONTEXTCREATECERTFAILED);
+
+                                if (!PKIX_ERROR_RECEIVED){
+                                        PKIX_CHECK_ONLY_FATAL
+                                                (PKIX_List_AppendItem
+                                                (certList,
+                                                (PKIX_PL_Object *)certItem,
+                                                plContext),
+                                                PKIX_LISTAPPENDITEMFAILED);
+                                }
+                        }
+
+                        PKIX_DECREF(certItem);
+                        PKIX_FREE(pathName);
+                }
+
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_SetError.\n");
+                PR_SetError(0, 0);
+
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_ReadDir.\n");
+                dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
+
+                if (!dirEntry) {
+                    PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_GetError.\n");
+                    prError = PR_GetError();
+                }
+        }
+
+        if ((prError != 0) && (prError != PR_NO_MORE_FILES_ERROR)) {
+                PKIX_ERROR(PKIX_COLLECTIONCERTSTOREPOPULATECERTFAILED);
+        }
+
+        PKIX_CHECK(PKIX_List_SetImmutable(certList, plContext),
+                    PKIX_LISTSETIMMUTABLEFAILED);
+
+        PKIX_INCREF(certList);
+        colCertStoreContext->certList = certList;
+
+cleanup:
+        if (dir) {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_CloseDir.\n");
+                PR_CloseDir(dir);
+        }
+
+        PKIX_FREE(pathName);
+        PKIX_FREE(dirName);
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(certList);
+        }
+
+        PKIX_DECREF(certItem);
+        PKIX_DECREF(certList);
+
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_PopulateCRL
+ * DESCRIPTION:
+ *
+ *  Create list of CRLs from *.crl files at directory specified in dirName,
+ *  Not recursive to sub-dirctory. Also assume the directory contents are
+ *  not changed dynamically.
+ *
+ * PARAMETERS
+ *  "colCertStoreContext" - Address of CollectionCertStoreContext
+ *              where the dirName is specified and where the return
+ *              CRLs are stored as a list. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - A lock at top level is required.
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *              a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_PopulateCRL(
+        PKIX_PL_CollectionCertStoreContext *colCertStoreContext,
+        void *plContext)
+{
+        PKIX_List *crlList = NULL;
+        PKIX_PL_CRL *crlItem = NULL;
+        char *dirName = NULL;
+        char *pathName = NULL;
+        PKIX_UInt32 dirNameLen = 0;
+        PRErrorCode prError = 0;
+        PRDir *dir = NULL;
+        PRDirEntry *dirEntry = NULL;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_PopulateCRL");
+        PKIX_NULLCHECK_ONE(colCertStoreContext);
+
+        /* convert directory to ascii */
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (colCertStoreContext->storeDir,
+                    PKIX_ESCASCII,
+                    (void **)&dirName,
+                    &dirNameLen,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+        /* create CRL list, if no CRL file, should return an empty list */
+
+        PKIX_CHECK(PKIX_List_Create(&crlList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        /* open directory and read in .crl files */
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_OpenDir.\n");
+        dir = PR_OpenDir(dirName);
+
+        if (!dir) {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG_ARG
+                        ("\t\t Directory Name:%s\n", dirName);
+                PKIX_ERROR(PKIX_CANNOTOPENCOLLECTIONCERTSTORECONTEXTDIRECTORY);
+        }
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_ReadDir.\n");
+        dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
+
+        if (!dirEntry) {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Empty directory.\n");
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_GetError.\n");
+                prError = PR_GetError();
+        }
+
+        PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG("\t\t Calling PR_SetError.\n");
+        PR_SetError(0, 0);
+
+        while (dirEntry != NULL && prError == 0) {
+                if (PL_strrstr(dirEntry->name, ".crl") ==
+                    dirEntry->name + PL_strlen(dirEntry->name) - 4) {
+
+                        PKIX_CHECK_ONLY_FATAL
+                                (PKIX_PL_Malloc
+                                (dirNameLen + PL_strlen(dirEntry->name) + 2,
+                                (void **)&pathName,
+                                plContext),
+                                PKIX_MALLOCFAILED);
+
+                        if ((!PKIX_ERROR_RECEIVED) && (pathName != NULL)){
+
+                                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                    ("\t\t Calling PL_strcpy for dirName.\n");
+                                PL_strcpy(pathName, dirName);
+                                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                    ("\t\t Calling PL_strcat for dirName.\n");
+                                PL_strcat(pathName, "/");
+                                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                                        ("\t\t Calling PL_strcat for /.\n");
+                                PL_strcat(pathName, dirEntry->name);
+
+                        PKIX_CHECK_ONLY_FATAL
+                                (pkix_pl_CollectionCertStoreContext_CreateCRL
+                                (pathName, &crlItem, plContext),
+                                PKIX_COLLECTIONCERTSTORECONTEXTCREATECRLFAILED);
+
+                                if (!PKIX_ERROR_RECEIVED){
+                                        PKIX_CHECK_ONLY_FATAL
+                                                (PKIX_List_AppendItem
+                                                (crlList,
+                                                (PKIX_PL_Object *)crlItem,
+                                                plContext),
+                                                PKIX_LISTAPPENDITEMFAILED);
+                                }
+                        }
+
+                        PKIX_DECREF(crlItem);
+                        PKIX_FREE(pathName);
+                }
+
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_SetError.\n");
+                PR_SetError(0, 0);
+
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_ReadDir.\n");
+                dirEntry = PR_ReadDir(dir, PR_SKIP_HIDDEN | PR_SKIP_BOTH);
+
+                if (!dirEntry) {
+                    PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_GetError.\n");
+                    prError = PR_GetError();
+                }
+        }
+
+        if ((prError != 0) && (prError != PR_NO_MORE_FILES_ERROR)) {
+                PKIX_ERROR(PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED);
+        }
+
+        PKIX_CHECK(PKIX_List_SetImmutable(crlList, plContext),
+                    PKIX_LISTSETIMMUTABLEFAILED);
+
+        PKIX_INCREF(crlList);
+        colCertStoreContext->crlList = crlList;
+
+cleanup:
+        if (dir) {
+                PKIX_COLLECTIONCERTSTORECONTEXT_DEBUG
+                        ("\t\t Calling PR_CloseDir.\n");
+                PR_CloseDir(dir);
+        }
+
+        PKIX_FREE(pathName);
+        PKIX_FREE(dirName);
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(crlList);
+        }
+
+        PKIX_DECREF(crlItem);
+        PKIX_DECREF(crlList);
+
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_GetSelectedCert
+ * DESCRIPTION:
+ *
+ *  Finds the Certs that match the criterion of the CertSelector pointed
+ *  to by "selector" using the List of Certs pointed to by "certList" and
+ *  stores the matching Certs at "pSelectedCertList".
+ *
+ *  Not recursive to sub-directory.
+ *
+ * PARAMETERS
+ *  "certList" - Address of List of Certs to be searched. Must be non-NULL.
+ *  "colCertStoreContext" - Address of CollectionCertStoreContext
+ *              where the cached Certs are stored.
+ *  "selector" - CertSelector for chosing Cert based on Params set
+ *  "pSelectedCertList" - Certs that qualified by selector.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - A lock at top level is required.
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *              a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_GetSelectedCert(
+        PKIX_List *certList,
+        PKIX_CertSelector *selector,
+        PKIX_List **pSelectedCertList,
+        void *plContext)
+{
+        PKIX_List *selectCertList = NULL;
+        PKIX_PL_Cert *certItem = NULL;
+        PKIX_CertSelector_MatchCallback certSelectorMatch = NULL;
+        PKIX_UInt32 numCerts = 0;
+        PKIX_UInt32 i = 0;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_GetSelectedCert");
+        PKIX_NULLCHECK_THREE(certList, selector, pSelectedCertList);
+
+        PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
+                    (selector, &certSelectorMatch, plContext),
+                    PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(certList, &numCerts, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+        if (certSelectorMatch) {
+
+                PKIX_CHECK(PKIX_List_Create(&selectCertList, plContext),
+                            PKIX_LISTCREATEFAILED);
+
+                for (i = 0; i < numCerts; i++) {
+                        PKIX_CHECK_ONLY_FATAL
+                                (PKIX_List_GetItem
+                                (certList,
+                                i,
+                                (PKIX_PL_Object **) &certItem,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        if (!PKIX_ERROR_RECEIVED){
+                                PKIX_CHECK_ONLY_FATAL
+                                        (certSelectorMatch
+                                        (selector, certItem, plContext),
+                                        PKIX_CERTSELECTORMATCHFAILED);
+
+                                if (!PKIX_ERROR_RECEIVED){
+                                        PKIX_CHECK_ONLY_FATAL
+                                                (PKIX_List_AppendItem
+                                                (selectCertList,
+                                                (PKIX_PL_Object *)certItem,
+                                                plContext),
+                                                PKIX_LISTAPPENDITEMFAILED);
+                                }
+                        }
+
+                        PKIX_DECREF(certItem);
+                }
+
+        } else {
+
+                PKIX_INCREF(certList);
+
+                selectCertList = certList;
+        }
+
+        *pSelectedCertList = selectCertList;
+
+cleanup:
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_GetSelectedCRL
+ * DESCRIPTION:
+ *
+ *  Finds the CRLs that match the criterion of the CRLSelector pointed
+ *  to by "selector" using the List of CRLs pointed to by "crlList" and
+ *  stores the matching CRLs at "pSelectedCrlList".
+ *
+ *  Not recursive to sub-directory.
+ *
+ * PARAMETERS
+ *  "crlList" - Address of List of CRLs to be searched. Must be non-NULL
+ *  "selector" - CRLSelector for chosing CRL based on Params set
+ *  "pSelectedCrlList" - CRLs that qualified by selector.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - A lock at top level is required.
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CollectionCertStoreContext Error if the function fails in
+ *              a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CollectionCertStoreContext_GetSelectedCRL(
+        PKIX_List *crlList,
+        PKIX_CRLSelector *selector,
+        PKIX_List **pSelectedCrlList,
+        void *plContext)
+{
+        PKIX_List *selectCrlList = NULL;
+        PKIX_PL_CRL *crlItem = NULL;
+        PKIX_CRLSelector_MatchCallback crlSelectorMatch = NULL;
+        PKIX_UInt32 numCrls = 0;
+        PKIX_UInt32 i = 0;
+        PKIX_Boolean match = PKIX_FALSE;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_GetSelectedCRL");
+        PKIX_NULLCHECK_THREE(crlList, selector, pSelectedCrlList);
+
+        PKIX_CHECK(PKIX_CRLSelector_GetMatchCallback
+                    (selector, &crlSelectorMatch, plContext),
+                    PKIX_CRLSELECTORGETMATCHCALLBACKFAILED);
+
+        PKIX_CHECK(PKIX_List_GetLength(crlList, &numCrls, plContext),
+                    PKIX_LISTGETLENGTHFAILED);
+
+        if (crlSelectorMatch) {
+
+                PKIX_CHECK(PKIX_List_Create(&selectCrlList, plContext),
+                            PKIX_LISTCREATEFAILED);
+
+                for (i = 0; i < numCrls; i++) {
+                        PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItem
+                                (crlList,
+                                i,
+                                (PKIX_PL_Object **) &crlItem,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        if (!PKIX_ERROR_RECEIVED){
+                                PKIX_CHECK_ONLY_FATAL
+                                        (crlSelectorMatch
+                                        (selector, crlItem, &match, plContext),
+                                        PKIX_CRLSELECTORMATCHFAILED);
+
+                                if (!(PKIX_ERROR_RECEIVED) && match) {
+                                        PKIX_CHECK_ONLY_FATAL
+                                                (PKIX_List_AppendItem
+                                                (selectCrlList,
+                                                (PKIX_PL_Object *)crlItem,
+                                                plContext),
+                                                PKIX_LISTAPPENDITEMFAILED);
+                                }
+                        }
+
+                        PKIX_DECREF(crlItem);
+                }
+        } else {
+
+                PKIX_INCREF(crlList);
+
+                selectCrlList = crlList;
+        }
+
+        /* Don't throw away the list if one CRL was bad! */
+        pkixTempErrorReceived = PKIX_FALSE;
+
+        *pSelectedCrlList = selectCrlList;
+
+cleanup:
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStore_GetCert
+ * DESCRIPTION:
+ *
+ *  Retrieve Certs in a list of PKIX_PL_Cert object.
+ *
+ * PARAMETERS:
+ *  "colCertStoreContext"
+ *      The object CertStore is the object passed in by checker call.
+ *  "crlSelector"
+ *      CRLSelector specifies criteria for chosing CRL's
+ *  "pNBIOContext"
+ *      Address where platform-dependent information is returned for CertStores
+ *      that use non-blocking I/O. Must be non-NULL.
+ *  "pCertList"
+ *      Address where object pointer will be returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CollectionCertStore_GetCert(
+        PKIX_CertStore *certStore,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCerts,
+        void *plContext)
+{
+        PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
+        PKIX_List *selectedCerts = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_GetCert");
+        PKIX_NULLCHECK_FOUR(certStore, selector, pNBIOContext, pCerts);
+
+        *pNBIOContext = NULL;   /* We don't use non-blocking I/O */
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                    (certStore,
+                    (PKIX_PL_Object **) &colCertStoreContext,
+                    plContext),
+                    PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        if (colCertStoreContext->certList == NULL) {
+
+                PKIX_OBJECT_LOCK(colCertStoreContext);
+
+                /*
+                 * Certs in the directory are cached based on the
+                 * assumption that the directory contents won't be
+                 * changed dynamically.
+                 */
+                if (colCertStoreContext->certList == NULL){
+                    PKIX_CHECK(pkix_pl_CollectionCertStoreContext_PopulateCert
+                            (colCertStoreContext, plContext),
+                            PKIX_COLLECTIONCERTSTORECONTEXTPOPULATECERTFAILED);
+                }
+
+                PKIX_OBJECT_UNLOCK(colCertStoreContext);
+        }
+
+        PKIX_CHECK(pkix_pl_CollectionCertStoreContext_GetSelectedCert
+                    (colCertStoreContext->certList,
+                    selector,
+                    &selectedCerts,
+                    plContext),
+                    PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCERTFAILED);
+
+        *pCerts = selectedCerts;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_DECREF(colCertStoreContext);
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStore_GetCRL
+ * DESCRIPTION:
+ *
+ *  Retrieve CRL's in a list of PKIX_PL_CRL object.
+ *
+ * PARAMETERS:
+ *  "colCertStoreContext"
+ *      The object CertStore is passed in by checker call.
+ *  "crlSelector"
+ *      CRLSelector specifies criteria for chosing CRL's
+ *  "pNBIOContext"
+ *      Address where platform-dependent information is returned for CertStores
+ *      that use non-blocking I/O. Must be non-NULL.
+ *  "pCrlList"
+ *      Address where object pointer will be returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CollectionCertStore_GetCRL(
+        PKIX_CertStore *certStore,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+        PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
+        PKIX_List *selectCrl = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_CollectionCertStore_GetCRL");
+        PKIX_NULLCHECK_FOUR(certStore, selector, pNBIOContext, pCrlList);
+
+        *pNBIOContext = NULL;   /* We don't use non-blocking I/O */
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                    (certStore,
+                    (PKIX_PL_Object **) &colCertStoreContext,
+                    plContext),
+                    PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        if (colCertStoreContext->crlList == NULL) {
+
+                PKIX_OBJECT_LOCK(colCertStoreContext);
+
+                /*
+                 * CRLs in the directory are cached based on the
+                 * assumption that the directory contents won't be
+                 * changed dynamically.
+                 */
+                if (colCertStoreContext->crlList == NULL){
+                    PKIX_CHECK(pkix_pl_CollectionCertStoreContext_PopulateCRL
+                            (colCertStoreContext, plContext),
+                            PKIX_COLLECTIONCERTSTORECONTEXTPOPULATECRLFAILED);
+                }
+
+                PKIX_OBJECT_UNLOCK(colCertStoreContext);
+
+        }
+
+        PKIX_CHECK(pkix_pl_CollectionCertStoreContext_GetSelectedCRL
+                    (colCertStoreContext->crlList,
+                    selector,
+                    &selectCrl,
+                    plContext),
+                    PKIX_COLLECTIONCERTSTORECONTEXTGETSELECTCRLFAILED);
+
+        *pCrlList = selectCrl;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_DECREF(colCertStoreContext);
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_CollectionCertStoreContext_RegisterSelf
+ * DESCRIPTION:
+ *
+ *  Registers PKIX_PL_COLLECTIONCERTSTORECONTEXT_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CollectionCertStoreContext_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(COLLECTIONCERTSTORECONTEXT,
+                    "pkix_pl_CollectionCertStoreContext_RegisterSelf");
+
+        entry.description = "CollectionCertStoreContext";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_CollectionCertStoreContext);
+        entry.destructor = pkix_pl_CollectionCertStoreContext_Destroy;
+        entry.equalsFunction = pkix_pl_CollectionCertStoreContext_Equals;
+        entry.hashcodeFunction = pkix_pl_CollectionCertStoreContext_Hashcode;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_COLLECTIONCERTSTORECONTEXT_TYPE] = entry;
+
+        PKIX_RETURN(COLLECTIONCERTSTORECONTEXT);
+}
+
+/* --Public-CollectionCertStoreContext-Functions--------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_CollectionCertStore_Create
+ * (see comments in pkix_samples_modules.h)
+ */
+PKIX_Error *
+PKIX_PL_CollectionCertStore_Create(
+        PKIX_PL_String *storeDir,
+        PKIX_CertStore **pCertStore,
+        void *plContext)
+{
+        PKIX_PL_CollectionCertStoreContext *colCertStoreContext = NULL;
+        PKIX_CertStore *certStore = NULL;
+
+        PKIX_ENTER(CERTSTORE, "PKIX_PL_CollectionCertStore_Create");
+        PKIX_NULLCHECK_TWO(storeDir, pCertStore);
+
+        PKIX_CHECK(pkix_pl_CollectionCertStoreContext_Create
+                    (storeDir, &colCertStoreContext, plContext),
+                    PKIX_COULDNOTCREATECOLLECTIONCERTSTORECONTEXTOBJECT);
+
+        PKIX_CHECK(PKIX_CertStore_Create
+                    (pkix_pl_CollectionCertStore_GetCert,
+                    pkix_pl_CollectionCertStore_GetCRL,
+                    NULL, /* GetCertContinue */
+                    NULL, /* GetCRLContinue */
+                    pkix_pl_CollectionCertStore_CheckTrust,
+                    NULL,      /* can not store crls */
+                    NULL,      /* can not do revocation check */
+                    (PKIX_PL_Object *)colCertStoreContext,
+                    PKIX_TRUE, /* cache flag */
+                    PKIX_TRUE, /* local - no network I/O */
+                    &certStore,
+                    plContext),
+                    PKIX_CERTSTORECREATEFAILED);
+
+        PKIX_DECREF(colCertStoreContext);
+
+        *pCertStore = certStore;
+
+cleanup:
+        PKIX_RETURN(CERTSTORE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h
new file mode 100755
index 0000000..f41e6fa
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.h
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_colcertstore.h
+ *
+ * CollectionCertstore Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_COLCERTSTORE_H
+#define _PKIX_PL_COLCERTSTORE_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_CollectionCertStoreContext {
+        PKIX_PL_String *storeDir;
+        PKIX_List *crlList;
+        PKIX_List *certList;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_CollectionCertStoreContext_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_COLCERTSTORE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
new file mode 100755
index 0000000..471f920
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.c
@@ -0,0 +1,1147 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_httpcertstore.c
+ *
+ * HTTPCertStore Function Definitions
+ *
+ */
+
+/* We can't decode the length of a message without at least this many bytes */
+
+#include "pkix_pl_httpcertstore.h"
+extern PKIX_PL_HashTable *httpSocketCache;
+SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate)
+SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate)
+
+SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SECOID_AlgorithmIDTemplate)
+/* SEC_ASN1_CHOOSER_DECLARE(SEC_SetOfAnyTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_SetOfSignedCrlTemplate)
+
+const SEC_ASN1Template CERT_IssuerAndSNTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+	  0, NULL, sizeof(CERTIssuerAndSN) },
+    { SEC_ASN1_SAVE,
+	  offsetof(CERTIssuerAndSN,derIssuer) },
+    { SEC_ASN1_INLINE,
+	  offsetof(CERTIssuerAndSN,issuer),
+	  CERT_NameTemplate },
+    { SEC_ASN1_INTEGER,
+	  offsetof(CERTIssuerAndSN,serialNumber) },
+    { 0 }
+};
+
+const SEC_ASN1Template SECOID_AlgorithmIDTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+	  0, NULL, sizeof(SECAlgorithmID) },
+    { SEC_ASN1_OBJECT_ID,
+	  offsetof(SECAlgorithmID,algorithm) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
+	  offsetof(SECAlgorithmID,parameters) },
+    { 0 }
+}; */
+
+/* --Private-HttpCertStoreContext-Object Functions----------------------- */
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStoreContext_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_HttpCertStoreContext_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        PKIX_PL_HttpCertStoreContext *context = NULL;
+
+        PKIX_ENTER
+                (HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStoreContext_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_HTTPCERTSTORECONTEXT_TYPE, plContext),
+                    PKIX_OBJECTNOTANHTTPCERTSTORECONTEXT);
+
+        context = (PKIX_PL_HttpCertStoreContext *)object;
+        hcv1 = (const SEC_HttpClientFcnV1 *)(context->client);
+        if (context->requestSession != NULL) {
+            (*hcv1->freeFcn)(context->requestSession);
+            context->requestSession = NULL;
+        }
+        if (context->serverSession != NULL) {
+            (*hcv1->freeSessionFcn)(context->serverSession);
+            context->serverSession = NULL;
+        }
+        if (context->path != NULL) {
+            PORT_Free(context->path);
+            context->path = NULL;
+        }
+
+cleanup:
+
+        PKIX_RETURN(HTTPCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStoreContext_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_PL_HTTPCERTSTORECONTEXT_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_HttpCertStoreContext_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry *entry = &systemClasses[PKIX_HTTPCERTSTORECONTEXT_TYPE];
+
+        PKIX_ENTER(HTTPCERTSTORECONTEXT,
+                "pkix_pl_HttpCertStoreContext_RegisterSelf");
+
+        entry->description = "HttpCertStoreContext";
+        entry->typeObjectSize = sizeof(PKIX_PL_HttpCertStoreContext);
+        entry->destructor = pkix_pl_HttpCertStoreContext_Destroy;
+
+        PKIX_RETURN(HTTPCERTSTORECONTEXT);
+}
+
+
+/* --Private-Http-CertStore-Database-Functions----------------------- */
+
+typedef struct callbackContextStruct  {
+        PKIX_List  *pkixCertList;
+        PKIX_Error *error;
+        void       *plContext;
+} callbackContext;
+
+
+/*
+ * FUNCTION: certCallback
+ * DESCRIPTION:
+ *
+ *  This function processes the null-terminated array of SECItems produced by
+ *  extracting the contents of a signedData message received in response to an
+ *  HTTP cert query. Its address is supplied as a callback function to
+ *  CERT_DecodeCertPackage; it is not expected to be called directly.
+ *
+ *  Note that it does not conform to the libpkix API standard of returning
+ *  a PKIX_Error*. It returns a SECStatus.
+ *
+ * PARAMETERS:
+ *  "arg"
+ *      The address of the callbackContext provided as a void* argument to
+ *      CERT_DecodeCertPackage. Must be non-NULL.
+ *  "secitemCerts"
+ *      The address of the null-terminated array of SECItems. Must be non-NULL.
+ *  "numcerts"
+ *      The number of SECItems found in the signedData. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns SECSuccess if the function succeeds.
+ *  Returns SECFailure if the function fails.
+ */
+static SECStatus
+certCallback(void *arg, SECItem **secitemCerts, int numcerts)
+{
+        callbackContext *cbContext;
+        PKIX_List *pkixCertList = NULL;
+        PKIX_Error *error = NULL;
+        void *plContext = NULL;
+        int itemNum = 0;
+
+        if ((arg == NULL) || (secitemCerts == NULL)) {
+                return (SECFailure);
+        }
+
+        cbContext = (callbackContext *)arg;
+        plContext = cbContext->plContext;
+        pkixCertList = cbContext->pkixCertList;
+
+        for (; itemNum < numcerts; itemNum++ ) {
+                error = pkix_pl_Cert_CreateToList(secitemCerts[itemNum],
+                                                  pkixCertList, plContext);
+                if (error != NULL) {
+                    if (error->errClass == PKIX_FATAL_ERROR) {
+                        cbContext->error = error;
+                        return SECFailure;
+                    } 
+                    /* reuse "error" since we could not destruct the old *
+                     * value */
+                    error = PKIX_PL_Object_DecRef((PKIX_PL_Object *)error,
+                                                        plContext);
+                    if (error) {
+                        /* Treat decref failure as a fatal error.
+                         * In this case will leak error, but can not do
+                         * anything about it. */
+                        error->errClass = PKIX_FATAL_ERROR;
+                        cbContext->error = error;
+                        return SECFailure;
+                    }
+                }
+        }
+
+        return SECSuccess;
+}
+
+
+typedef SECStatus (*pkix_DecodeCertsFunc)(char *certbuf, int certlen,
+                                          CERTImportCertificateFunc f, void *arg);
+
+
+struct pkix_DecodeFuncStr {
+    pkix_DecodeCertsFunc func;          /* function pointer to the 
+                                         * CERT_DecodeCertPackage function */
+    PRLibrary *smimeLib;                /* Pointer to the smime shared lib*/
+    PRCallOnceType once;
+};
+
+static struct pkix_DecodeFuncStr pkix_decodeFunc;
+static const PRCallOnceType pkix_pristine;
+
+#define SMIME_LIB_NAME SHLIB_PREFIX"smime3."SHLIB_SUFFIX
+
+/*
+ * load the smime library and look up the SEC_ReadPKCS7Certs function.
+ *  we do this so we don't have a circular depenency on the smime library,
+ *  and also so we don't have to load the smime library in applications that
+ * don't use it.
+ */
+static PRStatus PR_CALLBACK pkix_getDecodeFunction(void)
+{
+    pkix_decodeFunc.smimeLib = 
+		PR_LoadLibrary(SHLIB_PREFIX"smime3."SHLIB_SUFFIX);
+    if (pkix_decodeFunc.smimeLib == NULL) {
+	return PR_FAILURE;
+    }
+
+    pkix_decodeFunc.func = (pkix_DecodeCertsFunc) PR_FindFunctionSymbol(
+		pkix_decodeFunc.smimeLib, "CERT_DecodeCertPackage");
+    if (!pkix_decodeFunc.func) {
+	return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+
+}
+
+/*
+ * clears our global state on shutdown. 
+ */
+void
+pkix_pl_HttpCertStore_Shutdown(void *plContext)
+{
+    if (pkix_decodeFunc.smimeLib) {
+	PR_UnloadLibrary(pkix_decodeFunc.smimeLib);
+	pkix_decodeFunc.smimeLib = NULL;
+    }
+    /* the function pointer just need to be cleared, not freed */
+    pkix_decodeFunc.func = NULL;
+    pkix_decodeFunc.once = pkix_pristine;
+}
+
+/*
+ * This function is based on CERT_DecodeCertPackage from lib/pkcs7/certread.c
+ * read an old style ascii or binary certificate chain
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_DecodeCertPackage
+        (const char *certbuf,
+        int certlen,
+        CERTImportCertificateFunc f,
+        void *arg,
+        void *plContext)
+{
+   
+        PRStatus status;
+        SECStatus rv;
+
+        PKIX_ENTER
+                (HTTPCERTSTORECONTEXT,
+                "pkix_pl_HttpCertStore_DecodeCertPackage");
+        PKIX_NULLCHECK_TWO(certbuf, f);
+
+        status = PR_CallOnce(&pkix_decodeFunc.once, pkix_getDecodeFunction);
+
+        if (status != PR_SUCCESS) {
+               PKIX_ERROR(PKIX_CANTLOADLIBSMIME);
+        }
+
+        /* paranoia, shouldn't happen if status == PR_SUCCESS); */
+        if (!pkix_decodeFunc.func) {
+               PKIX_ERROR(PKIX_CANTLOADLIBSMIME);
+        }
+
+        rv = (*pkix_decodeFunc.func)((char*)certbuf, certlen, f, arg);
+
+        if (rv != SECSuccess) {
+                PKIX_ERROR (PKIX_SECREADPKCS7CERTSFAILED);
+        }
+    
+
+cleanup:
+
+        PKIX_RETURN(HTTPCERTSTORECONTEXT);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_ProcessCertResponse
+ * DESCRIPTION:
+ *
+ *  This function verifies that the response code pointed to by "responseCode"
+ *  and the content type pointed to by "responseContentType" are as expected,
+ *  and then decodes the data pointed to by "responseData", of length
+ *  "responseDataLen", into a List of Certs, possibly empty, which is returned
+ *  at "pCertList".
+ *
+ * PARAMETERS:
+ *  "responseCode"
+ *      The value of the HTTP response code.
+ *  "responseContentType"
+ *      The address of the Content-type string. Must be non-NULL.
+ *  "responseData"
+ *      The address of the message data. Must be non-NULL.
+ *  "responseDataLen"
+ *      The length of the message data.
+ *  "pCertList"
+ *      The address of the List that is created. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpCertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_ProcessCertResponse(
+        PRUint16 responseCode,
+        const char *responseContentType,
+        const char *responseData,
+        PRUint32 responseDataLen,
+        PKIX_List **pCertList,
+        void *plContext)
+{
+        callbackContext cbContext;
+
+        PKIX_ENTER(HTTPCERTSTORECONTEXT,
+                "pkix_pl_HttpCertStore_ProcessCertResponse");
+        
+        cbContext.error = NULL;
+        cbContext.plContext = plContext;
+        cbContext.pkixCertList = NULL;
+
+        PKIX_NULLCHECK_ONE(pCertList);
+
+        if (responseCode != 200) {
+                PKIX_ERROR(PKIX_BADHTTPRESPONSE);
+        }
+
+        /* check that response type is application/pkcs7-mime */
+        if (responseContentType == NULL) {
+                PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE);
+        }
+
+        if (responseData == NULL) {
+                PKIX_ERROR(PKIX_NORESPONSEDATAINHTTPRESPONSE);
+        }
+
+        PKIX_CHECK(
+            PKIX_List_Create(&cbContext.pkixCertList, plContext),
+            PKIX_LISTCREATEFAILED);
+        
+        PKIX_CHECK_ONLY_FATAL(
+            pkix_pl_HttpCertStore_DecodeCertPackage(responseData,
+                                                    responseDataLen,
+                                                    certCallback,
+                                                    &cbContext,
+                                                    plContext),
+            PKIX_HTTPCERTSTOREDECODECERTPACKAGEFAILED);
+        if (cbContext.error) {
+            /* Aborting on a fatal error(See certCallback fn) */
+            pkixErrorResult = cbContext.error;
+            goto cleanup;
+        }
+        
+        *pCertList = cbContext.pkixCertList;
+        cbContext.pkixCertList = NULL;
+
+cleanup:
+
+        PKIX_DECREF(cbContext.pkixCertList);
+
+        PKIX_RETURN(HTTPCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_ProcessCrlResponse
+ * DESCRIPTION:
+ *
+ *  This function verifies that the response code pointed to by "responseCode"
+ *  and the content type pointed to by "responseContentType" are as expected,
+ *  and then decodes the data pointed to by "responseData", of length
+ *  "responseDataLen", into a List of Crls, possibly empty, which is returned
+ *  at "pCrlList".
+ *
+ * PARAMETERS:
+ *  "responseCode"
+ *      The value of the HTTP response code.
+ *  "responseContentType"
+ *      The address of the Content-type string. Must be non-NULL.
+ *  "responseData"
+ *      The address of the message data. Must be non-NULL.
+ *  "responseDataLen"
+ *      The length of the message data.
+ *  "pCrlList"
+ *      The address of the List that is created. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpCertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_ProcessCrlResponse(
+        PRUint16 responseCode,
+        const char *responseContentType,
+        const char *responseData,
+        PRUint32 responseDataLen,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+        SECItem encodedResponse;
+        PRInt16 compareVal = 0;
+        PKIX_List *crls = NULL;
+        SECItem *derCrlCopy = NULL;
+        CERTSignedCrl *nssCrl = NULL;
+        PKIX_PL_CRL *crl = NULL;
+
+        PKIX_ENTER(HTTPCERTSTORECONTEXT,
+                "pkix_pl_HttpCertStore_ProcessCrlResponse");
+        PKIX_NULLCHECK_ONE(pCrlList);
+
+        if (responseCode != 200) {
+                PKIX_ERROR(PKIX_BADHTTPRESPONSE);
+        }
+
+        /* check that response type is application/pkix-crl */
+        if (responseContentType == NULL) {
+                PKIX_ERROR(PKIX_NOCONTENTTYPEINHTTPRESPONSE);
+        }
+
+        compareVal = PORT_Strcasecmp(responseContentType,
+                                     "application/pkix-crl");
+        if (compareVal != 0) {
+                PKIX_ERROR(PKIX_CONTENTTYPENOTPKIXCRL);
+        }
+        encodedResponse.type = siBuffer;
+        encodedResponse.data = (void*)responseData;
+        encodedResponse.len = responseDataLen;
+
+        derCrlCopy = SECITEM_DupItem(&encodedResponse);
+        if (!derCrlCopy) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        /* crl will be based on derCrlCopy, but will not own the der. */
+        nssCrl =
+            CERT_DecodeDERCrlWithFlags(NULL, derCrlCopy, SEC_CRL_TYPE,
+                                       CRL_DECODE_DONT_COPY_DER |
+                                       CRL_DECODE_SKIP_ENTRIES);
+        if (!nssCrl) {
+            PKIX_ERROR(PKIX_FAILEDTODECODECRL);
+        }
+        /* pkix crls own the der. */
+        PKIX_CHECK(
+            pkix_pl_CRL_CreateWithSignedCRL(nssCrl, derCrlCopy, NULL,
+                                            &crl, plContext),
+            PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
+        /* Left control over memory pointed by derCrlCopy and
+         * nssCrl to pkix crl. */
+        derCrlCopy = NULL;
+        nssCrl = NULL;
+        PKIX_CHECK(PKIX_List_Create(&crls, plContext),
+                   PKIX_LISTCREATEFAILED);
+        PKIX_CHECK(PKIX_List_AppendItem
+                   (crls, (PKIX_PL_Object *) crl, plContext),
+                   PKIX_LISTAPPENDITEMFAILED);
+        *pCrlList = crls;
+        crls = NULL;
+cleanup:
+        if (derCrlCopy) {
+            SECITEM_FreeItem(derCrlCopy, PR_TRUE);
+        }
+        if (nssCrl) {
+            SEC_DestroyCrl(nssCrl);
+        }
+        PKIX_DECREF(crl);
+        PKIX_DECREF(crls);
+
+        PKIX_RETURN(HTTPCERTSTORECONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_CreateRequestSession
+ * DESCRIPTION:
+ *
+ *  This function takes elements from the HttpCertStoreContext pointed to by
+ *  "context" (path, client, and serverSession) and creates a RequestSession.
+ *  See the HTTPClient API described in ocspt.h for further details.
+ *
+ * PARAMETERS:
+ *  "context"
+ *      The address of the HttpCertStoreContext. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpCertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_CreateRequestSession(
+        PKIX_PL_HttpCertStoreContext *context,
+        void *plContext)
+{
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER
+                (HTTPCERTSTORECONTEXT,
+                "pkix_pl_HttpCertStore_CreateRequestSession");
+        PKIX_NULLCHECK_TWO(context, context->serverSession);
+
+        if (context->client->version != 1) {
+                PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+        }
+
+        hcv1 = &(context->client->fcnTable.ftable1);
+        if (context->requestSession != NULL) {
+            (*hcv1->freeFcn)(context->requestSession);
+            context->requestSession = 0;
+        }
+        
+        rv = (*hcv1->createFcn)(context->serverSession, "http",
+                         context->path, "GET",
+                         PR_SecondsToInterval(
+                             ((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
+                         &(context->requestSession));
+        
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_HTTPSERVERERROR);
+        }
+cleanup:
+
+        PKIX_RETURN(HTTPCERTSTORECONTEXT);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_GetCert
+ *  (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_GetCert(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCertList,
+        void *plContext)
+{
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        PKIX_PL_HttpCertStoreContext *context = NULL;
+        void *nbioContext = NULL;
+        SECStatus rv = SECFailure;
+        PRUint16 responseCode = 0;
+        const char *responseContentType = NULL;
+        const char *responseData = NULL;
+        PRUint32 responseDataLen = 0;
+        PKIX_List *certList = NULL;
+
+        PKIX_ENTER(HTTPCERTSTORECONTEXT, "pkix_pl_HttpCertStore_GetCert");
+        PKIX_NULLCHECK_THREE(store, selector, pCertList);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&context, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        if (context->client->version != 1) {
+            PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+        }
+        
+        hcv1 = &(context->client->fcnTable.ftable1);
+
+        PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession
+                   (context, plContext),
+                   PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED);
+        
+        responseDataLen = 
+            ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
+        
+        rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
+                                        (PRPollDesc **)&nbioContext,
+                                        &responseCode,
+                                        (const char **)&responseContentType,
+                                        NULL, /* &responseHeaders */
+                                        (const char **)&responseData,
+                                        &responseDataLen);
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_HTTPSERVERERROR);
+        }
+        
+        if (nbioContext != 0) {
+            *pNBIOContext = nbioContext;
+            goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse
+                (responseCode,
+                responseContentType,
+                responseData,
+                responseDataLen,
+                &certList,
+                plContext),
+                PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED);
+
+        *pCertList = certList;
+
+cleanup:
+        PKIX_DECREF(context);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_GetCertContinue
+ *  (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_GetCertContinue(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCertList,
+        void *plContext)
+{
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        PKIX_PL_HttpCertStoreContext *context = NULL;
+        void *nbioContext = NULL;
+        SECStatus rv = SECFailure;
+        PRUint16 responseCode = 0;
+        const char *responseContentType = NULL;
+        const char *responseData = NULL;
+        PRUint32 responseDataLen = 0;
+        PKIX_List *certList = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCertContinue");
+        PKIX_NULLCHECK_THREE(store, selector, pCertList);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&context, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        if (context->client->version != 1) {
+                PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+        }
+
+        hcv1 = &(context->client->fcnTable.ftable1);
+        PKIX_NULLCHECK_ONE(context->requestSession);
+
+        responseDataLen = 
+            ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
+
+        rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
+                        (PRPollDesc **)&nbioContext,
+                        &responseCode,
+                        (const char **)&responseContentType,
+                        NULL, /* &responseHeaders */
+                        (const char **)&responseData,
+                        &responseDataLen);
+
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_HTTPSERVERERROR);
+        }
+        
+        if (nbioContext != 0) {
+            *pNBIOContext = nbioContext;
+            goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCertResponse
+                (responseCode,
+                responseContentType,
+                responseData,
+                responseDataLen,
+                &certList,
+                plContext),
+                PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED);
+
+        *pCertList = certList;
+
+cleanup:
+        PKIX_DECREF(context);
+        
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_GetCRL
+ *  (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_GetCRL(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        PKIX_PL_HttpCertStoreContext *context = NULL;
+        void *nbioContext = NULL;
+        SECStatus rv = SECFailure;
+        PRUint16 responseCode = 0;
+        const char *responseContentType = NULL;
+        const char *responseData = NULL;
+        PRUint32 responseDataLen = 0;
+        PKIX_List *crlList = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRL");
+        PKIX_NULLCHECK_THREE(store, selector, pCrlList);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&context, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        if (context->client->version != 1) {
+                PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+        }
+
+        hcv1 = &(context->client->fcnTable.ftable1);
+        PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession
+                   (context, plContext),
+                   PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED);
+
+        responseDataLen = 
+            ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
+
+        rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
+                        (PRPollDesc **)&nbioContext,
+                        &responseCode,
+                        (const char **)&responseContentType,
+                        NULL, /* &responseHeaders */
+                        (const char **)&responseData,
+                        &responseDataLen);
+
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_HTTPSERVERERROR);
+        }
+        
+        if (nbioContext != 0) {
+            *pNBIOContext = nbioContext;
+            goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse
+                (responseCode,
+                responseContentType,
+                responseData,
+                responseDataLen,
+                &crlList,
+                plContext),
+                PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED);
+
+        *pCrlList = crlList;
+
+cleanup:
+        PKIX_DECREF(context);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_GetCRLContinue
+ *  (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_GetCRLContinue(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        PKIX_PL_HttpCertStoreContext *context = NULL;
+        void *nbioContext = NULL;
+        SECStatus rv = SECFailure;
+        PRUint16 responseCode = 0;
+        const char *responseContentType = NULL;
+        const char *responseData = NULL;
+        PRUint32 responseDataLen = 0;
+        PKIX_List *crlList = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_GetCRLContinue");
+        PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&context, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        if (context->client->version != 1) {
+            PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+        }
+        hcv1 = &(context->client->fcnTable.ftable1);
+                
+        PKIX_CHECK(pkix_pl_HttpCertStore_CreateRequestSession
+                   (context, plContext),
+                   PKIX_HTTPCERTSTORECREATEREQUESTSESSIONFAILED);
+        
+        responseDataLen = 
+            ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
+
+        rv = (*hcv1->trySendAndReceiveFcn)(context->requestSession,
+                        (PRPollDesc **)&nbioContext,
+                        &responseCode,
+                        (const char **)&responseContentType,
+                        NULL, /* &responseHeaders */
+                        (const char **)&responseData,
+                        &responseDataLen);
+        
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_HTTPSERVERERROR);
+        }
+        
+        if (nbioContext != 0) {
+            *pNBIOContext = nbioContext;
+            goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_HttpCertStore_ProcessCrlResponse
+                (responseCode,
+                responseContentType,
+                responseData,
+                responseDataLen,
+                &crlList,
+                plContext),
+                PKIX_HTTPCERTSTOREPROCESSCRLRESPONSEFAILED);
+
+        *pCrlList = crlList;
+
+cleanup:
+        PKIX_DECREF(context);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/* --Public-HttpCertStore-Functions----------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_HttpCertStore_CreateWithAsciiName
+ * DESCRIPTION:
+ *
+ *  This function uses the HttpClient pointed to by "client" and the string
+ *  (hostname:portnum/path, with portnum optional) pointed to by "locationAscii"
+ *  to create an HttpCertStore connected to the desired location, storing the
+ *  created CertStore at "pCertStore".
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpClient. Must be non-NULL.
+ *  "locationAscii"
+ *      The address of the character string indicating the hostname, port, and
+ *      path to be queried for Certs or Crls. Must be non-NULL.
+ *  "pCertStore"
+ *      The address in which the object is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpCertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_HttpCertStore_CreateWithAsciiName(
+        PKIX_PL_HttpClient *client,
+        char *locationAscii,
+        PKIX_CertStore **pCertStore,
+        void *plContext)
+{
+        const SEC_HttpClientFcn *clientFcn = NULL;
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        PKIX_PL_HttpCertStoreContext *httpCertStore = NULL;
+        PKIX_CertStore *certStore = NULL;
+        char *hostname = NULL;
+        char *path = NULL;
+        PRUint16 port = 0;
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_HttpCertStore_CreateWithAsciiName");
+        PKIX_NULLCHECK_TWO(locationAscii, pCertStore);
+
+        if (client == NULL) {
+                clientFcn = SEC_GetRegisteredHttpClient();
+                if (clientFcn == NULL) {
+                        PKIX_ERROR(PKIX_NOREGISTEREDHTTPCLIENT);
+                }
+        } else {
+                clientFcn = (const SEC_HttpClientFcn *)client;
+        }
+
+        if (clientFcn->version != 1) {
+                PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
+        }
+
+        /* create a PKIX_PL_HttpCertStore object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                  (PKIX_HTTPCERTSTORECONTEXT_TYPE,
+                  sizeof (PKIX_PL_HttpCertStoreContext),
+                  (PKIX_PL_Object **)&httpCertStore,
+                  plContext),
+                  PKIX_COULDNOTCREATEOBJECT);
+
+        /* Initialize fields */
+        httpCertStore->client = clientFcn; /* not a PKIX object! */
+
+        /* parse location -> hostname, port, path */
+        rv = CERT_ParseURL(locationAscii, &hostname, &port, &path);
+        if (rv == SECFailure || hostname == NULL || path == NULL) {
+                PKIX_ERROR(PKIX_URLPARSINGFAILED);
+        }
+
+        httpCertStore->path = path;
+        path = NULL;
+
+        hcv1 = &(clientFcn->fcnTable.ftable1);
+        rv = (*hcv1->createSessionFcn)(hostname, port,
+                                       &(httpCertStore->serverSession));
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_HTTPCLIENTCREATESESSIONFAILED);
+        }
+
+        httpCertStore->requestSession = NULL;
+
+        PKIX_CHECK(PKIX_CertStore_Create
+                (pkix_pl_HttpCertStore_GetCert,
+                pkix_pl_HttpCertStore_GetCRL,
+                pkix_pl_HttpCertStore_GetCertContinue,
+                pkix_pl_HttpCertStore_GetCRLContinue,
+                NULL,       /* don't support trust */
+                NULL,      /* can not store crls */
+                NULL,      /* can not do revocation check */
+                (PKIX_PL_Object *)httpCertStore,
+                PKIX_TRUE,  /* cache flag */
+                PKIX_FALSE, /* not local */
+                &certStore,
+                plContext),
+                PKIX_CERTSTORECREATEFAILED);
+
+        *pCertStore = certStore;
+        certStore = NULL;
+
+cleanup:
+        PKIX_DECREF(httpCertStore);
+        if (hostname) {
+            PORT_Free(hostname);
+        }
+        if (path) {
+            PORT_Free(path);
+        }
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: PKIX_PL_HttpCertStore_Create
+ * (see comments in pkix_samples_modules.h)
+ */
+PKIX_Error *
+PKIX_PL_HttpCertStore_Create(
+        PKIX_PL_HttpClient *client,
+        PKIX_PL_GeneralName *location,
+        PKIX_CertStore **pCertStore,
+        void *plContext)
+{
+        PKIX_PL_String *locationString = NULL;
+        char *locationAscii = NULL;
+        PKIX_UInt32 len = 0;
+
+        PKIX_ENTER(CERTSTORE, "PKIX_PL_HttpCertStore_Create");
+        PKIX_NULLCHECK_TWO(location, pCertStore);
+
+        PKIX_TOSTRING(location, &locationString, plContext,
+                PKIX_GENERALNAMETOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                (locationString,
+                PKIX_ESCASCII,
+                (void **)&locationAscii,
+                &len,
+                plContext),
+                PKIX_STRINGGETENCODEDFAILED);
+
+        PKIX_CHECK(pkix_pl_HttpCertStore_CreateWithAsciiName
+                (client, locationAscii, pCertStore, plContext),
+                PKIX_HTTPCERTSTORECREATEWITHASCIINAMEFAILED);
+
+cleanup:
+
+        PKIX_DECREF(locationString);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_HttpCertStore_FindSocketConnection
+ * DESCRIPTION:
+ *
+        PRIntervalTime timeout,
+        char *hostname,
+        PRUint16 portnum,
+        PRErrorCode *pStatus,
+        PKIX_PL_Socket **pSocket,
+
+ *  This function checks for an existing socket, creating a new one if unable
+ *  to find an existing one, for the host pointed to by "hostname" and the port
+ *  pointed to by "portnum". If a new socket is created the PRIntervalTime in
+ *  "timeout" will be used for the timeout value and a creation status is
+ *  returned at "pStatus". The address of the socket is stored at "pSocket".
+ *
+ * PARAMETERS:
+ *  "timeout"
+ *      The PRIntervalTime of the timeout value.
+ *  "hostname"
+ *      The address of the string containing the hostname. Must be non-NULL.
+ *  "portnum"
+ *      The port number for the desired socket.
+ *  "pStatus"
+ *      The address at which the status is stored. Must be non-NULL.
+ *  "pSocket"
+ *      The address at which the socket is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpCertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_HttpCertStore_FindSocketConnection(
+        PRIntervalTime timeout,
+        char *hostname,
+        PRUint16 portnum,
+        PRErrorCode *pStatus,
+        PKIX_PL_Socket **pSocket,
+        void *plContext)
+{
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *hostString = NULL;
+        PKIX_PL_String *domainString = NULL;
+        PKIX_PL_Socket *socket = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_HttpCertStore_FindSocketConnection");
+        PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
+
+        *pStatus = 0;
+
+        /* create PKIX_PL_String from hostname and port */
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, "%s:%d", 0, &formatString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+#if 0
+hostname = "variation.red.iplanet.com";
+portnum = 2001;
+#endif
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, hostname, 0, &hostString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&domainString, plContext, formatString, hostString, portnum),
+                PKIX_STRINGCREATEFAILED);
+
+#ifdef PKIX_SOCKETCACHE
+        /* Is this domainName already in cache? */
+        PKIX_CHECK(PKIX_PL_HashTable_Lookup
+                (httpSocketCache,
+                (PKIX_PL_Object *)domainString,
+                (PKIX_PL_Object **)&socket,
+                plContext),
+                PKIX_HASHTABLELOOKUPFAILED);
+#endif
+        if (socket == NULL) {
+
+                /* No, create a connection (and cache it) */
+                PKIX_CHECK(pkix_pl_Socket_CreateByHostAndPort
+                        (PKIX_FALSE,       /* create a client, not a server */
+                        timeout,
+                        hostname,
+                        portnum,
+                        pStatus,
+                        &socket,
+                        plContext),
+                        PKIX_SOCKETCREATEBYHOSTANDPORTFAILED);
+
+#ifdef PKIX_SOCKETCACHE
+                PKIX_CHECK(PKIX_PL_HashTable_Add
+                        (httpSocketCache,
+                        (PKIX_PL_Object *)domainString,
+                        (PKIX_PL_Object *)socket,
+                        plContext),
+                        PKIX_HASHTABLEADDFAILED);
+#endif 
+        }
+
+        *pSocket = socket;
+        socket = NULL;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(hostString);
+        PKIX_DECREF(domainString);
+        PKIX_DECREF(socket);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h
new file mode 100644
index 0000000..a03ea94
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpcertstore.h
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_httpcertstore.h
+ *
+ * HTTPCertstore Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_HTTPCERTSTORE_H
+#define _PKIX_PL_HTTPCERTSTORE_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_HttpCertStoreContextStruct {
+        const SEC_HttpClientFcn *client;
+        SEC_HTTP_SERVER_SESSION serverSession;
+        SEC_HTTP_REQUEST_SESSION requestSession;
+	char *path;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_HttpCertStoreContext_RegisterSelf(void *plContext);
+
+void pkix_pl_HttpCertStore_Shutdown(void *plContext);
+
+PKIX_Error *
+pkix_pl_HttpCertStore_CreateWithAsciiName(
+        PKIX_PL_HttpClient *client,
+	char *locationAscii,
+        PKIX_CertStore **pCertStore,
+        void *plContext);
+
+PKIX_Error *
+pkix_HttpCertStore_FindSocketConnection(
+        PRIntervalTime timeout,
+        char *hostname,
+        PRUint16 portnum,
+        PRErrorCode *pStatus,
+        PKIX_PL_Socket **pSocket,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_HttpCertStore_ProcessCertResponse(
+	PRUint16 responseCode,
+	const char *responseContentType,
+	const char *responseData,
+        PRUint32 responseDataLen,
+	PKIX_List **pCertList,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_HTTPCERTSTORE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
new file mode 100644
index 0000000..9954f0c
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
@@ -0,0 +1,1654 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_httpdefaultclient.c
+ *
+ * HTTPDefaultClient Function Definitions
+ *
+ */
+
+#include "pkix_pl_httpdefaultclient.h"
+
+static void *plContext = NULL;
+
+/*
+ * The interface specification for an http client requires that it register
+ * a function table of type SEC_HttpClientFcn, which is defined as a union
+ * of tables, of which only version 1 is defined at present.
+ *
+ * Note: these functions violate the PKIX calling conventions, in that they
+ * return SECStatus rather than PKIX_Error*, and that they do not provide a
+ * plContext argument. They are implemented here as calls to PKIX functions,
+ * but the plContext value is circularly defined - a true kludge. Its value
+ * is saved at the time of the call to pkix_pl_HttpDefaultClient_Create for
+ * subsequent use, but since that initial call comes from the
+ * pkix_pl_HttpDefaultClient_CreateSessionFcn, it's not really getting saved.
+ */
+static SEC_HttpClientFcnV1 vtable = {
+        pkix_pl_HttpDefaultClient_CreateSessionFcn,
+        pkix_pl_HttpDefaultClient_KeepAliveSessionFcn,
+        pkix_pl_HttpDefaultClient_FreeSessionFcn,
+        pkix_pl_HttpDefaultClient_RequestCreateFcn,
+        pkix_pl_HttpDefaultClient_SetPostDataFcn,
+        pkix_pl_HttpDefaultClient_AddHeaderFcn,
+        pkix_pl_HttpDefaultClient_TrySendAndReceiveFcn,
+        pkix_pl_HttpDefaultClient_CancelFcn,
+        pkix_pl_HttpDefaultClient_FreeFcn
+};
+
+static SEC_HttpClientFcn httpClient;
+
+static const char *eohMarker = "\r\n\r\n";
+static const PKIX_UInt32 eohMarkLen = 4; /* strlen(eohMarker) */
+static const char *crlf = "\r\n";
+static const PKIX_UInt32 crlfLen = 2; /* strlen(crlf) */
+static const char *httpprotocol = "HTTP/";
+static const PKIX_UInt32 httpprotocolLen = 5; /* strlen(httpprotocol) */
+
+
+#define HTTP_UNKNOWN_CONTENT_LENGTH -1
+
+/* --Private-HttpDefaultClient-Functions------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_HdrCheckComplete
+ * DESCRIPTION:
+ *
+ *  This function determines whether the headers in the current receive buffer
+ *  in the HttpDefaultClient pointed to by "client" are complete. If so, the
+ *  input data is checked for status code, content-type and content-length are
+ *  extracted, and the client is set up to read the body of the response.
+ *  Otherwise, the client is set up to continue reading header data.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "bytesRead"
+ *      The UInt32 number of bytes received in the latest read.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_HdrCheckComplete(
+        PKIX_PL_HttpDefaultClient *client,
+        PKIX_UInt32 bytesRead,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_UInt32 alreadyScanned = 0;
+        PKIX_UInt32 comp = 0;
+        PKIX_UInt32 headerLength = 0;
+        PKIX_Int32 contentLength = HTTP_UNKNOWN_CONTENT_LENGTH;
+        char *eoh = NULL;
+        char *statusLineEnd = NULL;
+        char *space = NULL;
+        char *nextHeader = NULL;
+        const char *httpcode = NULL;
+        char *thisHeaderEnd = NULL;
+        char *value = NULL;
+        char *colon = NULL;
+	char *copy = NULL;
+        char *body = NULL;
+
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT,
+                "pkix_pl_HttpDefaultClient_HdrCheckComplete");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        *pKeepGoing = PKIX_FALSE;
+
+        /* Does buffer contain end-of-header marker? */
+
+        /* Copy number of scanned bytes into a variable. */
+        alreadyScanned = client->filledupBytes;
+        /*
+         * If this is the initial buffer, we have to scan from the beginning.
+         * If we scanned, failed to find eohMarker, and read some more, we
+         * only have to scan from where we left off.
+         */
+        if (alreadyScanned > eohMarkLen) {
+            /* Back up and restart scanning over a few bytes that were
+             * scanned before */
+            PKIX_UInt32 searchStartPos = alreadyScanned - eohMarkLen;
+            eoh = PL_strnstr(&(client->rcvBuf[searchStartPos]), eohMarker,
+                             bytesRead + searchStartPos);
+        } else {
+            /* A search from the beginning of the buffer. */
+            eoh = PL_strnstr(client->rcvBuf, eohMarker, bytesRead);
+        }
+
+        client->filledupBytes += bytesRead;
+
+        if (eoh == NULL) { /* did we see end-of-header? */
+                /* No. Continue to read header data */
+                client->connectStatus = HTTP_RECV_HDR;
+                *pKeepGoing = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /* Yes. Calculate how many bytes in header (not counting eohMarker) */
+        headerLength = (eoh - client->rcvBuf);
+
+        /* allocate space to copy header (and for the NULL terminator) */
+        PKIX_CHECK(PKIX_PL_Malloc(headerLength + 1, (void **)&copy, plContext),
+                PKIX_MALLOCFAILED);
+
+        /* copy header data before we corrupt it (by storing NULLs) */
+        PORT_Memcpy(copy, client->rcvBuf, headerLength);
+	/* Store the NULL terminator */
+	copy[headerLength] = '\0';
+	client->rcvHeaders = copy;
+
+        /* Did caller want a pointer to header? */
+        if (client->rcv_http_headers != NULL) {
+                /* store pointer for caller */
+                *(client->rcv_http_headers) = copy;
+        }
+
+        /* Check that message status is okay. */
+        statusLineEnd = PL_strnstr(client->rcvBuf, crlf, client->capacity);
+        if (statusLineEnd == NULL) {
+                client->connectStatus = HTTP_ERROR;
+                PORT_SetError(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE);
+                goto cleanup;
+        }
+
+        *statusLineEnd = '\0';
+
+        space = strchr((const char *)client->rcvBuf, ' ');
+        if (space == NULL) {
+                client->connectStatus = HTTP_ERROR;
+                goto cleanup;
+        }
+
+        comp = PORT_Strncasecmp((const char *)client->rcvBuf, httpprotocol,
+                                httpprotocolLen);
+        if (comp != 0) {
+                client->connectStatus = HTTP_ERROR;
+                goto cleanup;
+        }
+
+        httpcode = space + 1;
+        space = strchr(httpcode, ' ');
+        if (space == NULL) {
+                client->connectStatus = HTTP_ERROR;
+                goto cleanup;
+        }
+        *space = '\0';
+
+        client->responseCode = atoi(httpcode);
+        if (client->responseCode != 200) {
+                client->connectStatus = HTTP_ERROR;
+                goto cleanup;
+        }
+
+        /* Find the content-type and content-length */
+        nextHeader = statusLineEnd + crlfLen;
+        *eoh = '\0';
+        do {
+                thisHeaderEnd = NULL;
+                value = NULL;
+
+                colon = strchr(nextHeader, ':');
+                if (colon == NULL) {
+                        client->connectStatus = HTTP_ERROR;
+                        goto cleanup;
+                }
+                *colon = '\0';
+                value = colon + 1;
+                if (*value != ' ') {
+                        client->connectStatus = HTTP_ERROR;
+                        goto cleanup;
+                }
+                value++;
+                thisHeaderEnd = strstr(value, crlf);
+                if (thisHeaderEnd != NULL) {
+                        *thisHeaderEnd = '\0';
+                }
+                comp = PORT_Strcasecmp(nextHeader, "content-type");
+                if (comp == 0) {
+                        client->rcvContentType = PORT_Strdup(value);
+                } else {
+                        comp = PORT_Strcasecmp(nextHeader, "content-length");
+                        if (comp == 0) {
+                                contentLength = atoi(value);
+                        }
+                }
+                if (thisHeaderEnd != NULL) {
+                        nextHeader = thisHeaderEnd + crlfLen;
+                } else {
+                        nextHeader = NULL;
+                }
+        } while ((nextHeader != NULL) && (nextHeader < (eoh + crlfLen)));
+                
+        /* Did caller provide a pointer to return content-type? */
+        if (client->rcv_http_content_type != NULL) {
+                *(client->rcv_http_content_type) = client->rcvContentType;
+        }
+
+        if (client->rcvContentType == NULL) {
+                client->connectStatus = HTTP_ERROR;
+                goto cleanup;
+        }
+
+         /* How many bytes remain in current buffer, beyond the header? */
+         headerLength += eohMarkLen;
+         client->filledupBytes -= headerLength;
+ 
+         /*
+          * The headers have passed validation. Now figure out whether the
+          * message is within the caller's size limit (if one was specified).
+          */
+         switch (contentLength) {
+         case 0:
+             client->rcv_http_data_len = 0;
+             client->connectStatus = HTTP_COMPLETE;
+             *pKeepGoing = PKIX_FALSE;
+             break;
+ 
+         case HTTP_UNKNOWN_CONTENT_LENGTH:
+             /* Unknown contentLength indicator.Will be set by
+              * pkix_pl_HttpDefaultClient_RecvBody whey connection get closed */
+             client->rcv_http_data_len = HTTP_UNKNOWN_CONTENT_LENGTH;
+             contentLength =                 /* Try to reserve 4K+ buffer */
+                 client->filledupBytes + HTTP_DATA_BUFSIZE;
+             if (client->maxResponseLen > 0 &&
+                 contentLength > (PKIX_Int32)client->maxResponseLen) {
+                 if (client->filledupBytes < client->maxResponseLen) {
+                     contentLength = client->maxResponseLen;
+                 } else {
+                     client->connectStatus = HTTP_ERROR;
+                     goto cleanup;
+                 }
+             }
+             /* set available number of bytes in the buffer */
+             client->capacity = contentLength;
+             client->connectStatus = HTTP_RECV_BODY;
+             *pKeepGoing = PKIX_TRUE;
+             break;
+ 
+         default:
+             client->rcv_http_data_len = contentLength;
+             if (client->maxResponseLen > 0 &&
+                 (PKIX_Int32)client->maxResponseLen < contentLength) {
+                 client->connectStatus = HTTP_ERROR;
+                 goto cleanup;
+             }
+             
+             /*
+              * Do we have all of the message body, or do we need to read some more?
+              */
+             if ((PKIX_Int32)client->filledupBytes < contentLength) {
+                 client->connectStatus = HTTP_RECV_BODY;
+                 *pKeepGoing = PKIX_TRUE;
+             } else {
+                 client->connectStatus = HTTP_COMPLETE;
+                 *pKeepGoing = PKIX_FALSE;
+             }
+         }
+ 
+         if (contentLength > 0) {
+             /* allocate a buffer of size contentLength  for the content */
+             PKIX_CHECK(PKIX_PL_Malloc(contentLength, (void **)&body, plContext),
+                        PKIX_MALLOCFAILED);
+             
+             /* copy any remaining bytes in current buffer into new buffer */
+             if (client->filledupBytes > 0) {
+                 PORT_Memcpy(body, &(client->rcvBuf[headerLength]),
+                             client->filledupBytes);
+             }
+         }
+ 
+         PKIX_CHECK(PKIX_PL_Free(client->rcvBuf, plContext),
+                    PKIX_FREEFAILED);
+         client->rcvBuf = body;
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_HttpDefaultClient_Create
+ * DESCRIPTION:
+ *
+ *  This function creates a new HttpDefaultClient, and stores the result at
+ *  "pClient".
+ *
+ *  The HttpClient API does not include a plContext argument in its
+ *  function calls. Its value at the time of this Create call must be the
+ *  same as when the client is invoked.
+ *
+ * PARAMETERS:
+ *  "host"
+ *      The name of the server with which we hope to exchange messages. Must
+ *      be non-NULL.
+ *  "portnum"
+ *      The port number to be used for our connection to the server.
+ *  "pClient"
+ *      The address at which the created HttpDefaultClient is to be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_Create(
+        const char *host,
+        PRUint16 portnum,
+        PKIX_PL_HttpDefaultClient **pClient,
+        void *plContext)
+{
+        PKIX_PL_HttpDefaultClient *client = NULL;
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "PKIX_PL_HttpDefaultClient_Create");
+        PKIX_NULLCHECK_TWO(pClient, host);
+
+        /* allocate an HttpDefaultClient */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_HTTPDEFAULTCLIENT_TYPE,
+                sizeof (PKIX_PL_HttpDefaultClient),
+                (PKIX_PL_Object **)&client,
+                plContext),
+                PKIX_COULDNOTCREATEHTTPDEFAULTCLIENTOBJECT);
+
+        /* Client timeout is overwritten in HttpDefaultClient_RequestCreate
+         * function. Default value will be ignored. */
+        client->timeout = 0;
+        client->connectStatus = HTTP_NOT_CONNECTED;
+        client->portnum = portnum;
+        client->bytesToWrite = 0;
+        client->send_http_data_len = 0;
+        client->rcv_http_data_len = 0;
+        client->capacity = 0;
+        client->filledupBytes = 0;
+        client->responseCode = 0;
+        client->maxResponseLen = 0;
+        client->GETLen = 0;
+        client->POSTLen = 0;
+        client->pRcv_http_data_len = NULL;
+        client->callbackList = NULL;
+        client->GETBuf = NULL;
+        client->POSTBuf = NULL;
+        client->rcvBuf = NULL;
+        /* "host" is a parsing result by CERT_GetURL function that adds
+         * "end of line" to the value. OK to dup the string. */
+        client->host = PORT_Strdup(host);
+        if (!client->host) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        client->path = NULL;
+        client->rcvContentType = NULL;
+        client->rcvHeaders = NULL;
+        client->send_http_method = HTTP_POST_METHOD;
+        client->send_http_content_type = NULL;
+        client->send_http_data = NULL;
+        client->rcv_http_response_code = NULL;
+        client->rcv_http_content_type = NULL;
+        client->rcv_http_headers = NULL;
+        client->rcv_http_data = NULL;
+        client->socket = NULL;
+
+        /*
+         * The HttpClient API does not include a plContext argument in its
+         * function calls. Save it here.
+         */
+        client->plContext = plContext;
+
+        *pClient = client;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(client);
+        }
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_HttpDefaultClient *client = NULL;
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_HTTPDEFAULTCLIENT_TYPE, plContext),
+                    PKIX_OBJECTNOTANHTTPDEFAULTCLIENT);
+
+        client = (PKIX_PL_HttpDefaultClient *)object;
+
+        if (client->rcvHeaders) {
+            PKIX_PL_Free(client->rcvHeaders, plContext);
+            client->rcvHeaders = NULL;
+        }
+        if (client->rcvContentType) {
+            PORT_Free(client->rcvContentType);
+            client->rcvContentType = NULL;
+        }
+        if (client->GETBuf != NULL) {
+                PR_smprintf_free(client->GETBuf);
+                client->GETBuf = NULL;
+        }
+        if (client->POSTBuf != NULL) {
+                PKIX_PL_Free(client->POSTBuf, plContext);
+                client->POSTBuf = NULL;
+        }
+        if (client->rcvBuf != NULL) {
+                PKIX_PL_Free(client->rcvBuf, plContext);
+                client->rcvBuf = NULL;
+        }
+        if (client->host) {
+                PORT_Free(client->host);
+                client->host = NULL;
+        }
+        if (client->path) {
+                PORT_Free(client->path);
+                client->path = NULL;
+        }
+        PKIX_DECREF(client->socket);
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_PL_HTTPDEFAULTCLIENT_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_HttpDefaultClient_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry *entry =
+            &systemClasses[PKIX_HTTPDEFAULTCLIENT_TYPE];
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT,
+                "pkix_pl_HttpDefaultClient_RegisterSelf");
+
+        entry->description = "HttpDefaultClient";
+        entry->typeObjectSize = sizeof(PKIX_PL_HttpDefaultClient);
+        entry->destructor = pkix_pl_HttpDefaultClient_Destroy;
+ 
+        httpClient.version = 1;
+        httpClient.fcnTable.ftable1 = vtable;
+        (void)SEC_RegisterDefaultHttpClient(&httpClient);
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/* --Private-HttpDefaultClient-I/O-Functions---------------------------- */
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_ConnectContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether a socket Connect initiated earlier for the
+ *  HttpDefaultClient "client" has completed, and stores in "pKeepGoing" a flag
+ *  indicating whether processing can continue without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_ConnectContinue(
+        PKIX_PL_HttpDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PRErrorCode status;
+        PKIX_Boolean keepGoing = PKIX_FALSE;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT,
+                "pkix_pl_HttpDefaultClient_ConnectContinue");
+        PKIX_NULLCHECK_ONE(client);
+
+        callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
+
+        PKIX_CHECK(callbackList->connectcontinueCallback
+                (client->socket, &status, plContext),
+                PKIX_SOCKETCONNECTCONTINUEFAILED);
+
+        if (status == 0) {
+                client->connectStatus = HTTP_CONNECTED;
+                keepGoing = PKIX_TRUE;
+        } else if (status != PR_IN_PROGRESS_ERROR) {
+                PKIX_ERROR(PKIX_UNEXPECTEDERRORINESTABLISHINGCONNECTION);
+        }
+
+        *pKeepGoing = keepGoing;
+
+cleanup:
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_Send
+ * DESCRIPTION:
+ *
+ *  This function creates and sends HTTP-protocol headers and, if applicable,
+ *  data, for the HttpDefaultClient "client", and stores in "pKeepGoing" a flag
+ *  indicating whether processing can continue without further input, and at
+ *  "pBytesTransferred" the number of bytes sent.
+ *
+ *  If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
+ *  and that transmission has not completed.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "pBytesTransferred"
+ *      The address at which the number of bytes sent is stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_Send(
+        PKIX_PL_HttpDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        PKIX_UInt32 *pBytesTransferred,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_Int32 lenToWrite = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+        char *dataToWrite = NULL;
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Send");
+        PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
+
+        *pKeepGoing = PKIX_FALSE;
+
+        /* Do we have anything waiting to go? */
+        if ((client->GETBuf) || (client->POSTBuf)) {
+
+                if (client->GETBuf) {
+                        dataToWrite = client->GETBuf;
+                        lenToWrite = client->GETLen;
+                } else {
+                        dataToWrite = client->POSTBuf;
+                        lenToWrite = client->POSTLen;
+                }
+
+                callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
+
+                PKIX_CHECK(callbackList->sendCallback
+                        (client->socket,
+                        dataToWrite,
+                        lenToWrite,
+                        &bytesWritten,
+                        plContext),
+                        PKIX_SOCKETSENDFAILED);
+
+                client->rcvBuf = NULL;
+                client->capacity = 0;
+                client->filledupBytes = 0;
+
+                /*
+                 * If the send completed we can proceed to try for the
+                 * response. If the send did not complete we will have
+                 * to poll for completion later.
+                 */
+                if (bytesWritten >= 0) {
+                        client->connectStatus = HTTP_RECV_HDR;
+                        *pKeepGoing = PKIX_TRUE;
+                } else {
+                        client->connectStatus = HTTP_SEND_PENDING;
+                        *pKeepGoing = PKIX_FALSE;
+                }
+
+        }
+
+        *pBytesTransferred = bytesWritten;
+
+cleanup:
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_SendContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether the sending of the HTTP message for the
+ *  HttpDefaultClient "client" has completed, and stores in "pKeepGoing" a
+ *  flag indicating whether processing can continue without further input, and
+ *  at "pBytesTransferred" the number of bytes sent.
+ *
+ *  If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
+ *  and that transmission has not completed.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "pBytesTransferred"
+ *      The address at which the number of bytes sent is stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_SendContinue(
+        PKIX_PL_HttpDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        PKIX_UInt32 *pBytesTransferred,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_SendContinue");
+        PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
+
+        *pKeepGoing = PKIX_FALSE;
+
+        callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
+
+        PKIX_CHECK(callbackList->pollCallback
+                (client->socket, &bytesWritten, NULL, plContext),
+                PKIX_SOCKETPOLLFAILED);
+
+        /*
+         * If the send completed we can proceed to try for the
+         * response. If the send did not complete we will have
+         * continue to poll.
+         */
+        if (bytesWritten >= 0) {
+                       client->connectStatus = HTTP_RECV_HDR;
+                *pKeepGoing = PKIX_TRUE;
+        }
+
+        *pBytesTransferred = bytesWritten;
+
+cleanup:
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_RecvHdr
+ * DESCRIPTION:
+ *
+ *  This function receives HTTP headers for the HttpDefaultClient "client", and
+ *  stores in "pKeepGoing" a flag indicating whether processing can continue
+ *  without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_RecvHdr(
+        PKIX_PL_HttpDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_UInt32 bytesToRead = 0;
+        PKIX_Int32 bytesRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_RecvHdr");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        /*
+         * rcvbuf, capacity, and filledupBytes were
+         * initialized when we wrote the headers. We begin by reading
+         * HTTP_HEADER_BUFSIZE bytes, repeatedly increasing the buffersize and
+         * reading again if necessary, until we have read the end-of-header
+         * marker, "\r\n\r\n", or have reached our maximum.
+         */
+        client->capacity += HTTP_HEADER_BUFSIZE;
+        PKIX_CHECK(PKIX_PL_Realloc
+                (client->rcvBuf,
+                client->capacity,
+                (void **)&(client->rcvBuf),
+                plContext),
+                PKIX_REALLOCFAILED);
+
+        bytesToRead = client->capacity - client->filledupBytes;
+
+        callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
+
+        PKIX_CHECK(callbackList->recvCallback
+                (client->socket,
+                (void *)&(client->rcvBuf[client->filledupBytes]),
+                bytesToRead,
+                &bytesRead,
+                plContext),
+                PKIX_SOCKETRECVFAILED);
+
+        if (bytesRead > 0) {
+            /* client->filledupBytes will be adjusted by
+             * pkix_pl_HttpDefaultClient_HdrCheckComplete */
+            PKIX_CHECK(
+                pkix_pl_HttpDefaultClient_HdrCheckComplete(client, bytesRead,
+                                                           pKeepGoing,
+                                                           plContext),
+                       PKIX_HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED);
+        } else {
+            client->connectStatus = HTTP_RECV_HDR_PENDING;
+            *pKeepGoing = PKIX_FALSE;
+        }
+
+cleanup:
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_RecvHdrContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether the receiving of the HTTP headers for the
+ *  HttpDefaultClient "client" has completed, and stores in "pKeepGoing" a flag
+ *  indicating whether processing can continue without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_RecvHdrContinue(
+        PKIX_PL_HttpDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT,
+                "pkix_pl_HttpDefaultClient_RecvHdrContinue");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
+
+        PKIX_CHECK(callbackList->pollCallback
+                (client->socket, NULL, &bytesRead, plContext),
+                PKIX_SOCKETPOLLFAILED);
+
+        if (bytesRead > 0) {
+                client->filledupBytes += bytesRead;
+
+                PKIX_CHECK(pkix_pl_HttpDefaultClient_HdrCheckComplete
+                        (client, bytesRead, pKeepGoing, plContext),
+                        PKIX_HTTPDEFAULTCLIENTHDRCHECKCOMPLETEFAILED);
+
+        } else {
+
+                *pKeepGoing = PKIX_FALSE;
+
+        }
+
+cleanup:
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_RecvBody
+ * DESCRIPTION:
+ *
+ *  This function processes the contents of the first buffer of a received
+ *  HTTP-protocol message for the HttpDefaultClient "client", and stores in
+ *  "pKeepGoing" a flag indicating whether processing can continue without
+ *  further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_RecvBody(
+        PKIX_PL_HttpDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesRead = 0;
+        PKIX_Int32 bytesToRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_RecvBody");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        callbackList = (PKIX_PL_Socket_Callback *)client->callbackList;
+
+        if (client->rcv_http_data_len != HTTP_UNKNOWN_CONTENT_LENGTH) {
+            bytesToRead = client->rcv_http_data_len -
+                client->filledupBytes;
+        } else {
+            /* Reading till the EOF. Context length is not known.*/
+            /* Check the buffer capacity: increase and
+             * reallocate if it is low. */
+            int freeBuffSize = client->capacity - client->filledupBytes;
+            if (freeBuffSize < HTTP_MIN_AVAILABLE_BUFFER_SIZE) {
+                /* New length will be consist of available(downloaded) bytes,
+                 * plus remaining capacity, plus new expansion. */
+                int currBuffSize = client->capacity;
+                /* Try to increase the buffer by 4K */
+                unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE;
+                if (client->maxResponseLen > 0 &&
+                    newLength > client->maxResponseLen) {
+                        newLength = client->maxResponseLen;
+                }
+                /* Check if we can grow the buffer and report an error if
+                 * new size is not larger than the current size of the buffer.*/
+                if (newLength <= client->filledupBytes) {
+                    client->rcv_http_data_len = client->filledupBytes;
+                    client->connectStatus = HTTP_ERROR;
+                    *pKeepGoing = PKIX_FALSE;
+                    goto cleanup;
+                }
+                if (client->capacity < newLength) {
+                    client->capacity = newLength;
+                    PKIX_CHECK(
+                        PKIX_PL_Realloc(client->rcvBuf, newLength,
+                                        (void**)&client->rcvBuf, plContext),
+                        PKIX_REALLOCFAILED);
+                    freeBuffSize = client->capacity -
+                        client->filledupBytes;
+                }
+            }
+            bytesToRead = freeBuffSize;
+        }
+
+        /* Use poll callback if waiting on non-blocking IO */
+        if (client->connectStatus == HTTP_RECV_BODY_PENDING) {
+            PKIX_CHECK(callbackList->pollCallback
+                       (client->socket, NULL, &bytesRead, plContext),
+                       PKIX_SOCKETPOLLFAILED);
+        } else {
+            PKIX_CHECK(callbackList->recvCallback
+                       (client->socket,
+                        (void *)&(client->rcvBuf[client->filledupBytes]),
+                        bytesToRead,
+                        &bytesRead,
+                        plContext),
+                       PKIX_SOCKETRECVFAILED);
+        }
+
+        /* If bytesRead < 0, an error will be thrown by recvCallback, so
+         * need to handle >= 0 cases. */
+
+        /* bytesRead == 0 - IO was blocked. */
+        if (bytesRead == 0) {
+            client->connectStatus = HTTP_RECV_BODY_PENDING;
+            *pKeepGoing = PKIX_TRUE;
+            goto cleanup;
+        }
+        
+        /* We got something. Did we get it all? */
+        client->filledupBytes += bytesRead;
+
+        /* continue if not enough bytes read or if complete size of
+         * transfer is unknown */
+        if (bytesToRead > bytesRead ||
+            client->rcv_http_data_len == HTTP_UNKNOWN_CONTENT_LENGTH) {
+            *pKeepGoing = PKIX_TRUE;
+            goto cleanup;
+        }
+        client->connectStatus = HTTP_COMPLETE;
+        *pKeepGoing = PKIX_FALSE;
+
+cleanup:
+        if (pkixErrorResult && pkixErrorResult->errCode ==
+            PKIX_PRRECVREPORTSNETWORKCONNECTIONCLOSED) {
+            if (client->rcv_http_data_len == HTTP_UNKNOWN_CONTENT_LENGTH) {
+                client->rcv_http_data_len = client->filledupBytes;
+                client->connectStatus = HTTP_COMPLETE;
+                *pKeepGoing = PKIX_FALSE;
+                PKIX_DECREF(pkixErrorResult);
+            } else {
+                client->connectStatus = HTTP_ERROR;
+            }
+        }
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_HttpDefaultClient_Dispatch
+ * DESCRIPTION:
+ *
+ *  This function is the state machine dispatcher for the HttpDefaultClient
+ *  pointed to by "client". Results are returned by changes to various fields
+ *  in the context.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the HttpDefaultClient object. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HttpDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_HttpDefaultClient_Dispatch(
+        PKIX_PL_HttpDefaultClient *client,
+        void *plContext)
+{
+        PKIX_UInt32 bytesTransferred = 0;
+        PKIX_Boolean keepGoing = PKIX_TRUE;
+
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Dispatch");
+        PKIX_NULLCHECK_ONE(client);
+
+        while (keepGoing) {
+                switch (client->connectStatus) {
+                case HTTP_CONNECT_PENDING:
+                    PKIX_CHECK(pkix_pl_HttpDefaultClient_ConnectContinue
+                        (client, &keepGoing, plContext),
+                        PKIX_HTTPDEFAULTCLIENTCONNECTCONTINUEFAILED);
+                    break;
+                case HTTP_CONNECTED:
+                    PKIX_CHECK(pkix_pl_HttpDefaultClient_Send
+                        (client, &keepGoing, &bytesTransferred, plContext),
+                        PKIX_HTTPDEFAULTCLIENTSENDFAILED);
+                    break;
+                case HTTP_SEND_PENDING:
+                    PKIX_CHECK(pkix_pl_HttpDefaultClient_SendContinue
+                        (client, &keepGoing, &bytesTransferred, plContext),
+                        PKIX_HTTPDEFAULTCLIENTSENDCONTINUEFAILED);
+                    break;
+                case HTTP_RECV_HDR:
+                    PKIX_CHECK(pkix_pl_HttpDefaultClient_RecvHdr
+                        (client, &keepGoing, plContext),
+                        PKIX_HTTPDEFAULTCLIENTRECVHDRFAILED);
+                    break;
+                case HTTP_RECV_HDR_PENDING:
+                    PKIX_CHECK(pkix_pl_HttpDefaultClient_RecvHdrContinue
+                        (client, &keepGoing, plContext),
+                        PKIX_HTTPDEFAULTCLIENTRECVHDRCONTINUEFAILED);
+                    break;
+                case HTTP_RECV_BODY:
+                case HTTP_RECV_BODY_PENDING:
+                    PKIX_CHECK(pkix_pl_HttpDefaultClient_RecvBody
+                        (client, &keepGoing, plContext),
+                        PKIX_HTTPDEFAULTCLIENTRECVBODYFAILED);
+                    break;
+                case HTTP_ERROR:
+                case HTTP_COMPLETE:
+                    keepGoing = PKIX_FALSE;
+                    break;
+                case HTTP_NOT_CONNECTED:
+                default:
+                    PKIX_ERROR(PKIX_HTTPDEFAULTCLIENTINILLEGALSTATE);
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+}
+
+/*
+ * --HttpClient vtable functions
+ * See comments in ocspt.h for the function (wrappers) that return SECStatus.
+ * The functions that return PKIX_Error* are the libpkix implementations.
+ */
+
+PKIX_Error *
+pkix_pl_HttpDefaultClient_CreateSession(
+        const char *host,
+        PRUint16 portnum,
+        SEC_HTTP_SERVER_SESSION *pSession,
+        void *plContext)
+{
+        PKIX_PL_HttpDefaultClient *client = NULL;
+
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_CreateSession");
+        PKIX_NULLCHECK_TWO(host, pSession);
+
+        PKIX_CHECK(pkix_pl_HttpDefaultClient_Create
+                (host, portnum, &client, plContext),
+                PKIX_HTTPDEFAULTCLIENTCREATEFAILED);
+
+        *pSession = (SEC_HTTP_SERVER_SESSION)client;
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+
+}
+
+PKIX_Error *
+pkix_pl_HttpDefaultClient_KeepAliveSession(
+        SEC_HTTP_SERVER_SESSION session,
+        PRPollDesc **pPollDesc,
+        void *plContext)
+{
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT,
+                "pkix_pl_HttpDefaultClient_KeepAliveSession");
+        PKIX_NULLCHECK_TWO(session, pPollDesc);
+
+        PKIX_CHECK(pkix_CheckType
+                ((PKIX_PL_Object *)session,
+                PKIX_HTTPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_SESSIONNOTANHTTPDEFAULTCLIENT);
+
+        /* XXX Not implemented */
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+
+}
+
+PKIX_Error *
+pkix_pl_HttpDefaultClient_RequestCreate(
+        SEC_HTTP_SERVER_SESSION session,
+        const char *http_protocol_variant, /* usually "http" */
+        const char *path_and_query_string,
+        const char *http_request_method, 
+        const PRIntervalTime timeout, 
+        SEC_HTTP_REQUEST_SESSION *pRequest,
+        void *plContext)
+{
+        PKIX_PL_HttpDefaultClient *client = NULL;
+        PKIX_PL_Socket *socket = NULL;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+        PRFileDesc *fileDesc = NULL;
+        PRErrorCode status = 0;
+
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_RequestCreate");
+        PKIX_NULLCHECK_TWO(session, pRequest);
+
+        PKIX_CHECK(pkix_CheckType
+                ((PKIX_PL_Object *)session,
+                PKIX_HTTPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_SESSIONNOTANHTTPDEFAULTCLIENT);
+
+        client = (PKIX_PL_HttpDefaultClient *)session;
+
+        /* We only know how to do http */
+        if (PORT_Strncasecmp(http_protocol_variant, "http", 4) != 0) {
+                PKIX_ERROR(PKIX_UNRECOGNIZEDPROTOCOLREQUESTED);
+        }
+
+        if (PORT_Strncasecmp(http_request_method, "POST", 4) == 0) {
+                client->send_http_method = HTTP_POST_METHOD;
+        } else if (PORT_Strncasecmp(http_request_method, "GET", 3) == 0) {
+                client->send_http_method = HTTP_GET_METHOD;
+        } else {
+                /* We only know how to do POST and GET */
+                PKIX_ERROR(PKIX_UNRECOGNIZEDREQUESTMETHOD);
+        }
+
+        if (path_and_query_string) {
+            /* "path_and_query_string" is a parsing result by CERT_GetURL
+             * function that adds "end of line" to the value. OK to dup
+             * the string. */
+            client->path = PORT_Strdup(path_and_query_string);
+            if (!client->path) {
+                PKIX_ERROR(PKIX_ALLOCERROR);
+            }
+        }
+
+        client->timeout = timeout;
+
+#if 0
+	PKIX_CHECK(pkix_HttpCertStore_FindSocketConnection
+                (timeout,
+                "variation.red.iplanet.com", /* (char *)client->host, */
+                2001,   /* client->portnum, */
+                &status,
+                &socket,
+                plContext),
+		PKIX_HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED);
+#else
+	PKIX_CHECK(pkix_HttpCertStore_FindSocketConnection
+                (timeout,
+                (char *)client->host,
+                client->portnum,
+                &status,
+                &socket,
+                plContext),
+		PKIX_HTTPCERTSTOREFINDSOCKETCONNECTIONFAILED);
+#endif
+
+        client->socket = socket;
+
+        PKIX_CHECK(pkix_pl_Socket_GetCallbackList
+                (socket, &callbackList, plContext),
+                PKIX_SOCKETGETCALLBACKLISTFAILED);
+
+        client->callbackList = (void *)callbackList;
+
+        PKIX_CHECK(pkix_pl_Socket_GetPRFileDesc
+                (socket, &fileDesc, plContext),
+                PKIX_SOCKETGETPRFILEDESCFAILED);
+
+        client->pollDesc.fd = fileDesc;
+        client->pollDesc.in_flags = 0;
+        client->pollDesc.out_flags = 0;
+
+        client->send_http_data = NULL;
+        client->send_http_data_len = 0;
+        client->send_http_content_type = NULL;
+
+        client->connectStatus =
+                 ((status == 0) ? HTTP_CONNECTED : HTTP_CONNECT_PENDING);
+
+        /* Request object is the same object as Session object */
+        PKIX_INCREF(client);
+        *pRequest = client;
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+
+}
+
+PKIX_Error *
+pkix_pl_HttpDefaultClient_SetPostData(
+        SEC_HTTP_REQUEST_SESSION request,
+        const char *http_data, 
+        const PRUint32 http_data_len,
+        const char *http_content_type,
+        void *plContext)
+{
+        PKIX_PL_HttpDefaultClient *client = NULL;
+
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT,
+                "pkix_pl_HttpDefaultClient_SetPostData");
+        PKIX_NULLCHECK_ONE(request);
+
+        PKIX_CHECK(pkix_CheckType
+                ((PKIX_PL_Object *)request,
+                PKIX_HTTPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
+
+        client = (PKIX_PL_HttpDefaultClient *)request;
+
+        client->send_http_data = http_data;
+        client->send_http_data_len = http_data_len;
+        client->send_http_content_type = http_content_type;
+
+        /* Caller is allowed to give NULL or empty string for content_type */
+        if ((client->send_http_content_type == NULL) ||
+            (*(client->send_http_content_type) == '\0')) {
+                client->send_http_content_type = "application/ocsp-request";
+        }
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+
+}
+
+PKIX_Error *
+pkix_pl_HttpDefaultClient_TrySendAndReceive(
+        SEC_HTTP_REQUEST_SESSION request,
+        PRUint16 *http_response_code, 
+        const char **http_response_content_type, 
+        const char **http_response_headers, 
+        const char **http_response_data, 
+        PRUint32 *http_response_data_len, 
+        PRPollDesc **pPollDesc,
+        SECStatus *pSECReturn,
+        void *plContext)        
+{
+        PKIX_PL_HttpDefaultClient *client = NULL;
+        PKIX_UInt32 postLen = 0;
+        PRPollDesc *pollDesc = NULL;
+        char *sendbuf = NULL;
+        char portstr[16];
+
+        PKIX_ENTER
+                (HTTPDEFAULTCLIENT,
+                "pkix_pl_HttpDefaultClient_TrySendAndReceive");
+
+        PKIX_NULLCHECK_ONE(request);
+
+        PKIX_CHECK(pkix_CheckType
+                ((PKIX_PL_Object *)request,
+                PKIX_HTTPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
+
+        client = (PKIX_PL_HttpDefaultClient *)request;
+
+        if (!pPollDesc && client->timeout == 0) {
+            PKIX_ERROR_FATAL(PKIX_NULLARGUMENT);
+        }
+
+        if (pPollDesc) {
+            pollDesc = *pPollDesc;
+        }
+
+        /* if not continuing from an earlier WOULDBLOCK return... */
+        if (pollDesc == NULL) {
+
+                if (!((client->connectStatus == HTTP_CONNECTED) ||
+                     (client->connectStatus == HTTP_CONNECT_PENDING))) {
+                        PKIX_ERROR(PKIX_HTTPCLIENTININVALIDSTATE);
+                }
+
+                /* Did caller provide a value for response length? */
+                if (http_response_data_len != NULL) {
+                        client->pRcv_http_data_len = http_response_data_len;
+                        client->maxResponseLen = *http_response_data_len;
+                }
+
+                client->rcv_http_response_code = http_response_code;
+                client->rcv_http_content_type = http_response_content_type;
+                client->rcv_http_headers = http_response_headers;
+                client->rcv_http_data = http_response_data;
+
+                /* prepare the message */
+                portstr[0] = '\0';
+                if (client->portnum != 80) {
+                        PR_snprintf(portstr, sizeof(portstr), ":%d", 
+                                    client->portnum);
+                }
+                
+                if (client->send_http_method == HTTP_POST_METHOD) {
+                        sendbuf = PR_smprintf
+                            ("POST %s HTTP/1.0\r\nHost: %s%s\r\n"
+                            "Content-Type: %s\r\nContent-Length: %u\r\n\r\n",
+                            client->path,
+                            client->host,
+                            portstr,
+                            client->send_http_content_type,
+                            client->send_http_data_len);
+                        postLen = PORT_Strlen(sendbuf);
+                            
+                        client->POSTLen = postLen + client->send_http_data_len;
+
+                        /* allocate postBuffer big enough for header + data */
+                        PKIX_CHECK(PKIX_PL_Malloc
+                                (client->POSTLen,
+                                (void **)&(client->POSTBuf),
+                                plContext),
+                                PKIX_MALLOCFAILED);
+
+                        /* copy header into postBuffer */
+                        PORT_Memcpy(client->POSTBuf, sendbuf, postLen);
+
+                        /* append data after header */
+                        PORT_Memcpy(&client->POSTBuf[postLen],
+                                    client->send_http_data,
+                                    client->send_http_data_len);
+
+                        /* PR_smprintf_free original header buffer */
+                        PR_smprintf_free(sendbuf);
+                        sendbuf = NULL;
+                        
+                } else if (client->send_http_method == HTTP_GET_METHOD) {
+                        client->GETBuf = PR_smprintf
+                            ("GET %s HTTP/1.0\r\nHost: %s%s\r\n\r\n",
+                            client->path,
+                            client->host,
+                            portstr);
+                        client->GETLen = PORT_Strlen(client->GETBuf);
+                }
+
+        }
+
+        /* continue according to state */
+        PKIX_CHECK(pkix_pl_HttpDefaultClient_Dispatch(client, plContext),
+                PKIX_HTTPDEFAULTCLIENTDISPATCHFAILED);
+
+        switch (client->connectStatus) {
+                case HTTP_CONNECT_PENDING:
+                case HTTP_SEND_PENDING:
+                case HTTP_RECV_HDR_PENDING:
+                case HTTP_RECV_BODY_PENDING:
+                        pollDesc = &(client->pollDesc);
+                        *pSECReturn = SECWouldBlock;
+                        break;
+                case HTTP_ERROR:
+                        /* Did caller provide a pointer for length? */
+                        if (client->pRcv_http_data_len != NULL) {
+                                /* Was error "response too big?" */
+                                if (client->rcv_http_data_len !=
+                                            HTTP_UNKNOWN_CONTENT_LENGTH &&
+                                    client->maxResponseLen >=
+                                                client->rcv_http_data_len) {
+                                        /* Yes, report needed space */
+                                        *(client->pRcv_http_data_len) =
+                                                 client->rcv_http_data_len;
+                                } else {
+                                        /* No, report problem other than size */
+                                        *(client->pRcv_http_data_len) = 0;
+                                }
+                        }
+
+                        pollDesc = NULL;
+                        *pSECReturn = SECFailure;
+                        break;
+                case HTTP_COMPLETE:
+                        *(client->rcv_http_response_code) =
+                                client->responseCode;
+                        if (client->pRcv_http_data_len != NULL) {
+                                *http_response_data_len =
+                                         client->rcv_http_data_len;
+                        }
+                        if (client->rcv_http_data != NULL) {
+                                *(client->rcv_http_data) = client->rcvBuf;
+                        }
+                        pollDesc = NULL;
+                        *pSECReturn = SECSuccess;
+                        break;
+                case HTTP_NOT_CONNECTED:
+                case HTTP_CONNECTED:
+                case HTTP_RECV_HDR:
+                case HTTP_RECV_BODY:
+                default:
+                        pollDesc = NULL;
+                        *pSECReturn = SECFailure;
+                        PKIX_ERROR(PKIX_HTTPCLIENTININVALIDSTATE);
+                        break;
+        }
+
+        if (pPollDesc) {
+            *pPollDesc = pollDesc;
+        }
+
+cleanup:
+        if (sendbuf) {
+            PR_smprintf_free(sendbuf);
+        }
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+
+}
+
+PKIX_Error *
+pkix_pl_HttpDefaultClient_Cancel(
+        SEC_HTTP_REQUEST_SESSION request,
+        void *plContext)
+{
+        PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel");
+        PKIX_NULLCHECK_ONE(request);
+
+        PKIX_CHECK(pkix_CheckType
+                ((PKIX_PL_Object *)request,
+                PKIX_HTTPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
+
+        /* XXX Not implemented */
+
+cleanup:
+
+        PKIX_RETURN(HTTPDEFAULTCLIENT);
+
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_CreateSessionFcn(
+        const char *host,
+        PRUint16 portnum,
+        SEC_HTTP_SERVER_SESSION *pSession)
+{
+        PKIX_Error *err = pkix_pl_HttpDefaultClient_CreateSession
+                (host, portnum, pSession, plContext);
+
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return SECFailure;
+        }
+        return SECSuccess;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_KeepAliveSessionFcn(
+        SEC_HTTP_SERVER_SESSION session,
+        PRPollDesc **pPollDesc)
+{
+        PKIX_Error *err = pkix_pl_HttpDefaultClient_KeepAliveSession
+                (session, pPollDesc, plContext);
+
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return SECFailure;
+        }
+        return SECSuccess;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_FreeSessionFcn(
+        SEC_HTTP_SERVER_SESSION session)
+{
+        PKIX_Error *err =
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)(session), plContext);
+
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return SECFailure;
+        }
+        return SECSuccess;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_RequestCreateFcn(
+        SEC_HTTP_SERVER_SESSION session,
+        const char *http_protocol_variant, /* usually "http" */
+        const char *path_and_query_string,
+        const char *http_request_method, 
+        const PRIntervalTime timeout, 
+        SEC_HTTP_REQUEST_SESSION *pRequest)
+{
+        PKIX_Error *err = pkix_pl_HttpDefaultClient_RequestCreate
+                (session,
+                http_protocol_variant,
+                path_and_query_string,
+                http_request_method,
+                timeout,
+                pRequest,
+                plContext);
+
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return SECFailure;
+        }
+        return SECSuccess;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_SetPostDataFcn(
+        SEC_HTTP_REQUEST_SESSION request,
+        const char *http_data, 
+        const PRUint32 http_data_len,
+        const char *http_content_type)
+{
+        PKIX_Error *err =
+            pkix_pl_HttpDefaultClient_SetPostData(request, http_data,
+                                                  http_data_len,
+                                                  http_content_type,
+                                                  plContext);
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return SECFailure;
+        }
+        return SECSuccess;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_AddHeaderFcn(
+        SEC_HTTP_REQUEST_SESSION request,
+        const char *http_header_name, 
+        const char *http_header_value)
+{
+        /* Not supported */
+        return SECFailure;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_TrySendAndReceiveFcn(
+        SEC_HTTP_REQUEST_SESSION request,
+        PRPollDesc **pPollDesc,
+        PRUint16 *http_response_code, 
+        const char **http_response_content_type, 
+        const char **http_response_headers, 
+        const char **http_response_data, 
+        PRUint32 *http_response_data_len) 
+{
+        SECStatus rv = SECFailure;
+
+        PKIX_Error *err = pkix_pl_HttpDefaultClient_TrySendAndReceive
+                (request,
+                http_response_code, 
+                http_response_content_type, 
+                http_response_headers, 
+                http_response_data, 
+                http_response_data_len,
+                pPollDesc,
+                &rv,
+                plContext);
+
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return rv;
+        }
+        return SECSuccess;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_CancelFcn(
+        SEC_HTTP_REQUEST_SESSION request)
+{
+        PKIX_Error *err = pkix_pl_HttpDefaultClient_Cancel(request, plContext);
+
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return SECFailure;
+        }
+        return SECSuccess;
+}
+
+SECStatus
+pkix_pl_HttpDefaultClient_FreeFcn(
+        SEC_HTTP_REQUEST_SESSION request)
+{
+        PKIX_Error *err =
+            PKIX_PL_Object_DecRef((PKIX_PL_Object *)(request), plContext);
+
+        if (err) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object *)err, plContext);
+                return SECFailure;
+        }
+        return SECSuccess;
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h
new file mode 100644
index 0000000..91916a0
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.h
@@ -0,0 +1,139 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_httpdefaultclient.h
+ *
+ * HTTPDefaultClient Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_HTTPDEFAULTCLIENT_H
+#define _PKIX_PL_HTTPDEFAULTCLIENT_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define HTTP_DATA_BUFSIZE 4096
+#define HTTP_HEADER_BUFSIZE 1024
+#define HTTP_MIN_AVAILABLE_BUFFER_SIZE 512
+
+typedef enum {
+        HTTP_NOT_CONNECTED,
+        HTTP_CONNECT_PENDING,
+        HTTP_CONNECTED,
+        HTTP_SEND_PENDING,
+        HTTP_RECV_HDR,
+        HTTP_RECV_HDR_PENDING,
+        HTTP_RECV_BODY,
+        HTTP_RECV_BODY_PENDING,
+        HTTP_COMPLETE,
+        HTTP_ERROR
+} HttpConnectStatus;
+
+typedef enum {
+	HTTP_POST_METHOD,
+	HTTP_GET_METHOD
+} HttpMethod;
+
+struct PKIX_PL_HttpDefaultClientStruct {
+        HttpConnectStatus connectStatus;
+        PRUint16 portnum;
+        PRIntervalTime timeout;
+        PKIX_UInt32 bytesToWrite;
+        PKIX_UInt32 send_http_data_len;
+        PKIX_UInt32 rcv_http_data_len;
+        PKIX_UInt32 capacity;
+        PKIX_UInt32 filledupBytes;
+        PKIX_UInt32 responseCode;
+        PKIX_UInt32 maxResponseLen;
+        PKIX_UInt32 GETLen;
+        PKIX_UInt32 POSTLen;
+        PRUint32 *pRcv_http_data_len;
+        PRPollDesc pollDesc;
+        void *callbackList; /* cast this to (PKIX_PL_Socket_Callback *) */
+        char *GETBuf;
+        char *POSTBuf;
+        char *rcvBuf;
+        char *host;
+        char *path;
+        char *rcvContentType;
+        void *rcvHeaders;
+        HttpMethod send_http_method;
+        const char *send_http_content_type;
+        const char *send_http_data;
+        PRUint16 *rcv_http_response_code;
+        const char **rcv_http_content_type;
+        const char **rcv_http_headers;
+        const char **rcv_http_data;
+        PKIX_PL_Socket *socket;
+        void *plContext;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_HttpDefaultClient_RegisterSelf(void *plContext);
+
+SECStatus
+pkix_pl_HttpDefaultClient_CreateSessionFcn(
+        const char *host,
+        PRUint16 portnum,
+        SEC_HTTP_SERVER_SESSION *pSession);
+
+SECStatus
+pkix_pl_HttpDefaultClient_KeepAliveSessionFcn(
+        SEC_HTTP_SERVER_SESSION session,
+        PRPollDesc **pPollDesc);
+
+SECStatus
+pkix_pl_HttpDefaultClient_FreeSessionFcn(
+        SEC_HTTP_SERVER_SESSION session);
+
+SECStatus
+pkix_pl_HttpDefaultClient_RequestCreateFcn(
+        SEC_HTTP_SERVER_SESSION session,
+        const char *http_protocol_variant, /* usually "http" */
+        const char *path_and_query_string,
+        const char *http_request_method, 
+        const PRIntervalTime timeout, 
+        SEC_HTTP_REQUEST_SESSION *pRequest);
+
+SECStatus
+pkix_pl_HttpDefaultClient_SetPostDataFcn(
+        SEC_HTTP_REQUEST_SESSION request,
+        const char *http_data, 
+        const PRUint32 http_data_len,
+        const char *http_content_type);
+
+SECStatus
+pkix_pl_HttpDefaultClient_AddHeaderFcn(
+        SEC_HTTP_REQUEST_SESSION request,
+        const char *http_header_name, 
+        const char *http_header_value);
+
+SECStatus
+pkix_pl_HttpDefaultClient_TrySendAndReceiveFcn(
+        SEC_HTTP_REQUEST_SESSION request,
+        PRPollDesc **pPollDesc,
+        PRUint16 *http_response_code, 
+        const char **http_response_content_type, 
+        const char **http_response_headers, 
+        const char **http_response_data, 
+        PRUint32 *http_response_data_len); 
+
+SECStatus
+pkix_pl_HttpDefaultClient_CancelFcn(
+        SEC_HTTP_REQUEST_SESSION request);
+
+SECStatus
+pkix_pl_HttpDefaultClient_FreeFcn(
+        SEC_HTTP_REQUEST_SESSION request);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_HTTPDEFAULTCLIENT_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
new file mode 100644
index 0000000..1b5d757
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
@@ -0,0 +1,1116 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldapcertstore.c
+ *
+ * LDAPCertStore Function Definitions
+ *
+ */
+
+/* We can't decode the length of a message without at least this many bytes */
+#define MINIMUM_MSG_LENGTH 5
+
+#include "pkix_pl_ldapcertstore.h"
+
+/* --Private-Ldap-CertStore-Database-Functions----------------------- */
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_DecodeCrossCertPair
+ * DESCRIPTION:
+ *
+ *  This function decodes a DER-encoded CrossCertPair pointed to by
+ *  "responseList" and extracts and decodes the Certificates in that pair,
+ *  adding the resulting Certs, if the decoding was successful, to the List
+ *  (possibly empty) pointed to by "certList". If none of the objects
+ *  can be decoded into a Cert, the List is returned unchanged.
+ *
+ * PARAMETERS:
+ *  "derCCPItem"
+ *      The address of the SECItem containing the DER representation of the
+ *      CrossCertPair. Must be non-NULL.
+ *  "certList"
+ *      The address of the List to which the decoded Certs are added. May be
+ *      empty, but must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_DecodeCrossCertPair(
+        SECItem *derCCPItem,
+        PKIX_List *certList,
+        void *plContext)
+{
+        LDAPCertPair certPair = {{ siBuffer, NULL, 0 }, { siBuffer, NULL, 0 }};
+        SECStatus rv = SECFailure;
+
+        PLArenaPool *tempArena = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_DecodeCrossCertPair");
+        PKIX_NULLCHECK_TWO(derCCPItem, certList);
+
+        tempArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!tempArena) {
+            PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        rv = SEC_ASN1DecodeItem(tempArena, &certPair, PKIX_PL_LDAPCrossCertPairTemplate,
+                                derCCPItem);
+        if (rv != SECSuccess) {
+                goto cleanup;
+        }
+
+        if (certPair.forward.data != NULL) {
+
+            PKIX_CHECK(
+                pkix_pl_Cert_CreateToList(&certPair.forward, certList,
+                                          plContext),
+                PKIX_CERTCREATETOLISTFAILED);
+        }
+
+        if (certPair.reverse.data != NULL) {
+
+            PKIX_CHECK(
+                pkix_pl_Cert_CreateToList(&certPair.reverse, certList,
+                                          plContext),
+                PKIX_CERTCREATETOLISTFAILED);
+        }
+
+cleanup:
+        if (tempArena) {
+            PORT_FreeArena(tempArena, PR_FALSE);
+        }
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_BuildCertList
+ * DESCRIPTION:
+ *
+ *  This function takes a List of LdapResponse objects pointed to by
+ *  "responseList" and extracts and decodes the Certificates in those responses,
+ *  storing the List of those Certificates at "pCerts". If none of the objects
+ *  can be decoded into a Cert, the returned List is empty.
+ *
+ * PARAMETERS:
+ *  "responseList"
+ *      The address of the List of LdapResponses. Must be non-NULL.
+ *  "pCerts"
+ *      The address at which the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_BuildCertList(
+        PKIX_List *responseList,
+        PKIX_List **pCerts,
+        void *plContext)
+{
+        PKIX_UInt32 numResponses = 0;
+        PKIX_UInt32 respIx = 0;
+        LdapAttrMask attrBits = 0;
+        PKIX_PL_LdapResponse *response = NULL;
+        PKIX_List *certList = NULL;
+        LDAPMessage *message = NULL;
+        LDAPSearchResponseEntry *sre = NULL;
+        LDAPSearchResponseAttr **sreAttrArray = NULL;
+        LDAPSearchResponseAttr *sreAttr = NULL;
+        SECItem *attrType = NULL;
+        SECItem **attrVal = NULL;
+        SECItem *derCertItem = NULL;
+
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_BuildCertList");
+        PKIX_NULLCHECK_TWO(responseList, pCerts);
+
+        PKIX_CHECK(PKIX_List_Create(&certList, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        /* extract certs from response */
+        PKIX_CHECK(PKIX_List_GetLength
+                (responseList, &numResponses, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (respIx = 0; respIx < numResponses; respIx++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                        (responseList,
+                        respIx,
+                        (PKIX_PL_Object **)&response,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(pkix_pl_LdapResponse_GetMessage
+                        (response, &message, plContext),
+                        PKIX_LDAPRESPONSEGETMESSAGEFAILED);
+
+                sre = &(message->protocolOp.op.searchResponseEntryMsg);
+                sreAttrArray = sre->attributes;
+
+                /* Get next element of null-terminated array */
+                sreAttr = *sreAttrArray++;
+                while (sreAttr != NULL) {
+                    attrType = &(sreAttr->attrType);
+                    PKIX_CHECK(pkix_pl_LdapRequest_AttrTypeToBit
+                        (attrType, &attrBits, plContext),
+                        PKIX_LDAPREQUESTATTRTYPETOBITFAILED);
+                    /* Is this attrVal a Certificate? */
+                    if (((LDAPATTR_CACERT | LDAPATTR_USERCERT) &
+                            attrBits) == attrBits) {
+                        attrVal = sreAttr->val;
+                        derCertItem = *attrVal++;
+                        while (derCertItem != 0) {
+                            /* create a PKIX_PL_Cert from derCert */
+                            PKIX_CHECK(pkix_pl_Cert_CreateToList
+                                (derCertItem, certList, plContext),
+                                PKIX_CERTCREATETOLISTFAILED);
+                            derCertItem = *attrVal++;
+                        }
+                    } else if ((LDAPATTR_CROSSPAIRCERT & attrBits) == attrBits){
+                        /* Is this attrVal a CrossPairCertificate? */
+                        attrVal = sreAttr->val;
+                        derCertItem = *attrVal++;
+                        while (derCertItem != 0) {
+                            /* create PKIX_PL_Certs from derCert */
+                            PKIX_CHECK(pkix_pl_LdapCertStore_DecodeCrossCertPair
+                                (derCertItem, certList, plContext),
+                                PKIX_LDAPCERTSTOREDECODECROSSCERTPAIRFAILED);
+                            derCertItem = *attrVal++;
+                        }
+                    }
+                    sreAttr = *sreAttrArray++;
+                }
+                PKIX_DECREF(response);
+        }
+
+        *pCerts = certList;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(certList);
+        }
+
+        PKIX_DECREF(response);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_BuildCrlList
+ * DESCRIPTION:
+ *
+ *  This function takes a List of LdapResponse objects pointed to by
+ *  "responseList" and extracts and decodes the CRLs in those responses, storing
+ *  the List of those CRLs at "pCrls". If none of the objects can be decoded
+ *  into a CRL, the returned List is empty.
+ *
+ * PARAMETERS:
+ *  "responseList"
+ *      The address of the List of LdapResponses. Must be non-NULL.
+ *  "pCrls"
+ *      The address at which the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_BuildCrlList(
+        PKIX_List *responseList,
+        PKIX_List **pCrls,
+        void *plContext)
+{
+        PKIX_UInt32 numResponses = 0;
+        PKIX_UInt32 respIx = 0;
+        LdapAttrMask attrBits = 0;
+        CERTSignedCrl *nssCrl = NULL;
+        PKIX_PL_LdapResponse *response = NULL;
+        PKIX_List *crlList = NULL;
+        PKIX_PL_CRL *crl = NULL;
+        LDAPMessage *message = NULL;
+        LDAPSearchResponseEntry *sre = NULL;
+        LDAPSearchResponseAttr **sreAttrArray = NULL;
+        LDAPSearchResponseAttr *sreAttr = NULL;
+        SECItem *attrType = NULL;
+        SECItem **attrVal = NULL;
+        SECItem *derCrlCopy = NULL;
+        SECItem *derCrlItem = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_BuildCrlList");
+        PKIX_NULLCHECK_TWO(responseList, pCrls);
+
+        PKIX_CHECK(PKIX_List_Create(&crlList, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        /* extract crls from response */
+        PKIX_CHECK(PKIX_List_GetLength
+                (responseList, &numResponses, plContext),
+                PKIX_LISTGETLENGTHFAILED);
+
+        for (respIx = 0; respIx < numResponses; respIx++) {
+                PKIX_CHECK(PKIX_List_GetItem
+                        (responseList,
+                        respIx,
+                        (PKIX_PL_Object **)&response,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                PKIX_CHECK(pkix_pl_LdapResponse_GetMessage
+                        (response, &message, plContext),
+                        PKIX_LDAPRESPONSEGETMESSAGEFAILED);
+
+                sre = &(message->protocolOp.op.searchResponseEntryMsg);
+                sreAttrArray = sre->attributes;
+
+                /* Get next element of null-terminated array */
+                sreAttr = *sreAttrArray++;
+                while (sreAttr != NULL) {
+                    attrType = &(sreAttr->attrType);
+                    PKIX_CHECK(pkix_pl_LdapRequest_AttrTypeToBit
+                        (attrType, &attrBits, plContext),
+                        PKIX_LDAPREQUESTATTRTYPETOBITFAILED);
+                    /* Is this attrVal a Revocation List? */
+                    if (((LDAPATTR_CERTREVLIST | LDAPATTR_AUTHREVLIST) &
+                            attrBits) == attrBits) {
+                        attrVal = sreAttr->val;
+                        derCrlItem = *attrVal++;
+                        while (derCrlItem != 0) {
+                            /* create a PKIX_PL_Crl from derCrl */
+                            derCrlCopy = SECITEM_DupItem(derCrlItem);
+                            if (!derCrlCopy) {
+                                PKIX_ERROR(PKIX_ALLOCERROR);
+                            }
+                            /* crl will be based on derCrlCopy, but wont
+                             * own the der. */
+                            nssCrl =
+                                CERT_DecodeDERCrlWithFlags(NULL, derCrlCopy,
+                                                       SEC_CRL_TYPE,
+                                                       CRL_DECODE_DONT_COPY_DER |
+                                                       CRL_DECODE_SKIP_ENTRIES);
+                            if (!nssCrl) {
+                                SECITEM_FreeItem(derCrlCopy, PKIX_TRUE);
+                                continue;
+                            }
+                            /* pkix crl own the der. */
+                            PKIX_CHECK(
+                                pkix_pl_CRL_CreateWithSignedCRL(nssCrl, 
+                                       derCrlCopy, NULL, &crl, plContext),
+                                PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
+                            /* Left control over memory pointed by derCrlCopy and
+                             * nssCrl to pkix crl. */
+                            derCrlCopy = NULL;
+                            nssCrl = NULL;
+                            PKIX_CHECK(PKIX_List_AppendItem
+                                       (crlList, (PKIX_PL_Object *) crl, plContext),
+                                       PKIX_LISTAPPENDITEMFAILED);
+                            PKIX_DECREF(crl);
+                            derCrlItem = *attrVal++;
+                        }
+                        /* Clean up after PKIX_CHECK_ONLY_FATAL */
+                        pkixTempErrorReceived = PKIX_FALSE;
+                    }
+                    sreAttr = *sreAttrArray++;
+                }
+                PKIX_DECREF(response);
+        }
+
+        *pCrls = crlList;
+        crlList = NULL;
+cleanup:
+        if (derCrlCopy) {
+            SECITEM_FreeItem(derCrlCopy, PKIX_TRUE);
+        }
+        if (nssCrl) {
+            SEC_DestroyCrl(nssCrl);
+        }
+        PKIX_DECREF(crl);
+        PKIX_DECREF(crlList);
+        PKIX_DECREF(response);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_DestroyAVAList
+ * DESCRIPTION:
+ *
+ *  This function frees the space allocated for the components of the
+ *  equalFilters that make up the andFilter pointed to by "filter".
+ *
+ * PARAMETERS:
+ *  "requestParams"
+ *      The address of the andFilter whose components are to be freed. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapCertStore_DestroyAVAList(
+        LDAPNameComponent **nameComponents,
+        void *plContext)
+{
+        LDAPNameComponent **currentNC = NULL;
+        unsigned char *component = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_DestroyAVAList");
+        PKIX_NULLCHECK_ONE(nameComponents);
+
+        /* Set currentNC to point to first AVA pointer */
+        currentNC = nameComponents;
+
+        while ((*currentNC) != NULL) {
+                component = (*currentNC)->attrValue;
+                if (component != NULL) {
+                        PORT_Free(component);
+                }
+                currentNC++;
+        }
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_MakeNameAVAList
+ * DESCRIPTION:
+ *
+ *  This function allocates space from the arena pointed to by "arena" to
+ *  construct a filter that will match components of the X500Name pointed to
+ *  by "name", and stores the resulting filter at "pFilter".
+ *
+ *  "name" is checked for commonName and organizationName components (cn=,
+ *  and o=). The component strings are extracted using the family of
+ *  CERT_Get* functions, and each must be freed with PORT_Free.
+ *
+ *  It is not clear which components should be in a request, so, for now,
+ *  we stop adding components after we have found one.
+ *
+ * PARAMETERS:
+ *  "arena"
+ *      The address of the PLArenaPool used in creating the filter. Must be
+ *       non-NULL.
+ *  "name"
+ *      The address of the X500Name whose components define the desired
+ *      matches. Must be non-NULL.
+ *  "pList"
+ *      The address at which the result is stored.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapCertStore_MakeNameAVAList(
+        PLArenaPool *arena,
+        PKIX_PL_X500Name *subjectName, 
+        LDAPNameComponent ***pList,
+        void *plContext)
+{
+        LDAPNameComponent **setOfNameComponents;
+        LDAPNameComponent *currentNameComponent = NULL;
+        PKIX_UInt32 componentsPresent = 0;
+        void *v = NULL;
+        unsigned char *component = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_MakeNameAVAList");
+        PKIX_NULLCHECK_THREE(arena, subjectName, pList);
+
+        /* Increase this if additional components may be extracted */
+#define MAX_NUM_COMPONENTS 3
+
+        /* Space for (MAX_NUM_COMPONENTS + 1) pointers to LDAPNameComponents */
+        PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZAlloc,
+                (arena, (MAX_NUM_COMPONENTS + 1)*sizeof(LDAPNameComponent *)));
+        setOfNameComponents = (LDAPNameComponent **)v;
+
+        /* Space for MAX_NUM_COMPONENTS LDAPNameComponents */
+        PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZNewArray,
+                (arena, LDAPNameComponent, MAX_NUM_COMPONENTS));
+
+        currentNameComponent = (LDAPNameComponent *)v;
+
+        /* Try for commonName */
+        PKIX_CHECK(pkix_pl_X500Name_GetCommonName
+                (subjectName, &component, plContext),
+                PKIX_X500NAMEGETCOMMONNAMEFAILED);
+        if (component) {
+                setOfNameComponents[componentsPresent] = currentNameComponent;
+                currentNameComponent->attrType = (unsigned char *)"cn";
+                currentNameComponent->attrValue = component;
+                componentsPresent++;
+                currentNameComponent++;
+        }
+
+        /*
+         * The LDAP specification says we can send multiple name components
+         * in an "AND" filter, but the LDAP Servers don't seem to be able to
+         * handle such requests. So we'll quit after the cn component.
+         */
+#if 0
+        /* Try for orgName */
+        PKIX_CHECK(pkix_pl_X500Name_GetOrgName
+                (subjectName, &component, plContext),
+                PKIX_X500NAMEGETORGNAMEFAILED);
+        if (component) {
+                setOfNameComponents[componentsPresent] = currentNameComponent;
+                currentNameComponent->attrType = (unsigned char *)"o";
+                currentNameComponent->attrValue = component;
+                componentsPresent++;
+                currentNameComponent++;
+        }
+
+        /* Try for countryName */
+        PKIX_CHECK(pkix_pl_X500Name_GetCountryName
+                (subjectName, &component, plContext),
+                PKIX_X500NAMEGETCOUNTRYNAMEFAILED);
+        if (component) {
+                setOfNameComponents[componentsPresent] = currentNameComponent;
+                currentNameComponent->attrType = (unsigned char *)"c";
+                currentNameComponent->attrValue = component;
+                componentsPresent++;
+                currentNameComponent++;
+        }
+#endif
+
+        setOfNameComponents[componentsPresent] = NULL;
+
+        *pList = setOfNameComponents;
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+
+}
+
+#if 0
+/*
+ * FUNCTION: pkix_pl_LdapCertstore_ConvertCertResponses
+ * DESCRIPTION:
+ *
+ *  This function processes the List of LDAPResponses pointed to by "responses"
+ *  into a List of resulting Certs, storing the result at "pCerts". If there
+ *  are no responses converted successfully, a NULL may be stored.
+ *
+ * PARAMETERS:
+ *  "responses"
+ *      The LDAPResponses whose contents are to be converted. Must be non-NULL.
+ *  "pCerts"
+ *      Address at which the returned List is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_ConvertCertResponses(
+        PKIX_List *responses,
+        PKIX_List **pCerts,
+        void *plContext)
+{
+        PKIX_List *unfiltered = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_ConvertCertResponses");
+        PKIX_NULLCHECK_TWO(responses, pCerts);
+
+        /*
+         * We have a List of LdapResponse objects that have to be
+         * turned into Certs.
+         */
+        PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
+                (responses, &unfiltered, plContext),
+                PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
+
+        *pCerts = unfiltered;
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
+#endif
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_GetCert
+ *  (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_GetCert(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCertList,
+        void *plContext)
+{
+        PLArenaPool *requestArena = NULL;
+        LDAPRequestParams requestParams;
+        void *pollDesc = NULL;
+        PKIX_Int32 minPathLen = 0;
+        PKIX_Boolean cacheFlag = PKIX_FALSE;
+        PKIX_ComCertSelParams *params = NULL;
+        PKIX_PL_LdapCertStoreContext *lcs = NULL;
+        PKIX_List *responses = NULL;
+        PKIX_List *unfilteredCerts = NULL;
+        PKIX_List *filteredCerts = NULL;
+        PKIX_PL_X500Name *subjectName = 0;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCert");
+        PKIX_NULLCHECK_THREE(store, selector, pCertList);
+
+        requestParams.baseObject = "c=US";
+        requestParams.scope = WHOLE_SUBTREE;
+        requestParams.derefAliases = NEVER_DEREF;
+        requestParams.sizeLimit = 0;
+        requestParams.timeLimit = 0;
+
+        /* Prepare elements for request filter */
+
+        /*
+         * Get a short-lived arena. We'll be done with this space once
+         * the request is encoded.
+         */
+        requestArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!requestArena) {
+                PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
+        }
+
+        PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
+                (selector, &params, plContext),
+                PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED);
+
+        /*
+         * If we have the subject name for the desired subject,
+         * ask the server for Certs with that subject.
+         */
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
+                (params, &subjectName, plContext),
+                PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetBasicConstraints
+                (params, &minPathLen, plContext),
+                PKIX_COMCERTSELPARAMSGETBASICCONSTRAINTSFAILED);
+
+        if (subjectName) {
+                PKIX_CHECK(pkix_pl_LdapCertStore_MakeNameAVAList
+                        (requestArena,
+                        subjectName,
+                        &(requestParams.nc),
+                        plContext),
+                        PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED);
+
+                if (*requestParams.nc == NULL) {
+                        /*
+                         * The subjectName may not include any components
+                         * that we know how to encode. We do not return
+                         * an error, because the caller did not necessarily
+                         * do anything wrong, but we return an empty List.
+                         */
+                        PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,
+                                (requestArena, PR_FALSE));
+
+                        PKIX_CHECK(PKIX_List_Create(&filteredCerts, plContext),
+                                PKIX_LISTCREATEFAILED);
+
+                        PKIX_CHECK(PKIX_List_SetImmutable
+                                (filteredCerts, plContext),
+                                PKIX_LISTSETIMMUTABLEFAILED);
+
+                        *pNBIOContext = NULL;
+                        *pCertList = filteredCerts;
+                        filteredCerts = NULL;
+                        goto cleanup;
+                }
+        } else {
+                PKIX_ERROR(PKIX_INSUFFICIENTCRITERIAFORCERTQUERY);
+        }
+
+        /* Prepare attribute field of request */
+
+        requestParams.attributes = 0;
+
+        if (minPathLen < 0) {
+                requestParams.attributes |= LDAPATTR_USERCERT;
+        }
+
+        if (minPathLen > -2) {
+                requestParams.attributes |=
+                        LDAPATTR_CACERT | LDAPATTR_CROSSPAIRCERT;
+        }
+
+        /* All request fields are done */
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&lcs, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequest
+                ((PKIX_PL_LdapClient *)lcs,
+                &requestParams,
+                &pollDesc,
+                &responses,
+                plContext),
+                PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
+
+        PKIX_CHECK(pkix_pl_LdapCertStore_DestroyAVAList
+                (requestParams.nc, plContext),
+                PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED);
+
+        if (requestArena) {
+                PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,
+                        (requestArena, PR_FALSE));
+                requestArena = NULL;
+        }
+
+        if (pollDesc != NULL) {
+                /* client is waiting for non-blocking I/O to complete */
+                *pNBIOContext = (void *)pollDesc;
+                *pCertList = NULL;
+                goto cleanup;
+        }
+        /* LdapClient has given us a response! */
+
+        if (responses) {
+                PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
+                        (store, &cacheFlag, plContext),
+                        PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
+
+                PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
+                        (responses, &unfilteredCerts, plContext),
+                        PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
+
+                PKIX_CHECK(pkix_CertSelector_Select
+                        (selector, unfilteredCerts, &filteredCerts, plContext),
+                        PKIX_CERTSELECTORSELECTFAILED);
+        }
+
+        *pNBIOContext = NULL;
+        *pCertList = filteredCerts;
+        filteredCerts = NULL;
+
+cleanup:
+
+        PKIX_DECREF(params);
+        PKIX_DECREF(subjectName);
+        PKIX_DECREF(responses);
+        PKIX_DECREF(unfilteredCerts);
+        PKIX_DECREF(filteredCerts);
+        PKIX_DECREF(lcs);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_GetCertContinue
+ *  (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_GetCertContinue(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *verifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCertList,
+        void *plContext)
+{
+        PKIX_Boolean cacheFlag = PKIX_FALSE;
+        PKIX_PL_LdapCertStoreContext *lcs = NULL;
+        void *pollDesc = NULL;
+        PKIX_List *responses = NULL;
+        PKIX_List *unfilteredCerts = NULL;
+        PKIX_List *filteredCerts = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCertContinue");
+        PKIX_NULLCHECK_THREE(store, selector, pCertList);
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&lcs, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequest
+                ((PKIX_PL_LdapClient *)lcs, &pollDesc, &responses, plContext),
+                PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
+
+        if (pollDesc != NULL) {
+                /* client is waiting for non-blocking I/O to complete */
+                *pNBIOContext = (void *)pollDesc;
+                *pCertList = NULL;
+                goto cleanup;
+        }
+        /* LdapClient has given us a response! */
+
+        if (responses) {
+                PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
+                        (store, &cacheFlag, plContext),
+                        PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
+
+                PKIX_CHECK(pkix_pl_LdapCertStore_BuildCertList
+                        (responses, &unfilteredCerts, plContext),
+                        PKIX_LDAPCERTSTOREBUILDCERTLISTFAILED);
+
+                PKIX_CHECK(pkix_CertSelector_Select
+                        (selector, unfilteredCerts, &filteredCerts, plContext),
+                        PKIX_CERTSELECTORSELECTFAILED);
+        }
+
+        *pNBIOContext = NULL;
+        *pCertList = filteredCerts;
+
+cleanup:
+
+        PKIX_DECREF(responses);
+        PKIX_DECREF(unfilteredCerts);
+        PKIX_DECREF(lcs);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_GetCRL
+ *  (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_GetCRL(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+        LDAPRequestParams requestParams;
+        void *pollDesc = NULL;
+        PLArenaPool *requestArena = NULL;
+        PKIX_UInt32 numNames = 0;
+        PKIX_UInt32 thisName = 0;
+        PKIX_PL_CRL *candidate = NULL;
+        PKIX_List *responses = NULL;
+        PKIX_List *issuerNames = NULL;
+        PKIX_List *filteredCRLs = NULL;
+        PKIX_List *unfilteredCRLs = NULL;
+        PKIX_PL_X500Name *issuer = NULL;
+        PKIX_PL_LdapCertStoreContext *lcs = NULL;
+        PKIX_ComCRLSelParams *params = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCRL");
+        PKIX_NULLCHECK_THREE(store, selector, pCrlList);
+
+        requestParams.baseObject = "c=US";
+        requestParams.scope = WHOLE_SUBTREE;
+        requestParams.derefAliases = NEVER_DEREF;
+        requestParams.sizeLimit = 0;
+        requestParams.timeLimit = 0;
+        requestParams.attributes = LDAPATTR_CERTREVLIST | LDAPATTR_AUTHREVLIST;
+        /* Prepare elements for request filter */
+
+        /* XXX Place CRLDP code here. Handle the case when */
+        /* RFC 5280. Paragraph: 4.2.1.13: */
+        /* If the distributionPoint field contains a directoryName, the entry */
+        /* for that directoryName contains the current CRL for the associated */
+        /* reasons and the CRL is issued by the associated cRLIssuer.  The CRL */
+        /* may be stored in either the certificateRevocationList or */
+        /* authorityRevocationList attribute.  The CRL is to be obtained by the */
+        /* application from whatever directory server is locally configured. */
+        /* The protocol the application uses to access the directory (e.g., DAP */
+        /* or LDAP) is a local matter. */
+
+
+
+        /*
+         * Get a short-lived arena. We'll be done with this space once
+         * the request is encoded.
+         */
+        PKIX_PL_NSSCALLRV
+            (CERTSTORE, requestArena, PORT_NewArena, (DER_DEFAULT_CHUNKSIZE));
+
+        if (!requestArena) {
+                PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
+        }
+
+        PKIX_CHECK(PKIX_CRLSelector_GetCommonCRLSelectorParams
+                (selector, &params, plContext),
+                PKIX_CRLSELECTORGETCOMCERTSELPARAMSFAILED);
+
+        PKIX_CHECK(PKIX_ComCRLSelParams_GetIssuerNames
+                (params, &issuerNames, plContext),
+                PKIX_COMCRLSELPARAMSGETISSUERNAMESFAILED);
+
+        /*
+         * The specification for PKIX_ComCRLSelParams_GetIssuerNames in
+         * pkix_crlsel.h says that if the criterion is not set we get a null
+         * pointer. If we get an empty List the criterion is impossible to
+         * meet ("must match at least one of the names in the List").
+         */
+        if (issuerNames) {
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (issuerNames, &numNames, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                if (numNames > 0) {
+                        for (thisName = 0; thisName < numNames; thisName++) {
+                                PKIX_CHECK(PKIX_List_GetItem
+                                (issuerNames,
+                                thisName,
+                                (PKIX_PL_Object **)&issuer,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                                PKIX_CHECK
+                                        (pkix_pl_LdapCertStore_MakeNameAVAList
+                                        (requestArena,
+                                        issuer,
+                                        &(requestParams.nc),
+                                        plContext),
+                                        PKIX_LDAPCERTSTOREMAKENAMEAVALISTFAILED);
+
+                                PKIX_DECREF(issuer);
+
+                                if (*requestParams.nc == NULL) {
+                                        /*
+                                         * The issuer may not include any
+                                         * components that we know how to
+                                         * encode. We do not return an error,
+                                         * because the caller did not
+                                         * necessarily do anything wrong, but
+                                         * we return an empty List.
+                                         */
+                                        PKIX_PL_NSSCALL
+                                                (CERTSTORE, PORT_FreeArena,
+                                                (requestArena, PR_FALSE));
+
+                                        PKIX_CHECK(PKIX_List_Create
+                                                (&filteredCRLs, plContext),
+                                                PKIX_LISTCREATEFAILED);
+
+                                        PKIX_CHECK(PKIX_List_SetImmutable
+                                                (filteredCRLs, plContext),
+                                               PKIX_LISTSETIMMUTABLEFAILED);
+
+                                        *pNBIOContext = NULL;
+                                        *pCrlList = filteredCRLs;
+                                        goto cleanup;
+                                }
+
+                                /*
+                                 * LDAP Servers don't seem to be able to handle
+                                 * requests with more than more than one name.
+                                 */
+                                break;
+                        }
+                } else {
+                        PKIX_ERROR(PKIX_IMPOSSIBLECRITERIONFORCRLQUERY);
+                }
+        } else {
+                PKIX_ERROR(PKIX_IMPOSSIBLECRITERIONFORCRLQUERY);
+        }
+
+        /* All request fields are done */
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&lcs, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        PKIX_CHECK(PKIX_PL_LdapClient_InitiateRequest
+                ((PKIX_PL_LdapClient *)lcs,
+                &requestParams,
+                &pollDesc,
+                &responses,
+                plContext),
+                PKIX_LDAPCLIENTINITIATEREQUESTFAILED);
+
+        PKIX_CHECK(pkix_pl_LdapCertStore_DestroyAVAList
+                (requestParams.nc, plContext),
+                PKIX_LDAPCERTSTOREDESTROYAVALISTFAILED);
+
+        if (requestArena) {
+                PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena,
+                        (requestArena, PR_FALSE));
+        }
+
+        if (pollDesc != NULL) {
+                /* client is waiting for non-blocking I/O to complete */
+                *pNBIOContext = (void *)pollDesc;
+                *pCrlList = NULL;
+                goto cleanup;
+        }
+        /* client has finished! */
+
+        if (responses) {
+
+                /*
+                 * We have a List of LdapResponse objects that still have to be
+                 * turned into Crls.
+                 */
+                PKIX_CHECK(pkix_pl_LdapCertStore_BuildCrlList
+                        (responses, &unfilteredCRLs, plContext),
+                        PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED);
+
+                PKIX_CHECK(pkix_CRLSelector_Select
+                        (selector, unfilteredCRLs, &filteredCRLs, plContext),
+                        PKIX_CRLSELECTORSELECTFAILED);
+
+        }
+
+        /* Don't throw away the list if one CRL was bad! */
+        pkixTempErrorReceived = PKIX_FALSE;
+
+        *pNBIOContext = NULL;
+        *pCrlList = filteredCRLs;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(filteredCRLs);
+        }
+
+        PKIX_DECREF(params);
+        PKIX_DECREF(issuerNames);
+        PKIX_DECREF(issuer);
+        PKIX_DECREF(candidate);
+        PKIX_DECREF(responses);
+        PKIX_DECREF(unfilteredCRLs);
+        PKIX_DECREF(lcs);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapCertStore_GetCRLContinue
+ *  (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_LdapCertStore_GetCRLContinue(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+        void *nbio = NULL;
+        PKIX_PL_CRL *candidate = NULL;
+        PKIX_List *responses = NULL;
+        PKIX_PL_LdapCertStoreContext *lcs = NULL;
+        PKIX_List *filteredCRLs = NULL;
+        PKIX_List *unfilteredCRLs = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_GetCRLContinue");
+        PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCrlList);
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreContext
+                (store, (PKIX_PL_Object **)&lcs, plContext),
+                PKIX_CERTSTOREGETCERTSTORECONTEXTFAILED);
+
+        PKIX_CHECK(PKIX_PL_LdapClient_ResumeRequest
+                ((PKIX_PL_LdapClient *)lcs, &nbio, &responses, plContext),
+                PKIX_LDAPCLIENTRESUMEREQUESTFAILED);
+
+        if (nbio != NULL) {
+                /* client is waiting for non-blocking I/O to complete */
+                *pNBIOContext = (void *)nbio;
+                *pCrlList = NULL;
+                goto cleanup;
+        }
+        /* client has finished! */
+
+        if (responses) {
+
+                /*
+                 * We have a List of LdapResponse objects that still have to be
+                 * turned into Crls.
+                 */
+                PKIX_CHECK(pkix_pl_LdapCertStore_BuildCrlList
+                        (responses, &unfilteredCRLs, plContext),
+                        PKIX_LDAPCERTSTOREBUILDCRLLISTFAILED);
+
+                PKIX_CHECK(pkix_CRLSelector_Select
+                        (selector, unfilteredCRLs, &filteredCRLs, plContext),
+                        PKIX_CRLSELECTORSELECTFAILED);
+
+                PKIX_CHECK(PKIX_List_SetImmutable(filteredCRLs, plContext),
+                        PKIX_LISTSETIMMUTABLEFAILED);
+
+        }
+
+        /* Don't throw away the list if one CRL was bad! */
+        pkixTempErrorReceived = PKIX_FALSE;
+
+        *pCrlList = filteredCRLs;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(filteredCRLs);
+        }
+
+        PKIX_DECREF(candidate);
+        PKIX_DECREF(responses);
+        PKIX_DECREF(unfilteredCRLs);
+        PKIX_DECREF(lcs);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/* --Public-LdapCertStore-Functions----------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_LdapCertStore_Create
+ * (see comments in pkix_samples_modules.h)
+ */
+PKIX_Error *
+PKIX_PL_LdapCertStore_Create(
+        PKIX_PL_LdapClient *client,
+        PKIX_CertStore **pCertStore,
+        void *plContext)
+{
+        PKIX_CertStore *certStore = NULL;
+
+        PKIX_ENTER(CERTSTORE, "PKIX_PL_LdapCertStore_Create");
+        PKIX_NULLCHECK_TWO(client, pCertStore);
+
+        PKIX_CHECK(PKIX_CertStore_Create
+                (pkix_pl_LdapCertStore_GetCert,
+                pkix_pl_LdapCertStore_GetCRL,
+                pkix_pl_LdapCertStore_GetCertContinue,
+                pkix_pl_LdapCertStore_GetCRLContinue,
+                NULL,       /* don't support trust */
+                NULL,      /* can not store crls */
+                NULL,      /* can not do revocation check */
+                (PKIX_PL_Object *)client,
+                PKIX_TRUE,  /* cache flag */
+                PKIX_FALSE, /* not local */
+                &certStore,
+                plContext),
+                PKIX_CERTSTORECREATEFAILED);
+
+        *pCertStore = certStore;
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h
new file mode 100644
index 0000000..5bbe538
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.h
@@ -0,0 +1,75 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldapcertstore.h
+ *
+ * LDAPCertstore Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_LDAPCERTSTORE_H
+#define _PKIX_PL_LDAPCERTSTORE_H
+
+#include "pkix_pl_ldapt.h"
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * At the time of this version, there are unresolved questions about the LDAP
+ * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
+ * clear whether they are appropriate to this application. We have tested only
+ * using servers that do not expect authentication, and that reject BIND
+ * messages. It is not clear what values might be appropriate for the bindname
+ * and authentication fields, which are currently implemented as char strings
+ * supplied by the caller. (If this changes, the API and possibly the templates
+ * will have to change.) Therefore the CertStore_Create API contains a BindAPI
+ * structure, a union, which will have to be revised and extended when this
+ * area of the protocol is better understood.
+ *
+ * It is further assumed that a given LdapCertStore will connect only to a
+ * single server, and that the creation of the socket will initiate the
+ * CONNECT. Therefore the LdapCertStore handles only the case of continuing
+ * the connection, if nonblocking I/O is being used.
+ */
+
+typedef enum {
+        LDAP_CONNECT_PENDING,
+        LDAP_CONNECTED,
+        LDAP_BIND_PENDING,
+        LDAP_BIND_RESPONSE,
+        LDAP_BIND_RESPONSE_PENDING,
+        LDAP_BOUND,
+        LDAP_SEND_PENDING,
+        LDAP_RECV,
+        LDAP_RECV_PENDING,
+        LDAP_RECV_INITIAL,
+        LDAP_RECV_NONINITIAL,
+        LDAP_ABANDON_PENDING
+} LDAPConnectStatus;
+
+#define LDAP_CACHEBUCKETS       128
+#define RCVBUFSIZE              512
+
+struct PKIX_PL_LdapCertStoreContext {
+        PKIX_PL_LdapClient *client;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_LdapCertStoreContext_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapCertStore_BuildCertList(
+        PKIX_List *responseList,
+        PKIX_List **pCerts,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_LDAPCERTSTORE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c
new file mode 100644
index 0000000..3dc06be
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c
@@ -0,0 +1,2493 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldapdefaultclient.c
+ *
+ * LDAPDefaultClient Function Definitions
+ *
+ */
+
+/* We can't decode the length of a message without at least this many bytes */
+#define MINIMUM_MSG_LENGTH 5
+
+#include "pkix_pl_ldapdefaultclient.h"
+
+/* --Private-LdapDefaultClient-Message-Building-Functions---------------- */
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_MakeBind
+ * DESCRIPTION:
+ *
+ *  This function creates and encodes a Bind message, using the arena pointed
+ *  to by "arena", the version number contained in "versionData", the
+ *  LDAPBindAPI pointed to by "bindAPI", and the messageID contained in
+ *  "msgNum", and stores a pointer to the encoded string at "pBindMsg".
+ *
+ *  See pkix_pl_ldaptemplates.c for the ASN.1 description of a Bind message.
+ *
+ *  This code is not used if the DefaultClient was created with a NULL pointer
+ *  supplied for the LDAPBindAPI structure. (Bind and Unbind do not seem to be
+ *  expected for anonymous Search requests.)
+ *
+ * PARAMETERS:
+ *  "arena"
+ *      The address of the PLArenaPool used in encoding the message. Must be
+ *       non-NULL.
+ *  "versionData"
+ *      The Int32 containing the version number to be encoded in the Bind
+ *      message.
+ *  "bindAPI"
+ *      The address of the LDAPBindAPI to be encoded in the Bind message. Must
+ *      be non-NULL.
+ *  "msgNum"
+ *      The Int32 containing the MessageID to be encoded in the Bind message.
+ *  "pBindMsg"
+ *      The address at which the encoded Bind message will be stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_MakeBind(
+        PLArenaPool *arena,
+        PKIX_Int32 versionData,
+        LDAPBindAPI *bindAPI,
+        PKIX_UInt32 msgNum,
+        SECItem **pBindMsg,
+        void *plContext)
+{
+        LDAPMessage msg;
+        char version = '\0';
+        SECItem *encoded = NULL;
+        PKIX_UInt32 len = 0;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_MakeBind");
+        PKIX_NULLCHECK_TWO(arena, pBindMsg);
+
+        PKIX_PL_NSSCALL(LDAPDEFAULTCLIENT, PORT_Memset,
+                (&msg, 0, sizeof (LDAPMessage)));
+
+        version = (char)versionData;
+
+        msg.messageID.type = siUnsignedInteger;
+        msg.messageID.data = (void*)&msgNum;
+        msg.messageID.len = sizeof (msgNum);
+
+        msg.protocolOp.selector = LDAP_BIND_TYPE;
+
+        msg.protocolOp.op.bindMsg.version.type = siUnsignedInteger;
+        msg.protocolOp.op.bindMsg.version.data = (void *)&version;
+        msg.protocolOp.op.bindMsg.version.len = sizeof (char);
+
+        /*
+         * XXX At present we only know how to handle anonymous requests (no
+         * authentication), and we are guessing how to do simple authentication.
+         * This section will need to be revised and extended when other
+         * authentication is needed.
+         */
+        if (bindAPI->selector == SIMPLE_AUTH) {
+                msg.protocolOp.op.bindMsg.bindName.type = siAsciiString;
+                msg.protocolOp.op.bindMsg.bindName.data =
+                        (void *)bindAPI->chooser.simple.bindName;
+                len = PL_strlen(bindAPI->chooser.simple.bindName);
+                msg.protocolOp.op.bindMsg.bindName.len = len;
+
+                msg.protocolOp.op.bindMsg.authentication.type = siAsciiString;
+                msg.protocolOp.op.bindMsg.authentication.data =
+                        (void *)bindAPI->chooser.simple.authentication;
+                len = PL_strlen(bindAPI->chooser.simple.authentication);
+                msg.protocolOp.op.bindMsg.authentication.len = len;
+        }
+
+        PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, encoded, SEC_ASN1EncodeItem,
+                (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
+        if (!encoded) {
+                PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
+        }
+
+        *pBindMsg = encoded;
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_MakeUnbind
+ * DESCRIPTION:
+ *
+ *  This function creates and encodes a Unbind message, using the arena pointed
+ *  to by "arena" and the messageID contained in "msgNum", and stores a pointer
+ *  to the encoded string at "pUnbindMsg".
+ *
+ *  See pkix_pl_ldaptemplates.c for the ASN.1 description of an Unbind message.
+ *
+ *  This code is not used if the DefaultClient was created with a NULL pointer
+ *  supplied for the LDAPBindAPI structure. (Bind and Unbind do not seem to be
+ *  expected for anonymous Search requests.)
+ *
+ * PARAMETERS:
+ *  "arena"
+ *      The address of the PLArenaPool used in encoding the message. Must be
+ *       non-NULL.
+ *  "msgNum"
+ *      The Int32 containing the MessageID to be encoded in the Unbind message.
+ *  "pUnbindMsg"
+ *      The address at which the encoded Unbind message will be stored. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_MakeUnbind(
+        PLArenaPool *arena,
+        PKIX_UInt32 msgNum,
+        SECItem **pUnbindMsg,
+        void *plContext)
+{
+        LDAPMessage msg;
+        SECItem *encoded = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_MakeUnbind");
+        PKIX_NULLCHECK_TWO(arena, pUnbindMsg);
+
+        PKIX_PL_NSSCALL(LDAPDEFAULTCLIENT, PORT_Memset,
+                (&msg, 0, sizeof (LDAPMessage)));
+
+        msg.messageID.type = siUnsignedInteger;
+        msg.messageID.data = (void*)&msgNum;
+        msg.messageID.len = sizeof (msgNum);
+
+        msg.protocolOp.selector = LDAP_UNBIND_TYPE;
+
+        msg.protocolOp.op.unbindMsg.dummy.type = siBuffer;
+        msg.protocolOp.op.unbindMsg.dummy.data = NULL;
+        msg.protocolOp.op.unbindMsg.dummy.len = 0;
+
+        PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, encoded, SEC_ASN1EncodeItem,
+                (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
+        if (!encoded) {
+                PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
+        }
+
+        *pUnbindMsg = encoded;
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_MakeAbandon
+ * DESCRIPTION:
+ *
+ *  This function creates and encodes a Abandon message, using the arena pointed
+ *  to by "arena" and the messageID contained in "msgNum", and stores a pointer
+ *  to the encoded string at "pAbandonMsg".
+ *
+ *  See pkix_pl_ldaptemplates.c for the ASN.1 description of an Abandon message.
+ *
+ * PARAMETERS:
+ *  "arena"
+ *      The address of the PLArenaPool used in encoding the message. Must be
+ *       non-NULL.
+ *  "msgNum"
+ *      The Int32 containing the MessageID to be encoded in the Abandon message.
+ *  "pAbandonMsg"
+ *      The address at which the encoded Abandon message will be stored. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_MakeAbandon(
+        PLArenaPool *arena,
+        PKIX_UInt32 msgNum,
+        SECItem **pAbandonMsg,
+        void *plContext)
+{
+        LDAPMessage msg;
+        SECItem *encoded = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_MakeAbandon");
+        PKIX_NULLCHECK_TWO(arena, pAbandonMsg);
+
+        PKIX_PL_NSSCALL(LDAPDEFAULTCLIENT, PORT_Memset,
+                (&msg, 0, sizeof (LDAPMessage)));
+
+        msg.messageID.type = siUnsignedInteger;
+        msg.messageID.data = (void*)&msgNum;
+        msg.messageID.len = sizeof (msgNum);
+
+        msg.protocolOp.selector = LDAP_ABANDONREQUEST_TYPE;
+
+        msg.protocolOp.op.abandonRequestMsg.messageID.type = siBuffer;
+        msg.protocolOp.op.abandonRequestMsg.messageID.data = (void*)&msgNum;
+        msg.protocolOp.op.abandonRequestMsg.messageID.len = sizeof (msgNum);
+
+        PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, encoded, SEC_ASN1EncodeItem,
+                (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
+        if (!encoded) {
+                PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
+        }
+
+        *pAbandonMsg = encoded;
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_DecodeBindResponse
+ * DESCRIPTION:
+ *
+ *  This function decodes the encoded data pointed to by "src", using the arena
+ *  pointed to by "arena", storing the decoded LDAPMessage at "pBindResponse"
+ *  and the decoding status at "pStatus".
+ *
+ * PARAMETERS:
+ *  "arena"
+ *      The address of the PLArenaPool to be used in decoding the message. Must
+ *      be  non-NULL.
+ *  "src"
+ *      The address of the SECItem containing the DER- (or BER-)encoded string.
+ *       Must be non-NULL.
+ *  "pBindResponse"
+ *      The address at which the LDAPMessage is stored, if the decoding is
+ *      successful (the returned status is SECSuccess). Must be non-NULL.
+ *  "pStatus"
+ *      The address at which the decoding status is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_DecodeBindResponse(
+        PLArenaPool *arena,
+        SECItem *src,
+        LDAPMessage *pBindResponse,
+        SECStatus *pStatus,
+        void *plContext)
+{
+        SECStatus rv = SECFailure;
+        LDAPMessage response;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_DecodeBindResponse");
+        PKIX_NULLCHECK_FOUR(arena, src, pBindResponse, pStatus);
+
+        PKIX_PL_NSSCALL
+                (LDAPDEFAULTCLIENT,
+                PORT_Memset,
+                (&response, 0, sizeof (LDAPMessage)));
+
+        PKIX_PL_NSSCALLRV(LDAPDEFAULTCLIENT, rv, SEC_ASN1DecodeItem,
+            (arena, &response, PKIX_PL_LDAPMessageTemplate, src));
+
+        if (rv == SECSuccess) {
+                *pBindResponse = response;
+        }
+
+        *pStatus = rv;
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_VerifyBindResponse
+ * DESCRIPTION:
+ *
+ *  This function verifies that the contents of the message in the rcvbuf of
+ *  the LdapDefaultClient object pointed to by "client",  and whose length is
+ *  provided by "buflen", is a response to a successful Bind.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "buflen"
+ *      The value of the number of bytes in the receive buffer.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_VerifyBindResponse(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_UInt32 bufLen,
+        void *plContext)
+{
+        SECItem decode = {siBuffer, NULL, 0};
+        SECStatus rv = SECFailure;
+        LDAPMessage msg;
+        LDAPBindResponse *ldapBindResponse = NULL;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_VerifyBindResponse");
+        PKIX_NULLCHECK_TWO(client, client->rcvBuf);
+
+        decode.data = (unsigned char *)(client->rcvBuf);
+        decode.len = bufLen;
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_DecodeBindResponse
+                (client->arena, &decode, &msg, &rv, plContext),
+                PKIX_LDAPDEFAULTCLIENTDECODEBINDRESPONSEFAILED);
+
+        if (rv == SECSuccess) {
+                ldapBindResponse = &msg.protocolOp.op.bindResponseMsg;
+                if (*(ldapBindResponse->resultCode.data) == SUCCESS) {
+                        client->connectStatus = BOUND;
+                } else {
+                        PKIX_ERROR(PKIX_BINDREJECTEDBYSERVER);
+                }
+        } else {
+                PKIX_ERROR(PKIX_CANTDECODEBINDRESPONSEFROMSERVER);
+        }
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_RecvCheckComplete
+ * DESCRIPTION:
+ *
+ *  This function determines whether the current response in the
+ *  LdapDefaultClient pointed to by "client" is complete, in the sense that all
+ *  bytes required to satisfy the message length field in the encoding have been
+ *  received. If so, the pointer to input data is updated to reflect the number
+ *  of bytes consumed, provided by "bytesProcessed". The state machine flag
+ *  pointed to by "pKeepGoing" is updated to indicate whether processing can
+ *  continue without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "bytesProcessed"
+ *      The UInt32 value of the number of bytes consumed from the current
+ *      buffer.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_RecvCheckComplete(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_UInt32 bytesProcessed,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Boolean complete = PKIX_FALSE;
+        SECStatus rv = SECFailure;
+        LDAPMessageType messageType = 0;
+        LDAPResultCode resultCode = 0;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_RecvCheckComplete");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        PKIX_CHECK(pkix_pl_LdapResponse_IsComplete
+                (client->currentResponse, &complete, plContext),
+                PKIX_LDAPRESPONSEISCOMPLETEFAILED);
+
+        if (complete) {
+                PKIX_CHECK(pkix_pl_LdapResponse_Decode
+                       (client->arena, client->currentResponse, &rv, plContext),
+                        PKIX_LDAPRESPONSEDECODEFAILED);
+
+                if (rv != SECSuccess) {
+                        PKIX_ERROR(PKIX_CANTDECODESEARCHRESPONSEFROMSERVER);
+                }
+
+                PKIX_CHECK(pkix_pl_LdapResponse_GetMessageType
+                        (client->currentResponse, &messageType, plContext),
+                        PKIX_LDAPRESPONSEGETMESSAGETYPEFAILED);
+
+                if (messageType == LDAP_SEARCHRESPONSEENTRY_TYPE) {
+
+                        if (client->entriesFound == NULL) {
+                                PKIX_CHECK(PKIX_List_Create
+                                    (&(client->entriesFound), plContext),
+                                    PKIX_LISTCREATEFAILED);
+                        }
+
+                        PKIX_CHECK(PKIX_List_AppendItem
+                                (client->entriesFound,
+                                (PKIX_PL_Object *)client->currentResponse,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+
+                        PKIX_DECREF(client->currentResponse);
+
+                        /* current receive buffer empty? */
+                        if (client->currentBytesAvailable == 0) {
+                                client->connectStatus = RECV;
+                                *pKeepGoing = PKIX_TRUE;
+                        } else {
+                                client->connectStatus = RECV_INITIAL;
+                                client->currentInPtr = &((char *)
+                                    (client->currentInPtr))[bytesProcessed];
+                                *pKeepGoing = PKIX_TRUE;
+                        }
+
+                } else if (messageType == LDAP_SEARCHRESPONSERESULT_TYPE) {
+                        PKIX_CHECK(pkix_pl_LdapResponse_GetResultCode
+                                (client->currentResponse,
+                                &resultCode,
+                                plContext),
+                                PKIX_LDAPRESPONSEGETRESULTCODEFAILED);
+
+                        if ((client->entriesFound == NULL) &&
+                            ((resultCode == SUCCESS) ||
+                            (resultCode == NOSUCHOBJECT))) {
+                                PKIX_CHECK(PKIX_List_Create
+                                    (&(client->entriesFound), plContext),
+                                    PKIX_LISTCREATEFAILED);
+                        } else if (resultCode == SUCCESS) {
+                                PKIX_CHECK(PKIX_List_SetImmutable
+                                    (client->entriesFound, plContext),
+                                    PKIX_LISTSETIMMUTABLEFAILED);
+                                PKIX_CHECK(PKIX_PL_HashTable_Add
+                                    (client->cachePtr,
+                                    (PKIX_PL_Object *)client->currentRequest,
+                                    (PKIX_PL_Object *)client->entriesFound,
+                                    plContext),
+                                    PKIX_HASHTABLEADDFAILED);
+                        } else {
+                            PKIX_ERROR(PKIX_UNEXPECTEDRESULTCODEINRESPONSE);
+                        }
+
+                        client->connectStatus = BOUND;
+                        *pKeepGoing = PKIX_FALSE;
+                        PKIX_DECREF(client->currentResponse);
+
+                } else {
+                        PKIX_ERROR(PKIX_SEARCHRESPONSEPACKETOFUNKNOWNTYPE);
+                }
+        } else {
+                client->connectStatus = RECV;
+                *pKeepGoing = PKIX_TRUE;
+        }
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/* --Private-LdapDefaultClient-Object-Functions------------------------- */
+
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_InitiateRequest(
+        PKIX_PL_LdapClient *client,
+        LDAPRequestParams *requestParams,
+        void **pPollDesc,
+        PKIX_List **pResponse,
+        void *plContext);
+
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_ResumeRequest(
+        PKIX_PL_LdapClient *client,
+        void **pPollDesc,
+        PKIX_List **pResponse,
+        void *plContext);
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_CreateHelper
+ * DESCRIPTION:
+ *
+ *  This function creates a new LdapDefaultClient using the Socket pointed to
+ *  by "socket", the PRIntervalTime pointed to by "timeout", and the
+ *  LDAPBindAPI pointed to by "bindAPI", and stores the result at "pClient".
+ *
+ *  A value of zero for "timeout" means the LDAPClient will use non-blocking
+ *  I/O.
+ *
+ * PARAMETERS:
+ *  "socket"
+ *      Address of the Socket to be used for the client. Must be non-NULL.
+ *  "bindAPI"
+ *      The address of the LDAPBindAPI containing the Bind information to be
+ *      encoded in the Bind message.
+ *  "pClient"
+ *      The address at which the created LdapDefaultClient is to be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapDefaultClient_CreateHelper(
+        PKIX_PL_Socket *socket,
+        LDAPBindAPI *bindAPI,
+        PKIX_PL_LdapDefaultClient **pClient,
+        void *plContext)
+{
+        PKIX_PL_HashTable *ht;
+        PKIX_PL_LdapDefaultClient *ldapDefaultClient = NULL;
+        PKIX_PL_Socket_Callback *callbackList;
+        PRFileDesc *fileDesc = NULL;
+        PLArenaPool *arena = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_CreateHelper");
+        PKIX_NULLCHECK_TWO(socket, pClient);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_LDAPDEFAULTCLIENT_TYPE,
+                    sizeof (PKIX_PL_LdapDefaultClient),
+                    (PKIX_PL_Object **)&ldapDefaultClient,
+                    plContext),
+                    PKIX_COULDNOTCREATELDAPDEFAULTCLIENTOBJECT);
+
+        ldapDefaultClient->vtable.initiateFcn =
+                pkix_pl_LdapDefaultClient_InitiateRequest;
+        ldapDefaultClient->vtable.resumeFcn =
+                pkix_pl_LdapDefaultClient_ResumeRequest;
+
+        PKIX_CHECK(pkix_pl_Socket_GetPRFileDesc
+                (socket, &fileDesc, plContext),
+                PKIX_SOCKETGETPRFILEDESCFAILED);
+
+        ldapDefaultClient->pollDesc.fd = fileDesc;
+        ldapDefaultClient->pollDesc.in_flags = 0;
+        ldapDefaultClient->pollDesc.out_flags = 0;
+
+        ldapDefaultClient->bindAPI = bindAPI;
+
+        PKIX_CHECK(PKIX_PL_HashTable_Create
+                (LDAP_CACHEBUCKETS, 0, &ht, plContext),
+                PKIX_HASHTABLECREATEFAILED);
+
+        ldapDefaultClient->cachePtr = ht;
+
+        PKIX_CHECK(pkix_pl_Socket_GetCallbackList
+                (socket, &callbackList, plContext),
+                PKIX_SOCKETGETCALLBACKLISTFAILED);
+
+        ldapDefaultClient->callbackList = callbackList;
+
+        PKIX_INCREF(socket);
+        ldapDefaultClient->clientSocket = socket;
+
+        ldapDefaultClient->messageID = 0;
+
+        ldapDefaultClient->bindAPI = bindAPI;
+
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!arena) {
+            PKIX_ERROR_FATAL(PKIX_OUTOFMEMORY);
+        }
+        ldapDefaultClient->arena = arena;
+
+        ldapDefaultClient->sendBuf = NULL;
+        ldapDefaultClient->bytesToWrite = 0;
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                (RCVBUFSIZE, &ldapDefaultClient->rcvBuf, plContext),
+                PKIX_MALLOCFAILED);
+        ldapDefaultClient->capacity = RCVBUFSIZE;
+
+        ldapDefaultClient->bindMsg = NULL;
+        ldapDefaultClient->bindMsgLen = 0;
+
+        ldapDefaultClient->entriesFound = NULL;
+        ldapDefaultClient->currentRequest = NULL;
+        ldapDefaultClient->currentResponse = NULL;
+
+        *pClient = ldapDefaultClient;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(ldapDefaultClient);
+        }
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_LdapDefaultClient_Create
+ * DESCRIPTION:
+ *
+ *  This function creates a new LdapDefaultClient using the PRNetAddr pointed to
+ *  by "sockaddr", the PRIntervalTime pointed to by "timeout", and the
+ *  LDAPBindAPI pointed to by "bindAPI", and stores the result at "pClient".
+ *
+ *  A value of zero for "timeout" means the LDAPClient will use non-blocking
+ *  I/O.
+ *
+ * PARAMETERS:
+ *  "sockaddr"
+ *      Address of the PRNetAddr to be used for the socket connection. Must be
+ *      non-NULL.
+ *  "timeout"
+ *      The PRIntervalTime to be used in I/O requests for this client.
+ *  "bindAPI"
+ *      The address of the LDAPBindAPI containing the Bind information to be
+ *      encoded in the Bind message.
+ *  "pClient"
+ *      The address at which the created LdapDefaultClient is to be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_LdapDefaultClient_Create(
+        PRNetAddr *sockaddr,
+        PRIntervalTime timeout,
+        LDAPBindAPI *bindAPI,
+        PKIX_PL_LdapDefaultClient **pClient,
+        void *plContext)
+{
+        PRErrorCode status = 0;
+        PKIX_PL_Socket *socket = NULL;
+        PKIX_PL_LdapDefaultClient *client = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "PKIX_PL_LdapDefaultClient_Create");
+        PKIX_NULLCHECK_TWO(sockaddr, pClient);
+
+        PKIX_CHECK(pkix_pl_Socket_Create
+                (PKIX_FALSE, timeout, sockaddr, &status, &socket, plContext),
+                PKIX_SOCKETCREATEFAILED);
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_CreateHelper
+                (socket, bindAPI, &client, plContext),
+                PKIX_LDAPDEFAULTCLIENTCREATEHELPERFAILED);
+
+        /* Did Socket_Create say the connection was made? */
+        if (status == 0) {
+                if (client->bindAPI != NULL) {
+                        client->connectStatus = CONNECTED;
+                } else {
+                        client->connectStatus = BOUND;
+                }
+        } else {
+                client->connectStatus = CONNECT_PENDING;
+        }
+
+        *pClient = client;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(client);
+        }
+
+        PKIX_DECREF(socket);
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_LdapDefaultClient_CreateByName
+ * DESCRIPTION:
+ *
+ *  This function creates a new LdapDefaultClient using the hostname pointed to
+ *  by "hostname", the PRIntervalTime pointed to by "timeout", and the
+ *  LDAPBindAPI pointed to by "bindAPI", and stores the result at "pClient".
+ *
+ *  A value of zero for "timeout" means the LDAPClient will use non-blocking
+ *  I/O.
+ *
+ * PARAMETERS:
+ *  "hostname"
+ *      Address of the hostname to be used for the socket connection. Must be
+ *      non-NULL.
+ *  "timeout"
+ *      The PRIntervalTime to be used in I/O requests for this client.
+ *  "bindAPI"
+ *      The address of the LDAPBindAPI containing the Bind information to be
+ *      encoded in the Bind message.
+ *  "pClient"
+ *      The address at which the created LdapDefaultClient is to be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_LdapDefaultClient_CreateByName(
+        char *hostname,
+        PRIntervalTime timeout,
+        LDAPBindAPI *bindAPI,
+        PKIX_PL_LdapDefaultClient **pClient,
+        void *plContext)
+{
+        PRErrorCode status = 0;
+        PKIX_PL_Socket *socket = NULL;
+        PKIX_PL_LdapDefaultClient *client = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "PKIX_PL_LdapDefaultClient_CreateByName");
+        PKIX_NULLCHECK_TWO(hostname, pClient);
+
+        PKIX_CHECK(pkix_pl_Socket_CreateByName
+                (PKIX_FALSE, timeout, hostname, &status, &socket, plContext),
+                PKIX_SOCKETCREATEBYNAMEFAILED);
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_CreateHelper
+                (socket, bindAPI, &client, plContext),
+                PKIX_LDAPDEFAULTCLIENTCREATEHELPERFAILED);
+
+        /* Did Socket_Create say the connection was made? */
+        if (status == 0) {
+                if (client->bindAPI != NULL) {
+                        client->connectStatus = CONNECTED;
+                } else {
+                        client->connectStatus = BOUND;
+                }
+        } else {
+                client->connectStatus = CONNECT_PENDING;
+        }
+
+        *pClient = client;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(client);
+        }
+
+        PKIX_DECREF(socket);
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_LdapDefaultClient *client = NULL;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+        SECItem *encoded = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT,
+                    "pkix_pl_LdapDefaultClient_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_LDAPDEFAULTCLIENT_TYPE, plContext),
+                    PKIX_OBJECTNOTANLDAPDEFAULTCLIENT);
+
+        client = (PKIX_PL_LdapDefaultClient *)object;
+
+        switch (client->connectStatus) {
+        case CONNECT_PENDING:
+                break;
+        case CONNECTED:
+        case BIND_PENDING:
+        case BIND_RESPONSE:
+        case BIND_RESPONSE_PENDING:
+        case BOUND:
+        case SEND_PENDING:
+        case RECV:
+        case RECV_PENDING:
+        case RECV_INITIAL:
+        case RECV_NONINITIAL:
+        case ABANDON_PENDING:
+                if (client->bindAPI != NULL) {
+                        PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeUnbind
+                                (client->arena,
+                                ++(client->messageID),
+                                &encoded,
+                                plContext),
+                                PKIX_LDAPDEFAULTCLIENTMAKEUNBINDFAILED);
+
+                        callbackList =
+                                (PKIX_PL_Socket_Callback *)(client->callbackList);
+                        PKIX_CHECK(callbackList->sendCallback
+                                (client->clientSocket,
+                                encoded->data,
+                                encoded->len,
+                                &bytesWritten,
+                                plContext),
+                                PKIX_SOCKETSENDFAILED);
+                }
+                break;
+        default:
+                PKIX_ERROR(PKIX_LDAPDEFAULTCLIENTINILLEGALSTATE);
+        }
+
+        PKIX_DECREF(client->cachePtr);
+        PKIX_DECREF(client->clientSocket);
+        PKIX_DECREF(client->entriesFound);
+        PKIX_DECREF(client->currentRequest);
+        PKIX_DECREF(client->currentResponse);
+
+        PKIX_CHECK(PKIX_PL_Free
+		(client->rcvBuf, plContext), PKIX_FREEFAILED);
+
+        PKIX_PL_NSSCALL
+                (LDAPDEFAULTCLIENT,
+                PORT_FreeArena,
+                (client->arena, PR_FALSE));
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_LdapDefaultClient *ldapDefaultClient = NULL;
+        PKIX_UInt32 tempHash = 0;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_LDAPDEFAULTCLIENT_TYPE, plContext),
+                PKIX_OBJECTNOTANLDAPDEFAULTCLIENT);
+
+        ldapDefaultClient = (PKIX_PL_LdapDefaultClient *)object;
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                ((PKIX_PL_Object *)ldapDefaultClient->clientSocket,
+                &tempHash,
+                plContext),
+                PKIX_SOCKETHASHCODEFAILED);
+
+        if (ldapDefaultClient->bindAPI != NULL) {
+                tempHash = (tempHash << 7) +
+                        ldapDefaultClient->bindAPI->selector;
+        }
+
+        *pHashcode = tempHash;
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_PL_LdapDefaultClient *firstClientContext = NULL;
+        PKIX_PL_LdapDefaultClient *secondClientContext = NULL;
+        PKIX_Int32 compare = 0;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        *pResult = PKIX_FALSE;
+
+        PKIX_CHECK(pkix_CheckTypes
+                (firstObject,
+                secondObject,
+                PKIX_LDAPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_OBJECTNOTANLDAPDEFAULTCLIENT);
+
+        firstClientContext = (PKIX_PL_LdapDefaultClient *)firstObject;
+        secondClientContext = (PKIX_PL_LdapDefaultClient *)secondObject;
+
+        if (firstClientContext == secondClientContext) {
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_Equals
+                ((PKIX_PL_Object *)firstClientContext->clientSocket,
+                (PKIX_PL_Object *)secondClientContext->clientSocket,
+                &compare,
+                plContext),
+                PKIX_SOCKETEQUALSFAILED);
+
+        if (!compare) {
+                goto cleanup;
+        }
+
+        if (PKIX_EXACTLY_ONE_NULL
+                (firstClientContext->bindAPI, secondClientContext->bindAPI)) {
+                goto cleanup;
+        }
+
+        if (firstClientContext->bindAPI) {
+                if (firstClientContext->bindAPI->selector !=
+                    secondClientContext->bindAPI->selector) {
+                        goto cleanup;
+                }
+        }
+
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_PL_LDAPDEFAULTCLIENT_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_LdapDefaultClient_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_RegisterSelf");
+
+        entry.description = "LdapDefaultClient";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_LdapDefaultClient);
+        entry.destructor = pkix_pl_LdapDefaultClient_Destroy;
+        entry.equalsFunction = pkix_pl_LdapDefaultClient_Equals;
+        entry.hashcodeFunction = pkix_pl_LdapDefaultClient_Hashcode;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_LDAPDEFAULTCLIENT_TYPE] = entry;
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_GetPollDesc
+ * DESCRIPTION:
+ *
+ *  This function retrieves the PRPollDesc from the LdapDefaultClient
+ *  pointed to by "context" and stores the address at "pPollDesc".
+ *
+ * PARAMETERS:
+ *  "context"
+ *      The LdapDefaultClient whose PRPollDesc is desired. Must be non-NULL.
+ *  "pPollDesc"
+ *      Address where PRPollDesc will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapDefaultClient_GetPollDesc(
+        PKIX_PL_LdapDefaultClient *context,
+        PRPollDesc **pPollDesc,
+        void *plContext)
+{
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_GetPollDesc");
+        PKIX_NULLCHECK_TWO(context, pPollDesc);
+
+        *pPollDesc = &(context->pollDesc);
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/* --Private-Ldap-CertStore-I/O-Functions---------------------------- */
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_ConnectContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether a socket Connect initiated earlier for the
+ *  CertStore embodied in the LdapDefaultClient "client" has completed, and
+ *  stores in "pKeepGoing" a flag indicating whether processing can continue
+ *  without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_ConnectContinue(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_PL_Socket_Callback *callbackList;
+        PRErrorCode status;
+        PKIX_Boolean keepGoing = PKIX_FALSE;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_ConnectContinue");
+        PKIX_NULLCHECK_ONE(client);
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->connectcontinueCallback
+                (client->clientSocket, &status, plContext),
+                PKIX_SOCKETCONNECTCONTINUEFAILED);
+
+        if (status == 0) {
+                if (client->bindAPI != NULL) {
+                        client->connectStatus = CONNECTED;
+                } else {
+                        client->connectStatus = BOUND;
+                }
+                keepGoing = PKIX_FALSE;
+        } else if (status != PR_IN_PROGRESS_ERROR) {
+                PKIX_ERROR(PKIX_UNEXPECTEDERRORINESTABLISHINGCONNECTION);
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)client, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        *pKeepGoing = keepGoing;
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_Bind
+ * DESCRIPTION:
+ *
+ *  This function creates and sends the LDAP-protocol Bind message for the
+ *  CertStore embodied in the LdapDefaultClient "client", and stores in
+ *  "pKeepGoing" a flag indicating whether processing can continue without
+ *  further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_Bind(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        SECItem *encoded = NULL;
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_Socket_Callback *callbackList;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Bind");
+        PKIX_NULLCHECK_ONE(client);
+
+        /* if we have not yet constructed the BIND message, build it now */
+        if (!(client->bindMsg)) {
+                PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeBind
+                        (client->arena,
+                        3,
+                        client->bindAPI,
+                        client->messageID,
+                        &encoded,
+                        plContext),
+                        PKIX_LDAPDEFAULTCLIENTMAKEBINDFAILED);
+                client->bindMsg = encoded->data;
+                client->bindMsgLen = encoded->len;
+        }
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->sendCallback
+                (client->clientSocket,
+                client->bindMsg,
+                client->bindMsgLen,
+                &bytesWritten,
+                plContext),
+                PKIX_SOCKETSENDFAILED);
+
+        client->lastIO = PR_Now();
+
+        if (bytesWritten < 0) {
+                client->connectStatus = BIND_PENDING;
+                *pKeepGoing = PKIX_FALSE;
+        } else {
+                client->connectStatus = BIND_RESPONSE;
+                *pKeepGoing = PKIX_TRUE;
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)client, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_BindContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether the LDAP-protocol Bind message for the
+ *  CertStore embodied in the LdapDefaultClient "client" has completed, and
+ *  stores in "pKeepGoing" a flag indicating whether processing can continue
+ *  without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *pkix_pl_LdapDefaultClient_BindContinue(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_BindContinue");
+        PKIX_NULLCHECK_ONE(client);
+
+        *pKeepGoing = PKIX_FALSE;
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->pollCallback
+                (client->clientSocket, &bytesWritten, NULL, plContext),
+                PKIX_SOCKETPOLLFAILED);
+
+        /*
+         * If the send completed we can proceed to try for the
+         * response. If the send did not complete we will have
+         * continue to poll.
+         */
+        if (bytesWritten >= 0) {
+
+                client->connectStatus = BIND_RESPONSE;
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)client, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+
+                *pKeepGoing = PKIX_TRUE;
+        }
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_BindResponse
+ * DESCRIPTION:
+ *
+ *  This function attempts to read the LDAP-protocol BindResponse message for
+ *  the CertStore embodied in the LdapDefaultClient "client", and stores in
+ *  "pKeepGoing" a flag indicating whether processing can continue without
+ *  further input.
+ *
+ *  If a BindResponse is received with a Result code of 0 (success), we
+ *  continue with the connection. If a non-zero Result code is received,
+ *  we throw an Error. Some more sophisticated handling of that condition
+ *  might be in order in the future.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_BindResponse(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_BindResponse");
+        PKIX_NULLCHECK_TWO(client, client->rcvBuf);
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->recvCallback
+                (client->clientSocket,
+                client->rcvBuf,
+                client->capacity,
+                &bytesRead,
+                plContext),
+                PKIX_SOCKETRECVFAILED);
+
+        client->lastIO = PR_Now();
+
+        if (bytesRead > 0) {
+                PKIX_CHECK(pkix_pl_LdapDefaultClient_VerifyBindResponse
+                        (client, bytesRead, plContext),
+                        PKIX_LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED);
+                /*
+                 * XXX What should we do if failure? At present if
+                 * VerifyBindResponse throws an Error, we do too.
+                 */
+                client->connectStatus = BOUND;
+        } else {
+                client->connectStatus = BIND_RESPONSE_PENDING;
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)client, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        *pKeepGoing = PKIX_TRUE;
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_BindResponseContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether the LDAP-protocol BindResponse message for
+ *  the CertStore embodied in the LdapDefaultClient "client" has completed, and
+ *  stores in "pKeepGoing" a flag indicating whether processing can continue
+ *  without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_BindResponseContinue(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_BindResponseContinue");
+        PKIX_NULLCHECK_ONE(client);
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->pollCallback
+                (client->clientSocket, NULL, &bytesRead, plContext),
+                PKIX_SOCKETPOLLFAILED);
+
+        if (bytesRead > 0) {
+                PKIX_CHECK(pkix_pl_LdapDefaultClient_VerifyBindResponse
+                        (client, bytesRead, plContext),
+                        PKIX_LDAPDEFAULTCLIENTVERIFYBINDRESPONSEFAILED);
+                client->connectStatus = BOUND;
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)client, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+
+                *pKeepGoing = PKIX_TRUE;
+        } else {
+                *pKeepGoing = PKIX_FALSE;
+        }
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_Send
+ * DESCRIPTION:
+ *
+ *  This function creates and sends an LDAP-protocol message for the
+ *  CertStore embodied in the LdapDefaultClient "client", and stores in
+ *  "pKeepGoing" a flag indicating whether processing can continue without
+ *  further input, and at "pBytesTransferred" the number of bytes sent.
+ *
+ *  If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
+ *  and that transmission has not completed.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "pBytesTransferred"
+ *      The address at which the number of bytes sent is stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_Send(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        PKIX_UInt32 *pBytesTransferred,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Send");
+        PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
+
+        *pKeepGoing = PKIX_FALSE;
+
+        /* Do we have anything waiting to go? */
+        if (client->sendBuf) {
+                callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+                PKIX_CHECK(callbackList->sendCallback
+                        (client->clientSocket,
+                        client->sendBuf,
+                        client->bytesToWrite,
+                        &bytesWritten,
+                        plContext),
+                        PKIX_SOCKETSENDFAILED);
+
+                client->lastIO = PR_Now();
+
+                /*
+                 * If the send completed we can proceed to try for the
+                 * response. If the send did not complete we will have
+                 * to poll for completion later.
+                 */
+                if (bytesWritten >= 0) {
+                        client->sendBuf = NULL;
+                        client->connectStatus = RECV;
+                        *pKeepGoing = PKIX_TRUE;
+
+                } else {
+                        *pKeepGoing = PKIX_FALSE;
+                        client->connectStatus = SEND_PENDING;
+                }
+
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)client, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+        *pBytesTransferred = bytesWritten;
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_SendContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether the sending of the LDAP-protocol message
+ *  for the CertStore embodied in the LdapDefaultClient "client" has completed,
+ *  and stores in "pKeepGoing" a flag indicating whether processing can continue
+ *  without further input, and at "pBytesTransferred" the number of bytes sent.
+ *
+ *  If "pBytesTransferred" is zero, it indicates that non-blocking I/O is in use
+ *  and that transmission has not completed.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "pBytesTransferred"
+ *      The address at which the number of bytes sent is stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_SendContinue(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        PKIX_UInt32 *pBytesTransferred,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_SendContinue");
+        PKIX_NULLCHECK_THREE(client, pKeepGoing, pBytesTransferred);
+
+        *pKeepGoing = PKIX_FALSE;
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->pollCallback
+                (client->clientSocket, &bytesWritten, NULL, plContext),
+                PKIX_SOCKETPOLLFAILED);
+
+        /*
+         * If the send completed we can proceed to try for the
+         * response. If the send did not complete we will have
+         * continue to poll.
+         */
+        if (bytesWritten >= 0) {
+                client->sendBuf = NULL;
+                client->connectStatus = RECV;
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)client, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+
+                *pKeepGoing = PKIX_TRUE;
+        }
+
+        *pBytesTransferred = bytesWritten;
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_Recv
+ * DESCRIPTION:
+ *
+ *  This function receives an LDAP-protocol message for the CertStore embodied
+ *  in the LdapDefaultClient "client", and stores in "pKeepGoing" a flag
+ *  indicating whether processing can continue without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_Recv(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesRead = 0;
+        PKIX_UInt32 bytesToRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Recv");
+        PKIX_NULLCHECK_THREE(client, pKeepGoing, client->rcvBuf);
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        /*
+         * If we attempt to fill our buffer with every read, we increase
+         * the risk of an ugly situation: one or two bytes of a new message
+         * left over at the end of processing one message. With such a
+         * fragment, we can't decode a byte count and so won't know how much
+         * space to allocate for the next LdapResponse. We try to avoid that
+         * case by reading just enough to complete the current message, unless
+         * there will be at least MINIMUM_MSG_LENGTH bytes left over.
+         */
+        if (client->currentResponse) {
+                PKIX_CHECK(pkix_pl_LdapResponse_GetCapacity
+                        (client->currentResponse, &bytesToRead, plContext),
+                        PKIX_LDAPRESPONSEGETCAPACITYFAILED);
+                if ((bytesToRead > client->capacity) ||
+                    ((bytesToRead + MINIMUM_MSG_LENGTH) < client->capacity)) {
+                        bytesToRead = client->capacity;
+                }
+        } else {
+                bytesToRead = client->capacity;
+        }
+
+        client->currentBytesAvailable = 0;
+
+        PKIX_CHECK(callbackList->recvCallback
+                (client->clientSocket,
+                (void *)client->rcvBuf,
+                bytesToRead,
+                &bytesRead,
+                plContext),
+                PKIX_SOCKETRECVFAILED);
+
+        client->currentInPtr = client->rcvBuf;
+        client->lastIO = PR_Now();
+
+        if (bytesRead > 0) {
+                client->currentBytesAvailable = bytesRead;
+                client->connectStatus = RECV_INITIAL;
+                *pKeepGoing = PKIX_TRUE;
+        } else {
+                client->connectStatus = RECV_PENDING;
+                *pKeepGoing = PKIX_FALSE;
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                ((PKIX_PL_Object *)client, plContext),
+                PKIX_OBJECTINVALIDATECACHEFAILED);
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_RecvContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether the receiving of the LDAP-protocol message
+ *  for the CertStore embodied in the LdapDefaultClient "client" has completed,
+ *  and stores in "pKeepGoing" a flag indicating whether processing can continue
+ *  without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_RecvContinue(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_RecvContinue");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->pollCallback
+                (client->clientSocket, NULL, &bytesRead, plContext),
+                PKIX_SOCKETPOLLFAILED);
+
+        if (bytesRead > 0) {
+                client->currentBytesAvailable += bytesRead;
+                client->connectStatus = RECV_INITIAL;
+                *pKeepGoing = PKIX_TRUE;
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)client, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+        } else {
+                *pKeepGoing = PKIX_FALSE;
+        }
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_AbandonContinue
+ * DESCRIPTION:
+ *
+ *  This function determines whether the abandon-message request of the
+ *  LDAP-protocol message for the CertStore embodied in the LdapDefaultClient
+ *  "client" has completed, and stores in "pKeepGoing" a flag indicating whether
+ *  processing can continue without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_AbandonContinue(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_AbandonContinue");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+
+        PKIX_CHECK(callbackList->pollCallback
+                (client->clientSocket, &bytesWritten, NULL, plContext),
+                PKIX_SOCKETPOLLFAILED);
+
+        if (bytesWritten > 0) {
+                client->connectStatus = BOUND;
+                *pKeepGoing = PKIX_TRUE;
+
+                PKIX_CHECK(PKIX_PL_Object_InvalidateCache
+                        ((PKIX_PL_Object *)client, plContext),
+                        PKIX_OBJECTINVALIDATECACHEFAILED);
+        } else {
+                *pKeepGoing = PKIX_FALSE;
+        }
+
+cleanup:
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_RecvInitial
+ * DESCRIPTION:
+ *
+ *  This function processes the contents of the first buffer of a received
+ *  LDAP-protocol message for the CertStore embodied in the LdapDefaultClient
+ *  "client", and stores in "pKeepGoing" a flag indicating whether processing can
+ *  continue without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_RecvInitial(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+        unsigned char *msgBuf = NULL;
+        unsigned char *to = NULL;
+        unsigned char *from = NULL;
+        PKIX_UInt32 dataIndex = 0;
+        PKIX_UInt32 messageIdLen = 0;
+        PKIX_UInt32 messageLength = 0;
+        PKIX_UInt32 sizeofLength = 0;
+        PKIX_UInt32 bytesProcessed = 0;
+        unsigned char messageChar = 0;
+        LDAPMessageType messageType = 0;
+        PKIX_Int32 bytesRead = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_RecvInitial");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        /*
+         * Is there an LDAPResponse in progress? I.e., have we
+         * already processed the tag and length at the beginning of
+         * the message?
+         */
+        if (client->currentResponse) {
+                client->connectStatus = RECV_NONINITIAL;
+                *pKeepGoing = PKIX_TRUE;
+                goto cleanup;
+        }
+        msgBuf = client->currentInPtr;
+
+        /* Do we have enough of the message to decode the message length? */
+        if (client->currentBytesAvailable < MINIMUM_MSG_LENGTH) {
+                /*
+                 * No! Move these few bytes to the beginning of rcvBuf
+                 * and hang another read.
+                 */
+
+                to = (unsigned char *)client->rcvBuf;
+                from = client->currentInPtr;
+                for (dataIndex = 0;
+                    dataIndex < client->currentBytesAvailable;
+                    dataIndex++) {
+                        *to++ = *from++;
+                }
+                callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+                PKIX_CHECK(callbackList->recvCallback
+                        (client->clientSocket,
+                        (void *)to,
+                        client->capacity - client->currentBytesAvailable,
+                        &bytesRead,
+                        plContext),
+                        PKIX_SOCKETRECVFAILED);
+
+                client->currentInPtr = client->rcvBuf;
+                client->lastIO = PR_Now();
+
+                if (bytesRead <= 0) {
+                        client->connectStatus = RECV_PENDING;
+                        *pKeepGoing = PKIX_FALSE;
+                        goto cleanup;
+                } else {
+                        client->currentBytesAvailable += bytesRead;
+                }
+        }
+
+        /*
+         * We have to determine whether the response is an entry, with
+         * application-specific tag LDAP_SEARCHRESPONSEENTRY_TYPE, or a
+         * resultCode, with application tag LDAP_SEARCHRESPONSERESULT_TYPE.
+         * First, we have to figure out where to look for the tag.
+         */
+
+        /* Is the message length short form (one octet) or long form? */
+        if ((msgBuf[1] & 0x80) != 0) {
+                sizeofLength = msgBuf[1] & 0x7F;
+                for (dataIndex = 0; dataIndex < sizeofLength; dataIndex++) {
+                        messageLength =
+                                (messageLength << 8) + msgBuf[dataIndex + 2];
+                }
+        } else {
+                messageLength = msgBuf[1];
+        }
+
+        /* How many bytes did the messageID require? */
+        messageIdLen = msgBuf[dataIndex + 3];
+
+        messageChar = msgBuf[dataIndex + messageIdLen + 4];
+
+        /* Are we looking at an Entry message or a ResultCode message? */
+        if ((SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION |
+            LDAP_SEARCHRESPONSEENTRY_TYPE) == messageChar) {
+
+                messageType = LDAP_SEARCHRESPONSEENTRY_TYPE;
+
+        } else if ((SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION |
+            LDAP_SEARCHRESPONSERESULT_TYPE) == messageChar) {
+
+                messageType = LDAP_SEARCHRESPONSERESULT_TYPE;
+
+        } else {
+
+                PKIX_ERROR(PKIX_SEARCHRESPONSEPACKETOFUNKNOWNTYPE);
+
+        }
+
+        /*
+         * messageLength is the length from (tag, length, value).
+         * We have to allocate space for the tag and length bits too.
+         */
+        PKIX_CHECK(pkix_pl_LdapResponse_Create
+                (messageType,
+                messageLength + dataIndex + 2,
+                client->currentBytesAvailable,
+                msgBuf,
+                &bytesProcessed,
+                &(client->currentResponse),
+                plContext),
+                PKIX_LDAPRESPONSECREATEFAILED);
+
+        client->currentBytesAvailable -= bytesProcessed;
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_RecvCheckComplete
+                (client, bytesProcessed, pKeepGoing, plContext),
+                PKIX_LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_RecvNonInitial
+ * DESCRIPTION:
+ *
+ *  This function processes the contents of buffers, after the first, of a
+ *  received LDAP-protocol message for the CertStore embodied in the
+ *  LdapDefaultClient "client", and stores in "pKeepGoing" a flag indicating
+ *  whether processing can continue without further input.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pKeepGoing"
+ *      The address at which the Boolean state machine flag is stored to
+ *      indicate whether processing can continue without further input.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_RecvNonInitial(
+        PKIX_PL_LdapDefaultClient *client,
+        PKIX_Boolean *pKeepGoing,
+        void *plContext)
+{
+
+        PKIX_UInt32 bytesProcessed = 0;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_RecvNonInitial");
+        PKIX_NULLCHECK_TWO(client, pKeepGoing);
+
+        PKIX_CHECK(pkix_pl_LdapResponse_Append
+                (client->currentResponse,
+                client->currentBytesAvailable,
+                client->currentInPtr,
+                &bytesProcessed,
+                plContext),
+                PKIX_LDAPRESPONSEAPPENDFAILED);
+
+        client->currentBytesAvailable -= bytesProcessed;
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_RecvCheckComplete
+                (client, bytesProcessed, pKeepGoing, plContext),
+                PKIX_LDAPDEFAULTCLIENTRECVCHECKCOMPLETEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_Dispatch
+ * DESCRIPTION:
+ *
+ *  This function is the state machine dispatcher for the CertStore embodied in
+ *  the LdapDefaultClient pointed to by "client". Results are returned by
+ *  changes to various fields in the context.
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_Dispatch(
+        PKIX_PL_LdapDefaultClient *client,
+        void *plContext)
+{
+        PKIX_UInt32 bytesTransferred = 0;
+        PKIX_Boolean keepGoing = PKIX_TRUE;
+
+        PKIX_ENTER(LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_Dispatch");
+        PKIX_NULLCHECK_ONE(client);
+
+        while (keepGoing) {
+                switch (client->connectStatus) {
+                case CONNECT_PENDING:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_ConnectContinue
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTCONNECTCONTINUEFAILED);
+                        break;
+                case CONNECTED:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_Bind
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTBINDFAILED);
+                        break;
+                case BIND_PENDING:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_BindContinue
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTBINDCONTINUEFAILED);
+                        break;
+                case BIND_RESPONSE:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_BindResponse
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTBINDRESPONSEFAILED);
+                        break;
+                case BIND_RESPONSE_PENDING:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_BindResponseContinue
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTBINDRESPONSECONTINUEFAILED);
+                        break;
+                case BOUND:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_Send
+                                (client, &keepGoing, &bytesTransferred, plContext),
+                                PKIX_LDAPDEFAULTCLIENTSENDFAILED);
+                        break;
+                case SEND_PENDING:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_SendContinue
+                                (client, &keepGoing, &bytesTransferred, plContext),
+                                PKIX_LDAPDEFAULTCLIENTSENDCONTINUEFAILED);
+                        break;
+                case RECV:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_Recv
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTRECVFAILED);
+                        break;
+                case RECV_PENDING:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_RecvContinue
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTRECVCONTINUEFAILED);
+                        break;
+                case RECV_INITIAL:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_RecvInitial
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTRECVINITIALFAILED);
+                        break;
+                case RECV_NONINITIAL:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_RecvNonInitial
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTRECVNONINITIALFAILED);
+                        break;
+                case ABANDON_PENDING:
+                        PKIX_CHECK
+                                (pkix_pl_LdapDefaultClient_AbandonContinue
+                                (client, &keepGoing, plContext),
+                                PKIX_LDAPDEFAULTCLIENTABANDONCONTINUEFAILED);
+                        break;
+                default:
+                        PKIX_ERROR(PKIX_LDAPCERTSTOREINILLEGALSTATE);
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_MakeAndFilter
+ * DESCRIPTION:
+ *
+ *  This function allocates space from the arena pointed to by "arena" to
+ *  construct a filter that will match components of the X500Name pointed to by
+ *  XXX...
+ *
+ * PARAMETERS:
+ *  "arena"
+ *      The address of the PLArenaPool used in creating the filter. Must be
+ *       non-NULL.
+ *  "nameComponent"
+ *      The address of a NULL-terminated list of LDAPNameComponents
+ *      Must be non-NULL.
+ *  "pFilter"
+ *      The address at which the result is stored.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_MakeAndFilter(
+        PLArenaPool *arena,
+        LDAPNameComponent **nameComponents,
+        LDAPFilter **pFilter,
+        void *plContext)
+{
+        LDAPFilter **setOfFilter;
+        LDAPFilter *andFilter = NULL;
+        LDAPFilter *currentFilter = NULL;
+        PKIX_UInt32 componentsPresent = 0;
+        void *v = NULL;
+        unsigned char *component = NULL;
+        LDAPNameComponent **componentP = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_LdapDefaultClient_MakeAndFilter");
+        PKIX_NULLCHECK_THREE(arena, nameComponents, pFilter);
+
+        /* count how many components we were provided */
+        for (componentP = nameComponents, componentsPresent = 0;
+                *(componentP++) != NULL;
+                componentsPresent++) {}
+
+        /* Space for (componentsPresent + 1) pointers to LDAPFilter */
+        PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZAlloc,
+                (arena, (componentsPresent + 1)*sizeof(LDAPFilter *)));
+        setOfFilter = (LDAPFilter **)v;
+
+        /* Space for AndFilter and <componentsPresent> EqualFilters */
+        PKIX_PL_NSSCALLRV(CERTSTORE, v, PORT_ArenaZNewArray,
+                (arena, LDAPFilter, componentsPresent + 1));
+        setOfFilter[0] = (LDAPFilter *)v;
+
+        /* Claim the first array element for the ANDFilter */
+        andFilter = setOfFilter[0];
+
+        /* Set ANDFilter to point to the first EqualFilter pointer */
+        andFilter->selector = LDAP_ANDFILTER_TYPE;
+        andFilter->filter.andFilter.filters = setOfFilter;
+
+        currentFilter = andFilter + 1;
+
+        for (componentP = nameComponents, componentsPresent = 0;
+                *(componentP) != NULL; componentP++) {
+                setOfFilter[componentsPresent++] = currentFilter;
+                currentFilter->selector = LDAP_EQUALFILTER_TYPE;
+                component = (*componentP)->attrType;
+                currentFilter->filter.equalFilter.attrType.data = component;
+                currentFilter->filter.equalFilter.attrType.len = 
+                        PL_strlen((const char *)component);
+                component = (*componentP)->attrValue;
+                currentFilter->filter.equalFilter.attrValue.data = component;
+                currentFilter->filter.equalFilter.attrValue.len =
+                        PL_strlen((const char *)component);
+                currentFilter++;
+        }
+
+        setOfFilter[componentsPresent] = NULL;
+
+        *pFilter = andFilter;
+
+        PKIX_RETURN(CERTSTORE);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_InitiateRequest
+ * DESCRIPTION:
+ *
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "requestParams"
+ *      The address of an LdapClientParams object. Must be non-NULL.
+ *  "pPollDesc"
+ *      The location where the address of the PRPollDesc is stored, if the
+ *      client returns with I/O pending.
+ *  "pResponse"
+ *      The address where the List of LDAPResponses, or NULL for an
+ *      unfinished request, is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_InitiateRequest(
+        PKIX_PL_LdapClient *genericClient,
+        LDAPRequestParams *requestParams,
+        void **pPollDesc,
+        PKIX_List **pResponse,
+        void *plContext)
+{
+        PKIX_List *searchResponseList = NULL;
+        SECItem *encoded = NULL;
+        LDAPFilter *filter = NULL;
+        PKIX_PL_LdapDefaultClient *client = 0;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT,
+                "pkix_pl_LdapDefaultClient_InitiateRequest");
+        PKIX_NULLCHECK_FOUR(genericClient, requestParams, pPollDesc, pResponse);
+
+        PKIX_CHECK(pkix_CheckType
+                ((PKIX_PL_Object *)genericClient,
+                PKIX_LDAPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_GENERICCLIENTNOTANLDAPDEFAULTCLIENT);
+
+        client = (PKIX_PL_LdapDefaultClient *)genericClient;
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeAndFilter
+                (client->arena, requestParams->nc, &filter, plContext),
+                PKIX_LDAPDEFAULTCLIENTMAKEANDFILTERFAILED);
+
+        PKIX_CHECK(pkix_pl_LdapRequest_Create
+                (client->arena,
+                client->messageID++,
+                requestParams->baseObject,
+                requestParams->scope,
+                requestParams->derefAliases,
+                requestParams->sizeLimit,
+                requestParams->timeLimit,
+                PKIX_FALSE,    /* attrs only */
+                filter,
+                requestParams->attributes,
+                &client->currentRequest,
+                plContext),
+                PKIX_LDAPREQUESTCREATEFAILED);
+
+        /* check hashtable for matching request */
+        PKIX_CHECK(PKIX_PL_HashTable_Lookup
+                (client->cachePtr,
+                (PKIX_PL_Object *)(client->currentRequest),
+                (PKIX_PL_Object **)&searchResponseList,
+                plContext),
+                PKIX_HASHTABLELOOKUPFAILED);
+
+        if (searchResponseList != NULL) {
+                *pPollDesc = NULL;
+                *pResponse = searchResponseList;
+                PKIX_DECREF(client->currentRequest);
+                goto cleanup;
+        }
+
+        /* It wasn't cached. We'll have to actually send it. */
+
+        PKIX_CHECK(pkix_pl_LdapRequest_GetEncoded
+                (client->currentRequest, &encoded, plContext),
+                PKIX_LDAPREQUESTGETENCODEDFAILED);
+
+        client->sendBuf = encoded->data;
+        client->bytesToWrite = encoded->len;
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_Dispatch(client, plContext),
+                PKIX_LDAPDEFAULTCLIENTDISPATCHFAILED);
+
+        /*
+         * It's not enough that we may be done with a particular read.
+         * We're still processing the transaction until we've gotten the
+         * SearchResponseResult message and returned to the BOUND state.
+         * Otherwise we must still have a read pending, and must hold off
+         * on returning results.
+         */
+        if ((client->connectStatus == BOUND) &&
+	    (client->entriesFound != NULL)) {
+                *pPollDesc = NULL;
+                *pResponse = client->entriesFound;
+                client->entriesFound = NULL;
+                PKIX_DECREF(client->currentRequest);
+        } else {
+                *pPollDesc = &client->pollDesc;
+                *pResponse = NULL;
+        }
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapDefaultClient_ResumeRequest
+ * DESCRIPTION:
+ *
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The address of the LdapDefaultClient object. Must be non-NULL.
+ *  "pPollDesc"
+ *      The location where the address of the PRPollDesc is stored, if the
+ *      client returns with I/O pending.
+ *  "pResponse"
+ *      The address where the List of LDAPResponses, or NULL for an
+ *      unfinished request, is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a LdapDefaultClient Error if the function fails in a
+ *      non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapDefaultClient_ResumeRequest(
+        PKIX_PL_LdapClient *genericClient,
+        void **pPollDesc,
+        PKIX_List **pResponse,
+        void *plContext)
+{
+        PKIX_PL_LdapDefaultClient *client = 0;
+
+        PKIX_ENTER
+                (LDAPDEFAULTCLIENT, "pkix_pl_LdapDefaultClient_ResumeRequest");
+        PKIX_NULLCHECK_THREE(genericClient, pPollDesc, pResponse);
+
+        PKIX_CHECK(pkix_CheckType
+                ((PKIX_PL_Object *)genericClient,
+                PKIX_LDAPDEFAULTCLIENT_TYPE,
+                plContext),
+                PKIX_GENERICCLIENTNOTANLDAPDEFAULTCLIENT);
+
+        client = (PKIX_PL_LdapDefaultClient *)genericClient;
+
+        PKIX_CHECK(pkix_pl_LdapDefaultClient_Dispatch(client, plContext),
+                PKIX_LDAPDEFAULTCLIENTDISPATCHFAILED);
+
+        /*
+         * It's not enough that we may be done with a particular read.
+         * We're still processing the transaction until we've gotten the
+         * SearchResponseResult message and returned to the BOUND state.
+         * Otherwise we must still have a read pending, and must hold off
+         * on returning results.
+         */
+        if ((client->connectStatus == BOUND) &&
+	    (client->entriesFound != NULL)) {
+                *pPollDesc = NULL;
+                *pResponse = client->entriesFound;
+                client->entriesFound = NULL;
+                PKIX_DECREF(client->currentRequest);
+        } else {
+                *pPollDesc = &client->pollDesc;
+                *pResponse = NULL;
+        }
+
+cleanup:
+
+        PKIX_RETURN(LDAPDEFAULTCLIENT);
+
+}
+
+/* --Public-LdapDefaultClient-Functions----------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_LdapDefaultClient_AbandonRequest
+ * DESCRIPTION:
+ *
+ *  This function creates and sends an LDAP-protocol "Abandon" message to the 
+ *  server connected to the LdapDefaultClient pointed to by "client".
+ *
+ * PARAMETERS:
+ *  "client"
+ *      The LdapDefaultClient whose connection is to be abandoned. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_LdapDefaultClient_AbandonRequest(
+        PKIX_PL_LdapDefaultClient *client,
+        void *plContext)
+{
+        PKIX_Int32 bytesWritten = 0;
+        PKIX_PL_Socket_Callback *callbackList = NULL;
+        SECItem *encoded = NULL;
+
+        PKIX_ENTER(CERTSTORE, "PKIX_PL_LdapDefaultClient_AbandonRequest");
+        PKIX_NULLCHECK_ONE(client);
+
+        if (client->connectStatus == RECV_PENDING) {
+                PKIX_CHECK(pkix_pl_LdapDefaultClient_MakeAbandon
+                        (client->arena,
+                        (client->messageID) - 1,
+                        &encoded,
+                        plContext),
+                        PKIX_LDAPDEFAULTCLIENTMAKEABANDONFAILED);
+
+                callbackList = (PKIX_PL_Socket_Callback *)(client->callbackList);
+                PKIX_CHECK(callbackList->sendCallback
+                        (client->clientSocket,
+                        encoded->data,
+                        encoded->len,
+                        &bytesWritten,
+                        plContext),
+                        PKIX_SOCKETSENDFAILED);
+
+                if (bytesWritten < 0) {
+                        client->connectStatus = ABANDON_PENDING;
+                } else {
+                        client->connectStatus = BOUND;
+                }
+        }
+
+        PKIX_DECREF(client->entriesFound);
+        PKIX_DECREF(client->currentRequest);
+        PKIX_DECREF(client->currentResponse);
+
+cleanup:
+
+        PKIX_DECREF(client);
+
+        PKIX_RETURN(CERTSTORE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h
new file mode 100644
index 0000000..4abe043
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.h
@@ -0,0 +1,82 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldapdefaultclient.h
+ *
+ * LDAPDefaultClient Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_LDAPDEFAULTCLIENT_H
+#define _PKIX_PL_LDAPDEFAULTCLIENT_H
+
+#include "pkix_pl_ldapt.h"
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * At the time of this version, there are unresolved questions about the LDAP
+ * protocol. Although RFC1777 describes a BIND and UNBIND message, it is not
+ * clear whether they are appropriate to this application. We have tested only
+ * using servers that do not expect authentication, and that reject BIND
+ * messages. It is not clear what values might be appropriate for the bindname
+ * and authentication fields, which are currently implemented as char strings
+ * supplied by the caller. (If this changes, the API and possibly the templates
+ * will have to change.) Therefore the LDAPClient_Create API contains a
+ * BindAPI structure, a union, which will have to be revised and extended when
+ * this area of the protocol is better understood.
+ *
+ */
+
+typedef enum {
+        CONNECT_PENDING,
+        CONNECTED,
+        BIND_PENDING,
+        BIND_RESPONSE,
+        BIND_RESPONSE_PENDING,
+        BOUND,
+        SEND_PENDING,
+        RECV,
+        RECV_PENDING,
+        RECV_INITIAL,
+        RECV_NONINITIAL,
+        ABANDON_PENDING
+} LdapClientConnectStatus;
+
+struct PKIX_PL_LdapDefaultClientStruct {
+        PKIX_PL_LdapClient vtable;
+        LdapClientConnectStatus connectStatus;
+        PKIX_UInt32 messageID;
+        PKIX_PL_HashTable *cachePtr;
+        PKIX_PL_Socket *clientSocket;
+        PRPollDesc pollDesc;
+        void *callbackList; /* cast this to (PKIX_PL_Socket_Callback *) */
+        LDAPBindAPI *bindAPI;
+        PLArenaPool *arena;
+        PRTime lastIO;
+        void *sendBuf;
+        PKIX_UInt32 bytesToWrite;
+        void *rcvBuf;
+        PKIX_UInt32 capacity;
+        void *currentInPtr;
+        PKIX_UInt32 currentBytesAvailable;
+        void *bindMsg;
+        PKIX_UInt32 bindMsgLen;
+        PKIX_List *entriesFound;
+        PKIX_PL_LdapRequest *currentRequest;
+        PKIX_PL_LdapResponse *currentResponse;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_LdapDefaultClient_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_LDAPDEFAULTCLIENT_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
new file mode 100644
index 0000000..4546e33
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
@@ -0,0 +1,757 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldaprequest.c
+ *
+ */
+
+#include "pkix_pl_ldaprequest.h"
+
+/* --Private-LdapRequest-Functions------------------------------------- */
+
+/* Note: lengths do not include the NULL terminator */
+static const char caAttr[] = "caCertificate;binary";
+static unsigned int caAttrLen = sizeof(caAttr) - 1;
+static const char uAttr[] = "userCertificate;binary";
+static unsigned int uAttrLen = sizeof(uAttr) - 1;
+static const char ccpAttr[] = "crossCertificatePair;binary";
+static unsigned int ccpAttrLen = sizeof(ccpAttr) - 1;
+static const char crlAttr[] = "certificateRevocationList;binary";
+static unsigned int crlAttrLen = sizeof(crlAttr) - 1;
+static const char arlAttr[] = "authorityRevocationList;binary";
+static unsigned int arlAttrLen = sizeof(arlAttr) - 1;
+
+/*
+ * XXX If this function were moved into pkix_pl_ldapcertstore.c then all of
+ * LdapRequest and LdapResponse could be considered part of the LDAP client.
+ * But the constants, above, would have to be copied as well, and they are
+ * also needed in pkix_pl_LdapRequest_EncodeAttrs. So there would have to be
+ * two copies.
+ */
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_AttrTypeToBit
+ * DESCRIPTION:
+ *
+ *  This function creates an attribute mask bit corresponding to the SECItem
+ *  pointed to by "attrType", storing the result at "pAttrBit". The comparison
+ *  is case-insensitive. If "attrType" does not match any of the known types,
+ *  zero is stored at "pAttrBit".
+ *
+ * PARAMETERS
+ *  "attrType"
+ *      The address of the SECItem whose string contents are to be compared to
+ *      the various known attribute types. Must be non-NULL.
+ *  "pAttrBit"
+ *      The address where the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapRequest Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapRequest_AttrTypeToBit(
+        SECItem *attrType,
+        LdapAttrMask *pAttrBit,
+        void *plContext)
+{
+        LdapAttrMask attrBit = 0;
+        unsigned int attrLen = 0;
+        const char *s = NULL;
+
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_AttrTypeToBit");
+        PKIX_NULLCHECK_TWO(attrType, pAttrBit);
+
+        s = (const char *)attrType->data;
+        attrLen = attrType->len;
+
+        /*
+         * Taking note of the fact that all of the comparand strings are
+         * different lengths, we do a slight optimization. If a string
+         * length matches but the string does not match, we skip comparing
+         * to the other strings. If new strings are added to the comparand
+         * list, and any are of equal length, be careful to change the
+         * grouping of tests accordingly.
+         */
+        if (attrLen == caAttrLen) {
+                if (PORT_Strncasecmp(caAttr, s, attrLen) == 0) {
+                        attrBit = LDAPATTR_CACERT;
+                }
+        } else if (attrLen == uAttrLen) {
+                if (PORT_Strncasecmp(uAttr, s, attrLen) == 0) {
+                        attrBit = LDAPATTR_USERCERT;
+                }
+        } else if (attrLen == ccpAttrLen) {
+                if (PORT_Strncasecmp(ccpAttr, s, attrLen) == 0) {
+                        attrBit = LDAPATTR_CROSSPAIRCERT;
+                }
+        } else if (attrLen == crlAttrLen) {
+                if (PORT_Strncasecmp(crlAttr, s, attrLen) == 0) {
+                        attrBit = LDAPATTR_CERTREVLIST;
+                }
+        } else if (attrLen == arlAttrLen) {
+                if (PORT_Strncasecmp(arlAttr, s, attrLen) == 0) {
+                        attrBit = LDAPATTR_AUTHREVLIST;
+                }
+        }
+
+        *pAttrBit = attrBit;
+
+        PKIX_RETURN(LDAPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_AttrStringToBit
+ * DESCRIPTION:
+ *
+ *  This function creates an attribute mask bit corresponding to the null-
+ *  terminated string pointed to by "attrString", storing the result at
+ *  "pAttrBit". The comparison is case-insensitive. If "attrString" does not
+ *  match any of the known types, zero is stored at "pAttrBit".
+ *
+ * PARAMETERS
+ *  "attrString"
+ *      The address of the null-terminated string whose contents are to be compared to
+ *      the various known attribute types. Must be non-NULL.
+ *  "pAttrBit"
+ *      The address where the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapRequest Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapRequest_AttrStringToBit(
+        char *attrString,
+        LdapAttrMask *pAttrBit,
+        void *plContext)
+{
+        LdapAttrMask attrBit = 0;
+        unsigned int attrLen = 0;
+
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_AttrStringToBit");
+        PKIX_NULLCHECK_TWO(attrString, pAttrBit);
+
+        attrLen = PL_strlen(attrString);
+
+        /*
+         * Taking note of the fact that all of the comparand strings are
+         * different lengths, we do a slight optimization. If a string
+         * length matches but the string does not match, we skip comparing
+         * to the other strings. If new strings are added to the comparand
+         * list, and any are of equal length, be careful to change the
+         * grouping of tests accordingly.
+         */
+        if (attrLen == caAttrLen) {
+                if (PORT_Strncasecmp(caAttr, attrString, attrLen) == 0) {
+                        attrBit = LDAPATTR_CACERT;
+                }
+        } else if (attrLen == uAttrLen) {
+                if (PORT_Strncasecmp(uAttr, attrString, attrLen) == 0) {
+                        attrBit = LDAPATTR_USERCERT;
+                }
+        } else if (attrLen == ccpAttrLen) {
+                if (PORT_Strncasecmp(ccpAttr, attrString, attrLen) == 0) {
+                        attrBit = LDAPATTR_CROSSPAIRCERT;
+                }
+        } else if (attrLen == crlAttrLen) {
+                if (PORT_Strncasecmp(crlAttr, attrString, attrLen) == 0) {
+                        attrBit = LDAPATTR_CERTREVLIST;
+                }
+        } else if (attrLen == arlAttrLen) {
+                if (PORT_Strncasecmp(arlAttr, attrString, attrLen) == 0) {
+                        attrBit = LDAPATTR_AUTHREVLIST;
+                }
+        }
+
+        *pAttrBit = attrBit;
+
+        PKIX_RETURN(LDAPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_EncodeAttrs
+ * DESCRIPTION:
+ *
+ *  This function obtains the attribute mask bits from the LdapRequest pointed
+ *  to by "request", creates the corresponding array of AttributeTypes for the
+ *  encoding of the SearchRequest message.
+ *
+ * PARAMETERS
+ *  "request"
+ *      The address of the LdapRequest whose attributes are to be encoded. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapRequest Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_LdapRequest_EncodeAttrs(
+        PKIX_PL_LdapRequest *request,
+        void *plContext)
+{
+        SECItem **attrArray = NULL;
+        PKIX_UInt32 attrIndex = 0;
+        LdapAttrMask attrBits;
+
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_EncodeAttrs");
+        PKIX_NULLCHECK_ONE(request);
+
+        /* construct "attrs" according to bits in request->attrBits */
+        attrBits = request->attrBits;
+        attrArray = request->attrArray;
+        if ((attrBits & LDAPATTR_CACERT) == LDAPATTR_CACERT) {
+                attrArray[attrIndex] = &(request->attributes[attrIndex]);
+                request->attributes[attrIndex].type = siAsciiString;
+                request->attributes[attrIndex].data = (unsigned char *)caAttr;
+                request->attributes[attrIndex].len = caAttrLen;
+                attrIndex++;
+        }
+        if ((attrBits & LDAPATTR_USERCERT) == LDAPATTR_USERCERT) {
+                attrArray[attrIndex] = &(request->attributes[attrIndex]);
+                request->attributes[attrIndex].type = siAsciiString;
+                request->attributes[attrIndex].data = (unsigned char *)uAttr;
+                request->attributes[attrIndex].len = uAttrLen;
+                attrIndex++;
+        }
+        if ((attrBits & LDAPATTR_CROSSPAIRCERT) == LDAPATTR_CROSSPAIRCERT) {
+                attrArray[attrIndex] = &(request->attributes[attrIndex]);
+                request->attributes[attrIndex].type = siAsciiString;
+                request->attributes[attrIndex].data = (unsigned char *)ccpAttr;
+                request->attributes[attrIndex].len = ccpAttrLen;
+                attrIndex++;
+        }
+        if ((attrBits & LDAPATTR_CERTREVLIST) == LDAPATTR_CERTREVLIST) {
+                attrArray[attrIndex] = &(request->attributes[attrIndex]);
+                request->attributes[attrIndex].type = siAsciiString;
+                request->attributes[attrIndex].data = (unsigned char *)crlAttr;
+                request->attributes[attrIndex].len = crlAttrLen;
+                attrIndex++;
+        }
+        if ((attrBits & LDAPATTR_AUTHREVLIST) == LDAPATTR_AUTHREVLIST) {
+                attrArray[attrIndex] = &(request->attributes[attrIndex]);
+                request->attributes[attrIndex].type = siAsciiString;
+                request->attributes[attrIndex].data = (unsigned char *)arlAttr;
+                request->attributes[attrIndex].len = arlAttrLen;
+                attrIndex++;
+        }
+        attrArray[attrIndex] = (SECItem *)NULL;
+
+        PKIX_RETURN(LDAPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapRequest_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext),
+                    PKIX_OBJECTNOTLDAPREQUEST);
+
+        /*
+         * All dynamic fields in an LDAPRequest are allocated
+         * in an arena, and will be freed when the arena is destroyed.
+         */
+
+cleanup:
+
+        PKIX_RETURN(LDAPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapRequest_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_UInt32 dataLen = 0;
+        PKIX_UInt32 dindex = 0;
+        PKIX_UInt32 sizeOfLength = 0;
+        PKIX_UInt32 idLen = 0;
+        const unsigned char *msgBuf = NULL;
+        PKIX_PL_LdapRequest *ldapRq = NULL;
+
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext),
+                    PKIX_OBJECTNOTLDAPREQUEST);
+
+        ldapRq = (PKIX_PL_LdapRequest *)object;
+
+        *pHashcode = 0;
+
+        /*
+         * Two requests that differ only in msgnum are a match! Therefore,
+         * start hashcoding beyond the encoded messageID field.
+         */
+        if (ldapRq->encoded) {
+                msgBuf = (const unsigned char *)ldapRq->encoded->data;
+                /* Is message length short form (one octet) or long form? */
+                if ((msgBuf[1] & 0x80) != 0) {
+                        sizeOfLength = msgBuf[1] & 0x7F;
+                        for (dindex = 0; dindex < sizeOfLength; dindex++) {
+                                dataLen = (dataLen << 8) + msgBuf[dindex + 2];
+                        }
+                } else {
+                        dataLen = msgBuf[1];
+                }
+
+                /* How many bytes for the messageID? (Assume short form) */
+                idLen = msgBuf[dindex + 3] + 2;
+                dindex += idLen;
+                dataLen -= idLen;
+                msgBuf = &msgBuf[dindex + 2];
+
+                PKIX_CHECK(pkix_hash(msgBuf, dataLen, pHashcode, plContext),
+                        PKIX_HASHFAILED);
+        }
+
+cleanup:
+
+        PKIX_RETURN(LDAPREQUEST);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapRequest_Equals(
+        PKIX_PL_Object *firstObj,
+        PKIX_PL_Object *secondObj,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_LdapRequest *firstReq = NULL;
+        PKIX_PL_LdapRequest *secondReq = NULL;
+        PKIX_UInt32 secondType = 0;
+        PKIX_UInt32 firstLen = 0;
+        const unsigned char *firstData = NULL;
+        const unsigned char *secondData = NULL;
+        PKIX_UInt32 sizeOfLength = 0;
+        PKIX_UInt32 dindex = 0;
+        PKIX_UInt32 i = 0;
+
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Equals");
+        PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
+
+        /* test that firstObj is a LdapRequest */
+        PKIX_CHECK(pkix_CheckType(firstObj, PKIX_LDAPREQUEST_TYPE, plContext),
+                    PKIX_FIRSTOBJARGUMENTNOTLDAPREQUEST);
+
+        /*
+         * Since we know firstObj is a LdapRequest, if both references are
+         * identical, they must be equal
+         */
+        if (firstObj == secondObj){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObj isn't a LdapRequest, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObj, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_LDAPREQUEST_TYPE) {
+                goto cleanup;
+        }
+
+        firstReq = (PKIX_PL_LdapRequest *)firstObj;
+        secondReq = (PKIX_PL_LdapRequest *)secondObj;
+
+        /* If either lacks an encoded string, they cannot be compared */
+        if (!(firstReq->encoded) || !(secondReq->encoded)) {
+                goto cleanup;
+        }
+
+        if (firstReq->encoded->len != secondReq->encoded->len) {
+                goto cleanup;
+        }
+
+        firstData = (const unsigned char *)firstReq->encoded->data;
+        secondData = (const unsigned char *)secondReq->encoded->data;
+
+        /*
+         * Two requests that differ only in msgnum are equal! Therefore,
+         * start the byte comparison beyond the encoded messageID field.
+         */
+
+        /* Is message length short form (one octet) or long form? */
+        if ((firstData[1] & 0x80) != 0) {
+                sizeOfLength = firstData[1] & 0x7F;
+                for (dindex = 0; dindex < sizeOfLength; dindex++) {
+                        firstLen = (firstLen << 8) + firstData[dindex + 2];
+                }
+        } else {
+                firstLen = firstData[1];
+        }
+
+        /* How many bytes for the messageID? (Assume short form) */
+        i = firstData[dindex + 3] + 2;
+        dindex += i;
+        firstLen -= i;
+        firstData = &firstData[dindex + 2];
+
+        /*
+         * In theory, we have to calculate where the second message data
+         * begins by checking its length encodings. But if these messages
+         * are equal, we can re-use the calculation we already did. If they
+         * are not equal, the byte comparisons will surely fail.
+         */
+
+        secondData = &secondData[dindex + 2];
+        
+        for (i = 0; i < firstLen; i++) {
+                if (firstData[i] != secondData[i]) {
+                        goto cleanup;
+                }
+        }
+
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(LDAPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_LDAPREQUEST_TYPE and its related functions with
+ *  systemClasses[]
+ * PARAMETERS:
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_LdapRequest_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_RegisterSelf");
+
+        entry.description = "LdapRequest";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_LdapRequest);
+        entry.destructor = pkix_pl_LdapRequest_Destroy;
+        entry.equalsFunction = pkix_pl_LdapRequest_Equals;
+        entry.hashcodeFunction = pkix_pl_LdapRequest_Hashcode;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_LDAPREQUEST_TYPE] = entry;
+
+        PKIX_RETURN(LDAPREQUEST);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_Create
+ * DESCRIPTION:
+ *
+ *  This function creates an LdapRequest using the PLArenaPool pointed to by
+ *  "arena", a message number whose value is "msgnum", a base object pointed to
+ *  by "issuerDN", a scope whose value is "scope", a derefAliases flag whose
+ *  value is "derefAliases", a sizeLimit whose value is "sizeLimit", a timeLimit
+ *  whose value is "timeLimit", an attrsOnly flag whose value is "attrsOnly", a
+ *  filter whose value is "filter", and attribute bits whose value is
+ *  "attrBits"; storing the result at "pRequestMsg".
+ *
+ *  See pkix_pl_ldaptemplates.c (and below) for the ASN.1 representation of
+ *  message components, and see pkix_pl_ldapt.h for data types.
+ *
+ * PARAMETERS
+ *  "arena"
+ *      The address of the PLArenaPool to be used in the encoding. Must be
+ *      non-NULL.
+ *  "msgnum"
+ *      The UInt32 message number to be used for the messageID component of the
+ *      LDAP message exchange.
+ *  "issuerDN"
+ *      The address of the string to be used for the baseObject component of the
+ *      LDAP SearchRequest message. Must be non-NULL.
+ *  "scope"
+ *      The (enumerated) ScopeType to be used for the scope component of the
+ *      LDAP SearchRequest message
+ *  "derefAliases"
+ *      The (enumerated) DerefType to be used for the derefAliases component of
+ *      the LDAP SearchRequest message
+ *  "sizeLimit"
+ *      The UInt32 value to be used for the sizeLimit component of the LDAP
+ *      SearchRequest message
+ *  "timeLimit"
+ *      The UInt32 value to be used for the timeLimit component of the LDAP
+ *      SearchRequest message
+ *  "attrsOnly"
+ *      The Boolean value to be used for the attrsOnly component of the LDAP
+ *      SearchRequest message
+ *  "filter"
+ *      The filter to be used for the filter component of the LDAP
+ *      SearchRequest message
+ *  "attrBits"
+ *      The LdapAttrMask bits indicating the attributes to be included in the
+ *      attributes sequence of the LDAP SearchRequest message
+ *  "pRequestMsg"
+ *      The address at which the address of the LdapRequest is stored. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapRequest Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+/*
+ * SearchRequest ::=
+ *      [APPLICATION 3] SEQUENCE {
+ *              baseObject      LDAPDN,
+ *              scope           ENUMERATED {
+ *                                      baseObject              (0),
+ *                                      singleLevel             (1),
+ *                                      wholeSubtree            (2)
+ *                              },
+ *              derefAliases    ENUMERATED {
+ *                                      neverDerefAliases       (0),
+ *                                      derefInSearching        (1),
+ *                                      derefFindingBaseObj     (2),
+ *                                      alwaysDerefAliases      (3)
+ *                              },
+ *              sizeLimit       INTEGER (0 .. MAXINT),
+ *                              -- value of 0 implies no sizeLimit
+ *              timeLimit       INTEGER (0 .. MAXINT),
+ *                              -- value of 0 implies no timeLimit
+ *              attrsOnly       BOOLEAN,
+ *                              -- TRUE, if only attributes (without values)
+ *                              -- to be returned
+ *              filter          Filter,
+ *              attributes      SEQUENCE OF AttributeType
+ *      }
+ *
+ * Filter ::=
+ *      CHOICE {
+ *              and             [0] SET OF Filter,
+ *              or              [1] SET OF Filter,
+ *              not             [2] Filter,
+ *              equalityMatch   [3] AttributeValueAssertion,
+ *              substrings      [4] SubstringFilter,
+ *              greaterOrEqual  [5] AttributeValueAssertion,
+ *              lessOrEqual     [6] AttributeValueAssertion,
+ *              present         [7] AttributeType,
+ *              approxMatch     [8] AttributeValueAssertion
+ *      }
+ *
+ * SubstringFilter ::=
+ *      SEQUENCE {
+ *              type            AttributeType,
+ *              SEQUENCE OF CHOICE {
+ *                      initial [0] LDAPString,
+ *                      any     [1] LDAPString,
+ *                      final   [2] LDAPString,
+ *              }
+ *      }
+ *
+ * AttributeValueAssertion ::=
+ *      SEQUENCE {
+ *              attributeType   AttributeType,
+ *              attributeValue  AttributeValue,
+ *      }
+ *
+ * AttributeValue ::= OCTET STRING
+ *
+ * AttributeType ::= LDAPString
+ *               -- text name of the attribute, or dotted
+ *               -- OID representation
+ *
+ * LDAPDN ::= LDAPString
+ *
+ * LDAPString ::= OCTET STRING
+ *
+ */
+PKIX_Error *
+pkix_pl_LdapRequest_Create(
+        PLArenaPool *arena,
+        PKIX_UInt32 msgnum,
+        char *issuerDN,
+        ScopeType scope,
+        DerefType derefAliases,
+        PKIX_UInt32 sizeLimit,
+        PKIX_UInt32 timeLimit,
+        char attrsOnly,
+        LDAPFilter *filter,
+        LdapAttrMask attrBits,
+        PKIX_PL_LdapRequest **pRequestMsg,
+        void *plContext)
+{
+        LDAPMessage msg;
+        LDAPSearch *search;
+        PKIX_PL_LdapRequest *ldapRequest = NULL;
+        char scopeTypeAsChar;
+        char derefAliasesTypeAsChar;
+        SECItem *attrArray[MAX_LDAPATTRS + 1];
+
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Create");
+        PKIX_NULLCHECK_THREE(arena, issuerDN, pRequestMsg);
+
+        /* create a PKIX_PL_LdapRequest object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_LDAPREQUEST_TYPE,
+                    sizeof (PKIX_PL_LdapRequest),
+                    (PKIX_PL_Object **)&ldapRequest,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        ldapRequest->arena = arena;
+        ldapRequest->msgnum = msgnum;
+        ldapRequest->issuerDN = issuerDN;
+        ldapRequest->scope = scope;
+        ldapRequest->derefAliases = derefAliases;
+        ldapRequest->sizeLimit = sizeLimit;
+        ldapRequest->timeLimit = timeLimit;
+        ldapRequest->attrsOnly = attrsOnly;
+        ldapRequest->filter = filter;
+        ldapRequest->attrBits = attrBits;
+
+        ldapRequest->attrArray = attrArray;
+
+        PKIX_CHECK(pkix_pl_LdapRequest_EncodeAttrs
+                (ldapRequest, plContext),
+                PKIX_LDAPREQUESTENCODEATTRSFAILED);
+
+        PKIX_PL_NSSCALL
+                (LDAPREQUEST, PORT_Memset, (&msg, 0, sizeof (LDAPMessage)));
+
+        msg.messageID.type = siUnsignedInteger;
+        msg.messageID.data = (void*)&msgnum;
+        msg.messageID.len = sizeof (msgnum);
+
+        msg.protocolOp.selector = LDAP_SEARCH_TYPE;
+
+        search = &(msg.protocolOp.op.searchMsg);
+
+        search->baseObject.type = siAsciiString;
+        search->baseObject.data = (void *)issuerDN;
+        search->baseObject.len = PL_strlen(issuerDN);
+        scopeTypeAsChar = (char)scope;
+        search->scope.type = siUnsignedInteger;
+        search->scope.data = (void *)&scopeTypeAsChar;
+        search->scope.len = sizeof (scopeTypeAsChar);
+        derefAliasesTypeAsChar = (char)derefAliases;
+        search->derefAliases.type = siUnsignedInteger;
+        search->derefAliases.data =
+                (void *)&derefAliasesTypeAsChar;
+        search->derefAliases.len =
+                sizeof (derefAliasesTypeAsChar);
+        search->sizeLimit.type = siUnsignedInteger;
+        search->sizeLimit.data = (void *)&sizeLimit;
+        search->sizeLimit.len = sizeof (PKIX_UInt32);
+        search->timeLimit.type = siUnsignedInteger;
+        search->timeLimit.data = (void *)&timeLimit;
+        search->timeLimit.len = sizeof (PKIX_UInt32);
+        search->attrsOnly.type = siBuffer;
+        search->attrsOnly.data = (void *)&attrsOnly;
+        search->attrsOnly.len = sizeof (attrsOnly);
+
+        PKIX_PL_NSSCALL
+                (LDAPREQUEST,
+                PORT_Memcpy,
+                (&search->filter, filter, sizeof (LDAPFilter)));
+
+        search->attributes = attrArray;
+
+        PKIX_PL_NSSCALLRV
+                (LDAPREQUEST, ldapRequest->encoded, SEC_ASN1EncodeItem,
+                (arena, NULL, (void *)&msg, PKIX_PL_LDAPMessageTemplate));
+
+        if (!(ldapRequest->encoded)) {
+                PKIX_ERROR(PKIX_FAILEDINENCODINGSEARCHREQUEST);
+        }
+
+        *pRequestMsg = ldapRequest;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(ldapRequest);
+        }
+
+        PKIX_RETURN(LDAPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapRequest_GetEncoded
+ * DESCRIPTION:
+ *
+ *  This function obtains the encoded message from the LdapRequest pointed to
+ *  by "request", storing the result at "pRequestBuf".
+ *
+ * PARAMETERS
+ *  "request"
+ *      The address of the LdapRequest whose encoded message is to be
+ *      retrieved. Must be non-NULL.
+ *  "pRequestBuf"
+ *      The address at which is stored the address of the encoded message. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapRequest Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapRequest_GetEncoded(
+        PKIX_PL_LdapRequest *request,
+        SECItem **pRequestBuf,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_GetEncoded");
+        PKIX_NULLCHECK_TWO(request, pRequestBuf);
+
+        *pRequestBuf = request->encoded;
+
+        PKIX_RETURN(LDAPREQUEST);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h
new file mode 100644
index 0000000..1d05a94
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.h
@@ -0,0 +1,86 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldaprequest.h
+ *
+ * LdapRequest Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_LDAPREQUEST_H
+#define _PKIX_PL_LDAPREQUEST_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+        USER_CERT,
+        CA_CERT,
+        CROSS_CERT,
+        CRL,
+        ARL,
+        DELTA_CRL
+} PKIX_PL_LdapAttr;
+
+struct PKIX_PL_LdapRequestStruct{
+        PLArenaPool *arena;
+        PKIX_UInt32 msgnum;
+        char *issuerDN;
+        ScopeType scope;
+        DerefType derefAliases;
+        PKIX_UInt32 sizeLimit;
+        PKIX_UInt32 timeLimit;
+        char attrsOnly;
+        LDAPFilter *filter;
+        LdapAttrMask attrBits;
+        SECItem attributes[MAX_LDAPATTRS];
+        SECItem **attrArray;
+        SECItem *encoded;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_LdapRequest_Create(
+        PLArenaPool *arena,
+        PKIX_UInt32 msgnum,
+        char *issuerDN,
+        ScopeType scope,
+        DerefType derefAliases,
+        PKIX_UInt32 sizeLimit,
+        PKIX_UInt32 timeLimit,
+        char attrsOnly,
+        LDAPFilter *filter,
+        LdapAttrMask attrBits,
+        PKIX_PL_LdapRequest **pRequestMsg,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapRequest_AttrTypeToBit(
+        SECItem *attrType,
+        LdapAttrMask *pAttrBit,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapRequest_AttrStringToBit(
+        char *attrString,
+        LdapAttrMask *pAttrBit,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapRequest_GetEncoded(
+        PKIX_PL_LdapRequest *request,
+        SECItem **pRequestBuf,
+        void *plContext);
+
+PKIX_Error *pkix_pl_LdapRequest_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_LDAPREQUEST_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c
new file mode 100644
index 0000000..cd2543f
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c
@@ -0,0 +1,786 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldapresponse.c
+ *
+ */
+
+#include <fcntl.h>
+#include "pkix_pl_ldapresponse.h"
+
+/* --Private-LdapResponse-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapResponse_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_LdapResponse *ldapRsp = NULL;
+        LDAPMessage *m = NULL;
+        LDAPSearchResponseEntry *entry = NULL;
+        LDAPSearchResponseResult *result = NULL;
+        LDAPSearchResponseAttr **attributes = NULL;
+        LDAPSearchResponseAttr *attr = NULL;
+        SECItem **valp = NULL;
+        SECItem *val = NULL;
+
+        PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPRESPONSE_TYPE, plContext),
+                    PKIX_OBJECTNOTLDAPRESPONSE);
+
+        ldapRsp = (PKIX_PL_LdapResponse *)object;
+
+        m = &ldapRsp->decoded;
+
+        if (m->messageID.data != NULL) {
+                PR_Free(m->messageID.data);
+        }
+
+        if (m->protocolOp.selector ==
+                LDAP_SEARCHRESPONSEENTRY_TYPE) {
+                entry = &m->protocolOp.op.searchResponseEntryMsg;
+                if (entry->objectName.data != NULL) {
+                        PR_Free(entry->objectName.data);
+                }
+                if (entry->attributes != NULL) {
+                        for (attributes = entry->attributes;
+                                *attributes != NULL;
+                                attributes++) {
+                                attr = *attributes;
+                                PR_Free(attr->attrType.data);
+                                for (valp = attr->val; *valp != NULL; valp++) {
+                                        val = *valp;
+                                        if (val->data != NULL) {
+                                                PR_Free(val->data);
+                                        }
+                                        PR_Free(val);
+                                }
+                                PR_Free(attr->val);
+                                PR_Free(attr);
+                        }
+                        PR_Free(entry->attributes);
+                }
+        } else if (m->protocolOp.selector ==
+                LDAP_SEARCHRESPONSERESULT_TYPE) {
+                result = &m->protocolOp.op.searchResponseResultMsg;
+                if (result->resultCode.data != NULL) {
+                        PR_Free(result->resultCode.data);
+                }
+        }
+
+        PKIX_FREE(ldapRsp->derEncoded.data);
+
+cleanup:
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapResponse_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_UInt32 dataLen = 0;
+        PKIX_UInt32 dindex = 0;
+        PKIX_UInt32 sizeOfLength = 0;
+        PKIX_UInt32 idLen = 0;
+        const unsigned char *msgBuf = NULL;
+        PKIX_PL_LdapResponse *ldapRsp = NULL;
+
+        PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPRESPONSE_TYPE, plContext),
+                    PKIX_OBJECTNOTLDAPRESPONSE);
+
+        ldapRsp = (PKIX_PL_LdapResponse *)object;
+
+        *pHashcode = 0;
+
+        /*
+         * Two responses that differ only in msgnum are a match! Therefore,
+         * start hashcoding beyond the encoded messageID field.
+         */
+        if (ldapRsp->derEncoded.data) {
+                msgBuf = (const unsigned char *)ldapRsp->derEncoded.data;
+                /* Is message length short form (one octet) or long form? */
+                if ((msgBuf[1] & 0x80) != 0) {
+                        sizeOfLength = msgBuf[1] & 0x7F;
+                        for (dindex = 0; dindex < sizeOfLength; dindex++) {
+                                dataLen = (dataLen << 8) + msgBuf[dindex + 2];
+                        }
+                } else {
+                        dataLen = msgBuf[1];
+                }
+
+                /* How many bytes for the messageID? (Assume short form) */
+                idLen = msgBuf[dindex + 3] + 2;
+                dindex += idLen;
+                dataLen -= idLen;
+                msgBuf = &msgBuf[dindex + 2];
+
+                PKIX_CHECK(pkix_hash(msgBuf, dataLen, pHashcode, plContext),
+                        PKIX_HASHFAILED);
+        }
+
+cleanup:
+
+        PKIX_RETURN(LDAPRESPONSE);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_LdapResponse_Equals(
+        PKIX_PL_Object *firstObj,
+        PKIX_PL_Object *secondObj,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_LdapResponse *rsp1 = NULL;
+        PKIX_PL_LdapResponse *rsp2 = NULL;
+        PKIX_UInt32 secondType = 0;
+        PKIX_UInt32 firstLen = 0;
+        const unsigned char *firstData = NULL;
+        const unsigned char *secondData = NULL;
+        PKIX_UInt32 sizeOfLength = 0;
+        PKIX_UInt32 dindex = 0;
+        PKIX_UInt32 i = 0;
+
+        PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_Equals");
+        PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
+
+        /* test that firstObj is a LdapResponse */
+        PKIX_CHECK(pkix_CheckType(firstObj, PKIX_LDAPRESPONSE_TYPE, plContext),
+                    PKIX_FIRSTOBJARGUMENTNOTLDAPRESPONSE);
+
+        /*
+         * Since we know firstObj is a LdapResponse, if both references are
+         * identical, they must be equal
+         */
+        if (firstObj == secondObj){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObj isn't a LdapResponse, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType(secondObj, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_LDAPRESPONSE_TYPE) {
+                goto cleanup;
+        }
+
+        rsp1 = (PKIX_PL_LdapResponse *)firstObj;
+        rsp2 = (PKIX_PL_LdapResponse *)secondObj;
+
+        /* If either lacks an encoded string, they cannot be compared */
+        if (!(rsp1->derEncoded.data) || !(rsp2->derEncoded.data)) {
+                goto cleanup;
+        }
+
+        if (rsp1->derEncoded.len != rsp2->derEncoded.len) {
+                goto cleanup;
+        }
+
+        firstData = (const unsigned char *)rsp1->derEncoded.data;
+        secondData = (const unsigned char *)rsp2->derEncoded.data;
+
+        /*
+         * Two responses that differ only in msgnum are equal! Therefore,
+         * start the byte comparison beyond the encoded messageID field.
+         */
+
+        /* Is message length short form (one octet) or long form? */
+        if ((firstData[1] & 0x80) != 0) {
+                sizeOfLength = firstData[1] & 0x7F;
+                for (dindex = 0; dindex < sizeOfLength; dindex++) {
+                        firstLen = (firstLen << 8) + firstData[dindex + 2];
+                }
+        } else {
+                firstLen = firstData[1];
+        }
+
+        /* How many bytes for the messageID? (Assume short form) */
+        i = firstData[dindex + 3] + 2;
+        dindex += i;
+        firstLen -= i;
+        firstData = &firstData[dindex + 2];
+
+        /*
+         * In theory, we have to calculate where the second message data
+         * begins by checking its length encodings. But if these messages
+         * are equal, we can re-use the calculation we already did. If they
+         * are not equal, the byte comparisons will surely fail.
+         */
+
+        secondData = &secondData[dindex + 2];
+        
+        for (i = 0; i < firstLen; i++) {
+                if (firstData[i] != secondData[i]) {
+                        goto cleanup;
+                }
+        }
+
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_LDAPRESPONSE_TYPE and its related functions with
+ *  systemClasses[]
+ * PARAMETERS:
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(LDAPRESPONSE, "pkix_pl_LdapResponse_RegisterSelf");
+
+        entry.description = "LdapResponse";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_LdapResponse);
+        entry.destructor = pkix_pl_LdapResponse_Destroy;
+        entry.equalsFunction = pkix_pl_LdapResponse_Equals;
+        entry.hashcodeFunction = pkix_pl_LdapResponse_Hashcode;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_LDAPRESPONSE_TYPE] = entry;
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_Create
+ * DESCRIPTION:
+ *
+ *  This function creates an LdapResponse for the LDAPMessageType provided in
+ *  "responseType" and a buffer capacity provided by "totalLength". It copies
+ *  into its buffer either "totalLength" or "bytesAvailable" bytes, whichever
+ *  is less, from the buffer pointed to by "partialData", storing the number of
+ *  bytes copied at "pBytesConsumed" and storing the address of the LdapResponse
+ *  at "pLdapResponse".
+ *
+ *  If a message is complete in a single I/O buffer, the LdapResponse will be
+ *  complete when this function returns. If the message carries over into
+ *  additional buffers, their contents will be added to the LdapResponse by
+ *  susequent calls to pkix_pl_LdapResponse_Append.
+ *
+ * PARAMETERS
+ *  "responseType"
+ *      The value of the message type (LDAP_SEARCHRESPONSEENTRY_TYPE or
+ *      LDAP_SEARCHRESPONSERESULT_TYPE) for the LdapResponse being created
+ *  "totalLength"
+ *      The UInt32 value for the total length of the encoded message to be
+ *      stored in the LdapResponse
+ *  "bytesAvailable"
+ *      The UInt32 value for the number of bytes of data available in the
+ *      current buffer.
+ *  "partialData"
+ *      The address from which data is to be copied.
+ *  "pBytesConsumed"
+ *      The address at which is stored the UInt32 number of bytes taken from the
+ *      current buffer. If this number is less than "bytesAvailable", then bytes
+ *      remain in the buffer for the next LdapResponse. Must be non-NULL.
+ *  "pLdapResponse"
+ *      The address where the created LdapResponse is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_Create(
+        LDAPMessageType responseType,
+        PKIX_UInt32 totalLength,
+        PKIX_UInt32 bytesAvailable,
+        void *partialData,
+        PKIX_UInt32 *pBytesConsumed,
+        PKIX_PL_LdapResponse **pLdapResponse,
+        void *plContext)
+{
+        PKIX_UInt32 bytesConsumed = 0;
+        PKIX_PL_LdapResponse *ldapResponse = NULL;
+        void *data = NULL;
+
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_Create");
+        PKIX_NULLCHECK_ONE(pLdapResponse);
+
+        if (bytesAvailable <= totalLength) {
+                bytesConsumed = bytesAvailable;
+        } else {
+                bytesConsumed = totalLength;
+        }
+
+        /* create a PKIX_PL_LdapResponse object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_LDAPRESPONSE_TYPE,
+                    sizeof (PKIX_PL_LdapResponse),
+                    (PKIX_PL_Object **)&ldapResponse,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        ldapResponse->decoded.protocolOp.selector = responseType;
+        ldapResponse->totalLength = totalLength;
+        ldapResponse->partialLength = bytesConsumed;
+
+        if (totalLength != 0){
+                /* Alloc space for array */
+                PKIX_NULLCHECK_ONE(partialData);
+
+                PKIX_CHECK(PKIX_PL_Malloc
+                    (totalLength,
+                    &data,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+                PKIX_PL_NSSCALL
+                    (LDAPRESPONSE,
+                    PORT_Memcpy,
+                    (data, partialData, bytesConsumed));
+        }
+
+        ldapResponse->derEncoded.type = siBuffer;
+        ldapResponse->derEncoded.data = data;
+        ldapResponse->derEncoded.len = totalLength;
+        *pBytesConsumed = bytesConsumed;
+        *pLdapResponse = ldapResponse;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(ldapResponse);
+        }
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_Append
+ * DESCRIPTION:
+ *
+ *  This function updates the LdapResponse pointed to by "response" with up to
+ *  "incrLength" from the buffer pointer to by "incrData", storing the number of
+ *  bytes copied at "pBytesConsumed".
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the LdapResponse being updated. Must be non-zero.
+ *  "incrLength"
+ *      The UInt32 value for the number of bytes of data available in the
+ *      current buffer.
+ *  "incrData"
+ *      The address from which data is to be copied.
+ *  "pBytesConsumed"
+ *      The address at which is stored the UInt32 number of bytes taken from the
+ *      current buffer. If this number is less than "incrLength", then bytes
+ *      remain in the buffer for the next LdapResponse. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_Append(
+        PKIX_PL_LdapResponse *response,
+        PKIX_UInt32 incrLength,
+        void *incrData,
+        PKIX_UInt32 *pBytesConsumed,
+        void *plContext)
+{
+        PKIX_UInt32 newPartialLength = 0;
+        PKIX_UInt32 bytesConsumed = 0;
+        void *dest = NULL;
+
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_Append");
+        PKIX_NULLCHECK_TWO(response, pBytesConsumed);
+
+        if (incrLength > 0) {
+
+                /* Calculate how many bytes we have room for. */
+                bytesConsumed =
+                        response->totalLength - response->partialLength;
+
+                if (bytesConsumed > incrLength) {
+                        bytesConsumed = incrLength;
+                }
+
+                newPartialLength = response->partialLength + bytesConsumed;
+
+                PKIX_NULLCHECK_ONE(incrData);
+
+                dest = &(((char *)response->derEncoded.data)[
+                        response->partialLength]);
+
+                PKIX_PL_NSSCALL
+                        (LDAPRESPONSE,
+                        PORT_Memcpy,
+                        (dest, incrData, bytesConsumed));
+
+                response->partialLength = newPartialLength;
+        }
+
+        *pBytesConsumed = bytesConsumed;
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_IsComplete
+ * DESCRIPTION:
+ *
+ *  This function determines whether the LdapResponse pointed to by "response"
+ *  contains all the data called for by the "totalLength" parameter provided
+ *  when it was created, storing PKIX_TRUE at "pIsComplete" if so, and
+ *  PKIX_FALSE otherwise.
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the LdapResponse being evaluaTED. Must be non-zero.
+ *  "incrLength"
+ *      The UInt32 value for the number of bytes of data available in the
+ *      current buffer.
+ *  "incrData"
+ *      The address from which data is to be copied.
+ *  "pIsComplete"
+ *      The address at which is stored the Boolean indication of whether the
+ *      LdapResponse is complete. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_IsComplete(
+        PKIX_PL_LdapResponse *response,
+        PKIX_Boolean *pIsComplete,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_IsComplete");
+        PKIX_NULLCHECK_TWO(response, pIsComplete);
+
+        if (response->totalLength == response->partialLength) {
+                *pIsComplete = PKIX_TRUE;
+        } else {
+                *pIsComplete = PKIX_FALSE;
+        }
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_Decode
+ * DESCRIPTION:
+ *
+ *  This function decodes the DER data contained in the LdapResponse pointed to
+ *  by "response", using the arena pointed to by "arena", and storing at
+ *  "pStatus" SECSuccess if the decoding was successful and SECFailure
+ *  otherwise. The decoded message is stored in an element of "response".
+ *
+ * PARAMETERS
+ *  "arena"
+ *      The address of the PLArenaPool to be used in the decoding. Must be
+ *      non-NULL.
+ *  "response"
+ *      The address of the LdapResponse whose DER data is to be decoded. Must
+ *      be non-NULL.
+ *  "pStatus"
+ *      The address at which is stored the status from the decoding, SECSuccess
+ *      if successful, SECFailure otherwise. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_Decode(
+        PLArenaPool *arena,
+        PKIX_PL_LdapResponse *response,
+        SECStatus *pStatus,
+        void *plContext)
+{
+        LDAPMessage *msg;
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_Decode");
+        PKIX_NULLCHECK_THREE(arena, response, pStatus);
+
+        if (response->totalLength != response->partialLength) {
+                PKIX_ERROR(PKIX_ATTEMPTTODECODEANINCOMPLETERESPONSE);
+        }
+
+        msg = &(response->decoded);
+
+        PKIX_PL_NSSCALL
+                (LDAPRESPONSE, PORT_Memset, (msg, 0, sizeof (LDAPMessage)));
+
+        PKIX_PL_NSSCALLRV(LDAPRESPONSE, rv, SEC_ASN1DecodeItem,
+            (NULL, msg, PKIX_PL_LDAPMessageTemplate, &(response->derEncoded)));
+
+        *pStatus = rv;
+cleanup:
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_GetMessage
+ * DESCRIPTION:
+ *
+ *  This function obtains the decoded message from the LdapResponse pointed to
+ *  by "response", storing the result at "pMessage".
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the LdapResponse whose decoded message is to be
+ *      retrieved. Must be non-NULL.
+ *  "pMessage"
+ *      The address at which is stored the address of the decoded message. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_GetMessage(
+        PKIX_PL_LdapResponse *response,
+        LDAPMessage **pMessage,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetMessage");
+        PKIX_NULLCHECK_TWO(response, pMessage);
+
+        *pMessage = &response->decoded;
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_GetCapacity
+ * DESCRIPTION:
+ *
+ *  This function obtains from the LdapResponse pointed to by "response" the
+ *  number of bytes remaining to be read, based on the totalLength that was
+ *  provided to LdapResponse_Create and the data subsequently provided to
+ *  LdapResponse_Append, storing the result at "pMessage".
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the LdapResponse whose remaining capacity is to be
+ *      retrieved. Must be non-NULL.
+ *  "pCapacity"
+ *      The address at which is stored the address of the decoded message. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_GetCapacity(
+        PKIX_PL_LdapResponse *response,
+        PKIX_UInt32 *pCapacity,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetCapacity");
+        PKIX_NULLCHECK_TWO(response, pCapacity);
+
+        *pCapacity = response->totalLength - response->partialLength;
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_GetMessageType
+ * DESCRIPTION:
+ *
+ *  This function obtains the message type from the LdapResponse pointed to
+ *  by "response", storing the result at "pMessageType".
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the LdapResponse whose message type is to be
+ *      retrieved. Must be non-NULL.
+ *  "pMessageType" 
+ *      The address at which is stored the type of the response message. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_GetMessageType(
+        PKIX_PL_LdapResponse *response,
+        LDAPMessageType *pMessageType,
+        void *plContext)
+{
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetMessageType");
+        PKIX_NULLCHECK_TWO(response, pMessageType);
+
+        *pMessageType = response->decoded.protocolOp.selector;
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_GetResultCode
+ * DESCRIPTION:
+ *
+ *  This function obtains the result code from the LdapResponse pointed to
+ *  by "response", storing the result at "pResultCode".
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the LdapResponse whose result code is to be
+ *      retrieved. Must be non-NULL.
+ *  "pResultCode"
+ *      The address at which is stored the address of the decoded message. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_GetResultCode(
+        PKIX_PL_LdapResponse *response,
+        LDAPResultCode *pResultCode,
+        void *plContext)
+{
+        LDAPMessageType messageType = 0;
+        LDAPSearchResponseResult *resultMsg = NULL;
+
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetResultCode");
+        PKIX_NULLCHECK_TWO(response, pResultCode);
+
+        messageType = response->decoded.protocolOp.selector;
+
+        if (messageType != LDAP_SEARCHRESPONSERESULT_TYPE) {
+                PKIX_ERROR(PKIX_GETRESULTCODECALLEDFORNONRESULTMESSAGE);
+        }
+
+        resultMsg = &response->decoded.protocolOp.op.searchResponseResultMsg;
+
+        *pResultCode = *(resultMsg->resultCode.data);
+
+cleanup:
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_LdapResponse_GetAttributes
+ * DESCRIPTION:
+ *
+ *  This function obtains the attributes from the LdapResponse pointed to
+ *  by "response", storing the result at "pAttributes".
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the LdapResponse whose decoded message is to be
+ *      retrieved. Must be non-NULL.
+ *  "pAttributes"
+ *      The address at which is stored the attributes of the message. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an LdapResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_LdapResponse_GetAttributes(
+        PKIX_PL_LdapResponse *response,
+        LDAPSearchResponseAttr ***pAttributes,
+        void *plContext)
+{
+        LDAPMessageType messageType = 0;
+
+        PKIX_ENTER(LDAPRESPONSE, "PKIX_PL_LdapResponse_GetResultCode");
+        PKIX_NULLCHECK_TWO(response, pAttributes);
+
+        messageType = response->decoded.protocolOp.selector;
+
+        if (messageType != LDAP_SEARCHRESPONSEENTRY_TYPE) {
+                PKIX_ERROR(PKIX_GETATTRIBUTESCALLEDFORNONENTRYMESSAGE);
+        }
+
+        *pAttributes = response->
+                decoded.protocolOp.op.searchResponseEntryMsg.attributes;
+
+cleanup:
+
+        PKIX_RETURN(LDAPRESPONSE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h
new file mode 100644
index 0000000..37dc916
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.h
@@ -0,0 +1,96 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ldapresponse.h
+ *
+ * LdapResponse Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_LDAPRESPONSE_H
+#define _PKIX_PL_LDAPRESPONSE_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_LdapResponseStruct{
+        LDAPMessage decoded;
+        PKIX_UInt32 partialLength;
+        PKIX_UInt32 totalLength;
+        SECItem derEncoded;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_LdapResponse_Create(
+        LDAPMessageType responseType,
+        PKIX_UInt32 totalLength,
+        PKIX_UInt32 bytesAvailable,
+        void *partialData,
+        PKIX_UInt32 *pBytesConsumed,
+        PKIX_PL_LdapResponse **pResponse,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_Append(
+        PKIX_PL_LdapResponse *response,
+        PKIX_UInt32 partialLength,
+        void *partialData,
+        PKIX_UInt32 *bytesConsumed,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_IsComplete(
+        PKIX_PL_LdapResponse *response,
+        PKIX_Boolean *pIsComplete,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_Decode(
+        PLArenaPool *arena,
+        PKIX_PL_LdapResponse *response,
+        SECStatus *pStatus,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_GetMessage(
+        PKIX_PL_LdapResponse *response,
+        LDAPMessage **pMessage,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_GetMessageType(
+        PKIX_PL_LdapResponse *response,
+        LDAPMessageType *pMessageType,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_GetCapacity(
+        PKIX_PL_LdapResponse *response,
+        PKIX_UInt32 *pCapacity,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_GetResultCode(
+        PKIX_PL_LdapResponse *response,
+        LDAPResultCode *pResultCode,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_LdapResponse_GetAttributes(
+        PKIX_PL_LdapResponse *response,
+        LDAPSearchResponseAttr ***pAttributes,
+        void *plContext);
+
+PKIX_Error *pkix_pl_LdapResponse_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_LDAPRESPONSE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h
new file mode 100644
index 0000000..5398036
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapt.h
@@ -0,0 +1,314 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _LDAP_H_
+#define _LDAP_H_
+
+#include "certt.h"
+#include "pkixt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[];
+SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPCrossCertPairTemplate)
+extern const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[];
+SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPMessageTemplate)
+extern const SEC_ASN1Template LDAPFilterTemplate[];
+SEC_ASN1_CHOOSER_DECLARE(LDAPFilterTemplate)
+
+/* ********************************************************************** */
+
+#define SEC_ASN1_LDAP_STRING SEC_ASN1_OCTET_STRING
+
+#define LDAPATTR_CACERT         (1<<0)
+#define LDAPATTR_USERCERT       (1<<1)
+#define LDAPATTR_CROSSPAIRCERT  (1<<2)
+#define LDAPATTR_CERTREVLIST    (1<<3)
+#define LDAPATTR_AUTHREVLIST    (1<<4)
+#define MAX_LDAPATTRS                   5
+typedef PKIX_UInt32 LdapAttrMask;
+
+typedef enum {
+        SIMPLE_AUTH                     = 0,
+        KRBV42LDAP_AUTH                 = 1,
+        KRBV42DSA_AUTH                  = 2
+} AuthType;
+
+typedef enum {
+        BASE_OBJECT                     = 0,
+        SINGLE_LEVEL                    = 1,
+        WHOLE_SUBTREE                   = 2
+} ScopeType;
+
+typedef enum {
+        NEVER_DEREF                     = 0,
+        DEREF_IN_SEARCHING              = 1,
+        DEREF_FINDING_BASEOBJ           = 2,
+        ALWAYS_DEREF                    = 3
+} DerefType;
+
+typedef enum {
+        LDAP_INITIALSUBSTRING_TYPE      = 0,
+        LDAP_ANYSUBSTRING_TYPE          = 1,
+        LDAP_FINALSUBSTRING_TYPE        = 2
+} LDAPSubstringFilterType;
+
+typedef enum {
+        LDAP_ANDFILTER_TYPE             = 0,
+        LDAP_ORFILTER_TYPE              = 1,
+        LDAP_NOTFILTER_TYPE             = 2,
+        LDAP_EQUALFILTER_TYPE           = 3,
+        LDAP_SUBSTRINGFILTER_TYPE       = 4,
+        LDAP_GREATEROREQUALFILTER_TYPE  = 5,
+        LDAP_LESSOREQUALFILTER_TYPE     = 6,
+        LDAP_PRESENTFILTER_TYPE         = 7,
+        LDAP_APPROXMATCHFILTER_TYPE     = 8
+} LDAPFilterType;
+
+typedef enum {
+        LDAP_BIND_TYPE                  = 0,
+        LDAP_BINDRESPONSE_TYPE          = 1,
+        LDAP_UNBIND_TYPE                = 2,
+        LDAP_SEARCH_TYPE                = 3,
+        LDAP_SEARCHRESPONSEENTRY_TYPE   = 4,
+        LDAP_SEARCHRESPONSERESULT_TYPE  = 5,
+        LDAP_ABANDONREQUEST_TYPE        = 16
+} LDAPMessageType;
+
+typedef enum {
+        SUCCESS                         = 0,
+        OPERATIONSERROR                 = 1,
+        PROTOCOLERROR                   = 2,
+        TIMELIMITEXCEEDED               = 3,
+        SIZELIMITEXCEEDED               = 4,
+        COMPAREFALSE                    = 5,
+        COMPARETRUE                     = 6,
+        AUTHMETHODNOTSUPPORTED          = 7,
+        STRONGAUTHREQUIRED              = 8,
+        NOSUCHATTRIBUTE                 = 16,
+        UNDEFINEDATTRIBUTETYPE          = 17,
+        INAPPROPRIATEMATCHING           = 18,
+        CONSTRAINTVIOLATION             = 19,
+        ATTRIBUTEORVALUEEXISTS          = 20,
+        INVALIDATTRIBUTESYNTAX          = 21,
+        NOSUCHOBJECT                    = 32,
+        ALIASPROBLEM                    = 33,
+        INVALIDDNSYNTAX                 = 34,
+        ISLEAF                          = 35,
+        ALIASDEREFERENCINGPROBLEM       = 36,
+        INAPPROPRIATEAUTHENTICATION     = 48,
+        INVALIDCREDENTIALS              = 49,
+        INSUFFICIENTACCESSRIGHTS        = 50,
+        BUSY                            = 51,
+        UNAVAILABLE                     = 52,
+        UNWILLINGTOPERFORM              = 53,
+        LOOPDETECT                      = 54,
+        NAMINGVIOLATION                 = 64,
+        OBJECTCLASSVIOLATION            = 65,
+        NOTALLOWEDONNONLEAF             = 66,
+        NOTALLOWEDONRDN                 = 67,
+        ENTRYALREADYEXISTS              = 68,
+        OBJECTCLASSMODSPROHIBITED       = 69,
+        OTHER                           = 80
+} LDAPResultCode;
+
+typedef struct LDAPLocationStruct                LDAPLocation;
+typedef struct LDAPCertPairStruct                LDAPCertPair;
+typedef struct LDAPSimpleBindStruct              LDAPSimpleBind;
+typedef struct LDAPBindAPIStruct                 LDAPBindAPI;
+typedef struct LDAPBindStruct                    LDAPBind;
+typedef struct LDAPResultStruct                  LDAPBindResponse;
+typedef struct LDAPResultStruct                  LDAPResult;
+typedef struct LDAPSearchResponseAttrStruct      LDAPSearchResponseAttr;
+typedef struct LDAPSearchResponseEntryStruct     LDAPSearchResponseEntry;
+typedef struct LDAPResultStruct                  LDAPSearchResponseResult;
+typedef struct LDAPUnbindStruct                  LDAPUnbind;
+typedef struct LDAPFilterStruct                  LDAPFilter;
+typedef struct LDAPAndFilterStruct               LDAPAndFilter;
+typedef struct LDAPNotFilterStruct               LDAPNotFilter;
+typedef struct LDAPSubstringStruct               LDAPSubstring;
+typedef struct LDAPSubstringFilterStruct         LDAPSubstringFilter;
+typedef struct LDAPPresentFilterStruct           LDAPPresentFilter;
+typedef struct LDAPAttributeValueAssertionStruct LDAPAttributeValueAssertion;
+typedef struct LDAPNameComponentStruct           LDAPNameComponent;
+typedef struct LDAPRequestParamsStruct           LDAPRequestParams;
+typedef struct LDAPSearchStruct                  LDAPSearch;
+typedef struct LDAPAbandonRequestStruct          LDAPAbandonRequest;
+typedef struct protocolOpStruct                  LDAPProtocolOp;
+typedef struct LDAPMessageStruct                 LDAPMessage;
+typedef LDAPAndFilter                            LDAPOrFilter;
+typedef LDAPAttributeValueAssertion              LDAPEqualFilter;
+typedef LDAPAttributeValueAssertion              LDAPGreaterOrEqualFilter;
+typedef LDAPAttributeValueAssertion              LDAPLessOrEqualFilter;
+typedef LDAPAttributeValueAssertion              LDAPApproxMatchFilter;
+
+struct LDAPLocationStruct {
+        PLArenaPool *arena;
+        void *serverSite;
+        void **filterString;
+        void **attrBitString;
+};
+
+struct LDAPCertPairStruct {
+        SECItem forward;
+        SECItem reverse;
+};
+
+struct LDAPSimpleBindStruct {
+        char *bindName;
+        char *authentication;
+};
+
+struct LDAPBindAPIStruct {
+        AuthType selector;
+        union {
+                LDAPSimpleBind simple;
+        } chooser;
+};
+
+struct LDAPBindStruct {
+        SECItem version;
+        SECItem bindName;
+        SECItem authentication;
+};
+
+struct LDAPResultStruct {
+        SECItem resultCode;
+        SECItem matchedDN;
+        SECItem errorMessage;
+};
+
+struct LDAPSearchResponseAttrStruct {
+        SECItem attrType;
+        SECItem **val;
+};
+
+struct LDAPSearchResponseEntryStruct {
+        SECItem objectName;
+        LDAPSearchResponseAttr **attributes;
+};
+
+struct LDAPUnbindStruct {
+        SECItem dummy;
+};
+
+struct LDAPAndFilterStruct {
+        LDAPFilter **filters;
+};
+
+struct LDAPNotFilterStruct {
+        LDAPFilter *filter;
+};
+
+struct LDAPSubstringStruct {
+        LDAPSubstringFilterType selector;
+        SECItem item;
+};
+
+struct LDAPSubstringFilterStruct {
+        SECItem attrType;
+        LDAPSubstring *strings;
+};
+
+struct LDAPPresentFilterStruct {
+        SECItem attrType;
+};
+
+struct LDAPAttributeValueAssertionStruct {
+        SECItem attrType;
+        SECItem attrValue;
+};
+
+struct LDAPFilterStruct {
+        LDAPFilterType selector;
+        union {
+                LDAPAndFilter andFilter;
+                LDAPOrFilter orFilter;
+                LDAPNotFilter notFilter;
+                LDAPEqualFilter equalFilter;
+                LDAPSubstringFilter substringFilter;
+                LDAPGreaterOrEqualFilter greaterOrEqualFilter;
+                LDAPLessOrEqualFilter lessOrEqualFilter;
+                LDAPPresentFilter presentFilter;
+                LDAPApproxMatchFilter approxMatchFilter;
+        } filter;
+};
+
+struct LDAPNameComponentStruct {
+        unsigned char *attrType;
+        unsigned char *attrValue;
+};
+
+struct LDAPRequestParamsStruct {
+        char *baseObject;          /* e.g. "c=US" */
+        ScopeType scope;
+        DerefType derefAliases;
+        PKIX_UInt32 sizeLimit;     /* 0 = no limit */
+        PRIntervalTime timeLimit;  /* 0 = no limit */
+        LDAPNameComponent **nc; /* e.g. {{"cn","xxx"},{"o","yyy"},NULL} */
+        LdapAttrMask attributes;
+};
+
+struct LDAPSearchStruct {
+        SECItem baseObject;
+        SECItem scope;
+        SECItem derefAliases;
+        SECItem sizeLimit;
+        SECItem timeLimit;
+        SECItem attrsOnly;
+        LDAPFilter filter;
+        SECItem **attributes;
+};
+
+struct LDAPAbandonRequestStruct {
+        SECItem messageID;
+};
+
+struct protocolOpStruct {
+        LDAPMessageType selector;
+        union {
+                LDAPBind bindMsg;
+                LDAPBindResponse bindResponseMsg;
+                LDAPUnbind unbindMsg;
+                LDAPSearch searchMsg;
+                LDAPSearchResponseEntry searchResponseEntryMsg;
+                LDAPSearchResponseResult searchResponseResultMsg;
+                LDAPAbandonRequest abandonRequestMsg;
+        } op;
+};
+
+struct LDAPMessageStruct {
+        SECItem messageID;
+        LDAPProtocolOp protocolOp;
+};
+
+typedef struct PKIX_PL_LdapClientStruct PKIX_PL_LdapClient;
+
+typedef PKIX_Error *
+(*PKIX_PL_LdapClient_InitiateFcn)(
+        PKIX_PL_LdapClient *client,
+        LDAPRequestParams *requestParams,
+        void **pNBIO,
+        PKIX_List **pResponse,
+        void *plContext);
+
+typedef PKIX_Error *
+(*PKIX_PL_LdapClient_ResumeFcn)(
+        PKIX_PL_LdapClient *client,
+        void **pNBIO,
+        PKIX_List **pResponse,
+        void *plContext);
+
+struct PKIX_PL_LdapClientStruct {
+        PKIX_PL_LdapClient_InitiateFcn initiateFcn;
+        PKIX_PL_LdapClient_ResumeFcn resumeFcn;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c
new file mode 100644
index 0000000..ecb6819
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c
@@ -0,0 +1,417 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkix_pl_ldapt.h"
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_NullTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+
+/*
+ * CertificatePair      ::= SEQUENCE {
+ *      forward [0]     Certificate OPTIONAL,
+ *      reverse [1]     Certificate OPTIONAL
+ *                      -- at least one of the pair shall be present --
+ *  }
+ */
+
+const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
+        offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1,
+        offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+/*
+ * BindRequest ::=
+ *      [APPLICATION 0] SEQUENCE {
+ *                      version INTEGER (1..127),
+ *                      name    LDAPDN,
+ *                      authentication CHOICE {
+ *                              simple          [0] OCTET STRING,
+ *                              krbv42LDAP      [1] OCTET STRING,
+ *                              krbv42DSA       [2] OCTET STRING
+ *                      }
+ *      }
+ *
+ * LDAPDN ::= LDAPString
+ *
+ * LDAPString ::= OCTET STRING
+ */
+
+#define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate)
+
+static const SEC_ASN1Template LDAPBindApplTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL },
+    { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) },
+    { 0 }
+};
+
+static const SEC_ASN1Template LDAPBindTemplate[] = {
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0,
+        LDAPBindApplTemplate, sizeof (LDAPBind) }
+};
+
+/*
+ * BindResponse ::= [APPLICATION 1] LDAPResult
+ *
+ * LDAPResult ::=
+ *      SEQUENCE {
+ *              resultCode      ENUMERATED {
+ *                              success                         (0),
+ *                              operationsError                 (1),
+ *                              protocolError                   (2),
+ *                              timeLimitExceeded               (3),
+ *                              sizeLimitExceeded               (4),
+ *                              compareFalse                    (5),
+ *                              compareTrue                     (6),
+ *                              authMethodNotSupported          (7),
+ *                              strongAuthRequired              (8),
+ *                              noSuchAttribute                 (16),
+ *                              undefinedAttributeType          (17),
+ *                              inappropriateMatching           (18),
+ *                              constraintViolation             (19),
+ *                              attributeOrValueExists          (20),
+ *                              invalidAttributeSyntax          (21),
+ *                              noSuchObject                    (32),
+ *                              aliasProblem                    (33),
+ *                              invalidDNSyntax                 (34),
+ *                              isLeaf                          (35),
+ *                              aliasDereferencingProblem       (36),
+ *                              inappropriateAuthentication     (48),
+ *                              invalidCredentials              (49),
+ *                              insufficientAccessRights        (50),
+ *                              busy                            (51),
+ *                              unavailable                     (52),
+ *                              unwillingToPerform              (53),
+ *                              loopDetect                      (54),
+ *                              namingViolation                 (64),
+ *                              objectClassViolation            (65),
+ *                              notAllowedOnNonLeaf             (66),
+ *                              notAllowedOnRDN                 (67),
+ *                              entryAlreadyExists              (68),
+ *                              objectClassModsProhibited       (69),
+ *                              other                           (80)
+ *                              },
+ *              matchedDN       LDAPDN,
+ *              errorMessage    LDAPString
+ *      }
+ */
+
+static const SEC_ASN1Template LDAPResultTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL },
+    { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) },
+    { 0 }
+};
+
+static const SEC_ASN1Template LDAPBindResponseTemplate[] = {
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0,
+        LDAPResultTemplate, sizeof (LDAPBindResponse) }
+};
+
+/*
+ * UnbindRequest ::= [APPLICATION 2] NULL
+ */
+
+static const SEC_ASN1Template LDAPUnbindTemplate[] = {
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN |
+        LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) }
+};
+
+/*
+ * AttributeValueAssertion ::=
+ *      SEQUENCE {
+ *              attributeType   AttributeType,
+ *              attributeValue  AttributeValue,
+ *      }
+ *
+ * AttributeType ::= LDAPString
+ *               -- text name of the attribute, or dotted
+ *               -- OID representation
+ *
+ * AttributeValue ::= OCTET STRING
+ */
+
+#define LDAPAttributeTypeTemplate LDAPStringTemplate
+
+/*
+ * SubstringFilter ::=
+ *      SEQUENCE {
+ *              type            AttributeType,
+ *              SEQUENCE OF CHOICE {
+ *                      initial [0] LDAPString,
+ *                      any     [1] LDAPString,
+ *                      final   [2] LDAPString,
+ *              }
+ *      }
+ */
+
+#define LDAPSubstringFilterInitialTemplate LDAPStringTemplate
+#define LDAPSubstringFilterAnyTemplate LDAPStringTemplate
+#define LDAPSubstringFilterFinalTemplate LDAPStringTemplate
+
+static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = {
+    { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0,
+        sizeof (LDAPFilter) },
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+        offsetof(LDAPSubstring, item),
+        LDAPSubstringFilterInitialTemplate,
+        LDAP_INITIALSUBSTRING_TYPE },
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+        offsetof(LDAPSubstring, item),
+        LDAPSubstringFilterAnyTemplate,
+        LDAP_ANYSUBSTRING_TYPE },
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
+        offsetof(LDAPSubstring, item),
+        LDAPSubstringFilterFinalTemplate,
+        LDAP_FINALSUBSTRING_TYPE },
+    { 0 }
+};
+
+/*
+ * Filter ::=
+ *      CHOICE {
+ *              and             [0] SET OF Filter,
+ *              or              [1] SET OF Filter,
+ *              not             [2] Filter,
+ *              equalityMatch   [3] AttributeValueAssertion,
+ *              substrings      [4] SubstringFilter,
+ *              greaterOrEqual  [5] AttributeValueAssertion,
+ *              lessOrEqual     [6] AttributeValueAssertion,
+ *              present         [7] AttributeType,
+ *              approxMatch     [8] AttributeValueAssertion
+        }
+ */
+
+static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) },
+    { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings),
+        LDAPSubstringFilterChoiceTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */
+
+static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate }
+};
+
+static const SEC_ASN1Template LDAPAVAFilterTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) },
+    { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) },
+    { 0 }
+};
+
+static const SEC_ASN1Template LDAPPresentFilterTemplate[] = {
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) }
+};
+
+#define LDAPEqualFilterTemplate LDAPAVAFilterTemplate
+#define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate
+#define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate
+#define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate
+
+const SEC_ASN1Template LDAPFilterTemplate[] = {
+    { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_ANDFILTER_TYPE,
+        offsetof(LDAPFilter, filter.andFilter.filters),
+        LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_ORFILTER_TYPE,
+        offsetof(LDAPFilter, filter.orFilter.filters),
+        LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER,
+        offsetof(LDAPFilter, filter.notFilter),
+        LDAPFilterTemplate, LDAP_NOTFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_EQUALFILTER_TYPE,
+        offsetof(LDAPFilter, filter.equalFilter),
+        LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter),
+        LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_GREATEROREQUALFILTER_TYPE,
+        offsetof(LDAPFilter, filter.greaterOrEqualFilter),
+        LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_LESSOREQUALFILTER_TYPE,
+        offsetof(LDAPFilter, filter.lessOrEqualFilter),
+        LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_PRESENTFILTER_TYPE,
+        offsetof(LDAPFilter, filter.presentFilter),
+        LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+        LDAP_APPROXMATCHFILTER_TYPE,
+        offsetof(LDAPFilter, filter.approxMatchFilter),
+        LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE },
+    { 0 }
+};
+
+/*
+ * SearchRequest ::=
+ *      [APPLICATION 3] SEQUENCE {
+ *              baseObject      LDAPDN,
+ *              scope           ENUMERATED {
+ *                                      baseObject              (0),
+ *                                      singleLevel             (1),
+ *                                      wholeSubtree            (2)
+ *                              },
+ *              derefAliases    ENUMERATED {
+ *                                      neverDerefAliases       (0),
+ *                                      derefInSearching        (1),
+ *                                      derefFindingBaseObj     (2),
+ *                                      alwaysDerefAliases      (3)
+ *                              },
+ *              sizeLimit       INTEGER (0 .. MAXINT),
+ *                              -- value of 0 implies no sizeLimit
+ *              timeLimit       INTEGER (0 .. MAXINT),
+ *                              -- value of 0 implies no timeLimit
+ *              attrsOnly       BOOLEAN,
+ *                              -- TRUE, if only attributes (without values)
+ *                              -- to be returned
+ *              filter          Filter,
+ *              attributes      SEQUENCE OF AttributeType
+ *      }
+ */
+
+static const SEC_ASN1Template LDAPAttributeTemplate[] = {
+    { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) }
+};
+
+static const SEC_ASN1Template LDAPSearchApplTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) },
+    { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) },
+    { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) },
+    { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) },
+    { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) },
+    { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) },
+    { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate },
+    { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template LDAPSearchTemplate[] = {
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0,
+        LDAPSearchApplTemplate, sizeof (LDAPSearch) } 
+};
+
+/*
+ * SearchResponse ::=
+ *      CHOICE {
+ *              entry   [APPLICATION 4] SEQUENCE {
+ *                              objectName      LDAPDN,
+ *                              attributes      SEQUENCE OF SEQUENCE {
+ *                                                      AttributeType,
+ *                                                      SET OF AttributeValue
+ *                                              }
+ *                      }
+ *              resultCode [APPLICATION 5] LDAPResult
+ *      }
+ */
+
+static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val),
+        LDAPStringTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template LDAPEntryTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL },
+    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) },
+    { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes),
+        LDAPSearchResponseAttrTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = {
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYPE, 0,
+        LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) }
+};
+
+static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = {
+    { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0,
+        LDAPResultTemplate, sizeof (LDAPSearchResponseResult) }
+};
+
+/*
+ * AbandonRequest ::=
+ *      [APPLICATION 16] MessageID
+ */
+
+static const SEC_ASN1Template LDAPAbandonTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) }
+};
+
+static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = {
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0,
+        LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) }
+};
+
+/*
+ * LDAPMessage ::=
+ *      SEQUENCE {
+ *              messageID       MessageID,
+ *              protocolOp      CHOICE {
+ *                                      bindRequest     BindRequest,
+ *                                      bindResponse    BindResponse,
+ *                                      unbindRequest   UnbindRequest,
+ *                                      searchRequest   SearchRequest,
+ *                                      searchResponse  SearchResponse,
+ *                                      abandonRequest  AbandonRequest
+ *                              }
+ *      }
+ *
+ *                                      (other choices exist, not shown)
+ *
+ * MessageID ::= INTEGER (0 .. maxInt)
+ */
+
+static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = {
+    { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtocolOp) },
+    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg),
+        LDAPBindTemplate, LDAP_BIND_TYPE },
+    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg),
+        LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE },
+    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg),
+        LDAPUnbindTemplate, LDAP_UNBIND_TYPE },
+    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg),
+        LDAPSearchTemplate, LDAP_SEARCH_TYPE },
+    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg),
+        LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE },
+    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg),
+        LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE },
+    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg),
+        LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE },
+    { 0 }
+};
+
+const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL },
+    { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) },
+    { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp),
+        LDAPMessageProtocolOpTemplate },
+    { 0 }
+};
+
+/* This function simply returns the address of the message template.
+ * This is necessary for Windows DLLs.
+ */
+SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate)
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c
new file mode 100755
index 0000000..1714275
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.c
@@ -0,0 +1,319 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_nsscontext.c
+ *
+ * NSSContext Function Definitions
+ *
+ */
+
+
+#include "pkix_pl_nsscontext.h"
+
+#define PKIX_DEFAULT_MAX_RESPONSE_LENGTH               64 * 1024
+#define PKIX_DEFAULT_COMM_TIMEOUT_SECONDS              60
+
+#define PKIX_DEFAULT_CRL_RELOAD_DELAY_SECONDS        6 * 24 * 60 * 60
+#define PKIX_DEFAULT_BAD_CRL_RELOAD_DELAY_SECONDS    60 * 60
+
+/* --Public-NSSContext-Functions--------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_Create
+ * (see comments in pkix_samples_modules.h)
+ */
+PKIX_Error *
+PKIX_PL_NssContext_Create(
+        PKIX_UInt32 certificateUsage,
+        PKIX_Boolean useNssArena,
+        void *wincx,
+        void **pNssContext)
+{
+        PKIX_PL_NssContext *context = NULL;
+        PLArenaPool *arena = NULL;
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_Create");
+        PKIX_NULLCHECK_ONE(pNssContext);
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                   (sizeof(PKIX_PL_NssContext), (void **)&context, NULL),
+                   PKIX_MALLOCFAILED);
+
+        if (useNssArena == PKIX_TRUE) {
+                PKIX_CONTEXT_DEBUG("\t\tCalling PORT_NewArena\n");
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        }
+        
+        context->arena = arena;
+        context->certificateUsage = (SECCertificateUsage)certificateUsage;
+        context->wincx = wincx;
+        context->timeoutSeconds = PKIX_DEFAULT_COMM_TIMEOUT_SECONDS;
+        context->maxResponseLength = PKIX_DEFAULT_MAX_RESPONSE_LENGTH;
+        context->crlReloadDelay = PKIX_DEFAULT_CRL_RELOAD_DELAY_SECONDS;
+        context->badDerCrlReloadDelay =
+                             PKIX_DEFAULT_BAD_CRL_RELOAD_DELAY_SECONDS;
+        context->chainVerifyCallback.isChainValid = NULL;
+        context->chainVerifyCallback.isChainValidArg = NULL;
+        *pNssContext = context;
+
+cleanup:
+
+        PKIX_RETURN(CONTEXT);
+}
+
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_Destroy
+ * (see comments in pkix_samples_modules.h)
+ */
+PKIX_Error *
+PKIX_PL_NssContext_Destroy(
+        void *nssContext)
+{
+        void *plContext = NULL;
+        PKIX_PL_NssContext *context = NULL;
+
+        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_Destroy");
+        PKIX_NULLCHECK_ONE(nssContext);
+
+        context = (PKIX_PL_NssContext*)nssContext;
+
+        if (context->arena != NULL) {
+                PKIX_CONTEXT_DEBUG("\t\tCalling PORT_FreeArena\n");
+                PORT_FreeArena(context->arena, PKIX_FALSE);
+        }
+
+        PKIX_PL_Free(nssContext, NULL);
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_NssContext_GetCertUsage
+ * DESCRIPTION:
+ *
+ *  This function obtains the platform-dependent SECCertificateUsage  parameter
+ *  from the context object pointed to by "nssContext", storing the result at
+ *  "pCertUsage".
+ *
+ * PARAMETERS:
+ *  "nssContext"
+ *      The address of the context object whose wincx parameter is to be
+ *      obtained. Must be non-NULL.
+ *  "pCertUsage"
+ *      The address where the result is stored. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_NssContext_GetCertUsage(
+        PKIX_PL_NssContext *nssContext,
+        SECCertificateUsage *pCertUsage)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_GetCertUsage");
+        PKIX_NULLCHECK_TWO(nssContext, pCertUsage);
+
+        *pCertUsage = nssContext->certificateUsage;
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_NssContext_SetCertUsage
+ * DESCRIPTION:
+ *
+ *  This function sets the platform-dependent SECCertificateUsage parameter in
+ *  the context object pointed to by "nssContext" to the value provided in
+ *  "certUsage".
+ *
+ * PARAMETERS:
+ *  "certUsage"
+ *      Platform-dependent value to be stored.
+ *  "nssContext"
+ *      The address of the context object whose wincx parameter is to be
+ *      obtained. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_NssContext_SetCertUsage(
+        SECCertificateUsage certUsage,
+        PKIX_PL_NssContext *nssContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_SetCertUsage");
+        PKIX_NULLCHECK_ONE(nssContext);
+
+        nssContext->certificateUsage = certUsage;
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_NssContext_GetWincx
+ * DESCRIPTION:
+ *
+ *  This function obtains the platform-dependent wincx parameter from the
+ *  context object pointed to by "nssContext", storing the result at "pWincx".
+ *
+ * PARAMETERS:
+ *  "nssContext"
+ *      The address of the context object whose wincx parameter is to be
+ *      obtained. Must be non-NULL.
+ *  "pWincx"
+ *      The address where the result is stored. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_NssContext_GetWincx(
+        PKIX_PL_NssContext *nssContext,
+        void **pWincx)
+{
+        void *plContext = NULL;
+        PKIX_PL_NssContext *context = NULL;
+
+        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_GetWincx");
+        PKIX_NULLCHECK_TWO(nssContext, pWincx);
+
+        context = (PKIX_PL_NssContext *)nssContext;
+
+        *pWincx = context->wincx;
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: pkix_pl_NssContext_SetWincx
+ * DESCRIPTION:
+ *
+ *  This function sets the platform-dependent wincx parameter in the context
+ *  object pointed to by "nssContext" to the value provided in "wincx".
+ *
+ * PARAMETERS:
+ *  "wincx"
+ *      Platform-dependent value to be stored.
+ *  "nssContext"
+ *      The address of the context object whose wincx parameter is to be
+ *      obtained. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_NssContext_SetWincx(
+        void *wincx,
+        PKIX_PL_NssContext *nssContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "pkix_pl_NssContext_SetWincx");
+        PKIX_NULLCHECK_ONE(nssContext);
+
+        nssContext->wincx = wincx;
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetTimeout
+ * DESCRIPTION:
+ *
+ * Sets user defined socket timeout for the validation
+ * session. Default is 60 seconds.
+ *
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetTimeout(PKIX_UInt32 timeout,
+                              PKIX_PL_NssContext *nssContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetTimeout");
+        PKIX_NULLCHECK_ONE(nssContext);
+
+        nssContext->timeoutSeconds = timeout;
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetMaxResponseLen
+ * DESCRIPTION:
+ *
+ * Sets user defined maximum transmission length of a message.
+ *
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetMaxResponseLen(PKIX_UInt32 len,
+                                     PKIX_PL_NssContext *nssContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetMaxResponseLen");
+        PKIX_NULLCHECK_ONE(nssContext);
+
+        nssContext->maxResponseLength = len;
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetCrlReloadDelay
+ * DESCRIPTION:
+ *
+ * Sets user defined delay between attempts to load crl using
+ * CRLDP.
+ *
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetCrlReloadDelay(PKIX_UInt32 delay,
+                                     PKIX_PL_NssContext *nssContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetCrlReloadDelay");
+        PKIX_NULLCHECK_ONE(nssContext);
+
+        nssContext->crlReloadDelay = delay;
+
+        PKIX_RETURN(CONTEXT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_NssContext_SetBadDerCrlReloadDelay
+ * DESCRIPTION:
+ *
+ * Sets user defined delay between attempts to load crl that
+ * failed to decode.
+ *
+ */
+PKIX_Error *
+PKIX_PL_NssContext_SetBadDerCrlReloadDelay(PKIX_UInt32 delay,
+                                             PKIX_PL_NssContext *nssContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(CONTEXT, "PKIX_PL_NssContext_SetBadDerCrlReloadDelay");
+        PKIX_NULLCHECK_ONE(nssContext);
+
+        nssContext->badDerCrlReloadDelay = delay;
+
+        PKIX_RETURN(CONTEXT);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h
new file mode 100755
index 0000000..04441c2
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_nsscontext.h
@@ -0,0 +1,52 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_nsscontext.h
+ *
+ * NSSContext Object Type Definition
+ *
+ */
+
+
+#ifndef _PKIX_PL_NSSCONTEXT_H
+#define _PKIX_PL_NSSCONTEXT_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_NssContextStruct {
+        SECCertificateUsage certificateUsage;
+        PLArenaPool *arena;
+        void *wincx;
+        PKIX_UInt32 timeoutSeconds;
+        PKIX_UInt32 maxResponseLength;
+        PRTime crlReloadDelay;
+        PRTime badDerCrlReloadDelay;
+        CERTChainVerifyCallback chainVerifyCallback;
+};
+
+PKIX_Error *
+pkix_pl_NssContext_GetCertUsage
+        (PKIX_PL_NssContext *nssContext, SECCertificateUsage *pCertUsage);
+
+/* XXX move the setter into the public header. */
+PKIX_Error *
+pkix_pl_NssContext_SetCertUsage
+        (SECCertificateUsage certUsage, PKIX_PL_NssContext *nssContext);
+
+PKIX_Error *
+pkix_pl_NssContext_GetWincx(PKIX_PL_NssContext *nssContext, void **pWincx);
+
+/* XXX move the setter into the public header. */
+PKIX_Error *
+pkix_pl_NssContext_SetWincx(void *wincx, PKIX_PL_NssContext *nssContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_NSSCONTEXT_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
new file mode 100755
index 0000000..7de614e
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
@@ -0,0 +1,1039 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_pk11certstore.c
+ *
+ * PKCS11CertStore Function Definitions
+ *
+ */
+
+#include "pkix_pl_pk11certstore.h"
+
+/*
+ * PKIX_DEFAULT_MAX_RESPONSE_LENGTH (64 * 1024) is too small for downloading
+ * CRLs.  We observed CRLs of sizes 338759 and 439035 in practice.  So we
+ * need to use a higher max response length for CRLs.
+ */
+#define PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH (512 * 1024)
+
+/* --Private-Pk11CertStore-Functions---------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_Pk11CertStore_CheckTrust
+ * DESCRIPTION:
+ * This function checks the trust status of this "cert" that was retrieved
+ * from the CertStore "store" and returns its trust status at "pTrusted".
+ *
+ * PARAMETERS:
+ * "store"
+ *      Address of the CertStore. Must be non-NULL.
+ * "cert"
+ *      Address of the Cert. Must be non-NULL.
+ * "pTrusted"
+ *      Address of PKIX_Boolean where the "cert" trust status is returned.
+ *      Must be non-NULL.
+ * "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Pk11CertStore_CheckTrust(
+        PKIX_CertStore *store,
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pTrusted,
+        void *plContext)
+{
+        SECStatus rv = SECFailure;
+        PKIX_Boolean trusted = PKIX_FALSE;
+        SECCertUsage certUsage = 0;
+        SECCertificateUsage certificateUsage;
+        unsigned int requiredFlags;
+        SECTrustType trustType;
+        CERTCertTrust trust;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_CheckTrust");
+        PKIX_NULLCHECK_THREE(store, cert, pTrusted);
+        PKIX_NULLCHECK_ONE(cert->nssCert);
+
+        certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
+
+        /* ensure we obtained a single usage bit only */
+        PORT_Assert(!(certificateUsage & (certificateUsage - 1)));
+
+        /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
+        while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
+
+        rv = CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags, &trustType);
+        if (rv == SECSuccess) {
+                rv = CERT_GetCertTrust(cert->nssCert, &trust);
+        }
+
+        if (rv == SECSuccess) {
+            unsigned int certFlags;
+
+            if (certUsage != certUsageAnyCA &&
+                certUsage != certUsageStatusResponder) {
+                CERTCertificate *nssCert = cert->nssCert;
+                
+                if (certUsage == certUsageVerifyCA) {
+                    if (nssCert->nsCertType & NS_CERT_TYPE_EMAIL_CA) {
+                        trustType = trustEmail;
+                    } else if (nssCert->nsCertType & NS_CERT_TYPE_SSL_CA) {
+                        trustType = trustSSL;
+                    } else {
+                        trustType = trustObjectSigning;
+                    }
+                }
+                
+                certFlags = SEC_GET_TRUST_FLAGS((&trust), trustType);
+                if ((certFlags & requiredFlags) == requiredFlags) {
+                    trusted = PKIX_TRUE;
+                }
+            } else {
+                for (trustType = trustSSL; trustType < trustTypeNone;
+                     trustType++) {
+                    certFlags =
+                        SEC_GET_TRUST_FLAGS((&trust), trustType);
+                    if ((certFlags & requiredFlags) == requiredFlags) {
+                        trusted = PKIX_TRUE;
+                        break;
+                    }
+                }
+            }
+        }
+
+        *pTrusted = trusted;
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Pk11CertStore_CertQuery
+ * DESCRIPTION:
+ *
+ *  This function obtains from the database the Certs specified by the
+ *  ComCertSelParams pointed to by "params" and stores the resulting
+ *  List at "pSelected". If no matching Certs are found, a NULL pointer
+ *  will be stored.
+ *
+ *  This function uses a "smart" database query if the Subject has been set
+ *  in ComCertSelParams. Otherwise, it uses a very inefficient call to
+ *  retrieve all Certs in the database (and run them through the selector).
+ *
+ * PARAMETERS:
+ * "params"
+ *      Address of the ComCertSelParams. Must be non-NULL.
+ * "pSelected"
+ *      Address at which List will be stored. Must be non-NULL.
+ * "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Pk11CertStore_CertQuery(
+        PKIX_ComCertSelParams *params,
+        PKIX_List **pSelected,
+        void *plContext)
+{
+        PRBool validOnly = PR_FALSE;
+        PRTime prtime = 0;
+        PKIX_PL_X500Name *subjectName = NULL;
+        PKIX_PL_Date *certValid = NULL;
+        PKIX_List *certList = NULL;
+        PKIX_PL_Cert *cert = NULL;
+        CERTCertList *pk11CertList = NULL;
+        CERTCertListNode *node = NULL;
+        CERTCertificate *nssCert = NULL;
+        CERTCertDBHandle *dbHandle = NULL;
+
+        PLArenaPool *arena = NULL;
+        SECItem *nameItem = NULL;
+        void *wincx = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_CertQuery");
+        PKIX_NULLCHECK_TWO(params, pSelected);
+
+        /* avoid multiple calls to retrieve a constant */
+        PKIX_PL_NSSCALLRV(CERTSTORE, dbHandle, CERT_GetDefaultCertDB, ());
+
+        /*
+         * Any of the ComCertSelParams may be obtained and used to constrain
+         * the database query, to allow the use of a "smart" query. See
+         * pkix_certsel.h for a list of the PKIX_ComCertSelParams_Get*
+         * calls available. No corresponding "smart" queries exist at present,
+         * except for CERT_CreateSubjectCertList based on Subject. When others
+         * are added, corresponding code should be added to
+         * pkix_pl_Pk11CertStore_CertQuery to use them when appropriate
+         * selector parameters have been set.
+         */
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetSubject
+                (params, &subjectName, plContext),
+                PKIX_COMCERTSELPARAMSGETSUBJECTFAILED);
+
+        PKIX_CHECK(PKIX_ComCertSelParams_GetCertificateValid
+                (params, &certValid, plContext),
+                PKIX_COMCERTSELPARAMSGETCERTIFICATEVALIDFAILED);
+
+        /* If caller specified a Date, convert it to PRTime */
+        if (certValid) {
+                PKIX_CHECK(pkix_pl_Date_GetPRTime
+                        (certValid, &prtime, plContext),
+                        PKIX_DATEGETPRTIMEFAILED);
+                validOnly = PR_TRUE;
+        }
+
+        /*
+         * If we have the subject name for the desired subject,
+         * ask the database for Certs with that subject. Otherwise
+         * ask the database for all Certs.
+         */
+        if (subjectName) {
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (arena) {
+
+                        PKIX_CHECK(pkix_pl_X500Name_GetDERName
+                                (subjectName, arena, &nameItem, plContext),
+                                PKIX_X500NAMEGETSECNAMEFAILED);
+
+                        if (nameItem) {
+
+                            PKIX_PL_NSSCALLRV
+                                (CERTSTORE,
+                                pk11CertList,
+                                CERT_CreateSubjectCertList,
+                                (NULL, dbHandle, nameItem, prtime, validOnly));
+                        }
+                        PKIX_PL_NSSCALL
+                                (CERTSTORE, PORT_FreeArena, (arena, PR_FALSE));
+                        arena = NULL;
+                }
+
+        } else {
+
+                PKIX_CHECK(pkix_pl_NssContext_GetWincx
+                        ((PKIX_PL_NssContext *)plContext, &wincx),
+                        PKIX_NSSCONTEXTGETWINCXFAILED);
+
+                PKIX_PL_NSSCALLRV
+                        (CERTSTORE,
+                        pk11CertList,
+                        PK11_ListCerts,
+                        (PK11CertListAll, wincx));
+        }
+
+        if (pk11CertList) {
+
+                PKIX_CHECK(PKIX_List_Create(&certList, plContext),
+                        PKIX_LISTCREATEFAILED);
+
+                for (node = CERT_LIST_HEAD(pk11CertList);
+                    !(CERT_LIST_END(node, pk11CertList));
+                    node = CERT_LIST_NEXT(node)) {
+
+                        PKIX_PL_NSSCALLRV
+                                (CERTSTORE,
+                                nssCert,
+                                CERT_DupCertificate,
+                                        (node->cert));
+
+                        if (!nssCert) {
+                                continue; /* just skip bad certs */
+                        }
+
+                        PKIX_CHECK_ONLY_FATAL(pkix_pl_Cert_CreateWithNSSCert
+                                (nssCert, &cert, plContext),
+                                PKIX_CERTCREATEWITHNSSCERTFAILED);
+
+                        if (PKIX_ERROR_RECEIVED) {
+                                CERT_DestroyCertificate(nssCert);
+                                nssCert = NULL;
+                                continue; /* just skip bad certs */
+                        }
+
+                        PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
+                                (certList, (PKIX_PL_Object *)cert, plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+
+                        PKIX_DECREF(cert);
+
+                }
+
+                /* Don't throw away the list if one cert was bad! */
+                pkixTempErrorReceived = PKIX_FALSE;
+        }
+
+        *pSelected = certList;
+        certList = NULL;
+
+cleanup:
+        
+        if (pk11CertList) {
+            CERT_DestroyCertList(pk11CertList);
+        }
+        if (arena) {
+            PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        PKIX_DECREF(subjectName);
+        PKIX_DECREF(certValid);
+        PKIX_DECREF(cert);
+        PKIX_DECREF(certList);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Pk11CertStore_ImportCrl
+ * DESCRIPTION:
+ *
+ * PARAMETERS:
+ * "params"
+ *      Address of the ComCRLSelParams. Must be non-NULL.
+ * "pSelected"
+ *      Address at which List will be stored. Must be non-NULL.
+ * "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Pk11CertStore_ImportCrl(
+        PKIX_CertStore *store,
+        PKIX_PL_X500Name *issuerName,
+        PKIX_List *crlList,
+        void *plContext)
+{
+    CERTCertDBHandle *certHandle = CERT_GetDefaultCertDB();
+    PKIX_PL_CRL *crl = NULL;
+    SECItem *derCrl = NULL;
+
+    PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_ImportCrl");
+    PKIX_NULLCHECK_TWO(store, plContext);
+    
+    if (!crlList) {
+        goto cleanup;
+    }
+    while (crlList->length > 0) {
+        PKIX_CHECK(
+            PKIX_List_GetItem(crlList, 0, (PKIX_PL_Object**)&crl,
+                              plContext),
+            PKIX_LISTGETITEMFAILED);
+
+        /* Delete crl from the list to keep controll of the
+         * last reference. crl need to be destroyed right after
+         * it released the ownership of the crl der. */
+        PKIX_CHECK(
+            PKIX_List_DeleteItem(crlList, 0, plContext),
+            PKIX_LISTDELETEITEMFAILED);
+
+        /* acquire the crlder ownership */
+        pkixErrorResult =
+            PKIX_PL_CRL_ReleaseDerCrl(crl, &derCrl, plContext);
+        PORT_Assert(!pkixErrorResult && derCrl);
+        if (pkixErrorResult || !derCrl) {
+            /* All pkix delivered crls should be able to
+             * release their ders. */
+            PKIX_DECREF(pkixErrorResult);
+            PKIX_DECREF(crl);
+            continue;
+        }
+        cert_CacheCRLByGeneralName(certHandle, derCrl, 
+                                        crl->derGenName);
+        /* Do not check the status. If it is a SECFailure,
+         * derCrl is already destroyed. */
+        derCrl = NULL;
+        PKIX_DECREF(crl);
+    }
+
+cleanup:
+    PKIX_DECREF(crl);
+
+    PKIX_RETURN(CERTSTORE);
+}
+
+static PKIX_Error *
+NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert,
+                           PRTime time,
+                           PKIX_Boolean *pHasFetchedCrlInCache,
+                           void *plContext)
+{
+    /* Returning true result in this case will mean, that case info
+     * is currect and should used as is. */
+    NamedCRLCache* nameCrlCache = NULL;
+    PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
+    PKIX_List *dpList = NULL;
+    pkix_pl_CrlDp *dp = NULL;
+    PKIX_UInt32 dpIndex = 0;
+    SECStatus rv = SECSuccess;
+    PRTime reloadDelay = 0, badCrlInvalDelay = 0;
+
+    PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl");
+
+    reloadDelay = 
+        ((PKIX_PL_NssContext*)plContext)->crlReloadDelay *
+                                                PR_USEC_PER_SEC;
+    badCrlInvalDelay =
+        ((PKIX_PL_NssContext*)plContext)->badDerCrlReloadDelay *
+                                                PR_USEC_PER_SEC;
+    if (!time) {
+        time = PR_Now();
+    }
+    /* If we already download the crl and inserted into the cache, then
+     * there is no need to check for fetched crl. We have what we have. */
+    PKIX_CHECK(
+        PKIX_PL_Cert_GetCrlDp(pkixCert, &dpList, plContext),
+        PKIX_CERTGETCRLDPFAILED);
+    if (dpList && dpList->length) {
+        hasFetchedCrlInCache = PKIX_FALSE;
+        rv = cert_AcquireNamedCRLCache(&nameCrlCache);
+        if (rv != SECSuccess) {
+            PKIX_DECREF(dpList);
+        }
+    } else {
+        /* If no dp then treat it as if we already have
+         * a fetched crl. */
+        PKIX_DECREF(dpList);
+    }
+    for (;!hasFetchedCrlInCache &&
+             dpList && dpIndex < dpList->length;dpIndex++) {
+        SECItem **derDpNames = NULL;
+        pkixErrorResult =
+            PKIX_List_GetItem(dpList, dpIndex, (PKIX_PL_Object **)&dp,
+                              plContext);
+        if (pkixErrorResult) {
+            PKIX_DECREF(pkixErrorResult);
+            continue;
+        }
+        if (dp->nssdp->distPointType == generalName) {
+            /* dp can only be created from nssdp. */
+            derDpNames = dp->nssdp->derFullName;
+        }
+        while (derDpNames && *derDpNames != NULL) {
+            NamedCRLCacheEntry* cacheEntry = NULL;
+            const SECItem *derDpName = *derDpNames++;
+            rv = cert_FindCRLByGeneralName(nameCrlCache, derDpName,
+                                           &cacheEntry);
+            if (rv == SECSuccess && cacheEntry) {
+                if ((cacheEntry->inCRLCache &&
+                    (cacheEntry->successfulInsertionTime + reloadDelay > time ||
+                     (cacheEntry->dupe &&
+                      cacheEntry->lastAttemptTime + reloadDelay > time))) ||
+                    (cacheEntry->badDER &&
+                     cacheEntry->lastAttemptTime + badCrlInvalDelay > time)) {
+                    hasFetchedCrlInCache = PKIX_TRUE;
+                    break;
+                }
+            }
+        }
+        PKIX_DECREF(dp);
+    }
+cleanup:
+    *pHasFetchedCrlInCache = hasFetchedCrlInCache;
+    if (nameCrlCache) {
+        cert_ReleaseNamedCRLCache(nameCrlCache);
+    }
+    PKIX_DECREF(dpList);
+
+    PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Pk11CertStore_CheckCrl
+ * DESCRIPTION:
+ *
+ * PARAMETERS:
+ * "params"
+ *      Address of the ComCRLSelParams. Must be non-NULL.
+ * "pSelected"
+ *      Address at which List will be stored. Must be non-NULL.
+ * "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertStore Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Pk11CertStore_CheckRevByCrl(
+        PKIX_CertStore *store,
+        PKIX_PL_Cert *pkixCert,
+        PKIX_PL_Cert *pkixIssuer,
+        PKIX_PL_Date *date,
+        PKIX_Boolean  crlDownloadDone,
+        CERTCRLEntryReasonCode *pReasonCode,
+        PKIX_RevocationStatus *pStatus,
+        void *plContext)
+{
+    PKIX_RevocationStatus pkixRevStatus = PKIX_RevStatus_NoInfo;
+    CERTRevocationStatus revStatus = certRevocationStatusUnknown;
+    PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
+    CERTCertificate *cert = NULL, *issuer = NULL;
+    SECStatus rv = SECSuccess;
+    void *wincx = NULL;
+    PRTime time = 0;
+
+    PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_CheckRevByCrl");
+    PKIX_NULLCHECK_FOUR(store, pkixCert, pkixIssuer, plContext);
+
+    cert = pkixCert->nssCert;
+    issuer = pkixIssuer->nssCert;
+    if (date) {
+        PKIX_CHECK(
+            pkix_pl_Date_GetPRTime(date, &time, plContext),
+            PKIX_DATEGETPRTIMEFAILED);
+    }
+    PKIX_CHECK(
+        pkix_pl_NssContext_GetWincx((PKIX_PL_NssContext*)plContext,
+                                    &wincx),
+        PKIX_NSSCONTEXTGETWINCXFAILED);
+    /* No need to check any cDPs, since partitioned crls are not
+     * supported. If a ds does not point to partitioned crl, then
+     * the crl should be in issuer cache that is unrelated to any
+     * dp. Using NULL as a dp pointer to check it.*/
+    rv = cert_CheckCertRevocationStatus(cert, issuer, NULL,
+                                        /* Will not validate the signature
+                                         * on the crl if time is not specified.*/
+                                        time, wincx, &revStatus, pReasonCode);
+    if (rv == SECFailure) {
+        pkixRevStatus = PKIX_RevStatus_Revoked;
+        goto cleanup;
+    }
+    if (crlDownloadDone) {
+        if (revStatus == certRevocationStatusRevoked) {
+            pkixRevStatus = PKIX_RevStatus_Revoked;
+        } else if (revStatus == certRevocationStatusValid) {
+            pkixRevStatus = PKIX_RevStatus_Success;
+        } 
+    } else {
+        pkixErrorResult =
+            NameCacheHasFetchedCrlInfo(pkixCert, time, &hasFetchedCrlInCache,
+                                       plContext);
+        if (pkixErrorResult) {
+            goto cleanup;
+        }
+        if (revStatus == certRevocationStatusRevoked &&
+            (hasFetchedCrlInCache ||
+             *pReasonCode != crlEntryReasoncertificatedHold)) {
+            pkixRevStatus = PKIX_RevStatus_Revoked;
+        } else if (revStatus == certRevocationStatusValid &&
+                   hasFetchedCrlInCache) {
+            pkixRevStatus = PKIX_RevStatus_Success;
+        }
+    }
+cleanup:
+    *pStatus = pkixRevStatus;
+
+    PKIX_RETURN(CERTSTORE);    
+}
+
+
+/*
+ * FUNCTION: pkix_pl_Pk11CertStore_GetCert
+ *  (see description of PKIX_CertStore_CertCallback in pkix_certstore.h)
+ */
+PKIX_Error *
+pkix_pl_Pk11CertStore_GetCert(
+        PKIX_CertStore *store,
+        PKIX_CertSelector *selector,
+        PKIX_VerifyNode *parentVerifyNode,
+        void **pNBIOContext,
+        PKIX_List **pCertList,
+        void *plContext)
+{
+        PKIX_UInt32 i = 0;
+        PKIX_UInt32 numFound = 0;
+        PKIX_PL_Cert *candidate = NULL;
+        PKIX_List *selected = NULL;
+        PKIX_List *filtered = NULL;
+        PKIX_CertSelector_MatchCallback selectorCallback = NULL;
+        PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
+        PKIX_ComCertSelParams *params = NULL;
+        PKIX_Boolean cacheFlag = PKIX_FALSE;
+        PKIX_VerifyNode *verifyNode = NULL;
+        PKIX_Error *selectorError = NULL;
+
+        PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_GetCert");
+        PKIX_NULLCHECK_FOUR(store, selector, pNBIOContext, pCertList);
+
+        *pNBIOContext = NULL;   /* We don't use non-blocking I/O */
+
+        PKIX_CHECK(PKIX_CertSelector_GetMatchCallback
+                (selector, &selectorCallback, plContext),
+                PKIX_CERTSELECTORGETMATCHCALLBACKFAILED);
+
+        PKIX_CHECK(PKIX_CertSelector_GetCommonCertSelectorParams
+                (selector, &params, plContext),
+                PKIX_CERTSELECTORGETCOMCERTSELPARAMSFAILED);
+
+        PKIX_CHECK(pkix_pl_Pk11CertStore_CertQuery
+                (params, &selected, plContext),
+                PKIX_PK11CERTSTORECERTQUERYFAILED);
+
+        if (selected) {
+                PKIX_CHECK(PKIX_List_GetLength(selected, &numFound, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+        }
+
+        PKIX_CHECK(PKIX_CertStore_GetCertStoreCacheFlag
+                (store, &cacheFlag, plContext),
+                PKIX_CERTSTOREGETCERTSTORECACHEFLAGFAILED);
+
+        PKIX_CHECK(PKIX_CertStore_GetTrustCallback
+                (store, &trustCallback, plContext),
+                PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
+
+        PKIX_CHECK(PKIX_List_Create(&filtered, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        for (i = 0; i < numFound; i++) {
+                PKIX_CHECK_ONLY_FATAL(PKIX_List_GetItem
+                        (selected,
+                        i,
+                        (PKIX_PL_Object **)&candidate,
+                        plContext),
+                        PKIX_LISTGETITEMFAILED);
+
+                if (PKIX_ERROR_RECEIVED) {
+                        continue; /* just skip bad certs */
+                }
+
+                selectorError =
+                    selectorCallback(selector, candidate, plContext);
+                if (!selectorError) {
+                        PKIX_CHECK(PKIX_PL_Cert_SetCacheFlag
+                                (candidate, cacheFlag, plContext),
+                                PKIX_CERTSETCACHEFLAGFAILED);
+
+                        if (trustCallback) {
+                                PKIX_CHECK(PKIX_PL_Cert_SetTrustCertStore
+                                    (candidate, store, plContext),
+                                    PKIX_CERTSETTRUSTCERTSTOREFAILED);
+                        }
+
+                        PKIX_CHECK_ONLY_FATAL(PKIX_List_AppendItem
+                                (filtered,
+                                (PKIX_PL_Object *)candidate,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+                } else if (parentVerifyNode) {
+                    PKIX_CHECK_FATAL(
+                        pkix_VerifyNode_Create(candidate, 0, selectorError,
+                                               &verifyNode, plContext),
+                        PKIX_VERIFYNODECREATEFAILED);
+                    PKIX_CHECK_FATAL(
+                        pkix_VerifyNode_AddToTree(parentVerifyNode,
+                                                  verifyNode,
+                                                  plContext),
+                        PKIX_VERIFYNODEADDTOTREEFAILED);
+                    PKIX_DECREF(verifyNode);
+                }
+                PKIX_DECREF(selectorError);
+                PKIX_DECREF(candidate);
+        }
+
+        /* Don't throw away the list if one cert was bad! */
+        pkixTempErrorReceived = PKIX_FALSE;
+
+        *pCertList = filtered;
+        filtered = NULL;
+
+cleanup:
+fatal:
+        PKIX_DECREF(filtered);
+        PKIX_DECREF(candidate);
+        PKIX_DECREF(selected);
+        PKIX_DECREF(params);
+        PKIX_DECREF(verifyNode);
+        PKIX_DECREF(selectorError);
+
+        PKIX_RETURN(CERTSTORE);
+}
+
+static PKIX_Error *
+RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date,
+                             void *plContext)
+{
+    NamedCRLCache* nameCrlCache = NULL;
+    pkix_pl_CrlDp *dp = NULL;
+    unsigned int dpIndex = 0;
+    PRTime time;
+    PRTime reloadDelay = 0, badCrlInvalDelay = 0;
+    SECStatus rv;
+
+    PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_ListRemovePrtDp");
+
+    if (!dpList || !dpList->length) {
+        PKIX_RETURN(CERTSTORE);
+    }
+    reloadDelay = 
+        ((PKIX_PL_NssContext*)plContext)->crlReloadDelay *
+                                                PR_USEC_PER_SEC;
+    badCrlInvalDelay =
+        ((PKIX_PL_NssContext*)plContext)->badDerCrlReloadDelay *
+                                                PR_USEC_PER_SEC;
+    PKIX_CHECK(pkix_pl_Date_GetPRTime(date, &time, plContext),
+               PKIX_DATEGETPRTIMEFAILED);
+    rv = cert_AcquireNamedCRLCache(&nameCrlCache);
+    if (rv == SECFailure) {
+        /* Baling out. Wont find out any thing useful. */
+        PKIX_RETURN(CERTSTORE);
+    }
+    while (dpIndex < dpList->length) {
+        SECItem **derDpNames = NULL;
+        PKIX_Boolean removeDp = PKIX_FALSE;
+        
+        PKIX_CHECK(
+            PKIX_List_GetItem(dpList, dpIndex, (PKIX_PL_Object **)&dp,
+                              plContext),
+            PKIX_LISTGETITEMFAILED);
+        if (!dp->isPartitionedByReasonCode) {
+            /* See if we know about this dp anything why we should
+             * not use it to download a crl. */
+            if (dp->nssdp->distPointType == generalName) {
+                /* dp can only be created from nssdp. */
+                derDpNames = dp->nssdp->derFullName;
+            } else {
+                removeDp = PKIX_TRUE;
+            }
+            while (derDpNames && *derDpNames != NULL) {
+                NamedCRLCacheEntry* cacheEntry = NULL;
+                const SECItem *derDpName = *derDpNames++;
+                /* Removing from the list all dps that we know about. */
+                rv = cert_FindCRLByGeneralName(nameCrlCache, derDpName,
+                                               &cacheEntry);
+                if (rv && cacheEntry) {
+                    if (cacheEntry->unsupported ||
+                        (cacheEntry->inCRLCache &&
+                         (cacheEntry->successfulInsertionTime + reloadDelay > time ||
+                          (cacheEntry->dupe &&
+                           cacheEntry->lastAttemptTime + reloadDelay > time))) ||
+                          (cacheEntry->badDER &&
+                           cacheEntry->lastAttemptTime + badCrlInvalDelay > time)) {
+                        removeDp = PKIX_TRUE;
+                    }
+                }
+            }
+        } else {
+            /* Remove dp that point to a partitioned crl . RFC 5280
+             * recommends against crl partitioned by reason code.
+             * Will skip such crls */
+            removeDp = PKIX_TRUE;
+        }
+        if (removeDp) {
+            PKIX_CHECK_ONLY_FATAL(
+                pkix_List_Remove(dpList,(PKIX_PL_Object*)dp,
+                                 plContext),
+                PKIX_LISTGETITEMFAILED); 
+        } else {
+            dpIndex += 1;
+        }
+        PKIX_DECREF(dp);
+    }
+
+cleanup:
+    if (nameCrlCache) {
+        cert_ReleaseNamedCRLCache(nameCrlCache);
+    }
+    PKIX_DECREF(dp);
+    
+    PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Pk11CertStore_DownloadCrl
+ */
+static PKIX_Error *
+DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
+            const SEC_HttpClientFcnV1 *hcv1, void *plContext)
+{
+    char *location = NULL;
+    char *hostname = NULL;
+    char *path = NULL;
+    PRUint16 port;
+    SEC_HTTP_SERVER_SESSION pServerSession = NULL;
+    SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
+    PRUint16 myHttpResponseCode;
+    const char *myHttpResponseData = NULL;
+    PRUint32 myHttpResponseDataLen;
+    SECItem *uri = NULL;
+    SECItem *derCrlCopy = NULL;
+    CERTSignedCrl *nssCrl = NULL;
+    CERTGeneralName *genName = NULL;
+    SECItem **derGenNames = NULL;
+    SECItem  *derGenName = NULL;
+
+    PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_DownloadCrl");
+
+    /* Do not support dps others than a one with GeneralName
+     * name type. */
+    if (dp->distPointType != generalName ||
+        !dp->nssdp->derFullName) {
+        PKIX_ERROR(PKIX_UNSUPPORTEDCRLDPTYPE);
+    }
+    genName = dp->name.fullName;
+    derGenNames = dp->nssdp->derFullName;
+    do {
+        derGenName = *derGenNames;
+        do {
+            if (!derGenName ||
+                !genName->name.other.data) {
+                /* get to next name if no data. */
+                break;
+            }
+            uri = &genName->name.other;
+            location = (char*)PR_Malloc(1 + uri->len);
+            if (!location) {
+                break;
+            }
+            PORT_Memcpy(location, uri->data, uri->len);
+            location[uri->len] = 0;
+            if (CERT_ParseURL(location, &hostname,
+                              &port, &path) != SECSuccess) {
+                PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
+                break;
+            }
+    
+            PORT_Assert(hostname != NULL);
+            PORT_Assert(path != NULL);
+
+            if ((*hcv1->createSessionFcn)(hostname, port, 
+                                          &pServerSession) != SECSuccess) {
+                PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
+                break;
+            }
+
+            if ((*hcv1->createFcn)(pServerSession, "http", path, "GET",
+                /* Users with slow connections might not get CRL revocation 
+                   checking for certs that use big CRLs because of the timeout
+                   We absolutely need code that limits our retry attempts.
+                 */
+                          PR_SecondsToInterval(
+                              ((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
+                                   &pRequestSession) != SECSuccess) {
+                break;
+            }
+
+            myHttpResponseDataLen =
+                ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
+            if (myHttpResponseDataLen < PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH)
+                myHttpResponseDataLen = PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH;
+
+            /* We use a non-zero timeout, which means:
+               - the client will use blocking I/O
+               - TryFcn will not return WOULD_BLOCK nor a poll descriptor
+               - it's sufficient to call TryFcn once
+            */
+            /* we don't want result objects larger than this: */
+            if ((*hcv1->trySendAndReceiveFcn)(
+                    pRequestSession, 
+                    NULL,
+                    &myHttpResponseCode,
+                    NULL,
+                    NULL,
+                    &myHttpResponseData,
+                    &myHttpResponseDataLen) != SECSuccess) {
+                break;
+            }
+
+            if (myHttpResponseCode != 200) {
+                break;
+            }
+        } while(0);
+        if (!myHttpResponseData) {
+            /* Going to the next one. */
+            genName = CERT_GetNextGeneralName(genName);
+            derGenNames++;
+        }
+        /* Staing in the loop through all the names until
+         * we have a successful download. */
+    } while (!myHttpResponseData && *derGenNames &&
+             genName != dp->name.fullName);
+    /* Need this name to track the crl source location. */
+    PORT_Assert(derGenName);
+
+    if (!myHttpResponseData) {
+        /* Generating fake bad CRL to keep track of this dp */
+        SECItem derCrl = {siBuffer, (void*)"BadCrl", 6 };
+        
+        derCrlCopy = SECITEM_DupItem(&derCrl);
+        if (!derCrlCopy) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        derGenName = *dp->nssdp->derFullName;
+    } else {
+        SECItem derCrl = { siBuffer,
+                           (void*)myHttpResponseData,
+                           myHttpResponseDataLen };
+        derCrlCopy = SECITEM_DupItem(&derCrl);
+        if (!derCrlCopy) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        /* crl will be based on derCrlCopy, but will not own the der. */
+        nssCrl =
+            CERT_DecodeDERCrlWithFlags(NULL, derCrlCopy, SEC_CRL_TYPE,
+                                       CRL_DECODE_DONT_COPY_DER |
+                                       CRL_DECODE_SKIP_ENTRIES);
+    }
+    /* pkix crl owns the der. */
+    PKIX_CHECK(
+        pkix_pl_CRL_CreateWithSignedCRL(nssCrl, derCrlCopy,
+                                        derGenName,
+                                        crl, plContext),
+        PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
+    /* pkix crl now own both objects. */
+    derCrlCopy = NULL;
+    nssCrl = NULL;
+
+cleanup:
+    if (derCrlCopy)
+        PORT_Free(derCrlCopy);
+    if (nssCrl)
+        SEC_DestroyCrl(nssCrl);
+    if (pRequestSession != NULL) 
+        (*hcv1->freeFcn)(pRequestSession);
+    if (pServerSession != NULL)
+        (*hcv1->freeSessionFcn)(pServerSession);
+    if (path != NULL)
+        PORT_Free(path);
+    if (hostname != NULL)
+        PORT_Free(hostname);
+    if (location) {
+        PORT_Free(location);
+    }
+
+    PKIX_RETURN(CERTSTORE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Pk11CertStore_GetCRL
+ *  (see description of PKIX_CertStore_CRLCallback in pkix_certstore.h)
+ */
+static PKIX_Error *
+pkix_pl_Pk11CertStore_GetCRL(
+        PKIX_CertStore *store,
+        PKIX_CRLSelector *selector,
+        void **pNBIOContext,
+        PKIX_List **pCrlList,
+        void *plContext)
+{
+    PKIX_UInt32 dpIndex = 0;
+    PKIX_PL_CRL *crl = NULL;
+    PKIX_List *crlList = NULL;
+    PKIX_List *dpList = NULL;
+    pkix_pl_CrlDp *dp = NULL;
+    PKIX_PL_Date *date = NULL;
+    const SEC_HttpClientFcn *registeredHttpClient = NULL;
+
+    PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_GetCRL");
+    PKIX_NULLCHECK_THREE(store, pNBIOContext, pCrlList);
+    PKIX_NULLCHECK_TWO(selector, selector->params);
+
+    registeredHttpClient = SEC_GetRegisteredHttpClient();
+    if (!registeredHttpClient || registeredHttpClient->version != 1) {
+        goto cleanup;
+    }
+    dpList = selector->params->crldpList;
+    date = selector->params->date;
+    PKIX_CHECK(
+        RemovePartitionedDpsFromList(dpList, date,
+                                     plContext),
+        PKIX_FAILTOREMOVEDPFROMLIST);
+    for (;dpIndex < dpList->length;dpIndex++) {
+        PKIX_DECREF(dp);
+        pkixErrorResult =
+            PKIX_List_GetItem(dpList, dpIndex,
+                              (PKIX_PL_Object **)&dp,
+                              plContext);
+        if (pkixErrorResult) {
+            PKIX_DECREF(pkixErrorResult);
+            continue;
+        }
+        pkixErrorResult =
+            DownloadCrl(dp, &crl,
+                        &registeredHttpClient->fcnTable.ftable1,
+                        plContext);
+        if (pkixErrorResult || !crl) {
+            /* continue to next dp in case of unsuccesfull
+             * download attempt. */
+            PKIX_DECREF(pkixErrorResult);
+            continue;
+        }
+        if (!crlList) {
+            PKIX_CHECK(PKIX_List_Create(&crlList, plContext),
+                       PKIX_LISTCREATEFAILED);
+        }
+        pkixErrorResult =
+            PKIX_List_AppendItem(crlList, (PKIX_PL_Object *)crl,
+                                 plContext);
+        if (pkixErrorResult) {
+            PKIX_DECREF(pkixErrorResult);
+        }
+        PKIX_DECREF(crl);
+    }
+    *pCrlList = crlList;
+    crlList = NULL;
+
+cleanup:
+    PKIX_DECREF(dp);
+    PKIX_DECREF(crl);
+    PKIX_DECREF(crlList);
+
+    PKIX_RETURN(CERTSTORE);
+}
+
+
+/* --Public-Pk11CertStore-Functions----------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_Pk11CertStore_Create
+ * (see comments in pkix_samples_modules.h)
+ */
+PKIX_Error *
+PKIX_PL_Pk11CertStore_Create(
+        PKIX_CertStore **pCertStore,
+        void *plContext)
+{
+        PKIX_CertStore *certStore = NULL;
+
+        PKIX_ENTER(CERTSTORE, "PKIX_PL_Pk11CertStore_Create");
+        PKIX_NULLCHECK_ONE(pCertStore);
+
+        PKIX_CHECK(PKIX_CertStore_Create
+                (pkix_pl_Pk11CertStore_GetCert,
+                pkix_pl_Pk11CertStore_GetCRL,
+                NULL, /* getCertContinue */
+                NULL, /* getCrlContinue */
+                pkix_pl_Pk11CertStore_CheckTrust,
+                pkix_pl_Pk11CertStore_ImportCrl,
+                pkix_pl_Pk11CertStore_CheckRevByCrl,
+                NULL,
+                PKIX_TRUE, /* cache flag */
+                PKIX_TRUE, /* local - no network I/O */
+                &certStore,
+                plContext),
+                PKIX_CERTSTORECREATEFAILED);
+
+        *pCertStore = certStore;
+
+cleanup:
+
+        PKIX_RETURN(CERTSTORE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h
new file mode 100755
index 0000000..5067076
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.h
@@ -0,0 +1,31 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_pk11certstore.h
+ *
+ * PK11Certstore Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_PK11CERTSTORE_H
+#define _PKIX_PL_PK11CERTSTORE_H
+
+#include "pkix_pl_common.h"
+#include "certi.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* see source file for function documentation */
+PKIX_Error *
+PKIX_PL_Pk11CertStore_Create(
+        PKIX_CertStore **pCertStore,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_PK11CERTSTORE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
new file mode 100644
index 0000000..e869837
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -0,0 +1,1695 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_socket.c
+ *
+ * Socket Function Definitions
+ *
+ */
+
+/*
+ * If Socket Tracing is active, messages sent and received will be
+ * timestamped and dumped (to stdout) in standard hex-dump format. E.g.,
+ *
+ * 1116612359156140:
+ * 28F0: 48 65 6C 6C 6F 2C 20 77   6F 72 6C 64 21 00    Hello, world!.
+ *
+ * The timestamp is not formatted to be meaningful except as an increasing
+ * value of seconds.microseconds, which is good enough to correlate two
+ * sides of a message exchange and to figure durations.
+ *
+ * Code to perform Socket tracing will be compiled in if PKIX_SOCKETTRACE
+ * is defined, but that doesn't mean socket tracing is active. Tracing also
+ * requires that the Boolean socketTraceFlag is set to PKIX_TRUE. That is
+ * the default value, but it can be overridden by using the debugger to
+ * change its value -- allowing tracing to be turned on and off at various
+ * breakpoints -- or by setting the environment variable SOCKETTRACE. A
+ * value of 1 sets socketTraceFlag to PKIX_TRUE (tracing on), and any other
+ * value sets socketTraceFlag to PKIX_FALSE (tracing off). The environment
+ * value is checked during system initialization.
+ */
+#ifndef BUILD_OPT
+#define PKIX_SOCKETTRACE 1
+#endif
+
+#ifdef PKIX_SOCKETDEBUG
+#define PKIX_SOCKETTRACE 1
+#endif
+
+#include "pkix_pl_socket.h"
+
+/* --Private-Socket-Functions---------------------------------- */
+
+#ifdef PKIX_SOCKETTRACE
+static PKIX_Boolean socketTraceFlag = PKIX_FALSE;
+
+/*
+ * FUNCTION: pkix_pl_socket_timestamp
+ * DESCRIPTION:
+ *
+ *  This functions prints to stdout the time of day, as obtained from the
+ *  system function gettimeofday, as seconds.microseconds. Its resolution
+ *  is whatever the system call provides.
+ *
+ * PARAMETERS:
+ *  none
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static void pkix_pl_socket_timestamp() {
+        PRInt64 prTime;
+        prTime = PR_Now();
+/* We shouldn't use PR_ALTERNATE_INT64_TYPEDEF, but nor can we use PRId64 */
+#if PR_BYTES_PER_LONG == 8 && !defined(PR_ALTERNATE_INT64_TYPEDEF)
+        printf("%ld:\n", prTime);
+#else
+        printf("%lld:\n", prTime);
+#endif
+}
+
+/*
+ * FUNCTION: pkix_pl_socket_hexDigit
+ * DESCRIPTION:
+ *
+ *  This functions prints to stdout the byte "byteVal" as two hex digits.
+ *
+ * PARAMETERS:
+ *  "byteVal"
+ *      The value to be printed.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static void pkix_pl_socket_hexDigit(char byteVal) {
+        int n = 0;
+        char cHi = '\0';
+        char cLow = '\0';
+        n = ((byteVal >> 4) & 0xf);
+        if (n > 9) {
+                cHi = (char) ((n - 10) + 'A');
+        } else {
+                cHi = (char) (n + '0');
+        }
+        n = byteVal & 0xf;
+        if (n > 9) {
+                cLow = (char) ((n - 10) + 'A');
+        } else {
+                cLow = (char) (n + '0');
+        }
+        (void) printf("%c%c", cHi, cLow);
+}
+
+/*
+ * FUNCTION: pkix_pl_socket_linePrefix
+ * DESCRIPTION:
+ *
+ *  This functions prints to stdout the address provided by "addr" as four
+ *  hexadecimal digits followed by a colon and a space.
+ *
+ * PARAMETERS:
+ *  "addr"
+ *      The address to be printed
+ *  none
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) {
+        pkix_pl_socket_hexDigit((char)((addr >> 8) & 0xff));
+        pkix_pl_socket_hexDigit((char)(addr & 0xff));
+        (void) printf(": ");
+}
+
+/*
+ * FUNCTION: pkix_pl_socket_traceLine
+ * DESCRIPTION:
+ *
+ *  This functions prints to stdout the sixteen bytes beginning at the
+ *  address pointed to by "ptr". The bytes are printed as sixteen pairs
+ *  of hexadecimal characters followed by an ascii interpretation, in which
+ *  characters from 0x20 to 0x7d are shown as their ascii equivalents, and
+ *  other values are represented as periods.
+ *
+ * PARAMETERS:
+ *  "ptr"
+ *      The address of the first of the bytes to be printed
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static void pkix_pl_socket_traceLine(char *ptr) {
+        PKIX_UInt32 i = 0;
+        pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL));
+        for (i = 0; i < 16; i++) {
+                printf(" ");
+                pkix_pl_socket_hexDigit(ptr[i]);
+                if (i == 7) {
+                        printf("  ");
+                }
+        }
+        printf("  ");
+        for (i = 0; i < 16; i++) {
+                if ((ptr[i] < ' ') || (ptr[i] > '}')) {
+                        printf(".");
+                } else {
+                        printf("%c", ptr[i]);
+                }
+        }
+        printf("\n");
+}
+
+/*
+ * FUNCTION: pkix_pl_socket_tracePartialLine
+ * DESCRIPTION:
+ *
+ *  This functions prints to stdout the number of bytes given by "nBytes",
+ *  beginning at the address pointed to by "ptr". The bytes are printed as
+ *  pairs of hexadecimal characters followed by an ascii interpretation, in
+ *  which characters from 0x20 to 0x7d are shown as their ascii equivalents,
+ *  and other values are represented as periods.
+ *
+ * PARAMETERS:
+ *  "ptr"
+ *      The address of the first of the bytes to be printed
+ *  "nBytes"
+ *      The Int32 value giving the number of bytes to be printed. If "nBytes"
+ *      is greater than sixteen, the results will be unattractive.
+ *  none
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) {
+        PKIX_UInt32 i = 0;
+        if (nBytes > 0) {
+                pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL));
+        }
+        for (i = 0; i < nBytes; i++) {
+                printf(" ");
+                pkix_pl_socket_hexDigit(ptr[i]);
+                if (i == 7) {
+                        printf("  ");
+                }
+        }
+        for (i = nBytes; i < 16; i++) {
+                printf("   ");
+                if (i == 7) {
+                        printf("  ");
+                }
+        }
+        printf("  ");
+        for (i = 0; i < nBytes; i++) {
+                if ((ptr[i] < ' ') || (ptr[i] > '}')) {
+                        printf(".");
+                } else {
+                        printf("%c", ptr[i]);
+                }
+        }
+        printf("\n");
+}
+
+/*
+ * FUNCTION: pkix_pl_socket_tracebuff
+ * DESCRIPTION:
+ *
+ *  This functions prints to stdout the number of bytes given by "nBytes",
+ *  beginning with the byte pointed to by "buf". The output is preceded by
+ *  a timestamp, and each group of sixteen (and a remainder, if any) is
+ *  preceded by its address. The contents are shown in hexadecimal and as
+ *  ascii characters. If "nBytes" is zero, the timestamp and starting
+ *  address are displayed.
+ *
+ * PARAMETERS:
+ *  "buf"
+ *      The starting address of the bytes to be printed
+ *  "nBytes"
+ *      The number of bytes to be printed
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) {
+        PKIX_UInt32 bytesRemaining = nBytes;
+        PKIX_UInt32 offset = 0;
+        char *bufptr = (char *)buf;
+
+        if (socketTraceFlag == PKIX_FALSE) return;
+
+        pkix_pl_socket_timestamp();
+        /*
+         * Special case: if called with length of zero, just do address
+         */
+        if (nBytes == 0) {
+                pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL));
+                printf("\n");
+        } else {
+                while (bytesRemaining >= 16) {
+                        pkix_pl_socket_traceLine(&bufptr[offset]);
+                        bytesRemaining -= 16;
+                        offset += 16;
+                }
+                pkix_pl_socket_tracePartialLine
+                        (&bufptr[offset], bytesRemaining);
+        }
+}
+
+#endif
+
+/*
+ * FUNCTION: pkix_pl_Socket_SetNonBlocking
+ * DESCRIPTION:
+ *
+ *  This functions sets the socket represented by the PRFileDesc "fileDesc"
+ *  to nonblocking mode.
+ *
+ * PARAMETERS:
+ *  "fileDesc"
+ *      The address of the PRFileDesc whose I/O mode is to be set
+ *      non-blocking. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_SetNonBlocking(
+        PRFileDesc *fileDesc,
+        void *plContext)
+{
+        PRStatus rv = PR_FAILURE;
+        PRSocketOptionData sockOptionData;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_SetNonBlocking");
+        PKIX_NULLCHECK_ONE(fileDesc);
+
+        sockOptionData.option = PR_SockOpt_Nonblocking;
+        sockOptionData.value.non_blocking = PR_TRUE;
+
+        PKIX_PL_NSSCALLRV(SOCKET, rv, fileDesc->methods->setsocketoption,
+                (fileDesc, &sockOptionData));
+
+        if (rv != PR_SUCCESS) {
+                PKIX_ERROR(PKIX_UNABLETOSETSOCKETTONONBLOCKING);
+        }
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_CreateClient
+ * DESCRIPTION:
+ *
+ *  This functions creates a client socket for the PKIX_PL_Socket pointed to
+ *  by "socket". If "socket" was created with a timeout value of zero, the
+ *  client socket is set to use nonblocking I/O.
+ *
+ * PARAMETERS:
+ *  "socket"
+ *      The address of the Socket for which a client socket is to be
+ *      created. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+
+static PKIX_Error *
+pkix_pl_Socket_CreateClient(
+        PKIX_PL_Socket *socket,
+        void *plContext)
+{
+#ifdef PKIX_SOCKETDEBUG
+        PRErrorCode errorcode = 0;
+#endif
+        PRFileDesc *mySock = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateClient");
+        PKIX_NULLCHECK_ONE(socket);
+
+        PKIX_PL_NSSCALLRV(SOCKET, mySock, PR_NewTCPSocket, ());
+        if (!mySock) {
+#ifdef PKIX_SOCKETDEBUG
+                errorcode = PR_GetError();
+                printf
+                        ("pkix_pl_Socket_CreateClient: %s\n",
+                        PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+        }
+
+#ifdef PKIX_SOCKETDEBUG
+        printf("Created socket, PRFileDesc @  %#X\n", mySock);
+#endif
+
+        socket->clientSock = mySock;
+        socket->status = SOCKET_UNCONNECTED;
+        if (socket->timeout == 0) {
+                PKIX_CHECK(pkix_pl_Socket_SetNonBlocking(mySock, plContext),
+                        PKIX_SOCKETSETNONBLOCKINGFAILED);
+        }
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_CreateServer
+ * DESCRIPTION:
+ *
+ *  This functions creates a server socket for the PKIX_PL_Socket pointed to
+ *  by "socket". If "socket" was created with a timeout value of zero, the
+ *  server socket is set to use nonblocking I/O.
+ *
+ *  Warning: there seems to be a problem with operating a server socket in
+ *  non-blocking mode. If the server calls Recv prior to a corresponding
+ *  Send, the message may be lost.
+ *
+ * PARAMETERS:
+ *  "socket"
+ *      The address of the Socket for which a server socket is to be
+ *      created. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_CreateServer(
+        PKIX_PL_Socket *socket,
+        void *plContext)
+{
+/* #ifdef PKIX_SOCKETDEBUG */
+        PRErrorCode errorcode = 0;
+/* #endif */
+        PRStatus rv = PR_FAILURE;
+        PRFileDesc *serverSock = NULL;
+        PRSocketOptionData sockOptionData;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateServer");
+        PKIX_NULLCHECK_ONE(socket);
+
+        PKIX_PL_NSSCALLRV(SOCKET, serverSock, PR_NewTCPSocket, ());
+        if (!serverSock) {
+#ifdef PKIX_SOCKETDEBUG
+                errorcode = PR_GetError();
+                printf
+                        ("pkix_pl_Socket_CreateServer: %s\n",
+                        PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+        }
+
+        socket->serverSock = serverSock;
+
+#ifdef PKIX_SOCKETDEBUG
+        printf("Created socket, PRFileDesc @  %#X\n", serverSock);
+#endif
+
+        if (socket->timeout == 0) {
+                PKIX_CHECK(pkix_pl_Socket_SetNonBlocking(serverSock, plContext),
+                        PKIX_SOCKETSETNONBLOCKINGFAILED);
+        }
+
+        sockOptionData.option = PR_SockOpt_Reuseaddr;
+        sockOptionData.value.reuse_addr = PR_TRUE;
+
+        PKIX_PL_NSSCALLRV(SOCKET, rv, serverSock->methods->setsocketoption,
+                (serverSock, &sockOptionData));
+
+        if (rv != PR_SUCCESS) {
+                PKIX_ERROR(PKIX_UNABLETOSETSOCKETTONONBLOCKING);
+        }
+
+        PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Bind, (serverSock, socket->netAddr));
+
+        if (rv == PR_FAILURE) {
+/* #ifdef PKIX_SOCKETDEBUG */
+                errorcode = PR_GetError();
+                printf
+                        ("pkix_pl_Socket_CreateServer: %s\n",
+                        PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+/* #endif */
+                PKIX_ERROR(PKIX_PRBINDFAILED);
+        }
+
+#ifdef PKIX_SOCKETDEBUG
+        printf("Successful bind!\n");
+#endif
+
+        socket->status = SOCKET_BOUND;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Connect
+ * DESCRIPTION:
+ *
+ *  This functions performs the connect function for the client socket
+ *  specified in "socket", storing the status at "pStatus".
+ *
+ * PARAMETERS:
+ *  "socket"
+ *      The address of the Socket for which a connect is to be performed.
+ *      Must be non-NULL.
+ *  "pStatus"
+ *      The address at which the connection status is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_Connect(
+        PKIX_PL_Socket *socket,
+        PRErrorCode *pStatus,
+        void *plContext)
+{
+        PRStatus rv = PR_FAILURE;
+        PRErrorCode errorcode = 0;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Connect");
+        PKIX_NULLCHECK_TWO(socket, socket->clientSock);
+
+        PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Connect,
+                (socket->clientSock, socket->netAddr, socket->timeout));
+
+        if (rv == PR_FAILURE) {
+                errorcode = PR_GetError();
+                *pStatus = errorcode;
+                if (errorcode == PR_IN_PROGRESS_ERROR) {
+                        socket->status = SOCKET_CONNECTPENDING;
+                        goto cleanup;
+                } else {
+#ifdef PKIX_SOCKETDEBUG
+                        printf
+                                ("pkix_pl_Socket_Connect: %s\n",
+                                PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                        PKIX_ERROR(PKIX_PRCONNECTFAILED);
+                }
+        }
+
+#ifdef PKIX_SOCKETDEBUG
+        printf("Successful connect!\n");
+#endif
+
+        *pStatus = 0;
+        socket->status = SOCKET_CONNECTED;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_ConnectContinue
+ * DESCRIPTION:
+ *
+ *  This functions continues the connect function for the client socket
+ *  specified in "socket", storing the status at "pStatus". It is expected that
+ *  the non-blocking connect has returned PR_IN_PROGRESS_ERROR.
+ *
+ * PARAMETERS:
+ *  "socket"
+ *      The address of the Socket for which a connect is to be continued.
+ *      Must be non-NULL.
+ *  "pStatus"
+ *      The address at which the connection status is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_ConnectContinue(
+        PKIX_PL_Socket *socket,
+        PRErrorCode *pStatus,
+        void *plContext)
+{
+        PRStatus rv = PR_FAILURE;
+        PRErrorCode errorcode = 0;
+        PRPollDesc pollDesc;
+        PRInt32 numEvents = 0;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_ConnectContinue");
+        PKIX_NULLCHECK_TWO(socket, socket->clientSock);
+
+        pollDesc.fd = socket->clientSock;
+        pollDesc.in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
+        pollDesc.out_flags = 0;
+        PKIX_PL_NSSCALLRV(SOCKET, numEvents, PR_Poll, (&pollDesc, 1, 0));
+        if (numEvents < 0) {
+                PKIX_ERROR(PKIX_PRPOLLFAILED);
+        }
+
+        if (numEvents == 0) {
+                *pStatus = PR_IN_PROGRESS_ERROR;
+                goto cleanup;
+        }
+
+        PKIX_PL_NSSCALLRV(SOCKET, rv, PR_ConnectContinue,
+                (socket->clientSock, pollDesc.out_flags));
+
+        /*
+         * PR_ConnectContinue sometimes lies. It returns PR_SUCCESS
+         * even though the connection is not yet ready. But its deceit
+         * is betrayed by the contents of out_flags!
+         */
+        if ((rv == PR_SUCCESS) && (pollDesc.out_flags == PR_POLL_ERR)) {
+                *pStatus = PR_IN_PROGRESS_ERROR;
+                goto cleanup;
+        }
+
+        if (rv == PR_FAILURE) {
+                errorcode = PR_GetError();
+                *pStatus = errorcode;
+                if (errorcode == PR_IN_PROGRESS_ERROR) {
+                        goto cleanup;
+                } else {
+#ifdef PKIX_SOCKETDEBUG
+                        printf
+                                ("pkix_pl_Socket_ConnectContinue: %s\n",
+                                PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                        PKIX_ERROR(PKIX_PRCONNECTCONTINUEFAILED);
+                }
+        }
+
+#ifdef PKIX_SOCKETDEBUG
+        printf("Successful connect!\n");
+#endif
+
+        *pStatus = 0;
+        socket->status = SOCKET_CONNECTED;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Socket_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Socket *socket = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_SOCKET_TYPE, plContext),
+                    PKIX_OBJECTNOTANSOCKET);
+
+        socket = (PKIX_PL_Socket *)object;
+
+        if (socket->isServer) {
+                if (socket->serverSock) {
+                        PR_Close(socket->serverSock);
+                }
+        } else {
+                if (socket->clientSock) {
+                        PR_Close(socket->clientSock);
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Socket_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_Socket *socket = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_SOCKET_TYPE, plContext),
+                PKIX_OBJECTNOTSOCKET);
+
+        socket = (PKIX_PL_Socket *)object;
+
+        *pHashcode = (((socket->timeout << 3) +
+                 (socket->netAddr->inet.family << 3)) +
+                 (*((PKIX_UInt32 *)&(socket->netAddr->inet.ip)))) +
+                 socket->netAddr->inet.port;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Socket_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_PL_Socket *firstSocket = NULL;
+        PKIX_PL_Socket *secondSocket = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        *pResult = PKIX_FALSE;
+
+        PKIX_CHECK(pkix_CheckTypes
+                (firstObject, secondObject, PKIX_SOCKET_TYPE, plContext),
+                PKIX_OBJECTNOTSOCKET);
+
+        firstSocket = (PKIX_PL_Socket *)firstObject;
+        secondSocket = (PKIX_PL_Socket *)secondObject;
+
+        if (firstSocket->timeout != secondSocket->timeout) {
+                goto cleanup;
+        }
+
+        if (firstSocket->netAddr == secondSocket->netAddr) {
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        if ((firstSocket->netAddr->inet.family !=
+                secondSocket->netAddr->inet.family) ||
+            (*((PKIX_UInt32 *)&(firstSocket->netAddr->inet.ip)) !=
+                *((PKIX_UInt32 *)&(secondSocket->netAddr->inet.ip))) ||
+            (firstSocket->netAddr->inet.port !=
+                secondSocket->netAddr->inet.port)) {
+
+                goto cleanup;
+
+        }
+
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_PL_SOCKET_TYPE and its related
+ *  functions with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_Socket_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_RegisterSelf");
+
+        entry.description = "Socket";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_Socket);
+        entry.destructor = pkix_pl_Socket_Destroy;
+        entry.equalsFunction = pkix_pl_Socket_Equals;
+        entry.hashcodeFunction = pkix_pl_Socket_Hashcode;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_SOCKET_TYPE] = entry;
+
+#ifdef PKIX_SOCKETTRACE
+        {
+                char *val = NULL;
+                val = PR_GetEnvSecure("SOCKETTRACE");
+                /* Is SOCKETTRACE set in the environment? */
+                if ((val != NULL) && (*val != '\0')) {
+                        socketTraceFlag =
+                                ((*val == '1')?PKIX_TRUE:PKIX_FALSE);
+                }
+        }
+#endif
+
+        PKIX_RETURN(SOCKET);
+}
+
+/* --Public-Socket-Functions----------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_Socket_Listen
+ * DESCRIPTION:
+ *
+ *  This functions establishes a listening queue for the server Socket
+ *  pointed to by "socket".
+ *
+ * PARAMETERS:
+ *  "socket"
+ *      The address of the server socket for which the queue is to be
+ *      established. Must be non-NULL.
+ *  "backlog"
+ *      The UInt32 value of the length of the queue to be established.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_Listen(
+        PKIX_PL_Socket *socket,
+        PKIX_UInt32 backlog,
+        void *plContext)
+{
+#ifdef PKIX_SOCKETDEBUG
+        PRErrorCode errorcode = 0;
+#endif
+        PRStatus rv = PR_FAILURE;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Listen");
+        PKIX_NULLCHECK_TWO(socket, socket->serverSock);
+
+        PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Listen,
+                (socket->serverSock, (PRIntn)backlog));
+
+        if (rv == PR_FAILURE) {
+#ifdef PKIX_SOCKETDEBUG
+                errorcode = PR_GetError();
+                printf
+                        ("pkix_pl_Socket_Listen: %s\n",
+                        PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                PKIX_ERROR(PKIX_PRLISTENFAILED);
+        }
+
+#ifdef PKIX_SOCKETDEBUG
+        printf("Successful listen!\n");
+#endif
+
+        socket->status = SOCKET_LISTENING;
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Shutdown
+ * DESCRIPTION:
+ *
+ *  This functions performs the shutdown of any connections controlled by the
+ *  socket pointed to by "socket".
+ *
+ * PARAMETERS:
+ *  "socket"
+ *      The address of the socket to be shut down. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_Shutdown(
+        PKIX_PL_Socket *socket,
+        void *plContext)
+{
+#ifdef PKIX_SOCKETDEBUG
+        PRErrorCode errorcode = 0;
+#endif
+        PRStatus rv = PR_FAILURE;
+        PRFileDesc *fileDesc = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Shutdown");
+        PKIX_NULLCHECK_ONE(socket);
+
+        fileDesc =
+                (socket->isServer)?(socket->serverSock):(socket->clientSock);
+
+        PKIX_PL_NSSCALLRV(SOCKET, rv, PR_Shutdown,
+                (fileDesc, PR_SHUTDOWN_BOTH));
+
+        if (rv == PR_FAILURE) {
+#ifdef PKIX_SOCKETDEBUG
+                errorcode = PR_GetError();
+                printf
+                        ("pkix_pl_Socket_Shutdown: %s\n",
+                        PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                PKIX_ERROR(PKIX_PRSHUTDOWNFAILED);
+        }
+        socket->status = SOCKET_SHUTDOWN;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Send
+ * DESCRIPTION:
+ *
+ *  This functions sends a message using the socket pointed to by "sendSock",
+ *  from the buffer pointed to by "buf", of the number of bytes given by
+ *  "bytesToWrite", storing the number of bytes actually written at
+ *  "pBytesWritten". If "socket" is in non-blocking mode, the send operation
+ *  may store -1 at "pBytesWritten" and the write is not complete until a
+ *  corresponding pkix_pl_Poll call has indicated its completion by returning
+ *  a non-negative value for bytes written.
+ *
+ * PARAMETERS:
+ *  "sendSock"
+ *      The address of the Socket on which the message is to be sent. Must
+ *      be non-NULL.
+ *  "buf"
+ *      The address of the data to be sent. Must be non-NULL.
+ *  "bytesToWrite""
+ *      The UInt32 value indicating the number of bytes to write.
+ *  "pBytesWritten"
+ *      The address at which the Int32 value indicating the number of bytes
+ *      actually written is to be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_Send(
+        PKIX_PL_Socket *sendSock,
+        void *buf,
+        PKIX_UInt32 bytesToWrite,
+        PKIX_Int32 *pBytesWritten,
+        void *plContext)
+{
+        PRInt32 bytesWritten = 0;
+        PRErrorCode errorcode = 0;
+        PRFileDesc *fd = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Send");
+        PKIX_NULLCHECK_TWO(buf, pBytesWritten);
+
+        fd = sendSock->clientSock;
+
+        PKIX_PL_NSSCALLRV(SOCKET, bytesWritten, PR_Send,
+                (fd, buf, (PRInt32)bytesToWrite, 0, sendSock->timeout));
+
+        if (bytesWritten >= 0) {
+                if (sendSock->status == SOCKET_SENDRCVPENDING) {
+                        sendSock->status = SOCKET_RCVPENDING;
+                } else {
+                        sendSock->status = SOCKET_CONNECTED;
+                }
+#ifdef PKIX_SOCKETTRACE
+                pkix_pl_socket_tracebuff(buf, bytesWritten);
+#endif
+        } else {
+                errorcode = PR_GetError();
+                if (errorcode != PR_WOULD_BLOCK_ERROR) {
+#ifdef PKIX_SOCKETDEBUG
+                        printf
+                                ("pkix_pl_Socket_Send: %s\n",
+                                PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                        PKIX_ERROR(PKIX_PRSENDFAILED);
+                }
+
+                sendSock->writeBuf = buf;
+                sendSock->writeBufSize = bytesToWrite;
+                if (sendSock->status == SOCKET_RCVPENDING) {
+                        sendSock->status = SOCKET_SENDRCVPENDING;
+                } else {
+                        sendSock->status = SOCKET_SENDPENDING;
+                }
+        }
+
+        *pBytesWritten = (PKIX_Int32)bytesWritten;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Recv
+ * DESCRIPTION:
+ *
+ *  This functions receives a message on the socket pointed to by "rcvSock",
+ *  into the buffer pointed to by "buf", of capacity given by "capacity",
+ *  storing the number of bytes actually received at "pBytesRead". If "socket"
+ *  is in non-blocking mode, the receive operation may store -1 at
+ *  "pBytesWritten". In that case the write is not complete until a
+ *  corresponding pkix_pl_Poll call has indicated its completion by returning
+ *  a non-negative value for bytes read.
+ *
+ * PARAMETERS:
+ *  "rcvSock"
+ *      The address of the Socket on which the message is to be received.
+ *      Must be non-NULL.
+ *  "buf"
+ *      The address of the buffer into which the message is to be received.
+ *      Must be non-NULL.
+ *  "capacity"
+ *      The UInt32 value of the size of the buffer; that is, the maximum
+ *      number of bytes that can be received.
+ *  "pBytesRead"
+ *      The address at which is stored the Int32 value of the number of bytes
+ *      actually received.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_Recv(
+        PKIX_PL_Socket *rcvSock,
+        void *buf,
+        PKIX_UInt32 capacity,
+        PKIX_Int32 *pBytesRead,
+        void *plContext)
+{
+        PRErrorCode errorcode = 0;
+        PRInt32 bytesRead = 0;
+        PRFileDesc *fd = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Recv");
+        PKIX_NULLCHECK_THREE(rcvSock, buf, pBytesRead);
+
+        fd = rcvSock->clientSock;
+
+        PKIX_PL_NSSCALLRV(SOCKET, bytesRead, PR_Recv,
+                (fd, buf, (PRInt32)capacity, 0, rcvSock->timeout));
+
+        if (bytesRead > 0) {
+                if (rcvSock->status == SOCKET_SENDRCVPENDING) {
+                        rcvSock->status = SOCKET_SENDPENDING;
+                } else {
+                        rcvSock->status = SOCKET_CONNECTED;
+                }
+#ifdef PKIX_SOCKETTRACE
+                pkix_pl_socket_tracebuff(buf, bytesRead);
+#endif
+        } else if (bytesRead == 0) {
+                PKIX_ERROR(PKIX_PRRECVREPORTSNETWORKCONNECTIONCLOSED);
+        } else {
+                errorcode = PR_GetError();
+                if (errorcode != PR_WOULD_BLOCK_ERROR) {
+#ifdef PKIX_SOCKETDEBUG
+                        printf
+                                ("pkix_pl_Socket_Recv: %s\n",
+                                PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                        PKIX_ERROR(PKIX_PRRECVFAILED);
+                }
+                rcvSock->readBuf = buf;
+                rcvSock->readBufSize = capacity;
+                if (rcvSock->status == SOCKET_SENDPENDING) {
+                        rcvSock->status = SOCKET_SENDRCVPENDING;
+                } else {
+                        rcvSock->status = SOCKET_RCVPENDING;
+                }
+
+        }
+
+        *pBytesRead = (PKIX_Int32)bytesRead;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Poll
+ * DESCRIPTION:
+ *
+ *  This functions checks for completion of an earlier Send or Recv on the
+ *  socket pointed to by "sock", storing in "pBytesWritten" the number of bytes
+ *  written by a completed Send and in "pBytesRead" the number of bytes
+ *  received in a completed Recv. A value of -1 returned indicates the
+ *  operation has still not completed. A NULL pointer may be supplied for
+ *  "pBytesWritten" to avoid checking for completion of a Send. A NULL pointer
+ *  may be supplied for "pBytesRead" to avoid checking for completion of a Recv.
+ *
+ * PARAMETERS:
+ *  "sock"
+ *      The address of the socket for which completions are to be checked.
+ *  "pBytesWritten"
+ *      The address at which the number of bytes written is to be stored, if
+ *      a pending Send has completed. If NULL, Sends are not checked.
+ *  "pBytesRead"
+ *      The address at which the number of bytes read is to be stored, if
+ *      a pending Recv has completed. If NULL, Recvs are not checked.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_Poll(
+        PKIX_PL_Socket *sock,
+        PKIX_Int32 *pBytesWritten,
+        PKIX_Int32 *pBytesRead,
+        void *plContext)
+{
+        PRPollDesc pollDesc;
+        PRInt32 numEvents = 0;
+        PKIX_Int32 bytesRead = 0;
+        PKIX_Int32 bytesWritten = 0;
+        PRErrorCode errorcode = 0;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Poll");
+        PKIX_NULLCHECK_ONE(sock);
+
+        pollDesc.fd = sock->clientSock;
+        pollDesc.in_flags = 0;
+        pollDesc.out_flags = 0;
+
+        if ((pBytesWritten) &&
+            ((sock->status == SOCKET_SENDPENDING) ||
+            (sock->status == SOCKET_SENDRCVPENDING))) {
+                pollDesc.in_flags = PR_POLL_WRITE;
+        }
+
+        if ((pBytesRead) &&
+            ((sock->status == SOCKET_RCVPENDING) ||
+            (sock->status == SOCKET_SENDRCVPENDING))) {
+                pollDesc.in_flags |= PR_POLL_READ;
+        }
+
+        PKIX_PL_NSSCALLRV(SOCKET, numEvents, PR_Poll, (&pollDesc, 1, 0));
+
+        if (numEvents < 0) {
+                PKIX_ERROR(PKIX_PRPOLLFAILED);
+        } else if (numEvents > 0) {
+                if (pollDesc.out_flags & PR_POLL_WRITE) {
+                        PKIX_CHECK(pkix_pl_Socket_Send
+                                (sock,
+                                sock->writeBuf,
+                                sock->writeBufSize,
+                                &bytesWritten,
+                                plContext),
+                                PKIX_SOCKETSENDFAILED);
+                        *pBytesWritten = (PKIX_Int32)bytesWritten;
+                        if (bytesWritten >= 0) {
+                                sock->writeBuf = NULL;
+                                sock->writeBufSize = 0;
+                        }
+                }
+
+                if (pollDesc.out_flags & PR_POLL_READ) {
+                        PKIX_CHECK(pkix_pl_Socket_Recv
+                                (sock,
+                                sock->readBuf,
+                                sock->readBufSize,
+                                &bytesRead,
+                                plContext),
+                                PKIX_SOCKETRECVFAILED);
+                        *pBytesRead = (PKIX_Int32)bytesRead;
+                        if (bytesRead >= 0) {
+                                sock->readBuf = NULL;
+                                sock->readBufSize = 0;
+                        }
+                }
+        } else if (numEvents == 0) {
+                errorcode = PR_GetError();
+                if (errorcode != PR_WOULD_BLOCK_ERROR) {
+#ifdef PKIX_SOCKETDEBUG
+                        printf
+                                ("pkix_pl_Socket_Poll: %s\n",
+                                PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                        PKIX_ERROR(PKIX_PRPOLLFAILED);
+                }
+                if (pBytesWritten) {
+                        *pBytesWritten = 0;
+                }
+                if (pBytesRead) {
+                        *pBytesRead = 0;
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Accept
+ * DESCRIPTION:
+ *
+ *  This functions accepts a client connection for the server Socket pointed
+ *  to by "serverSocket", creating a new Socket and storing the result at
+ *  "pRendezvousSocket". If "serverSocket" is in non-blocking mode, this
+ *  function will return NULL if there is no client connection to accept.
+ *  Otherwise this function will block until a connection is available.
+ *  When a client connection is available the new Socket will have the same
+ *  blocking/non-blocking property as "serverSocket".
+ *
+ * PARAMETERS:
+ *   "serverSocket"
+ *      The address of the Socket for which a client connection is to be
+ *      accepted. Must be non-NULL.
+ *   "pRendezvousSocket"
+ *      The address at which the created Socket is stored, when a client
+ *      connection is available, or at which NULL is stored, if no connection
+ *      is available for a non-blocking "serverSocket". Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety definitions in Programmer's Guide)
+ * RETURNS:
+ *  none
+ */
+static PKIX_Error *
+pkix_pl_Socket_Accept(
+        PKIX_PL_Socket *serverSocket,
+        PKIX_PL_Socket **pRendezvousSocket,
+        void *plContext)
+{
+        PRErrorCode errorcode = 0;
+        PRFileDesc *rendezvousSock = NULL;
+        PRNetAddr *clientAddr = NULL;
+        PKIX_PL_Socket *newSocket = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Accept");
+        PKIX_NULLCHECK_TWO(serverSocket, pRendezvousSocket);
+
+        PKIX_PL_NSSCALLRV(SOCKET, rendezvousSock, PR_Accept,
+                (serverSocket->serverSock, clientAddr, serverSocket->timeout));
+
+        if (!rendezvousSock) {
+                errorcode = PR_GetError();
+                if (errorcode != PR_WOULD_BLOCK_ERROR) {
+#ifdef PKIX_SOCKETDEBUG
+                        printf
+                                ("pkix_pl_Socket_Accept: %s\n",
+                                PR_ErrorToString(errorcode, PR_LANGUAGE_EN));
+#endif
+                        PKIX_ERROR(PKIX_PRACCEPTFAILED);
+                }
+                serverSocket->status = SOCKET_ACCEPTPENDING;
+                *pRendezvousSocket = NULL;
+                goto cleanup;
+
+        }
+
+#ifdef PKIX_SOCKETDEBUG
+        printf("Successful accept!\n");
+#endif
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_SOCKET_TYPE,
+                    sizeof (PKIX_PL_Socket),
+                    (PKIX_PL_Object **)&newSocket,
+                    plContext),
+                    PKIX_COULDNOTCREATESOCKETOBJECT);
+
+        newSocket->isServer = PKIX_FALSE;
+        newSocket->timeout = serverSocket->timeout;
+        newSocket->clientSock = rendezvousSock;
+        newSocket->serverSock = NULL;
+        newSocket->netAddr = NULL;
+        newSocket->status = SOCKET_CONNECTED;
+        newSocket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
+        newSocket->callbackList.listenCallback = pkix_pl_Socket_Listen;
+        newSocket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
+        newSocket->callbackList.connectcontinueCallback =
+                pkix_pl_Socket_ConnectContinue;
+        newSocket->callbackList.sendCallback = pkix_pl_Socket_Send;
+        newSocket->callbackList.recvCallback = pkix_pl_Socket_Recv;
+        newSocket->callbackList.pollCallback = pkix_pl_Socket_Poll;
+
+        if (serverSocket->timeout == 0) {
+                PKIX_CHECK(pkix_pl_Socket_SetNonBlocking
+                        (rendezvousSock, plContext),
+                        PKIX_SOCKETSETNONBLOCKINGFAILED);
+        }
+
+        *pRendezvousSocket = newSocket;
+
+cleanup:
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_Create
+ * DESCRIPTION:
+ *
+ *  This function creates a new Socket, setting it to be a server or a client
+ *  according to the value of "isServer", setting its timeout value from
+ *  "timeout" and server address from "netAddr", and stores the created Socket
+ *  at "pSocket".
+ *
+ * PARAMETERS:
+ *  "isServer"
+ *      The Boolean value indicating if PKIX_TRUE, that a server socket (using
+ *      Bind, Listen, and Accept) is to be created, or if PKIX_FALSE, that a
+ *      client socket (using Connect) is to be created.
+ *  "timeout"
+ *      A PRTimeInterval value to be used for I/O waits for this socket. If
+ *      zero, non-blocking I/O is to be used.
+ *  "netAddr"
+ *      The PRNetAddr to be used for the Bind function, if this is a server
+ *      socket, or for the Connect, if this is a client socket.
+ *  "pSocket"
+ *      The address at which the Socket is to be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Socket Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Socket_Create(
+        PKIX_Boolean isServer,
+        PRIntervalTime timeout,
+        PRNetAddr *netAddr,
+        PRErrorCode *status,
+        PKIX_PL_Socket **pSocket,
+        void *plContext)
+{
+        PKIX_PL_Socket *socket = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_Create");
+        PKIX_NULLCHECK_ONE(pSocket);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_SOCKET_TYPE,
+                    sizeof (PKIX_PL_Socket),
+                    (PKIX_PL_Object **)&socket,
+                    plContext),
+                    PKIX_COULDNOTCREATESOCKETOBJECT);
+
+        socket->isServer = isServer;
+        socket->timeout = timeout;
+        socket->clientSock = NULL;
+        socket->serverSock = NULL;
+        socket->netAddr = netAddr;
+
+        socket->callbackList.listenCallback = pkix_pl_Socket_Listen;
+        socket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
+        socket->callbackList.connectcontinueCallback =
+                 pkix_pl_Socket_ConnectContinue;
+        socket->callbackList.sendCallback = pkix_pl_Socket_Send;
+        socket->callbackList.recvCallback = pkix_pl_Socket_Recv;
+        socket->callbackList.pollCallback = pkix_pl_Socket_Poll;
+        socket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
+
+        if (isServer) {
+                PKIX_CHECK(pkix_pl_Socket_CreateServer(socket, plContext),
+                        PKIX_SOCKETCREATESERVERFAILED);
+                *status = 0;
+        } else {
+                socket->timeout = timeout;
+                PKIX_CHECK(pkix_pl_Socket_CreateClient(socket, plContext),
+                        PKIX_SOCKETCREATECLIENTFAILED);
+                PKIX_CHECK(pkix_pl_Socket_Connect(socket, status, plContext),
+                        PKIX_SOCKETCONNECTFAILED);
+        }
+
+        *pSocket = socket;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(socket);
+        }
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_CreateByName
+ * DESCRIPTION:
+ *
+ *  This function creates a new Socket, setting it to be a server or a client
+ *  according to the value of "isServer", setting its timeout value from
+ *  "timeout" and server address and port number from "serverName", and stores
+ *  the status at "pStatus" and the created Socket at "pSocket".
+ *
+ *  If isServer is PKIX_TRUE, it is attempted to create the socket with an ip
+ *  address of PR_INADDR_ANY.
+ *
+ * PARAMETERS:
+ *  "isServer"
+ *      The Boolean value indicating if PKIX_TRUE, that a server socket (using
+ *      Bind, Listen, and Accept) is to be created, or if PKIX_FALSE, that a
+ *      client socket (using Connect) is to be created.
+ *  "timeout"
+ *      A PRTimeInterval value to be used for I/O waits for this socket. If
+ *      zero, non-blocking I/O is to be used.
+ *  "serverName"
+ *      Address of a character string consisting of the server's domain name
+ *      followed by a colon and a port number for the desired socket.
+ *  "pStatus"
+ *      Address at which the PRErrorCode resulting from the create is
+ *      stored. Must be non-NULL.
+ *  "pSocket"
+ *      The address at which the Socket is to be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Socket Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Socket_CreateByName(
+        PKIX_Boolean isServer,
+        PRIntervalTime timeout,
+        char *serverName,
+        PRErrorCode *pStatus,
+        PKIX_PL_Socket **pSocket,
+        void *plContext)
+{
+        PRNetAddr netAddr;
+        PKIX_PL_Socket *socket = NULL;
+        char *sepPtr = NULL;
+        PRHostEnt hostent;
+        PRIntn hostenum;
+        PRStatus prstatus = PR_FAILURE;
+        char buf[PR_NETDB_BUF_SIZE];
+        PRUint16 portNum = 0;
+        char *localCopyName = NULL;
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByName");
+        PKIX_NULLCHECK_TWO(serverName, pSocket);
+
+        localCopyName = PL_strdup(serverName);
+
+        sepPtr = strchr(localCopyName, ':');
+        /* First strip off the portnum, if present, from the end of the name */
+        if (sepPtr) {
+                *sepPtr++ = '\0';
+                 portNum = (PRUint16)atoi(sepPtr);
+        } else {
+                 portNum = (PRUint16)LDAP_PORT;
+        }
+
+        prstatus = PR_GetHostByName(localCopyName, buf, sizeof(buf), &hostent);
+
+        if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
+                /*
+                 * The hostname may be a fully-qualified name. Try using just
+                 * the leftmost component in our lookup.
+                 */
+                sepPtr = strchr(localCopyName, '.');
+                if (sepPtr) {
+                        *sepPtr++ = '\0';
+                }
+                prstatus = PR_GetHostByName
+                        (localCopyName, buf, sizeof(buf), &hostent);
+
+                if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
+                        PKIX_ERROR
+                                (PKIX_PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT);
+                }
+        }
+
+        netAddr.inet.family = PR_AF_INET;
+        netAddr.inet.port = PR_htons(portNum);
+
+        if (isServer) {
+
+                netAddr.inet.ip = PR_INADDR_ANY;
+
+        } else {
+
+                hostenum = PR_EnumerateHostEnt(0, &hostent, portNum, &netAddr);
+                if (hostenum == -1) {
+                        PKIX_ERROR(PKIX_PRENUMERATEHOSTENTFAILED);
+                }
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_SOCKET_TYPE,
+                sizeof (PKIX_PL_Socket),
+                (PKIX_PL_Object **)&socket,
+                plContext),
+                PKIX_COULDNOTCREATESOCKETOBJECT);
+
+        socket->isServer = isServer;
+        socket->timeout = timeout;
+        socket->clientSock = NULL;
+        socket->serverSock = NULL;
+        socket->netAddr = &netAddr;
+
+        socket->callbackList.listenCallback = pkix_pl_Socket_Listen;
+        socket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
+        socket->callbackList.connectcontinueCallback =
+                 pkix_pl_Socket_ConnectContinue;
+        socket->callbackList.sendCallback = pkix_pl_Socket_Send;
+        socket->callbackList.recvCallback = pkix_pl_Socket_Recv;
+        socket->callbackList.pollCallback = pkix_pl_Socket_Poll;
+        socket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
+
+        if (isServer) {
+                PKIX_CHECK(pkix_pl_Socket_CreateServer(socket, plContext),
+                        PKIX_SOCKETCREATESERVERFAILED);
+                *pStatus = 0;
+        } else {
+                PKIX_CHECK(pkix_pl_Socket_CreateClient(socket, plContext),
+                        PKIX_SOCKETCREATECLIENTFAILED);
+                PKIX_CHECK(pkix_pl_Socket_Connect(socket, pStatus, plContext),
+                        PKIX_SOCKETCONNECTFAILED);
+        }
+
+        *pSocket = socket;
+
+cleanup:
+        PL_strfree(localCopyName);
+
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(socket);
+        }
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_CreateByHostAndPort
+ * DESCRIPTION:
+ *
+ *  This function creates a new Socket, setting it to be a server or a client
+ *  according to the value of "isServer", setting its timeout value from
+ *  "timeout", host from "hostname", and port number from "portNum", and stores
+ *  the status at "pStatus" and the created Socket at "pSocket".
+ *
+ *  If isServer is PKIX_TRUE, it is attempted to create the socket with an ip
+ *  address of PR_INADDR_ANY.
+ *
+ * PARAMETERS:
+ *  "isServer"
+ *      The Boolean value indicating if PKIX_TRUE, that a server socket (using
+ *      Bind, Listen, and Accept) is to be created, or if PKIX_FALSE, that a
+ *      client socket (using Connect) is to be created.
+ *  "timeout"
+ *      A PRTimeInterval value to be used for I/O waits for this socket. If
+ *      zero, non-blocking I/O is to be used.
+ *  "hostname"
+ *      Address of a character string consisting of the server's domain name.
+ *  "portNum"
+ *      UInt16 value of the port number for the desired socket.
+ *  "pStatus"
+ *      Address at which the PRErrorCode resulting from the create is
+ *      stored. Must be non-NULL.
+ *  "pSocket"
+ *      The address at which the Socket is to be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Socket Error if the function fails in
+ *      a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Socket_CreateByHostAndPort(
+        PKIX_Boolean isServer,
+        PRIntervalTime timeout,
+        char *hostname,
+        PRUint16 portnum,
+        PRErrorCode *pStatus,
+        PKIX_PL_Socket **pSocket,
+        void *plContext)
+{
+        PRNetAddr netAddr;
+        PKIX_PL_Socket *socket = NULL;
+        char *sepPtr = NULL;
+        PRHostEnt hostent;
+        PRIntn hostenum;
+        PRStatus prstatus = PR_FAILURE;
+        char buf[PR_NETDB_BUF_SIZE];
+
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");
+        PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
+
+
+        prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);
+
+        if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
+                /*
+                 * The hostname may be a fully-qualified name. Try using just
+                 * the leftmost component in our lookup.
+                 */
+                sepPtr = strchr(hostname, '.');
+                if (sepPtr) {
+                        *sepPtr++ = '\0';
+                }
+                prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);
+
+                if ((prstatus != PR_SUCCESS) || (hostent.h_length != 4)) {
+                        PKIX_ERROR
+                                (PKIX_PRGETHOSTBYNAMEREJECTSHOSTNAMEARGUMENT);
+                }
+        }
+
+        netAddr.inet.family = PR_AF_INET;
+        netAddr.inet.port = PR_htons(portnum);
+
+        if (isServer) {
+
+                netAddr.inet.ip = PR_INADDR_ANY;
+
+        } else {
+
+                hostenum = PR_EnumerateHostEnt(0, &hostent, portnum, &netAddr);
+                if (hostenum == -1) {
+                        PKIX_ERROR(PKIX_PRENUMERATEHOSTENTFAILED);
+                }
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_SOCKET_TYPE,
+                sizeof (PKIX_PL_Socket),
+                (PKIX_PL_Object **)&socket,
+                plContext),
+                PKIX_COULDNOTCREATESOCKETOBJECT);
+
+        socket->isServer = isServer;
+        socket->timeout = timeout;
+        socket->clientSock = NULL;
+        socket->serverSock = NULL;
+        socket->netAddr = &netAddr;
+
+        socket->callbackList.listenCallback = pkix_pl_Socket_Listen;
+        socket->callbackList.acceptCallback = pkix_pl_Socket_Accept;
+        socket->callbackList.connectcontinueCallback =
+                 pkix_pl_Socket_ConnectContinue;
+        socket->callbackList.sendCallback = pkix_pl_Socket_Send;
+        socket->callbackList.recvCallback = pkix_pl_Socket_Recv;
+        socket->callbackList.pollCallback = pkix_pl_Socket_Poll;
+        socket->callbackList.shutdownCallback = pkix_pl_Socket_Shutdown;
+
+        if (isServer) {
+                PKIX_CHECK(pkix_pl_Socket_CreateServer(socket, plContext),
+                        PKIX_SOCKETCREATESERVERFAILED);
+                *pStatus = 0;
+        } else {
+                PKIX_CHECK(pkix_pl_Socket_CreateClient(socket, plContext),
+                        PKIX_SOCKETCREATECLIENTFAILED);
+                PKIX_CHECK(pkix_pl_Socket_Connect(socket, pStatus, plContext),
+                        PKIX_SOCKETCONNECTFAILED);
+        }
+
+        *pSocket = socket;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+                PKIX_DECREF(socket);
+        }
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_GetCallbackList
+ */
+PKIX_Error *
+pkix_pl_Socket_GetCallbackList(
+        PKIX_PL_Socket *socket,
+        PKIX_PL_Socket_Callback **pCallbackList,
+        void *plContext)
+{
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_GetCallbackList");
+        PKIX_NULLCHECK_TWO(socket, pCallbackList);
+
+        *pCallbackList = &(socket->callbackList);
+
+        PKIX_RETURN(SOCKET);
+}
+
+/*
+ * FUNCTION: pkix_pl_Socket_GetPRFileDesc
+ */
+PKIX_Error *
+pkix_pl_Socket_GetPRFileDesc(
+        PKIX_PL_Socket *socket,
+        PRFileDesc **pDesc,
+        void *plContext)
+{
+        PKIX_ENTER(SOCKET, "pkix_pl_Socket_GetPRFileDesc");
+        PKIX_NULLCHECK_TWO(socket, pDesc);
+
+        *pDesc = socket->clientSock;
+
+        PKIX_RETURN(SOCKET);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h
new file mode 100644
index 0000000..abf6628
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.h
@@ -0,0 +1,209 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_socket.h
+ *
+ * Socket Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_SOCKET_H
+#define _PKIX_PL_SOCKET_H
+
+#include <errno.h>
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum {
+        SOCKET_BOUND,
+        SOCKET_LISTENING,
+        SOCKET_ACCEPTPENDING,
+        SOCKET_UNCONNECTED,
+        SOCKET_CONNECTPENDING,
+        SOCKET_CONNECTED,
+        SOCKET_SENDPENDING,
+        SOCKET_RCVPENDING,
+        SOCKET_SENDRCVPENDING,
+        SOCKET_SHUTDOWN
+} SockStatus;
+
+/* This is the default port number, if none is supplied to CreateByName. */
+#define LDAP_PORT 389
+
+/*
+ * These callbacks allow a user to substitute a counterfeit socket in places
+ * where a PKIX_PL_Socket is expected. A conforming usage will use the
+ * ListenCallback function instead of Listen, AcceptCallback instead of Accept,
+ * etc. The counterfeit socket may have special capabilites such as the
+ * ability to do proxy authentication, etc.
+ */
+
+typedef PKIX_Error *
+(*pkix_pl_Socket_ListenCallback)(
+        PKIX_PL_Socket *socket,
+        PKIX_UInt32 backlog,
+        void *plContext);
+
+typedef PKIX_Error *
+(*pkix_pl_Socket_AcceptCallback)(
+        PKIX_PL_Socket *socket,
+        PKIX_PL_Socket **pRendezvousSock,
+        void *plContext);
+
+typedef PKIX_Error *
+(*pkix_pl_Socket_ConnectContinueCallback)(
+        PKIX_PL_Socket *socket,
+        PRErrorCode *pStatus,
+        void *plContext);
+
+typedef PKIX_Error *
+(*pkix_pl_Socket_SendCallback)(
+        PKIX_PL_Socket *sendSock,
+        void *buf,
+        PKIX_UInt32 bytesToWrite,
+        PKIX_Int32 *pBytesWritten,
+        void *plContext);
+
+typedef PKIX_Error *
+(*pkix_pl_Socket_RecvCallback)(
+        PKIX_PL_Socket *rcvSock,
+        void *buf,
+        PKIX_UInt32 capacity,
+        PKIX_Int32 *pBytesRead,
+        void *plContext);
+
+typedef PKIX_Error *
+(*pkix_pl_Socket_PollCallback)(
+        PKIX_PL_Socket *sock,
+        PKIX_Int32 *pBytesWritten,
+        PKIX_Int32 *pBytesRead,
+        void *plContext);
+
+typedef PKIX_Error *
+(*pkix_pl_Socket_ShutdownCallback)(
+        PKIX_PL_Socket *socket, void *plContext);
+
+typedef struct PKIX_PL_Socket_CallbackStruct {
+        pkix_pl_Socket_ListenCallback listenCallback;
+        pkix_pl_Socket_AcceptCallback acceptCallback;
+        pkix_pl_Socket_ConnectContinueCallback connectcontinueCallback;
+        pkix_pl_Socket_SendCallback sendCallback;
+        pkix_pl_Socket_RecvCallback recvCallback;
+        pkix_pl_Socket_PollCallback pollCallback;
+        pkix_pl_Socket_ShutdownCallback shutdownCallback;
+} PKIX_PL_Socket_Callback;
+
+struct PKIX_PL_SocketStruct {
+        PKIX_Boolean isServer;
+        PRIntervalTime timeout; /* zero for non-blocking I/O */
+        SockStatus status;
+        PRFileDesc *clientSock;
+        PRFileDesc *serverSock;
+        void *readBuf;
+        void *writeBuf;
+        PKIX_UInt32 readBufSize;
+        PKIX_UInt32 writeBufSize;
+        PRNetAddr *netAddr;
+        PKIX_PL_Socket_Callback callbackList;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_Socket_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_Socket_Create(
+        PKIX_Boolean isServer,
+        PRIntervalTime timeout, /* zero for non-blocking I/O */
+        PRNetAddr *netAddr,
+        PRErrorCode *status,
+        PKIX_PL_Socket **pSocket,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Socket_CreateByName(
+        PKIX_Boolean isServer,
+        PRIntervalTime timeout,
+        char *serverName,
+        PRErrorCode *pStatus,
+        PKIX_PL_Socket **pSocket,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Socket_CreateByHostAndPort(
+        PKIX_Boolean isServer,
+        PRIntervalTime timeout,
+        char *hostname,
+        PRUint16 portnum,
+        PRErrorCode *pStatus,
+        PKIX_PL_Socket **pSocket,
+        void *plContext);
+
+/* Do not use these functions directly; use their callback variants instead
+ *      static PKIX_Error *
+ *      pkix_pl_Socket_Listen(
+ *              PKIX_PL_Socket *socket,
+ *              PKIX_UInt32 backlog,
+ *              void *plContext);
+ *      
+ *      static PKIX_Error *
+ *      pkix_pl_Socket_Accept(
+ *              PKIX_PL_Socket *socket,
+ *              PKIX_PL_Socket **pRendezvousSock,
+ *              void *plContext);
+ *      
+ *      static PKIX_Error *
+ *      pkix_pl_Socket_ConnectContinue(
+ *              PKIX_PL_Socket *socket,
+ *              PRErrorCode *pStatus,
+ *              void *plContext);
+ *      
+ *      static PKIX_Error *
+ *      pkix_pl_Socket_Send(
+ *              PKIX_PL_Socket *sendSock,
+ *              void *buf,
+ *              PKIX_UInt32 bytesToWrite,
+ *              PKIX_Int32 *pBytesWritten,
+ *              void *plContext);
+ *      
+ *      static PKIX_Error *
+ *      pkix_pl_Socket_Recv(
+ *              PKIX_PL_Socket *rcvSock,
+ *              void *buf,
+ *              PKIX_UInt32 capacity,
+ *              PKIX_Int32 *pBytesRead,
+ *              void *plContext);
+ *      
+ *      static PKIX_Error *
+ *      pkix_pl_Socket_Poll(
+ *              PKIX_PL_Socket *sock,
+ *              PKIX_Int32 *pBytesWritten,
+ *              PKIX_Int32 *pBytesRead,
+ *              void *plContext);
+ *      
+ *      static PKIX_Error *
+ *      pkix_pl_Socket_Shutdown(
+ *              PKIX_PL_Socket *socket, void *plContext);
+ */
+
+PKIX_Error *
+pkix_pl_Socket_GetCallbackList(
+        PKIX_PL_Socket *socket,
+        PKIX_PL_Socket_Callback **pCallbackList,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Socket_GetPRFileDesc(
+        PKIX_PL_Socket *socket,
+        PRFileDesc **pDesc,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_SOCKET_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/Makefile b/nss/lib/libpkix/pkix_pl_nss/pki/Makefile
new file mode 100755
index 0000000..0fb6c90
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/config.mk b/nss/lib/libpkix/pkix_pl_nss/pki/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/exports.gyp b/nss/lib/libpkix/pkix_pl_nss/pki/exports.gyp
new file mode 100644
index 0000000..616f94f
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/exports.gyp
@@ -0,0 +1,41 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_pl_nss_pki_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_pl_basicconstraints.h',
+            'pkix_pl_cert.h',
+            'pkix_pl_certpolicyinfo.h',
+            'pkix_pl_certpolicymap.h',
+            'pkix_pl_certpolicyqualifier.h',
+            'pkix_pl_crl.h',
+            'pkix_pl_crldp.h',
+            'pkix_pl_crlentry.h',
+            'pkix_pl_date.h',
+            'pkix_pl_generalname.h',
+            'pkix_pl_infoaccess.h',
+            'pkix_pl_nameconstraints.h',
+            'pkix_pl_ocspcertid.h',
+            'pkix_pl_ocsprequest.h',
+            'pkix_pl_ocspresponse.h',
+            'pkix_pl_publickey.h',
+            'pkix_pl_x500name.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn b/nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn
new file mode 100755
index 0000000..f8d4571
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/manifest.mn
@@ -0,0 +1,53 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_pl_basicconstraints.h \
+	pkix_pl_cert.h \
+	pkix_pl_certpolicyinfo.h \
+	pkix_pl_certpolicymap.h \
+	pkix_pl_certpolicyqualifier.h \
+	pkix_pl_crl.h \
+        pkix_pl_crldp.h \
+	pkix_pl_crlentry.h \
+	pkix_pl_date.h \
+	pkix_pl_generalname.h \
+	pkix_pl_infoaccess.h \
+	pkix_pl_nameconstraints.h \
+	pkix_pl_ocsprequest.h \
+	pkix_pl_ocspresponse.h \
+	pkix_pl_publickey.h \
+	pkix_pl_x500name.h \
+	pkix_pl_ocspcertid.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_pl_basicconstraints.c \
+	pkix_pl_cert.c \
+	pkix_pl_certpolicyinfo.c \
+	pkix_pl_certpolicymap.c \
+	pkix_pl_certpolicyqualifier.c \
+	pkix_pl_crl.c \
+        pkix_pl_crldp.c \
+	pkix_pl_crlentry.c \
+	pkix_pl_date.c \
+	pkix_pl_generalname.c \
+	pkix_pl_infoaccess.c \
+	pkix_pl_nameconstraints.c \
+	pkix_pl_ocsprequest.c \
+	pkix_pl_ocspresponse.c \
+	pkix_pl_publickey.c \
+	pkix_pl_x500name.c \
+	pkix_pl_ocspcertid.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixpki
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pki.gyp b/nss/lib/libpkix/pkix_pl_nss/pki/pki.gyp
new file mode 100644
index 0000000..af7730c
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pki.gyp
@@ -0,0 +1,39 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixpki',
+      'type': 'static_library',
+      'sources': [
+        'pkix_pl_basicconstraints.c',
+        'pkix_pl_cert.c',
+        'pkix_pl_certpolicyinfo.c',
+        'pkix_pl_certpolicymap.c',
+        'pkix_pl_certpolicyqualifier.c',
+        'pkix_pl_crl.c',
+        'pkix_pl_crldp.c',
+        'pkix_pl_crlentry.c',
+        'pkix_pl_date.c',
+        'pkix_pl_generalname.c',
+        'pkix_pl_infoaccess.c',
+        'pkix_pl_nameconstraints.c',
+        'pkix_pl_ocspcertid.c',
+        'pkix_pl_ocsprequest.c',
+        'pkix_pl_ocspresponse.c',
+        'pkix_pl_publickey.c',
+        'pkix_pl_x500name.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c
new file mode 100644
index 0000000..81615da
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.c
@@ -0,0 +1,407 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_basicconstraints.c
+ *
+ * BasicConstraints Object Functions
+ *
+ */
+
+#include "pkix_pl_basicconstraints.h"
+
+/*
+ * FUNCTION: pkix_pl_CertBasicConstraints_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CertBasicConstraints object whose CA Flag has the value
+ *  given by the Boolean value of "isCA" and whose path length field has the
+ *  value given by the "pathLen" argument and stores it at "pObject".
+ *
+ * PARAMETERS
+ *  "isCA"
+ *      Boolean value with the desired value of CA Flag.
+ *  "pathLen"
+ *      a PKIX_Int32 with the desired value of path length
+ *  "pObject"
+ *      Address of object pointer's destination. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertBasicConstraints Error if the function fails
+ *  in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CertBasicConstraints_Create(
+        PKIX_Boolean isCA,
+        PKIX_Int32 pathLen,
+        PKIX_PL_CertBasicConstraints **pObject,
+        void *plContext)
+{
+        PKIX_PL_CertBasicConstraints *basic = NULL;
+
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                    "pkix_pl_CertBasicConstraints_Create");
+        PKIX_NULLCHECK_ONE(pObject);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CERTBASICCONSTRAINTS_TYPE,
+                    sizeof (PKIX_PL_CertBasicConstraints),
+                    (PKIX_PL_Object **)&basic,
+                    plContext),
+                    PKIX_COULDNOTCREATECERTBASICCONSTRAINTSOBJECT);
+
+        basic->isCA = isCA;
+
+        /* pathLen has meaning only for CAs, but it's not worth checking */
+        basic->pathLen = pathLen;
+
+        *pObject = basic;
+
+cleanup:
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertBasicConstraints_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertBasicConstraints_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CertBasicConstraints *certB = NULL;
+
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                "pkix_pl_CertBasicConstraints_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTBASICCONSTRAINTS);
+
+        certB = (PKIX_PL_CertBasicConstraints*)object;
+
+        certB->isCA = PKIX_FALSE;
+        certB->pathLen = 0;
+
+cleanup:
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertBasicConstraints_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertBasicConstraints_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *certBasicConstraintsString = NULL;
+        PKIX_PL_CertBasicConstraints *certB = NULL;
+        PKIX_Boolean isCA = PKIX_FALSE;
+        PKIX_Int32 pathLen = 0;
+        PKIX_PL_String *outString = NULL;
+        char *fmtString = NULL;
+        PKIX_Boolean pathlenArg = PKIX_FALSE;
+
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                "pkix_pl_CertBasicConstraints_toString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
+                    PKIX_FIRSTARGUMENTNOTCERTBASICCONSTRAINTSOBJECT);
+
+        certB = (PKIX_PL_CertBasicConstraints *)object;
+
+        /*
+         * if CA == TRUE
+         *      if pathLen == CERT_UNLIMITED_PATH_CONSTRAINT
+         *              print "CA(-1)"
+         *      else print "CA(nnn)"
+         * if CA == FALSE, print "~CA"
+         */
+
+        isCA = certB->isCA;
+
+        if (isCA) {
+                pathLen = certB->pathLen;
+
+                if (pathLen == CERT_UNLIMITED_PATH_CONSTRAINT) {
+                        /* print "CA(-1)" */
+                        fmtString = "CA(-1)";
+                        pathlenArg = PKIX_FALSE;
+                } else {
+                        /* print "CA(pathLen)" */
+                        fmtString = "CA(%d)";
+                        pathlenArg = PKIX_TRUE;
+                }
+        } else {
+                /* print "~CA" */
+                fmtString = "~CA";
+                pathlenArg = PKIX_FALSE;
+        }
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    fmtString,
+                    0,
+                    &certBasicConstraintsString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        if (pathlenArg) {
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (&outString,
+                            plContext,
+                            certBasicConstraintsString,
+                            pathLen),
+                            PKIX_SPRINTFFAILED);
+        } else {
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (&outString,
+                            plContext,
+                            certBasicConstraintsString),
+                            PKIX_SPRINTFFAILED);
+        }
+
+        *pString = outString;
+
+cleanup:
+
+        PKIX_DECREF(certBasicConstraintsString);
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertBasicConstraints_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertBasicConstraints_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_CertBasicConstraints *certB = NULL;
+        PKIX_Boolean isCA = PKIX_FALSE;
+        PKIX_Int32 pathLen = 0;
+        PKIX_Int32 hashInput = 0;
+        PKIX_UInt32 cbcHash = 0;
+
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                "pkix_pl_CertBasicConstraints_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTBASICCONSTRAINTS);
+
+        certB = (PKIX_PL_CertBasicConstraints *)object;
+
+        /*
+         * if CA == TRUE
+         *      hash(pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT)
+         * if CA == FALSE, hash(0)
+         */
+
+        isCA = certB->isCA;
+
+        if (isCA) {
+                pathLen = certB->pathLen;
+
+                hashInput = pathLen + 1 - PKIX_UNLIMITED_PATH_CONSTRAINT;
+        }
+
+        PKIX_CHECK(pkix_hash
+                    ((const unsigned char *)&hashInput,
+                    sizeof (hashInput),
+                    &cbcHash,
+                    plContext),
+                    PKIX_HASHFAILED);
+
+        *pHashcode = cbcHash;
+
+cleanup:
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_CertBasicConstraints_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertBasicConstraints_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CertBasicConstraints *firstCBC = NULL;
+        PKIX_PL_CertBasicConstraints *secondCBC = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean firstIsCA = PKIX_FALSE;
+        PKIX_Boolean secondIsCA = PKIX_FALSE;
+        PKIX_Int32 firstPathLen = 0;
+        PKIX_Int32 secondPathLen = 0;
+
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                "pkix_pl_CertBasicConstraints_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CertBasicConstraints */
+        PKIX_CHECK(pkix_CheckType
+                    (firstObject, PKIX_CERTBASICCONSTRAINTS_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTCERTBASICCONSTRAINTS);
+
+        /*
+         * Since we know firstObject is a CertBasicConstraints,
+         * if both references are identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a CertBasicConstraints, we
+         * don't throw an error. We simply return FALSE.
+         */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_CERTBASICCONSTRAINTS_TYPE) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        firstCBC = (PKIX_PL_CertBasicConstraints *)firstObject;
+        secondCBC = (PKIX_PL_CertBasicConstraints *)secondObject;
+
+        /*
+         * Compare the value of the CAFlag components
+         */
+
+        firstIsCA = firstCBC->isCA;
+
+        /*
+         * Failure here would be an error, not merely a miscompare,
+         * since we know second is a CertBasicConstraints.
+         */
+        secondIsCA = secondCBC->isCA;
+
+        /*
+         * If isCA flags differ, the objects are not equal.
+         */
+        if (secondIsCA != firstIsCA) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        /*
+         * If isCA was FALSE, the objects are equal, because
+         * pathLen is meaningless in that case.
+         */
+        if (!firstIsCA) {
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        firstPathLen = firstCBC->pathLen;
+        secondPathLen = secondCBC->pathLen;
+
+        *pResult = (secondPathLen == firstPathLen);
+
+cleanup:
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertBasicConstraints_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTBASICCONSTRAINTS_TYPE and its related
+ *  functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize,
+ *  which should only be called once, it is acceptable that
+ *  this function is not thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CertBasicConstraints_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                "pkix_pl_CertBasicConstraints_RegisterSelf");
+
+        entry.description = "CertBasicConstraints";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_CertBasicConstraints);
+        entry.destructor = pkix_pl_CertBasicConstraints_Destroy;
+        entry.equalsFunction = pkix_pl_CertBasicConstraints_Equals;
+        entry.hashcodeFunction = pkix_pl_CertBasicConstraints_Hashcode;
+        entry.toStringFunction = pkix_pl_CertBasicConstraints_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_CERTBASICCONSTRAINTS_TYPE] = entry;
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_BasicConstraints_GetCAFlag
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_BasicConstraints_GetCAFlag(
+        PKIX_PL_CertBasicConstraints *basicConstraints,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                "PKIX_PL_BasicConstraintsGetCAFlag");
+        PKIX_NULLCHECK_TWO(basicConstraints, pResult);
+
+        *pResult = basicConstraints->isCA;
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
+
+/*
+ * FUNCTION: PKIX_PL_BasicConstraints_GetPathLenConstraint
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_BasicConstraints_GetPathLenConstraint(
+        PKIX_PL_CertBasicConstraints *basicConstraints,
+        PKIX_Int32 *pPathLenConstraint,
+        void *plContext)
+{
+        PKIX_ENTER(CERTBASICCONSTRAINTS,
+                "PKIX_PL_BasicConstraintsGetPathLenConstraint");
+        PKIX_NULLCHECK_TWO(basicConstraints, pPathLenConstraint);
+
+        *pPathLenConstraint = basicConstraints->pathLen;
+
+        PKIX_RETURN(CERTBASICCONSTRAINTS);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h
new file mode 100644
index 0000000..857529c
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_basicconstraints.h
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_basicconstraints.h
+ *
+ * BasicConstraints Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_BASICCONSTRAINTS_H
+#define _PKIX_PL_BASICCONSTRAINTS_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This structure reflects the contents of the basic constraints
+ * extension as described in Section 4.2.1.10 of RFC 3280.
+ * The cA flag indicates whether the public key in this certificate
+ * belongs to a certification authority. The pathLen constraint
+ * gives the maximum number of non-self-issued intermediate certificates
+ * that may follow this certificate in a valid certification path.
+ */
+struct PKIX_PL_CertBasicConstraintsStruct {
+        PKIX_Boolean isCA;
+        PKIX_Int32 pathLen;
+};
+
+PKIX_Error *
+pkix_pl_CertBasicConstraints_Create(
+        PKIX_Boolean isCA,
+        PKIX_Int32 pathLen,
+        PKIX_PL_CertBasicConstraints **object,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_CertBasicConstraints_RegisterSelf(
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_BASICCONSTRAINTS_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
new file mode 100644
index 0000000..fa8f185
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
@@ -0,0 +1,3714 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_cert.c
+ *
+ * Certificate Object Functions
+ *
+ */
+
+#include "pkix_pl_cert.h"
+
+extern PKIX_PL_HashTable *cachedCertSigTable;
+
+/* --Private-Cert-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_Cert_IsExtensionCritical
+ * DESCRIPTION:
+ *
+ *  Checks the Cert specified by "cert" to determine whether the extension
+ *  whose tag is the UInt32 value given by "tag" is marked as a critical
+ *  extension, and stores the result in "pCritical".
+ *
+ *  Tags are the index into the table "oids" of SECOidData defined in the
+ *  file secoid.c. Constants, such as SEC_OID_X509_CERTIFICATE_POLICIES, are
+ *  are defined in secoidt.h for most of the table entries.
+ *
+ *  If the specified tag is invalid (not in the list of tags) or if the
+ *  extension is not found in the certificate, PKIX_FALSE is stored.
+ *
+ * PARAMETERS
+ *  "cert"
+ *      Address of Cert whose extensions are to be examined. Must be non-NULL.
+ *  "tag"
+ *      The UInt32 value of the tag for the extension whose criticality is
+ *      to be determined
+ *  "pCritical"
+ *      Address where the Boolean value will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Cert_IsExtensionCritical(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 tag,
+        PKIX_Boolean *pCritical,
+        void *plContext)
+{
+        PKIX_Boolean criticality = PKIX_FALSE;
+        CERTCertExtension **extensions = NULL;
+        SECStatus rv;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_IsExtensionCritical");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCritical);
+
+        extensions = cert->nssCert->extensions;
+        PKIX_NULLCHECK_ONE(extensions);
+
+        PKIX_CERT_DEBUG("\t\tCalling CERT_GetExtenCriticality).\n");
+        rv = CERT_GetExtenCriticality(extensions, tag, &criticality);
+        if (SECSuccess == rv) {
+                *pCritical = criticality;
+        } else {
+                *pCritical = PKIX_FALSE;
+        }
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_DecodePolicyInfo
+ * DESCRIPTION:
+ *
+ *  Decodes the contents of the CertificatePolicy extension in the
+ *  CERTCertificate pointed to by "nssCert", to create a List of
+ *  CertPolicyInfos, which is stored at the address "pCertPolicyInfos".
+ *  A CERTCertificate contains the DER representation of the Cert.
+ *  If this certificate does not have a CertificatePolicy extension,
+ *  NULL will be stored. If a List is returned, it will be immutable.
+ *
+ * PARAMETERS
+ *  "nssCert"
+ *      Address of the Cert data whose extension is to be examined. Must be
+ *      non-NULL.
+ *  "pCertPolicyInfos"
+ *      Address where the List of CertPolicyInfos will be stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Cert_DecodePolicyInfo(
+        CERTCertificate *nssCert,
+        PKIX_List **pCertPolicyInfos,
+        void *plContext)
+{
+
+        SECStatus rv;
+        SECItem encodedCertPolicyInfo;
+
+        /* Allocated in the arena; freed in CERT_Destroy... */
+        CERTCertificatePolicies *certPol = NULL;
+        CERTPolicyInfo **policyInfos = NULL;
+
+        /* Holder for the return value */
+        PKIX_List *infos = NULL;
+
+        PKIX_PL_OID *pkixOID = NULL;
+        PKIX_List *qualifiers = NULL;
+        PKIX_PL_CertPolicyInfo *certPolicyInfo = NULL;
+        PKIX_PL_CertPolicyQualifier *certPolicyQualifier = NULL;
+        PKIX_PL_ByteArray *qualifierArray = NULL;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyInfo");
+        PKIX_NULLCHECK_TWO(nssCert, pCertPolicyInfos);
+
+        /* get PolicyInfo as a SECItem */
+        PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n");
+        rv = CERT_FindCertExtension
+                (nssCert,
+                SEC_OID_X509_CERTIFICATE_POLICIES,
+                &encodedCertPolicyInfo);
+        if (SECSuccess != rv) {
+                *pCertPolicyInfos = NULL;
+                goto cleanup;
+        }
+
+        /* translate PolicyInfo to CERTCertificatePolicies */
+        PKIX_CERT_DEBUG("\t\tCERT_DecodeCertificatePoliciesExtension).\n");
+        certPol = CERT_DecodeCertificatePoliciesExtension
+                (&encodedCertPolicyInfo);
+
+        PORT_Free(encodedCertPolicyInfo.data);
+
+        if (NULL == certPol) {
+                PKIX_ERROR(PKIX_CERTDECODECERTIFICATEPOLICIESEXTENSIONFAILED);
+        }
+
+        /*
+         * Check whether there are any policyInfos, so we can
+         * avoid creating an unnecessary List
+         */
+        policyInfos = certPol->policyInfos;
+        if (!policyInfos) {
+                *pCertPolicyInfos = NULL;
+                goto cleanup;
+        }
+
+        /* create a List of CertPolicyInfo Objects */
+        PKIX_CHECK(PKIX_List_Create(&infos, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        /*
+         * Traverse the CERTCertificatePolicies structure,
+         * building each PKIX_PL_CertPolicyInfo object in turn
+         */
+        while (*policyInfos != NULL) {
+                CERTPolicyInfo *policyInfo = *policyInfos;
+                CERTPolicyQualifier **policyQualifiers =
+                                          policyInfo->policyQualifiers;
+                if (policyQualifiers) {
+                        /* create a PKIX_List of PKIX_PL_CertPolicyQualifiers */
+                        PKIX_CHECK(PKIX_List_Create(&qualifiers, plContext),
+                                PKIX_LISTCREATEFAILED);
+
+                        while (*policyQualifiers != NULL) {
+                            CERTPolicyQualifier *policyQualifier =
+                                                         *policyQualifiers;
+
+                            /* create the qualifier's OID object */
+                            PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
+                                (&policyQualifier->qualifierID,
+                                 &pkixOID, plContext),
+                                PKIX_OIDCREATEFAILED);
+
+                            /* create qualifier's ByteArray object */
+
+                            PKIX_CHECK(PKIX_PL_ByteArray_Create
+                                (policyQualifier->qualifierValue.data,
+                                policyQualifier->qualifierValue.len,
+                                &qualifierArray,
+                                plContext),
+                                PKIX_BYTEARRAYCREATEFAILED);
+
+                            /* create a CertPolicyQualifier object */
+
+                            PKIX_CHECK(pkix_pl_CertPolicyQualifier_Create
+                                (pkixOID,
+                                qualifierArray,
+                                &certPolicyQualifier,
+                                plContext),
+                                PKIX_CERTPOLICYQUALIFIERCREATEFAILED);
+
+                            PKIX_CHECK(PKIX_List_AppendItem
+                                (qualifiers,
+                                (PKIX_PL_Object *)certPolicyQualifier,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+
+                            PKIX_DECREF(pkixOID);
+                            PKIX_DECREF(qualifierArray);
+                            PKIX_DECREF(certPolicyQualifier);
+
+                            policyQualifiers++;
+                        }
+
+                        PKIX_CHECK(PKIX_List_SetImmutable
+                                (qualifiers, plContext),
+                                PKIX_LISTSETIMMUTABLEFAILED);
+                }
+
+
+                /*
+                 * Create an OID object pkixOID from policyInfo->policyID.
+                 * (The CERTPolicyInfo structure has an oid field, but it
+                 * is of type SECOidTag. This function wants a SECItem.)
+                 */
+                PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
+                        (&policyInfo->policyID, &pkixOID, plContext),
+                        PKIX_OIDCREATEFAILED);
+
+                /* Create a CertPolicyInfo object */
+                PKIX_CHECK(pkix_pl_CertPolicyInfo_Create
+                        (pkixOID, qualifiers, &certPolicyInfo, plContext),
+                        PKIX_CERTPOLICYINFOCREATEFAILED);
+
+                /* Append the new CertPolicyInfo object to the list */
+                PKIX_CHECK(PKIX_List_AppendItem
+                        (infos, (PKIX_PL_Object *)certPolicyInfo, plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(pkixOID);
+                PKIX_DECREF(qualifiers);
+                PKIX_DECREF(certPolicyInfo);
+
+                policyInfos++;
+        }
+
+        /*
+         * If there were no policies, we went straight to
+         * cleanup, so we don't have to NULLCHECK infos.
+         */
+        PKIX_CHECK(PKIX_List_SetImmutable(infos, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        *pCertPolicyInfos = infos;
+        infos = NULL;
+
+cleanup:
+        if (certPol) {
+            PKIX_CERT_DEBUG
+                ("\t\tCalling CERT_DestroyCertificatePoliciesExtension).\n");
+            CERT_DestroyCertificatePoliciesExtension(certPol);
+        }
+
+        PKIX_DECREF(infos);
+        PKIX_DECREF(pkixOID);
+        PKIX_DECREF(qualifiers);
+        PKIX_DECREF(certPolicyInfo);
+        PKIX_DECREF(certPolicyQualifier);
+        PKIX_DECREF(qualifierArray);
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_DecodePolicyMapping
+ * DESCRIPTION:
+ *
+ *  Decodes the contents of the PolicyMapping extension of the CERTCertificate
+ *  pointed to by "nssCert", storing the resulting List of CertPolicyMaps at
+ *  the address pointed to by "pCertPolicyMaps". If this certificate does not
+ *  have a PolicyMapping extension, NULL will be stored. If a List is returned,
+ *  it will be immutable.
+ *
+ * PARAMETERS
+ *  "nssCert"
+ *      Address of the Cert data whose extension is to be examined. Must be
+ *      non-NULL.
+ *  "pCertPolicyMaps"
+ *      Address where the List of CertPolicyMaps will be stored. Must be
+ *      non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Cert_DecodePolicyMapping(
+        CERTCertificate *nssCert,
+        PKIX_List **pCertPolicyMaps,
+        void *plContext)
+{
+        SECStatus rv;
+        SECItem encodedCertPolicyMaps;
+
+        /* Allocated in the arena; freed in CERT_Destroy... */
+        CERTCertificatePolicyMappings *certPolMaps = NULL;
+        CERTPolicyMap **policyMaps = NULL;
+
+        /* Holder for the return value */
+        PKIX_List *maps = NULL;
+
+        PKIX_PL_OID *issuerDomainOID = NULL;
+        PKIX_PL_OID *subjectDomainOID = NULL;
+        PKIX_PL_CertPolicyMap *certPolicyMap = NULL;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyMapping");
+        PKIX_NULLCHECK_TWO(nssCert, pCertPolicyMaps);
+
+        /* get PolicyMappings as a SECItem */
+        PKIX_CERT_DEBUG("\t\tCERT_FindCertExtension).\n");
+        rv = CERT_FindCertExtension
+                (nssCert, SEC_OID_X509_POLICY_MAPPINGS, &encodedCertPolicyMaps);
+        if (SECSuccess != rv) {
+                *pCertPolicyMaps = NULL;
+                goto cleanup;
+        }
+
+        /* translate PolicyMaps to CERTCertificatePolicyMappings */
+        certPolMaps = CERT_DecodePolicyMappingsExtension
+                (&encodedCertPolicyMaps);
+
+        PORT_Free(encodedCertPolicyMaps.data);
+
+        if (!certPolMaps) {
+                PKIX_ERROR(PKIX_CERTDECODEPOLICYMAPPINGSEXTENSIONFAILED);
+        }
+
+        PKIX_NULLCHECK_ONE(certPolMaps->policyMaps);
+
+        policyMaps = certPolMaps->policyMaps;
+
+        /* create a List of CertPolicyMap Objects */
+        PKIX_CHECK(PKIX_List_Create(&maps, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        /*
+         * Traverse the CERTCertificatePolicyMappings structure,
+         * building each CertPolicyMap object in turn
+         */
+        do {
+                CERTPolicyMap *policyMap = *policyMaps;
+
+                /* create the OID for the issuer Domain Policy */
+                PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
+                        (&policyMap->issuerDomainPolicy,
+                         &issuerDomainOID, plContext),
+                        PKIX_OIDCREATEFAILED);
+
+                /* create the OID for the subject Domain Policy */
+                PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
+                        (&policyMap->subjectDomainPolicy,
+                         &subjectDomainOID, plContext),
+                        PKIX_OIDCREATEFAILED);
+
+                /* create the CertPolicyMap */
+
+                PKIX_CHECK(pkix_pl_CertPolicyMap_Create
+                        (issuerDomainOID,
+                        subjectDomainOID,
+                        &certPolicyMap,
+                        plContext),
+                        PKIX_CERTPOLICYMAPCREATEFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                        (maps, (PKIX_PL_Object *)certPolicyMap, plContext),
+                        PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(issuerDomainOID);
+                PKIX_DECREF(subjectDomainOID);
+                PKIX_DECREF(certPolicyMap);
+
+                policyMaps++;
+        } while (*policyMaps != NULL);
+
+        PKIX_CHECK(PKIX_List_SetImmutable(maps, plContext),
+                PKIX_LISTSETIMMUTABLEFAILED);
+
+        *pCertPolicyMaps = maps;
+        maps = NULL;
+
+cleanup:
+        if (certPolMaps) {
+            PKIX_CERT_DEBUG
+                ("\t\tCalling CERT_DestroyPolicyMappingsExtension).\n");
+            CERT_DestroyPolicyMappingsExtension(certPolMaps);
+        }
+
+        PKIX_DECREF(maps);
+        PKIX_DECREF(issuerDomainOID);
+        PKIX_DECREF(subjectDomainOID);
+        PKIX_DECREF(certPolicyMap);
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_DecodePolicyConstraints
+ * DESCRIPTION:
+ *
+ *  Decodes the contents of the PolicyConstraints extension in the
+ *  CERTCertificate pointed to by "nssCert", to obtain SkipCerts values
+ *  which are stored at the addresses "pExplicitPolicySkipCerts" and
+ *  "pInhibitMappingSkipCerts", respectively. If this certificate does
+ *  not have an PolicyConstraints extension, or if either of the optional
+ *  components is not supplied, this function stores a value of -1 for any
+ *  missing component.
+ *
+ * PARAMETERS
+ *  "nssCert"
+ *      Address of the Cert data whose extension is to be examined. Must be
+ *      non-NULL.
+ *  "pExplicitPolicySkipCerts"
+ *      Address where the SkipCert value for the requireExplicitPolicy
+ *      component will be stored. Must be non-NULL.
+ *  "pInhibitMappingSkipCerts"
+ *      Address where the SkipCert value for the inhibitPolicyMapping
+ *      component will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Cert_DecodePolicyConstraints(
+        CERTCertificate *nssCert,
+        PKIX_Int32 *pExplicitPolicySkipCerts,
+        PKIX_Int32 *pInhibitMappingSkipCerts,
+        void *plContext)
+{
+        CERTCertificatePolicyConstraints policyConstraints;
+        SECStatus rv;
+        SECItem encodedCertPolicyConstraints;
+        PKIX_Int32 explicitPolicySkipCerts = -1;
+        PKIX_Int32 inhibitMappingSkipCerts = -1;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_DecodePolicyConstraints");
+        PKIX_NULLCHECK_THREE
+                (nssCert, pExplicitPolicySkipCerts, pInhibitMappingSkipCerts);
+
+        /* get the two skipCert values as SECItems */
+        PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n");
+        rv = CERT_FindCertExtension
+                (nssCert,
+                SEC_OID_X509_POLICY_CONSTRAINTS,
+                &encodedCertPolicyConstraints);
+
+        if (rv == SECSuccess) {
+
+                policyConstraints.explicitPolicySkipCerts.data =
+                        (unsigned char *)&explicitPolicySkipCerts;
+                policyConstraints.inhibitMappingSkipCerts.data =
+                        (unsigned char *)&inhibitMappingSkipCerts;
+
+                /* translate DER to CERTCertificatePolicyConstraints */
+                rv = CERT_DecodePolicyConstraintsExtension
+                        (&policyConstraints, &encodedCertPolicyConstraints);
+
+                PORT_Free(encodedCertPolicyConstraints.data);
+
+                if (rv != SECSuccess) {
+                    PKIX_ERROR
+                        (PKIX_CERTDECODEPOLICYCONSTRAINTSEXTENSIONFAILED);
+                }
+        }
+
+        *pExplicitPolicySkipCerts = explicitPolicySkipCerts;
+        *pInhibitMappingSkipCerts = inhibitMappingSkipCerts;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_DecodeInhibitAnyPolicy
+ * DESCRIPTION:
+ *
+ *  Decodes the contents of the InhibitAnyPolicy extension in the
+ *  CERTCertificate pointed to by "nssCert", to obtain a SkipCerts value,
+ *  which is stored at the address "pSkipCerts". If this certificate does
+ *  not have an InhibitAnyPolicy extension, -1 will be stored.
+ *
+ * PARAMETERS
+ *  "nssCert"
+ *      Address of the Cert data whose InhibitAnyPolicy extension is to be
+ *      processed. Must be non-NULL.
+ *  "pSkipCerts"
+ *      Address where the SkipCert value from the InhibitAnyPolicy extension
+ *      will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Cert_DecodeInhibitAnyPolicy(
+        CERTCertificate *nssCert,
+        PKIX_Int32 *pSkipCerts,
+        void *plContext)
+{
+        CERTCertificateInhibitAny inhibitAny;
+        SECStatus rv;
+        SECItem encodedCertInhibitAny;
+        PKIX_Int32 skipCerts = -1;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_DecodeInhibitAnyPolicy");
+        PKIX_NULLCHECK_TWO(nssCert, pSkipCerts);
+
+        /* get InhibitAny as a SECItem */
+        PKIX_CERT_DEBUG("\t\tCalling CERT_FindCertExtension).\n");
+        rv = CERT_FindCertExtension
+                (nssCert, SEC_OID_X509_INHIBIT_ANY_POLICY, &encodedCertInhibitAny);
+
+        if (rv == SECSuccess) {
+                inhibitAny.inhibitAnySkipCerts.data =
+                        (unsigned char *)&skipCerts;
+
+                /* translate DER to CERTCertificateInhibitAny */
+                rv = CERT_DecodeInhibitAnyExtension
+                        (&inhibitAny, &encodedCertInhibitAny);
+
+                PORT_Free(encodedCertInhibitAny.data);
+
+                if (rv != SECSuccess) {
+                        PKIX_ERROR(PKIX_CERTDECODEINHIBITANYEXTENSIONFAILED);
+                }
+        }
+
+        *pSkipCerts = skipCerts;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_GetNssSubjectAltNames
+ * DESCRIPTION:
+ *
+ *  Retrieves the Subject Alternative Names of the certificate specified by
+ *  "cert" and stores it at "pNssSubjAltNames". If the Subject Alternative
+ *  Name extension is not present, NULL is returned at "pNssSubjAltNames".
+ *  If the Subject Alternative Names has not been previously decoded, it is
+ *  decoded here with lock on the "cert" unless the flag "hasLock" indicates
+ *  the lock had been obtained at a higher call level.
+ *
+ * PARAMETERS
+ *  "cert"
+ *      Address of the certificate whose Subject Alternative Names extensions
+ *      is retrieved. Must be non-NULL.
+ *  "hasLock"
+ *      Boolean indicates caller has acquired a lock.
+ *      Must be non-NULL.
+ *  "pNssSubjAltNames"
+ *      Address where the returned Subject Alternative Names will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Cert_GetNssSubjectAltNames(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean hasLock,
+        CERTGeneralName **pNssSubjAltNames,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        CERTGeneralName *nssOriginalAltName = NULL;
+        PLArenaPool *arena = NULL;
+        SECItem altNameExtension = {siBuffer, NULL, 0};
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_GetNssSubjectAltNames");
+        PKIX_NULLCHECK_THREE(cert, pNssSubjAltNames, cert->nssCert);
+
+        nssCert = cert->nssCert;
+
+        if ((cert->nssSubjAltNames == NULL) && (!cert->subjAltNamesAbsent)){
+
+                if (!hasLock) {
+                    PKIX_OBJECT_LOCK(cert);
+                }
+
+                if ((cert->nssSubjAltNames == NULL) &&
+                    (!cert->subjAltNamesAbsent)){
+
+                    PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,
+                        (nssCert,
+                        SEC_OID_X509_SUBJECT_ALT_NAME,
+                        &altNameExtension));
+
+                    if (rv != SECSuccess) {
+                        *pNssSubjAltNames = NULL;
+                        cert->subjAltNamesAbsent = PKIX_TRUE;
+                        goto cleanup;
+                    }
+
+                    if (cert->arenaNameConstraints == NULL) {
+                        PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,
+                                (DER_DEFAULT_CHUNKSIZE));
+
+                        if (arena == NULL) {
+                            PKIX_ERROR(PKIX_OUTOFMEMORY);
+                        }
+                        cert->arenaNameConstraints = arena;
+                    }
+
+                    PKIX_PL_NSSCALLRV
+                        (CERT,
+                        nssOriginalAltName,
+                        (CERTGeneralName *) CERT_DecodeAltNameExtension,
+                        (cert->arenaNameConstraints, &altNameExtension));
+
+                    PKIX_PL_NSSCALL(CERT, PORT_Free, (altNameExtension.data));
+
+                    if (nssOriginalAltName == NULL) {
+                        PKIX_ERROR(PKIX_CERTDECODEALTNAMEEXTENSIONFAILED);
+                    }
+                    cert->nssSubjAltNames = nssOriginalAltName;
+
+                }
+
+                if (!hasLock) {
+                    PKIX_OBJECT_UNLOCK(cert);
+                }
+        }
+
+        *pNssSubjAltNames = cert->nssSubjAltNames;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_CheckExtendKeyUsage
+ * DESCRIPTION:
+ *
+ *  For each of the ON bit in "requiredExtendedKeyUsages" that represents its
+ *  SECCertUsageEnum type, this function checks "cert"'s certType (extended
+ *  key usage) and key usage with what is required for SECCertUsageEnum type.
+ *
+ * PARAMETERS
+ *  "cert"
+ *      Address of the certificate whose Extended Key Usage extensions
+ *      is retrieved. Must be non-NULL.
+ *  "requiredExtendedKeyUsages"
+ *      An unsigned integer, its bit location is ON based on the required key
+ *      usage value representing in SECCertUsageEnum.
+ *  "pPass"
+ *      Address where the return value, indicating key usage check passed, is
+ *       stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Cert_CheckExtendedKeyUsage(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 requiredExtendedKeyUsages,
+        PKIX_Boolean *pPass,
+        void *plContext)
+{
+        PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
+        PKIX_UInt32 certType = 0;
+        PKIX_UInt32 requiredKeyUsage = 0;
+        PKIX_UInt32 requiredCertType = 0;
+        PKIX_UInt32 requiredExtendedKeyUsage = 0;
+        PKIX_UInt32 i;
+        PKIX_Boolean isCA = PKIX_FALSE;
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_CheckExtendKeyUsage");
+        PKIX_NULLCHECK_THREE(cert, pPass, cert->nssCert);
+
+        *pPass = PKIX_FALSE;
+
+        PKIX_CERT_DEBUG("\t\tCalling cert_GetCertType).\n");
+        cert_GetCertType(cert->nssCert);
+        certType = cert->nssCert->nsCertType;
+
+        PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
+                    (cert,
+                    &basicConstraints,
+                    plContext),
+                    PKIX_CERTGETBASICCONSTRAINTFAILED);
+
+        if (basicConstraints != NULL) {
+                PKIX_CHECK(PKIX_PL_BasicConstraints_GetCAFlag
+                    (basicConstraints, &isCA, plContext),
+                    PKIX_BASICCONSTRAINTSGETCAFLAGFAILED);
+        }
+
+        i = 0;
+        while (requiredExtendedKeyUsages != 0) {
+
+                /* Find the bit location of the right-most non-zero bit */
+                while (requiredExtendedKeyUsages != 0) {
+                        if (((1 << i) & requiredExtendedKeyUsages) != 0) {
+                                requiredExtendedKeyUsage = 1 << i;
+                                break;
+                        }
+                        i++;
+                }
+                requiredExtendedKeyUsages ^= requiredExtendedKeyUsage;
+
+                requiredExtendedKeyUsage = i;
+
+                PKIX_PL_NSSCALLRV(CERT, rv, CERT_KeyUsageAndTypeForCertUsage,
+                        (requiredExtendedKeyUsage,
+                        isCA,
+                        &requiredKeyUsage,
+                        &requiredCertType));
+
+                if (!(certType & requiredCertType)) {
+                        goto cleanup;
+                }
+
+                PKIX_PL_NSSCALLRV(CERT, rv, CERT_CheckKeyUsage,
+                        (cert->nssCert, requiredKeyUsage));
+                if (rv != SECSuccess) {
+                        goto cleanup;
+                }
+                i++;
+
+        }
+
+        *pPass = PKIX_TRUE;
+
+cleanup:
+        PKIX_DECREF(basicConstraints);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of the Cert pointed
+ *  to by "cert" and stores it at "pString", where the value of
+ *  "partialString" determines whether a full or partial representation of
+ *  the Cert is stored.
+ *
+ * PARAMETERS
+ *  "cert"
+ *      Address of Cert whose string representation is desired.
+ *      Must be non-NULL.
+ *  "partialString"
+ *      Boolean indicating whether a partial Cert representation is desired.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Cert_ToString_Helper(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean partialString,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *certString = NULL;
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_UInt32 certVersion;
+        PKIX_PL_BigInt *certSN = NULL;
+        PKIX_PL_String *certSNString = NULL;
+        PKIX_PL_X500Name *certIssuer = NULL;
+        PKIX_PL_String *certIssuerString = NULL;
+        PKIX_PL_X500Name *certSubject = NULL;
+        PKIX_PL_String *certSubjectString = NULL;
+        PKIX_PL_String *notBeforeString = NULL;
+        PKIX_PL_String *notAfterString = NULL;
+        PKIX_List *subjAltNames = NULL;
+        PKIX_PL_String *subjAltNamesString = NULL;
+        PKIX_PL_ByteArray *authKeyId = NULL;
+        PKIX_PL_String *authKeyIdString = NULL;
+        PKIX_PL_ByteArray *subjKeyId = NULL;
+        PKIX_PL_String *subjKeyIdString = NULL;
+        PKIX_PL_PublicKey *nssPubKey = NULL;
+        PKIX_PL_String *nssPubKeyString = NULL;
+        PKIX_List *critExtOIDs = NULL;
+        PKIX_PL_String *critExtOIDsString = NULL;
+        PKIX_List *extKeyUsages = NULL;
+        PKIX_PL_String *extKeyUsagesString = NULL;
+        PKIX_PL_CertBasicConstraints *basicConstraint = NULL;
+        PKIX_PL_String *certBasicConstraintsString = NULL;
+        PKIX_List *policyInfo = NULL;
+        PKIX_PL_String *certPolicyInfoString = NULL;
+        PKIX_List *certPolicyMappings = NULL;
+        PKIX_PL_String *certPolicyMappingsString = NULL;
+        PKIX_Int32 certExplicitPolicy = 0;
+        PKIX_Int32 certInhibitMapping = 0;
+        PKIX_Int32 certInhibitAnyPolicy = 0;
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        PKIX_PL_String *nameConstraintsString = NULL;
+        PKIX_List *authorityInfoAccess = NULL;
+        PKIX_PL_String *authorityInfoAccessString = NULL;
+        PKIX_List *subjectInfoAccess = NULL;
+        PKIX_PL_String *subjectInfoAccessString = NULL;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_ToString_Helper");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pString);
+
+        /*
+         * XXX Add to this format as certificate components are developed.
+         */
+
+        if (partialString){
+                asciiFormat =
+                        "\t[Issuer:          %s\n"
+                        "\t Subject:         %s]";
+        } else {
+                asciiFormat =
+                        "[\n"
+                        "\tVersion:         v%d\n"
+                        "\tSerialNumber:    %s\n"
+                        "\tIssuer:          %s\n"
+                        "\tSubject:         %s\n"
+                        "\tValidity: [From: %s\n"
+                        "\t           To:   %s]\n"
+                        "\tSubjectAltNames: %s\n"
+                        "\tAuthorityKeyId:  %s\n"
+                        "\tSubjectKeyId:    %s\n"
+                        "\tSubjPubKeyAlgId: %s\n"
+                        "\tCritExtOIDs:     %s\n"
+                        "\tExtKeyUsages:    %s\n"
+                        "\tBasicConstraint: %s\n"
+                        "\tCertPolicyInfo:  %s\n"
+                        "\tPolicyMappings:  %s\n"
+                        "\tExplicitPolicy:  %d\n"
+                        "\tInhibitMapping:  %d\n"
+                        "\tInhibitAnyPolicy:%d\n"
+                        "\tNameConstraints: %s\n"
+                        "\tAuthorityInfoAccess: %s\n"
+                        "\tSubjectInfoAccess: %s\n"
+                        "\tCacheFlag:       %d\n"
+                        "]\n";
+        }
+
+
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        /* Issuer */
+        PKIX_CHECK(PKIX_PL_Cert_GetIssuer
+                (cert, &certIssuer, plContext),
+                PKIX_CERTGETISSUERFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)certIssuer, &certIssuerString, plContext),
+                PKIX_X500NAMETOSTRINGFAILED);
+
+        /* Subject */
+        PKIX_CHECK(PKIX_PL_Cert_GetSubject(cert, &certSubject, plContext),
+                PKIX_CERTGETSUBJECTFAILED);
+
+        PKIX_TOSTRING(certSubject, &certSubjectString, plContext,
+                PKIX_X500NAMETOSTRINGFAILED);
+
+        if (partialString){
+                PKIX_CHECK(PKIX_PL_Sprintf
+                            (&certString,
+                            plContext,
+                            formatString,
+                            certIssuerString,
+                            certSubjectString),
+                            PKIX_SPRINTFFAILED);
+
+                *pString = certString;
+                goto cleanup;
+        }
+
+        /* Version */
+        PKIX_CHECK(PKIX_PL_Cert_GetVersion(cert, &certVersion, plContext),
+                PKIX_CERTGETVERSIONFAILED);
+
+        /* SerialNumber */
+        PKIX_CHECK(PKIX_PL_Cert_GetSerialNumber(cert, &certSN, plContext),
+                PKIX_CERTGETSERIALNUMBERFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)certSN, &certSNString, plContext),
+                PKIX_BIGINTTOSTRINGFAILED);
+
+        /* Validity: NotBefore */
+        PKIX_CHECK(pkix_pl_Date_ToString_Helper
+                (&(cert->nssCert->validity.notBefore),
+                &notBeforeString,
+                plContext),
+                PKIX_DATETOSTRINGHELPERFAILED);
+
+        /* Validity: NotAfter */
+        PKIX_CHECK(pkix_pl_Date_ToString_Helper
+                (&(cert->nssCert->validity.notAfter),
+                &notAfterString,
+                plContext),
+                PKIX_DATETOSTRINGHELPERFAILED);
+
+        /* SubjectAltNames */
+        PKIX_CHECK(PKIX_PL_Cert_GetSubjectAltNames
+                (cert, &subjAltNames, plContext),
+                PKIX_CERTGETSUBJECTALTNAMESFAILED);
+
+        PKIX_TOSTRING(subjAltNames, &subjAltNamesString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        /* AuthorityKeyIdentifier */
+        PKIX_CHECK(PKIX_PL_Cert_GetAuthorityKeyIdentifier
+                (cert, &authKeyId, plContext),
+                PKIX_CERTGETAUTHORITYKEYIDENTIFIERFAILED);
+
+        PKIX_TOSTRING(authKeyId, &authKeyIdString, plContext,
+                PKIX_BYTEARRAYTOSTRINGFAILED);
+
+        /* SubjectKeyIdentifier */
+        PKIX_CHECK(PKIX_PL_Cert_GetSubjectKeyIdentifier
+                (cert, &subjKeyId, plContext),
+                PKIX_CERTGETSUBJECTKEYIDENTIFIERFAILED);
+
+        PKIX_TOSTRING(subjKeyId, &subjKeyIdString, plContext,
+                PKIX_BYTEARRAYTOSTRINGFAILED);
+
+        /* SubjectPublicKey */
+        PKIX_CHECK(PKIX_PL_Cert_GetSubjectPublicKey
+                    (cert, &nssPubKey, plContext),
+                    PKIX_CERTGETSUBJECTPUBLICKEYFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                ((PKIX_PL_Object *)nssPubKey, &nssPubKeyString, plContext),
+                PKIX_PUBLICKEYTOSTRINGFAILED);
+
+        /* CriticalExtensionOIDs */
+        PKIX_CHECK(PKIX_PL_Cert_GetCriticalExtensionOIDs
+                (cert, &critExtOIDs, plContext),
+                PKIX_CERTGETCRITICALEXTENSIONOIDSFAILED);
+
+        PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        /* ExtendedKeyUsages */
+        PKIX_CHECK(PKIX_PL_Cert_GetExtendedKeyUsage
+                (cert, &extKeyUsages, plContext),
+                PKIX_CERTGETEXTENDEDKEYUSAGEFAILED);
+
+        PKIX_TOSTRING(extKeyUsages, &extKeyUsagesString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        /* CertBasicConstraints */
+        PKIX_CHECK(PKIX_PL_Cert_GetBasicConstraints
+                (cert, &basicConstraint, plContext),
+                PKIX_CERTGETBASICCONSTRAINTSFAILED);
+
+        PKIX_TOSTRING(basicConstraint, &certBasicConstraintsString, plContext,
+                PKIX_CERTBASICCONSTRAINTSTOSTRINGFAILED);
+
+        /* CertPolicyInfo */
+        PKIX_CHECK(PKIX_PL_Cert_GetPolicyInformation
+                (cert, &policyInfo, plContext),
+                PKIX_CERTGETPOLICYINFORMATIONFAILED);
+
+        PKIX_TOSTRING(policyInfo, &certPolicyInfoString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        /* Advanced Policies */
+        PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappings
+                (cert, &certPolicyMappings, plContext),
+                PKIX_CERTGETPOLICYMAPPINGSFAILED);
+
+        PKIX_TOSTRING(certPolicyMappings, &certPolicyMappingsString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetRequireExplicitPolicy
+                (cert, &certExplicitPolicy, plContext),
+                PKIX_CERTGETREQUIREEXPLICITPOLICYFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetPolicyMappingInhibited
+                (cert, &certInhibitMapping, plContext),
+                PKIX_CERTGETPOLICYMAPPINGINHIBITEDFAILED);
+
+        PKIX_CHECK(PKIX_PL_Cert_GetInhibitAnyPolicy
+                (cert, &certInhibitAnyPolicy, plContext),
+                PKIX_CERTGETINHIBITANYPOLICYFAILED);
+
+        /* Name Constraints */
+        PKIX_CHECK(PKIX_PL_Cert_GetNameConstraints
+                (cert, &nameConstraints, plContext),
+                PKIX_CERTGETNAMECONSTRAINTSFAILED);
+
+        PKIX_TOSTRING(nameConstraints, &nameConstraintsString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        /* Authority Information Access */
+        PKIX_CHECK(PKIX_PL_Cert_GetAuthorityInfoAccess
+                (cert, &authorityInfoAccess, plContext),
+                PKIX_CERTGETAUTHORITYINFOACCESSFAILED);
+
+        PKIX_TOSTRING(authorityInfoAccess, &authorityInfoAccessString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        /* Subject Information Access */
+        PKIX_CHECK(PKIX_PL_Cert_GetSubjectInfoAccess
+                (cert, &subjectInfoAccess, plContext),
+                PKIX_CERTGETSUBJECTINFOACCESSFAILED);
+
+        PKIX_TOSTRING(subjectInfoAccess, &subjectInfoAccessString, plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&certString,
+                    plContext,
+                    formatString,
+                    certVersion + 1,
+                    certSNString,
+                    certIssuerString,
+                    certSubjectString,
+                    notBeforeString,
+                    notAfterString,
+                    subjAltNamesString,
+                    authKeyIdString,
+                    subjKeyIdString,
+                    nssPubKeyString,
+                    critExtOIDsString,
+                    extKeyUsagesString,
+                    certBasicConstraintsString,
+                    certPolicyInfoString,
+                    certPolicyMappingsString,
+                    certExplicitPolicy,         /* an Int32, not a String */
+                    certInhibitMapping,         /* an Int32, not a String */
+                    certInhibitAnyPolicy,       /* an Int32, not a String */
+                    nameConstraintsString,
+                    authorityInfoAccessString,
+                    subjectInfoAccessString,
+                    cert->cacheFlag),           /* a boolean */
+                    PKIX_SPRINTFFAILED);
+
+        *pString = certString;
+
+cleanup:
+        PKIX_DECREF(certSN);
+        PKIX_DECREF(certSNString);
+        PKIX_DECREF(certIssuer);
+        PKIX_DECREF(certIssuerString);
+        PKIX_DECREF(certSubject);
+        PKIX_DECREF(certSubjectString);
+        PKIX_DECREF(notBeforeString);
+        PKIX_DECREF(notAfterString);
+        PKIX_DECREF(subjAltNames);
+        PKIX_DECREF(subjAltNamesString);
+        PKIX_DECREF(authKeyId);
+        PKIX_DECREF(authKeyIdString);
+        PKIX_DECREF(subjKeyId);
+        PKIX_DECREF(subjKeyIdString);
+        PKIX_DECREF(nssPubKey);
+        PKIX_DECREF(nssPubKeyString);
+        PKIX_DECREF(critExtOIDs);
+        PKIX_DECREF(critExtOIDsString);
+        PKIX_DECREF(extKeyUsages);
+        PKIX_DECREF(extKeyUsagesString);
+        PKIX_DECREF(basicConstraint);
+        PKIX_DECREF(certBasicConstraintsString);
+        PKIX_DECREF(policyInfo);
+        PKIX_DECREF(certPolicyInfoString);
+        PKIX_DECREF(certPolicyMappings);
+        PKIX_DECREF(certPolicyMappingsString);
+        PKIX_DECREF(nameConstraints);
+        PKIX_DECREF(nameConstraintsString);
+        PKIX_DECREF(authorityInfoAccess);
+        PKIX_DECREF(authorityInfoAccessString);
+        PKIX_DECREF(subjectInfoAccess);
+        PKIX_DECREF(subjectInfoAccessString);
+        PKIX_DECREF(formatString);
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Cert_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Cert *cert = NULL;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),
+                    PKIX_OBJECTNOTCERT);
+
+        cert = (PKIX_PL_Cert*)object;
+
+        PKIX_DECREF(cert->subject);
+        PKIX_DECREF(cert->issuer);
+        PKIX_DECREF(cert->subjAltNames);
+        PKIX_DECREF(cert->publicKeyAlgId);
+        PKIX_DECREF(cert->publicKey);
+        PKIX_DECREF(cert->serialNumber);
+        PKIX_DECREF(cert->critExtOids);
+        PKIX_DECREF(cert->authKeyId);
+        PKIX_DECREF(cert->subjKeyId);
+        PKIX_DECREF(cert->extKeyUsages);
+        PKIX_DECREF(cert->certBasicConstraints);
+        PKIX_DECREF(cert->certPolicyInfos);
+        PKIX_DECREF(cert->certPolicyMappings);
+        PKIX_DECREF(cert->nameConstraints);
+        PKIX_DECREF(cert->store);
+        PKIX_DECREF(cert->authorityInfoAccess);
+        PKIX_DECREF(cert->subjectInfoAccess);
+        PKIX_DECREF(cert->crldpList);
+
+        if (cert->arenaNameConstraints){
+                /* This arena was allocated for SubjectAltNames */
+                PKIX_PL_NSSCALL(CERT, PORT_FreeArena,
+                        (cert->arenaNameConstraints, PR_FALSE));
+
+                cert->arenaNameConstraints = NULL;
+                cert->nssSubjAltNames = NULL;
+        }
+
+        CERT_DestroyCertificate(cert->nssCert);
+        cert->nssCert = NULL;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Cert_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *certString = NULL;
+        PKIX_PL_Cert *pkixCert = NULL;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_toString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),
+                    PKIX_OBJECTNOTCERT);
+
+        pkixCert = (PKIX_PL_Cert *)object;
+
+        PKIX_CHECK(pkix_pl_Cert_ToString_Helper
+                    (pkixCert, PKIX_FALSE, &certString, plContext),
+                    PKIX_CERTTOSTRINGHELPERFAILED);
+
+        *pString = certString;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Cert_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_Cert *pkixCert = NULL;
+        CERTCertificate *nssCert = NULL;
+        unsigned char *derBytes = NULL;
+        PKIX_UInt32 derLength;
+        PKIX_UInt32 certHash;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERT_TYPE, plContext),
+                    PKIX_OBJECTNOTCERT);
+
+        pkixCert = (PKIX_PL_Cert *)object;
+
+        nssCert = pkixCert->nssCert;
+        derBytes = (nssCert->derCert).data;
+        derLength = (nssCert->derCert).len;
+
+        PKIX_CHECK(pkix_hash(derBytes, derLength, &certHash, plContext),
+                    PKIX_HASHFAILED);
+
+        *pHashcode = certHash;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_Cert_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Cert_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        CERTCertificate *firstCert = NULL;
+        CERTCertificate *secondCert = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a Cert */
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CERT_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTCERT);
+
+        /*
+         * Since we know firstObject is a Cert, if both references are
+         * identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a Cert, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_CERT_TYPE) goto cleanup;
+
+        firstCert = ((PKIX_PL_Cert *)firstObject)->nssCert;
+        secondCert = ((PKIX_PL_Cert *)secondObject)->nssCert;
+
+        PKIX_NULLCHECK_TWO(firstCert, secondCert);
+
+        /* CERT_CompareCerts does byte comparison on DER encodings of certs */
+        PKIX_CERT_DEBUG("\t\tCalling CERT_CompareCerts).\n");
+        cmpResult = CERT_CompareCerts(firstCert, secondCert);
+
+        *pResult = cmpResult;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERT_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_Cert_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_RegisterSelf");
+
+        entry.description = "Cert";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_Cert);
+        entry.destructor = pkix_pl_Cert_Destroy;
+        entry.equalsFunction = pkix_pl_Cert_Equals;
+        entry.hashcodeFunction = pkix_pl_Cert_Hashcode;
+        entry.toStringFunction = pkix_pl_Cert_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_CERT_TYPE] = entry;
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_CreateWithNSSCert
+ * DESCRIPTION:
+ *
+ *  Creates a new certificate using the CERTCertificate pointed to by "nssCert"
+ *  and stores it at "pCert". Once created, a Cert is immutable.
+ *
+ *  This function is primarily used as a convenience function for the
+ *  performance tests that have easy access to a CERTCertificate.
+ *
+ * PARAMETERS:
+ *  "nssCert"
+ *      Address of CERTCertificate representing the NSS certificate.
+ *      Must be non-NULL.
+ *  "pCert"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Cert_CreateWithNSSCert(
+        CERTCertificate *nssCert,
+        PKIX_PL_Cert **pCert,
+        void *plContext)
+{
+        PKIX_PL_Cert *cert = NULL;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_CreateWithNSSCert");
+        PKIX_NULLCHECK_TWO(pCert, nssCert);
+
+        /* create a PKIX_PL_Cert object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CERT_TYPE,
+                    sizeof (PKIX_PL_Cert),
+                    (PKIX_PL_Object **)&cert,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        /* populate the nssCert field */
+        cert->nssCert = nssCert;
+
+        /* initialize remaining fields */
+        /*
+         * Fields ending with Absent are initialized to PKIX_FALSE so that the
+         * first time we need the value we will look for it. If we find it is
+         * actually absent, the flag will at that time be set to PKIX_TRUE to
+         * prevent searching for it later.
+         * Fields ending with Processed are those where a value is defined
+         * for the Absent case, and a value of zero is possible. When the
+         * flag is still true we have to look for the field, set the default
+         * value if necessary, and set the Processed flag to PKIX_TRUE.
+         */
+        cert->subject = NULL;
+        cert->issuer = NULL;
+        cert->subjAltNames = NULL;
+        cert->subjAltNamesAbsent = PKIX_FALSE;
+        cert->publicKeyAlgId = NULL;
+        cert->publicKey = NULL;
+        cert->serialNumber = NULL;
+        cert->critExtOids = NULL;
+        cert->subjKeyId = NULL;
+        cert->subjKeyIdAbsent = PKIX_FALSE;
+        cert->authKeyId = NULL;
+        cert->authKeyIdAbsent = PKIX_FALSE;
+        cert->extKeyUsages = NULL;
+        cert->extKeyUsagesAbsent = PKIX_FALSE;
+        cert->certBasicConstraints = NULL;
+        cert->basicConstraintsAbsent = PKIX_FALSE;
+        cert->certPolicyInfos = NULL;
+        cert->policyInfoAbsent = PKIX_FALSE;
+        cert->policyMappingsAbsent = PKIX_FALSE;
+        cert->certPolicyMappings = NULL;
+        cert->policyConstraintsProcessed = PKIX_FALSE;
+        cert->policyConstraintsExplicitPolicySkipCerts = 0;
+        cert->policyConstraintsInhibitMappingSkipCerts = 0;
+        cert->inhibitAnyPolicyProcessed = PKIX_FALSE;
+        cert->inhibitAnySkipCerts = 0;
+        cert->nameConstraints = NULL;
+        cert->nameConstraintsAbsent = PKIX_FALSE;
+        cert->arenaNameConstraints = NULL;
+        cert->nssSubjAltNames = NULL;
+        cert->cacheFlag = PKIX_FALSE;
+        cert->store = NULL;
+        cert->authorityInfoAccess = NULL;
+        cert->subjectInfoAccess = NULL;
+        cert->isUserTrustAnchor = PKIX_FALSE;
+        cert->crldpList = NULL;
+
+        *pCert = cert;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Cert_CreateToList
+ * DESCRIPTION:
+ *
+ *  Creates a new certificate using the DER-encoding pointed to by "derCertItem"
+ *  and appends it to the list pointed to by "certList". If Cert creation fails,
+ *  the function returns with certList unchanged, but any decoding Error is
+ *  discarded.
+ *
+ * PARAMETERS:
+ *  "derCertItem"
+ *      Address of SECItem containing the DER representation of a certificate.
+ *      Must be non-NULL.
+ *  "certList"
+ *      Address of List to which the Cert will be appended, if successfully
+ *      created. May be empty, but must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Cert_CreateToList(
+        SECItem *derCertItem,
+        PKIX_List *certList,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        PKIX_PL_Cert *cert = NULL;
+        CERTCertDBHandle *handle;
+
+        PKIX_ENTER(CERT, "pkix_pl_Cert_CreateToList");
+        PKIX_NULLCHECK_TWO(derCertItem, certList);
+
+        handle  = CERT_GetDefaultCertDB();
+        nssCert = CERT_NewTempCertificate(handle, derCertItem,
+					  /* nickname */ NULL, 
+					  /* isPerm   */ PR_FALSE, 
+					  /* copyDer  */ PR_TRUE);
+        if (!nssCert) {
+            goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCert
+                   (nssCert, &cert, plContext),
+                   PKIX_CERTCREATEWITHNSSCERTFAILED);
+
+        nssCert = NULL;
+
+        PKIX_CHECK(PKIX_List_AppendItem
+                   (certList, (PKIX_PL_Object *) cert, plContext),
+                   PKIX_LISTAPPENDITEMFAILED);
+
+cleanup:
+        if (nssCert) {
+            CERT_DestroyCertificate(nssCert);
+        }
+
+        PKIX_DECREF(cert);
+        PKIX_RETURN(CERT);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_Cert_Create (see comments in pkix_pl_pki.h)
+ * XXX We may want to cache the cert after parsing it, so it can be reused
+ * XXX Are the NSS/NSPR functions thread safe
+ */
+PKIX_Error *
+PKIX_PL_Cert_Create(
+        PKIX_PL_ByteArray *byteArray,
+        PKIX_PL_Cert **pCert,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        SECItem *derCertItem = NULL;
+        void *derBytes = NULL;
+        PKIX_UInt32 derLength;
+        PKIX_PL_Cert *cert = NULL;
+        CERTCertDBHandle *handle;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_Create");
+        PKIX_NULLCHECK_TWO(pCert, byteArray);
+
+        PKIX_CHECK(PKIX_PL_ByteArray_GetPointer
+                    (byteArray, &derBytes, plContext),
+                    PKIX_BYTEARRAYGETPOINTERFAILED);
+
+        PKIX_CHECK(PKIX_PL_ByteArray_GetLength
+                    (byteArray, &derLength, plContext),
+                    PKIX_BYTEARRAYGETLENGTHFAILED);
+
+        derCertItem = SECITEM_AllocItem(NULL, NULL, derLength);
+        if (derCertItem == NULL){
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        (void) PORT_Memcpy(derCertItem->data, derBytes, derLength);
+
+        /*
+         * setting copyDER to true forces NSS to make its own copy of the DER,
+         * allowing us to free our copy without worrying about whether NSS
+         * is still using it
+         */
+        handle  = CERT_GetDefaultCertDB();
+        nssCert = CERT_NewTempCertificate(handle, derCertItem,
+					  /* nickname */ NULL, 
+					  /* isPerm   */ PR_FALSE, 
+					  /* copyDer  */ PR_TRUE);
+        if (!nssCert){
+                PKIX_ERROR(PKIX_CERTDECODEDERCERTIFICATEFAILED);
+        }
+
+        PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCert
+                (nssCert, &cert, plContext),
+                PKIX_CERTCREATEWITHNSSCERTFAILED);
+
+        *pCert = cert;
+
+cleanup:
+        if (derCertItem){
+                SECITEM_FreeItem(derCertItem, PKIX_TRUE);
+        }
+
+        if (nssCert && PKIX_ERROR_RECEIVED){
+                PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n");
+                CERT_DestroyCertificate(nssCert);
+                nssCert = NULL;
+        }
+
+        PKIX_FREE(derBytes);
+        PKIX_RETURN(CERT);
+}
+
+
+/*
+ * FUNCTION: PKIX_PL_Cert_CreateFromCERTCertificate
+ *  (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_CreateFromCERTCertificate(
+        const CERTCertificate *nssCert,
+        PKIX_PL_Cert **pCert,
+        void *plContext)
+{
+        void *buf = NULL;
+        PKIX_UInt32 len;
+        PKIX_PL_ByteArray *byteArray = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_CreateWithNssCert");
+        PKIX_NULLCHECK_TWO(pCert, nssCert);
+
+        buf = (void*)nssCert->derCert.data;
+        len = nssCert->derCert.len;
+
+        PKIX_CHECK(
+            PKIX_PL_ByteArray_Create(buf, len, &byteArray, plContext),
+            PKIX_BYTEARRAYCREATEFAILED);
+
+        PKIX_CHECK(
+            PKIX_PL_Cert_Create(byteArray, pCert, plContext),
+            PKIX_CERTCREATEWITHNSSCERTFAILED);
+
+#ifdef PKIX_UNDEF
+        /* will be tested and used as a patch for bug 391612 */
+        nssCert = CERT_DupCertificate(nssInCert);
+
+        PKIX_CHECK(pkix_pl_Cert_CreateWithNSSCert
+                (nssCert, &cert, plContext),
+                PKIX_CERTCREATEWITHNSSCERTFAILED);
+#endif /* PKIX_UNDEF */
+
+cleanup:
+
+#ifdef PKIX_UNDEF
+        if (nssCert && PKIX_ERROR_RECEIVED){
+                PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyCertificate).\n");
+                CERT_DestroyCertificate(nssCert);
+                nssCert = NULL;
+        }
+#endif /* PKIX_UNDEF */
+
+        PKIX_DECREF(byteArray);
+        PKIX_RETURN(CERT);
+}
+
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetVersion (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetVersion(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 *pVersion,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        PKIX_UInt32 myVersion = 0;  /* v1 */
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetVersion");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pVersion);
+
+        nssCert = cert->nssCert;
+        if (nssCert->version.len != 0) {
+                myVersion = *(nssCert->version.data);
+        }
+
+        if (myVersion > 2){
+                PKIX_ERROR(PKIX_VERSIONVALUEMUSTBEV1V2ORV3);
+        }
+
+        *pVersion = myVersion;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSerialNumber (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSerialNumber(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_BigInt **pSerialNumber,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        SECItem serialNumItem;
+        PKIX_PL_BigInt *serialNumber = NULL;
+        char *bytes = NULL;
+        PKIX_UInt32 length;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSerialNumber");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSerialNumber);
+
+        if (cert->serialNumber == NULL){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (cert->serialNumber == NULL){
+
+                        nssCert = cert->nssCert;
+                        serialNumItem = nssCert->serialNumber;
+
+                        length = serialNumItem.len;
+                        bytes = (char *)serialNumItem.data;
+
+                        PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
+                                    (bytes, length, &serialNumber, plContext),
+                                    PKIX_BIGINTCREATEWITHBYTESFAILED);
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->serialNumber = serialNumber;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->serialNumber);
+        *pSerialNumber = cert->serialNumber;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubject (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubject(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_X500Name **pCertSubject,
+        void *plContext)
+{
+        PKIX_PL_X500Name *pkixSubject = NULL;
+        CERTName *subjName = NULL;
+        SECItem  *derSubjName = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubject");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertSubject);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->subject == NULL){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (cert->subject == NULL){
+
+                        subjName = &cert->nssCert->subject;
+                        derSubjName = &cert->nssCert->derSubject;
+
+                        /* if there is no subject name */
+                        if (derSubjName->data == NULL) {
+
+                                pkixSubject = NULL;
+
+                        } else {
+                                PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTName
+                                    (derSubjName, subjName, &pkixSubject,
+                                     plContext),
+                                    PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
+
+                        }
+                        /* save a cached copy in case it is asked for again */
+                        cert->subject = pkixSubject;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->subject);
+        *pCertSubject = cert->subject;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetIssuer (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetIssuer(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_X500Name **pCertIssuer,
+        void *plContext)
+{
+        PKIX_PL_X500Name *pkixIssuer = NULL;
+        SECItem  *derIssuerName = NULL;
+        CERTName *issuerName = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetIssuer");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pCertIssuer);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->issuer == NULL){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (cert->issuer == NULL){
+
+                        issuerName = &cert->nssCert->issuer;
+                        derIssuerName = &cert->nssCert->derIssuer;
+
+                        /* if there is no subject name */
+                        PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTName
+                                    (derIssuerName, issuerName,
+                                     &pkixIssuer, plContext),
+                                    PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->issuer = pkixIssuer;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->issuer);
+        *pCertIssuer = cert->issuer;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectAltNames (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectAltNames(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pSubjectAltNames,  /* list of PKIX_PL_GeneralName */
+        void *plContext)
+{
+        PKIX_PL_GeneralName *pkixAltName = NULL;
+        PKIX_List *altNamesList = NULL;
+
+        CERTGeneralName *nssOriginalAltName = NULL;
+        CERTGeneralName *nssTempAltName = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectAltNames");
+        PKIX_NULLCHECK_TWO(cert, pSubjectAltNames);
+
+        /* if we don't have a cached copy from before, we create one */
+        if ((cert->subjAltNames == NULL) && (!cert->subjAltNamesAbsent)){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if ((cert->subjAltNames == NULL) &&
+                    (!cert->subjAltNamesAbsent)){
+
+                        PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNames
+                                (cert,
+                                PKIX_TRUE,
+                                &nssOriginalAltName,
+                                plContext),
+                                PKIX_CERTGETNSSSUBJECTALTNAMESFAILED);
+
+                        if (nssOriginalAltName == NULL) {
+                                cert->subjAltNamesAbsent = PKIX_TRUE;
+                                pSubjectAltNames = NULL;
+                                goto cleanup;
+                        }
+
+                        nssTempAltName = nssOriginalAltName;
+
+                        PKIX_CHECK(PKIX_List_Create(&altNamesList, plContext),
+                                PKIX_LISTCREATEFAILED);
+
+                        do {
+                            PKIX_CHECK(pkix_pl_GeneralName_Create
+                                (nssTempAltName, &pkixAltName, plContext),
+                                PKIX_GENERALNAMECREATEFAILED);
+
+                            PKIX_CHECK(PKIX_List_AppendItem
+                                (altNamesList,
+                                (PKIX_PL_Object *)pkixAltName,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+
+                            PKIX_DECREF(pkixAltName);
+
+                            PKIX_CERT_DEBUG
+                                ("\t\tCalling CERT_GetNextGeneralName).\n");
+                            nssTempAltName = CERT_GetNextGeneralName
+                                (nssTempAltName);
+
+                        } while (nssTempAltName != nssOriginalAltName);
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->subjAltNames = altNamesList;
+                        PKIX_CHECK(PKIX_List_SetImmutable
+                                (cert->subjAltNames, plContext),
+                                PKIX_LISTSETIMMUTABLEFAILED);
+
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->subjAltNames);
+
+        *pSubjectAltNames = cert->subjAltNames;
+
+cleanup:
+        PKIX_DECREF(pkixAltName);
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(altNamesList);
+        }
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetAllSubjectNames (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetAllSubjectNames(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pAllSubjectNames,  /* list of PKIX_PL_GeneralName */
+        void *plContext)
+{
+        CERTGeneralName *nssOriginalSubjectName = NULL;
+        CERTGeneralName *nssTempSubjectName = NULL;
+        PKIX_List *allSubjectNames = NULL;
+        PKIX_PL_GeneralName *pkixSubjectName = NULL;
+        PLArenaPool *arena = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAllSubjectNames");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAllSubjectNames);
+
+
+        if (cert->nssCert->subjectName == NULL){
+                /* if there is no subject DN, just get altnames */
+
+                PKIX_CHECK(pkix_pl_Cert_GetNssSubjectAltNames
+                            (cert,
+                            PKIX_FALSE, /* hasLock */
+                            &nssOriginalSubjectName,
+                            plContext),
+                            PKIX_CERTGETNSSSUBJECTALTNAMESFAILED);
+
+        } else { /* get subject DN and altnames */
+
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }
+
+                /* This NSS call returns both Subject and  Subject Alt Names */
+                PKIX_CERT_DEBUG("\t\tCalling CERT_GetCertificateNames\n");
+                nssOriginalSubjectName =
+                        CERT_GetCertificateNames(cert->nssCert, arena);
+        }
+
+        if (nssOriginalSubjectName == NULL) {
+                pAllSubjectNames = NULL;
+                goto cleanup;
+        }
+
+        nssTempSubjectName = nssOriginalSubjectName;
+
+        PKIX_CHECK(PKIX_List_Create(&allSubjectNames, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        do {
+                PKIX_CHECK(pkix_pl_GeneralName_Create
+                            (nssTempSubjectName, &pkixSubjectName, plContext),
+                            PKIX_GENERALNAMECREATEFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                            (allSubjectNames,
+                            (PKIX_PL_Object *)pkixSubjectName,
+                            plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(pkixSubjectName);
+
+                PKIX_CERT_DEBUG
+                        ("\t\tCalling CERT_GetNextGeneralName).\n");
+                nssTempSubjectName = CERT_GetNextGeneralName
+                        (nssTempSubjectName);
+        } while (nssTempSubjectName != nssOriginalSubjectName);
+
+        *pAllSubjectNames = allSubjectNames;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(allSubjectNames);
+        }
+
+        if (arena){
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+        PKIX_DECREF(pkixSubjectName);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKeyAlgId
+ *      (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectPublicKeyAlgId(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_OID **pSubjKeyAlgId,
+        void *plContext)
+{
+        PKIX_PL_OID *pubKeyAlgId = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKeyAlgId");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyAlgId);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->publicKeyAlgId == NULL){
+                PKIX_OBJECT_LOCK(cert);
+                if (cert->publicKeyAlgId == NULL){
+                        CERTCertificate *nssCert = cert->nssCert;
+                        SECAlgorithmID *algorithm;
+                        SECItem *algBytes;
+
+                        algorithm = &nssCert->subjectPublicKeyInfo.algorithm;
+                        algBytes = &algorithm->algorithm;
+                        if (!algBytes->data || !algBytes->len) {
+                            PKIX_ERROR_FATAL(PKIX_ALGORITHMBYTESLENGTH0);
+                        }
+                        PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
+                                    (algBytes, &pubKeyAlgId, plContext),
+                                    PKIX_OIDCREATEFAILED);
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->publicKeyAlgId = pubKeyAlgId;
+                        pubKeyAlgId = NULL;
+                }
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->publicKeyAlgId);
+        *pSubjKeyAlgId = cert->publicKeyAlgId;
+
+cleanup:
+        PKIX_DECREF(pubKeyAlgId);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectPublicKey (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectPublicKey(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_PublicKey **pPublicKey,
+        void *plContext)
+{
+        PKIX_PL_PublicKey *pkixPubKey = NULL;
+        SECStatus rv;
+
+        CERTSubjectPublicKeyInfo *from = NULL;
+        CERTSubjectPublicKeyInfo *to = NULL;
+        SECItem *fromItem = NULL;
+        SECItem *toItem = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectPublicKey");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPublicKey);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->publicKey == NULL){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (cert->publicKey == NULL){
+
+                        /* create a PKIX_PL_PublicKey object */
+                        PKIX_CHECK(PKIX_PL_Object_Alloc
+                                    (PKIX_PUBLICKEY_TYPE,
+                                    sizeof (PKIX_PL_PublicKey),
+                                    (PKIX_PL_Object **)&pkixPubKey,
+                                    plContext),
+                                    PKIX_COULDNOTCREATEOBJECT);
+
+                        /* initialize fields */
+                        pkixPubKey->nssSPKI = NULL;
+
+                        /* populate the SPKI field */
+                        PKIX_CHECK(PKIX_PL_Malloc
+                                    (sizeof (CERTSubjectPublicKeyInfo),
+                                    (void **)&pkixPubKey->nssSPKI,
+                                    plContext),
+                                    PKIX_MALLOCFAILED);
+
+                        to = pkixPubKey->nssSPKI;
+                        from  = &cert->nssCert->subjectPublicKeyInfo;
+
+                        PKIX_NULLCHECK_TWO(to, from);
+
+                        PKIX_CERT_DEBUG
+                                ("\t\tCalling SECOID_CopyAlgorithmID).\n");
+                        rv = SECOID_CopyAlgorithmID
+                                (NULL, &to->algorithm, &from->algorithm);
+                        if (rv != SECSuccess) {
+                                PKIX_ERROR(PKIX_SECOIDCOPYALGORITHMIDFAILED);
+                        }
+
+                        /*
+                         * NSS stores the length of subjectPublicKey in bits.
+                         * Therefore, we use that length converted to bytes
+                         * using ((length+7)>>3) before calling PORT_Memcpy
+                         * in order to avoid "read from uninitialized memory"
+                         * errors.
+                         */
+
+                        toItem = &to->subjectPublicKey;
+                        fromItem = &from->subjectPublicKey;
+
+                        PKIX_NULLCHECK_TWO(toItem, fromItem);
+
+                        toItem->type = fromItem->type;
+
+                        toItem->data =
+                                (unsigned char*) PORT_ZAlloc(fromItem->len);
+                        if (!toItem->data){
+                                PKIX_ERROR(PKIX_OUTOFMEMORY);
+                        }
+
+                        (void) PORT_Memcpy(toItem->data,
+                                    fromItem->data,
+                                    (fromItem->len + 7)>>3);
+                        toItem->len = fromItem->len;
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->publicKey = pkixPubKey;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->publicKey);
+        *pPublicKey = cert->publicKey;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED && pkixPubKey){
+                PKIX_DECREF(pkixPubKey);
+                cert->publicKey = NULL;
+        }
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCriticalExtensionOIDs
+ *      (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCriticalExtensionOIDs(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pList,  /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_List *oidsList = NULL;
+        CERTCertExtension **extensions = NULL;
+        CERTCertificate *nssCert = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCriticalExtensionOIDs");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pList);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->critExtOids == NULL) {
+
+            PKIX_OBJECT_LOCK(cert);
+
+            if (cert->critExtOids == NULL) {
+
+                nssCert = cert->nssCert;
+
+                /*
+                 * ASN.1 for Extension
+                 *
+                 * Extension  ::=  SEQUENCE  {
+                 *      extnID          OBJECT IDENTIFIER,
+                 *      critical        BOOLEAN DEFAULT FALSE,
+                 *      extnValue       OCTET STRING  }
+                 *
+                 */
+
+                extensions = nssCert->extensions;
+
+                PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
+                            (extensions, &oidsList, plContext),
+                            PKIX_GETCRITICALEXTENSIONOIDSFAILED);
+
+                /* save a cached copy in case it is asked for again */
+                cert->critExtOids = oidsList;
+            }
+
+            PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        /* We should return a copy of the List since this list changes */
+        PKIX_DUPLICATE(cert->critExtOids, pList, plContext,
+                PKIX_OBJECTDUPLICATELISTFAILED);
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetAuthorityKeyIdentifier
+ *      (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetAuthorityKeyIdentifier(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_ByteArray **pAuthKeyId,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *authKeyId = NULL;
+        CERTCertificate *nssCert = NULL;
+        CERTAuthKeyID *authKeyIdExtension = NULL;
+        PLArenaPool *arena = NULL;
+        SECItem retItem;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityKeyIdentifier");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAuthKeyId);
+
+        /* if we don't have a cached copy from before, we create one */
+        if ((cert->authKeyId == NULL) && (!cert->authKeyIdAbsent)){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if ((cert->authKeyId == NULL) && (!cert->authKeyIdAbsent)){
+
+                        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                        if (arena == NULL) {
+                                PKIX_ERROR(PKIX_OUTOFMEMORY);
+                        }
+
+                        nssCert = cert->nssCert;
+
+                        authKeyIdExtension =
+                                CERT_FindAuthKeyIDExten(arena, nssCert);
+                        if (authKeyIdExtension == NULL){
+                                cert->authKeyIdAbsent = PKIX_TRUE;
+                                *pAuthKeyId = NULL;
+                                goto cleanup;
+                        }
+
+                        retItem = authKeyIdExtension->keyID;
+
+                        if (retItem.len == 0){
+                                cert->authKeyIdAbsent = PKIX_TRUE;
+                                *pAuthKeyId = NULL;
+                                goto cleanup;
+                        }
+
+                        PKIX_CHECK(PKIX_PL_ByteArray_Create
+                                    (retItem.data,
+                                    retItem.len,
+                                    &authKeyId,
+                                    plContext),
+                                    PKIX_BYTEARRAYCREATEFAILED);
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->authKeyId = authKeyId;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->authKeyId);
+        *pAuthKeyId = cert->authKeyId;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        if (arena){
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectKeyIdentifier
+ *      (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectKeyIdentifier(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_ByteArray **pSubjKeyId,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *subjKeyId = NULL;
+        CERTCertificate *nssCert = NULL;
+        SECItem *retItem = NULL;
+        SECStatus status;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectKeyIdentifier");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSubjKeyId);
+
+        /* if we don't have a cached copy from before, we create one */
+        if ((cert->subjKeyId == NULL) && (!cert->subjKeyIdAbsent)){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if ((cert->subjKeyId == NULL) && (!cert->subjKeyIdAbsent)){
+
+                        retItem = SECITEM_AllocItem(NULL, NULL, 0);
+                        if (retItem == NULL){
+                                PKIX_ERROR(PKIX_OUTOFMEMORY);
+                        }
+
+                        nssCert = cert->nssCert;
+
+                        status = CERT_FindSubjectKeyIDExtension
+                                (nssCert, retItem);
+                        if (status != SECSuccess) {
+                                cert->subjKeyIdAbsent = PKIX_TRUE;
+                                *pSubjKeyId = NULL;
+                                goto cleanup;
+                        }
+
+                        PKIX_CHECK(PKIX_PL_ByteArray_Create
+                                    (retItem->data,
+                                    retItem->len,
+                                    &subjKeyId,
+                                    plContext),
+                                    PKIX_BYTEARRAYCREATEFAILED);
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->subjKeyId = subjKeyId;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->subjKeyId);
+        *pSubjKeyId = cert->subjKeyId;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        if (retItem){
+                SECITEM_FreeItem(retItem, PKIX_TRUE);
+        }
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetExtendedKeyUsage (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetExtendedKeyUsage(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pKeyUsage,  /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        CERTOidSequence *extKeyUsage = NULL;
+        CERTCertificate *nssCert = NULL;
+        PKIX_PL_OID *pkixOID = NULL;
+        PKIX_List *oidsList = NULL;
+        SECItem **oids = NULL;
+        SECItem encodedExtKeyUsage;
+        SECStatus rv;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetExtendedKeyUsage");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pKeyUsage);
+
+        /* if we don't have a cached copy from before, we create one */
+        if ((cert->extKeyUsages == NULL) && (!cert->extKeyUsagesAbsent)){
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if ((cert->extKeyUsages == NULL) &&
+                    (!cert->extKeyUsagesAbsent)){
+
+                        nssCert = cert->nssCert;
+
+                        rv = CERT_FindCertExtension
+                                (nssCert, SEC_OID_X509_EXT_KEY_USAGE,
+                                &encodedExtKeyUsage);
+                        if (rv != SECSuccess){
+                                cert->extKeyUsagesAbsent = PKIX_TRUE;
+                                *pKeyUsage = NULL;
+                                goto cleanup;
+                        }
+
+                        extKeyUsage =
+                                CERT_DecodeOidSequence(&encodedExtKeyUsage);
+                        if (extKeyUsage == NULL){
+                                PKIX_ERROR(PKIX_CERTDECODEOIDSEQUENCEFAILED);
+                        }
+
+                        PORT_Free(encodedExtKeyUsage.data);
+
+                        oids = extKeyUsage->oids;
+
+                        if (!oids){
+                                /* no extended key usage extensions found */
+                                cert->extKeyUsagesAbsent = PKIX_TRUE;
+                                *pKeyUsage = NULL;
+                                goto cleanup;
+                        }
+
+                        PKIX_CHECK(PKIX_List_Create(&oidsList, plContext),
+                                    PKIX_LISTCREATEFAILED);
+
+                        while (*oids){
+                                SECItem *oid = *oids++;
+
+                                PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
+                                            (oid, &pkixOID, plContext),
+                                            PKIX_OIDCREATEFAILED);
+
+                                PKIX_CHECK(PKIX_List_AppendItem
+                                            (oidsList,
+                                            (PKIX_PL_Object *)pkixOID,
+                                            plContext),
+                                            PKIX_LISTAPPENDITEMFAILED);
+                                PKIX_DECREF(pkixOID);
+                        }
+
+                        PKIX_CHECK(PKIX_List_SetImmutable
+                                    (oidsList, plContext),
+                                    PKIX_LISTSETIMMUTABLEFAILED);
+
+                        /* save a cached copy in case it is asked for again */
+                        cert->extKeyUsages = oidsList;
+                        oidsList = NULL;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->extKeyUsages);
+        *pKeyUsage = cert->extKeyUsages;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+
+        PKIX_DECREF(pkixOID);
+        PKIX_DECREF(oidsList);
+        CERT_DestroyOidSequence(extKeyUsage);
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetBasicConstraints
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetBasicConstraints(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_CertBasicConstraints **pBasicConstraints,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        CERTBasicConstraints nssBasicConstraint;
+        SECStatus rv;
+        PKIX_PL_CertBasicConstraints *basic;
+        PKIX_Int32 pathLen = 0;
+        PKIX_Boolean isCA = PKIX_FALSE;
+        enum {
+          realBC, synthBC, absentBC
+        } constraintSource = absentBC;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetBasicConstraints");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pBasicConstraints);
+
+        /* if we don't have a cached copy from before, we create one */
+        if ((cert->certBasicConstraints == NULL) &&
+                (!cert->basicConstraintsAbsent)) {
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if ((cert->certBasicConstraints == NULL) &&
+                    (!cert->basicConstraintsAbsent)) {
+
+                        nssCert = cert->nssCert;
+
+                        PKIX_CERT_DEBUG(
+                            "\t\tCalling Cert_FindBasicConstraintExten\n");
+                        rv = CERT_FindBasicConstraintExten
+                                (nssCert, &nssBasicConstraint);
+                        if (rv == SECSuccess) {
+                            constraintSource = realBC;
+                        }
+
+                        if (constraintSource == absentBC) {
+                            /* can we deduce it's a CA and create a 
+                               synthetic constraint?
+                            */
+                            CERTCertTrust trust;
+                            rv = CERT_GetCertTrust(nssCert, &trust);
+                            if (rv == SECSuccess) {
+                                int anyWantedFlag = CERTDB_TRUSTED_CA | CERTDB_VALID_CA;
+                                if ((trust.sslFlags & anyWantedFlag) 
+                                    || (trust.emailFlags & anyWantedFlag) 
+                                    || (trust.objectSigningFlags & anyWantedFlag)) {
+
+                                    constraintSource = synthBC;
+                                }
+                            }
+                        }
+
+                        if (constraintSource == absentBC) {
+                            cert->basicConstraintsAbsent = PKIX_TRUE;
+                            *pBasicConstraints = NULL;
+                            goto cleanup;
+                        }
+                }
+
+                if (constraintSource == synthBC) {
+                    isCA = PKIX_TRUE;
+                    pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT;
+                } else {
+                    isCA = (nssBasicConstraint.isCA)?PKIX_TRUE:PKIX_FALSE;
+    
+                    /* The pathLen has meaning only for CAs */
+                    if (isCA) {
+                        if (CERT_UNLIMITED_PATH_CONSTRAINT ==
+                            nssBasicConstraint.pathLenConstraint) {
+                            pathLen = PKIX_UNLIMITED_PATH_CONSTRAINT;
+                        } else {
+                            pathLen = nssBasicConstraint.pathLenConstraint;
+                        }
+                    }
+                }
+
+                PKIX_CHECK(pkix_pl_CertBasicConstraints_Create
+                            (isCA, pathLen, &basic, plContext),
+                            PKIX_CERTBASICCONSTRAINTSCREATEFAILED);
+
+                /* save a cached copy in case it is asked for again */
+                cert->certBasicConstraints = basic;
+        }
+
+        PKIX_INCREF(cert->certBasicConstraints);
+        *pBasicConstraints = cert->certBasicConstraints;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetPolicyInformation
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetPolicyInformation(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pPolicyInfo,
+        void *plContext)
+{
+        PKIX_List *policyList = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyInformation");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyInfo);
+
+        /* if we don't have a cached copy from before, we create one */
+        if ((cert->certPolicyInfos == NULL) &&
+                (!cert->policyInfoAbsent)) {
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if ((cert->certPolicyInfos == NULL) &&
+                    (!cert->policyInfoAbsent)) {
+
+                        PKIX_CHECK(pkix_pl_Cert_DecodePolicyInfo
+                                (cert->nssCert, &policyList, plContext),
+                                PKIX_CERTDECODEPOLICYINFOFAILED);
+
+                        if (!policyList) {
+                                cert->policyInfoAbsent = PKIX_TRUE;
+                                *pPolicyInfo = NULL;
+                                goto cleanup;
+                        }
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+
+                /* save a cached copy in case it is asked for again */
+                cert->certPolicyInfos = policyList;
+                policyList = NULL;
+        }
+
+        PKIX_INCREF(cert->certPolicyInfos);
+        *pPolicyInfo = cert->certPolicyInfos;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+
+        PKIX_DECREF(policyList);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetPolicyMappings (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetPolicyMappings(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pPolicyMappings, /* list of PKIX_PL_CertPolicyMap */
+        void *plContext)
+{
+        PKIX_List *policyMappings = NULL; /* list of PKIX_PL_CertPolicyMap */
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappings");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pPolicyMappings);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (!(cert->certPolicyMappings) && !(cert->policyMappingsAbsent)) {
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (!(cert->certPolicyMappings) &&
+                    !(cert->policyMappingsAbsent)) {
+
+                        PKIX_CHECK(pkix_pl_Cert_DecodePolicyMapping
+                                (cert->nssCert, &policyMappings, plContext),
+                                PKIX_CERTDECODEPOLICYMAPPINGFAILED);
+
+                        if (!policyMappings) {
+                                cert->policyMappingsAbsent = PKIX_TRUE;
+                                *pPolicyMappings = NULL;
+                                goto cleanup;
+                        }
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+
+                /* save a cached copy in case it is asked for again */
+                cert->certPolicyMappings = policyMappings; 
+                policyMappings = NULL;
+        }
+
+        PKIX_INCREF(cert->certPolicyMappings);
+        *pPolicyMappings = cert->certPolicyMappings;
+        
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+
+        PKIX_DECREF(policyMappings);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetRequireExplicitPolicy
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetRequireExplicitPolicy(
+        PKIX_PL_Cert *cert,
+        PKIX_Int32 *pSkipCerts,
+        void *plContext)
+{
+        PKIX_Int32 explicitPolicySkipCerts = 0;
+        PKIX_Int32 inhibitMappingSkipCerts = 0;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetRequireExplicitPolicy");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts);
+
+        if (!(cert->policyConstraintsProcessed)) {
+                PKIX_OBJECT_LOCK(cert);
+
+                if (!(cert->policyConstraintsProcessed)) {
+
+                        /*
+                         * If we can't process it now, we probably will be
+                         * unable to process it later. Set the default value.
+                         */
+                        cert->policyConstraintsProcessed = PKIX_TRUE;
+                        cert->policyConstraintsExplicitPolicySkipCerts = -1;
+                        cert->policyConstraintsInhibitMappingSkipCerts = -1;
+
+                        PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraints
+                                (cert->nssCert,
+                                &explicitPolicySkipCerts,
+                                &inhibitMappingSkipCerts,
+                                plContext),
+                                PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED);
+
+                        cert->policyConstraintsExplicitPolicySkipCerts =
+                                explicitPolicySkipCerts;
+                        cert->policyConstraintsInhibitMappingSkipCerts =
+                                inhibitMappingSkipCerts;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        *pSkipCerts = cert->policyConstraintsExplicitPolicySkipCerts;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetPolicyMappingInhibited
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetPolicyMappingInhibited(
+        PKIX_PL_Cert *cert,
+        PKIX_Int32 *pSkipCerts,
+        void *plContext)
+{
+        PKIX_Int32 explicitPolicySkipCerts = 0;
+        PKIX_Int32 inhibitMappingSkipCerts = 0;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetPolicyMappingInhibited");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts);
+
+        if (!(cert->policyConstraintsProcessed)) {
+                PKIX_OBJECT_LOCK(cert);
+
+                if (!(cert->policyConstraintsProcessed)) {
+
+                        /*
+                         * If we can't process it now, we probably will be
+                         * unable to process it later. Set the default value.
+                         */
+                        cert->policyConstraintsProcessed = PKIX_TRUE;
+                        cert->policyConstraintsExplicitPolicySkipCerts = -1;
+                        cert->policyConstraintsInhibitMappingSkipCerts = -1;
+
+                        PKIX_CHECK(pkix_pl_Cert_DecodePolicyConstraints
+                                (cert->nssCert,
+                                &explicitPolicySkipCerts,
+                                &inhibitMappingSkipCerts,
+                                plContext),
+                                PKIX_CERTDECODEPOLICYCONSTRAINTSFAILED);
+
+                        cert->policyConstraintsExplicitPolicySkipCerts =
+                                explicitPolicySkipCerts;
+                        cert->policyConstraintsInhibitMappingSkipCerts =
+                                inhibitMappingSkipCerts;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        *pSkipCerts = cert->policyConstraintsInhibitMappingSkipCerts;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetInhibitAnyPolicy (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetInhibitAnyPolicy(
+        PKIX_PL_Cert *cert,
+        PKIX_Int32 *pSkipCerts,
+        void *plContext)
+{
+        PKIX_Int32 skipCerts = 0;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetInhibitAnyPolicy");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSkipCerts);
+
+        if (!(cert->inhibitAnyPolicyProcessed)) {
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (!(cert->inhibitAnyPolicyProcessed)) {
+
+                        /*
+                         * If we can't process it now, we probably will be
+                         * unable to process it later. Set the default value.
+                         */
+                        cert->inhibitAnyPolicyProcessed = PKIX_TRUE;
+                        cert->inhibitAnySkipCerts = -1;
+
+                        PKIX_CHECK(pkix_pl_Cert_DecodeInhibitAnyPolicy
+                                (cert->nssCert, &skipCerts, plContext),
+                                PKIX_CERTDECODEINHIBITANYPOLICYFAILED);
+
+                        cert->inhibitAnySkipCerts = skipCerts;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        *pSkipCerts = cert->inhibitAnySkipCerts;
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_AreCertPoliciesCritical
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_AreCertPoliciesCritical(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pCritical,
+        void *plContext)
+{
+        PKIX_Boolean criticality = PKIX_FALSE;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_AreCertPoliciesCritical");
+        PKIX_NULLCHECK_TWO(cert, pCritical);
+
+        PKIX_CHECK(pkix_pl_Cert_IsExtensionCritical(
+                cert,
+                SEC_OID_X509_CERTIFICATE_POLICIES,
+                &criticality,
+                plContext),
+                PKIX_CERTISEXTENSIONCRITICALFAILED);
+
+        *pCritical = criticality;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_VerifySignature (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_VerifySignature(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_PublicKey *pubKey,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        SECKEYPublicKey *nssPubKey = NULL;
+        CERTSignedData *tbsCert = NULL;
+        PKIX_PL_Cert *cachedCert = NULL;
+        PKIX_Error *verifySig = NULL;
+        PKIX_Error *cachedSig = NULL;
+        SECStatus status;
+        PKIX_Boolean certEqual = PKIX_FALSE;
+        PKIX_Boolean certInHash = PKIX_FALSE;
+        void* wincx = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifySignature");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pubKey);
+
+        verifySig = PKIX_PL_HashTable_Lookup
+                        (cachedCertSigTable,
+                        (PKIX_PL_Object *) pubKey,
+                        (PKIX_PL_Object **) &cachedCert,
+                        plContext);
+
+        if (cachedCert != NULL && verifySig == NULL) {
+                /* Cached Signature Table lookup succeed */
+                PKIX_EQUALS(cert, cachedCert, &certEqual, plContext,
+                            PKIX_OBJECTEQUALSFAILED);
+                if (certEqual == PKIX_TRUE) {
+                        goto cleanup;
+                }
+                /* Different PubKey may hash to same value, skip add */
+                certInHash = PKIX_TRUE;
+        }
+
+        nssCert = cert->nssCert;
+        tbsCert = &nssCert->signatureWrap;
+
+        PKIX_CERT_DEBUG("\t\tCalling SECKEY_ExtractPublicKey).\n");
+        nssPubKey = SECKEY_ExtractPublicKey(pubKey->nssSPKI);
+        if (!nssPubKey){
+                PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED);
+        }
+
+        PKIX_CERT_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey).\n");
+
+        PKIX_CHECK(pkix_pl_NssContext_GetWincx
+                   ((PKIX_PL_NssContext *)plContext, &wincx),
+                   PKIX_NSSCONTEXTGETWINCXFAILED);
+
+        status = CERT_VerifySignedDataWithPublicKey(tbsCert, nssPubKey, wincx);
+
+        if (status != SECSuccess) {
+                if (PORT_GetError() != SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED) {
+                        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                }
+                PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
+        }
+
+        if (certInHash == PKIX_FALSE) {
+                cachedSig = PKIX_PL_HashTable_Add
+                        (cachedCertSigTable,
+                        (PKIX_PL_Object *) pubKey,
+                        (PKIX_PL_Object *) cert,
+                        plContext);
+
+                if (cachedSig != NULL) {
+                        PKIX_DEBUG("PKIX_PL_HashTable_Add skipped: entry existed\n");
+                }
+        }
+
+cleanup:
+        if (nssPubKey){
+                PKIX_CERT_DEBUG("\t\tCalling SECKEY_DestroyPublicKey).\n");
+                SECKEY_DestroyPublicKey(nssPubKey);
+        }
+
+        PKIX_DECREF(cachedCert);
+        PKIX_DECREF(verifySig);
+        PKIX_DECREF(cachedSig);
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_CheckValidity (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_CheckValidity(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Date *date,
+        void *plContext)
+{
+        SECCertTimeValidity val;
+        PRTime timeToCheck;
+        PKIX_Boolean allowOverride;
+        SECCertificateUsage requiredUsages;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckValidity");
+        PKIX_NULLCHECK_ONE(cert);
+
+        /* if the caller supplies a date, we use it; else, use current time */
+        if (date != NULL){
+                PKIX_CHECK(pkix_pl_Date_GetPRTime
+                        (date, &timeToCheck, plContext),
+                        PKIX_DATEGETPRTIMEFAILED);
+        } else {
+                timeToCheck = PR_Now();
+        }
+
+        requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
+        allowOverride =
+            (PRBool)((requiredUsages & certificateUsageSSLServer) ||
+                     (requiredUsages & certificateUsageSSLServerWithStepUp));
+        val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride);
+        if (val != secCertTimeValid){
+                PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED);
+        }
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetValidityNotAfter (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetValidityNotAfter(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+        PRTime prtime;
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetValidityNotAfter");
+        PKIX_NULLCHECK_TWO(cert, pDate);
+
+        PKIX_DATE_DEBUG("\t\tCalling DER_DecodeTimeChoice).\n");
+        rv = DER_DecodeTimeChoice(&prtime, &(cert->nssCert->validity.notAfter));
+        if (rv != SECSuccess){
+                PKIX_ERROR(PKIX_DERDECODETIMECHOICEFAILED);
+        }
+
+        PKIX_CHECK(pkix_pl_Date_CreateFromPRTime
+                    (prtime, pDate, plContext),
+                    PKIX_DATECREATEFROMPRTIMEFAILED);
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_VerifyCertAndKeyType (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_VerifyCertAndKeyType(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean isChainCert,
+        void *plContext)
+{
+    PKIX_PL_CertBasicConstraints *basicConstraints = NULL;
+    SECCertificateUsage certificateUsage;
+    SECCertUsage certUsage = 0;
+    unsigned int requiredKeyUsage;
+    unsigned int requiredCertType;
+    unsigned int certType;
+    SECStatus rv = SECSuccess;
+    
+    PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyCertType");
+    PKIX_NULLCHECK_TWO(cert, plContext);
+    
+    certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
+    
+    /* ensure we obtained a single usage bit only */
+    PORT_Assert(!(certificateUsage & (certificateUsage - 1)));
+    
+    /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
+    while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
+
+    /* check key usage and netscape cert type */
+    cert_GetCertType(cert->nssCert);
+    certType = cert->nssCert->nsCertType;
+    if (isChainCert ||
+        (certUsage != certUsageVerifyCA && certUsage != certUsageAnyCA)) {
+	rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, isChainCert,
+					      &requiredKeyUsage,
+					      &requiredCertType);
+        if (rv == SECFailure) {
+            PKIX_ERROR(PKIX_UNSUPPORTEDCERTUSAGE);
+        }
+    } else {
+        /* use this key usage and cert type for certUsageAnyCA and
+         * certUsageVerifyCA. */
+	requiredKeyUsage = KU_KEY_CERT_SIGN;
+	requiredCertType = NS_CERT_TYPE_CA;
+    }
+    if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) {
+        PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED);
+    }
+    if (!(certType & requiredCertType)) {
+        PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED);
+    }
+cleanup:
+    PKIX_DECREF(basicConstraints);
+    PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_VerifyKeyUsage(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 keyUsage,
+        void *plContext)
+{
+        CERTCertificate *nssCert = NULL;
+        PKIX_UInt32 nssKeyUsage = 0;
+        SECStatus status;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_VerifyKeyUsage");
+        PKIX_NULLCHECK_TWO(cert, cert->nssCert);
+
+        nssCert = cert->nssCert;
+
+        /* if cert doesn't have keyUsage extension, all keyUsages are valid */
+        if (!nssCert->keyUsagePresent){
+                goto cleanup;
+        }
+
+        if (keyUsage & PKIX_DIGITAL_SIGNATURE){
+                nssKeyUsage = nssKeyUsage | KU_DIGITAL_SIGNATURE;
+        }
+
+        if (keyUsage & PKIX_NON_REPUDIATION){
+                nssKeyUsage = nssKeyUsage | KU_NON_REPUDIATION;
+        }
+
+        if (keyUsage & PKIX_KEY_ENCIPHERMENT){
+                nssKeyUsage = nssKeyUsage | KU_KEY_ENCIPHERMENT;
+        }
+
+        if (keyUsage & PKIX_DATA_ENCIPHERMENT){
+                nssKeyUsage = nssKeyUsage | KU_DATA_ENCIPHERMENT;
+        }
+
+        if (keyUsage & PKIX_KEY_AGREEMENT){
+                nssKeyUsage = nssKeyUsage | KU_KEY_AGREEMENT;
+        }
+
+        if (keyUsage & PKIX_KEY_CERT_SIGN){
+                nssKeyUsage = nssKeyUsage | KU_KEY_CERT_SIGN;
+        }
+
+        if (keyUsage & PKIX_CRL_SIGN){
+                nssKeyUsage = nssKeyUsage | KU_CRL_SIGN;
+        }
+
+        if (keyUsage & PKIX_ENCIPHER_ONLY){
+                nssKeyUsage = nssKeyUsage | 0x01;
+        }
+
+        if (keyUsage & PKIX_DECIPHER_ONLY){
+                /* XXX we should support this once it is fixed in NSS */
+                PKIX_ERROR(PKIX_DECIPHERONLYKEYUSAGENOTSUPPORTED);
+        }
+
+        status = CERT_CheckKeyUsage(nssCert, nssKeyUsage);
+        if (status != SECSuccess) {
+                PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED);
+        }
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetNameConstraints
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetNameConstraints(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNameConstraints");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pNameConstraints);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->nameConstraints == NULL && !cert->nameConstraintsAbsent) {
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (cert->nameConstraints == NULL &&
+                    !cert->nameConstraintsAbsent) {
+
+                        PKIX_CHECK(pkix_pl_CertNameConstraints_Create
+                                (cert->nssCert, &nameConstraints, plContext),
+                                PKIX_CERTNAMECONSTRAINTSCREATEFAILED);
+
+                        if (nameConstraints == NULL) {
+                                cert->nameConstraintsAbsent = PKIX_TRUE;
+                        }
+
+                        cert->nameConstraints = nameConstraints;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+
+        }
+
+        PKIX_INCREF(cert->nameConstraints);
+
+        *pNameConstraints = cert->nameConstraints;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_CheckNameConstraints
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_CheckNameConstraints(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean treatCommonNameAsDNSName,
+        void *plContext)
+{
+        PKIX_Boolean checkPass = PKIX_TRUE;
+        CERTGeneralName *nssSubjectNames = NULL;
+        PLArenaPool *arena = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_CheckNameConstraints");
+        PKIX_NULLCHECK_ONE(cert);
+
+        if (nameConstraints != NULL) {
+
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }
+
+                /* This NSS call returns Subject Alt Names. If
+                 * treatCommonNameAsDNSName is true, it also returns the
+                 * Subject Common Name
+                 */
+                PKIX_CERT_DEBUG
+                    ("\t\tCalling CERT_GetConstrainedCertificateNames\n");
+                nssSubjectNames = CERT_GetConstrainedCertificateNames
+                        (cert->nssCert, arena, treatCommonNameAsDNSName);
+
+                PKIX_CHECK(pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
+                        (nssSubjectNames,
+                        nameConstraints,
+                        &checkPass,
+                        plContext),
+                        PKIX_CERTNAMECONSTRAINTSCHECKNAMESPACENSSNAMESFAILED);
+
+                if (checkPass != PKIX_TRUE) {
+                        PKIX_ERROR(PKIX_CERTFAILEDNAMECONSTRAINTSCHECKING);
+                }
+        }
+
+cleanup:
+        if (arena){
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_MergeNameConstraints(
+        PKIX_PL_CertNameConstraints *firstNC,
+        PKIX_PL_CertNameConstraints *secondNC,
+        PKIX_PL_CertNameConstraints **pResultNC,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *mergedNC = NULL;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_MergeNameConstraints");
+        PKIX_NULLCHECK_TWO(firstNC, pResultNC);
+
+        if (secondNC == NULL) {
+
+                PKIX_INCREF(firstNC);
+                *pResultNC = firstNC;
+
+                goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_Merge
+                (firstNC, secondNC, &mergedNC, plContext),
+                PKIX_CERTNAMECONSTRAINTSMERGEFAILED);
+
+        *pResultNC = mergedNC;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * Find out the state of the NSS trust bits for the requested usage.
+ * Returns SECFailure if the cert is explicitly distrusted.
+ * Returns SECSuccess if the cert can be used to form a chain (normal case),
+ *   or it is explicitly trusted. The trusted bool is set to true if it is
+ *   explicitly trusted.
+ */
+static SECStatus
+pkix_pl_Cert_GetTrusted(void *plContext,
+                        PKIX_PL_Cert *cert,
+                        PKIX_Boolean *trusted,
+                        PKIX_Boolean isCA)
+{
+        SECStatus rv;
+        CERTCertificate *nssCert = NULL;
+        SECCertUsage certUsage = 0;
+        SECCertificateUsage certificateUsage;
+        SECTrustType trustType;
+        unsigned int trustFlags;
+        unsigned int requiredFlags;
+        CERTCertTrust trust;
+
+        *trusted = PKIX_FALSE;
+
+        /* no key usage information  */
+        if (plContext == NULL) {
+                return SECSuccess;
+        }
+
+        certificateUsage = ((PKIX_PL_NssContext*)plContext)->certificateUsage;
+
+        /* ensure we obtained a single usage bit only */
+        PORT_Assert(!(certificateUsage & (certificateUsage - 1)));
+
+        /* convert SECertificateUsage (bit mask) to SECCertUsage (enum) */
+        while (0 != (certificateUsage = certificateUsage >> 1)) { certUsage++; }
+
+        nssCert = cert->nssCert;
+
+        if (!isCA) {
+                PRBool prTrusted;
+                unsigned int failedFlags;
+                rv = cert_CheckLeafTrust(nssCert, certUsage,
+                                         &failedFlags, &prTrusted);
+                *trusted = (PKIX_Boolean) prTrusted;
+                return rv;
+        }
+        rv = CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags,
+                                           &trustType);
+        if (rv != SECSuccess) {
+                return SECSuccess;
+        }
+
+        rv = CERT_GetCertTrust(nssCert, &trust);
+        if (rv != SECSuccess) {
+                return SECSuccess;
+        }
+        trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType);
+        /* normally trustTypeNone usages accept any of the given trust bits
+         * being on as acceptable. If any are distrusted (and none are trusted),
+         * then we will also distrust the cert */
+        if ((trustFlags == 0) && (trustType == trustTypeNone)) {
+                trustFlags = trust.sslFlags | trust.emailFlags |
+                             trust.objectSigningFlags;
+        }
+        if ((trustFlags & requiredFlags) == requiredFlags) {
+                *trusted = PKIX_TRUE;
+                return SECSuccess;
+        }
+        if ((trustFlags & CERTDB_TERMINAL_RECORD) &&
+            ((trustFlags & (CERTDB_VALID_CA|CERTDB_TRUSTED)) == 0)) {
+                return SECFailure;
+        }
+        return SECSuccess;
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_IsCertTrusted
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_IsCertTrusted(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_TrustAnchorMode trustAnchorMode,
+        PKIX_Boolean *pTrusted,
+        void *plContext)
+{
+        PKIX_CertStore_CheckTrustCallback trustCallback = NULL;
+        PKIX_Boolean trusted = PKIX_FALSE;
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_IsCertTrusted");
+        PKIX_NULLCHECK_TWO(cert, pTrusted);
+
+        /* Call GetTrusted first to see if we are going to distrust the
+         * certificate */
+        rv = pkix_pl_Cert_GetTrusted(plContext, cert, &trusted, PKIX_TRUE);
+        if (rv != SECSuccess) {
+                /* Failure means the cert is explicitly distrusted,
+                 * let the next level know not to use it. */
+                *pTrusted = PKIX_FALSE;
+                PKIX_ERROR(PKIX_CERTISCERTTRUSTEDFAILED);
+        }
+
+        if (trustAnchorMode == PKIX_PL_TrustAnchorMode_Exclusive ||
+            (trustAnchorMode == PKIX_PL_TrustAnchorMode_Additive &&
+             cert->isUserTrustAnchor)) {
+            /* Use the trust anchor's |trusted| value */
+            *pTrusted = cert->isUserTrustAnchor;
+            goto cleanup;
+        }
+
+        /* no key usage information or store is not trusted */
+        if (plContext == NULL || cert->store == NULL) {
+                *pTrusted = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        PKIX_CHECK(PKIX_CertStore_GetTrustCallback
+                (cert->store, &trustCallback, plContext),
+                PKIX_CERTSTOREGETTRUSTCALLBACKFAILED);
+
+        PKIX_CHECK_ONLY_FATAL(trustCallback
+                (cert->store, cert, &trusted, plContext),
+                PKIX_CHECKTRUSTCALLBACKFAILED);
+
+        /* allow trust store to override if we can trust the trust
+         * bits */
+        if (PKIX_ERROR_RECEIVED || (trusted == PKIX_FALSE)) {
+                *pTrusted = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        *pTrusted = trusted;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_IsLeafCertTrusted
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_IsLeafCertTrusted(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pTrusted,
+        void *plContext)
+{
+        SECStatus rv;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_IsLeafCertTrusted");
+        PKIX_NULLCHECK_TWO(cert, pTrusted);
+
+        *pTrusted = PKIX_FALSE;
+
+        rv = pkix_pl_Cert_GetTrusted(plContext, cert, pTrusted, PKIX_FALSE);
+        if (rv != SECSuccess) {
+                /* Failure means the cert is explicitly distrusted,
+                 * let the next level know not to use it. */
+                *pTrusted = PKIX_FALSE;
+                PKIX_ERROR(PKIX_CERTISCERTTRUSTEDFAILED);
+        }
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/* FUNCTION: PKIX_PL_Cert_SetAsTrustAnchor */
+PKIX_Error*
+PKIX_PL_Cert_SetAsTrustAnchor(PKIX_PL_Cert *cert, 
+                              void *plContext)
+{
+    PKIX_ENTER(CERT, "PKIX_PL_Cert_SetAsTrustAnchor");
+    PKIX_NULLCHECK_ONE(cert);
+    
+    cert->isUserTrustAnchor = PKIX_TRUE;
+    
+    PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCacheFlag (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCacheFlag(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean *pCacheFlag,
+        void *plContext)
+{
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCacheFlag");
+        PKIX_NULLCHECK_TWO(cert, pCacheFlag);
+
+        *pCacheFlag = cert->cacheFlag;
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_SetCacheFlag (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_SetCacheFlag(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean cacheFlag,
+        void *plContext)
+{
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_SetCacheFlag");
+        PKIX_NULLCHECK_ONE(cert);
+
+        cert->cacheFlag = cacheFlag;
+
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetTrustCertStore (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetTrustCertStore(
+        PKIX_PL_Cert *cert,
+        PKIX_CertStore **pTrustCertStore,
+        void *plContext)
+{
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetTrustCertStore");
+        PKIX_NULLCHECK_TWO(cert, pTrustCertStore);
+
+        PKIX_INCREF(cert->store);
+        *pTrustCertStore = cert->store;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_SetTrustCertStore (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_SetTrustCertStore(
+        PKIX_PL_Cert *cert,
+        PKIX_CertStore *trustCertStore,
+        void *plContext)
+{
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_SetTrustCertStore");
+        PKIX_NULLCHECK_TWO(cert, trustCertStore);
+
+        PKIX_INCREF(trustCertStore);
+        cert->store = trustCertStore;
+
+cleanup:
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetAuthorityInfoAccess
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetAuthorityInfoAccess(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
+        void *plContext)
+{
+        PKIX_List *aiaList = NULL; /* of PKIX_PL_InfoAccess */
+        SECItem *encodedAIA = NULL;
+        CERTAuthInfoAccess **aia = NULL;
+        PLArenaPool *arena = NULL;
+        SECStatus rv;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetAuthorityInfoAccess");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pAiaList);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->authorityInfoAccess == NULL) {
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (cert->authorityInfoAccess == NULL) {
+
+                    PKIX_PL_NSSCALLRV(CERT, encodedAIA, SECITEM_AllocItem,
+                        (NULL, NULL, 0));
+
+                    if (encodedAIA == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                    }
+
+                    PKIX_PL_NSSCALLRV(CERT, rv, CERT_FindCertExtension,
+                        (cert->nssCert,
+                        SEC_OID_X509_AUTH_INFO_ACCESS,
+                        encodedAIA));
+
+                    if (rv == SECFailure) {
+                        goto cleanup;
+                    }
+
+                    PKIX_PL_NSSCALLRV(CERT, arena, PORT_NewArena,
+                        (DER_DEFAULT_CHUNKSIZE));
+
+                    if (arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                    }
+
+                    PKIX_PL_NSSCALLRV
+                        (CERT, aia, CERT_DecodeAuthInfoAccessExtension,
+                        (arena, encodedAIA));
+
+                    PKIX_CHECK(pkix_pl_InfoAccess_CreateList
+                        (aia, &aiaList, plContext),
+                        PKIX_INFOACCESSCREATELISTFAILED);
+
+                    cert->authorityInfoAccess = aiaList;
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->authorityInfoAccess);
+
+        *pAiaList = cert->authorityInfoAccess;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        if (arena != NULL) {
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        if (encodedAIA != NULL) {
+                SECITEM_FreeItem(encodedAIA, PR_TRUE);
+        }
+
+        PKIX_RETURN(CERT);
+}
+
+/* XXX Following defines belongs to NSS */
+static const unsigned char siaOIDString[] = {0x2b, 0x06, 0x01, 0x05, 0x05,
+                                0x07, 0x01, 0x0b};
+#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetSubjectInfoAccess
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetSubjectInfoAccess(
+        PKIX_PL_Cert *cert,
+        PKIX_List **pSiaList, /* of PKIX_PL_InfoAccess */
+        void *plContext)
+{
+        PKIX_List *siaList; /* of PKIX_PL_InfoAccess */
+        SECItem siaOID = OI(siaOIDString);
+        SECItem *encodedSubjInfoAccess = NULL;
+        CERTAuthInfoAccess **subjInfoAccess = NULL;
+        PLArenaPool *arena = NULL;
+        SECStatus rv;
+
+        PKIX_ENTER(CERT, "PKIX_PL_Cert_GetSubjectInfoAccess");
+        PKIX_NULLCHECK_THREE(cert, cert->nssCert, pSiaList);
+
+        /* XXX
+         * Codes to deal with SubjectInfoAccess OID should be moved to
+         * NSS soon. I implemented them here so we don't touch NSS
+         * source tree, from JP's suggestion.
+         */
+
+        /* if we don't have a cached copy from before, we create one */
+        if (cert->subjectInfoAccess == NULL) {
+
+                PKIX_OBJECT_LOCK(cert);
+
+                if (cert->subjectInfoAccess == NULL) {
+
+                    encodedSubjInfoAccess = SECITEM_AllocItem(NULL, NULL, 0);
+                    if (encodedSubjInfoAccess == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                    }
+
+                    PKIX_CERT_DEBUG
+                        ("\t\tCalling CERT_FindCertExtensionByOID).\n");
+                    rv = CERT_FindCertExtensionByOID
+                                (cert->nssCert, &siaOID, encodedSubjInfoAccess);
+
+                    if (rv == SECFailure) {
+                        goto cleanup;
+                    }
+
+                    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                    if (arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                    }
+
+                    /* XXX
+                     * Decode Subject Information Access -
+                     * since its type is the same as Authority Information
+                     * Access, reuse the call. NSS- change name to avoid
+                     * confusion.
+                     */
+                    PKIX_CERT_DEBUG
+                        ("\t\tCalling CERT_DecodeAuthInfoAccessExtension).\n");
+                    subjInfoAccess = CERT_DecodeAuthInfoAccessExtension
+                        (arena, encodedSubjInfoAccess);
+
+                    PKIX_CHECK(pkix_pl_InfoAccess_CreateList
+                            (subjInfoAccess, &siaList, plContext),
+                            PKIX_INFOACCESSCREATELISTFAILED);
+
+                    cert->subjectInfoAccess = siaList;
+
+                }
+
+                PKIX_OBJECT_UNLOCK(cert);
+        }
+
+        PKIX_INCREF(cert->subjectInfoAccess);
+        *pSiaList = cert->subjectInfoAccess;
+
+cleanup:
+	PKIX_OBJECT_UNLOCK(lockedObject);
+        if (arena != NULL) {
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        if (encodedSubjInfoAccess != NULL) {
+                SECITEM_FreeItem(encodedSubjInfoAccess, PR_TRUE);
+        }
+        PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCrlDp
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCrlDp(
+    PKIX_PL_Cert *cert,
+    PKIX_List **pDpList,
+    void *plContext)
+{
+    PKIX_UInt32 dpIndex = 0;
+    pkix_pl_CrlDp *dp = NULL; 
+    CERTCrlDistributionPoints *dpoints = NULL;
+
+    PKIX_ENTER(CERT, "PKIX_PL_Cert_GetCrlDp");
+    PKIX_NULLCHECK_THREE(cert, cert->nssCert, pDpList);
+                
+    /* if we don't have a cached copy from before, we create one */
+    if (cert->crldpList == NULL) {
+        PKIX_OBJECT_LOCK(cert);
+        if (cert->crldpList != NULL) {
+            goto cleanup;
+        }
+        PKIX_CHECK(PKIX_List_Create(&cert->crldpList, plContext),
+                   PKIX_LISTCREATEFAILED);
+        dpoints = CERT_FindCRLDistributionPoints(cert->nssCert);
+        if (!dpoints || !dpoints->distPoints) {
+            goto cleanup;
+        }
+        for (;dpoints->distPoints[dpIndex];dpIndex++) {
+            PKIX_CHECK(
+                pkix_pl_CrlDp_Create(dpoints->distPoints[dpIndex],
+                                     &cert->nssCert->issuer,
+                                     &dp, plContext),
+                PKIX_CRLDPCREATEFAILED);
+            /* Create crldp list in reverse order in attempt to get
+             * to the whole crl first. */
+            PKIX_CHECK(
+                PKIX_List_InsertItem(cert->crldpList, 0,
+                                     (PKIX_PL_Object*)dp,
+                                     plContext),
+                PKIX_LISTAPPENDITEMFAILED);
+            PKIX_DECREF(dp);
+        }
+    }
+cleanup:
+    PKIX_INCREF(cert->crldpList);
+    *pDpList = cert->crldpList;
+
+    PKIX_OBJECT_UNLOCK(lockedObject);
+    PKIX_DECREF(dp);
+
+    PKIX_RETURN(CERT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Cert_GetCERTCertificate
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Cert_GetCERTCertificate(
+        PKIX_PL_Cert *cert,
+        CERTCertificate **pnssCert, 
+        void *plContext)
+{
+    PKIX_ENTER(CERT, "PKIX_PL_Cert_GetNssCert");
+    PKIX_NULLCHECK_TWO(cert, pnssCert);
+
+    *pnssCert = CERT_DupCertificate(cert->nssCert);
+
+    PKIX_RETURN(CERT);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h
new file mode 100644
index 0000000..56fe642
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.h
@@ -0,0 +1,107 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_cert.h
+ *
+ * Certificate Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_CERT_H
+#define _PKIX_PL_CERT_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_CertStruct {
+        CERTCertificate *nssCert;  /* Must be the first field.  The
+                                    * cert_NSSCertFromPKIXCert function in
+                                    * lib/certhigh/certvfypkix.c depends on
+                                    * this. */
+        CERTGeneralName *nssSubjAltNames;
+        PLArenaPool *arenaNameConstraints;
+        PKIX_PL_X500Name *issuer;
+        PKIX_PL_X500Name *subject;
+        PKIX_List *subjAltNames;
+        PKIX_Boolean subjAltNamesAbsent;
+        PKIX_PL_OID *publicKeyAlgId;
+        PKIX_PL_PublicKey *publicKey;
+        PKIX_PL_BigInt *serialNumber;
+        PKIX_List *critExtOids;
+        PKIX_PL_ByteArray *subjKeyId;
+        PKIX_Boolean subjKeyIdAbsent;
+        PKIX_PL_ByteArray *authKeyId;
+        PKIX_Boolean authKeyIdAbsent;
+        PKIX_List *extKeyUsages;
+        PKIX_Boolean extKeyUsagesAbsent;
+        PKIX_PL_CertBasicConstraints *certBasicConstraints;
+        PKIX_Boolean basicConstraintsAbsent;
+        PKIX_List *certPolicyInfos;
+        PKIX_Boolean policyInfoAbsent;
+        PKIX_Boolean policyMappingsAbsent;
+        PKIX_List *certPolicyMappings; /* List of PKIX_PL_CertPolicyMap */
+        PKIX_Boolean policyConstraintsProcessed;
+        PKIX_Int32 policyConstraintsExplicitPolicySkipCerts;
+        PKIX_Int32 policyConstraintsInhibitMappingSkipCerts;
+        PKIX_Boolean inhibitAnyPolicyProcessed;
+        PKIX_Int32 inhibitAnySkipCerts;
+        PKIX_PL_CertNameConstraints *nameConstraints;
+        PKIX_Boolean nameConstraintsAbsent;
+        PKIX_Boolean cacheFlag;
+        PKIX_CertStore *store;
+        PKIX_List *authorityInfoAccess; /* list of PKIX_PL_InfoAccess */
+        PKIX_List *subjectInfoAccess; /* list of PKIX_PL_InfoAccess */
+        PKIX_Boolean isUserTrustAnchor;
+        PKIX_List *crldpList; /* list of CRL DPs based on der in nssCert arena.
+                               * Destruction is needed for pkix object and
+                               * not for undelying der as it is a part
+                               * nssCert arena. */ 
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_Cert_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_Cert_CreateWithNSSCert(
+        CERTCertificate *nssCert,
+        PKIX_PL_Cert **pCert,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Cert_CreateToList(
+        SECItem *derCertItem,
+        PKIX_List *certList,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Cert_CheckSubjectAltNameConstraints(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean matchAll,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Cert_ToString_Helper(
+        PKIX_PL_Cert *cert,
+        PKIX_Boolean partialString,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Cert_CheckExtendedKeyUsage(
+        PKIX_PL_Cert *cert,
+        PKIX_UInt32 requiredExtendedKeyUsages,
+        PKIX_Boolean *pPass,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_CERT_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
new file mode 100644
index 0000000..a44ac65
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
@@ -0,0 +1,371 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_certpolicyinfo.c
+ *
+ * CertPolicyInfo Type Functions
+ *
+ */
+
+#include "pkix_pl_certpolicyinfo.h"
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyInfo_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CertPolicyInfo Object using the OID pointed to by "oid" and
+ *  the List of CertPolicyQualifiers pointed to by "qualifiers", and stores it
+ *  at "pObject". If a non-NULL list is provided, the caller is expected to
+ *  have already set it to be immutable. The caller may provide an empty List,
+ *  but a NULL List is preferable so a user does not need to call
+ *  List_GetLength to get the number of qualifiers.
+ *
+ * PARAMETERS
+ *  "oid"
+ *      OID of the desired PolicyInfo ID; must be non-NULL
+ *  "qualifiers"
+ *      List of CertPolicyQualifiers; may be NULL or empty
+ *  "pObject"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CertPolicyInfo_Create(
+        PKIX_PL_OID *oid,
+        PKIX_List *qualifiers,
+        PKIX_PL_CertPolicyInfo **pObject,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyInfo *policyInfo = NULL;
+
+        PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Create");
+
+        PKIX_NULLCHECK_TWO(oid, pObject);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_CERTPOLICYINFO_TYPE,
+                sizeof (PKIX_PL_CertPolicyInfo),
+                (PKIX_PL_Object **)&policyInfo,
+                plContext),
+                PKIX_COULDNOTCREATECERTPOLICYINFOOBJECT);
+
+        PKIX_INCREF(oid);
+        policyInfo->cpID = oid;
+
+        PKIX_INCREF(qualifiers);
+        policyInfo->policyQualifiers = qualifiers;
+
+        *pObject = policyInfo;
+        policyInfo = NULL;
+
+cleanup:
+        PKIX_DECREF(policyInfo);
+
+        PKIX_RETURN(CERTPOLICYINFO);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyInfo_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyInfo_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyInfo *certPI = NULL;
+
+        PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYINFO_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYINFO);
+
+        certPI = (PKIX_PL_CertPolicyInfo*)object;
+
+        PKIX_DECREF(certPI->cpID);
+        PKIX_DECREF(certPI->policyQualifiers);
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYINFO);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyInfo_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyInfo_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyInfo *certPI = NULL;
+        PKIX_PL_String *oidString = NULL;
+        PKIX_PL_String *listString = NULL;
+        PKIX_PL_String *format = NULL;
+        PKIX_PL_String *outString = NULL;
+
+        PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_ToString");
+
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYINFO_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYINFO);
+
+        certPI = (PKIX_PL_CertPolicyInfo *)object;
+
+        PKIX_NULLCHECK_ONE(certPI->cpID);
+
+        PKIX_TOSTRING
+                (certPI->cpID,
+                &oidString,
+                plContext,
+                PKIX_OIDTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (certPI->policyQualifiers,
+                &listString,
+                plContext,
+                PKIX_LISTTOSTRINGFAILED);
+
+        /* Put them together in the form OID[Qualifiers] */
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, "%s[%s]", 0, &format, plContext),
+                PKIX_ERRORINSTRINGCREATE);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&outString, plContext, format, oidString, listString),
+                PKIX_ERRORINSPRINTF);
+
+        *pString = outString;
+
+cleanup:
+
+        PKIX_DECREF(oidString);
+        PKIX_DECREF(listString);
+        PKIX_DECREF(format);
+        PKIX_RETURN(CERTPOLICYINFO);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyInfo_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyInfo_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyInfo *certPI = NULL;
+        PKIX_UInt32 oidHash = 0;
+        PKIX_UInt32 listHash = 0;
+
+        PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Hashcode");
+
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYINFO_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYINFO);
+
+        certPI = (PKIX_PL_CertPolicyInfo *)object;
+
+        PKIX_NULLCHECK_ONE(certPI->cpID);
+
+        PKIX_HASHCODE
+                (certPI->cpID,
+                &oidHash,
+                plContext,
+                PKIX_ERRORINOIDHASHCODE);
+
+        PKIX_HASHCODE
+                (certPI->policyQualifiers,
+                &listHash,
+                plContext,
+                PKIX_ERRORINLISTHASHCODE);
+
+        *pHashcode = (31 * oidHash) + listHash;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYINFO);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyInfo_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyInfo_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyInfo *firstCPI = NULL;
+        PKIX_PL_CertPolicyInfo *secondCPI = NULL;
+        PKIX_UInt32 secondType = 0;
+        PKIX_Boolean compare = PKIX_FALSE;
+
+        PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CertPolicyInfo */
+        PKIX_CHECK(pkix_CheckType
+                (firstObject, PKIX_CERTPOLICYINFO_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTCERTPOLICYINFO);
+
+        /*
+         * Since we know firstObject is a CertPolicyInfo,
+         * if both references are identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a CertPolicyInfo, we
+         * don't throw an error. We simply return FALSE.
+         */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                (secondObject, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_CERTPOLICYINFO_TYPE) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        firstCPI = (PKIX_PL_CertPolicyInfo *)firstObject;
+        secondCPI = (PKIX_PL_CertPolicyInfo *)secondObject;
+
+        /*
+         * Compare the value of the OID components
+         */
+
+        PKIX_NULLCHECK_TWO(firstCPI->cpID, secondCPI->cpID);
+
+        PKIX_EQUALS
+                (firstCPI->cpID,
+                secondCPI->cpID,
+                &compare,
+                plContext,
+                PKIX_OIDEQUALSFAILED);
+
+        /*
+         * If the OIDs did not match, we don't need to
+         * compare the Lists. If the OIDs did match,
+         * the return value is the value of the
+         * List comparison.
+         */
+        if (compare) {
+                PKIX_EQUALS
+                        (firstCPI->policyQualifiers,
+                        secondCPI->policyQualifiers,
+                        &compare,
+                        plContext,
+                        PKIX_LISTEQUALSFAILED);
+        }
+
+        *pResult = compare;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYINFO);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyInfo_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTPOLICYINFO_TYPE and its related
+ *  functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize,
+ *  which should only be called once, it is acceptable that
+ *  this function is not thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CertPolicyInfo_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTPOLICYINFO, "pkix_pl_CertPolicyInfo_RegisterSelf");
+
+        entry.description = "CertPolicyInfo";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_CertPolicyInfo);
+        entry.destructor = pkix_pl_CertPolicyInfo_Destroy;
+        entry.equalsFunction = pkix_pl_CertPolicyInfo_Equals;
+        entry.hashcodeFunction = pkix_pl_CertPolicyInfo_Hashcode;
+        entry.toStringFunction = pkix_pl_CertPolicyInfo_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_CERTPOLICYINFO_TYPE] = entry;
+
+        PKIX_RETURN(CERTPOLICYINFO);
+}
+
+/* --Public-CertPolicyInfo-Functions------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolicyId
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyInfo_GetPolicyId(
+        PKIX_PL_CertPolicyInfo *policyInfo,
+        PKIX_PL_OID **pPolicyId,
+        void *plContext)
+{
+        PKIX_ENTER(CERTPOLICYINFO, "PKIX_PL_CertPolicyInfo_GetPolicyId");
+
+        PKIX_NULLCHECK_TWO(policyInfo, pPolicyId);
+
+        PKIX_INCREF(policyInfo->cpID);
+
+        *pPolicyId = policyInfo->cpID;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYINFO);
+}
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyInfo_GetPolQualifiers
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyInfo_GetPolQualifiers(
+        PKIX_PL_CertPolicyInfo *policyInfo,
+        PKIX_List **pQuals,
+        void *plContext)
+{
+        PKIX_ENTER(CERTPOLICYINFO, "PKIX_PL_CertPolicyInfo_GetPolQualifiers");
+
+        PKIX_NULLCHECK_TWO(policyInfo, pQuals);
+
+        PKIX_INCREF(policyInfo->policyQualifiers);
+
+        /*
+         * This List is created in PKIX_PL_Cert_DecodePolicyInfo
+         * and is set immutable immediately after being created.
+         */
+        *pQuals = policyInfo->policyQualifiers;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYINFO);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h
new file mode 100644
index 0000000..5c324e6
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.h
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_certpolicyinfo.h
+ *
+ * PolicyInfo Type Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_POLICYINFO_H
+#define _PKIX_PL_POLICYINFO_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This structure reflects the contents of the policy info extension as
+ * described in Section 4.2.1.5 of RFC3280.
+ *
+ *  PolicyInformation ::= SEQUENCE {
+ *      policyIdentifier        CertPolicyId,
+ *      PolicyQualifiers        SEQUENCE SIZE (1..MAX) OF
+ *                                  PolicyQualifierInfo OPTIONAL }
+ *
+ */
+struct PKIX_PL_CertPolicyInfoStruct {
+        PKIX_PL_OID *cpID;
+        PKIX_List *policyQualifiers; /* LIST of PKIX_PL_CertPolicyQualifier */
+};
+
+PKIX_Error *
+pkix_pl_CertPolicyInfo_Create(
+        PKIX_PL_OID *oid,
+        PKIX_List *qualifiers,
+        PKIX_PL_CertPolicyInfo **pObject,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_CertPolicyInfo_RegisterSelf(
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_POLICYINFO_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c
new file mode 100644
index 0000000..08b1ca9
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c
@@ -0,0 +1,386 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_certpolicymap.c
+ *
+ * CertPolicyMap Type Functions
+ *
+ */
+
+#include "pkix_pl_certpolicymap.h"
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyMap_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new CertPolicyMap Object pairing the OID given by
+ *  "issuerDomainPolicy" with the OID given by "subjectDomainPolicy", and
+ *  stores the result at "pCertPolicyMap".
+ *
+ * PARAMETERS
+ *  "issuerDomainPolicy"
+ *      Address of the OID of the IssuerDomainPolicy. Must be non-NULL.
+ *  "subjectDomainPolicy"
+ *      Address of the OID of the SubjectDomainPolicy. Must be non-NULL.
+ *  "pCertPolicyMap"
+ *      Address where CertPolicyMap pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CertPolicyMap Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CertPolicyMap_Create(
+        PKIX_PL_OID *issuerDomainPolicy,
+        PKIX_PL_OID *subjectDomainPolicy,
+        PKIX_PL_CertPolicyMap **pCertPolicyMap,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *policyMap = NULL;
+
+        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Create");
+
+        PKIX_NULLCHECK_THREE
+                (issuerDomainPolicy, subjectDomainPolicy, pCertPolicyMap);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_CERTPOLICYMAP_TYPE,
+                sizeof (PKIX_PL_CertPolicyMap),
+                (PKIX_PL_Object **)&policyMap,
+                plContext),
+                PKIX_COULDNOTCREATECERTPOLICYMAPOBJECT);
+
+        PKIX_INCREF(issuerDomainPolicy);
+        policyMap->issuerDomainPolicy = issuerDomainPolicy;
+
+        PKIX_INCREF(subjectDomainPolicy);
+        policyMap->subjectDomainPolicy = subjectDomainPolicy;
+
+        *pCertPolicyMap = policyMap;
+        policyMap = NULL;
+
+cleanup:
+        PKIX_DECREF(policyMap);
+
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyMap_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyMap_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *certMap = NULL;
+
+        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYMAP_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYMAP);
+
+        certMap = (PKIX_PL_CertPolicyMap*)object;
+
+        PKIX_DECREF(certMap->issuerDomainPolicy);
+        PKIX_DECREF(certMap->subjectDomainPolicy);
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyMap_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyMap_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *certMap = NULL;
+        PKIX_PL_String *format = NULL;
+        PKIX_PL_String *outString = NULL;
+        PKIX_PL_String *issuerString = NULL;
+        PKIX_PL_String *subjectString = NULL;
+
+        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_ToString");
+
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYMAP_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYMAP);
+
+        certMap = (PKIX_PL_CertPolicyMap *)object;
+
+        PKIX_TOSTRING
+                (certMap->issuerDomainPolicy,
+                &issuerString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        PKIX_TOSTRING
+                (certMap->subjectDomainPolicy,
+                &subjectString,
+                plContext,
+                PKIX_OBJECTTOSTRINGFAILED);
+
+        /* Put them together in the form issuerPolicy=>subjectPolicy */
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, "%s=>%s", 0, &format, plContext),
+                PKIX_ERRORINSTRINGCREATE);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&outString, plContext, format, issuerString, subjectString),
+                PKIX_ERRORINSPRINTF);
+
+        *pString = outString;
+
+cleanup:
+        PKIX_DECREF(format);
+        PKIX_DECREF(issuerString);
+        PKIX_DECREF(subjectString);
+
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyMap_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyMap_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_UInt32 issuerHash = 0;
+        PKIX_UInt32 subjectHash = 0;
+        PKIX_PL_CertPolicyMap *certMap = NULL;
+
+        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Hashcode");
+
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CERTPOLICYMAP_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYMAP);
+
+        certMap = (PKIX_PL_CertPolicyMap *)object;
+
+        PKIX_HASHCODE
+                (certMap->issuerDomainPolicy,
+                &issuerHash,
+                plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_HASHCODE
+                (certMap->subjectDomainPolicy,
+                &subjectHash,
+                plContext,
+                PKIX_OBJECTHASHCODEFAILED);
+
+        *pHashcode = issuerHash*31 + subjectHash;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyMap_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyMap_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *firstCertMap = NULL;
+        PKIX_PL_CertPolicyMap *secondCertMap = NULL;
+        PKIX_UInt32 secondType = 0;
+        PKIX_Boolean compare = PKIX_FALSE;
+
+        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CertPolicyMap */
+        PKIX_CHECK(pkix_CheckType
+                (firstObject, PKIX_CERTPOLICYMAP_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTCERTPOLICYMAP);
+
+        /*
+         * Since we know firstObject is a CertPolicyMap,
+         * if both references are identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a CertPolicyMap, we
+         * don't throw an error. We simply return FALSE.
+         */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                (secondObject, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_CERTPOLICYMAP_TYPE) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        firstCertMap = (PKIX_PL_CertPolicyMap *)firstObject;
+        secondCertMap = (PKIX_PL_CertPolicyMap *)secondObject;
+
+        PKIX_EQUALS
+                (firstCertMap->issuerDomainPolicy,
+                secondCertMap->issuerDomainPolicy,
+                &compare,
+                plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (compare) {
+                PKIX_EQUALS
+                        (firstCertMap->subjectDomainPolicy,
+                        secondCertMap->subjectDomainPolicy,
+                        &compare,
+                        plContext,
+                        PKIX_OBJECTEQUALSFAILED);
+        }
+
+        *pResult = compare;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyMap_Duplicate
+ * (see comments for PKIX_PL_Duplicate_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyMap_Duplicate(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyMap *original = NULL;
+        PKIX_PL_CertPolicyMap *copy = NULL;
+
+        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_Duplicate");
+
+        PKIX_NULLCHECK_TWO(object, pNewObject);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYMAP_TYPE, plContext),
+                PKIX_OBJECTARGUMENTNOTPOLICYMAP);
+
+        original = (PKIX_PL_CertPolicyMap *)object;
+
+        PKIX_CHECK(pkix_pl_CertPolicyMap_Create
+                (original->issuerDomainPolicy,
+                original->subjectDomainPolicy,
+                &copy,
+                plContext),
+                PKIX_CERTPOLICYMAPCREATEFAILED);
+
+        *pNewObject = (PKIX_PL_Object *)copy;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyMap_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTPOLICYMAP_TYPE and its related
+ *  functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize,
+ *  which should only be called once, it is acceptable that
+ *  this function is not thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CertPolicyMap_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTPOLICYMAP, "pkix_pl_CertPolicyMap_RegisterSelf");
+
+        entry.description = "CertPolicyMap";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_CertPolicyMap);
+        entry.destructor = pkix_pl_CertPolicyMap_Destroy;
+        entry.equalsFunction = pkix_pl_CertPolicyMap_Equals;
+        entry.hashcodeFunction = pkix_pl_CertPolicyMap_Hashcode;
+        entry.toStringFunction = pkix_pl_CertPolicyMap_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_pl_CertPolicyMap_Duplicate;
+
+        systemClasses[PKIX_CERTPOLICYMAP_TYPE] = entry;
+
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/* --Public-CertPolicyMap-Functions------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy(
+        PKIX_PL_CertPolicyMap *policyMapping,
+        PKIX_PL_OID **pIssuerDomainPolicy,
+        void *plContext)
+{
+        PKIX_ENTER
+                (CERTPOLICYMAP, "PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy");
+
+        PKIX_NULLCHECK_TWO(policyMapping, pIssuerDomainPolicy);
+
+        PKIX_INCREF(policyMapping->issuerDomainPolicy);
+        *pIssuerDomainPolicy = policyMapping->issuerDomainPolicy;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYMAP);
+}
+
+/*
+ * FUNCTION: PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy(
+        PKIX_PL_CertPolicyMap *policyMapping,
+        PKIX_PL_OID **pSubjectDomainPolicy,
+        void *plContext)
+{
+        PKIX_ENTER
+                (CERTPOLICYMAP, "PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy");
+
+        PKIX_NULLCHECK_TWO(policyMapping, pSubjectDomainPolicy);
+
+        PKIX_INCREF(policyMapping->subjectDomainPolicy);
+        *pSubjectDomainPolicy = policyMapping->subjectDomainPolicy;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYMAP);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h
new file mode 100644
index 0000000..a03bce2
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.h
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_certpolicymap.h
+ *
+ * CertPolicyMap Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_CERTPOLICYMAP_H
+#define _PKIX_PL_CERTPOLICYMAP_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This structure reflects the contents of the policy mapping extension as
+ * described in Section 4.2.1.6 of RFC3280.
+ *
+ *  PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+ *      issuerDomainPolicy      CertPolicyId,
+ *      subjectDomainPolicy     CertPolicyId }
+ *
+ */
+struct PKIX_PL_CertPolicyMapStruct {
+        PKIX_PL_OID *issuerDomainPolicy;
+        PKIX_PL_OID *subjectDomainPolicy;
+};
+
+PKIX_Error *
+pkix_pl_CertPolicyMap_Create(
+        PKIX_PL_OID *issuerDomainPolicy,
+        PKIX_PL_OID *subjectDomainPolicy,
+        PKIX_PL_CertPolicyMap **pObject,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_CertPolicyMap_RegisterSelf(
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_CERTPOLICYMAP_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
new file mode 100644
index 0000000..b57623d
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
@@ -0,0 +1,365 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_certpolicyqualifier.c
+ *
+ * CertPolicyQualifier Type Functions
+ *
+ */
+
+#include "pkix_pl_certpolicyqualifier.h"
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyQualifier_Create
+ * DESCRIPTION:
+ *
+ *  Creates a CertPolicyQualifier object with the OID given by "oid"
+ *  and the ByteArray given by "qualifier", and stores it at "pObject".
+ *
+ * PARAMETERS
+ *  "oid"
+ *      Address of OID of the desired policyQualifierId; must be non-NULL
+ *  "qualifier"
+ *      Address of ByteArray with the desired value of the qualifier;
+ *      must be non-NULL
+ *  "pObject"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CertPolicyQualifier_Create(
+        PKIX_PL_OID *oid,
+        PKIX_PL_ByteArray *qualifier,
+        PKIX_PL_CertPolicyQualifier **pObject,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyQualifier *qual = NULL;
+
+        PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Create");
+
+        PKIX_NULLCHECK_THREE(oid, qualifier, pObject);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_CERTPOLICYQUALIFIER_TYPE,
+                sizeof (PKIX_PL_CertPolicyQualifier),
+                (PKIX_PL_Object **)&qual,
+                plContext),
+                PKIX_COULDNOTCREATECERTPOLICYQUALIFIEROBJECT);
+
+        PKIX_INCREF(oid);
+        qual->policyQualifierId = oid;
+
+        PKIX_INCREF(qualifier);
+        qual->qualifier = qualifier;
+
+        *pObject = qual;
+        qual = NULL;
+
+cleanup:
+        PKIX_DECREF(qual);
+
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyQualifier_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyQualifier_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyQualifier *certPQ = NULL;
+
+        PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYQUALIFIER);
+
+        certPQ = (PKIX_PL_CertPolicyQualifier*)object;
+
+        PKIX_DECREF(certPQ->policyQualifierId);
+        PKIX_DECREF(certPQ->qualifier);
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyQualifier_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyQualifier_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyQualifier *certPQ = NULL;
+        char *asciiFormat = "%s:%s";
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *pqIDString = NULL;
+        PKIX_PL_String *pqValString = NULL;
+        PKIX_PL_String *outString = NULL;
+
+        PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_ToString");
+
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYQUALIFIER);
+
+        certPQ = (PKIX_PL_CertPolicyQualifier *)object;
+
+        /*
+         * The policyQualifierId is required. If there is no qualifier,
+         * we should have a ByteArray of zero length.
+         */
+        PKIX_NULLCHECK_TWO(certPQ->policyQualifierId, certPQ->qualifier);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, asciiFormat, 0, &formatString, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+        PKIX_TOSTRING(certPQ->policyQualifierId, &pqIDString, plContext,
+                PKIX_OIDTOSTRINGFAILED);
+
+        PKIX_CHECK(pkix_pl_ByteArray_ToHexString
+                (certPQ->qualifier, &pqValString, plContext),
+                PKIX_BYTEARRAYTOHEXSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                (&outString, plContext, formatString, pqIDString, pqValString),
+                PKIX_SPRINTFFAILED);
+
+        *pString = outString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(pqIDString);
+        PKIX_DECREF(pqValString);
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyQualifier_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyQualifier_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyQualifier *certPQ = NULL;
+        PKIX_UInt32 cpidHash = 0;
+        PKIX_UInt32 cpqHash = 0;
+
+        PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
+                PKIX_OBJECTNOTCERTPOLICYQUALIFIER);
+
+        certPQ = (PKIX_PL_CertPolicyQualifier *)object;
+
+        PKIX_NULLCHECK_TWO(certPQ->policyQualifierId, certPQ->qualifier);
+
+        PKIX_HASHCODE(certPQ->policyQualifierId, &cpidHash, plContext,
+                PKIX_ERRORINOIDHASHCODE);
+
+        PKIX_HASHCODE(certPQ->qualifier, &cpqHash, plContext,
+                PKIX_ERRORINBYTEARRAYHASHCODE);
+
+        *pHashcode = cpidHash*31 + cpqHash;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyQualifier_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertPolicyQualifier_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CertPolicyQualifier *firstCPQ = NULL;
+        PKIX_PL_CertPolicyQualifier *secondCPQ = NULL;
+        PKIX_UInt32 secondType = 0;
+        PKIX_Boolean compare = PKIX_FALSE;
+
+        PKIX_ENTER(CERTPOLICYQUALIFIER, "pkix_pl_CertPolicyQualifier_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CertPolicyQualifier */
+        PKIX_CHECK(pkix_CheckType
+                (firstObject, PKIX_CERTPOLICYQUALIFIER_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTCERTPOLICYQUALIFIER);
+
+        /*
+         * Since we know firstObject is a CertPolicyQualifier,
+         * if both references are identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a CertPolicyQualifier, we
+         * don't throw an error. We simply return FALSE.
+         */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                (secondObject, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_CERTPOLICYQUALIFIER_TYPE) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        firstCPQ = (PKIX_PL_CertPolicyQualifier *)firstObject;
+        secondCPQ = (PKIX_PL_CertPolicyQualifier *)secondObject;
+
+        /*
+         * Compare the value of the OID components
+         */
+
+        PKIX_NULLCHECK_TWO
+                (firstCPQ->policyQualifierId, secondCPQ->policyQualifierId);
+
+        PKIX_EQUALS
+                (firstCPQ->policyQualifierId,
+                secondCPQ->policyQualifierId,
+                &compare,
+                plContext,
+                PKIX_OIDEQUALSFAILED);
+
+        /*
+         * If the OIDs did not match, we don't need to
+         * compare the ByteArrays. If the OIDs did match,
+         * the return value is the value of the
+         * ByteArray comparison.
+         */
+        if (compare) {
+                PKIX_NULLCHECK_TWO(firstCPQ->qualifier, secondCPQ->qualifier);
+
+                PKIX_EQUALS
+                        (firstCPQ->qualifier,
+                        secondCPQ->qualifier,
+                        &compare,
+                        plContext,
+                        PKIX_BYTEARRAYEQUALSFAILED);
+        }
+
+        *pResult = compare;
+
+cleanup:
+
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertPolicyQualifier_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTPOLICYQUALIFIER_TYPE and its related
+ *  functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize,
+ *  which should only be called once, it is acceptable that
+ *  this function is not thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CertPolicyQualifier_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTPOLICYQUALIFIER,
+                "pkix_pl_CertPolicyQualifier_RegisterSelf");
+
+        entry.description = "CertPolicyQualifier";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_CertPolicyQualifier);
+        entry.destructor = pkix_pl_CertPolicyQualifier_Destroy;
+        entry.equalsFunction = pkix_pl_CertPolicyQualifier_Equals;
+        entry.hashcodeFunction = pkix_pl_CertPolicyQualifier_Hashcode;
+        entry.toStringFunction = pkix_pl_CertPolicyQualifier_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_CERTPOLICYQUALIFIER_TYPE] = entry;
+
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
+
+/* --Public-CertPolicyQualifier-Functions------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_PolicyQualifier_GetPolicyQualifierId
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_PolicyQualifier_GetPolicyQualifierId(
+        PKIX_PL_CertPolicyQualifier *policyQualifierInfo,
+        PKIX_PL_OID **pPolicyQualifierId,
+        void *plContext)
+{
+        PKIX_ENTER(CERTPOLICYQUALIFIER,
+                "PKIX_PL_PolicyQualifier_GetPolicyQualifierId");
+
+        PKIX_NULLCHECK_TWO(policyQualifierInfo, pPolicyQualifierId);
+
+        PKIX_INCREF(policyQualifierInfo->policyQualifierId);
+
+        *pPolicyQualifierId = policyQualifierInfo->policyQualifierId;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
+
+/*
+ * FUNCTION: PKIX_PL_PolicyQualifier_GetQualifier
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_PolicyQualifier_GetQualifier(
+        PKIX_PL_CertPolicyQualifier *policyQualifierInfo,
+        PKIX_PL_ByteArray **pQualifier,
+        void *plContext)
+{
+        PKIX_ENTER(CERTPOLICYQUALIFIER, "PKIX_PL_PolicyQualifier_GetQualifier");
+
+        PKIX_NULLCHECK_TWO(policyQualifierInfo, pQualifier);
+
+        PKIX_INCREF(policyQualifierInfo->qualifier);
+
+        *pQualifier = policyQualifierInfo->qualifier;
+
+cleanup:
+        PKIX_RETURN(CERTPOLICYQUALIFIER);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h
new file mode 100644
index 0000000..4c6c8a2
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.h
@@ -0,0 +1,52 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_certpolicyqualifier.h
+ *
+ * PolicyQualifier Type Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_POLICYQUALIFIER_H
+#define _PKIX_PL_POLICYQUALIFIER_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * This structure reflects the contents of the policy qualifier extension as
+ * described in Section 4.2.1.5 of RFC3280.
+ *
+ *  PolicyQualifierInfo ::= SEQUENCE {
+ *      policyQualifierId       PolicyQualifierId,
+ *      qualifier               ANY DEFINED BY policyQualifierId }
+ *
+ *  PolicyQualifierId ::=
+ *      OBJECT IDENTIFIER (id-qt-cps | id-qt-unotice)
+ *
+ */
+struct PKIX_PL_CertPolicyQualifierStruct {
+        PKIX_PL_OID *policyQualifierId;
+        PKIX_PL_ByteArray *qualifier;
+};
+
+PKIX_Error *
+pkix_pl_CertPolicyQualifier_Create(
+        PKIX_PL_OID *oid,
+        PKIX_PL_ByteArray *qualifierArray,
+        PKIX_PL_CertPolicyQualifier **pObject,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_CertPolicyQualifier_RegisterSelf(
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_POLICYQUALIFIER_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
new file mode 100644
index 0000000..b83db35
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
@@ -0,0 +1,1068 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_crl.c
+ *
+ * CRL Function Definitions
+ *
+ */
+
+#include "pkix_pl_crl.h"
+#include "certxutl.h"
+
+extern PKIX_PL_HashTable *cachedCrlSigTable;
+
+/* --Private-CRL-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_CRL_GetVersion
+ * DESCRIPTION:
+ *
+ *  Retrieves the version of the CRL pointed to by "crl" and stores it at
+ *  "pVersion". The version number will either be 0 or 1 (corresponding to
+ *  v1 or v2, respectively).
+ *
+ *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose version is to be stored. Must be non-NULL.
+ *  "pVersion"
+ *      Address where a version will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CRL_GetVersion(
+        PKIX_PL_CRL *crl,
+        PKIX_UInt32 *pVersion,
+        void *plContext)
+{
+        PKIX_UInt32 myVersion;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_GetVersion");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pVersion);
+      
+        PKIX_NULLCHECK_ONE(crl->nssSignedCrl->crl.version.data);
+
+        myVersion = *(crl->nssSignedCrl->crl.version.data);
+
+        if (myVersion > 1) {
+                PKIX_ERROR(PKIX_VERSIONVALUEMUSTBEV1ORV2);
+        }
+
+        *pVersion = myVersion;
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: PKIX_PL_CRL_GetCRLNumber (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRL_GetCRLNumber(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_BigInt **pCrlNumber,
+        void *plContext)
+{
+        PKIX_PL_BigInt *crlNumber = NULL;
+        SECItem nssCrlNumber;
+        PLArenaPool *arena = NULL;
+        SECStatus status;
+        PKIX_UInt32 length = 0;
+        char *bytes = NULL;
+
+        PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCRLNumber");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlNumber);
+
+        /* Can call this function only with der been adopted. */
+        PORT_Assert(crl->adoptedDerCrl);
+
+        if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
+
+            PKIX_OBJECT_LOCK(crl);
+
+            if (!crl->crlNumberAbsent && crl->crlNumber == NULL) {
+
+                nssCrlNumber.type = 0;
+                nssCrlNumber.len = 0;
+                nssCrlNumber.data = NULL;
+
+                PKIX_CRL_DEBUG("\t\tCalling PORT_NewArena).\n");
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }
+
+                PKIX_CRL_DEBUG("\t\tCalling CERT_FindCRLNumberExten\n");
+                status = CERT_FindCRLNumberExten
+                        (arena, &crl->nssSignedCrl->crl, &nssCrlNumber);
+
+                if (status == SECSuccess) {
+                        /* Get data in bytes then convert to bigint */
+                        length = nssCrlNumber.len;
+                        bytes = (char *)nssCrlNumber.data;
+
+                        PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
+                                    (bytes, length, &crlNumber, plContext),
+                                    PKIX_BIGINTCREATEWITHBYTESFAILED);
+
+                        /* arena release does the job 
+                        PKIX_CRL_DEBUG("\t\tCalling SECITEM_FreeItem\n");
+                        SECITEM_FreeItem(&nssCrlNumber, PKIX_FALSE);
+                        */
+                        crl->crlNumber = crlNumber;
+
+                } else {
+
+                        crl->crlNumberAbsent = PKIX_TRUE;
+                }
+            }
+
+            PKIX_OBJECT_UNLOCK(crl);
+
+        }
+
+        PKIX_INCREF(crl->crlNumber);
+
+        *pCrlNumber = crl->crlNumber;
+
+cleanup:
+
+        if (arena){
+                PKIX_CRL_DEBUG("\t\tCalling PORT_FreeArena).\n");
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_GetSignatureAlgId
+ *
+ * DESCRIPTION:
+ *  Retrieves a pointer to the OID that represents the signature algorithm of
+ *  the CRL pointed to by "crl" and stores it at "pSignatureAlgId".
+ *
+ *  AlgorithmIdentifier  ::=  SEQUENCE  {
+ *      algorithm               OBJECT IDENTIFIER,
+ *      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose signature algorithm OID is to be stored.
+ *      Must be non-NULL.
+ *  "pSignatureAlgId"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CRL_GetSignatureAlgId(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_OID **pSignatureAlgId,
+        void *plContext)
+{
+        PKIX_PL_OID *signatureAlgId = NULL;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_GetSignatureAlgId");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pSignatureAlgId);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (crl->signatureAlgId == NULL){
+                PKIX_OBJECT_LOCK(crl);
+                if (crl->signatureAlgId == NULL){
+                    CERTCrl *nssCrl = &(crl->nssSignedCrl->crl);
+                    SECAlgorithmID *algorithm = &nssCrl->signatureAlg;
+                    SECItem *algBytes = &algorithm->algorithm;
+
+                    if (!algBytes->data || !algBytes->len) {
+                        PKIX_ERROR(PKIX_OIDBYTESLENGTH0);
+                    }
+                    PKIX_CHECK(PKIX_PL_OID_CreateBySECItem
+                               (algBytes, &signatureAlgId, plContext),
+                               PKIX_OIDCREATEFAILED);
+                    
+                    /* save a cached copy in case it is asked for again */
+                    crl->signatureAlgId = signatureAlgId;
+                    signatureAlgId = NULL;
+                }
+                PKIX_OBJECT_UNLOCK(crl);
+        }
+        PKIX_INCREF(crl->signatureAlgId);
+        *pSignatureAlgId = crl->signatureAlgId;
+cleanup:
+        PKIX_DECREF(signatureAlgId);
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_GetCRLEntries
+ * DESCRIPTION:
+ *
+ *  Retrieves a pointer to the List of CRLEntries found in the CRL pointed to
+ *  by "crl" and stores it at "pCRLEntries". If there are no CRLEntries,
+ *  this functions stores NULL at "pCRLEntries".
+ *
+ * PARAMETERS:
+ *  "crl"
+ *      Address of CRL whose CRL Entries are to be retrieved. Must be non-NULL.
+ *  "pCRLEntries"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CRL_GetCRLEntries(
+        PKIX_PL_CRL *crl,
+        PKIX_List **pCrlEntries,
+        void *plContext)
+{
+        PKIX_List *entryList = NULL;
+        CERTCrl *nssCrl = NULL;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_GetCRLEntries");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCrlEntries);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (crl->crlEntryList == NULL) {
+
+                PKIX_OBJECT_LOCK(crl);
+
+                if (crl->crlEntryList == NULL){
+
+                        nssCrl = &(crl->nssSignedCrl->crl);
+
+                        PKIX_CHECK(pkix_pl_CRLEntry_Create
+                                    (nssCrl->entries, &entryList, plContext),
+                                    PKIX_CRLENTRYCREATEFAILED);
+
+                        PKIX_CHECK(PKIX_List_SetImmutable
+                                    (entryList, plContext),
+                                    PKIX_LISTSETIMMUTABLEFAILED);
+
+                        crl->crlEntryList = entryList;
+                }
+
+                PKIX_OBJECT_UNLOCK(crl);
+
+        }
+
+        PKIX_INCREF(crl->crlEntryList);
+
+        *pCrlEntries = crl->crlEntryList;
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRL_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CRL *crl = NULL;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRL_TYPE, plContext),
+                    PKIX_OBJECTNOTCRL);
+
+        crl = (PKIX_PL_CRL*)object;
+
+        PKIX_CRL_DEBUG("\t\tCalling CERT_DestroyCrl\n");
+        if (crl->nssSignedCrl) {
+            CERT_DestroyCrl(crl->nssSignedCrl);
+        }
+        if (crl->adoptedDerCrl) {
+            SECITEM_FreeItem(crl->adoptedDerCrl, PR_TRUE);
+        }
+        crl->nssSignedCrl = NULL;
+        crl->adoptedDerCrl = NULL;
+        crl->crlNumberAbsent = PKIX_FALSE;
+
+        PKIX_DECREF(crl->issuer);
+        PKIX_DECREF(crl->signatureAlgId);
+        PKIX_DECREF(crl->crlNumber);
+        PKIX_DECREF(crl->crlEntryList);
+        PKIX_DECREF(crl->critExtOids);
+        if (crl->derGenName) {
+            SECITEM_FreeItem(crl->derGenName, PR_TRUE);
+        }
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of the CRL pointed
+ *  to by "crl" and stores it at "pString".
+ *
+ * PARAMETERS
+ *  "crl"
+ *      Address of CRL whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CRL_ToString_Helper(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        char *asciiFormat = NULL;
+        PKIX_UInt32 crlVersion = 0;
+        PKIX_PL_X500Name *crlIssuer = NULL;
+        PKIX_PL_OID *nssSignatureAlgId = NULL;
+        PKIX_PL_BigInt *crlNumber = NULL;
+        PKIX_List *crlEntryList = NULL;
+        PKIX_List *critExtOIDs = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *crlIssuerString = NULL;
+        PKIX_PL_String *lastUpdateString = NULL;
+        PKIX_PL_String *nextUpdateString = NULL;
+        PKIX_PL_String *nssSignatureAlgIdString = NULL;
+        PKIX_PL_String *crlNumberString = NULL;
+        PKIX_PL_String *crlEntryListString = NULL;
+        PKIX_PL_String *critExtOIDsString = NULL;
+        PKIX_PL_String *crlString = NULL;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_ToString_Helper");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pString);
+
+        asciiFormat =
+                "[\n"
+                "\tVersion:         v%d\n"
+                "\tIssuer:          %s\n"
+                "\tUpdate:   [Last: %s\n"
+                "\t           Next: %s]\n"
+                "\tSignatureAlgId:  %s\n"
+                "\tCRL Number     : %s\n"
+                "\n"
+                "\tEntry List:      %s\n"
+                "\n"
+                "\tCritExtOIDs:     %s\n"
+                "]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        /* Version */
+        PKIX_CHECK(pkix_pl_CRL_GetVersion(crl, &crlVersion, plContext),
+                    PKIX_CRLGETVERSIONFAILED);
+
+        /* Issuer */
+        PKIX_CHECK(PKIX_PL_CRL_GetIssuer(crl, &crlIssuer, plContext),
+                    PKIX_CRLGETISSUERFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                    ((PKIX_PL_Object *)crlIssuer, &crlIssuerString, plContext),
+                    PKIX_X500NAMETOSTRINGFAILED);
+
+        /* This update - No Date object created, use nss data directly */
+        PKIX_CHECK(pkix_pl_Date_ToString_Helper
+                    (&(crl->nssSignedCrl->crl.lastUpdate),
+                    &lastUpdateString,
+                    plContext),
+                    PKIX_DATETOSTRINGHELPERFAILED);
+
+        /* Next update - No Date object created, use nss data directly */
+        PKIX_CHECK(pkix_pl_Date_ToString_Helper
+                    (&(crl->nssSignedCrl->crl.nextUpdate),
+                    &nextUpdateString,
+                    plContext),
+                    PKIX_DATETOSTRINGHELPERFAILED);
+
+        /* Signature Algorithm Id */
+        PKIX_CHECK(pkix_pl_CRL_GetSignatureAlgId
+                    (crl, &nssSignatureAlgId, plContext),
+                    PKIX_CRLGETSIGNATUREALGIDFAILED);
+
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                    ((PKIX_PL_Object *)nssSignatureAlgId,
+                    &nssSignatureAlgIdString,
+                    plContext),
+                    PKIX_OIDTOSTRINGFAILED);
+
+        /* CRL Number */
+        PKIX_CHECK(PKIX_PL_CRL_GetCRLNumber
+                    (crl, &crlNumber, plContext),
+                    PKIX_CRLGETCRLNUMBERFAILED);
+
+        PKIX_TOSTRING(crlNumber, &crlNumberString, plContext,
+                    PKIX_BIGINTTOSTRINGFAILED);
+
+        /* CRL Entries */
+        PKIX_CHECK(pkix_pl_CRL_GetCRLEntries(crl, &crlEntryList, plContext),
+                    PKIX_CRLGETCRLENTRIESFAILED);
+
+        PKIX_TOSTRING(crlEntryList, &crlEntryListString, plContext,
+                    PKIX_LISTTOSTRINGFAILED);
+
+        /* CriticalExtensionOIDs */
+        PKIX_CHECK(PKIX_PL_CRL_GetCriticalExtensionOIDs
+                    (crl, &critExtOIDs, plContext),
+                    PKIX_CRLGETCRITICALEXTENSIONOIDSFAILED);
+
+        PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
+                    PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&crlString,
+                    plContext,
+                    formatString,
+                    crlVersion + 1,
+                    crlIssuerString,
+                    lastUpdateString,
+                    nextUpdateString,
+                    nssSignatureAlgIdString,
+                    crlNumberString,
+                    crlEntryListString,
+                    critExtOIDsString),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = crlString;
+
+cleanup:
+
+        PKIX_DECREF(crlIssuer);
+        PKIX_DECREF(nssSignatureAlgId);
+        PKIX_DECREF(crlNumber);
+        PKIX_DECREF(crlEntryList);
+        PKIX_DECREF(critExtOIDs);
+        PKIX_DECREF(crlIssuerString);
+        PKIX_DECREF(lastUpdateString);
+        PKIX_DECREF(nextUpdateString);
+        PKIX_DECREF(nssSignatureAlgIdString);
+        PKIX_DECREF(crlNumberString);
+        PKIX_DECREF(crlEntryListString);
+        PKIX_DECREF(critExtOIDsString);
+        PKIX_DECREF(formatString);
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRL_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *crlString = NULL;
+        PKIX_PL_CRL *crl = NULL;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRL_TYPE, plContext),
+                    PKIX_OBJECTNOTCRL);
+
+        crl = (PKIX_PL_CRL *) object;
+
+        PKIX_CHECK(pkix_pl_CRL_ToString_Helper(crl, &crlString, plContext),
+                    PKIX_CRLTOSTRINGHELPERFAILED);
+
+        *pString = crlString;
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRL_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_CRL *crl = NULL;
+        PKIX_UInt32 certHash;
+        SECItem *crlDer = NULL;
+        
+        PKIX_ENTER(CRL, "pkix_pl_CRL_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRL_TYPE, plContext),
+                    PKIX_OBJECTNOTCRL);
+
+        crl = (PKIX_PL_CRL *)object;
+        if (crl->adoptedDerCrl) {
+            crlDer = crl->adoptedDerCrl;
+        } else if (crl->nssSignedCrl && crl->nssSignedCrl->derCrl) { 
+            crlDer = crl->nssSignedCrl->derCrl;
+        }
+        if (!crlDer || !crlDer->data) {
+            PKIX_ERROR(PKIX_CANNOTAQUIRECRLDER);
+        }
+
+        PKIX_CHECK(pkix_hash(crlDer->data, crlDer->len,
+                             &certHash, plContext),
+                   PKIX_ERRORINHASH);
+
+        *pHashcode = certHash;
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRL_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CRL *firstCrl = NULL;
+        PKIX_PL_CRL *secondCrl = NULL;
+        SECItem *crlDerOne = NULL, *crlDerTwo = NULL;
+        PKIX_UInt32 secondType;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CRL */
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRL_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTCRL);
+
+        firstCrl = (PKIX_PL_CRL *)firstObject;
+        secondCrl = (PKIX_PL_CRL *)secondObject;
+
+        /*
+         * Since we know firstObject is a CRL, if both references are
+         * identical, they must be equal
+         */
+        if (firstCrl == secondCrl){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondCrl isn't a CRL, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    ((PKIX_PL_Object *)secondCrl, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_CRL_TYPE) goto cleanup;
+
+        if (firstCrl->adoptedDerCrl) {
+            crlDerOne = firstCrl->adoptedDerCrl;
+        } else if (firstCrl->nssSignedCrl && firstCrl->nssSignedCrl->derCrl) {
+            crlDerOne = firstCrl->nssSignedCrl->derCrl;
+        }
+
+        if (secondCrl->adoptedDerCrl) {
+            crlDerTwo = secondCrl->adoptedDerCrl;
+        } else if (secondCrl->nssSignedCrl && secondCrl->nssSignedCrl->derCrl) {
+            crlDerTwo = secondCrl->nssSignedCrl->derCrl;
+        }
+
+        if (SECITEM_CompareItem(crlDerOne, crlDerTwo) == SECEqual) {
+            *pResult = PKIX_TRUE;
+        }
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_CRL_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CRL_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry *entry = &systemClasses[PKIX_CRL_TYPE];
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_RegisterSelf");
+
+        entry->description = "CRL";
+        entry->typeObjectSize = sizeof(PKIX_PL_CRL);
+        entry->destructor = pkix_pl_CRL_Destroy;
+        entry->equalsFunction = pkix_pl_CRL_Equals;
+        entry->hashcodeFunction = pkix_pl_CRL_Hashcode;
+        entry->toStringFunction = pkix_pl_CRL_ToString;
+        entry->duplicateFunction = pkix_duplicateImmutable;
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: PKIX_PL_CRL_VerifyUpdateTime (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRL_VerifyUpdateTime(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_Date *date,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PRTime timeToCheck;
+        PRTime nextUpdate;
+        PRTime lastUpdate;
+        SECStatus status;
+        CERTCrl *nssCrl = NULL;
+        SECItem *nextUpdateDer = NULL;
+        PKIX_Boolean haveNextUpdate = PR_FALSE;
+
+        PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifyUpdateTime");
+        PKIX_NULLCHECK_FOUR(crl, crl->nssSignedCrl, date, pResult);
+
+        /* Can call this function only with der been adopted. */
+        PORT_Assert(crl->adoptedDerCrl);
+
+        nssCrl = &(crl->nssSignedCrl->crl);
+        timeToCheck = date->nssTime;
+
+        /* nextUpdate can be NULL. Checking before using it */
+        nextUpdateDer = &nssCrl->nextUpdate;
+        if (nextUpdateDer->data && nextUpdateDer->len) {
+                haveNextUpdate = PR_TRUE;
+                status = DER_DecodeTimeChoice(&nextUpdate, nextUpdateDer);
+                if (status != SECSuccess) {
+                        PKIX_ERROR(PKIX_DERDECODETIMECHOICEFORNEXTUPDATEFAILED);
+                }
+        }
+
+        status = DER_DecodeTimeChoice(&lastUpdate, &(nssCrl->lastUpdate));
+        if (status != SECSuccess) {
+                PKIX_ERROR(PKIX_DERDECODETIMECHOICEFORLASTUPDATEFAILED);
+        }
+
+        if (!haveNextUpdate || nextUpdate < timeToCheck) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        if (lastUpdate <= timeToCheck) {
+                *pResult = PKIX_TRUE;
+        } else {
+                *pResult = PKIX_FALSE;
+        }
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRL_CreateWithSignedCRL
+ * DESCRIPTION:
+ *
+ *  Creates a new CRL using the CERTSignedCrl pointed to by "nssSignedCrl"
+ *  and stores it at "pCRL". If the decoding of the CERTSignedCrl fails,
+ *  a PKIX_Error is returned.
+ *
+ * PARAMETERS:
+ *  "nssSignedCrl"
+ *      Address of CERTSignedCrl. Must be non-NULL.
+ *  "adoptedDerCrl"
+ *      SECItem ponter that if not NULL is indicating that memory used
+ *      for der should be adopted by crl that is about to be created.
+ *  "pCRL"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CRL_CreateWithSignedCRL(
+        CERTSignedCrl *nssSignedCrl,
+        SECItem *adoptedDerCrl,
+        SECItem *derGenName,
+        PKIX_PL_CRL **pCrl,
+        void *plContext)
+{
+        PKIX_PL_CRL *crl = NULL;
+
+        PKIX_ENTER(CRL, "pkix_pl_CRL_CreateWithSignedCRL");
+        PKIX_NULLCHECK_ONE(pCrl);
+
+        /* create a PKIX_PL_CRL object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CRL_TYPE,
+                    sizeof (PKIX_PL_CRL),
+                    (PKIX_PL_Object **)&crl,
+                    plContext),
+                    PKIX_COULDNOTCREATECRLOBJECT);
+
+        /* populate the nssSignedCrl field */
+        crl->nssSignedCrl = nssSignedCrl;
+        crl->adoptedDerCrl = adoptedDerCrl;
+        crl->issuer = NULL;
+        crl->signatureAlgId = NULL;
+        crl->crlNumber = NULL;
+        crl->crlNumberAbsent = PKIX_FALSE;
+        crl->crlEntryList = NULL;
+        crl->critExtOids = NULL;
+        if (derGenName) {
+            crl->derGenName =
+                SECITEM_DupItem(derGenName);
+            if (!crl->derGenName) {
+                PKIX_ERROR(PKIX_ALLOCERROR);
+            }
+        }
+
+        *pCrl = crl;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(crl);
+        }
+
+        PKIX_RETURN(CRL);
+}
+
+/* --Public-CRL-Functions------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_CRL_Create (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRL_Create(
+        PKIX_PL_ByteArray *byteArray,
+        PKIX_PL_CRL **pCrl,
+        void *plContext)
+{
+        CERTSignedCrl *nssSignedCrl = NULL;
+        SECItem derItem, *derCrl = NULL;
+        PKIX_PL_CRL *crl = NULL;
+
+        PKIX_ENTER(CRL, "PKIX_PL_CRL_Create");
+        PKIX_NULLCHECK_TWO(byteArray, pCrl);
+
+        if (byteArray->length == 0){
+            PKIX_ERROR(PKIX_ZEROLENGTHBYTEARRAYFORCRLENCODING);
+        }
+        derItem.type = siBuffer;
+        derItem.data = byteArray->array;
+        derItem.len = byteArray->length;
+        derCrl = SECITEM_DupItem(&derItem);
+        if (!derCrl) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        nssSignedCrl =
+            CERT_DecodeDERCrlWithFlags(NULL, derCrl, SEC_CRL_TYPE,
+                                       CRL_DECODE_DONT_COPY_DER |
+                                       CRL_DECODE_SKIP_ENTRIES);
+        if (!nssSignedCrl) {
+            PKIX_ERROR(PKIX_CERTDECODEDERCRLFAILED);
+        }
+        PKIX_CHECK(
+            pkix_pl_CRL_CreateWithSignedCRL(nssSignedCrl, derCrl, NULL,
+                                            &crl, plContext),
+            PKIX_CRLCREATEWITHSIGNEDCRLFAILED);
+        nssSignedCrl = NULL;
+        derCrl = NULL;
+        *pCrl = crl;
+
+cleanup:
+        if (derCrl) {
+            SECITEM_FreeItem(derCrl, PR_TRUE);
+        }
+        if (nssSignedCrl) {
+            SEC_DestroyCrl(nssSignedCrl);
+        } 
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: PKIX_PL_CRL_GetIssuer (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRL_GetIssuer(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_X500Name **pCRLIssuer,
+        void *plContext)
+{
+        PKIX_PL_String *crlString = NULL;
+        PKIX_PL_X500Name *issuer = NULL;
+        SECItem  *derIssuerName = NULL;
+        CERTName *issuerName = NULL;
+
+        PKIX_ENTER(CRL, "PKIX_PL_CRL_GetIssuer");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pCRLIssuer);
+
+        /* Can call this function only with der been adopted. */
+        PORT_Assert(crl->adoptedDerCrl);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (crl->issuer == NULL){
+
+                PKIX_OBJECT_LOCK(crl);
+
+                if (crl->issuer == NULL) {
+
+                        issuerName = &crl->nssSignedCrl->crl.name;
+                        derIssuerName = &crl->nssSignedCrl->crl.derName;
+
+                        PKIX_CHECK(
+                            PKIX_PL_X500Name_CreateFromCERTName(derIssuerName,
+                                                                issuerName,
+                                                                &issuer,
+                                                                plContext),
+                            PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
+                        
+                        /* save a cached copy in case it is asked for again */
+                        crl->issuer = issuer;
+                }
+
+                PKIX_OBJECT_UNLOCK(crl);
+
+        }
+
+        PKIX_INCREF(crl->issuer);
+
+        *pCRLIssuer = crl->issuer;
+
+cleanup:
+
+        PKIX_DECREF(crlString);
+
+        PKIX_RETURN(CRL);
+}
+
+
+/*
+ * FUNCTION: PKIX_PL_CRL_GetCriticalExtensionOIDs
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRL_GetCriticalExtensionOIDs(
+        PKIX_PL_CRL *crl,
+        PKIX_List **pExtensions,   /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_List *oidsList = NULL;
+        CERTCertExtension **extensions = NULL;
+        CERTCrl *nssSignedCrl = NULL;
+
+        PKIX_ENTER(CRL, "PKIX_PL_CRL_GetCriticalExtensionOIDs");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pExtensions);
+
+        /* Can call this function only with der been adopted. */
+        PORT_Assert(crl->adoptedDerCrl);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (crl->critExtOids == NULL) {
+
+                PKIX_OBJECT_LOCK(crl);
+
+                nssSignedCrl = &(crl->nssSignedCrl->crl);
+                extensions = nssSignedCrl->extensions;
+
+                if (crl->critExtOids == NULL) {
+
+                        PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
+                                    (extensions, &oidsList, plContext),
+                                    PKIX_GETCRITICALEXTENSIONOIDSFAILED);
+
+                        crl->critExtOids = oidsList;
+                }
+
+                PKIX_OBJECT_UNLOCK(crl);
+
+        }
+
+        /* We should return a copy of the List since this list changes */
+        PKIX_DUPLICATE(crl->critExtOids, pExtensions, plContext,
+                PKIX_OBJECTDUPLICATELISTFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CRL);
+}
+
+/*
+ * FUNCTION: PKIX_PL_CRL_VerifySignature (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRL_VerifySignature(
+        PKIX_PL_CRL *crl,
+        PKIX_PL_PublicKey *pubKey,
+        void *plContext)
+{
+        PKIX_PL_CRL *cachedCrl = NULL;
+        PKIX_Error *verifySig = NULL;
+        PKIX_Error *cachedSig = NULL;
+        PKIX_Boolean crlEqual = PKIX_FALSE;
+        PKIX_Boolean crlInHash= PKIX_FALSE;
+        CERTSignedCrl *nssSignedCrl = NULL;
+        SECKEYPublicKey *nssPubKey = NULL;
+        CERTSignedData *tbsCrl = NULL;
+        void* wincx = NULL;
+        SECStatus status;
+
+        PKIX_ENTER(CRL, "PKIX_PL_CRL_VerifySignature");
+        PKIX_NULLCHECK_THREE(crl, crl->nssSignedCrl, pubKey);
+
+        /* Can call this function only with der been adopted. */
+        PORT_Assert(crl->adoptedDerCrl);
+
+        verifySig = PKIX_PL_HashTable_Lookup
+                (cachedCrlSigTable,
+                (PKIX_PL_Object *) pubKey,
+                (PKIX_PL_Object **) &cachedCrl,
+                plContext);
+
+        if (cachedCrl != NULL && verifySig == NULL) {
+                /* Cached Signature Table lookup succeed */
+                PKIX_EQUALS(crl, cachedCrl, &crlEqual, plContext,
+                            PKIX_OBJECTEQUALSFAILED);
+                if (crlEqual == PKIX_TRUE) {
+                        goto cleanup;
+                }
+                /* Different PubKey may hash to same value, skip add */
+                crlInHash = PKIX_TRUE;
+        }
+
+        nssSignedCrl = crl->nssSignedCrl;
+        tbsCrl = &nssSignedCrl->signatureWrap;
+
+        PKIX_CRL_DEBUG("\t\tCalling SECKEY_ExtractPublicKey\n");
+        nssPubKey = SECKEY_ExtractPublicKey(pubKey->nssSPKI);
+        if (!nssPubKey){
+                PKIX_ERROR(PKIX_SECKEYEXTRACTPUBLICKEYFAILED);
+        }
+
+        PKIX_CHECK(pkix_pl_NssContext_GetWincx
+                   ((PKIX_PL_NssContext *)plContext, &wincx),
+                   PKIX_NSSCONTEXTGETWINCXFAILED);
+
+        PKIX_CRL_DEBUG("\t\tCalling CERT_VerifySignedDataWithPublicKey\n");
+        status = CERT_VerifySignedDataWithPublicKey(tbsCrl, nssPubKey, wincx);
+
+        if (status != SECSuccess) {
+                PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+                PKIX_ERROR(PKIX_SIGNATUREDIDNOTVERIFYWITHTHEPUBLICKEY);
+        }
+
+        if (crlInHash == PKIX_FALSE) {
+                cachedSig = PKIX_PL_HashTable_Add
+                        (cachedCrlSigTable,
+                        (PKIX_PL_Object *) pubKey,
+                        (PKIX_PL_Object *) crl,
+                        plContext);
+
+                if (cachedSig != NULL) {
+                        PKIX_DEBUG("PKIX_PL_HashTable_Add skipped: entry existed\n");
+                }
+        }
+
+cleanup:
+
+        if (nssPubKey){
+                PKIX_CRL_DEBUG("\t\tCalling SECKEY_DestroyPublicKey\n");
+                SECKEY_DestroyPublicKey(nssPubKey);
+                nssPubKey = NULL;
+        }
+
+        PKIX_DECREF(cachedCrl);
+        PKIX_DECREF(verifySig);
+        PKIX_DECREF(cachedSig);
+
+        PKIX_RETURN(CRL);
+}
+
+PKIX_Error*
+PKIX_PL_CRL_ReleaseDerCrl(PKIX_PL_CRL *crl,
+                         SECItem **derCrl,
+                         void *plContext)
+{
+    PKIX_ENTER(CRL, "PKIX_PL_CRL_ReleaseDerCrl");
+    *derCrl = crl->adoptedDerCrl;
+    crl->adoptedDerCrl = NULL;
+        
+    PKIX_RETURN(CRL);
+}
+
+PKIX_Error*
+PKIX_PL_CRL_AdoptDerCrl(PKIX_PL_CRL *crl,
+                         SECItem *derCrl,
+                         void *plContext)
+{
+    PKIX_ENTER(CRL, "PKIX_PL_CRL_AquireDerCrl");
+    if (crl->adoptedDerCrl) {
+        PKIX_ERROR(PKIX_CANNOTAQUIRECRLDER);
+    }
+    crl->adoptedDerCrl = derCrl;
+cleanup:        
+    PKIX_RETURN(CRL);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h
new file mode 100644
index 0000000..a45059e
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.h
@@ -0,0 +1,48 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_crl.h
+ *
+ * CRL Object Type Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_CRL_H
+#define _PKIX_PL_CRL_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_CRLStruct {
+        CERTSignedCrl *nssSignedCrl;
+        PKIX_PL_X500Name *issuer;
+        PKIX_PL_OID *signatureAlgId;
+        PKIX_PL_BigInt *crlNumber;
+        PKIX_Boolean crlNumberAbsent;
+        PKIX_List *crlEntryList; /* list of PKIX_PL_CRLEntry */
+        PKIX_List *critExtOids;
+        SECItem *adoptedDerCrl;
+        SECItem *derGenName; /* der of general name which was used
+                              * to download the crl. */
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_CRL_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_CRL_CreateWithSignedCRL(CERTSignedCrl *nssSignedCrl,
+                                SECItem *derCrl,
+                                SECItem *derGenName,
+                                PKIX_PL_CRL **pCrl,
+                                void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_CRL_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
new file mode 100644
index 0000000..4f29de2
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.c
@@ -0,0 +1,151 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_crldp.c
+ *
+ * Crl DP Object Functions
+ *
+ */
+
+#include "pkix_pl_crldp.h"
+
+static PKIX_Error *
+pkix_pl_CrlDp_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+    pkix_pl_CrlDp *crldp = NULL;
+    
+    PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_Destroy");
+    PKIX_NULLCHECK_ONE(object);
+    
+    /* Check that this object is a default CRL checker state */
+    PKIX_CHECK(
+        pkix_CheckType(object, PKIX_CRLDP_TYPE, plContext),
+        PKIX_OBJECTNOTCRLCHECKER);
+    
+    crldp = (pkix_pl_CrlDp *)object;
+    if (crldp->distPointType == relativeDistinguishedName) {
+        CERT_DestroyName(crldp->name.issuerName);
+        crldp->name.issuerName = NULL;
+    }
+    crldp->nssdp = NULL;
+cleanup:
+    PKIX_RETURN(CRLCHECKER);
+}
+
+/*
+ * FUNCTION: pkix_pl_CrlDp_RegisterSelf
+ *
+ * DESCRIPTION:
+ *  Registers PKIX_CRLDP_TYPE and its related functions
+ *  with systemClasses[]
+ *
+ * THREAD SAFETY:
+ *  Not Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CrlDp_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry* entry = &systemClasses[PKIX_CRLDP_TYPE];
+
+        PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_RegisterSelf");
+
+        entry->description = "CrlDistPoint";
+        entry->typeObjectSize = sizeof(pkix_pl_CrlDp);
+        entry->destructor = pkix_pl_CrlDp_Destroy;
+        entry->duplicateFunction = pkix_duplicateImmutable;
+
+        PKIX_RETURN(CRLCHECKER);
+}
+
+
+
+PKIX_Error *
+pkix_pl_CrlDp_Create(
+    const CRLDistributionPoint *dp,
+    const CERTName *certIssuerName,
+    pkix_pl_CrlDp **pPkixDP,
+    void *plContext)
+{
+    PLArenaPool *rdnArena = NULL;
+    CERTName *issuerNameCopy = NULL;
+    pkix_pl_CrlDp *dpl = NULL;
+
+    /* Need to save the following info to update crl cache:
+     * - reasons if partitioned(but can not return revocation check
+     *   success if not all crl are downloaded)
+     * - issuer name if different from issuer of the cert
+     * - url to upload a crl if needed.
+     * */
+    PKIX_ENTER(CRLDP, "pkix_pl_CrlDp_Create");
+    PKIX_NULLCHECK_ONE(dp);
+
+    PKIX_CHECK(
+        PKIX_PL_Object_Alloc(PKIX_CRLDP_TYPE,
+                             sizeof (pkix_pl_CrlDp),
+                             (PKIX_PL_Object **)&dpl,
+                             plContext),
+        PKIX_COULDNOTCREATEOBJECT);
+
+    dpl->nssdp = dp;
+    dpl->isPartitionedByReasonCode = PKIX_FALSE;
+    if (dp->reasons.data) {
+        dpl->isPartitionedByReasonCode = PKIX_TRUE;
+    }
+    if (dp->distPointType == generalName) {
+        dpl->distPointType = generalName;
+        dpl->name.fullName = dp->distPoint.fullName;
+    } else {
+        SECStatus rv;
+        const CERTName *issuerName = NULL;
+        const CERTRDN *relName = &dp->distPoint.relativeName;
+
+        if (dp->crlIssuer) {
+            if (dp->crlIssuer->l.next) {
+                /* Violate RFC 5280: in this case crlIssuer
+                 * should have only one name and should be
+                 * a distinguish name. */
+                PKIX_ERROR(PKIX_NOTCONFORMINGCRLDP);
+            }
+            issuerName = &dp->crlIssuer->name.directoryName;
+        } else {
+            issuerName = certIssuerName;
+        }
+        rdnArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (!rdnArena) {
+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+        issuerNameCopy = (CERTName *)PORT_ArenaZNew(rdnArena, CERTName);
+        if (!issuerNameCopy) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        rv = CERT_CopyName(rdnArena, issuerNameCopy, (CERTName*)issuerName);
+        if (rv == SECFailure) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        rv = CERT_AddRDN(issuerNameCopy, (CERTRDN*)relName);
+        if (rv == SECFailure) {
+            PKIX_ERROR(PKIX_ALLOCERROR);
+        }
+        dpl->distPointType = relativeDistinguishedName;
+        dpl->name.issuerName = issuerNameCopy;
+        rdnArena = NULL;
+    }
+    *pPkixDP = dpl;
+    dpl = NULL;
+
+cleanup:
+    if (rdnArena) {
+        PORT_FreeArena(rdnArena, PR_FALSE);
+    }
+    PKIX_DECREF(dpl);
+
+    PKIX_RETURN(CRLDP);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h
new file mode 100644
index 0000000..49cd9d2
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crldp.h
@@ -0,0 +1,53 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_crldp.h
+ *
+ * Crp DP Object Definitions
+ *
+ */
+#include "pkix_pl_common.h"
+
+#ifndef _PKIX_PL_CRLDP_H
+#define _PKIX_PL_CRLDP_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* CRLDP object can not be used without holding a reference
+ * to the pkix certificate they belong to. The memory for dp der
+ * object is allocated on nssCert certificate - a member of
+ * PKIX_PL_Cert struct. */
+typedef struct pkix_pl_CrlDpStruct {
+    /* reference to decoded crldp that allocated on nssCert arena. */
+    const CRLDistributionPoint *nssdp;
+    DistributionPointTypes distPointType;
+    union {
+	CERTGeneralName *fullName;
+        /* if dp is a relative name, the issuerName is a merged value
+         * of crlIssuer and a relative name. Must be destroyed by CrlDp
+         * destructor. */
+        CERTName *issuerName;
+    } name;
+    PKIX_Boolean isPartitionedByReasonCode;
+} pkix_pl_CrlDp;
+
+
+PKIX_Error *
+pkix_pl_CrlDp_RegisterSelf(void *plContext);
+
+/* Parses CRLDistributionPoint structure and creaetes
+ * pkix_pl_CrlDp object. */
+PKIX_Error *
+pkix_pl_CrlDp_Create(const CRLDistributionPoint *dp,
+                     const CERTName *certIssuerName,
+                     pkix_pl_CrlDp **pPkixDP,
+                     void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_CRLDP_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
new file mode 100644
index 0000000..e2b3e02
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.c
@@ -0,0 +1,880 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_crlentry.c
+ *
+ * CRLENTRY Function Definitions
+ *
+ */
+
+#include "pkix_pl_crlentry.h"
+
+/* --Private-CRLEntry-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRLEntry_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CRLEntry *crlEntry = NULL;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
+                    PKIX_OBJECTNOTCRLENTRY);
+
+        crlEntry = (PKIX_PL_CRLEntry*)object;
+
+        /* crlEntry->nssCrlEntry is freed by NSS when freeing CRL */
+        crlEntry->userReasonCode = 0;
+        crlEntry->userReasonCodeAbsent = PKIX_FALSE;
+        crlEntry->nssCrlEntry = NULL;
+        PKIX_DECREF(crlEntry->serialNumber);
+        PKIX_DECREF(crlEntry->critExtOids);
+
+cleanup:
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_ToString_Helper
+ *
+ * DESCRIPTION:
+ *  Helper function that creates a string representation of the CRLEntry
+ *  pointed to by "crlEntry" and stores it at "pString".
+ *
+ * PARAMETERS
+ *  "crlEntry"
+ *      Address of CRLEntry whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLEntry Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CRLEntry_ToString_Helper(
+        PKIX_PL_CRLEntry *crlEntry,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        char *asciiFormat = NULL;
+        PKIX_List *critExtOIDs = NULL;
+        PKIX_PL_String *crlEntryString = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *crlSerialNumberString = NULL;
+        PKIX_PL_String *crlRevocationDateString = NULL;
+        PKIX_PL_String *critExtOIDsString = NULL;
+        PKIX_Int32 reasonCode = 0;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString_Helper");
+        PKIX_NULLCHECK_FOUR
+                (crlEntry,
+                crlEntry->serialNumber,
+                crlEntry->nssCrlEntry,
+                pString);
+
+        asciiFormat =
+                "\n\t[\n"
+                "\tSerialNumber:    %s\n"
+                "\tReasonCode:      %d\n"
+                "\tRevocationDate:  %s\n"
+                "\tCritExtOIDs:     %s\n"
+                "\t]\n\t";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        /* SerialNumber */
+        PKIX_CHECK(PKIX_PL_Object_ToString
+                    ((PKIX_PL_Object *)crlEntry->serialNumber,
+                    &crlSerialNumberString,
+                    plContext),
+                    PKIX_BIGINTTOSTRINGHELPERFAILED);
+
+        /* RevocationDate - No Date object created, use nss data directly */
+        PKIX_CHECK(pkix_pl_Date_ToString_Helper
+                    (&(crlEntry->nssCrlEntry->revocationDate),
+                    &crlRevocationDateString,
+                    plContext),
+                    PKIX_DATETOSTRINGHELPERFAILED);
+
+        /* CriticalExtensionOIDs */
+        PKIX_CHECK(PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
+                    (crlEntry, &critExtOIDs, plContext),
+                    PKIX_CRLENTRYGETCRITICALEXTENSIONOIDSFAILED);
+
+        PKIX_TOSTRING(critExtOIDs, &critExtOIDsString, plContext,
+                    PKIX_LISTTOSTRINGFAILED);
+
+        /* Revocation Reason Code */
+        PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
+                            (crlEntry, &reasonCode, plContext),
+                            PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&crlEntryString,
+                    plContext,
+                    formatString,
+                    crlSerialNumberString,
+                    reasonCode,
+                    crlRevocationDateString,
+                    critExtOIDsString),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = crlEntryString;
+
+cleanup:
+
+        PKIX_DECREF(critExtOIDs);
+        PKIX_DECREF(crlSerialNumberString);
+        PKIX_DECREF(crlRevocationDateString);
+        PKIX_DECREF(critExtOIDsString);
+        PKIX_DECREF(formatString);
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRLEntry_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *crlEntryString = NULL;
+        PKIX_PL_CRLEntry *crlEntry = NULL;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
+                    PKIX_OBJECTNOTCRLENTRY);
+
+        crlEntry = (PKIX_PL_CRLEntry *) object;
+
+        PKIX_CHECK(pkix_pl_CRLEntry_ToString_Helper
+                    (crlEntry, &crlEntryString, plContext),
+                    PKIX_CRLENTRYTOSTRINGHELPERFAILED);
+
+        *pString = crlEntryString;
+
+cleanup:
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_Extensions_Hashcode
+ * DESCRIPTION:
+ *
+ *  For each CRL Entry extension stored at NSS structure CERTCertExtension,
+ *  get its derbyte data and do the hash.
+ *
+ * PARAMETERS
+ *  "extensions"
+ *      Address of arrray of CERTCertExtension whose hash value is desired.
+ *      Must be non-NULL.
+ *  "pHashValue"
+ *      Address where the final hash value is returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditional Thread Safe
+ *  Though the value of extensions once created is not supposed to change,
+ *  it may be de-allocated while we are accessing it. But since we are
+ *  validating the object, it is unlikely we or someone is de-allocating
+ *  at the moment.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CRLEntry_Extensions_Hashcode(
+        CERTCertExtension **extensions,
+        PKIX_UInt32 *pHashValue,
+        void *plContext)
+{
+        CERTCertExtension *extension = NULL;
+        PLArenaPool *arena = NULL;
+        PKIX_UInt32 extHash = 0;
+        PKIX_UInt32 hashValue = 0;
+        SECItem *derBytes = NULL;
+        SECItem *resultSecItem = NULL;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Hashcode");
+        PKIX_NULLCHECK_TWO(extensions, pHashValue);
+
+        if (extensions) {
+
+                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }
+
+                while (*extensions) {
+
+                        extension = *extensions++;
+
+                        PKIX_NULLCHECK_ONE(extension);
+
+                        PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
+                        derBytes = PORT_ArenaZNew(arena, SECItem);
+                        if (derBytes == NULL) {
+                                PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+                        }
+
+                        PKIX_CRLENTRY_DEBUG
+                                ("\t\tCalling SEC_ASN1EncodeItem\n");
+                        resultSecItem = SEC_ASN1EncodeItem
+                                (arena,
+                                derBytes,
+                                extension,
+                                CERT_CertExtensionTemplate);
+
+                        if (resultSecItem == NULL){
+                                PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
+                        }
+
+                        PKIX_CHECK(pkix_hash
+                                (derBytes->data,
+                                derBytes->len,
+                                &extHash,
+                                plContext),
+                                PKIX_HASHFAILED);
+
+                        hashValue += (extHash << 7);
+
+                }
+        }
+
+        *pHashValue = hashValue;
+
+cleanup:
+
+        if (arena){
+                /* Note that freeing the arena also frees derBytes */
+                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
+                PORT_FreeArena(arena, PR_FALSE);
+                arena = NULL;
+        }
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRLEntry_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        SECItem *nssDate = NULL;
+        PKIX_PL_CRLEntry *crlEntry = NULL;
+        PKIX_UInt32 crlEntryHash;
+        PKIX_UInt32 hashValue;
+        PKIX_Int32 reasonCode = 0;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_CRLENTRY_TYPE, plContext),
+                    PKIX_OBJECTNOTCRLENTRY);
+
+        crlEntry = (PKIX_PL_CRLEntry *)object;
+
+        PKIX_NULLCHECK_ONE(crlEntry->nssCrlEntry);
+        nssDate = &(crlEntry->nssCrlEntry->revocationDate);
+
+        PKIX_NULLCHECK_ONE(nssDate->data);
+
+        PKIX_CHECK(pkix_hash
+                ((const unsigned char *)nssDate->data,
+                nssDate->len,
+                &crlEntryHash,
+                plContext),
+                PKIX_ERRORGETTINGHASHCODE);
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode
+                ((PKIX_PL_Object *)crlEntry->serialNumber,
+                &hashValue,
+                plContext),
+                PKIX_OBJECTHASHCODEFAILED);
+
+        crlEntryHash += (hashValue << 7);
+
+        hashValue = 0;
+
+        if (crlEntry->nssCrlEntry->extensions) {
+
+                PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Hashcode
+                    (crlEntry->nssCrlEntry->extensions, &hashValue, plContext),
+                    PKIX_CRLENTRYEXTENSIONSHASHCODEFAILED);
+        }
+
+        crlEntryHash += (hashValue << 7);
+
+        PKIX_CHECK(PKIX_PL_CRLEntry_GetCRLEntryReasonCode
+                (crlEntry, &reasonCode, plContext),
+                PKIX_CRLENTRYGETCRLENTRYREASONCODEFAILED);
+
+        crlEntryHash += (reasonCode + 777) << 3;
+
+        *pHashcode = crlEntryHash;
+
+cleanup:
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLENTRY_Extensions_Equals
+ * DESCRIPTION:
+ *
+ *  Compare each extension's DERbyte data in "firstExtensions" with extension
+ *  in "secondExtensions" in sequential order and store the result in
+ *  "pResult".
+ *
+ * PARAMETERS
+ *  "firstExtensions"
+ *      Address of first NSS structure CERTCertExtension to be compared.
+ *      Must be non-NULL.
+ *  "secondExtensions"
+ *      Address of second NSS structure CERTCertExtension to be compared.
+ *      Must be non-NULL.
+ *  "pResult"
+ *      Address where the comparison result is returned. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *  Though the value of extensions once created is not supposed to change,
+ *  it may be de-allocated while we are accessing it. But since we are
+ *  validating the object, it is unlikely we or someone is de-allocating
+ *  at the moment.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CRLEntry_Extensions_Equals(
+        CERTCertExtension **extensions1,
+        CERTCertExtension **extensions2,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        CERTCertExtension **firstExtensions;
+        CERTCertExtension **secondExtensions;
+        CERTCertExtension *firstExtension = NULL;
+        CERTCertExtension *secondExtension = NULL;
+        PLArenaPool *arena = NULL;
+        PKIX_Boolean cmpResult = PKIX_FALSE;
+        SECItem *firstDerBytes = NULL;
+        SECItem *secondDerBytes = NULL;
+        SECItem *firstResultSecItem = NULL;
+        SECItem *secondResultSecItem = NULL;
+        PKIX_UInt32 firstNumExt = 0;
+        PKIX_UInt32 secondNumExt = 0;
+        SECComparison secResult;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Extensions_Equals");
+        PKIX_NULLCHECK_THREE(extensions1, extensions2, pResult);
+
+        firstExtensions = extensions1;
+        secondExtensions = extensions2;
+
+        if (firstExtensions) {
+                while (*firstExtensions) {
+                        firstExtension = *firstExtensions++;
+                        firstNumExt++;
+                }
+        }
+
+        if (secondExtensions) {
+                while (*secondExtensions) {
+                        secondExtension = *secondExtensions++;
+                        secondNumExt++;
+                }
+        }
+
+        if (firstNumExt != secondNumExt) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        if (firstNumExt == 0 && secondNumExt == 0) {
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /* now have equal number, but non-zero extension items to compare */
+
+        firstExtensions = extensions1;
+        secondExtensions = extensions2;
+
+        cmpResult = PKIX_TRUE;
+
+        PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_NewArena\n");
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE*2);
+        if (arena == NULL) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        while (firstNumExt--) {
+
+                firstExtension = *firstExtensions++;
+                secondExtension = *secondExtensions++;
+
+                PKIX_NULLCHECK_TWO(firstExtension, secondExtension);
+
+                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
+                firstDerBytes = PORT_ArenaZNew(arena, SECItem);
+                if (firstDerBytes == NULL) {
+                        PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+                }
+
+                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_ArenaZNew\n");
+                secondDerBytes = PORT_ArenaZNew(arena, SECItem);
+                if (secondDerBytes == NULL) {
+                        PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+                }
+
+                PKIX_CRLENTRY_DEBUG
+                        ("\t\tCalling SEC_ASN1EncodeItem\n");
+                firstResultSecItem = SEC_ASN1EncodeItem
+                        (arena,
+                        firstDerBytes,
+                        firstExtension,
+                        CERT_CertExtensionTemplate);
+
+                if (firstResultSecItem == NULL){
+                        PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
+                }
+
+                PKIX_CRLENTRY_DEBUG
+                        ("\t\tCalling SEC_ASN1EncodeItem\n");
+                secondResultSecItem = SEC_ASN1EncodeItem
+                        (arena,
+                        secondDerBytes,
+                        secondExtension,
+                        CERT_CertExtensionTemplate);
+
+                if (secondResultSecItem == NULL){
+                        PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
+                }
+
+                PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
+                secResult = SECITEM_CompareItem
+                        (firstResultSecItem, secondResultSecItem);
+
+                if (secResult != SECEqual) {
+                        cmpResult = PKIX_FALSE;
+                        break;
+                }
+
+        }
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        if (arena){
+                /* Note that freeing the arena also frees derBytes */
+                PKIX_CRLENTRY_DEBUG("\t\tCalling PORT_FreeArena\n");
+                PORT_FreeArena(arena, PR_FALSE);
+                arena = NULL;
+        }
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CRLEntry_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CRLEntry *firstCrlEntry = NULL;
+        PKIX_PL_CRLEntry *secondCrlEntry = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult = PKIX_FALSE;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CRLEntry */
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_CRLENTRY_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTCRLENTRY);
+
+        firstCrlEntry = (PKIX_PL_CRLEntry *)firstObject;
+        secondCrlEntry = (PKIX_PL_CRLEntry *)secondObject;
+
+        PKIX_NULLCHECK_TWO
+                (firstCrlEntry->nssCrlEntry, secondCrlEntry->nssCrlEntry);
+
+        /*
+         * Since we know firstObject is a CRLEntry, if both references are
+         * identical, they must be equal
+         */
+        if (firstCrlEntry == secondCrlEntry){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondCrlEntry isn't a CRL Entry, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    ((PKIX_PL_Object *)secondCrlEntry, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_CRLENTRY_TYPE) goto cleanup;
+
+        /* Compare userSerialNumber */
+        PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
+        if (SECITEM_CompareItem(
+            &(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->serialNumber),
+            &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->serialNumber))
+            != SECEqual) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        /* Compare revocationDate */
+        PKIX_CRLENTRY_DEBUG("\t\tCalling SECITEM_CompareItem\n");
+        if (SECITEM_CompareItem
+            (&(((PKIX_PL_CRLEntry *)firstCrlEntry)->nssCrlEntry->
+                revocationDate),
+            &(((PKIX_PL_CRLEntry *)secondCrlEntry)->nssCrlEntry->
+                revocationDate))
+            != SECEqual) {
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        /* Compare Critical Extension List */
+        PKIX_CHECK(pkix_pl_CRLEntry_Extensions_Equals
+                    (firstCrlEntry->nssCrlEntry->extensions,
+                    secondCrlEntry->nssCrlEntry->extensions,
+                    &cmpResult,
+                    plContext),
+                    PKIX_CRLENTRYEXTENSIONSEQUALSFAILED);
+
+        if (cmpResult != PKIX_TRUE){
+                *pResult = PKIX_FALSE;
+                goto cleanup;
+        }
+
+        cmpResult = (firstCrlEntry->userReasonCode ==
+                    secondCrlEntry->userReasonCode);
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CRLEntry_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CRLEntry_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_RegisterSelf");
+
+        entry.description = "CRLEntry";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_CRLEntry);
+        entry.destructor = pkix_pl_CRLEntry_Destroy;
+        entry.equalsFunction = pkix_pl_CRLEntry_Equals;
+        entry.hashcodeFunction = pkix_pl_CRLEntry_Hashcode;
+        entry.toStringFunction = pkix_pl_CRLEntry_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_CRLENTRY_TYPE] = entry;
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_CreateEntry
+ * DESCRIPTION:
+ *
+ *  Creates a new CRLEntry using the CertCrlEntry pointed to by "nssCrlEntry"
+ *  and stores it at "pCrlEntry". Once created, a CRLEntry is immutable.
+ *
+ *  revokedCertificates SEQUENCE OF SEQUENCE  {
+ *              userCertificate         CertificateSerialNumber,
+ *              revocationDate          Time,
+ *              crlEntryExtensions      Extensions OPTIONAL
+ *                                      -- if present, MUST be v2
+ *
+ * PARAMETERS:
+ *  "nssCrlEntry"
+ *      Address of CERTCrlEntry representing an NSS CRL entry.
+ *      Must be non-NULL.
+ *  "pCrlEntry"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLEntry Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CRLEntry_CreateEntry(
+        CERTCrlEntry *nssCrlEntry, /* entry data to be created from */
+        PKIX_PL_CRLEntry **pCrlEntry,
+        void *plContext)
+{
+        PKIX_PL_CRLEntry *crlEntry = NULL;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_CreateEntry");
+        PKIX_NULLCHECK_TWO(nssCrlEntry, pCrlEntry);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CRLENTRY_TYPE,
+                    sizeof (PKIX_PL_CRLEntry),
+                    (PKIX_PL_Object **)&crlEntry,
+                    plContext),
+                    PKIX_COULDNOTCREATECRLENTRYOBJECT);
+
+        crlEntry->nssCrlEntry = nssCrlEntry;
+        crlEntry->serialNumber = NULL;
+        crlEntry->critExtOids = NULL;
+        crlEntry->userReasonCode = 0;
+        crlEntry->userReasonCodeAbsent = PKIX_FALSE;
+
+        *pCrlEntry = crlEntry;
+
+cleanup:
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: pkix_pl_CRLEntry_Create
+ * DESCRIPTION:
+ *
+ *  Creates a List of CRLEntries using the array of CERTCrlEntries pointed to
+ *  by "nssCrlEntries" and stores it at "pCrlEntryList". If "nssCrlEntries" is
+ *  NULL, this function stores an empty List at "pCrlEntryList".
+ *                              }
+ * PARAMETERS:
+ *  "nssCrlEntries"
+ *      Address of array of CERTCrlEntries representing NSS CRL entries.
+ *      Can be NULL if CRL has no NSS CRL entries.
+ *  "pCrlEntryList"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRLEntry Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CRLEntry_Create(
+        CERTCrlEntry **nssCrlEntries, /* head of entry list */
+        PKIX_List **pCrlEntryList,
+        void *plContext)
+{
+        PKIX_List *entryList = NULL;
+        PKIX_PL_CRLEntry *crlEntry = NULL;
+        CERTCrlEntry **entries = NULL;
+        SECItem serialNumberItem;
+        PKIX_PL_BigInt *serialNumber;
+        char *bytes = NULL;
+        PKIX_UInt32 length;
+
+        PKIX_ENTER(CRLENTRY, "pkix_pl_CRLEntry_Create");
+        PKIX_NULLCHECK_ONE(pCrlEntryList);
+
+        entries = nssCrlEntries;
+
+        PKIX_CHECK(PKIX_List_Create(&entryList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        if (entries) {
+            while (*entries){
+                PKIX_CHECK(pkix_pl_CRLEntry_CreateEntry
+                            (*entries, &crlEntry, plContext),
+                            PKIX_COULDNOTCREATECRLENTRYOBJECT);
+
+                /* Get Serial Number */
+                serialNumberItem = (*entries)->serialNumber;
+                length = serialNumberItem.len;
+                bytes = (char *)serialNumberItem.data;
+
+                PKIX_CHECK(pkix_pl_BigInt_CreateWithBytes
+                            (bytes, length, &serialNumber, plContext),
+                            PKIX_BIGINTCREATEWITHBYTESFAILED);
+
+                crlEntry->serialNumber = serialNumber;
+                crlEntry->nssCrlEntry = *entries;
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                            (entryList, (PKIX_PL_Object *)crlEntry, plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+
+                PKIX_DECREF(crlEntry);
+
+                entries++;
+            }
+        }
+
+        *pCrlEntryList = entryList;
+
+cleanup:
+        PKIX_DECREF(crlEntry);
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(entryList);
+        }
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/* --Public-CRLENTRY-Functions------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_CRLEntry_GetCRLEntryReasonCode
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRLEntry_GetCRLEntryReasonCode (
+        PKIX_PL_CRLEntry *crlEntry,
+        PKIX_Int32 *pReason,
+        void *plContext)
+{
+        SECStatus status;
+        CERTCRLEntryReasonCode nssReasonCode;
+
+        PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCRLEntryReasonCode");
+        PKIX_NULLCHECK_TWO(crlEntry, pReason);
+
+        if (!crlEntry->userReasonCodeAbsent && crlEntry->userReasonCode == 0) {
+
+            PKIX_OBJECT_LOCK(crlEntry);
+
+            if (!crlEntry->userReasonCodeAbsent &&
+                crlEntry->userReasonCode == 0) {
+
+                /* reason code has not been cached in */
+                PKIX_CRLENTRY_DEBUG("\t\tCERT_FindCRLEntryReasonExten.\n");
+                status = CERT_FindCRLEntryReasonExten
+                        (crlEntry->nssCrlEntry, &nssReasonCode);
+
+                if (status == SECSuccess) {
+                        crlEntry->userReasonCode = (PKIX_Int32) nssReasonCode;
+                } else {
+                        crlEntry->userReasonCodeAbsent = PKIX_TRUE;
+                }
+            }
+
+            PKIX_OBJECT_UNLOCK(crlEntry);
+
+        }
+
+        *pReason = crlEntry->userReasonCode;
+
+cleanup:
+
+        PKIX_RETURN(CRLENTRY);
+}
+
+/*
+ * FUNCTION: PKIX_PL_CRLEntry_GetCriticalExtensionOIDs
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_CRLEntry_GetCriticalExtensionOIDs (
+        PKIX_PL_CRLEntry *crlEntry,
+        PKIX_List **pList,  /* list of PKIX_PL_OID */
+        void *plContext)
+{
+        PKIX_List *oidsList = NULL;
+        CERTCertExtension **extensions;
+
+        PKIX_ENTER(CRLENTRY, "PKIX_PL_CRLEntry_GetCriticalExtensionOIDs");
+        PKIX_NULLCHECK_THREE(crlEntry, crlEntry->nssCrlEntry, pList);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (crlEntry->critExtOids == NULL) {
+
+                PKIX_OBJECT_LOCK(crlEntry);
+
+                if (crlEntry->critExtOids == NULL) {
+
+                        extensions = crlEntry->nssCrlEntry->extensions;
+
+                        PKIX_CHECK(pkix_pl_OID_GetCriticalExtensionOIDs
+                                    (extensions, &oidsList, plContext),
+                                    PKIX_GETCRITICALEXTENSIONOIDSFAILED);
+
+                        crlEntry->critExtOids = oidsList;
+                }
+
+                PKIX_OBJECT_UNLOCK(crlEntry);
+
+        }
+
+        /* We should return a copy of the List since this list changes */
+        PKIX_DUPLICATE(crlEntry->critExtOids, pList, plContext,
+                PKIX_OBJECTDUPLICATELISTFAILED);
+
+cleanup:
+
+        PKIX_RETURN(CRLENTRY);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h
new file mode 100644
index 0000000..9cdb6bc
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crlentry.h
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_crlentry.h
+ *
+ * CRL Entry Type Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_CRLENTRY_H
+#define _PKIX_PL_CRLENTRY_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define PKIX_PL_CRL_REASONCODE_NOTSET (-1)
+
+struct PKIX_PL_CRLEntryStruct {
+        CERTCrlEntry *nssCrlEntry;
+        PKIX_PL_BigInt *serialNumber;
+        PKIX_List *critExtOids;
+        PKIX_Int32 userReasonCode;
+        PKIX_Boolean userReasonCodeAbsent;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_CRLEntry_RegisterSelf(void *plContext);
+
+/* following functions are called by CRL only hence not public */
+
+PKIX_Error *
+pkix_pl_CRLEntry_Create(
+        CERTCrlEntry **nssCrlEntry, /* head of entry list */
+        PKIX_List **pCrlEntryList,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_CRLENTRY_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c
new file mode 100644
index 0000000..4b5016b
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.c
@@ -0,0 +1,466 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_date.c
+ *
+ * Date Object Definitions
+ *
+ */
+
+#include "pkix_pl_date.h"
+
+/* --Private-Date-Functions------------------------------------- */
+/*
+ * FUNCTION: pkix_pl_Date_GetPRTime
+ * DESCRIPTION:
+ *
+ *  Translates into a PRTime the Date embodied by the Date object pointed to
+ *  by "date", and stores it at "pPRTime".
+ *
+ * PARAMETERS
+ *  "date"
+ *      Address of Date whose PRTime representation is desired. Must be
+ *      non-NULL.
+ *  "pPRTime"
+ *      Address where PRTime value will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Date Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Date_GetPRTime(
+        PKIX_PL_Date *date,
+        PRTime *pPRTime,
+        void *plContext)
+{
+        PKIX_ENTER(DATE, "PKIX_PL_Date_GetPRTime");
+        PKIX_NULLCHECK_TWO(date, pPRTime);
+
+        *pPRTime = date->nssTime;
+
+        PKIX_RETURN(DATE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Date_CreateFromPRTime
+ * DESCRIPTION:
+ *
+ *  Creates a new Date from the PRTime whose value is "prtime", and stores the
+ *  result at "pDate".
+ *
+ * PARAMETERS
+ *  "prtime"
+ *      The PRTime value to be embodied in the new Date object.
+ *  "pDate"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Date Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Date_CreateFromPRTime(
+        PRTime prtime,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+        PKIX_PL_Date *date = NULL;
+
+        PKIX_ENTER(DATE, "PKIX_PL_Date_CreateFromPRTime");
+        PKIX_NULLCHECK_ONE(pDate);
+
+        /* create a PKIX_PL_Date object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_DATE_TYPE,
+                    sizeof (PKIX_PL_Date),
+                    (PKIX_PL_Object **)&date,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+        /* populate the nssTime field */
+        date->nssTime = prtime;
+        *pDate = date;
+cleanup:
+        PKIX_RETURN(DATE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Date_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of the SECItem pointed
+ *  to by "nssTime" (which represents a date) and stores it at "pString".
+ *
+ * PARAMETERS
+ *  "nssTime"
+ *      Address of SECItem whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Date Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Date_ToString_Helper(
+        SECItem *nssTime,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        char *asciiDate = NULL;
+
+        PKIX_ENTER(DATE, "pkix_pl_Date_ToString_Helper");
+        PKIX_NULLCHECK_TWO(nssTime, pString);
+
+        switch (nssTime->type) {
+        case siUTCTime:
+                PKIX_PL_NSSCALLRV
+                        (DATE, asciiDate, DER_UTCDayToAscii, (nssTime));
+                if (!asciiDate){
+                        PKIX_ERROR(PKIX_DERUTCTIMETOASCIIFAILED);
+                }
+                break;
+        case siGeneralizedTime:
+                /*
+                 * we don't currently have any way to create GeneralizedTime.
+                 * this code is only here so that it will be in place when
+                 * we do have the capability to create GeneralizedTime.
+                 */
+                PKIX_PL_NSSCALLRV
+                        (DATE, asciiDate, DER_GeneralizedDayToAscii, (nssTime));
+                if (!asciiDate){
+                        PKIX_ERROR(PKIX_DERGENERALIZEDDAYTOASCIIFAILED);
+                }
+                break;
+        default:
+                PKIX_ERROR(PKIX_UNRECOGNIZEDTIMETYPE);
+        }
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII, asciiDate, 0, pString, plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+cleanup:
+        PR_Free(asciiDate);
+
+        PKIX_RETURN(DATE);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_Date_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Date_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ENTER(DATE, "pkix_pl_Date_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_DATE_TYPE, plContext),
+                    PKIX_OBJECTNOTDATE);
+cleanup:
+        PKIX_RETURN(DATE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Date_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Date_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_Date *date = NULL;
+        SECItem nssTime = {siBuffer, NULL, 0};
+        SECStatus rv;
+
+        PKIX_ENTER(DATE, "pkix_pl_Date_toString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_DATE_TYPE, plContext),
+                    PKIX_OBJECTNOTDATE);
+
+        date = (PKIX_PL_Date *)object;
+        rv = DER_EncodeTimeChoice(NULL, &nssTime, date->nssTime);
+        if (rv == SECFailure) {
+            PKIX_ERROR(PKIX_DERENCODETIMECHOICEFAILED);
+        }
+        PKIX_CHECK(pkix_pl_Date_ToString_Helper
+                    (&nssTime, pString, plContext),
+                    PKIX_DATETOSTRINGHELPERFAILED);
+cleanup:
+        if (nssTime.data) {
+            SECITEM_FreeItem(&nssTime, PR_FALSE);
+        }
+
+        PKIX_RETURN(DATE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Date_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Date_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_Date *date = NULL;
+        PKIX_UInt32 dateHash;
+
+        PKIX_ENTER(DATE, "pkix_pl_Date_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_DATE_TYPE, plContext),
+                    PKIX_OBJECTNOTDATE);
+
+        date = (PKIX_PL_Date *)object;
+
+        PKIX_CHECK(pkix_hash
+                ((const unsigned char *)&date->nssTime,
+                sizeof(date->nssTime),
+                &dateHash,
+                plContext),
+                PKIX_HASHFAILED);
+
+        *pHashcode = dateHash;
+
+cleanup:
+
+        PKIX_RETURN(DATE);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_Date_Comparator
+ * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Date_Comparator(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PRTime firstTime;
+        PRTime secondTime;
+        SECComparison cmpResult;
+
+        PKIX_ENTER(DATE, "pkix_pl_Date_Comparator");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        PKIX_CHECK(pkix_CheckTypes
+                    (firstObject, secondObject, PKIX_DATE_TYPE, plContext),
+                    PKIX_ARGUMENTSNOTDATES);
+
+        firstTime = ((PKIX_PL_Date *)firstObject)->nssTime;
+        secondTime = ((PKIX_PL_Date *)secondObject)->nssTime;
+
+        if (firstTime == secondTime)
+            cmpResult = SECEqual;
+        else if (firstTime < secondTime)
+            cmpResult = SECLessThan;
+        else
+            cmpResult = SECGreaterThan;
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(DATE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Date_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Date_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_ENTER(DATE, "pkix_pl_Date_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a Date */
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_DATE_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTDATE);
+
+        /*
+         * Since we know firstObject is a Date, if both references are
+         * identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        *pResult = PKIX_FALSE;
+        pkixErrorResult =
+            pkix_pl_Date_Comparator(firstObject, secondObject,
+                                    pResult, plContext);
+        if (pkixErrorResult) {
+            PKIX_DECREF(pkixErrorResult);
+        }
+            
+cleanup:
+
+        PKIX_RETURN(DATE);
+}
+
+/*
+ * FUNCTION: pkix_pl_Date_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_DATE_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_Date_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry* entry = &systemClasses[PKIX_DATE_TYPE];
+
+        PKIX_ENTER(CRLCHECKER, "pkix_CrlDp_RegisterSelf");
+
+        entry->description = "Date";
+        entry->typeObjectSize = sizeof(PKIX_PL_Date);
+        entry->destructor = pkix_pl_Date_Destroy;
+        entry->equalsFunction = pkix_pl_Date_Equals;
+        entry->hashcodeFunction = pkix_pl_Date_Hashcode;
+        entry->toStringFunction = pkix_pl_Date_ToString;
+        entry->comparator = pkix_pl_Date_Comparator;
+        entry->duplicateFunction = pkix_duplicateImmutable;
+
+        PKIX_RETURN(DATE);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_Date_Create_UTCTime (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Date_Create_UTCTime(
+        PKIX_PL_String *stringRep,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+        PKIX_PL_Date *date = NULL;
+        char *asciiString = NULL;
+        PKIX_UInt32 escAsciiLength;
+        SECStatus rv;
+        PRTime time;
+
+        PKIX_ENTER(DATE, "PKIX_PL_Date_Create_UTCTime");
+        PKIX_NULLCHECK_ONE(pDate);
+
+        if (stringRep == NULL){
+                PKIX_DATE_DEBUG("\t\tCalling PR_Now).\n");
+                time = PR_Now();
+        } else {
+                /* convert the input PKIX_PL_String to PKIX_ESCASCII */
+                PKIX_CHECK(PKIX_PL_String_GetEncoded
+                            (stringRep,
+                            PKIX_ESCASCII,
+                            (void **)&asciiString,
+                            &escAsciiLength,
+                            plContext),
+                            PKIX_STRINGGETENCODEDFAILED);
+
+                PKIX_DATE_DEBUG("\t\tCalling DER_AsciiToTime).\n");
+                /* DER_AsciiToTime only supports UTCTime (2-digit years) */
+                rv = DER_AsciiToTime(&time, asciiString);
+                if (rv != SECSuccess){
+                        PKIX_ERROR(PKIX_DERASCIITOTIMEFAILED);
+                }
+        }
+
+        /* create a PKIX_PL_Date object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_DATE_TYPE,
+                    sizeof (PKIX_PL_Date),
+                    (PKIX_PL_Object **)&date,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        /* populate the nssTime field */
+        date->nssTime = time;
+        *pDate = date;
+
+cleanup:
+        PKIX_FREE(asciiString);
+
+        PKIX_RETURN(DATE);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Date_Create_CurrentOffBySeconds
+ * (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_Date_Create_CurrentOffBySeconds(
+        PKIX_Int32 secondsOffset,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+        PKIX_PL_Date *date = NULL;
+        PRTime time;
+
+        PKIX_ENTER(DATE, "PKIX_PL_Date_Create_CurrentOffBySeconds");
+        PKIX_NULLCHECK_ONE(pDate);
+
+        time = PR_Now() + PR_SecondsToInterval(secondsOffset);
+        /* create a PKIX_PL_Date object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_DATE_TYPE,
+                    sizeof (PKIX_PL_Date),
+                    (PKIX_PL_Object **)&date,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        /* populate the nssTime field */
+        date->nssTime = time;
+        *pDate = date;
+
+cleanup:
+        PKIX_RETURN(DATE);
+}
+
+PKIX_Error *
+PKIX_PL_Date_CreateFromPRTime(
+        PRTime prtime,
+        PKIX_PL_Date **pDate,
+        void *plContext)
+{
+    PKIX_ENTER(DATE, "PKIX_PL_Date_CreateFromPRTime");
+    PKIX_CHECK(
+        pkix_pl_Date_CreateFromPRTime(prtime, pDate, plContext),
+        PKIX_DATECREATEFROMPRTIMEFAILED);
+
+cleanup:
+    PKIX_RETURN(DATE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h
new file mode 100644
index 0000000..4155975
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_date.h
@@ -0,0 +1,55 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_date.h
+ *
+ * Date Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_DATE_H
+#define _PKIX_PL_DATE_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_DateStruct{
+        PRTime nssTime;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_Date_ToString_Helper(
+        SECItem *nssTime,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+PKIX_Error *pkix_pl_Date_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_Date_GetPRTime(
+        PKIX_PL_Date *date,
+        PRTime *pPRTime,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_Date_CreateFromPRTime(
+        PRTime prtime,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+PKIX_Error *
+PKIX_PL_Date_CreateFromPRTime(
+        PRTime prtime,
+        PKIX_PL_Date **pDate,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_DATE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c
new file mode 100644
index 0000000..9e9a74c
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.c
@@ -0,0 +1,873 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_generalname.c
+ *
+ * GeneralName Object Definitions
+ *
+ */
+
+#include "pkix_pl_generalname.h"
+
+/* --Private-GeneralName-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_GetNssGeneralName
+ * DESCRIPTION:
+ *
+ *  Retrieves the NSS representation of the PKIX_PL_GeneralName pointed by
+ *  "genName" and stores it at "pNssGenName". The NSS data type CERTGeneralName
+ *  is stored in this object when the object was created.
+ *
+ * PARAMETERS:
+ *  "genName"
+ *      Address of PKIX_PL_GeneralName. Must be non-NULL.
+ *  "pNssGenName"
+ *      Address where CERTGeneralName will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a GeneralName Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_GeneralName_GetNssGeneralName(
+        PKIX_PL_GeneralName *genName,
+        CERTGeneralName **pNssGenName,
+        void *plContext)
+{
+        CERTGeneralName *nssGenName = NULL;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_GetNssGeneralName");
+        PKIX_NULLCHECK_THREE(genName, pNssGenName, genName->nssGeneralNameList);
+
+        nssGenName = genName->nssGeneralNameList->name;
+
+        *pNssGenName = nssGenName;
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_OtherName_Create
+ * DESCRIPTION:
+ *
+ *  Creates new OtherName which represents the CERTGeneralName pointed to by
+ *  "nssAltName" and stores it at "pOtherName".
+ *
+ * PARAMETERS:
+ *  "nssAltName"
+ *      Address of CERTGeneralName. Must be non-NULL.
+ *  "pOtherName"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a GeneralName Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_OtherName_Create(
+        CERTGeneralName *nssAltName,
+        OtherName **pOtherName,
+        void *plContext)
+{
+        OtherName *otherName = NULL;
+        SECItem secItemName;
+        SECItem secItemOID;
+        SECStatus rv;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_OtherName_Create");
+        PKIX_NULLCHECK_TWO(nssAltName, pOtherName);
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (sizeof (OtherName), (void **)&otherName, plContext),
+                    PKIX_MALLOCFAILED);
+
+        /* make a copy of the name field */
+        PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CopyItem).\n");
+        rv = SECITEM_CopyItem
+                (NULL, &otherName->name, &nssAltName->name.OthName.name);
+        if (rv != SECSuccess) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        /* make a copy of the oid field */
+        PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CopyItem).\n");
+        rv = SECITEM_CopyItem
+                (NULL, &otherName->oid, &nssAltName->name.OthName.oid);
+        if (rv != SECSuccess) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        *pOtherName = otherName;
+
+cleanup:
+
+        if (otherName && PKIX_ERROR_RECEIVED){
+                secItemName = otherName->name;
+                secItemOID = otherName->oid;
+
+                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
+                SECITEM_FreeItem(&secItemName, PR_FALSE);
+
+                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
+                SECITEM_FreeItem(&secItemOID, PR_FALSE);
+
+                PKIX_FREE(otherName);
+                otherName = NULL;
+        }
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_DirectoryName_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new X500Name which represents the directoryName component of the
+ *  CERTGeneralName pointed to by "nssAltName" and stores it at "pX500Name".
+ *
+ * PARAMETERS:
+ *  "nssAltName"
+ *      Address of CERTGeneralName. Must be non-NULL.
+ *  "pX500Name"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a GeneralName Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_DirectoryName_Create(
+        CERTGeneralName *nssAltName,
+        PKIX_PL_X500Name **pX500Name,
+        void *plContext)
+{
+        PKIX_PL_X500Name *pkixDN = NULL;
+        CERTName *dirName = NULL;
+        PKIX_PL_String *pkixDNString = NULL;
+        char *utf8String = NULL;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_DirectoryName_Create");
+        PKIX_NULLCHECK_TWO(nssAltName, pX500Name);
+
+        dirName = &nssAltName->name.directoryName;
+
+        PKIX_CHECK(PKIX_PL_X500Name_CreateFromCERTName(NULL, dirName, 
+                                                       &pkixDN, plContext),
+                   PKIX_X500NAMECREATEFROMCERTNAMEFAILED);
+
+        *pX500Name = pkixDN;
+
+cleanup:
+
+        PR_Free(utf8String);
+        PKIX_DECREF(pkixDNString);
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_Create
+ * DESCRIPTION:
+ *
+ *  Creates new GeneralName which represents the CERTGeneralName pointed to by
+ *  "nssAltName" and stores it at "pGenName".
+ *
+ * PARAMETERS:
+ *  "nssAltName"
+ *      Address of CERTGeneralName. Must be non-NULL.
+ *  "pGenName"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a GeneralName Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_GeneralName_Create(
+        CERTGeneralName *nssAltName,
+        PKIX_PL_GeneralName **pGenName,
+        void *plContext)
+{
+        PKIX_PL_GeneralName *genName = NULL;
+        PKIX_PL_X500Name *pkixDN = NULL;
+        PKIX_PL_OID *pkixOID = NULL;
+        OtherName *otherName = NULL;
+        CERTGeneralNameList *nssGenNameList = NULL;
+        CERTGeneralNameType nameType;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Create");
+        PKIX_NULLCHECK_TWO(nssAltName, pGenName);
+
+        /* create a PKIX_PL_GeneralName object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_GENERALNAME_TYPE,
+                    sizeof (PKIX_PL_GeneralName),
+                    (PKIX_PL_Object **)&genName,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        nameType = nssAltName->type;
+
+        /*
+         * We use CERT_CreateGeneralNameList to create just one CERTGeneralName
+         * item for memory allocation reason. If we want to just create one
+         * item, we have to use the calling path CERT_NewGeneralName, then
+         * CERT_CopyOneGeneralName. With this calling path, if we pass
+         * the arena argument as NULL, in CERT_CopyOneGeneralName's subsequent
+         * call to CERT_CopyName, it assumes arena should be valid, hence
+         * segmentation error (not sure this is a NSS bug, certainly it is
+         * not consistent). But on the other hand, we don't want to keep an
+         * arena record here explicitely for every PKIX_PL_GeneralName.
+         * So I concluded it is better to use CERT_CreateGeneralNameList,
+         * which keeps an arena pointer in its data structure and also masks
+         * out details calls from this libpkix level.
+         */
+
+        PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_CreateGeneralNameList).\n");
+        nssGenNameList = CERT_CreateGeneralNameList(nssAltName);
+
+        if (nssGenNameList == NULL) {
+                PKIX_ERROR(PKIX_CERTCREATEGENERALNAMELISTFAILED);
+        }
+
+        genName->nssGeneralNameList = nssGenNameList;
+
+        /* initialize fields */
+        genName->type = nameType;
+        genName->directoryName = NULL;
+        genName->OthName = NULL;
+        genName->other = NULL;
+        genName->oid = NULL;
+
+        switch (nameType){
+        case certOtherName:
+
+                PKIX_CHECK(pkix_pl_OtherName_Create
+                            (nssAltName, &otherName, plContext),
+                            PKIX_OTHERNAMECREATEFAILED);
+
+                genName->OthName = otherName;
+                break;
+
+        case certDirectoryName:
+
+                PKIX_CHECK(pkix_pl_DirectoryName_Create
+                            (nssAltName, &pkixDN, plContext),
+                            PKIX_DIRECTORYNAMECREATEFAILED);
+
+                genName->directoryName = pkixDN;
+                break;
+        case certRegisterID:
+                PKIX_CHECK(PKIX_PL_OID_CreateBySECItem(&nssAltName->name.other,
+                                                       &pkixOID, plContext),
+                            PKIX_OIDCREATEFAILED);
+
+                genName->oid = pkixOID;
+                break;
+        case certDNSName:
+        case certEDIPartyName:
+        case certIPAddress:
+        case certRFC822Name:
+        case certX400Address:
+        case certURI:
+                genName->other = SECITEM_DupItem(&nssAltName->name.other);
+                if (!genName->other) {
+                    PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }     
+                break;
+        default:
+                PKIX_ERROR(PKIX_NAMETYPENOTSUPPORTED);
+        }
+
+        *pGenName = genName;
+        genName = NULL;
+
+cleanup:
+        PKIX_DECREF(genName);
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of the GeneralName
+ *  pointed to by "name" and stores it at "pString" Different mechanisms are
+ *  used to create the string, depending on the type of the GeneralName.
+ *
+ * PARAMETERS
+ *  "name"
+ *      Address of GeneralName whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a GeneralName Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_GeneralName_ToString_Helper(
+        PKIX_PL_GeneralName *name,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_X500Name *pkixDN = NULL;
+        PKIX_PL_OID *pkixOID = NULL;
+        char *x400AsciiName = NULL;
+        char *ediPartyName = NULL;
+        char *asciiName = NULL;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_ToString_Helper");
+        PKIX_NULLCHECK_TWO(name, pString);
+
+        switch (name->type) {
+        case certRFC822Name:
+        case certDNSName:
+        case certURI:
+                /*
+                 * Note that we can't use PKIX_ESCASCII here because
+                 * name->other->data is not guaranteed to be null-terminated.
+                 */
+
+                PKIX_NULLCHECK_ONE(name->other);
+
+                PKIX_CHECK(PKIX_PL_String_Create(PKIX_UTF8,
+                                                (name->other)->data,
+                                                (name->other)->len,
+                                                pString,
+                                                plContext),
+                            PKIX_STRINGCREATEFAILED);
+                break;
+        case certEDIPartyName:
+                /* XXX print out the actual bytes */
+                ediPartyName = "EDIPartyName: <DER-encoded value>";
+                PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                ediPartyName,
+                                                0,
+                                                pString,
+                                                plContext),
+                            PKIX_STRINGCREATEFAILED);
+                break;
+        case certX400Address:
+                /* XXX print out the actual bytes */
+                x400AsciiName = "X400Address: <DER-encoded value>";
+                PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                x400AsciiName,
+                                                0,
+                                                pString,
+                                                plContext),
+                            PKIX_STRINGCREATEFAILED);
+                break;
+        case certIPAddress:
+                PKIX_CHECK(pkix_pl_ipAddrBytes2Ascii
+                            (name->other, &asciiName, plContext),
+                            PKIX_IPADDRBYTES2ASCIIFAILED);
+
+                PKIX_CHECK(PKIX_PL_String_Create(PKIX_ESCASCII,
+                                                asciiName,
+                                                0,
+                                                pString,
+                                                plContext),
+                            PKIX_STRINGCREATEFAILED);
+                break;
+        case certOtherName:
+                PKIX_NULLCHECK_ONE(name->OthName);
+
+                /* we only print type-id - don't know how to print value */
+                /* XXX print out the bytes of the value */
+                PKIX_CHECK(pkix_pl_oidBytes2Ascii
+                            (&name->OthName->oid, &asciiName, plContext),
+                            PKIX_OIDBYTES2ASCIIFAILED);
+
+                PKIX_CHECK(PKIX_PL_String_Create
+                            (PKIX_ESCASCII,
+                            asciiName,
+                            0,
+                            pString,
+                            plContext),
+                            PKIX_STRINGCREATEFAILED);
+                break;
+        case certRegisterID:
+                pkixOID = name->oid;
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                            ((PKIX_PL_Object *)pkixOID, pString, plContext),
+                            PKIX_OIDTOSTRINGFAILED);
+                break;
+        case certDirectoryName:
+                pkixDN = name->directoryName;
+                PKIX_CHECK(PKIX_PL_Object_ToString
+                            ((PKIX_PL_Object *)pkixDN, pString, plContext),
+                            PKIX_X500NAMETOSTRINGFAILED);
+                break;
+        default:
+                PKIX_ERROR
+                        (PKIX_TOSTRINGFORTHISGENERALNAMETYPENOTSUPPORTED);
+        }
+
+cleanup:
+
+        PKIX_FREE(asciiName);
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_GeneralName_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_GeneralName *name = NULL;
+        SECItem secItemName;
+        SECItem secItemOID;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_GENERALNAME_TYPE, plContext),
+                    PKIX_OBJECTNOTGENERALNAME);
+
+        name = (PKIX_PL_GeneralName *)object;
+
+        PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
+        SECITEM_FreeItem(name->other, PR_TRUE);
+        name->other = NULL;
+
+        if (name->OthName){
+                secItemName = name->OthName->name;
+                secItemOID = name->OthName->oid;
+
+                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
+                SECITEM_FreeItem(&secItemName, PR_FALSE);
+
+                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
+                SECITEM_FreeItem(&secItemOID, PR_FALSE);
+
+                PKIX_FREE(name->OthName);
+                name->OthName = NULL;
+        }
+
+        if (name->nssGeneralNameList != NULL) {
+                PKIX_GENERALNAME_DEBUG
+                        ("\t\tCalling CERT_DestroyGeneralNameList).\n");
+                CERT_DestroyGeneralNameList(name->nssGeneralNameList);
+        }
+
+        PKIX_DECREF(name->directoryName);
+        PKIX_DECREF(name->oid);
+
+cleanup:
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_GeneralName_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *nameString = NULL;
+        PKIX_PL_GeneralName *name = NULL;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_toString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_GENERALNAME_TYPE, plContext),
+                    PKIX_OBJECTNOTGENERALNAME);
+
+        name = (PKIX_PL_GeneralName *)object;
+
+        PKIX_CHECK(pkix_pl_GeneralName_ToString_Helper
+                    (name, &nameString, plContext),
+                    PKIX_GENERALNAMETOSTRINGHELPERFAILED);
+
+        *pString = nameString;
+
+cleanup:
+
+
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_GeneralName_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_GeneralName *name = NULL;
+        PKIX_UInt32 firstHash, secondHash, nameHash;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_GENERALNAME_TYPE, plContext),
+                    PKIX_OBJECTNOTGENERALNAME);
+
+        name = (PKIX_PL_GeneralName *)object;
+
+        switch (name->type) {
+        case certRFC822Name:
+        case certDNSName:
+        case certX400Address:
+        case certEDIPartyName:
+        case certURI:
+        case certIPAddress:
+                PKIX_NULLCHECK_ONE(name->other);
+                PKIX_CHECK(pkix_hash
+                            ((const unsigned char *)
+                            name->other->data,
+                            name->other->len,
+                            &nameHash,
+                            plContext),
+                            PKIX_HASHFAILED);
+                break;
+        case certRegisterID:
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                            ((PKIX_PL_Object *)name->oid,
+                            &nameHash,
+                            plContext),
+                            PKIX_OIDHASHCODEFAILED);
+                break;
+        case certOtherName:
+                PKIX_NULLCHECK_ONE(name->OthName);
+                PKIX_CHECK(pkix_hash
+                            ((const unsigned char *)
+                            name->OthName->oid.data,
+                            name->OthName->oid.len,
+                            &firstHash,
+                            plContext),
+                            PKIX_HASHFAILED);
+
+                PKIX_CHECK(pkix_hash
+                            ((const unsigned char *)
+                            name->OthName->name.data,
+                            name->OthName->name.len,
+                            &secondHash,
+                            plContext),
+                            PKIX_HASHFAILED);
+
+                nameHash = firstHash + secondHash;
+                break;
+        case certDirectoryName:
+                PKIX_CHECK(PKIX_PL_Object_Hashcode
+                            ((PKIX_PL_Object *)
+                            name->directoryName,
+                            &nameHash,
+                            plContext),
+                            PKIX_X500NAMEHASHCODEFAILED);
+                break;
+        }
+
+        *pHashcode = nameHash;
+
+cleanup:
+
+        PKIX_RETURN(GENERALNAME);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_GeneralName_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_GeneralName *firstName = NULL;
+        PKIX_PL_GeneralName *secondName = NULL;
+        PKIX_UInt32 secondType;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a GeneralName */
+        PKIX_CHECK(pkix_CheckType
+                    (firstObject, PKIX_GENERALNAME_TYPE, plContext),
+                    PKIX_FIRSTOBJECTNOTGENERALNAME);
+
+        /*
+         * Since we know firstObject is a GeneralName, if both references are
+         * identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a GeneralName, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_GENERALNAME_TYPE){
+                goto cleanup;
+        }
+
+        firstName = (PKIX_PL_GeneralName *)firstObject;
+        secondName = (PKIX_PL_GeneralName *)secondObject;
+
+        if (firstName->type != secondName->type){
+                goto cleanup;
+        }
+
+        switch (firstName->type) {
+        case certRFC822Name:
+        case certDNSName:
+        case certX400Address:
+        case certEDIPartyName:
+        case certURI:
+        case certIPAddress:
+                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
+                if (SECITEM_CompareItem(firstName->other,
+                                        secondName->other) != SECEqual) {
+                        goto cleanup;
+                }
+                break;
+        case certRegisterID:
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object *)firstName->oid,
+                            (PKIX_PL_Object *)secondName->oid,
+                            pResult,
+                            plContext),
+                            PKIX_OIDEQUALSFAILED);
+                goto cleanup;
+        case certOtherName:
+                PKIX_NULLCHECK_TWO(firstName->OthName, secondName->OthName);
+                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
+                if (SECITEM_CompareItem(&firstName->OthName->oid,
+                                        &secondName->OthName->oid)
+                    != SECEqual ||
+                    SECITEM_CompareItem(&firstName->OthName->name,
+                                        &secondName->OthName->name)
+                    != SECEqual) {
+                        goto cleanup;
+                }
+                break;
+        case certDirectoryName:
+                PKIX_CHECK(PKIX_PL_Object_Equals
+                            ((PKIX_PL_Object *)firstName->directoryName,
+                            (PKIX_PL_Object *)secondName->directoryName,
+                            pResult,
+                            plContext),
+                            PKIX_X500NAMEEQUALSFAILED);
+                goto cleanup;
+        }
+
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_GeneralName_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_GENERALNAME_TYPE and related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_GeneralName_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(GENERALNAME, "pkix_pl_GeneralName_RegisterSelf");
+
+        entry.description = "GeneralName";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_GeneralName);
+        entry.destructor = pkix_pl_GeneralName_Destroy;
+        entry.equalsFunction = pkix_pl_GeneralName_Equals;
+        entry.hashcodeFunction = pkix_pl_GeneralName_Hashcode;
+        entry.toStringFunction = pkix_pl_GeneralName_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_GENERALNAME_TYPE] = entry;
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+#ifdef BUILD_LIBPKIX_TESTS
+/*
+ * FUNCTION: PKIX_PL_GeneralName_Create (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_GeneralName_Create(
+        PKIX_UInt32 nameType,
+        PKIX_PL_String *stringRep,
+        PKIX_PL_GeneralName **pGName,
+        void *plContext)
+{
+        PKIX_PL_X500Name *pkixDN = NULL;
+        PKIX_PL_OID *pkixOID = NULL;
+        SECItem *secItem = NULL;
+        char *asciiString = NULL;
+        PKIX_UInt32 length = 0;
+        PKIX_PL_GeneralName *genName = NULL;
+        CERTGeneralName *nssGenName = NULL;
+        CERTGeneralNameList *nssGenNameList = NULL;
+        CERTName *nssCertName = NULL;
+        PLArenaPool *arena = NULL;
+
+        PKIX_ENTER(GENERALNAME, "PKIX_PL_GeneralName_Create");
+        PKIX_NULLCHECK_TWO(pGName, stringRep);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (stringRep,
+                    PKIX_ESCASCII,
+                    (void **)&asciiString,
+                    &length,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+        /* Create a temporary CERTGeneralName */
+        PKIX_GENERALNAME_DEBUG("\t\tCalling PL_strlen).\n");
+        length = PL_strlen(asciiString);
+        PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_AllocItem).\n");
+        secItem = SECITEM_AllocItem(NULL, NULL, length);
+        PKIX_GENERALNAME_DEBUG("\t\tCalling PORT_Memcpy).\n");
+        (void) PORT_Memcpy(secItem->data, asciiString, length);
+        PKIX_CERT_DEBUG("\t\tCalling PORT_NewArena).\n");
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena == NULL) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+        PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_NewGeneralName).\n");
+        nssGenName = CERT_NewGeneralName(arena, nameType);
+        if (nssGenName == NULL) {
+                PKIX_ERROR(PKIX_ALLOCATENEWCERTGENERALNAMEFAILED);
+        }
+
+        switch (nameType) {
+        case certRFC822Name:
+        case certDNSName:
+        case certURI:
+                nssGenName->name.other = *secItem;
+                break;
+
+        case certDirectoryName:
+
+                PKIX_CHECK(PKIX_PL_X500Name_Create
+                            (stringRep, &pkixDN, plContext),
+                            PKIX_X500NAMECREATEFAILED);
+
+                PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_AsciiToName).\n");
+                nssCertName = CERT_AsciiToName(asciiString);
+                nssGenName->name.directoryName = *nssCertName;
+                break;
+
+        case certRegisterID:
+                PKIX_CHECK(PKIX_PL_OID_Create
+                            (asciiString, &pkixOID, plContext),
+                            PKIX_OIDCREATEFAILED);
+                nssGenName->name.other = *secItem;
+                break;
+        default:
+                /* including IPAddress, EDIPartyName, OtherName, X400Address */
+                PKIX_ERROR(PKIX_UNABLETOCREATEGENERALNAMEOFTHISTYPE);
+        }
+
+        /* create a PKIX_PL_GeneralName object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_GENERALNAME_TYPE,
+                    sizeof (PKIX_PL_GeneralName),
+                    (PKIX_PL_Object **)&genName,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        /* create a CERTGeneralNameList */
+        nssGenName->type = nameType;
+        PKIX_GENERALNAME_DEBUG("\t\tCalling CERT_CreateGeneralNameList).\n");
+        nssGenNameList = CERT_CreateGeneralNameList(nssGenName);
+        if (nssGenNameList == NULL) {
+                PKIX_ERROR(PKIX_CERTCREATEGENERALNAMELISTFAILED);
+        }
+        genName->nssGeneralNameList = nssGenNameList;
+
+        /* initialize fields */
+        genName->type = nameType;
+        genName->directoryName = pkixDN;
+        genName->OthName = NULL;
+        genName->other = secItem;
+        genName->oid = pkixOID;
+
+        *pGName = genName;
+cleanup:
+
+        PKIX_FREE(asciiString);
+
+        if (nssCertName != NULL) {
+                PKIX_CERT_DEBUG("\t\tCalling CERT_DestroyName).\n");
+                CERT_DestroyName(nssCertName);
+        }
+
+        if (arena){ /* will free nssGenName */
+                PKIX_CERT_DEBUG("\t\tCalling PORT_FreeArena).\n");
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(pkixDN);
+                PKIX_DECREF(pkixOID);
+
+                PKIX_GENERALNAME_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
+                if (secItem){
+                        SECITEM_FreeItem(secItem, PR_TRUE);
+                        secItem = NULL;
+                }
+        }
+
+        PKIX_RETURN(GENERALNAME);
+}
+
+#endif /* BUILD_LIBPKIX_TESTS */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h
new file mode 100644
index 0000000..3cb5264
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_generalname.h
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_generalname.h
+ *
+ * GeneralName Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_GENERALNAME_H
+#define _PKIX_PL_GENERALNAME_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_GeneralNameStruct{
+        CERTGeneralNameList *nssGeneralNameList;
+        CERTGeneralNameType type;
+        PKIX_PL_X500Name *directoryName;
+        PKIX_PL_OID *oid;
+        OtherName *OthName;
+        SECItem *other;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_GeneralName_Create(
+        CERTGeneralName *nssAltName,
+        PKIX_PL_GeneralName **pGenName,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_GeneralName_GetNssGeneralName(
+        PKIX_PL_GeneralName *genName,
+        CERTGeneralName **pNssGenName,
+        void *plContext);
+
+PKIX_Error *pkix_pl_GeneralName_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_GENERALNAME_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
new file mode 100644
index 0000000..9fa8e92
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
@@ -0,0 +1,874 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_infoaccess.c
+ *
+ * InfoAccess Object Definitions
+ *
+ */
+
+#include "pkix_pl_infoaccess.h"
+
+/* --Private-InfoAccess-Functions----------------------------------*/
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_Create
+ * DESCRIPTION:
+ *
+ *  This function creates an InfoAccess from the method provided in "method" and
+ *  the GeneralName provided in "generalName" and stores the result at
+ *  "pInfoAccess".
+ *
+ * PARAMETERS
+ *  "method"
+ *      The UInt32 value to be stored as the method field of the InfoAccess.
+ *  "generalName"
+ *      The GeneralName to be stored as the generalName field of the InfoAccess.
+ *      Must be non-NULL.
+ *  "pInfoAccess"
+ *      Address where the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_InfoAccess_Create(
+        PKIX_UInt32 method,
+        PKIX_PL_GeneralName *generalName,
+        PKIX_PL_InfoAccess **pInfoAccess,
+        void *plContext)
+{
+
+        PKIX_PL_InfoAccess *infoAccess = NULL;
+
+        PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Create");
+        PKIX_NULLCHECK_TWO(generalName, pInfoAccess);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_INFOACCESS_TYPE,
+                sizeof (PKIX_PL_InfoAccess),
+                (PKIX_PL_Object **)&infoAccess,
+                plContext),
+                PKIX_COULDNOTCREATEINFOACCESSOBJECT);
+
+        infoAccess->method = method;
+
+        PKIX_INCREF(generalName);
+        infoAccess->location = generalName;
+
+        *pInfoAccess = infoAccess;
+        infoAccess = NULL;
+
+cleanup:
+        PKIX_DECREF(infoAccess);
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_pki.h)
+ */
+static PKIX_Error *
+pkix_pl_InfoAccess_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_InfoAccess *infoAccess = NULL;
+
+        PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_INFOACCESS_TYPE, plContext),
+                PKIX_OBJECTNOTANINFOACCESS);
+
+        infoAccess = (PKIX_PL_InfoAccess *)object;
+
+        PKIX_DECREF(infoAccess->location);
+
+cleanup:
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_pki.h)
+ */
+static PKIX_Error *
+pkix_pl_InfoAccess_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_InfoAccess *infoAccess;
+        PKIX_PL_String *infoAccessString = NULL;
+        char *asciiFormat = NULL;
+        char *asciiMethod = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *methodString = NULL;
+        PKIX_PL_String *locationString = NULL;
+
+        PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_INFOACCESS_TYPE, plContext),
+                    PKIX_OBJECTNOTINFOACCESS);
+
+        infoAccess = (PKIX_PL_InfoAccess *)object;
+
+        asciiFormat =
+                "["
+                "method:%s, "
+                "location:%s"
+                "]";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        switch(infoAccess->method) {
+            case PKIX_INFOACCESS_CA_ISSUERS:
+                    asciiMethod = "caIssuers";
+                    break;
+            case PKIX_INFOACCESS_OCSP:
+                    asciiMethod = "ocsp";
+                    break;
+            case PKIX_INFOACCESS_TIMESTAMPING:
+                    asciiMethod = "timestamping";
+                    break;
+            case PKIX_INFOACCESS_CA_REPOSITORY:
+                    asciiMethod = "caRepository";
+                    break;
+            default:
+                    asciiMethod = "unknown";
+        }
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiMethod,
+                    0,
+                    &methodString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_TOSTRING(infoAccess->location, &locationString, plContext,
+                    PKIX_GENERALNAMETOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&infoAccessString,
+                    plContext,
+                    formatString,
+                    methodString,
+                    locationString),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = infoAccessString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(methodString);
+        PKIX_DECREF(locationString);
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_pki.h)
+ */
+static PKIX_Error *
+pkix_pl_InfoAccess_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_InfoAccess *infoAccess = NULL;
+        PKIX_UInt32 infoAccessHash;
+
+        PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_INFOACCESS_TYPE, plContext),
+                    PKIX_OBJECTNOTINFOACCESS);
+
+        infoAccess = (PKIX_PL_InfoAccess *)object;
+
+        PKIX_HASHCODE(infoAccess->location, &infoAccessHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        infoAccessHash += (infoAccess->method << 7);
+
+        *pHashcode = infoAccessHash;
+
+cleanup:
+
+        PKIX_RETURN(INFOACCESS);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_pki.h)
+ */
+static PKIX_Error *
+pkix_pl_InfoAccess_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_InfoAccess *firstInfoAccess = NULL;
+        PKIX_PL_InfoAccess *secondInfoAccess = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult;
+
+        PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a InfoAccess */
+        PKIX_CHECK(pkix_CheckType
+                (firstObject, PKIX_INFOACCESS_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTINFOACCESS);
+
+        /*
+         * Since we know firstObject is a InfoAccess, if both references are
+         * identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a InfoAccess, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_INFOACCESS_TYPE) goto cleanup;
+
+        firstInfoAccess = (PKIX_PL_InfoAccess *)firstObject;
+        secondInfoAccess = (PKIX_PL_InfoAccess *)secondObject;
+
+        *pResult = PKIX_FALSE;
+
+        if (firstInfoAccess->method != secondInfoAccess->method) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS(firstInfoAccess, secondInfoAccess, &cmpResult, plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        *pResult = cmpResult;
+
+cleanup:
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_INFOACCESS_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_InfoAccess_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(INFOACCESS,
+                "pkix_pl_InfoAccess_RegisterSelf");
+
+        entry.description = "InfoAccess";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_InfoAccess);
+        entry.destructor = pkix_pl_InfoAccess_Destroy;
+        entry.equalsFunction = pkix_pl_InfoAccess_Equals;
+        entry.hashcodeFunction = pkix_pl_InfoAccess_Hashcode;
+        entry.toStringFunction = pkix_pl_InfoAccess_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_INFOACCESS_TYPE] = entry;
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_CreateList
+ * DESCRIPTION:
+ *
+ *  Based on data in CERTAuthInfoAccess array "nssInfoAccess", this function
+ *  creates and returns a PKIX_List of PKIX_PL_InfoAccess at "pInfoAccessList".
+ *
+ * PARAMETERS
+ *  "nssInfoAccess"
+ *      The pointer array of CERTAuthInfoAccess that contains access data.
+ *      May be NULL.
+ *  "pInfoAccessList"
+ *      Address where a list of PKIX_PL_InfoAccess is returned.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_InfoAccess_CreateList(
+        CERTAuthInfoAccess **nssInfoAccess,
+        PKIX_List **pInfoAccessList, /* of PKIX_PL_InfoAccess */
+        void *plContext)
+{
+        PKIX_List *infoAccessList = NULL;
+        PKIX_PL_InfoAccess *infoAccess = NULL;
+        PKIX_PL_GeneralName *location = NULL;
+        PKIX_UInt32 method;
+        int i;
+
+        PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_CreateList");
+        PKIX_NULLCHECK_ONE(pInfoAccessList);
+
+        PKIX_CHECK(PKIX_List_Create(&infoAccessList, plContext),
+                PKIX_LISTCREATEFAILED);
+
+        if (nssInfoAccess == NULL) {
+                goto cleanup;
+        }
+
+        for (i = 0; nssInfoAccess[i] != NULL; i++) {
+
+                if (nssInfoAccess[i]->location == NULL) {
+                    continue;
+                }
+
+                PKIX_CHECK(pkix_pl_GeneralName_Create
+                        (nssInfoAccess[i]->location, &location, plContext),
+                        PKIX_GENERALNAMECREATEFAILED);
+
+                PKIX_CERT_DEBUG("\t\tCalling SECOID_FindOIDTag).\n");
+                method = SECOID_FindOIDTag(&nssInfoAccess[i]->method);
+                /* Map NSS access method value into PKIX constant */
+                switch(method) {
+                        case SEC_OID_PKIX_CA_ISSUERS:
+                                method = PKIX_INFOACCESS_CA_ISSUERS;
+                                break;
+                        case SEC_OID_PKIX_OCSP:
+                                method = PKIX_INFOACCESS_OCSP;
+                                break;
+                        case SEC_OID_PKIX_TIMESTAMPING:
+                                method = PKIX_INFOACCESS_TIMESTAMPING;
+                                break;
+                        case SEC_OID_PKIX_CA_REPOSITORY:
+                                method = PKIX_INFOACCESS_CA_REPOSITORY;
+                                break;
+                        default:
+                                PKIX_ERROR(PKIX_UNKNOWNINFOACCESSMETHOD);
+                }
+
+                PKIX_CHECK(pkix_pl_InfoAccess_Create
+                        (method, location, &infoAccess, plContext),
+                        PKIX_INFOACCESSCREATEFAILED);
+
+                PKIX_CHECK(PKIX_List_AppendItem
+                            (infoAccessList,
+                            (PKIX_PL_Object *)infoAccess,
+                            plContext),
+                            PKIX_LISTAPPENDITEMFAILED);
+                PKIX_DECREF(infoAccess);
+                PKIX_DECREF(location);
+        }
+
+        *pInfoAccessList = infoAccessList;
+        infoAccessList = NULL;
+
+cleanup:
+
+        PKIX_DECREF(infoAccessList);
+        PKIX_DECREF(infoAccess);
+        PKIX_DECREF(location);
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_InfoAccess_GetMethod (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_InfoAccess_GetMethod(
+        PKIX_PL_InfoAccess *infoAccess,
+        PKIX_UInt32 *pMethod,
+        void *plContext)
+{
+        PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_GetMethod");
+        PKIX_NULLCHECK_TWO(infoAccess, pMethod);
+
+        *pMethod = infoAccess->method;
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+/*
+ * FUNCTION: PKIX_PL_InfoAccess_GetLocation (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_InfoAccess_GetLocation(
+        PKIX_PL_InfoAccess *infoAccess,
+        PKIX_PL_GeneralName **pLocation,
+        void *plContext)
+{
+        PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_GetLocation");
+        PKIX_NULLCHECK_TWO(infoAccess, pLocation);
+
+        PKIX_INCREF(infoAccess->location);
+
+        *pLocation = infoAccess->location;
+
+cleanup:
+        PKIX_RETURN(INFOACCESS);
+}
+
+/*
+ * FUNCTION: PKIX_PL_InfoAccess_GetLocationType (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_InfoAccess_GetLocationType(
+        PKIX_PL_InfoAccess *infoAccess,
+        PKIX_UInt32 *pType,
+        void *plContext)
+{
+        PKIX_PL_String *locationString = NULL;
+        PKIX_UInt32 type = PKIX_INFOACCESS_LOCATION_UNKNOWN;
+        PKIX_UInt32 len = 0;
+        void *location = NULL;
+
+        PKIX_ENTER(INFOACCESS, "PKIX_PL_InfoAccess_GetLocationType");
+        PKIX_NULLCHECK_TWO(infoAccess, pType);
+
+        if (infoAccess->location != NULL) {
+
+                PKIX_TOSTRING(infoAccess->location, &locationString, plContext,
+                    PKIX_GENERALNAMETOSTRINGFAILED);
+
+                PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (locationString, PKIX_ESCASCII, &location, &len, plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+                PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n");
+#ifndef NSS_PKIX_NO_LDAP
+                if (PORT_Strncmp(location, "ldap:", 5) == 0){
+                        type = PKIX_INFOACCESS_LOCATION_LDAP;
+                } else
+#endif
+                if (PORT_Strncmp(location, "http:", 5) == 0){
+                        type = PKIX_INFOACCESS_LOCATION_HTTP;
+                }
+        }
+
+        *pType = type;
+
+cleanup:
+
+        PKIX_PL_Free(location, plContext);
+        PKIX_DECREF(locationString);
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+#ifndef NSS_PKIX_NO_LDAP
+/*
+ * FUNCTION: pkix_pl_InfoAccess_ParseTokens
+ * DESCRIPTION:
+ *
+ *  This function parses the string beginning at "startPos" into tokens using
+ *  the separator contained in "separator" and the terminator contained in
+ *  "terminator", copying the tokens into space allocated from the arena
+ *  pointed to by "arena". It stores in "tokens" a null-terminated array of
+ *  pointers to those tokens.
+ *
+ * PARAMETERS
+ *  "arena"
+ *      Address of a PLArenaPool to be used in populating the LDAPLocation.
+ *      Must be non-NULL.
+ *  "startPos"
+ *      The address of char string that contains a subset of ldap location.
+ *  "tokens"
+ *      The address of an array of char string for storing returned tokens.
+ *      Must be non-NULL.
+ *  "separator"
+ *      The character that is taken as token separator. Must be non-NULL.
+ *  "terminator"
+ *      The character that is taken as parsing terminator. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an InfoAccess Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_InfoAccess_ParseTokens(
+        PLArenaPool *arena,
+        char **startPos, /* return update */
+        char ***tokens,
+        char separator,
+        char terminator,
+        void *plContext)
+{
+        PKIX_UInt32 numFilters = 0;
+        char *endPos = NULL;
+        char **filterP = NULL;
+
+        PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_ParseTokens");
+        PKIX_NULLCHECK_THREE(arena, startPos, tokens);
+
+        endPos = *startPos;
+
+        /* First pass: parse to <terminator> to count number of components */
+        numFilters = 0;
+        while (*endPos != terminator && *endPos != '\0') {
+                endPos++;
+                if (*endPos == separator) {
+                        numFilters++;
+                }
+        }
+
+        if (*endPos != terminator) {
+                PKIX_ERROR(PKIX_LOCATIONSTRINGNOTPROPERLYTERMINATED);
+        }
+
+        /* Last component doesn't need a separator, although we allow it */
+        if (endPos > *startPos && *(endPos-1) != separator) {
+                numFilters++;
+        }
+
+        /*
+         * If string is a=xx, b=yy, c=zz, etc., use a=xx for filter,
+         * and everything else for the base
+         */
+        if (numFilters > 2) numFilters = 2;
+
+        filterP = PORT_ArenaZNewArray(arena, char*, numFilters+1);
+        if (filterP == NULL) {
+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+
+        /* Second pass: parse to fill in components in token array */
+        *tokens = filterP;
+        endPos = *startPos;
+
+        while (numFilters) {
+            if (*endPos == separator || *endPos == terminator) {
+                    PKIX_UInt32 len = endPos - *startPos;
+                    char *p = PORT_ArenaZAlloc(arena, len+1);
+                    if (p == NULL) {
+                        PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+                    }
+
+                    PORT_Memcpy(p, *startPos, len);
+                    p[len] = '\0';
+
+                    *filterP = p;
+                    filterP++;
+                    numFilters--;
+
+                    separator = terminator;
+
+                    if (*endPos == '\0') {
+                        *startPos = endPos;
+                        break;
+                    } else {
+                        endPos++;
+                        *startPos = endPos;
+                        continue;
+                    }
+            }
+            endPos++;
+        }
+
+        *filterP = NULL;
+
+cleanup:
+
+        PKIX_RETURN(INFOACCESS);
+}
+
+static int
+pkix_pl_HexDigitToInt(
+        int ch)
+{
+        if (isdigit(ch)) {
+                ch = ch - '0';
+        } else if (isupper(ch)) {
+                ch = ch - 'A' + 10;
+        } else {
+                ch = ch - 'a' + 10;
+        }
+        return ch;
+}
+
+/*
+ * Convert the "%" hex hex escape sequences in the URL 'location' in place.
+ */
+static void
+pkix_pl_UnescapeURL(
+        char *location)
+{
+        const char *src;
+        char *dst;
+
+        for (src = dst = location; *src != '\0'; src++, dst++) {
+                if (*src == '%' && isxdigit((unsigned char)*(src+1)) &&
+                    isxdigit((unsigned char)*(src+2))) {
+                        *dst = pkix_pl_HexDigitToInt((unsigned char)*(src+1));
+                        *dst *= 16;
+                        *dst += pkix_pl_HexDigitToInt((unsigned char)*(src+2));
+                        src += 2;
+                } else {
+                        *dst = *src;
+                }
+        }
+        *dst = *src;  /* the terminating null */
+}
+
+/*
+ * FUNCTION: pkix_pl_InfoAccess_ParseLocation
+ * DESCRIPTION:
+ *
+ *  This function parses the GeneralName pointed to by "generalName" into the
+ *  fields of the LDAPRequestParams pointed to by "request" and a domainName
+ *  pointed to by "pDomainName", using the PLArenaPool pointed to by "arena" to
+ *  allocate storage for the request components and for the domainName string.
+ *
+ *  The expected GeneralName string should be in the format described by the
+ *  following BNF:
+ *
+ *  ldap://<ldap-server-site>/[cn=<cname>][,o=<org>][,c=<country>]?
+ *  [caCertificate|crossCertificatPair|certificateRevocationList];
+ *  [binary|<other-type>]
+ *  [[,caCertificate|crossCertificatPair|certificateRevocationList]
+ *   [binary|<other-type>]]*
+ *
+ * PARAMETERS
+ *  "generalName"
+ *      Address of the GeneralName whose LDAPLocation is to be parsed. Must be
+ *      non-NULL.
+ *  "arena"
+ *      Address of PLArenaPool to be used for the domainName and for components
+ *      of the LDAPRequest. Must be non-NULL.
+ *  "request"
+ *      Address of the LDAPRequestParams into which request components are
+ *      stored. Must be non-NULL.
+ *  *pDomainName"
+ *      Address at which the domainName is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an InfoAccess Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_InfoAccess_ParseLocation(
+        PKIX_PL_GeneralName *generalName,
+        PLArenaPool *arena,
+        LDAPRequestParams *request,
+        char **pDomainName,
+        void *plContext)
+{
+        PKIX_PL_String *locationString = NULL;
+        PKIX_UInt32 len = 0;
+        PKIX_UInt32 ncIndex = 0;
+        char *domainName = NULL;
+        char **avaArray = NULL;
+        char **attrArray = NULL;
+        char *attr = NULL;
+        char *locationAscii = NULL;
+        char *startPos = NULL;
+        char *endPos = NULL;
+        char *avaPtr = NULL;
+        LdapAttrMask attrBit = 0;
+        LDAPNameComponent **setOfNameComponent = NULL;
+        LDAPNameComponent *nameComponent = NULL;
+
+        PKIX_ENTER(INFOACCESS, "pkix_pl_InfoAccess_ParseLocation");
+        PKIX_NULLCHECK_FOUR(generalName, arena, request, pDomainName);
+
+        PKIX_TOSTRING(generalName, &locationString, plContext,
+                PKIX_GENERALNAMETOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                (locationString,
+                PKIX_ESCASCII,
+                (void **)&locationAscii,
+                &len,
+                plContext),
+                PKIX_STRINGGETENCODEDFAILED);
+
+        pkix_pl_UnescapeURL(locationAscii);
+
+        /* Skip "ldap:" */
+        endPos = locationAscii;
+        while (*endPos != ':' && *endPos != '\0') {
+                endPos++;
+        }
+        if (*endPos == '\0') {
+                PKIX_ERROR(PKIX_GENERALNAMESTRINGMISSINGLOCATIONTYPE);
+        }
+
+        /* Skip "//" */
+        endPos++;
+        if (*endPos != '\0' && *(endPos+1) != '0' &&
+            *endPos == '/' && *(endPos+1) == '/') {
+                endPos += 2;
+        } else {
+                PKIX_ERROR(PKIX_GENERALNAMESTRINGMISSINGDOUBLESLASH);
+        }
+
+        /* Get the server-site */
+        startPos = endPos;
+        while(*endPos != '/' && *(endPos) != '\0') {
+                endPos++;
+        }
+        if (*endPos == '\0') {
+                PKIX_ERROR(PKIX_GENERALNAMESTRINGMISSINGSERVERSITE);
+        }
+
+        len = endPos - startPos;
+        endPos++;
+
+        domainName = PORT_ArenaZAlloc(arena, len + 1);
+        if (!domainName) {
+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+
+        PORT_Memcpy(domainName, startPos, len);
+
+        domainName[len] = '\0';
+
+        *pDomainName = domainName;
+
+        /*
+         * Get a list of AttrValueAssertions (such as 
+         * "cn=CommonName, o=Organization, c=US" into a null-terminated array
+         */
+        startPos = endPos;
+        PKIX_CHECK(pkix_pl_InfoAccess_ParseTokens
+                (arena,
+                &startPos,
+                (char ***) &avaArray,
+                ',',
+                '?',
+                plContext),
+                PKIX_INFOACCESSPARSETOKENSFAILED);
+
+        /* Count how many AVAs we have */
+        for (len = 0; avaArray[len] != NULL; len++) {}
+
+        if (len < 2) {
+                PKIX_ERROR(PKIX_NOTENOUGHNAMECOMPONENTSINGENERALNAME);
+        }
+
+        /* Use last name component for baseObject */
+        request->baseObject = avaArray[len - 1];
+
+        /* Use only one component for filter. LDAP servers aren't too smart. */
+        len = 2;   /* Eliminate this when servers get smarter. */
+
+        avaArray[len - 1] = NULL;
+
+        /* Get room for null-terminated array of (LdapNameComponent *) */
+        setOfNameComponent = PORT_ArenaZNewArray(arena, LDAPNameComponent *, len);
+        if (setOfNameComponent == NULL) {
+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+
+        /* Get room for the remaining LdapNameComponents */
+        nameComponent = PORT_ArenaZNewArray(arena, LDAPNameComponent, --len);
+        if (nameComponent == NULL) {
+            PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+
+        /* Convert remaining AVAs to LDAPNameComponents */
+        for (ncIndex = 0; ncIndex < len; ncIndex ++) {
+                setOfNameComponent[ncIndex] = nameComponent;
+                avaPtr = avaArray[ncIndex];
+                nameComponent->attrType = (unsigned char *)avaPtr;
+                while ((*avaPtr != '=') && (*avaPtr != '\0')) {
+                        avaPtr++;
+                        if (*avaPtr == '\0') {
+                                PKIX_ERROR(PKIX_NAMECOMPONENTWITHNOEQ);
+                        }
+                }
+                *(avaPtr++) = '\0';
+                nameComponent->attrValue = (unsigned char *)avaPtr;
+                nameComponent++;
+        }
+
+        setOfNameComponent[len] = NULL;
+        request->nc = setOfNameComponent;
+                
+        /*
+         * Get a list of AttrTypes (such as 
+         * "caCertificate;binary, crossCertificatePair;binary") into
+         * a null-terminated array
+         */
+
+        PKIX_CHECK(pkix_pl_InfoAccess_ParseTokens
+                (arena,
+                (char **) &startPos,
+                (char ***) &attrArray,
+                ',',
+                '\0',
+                plContext),
+                PKIX_INFOACCESSPARSETOKENSFAILED);
+
+        /* Convert array of Attr Types into a bit mask */
+        request->attributes = 0;
+        attr = attrArray[0];
+        while (attr != NULL) {
+                PKIX_CHECK(pkix_pl_LdapRequest_AttrStringToBit
+                        (attr, &attrBit, plContext),
+                        PKIX_LDAPREQUESTATTRSTRINGTOBITFAILED);
+                request->attributes |= attrBit;
+                attr = *(++attrArray);
+        }
+
+cleanup:
+
+        PKIX_PL_Free(locationAscii, plContext);
+        PKIX_DECREF(locationString);
+
+        PKIX_RETURN(INFOACCESS);
+}
+#endif /* !NSS_PKIX_NO_LDAP */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
new file mode 100644
index 0000000..e69d7b4
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.h
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_infoaccess.h
+ *
+ * InfoAccess Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_INFOACCESS_H
+#define _PKIX_PL_INFOACCESS_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_InfoAccessStruct{
+        PKIX_UInt32 method;
+        PKIX_PL_GeneralName *location;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_InfoAccess_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_InfoAccess_CreateList(
+        CERTAuthInfoAccess **authInfoAccess,
+        PKIX_List **pAiaList, /* of PKIX_PL_InfoAccess */
+        void *plContext);
+
+#ifndef NSS_PKIX_NO_LDAP
+PKIX_Error *
+pkix_pl_InfoAccess_ParseLocation(
+        PKIX_PL_GeneralName *generalName,
+        PLArenaPool *arena,
+        LDAPRequestParams *request,
+        char **pDomainName,
+        void *plContext);
+#endif /* !NSS_PKIX_NO_LDAP */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_INFOACCESS_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
new file mode 100644
index 0000000..affea87
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.c
@@ -0,0 +1,1274 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_nameconstraints.c
+ *
+ * Name Constraints Object Functions Definitions
+ *
+ */
+
+#include "pkix_pl_nameconstraints.h"
+
+
+/* --Private-NameConstraints-Functions----------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_GetPermitted
+ * DESCRIPTION:
+ *
+ *  This function retrieve name constraints permitted list from NSS
+ *  data in "nameConstraints" and returns a PKIX_PL_GeneralName list
+ *  in "pPermittedList".
+ *
+ * PARAMETERS
+ *  "nameConstraints"
+ *      Address of CertNameConstraints which has a pointer to
+ *      CERTNameConstraints data. Must be non-NULL.
+ *  "pPermittedList"
+ *      Address where returned permitted name list is stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a
+ *  non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_GetPermitted(
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_List **pPermittedList,
+        void *plContext)
+{
+        CERTNameConstraints *nssNameConstraints = NULL;
+        CERTNameConstraints **nssNameConstraintsList = NULL;
+        CERTNameConstraint *nssPermitted = NULL;
+        CERTNameConstraint *firstPermitted = NULL;
+        PKIX_List *permittedList = NULL;
+        PKIX_PL_GeneralName *name = NULL;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                "pkix_pl_CertNameConstraints_GetPermitted");
+        PKIX_NULLCHECK_TWO(nameConstraints, pPermittedList);
+
+        /*
+         * nssNameConstraints is an array of CERTNameConstraints
+         * pointers where CERTNameConstraints keep its permitted and excluded
+         * lists as pointer array of CERTNameConstraint.
+         */
+
+        if (nameConstraints->permittedList == NULL) {
+
+            PKIX_OBJECT_LOCK(nameConstraints);
+
+            if (nameConstraints->permittedList == NULL) {
+
+                PKIX_CHECK(PKIX_List_Create(&permittedList, plContext),
+                        PKIX_LISTCREATEFAILED);
+
+                numItems = nameConstraints->numNssNameConstraints;
+                nssNameConstraintsList =
+                        nameConstraints->nssNameConstraintsList;
+
+                for (i = 0; i < numItems; i++) {
+
+                    PKIX_NULLCHECK_ONE(nssNameConstraintsList);
+                    nssNameConstraints = *(nssNameConstraintsList + i);
+                    PKIX_NULLCHECK_ONE(nssNameConstraints);
+
+                    if (nssNameConstraints->permited != NULL) {
+
+                        nssPermitted = nssNameConstraints->permited;
+                        firstPermitted = nssPermitted;
+
+                        do {
+
+                            PKIX_CHECK(pkix_pl_GeneralName_Create
+                                (&nssPermitted->name, &name, plContext),
+                                PKIX_GENERALNAMECREATEFAILED);
+
+                            PKIX_CHECK(PKIX_List_AppendItem
+                                (permittedList,
+                                (PKIX_PL_Object *)name,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+
+                            PKIX_DECREF(name);
+
+                            PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling CERT_GetNextNameConstraint\n");
+                            nssPermitted = CERT_GetNextNameConstraint
+                                (nssPermitted);
+
+                        } while (nssPermitted != firstPermitted);
+
+                    }
+                }
+
+                PKIX_CHECK(PKIX_List_SetImmutable(permittedList, plContext),
+                            PKIX_LISTSETIMMUTABLEFAILED);
+
+                nameConstraints->permittedList = permittedList;
+
+            }
+
+            PKIX_OBJECT_UNLOCK(nameConstraints);
+
+        }
+
+        PKIX_INCREF(nameConstraints->permittedList);
+
+        *pPermittedList = nameConstraints->permittedList;
+
+cleanup:
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_GetExcluded
+ * DESCRIPTION:
+ *
+ *  This function retrieve name constraints excluded list from NSS
+ *  data in "nameConstraints" and returns a PKIX_PL_GeneralName list
+ *  in "pExcludedList".
+ *
+ * PARAMETERS
+ *  "nameConstraints"
+ *      Address of CertNameConstraints which has a pointer to NSS data.
+ *      Must be non-NULL.
+ *  "pPermittedList"
+ *      Address where returned excluded name list is stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a
+ *  non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_GetExcluded(
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_List **pExcludedList,
+        void *plContext)
+{
+        CERTNameConstraints *nssNameConstraints = NULL;
+        CERTNameConstraints **nssNameConstraintsList = NULL;
+        CERTNameConstraint *nssExcluded = NULL;
+        CERTNameConstraint *firstExcluded = NULL;
+        PKIX_List *excludedList = NULL;
+        PKIX_PL_GeneralName *name = NULL;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                "pkix_pl_CertNameConstraints_GetExcluded");
+        PKIX_NULLCHECK_TWO(nameConstraints, pExcludedList);
+
+        if (nameConstraints->excludedList == NULL) {
+
+            PKIX_OBJECT_LOCK(nameConstraints);
+
+            if (nameConstraints->excludedList == NULL) {
+
+                PKIX_CHECK(PKIX_List_Create(&excludedList, plContext),
+                            PKIX_LISTCREATEFAILED);
+
+                numItems = nameConstraints->numNssNameConstraints;
+                nssNameConstraintsList =
+                        nameConstraints->nssNameConstraintsList;
+
+                for (i = 0; i < numItems; i++) {
+
+                    PKIX_NULLCHECK_ONE(nssNameConstraintsList);
+                    nssNameConstraints = *(nssNameConstraintsList + i);
+                    PKIX_NULLCHECK_ONE(nssNameConstraints);
+
+                    if (nssNameConstraints->excluded != NULL) {
+
+                        nssExcluded = nssNameConstraints->excluded;
+                        firstExcluded = nssExcluded;
+
+                        do {
+
+                            PKIX_CHECK(pkix_pl_GeneralName_Create
+                                (&nssExcluded->name, &name, plContext),
+                                PKIX_GENERALNAMECREATEFAILED);
+
+                            PKIX_CHECK(PKIX_List_AppendItem
+                                (excludedList,
+                                (PKIX_PL_Object *)name,
+                                plContext),
+                                PKIX_LISTAPPENDITEMFAILED);
+
+                            PKIX_DECREF(name);
+
+                            PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling CERT_GetNextNameConstraint\n");
+                            nssExcluded = CERT_GetNextNameConstraint
+                                (nssExcluded);
+
+                        } while (nssExcluded != firstExcluded);
+
+                    }
+
+                }
+                PKIX_CHECK(PKIX_List_SetImmutable(excludedList, plContext),
+                            PKIX_LISTSETIMMUTABLEFAILED);
+
+                nameConstraints->excludedList = excludedList;
+
+            }
+
+            PKIX_OBJECT_UNLOCK(nameConstraints);
+        }
+
+        PKIX_INCREF(nameConstraints->excludedList);
+
+        *pExcludedList = nameConstraints->excludedList;
+
+cleanup:
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_CheckNameSpaceNssNames
+ * DESCRIPTION:
+ *
+ *  This function checks if CERTGeneralNames in "nssSubjectNames" comply
+ *  with the permitted and excluded names in "nameConstraints". It returns
+ *  PKIX_TRUE in "pCheckPass", if the Names satify the name space of the
+ *  permitted list and if the Names are not in the excluded list. Otherwise,
+ *  it returns PKIX_FALSE.
+ *
+ * PARAMETERS
+ *  "nssSubjectNames"
+ *      List of CERTGeneralName that nameConstraints verification is based on.
+ *  "nameConstraints"
+ *      Address of CertNameConstraints that provides lists of permitted
+ *      and excluded names. Must be non-NULL.
+ *  "pCheckPass"
+ *      Address where PKIX_TRUE is returned if the all names in "nameList" are
+ *      valid.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a
+ *  non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CertNameConstraints_CheckNameSpaceNssNames(
+        CERTGeneralName *nssSubjectNames,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean *pCheckPass,
+        void *plContext)
+{
+        CERTNameConstraints **nssNameConstraintsList = NULL;
+        CERTNameConstraints *nssNameConstraints = NULL;
+        CERTGeneralName *nssMatchName = NULL;
+        PLArenaPool *arena = NULL;
+        PKIX_UInt32 numItems = 0;
+        PKIX_UInt32 i;
+        SECStatus status = SECSuccess;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                "pkix_pl_CertNameConstraints_CheckNameSpaceNssNames");
+        PKIX_NULLCHECK_THREE(nssSubjectNames, nameConstraints, pCheckPass);
+
+        *pCheckPass = PKIX_TRUE;
+
+        PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena\n");
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena == NULL) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        nssMatchName = nssSubjectNames;
+        nssNameConstraintsList = nameConstraints->nssNameConstraintsList;
+
+        /*
+         * CERTNameConstraint items in each permitted or excluded list
+         * is verified as OR condition. That means, if one item matched,
+         * then the checking on the remaining items on the list is skipped.
+         * (see NSS cert_CompareNameWithConstraints(...)).
+         * Items on PKIX_PL_NameConstraint's nssNameConstraints are verified
+         * as AND condition. PKIX_PL_NameConstraint keeps an array of pointers
+         * of CERTNameConstraints resulting from merging multiple
+         * PKIX_PL_NameConstraints. Since each CERTNameConstraint are created
+         * for different entity, a union condition of these entities then is
+         * performed.
+         */
+
+        do {
+
+            numItems = nameConstraints->numNssNameConstraints;
+
+            for (i = 0; i < numItems; i++) {
+
+                PKIX_NULLCHECK_ONE(nssNameConstraintsList);
+                nssNameConstraints = *(nssNameConstraintsList + i);
+                PKIX_NULLCHECK_ONE(nssNameConstraints);
+
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling CERT_CheckNameSpace\n");
+                status = CERT_CheckNameSpace
+                        (arena, nssNameConstraints, nssMatchName);
+                if (status != SECSuccess) {
+                        break;
+                }
+
+            }
+
+            if (status != SECSuccess) {
+                    break;
+            }
+
+            PKIX_CERTNAMECONSTRAINTS_DEBUG
+                    ("\t\tCalling CERT_GetNextGeneralName\n");
+            nssMatchName = CERT_GetNextGeneralName(nssMatchName);
+
+        } while (nssMatchName != nssSubjectNames);
+
+        if (status == SECFailure) {
+
+                *pCheckPass = PKIX_FALSE;
+        }
+
+cleanup:
+
+        if (arena){
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling PORT_FreeArena).\n");
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_NameConstraints_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType
+                (object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
+                PKIX_OBJECTNOTCERTNAMECONSTRAINTS);
+
+        nameConstraints = (PKIX_PL_CertNameConstraints *)object;
+
+        PKIX_CHECK(PKIX_PL_Free
+                    (nameConstraints->nssNameConstraintsList, plContext),
+                    PKIX_FREEFAILED);
+
+        if (nameConstraints->arena){
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling PORT_FreeArena).\n");
+                PORT_FreeArena(nameConstraints->arena, PR_FALSE);
+                nameConstraints->arena = NULL;
+        }
+
+        PKIX_DECREF(nameConstraints->permittedList);
+        PKIX_DECREF(nameConstraints->excludedList);
+
+cleanup:
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of the object
+ *  NameConstraints and stores it at "pString".
+ *
+ * PARAMETERS
+ *  "nameConstraints"
+ *      Address of CertNameConstraints whose string representation is
+ *      desired. Must be non-NULL.
+ *  "pString"
+ *      Address where string object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a
+ *  non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_ToString_Helper(
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        char *asciiFormat = NULL;
+        PKIX_PL_String *formatString = NULL;
+        PKIX_List *permittedList = NULL;
+        PKIX_List *excludedList = NULL;
+        PKIX_PL_String *permittedListString = NULL;
+        PKIX_PL_String *excludedListString = NULL;
+        PKIX_PL_String *nameConstraintsString = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                    "pkix_pl_CertNameConstraints_ToString_Helper");
+        PKIX_NULLCHECK_TWO(nameConstraints, pString);
+
+        asciiFormat =
+                "[\n"
+                "\t\tPermitted Name:  %s\n"
+                "\t\tExcluded Name:   %s\n"
+                "\t]\n";
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    asciiFormat,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
+                    (nameConstraints, &permittedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
+
+        PKIX_TOSTRING(permittedList, &permittedListString, plContext,
+                    PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
+                    (nameConstraints, &excludedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
+
+        PKIX_TOSTRING(excludedList, &excludedListString, plContext,
+                    PKIX_LISTTOSTRINGFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (&nameConstraintsString,
+                    plContext,
+                    formatString,
+                    permittedListString,
+                    excludedListString),
+                    PKIX_SPRINTFFAILED);
+
+        *pString = nameConstraintsString;
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(permittedList);
+        PKIX_DECREF(excludedList);
+        PKIX_DECREF(permittedListString);
+        PKIX_DECREF(excludedListString);
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *nameConstraintsString = NULL;
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(
+                    object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTNAMECONSTRAINTS);
+
+        nameConstraints = (PKIX_PL_CertNameConstraints *)object;
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_ToString_Helper
+                    (nameConstraints, &nameConstraintsString, plContext),
+                    PKIX_CERTNAMECONSTRAINTSTOSTRINGHELPERFAILED);
+
+        *pString = nameConstraintsString;
+
+cleanup:
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        PKIX_List *permittedList = NULL;
+        PKIX_List *excludedList = NULL;
+        PKIX_UInt32 permitHash = 0;
+        PKIX_UInt32 excludeHash = 0;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType
+                    (object, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
+                    PKIX_OBJECTNOTCERTNAMECONSTRAINTS);
+
+        nameConstraints = (PKIX_PL_CertNameConstraints *)object;
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
+                    (nameConstraints, &permittedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
+
+        PKIX_HASHCODE(permittedList, &permitHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
+                    (nameConstraints, &excludedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
+
+        PKIX_HASHCODE(excludedList, &excludeHash, plContext,
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        *pHashcode = (((permitHash << 7) + excludeHash) << 7) +
+                nameConstraints->numNssNameConstraints;
+
+cleanup:
+
+        PKIX_DECREF(permittedList);
+        PKIX_DECREF(excludedList);
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *firstNC = NULL;
+        PKIX_PL_CertNameConstraints *secondNC = NULL;
+        PKIX_List *firstPermittedList = NULL;
+        PKIX_List *secondPermittedList = NULL;
+        PKIX_List *firstExcludedList = NULL;
+        PKIX_List *secondExcludedList = NULL;
+        PKIX_UInt32 secondType;
+        PKIX_Boolean cmpResult = PKIX_FALSE;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a CertNameConstraints */
+        PKIX_CHECK(pkix_CheckType
+                (firstObject, PKIX_CERTNAMECONSTRAINTS_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTCERTNAMECONSTRAINTS);
+
+        firstNC = (PKIX_PL_CertNameConstraints *)firstObject;
+        secondNC = (PKIX_PL_CertNameConstraints *)secondObject;
+
+        /*
+         * Since we know firstObject is a CertNameConstraints, if both
+         * references are identical, they must be equal
+         */
+        if (firstNC == secondNC){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondNC isn't a CertNameConstraints, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    ((PKIX_PL_Object *)secondNC, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        if (secondType != PKIX_CERTNAMECONSTRAINTS_TYPE) {
+                goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
+                    (firstNC, &firstPermittedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetPermitted
+                    (secondNC, &secondPermittedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETPERMITTEDFAILED);
+
+        PKIX_EQUALS
+                (firstPermittedList, secondPermittedList, &cmpResult, plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (cmpResult != PKIX_TRUE) {
+                goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
+                    (firstNC, &firstExcludedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_GetExcluded
+                    (secondNC, &secondExcludedList, plContext),
+                    PKIX_CERTNAMECONSTRAINTSGETEXCLUDEDFAILED);
+
+        PKIX_EQUALS
+                (firstExcludedList, secondExcludedList, &cmpResult, plContext,
+                PKIX_OBJECTEQUALSFAILED);
+
+        if (cmpResult != PKIX_TRUE) {
+                goto cleanup;
+        }
+
+        /*
+         * numNssNameConstraints is not checked because it is basically a
+         * merge count, it cannot determine the data equality.
+         */
+
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_DECREF(firstPermittedList);
+        PKIX_DECREF(secondPermittedList);
+        PKIX_DECREF(firstExcludedList);
+        PKIX_DECREF(secondExcludedList);
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_CERTNAMECONSTRAINTS_TYPE and its related functions with
+ *  systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_CertNameConstraints_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                    "pkix_pl_CertNameConstraints_RegisterSelf");
+
+        entry.description = "CertNameConstraints";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_CertNameConstraints);
+        entry.destructor = pkix_pl_CertNameConstraints_Destroy;
+        entry.equalsFunction = pkix_pl_CertNameConstraints_Equals;
+        entry.hashcodeFunction = pkix_pl_CertNameConstraints_Hashcode;
+        entry.toStringFunction = pkix_pl_CertNameConstraints_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_CERTNAMECONSTRAINTS_TYPE] = entry;
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_Create_Helper
+ *
+ * DESCRIPTION:
+ *  This function retrieves name constraints in "nssNameConstraints",
+ *  converts and stores the result in a PKIX_PL_CertNameConstraints object.
+ *
+ * PARAMETERS
+ *  "nssNameConstraints"
+ *      Address of CERTNameConstraints that contains this object's data.
+ *      Must be non-NULL.
+ *  "pNameConstraints"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *      A NULL value will be returned if there is no Name Constraints extension.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_Create_Helper(
+        CERTNameConstraints *nssNameConstraints,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        CERTNameConstraints **nssNameConstraintPtr = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                    "pkix_pl_CertNameConstraints_Create_Helper");
+        PKIX_NULLCHECK_TWO(nssNameConstraints, pNameConstraints);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_CERTNAMECONSTRAINTS_TYPE,
+                    sizeof (PKIX_PL_CertNameConstraints),
+                    (PKIX_PL_Object **)&nameConstraints,
+                    plContext),
+                    PKIX_COULDNOTCREATECERTNAMECONSTRAINTSOBJECT);
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (sizeof (CERTNameConstraint *),
+                    (void *)&nssNameConstraintPtr,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+        nameConstraints->numNssNameConstraints = 1;
+        nameConstraints->nssNameConstraintsList = nssNameConstraintPtr;
+        *nssNameConstraintPtr = nssNameConstraints;
+
+        nameConstraints->permittedList = NULL;
+        nameConstraints->excludedList = NULL;
+        nameConstraints->arena = NULL;
+
+        *pNameConstraints = nameConstraints;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(nameConstraints);
+        }
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_Create
+ *
+ * DESCRIPTION:
+ *  function that allocates and initialize the object CertNameConstraints.
+ *
+ * PARAMETERS
+ *  "nssCert"
+ *      Address of CERT that contains this object's data.
+ *      Must be non-NULL.
+ *  "pNameConstraints"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *      A NULL value will be returned if there is no Name Constraints extension.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CertNameConstraints_Create(
+        CERTCertificate *nssCert,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        CERTNameConstraints *nssNameConstraints = NULL;
+        PLArenaPool *arena = NULL;
+        SECStatus status;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Create");
+        PKIX_NULLCHECK_THREE(nssCert, pNameConstraints, nssCert->arena);
+
+        PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena).\n");
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena == NULL) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        PKIX_CERTNAMECONSTRAINTS_DEBUG
+                ("\t\tCalling CERT_FindNameConstraintsExten\n");
+        status = CERT_FindNameConstraintsExten
+                (arena, nssCert, &nssNameConstraints);
+
+        if (status != SECSuccess) {
+                PKIX_ERROR(PKIX_DECODINGCERTNAMECONSTRAINTSFAILED);
+        }
+
+        if (nssNameConstraints == NULL) {
+                *pNameConstraints = NULL;
+                if (arena){
+                        PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling PORT_FreeArena).\n");
+                        PORT_FreeArena(arena, PR_FALSE);
+                }
+                goto cleanup;
+        }
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_Create_Helper
+                    (nssNameConstraints, &nameConstraints, plContext),
+                    PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED);
+
+        nameConstraints->arena = arena;
+
+        *pNameConstraints = nameConstraints;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                if (arena){
+                        PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling PORT_FreeArena).\n");
+                        PORT_FreeArena(arena, PR_FALSE);
+                }
+        }
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_CreateByMerge
+ *
+ * DESCRIPTION:
+ *
+ *  This function allocates and creates a PKIX_PL_NameConstraint object
+ *  for merging. It also allocates CERTNameConstraints data space for the
+ *  merged NSS NameConstraints data.
+ *
+ * PARAMETERS
+ *  "pNameConstraints"
+ *      Address where object pointer will be stored and returned.
+ *      Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_CreateByMerge(
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        CERTNameConstraints *nssNameConstraints = NULL;
+        PLArenaPool *arena = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                    "pkix_pl_CertNameConstraints_CreateByMerge");
+        PKIX_NULLCHECK_ONE(pNameConstraints);
+
+        PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena).\n");
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena == NULL) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_ArenaZNew).\n");
+        nssNameConstraints = PORT_ArenaZNew(arena, CERTNameConstraints);
+        if (nssNameConstraints == NULL) {
+                PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+
+        nssNameConstraints->permited = NULL;
+        nssNameConstraints->excluded = NULL;
+        nssNameConstraints->DERPermited = NULL;
+        nssNameConstraints->DERExcluded = NULL;
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_Create_Helper
+                    (nssNameConstraints, &nameConstraints, plContext),
+                    PKIX_CERTNAMECONSTRAINTSCREATEHELPERFAILED);
+
+        nameConstraints->arena = arena;
+
+        *pNameConstraints = nameConstraints;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                if (arena){
+                        PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling PORT_FreeArena).\n");
+                        PORT_FreeArena(arena, PR_FALSE);
+                }
+        }
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_CopyNssNameConstraints
+ *
+ * DESCRIPTION:
+ *
+ *  This function allocates and copies data to a NSS CERTNameConstraints from
+ *  the NameConstraints given by "srcNC" and stores the result at "pDestNC". It
+ *  copies items on both the permitted and excluded lists, but not the
+ *  DERPermited and DERExcluded.
+ *
+ * PARAMETERS
+ *  "arena"
+ *      Memory pool where object data is allocated from. Must be non-NULL.
+ *  "srcNC"
+ *      Address of the NameConstraints to copy from. Must be non-NULL.
+ *  "pDestNC"
+ *      Address where new copied object is stored and returned.
+ *      Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_CertNameConstraints_CopyNssNameConstraints(
+        PLArenaPool *arena,
+        CERTNameConstraints *srcNC,
+        CERTNameConstraints **pDestNC,
+        void *plContext)
+{
+        CERTNameConstraints *nssNameConstraints = NULL;
+        CERTNameConstraint *nssNameConstraintHead = NULL;
+        CERTNameConstraint *nssCurrent = NULL;
+        CERTNameConstraint *nssCopyTo = NULL;
+        CERTNameConstraint *nssCopyFrom = NULL;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                    "pkix_pl_CertNameConstraints_CopyNssNameConstraints");
+        PKIX_NULLCHECK_THREE(arena, srcNC, pDestNC);
+
+        PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_ArenaZNew).\n");
+        nssNameConstraints = PORT_ArenaZNew(arena, CERTNameConstraints);
+        if (nssNameConstraints == NULL) {
+                PKIX_ERROR(PKIX_PORTARENAALLOCFAILED);
+        }
+
+        if (srcNC->permited) {
+
+            nssCopyFrom = srcNC->permited;
+
+            do {
+
+                nssCopyTo = NULL;
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling CERT_CopyNameConstraint).\n");
+                nssCopyTo = CERT_CopyNameConstraint
+                        (arena, nssCopyTo, nssCopyFrom);
+                if (nssCopyTo == NULL) {
+                        PKIX_ERROR(PKIX_CERTCOPYNAMECONSTRAINTFAILED);
+                }
+                if (nssCurrent == NULL) {
+                        nssCurrent = nssNameConstraintHead = nssCopyTo;
+                } else {
+                        PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling CERT_AddNameConstraint).\n");
+                        nssCurrent = CERT_AddNameConstraint
+                                (nssCurrent, nssCopyTo);
+                }
+
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling CERT_GetNextNameConstrain).\n");
+                nssCopyFrom = CERT_GetNextNameConstraint(nssCopyFrom);
+
+            } while (nssCopyFrom != srcNC->permited);
+
+            nssNameConstraints->permited = nssNameConstraintHead;
+        }
+
+        if (srcNC->excluded) {
+
+            nssCurrent = NULL;
+            nssCopyFrom = srcNC->excluded;
+
+            do {
+
+                /*
+                 * Cannot use CERT_DupGeneralNameList, which just increments
+                 * refcount. We need our own copy since arena is for each
+                 * PKIX_PL_NameConstraints. Perhaps contribute this code
+                 * as CERT_CopyGeneralNameList (in the future).
+                 */
+                nssCopyTo = NULL;
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling CERT_CopyNameConstraint).\n");
+                nssCopyTo = CERT_CopyNameConstraint
+                        (arena, nssCopyTo, nssCopyFrom);
+                if (nssCopyTo == NULL) {
+                        PKIX_ERROR(PKIX_CERTCOPYNAMECONSTRAINTFAILED);
+                }
+                if (nssCurrent == NULL) {
+                        nssCurrent = nssNameConstraintHead = nssCopyTo;
+                } else {
+                        PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling CERT_AddNameConstraint).\n");
+                        nssCurrent = CERT_AddNameConstraint
+                                (nssCurrent, nssCopyTo);
+                }
+
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling CERT_GetNextNameConstrain).\n");
+                nssCopyFrom = CERT_GetNextNameConstraint(nssCopyFrom);
+
+            } while (nssCopyFrom != srcNC->excluded);
+
+            nssNameConstraints->excluded = nssNameConstraintHead;
+        }
+
+        *pDestNC = nssNameConstraints;
+
+cleanup:
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/*
+ * FUNCTION: pkix_pl_CertNameConstraints_Merge
+ *
+ * DESCRIPTION:
+ *
+ *  This function merges two NameConstraints pointed to by "firstNC" and
+ *  "secondNC" and stores the result in "pMergedNC".
+ *
+ * PARAMETERS
+ *  "firstNC"
+ *      Address of the first NameConstraints to be merged. Must be non-NULL.
+ *  "secondNC"
+ *      Address of the second NameConstraints to be merged. Must be non-NULL.
+ *  "pMergedNC"
+ *      Address where the merge result is stored and returned. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a NameConstraints Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_CertNameConstraints_Merge(
+        PKIX_PL_CertNameConstraints *firstNC,
+        PKIX_PL_CertNameConstraints *secondNC,
+        PKIX_PL_CertNameConstraints **pMergedNC,
+        void *plContext)
+{
+        PKIX_PL_CertNameConstraints *nameConstraints = NULL;
+        CERTNameConstraints **nssNCto = NULL;
+        CERTNameConstraints **nssNCfrom = NULL;
+        CERTNameConstraints *nssNameConstraints = NULL;
+        PKIX_UInt32 numNssItems = 0;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS, "pkix_pl_CertNameConstraints_Merge");
+        PKIX_NULLCHECK_THREE(firstNC, secondNC, pMergedNC);
+
+        PKIX_CHECK(pkix_pl_CertNameConstraints_CreateByMerge
+                    (&nameConstraints, plContext),
+                    PKIX_CERTNAMECONSTRAINTSCREATEBYMERGEFAILED);
+
+        /* Merge NSSCertConstraint lists */
+
+        numNssItems = firstNC->numNssNameConstraints +
+                    secondNC->numNssNameConstraints;
+
+        /* Free the default space (only one entry) allocated by create */
+        PKIX_CHECK(PKIX_PL_Free
+                    (nameConstraints->nssNameConstraintsList, plContext),
+                    PKIX_FREEFAILED);
+
+        /* Reallocate the size we need */
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (numNssItems * sizeof (CERTNameConstraint *),
+                    (void *)&nssNCto,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+        nameConstraints->nssNameConstraintsList = nssNCto;
+
+        nssNCfrom = firstNC->nssNameConstraintsList;
+
+        for (i = 0; i < firstNC->numNssNameConstraints; i++) {
+
+                PKIX_CHECK(pkix_pl_CertNameConstraints_CopyNssNameConstraints
+                        (nameConstraints->arena,
+                        *nssNCfrom,
+                        &nssNameConstraints,
+                        plContext),
+                        PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED);
+
+                *nssNCto = nssNameConstraints;
+
+                nssNCto++;
+                nssNCfrom++;
+        }
+
+        nssNCfrom = secondNC->nssNameConstraintsList;
+
+        for (i = 0; i < secondNC->numNssNameConstraints; i++) {
+
+                PKIX_CHECK(pkix_pl_CertNameConstraints_CopyNssNameConstraints
+                        (nameConstraints->arena,
+                        *nssNCfrom,
+                        &nssNameConstraints,
+                        plContext),
+                        PKIX_CERTNAMECONSTRAINTSCOPYNSSNAMECONSTRAINTSFAILED);
+
+                *nssNCto = nssNameConstraints;
+
+                nssNCto++;
+                nssNCfrom++;
+        }
+
+        nameConstraints->numNssNameConstraints = numNssItems;
+        nameConstraints->permittedList = NULL;
+        nameConstraints->excludedList = NULL;
+
+        *pMergedNC = nameConstraints;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(nameConstraints);
+        }
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
+
+/* --Public-NameConstraints-Functions-------------------------------- */
+
+/*
+ * FUNCTION:  PKIX_PL_CertNameConstraints_CheckNamesInNameSpace
+ * (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_CertNameConstraints_CheckNamesInNameSpace(
+        PKIX_List *nameList, /* List of PKIX_PL_GeneralName */
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean *pCheckPass,
+        void *plContext)
+{
+        CERTNameConstraints **nssNameConstraintsList = NULL;
+        CERTNameConstraints *nssNameConstraints = NULL;
+        CERTGeneralName *nssMatchName = NULL;
+        PLArenaPool *arena = NULL;
+        PKIX_PL_GeneralName *name = NULL;
+        PKIX_UInt32 numNameItems = 0;
+        PKIX_UInt32 numNCItems = 0;
+        PKIX_UInt32 i, j;
+        SECStatus status = SECSuccess;
+
+        PKIX_ENTER(CERTNAMECONSTRAINTS,
+                "PKIX_PL_CertNameConstraints_CheckNamesInNameSpace");
+        PKIX_NULLCHECK_TWO(nameConstraints, pCheckPass);
+
+        *pCheckPass = PKIX_TRUE;
+
+        if (nameList != NULL) {
+
+                PKIX_CERTNAMECONSTRAINTS_DEBUG("\t\tCalling PORT_NewArena\n");
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }
+
+                nssNameConstraintsList =
+                        nameConstraints->nssNameConstraintsList;
+                PKIX_NULLCHECK_ONE(nssNameConstraintsList);
+                numNCItems = nameConstraints->numNssNameConstraints;
+
+                PKIX_CHECK(PKIX_List_GetLength
+                        (nameList, &numNameItems, plContext),
+                        PKIX_LISTGETLENGTHFAILED);
+
+                for (i = 0; i < numNameItems; i++) {
+
+                        PKIX_CHECK(PKIX_List_GetItem
+                                (nameList,
+                                i,
+                                (PKIX_PL_Object **) &name,
+                                plContext),
+                                PKIX_LISTGETITEMFAILED);
+
+                        PKIX_CHECK(pkix_pl_GeneralName_GetNssGeneralName
+                                (name, &nssMatchName, plContext),
+                                PKIX_GENERALNAMEGETNSSGENERALNAMEFAILED);
+
+                        PKIX_DECREF(name);
+
+                        for (j = 0; j < numNCItems; j++) {
+
+                            nssNameConstraints = *(nssNameConstraintsList + j);
+                            PKIX_NULLCHECK_ONE(nssNameConstraints);
+
+                            PKIX_CERTNAMECONSTRAINTS_DEBUG
+                                ("\t\tCalling CERT_CheckNameSpace\n");
+                            status = CERT_CheckNameSpace
+                                (arena, nssNameConstraints, nssMatchName);
+                            if (status != SECSuccess) {
+                                break;
+                            }
+
+                        }
+
+                        if (status != SECSuccess) {
+                            break;
+                        }
+
+                }
+        }
+
+        if (status == SECFailure) {
+                *pCheckPass = PKIX_FALSE;
+        }
+
+cleanup:
+
+        if (arena){
+                PKIX_CERTNAMECONSTRAINTS_DEBUG
+                        ("\t\tCalling PORT_FreeArena).\n");
+                PORT_FreeArena(arena, PR_FALSE);
+        }
+
+        PKIX_RETURN(CERTNAMECONSTRAINTS);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h
new file mode 100644
index 0000000..2f305ac
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_nameconstraints.h
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_nameconstraints.h
+ *
+ * Name Constraints Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_NAMECONSTRAINTS_H
+#define _PKIX_PL_NAMECONSTRAINTS_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_CertNameConstraintsStruct {
+        PLArenaPool *arena;
+        CERTNameConstraints **nssNameConstraintsList;
+        PKIX_UInt32 numNssNameConstraints;
+        PKIX_List *permittedList; /* list of PKIX_PL_GeneralName */
+        PKIX_List *excludedList; /* list of PKIX_PL_GeneralName */
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_CertNameConstraints_RegisterSelf(void *plContext);
+
+PKIX_Error *pkix_pl_CertNameConstraints_Create(
+        CERTCertificate *nssCert,
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_CertNameConstraints_CreateWithNames(
+        PKIX_List *names, /* List of PKIX_PL_GeneralName */
+        PKIX_PL_CertNameConstraints **pNameConstraints,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_CertNameConstraints_CheckNameSpaceNssNames(
+        CERTGeneralName *nssSubjectNames,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean *pCheckPass,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_CertNameConstraints_CheckNameSpacePkixNames(
+        PKIX_List *nameList,
+        PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean *pCheckPass,
+        void *plContext);
+
+
+PKIX_Error *pkix_pl_CertNameConstraints_Merge(
+        PKIX_PL_CertNameConstraints *firstNC,
+        PKIX_PL_CertNameConstraints *secondNC,
+        PKIX_PL_CertNameConstraints **pMergedNC,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_NAMECONSTRAINTS_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c
new file mode 100644
index 0000000..679811d
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.c
@@ -0,0 +1,251 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ocspcertid.c
+ *
+ * Certificate ID Object for OCSP
+ *
+ */
+
+#include "pkix_pl_ocspcertid.h"
+
+/* --Private-Cert-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_OcspCertID_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OcspCertID_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_OcspCertID *certID = NULL;
+
+        PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPCERTID_TYPE, plContext),
+                    PKIX_OBJECTNOTOCSPCERTID);
+
+        certID = (PKIX_PL_OcspCertID *)object;
+
+        if (certID->certID) {
+                CERT_DestroyOCSPCertID(certID->certID);
+        }
+
+cleanup:
+
+        PKIX_RETURN(OCSPCERTID);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspCertID_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_PUBLICKEY_TYPE and its related functions 
+ *  with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_OcspCertID_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(OCSPCERTID, "pkix_pl_OcspCertID_RegisterSelf");
+
+        entry.description = "OcspCertID";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_OcspCertID);
+        entry.destructor = pkix_pl_OcspCertID_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+        systemClasses[PKIX_OCSPCERTID_TYPE] = entry;
+
+        PKIX_RETURN(OCSPCERTID);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_OcspCertID_Create
+ * DESCRIPTION:
+ *
+ *  This function creates an OcspCertID for a given certificate,
+ *  to be used with OCSP transactions.
+ *
+ *  If a Date is provided in "validity" it may be used in the search for the
+ *  issuer of "cert" but has no effect on the request itself.
+ *
+ * PARAMETERS:
+ *  "cert"
+ *     Address of the Cert for which an OcspCertID is to be created. Must be
+ *     non-NULL.
+ *  "validity"
+ *     Address of the Date for which the Cert's validity is to be determined.
+ *     May be NULL.
+ *  "object"
+ *     Address at which the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspCertID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_OcspCertID_Create(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Date *validity,
+        PKIX_PL_OcspCertID **object,
+        void *plContext)
+{
+        PKIX_PL_OcspCertID *cid = NULL;
+        PRTime time = 0;
+
+        PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_Create");
+        PKIX_NULLCHECK_TWO(cert, object);
+    
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_OCSPCERTID_TYPE,
+                    sizeof (PKIX_PL_OcspCertID),
+                    (PKIX_PL_Object **)&cid,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        if (validity != NULL) {
+                PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
+                        PKIX_DATEGETPRTIMEFAILED);
+        } else {
+                time = PR_Now();
+        }
+
+        cid->certID = CERT_CreateOCSPCertID(cert->nssCert, time);
+        if (!cid->certID) {
+                PKIX_ERROR(PKIX_COULDNOTCREATEOBJECT);
+        }
+
+        *object = cid;
+        cid = NULL;
+cleanup:
+        PKIX_DECREF(cid);
+        PKIX_RETURN(OCSPCERTID);
+}
+
+/*
+ * FUNCTION: PKIX_PL_OcspCertID_GetFreshCacheStatus
+ * DESCRIPTION:
+ *
+ *  This function may return cached OCSP results for the provided
+ *  certificate, but only if stored information is still considered to be
+ *  fresh.
+ *
+ * PARAMETERS
+ *  "cid"
+ *      A certificate ID as used by OCSP
+ *  "validity"
+ *      Optional date parameter to request validity for a specifc time.
+ *  "hasFreshStatus"
+ *      Output parameter, if the function successed to find fresh cached
+ *      information, this will be set to true. Must be non-NULL.
+ *  "statusIsGood"
+ *      The good/bad result stored in the cache. Must be non-NULL.
+ *  "missingResponseError"
+ *      If OCSP status is "bad", this variable may indicate the exact
+ *      reason why the previous OCSP request had failed.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspCertID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_OcspCertID_GetFreshCacheStatus(
+        PKIX_PL_OcspCertID *cid, 
+        PKIX_PL_Date *validity,
+        PKIX_Boolean *hasFreshStatus,
+        PKIX_Boolean *statusIsGood,
+        SECErrorCodes *missingResponseError,
+        void *plContext)
+{
+        PRTime time = 0;
+        SECStatus rv;
+        SECStatus rvOcsp;
+        OCSPFreshness freshness;
+
+        PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_GetFreshCacheStatus");
+        PKIX_NULLCHECK_THREE(cid, hasFreshStatus, statusIsGood);
+
+        if (validity != NULL) {
+                PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
+                        PKIX_DATEGETPRTIMEFAILED);
+        } else {
+                time = PR_Now();
+        }
+
+        rv = ocsp_GetCachedOCSPResponseStatus(
+                cid->certID, time, PR_TRUE, /*ignoreGlobalOcspFailureSetting*/
+                &rvOcsp, missingResponseError, &freshness);
+
+        *hasFreshStatus = (rv == SECSuccess && freshness == ocspFresh);
+        if (*hasFreshStatus) {
+                *statusIsGood = (rvOcsp == SECSuccess);
+        }
+cleanup:
+        PKIX_RETURN(OCSPCERTID);
+}
+
+/*
+ * FUNCTION: PKIX_PL_OcspCertID_RememberOCSPProcessingFailure
+ * DESCRIPTION:
+ *
+ *  Information about the current failure associated to the given certID
+ *  will be remembered in the cache, potentially allowing future calls
+ *  to prevent repetitive OCSP requests.
+ *  After this function got called, it may no longer be safe to
+ *  use the provided cid parameter, because ownership might have been
+ *  transfered to the cache. This status will be recorded inside the
+ *  cid object.
+ *
+ * PARAMETERS
+ *  "cid"
+ *      The certificate ID associated to a failed OCSP processing.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspCertID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+PKIX_PL_OcspCertID_RememberOCSPProcessingFailure(
+        PKIX_PL_OcspCertID *cid, 
+        void *plContext)
+{
+        PRBool certIDWasConsumed = PR_FALSE;
+
+        PKIX_ENTER(DATE, "PKIX_PL_OcspCertID_RememberOCSPProcessingFailure");
+        PKIX_NULLCHECK_TWO(cid, cid->certID);
+
+        cert_RememberOCSPProcessingFailure(cid->certID, &certIDWasConsumed);
+
+        if (certIDWasConsumed) {
+                cid->certID = NULL;
+        }
+
+        PKIX_RETURN(OCSPCERTID);
+}
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h
new file mode 100644
index 0000000..772a12b
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspcertid.h
@@ -0,0 +1,53 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ocspcertid.h
+ *
+ * Public Key Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_OCSPCERTID_H
+#define _PKIX_PL_OCSPCERTID_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_OcspCertIDStruct {
+        CERTOCSPCertID *certID;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_OcspCertID_RegisterSelf(void *plContext);
+
+PKIX_Error *
+PKIX_PL_OcspCertID_Create(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_Date *validity,
+        PKIX_PL_OcspCertID **object,
+        void *plContext);
+
+PKIX_Error *
+PKIX_PL_OcspCertID_GetFreshCacheStatus(
+        PKIX_PL_OcspCertID *cid, 
+        PKIX_PL_Date *validity,
+        PKIX_Boolean *hasFreshStatus,
+        PKIX_Boolean *statusIsGood,
+        SECErrorCodes *missingResponseError,
+        void *plContext);
+
+PKIX_Error *
+PKIX_PL_OcspCertID_RememberOCSPProcessingFailure(
+        PKIX_PL_OcspCertID *cid, 
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_OCSPCERTID_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
new file mode 100644
index 0000000..171a3d2
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
@@ -0,0 +1,441 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ocsprequest.c
+ *
+ */
+
+#include "pkix_pl_ocsprequest.h"
+
+/* --Private-OcspRequest-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_OcspRequest_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OcspRequest_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_OcspRequest *ocspReq = NULL;
+
+        PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPREQUEST_TYPE, plContext),
+                    PKIX_OBJECTNOTOCSPREQUEST);
+
+        ocspReq = (PKIX_PL_OcspRequest *)object;
+
+        if (ocspReq->decoded != NULL) {
+                CERT_DestroyOCSPRequest(ocspReq->decoded);
+        }
+
+        if (ocspReq->encoded != NULL) {
+                SECITEM_FreeItem(ocspReq->encoded, PR_TRUE);
+        }
+
+        if (ocspReq->location != NULL) {
+                PORT_Free(ocspReq->location);
+        }
+
+        PKIX_DECREF(ocspReq->cert);
+        PKIX_DECREF(ocspReq->validity);
+        PKIX_DECREF(ocspReq->signerCert);
+
+cleanup:
+
+        PKIX_RETURN(OCSPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspRequest_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OcspRequest_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_UInt32 certHash = 0;
+        PKIX_UInt32 dateHash = 0;
+        PKIX_UInt32 extensionHash = 0;
+        PKIX_UInt32 signerHash = 0;
+        PKIX_PL_OcspRequest *ocspRq = NULL;
+
+        PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPREQUEST_TYPE, plContext),
+                    PKIX_OBJECTNOTOCSPREQUEST);
+
+        ocspRq = (PKIX_PL_OcspRequest *)object;
+
+        *pHashcode = 0;
+
+        PKIX_HASHCODE(ocspRq->cert, &certHash, plContext,
+                PKIX_CERTHASHCODEFAILED);
+
+        PKIX_HASHCODE(ocspRq->validity, &dateHash, plContext,
+                PKIX_DATEHASHCODEFAILED);
+
+        if (ocspRq->addServiceLocator == PKIX_TRUE) {
+                extensionHash = 0xff;
+        }
+
+        PKIX_HASHCODE(ocspRq->signerCert, &signerHash, plContext,
+                PKIX_CERTHASHCODEFAILED);
+
+        *pHashcode = (((((extensionHash << 8) || certHash) << 8) ||
+                dateHash) << 8) || signerHash;
+
+cleanup:
+
+        PKIX_RETURN(OCSPREQUEST);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspRequest_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OcspRequest_Equals(
+        PKIX_PL_Object *firstObj,
+        PKIX_PL_Object *secondObj,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_Boolean match = PKIX_FALSE;
+        PKIX_UInt32 secondType = 0;
+        PKIX_PL_OcspRequest *firstReq = NULL;
+        PKIX_PL_OcspRequest *secondReq = NULL;
+
+        PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Equals");
+        PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
+
+        /* test that firstObj is a OcspRequest */
+        PKIX_CHECK(pkix_CheckType(firstObj, PKIX_OCSPREQUEST_TYPE, plContext),
+                    PKIX_FIRSTOBJARGUMENTNOTOCSPREQUEST);
+
+        /*
+         * Since we know firstObj is a OcspRequest, if both references are
+         * identical, they must be equal
+         */
+        if (firstObj == secondObj){
+                match = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObj isn't a OcspRequest, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObj, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_OCSPREQUEST_TYPE) {
+                goto cleanup;
+        }
+
+        firstReq = (PKIX_PL_OcspRequest *)firstObj;
+        secondReq = (PKIX_PL_OcspRequest *)secondObj;
+
+        if (firstReq->addServiceLocator != secondReq->addServiceLocator) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS(firstReq->cert, secondReq->cert, &match, plContext,
+                PKIX_CERTEQUALSFAILED);
+
+        if (match == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS(firstReq->validity, secondReq->validity, &match, plContext,
+                PKIX_DATEEQUALSFAILED);
+
+        if (match == PKIX_FALSE) {
+                goto cleanup;
+        }
+
+        PKIX_EQUALS
+                (firstReq->signerCert, secondReq->signerCert, &match, plContext,
+                PKIX_CERTEQUALSFAILED);
+
+cleanup:
+
+        *pResult = match;
+
+        PKIX_RETURN(OCSPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspRequest_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_OCSPREQUEST_TYPE and its related functions with
+ *  systemClasses[]
+ * PARAMETERS:
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_OcspRequest_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_RegisterSelf");
+
+        entry.description = "OcspRequest";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_OcspRequest);
+        entry.destructor = pkix_pl_OcspRequest_Destroy;
+        entry.equalsFunction = pkix_pl_OcspRequest_Equals;
+        entry.hashcodeFunction = pkix_pl_OcspRequest_Hashcode;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_OCSPREQUEST_TYPE] = entry;
+
+        PKIX_RETURN(OCSPREQUEST);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_OcspRequest_Create
+ * DESCRIPTION:
+ *
+ *  This function creates an OcspRequest to be used in validating the Cert
+ *  pointed to by "cert" and storing the result at "pRequest". If a URI
+ *  is found for an OCSP responder, PKIX_TRUE is stored at "pURIFound". If no
+ *  URI is found, PKIX_FALSE is stored.
+ *
+ *  If a Date is provided in "validity" it may be used in the search for the
+ *  issuer of "cert" but has no effect on the request itself. If
+ *  "addServiceLocator" is TRUE, the AddServiceLocator extension will be
+ *  included in the Request. If "signerCert" is provided it will be used to sign
+ *  the Request. (Note: this signed request feature is not currently supported.)
+ *
+ * PARAMETERS:
+ *  "cert"
+ *     Address of the Cert for which an OcspRequest is to be created. Must be
+ *     non-NULL.
+ *  "validity"
+ *     Address of the Date for which the Cert's validity is to be determined.
+ *     May be NULL.
+ *  "signerCert"
+ *     Address of the Cert to be used, if present, in signing the request.
+ *     May be NULL.
+ *  "pRequest"
+ *     Address at which the result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspRequest Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_OcspRequest_Create(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_OcspCertID *cid,
+        PKIX_PL_Date *validity,
+        PKIX_PL_Cert *signerCert,
+        PKIX_UInt32 methodFlags,
+        PKIX_Boolean *pURIFound,
+        PKIX_PL_OcspRequest **pRequest,
+        void *plContext)
+{
+        PKIX_PL_OcspRequest *ocspRequest = NULL;
+
+        CERTCertDBHandle *handle = NULL;
+        SECStatus rv = SECFailure;
+        SECItem *encoding = NULL;
+        CERTOCSPRequest *certRequest = NULL;
+        PRTime time = 0;
+        PRBool addServiceLocatorExtension = PR_FALSE;
+        CERTCertificate *nssCert = NULL;
+        CERTCertificate *nssSignerCert = NULL;
+        char *location = NULL;
+        PRErrorCode locError = 0;
+        PKIX_Boolean canUseDefaultSource = PKIX_FALSE;
+
+        PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_Create");
+        PKIX_NULLCHECK_TWO(cert, pRequest);
+
+        /* create a PKIX_PL_OcspRequest object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_OCSPREQUEST_TYPE,
+                    sizeof (PKIX_PL_OcspRequest),
+                    (PKIX_PL_Object **)&ocspRequest,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+
+        PKIX_INCREF(cert);
+        ocspRequest->cert = cert;
+
+        PKIX_INCREF(validity);
+        ocspRequest->validity = validity;
+
+        PKIX_INCREF(signerCert);
+        ocspRequest->signerCert = signerCert;
+
+        ocspRequest->decoded = NULL;
+        ocspRequest->encoded = NULL;
+
+        ocspRequest->location = NULL;
+
+        nssCert = cert->nssCert;
+
+        /*
+         * Does this Cert have an Authority Information Access extension with
+         * the URI of an OCSP responder?
+         */
+        handle = CERT_GetDefaultCertDB();
+
+        if (!(methodFlags & PKIX_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE)) {
+            canUseDefaultSource = PKIX_TRUE;
+        }
+        location = ocsp_GetResponderLocation(handle, nssCert,
+                                             canUseDefaultSource,
+                                             &addServiceLocatorExtension);
+        if (location == NULL) {
+                locError = PORT_GetError();
+                if (locError == SEC_ERROR_EXTENSION_NOT_FOUND ||
+                    locError == SEC_ERROR_CERT_BAD_ACCESS_LOCATION) {
+                    PORT_SetError(0);
+                    *pURIFound = PKIX_FALSE;
+                    goto cleanup;
+                }
+                PKIX_ERROR(PKIX_ERRORFINDINGORPROCESSINGURI);
+        }
+
+        ocspRequest->location = location;
+        *pURIFound = PKIX_TRUE;
+
+        if (signerCert != NULL) {
+                nssSignerCert = signerCert->nssCert;
+        }
+
+        if (validity != NULL) {
+		PKIX_CHECK(pkix_pl_Date_GetPRTime(validity, &time, plContext),
+			PKIX_DATEGETPRTIMEFAILED);
+        } else {
+                time = PR_Now();
+	}
+
+        certRequest = cert_CreateSingleCertOCSPRequest(
+                cid->certID, cert->nssCert, time, 
+                addServiceLocatorExtension, nssSignerCert);
+
+        ocspRequest->decoded = certRequest;
+
+        if (certRequest == NULL) {
+                PKIX_ERROR(PKIX_UNABLETOCREATECERTOCSPREQUEST);
+        }
+
+        rv = CERT_AddOCSPAcceptableResponses(
+                certRequest, SEC_OID_PKIX_OCSP_BASIC_RESPONSE);
+
+        if (rv == SECFailure) {
+                PKIX_ERROR(PKIX_UNABLETOADDACCEPTABLERESPONSESTOREQUEST);
+        }
+
+        encoding = CERT_EncodeOCSPRequest(NULL, certRequest, NULL);
+
+        ocspRequest->encoded = encoding;
+
+        *pRequest = ocspRequest;
+        ocspRequest = NULL;
+
+cleanup:
+        PKIX_DECREF(ocspRequest);
+
+        PKIX_RETURN(OCSPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspRequest_GetEncoded
+ * DESCRIPTION:
+ *
+ *  This function obtains the encoded message from the OcspRequest pointed to
+ *  by "request", storing the result at "pRequest".
+ *
+ * PARAMETERS
+ *  "request"
+ *      The address of the OcspRequest whose encoded message is to be
+ *      retrieved. Must be non-NULL.
+ *  "pRequest"
+ *      The address at which is stored the address of the encoded message. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_OcspRequest_GetEncoded(
+        PKIX_PL_OcspRequest *request,
+        SECItem **pRequest,
+        void *plContext)
+{
+        PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_GetEncoded");
+        PKIX_NULLCHECK_TWO(request, pRequest);
+
+        *pRequest = request->encoded;
+
+        PKIX_RETURN(OCSPREQUEST);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspRequest_GetLocation
+ * DESCRIPTION:
+ *
+ *  This function obtains the location from the OcspRequest pointed to
+ *  by "request", storing the result at "pLocation".
+ *
+ * PARAMETERS
+ *  "request"
+ *      The address of the OcspRequest whose encoded message is to be
+ *      retrieved. Must be non-NULL.
+ *  "pLocation"
+ *      The address at which is stored the address of the location. Must
+ *      be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_OcspRequest_GetLocation(
+        PKIX_PL_OcspRequest *request,
+        char **pLocation,
+        void *plContext)
+{
+        PKIX_ENTER(OCSPREQUEST, "pkix_pl_OcspRequest_GetLocation");
+        PKIX_NULLCHECK_TWO(request, pLocation);
+
+        *pLocation = request->location;
+
+        PKIX_RETURN(OCSPREQUEST);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h
new file mode 100644
index 0000000..fa79266
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.h
@@ -0,0 +1,61 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ocsprequest.h
+ *
+ * OcspRequest Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_OCSPREQUEST_H
+#define _PKIX_PL_OCSPREQUEST_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_OcspRequestStruct{
+        PKIX_PL_Cert *cert;
+        PKIX_PL_Date *validity;
+        PKIX_Boolean addServiceLocator;
+        PKIX_PL_Cert *signerCert;
+        CERTOCSPRequest *decoded;
+        SECItem *encoded;
+        char *location;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_OcspRequest_Create(
+        PKIX_PL_Cert *cert,
+        PKIX_PL_OcspCertID *cid,
+        PKIX_PL_Date *validity,
+        PKIX_PL_Cert *signerCert,
+        PKIX_UInt32 methodFlags,
+        PKIX_Boolean *pURIFound,
+        PKIX_PL_OcspRequest **pRequest,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_OcspRequest_GetEncoded(
+        PKIX_PL_OcspRequest *request,
+        SECItem **pRequest,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_OcspRequest_GetLocation(
+        PKIX_PL_OcspRequest *request,
+        char **pLocation,
+        void *plContext);
+
+PKIX_Error *pkix_pl_OcspRequest_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_OCSPREQUEST_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
new file mode 100644
index 0000000..fa5d6e9
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
@@ -0,0 +1,1067 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ocspresponse.c
+ *
+ */
+
+#include "pkix_pl_ocspresponse.h"
+
+/* ----Public functions------------------------------------- */
+/*
+ * This is the libpkix replacement for CERT_VerifyOCSPResponseSignature.
+ * It is used if it has been set as the verifyFcn member of ocspChecker.
+ */
+PKIX_Error *
+PKIX_PL_OcspResponse_UseBuildChain(
+        PKIX_PL_Cert *signerCert,
+	PKIX_PL_Date *producedAt,
+        PKIX_ProcessingParams *procParams,
+        void **pNBIOContext,
+        void **pState,
+        PKIX_BuildResult **pBuildResult,
+        PKIX_VerifyNode **pVerifyTree,
+	void *plContext)
+{
+        PKIX_ProcessingParams *caProcParams = NULL;
+        PKIX_PL_Date *date = NULL;
+        PKIX_ComCertSelParams *certSelParams = NULL;
+        PKIX_CertSelector *certSelector = NULL;
+        void *nbioContext = NULL;
+        PKIX_Error *buildError = NULL;
+
+        PKIX_ENTER(OCSPRESPONSE, "pkix_OcspResponse_UseBuildChain");
+        PKIX_NULLCHECK_THREE(signerCert, producedAt, procParams);
+        PKIX_NULLCHECK_THREE(pNBIOContext, pState, pBuildResult);
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        /* Are we resuming after a WOULDBLOCK return, or starting anew ? */
+        if (nbioContext == NULL) {
+                /* Starting anew */
+		PKIX_CHECK(PKIX_PL_Object_Duplicate
+                        ((PKIX_PL_Object *)procParams,
+                        (PKIX_PL_Object **)&caProcParams,
+                        plContext),
+        	        PKIX_OBJECTDUPLICATEFAILED);
+
+		PKIX_CHECK(PKIX_ProcessingParams_SetDate(procParams, date, plContext),
+	                PKIX_PROCESSINGPARAMSSETDATEFAILED);
+
+	        /* create CertSelector with target certificate in params */
+
+		PKIX_CHECK(PKIX_CertSelector_Create
+	                (NULL, NULL, &certSelector, plContext),
+	                PKIX_CERTSELECTORCREATEFAILED);
+
+		PKIX_CHECK(PKIX_ComCertSelParams_Create
+	                (&certSelParams, plContext),
+	                PKIX_COMCERTSELPARAMSCREATEFAILED);
+
+	        PKIX_CHECK(PKIX_ComCertSelParams_SetCertificate
+        	        (certSelParams, signerCert, plContext),
+                	PKIX_COMCERTSELPARAMSSETCERTIFICATEFAILED);
+
+	        PKIX_CHECK(PKIX_CertSelector_SetCommonCertSelectorParams
+	                (certSelector, certSelParams, plContext),
+	                PKIX_CERTSELECTORSETCOMMONCERTSELECTORPARAMSFAILED);
+
+	        PKIX_CHECK(PKIX_ProcessingParams_SetTargetCertConstraints
+        	        (caProcParams, certSelector, plContext),
+                	PKIX_PROCESSINGPARAMSSETTARGETCERTCONSTRAINTSFAILED);
+	}
+
+        buildError = PKIX_BuildChain
+                (caProcParams,
+                &nbioContext,
+                pState,
+                pBuildResult,
+		pVerifyTree,
+                plContext);
+
+        /* non-null nbioContext means the build would block */
+        if (nbioContext != NULL) {
+
+                *pNBIOContext = nbioContext;
+
+        /* no buildResult means the build has failed */
+        } else if (buildError) {
+                pkixErrorResult = buildError;
+                buildError = NULL;
+        } else {
+                PKIX_DECREF(*pState);
+        }
+
+cleanup:
+
+        PKIX_DECREF(caProcParams);
+        PKIX_DECREF(date);
+        PKIX_DECREF(certSelParams);
+        PKIX_DECREF(certSelector);
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/* --Private-OcspResponse-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OcspResponse_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_OcspResponse *ocspRsp = NULL;
+        const SEC_HttpClientFcn *httpClient = NULL;
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+
+        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPRESPONSE_TYPE, plContext),
+                    PKIX_OBJECTNOTANOCSPRESPONSE);
+
+        ocspRsp = (PKIX_PL_OcspResponse *)object;
+
+        if (ocspRsp->nssOCSPResponse != NULL) {
+                CERT_DestroyOCSPResponse(ocspRsp->nssOCSPResponse);
+                ocspRsp->nssOCSPResponse = NULL;
+        }
+
+        if (ocspRsp->signerCert != NULL) {
+                CERT_DestroyCertificate(ocspRsp->signerCert);
+                ocspRsp->signerCert = NULL;
+        }
+
+        httpClient = (const SEC_HttpClientFcn *)(ocspRsp->httpClient);
+
+        if (httpClient && (httpClient->version == 1)) {
+
+                hcv1 = &(httpClient->fcnTable.ftable1);
+
+                if (ocspRsp->sessionRequest != NULL) {
+                    (*hcv1->freeFcn)(ocspRsp->sessionRequest);
+                    ocspRsp->sessionRequest = NULL;
+                }
+
+                if (ocspRsp->serverSession != NULL) {
+                    (*hcv1->freeSessionFcn)(ocspRsp->serverSession);
+                    ocspRsp->serverSession = NULL;
+                }
+        }
+
+        if (ocspRsp->arena != NULL) {
+                PORT_FreeArena(ocspRsp->arena, PR_FALSE);
+                ocspRsp->arena = NULL;
+        }
+
+	PKIX_DECREF(ocspRsp->producedAtDate);
+	PKIX_DECREF(ocspRsp->pkixSignerCert);
+	PKIX_DECREF(ocspRsp->request);
+
+cleanup:
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OcspResponse_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_OcspResponse *ocspRsp = NULL;
+
+        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OCSPRESPONSE_TYPE, plContext),
+                    PKIX_OBJECTNOTANOCSPRESPONSE);
+
+        ocspRsp = (PKIX_PL_OcspResponse *)object;
+
+        if (ocspRsp->encodedResponse->data == NULL) {
+                *pHashcode = 0;
+        } else {
+                PKIX_CHECK(pkix_hash
+                        (ocspRsp->encodedResponse->data,
+                        ocspRsp->encodedResponse->len,
+                        pHashcode,
+                        plContext),
+                        PKIX_HASHFAILED);
+        }
+
+cleanup:
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OcspResponse_Equals(
+        PKIX_PL_Object *firstObj,
+        PKIX_PL_Object *secondObj,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType = 0;
+        PKIX_UInt32 firstLen = 0;
+        PKIX_UInt32 i = 0;
+        PKIX_PL_OcspResponse *rsp1 = NULL;
+        PKIX_PL_OcspResponse *rsp2 = NULL;
+        const unsigned char *firstData = NULL;
+        const unsigned char *secondData = NULL;
+
+        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Equals");
+        PKIX_NULLCHECK_THREE(firstObj, secondObj, pResult);
+
+        /* test that firstObj is a OcspResponse */
+        PKIX_CHECK(pkix_CheckType(firstObj, PKIX_OCSPRESPONSE_TYPE, plContext),
+                    PKIX_FIRSTOBJARGUMENTNOTANOCSPRESPONSE);
+
+        /*
+         * Since we know firstObj is a OcspResponse, if both references are
+         * identical, they must be equal
+         */
+        if (firstObj == secondObj){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObj isn't a OcspResponse, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType(secondObj, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_OCSPRESPONSE_TYPE) {
+                goto cleanup;
+        }
+
+        rsp1 = (PKIX_PL_OcspResponse *)firstObj;
+        rsp2 = (PKIX_PL_OcspResponse *)secondObj;
+
+        /* If either lacks an encoded string, they cannot be compared */
+        firstData = (const unsigned char *)rsp1->encodedResponse->data;
+        secondData = (const unsigned char *)rsp2->encodedResponse->data;
+        if ((firstData == NULL) || (secondData == NULL)) {
+                goto cleanup;
+        }
+
+        firstLen = rsp1->encodedResponse->len;
+
+        if (firstLen != rsp2->encodedResponse->len) {
+                goto cleanup;
+        }
+
+        for (i = 0; i < firstLen; i++) {
+                if (*firstData++ != *secondData++) {
+                        goto cleanup;
+                }
+        }
+
+        *pResult = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_OCSPRESPONSE_TYPE and its related functions with
+ *  systemClasses[]
+ * PARAMETERS:
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_OcspResponse_RegisterSelf(void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry *entry = &systemClasses[PKIX_OCSPRESPONSE_TYPE];
+
+        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_RegisterSelf");
+
+        entry->description = "OcspResponse";
+        entry->typeObjectSize = sizeof(PKIX_PL_OcspResponse);
+        entry->destructor = pkix_pl_OcspResponse_Destroy;
+        entry->equalsFunction = pkix_pl_OcspResponse_Equals;
+        entry->hashcodeFunction = pkix_pl_OcspResponse_Hashcode;
+        entry->duplicateFunction = pkix_duplicateImmutable;
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_Create
+ * DESCRIPTION:
+ *
+ *  This function transmits the OcspRequest pointed to by "request" and obtains
+ *  an OcspResponse, which it stores at "pOcspResponse". If the HTTPClient
+ *  supports non-blocking I/O this function may store a non-NULL value at
+ *  "pNBIOContext" (the WOULDBLOCK condition). In that case the caller should
+ *  make a subsequent call with the same value in "pNBIOContext" and
+ *  "pOcspResponse" to resume the operation. Additional WOULDBLOCK returns may
+ *  occur; the caller should persist until a return occurs with NULL stored at
+ *  "pNBIOContext".
+ *
+ *  If a SEC_HttpClientFcn "responder" is supplied, it is used as the client
+ *  to which the OCSP query is sent. If none is supplied, the default responder
+ *  is used.
+ *
+ *  If an OcspResponse_VerifyCallback "verifyFcn" is supplied, it is used to
+ *  verify the Cert received from the responder as the signer. If none is
+ *  supplied, the default verification function is used.
+ *
+ *  The contents of "request" are ignored on calls subsequent to a WOULDBLOCK
+ *  return, and the caller is permitted to supply NULL.
+ *
+ * PARAMETERS
+ *  "request"
+ *      Address of the OcspRequest for which a response is desired.
+ *  "httpMethod"
+ *      GET or POST
+ *  "responder"
+ *      Address, if non-NULL, of the SEC_HttpClientFcn to be sent the OCSP
+ *      query.
+ *  "verifyFcn"
+ *      Address, if non-NULL, of the OcspResponse_VerifyCallback function to be
+ *      used to verify the Cert of the OCSP responder.
+ *  "pNBIOContext"
+ *      Address at which platform-dependent information is stored for handling
+ *      of non-blocking I/O. Must be non-NULL.
+ *  "pOcspResponse"
+ *      The address where the created OcspResponse is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_OcspResponse_Create(
+        PKIX_PL_OcspRequest *request,
+        const char *httpMethod,
+        void *responder,
+        PKIX_PL_VerifyCallback verifyFcn,
+        void **pNBIOContext,
+        PKIX_PL_OcspResponse **pResponse,
+        void *plContext)
+{
+        void *nbioContext = NULL;
+        PKIX_PL_OcspResponse *ocspResponse = NULL;
+        const SEC_HttpClientFcn *httpClient = NULL;
+        const SEC_HttpClientFcnV1 *hcv1 = NULL;
+        SECStatus rv = SECFailure;
+        char *location = NULL;
+        char *hostname = NULL;
+        char *path = NULL;
+        char *responseContentType = NULL;
+        PRUint16 port = 0;
+        SEC_HTTP_SERVER_SESSION serverSession = NULL;
+        SEC_HTTP_REQUEST_SESSION sessionRequest = NULL;
+        SECItem *encodedRequest = NULL;
+        PRUint16 responseCode = 0;
+        char *responseData = NULL;
+ 
+        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_Create");
+        PKIX_NULLCHECK_TWO(pNBIOContext, pResponse);
+
+	if (!strcmp(httpMethod, "GET") && !strcmp(httpMethod, "POST")) {
+		PKIX_ERROR(PKIX_INVALIDOCSPHTTPMETHOD);
+	}
+
+        nbioContext = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        if (nbioContext != NULL) {
+
+                ocspResponse = *pResponse;
+                PKIX_NULLCHECK_ONE(ocspResponse);
+
+                httpClient = ocspResponse->httpClient;
+                serverSession = ocspResponse->serverSession;
+                sessionRequest = ocspResponse->sessionRequest;
+                PKIX_NULLCHECK_THREE(httpClient, serverSession, sessionRequest);
+
+        } else {
+                PKIX_UInt32 timeout =
+                    ((PKIX_PL_NssContext*)plContext)->timeoutSeconds;
+
+                PKIX_NULLCHECK_ONE(request);
+
+                PKIX_CHECK(pkix_pl_OcspRequest_GetEncoded
+                        (request, &encodedRequest, plContext),
+                        PKIX_OCSPREQUESTGETENCODEDFAILED);
+
+                /* prepare initial message to HTTPClient */
+
+                /* Is there a default responder and is it enabled? */
+                if (responder) {
+                    httpClient = (const SEC_HttpClientFcn *)responder;
+                } else {
+                    httpClient = SEC_GetRegisteredHttpClient();
+                }
+
+                if (httpClient && (httpClient->version == 1)) {
+			char *fullGetPath = NULL;
+			const char *sessionPath = NULL;
+			PRBool usePOST = !strcmp(httpMethod, "POST");
+
+                        hcv1 = &(httpClient->fcnTable.ftable1);
+
+                        PKIX_CHECK(pkix_pl_OcspRequest_GetLocation
+                                (request, &location, plContext),
+                                PKIX_OCSPREQUESTGETLOCATIONFAILED);
+
+                        /* parse location -> hostname, port, path */    
+                        rv = CERT_ParseURL(location, &hostname, &port, &path);
+                        if (rv == SECFailure || hostname == NULL || path == NULL) {
+                                PKIX_ERROR(PKIX_URLPARSINGFAILED);
+                        }
+
+                        rv = (*hcv1->createSessionFcn)(hostname, port,
+                                                       &serverSession);
+                        if (rv != SECSuccess) {
+                                PKIX_ERROR(PKIX_OCSPSERVERERROR);
+                        }       
+
+			if (usePOST) {
+				sessionPath = path;
+			} else {
+				/* calculate, are we allowed to use GET? */
+				enum { max_get_request_size = 255 }; /* defined by RFC2560 */
+				char b64ReqBuf[max_get_request_size+1];
+				size_t base64size;
+				size_t slashLengthIfNeeded = 0;
+				size_t pathLength;
+				PRInt32 urlEncodedBufLength;
+				size_t getURLLength;
+				char *walkOutput = NULL;
+
+				pathLength = strlen(path);
+				if (path[pathLength-1] != '/') {
+					slashLengthIfNeeded = 1;
+				}
+				base64size = (((encodedRequest->len +2)/3) * 4);
+				if (base64size > max_get_request_size) {
+					PKIX_ERROR(PKIX_OCSPGETREQUESTTOOBIG);
+				}
+				memset(b64ReqBuf, 0, sizeof(b64ReqBuf));
+				PL_Base64Encode((const char *)encodedRequest->data, encodedRequest->len, b64ReqBuf);
+				urlEncodedBufLength = ocsp_UrlEncodeBase64Buf(b64ReqBuf, NULL);
+				getURLLength = pathLength + urlEncodedBufLength + slashLengthIfNeeded;
+				fullGetPath = (char*)PORT_Alloc(getURLLength);
+				if (!fullGetPath) {
+					PKIX_ERROR(PKIX_OUTOFMEMORY);
+				}
+				strcpy(fullGetPath, path);
+				walkOutput = fullGetPath + pathLength;
+				if (walkOutput > fullGetPath && slashLengthIfNeeded) {
+					strcpy(walkOutput, "/");
+					++walkOutput;
+				}
+				ocsp_UrlEncodeBase64Buf(b64ReqBuf, walkOutput);
+				sessionPath = fullGetPath;
+			}
+
+                        rv = (*hcv1->createFcn)(serverSession, "http",
+                                                sessionPath, httpMethod,
+                                                PR_SecondsToInterval(timeout),
+                                                &sessionRequest);
+			sessionPath = NULL;
+			if (fullGetPath) {
+				PORT_Free(fullGetPath);
+				fullGetPath = NULL;
+			}
+			
+                        if (rv != SECSuccess) {
+                                PKIX_ERROR(PKIX_OCSPSERVERERROR);
+                        }       
+
+			if (usePOST) {
+				rv = (*hcv1->setPostDataFcn)(sessionRequest,
+							  (char *)encodedRequest->data,
+							  encodedRequest->len,
+							  "application/ocsp-request");
+				if (rv != SECSuccess) {
+					PKIX_ERROR(PKIX_OCSPSERVERERROR);
+				}
+			}
+
+                        /* create a PKIX_PL_OcspResponse object */
+                        PKIX_CHECK(PKIX_PL_Object_Alloc
+                                    (PKIX_OCSPRESPONSE_TYPE,
+                                    sizeof (PKIX_PL_OcspResponse),
+                                    (PKIX_PL_Object **)&ocspResponse,
+                                    plContext),
+                                    PKIX_COULDNOTCREATEOBJECT);
+
+                        PKIX_INCREF(request);
+                        ocspResponse->request = request;
+                        ocspResponse->httpClient = httpClient;
+                        ocspResponse->serverSession = serverSession;
+                        serverSession = NULL;
+                        ocspResponse->sessionRequest = sessionRequest;
+                        sessionRequest = NULL;
+                        ocspResponse->verifyFcn = verifyFcn;
+                        ocspResponse->handle = CERT_GetDefaultCertDB();
+                        ocspResponse->encodedResponse = NULL;
+                        ocspResponse->arena = NULL;
+                        ocspResponse->producedAt = 0;
+                        ocspResponse->producedAtDate = NULL;
+                        ocspResponse->pkixSignerCert = NULL;
+                        ocspResponse->nssOCSPResponse = NULL;
+                        ocspResponse->signerCert = NULL;
+                }
+        }
+
+        /* begin or resume IO to HTTPClient */
+        if (httpClient && (httpClient->version == 1)) {
+                PRUint32 responseDataLen = 
+                   ((PKIX_PL_NssContext*)plContext)->maxResponseLength;
+
+                hcv1 = &(httpClient->fcnTable.ftable1);
+
+                rv = (*hcv1->trySendAndReceiveFcn)(ocspResponse->sessionRequest,
+                        (PRPollDesc **)&nbioContext,
+                        &responseCode,
+                        (const char **)&responseContentType,
+                        NULL,   /* responseHeaders */
+                        (const char **)&responseData,
+                        &responseDataLen);
+
+                if (rv != SECSuccess) {
+                        PKIX_ERROR(PKIX_OCSPSERVERERROR);
+                }
+                /* responseContentType is a pointer to the null-terminated
+                 * string returned by httpclient. Memory allocated for context
+                 * type will be freed with freeing of the HttpClient struct. */
+                if (PORT_Strcasecmp(responseContentType, 
+                                   "application/ocsp-response")) {
+                       PKIX_ERROR(PKIX_OCSPSERVERERROR);
+                }
+                if (nbioContext != NULL) {
+                        *pNBIOContext = nbioContext;
+                        goto cleanup;
+                }
+                if (responseCode != 200) {
+                        PKIX_ERROR(PKIX_OCSPBADHTTPRESPONSE);
+                }
+                ocspResponse->arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (ocspResponse->arena == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }
+                ocspResponse->encodedResponse = SECITEM_AllocItem
+                        (ocspResponse->arena, NULL, responseDataLen);
+                if (ocspResponse->encodedResponse == NULL) {
+                        PKIX_ERROR(PKIX_OUTOFMEMORY);
+                }
+                PORT_Memcpy(ocspResponse->encodedResponse->data,
+                            responseData, responseDataLen);
+        }
+        *pResponse = ocspResponse;
+        ocspResponse = NULL;
+
+cleanup:
+
+        if (path != NULL) {
+            PORT_Free(path);
+        }
+        if (hostname != NULL) {
+            PORT_Free(hostname);
+        }
+        if (ocspResponse) {
+            PKIX_DECREF(ocspResponse);
+        }
+        if (serverSession) {
+            hcv1->freeSessionFcn(serverSession);
+        }
+        if (sessionRequest) {
+            hcv1->freeFcn(sessionRequest);
+        }
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_Decode
+ * DESCRIPTION:
+ *
+ *  This function decodes the DER data contained in the OcspResponse pointed to
+ *  by "response", storing PKIX_TRUE at "pPassed" if the decoding was
+ *  successful, and PKIX_FALSE otherwise.
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the OcspResponse whose DER data is to be decoded. Must
+ *      be non-NULL.
+ *  "pPassed"
+ *      Address at which the Boolean result is stored. Must be non-NULL.
+ *  "pReturnCode"
+ *      Address at which the SECErrorCodes result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+
+PKIX_Error *
+pkix_pl_OcspResponse_Decode(
+        PKIX_PL_OcspResponse *response,
+        PKIX_Boolean *pPassed,
+        SECErrorCodes *pReturnCode,
+        void *plContext)
+{
+
+        PKIX_ENTER(OCSPRESPONSE, "PKIX_PL_OcspResponse_Decode");
+        PKIX_NULLCHECK_TWO(response, response->encodedResponse);
+
+        response->nssOCSPResponse =
+            CERT_DecodeOCSPResponse(response->encodedResponse);
+
+	if (response->nssOCSPResponse != NULL) {
+                *pPassed = PKIX_TRUE;
+                *pReturnCode = 0;
+        } else {
+                *pPassed = PKIX_FALSE;
+                *pReturnCode = PORT_GetError();
+        }
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_GetStatus
+ * DESCRIPTION:
+ *
+ *  This function checks the response status of the OcspResponse pointed to
+ *  by "response", storing PKIX_TRUE at "pPassed" if the responder understood
+ *  the request and considered it valid, and PKIX_FALSE otherwise.
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the OcspResponse whose status is to be retrieved. Must
+ *      be non-NULL.
+ *  "pPassed"
+ *      Address at which the Boolean result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+
+PKIX_Error *
+pkix_pl_OcspResponse_GetStatus(
+        PKIX_PL_OcspResponse *response,
+        PKIX_Boolean *pPassed,
+        SECErrorCodes *pReturnCode,
+        void *plContext)
+{
+        SECStatus rv = SECFailure;
+
+        PKIX_ENTER(OCSPRESPONSE, "PKIX_PL_OcspResponse_GetStatus");
+        PKIX_NULLCHECK_FOUR(response, response->nssOCSPResponse, pPassed, pReturnCode);
+
+        rv = CERT_GetOCSPResponseStatus(response->nssOCSPResponse);
+
+	if (rv == SECSuccess) {
+                *pPassed = PKIX_TRUE;
+                *pReturnCode = 0;
+        } else {
+                *pPassed = PKIX_FALSE;
+                *pReturnCode = PORT_GetError();
+        }
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+
+static PKIX_Error*
+pkix_pl_OcspResponse_VerifyResponse(
+        PKIX_PL_OcspResponse *response,
+        PKIX_ProcessingParams *procParams,
+        SECCertUsage certUsage,
+        void **state,
+        PKIX_BuildResult **buildResult,
+        void **pNBIOContext,
+        void *plContext)
+{
+    SECStatus rv = SECFailure;
+
+    PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_VerifyResponse");
+
+    if (response->verifyFcn != NULL) {
+        void *lplContext = NULL;
+        
+        PKIX_CHECK(
+            PKIX_PL_NssContext_Create(((SECCertificateUsage)1) << certUsage,
+                                      PKIX_FALSE, NULL, &lplContext),
+            PKIX_NSSCONTEXTCREATEFAILED);
+
+        PKIX_CHECK(
+            (response->verifyFcn)((PKIX_PL_Object*)response->pkixSignerCert,
+                                  NULL, response->producedAtDate,
+                                  procParams, pNBIOContext,
+                                  state, buildResult,
+                                  NULL, lplContext),
+            PKIX_CERTVERIFYKEYUSAGEFAILED);
+        rv = SECSuccess;
+    } else {
+        rv = CERT_VerifyCert(response->handle, response->signerCert, PKIX_TRUE,
+                             certUsage, response->producedAt, NULL, NULL);
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_CERTVERIFYKEYUSAGEFAILED);
+        }
+    }
+
+cleanup:
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
+    }
+
+    PKIX_RETURN(OCSPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_VerifySignature
+ * DESCRIPTION:
+ *
+ *  This function verifies the ocspResponse signature field in the OcspResponse
+ *  pointed to by "response", storing PKIX_TRUE at "pPassed" if verification
+ *  is successful and PKIX_FALSE otherwise. If verification is unsuccessful an
+ *  error code (an enumeration of type SECErrorCodes) is stored at *pReturnCode.
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the OcspResponse whose signature field is to be
+ *      retrieved. Must be non-NULL.
+ *  "cert"
+ *      The address of the Cert for which the OCSP query was made. Must be
+ *      non-NULL.
+ *  "procParams"
+ *      Address of ProcessingParams used to initialize the ExpirationChecker
+ *      and TargetCertChecker. Must be non-NULL.
+ *  "pPassed"
+ *      Address at which the Boolean result is stored. Must be non-NULL.
+ *  "pNBIOContext"
+ *      Address at which the NBIOContext is stored indicating whether the
+ *      checking is complete. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_OcspResponse_VerifySignature(
+        PKIX_PL_OcspResponse *response,
+        PKIX_PL_Cert *cert,
+        PKIX_ProcessingParams *procParams,
+        PKIX_Boolean *pPassed,
+        void **pNBIOContext,
+        void *plContext)
+{
+        SECStatus rv = SECFailure;
+        CERTOCSPResponse *nssOCSPResponse = NULL;
+        CERTCertificate *issuerCert = NULL;
+        PKIX_BuildResult *buildResult = NULL;
+        void *nbio = NULL;
+        void *state = NULL;
+
+        ocspSignature *signature = NULL;
+        ocspResponseData *tbsData = NULL;
+        SECItem *tbsResponseDataDER = NULL;
+
+
+        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_VerifySignature");
+        PKIX_NULLCHECK_FOUR(response, cert, pPassed,  pNBIOContext);
+
+        nbio = *pNBIOContext;
+        *pNBIOContext = NULL;
+
+        nssOCSPResponse = response->nssOCSPResponse;
+        if (nssOCSPResponse == NULL) {
+            PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+            goto cleanup;
+        }
+
+        tbsData =
+            ocsp_GetResponseData(nssOCSPResponse, &tbsResponseDataDER);
+        
+        signature = ocsp_GetResponseSignature(nssOCSPResponse);
+
+
+        /* Are we resuming after a WOULDBLOCK response? */
+        if (nbio == NULL) {
+            /* No, this is a new query */
+
+            issuerCert = CERT_FindCertIssuer(cert->nssCert, PR_Now(),
+                                             certUsageAnyCA);
+            
+            /*
+             * If this signature has already gone through verification,
+             * just return the cached result.
+             */
+            if (signature->wasChecked) {
+                if (signature->status == SECSuccess) {
+                    response->signerCert =
+                        CERT_DupCertificate(signature->cert);
+                } else {
+                    PORT_SetError(signature->failureReason);
+                    goto cleanup;
+                }
+            }
+            
+            response->signerCert = 
+                ocsp_GetSignerCertificate(response->handle, tbsData,
+                                          signature, issuerCert);
+            
+            if (response->signerCert == NULL) {
+                if (PORT_GetError() == SEC_ERROR_UNKNOWN_CERT) {
+                    /* Make the error a little more specific. */
+                    PORT_SetError(SEC_ERROR_OCSP_INVALID_SIGNING_CERT);
+                }
+                goto cleanup;
+            }            
+            PKIX_CHECK( 
+                PKIX_PL_Cert_CreateFromCERTCertificate(response->signerCert,
+                                                       &(response->pkixSignerCert),
+                                                       plContext),
+                PKIX_CERTCREATEWITHNSSCERTFAILED);
+            
+            /*
+             * We could mark this true at the top of this function, or
+             * always below at "finish", but if the problem was just that
+             * we could not find the signer's cert, leave that as if the
+             * signature hasn't been checked. Maybe a subsequent call will
+             * have better luck.
+             */
+            signature->wasChecked = PR_TRUE;
+            
+            /*
+             * We are about to verify the signer certificate; we need to
+             * specify *when* that certificate must be valid -- for our
+             * purposes we expect it to be valid when the response was
+             * signed. The value of "producedAt" is the signing time.
+             */
+            rv = DER_GeneralizedTimeToTime(&response->producedAt,
+                                           &tbsData->producedAt);
+            if (rv != SECSuccess) {
+                PORT_SetError(SEC_ERROR_OCSP_MALFORMED_RESPONSE);
+                goto cleanup;
+            }
+            
+            /*
+             * We need producedAtDate and pkixSignerCert if we are calling a
+             * user-supplied verification function. Let's put their
+             * creation before the code that gets repeated when
+             * non-blocking I/O is used.
+             */
+            
+            PKIX_CHECK(
+                pkix_pl_Date_CreateFromPRTime((PRTime)response->producedAt,
+                                              &(response->producedAtDate),
+                                              plContext),
+                PKIX_DATECREATEFROMPRTIMEFAILED);
+            
+	}
+        
+        /*
+         * Just because we have a cert does not mean it is any good; check
+         * it for validity, trust and usage. Use the caller-supplied
+         * verification function, if one was supplied.
+         */
+        if (ocsp_CertIsOCSPDefaultResponder(response->handle,
+                                            response->signerCert)) {
+            rv = SECSuccess;
+        } else {
+            SECCertUsage certUsage;
+            if (CERT_IsCACert(response->signerCert, NULL)) {
+                certUsage = certUsageAnyCA;
+            } else {
+                certUsage = certUsageStatusResponder;
+            }
+            PKIX_CHECK_ONLY_FATAL(
+                pkix_pl_OcspResponse_VerifyResponse(response, procParams,
+                                                    certUsage, &state,
+                                                    &buildResult, &nbio,
+                                                    plContext),
+                PKIX_CERTVERIFYKEYUSAGEFAILED);
+            if (pkixTempErrorReceived) {
+                rv = SECFailure;
+                goto cleanup;
+            }
+            if (nbio != NULL) {
+                *pNBIOContext = nbio;
+                goto cleanup;
+            }            
+        }
+
+        rv = ocsp_VerifyResponseSignature(response->signerCert, signature,
+                                          tbsResponseDataDER, NULL);
+        
+cleanup:
+        if (rv == SECSuccess) {
+            *pPassed = PKIX_TRUE;
+        } else {
+            *pPassed = PKIX_FALSE;
+        }
+        
+        if (signature) {
+            if (signature->wasChecked) {
+                signature->status = rv;
+            }
+            
+            if (rv != SECSuccess) {
+                signature->failureReason = PORT_GetError();
+                if (response->signerCert != NULL) {
+                    CERT_DestroyCertificate(response->signerCert);
+                    response->signerCert = NULL;
+                }
+            } else {
+                /* Save signer's certificate in signature. */
+                signature->cert = CERT_DupCertificate(response->signerCert);
+            }
+        }
+
+	if (issuerCert)
+	    CERT_DestroyCertificate(issuerCert);
+        
+        PKIX_RETURN(OCSPRESPONSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_OcspResponse_GetStatusForCert
+ * DESCRIPTION:
+ *
+ *  This function checks the revocation status of the Cert for which the
+ *  OcspResponse was obtained, storing PKIX_TRUE at "pPassed" if the Cert has
+ *  not been revoked and PKIX_FALSE otherwise.
+ *
+ * PARAMETERS
+ *  "response"
+ *      The address of the OcspResponse whose certificate status is to be
+ *      retrieved. Must be non-NULL.
+ *  "pPassed"
+ *      Address at which the Boolean result is stored. Must be non-NULL.
+ *  "pReturnCode"
+ *      Address at which the SECErrorCodes result is stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OcspResponse Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_OcspResponse_GetStatusForCert(
+        PKIX_PL_OcspCertID *cid,
+        PKIX_PL_OcspResponse *response,
+        PKIX_Boolean allowCachingOfFailures,
+        PKIX_PL_Date *validity,
+        PKIX_Boolean *pPassed,
+        SECErrorCodes *pReturnCode,
+        void *plContext)
+{
+        PRTime time = 0;
+        SECStatus rv = SECFailure;
+        CERTOCSPSingleResponse *single = NULL;
+
+        PKIX_ENTER(OCSPRESPONSE, "pkix_pl_OcspResponse_GetStatusForCert");
+        PKIX_NULLCHECK_THREE(response, pPassed, pReturnCode);
+
+        /*
+         * It is an error to call this function except following a successful
+         * return from pkix_pl_OcspResponse_VerifySignature, which would have
+         * set response->signerCert.
+         */
+        PKIX_NULLCHECK_TWO(response->signerCert, response->request);
+        PKIX_NULLCHECK_TWO(cid, cid->certID);
+
+        if (validity != NULL) {
+            PKIX_Error *er = pkix_pl_Date_GetPRTime(validity, &time, plContext);
+            PKIX_DECREF(er);
+        }
+        if (!time) {
+            time = PR_Now();
+        }
+
+        rv = ocsp_GetVerifiedSingleResponseForCertID(response->handle,
+                                                     response->nssOCSPResponse,
+                                                     cid->certID, 
+                                                     response->signerCert,
+                                                     time, &single);
+        if (rv == SECSuccess) {
+                /*
+                 * Check whether the status says revoked, and if so 
+                 * how that compares to the time value passed into this routine.
+                 */
+                rv = ocsp_CertHasGoodStatus(single->certStatus, time);
+        }
+
+        if (rv == SECSuccess || allowCachingOfFailures) {
+                /* allowed to update the cache */
+                PRBool certIDWasConsumed = PR_FALSE;
+
+                if (single) {
+                        ocsp_CacheSingleResponse(cid->certID,single,
+                                                 &certIDWasConsumed);
+                } else {
+                        cert_RememberOCSPProcessingFailure(cid->certID,
+                                                           &certIDWasConsumed);
+                }
+
+                if (certIDWasConsumed) {
+                        cid->certID = NULL;
+                }
+        }
+
+	if (rv == SECSuccess) {
+                *pPassed = PKIX_TRUE;
+                *pReturnCode = 0;
+        } else {
+                *pPassed = PKIX_FALSE;
+                *pReturnCode = PORT_GetError();
+        }
+
+        PKIX_RETURN(OCSPRESPONSE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
new file mode 100644
index 0000000..dcf88c9
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.h
@@ -0,0 +1,106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_ocspresponse.h
+ *
+ * OcspResponse Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_OCSPRESPONSE_H
+#define _PKIX_PL_OCSPRESPONSE_H
+
+#include "pkix_pl_common.h"
+#include "pkix_pl_ocspcertid.h"
+#include "hasht.h"
+#include "cryptohi.h"
+#include "ocspti.h"
+#include "ocspi.h"
+#include "plbase64.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define MAX_OCSP_RESPONSE_LEN (64*1024)
+
+struct PKIX_PL_OcspResponseStruct{
+        PLArenaPool *arena;
+        const PKIX_PL_OcspRequest *request;
+        const SEC_HttpClientFcn *httpClient;
+        SEC_HTTP_SERVER_SESSION serverSession;
+        SEC_HTTP_REQUEST_SESSION sessionRequest;
+        PKIX_PL_VerifyCallback verifyFcn;
+        SECItem *encodedResponse;
+        CERTCertDBHandle *handle;
+        PRTime producedAt;
+        PKIX_PL_Date *producedAtDate;
+        PKIX_PL_Cert *pkixSignerCert;
+        CERTOCSPResponse *nssOCSPResponse;
+        CERTCertificate *signerCert;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_OcspResponse_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_OcspResponse_Create(
+        PKIX_PL_OcspRequest *request,
+        const char *httpMechanism,
+        void *responder,
+        PKIX_PL_VerifyCallback verifyFcn,
+        void **pNBIOContext,
+        PKIX_PL_OcspResponse **pResponse,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_OcspResponse_Decode(
+        PKIX_PL_OcspResponse *response,
+        PKIX_Boolean *passed,
+        SECErrorCodes *pReturnCode,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_OcspResponse_GetStatus(
+        PKIX_PL_OcspResponse *response,
+        PKIX_Boolean *passed,
+        SECErrorCodes *pReturnCode,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_OcspResponse_VerifySignature(
+        PKIX_PL_OcspResponse *response,
+        PKIX_PL_Cert *cert,
+        PKIX_ProcessingParams *procParams,
+        PKIX_Boolean *pPassed,
+        void **pNBIOContext,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_OcspResponse_GetStatusForCert(
+        PKIX_PL_OcspCertID *cid,
+        PKIX_PL_OcspResponse *response,
+        PKIX_Boolean allowCachingOfFailures,
+        PKIX_PL_Date *validity,
+        PKIX_Boolean *pPassed,
+        SECErrorCodes *pReturnCode,
+        void *plContext);
+
+PKIX_Error *
+PKIX_PL_OcspResponse_UseBuildChain(
+        PKIX_PL_Cert *signerCert,
+	PKIX_PL_Date *producedAt,
+        PKIX_ProcessingParams *procParams,
+        void **pNBIOContext,
+        void **pState,
+        PKIX_BuildResult **pBuildResult,
+        PKIX_VerifyNode **pVerifyTree,
+	void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_OCSPRESPONSE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c
new file mode 100644
index 0000000..2dfe9a9
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.c
@@ -0,0 +1,489 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_publickey.c
+ *
+ * Certificate Object Functions
+ *
+ */
+
+#include "pkix_pl_publickey.h"
+
+/* --Private-Cert-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_PublicKey_ToString_Helper
+ * DESCRIPTION:
+ *
+ *  Helper function that creates a string representation of the PublicKey
+ *  pointed to by "pkixPubKey" and stores it at "pString".
+ *
+ * PARAMETERS
+ *  "pkixPubKey"
+ *      Address of PublicKey whose string representation is desired.
+ *      Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a PublicKey Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_PublicKey_ToString_Helper(
+        PKIX_PL_PublicKey *pkixPubKey,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        SECAlgorithmID algorithm;
+        SECOidTag pubKeyTag;
+        char *asciiOID = NULL;
+        PKIX_Boolean freeAsciiOID = PKIX_FALSE;
+        SECItem oidBytes;
+
+        PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_ToString_Helper");
+        PKIX_NULLCHECK_THREE(pkixPubKey, pkixPubKey->nssSPKI, pString);
+
+        /*
+         * XXX for now, we print out public key algorithm's
+         * description - add params and bytes later
+         */
+
+        /*
+         * If the algorithm OID is known to NSS,
+         * we print out the ASCII description that is
+         * registered with NSS. Otherwise, if unknown,
+         * we print out the OID numbers (eg. "1.2.840.3")
+         */
+
+        algorithm = pkixPubKey->nssSPKI->algorithm;
+
+        PKIX_PUBLICKEY_DEBUG("\t\tCalling SECOID_GetAlgorithmTag).\n");
+        pubKeyTag = SECOID_GetAlgorithmTag(&algorithm);
+        if (pubKeyTag != SEC_OID_UNKNOWN){
+                PKIX_PUBLICKEY_DEBUG
+                        ("\t\tCalling SECOID_FindOIDTagDescription).\n");
+                asciiOID = (char *)SECOID_FindOIDTagDescription(pubKeyTag);
+                if (!asciiOID){
+                        PKIX_ERROR(PKIX_SECOIDFINDOIDTAGDESCRIPTIONFAILED);
+                }
+        } else { /* pubKeyTag == SEC_OID_UNKNOWN */
+                oidBytes = algorithm.algorithm;
+                PKIX_CHECK(pkix_pl_oidBytes2Ascii
+                            (&oidBytes, &asciiOID, plContext),
+                            PKIX_OIDBYTES2ASCIIFAILED);
+                freeAsciiOID = PKIX_TRUE;
+        }
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, (void *)asciiOID, 0, pString, plContext),
+                PKIX_UNABLETOCREATEPSTRING);
+
+cleanup:
+
+        /*
+         * we only free asciiOID if it was malloc'ed by pkix_pl_oidBytes2Ascii
+         */
+        if (freeAsciiOID){
+                PKIX_FREE(asciiOID);
+        }
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+/*
+ * FUNCTION: pkix_pl_DestroySPKI
+ * DESCRIPTION:
+ *  Frees all memory associated with the CERTSubjectPublicKeyInfo pointed to
+ *  by "nssSPKI".
+ * PARAMETERS
+ *  "nssSPKI"
+ *      Address of CERTSubjectPublicKeyInfo. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_DestroySPKI(
+        CERTSubjectPublicKeyInfo *nssSPKI,
+        void *plContext)
+{
+        PKIX_ENTER(PUBLICKEY, "pkix_pl_DestroySPKI");
+
+        PKIX_NULLCHECK_ONE(nssSPKI);
+
+        PKIX_PUBLICKEY_DEBUG("\t\tCalling SECOID_DestroyAlgorithmID).\n");
+        SECOID_DestroyAlgorithmID(&nssSPKI->algorithm, PKIX_FALSE);
+
+        PKIX_PUBLICKEY_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
+        SECITEM_FreeItem(&nssSPKI->subjectPublicKey, PKIX_FALSE);
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+/*
+ * FUNCTION: pkix_pl_PublicKey_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_PublicKey_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_PublicKey *pubKey = NULL;
+
+        PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Destroy");
+
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
+                    PKIX_OBJECTNOTPUBLICKEY);
+
+        pubKey = (PKIX_PL_PublicKey *)object;
+
+        if (pubKey->nssSPKI) {
+
+            PKIX_CHECK(pkix_pl_DestroySPKI(pubKey->nssSPKI, plContext),
+                       PKIX_DESTROYSPKIFAILED);
+            
+            PKIX_FREE(pubKey->nssSPKI);
+        }
+
+cleanup:
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+/*
+ * FUNCTION: pkix_pl_PublicKey_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_PublicKey_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_PublicKey *pkixPubKey = NULL;
+        PKIX_PL_String *pubKeyString = NULL;
+
+        PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_toString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
+                    PKIX_OBJECTNOTPUBLICKEY);
+
+        pkixPubKey = (PKIX_PL_PublicKey *)object;
+
+        PKIX_CHECK(pkix_pl_PublicKey_ToString_Helper
+                    (pkixPubKey, &pubKeyString, plContext),
+                    PKIX_PUBLICKEYTOSTRINGHELPERFAILED);
+
+        *pString = pubKeyString;
+
+cleanup:
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+/*
+ * FUNCTION: pkix_pl_PublicKey_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_PublicKey_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_PublicKey *pkixPubKey = NULL;
+        SECItem algOID;
+        SECItem algParams;
+        SECItem nssPubKey;
+        PKIX_UInt32 algOIDHash;
+        PKIX_UInt32 algParamsHash;
+        PKIX_UInt32 pubKeyHash;
+
+        PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
+                    PKIX_OBJECTNOTPUBLICKEY);
+
+        pkixPubKey = (PKIX_PL_PublicKey *)object;
+
+        PKIX_NULLCHECK_ONE(pkixPubKey->nssSPKI);
+
+        algOID = pkixPubKey->nssSPKI->algorithm.algorithm;
+        algParams = pkixPubKey->nssSPKI->algorithm.parameters;
+        nssPubKey = pkixPubKey->nssSPKI->subjectPublicKey;
+
+        PKIX_CHECK(pkix_hash
+                    (algOID.data, algOID.len, &algOIDHash, plContext),
+                    PKIX_HASHFAILED);
+
+        PKIX_CHECK(pkix_hash
+                    (algParams.data, algParams.len, &algParamsHash, plContext),
+                    PKIX_HASHFAILED);
+
+        PKIX_CHECK(pkix_hash
+                    (nssPubKey.data, nssPubKey.len, &pubKeyHash, plContext),
+                    PKIX_HASHFAILED);
+
+        *pHashcode = pubKeyHash;
+
+cleanup:
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_PublicKey_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_PublicKey_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_PublicKey *firstPKIXPubKey = NULL;
+        PKIX_PL_PublicKey *secondPKIXPubKey = NULL;
+        CERTSubjectPublicKeyInfo *firstSPKI = NULL;
+        CERTSubjectPublicKeyInfo *secondSPKI = NULL;
+        SECComparison cmpResult;
+        PKIX_UInt32 secondType;
+
+        PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is a PublicKey */
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_PUBLICKEY_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTPUBLICKEY);
+
+        /*
+         * Since we know firstObject is a PublicKey, if both references are
+         * identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't a PublicKey, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_PUBLICKEY_TYPE) goto cleanup;
+
+        firstPKIXPubKey = ((PKIX_PL_PublicKey *)firstObject);
+        secondPKIXPubKey = (PKIX_PL_PublicKey *)secondObject;
+
+        firstSPKI = firstPKIXPubKey->nssSPKI;
+        secondSPKI = secondPKIXPubKey->nssSPKI;
+
+        PKIX_NULLCHECK_TWO(firstSPKI, secondSPKI);
+
+        PKIX_PL_NSSCALLRV(PUBLICKEY, cmpResult, SECOID_CompareAlgorithmID,
+                        (&firstSPKI->algorithm, &secondSPKI->algorithm));
+
+        if (cmpResult == SECEqual){
+                PKIX_PUBLICKEY_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
+                cmpResult = SECITEM_CompareItem
+                                (&firstSPKI->subjectPublicKey,
+                                &secondSPKI->subjectPublicKey);
+        }
+
+        *pResult = (cmpResult == SECEqual)?PKIX_TRUE:PKIX_FALSE;
+
+cleanup:
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+/*
+ * FUNCTION: pkix_pl_PublicKey_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_PUBLICKEY_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_PublicKey_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_RegisterSelf");
+
+        entry.description = "PublicKey";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_PublicKey);
+        entry.destructor = pkix_pl_PublicKey_Destroy;
+        entry.equalsFunction = pkix_pl_PublicKey_Equals;
+        entry.hashcodeFunction = pkix_pl_PublicKey_Hashcode;
+        entry.toStringFunction = pkix_pl_PublicKey_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+        systemClasses[PKIX_PUBLICKEY_TYPE] = entry;
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
+ *              (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_PublicKey_NeedsDSAParameters(
+        PKIX_PL_PublicKey *pubKey,
+        PKIX_Boolean *pNeedsParams,
+        void *plContext)
+{
+        CERTSubjectPublicKeyInfo *nssSPKI = NULL;
+        KeyType pubKeyType;
+        PKIX_Boolean needsParams = PKIX_FALSE;
+
+        PKIX_ENTER(PUBLICKEY, "PKIX_PL_PublicKey_NeedsDSAParameters");
+        PKIX_NULLCHECK_TWO(pubKey, pNeedsParams);
+
+        nssSPKI = pubKey->nssSPKI;
+
+        PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
+        pubKeyType = CERT_GetCertKeyType(nssSPKI);
+        if (!pubKeyType){
+                PKIX_ERROR(PKIX_PUBKEYTYPENULLKEY);
+        }
+
+        if ((pubKeyType == dsaKey) &&
+            (nssSPKI->algorithm.parameters.len == 0)){
+                needsParams = PKIX_TRUE;
+        }
+
+        *pNeedsParams = needsParams;
+
+cleanup:
+
+        PKIX_RETURN(PUBLICKEY);
+}
+
+/*
+ * FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
+ *              (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
+        PKIX_PL_PublicKey *firstKey,
+        PKIX_PL_PublicKey *secondKey,
+        PKIX_PL_PublicKey **pResultKey,
+        void *plContext)
+{
+        CERTSubjectPublicKeyInfo *firstSPKI = NULL;
+        CERTSubjectPublicKeyInfo *secondSPKI = NULL;
+        CERTSubjectPublicKeyInfo *thirdSPKI = NULL;
+        PKIX_PL_PublicKey *resultKey = NULL;
+        KeyType firstPubKeyType;
+        KeyType secondPubKeyType;
+        SECStatus rv;
+
+        PKIX_ENTER(PUBLICKEY, "PKIX_PL_PublicKey_MakeInheritedDSAPublicKey");
+        PKIX_NULLCHECK_THREE(firstKey, secondKey, pResultKey);
+        PKIX_NULLCHECK_TWO(firstKey->nssSPKI, secondKey->nssSPKI);
+
+        firstSPKI = firstKey->nssSPKI;
+        secondSPKI = secondKey->nssSPKI;
+
+        PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
+        firstPubKeyType = CERT_GetCertKeyType(firstSPKI);
+        if (!firstPubKeyType){
+                PKIX_ERROR(PKIX_FIRSTPUBKEYTYPENULLKEY);
+        }
+
+        PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
+        secondPubKeyType = CERT_GetCertKeyType(secondSPKI);
+        if (!secondPubKeyType){
+                PKIX_ERROR(PKIX_SECONDPUBKEYTYPENULLKEY);
+        }
+
+        if ((firstPubKeyType == dsaKey) &&
+            (firstSPKI->algorithm.parameters.len == 0)){
+                if (secondPubKeyType != dsaKey) {
+                        PKIX_ERROR(PKIX_SECONDKEYNOTDSAPUBLICKEY);
+                } else if (secondSPKI->algorithm.parameters.len == 0) {
+                        PKIX_ERROR
+                                (PKIX_SECONDKEYDSAPUBLICKEY);
+                } else {
+                        PKIX_CHECK(PKIX_PL_Calloc
+                                    (1,
+                                    sizeof (CERTSubjectPublicKeyInfo),
+                                    (void **)&thirdSPKI,
+                                    plContext),
+                                    PKIX_CALLOCFAILED);
+
+                        PKIX_PUBLICKEY_DEBUG
+                                ("\t\tCalling"
+                                "SECKEY_CopySubjectPublicKeyInfo).\n");
+                        rv = SECKEY_CopySubjectPublicKeyInfo
+                                (NULL, thirdSPKI, firstSPKI);
+                        if (rv != SECSuccess) {
+                            PKIX_ERROR
+                                    (PKIX_SECKEYCOPYSUBJECTPUBLICKEYINFOFAILED);
+                        }
+
+                        PKIX_PUBLICKEY_DEBUG
+                                ("\t\tCalling SECITEM_CopyItem).\n");
+                        rv = SECITEM_CopyItem(NULL,
+                                            &thirdSPKI->algorithm.parameters,
+                                            &secondSPKI->algorithm.parameters);
+
+                        if (rv != SECSuccess) {
+                                PKIX_ERROR(PKIX_OUTOFMEMORY);
+                        }
+
+                        /* create a PKIX_PL_PublicKey object */
+                        PKIX_CHECK(PKIX_PL_Object_Alloc
+                                    (PKIX_PUBLICKEY_TYPE,
+                                    sizeof (PKIX_PL_PublicKey),
+                                    (PKIX_PL_Object **)&resultKey,
+                                    plContext),
+                                    PKIX_COULDNOTCREATEOBJECT);
+
+                        /* populate the SPKI field */
+                        resultKey->nssSPKI = thirdSPKI;
+                        *pResultKey = resultKey;
+                }
+        } else {
+                *pResultKey = NULL;
+        }
+
+cleanup:
+
+        if (thirdSPKI && PKIX_ERROR_RECEIVED){
+                PKIX_CHECK(pkix_pl_DestroySPKI(thirdSPKI, plContext),
+                            PKIX_DESTROYSPKIFAILED);
+                PKIX_FREE(thirdSPKI);
+        }
+
+        PKIX_RETURN(PUBLICKEY);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h
new file mode 100644
index 0000000..8918859
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_publickey.h
@@ -0,0 +1,38 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_publickey.h
+ *
+ * Public Key Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_PUBLICKEY_H
+#define _PKIX_PL_PUBLICKEY_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_PublicKeyStruct {
+        CERTSubjectPublicKeyInfo *nssSPKI;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_PublicKey_RegisterSelf(void *plContext);
+
+PKIX_Error *
+PKIX_PL_PublicKey_NeedsDSAParameters(
+        PKIX_PL_PublicKey *pubKey,
+        PKIX_Boolean *pNeedsParams,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_PUBLICKEY_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c
new file mode 100644
index 0000000..e37439c
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.c
@@ -0,0 +1,667 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_x500name.c
+ *
+ * X500Name Object Functions
+ *
+ */
+
+#include "pkix_pl_x500name.h"
+
+/* --Private-X500Name-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_X500Name_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_X500Name_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_X500Name *name = NULL;
+
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_X500NAME_TYPE, plContext),
+                    PKIX_OBJECTNOTANX500NAME);
+
+        name = (PKIX_PL_X500Name *)object;
+
+        /* PORT_FreeArena will destroy arena, and, allocated on it, CERTName
+         * and SECItem */
+        if (name->arena) {
+            PORT_FreeArena(name->arena, PR_FALSE);
+            name->arena = NULL;
+        }
+
+cleanup:
+
+        PKIX_RETURN(X500NAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_X500Name_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_X500Name_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_X500Name *name = NULL;
+        char *string = NULL;
+        PKIX_UInt32 strLength = 0;
+
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_toString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_X500NAME_TYPE, plContext),
+                    PKIX_OBJECTNOTANX500NAME);
+
+        name = (PKIX_PL_X500Name *)object;
+        string = CERT_NameToAscii(&name->nssDN);
+        if (!string){
+                PKIX_ERROR(PKIX_CERTNAMETOASCIIFAILED);
+        }
+        strLength = PL_strlen(string);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII, string, strLength, pString, plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(X500NAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_X500Name_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_X500Name_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_X500Name *name = NULL;
+        SECItem *derBytes = NULL;
+        PKIX_UInt32 nameHash;
+
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_X500NAME_TYPE, plContext),
+                    PKIX_OBJECTNOTANX500NAME);
+
+        name = (PKIX_PL_X500Name *)object;
+
+        /* we hash over the bytes in the DER encoding */
+
+        derBytes = &name->derName;
+
+        PKIX_CHECK(pkix_hash
+                    (derBytes->data, derBytes->len, &nameHash, plContext),
+                    PKIX_HASHFAILED);
+
+        *pHashcode = nameHash;
+
+cleanup:
+
+        PKIX_RETURN(X500NAME);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_X500Name_Equals
+ * (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_X500Name_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* test that firstObject is an X500Name */
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_X500NAME_TYPE, plContext),
+                    PKIX_FIRSTOBJECTARGUMENTNOTANX500NAME);
+
+        /*
+         * Since we know firstObject is an X500Name, if both references are
+         * identical, they must be equal
+         */
+        if (firstObject == secondObject){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        /*
+         * If secondObject isn't an X500Name, we don't throw an error.
+         * We simply return a Boolean result of FALSE
+         */
+        *pResult = PKIX_FALSE;
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                    (secondObject, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+        if (secondType != PKIX_X500NAME_TYPE) goto cleanup;
+
+        PKIX_CHECK(
+            PKIX_PL_X500Name_Match((PKIX_PL_X500Name *)firstObject,
+                                   (PKIX_PL_X500Name *)secondObject,
+                                   pResult, plContext),
+            PKIX_X500NAMEMATCHFAILED);
+
+cleanup:
+
+        PKIX_RETURN(X500NAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_X500Name_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_X500NAME_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_X500Name_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_RegisterSelf");
+
+        entry.description = "X500Name";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_X500Name);
+        entry.destructor = pkix_pl_X500Name_Destroy;
+        entry.equalsFunction = pkix_pl_X500Name_Equals;
+        entry.hashcodeFunction = pkix_pl_X500Name_Hashcode;
+        entry.toStringFunction = pkix_pl_X500Name_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_X500NAME_TYPE] = entry;
+
+        PKIX_RETURN(X500NAME);
+}
+
+#ifdef BUILD_LIBPKIX_TESTS
+/*
+ * FUNCTION: pkix_pl_X500Name_CreateFromUtf8
+ *
+ * DESCRIPTION:
+ *  Creates an X500Name object from the RFC1485 string representation pointed
+ *  to by "stringRep", and stores the result at "pName". If the string cannot
+ *  be successfully converted, a non-fatal error is returned.
+ *
+ * NOTE: ifdefed BUILD_LIBPKIX_TESTS function: this function is allowed to be
+ * called only by pkix tests programs.
+ * 
+ * PARAMETERS:
+ *  "stringRep"
+ *      Address of the RFC1485 string to be converted. Must be non-NULL.
+ *  "pName"
+ *      Address where the X500Name result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an X500NAME Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_X500Name_CreateFromUtf8(
+        char *stringRep,
+        PKIX_PL_X500Name **pName,
+        void *plContext)
+{
+        PKIX_PL_X500Name *x500Name = NULL;
+        PLArenaPool *arena = NULL;
+        CERTName *nssDN = NULL;
+        SECItem *resultSecItem = NULL;
+        
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_CreateFromUtf8");
+        PKIX_NULLCHECK_TWO(pName, stringRep);
+
+        nssDN = CERT_AsciiToName(stringRep);
+        if (nssDN == NULL) {
+            PKIX_ERROR(PKIX_COULDNOTCREATENSSDN);
+        }
+
+        arena = nssDN->arena;
+
+        /* create a PKIX_PL_X500Name object */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_X500NAME_TYPE,
+                    sizeof (PKIX_PL_X500Name),
+                    (PKIX_PL_Object **)&x500Name,
+                    plContext),
+                    PKIX_COULDNOTCREATEX500NAMEOBJECT);
+
+        /* populate the nssDN field */
+        x500Name->arena = arena;
+        x500Name->nssDN.arena = arena;
+        x500Name->nssDN.rdns = nssDN->rdns;
+        
+        resultSecItem =
+            SEC_ASN1EncodeItem(arena, &x500Name->derName, nssDN,
+                               CERT_NameTemplate);
+        
+        if (resultSecItem == NULL){
+            PKIX_ERROR(PKIX_SECASN1ENCODEITEMFAILED);
+        }
+
+        *pName = x500Name;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+            if (x500Name) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object*)x500Name,
+                                      plContext);
+            } else if (nssDN) {
+                CERT_DestroyName(nssDN);
+            }
+        }
+
+        PKIX_RETURN(X500NAME);
+}
+#endif /* BUILD_LIBPKIX_TESTS */
+
+/*
+ * FUNCTION: pkix_pl_X500Name_GetCERTName
+ *
+ * DESCRIPTION:
+ * 
+ * Returns the pointer to CERTName member of X500Name structure.
+ *
+ * Returned pointed should not be freed.2
+ *
+ * PARAMETERS:
+ *  "xname"
+ *      Address of X500Name whose OrganizationName is to be extracted. Must be
+ *      non-NULL.
+ *  "pCERTName"
+ *      Address where result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_X500Name_GetCERTName(
+        PKIX_PL_X500Name *xname,
+        CERTName **pCERTName,
+        void *plContext)
+{
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetCERTName");
+        PKIX_NULLCHECK_TWO(xname, pCERTName);
+
+        *pCERTName = &xname->nssDN;
+
+        PKIX_RETURN(X500NAME);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_X500Name_CreateFromCERTName (see comments in pkix_pl_pki.h)
+ */
+
+PKIX_Error *
+PKIX_PL_X500Name_CreateFromCERTName(
+        SECItem *derName,
+        CERTName *name, 
+        PKIX_PL_X500Name **pName,
+        void *plContext)
+{
+        PLArenaPool *arena = NULL;
+        SECStatus rv = SECFailure;
+        PKIX_PL_X500Name *x500Name = NULL;
+
+        PKIX_ENTER(X500NAME, "PKIX_PL_X500Name_CreateFromCERTName");
+        PKIX_NULLCHECK_ONE(pName);
+        if (derName == NULL && name == NULL) {
+            PKIX_ERROR(PKIX_NULLARGUMENT);
+        }
+
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena == NULL) {
+            PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+        
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_X500NAME_TYPE,
+                    sizeof (PKIX_PL_X500Name),
+                    (PKIX_PL_Object **)&x500Name,
+                    plContext),
+                    PKIX_COULDNOTCREATEX500NAMEOBJECT);
+
+        x500Name->arena = arena;
+        x500Name->nssDN.arena = NULL;
+
+        if (derName != NULL) {
+            rv = SECITEM_CopyItem(arena, &x500Name->derName, derName);
+            if (rv == SECFailure) {
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+            }
+        }            
+
+        if (name != NULL) {
+            rv = CERT_CopyName(arena, &x500Name->nssDN, name);
+            if (rv == SECFailure) {
+                PKIX_ERROR(PKIX_CERTCOPYNAMEFAILED);
+            }
+        } else {
+            rv = SEC_QuickDERDecodeItem(arena, &x500Name->nssDN,
+                                        CERT_NameTemplate,
+                                        &x500Name->derName);
+            if (rv == SECFailure) {
+                PKIX_ERROR(PKIX_SECQUICKDERDECODERFAILED);
+            }
+        }
+
+        *pName = x500Name;
+
+cleanup:
+        if (PKIX_ERROR_RECEIVED) {
+            if (x500Name) {
+                PKIX_PL_Object_DecRef((PKIX_PL_Object*)x500Name,
+                                      plContext);
+            } else if (arena) {                
+                PORT_FreeArena(arena, PR_FALSE);
+            }
+        }
+
+        PKIX_RETURN(X500NAME);
+}
+
+#ifdef BUILD_LIBPKIX_TESTS
+/*
+ * FUNCTION: PKIX_PL_X500Name_Create (see comments in pkix_pl_pki.h)
+ *
+ * NOTE: ifdefed BUILD_LIBPKIX_TESTS function: this function is allowed
+ * to be called only by pkix tests programs.
+ */
+PKIX_Error *
+PKIX_PL_X500Name_Create(
+        PKIX_PL_String *stringRep,
+        PKIX_PL_X500Name **pName,
+        void *plContext)
+{
+        char *utf8String = NULL;
+        PKIX_UInt32 utf8Length = 0;
+
+        PKIX_ENTER(X500NAME, "PKIX_PL_X500Name_Create");
+        PKIX_NULLCHECK_TWO(pName, stringRep);
+
+        /*
+         * convert the input PKIX_PL_String to PKIX_UTF8_NULL_TERM.
+         * we need to use this format specifier because
+         * CERT_AsciiToName expects a NULL-terminated UTF8 string.
+         * Since UTF8 allow NUL characters in the middle of the
+         * string, this is buggy. However, as a workaround, using
+         * PKIX_UTF8_NULL_TERM gives us a NULL-terminated UTF8 string.
+         */
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    (stringRep,
+                    PKIX_UTF8_NULL_TERM,
+                    (void **)&utf8String,
+                    &utf8Length,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+        PKIX_CHECK(
+            pkix_pl_X500Name_CreateFromUtf8(utf8String,
+                                            pName, plContext),
+            PKIX_X500NAMECREATEFROMUTF8FAILED);
+
+cleanup:
+        PKIX_FREE(utf8String);
+
+        PKIX_RETURN(X500NAME);
+}
+#endif /* BUILD_LIBPKIX_TESTS */
+
+/*
+ * FUNCTION: PKIX_PL_X500Name_Match (see comments in pkix_pl_pki.h)
+ */
+PKIX_Error *
+PKIX_PL_X500Name_Match(
+        PKIX_PL_X500Name *firstX500Name,
+        PKIX_PL_X500Name *secondX500Name,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        SECItem *firstDerName = NULL;
+        SECItem *secondDerName = NULL;
+        SECComparison cmpResult;
+
+        PKIX_ENTER(X500NAME, "PKIX_PL_X500Name_Match");
+        PKIX_NULLCHECK_THREE(firstX500Name, secondX500Name, pResult);
+
+        if (firstX500Name == secondX500Name){
+                *pResult = PKIX_TRUE;
+                goto cleanup;
+        }
+
+        firstDerName = &firstX500Name->derName;
+        secondDerName = &secondX500Name->derName;
+
+        PKIX_NULLCHECK_TWO(firstDerName->data, secondDerName->data);
+
+        cmpResult = SECITEM_CompareItem(firstDerName, secondDerName);
+        if (cmpResult != SECEqual) {
+            cmpResult = CERT_CompareName(&firstX500Name->nssDN,
+                                         &secondX500Name->nssDN);
+        }
+
+        *pResult = (cmpResult == SECEqual);
+                   
+cleanup:
+
+        PKIX_RETURN(X500NAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_X500Name_GetSECName
+ *
+ * DESCRIPTION:
+ *  Returns a copy of CERTName DER representation allocated on passed in arena.
+ *  If allocation on arena can not be done, NULL is stored at "pSECName".
+ *
+ * PARAMETERS:
+ *  "xname"
+ *      Address of X500Name whose CERTName flag is to be encoded. Must be
+ *      non-NULL.
+ *  "arena"
+ *      Address of the PLArenaPool to be used in the encoding, and in which
+ *      "pSECName" will be allocated. Must be non-NULL.
+ *  "pSECName"
+ *      Address where result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_X500Name_GetDERName(
+        PKIX_PL_X500Name *xname,
+        PLArenaPool *arena,
+        SECItem **pDERName,
+        void *plContext)
+{
+        SECItem *derName = NULL;
+
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetDERName");
+
+        PKIX_NULLCHECK_THREE(xname, arena, pDERName);
+
+        /* Return NULL is X500Name was not created from DER  */
+        if (xname->derName.data == NULL) {
+            *pDERName = NULL;
+            goto cleanup;
+        }
+
+        derName = SECITEM_ArenaDupItem(arena, &xname->derName);
+        if (derName == NULL) {
+            PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        *pDERName = derName;
+cleanup:
+
+        PKIX_RETURN(X500NAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_X500Name_GetCommonName
+ *
+ * DESCRIPTION:
+ *  Extracts the CommonName component of the X500Name object pointed to by
+ *  "xname", and stores the result at "pCommonName". If the CommonName cannot
+ *  be successfully extracted, NULL is stored at "pCommonName".
+ *
+ *  The returned string must be freed with PORT_Free.
+ *
+ * PARAMETERS:
+ *  "xname"
+ *      Address of X500Name whose CommonName is to be extracted. Must be
+ *      non-NULL.
+ *  "pCommonName"
+ *      Address where result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_X500Name_GetCommonName(
+        PKIX_PL_X500Name *xname,
+        unsigned char **pCommonName,
+        void *plContext)
+{
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetCommonName");
+        PKIX_NULLCHECK_TWO(xname, pCommonName);
+
+        *pCommonName = (unsigned char *)CERT_GetCommonName(&xname->nssDN);
+
+        PKIX_RETURN(X500NAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_X500Name_GetCountryName
+ *
+ * DESCRIPTION:
+ *  Extracts the CountryName component of the X500Name object pointed to by
+ *  "xname", and stores the result at "pCountryName". If the CountryName cannot
+ *  be successfully extracted, NULL is stored at "pCountryName".
+ *
+ *  The returned string must be freed with PORT_Free.
+ *
+ * PARAMETERS:
+ *  "xname"
+ *      Address of X500Name whose CountryName is to be extracted. Must be
+ *      non-NULL.
+ *  "pCountryName"
+ *      Address where result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_X500Name_GetCountryName(
+        PKIX_PL_X500Name *xname,
+        unsigned char **pCountryName,
+        void *plContext)
+{
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetCountryName");
+        PKIX_NULLCHECK_TWO(xname, pCountryName);
+
+        *pCountryName = (unsigned char*)CERT_GetCountryName(&xname->nssDN);
+
+        PKIX_RETURN(X500NAME);
+}
+
+/*
+ * FUNCTION: pkix_pl_X500Name_GetOrgName
+ *
+ * DESCRIPTION:
+ *  Extracts the OrganizationName component of the X500Name object pointed to by
+ *  "xname", and stores the result at "pOrgName". If the OrganizationName cannot
+ *  be successfully extracted, NULL is stored at "pOrgName".
+ *
+ *  The returned string must be freed with PORT_Free.
+ *
+ * PARAMETERS:
+ *  "xname"
+ *      Address of X500Name whose OrganizationName is to be extracted. Must be
+ *      non-NULL.
+ *  "pOrgName"
+ *      Address where result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ *
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ *
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_X500Name_GetOrgName(
+        PKIX_PL_X500Name *xname,
+        unsigned char **pOrgName,
+        void *plContext)
+{
+        PKIX_ENTER(X500NAME, "pkix_pl_X500Name_GetOrgName");
+        PKIX_NULLCHECK_TWO(xname, pOrgName);
+
+        *pOrgName = (unsigned char*)CERT_GetOrgName(&xname->nssDN);
+
+        PKIX_RETURN(X500NAME);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h
new file mode 100644
index 0000000..a62bdb8
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_x500name.h
@@ -0,0 +1,74 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_x500name.h
+ *
+ * X500Name Object Type Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_X500NAME_H
+#define _PKIX_PL_X500NAME_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+struct PKIX_PL_X500NameStruct{
+        PLArenaPool *arena; /* X500Name arena. Shared arena with nssDN
+                             * and derName */
+        CERTName nssDN;
+        SECItem derName;    /* adding DER encoded CERTName to the structure
+                             * to avoid unnecessary name encoding when pass
+                             * der name to cert finder */
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *pkix_pl_X500Name_RegisterSelf(void *plContext);
+
+PKIX_Error *pkix_pl_X500Name_GetDERName(
+        PKIX_PL_X500Name *xname,
+        PLArenaPool *arena,
+        SECItem **pSECName,
+        void *plContext);
+
+#ifdef BUILD_LIBPKIX_TESTS
+PKIX_Error * pkix_pl_X500Name_CreateFromUtf8(
+        char *stringRep,
+        PKIX_PL_X500Name **pName,
+        void *plContext);
+#endif /* BUILD_LIBPKIX_TESTS */
+
+PKIX_Error *pkix_pl_X500Name_GetCommonName(
+        PKIX_PL_X500Name *xname,
+        unsigned char **pCommonName,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_X500Name_GetCountryName(
+        PKIX_PL_X500Name *xname,
+        unsigned char **pCountryName,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_X500Name_GetOrgName(
+        PKIX_PL_X500Name *xname,
+        unsigned char **pOrgName,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_X500Name_GetCERTName(
+        PKIX_PL_X500Name *xname,
+        CERTName **pCERTName,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_X500NAME_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/Makefile b/nss/lib/libpkix/pkix_pl_nss/system/Makefile
new file mode 100755
index 0000000..0fb6c90
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/config.mk b/nss/lib/libpkix/pkix_pl_nss/system/config.mk
new file mode 100755
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/exports.gyp b/nss/lib/libpkix/pkix_pl_nss/system/exports.gyp
new file mode 100644
index 0000000..a2f7594
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/exports.gyp
@@ -0,0 +1,37 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_libpkix_pkix_pl_nss_system_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkix_pl_bigint.h',
+            'pkix_pl_bytearray.h',
+            'pkix_pl_common.h',
+            'pkix_pl_hashtable.h',
+            'pkix_pl_lifecycle.h',
+            'pkix_pl_mem.h',
+            'pkix_pl_monitorlock.h',
+            'pkix_pl_mutex.h',
+            'pkix_pl_object.h',
+            'pkix_pl_oid.h',
+            'pkix_pl_primhash.h',
+            'pkix_pl_rwlock.h',
+            'pkix_pl_string.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/manifest.mn b/nss/lib/libpkix/pkix_pl_nss/system/manifest.mn
new file mode 100755
index 0000000..82d2979
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/manifest.mn
@@ -0,0 +1,46 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../../..
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	pkix_pl_common.h \
+	pkix_pl_mem.h \
+	pkix_pl_object.h \
+	pkix_pl_string.h \
+	pkix_pl_primhash.h \
+	pkix_pl_bigint.h \
+	pkix_pl_mutex.h \
+	pkix_pl_bytearray.h \
+	pkix_pl_lifecycle.h \
+	pkix_pl_oid.h \
+	pkix_pl_hashtable.h \
+	pkix_pl_rwlock.h \
+	pkix_pl_monitorlock.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	pkix_pl_bigint.c \
+	pkix_pl_bytearray.c \
+	pkix_pl_common.c \
+	pkix_pl_error.c \
+	pkix_pl_hashtable.c \
+	pkix_pl_lifecycle.c \
+	pkix_pl_mem.c \
+	pkix_pl_monitorlock.c \
+	pkix_pl_mutex.c \
+	pkix_pl_object.c \
+	pkix_pl_oid.c \
+	pkix_pl_primhash.c \
+	pkix_pl_rwlock.c \
+	pkix_pl_string.c \
+	$(NULL)
+
+LIBRARY_NAME = pkixsystem
+
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c
new file mode 100755
index 0000000..cd8e15e
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.c
@@ -0,0 +1,398 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_bigint.c
+ *
+ * BigInt Object Functions
+ *
+ */
+
+#include "pkix_pl_bigint.h"
+
+/* --Private-Big-Int-Functions------------------------------------ */
+
+/*
+ * FUNCTION: pkix_pl_BigInt_Comparator
+ * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_BigInt_Comparator(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_PL_BigInt *firstBigInt = NULL;
+        PKIX_PL_BigInt *secondBigInt = NULL;
+        char *firstPtr = NULL;
+        char *secondPtr = NULL;
+        PKIX_UInt32 firstLen, secondLen;
+
+        PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Comparator");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        PKIX_CHECK(pkix_CheckTypes
+                    (firstObject, secondObject, PKIX_BIGINT_TYPE, plContext),
+                    PKIX_ARGUMENTSNOTBIGINTS);
+
+        /* It's safe to cast */
+        firstBigInt = (PKIX_PL_BigInt*)firstObject;
+        secondBigInt = (PKIX_PL_BigInt*)secondObject;
+
+        *pResult = 0;
+        firstPtr = firstBigInt->dataRep;
+        secondPtr = secondBigInt->dataRep;
+        firstLen = firstBigInt->length;
+        secondLen = secondBigInt->length;
+
+        if (firstLen < secondLen) {
+                *pResult = -1;
+        } else if (firstLen > secondLen) {
+                *pResult = 1;
+        } else if (firstLen == secondLen) {
+                PKIX_BIGINT_DEBUG("\t\tCalling PORT_Memcmp).\n");
+                *pResult = PORT_Memcmp(firstPtr, secondPtr, firstLen);
+        }
+
+cleanup:
+
+        PKIX_RETURN(BIGINT);
+}
+
+/*
+ * FUNCTION: pkix_pl_BigInt_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_BigInt_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_BigInt *bigInt = NULL;
+
+        PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BIGINT_TYPE, plContext),
+                    PKIX_OBJECTNOTBIGINT);
+
+        bigInt = (PKIX_PL_BigInt*)object;
+
+        PKIX_FREE(bigInt->dataRep);
+        bigInt->dataRep = NULL;
+        bigInt->length = 0;
+
+cleanup:
+
+        PKIX_RETURN(BIGINT);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_BigInt_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_BigInt_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_BigInt *bigInt = NULL;
+        char *outputText = NULL;
+        PKIX_UInt32 i, j, lengthChars;
+
+        PKIX_ENTER(BIGINT, "pkix_pl_BigInt_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BIGINT_TYPE, plContext),
+                    PKIX_OBJECTNOTBIGINT);
+
+        bigInt = (PKIX_PL_BigInt*)object;
+
+        /* number of chars = 2 * (number of bytes) + null terminator */
+        lengthChars = (bigInt->length * 2) + 1;
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (lengthChars, (void **)&outputText, plContext),
+                    PKIX_MALLOCFAILED);
+
+        for (i = 0, j = 0; i < bigInt->length; i += 1, j += 2){
+                outputText[j] = pkix_i2hex
+                        ((char) ((*(bigInt->dataRep+i) & 0xf0) >> 4));
+                outputText[j+1] = pkix_i2hex
+                        ((char) (*(bigInt->dataRep+i) & 0x0f));
+        }
+
+        outputText[lengthChars-1] = '\0';
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    outputText,
+                    0,
+                    pString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+cleanup:
+
+        PKIX_FREE(outputText);
+
+        PKIX_RETURN(BIGINT);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_BigInt_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_BigInt_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_BigInt *bigInt = NULL;
+
+        PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BIGINT_TYPE, plContext),
+                    PKIX_OBJECTNOTBIGINT);
+
+        bigInt = (PKIX_PL_BigInt*)object;
+
+        PKIX_CHECK(pkix_hash
+                    ((void *)bigInt->dataRep,
+                    bigInt->length,
+                    pHashcode,
+                    plContext),
+                    PKIX_HASHFAILED);
+
+cleanup:
+
+        PKIX_RETURN(BIGINT);
+}
+
+/*
+ * FUNCTION: pkix_pl_BigInt_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_BigInt_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Int32 cmpResult = 0;
+
+        PKIX_ENTER(BIGINT, "pkix_pl_BigInt_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_CheckType(first, PKIX_BIGINT_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTBIGINT);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_BIGINT_TYPE) goto cleanup;
+
+        PKIX_CHECK(pkix_pl_BigInt_Comparator
+                (first, second, &cmpResult, plContext),
+                PKIX_BIGINTCOMPARATORFAILED);
+
+        *pResult = (cmpResult == 0);
+
+cleanup:
+
+        PKIX_RETURN(BIGINT);
+}
+
+/*
+ * FUNCTION: pkix_pl_BigInt_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_BIGINT_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_BigInt_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(BIGINT, "pkix_pl_BigInt_RegisterSelf");
+
+        entry.description = "BigInt";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_BigInt);
+        entry.destructor = pkix_pl_BigInt_Destroy;
+        entry.equalsFunction = pkix_pl_BigInt_Equals;
+        entry.hashcodeFunction = pkix_pl_BigInt_Hashcode;
+        entry.toStringFunction = pkix_pl_BigInt_ToString;
+        entry.comparator = pkix_pl_BigInt_Comparator;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_BIGINT_TYPE] = entry;
+
+        PKIX_RETURN(BIGINT);
+}
+
+/*
+ * FUNCTION: pkix_pl_BigInt_CreateWithBytes
+ * DESCRIPTION:
+ *
+ *  Creates a new BigInt of size "length" representing the array of bytes
+ *  pointed to by "bytes" and stores it at "pBigInt". The caller should make
+ *  sure that the first byte is not 0x00 (unless it is the the only byte).
+ *  This function does not do that checking.
+ *
+ *  Once created, a PKIX_PL_BigInt object is immutable.
+ *
+ * PARAMETERS:
+ *  "bytes"
+ *      Address of array of bytes. Must be non-NULL.
+ *  "length"
+ *      Length of the array. Must be non-zero.
+ *  "pBigInt"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext" - Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_BigInt_CreateWithBytes(
+        char *bytes,
+        PKIX_UInt32 length,
+        PKIX_PL_BigInt **pBigInt,
+        void *plContext)
+{
+        PKIX_PL_BigInt *bigInt = NULL;
+
+        PKIX_ENTER(BIGINT, "pkix_pl_BigInt_CreateWithBytes");
+        PKIX_NULLCHECK_TWO(pBigInt, bytes);
+
+        if (length == 0) {
+                PKIX_ERROR(PKIX_BIGINTLENGTH0INVALID)
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_BIGINT_TYPE,
+                sizeof (PKIX_PL_BigInt),
+                (PKIX_PL_Object **)&bigInt,
+                plContext),
+                PKIX_COULDNOTCREATEOBJECT);
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (length, (void **)&(bigInt->dataRep), plContext),
+                    PKIX_MALLOCFAILED);
+
+        PKIX_BIGINT_DEBUG("\t\tCalling PORT_Memcpy).\n");
+        (void) PORT_Memcpy(bigInt->dataRep, bytes, length);
+
+        bigInt->length = length;
+
+        *pBigInt = bigInt;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(bigInt);
+        }
+
+        PKIX_RETURN(BIGINT);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_BigInt_Create (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_BigInt_Create(
+        PKIX_PL_String *stringRep,
+        PKIX_PL_BigInt **pBigInt,
+        void *plContext)
+{
+        PKIX_PL_BigInt *bigInt = NULL;
+        char *asciiString = NULL;
+        PKIX_UInt32 lengthBytes;
+        PKIX_UInt32 lengthString;
+        PKIX_UInt32 i;
+        char currChar;
+
+        PKIX_ENTER(BIGINT, "PKIX_PL_BigInt_Create");
+        PKIX_NULLCHECK_TWO(pBigInt, stringRep);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                (stringRep,
+                PKIX_ESCASCII,
+                (void **)&asciiString,
+                &lengthString,
+                plContext),
+                PKIX_STRINGGETENCODEDFAILED);
+
+        if ((lengthString == 0) || ((lengthString % 2) != 0)){
+                PKIX_ERROR(PKIX_SOURCESTRINGHASINVALIDLENGTH);
+        }
+
+        if (lengthString != 2){
+                if ((asciiString[0] == '0') && (asciiString[1] == '0')){
+                        PKIX_ERROR(PKIX_FIRSTDOUBLEHEXMUSTNOTBE00);
+                }
+        }
+
+        for (i = 0; i < lengthString; i++) {
+                currChar = asciiString[i];
+                if (!PKIX_ISXDIGIT(currChar)){
+                        PKIX_ERROR(PKIX_INVALIDCHARACTERINBIGINT);
+                }
+        }
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_BIGINT_TYPE,
+                sizeof (PKIX_PL_BigInt),
+                (PKIX_PL_Object **)&bigInt,
+                plContext),
+                PKIX_COULDNOTCREATEOBJECT);
+
+        /* number of bytes = 0.5 * (number of chars) */
+        lengthBytes = lengthString/2;
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (lengthBytes, (void **)&(bigInt->dataRep), plContext),
+                    PKIX_MALLOCFAILED);
+
+        for (i = 0; i < lengthString; i += 2){
+                (bigInt->dataRep)[i/2] =
+                        (pkix_hex2i(asciiString[i])<<4) |
+                        pkix_hex2i(asciiString[i+1]);
+        }
+
+        bigInt->length = lengthBytes;
+
+        *pBigInt = bigInt;
+
+cleanup:
+
+        PKIX_FREE(asciiString);
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(bigInt);
+        }
+
+        PKIX_RETURN(BIGINT);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h
new file mode 100755
index 0000000..b3df808
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bigint.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_bigint.h
+ *
+ * Bigint Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_BIGINT_H
+#define _PKIX_PL_BIGINT_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_BigIntStruct {
+        char *dataRep;
+        PKIX_UInt32 length;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_BigInt_CreateWithBytes(
+        char *bytes,
+        PKIX_UInt32 length,
+        PKIX_PL_BigInt **pBigInt,
+        void *plContext);
+
+PKIX_Error *pkix_pl_BigInt_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_BIGINT_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c
new file mode 100755
index 0000000..0a2e9c0
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.c
@@ -0,0 +1,504 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_bytearray.c
+ *
+ * ByteArray Object Functions
+ *
+ */
+
+#include "pkix_pl_bytearray.h"
+
+/* --Private-ByteArray-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_ByteArray_ToHexString
+ * DESCRIPTION:
+ *
+ *  Creates a hex-String representation of the ByteArray pointed to by "array"
+ *  and stores the result at "pString". The hex-String consists of hex-digit
+ *  pairs separated by spaces, and the entire string enclosed within square
+ *  brackets, e.g. [43 61 6E 20 79 6F 75 20 72 65 61 64 20 74 68 69 73 3F].
+ *  A zero-length ByteArray is represented as [].
+ * PARAMETERS
+ *  "array"
+ *      ByteArray to be represented by the hex-String; must be non-NULL
+ *  "pString"
+ *      Address where String will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Cert Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_ByteArray_ToHexString(
+        PKIX_PL_ByteArray *array,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        char *tempText = NULL;
+        char *stringText = NULL; /* "[XX XX XX ...]" */
+        PKIX_UInt32 i, outputLen, bufferSize;
+
+        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_ToHexString");
+        PKIX_NULLCHECK_TWO(array, pString);
+
+        if ((array->length) == 0) {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII, "[]", 0, pString, plContext),
+                        PKIX_COULDNOTCREATESTRING);
+        } else {
+                /*
+                 * Allocate space for format string
+                 * '[' + "XX" + (n-1)*" XX" + ']' + '\0'
+                 */
+                bufferSize = 2 + (3*(array->length));
+
+                PKIX_CHECK(PKIX_PL_Malloc
+                        (bufferSize, (void **)&stringText, plContext),
+                        PKIX_COULDNOTALLOCATEMEMORY);
+
+                stringText[0] = 0;
+                outputLen = 0;
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
+                tempText = PR_smprintf
+                        ("[%02X", (0x0FF&((char *)(array->array))[0]));
+                PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
+                outputLen += PL_strlen(tempText);
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
+                stringText = PL_strcat(stringText, tempText);
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
+                PR_smprintf_free(tempText);
+
+                for (i = 1; i < array->length; i++) {
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
+                        tempText = PR_smprintf
+                                (" %02X", (0x0FF&((char *)(array->array))[i]));
+
+                        if (tempText == NULL){
+                                PKIX_ERROR(PKIX_PRSMPRINTFFAILED);
+                        }
+
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
+                        outputLen += PL_strlen(tempText);
+
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
+                        stringText = PL_strcat(stringText, tempText);
+
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
+                        PR_smprintf_free(tempText);
+                        tempText = NULL;
+                }
+
+                stringText[outputLen++] = ']';
+                stringText[outputLen] = 0;
+
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII,
+                        stringText,
+                        0,
+                        pString,
+                        plContext),
+                        PKIX_COULDNOTCREATESTRING);
+        }
+
+cleanup:
+
+        PKIX_FREE(stringText);
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: pkix_pl_ByteArray_Comparator
+ * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
+ *
+ *  NOTE:
+ *  It is not clear that this definition of comparing byte arrays makes
+ *  sense. It does allow you to tell whether two blocks of memory are
+ *  identical, so we only use it for the Equals function (i.e. we don't
+ *  register it as a Compare function for ByteArray).
+ */
+static PKIX_Error *
+pkix_pl_ByteArray_Comparator(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *firstByteArray = NULL;
+        PKIX_PL_ByteArray *secondByteArray = NULL;
+        unsigned char *firstData = NULL;
+        unsigned char *secondData = NULL;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Comparator");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        PKIX_CHECK(pkix_CheckTypes
+                (firstObject, secondObject, PKIX_BYTEARRAY_TYPE, plContext),
+                PKIX_ARGUMENTSNOTBYTEARRAYS);
+
+        /* It's safe to cast */
+        firstByteArray = (PKIX_PL_ByteArray *)firstObject;
+        secondByteArray = (PKIX_PL_ByteArray *)secondObject;
+
+        *pResult = 0;
+        firstData = (unsigned char *)firstByteArray->array;
+        secondData = (unsigned char *)secondByteArray->array;
+
+        if (firstByteArray->length < secondByteArray->length) {
+                *pResult = -1;
+        } else if (firstByteArray->length > secondByteArray->length) {
+                *pResult = 1;
+        } else if (firstByteArray->length == secondByteArray->length) {
+                /* Check if both array contents are identical */
+                for (i = 0;
+                    (i < firstByteArray->length) && (*pResult == 0);
+                    i++) {
+                        if (firstData[i] < secondData[i]) {
+                                *pResult = -1;
+                        } else if (firstData[i] > secondData[i]) {
+                                *pResult = 1;
+                        }
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: pkix_pl_ByteArray_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_ByteArray_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *array = NULL;
+        char *tempText = NULL;
+        char *stringText = NULL; /* "[OOO, OOO, ... OOO]" */
+        PKIX_UInt32 i, outputLen, bufferSize;
+
+        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BYTEARRAY_TYPE, plContext),
+                    PKIX_OBJECTNOTBYTEARRAY);
+
+        array = (PKIX_PL_ByteArray *)object;
+
+        if ((array->length) == 0) {
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII, "[]", 0, pString, plContext),
+                        PKIX_COULDNOTCREATESTRING);
+        } else {
+                /* Allocate space for "XXX, ". */
+                bufferSize = 2+5*array->length;
+
+                /* Allocate space for format string */
+                PKIX_CHECK(PKIX_PL_Malloc
+                        (bufferSize, (void **)&stringText, plContext),
+                        PKIX_MALLOCFAILED);
+
+                stringText[0] = 0;
+                outputLen = 0;
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
+                tempText =
+                        PR_smprintf
+                            ("[%03u", (0x0FF&((char *)(array->array))[0]));
+                PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
+                outputLen += PL_strlen(tempText);
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
+                stringText = PL_strcat(stringText, tempText);
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
+                PR_smprintf_free(tempText);
+
+                for (i = 1; i < array->length; i++) {
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf).\n");
+                        tempText = PR_smprintf
+                                (", %03u",
+                                (0x0FF&((char *)(array->array))[i]));
+
+                        if (tempText == NULL){
+                                PKIX_ERROR(PKIX_PRSMPRINTFFAILED);
+                        }
+
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PL_strlen).\n");
+                        outputLen += PL_strlen(tempText);
+
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PL_strcat).\n");
+                        stringText = PL_strcat(stringText, tempText);
+
+                        PKIX_BYTEARRAY_DEBUG("\tCalling PR_smprintf_free).\n");
+                        PR_smprintf_free(tempText);
+                        tempText = NULL;
+                }
+
+                stringText[outputLen++] = ']';
+                stringText[outputLen] = 0;
+
+                PKIX_CHECK(PKIX_PL_String_Create
+                        (PKIX_ESCASCII, stringText, 0, pString, plContext),
+                        PKIX_STRINGCREATEFAILED);
+
+        }
+
+cleanup:
+
+        PKIX_FREE(stringText);
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: pkix_pl_ByteArray_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_ByteArray_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Int32 cmpResult = 0;
+
+        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        /* Sanity check: Test that "first" is a ByteArray */
+        PKIX_CHECK(pkix_CheckType(first, PKIX_BYTEARRAY_TYPE, plContext),
+                    PKIX_FIRSTARGUMENTNOTBYTEARRAY);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(second, &secondType, plContext),
+                    PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        /* If types differ, then we will return false */
+        *pResult = PKIX_FALSE;
+
+        /* Second type may not be a BA */
+        if (secondType != PKIX_BYTEARRAY_TYPE) goto cleanup;
+
+        /* It's safe to cast here */
+        PKIX_CHECK(pkix_pl_ByteArray_Comparator
+                (first, second, &cmpResult, plContext),
+                PKIX_BYTEARRAYCOMPARATORFAILED);
+
+        /* ByteArrays are equal iff Comparator Result is 0 */
+        *pResult = (cmpResult == 0);
+
+cleanup:
+
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: pkix_pl_ByteArray_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_ByteArray_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *array = NULL;
+
+        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BYTEARRAY_TYPE, plContext),
+                    PKIX_OBJECTNOTBYTEARRAY);
+
+        array = (PKIX_PL_ByteArray*)object;
+
+        PKIX_FREE(array->array);
+        array->array = NULL;
+        array->length = 0;
+
+cleanup:
+
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: pkix_pl_ByteArray_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_ByteArray_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *array = NULL;
+
+        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_BYTEARRAY_TYPE, plContext),
+                    PKIX_OBJECTNOTBYTEARRAY);
+
+        array = (PKIX_PL_ByteArray*)object;
+
+        PKIX_CHECK(pkix_hash
+                ((const unsigned char *)array->array,
+                array->length,
+                pHashcode,
+                plContext),
+                PKIX_HASHFAILED);
+
+cleanup:
+
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: pkix_pl_ByteArray_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_BYTEARRAY_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_ByteArray_RegisterSelf(void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(BYTEARRAY, "pkix_pl_ByteArray_RegisterSelf");
+
+        entry.description = "ByteArray";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_ByteArray);
+        entry.destructor = pkix_pl_ByteArray_Destroy;
+        entry.equalsFunction = pkix_pl_ByteArray_Equals;
+        entry.hashcodeFunction = pkix_pl_ByteArray_Hashcode;
+        entry.toStringFunction = pkix_pl_ByteArray_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_BYTEARRAY_TYPE] = entry;
+
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_ByteArray_Create (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_ByteArray_Create(
+        void *array,
+        PKIX_UInt32 length,
+        PKIX_PL_ByteArray **pByteArray,
+        void *plContext)
+{
+        PKIX_PL_ByteArray *byteArray = NULL;
+
+        PKIX_ENTER(BYTEARRAY, "PKIX_PL_ByteArray_Create");
+        PKIX_NULLCHECK_ONE(pByteArray);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_BYTEARRAY_TYPE,
+                sizeof (PKIX_PL_ByteArray),
+                (PKIX_PL_Object **)&byteArray,
+                plContext),
+                PKIX_COULDNOTCREATEOBJECTSTORAGE);
+
+        byteArray->length = length;
+        byteArray->array = NULL;
+
+        if (length != 0){
+                /* Alloc space for array */
+                PKIX_NULLCHECK_ONE(array);
+
+                PKIX_CHECK(PKIX_PL_Malloc
+                            (length, (void**)&(byteArray->array), plContext),
+                            PKIX_MALLOCFAILED);
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PORT_Memcpy).\n");
+                (void) PORT_Memcpy(byteArray->array, array, length);
+        }
+
+        *pByteArray = byteArray;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(byteArray);
+        }
+
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: PKIX_PL_ByteArray_GetPointer (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_ByteArray_GetPointer(
+        PKIX_PL_ByteArray *byteArray,
+        void **pArray,
+        void *plContext)
+{
+        void *bytes = NULL;
+        PKIX_ENTER(BYTEARRAY, "PKIX_PL_ByteArray_GetPointer");
+        PKIX_NULLCHECK_TWO(byteArray, pArray);
+
+        if (byteArray->length != 0){
+                PKIX_CHECK(PKIX_PL_Malloc
+                            (byteArray->length, &bytes, plContext),
+                            PKIX_MALLOCFAILED);
+
+                PKIX_BYTEARRAY_DEBUG("\tCalling PORT_Memcpy).\n");
+                (void) PORT_Memcpy
+                        (bytes, byteArray->array, byteArray->length);
+        }
+
+        *pArray = bytes;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_FREE(bytes);
+        }
+
+        PKIX_RETURN(BYTEARRAY);
+}
+
+/*
+ * FUNCTION: PKIX_PL_ByteArray_GetLength (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_ByteArray_GetLength(
+        PKIX_PL_ByteArray *byteArray,
+        PKIX_UInt32 *pLength,
+        void *plContext)
+{
+        PKIX_ENTER(BYTEARRAY, "PKIX_PL_ByteArray_GetLength");
+        PKIX_NULLCHECK_TWO(byteArray, pLength);
+
+        *pLength = byteArray->length;
+
+        PKIX_RETURN(BYTEARRAY);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h
new file mode 100755
index 0000000..4ba18ee
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_bytearray.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_bytearray.h
+ *
+ * ByteArray Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_BYTEARRAY_H
+#define _PKIX_PL_BYTEARRAY_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_ByteArrayStruct {
+        void *array;
+        PKIX_UInt32 length;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_ByteArray_ToHexString(
+        PKIX_PL_ByteArray *array,
+        PKIX_PL_String **pString,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_ByteArray_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_BYTEARRAY_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c
new file mode 100755
index 0000000..831ce53
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.c
@@ -0,0 +1,1073 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_common.c
+ *
+ * Common utility functions used by various PKIX_PL functions
+ *
+ */
+
+#include "pkix_pl_common.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_LockObject
+ * DESCRIPTION:
+ *
+ *  Locks the object pointed to by "object".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of object. Must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_LockObject(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader;
+
+        PKIX_ENTER(OBJECT, "pkix_LockObject");
+        PKIX_NULLCHECK_ONE(object);
+
+        if (object == (PKIX_PL_Object *)PKIX_ALLOC_ERROR()) {
+                goto cleanup;
+        }
+
+        PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
+        /* The header is sizeof(PKIX_PL_Object) before the object pointer */
+
+        objectHeader = object-1;
+
+        PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+        PR_Lock(objectHeader->lock);
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_UnlockObject
+ * DESCRIPTION:
+ *
+ *  Unlocks the object pointed to by "object".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object. Must be non-NULL
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_UnlockObject(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader;
+        PRStatus result;
+
+        PKIX_ENTER(OBJECT, "pkix_UnlockObject");
+        PKIX_NULLCHECK_ONE(object);
+
+        if (object == (PKIX_PL_Object *)PKIX_ALLOC_ERROR()) {
+                goto cleanup;
+        }
+
+        PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
+        /* The header is sizeof(PKIX_PL_Object) before the object pointer */
+
+        objectHeader = object-1;
+
+        PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+        result = PR_Unlock(objectHeader->lock);
+
+        if (result == PR_FAILURE) {
+                PKIX_OBJECT_DEBUG("\tPR_Unlock failed.).\n");
+                PKIX_ERROR_FATAL(PKIX_ERRORUNLOCKINGOBJECT);
+        }
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_pl_UInt32_Overflows
+ * DESCRIPTION:
+ *
+ *  Returns a PKIX_Boolean indicating whether the unsigned integer
+ *  represented by "string" is too large to fit in 32-bits (i.e.
+ *  whether it overflows). With the exception of the string "0",
+ *  all other strings are stripped of any leading zeros. It is assumed
+ *  that every character in "string" is from the set {'0' - '9'}.
+ *
+ * PARAMETERS
+ *  "string"
+ *      Address of array of bytes representing PKIX_UInt32 that's being tested
+ *      for 32-bit overflow
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  PKIX_TRUE if PKIX_UInt32 represented by "string" overflows;
+ *  PKIX_FALSE otherwise
+ */
+PKIX_Boolean
+pkix_pl_UInt32_Overflows(char *string){
+        char *firstNonZero = NULL;
+        PKIX_UInt32 length, i;
+        char *MAX_UINT32_STRING = "4294967295";
+
+        PKIX_DEBUG_ENTER(OID);
+
+        PKIX_OID_DEBUG("\tCalling PL_strlen).\n");
+        length = PL_strlen(string);
+
+        if (length < MAX_DIGITS_32){
+                return (PKIX_FALSE);
+        }
+
+        firstNonZero = string;
+        for (i = 0; i < length; i++){
+                if (*string == '0'){
+                        firstNonZero++;
+                }
+        }
+
+        PKIX_OID_DEBUG("\tCalling PL_strlen).\n");
+        length = PL_strlen(firstNonZero);
+
+        if (length > MAX_DIGITS_32){
+                return (PKIX_TRUE);
+        }
+
+        PKIX_OID_DEBUG("\tCalling PL_strlen).\n");
+        if (length == MAX_DIGITS_32){
+                PKIX_OID_DEBUG("\tCalling PORT_Strcmp).\n");
+                if (PORT_Strcmp(firstNonZero, MAX_UINT32_STRING) > 0){
+                        return (PKIX_TRUE);
+                }
+        }
+
+        return (PKIX_FALSE);
+}
+
+/*
+ * FUNCTION: pkix_pl_getOIDToken
+ * DESCRIPTION:
+ *
+ *  Takes the array of DER-encoded bytes pointed to by "derBytes"
+ *  (representing an OID) and the value of "index" representing the index into
+ *  the array, and decodes the bytes until an integer token is retrieved. If
+ *  successful, this function stores the integer component at "pToken" and
+ *  stores the index representing the next byte in the array at "pIndex"
+ *  (following the last byte that was used in the decoding). This new output
+ *  index can be used in subsequent calls as an input index, allowing each
+ *  token of the OID to be retrieved consecutively. Note that there is a
+ *  special case for the first byte, in that it encodes two separate integer
+ *  tokens. For example, the byte {2a} represents the integer tokens {1,2}.
+ *  This special case is not handled here and must be handled by the caller.
+ *
+ * PARAMETERS
+ *  "derBytes"
+ *      Address of array of bytes representing a DER-encoded OID.
+ *      Must be non-NULL.
+ *  "index"
+ *      Index into the array that this function will begin decoding at.
+ *  "pToken"
+ *      Destination for decoded OID token. Must be non-NULL.
+ *  "pIndex"
+ *      Destination for index of next byte following last byte used.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_getOIDToken(
+        char *derBytes,
+        PKIX_UInt32 index,
+        PKIX_UInt32 *pToken,
+        PKIX_UInt32 *pIndex,
+        void *plContext)
+{
+        PKIX_UInt32 retval, i, tmp;
+
+        PKIX_ENTER(OID, "pkix_pl_getOIDToken");
+        PKIX_NULLCHECK_THREE(derBytes, pToken, pIndex);
+
+        /*
+         * We should only need to parse a maximum of four bytes, because
+         * RFC 3280 "mandates support for OIDs which have arc elements
+         * with values that are less than 2^28, that is, they MUST be between
+         * 0 and 268,435,455, inclusive.  This allows each arc element to be
+         * represented within a single 32 bit word."
+         */
+
+        for (i = 0, retval = 0; i < 4; i++) {
+            retval <<= 7;
+            tmp = derBytes[index];
+            index++;
+            retval |= (tmp & 0x07f);
+            if ((tmp & 0x080) == 0){
+                    *pToken = retval;
+                    *pIndex = index;
+                    goto cleanup;
+            }
+        }
+
+        PKIX_ERROR(PKIX_INVALIDENCODINGOIDTOKENVALUETOOBIG);
+
+cleanup:
+
+        PKIX_RETURN(OID);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_helperBytes2Ascii
+ * DESCRIPTION:
+ *
+ *  Converts an array of integers pointed to by "tokens" with a length of
+ *  "numTokens", to an ASCII string consisting of those integers with dots in
+ *  between them and stores the result at "pAscii". The ASCII representation is
+ *  guaranteed to end with a NUL character. This is particularly useful for
+ *  OID's and IP Addresses.
+ *
+ *  The return value "pAscii" is not reference-counted and will need to
+ *  be freed with PKIX_PL_Free.
+ *
+ * PARAMETERS
+ *  "tokens"
+ *      Address of array of integers. Must be non-NULL.
+ *  "numTokens"
+ *      Length of array of integers. Must be non-zero.
+ *  "pAscii"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_helperBytes2Ascii(
+        PKIX_UInt32 *tokens,
+        PKIX_UInt32 numTokens,
+        char **pAscii,
+        void *plContext)
+{
+        char *tempString = NULL;
+        char *outputString = NULL;
+        char *format = "%d";
+        PKIX_UInt32 i = 0;
+        PKIX_UInt32 outputLen = 0;
+        PKIX_Int32 error;
+
+        PKIX_ENTER(OBJECT, "pkix_pl_helperBytes2Ascii");
+        PKIX_NULLCHECK_TWO(tokens, pAscii);
+
+        if (numTokens == 0) {
+                PKIX_ERROR_FATAL(PKIX_HELPERBYTES2ASCIINUMTOKENSZERO);
+        }
+
+        /*
+         * tempString will hold the string representation of a PKIX_UInt32 type
+         * The maximum value that can be held by an unsigned 32-bit integer
+         * is (2^32 - 1) = 4294967295 (which is ten digits long)
+         * Since tempString will hold the string representation of a
+         * PKIX_UInt32, we allocate 11 bytes for it (1 byte for '\0')
+         */
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (MAX_DIGITS_32 + 1, (void **)&tempString, plContext),
+                    PKIX_MALLOCFAILED);
+
+        for (i = 0; i < numTokens; i++){
+                PKIX_OBJECT_DEBUG("\tCalling PR_snprintf).\n");
+                error = PR_snprintf(tempString,
+                                    MAX_DIGITS_32 + 1,
+                                    format,
+                                    tokens[i]);
+                if (error == -1){
+                        PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
+                }
+
+                PKIX_OBJECT_DEBUG("\tCalling PL_strlen).\n");
+                outputLen += PL_strlen(tempString);
+
+                /* Include a dot to separate each number */
+                outputLen++;
+        }
+
+        /* Allocate space for the destination string */
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (outputLen, (void **)&outputString, plContext),
+                    PKIX_MALLOCFAILED);
+
+        *outputString = '\0';
+
+        /* Concatenate all strings together */
+        for (i = 0; i < numTokens; i++){
+
+                PKIX_OBJECT_DEBUG("\tCalling PR_snprintf).\n");
+                error = PR_snprintf(tempString,
+                                    MAX_DIGITS_32 + 1,
+                                    format,
+                                    tokens[i]);
+                if (error == -1){
+                        PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
+                }
+
+                PKIX_OBJECT_DEBUG("\tCalling PL_strcat).\n");
+                (void) PL_strcat(outputString, tempString);
+
+                /* we don't want to put a "." at the very end */
+                if (i < (numTokens - 1)){
+                        PKIX_OBJECT_DEBUG("\tCalling PL_strcat).\n");
+                        (void) PL_strcat(outputString, ".");
+                }
+        }
+
+        /* Ensure output string ends with terminating null */
+        outputString[outputLen-1] = '\0';
+
+        *pAscii = outputString;
+        outputString = NULL;
+
+cleanup:
+        
+        PKIX_FREE(outputString);
+        PKIX_FREE(tempString);
+
+        PKIX_RETURN(OBJECT);
+
+}
+
+/*
+ * FUNCTION: pkix_pl_ipAddrBytes2Ascii
+ * DESCRIPTION:
+ *
+ *  Converts the DER encoding of an IPAddress pointed to by "secItem" to an
+ *  ASCII representation and stores the result at "pAscii". The ASCII
+ *  representation is guaranteed to end with a NUL character. The input
+ *  SECItem must contain non-NULL data and must have a positive length.
+ *
+ *  The return value "pAscii" is not reference-counted and will need to
+ *  be freed with PKIX_PL_Free.
+ *  XXX this function assumes that IPv4 addresses are being used
+ *  XXX what about IPv6? can NSS tell the difference
+ *
+ * PARAMETERS
+ *  "secItem"
+ *      Address of SECItem which contains bytes and length of DER encoding.
+ *      Must be non-NULL.
+ *  "pAscii"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_ipAddrBytes2Ascii(
+        SECItem *secItem,
+        char **pAscii,
+        void *plContext)
+{
+        char *data = NULL;
+        PKIX_UInt32 *tokens = NULL;
+        PKIX_UInt32 numTokens = 0;
+        PKIX_UInt32 i = 0;
+        char *asciiString = NULL;
+
+        PKIX_ENTER(OBJECT, "pkix_pl_ipAddrBytes2Ascii");
+        PKIX_NULLCHECK_THREE(secItem, pAscii, secItem->data);
+
+        if (secItem->len == 0) {
+                PKIX_ERROR_FATAL(PKIX_IPADDRBYTES2ASCIIDATALENGTHZERO);
+        }
+
+        data = (char *)(secItem->data);
+        numTokens = secItem->len;
+
+        /* allocate space for array of integers */
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (numTokens * sizeof (PKIX_UInt32),
+                    (void **)&tokens,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+        /* populate array of integers */
+        for (i = 0; i < numTokens; i++){
+                tokens[i] = data[i];
+        }
+
+        /* convert array of integers to ASCII */
+        PKIX_CHECK(pkix_pl_helperBytes2Ascii
+                    (tokens, numTokens, &asciiString, plContext),
+                    PKIX_HELPERBYTES2ASCIIFAILED);
+
+        *pAscii = asciiString;
+
+cleanup:
+
+        PKIX_FREE(tokens);
+
+        PKIX_RETURN(OBJECT);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_oidBytes2Ascii
+ * DESCRIPTION:
+ *
+ *  Converts the DER encoding of an OID pointed to by "secItem" to an ASCII
+ *  representation and stores it at "pAscii". The ASCII representation is
+ *  guaranteed to end with a NUL character. The input SECItem must contain
+ *  non-NULL data and must have a positive length.
+ *
+ *  Example: the six bytes {2a 86 48 86 f7 0d} represent the
+ *  four integer tokens {1, 2, 840, 113549}, which we will convert
+ *  into ASCII yielding "1.2.840.113549"
+ *
+ *  The return value "pAscii" is not reference-counted and will need to
+ *  be freed with PKIX_PL_Free.
+ *
+ * PARAMETERS
+ *  "secItem"
+ *      Address of SECItem which contains bytes and length of DER encoding.
+ *      Must be non-NULL.
+ *  "pAscii"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an OID Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_oidBytes2Ascii(
+        SECItem *secItem,
+        char **pAscii,
+        void *plContext)
+{
+        char *data = NULL;
+        PKIX_UInt32 *tokens = NULL;
+        PKIX_UInt32 token = 0;
+        PKIX_UInt32 numBytes = 0;
+        PKIX_UInt32 numTokens = 0;
+        PKIX_UInt32 i = 0, x = 0, y = 0;
+        PKIX_UInt32 index = 0;
+        char *asciiString = NULL;
+
+        PKIX_ENTER(OID, "pkix_pl_oidBytes2Ascii");
+        PKIX_NULLCHECK_THREE(secItem, pAscii, secItem->data);
+
+        if (secItem->len == 0) {
+                PKIX_ERROR_FATAL(PKIX_OIDBYTES2ASCIIDATALENGTHZERO);
+        }
+
+        data = (char *)(secItem->data);
+        numBytes = secItem->len;
+        numTokens = 0;
+
+        /* calculate how many integer tokens are represented by the bytes. */
+        for (i = 0; i < numBytes; i++){
+                if ((data[i] & 0x080) == 0){
+                        numTokens++;
+                }
+        }
+
+        /* if we are unable to retrieve any tokens at all, we throw an error */
+        if (numTokens == 0){
+                PKIX_ERROR(PKIX_INVALIDDERENCODINGFOROID);
+        }
+
+        /* add one more token b/c the first byte always contains two tokens */
+        numTokens++;
+
+        /* allocate space for array of integers */
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (numTokens * sizeof (PKIX_UInt32),
+                    (void **)&tokens,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+        /* populate array of integers */
+        for (i = 0; i < numTokens; i++){
+
+                /* retrieve integer token */
+                PKIX_CHECK(pkix_pl_getOIDToken
+                            (data, index, &token, &index, plContext),
+                            PKIX_GETOIDTOKENFAILED);
+
+                if (i == 0){
+
+                        /*
+                         * special case: the first DER-encoded byte represents
+                         * two tokens. We take advantage of fact that first
+                         * token must be 0, 1, or 2; and second token must be
+                         * between {0, 39} inclusive if first token is 0 or 1.
+                         */
+
+                        if (token < 40)
+                                x = 0;
+                        else if (token < 80)
+                                x = 1;
+                        else
+                                x = 2;
+                        y = token - (x * 40);
+
+                        tokens[0] = x;
+                        tokens[1] = y;
+                        i++;
+                } else {
+                        tokens[i] = token;
+                }
+        }
+
+        /* convert array of integers to ASCII */
+        PKIX_CHECK(pkix_pl_helperBytes2Ascii
+                    (tokens, numTokens, &asciiString, plContext),
+                    PKIX_HELPERBYTES2ASCIIFAILED);
+
+        *pAscii = asciiString;
+
+cleanup:
+
+        PKIX_FREE(tokens);
+        PKIX_RETURN(OID);
+
+}
+
+/*
+ * FUNCTION: pkix_UTF16_to_EscASCII
+ * DESCRIPTION:
+ *
+ *  Converts array of bytes pointed to by "utf16String" with length of
+ *  "utf16Length" (which must be even) into a freshly allocated Escaped ASCII
+ *  string and stores a pointer to that string at "pDest" and stores the
+ *  string's length at "pLength". The Escaped ASCII string's length does not
+ *  include the final NUL character. The caller is responsible for freeing
+ *  "pDest" using PKIX_PL_Free. If "debug" is set, uses EscASCII_Debug
+ *  encoding.
+ *
+ * PARAMETERS:
+ *  "utf16String"
+ *      Address of array of bytes representing data source. Must be non-NULL.
+ *  "utf16Length"
+ *      Length of data source. Must be even.
+ *  "debug"
+ *      Boolean value indicating whether debug mode is desired.
+ *  "pDest"
+ *      Address where data will be stored. Must be non-NULL.
+ *  "pLength"
+ *      Address where data length will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_UTF16_to_EscASCII(
+        const void *utf16String,
+        PKIX_UInt32 utf16Length,
+        PKIX_Boolean debug,
+        char **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext)
+{
+        char *destPtr = NULL;
+        PKIX_UInt32 i, charLen;
+        PKIX_UInt32 x = 0, y = 0, z = 0;
+        unsigned char *utf16Char = (unsigned char *)utf16String;
+
+        PKIX_ENTER(STRING, "pkix_UTF16_to_EscASCII");
+        PKIX_NULLCHECK_THREE(utf16String, pDest, pLength);
+
+        /* Assume every pair of bytes becomes &#xNNNN; */
+        charLen = 4*utf16Length;
+
+        /* utf16Lenght must be even */
+        if ((utf16Length % 2) != 0){
+                PKIX_ERROR(PKIX_UTF16ALIGNMENTERROR);
+        }
+
+        /* Count how many bytes we need */
+        for (i = 0; i < utf16Length; i += 2) {
+                if ((utf16Char[i] == 0x00)&&
+                        pkix_isPlaintext(utf16Char[i+1], debug)) {
+                        if (utf16Char[i+1] == '&') {
+                                /* Need to convert this to &amp; */
+                                charLen -= 3;
+                        } else {
+                                /* We can fit this into one char */
+                                charLen -= 7;
+                        }
+                } else if ((utf16Char[i] >= 0xD8) && (utf16Char[i] <= 0xDB)) {
+                        if ((i+3) >= utf16Length) {
+                                PKIX_ERROR(PKIX_UTF16HIGHZONEALIGNMENTERROR);
+                        } else if ((utf16Char[i+2] >= 0xDC)&&
+                                (utf16Char[i+2] <= 0xDF)) {
+                                /* Quartet of bytes will become &#xNNNNNNNN; */
+                                charLen -= 4;
+                                /* Quartet of bytes will produce 12 chars */
+                                i += 2;
+                        } else {
+                                /* Second pair should be DC00-DFFF */
+                                PKIX_ERROR(PKIX_UTF16LOWZONEERROR);
+                        }
+                }
+        }
+
+        *pLength = charLen;
+
+        /* Ensure this string is null terminated */
+        charLen++;
+
+        /* Allocate space for character array */
+        PKIX_CHECK(PKIX_PL_Malloc(charLen, (void **)pDest, plContext),
+                    PKIX_MALLOCFAILED);
+
+        destPtr = *pDest;
+        for (i = 0; i < utf16Length; i += 2) {
+                if ((utf16Char[i] == 0x00)&&
+                    pkix_isPlaintext(utf16Char[i+1], debug)) {
+                        /* Write a single character */
+                        *destPtr++ = utf16Char[i+1];
+                } else if ((utf16Char[i+1] == '&') && (utf16Char[i] == 0x00)){
+                        *destPtr++ = '&';
+                        *destPtr++ = 'a';
+                        *destPtr++ = 'm';
+                        *destPtr++ = 'p';
+                        *destPtr++ = ';';
+                } else if ((utf16Char[i] >= 0xD8)&&
+                            (utf16Char[i] <= 0xDB)&&
+                            (utf16Char[i+2] >= 0xDC)&&
+                            (utf16Char[i+2] <= 0xDF)) {
+                        /*
+                         * Special UTF pairs are of the form:
+                         * x = D800..DBFF; y = DC00..DFFF;
+                         * The result is of the form:
+                         * ((x - D800) * 400 + (y - DC00)) + 0001 0000
+                         */
+                        x = 0x0FFFF & ((utf16Char[i]<<8) | utf16Char[i+1]);
+                        y = 0x0FFFF & ((utf16Char[i+2]<<8) | utf16Char[i+3]);
+                        z = ((x - 0xD800) * 0x400 + (y - 0xDC00)) + 0x00010000;
+
+                        /* Sprintf &#xNNNNNNNN; */
+                        PKIX_STRING_DEBUG("\tCalling PR_snprintf).\n");
+                        if (PR_snprintf(destPtr, 13, "&#x%08X;", z) ==
+                            (PKIX_UInt32)(-1)) {
+                                PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
+                        }
+                        i += 2;
+                        destPtr += 12;
+                } else {
+                        /* Sprintf &#xNNNN; */
+                        PKIX_STRING_DEBUG("\tCalling PR_snprintf).\n");
+                        if (PR_snprintf
+                            (destPtr,
+                            9,
+                            "&#x%02X%02X;",
+                            utf16Char[i],
+                            utf16Char[i+1]) ==
+                            (PKIX_UInt32)(-1)) {
+                                PKIX_ERROR(PKIX_PRSNPRINTFFAILED);
+                        }
+                        destPtr += 8;
+                }
+        }
+        *destPtr = '\0';
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_FREE(*pDest);
+        }
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_EscASCII_to_UTF16
+ * DESCRIPTION:
+ *
+ *  Converts array of bytes pointed to by "escAsciiString" with length of
+ *  "escAsciiLength" into a freshly allocated UTF-16 string and stores a
+ *  pointer to that string at "pDest" and stores the string's length at
+ *  "pLength". The caller is responsible for freeing "pDest" using
+ *  PKIX_PL_Free. If "debug" is set, uses EscASCII_Debug encoding.
+ *
+ * PARAMETERS:
+ *  "escAsciiString"
+ *      Address of array of bytes representing data source. Must be non-NULL.
+ *  "escAsciiLength"
+ *      Length of data source. Must be even.
+ *  "debug"
+ *      Boolean value indicating whether debug mode is desired.
+ *  "pDest"
+ *      Address where data will be stored. Must be non-NULL.
+ *  "pLength"
+ *      Address where data length will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_EscASCII_to_UTF16(
+        const char *escAsciiString,
+        PKIX_UInt32 escAsciiLen,
+        PKIX_Boolean debug,
+        void **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext)
+{
+        PKIX_UInt32 newLen, i, j, charSize;
+        PKIX_UInt32 x = 0, y = 0, z = 0;
+        unsigned char *destPtr = NULL;
+        unsigned char testChar, testChar2;
+        unsigned char *stringData = (unsigned char *)escAsciiString;
+
+        PKIX_ENTER(STRING, "pkix_EscASCII_to_UTF16");
+        PKIX_NULLCHECK_THREE(escAsciiString, pDest, pLength);
+
+        if (escAsciiLen == 0) {
+                PKIX_CHECK(PKIX_PL_Malloc(escAsciiLen, pDest, plContext),
+                            PKIX_MALLOCFAILED);
+                goto cleanup;
+        }
+
+        /* Assume each unicode character takes two bytes */
+        newLen = escAsciiLen*2;
+
+        /* Count up number of unicode encoded  characters */
+        for (i = 0; i < escAsciiLen; i++) {
+                if (!pkix_isPlaintext(stringData[i], debug)&&
+                    (stringData[i] != '&')) {
+                        PKIX_ERROR(PKIX_ILLEGALCHARACTERINESCAPEDASCII);
+                } else if (PL_strstr(escAsciiString+i, "&amp;") ==
+                            escAsciiString+i) {
+                        /* Convert EscAscii "&amp;" to two bytes */
+                        newLen -= 8;
+                        i += 4;
+                } else if ((PL_strstr(escAsciiString+i, "&#x") ==
+                            escAsciiString+i)||
+                            (PL_strstr(escAsciiString+i, "&#X") ==
+                            escAsciiString+i)) {
+                        if (((i+7) <= escAsciiLen)&&
+                            (escAsciiString[i+7] == ';')) {
+                                /* Convert &#xNNNN; to two bytes */
+                                newLen -= 14;
+                                i += 7;
+                        } else if (((i+11) <= escAsciiLen)&&
+                                (escAsciiString[i+11] == ';')) {
+                                /* Convert &#xNNNNNNNN; to four bytes */
+                                newLen -= 20;
+                                i += 11;
+                        } else {
+                                PKIX_ERROR(PKIX_ILLEGALUSEOFAMP);
+                        }
+                }
+        }
+
+        PKIX_CHECK(PKIX_PL_Malloc(newLen, pDest, plContext),
+                    PKIX_MALLOCFAILED);
+
+        /* Copy into newly allocated space */
+        destPtr = (unsigned char *)*pDest;
+
+        i = 0;
+        while (i < escAsciiLen) {
+                /* Copy each byte until you hit a &amp; */
+                if (pkix_isPlaintext(escAsciiString[i], debug)) {
+                        *destPtr++ = 0x00;
+                        *destPtr++ = escAsciiString[i++];
+                } else if (PL_strstr(escAsciiString+i, "&amp;") ==
+                            escAsciiString+i) {
+                        /* Convert EscAscii "&amp;" to two bytes */
+                        *destPtr++ = 0x00;
+                        *destPtr++ = '&';
+                        i += 5;
+                } else if (((PL_strstr(escAsciiString+i, "&#x") ==
+                            escAsciiString+i)||
+                            (PL_strstr(escAsciiString+i, "&#X") ==
+                            escAsciiString+i))&&
+                            ((i+7) <= escAsciiLen)) {
+
+                        /* We're either looking at &#xNNNN; or &#xNNNNNNNN; */
+                        charSize = (escAsciiString[i+7] == ';')?4:8;
+
+                        /* Skip past the &#x */
+                        i += 3;
+
+                        /* Make sure there is a terminating semi-colon */
+                        if (((i+charSize) > escAsciiLen)||
+                            (escAsciiString[i+charSize] != ';')) {
+                                PKIX_ERROR(PKIX_TRUNCATEDUNICODEINESCAPEDASCII);
+                        }
+
+                        for (j = 0; j < charSize; j++) {
+                                if (!PKIX_ISXDIGIT
+                                    (escAsciiString[i+j])) {
+                                        PKIX_ERROR(PKIX_ILLEGALUNICODECHARACTER);
+                                } else if (charSize == 8) {
+                                        x |= (pkix_hex2i
+                                                        (escAsciiString[i+j]))
+                                                        <<(4*(7-j));
+                                }
+                        }
+
+                        testChar =
+                                (pkix_hex2i(escAsciiString[i])<<4)|
+                                pkix_hex2i(escAsciiString[i+1]);
+                        testChar2 =
+                                (pkix_hex2i(escAsciiString[i+2])<<4)|
+                                pkix_hex2i(escAsciiString[i+3]);
+
+                        if (charSize == 4) {
+                                if ((testChar >= 0xD8)&&
+                                    (testChar <= 0xDF)) {
+                                        PKIX_ERROR(PKIX_ILLEGALSURROGATEPAIR);
+                                } else if ((testChar == 0x00)&&
+                                  pkix_isPlaintext(testChar2, debug)) {
+                                      PKIX_ERROR(
+                                          PKIX_ILLEGALCHARACTERINESCAPEDASCII);
+                                }
+                                *destPtr++ = testChar;
+                                *destPtr++ = testChar2;
+                        } else if (charSize == 8) {
+                                /* First two chars must be 0001-0010 */
+                                if (!((testChar == 0x00)&&
+                                    ((testChar2 >= 0x01)&&
+                                    (testChar2 <= 0x10)))) {
+                                      PKIX_ERROR(
+                                          PKIX_ILLEGALCHARACTERINESCAPEDASCII);
+                                }
+                                /*
+                                 * Unicode Strings of the form:
+                                 * x =  0001 0000..0010 FFFF
+                                 * Encoded as pairs of UTF-16 where
+                                 * y = ((x - 0001 0000) / 400) + D800
+                                 * z = ((x - 0001 0000) % 400) + DC00
+                                 */
+                                x -= 0x00010000;
+                                y = (x/0x400)+ 0xD800;
+                                z = (x%0x400)+ 0xDC00;
+
+                                /* Copy four bytes */
+                                *destPtr++ = (y&0xFF00)>>8;
+                                *destPtr++ = (y&0x00FF);
+                                *destPtr++ = (z&0xFF00)>>8;
+                                *destPtr++ = (z&0x00FF);
+                        }
+                        /* Move past the Hex digits and the semi-colon */
+                        i += charSize+1;
+                } else {
+                        /* Do not allow any other non-plaintext character */
+                        PKIX_ERROR(PKIX_ILLEGALCHARACTERINESCAPEDASCII);
+                }
+        }
+
+        *pLength = newLen;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_FREE(*pDest);
+        }
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_UTF16_to_UTF8
+ * DESCRIPTION:
+ *
+ *  Converts array of bytes pointed to by "utf16String" with length of
+ *  "utf16Length" into a freshly allocated UTF-8 string and stores a pointer
+ *  to that string at "pDest" and stores the string's length at "pLength" (not
+ *  counting the null terminator, if requested. The caller is responsible for
+ *  freeing "pDest" using PKIX_PL_Free.
+ *
+ * PARAMETERS:
+ *  "utf16String"
+ *      Address of array of bytes representing data source. Must be non-NULL.
+ *  "utf16Length"
+ *      Length of data source. Must be even.
+ *  "null-term"
+ *      Boolean value indicating whether output should be null-terminated.
+ *  "pDest"
+ *      Address where data will be stored. Must be non-NULL.
+ *  "pLength"
+ *      Address where data length will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_UTF16_to_UTF8(
+        const void *utf16String,
+        PKIX_UInt32 utf16Length,
+        PKIX_Boolean null_term,
+        void **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext)
+{
+        PKIX_Boolean result;
+        PKIX_UInt32 reallocLen;
+        char *endPtr = NULL;
+
+        PKIX_ENTER(STRING, "pkix_UTF16_to_UTF8");
+        PKIX_NULLCHECK_THREE(utf16String, pDest, pLength);
+
+        /* XXX How big can a UTF8 string be compared to a UTF16? */
+        PKIX_CHECK(PKIX_PL_Calloc(1, utf16Length*2, pDest, plContext),
+                    PKIX_CALLOCFAILED);
+
+        PKIX_STRING_DEBUG("\tCalling PORT_UCS2_UTF8Conversion).\n");
+        result = PORT_UCS2_UTF8Conversion
+                (PKIX_FALSE, /* False = From UCS2 */
+                (unsigned char *)utf16String,
+                utf16Length,
+                (unsigned char *)*pDest,
+                utf16Length*2, /* Max Size */
+                pLength);
+        if (result == PR_FALSE){
+                PKIX_ERROR(PKIX_PORTUCS2UTF8CONVERSIONFAILED);
+        }
+
+        reallocLen = *pLength;
+
+        if (null_term){
+                reallocLen++;
+        }
+
+        PKIX_CHECK(PKIX_PL_Realloc(*pDest, reallocLen, pDest, plContext),
+                    PKIX_REALLOCFAILED);
+
+        if (null_term){
+                endPtr = (char*)*pDest + reallocLen - 1;
+                *endPtr = '\0';
+        }
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_FREE(*pDest);
+        }
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_UTF8_to_UTF16
+ * DESCRIPTION:
+ *
+ *  Converts array of bytes pointed to by "utf8String" with length of
+ *  "utf8Length" into a freshly allocated UTF-16 string and stores a pointer
+ *  to that string at "pDest" and stores the string's length at "pLength". The
+ *  caller is responsible for freeing "pDest" using PKIX_PL_Free.
+ *
+ * PARAMETERS:
+ *  "utf8String"
+ *      Address of array of bytes representing data source. Must be non-NULL.
+ *  "utf8Length"
+ *      Length of data source. Must be even.
+ *  "pDest"
+ *      Address where data will be stored. Must be non-NULL.
+ *  "pLength"
+ *      Address where data length will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a String Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_UTF8_to_UTF16(
+        const void *utf8String,
+        PKIX_UInt32 utf8Length,
+        void **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext)
+{
+        PKIX_Boolean result;
+
+        PKIX_ENTER(STRING, "pkix_UTF8_to_UTF16");
+        PKIX_NULLCHECK_THREE(utf8String, pDest, pLength);
+
+        /* XXX How big can a UTF8 string be compared to a UTF16? */
+        PKIX_CHECK(PKIX_PL_Calloc(1, utf8Length*2, pDest, plContext),
+                    PKIX_MALLOCFAILED);
+
+        PKIX_STRING_DEBUG("\tCalling PORT_UCS2_UTF8Conversion).\n");
+        result = PORT_UCS2_UTF8Conversion
+                (PKIX_TRUE, /* True = From UTF8 */
+                (unsigned char *)utf8String,
+                utf8Length,
+                (unsigned char *)*pDest,
+                utf8Length*2, /* Max Size */
+                pLength);
+        if (result == PR_FALSE){
+                PKIX_ERROR(PKIX_PORTUCS2UTF8CONVERSIONFAILED);
+        }
+
+        PKIX_CHECK(PKIX_PL_Realloc(*pDest, *pLength, pDest, plContext),
+                    PKIX_REALLOCFAILED);
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_FREE(*pDest);
+        }
+
+        PKIX_RETURN(STRING);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
new file mode 100755
index 0000000..2946e07
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_common.h
@@ -0,0 +1,159 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_common.h
+ *
+ * Common central header file included by all PL source files
+ *
+ */
+
+#ifndef _PKIX_PL_COMMON_H
+#define _PKIX_PL_COMMON_H
+
+/* PKIX HEADERS */
+#include "pkix_tools.h"
+
+/* NSS headers */
+#include "nss.h"
+#include "secport.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "base64.h"
+#include "cert.h"
+#include "certdb.h"
+#include "genname.h"
+#include "xconst.h"
+#include "keyhi.h"
+#include "ocsp.h"
+#include "ocspt.h"
+#include "pk11pub.h"
+#include "pkcs11.h"
+#include "pkcs11t.h"
+#include "prio.h"
+
+/* NSPR headers */
+#include "nspr.h"
+
+/* private PKIX_PL_NSS system headers */
+#include "pkix_pl_object.h"
+#include "pkix_pl_string.h"
+#ifndef NSS_PKIX_NO_LDAP
+#include "pkix_pl_ldapt.h"
+#endif /* !NSS_PKIX_NO_LDAP */
+#include "pkix_pl_aiamgr.h"
+#include "pkix_pl_bigint.h"
+#include "pkix_pl_oid.h"
+#include "pkix_pl_x500name.h"
+#include "pkix_pl_generalname.h"
+#include "pkix_pl_publickey.h"
+#include "pkix_pl_bytearray.h"
+#include "pkix_pl_date.h"
+#include "pkix_pl_primhash.h"
+#include "pkix_pl_basicconstraints.h"
+#include "pkix_pl_bytearray.h"
+#include "pkix_pl_cert.h"
+#include "pkix_pl_certpolicyinfo.h"
+#include "pkix_pl_certpolicymap.h"
+#include "pkix_pl_certpolicyqualifier.h"
+#include "pkix_pl_crldp.h"
+#include "pkix_pl_crl.h"
+#include "pkix_pl_crlentry.h"
+#include "pkix_pl_nameconstraints.h"
+#include "pkix_pl_ocsprequest.h"
+#include "pkix_pl_ocspresponse.h"
+#include "pkix_pl_pk11certstore.h"
+#include "pkix_pl_socket.h"
+#ifndef NSS_PKIX_NO_LDAP
+#include "pkix_pl_ldapcertstore.h"
+#include "pkix_pl_ldaprequest.h"
+#include "pkix_pl_ldapresponse.h"
+#endif /* !NSS_PKIX_NO_LDAP */
+#include "pkix_pl_nsscontext.h"
+#include "pkix_pl_httpcertstore.h"
+#include "pkix_pl_httpdefaultclient.h"
+#include "pkix_pl_infoaccess.h"
+#include "pkix_sample_modules.h"
+
+#define MAX_DIGITS_32 (PKIX_UInt32) 10
+
+#define PKIX_PL_NSSCALL(type, func, args)  \
+        PKIX_ ## type ## _DEBUG_ARG("( Calling %s).\n", #func); \
+        (func args)
+
+#define PKIX_PL_NSSCALLRV(type, lvalue, func, args)  \
+        PKIX_ ## type ## _DEBUG_ARG("( Calling %s).\n", #func); \
+        lvalue = (func args)
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_LockObject(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+PKIX_Error *
+pkix_UnlockObject(
+        PKIX_PL_Object *object,
+        void *plContext);
+
+PKIX_Boolean
+pkix_pl_UInt32_Overflows(char *string);
+
+PKIX_Error *
+pkix_pl_helperBytes2Ascii(
+        PKIX_UInt32 *tokens,
+        PKIX_UInt32 numTokens,
+        char **pAscii,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_ipAddrBytes2Ascii(
+        SECItem *secItem,
+        char **pAscii,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_oidBytes2Ascii(
+        SECItem *secItem,
+        char **pAscii,
+        void *plContext);
+
+/* --String-Encoding-Conversion-Functions------------------------ */
+
+PKIX_Error *
+pkix_UTF16_to_EscASCII(
+        const void *utf16String,
+        PKIX_UInt32 utf16Length,
+        PKIX_Boolean debug,
+        char **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext);
+
+PKIX_Error *
+pkix_EscASCII_to_UTF16(
+        const char *escAsciiString,
+        PKIX_UInt32 escAsciiLen,
+        PKIX_Boolean debug,
+        void **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext);
+
+PKIX_Error *
+pkix_UTF16_to_UTF8(
+        const void *utf16String,
+        PKIX_UInt32 utf16Length,
+        PKIX_Boolean null_Term,
+        void **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext);
+
+PKIX_Error *
+pkix_UTF8_to_UTF16(
+        const void *utf8Source,
+        PKIX_UInt32 utf8Length,
+        void **pDest,
+        PKIX_UInt32 *pLength,
+        void *plContext);
+
+#endif /* _PKIX_PL_COMMON_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
new file mode 100644
index 0000000..2631aed
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_error.c
@@ -0,0 +1,26 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_error.c
+ *
+ * PL error functions
+ *
+ */
+
+#include "pkix_pl_common.h"
+
+#undef PKIX_ERRORENTRY
+
+#define PKIX_ERRORENTRY(name,desc,plerr) plerr
+
+const PKIX_Int32 PKIX_PLErrorIndex[] =
+{
+#include "pkix_errorstrings.h"
+};
+
+int
+PKIX_PL_GetPLErrorCode()
+{
+    return PORT_GetError();
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c
new file mode 100755
index 0000000..2603653
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.c
@@ -0,0 +1,383 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_hashtable.c
+ *
+ * Hashtable Object Functions
+ *
+ */
+
+#include "pkix_pl_hashtable.h"
+
+/* --Private-Structure-------------------------------------------- */
+
+struct PKIX_PL_HashTableStruct {
+        pkix_pl_PrimHashTable *primHash;
+        PKIX_PL_Mutex *tableLock;
+        PKIX_UInt32 maxEntriesPerBucket;
+};
+
+/* --Private-Functions-------------------------------------------- */
+
+#define PKIX_MUTEX_UNLOCK(mutex) \
+    do { \
+        if (mutex && lockedMutex == (PKIX_PL_Mutex *)(mutex)) { \
+            pkixTempResult = \
+                PKIX_PL_Mutex_Unlock((mutex), plContext); \
+            PORT_Assert(pkixTempResult == NULL); \
+            if (pkixTempResult) { \
+                PKIX_DoAddError(&stdVars, pkixTempResult, plContext); \
+                pkixTempResult = NULL; \
+            } \
+            lockedMutex = NULL; \
+        } else { \
+            PORT_Assert(lockedMutex == NULL); \
+        }\
+    } while (0)
+
+
+#define PKIX_MUTEX_LOCK(mutex) \
+    do { \
+        if (mutex){ \
+            PORT_Assert(lockedMutex == NULL); \
+            PKIX_CHECK(PKIX_PL_Mutex_Lock((mutex), plContext), \
+                       PKIX_MUTEXLOCKFAILED); \
+            lockedMutex = (mutex); \
+        } \
+    } while (0)
+
+/*
+ * FUNCTION: pkix_pl_HashTable_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_HashTable_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_HashTable *ht = NULL;
+        pkix_pl_HT_Elem *item = NULL;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_HashTable_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_HASHTABLE_TYPE, plContext),
+                    PKIX_OBJECTNOTHASHTABLE);
+
+        ht = (PKIX_PL_HashTable*) object;
+
+        /* DecRef every object in the primitive hash table */
+        for (i = 0; i < ht->primHash->size; i++) {
+                for (item = ht->primHash->buckets[i];
+                    item != NULL;
+                    item = item->next) {
+                        PKIX_DECREF(item->key);
+                        PKIX_DECREF(item->value);
+                }
+        }
+
+        PKIX_CHECK(pkix_pl_PrimHashTable_Destroy(ht->primHash, plContext),
+                    PKIX_PRIMHASHTABLEDESTROYFAILED);
+
+        PKIX_DECREF(ht->tableLock);
+
+cleanup:
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: pkix_pl_HashTable_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_HASHTABLE_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_HashTable_RegisterSelf(
+        void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_HashTable_RegisterSelf");
+
+        entry.description = "HashTable";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_HashTable);
+        entry.destructor = pkix_pl_HashTable_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_HASHTABLE_TYPE] = entry;
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Create (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Create(
+        PKIX_UInt32 numBuckets,
+        PKIX_UInt32 maxEntriesPerBucket,
+        PKIX_PL_HashTable **pResult,
+        void *plContext)
+{
+        PKIX_PL_HashTable *hashTable = NULL;
+
+        PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Create");
+        PKIX_NULLCHECK_ONE(pResult);
+
+        if (numBuckets == 0) {
+                PKIX_ERROR(PKIX_NUMBUCKETSEQUALSZERO);
+        }
+
+        /* Allocate a new hashtable */
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                (PKIX_HASHTABLE_TYPE,
+                sizeof (PKIX_PL_HashTable),
+                (PKIX_PL_Object **)&hashTable,
+                plContext),
+                PKIX_COULDNOTCREATEHASHTABLEOBJECT);
+
+        /* Create the underlying primitive hash table type */
+        PKIX_CHECK(pkix_pl_PrimHashTable_Create
+                    (numBuckets, &hashTable->primHash, plContext),
+                    PKIX_PRIMHASHTABLECREATEFAILED);
+
+        /* Create a lock for this table */
+        PKIX_CHECK(PKIX_PL_Mutex_Create(&hashTable->tableLock, plContext),
+                    PKIX_ERRORCREATINGTABLELOCK);
+
+        hashTable->maxEntriesPerBucket = maxEntriesPerBucket;
+
+        *pResult = hashTable;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(hashTable);
+        }
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Add (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Add(
+        PKIX_PL_HashTable *ht,
+        PKIX_PL_Object *key,
+        PKIX_PL_Object *value,
+        void *plContext)
+{
+        PKIX_PL_Mutex  *lockedMutex = NULL;
+        PKIX_PL_Object *deletedKey = NULL;
+        PKIX_PL_Object *deletedValue = NULL;
+        PKIX_UInt32 hashCode;
+        PKIX_PL_EqualsCallback keyComp;
+        PKIX_UInt32 bucketSize = 0;
+
+        PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Add");
+
+#if !defined(PKIX_OBJECT_LEAK_TEST)
+        PKIX_NULLCHECK_THREE(ht, key, value);
+#else
+        PKIX_NULLCHECK_TWO(key, value);
+
+        if (ht == NULL) {
+            PKIX_RETURN(HASHTABLE);
+        }
+#endif
+        /* Insert into primitive hashtable */
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
+                    (key, &keyComp, plContext),
+                    PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
+
+        PKIX_MUTEX_LOCK(ht->tableLock);
+
+        PKIX_CHECK(pkix_pl_PrimHashTable_GetBucketSize
+                (ht->primHash,
+                hashCode,
+                &bucketSize,
+                plContext),
+                PKIX_PRIMHASHTABLEGETBUCKETSIZEFAILED);
+
+        if (ht->maxEntriesPerBucket != 0 &&
+            bucketSize >= ht->maxEntriesPerBucket) {
+                /* drop the last one in the bucket */
+                PKIX_CHECK(pkix_pl_PrimHashTable_RemoveFIFO
+                        (ht->primHash,
+                        hashCode,
+                        (void **) &deletedKey,
+                        (void **) &deletedValue,
+                        plContext),
+                        PKIX_PRIMHASHTABLEGETBUCKETSIZEFAILED);
+                PKIX_DECREF(deletedKey);
+                PKIX_DECREF(deletedValue);
+        }
+
+        PKIX_CHECK(pkix_pl_PrimHashTable_Add
+                (ht->primHash,
+                (void *)key,
+                (void *)value,
+                hashCode,
+                keyComp,
+                plContext),
+                PKIX_PRIMHASHTABLEADDFAILED);
+
+        PKIX_INCREF(key);
+        PKIX_INCREF(value);
+        PKIX_MUTEX_UNLOCK(ht->tableLock);
+
+        /*
+         * we don't call PKIX_PL_InvalidateCache here b/c we have
+         * not implemented toString or hashcode for this Object
+         */
+
+cleanup:
+
+        PKIX_MUTEX_UNLOCK(ht->tableLock);
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Remove (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Remove(
+        PKIX_PL_HashTable *ht,
+        PKIX_PL_Object *key,
+        void *plContext)
+{
+        PKIX_PL_Mutex  *lockedMutex = NULL;
+        PKIX_PL_Object *origKey = NULL;
+        PKIX_PL_Object *value = NULL;
+        PKIX_UInt32 hashCode;
+        PKIX_PL_EqualsCallback keyComp;
+
+        PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Remove");
+
+#if !defined(PKIX_OBJECT_LEAK_TEST)
+        PKIX_NULLCHECK_TWO(ht, key);
+#else
+        PKIX_NULLCHECK_ONE(key);
+
+        if (ht == NULL) {
+            PKIX_RETURN(HASHTABLE);
+        }
+#endif
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
+                    (key, &keyComp, plContext),
+                    PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
+
+        PKIX_MUTEX_LOCK(ht->tableLock);
+
+        /* Remove from primitive hashtable */
+        PKIX_CHECK(pkix_pl_PrimHashTable_Remove
+                (ht->primHash,
+                (void *)key,
+                hashCode,
+                keyComp,
+                (void **)&origKey,
+                (void **)&value,
+                plContext),
+                PKIX_PRIMHASHTABLEREMOVEFAILED);
+
+        PKIX_MUTEX_UNLOCK(ht->tableLock);
+
+        PKIX_DECREF(origKey);
+        PKIX_DECREF(value);
+
+        /*
+         * we don't call PKIX_PL_InvalidateCache here b/c we have
+         * not implemented toString or hashcode for this Object
+         */
+
+cleanup:
+
+        PKIX_MUTEX_UNLOCK(ht->tableLock);
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: PKIX_PL_HashTable_Lookup (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_HashTable_Lookup(
+        PKIX_PL_HashTable *ht,
+        PKIX_PL_Object *key,
+        PKIX_PL_Object **pResult,
+        void *plContext)
+{
+        PKIX_PL_Mutex *lockedMutex = NULL;
+        PKIX_UInt32 hashCode;
+        PKIX_PL_EqualsCallback keyComp;
+        PKIX_PL_Object *result = NULL;
+
+        PKIX_ENTER(HASHTABLE, "PKIX_PL_HashTable_Lookup");
+
+#if !defined(PKIX_OBJECT_LEAK_TEST)
+        PKIX_NULLCHECK_THREE(ht, key, pResult);
+#else
+        PKIX_NULLCHECK_TWO(key, pResult);
+
+        if (ht == NULL) {
+            PKIX_RETURN(HASHTABLE);
+        }
+#endif
+
+        PKIX_CHECK(PKIX_PL_Object_Hashcode(key, &hashCode, plContext),
+                    PKIX_OBJECTHASHCODEFAILED);
+
+        PKIX_CHECK(pkix_pl_Object_RetrieveEqualsCallback
+                    (key, &keyComp, plContext),
+                    PKIX_OBJECTRETRIEVEEQUALSCALLBACKFAILED);
+
+        PKIX_MUTEX_LOCK(ht->tableLock);
+
+        /* Lookup in primitive hashtable */
+        PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
+                (ht->primHash,
+                (void *)key,
+                hashCode,
+                keyComp,
+                (void **)&result,
+                plContext),
+                PKIX_PRIMHASHTABLELOOKUPFAILED);
+
+        PKIX_INCREF(result);
+        PKIX_MUTEX_UNLOCK(ht->tableLock);
+
+        *pResult = result;
+
+cleanup:
+        
+        PKIX_MUTEX_UNLOCK(ht->tableLock);
+
+        PKIX_RETURN(HASHTABLE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h
new file mode 100755
index 0000000..479c623
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_hashtable.h
@@ -0,0 +1,29 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_hashtable.h
+ *
+ * Hashtable Object Definition
+ *
+ */
+
+#ifndef _PKIX_PL_HASHTABLE_H
+#define _PKIX_PL_HASHTABLE_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_HashTable_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_HASHTABLE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
new file mode 100755
index 0000000..70ed25d
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -0,0 +1,279 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_lifecycle.c
+ *
+ * Lifecycle Functions for the PKIX PL library.
+ *
+ */
+
+#include "pkix_pl_lifecycle.h"
+
+PKIX_Boolean pkix_pl_initialized = PKIX_FALSE;
+pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+PRLock *classTableLock;
+PRLogModuleInfo *pkixLog = NULL;
+
+/*
+ * PKIX_ALLOC_ERROR is a special error object hard-coded into the
+ * pkix_error.o object file. It is thrown if system memory cannot be
+ * allocated. PKIX_ALLOC_ERROR is immutable.
+ * IncRef, DecRef, and Settor functions cannot be called.
+ */
+
+/* Keep this structure definition here for its is used only once here */
+struct PKIX_Alloc_Error_ObjectStruct {
+        PKIX_PL_Object header;
+        PKIX_Error error;
+};
+typedef struct PKIX_Alloc_Error_ObjectStruct PKIX_Alloc_Error_Object;
+
+static const PKIX_Alloc_Error_Object pkix_Alloc_Error_Data = {
+    {
+        PKIX_MAGIC_HEADER, 		/* PRUint64    magicHeader */
+        (PKIX_UInt32)PKIX_ERROR_TYPE,   /* PKIX_UInt32 type */
+        (PKIX_UInt32)1,                 /* PKIX_UInt32 references */
+        /* Warning! Cannot Ref Count with NULL lock */
+        (void *)0,                      /* PRLock *lock */
+        (PKIX_PL_String *)0,            /* PKIX_PL_String *stringRep */
+        (PKIX_UInt32)0,                 /* PKIX_UInt32 hashcode */
+        (PKIX_Boolean)PKIX_FALSE,       /* PKIX_Boolean hashcodeCached */
+    }, {
+        (PKIX_ERRORCODE)0,              /* PKIX_ERRORCODE errCode; */
+        (PKIX_ERRORCLASS)PKIX_FATAL_ERROR,/* PKIX_ERRORCLASS errClass */
+        (PKIX_UInt32)SEC_ERROR_LIBPKIX_INTERNAL, /* default PL Error Code */
+        (PKIX_Error *)0,                /* PKIX_Error *cause */
+        (PKIX_PL_Object *)0,            /* PKIX_PL_Object *info */
+   }
+};
+
+PKIX_Error* PKIX_ALLOC_ERROR(void)
+{
+    return (PKIX_Error *)&pkix_Alloc_Error_Data.error;
+}
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+SECStatus
+pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable)
+{
+    int   typeCounter = 0;
+
+    for (; typeCounter < PKIX_NUMTYPES; typeCounter++) {
+        pkix_ClassTable_Entry *entry = &systemClasses[typeCounter];
+
+        objCountTable[typeCounter] = entry->objCounter;
+    }
+
+    return SECSuccess;
+}
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+
+PKIX_UInt32
+pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable)
+{
+        unsigned int typeCounter = 0;
+        PKIX_UInt32 numObjects = 0;
+        char  classNameBuff[128];
+        char *className = NULL;
+
+        for (; typeCounter < PKIX_NUMTYPES; typeCounter++) {
+                pkix_ClassTable_Entry *entry = &systemClasses[typeCounter];
+                PKIX_UInt32 objCountDiff = entry->objCounter;
+
+                if (initObjCountTable) {
+                    PKIX_UInt32 initialCount = initObjCountTable[typeCounter];
+                    objCountDiff = (entry->objCounter > initialCount) ?
+                        entry->objCounter - initialCount : 0;
+                }
+
+                numObjects += objCountDiff;
+                
+                if (!pkixLog || !objCountDiff) {
+                    continue;
+                }
+                className = entry->description;
+                if (!className) {
+                    className = classNameBuff;
+                    PR_snprintf(className, 128, "Unknown(ref %d)", 
+                            entry->objCounter);
+                }
+
+                PR_LOG(pkixLog, 1, ("Class %s leaked %d objects of "
+                        "size %d bytes, total = %d bytes\n", className, 
+                        objCountDiff, entry->typeObjectSize,
+                        objCountDiff * entry->typeObjectSize));
+        }
+ 
+        return numObjects;
+}
+
+/*
+ * PKIX_PL_Initialize (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Initialize(
+        PKIX_Boolean platformInitNeeded,
+        PKIX_Boolean useArenas,
+        void **pPlContext)
+{
+        void *plContext = NULL;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Initialize");
+
+        /*
+         * This function can only be called once. If it has already been
+         * called, we return a positive status.
+         */
+        if (pkix_pl_initialized) {
+            PKIX_RETURN(OBJECT);
+        }
+
+        classTableLock = PR_NewLock();
+        if (classTableLock == NULL) {
+            return PKIX_ALLOC_ERROR();
+        }
+
+        if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
+            pkixLog = PR_NewLogModule("pkix");
+        }
+        /*
+         * Register Object, it is the base object of all other objects.
+         */
+        pkix_pl_Object_RegisterSelf(plContext);
+
+        /*
+         * Register Error and String, since they will be needed if
+         * there is a problem in registering any other type.
+         */
+        pkix_Error_RegisterSelf(plContext);
+        pkix_pl_String_RegisterSelf(plContext);
+
+
+        /*
+         * We register all other system types
+         * (They don't need to be in order, but it's
+         * easier to keep track of what types are registered
+         * if we register them in the same order as their
+         * numbers, defined in pkixt.h.
+         */
+        pkix_pl_BigInt_RegisterSelf(plContext);   /* 1-10 */
+        pkix_pl_ByteArray_RegisterSelf(plContext);
+        pkix_pl_HashTable_RegisterSelf(plContext);
+        pkix_List_RegisterSelf(plContext);
+        pkix_Logger_RegisterSelf(plContext);
+        pkix_pl_Mutex_RegisterSelf(plContext);
+        pkix_pl_OID_RegisterSelf(plContext);
+        pkix_pl_RWLock_RegisterSelf(plContext);
+
+        pkix_pl_CertBasicConstraints_RegisterSelf(plContext); /* 11-20 */
+        pkix_pl_Cert_RegisterSelf(plContext);
+        pkix_pl_CRL_RegisterSelf(plContext);
+        pkix_pl_CRLEntry_RegisterSelf(plContext);
+        pkix_pl_Date_RegisterSelf(plContext);
+        pkix_pl_GeneralName_RegisterSelf(plContext);
+        pkix_pl_CertNameConstraints_RegisterSelf(plContext);
+        pkix_pl_PublicKey_RegisterSelf(plContext);
+        pkix_TrustAnchor_RegisterSelf(plContext);
+
+        pkix_pl_X500Name_RegisterSelf(plContext);   /* 21-30 */
+        pkix_pl_HttpCertStoreContext_RegisterSelf(plContext);
+        pkix_BuildResult_RegisterSelf(plContext);
+        pkix_ProcessingParams_RegisterSelf(plContext);
+        pkix_ValidateParams_RegisterSelf(plContext);
+        pkix_ValidateResult_RegisterSelf(plContext);
+        pkix_CertStore_RegisterSelf(plContext);
+        pkix_CertChainChecker_RegisterSelf(plContext);
+        pkix_RevocationChecker_RegisterSelf(plContext);
+        pkix_CertSelector_RegisterSelf(plContext);
+
+        pkix_ComCertSelParams_RegisterSelf(plContext);   /* 31-40 */
+        pkix_CRLSelector_RegisterSelf(plContext);
+        pkix_ComCRLSelParams_RegisterSelf(plContext);
+        pkix_pl_CertPolicyInfo_RegisterSelf(plContext);
+        pkix_pl_CertPolicyQualifier_RegisterSelf(plContext);
+        pkix_pl_CertPolicyMap_RegisterSelf(plContext);
+        pkix_PolicyNode_RegisterSelf(plContext);
+        pkix_TargetCertCheckerState_RegisterSelf(plContext);
+        pkix_BasicConstraintsCheckerState_RegisterSelf(plContext);
+        pkix_PolicyCheckerState_RegisterSelf(plContext);
+
+        pkix_pl_CollectionCertStoreContext_RegisterSelf(plContext); /* 41-50 */
+        pkix_CrlChecker_RegisterSelf(plContext);
+        pkix_ForwardBuilderState_RegisterSelf(plContext);
+        pkix_SignatureCheckerState_RegisterSelf(plContext);
+        pkix_NameConstraintsCheckerState_RegisterSelf(plContext);
+#ifndef NSS_PKIX_NO_LDAP
+        pkix_pl_LdapRequest_RegisterSelf(plContext);
+        pkix_pl_LdapResponse_RegisterSelf(plContext);
+        pkix_pl_LdapDefaultClient_RegisterSelf(plContext);
+#endif
+        pkix_pl_Socket_RegisterSelf(plContext);
+
+        pkix_ResourceLimits_RegisterSelf(plContext); /* 51-59 */
+        pkix_pl_MonitorLock_RegisterSelf(plContext);
+        pkix_pl_InfoAccess_RegisterSelf(plContext);
+        pkix_pl_AIAMgr_RegisterSelf(plContext);
+        pkix_OcspChecker_RegisterSelf(plContext);
+        pkix_pl_OcspCertID_RegisterSelf(plContext);
+        pkix_pl_OcspRequest_RegisterSelf(plContext);
+        pkix_pl_OcspResponse_RegisterSelf(plContext);
+        pkix_pl_HttpDefaultClient_RegisterSelf(plContext);
+        pkix_VerifyNode_RegisterSelf(plContext);
+        pkix_EkuChecker_RegisterSelf(plContext);
+        pkix_pl_CrlDp_RegisterSelf(plContext);
+
+        if (pPlContext) {
+            PKIX_CHECK(PKIX_PL_NssContext_Create
+                       (0, useArenas, NULL, &plContext),
+                       PKIX_NSSCONTEXTCREATEFAILED);
+            
+            *pPlContext = plContext;
+        }
+
+        pkix_pl_initialized = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * PKIX_PL_Shutdown (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Shutdown(void *plContext)
+{
+#ifdef DEBUG
+        PKIX_UInt32 numLeakedObjects = 0;
+#endif
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown");
+
+        if (!pkix_pl_initialized) {
+            /* The library was not initilized */
+            PKIX_RETURN(OBJECT);
+        }
+
+        PR_DestroyLock(classTableLock);
+
+        pkix_pl_HttpCertStore_Shutdown(plContext);
+
+#ifdef DEBUG
+        numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL);
+        if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
+           PORT_Assert(numLeakedObjects == 0);
+        }
+#else
+        pkix_pl_lifecycle_ObjectLeakCheck(NULL);
+#endif
+
+        if (plContext != NULL) {
+                PKIX_PL_NssContext_Destroy(plContext);
+        }
+
+        pkix_pl_initialized = PKIX_FALSE;
+
+        PKIX_RETURN(OBJECT);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
new file mode 100755
index 0000000..9660af1
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.h
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_lifecycle.h
+ *
+ * Lifecycle Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_LIFECYCLE_H
+#define _PKIX_PL_LIFECYCLE_H
+
+#include "pkix_pl_common.h"
+#include "pkix_pl_oid.h"
+#include "pkix_pl_aiamgr.h"
+#include "pkix_pl_bigint.h"
+#include "pkix_pl_bytearray.h"
+#include "pkix_pl_hashtable.h"
+#include "pkix_pl_mutex.h"
+#include "pkix_pl_rwlock.h"
+#include "pkix_pl_monitorlock.h"
+#include "pkix_pl_string.h"
+#include "pkix_pl_cert.h"
+#include "pkix_pl_x500name.h"
+#include "pkix_pl_generalname.h"
+#include "pkix_pl_publickey.h"
+#include "pkix_pl_date.h"
+#include "pkix_pl_basicconstraints.h"
+#include "pkix_pl_certpolicyinfo.h"
+#include "pkix_pl_certpolicymap.h"
+#include "pkix_pl_certpolicyqualifier.h"
+#include "pkix_pl_crlentry.h"
+#include "pkix_pl_crl.h"
+#include "pkix_pl_colcertstore.h"
+#ifndef NSS_PKIX_NO_LDAP
+#include "pkix_pl_ldapcertstore.h"
+#include "pkix_pl_ldapdefaultclient.h"
+#include "pkix_pl_ldaprequest.h"
+#include "pkix_pl_ldapresponse.h"
+#endif /* !NSS_PKIX_NO_LDAP */
+#include "pkix_pl_socket.h"
+#include "pkix_pl_infoaccess.h"
+#include "pkix_store.h"
+#include "pkix_error.h"
+#include "pkix_logger.h"
+#include "pkix_list.h"
+#include "pkix_trustanchor.h"
+#include "pkix_procparams.h"
+#include "pkix_valparams.h"
+#include "pkix_valresult.h"
+#include "pkix_verifynode.h"
+#include "pkix_resourcelimits.h"
+#include "pkix_certchainchecker.h"
+#include "pkix_revocationchecker.h"
+#include "pkix_certselector.h"
+#include "pkix_comcertselparams.h"
+#include "pkix_crlselector.h"
+#include "pkix_comcrlselparams.h"
+#include "pkix_targetcertchecker.h"
+#include "pkix_basicconstraintschecker.h"
+#include "pkix_policynode.h"
+#include "pkix_policychecker.h"
+#include "pkix_crlchecker.h"
+#include "pkix_signaturechecker.h"
+#include "pkix_buildresult.h"
+#include "pkix_build.h"
+#include "pkix_pl_nameconstraints.h"
+#include "pkix_nameconstraintschecker.h"
+#include "pkix_ocspchecker.h"
+#include "pkix_pl_ocspcertid.h"
+#include "pkix_pl_ocsprequest.h"
+#include "pkix_pl_ocspresponse.h"
+#include "pkix_pl_httpdefaultclient.h"
+#include "pkix_pl_httpcertstore.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_InitializeParamsStruct {
+        PKIX_List *loggers;
+        PKIX_UInt32 majorVersion;
+        PKIX_UInt32 minorVersion;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_LIFECYCLE_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c
new file mode 100755
index 0000000..d75c0be
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.c
@@ -0,0 +1,168 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_mem.c
+ *
+ * Memory Management Functions
+ *
+ */
+
+#include "pkix_pl_mem.h"
+
+/*
+ * FUNCTION: PKIX_PL_Malloc (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Malloc(
+        PKIX_UInt32 size,
+        void **pMemory,
+        void *plContext)
+{
+        PKIX_PL_NssContext *nssContext = NULL;
+        void *result = NULL;
+
+        PKIX_ENTER(MEM, "PKIX_PL_Malloc");
+        PKIX_NULLCHECK_ONE(pMemory);
+
+        if (size == 0){
+                *pMemory = NULL;
+        } else {
+
+                nssContext = (PKIX_PL_NssContext *)plContext; 
+
+                if (nssContext != NULL && nssContext->arena != NULL) {
+                    PKIX_MEM_DEBUG("\tCalling PORT_ArenaAlloc.\n");
+                    *pMemory = PORT_ArenaAlloc(nssContext->arena, size);
+                } else {
+                    PKIX_MEM_DEBUG("\tCalling PR_Malloc.\n");
+                    result = (void *) PR_Malloc(size);
+
+                    if (result == NULL) {
+                        PKIX_MEM_DEBUG("Fatal Error Occurred: "
+                                        "PR_Malloc failed.\n");
+                        PKIX_ERROR_ALLOC_ERROR();
+                    } else {
+                        *pMemory = result;
+                    }
+                }
+        }
+
+cleanup:
+        PKIX_RETURN(MEM);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Calloc (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Calloc(
+        PKIX_UInt32 nElem,
+        PKIX_UInt32 elSize,
+        void **pMemory,
+        void *plContext)
+{
+        PKIX_PL_NssContext *nssContext = NULL;
+        void *result = NULL;
+
+        PKIX_ENTER(MEM, "PKIX_PL_Calloc");
+        PKIX_NULLCHECK_ONE(pMemory);
+
+        if ((nElem == 0) || (elSize == 0)){
+                *pMemory = NULL;
+        } else {
+
+                nssContext = (PKIX_PL_NssContext *)plContext; 
+
+                if (nssContext != NULL && nssContext->arena != NULL) {
+                    PKIX_MEM_DEBUG("\tCalling PORT_ArenaAlloc.\n");
+                    *pMemory = PORT_ArenaAlloc(nssContext->arena, elSize);
+                } else {
+                    PKIX_MEM_DEBUG("\tCalling PR_Calloc.\n");
+                    result = (void *) PR_Calloc(nElem, elSize);
+
+                    if (result == NULL) {
+                        PKIX_MEM_DEBUG("Fatal Error Occurred: "
+                                        "PR_Calloc failed.\n");
+                        PKIX_ERROR_ALLOC_ERROR();
+                    } else {
+                        *pMemory = result;
+                    }
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(MEM);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Realloc (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Realloc(
+        void *ptr,
+        PKIX_UInt32 size,
+        void **pMemory,
+        void *plContext)
+{
+        PKIX_PL_NssContext *nssContext = NULL;
+        void *result = NULL;
+
+        PKIX_ENTER(MEM, "PKIX_PL_Realloc");
+        PKIX_NULLCHECK_ONE(pMemory);
+
+        nssContext = (PKIX_PL_NssContext *)plContext; 
+
+        if (nssContext != NULL && nssContext->arena != NULL) {
+                PKIX_MEM_DEBUG("\tCalling PORT_ArenaAlloc.\n");
+                result = PORT_ArenaAlloc(nssContext->arena, size);
+
+                if (result){
+                        PKIX_MEM_DEBUG("\tCalling PORT_Memcpy.\n");
+                        PORT_Memcpy(result, ptr, size);
+                }
+                *pMemory = result;
+        } else {
+                PKIX_MEM_DEBUG("\tCalling PR_Realloc.\n");
+                result = (void *) PR_Realloc(ptr, size);
+
+                if (result == NULL) {
+                        if (size == 0){
+                                *pMemory = NULL;
+                        } else {
+                                PKIX_MEM_DEBUG
+                                        ("Fatal Error Occurred: "
+                                        "PR_Realloc failed.\n");
+                                PKIX_ERROR_ALLOC_ERROR();
+                        }
+                } else {
+                        *pMemory = result;
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(MEM);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Free (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Free(
+        void *ptr,
+        /* ARGSUSED */ void *plContext)
+{
+        PKIX_PL_NssContext *context = NULL;
+
+        PKIX_ENTER(MEM, "PKIX_PL_Free");
+
+        context = (PKIX_PL_NssContext *) plContext;
+        if (context == NULL || context->arena == NULL) {
+            PKIX_MEM_DEBUG("\tCalling PR_Free.\n");
+            (void) PR_Free(ptr);
+        }
+
+        PKIX_RETURN(MEM);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h
new file mode 100755
index 0000000..eaec624
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mem.h
@@ -0,0 +1,24 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_mem.h
+ *
+ * Memory Management Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_MEM_H
+#define _PKIX_PL_MEM_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_MEM_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c
new file mode 100755
index 0000000..a5d2fc9
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.c
@@ -0,0 +1,136 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_monitorlock.c
+ *
+ * Read/Write Lock Functions
+ *
+ */
+
+#include "pkix_pl_monitorlock.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+static PKIX_Error *
+pkix_pl_MonitorLock_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_MonitorLock* monitorLock = NULL;
+
+        PKIX_ENTER(MONITORLOCK, "pkix_pl_MonitorLock_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_MONITORLOCK_TYPE, plContext),
+                    PKIX_OBJECTNOTMONITORLOCK);
+
+        monitorLock = (PKIX_PL_MonitorLock*) object;
+
+        PKIX_MONITORLOCK_DEBUG("Calling PR_DestroyMonitor)\n");
+        PR_DestroyMonitor(monitorLock->lock);
+        monitorLock->lock = NULL;
+
+cleanup:
+
+        PKIX_RETURN(MONITORLOCK);
+}
+
+/*
+ * FUNCTION: pkix_pl_MonitorLock_RegisterSelf
+ * DESCRIPTION:
+ * Registers PKIX_MONITORLOCK_TYPE and its related functions with
+ * systemClasses[].
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_MonitorLock_RegisterSelf(
+        void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(MONITORLOCK, "pkix_pl_MonitorLock_RegisterSelf");
+
+        entry.description = "MonitorLock";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_MonitorLock);
+        entry.destructor = pkix_pl_MonitorLock_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_MONITORLOCK_TYPE] = entry;
+
+        PKIX_RETURN(MONITORLOCK);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+PKIX_Error *
+PKIX_PL_MonitorLock_Create(
+        PKIX_PL_MonitorLock **pNewLock,
+        void *plContext)
+{
+        PKIX_PL_MonitorLock *monitorLock = NULL;
+
+        PKIX_ENTER(MONITORLOCK, "PKIX_PL_MonitorLock_Create");
+        PKIX_NULLCHECK_ONE(pNewLock);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_MONITORLOCK_TYPE,
+                    sizeof (PKIX_PL_MonitorLock),
+                    (PKIX_PL_Object **)&monitorLock,
+                    plContext),
+                    PKIX_ERRORALLOCATINGMONITORLOCK);
+
+        PKIX_MONITORLOCK_DEBUG("\tCalling PR_NewMonitor)\n");
+        monitorLock->lock = PR_NewMonitor();
+
+        if (monitorLock->lock == NULL) {
+                PKIX_DECREF(monitorLock);
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        *pNewLock = monitorLock;
+
+cleanup:
+
+        PKIX_RETURN(MONITORLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_MonitorLock_Enter(
+        PKIX_PL_MonitorLock *monitorLock,
+        void *plContext)
+{
+        PKIX_ENTER_NO_LOGGER(MONITORLOCK, "PKIX_PL_MonitorLock_Enter");
+        PKIX_NULLCHECK_ONE(monitorLock);
+
+        PKIX_MONITORLOCK_DEBUG("\tCalling PR_EnterMonitor)\n");
+        (void) PR_EnterMonitor(monitorLock->lock);
+
+        PKIX_RETURN_NO_LOGGER(MONITORLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_MonitorLock_Exit(
+        PKIX_PL_MonitorLock *monitorLock,
+        void *plContext)
+{
+        PKIX_ENTER_NO_LOGGER(MONITORLOCK, "PKIX_PL_MonitorLock_Exit");
+        PKIX_NULLCHECK_ONE(monitorLock);
+
+        PKIX_MONITORLOCK_DEBUG("\tCalling PR_ExitMonitor)\n");
+        PR_ExitMonitor(monitorLock->lock);
+
+        PKIX_RETURN_NO_LOGGER(MONITORLOCK);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h
new file mode 100755
index 0000000..76ac539
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_monitorlock.h
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_monitorlock.h
+ *
+ * Read/Write Lock Definition
+ *
+ */
+
+#ifndef _PKIX_PL_MONITORLOCK_H
+#define _PKIX_PL_MONITORLOCK_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_MonitorLockStruct {
+        PRMonitor* lock;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_MonitorLock_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_MONITORLOCK_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c
new file mode 100755
index 0000000..07d1369
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.c
@@ -0,0 +1,163 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_mutex.c
+ *
+ * Mutual Exclusion (Lock) Object Functions
+ *
+ */
+
+#include "pkix_pl_mutex.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_Mutex_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_Mutex_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Mutex *mutex = NULL;
+
+        PKIX_ENTER(MUTEX, "pkix_pl_Mutex_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Sanity check: Test that "object" is a mutex */
+        PKIX_CHECK(pkix_CheckType(object, PKIX_MUTEX_TYPE, plContext),
+                    PKIX_OBJECTNOTMUTEX);
+
+        mutex = (PKIX_PL_Mutex*) object;
+
+        PKIX_MUTEX_DEBUG("\tCalling PR_DestroyLock).\n");
+        PR_DestroyLock(mutex->lock);
+        mutex->lock = NULL;
+
+cleanup:
+
+        PKIX_RETURN(MUTEX);
+}
+
+/*
+ * FUNCTION: pkix_pl_Mutex_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_MUTEX_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_Mutex_RegisterSelf(
+        /* ARGSUSED */ void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(MUTEX, "pkix_pl_Mutex_RegisterSelf");
+
+        entry.description = "Mutex";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_Mutex);
+        entry.destructor = pkix_pl_Mutex_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_MUTEX_TYPE] = entry;
+
+        PKIX_RETURN(MUTEX);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_Mutex_Create (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Mutex_Create(
+        PKIX_PL_Mutex **pNewLock,
+        void *plContext)
+{
+        PKIX_PL_Mutex *mutex = NULL;
+
+        PKIX_ENTER(MUTEX, "PKIX_PL_Mutex_Create");
+        PKIX_NULLCHECK_ONE(pNewLock);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_MUTEX_TYPE,
+                    sizeof (PKIX_PL_Mutex),
+                    (PKIX_PL_Object **)&mutex,
+                    plContext),
+                    PKIX_COULDNOTCREATELOCKOBJECT);
+
+        PKIX_MUTEX_DEBUG("\tCalling PR_NewLock).\n");
+        mutex->lock = PR_NewLock();
+
+        /* If an error occurred in NSPR, report it here */
+        if (mutex->lock == NULL) {
+                PKIX_DECREF(mutex);
+                PKIX_ERROR_ALLOC_ERROR();
+        }
+
+        *pNewLock = mutex;
+
+cleanup:
+
+        PKIX_RETURN(MUTEX);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Mutex_Lock (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Mutex_Lock(
+        PKIX_PL_Mutex *mutex,
+        void *plContext)
+{
+        PKIX_ENTER(MUTEX, "PKIX_PL_Mutex_Lock");
+        PKIX_NULLCHECK_ONE(mutex);
+
+        PKIX_MUTEX_DEBUG("\tCalling PR_Lock).\n");
+        PR_Lock(mutex->lock);
+
+        PKIX_MUTEX_DEBUG_ARG("(Thread %u just acquired the lock)\n",
+                        (PKIX_UInt32)PR_GetCurrentThread());
+
+        PKIX_RETURN(MUTEX);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Mutex_Unlock (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Mutex_Unlock(
+        PKIX_PL_Mutex *mutex,
+        void *plContext)
+{
+        PRStatus result;
+
+        PKIX_ENTER(MUTEX, "PKIX_PL_Mutex_Unlock");
+        PKIX_NULLCHECK_ONE(mutex);
+
+        PKIX_MUTEX_DEBUG("\tCalling PR_Unlock).\n");
+        result = PR_Unlock(mutex->lock);
+
+        PKIX_MUTEX_DEBUG_ARG("(Thread %u just released the lock)\n",
+                        (PKIX_UInt32)PR_GetCurrentThread());
+
+        if (result == PR_FAILURE) {
+                PKIX_ERROR_FATAL(PKIX_ERRORUNLOCKINGMUTEX);
+        }
+
+cleanup:
+        PKIX_RETURN(MUTEX);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h
new file mode 100755
index 0000000..baf16fe
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_mutex.h
@@ -0,0 +1,33 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_mutex.h
+ *
+ * Mutual Exclusion (Lock) Object Type Definition
+ *
+ */
+
+#ifndef _PKIX_PL_MUTEX_H
+#define _PKIX_PL_MUTEX_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_MutexStruct {
+        PRLock* lock;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_Mutex_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_MUTEX_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
new file mode 100755
index 0000000..7dafa0b
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
@@ -0,0 +1,1440 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_object.c
+ *
+ * Object Construction, Destruction and Callback Functions
+ *
+ */
+
+#include "pkix_pl_object.h"
+
+#ifdef PKIX_USER_OBJECT_TYPE
+/* --Class-Table-Initializers------------------------------------ */
+
+/*
+ * Create storage space for 20 Class Table buckets.
+ * These are only for user-defined types. System types are registered
+ * separately by PKIX_PL_Initialize.
+ */
+
+static pkix_pl_HT_Elem*
+pkix_Raw_ClassTable_Buckets[] = {
+        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
+        NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+/*
+ * Allocate static memory for a ClassTable.
+ * XXX This assumes the bucket pointer will fit into a PKIX_UInt32
+ */
+static pkix_pl_PrimHashTable pkix_Raw_ClassTable = {
+        (void *)pkix_Raw_ClassTable_Buckets, /* Buckets */
+        20 /* Number of Buckets */
+};
+static pkix_pl_PrimHashTable * classTable = &pkix_Raw_ClassTable;
+#endif /* PKIX_USER_OBJECT_TYPE */
+
+/* --Private-Functions-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_Object_GetHeader
+ * DESCRIPTION:
+ *
+ *  Shifts Object pointed to by "object" by the sizeof(PKIX_PL_Object) and
+ *  stores the value at "pObjectHeader".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object to shift. Must be non-NULL.
+ *  "pObjectHeader"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Object_GetHeader(
+        PKIX_PL_Object *object,
+        PKIX_PL_Object **pObjectHeader,
+        void *plContext)
+{
+        PKIX_PL_Object *header = NULL;
+        PKIX_UInt32 objType;
+
+        PKIX_ENTER(OBJECT, "pkix_pl_Object_GetHeader");
+        PKIX_NULLCHECK_TWO(object, pObjectHeader);
+
+        PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
+
+        /* The header is sizeof(PKIX_PL_Object) before the object pointer */
+        header = (PKIX_PL_Object *)((char *)object - sizeof(PKIX_PL_Object));
+
+        objType = header->type;
+
+        if (objType >= PKIX_NUMTYPES) { /* if this is a user-defined type */
+#ifdef PKIX_USER_OBJECT_TYPE
+                pkix_ClassTable_Entry *ctEntry = NULL;
+
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+
+                PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
+                            (classTable,
+                            (void *)&objType,
+                            objType,
+                            NULL,
+                            (void **)&ctEntry,
+                            plContext),
+                            PKIX_ERRORGETTINGCLASSTABLEENTRY);
+
+                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+
+                if (ctEntry == NULL) {
+                        PKIX_ERROR_FATAL(PKIX_UNKNOWNOBJECTTYPE);
+                }
+#else
+                PORT_Assert(objType < PKIX_NUMTYPES);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+        }
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+        PORT_Assert(header && header->magicHeader == PKIX_MAGIC_HEADER);
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        if ((header == NULL)||
+            (header->magicHeader != PKIX_MAGIC_HEADER)) {
+                PKIX_ERROR_ALLOC_ERROR();
+        }
+
+        *pObjectHeader = header;
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_Destroy_Object
+ * DESCRIPTION:
+ *
+ *  Destroys and deallocates Object pointed to by "object". The caller is
+ *  assumed to hold the Object's lock, which is acquired in
+ *  PKIX_PL_Object_DecRef().
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object to destroy. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Object_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader = NULL;
+
+        PKIX_ENTER(OBJECT, "pkix_pl_Object_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+        PKIX_CHECK_FATAL(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+#else
+        PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        /* Attempt to delete an object still being used */
+        if (objectHeader->references != 0) {
+                PKIX_ERROR_FATAL(PKIX_OBJECTSTILLREFERENCED);
+        }
+
+        PKIX_DECREF(objectHeader->stringRep);
+
+        /* Destroy this object's lock */
+        PKIX_OBJECT_DEBUG("\tCalling PR_DestroyLock).\n");
+        PR_DestroyLock(objectHeader->lock);
+        objectHeader->lock = NULL;
+        object = NULL;
+
+        objectHeader->magicHeader = PKIX_MAGIC_HEADER_DESTROYED;
+
+#ifdef PKIX_OBJECT_LEAK_TEST
+        memset(objectHeader, 0xbf, systemClasses[PKIX_OBJECT_TYPE].typeObjectSize);
+#endif
+
+        PKIX_FREE(objectHeader);
+
+cleanup:
+#ifdef PKIX_OBJECT_LEAK_TEST
+fatal:
+#endif
+
+        PKIX_RETURN(OBJECT);
+}
+
+/* --Default-Callbacks-------------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_Object_Equals_Default
+ * DESCRIPTION:
+ *
+ *  Default Object_Equals callback: Compares the address of the Object pointed
+ *  to by "firstObject" with the address of the Object pointed to by
+ *  "secondObject" and stores the Boolean result at "pResult".
+ *
+ * PARAMETERS:
+ *  "firstObject"
+ *      Address of first Object to compare. Must be non-NULL.
+ *  "secondObject"
+ *      Address of second Object to compare. Must be non-NULL.
+ *  "pResult"
+ *      Address where Boolean result will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Object_Equals_Default(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_ENTER(OBJECT, "pkix_pl_Object_Equals_Default");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* Just compare pointer values */
+        *pResult = (firstObject == secondObject)?PKIX_TRUE:PKIX_FALSE;
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Object_ToString_Default
+ * DESCRIPTION:
+ *
+ *  Default Object_ToString callback: Creates a string consisting of the
+ *  typename and address of the Object pointed to by "object" and stores
+ *  the result at "pString". The format for the string is
+ *  "TypeName@Address: <address>", where the default typename is "Object".
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object to convert to a string. Must be non-NULL.
+ *  "pString"
+ *      Address where object pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Object_ToString_Default(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *formatString = NULL;
+        PKIX_PL_String *descString = NULL;
+        char *format = "%s@Address: %x";
+        char *description = NULL;
+        PKIX_UInt32 objType;
+
+        PKIX_ENTER(OBJECT, "pkix_pl_Object_ToString_Default");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(PKIX_PL_Object_GetType(object, &objType, plContext),
+                    PKIX_OBJECTGETTYPEFAILED);
+
+        if (objType >= PKIX_NUMTYPES){
+#ifdef PKIX_USER_OBJECT_TYPE
+                pkix_ClassTable_Entry *ctEntry = NULL;
+
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                        (classTable,
+                        (void *)&objType,
+                        objType,
+                        NULL,
+                        (void **)&ctEntry,
+                        plContext);
+                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+                if (pkixErrorResult){
+                        PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
+                }
+
+                if (ctEntry == NULL){
+                        PKIX_ERROR_FATAL(PKIX_UNDEFINEDCLASSTABLEENTRY);
+                } else {
+                        description = ctEntry->description;
+                        if (description == NULL) {
+                            description = "User Type Object";
+                        }
+                }
+#else
+                PORT_Assert (0);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+        } else {
+                description = systemClasses[objType].description;
+        }
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    (void *)format,
+                    0,
+                    &formatString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII,
+                    (void *)description,
+                    0,
+                    &descString,
+                    plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        PKIX_CHECK(PKIX_PL_Sprintf
+                    (pString,
+                    plContext,
+                    formatString,
+                    descString,
+                    object),
+                    PKIX_SPRINTFFAILED);
+
+cleanup:
+
+        PKIX_DECREF(formatString);
+        PKIX_DECREF(descString);
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Object_Hashcode_Default
+ * DESCRIPTION:
+ *
+ *  Default Object_Hashcode callback. Creates the a hashcode value using the
+ *  address of the Object pointed to by "object" and stores the result at
+ *  "pValue".
+ *
+ *  XXX This isn't great since addresses are not uniformly distributed.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object to compute hashcode for. Must be non-NULL.
+ *  "pValue"
+ *      Address where PKIX_UInt32 will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_Object_Hashcode_Default(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pValue,
+        void *plContext)
+{
+        PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default");
+        PKIX_NULLCHECK_TWO(object, pValue);
+
+        *pValue = (PKIX_UInt32)((char *)object - (char *)NULL);
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Object_RetrieveEqualsCallback
+ * DESCRIPTION:
+ *
+ *  Retrieves Equals callback function of Object pointed to by "object and
+ *  stores it at "pEqualsCallback". If the object's type is one of the system
+ *  types, its callback function is retrieved from the systemClasses array;
+ *  otherwise, its callback function is retrieve from the classTable hash
+ *  table where user-defined types are stored.
+ *
+ * PARAMETERS:
+ *  "object"
+ *      Address of Object whose equals callback is desired. Must be non-NULL.
+ *  "pEqualsCallback"
+ *      Address where EqualsCallback function pointer will be stored.
+ *      Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns an Object Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_Object_RetrieveEqualsCallback(
+        PKIX_PL_Object *object,
+        PKIX_PL_EqualsCallback *pEqualsCallback,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader = NULL;
+        PKIX_PL_EqualsCallback func = NULL;
+        pkix_ClassTable_Entry entry;
+        PKIX_UInt32 objType;
+
+        PKIX_ENTER(OBJECT, "pkix_pl_Object_RetrieveEqualsCallback");
+        PKIX_NULLCHECK_TWO(object, pEqualsCallback);
+
+        PKIX_CHECK(pkix_pl_Object_GetHeader
+                    (object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        objType = objectHeader->type;
+
+        if (objType >= PKIX_NUMTYPES){
+#ifdef PKIX_USER_OBJECT_TYPE
+                pkix_ClassTable_Entry *ctEntry = NULL;
+
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                        (classTable,
+                        (void *)&objType,
+                        objType,
+                        NULL,
+                        (void **)&ctEntry,
+                        plContext);
+                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+                if (pkixErrorResult){
+                        PKIX_ERROR(PKIX_ERRORGETTINGCLASSTABLEENTRY);
+                }
+
+                if ((ctEntry == NULL) || (ctEntry->equalsFunction == NULL)) {
+                        PKIX_ERROR(PKIX_UNDEFINEDEQUALSCALLBACK);
+                } else {
+                        *pEqualsCallback = ctEntry->equalsFunction;
+                }
+#else
+                PORT_Assert (0);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+        } else {
+                entry = systemClasses[objType];
+                func = entry.equalsFunction;
+                if (func == NULL){
+                        func = pkix_pl_Object_Equals_Default;
+                }
+                *pEqualsCallback = func;
+        }
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: pkix_pl_Object_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_OBJECT_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ *
+ *  PKIX_PL_Object should have all function pointes to be to NULL: they
+ *  work as proxy function to a real objects.
+ *  
+ */
+PKIX_Error *
+pkix_pl_Object_RegisterSelf(void *plContext)
+{
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(ERROR, "pkix_pl_Object_RegisterSelf");
+
+        entry.description = "Object";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_Object);
+        entry.destructor = NULL;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_OBJECT_TYPE] = entry;
+
+        PKIX_RETURN(ERROR);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_Object_Alloc (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_Alloc(
+        PKIX_TYPENUM objType,
+        PKIX_UInt32 size,
+        PKIX_PL_Object **pObject,
+        void *plContext)
+{
+        PKIX_PL_Object *object = NULL;
+        pkix_ClassTable_Entry *ctEntry = NULL;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_Alloc");
+        PKIX_NULLCHECK_ONE(pObject);
+
+        /*
+         * We need to ensure that user-defined types have been registered.
+         * All system types have already been registered by PKIX_PL_Initialize.
+         */
+
+        if (objType >= PKIX_NUMTYPES) { /* i.e. if this is a user-defined type */
+#ifdef PKIX_USER_OBJECT_TYPE
+                PKIX_Boolean typeRegistered;
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                        (classTable,
+                        (void *)&objType,
+                        objType,
+                        NULL,
+                        (void **)&ctEntry,
+                        plContext);
+                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+                if (pkixErrorResult){
+                        PKIX_ERROR_FATAL(PKIX_COULDNOTLOOKUPINHASHTABLE);
+                }
+
+                typeRegistered = (ctEntry != NULL);
+
+                if (!typeRegistered) {
+                        PKIX_ERROR_FATAL(PKIX_UNKNOWNTYPEARGUMENT);
+                }
+#else
+                PORT_Assert (0);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+        } else {
+                ctEntry = &systemClasses[objType];
+        }
+        
+        PORT_Assert(size == ctEntry->typeObjectSize);
+
+        /* Allocate space for the object header and the requested size */
+#ifdef PKIX_OBJECT_LEAK_TEST       
+        PKIX_CHECK(PKIX_PL_Calloc
+                    (1,
+                    ((PKIX_UInt32)sizeof (PKIX_PL_Object))+size,
+                    (void **)&object,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+#else
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (((PKIX_UInt32)sizeof (PKIX_PL_Object))+size,
+                    (void **)&object,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+#endif /* PKIX_OBJECT_LEAK_TEST */
+
+        /* Initialize all object fields */
+        object->magicHeader = PKIX_MAGIC_HEADER;
+        object->type = objType;
+        object->references = 1; /* Default to a single reference */
+        object->stringRep = NULL;
+        object->hashcode = 0;
+        object->hashcodeCached = 0;
+
+        /* Cannot use PKIX_PL_Mutex because it depends on Object */
+        /* Using NSPR Locks instead */
+        PKIX_OBJECT_DEBUG("\tCalling PR_NewLock).\n");
+        object->lock = PR_NewLock();
+        if (object->lock == NULL) {
+                PKIX_ERROR_ALLOC_ERROR();
+        }
+
+        PKIX_OBJECT_DEBUG("\tShifting object pointer).\n");
+
+
+        /* Return a pointer to the user data. Need to offset by object size */
+        *pObject = object + 1;
+        object = NULL;
+
+        /* Atomically increment object counter */
+        PR_ATOMIC_INCREMENT((PRInt32*)&ctEntry->objCounter);
+
+cleanup:
+
+        PKIX_FREE(object);
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_IsTypeRegistered (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_IsTypeRegistered(
+        PKIX_UInt32 objType,
+        PKIX_Boolean *pBool,
+        void *plContext)
+{
+#ifdef PKIX_USER_OBJECT_TYPE
+        pkix_ClassTable_Entry *ctEntry = NULL;
+#endif
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_IsTypeRegistered");
+        PKIX_NULLCHECK_ONE(pBool);
+
+        /* first, we handle the system types */
+        if (objType < PKIX_NUMTYPES) {
+                *pBool = PKIX_TRUE;
+                goto cleanup;
+        }
+
+#ifndef PKIX_USER_OBJECT_TYPE
+        PORT_Assert (0);
+        pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+        pkixErrorClass = PKIX_FATAL_ERROR;
+#else
+        PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+        PR_Lock(classTableLock);
+        pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                (classTable,
+                (void *)&objType,
+                objType,
+                NULL,
+                (void **)&ctEntry,
+                plContext);
+        PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+        PR_Unlock(classTableLock);
+
+        if (pkixErrorResult){
+                PKIX_ERROR_FATAL(PKIX_COULDNOTLOOKUPINHASHTABLE);
+        }
+
+        *pBool = (ctEntry != NULL);
+#endif /* PKIX_USER_OBJECT_TYPE */
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+#ifdef PKIX_USER_OBJECT_TYPE
+/*
+ * FUNCTION: PKIX_PL_Object_RegisterType (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_RegisterType(
+        PKIX_UInt32 objType,
+        char *description,
+        PKIX_PL_DestructorCallback destructor,
+        PKIX_PL_EqualsCallback equalsFunction,
+        PKIX_PL_HashcodeCallback hashcodeFunction,
+        PKIX_PL_ToStringCallback toStringFunction,
+        PKIX_PL_ComparatorCallback comparator,
+        PKIX_PL_DuplicateCallback duplicateFunction,
+        void *plContext)
+{
+        pkix_ClassTable_Entry *ctEntry = NULL;
+        pkix_pl_Integer *key = NULL;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_RegisterType");
+
+        /*
+         * System types are registered on startup by PKIX_PL_Initialize.
+         * These can not be overwritten.
+         */
+
+        if (objType < PKIX_NUMTYPES) { /* if this is a system type */
+                PKIX_ERROR(PKIX_CANTREREGISTERSYSTEMTYPE);
+        }
+
+        PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+        PR_Lock(classTableLock);
+        PKIX_CHECK(pkix_pl_PrimHashTable_Lookup
+                    (classTable,
+                    (void *)&objType,
+                    objType,
+                    NULL,
+                    (void **)&ctEntry,
+                    plContext),
+                    PKIX_PRIMHASHTABLELOOKUPFAILED);
+
+        /* If the type is already registered, throw an error */
+        if (ctEntry) {
+                PKIX_ERROR(PKIX_TYPEALREADYREGISTERED);
+        }
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (((PKIX_UInt32)sizeof (pkix_ClassTable_Entry)),
+                    (void **)&ctEntry,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+        /* Set Default Values if none specified */
+
+        if (description == NULL){
+                description = "Object";
+        }
+
+        if (equalsFunction == NULL) {
+                equalsFunction = pkix_pl_Object_Equals_Default;
+        }
+
+        if (toStringFunction == NULL) {
+                toStringFunction = pkix_pl_Object_ToString_Default;
+        }
+
+        if (hashcodeFunction == NULL) {
+                hashcodeFunction = pkix_pl_Object_Hashcode_Default;
+        }
+
+        ctEntry->destructor = destructor;
+        ctEntry->equalsFunction = equalsFunction;
+        ctEntry->toStringFunction = toStringFunction;
+        ctEntry->hashcodeFunction = hashcodeFunction;
+        ctEntry->comparator = comparator;
+        ctEntry->duplicateFunction = duplicateFunction;
+        ctEntry->description = description;
+
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (((PKIX_UInt32)sizeof (pkix_pl_Integer)),
+                    (void **)&key,
+                    plContext),
+                    PKIX_COULDNOTMALLOCNEWKEY);
+
+        key->ht_int = objType;
+
+        PKIX_CHECK(pkix_pl_PrimHashTable_Add
+                    (classTable,
+                    (void *)key,
+                    (void *)ctEntry,
+                    objType,
+                    NULL,
+                    plContext),
+                    PKIX_PRIMHASHTABLEADDFAILED);
+
+cleanup:
+        PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+        PR_Unlock(classTableLock);
+
+        PKIX_RETURN(OBJECT);
+}
+#endif /* PKIX_USER_OBJECT_TYPE */
+
+/*
+ * FUNCTION: PKIX_PL_Object_IncRef (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_IncRef(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader = NULL;
+        PKIX_PL_NssContext *context = NULL;
+        PKIX_Int32 refCount = 0;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_IncRef");
+        PKIX_NULLCHECK_ONE(object);
+
+        if (plContext){
+                /* 
+                 * PKIX_PL_NssContext is not a complete PKIX Type, it doesn't
+                 * have a header therefore we cannot verify its type before
+                 * casting.
+                 */  
+                context = (PKIX_PL_NssContext *) plContext;
+                if (context->arena != NULL) {
+                        goto cleanup;
+                }
+        }
+
+        if (object == (PKIX_PL_Object*)PKIX_ALLOC_ERROR()) {
+                goto cleanup;
+        }
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        /* This object should never have zero references */
+        refCount = PR_ATOMIC_INCREMENT(&objectHeader->references);
+
+        if (refCount <= 1) {
+                PKIX_THROW(FATAL, PKIX_OBJECTWITHNONPOSITIVEREFERENCES);
+        }
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_DecRef (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_DecRef(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_Int32 refCount = 0;
+        PKIX_PL_Object *objectHeader = NULL;
+        PKIX_PL_NssContext *context = NULL;
+            
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_DecRef");
+        PKIX_NULLCHECK_ONE(object);
+
+        if (plContext){
+                /* 
+                 * PKIX_PL_NssContext is not a complete PKIX Type, it doesn't
+                 * have a header therefore we cannot verify its type before
+                 * casting.
+                 */  
+                context = (PKIX_PL_NssContext *) plContext;
+                if (context->arena != NULL) {
+                        goto cleanup;
+                }
+        }
+
+        if (object == (PKIX_PL_Object*)PKIX_ALLOC_ERROR()) {
+                goto cleanup;
+        }
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        refCount = PR_ATOMIC_DECREMENT(&objectHeader->references);
+
+        if (refCount == 0) {
+            PKIX_PL_DestructorCallback destructor = NULL;
+            pkix_ClassTable_Entry *ctEntry = NULL;
+            PKIX_UInt32 objType = objectHeader->type;
+            
+            /* first, special handling for system types */
+            if (objType >= PKIX_NUMTYPES){
+#ifdef PKIX_USER_OBJECT_TYPE
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                    (classTable,
+                     (void *)&objType,
+                     objType,
+                     NULL,
+                     (void **)&ctEntry,
+                     plContext);
+                PKIX_OBJECT_DEBUG
+                    ("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+                if (pkixErrorResult){
+                    PKIX_ERROR_FATAL
+                        (PKIX_ERRORINGETTINGDESTRUCTOR);
+                }
+                
+                if (ctEntry != NULL){
+                    destructor = ctEntry->destructor;
+                }
+#else
+                PORT_Assert (0);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+            } else {
+                ctEntry = &systemClasses[objType];
+                destructor = ctEntry->destructor;
+            }
+            
+            if (destructor != NULL){
+                /* Call destructor on user data if necessary */
+                pkixErrorResult = destructor(object, plContext);
+                if (pkixErrorResult) {
+                    pkixErrorClass = PKIX_FATAL_ERROR;
+                    PKIX_DoAddError(stdVarsPtr, pkixErrorResult, plContext);
+                    pkixErrorResult = NULL;
+                }
+            }
+            
+            /* Atomically decrement object counter */
+            PR_ATOMIC_DECREMENT((PRInt32*)&ctEntry->objCounter);
+            
+            /* pkix_pl_Object_Destroy assumes the lock is held */
+            /* It will call unlock and destroy the object */
+            pkixErrorResult = pkix_pl_Object_Destroy(object, plContext);
+            goto cleanup;
+        }
+
+        if (refCount < 0) {
+            PKIX_ERROR_ALLOC_ERROR();
+        }
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+
+
+/*
+ * FUNCTION: PKIX_PL_Object_Equals (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_PL_Object *firstObjectHeader = NULL;
+        PKIX_PL_Object *secondObjectHeader = NULL;
+        PKIX_PL_EqualsCallback func = NULL;
+        pkix_ClassTable_Entry entry;
+        PKIX_UInt32 objType;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        PKIX_CHECK(pkix_pl_Object_GetHeader
+                    (firstObject, &firstObjectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        PKIX_CHECK(pkix_pl_Object_GetHeader
+                    (secondObject, &secondObjectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        /* if hashcodes are cached but not equal, objects can't be equal */
+        if (firstObjectHeader->hashcodeCached &&
+            secondObjectHeader->hashcodeCached){
+                if (firstObjectHeader->hashcode !=
+                    secondObjectHeader->hashcode){
+                        *pResult = PKIX_FALSE;
+                        goto cleanup;
+                }
+        }
+
+        objType = firstObjectHeader->type;
+
+        if (objType >= PKIX_NUMTYPES) {
+#ifdef PKIX_USER_OBJECT_TYPE
+                pkix_ClassTable_Entry *ctEntry = NULL;
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                        (classTable,
+                        (void *)&firstObjectHeader->type,
+                        firstObjectHeader->type,
+                        NULL,
+                        (void **)&ctEntry,
+                        plContext);
+                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+
+                if (pkixErrorResult){
+                        PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
+                }
+
+                if ((ctEntry == NULL) || (ctEntry->equalsFunction == NULL)) {
+                        PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
+                } else {
+                        func = ctEntry->equalsFunction;
+                }
+#else
+                PORT_Assert (0);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+        } else {
+                entry = systemClasses[objType];
+                func = entry.equalsFunction;
+                if (func == NULL){
+                        func = pkix_pl_Object_Equals_Default;
+                }
+        }
+
+        PKIX_CHECK(func(firstObject, secondObject, pResult, plContext),
+                    PKIX_OBJECTSPECIFICFUNCTIONFAILED);
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_Duplicate (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_Duplicate(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object **pNewObject,
+        void *plContext)
+{
+        PKIX_PL_Object *firstObjectHeader = NULL;
+        PKIX_PL_DuplicateCallback func = NULL;
+        pkix_ClassTable_Entry entry;
+        PKIX_UInt32 objType;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_Duplicate");
+        PKIX_NULLCHECK_TWO(firstObject, pNewObject);
+
+        PKIX_CHECK(pkix_pl_Object_GetHeader
+                    (firstObject, &firstObjectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        objType = firstObjectHeader->type;
+
+        if (objType >= PKIX_NUMTYPES) {
+#ifdef PKIX_USER_OBJECT_TYPE
+                pkix_ClassTable_Entry *ctEntry = NULL;
+
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                        (classTable,
+                        (void *)&objType,
+                        objType,
+                        NULL,
+                        (void **)&ctEntry,
+                        plContext);
+                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+
+                if (pkixErrorResult){
+                        PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
+                }
+
+                if ((ctEntry == NULL) || (ctEntry->duplicateFunction == NULL)) {
+                        PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
+                } else {
+                        func = ctEntry->duplicateFunction;
+                }
+#else
+                PORT_Assert (0);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+        } else {
+                entry = systemClasses[objType];
+                func = entry.duplicateFunction;
+                if (!func){
+                        PKIX_ERROR_FATAL(PKIX_UNDEFINEDDUPLICATEFUNCTION);
+                }
+        }
+
+        PKIX_CHECK(func(firstObject, pNewObject, plContext),
+                    PKIX_OBJECTSPECIFICFUNCTIONFAILED);
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_Hashcode (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pValue,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader = NULL;
+        PKIX_PL_HashcodeCallback func = NULL;
+        pkix_ClassTable_Entry entry;
+        PKIX_UInt32 objectHash;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pValue);
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (!objectHeader->hashcodeCached){
+
+                PKIX_UInt32 objType = objectHeader->type;
+
+                /* first, special handling for system types */
+                if (objType >= PKIX_NUMTYPES){
+#ifdef PKIX_USER_OBJECT_TYPE            
+                        pkix_ClassTable_Entry *ctEntry = NULL;
+
+                        PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                        PR_Lock(classTableLock);
+                        pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                                (classTable,
+                                (void *)&objType,
+                                objType,
+                                NULL,
+                                (void **)&ctEntry,
+                                plContext);
+                        PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                        PR_Unlock(classTableLock);
+
+                        if (pkixErrorResult){
+                                PKIX_ERROR_FATAL
+                                        (PKIX_ERRORGETTINGCLASSTABLEENTRY);
+                        }
+
+                        if ((ctEntry == NULL) ||
+                            (ctEntry->hashcodeFunction == NULL)) {
+                                PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
+                        }
+
+                        func = ctEntry->hashcodeFunction;
+#else
+                        PORT_Assert (0);
+                        pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                        pkixErrorClass = PKIX_FATAL_ERROR;
+                        goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+                } else {
+                        entry = systemClasses[objType];
+                        func = entry.hashcodeFunction;
+                        if (func == NULL){
+                                func = pkix_pl_Object_Hashcode_Default;
+                        }
+                }
+
+                PKIX_CHECK(func(object, &objectHash, plContext),
+                            PKIX_OBJECTSPECIFICFUNCTIONFAILED);
+
+                if (!objectHeader->hashcodeCached){
+
+                        PKIX_CHECK(pkix_LockObject(object, plContext),
+                                    PKIX_ERRORLOCKINGOBJECT);
+
+                        if (!objectHeader->hashcodeCached){
+                                /* save cached copy in case we need it again */
+                                objectHeader->hashcode = objectHash;
+                                objectHeader->hashcodeCached = PKIX_TRUE;
+                        }
+
+                        PKIX_CHECK(pkix_UnlockObject(object, plContext),
+                                    PKIX_ERRORUNLOCKINGOBJECT);
+                }
+        }
+
+        *pValue = objectHeader->hashcode;
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_ToString (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader = NULL;
+        PKIX_PL_ToStringCallback func = NULL;
+        pkix_ClassTable_Entry entry;
+        PKIX_PL_String *objectString = NULL;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        /* if we don't have a cached copy from before, we create one */
+        if (!objectHeader->stringRep){
+
+                PKIX_UInt32 objType = objectHeader->type;
+
+                if (objType >= PKIX_NUMTYPES){
+#ifdef PKIX_USER_OBJECT_TYPE
+                        pkix_ClassTable_Entry *ctEntry = NULL;
+
+                        PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                        PR_Lock(classTableLock);
+                        pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                                (classTable,
+                                (void *)&objType,
+                                objType,
+                                NULL,
+                                (void **)&ctEntry,
+                                plContext);
+                        PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                        PR_Unlock(classTableLock);
+                        if (pkixErrorResult){
+                                PKIX_ERROR_FATAL
+                                        (PKIX_ERRORGETTINGCLASSTABLEENTRY);
+                        }
+
+                        if ((ctEntry == NULL) ||
+                            (ctEntry->toStringFunction == NULL)) {
+                                PKIX_ERROR_FATAL(PKIX_UNDEFINEDCALLBACK);
+                        }
+
+                        func = ctEntry->toStringFunction;
+#else
+                        PORT_Assert (0);
+                        pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                        pkixErrorClass = PKIX_FATAL_ERROR;
+                        goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+                } else {
+                        entry = systemClasses[objType];
+                        func = entry.toStringFunction;
+                        if (func == NULL){
+                                func = pkix_pl_Object_ToString_Default;
+                        }
+                }
+
+                PKIX_CHECK(func(object, &objectString, plContext),
+                            PKIX_OBJECTSPECIFICFUNCTIONFAILED);
+
+                if (!objectHeader->stringRep){
+
+                        PKIX_CHECK(pkix_LockObject(object, plContext),
+                                    PKIX_ERRORLOCKINGOBJECT);
+
+                        if (!objectHeader->stringRep){
+                                /* save a cached copy */
+                                objectHeader->stringRep = objectString;
+                                objectString = NULL;
+                        }
+
+                        PKIX_CHECK(pkix_UnlockObject(object, plContext),
+                                    PKIX_ERRORUNLOCKINGOBJECT);
+                }
+        }
+
+
+        *pString = objectHeader->stringRep;
+        objectHeader->stringRep = NULL;
+
+cleanup:
+        if (objectHeader) {
+            PKIX_DECREF(objectHeader->stringRep);
+        }
+        PKIX_DECREF(objectString);
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_InvalidateCache (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_InvalidateCache(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader = NULL;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_InvalidateCache");
+        PKIX_NULLCHECK_ONE(object);
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        PKIX_CHECK(pkix_LockObject(object, plContext),
+                    PKIX_ERRORLOCKINGOBJECT);
+
+        /* invalidate hashcode */
+        objectHeader->hashcode = 0;
+        objectHeader->hashcodeCached = PKIX_FALSE;
+
+        PKIX_DECREF(objectHeader->stringRep);
+
+        PKIX_CHECK(pkix_UnlockObject(object, plContext),
+                    PKIX_ERRORUNLOCKINGOBJECT);
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_Compare (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_Compare(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_PL_Object *firstObjectHeader = NULL;
+        PKIX_PL_Object *secondObjectHeader = NULL;
+        PKIX_PL_ComparatorCallback func = NULL;
+        pkix_ClassTable_Entry entry;
+        PKIX_UInt32 objType;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_Compare");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader
+                    (firstObject, &firstObjectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader
+                    (secondObject, &secondObjectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        objType = firstObjectHeader->type;
+
+        if (objType >= PKIX_NUMTYPES){
+#ifdef PKIX_USER_OBJECT_TYPE
+                pkix_ClassTable_Entry *ctEntry = NULL;
+
+                PKIX_OBJECT_DEBUG("\tCalling PR_Lock).\n");
+                PR_Lock(classTableLock);
+                pkixErrorResult = pkix_pl_PrimHashTable_Lookup
+                        (classTable,
+                        (void *)&objType,
+                        objType,
+                        NULL,
+                        (void **)&ctEntry,
+                        plContext);
+                PKIX_OBJECT_DEBUG("\tCalling PR_Unlock).\n");
+                PR_Unlock(classTableLock);
+                if (pkixErrorResult){
+                        PKIX_ERROR_FATAL(PKIX_ERRORGETTINGCLASSTABLEENTRY);
+                }
+
+                if ((ctEntry == NULL) || (ctEntry->comparator == NULL)) {
+                        PKIX_ERROR_FATAL(PKIX_UNDEFINEDCOMPARATOR);
+                }
+
+                func = ctEntry->comparator;
+#else
+                PORT_Assert (0);
+                pkixErrorCode = PKIX_UNKNOWNOBJECTTYPE;
+                pkixErrorClass = PKIX_FATAL_ERROR;
+                goto cleanup;
+#endif /* PKIX_USER_OBJECT_TYPE */
+        } else {
+                /* special handling for system types */
+                entry = systemClasses[objType];
+                func = entry.comparator;
+                if (!func){
+                        PKIX_ERROR(PKIX_UNDEFINEDCOMPARATOR);
+                }
+        }
+
+        PKIX_CHECK(func(firstObject, secondObject, pResult, plContext),
+                    PKIX_OBJECTSPECIFICFUNCTIONFAILED);
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_Lock (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_Lock(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_Lock");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_LockObject(object, plContext),
+                    PKIX_LOCKOBJECTFAILED);
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Object_Unlock (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_Unlock(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_Unlock");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_UnlockObject(object, plContext),
+                    PKIX_UNLOCKOBJECTFAILED);
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
+
+
+/*
+ * FUNCTION: PKIX_PL_Object_GetType (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Object_GetType(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pType,
+        void *plContext)
+{
+        PKIX_PL_Object *objectHeader = NULL;
+
+        PKIX_ENTER(OBJECT, "PKIX_PL_Object_GetType");
+        PKIX_NULLCHECK_TWO(object, pType);
+
+        /* Shift pointer from user data to object header */
+        PKIX_CHECK(pkix_pl_Object_GetHeader(object, &objectHeader, plContext),
+                    PKIX_RECEIVEDCORRUPTEDOBJECTARGUMENT);
+
+        *pType = objectHeader->type;
+
+cleanup:
+
+        PKIX_RETURN(OBJECT);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h
new file mode 100755
index 0000000..0133c43
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.h
@@ -0,0 +1,76 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_object.h
+ *
+ * Object Construction, Destruction and Callback Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_OBJECT_H
+#define _PKIX_PL_OBJECT_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Object Implementation Notes:
+ *
+ * Allocating a new object creates an object header and a block of
+ * uninitialized user data. A pointer to this uninitialized data is
+ * returned to the user. The structure looks as follows:
+ *
+ * +--------------------+
+ * | MAGIC HEADER       |
+ * | (object header)    |
+ * +--------------------+
+ * | user data          | -- pointer returned from PKIX_PL_Object_Alloc
+ * +--------------------+
+ *
+ * Object operations receive a pointer to raw user data as an argument.
+ * The macro HEADER(object) returns a pointer to the object header.
+ * An assertion then verifies that the first field is the MAGIC_HEADER.
+ */
+
+/* PKIX_PL_Object Structure Definition */
+struct PKIX_PL_ObjectStruct {
+        PRUint64    magicHeader;
+        PKIX_UInt32 type;
+        PKIX_Int32 references;
+        PRLock *lock;
+        PKIX_PL_String *stringRep;
+        PKIX_UInt32 hashcode;
+        PKIX_Boolean hashcodeCached;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_Object_RetrieveEqualsCallback(
+        PKIX_PL_Object *object,
+        PKIX_PL_EqualsCallback *equalsCallback,
+        void *plContext);
+
+extern PKIX_Boolean initializing;
+extern PKIX_Boolean initialized;
+
+#ifdef PKIX_USER_OBJECT_TYPE
+
+extern PRLock *classTableLock;
+
+#endif
+
+extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+
+PKIX_Error *
+pkix_pl_Object_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_OBJECT_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
new file mode 100755
index 0000000..a6e0503
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
@@ -0,0 +1,316 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_oid.c
+ *
+ * OID Object Functions
+ *
+ */
+
+#include "pkix_pl_oid.h"
+
+/* --Private-OID-Functions---------------------------------------- */
+
+ /*
+ * FUNCTION: pkix_pl_OID_Comparator
+ * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OID_Comparator(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Int32 *pRes,
+        void *plContext)
+{
+        PKIX_PL_OID *firstOID = NULL;
+        PKIX_PL_OID *secondOID = NULL;
+
+        PKIX_ENTER(OID, "pkix_pl_OID_Comparator");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pRes);
+
+        PKIX_CHECK(pkix_CheckTypes
+                    (firstObject, secondObject, PKIX_OID_TYPE, plContext),
+                    PKIX_ARGUMENTSNOTOIDS);
+
+        firstOID = (PKIX_PL_OID*)firstObject;
+        secondOID = (PKIX_PL_OID*)secondObject;
+
+        *pRes = (PKIX_Int32)SECITEM_CompareItem(&firstOID->derOid,
+                                                &secondOID->derOid);
+cleanup:
+        PKIX_RETURN(OID);
+}
+
+/*
+ * FUNCTION: pkix_pl_OID_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OID_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_OID *oid = NULL;
+
+        PKIX_ENTER(OID, "pkix_pl_OID_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OID_TYPE, plContext),
+                    PKIX_OBJECTNOTANOID);
+        oid = (PKIX_PL_OID*)object;
+        SECITEM_FreeItem(&oid->derOid, PR_FALSE);
+
+cleanup:
+        PKIX_RETURN(OID);
+}
+
+/*
+ * FUNCTION: pkix_pl_OID_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OID_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_OID *oid = NULL;
+
+        PKIX_ENTER(OID, "pkix_pl_OID_HashCode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OID_TYPE, plContext),
+                    PKIX_OBJECTNOTANOID);
+
+        oid = (PKIX_PL_OID *)object;
+
+        PKIX_CHECK(pkix_hash
+                    ((unsigned char *)oid->derOid.data,
+                    oid->derOid.len * sizeof (char),
+                    pHashcode,
+                    plContext),
+                    PKIX_HASHFAILED);
+cleanup:
+
+        PKIX_RETURN(OID);
+}
+
+/*
+ * FUNCTION: pkix_pl_OID_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_OID_Equals(
+        PKIX_PL_Object *first,
+        PKIX_PL_Object *second,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_Int32 cmpResult;
+
+        PKIX_ENTER(OID, "pkix_pl_OID_Equals");
+        PKIX_NULLCHECK_THREE(first, second, pResult);
+
+        PKIX_CHECK(pkix_pl_OID_Comparator
+                    (first, second, &cmpResult, plContext),
+                    PKIX_OIDCOMPARATORFAILED);
+
+        *pResult = (cmpResult == 0);
+cleanup:
+
+        PKIX_RETURN(OID);
+}
+
+/*
+ * FUNCTION: pkix_pl_OID_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ * Use this function only for printing OIDs and not to make any
+ * critical security decision.
+ */
+static PKIX_Error *
+pkix_pl_OID_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_OID *oid = NULL;
+        char *oidString = NULL;
+
+        PKIX_ENTER(OID, "pkix_pl_OID_toString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_OID_TYPE, plContext),
+                    PKIX_OBJECTNOTANOID);
+        oid = (PKIX_PL_OID*)object;
+        oidString = CERT_GetOidString(&oid->derOid);
+        
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, oidString , 0, pString, plContext),
+                PKIX_STRINGCREATEFAILED);
+cleanup:
+        PR_smprintf_free(oidString);
+        
+        PKIX_RETURN(OID);
+}
+
+/*
+ * FUNCTION: pkix_pl_OID_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_OID_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_OID_RegisterSelf(
+        void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry *entry = &systemClasses[PKIX_OID_TYPE];
+
+        PKIX_ENTER(OID, "pkix_pl_OID_RegisterSelf");
+
+        entry->description = "OID";
+        entry->typeObjectSize = sizeof(PKIX_PL_OID);
+        entry->destructor = pkix_pl_OID_Destroy;
+        entry->equalsFunction = pkix_pl_OID_Equals;
+        entry->hashcodeFunction = pkix_pl_OID_Hashcode;
+        entry->toStringFunction = pkix_pl_OID_ToString;
+        entry->comparator = pkix_pl_OID_Comparator;
+        entry->duplicateFunction = pkix_duplicateImmutable;
+
+        PKIX_RETURN(OID);
+}
+
+/*
+ * FUNCTION: pkix_pl_OID_GetCriticalExtensionOIDs
+ * DESCRIPTION:
+ *
+ *  Converts the extensions in "extensions" array that are critical to
+ *  PKIX_PL_OID and returns the result as a PKIX_List in "pPidList".
+ *  If there is no critical extension, an empty list is returned.
+ *
+ * PARAMETERS
+ *  "extension"
+ *      an array of extension pointers. May be NULL.
+ *  "pOidsList"
+ *      Address where the list of OIDs is returned. Must be non-NULL.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a CRL Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_OID_GetCriticalExtensionOIDs(
+        CERTCertExtension **extensions,
+        PKIX_List **pOidsList,
+        void *plContext)
+{
+        PKIX_List *oidsList = NULL;
+        PKIX_PL_OID *pkixOID = NULL;
+
+        PKIX_ENTER(OID, "pkix_pl_OID_GetCriticalExtensionOIDs");
+        PKIX_NULLCHECK_ONE(pOidsList);
+
+        PKIX_CHECK(PKIX_List_Create(&oidsList, plContext),
+                    PKIX_LISTCREATEFAILED);
+
+        if (extensions) {
+            while (*extensions) {
+                CERTCertExtension *extension = NULL;
+                SECItem *critical = NULL;
+                SECItem *oid = NULL;
+
+                extension = *extensions++;
+                /* extension is critical ? */
+                critical = &extension->critical;
+                if (critical->len == 0 || critical->data[0] == 0) {
+                    continue;
+                }
+                oid = &extension->id;
+                PKIX_CHECK(
+                    PKIX_PL_OID_CreateBySECItem(oid, &pkixOID, plContext),
+                    PKIX_OIDCREATEFAILED);
+                PKIX_CHECK(
+                    PKIX_List_AppendItem(oidsList, (PKIX_PL_Object *)pkixOID,
+                                         plContext),
+                    PKIX_LISTAPPENDITEMFAILED);
+                PKIX_DECREF(pkixOID);
+            }
+        }
+
+        *pOidsList = oidsList;
+        oidsList = NULL;
+        
+cleanup:
+        PKIX_DECREF(oidsList);
+        PKIX_DECREF(pkixOID);
+        PKIX_RETURN(OID);
+}
+
+/* --Public-Functions------------------------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_OID_CreateBySECItem (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_OID_CreateBySECItem(
+        SECItem *derOid,
+        PKIX_PL_OID **pOID,
+        void *plContext)
+{
+        PKIX_PL_OID *oid = NULL;
+        SECStatus rv;
+        
+        PKIX_ENTER(OID, "PKIX_PL_OID_CreateBySECItem");
+        PKIX_NULLCHECK_TWO(pOID, derOid);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                   (PKIX_OID_TYPE,
+                    sizeof (PKIX_PL_OID),
+                    (PKIX_PL_Object **)&oid,
+                    plContext),
+                    PKIX_COULDNOTCREATEOBJECT);
+        rv = SECITEM_CopyItem(NULL, &oid->derOid, derOid);
+        if (rv != SECSuccess) {
+            PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+        *pOID = oid;
+        oid = NULL;
+        
+cleanup:
+        PKIX_DECREF(oid);
+        
+        PKIX_RETURN(OID);
+}
+
+/*
+ * FUNCTION: PKIX_PL_OID_Create (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_OID_Create(
+        SECOidTag idtag,
+        PKIX_PL_OID **pOID,
+        void *plContext)
+{
+        SECOidData *oidData = NULL;
+    
+        PKIX_ENTER(OID, "PKIX_PL_OID_Create");
+        PKIX_NULLCHECK_ONE(pOID);
+
+        oidData = SECOID_FindOIDByTag((SECOidTag)idtag);
+        if (!oidData) {
+            PKIX_ERROR(PKIX_SECOIDFINDOIDTAGDESCRIPTIONFAILED);
+        }
+        
+        pkixErrorResult = 
+            PKIX_PL_OID_CreateBySECItem(&oidData->oid, pOID, plContext);
+cleanup:
+        PKIX_RETURN(OID);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h
new file mode 100755
index 0000000..0229194
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.h
@@ -0,0 +1,39 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_oid.h
+ *
+ * OID Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_OID_H
+#define _PKIX_PL_OID_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_OIDStruct {
+    SECItem derOid;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_OID_RegisterSelf(void *plContext);
+
+PKIX_Error *
+pkix_pl_OID_GetCriticalExtensionOIDs(
+        CERTCertExtension **extensions,
+        PKIX_List **pOidsList,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_OID_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c
new file mode 100755
index 0000000..c920533
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.c
@@ -0,0 +1,584 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_primhash.c
+ *
+ * Primitive (non-object) Hashtable Functions
+ *
+ */
+
+#include "pkix_pl_primhash.h"
+
+/* --Private-Functions---------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_KeyComparator_Default
+ * DESCRIPTION:
+ *
+ *  Compares the integer pointed to by "firstKey" with the integer pointed to
+ *  by "secondKey" for equality and stores the Boolean result at "pResult".
+ *  This default key comparator assumes each key is a PKIX_UInt32, and it
+ *  simply tests them for equality.
+ *
+ * PARAMETERS:
+ *  "firstKey"
+ *      Address of the first integer key to compare. Must be non-NULL.
+ *      The EqualsCallback for this Object will be called.
+ *  "secondKey"
+ *      Address of the second integer key to compare. Must be non-NULL.
+ *  "pResult"
+ *      Address where Boolean will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+static PKIX_Error *
+pkix_pl_KeyComparator_Default(
+        PKIX_UInt32 *firstKey,
+        PKIX_UInt32 *secondKey,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        /* Assume both keys are pointers to PKIX_UInt32 */
+        PKIX_UInt32 firstInt, secondInt;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_KeyComparator_Default");
+        PKIX_NULLCHECK_THREE(firstKey, secondKey, pResult);
+
+        firstInt = *firstKey;
+        secondInt = *secondKey;
+
+        *pResult = (firstInt == secondInt)?PKIX_TRUE:PKIX_FALSE;
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_PrimHashTable_Create
+ * DESCRIPTION:
+ *
+ *  Creates a new PrimHashtable object with a number of buckets equal to
+ *  "numBuckets" and stores the result at "pResult".
+ *
+ * PARAMETERS:
+ *  "numBuckets"
+ *      The number of hash table buckets. Must be non-zero.
+ *  "pResult"
+ *      Address where PrimHashTable pointer will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_PrimHashTable_Create(
+        PKIX_UInt32 numBuckets,
+        pkix_pl_PrimHashTable **pResult,
+        void *plContext)
+{
+        pkix_pl_PrimHashTable *primHashTable = NULL;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Create");
+        PKIX_NULLCHECK_ONE(pResult);
+
+        if (numBuckets == 0) {
+                PKIX_ERROR(PKIX_NUMBUCKETSEQUALSZERO);
+        }
+
+        /* Allocate a new hashtable */
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (sizeof (pkix_pl_PrimHashTable),
+                    (void **)&primHashTable,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+        primHashTable->size = numBuckets;
+
+        /* Allocate space for the buckets */
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (numBuckets * sizeof (pkix_pl_HT_Elem*),
+                    (void **)&primHashTable->buckets,
+                    plContext),
+                    PKIX_MALLOCFAILED);
+
+        for (i = 0; i < numBuckets; i++) {
+                primHashTable->buckets[i] = NULL;
+        }
+
+        *pResult = primHashTable;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_FREE(primHashTable);
+        }
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: pkix_pl_PrimHashTable_Add
+ * DESCRIPTION:
+ *
+ *  Adds the value pointed to by "value" to the PrimHashTable pointed to by
+ *  "ht" using the key pointed to by "key" and the hashCode value equal to
+ *  "hashCode", using the function pointed to by "keyComp" to compare keys.
+ *  Assumes the key is either a PKIX_UInt32 or a PKIX_PL_Object. If the value
+ *  already exists in the hashtable, this function returns a non-fatal error.
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of PrimHashtable to insert into. Must be non-NULL.
+ *  "key"
+ *      Address of key. Typically a PKIX_UInt32 or PKIX_PL_Object.
+ *      Must be non-NULL.
+ *  "value"
+ *      Address of Object to be added to PrimHashtable. Must be non-NULL.
+ *  "hashCode"
+ *      Hashcode value of the key.
+ *  "keyComp"
+ *      Address of function used to determine if two keys are equal.
+ *      If NULL, pkix_pl_KeyComparator_Default is used.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "ht"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HashTable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_PrimHashTable_Add(
+        pkix_pl_PrimHashTable *ht,
+        void *key,
+        void *value,
+        PKIX_UInt32 hashCode,
+        PKIX_PL_EqualsCallback keyComp,
+        void *plContext)
+{
+        pkix_pl_HT_Elem **elemPtr = NULL;
+        pkix_pl_HT_Elem *element = NULL;
+        PKIX_Boolean compResult = PKIX_FALSE;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Add");
+        PKIX_NULLCHECK_THREE(ht, key, value);
+
+        for (elemPtr = &((ht->buckets)[hashCode%ht->size]), element = *elemPtr;
+            element != NULL; elemPtr = &(element->next), element = *elemPtr) {
+
+                if (element->hashCode != hashCode){
+                        /* no possibility of a match */
+                        continue;
+                }
+
+                if (keyComp == NULL){
+                        PKIX_CHECK(pkix_pl_KeyComparator_Default
+                                ((PKIX_UInt32 *)key,
+                                (PKIX_UInt32 *)(element->key),
+                                &compResult,
+                                plContext),
+                                PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
+                } else {
+                        PKIX_CHECK(keyComp
+                                ((PKIX_PL_Object *)key,
+                                (PKIX_PL_Object *)(element->key),
+                                &compResult,
+                                plContext),
+                                PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
+                }
+
+                if ((element->hashCode == hashCode) &&
+                    (compResult == PKIX_TRUE)){
+                        /* Same key already exists in the table */
+                    PKIX_ERROR(PKIX_ATTEMPTTOADDDUPLICATEKEY);
+                }
+        }
+
+        /* Next Element should be NULL at this point */
+        if (element != NULL) {
+                PKIX_ERROR(PKIX_ERRORTRAVERSINGBUCKET);
+        }
+
+        /* Create a new HT_Elem */
+        PKIX_CHECK(PKIX_PL_Malloc
+                    (sizeof (pkix_pl_HT_Elem), (void **)elemPtr, plContext),
+                    PKIX_MALLOCFAILED);
+
+        element = *elemPtr;
+
+        element->key = key;
+        element->value = value;
+        element->hashCode = hashCode;
+        element->next = NULL;
+
+cleanup:
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: pkix_pl_PrimHashTable_Remove
+ * DESCRIPTION:
+ *
+ *  Removes any objects with the key pointed to by "key" and hashCode value
+ *  equal to "hashCode" from the PrimHashtable pointed to by "ht", using the
+ *  function pointed to by "keyComp" to compare keys, and stores the object's
+ *  value at "pResult". Assumes "key" is a PKIX_UInt32 or a PKIX_PL_Object.
+ *  This function sets "pResult" to NULL if the key is not in the hashtable.
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of PrimHashtable to remove object. Must be non-NULL.
+ *  "key"
+ *      Address of key for lookup. Typically a PKIX_UInt32 or PKIX_PL_Object.
+ *      Must be non-NULL.
+ *  "value"
+ *      Address of Object to be added to PrimHashtable. Must be non-NULL.
+ *  "hashCode"
+ *      Hashcode value of the key.
+ *  "keyComp"
+ *      Address of function used to determine if two keys are equal.
+ *      If NULL, pkix_pl_KeyComparator_Default is used.
+ *  "pResult"
+ *      Address where value will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "ht"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HashTable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_PrimHashTable_Remove(
+        pkix_pl_PrimHashTable *ht,
+        void *key,
+        PKIX_UInt32 hashCode,
+        PKIX_PL_EqualsCallback keyComp,
+        void **pKey,
+        void **pValue,
+        void *plContext)
+{
+        pkix_pl_HT_Elem *element = NULL;
+        pkix_pl_HT_Elem *prior = NULL;
+        PKIX_Boolean compResult;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Remove");
+        PKIX_NULLCHECK_FOUR(ht, key, pKey, pValue);
+
+        *pKey = NULL;
+        *pValue = NULL;
+
+        for (element = ht->buckets[hashCode%ht->size], prior = element;
+            (element != NULL);
+            prior = element, element = element->next) {
+
+                if (element->hashCode != hashCode){
+                        /* no possibility of a match */
+                        continue;
+                }
+
+                if (keyComp == NULL){
+                        PKIX_CHECK(pkix_pl_KeyComparator_Default
+                                ((PKIX_UInt32 *)key,
+                                (PKIX_UInt32 *)(element->key),
+                                &compResult,
+                                plContext),
+                                PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
+                } else {
+                        PKIX_CHECK(keyComp
+                                ((PKIX_PL_Object *)key,
+                                (PKIX_PL_Object *)(element->key),
+                                &compResult,
+                                plContext),
+                                PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
+                }
+
+                if ((element->hashCode == hashCode) &&
+                    (compResult == PKIX_TRUE)){
+                        if (element != prior) {
+                                prior->next = element->next;
+                        } else {
+                                ht->buckets[hashCode%ht->size] = element->next;
+                        }
+                        *pKey = element->key;
+                        *pValue = element->value;
+                        element->key = NULL;
+                        element->value = NULL;
+                        element->next = NULL;
+                        PKIX_FREE(element);
+                        goto cleanup;
+                }
+        }
+
+cleanup:
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+
+/*
+ * FUNCTION: pkix_pl_HashTableLookup
+ * DESCRIPTION:
+ *
+ *  Looks up object using the key pointed to by "key" and hashCode value
+ *  equal to "hashCode" from the PrimHashtable pointed to by "ht", using the
+ *  function pointed to by "keyComp" to compare keys, and stores the object's
+ *  value at "pResult". Assumes "key" is a PKIX_UInt32 or a PKIX_PL_Object.
+ *  This function sets "pResult" to NULL if the key is not in the hashtable.
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of PrimHashtable to lookup object from. Must be non-NULL.
+ *  "key"
+ *      Address of key for lookup. Typically a PKIX_UInt32 or PKIX_PL_Object.
+ *      Must be non-NULL.
+ *  "keyComp"
+ *      Address of function used to determine if two keys are equal.
+ *      If NULL, pkix_pl_KeyComparator_Default is used.
+ *  "hashCode"
+ *      Hashcode value of the key.
+ *  "pResult"
+ *      Address where value will be stored. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Conditionally Thread Safe
+ *      (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_PrimHashTable_Lookup(
+        pkix_pl_PrimHashTable *ht,
+        void *key,
+        PKIX_UInt32 hashCode,
+        PKIX_PL_EqualsCallback keyComp,
+        void **pResult,
+        void *plContext)
+{
+        pkix_pl_HT_Elem *element = NULL;
+        PKIX_Boolean compResult = PKIX_FALSE;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Lookup");
+        PKIX_NULLCHECK_THREE(ht, key, pResult);
+
+        *pResult = NULL;
+
+        for (element = (ht->buckets)[hashCode%ht->size];
+            (element != NULL) && (*pResult == NULL);
+            element = element->next) {
+
+                if (element->hashCode != hashCode){
+                        /* no possibility of a match */
+                        continue;
+                }
+
+                if (keyComp == NULL){
+                        PKIX_CHECK(pkix_pl_KeyComparator_Default
+                                ((PKIX_UInt32 *)key,
+                                (PKIX_UInt32 *)(element->key),
+                                &compResult,
+                                plContext),
+                                PKIX_COULDNOTTESTWHETHERKEYSEQUAL);
+                } else {
+                       pkixErrorResult =
+                           keyComp((PKIX_PL_Object *)key,
+                                   (PKIX_PL_Object *)(element->key),
+                                   &compResult,
+                                   plContext);
+                       if (pkixErrorResult) {
+                           pkixErrorClass = PKIX_FATAL_ERROR;
+                           pkixErrorCode = PKIX_COULDNOTTESTWHETHERKEYSEQUAL;
+                           goto cleanup;
+                       }
+                }
+
+                if ((element->hashCode == hashCode) &&
+                    (compResult == PKIX_TRUE)){
+                        *pResult = element->value;
+                        goto cleanup;
+                }
+        }
+
+        /* if we've reached here, specified key doesn't exist in hashtable */
+        *pResult = NULL;
+
+cleanup:
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: pkix_pl_PrimHashTable_Destroy
+ *
+ *  Destroys PrimHashTable pointed to by "ht".
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of PrimHashtable to free. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "ht"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS
+ *  Returns NULL if the function succeeds.
+ *  Returns a HashTable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_PrimHashTable_Destroy(
+        pkix_pl_PrimHashTable *ht,
+        void *plContext)
+{
+        pkix_pl_HT_Elem *element = NULL;
+        pkix_pl_HT_Elem *temp = NULL;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Destroy");
+        PKIX_NULLCHECK_ONE(ht);
+
+        /* Free each element (list) */
+        for (i = 0; i < ht->size; i++) {
+                for (element = ht->buckets[i];
+                    element != NULL;
+                    element = temp) {
+                        temp = element->next;
+                        element->value = NULL;
+                        element->key = NULL;
+                        element->hashCode = 0;
+                        element->next = NULL;
+                        PKIX_FREE(element);
+                }
+        }
+
+        /* Free the pointer to the list array */
+        PKIX_FREE(ht->buckets);
+        ht->size = 0;
+
+        /* Free the table itself */
+        PKIX_FREE(ht);
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: pkix_pl_PrimHashTable_GetBucketSize
+ * DESCRIPTION:
+ *
+ *  Retruns number of entries in the bucket the "hashCode" is designated in
+ *  the hashtable "ht" in the address "pBucketSize".
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of PrimHashtable to get entries count. Must be non-NULL.
+ *  "hashCode"
+ *      Hashcode value of the key.
+ *  "pBucketSize"
+ *      Address that an PKIX_UInt32 is returned for number of entries in the
+ *      bucket associated with the hashCode. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "ht"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HashTable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_PrimHashTable_GetBucketSize(
+        pkix_pl_PrimHashTable *ht,
+        PKIX_UInt32 hashCode,
+        PKIX_UInt32 *pBucketSize,
+        void *plContext)
+{
+        pkix_pl_HT_Elem **elemPtr = NULL;
+        pkix_pl_HT_Elem *element = NULL;
+        PKIX_UInt32 bucketSize = 0;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_GetBucketSize");
+        PKIX_NULLCHECK_TWO(ht, pBucketSize);
+
+        for (elemPtr = &((ht->buckets)[hashCode%ht->size]), element = *elemPtr;
+            element != NULL; elemPtr = &(element->next), element = *elemPtr) {
+                bucketSize++;
+	}
+
+        *pBucketSize = bucketSize;
+
+        PKIX_RETURN(HASHTABLE);
+}
+
+/*
+ * FUNCTION: pkix_pl_PrimHashTable_RemoveFIFO
+ * DESCRIPTION:
+ *
+ *  Remove the first entry in the bucket the "hashCode" is designated in
+ *  the hashtable "ht". Since new entry is added at end of the link list
+ *  the first one is the oldest (FI) therefore removed first (FO).
+ *
+ * PARAMETERS:
+ *  "ht"
+ *      Address of PrimHashtable to get entries count. Must be non-NULL.
+ *  "hashCode"
+ *      Hashcode value of the key.
+ *  "pKey"
+ *      Address of key of the entry deleted. Must be non-NULL.
+ *  "pValue"
+ *      Address of Value of the entry deleted. Must be non-NULL.
+ *  "plContext"
+ *      Platform-specific context pointer.
+ * THREAD SAFETY:
+ *  Not Thread Safe - assumes exclusive access to "ht"
+ *  (see Thread Safety Definitions in Programmer's Guide)
+ * RETURNS:
+ *  Returns NULL if the function succeeds.
+ *  Returns a HashTable Error if the function fails in a non-fatal way.
+ *  Returns a Fatal Error if the function fails in an unrecoverable way.
+ */
+PKIX_Error *
+pkix_pl_PrimHashTable_RemoveFIFO(
+        pkix_pl_PrimHashTable *ht,
+        PKIX_UInt32 hashCode,
+        void **pKey,
+        void **pValue,
+        void *plContext)
+{
+        pkix_pl_HT_Elem *element = NULL;
+
+        PKIX_ENTER(HASHTABLE, "pkix_pl_PrimHashTable_Remove");
+        PKIX_NULLCHECK_THREE(ht, pKey, pValue);
+
+        element = (ht->buckets)[hashCode%ht->size];
+
+        if (element != NULL) {
+
+                *pKey = element->key;
+                *pValue = element->value;
+                ht->buckets[hashCode%ht->size] = element->next;
+                element->key = NULL;
+                element->value = NULL;
+                element->next = NULL;
+                PKIX_FREE(element);
+        }
+
+        PKIX_RETURN(HASHTABLE);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h
new file mode 100755
index 0000000..b889e2e
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_primhash.h
@@ -0,0 +1,102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_primhash.h
+ *
+ * Primitive Hashtable Definition
+ *
+ */
+
+#ifndef _PKIX_PL_PRIMHASH_H
+#define _PKIX_PL_PRIMHASH_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct pkix_pl_HT_Elem pkix_pl_HT_Elem;
+
+typedef struct pkix_pl_PrimHashTable pkix_pl_PrimHashTable;
+
+typedef struct pkix_pl_Integer pkix_pl_Integer;
+
+struct pkix_pl_Integer{
+        PKIX_UInt32 ht_int;
+};
+
+struct pkix_pl_HT_Elem {
+        void *key;
+        void *value;
+        PKIX_UInt32 hashCode;
+        pkix_pl_HT_Elem *next;
+};
+
+struct pkix_pl_PrimHashTable {
+        pkix_pl_HT_Elem **buckets;
+        PKIX_UInt32 size;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_PrimHashTable_Create(
+        PKIX_UInt32 numBuckets,
+        pkix_pl_PrimHashTable **pResult,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_PrimHashTable_Add(
+        pkix_pl_PrimHashTable *ht,
+        void *key,
+        void *value,
+        PKIX_UInt32 hashCode,
+        PKIX_PL_EqualsCallback keyComp,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_PrimHashTable_Remove(
+        pkix_pl_PrimHashTable *ht,
+        void *key,
+        PKIX_UInt32 hashCode,
+        PKIX_PL_EqualsCallback keyComp,
+        void **pKey,
+        void **pValue,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_PrimHashTable_Lookup(
+        pkix_pl_PrimHashTable *ht,
+        void *key,
+        PKIX_UInt32 hashCode,
+        PKIX_PL_EqualsCallback keyComp,
+        void **pResult,
+        void *plContext);
+
+PKIX_Error*
+pkix_pl_PrimHashTable_Destroy(
+        pkix_pl_PrimHashTable *ht,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_PrimHashTable_GetBucketSize(
+        pkix_pl_PrimHashTable *ht,
+        PKIX_UInt32 hashCode,
+        PKIX_UInt32 *pBucketSize,
+        void *plContext);
+
+PKIX_Error *
+pkix_pl_PrimHashTable_RemoveFIFO(
+        pkix_pl_PrimHashTable *ht,
+        PKIX_UInt32 hashCode,
+        void **pKey,
+        void **pValue,
+        void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_PRIMHASH_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c
new file mode 100755
index 0000000..662931e
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.c
@@ -0,0 +1,217 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_rwlock.c
+ *
+ * Read/Write Lock Functions
+ *
+ */
+
+#include "pkix_pl_rwlock.h"
+
+/* --Private-Functions-------------------------------------------- */
+
+static PKIX_Error *
+pkix_pl_RWLock_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_RWLock* rwlock = NULL;
+
+        PKIX_ENTER(RWLOCK, "pkix_pl_RWLock_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_RWLOCK_TYPE, plContext),
+                    PKIX_OBJECTNOTRWLOCK);
+
+        rwlock = (PKIX_PL_RWLock*) object;
+
+        PKIX_RWLOCK_DEBUG("Calling PR_DestroyRWLock)\n");
+        PR_DestroyRWLock(rwlock->lock);
+        rwlock->lock = NULL;
+
+cleanup:
+
+        PKIX_RETURN(RWLOCK);
+}
+
+/*
+ * FUNCTION: pkix_pl_RWLock_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_RWLOCK_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_RWLock_RegisterSelf(
+        void *plContext)
+{
+
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(RWLOCK, "pkix_pl_RWLock_RegisterSelf");
+
+        entry.description = "RWLock";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_RWLock);
+        entry.destructor = pkix_pl_RWLock_Destroy;
+        entry.equalsFunction = NULL;
+        entry.hashcodeFunction = NULL;
+        entry.toStringFunction = NULL;
+        entry.comparator = NULL;
+        entry.duplicateFunction = NULL;
+
+        systemClasses[PKIX_RWLOCK_TYPE] = entry;
+
+        PKIX_RETURN(RWLOCK);
+}
+
+/* --Public-Functions--------------------------------------------- */
+
+PKIX_Error *
+PKIX_PL_RWLock_Create(
+        PKIX_PL_RWLock **pNewLock,
+        void *plContext)
+{
+        PKIX_PL_RWLock *rwLock = NULL;
+
+        PKIX_ENTER(RWLOCK, "PKIX_PL_RWLock_Create");
+        PKIX_NULLCHECK_ONE(pNewLock);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_RWLOCK_TYPE,
+                    sizeof (PKIX_PL_RWLock),
+                    (PKIX_PL_Object **)&rwLock,
+                    plContext),
+                    PKIX_ERRORALLOCATINGRWLOCK);
+
+        PKIX_RWLOCK_DEBUG("\tCalling PR_NewRWLock)\n");
+        rwLock->lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, "PKIX RWLock");
+
+        if (rwLock->lock == NULL) {
+                PKIX_DECREF(rwLock);
+                PKIX_ERROR(PKIX_OUTOFMEMORY);
+        }
+
+        rwLock->readCount = 0;
+        rwLock->writeLocked = PKIX_FALSE;
+
+        *pNewLock = rwLock;
+
+cleanup:
+
+        PKIX_RETURN(RWLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_AcquireReaderLock(
+        PKIX_PL_RWLock *lock,
+        void *plContext)
+{
+        PKIX_ENTER(RWLOCK, "PKIX_PL_AcquireReaderLock");
+        PKIX_NULLCHECK_ONE(lock);
+
+        PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Rlock)\n");
+        (void) PR_RWLock_Rlock(lock->lock);
+
+        lock->readCount++;
+
+        PKIX_RETURN(RWLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_ReleaseReaderLock(
+        PKIX_PL_RWLock *lock,
+        void *plContext)
+{
+        PKIX_ENTER(RWLOCK, "PKIX_PL_ReleaseReaderLock");
+        PKIX_NULLCHECK_ONE(lock);
+
+        PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Unlock)\n");
+        (void) PR_RWLock_Unlock(lock->lock);
+
+        lock->readCount--;
+
+        PKIX_RETURN(RWLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_IsReaderLockHeld(
+        PKIX_PL_RWLock *lock,
+        PKIX_Boolean *pIsHeld,
+        void *plContext)
+{
+        PKIX_ENTER(RWLOCK, "PKIX_PL_IsReaderLockHeld");
+        PKIX_NULLCHECK_TWO(lock, pIsHeld);
+
+        *pIsHeld = (lock->readCount > 0)?PKIX_TRUE:PKIX_FALSE;
+
+        PKIX_RETURN(RWLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_AcquireWriterLock(
+        PKIX_PL_RWLock *lock,
+        void *plContext)
+{
+        PKIX_ENTER(RWLOCK, "PKIX_PL_AcquireWriterLock");
+        PKIX_NULLCHECK_ONE(lock);
+
+        PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Wlock\n");
+        (void) PR_RWLock_Wlock(lock->lock);
+
+        if (lock->readCount > 0) {
+                PKIX_ERROR(PKIX_LOCKHASNONZEROREADCOUNT);
+        }
+
+        /* We should never acquire a write lock if the lock is held */
+        lock->writeLocked = PKIX_TRUE;
+
+cleanup:
+
+        PKIX_RETURN(RWLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_ReleaseWriterLock(
+        PKIX_PL_RWLock *lock,
+        void *plContext)
+{
+        PKIX_ENTER(RWLOCK, "PKIX_PL_ReleaseWriterLock");
+        PKIX_NULLCHECK_ONE(lock);
+
+        if (lock->readCount > 0) {
+                PKIX_ERROR(PKIX_LOCKHASNONZEROREADCOUNT);
+        }
+
+        PKIX_RWLOCK_DEBUG("\tCalling PR_RWLock_Unlock)\n");
+        (void) PR_RWLock_Unlock(lock->lock);
+
+        /* XXX Need to think about thread safety here */
+        /* There should be a single lock holder  */
+        lock->writeLocked = PKIX_FALSE;
+
+cleanup:
+
+        PKIX_RETURN(RWLOCK);
+}
+
+PKIX_Error *
+PKIX_PL_IsWriterLockHeld(
+        PKIX_PL_RWLock *lock,
+        PKIX_Boolean *pIsHeld,
+        void *plContext)
+{
+        PKIX_ENTER(RWLOCK, "PKIX_PL_IsWriterLockHeld");
+        PKIX_NULLCHECK_TWO(lock, pIsHeld);
+
+        *pIsHeld = lock->writeLocked;
+
+        PKIX_RETURN(RWLOCK);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h
new file mode 100755
index 0000000..fd64659
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_rwlock.h
@@ -0,0 +1,35 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_rwlock.h
+ *
+ * Read/Write Lock Definition
+ *
+ */
+
+#ifndef _PKIX_PL_RWLOCK_H
+#define _PKIX_PL_RWLOCK_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_RWLockStruct {
+        PRRWLock* lock;
+        PKIX_UInt32 readCount;
+        PKIX_Boolean writeLocked;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_RWLock_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_RWLOCK_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c
new file mode 100755
index 0000000..8bfa2c9
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c
@@ -0,0 +1,621 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_string.c
+ *
+ * String Object Functions
+ *
+ */
+
+#include "pkix_pl_string.h"
+
+/* --Private-String-Functions------------------------------------- */
+
+/*
+ * FUNCTION: pkix_pl_String_Comparator
+ * (see comments for PKIX_PL_ComparatorCallback in pkix_pl_system.h)
+ *
+ * NOTE:
+ *  This function is a utility function called by pkix_pl_String_Equals().
+ *  It is not officially registered as a comparator.
+ */
+static PKIX_Error *
+pkix_pl_String_Comparator(
+        PKIX_PL_String *firstString,
+        PKIX_PL_String *secondString,
+        PKIX_Int32 *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 i;
+        PKIX_Int32 result;
+        unsigned char *p1 = NULL;
+        unsigned char *p2 = NULL;
+
+        PKIX_ENTER(STRING, "pkix_pl_String_Comparator");
+        PKIX_NULLCHECK_THREE(firstString, secondString, pResult);
+
+        result = 0;
+
+        p1 = (unsigned char*) firstString->utf16String;
+        p2 = (unsigned char*) secondString->utf16String;
+
+        /* Compare characters until you find a difference */
+        for (i = 0; ((i < firstString->utf16Length) &&
+                    (i < secondString->utf16Length) &&
+                    result == 0); i++, p1++, p2++) {
+                if (*p1 < *p2){
+                        result = -1;
+                } else if (*p1 > *p2){
+                        result = 1;
+                }
+        }
+
+        /* If two arrays are identical so far, the longer one is greater */
+        if (result == 0) {
+                if (firstString->utf16Length < secondString->utf16Length) {
+                        result = -1;
+                } else if (firstString->utf16Length >
+                            secondString->utf16Length) {
+                        result = 1;
+                }
+        }
+
+        *pResult = result;
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_pl_String_Destroy
+ * (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_String_Destroy(
+        PKIX_PL_Object *object,
+        void *plContext)
+{
+        PKIX_PL_String *string = NULL;
+
+        PKIX_ENTER(STRING, "pkix_pl_String_Destroy");
+        PKIX_NULLCHECK_ONE(object);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_STRING_TYPE, plContext),
+                    PKIX_ARGUMENTNOTSTRING);
+
+        string = (PKIX_PL_String*)object;
+
+        /* XXX For debugging Destroy EscASCII String  */
+        if (string->escAsciiString != NULL) {
+                PKIX_FREE(string->escAsciiString);
+                string->escAsciiString = NULL;
+                string->escAsciiLength = 0;
+        }
+
+        /* Destroy UTF16 String */
+        if (string->utf16String != NULL) {
+                PKIX_FREE(string->utf16String);
+                string->utf16String = NULL;
+                string->utf16Length = 0;
+        }
+
+cleanup:
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_pl_String_ToString
+ * (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_String_ToString(
+        PKIX_PL_Object *object,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *string = NULL;
+        char *ascii = NULL;
+        PKIX_UInt32 length;
+
+        PKIX_ENTER(STRING, "pkix_pl_String_ToString");
+        PKIX_NULLCHECK_TWO(object, pString);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_STRING_TYPE, plContext),
+                    PKIX_ARGUMENTNOTSTRING);
+
+        string = (PKIX_PL_String*)object;
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                (string, PKIX_ESCASCII, (void **)&ascii, &length, plContext),
+                PKIX_STRINGGETENCODEDFAILED);
+
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII, ascii, 0, pString, plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+        goto cleanup;
+
+cleanup:
+
+        PKIX_FREE(ascii);
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_pl_String_Equals
+ * (see comments for PKIX_PL_EqualsCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_String_Equals(
+        PKIX_PL_Object *firstObject,
+        PKIX_PL_Object *secondObject,
+        PKIX_Boolean *pResult,
+        void *plContext)
+{
+        PKIX_UInt32 secondType;
+        PKIX_Int32 cmpResult = 0;
+
+        PKIX_ENTER(STRING, "pkix_pl_String_Equals");
+        PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
+
+        /* Sanity check: Test that "firstObject" is a Strings */
+        PKIX_CHECK(pkix_CheckType(firstObject, PKIX_STRING_TYPE, plContext),
+                PKIX_FIRSTOBJECTNOTSTRING);
+
+        /* "SecondObject" doesn't have to be a string */
+        PKIX_CHECK(PKIX_PL_Object_GetType
+                (secondObject, &secondType, plContext),
+                PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
+
+        /* If types differ, then we will return false */
+        *pResult = PKIX_FALSE;
+
+        if (secondType != PKIX_STRING_TYPE) goto cleanup;
+
+        /* It's safe to cast here */
+        PKIX_CHECK(pkix_pl_String_Comparator
+                ((PKIX_PL_String*)firstObject,
+                (PKIX_PL_String*)secondObject,
+                &cmpResult,
+                plContext),
+                PKIX_STRINGCOMPARATORFAILED);
+
+        /* Strings are equal iff Comparator Result is 0 */
+        *pResult = (cmpResult == 0);
+
+cleanup:
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_pl_String_Hashcode
+ * (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
+ */
+static PKIX_Error *
+pkix_pl_String_Hashcode(
+        PKIX_PL_Object *object,
+        PKIX_UInt32 *pHashcode,
+        void *plContext)
+{
+        PKIX_PL_String *string = NULL;
+
+        PKIX_ENTER(STRING, "pkix_pl_String_Hashcode");
+        PKIX_NULLCHECK_TWO(object, pHashcode);
+
+        PKIX_CHECK(pkix_CheckType(object, PKIX_STRING_TYPE, plContext),
+                PKIX_OBJECTNOTSTRING);
+
+        string = (PKIX_PL_String*)object;
+
+        PKIX_CHECK(pkix_hash
+                ((const unsigned char *)string->utf16String,
+                string->utf16Length,
+                pHashcode,
+                plContext),
+                PKIX_HASHFAILED);
+
+cleanup:
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: pkix_pl_String_RegisterSelf
+ * DESCRIPTION:
+ *  Registers PKIX_STRING_TYPE and its related functions with systemClasses[]
+ * THREAD SAFETY:
+ *  Not Thread Safe - for performance and complexity reasons
+ *
+ *  Since this function is only called by PKIX_PL_Initialize, which should
+ *  only be called once, it is acceptable that this function is not
+ *  thread-safe.
+ */
+PKIX_Error *
+pkix_pl_String_RegisterSelf(
+        void *plContext)
+{
+        extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
+        pkix_ClassTable_Entry entry;
+
+        PKIX_ENTER(STRING, "pkix_pl_String_RegisterSelf");
+
+        entry.description = "String";
+        entry.objCounter = 0;
+        entry.typeObjectSize = sizeof(PKIX_PL_String);
+        entry.destructor = pkix_pl_String_Destroy;
+        entry.equalsFunction = pkix_pl_String_Equals;
+        entry.hashcodeFunction = pkix_pl_String_Hashcode;
+        entry.toStringFunction = pkix_pl_String_ToString;
+        entry.comparator = NULL;
+        entry.duplicateFunction = pkix_duplicateImmutable;
+
+        systemClasses[PKIX_STRING_TYPE] = entry;
+
+        PKIX_RETURN(STRING);
+}
+
+
+/* --Public-String-Functions----------------------------------------- */
+
+/*
+ * FUNCTION: PKIX_PL_String_Create (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_String_Create(
+        PKIX_UInt32 fmtIndicator,
+        const void *stringRep,
+        PKIX_UInt32 stringLen,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_PL_String *string = NULL;
+        unsigned char *utf16Char = NULL;
+        PKIX_UInt32 i;
+
+        PKIX_ENTER(STRING, "PKIX_PL_String_Create");
+        PKIX_NULLCHECK_TWO(pString, stringRep);
+
+        PKIX_CHECK(PKIX_PL_Object_Alloc
+                    (PKIX_STRING_TYPE,
+                    sizeof (PKIX_PL_String),
+                    (PKIX_PL_Object **)&string,
+                    plContext),
+                    PKIX_COULDNOTALLOCATENEWSTRINGOBJECT);
+
+        string->utf16String = NULL;
+        string->utf16Length = 0;
+
+        /* XXX For Debugging */
+        string->escAsciiString = NULL;
+        string->escAsciiLength = 0;
+
+        switch (fmtIndicator) {
+        case PKIX_ESCASCII: case PKIX_ESCASCII_DEBUG:
+                PKIX_STRING_DEBUG("\tCalling PL_strlen).\n");
+                string->escAsciiLength = PL_strlen(stringRep);
+
+                /* XXX Cache for Debugging */
+                PKIX_CHECK(PKIX_PL_Malloc
+                            ((string->escAsciiLength)+1,
+                            (void **)&string->escAsciiString,
+                            plContext),
+                            PKIX_MALLOCFAILED);
+
+                (void) PORT_Memcpy
+                        (string->escAsciiString,
+                        (void *)((char *)stringRep),
+                        (string->escAsciiLength)+1);
+
+                /* Convert the EscASCII string to UTF16 */
+                PKIX_CHECK(pkix_EscASCII_to_UTF16
+                            (string->escAsciiString,
+                            string->escAsciiLength,
+                            (fmtIndicator == PKIX_ESCASCII_DEBUG),
+                            &string->utf16String,
+                            &string->utf16Length,
+                            plContext),
+                            PKIX_ESCASCIITOUTF16FAILED);
+                break;
+        case PKIX_UTF8:
+                /* Convert the UTF8 string to UTF16 */
+                PKIX_CHECK(pkix_UTF8_to_UTF16
+                            (stringRep,
+                            stringLen,
+                            &string->utf16String,
+                            &string->utf16Length,
+                            plContext),
+                            PKIX_UTF8TOUTF16FAILED);
+                break;
+        case PKIX_UTF16:
+                /* UTF16 Strings must be even in length */
+                if (stringLen%2 == 1) {
+                        PKIX_DECREF(string);
+                        PKIX_ERROR(PKIX_UTF16ALIGNMENTERROR);
+                }
+
+                utf16Char = (unsigned char *)stringRep;
+
+                /* Make sure this is a valid UTF-16 String */
+                for (i = 0; \
+                    (i < stringLen) && (pkixErrorResult == NULL); \
+                    i += 2) {
+                        /* Check that surrogate pairs are valid */
+                        if ((utf16Char[i] >= 0xD8)&&
+                            (utf16Char[i] <= 0xDB)) {
+                                if ((i+2) >= stringLen) {
+                                  PKIX_ERROR(PKIX_UTF16HIGHZONEALIGNMENTERROR);
+                                  /* Second pair should be DC00-DFFF */
+                                } else if (!((utf16Char[i+2] >= 0xDC)&&
+                                      (utf16Char[i+2] <= 0xDF))) {
+                                  PKIX_ERROR(PKIX_UTF16LOWZONEERROR);
+                                } else {
+                                  /*  Surrogate quartet is valid. */
+                                  i += 2;
+                                }
+                        }
+                }
+
+                /* Create UTF16 String */
+                string->utf16Length = stringLen;
+
+                /* Alloc space for string */
+                PKIX_CHECK(PKIX_PL_Malloc
+                            (stringLen, &string->utf16String, plContext),
+                            PKIX_MALLOCFAILED);
+
+                PKIX_STRING_DEBUG("\tCalling PORT_Memcpy).\n");
+                (void) PORT_Memcpy
+                        (string->utf16String, stringRep, stringLen);
+                break;
+
+        default:
+                PKIX_ERROR(PKIX_UNKNOWNFORMAT);
+        }
+
+        *pString = string;
+
+cleanup:
+
+        if (PKIX_ERROR_RECEIVED){
+                PKIX_DECREF(string);
+        }
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: PKIX_PL_Sprintf (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_Sprintf(
+        PKIX_PL_String **pOut,
+        void *plContext,
+        const PKIX_PL_String *fmt,
+        ...)
+{
+        PKIX_PL_String *tempString = NULL;
+        PKIX_UInt32 tempUInt = 0;
+        void *pArg = NULL;
+        char *asciiText =  NULL;
+        char *asciiFormat = NULL;
+        char *convertedAsciiFormat = NULL;
+        char *convertedAsciiFormatBase = NULL;
+        va_list args;
+        PKIX_UInt32 length, i, j, dummyLen;
+
+        PKIX_ENTER(STRING, "PKIX_PL_Sprintf");
+        PKIX_NULLCHECK_TWO(pOut, fmt);
+
+        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                    ((PKIX_PL_String *)fmt,
+                    PKIX_ESCASCII,
+                    (void **)&asciiFormat,
+                    &length,
+                    plContext),
+                    PKIX_STRINGGETENCODEDFAILED);
+
+        PKIX_STRING_DEBUG("\tCalling PR_Malloc).\n");
+        convertedAsciiFormat = PR_Malloc(length + 1);
+        if (convertedAsciiFormat == NULL)
+                PKIX_ERROR_ALLOC_ERROR();
+
+        convertedAsciiFormatBase = convertedAsciiFormat;
+
+        PKIX_STRING_DEBUG("\tCalling va_start).\n");
+        va_start(args, fmt);
+
+        i = 0;
+        j = 0;
+        while (i < length) {
+                if ((asciiFormat[i] == '%')&&((i+1) < length)) {
+                        switch (asciiFormat[i+1]) {
+                        case 's':
+                                convertedAsciiFormat[j++] = asciiFormat[i++];
+                                convertedAsciiFormat[j++] = asciiFormat[i++];
+                                convertedAsciiFormat[j] = '\0';
+
+                                tempString = va_arg(args, PKIX_PL_String *);
+                                if (tempString != NULL) {
+                                        PKIX_CHECK(PKIX_PL_String_GetEncoded
+                                                ((PKIX_PL_String*)
+                                                tempString,
+                                                PKIX_ESCASCII,
+                                                &pArg,
+                                                &dummyLen,
+                                                plContext),
+                                                PKIX_STRINGGETENCODEDFAILED);
+                                } else {
+                                        /* there may be a NULL in var_args */
+                                        pArg = NULL;
+                                }
+                                if (asciiText != NULL) {
+                                    asciiText = PR_sprintf_append(asciiText,
+                                          (const char *)convertedAsciiFormat,
+                                          pArg);
+                                } else {
+                                    asciiText = PR_smprintf
+                                        ((const char *)convertedAsciiFormat,
+                                        pArg);
+                                }
+                                if (pArg != NULL) {
+                                        PKIX_PL_Free(pArg, plContext);
+                                        pArg = NULL;
+                                }
+                                convertedAsciiFormat += j;
+                                j = 0;
+                                break;
+                         case 'd':
+                         case 'i':
+                         case 'o':
+                         case 'u':
+                         case 'x':
+                         case 'X':
+                                convertedAsciiFormat[j++] = asciiFormat[i++];
+                                convertedAsciiFormat[j++] = asciiFormat[i++];
+                                convertedAsciiFormat[j] = '\0';
+
+                                tempUInt = va_arg(args, PKIX_UInt32);
+                                if (asciiText != NULL) {
+                                    asciiText = PR_sprintf_append(asciiText,
+                                          (const char *)convertedAsciiFormat,
+                                          tempUInt);
+                                } else {
+                                    asciiText = PR_smprintf
+                                        ((const char *)convertedAsciiFormat,
+                                        tempUInt);
+                                }     
+                                convertedAsciiFormat += j;
+                                j = 0;
+                                break;
+                        default:
+                                convertedAsciiFormat[j++] = asciiFormat[i++];
+                                convertedAsciiFormat[j++] = asciiFormat[i++];
+                                break;
+                        }
+                } else {
+                        convertedAsciiFormat[j++] = asciiFormat[i++];
+                }
+        }
+
+        /* for constant string value at end of fmt */
+        if (j > 0) {
+                convertedAsciiFormat[j] = '\0';
+                if (asciiText != NULL) {
+                    asciiText = PR_sprintf_append(asciiText,
+                                    (const char *)convertedAsciiFormat);
+                } else {
+                    asciiText = PR_smprintf((const char *)convertedAsciiFormat);
+                }
+        }
+
+        va_end(args);
+
+        /* Copy temporary char * into a string object */
+        PKIX_CHECK(PKIX_PL_String_Create
+                (PKIX_ESCASCII, (void *)asciiText, 0, pOut, plContext),
+                PKIX_STRINGCREATEFAILED);
+
+cleanup:
+
+        PKIX_FREE(asciiFormat);
+
+        if (convertedAsciiFormatBase){
+                PR_Free(convertedAsciiFormatBase);
+        }
+
+        if (asciiText){
+                PKIX_STRING_DEBUG("\tCalling PR_smprintf_free).\n");
+                PR_smprintf_free(asciiText);
+        }
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: PKIX_PL_GetString (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_GetString(
+        /* ARGSUSED */ PKIX_UInt32 stringID,
+        char *defaultString,
+        PKIX_PL_String **pString,
+        void *plContext)
+{
+        PKIX_ENTER(STRING, "PKIX_PL_GetString");
+        PKIX_NULLCHECK_TWO(pString, defaultString);
+
+        /* XXX Optimization - use stringID for caching */
+        PKIX_CHECK(PKIX_PL_String_Create
+                    (PKIX_ESCASCII, defaultString, 0, pString, plContext),
+                    PKIX_STRINGCREATEFAILED);
+
+cleanup:
+
+        PKIX_RETURN(STRING);
+}
+
+/*
+ * FUNCTION: PKIX_PL_String_GetEncoded (see comments in pkix_pl_system.h)
+ */
+PKIX_Error *
+PKIX_PL_String_GetEncoded(
+        PKIX_PL_String *string,
+        PKIX_UInt32 fmtIndicator,
+        void **pStringRep,
+        PKIX_UInt32 *pLength,
+        void *plContext)
+{
+        PKIX_ENTER(STRING, "PKIX_PL_String_GetEncoded");
+        PKIX_NULLCHECK_THREE(string, pStringRep, pLength);
+
+        switch (fmtIndicator) {
+        case PKIX_ESCASCII: case PKIX_ESCASCII_DEBUG:
+                PKIX_CHECK(pkix_UTF16_to_EscASCII
+                            (string->utf16String,
+                            string->utf16Length,
+                            (fmtIndicator == PKIX_ESCASCII_DEBUG),
+                            (char **)pStringRep,
+                            pLength,
+                            plContext),
+                            PKIX_UTF16TOESCASCIIFAILED);
+                break;
+        case PKIX_UTF8:
+                PKIX_CHECK(pkix_UTF16_to_UTF8
+                            (string->utf16String,
+                            string->utf16Length,
+                            PKIX_FALSE,
+                            pStringRep,
+                            pLength,
+                            plContext),
+                            PKIX_UTF16TOUTF8FAILED);
+                break;
+        case PKIX_UTF8_NULL_TERM:
+                PKIX_CHECK(pkix_UTF16_to_UTF8
+                            (string->utf16String,
+                            string->utf16Length,
+                            PKIX_TRUE,
+                            pStringRep,
+                            pLength,
+                            plContext),
+                            PKIX_UTF16TOUTF8FAILED);
+                break;
+        case PKIX_UTF16:
+                *pLength = string->utf16Length;
+
+                PKIX_CHECK(PKIX_PL_Malloc(*pLength, pStringRep, plContext),
+                            PKIX_MALLOCFAILED);
+
+                PKIX_STRING_DEBUG("\tCalling PORT_Memcpy).\n");
+                (void) PORT_Memcpy(*pStringRep, string->utf16String, *pLength);
+                break;
+        default:
+                PKIX_ERROR(PKIX_UNKNOWNFORMAT);
+        }
+
+cleanup:
+
+        PKIX_RETURN(STRING);
+}
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h
new file mode 100755
index 0000000..9270e4c
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.h
@@ -0,0 +1,37 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * pkix_pl_string.h
+ *
+ * String Object Definitions
+ *
+ */
+
+#ifndef _PKIX_PL_STRING_H
+#define _PKIX_PL_STRING_H
+
+#include "pkix_pl_common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct PKIX_PL_StringStruct {
+        void* utf16String;
+        PKIX_UInt32 utf16Length;
+        /* XXX For Debugging  */
+        char* escAsciiString;
+        PKIX_UInt32 escAsciiLength;
+};
+
+/* see source file for function documentation */
+
+PKIX_Error *
+pkix_pl_String_RegisterSelf(void *plContext);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKIX_PL_STRING_H */
diff --git a/nss/lib/libpkix/pkix_pl_nss/system/system.gyp b/nss/lib/libpkix/pkix_pl_nss/system/system.gyp
new file mode 100644
index 0000000..32daec9
--- /dev/null
+++ b/nss/lib/libpkix/pkix_pl_nss/system/system.gyp
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkixsystem',
+      'type': 'static_library',
+      'sources': [
+        'pkix_pl_bigint.c',
+        'pkix_pl_bytearray.c',
+        'pkix_pl_common.c',
+        'pkix_pl_error.c',
+        'pkix_pl_hashtable.c',
+        'pkix_pl_lifecycle.c',
+        'pkix_pl_mem.c',
+        'pkix_pl_monitorlock.c',
+        'pkix_pl_mutex.c',
+        'pkix_pl_object.c',
+        'pkix_pl_oid.c',
+        'pkix_pl_primhash.c',
+        'pkix_pl_rwlock.c',
+        'pkix_pl_string.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/manifest.mn b/nss/lib/manifest.mn
new file mode 100644
index 0000000..80d7d9c
--- /dev/null
+++ b/nss/lib/manifest.mn
@@ -0,0 +1,62 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ..
+DEPTH      = ..
+
+# Building softoken (and freebl) only requires that the paths
+# to the locations where the util headers and libraries were
+# previously installed by a prior util-only build - likely in
+# in a system location that varies with the distribution. This
+# cannot be addressed here and requires that downstream package
+# mantainers add suitable modifications. Building full nss will
+# not have that problem as everything is available.
+
+SOFTOKEN_SRCDIRS=
+NSS_SRCDIRS=
+
+ifndef NSS_BUILD_UTIL_ONLY
+SOFTOKEN_SRCDIRS = \
+	$(FREEBL_SRCDIR) \
+	$(SQLITE_SRCDIR) \
+	$(DBM_SRCDIR) \
+	$(SOFTOKEN_SRCDIR) \
+	$(NULL)
+ifndef NSS_BUILD_SOFTOKEN_ONLY
+# the rest of nss
+NSS_SRCDIRS = \
+	base dev pki \
+	$(LIBPKIX_SRCDIR) \
+	certdb certhigh pk11wrap cryptohi nss \
+	$(ZLIB_SRCDIR) ssl \
+	pkcs7 pkcs12 smime \
+	crmf jar \
+	ckfw $(SYSINIT_SRCDIR) \
+	$(NULL)
+endif
+endif
+
+#
+# organized by DLL
+#
+#  softoken and prereqs.
+#  stan (not a separate dll yet)
+#  libpkix (not a separate dll)
+#  nss base (traditional)
+#  ssl
+#  smime
+#  ckfw (builtins module)
+#  crmf jar (not dll's)
+DIRS = \
+	$(UTIL_SRCDIR) \
+	$(SOFTOKEN_SRCDIRS) \
+	$(NSS_SRCDIRS) \
+	$(NULL)
+
+#  fortcrypt  is no longer built
+
+#
+# these dirs are not built at the moment
+#
+#NOBUILD_DIRS = jar
diff --git a/nss/lib/nss/Makefile b/nss/lib/nss/Makefile
new file mode 100644
index 0000000..3a8e22f
--- /dev/null
+++ b/nss/lib/nss/Makefile
@@ -0,0 +1,46 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
diff --git a/nss/lib/nss/config.mk b/nss/lib/nss/config.mk
new file mode 100644
index 0000000..a17f3ef
--- /dev/null
+++ b/nss/lib/nss/config.mk
@@ -0,0 +1,114 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = $(LIBRARY_NAME).rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4\
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(DIST)/lib/nssutil3.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+SHARED_LIBRARY_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)certsel.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)checker.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)params.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)results.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)top.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)util.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)crlsel.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)store.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pki.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)system.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)module.$(LIB_SUFFIX) \
+	$(NULL)
+
+SHARED_LIBRARY_DIRS = \
+	../certhigh \
+	../cryptohi \
+	../pk11wrap \
+	../certdb \
+	../pki \
+	../dev \
+	../base \
+	$(NULL)
+
+ifndef NSS_DISABLE_LIBPKIX
+SHARED_LIBRARY_DIRS += \
+	../libpkix/pkix/certsel \
+	../libpkix/pkix/checker \
+	../libpkix/pkix/params \
+	../libpkix/pkix/results \
+	../libpkix/pkix/top \
+	../libpkix/pkix/util \
+	../libpkix/pkix/crlsel \
+	../libpkix/pkix/store \
+	../libpkix/pkix_pl_nss/pki \
+	../libpkix/pkix_pl_nss/system \
+	../libpkix/pkix_pl_nss/module \
+	$(NULL)
+endif
+
+ifeq (,$(filter-out WINNT WIN95,$(OS_TARGET)))
+ifndef NS_USE_GCC
+# Export 'mktemp' to be backward compatible with NSS 3.2.x and 3.3.x
+# but do not put it in the import library.  See bug 142575.
+DEFINES += -DWIN32_NSS3_DLL_COMPAT
+DLLFLAGS += -EXPORT:mktemp=nss_mktemp,PRIVATE
+endif
+endif
+
+ifdef POLICY_FILE
+ifndef POLICY_PATH
+$(error You must define POLICY_PATH if you set POLICY_FILE)
+endif
+DEFINES += -DPOLICY_FILE=\"$(POLICY_FILE)\" -DPOLICY_PATH=\"$(POLICY_PATH)\"
+endif
diff --git a/nss/lib/nss/exports.gyp b/nss/lib/nss/exports.gyp
new file mode 100644
index 0000000..6f874f6
--- /dev/null
+++ b/nss/lib/nss/exports.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_nss_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'nss.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'nssoptions.h',
+            'nssrenam.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/nss/manifest.mn b/nss/lib/nss/manifest.mn
new file mode 100644
index 0000000..54bed49
--- /dev/null
+++ b/nss/lib/nss/manifest.mn
@@ -0,0 +1,31 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+PRIVATE_EXPORTS = \
+	nssrenam.h \
+	nssoptions.h \
+	$(NULL)
+
+EXPORTS = \
+	nss.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	nssinit.c \
+	nssoptions.c \
+	nssver.c \
+	utilwrap.c \
+	$(NULL)
+
+MAPFILE = $(OBJDIR)/nss.def
+
+LIBRARY_NAME = nss
+LIBRARY_VERSION = 3
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/nss/nss.def b/nss/lib/nss/nss.def
new file mode 100644
index 0000000..dbb44e1
--- /dev/null
+++ b/nss/lib/nss/nss.def
@@ -0,0 +1,1107 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+NSS_3.2 {       # NSS 3.2 release
+;+    global:
+LIBRARY nss3	;-
+EXPORTS		;-
+ATOB_AsciiToData;
+BTOA_ConvertItemToAscii;
+BTOA_DataToAscii;
+CERT_AsciiToName;
+CERT_CertTimesValid;
+CERT_CheckCertValidTimes;
+CERT_CreateCertificateRequest;
+CERT_ChangeCertTrust;
+CERT_DecodeDERCrl;
+CERT_DestroyCertificateRequest;
+CERT_DestroyCertList;
+CERT_DestroyName;
+CERT_EnableOCSPChecking;
+CERT_FormatName;
+CERT_DestroyCertificate;
+CERT_DupCertificate;
+CERT_FreeDistNames;
+CERT_FreeNicknames;
+CERT_GetAVATag;
+CERT_GetCertEmailAddress;
+CERT_GetCertNicknames;
+CERT_GetCertIssuerAndSN;
+CERT_GetCertTrust;
+CERT_GetCertUid;
+CERT_GetCommonName;
+CERT_GetCountryName;
+CERT_GetDBContentVersion;
+CERT_GetDefaultCertDB;
+CERT_GetDomainComponentName;
+CERT_GetLocalityName;
+CERT_GetOrgName;
+CERT_GetOrgUnitName;
+CERT_GetSSLCACerts;
+CERT_GetSlopTime;
+CERT_GetStateName;
+CERT_ImportCAChain;
+CERT_NameToAscii;
+CERT_RFC1485_EscapeAndQuote;
+CERT_SetSlopTime;
+CERT_VerifyCertName;
+CERT_VerifyCertNow;
+DER_UTCDayToAscii;
+DER_UTCTimeToAscii;
+DER_GeneralizedTimeToTime;
+NSS_Init;
+NSS_Initialize;
+NSS_InitReadWrite;
+NSS_NoDB_Init;
+NSS_Shutdown;
+NSS_VersionCheck;
+PK11_Authenticate;
+PK11_ChangePW;
+PK11_CheckUserPassword;
+PK11_CipherOp;
+PK11_CloneContext;
+PK11_ConfigurePKCS11;
+PK11_CreateContextBySymKey;
+PK11_CreateDigestContext;
+PK11_DestroyContext;
+PK11_DestroyTokenObject;
+PK11_DigestBegin;
+PK11_DigestOp;
+PK11_DigestFinal;
+PK11_DoesMechanism;
+PK11_FindCertFromNickname;
+PK11_FindCertFromDERCert;
+PK11_FindCertByIssuerAndSN;
+PK11_FindKeyByAnyCert;
+PK11_FindKeyByDERCert;
+PK11_FindSlotByName;
+PK11_Finalize;
+PK11_FortezzaHasKEA;
+PK11_FreeSlot;
+PK11_FreeSlotList;
+PK11_FreeSymKey;
+PK11_GenerateKeyPair;
+PK11_GenerateRandom;
+PK11_GenerateNewParam;
+PK11_GetAllTokens;
+PK11_GetBlockSize;
+PK11_GetFirstSafe;
+PK11_GetInternalKeySlot;
+PK11_GetInternalSlot;
+PK11_GetSlotName;
+PK11_GetTokenName;
+PK11_HashBuf;
+PK11_IsFIPS;
+PK11_IsFriendly;
+PK11_IsInternal;
+PK11_IsHW;
+PK11_IsPresent;
+PK11_IsReadOnly;
+PK11_KeyGen;
+PK11_ListCerts;
+PK11_NeedLogin;
+PK11_RandomUpdate;
+PK11_SetPasswordFunc;
+PK11_SetSlotPWValues;
+pk11_ConcatenateBaseAndData;
+PORT_Alloc;
+PORT_Free;
+PORT_GetError;
+PORT_SetError;
+PORT_SetUCS4_UTF8ConversionFunction;
+PORT_SetUCS2_UTF8ConversionFunction;
+PORT_SetUCS2_ASCIIConversionFunction;
+SECITEM_CopyItem;
+SECITEM_DupItem;
+SECITEM_FreeItem;
+SECITEM_ZfreeItem;
+SECKEY_ConvertToPublicKey;
+SECKEY_CopyPrivateKey;
+SECKEY_CreateSubjectPublicKeyInfo;
+SECKEY_DestroyPrivateKey;
+SECKEY_DestroySubjectPublicKeyInfo;
+SECMOD_IsModulePresent;
+SECOID_FindOIDTagDescription;
+SECOID_GetAlgorithmTag;
+SEC_DeletePermCertificate;
+SEC_DeletePermCRL;
+SEC_DerSignData;
+SEC_DestroyCrl;
+SEC_FindCrlByDERCert;
+SEC_FindCrlByName;
+SEC_LookupCrls;
+SEC_NewCrl;
+;+#
+;+# The following symbols are exported only to make libssl3.so work. 
+;+# These are still private!!!
+;+#
+__CERT_NewTempCertificate;
+__PK11_CreateContextByRawKey;
+__PK11_GetKeyData;
+__nss_InitLock;
+CERT_CertChainFromCert;
+CERT_DestroyCertificateList;
+CERT_DupCertList;
+CERT_ExtractPublicKey;
+CERT_FindCertByName;
+DER_Lengths;
+DSAU_DecodeDerSig;
+DSAU_EncodeDerSig;
+HASH_GetHashObject;
+NSSRWLock_Destroy;
+NSSRWLock_HaveWriteLock;
+NSSRWLock_LockRead;
+NSSRWLock_LockWrite;
+NSSRWLock_New;
+NSSRWLock_UnlockRead;
+NSSRWLock_UnlockWrite;
+NSS_PutEnv;
+PK11_Derive;
+PK11_DeriveWithFlags;
+PK11_DigestKey;
+PK11_FindBestKEAMatch;
+PK11_FindFixedKey;
+PK11_GenerateFortezzaIV;
+PK11_GetBestKeyLength;
+PK11_GetBestSlot;
+PK11_GetBestSlotMultiple;
+PK11_GetBestWrapMechanism;
+PK11_GetCurrentWrapIndex;
+PK11_GetMechanism;
+PK11_GetModuleID;
+PK11_GetPrivateModulusLen;
+PK11_GetSlotFromKey;
+PK11_GetSlotFromPrivateKey;
+PK11_GetSlotID;
+PK11_GetSlotSeries;
+PK11_GetTokenInfo;
+PK11_GetWindow;
+PK11_GetWrapKey;
+PK11_IVFromParam;
+PK11_MakeKEAPubKey;
+PK11_ParamFromIV;
+PK11_PubDecryptRaw;
+PK11_PubDerive;
+PK11_PubEncryptRaw;
+PK11_PubUnwrapSymKey;
+PK11_PubWrapSymKey;
+PK11_ReferenceSymKey;
+PK11_RestoreContext;
+PK11_SaveContext;
+PK11_SetFortezzaHack;
+PK11_SetWrapKey;
+PK11_Sign;
+PK11_SignatureLen;
+PK11_SymKeyFromHandle;
+PK11_TokenExists;
+PK11_UnwrapSymKey;
+PK11_UnwrapSymKeyWithFlags;
+PK11_Verify;
+PK11_VerifyKeyOK;
+PK11_WrapSymKey;
+PORT_ArenaAlloc;
+PORT_ArenaZAlloc;
+PORT_FreeArena;
+PORT_NewArena;
+PORT_Realloc;
+PORT_ZAlloc;
+PORT_ZFree;
+RSA_FormatBlock;
+SECITEM_CompareItem;
+SECKEY_CreateRSAPrivateKey;
+SECKEY_DestroyPublicKey;
+SECKEY_PublicKeyStrength;
+SECKEY_UpdateCertPQG;
+SECMOD_LookupSlot;
+SGN_Begin;
+SGN_DestroyContext;
+SGN_End;
+SGN_NewContext;
+SGN_Update;
+VFY_Begin;
+VFY_CreateContext;
+VFY_DestroyContext;
+VFY_End;
+VFY_Update;
+;+#
+;+# The following symbols are exported only to make libsmime3.so work. 
+;+# These are still private!!!
+;+#
+__CERT_ClosePermCertDB;
+__CERT_DecodeDERCertificate;
+__CERT_TraversePermCertsForNickname;
+__CERT_TraversePermCertsForSubject;
+__PBE_CreateContext;
+__PBE_DestroyContext;
+__PBE_GenerateBits;
+ATOB_ConvertAsciiToItem;
+CERT_AddCertToListTail;
+CERT_CertListFromCert;
+CERT_DestroyCertArray;
+CERT_FindCertByDERCert;
+CERT_FindCertByIssuerAndSN;
+CERT_FindSMimeProfile;
+CERT_ImportCerts;
+CERT_NewCertList;
+CERT_OpenCertDBFilename;
+CERT_SaveSMimeProfile;
+CERT_VerifyCert;
+DER_GetInteger;
+DER_TimeToUTCTime;
+DER_UTCTimeToTime;
+PK11_AlgtagToMechanism;
+PK11_BlockData;
+PK11_CreatePBEAlgorithmID;
+PK11_DestroyObject;
+PK11_ExportEncryptedPrivateKeyInfo;
+PK11_ExportPrivateKeyInfo;
+PK11_FindCertAndKeyByRecipientList;
+PK11_FindCertAndKeyByRecipientListNew;
+PK11_FindCertInSlot;
+PK11_FindPrivateKeyFromCert;
+PK11_FortezzaMapSig;
+PK11_GetKeyLength;
+PK11_GetKeyStrength;
+PK11_ImportCertForKeyToSlot;
+PK11_ImportEncryptedPrivateKeyInfo;
+PK11_ImportPrivateKeyInfo;
+PK11_MapPBEMechanismToCryptoMechanism;
+PK11_PBEKeyGen;
+PK11_ParamFromAlgid;
+PK11_ParamToAlgid;
+PK11_TraverseCertsForNicknameInSlot;
+PK11_TraverseCertsForSubjectInSlot;
+PORT_ArenaGrow;
+PORT_ArenaMark;
+PORT_ArenaRelease;
+PORT_ArenaStrdup;
+PORT_ArenaUnmark;
+PORT_UCS2_ASCIIConversion;
+PORT_UCS2_UTF8Conversion;
+SECITEM_AllocItem;
+SECKEY_CopyEncryptedPrivateKeyInfo;
+SECKEY_CopyPrivateKeyInfo;
+SECKEY_DestroyEncryptedPrivateKeyInfo;
+SECKEY_DestroyPrivateKeyInfo;
+SECOID_CompareAlgorithmID;
+SECOID_CopyAlgorithmID;
+SECOID_DestroyAlgorithmID;
+SECOID_FindOID;
+SECOID_FindOIDByTag;
+SECOID_FindOIDTag;
+SECOID_SetAlgorithmID;
+SEC_ASN1DecodeInteger;
+SEC_ASN1DecodeItem;
+SEC_ASN1DecoderClearFilterProc;
+SEC_ASN1DecoderClearNotifyProc;
+SEC_ASN1DecoderFinish;
+SEC_ASN1DecoderSetFilterProc;
+SEC_ASN1DecoderSetNotifyProc;
+SEC_ASN1DecoderStart;
+SEC_ASN1DecoderUpdate;
+SEC_ASN1Encode;
+SEC_ASN1EncodeInteger;
+SEC_ASN1EncodeItem;
+SEC_ASN1EncoderClearNotifyProc;
+SEC_ASN1EncoderClearStreaming;
+SEC_ASN1EncoderClearTakeFromBuf;
+SEC_ASN1EncoderFinish;
+SEC_ASN1EncoderSetNotifyProc;
+SEC_ASN1EncoderSetStreaming;
+SEC_ASN1EncoderSetTakeFromBuf;
+SEC_ASN1EncoderStart;
+SEC_ASN1EncoderUpdate;
+SEC_ASN1LengthLength;
+SEC_PKCS5GetCryptoAlgorithm;
+SEC_PKCS5GetKeyLength;
+SEC_PKCS5GetPBEAlgorithm;
+SEC_PKCS5IsAlgorithmPBEAlg;
+SEC_SignData;
+SGN_CompareDigestInfo;
+SGN_CopyDigestInfo;
+SGN_CreateDigestInfo;
+SGN_DestroyDigestInfo;
+SGN_Digest;
+VFY_VerifyData;
+VFY_VerifyDigest;
+;+#
+;+# Data objects
+;+#
+;+# Don't export these DATA symbols on Windows because they don't work right.
+;+# Use the SEC_ASN1_GET / SEC_ASN1_SUB / SEC_ASN1_XTRN macros to access them.
+;;CERT_CrlTemplate DATA ;
+;;CERT_SignedDataTemplate DATA ;
+;;CERT_CertificateTemplate DATA ;
+;;CERT_CertificateRequestTemplate DATA ;
+;;CERT_IssuerAndSNTemplate DATA ;
+;;CERT_SetOfSignedCrlTemplate DATA ;
+;;SECKEY_DSAPublicKeyTemplate DATA ;
+;;SECKEY_EncryptedPrivateKeyInfoTemplate DATA ;
+;;SECKEY_PointerToEncryptedPrivateKeyInfoTemplate DATA ;
+;;SECKEY_PointerToPrivateKeyInfoTemplate DATA ;
+;;SECKEY_PrivateKeyInfoTemplate DATA ;
+;;SECKEY_RSAPublicKeyTemplate DATA ;
+;;SECOID_AlgorithmIDTemplate DATA ;
+;;SEC_AnyTemplate DATA ;
+;;SEC_BMPStringTemplate DATA ;
+;;SEC_BitStringTemplate DATA ;
+;;SEC_GeneralizedTimeTemplate DATA ;
+;;SEC_IA5StringTemplate DATA ;
+;;SEC_IntegerTemplate DATA ;
+;;SEC_ObjectIDTemplate DATA ;
+;;SEC_OctetStringTemplate DATA ;
+;;SEC_PointerToAnyTemplate DATA ;
+;;SEC_PointerToOctetStringTemplate DATA ;
+;;SEC_SetOfAnyTemplate DATA ;
+;;SEC_UTCTimeTemplate DATA ;
+;;sgn_DigestInfoTemplate DATA ;
+NSS_Get_CERT_CrlTemplate;
+NSS_Get_CERT_SignedDataTemplate;
+NSS_Get_CERT_CertificateTemplate;
+NSS_Get_CERT_CertificateRequestTemplate;
+NSS_Get_CERT_IssuerAndSNTemplate;
+NSS_Get_CERT_SetOfSignedCrlTemplate;
+NSS_Get_SECKEY_DSAPublicKeyTemplate;
+NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate;
+NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate;
+NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate;
+NSS_Get_SECKEY_PrivateKeyInfoTemplate;
+NSS_Get_SECKEY_RSAPublicKeyTemplate;
+NSS_Get_SECOID_AlgorithmIDTemplate;
+NSS_Get_SEC_AnyTemplate;
+NSS_Get_SEC_BMPStringTemplate;
+NSS_Get_SEC_BitStringTemplate;
+NSS_Get_SEC_GeneralizedTimeTemplate;
+NSS_Get_SEC_IA5StringTemplate;
+NSS_Get_SEC_IntegerTemplate;
+NSS_Get_SEC_ObjectIDTemplate;
+NSS_Get_SEC_OctetStringTemplate;
+NSS_Get_SEC_PointerToAnyTemplate;
+NSS_Get_SEC_PointerToOctetStringTemplate;
+NSS_Get_SEC_SetOfAnyTemplate;
+NSS_Get_SEC_UTCTimeTemplate;
+NSS_Get_sgn_DigestInfoTemplate;
+;+# commands
+CERT_DecodeBasicConstraintValue;
+CERT_DecodeOidSequence;
+CERT_DecodeUserNotice;
+CERT_DecodeCertificatePoliciesExtension;
+CERT_DestroyCertificatePoliciesExtension;
+CERT_FindCertByNicknameOrEmailAddr;
+CERT_FindCertByNickname;
+CERT_GenTime2FormattedAscii;
+CERT_Hexify;
+CERT_CompareName;
+PK11SDR_Encrypt;
+PK11SDR_Decrypt;
+NSSBase64Decoder_Create;
+NSSBase64Decoder_Destroy;
+NSSBase64Decoder_Update;
+NSSBase64Encoder_Create;
+NSSBase64Encoder_Destroy;
+NSSBase64Encoder_Update;
+;+#PK11_DoPassword;
+;+#PK11_FindKeyByKeyID;
+PK11_InitPin;
+PK11_NeedUserInit;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.2.1 {       # NSS 3.2.1 release
+;+    global:
+CERT_AddRDN;
+CERT_CreateRDN;
+CERT_CreateAVA;
+CERT_CreateName;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.3 { 	# NSS 3.3. release
+;+    global:
+CERT_CheckCertUsage;
+CERT_FindCertIssuer;
+PK11_GetModule;
+SECKEY_CreateDHPrivateKey;
+SECKEY_GetPublicKeyType;
+SECMOD_AddNewModule;
+;+#
+;+# The following symbols are exported only to make JSS work.
+;+# These are still private!!!
+;+#
+CERT_DisableOCSPChecking;
+CERT_DisableOCSPDefaultResponder;
+CERT_EnableOCSPDefaultResponder;
+CERT_GetCertTimes;
+CERT_ImportCAChainTrusted;
+CERT_ImportCRL;
+CERT_IsCACert;
+CERT_IsCADERCert;
+CERT_SetOCSPDefaultResponder;
+PBE_CreateContext;
+PBE_DestroyContext;
+PBE_GenerateBits;
+PK11_CheckSSOPassword;
+PK11_CopySymKeyForSigning;
+PK11_DeleteTokenCertAndKey;
+PK11_DEREncodePublicKey;
+PK11_ExtractKeyValue;
+PK11_FindCertsFromNickname;
+PK11_FindKeyByKeyID;
+PK11_GetIVLength;
+PK11_GetKeyData;
+PK11_GetKeyType;
+PK11_GetLowLevelKeyIDForCert;
+PK11_GetLowLevelKeyIDForPrivateKey;
+PK11_GetSlotPWValues;
+PK11_ImportCertForKey;
+PK11_ImportDERCertForKey;
+PK11_ImportDERPrivateKeyInfo;
+PK11_ImportSymKey;
+PK11_IsLoggedIn;
+PK11_KeyForDERCertExists;
+PK11_KeyForCertExists;
+PK11_ListPrivateKeysInSlot;
+PK11_ListCertsInSlot;
+PK11_Logout;
+PK11_NeedPWInit;
+PK11_MakeIDFromPubKey;
+PK11_PQG_DestroyParams;
+PK11_PQG_DestroyVerify;
+PK11_PQG_GetBaseFromParams;
+PK11_PQG_GetCounterFromVerify;
+PK11_PQG_GetHFromVerify;
+PK11_PQG_GetPrimeFromParams;
+PK11_PQG_GetSeedFromVerify;
+PK11_PQG_GetSubPrimeFromParams;
+PK11_PQG_NewParams;
+PK11_PQG_NewVerify;
+PK11_PQG_ParamGen;
+PK11_PQG_ParamGenSeedLen;
+PK11_PQG_VerifyParams;
+PK11_ReferenceSlot;
+PK11_SeedRandom;
+PK11_UnwrapPrivKey;
+PK11_VerifyRecover;
+PK11_WrapPrivKey;
+SEC_CertNicknameConflict;
+SEC_PKCS5GetIV;
+SECMOD_DeleteInternalModule;
+SECMOD_DestroyModule;
+SECMOD_GetDefaultModuleList;
+SECMOD_GetDefaultModuleListLock;
+SECMOD_GetInternalModule;
+SECMOD_GetReadLock;
+SECMOD_ReferenceModule;
+SECMOD_ReleaseReadLock;
+SECKEY_AddPrivateKeyToListTail;
+SECKEY_EncodeDERSubjectPublicKeyInfo;
+SECKEY_ExtractPublicKey;
+SECKEY_DestroyPrivateKeyList;
+SECKEY_GetPrivateKeyType;
+SECKEY_HashPassword;
+SECKEY_ImportDERPublicKey;
+SECKEY_NewPrivateKeyList;
+SECKEY_RemovePrivateKeyListNode;
+VFY_EndWithSignature;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.3.1 { 	# NSS 3.3.1 release
+;+    global:
+;+#
+;+# The following symbols are exported only to make libsmime3.so work. 
+;+# These are still private!!!
+;+#
+PK11_CreatePBEParams;
+PK11_DestroyPBEParams;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.4 { 	# NSS 3.4 release
+;+    global:
+SECMOD_AddNewModuleEx;
+SECMOD_DeleteModule;
+SECMOD_FreeModuleSpecList;
+SECMOD_GetModuleSpecList;
+SECMOD_LoadModule;
+SECMOD_LoadUserModule;
+SECMOD_UnloadUserModule;
+SECMOD_UpdateModule;
+;+# for PKCS #12
+PK11_RawPBEKeyGen;
+;+# for PSM
+__CERT_AddTempCertToPerm;
+CERT_AddOKDomainName;
+CERT_CopyName;
+CERT_CreateSubjectCertList;
+CERT_DecodeAVAValue;
+;+#CERT_DecodeCertFromPackage;
+CERT_DecodeGeneralName;
+CERT_DecodeTrustString;
+CERT_DerNameToAscii;
+CERT_EncodeGeneralName;
+CERT_FilterCertListByCANames;
+CERT_FilterCertListByUsage;
+CERT_FindCertExtension;
+CERT_FindKeyUsageExtension;
+CERT_FindUserCertByUsage;
+CERT_FindUserCertsByUsage;
+CERT_GetCertChainFromCert;
+CERT_GetOCSPAuthorityInfoAccessLocation;
+CERT_KeyFromDERCrl;
+CERT_MakeCANickname;
+CERT_NicknameStringsFromCertList;
+CERT_VerifySignedData;
+DER_Encode;
+HASH_Begin;
+HASH_Create;
+HASH_Destroy;
+HASH_End;
+HASH_ResultLen;
+HASH_Update;
+NSSBase64_DecodeBuffer;   # from Stan
+NSSBase64_EncodeItem;   # from Stan
+PK11_GetKeyGen;
+PK11_GetMinimumPwdLength;
+PK11_GetNextSafe;
+PK11_GetPadMechanism;
+PK11_GetSlotInfo;
+PK11_HasRootCerts;
+PK11_IsDisabled;
+PK11_LoadPrivKey;
+PK11_LogoutAll;
+PK11_MechanismToAlgtag;
+PK11_ResetToken;
+PK11_TraverseSlotCerts;
+SEC_ASN1Decode;
+SECKEY_CopySubjectPublicKeyInfo;
+SECMOD_CreateModule;
+SECMOD_FindModule;
+SECMOD_FindSlot;
+SECMOD_PubCipherFlagstoInternal;
+SECMOD_PubMechFlagstoInternal;
+;;CERT_NameTemplate DATA ;
+;;CERT_SubjectPublicKeyInfoTemplate DATA ;
+;;SEC_BooleanTemplate DATA ;
+;;SEC_NullTemplate DATA ;
+;;SEC_SignedCertificateTemplate DATA ;
+;;SEC_UTF8StringTemplate DATA ;
+NSS_Get_CERT_NameTemplate;
+NSS_Get_CERT_SubjectPublicKeyInfoTemplate;
+NSS_Get_SEC_BooleanTemplate;
+NSS_Get_SEC_NullTemplate;
+NSS_Get_SEC_SignedCertificateTemplate;
+NSS_Get_SEC_UTF8StringTemplate;
+;+# for JSS
+PK11_DeleteTokenPrivateKey;
+PK11_DeleteTokenPublicKey;
+PK11_DeleteTokenSymKey;
+PK11_GetNextSymKey;
+PK11_GetPQGParamsFromPrivateKey;
+PK11_GetPrivateKeyNickname;
+PK11_GetPublicKeyNickname;
+PK11_GetSymKeyNickname;
+PK11_ImportDERPrivateKeyInfoAndReturnKey;
+PK11_ImportPrivateKeyInfoAndReturnKey;
+PK11_ImportPublicKey;
+PK11_ImportSymKeyWithFlags;
+PK11_ListFixedKeysInSlot;
+PK11_ListPrivKeysInSlot;
+PK11_ListPublicKeysInSlot;
+PK11_ProtectedAuthenticationPath;
+PK11_SetPrivateKeyNickname;
+PK11_SetPublicKeyNickname;
+PK11_SetSymKeyNickname;
+SECKEY_DecodeDERSubjectPublicKeyInfo;
+SECKEY_DestroyPublicKeyList;
+;+# for debugging
+nss_DumpCertificateCacheInfo;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.5 { 	# cert creation APIs used by certutil
+;+    global:
+CERT_AddExtension;
+CERT_CopyRDN;
+CERT_CreateCertificate;
+CERT_CreateValidity;
+CERT_DestroyValidity;
+CERT_EncodeAndAddBitStrExtension;
+CERT_EncodeAuthKeyID;
+CERT_EncodeBasicConstraintValue;
+CERT_EncodeCRLDistributionPoints;
+CERT_FinishExtensions;
+CERT_StartCertExtensions;
+DER_AsciiToTime;
+PK11_ImportCert;
+PORT_Strdup;
+SECMOD_CanDeleteInternalModule;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.6 { 	# NSS 3.6 release
+;+    global:
+CERT_AddOCSPAcceptableResponses;
+CERT_CompleteCRLDecodeEntries;
+CERT_CreateOCSPCertID;
+CERT_CreateOCSPRequest;
+CERT_DecodeDERCrlWithFlags;
+CERT_DecodeOCSPResponse;
+CERT_DestroyOCSPCertID;
+CERT_DestroyOCSPRequest;
+CERT_EncodeOCSPRequest;
+CERT_FilterCertListForUserCerts;
+CERT_GetOCSPResponseStatus;
+CERT_GetOCSPStatusForCertID;
+CERT_IsUserCert;
+CERT_RemoveCertListNode;
+CERT_VerifyCACertForUsage;
+CERT_VerifyCertificate;
+CERT_VerifyCertificateNow;
+CERT_VerifyOCSPResponseSignature;
+PK11_ConvertSessionPrivKeyToTokenPrivKey;
+PK11_ConvertSessionSymKeyToTokenSymKey;
+PK11_GetModInfo;
+PK11_GetPBEIV;
+PK11_ImportCRL;
+PK11_ImportDERCert;
+PK11_PubUnwrapSymKeyWithFlags;
+PK11_SaveContextAlloc;
+PK11_TokenKeyGen;
+SEC_QuickDERDecodeItem;
+SECKEY_CopyPublicKey;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.7 { 	# NSS 3.7 release
+;+    global:
+CERT_CRLCacheRefreshIssuer;
+CERT_DestroyOCSPResponse;
+CERT_EncodeAltNameExtension;
+CERT_FindCertBySubjectKeyID;
+CERT_FindSubjectKeyIDExtension;
+CERT_GetFirstEmailAddress;
+CERT_GetNextEmailAddress;
+CERT_VerifySignedDataWithPublicKey;
+CERT_VerifySignedDataWithPublicKeyInfo;
+PK11_WaitForTokenEvent;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.7.1 { 	# NSS 3.7.1 release
+;+    global:
+PK11_TokenRefresh;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.8 { 	# NSS 3.8 release
+;+    global:
+CERT_IsRootDERCert;
+HASH_GetHashObjectByOidTag;
+HASH_GetHashTypeByOidTag;
+PK11_GetDefaultArray;
+PK11_GetDefaultFlags;
+PK11_GetDisabledReason;
+PK11_UpdateSlotAttribute;
+PK11_UserEnableSlot;
+PK11_UserDisableSlot;
+SECITEM_ItemsAreEqual;
+SECKEY_CreateECPrivateKey;
+SECKEY_PublicKeyStrengthInBits;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.9 { 	# NSS 3.9 release
+;+    global:
+CERT_DestroyOidSequence;
+CERT_GetOidString;
+;;CERT_TimeChoiceTemplate DATA ;
+DER_DecodeTimeChoice;
+DER_EncodeTimeChoice;
+DSAU_DecodeDerSigToLen;
+DSAU_EncodeDerSigWithLen;
+NSS_Get_CERT_TimeChoiceTemplate;
+PK11_DeriveWithFlagsPerm;
+PK11_ExportEncryptedPrivKeyInfo;
+PK11_FindSlotsByNames;
+PK11_GetSymKeyType;
+PK11_MoveSymKey;
+PK11_PubDeriveWithKDF;
+PK11_PubUnwrapSymKeyWithFlagsPerm;
+PK11_UnwrapSymKeyWithFlagsPerm;
+SECITEM_ArenaDupItem;
+SECMOD_GetDBModuleList;
+SECMOD_GetDeadModuleList;
+SEC_ASN1DecoderAbort;
+SEC_ASN1EncoderAbort;
+SEC_DupCrl;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.9.2 { 	# NSS 3.9.2 release
+;+    global:
+NSS_IsInitialized;
+PK11_DestroyGenericObject;
+PK11_DestroyGenericObjects;
+PK11_FindGenericObjects;
+PK11_GetNextGenericObject;
+PK11_GetPrevGenericObject;
+PK11_LinkGenericObject;
+PK11_ReadRawAttribute;
+PK11_UnlinkGenericObject;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.9.3 { 	# NSS 3.9.3 release
+;+    global:
+PK11_GetCertFromPrivateKey;
+PK11_PrivDecryptPKCS1;
+PK11_PubEncryptPKCS1;
+SECMOD_CancelWait;
+SECMOD_HasRemovableSlots;
+SECMOD_UpdateSlotList;
+SECMOD_WaitForAnyTokenEvent;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.10 { 	# NSS 3.10 release
+;+    global:
+CERT_CacheCRL;
+CERT_DecodeAltNameExtension;
+CERT_DecodeAuthInfoAccessExtension;
+CERT_DecodeAuthKeyID;
+CERT_DecodeCRLDistributionPoints;
+CERT_DecodeNameConstraintsExtension;
+CERT_DecodePrivKeyUsagePeriodExtension;
+CERT_DestroyUserNotice;
+CERT_FinishCertificateRequestAttributes;
+CERT_GetCertificateNames;
+CERT_GetCertificateRequestExtensions;
+CERT_GetNextGeneralName;
+CERT_GetNextNameConstraint;
+CERT_GetPrevGeneralName;
+CERT_GetPrevNameConstraint;
+CERT_MergeExtensions;
+CERT_StartCertificateRequestAttributes;
+CERT_StartCRLEntryExtensions;
+CERT_StartCRLExtensions;
+CERT_UncacheCRL;
+HASH_Clone;
+HASH_HashBuf;
+HASH_ResultLenByOidTag;
+HASH_ResultLenContext;
+SEC_GetSignatureAlgorithmOidTag;
+SECKEY_CacheStaticFlags;
+SECOID_AddEntry;
+;+#
+;+# Data objects
+;+#
+;+# Don't export these DATA symbols on Windows because they don't work right.
+;+# Use the SEC_ASN1_GET / SEC_ASN1_SUB / SEC_ASN1_XTRN macros to access them.
+;;CERT_SequenceOfCertExtensionTemplate DATA ;
+;;CERT_SignedCrlTemplate DATA ;
+NSS_Get_CERT_SequenceOfCertExtensionTemplate;
+NSS_Get_CERT_SignedCrlTemplate;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.10.2 { 	# NSS 3.10.2 release
+;+    global:
+PK11_TokenKeyGenWithFlags;
+PK11_GenerateKeyPairWithFlags;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.11 { 	# NSS 3.11 release
+;+    global:
+CERT_CompareValidityTimes;
+PK11_CopyTokenPrivKeyToSessionPrivKey;
+PK11_FreeSlotListElement;
+PK11_GenerateRandomOnSlot;
+PK11_GetSymKeyUserData;
+PK11_MapSignKeyType;
+PK11_SetSymKeyUserData;
+SECMOD_CloseUserDB;
+SECMOD_HasRootCerts;
+SECMOD_OpenUserDB;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.11.1 {
+;+    global:
+NSS_RegisterShutdown;
+NSS_UnregisterShutdown;
+SEC_ASN1EncodeUnsignedInteger;
+SEC_RegisterDefaultHttpClient;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.11.2 {
+;+    global:
+SECKEY_SignatureLen;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.11.7 {
+;+    global:
+CERT_SetOCSPFailureMode;
+CERT_OCSPCacheSettings;
+CERT_ClearOCSPCache;
+DER_GeneralizedDayToAscii;
+DER_TimeChoiceDayToAscii;
+DER_TimeToGeneralizedTime;
+DER_TimeToGeneralizedTimeArena;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.11.9 {
+;+    global:
+PK11_UnconfigurePKCS11;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12 { 	# NSS 3.12 release
+;+    global:
+CERT_CheckNameSpace;
+CERT_EncodeCertPoliciesExtension;
+CERT_EncodeInfoAccessExtension;
+CERT_EncodeInhibitAnyExtension;
+CERT_EncodeNoticeReference;
+CERT_EncodePolicyConstraintsExtension;
+CERT_EncodePolicyMappingExtension;
+CERT_EncodeSubjectKeyID;
+CERT_EncodeUserNotice;
+CERT_FindCRLEntryReasonExten;
+CERT_FindCRLNumberExten;
+CERT_FindNameConstraintsExten;
+CERT_GetClassicOCSPDisabledPolicy;
+CERT_GetClassicOCSPEnabledHardFailurePolicy;
+CERT_GetClassicOCSPEnabledSoftFailurePolicy;
+CERT_GetPKIXVerifyNistRevocationPolicy;
+CERT_GetUsePKIXForValidation;
+CERT_GetValidDNSPatternsFromCert;
+CERT_NewTempCertificate;
+CERT_SetOCSPTimeout;
+CERT_SetUsePKIXForValidation;
+CERT_PKIXVerifyCert;
+HASH_GetType;
+NSS_InitWithMerge;
+PK11_CreateMergeLog;
+PK11_CreateGenericObject;
+PK11_CreatePBEV2AlgorithmID;
+PK11_DestroyMergeLog;
+PK11_GenerateKeyPairWithOpFlags;
+PK11_GetAllSlotsForCert;
+PK11_GetPBECryptoMechanism;
+PK11_IsRemovable;
+PK11_MergeTokens;
+PK11_WriteRawAttribute;
+SECKEY_ECParamsToBasePointOrderLen;
+SECKEY_ECParamsToKeySize;
+SECMOD_DeleteModuleEx;
+SEC_GetRegisteredHttpClient;
+SEC_PKCS5IsAlgorithmPBEAlgTag;
+VFY_CreateContextDirect;
+VFY_CreateContextWithAlgorithmID;
+VFY_VerifyDataDirect;
+VFY_VerifyDataWithAlgorithmID;
+VFY_VerifyDigestDirect;
+VFY_VerifyDigestWithAlgorithmID;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.1 { 	# NSS 3.12.1 release
+;+    global:
+CERT_NameToAsciiInvertible;
+PK11_FindCertFromDERCertItem;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.3 { 	# NSS 3.12.3 release
+;+    global:
+CERT_CompareCerts;
+CERT_RegisterAlternateOCSPAIAInfoCallBack;
+PK11_GetSymKeyHandle;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.4 { 	# NSS 3.12.4 release
+;+    global:
+PK11_IsInternalKeySlot;
+SECMOD_OpenNewSlot;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.5 { 	# NSS 3.12.5 release
+;+    global:
+CERT_AddCertToListSorted;
+NSS_InitContext;
+NSS_ShutdownContext;
+SECMOD_GetDefaultModDBFlag;
+SECMOD_GetSkipFirstFlag;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.6 { 	# NSS 3.12.6 release
+;+    global:
+CERT_CacheOCSPResponseFromSideChannel;
+CERT_DistNamesFromCertList;
+CERT_DupDistNames;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.7 { 	# NSS 3.12.7 release
+;+    global:
+CERT_GetConstrainedCertificateNames;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.9 {  # NSS 3.12.9 release
+;+    global:
+CERT_FindCertByNicknameOrEmailAddrForUsage;
+PK11_DeriveWithTemplate;
+PK11_FindCertsFromEmailAddress;
+PK11_KeyGenWithTemplate;
+SECMOD_RestartModules;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.10 {  # NSS 3.12.10 release
+;+    global:
+CERT_AllocCERTRevocationFlags;
+CERT_DestroyCERTRevocationFlags;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.13 { 	# NSS 3.13 release
+;+    global:
+;;SECKEY_RSAPSSParamsTemplate DATA ;
+NSS_Get_SECKEY_RSAPSSParamsTemplate;
+NSS_GetVersion;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.13.2 { 	# NSS 3.13.2 release
+;+    global:
+PK11_ImportEncryptedPrivateKeyInfoAndReturnKey;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.14 { 	# NSS 3.14 release
+;+    global:
+CERT_CheckOCSPStatus;
+CERT_DecodeOCSPRequest;
+CERT_GetEncodedOCSPResponse;
+PK11_GetBestSlotWithAttributes;
+PK11_GetBestSlotMultipleWithAttributes;
+PK11_PQG_ParamGenV2;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.14.1 {    # NSS 3.14.1 release
+;+    global:
+CERT_CreateEncodedOCSPErrorResponse;
+CERT_CreateEncodedOCSPSuccessResponse;
+CERT_CreateOCSPSingleResponseGood;
+CERT_CreateOCSPSingleResponseUnknown;
+CERT_CreateOCSPSingleResponseRevoked;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.14.3 { 	# NSS 3.14.3 release
+;+    global:
+PK11_SignWithSymKey;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.15 { 	# NSS 3.15 release
+;+    global:
+CERT_EncodeNameConstraintsExtension;
+PK11_Decrypt;
+PK11_Encrypt;
+CERT_PostOCSPRequest;
+CERT_AddCertToListHead;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.15.4 { 	# NSS 3.15.4 release
+;+    global:
+CERT_ForcePostMethodForOCSP;
+CERT_GetSubjectNameDigest;
+CERT_GetSubjectPublicKeyDigest;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.16.1 { 	# NSS 3.16.1 release
+;+    global:
+PK11_ExportDERPrivateKeyInfo;
+PK11_ExportPrivKeyInfo;
+SECMOD_InternaltoPubMechFlags;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.16.2 { 	# NSS 3.16.2 release
+;+    global:
+CERT_AddExtensionByOID;
+CERT_GetGeneralNameTypeFromString;
+PK11_PubEncrypt;
+PK11_PrivDecrypt;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.18 { 	# NSS 3.18 release
+;+    global:
+__PK11_SetCertificateNickname;
+SEC_CheckCrlTimes;
+SEC_GetCrlTimes;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.19 { 	# NSS 3.19 release
+;+    global:
+CERT_GetImposedNameConstraints;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.19.1 { 	# NSS 3.19.1 release
+;+    global:
+SECKEY_BigIntegerBitLength;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.21 { 	# NSS 3.21 release
+;+    global:
+NSS_OptionGet;
+NSS_OptionSet;
+SECMOD_CreateModuleEx;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.22 { 	# NSS 3.22 release
+;+    global:
+PK11_SignWithMechanism;
+PK11_VerifyWithMechanism;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.30 { 	# NSS 3.30 release
+;+    global:
+CERT_CompareAVA;
+PK11_HasAttributeSet;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/nss/nss.gyp b/nss/lib/nss/nss.gyp
new file mode 100644
index 0000000..56984d9
--- /dev/null
+++ b/nss/lib/nss/nss.gyp
@@ -0,0 +1,83 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nss_static',
+      'type': 'static_library',
+      'sources': [
+        'nssinit.c',
+        'nssoptions.c',
+        'nssver.c',
+        'utilwrap.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ]
+    },
+    {
+      # This is here so Firefox can link this without having to
+      # repeat the list of dependencies.
+      'target_name': 'nss3_deps',
+      'type': 'none',
+      'dependencies': [
+        'nss_static',
+        '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+        '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+        '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+        '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+        '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+        '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+        '<(DEPTH)/lib/base/base.gyp:nssb',
+      ],
+      'conditions': [
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
+            '<(DEPTH)/lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
+            '<(DEPTH)/lib/libpkix/pkix/params/params.gyp:pkixparams',
+            '<(DEPTH)/lib/libpkix/pkix/results/results.gyp:pkixresults',
+            '<(DEPTH)/lib/libpkix/pkix/top/top.gyp:pkixtop',
+            '<(DEPTH)/lib/libpkix/pkix/util/util.gyp:pkixutil',
+            '<(DEPTH)/lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
+            '<(DEPTH)/lib/libpkix/pkix/store/store.gyp:pkixstore',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
+            '<(DEPTH)/lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule'
+          ],
+          }],
+        ],
+    },
+    {
+      'target_name': 'nss3',
+      'type': 'shared_library',
+      'dependencies': [
+        'nss3_deps',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+      ],
+      'variables': {
+        'mapfile': 'nss.def'
+      }
+    }
+  ],
+  'conditions': [
+    [ 'moz_fold_libs==1', {
+      'targets': [
+        {
+          'target_name': 'nss3_static',
+          'type': 'static_library',
+          'dependencies': [
+            'nss3_deps',
+          ],
+        }
+      ],
+    }],
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/nss/nss.h b/nss/lib/nss/nss.h
new file mode 100644
index 0000000..52a73db
--- /dev/null
+++ b/nss/lib/nss/nss.h
@@ -0,0 +1,322 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __nss_h_
+#define __nss_h_
+
+/* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */
+#if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
+#define _NSS_CUSTOMIZED " (Customized build)"
+#else
+#define _NSS_CUSTOMIZED
+#endif
+
+/*
+ * NSS's major version, minor version, patch level, build number, and whether
+ * this is a beta release.
+ *
+ * The format of the version string should be
+ *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
+ */
+#define NSS_VERSION "3.30.1" _NSS_CUSTOMIZED
+#define NSS_VMAJOR 3
+#define NSS_VMINOR 30
+#define NSS_VPATCH 1
+#define NSS_VBUILD 0
+#define NSS_BETA PR_FALSE
+
+#ifndef RC_INVOKED
+
+#include "seccomon.h"
+
+typedef struct NSSInitParametersStr NSSInitParameters;
+
+/*
+ * parameters used to initialize softoken. Mostly strings used to
+ * internationalize softoken. Memory for the strings are owned by the caller,
+ * who is free to free them once NSS_ContextInit returns. If the string
+ * parameter is NULL (as opposed to empty, zero length), then the softoken
+ * default is used. These are equivalent to the parameters for
+ * PK11_ConfigurePKCS11().
+ *
+ * field names match their equivalent parameter names for softoken strings
+ * documented at https://developer.mozilla.org/en/PKCS11_Module_Specs.
+ *
+ * minPWLen
+ *     Minimum password length in bytes.
+ * manufacturerID
+ *     Override the default manufactureID value for the module returned in
+ *     the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an
+ *     internationalize string (UTF8). This value will be truncated at 32
+ *     bytes (not including the trailing NULL, partial UTF8 characters will be
+ *     dropped).
+ * libraryDescription
+ *     Override the default libraryDescription value for the module returned in
+ *     the CK_INFO structure with an internationalize string (UTF8). This value
+ *     will be truncated at 32 bytes(not including the trailing NULL, partial
+ *     UTF8 characters will be dropped).
+ * cryptoTokenDescription
+ *     Override the default label value for the internal crypto token returned
+ *     in the CK_TOKEN_INFO structure with an internationalize string (UTF8).
+ *     This value will be truncated at 32 bytes (not including the trailing
+ *     NULL, partial UTF8 characters will be dropped).
+ * dbTokenDescription
+ *     Override the default label value for the internal DB token returned in
+ *     the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
+ *     value will be truncated at 32 bytes (not including the trailing NULL,
+ *     partial UTF8 characters will be dropped).
+ * FIPSTokenDescription
+ *     Override the default label value for the internal FIPS token returned in
+ *     the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
+ *     value will be truncated at 32 bytes (not including the trailing NULL,
+ *     partial UTF8 characters will be dropped).
+ * cryptoSlotDescription
+ *     Override the default slotDescription value for the internal crypto token
+ *     returned in the CK_SLOT_INFO structure with an internationalize string
+ *     (UTF8). This value will be truncated at 64 bytes (not including the
+ *     trailing NULL, partial UTF8 characters will be dropped).
+ * dbSlotDescription
+ *     Override the default slotDescription value for the internal DB token
+ *     returned in the CK_SLOT_INFO structure with an internationalize string
+ *     (UTF8). This value will be truncated at 64 bytes (not including the
+ *     trailing NULL, partial UTF8 characters will be dropped).
+ * FIPSSlotDescription
+ *     Override the default slotDecription value for the internal FIPS token
+ *     returned in the CK_SLOT_INFO structure with an internationalize string
+ *     (UTF8). This value will be truncated at 64 bytes (not including the
+ *     trailing NULL, partial UTF8 characters will be dropped).
+ *
+ */
+struct NSSInitParametersStr {
+    unsigned int length; /* allow this structure to grow in the future,
+                                * must be set */
+    PRBool passwordRequired;
+    int minPWLen;
+    char *manufactureID;      /* variable names for strings match the */
+    char *libraryDescription; /*   parameter name in softoken */
+    char *cryptoTokenDescription;
+    char *dbTokenDescription;
+    char *FIPSTokenDescription;
+    char *cryptoSlotDescription;
+    char *dbSlotDescription;
+    char *FIPSSlotDescription;
+};
+
+SEC_BEGIN_PROTOS
+
+/*
+ * Return a boolean that indicates whether the underlying library
+ * will perform as the caller expects.
+ *
+ * The only argument is a string, which should be the version
+ * identifier of the NSS library. That string will be compared
+ * against a string that represents the actual build version of
+ * the NSS library.
+ */
+extern PRBool NSS_VersionCheck(const char *importedVersion);
+
+/*
+ * Returns a const string of the NSS library version.
+ */
+extern const char *NSS_GetVersion(void);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read only.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ */
+extern SECStatus NSS_Init(const char *configdir);
+
+/*
+ * Returns whether NSS has already been initialized or not.
+ */
+extern PRBool NSS_IsInitialized(void);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read/write.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ */
+extern SECStatus NSS_InitReadWrite(const char *configdir);
+
+/*
+ * Open the Cert, Key, and Security Module databases, read/write.
+ * Initialize the Random Number Generator.
+ * Does not initialize the cipher policies or enables.
+ * Default policy settings disallow all ciphers.
+ *
+ * This allows using application defined prefixes for the cert and key db's
+ * and an alternate name for the secmod database. NOTE: In future releases,
+ * the database prefixes my not necessarily map to database names.
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ *                      "https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ *                      "https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * flags - change the open options of NSS_Initialize as follows:
+ *      NSS_INIT_READONLY - Open the databases read only.
+ *      NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just
+ *                      initialize the volatile certdb.
+ *      NSS_INIT_NOMODDB  - Don't open the security module DB, just
+ *                      initialize the  PKCS #11 module.
+ *      NSS_INIT_FORCEOPEN - Continue to force initializations even if the
+ *                      databases cannot be opened.
+ *      NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
+ *                      automatically.
+ *      NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
+ *      NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
+ *                      thread-safe, ie. that support locking - either OS
+ *                      locking or NSS-provided locks . If a PKCS#11
+ *                      module isn't thread-safe, don't serialize its
+ *                      calls; just don't load it instead. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example the Java SunPKCS11 provider.
+ *      NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
+ *                      error when loading PKCS#11 modules. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example Java SunPKCS11 provider.
+ *      NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
+ *                      PKCS#11 module. This may be necessary in order to
+ *                      ensure continuous operation and proper shutdown
+ *                      sequence if another piece of code is using the same
+ *                      PKCS#11 modules that NSS is accessing without going
+ *                      through NSS, for example Java SunPKCS11 provider.
+ *                      The following limitation applies when this is set :
+ *                      SECMOD_WaitForAnyTokenEvent will not use
+ *                      C_WaitForSlotEvent, in order to prevent the need for
+ *                      C_Finalize. This call will be emulated instead.
+ *      NSS_INIT_RESERVED - Currently has no effect, but may be used in the
+ *                      future to trigger better cooperation between PKCS#11
+ *                      modules used by both NSS and the Java SunPKCS11
+ *                      provider. This should occur after a new flag is defined
+ *                      for C_Initialize by the PKCS#11 working group.
+ *      NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
+ *                      use both NSS and the Java SunPKCS11 provider.
+ *
+ * Also NOTE: This is not the recommended method for initializing NSS.
+ * The preferred method is NSS_init().
+ */
+#define NSS_INIT_READONLY 0x1
+#define NSS_INIT_NOCERTDB 0x2
+#define NSS_INIT_NOMODDB 0x4
+#define NSS_INIT_FORCEOPEN 0x8
+#define NSS_INIT_NOROOTINIT 0x10
+#define NSS_INIT_OPTIMIZESPACE 0x20
+#define NSS_INIT_PK11THREADSAFE 0x40
+#define NSS_INIT_PK11RELOAD 0x80
+#define NSS_INIT_NOPK11FINALIZE 0x100
+#define NSS_INIT_RESERVED 0x200
+
+#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE |     \
+                               NSS_INIT_PK11RELOAD |     \
+                               NSS_INIT_NOPK11FINALIZE | \
+                               NSS_INIT_RESERVED
+
+#define SECMOD_DB "secmod.db"
+
+typedef struct NSSInitContextStr NSSInitContext;
+
+extern SECStatus NSS_Initialize(const char *configdir,
+                                const char *certPrefix, const char *keyPrefix,
+                                const char *secmodName, PRUint32 flags);
+
+extern NSSInitContext *NSS_InitContext(const char *configdir,
+                                       const char *certPrefix, const char *keyPrefix,
+                                       const char *secmodName, NSSInitParameters *initParams, PRUint32 flags);
+
+extern SECStatus NSS_ShutdownContext(NSSInitContext *);
+
+/*
+ * same as NSS_Init, but checks to see if we need to merge an
+ * old database in.
+ *   updatedir is the directory where the old database lives.
+ *   updCertPrefix is the certPrefix for the old database.
+ *   updKeyPrefix is the keyPrefix for the old database.
+ *   updateID is a unique identifier chosen by the application for
+ *      the specific database.
+ *   updatName is the name the user will be prompted for when
+ *      asking to authenticate to the old database  */
+extern SECStatus NSS_InitWithMerge(const char *configdir,
+                                   const char *certPrefix, const char *keyPrefix, const char *secmodName,
+                                   const char *updatedir, const char *updCertPrefix,
+                                   const char *updKeyPrefix, const char *updateID,
+                                   const char *updateName, PRUint32 flags);
+/*
+ * initialize NSS without a creating cert db's, key db's, or secmod db's.
+ */
+SECStatus NSS_NoDB_Init(const char *configdir);
+
+/*
+ * Allow applications and libraries to register with NSS so that they are called
+ * when NSS shuts down.
+ *
+ * void *appData application specific data passed in by the application at
+ * NSS_RegisterShutdown() time.
+ * void *nssData is NULL in this release, but is reserved for future versions of
+ * NSS to pass some future status information * back to the shutdown function.
+ *
+ * If the shutdown function returns SECFailure,
+ * Shutdown will still complete, but NSS_Shutdown() will return SECFailure.
+ */
+typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData);
+
+/*
+ * Register a shutdown function.
+ */
+SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
+
+/*
+ * Remove an existing shutdown function (you may do this if your library is
+ * complete and going away, but NSS is still running).
+ */
+SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
+
+/* Available options for NSS_OptionSet() and NSS_OptionGet().
+ */
+#define NSS_RSA_MIN_KEY_SIZE 0x001
+#define NSS_DH_MIN_KEY_SIZE 0x002
+#define NSS_DSA_MIN_KEY_SIZE 0x004
+#define NSS_TLS_VERSION_MIN_POLICY 0x008
+#define NSS_TLS_VERSION_MAX_POLICY 0x009
+#define NSS_DTLS_VERSION_MIN_POLICY 0x00a
+#define NSS_DTLS_VERSION_MAX_POLICY 0x00b
+
+/*
+ * Set and get global options for the NSS library.
+ */
+SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value);
+SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value);
+
+/*
+ * Close the Cert, Key databases.
+ */
+extern SECStatus NSS_Shutdown(void);
+
+/*
+ * set the PKCS #11 strings for the internal token.
+ */
+void PK11_ConfigurePKCS11(const char *man, const char *libdesc,
+                          const char *tokdesc, const char *ptokdesc, const char *slotdesc,
+                          const char *pslotdesc, const char *fslotdesc, const char *fpslotdesc,
+                          int minPwd, int pwRequired);
+
+/*
+ * Dump the contents of the certificate cache and the temporary cert store.
+ * Use to detect leaked references of certs at shutdown time.
+ */
+void nss_DumpCertificateCacheInfo(void);
+
+SEC_END_PROTOS
+
+#endif /* RC_INVOKED */
+#endif /* __nss_h_ */
diff --git a/nss/lib/nss/nss.rc b/nss/lib/nss/nss.rc
new file mode 100644
index 0000000..6b6fd5f
--- /dev/null
+++ b/nss/lib/nss/nss.rc
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include <winver.h>
+
+#define MY_LIBNAME "nss"
+#define MY_FILEDESCRIPTION "NSS Base Library"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if NSS_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
+ PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", NSS_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", NSS_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/nss/nssinit.c b/nss/lib/nss/nssinit.c
new file mode 100644
index 0000000..5d62d47
--- /dev/null
+++ b/nss/lib/nss/nssinit.c
@@ -0,0 +1,1372 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <ctype.h>
+#include <string.h>
+#include "seccomon.h"
+#include "prinit.h"
+#include "prprf.h"
+#include "prmem.h"
+#include "cert.h"
+#include "key.h"
+#include "secmod.h"
+#include "secoid.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "nssbase.h"
+#include "nssutil.h"
+
+#ifndef NSS_DISABLE_LIBPKIX
+#include "pkixt.h"
+#include "pkix.h"
+#include "pkix_tools.h"
+#endif /* NSS_DISABLE_LIBPKIX */
+
+#include "pki3hack.h"
+#include "certi.h"
+#include "secmodi.h"
+#include "ocspti.h"
+#include "ocspi.h"
+#include "utilpars.h"
+
+/*
+ * On Windows nss3.dll needs to export the symbol 'mktemp' to be
+ * fully backward compatible with the nss3.dll in NSS 3.2.x and
+ * 3.3.x.  This symbol was unintentionally exported and its
+ * definition (in DBM) was moved from nss3.dll to softokn3.dll
+ * in NSS 3.4.  See bug 142575.
+ */
+#ifdef WIN32_NSS3_DLL_COMPAT
+#include <io.h>
+
+/* exported as 'mktemp' */
+char *
+nss_mktemp(char *path)
+{
+    return _mktemp(path);
+}
+#endif
+
+#define NSS_MAX_FLAG_SIZE sizeof("readOnly") + sizeof("noCertDB") +                                  \
+                              sizeof("noModDB") + sizeof("forceOpen") + sizeof("passwordRequired") + \
+                              sizeof("optimizeSpace")
+#define NSS_DEFAULT_MOD_NAME "NSS Internal Module"
+
+static char *
+nss_makeFlags(PRBool readOnly, PRBool noCertDB,
+              PRBool noModDB, PRBool forceOpen,
+              PRBool passwordRequired, PRBool optimizeSpace)
+{
+    char *flags = (char *)PORT_Alloc(NSS_MAX_FLAG_SIZE);
+    PRBool first = PR_TRUE;
+
+    PORT_Memset(flags, 0, NSS_MAX_FLAG_SIZE);
+    if (readOnly) {
+        PORT_Strcat(flags, "readOnly");
+        first = PR_FALSE;
+    }
+    if (noCertDB) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "noCertDB");
+        first = PR_FALSE;
+    }
+    if (noModDB) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "noModDB");
+        first = PR_FALSE;
+    }
+    if (forceOpen) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "forceOpen");
+        first = PR_FALSE;
+    }
+    if (passwordRequired) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "passwordRequired");
+        first = PR_FALSE;
+    }
+    if (optimizeSpace) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "optimizeSpace");
+    }
+    return flags;
+}
+
+/*
+ * build config string from individual internationalized strings
+ */
+char *
+nss_MkConfigString(const char *man, const char *libdesc, const char *tokdesc,
+                   const char *ptokdesc, const char *slotdesc, const char *pslotdesc,
+                   const char *fslotdesc, const char *fpslotdesc, int minPwd)
+{
+    char *strings = NULL;
+    char *newStrings;
+
+    /* make sure the internationalization was done correctly... */
+    strings = PR_smprintf("");
+    if (strings == NULL)
+        return NULL;
+
+    if (man) {
+        newStrings = PR_smprintf("%s manufacturerID='%s'", strings, man);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    if (libdesc) {
+        newStrings = PR_smprintf("%s libraryDescription='%s'", strings, libdesc);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    if (tokdesc) {
+        newStrings = PR_smprintf("%s cryptoTokenDescription='%s'", strings,
+                                 tokdesc);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    if (ptokdesc) {
+        newStrings = PR_smprintf("%s dbTokenDescription='%s'", strings, ptokdesc);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    if (slotdesc) {
+        newStrings = PR_smprintf("%s cryptoSlotDescription='%s'", strings,
+                                 slotdesc);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    if (pslotdesc) {
+        newStrings = PR_smprintf("%s dbSlotDescription='%s'", strings, pslotdesc);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    if (fslotdesc) {
+        newStrings = PR_smprintf("%s FIPSSlotDescription='%s'",
+                                 strings, fslotdesc);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    if (fpslotdesc) {
+        newStrings = PR_smprintf("%s FIPSTokenDescription='%s'",
+                                 strings, fpslotdesc);
+        PR_smprintf_free(strings);
+        strings = newStrings;
+    }
+    if (strings == NULL)
+        return NULL;
+
+    newStrings = PR_smprintf("%s minPS=%d", strings, minPwd);
+    PR_smprintf_free(strings);
+    strings = newStrings;
+
+    return (strings);
+}
+
+/*
+ * statics to remember the PK11_ConfigurePKCS11()
+ * info.
+ */
+static char *pk11_config_strings = NULL;
+static char *pk11_config_name = NULL;
+static PRBool pk11_password_required = PR_FALSE;
+
+/*
+ * this is a legacy configuration function which used to be part of
+ * the PKCS #11 internal token.
+ */
+void
+PK11_ConfigurePKCS11(const char *man, const char *libdesc, const char *tokdesc,
+                     const char *ptokdesc, const char *slotdesc, const char *pslotdesc,
+                     const char *fslotdesc, const char *fpslotdesc, int minPwd,
+                     int pwRequired)
+{
+    char *strings;
+
+    strings = nss_MkConfigString(man, libdesc, tokdesc, ptokdesc, slotdesc,
+                                 pslotdesc, fslotdesc, fpslotdesc, minPwd);
+    if (strings == NULL) {
+        return;
+    }
+
+    if (libdesc) {
+        if (pk11_config_name != NULL) {
+            PORT_Free(pk11_config_name);
+        }
+        pk11_config_name = PORT_Strdup(libdesc);
+    }
+
+    if (pk11_config_strings != NULL) {
+        PR_smprintf_free(pk11_config_strings);
+    }
+    pk11_config_strings = strings;
+    pk11_password_required = pwRequired;
+
+    return;
+}
+
+void
+PK11_UnconfigurePKCS11(void)
+{
+    if (pk11_config_strings != NULL) {
+        PR_smprintf_free(pk11_config_strings);
+        pk11_config_strings = NULL;
+    }
+    if (pk11_config_name) {
+        PORT_Free(pk11_config_name);
+        pk11_config_name = NULL;
+    }
+}
+
+/*
+ * The following code is an attempt to automagically find the external root
+ * module.
+ * Note: Keep the #if-defined chunks in order. HPUX must select before UNIX.
+ */
+
+static const char *dllname =
+#if defined(XP_WIN32) || defined(XP_OS2)
+    "nssckbi.dll";
+#elif defined(HPUX) && !defined(__ia64) /* HP-UX PA-RISC */
+    "libnssckbi.sl";
+#elif defined(DARWIN)
+    "libnssckbi.dylib";
+#elif defined(XP_UNIX) || defined(XP_BEOS)
+    "libnssckbi.so";
+#else
+#error "Uh! Oh! I don't know about this platform."
+#endif
+
+/* Should we have platform ifdefs here??? */
+#define FILE_SEP '/'
+
+static void
+nss_FindExternalRootPaths(const char *dbpath,
+                          const char *secmodprefix,
+                          char **retoldpath, char **retnewpath)
+{
+    char *path, *oldpath = NULL, *lastsep;
+    int len, path_len, secmod_len, dll_len;
+
+    path_len = PORT_Strlen(dbpath);
+    secmod_len = secmodprefix ? PORT_Strlen(secmodprefix) : 0;
+    dll_len = PORT_Strlen(dllname);
+    len = path_len + secmod_len + dll_len + 2; /* FILE_SEP + NULL */
+
+    path = PORT_Alloc(len);
+    if (path == NULL)
+        return;
+
+    /* back up to the top of the directory */
+    PORT_Memcpy(path, dbpath, path_len);
+    if (path[path_len - 1] != FILE_SEP) {
+        path[path_len++] = FILE_SEP;
+    }
+    PORT_Strcpy(&path[path_len], dllname);
+    if (secmod_len > 0) {
+        lastsep = PORT_Strrchr(secmodprefix, FILE_SEP);
+        if (lastsep) {
+            int secmoddir_len = lastsep - secmodprefix + 1; /* FILE_SEP */
+            oldpath = PORT_Alloc(len);
+            if (oldpath == NULL) {
+                PORT_Free(path);
+                return;
+            }
+            PORT_Memcpy(oldpath, path, path_len);
+            PORT_Memcpy(&oldpath[path_len], secmodprefix, secmoddir_len);
+            PORT_Strcpy(&oldpath[path_len + secmoddir_len], dllname);
+        }
+    }
+    *retoldpath = oldpath;
+    *retnewpath = path;
+    return;
+}
+
+static void
+nss_FreeExternalRootPaths(char *oldpath, char *path)
+{
+    if (path) {
+        PORT_Free(path);
+    }
+    if (oldpath) {
+        PORT_Free(oldpath);
+    }
+}
+
+static void
+nss_FindExternalRoot(const char *dbpath, const char *secmodprefix)
+{
+    char *path = NULL;
+    char *oldpath = NULL;
+    PRBool hasrootcerts = PR_FALSE;
+
+    /*
+     * 'oldpath' is the external root path in NSS 3.3.x or older.
+     * For backward compatibility we try to load the root certs
+     * module with the old path first.
+     */
+    nss_FindExternalRootPaths(dbpath, secmodprefix, &oldpath, &path);
+    if (oldpath) {
+        (void)SECMOD_AddNewModule("Root Certs", oldpath, 0, 0);
+        hasrootcerts = SECMOD_HasRootCerts();
+    }
+    if (path && !hasrootcerts) {
+        (void)SECMOD_AddNewModule("Root Certs", path, 0, 0);
+    }
+    nss_FreeExternalRootPaths(oldpath, path);
+    return;
+}
+
+/*
+ * see nss_Init for definitions of the various options.
+ *
+ * this function builds a moduleSpec string from the options and previously
+ * set statics (from PKCS11_Configure, for instance), and uses it to kick off
+ * the loading of the various PKCS #11 modules.
+ */
+static SECMODModule *
+nss_InitModules(const char *configdir, const char *certPrefix,
+                const char *keyPrefix, const char *secmodName,
+                const char *updateDir, const char *updCertPrefix,
+                const char *updKeyPrefix, const char *updateID,
+                const char *updateName, char *configName, char *configStrings,
+                PRBool pwRequired, PRBool readOnly, PRBool noCertDB,
+                PRBool noModDB, PRBool forceOpen, PRBool optimizeSpace,
+                PRBool isContextInit)
+{
+    SECMODModule *module = NULL;
+    char *moduleSpec = NULL;
+    char *flags = NULL;
+    char *lconfigdir = NULL;
+    char *lcertPrefix = NULL;
+    char *lkeyPrefix = NULL;
+    char *lsecmodName = NULL;
+    char *lupdateDir = NULL;
+    char *lupdCertPrefix = NULL;
+    char *lupdKeyPrefix = NULL;
+    char *lupdateID = NULL;
+    char *lupdateName = NULL;
+
+    if (NSS_InitializePRErrorTable() != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    flags = nss_makeFlags(readOnly, noCertDB, noModDB, forceOpen,
+                          pwRequired, optimizeSpace);
+    if (flags == NULL)
+        return NULL;
+
+    /*
+     * configdir is double nested, and Windows uses the same character
+     * for file seps as we use for escapes! (sigh).
+     */
+    lconfigdir = NSSUTIL_DoubleEscape(configdir, '\'', '\"');
+    if (lconfigdir == NULL) {
+        goto loser;
+    }
+    lcertPrefix = NSSUTIL_DoubleEscape(certPrefix, '\'', '\"');
+    if (lcertPrefix == NULL) {
+        goto loser;
+    }
+    lkeyPrefix = NSSUTIL_DoubleEscape(keyPrefix, '\'', '\"');
+    if (lkeyPrefix == NULL) {
+        goto loser;
+    }
+    lsecmodName = NSSUTIL_DoubleEscape(secmodName, '\'', '\"');
+    if (lsecmodName == NULL) {
+        goto loser;
+    }
+    lupdateDir = NSSUTIL_DoubleEscape(updateDir, '\'', '\"');
+    if (lupdateDir == NULL) {
+        goto loser;
+    }
+    lupdCertPrefix = NSSUTIL_DoubleEscape(updCertPrefix, '\'', '\"');
+    if (lupdCertPrefix == NULL) {
+        goto loser;
+    }
+    lupdKeyPrefix = NSSUTIL_DoubleEscape(updKeyPrefix, '\'', '\"');
+    if (lupdKeyPrefix == NULL) {
+        goto loser;
+    }
+    lupdateID = NSSUTIL_DoubleEscape(updateID, '\'', '\"');
+    if (lupdateID == NULL) {
+        goto loser;
+    }
+    lupdateName = NSSUTIL_DoubleEscape(updateName, '\'', '\"');
+    if (lupdateName == NULL) {
+        goto loser;
+    }
+
+    moduleSpec = PR_smprintf(
+        "name=\"%s\" parameters=\"configdir='%s' certPrefix='%s' keyPrefix='%s' "
+        "secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' "
+        "updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s\" "
+        "NSS=\"flags=internal,moduleDB,moduleDBOnly,critical%s\"",
+        configName ? configName : NSS_DEFAULT_MOD_NAME,
+        lconfigdir, lcertPrefix, lkeyPrefix, lsecmodName, flags,
+        lupdateDir, lupdCertPrefix, lupdKeyPrefix, lupdateID,
+        lupdateName, configStrings ? configStrings : "",
+        isContextInit ? "" : ",defaultModDB,internalKeySlot");
+
+loser:
+    PORT_Free(flags);
+    if (lconfigdir)
+        PORT_Free(lconfigdir);
+    if (lcertPrefix)
+        PORT_Free(lcertPrefix);
+    if (lkeyPrefix)
+        PORT_Free(lkeyPrefix);
+    if (lsecmodName)
+        PORT_Free(lsecmodName);
+    if (lupdateDir)
+        PORT_Free(lupdateDir);
+    if (lupdCertPrefix)
+        PORT_Free(lupdCertPrefix);
+    if (lupdKeyPrefix)
+        PORT_Free(lupdKeyPrefix);
+    if (lupdateID)
+        PORT_Free(lupdateID);
+    if (lupdateName)
+        PORT_Free(lupdateName);
+
+    if (moduleSpec) {
+        module = SECMOD_LoadModule(moduleSpec, NULL, PR_TRUE);
+        PR_smprintf_free(moduleSpec);
+        if (module && !module->loaded) {
+            SECMOD_DestroyModule(module);
+            return NULL;
+        }
+    }
+    return module;
+}
+
+/*
+ * OK there are now lots of options here, lets go through them all:
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ *             "https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ *             "https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * updateDir - used in initMerge, old directory to update from.
+ * updateID - used in initMerge, unique ID to represent the updated directory.
+ * updateName - used in initMerge, token name when updating.
+ * initContextPtr -  used in initContext, pointer to return a unique context
+ *            value.
+ * readOnly - Boolean: true if the databases are to be opened read only.
+ * nocertdb - Don't open the cert DB and key DB's, just initialize the
+ *             Volatile certdb.
+ * nomoddb - Don't open the security module DB, just initialize the
+ *             PKCS #11 module.
+ * forceOpen - Continue to force initializations even if the databases cannot
+ *             be opened.
+ * noRootInit - don't try to automatically load the root cert store if one is
+ *           not found.
+ * optimizeSpace - tell NSS to use fewer hash table buckets.
+ *
+ * The next three options are used in an attempt to share PKCS #11 modules
+ * with other loaded, running libraries. PKCS #11 was not designed with this
+ * sort of sharing in mind, so use of these options may lead to questionable
+ * results. These options are may be incompatible with NSS_LoadContext() calls.
+ *
+ * noSingleThreadedModules - don't load modules that are not thread safe (many
+ *           smart card tokens will not work).
+ * allowAlreadyInitializedModules - if a module has already been loaded and
+ *           initialize try to use it.
+ * don'tFinalizeModules -  dont shutdown modules we may have loaded.
+ */
+
+static PRBool nssIsInitted = PR_FALSE;
+static NSSInitContext *nssInitContextList = NULL;
+
+#ifndef NSS_DISABLE_LIBPKIX
+static void *plContext = NULL;
+#endif /* NSS_DISABLE_LIBPKIX */
+
+struct NSSInitContextStr {
+    NSSInitContext *next;
+    PRUint32 magic;
+};
+
+#define NSS_INIT_MAGIC 0x1413A91C
+static SECStatus nss_InitShutdownList(void);
+
+/* All initialized to zero in BSS */
+static PRCallOnceType nssInitOnce;
+static PZLock *nssInitLock;
+static PZCondVar *nssInitCondition;
+static int nssIsInInit;
+
+static PRStatus
+nss_doLockInit(void)
+{
+    nssInitLock = PZ_NewLock(nssILockOther);
+    if (nssInitLock == NULL) {
+        return PR_FAILURE;
+    }
+    nssInitCondition = PZ_NewCondVar(nssInitLock);
+    if (nssInitCondition == NULL) {
+        return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+}
+
+static SECStatus
+nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
+         const char *secmodName, const char *updateDir,
+         const char *updCertPrefix, const char *updKeyPrefix,
+         const char *updateID, const char *updateName,
+         NSSInitContext **initContextPtr,
+         NSSInitParameters *initParams,
+         PRBool readOnly, PRBool noCertDB,
+         PRBool noModDB, PRBool forceOpen, PRBool noRootInit,
+         PRBool optimizeSpace, PRBool noSingleThreadedModules,
+         PRBool allowAlreadyInitializedModules,
+         PRBool dontFinalizeModules)
+{
+    SECMODModule *parent = NULL;
+#ifndef NSS_DISABLE_LIBPKIX
+    PKIX_UInt32 actualMinorVersion = 0;
+    PKIX_Error *pkixError = NULL;
+#endif /* NSS_DISABLE_LIBPKIX */
+    PRBool isReallyInitted;
+    char *configStrings = NULL;
+    char *configName = NULL;
+    PRBool passwordRequired = PR_FALSE;
+#ifdef POLICY_FILE
+    char *ignoreVar;
+#endif
+
+    /* if we are trying to init with a traditional NSS_Init call, maintain
+     * the traditional idempotent behavior. */
+    if (!initContextPtr && nssIsInitted) {
+        return SECSuccess;
+    }
+
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+        return SECFailure;
+    }
+
+    /*
+     * if we haven't done basic initialization, single thread the
+     * initializations.
+     */
+    PZ_Lock(nssInitLock);
+    isReallyInitted = NSS_IsInitialized();
+    if (!isReallyInitted) {
+        while (!isReallyInitted && nssIsInInit) {
+            PZ_WaitCondVar(nssInitCondition, PR_INTERVAL_NO_TIMEOUT);
+            isReallyInitted = NSS_IsInitialized();
+        }
+        /* once we've completed basic initialization, we can allow more than
+         * one process initialize NSS at a time. */
+    }
+    nssIsInInit++;
+    PZ_Unlock(nssInitLock);
+
+    /* this tells us whether or not some library has already initialized us.
+     * if so, we don't want to double call some of the basic initialization
+     * functions */
+
+    if (!isReallyInitted) {
+#ifdef DEBUG
+        CERTCertificate dummyCert;
+        /* New option bits must not change the size of CERTCertificate. */
+        PORT_Assert(sizeof(dummyCert.options) == sizeof(void *));
+#endif
+
+        if (SECSuccess != cert_InitLocks()) {
+            goto loser;
+        }
+
+        if (SECSuccess != InitCRLCache()) {
+            goto loser;
+        }
+
+        if (SECSuccess != OCSP_InitGlobal()) {
+            goto loser;
+        }
+    }
+
+    if (noSingleThreadedModules || allowAlreadyInitializedModules ||
+        dontFinalizeModules) {
+        pk11_setGlobalOptions(noSingleThreadedModules,
+                              allowAlreadyInitializedModules,
+                              dontFinalizeModules);
+    }
+
+    if (initContextPtr) {
+        *initContextPtr = PORT_ZNew(NSSInitContext);
+        if (*initContextPtr == NULL) {
+            goto loser;
+        }
+        /*
+         * For traditional NSS_Init, we used the PK11_Configure() call to set
+         * globals. with InitContext, we pass those strings in as parameters.
+         *
+         * This allows old NSS_Init calls to work as before, while at the same
+         * time new calls and old calls will not interfere with each other.
+         */
+        if (initParams) {
+            if (initParams->length < sizeof(NSSInitParameters)) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                goto loser;
+            }
+            configStrings = nss_MkConfigString(initParams->manufactureID,
+                                               initParams->libraryDescription,
+                                               initParams->cryptoTokenDescription,
+                                               initParams->dbTokenDescription,
+                                               initParams->cryptoSlotDescription,
+                                               initParams->dbSlotDescription,
+                                               initParams->FIPSSlotDescription,
+                                               initParams->FIPSTokenDescription,
+                                               initParams->minPWLen);
+            if (configStrings == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+            configName = initParams->libraryDescription;
+            passwordRequired = initParams->passwordRequired;
+        }
+
+        /* If we're NSS_ContextInit, we're probably a library. It could be
+         * possible that the application initialized NSS then forked(). The
+         * library would have no knowledge of that. If we call 
+         * SECMOD_RestartModules() here, we will be able to continue on with
+         * NSS as normal. SECMOD_RestartModules() does have the side affect
+         * of losing all our PKCS #11 objects in the new process, but only if
+         * the module needs to be reinited. If it needs to be reinit those
+         * objects are inaccessible anyway, it's always save to call
+         * SECMOD_RestartModules(PR_FALSE).
+         */
+        /* NOTE: We could call SECMOD_Init() here, but if we aren't already
+         * inited, then there's no modules to restart, so SECMOD_RestartModules
+         * will return immediately */
+        SECMOD_RestartModules(PR_FALSE);
+    } else {
+        configStrings = pk11_config_strings;
+        configName = pk11_config_name;
+        passwordRequired = pk11_password_required;
+    }
+
+    /* Skip the module init if we are already initted and we are trying
+     * to init with noCertDB and noModDB */
+    if (!(isReallyInitted && noCertDB && noModDB)) {
+        parent = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName,
+                                 updateDir, updCertPrefix, updKeyPrefix, updateID,
+                                 updateName, configName, configStrings, passwordRequired,
+                                 readOnly, noCertDB, noModDB, forceOpen, optimizeSpace,
+                                 (initContextPtr != NULL));
+
+        if (parent == NULL) {
+            goto loser;
+        }
+    }
+
+    /* finish up initialization */
+    if (!isReallyInitted) {
+        if (SECOID_Init() != SECSuccess) {
+            goto loser;
+        }
+        if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) {
+            goto loser;
+        }
+        if (nss_InitShutdownList() != SECSuccess) {
+            goto loser;
+        }
+        CERT_SetDefaultCertDB((CERTCertDBHandle *)
+                                  STAN_GetDefaultTrustDomain());
+        if ((!noModDB) && (!noCertDB) && (!noRootInit)) {
+            if (!SECMOD_HasRootCerts()) {
+                const char *dbpath = configdir;
+                /* handle supported database modifiers */
+                if (strncmp(dbpath, "sql:", 4) == 0) {
+                    dbpath += 4;
+                } else if (strncmp(dbpath, "dbm:", 4) == 0) {
+                    dbpath += 4;
+                } else if (strncmp(dbpath, "extern:", 7) == 0) {
+                    dbpath += 7;
+                } else if (strncmp(dbpath, "rdb:", 4) == 0) {
+                    /* if rdb: is specified, the configdir isn't really a
+               * path. Skip it */
+                    dbpath = NULL;
+                }
+                if (dbpath) {
+                    nss_FindExternalRoot(dbpath, secmodName);
+                }
+            }
+        }
+#ifdef POLICY_FILE
+        /* Load the system crypto policy file if it exists,
+         * unless the NSS_IGNORE_SYSTEM_POLICY environment
+         * variable has been set to 1. */
+        ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY");
+        if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) {
+            if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
+                SECMODModule *module = SECMOD_LoadModule(
+                    "name=\"Policy File\" "
+                    "parameters=\"configdir='sql:" POLICY_PATH "' "
+                    "secmod='" POLICY_FILE "' "
+                    "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
+                    "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
+                    parent, PR_TRUE);
+                if (module) {
+                    PRBool isLoaded = module->loaded;
+                    SECMOD_DestroyModule(module);
+                    if (!isLoaded) {
+                        goto loser;
+                    }
+                }
+            }
+        }
+#endif
+        pk11sdr_Init();
+        cert_CreateSubjectKeyIDHashTable();
+
+#ifndef NSS_DISABLE_LIBPKIX
+        pkixError = PKIX_Initialize(PKIX_FALSE, PKIX_MAJOR_VERSION, PKIX_MINOR_VERSION,
+                                    PKIX_MINOR_VERSION, &actualMinorVersion, &plContext);
+
+        if (pkixError != NULL) {
+            goto loser;
+        } else {
+            char *ev = PR_GetEnvSecure("NSS_ENABLE_PKIX_VERIFY");
+            if (ev && ev[0]) {
+                CERT_SetUsePKIXForValidation(PR_TRUE);
+            }
+        }
+#endif /* NSS_DISABLE_LIBPKIX */
+    }
+
+    /*
+     * Now mark the appropriate init state. If initContextPtr was passed
+     * in, then return the new context pointer and add it to the
+     * nssInitContextList. Otherwise set the global nss_isInitted flag
+     */
+    PZ_Lock(nssInitLock);
+    if (!initContextPtr) {
+        nssIsInitted = PR_TRUE;
+    } else {
+        (*initContextPtr)->magic = NSS_INIT_MAGIC;
+        (*initContextPtr)->next = nssInitContextList;
+        nssInitContextList = (*initContextPtr);
+    }
+    nssIsInInit--;
+    /* now that we are inited, all waiters can move forward */
+    PZ_NotifyAllCondVar(nssInitCondition);
+    PZ_Unlock(nssInitLock);
+
+    if (initContextPtr && configStrings) {
+        PR_smprintf_free(configStrings);
+    }
+    if (parent) {
+        SECMOD_DestroyModule(parent);
+    }
+
+    return SECSuccess;
+
+loser:
+    if (initContextPtr && *initContextPtr) {
+        PORT_Free(*initContextPtr);
+        *initContextPtr = NULL;
+        if (configStrings) {
+            PR_smprintf_free(configStrings);
+        }
+    }
+    PZ_Lock(nssInitLock);
+    nssIsInInit--;
+    /* We failed to init, allow one to move forward */
+    PZ_NotifyCondVar(nssInitCondition);
+    PZ_Unlock(nssInitLock);
+    if (parent) {
+        SECMOD_DestroyModule(parent);
+    }
+    return SECFailure;
+}
+
+SECStatus
+NSS_Init(const char *configdir)
+{
+    return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL,
+                    NULL, PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE,
+                    PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
+}
+
+SECStatus
+NSS_InitReadWrite(const char *configdir)
+{
+    return nss_Init(configdir, "", "", SECMOD_DB, "", "", "", "", "", NULL,
+                    NULL, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE, PR_FALSE,
+                    PR_TRUE, PR_FALSE, PR_FALSE, PR_FALSE);
+}
+
+/*
+ * OK there are now lots of options here, lets go through them all:
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ *             "https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ *             "https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * flags - change the open options of NSS_Initialize as follows:
+ *   NSS_INIT_READONLY - Open the databases read only.
+ *   NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just
+ *             initialize the volatile certdb.
+ *   NSS_INIT_NOMODDB  - Don't open the security module DB, just
+ *             initialize the      PKCS #11 module.
+ *      NSS_INIT_FORCEOPEN - Continue to force initializations even if the
+ *             databases cannot be opened.
+ *      NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
+ *                      thread-safe, ie. that support locking - either OS
+ *                      locking or NSS-provided locks . If a PKCS#11
+ *                      module isn't thread-safe, don't serialize its
+ *                      calls; just don't load it instead. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example the Java SunPKCS11 provider.
+ *      NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
+ *                      error when loading PKCS#11 modules. This is necessary
+ *                      if another piece of code is using the same PKCS#11
+ *                      modules that NSS is accessing without going through
+ *                      NSS, for example Java SunPKCS11 provider.
+ *      NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
+ *                      PKCS#11 module. This may be necessary in order to
+ *                      ensure continuous operation and proper shutdown
+ *                      sequence if another piece of code is using the same
+ *                      PKCS#11 modules that NSS is accessing without going
+ *                      through NSS, for example Java SunPKCS11 provider.
+ *                      The following limitation applies when this is set :
+ *                      SECMOD_WaitForAnyTokenEvent will not use
+ *                      C_WaitForSlotEvent, in order to prevent the need for
+ *                      C_Finalize. This call will be emulated instead.
+ *      NSS_INIT_RESERVED - Currently has no effect, but may be used in the
+ *                      future to trigger better cooperation between PKCS#11
+ *                      modules used by both NSS and the Java SunPKCS11
+ *                      provider. This should occur after a new flag is defined
+ *                      for C_Initialize by the PKCS#11 working group.
+ *      NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
+ *                      use both NSS and the Java SunPKCS11 provider.
+ */
+SECStatus
+NSS_Initialize(const char *configdir, const char *certPrefix,
+               const char *keyPrefix, const char *secmodName, PRUint32 flags)
+{
+    return nss_Init(configdir, certPrefix, keyPrefix, secmodName,
+                    "", "", "", "", "", NULL, NULL,
+                    ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY),
+                    ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB),
+                    ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB),
+                    ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN),
+                    ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT),
+                    ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE),
+                    ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE),
+                    ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD),
+                    ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE));
+}
+
+NSSInitContext *
+NSS_InitContext(const char *configdir, const char *certPrefix,
+                const char *keyPrefix, const char *secmodName,
+                NSSInitParameters *initParams, PRUint32 flags)
+{
+    SECStatus rv;
+    NSSInitContext *context;
+
+    rv = nss_Init(configdir, certPrefix, keyPrefix, secmodName,
+                  "", "", "", "", "", &context, initParams,
+                  ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY),
+                  ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB),
+                  ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB),
+                  ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN), PR_TRUE,
+                  ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE),
+                  ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE),
+                  ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD),
+                  ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE));
+    return (rv == SECSuccess) ? context : NULL;
+}
+
+SECStatus
+NSS_InitWithMerge(const char *configdir, const char *certPrefix,
+                  const char *keyPrefix, const char *secmodName,
+                  const char *updateDir, const char *updCertPrefix,
+                  const char *updKeyPrefix, const char *updateID,
+                  const char *updateName, PRUint32 flags)
+{
+    return nss_Init(configdir, certPrefix, keyPrefix, secmodName,
+                    updateDir, updCertPrefix, updKeyPrefix, updateID, updateName,
+                    NULL, NULL,
+                    ((flags & NSS_INIT_READONLY) == NSS_INIT_READONLY),
+                    ((flags & NSS_INIT_NOCERTDB) == NSS_INIT_NOCERTDB),
+                    ((flags & NSS_INIT_NOMODDB) == NSS_INIT_NOMODDB),
+                    ((flags & NSS_INIT_FORCEOPEN) == NSS_INIT_FORCEOPEN),
+                    ((flags & NSS_INIT_NOROOTINIT) == NSS_INIT_NOROOTINIT),
+                    ((flags & NSS_INIT_OPTIMIZESPACE) == NSS_INIT_OPTIMIZESPACE),
+                    ((flags & NSS_INIT_PK11THREADSAFE) == NSS_INIT_PK11THREADSAFE),
+                    ((flags & NSS_INIT_PK11RELOAD) == NSS_INIT_PK11RELOAD),
+                    ((flags & NSS_INIT_NOPK11FINALIZE) == NSS_INIT_NOPK11FINALIZE));
+}
+
+/*
+ * initialize NSS without a creating cert db's, key db's, or secmod db's.
+ */
+SECStatus
+NSS_NoDB_Init(const char *configdir)
+{
+    return nss_Init("", "", "", "", "", "", "", "", "", NULL, NULL,
+                    PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE, PR_TRUE,
+                    PR_FALSE, PR_FALSE, PR_FALSE);
+}
+
+#define NSS_SHUTDOWN_STEP 10
+
+struct NSSShutdownFuncPair {
+    NSS_ShutdownFunc func;
+    void *appData;
+};
+
+static struct NSSShutdownListStr {
+    PZLock *lock;
+    int allocatedFuncs;
+    int peakFuncs;
+    struct NSSShutdownFuncPair *funcs;
+} nssShutdownList = { 0 };
+
+/*
+ * find and existing shutdown function
+ */
+static int
+nss_GetShutdownEntry(NSS_ShutdownFunc sFunc, void *appData)
+{
+    int count, i;
+    count = nssShutdownList.peakFuncs;
+
+    for (i = 0; i < count; i++) {
+        if ((nssShutdownList.funcs[i].func == sFunc) &&
+            (nssShutdownList.funcs[i].appData == appData)) {
+            return i;
+        }
+    }
+    return -1;
+}
+
+/*
+ * register a callback to be called when NSS shuts down
+ */
+SECStatus
+NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
+{
+    int i;
+
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+        return SECFailure;
+    }
+
+    PZ_Lock(nssInitLock);
+    if (!NSS_IsInitialized()) {
+        PZ_Unlock(nssInitLock);
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+    PZ_Unlock(nssInitLock);
+    if (sFunc == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    PORT_Assert(nssShutdownList.lock);
+    PZ_Lock(nssShutdownList.lock);
+
+    /* make sure we don't have a duplicate */
+    i = nss_GetShutdownEntry(sFunc, appData);
+    if (i >= 0) {
+        PZ_Unlock(nssShutdownList.lock);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    /* find an empty slot */
+    i = nss_GetShutdownEntry(NULL, NULL);
+    if (i >= 0) {
+        nssShutdownList.funcs[i].func = sFunc;
+        nssShutdownList.funcs[i].appData = appData;
+        PZ_Unlock(nssShutdownList.lock);
+        return SECSuccess;
+    }
+    if (nssShutdownList.allocatedFuncs == nssShutdownList.peakFuncs) {
+        struct NSSShutdownFuncPair *funcs =
+            (struct NSSShutdownFuncPair *)PORT_Realloc(nssShutdownList.funcs,
+                                                       (nssShutdownList.allocatedFuncs + NSS_SHUTDOWN_STEP) * sizeof(struct NSSShutdownFuncPair));
+        if (!funcs) {
+            PZ_Unlock(nssShutdownList.lock);
+            return SECFailure;
+        }
+        nssShutdownList.funcs = funcs;
+        nssShutdownList.allocatedFuncs += NSS_SHUTDOWN_STEP;
+    }
+    nssShutdownList.funcs[nssShutdownList.peakFuncs].func = sFunc;
+    nssShutdownList.funcs[nssShutdownList.peakFuncs].appData = appData;
+    nssShutdownList.peakFuncs++;
+    PZ_Unlock(nssShutdownList.lock);
+    return SECSuccess;
+}
+
+/*
+ * unregister a callback so it won't get called on shutdown.
+ */
+SECStatus
+NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData)
+{
+    int i;
+
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+        return SECFailure;
+    }
+    PZ_Lock(nssInitLock);
+    if (!NSS_IsInitialized()) {
+        PZ_Unlock(nssInitLock);
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+    PZ_Unlock(nssInitLock);
+
+    PORT_Assert(nssShutdownList.lock);
+    PZ_Lock(nssShutdownList.lock);
+    i = nss_GetShutdownEntry(sFunc, appData);
+    if (i >= 0) {
+        nssShutdownList.funcs[i].func = NULL;
+        nssShutdownList.funcs[i].appData = NULL;
+    }
+    PZ_Unlock(nssShutdownList.lock);
+
+    if (i < 0) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * bring up and shutdown the shutdown list
+ */
+static SECStatus
+nss_InitShutdownList(void)
+{
+    if (nssShutdownList.lock != NULL) {
+        return SECSuccess;
+    }
+    nssShutdownList.lock = PZ_NewLock(nssILockOther);
+    if (nssShutdownList.lock == NULL) {
+        return SECFailure;
+    }
+    nssShutdownList.funcs = PORT_ZNewArray(struct NSSShutdownFuncPair,
+                                           NSS_SHUTDOWN_STEP);
+    if (nssShutdownList.funcs == NULL) {
+        PZ_DestroyLock(nssShutdownList.lock);
+        nssShutdownList.lock = NULL;
+        return SECFailure;
+    }
+    nssShutdownList.allocatedFuncs = NSS_SHUTDOWN_STEP;
+    nssShutdownList.peakFuncs = 0;
+
+    return SECSuccess;
+}
+
+static SECStatus
+nss_ShutdownShutdownList(void)
+{
+    SECStatus rv = SECSuccess;
+    int i;
+
+    /* call all the registerd functions first */
+    for (i = 0; i < nssShutdownList.peakFuncs; i++) {
+        struct NSSShutdownFuncPair *funcPair = &nssShutdownList.funcs[i];
+        if (funcPair->func) {
+            if ((*funcPair->func)(funcPair->appData, NULL) != SECSuccess) {
+                rv = SECFailure;
+            }
+        }
+    }
+
+    nssShutdownList.peakFuncs = 0;
+    nssShutdownList.allocatedFuncs = 0;
+    PORT_Free(nssShutdownList.funcs);
+    nssShutdownList.funcs = NULL;
+    if (nssShutdownList.lock) {
+        PZ_DestroyLock(nssShutdownList.lock);
+    }
+    nssShutdownList.lock = NULL;
+    return rv;
+}
+
+extern const NSSError NSS_ERROR_BUSY;
+
+SECStatus
+nss_Shutdown(void)
+{
+    SECStatus shutdownRV = SECSuccess;
+    SECStatus rv;
+    PRStatus status;
+    NSSInitContext *temp;
+
+    rv = nss_ShutdownShutdownList();
+    if (rv != SECSuccess) {
+        shutdownRV = SECFailure;
+    }
+    cert_DestroyLocks();
+    ShutdownCRLCache();
+    OCSP_ShutdownGlobal();
+#ifndef NSS_DISABLE_LIBPKIX
+    PKIX_Shutdown(plContext);
+#endif /* NSS_DISABLE_LIBPKIX */
+    SECOID_Shutdown();
+    status = STAN_Shutdown();
+    cert_DestroySubjectKeyIDHashTable();
+    pk11_SetInternalKeySlot(NULL);
+    rv = SECMOD_Shutdown();
+    if (rv != SECSuccess) {
+        shutdownRV = SECFailure;
+    }
+    pk11sdr_Shutdown();
+    nssArena_Shutdown();
+    if (status == PR_FAILURE) {
+        if (NSS_GetError() == NSS_ERROR_BUSY) {
+            PORT_SetError(SEC_ERROR_BUSY);
+        }
+        shutdownRV = SECFailure;
+    }
+    /*
+     * A thread's error stack is automatically destroyed when the thread
+     * terminates, except for the primordial thread, whose error stack is
+     * destroyed by PR_Cleanup.  Since NSS is usually shut down by the
+     * primordial thread and many NSS-based apps don't call PR_Cleanup,
+     * we destroy the calling thread's error stack here. This must be
+     * done after any NSS_GetError call, otherwise NSS_GetError will
+     * create the error stack again.
+     */
+    nss_DestroyErrorStack();
+    nssIsInitted = PR_FALSE;
+    temp = nssInitContextList;
+    nssInitContextList = NULL;
+    /* free the old list. This is necessary when we are called from
+     * NSS_Shutdown(). */
+    while (temp) {
+        NSSInitContext *next = temp->next;
+        temp->magic = 0;
+        PORT_Free(temp);
+        temp = next;
+    }
+    return shutdownRV;
+}
+
+SECStatus
+NSS_Shutdown(void)
+{
+    SECStatus rv;
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+        return SECFailure;
+    }
+    PZ_Lock(nssInitLock);
+
+    if (!nssIsInitted) {
+        PZ_Unlock(nssInitLock);
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+
+    /* If one or more threads are in the middle of init, wait for them
+     * to complete */
+    while (nssIsInInit) {
+        PZ_WaitCondVar(nssInitCondition, PR_INTERVAL_NO_TIMEOUT);
+    }
+    rv = nss_Shutdown();
+    PZ_Unlock(nssInitLock);
+    return rv;
+}
+
+/*
+ * remove the context from a list. return true if found, false if not
+ */
+PRBool
+nss_RemoveList(NSSInitContext *context)
+{
+    NSSInitContext *this = nssInitContextList;
+    NSSInitContext **last = &nssInitContextList;
+
+    while (this) {
+        if (this == context) {
+            *last = this->next;
+            this->magic = 0;
+            PORT_Free(this);
+            return PR_TRUE;
+        }
+        last = &this->next;
+        this = this->next;
+    }
+    return PR_FALSE;
+}
+
+/*
+ * This form of shutdown is safe in the case where we may have multiple
+ * entities using NSS in a single process. Each entity calls shutdown with
+ * it's own context. The application (which doesn't get a context), calls
+ * shutdown with NULL. Once all users have 'checked in' NSS will shutdown.
+ * This is different than NSS_Shutdown, where calling it will shutdown NSS
+ * irreguardless of who else may have NSS open.
+ */
+SECStatus
+NSS_ShutdownContext(NSSInitContext *context)
+{
+    SECStatus rv = SECSuccess;
+
+    /* make sure our lock and condition variable are initialized one and only
+     * one time */
+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
+        return SECFailure;
+    }
+    PZ_Lock(nssInitLock);
+    /* If one or more threads are in the middle of init, wait for them
+     * to complete */
+    while (nssIsInInit) {
+        PZ_WaitCondVar(nssInitCondition, PR_INTERVAL_NO_TIMEOUT);
+    }
+
+    /* OK, we are the only thread now either initializing or shutting down */
+
+    if (!context) {
+        if (!nssIsInitted) {
+            PZ_Unlock(nssInitLock);
+            PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+            return SECFailure;
+        }
+        nssIsInitted = 0;
+    } else if (!nss_RemoveList(context)) {
+        PZ_Unlock(nssInitLock);
+        /* context was already freed or wasn't valid */
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+    if ((nssIsInitted == 0) && (nssInitContextList == NULL)) {
+        rv = nss_Shutdown();
+    }
+
+    /* NOTE: we don't try to free the nssInitLocks to prevent races against
+     * the locks. There may be a thread, right now, waiting in NSS_Init for us
+     * to free the lock below. If we delete the locks, bad things would happen
+     * to that thread */
+    PZ_Unlock(nssInitLock);
+
+    return rv;
+}
+
+PRBool
+NSS_IsInitialized(void)
+{
+    return (nssIsInitted) || (nssInitContextList != NULL);
+}
+
+extern const char __nss_base_version[];
+
+PRBool
+NSS_VersionCheck(const char *importedVersion)
+{
+    /*
+     * This is the secret handshake algorithm.
+     *
+     * This release has a simple version compatibility
+     * check algorithm.  This release is not backward
+     * compatible with previous major releases.  It is
+     * not compatible with future major, minor, or
+     * patch releases or builds.
+     */
+    int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0;
+    const char *ptr = importedVersion;
+#define NSS_VERSION_VARIABLE __nss_base_version
+#include "verref.h"
+
+    while (isdigit(*ptr)) {
+        vmajor = 10 * vmajor + *ptr - '0';
+        ptr++;
+    }
+    if (*ptr == '.') {
+        ptr++;
+        while (isdigit(*ptr)) {
+            vminor = 10 * vminor + *ptr - '0';
+            ptr++;
+        }
+        if (*ptr == '.') {
+            ptr++;
+            while (isdigit(*ptr)) {
+                vpatch = 10 * vpatch + *ptr - '0';
+                ptr++;
+            }
+            if (*ptr == '.') {
+                ptr++;
+                while (isdigit(*ptr)) {
+                    vbuild = 10 * vbuild + *ptr - '0';
+                    ptr++;
+                }
+            }
+        }
+    }
+
+    if (vmajor != NSS_VMAJOR) {
+        return PR_FALSE;
+    }
+    if (vmajor == NSS_VMAJOR && vminor > NSS_VMINOR) {
+        return PR_FALSE;
+    }
+    if (vmajor == NSS_VMAJOR && vminor == NSS_VMINOR && vpatch > NSS_VPATCH) {
+        return PR_FALSE;
+    }
+    if (vmajor == NSS_VMAJOR && vminor == NSS_VMINOR &&
+        vpatch == NSS_VPATCH && vbuild > NSS_VBUILD) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+const char *
+NSS_GetVersion(void)
+{
+    return NSS_VERSION;
+}
diff --git a/nss/lib/nss/nssoptions.c b/nss/lib/nss/nssoptions.c
new file mode 100644
index 0000000..fc97d62
--- /dev/null
+++ b/nss/lib/nss/nssoptions.c
@@ -0,0 +1,104 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <ctype.h>
+#include <string.h>
+#include <assert.h>
+
+#include "seccomon.h"
+#include "secoidt.h"
+#include "secoid.h"
+#include "nss.h"
+#include "nssoptions.h"
+
+struct nssOps {
+    PRInt32 rsaMinKeySize;
+    PRInt32 dhMinKeySize;
+    PRInt32 dsaMinKeySize;
+    PRInt32 tlsVersionMinPolicy;
+    PRInt32 tlsVersionMaxPolicy;
+    PRInt32 dtlsVersionMinPolicy;
+    PRInt32 dtlsVersionMaxPolicy;
+};
+
+static struct nssOps nss_ops = {
+    SSL_RSA_MIN_MODULUS_BITS,
+    SSL_DH_MIN_P_BITS,
+    SSL_DSA_MIN_P_BITS,
+    1,      /* Set TLS min to less the the smallest legal SSL value */
+    0xffff, /* set TLS max to more than the largest legal SSL value */
+    1,
+    0xffff,
+};
+
+SECStatus
+NSS_OptionSet(PRInt32 which, PRInt32 value)
+{
+    SECStatus rv = SECSuccess;
+
+    switch (which) {
+        case NSS_RSA_MIN_KEY_SIZE:
+            nss_ops.rsaMinKeySize = value;
+            break;
+        case NSS_DH_MIN_KEY_SIZE:
+            nss_ops.dhMinKeySize = value;
+            break;
+        case NSS_DSA_MIN_KEY_SIZE:
+            nss_ops.dsaMinKeySize = value;
+            break;
+        case NSS_TLS_VERSION_MIN_POLICY:
+            nss_ops.tlsVersionMinPolicy = value;
+            break;
+        case NSS_TLS_VERSION_MAX_POLICY:
+            nss_ops.tlsVersionMaxPolicy = value;
+            break;
+        case NSS_DTLS_VERSION_MIN_POLICY:
+            nss_ops.dtlsVersionMinPolicy = value;
+            break;
+        case NSS_DTLS_VERSION_MAX_POLICY:
+            nss_ops.dtlsVersionMaxPolicy = value;
+            break;
+        default:
+            rv = SECFailure;
+    }
+
+    return rv;
+}
+
+SECStatus
+NSS_OptionGet(PRInt32 which, PRInt32 *value)
+{
+    SECStatus rv = SECSuccess;
+
+    switch (which) {
+        case NSS_RSA_MIN_KEY_SIZE:
+            *value = nss_ops.rsaMinKeySize;
+            break;
+        case NSS_DH_MIN_KEY_SIZE:
+            *value = nss_ops.dhMinKeySize;
+            break;
+        case NSS_DSA_MIN_KEY_SIZE:
+            *value = nss_ops.dsaMinKeySize;
+            break;
+        case NSS_TLS_VERSION_MIN_POLICY:
+            *value = nss_ops.tlsVersionMinPolicy;
+            break;
+        case NSS_TLS_VERSION_MAX_POLICY:
+            *value = nss_ops.tlsVersionMaxPolicy;
+            break;
+        case NSS_DTLS_VERSION_MIN_POLICY:
+            *value = nss_ops.dtlsVersionMinPolicy;
+            break;
+        case NSS_DTLS_VERSION_MAX_POLICY:
+            *value = nss_ops.dtlsVersionMaxPolicy;
+            break;
+        default:
+            rv = SECFailure;
+    }
+
+    return rv;
+}
diff --git a/nss/lib/nss/nssoptions.h b/nss/lib/nss/nssoptions.h
new file mode 100644
index 0000000..024c1e9
--- /dev/null
+++ b/nss/lib/nss/nssoptions.h
@@ -0,0 +1,20 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ *  Include the default limits here
+ */
+/* SSL default limits are here so we don't have to import a private SSL header
+ * file into NSS proper */
+
+/* The minimum server key sizes accepted by the clients.
+ * Not 1024 to be conservative. */
+#define SSL_RSA_MIN_MODULUS_BITS 1023
+/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
+ * only 1023 bits and similar.  We don't have good data on whether this
+ * happens because NSS used to count bit lengths incorrectly. */
+#define SSL_DH_MIN_P_BITS 1023
+#define SSL_DSA_MIN_P_BITS 1023
diff --git a/nss/lib/nss/nssrenam.h b/nss/lib/nss/nssrenam.h
new file mode 100644
index 0000000..17f072c
--- /dev/null
+++ b/nss/lib/nss/nssrenam.h
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __nssrenam_h_
+#define __nssrenam_h_
+
+#define CERT_AddTempCertToPerm __CERT_AddTempCertToPerm
+#define PK11_CreateContextByRawKey __PK11_CreateContextByRawKey
+#define CERT_ClosePermCertDB __CERT_ClosePermCertDB
+#define CERT_DecodeDERCertificate __CERT_DecodeDERCertificate
+#define CERT_TraversePermCertsForNickname __CERT_TraversePermCertsForNickname
+#define CERT_TraversePermCertsForSubject __CERT_TraversePermCertsForSubject
+
+#endif /* __nssrenam_h_ */
diff --git a/nss/lib/nss/nssver.c b/nss/lib/nss/nssver.c
new file mode 100644
index 0000000..653ebec
--- /dev/null
+++ b/nss/lib/nss/nssver.c
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Library identity and versioning */
+
+#include "nss.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_base_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING;
diff --git a/nss/lib/nss/pkixpriv.def b/nss/lib/nss/pkixpriv.def
new file mode 100644
index 0000000..440e6d9
--- /dev/null
+++ b/nss/lib/nss/pkixpriv.def
@@ -0,0 +1,322 @@
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+;+LIBPKIXprivate {
+;+    global:
+;+# libpkix functions
+;+# May not become part of the NSS public API. Needed for unit testing for now.
+NSS_Get_PKIX_PL_LDAPMessageTemplate;
+PKIX_PL_LDAPMessageTemplate;
+PKIX_ALLOC_ERROR;
+PKIX_BuildChain;
+pkix_BuildResult_Create;
+PKIX_BuildResult_GetCertChain;
+PKIX_BuildResult_GetValidateResult;
+PKIX_CertChainChecker_Create;
+PKIX_CertChainChecker_GetCertChainCheckerState;
+PKIX_CertChainChecker_GetCheckCallback;
+PKIX_CertChainChecker_GetSupportedExtensions;
+PKIX_CertChainChecker_IsForwardCheckingSupported;
+PKIX_CertChainChecker_IsForwardDirectionExpected;
+PKIX_CertChainChecker_SetCertChainCheckerState;
+PKIX_CertSelector_Create;
+PKIX_CertSelector_GetCertSelectorContext;
+PKIX_CertSelector_GetCommonCertSelectorParams;
+PKIX_CertSelector_GetMatchCallback;
+PKIX_CertSelector_SetCommonCertSelectorParams;
+PKIX_CertStore_CertContinue;
+PKIX_CertStore_Create;
+PKIX_CertStore_CrlContinue;
+PKIX_CertStore_GetCertCallback;
+PKIX_CertStore_GetCertStoreContext;
+PKIX_CertStore_GetCRLCallback;
+PKIX_CertStore_GetTrustCallback;
+pkix_CheckType;
+PKIX_ComCertSelParams_AddPathToName;
+PKIX_ComCertSelParams_AddSubjAltName;
+PKIX_ComCertSelParams_Create;
+PKIX_ComCertSelParams_GetAuthorityKeyIdentifier;
+PKIX_ComCertSelParams_GetBasicConstraints;
+PKIX_ComCertSelParams_GetCertificate;
+PKIX_ComCertSelParams_GetCertificateValid;
+PKIX_ComCertSelParams_GetExtendedKeyUsage;
+PKIX_ComCertSelParams_GetIssuer;
+PKIX_ComCertSelParams_GetKeyUsage;
+PKIX_ComCertSelParams_GetMatchAllSubjAltNames;
+PKIX_ComCertSelParams_GetNameConstraints;
+PKIX_ComCertSelParams_GetPathToNames;
+PKIX_ComCertSelParams_GetPolicy;
+PKIX_ComCertSelParams_GetSerialNumber;
+PKIX_ComCertSelParams_GetSubjAltNames;
+PKIX_ComCertSelParams_GetSubject;
+PKIX_ComCertSelParams_GetSubjKeyIdentifier;
+PKIX_ComCertSelParams_GetSubjPKAlgId;
+PKIX_ComCertSelParams_GetSubjPubKey;
+PKIX_ComCertSelParams_GetVersion;
+PKIX_ComCertSelParams_SetAuthorityKeyIdentifier;
+PKIX_ComCertSelParams_SetBasicConstraints;
+PKIX_ComCertSelParams_SetCertificate;
+PKIX_ComCertSelParams_SetCertificateValid;
+PKIX_ComCertSelParams_SetExtendedKeyUsage;
+PKIX_ComCertSelParams_SetIssuer;
+PKIX_ComCertSelParams_SetKeyUsage;
+PKIX_ComCertSelParams_SetMatchAllSubjAltNames;
+PKIX_ComCertSelParams_SetNameConstraints;
+PKIX_ComCertSelParams_SetPathToNames;
+PKIX_ComCertSelParams_SetPolicy;
+PKIX_ComCertSelParams_SetSerialNumber;
+PKIX_ComCertSelParams_SetSubjAltNames;
+PKIX_ComCertSelParams_SetSubject;
+PKIX_ComCertSelParams_SetSubjKeyIdentifier;
+PKIX_ComCertSelParams_SetSubjPKAlgId;
+PKIX_ComCertSelParams_SetSubjPubKey;
+PKIX_ComCertSelParams_SetVersion;
+PKIX_ComCRLSelParams_AddIssuerName;
+PKIX_ComCRLSelParams_Create;
+PKIX_ComCRLSelParams_GetCertificateChecking;
+PKIX_ComCRLSelParams_GetDateAndTime;
+PKIX_ComCRLSelParams_GetIssuerNames;
+PKIX_ComCRLSelParams_GetMaxCRLNumber;
+PKIX_ComCRLSelParams_GetMinCRLNumber;
+PKIX_ComCRLSelParams_SetCertificateChecking;
+PKIX_ComCRLSelParams_SetDateAndTime;
+PKIX_ComCRLSelParams_SetIssuerNames;
+PKIX_ComCRLSelParams_SetMaxCRLNumber;
+PKIX_ComCRLSelParams_SetMinCRLNumber;
+PKIX_CRLSelector_Create;
+PKIX_CRLSelector_GetCommonCRLSelectorParams;
+PKIX_CRLSelector_GetCRLSelectorContext;
+PKIX_CRLSelector_GetMatchCallback;
+PKIX_CRLSelector_SetCommonCRLSelectorParams;
+pkix_DefaultRevChecker_Initialize;
+PKIX_Error_Create;
+PKIX_Error_GetCause;
+PKIX_Error_GetDescription;
+PKIX_Error_GetErrorClass;
+PKIX_Error_GetSupplementaryInfo;
+PKIX_ERRORCLASSNAMES DATA ;
+PKIX_Initialize;
+PKIX_Initialize_SetConfigDir;
+PKIX_List_AppendItem;
+PKIX_List_Create;
+PKIX_List_DeleteItem;
+PKIX_List_GetItem;
+PKIX_List_GetLength;
+PKIX_List_InsertItem;
+PKIX_List_IsEmpty;
+PKIX_List_IsImmutable;
+PKIX_List_ReverseList;
+PKIX_List_SetImmutable;
+PKIX_List_SetItem;
+PKIX_AddLogger;
+PKIX_GetLoggers;
+PKIX_SetLoggers;
+PKIX_Logger_Create;
+PKIX_Logger_GetLoggerContext;
+PKIX_Logger_GetLoggingComponent;
+PKIX_Logger_GetLogCallback;
+PKIX_Logger_GetMaxLoggingLevel;
+PKIX_Logger_SetLoggingComponent;
+PKIX_Logger_SetMaxLoggingLevel;
+PKIX_OcspChecker_Initialize;
+PKIX_OcspChecker_SetOCSPResponder;
+PKIX_OcspChecker_SetPasswordInfo;
+PKIX_OcspChecker_SetVerifyFcn;
+PKIX_PL_AcquireReaderLock;
+PKIX_PL_AcquireWriterLock;
+PKIX_PL_BasicConstraints_GetCAFlag;
+PKIX_PL_BasicConstraints_GetPathLenConstraint;
+PKIX_PL_BigInt_Create;
+PKIX_PL_ByteArray_Create;
+PKIX_PL_ByteArray_GetLength;
+PKIX_PL_ByteArray_GetPointer;
+PKIX_PL_Cert_AreCertPoliciesCritical;
+PKIX_PL_Cert_CheckNameConstraints;
+PKIX_PL_Cert_CheckValidity;
+PKIX_PL_Cert_Create;
+pkix_pl_Cert_CreateToList;
+pkix_pl_Cert_CreateWithNSSCert;
+PKIX_PL_Cert_GetAuthorityInfoAccess;
+PKIX_PL_Cert_GetAuthorityKeyIdentifier;
+PKIX_PL_Cert_GetBasicConstraints;
+PKIX_PL_Cert_GetCriticalExtensionOIDs;
+PKIX_PL_Cert_GetExtendedKeyUsage;
+PKIX_PL_Cert_GetInhibitAnyPolicy;
+PKIX_PL_Cert_GetIssuer;
+PKIX_PL_Cert_GetNameConstraints;
+PKIX_PL_Cert_GetPolicyInformation;
+PKIX_PL_Cert_GetPolicyMappingInhibited;
+PKIX_PL_Cert_GetPolicyMappings;
+PKIX_PL_Cert_GetRequireExplicitPolicy;
+PKIX_PL_Cert_GetSerialNumber;
+PKIX_PL_Cert_GetSubject;
+PKIX_PL_Cert_GetSubjectAltNames;
+PKIX_PL_Cert_GetSubjectInfoAccess;
+PKIX_PL_Cert_GetSubjectKeyIdentifier;
+PKIX_PL_Cert_GetSubjectPublicKey;
+PKIX_PL_Cert_GetSubjectPublicKeyAlgId;
+PKIX_PL_Cert_GetVersion;
+PKIX_PL_Cert_IsCertTrusted;
+PKIX_PL_Cert_MergeNameConstraints;
+PKIX_PL_Cert_VerifyKeyUsage;
+PKIX_PL_Cert_VerifySignature;
+PKIX_PL_CertPolicyInfo_GetPolicyId;
+PKIX_PL_CertPolicyInfo_GetPolQualifiers;
+PKIX_PL_CertPolicyMap_GetIssuerDomainPolicy;
+PKIX_PL_CertPolicyMap_GetSubjectDomainPolicy;
+PKIX_PL_CollectionCertStore_Create;
+PKIX_PL_CRL_Create;
+pkix_pl_CRL_CreateToList;
+PKIX_PL_CRL_GetCriticalExtensionOIDs;
+PKIX_PL_CRL_GetCRLEntryForSerialNumber;
+PKIX_PL_CRL_GetIssuer;
+PKIX_PL_CRL_VerifySignature;
+PKIX_PL_CRLEntry_GetCriticalExtensionOIDs;
+PKIX_PL_CRLEntry_GetCRLEntryReasonCode;
+PKIX_PL_Date_Create_UTCTime;
+pkix_pl_Date_CreateFromPRTime;
+pkix_pl_Date_GetPRTime;
+PKIX_PL_EkuChecker_Initialize;
+PKIX_PL_Free;
+PKIX_PL_GeneralName_Create;
+PKIX_PL_GetString;
+PKIX_PL_HashTable_Add;
+PKIX_PL_HashTable_Create;
+PKIX_PL_HashTable_Lookup;
+PKIX_PL_HashTable_Remove;
+PKIX_PL_HttpCertStore_Create;
+pkix_pl_HttpCertStore_CreateWithAsciiName;
+PKIX_PL_Initialize;
+PKIX_PL_InfoAccess_GetMethod;
+PKIX_PL_InfoAccess_GetLocation;
+PKIX_PL_InfoAccess_GetLocationType;
+PKIX_PL_LdapCertStore_Create;
+PKIX_PL_LdapClient_InitiateRequest;
+PKIX_PL_LdapClient_ResumeRequest;
+PKIX_PL_LdapDefaultClient_AbandonRequest;
+PKIX_PL_LdapDefaultClient_Create;
+PKIX_PL_LdapDefaultClient_CreateByName;
+pkix_pl_LdapResponse_Create;
+PKIX_PL_Malloc;
+PKIX_PL_Memcpy;
+PKIX_PL_MonitorLock_Create;
+PKIX_PL_MonitorLock_Enter;
+PKIX_PL_MonitorLock_Exit;
+PKIX_PL_Mutex_Create;
+PKIX_PL_Mutex_Lock;
+PKIX_PL_Mutex_Unlock;
+PKIX_PL_NssContext_Create;
+PKIX_PL_Object_Alloc;
+PKIX_PL_Object_Compare;
+PKIX_PL_Object_DecRef;
+PKIX_PL_Object_Duplicate;
+PKIX_PL_Object_Equals;
+PKIX_PL_Object_GetType;
+PKIX_PL_Object_Hashcode;
+PKIX_PL_Object_IncRef;
+PKIX_PL_Object_IsTypeRegistered;
+PKIX_PL_Object_Lock;
+PKIX_PL_Object_RegisterType;
+PKIX_PL_Object_ToString;
+PKIX_PL_Object_Unlock;
+PKIX_PL_OID_Create;
+pkix_pl_OcspRequest_Create;
+pkix_pl_OcspResponse_Create;
+pkix_pl_OcspResponse_Decode;
+pkix_pl_OcspResponse_GetStatus;
+pkix_pl_OcspResponse_GetStatusForCert;
+PKIX_PL_OcspResponse_UseBuildChain;
+pkix_pl_OcspResponse_VerifySignature;
+PKIX_PL_Pk11CertStore_Create;
+PKIX_PL_PolicyQualifier_GetPolicyQualifierId;
+PKIX_PL_PolicyQualifier_GetQualifier;
+PKIX_PL_PublicKey_MakeInheritedDSAPublicKey;
+PKIX_PL_PublicKey_NeedsDSAParameters;
+PKIX_PL_Realloc;
+PKIX_PL_ReleaseReaderLock;
+PKIX_PL_ReleaseWriterLock;
+PKIX_PL_RWLock_Create;
+PKIX_PL_Shutdown;
+pkix_pl_Socket_Create;
+pkix_pl_Socket_CreateByName;
+pkix_pl_Socket_GetCallbackList;
+PKIX_PL_Sprintf;
+PKIX_PL_String_Create;
+PKIX_PL_String_GetEncoded;
+PKIX_PL_X500Name_Create;
+pkix_pl_X500Name_GetCommonName;
+pkix_pl_X500Name_GetCountryName;
+pkix_pl_X500Name_GetOrgName;
+PKIX_PL_X500Name_Match;
+pkix_PolicyNode_AddToParent;
+pkix_PolicyNode_Create;
+PKIX_PolicyNode_GetChildren;
+PKIX_PolicyNode_GetDepth;
+PKIX_PolicyNode_GetExpectedPolicies;
+PKIX_PolicyNode_GetParent;
+PKIX_PolicyNode_GetPolicyQualifiers;
+PKIX_PolicyNode_GetValidPolicy;
+PKIX_PolicyNode_IsCritical;
+pkix_PolicyNode_Prune;
+PKIX_ProcessingParams_AddCertChainChecker;
+PKIX_ProcessingParams_AddCertStore;
+PKIX_ProcessingParams_AddRevocationChecker;
+PKIX_ProcessingParams_Create;
+PKIX_ProcessingParams_GetCertChainCheckers;
+PKIX_ProcessingParams_GetCertStores;
+PKIX_ProcessingParams_GetDate;
+PKIX_ProcessingParams_GetHintCerts;
+PKIX_ProcessingParams_GetInitialPolicies;
+PKIX_ProcessingParams_GetPolicyQualifiersRejected;
+PKIX_ProcessingParams_GetResourceLimits;
+PKIX_ProcessingParams_GetRevocationCheckers;
+PKIX_ProcessingParams_GetTargetCertConstraints;
+PKIX_ProcessingParams_GetTrustAnchors;
+PKIX_ProcessingParams_IsAnyPolicyInhibited;
+PKIX_ProcessingParams_IsCRLRevocationCheckingEnabled;
+PKIX_ProcessingParams_IsExplicitPolicyRequired;
+PKIX_ProcessingParams_IsPolicyMappingInhibited;
+PKIX_ProcessingParams_SetAnyPolicyInhibited;
+PKIX_ProcessingParams_SetCertChainCheckers;
+PKIX_ProcessingParams_SetCertStores;
+PKIX_ProcessingParams_SetDate;
+PKIX_ProcessingParams_SetExplicitPolicyRequired;
+PKIX_ProcessingParams_SetHintCerts;
+PKIX_ProcessingParams_SetInitialPolicies;
+PKIX_ProcessingParams_SetPolicyMappingInhibited;
+PKIX_ProcessingParams_SetPolicyQualifiersRejected;
+PKIX_ProcessingParams_SetResourceLimits;
+PKIX_ProcessingParams_SetRevocationCheckers;
+PKIX_ProcessingParams_SetRevocationEnabled;
+PKIX_ProcessingParams_SetTargetCertConstraints;
+PKIX_RevocationChecker_Create;
+PKIX_RevocationChecker_GetRevCallback;
+PKIX_RevocationChecker_GetRevCheckerContext;
+PKIX_Shutdown;
+pkix_Throw;
+PKIX_TrustAnchor_CreateWithCert;
+PKIX_TrustAnchor_CreateWithNameKeyPair;
+PKIX_TrustAnchor_GetCAName;
+PKIX_TrustAnchor_GetCAPublicKey;
+PKIX_TrustAnchor_GetNameConstraints;
+PKIX_TrustAnchor_GetTrustedCert;
+PKIX_ValidateChain;
+PKIX_ValidateChain_NB;
+PKIX_ValidateParams_Create;
+PKIX_ValidateParams_GetCertChain;
+PKIX_ValidateParams_GetProcessingParams;
+pkix_ValidateResult_Create;
+PKIX_ValidateResult_GetPolicyTree;
+PKIX_ValidateResult_GetPublicKey;
+PKIX_ValidateResult_GetTrustAnchor;
+pkix_VerifyNode_AddToChain;
+pkix_VerifyNode_Create;
+PKIX_ResourceLimits_Create;
+PKIX_ResourceLimits_GetMaxDepth;
+PKIX_ResourceLimits_GetMaxFanout;
+PKIX_ResourceLimits_GetMaxTime;
+PKIX_ResourceLimits_SetMaxDepth;
+PKIX_ResourceLimits_SetMaxFanout;
+PKIX_ResourceLimits_SetMaxTime;
+;+};
diff --git a/nss/lib/nss/utilwrap.c b/nss/lib/nss/utilwrap.c
new file mode 100644
index 0000000..938d95c
--- /dev/null
+++ b/nss/lib/nss/utilwrap.c
@@ -0,0 +1,870 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secport.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secdig.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "nssrwlk.h"
+#include "cert.h"
+#include "prerror.h"
+
+/* wrappers for implementation in libnssutil3 */
+#undef ATOB_AsciiToData
+#undef ATOB_ConvertAsciiToItem
+#undef BTOA_ConvertItemToAscii
+#undef BTOA_DataToAscii
+#undef CERT_GenTime2FormattedAscii
+#undef DER_AsciiToTime
+#undef DER_DecodeTimeChoice
+#undef DER_Encode
+#undef DER_EncodeTimeChoice
+#undef DER_GeneralizedDayToAscii
+#undef DER_GeneralizedTimeToTime
+#undef DER_GetInteger
+#undef DER_Lengths
+#undef DER_TimeChoiceDayToAscii
+#undef DER_TimeToGeneralizedTime
+#undef DER_TimeToGeneralizedTimeArena
+#undef DER_TimeToUTCTime
+#undef DER_UTCDayToAscii
+#undef DER_UTCTimeToAscii
+#undef DER_UTCTimeToTime
+#undef NSS_PutEnv
+#undef NSSBase64_DecodeBuffer
+#undef NSSBase64_EncodeItem
+#undef NSSBase64Decoder_Create
+#undef NSSBase64Decoder_Destroy
+#undef NSSBase64Decoder_Update
+#undef NSSBase64Encoder_Create
+#undef NSSBase64Encoder_Destroy
+#undef NSSBase64Encoder_Update
+#undef NSSRWLock_Destroy
+#undef NSSRWLock_HaveWriteLock
+#undef NSSRWLock_LockRead
+#undef NSSRWLock_LockWrite
+#undef NSSRWLock_New
+#undef NSSRWLock_UnlockRead
+#undef NSSRWLock_UnlockWrite
+#undef PORT_Alloc
+#undef PORT_ArenaAlloc
+#undef PORT_ArenaGrow
+#undef PORT_ArenaMark
+#undef PORT_ArenaRelease
+#undef PORT_ArenaStrdup
+#undef PORT_ArenaUnmark
+#undef PORT_ArenaZAlloc
+#undef PORT_Free
+#undef PORT_FreeArena
+#undef PORT_GetError
+#undef PORT_NewArena
+#undef PORT_Realloc
+#undef PORT_SetError
+#undef PORT_SetUCS2_ASCIIConversionFunction
+#undef PORT_SetUCS2_UTF8ConversionFunction
+#undef PORT_SetUCS4_UTF8ConversionFunction
+#undef PORT_Strdup
+#undef PORT_UCS2_ASCIIConversion
+#undef PORT_UCS2_UTF8Conversion
+#undef PORT_ZAlloc
+#undef PORT_ZFree
+#undef SEC_ASN1Decode
+#undef SEC_ASN1DecodeInteger
+#undef SEC_ASN1DecodeItem
+#undef SEC_ASN1DecoderAbort
+#undef SEC_ASN1DecoderClearFilterProc
+#undef SEC_ASN1DecoderClearNotifyProc
+#undef SEC_ASN1DecoderFinish
+#undef SEC_ASN1DecoderSetFilterProc
+#undef SEC_ASN1DecoderSetNotifyProc
+#undef SEC_ASN1DecoderStart
+#undef SEC_ASN1DecoderUpdate
+#undef SEC_ASN1Encode
+#undef SEC_ASN1EncodeInteger
+#undef SEC_ASN1EncodeItem
+#undef SEC_ASN1EncoderAbort
+#undef SEC_ASN1EncoderClearNotifyProc
+#undef SEC_ASN1EncoderClearStreaming
+#undef SEC_ASN1EncoderClearTakeFromBuf
+#undef SEC_ASN1EncoderFinish
+#undef SEC_ASN1EncoderSetNotifyProc
+#undef SEC_ASN1EncoderSetStreaming
+#undef SEC_ASN1EncoderSetTakeFromBuf
+#undef SEC_ASN1EncoderStart
+#undef SEC_ASN1EncoderUpdate
+#undef SEC_ASN1EncodeUnsignedInteger
+#undef SEC_ASN1LengthLength
+#undef SEC_QuickDERDecodeItem
+#undef SECITEM_AllocItem
+#undef SECITEM_ArenaDupItem
+#undef SECITEM_CompareItem
+#undef SECITEM_CopyItem
+#undef SECITEM_DupItem
+#undef SECITEM_FreeItem
+#undef SECITEM_ItemsAreEqual
+#undef SECITEM_ZfreeItem
+#undef SECOID_AddEntry
+#undef SECOID_CompareAlgorithmID
+#undef SECOID_CopyAlgorithmID
+#undef SECOID_DestroyAlgorithmID
+#undef SECOID_FindOID
+#undef SECOID_FindOIDByTag
+#undef SECOID_FindOIDTag
+#undef SECOID_FindOIDTagDescription
+#undef SECOID_GetAlgorithmTag
+#undef SECOID_SetAlgorithmID
+#undef SGN_CompareDigestInfo
+#undef SGN_CopyDigestInfo
+#undef SGN_CreateDigestInfo
+#undef SGN_DestroyDigestInfo
+
+void *
+PORT_Alloc(size_t bytes)
+{
+    return PORT_Alloc_Util(bytes);
+}
+
+void *
+PORT_Realloc(void *oldptr, size_t bytes)
+{
+    return PORT_Realloc_Util(oldptr, bytes);
+}
+
+void *
+PORT_ZAlloc(size_t bytes)
+{
+    return PORT_ZAlloc_Util(bytes);
+}
+
+void
+PORT_Free(void *ptr)
+{
+    PORT_Free_Util(ptr);
+}
+
+void
+PORT_ZFree(void *ptr, size_t len)
+{
+    PORT_ZFree_Util(ptr, len);
+}
+
+char *
+PORT_Strdup(const char *str)
+{
+    return PORT_Strdup_Util(str);
+}
+
+void
+PORT_SetError(int value)
+{
+    PORT_SetError_Util(value);
+}
+
+int
+PORT_GetError(void)
+{
+    return PORT_GetError_Util();
+}
+
+PLArenaPool *
+PORT_NewArena(unsigned long chunksize)
+{
+    return PORT_NewArena_Util(chunksize);
+}
+
+void *
+PORT_ArenaAlloc(PLArenaPool *arena, size_t size)
+{
+    return PORT_ArenaAlloc_Util(arena, size);
+}
+
+void *
+PORT_ArenaZAlloc(PLArenaPool *arena, size_t size)
+{
+    return PORT_ArenaZAlloc_Util(arena, size);
+}
+
+void
+PORT_FreeArena(PLArenaPool *arena, PRBool zero)
+{
+    PORT_FreeArena_Util(arena, zero);
+}
+
+void *
+PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize)
+{
+    return PORT_ArenaGrow_Util(arena, ptr, oldsize, newsize);
+}
+
+void *
+PORT_ArenaMark(PLArenaPool *arena)
+{
+    return PORT_ArenaMark_Util(arena);
+}
+
+void
+PORT_ArenaRelease(PLArenaPool *arena, void *mark)
+{
+    PORT_ArenaRelease_Util(arena, mark);
+}
+
+void
+PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
+{
+    PORT_ArenaUnmark_Util(arena, mark);
+}
+
+char *
+PORT_ArenaStrdup(PLArenaPool *arena, const char *str)
+{
+    return PORT_ArenaStrdup_Util(arena, str);
+}
+
+void
+PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
+{
+    PORT_SetUCS4_UTF8ConversionFunction_Util(convFunc);
+}
+
+void
+PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc)
+{
+    PORT_SetUCS2_ASCIIConversionFunction_Util(convFunc);
+}
+
+void
+PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
+{
+    PORT_SetUCS2_UTF8ConversionFunction_Util(convFunc);
+}
+
+PRBool
+PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
+                         unsigned int inBufLen, unsigned char *outBuf,
+                         unsigned int maxOutBufLen, unsigned int *outBufLen)
+{
+    return PORT_UCS2_UTF8Conversion_Util(toUnicode, inBuf, inBufLen, outBuf,
+                                         maxOutBufLen, outBufLen);
+}
+
+PRBool
+PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
+                          unsigned int inBufLen, unsigned char *outBuf,
+                          unsigned int maxOutBufLen, unsigned int *outBufLen,
+                          PRBool swapBytes)
+{
+    return PORT_UCS2_ASCIIConversion_Util(toUnicode, inBuf, inBufLen, outBuf,
+                                          maxOutBufLen, outBufLen, swapBytes);
+}
+
+int
+NSS_PutEnv(const char *envVarName, const char *envValue)
+{
+    return NSS_PutEnv_Util(envVarName, envValue);
+}
+
+SECOidData *
+SECOID_FindOID(const SECItem *oid)
+{
+    return SECOID_FindOID_Util(oid);
+}
+
+SECOidTag
+SECOID_FindOIDTag(const SECItem *oid)
+{
+    return SECOID_FindOIDTag_Util(oid);
+}
+
+SECOidData *
+SECOID_FindOIDByTag(SECOidTag tagnum)
+{
+    return SECOID_FindOIDByTag_Util(tagnum);
+}
+
+SECStatus
+SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *aid,
+                      SECOidTag tag, SECItem *params)
+{
+    return SECOID_SetAlgorithmID_Util(arena, aid, tag, params);
+}
+
+SECStatus
+SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *dest,
+                       const SECAlgorithmID *src)
+{
+    return SECOID_CopyAlgorithmID_Util(arena, dest, src);
+}
+
+SECOidTag
+SECOID_GetAlgorithmTag(const SECAlgorithmID *aid)
+{
+    return SECOID_GetAlgorithmTag_Util(aid);
+}
+
+void
+SECOID_DestroyAlgorithmID(SECAlgorithmID *aid, PRBool freeit)
+{
+    SECOID_DestroyAlgorithmID_Util(aid, freeit);
+}
+
+SECComparison
+SECOID_CompareAlgorithmID(SECAlgorithmID *a,
+                          SECAlgorithmID *b)
+{
+    return SECOID_CompareAlgorithmID_Util(a, b);
+}
+
+const char *
+SECOID_FindOIDTagDescription(SECOidTag tagnum)
+{
+    return SECOID_FindOIDTagDescription_Util(tagnum);
+}
+
+SECOidTag
+SECOID_AddEntry(const SECOidData *src)
+{
+    return SECOID_AddEntry_Util(src);
+}
+
+SECItem *
+SECITEM_AllocItem(PLArenaPool *arena, SECItem *item,
+                  unsigned int len)
+{
+    return SECITEM_AllocItem_Util(arena, item, len);
+}
+
+SECComparison
+SECITEM_CompareItem(const SECItem *a, const SECItem *b)
+{
+    return SECITEM_CompareItem_Util(a, b);
+}
+
+PRBool
+SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b)
+{
+    return SECITEM_ItemsAreEqual_Util(a, b);
+}
+
+SECStatus
+SECITEM_CopyItem(PLArenaPool *arena, SECItem *to,
+                 const SECItem *from)
+{
+    return SECITEM_CopyItem_Util(arena, to, from);
+}
+
+SECItem *
+SECITEM_DupItem(const SECItem *from)
+{
+    return SECITEM_DupItem_Util(from);
+}
+
+SECItem *
+SECITEM_ArenaDupItem(PLArenaPool *arena, const SECItem *from)
+{
+    return SECITEM_ArenaDupItem_Util(arena, from);
+}
+
+void
+SECITEM_FreeItem(SECItem *zap, PRBool freeit)
+{
+    SECITEM_FreeItem_Util(zap, freeit);
+}
+
+void
+SECITEM_ZfreeItem(SECItem *zap, PRBool freeit)
+{
+    SECITEM_ZfreeItem_Util(zap, freeit);
+}
+
+SGNDigestInfo *
+SGN_CreateDigestInfo(SECOidTag algorithm,
+                     unsigned char *sig,
+                     unsigned int sigLen)
+{
+    return SGN_CreateDigestInfo_Util(algorithm, sig, sigLen);
+}
+
+void
+SGN_DestroyDigestInfo(SGNDigestInfo *info)
+{
+    SGN_DestroyDigestInfo_Util(info);
+}
+
+SECStatus
+SGN_CopyDigestInfo(PLArenaPool *poolp,
+                   SGNDigestInfo *a,
+                   SGNDigestInfo *b)
+{
+    return SGN_CopyDigestInfo_Util(poolp, a, b);
+}
+
+SECComparison
+SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b)
+{
+    return SGN_CompareDigestInfo_Util(a, b);
+}
+
+SECStatus
+DER_Encode(PLArenaPool *arena, SECItem *dest, DERTemplate *t,
+           void *src)
+{
+    return DER_Encode_Util(arena, dest, t, src);
+}
+
+SECStatus
+DER_Lengths(SECItem *item, int *header_len_p,
+            PRUint32 *contents_len_p)
+{
+    return DER_Lengths_Util(item, header_len_p, contents_len_p);
+}
+
+long
+DER_GetInteger(const SECItem *src)
+{
+    return DER_GetInteger_Util(src);
+}
+
+SECStatus
+DER_TimeToUTCTime(SECItem *result, PRTime time)
+{
+    return DER_TimeToUTCTime_Util(result, time);
+}
+
+SECStatus
+DER_AsciiToTime(PRTime *result, const char *string)
+{
+    return DER_AsciiToTime_Util(result, string);
+}
+
+SECStatus
+DER_UTCTimeToTime(PRTime *result, const SECItem *time)
+{
+    return DER_UTCTimeToTime_Util(result, time);
+}
+
+char *
+DER_UTCTimeToAscii(SECItem *utcTime)
+{
+    return DER_UTCTimeToAscii_Util(utcTime);
+}
+
+char *
+DER_UTCDayToAscii(SECItem *utctime)
+{
+    return DER_UTCDayToAscii_Util(utctime);
+}
+
+char *
+DER_GeneralizedDayToAscii(SECItem *gentime)
+{
+    return DER_GeneralizedDayToAscii_Util(gentime);
+}
+
+char *
+DER_TimeChoiceDayToAscii(SECItem *timechoice)
+{
+    return DER_TimeChoiceDayToAscii_Util(timechoice);
+}
+
+SECStatus
+DER_TimeToGeneralizedTime(SECItem *dst, PRTime gmttime)
+{
+    return DER_TimeToGeneralizedTime_Util(dst, gmttime);
+}
+
+SECStatus
+DER_TimeToGeneralizedTimeArena(PLArenaPool *arenaOpt,
+                               SECItem *dst, PRTime gmttime)
+{
+    return DER_TimeToGeneralizedTimeArena_Util(arenaOpt, dst, gmttime);
+}
+
+SECStatus
+DER_GeneralizedTimeToTime(PRTime *dst, const SECItem *time)
+{
+    return DER_GeneralizedTimeToTime_Util(dst, time);
+}
+
+char *
+CERT_GenTime2FormattedAscii(PRTime genTime, char *format)
+{
+    return CERT_GenTime2FormattedAscii_Util(genTime, format);
+}
+
+SECStatus
+DER_DecodeTimeChoice(PRTime *output, const SECItem *input)
+{
+    return DER_DecodeTimeChoice_Util(output, input);
+}
+
+SECStatus
+DER_EncodeTimeChoice(PLArenaPool *arena, SECItem *output,
+                     PRTime input)
+{
+    return DER_EncodeTimeChoice_Util(arena, output, input);
+}
+
+SEC_ASN1DecoderContext *
+SEC_ASN1DecoderStart(PLArenaPool *pool,
+                     void *dest,
+                     const SEC_ASN1Template *t)
+{
+    return SEC_ASN1DecoderStart_Util(pool, dest, t);
+}
+
+SECStatus
+SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx,
+                      const char *buf,
+                      unsigned long len)
+{
+    return SEC_ASN1DecoderUpdate_Util(cx, buf, len);
+}
+
+SECStatus
+SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx)
+{
+    return SEC_ASN1DecoderFinish_Util(cx);
+}
+
+void
+SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext *cx, int error)
+{
+    SEC_ASN1DecoderAbort_Util(cx, error);
+}
+
+void
+SEC_ASN1DecoderSetFilterProc(SEC_ASN1DecoderContext *cx,
+                             SEC_ASN1WriteProc fn,
+                             void *arg, PRBool no_store)
+{
+    SEC_ASN1DecoderSetFilterProc_Util(cx, fn, arg, no_store);
+}
+
+void
+SEC_ASN1DecoderClearFilterProc(SEC_ASN1DecoderContext *cx)
+{
+    SEC_ASN1DecoderClearFilterProc_Util(cx);
+}
+
+void
+SEC_ASN1DecoderSetNotifyProc(SEC_ASN1DecoderContext *cx,
+                             SEC_ASN1NotifyProc fn,
+                             void *arg)
+{
+    SEC_ASN1DecoderSetNotifyProc_Util(cx, fn, arg);
+}
+
+void
+SEC_ASN1DecoderClearNotifyProc(SEC_ASN1DecoderContext *cx)
+{
+    SEC_ASN1DecoderClearNotifyProc_Util(cx);
+}
+
+SECStatus
+SEC_ASN1Decode(PLArenaPool *pool, void *dest,
+               const SEC_ASN1Template *t,
+               const char *buf, long len)
+{
+    return SEC_ASN1Decode_Util(pool, dest, t, buf, len);
+}
+
+SECStatus
+SEC_ASN1DecodeItem(PLArenaPool *pool, void *dest,
+                   const SEC_ASN1Template *t,
+                   const SECItem *src)
+{
+    return SEC_ASN1DecodeItem_Util(pool, dest, t, src);
+}
+
+SECStatus
+SEC_QuickDERDecodeItem(PLArenaPool *arena, void *dest,
+                       const SEC_ASN1Template *templateEntry,
+                       const SECItem *src)
+{
+    return SEC_QuickDERDecodeItem_Util(arena, dest, templateEntry, src);
+}
+
+SEC_ASN1EncoderContext *
+SEC_ASN1EncoderStart(const void *src,
+                     const SEC_ASN1Template *t,
+                     SEC_ASN1WriteProc fn,
+                     void *output_arg)
+{
+    return SEC_ASN1EncoderStart_Util(src, t, fn, output_arg);
+}
+
+SECStatus
+SEC_ASN1EncoderUpdate(SEC_ASN1EncoderContext *cx,
+                      const char *buf,
+                      unsigned long len)
+{
+    return SEC_ASN1EncoderUpdate_Util(cx, buf, len);
+}
+
+void
+SEC_ASN1EncoderFinish(SEC_ASN1EncoderContext *cx)
+{
+    SEC_ASN1EncoderFinish_Util(cx);
+}
+
+void
+SEC_ASN1EncoderAbort(SEC_ASN1EncoderContext *cx, int error)
+{
+    SEC_ASN1EncoderAbort_Util(cx, error);
+}
+
+void
+SEC_ASN1EncoderSetNotifyProc(SEC_ASN1EncoderContext *cx,
+                             SEC_ASN1NotifyProc fn,
+                             void *arg)
+{
+    SEC_ASN1EncoderSetNotifyProc_Util(cx, fn, arg);
+}
+
+void
+SEC_ASN1EncoderClearNotifyProc(SEC_ASN1EncoderContext *cx)
+{
+    SEC_ASN1EncoderClearNotifyProc_Util(cx);
+}
+
+void
+SEC_ASN1EncoderSetStreaming(SEC_ASN1EncoderContext *cx)
+{
+    SEC_ASN1EncoderSetStreaming_Util(cx);
+}
+
+void
+SEC_ASN1EncoderClearStreaming(SEC_ASN1EncoderContext *cx)
+{
+    SEC_ASN1EncoderClearStreaming_Util(cx);
+}
+
+void
+SEC_ASN1EncoderSetTakeFromBuf(SEC_ASN1EncoderContext *cx)
+{
+    SEC_ASN1EncoderSetTakeFromBuf_Util(cx);
+}
+
+void
+SEC_ASN1EncoderClearTakeFromBuf(SEC_ASN1EncoderContext *cx)
+{
+    SEC_ASN1EncoderClearTakeFromBuf_Util(cx);
+}
+
+SECStatus
+SEC_ASN1Encode(const void *src, const SEC_ASN1Template *t,
+               SEC_ASN1WriteProc output_proc,
+               void *output_arg)
+{
+    return SEC_ASN1Encode_Util(src, t, output_proc, output_arg);
+}
+
+SECItem *
+SEC_ASN1EncodeItem(PLArenaPool *pool, SECItem *dest,
+                   const void *src, const SEC_ASN1Template *t)
+{
+    return SEC_ASN1EncodeItem_Util(pool, dest, src, t);
+}
+
+SECItem *
+SEC_ASN1EncodeInteger(PLArenaPool *pool,
+                      SECItem *dest, long value)
+{
+    return SEC_ASN1EncodeInteger_Util(pool, dest, value);
+}
+
+SECItem *
+SEC_ASN1EncodeUnsignedInteger(PLArenaPool *pool,
+                              SECItem *dest,
+                              unsigned long value)
+{
+    return SEC_ASN1EncodeUnsignedInteger_Util(pool, dest, value);
+}
+
+SECStatus
+SEC_ASN1DecodeInteger(SECItem *src,
+                      unsigned long *value)
+{
+    return SEC_ASN1DecodeInteger_Util(src, value);
+}
+
+int
+SEC_ASN1LengthLength(unsigned long len)
+{
+    return SEC_ASN1LengthLength_Util(len);
+}
+
+char *
+BTOA_DataToAscii(const unsigned char *data, unsigned int len)
+{
+    return BTOA_DataToAscii_Util(data, len);
+}
+
+unsigned char *
+ATOB_AsciiToData(const char *string, unsigned int *lenp)
+{
+    return ATOB_AsciiToData_Util(string, lenp);
+}
+
+SECStatus
+ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
+{
+    return ATOB_ConvertAsciiToItem_Util(binary_item, ascii);
+}
+
+char *
+BTOA_ConvertItemToAscii(SECItem *binary_item)
+{
+    return BTOA_ConvertItemToAscii_Util(binary_item);
+}
+
+NSSBase64Decoder *
+NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *,
+                                             PRInt32),
+                        void *output_arg)
+{
+    return NSSBase64Decoder_Create_Util(output_fn, output_arg);
+}
+
+NSSBase64Encoder *
+NSSBase64Encoder_Create(PRInt32 (*output_fn)(void *, const char *, PRInt32),
+                        void *output_arg)
+{
+    return NSSBase64Encoder_Create_Util(output_fn, output_arg);
+}
+
+SECStatus
+NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer,
+                        PRUint32 size)
+{
+    return NSSBase64Decoder_Update_Util(data, buffer, size);
+}
+
+SECStatus
+NSSBase64Encoder_Update(NSSBase64Encoder *data, const unsigned char *buffer,
+                        PRUint32 size)
+{
+    return NSSBase64Encoder_Update_Util(data, buffer, size);
+}
+
+SECStatus
+NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p)
+{
+    return NSSBase64Decoder_Destroy_Util(data, abort_p);
+}
+
+SECStatus
+NSSBase64Encoder_Destroy(NSSBase64Encoder *data, PRBool abort_p)
+{
+    return NSSBase64Encoder_Destroy_Util(data, abort_p);
+}
+
+SECItem *
+NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt,
+                       const char *inStr, unsigned int inLen)
+{
+    return NSSBase64_DecodeBuffer_Util(arenaOpt, outItemOpt, inStr, inLen);
+}
+
+char *
+NSSBase64_EncodeItem(PLArenaPool *arenaOpt, char *outStrOpt,
+                     unsigned int maxOutLen, SECItem *inItem)
+{
+    return NSSBase64_EncodeItem_Util(arenaOpt, outStrOpt, maxOutLen, inItem);
+}
+
+NSSRWLock *
+NSSRWLock_New(PRUint32 lock_rank, const char *lock_name)
+{
+    return NSSRWLock_New_Util(lock_rank, lock_name);
+}
+
+void
+NSSRWLock_Destroy(NSSRWLock *lock)
+{
+    NSSRWLock_Destroy_Util(lock);
+}
+
+void
+NSSRWLock_LockRead(NSSRWLock *lock)
+{
+    NSSRWLock_LockRead_Util(lock);
+}
+
+void
+NSSRWLock_LockWrite(NSSRWLock *lock)
+{
+    NSSRWLock_LockWrite_Util(lock);
+}
+
+void
+NSSRWLock_UnlockRead(NSSRWLock *lock)
+{
+    NSSRWLock_UnlockRead_Util(lock);
+}
+
+void
+NSSRWLock_UnlockWrite(NSSRWLock *lock)
+{
+    NSSRWLock_UnlockWrite_Util(lock);
+}
+
+PRBool
+NSSRWLock_HaveWriteLock(NSSRWLock *rwlock)
+{
+    return NSSRWLock_HaveWriteLock_Util(rwlock);
+}
+
+SECStatus
+__nss_InitLock(PZLock **ppLock, nssILockType ltype)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+/* templates duplicated in libnss3 and libnssutil3 */
+
+#undef NSS_Get_SEC_AnyTemplate
+#undef NSS_Get_SEC_BitStringTemplate
+#undef NSS_Get_SEC_BMPStringTemplate
+#undef NSS_Get_SEC_BooleanTemplate
+#undef NSS_Get_SEC_GeneralizedTimeTemplate
+#undef NSS_Get_SEC_IA5StringTemplate
+#undef NSS_Get_SEC_IntegerTemplate
+#undef NSS_Get_SEC_NullTemplate
+#undef NSS_Get_SEC_ObjectIDTemplate
+#undef NSS_Get_SEC_OctetStringTemplate
+#undef NSS_Get_SEC_PointerToAnyTemplate
+#undef NSS_Get_SEC_PointerToOctetStringTemplate
+#undef NSS_Get_SEC_SetOfAnyTemplate
+#undef NSS_Get_SEC_UTCTimeTemplate
+#undef NSS_Get_SEC_UTF8StringTemplate
+#undef NSS_Get_SECOID_AlgorithmIDTemplate
+#undef NSS_Get_sgn_DigestInfoTemplate
+#undef SEC_AnyTemplate
+#undef SEC_BitStringTemplate
+#undef SEC_BMPStringTemplate
+#undef SEC_BooleanTemplate
+#undef SEC_GeneralizedTimeTemplate
+#undef SEC_IA5StringTemplate
+#undef SEC_IntegerTemplate
+#undef SEC_NullTemplate
+#undef SEC_ObjectIDTemplate
+#undef SEC_OctetStringTemplate
+#undef SEC_PointerToAnyTemplate
+#undef SEC_PointerToOctetStringTemplate
+#undef SEC_SetOfAnyTemplate
+#undef SEC_UTCTimeTemplate
+#undef SEC_UTF8StringTemplate
+#undef SECOID_AlgorithmIDTemplate
+#undef sgn_DigestInfoTemplate
+
+#include "templates.c"
diff --git a/nss/lib/pk11wrap/Makefile b/nss/lib/pk11wrap/Makefile
new file mode 100644
index 0000000..86ab296
--- /dev/null
+++ b/nss/lib/pk11wrap/Makefile
@@ -0,0 +1,62 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+-include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+$(OBJDIR)/pk11load$(OBJ_SUFFIX): debug_module.c
+
+# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
+# pk11slot.c in 64-bit mode for unknown reasons.  A workaround is
+# to compile it with optimizations turned on.  (Bugzilla bug #63815)
+ifeq ($(OS_TARGET)$(OS_RELEASE),AIX4.3)
+ifeq ($(USE_64),1)
+ifndef BUILD_OPT
+$(OBJDIR)/pk11slot.o: pk11slot.c
+	@$(MAKE_OBJDIR)
+	$(CC) -o $@ -c -O2 $(CFLAGS) $<
+endif
+endif
+endif
diff --git a/nss/lib/pk11wrap/config.mk b/nss/lib/pk11wrap/config.mk
new file mode 100644
index 0000000..b8c03de
--- /dev/null
+++ b/nss/lib/pk11wrap/config.mk
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/pk11wrap/debug_module.c b/nss/lib/pk11wrap/debug_module.c
new file mode 100644
index 0000000..9230c01
--- /dev/null
+++ b/nss/lib/pk11wrap/debug_module.c
@@ -0,0 +1,2760 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "prlog.h"
+#include <stdio.h>
+#include "cert.h" /* for CERT_DerNameToAscii & CERT_Hexify */
+
+static PRLogModuleInfo *modlog = NULL;
+
+static CK_FUNCTION_LIST_PTR module_functions;
+
+static CK_FUNCTION_LIST debug_functions;
+
+static void print_final_statistics(void);
+
+#define STRING static const char
+
+STRING fmt_flags[] = "  flags = 0x%x";
+STRING fmt_hKey[] = "  hKey = 0x%x";
+STRING fmt_hObject[] = "  hObject = 0x%x";
+STRING fmt_hSession[] = "  hSession = 0x%x";
+STRING fmt_manufacturerID[] = "  manufacturerID = \"%.32s\"";
+STRING fmt_pData[] = "  pData = 0x%p";
+STRING fmt_pDigest[] = "  pDigest = 0x%p";
+STRING fmt_pEncryptedData[] = "  pEncryptedData = 0x%p";
+STRING fmt_pEncryptedPart[] = "  pEncryptedPart = 0x%p";
+STRING fmt_pInfo[] = "  pInfo = 0x%p";
+STRING fmt_pMechanism[] = "  pMechanism = 0x%p";
+STRING fmt_pOperationState[] = "  pOperationState = 0x%p";
+STRING fmt_pPart[] = "  pPart = 0x%p";
+STRING fmt_pPin[] = "  pPin = 0x%p";
+STRING fmt_pSignature[] = "  pSignature = 0x%p";
+STRING fmt_pTemplate[] = "  pTemplate = 0x%p";
+STRING fmt_pWrappedKey[] = "  pWrappedKey = 0x%p";
+STRING fmt_phKey[] = "  phKey = 0x%p";
+STRING fmt_phObject[] = "  phObject = 0x%p";
+STRING fmt_pulCount[] = "  pulCount = 0x%p";
+STRING fmt_pulDataLen[] = "  pulDataLen = 0x%p";
+STRING fmt_pulDigestLen[] = "  pulDigestLen = 0x%p";
+STRING fmt_pulEncryptedPartLen[] = "  pulEncryptedPartLen = 0x%p";
+STRING fmt_pulPartLen[] = "  pulPartLen = 0x%p";
+STRING fmt_pulSignatureLen[] = "  pulSignatureLen = 0x%p";
+STRING fmt_slotID[] = "  slotID = 0x%x";
+STRING fmt_sphKey[] = "  *phKey = 0x%x";
+STRING fmt_spulCount[] = "  *pulCount = 0x%x";
+STRING fmt_spulDataLen[] = "  *pulDataLen = 0x%x";
+STRING fmt_spulDigestLen[] = "  *pulDigestLen = 0x%x";
+STRING fmt_spulEncryptedPartLen[] = "  *pulEncryptedPartLen = 0x%x";
+STRING fmt_spulPartLen[] = "  *pulPartLen = 0x%x";
+STRING fmt_spulSignatureLen[] = "  *pulSignatureLen = 0x%x";
+STRING fmt_ulAttributeCount[] = "  ulAttributeCount = %d";
+STRING fmt_ulCount[] = "  ulCount = %d";
+STRING fmt_ulDataLen[] = "  ulDataLen = %d";
+STRING fmt_ulEncryptedPartLen[] = "  ulEncryptedPartLen = %d";
+STRING fmt_ulPartLen[] = "  ulPartLen = %d";
+STRING fmt_ulPinLen[] = "  ulPinLen = %d";
+STRING fmt_ulSignatureLen[] = "  ulSignatureLen = %d";
+
+STRING fmt_fwVersion[] = "  firmware version: %d.%d";
+STRING fmt_hwVersion[] = "  hardware version: %d.%d";
+STRING fmt_s_qsq_d[] = "    %s = \"%s\" [%d]";
+STRING fmt_s_s_d[] = "    %s = %s [%d]";
+STRING fmt_s_lu[] = "    %s = %lu";
+STRING fmt_invalid_handle[] = " (CK_INVALID_HANDLE)";
+
+static void
+get_attr_type_str(CK_ATTRIBUTE_TYPE atype, char *str, int len)
+{
+#define CASE(attr) \
+    case attr:     \
+        a = #attr; \
+        break
+
+    const char *a = NULL;
+
+    switch (atype) {
+        CASE(CKA_CLASS);
+        CASE(CKA_TOKEN);
+        CASE(CKA_PRIVATE);
+        CASE(CKA_LABEL);
+        CASE(CKA_APPLICATION);
+        CASE(CKA_VALUE);
+        CASE(CKA_OBJECT_ID);
+        CASE(CKA_CERTIFICATE_TYPE);
+        CASE(CKA_CERTIFICATE_CATEGORY);
+        CASE(CKA_ISSUER);
+        CASE(CKA_SERIAL_NUMBER);
+        CASE(CKA_AC_ISSUER);
+        CASE(CKA_OWNER);
+        CASE(CKA_ATTR_TYPES);
+        CASE(CKA_TRUSTED);
+        CASE(CKA_KEY_TYPE);
+        CASE(CKA_SUBJECT);
+        CASE(CKA_ID);
+        CASE(CKA_SENSITIVE);
+        CASE(CKA_ENCRYPT);
+        CASE(CKA_DECRYPT);
+        CASE(CKA_WRAP);
+        CASE(CKA_UNWRAP);
+        CASE(CKA_SIGN);
+        CASE(CKA_SIGN_RECOVER);
+        CASE(CKA_VERIFY);
+        CASE(CKA_VERIFY_RECOVER);
+        CASE(CKA_DERIVE);
+        CASE(CKA_START_DATE);
+        CASE(CKA_END_DATE);
+        CASE(CKA_MODULUS);
+        CASE(CKA_MODULUS_BITS);
+        CASE(CKA_PUBLIC_EXPONENT);
+        CASE(CKA_PRIVATE_EXPONENT);
+        CASE(CKA_PRIME_1);
+        CASE(CKA_PRIME_2);
+        CASE(CKA_EXPONENT_1);
+        CASE(CKA_EXPONENT_2);
+        CASE(CKA_COEFFICIENT);
+        CASE(CKA_PRIME);
+        CASE(CKA_SUBPRIME);
+        CASE(CKA_BASE);
+        CASE(CKA_PRIME_BITS);
+        CASE(CKA_SUBPRIME_BITS);
+        CASE(CKA_VALUE_BITS);
+        CASE(CKA_VALUE_LEN);
+        CASE(CKA_EXTRACTABLE);
+        CASE(CKA_LOCAL);
+        CASE(CKA_NEVER_EXTRACTABLE);
+        CASE(CKA_ALWAYS_SENSITIVE);
+        CASE(CKA_KEY_GEN_MECHANISM);
+        CASE(CKA_MODIFIABLE);
+        CASE(CKA_ECDSA_PARAMS);
+        CASE(CKA_EC_POINT);
+        CASE(CKA_SECONDARY_AUTH);
+        CASE(CKA_AUTH_PIN_FLAGS);
+        CASE(CKA_HW_FEATURE_TYPE);
+        CASE(CKA_RESET_ON_INIT);
+        CASE(CKA_HAS_RESET);
+        CASE(CKA_VENDOR_DEFINED);
+        CASE(CKA_NSS_URL);
+        CASE(CKA_NSS_EMAIL);
+        CASE(CKA_NSS_SMIME_INFO);
+        CASE(CKA_NSS_SMIME_TIMESTAMP);
+        CASE(CKA_NSS_PKCS8_SALT);
+        CASE(CKA_NSS_PASSWORD_CHECK);
+        CASE(CKA_NSS_EXPIRES);
+        CASE(CKA_NSS_KRL);
+        CASE(CKA_NSS_PQG_COUNTER);
+        CASE(CKA_NSS_PQG_SEED);
+        CASE(CKA_NSS_PQG_H);
+        CASE(CKA_NSS_PQG_SEED_BITS);
+        CASE(CKA_TRUST);
+        CASE(CKA_TRUST_DIGITAL_SIGNATURE);
+        CASE(CKA_TRUST_NON_REPUDIATION);
+        CASE(CKA_TRUST_KEY_ENCIPHERMENT);
+        CASE(CKA_TRUST_DATA_ENCIPHERMENT);
+        CASE(CKA_TRUST_KEY_AGREEMENT);
+        CASE(CKA_TRUST_KEY_CERT_SIGN);
+        CASE(CKA_TRUST_CRL_SIGN);
+        CASE(CKA_TRUST_SERVER_AUTH);
+        CASE(CKA_TRUST_CLIENT_AUTH);
+        CASE(CKA_TRUST_CODE_SIGNING);
+        CASE(CKA_TRUST_EMAIL_PROTECTION);
+        CASE(CKA_TRUST_IPSEC_END_SYSTEM);
+        CASE(CKA_TRUST_IPSEC_TUNNEL);
+        CASE(CKA_TRUST_IPSEC_USER);
+        CASE(CKA_TRUST_TIME_STAMPING);
+        CASE(CKA_CERT_SHA1_HASH);
+        CASE(CKA_CERT_MD5_HASH);
+        CASE(CKA_NETSCAPE_DB);
+        CASE(CKA_NETSCAPE_TRUST);
+        default:
+            break;
+    }
+    if (a)
+        PR_snprintf(str, len, "%s", a);
+    else
+        PR_snprintf(str, len, "0x%p", atype);
+}
+
+static void
+get_obj_class(CK_OBJECT_CLASS objClass, char *str, int len)
+{
+
+    const char *a = NULL;
+
+    switch (objClass) {
+        CASE(CKO_DATA);
+        CASE(CKO_CERTIFICATE);
+        CASE(CKO_PUBLIC_KEY);
+        CASE(CKO_PRIVATE_KEY);
+        CASE(CKO_SECRET_KEY);
+        CASE(CKO_HW_FEATURE);
+        CASE(CKO_DOMAIN_PARAMETERS);
+        CASE(CKO_NSS_CRL);
+        CASE(CKO_NSS_SMIME);
+        CASE(CKO_NSS_TRUST);
+        CASE(CKO_NSS_BUILTIN_ROOT_LIST);
+        default:
+            break;
+    }
+    if (a)
+        PR_snprintf(str, len, "%s", a);
+    else
+        PR_snprintf(str, len, "0x%p", objClass);
+}
+
+static void
+get_trust_val(CK_TRUST trust, char *str, int len)
+{
+    const char *a = NULL;
+
+    switch (trust) {
+        CASE(CKT_NSS_TRUSTED);
+        CASE(CKT_NSS_TRUSTED_DELEGATOR);
+        CASE(CKT_NSS_NOT_TRUSTED);
+        CASE(CKT_NSS_MUST_VERIFY_TRUST);
+        CASE(CKT_NSS_TRUST_UNKNOWN);
+        CASE(CKT_NSS_VALID_DELEGATOR);
+        default:
+            break;
+    }
+    if (a)
+        PR_snprintf(str, len, "%s", a);
+    else
+        PR_snprintf(str, len, "0x%p", trust);
+}
+
+static void
+log_rv(CK_RV rv)
+{
+    const char *a = NULL;
+
+    switch (rv) {
+        CASE(CKR_OK);
+        CASE(CKR_CANCEL);
+        CASE(CKR_HOST_MEMORY);
+        CASE(CKR_SLOT_ID_INVALID);
+        CASE(CKR_GENERAL_ERROR);
+        CASE(CKR_FUNCTION_FAILED);
+        CASE(CKR_ARGUMENTS_BAD);
+        CASE(CKR_NO_EVENT);
+        CASE(CKR_NEED_TO_CREATE_THREADS);
+        CASE(CKR_CANT_LOCK);
+        CASE(CKR_ATTRIBUTE_READ_ONLY);
+        CASE(CKR_ATTRIBUTE_SENSITIVE);
+        CASE(CKR_ATTRIBUTE_TYPE_INVALID);
+        CASE(CKR_ATTRIBUTE_VALUE_INVALID);
+        CASE(CKR_DATA_INVALID);
+        CASE(CKR_DATA_LEN_RANGE);
+        CASE(CKR_DEVICE_ERROR);
+        CASE(CKR_DEVICE_MEMORY);
+        CASE(CKR_DEVICE_REMOVED);
+        CASE(CKR_ENCRYPTED_DATA_INVALID);
+        CASE(CKR_ENCRYPTED_DATA_LEN_RANGE);
+        CASE(CKR_FUNCTION_CANCELED);
+        CASE(CKR_FUNCTION_NOT_PARALLEL);
+        CASE(CKR_FUNCTION_NOT_SUPPORTED);
+        CASE(CKR_KEY_HANDLE_INVALID);
+        CASE(CKR_KEY_SIZE_RANGE);
+        CASE(CKR_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_KEY_NOT_NEEDED);
+        CASE(CKR_KEY_CHANGED);
+        CASE(CKR_KEY_NEEDED);
+        CASE(CKR_KEY_INDIGESTIBLE);
+        CASE(CKR_KEY_FUNCTION_NOT_PERMITTED);
+        CASE(CKR_KEY_NOT_WRAPPABLE);
+        CASE(CKR_KEY_UNEXTRACTABLE);
+        CASE(CKR_MECHANISM_INVALID);
+        CASE(CKR_MECHANISM_PARAM_INVALID);
+        CASE(CKR_OBJECT_HANDLE_INVALID);
+        CASE(CKR_OPERATION_ACTIVE);
+        CASE(CKR_OPERATION_NOT_INITIALIZED);
+        CASE(CKR_PIN_INCORRECT);
+        CASE(CKR_PIN_INVALID);
+        CASE(CKR_PIN_LEN_RANGE);
+        CASE(CKR_PIN_EXPIRED);
+        CASE(CKR_PIN_LOCKED);
+        CASE(CKR_SESSION_CLOSED);
+        CASE(CKR_SESSION_COUNT);
+        CASE(CKR_SESSION_HANDLE_INVALID);
+        CASE(CKR_SESSION_PARALLEL_NOT_SUPPORTED);
+        CASE(CKR_SESSION_READ_ONLY);
+        CASE(CKR_SESSION_EXISTS);
+        CASE(CKR_SESSION_READ_ONLY_EXISTS);
+        CASE(CKR_SESSION_READ_WRITE_SO_EXISTS);
+        CASE(CKR_SIGNATURE_INVALID);
+        CASE(CKR_SIGNATURE_LEN_RANGE);
+        CASE(CKR_TEMPLATE_INCOMPLETE);
+        CASE(CKR_TEMPLATE_INCONSISTENT);
+        CASE(CKR_TOKEN_NOT_PRESENT);
+        CASE(CKR_TOKEN_NOT_RECOGNIZED);
+        CASE(CKR_TOKEN_WRITE_PROTECTED);
+        CASE(CKR_UNWRAPPING_KEY_HANDLE_INVALID);
+        CASE(CKR_UNWRAPPING_KEY_SIZE_RANGE);
+        CASE(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_USER_ALREADY_LOGGED_IN);
+        CASE(CKR_USER_NOT_LOGGED_IN);
+        CASE(CKR_USER_PIN_NOT_INITIALIZED);
+        CASE(CKR_USER_TYPE_INVALID);
+        CASE(CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
+        CASE(CKR_USER_TOO_MANY_TYPES);
+        CASE(CKR_WRAPPED_KEY_INVALID);
+        CASE(CKR_WRAPPED_KEY_LEN_RANGE);
+        CASE(CKR_WRAPPING_KEY_HANDLE_INVALID);
+        CASE(CKR_WRAPPING_KEY_SIZE_RANGE);
+        CASE(CKR_WRAPPING_KEY_TYPE_INCONSISTENT);
+        CASE(CKR_RANDOM_SEED_NOT_SUPPORTED);
+        CASE(CKR_RANDOM_NO_RNG);
+        CASE(CKR_DOMAIN_PARAMS_INVALID);
+        CASE(CKR_BUFFER_TOO_SMALL);
+        CASE(CKR_SAVED_STATE_INVALID);
+        CASE(CKR_INFORMATION_SENSITIVE);
+        CASE(CKR_STATE_UNSAVEABLE);
+        CASE(CKR_CRYPTOKI_NOT_INITIALIZED);
+        CASE(CKR_CRYPTOKI_ALREADY_INITIALIZED);
+        CASE(CKR_MUTEX_BAD);
+        CASE(CKR_MUTEX_NOT_LOCKED);
+        CASE(CKR_FUNCTION_REJECTED);
+        CASE(CKR_KEY_PARAMS_INVALID);
+        default:
+            break;
+    }
+    if (a)
+        PR_LOG(modlog, 1, ("  rv = %s\n", a));
+    else
+        PR_LOG(modlog, 1, ("  rv = 0x%x\n", rv));
+}
+
+static void
+log_state(CK_STATE state)
+{
+    const char *a = NULL;
+
+    switch (state) {
+        CASE(CKS_RO_PUBLIC_SESSION);
+        CASE(CKS_RO_USER_FUNCTIONS);
+        CASE(CKS_RW_PUBLIC_SESSION);
+        CASE(CKS_RW_USER_FUNCTIONS);
+        CASE(CKS_RW_SO_FUNCTIONS);
+        default:
+            break;
+    }
+    if (a)
+        PR_LOG(modlog, 1, ("  state = %s\n", a));
+    else
+        PR_LOG(modlog, 1, ("  state = 0x%x\n", state));
+}
+
+static void
+log_handle(int level, const char *format, CK_ULONG handle)
+{
+    char fmtBuf[80];
+    if (handle)
+        PR_LOG(modlog, level, (format, handle));
+    else {
+        PL_strncpyz(fmtBuf, format, sizeof fmtBuf);
+        PL_strcatn(fmtBuf, sizeof fmtBuf, fmt_invalid_handle);
+        PR_LOG(modlog, level, (fmtBuf, handle));
+    }
+}
+
+static void
+print_mechanism(CK_MECHANISM_PTR m)
+{
+
+    const char *a = NULL;
+
+    switch (m->mechanism) {
+        CASE(CKM_AES_CBC);
+        CASE(CKM_AES_CBC_ENCRYPT_DATA);
+        CASE(CKM_AES_CBC_PAD);
+        CASE(CKM_AES_CCM);
+        CASE(CKM_AES_CTR);
+        CASE(CKM_AES_CTS);
+        CASE(CKM_AES_GCM);
+        CASE(CKM_AES_ECB);
+        CASE(CKM_AES_ECB_ENCRYPT_DATA);
+        CASE(CKM_AES_KEY_GEN);
+        CASE(CKM_AES_MAC);
+        CASE(CKM_AES_MAC_GENERAL);
+        CASE(CKM_CAMELLIA_CBC);
+        CASE(CKM_CAMELLIA_CBC_ENCRYPT_DATA);
+        CASE(CKM_CAMELLIA_CBC_PAD);
+        CASE(CKM_CAMELLIA_ECB);
+        CASE(CKM_CAMELLIA_ECB_ENCRYPT_DATA);
+        CASE(CKM_CAMELLIA_KEY_GEN);
+        CASE(CKM_CAMELLIA_MAC);
+        CASE(CKM_CAMELLIA_MAC_GENERAL);
+        CASE(CKM_CDMF_CBC);
+        CASE(CKM_CDMF_CBC_PAD);
+        CASE(CKM_CDMF_ECB);
+        CASE(CKM_CDMF_KEY_GEN);
+        CASE(CKM_CDMF_MAC);
+        CASE(CKM_CDMF_MAC_GENERAL);
+        CASE(CKM_CMS_SIG);
+        CASE(CKM_CONCATENATE_BASE_AND_DATA);
+        CASE(CKM_CONCATENATE_BASE_AND_KEY);
+        CASE(CKM_CONCATENATE_DATA_AND_BASE);
+        CASE(CKM_DES2_KEY_GEN);
+        CASE(CKM_DES3_CBC);
+        CASE(CKM_DES3_CBC_ENCRYPT_DATA);
+        CASE(CKM_DES3_CBC_PAD);
+        CASE(CKM_DES3_ECB);
+        CASE(CKM_DES3_ECB_ENCRYPT_DATA);
+        CASE(CKM_DES3_KEY_GEN);
+        CASE(CKM_DES3_MAC);
+        CASE(CKM_DES3_MAC_GENERAL);
+        CASE(CKM_DES_CBC);
+        CASE(CKM_DES_CBC_ENCRYPT_DATA);
+        CASE(CKM_DES_CBC_PAD);
+        CASE(CKM_DES_CFB64);
+        CASE(CKM_DES_CFB8);
+        CASE(CKM_DES_ECB);
+        CASE(CKM_DES_ECB_ENCRYPT_DATA);
+        CASE(CKM_DES_KEY_GEN);
+        CASE(CKM_DES_MAC);
+        CASE(CKM_DES_MAC_GENERAL);
+        CASE(CKM_DES_OFB64);
+        CASE(CKM_DES_OFB8);
+        CASE(CKM_DH_PKCS_DERIVE);
+        CASE(CKM_DH_PKCS_KEY_PAIR_GEN);
+        CASE(CKM_DH_PKCS_PARAMETER_GEN);
+        CASE(CKM_DSA);
+        CASE(CKM_DSA_KEY_PAIR_GEN);
+        CASE(CKM_DSA_PARAMETER_GEN);
+        CASE(CKM_DSA_SHA1);
+        CASE(CKM_ECDH1_COFACTOR_DERIVE);
+        CASE(CKM_ECDH1_DERIVE);
+        CASE(CKM_ECDSA);
+        CASE(CKM_ECDSA_SHA1);
+        CASE(CKM_ECMQV_DERIVE);
+        CASE(CKM_EC_KEY_PAIR_GEN); /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */
+        CASE(CKM_EXTRACT_KEY_FROM_KEY);
+        CASE(CKM_FASTHASH);
+        CASE(CKM_FORTEZZA_TIMESTAMP);
+        CASE(CKM_GENERIC_SECRET_KEY_GEN);
+        CASE(CKM_IDEA_CBC);
+        CASE(CKM_IDEA_CBC_PAD);
+        CASE(CKM_IDEA_ECB);
+        CASE(CKM_IDEA_KEY_GEN);
+        CASE(CKM_IDEA_MAC);
+        CASE(CKM_IDEA_MAC_GENERAL);
+        CASE(CKM_KEA_KEY_DERIVE);
+        CASE(CKM_KEA_KEY_PAIR_GEN);
+        CASE(CKM_KEY_WRAP_LYNKS);
+        CASE(CKM_KEY_WRAP_SET_OAEP);
+        CASE(CKM_MD2);
+        CASE(CKM_MD2_HMAC);
+        CASE(CKM_MD2_HMAC_GENERAL);
+        CASE(CKM_MD2_KEY_DERIVATION);
+        CASE(CKM_MD2_RSA_PKCS);
+        CASE(CKM_MD5);
+        CASE(CKM_MD5_HMAC);
+        CASE(CKM_MD5_HMAC_GENERAL);
+        CASE(CKM_MD5_KEY_DERIVATION);
+        CASE(CKM_MD5_RSA_PKCS);
+        CASE(CKM_PBA_SHA1_WITH_SHA1_HMAC);
+        CASE(CKM_PBE_MD2_DES_CBC);
+        CASE(CKM_PBE_MD5_DES_CBC);
+        CASE(CKM_PBE_SHA1_DES2_EDE_CBC);
+        CASE(CKM_PBE_SHA1_DES3_EDE_CBC);
+        CASE(CKM_PBE_SHA1_RC2_128_CBC);
+        CASE(CKM_PBE_SHA1_RC2_40_CBC);
+        CASE(CKM_PBE_SHA1_RC4_128);
+        CASE(CKM_PBE_SHA1_RC4_40);
+        CASE(CKM_PKCS5_PBKD2);
+        CASE(CKM_RC2_CBC);
+        CASE(CKM_RC2_CBC_PAD);
+        CASE(CKM_RC2_ECB);
+        CASE(CKM_RC2_KEY_GEN);
+        CASE(CKM_RC2_MAC);
+        CASE(CKM_RC2_MAC_GENERAL);
+        CASE(CKM_RC4);
+        CASE(CKM_RC4_KEY_GEN);
+        CASE(CKM_RC5_CBC);
+        CASE(CKM_RC5_CBC_PAD);
+        CASE(CKM_RC5_ECB);
+        CASE(CKM_RC5_KEY_GEN);
+        CASE(CKM_RC5_MAC);
+        CASE(CKM_RC5_MAC_GENERAL);
+        CASE(CKM_RIPEMD128);
+        CASE(CKM_RIPEMD128_HMAC);
+        CASE(CKM_RIPEMD128_HMAC_GENERAL);
+        CASE(CKM_RIPEMD128_RSA_PKCS);
+        CASE(CKM_RIPEMD160);
+        CASE(CKM_RIPEMD160_HMAC);
+        CASE(CKM_RIPEMD160_HMAC_GENERAL);
+        CASE(CKM_RIPEMD160_RSA_PKCS);
+        CASE(CKM_RSA_9796);
+        CASE(CKM_RSA_PKCS);
+        CASE(CKM_RSA_PKCS_KEY_PAIR_GEN);
+        CASE(CKM_RSA_PKCS_OAEP);
+        CASE(CKM_RSA_PKCS_PSS);
+        CASE(CKM_RSA_X9_31);
+        CASE(CKM_RSA_X9_31_KEY_PAIR_GEN);
+        CASE(CKM_RSA_X_509);
+        CASE(CKM_SHA1_KEY_DERIVATION);
+        CASE(CKM_SHA1_RSA_PKCS);
+        CASE(CKM_SHA1_RSA_PKCS_PSS);
+        CASE(CKM_SHA1_RSA_X9_31);
+        CASE(CKM_SHA224);
+        CASE(CKM_SHA224_HMAC);
+        CASE(CKM_SHA224_HMAC_GENERAL);
+        CASE(CKM_SHA224_KEY_DERIVATION);
+        CASE(CKM_SHA224_RSA_PKCS);
+        CASE(CKM_SHA224_RSA_PKCS_PSS);
+        CASE(CKM_SHA256);
+        CASE(CKM_SHA256_HMAC);
+        CASE(CKM_SHA256_HMAC_GENERAL);
+        CASE(CKM_SHA256_KEY_DERIVATION);
+        CASE(CKM_SHA256_RSA_PKCS);
+        CASE(CKM_SHA256_RSA_PKCS_PSS);
+        CASE(CKM_SHA384);
+        CASE(CKM_SHA384_HMAC);
+        CASE(CKM_SHA384_HMAC_GENERAL);
+        CASE(CKM_SHA384_KEY_DERIVATION);
+        CASE(CKM_SHA384_RSA_PKCS);
+        CASE(CKM_SHA384_RSA_PKCS_PSS);
+        CASE(CKM_SHA512);
+        CASE(CKM_SHA512_HMAC);
+        CASE(CKM_SHA512_HMAC_GENERAL);
+        CASE(CKM_SHA512_KEY_DERIVATION);
+        CASE(CKM_SHA512_RSA_PKCS);
+        CASE(CKM_SHA512_RSA_PKCS_PSS);
+        CASE(CKM_SHA_1);
+        CASE(CKM_SHA_1_HMAC);
+        CASE(CKM_SHA_1_HMAC_GENERAL);
+        CASE(CKM_SKIPJACK_CBC64);
+        CASE(CKM_SKIPJACK_CFB16);
+        CASE(CKM_SKIPJACK_CFB32);
+        CASE(CKM_SKIPJACK_CFB64);
+        CASE(CKM_SKIPJACK_CFB8);
+        CASE(CKM_SKIPJACK_ECB64);
+        CASE(CKM_SKIPJACK_KEY_GEN);
+        CASE(CKM_SKIPJACK_OFB64);
+        CASE(CKM_SKIPJACK_PRIVATE_WRAP);
+        CASE(CKM_SKIPJACK_RELAYX);
+        CASE(CKM_SKIPJACK_WRAP);
+        CASE(CKM_SSL3_KEY_AND_MAC_DERIVE);
+        CASE(CKM_SSL3_MASTER_KEY_DERIVE);
+        CASE(CKM_SSL3_MASTER_KEY_DERIVE_DH);
+        CASE(CKM_SSL3_MD5_MAC);
+        CASE(CKM_SSL3_PRE_MASTER_KEY_GEN);
+        CASE(CKM_SSL3_SHA1_MAC);
+        CASE(CKM_TLS_KEY_AND_MAC_DERIVE);
+        CASE(CKM_TLS_MASTER_KEY_DERIVE);
+        CASE(CKM_TLS_MASTER_KEY_DERIVE_DH);
+        CASE(CKM_TLS_PRE_MASTER_KEY_GEN);
+        CASE(CKM_TLS_PRF);
+        CASE(CKM_TWOFISH_CBC);
+        CASE(CKM_TWOFISH_KEY_GEN);
+        CASE(CKM_X9_42_DH_DERIVE);
+        CASE(CKM_X9_42_DH_HYBRID_DERIVE);
+        CASE(CKM_X9_42_DH_KEY_PAIR_GEN);
+        CASE(CKM_X9_42_DH_PARAMETER_GEN);
+        CASE(CKM_X9_42_MQV_DERIVE);
+        CASE(CKM_XOR_BASE_AND_DATA);
+        default:
+            break;
+    }
+    if (a)
+        PR_LOG(modlog, 4, ("      mechanism = %s", a));
+    else
+        PR_LOG(modlog, 4, ("      mechanism = 0x%p", m->mechanism));
+}
+
+static void
+get_key_type(CK_KEY_TYPE keyType, char *str, int len)
+{
+
+    const char *a = NULL;
+
+    switch (keyType) {
+        CASE(CKK_AES);
+        CASE(CKK_CAMELLIA);
+        CASE(CKK_CDMF);
+        CASE(CKK_DES);
+        CASE(CKK_DES2);
+        CASE(CKK_DES3);
+        CASE(CKK_DH);
+        CASE(CKK_DSA);
+        CASE(CKK_EC); /* also CASE(CKK_ECDSA); */
+        CASE(CKK_GENERIC_SECRET);
+        CASE(CKK_IDEA);
+        CASE(CKK_INVALID_KEY_TYPE);
+        CASE(CKK_KEA);
+        CASE(CKK_RC2);
+        CASE(CKK_RC4);
+        CASE(CKK_RC5);
+        CASE(CKK_RSA);
+        CASE(CKK_SKIPJACK);
+        CASE(CKK_TWOFISH);
+        CASE(CKK_X9_42_DH);
+        default:
+            break;
+    }
+    if (a)
+        PR_snprintf(str, len, "%s", a);
+    else
+        PR_snprintf(str, len, "0x%p", keyType);
+}
+
+static void
+print_attr_value(CK_ATTRIBUTE_PTR attr)
+{
+    char atype[48];
+    char valstr[49];
+    int len;
+
+    get_attr_type_str(attr->type, atype, sizeof atype);
+    switch (attr->type) {
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_DECRYPT:
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_EXTRACTABLE:
+        case CKA_LOCAL:
+        case CKA_MODIFIABLE:
+        case CKA_NEVER_EXTRACTABLE:
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_SIGN:
+        case CKA_SIGN_RECOVER:
+        case CKA_TOKEN:
+        case CKA_UNWRAP:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_BBOOL tf = *((CK_BBOOL *)attr->pValue);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, tf ? "CK_TRUE" : "CK_FALSE", attr->ulValueLen));
+                break;
+            }
+        case CKA_CLASS:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_OBJECT_CLASS objClass = *((CK_OBJECT_CLASS *)attr->pValue);
+                get_obj_class(objClass, valstr, sizeof valstr);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_TRUST_CLIENT_AUTH:
+        case CKA_TRUST_CODE_SIGNING:
+        case CKA_TRUST_EMAIL_PROTECTION:
+        case CKA_TRUST_SERVER_AUTH:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_TRUST trust = *((CK_TRUST *)attr->pValue);
+                get_trust_val(trust, valstr, sizeof valstr);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_KEY_TYPE:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_KEY_TYPE keyType = *((CK_KEY_TYPE *)attr->pValue);
+                get_key_type(keyType, valstr, sizeof valstr);
+                PR_LOG(modlog, 4, (fmt_s_s_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_PIXEL_X:
+        case CKA_PIXEL_Y:
+        case CKA_RESOLUTION:
+        case CKA_CHAR_ROWS:
+        case CKA_CHAR_COLUMNS:
+        case CKA_BITS_PER_PIXEL:
+        case CKA_CERTIFICATE_CATEGORY:      /* should print as enum/string */
+        case CKA_JAVA_MIDP_SECURITY_DOMAIN: /* should print as enum/string */
+        case CKA_MODULUS_BITS:
+        case CKA_PRIME_BITS:
+        case CKA_SUBPRIME_BITS:
+        case CKA_VALUE_BITS:
+        case CKA_VALUE_LEN:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                CK_ULONG valueLen = *((CK_ULONG *)attr->pValue);
+                /* XXX check for the special value CK_UNAVAILABLE_INFORMATION */
+                PR_LOG(modlog, 4, (fmt_s_lu, atype, (PRUint32)valueLen));
+                break;
+            }
+        case CKA_LABEL:
+        case CKA_NSS_EMAIL:
+        case CKA_NSS_URL:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
+                PR_snprintf(valstr, len, "%s", attr->pValue);
+                PR_LOG(modlog, 4, (fmt_s_qsq_d,
+                                   atype, valstr, attr->ulValueLen));
+                break;
+            }
+        case CKA_ISSUER:
+        case CKA_SUBJECT:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                char *asciiName;
+                SECItem derName;
+                derName.type = siDERNameBuffer;
+                derName.data = attr->pValue;
+                derName.len = attr->ulValueLen;
+                asciiName = CERT_DerNameToAscii(&derName);
+                if (asciiName) {
+                    PR_LOG(modlog, 4, (fmt_s_s_d,
+                                       atype, asciiName, attr->ulValueLen));
+                    PORT_Free(asciiName);
+                    break;
+                }
+                /* else treat like a binary buffer */
+                goto binary_buffer;
+            }
+        case CKA_ID:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                unsigned char *pV = attr->pValue;
+                for (len = (int)attr->ulValueLen; len > 0; --len) {
+                    unsigned int ch = *pV++;
+                    if (ch >= 0x20 && ch < 0x7f)
+                        continue;
+                    if (!ch && len == 1) /* will ignore NUL if last character */
+                        continue;
+                    break;
+                }
+                if (!len) { /* entire string is printable */
+                    len = PR_MIN(attr->ulValueLen + 1, sizeof valstr);
+                    PR_snprintf(valstr, len, "%s", attr->pValue);
+                    PR_LOG(modlog, 4, (fmt_s_qsq_d,
+                                       atype, valstr, attr->ulValueLen));
+                    break;
+                }
+                /* else fall through and treat like a binary buffer */
+            }
+        binary_buffer:
+        case CKA_SERIAL_NUMBER:
+        default:
+            if (attr->ulValueLen > 0 && attr->pValue) {
+                char *hexBuf;
+                SECItem attrBuf;
+                attrBuf.type = siDERNameBuffer;
+                attrBuf.data = attr->pValue;
+                attrBuf.len = PR_MIN(attr->ulValueLen, (sizeof valstr) / 2);
+
+                hexBuf = CERT_Hexify(&attrBuf, PR_FALSE);
+                if (hexBuf) {
+                    PR_LOG(modlog, 4, (fmt_s_s_d,
+                                       atype, hexBuf, attr->ulValueLen));
+                    PORT_Free(hexBuf);
+                    break;
+                }
+                /* else fall through and show only the address. :( */
+            }
+            PR_LOG(modlog, 4, ("    %s = [0x%p] [%d]",
+                               atype, attr->pValue, attr->ulValueLen));
+            break;
+    }
+}
+
+static void
+print_template(CK_ATTRIBUTE_PTR templ, CK_ULONG tlen)
+{
+    CK_ULONG i;
+    for (i = 0; i < tlen; i++) {
+        print_attr_value(&templ[i]);
+    }
+}
+
+struct nssdbg_prof_str {
+    PRUint32 time;
+    PRUint32 calls;
+    char *function;
+};
+
+#define NSSDBG_DEFINE(func) \
+    {                       \
+        0, 0, #func         \
+    }
+
+struct nssdbg_prof_str nssdbg_prof_data[] = {
+#define FUNC_C_INITIALIZE 0
+    NSSDBG_DEFINE(C_Initialize),
+#define FUNC_C_FINALIZE 1
+    NSSDBG_DEFINE(C_Finalize),
+#define FUNC_C_GETINFO 2
+    NSSDBG_DEFINE(C_GetInfo),
+#define FUNC_C_GETFUNCITONLIST 3
+    NSSDBG_DEFINE(C_GetFunctionList),
+#define FUNC_C_GETSLOTLIST 4
+    NSSDBG_DEFINE(C_GetSlotList),
+#define FUNC_C_GETSLOTINFO 5
+    NSSDBG_DEFINE(C_GetSlotInfo),
+#define FUNC_C_GETTOKENINFO 6
+    NSSDBG_DEFINE(C_GetTokenInfo),
+#define FUNC_C_GETMECHANISMLIST 7
+    NSSDBG_DEFINE(C_GetMechanismList),
+#define FUNC_C_GETMECHANISMINFO 8
+    NSSDBG_DEFINE(C_GetMechanismInfo),
+#define FUNC_C_INITTOKEN 9
+    NSSDBG_DEFINE(C_InitToken),
+#define FUNC_C_INITPIN 10
+    NSSDBG_DEFINE(C_InitPIN),
+#define FUNC_C_SETPIN 11
+    NSSDBG_DEFINE(C_SetPIN),
+#define FUNC_C_OPENSESSION 12
+    NSSDBG_DEFINE(C_OpenSession),
+#define FUNC_C_CLOSESESSION 13
+    NSSDBG_DEFINE(C_CloseSession),
+#define FUNC_C_CLOSEALLSESSIONS 14
+    NSSDBG_DEFINE(C_CloseAllSessions),
+#define FUNC_C_GETSESSIONINFO 15
+    NSSDBG_DEFINE(C_GetSessionInfo),
+#define FUNC_C_GETOPERATIONSTATE 16
+    NSSDBG_DEFINE(C_GetOperationState),
+#define FUNC_C_SETOPERATIONSTATE 17
+    NSSDBG_DEFINE(C_SetOperationState),
+#define FUNC_C_LOGIN 18
+    NSSDBG_DEFINE(C_Login),
+#define FUNC_C_LOGOUT 19
+    NSSDBG_DEFINE(C_Logout),
+#define FUNC_C_CREATEOBJECT 20
+    NSSDBG_DEFINE(C_CreateObject),
+#define FUNC_C_COPYOBJECT 21
+    NSSDBG_DEFINE(C_CopyObject),
+#define FUNC_C_DESTROYOBJECT 22
+    NSSDBG_DEFINE(C_DestroyObject),
+#define FUNC_C_GETOBJECTSIZE 23
+    NSSDBG_DEFINE(C_GetObjectSize),
+#define FUNC_C_GETATTRIBUTEVALUE 24
+    NSSDBG_DEFINE(C_GetAttributeValue),
+#define FUNC_C_SETATTRIBUTEVALUE 25
+    NSSDBG_DEFINE(C_SetAttributeValue),
+#define FUNC_C_FINDOBJECTSINIT 26
+    NSSDBG_DEFINE(C_FindObjectsInit),
+#define FUNC_C_FINDOBJECTS 27
+    NSSDBG_DEFINE(C_FindObjects),
+#define FUNC_C_FINDOBJECTSFINAL 28
+    NSSDBG_DEFINE(C_FindObjectsFinal),
+#define FUNC_C_ENCRYPTINIT 29
+    NSSDBG_DEFINE(C_EncryptInit),
+#define FUNC_C_ENCRYPT 30
+    NSSDBG_DEFINE(C_Encrypt),
+#define FUNC_C_ENCRYPTUPDATE 31
+    NSSDBG_DEFINE(C_EncryptUpdate),
+#define FUNC_C_ENCRYPTFINAL 32
+    NSSDBG_DEFINE(C_EncryptFinal),
+#define FUNC_C_DECRYPTINIT 33
+    NSSDBG_DEFINE(C_DecryptInit),
+#define FUNC_C_DECRYPT 34
+    NSSDBG_DEFINE(C_Decrypt),
+#define FUNC_C_DECRYPTUPDATE 35
+    NSSDBG_DEFINE(C_DecryptUpdate),
+#define FUNC_C_DECRYPTFINAL 36
+    NSSDBG_DEFINE(C_DecryptFinal),
+#define FUNC_C_DIGESTINIT 37
+    NSSDBG_DEFINE(C_DigestInit),
+#define FUNC_C_DIGEST 38
+    NSSDBG_DEFINE(C_Digest),
+#define FUNC_C_DIGESTUPDATE 39
+    NSSDBG_DEFINE(C_DigestUpdate),
+#define FUNC_C_DIGESTKEY 40
+    NSSDBG_DEFINE(C_DigestKey),
+#define FUNC_C_DIGESTFINAL 41
+    NSSDBG_DEFINE(C_DigestFinal),
+#define FUNC_C_SIGNINIT 42
+    NSSDBG_DEFINE(C_SignInit),
+#define FUNC_C_SIGN 43
+    NSSDBG_DEFINE(C_Sign),
+#define FUNC_C_SIGNUPDATE 44
+    NSSDBG_DEFINE(C_SignUpdate),
+#define FUNC_C_SIGNFINAL 45
+    NSSDBG_DEFINE(C_SignFinal),
+#define FUNC_C_SIGNRECOVERINIT 46
+    NSSDBG_DEFINE(C_SignRecoverInit),
+#define FUNC_C_SIGNRECOVER 47
+    NSSDBG_DEFINE(C_SignRecover),
+#define FUNC_C_VERIFYINIT 48
+    NSSDBG_DEFINE(C_VerifyInit),
+#define FUNC_C_VERIFY 49
+    NSSDBG_DEFINE(C_Verify),
+#define FUNC_C_VERIFYUPDATE 50
+    NSSDBG_DEFINE(C_VerifyUpdate),
+#define FUNC_C_VERIFYFINAL 51
+    NSSDBG_DEFINE(C_VerifyFinal),
+#define FUNC_C_VERIFYRECOVERINIT 52
+    NSSDBG_DEFINE(C_VerifyRecoverInit),
+#define FUNC_C_VERIFYRECOVER 53
+    NSSDBG_DEFINE(C_VerifyRecover),
+#define FUNC_C_DIGESTENCRYPTUPDATE 54
+    NSSDBG_DEFINE(C_DigestEncryptUpdate),
+#define FUNC_C_DECRYPTDIGESTUPDATE 55
+    NSSDBG_DEFINE(C_DecryptDigestUpdate),
+#define FUNC_C_SIGNENCRYPTUPDATE 56
+    NSSDBG_DEFINE(C_SignEncryptUpdate),
+#define FUNC_C_DECRYPTVERIFYUPDATE 57
+    NSSDBG_DEFINE(C_DecryptVerifyUpdate),
+#define FUNC_C_GENERATEKEY 58
+    NSSDBG_DEFINE(C_GenerateKey),
+#define FUNC_C_GENERATEKEYPAIR 59
+    NSSDBG_DEFINE(C_GenerateKeyPair),
+#define FUNC_C_WRAPKEY 60
+    NSSDBG_DEFINE(C_WrapKey),
+#define FUNC_C_UNWRAPKEY 61
+    NSSDBG_DEFINE(C_UnWrapKey),
+#define FUNC_C_DERIVEKEY 62
+    NSSDBG_DEFINE(C_DeriveKey),
+#define FUNC_C_SEEDRANDOM 63
+    NSSDBG_DEFINE(C_SeedRandom),
+#define FUNC_C_GENERATERANDOM 64
+    NSSDBG_DEFINE(C_GenerateRandom),
+#define FUNC_C_GETFUNCTIONSTATUS 65
+    NSSDBG_DEFINE(C_GetFunctionStatus),
+#define FUNC_C_CANCELFUNCTION 66
+    NSSDBG_DEFINE(C_CancelFunction),
+#define FUNC_C_WAITFORSLOTEVENT 67
+    NSSDBG_DEFINE(C_WaitForSlotEvent)
+};
+
+int nssdbg_prof_size = sizeof(nssdbg_prof_data) / sizeof(nssdbg_prof_data[0]);
+
+static void
+nssdbg_finish_time(PRInt32 fun_number, PRIntervalTime start)
+{
+    PRIntervalTime ival;
+    PRIntervalTime end = PR_IntervalNow();
+
+    ival = end - start;
+    /* sigh, lie to PRAtomic add and say we are using signed values */
+    PR_ATOMIC_ADD((PRInt32 *)&nssdbg_prof_data[fun_number].time, (PRInt32)ival);
+}
+
+static void
+nssdbg_start_time(PRInt32 fun_number, PRIntervalTime *start)
+{
+    PR_ATOMIC_INCREMENT((PRInt32 *)&nssdbg_prof_data[fun_number].calls);
+    *start = PR_IntervalNow();
+}
+
+#define COMMON_DEFINITIONS \
+    CK_RV rv;              \
+    PRIntervalTime start
+
+CK_RV
+NSSDBGC_Initialize(
+    CK_VOID_PTR pInitArgs)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Initialize"));
+    PR_LOG(modlog, 3, ("  pInitArgs = 0x%p", pInitArgs));
+    nssdbg_start_time(FUNC_C_INITIALIZE, &start);
+    rv = module_functions->C_Initialize(pInitArgs);
+    nssdbg_finish_time(FUNC_C_INITIALIZE, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Finalize(
+    CK_VOID_PTR pReserved)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Finalize"));
+    PR_LOG(modlog, 3, ("  pReserved = 0x%p", pReserved));
+    nssdbg_start_time(FUNC_C_FINALIZE, &start);
+    rv = module_functions->C_Finalize(pReserved);
+    nssdbg_finish_time(FUNC_C_FINALIZE, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetInfo(
+    CK_INFO_PTR pInfo)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetInfo"));
+    PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
+    nssdbg_start_time(FUNC_C_GETINFO, &start);
+    rv = module_functions->C_GetInfo(pInfo);
+    nssdbg_finish_time(FUNC_C_GETINFO, start);
+    if (rv == CKR_OK) {
+        PR_LOG(modlog, 4, ("  cryptoki version: %d.%d",
+                           pInfo->cryptokiVersion.major,
+                           pInfo->cryptokiVersion.minor));
+        PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
+        PR_LOG(modlog, 4, ("  library description = \"%.32s\"",
+                           pInfo->libraryDescription));
+        PR_LOG(modlog, 4, ("  library version: %d.%d",
+                           pInfo->libraryVersion.major,
+                           pInfo->libraryVersion.minor));
+    }
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetFunctionList(
+    CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetFunctionList"));
+    PR_LOG(modlog, 3, ("  ppFunctionList = 0x%p", ppFunctionList));
+    nssdbg_start_time(FUNC_C_GETFUNCITONLIST, &start);
+    rv = module_functions->C_GetFunctionList(ppFunctionList);
+    nssdbg_finish_time(FUNC_C_GETFUNCITONLIST, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetSlotList(
+    CK_BBOOL tokenPresent,
+    CK_SLOT_ID_PTR pSlotList,
+    CK_ULONG_PTR pulCount)
+{
+    COMMON_DEFINITIONS;
+
+    CK_ULONG i;
+    PR_LOG(modlog, 1, ("C_GetSlotList"));
+    PR_LOG(modlog, 3, ("  tokenPresent = 0x%x", tokenPresent));
+    PR_LOG(modlog, 3, ("  pSlotList = 0x%p", pSlotList));
+    PR_LOG(modlog, 3, (fmt_pulCount, pulCount));
+    nssdbg_start_time(FUNC_C_GETSLOTLIST, &start);
+    rv = module_functions->C_GetSlotList(tokenPresent, pSlotList, pulCount);
+    nssdbg_finish_time(FUNC_C_GETSLOTLIST, start);
+    PR_LOG(modlog, 4, (fmt_spulCount, *pulCount));
+    if (pSlotList) {
+        for (i = 0; i < *pulCount; i++) {
+            PR_LOG(modlog, 4, ("  slotID[%d] = %x", i, pSlotList[i]));
+        }
+    }
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetSlotInfo(
+    CK_SLOT_ID slotID,
+    CK_SLOT_INFO_PTR pInfo)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetSlotInfo"));
+    PR_LOG(modlog, 3, (fmt_slotID, slotID));
+    PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
+    nssdbg_start_time(FUNC_C_GETSLOTINFO, &start);
+    rv = module_functions->C_GetSlotInfo(slotID, pInfo);
+    nssdbg_finish_time(FUNC_C_GETSLOTINFO, start);
+    if (rv == CKR_OK) {
+        PR_LOG(modlog, 4, ("  slotDescription = \"%.64s\"",
+                           pInfo->slotDescription));
+        PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
+        PR_LOG(modlog, 4, ("  flags = %s %s %s",
+                           pInfo->flags & CKF_HW_SLOT ? "CKF_HW_SLOT" : "",
+                           pInfo->flags & CKF_REMOVABLE_DEVICE ? "CKF_REMOVABLE_DEVICE" : "",
+                           pInfo->flags & CKF_TOKEN_PRESENT ? "CKF_TOKEN_PRESENT" : ""));
+        PR_LOG(modlog, 4, (fmt_hwVersion,
+                           pInfo->hardwareVersion.major,
+                           pInfo->hardwareVersion.minor));
+        PR_LOG(modlog, 4, (fmt_fwVersion,
+                           pInfo->firmwareVersion.major,
+                           pInfo->firmwareVersion.minor));
+    }
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetTokenInfo(
+    CK_SLOT_ID slotID,
+    CK_TOKEN_INFO_PTR pInfo)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetTokenInfo"));
+    PR_LOG(modlog, 3, (fmt_slotID, slotID));
+    PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
+    nssdbg_start_time(FUNC_C_GETTOKENINFO, &start);
+    rv = module_functions->C_GetTokenInfo(slotID, pInfo);
+    nssdbg_finish_time(FUNC_C_GETTOKENINFO, start);
+    if (rv == CKR_OK) {
+        PR_LOG(modlog, 4, ("  label = \"%.32s\"", pInfo->label));
+        PR_LOG(modlog, 4, (fmt_manufacturerID, pInfo->manufacturerID));
+        PR_LOG(modlog, 4, ("  model = \"%.16s\"", pInfo->model));
+        PR_LOG(modlog, 4, ("  serial = \"%.16s\"", pInfo->serialNumber));
+        PR_LOG(modlog, 4, ("  flags = %s %s %s %s",
+                           pInfo->flags & CKF_RNG ? "CKF_RNG" : "",
+                           pInfo->flags & CKF_WRITE_PROTECTED ? "CKF_WRITE_PROTECTED" : "",
+                           pInfo->flags & CKF_LOGIN_REQUIRED ? "CKF_LOGIN_REQUIRED" : "",
+                           pInfo->flags & CKF_USER_PIN_INITIALIZED ? "CKF_USER_PIN_INIT" : ""));
+        PR_LOG(modlog, 4, ("  maxSessions = %u, Sessions = %u",
+                           pInfo->ulMaxSessionCount, pInfo->ulSessionCount));
+        PR_LOG(modlog, 4, ("  maxRwSessions = %u, RwSessions = %u",
+                           pInfo->ulMaxRwSessionCount,
+                           pInfo->ulRwSessionCount));
+        /* ignore Max & Min Pin Len, Public and Private Memory */
+        PR_LOG(modlog, 4, (fmt_hwVersion,
+                           pInfo->hardwareVersion.major,
+                           pInfo->hardwareVersion.minor));
+        PR_LOG(modlog, 4, (fmt_fwVersion,
+                           pInfo->firmwareVersion.major,
+                           pInfo->firmwareVersion.minor));
+    }
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetMechanismList(
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE_PTR pMechanismList,
+    CK_ULONG_PTR pulCount)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetMechanismList"));
+    PR_LOG(modlog, 3, (fmt_slotID, slotID));
+    PR_LOG(modlog, 3, ("  pMechanismList = 0x%p", pMechanismList));
+    PR_LOG(modlog, 3, (fmt_pulCount, pulCount));
+    nssdbg_start_time(FUNC_C_GETMECHANISMLIST, &start);
+    rv = module_functions->C_GetMechanismList(slotID,
+                                              pMechanismList,
+                                              pulCount);
+    nssdbg_finish_time(FUNC_C_GETMECHANISMLIST, start);
+    PR_LOG(modlog, 4, (fmt_spulCount, *pulCount));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetMechanismInfo(
+    CK_SLOT_ID slotID,
+    CK_MECHANISM_TYPE type,
+    CK_MECHANISM_INFO_PTR pInfo)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetMechanismInfo"));
+    PR_LOG(modlog, 3, (fmt_slotID, slotID));
+    PR_LOG(modlog, 3, ("  type = 0x%x", type));
+    PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
+    nssdbg_start_time(FUNC_C_GETMECHANISMINFO, &start);
+    rv = module_functions->C_GetMechanismInfo(slotID,
+                                              type,
+                                              pInfo);
+    nssdbg_finish_time(FUNC_C_GETMECHANISMINFO, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_InitToken(
+    CK_SLOT_ID slotID,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen,
+    CK_CHAR_PTR pLabel)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_InitToken"));
+    PR_LOG(modlog, 3, (fmt_slotID, slotID));
+    PR_LOG(modlog, 3, (fmt_pPin, pPin));
+    PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen));
+    PR_LOG(modlog, 3, ("  pLabel = 0x%p", pLabel));
+    nssdbg_start_time(FUNC_C_INITTOKEN, &start);
+    rv = module_functions->C_InitToken(slotID,
+                                       pPin,
+                                       ulPinLen,
+                                       pLabel);
+    nssdbg_finish_time(FUNC_C_INITTOKEN, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_InitPIN(
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_InitPIN"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pPin, pPin));
+    PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen));
+    nssdbg_start_time(FUNC_C_INITPIN, &start);
+    rv = module_functions->C_InitPIN(hSession,
+                                     pPin,
+                                     ulPinLen);
+    nssdbg_finish_time(FUNC_C_INITPIN, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SetPIN(
+    CK_SESSION_HANDLE hSession,
+    CK_CHAR_PTR pOldPin,
+    CK_ULONG ulOldLen,
+    CK_CHAR_PTR pNewPin,
+    CK_ULONG ulNewLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SetPIN"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, ("  pOldPin = 0x%p", pOldPin));
+    PR_LOG(modlog, 3, ("  ulOldLen = %d", ulOldLen));
+    PR_LOG(modlog, 3, ("  pNewPin = 0x%p", pNewPin));
+    PR_LOG(modlog, 3, ("  ulNewLen = %d", ulNewLen));
+    nssdbg_start_time(FUNC_C_SETPIN, &start);
+    rv = module_functions->C_SetPIN(hSession,
+                                    pOldPin,
+                                    ulOldLen,
+                                    pNewPin,
+                                    ulNewLen);
+    nssdbg_finish_time(FUNC_C_SETPIN, start);
+    log_rv(rv);
+    return rv;
+}
+
+static PRUint32 numOpenSessions = 0;
+static PRUint32 maxOpenSessions = 0;
+
+CK_RV
+NSSDBGC_OpenSession(
+    CK_SLOT_ID slotID,
+    CK_FLAGS flags,
+    CK_VOID_PTR pApplication,
+    CK_NOTIFY Notify,
+    CK_SESSION_HANDLE_PTR phSession)
+{
+    COMMON_DEFINITIONS;
+
+    PR_ATOMIC_INCREMENT((PRInt32 *)&numOpenSessions);
+    maxOpenSessions = PR_MAX(numOpenSessions, maxOpenSessions);
+    PR_LOG(modlog, 1, ("C_OpenSession"));
+    PR_LOG(modlog, 3, (fmt_slotID, slotID));
+    PR_LOG(modlog, 3, (fmt_flags, flags));
+    PR_LOG(modlog, 3, ("  pApplication = 0x%p", pApplication));
+    PR_LOG(modlog, 3, ("  Notify = 0x%x", Notify));
+    PR_LOG(modlog, 3, ("  phSession = 0x%p", phSession));
+    nssdbg_start_time(FUNC_C_OPENSESSION, &start);
+    rv = module_functions->C_OpenSession(slotID,
+                                         flags,
+                                         pApplication,
+                                         Notify,
+                                         phSession);
+    nssdbg_finish_time(FUNC_C_OPENSESSION, start);
+    log_handle(4, "  *phSession = 0x%x", *phSession);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_CloseSession(
+    CK_SESSION_HANDLE hSession)
+{
+    COMMON_DEFINITIONS;
+
+    PR_ATOMIC_DECREMENT((PRInt32 *)&numOpenSessions);
+    PR_LOG(modlog, 1, ("C_CloseSession"));
+    log_handle(3, fmt_hSession, hSession);
+    nssdbg_start_time(FUNC_C_CLOSESESSION, &start);
+    rv = module_functions->C_CloseSession(hSession);
+    nssdbg_finish_time(FUNC_C_CLOSESESSION, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_CloseAllSessions(
+    CK_SLOT_ID slotID)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_CloseAllSessions"));
+    PR_LOG(modlog, 3, (fmt_slotID, slotID));
+    nssdbg_start_time(FUNC_C_CLOSEALLSESSIONS, &start);
+    rv = module_functions->C_CloseAllSessions(slotID);
+    nssdbg_finish_time(FUNC_C_CLOSEALLSESSIONS, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetSessionInfo(
+    CK_SESSION_HANDLE hSession,
+    CK_SESSION_INFO_PTR pInfo)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetSessionInfo"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pInfo, pInfo));
+    nssdbg_start_time(FUNC_C_GETSESSIONINFO, &start);
+    rv = module_functions->C_GetSessionInfo(hSession,
+                                            pInfo);
+    nssdbg_finish_time(FUNC_C_GETSESSIONINFO, start);
+    if (rv == CKR_OK) {
+        PR_LOG(modlog, 4, (fmt_slotID, pInfo->slotID));
+        log_state(pInfo->state);
+        PR_LOG(modlog, 4, ("  flags = %s %s",
+                           pInfo->flags & CKF_RW_SESSION ? "CKF_RW_SESSION" : "",
+                           pInfo->flags & CKF_SERIAL_SESSION ? "CKF_SERIAL_SESSION" : ""));
+        PR_LOG(modlog, 4, ("  deviceError = 0x%x", pInfo->ulDeviceError));
+    }
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetOperationState(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG_PTR pulOperationStateLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetOperationState"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pOperationState, pOperationState));
+    PR_LOG(modlog, 3, ("  pulOperationStateLen = 0x%p", pulOperationStateLen));
+    nssdbg_start_time(FUNC_C_GETOPERATIONSTATE, &start);
+    rv = module_functions->C_GetOperationState(hSession,
+                                               pOperationState,
+                                               pulOperationStateLen);
+    nssdbg_finish_time(FUNC_C_GETOPERATIONSTATE, start);
+    PR_LOG(modlog, 4, ("  *pulOperationStateLen = 0x%x", *pulOperationStateLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SetOperationState(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pOperationState,
+    CK_ULONG ulOperationStateLen,
+    CK_OBJECT_HANDLE hEncryptionKey,
+    CK_OBJECT_HANDLE hAuthenticationKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SetOperationState"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pOperationState, pOperationState));
+    PR_LOG(modlog, 3, ("  ulOperationStateLen = %d", ulOperationStateLen));
+    log_handle(3, "  hEncryptionKey = 0x%x", hEncryptionKey);
+    log_handle(3, "  hAuthenticationKey = 0x%x", hAuthenticationKey);
+    nssdbg_start_time(FUNC_C_SETOPERATIONSTATE, &start);
+    rv = module_functions->C_SetOperationState(hSession,
+                                               pOperationState,
+                                               ulOperationStateLen,
+                                               hEncryptionKey,
+                                               hAuthenticationKey);
+    nssdbg_finish_time(FUNC_C_SETOPERATIONSTATE, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Login(
+    CK_SESSION_HANDLE hSession,
+    CK_USER_TYPE userType,
+    CK_CHAR_PTR pPin,
+    CK_ULONG ulPinLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Login"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, ("  userType = 0x%x", userType));
+    PR_LOG(modlog, 3, (fmt_pPin, pPin));
+    PR_LOG(modlog, 3, (fmt_ulPinLen, ulPinLen));
+    nssdbg_start_time(FUNC_C_LOGIN, &start);
+    rv = module_functions->C_Login(hSession,
+                                   userType,
+                                   pPin,
+                                   ulPinLen);
+    nssdbg_finish_time(FUNC_C_LOGIN, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Logout(
+    CK_SESSION_HANDLE hSession)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Logout"));
+    log_handle(3, fmt_hSession, hSession);
+    nssdbg_start_time(FUNC_C_LOGOUT, &start);
+    rv = module_functions->C_Logout(hSession);
+    nssdbg_finish_time(FUNC_C_LOGOUT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_CreateObject(
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phObject)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_CreateObject"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
+    PR_LOG(modlog, 3, (fmt_phObject, phObject));
+    print_template(pTemplate, ulCount);
+    nssdbg_start_time(FUNC_C_CREATEOBJECT, &start);
+    rv = module_functions->C_CreateObject(hSession,
+                                          pTemplate,
+                                          ulCount,
+                                          phObject);
+    nssdbg_finish_time(FUNC_C_CREATEOBJECT, start);
+    log_handle(4, "  *phObject = 0x%x", *phObject);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_CopyObject(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phNewObject)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_CopyObject"));
+    log_handle(3, fmt_hSession, hSession);
+    log_handle(3, fmt_hObject, hObject);
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
+    PR_LOG(modlog, 3, ("  phNewObject = 0x%p", phNewObject));
+    print_template(pTemplate, ulCount);
+    nssdbg_start_time(FUNC_C_COPYOBJECT, &start);
+    rv = module_functions->C_CopyObject(hSession,
+                                        hObject,
+                                        pTemplate,
+                                        ulCount,
+                                        phNewObject);
+    nssdbg_finish_time(FUNC_C_COPYOBJECT, start);
+    log_handle(4, "  *phNewObject = 0x%x", *phNewObject);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DestroyObject(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DestroyObject"));
+    log_handle(3, fmt_hSession, hSession);
+    log_handle(3, fmt_hObject, hObject);
+    nssdbg_start_time(FUNC_C_DESTROYOBJECT, &start);
+    rv = module_functions->C_DestroyObject(hSession,
+                                           hObject);
+    nssdbg_finish_time(FUNC_C_DESTROYOBJECT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetObjectSize(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ULONG_PTR pulSize)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetObjectSize"));
+    log_handle(3, fmt_hSession, hSession);
+    log_handle(3, fmt_hObject, hObject);
+    PR_LOG(modlog, 3, ("  pulSize = 0x%p", pulSize));
+    nssdbg_start_time(FUNC_C_GETOBJECTSIZE, &start);
+    rv = module_functions->C_GetObjectSize(hSession,
+                                           hObject,
+                                           pulSize);
+    nssdbg_finish_time(FUNC_C_GETOBJECTSIZE, start);
+    PR_LOG(modlog, 4, ("  *pulSize = 0x%x", *pulSize));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetAttributeValue(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetAttributeValue"));
+    log_handle(3, fmt_hSession, hSession);
+    log_handle(3, fmt_hObject, hObject);
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
+    nssdbg_start_time(FUNC_C_GETATTRIBUTEVALUE, &start);
+    rv = module_functions->C_GetAttributeValue(hSession,
+                                               hObject,
+                                               pTemplate,
+                                               ulCount);
+    nssdbg_finish_time(FUNC_C_GETATTRIBUTEVALUE, start);
+    print_template(pTemplate, ulCount);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SetAttributeValue(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hObject,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SetAttributeValue"));
+    log_handle(3, fmt_hSession, hSession);
+    log_handle(3, fmt_hObject, hObject);
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
+    print_template(pTemplate, ulCount);
+    nssdbg_start_time(FUNC_C_SETATTRIBUTEVALUE, &start);
+    rv = module_functions->C_SetAttributeValue(hSession,
+                                               hObject,
+                                               pTemplate,
+                                               ulCount);
+    nssdbg_finish_time(FUNC_C_SETATTRIBUTEVALUE, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_FindObjectsInit(
+    CK_SESSION_HANDLE hSession,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_FindObjectsInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
+    print_template(pTemplate, ulCount);
+    nssdbg_start_time(FUNC_C_FINDOBJECTSINIT, &start);
+    rv = module_functions->C_FindObjectsInit(hSession,
+                                             pTemplate,
+                                             ulCount);
+    nssdbg_finish_time(FUNC_C_FINDOBJECTSINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_FindObjects(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE_PTR phObject,
+    CK_ULONG ulMaxObjectCount,
+    CK_ULONG_PTR pulObjectCount)
+{
+    COMMON_DEFINITIONS;
+    CK_ULONG i;
+
+    PR_LOG(modlog, 1, ("C_FindObjects"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_phObject, phObject));
+    PR_LOG(modlog, 3, ("  ulMaxObjectCount = %d", ulMaxObjectCount));
+    PR_LOG(modlog, 3, ("  pulObjectCount = 0x%p", pulObjectCount));
+    nssdbg_start_time(FUNC_C_FINDOBJECTS, &start);
+    rv = module_functions->C_FindObjects(hSession,
+                                         phObject,
+                                         ulMaxObjectCount,
+                                         pulObjectCount);
+    nssdbg_finish_time(FUNC_C_FINDOBJECTS, start);
+    PR_LOG(modlog, 4, ("  *pulObjectCount = 0x%x", *pulObjectCount));
+    for (i = 0; i < *pulObjectCount; i++) {
+        PR_LOG(modlog, 4, ("  phObject[%d] = 0x%x%s", i, phObject[i],
+                           phObject[i] ? "" : fmt_invalid_handle));
+    }
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_FindObjectsFinal(
+    CK_SESSION_HANDLE hSession)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_FindObjectsFinal"));
+    log_handle(3, fmt_hSession, hSession);
+    nssdbg_start_time(FUNC_C_FINDOBJECTSFINAL, &start);
+    rv = module_functions->C_FindObjectsFinal(hSession);
+    nssdbg_finish_time(FUNC_C_FINDOBJECTSFINAL, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_EncryptInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_EncryptInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, fmt_hKey, hKey);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_ENCRYPTINIT, &start);
+    rv = module_functions->C_EncryptInit(hSession,
+                                         pMechanism,
+                                         hKey);
+    nssdbg_finish_time(FUNC_C_ENCRYPTINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Encrypt(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG_PTR pulEncryptedDataLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Encrypt"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pData, pData));
+    PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
+    PR_LOG(modlog, 3, (fmt_pEncryptedData, pEncryptedData));
+    PR_LOG(modlog, 3, ("  pulEncryptedDataLen = 0x%p", pulEncryptedDataLen));
+    nssdbg_start_time(FUNC_C_ENCRYPT, &start);
+    rv = module_functions->C_Encrypt(hSession,
+                                     pData,
+                                     ulDataLen,
+                                     pEncryptedData,
+                                     pulEncryptedDataLen);
+    nssdbg_finish_time(FUNC_C_ENCRYPT, start);
+    PR_LOG(modlog, 4, ("  *pulEncryptedDataLen = 0x%x", *pulEncryptedDataLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_EncryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_EncryptUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
+    PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
+    PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen));
+    nssdbg_start_time(FUNC_C_ENCRYPTUPDATE, &start);
+    rv = module_functions->C_EncryptUpdate(hSession,
+                                           pPart,
+                                           ulPartLen,
+                                           pEncryptedPart,
+                                           pulEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_ENCRYPTUPDATE, start);
+    PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_EncryptFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastEncryptedPart,
+    CK_ULONG_PTR pulLastEncryptedPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_EncryptFinal"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, ("  pLastEncryptedPart = 0x%p", pLastEncryptedPart));
+    PR_LOG(modlog, 3, ("  pulLastEncryptedPartLen = 0x%p", pulLastEncryptedPartLen));
+    nssdbg_start_time(FUNC_C_ENCRYPTFINAL, &start);
+    rv = module_functions->C_EncryptFinal(hSession,
+                                          pLastEncryptedPart,
+                                          pulLastEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_ENCRYPTFINAL, start);
+    PR_LOG(modlog, 4, ("  *pulLastEncryptedPartLen = 0x%x", *pulLastEncryptedPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DecryptInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DecryptInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, fmt_hKey, hKey);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_DECRYPTINIT, &start);
+    rv = module_functions->C_DecryptInit(hSession,
+                                         pMechanism,
+                                         hKey);
+    nssdbg_finish_time(FUNC_C_DECRYPTINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Decrypt(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedData,
+    CK_ULONG ulEncryptedDataLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Decrypt"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pEncryptedData, pEncryptedData));
+    PR_LOG(modlog, 3, ("  ulEncryptedDataLen = %d", ulEncryptedDataLen));
+    PR_LOG(modlog, 3, (fmt_pData, pData));
+    PR_LOG(modlog, 3, (fmt_pulDataLen, pulDataLen));
+    nssdbg_start_time(FUNC_C_DECRYPT, &start);
+    rv = module_functions->C_Decrypt(hSession,
+                                     pEncryptedData,
+                                     ulEncryptedDataLen,
+                                     pData,
+                                     pulDataLen);
+    nssdbg_finish_time(FUNC_C_DECRYPT, start);
+    PR_LOG(modlog, 4, (fmt_spulDataLen, *pulDataLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DecryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DecryptUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
+    PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen));
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen));
+    nssdbg_start_time(FUNC_C_DECRYPTUPDATE, &start);
+    rv = module_functions->C_DecryptUpdate(hSession,
+                                           pEncryptedPart,
+                                           ulEncryptedPartLen,
+                                           pPart,
+                                           pulPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTUPDATE, start);
+    PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DecryptFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pLastPart,
+    CK_ULONG_PTR pulLastPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DecryptFinal"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, ("  pLastPart = 0x%p", pLastPart));
+    PR_LOG(modlog, 3, ("  pulLastPartLen = 0x%p", pulLastPartLen));
+    nssdbg_start_time(FUNC_C_DECRYPTFINAL, &start);
+    rv = module_functions->C_DecryptFinal(hSession,
+                                          pLastPart,
+                                          pulLastPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTFINAL, start);
+    PR_LOG(modlog, 4, ("  *pulLastPartLen = 0x%x", *pulLastPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DigestInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DigestInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_DIGESTINIT, &start);
+    rv = module_functions->C_DigestInit(hSession,
+                                        pMechanism);
+    nssdbg_finish_time(FUNC_C_DIGESTINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Digest(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Digest"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pData, pData));
+    PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
+    PR_LOG(modlog, 3, (fmt_pDigest, pDigest));
+    PR_LOG(modlog, 3, (fmt_pulDigestLen, pulDigestLen));
+    nssdbg_start_time(FUNC_C_DIGEST, &start);
+    rv = module_functions->C_Digest(hSession,
+                                    pData,
+                                    ulDataLen,
+                                    pDigest,
+                                    pulDigestLen);
+    nssdbg_finish_time(FUNC_C_DIGEST, start);
+    PR_LOG(modlog, 4, (fmt_spulDigestLen, *pulDigestLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DigestUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DigestUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
+    nssdbg_start_time(FUNC_C_DIGESTUPDATE, &start);
+    rv = module_functions->C_DigestUpdate(hSession,
+                                          pPart,
+                                          ulPartLen);
+    nssdbg_finish_time(FUNC_C_DIGESTUPDATE, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DigestKey(
+    CK_SESSION_HANDLE hSession,
+    CK_OBJECT_HANDLE hKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DigestKey"));
+    log_handle(3, fmt_hSession, hSession);
+    nssdbg_start_time(FUNC_C_DIGESTKEY, &start);
+    rv = module_functions->C_DigestKey(hSession,
+                                       hKey);
+    nssdbg_finish_time(FUNC_C_DIGESTKEY, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DigestFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pDigest,
+    CK_ULONG_PTR pulDigestLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DigestFinal"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pDigest, pDigest));
+    PR_LOG(modlog, 3, (fmt_pulDigestLen, pulDigestLen));
+    nssdbg_start_time(FUNC_C_DIGESTFINAL, &start);
+    rv = module_functions->C_DigestFinal(hSession,
+                                         pDigest,
+                                         pulDigestLen);
+    nssdbg_finish_time(FUNC_C_DIGESTFINAL, start);
+    PR_LOG(modlog, 4, (fmt_spulDigestLen, *pulDigestLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SignInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SignInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, fmt_hKey, hKey);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_SIGNINIT, &start);
+    rv = module_functions->C_SignInit(hSession,
+                                      pMechanism,
+                                      hKey);
+    nssdbg_finish_time(FUNC_C_SIGNINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Sign(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Sign"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pData, pData));
+    PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
+    PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
+    PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen));
+    nssdbg_start_time(FUNC_C_SIGN, &start);
+    rv = module_functions->C_Sign(hSession,
+                                  pData,
+                                  ulDataLen,
+                                  pSignature,
+                                  pulSignatureLen);
+    nssdbg_finish_time(FUNC_C_SIGN, start);
+    PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SignUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SignUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
+    nssdbg_start_time(FUNC_C_SIGNUPDATE, &start);
+    rv = module_functions->C_SignUpdate(hSession,
+                                        pPart,
+                                        ulPartLen);
+    nssdbg_finish_time(FUNC_C_SIGNUPDATE, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SignFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SignFinal"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
+    PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen));
+    nssdbg_start_time(FUNC_C_SIGNFINAL, &start);
+    rv = module_functions->C_SignFinal(hSession,
+                                       pSignature,
+                                       pulSignatureLen);
+    nssdbg_finish_time(FUNC_C_SIGNFINAL, start);
+    PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SignRecoverInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SignRecoverInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, fmt_hKey, hKey);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_SIGNRECOVERINIT, &start);
+    rv = module_functions->C_SignRecoverInit(hSession,
+                                             pMechanism,
+                                             hKey);
+    nssdbg_finish_time(FUNC_C_SIGNRECOVERINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SignRecover(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG_PTR pulSignatureLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SignRecover"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pData, pData));
+    PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
+    PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
+    PR_LOG(modlog, 3, (fmt_pulSignatureLen, pulSignatureLen));
+    nssdbg_start_time(FUNC_C_SIGNRECOVER, &start);
+    rv = module_functions->C_SignRecover(hSession,
+                                         pData,
+                                         ulDataLen,
+                                         pSignature,
+                                         pulSignatureLen);
+    nssdbg_finish_time(FUNC_C_SIGNRECOVER, start);
+    PR_LOG(modlog, 4, (fmt_spulSignatureLen, *pulSignatureLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_VerifyInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_VerifyInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, fmt_hKey, hKey);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_VERIFYINIT, &start);
+    rv = module_functions->C_VerifyInit(hSession,
+                                        pMechanism,
+                                        hKey);
+    nssdbg_finish_time(FUNC_C_VERIFYINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_Verify(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pData,
+    CK_ULONG ulDataLen,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_Verify"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pData, pData));
+    PR_LOG(modlog, 3, (fmt_ulDataLen, ulDataLen));
+    PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
+    PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen));
+    nssdbg_start_time(FUNC_C_VERIFY, &start);
+    rv = module_functions->C_Verify(hSession,
+                                    pData,
+                                    ulDataLen,
+                                    pSignature,
+                                    ulSignatureLen);
+    nssdbg_finish_time(FUNC_C_VERIFY, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_VerifyUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_VerifyUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
+    nssdbg_start_time(FUNC_C_VERIFYUPDATE, &start);
+    rv = module_functions->C_VerifyUpdate(hSession,
+                                          pPart,
+                                          ulPartLen);
+    nssdbg_finish_time(FUNC_C_VERIFYUPDATE, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_VerifyFinal(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_VerifyFinal"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
+    PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen));
+    nssdbg_start_time(FUNC_C_VERIFYFINAL, &start);
+    rv = module_functions->C_VerifyFinal(hSession,
+                                         pSignature,
+                                         ulSignatureLen);
+    nssdbg_finish_time(FUNC_C_VERIFYFINAL, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_VerifyRecoverInit(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_VerifyRecoverInit"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, fmt_hKey, hKey);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_VERIFYRECOVERINIT, &start);
+    rv = module_functions->C_VerifyRecoverInit(hSession,
+                                               pMechanism,
+                                               hKey);
+    nssdbg_finish_time(FUNC_C_VERIFYRECOVERINIT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_VerifyRecover(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSignature,
+    CK_ULONG ulSignatureLen,
+    CK_BYTE_PTR pData,
+    CK_ULONG_PTR pulDataLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_VerifyRecover"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pSignature, pSignature));
+    PR_LOG(modlog, 3, (fmt_ulSignatureLen, ulSignatureLen));
+    PR_LOG(modlog, 3, (fmt_pData, pData));
+    PR_LOG(modlog, 3, (fmt_pulDataLen, pulDataLen));
+    nssdbg_start_time(FUNC_C_VERIFYRECOVER, &start);
+    rv = module_functions->C_VerifyRecover(hSession,
+                                           pSignature,
+                                           ulSignatureLen,
+                                           pData,
+                                           pulDataLen);
+    nssdbg_finish_time(FUNC_C_VERIFYRECOVER, start);
+    PR_LOG(modlog, 4, (fmt_spulDataLen, *pulDataLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DigestEncryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DigestEncryptUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
+    PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
+    PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen));
+    nssdbg_start_time(FUNC_C_DIGESTENCRYPTUPDATE, &start);
+    rv = module_functions->C_DigestEncryptUpdate(hSession,
+                                                 pPart,
+                                                 ulPartLen,
+                                                 pEncryptedPart,
+                                                 pulEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_DIGESTENCRYPTUPDATE, start);
+    PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DecryptDigestUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DecryptDigestUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
+    PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen));
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen));
+    nssdbg_start_time(FUNC_C_DECRYPTDIGESTUPDATE, &start);
+    rv = module_functions->C_DecryptDigestUpdate(hSession,
+                                                 pEncryptedPart,
+                                                 ulEncryptedPartLen,
+                                                 pPart,
+                                                 pulPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTDIGESTUPDATE, start);
+    PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SignEncryptUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pPart,
+    CK_ULONG ulPartLen,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG_PTR pulEncryptedPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SignEncryptUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_ulPartLen, ulPartLen));
+    PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
+    PR_LOG(modlog, 3, (fmt_pulEncryptedPartLen, pulEncryptedPartLen));
+    nssdbg_start_time(FUNC_C_SIGNENCRYPTUPDATE, &start);
+    rv = module_functions->C_SignEncryptUpdate(hSession,
+                                               pPart,
+                                               ulPartLen,
+                                               pEncryptedPart,
+                                               pulEncryptedPartLen);
+    nssdbg_finish_time(FUNC_C_SIGNENCRYPTUPDATE, start);
+    PR_LOG(modlog, 4, (fmt_spulEncryptedPartLen, *pulEncryptedPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DecryptVerifyUpdate(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pEncryptedPart,
+    CK_ULONG ulEncryptedPartLen,
+    CK_BYTE_PTR pPart,
+    CK_ULONG_PTR pulPartLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DecryptVerifyUpdate"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pEncryptedPart, pEncryptedPart));
+    PR_LOG(modlog, 3, (fmt_ulEncryptedPartLen, ulEncryptedPartLen));
+    PR_LOG(modlog, 3, (fmt_pPart, pPart));
+    PR_LOG(modlog, 3, (fmt_pulPartLen, pulPartLen));
+    nssdbg_start_time(FUNC_C_DECRYPTVERIFYUPDATE, &start);
+    rv = module_functions->C_DecryptVerifyUpdate(hSession,
+                                                 pEncryptedPart,
+                                                 ulEncryptedPartLen,
+                                                 pPart,
+                                                 pulPartLen);
+    nssdbg_finish_time(FUNC_C_DECRYPTVERIFYUPDATE, start);
+    PR_LOG(modlog, 4, (fmt_spulPartLen, *pulPartLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GenerateKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulCount,
+    CK_OBJECT_HANDLE_PTR phKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GenerateKey"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulCount, ulCount));
+    PR_LOG(modlog, 3, (fmt_phKey, phKey));
+    print_template(pTemplate, ulCount);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_GENERATEKEY, &start);
+    rv = module_functions->C_GenerateKey(hSession,
+                                         pMechanism,
+                                         pTemplate,
+                                         ulCount,
+                                         phKey);
+    nssdbg_finish_time(FUNC_C_GENERATEKEY, start);
+    log_handle(4, fmt_sphKey, *phKey);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GenerateKeyPair(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+    CK_ULONG ulPublicKeyAttributeCount,
+    CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+    CK_ULONG ulPrivateKeyAttributeCount,
+    CK_OBJECT_HANDLE_PTR phPublicKey,
+    CK_OBJECT_HANDLE_PTR phPrivateKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GenerateKeyPair"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    PR_LOG(modlog, 3, ("  pPublicKeyTemplate = 0x%p", pPublicKeyTemplate));
+    PR_LOG(modlog, 3, ("  ulPublicKeyAttributeCount = %d", ulPublicKeyAttributeCount));
+    PR_LOG(modlog, 3, ("  pPrivateKeyTemplate = 0x%p", pPrivateKeyTemplate));
+    PR_LOG(modlog, 3, ("  ulPrivateKeyAttributeCount = %d", ulPrivateKeyAttributeCount));
+    PR_LOG(modlog, 3, ("  phPublicKey = 0x%p", phPublicKey));
+    print_template(pPublicKeyTemplate, ulPublicKeyAttributeCount);
+    PR_LOG(modlog, 3, ("  phPrivateKey = 0x%p", phPrivateKey));
+    print_template(pPrivateKeyTemplate, ulPrivateKeyAttributeCount);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_GENERATEKEYPAIR, &start);
+    rv = module_functions->C_GenerateKeyPair(hSession,
+                                             pMechanism,
+                                             pPublicKeyTemplate,
+                                             ulPublicKeyAttributeCount,
+                                             pPrivateKeyTemplate,
+                                             ulPrivateKeyAttributeCount,
+                                             phPublicKey,
+                                             phPrivateKey);
+    nssdbg_finish_time(FUNC_C_GENERATEKEYPAIR, start);
+    log_handle(4, "  *phPublicKey = 0x%x", *phPublicKey);
+    log_handle(4, "  *phPrivateKey = 0x%x", *phPrivateKey);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_WrapKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hWrappingKey,
+    CK_OBJECT_HANDLE hKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG_PTR pulWrappedKeyLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_WrapKey"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, "  hWrappingKey = 0x%x", hWrappingKey);
+    log_handle(3, fmt_hKey, hKey);
+    PR_LOG(modlog, 3, (fmt_pWrappedKey, pWrappedKey));
+    PR_LOG(modlog, 3, ("  pulWrappedKeyLen = 0x%p", pulWrappedKeyLen));
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_WRAPKEY, &start);
+    rv = module_functions->C_WrapKey(hSession,
+                                     pMechanism,
+                                     hWrappingKey,
+                                     hKey,
+                                     pWrappedKey,
+                                     pulWrappedKeyLen);
+    nssdbg_finish_time(FUNC_C_WRAPKEY, start);
+    PR_LOG(modlog, 4, ("  *pulWrappedKeyLen = 0x%x", *pulWrappedKeyLen));
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_UnwrapKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hUnwrappingKey,
+    CK_BYTE_PTR pWrappedKey,
+    CK_ULONG ulWrappedKeyLen,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_UnwrapKey"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, "  hUnwrappingKey = 0x%x", hUnwrappingKey);
+    PR_LOG(modlog, 3, (fmt_pWrappedKey, pWrappedKey));
+    PR_LOG(modlog, 3, ("  ulWrappedKeyLen = %d", ulWrappedKeyLen));
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulAttributeCount, ulAttributeCount));
+    PR_LOG(modlog, 3, (fmt_phKey, phKey));
+    print_template(pTemplate, ulAttributeCount);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_UNWRAPKEY, &start);
+    rv = module_functions->C_UnwrapKey(hSession,
+                                       pMechanism,
+                                       hUnwrappingKey,
+                                       pWrappedKey,
+                                       ulWrappedKeyLen,
+                                       pTemplate,
+                                       ulAttributeCount,
+                                       phKey);
+    nssdbg_finish_time(FUNC_C_UNWRAPKEY, start);
+    log_handle(4, fmt_sphKey, *phKey);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_DeriveKey(
+    CK_SESSION_HANDLE hSession,
+    CK_MECHANISM_PTR pMechanism,
+    CK_OBJECT_HANDLE hBaseKey,
+    CK_ATTRIBUTE_PTR pTemplate,
+    CK_ULONG ulAttributeCount,
+    CK_OBJECT_HANDLE_PTR phKey)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_DeriveKey"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, (fmt_pMechanism, pMechanism));
+    log_handle(3, "  hBaseKey = 0x%x", hBaseKey);
+    PR_LOG(modlog, 3, (fmt_pTemplate, pTemplate));
+    PR_LOG(modlog, 3, (fmt_ulAttributeCount, ulAttributeCount));
+    PR_LOG(modlog, 3, (fmt_phKey, phKey));
+    print_template(pTemplate, ulAttributeCount);
+    print_mechanism(pMechanism);
+    nssdbg_start_time(FUNC_C_DERIVEKEY, &start);
+    rv = module_functions->C_DeriveKey(hSession,
+                                       pMechanism,
+                                       hBaseKey,
+                                       pTemplate,
+                                       ulAttributeCount,
+                                       phKey);
+    nssdbg_finish_time(FUNC_C_DERIVEKEY, start);
+    log_handle(4, fmt_sphKey, *phKey);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_SeedRandom(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR pSeed,
+    CK_ULONG ulSeedLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_SeedRandom"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, ("  pSeed = 0x%p", pSeed));
+    PR_LOG(modlog, 3, ("  ulSeedLen = %d", ulSeedLen));
+    nssdbg_start_time(FUNC_C_SEEDRANDOM, &start);
+    rv = module_functions->C_SeedRandom(hSession,
+                                        pSeed,
+                                        ulSeedLen);
+    nssdbg_finish_time(FUNC_C_SEEDRANDOM, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GenerateRandom(
+    CK_SESSION_HANDLE hSession,
+    CK_BYTE_PTR RandomData,
+    CK_ULONG ulRandomLen)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GenerateRandom"));
+    log_handle(3, fmt_hSession, hSession);
+    PR_LOG(modlog, 3, ("  RandomData = 0x%p", RandomData));
+    PR_LOG(modlog, 3, ("  ulRandomLen = %d", ulRandomLen));
+    nssdbg_start_time(FUNC_C_GENERATERANDOM, &start);
+    rv = module_functions->C_GenerateRandom(hSession,
+                                            RandomData,
+                                            ulRandomLen);
+    nssdbg_finish_time(FUNC_C_GENERATERANDOM, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_GetFunctionStatus(
+    CK_SESSION_HANDLE hSession)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_GetFunctionStatus"));
+    log_handle(3, fmt_hSession, hSession);
+    nssdbg_start_time(FUNC_C_GETFUNCTIONSTATUS, &start);
+    rv = module_functions->C_GetFunctionStatus(hSession);
+    nssdbg_finish_time(FUNC_C_GETFUNCTIONSTATUS, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_CancelFunction(
+    CK_SESSION_HANDLE hSession)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_CancelFunction"));
+    log_handle(3, fmt_hSession, hSession);
+    nssdbg_start_time(FUNC_C_CANCELFUNCTION, &start);
+    rv = module_functions->C_CancelFunction(hSession);
+    nssdbg_finish_time(FUNC_C_CANCELFUNCTION, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_RV
+NSSDBGC_WaitForSlotEvent(
+    CK_FLAGS flags,
+    CK_SLOT_ID_PTR pSlot,
+    CK_VOID_PTR pRserved)
+{
+    COMMON_DEFINITIONS;
+
+    PR_LOG(modlog, 1, ("C_WaitForSlotEvent"));
+    PR_LOG(modlog, 3, (fmt_flags, flags));
+    PR_LOG(modlog, 3, ("  pSlot = 0x%p", pSlot));
+    PR_LOG(modlog, 3, ("  pRserved = 0x%p", pRserved));
+    nssdbg_start_time(FUNC_C_WAITFORSLOTEVENT, &start);
+    rv = module_functions->C_WaitForSlotEvent(flags,
+                                              pSlot,
+                                              pRserved);
+    nssdbg_finish_time(FUNC_C_WAITFORSLOTEVENT, start);
+    log_rv(rv);
+    return rv;
+}
+
+CK_FUNCTION_LIST_PTR
+nss_InsertDeviceLog(
+    CK_FUNCTION_LIST_PTR devEPV)
+{
+    module_functions = devEPV;
+    modlog = PR_NewLogModule("nss_mod_log");
+    debug_functions.C_Initialize = NSSDBGC_Initialize;
+    debug_functions.C_Finalize = NSSDBGC_Finalize;
+    debug_functions.C_GetInfo = NSSDBGC_GetInfo;
+    debug_functions.C_GetFunctionList = NSSDBGC_GetFunctionList;
+    debug_functions.C_GetSlotList = NSSDBGC_GetSlotList;
+    debug_functions.C_GetSlotInfo = NSSDBGC_GetSlotInfo;
+    debug_functions.C_GetTokenInfo = NSSDBGC_GetTokenInfo;
+    debug_functions.C_GetMechanismList = NSSDBGC_GetMechanismList;
+    debug_functions.C_GetMechanismInfo = NSSDBGC_GetMechanismInfo;
+    debug_functions.C_InitToken = NSSDBGC_InitToken;
+    debug_functions.C_InitPIN = NSSDBGC_InitPIN;
+    debug_functions.C_SetPIN = NSSDBGC_SetPIN;
+    debug_functions.C_OpenSession = NSSDBGC_OpenSession;
+    debug_functions.C_CloseSession = NSSDBGC_CloseSession;
+    debug_functions.C_CloseAllSessions = NSSDBGC_CloseAllSessions;
+    debug_functions.C_GetSessionInfo = NSSDBGC_GetSessionInfo;
+    debug_functions.C_GetOperationState = NSSDBGC_GetOperationState;
+    debug_functions.C_SetOperationState = NSSDBGC_SetOperationState;
+    debug_functions.C_Login = NSSDBGC_Login;
+    debug_functions.C_Logout = NSSDBGC_Logout;
+    debug_functions.C_CreateObject = NSSDBGC_CreateObject;
+    debug_functions.C_CopyObject = NSSDBGC_CopyObject;
+    debug_functions.C_DestroyObject = NSSDBGC_DestroyObject;
+    debug_functions.C_GetObjectSize = NSSDBGC_GetObjectSize;
+    debug_functions.C_GetAttributeValue = NSSDBGC_GetAttributeValue;
+    debug_functions.C_SetAttributeValue = NSSDBGC_SetAttributeValue;
+    debug_functions.C_FindObjectsInit = NSSDBGC_FindObjectsInit;
+    debug_functions.C_FindObjects = NSSDBGC_FindObjects;
+    debug_functions.C_FindObjectsFinal = NSSDBGC_FindObjectsFinal;
+    debug_functions.C_EncryptInit = NSSDBGC_EncryptInit;
+    debug_functions.C_Encrypt = NSSDBGC_Encrypt;
+    debug_functions.C_EncryptUpdate = NSSDBGC_EncryptUpdate;
+    debug_functions.C_EncryptFinal = NSSDBGC_EncryptFinal;
+    debug_functions.C_DecryptInit = NSSDBGC_DecryptInit;
+    debug_functions.C_Decrypt = NSSDBGC_Decrypt;
+    debug_functions.C_DecryptUpdate = NSSDBGC_DecryptUpdate;
+    debug_functions.C_DecryptFinal = NSSDBGC_DecryptFinal;
+    debug_functions.C_DigestInit = NSSDBGC_DigestInit;
+    debug_functions.C_Digest = NSSDBGC_Digest;
+    debug_functions.C_DigestUpdate = NSSDBGC_DigestUpdate;
+    debug_functions.C_DigestKey = NSSDBGC_DigestKey;
+    debug_functions.C_DigestFinal = NSSDBGC_DigestFinal;
+    debug_functions.C_SignInit = NSSDBGC_SignInit;
+    debug_functions.C_Sign = NSSDBGC_Sign;
+    debug_functions.C_SignUpdate = NSSDBGC_SignUpdate;
+    debug_functions.C_SignFinal = NSSDBGC_SignFinal;
+    debug_functions.C_SignRecoverInit = NSSDBGC_SignRecoverInit;
+    debug_functions.C_SignRecover = NSSDBGC_SignRecover;
+    debug_functions.C_VerifyInit = NSSDBGC_VerifyInit;
+    debug_functions.C_Verify = NSSDBGC_Verify;
+    debug_functions.C_VerifyUpdate = NSSDBGC_VerifyUpdate;
+    debug_functions.C_VerifyFinal = NSSDBGC_VerifyFinal;
+    debug_functions.C_VerifyRecoverInit = NSSDBGC_VerifyRecoverInit;
+    debug_functions.C_VerifyRecover = NSSDBGC_VerifyRecover;
+    debug_functions.C_DigestEncryptUpdate = NSSDBGC_DigestEncryptUpdate;
+    debug_functions.C_DecryptDigestUpdate = NSSDBGC_DecryptDigestUpdate;
+    debug_functions.C_SignEncryptUpdate = NSSDBGC_SignEncryptUpdate;
+    debug_functions.C_DecryptVerifyUpdate = NSSDBGC_DecryptVerifyUpdate;
+    debug_functions.C_GenerateKey = NSSDBGC_GenerateKey;
+    debug_functions.C_GenerateKeyPair = NSSDBGC_GenerateKeyPair;
+    debug_functions.C_WrapKey = NSSDBGC_WrapKey;
+    debug_functions.C_UnwrapKey = NSSDBGC_UnwrapKey;
+    debug_functions.C_DeriveKey = NSSDBGC_DeriveKey;
+    debug_functions.C_SeedRandom = NSSDBGC_SeedRandom;
+    debug_functions.C_GenerateRandom = NSSDBGC_GenerateRandom;
+    debug_functions.C_GetFunctionStatus = NSSDBGC_GetFunctionStatus;
+    debug_functions.C_CancelFunction = NSSDBGC_CancelFunction;
+    debug_functions.C_WaitForSlotEvent = NSSDBGC_WaitForSlotEvent;
+    return &debug_functions;
+}
+
+/*
+ * scale the time factor up accordingly.
+ * This routine tries to keep at least 2 significant figures on output.
+ *    If the time is 0, then indicate that with a 'z' for units.
+ *    If the time is greater than 10 minutes, output the time in minutes.
+ *    If the time is less than 10 minutes but greater than 10 seconds output 
+ * the time in second.
+ *    If the time is less than 10 seconds but greater than 10 milliseconds 
+ * output * the time in millisecond.
+ *    If the time is less than 10 milliseconds but greater than 0 ticks output 
+ * the time in microsecond.
+ *
+ */
+static PRUint32
+getPrintTime(PRIntervalTime time, char **type)
+{
+    PRUint32 prTime;
+
+    /* detect a programming error by outputting 'bu' to the output stream
+     * rather than crashing */
+    *type = "bug";
+    if (time == 0) {
+        *type = "z";
+        return 0;
+    }
+
+    prTime = PR_IntervalToSeconds(time);
+
+    if (prTime >= 600) {
+        *type = "m";
+        return prTime / 60;
+    }
+    if (prTime >= 10) {
+        *type = "s";
+        return prTime;
+    }
+    prTime = PR_IntervalToMilliseconds(time);
+    if (prTime >= 10) {
+        *type = "ms";
+        return prTime;
+    }
+    *type = "us";
+    return PR_IntervalToMicroseconds(time);
+}
+
+static void
+print_final_statistics(void)
+{
+    int total_calls = 0;
+    PRIntervalTime total_time = 0;
+    PRUint32 pr_total_time;
+    char *type;
+    char *fname;
+    FILE *outfile = NULL;
+    int i;
+
+    fname = PR_GetEnvSecure("NSS_OUTPUT_FILE");
+    if (fname) {
+        /* need to add an optional process id to the filename */
+        outfile = fopen(fname, "w+");
+    }
+    if (!outfile) {
+        outfile = stdout;
+    }
+
+    fprintf(outfile, "%-25s %10s %12s %12s %10s\n", "Function", "# Calls",
+            "Time", "Avg.", "% Time");
+    fprintf(outfile, "\n");
+    for (i = 0; i < nssdbg_prof_size; i++) {
+        total_calls += nssdbg_prof_data[i].calls;
+        total_time += nssdbg_prof_data[i].time;
+    }
+    for (i = 0; i < nssdbg_prof_size; i++) {
+        PRIntervalTime time = nssdbg_prof_data[i].time;
+        PRUint32 usTime = PR_IntervalToMicroseconds(time);
+        PRUint32 prTime = 0;
+        PRUint32 calls = nssdbg_prof_data[i].calls;
+        /* don't print out functions that weren't even called */
+        if (calls == 0) {
+            continue;
+        }
+
+        prTime = getPrintTime(time, &type);
+
+        fprintf(outfile, "%-25s %10d %10d%2s ", nssdbg_prof_data[i].function,
+                calls, prTime, type);
+        /* for now always output the average in microseconds */
+        fprintf(outfile, "%10.2f%2s", (float)usTime / (float)calls, "us");
+        fprintf(outfile, "%10.2f%%", ((float)time / (float)total_time) * 100);
+        fprintf(outfile, "\n");
+    }
+    fprintf(outfile, "\n");
+
+    pr_total_time = getPrintTime(total_time, &type);
+
+    fprintf(outfile, "%25s %10d %10d%2s\n", "Totals", total_calls,
+            pr_total_time, type);
+    fprintf(outfile, "\n\nMaximum number of concurrent open sessions: %d\n\n",
+            maxOpenSessions);
+    fflush(outfile);
+    if (outfile != stdout) {
+        fclose(outfile);
+    }
+}
diff --git a/nss/lib/pk11wrap/dev3hack.c b/nss/lib/pk11wrap/dev3hack.c
new file mode 100644
index 0000000..27325a5
--- /dev/null
+++ b/nss/lib/pk11wrap/dev3hack.c
@@ -0,0 +1,279 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIT_H
+#include "pkit.h"
+#endif /* PKIT_H */
+
+#ifndef DEVM_H
+#include "devm.h"
+#endif /* DEVM_H */
+
+#include "pki3hack.h"
+#include "dev3hack.h"
+#include "pkim.h"
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#include "pk11func.h"
+#include "secmodti.h"
+#include "secerr.h"
+
+NSS_IMPLEMENT nssSession *
+nssSession_ImportNSS3Session(NSSArena *arenaOpt,
+                             CK_SESSION_HANDLE session,
+                             PZLock *lock, PRBool rw)
+{
+    nssSession *rvSession = NULL;
+    if (session != CK_INVALID_SESSION) {
+        rvSession = nss_ZNEW(arenaOpt, nssSession);
+        if (rvSession) {
+            rvSession->handle = session;
+            rvSession->lock = lock;
+            rvSession->ownLock = PR_FALSE;
+            rvSession->isRW = rw;
+        }
+    }
+    return rvSession;
+}
+
+NSS_IMPLEMENT nssSession *
+nssSlot_CreateSession(
+    NSSSlot *slot,
+    NSSArena *arenaOpt,
+    PRBool readWrite)
+{
+    nssSession *rvSession;
+
+    if (!readWrite) {
+        /* nss3hack version only returns rw swssions */
+        return NULL;
+    }
+    rvSession = nss_ZNEW(arenaOpt, nssSession);
+    if (!rvSession) {
+        return (nssSession *)NULL;
+    }
+
+    rvSession->handle = PK11_GetRWSession(slot->pk11slot);
+    if (rvSession->handle == CK_INVALID_HANDLE) {
+        nss_ZFreeIf(rvSession);
+        return NULL;
+    }
+    rvSession->isRW = PR_TRUE;
+    rvSession->slot = slot;
+    /*
+     * The session doesn't need its own lock.  Here's why.
+     * 1. If we are reusing the default RW session of the slot,
+     *    the slot lock is already locked to protect the session.
+     * 2. If the module is not thread safe, the slot (or rather
+     *    module) lock is already locked.
+     * 3. If the module is thread safe and we are using a new
+     *    session, no higher-level lock has been locked and we
+     *    would need a lock for the new session.  However, the
+     *    current usage of the session is that it is always
+     *    used and destroyed within the same function and never
+     *    shared with another thread.
+     * So the session is either already protected by another
+     * lock or only used by one thread.
+     */
+    rvSession->lock = NULL;
+    rvSession->ownLock = PR_FALSE;
+    return rvSession;
+}
+
+NSS_IMPLEMENT PRStatus
+nssSession_Destroy(nssSession *s)
+{
+    PRStatus rv = PR_SUCCESS;
+    if (s) {
+        if (s->isRW) {
+            PK11_RestoreROSession(s->slot->pk11slot, s->handle);
+        }
+        rv = nss_ZFreeIf(s);
+    }
+    return rv;
+}
+
+static NSSSlot *
+nssSlot_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
+{
+    NSSSlot *rvSlot;
+    NSSArena *arena;
+    arena = nssArena_Create();
+    if (!arena) {
+        return NULL;
+    }
+    rvSlot = nss_ZNEW(arena, NSSSlot);
+    if (!rvSlot) {
+        nssArena_Destroy(arena);
+        return NULL;
+    }
+    rvSlot->base.refCount = 1;
+    rvSlot->base.lock = PZ_NewLock(nssILockOther);
+    rvSlot->base.arena = arena;
+    rvSlot->pk11slot = nss3slot;
+    rvSlot->epv = nss3slot->functionList;
+    rvSlot->slotID = nss3slot->slotID;
+    /* Grab the slot name from the PKCS#11 fixed-length buffer */
+    rvSlot->base.name = nssUTF8_Duplicate(nss3slot->slot_name, td->arena);
+    rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock;
+    return rvSlot;
+}
+
+NSSToken *
+nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot)
+{
+    NSSToken *rvToken;
+    NSSArena *arena;
+
+    /* Don't create a token object for a disabled slot */
+    if (nss3slot->disabled) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
+    }
+    arena = nssArena_Create();
+    if (!arena) {
+        return NULL;
+    }
+    rvToken = nss_ZNEW(arena, NSSToken);
+    if (!rvToken) {
+        nssArena_Destroy(arena);
+        return NULL;
+    }
+    rvToken->base.refCount = 1;
+    rvToken->base.lock = PZ_NewLock(nssILockOther);
+    if (!rvToken->base.lock) {
+        nssArena_Destroy(arena);
+        return NULL;
+    }
+    rvToken->base.arena = arena;
+    rvToken->pk11slot = nss3slot;
+    rvToken->epv = nss3slot->functionList;
+    rvToken->defaultSession = nssSession_ImportNSS3Session(td->arena,
+                                                           nss3slot->session,
+                                                           nss3slot->sessionLock,
+                                                           nss3slot->defRWSession);
+#if 0 /* we should do this instead of blindly continuing. */
+    if (!rvToken->defaultSession) {
+    PORT_SetError(SEC_ERROR_NO_TOKEN);
+        goto loser;
+    }
+#endif
+    if (!PK11_IsInternal(nss3slot) && PK11_IsHW(nss3slot)) {
+        rvToken->cache = nssTokenObjectCache_Create(rvToken,
+                                                    PR_TRUE, PR_TRUE, PR_TRUE);
+        if (!rvToken->cache)
+            goto loser;
+    }
+    rvToken->trustDomain = td;
+    /* Grab the token name from the PKCS#11 fixed-length buffer */
+    rvToken->base.name = nssUTF8_Duplicate(nss3slot->token_name, td->arena);
+    rvToken->slot = nssSlot_CreateFromPK11SlotInfo(td, nss3slot);
+    if (!rvToken->slot) {
+        goto loser;
+    }
+    rvToken->slot->token = rvToken;
+    if (rvToken->defaultSession)
+        rvToken->defaultSession->slot = rvToken->slot;
+    return rvToken;
+loser:
+    PZ_DestroyLock(rvToken->base.lock);
+    nssArena_Destroy(arena);
+    return NULL;
+}
+
+NSS_IMPLEMENT void
+nssToken_UpdateName(NSSToken *token)
+{
+    if (!token) {
+        return;
+    }
+    token->base.name = nssUTF8_Duplicate(token->pk11slot->token_name, token->base.arena);
+}
+
+NSS_IMPLEMENT PRBool
+nssSlot_IsPermanent(NSSSlot *slot)
+{
+    return slot->pk11slot->isPerm;
+}
+
+NSS_IMPLEMENT PRBool
+nssSlot_IsFriendly(NSSSlot *slot)
+{
+    return PK11_IsFriendly(slot->pk11slot);
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_Refresh(NSSToken *token)
+{
+    PK11SlotInfo *nss3slot;
+
+    if (!token) {
+        return PR_SUCCESS;
+    }
+    nss3slot = token->pk11slot;
+    token->defaultSession =
+        nssSession_ImportNSS3Session(token->slot->base.arena,
+                                     nss3slot->session,
+                                     nss3slot->sessionLock,
+                                     nss3slot->defRWSession);
+    return token->defaultSession ? PR_SUCCESS : PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+nssSlot_Refresh(NSSSlot *slot)
+{
+    PK11SlotInfo *nss3slot = slot->pk11slot;
+    PRBool doit = PR_FALSE;
+    if (slot->token && slot->token->base.name[0] == 0) {
+        doit = PR_TRUE;
+    }
+    if (PK11_InitToken(nss3slot, PR_FALSE) != SECSuccess) {
+        return PR_FAILURE;
+    }
+    if (doit) {
+        nssTrustDomain_UpdateCachedTokenCerts(slot->token->trustDomain,
+                                              slot->token);
+    }
+    return nssToken_Refresh(slot->token);
+}
+
+NSS_IMPLEMENT PRStatus
+nssToken_GetTrustOrder(NSSToken *tok)
+{
+    PK11SlotInfo *slot;
+    SECMODModule *module;
+    slot = tok->pk11slot;
+    module = PK11_GetModule(slot);
+    return module->trustOrder;
+}
+
+NSS_IMPLEMENT PRBool
+nssSlot_IsLoggedIn(NSSSlot *slot)
+{
+    if (!slot->pk11slot->needLogin) {
+        return PR_TRUE;
+    }
+    return PK11_IsLoggedIn(slot->pk11slot, NULL);
+}
+
+NSSTrustDomain *
+nssToken_GetTrustDomain(NSSToken *token)
+{
+    return token->trustDomain;
+}
+
+NSS_EXTERN PRStatus
+nssTrustDomain_RemoveTokenCertsFromCache(
+    NSSTrustDomain *td,
+    NSSToken *token);
+
+NSS_IMPLEMENT PRStatus
+nssToken_NotifyCertsNotVisible(
+    NSSToken *tok)
+{
+    return nssTrustDomain_RemoveTokenCertsFromCache(tok->trustDomain, tok);
+}
diff --git a/nss/lib/pk11wrap/dev3hack.h b/nss/lib/pk11wrap/dev3hack.h
new file mode 100644
index 0000000..6105259
--- /dev/null
+++ b/nss/lib/pk11wrap/dev3hack.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEVNSS3HACK_H
+#define DEVNSS3HACK_H
+
+#include "cert.h"
+
+PR_BEGIN_EXTERN_C
+
+NSS_EXTERN NSSToken *
+nssToken_CreateFromPK11SlotInfo(NSSTrustDomain *td, PK11SlotInfo *nss3slot);
+
+NSS_EXTERN void
+nssToken_UpdateName(NSSToken *);
+
+NSS_EXTERN PRStatus
+nssToken_Refresh(NSSToken *);
+
+NSSTrustDomain *
+nssToken_GetTrustDomain(NSSToken *token);
+
+void PK11Slot_SetNSSToken(PK11SlotInfo *sl, NSSToken *nsst);
+
+NSSToken *PK11Slot_GetNSSToken(PK11SlotInfo *sl);
+
+PR_END_EXTERN_C
+
+#endif /* DEVNSS3HACK_H */
diff --git a/nss/lib/pk11wrap/exports.gyp b/nss/lib/pk11wrap/exports.gyp
new file mode 100644
index 0000000..b3d4bf4
--- /dev/null
+++ b/nss/lib/pk11wrap/exports.gyp
@@ -0,0 +1,39 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_pk11wrap_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pk11func.h',
+            'pk11pqg.h',
+            'pk11priv.h',
+            'pk11pub.h',
+            'pk11sdr.h',
+            'secmod.h',
+            'secmodt.h',
+            'secpkcs5.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'dev3hack.h',
+            'secmodi.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/pk11wrap/manifest.mn b/nss/lib/pk11wrap/manifest.mn
new file mode 100644
index 0000000..1a2d244
--- /dev/null
+++ b/nss/lib/pk11wrap/manifest.mn
@@ -0,0 +1,63 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+EXPORTS = \
+	secmod.h \
+	secmodt.h \
+	secpkcs5.h \
+	pk11func.h \
+	pk11pub.h \
+	pk11priv.h \
+	pk11sdr.h \
+	pk11pqg.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	secmodi.h \
+	dev3hack.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	dev3hack.c \
+	pk11akey.c \
+	pk11auth.c \
+	pk11cert.c \
+	pk11cxt.c \
+	pk11err.c  \
+	pk11kea.c \
+	pk11list.c \
+	pk11load.c \
+	pk11mech.c \
+	pk11merge.c \
+	pk11nobj.c \
+	pk11obj.c \
+	pk11pars.c \
+	pk11pbe.c \
+	pk11pk12.c \
+	pk11pqg.c \
+	pk11sdr.c \
+	pk11skey.c \
+	pk11slot.c \
+	pk11util.c \
+	$(NULL)
+
+LIBRARY_NAME = pk11wrap
+
+LIBRARY_VERSION = 3
+SOFTOKEN_LIBRARY_VERSION = 3
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" \
+        -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\" \
+        -DSOFTOKEN_SHLIB_VERSION=\"$(SOFTOKEN_LIBRARY_VERSION)\"
+
+# only add module debugging in opt builds if DEBUG_PKCS11 is set
+ifdef DEBUG_PKCS11
+  DEFINES += -DDEBUG_MODULE -DFORCE_PR_LOG
+endif
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/pk11wrap/pk11akey.c b/nss/lib/pk11wrap/pk11akey.c
new file mode 100644
index 0000000..c45901e
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11akey.c
@@ -0,0 +1,2529 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file contains functions to manage asymetric keys, (public and
+ * private keys).
+ */
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pkcs11t.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "key.h"
+#include "keyi.h"
+#include "secitem.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secerr.h"
+#include "sechash.h"
+
+#include "secpkcs5.h"
+#include "blapit.h"
+
+static SECItem *
+pk11_MakeIDFromPublicKey(SECKEYPublicKey *pubKey)
+{
+    /* set the ID to the public key so we can find it again */
+    SECItem *pubKeyIndex = NULL;
+    switch (pubKey->keyType) {
+        case rsaKey:
+            pubKeyIndex = &pubKey->u.rsa.modulus;
+            break;
+        case dsaKey:
+            pubKeyIndex = &pubKey->u.dsa.publicValue;
+            break;
+        case dhKey:
+            pubKeyIndex = &pubKey->u.dh.publicValue;
+            break;
+        case ecKey:
+            pubKeyIndex = &pubKey->u.ec.publicValue;
+            break;
+        default:
+            return NULL;
+    }
+    PORT_Assert(pubKeyIndex != NULL);
+
+    return PK11_MakeIDFromPubKey(pubKeyIndex);
+}
+
+/*
+ * import a public key into the desired slot
+ *
+ * This function takes a public key structure and creates a public key in a
+ * given slot. If isToken is set, then a persistant public key is created.
+ *
+ * Note: it is possible for this function to return a handle for a key which
+ * is persistant, even if isToken is not set.
+ */
+CK_OBJECT_HANDLE
+PK11_ImportPublicKey(PK11SlotInfo *slot, SECKEYPublicKey *pubKey,
+                     PRBool isToken)
+{
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_OBJECT_HANDLE objectID;
+    CK_ATTRIBUTE theTemplate[11];
+    CK_ATTRIBUTE *signedattr = NULL;
+    CK_ATTRIBUTE *attrs = theTemplate;
+    SECItem *ckaId = NULL;
+    SECItem *pubValue = NULL;
+    int signedcount = 0;
+    unsigned int templateCount = 0;
+    SECStatus rv;
+
+    /* if we already have an object in the desired slot, use it */
+    if (!isToken && pubKey->pkcs11Slot == slot) {
+        return pubKey->pkcs11ID;
+    }
+
+    /* free the existing key */
+    if (pubKey->pkcs11Slot != NULL) {
+        PK11SlotInfo *oSlot = pubKey->pkcs11Slot;
+        if (!PK11_IsPermObject(pubKey->pkcs11Slot, pubKey->pkcs11ID)) {
+            PK11_EnterSlotMonitor(oSlot);
+            (void)PK11_GETTAB(oSlot)->C_DestroyObject(oSlot->session,
+                                                      pubKey->pkcs11ID);
+            PK11_ExitSlotMonitor(oSlot);
+        }
+        PK11_FreeSlot(oSlot);
+        pubKey->pkcs11Slot = NULL;
+    }
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, isToken ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    if (isToken) {
+        ckaId = pk11_MakeIDFromPublicKey(pubKey);
+        if (ckaId == NULL) {
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            return CK_INVALID_HANDLE;
+        }
+        PK11_SETATTRS(attrs, CKA_ID, ckaId->data, ckaId->len);
+        attrs++;
+    }
+
+    /* now import the key */
+    {
+        switch (pubKey->keyType) {
+            case rsaKey:
+                keyType = CKK_RSA;
+                PK11_SETATTRS(attrs, CKA_WRAP, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_ENCRYPT, &cktrue,
+                              sizeof(CK_BBOOL));
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_MODULUS, pubKey->u.rsa.modulus.data,
+                              pubKey->u.rsa.modulus.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
+                              pubKey->u.rsa.publicExponent.data,
+                              pubKey->u.rsa.publicExponent.len);
+                attrs++;
+                break;
+            case dsaKey:
+                keyType = CKK_DSA;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dsa.params.prime.data,
+                              pubKey->u.dsa.params.prime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_SUBPRIME, pubKey->u.dsa.params.subPrime.data,
+                              pubKey->u.dsa.params.subPrime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dsa.params.base.data,
+                              pubKey->u.dsa.params.base.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dsa.publicValue.data,
+                              pubKey->u.dsa.publicValue.len);
+                attrs++;
+                break;
+            case fortezzaKey:
+                keyType = CKK_DSA;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.fortezza.params.prime.data,
+                              pubKey->u.fortezza.params.prime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_SUBPRIME,
+                              pubKey->u.fortezza.params.subPrime.data,
+                              pubKey->u.fortezza.params.subPrime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.fortezza.params.base.data,
+                              pubKey->u.fortezza.params.base.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.fortezza.DSSKey.data,
+                              pubKey->u.fortezza.DSSKey.len);
+                attrs++;
+                break;
+            case dhKey:
+                keyType = CKK_DH;
+                PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_PRIME, pubKey->u.dh.prime.data,
+                              pubKey->u.dh.prime.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_BASE, pubKey->u.dh.base.data,
+                              pubKey->u.dh.base.len);
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_VALUE, pubKey->u.dh.publicValue.data,
+                              pubKey->u.dh.publicValue.len);
+                attrs++;
+                break;
+            case ecKey:
+                keyType = CKK_EC;
+                PK11_SETATTRS(attrs, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+                attrs++;
+                signedattr = attrs;
+                PK11_SETATTRS(attrs, CKA_EC_PARAMS,
+                              pubKey->u.ec.DEREncodedParams.data,
+                              pubKey->u.ec.DEREncodedParams.len);
+                attrs++;
+                if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
+                    PK11_SETATTRS(attrs, CKA_EC_POINT,
+                                  pubKey->u.ec.publicValue.data,
+                                  pubKey->u.ec.publicValue.len);
+                    attrs++;
+                } else {
+                    pubValue = SEC_ASN1EncodeItem(NULL, NULL,
+                                                  &pubKey->u.ec.publicValue,
+                                                  SEC_ASN1_GET(SEC_OctetStringTemplate));
+                    if (pubValue == NULL) {
+                        if (ckaId) {
+                            SECITEM_FreeItem(ckaId, PR_TRUE);
+                        }
+                        return CK_INVALID_HANDLE;
+                    }
+                    PK11_SETATTRS(attrs, CKA_EC_POINT,
+                                  pubValue->data, pubValue->len);
+                    attrs++;
+                }
+                break;
+            default:
+                if (ckaId) {
+                    SECITEM_FreeItem(ckaId, PR_TRUE);
+                }
+                PORT_SetError(SEC_ERROR_BAD_KEY);
+                return CK_INVALID_HANDLE;
+        }
+
+        templateCount = attrs - theTemplate;
+        signedcount = attrs - signedattr;
+        PORT_Assert(templateCount <= (sizeof(theTemplate) / sizeof(CK_ATTRIBUTE)));
+        for (attrs = signedattr; signedcount; attrs++, signedcount--) {
+            pk11_SignedToUnsigned(attrs);
+        }
+        rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, theTemplate,
+                                  templateCount, isToken, &objectID);
+        if (ckaId) {
+            SECITEM_FreeItem(ckaId, PR_TRUE);
+        }
+        if (pubValue) {
+            SECITEM_FreeItem(pubValue, PR_TRUE);
+        }
+        if (rv != SECSuccess) {
+            return CK_INVALID_HANDLE;
+        }
+    }
+
+    pubKey->pkcs11ID = objectID;
+    pubKey->pkcs11Slot = PK11_ReferenceSlot(slot);
+
+    return objectID;
+}
+
+/*
+ * take an attribute and copy it into a secitem
+ */
+static CK_RV
+pk11_Attr2SecItem(PLArenaPool *arena, const CK_ATTRIBUTE *attr, SECItem *item)
+{
+    item->data = NULL;
+
+    (void)SECITEM_AllocItem(arena, item, attr->ulValueLen);
+    if (item->data == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    PORT_Memcpy(item->data, attr->pValue, item->len);
+    return CKR_OK;
+}
+
+/*
+ * get a curve length from a set of ecParams.
+ *
+ * We need this so we can reliably determine if the ecPoint passed to us
+ * was encoded or not. With out this, for many curves, we would incorrectly
+ * identify an unencoded curve as an encoded curve 1 in 65536 times, and for
+ * a few we would make that same mistake 1 in 32768 times. These are bad
+ * numbers since they are rare enough to pass tests, but common enough to
+ * be tripped over in the field.
+ *
+ * This function will only work for curves we recognized as of March 2009.
+ * The assumption is curves in use after March of 2009 would be supplied by
+ * PKCS #11 modules that already pass the correct encoding to us.
+ *
+ * Point length = (Roundup(curveLenInBits/8)*2+1)
+ */
+static int
+pk11_get_EC_PointLenInBytes(PLArenaPool *arena, const SECItem *ecParams,
+                            PRBool *plain)
+{
+    SECItem oid;
+    SECOidTag tag;
+    SECStatus rv;
+
+    /* decode the OID tag */
+    rv = SEC_QuickDERDecodeItem(arena, &oid,
+                                SEC_ASN1_GET(SEC_ObjectIDTemplate), ecParams);
+    if (rv != SECSuccess) {
+        /* could be explict curves, allow them to work if the
+         * PKCS #11 module support them. If we try to parse the
+         * explicit curve value in the future, we may return -1 here
+         * to indicate an invalid parameter if the explicit curve
+         * decode fails. */
+        return 0;
+    }
+
+    *plain = PR_FALSE;
+    tag = SECOID_FindOIDTag(&oid);
+    switch (tag) {
+        case SEC_OID_SECG_EC_SECP112R1:
+        case SEC_OID_SECG_EC_SECP112R2:
+            return 29; /* curve len in bytes = 14 bytes */
+        case SEC_OID_SECG_EC_SECT113R1:
+        case SEC_OID_SECG_EC_SECT113R2:
+            return 31; /* curve len in bytes = 15 bytes */
+        case SEC_OID_SECG_EC_SECP128R1:
+        case SEC_OID_SECG_EC_SECP128R2:
+            return 33; /* curve len in bytes = 16 bytes */
+        case SEC_OID_SECG_EC_SECT131R1:
+        case SEC_OID_SECG_EC_SECT131R2:
+            return 35; /* curve len in bytes = 17 bytes */
+        case SEC_OID_SECG_EC_SECP160K1:
+        case SEC_OID_SECG_EC_SECP160R1:
+        case SEC_OID_SECG_EC_SECP160R2:
+            return 41; /* curve len in bytes = 20 bytes */
+        case SEC_OID_SECG_EC_SECT163K1:
+        case SEC_OID_SECG_EC_SECT163R1:
+        case SEC_OID_SECG_EC_SECT163R2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V1:
+        case SEC_OID_ANSIX962_EC_C2PNB163V2:
+        case SEC_OID_ANSIX962_EC_C2PNB163V3:
+            return 43; /* curve len in bytes = 21 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB176V1:
+            return 45; /* curve len in bytes = 22 bytes */
+        case SEC_OID_ANSIX962_EC_C2TNB191V1:
+        case SEC_OID_ANSIX962_EC_C2TNB191V2:
+        case SEC_OID_ANSIX962_EC_C2TNB191V3:
+        case SEC_OID_SECG_EC_SECP192K1:
+        case SEC_OID_ANSIX962_EC_PRIME192V1:
+        case SEC_OID_ANSIX962_EC_PRIME192V2:
+        case SEC_OID_ANSIX962_EC_PRIME192V3:
+            return 49; /*curve len in bytes = 24 bytes */
+        case SEC_OID_SECG_EC_SECT193R1:
+        case SEC_OID_SECG_EC_SECT193R2:
+            return 51; /*curve len in bytes = 25 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB208W1:
+            return 53; /*curve len in bytes = 26 bytes */
+        case SEC_OID_SECG_EC_SECP224K1:
+        case SEC_OID_SECG_EC_SECP224R1:
+            return 57; /*curve len in bytes = 28 bytes */
+        case SEC_OID_SECG_EC_SECT233K1:
+        case SEC_OID_SECG_EC_SECT233R1:
+        case SEC_OID_SECG_EC_SECT239K1:
+        case SEC_OID_ANSIX962_EC_PRIME239V1:
+        case SEC_OID_ANSIX962_EC_PRIME239V2:
+        case SEC_OID_ANSIX962_EC_PRIME239V3:
+        case SEC_OID_ANSIX962_EC_C2TNB239V1:
+        case SEC_OID_ANSIX962_EC_C2TNB239V2:
+        case SEC_OID_ANSIX962_EC_C2TNB239V3:
+            return 61; /*curve len in bytes = 30 bytes */
+        case SEC_OID_ANSIX962_EC_PRIME256V1:
+        case SEC_OID_SECG_EC_SECP256K1:
+            return 65; /*curve len in bytes = 32 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB272W1:
+            return 69; /*curve len in bytes = 34 bytes */
+        case SEC_OID_SECG_EC_SECT283K1:
+        case SEC_OID_SECG_EC_SECT283R1:
+            return 73; /*curve len in bytes = 36 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB304W1:
+            return 77; /*curve len in bytes = 38 bytes */
+        case SEC_OID_ANSIX962_EC_C2TNB359V1:
+            return 91; /*curve len in bytes = 45 bytes */
+        case SEC_OID_ANSIX962_EC_C2PNB368W1:
+            return 93; /*curve len in bytes = 46 bytes */
+        case SEC_OID_SECG_EC_SECP384R1:
+            return 97; /*curve len in bytes = 48 bytes */
+        case SEC_OID_SECG_EC_SECT409K1:
+        case SEC_OID_SECG_EC_SECT409R1:
+            return 105; /*curve len in bytes = 52 bytes */
+        case SEC_OID_ANSIX962_EC_C2TNB431R1:
+            return 109; /*curve len in bytes = 54 bytes */
+        case SEC_OID_SECG_EC_SECP521R1:
+            return 133; /*curve len in bytes = 66 bytes */
+        case SEC_OID_SECG_EC_SECT571K1:
+        case SEC_OID_SECG_EC_SECT571R1:
+            return 145; /*curve len in bytes = 72 bytes */
+        case SEC_OID_CURVE25519:
+            *plain = PR_TRUE;
+            return 32; /* curve len in bytes = 32 bytes (only X) */
+        /* unknown or unrecognized OIDs. return unknown length */
+        default:
+            break;
+    }
+    return 0;
+}
+
+/*
+ * returns the decoded point. In some cases the point may already be decoded.
+ * this function tries to detect those cases and return the point in
+ * publicKeyValue. In other cases it's DER encoded. In those cases the point
+ * is first decoded and returned. Space for the point is allocated out of
+ * the passed in arena.
+ */
+static CK_RV
+pk11_get_Decoded_ECPoint(PLArenaPool *arena, const SECItem *ecParams,
+                         const CK_ATTRIBUTE *ecPoint, SECItem *publicKeyValue)
+{
+    SECItem encodedPublicValue;
+    SECStatus rv;
+    int keyLen;
+    PRBool plain = PR_FALSE;
+
+    if (ecPoint->ulValueLen == 0) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /*
+     * The PKCS #11 spec requires ecPoints to be encoded as a DER OCTET String.
+     * NSS has mistakenly passed unencoded values, and some PKCS #11 vendors
+     * followed that mistake. Now we need to detect which encoding we were
+     * passed in. The task is made more complicated by the fact the the
+     * DER encoding byte (SEC_ASN_OCTET_STRING) is the same as the
+     * EC_POINT_FORM_UNCOMPRESSED byte (0x04), so we can't use that to
+     * determine which curve we are using.
+     */
+
+    /* get the expected key length for the passed in curve.
+     * pk11_get_EC_PointLenInBytes only returns valid values for curves
+     * NSS has traditionally recognized. If the curve is not recognized,
+     * it will return '0', and we have to figure out if the key was
+     * encoded or not heuristically. If the ecParams are invalid, it
+     * will return -1 for the keyLen.
+     */
+    keyLen = pk11_get_EC_PointLenInBytes(arena, ecParams, &plain);
+    if (keyLen < 0) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /*
+     * Some curves are not encoded but we don't have the name here.
+     * Instead, pk11_get_EC_PointLenInBytes returns true plain if this is the
+     * case.
+     */
+    if (plain && ecPoint->ulValueLen == (unsigned int)keyLen) {
+        return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
+    }
+
+    /* If the point is uncompressed and the lengths match, it
+     * must be an unencoded point */
+    if ((*((char *)ecPoint->pValue) == EC_POINT_FORM_UNCOMPRESSED) &&
+        (ecPoint->ulValueLen == (unsigned int)keyLen)) {
+        return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
+    }
+
+    /* now assume the key passed to us was encoded and decode it */
+    if (*((char *)ecPoint->pValue) == SEC_ASN1_OCTET_STRING) {
+        /* OK, now let's try to decode it and see if it's valid */
+        encodedPublicValue.data = ecPoint->pValue;
+        encodedPublicValue.len = ecPoint->ulValueLen;
+        rv = SEC_QuickDERDecodeItem(arena, publicKeyValue,
+                                    SEC_ASN1_GET(SEC_OctetStringTemplate), &encodedPublicValue);
+
+        /* it coded correctly & we know the key length (and they match)
+         * then we are done, return the results. */
+        if (keyLen && rv == SECSuccess && publicKeyValue->len == (unsigned int)keyLen) {
+            return CKR_OK;
+        }
+
+        /* if we know the key length, one of the above tests should have
+         * succeded. If it doesn't the module gave us bad data */
+        if (keyLen) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
+
+        /* We don't know the key length, so we don't know deterministically
+         * which encoding was used. We now will try to pick the most likely
+         * form that's correct, with a preference for the encoded form if we
+         * can't determine for sure. We do this by checking the key we got
+         * back from SEC_QuickDERDecodeItem for defects. If no defects are
+         * found, we assume the encoded parameter was was passed to us.
+         * our defect tests include:
+         *   1) it didn't decode.
+         *   2) The decode key had an invalid length (must be odd).
+         *   3) The decoded key wasn't an UNCOMPRESSED key.
+         *   4) The decoded key didn't include the entire encoded block
+         *   except the DER encoding values. (fixing DER length to one
+         *   particular value).
+         */
+        if ((rv != SECSuccess) || ((publicKeyValue->len & 1) != 1) ||
+            (publicKeyValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) ||
+            (PORT_Memcmp(&encodedPublicValue.data[encodedPublicValue.len - publicKeyValue->len],
+                         publicKeyValue->data,
+                         publicKeyValue->len) != 0)) {
+            /* The decoded public key was flawed, the original key must have
+             * already been in decoded form. Do a quick sanity check then
+             * return the original key value.
+             */
+            if ((encodedPublicValue.len & 1) == 0) {
+                return CKR_ATTRIBUTE_VALUE_INVALID;
+            }
+            return pk11_Attr2SecItem(arena, ecPoint, publicKeyValue);
+        }
+
+        /* as best we can figure, the passed in key was encoded, and we've
+         * now decoded it. Note: there is a chance this could be wrong if the
+         * following conditions hold:
+         *  1) The first byte or bytes of the X point looks like a valid length
+         * of precisely the right size (2*curveSize -1). this means for curves
+         * less than 512 bits (64 bytes), this will happen 1 in 256 times*.
+         * for curves between 512 and 1024, this will happen 1 in 65,536 times*
+         * for curves between 1024 and 256K this will happen 1 in 16 million*
+         *  2) The length of the 'DER length field' is odd
+         * (making both the encoded and decode
+         * values an odd length. this is true of all curves less than 512,
+         * as well as curves between 1024 and 256K).
+         *  3) The X[length of the 'DER length field'] == 0x04, 1 in 256.
+         *
+         *  (* assuming all values are equally likely in the first byte,
+         * This isn't true if the curve length is not a multiple of 8. In these
+         * cases, if the DER length is possible, it's more likely,
+         * if it's not possible, then we have no false decodes).
+         *
+         * For reference here are the odds for the various curves we currently
+         * have support for (and the only curves SSL will negotiate at this
+         * time). NOTE: None of the supported curves will show up here
+         * because we return a valid length for all of these curves.
+         * The only way to get here is to have some application (not SSL)
+         * which supports some unknown curve and have some vendor supplied
+         * PKCS #11 module support that curve. NOTE: in this case, one
+         * presumes that that pkcs #11 module is likely to be using the
+         * correct encodings.
+         *
+         * Prime Curves (GFp):
+         *   Bit    False       Odds of
+         *  Size    DER Len  False Decode Positive
+         *  112     27     1 in 65536
+         *  128     31     1 in 65536
+         *  160     39     1 in 65536
+         *  192     47     1 in 65536
+         *  224     55     1 in 65536
+         *  239     59     1 in 32768 (top byte can only be 0-127)
+         *  256     63     1 in 65536
+         *  521     129,131      0        (decoded value would be even)
+         *
+         * Binary curves (GF2m).
+         *   Bit    False       Odds of
+         *  Size    DER Len  False Decode Positive
+         *  131     33       0        (top byte can only be 0-7)
+         *  163     41       0        (top byte can only be 0-7)
+         *  176     43     1 in 65536
+         *  191     47     1 in 32768 (top byte can only be 0-127)
+         *  193     49       0        (top byte can only be 0-1)
+         *  208     51     1 in 65536
+         *  233     59       0        (top byte can only be 0-1)
+         *  239     59     1 in 32768 (top byte can only be 0-127)
+         *  272     67     1 in 65536
+         *  283     71       0        (top byte can only be 0-7)
+         *  304     75     1 in 65536
+         *  359     89     1 in 32768 (top byte can only be 0-127)
+         *  368     91     1 in 65536
+         *  409     103      0        (top byte can only be 0-1)
+         *  431     107    1 in 32768 (top byte can only be 0-127)
+         *  571     129,143      0        (decoded value would be even)
+         *
+         */
+
+        return CKR_OK;
+    }
+
+    /* In theory, we should handle the case where the curve == 0 and
+     * the first byte is EC_POINT_FORM_UNCOMPRESSED, (which would be
+     * handled by doing a santity check on the key length and returning
+     * pk11_Attr2SecItem() to copy the ecPoint to the publicKeyValue).
+     *
+     * This test is unnecessary, however, due to the fact that
+     * EC_POINT_FORM_UNCOMPRESSED == SEC_ASIN1_OCTET_STRING, that case is
+     * handled in the above if. That means if we get here, the initial
+     * byte of our ecPoint value was invalid, so we can safely return.
+     * invalid attribute.
+     */
+
+    return CKR_ATTRIBUTE_VALUE_INVALID;
+}
+
+/*
+ * extract a public key from a slot and id
+ */
+SECKEYPublicKey *
+PK11_ExtractPublicKey(PK11SlotInfo *slot, KeyType keyType, CK_OBJECT_HANDLE id)
+{
+    CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
+    PLArenaPool *arena;
+    PLArenaPool *tmp_arena;
+    SECKEYPublicKey *pubKey;
+    unsigned int templateCount = 0;
+    CK_KEY_TYPE pk11KeyType;
+    CK_RV crv;
+    CK_ATTRIBUTE template[8];
+    CK_ATTRIBUTE *attrs = template;
+    CK_ATTRIBUTE *modulus, *exponent, *base, *prime, *subprime, *value;
+    CK_ATTRIBUTE *ecparams;
+
+    /* if we didn't know the key type, get it */
+    if (keyType == nullKey) {
+
+        pk11KeyType = PK11_ReadULongAttribute(slot, id, CKA_KEY_TYPE);
+        if (pk11KeyType == CK_UNAVAILABLE_INFORMATION) {
+            return NULL;
+        }
+        switch (pk11KeyType) {
+            case CKK_RSA:
+                keyType = rsaKey;
+                break;
+            case CKK_DSA:
+                keyType = dsaKey;
+                break;
+            case CKK_DH:
+                keyType = dhKey;
+                break;
+            case CKK_EC:
+                keyType = ecKey;
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_BAD_KEY);
+                return NULL;
+        }
+    }
+
+    /* now we need to create space for the public key */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+    tmp_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmp_arena == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    pubKey = (SECKEYPublicKey *)
+        PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+    if (pubKey == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        PORT_FreeArena(tmp_arena, PR_FALSE);
+        return NULL;
+    }
+
+    pubKey->arena = arena;
+    pubKey->keyType = keyType;
+    pubKey->pkcs11Slot = PK11_ReferenceSlot(slot);
+    pubKey->pkcs11ID = id;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass,
+                  sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &pk11KeyType,
+                  sizeof(pk11KeyType));
+    attrs++;
+    switch (pubKey->keyType) {
+        case rsaKey:
+            modulus = attrs;
+            PK11_SETATTRS(attrs, CKA_MODULUS, NULL, 0);
+            attrs++;
+            exponent = attrs;
+            PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT, NULL, 0);
+            attrs++;
+
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
+
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_RSA)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
+            crv = pk11_Attr2SecItem(arena, modulus, &pubKey->u.rsa.modulus);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, exponent, &pubKey->u.rsa.publicExponent);
+            if (crv != CKR_OK)
+                break;
+            break;
+        case dsaKey:
+            prime = attrs;
+            PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0);
+            attrs++;
+            subprime = attrs;
+            PK11_SETATTRS(attrs, CKA_SUBPRIME, NULL, 0);
+            attrs++;
+            base = attrs;
+            PK11_SETATTRS(attrs, CKA_BASE, NULL, 0);
+            attrs++;
+            value = attrs;
+            PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0);
+            attrs++;
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
+
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DSA)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
+            crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dsa.params.prime);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, subprime, &pubKey->u.dsa.params.subPrime);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dsa.params.base);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dsa.publicValue);
+            if (crv != CKR_OK)
+                break;
+            break;
+        case dhKey:
+            prime = attrs;
+            PK11_SETATTRS(attrs, CKA_PRIME, NULL, 0);
+            attrs++;
+            base = attrs;
+            PK11_SETATTRS(attrs, CKA_BASE, NULL, 0);
+            attrs++;
+            value = attrs;
+            PK11_SETATTRS(attrs, CKA_VALUE, NULL, 0);
+            attrs++;
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(tmp_arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
+
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_DH)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
+            crv = pk11_Attr2SecItem(arena, prime, &pubKey->u.dh.prime);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, base, &pubKey->u.dh.base);
+            if (crv != CKR_OK)
+                break;
+            crv = pk11_Attr2SecItem(arena, value, &pubKey->u.dh.publicValue);
+            if (crv != CKR_OK)
+                break;
+            break;
+        case ecKey:
+            pubKey->u.ec.size = 0;
+            ecparams = attrs;
+            PK11_SETATTRS(attrs, CKA_EC_PARAMS, NULL, 0);
+            attrs++;
+            value = attrs;
+            PK11_SETATTRS(attrs, CKA_EC_POINT, NULL, 0);
+            attrs++;
+            templateCount = attrs - template;
+            PR_ASSERT(templateCount <= sizeof(template) / sizeof(CK_ATTRIBUTE));
+            crv = PK11_GetAttributes(arena, slot, id, template, templateCount);
+            if (crv != CKR_OK)
+                break;
+
+            if ((keyClass != CKO_PUBLIC_KEY) || (pk11KeyType != CKK_EC)) {
+                crv = CKR_OBJECT_HANDLE_INVALID;
+                break;
+            }
+
+            crv = pk11_Attr2SecItem(arena, ecparams,
+                                    &pubKey->u.ec.DEREncodedParams);
+            if (crv != CKR_OK)
+                break;
+            pubKey->u.ec.encoding = ECPoint_Undefined;
+            crv = pk11_get_Decoded_ECPoint(arena,
+                                           &pubKey->u.ec.DEREncodedParams, value,
+                                           &pubKey->u.ec.publicValue);
+            break;
+        case fortezzaKey:
+        case nullKey:
+        default:
+            crv = CKR_OBJECT_HANDLE_INVALID;
+            break;
+    }
+
+    PORT_FreeArena(tmp_arena, PR_FALSE);
+
+    if (crv != CKR_OK) {
+        PORT_FreeArena(arena, PR_FALSE);
+        PK11_FreeSlot(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+
+    return pubKey;
+}
+
+/*
+ * Build a Private Key structure from raw PKCS #11 information.
+ */
+SECKEYPrivateKey *
+PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
+                 PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx)
+{
+    PLArenaPool *arena;
+    SECKEYPrivateKey *privKey;
+    PRBool isPrivate;
+    SECStatus rv;
+
+    /* don't know? look it up */
+    if (keyType == nullKey) {
+        CK_KEY_TYPE pk11Type = CKK_RSA;
+
+        pk11Type = PK11_ReadULongAttribute(slot, privID, CKA_KEY_TYPE);
+        isTemp = (PRBool)!PK11_HasAttributeSet(slot, privID, CKA_TOKEN, PR_FALSE);
+        switch (pk11Type) {
+            case CKK_RSA:
+                keyType = rsaKey;
+                break;
+            case CKK_DSA:
+                keyType = dsaKey;
+                break;
+            case CKK_DH:
+                keyType = dhKey;
+                break;
+            case CKK_KEA:
+                keyType = fortezzaKey;
+                break;
+            case CKK_EC:
+                keyType = ecKey;
+                break;
+            default:
+                break;
+        }
+    }
+
+    /* if the key is private, make sure we are authenticated to the
+     * token before we try to use it */
+    isPrivate = (PRBool)PK11_HasAttributeSet(slot, privID, CKA_PRIVATE, PR_FALSE);
+    if (isPrivate) {
+        rv = PK11_Authenticate(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            return NULL;
+        }
+    }
+
+    /* now we need to create space for the private key */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+
+    privKey = (SECKEYPrivateKey *)
+        PORT_ArenaZAlloc(arena, sizeof(SECKEYPrivateKey));
+    if (privKey == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    privKey->arena = arena;
+    privKey->keyType = keyType;
+    privKey->pkcs11Slot = PK11_ReferenceSlot(slot);
+    privKey->pkcs11ID = privID;
+    privKey->pkcs11IsTemp = isTemp;
+    privKey->wincx = wincx;
+
+    return privKey;
+}
+
+PK11SlotInfo *
+PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key)
+{
+    PK11SlotInfo *slot = key->pkcs11Slot;
+    slot = PK11_ReferenceSlot(slot);
+    return slot;
+}
+
+/*
+ * Get the modulus length for raw parsing
+ */
+int
+PK11_GetPrivateModulusLen(SECKEYPrivateKey *key)
+{
+    CK_ATTRIBUTE theTemplate = { CKA_MODULUS, NULL, 0 };
+    PK11SlotInfo *slot = key->pkcs11Slot;
+    CK_RV crv;
+    int length;
+
+    switch (key->keyType) {
+        case rsaKey:
+            crv = PK11_GetAttributes(NULL, slot, key->pkcs11ID, &theTemplate, 1);
+            if (crv != CKR_OK) {
+                PORT_SetError(PK11_MapError(crv));
+                return -1;
+            }
+            if (theTemplate.pValue == NULL) {
+                PORT_SetError(PK11_MapError(CKR_ATTRIBUTE_VALUE_INVALID));
+                return -1;
+            }
+            length = theTemplate.ulValueLen;
+            if (*(unsigned char *)theTemplate.pValue == 0) {
+                length--;
+            }
+            PORT_Free(theTemplate.pValue);
+            return (int)length;
+
+        case fortezzaKey:
+        case dsaKey:
+        case dhKey:
+        default:
+            break;
+    }
+    if (theTemplate.pValue != NULL)
+        PORT_Free(theTemplate.pValue);
+    PORT_SetError(SEC_ERROR_INVALID_KEY);
+    return -1;
+}
+
+/*
+ * take a private key in one pkcs11 module and load it into another:
+ *  NOTE: the source private key is a rare animal... it can't be sensitive.
+ *  This is used to do a key gen using one pkcs11 module and storing the
+ *  result into another.
+ */
+static SECKEYPrivateKey *
+pk11_loadPrivKeyWithFlags(PK11SlotInfo *slot, SECKEYPrivateKey *privKey,
+                          SECKEYPublicKey *pubKey, PK11AttrFlags attrFlags)
+{
+    CK_ATTRIBUTE privTemplate[] = {
+        /* class must be first */
+        { CKA_CLASS, NULL, 0 },
+        { CKA_KEY_TYPE, NULL, 0 },
+        { CKA_ID, NULL, 0 },
+        /* RSA - the attributes below will be replaced for other
+         *       key types.
+         */
+        { CKA_MODULUS, NULL, 0 },
+        { CKA_PRIVATE_EXPONENT, NULL, 0 },
+        { CKA_PUBLIC_EXPONENT, NULL, 0 },
+        { CKA_PRIME_1, NULL, 0 },
+        { CKA_PRIME_2, NULL, 0 },
+        { CKA_EXPONENT_1, NULL, 0 },
+        { CKA_EXPONENT_2, NULL, 0 },
+        { CKA_COEFFICIENT, NULL, 0 },
+        { CKA_DECRYPT, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_SIGN, NULL, 0 },
+        { CKA_SIGN_RECOVER, NULL, 0 },
+        { CKA_UNWRAP, NULL, 0 },
+        /* reserve space for the attributes that may be
+         * specified in attrFlags */
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_PRIVATE, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+        { CKA_SENSITIVE, NULL, 0 },
+        { CKA_EXTRACTABLE, NULL, 0 },
+#define NUM_RESERVED_ATTRS 5 /* number of reserved attributes above */
+    };
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_ATTRIBUTE *attrs = NULL, *ap;
+    const int templateSize = sizeof(privTemplate) / sizeof(privTemplate[0]);
+    PLArenaPool *arena;
+    CK_OBJECT_HANDLE objectID;
+    int i, count = 0;
+    int extra_count = 0;
+    CK_RV crv;
+    SECStatus rv;
+    PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0);
+
+    if (pk11_BadAttrFlags(attrFlags)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    for (i = 0; i < templateSize; i++) {
+        if (privTemplate[i].type == CKA_MODULUS) {
+            attrs = &privTemplate[i];
+            count = i;
+            break;
+        }
+    }
+    PORT_Assert(attrs != NULL);
+    if (attrs == NULL) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+
+    ap = attrs;
+
+    switch (privKey->keyType) {
+        case rsaKey:
+            count = templateSize - NUM_RESERVED_ATTRS;
+            extra_count = count - (attrs - privTemplate);
+            break;
+        case dsaKey:
+            ap->type = CKA_PRIME;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_SUBPRIME;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_BASE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_VALUE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_SIGN;
+            ap++;
+            count++;
+            extra_count++;
+            break;
+        case dhKey:
+            ap->type = CKA_PRIME;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_BASE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_VALUE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_DERIVE;
+            ap++;
+            count++;
+            extra_count++;
+            break;
+        case ecKey:
+            ap->type = CKA_EC_PARAMS;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_VALUE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_DERIVE;
+            ap++;
+            count++;
+            extra_count++;
+            ap->type = CKA_SIGN;
+            ap++;
+            count++;
+            extra_count++;
+            break;
+        default:
+            count = 0;
+            extra_count = 0;
+            break;
+    }
+
+    if (count == 0) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+    /*
+      * read out the old attributes.
+      */
+    crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID,
+                             privTemplate, count);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        PORT_FreeArena(arena, PR_TRUE);
+        return NULL;
+    }
+
+    /* Set token, private, modifiable, sensitive, and extractable */
+    count += pk11_AttrFlagsToAttributes(attrFlags, &privTemplate[count],
+                                        &cktrue, &ckfalse);
+
+    /* Not everyone can handle zero padded key values, give
+      * them the raw data as unsigned */
+    for (ap = attrs; extra_count; ap++, extra_count--) {
+        pk11_SignedToUnsigned(ap);
+    }
+
+    /* now Store the puppies */
+    rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION, privTemplate,
+                              count, token, &objectID);
+    PORT_FreeArena(arena, PR_TRUE);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    /* try loading the public key */
+    if (pubKey) {
+        PK11_ImportPublicKey(slot, pubKey, token);
+        if (pubKey->pkcs11Slot) {
+            PK11_FreeSlot(pubKey->pkcs11Slot);
+            pubKey->pkcs11Slot = NULL;
+            pubKey->pkcs11ID = CK_INVALID_HANDLE;
+        }
+    }
+
+    /* build new key structure */
+    return PK11_MakePrivKey(slot, privKey->keyType, !token,
+                            objectID, privKey->wincx);
+}
+
+static SECKEYPrivateKey *
+pk11_loadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey,
+                 SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive)
+{
+    PK11AttrFlags attrFlags = 0;
+    if (token) {
+        attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE);
+    } else {
+        attrFlags |= (PK11_ATTR_SESSION | PK11_ATTR_PUBLIC);
+    }
+    if (sensitive) {
+        attrFlags |= PK11_ATTR_SENSITIVE;
+    } else {
+        attrFlags |= PK11_ATTR_INSENSITIVE;
+    }
+    return pk11_loadPrivKeyWithFlags(slot, privKey, pubKey, attrFlags);
+}
+
+/*
+ * export this for PSM
+ */
+SECKEYPrivateKey *
+PK11_LoadPrivKey(PK11SlotInfo *slot, SECKEYPrivateKey *privKey,
+                 SECKEYPublicKey *pubKey, PRBool token, PRBool sensitive)
+{
+    return pk11_loadPrivKey(slot, privKey, pubKey, token, sensitive);
+}
+
+/*
+ * Use the token to generate a key pair.
+ */
+SECKEYPrivateKey *
+PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                                void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags,
+                                CK_FLAGS opFlags, CK_FLAGS opFlagsMask, void *wincx)
+{
+    /* we have to use these native types because when we call PKCS 11 modules
+     * we have to make sure that we are using the correct sizes for all the
+     * parameters. */
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_ULONG modulusBits;
+    CK_BYTE publicExponent[4];
+    CK_ATTRIBUTE privTemplate[] = {
+        { CKA_SENSITIVE, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_PRIVATE, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_UNWRAP, NULL, 0 },
+        { CKA_SIGN, NULL, 0 },
+        { CKA_DECRYPT, NULL, 0 },
+        { CKA_EXTRACTABLE, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+    };
+    CK_ATTRIBUTE rsaPubTemplate[] = {
+        { CKA_MODULUS_BITS, NULL, 0 },
+        { CKA_PUBLIC_EXPONENT, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+    };
+    CK_ATTRIBUTE dsaPubTemplate[] = {
+        { CKA_PRIME, NULL, 0 },
+        { CKA_SUBPRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+    };
+    CK_ATTRIBUTE dhPubTemplate[] = {
+        { CKA_PRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+    };
+    CK_ATTRIBUTE ecPubTemplate[] = {
+        { CKA_EC_PARAMS, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_DERIVE, NULL, 0 },
+        { CKA_WRAP, NULL, 0 },
+        { CKA_VERIFY, NULL, 0 },
+        { CKA_VERIFY_RECOVER, NULL, 0 },
+        { CKA_ENCRYPT, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+    };
+    SECKEYECParams *ecParams;
+
+    /*CK_ULONG key_size = 0;*/
+    CK_ATTRIBUTE *pubTemplate;
+    int privCount = 0;
+    int pubCount = 0;
+    PK11RSAGenParams *rsaParams;
+    SECKEYPQGParams *dsaParams;
+    SECKEYDHParams *dhParams;
+    CK_MECHANISM mechanism;
+    CK_MECHANISM test_mech;
+    CK_MECHANISM test_mech2;
+    CK_SESSION_HANDLE session_handle;
+    CK_RV crv;
+    CK_OBJECT_HANDLE privID, pubID;
+    SECKEYPrivateKey *privKey;
+    KeyType keyType;
+    PRBool restore;
+    int peCount, i;
+    CK_ATTRIBUTE *attrs;
+    CK_ATTRIBUTE *privattrs;
+    CK_ATTRIBUTE setTemplate;
+    CK_MECHANISM_INFO mechanism_info;
+    CK_OBJECT_CLASS keyClass;
+    SECItem *cka_id;
+    PRBool haslock = PR_FALSE;
+    PRBool pubIsToken = PR_FALSE;
+    PRBool token = ((attrFlags & PK11_ATTR_TOKEN) != 0);
+    /* subset of attrFlags applicable to the public key */
+    PK11AttrFlags pubKeyAttrFlags = attrFlags &
+                                    (PK11_ATTR_TOKEN | PK11_ATTR_SESSION | PK11_ATTR_MODIFIABLE | PK11_ATTR_UNMODIFIABLE);
+
+    if (pk11_BadAttrFlags(attrFlags)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (!param) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /*
+     * The opFlags and opFlagMask parameters allow us to control the
+     * settings of the key usage attributes (CKA_ENCRYPT and friends).
+     * opFlagMask is set to one if the flag is specified in opFlags and
+     *  zero if it is to take on a default value calculated by
+     *  PK11_GenerateKeyPairWithOpFlags.
+     * opFlags specifies the actual value of the flag 1 or 0.
+     *   Bits not corresponding to one bits in opFlagMask should be zero.
+     */
+
+    /* if we are trying to turn on a flag, it better be in the mask */
+    PORT_Assert((opFlags & ~opFlagsMask) == 0);
+    opFlags &= opFlagsMask;
+
+    PORT_Assert(slot != NULL);
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return NULL;
+    }
+
+    /* if our slot really doesn't do this mechanism, Generate the key
+     * in our internal token and write it out */
+    if (!PK11_DoesMechanism(slot, type)) {
+        PK11SlotInfo *int_slot = PK11_GetInternalSlot();
+
+        /* don't loop forever looking for a slot */
+        if (slot == int_slot) {
+            PK11_FreeSlot(int_slot);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return NULL;
+        }
+
+        /* if there isn't a suitable slot, then we can't do the keygen */
+        if (int_slot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            return NULL;
+        }
+
+        /* generate the temporary key to load */
+        privKey = PK11_GenerateKeyPair(int_slot, type, param, pubKey, PR_FALSE,
+                                       PR_FALSE, wincx);
+        PK11_FreeSlot(int_slot);
+
+        /* if successful, load the temp key into the new token */
+        if (privKey != NULL) {
+            SECKEYPrivateKey *newPrivKey = pk11_loadPrivKeyWithFlags(slot,
+                                                                     privKey, *pubKey, attrFlags);
+            SECKEY_DestroyPrivateKey(privKey);
+            if (newPrivKey == NULL) {
+                SECKEY_DestroyPublicKey(*pubKey);
+                *pubKey = NULL;
+            }
+            return newPrivKey;
+        }
+        return NULL;
+    }
+
+    mechanism.mechanism = type;
+    mechanism.pParameter = NULL;
+    mechanism.ulParameterLen = 0;
+    test_mech.pParameter = NULL;
+    test_mech.ulParameterLen = 0;
+    test_mech2.mechanism = CKM_INVALID_MECHANISM;
+    test_mech2.pParameter = NULL;
+    test_mech2.ulParameterLen = 0;
+
+    /* set up the private key template */
+    privattrs = privTemplate;
+    privattrs += pk11_AttrFlagsToAttributes(attrFlags, privattrs,
+                                            &cktrue, &ckfalse);
+
+    /* set up the mechanism specific info */
+    switch (type) {
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+        case CKM_RSA_X9_31_KEY_PAIR_GEN:
+            rsaParams = (PK11RSAGenParams *)param;
+            if (rsaParams->pe == 0) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return NULL;
+            }
+            modulusBits = rsaParams->keySizeInBits;
+            peCount = 0;
+
+            /* convert pe to a PKCS #11 string */
+            for (i = 0; i < 4; i++) {
+                if (peCount || (rsaParams->pe &
+                                ((unsigned long)0xff000000L >> (i * 8)))) {
+                    publicExponent[peCount] =
+                        (CK_BYTE)((rsaParams->pe >> (3 - i) * 8) & 0xff);
+                    peCount++;
+                }
+            }
+            PORT_Assert(peCount != 0);
+            attrs = rsaPubTemplate;
+            PK11_SETATTRS(attrs, CKA_MODULUS_BITS,
+                          &modulusBits, sizeof(modulusBits));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
+                          publicExponent, peCount);
+            attrs++;
+            pubTemplate = rsaPubTemplate;
+            keyType = rsaKey;
+            test_mech.mechanism = CKM_RSA_PKCS;
+            break;
+        case CKM_DSA_KEY_PAIR_GEN:
+            dsaParams = (SECKEYPQGParams *)param;
+            attrs = dsaPubTemplate;
+            PK11_SETATTRS(attrs, CKA_PRIME, dsaParams->prime.data,
+                          dsaParams->prime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_SUBPRIME, dsaParams->subPrime.data,
+                          dsaParams->subPrime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_BASE, dsaParams->base.data,
+                          dsaParams->base.len);
+            attrs++;
+            pubTemplate = dsaPubTemplate;
+            keyType = dsaKey;
+            test_mech.mechanism = CKM_DSA;
+            break;
+        case CKM_DH_PKCS_KEY_PAIR_GEN:
+            dhParams = (SECKEYDHParams *)param;
+            attrs = dhPubTemplate;
+            PK11_SETATTRS(attrs, CKA_PRIME, dhParams->prime.data,
+                          dhParams->prime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_BASE, dhParams->base.data,
+                          dhParams->base.len);
+            attrs++;
+            pubTemplate = dhPubTemplate;
+            keyType = dhKey;
+            test_mech.mechanism = CKM_DH_PKCS_DERIVE;
+            break;
+        case CKM_EC_KEY_PAIR_GEN:
+            ecParams = (SECKEYECParams *)param;
+            attrs = ecPubTemplate;
+            PK11_SETATTRS(attrs, CKA_EC_PARAMS, ecParams->data,
+                          ecParams->len);
+            attrs++;
+            pubTemplate = ecPubTemplate;
+            keyType = ecKey;
+            /*
+             * ECC supports 2 different mechanism types (unlike RSA, which
+             * supports different usages with the same mechanism).
+             * We may need to query both mechanism types and or the results
+             * together -- but we only do that if either the user has
+             * requested both usages, or not specified any usages.
+             */
+            if ((opFlags & (CKF_SIGN | CKF_DERIVE)) == (CKF_SIGN | CKF_DERIVE)) {
+                /* We've explicitly turned on both flags, use both mechanism */
+                test_mech.mechanism = CKM_ECDH1_DERIVE;
+                test_mech2.mechanism = CKM_ECDSA;
+            } else if (opFlags & CKF_SIGN) {
+                /* just do signing */
+                test_mech.mechanism = CKM_ECDSA;
+            } else if (opFlags & CKF_DERIVE) {
+                /* just do ECDH */
+                test_mech.mechanism = CKM_ECDH1_DERIVE;
+            } else {
+                /* neither was specified default to both */
+                test_mech.mechanism = CKM_ECDH1_DERIVE;
+                test_mech2.mechanism = CKM_ECDSA;
+            }
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            return NULL;
+    }
+
+    /* now query the slot to find out how "good" a key we can generate */
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
+                                                test_mech.mechanism, &mechanism_info);
+    /*
+     * EC keys are used in multiple different types of mechanism, if we
+     * are using dual use keys, we need to query the second mechanism
+     * as well.
+     */
+    if (test_mech2.mechanism != CKM_INVALID_MECHANISM) {
+        CK_MECHANISM_INFO mechanism_info2;
+        CK_RV crv2;
+
+        if (crv != CKR_OK) {
+            /* the first failed, make sure there is no trash in the
+             * mechanism flags when we or it below */
+            mechanism_info.flags = 0;
+        }
+        crv2 = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
+                                                     test_mech2.mechanism, &mechanism_info2);
+        if (crv2 == CKR_OK) {
+            crv = CKR_OK; /* succeed if either mechnaism info succeeds */
+            /* combine the 2 sets of mechnanism flags */
+            mechanism_info.flags |= mechanism_info2.flags;
+        }
+    }
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+    if ((crv != CKR_OK) || (mechanism_info.flags == 0)) {
+        /* must be old module... guess what it should be... */
+        switch (test_mech.mechanism) {
+            case CKM_RSA_PKCS:
+                mechanism_info.flags = (CKF_SIGN | CKF_DECRYPT |
+                                        CKF_WRAP | CKF_VERIFY_RECOVER | CKF_ENCRYPT | CKF_WRAP);
+                break;
+            case CKM_DSA:
+                mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
+                break;
+            case CKM_DH_PKCS_DERIVE:
+                mechanism_info.flags = CKF_DERIVE;
+                break;
+            case CKM_ECDH1_DERIVE:
+                mechanism_info.flags = CKF_DERIVE;
+                if (test_mech2.mechanism == CKM_ECDSA) {
+                    mechanism_info.flags |= CKF_SIGN | CKF_VERIFY;
+                }
+                break;
+            case CKM_ECDSA:
+                mechanism_info.flags = CKF_SIGN | CKF_VERIFY;
+                break;
+            default:
+                break;
+        }
+    }
+    /* now adjust our flags according to the user's key usage passed to us */
+    mechanism_info.flags = (mechanism_info.flags & (~opFlagsMask)) | opFlags;
+    /* set the public key attributes */
+    attrs += pk11_AttrFlagsToAttributes(pubKeyAttrFlags, attrs,
+                                        &cktrue, &ckfalse);
+    PK11_SETATTRS(attrs, CKA_DERIVE,
+                  mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_WRAP,
+                  mechanism_info.flags & CKF_WRAP ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_VERIFY,
+                  mechanism_info.flags & CKF_VERIFY ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_VERIFY_RECOVER,
+                  mechanism_info.flags & CKF_VERIFY_RECOVER ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_ENCRYPT,
+                  mechanism_info.flags & CKF_ENCRYPT ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    /* set the private key attributes */
+    PK11_SETATTRS(privattrs, CKA_DERIVE,
+                  mechanism_info.flags & CKF_DERIVE ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
+    PK11_SETATTRS(privattrs, CKA_UNWRAP,
+                  mechanism_info.flags & CKF_UNWRAP ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
+    PK11_SETATTRS(privattrs, CKA_SIGN,
+                  mechanism_info.flags & CKF_SIGN ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
+    PK11_SETATTRS(privattrs, CKA_DECRYPT,
+                  mechanism_info.flags & CKF_DECRYPT ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    privattrs++;
+
+    if (token) {
+        session_handle = PK11_GetRWSession(slot);
+        haslock = PK11_RWSessionHasLock(slot, session_handle);
+        restore = PR_TRUE;
+    } else {
+        session_handle = slot->session;
+        if (session_handle != CK_INVALID_SESSION)
+            PK11_EnterSlotMonitor(slot);
+        restore = PR_FALSE;
+        haslock = PR_TRUE;
+    }
+
+    if (session_handle == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return NULL;
+    }
+    privCount = privattrs - privTemplate;
+    pubCount = attrs - pubTemplate;
+    crv = PK11_GETTAB(slot)->C_GenerateKeyPair(session_handle, &mechanism,
+                                               pubTemplate, pubCount, privTemplate, privCount, &pubID, &privID);
+
+    if (crv != CKR_OK) {
+        if (restore) {
+            PK11_RestoreROSession(slot, session_handle);
+        } else
+            PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+    /* This locking code is dangerous and needs to be more thought
+     * out... the real problem is that we're holding the mutex open this long
+     */
+    if (haslock) {
+        PK11_ExitSlotMonitor(slot);
+    }
+
+    /* swap around the ID's for older PKCS #11 modules */
+    keyClass = PK11_ReadULongAttribute(slot, pubID, CKA_CLASS);
+    if (keyClass != CKO_PUBLIC_KEY) {
+        CK_OBJECT_HANDLE tmp = pubID;
+        pubID = privID;
+        privID = tmp;
+    }
+
+    *pubKey = PK11_ExtractPublicKey(slot, keyType, pubID);
+    if (*pubKey == NULL) {
+        if (restore) {
+            /* we may have to restore the mutex so it get's exited properly
+             * in RestoreROSession */
+            if (haslock)
+                PK11_EnterSlotMonitor(slot);
+            PK11_RestoreROSession(slot, session_handle);
+        }
+        PK11_DestroyObject(slot, pubID);
+        PK11_DestroyObject(slot, privID);
+        return NULL;
+    }
+
+    /* set the ID to the public key so we can find it again */
+    cka_id = pk11_MakeIDFromPublicKey(*pubKey);
+    pubIsToken = (PRBool)PK11_HasAttributeSet(slot, pubID, CKA_TOKEN, PR_FALSE);
+
+    PK11_SETATTRS(&setTemplate, CKA_ID, cka_id->data, cka_id->len);
+
+    if (haslock) {
+        PK11_EnterSlotMonitor(slot);
+    }
+    crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, privID,
+                                                 &setTemplate, 1);
+
+    if (crv == CKR_OK && pubIsToken) {
+        crv = PK11_GETTAB(slot)->C_SetAttributeValue(session_handle, pubID,
+                                                     &setTemplate, 1);
+    }
+
+    if (restore) {
+        PK11_RestoreROSession(slot, session_handle);
+    } else {
+        PK11_ExitSlotMonitor(slot);
+    }
+    SECITEM_FreeItem(cka_id, PR_TRUE);
+
+    if (crv != CKR_OK) {
+        PK11_DestroyObject(slot, pubID);
+        PK11_DestroyObject(slot, privID);
+        PORT_SetError(PK11_MapError(crv));
+        *pubKey = NULL;
+        return NULL;
+    }
+
+    privKey = PK11_MakePrivKey(slot, keyType, !token, privID, wincx);
+    if (privKey == NULL) {
+        SECKEY_DestroyPublicKey(*pubKey);
+        PK11_DestroyObject(slot, privID);
+        *pubKey = NULL;
+        return NULL;
+    }
+
+    return privKey;
+}
+
+SECKEYPrivateKey *
+PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                              void *param, SECKEYPublicKey **pubKey, PK11AttrFlags attrFlags, void *wincx)
+{
+    return PK11_GenerateKeyPairWithOpFlags(slot, type, param, pubKey, attrFlags,
+                                           0, 0, wincx);
+}
+
+/*
+ * Use the token to generate a key pair.
+ */
+SECKEYPrivateKey *
+PK11_GenerateKeyPair(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                     void *param, SECKEYPublicKey **pubKey, PRBool token,
+                     PRBool sensitive, void *wincx)
+{
+    PK11AttrFlags attrFlags = 0;
+
+    if (token) {
+        attrFlags |= PK11_ATTR_TOKEN;
+    } else {
+        attrFlags |= PK11_ATTR_SESSION;
+    }
+    if (sensitive) {
+        attrFlags |= (PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE);
+    } else {
+        attrFlags |= (PK11_ATTR_INSENSITIVE | PK11_ATTR_PUBLIC);
+    }
+    return PK11_GenerateKeyPairWithFlags(slot, type, param, pubKey,
+                                         attrFlags, wincx);
+}
+
+/* build a public KEA key from the public value */
+SECKEYPublicKey *
+PK11_MakeKEAPubKey(unsigned char *keyData, int length)
+{
+    SECKEYPublicKey *pubk;
+    SECItem pkData;
+    SECStatus rv;
+    PLArenaPool *arena;
+
+    pkData.data = keyData;
+    pkData.len = length;
+    pkData.type = siBuffer;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+
+    pubk = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
+    if (pubk == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    pubk->arena = arena;
+    pubk->pkcs11Slot = 0;
+    pubk->pkcs11ID = CK_INVALID_HANDLE;
+    pubk->keyType = fortezzaKey;
+    rv = SECITEM_CopyItem(arena, &pubk->u.fortezza.KEAKey, &pkData);
+    if (rv != SECSuccess) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    return pubk;
+}
+
+/*
+ * NOTE: This function doesn't return a SECKEYPrivateKey struct to represent
+ * the new private key object.  If it were to create a session object that
+ * could later be looked up by its nickname, it would leak a SECKEYPrivateKey.
+ * So isPerm must be true.
+ */
+SECStatus
+PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
+                                   SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
+                                   SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                                   PRBool isPrivate, KeyType keyType,
+                                   unsigned int keyUsage, void *wincx)
+{
+    if (!isPerm) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    return PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(slot, epki,
+                                                          pwitem, nickname, publicValue, isPerm, isPrivate, keyType,
+                                                          keyUsage, NULL, wincx);
+}
+
+SECStatus
+PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
+                                               SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
+                                               SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                                               PRBool isPrivate, KeyType keyType,
+                                               unsigned int keyUsage, SECKEYPrivateKey **privk,
+                                               void *wincx)
+{
+    CK_MECHANISM_TYPE pbeMechType;
+    SECItem *crypto_param = NULL;
+    PK11SymKey *key = NULL;
+    SECStatus rv = SECSuccess;
+    CK_MECHANISM_TYPE cryptoMechType;
+    SECKEYPrivateKey *privKey = NULL;
+    PRBool faulty3DES = PR_FALSE;
+    int usageCount = 0;
+    CK_KEY_TYPE key_type;
+    CK_ATTRIBUTE_TYPE *usage = NULL;
+    CK_ATTRIBUTE_TYPE rsaUsage[] = {
+        CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER
+    };
+    CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN };
+    CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE };
+    CK_ATTRIBUTE_TYPE ecUsage[] = { CKA_SIGN, CKA_DERIVE };
+    if ((epki == NULL) || (pwitem == NULL))
+        return SECFailure;
+
+    pbeMechType = PK11_AlgtagToMechanism(SECOID_FindOIDTag(
+        &epki->algorithm.algorithm));
+
+    switch (keyType) {
+        default:
+        case rsaKey:
+            key_type = CKK_RSA;
+            switch (keyUsage & (KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE)) {
+                case KU_KEY_ENCIPHERMENT:
+                    usage = rsaUsage;
+                    usageCount = 2;
+                    break;
+                case KU_DIGITAL_SIGNATURE:
+                    usage = &rsaUsage[2];
+                    usageCount = 2;
+                    break;
+                case KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE:
+                case 0: /* default to everything */
+                    usage = rsaUsage;
+                    usageCount = 4;
+                    break;
+            }
+            break;
+        case dhKey:
+            key_type = CKK_DH;
+            usage = dhUsage;
+            usageCount = sizeof(dhUsage) / sizeof(dhUsage[0]);
+            break;
+        case dsaKey:
+            key_type = CKK_DSA;
+            usage = dsaUsage;
+            usageCount = sizeof(dsaUsage) / sizeof(dsaUsage[0]);
+            break;
+        case ecKey:
+            key_type = CKK_EC;
+            switch (keyUsage & (KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) {
+                case KU_DIGITAL_SIGNATURE:
+                    usage = ecUsage;
+                    usageCount = 1;
+                    break;
+                case KU_KEY_AGREEMENT:
+                    usage = &ecUsage[1];
+                    usageCount = 1;
+                    break;
+                case KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT:
+                default: /* default to everything */
+                    usage = ecUsage;
+                    usageCount = 2;
+                    break;
+            }
+            break;
+    }
+
+try_faulty_3des:
+
+    key = PK11_PBEKeyGen(slot, &epki->algorithm, pwitem, faulty3DES, wincx);
+    if (key == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+    cryptoMechType = pk11_GetPBECryptoMechanism(&epki->algorithm,
+                                                &crypto_param, pwitem, faulty3DES);
+    if (cryptoMechType == CKM_INVALID_MECHANISM) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    cryptoMechType = PK11_GetPadMechanism(cryptoMechType);
+
+    PORT_Assert(usage != NULL);
+    PORT_Assert(usageCount != 0);
+    privKey = PK11_UnwrapPrivKey(slot, key, cryptoMechType,
+                                 crypto_param, &epki->encryptedData,
+                                 nickname, publicValue, isPerm, isPrivate,
+                                 key_type, usage, usageCount, wincx);
+    if (privKey) {
+        if (privk) {
+            *privk = privKey;
+        } else {
+            SECKEY_DestroyPrivateKey(privKey);
+        }
+        privKey = NULL;
+        rv = SECSuccess;
+        goto done;
+    }
+
+    /* if we are unable to import the key and the pbeMechType is
+     * CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, then it is possible that
+     * the encrypted blob was created with a buggy key generation method
+     * which is described in the PKCS 12 implementation notes.  So we
+     * need to try importing via that method.
+     */
+    if ((pbeMechType == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC) && (!faulty3DES)) {
+        /* clean up after ourselves before redoing the key generation. */
+
+        PK11_FreeSymKey(key);
+        key = NULL;
+
+        if (crypto_param) {
+            SECITEM_ZfreeItem(crypto_param, PR_TRUE);
+            crypto_param = NULL;
+        }
+
+        faulty3DES = PR_TRUE;
+        goto try_faulty_3des;
+    }
+
+    /* key import really did fail */
+    rv = SECFailure;
+
+done:
+    if (crypto_param != NULL) {
+        SECITEM_ZfreeItem(crypto_param, PR_TRUE);
+    }
+
+    if (key != NULL) {
+        PK11_FreeSymKey(key);
+    }
+
+    return rv;
+}
+
+SECKEYPrivateKeyInfo *
+PK11_ExportPrivateKeyInfo(CERTCertificate *cert, void *wincx)
+{
+    SECKEYPrivateKeyInfo *pki = NULL;
+    SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx);
+    if (pk != NULL) {
+        pki = PK11_ExportPrivKeyInfo(pk, wincx);
+        SECKEY_DestroyPrivateKey(pk);
+    }
+    return pki;
+}
+
+SECKEYEncryptedPrivateKeyInfo *
+PK11_ExportEncryptedPrivKeyInfo(
+    PK11SlotInfo *slot,   /* optional, encrypt key in this slot */
+    SECOidTag algTag,     /* encrypt key with this algorithm */
+    SECItem *pwitem,      /* password for PBE encryption */
+    SECKEYPrivateKey *pk, /* encrypt this private key */
+    int iteration,        /* interations for PBE alg */
+    void *wincx)          /* context for password callback ? */
+{
+    SECKEYEncryptedPrivateKeyInfo *epki = NULL;
+    PLArenaPool *arena = NULL;
+    SECAlgorithmID *algid;
+    SECOidTag pbeAlgTag = SEC_OID_UNKNOWN;
+    SECItem *crypto_param = NULL;
+    PK11SymKey *key = NULL;
+    SECKEYPrivateKey *tmpPK = NULL;
+    SECStatus rv = SECSuccess;
+    CK_RV crv;
+    CK_ULONG encBufLen;
+    CK_MECHANISM_TYPE pbeMechType;
+    CK_MECHANISM_TYPE cryptoMechType;
+    CK_MECHANISM cryptoMech;
+
+    if (!pwitem || !pk) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    algid = sec_pkcs5CreateAlgorithmID(algTag, SEC_OID_UNKNOWN, SEC_OID_UNKNOWN,
+                                       &pbeAlgTag, 0, NULL, iteration);
+    if (algid == NULL) {
+        return NULL;
+    }
+
+    arena = PORT_NewArena(2048);
+    if (arena)
+        epki = PORT_ArenaZNew(arena, SECKEYEncryptedPrivateKeyInfo);
+    if (epki == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    epki->arena = arena;
+
+    /* if we didn't specify a slot, use the slot the private key was in */
+    if (!slot) {
+        slot = pk->pkcs11Slot;
+    }
+
+    /* if we specified a different slot, and the private key slot can do the
+     * pbe key gen, generate the key in the private key slot so we don't have
+     * to move it later */
+    pbeMechType = PK11_AlgtagToMechanism(pbeAlgTag);
+    if (slot != pk->pkcs11Slot) {
+        if (PK11_DoesMechanism(pk->pkcs11Slot, pbeMechType)) {
+            slot = pk->pkcs11Slot;
+        }
+    }
+    key = PK11_PBEKeyGen(slot, algid, pwitem, PR_FALSE, wincx);
+    if (key == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    cryptoMechType = PK11_GetPBECryptoMechanism(algid, &crypto_param, pwitem);
+    if (cryptoMechType == CKM_INVALID_MECHANISM) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    cryptoMech.mechanism = PK11_GetPadMechanism(cryptoMechType);
+    cryptoMech.pParameter = crypto_param ? crypto_param->data : NULL;
+    cryptoMech.ulParameterLen = crypto_param ? crypto_param->len : 0;
+
+    /* If the key isn't in the private key slot, move it */
+    if (key->slot != pk->pkcs11Slot) {
+        PK11SymKey *newkey = pk11_CopyToSlot(pk->pkcs11Slot,
+                                             key->type, CKA_WRAP, key);
+        if (newkey == NULL) {
+            /* couldn't import the wrapping key, try exporting the
+             * private key */
+            tmpPK = pk11_loadPrivKey(key->slot, pk, NULL, PR_FALSE, PR_TRUE);
+            if (tmpPK == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+            pk = tmpPK;
+        } else {
+            /* free the old key and use the new key */
+            PK11_FreeSymKey(key);
+            key = newkey;
+        }
+    }
+
+    /* we are extracting an encrypted privateKey structure.
+     * which needs to be freed along with the buffer into which it is
+     * returned.  eventually, we should retrieve an encrypted key using
+     * pkcs8/pkcs5.
+     */
+    encBufLen = 0;
+    PK11_EnterSlotMonitor(pk->pkcs11Slot);
+    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, NULL, &encBufLen);
+    PK11_ExitSlotMonitor(pk->pkcs11Slot);
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
+    }
+    epki->encryptedData.data = PORT_ArenaAlloc(arena, encBufLen);
+    if (!epki->encryptedData.data) {
+        rv = SECFailure;
+        goto loser;
+    }
+    PK11_EnterSlotMonitor(pk->pkcs11Slot);
+    crv = PK11_GETTAB(pk->pkcs11Slot)->C_WrapKey(pk->pkcs11Slot->session, &cryptoMech, key->objectID, pk->pkcs11ID, epki->encryptedData.data, &encBufLen);
+    PK11_ExitSlotMonitor(pk->pkcs11Slot);
+    epki->encryptedData.len = (unsigned int)encBufLen;
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    if (!epki->encryptedData.len) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = SECOID_CopyAlgorithmID(arena, &epki->algorithm, algid);
+
+loser:
+    if (crypto_param != NULL) {
+        SECITEM_ZfreeItem(crypto_param, PR_TRUE);
+        crypto_param = NULL;
+    }
+
+    if (key != NULL) {
+        PK11_FreeSymKey(key);
+    }
+    if (tmpPK != NULL) {
+        SECKEY_DestroyPrivateKey(tmpPK);
+    }
+    SECOID_DestroyAlgorithmID(algid, PR_TRUE);
+
+    if (rv == SECFailure) {
+        if (arena != NULL) {
+            PORT_FreeArena(arena, PR_TRUE);
+        }
+        epki = NULL;
+    }
+
+    return epki;
+}
+
+SECKEYEncryptedPrivateKeyInfo *
+PK11_ExportEncryptedPrivateKeyInfo(
+    PK11SlotInfo *slot,    /* optional, encrypt key in this slot */
+    SECOidTag algTag,      /* encrypt key with this algorithm */
+    SECItem *pwitem,       /* password for PBE encryption */
+    CERTCertificate *cert, /* wrap priv key for this user cert */
+    int iteration,         /* interations for PBE alg */
+    void *wincx)           /* context for password callback ? */
+{
+    SECKEYEncryptedPrivateKeyInfo *epki = NULL;
+    SECKEYPrivateKey *pk = PK11_FindKeyByAnyCert(cert, wincx);
+    if (pk != NULL) {
+        epki = PK11_ExportEncryptedPrivKeyInfo(slot, algTag, pwitem, pk,
+                                               iteration, wincx);
+        SECKEY_DestroyPrivateKey(pk);
+    }
+    return epki;
+}
+
+SECItem *
+PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk)
+{
+    return SECKEY_EncodeDERSubjectPublicKeyInfo(pubk);
+}
+
+char *
+PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey)
+{
+    return PK11_GetObjectNickname(privKey->pkcs11Slot, privKey->pkcs11ID);
+}
+
+char *
+PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey)
+{
+    return PK11_GetObjectNickname(pubKey->pkcs11Slot, pubKey->pkcs11ID);
+}
+
+SECStatus
+PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey, const char *nickname)
+{
+    return PK11_SetObjectNickname(privKey->pkcs11Slot,
+                                  privKey->pkcs11ID, nickname);
+}
+
+SECStatus
+PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey, const char *nickname)
+{
+    return PK11_SetObjectNickname(pubKey->pkcs11Slot,
+                                  pubKey->pkcs11ID, nickname);
+}
+
+SECKEYPQGParams *
+PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey)
+{
+    CK_ATTRIBUTE pTemplate[] = {
+        { CKA_PRIME, NULL, 0 },
+        { CKA_SUBPRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
+    };
+    int pTemplateLen = sizeof(pTemplate) / sizeof(pTemplate[0]);
+    PLArenaPool *arena = NULL;
+    SECKEYPQGParams *params;
+    CK_RV crv;
+
+    arena = PORT_NewArena(2048);
+    if (arena == NULL) {
+        goto loser;
+    }
+    params = (SECKEYPQGParams *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPQGParams));
+    if (params == NULL) {
+        goto loser;
+    }
+
+    crv = PK11_GetAttributes(arena, privKey->pkcs11Slot, privKey->pkcs11ID,
+                             pTemplate, pTemplateLen);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    params->arena = arena;
+    params->prime.data = pTemplate[0].pValue;
+    params->prime.len = pTemplate[0].ulValueLen;
+    params->subPrime.data = pTemplate[1].pValue;
+    params->subPrime.len = pTemplate[1].ulValueLen;
+    params->base.data = pTemplate[2].pValue;
+    params->base.len = pTemplate[2].ulValueLen;
+
+    return params;
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+SECKEYPrivateKey *
+PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
+                                      SECKEYPrivateKey *privKey)
+{
+    CK_RV crv;
+    CK_OBJECT_HANDLE newKeyID;
+
+    static const CK_BBOOL ckfalse = CK_FALSE;
+    static const CK_ATTRIBUTE template[1] = {
+        { CKA_TOKEN, (CK_BBOOL *)&ckfalse, sizeof ckfalse }
+    };
+
+    if (destSlot && destSlot != privKey->pkcs11Slot) {
+        SECKEYPrivateKey *newKey =
+            pk11_loadPrivKey(destSlot,
+                             privKey,
+                             NULL,      /* pubKey    */
+                             PR_FALSE,  /* token     */
+                             PR_FALSE); /* sensitive */
+        if (newKey)
+            return newKey;
+    }
+    destSlot = privKey->pkcs11Slot;
+    PK11_Authenticate(destSlot, PR_TRUE, privKey->wincx);
+    PK11_EnterSlotMonitor(destSlot);
+    crv = PK11_GETTAB(destSlot)->C_CopyObject(destSlot->session,
+                                              privKey->pkcs11ID,
+                                              (CK_ATTRIBUTE *)template,
+                                              1, &newKeyID);
+    PK11_ExitSlotMonitor(destSlot);
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+
+    return PK11_MakePrivKey(destSlot, privKey->keyType, PR_TRUE /*isTemp*/,
+                            newKeyID, privKey->wincx);
+}
+
+SECKEYPrivateKey *
+PK11_ConvertSessionPrivKeyToTokenPrivKey(SECKEYPrivateKey *privk, void *wincx)
+{
+    PK11SlotInfo *slot = privk->pkcs11Slot;
+    CK_ATTRIBUTE template[1];
+    CK_ATTRIBUTE *attrs = template;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_RV crv;
+    CK_OBJECT_HANDLE newKeyID;
+    CK_SESSION_HANDLE rwsession;
+
+    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue));
+    attrs++;
+
+    PK11_Authenticate(slot, PR_TRUE, wincx);
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return NULL;
+    }
+    crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, privk->pkcs11ID,
+                                          template, 1, &newKeyID);
+    PK11_RestoreROSession(slot, rwsession);
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+
+    return PK11_MakePrivKey(slot, nullKey /*KeyType*/, PR_FALSE /*isTemp*/,
+                            newKeyID, NULL /*wincx*/);
+}
+
+/*
+ * destroy a private key if there are no matching certs.
+ * this function also frees the privKey structure.
+ */
+SECStatus
+PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force)
+{
+    CERTCertificate *cert = PK11_GetCertFromPrivateKey(privKey);
+    SECStatus rv = SECWouldBlock;
+
+    if (!cert || force) {
+        /* now, then it's safe for the key to go away */
+        rv = PK11_DestroyTokenObject(privKey->pkcs11Slot, privKey->pkcs11ID);
+    }
+    if (cert) {
+        CERT_DestroyCertificate(cert);
+    }
+    SECKEY_DestroyPrivateKey(privKey);
+    return rv;
+}
+
+/*
+ * destroy a private key if there are no matching certs.
+ * this function also frees the privKey structure.
+ */
+SECStatus
+PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey)
+{
+    /* now, then it's safe for the key to go away */
+    if (pubKey->pkcs11Slot == NULL) {
+        return SECFailure;
+    }
+    PK11_DestroyTokenObject(pubKey->pkcs11Slot, pubKey->pkcs11ID);
+    SECKEY_DestroyPublicKey(pubKey);
+    return SECSuccess;
+}
+
+/*
+ * key call back structure.
+ */
+typedef struct pk11KeyCallbackStr {
+    SECStatus (*callback)(SECKEYPrivateKey *, void *);
+    void *callbackArg;
+    void *wincx;
+} pk11KeyCallback;
+
+/*
+ * callback to map Object Handles to Private Keys;
+ */
+SECStatus
+pk11_DoKeys(PK11SlotInfo *slot, CK_OBJECT_HANDLE keyHandle, void *arg)
+{
+    SECStatus rv = SECSuccess;
+    SECKEYPrivateKey *privKey;
+    pk11KeyCallback *keycb = (pk11KeyCallback *)arg;
+    if (!arg) {
+        return SECFailure;
+    }
+
+    privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, keycb->wincx);
+
+    if (privKey == NULL) {
+        return SECFailure;
+    }
+
+    if (keycb->callback) {
+        rv = (*keycb->callback)(privKey, keycb->callbackArg);
+    }
+
+    SECKEY_DestroyPrivateKey(privKey);
+    return rv;
+}
+
+/***********************************************************************
+ * PK11_TraversePrivateKeysInSlot
+ *
+ * Traverses all the private keys on a slot.
+ *
+ * INPUTS
+ *      slot
+ *          The PKCS #11 slot whose private keys you want to traverse.
+ *      callback
+ *          A callback function that will be called for each key.
+ *      arg
+ *          An argument that will be passed to the callback function.
+ */
+SECStatus
+PK11_TraversePrivateKeysInSlot(PK11SlotInfo *slot,
+                               SECStatus (*callback)(SECKEYPrivateKey *, void *), void *arg)
+{
+    pk11KeyCallback perKeyCB;
+    pk11TraverseSlot perObjectCB;
+    CK_OBJECT_CLASS privkClass = CKO_PRIVATE_KEY;
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_ATTRIBUTE theTemplate[2];
+    int templateSize = 2;
+
+    theTemplate[0].type = CKA_CLASS;
+    theTemplate[0].pValue = &privkClass;
+    theTemplate[0].ulValueLen = sizeof(privkClass);
+    theTemplate[1].type = CKA_TOKEN;
+    theTemplate[1].pValue = &ckTrue;
+    theTemplate[1].ulValueLen = sizeof(ckTrue);
+
+    if (slot == NULL) {
+        return SECSuccess;
+    }
+
+    perObjectCB.callback = pk11_DoKeys;
+    perObjectCB.callbackArg = &perKeyCB;
+    perObjectCB.findTemplate = theTemplate;
+    perObjectCB.templateCount = templateSize;
+    perKeyCB.callback = callback;
+    perKeyCB.callbackArg = arg;
+    perKeyCB.wincx = NULL;
+
+    return PK11_TraverseSlot(slot, &perObjectCB);
+}
+
+/*
+ * return the private key with the given ID
+ */
+CK_OBJECT_HANDLE
+pk11_FindPrivateKeyFromCertID(PK11SlotInfo *slot, SECItem *keyID)
+{
+    CK_OBJECT_CLASS privKey = CKO_PRIVATE_KEY;
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_ID, NULL, 0 },
+        { CKA_CLASS, NULL, 0 },
+    };
+    /* if you change the array, change the variable below as well */
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    CK_ATTRIBUTE *attrs = theTemplate;
+
+    PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len);
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &privKey, sizeof(privKey));
+
+    return pk11_FindObjectByTemplate(slot, theTemplate, tsize);
+}
+
+SECKEYPrivateKey *
+PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID, void *wincx)
+{
+    CK_OBJECT_HANDLE keyHandle;
+    SECKEYPrivateKey *privKey;
+
+    keyHandle = pk11_FindPrivateKeyFromCertID(slot, keyID);
+    if (keyHandle == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+    privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
+    return privKey;
+}
+
+/*
+ * Generate a CKA_ID from the relevant public key data. The CKA_ID is generated
+ * from the pubKeyData by SHA1_Hashing it to produce a smaller CKA_ID (to make
+ * smart cards happy.
+ */
+SECItem *
+PK11_MakeIDFromPubKey(SECItem *pubKeyData)
+{
+    PK11Context *context;
+    SECItem *certCKA_ID;
+    SECStatus rv;
+
+    if (pubKeyData->len <= SHA1_LENGTH) {
+        /* probably an already hashed value. The strongest known public
+         * key values <= 160 bits would be less than 40 bit symetric in
+         * strength. Don't hash them, just return the value. There are
+         * none at the time of this writing supported by previous versions
+         * of NSS, so change is binary compatible safe */
+        return SECITEM_DupItem(pubKeyData);
+    }
+
+    context = PK11_CreateDigestContext(SEC_OID_SHA1);
+    if (context == NULL) {
+        return NULL;
+    }
+
+    rv = PK11_DigestBegin(context);
+    if (rv == SECSuccess) {
+        rv = PK11_DigestOp(context, pubKeyData->data, pubKeyData->len);
+    }
+    if (rv != SECSuccess) {
+        PK11_DestroyContext(context, PR_TRUE);
+        return NULL;
+    }
+
+    certCKA_ID = (SECItem *)PORT_Alloc(sizeof(SECItem));
+    if (certCKA_ID == NULL) {
+        PK11_DestroyContext(context, PR_TRUE);
+        return NULL;
+    }
+
+    certCKA_ID->len = SHA1_LENGTH;
+    certCKA_ID->data = (unsigned char *)PORT_Alloc(certCKA_ID->len);
+    if (certCKA_ID->data == NULL) {
+        PORT_Free(certCKA_ID);
+        PK11_DestroyContext(context, PR_TRUE);
+        return NULL;
+    }
+
+    rv = PK11_DigestFinal(context, certCKA_ID->data, &certCKA_ID->len,
+                          SHA1_LENGTH);
+    PK11_DestroyContext(context, PR_TRUE);
+    if (rv != SECSuccess) {
+        SECITEM_FreeItem(certCKA_ID, PR_TRUE);
+        return NULL;
+    }
+
+    return certCKA_ID;
+}
+
+/* Looking for PK11_GetKeyIDFromPrivateKey?
+ * Call PK11_GetLowLevelKeyIDForPrivateKey instead.
+ */
+
+SECItem *
+PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *privKey)
+{
+    return pk11_GetLowLevelKeyFromHandle(privKey->pkcs11Slot, privKey->pkcs11ID);
+}
+
+static SECStatus
+privateKeyListCallback(SECKEYPrivateKey *key, void *arg)
+{
+    SECKEYPrivateKeyList *list = (SECKEYPrivateKeyList *)arg;
+    return SECKEY_AddPrivateKeyToListTail(list, SECKEY_CopyPrivateKey(key));
+}
+
+SECKEYPrivateKeyList *
+PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot)
+{
+    SECStatus status;
+    SECKEYPrivateKeyList *keys;
+
+    keys = SECKEY_NewPrivateKeyList();
+    if (keys == NULL)
+        return NULL;
+
+    status = PK11_TraversePrivateKeysInSlot(slot, privateKeyListCallback,
+                                            (void *)keys);
+
+    if (status != SECSuccess) {
+        SECKEY_DestroyPrivateKeyList(keys);
+        keys = NULL;
+    }
+
+    return keys;
+}
+
+SECKEYPublicKeyList *
+PK11_ListPublicKeysInSlot(PK11SlotInfo *slot, char *nickname)
+{
+    CK_ATTRIBUTE findTemp[4];
+    CK_ATTRIBUTE *attrs;
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_OBJECT_CLASS keyclass = CKO_PUBLIC_KEY;
+    unsigned int tsize = 0;
+    int objCount = 0;
+    CK_OBJECT_HANDLE *key_ids;
+    SECKEYPublicKeyList *keys;
+    int i, len;
+
+    attrs = findTemp;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue));
+    attrs++;
+    if (nickname) {
+        len = PORT_Strlen(nickname);
+        PK11_SETATTRS(attrs, CKA_LABEL, nickname, len);
+        attrs++;
+    }
+    tsize = attrs - findTemp;
+    PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE));
+
+    key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount);
+    if (key_ids == NULL) {
+        return NULL;
+    }
+    keys = SECKEY_NewPublicKeyList();
+    if (keys == NULL) {
+        PORT_Free(key_ids);
+        return NULL;
+    }
+
+    for (i = 0; i < objCount; i++) {
+        SECKEYPublicKey *pubKey =
+            PK11_ExtractPublicKey(slot, nullKey, key_ids[i]);
+        if (pubKey) {
+            SECKEY_AddPublicKeyToListTail(keys, pubKey);
+        }
+    }
+
+    PORT_Free(key_ids);
+    return keys;
+}
+
+SECKEYPrivateKeyList *
+PK11_ListPrivKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx)
+{
+    CK_ATTRIBUTE findTemp[4];
+    CK_ATTRIBUTE *attrs;
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY;
+    unsigned int tsize = 0;
+    int objCount = 0;
+    CK_OBJECT_HANDLE *key_ids;
+    SECKEYPrivateKeyList *keys;
+    int i, len;
+
+    attrs = findTemp;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue));
+    attrs++;
+    if (nickname) {
+        len = PORT_Strlen(nickname);
+        PK11_SETATTRS(attrs, CKA_LABEL, nickname, len);
+        attrs++;
+    }
+    tsize = attrs - findTemp;
+    PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE));
+
+    key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount);
+    if (key_ids == NULL) {
+        return NULL;
+    }
+    keys = SECKEY_NewPrivateKeyList();
+    if (keys == NULL) {
+        PORT_Free(key_ids);
+        return NULL;
+    }
+
+    for (i = 0; i < objCount; i++) {
+        SECKEYPrivateKey *privKey =
+            PK11_MakePrivKey(slot, nullKey, PR_TRUE, key_ids[i], wincx);
+        SECKEY_AddPrivateKeyToListTail(keys, privKey);
+    }
+
+    PORT_Free(key_ids);
+    return keys;
+}
diff --git a/nss/lib/pk11wrap/pk11auth.c b/nss/lib/pk11wrap/pk11auth.c
new file mode 100644
index 0000000..4ccfad6
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11auth.c
@@ -0,0 +1,807 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file deals with PKCS #11 passwords and authentication.
+ */
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11t.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "secerr.h"
+
+#include "pkim.h"
+
+/*************************************************************
+ * local static and global data
+ *************************************************************/
+/*
+ * This structure keeps track of status that spans all the Slots.
+ * NOTE: This is a global data structure. It semantics expect thread crosstalk
+ * be very careful when you see it used.
+ *  It's major purpose in life is to allow the user to log in one PER
+ * Tranaction, even if a transaction spans threads. The problem is the user
+ * may have to enter a password one just to be able to look at the
+ * personalities/certificates (s)he can use. Then if Auth every is one, they
+ * may have to enter the password again to use the card. See PK11_StartTransac
+ * and PK11_EndTransaction.
+ */
+static struct PK11GlobalStruct {
+    int transaction;
+    PRBool inTransaction;
+    char *(PR_CALLBACK *getPass)(PK11SlotInfo *, PRBool, void *);
+    PRBool(PR_CALLBACK *verifyPass)(PK11SlotInfo *, void *);
+    PRBool(PR_CALLBACK *isLoggedIn)(PK11SlotInfo *, void *);
+} PK11_Global = { 1, PR_FALSE, NULL, NULL, NULL };
+
+/***********************************************************
+ * Password Utilities
+ ***********************************************************/
+/*
+ * Check the user's password. Log into the card if it's correct.
+ * succeed if the user is already logged in.
+ */
+static SECStatus
+pk11_CheckPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+                   char *pw, PRBool alreadyLocked, PRBool contextSpecific)
+{
+    int len = 0;
+    CK_RV crv;
+    SECStatus rv;
+    PRTime currtime = PR_Now();
+    PRBool mustRetry;
+    int retry = 0;
+
+    if (slot->protectedAuthPath) {
+        len = 0;
+        pw = NULL;
+    } else if (pw == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    } else {
+        len = PORT_Strlen(pw);
+    }
+
+    do {
+        if (!alreadyLocked)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_Login(session,
+                                         contextSpecific ? CKU_CONTEXT_SPECIFIC : CKU_USER,
+                                         (unsigned char *)pw, len);
+        slot->lastLoginCheck = 0;
+        mustRetry = PR_FALSE;
+        if (!alreadyLocked)
+            PK11_ExitSlotMonitor(slot);
+        switch (crv) {
+            /* if we're already logged in, we're good to go */
+            case CKR_OK:
+                /* TODO If it was for CKU_CONTEXT_SPECIFIC should we do this */
+                slot->authTransact = PK11_Global.transaction;
+            /* Fall through */
+            case CKR_USER_ALREADY_LOGGED_IN:
+                slot->authTime = currtime;
+                rv = SECSuccess;
+                break;
+            case CKR_PIN_INCORRECT:
+                PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
+                break;
+            /* someone called reset while we fetched the password, try again once
+             * if the token is still there. */
+            case CKR_SESSION_HANDLE_INVALID:
+            case CKR_SESSION_CLOSED:
+                if (session != slot->session) {
+                    /* don't bother retrying, we were in a middle of an operation,
+                     * which is now lost. Just fail. */
+                    PORT_SetError(PK11_MapError(crv));
+                    rv = SECFailure;
+                    break;
+                }
+                if (retry++ == 0) {
+                    rv = PK11_InitToken(slot, PR_FALSE);
+                    if (rv == SECSuccess) {
+                        if (slot->session != CK_INVALID_SESSION) {
+                            session = slot->session; /* we should have
+                                                      * a new session now */
+                            mustRetry = PR_TRUE;
+                        } else {
+                            PORT_SetError(PK11_MapError(crv));
+                            rv = SECFailure;
+                        }
+                    }
+                    break;
+                }
+            /* Fall through */
+            default:
+                PORT_SetError(PK11_MapError(crv));
+                rv = SECFailure; /* some failure we can't fix by retrying */
+        }
+    } while (mustRetry);
+    return rv;
+}
+
+/*
+ * Check the user's password. Logout before hand to make sure that
+ * we are really checking the password.
+ */
+SECStatus
+PK11_CheckUserPassword(PK11SlotInfo *slot, const char *pw)
+{
+    int len = 0;
+    CK_RV crv;
+    SECStatus rv;
+    PRTime currtime = PR_Now();
+
+    if (slot->protectedAuthPath) {
+        len = 0;
+        pw = NULL;
+    } else if (pw == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    } else {
+        len = PORT_Strlen(pw);
+    }
+
+    /*
+     * If the token doesn't need a login, don't try to relogin because the
+     * effect is undefined. It's not clear what it means to check a non-empty
+     * password with such a token, so treat that as an error.
+     */
+    if (!slot->needLogin) {
+        if (len == 0) {
+            rv = SECSuccess;
+        } else {
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            rv = SECFailure;
+        }
+        return rv;
+    }
+
+    /* force a logout */
+    PK11_EnterSlotMonitor(slot);
+    PK11_GETTAB(slot)->C_Logout(slot->session);
+
+    crv = PK11_GETTAB(slot)->C_Login(slot->session, CKU_USER,
+                                     (unsigned char *)pw, len);
+    slot->lastLoginCheck = 0;
+    PK11_ExitSlotMonitor(slot);
+    switch (crv) {
+        /* if we're already logged in, we're good to go */
+        case CKR_OK:
+            slot->authTransact = PK11_Global.transaction;
+            slot->authTime = currtime;
+            rv = SECSuccess;
+            break;
+        case CKR_PIN_INCORRECT:
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
+            break;
+        default:
+            PORT_SetError(PK11_MapError(crv));
+            rv = SECFailure; /* some failure we can't fix by retrying */
+    }
+    return rv;
+}
+
+SECStatus
+PK11_Logout(PK11SlotInfo *slot)
+{
+    CK_RV crv;
+
+    /* force a logout */
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_Logout(slot->session);
+    slot->lastLoginCheck = 0;
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * transaction stuff is for when we test for the need to do every
+ * time auth to see if we already did it for this slot/transaction
+ */
+void
+PK11_StartAuthTransaction(void)
+{
+    PK11_Global.transaction++;
+    PK11_Global.inTransaction = PR_TRUE;
+}
+
+void
+PK11_EndAuthTransaction(void)
+{
+    PK11_Global.transaction++;
+    PK11_Global.inTransaction = PR_FALSE;
+}
+
+/*
+ * before we do a private key op, we check to see if we
+ * need to reauthenticate.
+ */
+void
+PK11_HandlePasswordCheck(PK11SlotInfo *slot, void *wincx)
+{
+    int askpw = slot->askpw;
+    PRBool NeedAuth = PR_FALSE;
+
+    if (!slot->needLogin)
+        return;
+
+    if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
+        PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
+
+        if (def_slot) {
+            askpw = def_slot->askpw;
+            PK11_FreeSlot(def_slot);
+        }
+    }
+
+    /* timeouts are handled by isLoggedIn */
+    if (!PK11_IsLoggedIn(slot, wincx)) {
+        NeedAuth = PR_TRUE;
+    } else if (askpw == -1) {
+        if (!PK11_Global.inTransaction ||
+            (PK11_Global.transaction != slot->authTransact)) {
+            PK11_EnterSlotMonitor(slot);
+            PK11_GETTAB(slot)->C_Logout(slot->session);
+            slot->lastLoginCheck = 0;
+            PK11_ExitSlotMonitor(slot);
+            NeedAuth = PR_TRUE;
+        }
+    }
+    if (NeedAuth)
+        PK11_DoPassword(slot, slot->session, PR_TRUE,
+                        wincx, PR_FALSE, PR_FALSE);
+}
+
+void
+PK11_SlotDBUpdate(PK11SlotInfo *slot)
+{
+    SECMOD_UpdateModule(slot->module);
+}
+
+/*
+ * set new askpw and timeout values
+ */
+void
+PK11_SetSlotPWValues(PK11SlotInfo *slot, int askpw, int timeout)
+{
+    slot->askpw = askpw;
+    slot->timeout = timeout;
+    slot->defaultFlags |= PK11_OWN_PW_DEFAULTS;
+    PK11_SlotDBUpdate(slot);
+}
+
+/*
+ * Get the askpw and timeout values for this slot
+ */
+void
+PK11_GetSlotPWValues(PK11SlotInfo *slot, int *askpw, int *timeout)
+{
+    *askpw = slot->askpw;
+    *timeout = slot->timeout;
+
+    if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
+        PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
+
+        if (def_slot) {
+            *askpw = def_slot->askpw;
+            *timeout = def_slot->timeout;
+            PK11_FreeSlot(def_slot);
+        }
+    }
+}
+
+/*
+ * Returns true if the token is needLogin and isn't logged in.
+ * This function is used to determine if authentication is needed
+ * before attempting a potentially privelleged operation.
+ */
+PRBool
+pk11_LoginStillRequired(PK11SlotInfo *slot, void *wincx)
+{
+    return slot->needLogin && !PK11_IsLoggedIn(slot, wincx);
+}
+
+/*
+ * make sure a slot is authenticated...
+ * This function only does the authentication if it is needed.
+ */
+SECStatus
+PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
+{
+    if (!slot) {
+        return SECFailure;
+    }
+    if (pk11_LoginStillRequired(slot, wincx)) {
+        return PK11_DoPassword(slot, slot->session, loadCerts, wincx,
+                               PR_FALSE, PR_FALSE);
+    }
+    return SECSuccess;
+}
+
+/*
+ * Authenticate to "unfriendly" tokens (tokens which need to be logged
+ * in to find the certs.
+ */
+SECStatus
+pk11_AuthenticateUnfriendly(PK11SlotInfo *slot, PRBool loadCerts, void *wincx)
+{
+    SECStatus rv = SECSuccess;
+    if (!PK11_IsFriendly(slot)) {
+        rv = PK11_Authenticate(slot, loadCerts, wincx);
+    }
+    return rv;
+}
+
+/*
+ * NOTE: this assumes that we are logged out of the card before hand
+ */
+SECStatus
+PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw)
+{
+    CK_SESSION_HANDLE rwsession;
+    CK_RV crv;
+    SECStatus rv = SECFailure;
+    int len = 0;
+
+    /* get a rwsession */
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return rv;
+    }
+
+    if (slot->protectedAuthPath) {
+        len = 0;
+        ssopw = NULL;
+    } else if (ssopw == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    } else {
+        len = PORT_Strlen(ssopw);
+    }
+
+    /* check the password */
+    crv = PK11_GETTAB(slot)->C_Login(rwsession, CKU_SO,
+                                     (unsigned char *)ssopw, len);
+    slot->lastLoginCheck = 0;
+    switch (crv) {
+        /* if we're already logged in, we're good to go */
+        case CKR_OK:
+            rv = SECSuccess;
+            break;
+        case CKR_PIN_INCORRECT:
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            rv = SECWouldBlock; /* everything else is ok, only the pin is bad */
+            break;
+        default:
+            PORT_SetError(PK11_MapError(crv));
+            rv = SECFailure; /* some failure we can't fix by retrying */
+    }
+    PK11_GETTAB(slot)->C_Logout(rwsession);
+    slot->lastLoginCheck = 0;
+
+    /* release rwsession */
+    PK11_RestoreROSession(slot, rwsession);
+    return rv;
+}
+
+/*
+ * make sure the password conforms to your token's requirements.
+ */
+SECStatus
+PK11_VerifyPW(PK11SlotInfo *slot, char *pw)
+{
+    int len = PORT_Strlen(pw);
+
+    if ((slot->minPassword > len) || (slot->maxPassword < len)) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * initialize a user PIN Value
+ */
+SECStatus
+PK11_InitPin(PK11SlotInfo *slot, const char *ssopw, const char *userpw)
+{
+    CK_SESSION_HANDLE rwsession = CK_INVALID_SESSION;
+    CK_RV crv;
+    SECStatus rv = SECFailure;
+    int len;
+    int ssolen;
+
+    if (userpw == NULL)
+        userpw = "";
+    if (ssopw == NULL)
+        ssopw = "";
+
+    len = PORT_Strlen(userpw);
+    ssolen = PORT_Strlen(ssopw);
+
+    /* get a rwsession */
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        slot->lastLoginCheck = 0;
+        return rv;
+    }
+
+    if (slot->protectedAuthPath) {
+        len = 0;
+        ssolen = 0;
+        ssopw = NULL;
+        userpw = NULL;
+    }
+
+    /* check the password */
+    crv = PK11_GETTAB(slot)->C_Login(rwsession, CKU_SO,
+                                     (unsigned char *)ssopw, ssolen);
+    slot->lastLoginCheck = 0;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto done;
+    }
+
+    crv = PK11_GETTAB(slot)->C_InitPIN(rwsession, (unsigned char *)userpw, len);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+    } else {
+        rv = SECSuccess;
+    }
+
+done:
+    PK11_GETTAB(slot)->C_Logout(rwsession);
+    slot->lastLoginCheck = 0;
+    PK11_RestoreROSession(slot, rwsession);
+    if (rv == SECSuccess) {
+        /* update our view of the world */
+        PK11_InitToken(slot, PR_TRUE);
+        if (slot->needLogin) {
+            PK11_EnterSlotMonitor(slot);
+            PK11_GETTAB(slot)->C_Login(slot->session, CKU_USER,
+                                       (unsigned char *)userpw, len);
+            slot->lastLoginCheck = 0;
+            PK11_ExitSlotMonitor(slot);
+        }
+    }
+    return rv;
+}
+
+/*
+ * Change an existing user password
+ */
+SECStatus
+PK11_ChangePW(PK11SlotInfo *slot, const char *oldpw, const char *newpw)
+{
+    CK_RV crv;
+    SECStatus rv = SECFailure;
+    int newLen = 0;
+    int oldLen = 0;
+    CK_SESSION_HANDLE rwsession;
+
+    /* use NULL values to trigger the protected authentication path */
+    if (!slot->protectedAuthPath) {
+        if (newpw == NULL)
+            newpw = "";
+        if (oldpw == NULL)
+            oldpw = "";
+    }
+    if (newpw)
+        newLen = PORT_Strlen(newpw);
+    if (oldpw)
+        oldLen = PORT_Strlen(oldpw);
+
+    /* get a rwsession */
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return rv;
+    }
+
+    crv = PK11_GETTAB(slot)->C_SetPIN(rwsession,
+                                      (unsigned char *)oldpw, oldLen, (unsigned char *)newpw, newLen);
+    if (crv == CKR_OK) {
+        rv = SECSuccess;
+    } else {
+        PORT_SetError(PK11_MapError(crv));
+    }
+
+    PK11_RestoreROSession(slot, rwsession);
+
+    /* update our view of the world */
+    PK11_InitToken(slot, PR_TRUE);
+    return rv;
+}
+
+static char *
+pk11_GetPassword(PK11SlotInfo *slot, PRBool retry, void *wincx)
+{
+    if (PK11_Global.getPass == NULL)
+        return NULL;
+    return (*PK11_Global.getPass)(slot, retry, wincx);
+}
+
+void
+PK11_SetPasswordFunc(PK11PasswordFunc func)
+{
+    PK11_Global.getPass = func;
+}
+
+void
+PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func)
+{
+    PK11_Global.verifyPass = func;
+}
+
+void
+PK11_SetIsLoggedInFunc(PK11IsLoggedInFunc func)
+{
+    PK11_Global.isLoggedIn = func;
+}
+
+/*
+ * authenticate to a slot. This loops until we can't recover, the user
+ * gives up, or we succeed. If we're already logged in and this function
+ * is called we will still prompt for a password, but we will probably
+ * succeed no matter what the password was (depending on the implementation
+ * of the PKCS 11 module.
+ */
+SECStatus
+PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+                PRBool loadCerts, void *wincx, PRBool alreadyLocked,
+                PRBool contextSpecific)
+{
+    SECStatus rv = SECFailure;
+    char *password;
+    PRBool attempt = PR_FALSE;
+
+    if (PK11_NeedUserInit(slot)) {
+        PORT_SetError(SEC_ERROR_IO);
+        return SECFailure;
+    }
+
+    /*
+     * Central server type applications which control access to multiple
+     * slave applications to single crypto devices need to virtuallize the
+     * login state. This is done by a callback out of PK11_IsLoggedIn and
+     * here. If we are actually logged in, then we got here because the
+     * higher level code told us that the particular client application may
+     * still need to be logged in. If that is the case, we simply tell the
+     * server code that it should now verify the clients password and tell us
+     * the results.
+     */
+    if (PK11_IsLoggedIn(slot, NULL) &&
+        (PK11_Global.verifyPass != NULL)) {
+        if (!PK11_Global.verifyPass(slot, wincx)) {
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            return SECFailure;
+        }
+        return SECSuccess;
+    }
+
+    /* get the password. This can drop out of the while loop
+     * for the following reasons:
+     *  (1) the user refused to enter a password.
+     *                  (return error to caller)
+     *  (2) the token user password is disabled [usually due to
+     *     too many failed authentication attempts].
+     *                  (return error to caller)
+     *  (3) the password was successful.
+     */
+    while ((password = pk11_GetPassword(slot, attempt, wincx)) != NULL) {
+        /* if the token has a protectedAuthPath, the application may have
+         * already issued the C_Login as part of it's pk11_GetPassword call.
+         * In this case the application will tell us what the results were in
+         * the password value (retry or the authentication was successful) so
+         * we can skip our own C_Login call (which would force the token to
+         * try to login again).
+         *
+         * Applications that don't know about protectedAuthPath will return a
+         * password, which we will ignore and trigger the token to
+         * 'authenticate' itself anyway. Hopefully the blinking display on
+         * the reader, or the flashing light under the thumbprint reader will
+         * attract the user's attention */
+        attempt = PR_TRUE;
+        if (slot->protectedAuthPath) {
+            /* application tried to authenticate and failed. it wants to try
+             * again, continue looping */
+            if (strcmp(password, PK11_PW_RETRY) == 0) {
+                rv = SECWouldBlock;
+                PORT_Free(password);
+                continue;
+            }
+            /* applicaton tried to authenticate and succeeded we're done */
+            if (strcmp(password, PK11_PW_AUTHENTICATED) == 0) {
+                rv = SECSuccess;
+                PORT_Free(password);
+                break;
+            }
+        }
+        rv = pk11_CheckPassword(slot, session, password,
+                                alreadyLocked, contextSpecific);
+        PORT_Memset(password, 0, PORT_Strlen(password));
+        PORT_Free(password);
+        if (rv != SECWouldBlock)
+            break;
+    }
+    if (rv == SECSuccess) {
+        if (!PK11_IsFriendly(slot)) {
+            nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
+                                                  slot->nssToken);
+        }
+    } else if (!attempt)
+        PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+    return rv;
+}
+
+void
+PK11_LogoutAll(void)
+{
+    SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
+    SECMODModuleList *modList;
+    SECMODModuleList *mlp = NULL;
+    int i;
+
+    /* NSS is not initialized, there are not tokens to log out */
+    if (lock == NULL) {
+        return;
+    }
+
+    SECMOD_GetReadLock(lock);
+    modList = SECMOD_GetDefaultModuleList();
+    /* find the number of entries */
+    for (mlp = modList; mlp != NULL; mlp = mlp->next) {
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            PK11_Logout(mlp->module->slots[i]);
+        }
+    }
+
+    SECMOD_ReleaseReadLock(lock);
+}
+
+int
+PK11_GetMinimumPwdLength(PK11SlotInfo *slot)
+{
+    return ((int)slot->minPassword);
+}
+
+/* Does this slot have a protected pin path? */
+PRBool
+PK11_ProtectedAuthenticationPath(PK11SlotInfo *slot)
+{
+    return slot->protectedAuthPath;
+}
+
+/*
+ * we can initialize the password if 1) The toke is not inited
+ * (need login == true and see need UserInit) or 2) the token has
+ * a NULL password. (slot->needLogin = false & need user Init = false).
+ */
+PRBool
+PK11_NeedPWInitForSlot(PK11SlotInfo *slot)
+{
+    if (slot->needLogin && PK11_NeedUserInit(slot)) {
+        return PR_TRUE;
+    }
+    if (!slot->needLogin && !PK11_NeedUserInit(slot)) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+PRBool
+PK11_NeedPWInit()
+{
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PRBool ret = PK11_NeedPWInitForSlot(slot);
+
+    PK11_FreeSlot(slot);
+    return ret;
+}
+
+PRBool
+pk11_InDelayPeriod(PRIntervalTime lastTime, PRIntervalTime delayTime,
+                   PRIntervalTime *retTime)
+{
+    PRIntervalTime time;
+
+    *retTime = time = PR_IntervalNow();
+    return (PRBool)(lastTime) && ((time - lastTime) < delayTime);
+}
+
+/*
+ * Determine if the token is logged in. We have to actually query the token,
+ * because it's state can change without intervention from us.
+ */
+PRBool
+PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx)
+{
+    CK_SESSION_INFO sessionInfo;
+    int askpw = slot->askpw;
+    int timeout = slot->timeout;
+    CK_RV crv;
+    PRIntervalTime curTime;
+    static PRIntervalTime login_delay_time = 0;
+
+    if (login_delay_time == 0) {
+        login_delay_time = PR_SecondsToInterval(1);
+    }
+
+    /* If we don't have our own password default values, use the system
+     * ones */
+    if ((slot->defaultFlags & PK11_OWN_PW_DEFAULTS) == 0) {
+        PK11SlotInfo *def_slot = PK11_GetInternalKeySlot();
+
+        if (def_slot) {
+            askpw = def_slot->askpw;
+            timeout = def_slot->timeout;
+            PK11_FreeSlot(def_slot);
+        }
+    }
+
+    if ((wincx != NULL) && (PK11_Global.isLoggedIn != NULL) &&
+        (*PK11_Global.isLoggedIn)(slot, wincx) == PR_FALSE) {
+        return PR_FALSE;
+    }
+
+    /* forget the password if we've been inactive too long */
+    if (askpw == 1) {
+        PRTime currtime = PR_Now();
+        PRTime result;
+        PRTime mult;
+
+        LL_I2L(result, timeout);
+        LL_I2L(mult, 60 * 1000 * 1000);
+        LL_MUL(result, result, mult);
+        LL_ADD(result, result, slot->authTime);
+        if (LL_CMP(result, <, currtime)) {
+            PK11_EnterSlotMonitor(slot);
+            PK11_GETTAB(slot)->C_Logout(slot->session);
+            slot->lastLoginCheck = 0;
+            PK11_ExitSlotMonitor(slot);
+        } else {
+            slot->authTime = currtime;
+        }
+    }
+
+    PK11_EnterSlotMonitor(slot);
+    if (pk11_InDelayPeriod(slot->lastLoginCheck, login_delay_time, &curTime)) {
+        sessionInfo.state = slot->lastState;
+        crv = CKR_OK;
+    } else {
+        crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session, &sessionInfo);
+        if (crv == CKR_OK) {
+            slot->lastState = sessionInfo.state;
+            slot->lastLoginCheck = curTime;
+        }
+    }
+    PK11_ExitSlotMonitor(slot);
+    /* if we can't get session info, something is really wrong */
+    if (crv != CKR_OK) {
+        slot->session = CK_INVALID_SESSION;
+        return PR_FALSE;
+    }
+
+    switch (sessionInfo.state) {
+        case CKS_RW_PUBLIC_SESSION:
+        case CKS_RO_PUBLIC_SESSION:
+        default:
+            break; /* fail */
+        case CKS_RW_USER_FUNCTIONS:
+        case CKS_RW_SO_FUNCTIONS:
+        case CKS_RO_USER_FUNCTIONS:
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
diff --git a/nss/lib/pk11wrap/pk11cert.c b/nss/lib/pk11wrap/pk11cert.c
new file mode 100644
index 0000000..f95f4c8
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11cert.c
@@ -0,0 +1,2739 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file manages PKCS #11 instances of certificates.
+ */
+
+#include "secport.h"
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "certi.h"
+#include "secitem.h"
+#include "key.h"
+#include "secoid.h"
+#include "pkcs7t.h"
+#include "cmsreclist.h"
+
+#include "certdb.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+#include "pki3hack.h"
+#include "dev3hack.h"
+
+#include "devm.h"
+#include "nsspki.h"
+#include "pki.h"
+#include "pkim.h"
+#include "pkitm.h"
+#include "pkistore.h" /* to remove temp cert */
+#include "devt.h"
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+extern const NSSError NSS_ERROR_INVALID_CERTIFICATE;
+
+struct nss3_cert_cbstr {
+    SECStatus (*callback)(CERTCertificate *, void *);
+    nssList *cached;
+    void *arg;
+};
+
+/* Translate from NSSCertificate to CERTCertificate, then pass the latter
+ * to a callback.
+ */
+static PRStatus
+convert_cert(NSSCertificate *c, void *arg)
+{
+    CERTCertificate *nss3cert;
+    SECStatus secrv;
+    struct nss3_cert_cbstr *nss3cb = (struct nss3_cert_cbstr *)arg;
+    /* 'c' is not adopted. caller will free it */
+    nss3cert = STAN_GetCERTCertificate(c);
+    if (!nss3cert)
+        return PR_FAILURE;
+    secrv = (*nss3cb->callback)(nss3cert, nss3cb->arg);
+    return (secrv) ? PR_FAILURE : PR_SUCCESS;
+}
+
+/*
+ * build a cert nickname based on the token name and the label of the
+ * certificate If the label in NULL, build a label based on the ID.
+ */
+static int
+toHex(int x)
+{
+    return (x < 10) ? (x + '0') : (x + 'a' - 10);
+}
+#define MAX_CERT_ID 4
+#define DEFAULT_STRING "Cert ID "
+static char *
+pk11_buildNickname(PK11SlotInfo *slot, CK_ATTRIBUTE *cert_label,
+                   CK_ATTRIBUTE *key_label, CK_ATTRIBUTE *cert_id)
+{
+    int prefixLen = PORT_Strlen(slot->token_name);
+    int suffixLen = 0;
+    char *suffix = NULL;
+    char buildNew[sizeof(DEFAULT_STRING) + MAX_CERT_ID * 2];
+    char *next, *nickname;
+
+    if (cert_label && (cert_label->ulValueLen)) {
+        suffixLen = cert_label->ulValueLen;
+        suffix = (char *)cert_label->pValue;
+    } else if (key_label && (key_label->ulValueLen)) {
+        suffixLen = key_label->ulValueLen;
+        suffix = (char *)key_label->pValue;
+    } else if (cert_id && cert_id->ulValueLen > 0) {
+        int i, first = cert_id->ulValueLen - MAX_CERT_ID;
+        int offset = sizeof(DEFAULT_STRING);
+        char *idValue = (char *)cert_id->pValue;
+
+        PORT_Memcpy(buildNew, DEFAULT_STRING, sizeof(DEFAULT_STRING) - 1);
+        next = buildNew + offset;
+        if (first < 0)
+            first = 0;
+        for (i = first; i < (int)cert_id->ulValueLen; i++) {
+            *next++ = toHex((idValue[i] >> 4) & 0xf);
+            *next++ = toHex(idValue[i] & 0xf);
+        }
+        *next++ = 0;
+        suffix = buildNew;
+        suffixLen = PORT_Strlen(buildNew);
+    } else {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+
+    /* if is internal key slot, add code to skip the prefix!! */
+    next = nickname = (char *)PORT_Alloc(prefixLen + 1 + suffixLen + 1);
+    if (nickname == NULL)
+        return NULL;
+
+    PORT_Memcpy(next, slot->token_name, prefixLen);
+    next += prefixLen;
+    *next++ = ':';
+    PORT_Memcpy(next, suffix, suffixLen);
+    next += suffixLen;
+    *next++ = 0;
+    return nickname;
+}
+
+PRBool
+PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert,
+                CK_OBJECT_HANDLE certID)
+{
+    CK_OBJECT_CLASS theClass;
+
+    if (slot == NULL)
+        return PR_FALSE;
+    if (cert == NULL)
+        return PR_FALSE;
+
+    theClass = CKO_PRIVATE_KEY;
+    if (pk11_LoginStillRequired(slot, NULL)) {
+        theClass = CKO_PUBLIC_KEY;
+    }
+    if (PK11_MatchItem(slot, certID, theClass) != CK_INVALID_HANDLE) {
+        return PR_TRUE;
+    }
+
+    if (theClass == CKO_PUBLIC_KEY) {
+        SECKEYPublicKey *pubKey = CERT_ExtractPublicKey(cert);
+        CK_ATTRIBUTE theTemplate;
+
+        if (pubKey == NULL) {
+            return PR_FALSE;
+        }
+
+        PK11_SETATTRS(&theTemplate, 0, NULL, 0);
+        switch (pubKey->keyType) {
+            case rsaKey:
+            case rsaPssKey:
+            case rsaOaepKey:
+                PK11_SETATTRS(&theTemplate, CKA_MODULUS, pubKey->u.rsa.modulus.data,
+                              pubKey->u.rsa.modulus.len);
+                break;
+            case dsaKey:
+                PK11_SETATTRS(&theTemplate, CKA_VALUE, pubKey->u.dsa.publicValue.data,
+                              pubKey->u.dsa.publicValue.len);
+                break;
+            case dhKey:
+                PK11_SETATTRS(&theTemplate, CKA_VALUE, pubKey->u.dh.publicValue.data,
+                              pubKey->u.dh.publicValue.len);
+                break;
+            case ecKey:
+                PK11_SETATTRS(&theTemplate, CKA_EC_POINT,
+                              pubKey->u.ec.publicValue.data,
+                              pubKey->u.ec.publicValue.len);
+                break;
+            case keaKey:
+            case fortezzaKey:
+            case nullKey:
+                /* fall through and return false */
+                break;
+        }
+
+        if (theTemplate.ulValueLen == 0) {
+            SECKEY_DestroyPublicKey(pubKey);
+            return PR_FALSE;
+        }
+        pk11_SignedToUnsigned(&theTemplate);
+        if (pk11_FindObjectByTemplate(slot, &theTemplate, 1) != CK_INVALID_HANDLE) {
+            SECKEY_DestroyPublicKey(pubKey);
+            return PR_TRUE;
+        }
+        SECKEY_DestroyPublicKey(pubKey);
+    }
+    return PR_FALSE;
+}
+
+/*
+ * Check out if a cert has ID of zero. This is a magic ID that tells
+ * NSS that this cert may be an automagically trusted cert.
+ * The Cert has to be self signed as well. That check is done elsewhere.
+ *
+ */
+PRBool
+pk11_isID0(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID)
+{
+    CK_ATTRIBUTE keyID = { CKA_ID, NULL, 0 };
+    PRBool isZero = PR_FALSE;
+    int i;
+    CK_RV crv;
+
+    crv = PK11_GetAttributes(NULL, slot, certID, &keyID, 1);
+    if (crv != CKR_OK) {
+        return isZero;
+    }
+
+    if (keyID.ulValueLen != 0) {
+        char *value = (char *)keyID.pValue;
+        isZero = PR_TRUE; /* ID exists, may be zero */
+        for (i = 0; i < (int)keyID.ulValueLen; i++) {
+            if (value[i] != 0) {
+                isZero = PR_FALSE; /* nope */
+                break;
+            }
+        }
+    }
+    PORT_Free(keyID.pValue);
+    return isZero;
+}
+
+/*
+ * Create an NSSCertificate from a slot/certID pair, return it as a
+ * CERTCertificate.  Optionally, output the nickname string.
+ */
+static CERTCertificate *
+pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
+              CK_ATTRIBUTE *privateLabel, char **nickptr)
+{
+    NSSCertificate *c;
+    nssCryptokiObject *co = NULL;
+    nssPKIObject *pkio;
+    NSSToken *token;
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+
+    /* Get the cryptoki object from the handle */
+    token = PK11Slot_GetNSSToken(slot);
+    if (token->defaultSession) {
+        co = nssCryptokiObject_Create(token, token->defaultSession, certID);
+    } else {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+    }
+    if (!co) {
+        return NULL;
+    }
+
+    /* Create a PKI object from the cryptoki instance */
+    pkio = nssPKIObject_Create(NULL, co, td, NULL, nssPKIMonitor);
+    if (!pkio) {
+        nssCryptokiObject_Destroy(co);
+        return NULL;
+    }
+
+    /* Create a certificate */
+    c = nssCertificate_Create(pkio);
+    if (!c) {
+        nssPKIObject_Destroy(pkio);
+        return NULL;
+    }
+
+    /* Build and output a nickname, if desired.
+     * This must be done before calling nssTrustDomain_AddCertsToCache
+     * because that function may destroy c, pkio and co!
+     */
+    if ((nickptr) && (co->label)) {
+        CK_ATTRIBUTE label, id;
+
+        label.type = CKA_LABEL;
+        label.pValue = co->label;
+        label.ulValueLen = PORT_Strlen(co->label);
+
+        id.type = CKA_ID;
+        id.pValue = c->id.data;
+        id.ulValueLen = c->id.size;
+
+        *nickptr = pk11_buildNickname(slot, &label, privateLabel, &id);
+    }
+
+    /* This function may destroy the cert in "c" and all its subordinate
+     * structures, and replace the value in "c" with the address of a
+     * different NSSCertificate that it found in the cache.
+     * Presumably, the nickname which we just output above remains valid. :)
+     */
+    (void)nssTrustDomain_AddCertsToCache(td, &c, 1);
+    return STAN_GetCERTCertificateOrRelease(c);
+}
+
+/*
+ * Build an CERTCertificate structure from a PKCS#11 object ID.... certID
+ * Must be a CertObject. This code does not explicitly checks that.
+ */
+CERTCertificate *
+PK11_MakeCertFromHandle(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
+                        CK_ATTRIBUTE *privateLabel)
+{
+    char *nickname = NULL;
+    CERTCertificate *cert = NULL;
+    CERTCertTrust *trust;
+
+    cert = pk11_fastCert(slot, certID, privateLabel, &nickname);
+    if (cert == NULL)
+        goto loser;
+
+    if (nickname) {
+        if (cert->nickname != NULL) {
+            cert->dbnickname = cert->nickname;
+        }
+        cert->nickname = PORT_ArenaStrdup(cert->arena, nickname);
+        PORT_Free(nickname);
+        nickname = NULL;
+    }
+
+    /* remember where this cert came from.... If we have just looked
+     * it up from the database and it already has a slot, don't add a new
+     * one. */
+    if (cert->slot == NULL) {
+        cert->slot = PK11_ReferenceSlot(slot);
+        cert->pkcs11ID = certID;
+        cert->ownSlot = PR_TRUE;
+        cert->series = slot->series;
+    }
+
+    trust = (CERTCertTrust *)PORT_ArenaAlloc(cert->arena, sizeof(CERTCertTrust));
+    if (trust == NULL)
+        goto loser;
+    PORT_Memset(trust, 0, sizeof(CERTCertTrust));
+
+    if (!pk11_HandleTrustObject(slot, cert, trust)) {
+        unsigned int type;
+
+        /* build some cert trust flags */
+        if (CERT_IsCACert(cert, &type)) {
+            unsigned int trustflags = CERTDB_VALID_CA;
+
+            /* Allow PKCS #11 modules to give us trusted CA's. We only accept
+             * valid CA's which are self-signed here. They must have an object
+             * ID of '0'.  */
+            if (pk11_isID0(slot, certID) &&
+                cert->isRoot) {
+                trustflags |= CERTDB_TRUSTED_CA;
+                /* is the slot a fortezza card? allow the user or
+                 * admin to turn on objectSigning, but don't turn
+                 * full trust on explicitly */
+                if (PK11_DoesMechanism(slot, CKM_KEA_KEY_DERIVE)) {
+                    trust->objectSigningFlags |= CERTDB_VALID_CA;
+                }
+            }
+            if ((type & NS_CERT_TYPE_SSL_CA) == NS_CERT_TYPE_SSL_CA) {
+                trust->sslFlags |= trustflags;
+            }
+            if ((type & NS_CERT_TYPE_EMAIL_CA) == NS_CERT_TYPE_EMAIL_CA) {
+                trust->emailFlags |= trustflags;
+            }
+            if ((type & NS_CERT_TYPE_OBJECT_SIGNING_CA) == NS_CERT_TYPE_OBJECT_SIGNING_CA) {
+                trust->objectSigningFlags |= trustflags;
+            }
+        }
+    }
+
+    if (PK11_IsUserCert(slot, cert, certID)) {
+        trust->sslFlags |= CERTDB_USER;
+        trust->emailFlags |= CERTDB_USER;
+        /*    trust->objectSigningFlags |= CERTDB_USER; */
+    }
+    CERT_LockCertTrust(cert);
+    cert->trust = trust;
+    CERT_UnlockCertTrust(cert);
+
+    return cert;
+
+loser:
+    if (nickname)
+        PORT_Free(nickname);
+    if (cert)
+        CERT_DestroyCertificate(cert);
+    return NULL;
+}
+
+/*
+ * Build get a certificate from a private key
+ */
+CERTCertificate *
+PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey)
+{
+    PK11SlotInfo *slot = privKey->pkcs11Slot;
+    CK_OBJECT_HANDLE handle = privKey->pkcs11ID;
+    CK_OBJECT_HANDLE certID =
+        PK11_MatchItem(slot, handle, CKO_CERTIFICATE);
+    CERTCertificate *cert;
+
+    if (certID == CK_INVALID_HANDLE) {
+        PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
+        return NULL;
+    }
+    cert = PK11_MakeCertFromHandle(slot, certID, NULL);
+    return (cert);
+}
+
+/*
+ * delete a cert and it's private key (if no other certs are pointing to the
+ * private key.
+ */
+SECStatus
+PK11_DeleteTokenCertAndKey(CERTCertificate *cert, void *wincx)
+{
+    SECKEYPrivateKey *privKey = PK11_FindKeyByAnyCert(cert, wincx);
+    CK_OBJECT_HANDLE pubKey;
+    PK11SlotInfo *slot = NULL;
+
+    pubKey = pk11_FindPubKeyByAnyCert(cert, &slot, wincx);
+    if (privKey) {
+        /* For 3.4, utilize the generic cert delete function */
+        SEC_DeletePermCertificate(cert);
+        PK11_DeleteTokenPrivateKey(privKey, PR_FALSE);
+    }
+    if ((pubKey != CK_INVALID_HANDLE) && (slot != NULL)) {
+        PK11_DestroyTokenObject(slot, pubKey);
+        PK11_FreeSlot(slot);
+    }
+    return SECSuccess;
+}
+
+/*
+ * cert callback structure
+ */
+typedef struct pk11DoCertCallbackStr {
+    SECStatus (*callback)(PK11SlotInfo *slot, CERTCertificate *, void *);
+    SECStatus (*noslotcallback)(CERTCertificate *, void *);
+    SECStatus (*itemcallback)(CERTCertificate *, SECItem *, void *);
+    void *callbackArg;
+} pk11DoCertCallback;
+
+typedef struct pk11CertCallbackStr {
+    SECStatus (*callback)(CERTCertificate *, SECItem *, void *);
+    void *callbackArg;
+} pk11CertCallback;
+
+struct fake_der_cb_argstr {
+    SECStatus (*callback)(CERTCertificate *, SECItem *, void *);
+    void *arg;
+};
+
+static SECStatus
+fake_der_cb(CERTCertificate *c, void *a)
+{
+    struct fake_der_cb_argstr *fda = (struct fake_der_cb_argstr *)a;
+    return (*fda->callback)(c, &c->derCert, fda->arg);
+}
+
+/*
+ * Extract all the certs on a card from a slot.
+ */
+SECStatus
+PK11_TraverseSlotCerts(SECStatus (*callback)(CERTCertificate *, SECItem *, void *),
+                       void *arg, void *wincx)
+{
+    NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
+    struct fake_der_cb_argstr fda;
+    struct nss3_cert_cbstr pk11cb;
+
+    /* authenticate to the tokens first */
+    (void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, wincx);
+
+    fda.callback = callback;
+    fda.arg = arg;
+    pk11cb.callback = fake_der_cb;
+    pk11cb.arg = &fda;
+    NSSTrustDomain_TraverseCertificates(defaultTD, convert_cert, &pk11cb);
+    return SECSuccess;
+}
+
+static void
+transfer_token_certs_to_collection(nssList *certList, NSSToken *token,
+                                   nssPKIObjectCollection *collection)
+{
+    NSSCertificate **certs;
+    PRUint32 i, count;
+    NSSToken **tokens, **tp;
+    count = nssList_Count(certList);
+    if (count == 0) {
+        return;
+    }
+    certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count);
+    if (!certs) {
+        return;
+    }
+    nssList_GetArray(certList, (void **)certs, count);
+    for (i = 0; i < count; i++) {
+        tokens = nssPKIObject_GetTokens(&certs[i]->object, NULL);
+        if (tokens) {
+            for (tp = tokens; *tp; tp++) {
+                if (*tp == token) {
+                    nssPKIObjectCollection_AddObject(collection,
+                                                     (nssPKIObject *)certs[i]);
+                }
+            }
+            nssTokenArray_Destroy(tokens);
+        }
+        CERT_DestroyCertificate(STAN_GetCERTCertificateOrRelease(certs[i]));
+    }
+    nss_ZFreeIf(certs);
+}
+
+CERTCertificate *
+PK11_FindCertFromNickname(const char *nickname, void *wincx)
+{
+    PRStatus status;
+    CERTCertificate *rvCert = NULL;
+    NSSCertificate *cert = NULL;
+    NSSCertificate **certs = NULL;
+    static const NSSUsage usage = { PR_TRUE /* ... */ };
+    NSSToken *token;
+    NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
+    PK11SlotInfo *slot = NULL;
+    SECStatus rv;
+    char *nickCopy;
+    char *delimit = NULL;
+    char *tokenName;
+
+    nickCopy = PORT_Strdup(nickname);
+    if (!nickCopy) {
+        /* error code is set */
+        return NULL;
+    }
+    if ((delimit = PORT_Strchr(nickCopy, ':')) != NULL) {
+        tokenName = nickCopy;
+        nickname = delimit + 1;
+        *delimit = '\0';
+        /* find token by name */
+        token = NSSTrustDomain_FindTokenByName(defaultTD, (NSSUTF8 *)tokenName);
+        if (token) {
+            slot = PK11_ReferenceSlot(token->pk11slot);
+        } else {
+            PORT_SetError(SEC_ERROR_NO_TOKEN);
+        }
+        *delimit = ':';
+    } else {
+        slot = PK11_GetInternalKeySlot();
+        token = PK11Slot_GetNSSToken(slot);
+    }
+    if (token) {
+        nssList *certList;
+        nssCryptokiObject **instances;
+        nssPKIObjectCollection *collection;
+        nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+        if (!PK11_IsPresent(slot)) {
+            goto loser;
+        }
+        rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        collection = nssCertificateCollection_Create(defaultTD, NULL);
+        if (!collection) {
+            goto loser;
+        }
+        certList = nssList_Create(NULL, PR_FALSE);
+        if (!certList) {
+            nssPKIObjectCollection_Destroy(collection);
+            goto loser;
+        }
+        (void)nssTrustDomain_GetCertsForNicknameFromCache(defaultTD,
+                                                          nickname,
+                                                          certList);
+        transfer_token_certs_to_collection(certList, token, collection);
+        instances = nssToken_FindCertificatesByNickname(token,
+                                                        NULL,
+                                                        nickname,
+                                                        tokenOnly,
+                                                        0,
+                                                        &status);
+        nssPKIObjectCollection_AddInstances(collection, instances, 0);
+        nss_ZFreeIf(instances);
+        /* if it wasn't found, repeat the process for email address */
+        if (nssPKIObjectCollection_Count(collection) == 0 &&
+            PORT_Strchr(nickname, '@') != NULL) {
+            char *lowercaseName = CERT_FixupEmailAddr(nickname);
+            if (lowercaseName) {
+                (void)nssTrustDomain_GetCertsForEmailAddressFromCache(defaultTD,
+                                                                      lowercaseName,
+                                                                      certList);
+                transfer_token_certs_to_collection(certList, token, collection);
+                instances = nssToken_FindCertificatesByEmail(token,
+                                                             NULL,
+                                                             lowercaseName,
+                                                             tokenOnly,
+                                                             0,
+                                                             &status);
+                nssPKIObjectCollection_AddInstances(collection, instances, 0);
+                nss_ZFreeIf(instances);
+                PORT_Free(lowercaseName);
+            }
+        }
+        certs = nssPKIObjectCollection_GetCertificates(collection,
+                                                       NULL, 0, NULL);
+        nssPKIObjectCollection_Destroy(collection);
+        if (certs) {
+            cert = nssCertificateArray_FindBestCertificate(certs, NULL,
+                                                           &usage, NULL);
+            if (cert) {
+                rvCert = STAN_GetCERTCertificateOrRelease(cert);
+            }
+            nssCertificateArray_Destroy(certs);
+        }
+        nssList_Destroy(certList);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    if (nickCopy)
+        PORT_Free(nickCopy);
+    return rvCert;
+loser:
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    if (nickCopy)
+        PORT_Free(nickCopy);
+    return NULL;
+}
+
+/* Traverse slots callback */
+typedef struct FindCertsEmailArgStr {
+    char *email;
+    CERTCertList *certList;
+} FindCertsEmailArg;
+
+SECStatus
+FindCertsEmailCallback(CERTCertificate *cert, SECItem *item, void *arg)
+{
+    FindCertsEmailArg *cbparam = (FindCertsEmailArg *)arg;
+    const char *cert_email = CERT_GetFirstEmailAddress(cert);
+    PRBool found = PR_FALSE;
+
+    /* Email address present in certificate? */
+    if (cert_email == NULL) {
+        return SECSuccess;
+    }
+
+    /* Parameter correctly set? */
+    if (cbparam->email == NULL) {
+        return SECFailure;
+    }
+
+    /* Loop over all email addresses */
+    do {
+        if (!strcmp(cert_email, cbparam->email)) {
+            /* found one matching email address */
+            PRTime now = PR_Now();
+            found = PR_TRUE;
+            CERT_AddCertToListSorted(cbparam->certList,
+                                     CERT_DupCertificate(cert),
+                                     CERT_SortCBValidity, &now);
+        }
+        cert_email = CERT_GetNextEmailAddress(cert, cert_email);
+    } while (cert_email && !found);
+
+    return SECSuccess;
+}
+
+/* Find all certificates with matching email address */
+CERTCertList *
+PK11_FindCertsFromEmailAddress(const char *email, void *wincx)
+{
+    FindCertsEmailArg cbparam;
+    SECStatus rv;
+
+    cbparam.certList = CERT_NewCertList();
+    if (cbparam.certList == NULL) {
+        return NULL;
+    }
+
+    cbparam.email = CERT_FixupEmailAddr(email);
+    if (cbparam.email == NULL) {
+        CERT_DestroyCertList(cbparam.certList);
+        return NULL;
+    }
+
+    rv = PK11_TraverseSlotCerts(FindCertsEmailCallback, &cbparam, NULL);
+    if (rv != SECSuccess) {
+        CERT_DestroyCertList(cbparam.certList);
+        PORT_Free(cbparam.email);
+        return NULL;
+    }
+
+    /* empty list? */
+    if (CERT_LIST_EMPTY(cbparam.certList)) {
+        CERT_DestroyCertList(cbparam.certList);
+        cbparam.certList = NULL;
+    }
+
+    PORT_Free(cbparam.email);
+    return cbparam.certList;
+}
+
+CERTCertList *
+PK11_FindCertsFromNickname(const char *nickname, void *wincx)
+{
+    char *nickCopy;
+    char *delimit = NULL;
+    char *tokenName;
+    int i;
+    CERTCertList *certList = NULL;
+    nssPKIObjectCollection *collection = NULL;
+    NSSCertificate **foundCerts = NULL;
+    NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
+    NSSCertificate *c;
+    NSSToken *token;
+    PK11SlotInfo *slot;
+    SECStatus rv;
+
+    nickCopy = PORT_Strdup(nickname);
+    if (!nickCopy) {
+        /* error code is set */
+        return NULL;
+    }
+    if ((delimit = PORT_Strchr(nickCopy, ':')) != NULL) {
+        tokenName = nickCopy;
+        nickname = delimit + 1;
+        *delimit = '\0';
+        /* find token by name */
+        token = NSSTrustDomain_FindTokenByName(defaultTD, (NSSUTF8 *)tokenName);
+        if (token) {
+            slot = PK11_ReferenceSlot(token->pk11slot);
+        } else {
+            PORT_SetError(SEC_ERROR_NO_TOKEN);
+            slot = NULL;
+        }
+        *delimit = ':';
+    } else {
+        slot = PK11_GetInternalKeySlot();
+        token = PK11Slot_GetNSSToken(slot);
+    }
+    if (token) {
+        PRStatus status;
+        nssList *nameList;
+        nssCryptokiObject **instances;
+        nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+        rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            PK11_FreeSlot(slot);
+            if (nickCopy)
+                PORT_Free(nickCopy);
+            return NULL;
+        }
+        collection = nssCertificateCollection_Create(defaultTD, NULL);
+        if (!collection) {
+            PK11_FreeSlot(slot);
+            if (nickCopy)
+                PORT_Free(nickCopy);
+            return NULL;
+        }
+        nameList = nssList_Create(NULL, PR_FALSE);
+        if (!nameList) {
+            PK11_FreeSlot(slot);
+            if (nickCopy)
+                PORT_Free(nickCopy);
+            return NULL;
+        }
+        (void)nssTrustDomain_GetCertsForNicknameFromCache(defaultTD,
+                                                          nickname,
+                                                          nameList);
+        transfer_token_certs_to_collection(nameList, token, collection);
+        instances = nssToken_FindCertificatesByNickname(token,
+                                                        NULL,
+                                                        nickname,
+                                                        tokenOnly,
+                                                        0,
+                                                        &status);
+        nssPKIObjectCollection_AddInstances(collection, instances, 0);
+        nss_ZFreeIf(instances);
+
+        /* if it wasn't found, repeat the process for email address */
+        if (nssPKIObjectCollection_Count(collection) == 0 &&
+            PORT_Strchr(nickname, '@') != NULL) {
+            char *lowercaseName = CERT_FixupEmailAddr(nickname);
+            if (lowercaseName) {
+                (void)nssTrustDomain_GetCertsForEmailAddressFromCache(defaultTD,
+                                                                      lowercaseName,
+                                                                      nameList);
+                transfer_token_certs_to_collection(nameList, token, collection);
+                instances = nssToken_FindCertificatesByEmail(token,
+                                                             NULL,
+                                                             lowercaseName,
+                                                             tokenOnly,
+                                                             0,
+                                                             &status);
+                nssPKIObjectCollection_AddInstances(collection, instances, 0);
+                nss_ZFreeIf(instances);
+                PORT_Free(lowercaseName);
+            }
+        }
+
+        nssList_Destroy(nameList);
+        foundCerts = nssPKIObjectCollection_GetCertificates(collection,
+                                                            NULL, 0, NULL);
+        nssPKIObjectCollection_Destroy(collection);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    if (nickCopy)
+        PORT_Free(nickCopy);
+    if (foundCerts) {
+        PRTime now = PR_Now();
+        certList = CERT_NewCertList();
+        for (i = 0, c = *foundCerts; c; c = foundCerts[++i]) {
+            if (certList) {
+                CERTCertificate *certCert = STAN_GetCERTCertificateOrRelease(c);
+                /* c may be invalid after this, don't reference it */
+                if (certCert) {
+                    /* CERT_AddCertToListSorted adopts certCert  */
+                    CERT_AddCertToListSorted(certList, certCert,
+                                             CERT_SortCBValidity, &now);
+                }
+            } else {
+                nssCertificate_Destroy(c);
+            }
+        }
+        /* all the certs have been adopted or freed, free the  raw array */
+        nss_ZFreeIf(foundCerts);
+    }
+    return certList;
+}
+
+/*
+ * extract a key ID for a certificate...
+ * NOTE: We call this function from PKCS11.c If we ever use
+ * pkcs11 to extract the public key (we currently do not), this will break.
+ */
+SECItem *
+PK11_GetPubIndexKeyID(CERTCertificate *cert)
+{
+    SECKEYPublicKey *pubk;
+    SECItem *newItem = NULL;
+
+    pubk = CERT_ExtractPublicKey(cert);
+    if (pubk == NULL)
+        return NULL;
+
+    switch (pubk->keyType) {
+        case rsaKey:
+            newItem = SECITEM_DupItem(&pubk->u.rsa.modulus);
+            break;
+        case dsaKey:
+            newItem = SECITEM_DupItem(&pubk->u.dsa.publicValue);
+            break;
+        case dhKey:
+            newItem = SECITEM_DupItem(&pubk->u.dh.publicValue);
+            break;
+        case ecKey:
+            newItem = SECITEM_DupItem(&pubk->u.ec.publicValue);
+            break;
+        case fortezzaKey:
+        default:
+            newItem = NULL; /* Fortezza Fix later... */
+    }
+    SECKEY_DestroyPublicKey(pubk);
+    /* make hash of it */
+    return newItem;
+}
+
+/*
+ * generate a CKA_ID from a certificate.
+ */
+SECItem *
+pk11_mkcertKeyID(CERTCertificate *cert)
+{
+    SECItem *pubKeyData = PK11_GetPubIndexKeyID(cert);
+    SECItem *certCKA_ID;
+
+    if (pubKeyData == NULL)
+        return NULL;
+
+    certCKA_ID = PK11_MakeIDFromPubKey(pubKeyData);
+    SECITEM_FreeItem(pubKeyData, PR_TRUE);
+    return certCKA_ID;
+}
+
+/*
+ * Write the cert into the token.
+ */
+SECStatus
+PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
+                CK_OBJECT_HANDLE key, const char *nickname,
+                PRBool includeTrust)
+{
+    PRStatus status;
+    NSSCertificate *c;
+    nssCryptokiObject *keyobj, *certobj;
+    NSSToken *token = PK11Slot_GetNSSToken(slot);
+    SECItem *keyID = pk11_mkcertKeyID(cert);
+    char *emailAddr = NULL;
+    nssCertificateStoreTrace lockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
+    nssCertificateStoreTrace unlockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
+
+    if (keyID == NULL) {
+        goto loser; /* error code should be set already */
+    }
+    if (!token) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        goto loser;
+    }
+
+    if (PK11_IsInternal(slot) && cert->emailAddr && cert->emailAddr[0]) {
+        emailAddr = cert->emailAddr;
+    }
+
+    /* need to get the cert as a stan cert */
+    if (cert->nssCertificate) {
+        c = cert->nssCertificate;
+    } else {
+        c = STAN_GetNSSCertificate(cert);
+        if (c == NULL) {
+            goto loser;
+        }
+    }
+
+    /* set the id for the cert */
+    nssItem_Create(c->object.arena, &c->id, keyID->len, keyID->data);
+    if (!c->id.data) {
+        goto loser;
+    }
+
+    if (key != CK_INVALID_HANDLE) {
+        /* create an object for the key, ... */
+        keyobj = nss_ZNEW(NULL, nssCryptokiObject);
+        if (!keyobj) {
+            goto loser;
+        }
+        keyobj->token = nssToken_AddRef(token);
+        keyobj->handle = key;
+        keyobj->isTokenObject = PR_TRUE;
+
+        /* ... in order to set matching attributes for the key */
+        status = nssCryptokiPrivateKey_SetCertificate(keyobj, NULL, nickname,
+                                                      &c->id, &c->subject);
+        nssCryptokiObject_Destroy(keyobj);
+        if (status != PR_SUCCESS) {
+            goto loser;
+        }
+    }
+
+    /* do the token import */
+    certobj = nssToken_ImportCertificate(token, NULL,
+                                         NSSCertificateType_PKIX,
+                                         &c->id,
+                                         nickname,
+                                         &c->encoding,
+                                         &c->issuer,
+                                         &c->subject,
+                                         &c->serial,
+                                         emailAddr,
+                                         PR_TRUE);
+    if (!certobj) {
+        if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) {
+            PORT_SetError(SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
+            SECITEM_FreeItem(keyID, PR_TRUE);
+            return SECFailure;
+        }
+        goto loser;
+    }
+
+    if (c->object.cryptoContext) {
+        /* Delete the temp instance */
+        NSSCryptoContext *cc = c->object.cryptoContext;
+        nssCertificateStore_Lock(cc->certStore, &lockTrace);
+        nssCertificateStore_RemoveCertLOCKED(cc->certStore, c);
+        nssCertificateStore_Unlock(cc->certStore, &lockTrace, &unlockTrace);
+        c->object.cryptoContext = NULL;
+        cert->istemp = PR_FALSE;
+        cert->isperm = PR_TRUE;
+    }
+
+    /* add the new instance to the cert, force an update of the
+     * CERTCertificate, and finish
+     */
+    nssPKIObject_AddInstance(&c->object, certobj);
+    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
+     * replace 'c' with a different value. So we add a reference to 'c' to
+     * prevent 'c' from being destroyed. */
+    nssCertificate_AddRef(c);
+    nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
+    (void)STAN_ForceCERTCertificateUpdate(c);
+    nssCertificate_Destroy(c);
+    SECITEM_FreeItem(keyID, PR_TRUE);
+    return SECSuccess;
+loser:
+    CERT_MapStanError();
+    SECITEM_FreeItem(keyID, PR_TRUE);
+    if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+        PORT_SetError(SEC_ERROR_ADDING_CERT);
+    }
+    return SECFailure;
+}
+
+SECStatus
+PK11_ImportDERCert(PK11SlotInfo *slot, SECItem *derCert,
+                   CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust)
+{
+    CERTCertificate *cert;
+    SECStatus rv;
+
+    cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                   derCert, NULL, PR_FALSE, PR_TRUE);
+    if (cert == NULL)
+        return SECFailure;
+
+    rv = PK11_ImportCert(slot, cert, key, nickname, includeTrust);
+    CERT_DestroyCertificate(cert);
+    return rv;
+}
+
+/*
+ * get a certificate handle, look at the cached handle first..
+ */
+CK_OBJECT_HANDLE
+pk11_getcerthandle(PK11SlotInfo *slot, CERTCertificate *cert,
+                   CK_ATTRIBUTE *theTemplate, int tsize)
+{
+    CK_OBJECT_HANDLE certh;
+
+    if (cert->slot == slot) {
+        certh = cert->pkcs11ID;
+        if ((certh == CK_INVALID_HANDLE) ||
+            (cert->series != slot->series)) {
+            certh = pk11_FindObjectByTemplate(slot, theTemplate, tsize);
+            cert->pkcs11ID = certh;
+            cert->series = slot->series;
+        }
+    } else {
+        certh = pk11_FindObjectByTemplate(slot, theTemplate, tsize);
+    }
+    return certh;
+}
+
+/*
+ * return the private key From a given Cert
+ */
+SECKEYPrivateKey *
+PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot, CERTCertificate *cert,
+                            void *wincx)
+{
+    int err;
+    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_VALUE, NULL, 0 },
+        { CKA_CLASS, NULL, 0 }
+    };
+    /* if you change the array, change the variable below as well */
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    CK_OBJECT_HANDLE certh;
+    CK_OBJECT_HANDLE keyh;
+    CK_ATTRIBUTE *attrs = theTemplate;
+    PRBool needLogin;
+    SECStatus rv;
+
+    PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data,
+                  cert->derCert.len);
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
+
+    /*
+     * issue the find
+     */
+    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    certh = pk11_getcerthandle(slot, cert, theTemplate, tsize);
+    if (certh == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+    /*
+     * prevent a login race condition. If slot is logged in between
+     * our call to pk11_LoginStillRequired and the
+     * PK11_MatchItem. The matchItem call will either succeed, or
+     * we will call it one more time after calling PK11_Authenticate
+     * (which is a noop on an authenticated token).
+     */
+    needLogin = pk11_LoginStillRequired(slot, wincx);
+    keyh = PK11_MatchItem(slot, certh, CKO_PRIVATE_KEY);
+    if ((keyh == CK_INVALID_HANDLE) && needLogin &&
+        (SSL_ERROR_NO_CERTIFICATE == (err = PORT_GetError()) ||
+         SEC_ERROR_TOKEN_NOT_LOGGED_IN == err)) {
+        /* try it again authenticated */
+        rv = PK11_Authenticate(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            return NULL;
+        }
+        keyh = PK11_MatchItem(slot, certh, CKO_PRIVATE_KEY);
+    }
+    if (keyh == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+    return PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyh, wincx);
+}
+
+/*
+ * import a cert for a private key we have already generated. Set the label
+ * on both to be the nickname. This is for the Key Gen, orphaned key case.
+ */
+PK11SlotInfo *
+PK11_KeyForCertExists(CERTCertificate *cert, CK_OBJECT_HANDLE *keyPtr,
+                      void *wincx)
+{
+    PK11SlotList *list;
+    PK11SlotListElement *le;
+    SECItem *keyID;
+    CK_OBJECT_HANDLE key;
+    PK11SlotInfo *slot = NULL;
+    SECStatus rv;
+    int err;
+
+    keyID = pk11_mkcertKeyID(cert);
+    /* get them all! */
+    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, wincx);
+    if ((keyID == NULL) || (list == NULL)) {
+        if (keyID)
+            SECITEM_FreeItem(keyID, PR_TRUE);
+        if (list)
+            PK11_FreeSlotList(list);
+        return NULL;
+    }
+
+    /* Look for the slot that holds the Key */
+    for (le = list->head; le; le = le->next) {
+        /*
+         * prevent a login race condition. If le->slot is logged in between
+         * our call to pk11_LoginStillRequired and the
+         * pk11_FindPrivateKeyFromCertID, the find will either succeed, or
+         * we will call it one more time after calling PK11_Authenticate
+         * (which is a noop on an authenticated token).
+         */
+        PRBool needLogin = pk11_LoginStillRequired(le->slot, wincx);
+        key = pk11_FindPrivateKeyFromCertID(le->slot, keyID);
+        if ((key == CK_INVALID_HANDLE) && needLogin &&
+            (SSL_ERROR_NO_CERTIFICATE == (err = PORT_GetError()) ||
+             SEC_ERROR_TOKEN_NOT_LOGGED_IN == err)) {
+            /* authenticate and try again */
+            rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
+            if (rv != SECSuccess)
+                continue;
+            key = pk11_FindPrivateKeyFromCertID(le->slot, keyID);
+        }
+        if (key != CK_INVALID_HANDLE) {
+            slot = PK11_ReferenceSlot(le->slot);
+            if (keyPtr)
+                *keyPtr = key;
+            break;
+        }
+    }
+
+    SECITEM_FreeItem(keyID, PR_TRUE);
+    PK11_FreeSlotList(list);
+    return slot;
+}
+/*
+ * import a cert for a private key we have already generated. Set the label
+ * on both to be the nickname. This is for the Key Gen, orphaned key case.
+ */
+PK11SlotInfo *
+PK11_KeyForDERCertExists(SECItem *derCert, CK_OBJECT_HANDLE *keyPtr,
+                         void *wincx)
+{
+    CERTCertificate *cert;
+    PK11SlotInfo *slot = NULL;
+
+    /* letting this use go -- the only thing that the cert is used for is
+     * to get the ID attribute.
+     */
+    cert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
+    if (cert == NULL)
+        return NULL;
+
+    slot = PK11_KeyForCertExists(cert, keyPtr, wincx);
+    CERT_DestroyCertificate(cert);
+    return slot;
+}
+
+PK11SlotInfo *
+PK11_ImportCertForKey(CERTCertificate *cert, const char *nickname,
+                      void *wincx)
+{
+    PK11SlotInfo *slot = NULL;
+    CK_OBJECT_HANDLE key;
+
+    slot = PK11_KeyForCertExists(cert, &key, wincx);
+
+    if (slot) {
+        if (PK11_ImportCert(slot, cert, key, nickname, PR_FALSE) != SECSuccess) {
+            PK11_FreeSlot(slot);
+            slot = NULL;
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_ADDING_CERT);
+    }
+
+    return slot;
+}
+
+PK11SlotInfo *
+PK11_ImportDERCertForKey(SECItem *derCert, char *nickname, void *wincx)
+{
+    CERTCertificate *cert;
+    PK11SlotInfo *slot = NULL;
+
+    cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                   derCert, NULL, PR_FALSE, PR_TRUE);
+    if (cert == NULL)
+        return NULL;
+
+    slot = PK11_ImportCertForKey(cert, nickname, wincx);
+    CERT_DestroyCertificate(cert);
+    return slot;
+}
+
+static CK_OBJECT_HANDLE
+pk11_FindCertObjectByTemplate(PK11SlotInfo **slotPtr,
+                              CK_ATTRIBUTE *searchTemplate, int count, void *wincx)
+{
+    PK11SlotList *list;
+    PK11SlotListElement *le;
+    CK_OBJECT_HANDLE certHandle = CK_INVALID_HANDLE;
+    PK11SlotInfo *slot = NULL;
+    SECStatus rv;
+
+    *slotPtr = NULL;
+
+    /* get them all! */
+    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, wincx);
+    if (list == NULL) {
+        return CK_INVALID_HANDLE;
+    }
+
+    /* Look for the slot that holds the Key */
+    for (le = list->head; le; le = le->next) {
+        rv = pk11_AuthenticateUnfriendly(le->slot, PR_TRUE, wincx);
+        if (rv != SECSuccess)
+            continue;
+
+        certHandle = pk11_FindObjectByTemplate(le->slot, searchTemplate, count);
+        if (certHandle != CK_INVALID_HANDLE) {
+            slot = PK11_ReferenceSlot(le->slot);
+            break;
+        }
+    }
+
+    PK11_FreeSlotList(list);
+
+    if (slot == NULL) {
+        return CK_INVALID_HANDLE;
+    }
+    *slotPtr = slot;
+    return certHandle;
+}
+
+CERTCertificate *
+PK11_FindCertByIssuerAndSNOnToken(PK11SlotInfo *slot,
+                                  CERTIssuerAndSN *issuerSN, void *wincx)
+{
+    CERTCertificate *rvCert = NULL;
+    NSSCertificate *cert = NULL;
+    NSSDER issuer, serial;
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+    NSSToken *token = slot->nssToken;
+    nssSession *session;
+    nssCryptokiObject *instance = NULL;
+    nssPKIObject *object = NULL;
+    SECItem *derSerial;
+    PRStatus status;
+
+    if (!issuerSN || !issuerSN->derIssuer.data || !issuerSN->derIssuer.len ||
+        !issuerSN->serialNumber.data || !issuerSN->serialNumber.len ||
+        issuerSN->derIssuer.len > CERT_MAX_DN_BYTES ||
+        issuerSN->serialNumber.len > CERT_MAX_SERIAL_NUMBER_BYTES) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /* Paranoia */
+    if (token == NULL) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
+    }
+
+    /* PKCS#11 needs to use DER-encoded serial numbers.  Create a
+     * CERTIssuerAndSN that actually has the encoded value and pass that
+     * to PKCS#11 (and the crypto context).
+     */
+    derSerial = SEC_ASN1EncodeItem(NULL, NULL,
+                                   &issuerSN->serialNumber,
+                                   SEC_ASN1_GET(SEC_IntegerTemplate));
+    if (!derSerial) {
+        return NULL;
+    }
+
+    NSSITEM_FROM_SECITEM(&issuer, &issuerSN->derIssuer);
+    NSSITEM_FROM_SECITEM(&serial, derSerial);
+
+    session = nssToken_GetDefaultSession(token);
+    if (!session) {
+        goto loser;
+    }
+
+    instance = nssToken_FindCertificateByIssuerAndSerialNumber(token, session,
+                                                               &issuer, &serial, nssTokenSearchType_TokenForced, &status);
+
+    SECITEM_FreeItem(derSerial, PR_TRUE);
+
+    if (!instance) {
+        goto loser;
+    }
+    object = nssPKIObject_Create(NULL, instance, td, NULL, nssPKIMonitor);
+    if (!object) {
+        goto loser;
+    }
+    instance = NULL; /* adopted by the previous call */
+    cert = nssCertificate_Create(object);
+    if (!cert) {
+        goto loser;
+    }
+    object = NULL; /* adopted by the previous call */
+    nssTrustDomain_AddCertsToCache(td, &cert, 1);
+    /* on failure, cert is freed below */
+    rvCert = STAN_GetCERTCertificate(cert);
+    if (!rvCert) {
+        goto loser;
+    }
+    return rvCert;
+
+loser:
+    if (instance) {
+        nssCryptokiObject_Destroy(instance);
+    }
+    if (object) {
+        nssPKIObject_Destroy(object);
+    }
+    if (cert) {
+        nssCertificate_Destroy(cert);
+    }
+    return NULL;
+}
+
+static PRCallOnceType keyIDHashCallOnce;
+
+static PRStatus PR_CALLBACK
+pk11_keyIDHash_populate(void *wincx)
+{
+    CERTCertList *certList;
+    CERTCertListNode *node = NULL;
+    SECItem subjKeyID = { siBuffer, NULL, 0 };
+    SECItem *slotid = NULL;
+    SECMODModuleList *modules, *mlp;
+    SECMODListLock *moduleLock;
+    int i;
+
+    certList = PK11_ListCerts(PK11CertListUser, wincx);
+    if (!certList) {
+        return PR_FAILURE;
+    }
+
+    for (node = CERT_LIST_HEAD(certList);
+         !CERT_LIST_END(node, certList);
+         node = CERT_LIST_NEXT(node)) {
+        if (CERT_FindSubjectKeyIDExtension(node->cert,
+                                           &subjKeyID) == SECSuccess &&
+            subjKeyID.data != NULL) {
+            cert_AddSubjectKeyIDMapping(&subjKeyID, node->cert);
+            SECITEM_FreeItem(&subjKeyID, PR_FALSE);
+        }
+    }
+    CERT_DestroyCertList(certList);
+
+    /*
+     * Record the state of each slot in a hash. The concatenation of slotID
+     * and moduleID is used as its key, with the slot series as its value.
+     */
+    slotid = SECITEM_AllocItem(NULL, NULL,
+                               sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID));
+    if (!slotid) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return PR_FAILURE;
+    }
+    moduleLock = SECMOD_GetDefaultModuleListLock();
+    if (!moduleLock) {
+        SECITEM_FreeItem(slotid, PR_TRUE);
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return PR_FAILURE;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    modules = SECMOD_GetDefaultModuleList();
+    for (mlp = modules; mlp; mlp = mlp->next) {
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            memcpy(slotid->data, &mlp->module->slots[i]->slotID,
+                   sizeof(CK_SLOT_ID));
+            memcpy(&slotid->data[sizeof(CK_SLOT_ID)], &mlp->module->moduleID,
+                   sizeof(SECMODModuleID));
+            cert_UpdateSubjectKeyIDSlotCheck(slotid,
+                                             mlp->module->slots[i]->series);
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+    SECITEM_FreeItem(slotid, PR_TRUE);
+
+    return PR_SUCCESS;
+}
+
+/*
+ * We're looking for a cert which we have the private key for that's on the
+ * list of recipients. This searches one slot.
+ * this is the new version for NSS SMIME code
+ * this stuff should REALLY be in the SMIME code, but some things in here are not public
+ * (they should be!)
+ */
+static CERTCertificate *
+pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipientlist,
+                                  int *rlIndex, void *pwarg)
+{
+    NSSCMSRecipient *ri = NULL;
+    int i;
+    PRBool tokenRescanDone = PR_FALSE;
+    CERTCertTrust trust;
+
+    for (i = 0; (ri = recipientlist[i]) != NULL; i++) {
+        CERTCertificate *cert = NULL;
+        if (ri->kind == RLSubjKeyID) {
+            SECItem *derCert = cert_FindDERCertBySubjectKeyID(ri->id.subjectKeyID);
+            if (!derCert && !tokenRescanDone) {
+                /*
+                 * We didn't find the cert by its key ID. If we have slots
+                 * with removable tokens, a failure from
+                 * cert_FindDERCertBySubjectKeyID doesn't necessarily imply
+                 * that the cert is unavailable - the token might simply
+                 * have been inserted after the initial run of
+                 * pk11_keyIDHash_populate (wrapped by PR_CallOnceWithArg),
+                 * or a different token might have been present in that
+                 * slot, initially. Let's check for new tokens...
+                 */
+                PK11SlotList *sl = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
+                                                     PR_FALSE, PR_FALSE, pwarg);
+                if (sl) {
+                    PK11SlotListElement *le;
+                    SECItem *slotid = SECITEM_AllocItem(NULL, NULL,
+                                                        sizeof(CK_SLOT_ID) + sizeof(SECMODModuleID));
+                    if (!slotid) {
+                        PORT_SetError(SEC_ERROR_NO_MEMORY);
+                        PK11_FreeSlotList(sl);
+                        return NULL;
+                    }
+                    for (le = sl->head; le; le = le->next) {
+                        memcpy(slotid->data, &le->slot->slotID,
+                               sizeof(CK_SLOT_ID));
+                        memcpy(&slotid->data[sizeof(CK_SLOT_ID)],
+                               &le->slot->module->moduleID,
+                               sizeof(SECMODModuleID));
+                        /*
+                         * Any changes with the slot since our last check?
+                         * If so, re-read the certs in that specific slot.
+                         */
+                        if (cert_SubjectKeyIDSlotCheckSeries(slotid) != PK11_GetSlotSeries(le->slot)) {
+                            CERTCertListNode *node = NULL;
+                            SECItem subjKeyID = { siBuffer, NULL, 0 };
+                            CERTCertList *cl = PK11_ListCertsInSlot(le->slot);
+                            if (!cl) {
+                                continue;
+                            }
+                            for (node = CERT_LIST_HEAD(cl);
+                                 !CERT_LIST_END(node, cl);
+                                 node = CERT_LIST_NEXT(node)) {
+                                if (CERT_IsUserCert(node->cert) &&
+                                    CERT_FindSubjectKeyIDExtension(node->cert,
+                                                                   &subjKeyID) == SECSuccess) {
+                                    if (subjKeyID.data) {
+                                        cert_AddSubjectKeyIDMapping(&subjKeyID,
+                                                                    node->cert);
+                                        cert_UpdateSubjectKeyIDSlotCheck(slotid,
+                                                                         PK11_GetSlotSeries(le->slot));
+                                    }
+                                    SECITEM_FreeItem(&subjKeyID, PR_FALSE);
+                                }
+                            }
+                            CERT_DestroyCertList(cl);
+                        }
+                    }
+                    PK11_FreeSlotList(sl);
+                    SECITEM_FreeItem(slotid, PR_TRUE);
+                }
+                /* only check once per message/recipientlist */
+                tokenRescanDone = PR_TRUE;
+                /* do another lookup (hopefully we found that cert...) */
+                derCert = cert_FindDERCertBySubjectKeyID(ri->id.subjectKeyID);
+            }
+            if (derCert) {
+                cert = PK11_FindCertFromDERCertItem(slot, derCert, pwarg);
+                SECITEM_FreeItem(derCert, PR_TRUE);
+            }
+        } else {
+            cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN,
+                                                     pwarg);
+        }
+        if (cert) {
+            /* this isn't our cert */
+            if (CERT_GetCertTrust(cert, &trust) != SECSuccess ||
+                ((trust.emailFlags & CERTDB_USER) != CERTDB_USER)) {
+                CERT_DestroyCertificate(cert);
+                continue;
+            }
+            ri->slot = PK11_ReferenceSlot(slot);
+            *rlIndex = i;
+            return cert;
+        }
+    }
+    *rlIndex = -1;
+    return NULL;
+}
+
+/*
+ * This function is the same as above, but it searches all the slots.
+ * this is the new version for NSS SMIME code
+ * this stuff should REALLY be in the SMIME code, but some things in here are not public
+ * (they should be!)
+ */
+static CERTCertificate *
+pk11_AllFindCertObjectByRecipientNew(NSSCMSRecipient **recipientlist, void *wincx, int *rlIndex)
+{
+    PK11SlotList *list;
+    PK11SlotListElement *le;
+    CERTCertificate *cert = NULL;
+    SECStatus rv;
+
+    /* get them all! */
+    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, wincx);
+    if (list == NULL) {
+        return CK_INVALID_HANDLE;
+    }
+
+    /* Look for the slot that holds the Key */
+    for (le = list->head; le; le = le->next) {
+        rv = pk11_AuthenticateUnfriendly(le->slot, PR_TRUE, wincx);
+        if (rv != SECSuccess)
+            continue;
+
+        cert = pk11_FindCertObjectByRecipientNew(le->slot,
+                                                 recipientlist, rlIndex, wincx);
+        if (cert)
+            break;
+    }
+
+    PK11_FreeSlotList(list);
+
+    return cert;
+}
+
+/*
+ * We're looking for a cert which we have the private key for that's on the
+ * list of recipients. This searches one slot.
+ */
+static CERTCertificate *
+pk11_FindCertObjectByRecipient(PK11SlotInfo *slot,
+                               SEC_PKCS7RecipientInfo **recipientArray,
+                               SEC_PKCS7RecipientInfo **rip, void *pwarg)
+{
+    SEC_PKCS7RecipientInfo *ri = NULL;
+    CERTCertTrust trust;
+    int i;
+
+    for (i = 0; (ri = recipientArray[i]) != NULL; i++) {
+        CERTCertificate *cert;
+
+        cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->issuerAndSN,
+                                                 pwarg);
+        if (cert) {
+            /* this isn't our cert */
+            if (CERT_GetCertTrust(cert, &trust) != SECSuccess ||
+                ((trust.emailFlags & CERTDB_USER) != CERTDB_USER)) {
+                CERT_DestroyCertificate(cert);
+                continue;
+            }
+            *rip = ri;
+            return cert;
+        }
+    }
+    *rip = NULL;
+    return NULL;
+}
+
+/*
+ * This function is the same as above, but it searches all the slots.
+ */
+static CERTCertificate *
+pk11_AllFindCertObjectByRecipient(PK11SlotInfo **slotPtr,
+                                  SEC_PKCS7RecipientInfo **recipientArray,
+                                  SEC_PKCS7RecipientInfo **rip,
+                                  void *wincx)
+{
+    PK11SlotList *list;
+    PK11SlotListElement *le;
+    CERTCertificate *cert = NULL;
+    PK11SlotInfo *slot = NULL;
+    SECStatus rv;
+
+    *slotPtr = NULL;
+
+    /* get them all! */
+    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, wincx);
+    if (list == NULL) {
+        return CK_INVALID_HANDLE;
+    }
+
+    *rip = NULL;
+
+    /* Look for the slot that holds the Key */
+    for (le = list->head; le; le = le->next) {
+        rv = pk11_AuthenticateUnfriendly(le->slot, PR_TRUE, wincx);
+        if (rv != SECSuccess)
+            continue;
+
+        cert = pk11_FindCertObjectByRecipient(le->slot, recipientArray,
+                                              rip, wincx);
+        if (cert) {
+            slot = PK11_ReferenceSlot(le->slot);
+            break;
+        }
+    }
+
+    PK11_FreeSlotList(list);
+
+    if (slot == NULL) {
+        return NULL;
+    }
+    *slotPtr = slot;
+    PORT_Assert(cert != NULL);
+    return cert;
+}
+
+/*
+ * We need to invert the search logic for PKCS 7 because if we search for
+ * each cert on the list over all the slots, we wind up with lots of spurious
+ * password prompts. This way we get only one password prompt per slot, at
+ * the max, and most of the time we can find the cert, and only prompt for
+ * the key...
+ */
+CERTCertificate *
+PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slotPtr,
+                                   SEC_PKCS7RecipientInfo **array,
+                                   SEC_PKCS7RecipientInfo **rip,
+                                   SECKEYPrivateKey **privKey, void *wincx)
+{
+    CERTCertificate *cert = NULL;
+
+    *privKey = NULL;
+    *slotPtr = NULL;
+    cert = pk11_AllFindCertObjectByRecipient(slotPtr, array, rip, wincx);
+    if (!cert) {
+        return NULL;
+    }
+
+    *privKey = PK11_FindKeyByAnyCert(cert, wincx);
+    if (*privKey == NULL) {
+        goto loser;
+    }
+
+    return cert;
+loser:
+    if (cert)
+        CERT_DestroyCertificate(cert);
+    if (*slotPtr)
+        PK11_FreeSlot(*slotPtr);
+    *slotPtr = NULL;
+    return NULL;
+}
+
+/*
+ * This is the new version of the above function for NSS SMIME code
+ * this stuff should REALLY be in the SMIME code, but some things in here are not public
+ * (they should be!)
+ */
+int
+PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist, void *wincx)
+{
+    CERTCertificate *cert;
+    NSSCMSRecipient *rl;
+    PRStatus rv;
+    int rlIndex;
+
+    rv = PR_CallOnceWithArg(&keyIDHashCallOnce, pk11_keyIDHash_populate, wincx);
+    if (rv != PR_SUCCESS)
+        return -1;
+
+    cert = pk11_AllFindCertObjectByRecipientNew(recipientlist, wincx, &rlIndex);
+    if (!cert) {
+        return -1;
+    }
+
+    rl = recipientlist[rlIndex];
+
+    /* at this point, rl->slot is set */
+
+    rl->privkey = PK11_FindKeyByAnyCert(cert, wincx);
+    if (rl->privkey == NULL) {
+        goto loser;
+    }
+
+    /* make a cert from the cert handle */
+    rl->cert = cert;
+    return rlIndex;
+
+loser:
+    if (cert)
+        CERT_DestroyCertificate(cert);
+    if (rl->slot)
+        PK11_FreeSlot(rl->slot);
+    rl->slot = NULL;
+    return -1;
+}
+
+CERTCertificate *
+PK11_FindCertByIssuerAndSN(PK11SlotInfo **slotPtr, CERTIssuerAndSN *issuerSN,
+                           void *wincx)
+{
+    CERTCertificate *rvCert = NULL;
+    NSSCertificate *cert;
+    NSSDER issuer, serial;
+    NSSCryptoContext *cc;
+    SECItem *derSerial;
+
+    if (!issuerSN || !issuerSN->derIssuer.data || !issuerSN->derIssuer.len ||
+        !issuerSN->serialNumber.data || !issuerSN->serialNumber.len ||
+        issuerSN->derIssuer.len > CERT_MAX_DN_BYTES ||
+        issuerSN->serialNumber.len > CERT_MAX_SERIAL_NUMBER_BYTES) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (slotPtr)
+        *slotPtr = NULL;
+
+    /* PKCS#11 needs to use DER-encoded serial numbers.  Create a
+     * CERTIssuerAndSN that actually has the encoded value and pass that
+     * to PKCS#11 (and the crypto context).
+     */
+    derSerial = SEC_ASN1EncodeItem(NULL, NULL,
+                                   &issuerSN->serialNumber,
+                                   SEC_ASN1_GET(SEC_IntegerTemplate));
+    if (!derSerial) {
+        return NULL;
+    }
+
+    NSSITEM_FROM_SECITEM(&issuer, &issuerSN->derIssuer);
+    NSSITEM_FROM_SECITEM(&serial, derSerial);
+
+    cc = STAN_GetDefaultCryptoContext();
+    cert = NSSCryptoContext_FindCertificateByIssuerAndSerialNumber(cc,
+                                                                   &issuer,
+                                                                   &serial);
+    if (cert) {
+        SECITEM_FreeItem(derSerial, PR_TRUE);
+        return STAN_GetCERTCertificateOrRelease(cert);
+    }
+
+    do {
+        /* free the old cert on retry. Associated slot was not present */
+        if (rvCert) {
+            CERT_DestroyCertificate(rvCert);
+            rvCert = NULL;
+        }
+
+        cert = NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(
+            STAN_GetDefaultTrustDomain(),
+            &issuer,
+            &serial);
+        if (!cert) {
+            break;
+        }
+
+        rvCert = STAN_GetCERTCertificateOrRelease(cert);
+        if (rvCert == NULL) {
+            break;
+        }
+
+        /* Check to see if the cert's token is still there */
+    } while (!PK11_IsPresent(rvCert->slot));
+
+    if (rvCert && slotPtr)
+        *slotPtr = PK11_ReferenceSlot(rvCert->slot);
+
+    SECITEM_FreeItem(derSerial, PR_TRUE);
+    return rvCert;
+}
+
+CK_OBJECT_HANDLE
+PK11_FindObjectForCert(CERTCertificate *cert, void *wincx, PK11SlotInfo **pSlot)
+{
+    CK_OBJECT_HANDLE certHandle;
+    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
+    CK_ATTRIBUTE *attr;
+    CK_ATTRIBUTE searchTemplate[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_VALUE, NULL, 0 },
+    };
+    int templateSize = sizeof(searchTemplate) / sizeof(searchTemplate[0]);
+
+    attr = searchTemplate;
+    PK11_SETATTRS(attr, CKA_CLASS, &certClass, sizeof(certClass));
+    attr++;
+    PK11_SETATTRS(attr, CKA_VALUE, cert->derCert.data, cert->derCert.len);
+
+    if (cert->slot) {
+        certHandle = pk11_getcerthandle(cert->slot, cert, searchTemplate,
+                                        templateSize);
+        if (certHandle != CK_INVALID_HANDLE) {
+            *pSlot = PK11_ReferenceSlot(cert->slot);
+            return certHandle;
+        }
+    }
+
+    certHandle = pk11_FindCertObjectByTemplate(pSlot, searchTemplate,
+                                               templateSize, wincx);
+    if (certHandle != CK_INVALID_HANDLE) {
+        if (cert->slot == NULL) {
+            cert->slot = PK11_ReferenceSlot(*pSlot);
+            cert->pkcs11ID = certHandle;
+            cert->ownSlot = PR_TRUE;
+            cert->series = cert->slot->series;
+        }
+    }
+
+    return (certHandle);
+}
+
+SECKEYPrivateKey *
+PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx)
+{
+    CK_OBJECT_HANDLE certHandle;
+    CK_OBJECT_HANDLE keyHandle;
+    PK11SlotInfo *slot = NULL;
+    SECKEYPrivateKey *privKey = NULL;
+    PRBool needLogin;
+    SECStatus rv;
+    int err;
+
+    certHandle = PK11_FindObjectForCert(cert, wincx, &slot);
+    if (certHandle == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+    /*
+     * prevent a login race condition. If slot is logged in between
+     * our call to pk11_LoginStillRequired and the
+     * PK11_MatchItem. The matchItem call will either succeed, or
+     * we will call it one more time after calling PK11_Authenticate
+     * (which is a noop on an authenticated token).
+     */
+    needLogin = pk11_LoginStillRequired(slot, wincx);
+    keyHandle = PK11_MatchItem(slot, certHandle, CKO_PRIVATE_KEY);
+    if ((keyHandle == CK_INVALID_HANDLE) && needLogin &&
+        (SSL_ERROR_NO_CERTIFICATE == (err = PORT_GetError()) ||
+         SEC_ERROR_TOKEN_NOT_LOGGED_IN == err)) {
+        /* authenticate and try again */
+        rv = PK11_Authenticate(slot, PR_TRUE, wincx);
+        if (rv == SECSuccess) {
+            keyHandle = PK11_MatchItem(slot, certHandle, CKO_PRIVATE_KEY);
+        }
+    }
+    if (keyHandle != CK_INVALID_HANDLE) {
+        privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    return privKey;
+}
+
+CK_OBJECT_HANDLE
+pk11_FindPubKeyByAnyCert(CERTCertificate *cert, PK11SlotInfo **slot, void *wincx)
+{
+    CK_OBJECT_HANDLE certHandle;
+    CK_OBJECT_HANDLE keyHandle;
+
+    certHandle = PK11_FindObjectForCert(cert, wincx, slot);
+    if (certHandle == CK_INVALID_HANDLE) {
+        return CK_INVALID_HANDLE;
+    }
+    keyHandle = PK11_MatchItem(*slot, certHandle, CKO_PUBLIC_KEY);
+    if (keyHandle == CK_INVALID_HANDLE) {
+        PK11_FreeSlot(*slot);
+        return CK_INVALID_HANDLE;
+    }
+    return keyHandle;
+}
+
+/*
+ * find the number of certs in the slot with the same subject name
+ */
+int
+PK11_NumberCertsForCertSubject(CERTCertificate *cert)
+{
+    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_SUBJECT, NULL, 0 },
+    };
+    CK_ATTRIBUTE *attr = theTemplate;
+    int templateSize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+
+    PK11_SETATTRS(attr, CKA_CLASS, &certClass, sizeof(certClass));
+    attr++;
+    PK11_SETATTRS(attr, CKA_SUBJECT, cert->derSubject.data, cert->derSubject.len);
+
+    if (cert->slot == NULL) {
+        PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
+                                               PR_FALSE, PR_TRUE, NULL);
+        PK11SlotListElement *le;
+        int count = 0;
+
+        if (!list) {
+            /* error code is set */
+            return 0;
+        }
+
+        /* loop through all the fortezza tokens */
+        for (le = list->head; le; le = le->next) {
+            count += PK11_NumberObjectsFor(le->slot, theTemplate, templateSize);
+        }
+        PK11_FreeSlotList(list);
+        return count;
+    }
+
+    return PK11_NumberObjectsFor(cert->slot, theTemplate, templateSize);
+}
+
+/*
+ *  Walk all the certs with the same subject
+ */
+SECStatus
+PK11_TraverseCertsForSubject(CERTCertificate *cert,
+                             SECStatus (*callback)(CERTCertificate *, void *), void *arg)
+{
+    if (!cert) {
+        return SECFailure;
+    }
+    if (cert->slot == NULL) {
+        PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
+                                               PR_FALSE, PR_TRUE, NULL);
+        PK11SlotListElement *le;
+
+        if (!list) {
+            /* error code is set */
+            return SECFailure;
+        }
+        /* loop through all the tokens */
+        for (le = list->head; le; le = le->next) {
+            PK11_TraverseCertsForSubjectInSlot(cert, le->slot, callback, arg);
+        }
+        PK11_FreeSlotList(list);
+        return SECSuccess;
+    }
+
+    return PK11_TraverseCertsForSubjectInSlot(cert, cert->slot, callback, arg);
+}
+
+SECStatus
+PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert, PK11SlotInfo *slot,
+                                   SECStatus (*callback)(CERTCertificate *, void *), void *arg)
+{
+    PRStatus nssrv = PR_SUCCESS;
+    NSSToken *token;
+    NSSDER subject;
+    NSSTrustDomain *td;
+    nssList *subjectList;
+    nssPKIObjectCollection *collection;
+    nssCryptokiObject **instances;
+    NSSCertificate **certs;
+    nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+    td = STAN_GetDefaultTrustDomain();
+    NSSITEM_FROM_SECITEM(&subject, &cert->derSubject);
+    token = PK11Slot_GetNSSToken(slot);
+    if (!nssToken_IsPresent(token)) {
+        return SECSuccess;
+    }
+    collection = nssCertificateCollection_Create(td, NULL);
+    if (!collection) {
+        return SECFailure;
+    }
+    subjectList = nssList_Create(NULL, PR_FALSE);
+    if (!subjectList) {
+        nssPKIObjectCollection_Destroy(collection);
+        return SECFailure;
+    }
+    (void)nssTrustDomain_GetCertsForSubjectFromCache(td, &subject,
+                                                     subjectList);
+    transfer_token_certs_to_collection(subjectList, token, collection);
+    instances = nssToken_FindCertificatesBySubject(token, NULL,
+                                                   &subject,
+                                                   tokenOnly, 0, &nssrv);
+    nssPKIObjectCollection_AddInstances(collection, instances, 0);
+    nss_ZFreeIf(instances);
+    nssList_Destroy(subjectList);
+    certs = nssPKIObjectCollection_GetCertificates(collection,
+                                                   NULL, 0, NULL);
+    nssPKIObjectCollection_Destroy(collection);
+    if (certs) {
+        CERTCertificate *oldie;
+        NSSCertificate **cp;
+        for (cp = certs; *cp; cp++) {
+            oldie = STAN_GetCERTCertificate(*cp);
+            if (!oldie) {
+                continue;
+            }
+            if ((*callback)(oldie, arg) != SECSuccess) {
+                nssrv = PR_FAILURE;
+                break;
+            }
+        }
+        nssCertificateArray_Destroy(certs);
+    }
+    return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
+}
+
+SECStatus
+PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot,
+                                    SECStatus (*callback)(CERTCertificate *, void *), void *arg)
+{
+    PRStatus nssrv = PR_SUCCESS;
+    NSSToken *token;
+    NSSTrustDomain *td;
+    NSSUTF8 *nick;
+    PRBool created = PR_FALSE;
+    nssCryptokiObject **instances;
+    nssPKIObjectCollection *collection = NULL;
+    NSSCertificate **certs;
+    nssList *nameList = NULL;
+    nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+    token = PK11Slot_GetNSSToken(slot);
+    if (!nssToken_IsPresent(token)) {
+        return SECSuccess;
+    }
+    if (nickname->data[nickname->len - 1] != '\0') {
+        nick = nssUTF8_Create(NULL, nssStringType_UTF8String,
+                              nickname->data, nickname->len);
+        created = PR_TRUE;
+    } else {
+        nick = (NSSUTF8 *)nickname->data;
+    }
+    td = STAN_GetDefaultTrustDomain();
+    collection = nssCertificateCollection_Create(td, NULL);
+    if (!collection) {
+        goto loser;
+    }
+    nameList = nssList_Create(NULL, PR_FALSE);
+    if (!nameList) {
+        goto loser;
+    }
+    (void)nssTrustDomain_GetCertsForNicknameFromCache(td, nick, nameList);
+    transfer_token_certs_to_collection(nameList, token, collection);
+    instances = nssToken_FindCertificatesByNickname(token, NULL,
+                                                    nick,
+                                                    tokenOnly, 0, &nssrv);
+    nssPKIObjectCollection_AddInstances(collection, instances, 0);
+    nss_ZFreeIf(instances);
+    nssList_Destroy(nameList);
+    certs = nssPKIObjectCollection_GetCertificates(collection,
+                                                   NULL, 0, NULL);
+    nssPKIObjectCollection_Destroy(collection);
+    if (certs) {
+        CERTCertificate *oldie;
+        NSSCertificate **cp;
+        for (cp = certs; *cp; cp++) {
+            oldie = STAN_GetCERTCertificate(*cp);
+            if (!oldie) {
+                continue;
+            }
+            if ((*callback)(oldie, arg) != SECSuccess) {
+                nssrv = PR_FAILURE;
+                break;
+            }
+        }
+        nssCertificateArray_Destroy(certs);
+    }
+    if (created)
+        nss_ZFreeIf(nick);
+    return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
+loser:
+    if (created) {
+        nss_ZFreeIf(nick);
+    }
+    if (collection) {
+        nssPKIObjectCollection_Destroy(collection);
+    }
+    if (nameList) {
+        nssList_Destroy(nameList);
+    }
+    return SECFailure;
+}
+
+SECStatus
+PK11_TraverseCertsInSlot(PK11SlotInfo *slot,
+                         SECStatus (*callback)(CERTCertificate *, void *), void *arg)
+{
+    PRStatus nssrv;
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+    NSSToken *tok;
+    nssList *certList = NULL;
+    nssCryptokiObject **instances;
+    nssPKIObjectCollection *collection;
+    NSSCertificate **certs;
+    nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+    tok = PK11Slot_GetNSSToken(slot);
+    if (!nssToken_IsPresent(tok)) {
+        return SECSuccess;
+    }
+    collection = nssCertificateCollection_Create(td, NULL);
+    if (!collection) {
+        return SECFailure;
+    }
+    certList = nssList_Create(NULL, PR_FALSE);
+    if (!certList) {
+        nssPKIObjectCollection_Destroy(collection);
+        return SECFailure;
+    }
+    (void)nssTrustDomain_GetCertsFromCache(td, certList);
+    transfer_token_certs_to_collection(certList, tok, collection);
+    instances = nssToken_FindObjects(tok, NULL, CKO_CERTIFICATE,
+                                     tokenOnly, 0, &nssrv);
+    nssPKIObjectCollection_AddInstances(collection, instances, 0);
+    nss_ZFreeIf(instances);
+    nssList_Destroy(certList);
+    certs = nssPKIObjectCollection_GetCertificates(collection,
+                                                   NULL, 0, NULL);
+    nssPKIObjectCollection_Destroy(collection);
+    if (certs) {
+        CERTCertificate *oldie;
+        NSSCertificate **cp;
+        for (cp = certs; *cp; cp++) {
+            oldie = STAN_GetCERTCertificate(*cp);
+            if (!oldie) {
+                continue;
+            }
+            if ((*callback)(oldie, arg) != SECSuccess) {
+                nssrv = PR_FAILURE;
+                break;
+            }
+        }
+        nssCertificateArray_Destroy(certs);
+    }
+    return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
+}
+
+/*
+ * return the certificate associated with a derCert
+ */
+CERTCertificate *
+PK11_FindCertFromDERCert(PK11SlotInfo *slot, CERTCertificate *cert,
+                         void *wincx)
+{
+    return PK11_FindCertFromDERCertItem(slot, &cert->derCert, wincx);
+}
+
+CERTCertificate *
+PK11_FindCertFromDERCertItem(PK11SlotInfo *slot, const SECItem *inDerCert,
+                             void *wincx)
+
+{
+    NSSDER derCert;
+    NSSToken *tok;
+    nssCryptokiObject *co = NULL;
+    SECStatus rv;
+    CERTCertificate *cert = NULL;
+
+    tok = PK11Slot_GetNSSToken(slot);
+    NSSITEM_FROM_SECITEM(&derCert, inDerCert);
+    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+    if (rv != SECSuccess) {
+        PK11_FreeSlot(slot);
+        return NULL;
+    }
+
+    co = nssToken_FindCertificateByEncodedCertificate(tok, NULL, &derCert,
+                                                      nssTokenSearchType_TokenOnly, NULL);
+
+    if (co) {
+        cert = PK11_MakeCertFromHandle(slot, co->handle, NULL);
+        nssCryptokiObject_Destroy(co);
+    }
+
+    return cert;
+}
+
+/*
+ * import a cert for a private key we have already generated. Set the label
+ * on both to be the nickname.
+ */
+static CK_OBJECT_HANDLE
+pk11_findKeyObjectByDERCert(PK11SlotInfo *slot, CERTCertificate *cert,
+                            void *wincx)
+{
+    SECItem *keyID;
+    CK_OBJECT_HANDLE key;
+    SECStatus rv;
+    PRBool needLogin;
+    int err;
+
+    if ((slot == NULL) || (cert == NULL)) {
+        return CK_INVALID_HANDLE;
+    }
+
+    keyID = pk11_mkcertKeyID(cert);
+    if (keyID == NULL) {
+        return CK_INVALID_HANDLE;
+    }
+
+    /*
+     * prevent a login race condition. If slot is logged in between
+     * our call to pk11_LoginStillRequired and the
+     * pk11_FindPrivateKeyFromCerID. The matchItem call will either succeed, or
+     * we will call it one more time after calling PK11_Authenticate
+     * (which is a noop on an authenticated token).
+     */
+    needLogin = pk11_LoginStillRequired(slot, wincx);
+    key = pk11_FindPrivateKeyFromCertID(slot, keyID);
+    if ((key == CK_INVALID_HANDLE) && needLogin &&
+        (SSL_ERROR_NO_CERTIFICATE == (err = PORT_GetError()) ||
+         SEC_ERROR_TOKEN_NOT_LOGGED_IN == err)) {
+        /* authenticate and try again */
+        rv = PK11_Authenticate(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess)
+            goto loser;
+        key = pk11_FindPrivateKeyFromCertID(slot, keyID);
+    }
+
+loser:
+    SECITEM_ZfreeItem(keyID, PR_TRUE);
+    return key;
+}
+
+SECKEYPrivateKey *
+PK11_FindKeyByDERCert(PK11SlotInfo *slot, CERTCertificate *cert,
+                      void *wincx)
+{
+    CK_OBJECT_HANDLE keyHandle;
+
+    if ((slot == NULL) || (cert == NULL)) {
+        return NULL;
+    }
+
+    keyHandle = pk11_findKeyObjectByDERCert(slot, cert, wincx);
+    if (keyHandle == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+
+    return PK11_MakePrivKey(slot, nullKey, PR_TRUE, keyHandle, wincx);
+}
+
+SECStatus
+PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert,
+                            char *nickname,
+                            PRBool addCertUsage, void *wincx)
+{
+    CK_OBJECT_HANDLE keyHandle;
+
+    if ((slot == NULL) || (cert == NULL) || (nickname == NULL)) {
+        return SECFailure;
+    }
+
+    keyHandle = pk11_findKeyObjectByDERCert(slot, cert, wincx);
+    if (keyHandle == CK_INVALID_HANDLE) {
+        return SECFailure;
+    }
+
+    return PK11_ImportCert(slot, cert, keyHandle, nickname, addCertUsage);
+}
+
+/* remove when the real version comes out */
+#define SEC_OID_MISSI_KEA 300 /* until we have v3 stuff merged */
+PRBool
+KEAPQGCompare(CERTCertificate *server, CERTCertificate *cert)
+{
+
+    /* not implemented */
+    return PR_FALSE;
+}
+
+PRBool
+PK11_FortezzaHasKEA(CERTCertificate *cert)
+{
+    /* look at the subject and see if it is a KEA for MISSI key */
+    SECOidData *oid;
+    CERTCertTrust trust;
+
+    if (CERT_GetCertTrust(cert, &trust) != SECSuccess ||
+        ((trust.sslFlags & CERTDB_USER) != CERTDB_USER)) {
+        return PR_FALSE;
+    }
+
+    oid = SECOID_FindOID(&cert->subjectPublicKeyInfo.algorithm.algorithm);
+    if (!oid) {
+        return PR_FALSE;
+    }
+
+    return (PRBool)((oid->offset == SEC_OID_MISSI_KEA_DSS_OLD) ||
+                    (oid->offset == SEC_OID_MISSI_KEA_DSS) ||
+                    (oid->offset == SEC_OID_MISSI_KEA));
+}
+
+/*
+ * Find a kea cert on this slot that matches the domain of it's peer
+ */
+static CERTCertificate
+    *
+    pk11_GetKEAMate(PK11SlotInfo *slot, CERTCertificate *peer)
+{
+    int i;
+    CERTCertificate *returnedCert = NULL;
+
+    for (i = 0; i < slot->cert_count; i++) {
+        CERTCertificate *cert = slot->cert_array[i];
+
+        if (PK11_FortezzaHasKEA(cert) && KEAPQGCompare(peer, cert)) {
+            returnedCert = CERT_DupCertificate(cert);
+            break;
+        }
+    }
+    return returnedCert;
+}
+
+/*
+ * The following is a FORTEZZA only Certificate request. We call this when we
+ * are doing a non-client auth SSL connection. We are only interested in the
+ * fortezza slots, and we are only interested in certs that share the same root
+ * key as the server.
+ */
+CERTCertificate *
+PK11_FindBestKEAMatch(CERTCertificate *server, void *wincx)
+{
+    PK11SlotList *keaList = PK11_GetAllTokens(CKM_KEA_KEY_DERIVE,
+                                              PR_FALSE, PR_TRUE, wincx);
+    PK11SlotListElement *le;
+    CERTCertificate *returnedCert = NULL;
+    SECStatus rv;
+
+    if (!keaList) {
+        /* error code is set */
+        return NULL;
+    }
+
+    /* loop through all the fortezza tokens */
+    for (le = keaList->head; le; le = le->next) {
+        rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
+        if (rv != SECSuccess)
+            continue;
+        if (le->slot->session == CK_INVALID_SESSION) {
+            continue;
+        }
+        returnedCert = pk11_GetKEAMate(le->slot, server);
+        if (returnedCert)
+            break;
+    }
+    PK11_FreeSlotList(keaList);
+
+    return returnedCert;
+}
+
+/*
+ * find a matched pair of kea certs to key exchange parameters from one
+ * fortezza card to another as necessary.
+ */
+SECStatus
+PK11_GetKEAMatchedCerts(PK11SlotInfo *slot1, PK11SlotInfo *slot2,
+                        CERTCertificate **cert1, CERTCertificate **cert2)
+{
+    CERTCertificate *returnedCert = NULL;
+    int i;
+
+    for (i = 0; i < slot1->cert_count; i++) {
+        CERTCertificate *cert = slot1->cert_array[i];
+
+        if (PK11_FortezzaHasKEA(cert)) {
+            returnedCert = pk11_GetKEAMate(slot2, cert);
+            if (returnedCert != NULL) {
+                *cert2 = returnedCert;
+                *cert1 = CERT_DupCertificate(cert);
+                return SECSuccess;
+            }
+        }
+    }
+    return SECFailure;
+}
+
+/*
+ * return the private key From a given Cert
+ */
+CK_OBJECT_HANDLE
+PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert, void *wincx)
+{
+    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_VALUE, NULL, 0 },
+        { CKA_CLASS, NULL, 0 }
+    };
+    /* if you change the array, change the variable below as well */
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    CK_ATTRIBUTE *attrs = theTemplate;
+    SECStatus rv;
+
+    PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data,
+                  cert->derCert.len);
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
+
+    /*
+     * issue the find
+     */
+    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+    if (rv != SECSuccess) {
+        return CK_INVALID_HANDLE;
+    }
+
+    return pk11_getcerthandle(slot, cert, theTemplate, tsize);
+}
+
+/* Looking for PK11_GetKeyIDFromCert?
+ * Use PK11_GetLowLevelKeyIDForCert instead.
+ */
+
+struct listCertsStr {
+    PK11CertListType type;
+    CERTCertList *certList;
+};
+
+static PRStatus
+pk11ListCertCallback(NSSCertificate *c, void *arg)
+{
+    struct listCertsStr *listCertP = (struct listCertsStr *)arg;
+    CERTCertificate *newCert = NULL;
+    PK11CertListType type = listCertP->type;
+    CERTCertList *certList = listCertP->certList;
+    PRBool isUnique = PR_FALSE;
+    PRBool isCA = PR_FALSE;
+    char *nickname = NULL;
+    unsigned int certType;
+    SECStatus rv;
+
+    if ((type == PK11CertListUnique) || (type == PK11CertListRootUnique) ||
+        (type == PK11CertListCAUnique) || (type == PK11CertListUserUnique)) {
+        /* only list one instance of each certificate, even if several exist */
+        isUnique = PR_TRUE;
+    }
+    if ((type == PK11CertListCA) || (type == PK11CertListRootUnique) ||
+        (type == PK11CertListCAUnique)) {
+        isCA = PR_TRUE;
+    }
+
+    /* if we want user certs and we don't have one skip this cert */
+    if (((type == PK11CertListUser) || (type == PK11CertListUserUnique)) &&
+        !NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) {
+        return PR_SUCCESS;
+    }
+
+    /* PK11CertListRootUnique means we want CA certs without a private key.
+     * This is for legacy app support . PK11CertListCAUnique should be used
+     * instead to get all CA certs, regardless of private key
+     */
+    if ((type == PK11CertListRootUnique) &&
+        NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) {
+        return PR_SUCCESS;
+    }
+
+    /* caller still owns the reference to 'c' */
+    newCert = STAN_GetCERTCertificate(c);
+    if (!newCert) {
+        return PR_SUCCESS;
+    }
+    /* if we want CA certs and it ain't one, skip it */
+    if (isCA && (!CERT_IsCACert(newCert, &certType))) {
+        return PR_SUCCESS;
+    }
+    if (isUnique) {
+        CERT_DupCertificate(newCert);
+
+        nickname = STAN_GetCERTCertificateName(certList->arena, c);
+
+        /* put slot certs at the end */
+        if (newCert->slot && !PK11_IsInternal(newCert->slot)) {
+            rv = CERT_AddCertToListTailWithData(certList, newCert, nickname);
+        } else {
+            rv = CERT_AddCertToListHeadWithData(certList, newCert, nickname);
+        }
+        /* if we didn't add the cert to the list, don't leak it */
+        if (rv != SECSuccess) {
+            CERT_DestroyCertificate(newCert);
+        }
+    } else {
+        /* add multiple instances to the cert list */
+        nssCryptokiObject **ip;
+        nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+        if (!instances) {
+            return PR_SUCCESS;
+        }
+        for (ip = instances; *ip; ip++) {
+            nssCryptokiObject *instance = *ip;
+            PK11SlotInfo *slot = instance->token->pk11slot;
+
+            /* put the same CERTCertificate in the list for all instances */
+            CERT_DupCertificate(newCert);
+
+            nickname = STAN_GetCERTCertificateNameForInstance(
+                certList->arena, c, instance);
+
+            /* put slot certs at the end */
+            if (slot && !PK11_IsInternal(slot)) {
+                rv = CERT_AddCertToListTailWithData(certList, newCert, nickname);
+            } else {
+                rv = CERT_AddCertToListHeadWithData(certList, newCert, nickname);
+            }
+            /* if we didn't add the cert to the list, don't leak it */
+            if (rv != SECSuccess) {
+                CERT_DestroyCertificate(newCert);
+            }
+        }
+        nssCryptokiObjectArray_Destroy(instances);
+    }
+    return PR_SUCCESS;
+}
+
+CERTCertList *
+PK11_ListCerts(PK11CertListType type, void *pwarg)
+{
+    NSSTrustDomain *defaultTD = STAN_GetDefaultTrustDomain();
+    CERTCertList *certList = NULL;
+    struct listCertsStr listCerts;
+    certList = CERT_NewCertList();
+    listCerts.type = type;
+    listCerts.certList = certList;
+
+    /* authenticate to the slots */
+    (void)pk11_TraverseAllSlots(NULL, NULL, PR_TRUE, pwarg);
+    NSSTrustDomain_TraverseCertificates(defaultTD, pk11ListCertCallback,
+                                        &listCerts);
+    return certList;
+}
+
+SECItem *
+PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
+                             CERTCertificate *cert, void *wincx)
+{
+    CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_VALUE, NULL, 0 },
+        { CKA_CLASS, NULL, 0 }
+    };
+    /* if you change the array, change the variable below as well */
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    CK_OBJECT_HANDLE certHandle;
+    CK_ATTRIBUTE *attrs = theTemplate;
+    PK11SlotInfo *slotRef = NULL;
+    SECItem *item;
+    SECStatus rv;
+
+    if (slot) {
+        PK11_SETATTRS(attrs, CKA_VALUE, cert->derCert.data,
+                      cert->derCert.len);
+        attrs++;
+        PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
+
+        rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            return NULL;
+        }
+        certHandle = pk11_getcerthandle(slot, cert, theTemplate, tsize);
+    } else {
+        certHandle = PK11_FindObjectForCert(cert, wincx, &slotRef);
+        if (certHandle == CK_INVALID_HANDLE) {
+            return pk11_mkcertKeyID(cert);
+        }
+        slot = slotRef;
+    }
+
+    if (certHandle == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+
+    item = pk11_GetLowLevelKeyFromHandle(slot, certHandle);
+    if (slotRef)
+        PK11_FreeSlot(slotRef);
+    return item;
+}
+
+/* argument type for listCertsCallback */
+typedef struct {
+    CERTCertList *list;
+    PK11SlotInfo *slot;
+} ListCertsArg;
+
+static SECStatus
+listCertsCallback(CERTCertificate *cert, void *arg)
+{
+    ListCertsArg *cdata = (ListCertsArg *)arg;
+    char *nickname = NULL;
+    nssCryptokiObject *instance, **ci;
+    nssCryptokiObject **instances;
+    NSSCertificate *c = STAN_GetNSSCertificate(cert);
+    SECStatus rv;
+
+    if (c == NULL) {
+        return SECFailure;
+    }
+    instances = nssPKIObject_GetInstances(&c->object);
+    if (!instances) {
+        return SECFailure;
+    }
+    instance = NULL;
+    for (ci = instances; *ci; ci++) {
+        if ((*ci)->token->pk11slot == cdata->slot) {
+            instance = *ci;
+            break;
+        }
+    }
+    PORT_Assert(instance != NULL);
+    if (!instance) {
+        nssCryptokiObjectArray_Destroy(instances);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    nickname = STAN_GetCERTCertificateNameForInstance(cdata->list->arena,
+                                                      c, instance);
+    nssCryptokiObjectArray_Destroy(instances);
+
+    CERT_DupCertificate(cert);
+    rv = CERT_AddCertToListTailWithData(cdata->list, cert, nickname);
+    if (rv != SECSuccess) {
+        CERT_DestroyCertificate(cert);
+    }
+    return rv;
+}
+
+CERTCertList *
+PK11_ListCertsInSlot(PK11SlotInfo *slot)
+{
+    SECStatus status;
+    CERTCertList *certs;
+    ListCertsArg cdata;
+
+    certs = CERT_NewCertList();
+    if (certs == NULL)
+        return NULL;
+    cdata.list = certs;
+    cdata.slot = slot;
+
+    status = PK11_TraverseCertsInSlot(slot, listCertsCallback,
+                                      &cdata);
+
+    if (status != SECSuccess) {
+        CERT_DestroyCertList(certs);
+        certs = NULL;
+    }
+
+    return certs;
+}
+
+PK11SlotList *
+PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg)
+{
+    nssCryptokiObject **ip;
+    PK11SlotList *slotList;
+    NSSCertificate *c;
+    nssCryptokiObject **instances;
+    PRBool found = PR_FALSE;
+
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    c = STAN_GetNSSCertificate(cert);
+    if (!c) {
+        CERT_MapStanError();
+        return NULL;
+    }
+
+    /* add multiple instances to the cert list */
+    instances = nssPKIObject_GetInstances(&c->object);
+    if (!instances) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
+    }
+
+    slotList = PK11_NewSlotList();
+    if (!slotList) {
+        nssCryptokiObjectArray_Destroy(instances);
+        return NULL;
+    }
+
+    for (ip = instances; *ip; ip++) {
+        nssCryptokiObject *instance = *ip;
+        PK11SlotInfo *slot = instance->token->pk11slot;
+        if (slot) {
+            PK11_AddSlotToList(slotList, slot, PR_TRUE);
+            found = PR_TRUE;
+        }
+    }
+    if (!found) {
+        PK11_FreeSlotList(slotList);
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        slotList = NULL;
+    }
+
+    nssCryptokiObjectArray_Destroy(instances);
+    return slotList;
+}
+
+/*
+ * Using __PK11_SetCertificateNickname is *DANGEROUS*.
+ *
+ * The API will update the NSS database, but it *will NOT* update the in-memory data.
+ * As a result, after calling this API, there will be INCONSISTENCY between
+ * in-memory data and the database.
+ *
+ * Use of the API should be limited to short-lived tools, which will exit immediately
+ * after using this API.
+ *
+ * If you ignore this warning, your process is TAINTED and will most likely misbehave.
+ */
+SECStatus
+__PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname)
+{
+    /* Can't set nickname of temp cert. */
+    if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname);
+}
diff --git a/nss/lib/pk11wrap/pk11cxt.c b/nss/lib/pk11wrap/pk11cxt.c
new file mode 100644
index 0000000..e9726d0
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11cxt.c
@@ -0,0 +1,1019 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file PK11Contexts which are  used in multipart hashing,
+ * encryption/decryption, and signing/verication operations.
+ */
+
+#include "seccomon.h"
+#include "secmod.h"
+#include "nssilock.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "sechash.h"
+#include "secerr.h"
+
+static const SECItem pk11_null_params = { 0 };
+
+/**********************************************************************
+ *
+ *                   Now Deal with Crypto Contexts
+ *
+ **********************************************************************/
+
+/*
+ * the monitors...
+ */
+void
+PK11_EnterContextMonitor(PK11Context *cx)
+{
+    /* if we own the session and our slot is ThreadSafe, only monitor
+     * the Context */
+    if ((cx->ownSession) && (cx->slot->isThreadSafe)) {
+        /* Should this use monitors instead? */
+        PZ_Lock(cx->sessionLock);
+    } else {
+        PK11_EnterSlotMonitor(cx->slot);
+    }
+}
+
+void
+PK11_ExitContextMonitor(PK11Context *cx)
+{
+    /* if we own the session and our slot is ThreadSafe, only monitor
+     * the Context */
+    if ((cx->ownSession) && (cx->slot->isThreadSafe)) {
+        /* Should this use monitors instead? */
+        PZ_Unlock(cx->sessionLock);
+    } else {
+        PK11_ExitSlotMonitor(cx->slot);
+    }
+}
+
+/*
+ * Free up a Cipher Context
+ */
+void
+PK11_DestroyContext(PK11Context *context, PRBool freeit)
+{
+    pk11_CloseSession(context->slot, context->session, context->ownSession);
+    /* initialize the critical fields of the context */
+    if (context->savedData != NULL)
+        PORT_Free(context->savedData);
+    if (context->key)
+        PK11_FreeSymKey(context->key);
+    if (context->param && context->param != &pk11_null_params)
+        SECITEM_FreeItem(context->param, PR_TRUE);
+    if (context->sessionLock)
+        PZ_DestroyLock(context->sessionLock);
+    PK11_FreeSlot(context->slot);
+    if (freeit)
+        PORT_Free(context);
+}
+
+/*
+ * save the current context. Allocate Space if necessary.
+ */
+static unsigned char *
+pk11_saveContextHelper(PK11Context *context, unsigned char *buffer,
+                       unsigned long *savedLength)
+{
+    CK_RV crv;
+
+    /* If buffer is NULL, this will get the length */
+    crv = PK11_GETTAB(context->slot)->C_GetOperationState(context->session, (CK_BYTE_PTR)buffer, savedLength);
+    if (!buffer || (crv == CKR_BUFFER_TOO_SMALL)) {
+        /* the given buffer wasn't big enough (or was NULL), but we
+         * have the length, so try again with a new buffer and the
+         * correct length
+         */
+        unsigned long bufLen = *savedLength;
+        buffer = PORT_Alloc(bufLen);
+        if (buffer == NULL) {
+            return (unsigned char *)NULL;
+        }
+        crv = PK11_GETTAB(context->slot)->C_GetOperationState(context->session, (CK_BYTE_PTR)buffer, savedLength);
+        if (crv != CKR_OK) {
+            PORT_ZFree(buffer, bufLen);
+        }
+    }
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return (unsigned char *)NULL;
+    }
+    return buffer;
+}
+
+void *
+pk11_saveContext(PK11Context *context, void *space, unsigned long *savedLength)
+{
+    return pk11_saveContextHelper(context,
+                                  (unsigned char *)space, savedLength);
+}
+
+/*
+ * restore the current context
+ */
+SECStatus
+pk11_restoreContext(PK11Context *context, void *space, unsigned long savedLength)
+{
+    CK_RV crv;
+    CK_OBJECT_HANDLE objectID = (context->key) ? context->key->objectID : CK_INVALID_HANDLE;
+
+    PORT_Assert(space != NULL);
+    if (space == NULL) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(context->slot)->C_SetOperationState(context->session, (CK_BYTE_PTR)space, savedLength, objectID, 0);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus pk11_Finalize(PK11Context *context);
+
+/*
+ * Context initialization. Used by all flavors of CreateContext
+ */
+static SECStatus
+pk11_context_init(PK11Context *context, CK_MECHANISM *mech_info)
+{
+    CK_RV crv;
+    PK11SymKey *symKey = context->key;
+    SECStatus rv = SECSuccess;
+
+    switch (context->operation) {
+        case CKA_ENCRYPT:
+            crv = PK11_GETTAB(context->slot)->C_EncryptInit(context->session, mech_info, symKey->objectID);
+            break;
+        case CKA_DECRYPT:
+            if (context->fortezzaHack) {
+                CK_ULONG count = 0;
+                /* generate the IV for fortezza */
+                crv = PK11_GETTAB(context->slot)->C_EncryptInit(context->session, mech_info, symKey->objectID);
+                if (crv != CKR_OK)
+                    break;
+                PK11_GETTAB(context->slot)
+                    ->C_EncryptFinal(context->session,
+                                     NULL, &count);
+            }
+            crv = PK11_GETTAB(context->slot)->C_DecryptInit(context->session, mech_info, symKey->objectID);
+            break;
+        case CKA_SIGN:
+            crv = PK11_GETTAB(context->slot)->C_SignInit(context->session, mech_info, symKey->objectID);
+            break;
+        case CKA_VERIFY:
+            crv = PK11_GETTAB(context->slot)->C_SignInit(context->session, mech_info, symKey->objectID);
+            break;
+        case CKA_DIGEST:
+            crv = PK11_GETTAB(context->slot)->C_DigestInit(context->session, mech_info);
+            break;
+        default:
+            crv = CKR_OPERATION_NOT_INITIALIZED;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    /*
+     * handle session starvation case.. use our last session to multiplex
+     */
+    if (!context->ownSession) {
+        context->savedData = pk11_saveContext(context, context->savedData,
+                                              &context->savedLength);
+        if (context->savedData == NULL)
+            rv = SECFailure;
+        /* clear out out session for others to use */
+        pk11_Finalize(context);
+    }
+    return rv;
+}
+
+/*
+ * Common Helper Function do come up with a new context.
+ */
+static PK11Context *
+pk11_CreateNewContextInSlot(CK_MECHANISM_TYPE type,
+                            PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey,
+                            SECItem *param)
+{
+    CK_MECHANISM mech_info;
+    PK11Context *context;
+    SECStatus rv;
+
+    PORT_Assert(slot != NULL);
+    if (!slot || (!symKey && ((operation != CKA_DIGEST) ||
+                              (type == CKM_SKIPJACK_CBC64)))) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    context = (PK11Context *)PORT_Alloc(sizeof(PK11Context));
+    if (context == NULL) {
+        return NULL;
+    }
+
+    /* now deal with the fortezza hack... the fortezza hack is an attempt
+     * to get around the issue of the card not allowing you to do a FORTEZZA
+     * LoadIV/Encrypt, which was added because such a combination could be
+     * use to circumvent the key escrow system. Unfortunately SSL needs to
+     * do this kind of operation, so in SSL we do a loadIV (to verify it),
+     * Then GenerateIV, and through away the first 8 bytes on either side
+     * of the connection.*/
+    context->fortezzaHack = PR_FALSE;
+    if (type == CKM_SKIPJACK_CBC64) {
+        if (symKey->origin == PK11_OriginFortezzaHack) {
+            context->fortezzaHack = PR_TRUE;
+        }
+    }
+
+    /* initialize the critical fields of the context */
+    context->operation = operation;
+    context->key = symKey ? PK11_ReferenceSymKey(symKey) : NULL;
+    context->slot = PK11_ReferenceSlot(slot);
+    context->session = pk11_GetNewSession(slot, &context->ownSession);
+    context->cx = symKey ? symKey->cx : NULL;
+    /* get our session */
+    context->savedData = NULL;
+
+    /* save the parameters so that some digesting stuff can do multiple
+     * begins on a single context */
+    context->type = type;
+    if (param) {
+        if (param->len > 0) {
+            context->param = SECITEM_DupItem(param);
+        } else {
+            context->param = (SECItem *)&pk11_null_params;
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        context->param = NULL;
+    }
+    context->init = PR_FALSE;
+    context->sessionLock = PZ_NewLock(nssILockPK11cxt);
+    if ((context->param == NULL) || (context->sessionLock == NULL)) {
+        PK11_DestroyContext(context, PR_TRUE);
+        return NULL;
+    }
+
+    mech_info.mechanism = type;
+    mech_info.pParameter = param->data;
+    mech_info.ulParameterLen = param->len;
+    PK11_EnterContextMonitor(context);
+    rv = pk11_context_init(context, &mech_info);
+    PK11_ExitContextMonitor(context);
+
+    if (rv != SECSuccess) {
+        PK11_DestroyContext(context, PR_TRUE);
+        return NULL;
+    }
+    context->init = PR_TRUE;
+    return context;
+}
+
+/*
+ * put together the various PK11_Create_Context calls used by different
+ * parts of libsec.
+ */
+PK11Context *
+__PK11_CreateContextByRawKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                             PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,
+                             SECItem *param, void *wincx)
+{
+    PK11SymKey *symKey = NULL;
+    PK11Context *context = NULL;
+
+    /* first get a slot */
+    if (slot == NULL) {
+        slot = PK11_GetBestSlot(type, wincx);
+        if (slot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            goto loser;
+        }
+    } else {
+        PK11_ReferenceSlot(slot);
+    }
+
+    /* now import the key */
+    symKey = PK11_ImportSymKey(slot, type, origin, operation, key, wincx);
+    if (symKey == NULL)
+        goto loser;
+
+    context = PK11_CreateContextBySymKey(type, operation, symKey, param);
+
+loser:
+    if (symKey) {
+        PK11_FreeSymKey(symKey);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+
+    return context;
+}
+
+PK11Context *
+PK11_CreateContextByRawKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                           PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,
+                           SECItem *param, void *wincx)
+{
+    return __PK11_CreateContextByRawKey(slot, type, origin, operation,
+                                        key, param, wincx);
+}
+
+/*
+ * Create a context from a key. We really should make sure we aren't using
+ * the same key in multiple session!
+ */
+PK11Context *
+PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE operation,
+                           PK11SymKey *symKey, SECItem *param)
+{
+    PK11SymKey *newKey;
+    PK11Context *context;
+
+    /* if this slot doesn't support the mechanism, go to a slot that does */
+    newKey = pk11_ForceSlot(symKey, type, operation);
+    if (newKey == NULL) {
+        PK11_ReferenceSymKey(symKey);
+    } else {
+        symKey = newKey;
+    }
+
+    /* Context Adopts the symKey.... */
+    context = pk11_CreateNewContextInSlot(type, symKey->slot, operation, symKey,
+                                          param);
+    PK11_FreeSymKey(symKey);
+    return context;
+}
+
+/*
+ * Digest contexts don't need keys, but the do need to find a slot.
+ * Macing should use PK11_CreateContextBySymKey.
+ */
+PK11Context *
+PK11_CreateDigestContext(SECOidTag hashAlg)
+{
+    /* digesting has to work without authentication to the slot */
+    CK_MECHANISM_TYPE type;
+    PK11SlotInfo *slot;
+    PK11Context *context;
+    SECItem param;
+
+    type = PK11_AlgtagToMechanism(hashAlg);
+    slot = PK11_GetBestSlot(type, NULL);
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return NULL;
+    }
+
+    /* maybe should really be PK11_GenerateNewParam?? */
+    param.data = NULL;
+    param.len = 0;
+    param.type = 0;
+
+    context = pk11_CreateNewContextInSlot(type, slot, CKA_DIGEST, NULL, &param);
+    PK11_FreeSlot(slot);
+    return context;
+}
+
+/*
+ * create a new context which is the clone of the state of old context.
+ */
+PK11Context *
+PK11_CloneContext(PK11Context *old)
+{
+    PK11Context *newcx;
+    PRBool needFree = PR_FALSE;
+    SECStatus rv = SECSuccess;
+    void *data;
+    unsigned long len;
+
+    newcx = pk11_CreateNewContextInSlot(old->type, old->slot, old->operation,
+                                        old->key, old->param);
+    if (newcx == NULL)
+        return NULL;
+
+    /* now clone the save state. First we need to find the save state
+      * of the old session. If the old context owns it's session,
+      * the state needs to be saved, otherwise the state is in saveData. */
+    if (old->ownSession) {
+        PK11_EnterContextMonitor(old);
+        data = pk11_saveContext(old, NULL, &len);
+        PK11_ExitContextMonitor(old);
+        needFree = PR_TRUE;
+    } else {
+        data = old->savedData;
+        len = old->savedLength;
+    }
+
+    if (data == NULL) {
+        PK11_DestroyContext(newcx, PR_TRUE);
+        return NULL;
+    }
+
+    /* now copy that state into our new context. Again we have different
+      * work if the new context owns it's own session. If it does, we
+      * restore the state gathered above. If it doesn't, we copy the
+      * saveData pointer... */
+    if (newcx->ownSession) {
+        PK11_EnterContextMonitor(newcx);
+        rv = pk11_restoreContext(newcx, data, len);
+        PK11_ExitContextMonitor(newcx);
+    } else {
+        PORT_Assert(newcx->savedData != NULL);
+        if ((newcx->savedData == NULL) || (newcx->savedLength < len)) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            rv = SECFailure;
+        } else {
+            PORT_Memcpy(newcx->savedData, data, len);
+            newcx->savedLength = len;
+        }
+    }
+
+    if (needFree)
+        PORT_Free(data);
+
+    if (rv != SECSuccess) {
+        PK11_DestroyContext(newcx, PR_TRUE);
+        return NULL;
+    }
+    return newcx;
+}
+
+/*
+ * save the current context state into a variable. Required to make FORTEZZA
+ * work.
+ */
+SECStatus
+PK11_SaveContext(PK11Context *cx, unsigned char *save, int *len, int saveLength)
+{
+    unsigned char *data = NULL;
+    CK_ULONG length = saveLength;
+
+    if (cx->ownSession) {
+        PK11_EnterContextMonitor(cx);
+        data = pk11_saveContextHelper(cx, save, &length);
+        PK11_ExitContextMonitor(cx);
+        if (data)
+            *len = length;
+    } else if ((unsigned)saveLength >= cx->savedLength) {
+        data = (unsigned char *)cx->savedData;
+        if (cx->savedData) {
+            PORT_Memcpy(save, cx->savedData, cx->savedLength);
+        }
+        *len = cx->savedLength;
+    }
+    if (data != NULL) {
+        if (cx->ownSession) {
+            PORT_ZFree(data, length);
+        }
+        return SECSuccess;
+    } else {
+        return SECFailure;
+    }
+}
+
+/* same as above, but may allocate the return buffer. */
+unsigned char *
+PK11_SaveContextAlloc(PK11Context *cx,
+                      unsigned char *preAllocBuf, unsigned int pabLen,
+                      unsigned int *stateLen)
+{
+    unsigned char *stateBuf = NULL;
+    unsigned long length = (unsigned long)pabLen;
+
+    if (cx->ownSession) {
+        PK11_EnterContextMonitor(cx);
+        stateBuf = pk11_saveContextHelper(cx, preAllocBuf, &length);
+        PK11_ExitContextMonitor(cx);
+        *stateLen = (stateBuf != NULL) ? length : 0;
+    } else {
+        if (pabLen < cx->savedLength) {
+            stateBuf = (unsigned char *)PORT_Alloc(cx->savedLength);
+            if (!stateBuf) {
+                return (unsigned char *)NULL;
+            }
+        } else {
+            stateBuf = preAllocBuf;
+        }
+        if (cx->savedData) {
+            PORT_Memcpy(stateBuf, cx->savedData, cx->savedLength);
+        }
+        *stateLen = cx->savedLength;
+    }
+    return stateBuf;
+}
+
+/*
+ * restore the context state into a new running context. Also required for
+ * FORTEZZA .
+ */
+SECStatus
+PK11_RestoreContext(PK11Context *cx, unsigned char *save, int len)
+{
+    SECStatus rv = SECSuccess;
+    if (cx->ownSession) {
+        PK11_EnterContextMonitor(cx);
+        pk11_Finalize(cx);
+        rv = pk11_restoreContext(cx, save, len);
+        PK11_ExitContextMonitor(cx);
+    } else {
+        PORT_Assert(cx->savedData != NULL);
+        if ((cx->savedData == NULL) || (cx->savedLength < (unsigned)len)) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            rv = SECFailure;
+        } else {
+            PORT_Memcpy(cx->savedData, save, len);
+            cx->savedLength = len;
+        }
+    }
+    return rv;
+}
+
+/*
+ * This is  to get FIPS compliance until we can convert
+ * libjar to use PK11_ hashing functions. It returns PR_FALSE
+ * if we can't get a PK11 Context.
+ */
+PRBool
+PK11_HashOK(SECOidTag algID)
+{
+    PK11Context *cx;
+
+    cx = PK11_CreateDigestContext(algID);
+    if (cx == NULL)
+        return PR_FALSE;
+    PK11_DestroyContext(cx, PR_TRUE);
+    return PR_TRUE;
+}
+
+/*
+ * start a new digesting or Mac'ing operation on this context
+ */
+SECStatus
+PK11_DigestBegin(PK11Context *cx)
+{
+    CK_MECHANISM mech_info;
+    SECStatus rv;
+
+    if (cx->init == PR_TRUE) {
+        return SECSuccess;
+    }
+
+    /*
+     * make sure the old context is clear first
+     */
+    PK11_EnterContextMonitor(cx);
+    pk11_Finalize(cx);
+
+    mech_info.mechanism = cx->type;
+    mech_info.pParameter = cx->param->data;
+    mech_info.ulParameterLen = cx->param->len;
+    rv = pk11_context_init(cx, &mech_info);
+    PK11_ExitContextMonitor(cx);
+
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    cx->init = PR_TRUE;
+    return SECSuccess;
+}
+
+SECStatus
+PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, const unsigned char *in,
+             PRInt32 len)
+{
+    PK11Context *context;
+    unsigned int max_length;
+    unsigned int out_length;
+    SECStatus rv;
+
+    /* len will be passed to PK11_DigestOp as unsigned. */
+    if (len < 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    context = PK11_CreateDigestContext(hashAlg);
+    if (context == NULL)
+        return SECFailure;
+
+    rv = PK11_DigestBegin(context);
+    if (rv != SECSuccess) {
+        PK11_DestroyContext(context, PR_TRUE);
+        return rv;
+    }
+
+    rv = PK11_DigestOp(context, in, len);
+    if (rv != SECSuccess) {
+        PK11_DestroyContext(context, PR_TRUE);
+        return rv;
+    }
+
+    /* XXX This really should have been an argument to this function! */
+    max_length = HASH_ResultLenByOidTag(hashAlg);
+    PORT_Assert(max_length);
+    if (!max_length)
+        max_length = HASH_LENGTH_MAX;
+
+    rv = PK11_DigestFinal(context, out, &out_length, max_length);
+    PK11_DestroyContext(context, PR_TRUE);
+    return rv;
+}
+
+/*
+ * execute a bulk encryption operation
+ */
+SECStatus
+PK11_CipherOp(PK11Context *context, unsigned char *out, int *outlen,
+              int maxout, const unsigned char *in, int inlen)
+{
+    CK_RV crv = CKR_OK;
+    CK_ULONG length = maxout;
+    CK_ULONG offset = 0;
+    SECStatus rv = SECSuccess;
+    unsigned char *saveOut = out;
+    unsigned char *allocOut = NULL;
+
+    /* if we ran out of session, we need to restore our previously stored
+     * state.
+     */
+    PK11_EnterContextMonitor(context);
+    if (!context->ownSession) {
+        rv = pk11_restoreContext(context, context->savedData,
+                                 context->savedLength);
+        if (rv != SECSuccess) {
+            PK11_ExitContextMonitor(context);
+            return rv;
+        }
+    }
+
+    /*
+     * The fortezza hack is to send 8 extra bytes on the first encrypted and
+     * lose them on the first decrypt.
+     */
+    if (context->fortezzaHack) {
+        unsigned char random[8];
+        if (context->operation == CKA_ENCRYPT) {
+            PK11_ExitContextMonitor(context);
+            rv = PK11_GenerateRandom(random, sizeof(random));
+            PK11_EnterContextMonitor(context);
+
+            /* since we are offseting the output, we can't encrypt back into
+             * the same buffer... allocate a temporary buffer just for this
+             * call. */
+            allocOut = out = (unsigned char *)PORT_Alloc(maxout);
+            if (out == NULL) {
+                PK11_ExitContextMonitor(context);
+                return SECFailure;
+            }
+            crv = PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session, random, sizeof(random), out, &length);
+
+            out += length;
+            maxout -= length;
+            offset = length;
+        } else if (context->operation == CKA_DECRYPT) {
+            length = sizeof(random);
+            crv = PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session, (CK_BYTE_PTR)in, sizeof(random), random, &length);
+            inlen -= length;
+            in += length;
+            context->fortezzaHack = PR_FALSE;
+        }
+    }
+
+    switch (context->operation) {
+        case CKA_ENCRYPT:
+            length = maxout;
+            crv = PK11_GETTAB(context->slot)->C_EncryptUpdate(context->session, (CK_BYTE_PTR)in, inlen, out, &length);
+            length += offset;
+            break;
+        case CKA_DECRYPT:
+            length = maxout;
+            crv = PK11_GETTAB(context->slot)->C_DecryptUpdate(context->session, (CK_BYTE_PTR)in, inlen, out, &length);
+            break;
+        default:
+            crv = CKR_OPERATION_NOT_INITIALIZED;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        *outlen = 0;
+        rv = SECFailure;
+    } else {
+        *outlen = length;
+    }
+
+    if (context->fortezzaHack) {
+        if (context->operation == CKA_ENCRYPT) {
+            PORT_Assert(allocOut);
+            PORT_Memcpy(saveOut, allocOut, length);
+            PORT_Free(allocOut);
+        }
+        context->fortezzaHack = PR_FALSE;
+    }
+
+    /*
+     * handle session starvation case.. use our last session to multiplex
+     */
+    if (!context->ownSession) {
+        context->savedData = pk11_saveContext(context, context->savedData,
+                                              &context->savedLength);
+        if (context->savedData == NULL)
+            rv = SECFailure;
+
+        /* clear out out session for others to use */
+        pk11_Finalize(context);
+    }
+    PK11_ExitContextMonitor(context);
+    return rv;
+}
+
+/*
+ * execute a digest/signature operation
+ */
+SECStatus
+PK11_DigestOp(PK11Context *context, const unsigned char *in, unsigned inLen)
+{
+    CK_RV crv = CKR_OK;
+    SECStatus rv = SECSuccess;
+
+    if (inLen == 0) {
+        return SECSuccess;
+    }
+    if (!in) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* if we ran out of session, we need to restore our previously stored
+     * state.
+     */
+    context->init = PR_FALSE;
+    PK11_EnterContextMonitor(context);
+    if (!context->ownSession) {
+        rv = pk11_restoreContext(context, context->savedData,
+                                 context->savedLength);
+        if (rv != SECSuccess) {
+            PK11_ExitContextMonitor(context);
+            return rv;
+        }
+    }
+
+    switch (context->operation) {
+        /* also for MAC'ing */
+        case CKA_SIGN:
+            crv = PK11_GETTAB(context->slot)->C_SignUpdate(context->session, (unsigned char *)in, inLen);
+            break;
+        case CKA_VERIFY:
+            crv = PK11_GETTAB(context->slot)->C_VerifyUpdate(context->session, (unsigned char *)in, inLen);
+            break;
+        case CKA_DIGEST:
+            crv = PK11_GETTAB(context->slot)->C_DigestUpdate(context->session, (unsigned char *)in, inLen);
+            break;
+        default:
+            crv = CKR_OPERATION_NOT_INITIALIZED;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        rv = SECFailure;
+    }
+
+    /*
+     * handle session starvation case.. use our last session to multiplex
+     */
+    if (!context->ownSession) {
+        context->savedData = pk11_saveContext(context, context->savedData,
+                                              &context->savedLength);
+        if (context->savedData == NULL)
+            rv = SECFailure;
+
+        /* clear out out session for others to use */
+        pk11_Finalize(context);
+    }
+    PK11_ExitContextMonitor(context);
+    return rv;
+}
+
+/*
+ * Digest a key if possible./
+ */
+SECStatus
+PK11_DigestKey(PK11Context *context, PK11SymKey *key)
+{
+    CK_RV crv = CKR_OK;
+    SECStatus rv = SECSuccess;
+    PK11SymKey *newKey = NULL;
+
+    if (!context || !key) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* if we ran out of session, we need to restore our previously stored
+     * state.
+     */
+    if (context->slot != key->slot) {
+        newKey = pk11_CopyToSlot(context->slot, CKM_SSL3_SHA1_MAC, CKA_SIGN, key);
+    } else {
+        newKey = PK11_ReferenceSymKey(key);
+    }
+
+    context->init = PR_FALSE;
+    PK11_EnterContextMonitor(context);
+    if (!context->ownSession) {
+        rv = pk11_restoreContext(context, context->savedData,
+                                 context->savedLength);
+        if (rv != SECSuccess) {
+            PK11_ExitContextMonitor(context);
+            PK11_FreeSymKey(newKey);
+            return rv;
+        }
+    }
+
+    if (newKey == NULL) {
+        crv = CKR_KEY_TYPE_INCONSISTENT;
+        if (key->data.data) {
+            crv = PK11_GETTAB(context->slot)->C_DigestUpdate(context->session, key->data.data, key->data.len);
+        }
+    } else {
+        crv = PK11_GETTAB(context->slot)->C_DigestKey(context->session, newKey->objectID);
+    }
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        rv = SECFailure;
+    }
+
+    /*
+     * handle session starvation case.. use our last session to multiplex
+     */
+    if (!context->ownSession) {
+        context->savedData = pk11_saveContext(context, context->savedData,
+                                              &context->savedLength);
+        if (context->savedData == NULL)
+            rv = SECFailure;
+
+        /* clear out out session for others to use */
+        pk11_Finalize(context);
+    }
+    PK11_ExitContextMonitor(context);
+    if (newKey)
+        PK11_FreeSymKey(newKey);
+    return rv;
+}
+
+/*
+ * externally callable version of the lowercase pk11_finalize().
+ */
+SECStatus
+PK11_Finalize(PK11Context *context)
+{
+    SECStatus rv;
+
+    PK11_EnterContextMonitor(context);
+    rv = pk11_Finalize(context);
+    PK11_ExitContextMonitor(context);
+    return rv;
+}
+
+/*
+ * clean up a cipher operation, so the session can be used by
+ * someone new.
+ */
+SECStatus
+pk11_Finalize(PK11Context *context)
+{
+    CK_ULONG count = 0;
+    CK_RV crv;
+    unsigned char stackBuf[256];
+    unsigned char *buffer = NULL;
+
+    if (!context->ownSession) {
+        return SECSuccess;
+    }
+
+finalize:
+    switch (context->operation) {
+        case CKA_ENCRYPT:
+            crv = PK11_GETTAB(context->slot)->C_EncryptFinal(context->session, buffer, &count);
+            break;
+        case CKA_DECRYPT:
+            crv = PK11_GETTAB(context->slot)->C_DecryptFinal(context->session, buffer, &count);
+            break;
+        case CKA_SIGN:
+            crv = PK11_GETTAB(context->slot)->C_SignFinal(context->session, buffer, &count);
+            break;
+        case CKA_VERIFY:
+            crv = PK11_GETTAB(context->slot)->C_VerifyFinal(context->session, buffer, count);
+            break;
+        case CKA_DIGEST:
+            crv = PK11_GETTAB(context->slot)->C_DigestFinal(context->session, buffer, &count);
+            break;
+        default:
+            crv = CKR_OPERATION_NOT_INITIALIZED;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        if (buffer != stackBuf) {
+            PORT_Free(buffer);
+        }
+        if (crv == CKR_OPERATION_NOT_INITIALIZED) {
+            /* if there's no operation, it is finalized */
+            return SECSuccess;
+        }
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    /* try to finalize the session with a buffer */
+    if (buffer == NULL) {
+        if (count <= sizeof stackBuf) {
+            buffer = stackBuf;
+        } else {
+            buffer = PORT_Alloc(count);
+            if (buffer == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                return SECFailure;
+            }
+        }
+        goto finalize;
+    }
+    if (buffer != stackBuf) {
+        PORT_Free(buffer);
+    }
+    return SECSuccess;
+}
+
+/*
+ *  Return the final digested or signed data...
+ *  this routine can either take pre initialized data, or allocate data
+ *  either out of an arena or out of the standard heap.
+ */
+SECStatus
+PK11_DigestFinal(PK11Context *context, unsigned char *data,
+                 unsigned int *outLen, unsigned int length)
+{
+    CK_ULONG len;
+    CK_RV crv;
+    SECStatus rv;
+
+    /* if we ran out of session, we need to restore our previously stored
+     * state.
+     */
+    PK11_EnterContextMonitor(context);
+    if (!context->ownSession) {
+        rv = pk11_restoreContext(context, context->savedData,
+                                 context->savedLength);
+        if (rv != SECSuccess) {
+            PK11_ExitContextMonitor(context);
+            return rv;
+        }
+    }
+
+    len = length;
+    switch (context->operation) {
+        case CKA_SIGN:
+            crv = PK11_GETTAB(context->slot)->C_SignFinal(context->session, data, &len);
+            break;
+        case CKA_VERIFY:
+            crv = PK11_GETTAB(context->slot)->C_VerifyFinal(context->session, data, len);
+            break;
+        case CKA_DIGEST:
+            crv = PK11_GETTAB(context->slot)->C_DigestFinal(context->session, data, &len);
+            break;
+        case CKA_ENCRYPT:
+            crv = PK11_GETTAB(context->slot)->C_EncryptFinal(context->session, data, &len);
+            break;
+        case CKA_DECRYPT:
+            crv = PK11_GETTAB(context->slot)->C_DecryptFinal(context->session, data, &len);
+            break;
+        default:
+            crv = CKR_OPERATION_NOT_INITIALIZED;
+            break;
+    }
+    PK11_ExitContextMonitor(context);
+
+    *outLen = (unsigned int)len;
+    context->init = PR_FALSE; /* allow Begin to start up again */
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
diff --git a/nss/lib/pk11wrap/pk11err.c b/nss/lib/pk11wrap/pk11err.c
new file mode 100644
index 0000000..db6d244
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11err.c
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * this file maps PKCS11 Errors into SECErrors
+ *  This is an information reducing process, since most errors are reflected
+ *  back to the user (the user doesn't care about invalid flags, or active
+ *  operations). If any of these errors need more detail in the upper layers
+ *  which call PK11 library functions, we can add more SEC_ERROR_XXX functions
+ *  and change there mappings here.
+ *
+ *  Some PKCS11 errors are mapped to SEC_ERROR_LIBRARY_FAILURE intentionally
+ *  because they indicate that there is a bug in the library (either NSS or
+ *  the token).
+ */
+#include "pkcs11t.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "prerror.h"
+
+#ifdef PK11_ERROR_USE_ARRAY
+
+/*
+ * build a static array of entries...
+ */
+static struct {
+    CK_RV pk11_error;
+    int sec_error;
+} pk11_error_map = {
+#define MAPERROR(x, y) { x, y },
+
+#else
+
+/* the default is to use a big switch statement */
+int
+PK11_MapError(CK_RV rv)
+{
+
+    switch (rv) {
+#define MAPERROR(x, y) \
+    case x:            \
+        return y;
+
+#endif
+
+    /* the guts mapping */
+    /* clang-format off */
+    MAPERROR(CKR_OK, 0)
+    MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
+    MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
+    MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS)
+    MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
+    MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
+    MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN)
+    MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN)
+    MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_PKCS11_DEVICE_ERROR)
+    MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
+    MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)
+    MAPERROR(CKR_DOMAIN_PARAMS_INVALID, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_ENCRYPTED_DATA_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_ENCRYPTED_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_FUNCTION_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_FUNCTION_FAILED, SEC_ERROR_PKCS11_FUNCTION_FAILED)
+    MAPERROR(CKR_FUNCTION_NOT_PARALLEL, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_FUNCTION_NOT_SUPPORTED, PR_NOT_IMPLEMENTED_ERROR)
+    MAPERROR(CKR_GENERAL_ERROR, SEC_ERROR_PKCS11_GENERAL_ERROR)
+    MAPERROR(CKR_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_MECHANISM_INVALID, SEC_ERROR_INVALID_ALGORITHM)
+    MAPERROR(CKR_MECHANISM_PARAM_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_NO_EVENT, SEC_ERROR_NO_EVENT)
+    MAPERROR(CKR_OBJECT_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_OPERATION_ACTIVE, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_OPERATION_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_PIN_INCORRECT, SEC_ERROR_BAD_PASSWORD)
+    MAPERROR(CKR_PIN_INVALID, SEC_ERROR_INVALID_PASSWORD)
+    MAPERROR(CKR_PIN_LEN_RANGE, SEC_ERROR_INVALID_PASSWORD)
+    MAPERROR(CKR_PIN_EXPIRED, SEC_ERROR_EXPIRED_PASSWORD)
+    MAPERROR(CKR_PIN_LOCKED, SEC_ERROR_LOCKED_PASSWORD)
+    MAPERROR(CKR_SESSION_CLOSED, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_SESSION_COUNT, SEC_ERROR_NO_MEMORY) /* XXXX? */
+    MAPERROR(CKR_SESSION_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_SESSION_PARALLEL_NOT_SUPPORTED, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_SESSION_READ_ONLY, SEC_ERROR_READ_ONLY)
+    MAPERROR(CKR_SIGNATURE_INVALID, SEC_ERROR_BAD_SIGNATURE)
+    MAPERROR(CKR_SIGNATURE_LEN_RANGE, SEC_ERROR_BAD_SIGNATURE)
+    MAPERROR(CKR_TEMPLATE_INCOMPLETE, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_TEMPLATE_INCONSISTENT, SEC_ERROR_BAD_DATA)
+    MAPERROR(CKR_TOKEN_NOT_PRESENT, SEC_ERROR_NO_TOKEN)
+    MAPERROR(CKR_TOKEN_NOT_RECOGNIZED, SEC_ERROR_IO)
+    MAPERROR(CKR_TOKEN_WRITE_PROTECTED, SEC_ERROR_READ_ONLY)
+    MAPERROR(CKR_UNWRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_UNWRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_USER_ALREADY_LOGGED_IN, 0)
+    MAPERROR(CKR_USER_NOT_LOGGED_IN, SEC_ERROR_TOKEN_NOT_LOGGED_IN)
+    MAPERROR(CKR_USER_PIN_NOT_INITIALIZED, SEC_ERROR_NO_TOKEN)
+    MAPERROR(CKR_USER_TYPE_INVALID, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_WRAPPED_KEY_INVALID, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_WRAPPED_KEY_LEN_RANGE, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_WRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_WRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
+    MAPERROR(CKR_VENDOR_DEFINED, SEC_ERROR_LIBRARY_FAILURE)
+    MAPERROR(CKR_NETSCAPE_CERTDB_FAILED, SEC_ERROR_BAD_DATABASE)
+    MAPERROR(CKR_NETSCAPE_KEYDB_FAILED, SEC_ERROR_BAD_DATABASE)
+    MAPERROR(CKR_CANT_LOCK, SEC_ERROR_INCOMPATIBLE_PKCS11)
+/* clang-format on */
+
+#ifdef PK11_ERROR_USE_ARRAY
+};
+
+int
+PK11_MapError(CK_RV rv)
+{
+    int size = sizeof(pk11_error_map) / sizeof(pk11_error_map[0]);
+
+    for (i = 0; i < size; i++) {
+        if (pk11_error_map[i].pk11_error == rv) {
+            return pk11_error_map[i].sec_error;
+        }
+    }
+    return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
+}
+
+#else
+
+    /* clang-format off */
+    default :
+        break;
+/* clang-format on */
+}
+return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
+}
+
+#endif
diff --git a/nss/lib/pk11wrap/pk11func.h b/nss/lib/pk11wrap/pk11func.h
new file mode 100644
index 0000000..331c0eb
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11func.h
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _PK11FUNC_H_
+#define _PK11FUNC_H_
+
+/*
+ * The original pk11func.h had a mix of public and private functions.
+ * Continue to provide those for backward compatibility.  New code should
+ * include pk11pub.h instead of pk11func.h.
+ */
+#include "pk11pub.h"
+#include "pk11priv.h"
+
+#endif
diff --git a/nss/lib/pk11wrap/pk11kea.c b/nss/lib/pk11wrap/pk11kea.c
new file mode 100644
index 0000000..331a19c
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11kea.c
@@ -0,0 +1,140 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file implements the Symkey wrapper and the PKCS context
+ * Interfaces.
+ */
+
+#include "seccomon.h"
+#include "secmod.h"
+#include "nssilock.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "key.h"
+#include "secasn1.h"
+#include "sechash.h"
+#include "cert.h"
+#include "secerr.h"
+
+/*
+ * find an RSA public key on a card
+ */
+static CK_OBJECT_HANDLE
+pk11_FindRSAPubKey(PK11SlotInfo *slot)
+{
+    CK_KEY_TYPE key_type = CKK_RSA;
+    CK_OBJECT_CLASS class_type = CKO_PUBLIC_KEY;
+    CK_ATTRIBUTE theTemplate[2];
+    int template_count = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    CK_ATTRIBUTE *attrs = theTemplate;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &class_type, sizeof(class_type));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &key_type, sizeof(key_type));
+    attrs++;
+    template_count = attrs - theTemplate;
+    PR_ASSERT(template_count <= sizeof(theTemplate) / sizeof(CK_ATTRIBUTE));
+
+    return pk11_FindObjectByTemplate(slot, theTemplate, template_count);
+}
+
+PK11SymKey *
+pk11_KeyExchange(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                 CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags,
+                 PRBool isPerm, PK11SymKey *symKey)
+{
+    PK11SymKey *newSymKey = NULL;
+    SECStatus rv;
+    /* performance improvement can go here --- use a generated key at startup
+     * to generate a per token wrapping key. If it exists, use it, otherwise
+     * do a full key exchange. */
+
+    /* find a common Key Exchange algorithm */
+    /* RSA */
+    if (PK11_DoesMechanism(symKey->slot, CKM_RSA_PKCS) &&
+        PK11_DoesMechanism(slot, CKM_RSA_PKCS)) {
+        CK_OBJECT_HANDLE pubKeyHandle = CK_INVALID_HANDLE;
+        CK_OBJECT_HANDLE privKeyHandle = CK_INVALID_HANDLE;
+        SECKEYPublicKey *pubKey = NULL;
+        SECKEYPrivateKey *privKey = NULL;
+        SECItem wrapData;
+        unsigned int symKeyLength = PK11_GetKeyLength(symKey);
+
+        wrapData.data = NULL;
+
+        /* find RSA Public Key on target */
+        pubKeyHandle = pk11_FindRSAPubKey(slot);
+        if (pubKeyHandle != CK_INVALID_HANDLE) {
+            privKeyHandle = PK11_MatchItem(slot, pubKeyHandle, CKO_PRIVATE_KEY);
+        }
+
+        /* if no key exists, generate a key pair */
+        if (privKeyHandle == CK_INVALID_HANDLE) {
+            PK11RSAGenParams rsaParams;
+
+            if (symKeyLength > 53) /* bytes */ {
+                /* we'd have to generate an RSA key pair > 512 bits long,
+                ** and that's too costly.  Don't even try.
+                */
+                PORT_SetError(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY);
+                goto rsa_failed;
+            }
+            rsaParams.keySizeInBits =
+                (symKeyLength > 21 || symKeyLength == 0) ? 512 : 256;
+            rsaParams.pe = 0x10001;
+            privKey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
+                                           &rsaParams, &pubKey, PR_FALSE, PR_TRUE, symKey->cx);
+        } else {
+            /* if keys exist, build SECKEY data structures for them */
+            privKey = PK11_MakePrivKey(slot, nullKey, PR_TRUE, privKeyHandle,
+                                       symKey->cx);
+            if (privKey != NULL) {
+                pubKey = PK11_ExtractPublicKey(slot, rsaKey, pubKeyHandle);
+                if (pubKey && pubKey->pkcs11Slot) {
+                    PK11_FreeSlot(pubKey->pkcs11Slot);
+                    pubKey->pkcs11Slot = NULL;
+                    pubKey->pkcs11ID = CK_INVALID_HANDLE;
+                }
+            }
+        }
+        if (privKey == NULL)
+            goto rsa_failed;
+        if (pubKey == NULL)
+            goto rsa_failed;
+
+        wrapData.len = SECKEY_PublicKeyStrength(pubKey);
+        if (!wrapData.len)
+            goto rsa_failed;
+        wrapData.data = PORT_Alloc(wrapData.len);
+        if (wrapData.data == NULL)
+            goto rsa_failed;
+
+        /* now wrap the keys in and out */
+        rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, pubKey, symKey, &wrapData);
+        if (rv == SECSuccess) {
+            newSymKey = PK11_PubUnwrapSymKeyWithFlagsPerm(privKey,
+                                                          &wrapData, type, operation,
+                                                          symKeyLength, flags, isPerm);
+            /* make sure we wound up where we wanted to be! */
+            if (newSymKey && newSymKey->slot != slot) {
+                PK11_FreeSymKey(newSymKey);
+                newSymKey = NULL;
+            }
+        }
+    rsa_failed:
+        if (wrapData.data != NULL)
+            PORT_Free(wrapData.data);
+        if (privKey != NULL)
+            SECKEY_DestroyPrivateKey(privKey);
+        if (pubKey != NULL)
+            SECKEY_DestroyPublicKey(pubKey);
+
+        return newSymKey;
+    }
+    PORT_SetError(SEC_ERROR_NO_MODULE);
+    return NULL;
+}
diff --git a/nss/lib/pk11wrap/pk11list.c b/nss/lib/pk11wrap/pk11list.c
new file mode 100644
index 0000000..aaf29f6
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11list.c
@@ -0,0 +1,99 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Locking and queue management primatives
+ *
+ */
+
+#include "seccomon.h"
+#include "nssilock.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "nssrwlk.h"
+
+/*
+ * create a new lock for a Module List
+ */
+SECMODListLock *
+SECMOD_NewListLock()
+{
+    return NSSRWLock_New(10, "moduleListLock");
+}
+
+/*
+ * destroy the lock
+ */
+void
+SECMOD_DestroyListLock(SECMODListLock *lock)
+{
+    NSSRWLock_Destroy(lock);
+}
+
+/*
+ * Lock the List for Read: NOTE: this assumes the reading isn't so common
+ * the writing will be starved.
+ */
+void
+SECMOD_GetReadLock(SECMODListLock *modLock)
+{
+    NSSRWLock_LockRead(modLock);
+}
+
+/*
+ * Release the Read lock
+ */
+void
+SECMOD_ReleaseReadLock(SECMODListLock *modLock)
+{
+    NSSRWLock_UnlockRead(modLock);
+}
+
+/*
+ * lock the list for Write
+ */
+void
+SECMOD_GetWriteLock(SECMODListLock *modLock)
+{
+    NSSRWLock_LockWrite(modLock);
+}
+
+/*
+ * Release the Write Lock: NOTE, this code is pretty inefficient if you have
+ * lots of write collisions.
+ */
+void
+SECMOD_ReleaseWriteLock(SECMODListLock *modLock)
+{
+    NSSRWLock_UnlockWrite(modLock);
+}
+
+/*
+ * must Hold the Write lock
+ */
+void
+SECMOD_RemoveList(SECMODModuleList **parent, SECMODModuleList *child)
+{
+    *parent = child->next;
+    child->next = NULL;
+}
+
+/*
+ * if lock is not specified, it must already be held
+ */
+void
+SECMOD_AddList(SECMODModuleList *parent, SECMODModuleList *child,
+               SECMODListLock *lock)
+{
+    if (lock) {
+        SECMOD_GetWriteLock(lock);
+    }
+
+    child->next = parent->next;
+    parent->next = child;
+
+    if (lock) {
+        SECMOD_ReleaseWriteLock(lock);
+    }
+}
diff --git a/nss/lib/pk11wrap/pk11load.c b/nss/lib/pk11wrap/pk11load.c
new file mode 100644
index 0000000..91339fa
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11load.c
@@ -0,0 +1,657 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * The following handles the loading, unloading and management of
+ * various PCKS #11 modules
+ */
+#define FORCE_PR_LOG 1
+#include "seccomon.h"
+#include "pkcs11.h"
+#include "secmod.h"
+#include "prlink.h"
+#include "pk11func.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "nssilock.h"
+#include "secerr.h"
+#include "prenv.h"
+#include "utilparst.h"
+#include "prio.h"
+#include "prprf.h"
+#include <stdio.h>
+#include "prsystem.h"
+
+#define DEBUG_MODULE 1
+
+#ifdef DEBUG_MODULE
+static char *modToDBG = NULL;
+
+#include "debug_module.c"
+#endif
+
+/* build the PKCS #11 2.01 lock files */
+CK_RV PR_CALLBACK
+secmodCreateMutext(CK_VOID_PTR_PTR pmutex)
+{
+    *pmutex = (CK_VOID_PTR)PZ_NewLock(nssILockOther);
+    if (*pmutex)
+        return CKR_OK;
+    return CKR_HOST_MEMORY;
+}
+
+CK_RV PR_CALLBACK
+secmodDestroyMutext(CK_VOID_PTR mutext)
+{
+    PZ_DestroyLock((PZLock *)mutext);
+    return CKR_OK;
+}
+
+CK_RV PR_CALLBACK
+secmodLockMutext(CK_VOID_PTR mutext)
+{
+    PZ_Lock((PZLock *)mutext);
+    return CKR_OK;
+}
+
+CK_RV PR_CALLBACK
+secmodUnlockMutext(CK_VOID_PTR mutext)
+{
+    PZ_Unlock((PZLock *)mutext);
+    return CKR_OK;
+}
+
+static SECMODModuleID nextModuleID = 1;
+static const CK_C_INITIALIZE_ARGS secmodLockFunctions = {
+    secmodCreateMutext, secmodDestroyMutext, secmodLockMutext,
+    secmodUnlockMutext, CKF_LIBRARY_CANT_CREATE_OS_THREADS |
+                            CKF_OS_LOCKING_OK,
+    NULL
+};
+static const CK_C_INITIALIZE_ARGS secmodNoLockArgs = {
+    NULL, NULL, NULL, NULL,
+    CKF_LIBRARY_CANT_CREATE_OS_THREADS, NULL
+};
+
+static PRBool loadSingleThreadedModules = PR_TRUE;
+static PRBool enforceAlreadyInitializedError = PR_TRUE;
+static PRBool finalizeModules = PR_TRUE;
+
+/* set global options for NSS PKCS#11 module loader */
+SECStatus
+pk11_setGlobalOptions(PRBool noSingleThreadedModules,
+                      PRBool allowAlreadyInitializedModules,
+                      PRBool dontFinalizeModules)
+{
+    if (noSingleThreadedModules) {
+        loadSingleThreadedModules = PR_FALSE;
+    } else {
+        loadSingleThreadedModules = PR_TRUE;
+    }
+    if (allowAlreadyInitializedModules) {
+        enforceAlreadyInitializedError = PR_FALSE;
+    } else {
+        enforceAlreadyInitializedError = PR_TRUE;
+    }
+    if (dontFinalizeModules) {
+        finalizeModules = PR_FALSE;
+    } else {
+        finalizeModules = PR_TRUE;
+    }
+    return SECSuccess;
+}
+
+PRBool
+pk11_getFinalizeModulesOption(void)
+{
+    return finalizeModules;
+}
+
+/*
+ * Allow specification loading the same module more than once at init time.
+ * This enables 2 things.
+ *
+ *    1) we can load additional databases by manipulating secmod.db/pkcs11.txt.
+ *    2) we can handle the case where some library has already initialized NSS
+ *    before the main application.
+ *
+ * oldModule is the module we have already initialized.
+ * char *modulespec is the full module spec for the library we want to
+ * initialize.
+ */
+static SECStatus
+secmod_handleReload(SECMODModule *oldModule, SECMODModule *newModule)
+{
+    PK11SlotInfo *slot;
+    char *modulespec;
+    char *newModuleSpec;
+    char **children;
+    CK_SLOT_ID *ids;
+    SECMODConfigList *conflist = NULL;
+    SECStatus rv = SECFailure;
+    int count = 0;
+
+    /* first look for tokens= key words from the module spec */
+    modulespec = newModule->libraryParams;
+    newModuleSpec = secmod_ParseModuleSpecForTokens(PR_TRUE,
+                                                    newModule->isFIPS, modulespec, &children, &ids);
+    if (!newModuleSpec) {
+        return SECFailure;
+    }
+
+    /*
+     * We are now trying to open a new slot on an already loaded module.
+     * If that slot represents a cert/key database, we don't want to open
+     * multiple copies of that same database. Unfortunately we understand
+     * the softoken flags well enough to be able to do this, so we can only get
+     * the list of already loaded databases if we are trying to open another
+     * internal module.
+     */
+    if (oldModule->internal) {
+        conflist = secmod_GetConfigList(oldModule->isFIPS,
+                                        oldModule->libraryParams, &count);
+    }
+
+    /* don't open multiple of the same db */
+    if (conflist && secmod_MatchConfigList(newModuleSpec, conflist, count)) {
+        rv = SECSuccess;
+        goto loser;
+    }
+    slot = SECMOD_OpenNewSlot(oldModule, newModuleSpec);
+    if (slot) {
+        int newID;
+        char **thisChild;
+        CK_SLOT_ID *thisID;
+        char *oldModuleSpec;
+
+        if (secmod_IsInternalKeySlot(newModule)) {
+            pk11_SetInternalKeySlotIfFirst(slot);
+        }
+        newID = slot->slotID;
+        PK11_FreeSlot(slot);
+        for (thisChild = children, thisID = ids; thisChild && *thisChild;
+             thisChild++, thisID++) {
+            if (conflist &&
+                secmod_MatchConfigList(*thisChild, conflist, count)) {
+                *thisID = (CK_SLOT_ID)-1;
+                continue;
+            }
+            slot = SECMOD_OpenNewSlot(oldModule, *thisChild);
+            if (slot) {
+                *thisID = slot->slotID;
+                PK11_FreeSlot(slot);
+            } else {
+                *thisID = (CK_SLOT_ID)-1;
+            }
+        }
+
+        /* update the old module initialization string in case we need to
+         * shutdown and reinit the whole mess (this is rare, but can happen
+         * when trying to stop smart card insertion/removal threads)... */
+        oldModuleSpec = secmod_MkAppendTokensList(oldModule->arena,
+                                                  oldModule->libraryParams, newModuleSpec, newID,
+                                                  children, ids);
+        if (oldModuleSpec) {
+            oldModule->libraryParams = oldModuleSpec;
+        }
+
+        rv = SECSuccess;
+    }
+
+loser:
+    secmod_FreeChildren(children, ids);
+    PORT_Free(newModuleSpec);
+    if (conflist) {
+        secmod_FreeConfigList(conflist, count);
+    }
+    return rv;
+}
+
+/*
+ * collect the steps we need to initialize a module in a single function
+ */
+SECStatus
+secmod_ModuleInit(SECMODModule *mod, SECMODModule **reload,
+                  PRBool *alreadyLoaded)
+{
+    CK_C_INITIALIZE_ARGS moduleArgs;
+    CK_VOID_PTR pInitArgs;
+    CK_RV crv;
+
+    if (reload) {
+        *reload = NULL;
+    }
+
+    if (!mod || !alreadyLoaded) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (mod->libraryParams == NULL) {
+        if (mod->isThreadSafe) {
+            pInitArgs = (void *)&secmodLockFunctions;
+        } else {
+            pInitArgs = NULL;
+        }
+    } else {
+        if (mod->isThreadSafe) {
+            moduleArgs = secmodLockFunctions;
+        } else {
+            moduleArgs = secmodNoLockArgs;
+        }
+        moduleArgs.LibraryParameters = (void *)mod->libraryParams;
+        pInitArgs = &moduleArgs;
+    }
+    crv = PK11_GETTAB(mod)->C_Initialize(pInitArgs);
+    if (CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) {
+        SECMODModule *oldModule = NULL;
+
+        /* Library has already been loaded once, if caller expects it, and it
+         * has additional configuration, try reloading it as well. */
+        if (reload != NULL && mod->libraryParams) {
+            oldModule = secmod_FindModuleByFuncPtr(mod->functionList);
+        }
+        /* Library has been loaded by NSS. It means it may be capable of
+         * reloading */
+        if (oldModule) {
+            SECStatus rv;
+            rv = secmod_handleReload(oldModule, mod);
+            if (rv == SECSuccess) {
+                /* This module should go away soon, since we've
+                 * simply expanded the slots on the old module.
+                 * When it goes away, it should not Finalize since
+                 * that will close our old module as well. Setting
+                 * the function list to NULL will prevent that close */
+                mod->functionList = NULL;
+                *reload = oldModule;
+                return SECSuccess;
+            }
+            SECMOD_DestroyModule(oldModule);
+        }
+        /* reload not possible, fall back to old semantics */
+        if (!enforceAlreadyInitializedError) {
+            *alreadyLoaded = PR_TRUE;
+            return SECSuccess;
+        }
+    }
+    if (crv != CKR_OK) {
+        if (!mod->isThreadSafe ||
+            crv == CKR_NETSCAPE_CERTDB_FAILED ||
+            crv == CKR_NETSCAPE_KEYDB_FAILED) {
+            PORT_SetError(PK11_MapError(crv));
+            return SECFailure;
+        }
+        /* If we had attempted to init a single threaded module "with"
+         * parameters and it failed, should we retry "without" parameters?
+         * (currently we don't retry in this scenario) */
+
+        if (!loadSingleThreadedModules) {
+            PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11);
+            return SECFailure;
+        }
+        /* If we arrive here, the module failed a ThreadSafe init. */
+        mod->isThreadSafe = PR_FALSE;
+        if (!mod->libraryParams) {
+            pInitArgs = NULL;
+        } else {
+            moduleArgs = secmodNoLockArgs;
+            moduleArgs.LibraryParameters = (void *)mod->libraryParams;
+            pInitArgs = &moduleArgs;
+        }
+        crv = PK11_GETTAB(mod)->C_Initialize(pInitArgs);
+        if ((CKR_CRYPTOKI_ALREADY_INITIALIZED == crv) &&
+            (!enforceAlreadyInitializedError)) {
+            *alreadyLoaded = PR_TRUE;
+            return SECSuccess;
+        }
+        if (crv != CKR_OK) {
+            PORT_SetError(PK11_MapError(crv));
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+/*
+ * set the hasRootCerts flags in the module so it can be stored back
+ * into the database.
+ */
+void
+SECMOD_SetRootCerts(PK11SlotInfo *slot, SECMODModule *mod)
+{
+    PK11PreSlotInfo *psi = NULL;
+    int i;
+
+    if (slot->hasRootCerts) {
+        for (i = 0; i < mod->slotInfoCount; i++) {
+            if (slot->slotID == mod->slotInfo[i].slotID) {
+                psi = &mod->slotInfo[i];
+                break;
+            }
+        }
+        if (psi == NULL) {
+            /* allocate more slots */
+            PK11PreSlotInfo *psi_list = (PK11PreSlotInfo *)
+                PORT_ArenaAlloc(mod->arena,
+                                (mod->slotInfoCount + 1) * sizeof(PK11PreSlotInfo));
+            /* copy the old ones */
+            if (mod->slotInfoCount > 0) {
+                PORT_Memcpy(psi_list, mod->slotInfo,
+                            (mod->slotInfoCount) * sizeof(PK11PreSlotInfo));
+            }
+            /* assign psi to the last new slot */
+            psi = &psi_list[mod->slotInfoCount];
+            psi->slotID = slot->slotID;
+            psi->askpw = 0;
+            psi->timeout = 0;
+            psi->defaultFlags = 0;
+
+            /* increment module count & store new list */
+            mod->slotInfo = psi_list;
+            mod->slotInfoCount++;
+        }
+        psi->hasRootCerts = 1;
+    }
+}
+
+#ifndef NSS_TEST_BUILD
+static const char *my_shlib_name =
+    SHLIB_PREFIX "nss" SHLIB_VERSION "." SHLIB_SUFFIX;
+static const char *softoken_shlib_name =
+    SHLIB_PREFIX "softokn" SOFTOKEN_SHLIB_VERSION "." SHLIB_SUFFIX;
+static const PRCallOnceType pristineCallOnce;
+static PRCallOnceType loadSoftokenOnce;
+static PRLibrary *softokenLib;
+static PRInt32 softokenLoadCount;
+
+/* This function must be run only once. */
+/*  determine if hybrid platform, then actually load the DSO. */
+static PRStatus
+softoken_LoadDSO(void)
+{
+    PRLibrary *handle;
+
+    handle = PORT_LoadLibraryFromOrigin(my_shlib_name,
+                                        (PRFuncPtr)&softoken_LoadDSO,
+                                        softoken_shlib_name);
+    if (handle) {
+        softokenLib = handle;
+        return PR_SUCCESS;
+    }
+    return PR_FAILURE;
+}
+#else
+CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList);
+char **NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args);
+#endif
+
+/*
+ * load a new module into our address space and initialize it.
+ */
+SECStatus
+secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule)
+{
+    PRLibrary *library = NULL;
+    CK_C_GetFunctionList entry = NULL;
+    CK_INFO info;
+    CK_ULONG slotCount = 0;
+    SECStatus rv;
+    PRBool alreadyLoaded = PR_FALSE;
+    char *disableUnload = NULL;
+
+    if (mod->loaded)
+        return SECSuccess;
+
+    /* internal modules get loaded from their internal list */
+    if (mod->internal && (mod->dllName == NULL)) {
+#ifdef NSS_TEST_BUILD
+        entry = (CK_C_GetFunctionList)NSC_GetFunctionList;
+#else
+        /*
+         * Loads softoken as a dynamic library,
+         * even though the rest of NSS assumes this as the "internal" module.
+         */
+        if (!softokenLib &&
+            PR_SUCCESS != PR_CallOnce(&loadSoftokenOnce, &softoken_LoadDSO))
+            return SECFailure;
+
+        PR_ATOMIC_INCREMENT(&softokenLoadCount);
+
+        if (mod->isFIPS) {
+            entry = (CK_C_GetFunctionList)
+                PR_FindSymbol(softokenLib, "FC_GetFunctionList");
+        } else {
+            entry = (CK_C_GetFunctionList)
+                PR_FindSymbol(softokenLib, "NSC_GetFunctionList");
+        }
+
+        if (!entry)
+            return SECFailure;
+#endif
+
+        if (mod->isModuleDB) {
+            mod->moduleDBFunc = (CK_C_GetFunctionList)
+#ifdef NSS_TEST_BUILD
+                NSC_ModuleDBFunc;
+#else
+                PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc");
+#endif
+        }
+
+        if (mod->moduleDBOnly) {
+            mod->loaded = PR_TRUE;
+            return SECSuccess;
+        }
+    } else {
+        /* Not internal, load the DLL and look up C_GetFunctionList */
+        if (mod->dllName == NULL) {
+            return SECFailure;
+        }
+
+        /* load the library. If this succeeds, then we have to remember to
+         * unload the library if anything goes wrong from here on out...
+         */
+        library = PR_LoadLibrary(mod->dllName);
+        mod->library = (void *)library;
+
+        if (library == NULL) {
+            return SECFailure;
+        }
+
+        /*
+         * now we need to get the entry point to find the function pointers
+         */
+        if (!mod->moduleDBOnly) {
+            entry = (CK_C_GetFunctionList)
+                PR_FindSymbol(library, "C_GetFunctionList");
+        }
+        if (mod->isModuleDB) {
+            mod->moduleDBFunc = (void *)
+                PR_FindSymbol(library, "NSS_ReturnModuleSpecData");
+        }
+        if (mod->moduleDBFunc == NULL)
+            mod->isModuleDB = PR_FALSE;
+        if (entry == NULL) {
+            if (mod->isModuleDB) {
+                mod->loaded = PR_TRUE;
+                mod->moduleDBOnly = PR_TRUE;
+                return SECSuccess;
+            }
+            PR_UnloadLibrary(library);
+            return SECFailure;
+        }
+    }
+
+    /*
+     * We need to get the function list
+     */
+    if ((*entry)((CK_FUNCTION_LIST_PTR *)&mod->functionList) != CKR_OK)
+        goto fail;
+
+#ifdef DEBUG_MODULE
+    if (PR_TRUE) {
+        modToDBG = PR_GetEnvSecure("NSS_DEBUG_PKCS11_MODULE");
+        if (modToDBG && strcmp(mod->commonName, modToDBG) == 0) {
+            mod->functionList = (void *)nss_InsertDeviceLog(
+                (CK_FUNCTION_LIST_PTR)mod->functionList);
+        }
+    }
+#endif
+
+    mod->isThreadSafe = PR_TRUE;
+
+    /* Now we initialize the module */
+    rv = secmod_ModuleInit(mod, oldModule, &alreadyLoaded);
+    if (rv != SECSuccess) {
+        goto fail;
+    }
+
+    /* module has been reloaded, this module itself is done,
+     * return to the caller */
+    if (mod->functionList == NULL) {
+        mod->loaded = PR_TRUE; /* technically the module is loaded.. */
+        return SECSuccess;
+    }
+
+    /* check the version number */
+    if (PK11_GETTAB(mod)->C_GetInfo(&info) != CKR_OK)
+        goto fail2;
+    if (info.cryptokiVersion.major != 2)
+        goto fail2;
+    /* all 2.0 are a priori *not* thread safe */
+    if (info.cryptokiVersion.minor < 1) {
+        if (!loadSingleThreadedModules) {
+            PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11);
+            goto fail2;
+        } else {
+            mod->isThreadSafe = PR_FALSE;
+        }
+    }
+    mod->cryptokiVersion = info.cryptokiVersion;
+
+    /* If we don't have a common name, get it from the PKCS 11 module */
+    if ((mod->commonName == NULL) || (mod->commonName[0] == 0)) {
+        mod->commonName = PK11_MakeString(mod->arena, NULL,
+                                          (char *)info.libraryDescription, sizeof(info.libraryDescription));
+        if (mod->commonName == NULL)
+            goto fail2;
+    }
+
+    /* initialize the Slots */
+    if (PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, NULL, &slotCount) == CKR_OK) {
+        CK_SLOT_ID *slotIDs;
+        int i;
+        CK_RV crv;
+
+        mod->slots = (PK11SlotInfo **)PORT_ArenaAlloc(mod->arena,
+                                                      sizeof(PK11SlotInfo *) * slotCount);
+        if (mod->slots == NULL)
+            goto fail2;
+
+        slotIDs = (CK_SLOT_ID *)PORT_Alloc(sizeof(CK_SLOT_ID) * slotCount);
+        if (slotIDs == NULL) {
+            goto fail2;
+        }
+        crv = PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, slotIDs, &slotCount);
+        if (crv != CKR_OK) {
+            PORT_Free(slotIDs);
+            goto fail2;
+        }
+
+        /* Initialize each slot */
+        for (i = 0; i < (int)slotCount; i++) {
+            mod->slots[i] = PK11_NewSlotInfo(mod);
+            PK11_InitSlot(mod, slotIDs[i], mod->slots[i]);
+            /* look down the slot info table */
+            PK11_LoadSlotList(mod->slots[i], mod->slotInfo, mod->slotInfoCount);
+            SECMOD_SetRootCerts(mod->slots[i], mod);
+            /* explicitly mark the internal slot as such if IsInternalKeySlot()
+             * is set */
+            if (secmod_IsInternalKeySlot(mod) && (i == (mod->isFIPS ? 0 : 1))) {
+                pk11_SetInternalKeySlotIfFirst(mod->slots[i]);
+            }
+        }
+        mod->slotCount = slotCount;
+        mod->slotInfoCount = 0;
+        PORT_Free(slotIDs);
+    }
+
+    mod->loaded = PR_TRUE;
+    mod->moduleID = nextModuleID++;
+    return SECSuccess;
+fail2:
+    if (enforceAlreadyInitializedError || (!alreadyLoaded)) {
+        PK11_GETTAB(mod)->C_Finalize(NULL);
+    }
+fail:
+    mod->functionList = NULL;
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+    if (library && !disableUnload) {
+        PR_UnloadLibrary(library);
+    }
+    return SECFailure;
+}
+
+SECStatus
+SECMOD_UnloadModule(SECMODModule *mod)
+{
+    PRLibrary *library;
+    char *disableUnload = NULL;
+
+    if (!mod->loaded) {
+        return SECFailure;
+    }
+    if (finalizeModules) {
+        if (mod->functionList && !mod->moduleDBOnly) {
+            PK11_GETTAB(mod)->C_Finalize(NULL);
+        }
+    }
+    mod->moduleID = 0;
+    mod->loaded = PR_FALSE;
+
+    /* do we want the semantics to allow unloading the internal library?
+     * if not, we should change this to SECFailure and move it above the
+     * mod->loaded = PR_FALSE; */
+    if (mod->internal && (mod->dllName == NULL)) {
+#ifndef NSS_TEST_BUILD
+        if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
+            if (softokenLib) {
+                disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+                if (!disableUnload) {
+#ifdef DEBUG
+                    PRStatus status = PR_UnloadLibrary(softokenLib);
+                    PORT_Assert(PR_SUCCESS == status);
+#else
+                    PR_UnloadLibrary(softokenLib);
+#endif
+                }
+                softokenLib = NULL;
+            }
+            loadSoftokenOnce = pristineCallOnce;
+        }
+#endif
+        return SECSuccess;
+    }
+
+    library = (PRLibrary *)mod->library;
+    /* paranoia */
+    if (library == NULL) {
+        return SECFailure;
+    }
+
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+    if (!disableUnload) {
+        PR_UnloadLibrary(library);
+    }
+    return SECSuccess;
+}
+
+void
+nss_DumpModuleLog(void)
+{
+#ifdef DEBUG_MODULE
+    if (modToDBG) {
+        print_final_statistics();
+    }
+#endif
+}
diff --git a/nss/lib/pk11wrap/pk11mech.c b/nss/lib/pk11wrap/pk11mech.c
new file mode 100644
index 0000000..48e50df
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11mech.c
@@ -0,0 +1,1917 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file maps various PKCS #11 Mechanisms to related mechanisms, key
+ * types, and ASN.1 encodings.
+ */
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "pkcs11t.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secerr.h"
+
+/*************************************************************
+ * local static and global data
+ *************************************************************/
+
+/*
+ * Tables used for Extended mechanism mapping (currently not used)
+ */
+typedef struct {
+    CK_MECHANISM_TYPE keyGen;
+    CK_KEY_TYPE keyType;
+    CK_MECHANISM_TYPE type;
+    CK_MECHANISM_TYPE padType;
+    int blockSize;
+    int iv;
+} pk11MechanismData;
+
+static pk11MechanismData pk11_default =
+    { CKM_GENERIC_SECRET_KEY_GEN, CKK_GENERIC_SECRET,
+      CKM_FAKE_RANDOM, CKM_FAKE_RANDOM, 8, 8 };
+static pk11MechanismData *pk11_MechanismTable = NULL;
+static int pk11_MechTableSize = 0;
+static int pk11_MechEntrySize = 0;
+
+/*
+ * list of mechanisms we're willing to wrap secret keys with.
+ * This list is ordered by preference.
+ */
+CK_MECHANISM_TYPE wrapMechanismList[] = {
+    CKM_DES3_ECB,
+    CKM_CAST5_ECB,
+    CKM_AES_ECB,
+    CKM_CAMELLIA_ECB,
+    CKM_SEED_ECB,
+    CKM_CAST5_ECB,
+    CKM_DES_ECB,
+    CKM_KEY_WRAP_LYNKS,
+    CKM_IDEA_ECB,
+    CKM_CAST3_ECB,
+    CKM_CAST_ECB,
+    CKM_RC5_ECB,
+    CKM_RC2_ECB,
+    CKM_CDMF_ECB,
+    CKM_SKIPJACK_WRAP,
+};
+
+int wrapMechanismCount = sizeof(wrapMechanismList) / sizeof(wrapMechanismList[0]);
+
+/*********************************************************************
+ *       Mechanism Mapping functions
+ *********************************************************************/
+
+/*
+ * lookup an entry in the mechanism table. If none found, return the
+ * default structure.
+ */
+static pk11MechanismData *
+pk11_lookup(CK_MECHANISM_TYPE type)
+{
+    int i;
+    for (i = 0; i < pk11_MechEntrySize; i++) {
+        if (pk11_MechanismTable[i].type == type) {
+            return (&pk11_MechanismTable[i]);
+        }
+    }
+    return &pk11_default;
+}
+
+/*
+ * find the best key wrap mechanism for this slot.
+ */
+CK_MECHANISM_TYPE
+PK11_GetBestWrapMechanism(PK11SlotInfo *slot)
+{
+    int i;
+    for (i = 0; i < wrapMechanismCount; i++) {
+        if (PK11_DoesMechanism(slot, wrapMechanismList[i])) {
+            return wrapMechanismList[i];
+        }
+    }
+    return CKM_INVALID_MECHANISM;
+}
+
+/*
+ * NOTE: This is not thread safe. Called at init time, and when loading
+ * a new Entry. It is reasonably safe as long as it is not re-entered
+ * (readers will always see a consistant table)
+ *
+ * This routine is called to add entries to the mechanism table, once there,
+ * they can not be removed.
+ */
+void
+PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
+                       CK_MECHANISM_TYPE keyGen,
+                       CK_MECHANISM_TYPE padType,
+                       int ivLen, int blockSize)
+{
+    int tableSize = pk11_MechTableSize;
+    int size = pk11_MechEntrySize;
+    int entry = size++;
+    pk11MechanismData *old = pk11_MechanismTable;
+    pk11MechanismData *newt = pk11_MechanismTable;
+
+    if (size > tableSize) {
+        int oldTableSize = tableSize;
+        tableSize += 10;
+        newt = PORT_NewArray(pk11MechanismData, tableSize);
+        if (newt == NULL)
+            return;
+
+        if (old)
+            PORT_Memcpy(newt, old, oldTableSize * sizeof(*newt));
+    } else
+        old = NULL;
+
+    newt[entry].type = type;
+    newt[entry].keyType = key;
+    newt[entry].keyGen = keyGen;
+    newt[entry].padType = padType;
+    newt[entry].iv = ivLen;
+    newt[entry].blockSize = blockSize;
+
+    pk11_MechanismTable = newt;
+    pk11_MechTableSize = tableSize;
+    pk11_MechEntrySize = size;
+    if (old)
+        PORT_Free(old);
+}
+
+/*
+ * Get the mechanism needed for the given key type
+ */
+CK_MECHANISM_TYPE
+PK11_GetKeyMechanism(CK_KEY_TYPE type)
+{
+    switch (type) {
+        case CKK_SEED:
+            return CKM_SEED_CBC;
+        case CKK_CAMELLIA:
+            return CKM_CAMELLIA_CBC;
+        case CKK_NSS_CHACHA20:
+            return CKM_NSS_CHACHA20_POLY1305;
+        case CKK_AES:
+            return CKM_AES_CBC;
+        case CKK_DES:
+            return CKM_DES_CBC;
+        case CKK_DES3:
+            return CKM_DES3_KEY_GEN;
+        case CKK_DES2:
+            return CKM_DES2_KEY_GEN;
+        case CKK_CDMF:
+            return CKM_CDMF_CBC;
+        case CKK_RC2:
+            return CKM_RC2_CBC;
+        case CKK_RC4:
+            return CKM_RC4;
+        case CKK_RC5:
+            return CKM_RC5_CBC;
+        case CKK_SKIPJACK:
+            return CKM_SKIPJACK_CBC64;
+        case CKK_BATON:
+            return CKM_BATON_CBC128;
+        case CKK_JUNIPER:
+            return CKM_JUNIPER_CBC128;
+        case CKK_IDEA:
+            return CKM_IDEA_CBC;
+        case CKK_CAST:
+            return CKM_CAST_CBC;
+        case CKK_CAST3:
+            return CKM_CAST3_CBC;
+        case CKK_CAST5:
+            return CKM_CAST5_CBC;
+        case CKK_RSA:
+            return CKM_RSA_PKCS;
+        case CKK_DSA:
+            return CKM_DSA;
+        case CKK_DH:
+            return CKM_DH_PKCS_DERIVE;
+        case CKK_KEA:
+            return CKM_KEA_KEY_DERIVE;
+        case CKK_EC: /* CKK_ECDSA is deprecated */
+            return CKM_ECDSA;
+        case CKK_GENERIC_SECRET:
+        default:
+            return CKM_SHA_1_HMAC;
+    }
+}
+
+/*
+ * Get the key type needed for the given mechanism
+ */
+CK_KEY_TYPE
+PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len)
+{
+    switch (type) {
+        case CKM_SEED_ECB:
+        case CKM_SEED_CBC:
+        case CKM_SEED_MAC:
+        case CKM_SEED_MAC_GENERAL:
+        case CKM_SEED_CBC_PAD:
+        case CKM_SEED_KEY_GEN:
+            return CKK_SEED;
+        case CKM_CAMELLIA_ECB:
+        case CKM_CAMELLIA_CBC:
+        case CKM_CAMELLIA_MAC:
+        case CKM_CAMELLIA_MAC_GENERAL:
+        case CKM_CAMELLIA_CBC_PAD:
+        case CKM_CAMELLIA_KEY_GEN:
+            return CKK_CAMELLIA;
+        case CKM_NSS_CHACHA20_POLY1305:
+        case CKM_NSS_CHACHA20_KEY_GEN:
+            return CKK_NSS_CHACHA20;
+        case CKM_AES_ECB:
+        case CKM_AES_CBC:
+        case CKM_AES_CCM:
+        case CKM_AES_CTR:
+        case CKM_AES_CTS:
+        case CKM_AES_GCM:
+        case CKM_AES_MAC:
+        case CKM_AES_MAC_GENERAL:
+        case CKM_AES_CBC_PAD:
+        case CKM_AES_KEY_GEN:
+        case CKM_NETSCAPE_AES_KEY_WRAP:
+        case CKM_NETSCAPE_AES_KEY_WRAP_PAD:
+            return CKK_AES;
+        case CKM_DES_ECB:
+        case CKM_DES_CBC:
+        case CKM_DES_MAC:
+        case CKM_DES_MAC_GENERAL:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES_KEY_GEN:
+        case CKM_KEY_WRAP_LYNKS:
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PBE_MD5_DES_CBC:
+            return CKK_DES;
+        case CKM_DES3_ECB:
+        case CKM_DES3_CBC:
+        case CKM_DES3_MAC:
+        case CKM_DES3_MAC_GENERAL:
+        case CKM_DES3_CBC_PAD:
+            return (len == 16) ? CKK_DES2 : CKK_DES3;
+        case CKM_DES2_KEY_GEN:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+            return CKK_DES2;
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_DES3_KEY_GEN:
+            return CKK_DES3;
+        case CKM_CDMF_ECB:
+        case CKM_CDMF_CBC:
+        case CKM_CDMF_MAC:
+        case CKM_CDMF_MAC_GENERAL:
+        case CKM_CDMF_CBC_PAD:
+        case CKM_CDMF_KEY_GEN:
+            return CKK_CDMF;
+        case CKM_RC2_ECB:
+        case CKM_RC2_CBC:
+        case CKM_RC2_MAC:
+        case CKM_RC2_MAC_GENERAL:
+        case CKM_RC2_CBC_PAD:
+        case CKM_RC2_KEY_GEN:
+        case CKM_PBE_SHA1_RC2_128_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+            return CKK_RC2;
+        case CKM_RC4:
+        case CKM_RC4_KEY_GEN:
+            return CKK_RC4;
+        case CKM_RC5_ECB:
+        case CKM_RC5_CBC:
+        case CKM_RC5_MAC:
+        case CKM_RC5_MAC_GENERAL:
+        case CKM_RC5_CBC_PAD:
+        case CKM_RC5_KEY_GEN:
+            return CKK_RC5;
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_SKIPJACK_KEY_GEN:
+        case CKM_SKIPJACK_WRAP:
+        case CKM_SKIPJACK_PRIVATE_WRAP:
+            return CKK_SKIPJACK;
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_BATON_WRAP:
+        case CKM_BATON_KEY_GEN:
+            return CKK_BATON;
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+        case CKM_JUNIPER_WRAP:
+        case CKM_JUNIPER_KEY_GEN:
+            return CKK_JUNIPER;
+        case CKM_IDEA_CBC:
+        case CKM_IDEA_ECB:
+        case CKM_IDEA_MAC:
+        case CKM_IDEA_MAC_GENERAL:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_IDEA_KEY_GEN:
+            return CKK_IDEA;
+        case CKM_CAST_ECB:
+        case CKM_CAST_CBC:
+        case CKM_CAST_MAC:
+        case CKM_CAST_MAC_GENERAL:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST_KEY_GEN:
+        case CKM_PBE_MD5_CAST_CBC:
+            return CKK_CAST;
+        case CKM_CAST3_ECB:
+        case CKM_CAST3_CBC:
+        case CKM_CAST3_MAC:
+        case CKM_CAST3_MAC_GENERAL:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST3_KEY_GEN:
+        case CKM_PBE_MD5_CAST3_CBC:
+            return CKK_CAST3;
+        case CKM_CAST5_ECB:
+        case CKM_CAST5_CBC:
+        case CKM_CAST5_MAC:
+        case CKM_CAST5_MAC_GENERAL:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_CAST5_KEY_GEN:
+        case CKM_PBE_MD5_CAST5_CBC:
+            return CKK_CAST5;
+        case CKM_RSA_PKCS:
+        case CKM_RSA_9796:
+        case CKM_RSA_X_509:
+        case CKM_MD2_RSA_PKCS:
+        case CKM_MD5_RSA_PKCS:
+        case CKM_SHA1_RSA_PKCS:
+        case CKM_SHA224_RSA_PKCS:
+        case CKM_SHA256_RSA_PKCS:
+        case CKM_SHA384_RSA_PKCS:
+        case CKM_SHA512_RSA_PKCS:
+        case CKM_KEY_WRAP_SET_OAEP:
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+        case CKM_RSA_X9_31_KEY_PAIR_GEN:
+            return CKK_RSA;
+        case CKM_DSA:
+        case CKM_DSA_SHA1:
+        case CKM_DSA_KEY_PAIR_GEN:
+            return CKK_DSA;
+        case CKM_DH_PKCS_DERIVE:
+        case CKM_DH_PKCS_KEY_PAIR_GEN:
+            return CKK_DH;
+        case CKM_KEA_KEY_DERIVE:
+        case CKM_KEA_KEY_PAIR_GEN:
+            return CKK_KEA;
+        case CKM_ECDSA:
+        case CKM_ECDSA_SHA1:
+        case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
+        case CKM_ECDH1_DERIVE:
+            return CKK_EC; /* CKK_ECDSA is deprecated */
+        case CKM_SSL3_PRE_MASTER_KEY_GEN:
+        case CKM_GENERIC_SECRET_KEY_GEN:
+        case CKM_SSL3_MASTER_KEY_DERIVE:
+        case CKM_SSL3_MASTER_KEY_DERIVE_DH:
+        case CKM_SSL3_KEY_AND_MAC_DERIVE:
+        case CKM_SSL3_SHA1_MAC:
+        case CKM_SSL3_MD5_MAC:
+        case CKM_TLS_MASTER_KEY_DERIVE:
+        case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256:
+        case CKM_TLS_MASTER_KEY_DERIVE_DH:
+        case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256:
+        case CKM_TLS_KEY_AND_MAC_DERIVE:
+        case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE:
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH:
+        case CKM_SHA_1_HMAC:
+        case CKM_SHA_1_HMAC_GENERAL:
+        case CKM_SHA224_HMAC:
+        case CKM_SHA224_HMAC_GENERAL:
+        case CKM_SHA256_HMAC:
+        case CKM_SHA256_HMAC_GENERAL:
+        case CKM_SHA384_HMAC:
+        case CKM_SHA384_HMAC_GENERAL:
+        case CKM_SHA512_HMAC:
+        case CKM_SHA512_HMAC_GENERAL:
+        case CKM_MD2_HMAC:
+        case CKM_MD2_HMAC_GENERAL:
+        case CKM_MD5_HMAC:
+        case CKM_MD5_HMAC_GENERAL:
+        case CKM_TLS_PRF_GENERAL:
+        case CKM_NSS_TLS_PRF_GENERAL_SHA256:
+            return CKK_GENERIC_SECRET;
+        default:
+            return pk11_lookup(type)->keyType;
+    }
+}
+
+/*
+ * Get the Key Gen Mechanism needed for the given
+ * crypto mechanism
+ */
+CK_MECHANISM_TYPE
+PK11_GetKeyGen(CK_MECHANISM_TYPE type)
+{
+    return PK11_GetKeyGenWithSize(type, 0);
+}
+
+CK_MECHANISM_TYPE
+PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size)
+{
+    switch (type) {
+        case CKM_SEED_ECB:
+        case CKM_SEED_CBC:
+        case CKM_SEED_MAC:
+        case CKM_SEED_MAC_GENERAL:
+        case CKM_SEED_CBC_PAD:
+        case CKM_SEED_KEY_GEN:
+            return CKM_SEED_KEY_GEN;
+        case CKM_CAMELLIA_ECB:
+        case CKM_CAMELLIA_CBC:
+        case CKM_CAMELLIA_MAC:
+        case CKM_CAMELLIA_MAC_GENERAL:
+        case CKM_CAMELLIA_CBC_PAD:
+        case CKM_CAMELLIA_KEY_GEN:
+            return CKM_CAMELLIA_KEY_GEN;
+        case CKM_NSS_CHACHA20_POLY1305:
+            return CKM_NSS_CHACHA20_KEY_GEN;
+        case CKM_AES_ECB:
+        case CKM_AES_CBC:
+        case CKM_AES_CCM:
+        case CKM_AES_CTR:
+        case CKM_AES_CTS:
+        case CKM_AES_GCM:
+        case CKM_AES_MAC:
+        case CKM_AES_MAC_GENERAL:
+        case CKM_AES_CBC_PAD:
+        case CKM_AES_KEY_GEN:
+            return CKM_AES_KEY_GEN;
+        case CKM_DES_ECB:
+        case CKM_DES_CBC:
+        case CKM_DES_MAC:
+        case CKM_DES_MAC_GENERAL:
+        case CKM_KEY_WRAP_LYNKS:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES_KEY_GEN:
+            return CKM_DES_KEY_GEN;
+        case CKM_DES3_ECB:
+        case CKM_DES3_CBC:
+        case CKM_DES3_MAC:
+        case CKM_DES3_MAC_GENERAL:
+        case CKM_DES3_CBC_PAD:
+            return (size == 16) ? CKM_DES2_KEY_GEN : CKM_DES3_KEY_GEN;
+        case CKM_DES3_KEY_GEN:
+            return CKM_DES3_KEY_GEN;
+        case CKM_DES2_KEY_GEN:
+            return CKM_DES2_KEY_GEN;
+        case CKM_CDMF_ECB:
+        case CKM_CDMF_CBC:
+        case CKM_CDMF_MAC:
+        case CKM_CDMF_MAC_GENERAL:
+        case CKM_CDMF_CBC_PAD:
+        case CKM_CDMF_KEY_GEN:
+            return CKM_CDMF_KEY_GEN;
+        case CKM_RC2_ECB:
+        case CKM_RC2_CBC:
+        case CKM_RC2_MAC:
+        case CKM_RC2_MAC_GENERAL:
+        case CKM_RC2_CBC_PAD:
+        case CKM_RC2_KEY_GEN:
+            return CKM_RC2_KEY_GEN;
+        case CKM_RC4:
+        case CKM_RC4_KEY_GEN:
+            return CKM_RC4_KEY_GEN;
+        case CKM_RC5_ECB:
+        case CKM_RC5_CBC:
+        case CKM_RC5_MAC:
+        case CKM_RC5_MAC_GENERAL:
+        case CKM_RC5_CBC_PAD:
+        case CKM_RC5_KEY_GEN:
+            return CKM_RC5_KEY_GEN;
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_SKIPJACK_WRAP:
+        case CKM_SKIPJACK_KEY_GEN:
+            return CKM_SKIPJACK_KEY_GEN;
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_BATON_WRAP:
+        case CKM_BATON_KEY_GEN:
+            return CKM_BATON_KEY_GEN;
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+        case CKM_JUNIPER_WRAP:
+        case CKM_JUNIPER_KEY_GEN:
+            return CKM_JUNIPER_KEY_GEN;
+        case CKM_IDEA_CBC:
+        case CKM_IDEA_ECB:
+        case CKM_IDEA_MAC:
+        case CKM_IDEA_MAC_GENERAL:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_IDEA_KEY_GEN:
+            return CKM_IDEA_KEY_GEN;
+        case CKM_CAST_ECB:
+        case CKM_CAST_CBC:
+        case CKM_CAST_MAC:
+        case CKM_CAST_MAC_GENERAL:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST_KEY_GEN:
+            return CKM_CAST_KEY_GEN;
+        case CKM_CAST3_ECB:
+        case CKM_CAST3_CBC:
+        case CKM_CAST3_MAC:
+        case CKM_CAST3_MAC_GENERAL:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST3_KEY_GEN:
+            return CKM_CAST3_KEY_GEN;
+        case CKM_CAST5_ECB:
+        case CKM_CAST5_CBC:
+        case CKM_CAST5_MAC:
+        case CKM_CAST5_MAC_GENERAL:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_CAST5_KEY_GEN:
+            return CKM_CAST5_KEY_GEN;
+        case CKM_RSA_PKCS:
+        case CKM_RSA_9796:
+        case CKM_RSA_X_509:
+        case CKM_MD2_RSA_PKCS:
+        case CKM_MD5_RSA_PKCS:
+        case CKM_SHA1_RSA_PKCS:
+        case CKM_SHA224_RSA_PKCS:
+        case CKM_SHA256_RSA_PKCS:
+        case CKM_SHA384_RSA_PKCS:
+        case CKM_SHA512_RSA_PKCS:
+        case CKM_KEY_WRAP_SET_OAEP:
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+            return CKM_RSA_PKCS_KEY_PAIR_GEN;
+        case CKM_RSA_X9_31_KEY_PAIR_GEN:
+            return CKM_RSA_X9_31_KEY_PAIR_GEN;
+        case CKM_DSA:
+        case CKM_DSA_SHA1:
+        case CKM_DSA_KEY_PAIR_GEN:
+            return CKM_DSA_KEY_PAIR_GEN;
+        case CKM_DH_PKCS_DERIVE:
+        case CKM_DH_PKCS_KEY_PAIR_GEN:
+            return CKM_DH_PKCS_KEY_PAIR_GEN;
+        case CKM_KEA_KEY_DERIVE:
+        case CKM_KEA_KEY_PAIR_GEN:
+            return CKM_KEA_KEY_PAIR_GEN;
+        case CKM_ECDSA:
+        case CKM_ECDSA_SHA1:
+        case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
+        case CKM_ECDH1_DERIVE:
+            return CKM_EC_KEY_PAIR_GEN;
+        case CKM_SSL3_PRE_MASTER_KEY_GEN:
+        case CKM_SSL3_MASTER_KEY_DERIVE:
+        case CKM_SSL3_KEY_AND_MAC_DERIVE:
+        case CKM_SSL3_SHA1_MAC:
+        case CKM_SSL3_MD5_MAC:
+        case CKM_TLS_MASTER_KEY_DERIVE:
+        case CKM_TLS_KEY_AND_MAC_DERIVE:
+        case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE:
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH:
+            return CKM_SSL3_PRE_MASTER_KEY_GEN;
+        case CKM_SHA_1_HMAC:
+        case CKM_SHA_1_HMAC_GENERAL:
+        case CKM_SHA224_HMAC:
+        case CKM_SHA224_HMAC_GENERAL:
+        case CKM_SHA256_HMAC:
+        case CKM_SHA256_HMAC_GENERAL:
+        case CKM_SHA384_HMAC:
+        case CKM_SHA384_HMAC_GENERAL:
+        case CKM_SHA512_HMAC:
+        case CKM_SHA512_HMAC_GENERAL:
+        case CKM_MD2_HMAC:
+        case CKM_MD2_HMAC_GENERAL:
+        case CKM_MD5_HMAC:
+        case CKM_MD5_HMAC_GENERAL:
+        case CKM_TLS_PRF_GENERAL:
+        case CKM_NSS_TLS_PRF_GENERAL_SHA256:
+        case CKM_GENERIC_SECRET_KEY_GEN:
+            return CKM_GENERIC_SECRET_KEY_GEN;
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PBE_MD5_DES_CBC:
+        case CKM_PBA_SHA1_WITH_SHA1_HMAC:
+        case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+        case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+        case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
+        case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+        case CKM_PBE_SHA1_RC2_128_CBC:
+        case CKM_PBE_SHA1_RC4_40:
+        case CKM_PBE_SHA1_RC4_128:
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+        case CKM_PKCS5_PBKD2:
+            return type;
+        default:
+            return pk11_lookup(type)->keyGen;
+    }
+}
+
+/*
+ * get the mechanism block size
+ */
+int
+PK11_GetBlockSize(CK_MECHANISM_TYPE type, SECItem *params)
+{
+    CK_RC5_PARAMS *rc5_params;
+    CK_RC5_CBC_PARAMS *rc5_cbc_params;
+    switch (type) {
+        case CKM_RC5_ECB:
+            if ((params) && (params->data)) {
+                rc5_params = (CK_RC5_PARAMS *)params->data;
+                return (rc5_params->ulWordsize) * 2;
+            }
+            return 8;
+        case CKM_RC5_CBC:
+        case CKM_RC5_CBC_PAD:
+            if ((params) && (params->data)) {
+                rc5_cbc_params = (CK_RC5_CBC_PARAMS *)params->data;
+                return (rc5_cbc_params->ulWordsize) * 2;
+            }
+            return 8;
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_RC2_ECB:
+        case CKM_IDEA_ECB:
+        case CKM_CAST_ECB:
+        case CKM_CAST3_ECB:
+        case CKM_CAST5_ECB:
+        case CKM_RC2_CBC:
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_DES_CBC:
+        case CKM_DES3_CBC:
+        case CKM_IDEA_CBC:
+        case CKM_CAST_CBC:
+        case CKM_CAST3_CBC:
+        case CKM_CAST5_CBC:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES3_CBC_PAD:
+        case CKM_RC2_CBC_PAD:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PBE_MD5_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+        case CKM_PBE_SHA1_RC2_128_CBC:
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+            return 8;
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+            return 4;
+        case CKM_SEED_ECB:
+        case CKM_SEED_CBC:
+        case CKM_SEED_CBC_PAD:
+        case CKM_CAMELLIA_ECB:
+        case CKM_CAMELLIA_CBC:
+        case CKM_CAMELLIA_CBC_PAD:
+        case CKM_AES_ECB:
+        case CKM_AES_CBC:
+        case CKM_AES_CBC_PAD:
+        case CKM_BATON_ECB128:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+            return 16;
+        case CKM_BATON_ECB96:
+            return 12;
+        case CKM_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
+        case CKM_PBE_SHA1_RC4_40:
+        case CKM_PBE_SHA1_RC4_128:
+            return 0;
+        case CKM_RSA_PKCS:
+        case CKM_RSA_9796:
+        case CKM_RSA_X_509:
+            /*actually it's the modulus length of the key!*/
+            return -1; /* failure */
+        default:
+            return pk11_lookup(type)->blockSize;
+    }
+}
+
+/*
+ * get the iv length
+ */
+int
+PK11_GetIVLength(CK_MECHANISM_TYPE type)
+{
+    switch (type) {
+        case CKM_SEED_ECB:
+        case CKM_CAMELLIA_ECB:
+        case CKM_AES_ECB:
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_RC2_ECB:
+        case CKM_IDEA_ECB:
+        case CKM_SKIPJACK_WRAP:
+        case CKM_BATON_WRAP:
+        case CKM_RC5_ECB:
+        case CKM_CAST_ECB:
+        case CKM_CAST3_ECB:
+        case CKM_CAST5_ECB:
+            return 0;
+        case CKM_RC2_CBC:
+        case CKM_DES_CBC:
+        case CKM_DES3_CBC:
+        case CKM_IDEA_CBC:
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PBE_MD5_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+        case CKM_PBE_SHA1_RC2_128_CBC:
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+        case CKM_RC5_CBC:
+        case CKM_CAST_CBC:
+        case CKM_CAST3_CBC:
+        case CKM_CAST5_CBC:
+        case CKM_RC2_CBC_PAD:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES3_CBC_PAD:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_RC5_CBC_PAD:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST5_CBC_PAD:
+            return 8;
+        case CKM_SEED_CBC:
+        case CKM_SEED_CBC_PAD:
+        case CKM_CAMELLIA_CBC:
+        case CKM_CAMELLIA_CBC_PAD:
+        case CKM_AES_CBC:
+        case CKM_AES_CBC_PAD:
+            return 16;
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+            return 24;
+        case CKM_RC4:
+        case CKM_RSA_PKCS:
+        case CKM_RSA_9796:
+        case CKM_RSA_X_509:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
+        case CKM_PBE_SHA1_RC4_40:
+        case CKM_PBE_SHA1_RC4_128:
+            return 0;
+        default:
+            return pk11_lookup(type)->iv;
+    }
+}
+
+/* These next two utilities are here to help facilitate future
+ * Dynamic Encrypt/Decrypt symetric key mechanisms, and to allow functions
+ * like SSL and S-MIME to automatically add them.
+ */
+SECItem *
+pk11_ParamFromIVWithLen(CK_MECHANISM_TYPE type, SECItem *iv, int keyLen)
+{
+    CK_RC2_CBC_PARAMS *rc2_params = NULL;
+    CK_RC2_PARAMS *rc2_ecb_params = NULL;
+    CK_RC5_PARAMS *rc5_params = NULL;
+    CK_RC5_CBC_PARAMS *rc5_cbc_params = NULL;
+    SECItem *param;
+
+    param = (SECItem *)PORT_Alloc(sizeof(SECItem));
+    if (param == NULL)
+        return NULL;
+    param->data = NULL;
+    param->len = 0;
+    param->type = 0;
+    switch (type) {
+        case CKM_SEED_ECB:
+        case CKM_CAMELLIA_ECB:
+        case CKM_AES_ECB:
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_RSA_PKCS:
+        case CKM_RSA_X_509:
+        case CKM_RSA_9796:
+        case CKM_IDEA_ECB:
+        case CKM_CDMF_ECB:
+        case CKM_CAST_ECB:
+        case CKM_CAST3_ECB:
+        case CKM_CAST5_ECB:
+        case CKM_RC4:
+            break;
+        case CKM_RC2_ECB:
+            rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
+            if (rc2_ecb_params == NULL)
+                break;
+            /*  Maybe we should pass the key size in too to get this value? */
+            *rc2_ecb_params = keyLen ? keyLen * 8 : 128;
+            param->data = (unsigned char *)rc2_ecb_params;
+            param->len = sizeof(CK_RC2_PARAMS);
+            break;
+        case CKM_RC2_CBC:
+        case CKM_RC2_CBC_PAD:
+            rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
+            if (rc2_params == NULL)
+                break;
+            /* Maybe we should pass the key size in too to get this value? */
+            rc2_params->ulEffectiveBits = keyLen ? keyLen * 8 : 128;
+            if (iv && iv->data)
+                PORT_Memcpy(rc2_params->iv, iv->data, sizeof(rc2_params->iv));
+            param->data = (unsigned char *)rc2_params;
+            param->len = sizeof(CK_RC2_CBC_PARAMS);
+            break;
+        case CKM_RC5_CBC:
+        case CKM_RC5_CBC_PAD:
+            rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
+                PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + ((iv) ? iv->len : 0));
+            if (rc5_cbc_params == NULL)
+                break;
+            if (iv && iv->data && iv->len) {
+                rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params) + sizeof(CK_RC5_CBC_PARAMS);
+                PORT_Memcpy(rc5_cbc_params->pIv, iv->data, iv->len);
+                rc5_cbc_params->ulIvLen = iv->len;
+                rc5_cbc_params->ulWordsize = iv->len / 2;
+            } else {
+                rc5_cbc_params->ulWordsize = 4;
+                rc5_cbc_params->pIv = NULL;
+                rc5_cbc_params->ulIvLen = 0;
+            }
+            rc5_cbc_params->ulRounds = 16;
+            param->data = (unsigned char *)rc5_cbc_params;
+            param->len = sizeof(CK_RC5_CBC_PARAMS);
+            break;
+        case CKM_RC5_ECB:
+            rc5_params = (CK_RC5_PARAMS *)PORT_Alloc(sizeof(CK_RC5_PARAMS));
+            if (rc5_params == NULL)
+                break;
+            if (iv && iv->data && iv->len) {
+                rc5_params->ulWordsize = iv->len / 2;
+            } else {
+                rc5_params->ulWordsize = 4;
+            }
+            rc5_params->ulRounds = 16;
+            param->data = (unsigned char *)rc5_params;
+            param->len = sizeof(CK_RC5_PARAMS);
+            break;
+
+        case CKM_SEED_CBC:
+        case CKM_CAMELLIA_CBC:
+        case CKM_AES_CBC:
+        case CKM_DES_CBC:
+        case CKM_DES3_CBC:
+        case CKM_IDEA_CBC:
+        case CKM_CDMF_CBC:
+        case CKM_CAST_CBC:
+        case CKM_CAST3_CBC:
+        case CKM_CAST5_CBC:
+        case CKM_CAMELLIA_CBC_PAD:
+        case CKM_AES_CBC_PAD:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES3_CBC_PAD:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_CDMF_CBC_PAD:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+            if ((iv == NULL) || (iv->data == NULL))
+                break;
+            param->data = (unsigned char *)PORT_Alloc(iv->len);
+            if (param->data != NULL) {
+                PORT_Memcpy(param->data, iv->data, iv->len);
+                param->len = iv->len;
+            }
+            break;
+        /* unknown mechanism, pass IV in if it's there */
+        default:
+            if (pk11_lookup(type)->iv == 0) {
+                break;
+            }
+            if ((iv == NULL) || (iv->data == NULL)) {
+                break;
+            }
+            param->data = (unsigned char *)PORT_Alloc(iv->len);
+            if (param->data != NULL) {
+                PORT_Memcpy(param->data, iv->data, iv->len);
+                param->len = iv->len;
+            }
+            break;
+    }
+    return param;
+}
+
+/* These next two utilities are here to help facilitate future
+ * Dynamic Encrypt/Decrypt symetric key mechanisms, and to allow functions
+ * like SSL and S-MIME to automatically add them.
+ */
+SECItem *
+PK11_ParamFromIV(CK_MECHANISM_TYPE type, SECItem *iv)
+{
+    return pk11_ParamFromIVWithLen(type, iv, 0);
+}
+
+unsigned char *
+PK11_IVFromParam(CK_MECHANISM_TYPE type, SECItem *param, int *len)
+{
+    CK_RC2_CBC_PARAMS *rc2_params;
+    CK_RC5_CBC_PARAMS *rc5_cbc_params;
+
+    *len = 0;
+    switch (type) {
+        case CKM_SEED_ECB:
+        case CKM_CAMELLIA_ECB:
+        case CKM_AES_ECB:
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_RSA_PKCS:
+        case CKM_RSA_X_509:
+        case CKM_RSA_9796:
+        case CKM_IDEA_ECB:
+        case CKM_CDMF_ECB:
+        case CKM_CAST_ECB:
+        case CKM_CAST3_ECB:
+        case CKM_CAST5_ECB:
+        case CKM_RC4:
+            return NULL;
+        case CKM_RC2_ECB:
+            return NULL;
+        case CKM_RC2_CBC:
+        case CKM_RC2_CBC_PAD:
+            rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
+            *len = sizeof(rc2_params->iv);
+            return &rc2_params->iv[0];
+        case CKM_RC5_CBC:
+        case CKM_RC5_CBC_PAD:
+            rc5_cbc_params = (CK_RC5_CBC_PARAMS *)param->data;
+            *len = rc5_cbc_params->ulIvLen;
+            return rc5_cbc_params->pIv;
+        case CKM_SEED_CBC:
+        case CKM_CAMELLIA_CBC:
+        case CKM_AES_CBC:
+        case CKM_DES_CBC:
+        case CKM_DES3_CBC:
+        case CKM_IDEA_CBC:
+        case CKM_CDMF_CBC:
+        case CKM_CAST_CBC:
+        case CKM_CAST3_CBC:
+        case CKM_CAST5_CBC:
+        case CKM_CAMELLIA_CBC_PAD:
+        case CKM_AES_CBC_PAD:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES3_CBC_PAD:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_CDMF_CBC_PAD:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+            break;
+        /* unknown mechanism, pass IV in if it's there */
+        default:
+            break;
+    }
+    if (param->data) {
+        *len = param->len;
+    }
+    return param->data;
+}
+
+typedef struct sec_rc5cbcParameterStr {
+    SECItem version;
+    SECItem rounds;
+    SECItem blockSizeInBits;
+    SECItem iv;
+} sec_rc5cbcParameter;
+
+static const SEC_ASN1Template sec_rc5ecb_parameter_template[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(sec_rc5cbcParameter) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc5cbcParameter, version) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc5cbcParameter, rounds) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc5cbcParameter, blockSizeInBits) },
+    { 0 }
+};
+
+static const SEC_ASN1Template sec_rc5cbc_parameter_template[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(sec_rc5cbcParameter) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc5cbcParameter, version) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc5cbcParameter, rounds) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc5cbcParameter, blockSizeInBits) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(sec_rc5cbcParameter, iv) },
+    { 0 }
+};
+
+typedef struct sec_rc2cbcParameterStr {
+    SECItem rc2ParameterVersion;
+    SECItem iv;
+} sec_rc2cbcParameter;
+
+static const SEC_ASN1Template sec_rc2cbc_parameter_template[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(sec_rc2cbcParameter) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc2cbcParameter, rc2ParameterVersion) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(sec_rc2cbcParameter, iv) },
+    { 0 }
+};
+
+static const SEC_ASN1Template sec_rc2ecb_parameter_template[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(sec_rc2cbcParameter) },
+    { SEC_ASN1_INTEGER,
+      offsetof(sec_rc2cbcParameter, rc2ParameterVersion) },
+    { 0 }
+};
+
+/* S/MIME picked id values to represent differnt keysizes */
+/* I do have a formula, but it ain't pretty, and it only works because you
+ * can always match three points to a parabola:) */
+static unsigned char
+rc2_map(SECItem *version)
+{
+    long x;
+
+    x = DER_GetInteger(version);
+
+    switch (x) {
+        case 58:
+            return 128;
+        case 120:
+            return 64;
+        case 160:
+            return 40;
+    }
+    return 128;
+}
+
+static unsigned long
+rc2_unmap(unsigned long x)
+{
+    switch (x) {
+        case 128:
+            return 58;
+        case 64:
+            return 120;
+        case 40:
+            return 160;
+    }
+    return 58;
+}
+
+/* Generate a mechaism param from a type, and iv. */
+SECItem *
+PK11_ParamFromAlgid(SECAlgorithmID *algid)
+{
+    CK_RC2_CBC_PARAMS *rc2_cbc_params = NULL;
+    CK_RC2_PARAMS *rc2_ecb_params = NULL;
+    CK_RC5_CBC_PARAMS *rc5_cbc_params = NULL;
+    CK_RC5_PARAMS *rc5_ecb_params = NULL;
+    PLArenaPool *arena = NULL;
+    SECItem *mech = NULL;
+    SECOidTag algtag;
+    SECStatus rv;
+    CK_MECHANISM_TYPE type;
+    /* initialize these to prevent UMRs in the ASN1 decoder. */
+    SECItem iv = { siBuffer, NULL, 0 };
+    sec_rc2cbcParameter rc2 = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } };
+    sec_rc5cbcParameter rc5 = { { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 }, { siBuffer, NULL, 0 } };
+
+    algtag = SECOID_GetAlgorithmTag(algid);
+    type = PK11_AlgtagToMechanism(algtag);
+
+    mech = PORT_New(SECItem);
+    if (mech == NULL) {
+        return NULL;
+    }
+    mech->type = siBuffer;
+    mech->data = NULL;
+    mech->len = 0;
+
+    arena = PORT_NewArena(1024);
+    if (!arena) {
+        goto loser;
+    }
+
+    /* handle the complicated cases */
+    switch (type) {
+        case CKM_RC2_ECB:
+            rv = SEC_ASN1DecodeItem(arena, &rc2, sec_rc2ecb_parameter_template,
+                                    &(algid->parameters));
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            rc2_ecb_params = PORT_New(CK_RC2_PARAMS);
+            if (rc2_ecb_params == NULL) {
+                goto loser;
+            }
+            *rc2_ecb_params = rc2_map(&rc2.rc2ParameterVersion);
+            mech->data = (unsigned char *)rc2_ecb_params;
+            mech->len = sizeof *rc2_ecb_params;
+            break;
+        case CKM_RC2_CBC:
+        case CKM_RC2_CBC_PAD:
+            rv = SEC_ASN1DecodeItem(arena, &rc2, sec_rc2cbc_parameter_template,
+                                    &(algid->parameters));
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            rc2_cbc_params = PORT_New(CK_RC2_CBC_PARAMS);
+            if (rc2_cbc_params == NULL) {
+                goto loser;
+            }
+            mech->data = (unsigned char *)rc2_cbc_params;
+            mech->len = sizeof *rc2_cbc_params;
+            rc2_cbc_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion);
+            if (rc2.iv.len != sizeof rc2_cbc_params->iv) {
+                PORT_SetError(SEC_ERROR_INPUT_LEN);
+                goto loser;
+            }
+            PORT_Memcpy(rc2_cbc_params->iv, rc2.iv.data, rc2.iv.len);
+            break;
+        case CKM_RC5_ECB:
+            rv = SEC_ASN1DecodeItem(arena, &rc5, sec_rc5ecb_parameter_template,
+                                    &(algid->parameters));
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            rc5_ecb_params = PORT_New(CK_RC5_PARAMS);
+            if (rc5_ecb_params == NULL) {
+                goto loser;
+            }
+            rc5_ecb_params->ulRounds = DER_GetInteger(&rc5.rounds);
+            rc5_ecb_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits) / 8;
+            mech->data = (unsigned char *)rc5_ecb_params;
+            mech->len = sizeof *rc5_ecb_params;
+            break;
+        case CKM_RC5_CBC:
+        case CKM_RC5_CBC_PAD:
+            rv = SEC_ASN1DecodeItem(arena, &rc5, sec_rc5cbc_parameter_template,
+                                    &(algid->parameters));
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            rc5_cbc_params = (CK_RC5_CBC_PARAMS *)
+                PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + rc5.iv.len);
+            if (rc5_cbc_params == NULL) {
+                goto loser;
+            }
+            mech->data = (unsigned char *)rc5_cbc_params;
+            mech->len = sizeof *rc5_cbc_params;
+            rc5_cbc_params->ulRounds = DER_GetInteger(&rc5.rounds);
+            rc5_cbc_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits) / 8;
+            rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params) + sizeof(CK_RC5_CBC_PARAMS);
+            rc5_cbc_params->ulIvLen = rc5.iv.len;
+            PORT_Memcpy(rc5_cbc_params->pIv, rc5.iv.data, rc5.iv.len);
+            break;
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PBE_MD5_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+        case CKM_PBE_SHA1_RC2_128_CBC:
+        case CKM_PBE_SHA1_RC4_40:
+        case CKM_PBE_SHA1_RC4_128:
+        case CKM_PKCS5_PBKD2:
+            rv = pbe_PK11AlgidToParam(algid, mech);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            break;
+        case CKM_RC4:
+        case CKM_SEED_ECB:
+        case CKM_CAMELLIA_ECB:
+        case CKM_AES_ECB:
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_IDEA_ECB:
+        case CKM_CDMF_ECB:
+        case CKM_CAST_ECB:
+        case CKM_CAST3_ECB:
+        case CKM_CAST5_ECB:
+            break;
+
+        default:
+            if (pk11_lookup(type)->iv == 0) {
+                break;
+            }
+        /* FALL THROUGH */
+        case CKM_SEED_CBC:
+        case CKM_CAMELLIA_CBC:
+        case CKM_AES_CBC:
+        case CKM_DES_CBC:
+        case CKM_DES3_CBC:
+        case CKM_IDEA_CBC:
+        case CKM_CDMF_CBC:
+        case CKM_CAST_CBC:
+        case CKM_CAST3_CBC:
+        case CKM_CAST5_CBC:
+        case CKM_SEED_CBC_PAD:
+        case CKM_CAMELLIA_CBC_PAD:
+        case CKM_AES_CBC_PAD:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES3_CBC_PAD:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_CDMF_CBC_PAD:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+            /* simple cases are simply octet string encoded IVs */
+            rv = SEC_ASN1DecodeItem(arena, &iv,
+                                    SEC_ASN1_GET(SEC_OctetStringTemplate),
+                                    &(algid->parameters));
+            if (rv != SECSuccess || iv.data == NULL) {
+                goto loser;
+            }
+            /* XXX Should be some IV length sanity check here. */
+            mech->data = (unsigned char *)PORT_Alloc(iv.len);
+            if (mech->data == NULL) {
+                goto loser;
+            }
+            PORT_Memcpy(mech->data, iv.data, iv.len);
+            mech->len = iv.len;
+            break;
+    }
+    PORT_FreeArena(arena, PR_FALSE);
+    return mech;
+
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    SECITEM_FreeItem(mech, PR_TRUE);
+    return NULL;
+}
+
+/*
+ * Generate an IV for the given mechanism
+ */
+static SECStatus
+pk11_GenIV(CK_MECHANISM_TYPE type, SECItem *iv)
+{
+    int iv_size = PK11_GetIVLength(type);
+    SECStatus rv;
+
+    iv->len = iv_size;
+    if (iv_size == 0) {
+        iv->data = NULL;
+        return SECSuccess;
+    }
+
+    iv->data = (unsigned char *)PORT_Alloc(iv_size);
+    if (iv->data == NULL) {
+        iv->len = 0;
+        return SECFailure;
+    }
+
+    rv = PK11_GenerateRandom(iv->data, iv->len);
+    if (rv != SECSuccess) {
+        PORT_Free(iv->data);
+        iv->data = NULL;
+        iv->len = 0;
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * create a new parameter block from the passed in MECHANISM and the
+ * key. Use Netscape's S/MIME Rules for the New param block.
+ */
+SECItem *
+pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen)
+{
+    CK_RC2_CBC_PARAMS *rc2_params;
+    CK_RC2_PARAMS *rc2_ecb_params;
+    SECItem *mech;
+    SECItem iv;
+    SECStatus rv;
+
+    mech = (SECItem *)PORT_Alloc(sizeof(SECItem));
+    if (mech == NULL)
+        return NULL;
+
+    rv = SECSuccess;
+    mech->type = siBuffer;
+    mech->data = NULL;
+    mech->len = 0;
+    switch (type) {
+        case CKM_RC4:
+        case CKM_SEED_ECB:
+        case CKM_CAMELLIA_ECB:
+        case CKM_AES_ECB:
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_IDEA_ECB:
+        case CKM_CDMF_ECB:
+        case CKM_CAST_ECB:
+        case CKM_CAST3_ECB:
+        case CKM_CAST5_ECB:
+            break;
+        case CKM_RC2_ECB:
+            rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS));
+            if (rc2_ecb_params == NULL) {
+                rv = SECFailure;
+                break;
+            }
+            /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
+             *   or RC4 key. Of course that wouldn't happen here doing RC2:).*/
+            *rc2_ecb_params = keyLen ? keyLen * 8 : 128;
+            mech->data = (unsigned char *)rc2_ecb_params;
+            mech->len = sizeof(CK_RC2_PARAMS);
+            break;
+        case CKM_RC2_CBC:
+        case CKM_RC2_CBC_PAD:
+            rv = pk11_GenIV(type, &iv);
+            if (rv != SECSuccess) {
+                break;
+            }
+            rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS));
+            if (rc2_params == NULL) {
+                PORT_Free(iv.data);
+                rv = SECFailure;
+                break;
+            }
+            /* NOTE PK11_GetKeyLength can return -1 if the key isn't and RC2, RC5,
+             *   or RC4 key. Of course that wouldn't happen here doing RC2:).*/
+            rc2_params->ulEffectiveBits = keyLen ? keyLen * 8 : 128;
+            if (iv.data)
+                PORT_Memcpy(rc2_params->iv, iv.data, sizeof(rc2_params->iv));
+            mech->data = (unsigned char *)rc2_params;
+            mech->len = sizeof(CK_RC2_CBC_PARAMS);
+            PORT_Free(iv.data);
+            break;
+        case CKM_RC5_ECB:
+            PORT_Free(mech);
+            return PK11_ParamFromIV(type, NULL);
+        case CKM_RC5_CBC:
+        case CKM_RC5_CBC_PAD:
+            rv = pk11_GenIV(type, &iv);
+            if (rv != SECSuccess) {
+                break;
+            }
+            PORT_Free(mech);
+            return PK11_ParamFromIV(type, &iv);
+        default:
+            if (pk11_lookup(type)->iv == 0) {
+                break;
+            }
+        case CKM_SEED_CBC:
+        case CKM_CAMELLIA_CBC:
+        case CKM_AES_CBC:
+        case CKM_DES_CBC:
+        case CKM_DES3_CBC:
+        case CKM_IDEA_CBC:
+        case CKM_CDMF_CBC:
+        case CKM_CAST_CBC:
+        case CKM_CAST3_CBC:
+        case CKM_CAST5_CBC:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES3_CBC_PAD:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_CDMF_CBC_PAD:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+            rv = pk11_GenIV(type, &iv);
+            if (rv != SECSuccess) {
+                break;
+            }
+            mech->data = (unsigned char *)PORT_Alloc(iv.len);
+            if (mech->data == NULL) {
+                PORT_Free(iv.data);
+                rv = SECFailure;
+                break;
+            }
+            PORT_Memcpy(mech->data, iv.data, iv.len);
+            mech->len = iv.len;
+            PORT_Free(iv.data);
+            break;
+    }
+    if (rv != SECSuccess) {
+        SECITEM_FreeItem(mech, PR_TRUE);
+        return NULL;
+    }
+    return mech;
+}
+
+SECItem *
+PK11_GenerateNewParam(CK_MECHANISM_TYPE type, PK11SymKey *key)
+{
+    int keyLen = key ? PK11_GetKeyLength(key) : 0;
+
+    return pk11_GenerateNewParamWithKeyLen(type, keyLen);
+}
+
+#define RC5_V10 0x10
+
+/* turn a PKCS #11 parameter into a DER Encoded Algorithm ID */
+SECStatus
+PK11_ParamToAlgid(SECOidTag algTag, SECItem *param,
+                  PLArenaPool *arena, SECAlgorithmID *algid)
+{
+    CK_RC2_CBC_PARAMS *rc2_params;
+    sec_rc2cbcParameter rc2;
+    CK_RC5_CBC_PARAMS *rc5_params;
+    sec_rc5cbcParameter rc5;
+    CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(algTag);
+    SECItem *newParams = NULL;
+    SECStatus rv = SECFailure;
+    unsigned long rc2version;
+
+    switch (type) {
+        case CKM_RC4:
+        case CKM_SEED_ECB:
+        case CKM_CAMELLIA_ECB:
+        case CKM_AES_ECB:
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_IDEA_ECB:
+        case CKM_CDMF_ECB:
+        case CKM_CAST_ECB:
+        case CKM_CAST3_ECB:
+        case CKM_CAST5_ECB:
+            newParams = NULL;
+            rv = SECSuccess;
+            break;
+        case CKM_RC2_ECB:
+            break;
+        case CKM_RC2_CBC:
+        case CKM_RC2_CBC_PAD:
+            rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
+            rc2version = rc2_unmap(rc2_params->ulEffectiveBits);
+            if (SEC_ASN1EncodeUnsignedInteger(NULL, &(rc2.rc2ParameterVersion),
+                                              rc2version) == NULL)
+                break;
+            rc2.iv.data = rc2_params->iv;
+            rc2.iv.len = sizeof(rc2_params->iv);
+            newParams = SEC_ASN1EncodeItem(NULL, NULL, &rc2,
+                                           sec_rc2cbc_parameter_template);
+            PORT_Free(rc2.rc2ParameterVersion.data);
+            if (newParams == NULL)
+                break;
+            rv = SECSuccess;
+            break;
+
+        case CKM_RC5_ECB: /* well not really... */
+            break;
+        case CKM_RC5_CBC:
+        case CKM_RC5_CBC_PAD:
+            rc5_params = (CK_RC5_CBC_PARAMS *)param->data;
+            if (SEC_ASN1EncodeUnsignedInteger(NULL, &rc5.version, RC5_V10) == NULL)
+                break;
+            if (SEC_ASN1EncodeUnsignedInteger(NULL, &rc5.blockSizeInBits,
+                                              rc5_params->ulWordsize * 8) == NULL) {
+                PORT_Free(rc5.version.data);
+                break;
+            }
+            if (SEC_ASN1EncodeUnsignedInteger(NULL, &rc5.rounds,
+                                              rc5_params->ulWordsize * 8) == NULL) {
+                PORT_Free(rc5.blockSizeInBits.data);
+                PORT_Free(rc5.version.data);
+                break;
+            }
+            rc5.iv.data = rc5_params->pIv;
+            rc5.iv.len = rc5_params->ulIvLen;
+            newParams = SEC_ASN1EncodeItem(NULL, NULL, &rc5,
+                                           sec_rc5cbc_parameter_template);
+            PORT_Free(rc5.version.data);
+            PORT_Free(rc5.blockSizeInBits.data);
+            PORT_Free(rc5.rounds.data);
+            if (newParams == NULL)
+                break;
+            rv = SECSuccess;
+            break;
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PBE_MD5_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+        case CKM_PBE_SHA1_RC2_128_CBC:
+        case CKM_PBE_SHA1_RC4_40:
+        case CKM_PBE_SHA1_RC4_128:
+            return PBE_PK11ParamToAlgid(algTag, param, arena, algid);
+        default:
+            if (pk11_lookup(type)->iv == 0) {
+                rv = SECSuccess;
+                newParams = NULL;
+                break;
+            }
+        case CKM_SEED_CBC:
+        case CKM_CAMELLIA_CBC:
+        case CKM_AES_CBC:
+        case CKM_DES_CBC:
+        case CKM_DES3_CBC:
+        case CKM_IDEA_CBC:
+        case CKM_CDMF_CBC:
+        case CKM_CAST_CBC:
+        case CKM_CAST3_CBC:
+        case CKM_CAST5_CBC:
+        case CKM_DES_CBC_PAD:
+        case CKM_DES3_CBC_PAD:
+        case CKM_IDEA_CBC_PAD:
+        case CKM_CDMF_CBC_PAD:
+        case CKM_CAST_CBC_PAD:
+        case CKM_CAST3_CBC_PAD:
+        case CKM_CAST5_CBC_PAD:
+        case CKM_SKIPJACK_CBC64:
+        case CKM_SKIPJACK_ECB64:
+        case CKM_SKIPJACK_OFB64:
+        case CKM_SKIPJACK_CFB64:
+        case CKM_SKIPJACK_CFB32:
+        case CKM_SKIPJACK_CFB16:
+        case CKM_SKIPJACK_CFB8:
+        case CKM_BATON_ECB128:
+        case CKM_BATON_ECB96:
+        case CKM_BATON_CBC128:
+        case CKM_BATON_COUNTER:
+        case CKM_BATON_SHUFFLE:
+        case CKM_JUNIPER_ECB128:
+        case CKM_JUNIPER_CBC128:
+        case CKM_JUNIPER_COUNTER:
+        case CKM_JUNIPER_SHUFFLE:
+            newParams = SEC_ASN1EncodeItem(NULL, NULL, param,
+                                           SEC_ASN1_GET(SEC_OctetStringTemplate));
+            if (newParams == NULL)
+                break;
+            rv = SECSuccess;
+            break;
+    }
+
+    if (rv != SECSuccess) {
+        if (newParams)
+            SECITEM_FreeItem(newParams, PR_TRUE);
+        return rv;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, algid, algTag, newParams);
+    SECITEM_FreeItem(newParams, PR_TRUE);
+    return rv;
+}
+
+/* turn an OID algorithm tag into a PKCS #11 mechanism. This allows us to
+ * map OID's directly into the PKCS #11 mechanism we want to call. We find
+ * this mapping in our standard OID table */
+CK_MECHANISM_TYPE
+PK11_AlgtagToMechanism(SECOidTag algTag)
+{
+    SECOidData *oid = SECOID_FindOIDByTag(algTag);
+
+    if (oid)
+        return (CK_MECHANISM_TYPE)oid->mechanism;
+    return CKM_INVALID_MECHANISM;
+}
+
+/* turn a mechanism into an oid. */
+SECOidTag
+PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type)
+{
+    SECOidData *oid = SECOID_FindOIDByMechanism((unsigned long)type);
+
+    if (oid)
+        return oid->offset;
+    return SEC_OID_UNKNOWN;
+}
+
+/* Determine appropriate blocking mechanism, used when wrapping private keys
+ * which require PKCS padding.  If the mechanism does not map to a padding
+ * mechanism, we simply return the mechanism.
+ */
+CK_MECHANISM_TYPE
+PK11_GetPadMechanism(CK_MECHANISM_TYPE type)
+{
+    switch (type) {
+        case CKM_SEED_CBC:
+            return CKM_SEED_CBC_PAD;
+        case CKM_CAMELLIA_CBC:
+            return CKM_CAMELLIA_CBC_PAD;
+        case CKM_AES_CBC:
+            return CKM_AES_CBC_PAD;
+        case CKM_DES_CBC:
+            return CKM_DES_CBC_PAD;
+        case CKM_DES3_CBC:
+            return CKM_DES3_CBC_PAD;
+        case CKM_RC2_CBC:
+            return CKM_RC2_CBC_PAD;
+        case CKM_CDMF_CBC:
+            return CKM_CDMF_CBC_PAD;
+        case CKM_CAST_CBC:
+            return CKM_CAST_CBC_PAD;
+        case CKM_CAST3_CBC:
+            return CKM_CAST3_CBC_PAD;
+        case CKM_CAST5_CBC:
+            return CKM_CAST5_CBC_PAD;
+        case CKM_RC5_CBC:
+            return CKM_RC5_CBC_PAD;
+        case CKM_IDEA_CBC:
+            return CKM_IDEA_CBC_PAD;
+        default:
+            break;
+    }
+
+    return type;
+}
+
+static PRBool
+pk11_isAllZero(unsigned char *data, int len)
+{
+    while (len--) {
+        if (*data++) {
+            return PR_FALSE;
+        }
+    }
+    return PR_TRUE;
+}
+
+CK_RV
+PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
+                                      CK_MECHANISM_PTR pCryptoMechanism,
+                                      SECItem *pbe_pwd, PRBool faulty3DES)
+{
+    int iv_len = 0;
+    CK_PBE_PARAMS_PTR pPBEparams;
+    CK_RC2_CBC_PARAMS_PTR rc2_params;
+    CK_ULONG rc2_key_len;
+
+    if ((pPBEMechanism == CK_NULL_PTR) || (pCryptoMechanism == CK_NULL_PTR)) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /* pkcs5 v2 cannot be supported by this interface.
+     * use PK11_GetPBECryptoMechanism instead.
+     */
+    if ((pPBEMechanism->mechanism == CKM_INVALID_MECHANISM) ||
+        (pPBEMechanism->mechanism == CKM_PKCS5_PBKD2)) {
+        return CKR_MECHANISM_INVALID;
+    }
+
+    pPBEparams = (CK_PBE_PARAMS_PTR)pPBEMechanism->pParameter;
+    iv_len = PK11_GetIVLength(pPBEMechanism->mechanism);
+
+    if (iv_len) {
+        if (pk11_isAllZero(pPBEparams->pInitVector, iv_len)) {
+            SECItem param;
+            PK11SymKey *symKey;
+            PK11SlotInfo *intSlot = PK11_GetInternalSlot();
+
+            if (intSlot == NULL) {
+                return CKR_DEVICE_ERROR;
+            }
+
+            param.data = pPBEMechanism->pParameter;
+            param.len = pPBEMechanism->ulParameterLen;
+
+            symKey = PK11_RawPBEKeyGen(intSlot,
+                                       pPBEMechanism->mechanism, &param, pbe_pwd, faulty3DES, NULL);
+            PK11_FreeSlot(intSlot);
+            if (symKey == NULL) {
+                return CKR_DEVICE_ERROR; /* sigh */
+            }
+            PK11_FreeSymKey(symKey);
+        }
+    }
+
+    switch (pPBEMechanism->mechanism) {
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PBE_MD5_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
+            pCryptoMechanism->mechanism = CKM_DES_CBC;
+            goto have_crypto_mechanism;
+        case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+            pCryptoMechanism->mechanism = CKM_DES3_CBC;
+        have_crypto_mechanism:
+            pCryptoMechanism->pParameter = PORT_Alloc(iv_len);
+            pCryptoMechanism->ulParameterLen = (CK_ULONG)iv_len;
+            if (pCryptoMechanism->pParameter == NULL) {
+                return CKR_HOST_MEMORY;
+            }
+            PORT_Memcpy((unsigned char *)(pCryptoMechanism->pParameter),
+                        (unsigned char *)(pPBEparams->pInitVector),
+                        iv_len);
+            break;
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
+        case CKM_PBE_SHA1_RC4_40:
+        case CKM_PBE_SHA1_RC4_128:
+            pCryptoMechanism->mechanism = CKM_RC4;
+            pCryptoMechanism->ulParameterLen = 0;
+            pCryptoMechanism->pParameter = CK_NULL_PTR;
+            break;
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+            rc2_key_len = 40;
+            goto have_key_len;
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
+            rc2_key_len = 128;
+        have_key_len:
+            pCryptoMechanism->mechanism = CKM_RC2_CBC;
+            pCryptoMechanism->ulParameterLen = (CK_ULONG)sizeof(CK_RC2_CBC_PARAMS);
+            pCryptoMechanism->pParameter = (CK_RC2_CBC_PARAMS_PTR)
+                PORT_ZAlloc(sizeof(CK_RC2_CBC_PARAMS));
+            if (pCryptoMechanism->pParameter == NULL) {
+                return CKR_HOST_MEMORY;
+            }
+            rc2_params = (CK_RC2_CBC_PARAMS_PTR)pCryptoMechanism->pParameter;
+            PORT_Memcpy((unsigned char *)rc2_params->iv,
+                        (unsigned char *)pPBEparams->pInitVector,
+                        iv_len);
+            rc2_params->ulEffectiveBits = rc2_key_len;
+            break;
+        default:
+            return CKR_MECHANISM_INVALID;
+    }
+
+    return CKR_OK;
+}
+
+/* Make a Key type to an appropriate signing/verification mechanism */
+CK_MECHANISM_TYPE
+PK11_MapSignKeyType(KeyType keyType)
+{
+    switch (keyType) {
+        case rsaKey:
+            return CKM_RSA_PKCS;
+        case fortezzaKey:
+        case dsaKey:
+            return CKM_DSA;
+        case ecKey:
+            return CKM_ECDSA;
+        case dhKey:
+        default:
+            break;
+    }
+    return CKM_INVALID_MECHANISM;
+}
+
+CK_MECHANISM_TYPE
+pk11_mapWrapKeyType(KeyType keyType)
+{
+    switch (keyType) {
+        case rsaKey:
+            return CKM_RSA_PKCS;
+        /* Add fortezza?? */
+        default:
+            break;
+    }
+    return CKM_INVALID_MECHANISM;
+}
+
+SECOidTag
+PK11_FortezzaMapSig(SECOidTag algTag)
+{
+    switch (algTag) {
+        case SEC_OID_MISSI_KEA_DSS:
+        case SEC_OID_MISSI_DSS:
+        case SEC_OID_MISSI_DSS_OLD:
+        case SEC_OID_MISSI_KEA_DSS_OLD:
+        case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+            return SEC_OID_ANSIX9_DSA_SIGNATURE;
+        default:
+            break;
+    }
+    return algTag;
+}
diff --git a/nss/lib/pk11wrap/pk11merge.c b/nss/lib/pk11wrap/pk11merge.c
new file mode 100644
index 0000000..8c4c512
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11merge.c
@@ -0,0 +1,1432 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Merge the source token into the target token.
+ */
+
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pk11pub.h"
+#include "pk11priv.h"
+#include "pkcs11.h"
+#include "seccomon.h"
+#include "secerr.h"
+#include "keyhi.h"
+#include "hasht.h"
+#include "cert.h"
+#include "certdb.h"
+
+/*************************************************************************
+ *
+ *             short utilities to aid in the merge
+ *
+ *************************************************************************/
+
+/*
+ * write a bunch of attributes out to an existing object.
+ */
+static SECStatus
+pk11_setAttributes(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                   CK_ATTRIBUTE *setTemplate, CK_ULONG setTemplCount)
+{
+    CK_RV crv;
+    CK_SESSION_HANDLE rwsession;
+
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, id,
+                                                 setTemplate, setTemplCount);
+    PK11_RestoreROSession(slot, rwsession);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * copy a template of attributes from a source object to a target object.
+ * if target object is not given, create it.
+ */
+static SECStatus
+pk11_copyAttributes(PLArenaPool *arena,
+                    PK11SlotInfo *targetSlot, CK_OBJECT_HANDLE targetID,
+                    PK11SlotInfo *sourceSlot, CK_OBJECT_HANDLE sourceID,
+                    CK_ATTRIBUTE *copyTemplate, CK_ULONG copyTemplateCount)
+{
+    SECStatus rv;
+    CK_ATTRIBUTE *newTemplate = NULL;
+    CK_RV crv;
+
+    crv = PK11_GetAttributes(arena, sourceSlot, sourceID,
+                             copyTemplate, copyTemplateCount);
+    /* if we have missing attributes, just skip them and create the object */
+    if (crv == CKR_ATTRIBUTE_TYPE_INVALID) {
+        int i, j;
+        newTemplate = PORT_NewArray(CK_ATTRIBUTE, copyTemplateCount);
+        /* remove the unknown attributes. If we don't have enough attributes
+	 * PK11_CreateNewObject() will fail */
+        for (i = 0, j = 0; i < copyTemplateCount; i++) {
+            if (copyTemplate[i].ulValueLen != -1) {
+                newTemplate[j] = copyTemplate[i];
+                j++;
+            }
+        }
+        copyTemplate = newTemplate;
+        copyTemplateCount = j;
+        crv = PK11_GetAttributes(arena, sourceSlot, sourceID,
+                                 copyTemplate, copyTemplateCount);
+    }
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    if (targetID == CK_INVALID_HANDLE) {
+        /* we need to create the object */
+        rv = PK11_CreateNewObject(targetSlot, CK_INVALID_SESSION,
+                                  copyTemplate, copyTemplateCount, PR_TRUE, &targetID);
+    } else {
+        /* update the existing object with the new attributes */
+        rv = pk11_setAttributes(targetSlot, targetID,
+                                copyTemplate, copyTemplateCount);
+    }
+    if (newTemplate) {
+        free(newTemplate);
+    }
+    return rv;
+}
+
+/*
+ * look for a matching object across tokens.
+ */
+static SECStatus
+pk11_matchAcrossTokens(PLArenaPool *arena, PK11SlotInfo *targetSlot,
+                       PK11SlotInfo *sourceSlot,
+                       CK_ATTRIBUTE *template, CK_ULONG tsize,
+                       CK_OBJECT_HANDLE id, CK_OBJECT_HANDLE *peer)
+{
+
+    CK_RV crv;
+    *peer = CK_INVALID_HANDLE;
+
+    crv = PK11_GetAttributes(arena, sourceSlot, id, template, tsize);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    if (template[0].ulValueLen == -1) {
+        crv = CKR_ATTRIBUTE_TYPE_INVALID;
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    *peer = pk11_FindObjectByTemplate(targetSlot, template, tsize);
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+
+/*
+ * Encrypt using key and parameters
+ */
+SECStatus
+pk11_encrypt(PK11SymKey *symKey, CK_MECHANISM_TYPE mechType, SECItem *param,
+             SECItem *input, SECItem **output)
+{
+    PK11Context *ctxt = NULL;
+    SECStatus rv = SECSuccess;
+
+    if (*output) {
+        SECITEM_FreeItem(*output, PR_TRUE);
+    }
+    *output = SECITEM_AllocItem(NULL, NULL, input->len + 20 /*slop*/);
+    if (!*output) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    ctxt = PK11_CreateContextBySymKey(mechType, CKA_ENCRYPT, symKey, param);
+    if (ctxt == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    rv = PK11_CipherOp(ctxt, (*output)->data,
+                       (int *)&((*output)->len),
+                       (*output)->len, input->data, input->len);
+
+done:
+    if (ctxt) {
+        PK11_Finalize(ctxt);
+        PK11_DestroyContext(ctxt, PR_TRUE);
+    }
+    if (rv != SECSuccess) {
+        if (*output) {
+            SECITEM_FreeItem(*output, PR_TRUE);
+            *output = NULL;
+        }
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            Private Keys
+ *
+ *************************************************************************/
+
+/*
+ * Fetch the key usage based on the pkcs #11 flags
+ */
+unsigned int
+pk11_getPrivateKeyUsage(PK11SlotInfo *slot, CK_OBJECT_HANDLE id)
+{
+    unsigned int usage = 0;
+
+    if ((PK11_HasAttributeSet(slot, id, CKA_UNWRAP, PR_FALSE) ||
+         PK11_HasAttributeSet(slot, id, CKA_DECRYPT, PR_FALSE))) {
+        usage |= KU_KEY_ENCIPHERMENT;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
+        usage |= KU_KEY_AGREEMENT;
+    }
+    if ((PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE) ||
+         PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE))) {
+        usage |= KU_DIGITAL_SIGNATURE;
+    }
+    return usage;
+}
+
+/*
+ * merge a private key,
+ *
+ * Private keys are merged using PBE wrapped keys with a random
+ * value as the 'password'. Once the base key is moved, The remaining
+ * attributes (SUBJECT) is copied.
+ */
+static SECStatus
+pk11_mergePrivateKey(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                     CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+    SECKEYPrivateKey *sourceKey = NULL;
+    CK_OBJECT_HANDLE targetKeyID;
+    SECKEYEncryptedPrivateKeyInfo *epki = NULL;
+    char *nickname = NULL;
+    SECItem nickItem;
+    SECItem pwitem;
+    SECItem publicValue;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    unsigned int keyUsage;
+    unsigned char randomData[SHA1_LENGTH];
+    SECOidTag algTag = SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
+    CK_ATTRIBUTE privTemplate[] = {
+        { CKA_ID, NULL, 0 },
+        { CKA_CLASS, NULL, 0 }
+    };
+    CK_ULONG privTemplateCount = sizeof(privTemplate) / sizeof(privTemplate[0]);
+    CK_ATTRIBUTE privCopyTemplate[] = {
+        { CKA_SUBJECT, NULL, 0 }
+    };
+    CK_ULONG privCopyTemplateCount =
+        sizeof(privCopyTemplate) / sizeof(privCopyTemplate[0]);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* check to see if the key is already in the target slot */
+    rv = pk11_matchAcrossTokens(arena, targetSlot, sourceSlot, privTemplate,
+                                privTemplateCount, id, &targetKeyID);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    if (targetKeyID != CK_INVALID_HANDLE) {
+        /* match found,  not an error ... */
+        goto done;
+    }
+
+    /* get an NSS representation of our source key */
+    sourceKey = PK11_MakePrivKey(sourceSlot, nullKey, PR_FALSE,
+                                 id, sourcePwArg);
+    if (sourceKey == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* Load the private key */
+    /* generate a random pwitem */
+    rv = PK11_GenerateRandom(randomData, sizeof(randomData));
+    if (rv != SECSuccess) {
+        goto done;
+    }
+    pwitem.data = randomData;
+    pwitem.len = sizeof(randomData);
+    /* fetch the private key encrypted */
+    epki = PK11_ExportEncryptedPrivKeyInfo(sourceSlot, algTag, &pwitem,
+                                           sourceKey, 1, sourcePwArg);
+    if (epki == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+    nickname = PK11_GetObjectNickname(sourceSlot, id);
+    /* NULL nickanme is fine (in fact is often normal) */
+    if (nickname) {
+        nickItem.data = (unsigned char *)nickname;
+        nickItem.len = PORT_Strlen(nickname);
+    }
+    keyUsage = pk11_getPrivateKeyUsage(sourceSlot, id);
+    /* pass in the CKA_ID */
+    publicValue.data = privTemplate[0].pValue;
+    publicValue.len = privTemplate[0].ulValueLen;
+    rv = PK11_ImportEncryptedPrivateKeyInfo(targetSlot, epki, &pwitem,
+                                            nickname ? &nickItem : NULL, &publicValue,
+                                            PR_TRUE, PR_TRUE, sourceKey->keyType, keyUsage,
+                                            targetPwArg);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /* make sure it made it */
+    rv = pk11_matchAcrossTokens(arena, targetSlot, sourceSlot, privTemplate,
+                                privTemplateCount, id, &targetKeyID);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    if (targetKeyID == CK_INVALID_HANDLE) {
+        /* this time the key should exist */
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* fill in remaining attributes */
+    rv = pk11_copyAttributes(arena, targetSlot, targetKeyID, sourceSlot, id,
+                             privCopyTemplate, privCopyTemplateCount);
+done:
+    /* make sure the 'key' is cleared */
+    PORT_Memset(randomData, 0, sizeof(randomData));
+    if (nickname) {
+        PORT_Free(nickname);
+    }
+    if (sourceKey) {
+        SECKEY_DestroyPrivateKey(sourceKey);
+    }
+    if (epki) {
+        SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            Secret Keys
+ *
+ *************************************************************************/
+
+/*
+ * we need to find a unique CKA_ID.
+ *  The basic idea is to just increment the lowest byte.
+ *  This code also handles the following corner cases:
+ *   1) the single byte overflows. On overflow we increment the next byte up
+ *    and so forth until we have overflowed the entire CKA_ID.
+ *   2) If we overflow the entire CKA_ID we expand it by one byte.
+ *   3) the CKA_ID is non-existent, we create a new one with one byte.
+ *    This means no matter what CKA_ID is passed, the result of this function
+ *    is always a new CKA_ID, and this function will never return the same
+ *    CKA_ID the it has returned in the passed.
+ */
+static SECStatus
+pk11_incrementID(PLArenaPool *arena, CK_ATTRIBUTE *ptemplate)
+{
+    unsigned char *buf = ptemplate->pValue;
+    CK_ULONG len = ptemplate->ulValueLen;
+
+    if (buf == NULL || len == (CK_ULONG)-1) {
+        /* we have no valid CKAID, we'll create a basic one byte CKA_ID below */
+        len = 0;
+    } else {
+        CK_ULONG i;
+
+        /* walk from the back to front, incrementing
+         * the CKA_ID until we no longer have a carry,
+         * or have hit the front of the id. */
+        for (i = len; i != 0; i--) {
+            buf[i - 1]++;
+            if (buf[i - 1] != 0) {
+                /* no more carries, the increment is complete */
+                return SECSuccess;
+            }
+        }
+        /* we've now overflowed, fall through and expand the CKA_ID by
+         * one byte */
+    }
+    /* if we are here we've run the counter to zero (indicating an overflow).
+     * create an CKA_ID that is all zeros, but has one more zero than
+     * the previous CKA_ID */
+    buf = PORT_ArenaZAlloc(arena, len + 1);
+    if (buf == NULL) {
+        return SECFailure;
+    }
+    ptemplate->pValue = buf;
+    ptemplate->ulValueLen = len + 1;
+    return SECSuccess;
+}
+
+static CK_FLAGS
+pk11_getSecretKeyFlags(PK11SlotInfo *slot, CK_OBJECT_HANDLE id)
+{
+    CK_FLAGS flags = 0;
+
+    if (PK11_HasAttributeSet(slot, id, CKA_UNWRAP, PR_FALSE)) {
+        flags |= CKF_UNWRAP;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_WRAP, PR_FALSE)) {
+        flags |= CKF_WRAP;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_ENCRYPT, PR_FALSE)) {
+        flags |= CKF_ENCRYPT;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_DECRYPT, PR_FALSE)) {
+        flags |= CKF_DECRYPT;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_DERIVE, PR_FALSE)) {
+        flags |= CKF_DERIVE;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_SIGN, PR_FALSE)) {
+        flags |= CKF_SIGN;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_SIGN_RECOVER, PR_FALSE)) {
+        flags |= CKF_SIGN_RECOVER;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_VERIFY, PR_FALSE)) {
+        flags |= CKF_VERIFY;
+    }
+    if (PK11_HasAttributeSet(slot, id, CKA_VERIFY_RECOVER, PR_FALSE)) {
+        flags |= CKF_VERIFY_RECOVER;
+    }
+    return flags;
+}
+
+static const char testString[] =
+    "My Encrytion Test Data (should be at least 32 bytes long)";
+/*
+ * merge a secret key,
+ *
+ * Secret keys may collide by CKA_ID as we merge 2 token. If we collide
+ * on the CKA_ID, we need to make sure we are dealing with different keys.
+ * The reason for this is it is possible that we've merged this database
+ * before, and this key could have been merged already.  If the keys are
+ * the same, we are done. If they are not, we need to update the CKA_ID of
+ * the source key and try again.
+ *
+ * Once we know we have a unique key to merge in, we use NSS's underlying
+ * key Move function which will do a key exchange if necessary to move
+ * the key from one token to another. Then we set the CKA_ID and additional
+ * pkcs #11 attributes.
+ */
+static SECStatus
+pk11_mergeSecretKey(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                    CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+    PK11SymKey *sourceKey = NULL;
+    PK11SymKey *targetKey = NULL;
+    SECItem *sourceOutput = NULL;
+    SECItem *targetOutput = NULL;
+    SECItem *param = NULL;
+    int blockSize;
+    SECItem input;
+    CK_OBJECT_HANDLE targetKeyID;
+    CK_FLAGS flags;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    CK_MECHANISM_TYPE keyMechType, cryptoMechType;
+    CK_KEY_TYPE sourceKeyType, targetKeyType;
+    CK_ATTRIBUTE symTemplate[] = {
+        { CKA_ID, NULL, 0 },
+        { CKA_CLASS, NULL, 0 }
+    };
+    CK_ULONG symTemplateCount = sizeof(symTemplate) / sizeof(symTemplate[0]);
+    CK_ATTRIBUTE symCopyTemplate[] = {
+        { CKA_LABEL, NULL, 0 }
+    };
+    CK_ULONG symCopyTemplateCount =
+        sizeof(symCopyTemplate) / sizeof(symCopyTemplate[0]);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    sourceKeyType = PK11_ReadULongAttribute(sourceSlot, id, CKA_KEY_TYPE);
+    if (sourceKeyType == (CK_ULONG)-1) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* get the key mechanism */
+    keyMechType = PK11_GetKeyMechanism(sourceKeyType);
+    /* get a mechanism suitable to encryption.
+     * PK11_GetKeyMechanism returns a mechanism that is unique to the key
+     * type. It tries to return encryption/decryption mechanisms, however
+     * CKM_DES3_CBC uses and abmiguous keyType, so keyMechType is returned as
+     * 'keygen' mechanism. Detect that case here */
+    cryptoMechType = keyMechType;
+    if ((keyMechType == CKM_DES3_KEY_GEN) ||
+        (keyMechType == CKM_DES2_KEY_GEN)) {
+        cryptoMechType = CKM_DES3_CBC;
+    }
+
+    sourceKey = PK11_SymKeyFromHandle(sourceSlot, NULL, PK11_OriginDerive,
+                                      keyMechType, id, PR_FALSE, sourcePwArg);
+    if (sourceKey == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* check to see a key with the same CKA_ID  already exists in
+     * the target slot. If it does, then we need to verify if the keys
+     * really matches. If they don't import the key with a new CKA_ID
+     * value. */
+    rv = pk11_matchAcrossTokens(arena, targetSlot, sourceSlot,
+                                symTemplate, symTemplateCount, id, &targetKeyID);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /* set up the input test */
+    input.data = (unsigned char *)testString;
+    blockSize = PK11_GetBlockSize(cryptoMechType, NULL);
+    if (blockSize < 0) {
+        rv = SECFailure;
+        goto done;
+    }
+    input.len = blockSize;
+    if (input.len == 0) {
+        input.len = sizeof(testString);
+    }
+    while (targetKeyID != CK_INVALID_HANDLE) {
+        /* test to see if the keys are identical */
+        targetKeyType = PK11_ReadULongAttribute(sourceSlot, id, CKA_KEY_TYPE);
+        if (targetKeyType == sourceKeyType) {
+            /* same keyType  - see if it's the same key */
+            targetKey = PK11_SymKeyFromHandle(targetSlot, NULL,
+                                              PK11_OriginDerive, keyMechType, targetKeyID, PR_FALSE,
+                                              targetPwArg);
+            /* get a parameter if we don't already have one */
+            if (!param) {
+                param = PK11_GenerateNewParam(cryptoMechType, sourceKey);
+                if (param == NULL) {
+                    rv = SECFailure;
+                    goto done;
+                }
+            }
+            /* use the source key to encrypt a reference */
+            if (!sourceOutput) {
+                rv = pk11_encrypt(sourceKey, cryptoMechType, param, &input,
+                                  &sourceOutput);
+                if (rv != SECSuccess) {
+                    goto done;
+                }
+            }
+            /* encrypt the reference with the target key */
+            rv = pk11_encrypt(targetKey, cryptoMechType, param, &input,
+                              &targetOutput);
+            if (rv == SECSuccess) {
+                if (SECITEM_ItemsAreEqual(sourceOutput, targetOutput)) {
+                    /* they produce the same output, they must be the
+                     * same key */
+                    goto done;
+                }
+                SECITEM_FreeItem(targetOutput, PR_TRUE);
+                targetOutput = NULL;
+            }
+            PK11_FreeSymKey(targetKey);
+            targetKey = NULL;
+        }
+        /* keys aren't equal, update the KEY_ID and look again */
+        rv = pk11_incrementID(arena, &symTemplate[0]);
+        if (rv != SECSuccess) {
+            goto done;
+        }
+        targetKeyID = pk11_FindObjectByTemplate(targetSlot,
+                                                symTemplate, symTemplateCount);
+    }
+
+    /* we didn't find a matching key, import this one with the new
+     * CKAID */
+    flags = pk11_getSecretKeyFlags(sourceSlot, id);
+    targetKey = PK11_MoveSymKey(targetSlot, PK11_OriginDerive, flags, PR_TRUE,
+                                sourceKey);
+    if (targetKey == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+    /* set the key new CKAID */
+    rv = pk11_setAttributes(targetSlot, targetKey->objectID, symTemplate, 1);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /* fill in remaining attributes */
+    rv = pk11_copyAttributes(arena, targetSlot, targetKey->objectID,
+                             sourceSlot, id, symCopyTemplate, symCopyTemplateCount);
+done:
+    if (sourceKey) {
+        PK11_FreeSymKey(sourceKey);
+    }
+    if (targetKey) {
+        PK11_FreeSymKey(targetKey);
+    }
+    if (sourceOutput) {
+        SECITEM_FreeItem(sourceOutput, PR_TRUE);
+    }
+    if (targetOutput) {
+        SECITEM_FreeItem(targetOutput, PR_TRUE);
+    }
+    if (param) {
+        SECITEM_FreeItem(param, PR_TRUE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            Public Keys
+ *
+ *************************************************************************/
+
+/*
+ * Merge public key
+ *
+ * Use the high level NSS calls to extract the public key and import it
+ * into the token. Extra attributes are then copied to the new token.
+ */
+static SECStatus
+pk11_mergePublicKey(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                    CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+    SECKEYPublicKey *sourceKey = NULL;
+    CK_OBJECT_HANDLE targetKeyID;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    CK_ATTRIBUTE pubTemplate[] = {
+        { CKA_ID, NULL, 0 },
+        { CKA_CLASS, NULL, 0 }
+    };
+    CK_ULONG pubTemplateCount = sizeof(pubTemplate) / sizeof(pubTemplate[0]);
+    CK_ATTRIBUTE pubCopyTemplate[] = {
+        { CKA_ID, NULL, 0 },
+        { CKA_LABEL, NULL, 0 },
+        { CKA_SUBJECT, NULL, 0 }
+    };
+    CK_ULONG pubCopyTemplateCount =
+        sizeof(pubCopyTemplate) / sizeof(pubCopyTemplate[0]);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* check to see if the key is already in the target slot */
+    rv = pk11_matchAcrossTokens(arena, targetSlot, sourceSlot, pubTemplate,
+                                pubTemplateCount, id, &targetKeyID);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /* Key is already in the target slot */
+    if (targetKeyID != CK_INVALID_HANDLE) {
+        /* not an error ... */
+        goto done;
+    }
+
+    /* fetch an NSS representation of the public key */
+    sourceKey = PK11_ExtractPublicKey(sourceSlot, nullKey, id);
+    if (sourceKey == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* load the public key into the target token. */
+    targetKeyID = PK11_ImportPublicKey(targetSlot, sourceKey, PR_TRUE);
+    if (targetKeyID == CK_INVALID_HANDLE) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* fill in remaining attributes */
+    rv = pk11_copyAttributes(arena, targetSlot, targetKeyID, sourceSlot, id,
+                             pubCopyTemplate, pubCopyTemplateCount);
+
+done:
+    if (sourceKey) {
+        SECKEY_DestroyPublicKey(sourceKey);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            Certificates
+ *
+ *************************************************************************/
+
+/*
+ * Two copies of the source code for this algorithm exist in NSS.
+ * Changes must be made in both copies.
+ * The other copy is in sftkdb_resolveConflicts() in softoken/sftkdb.c.
+ */
+static char *
+pk11_IncrementNickname(char *nickname)
+{
+    char *newNickname = NULL;
+    int end;
+    int digit;
+    int len = strlen(nickname);
+
+    /* does nickname end with " #n*" ? */
+    for (end = len - 1;
+         end >= 2 && (digit = nickname[end]) <= '9' && digit >= '0';
+         end--) /* just scan */
+        ;
+    if (len >= 3 &&
+        end < (len - 1) /* at least one digit */ &&
+        nickname[end] == '#' &&
+        nickname[end - 1] == ' ') {
+        /* Already has a suitable suffix string */
+    } else {
+        /* ... append " #2" to the name */
+        static const char num2[] = " #2";
+        newNickname = PORT_Realloc(nickname, len + sizeof(num2));
+        if (newNickname) {
+            PORT_Strcat(newNickname, num2);
+        } else {
+            PORT_Free(nickname);
+        }
+        return newNickname;
+    }
+
+    for (end = len - 1;
+         end >= 0 && (digit = nickname[end]) <= '9' && digit >= '0';
+         end--) {
+        if (digit < '9') {
+            nickname[end]++;
+            return nickname;
+        }
+        nickname[end] = '0';
+    }
+
+    /* we overflowed, insert a new '1' for a carry in front of the number */
+    newNickname = PORT_Realloc(nickname, len + 2);
+    if (newNickname) {
+        newNickname[++end] = '1';
+        PORT_Memset(&newNickname[end + 1], '0', len - end);
+        newNickname[len + 1] = 0;
+    } else {
+        PORT_Free(nickname);
+    }
+    return newNickname;
+}
+
+/*
+ * merge a certificate object
+ *
+ * Use the high level NSS calls to extract and import the certificate.
+ */
+static SECStatus
+pk11_mergeCert(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+               CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+    CERTCertificate *sourceCert = NULL;
+    CK_OBJECT_HANDLE targetCertID = CK_INVALID_HANDLE;
+    char *nickname = NULL;
+    SECStatus rv = SECSuccess;
+    PLArenaPool *arena = NULL;
+    CK_ATTRIBUTE sourceCKAID = { CKA_ID, NULL, 0 };
+    CK_ATTRIBUTE targetCKAID = { CKA_ID, NULL, 0 };
+    SECStatus lrv = SECSuccess;
+    int error = SEC_ERROR_LIBRARY_FAILURE;
+
+    sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL);
+    if (sourceCert == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    nickname = PK11_GetObjectNickname(sourceSlot, id);
+
+    /* The database code will prevent nickname collisions for certs with
+     * different subjects. This code will prevent us from getting
+     * actual import errors */
+    if (nickname) {
+        const char *tokenName = PK11_GetTokenName(targetSlot);
+        char *tokenNickname = NULL;
+
+        do {
+            tokenNickname = PR_smprintf("%s:%s", tokenName, nickname);
+            if (!tokenNickname) {
+                break;
+            }
+            if (!SEC_CertNicknameConflict(tokenNickname,
+                                          &sourceCert->derSubject, CERT_GetDefaultCertDB())) {
+                break;
+            }
+            nickname = pk11_IncrementNickname(nickname);
+            if (!nickname) {
+                break;
+            }
+            PR_smprintf_free(tokenNickname);
+        } while (1);
+        if (tokenNickname) {
+            PR_smprintf_free(tokenNickname);
+        }
+    }
+
+    /* see if the cert is already there */
+    targetCertID = PK11_FindCertInSlot(targetSlot, sourceCert, targetPwArg);
+    if (targetCertID == CK_INVALID_HANDLE) {
+        /* cert doesn't exist load the cert in. */
+        /* OK for the nickname to be NULL, not all certs have nicknames */
+        rv = PK11_ImportCert(targetSlot, sourceCert, CK_INVALID_HANDLE,
+                             nickname, PR_FALSE);
+        goto done;
+    }
+
+    /* the cert already exists, see if the nickname and/or  CKA_ID need
+     * to be updated */
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* does our source have a CKA_ID ? */
+    rv = PK11_GetAttributes(arena, sourceSlot, id, &sourceCKAID, 1);
+    if (rv != SECSuccess) {
+        sourceCKAID.ulValueLen = 0;
+    }
+
+    /* if we have a source CKA_ID, see of we need to update the
+     * target's CKA_ID */
+    if (sourceCKAID.ulValueLen != 0) {
+        rv = PK11_GetAttributes(arena, targetSlot, targetCertID,
+                                &targetCKAID, 1);
+        if (rv != SECSuccess) {
+            targetCKAID.ulValueLen = 0;
+        }
+        /* if the target has no CKA_ID, update it from the source */
+        if (targetCKAID.ulValueLen == 0) {
+            lrv = pk11_setAttributes(targetSlot, targetCertID, &sourceCKAID, 1);
+            if (lrv != SECSuccess) {
+                error = PORT_GetError();
+            }
+        }
+    }
+    rv = SECSuccess;
+
+    /* now check if we need to update the nickname */
+    if (nickname && *nickname) {
+        char *targetname;
+        targetname = PK11_GetObjectNickname(targetSlot, targetCertID);
+        if (!targetname || !*targetname) {
+            /* target has no nickname, or it's empty, update it */
+            rv = PK11_SetObjectNickname(targetSlot, targetCertID, nickname);
+        }
+        if (targetname) {
+            PORT_Free(targetname);
+        }
+    }
+
+    /* restore the error code if CKA_ID failed, but nickname didn't */
+    if ((rv == SECSuccess) && (lrv != SECSuccess)) {
+        rv = lrv;
+        PORT_SetError(error);
+    }
+
+done:
+    if (nickname) {
+        PORT_Free(nickname);
+    }
+    if (sourceCert) {
+        CERT_DestroyCertificate(sourceCert);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            Crls
+ *
+ *************************************************************************/
+
+/*
+ * Use the raw PKCS #11 interface to merge the CRLs.
+ *
+ * In the case where of collision, choose the newest CRL that is valid.
+ */
+static SECStatus
+pk11_mergeCrl(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+              CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+    CK_OBJECT_HANDLE targetCrlID;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    CK_ATTRIBUTE crlTemplate[] = {
+        { CKA_SUBJECT, NULL, 0 },
+        { CKA_CLASS, NULL, 0 },
+        { CKA_NSS_KRL, NULL, 0 }
+    };
+    CK_ULONG crlTemplateCount = sizeof(crlTemplate) / sizeof(crlTemplate[0]);
+    CK_ATTRIBUTE crlCopyTemplate[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_LABEL, NULL, 0 },
+        { CKA_PRIVATE, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+        { CKA_SUBJECT, NULL, 0 },
+        { CKA_NSS_KRL, NULL, 0 },
+        { CKA_NSS_URL, NULL, 0 },
+        { CKA_VALUE, NULL, 0 }
+    };
+    CK_ULONG crlCopyTemplateCount =
+        sizeof(crlCopyTemplate) / sizeof(crlCopyTemplate[0]);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+    /* check to see if the crl is already in the target slot */
+    rv = pk11_matchAcrossTokens(arena, targetSlot, sourceSlot, crlTemplate,
+                                crlTemplateCount, id, &targetCrlID);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+    if (targetCrlID != CK_INVALID_HANDLE) {
+        /* we already have a CRL, check to see which is more up-to-date. */
+        goto done;
+    }
+
+    /* load the CRL into the target token. */
+    rv = pk11_copyAttributes(arena, targetSlot, targetCrlID, sourceSlot, id,
+                             crlCopyTemplate, crlCopyTemplateCount);
+done:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            SMIME objects
+ *
+ *************************************************************************/
+
+/*
+ * use the raw PKCS #11 interface to merge the S/MIME records
+ */
+static SECStatus
+pk11_mergeSmime(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+    CK_OBJECT_HANDLE targetSmimeID;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    CK_ATTRIBUTE smimeTemplate[] = {
+        { CKA_SUBJECT, NULL, 0 },
+        { CKA_NSS_EMAIL, NULL, 0 },
+        { CKA_CLASS, NULL, 0 },
+    };
+    CK_ULONG smimeTemplateCount =
+        sizeof(smimeTemplate) / sizeof(smimeTemplate[0]);
+    CK_ATTRIBUTE smimeCopyTemplate[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_LABEL, NULL, 0 },
+        { CKA_PRIVATE, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+        { CKA_SUBJECT, NULL, 0 },
+        { CKA_NSS_EMAIL, NULL, 0 },
+        { CKA_NSS_SMIME_TIMESTAMP, NULL, 0 },
+        { CKA_VALUE, NULL, 0 }
+    };
+    CK_ULONG smimeCopyTemplateCount =
+        sizeof(smimeCopyTemplate) / sizeof(smimeCopyTemplate[0]);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+    /* check to see if the crl is already in the target slot */
+    rv = pk11_matchAcrossTokens(arena, targetSlot, sourceSlot, smimeTemplate,
+                                smimeTemplateCount, id, &targetSmimeID);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+    if (targetSmimeID != CK_INVALID_HANDLE) {
+        /* we already have a SMIME record */
+        goto done;
+    }
+
+    /* load the SMime Record into the target token. */
+    rv = pk11_copyAttributes(arena, targetSlot, targetSmimeID, sourceSlot, id,
+                             smimeCopyTemplate, smimeCopyTemplateCount);
+done:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            Trust Objects
+ *
+ *************************************************************************/
+
+/*
+ * decide which trust record entry wins. PR_TRUE (source) or PR_FALSE (target)
+ */
+#define USE_TARGET PR_FALSE
+#define USE_SOURCE PR_TRUE
+PRBool
+pk11_mergeTrustEntry(CK_ATTRIBUTE *target, CK_ATTRIBUTE *source)
+{
+    CK_ULONG targetTrust = (target->ulValueLen == sizeof(CK_LONG)) ? *(CK_ULONG *)target->pValue
+                                                                   : CKT_NSS_TRUST_UNKNOWN;
+    CK_ULONG sourceTrust = (source->ulValueLen == sizeof(CK_LONG)) ? *(CK_ULONG *)source->pValue
+                                                                   : CKT_NSS_TRUST_UNKNOWN;
+
+    /*
+     * Examine a single entry and deside if the source or target version
+     * should win out. When all the entries have been checked, if there is
+     * any case we need to update, we will write the whole source record
+     * to the target database. That means for each individual record, if the
+     * target wins, we need to update the source (in case later we have a
+     * case where the source wins). If the source wins, it already
+     */
+    if (sourceTrust == targetTrust) {
+        return USE_TARGET; /* which equates to 'do nothing' */
+    }
+
+    if (sourceTrust == CKT_NSS_TRUST_UNKNOWN) {
+        return USE_TARGET;
+    }
+
+    /* target has no idea, use the source's idea of the trust value */
+    if (targetTrust == CKT_NSS_TRUST_UNKNOWN) {
+        /* source overwrites the target */
+        return USE_SOURCE;
+    }
+
+    /* so both the target and the source have some idea of what this
+     * trust attribute should be, and neither agree exactly.
+     * At this point, we prefer 'hard' attributes over 'soft' ones.
+     * 'hard' ones are CKT_NSS_TRUSTED, CKT_NSS_TRUSTED_DELEGATOR, and
+     * CKT_NSS_UNTRUTED. Soft ones are ones which don't change the
+     * actual trust of the cert (CKT_MUST_VERIFY, CKT_NSS_VALID,
+     * CKT_NSS_VALID_DELEGATOR).
+     */
+    if ((sourceTrust == CKT_NSS_MUST_VERIFY_TRUST) ||
+        (sourceTrust == CKT_NSS_VALID_DELEGATOR)) {
+        return USE_TARGET;
+    }
+    if ((targetTrust == CKT_NSS_MUST_VERIFY_TRUST) ||
+        (targetTrust == CKT_NSS_VALID_DELEGATOR)) {
+        /* source overrites the target */
+        return USE_SOURCE;
+    }
+
+    /* both have hard attributes, we have a conflict, let the target win. */
+    return USE_TARGET;
+}
+/*
+ * use the raw PKCS #11 interface to merge the S/MIME records
+ */
+static SECStatus
+pk11_mergeTrust(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+    CK_OBJECT_HANDLE targetTrustID;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECSuccess;
+    int error = 0;
+    CK_ATTRIBUTE trustTemplate[] = {
+        { CKA_ISSUER, NULL, 0 },
+        { CKA_SERIAL_NUMBER, NULL, 0 },
+        { CKA_CLASS, NULL, 0 },
+    };
+    CK_ULONG trustTemplateCount =
+        sizeof(trustTemplate) / sizeof(trustTemplate[0]);
+    CK_ATTRIBUTE trustCopyTemplate[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_LABEL, NULL, 0 },
+        { CKA_PRIVATE, NULL, 0 },
+        { CKA_MODIFIABLE, NULL, 0 },
+        { CKA_ISSUER, NULL, 0 },
+        { CKA_SERIAL_NUMBER, NULL, 0 },
+        { CKA_CERT_SHA1_HASH, NULL, 0 },
+        { CKA_CERT_MD5_HASH, NULL, 0 },
+        { CKA_TRUST_SERVER_AUTH, NULL, 0 },
+        { CKA_TRUST_CLIENT_AUTH, NULL, 0 },
+        { CKA_TRUST_CODE_SIGNING, NULL, 0 },
+        { CKA_TRUST_EMAIL_PROTECTION, NULL, 0 },
+        { CKA_TRUST_STEP_UP_APPROVED, NULL, 0 }
+    };
+    CK_ULONG trustCopyTemplateCount =
+        sizeof(trustCopyTemplate) / sizeof(trustCopyTemplate[0]);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+    /* check to see if the crl is already in the target slot */
+    rv = pk11_matchAcrossTokens(arena, targetSlot, sourceSlot, trustTemplate,
+                                trustTemplateCount, id, &targetTrustID);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+    if (targetTrustID != CK_INVALID_HANDLE) {
+        /* a matching trust record already exists, merge it in */
+        CK_ATTRIBUTE_TYPE trustAttrs[] = {
+            CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH,
+            CKA_TRUST_CODE_SIGNING, CKA_TRUST_EMAIL_PROTECTION,
+            CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER,
+            CKA_TRUST_TIME_STAMPING
+        };
+        CK_ULONG trustAttrsCount =
+            sizeof(trustAttrs) / sizeof(trustAttrs[0]);
+
+        CK_ULONG i;
+        CK_ATTRIBUTE targetTemplate, sourceTemplate;
+
+        /* existing trust record, merge the two together */
+        for (i = 0; i < trustAttrsCount; i++) {
+            targetTemplate.type = sourceTemplate.type = trustAttrs[i];
+            targetTemplate.pValue = sourceTemplate.pValue = NULL;
+            targetTemplate.ulValueLen = sourceTemplate.ulValueLen = 0;
+            PK11_GetAttributes(arena, sourceSlot, id, &sourceTemplate, 1);
+            PK11_GetAttributes(arena, targetSlot, targetTrustID,
+                               &targetTemplate, 1);
+            if (pk11_mergeTrustEntry(&targetTemplate, &sourceTemplate)) {
+                /* source wins, write out the source attribute to the target */
+                SECStatus lrv = pk11_setAttributes(targetSlot, targetTrustID,
+                                                   &sourceTemplate, 1);
+                if (lrv != SECSuccess) {
+                    rv = SECFailure;
+                    error = PORT_GetError();
+                }
+            }
+        }
+
+        /* handle step */
+        sourceTemplate.type = CKA_TRUST_STEP_UP_APPROVED;
+        sourceTemplate.pValue = NULL;
+        sourceTemplate.ulValueLen = 0;
+
+        /* if the source has steup set, then set it in the target */
+        PK11_GetAttributes(arena, sourceSlot, id, &sourceTemplate, 1);
+        if ((sourceTemplate.ulValueLen == sizeof(CK_BBOOL)) &&
+            (sourceTemplate.pValue) &&
+            (*(CK_BBOOL *)sourceTemplate.pValue == CK_TRUE)) {
+            SECStatus lrv = pk11_setAttributes(targetSlot, targetTrustID,
+                                               &sourceTemplate, 1);
+            if (lrv != SECSuccess) {
+                rv = SECFailure;
+                error = PORT_GetError();
+            }
+        }
+
+        goto done;
+    }
+
+    /* load the new trust Record into the target token. */
+    rv = pk11_copyAttributes(arena, targetSlot, targetTrustID, sourceSlot, id,
+                             trustCopyTemplate, trustCopyTemplateCount);
+done:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    /* restore the error code */
+    if (rv == SECFailure && error) {
+        PORT_SetError(error);
+    }
+
+    return rv;
+}
+
+/*************************************************************************
+ *
+ *            Central merge code
+ *
+ *************************************************************************/
+/*
+ * merge a single object from sourceToken to targetToken
+ */
+static SECStatus
+pk11_mergeObject(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                 CK_OBJECT_HANDLE id, void *targetPwArg, void *sourcePwArg)
+{
+
+    CK_OBJECT_CLASS objClass;
+
+    objClass = PK11_ReadULongAttribute(sourceSlot, id, CKA_CLASS);
+    if (objClass == (CK_ULONG)-1) {
+        PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE);
+        return SECFailure;
+    }
+
+    switch (objClass) {
+        case CKO_CERTIFICATE:
+            return pk11_mergeCert(targetSlot, sourceSlot, id,
+                                  targetPwArg, sourcePwArg);
+        case CKO_NSS_TRUST:
+            return pk11_mergeTrust(targetSlot, sourceSlot, id,
+                                   targetPwArg, sourcePwArg);
+        case CKO_PUBLIC_KEY:
+            return pk11_mergePublicKey(targetSlot, sourceSlot, id,
+                                       targetPwArg, sourcePwArg);
+        case CKO_PRIVATE_KEY:
+            return pk11_mergePrivateKey(targetSlot, sourceSlot, id,
+                                        targetPwArg, sourcePwArg);
+        case CKO_SECRET_KEY:
+            return pk11_mergeSecretKey(targetSlot, sourceSlot, id,
+                                       targetPwArg, sourcePwArg);
+        case CKO_NSS_CRL:
+            return pk11_mergeCrl(targetSlot, sourceSlot, id,
+                                 targetPwArg, sourcePwArg);
+        case CKO_NSS_SMIME:
+            return pk11_mergeSmime(targetSlot, sourceSlot, id,
+                                   targetPwArg, sourcePwArg);
+        default:
+            break;
+    }
+
+    PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE);
+    return SECFailure;
+}
+
+PK11MergeLogNode *
+pk11_newMergeLogNode(PLArenaPool *arena,
+                     PK11SlotInfo *slot, CK_OBJECT_HANDLE id, int error)
+{
+    PK11MergeLogNode *newLog;
+    PK11GenericObject *obj;
+
+    newLog = PORT_ArenaZNew(arena, PK11MergeLogNode);
+    if (newLog == NULL) {
+        return NULL;
+    }
+
+    obj = PORT_ArenaZNew(arena, PK11GenericObject);
+    if (!obj) {
+        return NULL;
+    }
+
+    /* initialize it */
+    obj->slot = slot;
+    obj->objectID = id;
+
+    newLog->object = obj;
+    newLog->error = error;
+    return newLog;
+}
+
+/*
+ * walk down each entry and merge it. keep track of the errors in the log
+ */
+static SECStatus
+pk11_mergeByObjectIDs(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                      CK_OBJECT_HANDLE *objectIDs, int count,
+                      PK11MergeLog *log, void *targetPwArg, void *sourcePwArg)
+{
+    SECStatus rv = SECSuccess;
+    int error = SEC_ERROR_LIBRARY_FAILURE;
+    int i;
+
+    for (i = 0; i < count; i++) {
+        /* try to update the entire database. On failure, keep going,
+         * but remember the error to report back to the caller */
+        SECStatus lrv;
+        PK11MergeLogNode *newLog;
+
+        lrv = pk11_mergeObject(targetSlot, sourceSlot, objectIDs[i],
+                               targetPwArg, sourcePwArg);
+        if (lrv == SECSuccess) {
+            /* merged with no problem, go to next object */
+            continue;
+        }
+
+        /* remember that we failed and why */
+        rv = SECFailure;
+        error = PORT_GetError();
+
+        /* log the errors */
+        if (!log) {
+            /* not logging, go to next entry */
+            continue;
+        }
+        newLog = pk11_newMergeLogNode(log->arena, sourceSlot,
+                                      objectIDs[i], error);
+        if (!newLog) {
+            /* failed to allocate entry, just keep going */
+            continue;
+        }
+
+        /* link in the errorlog entry */
+        newLog->next = NULL;
+        if (log->tail) {
+            log->tail->next = newLog;
+        } else {
+            log->head = newLog;
+        }
+        newLog->prev = log->tail;
+        log->tail = newLog;
+    }
+
+    /* restore the last error code */
+    if (rv != SECSuccess) {
+        PORT_SetError(error);
+    }
+    return rv;
+}
+
+/*
+ * Merge all the records in sourceSlot that aren't in targetSlot
+ *
+ *   This function will return failure if not all the objects
+ *   successfully merged.
+ *
+ *   Applications can pass in an optional error log which will record
+ *   each failing object and why it failed to import. PK11MergeLog
+ *   is modelled after the CERTVerifyLog.
+ */
+SECStatus
+PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                 PK11MergeLog *log, void *targetPwArg, void *sourcePwArg)
+{
+    SECStatus rv = SECSuccess, lrv = SECSuccess;
+    int error = SEC_ERROR_LIBRARY_FAILURE;
+    int count = 0;
+    CK_ATTRIBUTE search[2];
+    CK_OBJECT_HANDLE *objectIDs = NULL;
+    CK_BBOOL ck_true = CK_TRUE;
+    CK_OBJECT_CLASS privKey = CKO_PRIVATE_KEY;
+
+    PK11_SETATTRS(&search[0], CKA_TOKEN, &ck_true, sizeof(ck_true));
+    PK11_SETATTRS(&search[1], CKA_CLASS, &privKey, sizeof(privKey));
+    /*
+     * make sure both tokens are already authenticated if need be.
+     */
+    rv = PK11_Authenticate(targetSlot, PR_TRUE, targetPwArg);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = PK11_Authenticate(sourceSlot, PR_TRUE, sourcePwArg);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* turns out the old DB's are rather fragile if the private keys aren't
+     * merged in first, so do the private keys explicity. */
+    objectIDs = pk11_FindObjectsByTemplate(sourceSlot, search, 2, &count);
+    if (objectIDs) {
+        lrv = pk11_mergeByObjectIDs(targetSlot, sourceSlot,
+                                    objectIDs, count, log,
+                                    targetPwArg, sourcePwArg);
+        if (lrv != SECSuccess) {
+            error = PORT_GetError();
+        }
+        PORT_Free(objectIDs);
+        count = 0;
+    }
+
+    /* now do the rest  (NOTE: this will repeat the private keys, but
+     * that shouldnt' be an issue as we will notice they are already
+     * merged in */
+    objectIDs = pk11_FindObjectsByTemplate(sourceSlot, search, 1, &count);
+    if (!objectIDs) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = pk11_mergeByObjectIDs(targetSlot, sourceSlot, objectIDs, count, log,
+                               targetPwArg, sourcePwArg);
+    if (rv == SECSuccess) {
+        /* if private keys failed, but the rest succeeded, be sure to let
+         * the caller know that private keys failed and why.
+         * NOTE: this is highly unlikely since the same keys that failed
+         * in the previous merge call will most likely fail in this one */
+        if (lrv != SECSuccess) {
+            rv = lrv;
+            PORT_SetError(error);
+        }
+    }
+
+loser:
+    if (objectIDs) {
+        PORT_Free(objectIDs);
+    }
+    return rv;
+}
+
+PK11MergeLog *
+PK11_CreateMergeLog(void)
+{
+    PLArenaPool *arena;
+    PK11MergeLog *log;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    log = PORT_ArenaZNew(arena, PK11MergeLog);
+    if (log == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    log->arena = arena;
+    log->version = 1;
+    return log;
+}
+
+void
+PK11_DestroyMergeLog(PK11MergeLog *log)
+{
+    if (log && log->arena) {
+        PORT_FreeArena(log->arena, PR_FALSE);
+    }
+}
diff --git a/nss/lib/pk11wrap/pk11nobj.c b/nss/lib/pk11wrap/pk11nobj.c
new file mode 100644
index 0000000..41d1d96
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11nobj.c
@@ -0,0 +1,791 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file manages Netscape specific PKCS #11 objects (CRLs, Trust objects,
+ * etc).
+ */
+
+#include "secport.h"
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "certi.h"
+#include "secitem.h"
+#include "sechash.h"
+#include "secoid.h"
+
+#include "certdb.h"
+#include "secerr.h"
+
+#include "pki3hack.h"
+#include "dev3hack.h"
+
+#include "devm.h"
+#include "pki.h"
+#include "pkim.h"
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+
+CK_TRUST
+pk11_GetTrustField(PK11SlotInfo *slot, PLArenaPool *arena,
+                   CK_OBJECT_HANDLE id, CK_ATTRIBUTE_TYPE type)
+{
+    CK_TRUST rv = 0;
+    SECItem item;
+
+    item.data = NULL;
+    item.len = 0;
+
+    if (SECSuccess == PK11_ReadAttribute(slot, id, type, arena, &item)) {
+        PORT_Assert(item.len == sizeof(CK_TRUST));
+        PORT_Memcpy(&rv, item.data, sizeof(CK_TRUST));
+        /* Damn, is there an endian problem here? */
+        return rv;
+    }
+
+    return 0;
+}
+
+PRBool
+pk11_HandleTrustObject(PK11SlotInfo *slot, CERTCertificate *cert, CERTCertTrust *trust)
+{
+    PLArenaPool *arena;
+
+    CK_ATTRIBUTE tobjTemplate[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_CERT_SHA1_HASH, NULL, 0 },
+    };
+
+    CK_OBJECT_CLASS tobjc = CKO_NETSCAPE_TRUST;
+    CK_OBJECT_HANDLE tobjID;
+    unsigned char sha1_hash[SHA1_LENGTH];
+
+    CK_TRUST serverAuth, codeSigning, emailProtection, clientAuth;
+
+    PK11_HashBuf(SEC_OID_SHA1, sha1_hash, cert->derCert.data, cert->derCert.len);
+
+    PK11_SETATTRS(&tobjTemplate[0], CKA_CLASS, &tobjc, sizeof(tobjc));
+    PK11_SETATTRS(&tobjTemplate[1], CKA_CERT_SHA1_HASH, sha1_hash,
+                  SHA1_LENGTH);
+
+    tobjID = pk11_FindObjectByTemplate(slot, tobjTemplate,
+                                       sizeof(tobjTemplate) / sizeof(tobjTemplate[0]));
+    if (CK_INVALID_HANDLE == tobjID) {
+        return PR_FALSE;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (NULL == arena)
+        return PR_FALSE;
+
+    /* Unfortunately, it seems that PK11_GetAttributes doesn't deal
+     * well with nonexistent attributes.  I guess we have to check
+     * the trust info fields one at a time.
+     */
+
+    /* We could verify CKA_CERT_HASH here */
+
+    /* We could verify CKA_EXPIRES here */
+
+    /* "Purpose" trust information */
+    serverAuth = pk11_GetTrustField(slot, arena, tobjID, CKA_TRUST_SERVER_AUTH);
+    clientAuth = pk11_GetTrustField(slot, arena, tobjID, CKA_TRUST_CLIENT_AUTH);
+    codeSigning = pk11_GetTrustField(slot, arena, tobjID, CKA_TRUST_CODE_SIGNING);
+    emailProtection = pk11_GetTrustField(slot, arena, tobjID,
+                                         CKA_TRUST_EMAIL_PROTECTION);
+    /* Here's where the fun logic happens.  We have to map back from the
+     * key usage, extended key usage, purpose, and possibly other trust values
+     * into the old trust-flags bits.  */
+
+    /* First implementation: keep it simple for testing.  We can study what other
+     * mappings would be appropriate and add them later.. fgmr 20000724 */
+
+    if (serverAuth == CKT_NSS_TRUSTED) {
+        trust->sslFlags |= CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED;
+    }
+
+    if (serverAuth == CKT_NSS_TRUSTED_DELEGATOR) {
+        trust->sslFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA |
+                           CERTDB_NS_TRUSTED_CA;
+    }
+    if (clientAuth == CKT_NSS_TRUSTED_DELEGATOR) {
+        trust->sslFlags |= CERTDB_TRUSTED_CLIENT_CA;
+    }
+
+    if (emailProtection == CKT_NSS_TRUSTED) {
+        trust->emailFlags |= CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED;
+    }
+
+    if (emailProtection == CKT_NSS_TRUSTED_DELEGATOR) {
+        trust->emailFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA;
+    }
+
+    if (codeSigning == CKT_NSS_TRUSTED) {
+        trust->objectSigningFlags |= CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED;
+    }
+
+    if (codeSigning == CKT_NSS_TRUSTED_DELEGATOR) {
+        trust->objectSigningFlags |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA;
+    }
+
+    /* There's certainly a lot more logic that can go here.. */
+
+    PORT_FreeArena(arena, PR_FALSE);
+
+    return PR_TRUE;
+}
+
+static SECStatus
+pk11_CollectCrls(PK11SlotInfo *slot, CK_OBJECT_HANDLE crlID, void *arg)
+{
+    SECItem derCrl;
+    CERTCrlHeadNode *head = (CERTCrlHeadNode *)arg;
+    CERTCrlNode *new_node = NULL;
+    CK_ATTRIBUTE fetchCrl[3] = {
+        { CKA_VALUE, NULL, 0 },
+        { CKA_NETSCAPE_KRL, NULL, 0 },
+        { CKA_NETSCAPE_URL, NULL, 0 },
+    };
+    const int fetchCrlSize = sizeof(fetchCrl) / sizeof(fetchCrl[2]);
+    CK_RV crv;
+    SECStatus rv = SECFailure;
+
+    crv = PK11_GetAttributes(head->arena, slot, crlID, fetchCrl, fetchCrlSize);
+    if (CKR_OK != crv) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    if (!fetchCrl[1].pValue) {
+        PORT_SetError(SEC_ERROR_CRL_INVALID);
+        goto loser;
+    }
+
+    new_node = (CERTCrlNode *)PORT_ArenaAlloc(head->arena, sizeof(CERTCrlNode));
+    if (new_node == NULL) {
+        goto loser;
+    }
+
+    if (*((CK_BBOOL *)fetchCrl[1].pValue))
+        new_node->type = SEC_KRL_TYPE;
+    else
+        new_node->type = SEC_CRL_TYPE;
+
+    derCrl.type = siBuffer;
+    derCrl.data = (unsigned char *)fetchCrl[0].pValue;
+    derCrl.len = fetchCrl[0].ulValueLen;
+    new_node->crl = CERT_DecodeDERCrl(head->arena, &derCrl, new_node->type);
+    if (new_node->crl == NULL) {
+        goto loser;
+    }
+
+    if (fetchCrl[2].pValue) {
+        int nnlen = fetchCrl[2].ulValueLen;
+        new_node->crl->url = (char *)PORT_ArenaAlloc(head->arena, nnlen + 1);
+        if (!new_node->crl->url) {
+            goto loser;
+        }
+        PORT_Memcpy(new_node->crl->url, fetchCrl[2].pValue, nnlen);
+        new_node->crl->url[nnlen] = 0;
+    } else {
+        new_node->crl->url = NULL;
+    }
+
+    new_node->next = NULL;
+    if (head->last) {
+        head->last->next = new_node;
+        head->last = new_node;
+    } else {
+        head->first = head->last = new_node;
+    }
+    rv = SECSuccess;
+
+loser:
+    return (rv);
+}
+
+/*
+ * Return a list of all the CRLs .
+ * CRLs are allocated in the list's arena.
+ */
+SECStatus
+PK11_LookupCrls(CERTCrlHeadNode *nodes, int type, void *wincx)
+{
+    pk11TraverseSlot creater;
+    CK_ATTRIBUTE theTemplate[2];
+    CK_ATTRIBUTE *attrs;
+    CK_OBJECT_CLASS certClass = CKO_NETSCAPE_CRL;
+    CK_BBOOL isKrl = CK_FALSE;
+
+    attrs = theTemplate;
+    PK11_SETATTRS(attrs, CKA_CLASS, &certClass, sizeof(certClass));
+    attrs++;
+    if (type != -1) {
+        isKrl = (CK_BBOOL)(type == SEC_KRL_TYPE);
+        PK11_SETATTRS(attrs, CKA_NETSCAPE_KRL, &isKrl, sizeof(isKrl));
+        attrs++;
+    }
+
+    creater.callback = pk11_CollectCrls;
+    creater.callbackArg = (void *)nodes;
+    creater.findTemplate = theTemplate;
+    creater.templateCount = (attrs - theTemplate);
+
+    return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx);
+}
+
+struct crlOptionsStr {
+    CERTCrlHeadNode *head;
+    PRInt32 decodeOptions;
+};
+
+typedef struct crlOptionsStr crlOptions;
+
+static SECStatus
+pk11_RetrieveCrlsCallback(PK11SlotInfo *slot, CK_OBJECT_HANDLE crlID,
+                          void *arg)
+{
+    SECItem *derCrl = NULL;
+    crlOptions *options = (crlOptions *)arg;
+    CERTCrlHeadNode *head = options->head;
+    CERTCrlNode *new_node = NULL;
+    CK_ATTRIBUTE fetchCrl[3] = {
+        { CKA_VALUE, NULL, 0 },
+        { CKA_NETSCAPE_KRL, NULL, 0 },
+        { CKA_NETSCAPE_URL, NULL, 0 },
+    };
+    const int fetchCrlSize = sizeof(fetchCrl) / sizeof(fetchCrl[2]);
+    CK_RV crv;
+    SECStatus rv = SECFailure;
+    PRBool adopted = PR_FALSE; /* whether the CRL adopted the DER memory
+                                  successfully */
+    int i;
+
+    crv = PK11_GetAttributes(NULL, slot, crlID, fetchCrl, fetchCrlSize);
+    if (CKR_OK != crv) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    if (!fetchCrl[1].pValue) {
+        /* reject KRLs */
+        PORT_SetError(SEC_ERROR_CRL_INVALID);
+        goto loser;
+    }
+
+    new_node = (CERTCrlNode *)PORT_ArenaAlloc(head->arena,
+                                              sizeof(CERTCrlNode));
+    if (new_node == NULL) {
+        goto loser;
+    }
+
+    new_node->type = SEC_CRL_TYPE;
+
+    derCrl = SECITEM_AllocItem(NULL, NULL, 0);
+    if (!derCrl) {
+        goto loser;
+    }
+    derCrl->type = siBuffer;
+    derCrl->data = (unsigned char *)fetchCrl[0].pValue;
+    derCrl->len = fetchCrl[0].ulValueLen;
+    new_node->crl = CERT_DecodeDERCrlWithFlags(NULL, derCrl, new_node->type,
+                                               options->decodeOptions);
+    if (new_node->crl == NULL) {
+        goto loser;
+    }
+    adopted = PR_TRUE; /* now that the CRL has adopted the DER memory,
+                          we won't need to free it upon exit */
+
+    if (fetchCrl[2].pValue && fetchCrl[2].ulValueLen) {
+        /* copy the URL if there is one */
+        int nnlen = fetchCrl[2].ulValueLen;
+        new_node->crl->url = (char *)PORT_ArenaAlloc(new_node->crl->arena,
+                                                     nnlen + 1);
+        if (!new_node->crl->url) {
+            goto loser;
+        }
+        PORT_Memcpy(new_node->crl->url, fetchCrl[2].pValue, nnlen);
+        new_node->crl->url[nnlen] = 0;
+    } else {
+        new_node->crl->url = NULL;
+    }
+
+    new_node->next = NULL;
+    if (head->last) {
+        head->last->next = new_node;
+        head->last = new_node;
+    } else {
+        head->first = head->last = new_node;
+    }
+    rv = SECSuccess;
+    new_node->crl->slot = PK11_ReferenceSlot(slot);
+    new_node->crl->pkcs11ID = crlID;
+
+loser:
+    /* free attributes that weren't adopted by the CRL */
+    for (i = 1; i < fetchCrlSize; i++) {
+        if (fetchCrl[i].pValue) {
+            PORT_Free(fetchCrl[i].pValue);
+        }
+    }
+    /* free the DER if the CRL object didn't adopt it */
+    if (fetchCrl[0].pValue && PR_FALSE == adopted) {
+        PORT_Free(fetchCrl[0].pValue);
+    }
+    if (derCrl && !adopted) {
+        /* clear the data fields, which we already took care of above */
+        derCrl->data = NULL;
+        derCrl->len = 0;
+        /* free the memory for the SECItem structure itself */
+        SECITEM_FreeItem(derCrl, PR_TRUE);
+    }
+    return (rv);
+}
+
+/*
+ * Return a list of CRLs matching specified issuer and type
+ * CRLs are not allocated in the list's arena, but rather in their own,
+ * arena, so that they can be used individually in the CRL cache .
+ * CRLs are always partially decoded for efficiency.
+ */
+SECStatus
+pk11_RetrieveCrls(CERTCrlHeadNode *nodes, SECItem *issuer,
+                  void *wincx)
+{
+    pk11TraverseSlot creater;
+    CK_ATTRIBUTE theTemplate[2];
+    CK_ATTRIBUTE *attrs;
+    CK_OBJECT_CLASS crlClass = CKO_NETSCAPE_CRL;
+    crlOptions options;
+
+    attrs = theTemplate;
+    PK11_SETATTRS(attrs, CKA_CLASS, &crlClass, sizeof(crlClass));
+    attrs++;
+
+    options.head = nodes;
+
+    /* - do a partial decoding - we don't need to decode the entries while fetching
+       - don't copy the DER for optimal performance - CRL can be very large
+       - have the CRL objects adopt the DER, so SEC_DestroyCrl will free it
+       - keep bad CRL objects. The CRL cache is interested in them, for
+         security purposes. Bad CRL objects are a sign of something amiss.
+     */
+
+    options.decodeOptions = CRL_DECODE_SKIP_ENTRIES | CRL_DECODE_DONT_COPY_DER |
+                            CRL_DECODE_ADOPT_HEAP_DER | CRL_DECODE_KEEP_BAD_CRL;
+    if (issuer) {
+        PK11_SETATTRS(attrs, CKA_SUBJECT, issuer->data, issuer->len);
+        attrs++;
+    }
+
+    creater.callback = pk11_RetrieveCrlsCallback;
+    creater.callbackArg = (void *)&options;
+    creater.findTemplate = theTemplate;
+    creater.templateCount = (attrs - theTemplate);
+
+    return pk11_TraverseAllSlots(PK11_TraverseSlot, &creater, PR_FALSE, wincx);
+}
+
+/*
+ * return the crl associated with a derSubjectName
+ */
+SECItem *
+PK11_FindCrlByName(PK11SlotInfo **slot, CK_OBJECT_HANDLE *crlHandle,
+                   SECItem *name, int type, char **pUrl)
+{
+    NSSCRL **crls, **crlp, *crl = NULL;
+    NSSDER subject;
+    SECItem *rvItem;
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+    char *url = NULL;
+
+    PORT_SetError(0);
+    NSSITEM_FROM_SECITEM(&subject, name);
+    if (*slot) {
+        nssCryptokiObject **instances;
+        nssPKIObjectCollection *collection;
+        nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+        NSSToken *token = PK11Slot_GetNSSToken(*slot);
+        collection = nssCRLCollection_Create(td, NULL);
+        if (!collection) {
+            goto loser;
+        }
+        instances = nssToken_FindCRLsBySubject(token, NULL, &subject,
+                                               tokenOnly, 0, NULL);
+        nssPKIObjectCollection_AddInstances(collection, instances, 0);
+        nss_ZFreeIf(instances);
+        crls = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
+        nssPKIObjectCollection_Destroy(collection);
+    } else {
+        crls = nssTrustDomain_FindCRLsBySubject(td, &subject);
+    }
+    if ((!crls) || (*crls == NULL)) {
+        if (crls) {
+            nssCRLArray_Destroy(crls);
+        }
+        if (NSS_GetError() == NSS_ERROR_NOT_FOUND) {
+            PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
+        }
+        goto loser;
+    }
+    for (crlp = crls; *crlp; crlp++) {
+        if ((!(*crlp)->isKRL && type == SEC_CRL_TYPE) ||
+            ((*crlp)->isKRL && type != SEC_CRL_TYPE)) {
+            crl = nssCRL_AddRef(*crlp);
+            break;
+        }
+    }
+    nssCRLArray_Destroy(crls);
+    if (!crl) {
+        /* CRL collection was found, but no interesting CRL's were on it.
+         * Not an error */
+        PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
+        goto loser;
+    }
+    if (crl->url) {
+        url = PORT_Strdup(crl->url);
+        if (!url) {
+            goto loser;
+        }
+    }
+    rvItem = SECITEM_AllocItem(NULL, NULL, crl->encoding.size);
+    if (!rvItem) {
+        goto loser;
+    }
+    memcpy(rvItem->data, crl->encoding.data, crl->encoding.size);
+    *slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
+    *crlHandle = crl->object.instances[0]->handle;
+    *pUrl = url;
+    nssCRL_Destroy(crl);
+    return rvItem;
+
+loser:
+    if (url)
+        PORT_Free(url);
+    if (crl)
+        nssCRL_Destroy(crl);
+    if (PORT_GetError() == 0) {
+        PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
+    }
+    return NULL;
+}
+
+CK_OBJECT_HANDLE
+PK11_PutCrl(PK11SlotInfo *slot, SECItem *crl, SECItem *name,
+            char *url, int type)
+{
+    NSSItem derCRL, derSubject;
+    NSSToken *token = PK11Slot_GetNSSToken(slot);
+    nssCryptokiObject *object;
+    PRBool isKRL = (type == SEC_CRL_TYPE) ? PR_FALSE : PR_TRUE;
+    CK_OBJECT_HANDLE rvH;
+
+    NSSITEM_FROM_SECITEM(&derSubject, name);
+    NSSITEM_FROM_SECITEM(&derCRL, crl);
+
+    object = nssToken_ImportCRL(token, NULL,
+                                &derSubject, &derCRL, isKRL, url, PR_TRUE);
+
+    if (object) {
+        rvH = object->handle;
+        nssCryptokiObject_Destroy(object);
+    } else {
+        rvH = CK_INVALID_HANDLE;
+        PORT_SetError(SEC_ERROR_CRL_IMPORT_FAILED);
+    }
+    return rvH;
+}
+
+/*
+ * delete a crl.
+ */
+SECStatus
+SEC_DeletePermCRL(CERTSignedCrl *crl)
+{
+    PRStatus status;
+    NSSToken *token;
+    nssCryptokiObject *object;
+    PK11SlotInfo *slot = crl->slot;
+
+    if (slot == NULL) {
+        PORT_Assert(slot);
+        /* shouldn't happen */
+        PORT_SetError(SEC_ERROR_CRL_INVALID);
+        return SECFailure;
+    }
+    token = PK11Slot_GetNSSToken(slot);
+
+    object = nss_ZNEW(NULL, nssCryptokiObject);
+    if (!object) {
+        return SECFailure;
+    }
+    object->token = nssToken_AddRef(token);
+    object->handle = crl->pkcs11ID;
+    object->isTokenObject = PR_TRUE;
+
+    status = nssToken_DeleteStoredObject(object);
+
+    nssCryptokiObject_Destroy(object);
+    return (status == PR_SUCCESS) ? SECSuccess : SECFailure;
+}
+
+/*
+ * return the certificate associated with a derCert
+ */
+SECItem *
+PK11_FindSMimeProfile(PK11SlotInfo **slot, char *emailAddr,
+                      SECItem *name, SECItem **profileTime)
+{
+    CK_OBJECT_CLASS smimeClass = CKO_NETSCAPE_SMIME;
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_SUBJECT, NULL, 0 },
+        { CKA_CLASS, NULL, 0 },
+        { CKA_NETSCAPE_EMAIL, NULL, 0 },
+    };
+    CK_ATTRIBUTE smimeData[] = {
+        { CKA_SUBJECT, NULL, 0 },
+        { CKA_VALUE, NULL, 0 },
+    };
+    /* if you change the array, change the variable below as well */
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    CK_OBJECT_HANDLE smimeh = CK_INVALID_HANDLE;
+    CK_ATTRIBUTE *attrs = theTemplate;
+    CK_RV crv;
+    SECItem *emailProfile = NULL;
+
+    if (!emailAddr || !emailAddr[0]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    PK11_SETATTRS(attrs, CKA_SUBJECT, name->data, name->len);
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &smimeClass, sizeof(smimeClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_NETSCAPE_EMAIL, emailAddr, strlen(emailAddr));
+    attrs++;
+
+    if (*slot) {
+        smimeh = pk11_FindObjectByTemplate(*slot, theTemplate, tsize);
+    } else {
+        PK11SlotList *list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,
+                                               PR_FALSE, PR_TRUE, NULL);
+        PK11SlotListElement *le;
+
+        if (!list) {
+            return NULL;
+        }
+        /* loop through all the slots */
+        for (le = list->head; le; le = le->next) {
+            smimeh = pk11_FindObjectByTemplate(le->slot, theTemplate, tsize);
+            if (smimeh != CK_INVALID_HANDLE) {
+                *slot = PK11_ReferenceSlot(le->slot);
+                break;
+            }
+        }
+        PK11_FreeSlotList(list);
+    }
+
+    if (smimeh == CK_INVALID_HANDLE) {
+        PORT_SetError(SEC_ERROR_NO_KRL);
+        return NULL;
+    }
+
+    if (profileTime) {
+        PK11_SETATTRS(smimeData, CKA_NETSCAPE_SMIME_TIMESTAMP, NULL, 0);
+    }
+
+    crv = PK11_GetAttributes(NULL, *slot, smimeh, smimeData, 2);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    if (!profileTime) {
+        SECItem profileSubject;
+
+        profileSubject.data = (unsigned char *)smimeData[0].pValue;
+        profileSubject.len = smimeData[0].ulValueLen;
+        if (!SECITEM_ItemsAreEqual(&profileSubject, name)) {
+            goto loser;
+        }
+    }
+
+    emailProfile = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (emailProfile == NULL) {
+        goto loser;
+    }
+
+    emailProfile->data = (unsigned char *)smimeData[1].pValue;
+    emailProfile->len = smimeData[1].ulValueLen;
+
+    if (profileTime) {
+        *profileTime = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+        if (*profileTime) {
+            (*profileTime)->data = (unsigned char *)smimeData[0].pValue;
+            (*profileTime)->len = smimeData[0].ulValueLen;
+        }
+    }
+
+loser:
+    if (emailProfile == NULL) {
+        if (smimeData[1].pValue) {
+            PORT_Free(smimeData[1].pValue);
+        }
+    }
+    if (profileTime == NULL || *profileTime == NULL) {
+        if (smimeData[0].pValue) {
+            PORT_Free(smimeData[0].pValue);
+        }
+    }
+    return emailProfile;
+}
+
+SECStatus
+PK11_SaveSMimeProfile(PK11SlotInfo *slot, char *emailAddr, SECItem *derSubj,
+                      SECItem *emailProfile, SECItem *profileTime)
+{
+    CK_OBJECT_CLASS smimeClass = CKO_NETSCAPE_SMIME;
+    CK_BBOOL ck_true = CK_TRUE;
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_SUBJECT, NULL, 0 },
+        { CKA_NETSCAPE_EMAIL, NULL, 0 },
+        { CKA_NETSCAPE_SMIME_TIMESTAMP, NULL, 0 },
+        { CKA_VALUE, NULL, 0 }
+    };
+    /* if you change the array, change the variable below as well */
+    int realSize = 0;
+    CK_OBJECT_HANDLE smimeh = CK_INVALID_HANDLE;
+    CK_ATTRIBUTE *attrs = theTemplate;
+    CK_SESSION_HANDLE rwsession;
+    PK11SlotInfo *free_slot = NULL;
+    CK_RV crv;
+#ifdef DEBUG
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+#endif
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &smimeClass, sizeof(smimeClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ck_true, sizeof(ck_true));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_SUBJECT, derSubj->data, derSubj->len);
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_NETSCAPE_EMAIL,
+                  emailAddr, PORT_Strlen(emailAddr) + 1);
+    attrs++;
+    if (profileTime) {
+        PK11_SETATTRS(attrs, CKA_NETSCAPE_SMIME_TIMESTAMP, profileTime->data,
+                      profileTime->len);
+        attrs++;
+        PK11_SETATTRS(attrs, CKA_VALUE, emailProfile->data,
+                      emailProfile->len);
+        attrs++;
+    }
+    realSize = attrs - theTemplate;
+    PORT_Assert(realSize <= tsize);
+
+    if (slot == NULL) {
+        free_slot = slot = PK11_GetInternalKeySlot();
+        /* we need to free the key slot in the end!!! */
+    }
+
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_READ_ONLY);
+        if (free_slot) {
+            PK11_FreeSlot(free_slot);
+        }
+        return SECFailure;
+    }
+
+    crv = PK11_GETTAB(slot)->C_CreateObject(rwsession, theTemplate, realSize, &smimeh);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+    }
+
+    PK11_RestoreROSession(slot, rwsession);
+
+    if (free_slot) {
+        PK11_FreeSlot(free_slot);
+    }
+    return SECSuccess;
+}
+
+CERTSignedCrl *crl_storeCRL(PK11SlotInfo *slot, char *url,
+                            CERTSignedCrl *newCrl, SECItem *derCrl, int type);
+
+/* import the CRL into the token */
+
+CERTSignedCrl *
+PK11_ImportCRL(PK11SlotInfo *slot, SECItem *derCRL, char *url,
+               int type, void *wincx, PRInt32 importOptions, PLArenaPool *arena,
+               PRInt32 decodeoptions)
+{
+    CERTSignedCrl *newCrl, *crl;
+    SECStatus rv;
+    CERTCertificate *caCert = NULL;
+
+    newCrl = crl = NULL;
+
+    do {
+        newCrl = CERT_DecodeDERCrlWithFlags(arena, derCRL, type,
+                                            decodeoptions);
+        if (newCrl == NULL) {
+            if (type == SEC_CRL_TYPE) {
+                /* only promote error when the error code is too generic */
+                if (PORT_GetError() == SEC_ERROR_BAD_DER)
+                    PORT_SetError(SEC_ERROR_CRL_INVALID);
+            } else {
+                PORT_SetError(SEC_ERROR_KRL_INVALID);
+            }
+            break;
+        }
+
+        if (0 == (importOptions & CRL_IMPORT_BYPASS_CHECKS)) {
+            CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
+            PR_ASSERT(handle != NULL);
+            caCert = CERT_FindCertByName(handle,
+                                         &newCrl->crl.derName);
+            if (caCert == NULL) {
+                PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+                break;
+            }
+
+            /* If caCert is a v3 certificate, make sure that it can be used for
+               crl signing purpose */
+            rv = CERT_CheckCertUsage(caCert, KU_CRL_SIGN);
+            if (rv != SECSuccess) {
+                break;
+            }
+
+            rv = CERT_VerifySignedData(&newCrl->signatureWrap, caCert,
+                                       PR_Now(), wincx);
+            if (rv != SECSuccess) {
+                if (type == SEC_CRL_TYPE) {
+                    PORT_SetError(SEC_ERROR_CRL_BAD_SIGNATURE);
+                } else {
+                    PORT_SetError(SEC_ERROR_KRL_BAD_SIGNATURE);
+                }
+                break;
+            }
+        }
+
+        crl = crl_storeCRL(slot, url, newCrl, derCRL, type);
+
+    } while (0);
+
+    if (crl == NULL) {
+        SEC_DestroyCrl(newCrl);
+    }
+    if (caCert) {
+        CERT_DestroyCertificate(caCert);
+    }
+    return (crl);
+}
diff --git a/nss/lib/pk11wrap/pk11obj.c b/nss/lib/pk11wrap/pk11obj.c
new file mode 100644
index 0000000..4046c1f
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11obj.c
@@ -0,0 +1,2106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file manages object type indepentent functions.
+ */
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pkcs11t.h"
+#include "pk11func.h"
+#include "key.h"
+#include "secitem.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+#define PK11_SEARCH_CHUNKSIZE 10
+
+/*
+ * Build a block big enough to hold the data
+ */
+SECItem *
+PK11_BlockData(SECItem *data, unsigned long size)
+{
+    SECItem *newData;
+
+    if (size == 0u)
+        return NULL;
+
+    newData = (SECItem *)PORT_Alloc(sizeof(SECItem));
+    if (newData == NULL)
+        return NULL;
+
+    newData->len = (data->len + (size - 1)) / size;
+    newData->len *= size;
+
+    newData->data = (unsigned char *)PORT_ZAlloc(newData->len);
+    if (newData->data == NULL) {
+        PORT_Free(newData);
+        return NULL;
+    }
+    PORT_Memset(newData->data, newData->len - data->len, newData->len);
+    PORT_Memcpy(newData->data, data->data, data->len);
+    return newData;
+}
+
+SECStatus
+PK11_DestroyObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE object)
+{
+    CK_RV crv;
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_DestroyObject(slot->session, object);
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PK11_DestroyTokenObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE object)
+{
+    CK_RV crv;
+    SECStatus rv = SECSuccess;
+    CK_SESSION_HANDLE rwsession;
+
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+
+    crv = PK11_GETTAB(slot)->C_DestroyObject(rwsession, object);
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        PORT_SetError(PK11_MapError(crv));
+    }
+    PK11_RestoreROSession(slot, rwsession);
+    return rv;
+}
+
+/*
+ * Read in a single attribute into a SECItem. Allocate space for it with
+ * PORT_Alloc unless an arena is supplied. In the latter case use the arena
+ * to allocate the space.
+ *
+ * PK11_ReadAttribute sets the 'data' and 'len' fields of the SECItem but
+ * does not modify its 'type' field.
+ */
+SECStatus
+PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                   CK_ATTRIBUTE_TYPE type, PLArenaPool *arena, SECItem *result)
+{
+    CK_ATTRIBUTE attr = { 0, NULL, 0 };
+    CK_RV crv;
+
+    attr.type = type;
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session, id, &attr, 1);
+    if (crv != CKR_OK) {
+        PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    if (arena) {
+        attr.pValue = PORT_ArenaAlloc(arena, attr.ulValueLen);
+    } else {
+        attr.pValue = PORT_Alloc(attr.ulValueLen);
+    }
+    if (attr.pValue == NULL) {
+        PK11_ExitSlotMonitor(slot);
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session, id, &attr, 1);
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        if (!arena)
+            PORT_Free(attr.pValue);
+        return SECFailure;
+    }
+
+    result->data = (unsigned char *)attr.pValue;
+    result->len = attr.ulValueLen;
+
+    return SECSuccess;
+}
+
+/*
+ * Read in a single attribute into As a Ulong.
+ */
+CK_ULONG
+PK11_ReadULongAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                        CK_ATTRIBUTE_TYPE type)
+{
+    CK_ATTRIBUTE attr;
+    CK_ULONG value = CK_UNAVAILABLE_INFORMATION;
+    CK_RV crv;
+
+    PK11_SETATTRS(&attr, type, &value, sizeof(value));
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session, id, &attr, 1);
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+    }
+    return value;
+}
+
+/*
+ * check to see if a bool has been set.
+ */
+CK_BBOOL
+pk11_HasAttributeSet_Lock(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                          CK_ATTRIBUTE_TYPE type, PRBool haslock)
+{
+    CK_BBOOL ckvalue = CK_FALSE;
+    CK_ATTRIBUTE theTemplate;
+    CK_RV crv;
+
+    /* Prepare to retrieve the attribute. */
+    PK11_SETATTRS(&theTemplate, type, &ckvalue, sizeof(CK_BBOOL));
+
+    /* Retrieve attribute value. */
+    if (!haslock)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session, id,
+                                                 &theTemplate, 1);
+    if (!haslock)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return CK_FALSE;
+    }
+
+    return ckvalue;
+}
+
+CK_BBOOL
+PK11_HasAttributeSet(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                     CK_ATTRIBUTE_TYPE type, PRBool haslock)
+{
+    PR_ASSERT(haslock == PR_FALSE);
+    return pk11_HasAttributeSet_Lock(slot, id, type, PR_FALSE);
+}
+
+/*
+ * returns a full list of attributes. Allocate space for them. If an arena is
+ * provided, allocate space out of the arena.
+ */
+CK_RV
+PK11_GetAttributes(PLArenaPool *arena, PK11SlotInfo *slot,
+                   CK_OBJECT_HANDLE obj, CK_ATTRIBUTE *attr, int count)
+{
+    int i;
+    /* make pedantic happy... note that it's only used arena != NULL */
+    void *mark = NULL;
+    CK_RV crv;
+    PORT_Assert(slot->session != CK_INVALID_SESSION);
+    if (slot->session == CK_INVALID_SESSION)
+        return CKR_SESSION_HANDLE_INVALID;
+
+    /*
+     * first get all the lengths of the parameters.
+     */
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session, obj, attr, count);
+    if (crv != CKR_OK) {
+        PK11_ExitSlotMonitor(slot);
+        return crv;
+    }
+
+    if (arena) {
+        mark = PORT_ArenaMark(arena);
+        if (mark == NULL)
+            return CKR_HOST_MEMORY;
+    }
+
+    /*
+     * now allocate space to store the results.
+     */
+    for (i = 0; i < count; i++) {
+        if (attr[i].ulValueLen == 0)
+            continue;
+        if (arena) {
+            attr[i].pValue = PORT_ArenaAlloc(arena, attr[i].ulValueLen);
+            if (attr[i].pValue == NULL) {
+                /* arena failures, just release the mark */
+                PORT_ArenaRelease(arena, mark);
+                PK11_ExitSlotMonitor(slot);
+                return CKR_HOST_MEMORY;
+            }
+        } else {
+            attr[i].pValue = PORT_Alloc(attr[i].ulValueLen);
+            if (attr[i].pValue == NULL) {
+                /* Separate malloc failures, loop to release what we have
+                 * so far */
+                int j;
+                for (j = 0; j < i; j++) {
+                    PORT_Free(attr[j].pValue);
+                    /* don't give the caller pointers to freed memory */
+                    attr[j].pValue = NULL;
+                }
+                PK11_ExitSlotMonitor(slot);
+                return CKR_HOST_MEMORY;
+            }
+        }
+    }
+
+    /*
+     * finally get the results.
+     */
+    crv = PK11_GETTAB(slot)->C_GetAttributeValue(slot->session, obj, attr, count);
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        if (arena) {
+            PORT_ArenaRelease(arena, mark);
+        } else {
+            for (i = 0; i < count; i++) {
+                PORT_Free(attr[i].pValue);
+                /* don't give the caller pointers to freed memory */
+                attr[i].pValue = NULL;
+            }
+        }
+    } else if (arena && mark) {
+        PORT_ArenaUnmark(arena, mark);
+    }
+    return crv;
+}
+
+PRBool
+PK11_IsPermObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
+{
+    return (PRBool)PK11_HasAttributeSet(slot, handle, CKA_TOKEN, PR_FALSE);
+}
+
+char *
+PK11_GetObjectNickname(PK11SlotInfo *slot, CK_OBJECT_HANDLE id)
+{
+    char *nickname = NULL;
+    SECItem result;
+    SECStatus rv;
+
+    rv = PK11_ReadAttribute(slot, id, CKA_LABEL, NULL, &result);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    nickname = PORT_ZAlloc(result.len + 1);
+    if (nickname == NULL) {
+        PORT_Free(result.data);
+        return NULL;
+    }
+    PORT_Memcpy(nickname, result.data, result.len);
+    PORT_Free(result.data);
+    return nickname;
+}
+
+SECStatus
+PK11_SetObjectNickname(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                       const char *nickname)
+{
+    int len = PORT_Strlen(nickname);
+    CK_ATTRIBUTE setTemplate;
+    CK_RV crv;
+    CK_SESSION_HANDLE rwsession;
+
+    if (len < 0) {
+        return SECFailure;
+    }
+
+    PK11_SETATTRS(&setTemplate, CKA_LABEL, (CK_CHAR *)nickname, len);
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, id,
+                                                 &setTemplate, 1);
+    PK11_RestoreROSession(slot, rwsession);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * strip leading zero's from key material
+ */
+void
+pk11_SignedToUnsigned(CK_ATTRIBUTE *attrib)
+{
+    char *ptr = (char *)attrib->pValue;
+    unsigned long len = attrib->ulValueLen;
+
+    while ((len > 1) && (*ptr == 0)) {
+        len--;
+        ptr++;
+    }
+    attrib->pValue = ptr;
+    attrib->ulValueLen = len;
+}
+
+/*
+ * get a new session on a slot. If we run out of session, use the slot's
+ * 'exclusive' session. In this case owner becomes false.
+ */
+CK_SESSION_HANDLE
+pk11_GetNewSession(PK11SlotInfo *slot, PRBool *owner)
+{
+    CK_SESSION_HANDLE session;
+    *owner = PR_TRUE;
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    if (PK11_GETTAB(slot)->C_OpenSession(slot->slotID, CKF_SERIAL_SESSION,
+                                         slot, pk11_notify, &session) != CKR_OK) {
+        *owner = PR_FALSE;
+        session = slot->session;
+    }
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+
+    return session;
+}
+
+void
+pk11_CloseSession(PK11SlotInfo *slot, CK_SESSION_HANDLE session, PRBool owner)
+{
+    if (!owner)
+        return;
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    (void)PK11_GETTAB(slot)->C_CloseSession(session);
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+}
+
+SECStatus
+PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+                     const CK_ATTRIBUTE *theTemplate, int count,
+                     PRBool token, CK_OBJECT_HANDLE *objectID)
+{
+    CK_SESSION_HANDLE rwsession;
+    CK_RV crv;
+    SECStatus rv = SECSuccess;
+
+    rwsession = session;
+    if (token) {
+        rwsession = PK11_GetRWSession(slot);
+    } else if (rwsession == CK_INVALID_SESSION) {
+        rwsession = slot->session;
+        if (rwsession != CK_INVALID_SESSION)
+            PK11_EnterSlotMonitor(slot);
+    }
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_CreateObject(rwsession,
+                                            /* cast away const :-( */ (CK_ATTRIBUTE_PTR)theTemplate,
+                                            count, objectID);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        rv = SECFailure;
+    }
+    if (token) {
+        PK11_RestoreROSession(slot, rwsession);
+    } else if (session == CK_INVALID_SESSION) {
+        PK11_ExitSlotMonitor(slot);
+    }
+
+    return rv;
+}
+
+/* This function may add a maximum of 9 attributes. */
+unsigned int
+pk11_OpFlagsToAttributes(CK_FLAGS flags, CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue)
+{
+
+    const static CK_ATTRIBUTE_TYPE attrTypes[12] = {
+        CKA_ENCRYPT, CKA_DECRYPT, 0 /* DIGEST */, CKA_SIGN,
+        CKA_SIGN_RECOVER, CKA_VERIFY, CKA_VERIFY_RECOVER, 0 /* GEN */,
+        0 /* GEN PAIR */, CKA_WRAP, CKA_UNWRAP, CKA_DERIVE
+    };
+
+    const CK_ATTRIBUTE_TYPE *pType = attrTypes;
+    CK_ATTRIBUTE *attr = attrs;
+    CK_FLAGS test = CKF_ENCRYPT;
+
+    PR_ASSERT(!(flags & ~CKF_KEY_OPERATION_FLAGS));
+    flags &= CKF_KEY_OPERATION_FLAGS;
+
+    for (; flags && test <= CKF_DERIVE; test <<= 1, ++pType) {
+        if (test & flags) {
+            flags ^= test;
+            PR_ASSERT(*pType);
+            PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue);
+            ++attr;
+        }
+    }
+    return (attr - attrs);
+}
+
+/*
+ * Check for conflicting flags, for example, if both PK11_ATTR_PRIVATE
+ * and PK11_ATTR_PUBLIC are set.
+ */
+PRBool
+pk11_BadAttrFlags(PK11AttrFlags attrFlags)
+{
+    PK11AttrFlags trueFlags = attrFlags & 0x55555555;
+    PK11AttrFlags falseFlags = (attrFlags >> 1) & 0x55555555;
+    return ((trueFlags & falseFlags) != 0);
+}
+
+/*
+ * This function may add a maximum of 5 attributes.
+ * The caller must make sure the attribute flags don't have conflicts.
+ */
+unsigned int
+pk11_AttrFlagsToAttributes(PK11AttrFlags attrFlags, CK_ATTRIBUTE *attrs,
+                           CK_BBOOL *ckTrue, CK_BBOOL *ckFalse)
+{
+    const static CK_ATTRIBUTE_TYPE attrTypes[5] = {
+        CKA_TOKEN, CKA_PRIVATE, CKA_MODIFIABLE, CKA_SENSITIVE,
+        CKA_EXTRACTABLE
+    };
+
+    const CK_ATTRIBUTE_TYPE *pType = attrTypes;
+    CK_ATTRIBUTE *attr = attrs;
+    PK11AttrFlags test = PK11_ATTR_TOKEN;
+
+    PR_ASSERT(!pk11_BadAttrFlags(attrFlags));
+
+    /* we test two related bitflags in each iteration */
+    for (; attrFlags && test <= PK11_ATTR_EXTRACTABLE; test <<= 2, ++pType) {
+        if (test & attrFlags) {
+            attrFlags ^= test;
+            PK11_SETATTRS(attr, *pType, ckTrue, sizeof *ckTrue);
+            ++attr;
+        } else if ((test << 1) & attrFlags) {
+            attrFlags ^= (test << 1);
+            PK11_SETATTRS(attr, *pType, ckFalse, sizeof *ckFalse);
+            ++attr;
+        }
+    }
+    return (attr - attrs);
+}
+
+/*
+ * Some non-compliant PKCS #11 vendors do not give us the modulus, so actually
+ * set up a signature to get the signaure length.
+ */
+static int
+pk11_backupGetSignLength(SECKEYPrivateKey *key)
+{
+    PK11SlotInfo *slot = key->pkcs11Slot;
+    CK_MECHANISM mech = { 0, NULL, 0 };
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    CK_ULONG len;
+    CK_RV crv;
+    unsigned char h_data[20] = { 0 };
+    unsigned char buf[20]; /* obviously to small */
+    CK_ULONG smallLen = sizeof(buf);
+
+    mech.mechanism = PK11_MapSignKeyType(key->keyType);
+
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_SignInit(session, &mech, key->pkcs11ID);
+    if (crv != CKR_OK) {
+        if (!owner || !(slot->isThreadSafe))
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        return -1;
+    }
+    len = 0;
+    crv = PK11_GETTAB(slot)->C_Sign(session, h_data, sizeof(h_data),
+                                    NULL, &len);
+    /* now call C_Sign with too small a buffer to clear the session state */
+    (void)PK11_GETTAB(slot)->C_Sign(session, h_data, sizeof(h_data), buf, &smallLen);
+
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return -1;
+    }
+    return len;
+}
+
+/*
+ * get the length of a signature object based on the key
+ */
+int
+PK11_SignatureLen(SECKEYPrivateKey *key)
+{
+    int val;
+    SECItem attributeItem = { siBuffer, NULL, 0 };
+    SECStatus rv;
+    int length;
+
+    switch (key->keyType) {
+        case rsaKey:
+            val = PK11_GetPrivateModulusLen(key);
+            if (val == -1) {
+                return pk11_backupGetSignLength(key);
+            }
+            return (unsigned long)val;
+
+        case fortezzaKey:
+            return 40;
+
+        case dsaKey:
+            rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, CKA_SUBPRIME,
+                                    NULL, &attributeItem);
+            if (rv == SECSuccess) {
+                length = attributeItem.len;
+                if ((length > 0) && attributeItem.data[0] == 0) {
+                    length--;
+                }
+                PORT_Free(attributeItem.data);
+                return length * 2;
+            }
+            return pk11_backupGetSignLength(key);
+
+        case ecKey:
+            rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, CKA_EC_PARAMS,
+                                    NULL, &attributeItem);
+            if (rv == SECSuccess) {
+                length = SECKEY_ECParamsToBasePointOrderLen(&attributeItem);
+                PORT_Free(attributeItem.data);
+                if (length != 0) {
+                    length = ((length + 7) / 8) * 2;
+                    return length;
+                }
+            }
+            return pk11_backupGetSignLength(key);
+        default:
+            break;
+    }
+    PORT_SetError(SEC_ERROR_INVALID_KEY);
+    return 0;
+}
+
+/*
+ * copy a key (or any other object) on a token
+ */
+CK_OBJECT_HANDLE
+PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject)
+{
+    CK_OBJECT_HANDLE destObject;
+    CK_RV crv;
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_CopyObject(slot->session, srcObject, NULL, 0,
+                                          &destObject);
+    PK11_ExitSlotMonitor(slot);
+    if (crv == CKR_OK)
+        return destObject;
+    PORT_SetError(PK11_MapError(crv));
+    return CK_INVALID_HANDLE;
+}
+
+PRBool
+pk11_FindAttrInTemplate(CK_ATTRIBUTE *attr, unsigned int numAttrs,
+                        CK_ATTRIBUTE_TYPE target)
+{
+    for (; numAttrs > 0; ++attr, --numAttrs) {
+        if (attr->type == target)
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+/*
+ * Recover the Signed data. We need this because our old verify can't
+ * figure out which hash algorithm to use until we decryptted this.
+ */
+SECStatus
+PK11_VerifyRecover(SECKEYPublicKey *key, const SECItem *sig,
+                   SECItem *dsig, void *wincx)
+{
+    PK11SlotInfo *slot = key->pkcs11Slot;
+    CK_OBJECT_HANDLE id = key->pkcs11ID;
+    CK_MECHANISM mech = { 0, NULL, 0 };
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    CK_ULONG len;
+    CK_RV crv;
+
+    mech.mechanism = PK11_MapSignKeyType(key->keyType);
+
+    if (slot == NULL) {
+        slot = PK11_GetBestSlotWithAttributes(mech.mechanism,
+                                              CKF_VERIFY_RECOVER, 0, wincx);
+        if (slot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            return SECFailure;
+        }
+        id = PK11_ImportPublicKey(slot, key, PR_FALSE);
+    } else {
+        PK11_ReferenceSlot(slot);
+    }
+
+    if (id == CK_INVALID_HANDLE) {
+        PK11_FreeSlot(slot);
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_VerifyRecoverInit(session, &mech, id);
+    if (crv != CKR_OK) {
+        if (!owner || !(slot->isThreadSafe))
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        PK11_FreeSlot(slot);
+        return SECFailure;
+    }
+    len = dsig->len;
+    crv = PK11_GETTAB(slot)->C_VerifyRecover(session, sig->data,
+                                             sig->len, dsig->data, &len);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    dsig->len = len;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        PK11_FreeSlot(slot);
+        return SECFailure;
+    }
+    PK11_FreeSlot(slot);
+    return SECSuccess;
+}
+
+/*
+ * verify a signature from its hash.
+ */
+SECStatus
+PK11_Verify(SECKEYPublicKey *key, const SECItem *sig, const SECItem *hash,
+            void *wincx)
+{
+    CK_MECHANISM_TYPE mech = PK11_MapSignKeyType(key->keyType);
+    return PK11_VerifyWithMechanism(key, mech, NULL, sig, hash, wincx);
+}
+
+/*
+ * Verify a signature from its hash using the given algorithm.
+ */
+SECStatus
+PK11_VerifyWithMechanism(SECKEYPublicKey *key, CK_MECHANISM_TYPE mechanism,
+                         const SECItem *param, const SECItem *sig,
+                         const SECItem *hash, void *wincx)
+{
+    PK11SlotInfo *slot = key->pkcs11Slot;
+    CK_OBJECT_HANDLE id = key->pkcs11ID;
+    CK_MECHANISM mech = { 0, NULL, 0 };
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    CK_RV crv;
+
+    mech.mechanism = mechanism;
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+
+    if (slot == NULL) {
+        unsigned int length = 0;
+        if ((mech.mechanism == CKM_DSA) &&
+            /* 129 is 1024 bits translated to bytes and
+             * padded with an optional '0' to maintain a
+             * positive sign */
+            (key->u.dsa.params.prime.len > 129)) {
+            /* we need to get a slot that not only can do DSA, but can do DSA2
+             * key lengths */
+            length = key->u.dsa.params.prime.len;
+            if (key->u.dsa.params.prime.data[0] == 0) {
+                length--;
+            }
+            /* convert keysize to bits for slot lookup */
+            length *= 8;
+        }
+        slot = PK11_GetBestSlotWithAttributes(mech.mechanism,
+                                              CKF_VERIFY, length, wincx);
+        if (slot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            return SECFailure;
+        }
+        id = PK11_ImportPublicKey(slot, key, PR_FALSE);
+
+    } else {
+        PK11_ReferenceSlot(slot);
+    }
+
+    if (id == CK_INVALID_HANDLE) {
+        PK11_FreeSlot(slot);
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_VerifyInit(session, &mech, id);
+    if (crv != CKR_OK) {
+        if (!owner || !(slot->isThreadSafe))
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PK11_FreeSlot(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_Verify(session, hash->data,
+                                      hash->len, sig->data, sig->len);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    PK11_FreeSlot(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * sign a hash. The algorithm is determined by the key.
+ */
+SECStatus
+PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, const SECItem *hash)
+{
+    CK_MECHANISM_TYPE mech = PK11_MapSignKeyType(key->keyType);
+    return PK11_SignWithMechanism(key, mech, NULL, sig, hash);
+}
+
+/*
+ * Sign a hash using the given algorithm.
+ */
+SECStatus
+PK11_SignWithMechanism(SECKEYPrivateKey *key, CK_MECHANISM_TYPE mechanism,
+                       const SECItem *param, SECItem *sig, const SECItem *hash)
+{
+    PK11SlotInfo *slot = key->pkcs11Slot;
+    CK_MECHANISM mech = { 0, NULL, 0 };
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    PRBool haslock = PR_FALSE;
+    CK_ULONG len;
+    CK_RV crv;
+
+    mech.mechanism = mechanism;
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+
+    if (SECKEY_HAS_ATTRIBUTE_SET(key, CKA_PRIVATE)) {
+        PK11_HandlePasswordCheck(slot, key->wincx);
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    haslock = (!owner || !(slot->isThreadSafe));
+    if (haslock)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_SignInit(session, &mech, key->pkcs11ID);
+    if (crv != CKR_OK) {
+        if (haslock)
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
+     * do C_Login with CKU_CONTEXT_SPECIFIC
+     * between C_SignInit and C_Sign */
+    if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
+        PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
+    }
+
+    len = sig->len;
+    crv = PK11_GETTAB(slot)->C_Sign(session, hash->data,
+                                    hash->len, sig->data, &len);
+    if (haslock)
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    sig->len = len;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * sign data with a MAC key.
+ */
+SECStatus
+PK11_SignWithSymKey(PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism,
+                    SECItem *param, SECItem *sig, const SECItem *data)
+{
+    PK11SlotInfo *slot = symKey->slot;
+    CK_MECHANISM mech = { 0, NULL, 0 };
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    PRBool haslock = PR_FALSE;
+    CK_ULONG len;
+    CK_RV crv;
+
+    mech.mechanism = mechanism;
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    haslock = (!owner || !(slot->isThreadSafe));
+    if (haslock)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_SignInit(session, &mech, symKey->objectID);
+    if (crv != CKR_OK) {
+        if (haslock)
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    len = sig->len;
+    crv = PK11_GETTAB(slot)->C_Sign(session, data->data,
+                                    data->len, sig->data, &len);
+    if (haslock)
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    sig->len = len;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PK11_Decrypt(PK11SymKey *symKey,
+             CK_MECHANISM_TYPE mechanism, SECItem *param,
+             unsigned char *out, unsigned int *outLen,
+             unsigned int maxLen,
+             const unsigned char *enc, unsigned encLen)
+{
+    PK11SlotInfo *slot = symKey->slot;
+    CK_MECHANISM mech = { 0, NULL, 0 };
+    CK_ULONG len = maxLen;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    PRBool haslock = PR_FALSE;
+    CK_RV crv;
+
+    mech.mechanism = mechanism;
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    haslock = (!owner || !slot->isThreadSafe);
+    if (haslock)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_DecryptInit(session, &mech, symKey->objectID);
+    if (crv != CKR_OK) {
+        if (haslock)
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
+                                       out, &len);
+    if (haslock)
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    *outLen = len;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PK11_Encrypt(PK11SymKey *symKey,
+             CK_MECHANISM_TYPE mechanism, SECItem *param,
+             unsigned char *out, unsigned int *outLen,
+             unsigned int maxLen,
+             const unsigned char *data, unsigned int dataLen)
+{
+    PK11SlotInfo *slot = symKey->slot;
+    CK_MECHANISM mech = { 0, NULL, 0 };
+    CK_ULONG len = maxLen;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    PRBool haslock = PR_FALSE;
+    CK_RV crv;
+
+    mech.mechanism = mechanism;
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    haslock = (!owner || !slot->isThreadSafe);
+    if (haslock)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_EncryptInit(session, &mech, symKey->objectID);
+    if (crv != CKR_OK) {
+        if (haslock)
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_Encrypt(session, (unsigned char *)data,
+                                       dataLen, out, &len);
+    if (haslock)
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    *outLen = len;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+pk11_PrivDecryptRaw(SECKEYPrivateKey *key,
+                    unsigned char *data, unsigned *outLen, unsigned int maxLen,
+                    const unsigned char *enc, unsigned encLen,
+                    CK_MECHANISM_PTR mech)
+{
+    PK11SlotInfo *slot = key->pkcs11Slot;
+    CK_ULONG out = maxLen;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    PRBool haslock = PR_FALSE;
+    CK_RV crv;
+
+    if (key->keyType != rsaKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    /* Why do we do a PK11_handle check here? for simple
+     * decryption? .. because the user may have asked for 'ask always'
+     * and this is a private key operation. In practice, thought, it's mute
+     * since only servers wind up using this function */
+    if (SECKEY_HAS_ATTRIBUTE_SET(key, CKA_PRIVATE)) {
+        PK11_HandlePasswordCheck(slot, key->wincx);
+    }
+    session = pk11_GetNewSession(slot, &owner);
+    haslock = (!owner || !(slot->isThreadSafe));
+    if (haslock)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_DecryptInit(session, mech, key->pkcs11ID);
+    if (crv != CKR_OK) {
+        if (haslock)
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    /* PKCS11 2.20 says if CKA_ALWAYS_AUTHENTICATE then
+     * do C_Login with CKU_CONTEXT_SPECIFIC
+     * between C_DecryptInit and C_Decrypt
+     * ... But see note above about servers */
+    if (SECKEY_HAS_ATTRIBUTE_SET_LOCK(key, CKA_ALWAYS_AUTHENTICATE, haslock)) {
+        PK11_DoPassword(slot, session, PR_FALSE, key->wincx, haslock, PR_TRUE);
+    }
+
+    crv = PK11_GETTAB(slot)->C_Decrypt(session, (unsigned char *)enc, encLen,
+                                       data, &out);
+    if (haslock)
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    *outLen = out;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PK11_PubDecryptRaw(SECKEYPrivateKey *key,
+                   unsigned char *data, unsigned *outLen, unsigned int maxLen,
+                   const unsigned char *enc, unsigned encLen)
+{
+    CK_MECHANISM mech = { CKM_RSA_X_509, NULL, 0 };
+    return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech);
+}
+
+SECStatus
+PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key,
+                      unsigned char *data, unsigned *outLen, unsigned int maxLen,
+                      const unsigned char *enc, unsigned encLen)
+{
+    CK_MECHANISM mech = { CKM_RSA_PKCS, NULL, 0 };
+    return pk11_PrivDecryptRaw(key, data, outLen, maxLen, enc, encLen, &mech);
+}
+
+static SECStatus
+pk11_PubEncryptRaw(SECKEYPublicKey *key,
+                   unsigned char *out, unsigned int *outLen,
+                   unsigned int maxLen,
+                   const unsigned char *data, unsigned dataLen,
+                   CK_MECHANISM_PTR mech, void *wincx)
+{
+    PK11SlotInfo *slot;
+    CK_OBJECT_HANDLE id;
+    CK_ULONG len = maxLen;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    CK_RV crv;
+
+    slot = PK11_GetBestSlotWithAttributes(mech->mechanism, CKF_ENCRYPT, 0, wincx);
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return SECFailure;
+    }
+
+    id = PK11_ImportPublicKey(slot, key, PR_FALSE);
+
+    if (id == CK_INVALID_HANDLE) {
+        PK11_FreeSlot(slot);
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_EncryptInit(session, mech, id);
+    if (crv != CKR_OK) {
+        if (!owner || !(slot->isThreadSafe))
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PK11_FreeSlot(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_Encrypt(session, (unsigned char *)data, dataLen,
+                                       out, &len);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    PK11_FreeSlot(slot);
+    *outLen = len;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PK11_PubEncryptRaw(SECKEYPublicKey *key,
+                   unsigned char *enc,
+                   const unsigned char *data, unsigned dataLen,
+                   void *wincx)
+{
+    CK_MECHANISM mech = { CKM_RSA_X_509, NULL, 0 };
+    unsigned int outLen;
+    if (!key || key->keyType != rsaKey) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+    outLen = SECKEY_PublicKeyStrength(key);
+    return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech,
+                              wincx);
+}
+
+SECStatus
+PK11_PubEncryptPKCS1(SECKEYPublicKey *key,
+                     unsigned char *enc,
+                     const unsigned char *data, unsigned dataLen,
+                     void *wincx)
+{
+    CK_MECHANISM mech = { CKM_RSA_PKCS, NULL, 0 };
+    unsigned int outLen;
+    if (!key || key->keyType != rsaKey) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+    outLen = SECKEY_PublicKeyStrength(key);
+    return pk11_PubEncryptRaw(key, enc, &outLen, outLen, data, dataLen, &mech,
+                              wincx);
+}
+
+SECStatus
+PK11_PrivDecrypt(SECKEYPrivateKey *key,
+                 CK_MECHANISM_TYPE mechanism, SECItem *param,
+                 unsigned char *out, unsigned int *outLen,
+                 unsigned int maxLen,
+                 const unsigned char *enc, unsigned encLen)
+{
+    CK_MECHANISM mech = { mechanism, NULL, 0 };
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+    return pk11_PrivDecryptRaw(key, out, outLen, maxLen, enc, encLen, &mech);
+}
+
+SECStatus
+PK11_PubEncrypt(SECKEYPublicKey *key,
+                CK_MECHANISM_TYPE mechanism, SECItem *param,
+                unsigned char *out, unsigned int *outLen,
+                unsigned int maxLen,
+                const unsigned char *data, unsigned dataLen,
+                void *wincx)
+{
+    CK_MECHANISM mech = { mechanism, NULL, 0 };
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    }
+    return pk11_PubEncryptRaw(key, out, outLen, maxLen, data, dataLen, &mech,
+                              wincx);
+}
+
+SECKEYPrivateKey *
+PK11_UnwrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
+                   CK_MECHANISM_TYPE wrapType, SECItem *param,
+                   SECItem *wrappedKey, SECItem *label,
+                   SECItem *idValue, PRBool perm, PRBool sensitive,
+                   CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage,
+                   int usageCount, void *wincx)
+{
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
+    CK_ATTRIBUTE keyTemplate[15];
+    int templateCount = 0;
+    CK_OBJECT_HANDLE privKeyID;
+    CK_MECHANISM mechanism;
+    CK_ATTRIBUTE *attrs = keyTemplate;
+    SECItem *param_free = NULL, *ck_id = NULL;
+    CK_RV crv;
+    CK_SESSION_HANDLE rwsession;
+    PK11SymKey *newKey = NULL;
+    int i;
+
+    if (!slot || !wrappedKey || !idValue) {
+        /* SET AN ERROR!!! */
+        return NULL;
+    }
+
+    ck_id = PK11_MakeIDFromPubKey(idValue);
+    if (!ck_id) {
+        return NULL;
+    }
+
+    PK11_SETATTRS(attrs, CKA_TOKEN, perm ? &cktrue : &ckfalse,
+                  sizeof(cktrue));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_PRIVATE, sensitive ? &cktrue : &ckfalse,
+                  sizeof(cktrue));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_SENSITIVE, sensitive ? &cktrue : &ckfalse,
+                  sizeof(cktrue));
+    attrs++;
+    if (label && label->data) {
+        PK11_SETATTRS(attrs, CKA_LABEL, label->data, label->len);
+        attrs++;
+    }
+    PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+    attrs++;
+    for (i = 0; i < usageCount; i++) {
+        PK11_SETATTRS(attrs, usage[i], &cktrue, sizeof(cktrue));
+        attrs++;
+    }
+
+    if (PK11_IsInternal(slot)) {
+        PK11_SETATTRS(attrs, CKA_NETSCAPE_DB, idValue->data,
+                      idValue->len);
+        attrs++;
+    }
+
+    templateCount = attrs - keyTemplate;
+    PR_ASSERT(templateCount <= (sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE)));
+
+    mechanism.mechanism = wrapType;
+    if (!param)
+        param = param_free = PK11_ParamFromIV(wrapType, NULL);
+    if (param) {
+        mechanism.pParameter = param->data;
+        mechanism.ulParameterLen = param->len;
+    } else {
+        mechanism.pParameter = NULL;
+        mechanism.ulParameterLen = 0;
+    }
+
+    if (wrappingKey->slot != slot) {
+        newKey = pk11_CopyToSlot(slot, wrapType, CKA_UNWRAP, wrappingKey);
+    } else {
+        newKey = PK11_ReferenceSymKey(wrappingKey);
+    }
+
+    if (newKey) {
+        if (perm) {
+            /* Get RW Session will either lock the monitor if necessary,
+             *  or return a thread safe session handle, or fail. */
+            rwsession = PK11_GetRWSession(slot);
+        } else {
+            rwsession = slot->session;
+            if (rwsession != CK_INVALID_SESSION)
+                PK11_EnterSlotMonitor(slot);
+        }
+        /* This is a lot a work to deal with fussy PKCS #11 modules
+         * that can't bother to return BAD_DATA when presented with an
+         * invalid session! */
+        if (rwsession == CK_INVALID_SESSION) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            goto loser;
+        }
+        crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession, &mechanism,
+                                             newKey->objectID,
+                                             wrappedKey->data,
+                                             wrappedKey->len, keyTemplate,
+                                             templateCount, &privKeyID);
+
+        if (perm) {
+            PK11_RestoreROSession(slot, rwsession);
+        } else {
+            PK11_ExitSlotMonitor(slot);
+        }
+        PK11_FreeSymKey(newKey);
+        newKey = NULL;
+    } else {
+        crv = CKR_FUNCTION_NOT_SUPPORTED;
+    }
+
+    SECITEM_FreeItem(ck_id, PR_TRUE);
+    ck_id = NULL;
+
+    if (crv != CKR_OK) {
+        /* we couldn't unwrap the key, use the internal module to do the
+         * unwrap, then load the new key into the token */
+        PK11SlotInfo *int_slot = PK11_GetInternalSlot();
+
+        if (int_slot && (slot != int_slot)) {
+            SECKEYPrivateKey *privKey = PK11_UnwrapPrivKey(int_slot,
+                                                           wrappingKey, wrapType, param, wrappedKey, label,
+                                                           idValue, PR_FALSE, PR_FALSE,
+                                                           keyType, usage, usageCount, wincx);
+            if (privKey) {
+                SECKEYPrivateKey *newPrivKey = PK11_LoadPrivKey(slot, privKey,
+                                                                NULL, perm, sensitive);
+                SECKEY_DestroyPrivateKey(privKey);
+                PK11_FreeSlot(int_slot);
+                return newPrivKey;
+            }
+        }
+        if (int_slot)
+            PK11_FreeSlot(int_slot);
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+    return PK11_MakePrivKey(slot, nullKey, PR_FALSE, privKeyID, wincx);
+
+loser:
+    if (newKey) {
+        PK11_FreeSymKey(newKey);
+    }
+    if (ck_id) {
+        SECITEM_FreeItem(ck_id, PR_TRUE);
+    }
+    return NULL;
+}
+
+/*
+ * Now we're going to wrap a SECKEYPrivateKey with a PK11SymKey
+ * The strategy is to get both keys to reside in the same slot,
+ * one that can perform the desired crypto mechanism and then
+ * call C_WrapKey after all the setup has taken place.
+ */
+SECStatus
+PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
+                 SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
+                 SECItem *param, SECItem *wrappedKey, void *wincx)
+{
+    PK11SlotInfo *privSlot = privKey->pkcs11Slot; /* The slot where
+                                                   * the private key
+                                                   * we are going to
+                                                   * wrap lives.
+                                                   */
+    PK11SymKey *newSymKey = NULL;
+    SECKEYPrivateKey *newPrivKey = NULL;
+    SECItem *param_free = NULL;
+    CK_ULONG len = wrappedKey->len;
+    CK_MECHANISM mech;
+    CK_RV crv;
+
+    if (!privSlot || !PK11_DoesMechanism(privSlot, wrapType)) {
+        /* Figure out a slot that does the mechanism and try to import
+         * the private key onto that slot.
+         */
+        PK11SlotInfo *int_slot = PK11_GetInternalSlot();
+
+        privSlot = int_slot; /* The private key has a new home */
+        newPrivKey = PK11_LoadPrivKey(privSlot, privKey, NULL, PR_FALSE, PR_FALSE);
+        /* newPrivKey has allocated its own reference to the slot, so it's
+         * safe until we destroy newPrivkey.
+         */
+        PK11_FreeSlot(int_slot);
+        if (newPrivKey == NULL) {
+            return SECFailure;
+        }
+        privKey = newPrivKey;
+    }
+
+    if (privSlot != wrappingKey->slot) {
+        newSymKey = pk11_CopyToSlot(privSlot, wrapType, CKA_WRAP,
+                                    wrappingKey);
+        wrappingKey = newSymKey;
+    }
+
+    if (wrappingKey == NULL) {
+        if (newPrivKey) {
+            SECKEY_DestroyPrivateKey(newPrivKey);
+        }
+        return SECFailure;
+    }
+    mech.mechanism = wrapType;
+    if (!param) {
+        param = param_free = PK11_ParamFromIV(wrapType, NULL);
+    }
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    } else {
+        mech.pParameter = NULL;
+        mech.ulParameterLen = 0;
+    }
+
+    PK11_EnterSlotMonitor(privSlot);
+    crv = PK11_GETTAB(privSlot)->C_WrapKey(privSlot->session, &mech,
+                                           wrappingKey->objectID,
+                                           privKey->pkcs11ID,
+                                           wrappedKey->data, &len);
+    PK11_ExitSlotMonitor(privSlot);
+
+    if (newSymKey) {
+        PK11_FreeSymKey(newSymKey);
+    }
+    if (newPrivKey) {
+        SECKEY_DestroyPrivateKey(newPrivKey);
+    }
+    if (param_free) {
+        SECITEM_FreeItem(param_free, PR_TRUE);
+    }
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    wrappedKey->len = len;
+    return SECSuccess;
+}
+
+#if 0
+/*
+ * Sample code relating to linked list returned by PK11_FindGenericObjects
+ */
+
+/*
+ * You can walk the list with the following code:
+ */
+    firstObj = PK11_FindGenericObjects(slot, objClass);
+    for (thisObj=firstObj;
+         thisObj;
+         thisObj=PK11_GetNextGenericObject(thisObj)) {
+        /* operate on thisObj */
+    }
+/*
+ * If you want a particular object from the list...
+ */
+    firstObj = PK11_FindGenericObjects(slot, objClass);
+    for (thisObj=firstObj;
+         thisObj;
+         thisObj=PK11_GetNextGenericObject(thisObj)) {
+      if (isMyObj(thisObj)) {
+       if ( thisObj == firstObj) {
+                /* NOTE: firstObj could be NULL at this point */
+      firstObj = PK11_GetNextGenericObject(thsObj);
+       }
+       PK11_UnlinkGenericObject(thisObj);
+            myObj = thisObj;
+            break;
+        }
+    }
+
+    PK11_DestroyGenericObjects(firstObj);
+
+      /* use myObj */
+
+    PK11_DestroyGenericObject(myObj);
+#endif /* sample code */
+
+/*
+ * return a linked, non-circular list of generic objects.
+ * If you are only interested
+ * in one object, just use the first object in the list. To find the
+ * rest of the list use PK11_GetNextGenericObject() to return the next object.
+ */
+PK11GenericObject *
+PK11_FindGenericObjects(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass)
+{
+    CK_ATTRIBUTE template[1];
+    CK_ATTRIBUTE *attrs = template;
+    CK_OBJECT_HANDLE *objectIDs = NULL;
+    PK11GenericObject *lastObj = NULL, *obj;
+    PK11GenericObject *firstObj = NULL;
+    int i, count = 0;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass));
+    attrs++;
+
+    objectIDs = pk11_FindObjectsByTemplate(slot, template, 1, &count);
+    if (objectIDs == NULL) {
+        return NULL;
+    }
+
+    /* where we connect our object once we've created it.. */
+    for (i = 0; i < count; i++) {
+        obj = PORT_New(PK11GenericObject);
+        if (!obj) {
+            if (firstObj) {
+                PK11_DestroyGenericObjects(firstObj);
+            }
+            PORT_Free(objectIDs);
+            return NULL;
+        }
+        /* initialize it */
+        obj->slot = PK11_ReferenceSlot(slot);
+        obj->objectID = objectIDs[i];
+        obj->next = NULL;
+        obj->prev = NULL;
+
+        /* link it in */
+        if (firstObj == NULL) {
+            firstObj = obj;
+        } else {
+            PK11_LinkGenericObject(lastObj, obj);
+        }
+        lastObj = obj;
+    }
+    PORT_Free(objectIDs);
+    return firstObj;
+}
+
+/*
+ * get the Next Object in the list.
+ */
+PK11GenericObject *
+PK11_GetNextGenericObject(PK11GenericObject *object)
+{
+    return object->next;
+}
+
+PK11GenericObject *
+PK11_GetPrevGenericObject(PK11GenericObject *object)
+{
+    return object->prev;
+}
+
+/*
+ * Link a single object into a new list.
+ * if the object is already in another list, remove it first.
+ */
+SECStatus
+PK11_LinkGenericObject(PK11GenericObject *list, PK11GenericObject *object)
+{
+    PK11_UnlinkGenericObject(object);
+    object->prev = list;
+    object->next = list->next;
+    list->next = object;
+    if (object->next != NULL) {
+        object->next->prev = object;
+    }
+    return SECSuccess;
+}
+
+/*
+ * remove an object from the list. If the object isn't already in
+ * a list unlink becomes a noop.
+ */
+SECStatus
+PK11_UnlinkGenericObject(PK11GenericObject *object)
+{
+    if (object->prev != NULL) {
+        object->prev->next = object->next;
+    }
+    if (object->next != NULL) {
+        object->next->prev = object->prev;
+    }
+
+    object->next = NULL;
+    object->prev = NULL;
+    return SECSuccess;
+}
+
+/*
+ * This function removes a single object from the list and destroys it.
+ * For an already unlinked object there is no difference between
+ * PK11_DestroyGenericObject and PK11_DestroyGenericObjects
+ */
+SECStatus
+PK11_DestroyGenericObject(PK11GenericObject *object)
+{
+    if (object == NULL) {
+        return SECSuccess;
+    }
+
+    PK11_UnlinkGenericObject(object);
+    if (object->slot) {
+        PK11_FreeSlot(object->slot);
+    }
+    PORT_Free(object);
+    return SECSuccess;
+}
+
+/*
+ * walk down a link list of generic objects destroying them.
+ * This will destroy all objects in a list that the object is linked into.
+ * (the list is traversed in both directions).
+ */
+SECStatus
+PK11_DestroyGenericObjects(PK11GenericObject *objects)
+{
+    PK11GenericObject *nextObject;
+    PK11GenericObject *prevObject;
+
+    if (objects == NULL) {
+        return SECSuccess;
+    }
+
+    nextObject = objects->next;
+    prevObject = objects->prev;
+
+    /* delete all the objects after it in the list */
+    for (; objects; objects = nextObject) {
+        nextObject = objects->next;
+        PK11_DestroyGenericObject(objects);
+    }
+    /* delete all the objects before it in the list */
+    for (objects = prevObject; objects; objects = prevObject) {
+        prevObject = objects->prev;
+        PK11_DestroyGenericObject(objects);
+    }
+    return SECSuccess;
+}
+
+/*
+ * Hand Create a new object and return the Generic object for our new object.
+ */
+PK11GenericObject *
+PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
+                         int count, PRBool token)
+{
+    CK_OBJECT_HANDLE objectID;
+    PK11GenericObject *obj;
+    CK_RV crv;
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_CreateNewObject(slot, slot->session, pTemplate, count,
+                               token, &objectID);
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+
+    obj = PORT_New(PK11GenericObject);
+    if (!obj) {
+        /* error set by PORT_New */
+        return NULL;
+    }
+
+    /* initialize it */
+    obj->slot = PK11_ReferenceSlot(slot);
+    obj->objectID = objectID;
+    obj->next = NULL;
+    obj->prev = NULL;
+    return obj;
+}
+
+/*
+ * Change an attribute on a raw object
+ */
+SECStatus
+PK11_WriteRawAttribute(PK11ObjectType objType, void *objSpec,
+                       CK_ATTRIBUTE_TYPE attrType, SECItem *item)
+{
+    PK11SlotInfo *slot = NULL;
+    CK_OBJECT_HANDLE handle = 0;
+    CK_ATTRIBUTE setTemplate;
+    CK_RV crv;
+    CK_SESSION_HANDLE rwsession;
+
+    switch (objType) {
+        case PK11_TypeGeneric:
+            slot = ((PK11GenericObject *)objSpec)->slot;
+            handle = ((PK11GenericObject *)objSpec)->objectID;
+            break;
+        case PK11_TypePrivKey:
+            slot = ((SECKEYPrivateKey *)objSpec)->pkcs11Slot;
+            handle = ((SECKEYPrivateKey *)objSpec)->pkcs11ID;
+            break;
+        case PK11_TypePubKey:
+            slot = ((SECKEYPublicKey *)objSpec)->pkcs11Slot;
+            handle = ((SECKEYPublicKey *)objSpec)->pkcs11ID;
+            break;
+        case PK11_TypeSymKey:
+            slot = ((PK11SymKey *)objSpec)->slot;
+            handle = ((PK11SymKey *)objSpec)->objectID;
+            break;
+        case PK11_TypeCert: /* don't handle cert case for now */
+        default:
+            break;
+    }
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE);
+        return SECFailure;
+    }
+
+    PK11_SETATTRS(&setTemplate, attrType, (CK_CHAR *)item->data, item->len);
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_SetAttributeValue(rwsession, handle,
+                                                 &setTemplate, 1);
+    PK11_RestoreROSession(slot, rwsession);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec,
+                      CK_ATTRIBUTE_TYPE attrType, SECItem *item)
+{
+    PK11SlotInfo *slot = NULL;
+    CK_OBJECT_HANDLE handle = 0;
+
+    switch (objType) {
+        case PK11_TypeGeneric:
+            slot = ((PK11GenericObject *)objSpec)->slot;
+            handle = ((PK11GenericObject *)objSpec)->objectID;
+            break;
+        case PK11_TypePrivKey:
+            slot = ((SECKEYPrivateKey *)objSpec)->pkcs11Slot;
+            handle = ((SECKEYPrivateKey *)objSpec)->pkcs11ID;
+            break;
+        case PK11_TypePubKey:
+            slot = ((SECKEYPublicKey *)objSpec)->pkcs11Slot;
+            handle = ((SECKEYPublicKey *)objSpec)->pkcs11ID;
+            break;
+        case PK11_TypeSymKey:
+            slot = ((PK11SymKey *)objSpec)->slot;
+            handle = ((PK11SymKey *)objSpec)->objectID;
+            break;
+        case PK11_TypeCert: /* don't handle cert case for now */
+        default:
+            break;
+    }
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_UNKNOWN_OBJECT_TYPE);
+        return SECFailure;
+    }
+
+    return PK11_ReadAttribute(slot, handle, attrType, NULL, item);
+}
+
+/*
+ * return the object handle that matches the template
+ */
+CK_OBJECT_HANDLE
+pk11_FindObjectByTemplate(PK11SlotInfo *slot, CK_ATTRIBUTE *theTemplate, int tsize)
+{
+    CK_OBJECT_HANDLE object;
+    CK_RV crv = CKR_SESSION_HANDLE_INVALID;
+    CK_ULONG objectCount;
+
+    /*
+     * issue the find
+     */
+    PK11_EnterSlotMonitor(slot);
+    if (slot->session != CK_INVALID_SESSION) {
+        crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session,
+                                                   theTemplate, tsize);
+    }
+    if (crv != CKR_OK) {
+        PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return CK_INVALID_HANDLE;
+    }
+
+    crv = PK11_GETTAB(slot)->C_FindObjects(slot->session, &object, 1, &objectCount);
+    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
+    PK11_ExitSlotMonitor(slot);
+    if ((crv != CKR_OK) || (objectCount < 1)) {
+        /* shouldn't use SSL_ERROR... here */
+        PORT_SetError(crv != CKR_OK ? PK11_MapError(crv) : SSL_ERROR_NO_CERTIFICATE);
+        return CK_INVALID_HANDLE;
+    }
+
+    /* blow up if the PKCS #11 module returns us and invalid object handle */
+    PORT_Assert(object != CK_INVALID_HANDLE);
+    return object;
+}
+
+/*
+ * return all the object handles that matches the template
+ */
+CK_OBJECT_HANDLE *
+pk11_FindObjectsByTemplate(PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate,
+                           int templCount, int *object_count)
+{
+    CK_OBJECT_HANDLE *objID = NULL;
+    CK_ULONG returned_count = 0;
+    CK_RV crv = CKR_SESSION_HANDLE_INVALID;
+
+    PK11_EnterSlotMonitor(slot);
+    if (slot->session != CK_INVALID_SESSION) {
+        crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session,
+                                                   findTemplate, templCount);
+    }
+    if (crv != CKR_OK) {
+        PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        *object_count = -1;
+        return NULL;
+    }
+
+    /*
+     * collect all the Matching Objects
+     */
+    do {
+        CK_OBJECT_HANDLE *oldObjID = objID;
+
+        if (objID == NULL) {
+            objID = (CK_OBJECT_HANDLE *)PORT_Alloc(sizeof(CK_OBJECT_HANDLE) *
+                                                   (*object_count + PK11_SEARCH_CHUNKSIZE));
+        } else {
+            objID = (CK_OBJECT_HANDLE *)PORT_Realloc(objID,
+                                                     sizeof(CK_OBJECT_HANDLE) * (*object_count + PK11_SEARCH_CHUNKSIZE));
+        }
+
+        if (objID == NULL) {
+            if (oldObjID)
+                PORT_Free(oldObjID);
+            break;
+        }
+        crv = PK11_GETTAB(slot)->C_FindObjects(slot->session,
+                                               &objID[*object_count], PK11_SEARCH_CHUNKSIZE, &returned_count);
+        if (crv != CKR_OK) {
+            PORT_SetError(PK11_MapError(crv));
+            PORT_Free(objID);
+            objID = NULL;
+            break;
+        }
+        *object_count += returned_count;
+    } while (returned_count == PK11_SEARCH_CHUNKSIZE);
+
+    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
+    PK11_ExitSlotMonitor(slot);
+
+    if (objID && (*object_count == 0)) {
+        PORT_Free(objID);
+        return NULL;
+    }
+    if (objID == NULL)
+        *object_count = -1;
+    return objID;
+}
+/*
+ * given a PKCS #11 object, match it's peer based on the KeyID. searchID
+ * is typically a privateKey or a certificate while the peer is the opposite
+ */
+CK_OBJECT_HANDLE
+PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID,
+               CK_OBJECT_CLASS matchclass)
+{
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_ID, NULL, 0 },
+        { CKA_CLASS, NULL, 0 }
+    };
+    /* if you change the array, change the variable below as well */
+    CK_ATTRIBUTE *keyclass = &theTemplate[1];
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    /* if you change the array, change the variable below as well */
+    CK_OBJECT_HANDLE peerID;
+    PORTCheapArenaPool tmpArena;
+    CK_RV crv;
+
+    /* now we need to create space for the public key */
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+
+    crv = PK11_GetAttributes(&tmpArena.arena, slot, searchID, theTemplate, tsize);
+    if (crv != CKR_OK) {
+        PORT_DestroyCheapArena(&tmpArena);
+        PORT_SetError(PK11_MapError(crv));
+        return CK_INVALID_HANDLE;
+    }
+
+    if ((theTemplate[0].ulValueLen == 0) || (theTemplate[0].ulValueLen == -1)) {
+        PORT_DestroyCheapArena(&tmpArena);
+        if (matchclass == CKO_CERTIFICATE)
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+        else
+            PORT_SetError(SEC_ERROR_NO_KEY);
+        return CK_INVALID_HANDLE;
+    }
+
+    /*
+     * issue the find
+     */
+    *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass;
+
+    peerID = pk11_FindObjectByTemplate(slot, theTemplate, tsize);
+    PORT_DestroyCheapArena(&tmpArena);
+
+    return peerID;
+}
+
+/*
+ * count the number of objects that match the template.
+ */
+int
+PK11_NumberObjectsFor(PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate,
+                      int templCount)
+{
+    CK_OBJECT_HANDLE objID[PK11_SEARCH_CHUNKSIZE];
+    int object_count = 0;
+    CK_ULONG returned_count = 0;
+    CK_RV crv = CKR_SESSION_HANDLE_INVALID;
+
+    PK11_EnterSlotMonitor(slot);
+    if (slot->session != CK_INVALID_SESSION) {
+        crv = PK11_GETTAB(slot)->C_FindObjectsInit(slot->session,
+                                                   findTemplate, templCount);
+    }
+    if (crv != CKR_OK) {
+        PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return object_count;
+    }
+
+    /*
+     * collect all the Matching Objects
+     */
+    do {
+        crv = PK11_GETTAB(slot)->C_FindObjects(slot->session, objID,
+                                               PK11_SEARCH_CHUNKSIZE,
+                                               &returned_count);
+        if (crv != CKR_OK) {
+            PORT_SetError(PK11_MapError(crv));
+            break;
+        }
+        object_count += returned_count;
+    } while (returned_count == PK11_SEARCH_CHUNKSIZE);
+
+    PK11_GETTAB(slot)->C_FindObjectsFinal(slot->session);
+    PK11_ExitSlotMonitor(slot);
+    return object_count;
+}
+
+/*
+ * Traverse all the objects in a given slot.
+ */
+SECStatus
+PK11_TraverseSlot(PK11SlotInfo *slot, void *arg)
+{
+    int i;
+    CK_OBJECT_HANDLE *objID = NULL;
+    int object_count = 0;
+    pk11TraverseSlot *slotcb = (pk11TraverseSlot *)arg;
+
+    objID = pk11_FindObjectsByTemplate(slot, slotcb->findTemplate,
+                                       slotcb->templateCount, &object_count);
+
+    /*Actually this isn't a failure... there just were no objs to be found*/
+    if (object_count == 0) {
+        return SECSuccess;
+    }
+
+    if (objID == NULL) {
+        return SECFailure;
+    }
+
+    for (i = 0; i < object_count; i++) {
+        (*slotcb->callback)(slot, objID[i], slotcb->callbackArg);
+    }
+    PORT_Free(objID);
+    return SECSuccess;
+}
+
+/*
+ * Traverse all the objects in all slots.
+ */
+SECStatus
+pk11_TraverseAllSlots(SECStatus (*callback)(PK11SlotInfo *, void *),
+                      void *arg, PRBool forceLogin, void *wincx)
+{
+    PK11SlotList *list;
+    PK11SlotListElement *le;
+    SECStatus rv;
+
+    /* get them all! */
+    list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, wincx);
+    if (list == NULL)
+        return SECFailure;
+
+    /* look at each slot and authenticate as necessary */
+    for (le = list->head; le; le = le->next) {
+        if (forceLogin) {
+            rv = pk11_AuthenticateUnfriendly(le->slot, PR_FALSE, wincx);
+            if (rv != SECSuccess) {
+                continue;
+            }
+        }
+        if (callback) {
+            (*callback)(le->slot, arg);
+        }
+    }
+
+    PK11_FreeSlotList(list);
+
+    return SECSuccess;
+}
+
+CK_OBJECT_HANDLE *
+PK11_FindObjectsFromNickname(char *nickname, PK11SlotInfo **slotptr,
+                             CK_OBJECT_CLASS objclass, int *returnCount, void *wincx)
+{
+    char *tokenName;
+    char *delimit;
+    PK11SlotInfo *slot;
+    CK_OBJECT_HANDLE *objID;
+    CK_ATTRIBUTE findTemplate[] = {
+        { CKA_LABEL, NULL, 0 },
+        { CKA_CLASS, NULL, 0 },
+    };
+    int findCount = sizeof(findTemplate) / sizeof(findTemplate[0]);
+    SECStatus rv;
+    PK11_SETATTRS(&findTemplate[1], CKA_CLASS, &objclass, sizeof(objclass));
+
+    *slotptr = slot = NULL;
+    *returnCount = 0;
+    /* first find the slot associated with this nickname */
+    if ((delimit = PORT_Strchr(nickname, ':')) != NULL) {
+        int len = delimit - nickname;
+        tokenName = (char *)PORT_Alloc(len + 1);
+        PORT_Memcpy(tokenName, nickname, len);
+        tokenName[len] = 0;
+
+        slot = *slotptr = PK11_FindSlotByName(tokenName);
+        PORT_Free(tokenName);
+        /* if we couldn't find a slot, assume the nickname is an internal cert
+         * with no proceding slot name */
+        if (slot == NULL) {
+            slot = *slotptr = PK11_GetInternalKeySlot();
+        } else {
+            nickname = delimit + 1;
+        }
+    } else {
+        *slotptr = slot = PK11_GetInternalKeySlot();
+    }
+    if (slot == NULL) {
+        return CK_INVALID_HANDLE;
+    }
+
+    rv = pk11_AuthenticateUnfriendly(slot, PR_TRUE, wincx);
+    if (rv != SECSuccess) {
+        PK11_FreeSlot(slot);
+        *slotptr = NULL;
+        return CK_INVALID_HANDLE;
+    }
+
+    findTemplate[0].pValue = nickname;
+    findTemplate[0].ulValueLen = PORT_Strlen(nickname);
+    objID = pk11_FindObjectsByTemplate(slot, findTemplate, findCount, returnCount);
+    if (objID == NULL) {
+        /* PKCS #11 isn't clear on whether or not the NULL is
+         * stored in the template.... try the find again with the
+         * full null terminated string. */
+        findTemplate[0].ulValueLen += 1;
+        objID = pk11_FindObjectsByTemplate(slot, findTemplate, findCount,
+                                           returnCount);
+        if (objID == NULL) {
+            /* Well that's the best we can do. It's just not here */
+            /* what about faked nicknames? */
+            PK11_FreeSlot(slot);
+            *slotptr = NULL;
+            *returnCount = 0;
+        }
+    }
+
+    return objID;
+}
+
+SECItem *
+pk11_GetLowLevelKeyFromHandle(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle)
+{
+    CK_ATTRIBUTE theTemplate[] = {
+        { CKA_ID, NULL, 0 },
+    };
+    int tsize = sizeof(theTemplate) / sizeof(theTemplate[0]);
+    CK_RV crv;
+    SECItem *item;
+
+    item = SECITEM_AllocItem(NULL, NULL, 0);
+
+    if (item == NULL) {
+        return NULL;
+    }
+
+    crv = PK11_GetAttributes(NULL, slot, handle, theTemplate, tsize);
+    if (crv != CKR_OK) {
+        SECITEM_FreeItem(item, PR_TRUE);
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+
+    item->data = (unsigned char *)theTemplate[0].pValue;
+    item->len = theTemplate[0].ulValueLen;
+
+    return item;
+}
diff --git a/nss/lib/pk11wrap/pk11pars.c b/nss/lib/pk11wrap/pk11pars.c
new file mode 100644
index 0000000..ee20789
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11pars.c
@@ -0,0 +1,1796 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * The following handles the loading, unloading and management of
+ * various PCKS #11 modules
+ */
+
+#include <ctype.h>
+#include <assert.h>
+#include "pkcs11.h"
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pki3hack.h"
+#include "secerr.h"
+#include "nss.h"
+#include "utilpars.h"
+#include "pk11pub.h"
+
+/* create a new module */
+static SECMODModule *
+secmod_NewModule(void)
+{
+    SECMODModule *newMod;
+    PLArenaPool *arena;
+
+    /* create an arena in which dllName and commonName can be
+     * allocated.
+     */
+    arena = PORT_NewArena(512);
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    newMod = (SECMODModule *)PORT_ArenaAlloc(arena, sizeof(SECMODModule));
+    if (newMod == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    /*
+     * initialize of the fields of the module
+     */
+    newMod->arena = arena;
+    newMod->internal = PR_FALSE;
+    newMod->loaded = PR_FALSE;
+    newMod->isFIPS = PR_FALSE;
+    newMod->dllName = NULL;
+    newMod->commonName = NULL;
+    newMod->library = NULL;
+    newMod->functionList = NULL;
+    newMod->slotCount = 0;
+    newMod->slots = NULL;
+    newMod->slotInfo = NULL;
+    newMod->slotInfoCount = 0;
+    newMod->refCount = 1;
+    newMod->ssl[0] = 0;
+    newMod->ssl[1] = 0;
+    newMod->libraryParams = NULL;
+    newMod->moduleDBFunc = NULL;
+    newMod->parent = NULL;
+    newMod->isCritical = PR_FALSE;
+    newMod->isModuleDB = PR_FALSE;
+    newMod->moduleDBOnly = PR_FALSE;
+    newMod->trustOrder = 0;
+    newMod->cipherOrder = 0;
+    newMod->evControlMask = 0;
+    newMod->refLock = PZ_NewLock(nssILockRefLock);
+    if (newMod->refLock == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    return newMod;
+}
+
+/* private flags for isModuleDB (field in SECMODModule). */
+/* The meaing of these flags is as follows:
+ *
+ * SECMOD_FLAG_MODULE_DB_IS_MODULE_DB - This is a module that accesses the
+ *   database of other modules to load. Module DBs are loadable modules that
+ *   tells NSS which PKCS #11 modules to load and when. These module DBs are
+ *   chainable. That is, one module DB can load another one. NSS system init
+ *   design takes advantage of this feature. In system NSS, a fixed system
+ *   module DB loads the system defined libraries, then chains out to the
+ *   traditional module DBs to load any system or user configured modules
+ *   (like smart cards). This bit is the same as the already existing meaning
+ *   of  isModuleDB = PR_TRUE. None of the other module db flags should be set
+ *   if this flag isn't on.
+ *
+ * SECMOD_FLAG_MODULE_DB_SKIP_FIRST - This flag tells NSS to skip the first
+ *   PKCS #11 module presented by a module DB. This allows the OS to load a
+ *   softoken from the system module, then ask the existing module DB code to
+ *   load the other PKCS #11 modules in that module DB (skipping it's request
+ *   to load softoken). This gives the system init finer control over the
+ *   configuration of that softoken module.
+ *
+ * SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB - This flag allows system init to mark a
+ *   different module DB as the 'default' module DB (the one in which
+ *   'Add module' changes will go). Without this flag NSS takes the first
+ *   module as the default Module DB, but in system NSS, that first module
+ *   is the system module, which is likely read only (at least to the user).
+ *   This  allows system NSS to delegate those changes to the user's module DB,
+ *   preserving the user's ability to load new PKCS #11 modules (which only
+ *   affect him), from existing applications like Firefox.
+ */
+#define SECMOD_FLAG_MODULE_DB_IS_MODULE_DB 0x01 /* must be set if any of the \
+                                                 *other flags are set */
+#define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02
+#define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04
+
+/* private flags for internal (field in SECMODModule). */
+/* The meaing of these flags is as follows:
+ *
+ * SECMOD_FLAG_INTERNAL_IS_INTERNAL - This is a marks the the module is
+ *   the internal module (that is, softoken). This bit is the same as the
+ *   already existing meaning of internal = PR_TRUE. None of the other
+ *   internal flags should be set if this flag isn't on.
+ *
+ * SECMOD_FLAG_MODULE_INTERNAL_KEY_SLOT - This flag allows system init to mark
+ *   a  different slot returned byt PK11_GetInternalKeySlot(). The 'primary'
+ *   slot defined by this module will be the new internal key slot.
+ */
+#define SECMOD_FLAG_INTERNAL_IS_INTERNAL 0x01 /* must be set if any of \
+                                               *the other flags are set */
+#define SECMOD_FLAG_INTERNAL_KEY_SLOT 0x02
+
+/*
+ * for 3.4 we continue to use the old SECMODModule structure
+ */
+SECMODModule *
+SECMOD_CreateModule(const char *library, const char *moduleName,
+                    const char *parameters, const char *nss)
+{
+    return SECMOD_CreateModuleEx(library, moduleName, parameters, nss, NULL);
+}
+
+/*
+ * NSS config options format:
+ *
+ * The specified ciphers will be allowed by policy, but an application
+ * may allow more by policy explicitly:
+ * config="allow=curve1:curve2:hash1:hash2:rsa-1024..."
+ *
+ * Only the specified hashes and curves will be allowed:
+ * config="disallow=all allow=sha1:sha256:secp256r1:secp384r1"
+ *
+ * Only the specified hashes and curves will be allowed, and
+ *  RSA keys of 2048 or more will be accepted, and DH key exchange
+ *  with 1024-bit primes or more:
+ * config="disallow=all allow=sha1:sha256:secp256r1:secp384r1:min-rsa=2048:min-dh=1024"
+ *
+ * A policy that enables the AES ciphersuites and the SECP256/384 curves:
+ * config="allow=aes128-cbc:aes128-gcm:TLS1.0:TLS1.2:TLS1.1:HMAC-SHA1:SHA1:SHA256:SHA384:RSA:ECDHE-RSA:SECP256R1:SECP384R1"
+ *
+ * Disallow values are parsed first, then allow values, independent of the
+ * order they appear.
+ *
+ * Future key words (not yet implemented):
+ * enable: turn on ciphersuites by default.
+ * disable: turn off ciphersuites by default without disallowing them by policy.
+ * flags: turn on the following flags:
+ *     ssl-lock: turn off the ability for applications to change policy with
+ *               the SSL_SetCipherPolicy (or SSL_SetPolicy).
+ *     policy-lock: turn off the ability for applications to change policy with
+ *               the call NSS_SetAlgorithmPolicy.
+ *     ssl-default-lock: turn off the ability for applications to change cipher
+ *               suite states with SSL_EnableCipher, SSL_DisableCipher.
+ *
+ */
+
+typedef struct {
+    const char *name;
+    unsigned name_size;
+    SECOidTag oid;
+    PRUint32 val;
+} oidValDef;
+
+typedef struct {
+    const char *name;
+    unsigned name_size;
+    PRInt32 option;
+} optionFreeDef;
+
+typedef struct {
+    const char *name;
+    unsigned name_size;
+    PRUint32 flag;
+} policyFlagDef;
+
+/*
+ *  This table should be merged with the SECOID table.
+ */
+#define CIPHER_NAME(x) x, (sizeof(x) - 1)
+static const oidValDef algOptList[] = {
+    /* Curves */
+    { CIPHER_NAME("PRIME192V1"), SEC_OID_ANSIX962_EC_PRIME192V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("PRIME192V2"), SEC_OID_ANSIX962_EC_PRIME192V2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("PRIME192V3"), SEC_OID_ANSIX962_EC_PRIME192V3,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("PRIME239V1"), SEC_OID_ANSIX962_EC_PRIME239V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("PRIME239V2"), SEC_OID_ANSIX962_EC_PRIME239V2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("PRIME239V3"), SEC_OID_ANSIX962_EC_PRIME239V3,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("PRIME256V1"), SEC_OID_ANSIX962_EC_PRIME256V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP112R1"), SEC_OID_SECG_EC_SECP112R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP112R2"), SEC_OID_SECG_EC_SECP112R2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP128R1"), SEC_OID_SECG_EC_SECP128R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP128R2"), SEC_OID_SECG_EC_SECP128R2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP160K1"), SEC_OID_SECG_EC_SECP160K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP160R1"), SEC_OID_SECG_EC_SECP160R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP160R2"), SEC_OID_SECG_EC_SECP160R2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP192K1"), SEC_OID_SECG_EC_SECP192K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP192R1"), SEC_OID_ANSIX962_EC_PRIME192V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP224K1"), SEC_OID_SECG_EC_SECP224K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP256K1"), SEC_OID_SECG_EC_SECP256K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP256R1"), SEC_OID_ANSIX962_EC_PRIME256V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP384R1"), SEC_OID_SECG_EC_SECP384R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECP521R1"), SEC_OID_SECG_EC_SECP521R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    /* ANSI X9.62 named elliptic curves (characteristic two field) */
+    { CIPHER_NAME("C2PNB163V1"), SEC_OID_ANSIX962_EC_C2PNB163V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2PNB163V2"), SEC_OID_ANSIX962_EC_C2PNB163V2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2PNB163V3"), SEC_OID_ANSIX962_EC_C2PNB163V3,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2PNB176V1"), SEC_OID_ANSIX962_EC_C2PNB176V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB191V1"), SEC_OID_ANSIX962_EC_C2TNB191V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB191V2"), SEC_OID_ANSIX962_EC_C2TNB191V2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB191V3"), SEC_OID_ANSIX962_EC_C2TNB191V3,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2ONB191V4"), SEC_OID_ANSIX962_EC_C2ONB191V4,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2ONB191V5"), SEC_OID_ANSIX962_EC_C2ONB191V5,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2PNB208W1"), SEC_OID_ANSIX962_EC_C2PNB208W1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB239V1"), SEC_OID_ANSIX962_EC_C2TNB239V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB239V2"), SEC_OID_ANSIX962_EC_C2TNB239V2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB239V3"), SEC_OID_ANSIX962_EC_C2TNB239V3,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2ONB239V4"), SEC_OID_ANSIX962_EC_C2ONB239V4,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2ONB239V5"), SEC_OID_ANSIX962_EC_C2ONB239V5,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2PNB272W1"), SEC_OID_ANSIX962_EC_C2PNB272W1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2PNB304W1"), SEC_OID_ANSIX962_EC_C2PNB304W1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB359V1"), SEC_OID_ANSIX962_EC_C2TNB359V1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2PNB368W1"), SEC_OID_ANSIX962_EC_C2PNB368W1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("C2TNB431R1"), SEC_OID_ANSIX962_EC_C2TNB431R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    /* SECG named elliptic curves (characteristic two field) */
+    { CIPHER_NAME("SECT113R1"), SEC_OID_SECG_EC_SECT113R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT131R1"), SEC_OID_SECG_EC_SECT113R2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT131R1"), SEC_OID_SECG_EC_SECT131R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT131R2"), SEC_OID_SECG_EC_SECT131R2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT163K1"), SEC_OID_SECG_EC_SECT163K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT163R1"), SEC_OID_SECG_EC_SECT163R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT163R2"), SEC_OID_SECG_EC_SECT163R2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT193R1"), SEC_OID_SECG_EC_SECT193R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT193R2"), SEC_OID_SECG_EC_SECT193R2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT233K1"), SEC_OID_SECG_EC_SECT233K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT233R1"), SEC_OID_SECG_EC_SECT233R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT239K1"), SEC_OID_SECG_EC_SECT239K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT283K1"), SEC_OID_SECG_EC_SECT283K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT283R1"), SEC_OID_SECG_EC_SECT283R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT409K1"), SEC_OID_SECG_EC_SECT409K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT409R1"), SEC_OID_SECG_EC_SECT409R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT571K1"), SEC_OID_SECG_EC_SECT571K1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SECT571R1"), SEC_OID_SECG_EC_SECT571R1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+
+    /* Hashes */
+    { CIPHER_NAME("MD2"), SEC_OID_MD2,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("MD4"), SEC_OID_MD4,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("MD5"), SEC_OID_MD5,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SHA1"), SEC_OID_SHA1,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SHA224"), SEC_OID_SHA224,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SHA256"), SEC_OID_SHA256,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SHA384"), SEC_OID_SHA384,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("SHA512"), SEC_OID_SHA512,
+      NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+
+    /* MACs */
+    { CIPHER_NAME("HMAC-SHA1"), SEC_OID_HMAC_SHA1, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("HMAC-SHA224"), SEC_OID_HMAC_SHA224, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("HMAC-SHA256"), SEC_OID_HMAC_SHA256, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("HMAC-SHA384"), SEC_OID_HMAC_SHA384, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("HMAC-SHA512"), SEC_OID_HMAC_SHA512, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("HMAC-MD5"), SEC_OID_HMAC_MD5, NSS_USE_ALG_IN_SSL },
+
+    /* Ciphers */
+    { CIPHER_NAME("AES128-CBC"), SEC_OID_AES_128_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("AES192-CBC"), SEC_OID_AES_192_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("AES256-CBC"), SEC_OID_AES_256_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("AES128-GCM"), SEC_OID_AES_128_GCM, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("AES192-GCM"), SEC_OID_AES_192_GCM, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("AES256-GCM"), SEC_OID_AES_256_GCM, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("CAMELLIA128-CBC"), SEC_OID_CAMELLIA_128_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("CAMELLIA192-CBC"), SEC_OID_CAMELLIA_192_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("CAMELLIA256-CBC"), SEC_OID_CAMELLIA_256_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("CHACHA20-POLY1305"), SEC_OID_CHACHA20_POLY1305, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("SEED-CBC"), SEC_OID_SEED_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("DES-EDE3-CBC"), SEC_OID_DES_EDE3_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("DES-40-CBC"), SEC_OID_DES_40_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("DES-CBC"), SEC_OID_DES_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("NULL-CIPHER"), SEC_OID_NULL_CIPHER, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("RC2"), SEC_OID_RC2_CBC, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("RC4"), SEC_OID_RC4, NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("IDEA"), SEC_OID_IDEA_CBC, NSS_USE_ALG_IN_SSL },
+
+    /* Key exchange */
+    { CIPHER_NAME("RSA"), SEC_OID_TLS_RSA, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("RSA-EXPORT"), SEC_OID_TLS_RSA_EXPORT, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("DHE-RSA"), SEC_OID_TLS_DHE_RSA, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("DHE-DSS"), SEC_OID_TLS_DHE_DSS, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("DH-RSA"), SEC_OID_TLS_DH_RSA, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("DH-DSS"), SEC_OID_TLS_DH_DSS, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("ECDHE-ECDSA"), SEC_OID_TLS_ECDHE_ECDSA, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("ECDHE-RSA"), SEC_OID_TLS_ECDHE_RSA, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("ECDH-ECDSA"), SEC_OID_TLS_ECDH_ECDSA, NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("ECDH-RSA"), SEC_OID_TLS_ECDH_RSA, NSS_USE_ALG_IN_SSL_KX },
+};
+
+static const optionFreeDef sslOptList[] = {
+    /* Versions */
+    { CIPHER_NAME("SSL2.0"), 0x002 },
+    { CIPHER_NAME("SSL3.0"), 0x300 },
+    { CIPHER_NAME("SSL3.1"), 0x301 },
+    { CIPHER_NAME("TLS1.0"), 0x301 },
+    { CIPHER_NAME("TLS1.1"), 0x302 },
+    { CIPHER_NAME("TLS1.2"), 0x303 },
+    { CIPHER_NAME("TLS1.3"), 0x304 },
+    { CIPHER_NAME("DTLS1.0"), 0x302 },
+    { CIPHER_NAME("DTLS1.1"), 0x302 },
+    { CIPHER_NAME("DTLS1.2"), 0x303 },
+    { CIPHER_NAME("DTLS1.3"), 0x304 },
+};
+
+static const optionFreeDef freeOptList[] = {
+
+    /* Restrictions for asymetric keys */
+    { CIPHER_NAME("RSA-MIN"), NSS_RSA_MIN_KEY_SIZE },
+    { CIPHER_NAME("DH-MIN"), NSS_DH_MIN_KEY_SIZE },
+    { CIPHER_NAME("DSA-MIN"), NSS_DSA_MIN_KEY_SIZE },
+    /* constraints on SSL Protocols */
+    { CIPHER_NAME("TLS-VERSION-MIN"), NSS_TLS_VERSION_MIN_POLICY },
+    { CIPHER_NAME("TLS-VERSION-MAX"), NSS_TLS_VERSION_MAX_POLICY },
+    /* constraints on DTLS Protocols */
+    { CIPHER_NAME("DTLS-VERSION-MIN"), NSS_DTLS_VERSION_MIN_POLICY },
+    { CIPHER_NAME("DTLS-VERSION-MAX"), NSS_DTLS_VERSION_MIN_POLICY }
+};
+
+static const policyFlagDef policyFlagList[] = {
+    { CIPHER_NAME("SSL"), NSS_USE_ALG_IN_SSL },
+    { CIPHER_NAME("SSL-KEY-EXCHANGE"), NSS_USE_ALG_IN_SSL_KX },
+    /* add other key exhanges in the future */
+    { CIPHER_NAME("KEY-EXCHANGE"), NSS_USE_ALG_IN_SSL_KX },
+    { CIPHER_NAME("CERT-SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
+    /* add other signatures in the future */
+    { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
+    /* enable everything */
+    { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX |
+                              NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("NONE"), 0 }
+};
+
+/*
+ *  Get the next cipher on the list. point to the next one in 'next'.
+ *  return the length;
+ */
+static const char *
+secmod_ArgGetSubValue(const char *cipher, char sep1, char sep2,
+                      int *len, const char **next)
+{
+    const char *start = cipher;
+
+    if (start == NULL) {
+        *len = 0;
+        *next = NULL;
+        return start;
+    }
+
+    for (; *cipher && *cipher != sep2; cipher++) {
+        if (*cipher == sep1) {
+            *next = cipher + 1;
+            *len = cipher - start;
+            return start;
+        }
+    }
+    *next = NULL;
+    *len = cipher - start;
+    return start;
+}
+
+static PRUint32
+secmod_parsePolicyValue(const char *policyFlags, int policyLength)
+{
+    const char *flag, *currentString;
+    PRUint32 flags = 0;
+    int i;
+
+    for (currentString = policyFlags; currentString &&
+                                      currentString < policyFlags + policyLength;) {
+        int length;
+        flag = secmod_ArgGetSubValue(currentString, ',', ':', &length,
+                                     &currentString);
+        if (length == 0) {
+            continue;
+        }
+        for (i = 0; i < PR_ARRAY_SIZE(policyFlagList); i++) {
+            const policyFlagDef *policy = &policyFlagList[i];
+            unsigned name_size = policy->name_size;
+            if ((policy->name_size == length) &&
+                PORT_Strncasecmp(policy->name, flag, name_size) == 0) {
+                flags |= policy->flag;
+                break;
+            }
+        }
+    }
+    return flags;
+}
+
+/* allow symbolic names for values. The only ones currently defines or
+ * SSL protocol versions. */
+static PRInt32
+secmod_getPolicyOptValue(const char *policyValue, int policyValueLength)
+{
+    PRInt32 val = atoi(policyValue);
+    int i;
+
+    if ((val != 0) || (*policyValue == '0')) {
+        return val;
+    }
+    for (i = 0; i < PR_ARRAY_SIZE(sslOptList); i++) {
+        if (policyValueLength == sslOptList[i].name_size &&
+            PORT_Strncasecmp(sslOptList[i].name, policyValue,
+                             sslOptList[i].name_size) == 0) {
+            val = sslOptList[i].option;
+            break;
+        }
+    }
+    return val;
+}
+
+static SECStatus
+secmod_applyCryptoPolicy(const char *policyString,
+                         PRBool allow)
+{
+    const char *cipher, *currentString;
+    unsigned i;
+    SECStatus rv = SECSuccess;
+    PRBool unknown;
+
+    if (policyString == NULL || policyString[0] == 0) {
+        return SECSuccess; /* do nothing */
+    }
+
+    /* if we change any of these, make sure it gets applied in ssl as well */
+    NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0);
+
+    for (currentString = policyString; currentString;) {
+        int length;
+        PRBool newValue = PR_FALSE;
+
+        cipher = secmod_ArgGetSubValue(currentString, ':', 0, &length,
+                                       &currentString);
+        unknown = PR_TRUE;
+        if (length >= 3 && cipher[3] == '/') {
+            newValue = PR_TRUE;
+        }
+        if ((newValue || (length == 3)) && PORT_Strncasecmp(cipher, "all", 3) == 0) {
+            /* disable or enable all options by default */
+            PRUint32 value = 0;
+            if (newValue) {
+                value = secmod_parsePolicyValue(&cipher[3] + 1, length - 3 - 1);
+            }
+            for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) {
+                PRUint32 enable, disable;
+                if (!newValue) {
+                    value = algOptList[i].val;
+                }
+                if (allow) {
+                    enable = value;
+                    disable = 0;
+                } else {
+                    enable = 0;
+                    disable = value;
+                }
+                NSS_SetAlgorithmPolicy(algOptList[i].oid, enable, disable);
+            }
+            continue;
+        }
+
+        for (i = 0; i < PR_ARRAY_SIZE(algOptList); i++) {
+            const oidValDef *algOpt = &algOptList[i];
+            unsigned name_size = algOpt->name_size;
+            PRBool newValue = PR_FALSE;
+
+            if ((length >= name_size) && (cipher[name_size] == '/')) {
+                newValue = PR_TRUE;
+            }
+            if ((newValue || algOpt->name_size == length) &&
+                PORT_Strncasecmp(algOpt->name, cipher, name_size) == 0) {
+                PRUint32 value = algOpt->val;
+                PRUint32 enable, disable;
+                if (newValue) {
+                    value = secmod_parsePolicyValue(&cipher[name_size] + 1,
+                                                    length - name_size - 1);
+                }
+                if (allow) {
+                    enable = value;
+                    disable = 0;
+                } else {
+                    enable = 0;
+                    disable = value;
+                }
+                rv = NSS_SetAlgorithmPolicy(algOpt->oid, enable, disable);
+                if (rv != SECSuccess) {
+                    /* could not enable option */
+                    /* NSS_SetAlgorithPolicy should have set the error code */
+                    return SECFailure;
+                }
+                unknown = PR_FALSE;
+                break;
+            }
+        }
+        if (!unknown) {
+            continue;
+        }
+
+        for (i = 0; i < PR_ARRAY_SIZE(freeOptList); i++) {
+            const optionFreeDef *freeOpt = &freeOptList[i];
+            unsigned name_size = freeOpt->name_size;
+
+            if ((length > name_size) && cipher[name_size] == '=' &&
+                PORT_Strncasecmp(freeOpt->name, cipher, name_size) == 0) {
+                PRInt32 val = secmod_getPolicyOptValue(&cipher[name_size + 1],
+                                                       length - name_size - 1);
+
+                rv = NSS_OptionSet(freeOpt->option, val);
+                if (rv != SECSuccess) {
+                    /* could not enable option */
+                    /* NSS_OptionSet should have set the error code */
+                    return SECFailure;
+                }
+                /* to allow the policy to expand in the future. ignore ciphers
+                 * we don't understand */
+                unknown = PR_FALSE;
+                break;
+            }
+        }
+    }
+    return rv;
+}
+
+static SECStatus
+secmod_parseCryptoPolicy(const char *policyConfig)
+{
+    char *disallow, *allow;
+    SECStatus rv;
+
+    if (policyConfig == NULL) {
+        return SECSuccess; /* no policy given */
+    }
+    /* make sure we initialize the oid table and set all the default policy
+     * values first so we can override them here */
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    disallow = NSSUTIL_ArgGetParamValue("disallow", policyConfig);
+    rv = secmod_applyCryptoPolicy(disallow, PR_FALSE);
+    if (disallow)
+        PORT_Free(disallow);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    allow = NSSUTIL_ArgGetParamValue("allow", policyConfig);
+    rv = secmod_applyCryptoPolicy(allow, PR_TRUE);
+    if (allow)
+        PORT_Free(allow);
+    return rv;
+}
+
+/*
+ * for 3.4 we continue to use the old SECMODModule structure
+ */
+SECMODModule *
+SECMOD_CreateModuleEx(const char *library, const char *moduleName,
+                      const char *parameters, const char *nss,
+                      const char *config)
+{
+    SECMODModule *mod;
+    SECStatus rv;
+    char *slotParams, *ciphers;
+    /* pk11pars.h still does not have const char * interfaces */
+    char *nssc = (char *)nss;
+
+    rv = secmod_parseCryptoPolicy(config);
+
+    /* do not load the module if policy parsing fails */
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    mod = secmod_NewModule();
+    if (mod == NULL)
+        return NULL;
+
+    mod->commonName = PORT_ArenaStrdup(mod->arena, moduleName ? moduleName : "");
+    if (library) {
+        mod->dllName = PORT_ArenaStrdup(mod->arena, library);
+    }
+    /* new field */
+    if (parameters) {
+        mod->libraryParams = PORT_ArenaStrdup(mod->arena, parameters);
+    }
+
+    mod->internal = NSSUTIL_ArgHasFlag("flags", "internal", nssc);
+    mod->isFIPS = NSSUTIL_ArgHasFlag("flags", "FIPS", nssc);
+    mod->isCritical = NSSUTIL_ArgHasFlag("flags", "critical", nssc);
+    slotParams = NSSUTIL_ArgGetParamValue("slotParams", nssc);
+    mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena, slotParams,
+                                             &mod->slotInfoCount);
+    if (slotParams)
+        PORT_Free(slotParams);
+    /* new field */
+    mod->trustOrder = NSSUTIL_ArgReadLong("trustOrder", nssc,
+                                          NSSUTIL_DEFAULT_TRUST_ORDER, NULL);
+    /* new field */
+    mod->cipherOrder = NSSUTIL_ArgReadLong("cipherOrder", nssc,
+                                           NSSUTIL_DEFAULT_CIPHER_ORDER, NULL);
+    /* new field */
+    mod->isModuleDB = NSSUTIL_ArgHasFlag("flags", "moduleDB", nssc);
+    mod->moduleDBOnly = NSSUTIL_ArgHasFlag("flags", "moduleDBOnly", nssc);
+    if (mod->moduleDBOnly)
+        mod->isModuleDB = PR_TRUE;
+
+    /* we need more bits, but we also want to preserve binary compatibility
+     * so we overload the isModuleDB PRBool with additional flags.
+     * These flags are only valid if mod->isModuleDB is already set.
+     * NOTE: this depends on the fact that PRBool is at least a char on
+     * all platforms. These flags are only valid if moduleDB is set, so
+     * code checking if (mod->isModuleDB) will continue to work correctly. */
+    if (mod->isModuleDB) {
+        char flags = SECMOD_FLAG_MODULE_DB_IS_MODULE_DB;
+        if (NSSUTIL_ArgHasFlag("flags", "skipFirst", nssc)) {
+            flags |= SECMOD_FLAG_MODULE_DB_SKIP_FIRST;
+        }
+        if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) {
+            flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB;
+        }
+        /* additional moduleDB flags could be added here in the future */
+        mod->isModuleDB = (PRBool)flags;
+    }
+
+    if (mod->internal) {
+        char flags = SECMOD_FLAG_INTERNAL_IS_INTERNAL;
+
+        if (NSSUTIL_ArgHasFlag("flags", "internalKeySlot", nssc)) {
+            flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT;
+        }
+        mod->internal = (PRBool)flags;
+    }
+
+    ciphers = NSSUTIL_ArgGetParamValue("ciphers", nssc);
+    NSSUTIL_ArgParseCipherFlags(&mod->ssl[0], ciphers);
+    if (ciphers)
+        PORT_Free(ciphers);
+
+    secmod_PrivateModuleCount++;
+
+    return mod;
+}
+
+PRBool
+SECMOD_GetSkipFirstFlag(SECMODModule *mod)
+{
+    char flags = (char)mod->isModuleDB;
+
+    return (flags & SECMOD_FLAG_MODULE_DB_SKIP_FIRST) ? PR_TRUE : PR_FALSE;
+}
+
+PRBool
+SECMOD_GetDefaultModDBFlag(SECMODModule *mod)
+{
+    char flags = (char)mod->isModuleDB;
+
+    return (flags & SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB) ? PR_TRUE : PR_FALSE;
+}
+
+PRBool
+secmod_IsInternalKeySlot(SECMODModule *mod)
+{
+    char flags = (char)mod->internal;
+
+    return (flags & SECMOD_FLAG_INTERNAL_KEY_SLOT) ? PR_TRUE : PR_FALSE;
+}
+
+void
+secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val)
+{
+    char flags = (char)mod->internal;
+
+    if (val) {
+        flags |= SECMOD_FLAG_INTERNAL_KEY_SLOT;
+    } else {
+        flags &= ~SECMOD_FLAG_INTERNAL_KEY_SLOT;
+    }
+    mod->internal = flags;
+}
+
+/*
+ * copy desc and value into target. Target is known to be big enough to
+ * hold desc +2 +value, which is good because the result of this will be
+ * *desc"*value". We may, however, have to add some escapes for special
+ * characters imbedded into value (rare). This string potentially comes from
+ * a user, so we don't want the user overflowing the target buffer by using
+ * excessive escapes. To prevent this we count the escapes we need to add and
+ * try to expand the buffer with Realloc.
+ */
+static char *
+secmod_doDescCopy(char *target, int *targetLen, const char *desc,
+                  int descLen, char *value)
+{
+    int diff, esc_len;
+
+    esc_len = NSSUTIL_EscapeSize(value, '\"') - 1;
+    diff = esc_len - strlen(value);
+    if (diff > 0) {
+        /* we need to escape... expand newSpecPtr as well to make sure
+         * we don't overflow it */
+        char *newPtr = PORT_Realloc(target, *targetLen * diff);
+        if (!newPtr) {
+            return target; /* not enough space, just drop the whole copy */
+        }
+        *targetLen += diff;
+        target = newPtr;
+        value = NSSUTIL_Escape(value, '\"');
+        if (value == NULL) {
+            return target; /* couldn't escape value, just drop the copy */
+        }
+    }
+    PORT_Memcpy(target, desc, descLen);
+    target += descLen;
+    *target++ = '\"';
+    PORT_Memcpy(target, value, esc_len);
+    target += esc_len;
+    *target++ = '\"';
+    if (diff > 0) {
+        PORT_Free(value);
+    }
+    return target;
+}
+
+#define SECMOD_SPEC_COPY(new, start, end) \
+    if (end > start) {                    \
+        int _cnt = end - start;           \
+        PORT_Memcpy(new, start, _cnt);    \
+        new += _cnt;                      \
+    }
+#define SECMOD_TOKEN_DESCRIPTION "tokenDescription="
+#define SECMOD_SLOT_DESCRIPTION "slotDescription="
+
+/*
+ * Find any tokens= values in the module spec.
+ * Always return a new spec which does not have any tokens= arguments.
+ * If tokens= arguments are found, Split the the various tokens defined into
+ * an array of child specs to return.
+ *
+ * Caller is responsible for freeing the child spec and the new token
+ * spec.
+ */
+char *
+secmod_ParseModuleSpecForTokens(PRBool convert, PRBool isFIPS,
+                                const char *moduleSpec, char ***children,
+                                CK_SLOT_ID **ids)
+{
+    int newSpecLen = PORT_Strlen(moduleSpec) + 2;
+    char *newSpec = PORT_Alloc(newSpecLen);
+    char *newSpecPtr = newSpec;
+    const char *modulePrev = moduleSpec;
+    char *target = NULL;
+    char *tmp = NULL;
+    char **childArray = NULL;
+    const char *tokenIndex;
+    CK_SLOT_ID *idArray = NULL;
+    int tokenCount = 0;
+    int i;
+
+    if (newSpec == NULL) {
+        return NULL;
+    }
+
+    *children = NULL;
+    if (ids) {
+        *ids = NULL;
+    }
+    moduleSpec = NSSUTIL_ArgStrip(moduleSpec);
+    SECMOD_SPEC_COPY(newSpecPtr, modulePrev, moduleSpec);
+
+    /* Notes on 'convert' and 'isFIPS' flags: The base parameters for opening
+     * a new softoken module takes the following parameters to name the
+     * various tokens:
+     *
+     *  cryptoTokenDescription: name of the non-fips crypto token.
+     *  cryptoSlotDescription: name of the non-fips crypto slot.
+     *  dbTokenDescription: name of the non-fips db token.
+     *  dbSlotDescription: name of the non-fips db slot.
+     *  FIPSTokenDescription: name of the fips db/crypto token.
+     *  FIPSSlotDescription: name of the fips db/crypto slot.
+     *
+     * if we are opening a new slot, we need to have the following
+     * parameters:
+     *  tokenDescription: name of the token.
+     *  slotDescription: name of the slot.
+     *
+     *
+     * The convert flag tells us to drop the unnecessary *TokenDescription
+     * and *SlotDescription arguments and convert the appropriate pair
+     * (either db or FIPS based on the isFIPS flag) to tokenDescription and
+     * slotDescription).
+     */
+    /*
+     * walk down the list. if we find a tokens= argument, save it,
+     * otherise copy the argument.
+     */
+    while (*moduleSpec) {
+        int next;
+        modulePrev = moduleSpec;
+        NSSUTIL_HANDLE_STRING_ARG(moduleSpec, target, "tokens=",
+                                  modulePrev = moduleSpec;
+                                  /* skip copying */)
+        NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "cryptoTokenDescription=",
+                                  if (convert) { modulePrev = moduleSpec; });
+        NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "cryptoSlotDescription=",
+                                  if (convert) { modulePrev = moduleSpec; });
+        NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "dbTokenDescription=",
+                                  if (convert) {
+                                      modulePrev = moduleSpec;
+                                      if (!isFIPS) {
+                                          newSpecPtr = secmod_doDescCopy(newSpecPtr,
+                                                                         &newSpecLen,
+                                                                         SECMOD_TOKEN_DESCRIPTION,
+                                                                         sizeof(SECMOD_TOKEN_DESCRIPTION) - 1,
+                                                                         tmp);
+                                      }
+                                  });
+        NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "dbSlotDescription=",
+                                  if (convert) {
+                                      modulePrev = moduleSpec; /* skip copying */
+                                      if (!isFIPS) {
+                                          newSpecPtr = secmod_doDescCopy(newSpecPtr,
+                                                                         &newSpecLen,
+                                                                         SECMOD_SLOT_DESCRIPTION,
+                                                                         sizeof(SECMOD_SLOT_DESCRIPTION) - 1,
+                                                                         tmp);
+                                      }
+                                  });
+        NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "FIPSTokenDescription=",
+                                  if (convert) {
+                                      modulePrev = moduleSpec; /* skip copying */
+                                      if (isFIPS) {
+                                          newSpecPtr = secmod_doDescCopy(newSpecPtr,
+                                                                         &newSpecLen,
+                                                                         SECMOD_TOKEN_DESCRIPTION,
+                                                                         sizeof(SECMOD_TOKEN_DESCRIPTION) - 1,
+                                                                         tmp);
+                                      }
+                                  });
+        NSSUTIL_HANDLE_STRING_ARG(moduleSpec, tmp, "FIPSSlotDescription=",
+                                  if (convert) {
+                                      modulePrev = moduleSpec; /* skip copying */
+                                      if (isFIPS) {
+                                          newSpecPtr = secmod_doDescCopy(newSpecPtr,
+                                                                         &newSpecLen,
+                                                                         SECMOD_SLOT_DESCRIPTION,
+                                                                         sizeof(SECMOD_SLOT_DESCRIPTION) - 1,
+                                                                         tmp);
+                                      }
+                                  });
+        NSSUTIL_HANDLE_FINAL_ARG(moduleSpec)
+        SECMOD_SPEC_COPY(newSpecPtr, modulePrev, moduleSpec);
+    }
+    if (tmp) {
+        PORT_Free(tmp);
+        tmp = NULL;
+    }
+    *newSpecPtr = 0;
+
+    /* no target found, return the newSpec */
+    if (target == NULL) {
+        return newSpec;
+    }
+
+    /* now build the child array from target */
+    /*first count them */
+    for (tokenIndex = NSSUTIL_ArgStrip(target); *tokenIndex;
+         tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) {
+        tokenCount++;
+    }
+
+    childArray = PORT_NewArray(char *, tokenCount + 1);
+    if (childArray == NULL) {
+        /* just return the spec as is then */
+        PORT_Free(target);
+        return newSpec;
+    }
+    if (ids) {
+        idArray = PORT_NewArray(CK_SLOT_ID, tokenCount + 1);
+        if (idArray == NULL) {
+            PORT_Free(childArray);
+            PORT_Free(target);
+            return newSpec;
+        }
+    }
+
+    /* now fill them in */
+    for (tokenIndex = NSSUTIL_ArgStrip(target), i = 0;
+         *tokenIndex && (i < tokenCount);
+         tokenIndex = NSSUTIL_ArgStrip(tokenIndex)) {
+        int next;
+        char *name = NSSUTIL_ArgGetLabel(tokenIndex, &next);
+        tokenIndex += next;
+
+        if (idArray) {
+            idArray[i] = NSSUTIL_ArgDecodeNumber(name);
+        }
+
+        PORT_Free(name); /* drop the explicit number */
+
+        /* if anything is left, copy the args to the child array */
+        if (!NSSUTIL_ArgIsBlank(*tokenIndex)) {
+            childArray[i++] = NSSUTIL_ArgFetchValue(tokenIndex, &next);
+            tokenIndex += next;
+        }
+    }
+
+    PORT_Free(target);
+    childArray[i] = 0;
+    if (idArray) {
+        idArray[i] = 0;
+    }
+
+    /* return it */
+    *children = childArray;
+    if (ids) {
+        *ids = idArray;
+    }
+    return newSpec;
+}
+
+/* get the database and flags from the spec */
+static char *
+secmod_getConfigDir(const char *spec, char **certPrefix, char **keyPrefix,
+                    PRBool *readOnly)
+{
+    char *config = NULL;
+
+    *certPrefix = NULL;
+    *keyPrefix = NULL;
+    *readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", spec);
+    if (NSSUTIL_ArgHasFlag("flags", "nocertdb", spec) ||
+        NSSUTIL_ArgHasFlag("flags", "nokeydb", spec)) {
+        return NULL;
+    }
+
+    spec = NSSUTIL_ArgStrip(spec);
+    while (*spec) {
+        int next;
+        NSSUTIL_HANDLE_STRING_ARG(spec, config, "configdir=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(spec, *certPrefix, "certPrefix=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(spec, *keyPrefix, "keyPrefix=", ;)
+        NSSUTIL_HANDLE_FINAL_ARG(spec)
+    }
+    return config;
+}
+
+struct SECMODConfigListStr {
+    char *config;
+    char *certPrefix;
+    char *keyPrefix;
+    PRBool isReadOnly;
+};
+
+/*
+ * return an array of already openned databases from a spec list.
+ */
+SECMODConfigList *
+secmod_GetConfigList(PRBool isFIPS, char *spec, int *count)
+{
+    char **children;
+    CK_SLOT_ID *ids;
+    char *strippedSpec;
+    int childCount;
+    SECMODConfigList *conflist = NULL;
+    int i;
+
+    strippedSpec = secmod_ParseModuleSpecForTokens(PR_TRUE, isFIPS,
+                                                   spec, &children, &ids);
+    if (strippedSpec == NULL) {
+        return NULL;
+    }
+
+    for (childCount = 0; children && children[childCount]; childCount++)
+        ;
+    *count = childCount + 1; /* include strippedSpec */
+    conflist = PORT_NewArray(SECMODConfigList, *count);
+    if (conflist == NULL) {
+        *count = 0;
+        goto loser;
+    }
+
+    conflist[0].config = secmod_getConfigDir(strippedSpec,
+                                             &conflist[0].certPrefix,
+                                             &conflist[0].keyPrefix,
+                                             &conflist[0].isReadOnly);
+    for (i = 0; i < childCount; i++) {
+        conflist[i + 1].config = secmod_getConfigDir(children[i],
+                                                     &conflist[i + 1].certPrefix,
+                                                     &conflist[i + 1].keyPrefix,
+                                                     &conflist[i + 1].isReadOnly);
+    }
+
+loser:
+    secmod_FreeChildren(children, ids);
+    PORT_Free(strippedSpec);
+    return conflist;
+}
+
+/*
+ * determine if we are trying to open an old dbm database. For this test
+ * RDB databases should return PR_FALSE.
+ */
+static PRBool
+secmod_configIsDBM(char *configDir)
+{
+    char *env;
+
+    /* explicit dbm open */
+    if (strncmp(configDir, "dbm:", 4) == 0) {
+        return PR_TRUE;
+    }
+    /* explicit open of a non-dbm database */
+    if ((strncmp(configDir, "sql:", 4) == 0) ||
+        (strncmp(configDir, "rdb:", 4) == 0) ||
+        (strncmp(configDir, "extern:", 7) == 0)) {
+        return PR_FALSE;
+    }
+    env = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE");
+    /* implicit dbm open */
+    if ((env == NULL) || (strcmp(env, "dbm") == 0)) {
+        return PR_TRUE;
+    }
+    /* implicit non-dbm open */
+    return PR_FALSE;
+}
+
+/*
+ * match two prefixes. prefix may be NULL. NULL patches '\0'
+ */
+static PRBool
+secmod_matchPrefix(char *prefix1, char *prefix2)
+{
+    if ((prefix1 == NULL) || (*prefix1 == 0)) {
+        if ((prefix2 == NULL) || (*prefix2 == 0)) {
+            return PR_TRUE;
+        }
+        return PR_FALSE;
+    }
+    if (strcmp(prefix1, prefix2) == 0) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+/* do two config paramters match? Not all callers are compariing
+ * SECMODConfigLists directly, so this function breaks them out to their
+ * components. */
+static PRBool
+secmod_matchConfig(char *configDir1, char *configDir2,
+                   char *certPrefix1, char *certPrefix2,
+                   char *keyPrefix1, char *keyPrefix2,
+                   PRBool isReadOnly1, PRBool isReadOnly2)
+{
+    /* TODO: Document the answer to the question:
+     *       "Why not allow them to match if they are both NULL?"
+     * See: https://bugzilla.mozilla.org/show_bug.cgi?id=1318633#c1
+     */
+    if ((configDir1 == NULL) || (configDir2 == NULL)) {
+        return PR_FALSE;
+    }
+    if (strcmp(configDir1, configDir2) != 0) {
+        return PR_FALSE;
+    }
+    if (!secmod_matchPrefix(certPrefix1, certPrefix2)) {
+        return PR_FALSE;
+    }
+    if (!secmod_matchPrefix(keyPrefix1, keyPrefix2)) {
+        return PR_FALSE;
+    }
+    /* these last test -- if we just need the DB open read only,
+     * than any open will suffice, but if we requested it read/write
+     * and it's only open read only, we need to open it again */
+    if (isReadOnly1) {
+        return PR_TRUE;
+    }
+    if (isReadOnly2) { /* isReadonly1 == PR_FALSE */
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/*
+ * return true if we are requesting a database that is already openned.
+ */
+PRBool
+secmod_MatchConfigList(const char *spec, SECMODConfigList *conflist, int count)
+{
+    char *config;
+    char *certPrefix;
+    char *keyPrefix;
+    PRBool isReadOnly;
+    PRBool ret = PR_FALSE;
+    int i;
+
+    config = secmod_getConfigDir(spec, &certPrefix, &keyPrefix, &isReadOnly);
+    if (!config) {
+        goto done;
+    }
+
+    /* NOTE: we dbm isn't multiple open safe. If we open the same database
+     * twice from two different locations, then we can corrupt our database
+     * (the cache will be inconsistent). Protect against this by claiming
+     * for comparison only that we are always openning dbm databases read only.
+     */
+    if (secmod_configIsDBM(config)) {
+        isReadOnly = 1;
+    }
+    for (i = 0; i < count; i++) {
+        if (secmod_matchConfig(config, conflist[i].config, certPrefix,
+                               conflist[i].certPrefix, keyPrefix,
+                               conflist[i].keyPrefix, isReadOnly,
+                               conflist[i].isReadOnly)) {
+            ret = PR_TRUE;
+            goto done;
+        }
+    }
+
+    ret = PR_FALSE;
+done:
+    PORT_Free(config);
+    PORT_Free(certPrefix);
+    PORT_Free(keyPrefix);
+    return ret;
+}
+
+/*
+ * Find the slot id from the module spec. If the slot is the database slot, we
+ * can get the slot id from the default database slot.
+ */
+CK_SLOT_ID
+secmod_GetSlotIDFromModuleSpec(const char *moduleSpec, SECMODModule *module)
+{
+    char *tmp_spec = NULL;
+    char **children, **thisChild;
+    CK_SLOT_ID *ids, *thisID, slotID = -1;
+    char *inConfig = NULL, *thisConfig = NULL;
+    char *inCertPrefix = NULL, *thisCertPrefix = NULL;
+    char *inKeyPrefix = NULL, *thisKeyPrefix = NULL;
+    PRBool inReadOnly, thisReadOnly;
+
+    inConfig = secmod_getConfigDir(moduleSpec, &inCertPrefix, &inKeyPrefix,
+                                   &inReadOnly);
+    if (!inConfig) {
+        goto done;
+    }
+
+    if (secmod_configIsDBM(inConfig)) {
+        inReadOnly = 1;
+    }
+
+    tmp_spec = secmod_ParseModuleSpecForTokens(PR_TRUE, module->isFIPS,
+                                               module->libraryParams, &children, &ids);
+    if (tmp_spec == NULL) {
+        goto done;
+    }
+
+    /* first check to see if the parent is the database */
+    thisConfig = secmod_getConfigDir(tmp_spec, &thisCertPrefix, &thisKeyPrefix,
+                                     &thisReadOnly);
+    if (!thisConfig) {
+        goto done;
+    }
+    if (secmod_matchConfig(inConfig, thisConfig, inCertPrefix, thisCertPrefix,
+                           inKeyPrefix, thisKeyPrefix, inReadOnly, thisReadOnly)) {
+        /* yup it's the default key slot, get the id for it */
+        PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+        if (slot) {
+            slotID = slot->slotID;
+            PK11_FreeSlot(slot);
+        }
+        goto done;
+    }
+
+    /* find id of the token */
+    for (thisChild = children, thisID = ids; thisChild && *thisChild; thisChild++, thisID++) {
+        PORT_Free(thisConfig);
+        PORT_Free(thisCertPrefix);
+        PORT_Free(thisKeyPrefix);
+        thisConfig = secmod_getConfigDir(*thisChild, &thisCertPrefix,
+                                         &thisKeyPrefix, &thisReadOnly);
+        if (thisConfig == NULL) {
+            continue;
+        }
+        if (secmod_matchConfig(inConfig, thisConfig, inCertPrefix, thisCertPrefix,
+                               inKeyPrefix, thisKeyPrefix, inReadOnly, thisReadOnly)) {
+            slotID = *thisID;
+            break;
+        }
+    }
+
+done:
+    PORT_Free(inConfig);
+    PORT_Free(inCertPrefix);
+    PORT_Free(inKeyPrefix);
+    PORT_Free(thisConfig);
+    PORT_Free(thisCertPrefix);
+    PORT_Free(thisKeyPrefix);
+    if (tmp_spec) {
+        secmod_FreeChildren(children, ids);
+        PORT_Free(tmp_spec);
+    }
+    return slotID;
+}
+
+void
+secmod_FreeConfigList(SECMODConfigList *conflist, int count)
+{
+    int i;
+    for (i = 0; i < count; i++) {
+        PORT_Free(conflist[i].config);
+        PORT_Free(conflist[i].certPrefix);
+        PORT_Free(conflist[i].keyPrefix);
+    }
+    PORT_Free(conflist);
+}
+
+void
+secmod_FreeChildren(char **children, CK_SLOT_ID *ids)
+{
+    char **thisChild;
+
+    if (!children) {
+        return;
+    }
+
+    for (thisChild = children; thisChild && *thisChild; thisChild++) {
+        PORT_Free(*thisChild);
+    }
+    PORT_Free(children);
+    if (ids) {
+        PORT_Free(ids);
+    }
+    return;
+}
+
+/*
+ * caclulate the length of each child record:
+ * " 0x{id}=<{escaped_child}>"
+ */
+static int
+secmod_getChildLength(char *child, CK_SLOT_ID id)
+{
+    int length = NSSUTIL_DoubleEscapeSize(child, '>', ']');
+    if (id == 0) {
+        length++;
+    }
+    while (id) {
+        length++;
+        id = id >> 4;
+    }
+    length += 6; /* {sp}0x[id]=<{child}> */
+    return length;
+}
+
+/*
+ * Build a child record:
+ * " 0x{id}=<{escaped_child}>"
+ */
+static SECStatus
+secmod_mkTokenChild(char **next, int *length, char *child, CK_SLOT_ID id)
+{
+    int len;
+    char *escSpec;
+
+    len = PR_snprintf(*next, *length, " 0x%x=<", id);
+    if (len < 0) {
+        return SECFailure;
+    }
+    *next += len;
+    *length -= len;
+    escSpec = NSSUTIL_DoubleEscape(child, '>', ']');
+    if (escSpec == NULL) {
+        return SECFailure;
+    }
+    if (*child && (*escSpec == 0)) {
+        PORT_Free(escSpec);
+        return SECFailure;
+    }
+    len = strlen(escSpec);
+    if (len + 1 > *length) {
+        PORT_Free(escSpec);
+        return SECFailure;
+    }
+    PORT_Memcpy(*next, escSpec, len);
+    *next += len;
+    *length -= len;
+    PORT_Free(escSpec);
+    **next = '>';
+    (*next)++;
+    (*length)--;
+    return SECSuccess;
+}
+
+#define TOKEN_STRING " tokens=["
+
+char *
+secmod_MkAppendTokensList(PLArenaPool *arena, char *oldParam, char *newToken,
+                          CK_SLOT_ID newID, char **children, CK_SLOT_ID *ids)
+{
+    char *rawParam = NULL;  /* oldParam with tokens stripped off */
+    char *newParam = NULL;  /* space for the return parameter */
+    char *nextParam = NULL; /* current end of the new parameter */
+    char **oldChildren = NULL;
+    CK_SLOT_ID *oldIds = NULL;
+    void *mark = NULL; /* mark the arena pool in case we need
+                        * to release it */
+    int length, i, tmpLen;
+    SECStatus rv;
+
+    /* first strip out and save the old tokenlist */
+    rawParam = secmod_ParseModuleSpecForTokens(PR_FALSE, PR_FALSE,
+                                               oldParam, &oldChildren, &oldIds);
+    if (!rawParam) {
+        goto loser;
+    }
+
+    /* now calculate the total length of the new buffer */
+    /* First the 'fixed stuff', length of rawparam (does not include a NULL),
+     * length of the token string (does include the NULL), closing bracket */
+    length = strlen(rawParam) + sizeof(TOKEN_STRING) + 1;
+    /* now add then length of all the old children */
+    for (i = 0; oldChildren && oldChildren[i]; i++) {
+        length += secmod_getChildLength(oldChildren[i], oldIds[i]);
+    }
+
+    /* add the new token */
+    length += secmod_getChildLength(newToken, newID);
+
+    /* and it's new children */
+    for (i = 0; children && children[i]; i++) {
+        if (ids[i] == -1) {
+            continue;
+        }
+        length += secmod_getChildLength(children[i], ids[i]);
+    }
+
+    /* now allocate and build the string */
+    mark = PORT_ArenaMark(arena);
+    if (!mark) {
+        goto loser;
+    }
+    newParam = PORT_ArenaAlloc(arena, length);
+    if (!newParam) {
+        goto loser;
+    }
+
+    PORT_Strcpy(newParam, oldParam);
+    tmpLen = strlen(oldParam);
+    nextParam = newParam + tmpLen;
+    length -= tmpLen;
+    PORT_Memcpy(nextParam, TOKEN_STRING, sizeof(TOKEN_STRING) - 1);
+    nextParam += sizeof(TOKEN_STRING) - 1;
+    length -= sizeof(TOKEN_STRING) - 1;
+
+    for (i = 0; oldChildren && oldChildren[i]; i++) {
+        rv = secmod_mkTokenChild(&nextParam, &length, oldChildren[i], oldIds[i]);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    rv = secmod_mkTokenChild(&nextParam, &length, newToken, newID);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    for (i = 0; children && children[i]; i++) {
+        if (ids[i] == -1) {
+            continue;
+        }
+        rv = secmod_mkTokenChild(&nextParam, &length, children[i], ids[i]);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    if (length < 2) {
+        goto loser;
+    }
+
+    *nextParam++ = ']';
+    *nextParam++ = 0;
+
+    /* we are going to return newParam now, don't release the mark */
+    PORT_ArenaUnmark(arena, mark);
+    mark = NULL;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(arena, mark);
+        newParam = NULL; /* if the mark is still active,
+                          * don't return the param */
+    }
+    if (rawParam) {
+        PORT_Free(rawParam);
+    }
+    if (oldChildren) {
+        secmod_FreeChildren(oldChildren, oldIds);
+    }
+    return newParam;
+}
+
+static char *
+secmod_mkModuleSpec(SECMODModule *module)
+{
+    char *nss = NULL, *modSpec = NULL, **slotStrings = NULL;
+    int slotCount, i, si;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+
+    /* allocate target slot info strings */
+    slotCount = 0;
+
+    SECMOD_GetReadLock(moduleLock);
+    if (module->slotCount) {
+        for (i = 0; i < module->slotCount; i++) {
+            if (module->slots[i]->defaultFlags != 0) {
+                slotCount++;
+            }
+        }
+    } else {
+        slotCount = module->slotInfoCount;
+    }
+
+    slotStrings = (char **)PORT_ZAlloc(slotCount * sizeof(char *));
+    if (slotStrings == NULL) {
+        SECMOD_ReleaseReadLock(moduleLock);
+        goto loser;
+    }
+
+    /* build the slot info strings */
+    if (module->slotCount) {
+        for (i = 0, si = 0; i < module->slotCount; i++) {
+            if (module->slots[i]->defaultFlags) {
+                PORT_Assert(si < slotCount);
+                if (si >= slotCount)
+                    break;
+                slotStrings[si] = NSSUTIL_MkSlotString(module->slots[i]->slotID,
+                                                       module->slots[i]->defaultFlags,
+                                                       module->slots[i]->timeout,
+                                                       module->slots[i]->askpw,
+                                                       module->slots[i]->hasRootCerts,
+                                                       module->slots[i]->hasRootTrust);
+                si++;
+            }
+        }
+    } else {
+        for (i = 0; i < slotCount; i++) {
+            slotStrings[i] = NSSUTIL_MkSlotString(
+                module->slotInfo[i].slotID,
+                module->slotInfo[i].defaultFlags,
+                module->slotInfo[i].timeout,
+                module->slotInfo[i].askpw,
+                module->slotInfo[i].hasRootCerts,
+                module->slotInfo[i].hasRootTrust);
+        }
+    }
+
+    SECMOD_ReleaseReadLock(moduleLock);
+    nss = NSSUTIL_MkNSSString(slotStrings, slotCount, module->internal,
+                              module->isFIPS, module->isModuleDB,
+                              module->moduleDBOnly, module->isCritical,
+                              module->trustOrder, module->cipherOrder,
+                              module->ssl[0], module->ssl[1]);
+    modSpec = NSSUTIL_MkModuleSpec(module->dllName, module->commonName,
+                                   module->libraryParams, nss);
+    PORT_Free(slotStrings);
+    PR_smprintf_free(nss);
+loser:
+    return (modSpec);
+}
+
+char **
+SECMOD_GetModuleSpecList(SECMODModule *module)
+{
+    SECMODModuleDBFunc func = (SECMODModuleDBFunc)module->moduleDBFunc;
+    if (func) {
+        return (*func)(SECMOD_MODULE_DB_FUNCTION_FIND,
+                       module->libraryParams, NULL);
+    }
+    return NULL;
+}
+
+SECStatus
+SECMOD_AddPermDB(SECMODModule *module)
+{
+    SECMODModuleDBFunc func;
+    char *moduleSpec;
+    char **retString;
+
+    if (module->parent == NULL)
+        return SECFailure;
+
+    func = (SECMODModuleDBFunc)module->parent->moduleDBFunc;
+    if (func) {
+        moduleSpec = secmod_mkModuleSpec(module);
+        retString = (*func)(SECMOD_MODULE_DB_FUNCTION_ADD,
+                            module->parent->libraryParams, moduleSpec);
+        PORT_Free(moduleSpec);
+        if (retString != NULL)
+            return SECSuccess;
+    }
+    return SECFailure;
+}
+
+SECStatus
+SECMOD_DeletePermDB(SECMODModule *module)
+{
+    SECMODModuleDBFunc func;
+    char *moduleSpec;
+    char **retString;
+
+    if (module->parent == NULL)
+        return SECFailure;
+
+    func = (SECMODModuleDBFunc)module->parent->moduleDBFunc;
+    if (func) {
+        moduleSpec = secmod_mkModuleSpec(module);
+        retString = (*func)(SECMOD_MODULE_DB_FUNCTION_DEL,
+                            module->parent->libraryParams, moduleSpec);
+        PORT_Free(moduleSpec);
+        if (retString != NULL)
+            return SECSuccess;
+    }
+    return SECFailure;
+}
+
+SECStatus
+SECMOD_FreeModuleSpecList(SECMODModule *module, char **moduleSpecList)
+{
+    SECMODModuleDBFunc func = (SECMODModuleDBFunc)module->moduleDBFunc;
+    char **retString;
+    if (func) {
+        retString = (*func)(SECMOD_MODULE_DB_FUNCTION_RELEASE,
+                            module->libraryParams, moduleSpecList);
+        if (retString != NULL)
+            return SECSuccess;
+    }
+    return SECFailure;
+}
+
+/*
+ * load a PKCS#11 module but do not add it to the default NSS trust domain
+ */
+SECMODModule *
+SECMOD_LoadModule(char *modulespec, SECMODModule *parent, PRBool recurse)
+{
+    char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss = NULL;
+    char *config = NULL;
+    SECStatus status;
+    SECMODModule *module = NULL;
+    SECMODModule *oldModule = NULL;
+    SECStatus rv;
+
+    /* initialize the underlying module structures */
+    SECMOD_Init();
+
+    status = NSSUTIL_ArgParseModuleSpecEx(modulespec, &library, &moduleName,
+                                          &parameters, &nss,
+                                          &config);
+    if (status != SECSuccess) {
+        goto loser;
+    }
+
+    module = SECMOD_CreateModuleEx(library, moduleName, parameters, nss, config);
+    if (library)
+        PORT_Free(library);
+    if (moduleName)
+        PORT_Free(moduleName);
+    if (parameters)
+        PORT_Free(parameters);
+    if (nss)
+        PORT_Free(nss);
+    if (config)
+        PORT_Free(config);
+    if (!module) {
+        goto loser;
+    }
+    if (parent) {
+        module->parent = SECMOD_ReferenceModule(parent);
+        if (module->internal && secmod_IsInternalKeySlot(parent)) {
+            module->internal = parent->internal;
+        }
+    }
+
+    /* load it */
+    rv = secmod_LoadPKCS11Module(module, &oldModule);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* if we just reload an old module, no need to add it to any lists.
+     * we simple release all our references */
+    if (oldModule) {
+        /* This module already exists, don't link it anywhere. This
+         * will probably destroy this module */
+        SECMOD_DestroyModule(module);
+        return oldModule;
+    }
+
+    if (recurse && module->isModuleDB) {
+        char **moduleSpecList;
+        PORT_SetError(0);
+
+        moduleSpecList = SECMOD_GetModuleSpecList(module);
+        if (moduleSpecList) {
+            char **index;
+
+            index = moduleSpecList;
+            if (*index && SECMOD_GetSkipFirstFlag(module)) {
+                index++;
+            }
+
+            for (; *index; index++) {
+                SECMODModule *child;
+                if (0 == PORT_Strcmp(*index, modulespec)) {
+                    /* avoid trivial infinite recursion */
+                    PORT_SetError(SEC_ERROR_NO_MODULE);
+                    rv = SECFailure;
+                    break;
+                }
+                child = SECMOD_LoadModule(*index, module, PR_TRUE);
+                if (!child)
+                    break;
+                if (child->isCritical && !child->loaded) {
+                    int err = PORT_GetError();
+                    if (!err)
+                        err = SEC_ERROR_NO_MODULE;
+                    SECMOD_DestroyModule(child);
+                    PORT_SetError(err);
+                    rv = SECFailure;
+                    break;
+                }
+                SECMOD_DestroyModule(child);
+            }
+            SECMOD_FreeModuleSpecList(module, moduleSpecList);
+        } else {
+            if (!PORT_GetError())
+                PORT_SetError(SEC_ERROR_NO_MODULE);
+            rv = SECFailure;
+        }
+    }
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* inherit the reference */
+    if (!module->moduleDBOnly) {
+        SECMOD_AddModuleToList(module);
+    } else {
+        SECMOD_AddModuleToDBOnlyList(module);
+    }
+
+    /* handle any additional work here */
+    return module;
+
+loser:
+    if (module) {
+        if (module->loaded) {
+            SECMOD_UnloadModule(module);
+        }
+        SECMOD_AddModuleToUnloadList(module);
+    }
+    return module;
+}
+
+/*
+ * load a PKCS#11 module and add it to the default NSS trust domain
+ */
+SECMODModule *
+SECMOD_LoadUserModule(char *modulespec, SECMODModule *parent, PRBool recurse)
+{
+    SECStatus rv = SECSuccess;
+    SECMODModule *newmod = SECMOD_LoadModule(modulespec, parent, recurse);
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+
+    if (newmod) {
+        SECMOD_GetReadLock(moduleLock);
+        rv = STAN_AddModuleToDefaultTrustDomain(newmod);
+        SECMOD_ReleaseReadLock(moduleLock);
+        if (SECSuccess != rv) {
+            SECMOD_DestroyModule(newmod);
+            return NULL;
+        }
+    }
+    return newmod;
+}
+
+/*
+ * remove the PKCS#11 module from the default NSS trust domain, call
+ * C_Finalize, and destroy the module structure
+ */
+SECStatus
+SECMOD_UnloadUserModule(SECMODModule *mod)
+{
+    SECStatus rv = SECSuccess;
+    int atype = 0;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+    if (!mod) {
+        return SECFailure;
+    }
+
+    SECMOD_GetReadLock(moduleLock);
+    rv = STAN_RemoveModuleFromDefaultTrustDomain(mod);
+    SECMOD_ReleaseReadLock(moduleLock);
+    if (SECSuccess != rv) {
+        return SECFailure;
+    }
+    return SECMOD_DeleteModuleEx(NULL, mod, &atype, PR_FALSE);
+}
diff --git a/nss/lib/pk11wrap/pk11pbe.c b/nss/lib/pk11wrap/pk11pbe.c
new file mode 100644
index 0000000..5c389cf
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11pbe.c
@@ -0,0 +1,1474 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plarena.h"
+
+#include "blapit.h"
+#include "seccomon.h"
+#include "secitem.h"
+#include "secport.h"
+#include "hasht.h"
+#include "pkcs11t.h"
+#include "sechash.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secoid.h"
+#include "secerr.h"
+#include "secmod.h"
+#include "pk11func.h"
+#include "secpkcs5.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "key.h"
+
+typedef struct SEC_PKCS5PBEParameterStr SEC_PKCS5PBEParameter;
+struct SEC_PKCS5PBEParameterStr {
+    PLArenaPool *poolp;
+    SECItem salt;              /* octet string */
+    SECItem iteration;         /* integer */
+    SECItem keyLength;         /* PKCS5v2 only */
+    SECAlgorithmID *pPrfAlgId; /* PKCS5v2 only */
+    SECAlgorithmID prfAlgId;   /* PKCS5v2 only */
+};
+
+/* PKCS5 V2 has an algorithm ID for the encryption and for
+ * the key generation. This is valid for SEC_OID_PKCS5_PBES2
+ * and SEC_OID_PKCS5_PBMAC1
+ */
+struct sec_pkcs5V2ParameterStr {
+    PLArenaPool *poolp;
+    SECAlgorithmID pbeAlgId;    /* real pbe algorithms */
+    SECAlgorithmID cipherAlgId; /* encryption/mac */
+};
+
+typedef struct sec_pkcs5V2ParameterStr sec_pkcs5V2Parameter;
+
+/* template for PKCS 5 PBE Parameter.  This template has been expanded
+ * based upon the additions in PKCS 12.  This should eventually be moved
+ * if RSA updates PKCS 5.
+ */
+const SEC_ASN1Template SEC_PKCS5PBEParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE,
+        0, NULL, sizeof(SEC_PKCS5PBEParameter) },
+      { SEC_ASN1_OCTET_STRING,
+        offsetof(SEC_PKCS5PBEParameter, salt) },
+      { SEC_ASN1_INTEGER,
+        offsetof(SEC_PKCS5PBEParameter, iteration) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_V2PKCS12PBEParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) },
+      { SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS5PBEParameter, salt) },
+      { SEC_ASN1_INTEGER, offsetof(SEC_PKCS5PBEParameter, iteration) },
+      { 0 }
+    };
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+/* SECOID_PKCS5_PBKDF2 */
+const SEC_ASN1Template SEC_PKCS5V2PBEParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) },
+      /* This is really a choice, but since we only understand this
+     * choice, just inline it */
+      { SEC_ASN1_OCTET_STRING, offsetof(SEC_PKCS5PBEParameter, salt) },
+      { SEC_ASN1_INTEGER, offsetof(SEC_PKCS5PBEParameter, iteration) },
+      { SEC_ASN1_INTEGER | SEC_ASN1_OPTIONAL,
+        offsetof(SEC_PKCS5PBEParameter, keyLength) },
+      { SEC_ASN1_POINTER | SEC_ASN1_XTRN | SEC_ASN1_OPTIONAL,
+        offsetof(SEC_PKCS5PBEParameter, pPrfAlgId),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { 0 }
+    };
+
+/* SEC_OID_PKCS5_PBES2, SEC_OID_PKCS5_PBMAC1 */
+const SEC_ASN1Template SEC_PKCS5V2ParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS5PBEParameter) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(sec_pkcs5V2Parameter, pbeAlgId),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(sec_pkcs5V2Parameter, cipherAlgId),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { 0 }
+    };
+
+/*
+ * maps a PBE algorithm to a crypto algorithm. for PKCS12 and PKCS5v1
+ * for PKCS5v2 it returns SEC_OID_PKCS5_PBKDF2.
+ */
+SECOidTag
+sec_pkcs5GetCryptoFromAlgTag(SECOidTag algorithm)
+{
+    switch (algorithm) {
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
+            return SEC_OID_DES_EDE3_CBC;
+        case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
+        case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
+        case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
+            return SEC_OID_DES_CBC;
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+            return SEC_OID_RC2_CBC;
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
+            return SEC_OID_RC4;
+        case SEC_OID_PKCS5_PBKDF2:
+        case SEC_OID_PKCS5_PBES2:
+        case SEC_OID_PKCS5_PBMAC1:
+            return SEC_OID_PKCS5_PBKDF2;
+        default:
+            break;
+    }
+
+    return SEC_OID_UNKNOWN;
+}
+
+/*
+ * get a new PKCS5 V2 Parameter from the algorithm id.
+ *  if arena is passed in, use it, otherwise create a new arena.
+ */
+sec_pkcs5V2Parameter *
+sec_pkcs5_v2_get_v2_param(PLArenaPool *arena, SECAlgorithmID *algid)
+{
+    PLArenaPool *localArena = NULL;
+    sec_pkcs5V2Parameter *pbeV2_param;
+    SECStatus rv;
+
+    if (arena == NULL) {
+        localArena = arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+        if (arena == NULL) {
+            return NULL;
+        }
+    }
+    pbeV2_param = PORT_ArenaZNew(arena, sec_pkcs5V2Parameter);
+    if (pbeV2_param == NULL) {
+        goto loser;
+    }
+
+    rv = SEC_ASN1DecodeItem(arena, pbeV2_param,
+                            SEC_PKCS5V2ParameterTemplate, &algid->parameters);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    pbeV2_param->poolp = arena;
+    return pbeV2_param;
+loser:
+    if (localArena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return NULL;
+}
+
+void
+sec_pkcs5_v2_destroy_v2_param(sec_pkcs5V2Parameter *param)
+{
+    if (param && param->poolp) {
+        PORT_FreeArena(param->poolp, PR_TRUE);
+    }
+}
+
+/* maps crypto algorithm from PBE algorithm.
+ */
+SECOidTag
+SEC_PKCS5GetCryptoAlgorithm(SECAlgorithmID *algid)
+{
+
+    SECOidTag pbeAlg;
+    SECOidTag cipherAlg;
+
+    if (algid == NULL)
+        return SEC_OID_UNKNOWN;
+
+    pbeAlg = SECOID_GetAlgorithmTag(algid);
+    cipherAlg = sec_pkcs5GetCryptoFromAlgTag(pbeAlg);
+    if ((cipherAlg == SEC_OID_PKCS5_PBKDF2) &&
+        (pbeAlg != SEC_OID_PKCS5_PBKDF2)) {
+        sec_pkcs5V2Parameter *pbeV2_param;
+        cipherAlg = SEC_OID_UNKNOWN;
+
+        pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid);
+        if (pbeV2_param != NULL) {
+            cipherAlg = SECOID_GetAlgorithmTag(&pbeV2_param->cipherAlgId);
+            sec_pkcs5_v2_destroy_v2_param(pbeV2_param);
+        }
+    }
+
+    return cipherAlg;
+}
+
+/* check to see if an oid is a pbe algorithm
+ */
+PRBool
+SEC_PKCS5IsAlgorithmPBEAlg(SECAlgorithmID *algid)
+{
+    return (PRBool)(SEC_PKCS5GetCryptoAlgorithm(algid) != SEC_OID_UNKNOWN);
+}
+
+PRBool
+SEC_PKCS5IsAlgorithmPBEAlgTag(SECOidTag algtag)
+{
+    return (PRBool)(sec_pkcs5GetCryptoFromAlgTag(algtag) != SEC_OID_UNKNOWN);
+}
+
+/*
+ * find the most appropriate PKCS5v2 overall oid tag from a regular
+ * cipher/hash algorithm tag.
+ */
+static SECOidTag
+sec_pkcs5v2_get_pbe(SECOidTag algTag)
+{
+    /* if it's a valid hash oid... */
+    if (HASH_GetHashOidTagByHMACOidTag(algTag) != SEC_OID_UNKNOWN) {
+        /* use the MAC tag */
+        return SEC_OID_PKCS5_PBMAC1;
+    }
+    if (HASH_GetHashTypeByOidTag(algTag) != HASH_AlgNULL) {
+        /* eliminate Hash algorithms */
+        return SEC_OID_UNKNOWN;
+    }
+    if (PK11_AlgtagToMechanism(algTag) != CKM_INVALID_MECHANISM) {
+        /* it's not a hash, if it has a PKCS #11 mechanism associated
+         * with it, assume it's a cipher. (NOTE this will generate
+         * some false positives). */
+        return SEC_OID_PKCS5_PBES2;
+    }
+    return SEC_OID_UNKNOWN;
+}
+
+/*
+ * maps PBE algorithm from crypto algorithm, assumes SHA1 hashing.
+ *  input keyLen in bits.
+ */
+SECOidTag
+SEC_PKCS5GetPBEAlgorithm(SECOidTag algTag, int keyLen)
+{
+    switch (algTag) {
+        case SEC_OID_DES_EDE3_CBC:
+            switch (keyLen) {
+                case 168:
+                case 192:
+                case 0:
+                    return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC;
+                case 128:
+                case 92:
+                    return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC;
+                default:
+                    break;
+            }
+            break;
+        case SEC_OID_DES_CBC:
+            return SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC;
+        case SEC_OID_RC2_CBC:
+            switch (keyLen) {
+                case 40:
+                    return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+                case 128:
+                case 0:
+                    return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC;
+                default:
+                    break;
+            }
+            break;
+        case SEC_OID_RC4:
+            switch (keyLen) {
+                case 40:
+                    return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4;
+                case 128:
+                case 0:
+                    return SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4;
+                default:
+                    break;
+            }
+            break;
+        default:
+            return sec_pkcs5v2_get_pbe(algTag);
+    }
+
+    return SEC_OID_UNKNOWN;
+}
+
+static PRBool
+sec_pkcs5_is_algorithm_v2_aes_algorithm(SECOidTag algorithm)
+{
+    switch (algorithm) {
+        case SEC_OID_AES_128_CBC:
+        case SEC_OID_AES_192_CBC:
+        case SEC_OID_AES_256_CBC:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+static int
+sec_pkcs5v2_aes_key_length(SECOidTag algorithm)
+{
+    switch (algorithm) {
+        /* The key length for the AES-CBC-Pad algorithms are
+         * determined from the undelying cipher algorithm.  */
+        case SEC_OID_AES_128_CBC:
+            return AES_128_KEY_LENGTH;
+        case SEC_OID_AES_192_CBC:
+            return AES_192_KEY_LENGTH;
+        case SEC_OID_AES_256_CBC:
+            return AES_256_KEY_LENGTH;
+        default:
+            break;
+    }
+    return 0;
+}
+
+/*
+ * get the key length in bytes from a PKCS5 PBE
+ */
+static int
+sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId)
+{
+    SECOidTag algorithm;
+    PLArenaPool *arena = NULL;
+    SEC_PKCS5PBEParameter p5_param;
+    SECStatus rv;
+    int length = -1;
+    SECOidTag cipherAlg = SEC_OID_UNKNOWN;
+
+    algorithm = SECOID_GetAlgorithmTag(algid);
+    /* sanity check, they should all be PBKDF2 here */
+    if (algorithm != SEC_OID_PKCS5_PBKDF2) {
+        return -1;
+    }
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+    PORT_Memset(&p5_param, 0, sizeof(p5_param));
+    rv = SEC_ASN1DecodeItem(arena, &p5_param,
+                            SEC_PKCS5V2PBEParameterTemplate, &algid->parameters);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (cipherAlgId)
+        cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId);
+
+    if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) {
+        length = sec_pkcs5v2_aes_key_length(cipherAlg);
+    } else if (p5_param.keyLength.data != NULL) {
+        length = DER_GetInteger(&p5_param.keyLength);
+    }
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return length;
+}
+
+/*
+ *  get the key length in bytes needed for the PBE algorithm
+ */
+int
+SEC_PKCS5GetKeyLength(SECAlgorithmID *algid)
+{
+
+    SECOidTag algorithm;
+
+    if (algid == NULL)
+        return SEC_OID_UNKNOWN;
+
+    algorithm = SECOID_GetAlgorithmTag(algid);
+
+    switch (algorithm) {
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
+            return 24;
+        case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
+        case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
+        case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
+            return 8;
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+            return 5;
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
+            return 16;
+        case SEC_OID_PKCS5_PBKDF2:
+            return sec_pkcs5v2_key_length(algid, NULL);
+        case SEC_OID_PKCS5_PBES2:
+        case SEC_OID_PKCS5_PBMAC1: {
+            sec_pkcs5V2Parameter *pbeV2_param;
+            int length = -1;
+            pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid);
+            if (pbeV2_param != NULL) {
+                length = sec_pkcs5v2_key_length(&pbeV2_param->pbeAlgId,
+                                                &pbeV2_param->cipherAlgId);
+                sec_pkcs5_v2_destroy_v2_param(pbeV2_param);
+            }
+            return length;
+        }
+
+        default:
+            break;
+    }
+    return -1;
+}
+
+/* the PKCS12 V2 algorithms only encode the salt, there is no iteration
+ * count so we need a check for V2 algorithm parameters.
+ */
+static PRBool
+sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(SECOidTag algorithm)
+{
+    switch (algorithm) {
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+            return PR_TRUE;
+        default:
+            break;
+    }
+
+    return PR_FALSE;
+}
+
+static PRBool
+sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(SECOidTag algorithm)
+{
+    switch (algorithm) {
+        case SEC_OID_PKCS5_PBES2:
+        case SEC_OID_PKCS5_PBMAC1:
+        case SEC_OID_PKCS5_PBKDF2:
+            return PR_TRUE;
+        default:
+            break;
+    }
+
+    return PR_FALSE;
+}
+
+/* destroy a pbe parameter.  it assumes that the parameter was
+ * generated using the appropriate create function and therefor
+ * contains an arena pool.
+ */
+static void
+sec_pkcs5_destroy_pbe_param(SEC_PKCS5PBEParameter *pbe_param)
+{
+    if (pbe_param != NULL)
+        PORT_FreeArena(pbe_param->poolp, PR_TRUE);
+}
+
+/* creates a PBE parameter based on the PBE algorithm.  the only required
+ * parameters are algorithm and interation.  the return is a PBE parameter
+ * which conforms to PKCS 5 parameter unless an extended parameter is needed.
+ * this is primarily if keyLength and a variable key length algorithm are
+ * specified.
+ *   salt -  if null, a salt will be generated from random bytes.
+ *   iteration - number of iterations to perform hashing.
+ *   keyLength - only used in variable key length algorithms. if specified,
+ *            should be in bytes.
+ * once a parameter is allocated, it should be destroyed calling
+ * sec_pkcs5_destroy_pbe_parameter or SEC_PKCS5DestroyPBEParameter.
+ */
+#define DEFAULT_SALT_LENGTH 16
+static SEC_PKCS5PBEParameter *
+sec_pkcs5_create_pbe_parameter(SECOidTag algorithm,
+                               SECItem *salt,
+                               int iteration,
+                               int keyLength,
+                               SECOidTag prfAlg)
+{
+    PLArenaPool *poolp = NULL;
+    SEC_PKCS5PBEParameter *pbe_param = NULL;
+    SECStatus rv = SECSuccess;
+    void *dummy = NULL;
+
+    if (iteration < 0) {
+        return NULL;
+    }
+
+    poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL)
+        return NULL;
+
+    pbe_param = (SEC_PKCS5PBEParameter *)PORT_ArenaZAlloc(poolp,
+                                                          sizeof(SEC_PKCS5PBEParameter));
+    if (!pbe_param) {
+        PORT_FreeArena(poolp, PR_TRUE);
+        return NULL;
+    }
+
+    pbe_param->poolp = poolp;
+
+    rv = SECFailure;
+    if (salt && salt->data) {
+        rv = SECITEM_CopyItem(poolp, &pbe_param->salt, salt);
+    } else {
+        /* sigh, the old interface generated salt on the fly, so we have to
+         * preserve the semantics */
+        pbe_param->salt.len = DEFAULT_SALT_LENGTH;
+        pbe_param->salt.data = PORT_ArenaZAlloc(poolp, DEFAULT_SALT_LENGTH);
+        if (pbe_param->salt.data) {
+            rv = PK11_GenerateRandom(pbe_param->salt.data, DEFAULT_SALT_LENGTH);
+        }
+    }
+
+    if (rv != SECSuccess) {
+        PORT_FreeArena(poolp, PR_TRUE);
+        return NULL;
+    }
+
+    /* encode the integer */
+    dummy = SEC_ASN1EncodeInteger(poolp, &pbe_param->iteration,
+                                  iteration);
+    rv = (dummy) ? SECSuccess : SECFailure;
+
+    if (rv != SECSuccess) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    /*
+     * for PKCS5 v2 Add the keylength and the prf
+     */
+    if (algorithm == SEC_OID_PKCS5_PBKDF2) {
+        dummy = SEC_ASN1EncodeInteger(poolp, &pbe_param->keyLength,
+                                      keyLength);
+        rv = (dummy) ? SECSuccess : SECFailure;
+        if (rv != SECSuccess) {
+            PORT_FreeArena(poolp, PR_FALSE);
+            return NULL;
+        }
+        rv = SECOID_SetAlgorithmID(poolp, &pbe_param->prfAlgId, prfAlg, NULL);
+        if (rv != SECSuccess) {
+            PORT_FreeArena(poolp, PR_FALSE);
+            return NULL;
+        }
+        pbe_param->pPrfAlgId = &pbe_param->prfAlgId;
+    }
+
+    return pbe_param;
+}
+
+/* creates a algorithm ID containing the PBE algorithm and appropriate
+ * parameters.  the required parameter is the algorithm.  if salt is
+ * not specified, it is generated randomly.
+ *
+ * the returned SECAlgorithmID should be destroyed using
+ * SECOID_DestroyAlgorithmID
+ */
+SECAlgorithmID *
+sec_pkcs5CreateAlgorithmID(SECOidTag algorithm,
+                           SECOidTag cipherAlgorithm,
+                           SECOidTag prfAlg,
+                           SECOidTag *pPbeAlgorithm,
+                           int keyLength,
+                           SECItem *salt,
+                           int iteration)
+{
+    PLArenaPool *poolp = NULL;
+    SECAlgorithmID *algid, *ret_algid = NULL;
+    SECOidTag pbeAlgorithm = algorithm;
+    SECItem der_param;
+    void *dummy;
+    SECStatus rv = SECFailure;
+    SEC_PKCS5PBEParameter *pbe_param = NULL;
+    sec_pkcs5V2Parameter pbeV2_param;
+
+    if (iteration <= 0) {
+        return NULL;
+    }
+
+    poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (!poolp) {
+        goto loser;
+    }
+
+    if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm) ||
+        sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(algorithm)) {
+        /* use PKCS 5 v2 */
+        SECItem *cipherParams;
+
+        /*
+         * if we ask for pkcs5 Algorithms directly, then the
+         * application needs to supply the cipher algorithm,
+         * otherwise we are implicitly using pkcs5 v2 and the
+         * passed in algorithm is the encryption algorithm.
+         */
+        if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(algorithm)) {
+            if (cipherAlgorithm == SEC_OID_UNKNOWN) {
+                goto loser;
+            }
+        } else {
+            cipherAlgorithm = algorithm;
+            /* force algorithm to be chosen below */
+            algorithm = SEC_OID_PKCS5_PBKDF2;
+        }
+
+        pbeAlgorithm = SEC_OID_PKCS5_PBKDF2;
+        /*
+         * 'algorithm' is the overall algorithm oid tag used to wrap the
+         * entire algoithm ID block. For PKCS5v1 and PKCS12, this
+         * algorithm OID has encoded in it both the PBE KDF function
+         * and the encryption algorithm. For PKCS 5v2, PBE KDF and
+         * encryption/macing oids are encoded as parameters in
+         * the algorithm ID block.
+         *
+         * Thus in PKCS5 v1 and PKCS12, this algorithm maps to a pkcs #11
+         * mechanism, where as in PKCS 5v2, this alogithm tag does not map
+         * directly to a PKCS #11 mechanim, instead the 2 oids in the
+         * algorithm ID block map the the actual PKCS #11 mechanism.
+         * gorithm is). We use choose this algorithm oid based on the
+         * cipherAlgorithm to determine what this should be (MAC1 or PBES2).
+         */
+        if (algorithm == SEC_OID_PKCS5_PBKDF2) {
+            /* choose mac or pbes */
+            algorithm = sec_pkcs5v2_get_pbe(cipherAlgorithm);
+        }
+
+        /* set the PKCS5v2 specific parameters */
+        if (keyLength == 0) {
+            SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm);
+            if (hashAlg != SEC_OID_UNKNOWN) {
+                keyLength = HASH_ResultLenByOidTag(hashAlg);
+            } else if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlgorithm)) {
+                keyLength = sec_pkcs5v2_aes_key_length(cipherAlgorithm);
+            } else {
+                CK_MECHANISM_TYPE cryptoMech;
+                cryptoMech = PK11_AlgtagToMechanism(cipherAlgorithm);
+                if (cryptoMech == CKM_INVALID_MECHANISM) {
+                    goto loser;
+                }
+                keyLength = PK11_GetMaxKeyLength(cryptoMech);
+            }
+            if (keyLength == 0) {
+                goto loser;
+            }
+        }
+        /* currently SEC_OID_HMAC_SHA1 is the default */
+        if (prfAlg == SEC_OID_UNKNOWN) {
+            prfAlg = SEC_OID_HMAC_SHA1;
+        }
+
+        /* build the PKCS5v2 cipher algorithm id */
+        cipherParams = pk11_GenerateNewParamWithKeyLen(
+            PK11_AlgtagToMechanism(cipherAlgorithm), keyLength);
+        if (!cipherParams) {
+            goto loser;
+        }
+
+        PORT_Memset(&pbeV2_param, 0, sizeof(pbeV2_param));
+
+        rv = PK11_ParamToAlgid(cipherAlgorithm, cipherParams,
+                               poolp, &pbeV2_param.cipherAlgId);
+        SECITEM_FreeItem(cipherParams, PR_TRUE);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    /* generate the parameter */
+    pbe_param = sec_pkcs5_create_pbe_parameter(pbeAlgorithm, salt, iteration,
+                                               keyLength, prfAlg);
+    if (!pbe_param) {
+        goto loser;
+    }
+
+    /* generate the algorithm id */
+    algid = (SECAlgorithmID *)PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID));
+    if (algid == NULL) {
+        goto loser;
+    }
+
+    der_param.data = NULL;
+    der_param.len = 0;
+    if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(algorithm)) {
+        /* first encode the PBE algorithm ID */
+        dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param,
+                                   SEC_PKCS5V2PBEParameterTemplate);
+        if (dummy == NULL) {
+            goto loser;
+        }
+        rv = SECOID_SetAlgorithmID(poolp, &pbeV2_param.pbeAlgId,
+                                   pbeAlgorithm, &der_param);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        /* now encode the Full PKCS 5 parameter */
+        der_param.data = NULL;
+        der_param.len = 0;
+        dummy = SEC_ASN1EncodeItem(poolp, &der_param, &pbeV2_param,
+                                   SEC_PKCS5V2ParameterTemplate);
+    } else if (!sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
+        dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param,
+                                   SEC_PKCS5PBEParameterTemplate);
+    } else {
+        dummy = SEC_ASN1EncodeItem(poolp, &der_param, pbe_param,
+                                   SEC_V2PKCS12PBEParameterTemplate);
+    }
+    if (dummy == NULL) {
+        goto loser;
+    }
+
+    rv = SECOID_SetAlgorithmID(poolp, algid, algorithm, &der_param);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID));
+    if (ret_algid == NULL) {
+        goto loser;
+    }
+
+    rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid);
+    if (rv != SECSuccess) {
+        SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE);
+        ret_algid = NULL;
+    } else if (pPbeAlgorithm) {
+        *pPbeAlgorithm = pbeAlgorithm;
+    }
+
+loser:
+    if (poolp != NULL) {
+        PORT_FreeArena(poolp, PR_TRUE);
+        algid = NULL;
+    }
+
+    if (pbe_param) {
+        sec_pkcs5_destroy_pbe_param(pbe_param);
+    }
+
+    return ret_algid;
+}
+
+SECStatus
+pbe_PK11AlgidToParam(SECAlgorithmID *algid, SECItem *mech)
+{
+    SEC_PKCS5PBEParameter p5_param;
+    SECItem *salt = NULL;
+    SECOidTag algorithm = SECOID_GetAlgorithmTag(algid);
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECFailure;
+    unsigned char *paramData = NULL;
+    unsigned char *pSalt = NULL;
+    CK_ULONG iterations;
+    int paramLen = 0;
+    int iv_len;
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    /*
+     * decode the algid based on the pbe type
+     */
+    PORT_Memset(&p5_param, 0, sizeof(p5_param));
+    if (sec_pkcs5_is_algorithm_v2_pkcs12_algorithm(algorithm)) {
+        iv_len = PK11_GetIVLength(PK11_AlgtagToMechanism(algorithm));
+        rv = SEC_ASN1DecodeItem(arena, &p5_param,
+                                SEC_V2PKCS12PBEParameterTemplate, &algid->parameters);
+    } else if (algorithm == SEC_OID_PKCS5_PBKDF2) {
+        iv_len = 0;
+        rv = SEC_ASN1DecodeItem(arena, &p5_param,
+                                SEC_PKCS5V2PBEParameterTemplate, &algid->parameters);
+    } else {
+        iv_len = PK11_GetIVLength(PK11_AlgtagToMechanism(algorithm));
+        rv = SEC_ASN1DecodeItem(arena, &p5_param, SEC_PKCS5PBEParameterTemplate,
+                                &algid->parameters);
+    }
+
+    if (iv_len < 0) {
+        goto loser;
+    }
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* get salt */
+    salt = &p5_param.salt;
+    iterations = (CK_ULONG)DER_GetInteger(&p5_param.iteration);
+
+    /* allocate and fill in the PKCS #11 parameters
+     * based on the algorithm. */
+    if (algorithm == SEC_OID_PKCS5_PBKDF2) {
+        SECOidTag prfAlgTag;
+        CK_PKCS5_PBKD2_PARAMS *pbeV2_params =
+            (CK_PKCS5_PBKD2_PARAMS *)PORT_ZAlloc(
+                sizeof(CK_PKCS5_PBKD2_PARAMS) + salt->len);
+
+        if (pbeV2_params == NULL) {
+            goto loser;
+        }
+        paramData = (unsigned char *)pbeV2_params;
+        paramLen = sizeof(CK_PKCS5_PBKD2_PARAMS);
+
+        /* set the prf */
+        prfAlgTag = SEC_OID_HMAC_SHA1;
+        if (p5_param.pPrfAlgId &&
+            p5_param.pPrfAlgId->algorithm.data != 0) {
+            prfAlgTag = SECOID_GetAlgorithmTag(p5_param.pPrfAlgId);
+        }
+        switch (prfAlgTag) {
+            case SEC_OID_HMAC_SHA1:
+                pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA1;
+                break;
+            case SEC_OID_HMAC_SHA224:
+                pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA224;
+                break;
+            case SEC_OID_HMAC_SHA256:
+                pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA256;
+                break;
+            case SEC_OID_HMAC_SHA384:
+                pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA384;
+                break;
+            case SEC_OID_HMAC_SHA512:
+                pbeV2_params->prf = CKP_PKCS5_PBKD2_HMAC_SHA512;
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                goto loser;
+        }
+
+        /* probably should fetch these from the prfAlgid */
+        pbeV2_params->pPrfData = NULL;
+        pbeV2_params->ulPrfDataLen = 0;
+        pbeV2_params->saltSource = CKZ_SALT_SPECIFIED;
+        pSalt = ((CK_CHAR_PTR)pbeV2_params) + sizeof(CK_PKCS5_PBKD2_PARAMS);
+        PORT_Memcpy(pSalt, salt->data, salt->len);
+        pbeV2_params->pSaltSourceData = pSalt;
+        pbeV2_params->ulSaltSourceDataLen = salt->len;
+        pbeV2_params->iterations = iterations;
+    } else {
+        CK_PBE_PARAMS *pbe_params = NULL;
+        pbe_params = (CK_PBE_PARAMS *)PORT_ZAlloc(sizeof(CK_PBE_PARAMS) +
+                                                  salt->len + iv_len);
+        if (pbe_params == NULL) {
+            goto loser;
+        }
+        paramData = (unsigned char *)pbe_params;
+        paramLen = sizeof(CK_PBE_PARAMS);
+
+        pSalt = ((CK_CHAR_PTR)pbe_params) + sizeof(CK_PBE_PARAMS);
+        pbe_params->pSalt = pSalt;
+        PORT_Memcpy(pSalt, salt->data, salt->len);
+        pbe_params->ulSaltLen = salt->len;
+        if (iv_len) {
+            pbe_params->pInitVector =
+                ((CK_CHAR_PTR)pbe_params) + sizeof(CK_PBE_PARAMS) + salt->len;
+        }
+        pbe_params->ulIteration = iterations;
+    }
+
+    /* copy into the mechanism sec item */
+    mech->data = paramData;
+    mech->len = paramLen;
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    return SECSuccess;
+
+loser:
+    if (paramData) {
+        PORT_Free(paramData);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    return SECFailure;
+}
+
+/*
+ * public, deprecated, not valid for pkcs5 v2
+ *
+ * use PK11_CreatePBEV2AlgorithmID or PK11_CreatePBEAlgorithmID to create
+ * PBE algorithmID's directly.
+ */
+SECStatus
+PBE_PK11ParamToAlgid(SECOidTag algTag, SECItem *param, PLArenaPool *arena,
+                     SECAlgorithmID *algId)
+{
+    CK_PBE_PARAMS *pbe_param;
+    SECItem pbeSalt;
+    SECAlgorithmID *pbeAlgID = NULL;
+    SECStatus rv;
+
+    if (!param || !algId) {
+        return SECFailure;
+    }
+
+    pbe_param = (CK_PBE_PARAMS *)param->data;
+    pbeSalt.data = (unsigned char *)pbe_param->pSalt;
+    pbeSalt.len = pbe_param->ulSaltLen;
+    pbeAlgID = sec_pkcs5CreateAlgorithmID(algTag, SEC_OID_UNKNOWN,
+                                          SEC_OID_UNKNOWN, NULL, 0,
+                                          &pbeSalt, (int)pbe_param->ulIteration);
+    if (!pbeAlgID) {
+        return SECFailure;
+    }
+
+    rv = SECOID_CopyAlgorithmID(arena, algId, pbeAlgID);
+    SECOID_DestroyAlgorithmID(pbeAlgID, PR_TRUE);
+    return rv;
+}
+
+/*
+ * public, Deprecated, This function is only for binary compatibility with
+ * older applications. Does not support PKCS5v2.
+ *
+ * Applications should use PK11_PBEKeyGen() for keys and PK11_GetPBEIV() for
+ * iv values rather than generating PBE bits directly.
+ */
+PBEBitGenContext *
+PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose,
+                  SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded,
+                  unsigned int iterations)
+{
+    SECItem *context = NULL;
+    SECItem mechItem;
+    CK_PBE_PARAMS pbe_params;
+    CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
+    PK11SlotInfo *slot;
+    PK11SymKey *symKey = NULL;
+    unsigned char ivData[8];
+
+    /* use the purpose to select the low level keygen algorithm */
+    switch (bitGenPurpose) {
+        case pbeBitGenIntegrityKey:
+            switch (hashAlgorithm) {
+                case SEC_OID_SHA1:
+                    mechanism = CKM_PBA_SHA1_WITH_SHA1_HMAC;
+                    break;
+                case SEC_OID_MD2:
+                    mechanism = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN;
+                    break;
+                case SEC_OID_MD5:
+                    mechanism = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN;
+                    break;
+                default:
+                    break;
+            }
+            break;
+        case pbeBitGenCipherIV:
+            if (bitsNeeded > 64) {
+                break;
+            }
+            if (hashAlgorithm != SEC_OID_SHA1) {
+                break;
+            }
+            mechanism = CKM_PBE_SHA1_DES3_EDE_CBC;
+            break;
+        case pbeBitGenCipherKey:
+            if (hashAlgorithm != SEC_OID_SHA1) {
+                break;
+            }
+            switch (bitsNeeded) {
+                case 40:
+                    mechanism = CKM_PBE_SHA1_RC4_40;
+                    break;
+                case 128:
+                    mechanism = CKM_PBE_SHA1_RC4_128;
+                    break;
+                default:
+                    break;
+            }
+        case pbeBitGenIDNull:
+            break;
+    }
+
+    if (mechanism == CKM_INVALID_MECHANISM) {
+        /* we should set an error, but this is a deprecated function, and
+         * we are keeping bug for bug compatibility;)... */
+        return NULL;
+    }
+
+    pbe_params.pInitVector = ivData;
+    pbe_params.pPassword = pwitem->data;
+    pbe_params.ulPasswordLen = pwitem->len;
+    pbe_params.pSalt = salt->data;
+    pbe_params.ulSaltLen = salt->len;
+    pbe_params.ulIteration = iterations;
+    mechItem.data = (unsigned char *)&pbe_params;
+    mechItem.len = sizeof(pbe_params);
+
+    slot = PK11_GetInternalSlot();
+    symKey = PK11_RawPBEKeyGen(slot, mechanism,
+                               &mechItem, pwitem, PR_FALSE, NULL);
+    PK11_FreeSlot(slot);
+    if (symKey != NULL) {
+        if (bitGenPurpose == pbeBitGenCipherIV) {
+            /* NOTE: this assumes that bitsNeeded is a multiple of 8! */
+            SECItem ivItem;
+
+            ivItem.data = ivData;
+            ivItem.len = bitsNeeded / 8;
+            context = SECITEM_DupItem(&ivItem);
+        } else {
+            SECItem *keyData;
+            PK11_ExtractKeyValue(symKey);
+            keyData = PK11_GetKeyData(symKey);
+
+            /* assert bitsNeeded with length? */
+            if (keyData) {
+                context = SECITEM_DupItem(keyData);
+            }
+        }
+        PK11_FreeSymKey(symKey);
+    }
+
+    return (PBEBitGenContext *)context;
+}
+
+/*
+ * public, Deprecated, This function is only for binary compatibility with
+ * older applications. Does not support PKCS5v2.
+ *
+ * Applications should use PK11_PBEKeyGen() for keys and PK11_GetIV() for
+ * iv values rather than generating PBE bits directly.
+ */
+SECItem *
+PBE_GenerateBits(PBEBitGenContext *context)
+{
+    return (SECItem *)context;
+}
+
+/*
+ * public, Deprecated, This function is only for binary compatibility with
+ * older applications. Does not support PKCS5v2.
+ *
+ * Applications should use PK11_PBEKeyGen() for keys and PK11_GetPBEIV() for
+ * iv values rather than generating PBE bits directly.
+ */
+void
+PBE_DestroyContext(PBEBitGenContext *context)
+{
+    SECITEM_FreeItem((SECItem *)context, PR_TRUE);
+}
+
+/*
+ * public, deprecated. Replaced with PK11_GetPBEIV().
+ */
+SECItem *
+SEC_PKCS5GetIV(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES)
+{
+    /* pbe stuff */
+    CK_MECHANISM_TYPE type;
+    SECItem *param = NULL;
+    SECItem *iv = NULL;
+    SECItem src;
+    int iv_len = 0;
+    PK11SymKey *symKey;
+    PK11SlotInfo *slot;
+    CK_PBE_PARAMS_PTR pPBEparams;
+    SECOidTag pbeAlg;
+
+    pbeAlg = SECOID_GetAlgorithmTag(algid);
+    if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(pbeAlg)) {
+        unsigned char *ivData;
+        sec_pkcs5V2Parameter *pbeV2_param = NULL;
+
+        /* can only return the IV if the crypto Algorithm exists */
+        if (pbeAlg == SEC_OID_PKCS5_PBKDF2) {
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            goto loser;
+        }
+        pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid);
+        if (pbeV2_param == NULL) {
+            goto loser;
+        }
+        /* extract the IV from the cipher algid portion of our pkcs 5 v2
+         * algorithm id */
+        type = PK11_AlgtagToMechanism(
+            SECOID_GetAlgorithmTag(&pbeV2_param->cipherAlgId));
+        param = PK11_ParamFromAlgid(&pbeV2_param->cipherAlgId);
+        sec_pkcs5_v2_destroy_v2_param(pbeV2_param);
+        if (!param) {
+            goto loser;
+        }
+        /* NOTE: NULL is a permissible return here */
+        ivData = PK11_IVFromParam(type, param, &iv_len);
+        src.data = ivData;
+        src.len = iv_len;
+        goto done;
+    }
+
+    type = PK11_AlgtagToMechanism(pbeAlg);
+    param = PK11_ParamFromAlgid(algid);
+    if (param == NULL) {
+        goto done;
+    }
+    slot = PK11_GetInternalSlot();
+    symKey = PK11_RawPBEKeyGen(slot, type, param, pwitem, faulty3DES, NULL);
+    PK11_FreeSlot(slot);
+    if (symKey == NULL) {
+        goto loser;
+    }
+    PK11_FreeSymKey(symKey);
+    pPBEparams = (CK_PBE_PARAMS_PTR)param->data;
+    iv_len = PK11_GetIVLength(type);
+
+    src.data = (unsigned char *)pPBEparams->pInitVector;
+    src.len = iv_len;
+
+done:
+    iv = SECITEM_DupItem(&src);
+
+loser:
+    if (param) {
+        SECITEM_ZfreeItem(param, PR_TRUE);
+    }
+    return iv;
+}
+
+/*
+ * Subs from nss 3.x that are deprecated
+ */
+PBEBitGenContext *
+__PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose,
+                    SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded,
+                    unsigned int iterations)
+{
+    PORT_Assert("__PBE_CreateContext is Deprecated" == NULL);
+    return NULL;
+}
+
+SECItem *
+__PBE_GenerateBits(PBEBitGenContext *context)
+{
+    PORT_Assert("__PBE_GenerateBits is Deprecated" == NULL);
+    return NULL;
+}
+
+void
+__PBE_DestroyContext(PBEBitGenContext *context)
+{
+    PORT_Assert("__PBE_DestroyContext is Deprecated" == NULL);
+}
+
+SECStatus
+RSA_FormatBlock(SECItem *result, unsigned modulusLen,
+                int blockType, SECItem *data)
+{
+    PORT_Assert("RSA_FormatBlock is Deprecated" == NULL);
+    return SECFailure;
+}
+
+/****************************************************************************
+ *
+ * Now Do The PBE Functions Here...
+ *
+ ****************************************************************************/
+
+static void
+pk11_destroy_ck_pbe_params(CK_PBE_PARAMS *pbe_params)
+{
+    if (pbe_params) {
+        if (pbe_params->pPassword)
+            PORT_ZFree(pbe_params->pPassword, pbe_params->ulPasswordLen);
+        if (pbe_params->pSalt)
+            PORT_ZFree(pbe_params->pSalt, pbe_params->ulSaltLen);
+        PORT_ZFree(pbe_params, sizeof(CK_PBE_PARAMS));
+    }
+}
+
+/*
+ * public, deprecated.  use PK11_CreatePBEAlgorithmID or
+ * PK11_CreatePBEV2AlgorithmID instead. If you needthe pkcs #11 parameters,
+ * use PK11_ParamFromAlgid from the algorithm id you created using
+ * PK11_CreatePBEAlgorithmID or PK11_CreatePBEV2AlgorithmID.
+ */
+SECItem *
+PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations)
+{
+    CK_PBE_PARAMS *pbe_params = NULL;
+    SECItem *paramRV = NULL;
+
+    paramRV = SECITEM_AllocItem(NULL, NULL, sizeof(CK_PBE_PARAMS));
+    if (!paramRV) {
+        goto loser;
+    }
+    /* init paramRV->data with zeros. SECITEM_AllocItem does not do it */
+    PORT_Memset(paramRV->data, 0, sizeof(CK_PBE_PARAMS));
+
+    pbe_params = (CK_PBE_PARAMS *)paramRV->data;
+    pbe_params->pPassword = (CK_CHAR_PTR)PORT_ZAlloc(pwd->len);
+    if (!pbe_params->pPassword) {
+        goto loser;
+    }
+    PORT_Memcpy(pbe_params->pPassword, pwd->data, pwd->len);
+    pbe_params->ulPasswordLen = pwd->len;
+
+    pbe_params->pSalt = (CK_CHAR_PTR)PORT_ZAlloc(salt->len);
+    if (!pbe_params->pSalt) {
+        goto loser;
+    }
+    PORT_Memcpy(pbe_params->pSalt, salt->data, salt->len);
+    pbe_params->ulSaltLen = salt->len;
+
+    pbe_params->ulIteration = (CK_ULONG)iterations;
+    return paramRV;
+
+loser:
+    if (pbe_params)
+        pk11_destroy_ck_pbe_params(pbe_params);
+    if (paramRV)
+        PORT_ZFree(paramRV, sizeof(SECItem));
+    return NULL;
+}
+
+/*
+ * public, deprecated.
+ */
+void
+PK11_DestroyPBEParams(SECItem *pItem)
+{
+    if (pItem) {
+        CK_PBE_PARAMS *params = (CK_PBE_PARAMS *)(pItem->data);
+        if (params)
+            pk11_destroy_ck_pbe_params(params);
+        PORT_ZFree(pItem, sizeof(SECItem));
+    }
+}
+
+/*
+ * public, Partially supports PKCS5 V2 (some parameters are not controllable
+ * through this interface). Use PK11_CreatePBEV2AlgorithmID() if you need
+ * finer control these.
+ */
+SECAlgorithmID *
+PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt)
+{
+    SECAlgorithmID *algid = NULL;
+    algid = sec_pkcs5CreateAlgorithmID(algorithm,
+                                       SEC_OID_UNKNOWN, SEC_OID_UNKNOWN, NULL,
+                                       0, salt, iteration);
+    return algid;
+}
+
+/*
+ * public, fully support pkcs5v2.
+ */
+SECAlgorithmID *
+PK11_CreatePBEV2AlgorithmID(SECOidTag pbeAlgTag, SECOidTag cipherAlgTag,
+                            SECOidTag prfAlgTag, int keyLength, int iteration,
+                            SECItem *salt)
+{
+    SECAlgorithmID *algid = NULL;
+    algid = sec_pkcs5CreateAlgorithmID(pbeAlgTag, cipherAlgTag, prfAlgTag,
+                                       NULL, keyLength, salt, iteration);
+    return algid;
+}
+
+/*
+ * private.
+ */
+PK11SymKey *
+pk11_RawPBEKeyGenWithKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                             SECItem *params, CK_KEY_TYPE keyType, int keyLen,
+                             SECItem *pwitem, void *wincx)
+{
+    CK_ULONG pwLen;
+    /* do some sanity checks */
+    if ((params == NULL) || (params->data == NULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (type == CKM_INVALID_MECHANISM) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return NULL;
+    }
+
+    /* set the password pointer in the parameters... */
+    if (type == CKM_PKCS5_PBKD2) {
+        CK_PKCS5_PBKD2_PARAMS *pbev2_params;
+        if (params->len < sizeof(CK_PKCS5_PBKD2_PARAMS)) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return NULL;
+        }
+        pbev2_params = (CK_PKCS5_PBKD2_PARAMS *)params->data;
+        pbev2_params->pPassword = pwitem->data;
+        pwLen = pwitem->len;
+        pbev2_params->ulPasswordLen = &pwLen;
+    } else {
+        CK_PBE_PARAMS *pbe_params;
+        if (params->len < sizeof(CK_PBE_PARAMS)) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return NULL;
+        }
+        pbe_params = (CK_PBE_PARAMS *)params->data;
+        pbe_params->pPassword = pwitem->data;
+        pbe_params->ulPasswordLen = pwitem->len;
+    }
+
+    /* generate the key (and sometimes the IV as a side effect...) */
+    return pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, params, keyType,
+                                               keyLen, NULL,
+                                               CKF_SIGN | CKF_ENCRYPT | CKF_DECRYPT | CKF_UNWRAP | CKF_WRAP,
+                                               0, wincx);
+}
+
+/*
+ * public, deprecated. use PK11_PBEKeyGen instead.
+ */
+PK11SymKey *
+PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *mech,
+                  SECItem *pwitem, PRBool faulty3DES, void *wincx)
+{
+    if (faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) {
+        type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC;
+    }
+    return pk11_RawPBEKeyGenWithKeyType(slot, type, mech, -1, 0, pwitem, wincx);
+}
+
+/*
+ * pubic, supports pkcs5 v2.
+ *
+ * Create symkey from a PBE key. The algid can be created with
+ *  PK11_CreatePBEV2AlgorithmID and PK11_CreatePBEAlgorithmID, or by
+ *  extraction of der data.
+ */
+PK11SymKey *
+PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
+               PRBool faulty3DES, void *wincx)
+{
+    CK_MECHANISM_TYPE type;
+    SECItem *param = NULL;
+    PK11SymKey *symKey = NULL;
+    SECOidTag pbeAlg;
+    CK_KEY_TYPE keyType = -1;
+    int keyLen = 0;
+
+    pbeAlg = SECOID_GetAlgorithmTag(algid);
+    /* if we're using PKCS5v2, extract the additional information we need
+     * (key length, key type, and pbeAlg). */
+    if (sec_pkcs5_is_algorithm_v2_pkcs5_algorithm(pbeAlg)) {
+        CK_MECHANISM_TYPE cipherMech;
+        sec_pkcs5V2Parameter *pbeV2_param;
+
+        pbeV2_param = sec_pkcs5_v2_get_v2_param(NULL, algid);
+        if (pbeV2_param == NULL) {
+            return NULL;
+        }
+        cipherMech = PK11_AlgtagToMechanism(
+            SECOID_GetAlgorithmTag(&pbeV2_param->cipherAlgId));
+        pbeAlg = SECOID_GetAlgorithmTag(&pbeV2_param->pbeAlgId);
+        param = PK11_ParamFromAlgid(&pbeV2_param->pbeAlgId);
+        sec_pkcs5_v2_destroy_v2_param(pbeV2_param);
+        keyLen = SEC_PKCS5GetKeyLength(algid);
+        if (keyLen == -1) {
+            keyLen = 0;
+        }
+        keyType = PK11_GetKeyType(cipherMech, keyLen);
+    } else {
+        param = PK11_ParamFromAlgid(algid);
+    }
+
+    if (param == NULL) {
+        goto loser;
+    }
+
+    type = PK11_AlgtagToMechanism(pbeAlg);
+    if (type == CKM_INVALID_MECHANISM) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        goto loser;
+    }
+    if (faulty3DES && (type == CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC)) {
+        type = CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC;
+    }
+    symKey = pk11_RawPBEKeyGenWithKeyType(slot, type, param, keyType, keyLen,
+                                          pwitem, wincx);
+
+loser:
+    if (param) {
+        SECITEM_ZfreeItem(param, PR_TRUE);
+    }
+    return symKey;
+}
+
+/*
+ * public, supports pkcs5v2
+ */
+SECItem *
+PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem)
+{
+    return SEC_PKCS5GetIV(algid, pwitem, PR_FALSE);
+}
+
+CK_MECHANISM_TYPE
+pk11_GetPBECryptoMechanism(SECAlgorithmID *algid, SECItem **param,
+                           SECItem *pbe_pwd, PRBool faulty3DES)
+{
+    int keyLen = 0;
+    SECOidTag algTag = SEC_PKCS5GetCryptoAlgorithm(algid);
+    CK_MECHANISM_TYPE mech = PK11_AlgtagToMechanism(algTag);
+    CK_MECHANISM_TYPE returnedMechanism = CKM_INVALID_MECHANISM;
+    SECItem *iv = NULL;
+
+    if (mech == CKM_INVALID_MECHANISM) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        goto loser;
+    }
+    if (PK11_GetIVLength(mech)) {
+        iv = SEC_PKCS5GetIV(algid, pbe_pwd, faulty3DES);
+        if (iv == NULL) {
+            goto loser;
+        }
+    }
+
+    keyLen = SEC_PKCS5GetKeyLength(algid);
+
+    *param = pk11_ParamFromIVWithLen(mech, iv, keyLen);
+    if (*param == NULL) {
+        goto loser;
+    }
+    returnedMechanism = mech;
+
+loser:
+    if (iv) {
+        SECITEM_FreeItem(iv, PR_TRUE);
+    }
+    return returnedMechanism;
+}
+
+/*
+ * Public, supports pkcs5 v2
+ *
+ * Get the crypto mechanism directly from the pbe algorithmid.
+ *
+ * It's important to go directly from the algorithm id so that we can
+ * handle both the PKCS #5 v1, PKCS #12, and PKCS #5 v2 cases.
+ *
+ * This function returns both the mechanism and the parameter for the mechanism.
+ * The caller is responsible for freeing the parameter.
+ */
+CK_MECHANISM_TYPE
+PK11_GetPBECryptoMechanism(SECAlgorithmID *algid, SECItem **param,
+                           SECItem *pbe_pwd)
+{
+    return pk11_GetPBECryptoMechanism(algid, param, pbe_pwd, PR_FALSE);
+}
diff --git a/nss/lib/pk11wrap/pk11pk12.c b/nss/lib/pk11wrap/pk11pk12.c
new file mode 100644
index 0000000..d753b87
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11pk12.c
@@ -0,0 +1,786 @@
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file PKCS #12 fuctions that should really be moved to the
+ * PKCS #12 directory, however we can't do that in a point release
+ * because that will break binary compatibility, so we keep them here for now.
+ */
+
+#include "seccomon.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "key.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "prerror.h"
+
+/* These data structures should move to a common .h file shared between the
+ * wrappers and the pkcs 12 code. */
+
+/*
+** RSA Raw Private Key structures
+*/
+
+/* member names from PKCS#1, section 7.2 */
+struct SECKEYRSAPrivateKeyStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECItem modulus;
+    SECItem publicExponent;
+    SECItem privateExponent;
+    SECItem prime1;
+    SECItem prime2;
+    SECItem exponent1;
+    SECItem exponent2;
+    SECItem coefficient;
+};
+typedef struct SECKEYRSAPrivateKeyStr SECKEYRSAPrivateKey;
+
+/*
+** DSA Raw Private Key structures
+*/
+
+struct SECKEYDSAPrivateKeyStr {
+    SECKEYPQGParams params;
+    SECItem privateValue;
+};
+typedef struct SECKEYDSAPrivateKeyStr SECKEYDSAPrivateKey;
+
+/*
+** Diffie-Hellman Raw Private Key structures
+** Structure member names suggested by PKCS#3.
+*/
+struct SECKEYDHPrivateKeyStr {
+    PLArenaPool *arena;
+    SECItem prime;
+    SECItem base;
+    SECItem privateValue;
+};
+typedef struct SECKEYDHPrivateKeyStr SECKEYDHPrivateKey;
+
+/*
+** Elliptic Curve Private Key structures
+** <https://tools.ietf.org/html/rfc5915#section-3>
+*/
+struct SECKEYECPrivateKeyStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECItem curveOID;    /* optional/ignored */
+    SECItem publicValue; /* required (for now) */
+    SECItem privateValue;
+};
+typedef struct SECKEYECPrivateKeyStr SECKEYECPrivateKey;
+
+/*
+** raw private key object
+*/
+struct SECKEYRawPrivateKeyStr {
+    PLArenaPool *arena;
+    KeyType keyType;
+    union {
+        SECKEYRSAPrivateKey rsa;
+        SECKEYDSAPrivateKey dsa;
+        SECKEYDHPrivateKey dh;
+        SECKEYECPrivateKey ec;
+    } u;
+};
+typedef struct SECKEYRawPrivateKeyStr SECKEYRawPrivateKey;
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+/* ASN1 Templates for new decoder/encoder */
+/*
+ * Attribute value for PKCS8 entries (static?)
+ */
+const SEC_ASN1Template SECKEY_AttributeTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SECKEYAttribute) },
+    { SEC_ASN1_OBJECT_ID, offsetof(SECKEYAttribute, attrType) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(SECKEYAttribute, attrValue),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template SECKEY_SetOfAttributeTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SECKEY_AttributeTemplate },
+};
+
+const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPrivateKeyInfo) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYPrivateKeyInfo, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SECKEYPrivateKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING, offsetof(SECKEYPrivateKeyInfo, privateKey) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(SECKEYPrivateKeyInfo, attributes),
+      SECKEY_SetOfAttributeTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SECKEY_PrivateKeyInfoTemplate }
+};
+
+const SEC_ASN1Template SECKEY_RSAPrivateKeyExportTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRawPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.version) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.modulus) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.publicExponent) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.privateExponent) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.prime1) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.prime2) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.exponent1) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.exponent2) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.rsa.coefficient) },
+    { 0 }
+};
+
+const SEC_ASN1Template SECKEY_DSAPrivateKeyExportTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dsa.privateValue) },
+};
+
+const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.privateValue) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.base) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.prime) },
+};
+
+#ifndef NSS_DISABLE_ECC
+SEC_ASN1_MKSUB(SEC_BitStringTemplate)
+SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
+
+const SEC_ASN1Template SECKEY_ECPrivateKeyExportTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRawPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.ec.version) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(SECKEYRawPrivateKey, u.ec.privateValue) },
+    /* This value will always be ignored. u.ec.curveOID will always be
+     * overriden with the outer AlgorithmID.parameters. */
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(SECKEYRawPrivateKey, u.ec.curveOID),
+      SEC_ASN1_SUB(SEC_ObjectIDTemplate) },
+    /* The public value is optional per RFC, but required in NSS. We
+     * can't do scalar mult on ECs to get a raw point with PK11 APIs. */
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(SECKEYRawPrivateKey, u.ec.publicValue),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+#endif /* NSS_DISABLE_ECC */
+
+const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SECKEYEncryptedPrivateKeyInfo) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SECKEYEncryptedPrivateKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(SECKEYEncryptedPrivateKeyInfo, encryptedData) },
+    { 0 }
+};
+
+const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SECKEY_EncryptedPrivateKeyInfoTemplate }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_EncryptedPrivateKeyInfoTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PrivateKeyInfoTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SECKEY_PointerToPrivateKeyInfoTemplate)
+
+/*
+ * See bugzilla bug 125359
+ * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
+ * all of the templates above that en/decode into integers must be converted
+ * from ASN.1's signed integer type.  This is done by marking either the
+ * source or destination (encoding or decoding, respectively) type as
+ * siUnsignedInteger.
+ */
+
+static void
+prepare_rsa_priv_key_export_for_asn1(SECKEYRawPrivateKey *key)
+{
+    key->u.rsa.modulus.type = siUnsignedInteger;
+    key->u.rsa.publicExponent.type = siUnsignedInteger;
+    key->u.rsa.privateExponent.type = siUnsignedInteger;
+    key->u.rsa.prime1.type = siUnsignedInteger;
+    key->u.rsa.prime2.type = siUnsignedInteger;
+    key->u.rsa.exponent1.type = siUnsignedInteger;
+    key->u.rsa.exponent2.type = siUnsignedInteger;
+    key->u.rsa.coefficient.type = siUnsignedInteger;
+}
+
+static void
+prepare_dsa_priv_key_export_for_asn1(SECKEYRawPrivateKey *key)
+{
+    key->u.dsa.privateValue.type = siUnsignedInteger;
+    key->u.dsa.params.prime.type = siUnsignedInteger;
+    key->u.dsa.params.subPrime.type = siUnsignedInteger;
+    key->u.dsa.params.base.type = siUnsignedInteger;
+}
+
+static void
+prepare_dh_priv_key_export_for_asn1(SECKEYRawPrivateKey *key)
+{
+    key->u.dh.privateValue.type = siUnsignedInteger;
+    key->u.dh.prime.type = siUnsignedInteger;
+    key->u.dh.base.type = siUnsignedInteger;
+}
+
+static void
+prepare_ec_priv_key_export_for_asn1(SECKEYRawPrivateKey *key)
+{
+    key->u.ec.version.type = siUnsignedInteger;
+    key->u.ec.curveOID.type = siUnsignedInteger;
+    key->u.ec.privateValue.type = siUnsignedInteger;
+    key->u.ec.publicValue.type = siUnsignedInteger;
+}
+
+SECStatus
+PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot, SECItem *derPKI,
+                             SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                             PRBool isPrivate, unsigned int keyUsage, void *wincx)
+{
+    return PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, derPKI,
+                                                    nickname, publicValue,
+                                                    isPerm, isPrivate, keyUsage,
+                                                    NULL, wincx);
+}
+
+SECStatus
+PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
+                                         SECItem *nickname, SECItem *publicValue,
+                                         PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
+                                         SECKEYPrivateKey **privk, void *wincx)
+{
+    SECKEYPrivateKeyInfo *pki = NULL;
+    PLArenaPool *temparena = NULL;
+    SECStatus rv = SECFailure;
+
+    temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!temparena)
+        return rv;
+    pki = PORT_ArenaZNew(temparena, SECKEYPrivateKeyInfo);
+    if (!pki) {
+        PORT_FreeArena(temparena, PR_FALSE);
+        return rv;
+    }
+    pki->arena = temparena;
+
+    rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
+                            derPKI);
+    if (rv != SECSuccess) {
+        /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the
+         * validity of the data in pki. The best we can do is free the arena
+         * and return. */
+        PORT_FreeArena(temparena, PR_TRUE);
+        return rv;
+    }
+    if (pki->privateKey.data == NULL) {
+        /* If SEC_ASN1DecodeItems succeeds but SECKEYPrivateKeyInfo.privateKey
+         * is a zero-length octet string, free the arena and return a failure
+         * to avoid trying to zero the corresponding SECItem in
+         * SECKEY_DestroyPrivateKeyInfo(). */
+        PORT_FreeArena(temparena, PR_TRUE);
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
+                                               publicValue, isPerm, isPrivate,
+                                               keyUsage, privk, wincx);
+
+    /* this zeroes the key and frees the arena */
+    SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
+    return rv;
+}
+
+SECStatus
+PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
+                               SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                               PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk,
+                               void *wincx)
+{
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
+    CK_KEY_TYPE keyType = CKK_RSA;
+    CK_OBJECT_HANDLE objectID;
+    CK_ATTRIBUTE theTemplate[20];
+    int templateCount = 0;
+    SECStatus rv = SECFailure;
+    CK_ATTRIBUTE *attrs;
+    CK_ATTRIBUTE *signedattr = NULL;
+    int signedcount = 0;
+    CK_ATTRIBUTE *ap;
+    SECItem *ck_id = NULL;
+
+    attrs = theTemplate;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, isPerm ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_SENSITIVE, isPrivate ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_PRIVATE, isPrivate ? &cktrue : &ckfalse,
+                  sizeof(CK_BBOOL));
+    attrs++;
+
+    switch (lpk->keyType) {
+        case rsaKey:
+            keyType = CKK_RSA;
+            PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? &cktrue
+                                                                              : &ckfalse,
+                          sizeof(CK_BBOOL));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? &cktrue
+                                                                                : &ckfalse,
+                          sizeof(CK_BBOOL));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                                             : &ckfalse,
+                          sizeof(CK_BBOOL));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
+                          (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                            : &ckfalse,
+                          sizeof(CK_BBOOL));
+            attrs++;
+            ck_id = PK11_MakeIDFromPubKey(&lpk->u.rsa.modulus);
+            if (ck_id == NULL) {
+                goto loser;
+            }
+            PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+            attrs++;
+            if (nickname) {
+                PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
+                attrs++;
+            }
+            signedattr = attrs;
+            PK11_SETATTRS(attrs, CKA_MODULUS, lpk->u.rsa.modulus.data,
+                          lpk->u.rsa.modulus.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_PUBLIC_EXPONENT,
+                          lpk->u.rsa.publicExponent.data,
+                          lpk->u.rsa.publicExponent.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_PRIVATE_EXPONENT,
+                          lpk->u.rsa.privateExponent.data,
+                          lpk->u.rsa.privateExponent.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_PRIME_1,
+                          lpk->u.rsa.prime1.data,
+                          lpk->u.rsa.prime1.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_PRIME_2,
+                          lpk->u.rsa.prime2.data,
+                          lpk->u.rsa.prime2.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_EXPONENT_1,
+                          lpk->u.rsa.exponent1.data,
+                          lpk->u.rsa.exponent1.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_EXPONENT_2,
+                          lpk->u.rsa.exponent2.data,
+                          lpk->u.rsa.exponent2.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_COEFFICIENT,
+                          lpk->u.rsa.coefficient.data,
+                          lpk->u.rsa.coefficient.len);
+            attrs++;
+            break;
+        case dsaKey:
+            keyType = CKK_DSA;
+            /* To make our intenal PKCS #11 module work correctly with
+             * our database, we need to pass in the public key value for
+             * this dsa key. We have a netscape only CKA_ value to do this.
+             * Only send it to internal slots */
+            if (publicValue == NULL) {
+                goto loser;
+            }
+            if (PK11_IsInternal(slot)) {
+                PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
+                              publicValue->data, publicValue->len);
+                attrs++;
+            }
+            PK11_SETATTRS(attrs, CKA_SIGN, &cktrue, sizeof(CK_BBOOL));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_SIGN_RECOVER, &cktrue, sizeof(CK_BBOOL));
+            attrs++;
+            if (nickname) {
+                PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
+                attrs++;
+            }
+            ck_id = PK11_MakeIDFromPubKey(publicValue);
+            if (ck_id == NULL) {
+                goto loser;
+            }
+            PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+            attrs++;
+            signedattr = attrs;
+            PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dsa.params.prime.data,
+                          lpk->u.dsa.params.prime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_SUBPRIME, lpk->u.dsa.params.subPrime.data,
+                          lpk->u.dsa.params.subPrime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dsa.params.base.data,
+                          lpk->u.dsa.params.base.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dsa.privateValue.data,
+                          lpk->u.dsa.privateValue.len);
+            attrs++;
+            break;
+        case dhKey:
+            keyType = CKK_DH;
+            /* To make our intenal PKCS #11 module work correctly with
+             * our database, we need to pass in the public key value for
+             * this dh key. We have a netscape only CKA_ value to do this.
+             * Only send it to internal slots */
+            if (PK11_IsInternal(slot)) {
+                PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
+                              publicValue->data, publicValue->len);
+                attrs++;
+            }
+            PK11_SETATTRS(attrs, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+            attrs++;
+            if (nickname) {
+                PK11_SETATTRS(attrs, CKA_LABEL, nickname->data, nickname->len);
+                attrs++;
+            }
+            ck_id = PK11_MakeIDFromPubKey(publicValue);
+            if (ck_id == NULL) {
+                goto loser;
+            }
+            PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+            attrs++;
+            signedattr = attrs;
+            PK11_SETATTRS(attrs, CKA_PRIME, lpk->u.dh.prime.data,
+                          lpk->u.dh.prime.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_BASE, lpk->u.dh.base.data,
+                          lpk->u.dh.base.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.dh.privateValue.data,
+                          lpk->u.dh.privateValue.len);
+            attrs++;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case ecKey:
+            keyType = CKK_EC;
+            if (lpk->u.ec.publicValue.len == 0) {
+                goto loser;
+            }
+            if (PK11_IsInternal(slot)) {
+                PK11_SETATTRS(attrs, CKA_NETSCAPE_DB,
+                              lpk->u.ec.publicValue.data,
+                              lpk->u.ec.publicValue.len);
+                attrs++;
+            }
+            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                                             : &ckfalse,
+                          sizeof(CK_BBOOL));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
+                          (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                            : &ckfalse,
+                          sizeof(CK_BBOOL));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_DERIVE, (keyUsage & KU_KEY_AGREEMENT) ? &cktrue
+                                                                           : &ckfalse,
+                          sizeof(CK_BBOOL));
+            attrs++;
+            ck_id = PK11_MakeIDFromPubKey(&lpk->u.ec.publicValue);
+            if (ck_id == NULL) {
+                goto loser;
+            }
+            PK11_SETATTRS(attrs, CKA_ID, ck_id->data, ck_id->len);
+            attrs++;
+            signedattr = attrs;
+            /* curveOID always is a copy of AlgorithmID.parameters. */
+            PK11_SETATTRS(attrs, CKA_EC_PARAMS, lpk->u.ec.curveOID.data,
+                          lpk->u.ec.curveOID.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_VALUE, lpk->u.ec.privateValue.data,
+                          lpk->u.ec.privateValue.len);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_EC_POINT, lpk->u.ec.publicValue.data,
+                          lpk->u.ec.publicValue.len);
+            attrs++;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            goto loser;
+    }
+    templateCount = attrs - theTemplate;
+    PORT_Assert(templateCount <= sizeof(theTemplate) / sizeof(CK_ATTRIBUTE));
+    PORT_Assert(signedattr != NULL);
+    signedcount = attrs - signedattr;
+
+    for (ap = signedattr; signedcount; ap++, signedcount--) {
+        pk11_SignedToUnsigned(ap);
+    }
+
+    rv = PK11_CreateNewObject(slot, CK_INVALID_SESSION,
+                              theTemplate, templateCount, isPerm, &objectID);
+
+    /* create and return a SECKEYPrivateKey */
+    if (rv == SECSuccess && privk != NULL) {
+        *privk = PK11_MakePrivKey(slot, lpk->keyType, !isPerm, objectID, wincx);
+        if (*privk == NULL) {
+            rv = SECFailure;
+        }
+    }
+loser:
+    if (ck_id) {
+        SECITEM_ZfreeItem(ck_id, PR_TRUE);
+    }
+    return rv;
+}
+
+SECStatus
+PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
+                                      SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue,
+                                      PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
+                                      SECKEYPrivateKey **privk, void *wincx)
+{
+    SECStatus rv = SECFailure;
+    SECKEYRawPrivateKey *lpk = NULL;
+    const SEC_ASN1Template *keyTemplate, *paramTemplate;
+    void *paramDest = NULL;
+    PLArenaPool *arena = NULL;
+
+    arena = PORT_NewArena(2048);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    /* need to change this to use RSA/DSA keys */
+    lpk = (SECKEYRawPrivateKey *)PORT_ArenaZAlloc(arena,
+                                                  sizeof(SECKEYRawPrivateKey));
+    if (lpk == NULL) {
+        goto loser;
+    }
+    lpk->arena = arena;
+
+    switch (SECOID_GetAlgorithmTag(&pki->algorithm)) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            prepare_rsa_priv_key_export_for_asn1(lpk);
+            keyTemplate = SECKEY_RSAPrivateKeyExportTemplate;
+            paramTemplate = NULL;
+            paramDest = NULL;
+            lpk->keyType = rsaKey;
+            break;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            prepare_dsa_priv_key_export_for_asn1(lpk);
+            keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
+            paramTemplate = SECKEY_PQGParamsTemplate;
+            paramDest = &(lpk->u.dsa.params);
+            lpk->keyType = dsaKey;
+            break;
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+            if (!publicValue) {
+                goto loser;
+            }
+            prepare_dh_priv_key_export_for_asn1(lpk);
+            keyTemplate = SECKEY_DHPrivateKeyExportTemplate;
+            paramTemplate = NULL;
+            paramDest = NULL;
+            lpk->keyType = dhKey;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+            prepare_ec_priv_key_export_for_asn1(lpk);
+            keyTemplate = SECKEY_ECPrivateKeyExportTemplate;
+            paramTemplate = NULL;
+            paramDest = NULL;
+            lpk->keyType = ecKey;
+            break;
+#endif /* NSS_DISABLE_ECC */
+
+        default:
+            keyTemplate = NULL;
+            paramTemplate = NULL;
+            paramDest = NULL;
+            break;
+    }
+
+    if (!keyTemplate) {
+        goto loser;
+    }
+
+    /* decode the private key and any algorithm parameters */
+    rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+#ifndef NSS_DISABLE_ECC
+    if (lpk->keyType == ecKey) {
+        /* Convert length in bits to length in bytes. */
+        lpk->u.ec.publicValue.len >>= 3;
+
+        /* Always override curveOID, we're ignoring any given value. */
+        rv = SECITEM_CopyItem(arena, &lpk->u.ec.curveOID,
+                              &pki->algorithm.parameters);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+#endif /* NSS_DISABLE_ECC */
+
+    if (paramDest && paramTemplate) {
+        rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
+                                &(pki->algorithm.parameters));
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    rv = PK11_ImportAndReturnPrivateKey(slot, lpk, nickname, publicValue, isPerm,
+                                        isPrivate, keyUsage, privk, wincx);
+
+loser:
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+
+    return rv;
+}
+
+SECStatus
+PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot, SECKEYPrivateKeyInfo *pki,
+                          SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                          PRBool isPrivate, unsigned int keyUsage, void *wincx)
+{
+    return PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
+                                                 publicValue, isPerm, isPrivate, keyUsage, NULL, wincx);
+}
+
+SECItem *
+PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx)
+{
+    SECKEYPrivateKeyInfo *pki = PK11_ExportPrivKeyInfo(pk, wincx);
+    SECItem *derPKI;
+
+    if (!pki) {
+        return NULL;
+    }
+    derPKI = SEC_ASN1EncodeItem(NULL, NULL, pki,
+                                SECKEY_PrivateKeyInfoTemplate);
+    SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE);
+    return derPKI;
+}
+
+static PRBool
+ReadAttribute(SECKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
+              PLArenaPool *arena, SECItem *output)
+{
+    SECStatus rv = PK11_ReadAttribute(key->pkcs11Slot, key->pkcs11ID, type,
+                                      arena, output);
+    return rv == SECSuccess;
+}
+
+/*
+ * The caller is responsible for freeing the return value by passing it to
+ * SECKEY_DestroyPrivateKeyInfo(..., PR_TRUE).
+ */
+SECKEYPrivateKeyInfo *
+PK11_ExportPrivKeyInfo(SECKEYPrivateKey *pk, void *wincx)
+{
+    /* PrivateKeyInfo version (always zero) */
+    const unsigned char pkiVersion = 0;
+    /* RSAPrivateKey version (always zero) */
+    const unsigned char rsaVersion = 0;
+    PLArenaPool *arena = NULL;
+    SECKEYRawPrivateKey rawKey;
+    SECKEYPrivateKeyInfo *pki;
+    SECItem *encoded;
+    SECStatus rv;
+
+    if (pk->keyType != rsaKey) {
+        PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+        goto loser;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        goto loser;
+    }
+    memset(&rawKey, 0, sizeof(rawKey));
+    rawKey.keyType = pk->keyType;
+    rawKey.u.rsa.version.type = siUnsignedInteger;
+    rawKey.u.rsa.version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1);
+    if (!rawKey.u.rsa.version.data) {
+        goto loser;
+    }
+    rawKey.u.rsa.version.data[0] = rsaVersion;
+    rawKey.u.rsa.version.len = 1;
+
+    /* Read the component attributes of the private key */
+    prepare_rsa_priv_key_export_for_asn1(&rawKey);
+    if (!ReadAttribute(pk, CKA_MODULUS, arena, &rawKey.u.rsa.modulus) ||
+        !ReadAttribute(pk, CKA_PUBLIC_EXPONENT, arena,
+                       &rawKey.u.rsa.publicExponent) ||
+        !ReadAttribute(pk, CKA_PRIVATE_EXPONENT, arena,
+                       &rawKey.u.rsa.privateExponent) ||
+        !ReadAttribute(pk, CKA_PRIME_1, arena, &rawKey.u.rsa.prime1) ||
+        !ReadAttribute(pk, CKA_PRIME_2, arena, &rawKey.u.rsa.prime2) ||
+        !ReadAttribute(pk, CKA_EXPONENT_1, arena,
+                       &rawKey.u.rsa.exponent1) ||
+        !ReadAttribute(pk, CKA_EXPONENT_2, arena,
+                       &rawKey.u.rsa.exponent2) ||
+        !ReadAttribute(pk, CKA_COEFFICIENT, arena,
+                       &rawKey.u.rsa.coefficient)) {
+        goto loser;
+    }
+
+    pki = PORT_ArenaZNew(arena, SECKEYPrivateKeyInfo);
+    if (!pki) {
+        goto loser;
+    }
+    encoded = SEC_ASN1EncodeItem(arena, &pki->privateKey, &rawKey,
+                                 SECKEY_RSAPrivateKeyExportTemplate);
+    if (!encoded) {
+        goto loser;
+    }
+    rv = SECOID_SetAlgorithmID(arena, &pki->algorithm,
+                               SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    pki->version.type = siUnsignedInteger;
+    pki->version.data = (unsigned char *)PORT_ArenaAlloc(arena, 1);
+    if (!pki->version.data) {
+        goto loser;
+    }
+    pki->version.data[0] = pkiVersion;
+    pki->version.len = 1;
+    pki->arena = arena;
+
+    return pki;
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    return NULL;
+}
diff --git a/nss/lib/pk11wrap/pk11pqg.c b/nss/lib/pk11wrap/pk11pqg.c
new file mode 100644
index 0000000..d7c5f36
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11pqg.c
@@ -0,0 +1,522 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* Thse functions are stub functions which will get replaced with calls through
+ * PKCS #11.
+ */
+
+#include "pk11func.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11t.h"
+#include "pk11pqg.h"
+#include "secerr.h"
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by L.
+ *   if L is greater than 1024 then the resulting verify parameters will be
+ *   DSA2.
+ * Length of Q specified by N. If zero, The PKCS #11 module will
+ *   pick an appropriately sized Q for P. If N is specified and L = 1024, then
+ *   the resulting verify parameters will be DSA2, Otherwise DSA1 parameters
+ *   will be returned.
+ * Length of SEED in bytes specified in seedBytes.
+ *
+ * The underlying PKCS #11 module will check the values for L, N,
+ * and seedBytes. The rules for softoken are:
+ *
+ * If L <= 1024, then L must be between 512 and 1024 in increments of 64 bits.
+ * If L <= 1024, then N must be 0 or 160.
+ * If L >= 1024, then L and N must match the following table:
+ *   L=1024   N=0 or 160
+ *   L=2048   N=0 or 224
+ *   L=2048   N=256
+ *   L=3072   N=0 or 256
+ * if L <= 1024
+ *   seedBbytes must be in the range [20..256].
+ * if L >= 1024
+ *   seedBbytes must be in the range [20..L/16].
+ */
+extern SECStatus
+PK11_PQG_ParamGenV2(unsigned int L, unsigned int N,
+                    unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
+{
+    PK11SlotInfo *slot = NULL;
+    CK_ATTRIBUTE genTemplate[5];
+    CK_ATTRIBUTE *attrs = genTemplate;
+    int count = sizeof(genTemplate) / sizeof(genTemplate[0]);
+    CK_MECHANISM mechanism;
+    CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE;
+    CK_RV crv;
+    CK_ATTRIBUTE pTemplate[] = {
+        { CKA_PRIME, NULL, 0 },
+        { CKA_SUBPRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
+    };
+    CK_ATTRIBUTE vTemplate[] = {
+        { CKA_NETSCAPE_PQG_COUNTER, NULL, 0 },
+        { CKA_NETSCAPE_PQG_SEED, NULL, 0 },
+        { CKA_NETSCAPE_PQG_H, NULL, 0 },
+    };
+    CK_ULONG primeBits = L;
+    CK_ULONG subPrimeBits = N;
+    int pTemplateCount = sizeof(pTemplate) / sizeof(pTemplate[0]);
+    int vTemplateCount = sizeof(vTemplate) / sizeof(vTemplate[0]);
+    PLArenaPool *parena = NULL;
+    PLArenaPool *varena = NULL;
+    PQGParams *params = NULL;
+    PQGVerify *verify = NULL;
+    CK_ULONG seedBits = seedBytes * 8;
+
+    *pParams = NULL;
+    *pVfy = NULL;
+
+    if (primeBits == (CK_ULONG)-1) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+    PK11_SETATTRS(attrs, CKA_PRIME_BITS, &primeBits, sizeof(primeBits));
+    attrs++;
+    if (subPrimeBits != 0) {
+        PK11_SETATTRS(attrs, CKA_SUB_PRIME_BITS,
+                      &subPrimeBits, sizeof(subPrimeBits));
+        attrs++;
+    }
+    if (seedBits != 0) {
+        PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED_BITS,
+                      &seedBits, sizeof(seedBits));
+        attrs++;
+    }
+    count = attrs - genTemplate;
+    PR_ASSERT(count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE));
+
+    slot = PK11_GetInternalSlot();
+    if (slot == NULL) {
+        /* set error */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); /* shouldn't happen */
+        goto loser;
+    }
+
+    /* make sure the internal slot can handle DSA2 type parameters. */
+    if (primeBits > 1024) {
+        CK_MECHANISM_INFO mechanism_info;
+
+        if (!slot->isThreadSafe)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
+                                                    CKM_DSA_PARAMETER_GEN,
+                                                    &mechanism_info);
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        /* a bug in the old softoken left CKM_DSA_PARAMETER_GEN off of the
+         * mechanism List. If we get a failure asking for this value, we know
+         * it can't handle DSA2 */
+        if ((crv != CKR_OK) || (mechanism_info.ulMaxKeySize < primeBits)) {
+            PK11_FreeSlot(slot);
+            slot = PK11_GetBestSlotWithAttributes(CKM_DSA_PARAMETER_GEN, 0,
+                                                  primeBits, NULL);
+            if (slot == NULL) {
+                PORT_SetError(SEC_ERROR_NO_TOKEN); /* can happen */
+                goto loser;
+            }
+            /* ditch seedBits in this case, they are NSS specific and at
+             * this point we have a token that claims to handle DSA2 */
+            if (seedBits) {
+                attrs--;
+            }
+        }
+    }
+
+    /* Initialize the Key Gen Mechanism */
+    mechanism.mechanism = CKM_DSA_PARAMETER_GEN;
+    mechanism.pParameter = NULL;
+    mechanism.ulParameterLen = 0;
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GenerateKey(slot->session,
+                                           &mechanism, genTemplate, count, &objectID);
+    PK11_ExitSlotMonitor(slot);
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    parena = PORT_NewArena(60);
+    if (!parena) {
+        goto loser;
+    }
+
+    crv = PK11_GetAttributes(parena, slot, objectID, pTemplate, pTemplateCount);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    params = (PQGParams *)PORT_ArenaAlloc(parena, sizeof(PQGParams));
+    if (params == NULL) {
+        goto loser;
+    }
+
+    /* fill in Params */
+    params->arena = parena;
+    params->prime.type = siUnsignedInteger;
+    params->prime.data = pTemplate[0].pValue;
+    params->prime.len = pTemplate[0].ulValueLen;
+    params->subPrime.type = siUnsignedInteger;
+    params->subPrime.data = pTemplate[1].pValue;
+    params->subPrime.len = pTemplate[1].ulValueLen;
+    params->base.type = siUnsignedInteger;
+    params->base.data = pTemplate[2].pValue;
+    params->base.len = pTemplate[2].ulValueLen;
+
+    varena = PORT_NewArena(60);
+    if (!varena) {
+        goto loser;
+    }
+
+    crv = PK11_GetAttributes(varena, slot, objectID, vTemplate, vTemplateCount);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+
+    verify = (PQGVerify *)PORT_ArenaAlloc(varena, sizeof(PQGVerify));
+    if (verify == NULL) {
+        goto loser;
+    }
+    /* fill in Params */
+    verify->arena = varena;
+    verify->counter = (unsigned int)(*(CK_ULONG *)vTemplate[0].pValue);
+    verify->seed.type = siUnsignedInteger;
+    verify->seed.data = vTemplate[1].pValue;
+    verify->seed.len = vTemplate[1].ulValueLen;
+    verify->h.type = siUnsignedInteger;
+    verify->h.data = vTemplate[2].pValue;
+    verify->h.len = vTemplate[2].ulValueLen;
+
+    PK11_DestroyObject(slot, objectID);
+    PK11_FreeSlot(slot);
+
+    *pParams = params;
+    *pVfy = verify;
+
+    return SECSuccess;
+
+loser:
+    if (objectID != CK_INVALID_HANDLE) {
+        PK11_DestroyObject(slot, objectID);
+    }
+    if (parena != NULL) {
+        PORT_FreeArena(parena, PR_FALSE);
+    }
+    if (varena != NULL) {
+        PORT_FreeArena(varena, PR_FALSE);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    return SECFailure;
+}
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by j.  Length of h will match length of P.
+ * Length of SEED in bytes specified in seedBytes.
+ * seedBbytes must be in the range [20..255] or an error will result.
+ */
+extern SECStatus
+PK11_PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes,
+                         PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int primeBits = PQG_INDEX_TO_PBITS(j);
+    return PK11_PQG_ParamGenV2(primeBits, 0, seedBytes, pParams, pVfy);
+}
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of seed and length of h both equal length of P.
+ * All lengths are specified by "j", according to the table above.
+ */
+extern SECStatus
+PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy)
+{
+    unsigned int primeBits = PQG_INDEX_TO_PBITS(j);
+    return PK11_PQG_ParamGenV2(primeBits, 0, 0, pParams, pVfy);
+}
+
+/*  Test PQGParams for validity as DSS PQG values.
+ *  If vfy is non-NULL, test PQGParams to make sure they were generated
+ *       using the specified seed, counter, and h values.
+ *
+ *  Return value indicates whether Verification operation ran successfully
+ *  to completion, but does not indicate if PQGParams are valid or not.
+ *  If return value is SECSuccess, then *pResult has these meanings:
+ *       SECSuccess: PQGParams are valid.
+ *       SECFailure: PQGParams are invalid.
+ */
+
+extern SECStatus
+PK11_PQG_VerifyParams(const PQGParams *params, const PQGVerify *vfy,
+                      SECStatus *result)
+{
+    CK_ATTRIBUTE keyTempl[] = {
+        { CKA_CLASS, NULL, 0 },
+        { CKA_KEY_TYPE, NULL, 0 },
+        { CKA_PRIME, NULL, 0 },
+        { CKA_SUBPRIME, NULL, 0 },
+        { CKA_BASE, NULL, 0 },
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_NETSCAPE_PQG_COUNTER, NULL, 0 },
+        { CKA_NETSCAPE_PQG_SEED, NULL, 0 },
+        { CKA_NETSCAPE_PQG_H, NULL, 0 },
+    };
+    CK_ATTRIBUTE *attrs;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_OBJECT_CLASS class = CKO_KG_PARAMETERS;
+    CK_KEY_TYPE keyType = CKK_DSA;
+    SECStatus rv = SECSuccess;
+    PK11SlotInfo *slot;
+    int keyCount;
+    CK_OBJECT_HANDLE objectID;
+    CK_ULONG counter;
+    CK_RV crv;
+
+    attrs = keyTempl;
+    PK11_SETATTRS(attrs, CKA_CLASS, &class, sizeof(class));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_PRIME, params->prime.data,
+                  params->prime.len);
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_SUBPRIME, params->subPrime.data,
+                  params->subPrime.len);
+    attrs++;
+    if (params->base.len) {
+        PK11_SETATTRS(attrs, CKA_BASE, params->base.data, params->base.len);
+        attrs++;
+    }
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ckfalse, sizeof(ckfalse));
+    attrs++;
+    if (vfy) {
+        if (vfy->counter != -1) {
+            counter = vfy->counter;
+            PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_COUNTER,
+                          &counter, sizeof(counter));
+            attrs++;
+        }
+        PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_SEED,
+                      vfy->seed.data, vfy->seed.len);
+        attrs++;
+        if (vfy->h.len) {
+            PK11_SETATTRS(attrs, CKA_NETSCAPE_PQG_H,
+                          vfy->h.data, vfy->h.len);
+            attrs++;
+        }
+    }
+
+    keyCount = attrs - keyTempl;
+    PORT_Assert(keyCount <= sizeof(keyTempl) / sizeof(keyTempl[0]));
+
+    slot = PK11_GetInternalSlot();
+    if (slot == NULL) {
+        return SECFailure;
+    }
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_CreateObject(slot->session, keyTempl, keyCount,
+                                            &objectID);
+    PK11_ExitSlotMonitor(slot);
+
+    /* throw away the keys, we only wanted the return code */
+    PK11_DestroyObject(slot, objectID);
+    PK11_FreeSlot(slot);
+
+    *result = SECSuccess;
+    if (crv == CKR_ATTRIBUTE_VALUE_INVALID) {
+        *result = SECFailure;
+    } else if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/**************************************************************************
+ *  Free the PQGParams struct and the things it points to.                *
+ **************************************************************************/
+extern void
+PK11_PQG_DestroyParams(PQGParams *params)
+{
+    if (params == NULL)
+        return;
+    if (params->arena != NULL) {
+        PORT_FreeArena(params->arena, PR_FALSE); /* don't zero it */
+    } else {
+        SECITEM_FreeItem(&params->prime, PR_FALSE);    /* don't free prime */
+        SECITEM_FreeItem(&params->subPrime, PR_FALSE); /* don't free subPrime */
+        SECITEM_FreeItem(&params->base, PR_FALSE);     /* don't free base */
+        PORT_Free(params);
+    }
+}
+
+/**************************************************************************
+ *  Free the PQGVerify struct and the things it points to.                *
+ **************************************************************************/
+extern void
+PK11_PQG_DestroyVerify(PQGVerify *vfy)
+{
+    if (vfy == NULL)
+        return;
+    if (vfy->arena != NULL) {
+        PORT_FreeArena(vfy->arena, PR_FALSE); /* don't zero it */
+    } else {
+        SECITEM_FreeItem(&vfy->seed, PR_FALSE); /* don't free seed */
+        SECITEM_FreeItem(&vfy->h, PR_FALSE);    /* don't free h */
+        PORT_Free(vfy);
+    }
+}
+
+#define PQG_DEFAULT_CHUNKSIZE 2048 /* bytes */
+
+/**************************************************************************
+ *  Return a pointer to a new PQGParams struct that is constructed from   *
+ *  copies of the arguments passed in.                                    *
+ *  Return NULL on failure.                                               *
+ **************************************************************************/
+extern PQGParams *
+PK11_PQG_NewParams(const SECItem *prime, const SECItem *subPrime,
+                   const SECItem *base)
+{
+    PLArenaPool *arena;
+    PQGParams *dest;
+    SECStatus status;
+
+    arena = PORT_NewArena(PQG_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto loser;
+
+    dest = (PQGParams *)PORT_ArenaZAlloc(arena, sizeof(PQGParams));
+    if (dest == NULL)
+        goto loser;
+
+    dest->arena = arena;
+
+    status = SECITEM_CopyItem(arena, &dest->prime, prime);
+    if (status != SECSuccess)
+        goto loser;
+
+    status = SECITEM_CopyItem(arena, &dest->subPrime, subPrime);
+    if (status != SECSuccess)
+        goto loser;
+
+    status = SECITEM_CopyItem(arena, &dest->base, base);
+    if (status != SECSuccess)
+        goto loser;
+
+    return dest;
+
+loser:
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+/**************************************************************************
+ * Fills in caller's "prime" SECItem with the prime value in params.
+ * Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
+ **************************************************************************/
+extern SECStatus
+PK11_PQG_GetPrimeFromParams(const PQGParams *params, SECItem *prime)
+{
+    return SECITEM_CopyItem(NULL, prime, &params->prime);
+}
+
+/**************************************************************************
+ * Fills in caller's "subPrime" SECItem with the prime value in params.
+ * Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
+ **************************************************************************/
+extern SECStatus
+PK11_PQG_GetSubPrimeFromParams(const PQGParams *params, SECItem *subPrime)
+{
+    return SECITEM_CopyItem(NULL, subPrime, &params->subPrime);
+}
+
+/**************************************************************************
+ * Fills in caller's "base" SECItem with the base value in params.
+ * Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
+ **************************************************************************/
+extern SECStatus
+PK11_PQG_GetBaseFromParams(const PQGParams *params, SECItem *base)
+{
+    return SECITEM_CopyItem(NULL, base, &params->base);
+}
+
+/**************************************************************************
+ *  Return a pointer to a new PQGVerify struct that is constructed from   *
+ *  copies of the arguments passed in.                                    *
+ *  Return NULL on failure.                                               *
+ **************************************************************************/
+extern PQGVerify *
+PK11_PQG_NewVerify(unsigned int counter, const SECItem *seed,
+                   const SECItem *h)
+{
+    PLArenaPool *arena;
+    PQGVerify *dest;
+    SECStatus status;
+
+    arena = PORT_NewArena(PQG_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto loser;
+
+    dest = (PQGVerify *)PORT_ArenaZAlloc(arena, sizeof(PQGVerify));
+    if (dest == NULL)
+        goto loser;
+
+    dest->arena = arena;
+    dest->counter = counter;
+
+    status = SECITEM_CopyItem(arena, &dest->seed, seed);
+    if (status != SECSuccess)
+        goto loser;
+
+    status = SECITEM_CopyItem(arena, &dest->h, h);
+    if (status != SECSuccess)
+        goto loser;
+
+    return dest;
+
+loser:
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+/**************************************************************************
+ * Returns "counter" value from the PQGVerify.
+ **************************************************************************/
+extern unsigned int
+PK11_PQG_GetCounterFromVerify(const PQGVerify *verify)
+{
+    return verify->counter;
+}
+
+/**************************************************************************
+ * Fills in caller's "seed" SECItem with the seed value in verify.
+ * Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
+ **************************************************************************/
+extern SECStatus
+PK11_PQG_GetSeedFromVerify(const PQGVerify *verify, SECItem *seed)
+{
+    return SECITEM_CopyItem(NULL, seed, &verify->seed);
+}
+
+/**************************************************************************
+ * Fills in caller's "h" SECItem with the h value in verify.
+ * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
+ **************************************************************************/
+extern SECStatus
+PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem *h)
+{
+    return SECITEM_CopyItem(NULL, h, &verify->h);
+}
diff --git a/nss/lib/pk11wrap/pk11pqg.h b/nss/lib/pk11wrap/pk11pqg.h
new file mode 100644
index 0000000..36596dd
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11pqg.h
@@ -0,0 +1,135 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* Thse functions are stub functions which will get replaced with calls through
+ * PKCS #11.
+ */
+
+#ifndef _PK11PQG_H_
+#define _PK11PQG_H_ 1
+
+#include "blapit.h"
+
+SEC_BEGIN_PROTOS
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of seed and length of h both equal length of P.
+ * All lengths are specified by "j", according to the table above.
+ */
+extern SECStatus PK11_PQG_ParamGen(unsigned int j, PQGParams **pParams,
+                                   PQGVerify **pVfy);
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by j.  Length of h will match length of P.
+ * Length of SEED in bytes specified in seedBytes.
+ * seedBbytes must be in the range [20..255] or an error will result.
+ */
+extern SECStatus PK11_PQG_ParamGenSeedLen(unsigned int j,
+                                          unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy);
+
+/* Generate PQGParams and PQGVerify structs.
+ * Length of P specified by L.
+ *   if L is greater than 1024 then the resulting verify parameters will be
+ *   DSA2.
+ * Length of Q specified by N. If zero, The PKCS #11 module will
+ *   pick an appropriately sized Q for L. If N is specified and L = 1024, then
+ *   the resulting verify parameters will be DSA2, Otherwise DSA1 parameters
+ *   will be returned.
+ * Length of SEED in bytes specified in seedBytes.
+ *
+ * The underlying PKCS #11 module will check the values for L, N,
+ * and seedBytes. The rules for softoken are:
+ *
+ * If L <= 1024, then L must be between 512 and 1024 in increments of 64 bits.
+ * If L <= 1024, then N must be 0 or 160.
+ * If L >= 1024, then L and N must match the following table:
+ *   L=1024   N=0 or 160
+ *   L=2048   N=0 or 224
+ *   L=2048   N=256
+ *   L=3072   N=0 or 256
+ * if L <= 1024
+ *   seedBbytes must be in the range [20..256].
+ * if L >= 1024
+ *   seedBbytes must be in the range [20..L/16].
+ */
+extern SECStatus
+PK11_PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
+                    PQGParams **pParams, PQGVerify **pVfy);
+
+/*  Test PQGParams for validity as DSS PQG values.
+ *  If vfy is non-NULL, test PQGParams to make sure they were generated
+ *       using the specified seed, counter, and h values.
+ *
+ *  Return value indicates whether Verification operation ran successfully
+ *  to completion, but does not indicate if PQGParams are valid or not.
+ *  If return value is SECSuccess, then *pResult has these meanings:
+ *       SECSuccess: PQGParams are valid.
+ *       SECFailure: PQGParams are invalid.
+ *
+ * Verify the following 12 facts about PQG counter SEED g and h
+ * These tests are specified in FIPS 186-3 Appendix A.1.1.1, A.1.1.3, and A.2.2
+ * PQG_VerifyParams in softoken/freebl will automatically choose the
+ * appropriate test.
+ */
+extern SECStatus PK11_PQG_VerifyParams(const PQGParams *params,
+                                       const PQGVerify *vfy, SECStatus *result);
+extern void PK11_PQG_DestroyParams(PQGParams *params);
+extern void PK11_PQG_DestroyVerify(PQGVerify *vfy);
+
+/**************************************************************************
+ *  Return a pointer to a new PQGParams struct that is constructed from   *
+ *  copies of the arguments passed in.                                    *
+ *  Return NULL on failure.                                               *
+ **************************************************************************/
+extern PQGParams *PK11_PQG_NewParams(const SECItem *prime, const SECItem *subPrime, const SECItem *base);
+
+/**************************************************************************
+ * Fills in caller's "prime" SECItem with the prime value in params.
+ * Contents can be freed by calling SECITEM_FreeItem(prime, PR_FALSE);
+ **************************************************************************/
+extern SECStatus PK11_PQG_GetPrimeFromParams(const PQGParams *params,
+                                             SECItem *prime);
+
+/**************************************************************************
+ * Fills in caller's "subPrime" SECItem with the prime value in params.
+ * Contents can be freed by calling SECITEM_FreeItem(subPrime, PR_FALSE);
+ **************************************************************************/
+extern SECStatus PK11_PQG_GetSubPrimeFromParams(const PQGParams *params,
+                                                SECItem *subPrime);
+
+/**************************************************************************
+ * Fills in caller's "base" SECItem with the base value in params.
+ * Contents can be freed by calling SECITEM_FreeItem(base, PR_FALSE);
+ **************************************************************************/
+extern SECStatus PK11_PQG_GetBaseFromParams(const PQGParams *params,
+                                            SECItem *base);
+
+/**************************************************************************
+ *  Return a pointer to a new PQGVerify struct that is constructed from   *
+ *  copies of the arguments passed in.                                    *
+ *  Return NULL on failure.                                               *
+ **************************************************************************/
+extern PQGVerify *PK11_PQG_NewVerify(unsigned int counter,
+                                     const SECItem *seed, const SECItem *h);
+
+/**************************************************************************
+ * Returns "counter" value from the PQGVerify.
+ **************************************************************************/
+extern unsigned int PK11_PQG_GetCounterFromVerify(const PQGVerify *verify);
+
+/**************************************************************************
+ * Fills in caller's "seed" SECItem with the seed value in verify.
+ * Contents can be freed by calling SECITEM_FreeItem(seed, PR_FALSE);
+ **************************************************************************/
+extern SECStatus PK11_PQG_GetSeedFromVerify(const PQGVerify *verify,
+                                            SECItem *seed);
+
+/**************************************************************************
+ * Fills in caller's "h" SECItem with the h value in verify.
+ * Contents can be freed by calling SECITEM_FreeItem(h, PR_FALSE);
+ **************************************************************************/
+extern SECStatus PK11_PQG_GetHFromVerify(const PQGVerify *verify, SECItem *h);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pk11wrap/pk11priv.h b/nss/lib/pk11wrap/pk11priv.h
new file mode 100644
index 0000000..ce0f5d7
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11priv.h
@@ -0,0 +1,187 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _PK11PRIV_H_
+#define _PK11PRIV_H_
+#include "plarena.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "secdert.h"
+#include "keyt.h"
+#include "certt.h"
+#include "pkcs11t.h"
+#include "secmodt.h"
+#include "seccomon.h"
+#include "pkcs7t.h"
+#include "cmsreclist.h"
+
+/*
+ * These are the private NSS functions. They are not exported by nss.def, and
+ * are not callable outside nss3.dll.
+ */
+
+SEC_BEGIN_PROTOS
+
+/************************************************************
+ * Generic Slot Lists Management
+ ************************************************************/
+PK11SlotList *PK11_NewSlotList(void);
+PK11SlotList *PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type,
+                                       PRBool needRW, void *wincx);
+SECStatus PK11_AddSlotToList(PK11SlotList *list, PK11SlotInfo *slot, PRBool sorted);
+SECStatus PK11_DeleteSlotFromList(PK11SlotList *list, PK11SlotListElement *le);
+PK11SlotListElement *PK11_FindSlotElement(PK11SlotList *list,
+                                          PK11SlotInfo *slot);
+PK11SlotInfo *PK11_FindSlotBySerial(char *serial);
+int PK11_GetMaxKeyLength(CK_MECHANISM_TYPE type);
+
+/************************************************************
+ * Generic Slot Management
+ ************************************************************/
+CK_OBJECT_HANDLE PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject);
+SECStatus PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                             CK_ATTRIBUTE_TYPE type, PLArenaPool *arena, SECItem *result);
+CK_ULONG PK11_ReadULongAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                                 CK_ATTRIBUTE_TYPE type);
+char *PK11_MakeString(PLArenaPool *arena, char *space, char *staticSring,
+                      int stringLen);
+int PK11_MapError(CK_RV error);
+CK_SESSION_HANDLE PK11_GetRWSession(PK11SlotInfo *slot);
+void PK11_RestoreROSession(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession);
+PRBool PK11_RWSessionHasLock(PK11SlotInfo *slot,
+                             CK_SESSION_HANDLE session_handle);
+PK11SlotInfo *PK11_NewSlotInfo(SECMODModule *mod);
+void PK11_EnterSlotMonitor(PK11SlotInfo *);
+void PK11_ExitSlotMonitor(PK11SlotInfo *);
+void PK11_CleanKeyList(PK11SlotInfo *slot);
+
+/************************************************************
+ *  Slot Password Management
+ ************************************************************/
+SECStatus PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+                          PRBool loadCerts, void *wincx, PRBool alreadyLocked,
+                          PRBool contextSpecific);
+SECStatus PK11_VerifyPW(PK11SlotInfo *slot, char *pw);
+void PK11_HandlePasswordCheck(PK11SlotInfo *slot, void *wincx);
+void PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func);
+void PK11_SetIsLoggedInFunc(PK11IsLoggedInFunc func);
+
+/************************************************************
+ * Manage the built-In Slot Lists
+ ************************************************************/
+SECStatus PK11_InitSlotLists(void);
+void PK11_DestroySlotLists(void);
+PK11SlotList *PK11_GetSlotList(CK_MECHANISM_TYPE type);
+void PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count);
+void PK11_ClearSlotList(PK11SlotInfo *slot);
+
+/******************************************************************
+ *           Slot initialization
+ ******************************************************************/
+SECStatus PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts);
+void PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot);
+PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot);
+SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot);
+void pk11_SetInternalKeySlot(PK11SlotInfo *slot);
+PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot);
+void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot);
+
+/*********************************************************************
+ *       Mechanism Mapping functions
+ *********************************************************************/
+void PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key,
+                            CK_MECHANISM_TYPE keygen, CK_MECHANISM_TYPE pad,
+                            int ivLen, int blocksize);
+CK_MECHANISM_TYPE PK11_GetKeyMechanism(CK_KEY_TYPE type);
+CK_MECHANISM_TYPE PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size);
+
+/**********************************************************************
+ *                   Symetric, Public, and Private Keys
+ **********************************************************************/
+/* Key Generation specialized for SDR (fixed DES3 key) */
+PK11SymKey *PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx);
+SECKEYPublicKey *PK11_ExtractPublicKey(PK11SlotInfo *slot, KeyType keyType,
+                                       CK_OBJECT_HANDLE id);
+CK_OBJECT_HANDLE PK11_FindObjectForCert(CERTCertificate *cert,
+                                        void *wincx, PK11SlotInfo **pSlot);
+PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                            CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey);
+
+/**********************************************************************
+ *                   Certs
+ **********************************************************************/
+SECStatus PK11_TraversePrivateKeysInSlot(PK11SlotInfo *slot,
+                                         SECStatus (*callback)(SECKEYPrivateKey *, void *), void *arg);
+SECKEYPrivateKey *PK11_FindPrivateKeyFromNickname(char *nickname, void *wincx);
+CK_OBJECT_HANDLE *PK11_FindObjectsFromNickname(char *nickname,
+                                               PK11SlotInfo **slotptr, CK_OBJECT_CLASS objclass, int *returnCount,
+                                               void *wincx);
+CK_OBJECT_HANDLE PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE peer,
+                                CK_OBJECT_CLASS o_class);
+CK_BBOOL pk11_HasAttributeSet_Lock(PK11SlotInfo *slot,
+                                   CK_OBJECT_HANDLE id,
+                                   CK_ATTRIBUTE_TYPE type,
+                                   PRBool haslock);
+CK_RV PK11_GetAttributes(PLArenaPool *arena, PK11SlotInfo *slot,
+                         CK_OBJECT_HANDLE obj, CK_ATTRIBUTE *attr, int count);
+int PK11_NumberCertsForCertSubject(CERTCertificate *cert);
+SECStatus PK11_TraverseCertsForSubject(CERTCertificate *cert,
+                                       SECStatus (*callback)(CERTCertificate *, void *), void *arg);
+SECStatus PK11_GetKEAMatchedCerts(PK11SlotInfo *slot1,
+                                  PK11SlotInfo *slot2, CERTCertificate **cert1, CERTCertificate **cert2);
+SECStatus PK11_TraverseCertsInSlot(PK11SlotInfo *slot,
+                                   SECStatus (*callback)(CERTCertificate *, void *), void *arg);
+SECStatus PK11_LookupCrls(CERTCrlHeadNode *nodes, int type, void *wincx);
+
+/**********************************************************************
+ *                   Crypto Contexts
+ **********************************************************************/
+PK11Context *PK11_CreateContextByRawKey(PK11SlotInfo *slot,
+                                        CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation,
+                                        SECItem *key, SECItem *param, void *wincx);
+PRBool PK11_HashOK(SECOidTag hashAlg);
+
+/**********************************************************************
+ * Functions which are  deprecated....
+ **********************************************************************/
+
+SECItem *
+PK11_FindCrlByName(PK11SlotInfo **slot, CK_OBJECT_HANDLE *handle,
+                   SECItem *derName, int type, char **url);
+
+CK_OBJECT_HANDLE
+PK11_PutCrl(PK11SlotInfo *slot, SECItem *crl,
+            SECItem *name, char *url, int type);
+
+SECItem *
+PK11_FindSMimeProfile(PK11SlotInfo **slotp, char *emailAddr, SECItem *derSubj,
+                      SECItem **profileTime);
+SECStatus
+PK11_SaveSMimeProfile(PK11SlotInfo *slot, char *emailAddr, SECItem *derSubj,
+                      SECItem *emailProfile, SECItem *profileTime);
+
+PRBool PK11_IsPermObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle);
+
+char *PK11_GetObjectNickname(PK11SlotInfo *slot, CK_OBJECT_HANDLE id);
+SECStatus PK11_SetObjectNickname(PK11SlotInfo *slot, CK_OBJECT_HANDLE id,
+                                 const char *nickname);
+
+/* private */
+SECStatus pk11_TraverseAllSlots(SECStatus (*callback)(PK11SlotInfo *, void *),
+                                void *cbArg, PRBool forceLogin, void *pwArg);
+
+/* fetch multiple CRLs for a specific issuer */
+SECStatus pk11_RetrieveCrls(CERTCrlHeadNode *nodes, SECItem *issuer,
+                            void *wincx);
+
+/* set global options for NSS PKCS#11 module loader */
+SECStatus pk11_setGlobalOptions(PRBool noSingleThreadedModules,
+                                PRBool allowAlreadyInitializedModules,
+                                PRBool dontFinalizeModules);
+
+/* return whether NSS is allowed to call C_Finalize */
+PRBool pk11_getFinalizeModulesOption(void);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pk11wrap/pk11pub.h b/nss/lib/pk11wrap/pk11pub.h
new file mode 100644
index 0000000..2578288
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11pub.h
@@ -0,0 +1,888 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _PK11PUB_H_
+#define _PK11PUB_H_
+#include "plarena.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "secdert.h"
+#include "keyt.h"
+#include "certt.h"
+#include "pkcs11t.h"
+#include "secmodt.h"
+#include "seccomon.h"
+#include "pkcs7t.h"
+#include "cmsreclist.h"
+
+/*
+ * Exported PK11 wrap functions.
+ */
+
+SEC_BEGIN_PROTOS
+
+/************************************************************
+ * Generic Slot Lists Management
+ ************************************************************/
+void PK11_FreeSlotList(PK11SlotList *list);
+SECStatus PK11_FreeSlotListElement(PK11SlotList *list, PK11SlotListElement *le);
+PK11SlotListElement *PK11_GetFirstSafe(PK11SlotList *list);
+PK11SlotListElement *PK11_GetNextSafe(PK11SlotList *list,
+                                      PK11SlotListElement *le, PRBool restart);
+
+/************************************************************
+ * Generic Slot Management
+ ************************************************************/
+PK11SlotInfo *PK11_ReferenceSlot(PK11SlotInfo *slot);
+void PK11_FreeSlot(PK11SlotInfo *slot);
+SECStatus PK11_DestroyObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE object);
+SECStatus PK11_DestroyTokenObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE object);
+PK11SlotInfo *PK11_GetInternalKeySlot(void);
+PK11SlotInfo *PK11_GetInternalSlot(void);
+SECStatus PK11_Logout(PK11SlotInfo *slot);
+void PK11_LogoutAll(void);
+
+/************************************************************
+ *  Slot Password Management
+ ************************************************************/
+void PK11_SetSlotPWValues(PK11SlotInfo *slot, int askpw, int timeout);
+void PK11_GetSlotPWValues(PK11SlotInfo *slot, int *askpw, int *timeout);
+SECStatus PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw);
+SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot, const char *pw);
+PRBool PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx);
+SECStatus PK11_InitPin(PK11SlotInfo *slot, const char *ssopw,
+                       const char *pk11_userpwd);
+SECStatus PK11_ChangePW(PK11SlotInfo *slot, const char *oldpw,
+                        const char *newpw);
+void PK11_SetPasswordFunc(PK11PasswordFunc func);
+int PK11_GetMinimumPwdLength(PK11SlotInfo *slot);
+SECStatus PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd);
+SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
+SECStatus PK11_TokenRefresh(PK11SlotInfo *slot);
+
+/******************************************************************
+ *           Slot info functions
+ ******************************************************************/
+PK11SlotInfo *PK11_FindSlotByName(const char *name);
+/******************************************************************
+ * PK11_FindSlotsByNames searches for a PK11SlotInfo using one or
+ * more criteria : dllName, slotName and tokenName . In addition, if
+ * presentOnly is set , only slots with a token inserted will be
+ * returned.
+ ******************************************************************/
+PK11SlotList *PK11_FindSlotsByNames(const char *dllName,
+                                    const char *slotName, const char *tokenName, PRBool presentOnly);
+PRBool PK11_IsReadOnly(PK11SlotInfo *slot);
+PRBool PK11_IsInternal(PK11SlotInfo *slot);
+PRBool PK11_IsInternalKeySlot(PK11SlotInfo *slot);
+char *PK11_GetTokenName(PK11SlotInfo *slot);
+char *PK11_GetSlotName(PK11SlotInfo *slot);
+PRBool PK11_NeedLogin(PK11SlotInfo *slot);
+PRBool PK11_IsFriendly(PK11SlotInfo *slot);
+PRBool PK11_IsHW(PK11SlotInfo *slot);
+PRBool PK11_IsRemovable(PK11SlotInfo *slot);
+PRBool PK11_NeedUserInit(PK11SlotInfo *slot);
+PRBool PK11_ProtectedAuthenticationPath(PK11SlotInfo *slot);
+int PK11_GetSlotSeries(PK11SlotInfo *slot);
+int PK11_GetCurrentWrapIndex(PK11SlotInfo *slot);
+unsigned long PK11_GetDefaultFlags(PK11SlotInfo *slot);
+CK_SLOT_ID PK11_GetSlotID(PK11SlotInfo *slot);
+SECMODModuleID PK11_GetModuleID(PK11SlotInfo *slot);
+SECStatus PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info);
+SECStatus PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info);
+PRBool PK11_IsDisabled(PK11SlotInfo *slot);
+PRBool PK11_HasRootCerts(PK11SlotInfo *slot);
+PK11DisableReasons PK11_GetDisabledReason(PK11SlotInfo *slot);
+/* Prevents the slot from being used, and set disable reason to user-disable */
+/* NOTE: Mechanisms that were ON continue to stay ON */
+/*       Therefore, when the slot is enabled, it will remember */
+/*       what mechanisms needs to be turned on */
+PRBool PK11_UserDisableSlot(PK11SlotInfo *slot);
+/* Allow all mechanisms that are ON before UserDisableSlot() */
+/* was called to be available again */
+PRBool PK11_UserEnableSlot(PK11SlotInfo *slot);
+/*
+ * wait for a specific slot event.
+ * event is a specific event to wait for. Currently only
+ *    PK11TokenChangeOrRemovalEvent and PK11TokenPresentEvents are defined.
+ * timeout can be an interval time to wait, PR_INTERVAL_NO_WAIT (meaning only
+ * poll once), or PR_INTERVAL_NO_TIMEOUT (meaning block until a change).
+ * pollInterval is a suggested pulling interval value. '0' means use the
+ *  default. Future implementations that don't poll may ignore this value.
+ * series is the current series for the last slot. This should be the series
+ *  value for the slot the last time you read persistant information from the
+ *  slot. For instance, if you publish a cert from the slot, you should obtain
+ *  the slot series at that time. Then PK11_WaitForTokenEvent can detect a
+ *  a change in the slot between the time you publish and the time
+ *  PK11_WaitForTokenEvent is called, elliminating potential race conditions.
+ *
+ * The current status that is returned is:
+ *   PK11TokenNotRemovable - always returned for any non-removable token.
+ *   PK11TokenPresent - returned when the token is present and we are waiting
+ *     on a PK11TokenPresentEvent. Then next event to look for is a
+ *     PK11TokenChangeOrRemovalEvent.
+ *   PK11TokenChanged - returned when the old token has been removed and a new
+ *     token ad been inserted, and we are waiting for a
+ *     PK11TokenChangeOrRemovalEvent. The next event to look for is another
+ *     PK11TokenChangeOrRemovalEvent.
+ *   PK11TokenRemoved - returned when the token is not present and we are
+ *     waiting for a PK11TokenChangeOrRemovalEvent. The next event to look for
+ *     is a PK11TokenPresentEvent.
+ */
+PK11TokenStatus PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event,
+                                       PRIntervalTime timeout, PRIntervalTime pollInterval, int series);
+
+PRBool PK11_NeedPWInit(void);
+PRBool PK11_TokenExists(CK_MECHANISM_TYPE);
+SECStatus PK11_GetModInfo(SECMODModule *mod, CK_INFO *info);
+PRBool PK11_IsFIPS(void);
+SECMODModule *PK11_GetModule(PK11SlotInfo *slot);
+
+/*********************************************************************
+ *            Slot mapping utility functions.
+ *********************************************************************/
+PRBool PK11_IsPresent(PK11SlotInfo *slot);
+PRBool PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
+PK11SlotList *PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW,
+                                PRBool loadCerts, void *wincx);
+PK11SlotInfo *PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type,
+                                                     CK_FLAGS *mechFlag, unsigned int *keySize,
+                                                     unsigned int count, void *wincx);
+PK11SlotInfo *PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type,
+                                       unsigned int count, void *wincx);
+PK11SlotInfo *PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx);
+PK11SlotInfo *PK11_GetBestSlotWithAttributes(CK_MECHANISM_TYPE type,
+                                             CK_FLAGS mechFlag, unsigned int keySize, void *wincx);
+CK_MECHANISM_TYPE PK11_GetBestWrapMechanism(PK11SlotInfo *slot);
+int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
+
+/*
+ * Open a new database using the softoken. The caller is responsible for making
+ * sure the module spec is correct and usable. The caller should ask for one
+ * new database per call if the caller wants to get meaningful information
+ * about the new database.
+ *
+ * moduleSpec is the same data that you would pass to softoken at
+ * initialization time under the 'tokens' options. For example, if you were
+ * to specify tokens=<0x4=[configdir='./mybackup' tokenDescription='Backup']>
+ * You would specify "configdir='./mybackup' tokenDescription='Backup'" as your
+ * module spec here. The slot ID will be calculated for you by
+ * SECMOD_OpenUserDB().
+ *
+ * Typical parameters here are configdir, tokenDescription and flags.
+ *
+ * a Full list is below:
+ *
+ *
+ *  configDir - The location of the databases for this token. If configDir is
+ *         not specified, and noCertDB and noKeyDB is not specified, the load
+ *         will fail.
+ *   certPrefix - Cert prefix for this token.
+ *   keyPrefix - Prefix for the key database for this token. (if not specified,
+ *         certPrefix will be used).
+ *   tokenDescription - The label value for this token returned in the
+ *         CK_TOKEN_INFO structure with an internationalize string (UTF8).
+ *         This value will be truncated at 32 bytes (no NULL, partial UTF8
+ *         characters dropped). You should specify a user friendly name here
+ *         as this is the value the token will be referred to in most
+ *         application UI's. You should make sure tokenDescription is unique.
+ *   slotDescription - The slotDescription value for this token returned
+ *         in the CK_SLOT_INFO structure with an internationalize string
+ *         (UTF8). This value will be truncated at 64 bytes (no NULL, partial
+ *         UTF8 characters dropped). This name will not change after the
+ *         database is closed. It should have some number to make this unique.
+ *   minPWLen - minimum password length for this token.
+ *   flags - comma separated list of flag values, parsed case-insensitive.
+ *         Valid flags are:
+ *              readOnly - Databases should be opened read only.
+ *              noCertDB - Don't try to open a certificate database.
+ *              noKeyDB - Don't try to open a key database.
+ *              forceOpen - Don't fail to initialize the token if the
+ *                databases could not be opened.
+ *              passwordRequired - zero length passwords are not acceptable
+ *                (valid only if there is a keyDB).
+ *              optimizeSpace - allocate smaller hash tables and lock tables.
+ *                When this flag is not specified, Softoken will allocate
+ *                large tables to prevent lock contention.
+ */
+PK11SlotInfo *SECMOD_OpenUserDB(const char *moduleSpec);
+SECStatus SECMOD_CloseUserDB(PK11SlotInfo *slot);
+
+/*
+ * This is exactly the same as OpenUserDB except it can be called on any
+ * module that understands softoken style new slot entries. The resulting
+ * slot can be closed using SECMOD_CloseUserDB above. Value of moduleSpec
+ * is token specific.
+ */
+PK11SlotInfo *SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec);
+
+/*
+ * merge the permanent objects from on token to another
+ */
+SECStatus PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
+                           PK11MergeLog *log, void *targetPwArg, void *sourcePwArg);
+
+/*
+ * create and destroy merge logs needed by PK11_MergeTokens
+ */
+PK11MergeLog *PK11_CreateMergeLog(void);
+void PK11_DestroyMergeLog(PK11MergeLog *log);
+
+/*********************************************************************
+ *       Mechanism Mapping functions
+ *********************************************************************/
+CK_KEY_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len);
+CK_MECHANISM_TYPE PK11_GetKeyGen(CK_MECHANISM_TYPE type);
+int PK11_GetBlockSize(CK_MECHANISM_TYPE type, SECItem *params);
+int PK11_GetIVLength(CK_MECHANISM_TYPE type);
+SECItem *PK11_ParamFromIV(CK_MECHANISM_TYPE type, SECItem *iv);
+unsigned char *PK11_IVFromParam(CK_MECHANISM_TYPE type, SECItem *param, int *len);
+SECItem *PK11_BlockData(SECItem *data, unsigned long size);
+
+/* PKCS #11 to DER mapping functions */
+SECItem *PK11_ParamFromAlgid(SECAlgorithmID *algid);
+SECItem *PK11_GenerateNewParam(CK_MECHANISM_TYPE, PK11SymKey *);
+CK_MECHANISM_TYPE PK11_AlgtagToMechanism(SECOidTag algTag);
+SECOidTag PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type);
+SECOidTag PK11_FortezzaMapSig(SECOidTag algTag);
+SECStatus PK11_ParamToAlgid(SECOidTag algtag, SECItem *param,
+                            PLArenaPool *arena, SECAlgorithmID *algid);
+SECStatus PK11_SeedRandom(PK11SlotInfo *, unsigned char *data, int len);
+SECStatus PK11_GenerateRandomOnSlot(PK11SlotInfo *, unsigned char *data, int len);
+SECStatus PK11_RandomUpdate(void *data, size_t bytes);
+SECStatus PK11_GenerateRandom(unsigned char *data, int len);
+
+/* warning: cannot work with pkcs 5 v2
+ * use algorithm ID s instead of pkcs #11 mechanism pointers */
+CK_RV PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
+                                            CK_MECHANISM_PTR pCryptoMechanism,
+                                            SECItem *pbe_pwd, PRBool bad3DES);
+CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE);
+CK_MECHANISM_TYPE PK11_MapSignKeyType(KeyType keyType);
+
+/**********************************************************************
+ *                   Symmetric, Public, and Private Keys
+ **********************************************************************/
+void PK11_FreeSymKey(PK11SymKey *key);
+PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey);
+PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                              PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx);
+PK11SymKey *PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot,
+                                       CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation,
+                                       SECItem *key, CK_FLAGS flags, PRBool isPerm, void *wincx);
+PK11SymKey *PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent,
+                                  PK11Origin origin, CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID,
+                                  PRBool owner, void *wincx);
+PK11SymKey *PK11_GetWrapKey(PK11SlotInfo *slot, int wrap,
+                            CK_MECHANISM_TYPE type, int series, void *wincx);
+/*
+ * This function is not thread-safe.  It can only be called when only
+ * one thread has a reference to wrapKey.
+ */
+void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey);
+CK_MECHANISM_TYPE PK11_GetMechanism(PK11SymKey *symKey);
+/*
+ * import a public key into the desired slot
+ *
+ * This function takes a public key structure and creates a public key in a
+ * given slot. If isToken is set, then a persistant public key is created.
+ *
+ * Note: it is possible for this function to return a handle for a key which
+ * is persistant, even if isToken is not set.
+ */
+CK_OBJECT_HANDLE PK11_ImportPublicKey(PK11SlotInfo *slot,
+                                      SECKEYPublicKey *pubKey, PRBool isToken);
+PK11SymKey *PK11_KeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                        SECItem *param, int keySize, void *wincx);
+PK11SymKey *PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                             SECItem *param, int keySize, SECItem *keyid,
+                             PRBool isToken, void *wincx);
+PK11SymKey *PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot,
+                                      CK_MECHANISM_TYPE type, SECItem *param,
+                                      int keySize, SECItem *keyid, CK_FLAGS opFlags,
+                                      PK11AttrFlags attrFlags, void *wincx);
+/* Generates a key using the exact template supplied by the caller. The other
+ * PK11_[Token]KeyGen mechanisms should be used instead of this one whenever
+ * they work because they include/exclude the CKA_VALUE_LEN template value
+ * based on the mechanism type as required by many tokens.
+ *
+ * keyGenType should be PK11_GetKeyGenWithSize(type, <key size>) or it should
+ * be equal to type if PK11_GetKeyGenWithSize cannot be used (e.g. because
+ * pk11wrap does not know about the mechanisms).
+ */
+PK11SymKey *PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                                    CK_MECHANISM_TYPE keyGenType,
+                                    SECItem *param, CK_ATTRIBUTE *attrs,
+                                    unsigned int attrsCount, void *wincx);
+PK11SymKey *PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname,
+                                     void *wincx);
+PK11SymKey *PK11_GetNextSymKey(PK11SymKey *symKey);
+CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *key);
+CK_OBJECT_HANDLE PK11_GetSymKeyHandle(PK11SymKey *symKey);
+
+/*
+ * PK11_SetSymKeyUserData
+ *   sets generic user data on keys (usually a pointer to a data structure)
+ * that can later be retrieved by PK11_GetSymKeyUserData().
+ *    symKey - key where data will be set.
+ *    data - data to be set.
+ *    freefunc - function used to free the data.
+ * Setting user data on symKeys with existing user data already set will cause
+ * the existing user data to be freed before the new user data is set.
+ * Freeing user data is done by calling the user specified freefunc.
+ * If freefunc is NULL, the user data is assumed to be global or static an
+ * not freed. Passing NULL for user data to PK11_SetSymKeyUserData has the
+ * effect of freeing any existing user data, and clearing the user data
+ * pointer. If user data exists when the symKey is finally freed, that
+ * data will be freed with freefunc.
+ *
+ * Applications should only use this function on keys which the application
+ * has created directly, as there is only one user data value per key.
+ */
+void PK11_SetSymKeyUserData(PK11SymKey *symKey, void *data,
+                            PK11FreeDataFunc freefunc);
+/* PK11_GetSymKeyUserData
+ *   retrieves generic user data which was set on a key by
+ * PK11_SetSymKeyUserData.
+ *    symKey - key with data to be fetched
+ *
+ * If no data exists, or the data has been cleared, PK11_GetSymKeyUserData
+ * will return NULL. Returned data is still owned and managed by the SymKey,
+ * the caller should not free the data.
+ *
+ */
+void *PK11_GetSymKeyUserData(PK11SymKey *symKey);
+
+SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
+                             PK11SymKey *symKey, SECItem *wrappedKey);
+SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params,
+                          PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey);
+/* move a key to 'slot' optionally set the key attributes according to either
+ * operation or the  flags and making the key permanent at the same time.
+ * If the key is moved to the same slot, operation and flags values are
+ * currently ignored */
+PK11SymKey *PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
+                            CK_FLAGS flags, PRBool perm, PK11SymKey *symKey);
+/*
+ * derive a new key from the base key.
+ *  PK11_Derive returns a key which can do exactly one operation, and is
+ * ephemeral (session key).
+ *  PK11_DeriveWithFlags is the same as PK11_Derive, except you can use
+ * CKF_ flags to enable more than one operation.
+ *  PK11_DeriveWithFlagsPerm is the same as PK11_DeriveWithFlags except you can
+ *  (optionally) make the key permanent (token key).
+ */
+PK11SymKey *PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE mechanism,
+                        SECItem *param, CK_MECHANISM_TYPE target,
+                        CK_ATTRIBUTE_TYPE operation, int keySize);
+PK11SymKey *PK11_DeriveWithFlags(PK11SymKey *baseKey,
+                                 CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target,
+                                 CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags);
+PK11SymKey *PK11_DeriveWithFlagsPerm(PK11SymKey *baseKey,
+                                     CK_MECHANISM_TYPE derive,
+                                     SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                                     int keySize, CK_FLAGS flags, PRBool isPerm);
+PK11SymKey *
+PK11_DeriveWithTemplate(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
+                        SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                        int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs,
+                        PRBool isPerm);
+
+PK11SymKey *PK11_PubDerive(SECKEYPrivateKey *privKey,
+                           SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
+                           CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
+                           CK_ATTRIBUTE_TYPE operation, int keySize, void *wincx);
+PK11SymKey *PK11_PubDeriveWithKDF(SECKEYPrivateKey *privKey,
+                                  SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
+                                  CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
+                                  CK_ATTRIBUTE_TYPE operation, int keySize,
+                                  CK_ULONG kdf, SECItem *sharedData, void *wincx);
+
+/*
+ * unwrap a new key with a symetric key.
+ *  PK11_Unwrap returns a key which can do exactly one operation, and is
+ * ephemeral (session key).
+ *  PK11_UnwrapWithFlags is the same as PK11_Unwrap, except you can use
+ * CKF_ flags to enable more than one operation.
+ *  PK11_UnwrapWithFlagsPerm is the same as PK11_UnwrapWithFlags except you can
+ *  (optionally) make the key permanent (token key).
+ */
+PK11SymKey *PK11_UnwrapSymKey(PK11SymKey *key,
+                              CK_MECHANISM_TYPE wraptype, SECItem *param, SECItem *wrapppedKey,
+                              CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
+PK11SymKey *PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey,
+                                       CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey,
+                                       CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
+                                       CK_FLAGS flags);
+PK11SymKey *PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey,
+                                           CK_MECHANISM_TYPE wrapType,
+                                           SECItem *param, SECItem *wrappedKey,
+                                           CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                                           int keySize, CK_FLAGS flags, PRBool isPerm);
+
+/*
+ * unwrap a new key with a private key.
+ *  PK11_PubUnwrap returns a key which can do exactly one operation, and is
+ * ephemeral (session key).
+ *  PK11_PubUnwrapWithFlagsPerm is the same as PK11_PubUnwrap except you can
+ * use * CKF_ flags to enable more than one operation, and optionally make
+ * the key permanent (token key).
+ */
+PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
+                                 CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
+PK11SymKey *PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
+                                              SECItem *wrappedKey, CK_MECHANISM_TYPE target,
+                                              CK_ATTRIBUTE_TYPE operation, int keySize,
+                                              CK_FLAGS flags, PRBool isPerm);
+PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                              SECItem *keyID, void *wincx);
+SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force);
+SECStatus PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey);
+SECStatus PK11_DeleteTokenSymKey(PK11SymKey *symKey);
+SECStatus PK11_DeleteTokenCertAndKey(CERTCertificate *cert, void *wincx);
+SECKEYPrivateKey *PK11_LoadPrivKey(PK11SlotInfo *slot,
+                                   SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
+                                   PRBool token, PRBool sensitive);
+char *PK11_GetSymKeyNickname(PK11SymKey *symKey);
+char *PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey);
+char *PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey);
+SECStatus PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname);
+SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey,
+                                     const char *nickname);
+SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey,
+                                    const char *nickname);
+
+/*
+ * Using __PK11_SetCertificateNickname is *DANGEROUS*.
+ *
+ * The API will update the NSS database, but it *will NOT* update the in-memory data.
+ * As a result, after calling this API, there will be INCONSISTENCY between
+ * in-memory data and the database.
+ *
+ * Use of the API should be limited to short-lived tools, which will exit immediately
+ * after using this API.
+ *
+ * If you ignore this warning, your process is TAINTED and will most likely misbehave.
+ */
+SECStatus __PK11_SetCertificateNickname(CERTCertificate *cert,
+                                        const char *nickname);
+
+/* size to hold key in bytes */
+unsigned int PK11_GetKeyLength(PK11SymKey *key);
+/* size of actual secret parts of key in bits */
+/* algid is because RC4 strength is determined by the effective bits as well
+ * as the key bits */
+unsigned int PK11_GetKeyStrength(PK11SymKey *key, SECAlgorithmID *algid);
+SECStatus PK11_ExtractKeyValue(PK11SymKey *symKey);
+SECItem *PK11_GetKeyData(PK11SymKey *symKey);
+PK11SlotInfo *PK11_GetSlotFromKey(PK11SymKey *symKey);
+void *PK11_GetWindow(PK11SymKey *symKey);
+
+/*
+ * Explicitly set the key usage for the generated private key.
+ *
+ * This allows us to specify single use EC and RSA keys whose usage
+ * can be regulated by the underlying token.
+ *
+ * The underlying key usage is set using opFlags. opFlagsMask specifies
+ * which operations are specified by opFlags. For instance to turn encrypt
+ * on and signing off, opFlags would be CKF_ENCRYPT|CKF_DECRYPT and
+ * opFlagsMask would be CKF_ENCRYPT|CKF_DECRYPT|CKF_SIGN|CKF_VERIFY. You
+ * need to specify both the public and private key flags,
+ * PK11_GenerateKeyPairWithOpFlags will sort out the correct flag to the
+ * correct key type. Flags not specified in opFlagMask will be defaulted
+ * according to mechanism type and token capabilities.
+ */
+SECKEYPrivateKey *PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot,
+                                                  CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
+                                                  PK11AttrFlags attrFlags, CK_FLAGS opFlags, CK_FLAGS opFlagsMask,
+                                                  void *wincx);
+/*
+ * The attrFlags is the logical OR of the PK11_ATTR_XXX bitflags.
+ * These flags apply to the private key.  The PK11_ATTR_TOKEN,
+ * PK11_ATTR_SESSION, PK11_ATTR_MODIFIABLE, and PK11_ATTR_UNMODIFIABLE
+ * flags also apply to the public key.
+ */
+SECKEYPrivateKey *PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot,
+                                                CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
+                                                PK11AttrFlags attrFlags, void *wincx);
+SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot,
+                                       CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
+                                       PRBool isPerm, PRBool isSensitive, void *wincx);
+SECKEYPrivateKey *PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot,
+                                              CERTCertificate *cert, void *wincx);
+SECKEYPrivateKey *PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx);
+SECKEYPrivateKey *PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID,
+                                      void *wincx);
+int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key);
+
+SECStatus PK11_Decrypt(PK11SymKey *symkey,
+                       CK_MECHANISM_TYPE mechanism, SECItem *param,
+                       unsigned char *out, unsigned int *outLen,
+                       unsigned int maxLen,
+                       const unsigned char *enc, unsigned int encLen);
+SECStatus PK11_Encrypt(PK11SymKey *symKey,
+                       CK_MECHANISM_TYPE mechanism, SECItem *param,
+                       unsigned char *out, unsigned int *outLen,
+                       unsigned int maxLen,
+                       const unsigned char *data, unsigned int dataLen);
+
+/* note: despite the name, this function takes a private key. */
+SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key,
+                             unsigned char *data, unsigned *outLen,
+                             unsigned int maxLen,
+                             const unsigned char *enc, unsigned encLen);
+#define PK11_PrivDecryptRaw PK11_PubDecryptRaw
+/* The encrypt function that complements the above decrypt function. */
+SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key,
+                             unsigned char *enc,
+                             const unsigned char *data, unsigned dataLen,
+                             void *wincx);
+
+SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key,
+                                unsigned char *data, unsigned *outLen,
+                                unsigned int maxLen,
+                                const unsigned char *enc, unsigned encLen);
+/* The encrypt function that complements the above decrypt function. */
+SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key,
+                               unsigned char *enc,
+                               const unsigned char *data, unsigned dataLen,
+                               void *wincx);
+
+SECStatus PK11_PrivDecrypt(SECKEYPrivateKey *key,
+                           CK_MECHANISM_TYPE mechanism, SECItem *param,
+                           unsigned char *out, unsigned int *outLen,
+                           unsigned int maxLen,
+                           const unsigned char *enc, unsigned int encLen);
+SECStatus PK11_PubEncrypt(SECKEYPublicKey *key,
+                          CK_MECHANISM_TYPE mechanism, SECItem *param,
+                          unsigned char *out, unsigned int *outLen,
+                          unsigned int maxLen,
+                          const unsigned char *data, unsigned int dataLen,
+                          void *wincx);
+
+SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot,
+                                    SECKEYPrivateKeyInfo *pki, SECItem *nickname,
+                                    SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
+                                    unsigned int usage, void *wincx);
+SECStatus PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
+                                                SECKEYPrivateKeyInfo *pki, SECItem *nickname,
+                                                SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
+                                                unsigned int usage, SECKEYPrivateKey **privk, void *wincx);
+SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot,
+                                       SECItem *derPKI, SECItem *nickname,
+                                       SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
+                                       unsigned int usage, void *wincx);
+SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
+                                                   SECItem *derPKI, SECItem *nickname,
+                                                   SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
+                                                   unsigned int usage, SECKEYPrivateKey **privk, void *wincx);
+SECStatus PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
+                                             SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
+                                             SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                                             PRBool isPrivate, KeyType type,
+                                             unsigned int usage, void *wincx);
+SECStatus PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
+                                                         SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
+                                                         SECItem *nickname, SECItem *publicValue, PRBool isPerm,
+                                                         PRBool isPrivate, KeyType type,
+                                                         unsigned int usage, SECKEYPrivateKey **privk, void *wincx);
+SECItem *PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx);
+SECKEYPrivateKeyInfo *PK11_ExportPrivKeyInfo(
+    SECKEYPrivateKey *pk, void *wincx);
+SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo(
+    CERTCertificate *cert, void *wincx);
+SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo(
+    PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
+    SECKEYPrivateKey *pk, int iteration, void *wincx);
+SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivateKeyInfo(
+    PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
+    CERTCertificate *cert, int iteration, void *wincx);
+SECKEYPrivateKey *PK11_FindKeyByDERCert(PK11SlotInfo *slot,
+                                        CERTCertificate *cert, void *wincx);
+SECKEYPublicKey *PK11_MakeKEAPubKey(unsigned char *data, int length);
+SECStatus PK11_DigestKey(PK11Context *context, PK11SymKey *key);
+PRBool PK11_VerifyKeyOK(PK11SymKey *key);
+SECKEYPrivateKey *PK11_UnwrapPrivKey(PK11SlotInfo *slot,
+                                     PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
+                                     SECItem *param, SECItem *wrappedKey, SECItem *label,
+                                     SECItem *publicValue, PRBool token, PRBool sensitive,
+                                     CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount,
+                                     void *wincx);
+SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
+                           SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
+                           SECItem *param, SECItem *wrappedKey, void *wincx);
+/*
+ * The caller of PK11_DEREncodePublicKey should free the returned SECItem with
+ * a SECITEM_FreeItem(..., PR_TRUE) call.
+ */
+SECItem *PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk);
+PK11SymKey *PK11_CopySymKeyForSigning(PK11SymKey *originalKey,
+                                      CK_MECHANISM_TYPE mech);
+SECKEYPrivateKeyList *PK11_ListPrivKeysInSlot(PK11SlotInfo *slot,
+                                              char *nickname, void *wincx);
+SECKEYPublicKeyList *PK11_ListPublicKeysInSlot(PK11SlotInfo *slot,
+                                               char *nickname);
+SECKEYPQGParams *PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey);
+/* deprecated */
+SECKEYPrivateKeyList *PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot);
+
+PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk,
+                                                   void *wincx);
+SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey(
+    SECKEYPrivateKey *privk, void *wincx);
+SECKEYPrivateKey *PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
+                                                        SECKEYPrivateKey *privKey);
+
+/**********************************************************************
+ *                   Certs
+ **********************************************************************/
+SECItem *PK11_MakeIDFromPubKey(SECItem *pubKeyData);
+SECStatus PK11_TraverseSlotCerts(
+    SECStatus (*callback)(CERTCertificate *, SECItem *, void *),
+    void *arg, void *wincx);
+CERTCertificate *PK11_FindCertFromNickname(const char *nickname, void *wincx);
+CERTCertList *PK11_FindCertsFromEmailAddress(const char *email, void *wincx);
+CERTCertList *PK11_FindCertsFromNickname(const char *nickname, void *wincx);
+CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey);
+SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
+                          CK_OBJECT_HANDLE key, const char *nickname,
+                          PRBool includeTrust);
+SECStatus PK11_ImportDERCert(PK11SlotInfo *slot, SECItem *derCert,
+                             CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
+PK11SlotInfo *PK11_ImportCertForKey(CERTCertificate *cert,
+                                    const char *nickname, void *wincx);
+PK11SlotInfo *PK11_ImportDERCertForKey(SECItem *derCert, char *nickname,
+                                       void *wincx);
+PK11SlotInfo *PK11_KeyForCertExists(CERTCertificate *cert,
+                                    CK_OBJECT_HANDLE *keyPtr, void *wincx);
+PK11SlotInfo *PK11_KeyForDERCertExists(SECItem *derCert,
+                                       CK_OBJECT_HANDLE *keyPtr, void *wincx);
+CERTCertificate *PK11_FindCertByIssuerAndSN(PK11SlotInfo **slot,
+                                            CERTIssuerAndSN *sn, void *wincx);
+CERTCertificate *PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slot,
+                                                    SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip,
+                                                    SECKEYPrivateKey **privKey, void *wincx);
+int PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist,
+                                          void *wincx);
+SECStatus PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert,
+                                             PK11SlotInfo *slot, SECStatus (*callback)(CERTCertificate *, void *),
+                                             void *arg);
+CERTCertificate *PK11_FindCertFromDERCert(PK11SlotInfo *slot,
+                                          CERTCertificate *cert, void *wincx);
+CERTCertificate *PK11_FindCertFromDERCertItem(PK11SlotInfo *slot,
+                                              const SECItem *derCert, void *wincx);
+SECStatus PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert,
+                                      char *nickname, PRBool addUsage,
+                                      void *wincx);
+CERTCertificate *PK11_FindBestKEAMatch(CERTCertificate *serverCert, void *wincx);
+PRBool PK11_FortezzaHasKEA(CERTCertificate *cert);
+CK_OBJECT_HANDLE PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert,
+                                     void *wincx);
+SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname,
+                                              PK11SlotInfo *slot, SECStatus (*callback)(CERTCertificate *, void *),
+                                              void *arg);
+CERTCertList *PK11_ListCerts(PK11CertListType type, void *pwarg);
+CERTCertList *PK11_ListCertsInSlot(PK11SlotInfo *slot);
+CERTSignedCrl *PK11_ImportCRL(PK11SlotInfo *slot, SECItem *derCRL, char *url,
+                              int type, void *wincx, PRInt32 importOptions, PLArenaPool *arena, PRInt32 decodeOptions);
+CK_BBOOL PK11_HasAttributeSet(PK11SlotInfo *slot,
+                              CK_OBJECT_HANDLE id,
+                              CK_ATTRIBUTE_TYPE type,
+                              PRBool haslock /* must be set to PR_FALSE */);
+
+/**********************************************************************
+ *                   Sign/Verify
+ **********************************************************************/
+
+/*
+ * Return the length in bytes of a signature generated with the
+ * private key.
+ *
+ * Return 0 or -1 on failure.  (XXX Should we fix it to always return
+ * -1 on failure?)
+ */
+int PK11_SignatureLen(SECKEYPrivateKey *key);
+PK11SlotInfo *PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key);
+SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig,
+                    const SECItem *hash);
+SECStatus PK11_SignWithMechanism(SECKEYPrivateKey *key,
+                                 CK_MECHANISM_TYPE mechanism,
+                                 const SECItem *param, SECItem *sig,
+                                 const SECItem *hash);
+SECStatus PK11_SignWithSymKey(PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism,
+                              SECItem *param, SECItem *sig, const SECItem *data);
+SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, const SECItem *sig,
+                             SECItem *dsig, void *wincx);
+SECStatus PK11_Verify(SECKEYPublicKey *key, const SECItem *sig,
+                      const SECItem *hash, void *wincx);
+SECStatus PK11_VerifyWithMechanism(SECKEYPublicKey *key,
+                                   CK_MECHANISM_TYPE mechanism,
+                                   const SECItem *param, const SECItem *sig,
+                                   const SECItem *hash, void *wincx);
+
+/**********************************************************************
+ *                   Crypto Contexts
+ **********************************************************************/
+void PK11_DestroyContext(PK11Context *context, PRBool freeit);
+PK11Context *PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,
+                                        CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param);
+PK11Context *PK11_CreateDigestContext(SECOidTag hashAlg);
+PK11Context *PK11_CloneContext(PK11Context *old);
+SECStatus PK11_DigestBegin(PK11Context *cx);
+/*
+ * The output buffer 'out' must be big enough to hold the output of
+ * the hash algorithm 'hashAlg'.
+ */
+SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out,
+                       const unsigned char *in, PRInt32 len);
+SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in,
+                        unsigned len);
+SECStatus PK11_CipherOp(PK11Context *context, unsigned char *out, int *outlen,
+                        int maxout, const unsigned char *in, int inlen);
+SECStatus PK11_Finalize(PK11Context *context);
+SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data,
+                           unsigned int *outLen, unsigned int length);
+#define PK11_CipherFinal PK11_DigestFinal
+SECStatus PK11_SaveContext(PK11Context *cx, unsigned char *save,
+                           int *len, int saveLength);
+
+/* Save the context's state, with possible allocation.
+ * The caller may supply an already allocated buffer in preAllocBuf,
+ * with length pabLen.  If the buffer is large enough for the context's
+ * state, it will receive the state.
+ * If the buffer is not large enough (or NULL), then a new buffer will
+ * be allocated with PORT_Alloc.
+ * In either case, the state will be returned as a buffer, and the length
+ * of the state will be given in *stateLen.
+ */
+unsigned char *
+PK11_SaveContextAlloc(PK11Context *cx,
+                      unsigned char *preAllocBuf, unsigned int pabLen,
+                      unsigned int *stateLen);
+
+SECStatus PK11_RestoreContext(PK11Context *cx, unsigned char *save, int len);
+SECStatus PK11_GenerateFortezzaIV(PK11SymKey *symKey, unsigned char *iv, int len);
+void PK11_SetFortezzaHack(PK11SymKey *symKey);
+
+/**********************************************************************
+ *                   PBE functions
+ **********************************************************************/
+
+/* This function creates PBE parameters from the given inputs.  The result
+ * can be used to create a password integrity key for PKCS#12, by sending
+ * the return value to PK11_KeyGen along with the appropriate mechanism.
+ */
+SECItem *
+PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations);
+
+/* free params created above (can be called after keygen is done */
+void PK11_DestroyPBEParams(SECItem *params);
+
+SECAlgorithmID *
+PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
+
+/* use to create PKCS5 V2 algorithms with finder control than that provided
+ * by PK11_CreatePBEAlgorithmID. */
+SECAlgorithmID *
+PK11_CreatePBEV2AlgorithmID(SECOidTag pbeAlgTag, SECOidTag cipherAlgTag,
+                            SECOidTag prfAlgTag, int keyLength, int iteration,
+                            SECItem *salt);
+PK11SymKey *
+PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
+               PRBool faulty3DES, void *wincx);
+
+/* warning: cannot work with PKCS 5 v2 use PK11_PBEKeyGen instead */
+PK11SymKey *
+PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params,
+                  SECItem *pwitem, PRBool faulty3DES, void *wincx);
+SECItem *
+PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
+/*
+ * Get the Mechanism and parameter of the base encryption or mac scheme from
+ * a PBE algorithm ID.
+ *  Caller is responsible for freeing the return parameter (param).
+ */
+CK_MECHANISM_TYPE
+PK11_GetPBECryptoMechanism(SECAlgorithmID *algid,
+                           SECItem **param, SECItem *pwd);
+
+/**********************************************************************
+ * Functions to manage secmod flags
+ **********************************************************************/
+const PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
+SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
+                                   const PK11DefaultArrayEntry *entry,
+                                   PRBool add);
+
+/**********************************************************************
+ * Functions to look at PKCS #11 dependent data
+ **********************************************************************/
+PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot,
+                                           CK_OBJECT_CLASS objClass);
+PK11GenericObject *PK11_GetNextGenericObject(PK11GenericObject *object);
+PK11GenericObject *PK11_GetPrevGenericObject(PK11GenericObject *object);
+SECStatus PK11_UnlinkGenericObject(PK11GenericObject *object);
+SECStatus PK11_LinkGenericObject(PK11GenericObject *list,
+                                 PK11GenericObject *object);
+SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
+SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
+PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot,
+                                            const CK_ATTRIBUTE *pTemplate,
+                                            int count, PRBool token);
+
+/*
+ * PK11_ReadRawAttribute and PK11_WriteRawAttribute are generic
+ * functions to read and modify the actual PKCS #11 attributes of
+ * the underlying pkcs #11 object.
+ *
+ * object is a pointer to an NSS object that represents the underlying
+ *  PKCS #11 object. It's type must match the type of PK11ObjectType
+ *  as follows:
+ *
+ *     type                           object
+ *   PK11_TypeGeneric            PK11GenericObject *
+ *   PK11_TypePrivKey            SECKEYPrivateKey *
+ *   PK11_TypePubKey             SECKEYPublicKey *
+ *   PK11_TypeSymKey             PK11SymKey *
+ *
+ *  All other types are considered invalid. If type does not match the object
+ *  passed, unpredictable results will occur.
+ *
+ * PK11_ReadRawAttribute allocates the buffer for returning the attribute
+ * value.  The caller of PK11_ReadRawAttribute should free the data buffer
+ * pointed to by item using a SECITEM_FreeItem(item, PR_FALSE) or
+ * PORT_Free(item->data) call.
+ */
+SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object,
+                                CK_ATTRIBUTE_TYPE attr, SECItem *item);
+SECStatus PK11_WriteRawAttribute(PK11ObjectType type, void *object,
+                                 CK_ATTRIBUTE_TYPE attr, SECItem *item);
+
+/*
+ * PK11_GetAllSlotsForCert returns all the slots that a given certificate
+ * exists on, since it's possible for a cert to exist on more than one
+ * PKCS#11 token.
+ */
+PK11SlotList *
+PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg);
+
+/**********************************************************************
+ * New functions which are already deprecated....
+ **********************************************************************/
+SECItem *
+PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
+                             CERTCertificate *cert, void *pwarg);
+SECItem *
+PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key);
+
+PRBool SECMOD_HasRootCerts(void);
+
+// Needed for TLS-N Extension
+PK11SymKey *pk11_ConcatenateBaseAndData(PK11SymKey *base, 
+    CK_BYTE *data, CK_ULONG dataLen, CK_MECHANISM_TYPE target,
+    CK_ATTRIBUTE_TYPE operation);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pk11wrap/pk11sdr.c b/nss/lib/pk11wrap/pk11sdr.c
new file mode 100644
index 0000000..eb67bfb
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11sdr.c
@@ -0,0 +1,437 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "pk11sdr.h"
+
+/*
+ * Data structure and template for encoding the result of an SDR operation
+ *  This is temporary.  It should include the algorithm ID of the encryption mechanism
+ */
+struct SDRResult {
+    SECItem keyid;
+    SECAlgorithmID alg;
+    SECItem data;
+};
+typedef struct SDRResult SDRResult;
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+static SEC_ASN1Template template[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SDRResult) },
+    { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, keyid) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SDRResult, alg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING, offsetof(SDRResult, data) },
+    { 0 }
+};
+
+static unsigned char keyID[] = {
+    0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
+};
+
+static SECItem keyIDItem = {
+    0,
+    keyID,
+    sizeof keyID
+};
+
+/* local utility function for padding an incoming data block
+ * to the mechanism block size.
+ */
+static SECStatus
+padBlock(SECItem *data, int blockSize, SECItem *result)
+{
+    SECStatus rv = SECSuccess;
+    int padLength;
+    unsigned int i;
+
+    result->data = 0;
+    result->len = 0;
+
+    /* This algorithm always adds to the block (to indicate the number
+   * of pad bytes).  So allocate a block large enough.
+   */
+    padLength = blockSize - (data->len % blockSize);
+    result->len = data->len + padLength;
+    result->data = (unsigned char *)PORT_Alloc(result->len);
+
+    /* Copy the data */
+    PORT_Memcpy(result->data, data->data, data->len);
+
+    /* Add the pad values */
+    for (i = data->len; i < result->len; i++)
+        result->data[i] = (unsigned char)padLength;
+
+    return rv;
+}
+
+static SECStatus
+unpadBlock(SECItem *data, int blockSize, SECItem *result)
+{
+    SECStatus rv = SECSuccess;
+    int padLength;
+    unsigned int i;
+
+    result->data = 0;
+    result->len = 0;
+
+    /* Remove the padding from the end if the input data */
+    if (data->len == 0 || data->len % blockSize != 0) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    padLength = data->data[data->len - 1];
+    if (padLength > blockSize) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* verify padding */
+    for (i = data->len - padLength; i < data->len; i++) {
+        if (data->data[i] != padLength) {
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    result->len = data->len - padLength;
+    result->data = (unsigned char *)PORT_Alloc(result->len);
+    if (!result->data) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    PORT_Memcpy(result->data, data->data, result->len);
+
+    if (padLength < 2) {
+        return SECWouldBlock;
+    }
+
+loser:
+    return rv;
+}
+
+static PRLock *pk11sdrLock = NULL;
+
+void
+pk11sdr_Init(void)
+{
+    pk11sdrLock = PR_NewLock();
+}
+
+void
+pk11sdr_Shutdown(void)
+{
+    if (pk11sdrLock) {
+        PR_DestroyLock(pk11sdrLock);
+        pk11sdrLock = NULL;
+    }
+}
+
+/*
+ * PK11SDR_Encrypt
+ *  Encrypt a block of data using the symmetric key identified.  The result
+ *  is an ASN.1 (DER) encoded block of keyid, params and data.
+ */
+SECStatus
+PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx)
+{
+    SECStatus rv = SECSuccess;
+    PK11SlotInfo *slot = 0;
+    PK11SymKey *key = 0;
+    SECItem *params = 0;
+    PK11Context *ctx = 0;
+    CK_MECHANISM_TYPE type;
+    SDRResult sdrResult;
+    SECItem paddedData;
+    SECItem *pKeyID;
+    PLArenaPool *arena = 0;
+
+    /* Initialize */
+    paddedData.len = 0;
+    paddedData.data = 0;
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (!arena) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* 1. Locate the requested keyid, or the default key (which has a keyid)
+     * 2. Create an encryption context
+     * 3. Encrypt
+     * 4. Encode the results (using ASN.1)
+     */
+
+    slot = PK11_GetInternalKeySlot();
+    if (!slot) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* Use triple-DES */
+    type = CKM_DES3_CBC;
+
+    /*
+     * Login to the internal token before we look for the key, otherwise we
+     * won't find it.
+     */
+    rv = PK11_Authenticate(slot, PR_TRUE, cx);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Find the key to use */
+    pKeyID = keyid;
+    if (pKeyID->len == 0) {
+        pKeyID = &keyIDItem; /* Use default value */
+
+        /* put in a course lock to prevent a race between not finding the
+         * key and creating  one.
+         */
+
+        if (pk11sdrLock)
+            PR_Lock(pk11sdrLock);
+
+        /* Try to find the key */
+        key = PK11_FindFixedKey(slot, type, pKeyID, cx);
+
+        /* If the default key doesn't exist yet, try to create it */
+        if (!key)
+            key = PK11_GenDES3TokenKey(slot, pKeyID, cx);
+        if (pk11sdrLock)
+            PR_Unlock(pk11sdrLock);
+    } else {
+        key = PK11_FindFixedKey(slot, type, pKeyID, cx);
+    }
+
+    if (!key) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    params = PK11_GenerateNewParam(type, key);
+    if (!params) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    ctx = PK11_CreateContextBySymKey(type, CKA_ENCRYPT, key, params);
+    if (!ctx) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = padBlock(data, PK11_GetBlockSize(type, 0), &paddedData);
+    if (rv != SECSuccess)
+        goto loser;
+
+    sdrResult.data.len = paddedData.len;
+    sdrResult.data.data = (unsigned char *)PORT_ArenaAlloc(arena, sdrResult.data.len);
+
+    rv = PK11_CipherOp(ctx, sdrResult.data.data, (int *)&sdrResult.data.len, sdrResult.data.len,
+                       paddedData.data, paddedData.len);
+    if (rv != SECSuccess)
+        goto loser;
+
+    PK11_Finalize(ctx);
+
+    sdrResult.keyid = *pKeyID;
+
+    rv = PK11_ParamToAlgid(SEC_OID_DES_EDE3_CBC, params, arena, &sdrResult.alg);
+    if (rv != SECSuccess)
+        goto loser;
+
+    if (!SEC_ASN1EncodeItem(0, result, &sdrResult, template)) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+loser:
+    SECITEM_ZfreeItem(&paddedData, PR_FALSE);
+    if (arena)
+        PORT_FreeArena(arena, PR_TRUE);
+    if (ctx)
+        PK11_DestroyContext(ctx, PR_TRUE);
+    if (params)
+        SECITEM_ZfreeItem(params, PR_TRUE);
+    if (key)
+        PK11_FreeSymKey(key);
+    if (slot)
+        PK11_FreeSlot(slot);
+
+    return rv;
+}
+
+/* decrypt a block */
+static SECStatus
+pk11Decrypt(PK11SlotInfo *slot, PLArenaPool *arena,
+            CK_MECHANISM_TYPE type, PK11SymKey *key,
+            SECItem *params, SECItem *in, SECItem *result)
+{
+    PK11Context *ctx = 0;
+    SECItem paddedResult;
+    SECStatus rv;
+
+    paddedResult.len = 0;
+    paddedResult.data = 0;
+
+    ctx = PK11_CreateContextBySymKey(type, CKA_DECRYPT, key, params);
+    if (!ctx) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    paddedResult.len = in->len;
+    paddedResult.data = PORT_ArenaAlloc(arena, paddedResult.len);
+
+    rv = PK11_CipherOp(ctx, paddedResult.data,
+                       (int *)&paddedResult.len, paddedResult.len,
+                       in->data, in->len);
+    if (rv != SECSuccess)
+        goto loser;
+
+    PK11_Finalize(ctx);
+
+    /* Remove the padding */
+    rv = unpadBlock(&paddedResult, PK11_GetBlockSize(type, 0), result);
+    if (rv)
+        goto loser;
+
+loser:
+    if (ctx)
+        PK11_DestroyContext(ctx, PR_TRUE);
+    return rv;
+}
+
+/*
+ * PK11SDR_Decrypt
+ *  Decrypt a block of data produced by PK11SDR_Encrypt.  The key used is identified
+ *  by the keyid field within the input.
+ */
+SECStatus
+PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx)
+{
+    SECStatus rv = SECSuccess;
+    PK11SlotInfo *slot = 0;
+    PK11SymKey *key = 0;
+    CK_MECHANISM_TYPE type;
+    SDRResult sdrResult;
+    SECItem *params = 0;
+    SECItem possibleResult = { 0, NULL, 0 };
+    PLArenaPool *arena = 0;
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (!arena) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* Decode the incoming data */
+    memset(&sdrResult, 0, sizeof sdrResult);
+    rv = SEC_QuickDERDecodeItem(arena, &sdrResult, template, data);
+    if (rv != SECSuccess)
+        goto loser; /* Invalid format */
+
+    /* Find the slot and key for the given keyid */
+    slot = PK11_GetInternalKeySlot();
+    if (!slot) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = PK11_Authenticate(slot, PR_TRUE, cx);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Get the parameter values from the data */
+    params = PK11_ParamFromAlgid(&sdrResult.alg);
+    if (!params) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* Use triple-DES (Should look up the algorithm) */
+    type = CKM_DES3_CBC;
+    key = PK11_FindFixedKey(slot, type, &sdrResult.keyid, cx);
+    if (!key) {
+        rv = SECFailure;
+    } else {
+        rv = pk11Decrypt(slot, arena, type, key, params,
+                         &sdrResult.data, result);
+    }
+
+    /*
+     * if the pad value was too small (1 or 2), then it's statistically
+     * 'likely' that (1 in 256) that we may not have the correct key.
+     * Check the other keys for a better match. If we find none, use
+     * this result.
+     */
+    if (rv == SECWouldBlock) {
+        possibleResult = *result;
+    }
+
+    /*
+     * handle the case where your key indicies may have been broken
+     */
+    if (rv != SECSuccess) {
+        PK11SymKey *keyList = PK11_ListFixedKeysInSlot(slot, NULL, cx);
+        PK11SymKey *testKey = NULL;
+        PK11SymKey *nextKey = NULL;
+
+        for (testKey = keyList; testKey;
+             testKey = PK11_GetNextSymKey(testKey)) {
+            rv = pk11Decrypt(slot, arena, type, testKey, params,
+                             &sdrResult.data, result);
+            if (rv == SECSuccess) {
+                break;
+            }
+            /* found a close match. If it's our first remember it */
+            if (rv == SECWouldBlock) {
+                if (possibleResult.data) {
+                    /* this is unlikely but possible. If we hit this condition,
+                     * we have no way of knowing which possibility to prefer.
+                     * in this case we just match the key the application
+                     * thought was the right one */
+                    SECITEM_ZfreeItem(result, PR_FALSE);
+                } else {
+                    possibleResult = *result;
+                }
+            }
+        }
+
+        /* free the list */
+        for (testKey = keyList; testKey; testKey = nextKey) {
+            nextKey = PK11_GetNextSymKey(testKey);
+            PK11_FreeSymKey(testKey);
+        }
+    }
+
+    /* we didn't find a better key, use the one with a small pad value */
+    if ((rv != SECSuccess) && (possibleResult.data)) {
+        *result = possibleResult;
+        possibleResult.data = NULL;
+        rv = SECSuccess;
+    }
+
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_TRUE);
+    if (key)
+        PK11_FreeSymKey(key);
+    if (params)
+        SECITEM_ZfreeItem(params, PR_TRUE);
+    if (slot)
+        PK11_FreeSlot(slot);
+    if (possibleResult.data)
+        SECITEM_ZfreeItem(&possibleResult, PR_FALSE);
+
+    return rv;
+}
diff --git a/nss/lib/pk11wrap/pk11sdr.h b/nss/lib/pk11wrap/pk11sdr.h
new file mode 100644
index 0000000..0ffa425
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11sdr.h
@@ -0,0 +1,28 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _PK11SDR_H_
+#define _PK11SDR_H_
+
+#include "seccomon.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * PK11SDR_Encrypt - encrypt data using the specified key id or SDR default
+ * result should be freed with SECItem_ZfreeItem
+ */
+SECStatus
+PK11SDR_Encrypt(SECItem *keyid, SECItem *data, SECItem *result, void *cx);
+
+/*
+ * PK11SDR_Decrypt - decrypt data previously encrypted with PK11SDR_Encrypt
+ * result should be freed with SECItem_ZfreeItem
+ */
+SECStatus
+PK11SDR_Decrypt(SECItem *data, SECItem *result, void *cx);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pk11wrap/pk11skey.c b/nss/lib/pk11wrap/pk11skey.c
new file mode 100644
index 0000000..02b463c
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11skey.c
@@ -0,0 +1,2770 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file implements the Symkey wrapper and the PKCS context
+ * Interfaces.
+ */
+
+#include "seccomon.h"
+#include "secmod.h"
+#include "nssilock.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secerr.h"
+#include "hasht.h"
+
+static void
+pk11_EnterKeyMonitor(PK11SymKey *symKey)
+{
+    if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
+        PK11_EnterSlotMonitor(symKey->slot);
+}
+
+static void
+pk11_ExitKeyMonitor(PK11SymKey *symKey)
+{
+    if (!symKey->sessionOwner || !(symKey->slot->isThreadSafe))
+        PK11_ExitSlotMonitor(symKey->slot);
+}
+
+/*
+ * pk11_getKeyFromList returns a symKey that has a session (if needSession
+ * was specified), or explicitly does not have a session (if needSession
+ * was not specified).
+ */
+static PK11SymKey *
+pk11_getKeyFromList(PK11SlotInfo *slot, PRBool needSession)
+{
+    PK11SymKey *symKey = NULL;
+
+    PZ_Lock(slot->freeListLock);
+    /* own session list are symkeys with sessions that the symkey owns.
+     * 'most' symkeys will own their own session. */
+    if (needSession) {
+        if (slot->freeSymKeysWithSessionHead) {
+            symKey = slot->freeSymKeysWithSessionHead;
+            slot->freeSymKeysWithSessionHead = symKey->next;
+            slot->keyCount--;
+        }
+    }
+    /* if we don't need a symkey with its own session, or we couldn't find
+     * one on the owner list, get one from the non-owner free list. */
+    if (!symKey) {
+        if (slot->freeSymKeysHead) {
+            symKey = slot->freeSymKeysHead;
+            slot->freeSymKeysHead = symKey->next;
+            slot->keyCount--;
+        }
+    }
+    PZ_Unlock(slot->freeListLock);
+    if (symKey) {
+        symKey->next = NULL;
+        if (!needSession) {
+            return symKey;
+        }
+        /* if we are getting an owner key, make sure we have a valid session.
+         * session could be invalid if the token has been removed or because
+         * we got it from the non-owner free list */
+        if ((symKey->series != slot->series) ||
+            (symKey->session == CK_INVALID_SESSION)) {
+            symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner);
+        }
+        PORT_Assert(symKey->session != CK_INVALID_SESSION);
+        if (symKey->session != CK_INVALID_SESSION)
+            return symKey;
+        PK11_FreeSymKey(symKey);
+        /* if we are here, we need a session, but couldn't get one, it's
+         * unlikely we pk11_GetNewSession will succeed if we call it a second
+         * time. */
+        return NULL;
+    }
+
+    symKey = PORT_New(PK11SymKey);
+    if (symKey == NULL) {
+        return NULL;
+    }
+
+    symKey->next = NULL;
+    if (needSession) {
+        symKey->session = pk11_GetNewSession(slot, &symKey->sessionOwner);
+        PORT_Assert(symKey->session != CK_INVALID_SESSION);
+        if (symKey->session == CK_INVALID_SESSION) {
+            PK11_FreeSymKey(symKey);
+            symKey = NULL;
+        }
+    } else {
+        symKey->session = CK_INVALID_SESSION;
+    }
+    return symKey;
+}
+
+/* Caller MUST hold slot->freeListLock (or ref count == 0?) !! */
+void
+PK11_CleanKeyList(PK11SlotInfo *slot)
+{
+    PK11SymKey *symKey = NULL;
+
+    while (slot->freeSymKeysWithSessionHead) {
+        symKey = slot->freeSymKeysWithSessionHead;
+        slot->freeSymKeysWithSessionHead = symKey->next;
+        pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
+        PORT_Free(symKey);
+    }
+    while (slot->freeSymKeysHead) {
+        symKey = slot->freeSymKeysHead;
+        slot->freeSymKeysHead = symKey->next;
+        pk11_CloseSession(slot, symKey->session, symKey->sessionOwner);
+        PORT_Free(symKey);
+    }
+    return;
+}
+
+/*
+ * create a symetric key:
+ *      Slot is the slot to create the key in.
+ *      type is the mechanism type
+ *      owner is does this symKey structure own it's object handle (rare
+ *        that this is false).
+ *      needSession means the returned symKey will return with a valid session
+ *        allocated already.
+ */
+static PK11SymKey *
+pk11_CreateSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                  PRBool owner, PRBool needSession, void *wincx)
+{
+
+    PK11SymKey *symKey = pk11_getKeyFromList(slot, needSession);
+
+    if (symKey == NULL) {
+        return NULL;
+    }
+    /* if needSession was specified, make sure we have a valid session.
+     * callers which specify needSession as false should do their own
+     * check of the session before returning the symKey */
+    if (needSession && symKey->session == CK_INVALID_SESSION) {
+        PK11_FreeSymKey(symKey);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+
+    symKey->type = type;
+    symKey->data.type = siBuffer;
+    symKey->data.data = NULL;
+    symKey->data.len = 0;
+    symKey->owner = owner;
+    symKey->objectID = CK_INVALID_HANDLE;
+    symKey->slot = slot;
+    symKey->series = slot->series;
+    symKey->cx = wincx;
+    symKey->size = 0;
+    symKey->refCount = 1;
+    symKey->origin = PK11_OriginNULL;
+    symKey->parent = NULL;
+    symKey->freeFunc = NULL;
+    symKey->userData = NULL;
+    PK11_ReferenceSlot(slot);
+    return symKey;
+}
+
+/*
+ * destroy a symetric key
+ */
+void
+PK11_FreeSymKey(PK11SymKey *symKey)
+{
+    PK11SlotInfo *slot;
+    PRBool freeit = PR_TRUE;
+
+    if (PR_ATOMIC_DECREMENT(&symKey->refCount) == 0) {
+        PK11SymKey *parent = symKey->parent;
+
+        symKey->parent = NULL;
+        if ((symKey->owner) && symKey->objectID != CK_INVALID_HANDLE) {
+            pk11_EnterKeyMonitor(symKey);
+            (void)PK11_GETTAB(symKey->slot)->C_DestroyObject(symKey->session, symKey->objectID);
+            pk11_ExitKeyMonitor(symKey);
+        }
+        if (symKey->data.data) {
+            PORT_Memset(symKey->data.data, 0, symKey->data.len);
+            PORT_Free(symKey->data.data);
+        }
+        /* free any existing data */
+        if (symKey->userData && symKey->freeFunc) {
+            (*symKey->freeFunc)(symKey->userData);
+        }
+        slot = symKey->slot;
+        PZ_Lock(slot->freeListLock);
+        if (slot->keyCount < slot->maxKeyCount) {
+            /*
+             * freeSymkeysWithSessionHead contain a list of reusable
+             *  SymKey structures with valid sessions.
+             *    sessionOwner must be true.
+             *    session must be valid.
+             * freeSymKeysHead contain a list of SymKey structures without
+             *  valid session.
+             *    session must be CK_INVALID_SESSION.
+             *    though sessionOwner is false, callers should not depend on
+             *    this fact.
+             */
+            if (symKey->sessionOwner) {
+                PORT_Assert(symKey->session != CK_INVALID_SESSION);
+                symKey->next = slot->freeSymKeysWithSessionHead;
+                slot->freeSymKeysWithSessionHead = symKey;
+            } else {
+                symKey->session = CK_INVALID_SESSION;
+                symKey->next = slot->freeSymKeysHead;
+                slot->freeSymKeysHead = symKey;
+            }
+            slot->keyCount++;
+            symKey->slot = NULL;
+            freeit = PR_FALSE;
+        }
+        PZ_Unlock(slot->freeListLock);
+        if (freeit) {
+            pk11_CloseSession(symKey->slot, symKey->session,
+                              symKey->sessionOwner);
+            PORT_Free(symKey);
+        }
+        PK11_FreeSlot(slot);
+
+        if (parent) {
+            PK11_FreeSymKey(parent);
+        }
+    }
+}
+
+PK11SymKey *
+PK11_ReferenceSymKey(PK11SymKey *symKey)
+{
+    PR_ATOMIC_INCREMENT(&symKey->refCount);
+    return symKey;
+}
+
+/*
+ * Accessors
+ */
+CK_MECHANISM_TYPE
+PK11_GetMechanism(PK11SymKey *symKey)
+{
+    return symKey->type;
+}
+
+/*
+ * return the slot associated with a symetric key
+ */
+PK11SlotInfo *
+PK11_GetSlotFromKey(PK11SymKey *symKey)
+{
+    return PK11_ReferenceSlot(symKey->slot);
+}
+
+CK_KEY_TYPE
+PK11_GetSymKeyType(PK11SymKey *symKey)
+{
+    return PK11_GetKeyType(symKey->type, symKey->size);
+}
+
+PK11SymKey *
+PK11_GetNextSymKey(PK11SymKey *symKey)
+{
+    return symKey ? symKey->next : NULL;
+}
+
+char *
+PK11_GetSymKeyNickname(PK11SymKey *symKey)
+{
+    return PK11_GetObjectNickname(symKey->slot, symKey->objectID);
+}
+
+SECStatus
+PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname)
+{
+    return PK11_SetObjectNickname(symKey->slot, symKey->objectID, nickname);
+}
+
+void *
+PK11_GetSymKeyUserData(PK11SymKey *symKey)
+{
+    return symKey->userData;
+}
+
+void
+PK11_SetSymKeyUserData(PK11SymKey *symKey, void *userData,
+                       PK11FreeDataFunc freeFunc)
+{
+    /* free any existing data */
+    if (symKey->userData && symKey->freeFunc) {
+        (*symKey->freeFunc)(symKey->userData);
+    }
+    symKey->userData = userData;
+    symKey->freeFunc = freeFunc;
+    return;
+}
+
+/*
+ * turn key handle into an appropriate key object
+ */
+PK11SymKey *
+PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent, PK11Origin origin,
+                      CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID, PRBool owner, void *wincx)
+{
+    PK11SymKey *symKey;
+    PRBool needSession = !(owner && parent);
+
+    if (keyID == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+
+    symKey = pk11_CreateSymKey(slot, type, owner, needSession, wincx);
+    if (symKey == NULL) {
+        return NULL;
+    }
+
+    symKey->objectID = keyID;
+    symKey->origin = origin;
+
+    /* adopt the parent's session */
+    /* This is only used by SSL. What we really want here is a session
+     * structure with a ref count so  the session goes away only after all the
+     * keys do. */
+    if (!needSession) {
+        symKey->sessionOwner = PR_FALSE;
+        symKey->session = parent->session;
+        symKey->parent = PK11_ReferenceSymKey(parent);
+        /* This is the only case where pk11_CreateSymKey does not explicitly
+         * check symKey->session. We need to assert here to make sure.
+         * the session isn't invalid. */
+        PORT_Assert(parent->session != CK_INVALID_SESSION);
+        if (parent->session == CK_INVALID_SESSION) {
+            PK11_FreeSymKey(symKey);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return NULL;
+        }
+    }
+
+    return symKey;
+}
+
+/*
+ * turn key handle into an appropriate key object
+ */
+PK11SymKey *
+PK11_GetWrapKey(PK11SlotInfo *slot, int wrap, CK_MECHANISM_TYPE type,
+                int series, void *wincx)
+{
+    PK11SymKey *symKey = NULL;
+
+    if (slot->series != series)
+        return NULL;
+    if (slot->refKeys[wrap] == CK_INVALID_HANDLE)
+        return NULL;
+    if (type == CKM_INVALID_MECHANISM)
+        type = slot->wrapMechanism;
+
+    symKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive,
+                                   slot->wrapMechanism, slot->refKeys[wrap], PR_FALSE, wincx);
+    return symKey;
+}
+
+/*
+ * This function is not thread-safe because it sets wrapKey->sessionOwner
+ * without using a lock or atomic routine.  It can only be called when
+ * only one thread has a reference to wrapKey.
+ */
+void
+PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey)
+{
+    /* save the handle and mechanism for the wrapping key */
+    /* mark the key and session as not owned by us to they don't get freed
+     * when the key goes way... that lets us reuse the key later */
+    slot->refKeys[wrap] = wrapKey->objectID;
+    wrapKey->owner = PR_FALSE;
+    wrapKey->sessionOwner = PR_FALSE;
+    slot->wrapMechanism = wrapKey->type;
+}
+
+/*
+ * figure out if a key is still valid or if it is stale.
+ */
+PRBool
+PK11_VerifyKeyOK(PK11SymKey *key)
+{
+    if (!PK11_IsPresent(key->slot)) {
+        return PR_FALSE;
+    }
+    return (PRBool)(key->series == key->slot->series);
+}
+
+static PK11SymKey *
+pk11_ImportSymKeyWithTempl(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                           PK11Origin origin, PRBool isToken, CK_ATTRIBUTE *keyTemplate,
+                           unsigned int templateCount, SECItem *key, void *wincx)
+{
+    PK11SymKey *symKey;
+    SECStatus rv;
+
+    symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE, wincx);
+    if (symKey == NULL) {
+        return NULL;
+    }
+
+    symKey->size = key->len;
+
+    PK11_SETATTRS(&keyTemplate[templateCount], CKA_VALUE, key->data, key->len);
+    templateCount++;
+
+    if (SECITEM_CopyItem(NULL, &symKey->data, key) != SECSuccess) {
+        PK11_FreeSymKey(symKey);
+        return NULL;
+    }
+
+    symKey->origin = origin;
+
+    /* import the keys */
+    rv = PK11_CreateNewObject(slot, symKey->session, keyTemplate,
+                              templateCount, isToken, &symKey->objectID);
+    if (rv != SECSuccess) {
+        PK11_FreeSymKey(symKey);
+        return NULL;
+    }
+
+    return symKey;
+}
+
+/*
+ * turn key bits into an appropriate key object
+ */
+PK11SymKey *
+PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                  PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx)
+{
+    PK11SymKey *symKey;
+    unsigned int templateCount = 0;
+    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_BBOOL cktrue = CK_TRUE; /* sigh */
+    CK_ATTRIBUTE keyTemplate[5];
+    CK_ATTRIBUTE *attrs = keyTemplate;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    PK11_SETATTRS(attrs, operation, &cktrue, 1);
+    attrs++;
+    templateCount = attrs - keyTemplate;
+    PR_ASSERT(templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE));
+
+    keyType = PK11_GetKeyType(type, key->len);
+    symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, PR_FALSE,
+                                        keyTemplate, templateCount, key, wincx);
+    return symKey;
+}
+
+/*
+ * turn key bits into an appropriate key object
+ */
+PK11SymKey *
+PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                           PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key,
+                           CK_FLAGS flags, PRBool isPerm, void *wincx)
+{
+    PK11SymKey *symKey;
+    unsigned int templateCount = 0;
+    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_BBOOL cktrue = CK_TRUE; /* sigh */
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
+    CK_ATTRIBUTE *attrs = keyTemplate;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    if (isPerm) {
+        PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue));
+        attrs++;
+        /* sigh some tokens think CKA_PRIVATE = false is a reasonable
+         * default for secret keys */
+        PK11_SETATTRS(attrs, CKA_PRIVATE, &cktrue, sizeof(cktrue));
+        attrs++;
+    }
+    attrs += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
+    if ((operation != CKA_FLAGS_ONLY) &&
+        !pk11_FindAttrInTemplate(keyTemplate, attrs - keyTemplate, operation)) {
+        PK11_SETATTRS(attrs, operation, &cktrue, sizeof(cktrue));
+        attrs++;
+    }
+    templateCount = attrs - keyTemplate;
+    PR_ASSERT(templateCount + 1 <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE));
+
+    keyType = PK11_GetKeyType(type, key->len);
+    symKey = pk11_ImportSymKeyWithTempl(slot, type, origin, isPerm,
+                                        keyTemplate, templateCount, key, wincx);
+    if (symKey && isPerm) {
+        symKey->owner = PR_FALSE;
+    }
+    return symKey;
+}
+
+PK11SymKey *
+PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *keyID,
+                  void *wincx)
+{
+    CK_ATTRIBUTE findTemp[4];
+    CK_ATTRIBUTE *attrs;
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY;
+    int tsize = 0;
+    CK_OBJECT_HANDLE key_id;
+
+    attrs = findTemp;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue));
+    attrs++;
+    if (keyID) {
+        PK11_SETATTRS(attrs, CKA_ID, keyID->data, keyID->len);
+        attrs++;
+    }
+    tsize = attrs - findTemp;
+    PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE));
+
+    key_id = pk11_FindObjectByTemplate(slot, findTemp, tsize);
+    if (key_id == CK_INVALID_HANDLE) {
+        return NULL;
+    }
+    return PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive, type, key_id,
+                                 PR_FALSE, wincx);
+}
+
+PK11SymKey *
+PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname, void *wincx)
+{
+    CK_ATTRIBUTE findTemp[4];
+    CK_ATTRIBUTE *attrs;
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY;
+    int tsize = 0;
+    int objCount = 0;
+    CK_OBJECT_HANDLE *key_ids;
+    PK11SymKey *nextKey = NULL;
+    PK11SymKey *topKey = NULL;
+    int i, len;
+
+    attrs = findTemp;
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyclass, sizeof(keyclass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_TOKEN, &ckTrue, sizeof(ckTrue));
+    attrs++;
+    if (nickname) {
+        len = PORT_Strlen(nickname);
+        PK11_SETATTRS(attrs, CKA_LABEL, nickname, len);
+        attrs++;
+    }
+    tsize = attrs - findTemp;
+    PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE));
+
+    key_ids = pk11_FindObjectsByTemplate(slot, findTemp, tsize, &objCount);
+    if (key_ids == NULL) {
+        return NULL;
+    }
+
+    for (i = 0; i < objCount; i++) {
+        SECItem typeData;
+        CK_KEY_TYPE type = CKK_GENERIC_SECRET;
+        SECStatus rv = PK11_ReadAttribute(slot, key_ids[i],
+                                          CKA_KEY_TYPE, NULL, &typeData);
+        if (rv == SECSuccess) {
+            if (typeData.len == sizeof(CK_KEY_TYPE)) {
+                type = *(CK_KEY_TYPE *)typeData.data;
+            }
+            PORT_Free(typeData.data);
+        }
+        nextKey = PK11_SymKeyFromHandle(slot, NULL, PK11_OriginDerive,
+                                        PK11_GetKeyMechanism(type), key_ids[i], PR_FALSE, wincx);
+        if (nextKey) {
+            nextKey->next = topKey;
+            topKey = nextKey;
+        }
+    }
+    PORT_Free(key_ids);
+    return topKey;
+}
+
+void *
+PK11_GetWindow(PK11SymKey *key)
+{
+    return key->cx;
+}
+
+/*
+ * extract a symetric key value. NOTE: if the key is sensitive, we will
+ * not be able to do this operation. This function is used to move
+ * keys from one token to another */
+SECStatus
+PK11_ExtractKeyValue(PK11SymKey *symKey)
+{
+    SECStatus rv;
+
+    if (symKey->data.data != NULL) {
+        if (symKey->size == 0) {
+            symKey->size = symKey->data.len;
+        }
+        return SECSuccess;
+    }
+
+    if (symKey->slot == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    rv = PK11_ReadAttribute(symKey->slot, symKey->objectID, CKA_VALUE, NULL,
+                            &symKey->data);
+    if (rv == SECSuccess) {
+        symKey->size = symKey->data.len;
+    }
+    return rv;
+}
+
+SECStatus
+PK11_DeleteTokenSymKey(PK11SymKey *symKey)
+{
+    if (!PK11_IsPermObject(symKey->slot, symKey->objectID)) {
+        return SECFailure;
+    }
+    PK11_DestroyTokenObject(symKey->slot, symKey->objectID);
+    symKey->objectID = CK_INVALID_HANDLE;
+    return SECSuccess;
+}
+
+SECItem *
+PK11_GetKeyData(PK11SymKey *symKey)
+{
+    return &symKey->data;
+}
+
+/* This symbol is exported for backward compatibility. */
+SECItem *
+__PK11_GetKeyData(PK11SymKey *symKey)
+{
+    return PK11_GetKeyData(symKey);
+}
+
+/*
+ * PKCS #11 key Types with predefined length
+ */
+unsigned int
+pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType)
+{
+    int length = 0;
+    switch (keyType) {
+        case CKK_DES:
+            length = 8;
+            break;
+        case CKK_DES2:
+            length = 16;
+            break;
+        case CKK_DES3:
+            length = 24;
+            break;
+        case CKK_SKIPJACK:
+            length = 10;
+            break;
+        case CKK_BATON:
+            length = 20;
+            break;
+        case CKK_JUNIPER:
+            length = 20;
+            break;
+        default:
+            break;
+    }
+    return length;
+}
+
+/* return the keylength if possible.  '0' if not */
+unsigned int
+PK11_GetKeyLength(PK11SymKey *key)
+{
+    CK_KEY_TYPE keyType;
+
+    if (key->size != 0)
+        return key->size;
+
+    /* First try to figure out the key length from its type */
+    keyType = PK11_ReadULongAttribute(key->slot, key->objectID, CKA_KEY_TYPE);
+    key->size = pk11_GetPredefinedKeyLength(keyType);
+    if ((keyType == CKK_GENERIC_SECRET) &&
+        (key->type == CKM_SSL3_PRE_MASTER_KEY_GEN)) {
+        key->size = 48;
+    }
+
+    if (key->size != 0)
+        return key->size;
+
+    if (key->data.data == NULL) {
+        PK11_ExtractKeyValue(key);
+    }
+    /* key is probably secret. Look up its length */
+    /*  this is new PKCS #11 version 2.0 functionality. */
+    if (key->size == 0) {
+        CK_ULONG keyLength;
+
+        keyLength = PK11_ReadULongAttribute(key->slot, key->objectID, CKA_VALUE_LEN);
+        if (keyLength != CK_UNAVAILABLE_INFORMATION) {
+            key->size = (unsigned int)keyLength;
+        }
+    }
+
+    return key->size;
+}
+
+/* return the strength of a key. This is different from length in that
+ * 1) it returns the size in bits, and 2) it returns only the secret portions
+ * of the key minus any checksums or parity.
+ */
+unsigned int
+PK11_GetKeyStrength(PK11SymKey *key, SECAlgorithmID *algid)
+{
+    int size = 0;
+    CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM; /* RC2 only */
+    SECItem *param = NULL;                               /* RC2 only */
+    CK_RC2_CBC_PARAMS *rc2_params = NULL;                /* RC2 ONLY */
+    unsigned int effectiveBits = 0;                      /* RC2 ONLY */
+
+    switch (PK11_GetKeyType(key->type, 0)) {
+        case CKK_CDMF:
+            return 40;
+        case CKK_DES:
+            return 56;
+        case CKK_DES3:
+        case CKK_DES2:
+            size = PK11_GetKeyLength(key);
+            if (size == 16) {
+                /* double des */
+                return 112; /* 16*7 */
+            }
+            return 168;
+        /*
+         * RC2 has is different than other ciphers in that it allows the user
+         * to deprecating keysize while still requiring all the bits for the
+         * original key. The info
+         * on what the effective key strength is in the parameter for the key.
+         * In S/MIME this parameter is stored in the DER encoded algid. In Our
+         * other uses of RC2, effectiveBits == keyBits, so this code functions
+         * correctly without an algid.
+         */
+        case CKK_RC2:
+            /* if no algid was provided, fall through to default */
+            if (!algid) {
+                break;
+            }
+            /* verify that the algid is for RC2 */
+            mechanism = PK11_AlgtagToMechanism(SECOID_GetAlgorithmTag(algid));
+            if ((mechanism != CKM_RC2_CBC) && (mechanism != CKM_RC2_ECB)) {
+                break;
+            }
+
+            /* now get effective bits from the algorithm ID. */
+            param = PK11_ParamFromAlgid(algid);
+            /* if we couldn't get memory just use key length */
+            if (param == NULL) {
+                break;
+            }
+
+            rc2_params = (CK_RC2_CBC_PARAMS *)param->data;
+            /* paranoia... shouldn't happen */
+            PORT_Assert(param->data != NULL);
+            if (param->data == NULL) {
+                SECITEM_FreeItem(param, PR_TRUE);
+                break;
+            }
+            effectiveBits = (unsigned int)rc2_params->ulEffectiveBits;
+            SECITEM_FreeItem(param, PR_TRUE);
+            param = NULL;
+            rc2_params = NULL; /* paranoia */
+
+            /* we have effective bits, is and allocated memory is free, now
+             * we need to return the smaller of effective bits and keysize */
+            size = PK11_GetKeyLength(key);
+            if ((unsigned int)size * 8 > effectiveBits) {
+                return effectiveBits;
+            }
+
+            return size * 8; /* the actual key is smaller, the strength can't be
+                              * greater than the actual key size */
+
+        default:
+            break;
+    }
+    return PK11_GetKeyLength(key) * 8;
+}
+
+/*
+ * The next three utilities are to deal with the fact that a given operation
+ * may be a multi-slot affair. This creates a new key object that is copied
+ * into the new slot.
+ */
+PK11SymKey *
+pk11_CopyToSlotPerm(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                    CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags,
+                    PRBool isPerm, PK11SymKey *symKey)
+{
+    SECStatus rv;
+    PK11SymKey *newKey = NULL;
+
+    /* Extract the raw key data if possible */
+    if (symKey->data.data == NULL) {
+        rv = PK11_ExtractKeyValue(symKey);
+        /* KEY is sensitive, we're try key exchanging it. */
+        if (rv != SECSuccess) {
+            return pk11_KeyExchange(slot, type, operation,
+                                    flags, isPerm, symKey);
+        }
+    }
+
+    newKey = PK11_ImportSymKeyWithFlags(slot, type, symKey->origin,
+                                        operation, &symKey->data, flags, isPerm, symKey->cx);
+    if (newKey == NULL) {
+        newKey = pk11_KeyExchange(slot, type, operation, flags, isPerm, symKey);
+    }
+    return newKey;
+}
+
+PK11SymKey *
+pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey)
+{
+    return pk11_CopyToSlotPerm(slot, type, operation, 0, PR_FALSE, symKey);
+}
+
+/*
+ * Make sure the slot we are in is the correct slot for the operation
+ * by verifying that it supports all of the specified mechanism types.
+ */
+PK11SymKey *
+pk11_ForceSlotMultiple(PK11SymKey *symKey, CK_MECHANISM_TYPE *type,
+                       int mechCount, CK_ATTRIBUTE_TYPE operation)
+{
+    PK11SlotInfo *slot = symKey->slot;
+    PK11SymKey *newKey = NULL;
+    PRBool needToCopy = PR_FALSE;
+    int i;
+
+    if (slot == NULL) {
+        needToCopy = PR_TRUE;
+    } else {
+        i = 0;
+        while ((i < mechCount) && (needToCopy == PR_FALSE)) {
+            if (!PK11_DoesMechanism(slot, type[i])) {
+                needToCopy = PR_TRUE;
+            }
+            i++;
+        }
+    }
+
+    if (needToCopy == PR_TRUE) {
+        slot = PK11_GetBestSlotMultiple(type, mechCount, symKey->cx);
+        if (slot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            return NULL;
+        }
+        newKey = pk11_CopyToSlot(slot, type[0], operation, symKey);
+        PK11_FreeSlot(slot);
+    }
+    return newKey;
+}
+
+/*
+ * Make sure the slot we are in is the correct slot for the operation
+ */
+PK11SymKey *
+pk11_ForceSlot(PK11SymKey *symKey, CK_MECHANISM_TYPE type,
+               CK_ATTRIBUTE_TYPE operation)
+{
+    return pk11_ForceSlotMultiple(symKey, &type, 1, operation);
+}
+
+PK11SymKey *
+PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
+                CK_FLAGS flags, PRBool perm, PK11SymKey *symKey)
+{
+    if (symKey->slot == slot) {
+        if (perm) {
+            return PK11_ConvertSessionSymKeyToTokenSymKey(symKey, symKey->cx);
+        } else {
+            return PK11_ReferenceSymKey(symKey);
+        }
+    }
+
+    return pk11_CopyToSlotPerm(slot, symKey->type,
+                               operation, flags, perm, symKey);
+}
+
+/*
+ * Use the token to generate a key.
+ *
+ * keySize must be 'zero' for fixed key length algorithms. A nonzero
+ *  keySize causes the CKA_VALUE_LEN attribute to be added to the template
+ *  for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN
+ *  attribute for keys with fixed length. The exception is DES2. If you
+ *  select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN
+ *  parameter and use the key size to determine which underlying DES keygen
+ *  function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN).
+ *
+ * keyType must be -1 for most algorithms. Some PBE algorthims cannot
+ *  determine the correct key type from the mechanism or the parameters,
+ *  so key type must be specified. Other PKCS #11 mechanisms may do so in
+ *  the future. Currently there is no need to export this publically.
+ *  Keep it private until there is a need in case we need to expand the
+ *  keygen parameters again...
+ *
+ * CK_FLAGS flags: key operation flags
+ * PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags
+ */
+PK11SymKey *
+pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                                    SECItem *param, CK_KEY_TYPE keyType, int keySize, SECItem *keyid,
+                                    CK_FLAGS opFlags, PK11AttrFlags attrFlags, void *wincx)
+{
+    PK11SymKey *symKey;
+    CK_ATTRIBUTE genTemplate[MAX_TEMPL_ATTRS];
+    CK_ATTRIBUTE *attrs = genTemplate;
+    int count = sizeof(genTemplate) / sizeof(genTemplate[0]);
+    CK_MECHANISM_TYPE keyGenType;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_ULONG ck_key_size; /* only used for variable-length keys */
+
+    if (pk11_BadAttrFlags(attrFlags)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if ((keySize != 0) && (type != CKM_DES3_CBC) &&
+        (type != CKM_DES3_CBC_PAD) && (type != CKM_DES3_ECB)) {
+        ck_key_size = keySize; /* Convert to PK11 type */
+
+        PK11_SETATTRS(attrs, CKA_VALUE_LEN, &ck_key_size, sizeof(ck_key_size));
+        attrs++;
+    }
+
+    if (keyType != -1) {
+        PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(CK_KEY_TYPE));
+        attrs++;
+    }
+
+    /* Include key id value if provided */
+    if (keyid) {
+        PK11_SETATTRS(attrs, CKA_ID, keyid->data, keyid->len);
+        attrs++;
+    }
+
+    attrs += pk11_AttrFlagsToAttributes(attrFlags, attrs, &cktrue, &ckfalse);
+    attrs += pk11_OpFlagsToAttributes(opFlags, attrs, &cktrue);
+
+    count = attrs - genTemplate;
+    PR_ASSERT(count <= sizeof(genTemplate) / sizeof(CK_ATTRIBUTE));
+
+    keyGenType = PK11_GetKeyGenWithSize(type, keySize);
+    if (keyGenType == CKM_FAKE_RANDOM) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return NULL;
+    }
+    symKey = PK11_KeyGenWithTemplate(slot, type, keyGenType,
+                                     param, genTemplate, count, wincx);
+    if (symKey != NULL) {
+        symKey->size = keySize;
+    }
+    return symKey;
+}
+
+/*
+ * Use the token to generate a key.  - Public
+ *
+ * keySize must be 'zero' for fixed key length algorithms. A nonzero
+ *  keySize causes the CKA_VALUE_LEN attribute to be added to the template
+ *  for the key. Most PKCS #11 modules fail if you specify the CKA_VALUE_LEN
+ *  attribute for keys with fixed length. The exception is DES2. If you
+ *  select a CKM_DES3_CBC mechanism, this code will not add the CKA_VALUE_LEN
+ *  parameter and use the key size to determine which underlying DES keygen
+ *  function to use (CKM_DES2_KEY_GEN or CKM_DES3_KEY_GEN).
+ *
+ * CK_FLAGS flags: key operation flags
+ * PK11AttrFlags attrFlags: PK11_ATTR_XXX key attribute flags
+ */
+PK11SymKey *
+PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                          SECItem *param, int keySize, SECItem *keyid, CK_FLAGS opFlags,
+                          PK11AttrFlags attrFlags, void *wincx)
+{
+    return pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param, -1, keySize,
+                                               keyid, opFlags, attrFlags, wincx);
+}
+
+/*
+ * Use the token to generate a key. keySize must be 'zero' for fixed key
+ * length algorithms. A nonzero keySize causes the CKA_VALUE_LEN attribute
+ * to be added to the template for the key. PKCS #11 modules fail if you
+ * specify the CKA_VALUE_LEN attribute for keys with fixed length.
+ * NOTE: this means to generate a DES2 key from this interface you must
+ * specify CKM_DES2_KEY_GEN as the mechanism directly; specifying
+ * CKM_DES3_CBC as the mechanism and 16 as keySize currently doesn't work.
+ */
+PK11SymKey *
+PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
+                 int keySize, SECItem *keyid, PRBool isToken, void *wincx)
+{
+    PK11SymKey *symKey;
+    PRBool weird = PR_FALSE; /* hack for fortezza */
+    CK_FLAGS opFlags = CKF_SIGN;
+    PK11AttrFlags attrFlags = 0;
+
+    if ((keySize == -1) && (type == CKM_SKIPJACK_CBC64)) {
+        weird = PR_TRUE;
+        keySize = 0;
+    }
+
+    opFlags |= weird ? CKF_DECRYPT : CKF_ENCRYPT;
+
+    if (isToken) {
+        attrFlags |= (PK11_ATTR_TOKEN | PK11_ATTR_PRIVATE);
+    }
+
+    symKey = pk11_TokenKeyGenWithFlagsAndKeyType(slot, type, param,
+                                                 -1, keySize, keyid, opFlags, attrFlags, wincx);
+    if (symKey && weird) {
+        PK11_SetFortezzaHack(symKey);
+    }
+
+    return symKey;
+}
+
+PK11SymKey *
+PK11_KeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *param,
+            int keySize, void *wincx)
+{
+    return PK11_TokenKeyGen(slot, type, param, keySize, 0, PR_FALSE, wincx);
+}
+
+PK11SymKey *
+PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                        CK_MECHANISM_TYPE keyGenType,
+                        SECItem *param, CK_ATTRIBUTE *attrs,
+                        unsigned int attrsCount, void *wincx)
+{
+    PK11SymKey *symKey;
+    CK_SESSION_HANDLE session;
+    CK_MECHANISM mechanism;
+    CK_RV crv;
+    PRBool isToken = CK_FALSE;
+    CK_ULONG keySize = 0;
+    unsigned i;
+
+    /* Extract the template's CKA_VALUE_LEN into keySize and CKA_TOKEN into
+       isToken. */
+    for (i = 0; i < attrsCount; ++i) {
+        switch (attrs[i].type) {
+            case CKA_VALUE_LEN:
+                if (attrs[i].pValue == NULL ||
+                    attrs[i].ulValueLen != sizeof(CK_ULONG)) {
+                    PORT_SetError(PK11_MapError(CKR_TEMPLATE_INCONSISTENT));
+                    return NULL;
+                }
+                keySize = *(CK_ULONG *)attrs[i].pValue;
+                break;
+            case CKA_TOKEN:
+                if (attrs[i].pValue == NULL ||
+                    attrs[i].ulValueLen != sizeof(CK_BBOOL)) {
+                    PORT_SetError(PK11_MapError(CKR_TEMPLATE_INCONSISTENT));
+                    return NULL;
+                }
+                isToken = (*(CK_BBOOL *)attrs[i].pValue) ? PR_TRUE : PR_FALSE;
+                break;
+        }
+    }
+
+    /* find a slot to generate the key into */
+    /* Only do slot management if this is not a token key */
+    if (!isToken && (slot == NULL || !PK11_DoesMechanism(slot, type))) {
+        PK11SlotInfo *bestSlot = PK11_GetBestSlot(type, wincx);
+        if (bestSlot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            return NULL;
+        }
+        symKey = pk11_CreateSymKey(bestSlot, type, !isToken, PR_TRUE, wincx);
+        PK11_FreeSlot(bestSlot);
+    } else {
+        symKey = pk11_CreateSymKey(slot, type, !isToken, PR_TRUE, wincx);
+    }
+    if (symKey == NULL)
+        return NULL;
+
+    symKey->size = keySize;
+    symKey->origin = PK11_OriginGenerated;
+
+    /* Set the parameters for the key gen if provided */
+    mechanism.mechanism = keyGenType;
+    mechanism.pParameter = NULL;
+    mechanism.ulParameterLen = 0;
+    if (param) {
+        mechanism.pParameter = param->data;
+        mechanism.ulParameterLen = param->len;
+    }
+
+    /* Get session and perform locking */
+    if (isToken) {
+        PK11_Authenticate(symKey->slot, PR_TRUE, wincx);
+        /* Should always be original slot */
+        session = PK11_GetRWSession(symKey->slot);
+        symKey->owner = PR_FALSE;
+    } else {
+        session = symKey->session;
+        if (session != CK_INVALID_SESSION)
+            pk11_EnterKeyMonitor(symKey);
+    }
+    if (session == CK_INVALID_SESSION) {
+        PK11_FreeSymKey(symKey);
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return NULL;
+    }
+
+    crv = PK11_GETTAB(symKey->slot)->C_GenerateKey(session, &mechanism, attrs, attrsCount, &symKey->objectID);
+
+    /* Release lock and session */
+    if (isToken) {
+        PK11_RestoreROSession(symKey->slot, session);
+    } else {
+        pk11_ExitKeyMonitor(symKey);
+    }
+
+    if (crv != CKR_OK) {
+        PK11_FreeSymKey(symKey);
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+
+    return symKey;
+}
+
+/* --- */
+PK11SymKey *
+PK11_GenDES3TokenKey(PK11SlotInfo *slot, SECItem *keyid, void *cx)
+{
+    return PK11_TokenKeyGen(slot, CKM_DES3_CBC, 0, 0, keyid, PR_TRUE, cx);
+}
+
+PK11SymKey *
+PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk, void *wincx)
+{
+    PK11SlotInfo *slot = symk->slot;
+    CK_ATTRIBUTE template[1];
+    CK_ATTRIBUTE *attrs = template;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_RV crv;
+    CK_OBJECT_HANDLE newKeyID;
+    CK_SESSION_HANDLE rwsession;
+
+    PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(cktrue));
+    attrs++;
+
+    PK11_Authenticate(slot, PR_TRUE, wincx);
+    rwsession = PK11_GetRWSession(slot);
+    if (rwsession == CK_INVALID_SESSION) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return NULL;
+    }
+    crv = PK11_GETTAB(slot)->C_CopyObject(rwsession, symk->objectID,
+                                          template, 1, &newKeyID);
+    PK11_RestoreROSession(slot, rwsession);
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return NULL;
+    }
+
+    return PK11_SymKeyFromHandle(slot, NULL /*parent*/, symk->origin,
+                                 symk->type, newKeyID, PR_FALSE /*owner*/, NULL /*wincx*/);
+}
+
+/*
+ * This function does a straight public key wrap (which only RSA can do).
+ * Use PK11_PubGenKey and PK11_WrapSymKey to implement the FORTEZZA and
+ * Diffie-Hellman Ciphers. */
+SECStatus
+PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
+                   PK11SymKey *symKey, SECItem *wrappedKey)
+{
+    PK11SlotInfo *slot;
+    CK_ULONG len = wrappedKey->len;
+    PK11SymKey *newKey = NULL;
+    CK_OBJECT_HANDLE id;
+    CK_MECHANISM mechanism;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    CK_RV crv;
+
+    if (symKey == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* if this slot doesn't support the mechanism, go to a slot that does */
+    newKey = pk11_ForceSlot(symKey, type, CKA_ENCRYPT);
+    if (newKey != NULL) {
+        symKey = newKey;
+    }
+
+    if (symKey->slot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return SECFailure;
+    }
+
+    slot = symKey->slot;
+    mechanism.mechanism = pk11_mapWrapKeyType(pubKey->keyType);
+    mechanism.pParameter = NULL;
+    mechanism.ulParameterLen = 0;
+
+    id = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);
+    if (id == CK_INVALID_HANDLE) {
+        if (newKey) {
+            PK11_FreeSymKey(newKey);
+        }
+        return SECFailure; /* Error code has been set. */
+    }
+
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_WrapKey(session, &mechanism,
+                                       id, symKey->objectID, wrappedKey->data, &len);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    if (newKey) {
+        PK11_FreeSymKey(newKey);
+    }
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    wrappedKey->len = len;
+    return SECSuccess;
+}
+
+/*
+ * this little function uses the Encrypt function to wrap a key, just in
+ * case we have problems with the wrap implementation for a token.
+ */
+static SECStatus
+pk11_HandWrap(PK11SymKey *wrappingKey, SECItem *param, CK_MECHANISM_TYPE type,
+              SECItem *inKey, SECItem *outKey)
+{
+    PK11SlotInfo *slot;
+    CK_ULONG len;
+    SECItem *data;
+    CK_MECHANISM mech;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    CK_RV crv;
+
+    slot = wrappingKey->slot;
+    /* use NULL IV's for wrapping */
+    mech.mechanism = type;
+    if (param) {
+        mech.pParameter = param->data;
+        mech.ulParameterLen = param->len;
+    } else {
+        mech.pParameter = NULL;
+        mech.ulParameterLen = 0;
+    }
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_EncryptInit(session, &mech,
+                                           wrappingKey->objectID);
+    if (crv != CKR_OK) {
+        if (!owner || !(slot->isThreadSafe))
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    /* keys are almost always aligned, but if we get this far,
+     * we've gone above and beyond anyway... */
+    data = PK11_BlockData(inKey, PK11_GetBlockSize(type, param));
+    if (data == NULL) {
+        if (!owner || !(slot->isThreadSafe))
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    len = outKey->len;
+    crv = PK11_GETTAB(slot)->C_Encrypt(session, data->data, data->len,
+                                       outKey->data, &len);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    SECITEM_FreeItem(data, PR_TRUE);
+    outKey->len = len;
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * This function does a symetric based wrap.
+ */
+SECStatus
+PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *param,
+                PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey)
+{
+    PK11SlotInfo *slot;
+    CK_ULONG len = wrappedKey->len;
+    PK11SymKey *newKey = NULL;
+    SECItem *param_save = NULL;
+    CK_MECHANISM mechanism;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+    CK_RV crv;
+    SECStatus rv;
+
+    /* if this slot doesn't support the mechanism, go to a slot that does */
+    /* Force symKey and wrappingKey into the same slot */
+    if ((wrappingKey->slot == NULL) || (symKey->slot != wrappingKey->slot)) {
+        /* first try copying the wrapping Key to the symKey slot */
+        if (symKey->slot && PK11_DoesMechanism(symKey->slot, type)) {
+            newKey = pk11_CopyToSlot(symKey->slot, type, CKA_WRAP, wrappingKey);
+        }
+        /* Nope, try it the other way */
+        if (newKey == NULL) {
+            if (wrappingKey->slot) {
+                newKey = pk11_CopyToSlot(wrappingKey->slot,
+                                         symKey->type, CKA_ENCRYPT, symKey);
+            }
+            /* just not playing... one last thing, can we get symKey's data?
+             * If it's possible, we it should already be in the
+             * symKey->data.data pointer because pk11_CopyToSlot would have
+             * tried to put it there. */
+            if (newKey == NULL) {
+                /* Can't get symKey's data: Game Over */
+                if (symKey->data.data == NULL) {
+                    PORT_SetError(SEC_ERROR_NO_MODULE);
+                    return SECFailure;
+                }
+                if (param == NULL) {
+                    param_save = param = PK11_ParamFromIV(type, NULL);
+                }
+                rv = pk11_HandWrap(wrappingKey, param, type,
+                                   &symKey->data, wrappedKey);
+                if (param_save)
+                    SECITEM_FreeItem(param_save, PR_TRUE);
+                return rv;
+            }
+            /* we successfully moved the sym Key */
+            symKey = newKey;
+        } else {
+            /* we successfully moved the wrapping Key */
+            wrappingKey = newKey;
+        }
+    }
+
+    /* at this point both keys are in the same token */
+    slot = wrappingKey->slot;
+    mechanism.mechanism = type;
+    /* use NULL IV's for wrapping */
+    if (param == NULL) {
+        param_save = param = PK11_ParamFromIV(type, NULL);
+    }
+    if (param) {
+        mechanism.pParameter = param->data;
+        mechanism.ulParameterLen = param->len;
+    } else {
+        mechanism.pParameter = NULL;
+        mechanism.ulParameterLen = 0;
+    }
+
+    len = wrappedKey->len;
+
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_WrapKey(session, &mechanism,
+                                       wrappingKey->objectID, symKey->objectID,
+                                       wrappedKey->data, &len);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    rv = SECSuccess;
+    if (crv != CKR_OK) {
+        /* can't wrap it? try hand wrapping it... */
+        do {
+            if (symKey->data.data == NULL) {
+                rv = PK11_ExtractKeyValue(symKey);
+                if (rv != SECSuccess)
+                    break;
+            }
+            rv = pk11_HandWrap(wrappingKey, param, type, &symKey->data,
+                               wrappedKey);
+        } while (PR_FALSE);
+    } else {
+        wrappedKey->len = len;
+    }
+    if (newKey)
+        PK11_FreeSymKey(newKey);
+    if (param_save)
+        SECITEM_FreeItem(param_save, PR_TRUE);
+    return rv;
+}
+
+/*
+ * This Generates a new key based on a symetricKey
+ */
+PK11SymKey *
+PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive, SECItem *param,
+            CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+            int keySize)
+{
+    return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
+                                   keySize, NULL, 0, PR_FALSE);
+}
+
+PK11SymKey *
+PK11_DeriveWithFlags(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
+                     SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                     int keySize, CK_FLAGS flags)
+{
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
+    unsigned int templateCount;
+
+    templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
+    return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
+                                   keySize, keyTemplate, templateCount, PR_FALSE);
+}
+
+PK11SymKey *
+PK11_DeriveWithFlagsPerm(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
+                         SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                         int keySize, CK_FLAGS flags, PRBool isPerm)
+{
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
+    CK_ATTRIBUTE *attrs;
+    unsigned int templateCount = 0;
+
+    attrs = keyTemplate;
+    if (isPerm) {
+        PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
+        attrs++;
+    }
+    templateCount = attrs - keyTemplate;
+    templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
+    return PK11_DeriveWithTemplate(baseKey, derive, param, target, operation,
+                                   keySize, keyTemplate, templateCount, isPerm);
+}
+
+PK11SymKey *
+PK11_DeriveWithTemplate(PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
+                        SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                        int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs,
+                        PRBool isPerm)
+{
+    PK11SlotInfo *slot = baseKey->slot;
+    PK11SymKey *symKey;
+    PK11SymKey *newBaseKey = NULL;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_ULONG valueLen = 0;
+    CK_MECHANISM mechanism;
+    CK_RV crv;
+#define MAX_ADD_ATTRS 4
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS + MAX_ADD_ATTRS];
+#undef MAX_ADD_ATTRS
+    CK_ATTRIBUTE *attrs = keyTemplate;
+    CK_SESSION_HANDLE session;
+    unsigned int templateCount;
+
+    if (numAttrs > MAX_TEMPL_ATTRS) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /* first copy caller attributes in. */
+    for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
+        *attrs++ = *userAttr++;
+    }
+
+    /* We only add the following attributes to the template if the caller
+    ** didn't already supply them.
+    */
+    if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) {
+        PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass);
+        attrs++;
+    }
+    if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) {
+        keyType = PK11_GetKeyType(target, keySize);
+        PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType);
+        attrs++;
+    }
+    if (keySize > 0 &&
+        !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) {
+        valueLen = (CK_ULONG)keySize;
+        PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen);
+        attrs++;
+    }
+    if ((operation != CKA_FLAGS_ONLY) &&
+        !pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
+        PK11_SETATTRS(attrs, operation, &cktrue, sizeof cktrue);
+        attrs++;
+    }
+
+    templateCount = attrs - keyTemplate;
+    PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE));
+
+    /* move the key to a slot that can do the function */
+    if (!PK11_DoesMechanism(slot, derive)) {
+        /* get a new base key & slot */
+        PK11SlotInfo *newSlot = PK11_GetBestSlot(derive, baseKey->cx);
+
+        if (newSlot == NULL)
+            return NULL;
+
+        newBaseKey = pk11_CopyToSlot(newSlot, derive, CKA_DERIVE,
+                                     baseKey);
+        PK11_FreeSlot(newSlot);
+        if (newBaseKey == NULL)
+            return NULL;
+        baseKey = newBaseKey;
+        slot = baseKey->slot;
+    }
+
+    /* get our key Structure */
+    symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE, baseKey->cx);
+    if (symKey == NULL) {
+        return NULL;
+    }
+
+    symKey->size = keySize;
+
+    mechanism.mechanism = derive;
+    if (param) {
+        mechanism.pParameter = param->data;
+        mechanism.ulParameterLen = param->len;
+    } else {
+        mechanism.pParameter = NULL;
+        mechanism.ulParameterLen = 0;
+    }
+    symKey->origin = PK11_OriginDerive;
+
+    if (isPerm) {
+        session = PK11_GetRWSession(slot);
+    } else {
+        pk11_EnterKeyMonitor(symKey);
+        session = symKey->session;
+    }
+    if (session == CK_INVALID_SESSION) {
+        if (!isPerm)
+            pk11_ExitKeyMonitor(symKey);
+        crv = CKR_SESSION_HANDLE_INVALID;
+    } else {
+        crv = PK11_GETTAB(slot)->C_DeriveKey(session, &mechanism,
+                                             baseKey->objectID, keyTemplate, templateCount, &symKey->objectID);
+        if (isPerm) {
+            PK11_RestoreROSession(slot, session);
+        } else {
+            pk11_ExitKeyMonitor(symKey);
+        }
+    }
+    if (newBaseKey)
+        PK11_FreeSymKey(newBaseKey);
+    if (crv != CKR_OK) {
+        PK11_FreeSymKey(symKey);
+        return NULL;
+    }
+    return symKey;
+}
+
+/* Create a new key by concatenating base and data
+ */
+PK11SymKey *
+pk11_ConcatenateBaseAndData(PK11SymKey *base,
+                            CK_BYTE *data, CK_ULONG dataLen, CK_MECHANISM_TYPE target,
+                            CK_ATTRIBUTE_TYPE operation)
+{
+    CK_KEY_DERIVATION_STRING_DATA mechParams;
+    SECItem param;
+
+    if (base == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    mechParams.pData = data;
+    mechParams.ulLen = dataLen;
+    param.data = (unsigned char *)&mechParams;
+    param.len = sizeof(CK_KEY_DERIVATION_STRING_DATA);
+
+    return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_DATA,
+                       &param, target, operation, 0);
+}
+
+/* Create a new key by concatenating base and key
+ */
+static PK11SymKey *
+pk11_ConcatenateBaseAndKey(PK11SymKey *base,
+                           PK11SymKey *key, CK_MECHANISM_TYPE target,
+                           CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize)
+{
+    SECItem param;
+
+    if ((base == NULL) || (key == NULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    param.data = (unsigned char *)&(key->objectID);
+    param.len = sizeof(CK_OBJECT_HANDLE);
+
+    return PK11_Derive(base, CKM_CONCATENATE_BASE_AND_KEY,
+                       &param, target, operation, keySize);
+}
+
+/* Create a new key whose value is the hash of tobehashed.
+ * type is the mechanism for the derived key.
+ */
+static PK11SymKey *
+pk11_HashKeyDerivation(PK11SymKey *toBeHashed,
+                       CK_MECHANISM_TYPE hashMechanism, CK_MECHANISM_TYPE target,
+                       CK_ATTRIBUTE_TYPE operation, CK_ULONG keySize)
+{
+    return PK11_Derive(toBeHashed, hashMechanism, NULL, target, operation, keySize);
+}
+
+/* This function implements the ANSI X9.63 key derivation function
+ */
+static PK11SymKey *
+pk11_ANSIX963Derive(PK11SymKey *sharedSecret,
+                    CK_EC_KDF_TYPE kdf, SECItem *sharedData,
+                    CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                    CK_ULONG keySize)
+{
+    CK_KEY_TYPE keyType;
+    CK_MECHANISM_TYPE hashMechanism, mechanismArray[4];
+    CK_ULONG derivedKeySize, HashLen, counter, maxCounter, bufferLen;
+    CK_ULONG SharedInfoLen;
+    CK_BYTE *buffer = NULL;
+    PK11SymKey *toBeHashed, *hashOutput;
+    PK11SymKey *newSharedSecret = NULL;
+    PK11SymKey *oldIntermediateResult, *intermediateResult = NULL;
+
+    if (sharedSecret == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    switch (kdf) {
+        case CKD_SHA1_KDF:
+            HashLen = SHA1_LENGTH;
+            hashMechanism = CKM_SHA1_KEY_DERIVATION;
+            break;
+        case CKD_SHA224_KDF:
+            HashLen = SHA224_LENGTH;
+            hashMechanism = CKM_SHA224_KEY_DERIVATION;
+            break;
+        case CKD_SHA256_KDF:
+            HashLen = SHA256_LENGTH;
+            hashMechanism = CKM_SHA256_KEY_DERIVATION;
+            break;
+        case CKD_SHA384_KDF:
+            HashLen = SHA384_LENGTH;
+            hashMechanism = CKM_SHA384_KEY_DERIVATION;
+            break;
+        case CKD_SHA512_KDF:
+            HashLen = SHA512_LENGTH;
+            hashMechanism = CKM_SHA512_KEY_DERIVATION;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return NULL;
+    }
+
+    derivedKeySize = keySize;
+    if (derivedKeySize == 0) {
+        keyType = PK11_GetKeyType(target, keySize);
+        derivedKeySize = pk11_GetPredefinedKeyLength(keyType);
+        if (derivedKeySize == 0) {
+            derivedKeySize = HashLen;
+        }
+    }
+
+    /* Check that key_len isn't too long.  The maximum key length could be
+     * greatly increased if the code below did not limit the 4-byte counter
+     * to a maximum value of 255. */
+    if (derivedKeySize > 254 * HashLen) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    maxCounter = derivedKeySize / HashLen;
+    if (derivedKeySize > maxCounter * HashLen)
+        maxCounter++;
+
+    if ((sharedData == NULL) || (sharedData->data == NULL))
+        SharedInfoLen = 0;
+    else
+        SharedInfoLen = sharedData->len;
+
+    bufferLen = SharedInfoLen + 4;
+
+    /* Populate buffer with Counter || sharedData
+     * where Counter is 0x00000001. */
+    buffer = (unsigned char *)PORT_Alloc(bufferLen);
+    if (buffer == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    buffer[0] = 0;
+    buffer[1] = 0;
+    buffer[2] = 0;
+    buffer[3] = 1;
+    if (SharedInfoLen > 0) {
+        PORT_Memcpy(&buffer[4], sharedData->data, SharedInfoLen);
+    }
+
+    /* Look for a slot that supports the mechanisms needed
+     * to implement the ANSI X9.63 KDF as well as the
+     * target mechanism.
+     */
+    mechanismArray[0] = CKM_CONCATENATE_BASE_AND_DATA;
+    mechanismArray[1] = hashMechanism;
+    mechanismArray[2] = CKM_CONCATENATE_BASE_AND_KEY;
+    mechanismArray[3] = target;
+
+    newSharedSecret = pk11_ForceSlotMultiple(sharedSecret,
+                                             mechanismArray, 4, operation);
+    if (newSharedSecret != NULL) {
+        sharedSecret = newSharedSecret;
+    }
+
+    for (counter = 1; counter <= maxCounter; counter++) {
+        /* Concatenate shared_secret and buffer */
+        toBeHashed = pk11_ConcatenateBaseAndData(sharedSecret, buffer,
+                                                 bufferLen, hashMechanism, operation);
+        if (toBeHashed == NULL) {
+            goto loser;
+        }
+
+        /* Hash value */
+        if (maxCounter == 1) {
+            /* In this case the length of the key to be derived is
+             * less than or equal to the length of the hash output.
+             * So, the output of the hash operation will be the
+             * dervied key. */
+            hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism,
+                                                target, operation, keySize);
+        } else {
+            /* In this case, the output of the hash operation will be
+             * concatenated with other data to create the derived key. */
+            hashOutput = pk11_HashKeyDerivation(toBeHashed, hashMechanism,
+                                                CKM_CONCATENATE_BASE_AND_KEY, operation, 0);
+        }
+        PK11_FreeSymKey(toBeHashed);
+        if (hashOutput == NULL) {
+            goto loser;
+        }
+
+        /* Append result to intermediate result, if necessary */
+        oldIntermediateResult = intermediateResult;
+
+        if (oldIntermediateResult == NULL) {
+            intermediateResult = hashOutput;
+        } else {
+            if (counter == maxCounter) {
+                /* This is the final concatenation, and so the output
+                 * will be the derived key. */
+                intermediateResult =
+                    pk11_ConcatenateBaseAndKey(oldIntermediateResult,
+                                               hashOutput, target, operation, keySize);
+            } else {
+                /* The output of this concatenation will be concatenated
+                 * with other data to create the derived key. */
+                intermediateResult =
+                    pk11_ConcatenateBaseAndKey(oldIntermediateResult,
+                                               hashOutput, CKM_CONCATENATE_BASE_AND_KEY,
+                                               operation, 0);
+            }
+
+            PK11_FreeSymKey(hashOutput);
+            PK11_FreeSymKey(oldIntermediateResult);
+            if (intermediateResult == NULL) {
+                goto loser;
+            }
+        }
+
+        /* Increment counter (assumes maxCounter < 255) */
+        buffer[3]++;
+    }
+
+    PORT_ZFree(buffer, bufferLen);
+    if (newSharedSecret != NULL)
+        PK11_FreeSymKey(newSharedSecret);
+    return intermediateResult;
+
+loser:
+    PORT_ZFree(buffer, bufferLen);
+    if (newSharedSecret != NULL)
+        PK11_FreeSymKey(newSharedSecret);
+    if (intermediateResult != NULL)
+        PK11_FreeSymKey(intermediateResult);
+    return NULL;
+}
+
+/*
+ * This Generates a wrapping key based on a privateKey, publicKey, and two
+ * random numbers. For Mail usage RandomB should be NULL. In the Sender's
+ * case RandomA is generate, outherwize it is passed.
+ */
+PK11SymKey *
+PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
+               PRBool isSender, SECItem *randomA, SECItem *randomB,
+               CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
+               CK_ATTRIBUTE_TYPE operation, int keySize, void *wincx)
+{
+    PK11SlotInfo *slot = privKey->pkcs11Slot;
+    CK_MECHANISM mechanism;
+    PK11SymKey *symKey;
+    CK_RV crv;
+
+    /* get our key Structure */
+    symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx);
+    if (symKey == NULL) {
+        return NULL;
+    }
+
+    symKey->origin = PK11_OriginDerive;
+
+    switch (privKey->keyType) {
+        case rsaKey:
+        case rsaPssKey:
+        case rsaOaepKey:
+        case nullKey:
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            break;
+        case dsaKey:
+        case keaKey:
+        case fortezzaKey: {
+            static unsigned char rb_email[128] = { 0 };
+            CK_KEA_DERIVE_PARAMS param;
+            param.isSender = (CK_BBOOL)isSender;
+            param.ulRandomLen = randomA->len;
+            param.pRandomA = randomA->data;
+            param.pRandomB = rb_email;
+            param.pRandomB[127] = 1;
+            if (randomB)
+                param.pRandomB = randomB->data;
+            if (pubKey->keyType == fortezzaKey) {
+                param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
+                param.pPublicData = pubKey->u.fortezza.KEAKey.data;
+            } else {
+                /* assert type == keaKey */
+                /* XXX change to match key key types */
+                param.ulPublicDataLen = pubKey->u.fortezza.KEAKey.len;
+                param.pPublicData = pubKey->u.fortezza.KEAKey.data;
+            }
+
+            mechanism.mechanism = derive;
+            mechanism.pParameter = &param;
+            mechanism.ulParameterLen = sizeof(param);
+
+            /* get a new symKey structure */
+            pk11_EnterKeyMonitor(symKey);
+            crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
+                                                 privKey->pkcs11ID, NULL, 0,
+                                                 &symKey->objectID);
+            pk11_ExitKeyMonitor(symKey);
+            if (crv == CKR_OK)
+                return symKey;
+            PORT_SetError(PK11_MapError(crv));
+        } break;
+        case dhKey: {
+            CK_BBOOL cktrue = CK_TRUE;
+            CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+            CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+            CK_ULONG key_size = 0;
+            CK_ATTRIBUTE keyTemplate[4];
+            int templateCount;
+            CK_ATTRIBUTE *attrs = keyTemplate;
+
+            if (pubKey->keyType != dhKey) {
+                PORT_SetError(SEC_ERROR_BAD_KEY);
+                break;
+            }
+
+            PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+            attrs++;
+            PK11_SETATTRS(attrs, operation, &cktrue, 1);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
+            attrs++;
+            templateCount = attrs - keyTemplate;
+            PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE));
+
+            keyType = PK11_GetKeyType(target, keySize);
+            key_size = keySize;
+            symKey->size = keySize;
+            if (key_size == 0)
+                templateCount--;
+
+            mechanism.mechanism = derive;
+
+            /* we can undefine these when we define diffie-helman keys */
+
+            mechanism.pParameter = pubKey->u.dh.publicValue.data;
+            mechanism.ulParameterLen = pubKey->u.dh.publicValue.len;
+
+            pk11_EnterKeyMonitor(symKey);
+            crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
+                                                 privKey->pkcs11ID, keyTemplate,
+                                                 templateCount, &symKey->objectID);
+            pk11_ExitKeyMonitor(symKey);
+            if (crv == CKR_OK)
+                return symKey;
+            PORT_SetError(PK11_MapError(crv));
+        } break;
+        case ecKey: {
+            CK_BBOOL cktrue = CK_TRUE;
+            CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+            CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+            CK_ULONG key_size = 0;
+            CK_ATTRIBUTE keyTemplate[4];
+            int templateCount;
+            CK_ATTRIBUTE *attrs = keyTemplate;
+            CK_ECDH1_DERIVE_PARAMS *mechParams = NULL;
+
+            if (pubKey->keyType != ecKey) {
+                PORT_SetError(SEC_ERROR_BAD_KEY);
+                break;
+            }
+
+            PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+            attrs++;
+            PK11_SETATTRS(attrs, operation, &cktrue, 1);
+            attrs++;
+            PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
+            attrs++;
+            templateCount = attrs - keyTemplate;
+            PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE));
+
+            keyType = PK11_GetKeyType(target, keySize);
+            key_size = keySize;
+            if (key_size == 0) {
+                if ((key_size = pk11_GetPredefinedKeyLength(keyType))) {
+                    templateCount--;
+                } else {
+                    /* sigh, some tokens can't figure this out and require
+                     * CKA_VALUE_LEN to be set */
+                    key_size = SHA1_LENGTH;
+                }
+            }
+            symKey->size = key_size;
+
+            mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS);
+            mechParams->kdf = CKD_SHA1_KDF;
+            mechParams->ulSharedDataLen = 0;
+            mechParams->pSharedData = NULL;
+            mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len;
+            mechParams->pPublicData = pubKey->u.ec.publicValue.data;
+
+            mechanism.mechanism = derive;
+            mechanism.pParameter = mechParams;
+            mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
+
+            pk11_EnterKeyMonitor(symKey);
+            crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session,
+                                                 &mechanism, privKey->pkcs11ID, keyTemplate,
+                                                 templateCount, &symKey->objectID);
+            pk11_ExitKeyMonitor(symKey);
+
+            /* old PKCS #11 spec was ambiguous on what needed to be passed,
+             * try this again with and encoded public key */
+            if (crv != CKR_OK) {
+                SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
+                                                       &pubKey->u.ec.publicValue,
+                                                       SEC_ASN1_GET(SEC_OctetStringTemplate));
+                if (pubValue == NULL) {
+                    PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
+                    break;
+                }
+                mechParams->ulPublicDataLen = pubValue->len;
+                mechParams->pPublicData = pubValue->data;
+
+                pk11_EnterKeyMonitor(symKey);
+                crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session,
+                                                     &mechanism, privKey->pkcs11ID, keyTemplate,
+                                                     templateCount, &symKey->objectID);
+                pk11_ExitKeyMonitor(symKey);
+
+                SECITEM_FreeItem(pubValue, PR_TRUE);
+            }
+
+            PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
+
+            if (crv == CKR_OK)
+                return symKey;
+            PORT_SetError(PK11_MapError(crv));
+        }
+    }
+
+    PK11_FreeSymKey(symKey);
+    return NULL;
+}
+
+/* Test for curves that are known to use a special encoding.
+ * Extend this function when additional curves are added. */
+static ECPointEncoding
+pk11_ECGetPubkeyEncoding(const SECKEYPublicKey *pubKey)
+{
+    SECItem oid;
+    SECStatus rv;
+    PORTCheapArenaPool tmpArena;
+    ECPointEncoding encoding = ECPoint_Undefined;
+
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+
+    /* decode the OID tag */
+    rv = SEC_QuickDERDecodeItem(&tmpArena.arena, &oid,
+                                SEC_ASN1_GET(SEC_ObjectIDTemplate),
+                                &pubKey->u.ec.DEREncodedParams);
+    if (rv == SECSuccess) {
+        SECOidTag tag = SECOID_FindOIDTag(&oid);
+        switch (tag) {
+            case SEC_OID_CURVE25519:
+                encoding = ECPoint_XOnly;
+                break;
+            case SEC_OID_SECG_EC_SECP256R1:
+            case SEC_OID_SECG_EC_SECP384R1:
+            case SEC_OID_SECG_EC_SECP521R1:
+            default:
+                /* unknown curve, default to uncompressed */
+                encoding = ECPoint_Uncompressed;
+        }
+    }
+    PORT_DestroyCheapArena(&tmpArena);
+    return encoding;
+}
+
+/* Returns the size of the public key, or 0 if there
+ * is an error. */
+static CK_ULONG
+pk11_ECPubKeySize(SECKEYPublicKey *pubKey)
+{
+    SECItem *publicValue = &pubKey->u.ec.publicValue;
+
+    ECPointEncoding encoding = pk11_ECGetPubkeyEncoding(pubKey);
+    if (encoding == ECPoint_XOnly) {
+        return publicValue->len;
+    }
+    if (encoding == ECPoint_Uncompressed) {
+        /* key encoded in uncompressed form */
+        return ((publicValue->len - 1) / 2);
+    }
+    /* key encoding not recognized */
+    return 0;
+}
+
+static PK11SymKey *
+pk11_PubDeriveECKeyWithKDF(
+    SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
+    PRBool isSender, SECItem *randomA, SECItem *randomB,
+    CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
+    CK_ATTRIBUTE_TYPE operation, int keySize,
+    CK_ULONG kdf, SECItem *sharedData, void *wincx)
+{
+    PK11SlotInfo *slot = privKey->pkcs11Slot;
+    PK11SymKey *symKey;
+    PK11SymKey *SharedSecret;
+    CK_MECHANISM mechanism;
+    CK_RV crv;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_ULONG key_size = 0;
+    CK_ATTRIBUTE keyTemplate[4];
+    int templateCount;
+    CK_ATTRIBUTE *attrs = keyTemplate;
+    CK_ECDH1_DERIVE_PARAMS *mechParams = NULL;
+
+    if (pubKey->keyType != ecKey) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return NULL;
+    }
+    if ((kdf != CKD_NULL) && (kdf != CKD_SHA1_KDF) &&
+        (kdf != CKD_SHA224_KDF) && (kdf != CKD_SHA256_KDF) &&
+        (kdf != CKD_SHA384_KDF) && (kdf != CKD_SHA512_KDF)) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return NULL;
+    }
+
+    /* get our key Structure */
+    symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx);
+    if (symKey == NULL) {
+        return NULL;
+    }
+
+    symKey->origin = PK11_OriginDerive;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof(keyClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+    attrs++;
+    PK11_SETATTRS(attrs, operation, &cktrue, 1);
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_VALUE_LEN, &key_size, sizeof(key_size));
+    attrs++;
+    templateCount = attrs - keyTemplate;
+    PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE));
+
+    keyType = PK11_GetKeyType(target, keySize);
+    key_size = keySize;
+    if (key_size == 0) {
+        if ((key_size = pk11_GetPredefinedKeyLength(keyType))) {
+            templateCount--;
+        } else {
+            /* sigh, some tokens can't figure this out and require
+             * CKA_VALUE_LEN to be set */
+            switch (kdf) {
+                case CKD_NULL:
+                    key_size = pk11_ECPubKeySize(pubKey);
+                    if (key_size == 0) {
+                        PK11_FreeSymKey(symKey);
+                        return NULL;
+                    }
+                    break;
+                case CKD_SHA1_KDF:
+                    key_size = SHA1_LENGTH;
+                    break;
+                case CKD_SHA224_KDF:
+                    key_size = SHA224_LENGTH;
+                    break;
+                case CKD_SHA256_KDF:
+                    key_size = SHA256_LENGTH;
+                    break;
+                case CKD_SHA384_KDF:
+                    key_size = SHA384_LENGTH;
+                    break;
+                case CKD_SHA512_KDF:
+                    key_size = SHA512_LENGTH;
+                    break;
+                default:
+                    PORT_Assert(!"Invalid CKD");
+                    PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                    return NULL;
+            }
+        }
+    }
+    symKey->size = key_size;
+
+    mechParams = PORT_ZNew(CK_ECDH1_DERIVE_PARAMS);
+    if (!mechParams) {
+        PK11_FreeSymKey(symKey);
+        return NULL;
+    }
+    mechParams->kdf = kdf;
+    if (sharedData == NULL) {
+        mechParams->ulSharedDataLen = 0;
+        mechParams->pSharedData = NULL;
+    } else {
+        mechParams->ulSharedDataLen = sharedData->len;
+        mechParams->pSharedData = sharedData->data;
+    }
+    mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len;
+    mechParams->pPublicData = pubKey->u.ec.publicValue.data;
+
+    mechanism.mechanism = derive;
+    mechanism.pParameter = mechParams;
+    mechanism.ulParameterLen = sizeof(CK_ECDH1_DERIVE_PARAMS);
+
+    pk11_EnterKeyMonitor(symKey);
+    crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session, &mechanism,
+                                         privKey->pkcs11ID, keyTemplate,
+                                         templateCount, &symKey->objectID);
+    pk11_ExitKeyMonitor(symKey);
+
+    /* old PKCS #11 spec was ambiguous on what needed to be passed,
+     * try this again with an encoded public key */
+    if (crv != CKR_OK) {
+        SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
+                                               &pubKey->u.ec.publicValue,
+                                               SEC_ASN1_GET(SEC_OctetStringTemplate));
+        if (pubValue == NULL) {
+            goto loser;
+        }
+        mechParams->ulPublicDataLen = pubValue->len;
+        mechParams->pPublicData = pubValue->data;
+
+        pk11_EnterKeyMonitor(symKey);
+        crv = PK11_GETTAB(slot)->C_DeriveKey(symKey->session,
+                                             &mechanism, privKey->pkcs11ID, keyTemplate,
+                                             templateCount, &symKey->objectID);
+        pk11_ExitKeyMonitor(symKey);
+
+        if ((crv != CKR_OK) && (kdf != CKD_NULL)) {
+            /* Some PKCS #11 libraries cannot perform the key derivation
+             * function. So, try calling C_DeriveKey with CKD_NULL and then
+             * performing the KDF separately.
+             */
+            CK_ULONG derivedKeySize = key_size;
+
+            keyType = CKK_GENERIC_SECRET;
+            key_size = pk11_ECPubKeySize(pubKey);
+            if (key_size == 0) {
+                SECITEM_FreeItem(pubValue, PR_TRUE);
+                goto loser;
+            }
+            SharedSecret = symKey;
+            SharedSecret->size = key_size;
+
+            mechParams->kdf = CKD_NULL;
+            mechParams->ulSharedDataLen = 0;
+            mechParams->pSharedData = NULL;
+            mechParams->ulPublicDataLen = pubKey->u.ec.publicValue.len;
+            mechParams->pPublicData = pubKey->u.ec.publicValue.data;
+
+            pk11_EnterKeyMonitor(SharedSecret);
+            crv = PK11_GETTAB(slot)->C_DeriveKey(SharedSecret->session,
+                                                 &mechanism, privKey->pkcs11ID, keyTemplate,
+                                                 templateCount, &SharedSecret->objectID);
+            pk11_ExitKeyMonitor(SharedSecret);
+
+            if (crv != CKR_OK) {
+                /* old PKCS #11 spec was ambiguous on what needed to be passed,
+                 * try this one final time with an encoded public key */
+                mechParams->ulPublicDataLen = pubValue->len;
+                mechParams->pPublicData = pubValue->data;
+
+                pk11_EnterKeyMonitor(SharedSecret);
+                crv = PK11_GETTAB(slot)->C_DeriveKey(SharedSecret->session,
+                                                     &mechanism, privKey->pkcs11ID, keyTemplate,
+                                                     templateCount, &SharedSecret->objectID);
+                pk11_ExitKeyMonitor(SharedSecret);
+            }
+
+            /* Perform KDF. */
+            if (crv == CKR_OK) {
+                symKey = pk11_ANSIX963Derive(SharedSecret, kdf,
+                                             sharedData, target, operation,
+                                             derivedKeySize);
+                PK11_FreeSymKey(SharedSecret);
+                if (symKey == NULL) {
+                    SECITEM_FreeItem(pubValue, PR_TRUE);
+                    PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
+                    return NULL;
+                }
+            }
+        }
+        SECITEM_FreeItem(pubValue, PR_TRUE);
+    }
+
+loser:
+    PORT_ZFree(mechParams, sizeof(CK_ECDH1_DERIVE_PARAMS));
+
+    if (crv != CKR_OK) {
+        PK11_FreeSymKey(symKey);
+        symKey = NULL;
+        PORT_SetError(PK11_MapError(crv));
+    }
+    return symKey;
+}
+
+PK11SymKey *
+PK11_PubDeriveWithKDF(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
+                      PRBool isSender, SECItem *randomA, SECItem *randomB,
+                      CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
+                      CK_ATTRIBUTE_TYPE operation, int keySize,
+                      CK_ULONG kdf, SECItem *sharedData, void *wincx)
+{
+
+    switch (privKey->keyType) {
+        case rsaKey:
+        case nullKey:
+        case dsaKey:
+        case keaKey:
+        case fortezzaKey:
+        case dhKey:
+            return PK11_PubDerive(privKey, pubKey, isSender, randomA, randomB,
+                                  derive, target, operation, keySize, wincx);
+        case ecKey:
+            return pk11_PubDeriveECKeyWithKDF(privKey, pubKey, isSender,
+                                              randomA, randomB, derive, target,
+                                              operation, keySize,
+                                              kdf, sharedData, wincx);
+        default:
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            break;
+    }
+
+    return NULL;
+}
+
+/*
+ * this little function uses the Decrypt function to unwrap a key, just in
+ * case we are having problem with unwrap. NOTE: The key size may
+ * not be preserved properly for some algorithms!
+ */
+static PK11SymKey *
+pk11_HandUnwrap(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
+                CK_MECHANISM *mech, SECItem *inKey, CK_MECHANISM_TYPE target,
+                CK_ATTRIBUTE *keyTemplate, unsigned int templateCount,
+                int key_size, void *wincx, CK_RV *crvp, PRBool isPerm)
+{
+    CK_ULONG len;
+    SECItem outKey;
+    PK11SymKey *symKey;
+    CK_RV crv;
+    PRBool owner = PR_TRUE;
+    CK_SESSION_HANDLE session;
+
+    /* remove any VALUE_LEN parameters */
+    if (keyTemplate[templateCount - 1].type == CKA_VALUE_LEN) {
+        templateCount--;
+    }
+
+    /* keys are almost always aligned, but if we get this far,
+     * we've gone above and beyond anyway... */
+    outKey.data = (unsigned char *)PORT_Alloc(inKey->len);
+    if (outKey.data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        if (crvp)
+            *crvp = CKR_HOST_MEMORY;
+        return NULL;
+    }
+    len = inKey->len;
+
+    /* use NULL IV's for wrapping */
+    session = pk11_GetNewSession(slot, &owner);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_DecryptInit(session, mech, wrappingKey);
+    if (crv != CKR_OK) {
+        if (!owner || !(slot->isThreadSafe))
+            PK11_ExitSlotMonitor(slot);
+        pk11_CloseSession(slot, session, owner);
+        PORT_Free(outKey.data);
+        PORT_SetError(PK11_MapError(crv));
+        if (crvp)
+            *crvp = crv;
+        return NULL;
+    }
+    crv = PK11_GETTAB(slot)->C_Decrypt(session, inKey->data, inKey->len,
+                                       outKey.data, &len);
+    if (!owner || !(slot->isThreadSafe))
+        PK11_ExitSlotMonitor(slot);
+    pk11_CloseSession(slot, session, owner);
+    if (crv != CKR_OK) {
+        PORT_Free(outKey.data);
+        PORT_SetError(PK11_MapError(crv));
+        if (crvp)
+            *crvp = crv;
+        return NULL;
+    }
+
+    outKey.len = (key_size == 0) ? len : key_size;
+    outKey.type = siBuffer;
+
+    if (PK11_DoesMechanism(slot, target)) {
+        symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
+                                            isPerm, keyTemplate,
+                                            templateCount, &outKey, wincx);
+    } else {
+        slot = PK11_GetBestSlot(target, wincx);
+        if (slot == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MODULE);
+            PORT_Free(outKey.data);
+            if (crvp)
+                *crvp = CKR_DEVICE_ERROR;
+            return NULL;
+        }
+        symKey = pk11_ImportSymKeyWithTempl(slot, target, PK11_OriginUnwrap,
+                                            isPerm, keyTemplate,
+                                            templateCount, &outKey, wincx);
+        PK11_FreeSlot(slot);
+    }
+    PORT_Free(outKey.data);
+
+    if (crvp)
+        *crvp = symKey ? CKR_OK : CKR_DEVICE_ERROR;
+    return symKey;
+}
+
+/*
+ * The wrap/unwrap function is pretty much the same for private and
+ * public keys. It's just getting the Object ID and slot right. This is
+ * the combined unwrap function.
+ */
+static PK11SymKey *
+pk11_AnyUnwrapKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE wrappingKey,
+                  CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey,
+                  CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
+                  void *wincx, CK_ATTRIBUTE *userAttr, unsigned int numAttrs, PRBool isPerm)
+{
+    PK11SymKey *symKey;
+    SECItem *param_free = NULL;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_ULONG valueLen = 0;
+    CK_MECHANISM mechanism;
+    CK_SESSION_HANDLE rwsession;
+    CK_RV crv;
+    CK_MECHANISM_INFO mechanism_info;
+#define MAX_ADD_ATTRS 4
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS + MAX_ADD_ATTRS];
+#undef MAX_ADD_ATTRS
+    CK_ATTRIBUTE *attrs = keyTemplate;
+    unsigned int templateCount;
+
+    if (numAttrs > MAX_TEMPL_ATTRS) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /* first copy caller attributes in. */
+    for (templateCount = 0; templateCount < numAttrs; ++templateCount) {
+        *attrs++ = *userAttr++;
+    }
+
+    /* We only add the following attributes to the template if the caller
+    ** didn't already supply them.
+    */
+    if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_CLASS)) {
+        PK11_SETATTRS(attrs, CKA_CLASS, &keyClass, sizeof keyClass);
+        attrs++;
+    }
+    if (!pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_KEY_TYPE)) {
+        keyType = PK11_GetKeyType(target, keySize);
+        PK11_SETATTRS(attrs, CKA_KEY_TYPE, &keyType, sizeof keyType);
+        attrs++;
+    }
+    if ((operation != CKA_FLAGS_ONLY) &&
+        !pk11_FindAttrInTemplate(keyTemplate, numAttrs, operation)) {
+        PK11_SETATTRS(attrs, operation, &cktrue, 1);
+        attrs++;
+    }
+
+    /*
+     * must be last in case we need to use this template to import the key
+     */
+    if (keySize > 0 &&
+        !pk11_FindAttrInTemplate(keyTemplate, numAttrs, CKA_VALUE_LEN)) {
+        valueLen = (CK_ULONG)keySize;
+        PK11_SETATTRS(attrs, CKA_VALUE_LEN, &valueLen, sizeof valueLen);
+        attrs++;
+    }
+
+    templateCount = attrs - keyTemplate;
+    PR_ASSERT(templateCount <= sizeof(keyTemplate) / sizeof(CK_ATTRIBUTE));
+
+    /* find out if we can do wrap directly. Because the RSA case if *very*
+     * common, cache the results for it. */
+    if ((wrapType == CKM_RSA_PKCS) && (slot->hasRSAInfo)) {
+        mechanism_info.flags = slot->RSAInfoFlags;
+    } else {
+        if (!slot->isThreadSafe)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, wrapType,
+                                                    &mechanism_info);
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        if (crv != CKR_OK) {
+            mechanism_info.flags = 0;
+        }
+        if (wrapType == CKM_RSA_PKCS) {
+            slot->RSAInfoFlags = mechanism_info.flags;
+            slot->hasRSAInfo = PR_TRUE;
+        }
+    }
+
+    /* initialize the mechanism structure */
+    mechanism.mechanism = wrapType;
+    /* use NULL IV's for wrapping */
+    if (param == NULL)
+        param = param_free = PK11_ParamFromIV(wrapType, NULL);
+    if (param) {
+        mechanism.pParameter = param->data;
+        mechanism.ulParameterLen = param->len;
+    } else {
+        mechanism.pParameter = NULL;
+        mechanism.ulParameterLen = 0;
+    }
+
+    if ((mechanism_info.flags & CKF_DECRYPT) && !PK11_DoesMechanism(slot, target)) {
+        symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
+                                 target, keyTemplate, templateCount, keySize,
+                                 wincx, &crv, isPerm);
+        if (symKey) {
+            if (param_free)
+                SECITEM_FreeItem(param_free, PR_TRUE);
+            return symKey;
+        }
+        /*
+         * if the RSA OP simply failed, don't try to unwrap again
+         * with this module.
+         */
+        if (crv == CKR_DEVICE_ERROR) {
+            if (param_free)
+                SECITEM_FreeItem(param_free, PR_TRUE);
+            return NULL;
+        }
+        /* fall through, maybe they incorrectly set CKF_DECRYPT */
+    }
+
+    /* get our key Structure */
+    symKey = pk11_CreateSymKey(slot, target, !isPerm, PR_TRUE, wincx);
+    if (symKey == NULL) {
+        if (param_free)
+            SECITEM_FreeItem(param_free, PR_TRUE);
+        return NULL;
+    }
+
+    symKey->size = keySize;
+    symKey->origin = PK11_OriginUnwrap;
+
+    if (isPerm) {
+        rwsession = PK11_GetRWSession(slot);
+    } else {
+        pk11_EnterKeyMonitor(symKey);
+        rwsession = symKey->session;
+    }
+    PORT_Assert(rwsession != CK_INVALID_SESSION);
+    if (rwsession == CK_INVALID_SESSION)
+        crv = CKR_SESSION_HANDLE_INVALID;
+    else
+        crv = PK11_GETTAB(slot)->C_UnwrapKey(rwsession, &mechanism, wrappingKey,
+                                             wrappedKey->data, wrappedKey->len,
+                                             keyTemplate, templateCount,
+                                             &symKey->objectID);
+    if (isPerm) {
+        if (rwsession != CK_INVALID_SESSION)
+            PK11_RestoreROSession(slot, rwsession);
+    } else {
+        pk11_ExitKeyMonitor(symKey);
+    }
+    if (param_free)
+        SECITEM_FreeItem(param_free, PR_TRUE);
+    if (crv != CKR_OK) {
+        PK11_FreeSymKey(symKey);
+        symKey = NULL;
+        if (crv != CKR_DEVICE_ERROR) {
+            /* try hand Unwrapping */
+            symKey = pk11_HandUnwrap(slot, wrappingKey, &mechanism, wrappedKey,
+                                     target, keyTemplate, templateCount,
+                                     keySize, wincx, NULL, isPerm);
+        }
+    }
+
+    return symKey;
+}
+
+/* use a symetric key to unwrap another symetric key */
+PK11SymKey *
+PK11_UnwrapSymKey(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
+                  SECItem *param, SECItem *wrappedKey,
+                  CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                  int keySize)
+{
+    return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
+                             wrapType, param, wrappedKey, target, operation, keySize,
+                             wrappingKey->cx, NULL, 0, PR_FALSE);
+}
+
+/* use a symetric key to unwrap another symetric key */
+PK11SymKey *
+PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
+                           SECItem *param, SECItem *wrappedKey,
+                           CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                           int keySize, CK_FLAGS flags)
+{
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
+    unsigned int templateCount;
+
+    templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
+    return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
+                             wrapType, param, wrappedKey, target, operation, keySize,
+                             wrappingKey->cx, keyTemplate, templateCount, PR_FALSE);
+}
+
+PK11SymKey *
+PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey,
+                               CK_MECHANISM_TYPE wrapType,
+                               SECItem *param, SECItem *wrappedKey,
+                               CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
+                               int keySize, CK_FLAGS flags, PRBool isPerm)
+{
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
+    CK_ATTRIBUTE *attrs;
+    unsigned int templateCount;
+
+    attrs = keyTemplate;
+    if (isPerm) {
+        PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
+        attrs++;
+    }
+    templateCount = attrs - keyTemplate;
+    templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
+
+    return pk11_AnyUnwrapKey(wrappingKey->slot, wrappingKey->objectID,
+                             wrapType, param, wrappedKey, target, operation, keySize,
+                             wrappingKey->cx, keyTemplate, templateCount, isPerm);
+}
+
+/* unwrap a symetric key with a private key. */
+PK11SymKey *
+PK11_PubUnwrapSymKey(SECKEYPrivateKey *wrappingKey, SECItem *wrappedKey,
+                     CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize)
+{
+    CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
+    PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
+
+    if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)) {
+        PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
+    }
+
+    return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
+                             wrapType, NULL, wrappedKey, target, operation, keySize,
+                             wrappingKey->wincx, NULL, 0, PR_FALSE);
+}
+
+/* unwrap a symetric key with a private key. */
+PK11SymKey *
+PK11_PubUnwrapSymKeyWithFlags(SECKEYPrivateKey *wrappingKey,
+                              SECItem *wrappedKey, CK_MECHANISM_TYPE target,
+                              CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags)
+{
+    CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
+    CK_BBOOL ckTrue = CK_TRUE;
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
+    unsigned int templateCount;
+    PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
+
+    templateCount = pk11_OpFlagsToAttributes(flags, keyTemplate, &ckTrue);
+
+    if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)) {
+        PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
+    }
+
+    return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
+                             wrapType, NULL, wrappedKey, target, operation, keySize,
+                             wrappingKey->wincx, keyTemplate, templateCount, PR_FALSE);
+}
+
+PK11SymKey *
+PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
+                                  SECItem *wrappedKey, CK_MECHANISM_TYPE target,
+                                  CK_ATTRIBUTE_TYPE operation, int keySize,
+                                  CK_FLAGS flags, PRBool isPerm)
+{
+    CK_MECHANISM_TYPE wrapType = pk11_mapWrapKeyType(wrappingKey->keyType);
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_ATTRIBUTE keyTemplate[MAX_TEMPL_ATTRS];
+    CK_ATTRIBUTE *attrs;
+    unsigned int templateCount;
+    PK11SlotInfo *slot = wrappingKey->pkcs11Slot;
+
+    attrs = keyTemplate;
+    if (isPerm) {
+        PK11_SETATTRS(attrs, CKA_TOKEN, &cktrue, sizeof(CK_BBOOL));
+        attrs++;
+    }
+    templateCount = attrs - keyTemplate;
+
+    templateCount += pk11_OpFlagsToAttributes(flags, attrs, &cktrue);
+
+    if (SECKEY_HAS_ATTRIBUTE_SET(wrappingKey, CKA_PRIVATE)) {
+        PK11_HandlePasswordCheck(slot, wrappingKey->wincx);
+    }
+
+    return pk11_AnyUnwrapKey(slot, wrappingKey->pkcs11ID,
+                             wrapType, NULL, wrappedKey, target, operation, keySize,
+                             wrappingKey->wincx, keyTemplate, templateCount, isPerm);
+}
+
+PK11SymKey *
+PK11_CopySymKeyForSigning(PK11SymKey *originalKey, CK_MECHANISM_TYPE mech)
+{
+    CK_RV crv;
+    CK_ATTRIBUTE setTemplate;
+    CK_BBOOL ckTrue = CK_TRUE;
+    PK11SlotInfo *slot = originalKey->slot;
+
+    /* first just try to set this key up for signing */
+    PK11_SETATTRS(&setTemplate, CKA_SIGN, &ckTrue, sizeof(ckTrue));
+    pk11_EnterKeyMonitor(originalKey);
+    crv = PK11_GETTAB(slot)->C_SetAttributeValue(originalKey->session,
+                                                 originalKey->objectID, &setTemplate, 1);
+    pk11_ExitKeyMonitor(originalKey);
+    if (crv == CKR_OK) {
+        return PK11_ReferenceSymKey(originalKey);
+    }
+
+    /* nope, doesn't like it, use the pk11 copy object command */
+    return pk11_CopyToSlot(slot, mech, CKA_SIGN, originalKey);
+}
+
+void
+PK11_SetFortezzaHack(PK11SymKey *symKey)
+{
+    symKey->origin = PK11_OriginFortezzaHack;
+}
+
+/*
+ * This is required to allow FORTEZZA_NULL and FORTEZZA_RC4
+ * working. This function simply gets a valid IV for the keys.
+ */
+SECStatus
+PK11_GenerateFortezzaIV(PK11SymKey *symKey, unsigned char *iv, int len)
+{
+    CK_MECHANISM mech_info;
+    CK_ULONG count = 0;
+    CK_RV crv;
+    SECStatus rv = SECFailure;
+
+    mech_info.mechanism = CKM_SKIPJACK_CBC64;
+    mech_info.pParameter = iv;
+    mech_info.ulParameterLen = len;
+
+    /* generate the IV for fortezza */
+    PK11_EnterSlotMonitor(symKey->slot);
+    crv = PK11_GETTAB(symKey->slot)->C_EncryptInit(symKey->slot->session, &mech_info, symKey->objectID);
+    if (crv == CKR_OK) {
+        PK11_GETTAB(symKey->slot)->C_EncryptFinal(symKey->slot->session, NULL, &count);
+        rv = SECSuccess;
+    }
+    PK11_ExitSlotMonitor(symKey->slot);
+    return rv;
+}
+
+CK_OBJECT_HANDLE
+PK11_GetSymKeyHandle(PK11SymKey *symKey)
+{
+    return symKey->objectID;
+}
diff --git a/nss/lib/pk11wrap/pk11slot.c b/nss/lib/pk11wrap/pk11slot.c
new file mode 100644
index 0000000..c66ae27
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11slot.c
@@ -0,0 +1,2484 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Deal with PKCS #11 Slots.
+ */
+#include "seccomon.h"
+#include "secmod.h"
+#include "nssilock.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pkcs11t.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "secerr.h"
+
+#include "dev.h"
+#include "dev3hack.h"
+#include "pkim.h"
+#include "utilpars.h"
+
+/*************************************************************
+ * local static and global data
+ *************************************************************/
+
+/*
+ * This array helps parsing between names, mechanisms, and flags.
+ * to make the config files understand more entries, add them
+ * to this table.
+ */
+const PK11DefaultArrayEntry PK11_DefaultArray[] = {
+    { "RSA", SECMOD_RSA_FLAG, CKM_RSA_PKCS },
+    { "DSA", SECMOD_DSA_FLAG, CKM_DSA },
+    { "ECC", SECMOD_ECC_FLAG, CKM_ECDSA },
+    { "DH", SECMOD_DH_FLAG, CKM_DH_PKCS_DERIVE },
+    { "RC2", SECMOD_RC2_FLAG, CKM_RC2_CBC },
+    { "RC4", SECMOD_RC4_FLAG, CKM_RC4 },
+    { "DES", SECMOD_DES_FLAG, CKM_DES_CBC },
+    { "AES", SECMOD_AES_FLAG, CKM_AES_CBC },
+    { "Camellia", SECMOD_CAMELLIA_FLAG, CKM_CAMELLIA_CBC },
+    { "SEED", SECMOD_SEED_FLAG, CKM_SEED_CBC },
+    { "RC5", SECMOD_RC5_FLAG, CKM_RC5_CBC },
+    { "SHA-1", SECMOD_SHA1_FLAG, CKM_SHA_1 },
+    /*  { "SHA224", SECMOD_SHA256_FLAG, CKM_SHA224 }, */
+    { "SHA256", SECMOD_SHA256_FLAG, CKM_SHA256 },
+    /*  { "SHA384", SECMOD_SHA512_FLAG, CKM_SHA384 }, */
+    { "SHA512", SECMOD_SHA512_FLAG, CKM_SHA512 },
+    { "MD5", SECMOD_MD5_FLAG, CKM_MD5 },
+    { "MD2", SECMOD_MD2_FLAG, CKM_MD2 },
+    { "SSL", SECMOD_SSL_FLAG, CKM_SSL3_PRE_MASTER_KEY_GEN },
+    { "TLS", SECMOD_TLS_FLAG, CKM_TLS_MASTER_KEY_DERIVE },
+    { "SKIPJACK", SECMOD_FORTEZZA_FLAG, CKM_SKIPJACK_CBC64 },
+    { "Publicly-readable certs", SECMOD_FRIENDLY_FLAG, CKM_INVALID_MECHANISM },
+    { "Random Num Generator", SECMOD_RANDOM_FLAG, CKM_FAKE_RANDOM },
+};
+const int num_pk11_default_mechanisms =
+    sizeof(PK11_DefaultArray) / sizeof(PK11_DefaultArray[0]);
+
+const PK11DefaultArrayEntry *
+PK11_GetDefaultArray(int *size)
+{
+    if (size) {
+        *size = num_pk11_default_mechanisms;
+    }
+    return PK11_DefaultArray;
+}
+
+/*
+ * These  slotlists are lists of modules which provide default support for
+ *  a given algorithm or mechanism.
+ */
+static PK11SlotList
+    pk11_seedSlotList,
+    pk11_camelliaSlotList,
+    pk11_aesSlotList,
+    pk11_desSlotList,
+    pk11_rc4SlotList,
+    pk11_rc2SlotList,
+    pk11_rc5SlotList,
+    pk11_sha1SlotList,
+    pk11_md5SlotList,
+    pk11_md2SlotList,
+    pk11_rsaSlotList,
+    pk11_dsaSlotList,
+    pk11_dhSlotList,
+    pk11_ecSlotList,
+    pk11_ideaSlotList,
+    pk11_sslSlotList,
+    pk11_tlsSlotList,
+    pk11_randomSlotList,
+    pk11_sha256SlotList,
+    pk11_sha512SlotList; /* slots do SHA512 and SHA384 */
+
+/************************************************************
+ * Generic Slot List and Slot List element manipulations
+ ************************************************************/
+
+/*
+ * allocate a new list
+ */
+PK11SlotList *
+PK11_NewSlotList(void)
+{
+    PK11SlotList *list;
+
+    list = (PK11SlotList *)PORT_Alloc(sizeof(PK11SlotList));
+    if (list == NULL)
+        return NULL;
+    list->head = NULL;
+    list->tail = NULL;
+    list->lock = PZ_NewLock(nssILockList);
+    if (list->lock == NULL) {
+        PORT_Free(list);
+        return NULL;
+    }
+
+    return list;
+}
+
+/*
+ * free a list element when all the references go away.
+ */
+SECStatus
+PK11_FreeSlotListElement(PK11SlotList *list, PK11SlotListElement *le)
+{
+    PRBool freeit = PR_FALSE;
+
+    if (list == NULL || le == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    PZ_Lock(list->lock);
+    if (le->refCount-- == 1) {
+        freeit = PR_TRUE;
+    }
+    PZ_Unlock(list->lock);
+    if (freeit) {
+        PK11_FreeSlot(le->slot);
+        PORT_Free(le);
+    }
+    return SECSuccess;
+}
+
+static void
+pk11_FreeSlotListStatic(PK11SlotList *list)
+{
+    PK11SlotListElement *le, *next;
+    if (list == NULL)
+        return;
+
+    for (le = list->head; le; le = next) {
+        next = le->next;
+        PK11_FreeSlotListElement(list, le);
+    }
+    if (list->lock) {
+        PZ_DestroyLock(list->lock);
+    }
+    list->lock = NULL;
+    list->head = NULL;
+}
+
+/*
+ * if we are freeing the list, we must be the only ones with a pointer
+ * to the list.
+ */
+void
+PK11_FreeSlotList(PK11SlotList *list)
+{
+    pk11_FreeSlotListStatic(list);
+    PORT_Free(list);
+}
+
+/*
+ * add a slot to a list
+ * "slot" is the slot to be added. Ownership is not transferred.
+ * "sorted" indicates whether or not the slot should be inserted according to
+ *   cipherOrder of the associated module. PR_FALSE indicates that the slot
+ *   should be inserted to the head of the list.
+ */
+SECStatus
+PK11_AddSlotToList(PK11SlotList *list, PK11SlotInfo *slot, PRBool sorted)
+{
+    PK11SlotListElement *le;
+    PK11SlotListElement *element;
+
+    le = (PK11SlotListElement *)PORT_Alloc(sizeof(PK11SlotListElement));
+    if (le == NULL)
+        return SECFailure;
+
+    le->slot = PK11_ReferenceSlot(slot);
+    le->prev = NULL;
+    le->refCount = 1;
+    PZ_Lock(list->lock);
+    element = list->head;
+    /* Insertion sort, with higher cipherOrders are sorted first in the list */
+    while (element && sorted && (element->slot->module->cipherOrder >
+                                 le->slot->module->cipherOrder)) {
+        element = element->next;
+    }
+    if (element) {
+        le->prev = element->prev;
+        element->prev = le;
+        le->next = element;
+    } else {
+        le->prev = list->tail;
+        le->next = NULL;
+        list->tail = le;
+    }
+    if (le->prev)
+        le->prev->next = le;
+    if (list->head == element)
+        list->head = le;
+    PZ_Unlock(list->lock);
+
+    return SECSuccess;
+}
+
+/*
+ * remove a slot entry from the list
+ */
+SECStatus
+PK11_DeleteSlotFromList(PK11SlotList *list, PK11SlotListElement *le)
+{
+    PZ_Lock(list->lock);
+    if (le->prev)
+        le->prev->next = le->next;
+    else
+        list->head = le->next;
+    if (le->next)
+        le->next->prev = le->prev;
+    else
+        list->tail = le->prev;
+    le->next = le->prev = NULL;
+    PZ_Unlock(list->lock);
+    PK11_FreeSlotListElement(list, le);
+    return SECSuccess;
+}
+
+/*
+ * Move a list to the end of the target list.
+ * NOTE: There is no locking here... This assumes BOTH lists are private copy
+ * lists. It also does not re-sort the target list.
+ */
+SECStatus
+pk11_MoveListToList(PK11SlotList *target, PK11SlotList *src)
+{
+    if (src->head == NULL)
+        return SECSuccess;
+
+    if (target->tail == NULL) {
+        target->head = src->head;
+    } else {
+        target->tail->next = src->head;
+    }
+    src->head->prev = target->tail;
+    target->tail = src->tail;
+    src->head = src->tail = NULL;
+    return SECSuccess;
+}
+
+/*
+ * get an element from the list with a reference. You must own the list.
+ */
+PK11SlotListElement *
+PK11_GetFirstRef(PK11SlotList *list)
+{
+    PK11SlotListElement *le;
+
+    le = list->head;
+    if (le != NULL)
+        (le)->refCount++;
+    return le;
+}
+
+/*
+ * get the next element from the list with a reference. You must own the list.
+ */
+PK11SlotListElement *
+PK11_GetNextRef(PK11SlotList *list, PK11SlotListElement *le, PRBool restart)
+{
+    PK11SlotListElement *new_le;
+    new_le = le->next;
+    if (new_le)
+        new_le->refCount++;
+    PK11_FreeSlotListElement(list, le);
+    return new_le;
+}
+
+/*
+ * get an element safely from the list. This just makes sure that if
+ * this element is not deleted while we deal with it.
+ */
+PK11SlotListElement *
+PK11_GetFirstSafe(PK11SlotList *list)
+{
+    PK11SlotListElement *le;
+
+    PZ_Lock(list->lock);
+    le = list->head;
+    if (le != NULL)
+        (le)->refCount++;
+    PZ_Unlock(list->lock);
+    return le;
+}
+
+/*
+ * NOTE: if this element gets deleted, we can no longer safely traverse using
+ * it's pointers. We can either terminate the loop, or restart from the
+ * beginning. This is controlled by the restart option.
+ */
+PK11SlotListElement *
+PK11_GetNextSafe(PK11SlotList *list, PK11SlotListElement *le, PRBool restart)
+{
+    PK11SlotListElement *new_le;
+    PZ_Lock(list->lock);
+    new_le = le->next;
+    if (le->next == NULL) {
+        /* if the prev and next fields are NULL then either this element
+         * has been removed and we need to walk the list again (if restart
+         * is true) or this was the only element on the list */
+        if ((le->prev == NULL) && restart && (list->head != le)) {
+            new_le = list->head;
+        }
+    }
+    if (new_le)
+        new_le->refCount++;
+    PZ_Unlock(list->lock);
+    PK11_FreeSlotListElement(list, le);
+    return new_le;
+}
+
+/*
+ * Find the element that holds this slot
+ */
+PK11SlotListElement *
+PK11_FindSlotElement(PK11SlotList *list, PK11SlotInfo *slot)
+{
+    PK11SlotListElement *le;
+
+    for (le = PK11_GetFirstSafe(list); le;
+         le = PK11_GetNextSafe(list, le, PR_TRUE)) {
+        if (le->slot == slot)
+            return le;
+    }
+    return NULL;
+}
+
+/************************************************************
+ * Generic Slot Utilities
+ ************************************************************/
+/*
+ * Create a new slot structure
+ */
+PK11SlotInfo *
+PK11_NewSlotInfo(SECMODModule *mod)
+{
+    PK11SlotInfo *slot;
+
+    slot = (PK11SlotInfo *)PORT_Alloc(sizeof(PK11SlotInfo));
+    if (slot == NULL)
+        return slot;
+
+    slot->sessionLock = mod->isThreadSafe ? PZ_NewLock(nssILockSession) : mod->refLock;
+    if (slot->sessionLock == NULL) {
+        PORT_Free(slot);
+        return NULL;
+    }
+    slot->freeListLock = PZ_NewLock(nssILockFreelist);
+    if (slot->freeListLock == NULL) {
+        if (mod->isThreadSafe) {
+            PZ_DestroyLock(slot->sessionLock);
+        }
+        PORT_Free(slot);
+        return NULL;
+    }
+    slot->freeSymKeysWithSessionHead = NULL;
+    slot->freeSymKeysHead = NULL;
+    slot->keyCount = 0;
+    slot->maxKeyCount = 0;
+    slot->functionList = NULL;
+    slot->needTest = PR_TRUE;
+    slot->isPerm = PR_FALSE;
+    slot->isHW = PR_FALSE;
+    slot->isInternal = PR_FALSE;
+    slot->isThreadSafe = PR_FALSE;
+    slot->disabled = PR_FALSE;
+    slot->series = 1;
+    slot->wrapKey = 0;
+    slot->wrapMechanism = CKM_INVALID_MECHANISM;
+    slot->refKeys[0] = CK_INVALID_HANDLE;
+    slot->reason = PK11_DIS_NONE;
+    slot->readOnly = PR_TRUE;
+    slot->needLogin = PR_FALSE;
+    slot->hasRandom = PR_FALSE;
+    slot->defRWSession = PR_FALSE;
+    slot->protectedAuthPath = PR_FALSE;
+    slot->flags = 0;
+    slot->session = CK_INVALID_SESSION;
+    slot->slotID = 0;
+    slot->defaultFlags = 0;
+    slot->refCount = 1;
+    slot->askpw = 0;
+    slot->timeout = 0;
+    slot->mechanismList = NULL;
+    slot->mechanismCount = 0;
+    slot->cert_array = NULL;
+    slot->cert_count = 0;
+    slot->slot_name[0] = 0;
+    slot->token_name[0] = 0;
+    PORT_Memset(slot->serial, ' ', sizeof(slot->serial));
+    slot->module = NULL;
+    slot->authTransact = 0;
+    slot->authTime = LL_ZERO;
+    slot->minPassword = 0;
+    slot->maxPassword = 0;
+    slot->hasRootCerts = PR_FALSE;
+    slot->hasRootTrust = PR_FALSE;
+    slot->nssToken = NULL;
+    return slot;
+}
+
+/* create a new reference to a slot so it doesn't go away */
+PK11SlotInfo *
+PK11_ReferenceSlot(PK11SlotInfo *slot)
+{
+    PR_ATOMIC_INCREMENT(&slot->refCount);
+    return slot;
+}
+
+/* Destroy all info on a slot we have built up */
+void
+PK11_DestroySlot(PK11SlotInfo *slot)
+{
+    /* free up the cached keys and sessions */
+    PK11_CleanKeyList(slot);
+
+    /* free up all the sessions on this slot */
+    if (slot->functionList) {
+        PK11_GETTAB(slot)
+            ->C_CloseAllSessions(slot->slotID);
+    }
+
+    if (slot->mechanismList) {
+        PORT_Free(slot->mechanismList);
+    }
+    if (slot->isThreadSafe && slot->sessionLock) {
+        PZ_DestroyLock(slot->sessionLock);
+    }
+    slot->sessionLock = NULL;
+    if (slot->freeListLock) {
+        PZ_DestroyLock(slot->freeListLock);
+        slot->freeListLock = NULL;
+    }
+
+    /* finally Tell our parent module that we've gone away so it can unload */
+    if (slot->module) {
+        SECMOD_SlotDestroyModule(slot->module, PR_TRUE);
+    }
+
+    /* ok, well not quit finally... now we free the memory */
+    PORT_Free(slot);
+}
+
+/* We're all done with the slot, free it */
+void
+PK11_FreeSlot(PK11SlotInfo *slot)
+{
+    if (PR_ATOMIC_DECREMENT(&slot->refCount) == 0) {
+        PK11_DestroySlot(slot);
+    }
+}
+
+void
+PK11_EnterSlotMonitor(PK11SlotInfo *slot)
+{
+    PZ_Lock(slot->sessionLock);
+}
+
+void
+PK11_ExitSlotMonitor(PK11SlotInfo *slot)
+{
+    PZ_Unlock(slot->sessionLock);
+}
+
+/***********************************************************
+ * Functions to find specific slots.
+ ***********************************************************/
+PRBool
+SECMOD_HasRootCerts(void)
+{
+    SECMODModuleList *mlp;
+    SECMODModuleList *modules;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+    int i;
+    PRBool found = PR_FALSE;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return found;
+    }
+
+    /* work through all the slots */
+    SECMOD_GetReadLock(moduleLock);
+    modules = SECMOD_GetDefaultModuleList();
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            PK11SlotInfo *tmpSlot = mlp->module->slots[i];
+            if (PK11_IsPresent(tmpSlot)) {
+                if (tmpSlot->hasRootCerts) {
+                    found = PR_TRUE;
+                    break;
+                }
+            }
+        }
+        if (found)
+            break;
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    return found;
+}
+
+/***********************************************************
+ * Functions to find specific slots.
+ ***********************************************************/
+PK11SlotList *
+PK11_FindSlotsByNames(const char *dllName, const char *slotName,
+                      const char *tokenName, PRBool presentOnly)
+{
+    SECMODModuleList *mlp;
+    SECMODModuleList *modules;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+    int i;
+    PK11SlotList *slotList = NULL;
+    PRUint32 slotcount = 0;
+    SECStatus rv = SECSuccess;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return slotList;
+    }
+
+    slotList = PK11_NewSlotList();
+    if (!slotList) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return slotList;
+    }
+
+    if (((NULL == dllName) || (0 == *dllName)) &&
+        ((NULL == slotName) || (0 == *slotName)) &&
+        ((NULL == tokenName) || (0 == *tokenName))) {
+        /* default to softoken */
+        /* PK11_GetInternalKeySlot increments the refcount on the internal slot,
+         * but so does PK11_AddSlotToList. To avoid erroneously increasing the
+         * refcount twice, we get our own reference to the internal slot and
+         * decrement its refcount when we're done with it. */
+        PK11SlotInfo *internalKeySlot = PK11_GetInternalKeySlot();
+        PK11_AddSlotToList(slotList, internalKeySlot, PR_TRUE);
+        PK11_FreeSlot(internalKeySlot);
+        return slotList;
+    }
+
+    /* work through all the slots */
+    SECMOD_GetReadLock(moduleLock);
+    modules = SECMOD_GetDefaultModuleList();
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        PORT_Assert(mlp->module);
+        if (!mlp->module) {
+            rv = SECFailure;
+            break;
+        }
+        if ((!dllName) || (mlp->module->dllName &&
+                           (0 == PORT_Strcmp(mlp->module->dllName, dllName)))) {
+            for (i = 0; i < mlp->module->slotCount; i++) {
+                PK11SlotInfo *tmpSlot = (mlp->module->slots ? mlp->module->slots[i] : NULL);
+                PORT_Assert(tmpSlot);
+                if (!tmpSlot) {
+                    rv = SECFailure;
+                    break;
+                }
+                if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) &&
+                    ((!tokenName) ||
+                     (0 == PORT_Strcmp(tmpSlot->token_name, tokenName))) &&
+                    ((!slotName) ||
+                     (0 == PORT_Strcmp(tmpSlot->slot_name, slotName)))) {
+                    PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE);
+                    slotcount++;
+                }
+            }
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    if ((0 == slotcount) || (SECFailure == rv)) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        PK11_FreeSlotList(slotList);
+        slotList = NULL;
+    }
+
+    if (SECFailure == rv) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    }
+
+    return slotList;
+}
+
+PK11SlotInfo *
+PK11_FindSlotByName(const char *name)
+{
+    SECMODModuleList *mlp;
+    SECMODModuleList *modules;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+    int i;
+    PK11SlotInfo *slot = NULL;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return slot;
+    }
+    if ((name == NULL) || (*name == 0)) {
+        return PK11_GetInternalKeySlot();
+    }
+
+    /* work through all the slots */
+    SECMOD_GetReadLock(moduleLock);
+    modules = SECMOD_GetDefaultModuleList();
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            PK11SlotInfo *tmpSlot = mlp->module->slots[i];
+            if (PK11_IsPresent(tmpSlot)) {
+                if (PORT_Strcmp(tmpSlot->token_name, name) == 0) {
+                    slot = PK11_ReferenceSlot(tmpSlot);
+                    break;
+                }
+            }
+        }
+        if (slot != NULL)
+            break;
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+    }
+
+    return slot;
+}
+
+PK11SlotInfo *
+PK11_FindSlotBySerial(char *serial)
+{
+    SECMODModuleList *mlp;
+    SECMODModuleList *modules;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+    int i;
+    PK11SlotInfo *slot = NULL;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return slot;
+    }
+    /* work through all the slots */
+    SECMOD_GetReadLock(moduleLock);
+    modules = SECMOD_GetDefaultModuleList();
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            PK11SlotInfo *tmpSlot = mlp->module->slots[i];
+            if (PK11_IsPresent(tmpSlot)) {
+                if (PORT_Memcmp(tmpSlot->serial, serial,
+                                sizeof(tmpSlot->serial)) == 0) {
+                    slot = PK11_ReferenceSlot(tmpSlot);
+                    break;
+                }
+            }
+        }
+        if (slot != NULL)
+            break;
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+    }
+
+    return slot;
+}
+
+/*
+ * notification stub. If we ever get interested in any events that
+ * the pkcs11 functions may pass back to use, we can catch them here...
+ * currently pdata is a slotinfo structure.
+ */
+CK_RV
+pk11_notify(CK_SESSION_HANDLE session, CK_NOTIFICATION event,
+            CK_VOID_PTR pdata)
+{
+    return CKR_OK;
+}
+
+/*
+ * grab a new RW session
+ * !!! has a side effect of grabbing the Monitor if either the slot's default
+ * session is RW or the slot is not thread safe. Monitor is release in function
+ * below
+ */
+CK_SESSION_HANDLE
+PK11_GetRWSession(PK11SlotInfo *slot)
+{
+    CK_SESSION_HANDLE rwsession;
+    CK_RV crv;
+    PRBool haveMonitor = PR_FALSE;
+
+    if (!slot->isThreadSafe || slot->defRWSession) {
+        PK11_EnterSlotMonitor(slot);
+        haveMonitor = PR_TRUE;
+    }
+    if (slot->defRWSession) {
+        PORT_Assert(slot->session != CK_INVALID_SESSION);
+        if (slot->session != CK_INVALID_SESSION)
+            return slot->session;
+    }
+
+    crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
+                                           CKF_RW_SESSION | CKF_SERIAL_SESSION,
+                                           slot, pk11_notify, &rwsession);
+    PORT_Assert(rwsession != CK_INVALID_SESSION || crv != CKR_OK);
+    if (crv != CKR_OK || rwsession == CK_INVALID_SESSION) {
+        if (crv == CKR_OK)
+            crv = CKR_DEVICE_ERROR;
+        if (haveMonitor)
+            PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return CK_INVALID_SESSION;
+    }
+    if (slot->defRWSession) { /* we have the monitor */
+        slot->session = rwsession;
+    }
+    return rwsession;
+}
+
+PRBool
+PK11_RWSessionHasLock(PK11SlotInfo *slot, CK_SESSION_HANDLE session_handle)
+{
+    PRBool hasLock;
+    hasLock = (PRBool)(!slot->isThreadSafe ||
+                       (slot->defRWSession && slot->session != CK_INVALID_SESSION));
+    return hasLock;
+}
+
+static PRBool
+pk11_RWSessionIsDefault(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
+{
+    PRBool isDefault;
+    isDefault = (PRBool)(slot->session == rwsession &&
+                         slot->defRWSession &&
+                         slot->session != CK_INVALID_SESSION);
+    return isDefault;
+}
+
+/*
+ * close the rwsession and restore our readonly session
+ * !!! has a side effect of releasing the Monitor if either the slot's default
+ * session is RW or the slot is not thread safe.
+ */
+void
+PK11_RestoreROSession(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession)
+{
+    PORT_Assert(rwsession != CK_INVALID_SESSION);
+    if (rwsession != CK_INVALID_SESSION) {
+        PRBool doExit = PK11_RWSessionHasLock(slot, rwsession);
+        if (!pk11_RWSessionIsDefault(slot, rwsession))
+            PK11_GETTAB(slot)
+                ->C_CloseSession(rwsession);
+        if (doExit)
+            PK11_ExitSlotMonitor(slot);
+    }
+}
+
+/************************************************************
+ * Manage the built-In Slot Lists
+ ************************************************************/
+
+/* Init the static built int slot list (should actually integrate
+ * with PK11_NewSlotList */
+static void
+pk11_InitSlotListStatic(PK11SlotList *list)
+{
+    list->lock = PZ_NewLock(nssILockList);
+    list->head = NULL;
+}
+
+/* initialize the system slotlists */
+SECStatus
+PK11_InitSlotLists(void)
+{
+    pk11_InitSlotListStatic(&pk11_seedSlotList);
+    pk11_InitSlotListStatic(&pk11_camelliaSlotList);
+    pk11_InitSlotListStatic(&pk11_aesSlotList);
+    pk11_InitSlotListStatic(&pk11_desSlotList);
+    pk11_InitSlotListStatic(&pk11_rc4SlotList);
+    pk11_InitSlotListStatic(&pk11_rc2SlotList);
+    pk11_InitSlotListStatic(&pk11_rc5SlotList);
+    pk11_InitSlotListStatic(&pk11_md5SlotList);
+    pk11_InitSlotListStatic(&pk11_md2SlotList);
+    pk11_InitSlotListStatic(&pk11_sha1SlotList);
+    pk11_InitSlotListStatic(&pk11_rsaSlotList);
+    pk11_InitSlotListStatic(&pk11_dsaSlotList);
+    pk11_InitSlotListStatic(&pk11_dhSlotList);
+    pk11_InitSlotListStatic(&pk11_ecSlotList);
+    pk11_InitSlotListStatic(&pk11_ideaSlotList);
+    pk11_InitSlotListStatic(&pk11_sslSlotList);
+    pk11_InitSlotListStatic(&pk11_tlsSlotList);
+    pk11_InitSlotListStatic(&pk11_randomSlotList);
+    pk11_InitSlotListStatic(&pk11_sha256SlotList);
+    pk11_InitSlotListStatic(&pk11_sha512SlotList);
+    return SECSuccess;
+}
+
+void
+PK11_DestroySlotLists(void)
+{
+    pk11_FreeSlotListStatic(&pk11_seedSlotList);
+    pk11_FreeSlotListStatic(&pk11_camelliaSlotList);
+    pk11_FreeSlotListStatic(&pk11_aesSlotList);
+    pk11_FreeSlotListStatic(&pk11_desSlotList);
+    pk11_FreeSlotListStatic(&pk11_rc4SlotList);
+    pk11_FreeSlotListStatic(&pk11_rc2SlotList);
+    pk11_FreeSlotListStatic(&pk11_rc5SlotList);
+    pk11_FreeSlotListStatic(&pk11_md5SlotList);
+    pk11_FreeSlotListStatic(&pk11_md2SlotList);
+    pk11_FreeSlotListStatic(&pk11_sha1SlotList);
+    pk11_FreeSlotListStatic(&pk11_rsaSlotList);
+    pk11_FreeSlotListStatic(&pk11_dsaSlotList);
+    pk11_FreeSlotListStatic(&pk11_dhSlotList);
+    pk11_FreeSlotListStatic(&pk11_ecSlotList);
+    pk11_FreeSlotListStatic(&pk11_ideaSlotList);
+    pk11_FreeSlotListStatic(&pk11_sslSlotList);
+    pk11_FreeSlotListStatic(&pk11_tlsSlotList);
+    pk11_FreeSlotListStatic(&pk11_randomSlotList);
+    pk11_FreeSlotListStatic(&pk11_sha256SlotList);
+    pk11_FreeSlotListStatic(&pk11_sha512SlotList);
+    return;
+}
+
+/* return a system slot list based on mechanism */
+PK11SlotList *
+PK11_GetSlotList(CK_MECHANISM_TYPE type)
+{
+/* XXX a workaround for Bugzilla bug #55267 */
+#if defined(HPUX) && defined(__LP64__)
+    if (CKM_INVALID_MECHANISM == type)
+        return NULL;
+#endif
+    switch (type) {
+        case CKM_SEED_CBC:
+        case CKM_SEED_ECB:
+            return &pk11_seedSlotList;
+        case CKM_CAMELLIA_CBC:
+        case CKM_CAMELLIA_ECB:
+            return &pk11_camelliaSlotList;
+        case CKM_AES_CBC:
+        case CKM_AES_CCM:
+        case CKM_AES_CTR:
+        case CKM_AES_CTS:
+        case CKM_AES_GCM:
+        case CKM_AES_ECB:
+            return &pk11_aesSlotList;
+        case CKM_DES_CBC:
+        case CKM_DES_ECB:
+        case CKM_DES3_ECB:
+        case CKM_DES3_CBC:
+            return &pk11_desSlotList;
+        case CKM_RC4:
+            return &pk11_rc4SlotList;
+        case CKM_RC5_CBC:
+            return &pk11_rc5SlotList;
+        case CKM_SHA_1:
+            return &pk11_sha1SlotList;
+        case CKM_SHA224:
+        case CKM_SHA256:
+            return &pk11_sha256SlotList;
+        case CKM_SHA384:
+        case CKM_SHA512:
+            return &pk11_sha512SlotList;
+        case CKM_MD5:
+            return &pk11_md5SlotList;
+        case CKM_MD2:
+            return &pk11_md2SlotList;
+        case CKM_RC2_ECB:
+        case CKM_RC2_CBC:
+            return &pk11_rc2SlotList;
+        case CKM_RSA_PKCS:
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+        case CKM_RSA_X_509:
+            return &pk11_rsaSlotList;
+        case CKM_DSA:
+            return &pk11_dsaSlotList;
+        case CKM_DH_PKCS_KEY_PAIR_GEN:
+        case CKM_DH_PKCS_DERIVE:
+            return &pk11_dhSlotList;
+        case CKM_ECDSA:
+        case CKM_ECDSA_SHA1:
+        case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
+        case CKM_ECDH1_DERIVE:
+            return &pk11_ecSlotList;
+        case CKM_SSL3_PRE_MASTER_KEY_GEN:
+        case CKM_SSL3_MASTER_KEY_DERIVE:
+        case CKM_SSL3_SHA1_MAC:
+        case CKM_SSL3_MD5_MAC:
+            return &pk11_sslSlotList;
+        case CKM_TLS_MASTER_KEY_DERIVE:
+        case CKM_TLS_KEY_AND_MAC_DERIVE:
+        case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
+            return &pk11_tlsSlotList;
+        case CKM_IDEA_CBC:
+        case CKM_IDEA_ECB:
+            return &pk11_ideaSlotList;
+        case CKM_FAKE_RANDOM:
+            return &pk11_randomSlotList;
+    }
+    return NULL;
+}
+
+/*
+ * load the static SlotInfo structures used to select a PKCS11 slot.
+ * preSlotInfo has a list of all the default flags for the slots on this
+ * module.
+ */
+void
+PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count)
+{
+    int i;
+
+    for (i = 0; i < count; i++) {
+        if (psi[i].slotID == slot->slotID)
+            break;
+    }
+
+    if (i == count)
+        return;
+
+    slot->defaultFlags = psi[i].defaultFlags;
+    slot->askpw = psi[i].askpw;
+    slot->timeout = psi[i].timeout;
+    slot->hasRootCerts = psi[i].hasRootCerts;
+
+    /* if the slot is already disabled, don't load them into the
+     * default slot lists. We get here so we can save the default
+     * list value. */
+    if (slot->disabled)
+        return;
+
+    /* if the user has disabled us, don't load us in */
+    if (slot->defaultFlags & PK11_DISABLE_FLAG) {
+        slot->disabled = PR_TRUE;
+        slot->reason = PK11_DIS_USER_SELECTED;
+        /* free up sessions and things?? */
+        return;
+    }
+
+    for (i = 0; i < num_pk11_default_mechanisms; i++) {
+        if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
+            CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
+            PK11SlotList *slotList = PK11_GetSlotList(mechanism);
+
+            if (slotList)
+                PK11_AddSlotToList(slotList, slot, PR_FALSE);
+        }
+    }
+
+    return;
+}
+
+/*
+ * update a slot to its new attribute according to the slot list
+ * returns: SECSuccess if nothing to do or add/delete is successful
+ */
+SECStatus
+PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
+                         const PK11DefaultArrayEntry *entry,
+                         PRBool add)
+/* add: PR_TRUE if want to turn on */
+{
+    SECStatus result = SECSuccess;
+    PK11SlotList *slotList = PK11_GetSlotList(entry->mechanism);
+
+    if (add) { /* trying to turn on a mechanism */
+
+        /* turn on the default flag in the slot */
+        slot->defaultFlags |= entry->flag;
+
+        /* add this slot to the list */
+        if (slotList != NULL)
+            result = PK11_AddSlotToList(slotList, slot, PR_FALSE);
+
+    } else { /* trying to turn off */
+
+        /* turn OFF the flag in the slot */
+        slot->defaultFlags &= ~entry->flag;
+
+        if (slotList) {
+            /* find the element in the list & delete it */
+            PK11SlotListElement *le = PK11_FindSlotElement(slotList, slot);
+
+            /* remove the slot from the list */
+            if (le)
+                result = PK11_DeleteSlotFromList(slotList, le);
+        }
+    }
+    return result;
+}
+
+/*
+ * clear a slot off of all of it's default list
+ */
+void
+PK11_ClearSlotList(PK11SlotInfo *slot)
+{
+    int i;
+
+    if (slot->disabled)
+        return;
+    if (slot->defaultFlags == 0)
+        return;
+
+    for (i = 0; i < num_pk11_default_mechanisms; i++) {
+        if (slot->defaultFlags & PK11_DefaultArray[i].flag) {
+            CK_MECHANISM_TYPE mechanism = PK11_DefaultArray[i].mechanism;
+            PK11SlotList *slotList = PK11_GetSlotList(mechanism);
+            PK11SlotListElement *le = NULL;
+
+            if (slotList)
+                le = PK11_FindSlotElement(slotList, slot);
+
+            if (le) {
+                PK11_DeleteSlotFromList(slotList, le);
+                PK11_FreeSlotListElement(slotList, le);
+            }
+        }
+    }
+}
+
+/******************************************************************
+ *           Slot initialization
+ ******************************************************************/
+/*
+ * turn a PKCS11 Static Label into a string
+ */
+char *
+PK11_MakeString(PLArenaPool *arena, char *space,
+                char *staticString, int stringLen)
+{
+    int i;
+    char *newString;
+    for (i = (stringLen - 1); i >= 0; i--) {
+        if (staticString[i] != ' ')
+            break;
+    }
+    /* move i to point to the last space */
+    i++;
+    if (arena) {
+        newString = (char *)PORT_ArenaAlloc(arena, i + 1 /* space for NULL */);
+    } else if (space) {
+        newString = space;
+    } else {
+        newString = (char *)PORT_Alloc(i + 1 /* space for NULL */);
+    }
+    if (newString == NULL)
+        return NULL;
+
+    if (i)
+        PORT_Memcpy(newString, staticString, i);
+    newString[i] = 0;
+
+    return newString;
+}
+
+/*
+ * Reads in the slots mechanism list for later use
+ */
+SECStatus
+PK11_ReadMechanismList(PK11SlotInfo *slot)
+{
+    CK_ULONG count;
+    CK_RV crv;
+    PRUint32 i;
+
+    if (slot->mechanismList) {
+        PORT_Free(slot->mechanismList);
+        slot->mechanismList = NULL;
+    }
+    slot->mechanismCount = 0;
+
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID, NULL, &count);
+    if (crv != CKR_OK) {
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    slot->mechanismList = (CK_MECHANISM_TYPE *)
+        PORT_Alloc(count * sizeof(CK_MECHANISM_TYPE));
+    if (slot->mechanismList == NULL) {
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        return SECFailure;
+    }
+    crv = PK11_GETTAB(slot)->C_GetMechanismList(slot->slotID,
+                                                slot->mechanismList, &count);
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_Free(slot->mechanismList);
+        slot->mechanismList = NULL;
+        PORT_SetError(PK11_MapError(crv));
+        return SECSuccess;
+    }
+    slot->mechanismCount = count;
+    PORT_Memset(slot->mechanismBits, 0, sizeof(slot->mechanismBits));
+
+    for (i = 0; i < count; i++) {
+        CK_MECHANISM_TYPE mech = slot->mechanismList[i];
+        if (mech < 0x7ff) {
+            slot->mechanismBits[mech & 0xff] |= 1 << (mech >> 8);
+        }
+    }
+    return SECSuccess;
+}
+
+/*
+ * initialize a new token
+ * unlike initialize slot, this can be called multiple times in the lifetime
+ * of NSS. It reads the information associated with a card or token,
+ * that is not going to change unless the card or token changes.
+ */
+SECStatus
+PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
+{
+    CK_TOKEN_INFO tokenInfo;
+    CK_RV crv;
+    SECStatus rv;
+    PRStatus status;
+
+    /* set the slot flags to the current token values */
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID, &tokenInfo);
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    /* set the slot flags to the current token values */
+    slot->series++; /* allow other objects to detect that the
+                      * slot is different */
+    slot->flags = tokenInfo.flags;
+    slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
+    slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
+
+    slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
+    slot->protectedAuthPath =
+        ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+             ? PR_TRUE
+             : PR_FALSE);
+    slot->lastLoginCheck = 0;
+    slot->lastState = 0;
+    /* on some platforms Active Card incorrectly sets the
+     * CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */
+    if (slot->isActiveCard) {
+        slot->protectedAuthPath = PR_FALSE;
+    }
+    (void)PK11_MakeString(NULL, slot->token_name,
+                          (char *)tokenInfo.label, sizeof(tokenInfo.label));
+    slot->minPassword = tokenInfo.ulMinPinLen;
+    slot->maxPassword = tokenInfo.ulMaxPinLen;
+    PORT_Memcpy(slot->serial, tokenInfo.serialNumber, sizeof(slot->serial));
+
+    nssToken_UpdateName(slot->nssToken);
+
+    slot->defRWSession = (PRBool)((!slot->readOnly) &&
+                                  (tokenInfo.ulMaxSessionCount == 1));
+    rv = PK11_ReadMechanismList(slot);
+    if (rv != SECSuccess)
+        return rv;
+
+    slot->hasRSAInfo = PR_FALSE;
+    slot->RSAInfoFlags = 0;
+
+    /* initialize the maxKeyCount value */
+    if (tokenInfo.ulMaxSessionCount == 0) {
+        slot->maxKeyCount = 800; /* should be #define or a config param */
+    } else if (tokenInfo.ulMaxSessionCount < 20) {
+        /* don't have enough sessions to keep that many keys around */
+        slot->maxKeyCount = 0;
+    } else {
+        slot->maxKeyCount = tokenInfo.ulMaxSessionCount / 2;
+    }
+
+    /* Make sure our session handle is valid */
+    if (slot->session == CK_INVALID_SESSION) {
+        /* we know we don't have a valid session, go get one */
+        CK_SESSION_HANDLE session;
+
+        /* session should be Readonly, serial */
+        if (!slot->isThreadSafe)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
+                                               (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
+                                               slot, pk11_notify, &session);
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        if (crv != CKR_OK) {
+            PORT_SetError(PK11_MapError(crv));
+            return SECFailure;
+        }
+        slot->session = session;
+    } else {
+        /* The session we have may be defunct (the token associated with it)
+         * has been removed   */
+        CK_SESSION_INFO sessionInfo;
+
+        if (!slot->isThreadSafe)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session, &sessionInfo);
+        if (crv == CKR_DEVICE_ERROR) {
+            PK11_GETTAB(slot)
+                ->C_CloseSession(slot->session);
+            crv = CKR_SESSION_CLOSED;
+        }
+        if ((crv == CKR_SESSION_CLOSED) || (crv == CKR_SESSION_HANDLE_INVALID)) {
+            crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
+                                                   (slot->defRWSession ? CKF_RW_SESSION : 0) | CKF_SERIAL_SESSION,
+                                                   slot, pk11_notify, &slot->session);
+            if (crv != CKR_OK) {
+                PORT_SetError(PK11_MapError(crv));
+                slot->session = CK_INVALID_SESSION;
+                if (!slot->isThreadSafe)
+                    PK11_ExitSlotMonitor(slot);
+                return SECFailure;
+            }
+        }
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+    }
+
+    status = nssToken_Refresh(slot->nssToken);
+    if (status != PR_SUCCESS)
+        return SECFailure;
+
+    if (!(slot->isInternal) && (slot->hasRandom)) {
+        /* if this slot has a random number generater, use it to add entropy
+         * to the internal slot. */
+        PK11SlotInfo *int_slot = PK11_GetInternalSlot();
+
+        if (int_slot) {
+            unsigned char random_bytes[32];
+
+            /* if this slot can issue random numbers, get some entropy from
+             * that random number generater and give it to our internal token.
+             */
+            PK11_EnterSlotMonitor(slot);
+            crv = PK11_GETTAB(slot)->C_GenerateRandom(slot->session, random_bytes, sizeof(random_bytes));
+            PK11_ExitSlotMonitor(slot);
+            if (crv == CKR_OK) {
+                PK11_EnterSlotMonitor(int_slot);
+                PK11_GETTAB(int_slot)
+                    ->C_SeedRandom(int_slot->session,
+                                   random_bytes, sizeof(random_bytes));
+                PK11_ExitSlotMonitor(int_slot);
+            }
+
+            /* Now return the favor and send entropy to the token's random
+             * number generater */
+            PK11_EnterSlotMonitor(int_slot);
+            crv = PK11_GETTAB(int_slot)->C_GenerateRandom(int_slot->session,
+                                                          random_bytes, sizeof(random_bytes));
+            PK11_ExitSlotMonitor(int_slot);
+            if (crv == CKR_OK) {
+                PK11_EnterSlotMonitor(slot);
+                crv = PK11_GETTAB(slot)->C_SeedRandom(slot->session,
+                                                      random_bytes, sizeof(random_bytes));
+                PK11_ExitSlotMonitor(slot);
+            }
+            PK11_FreeSlot(int_slot);
+        }
+    }
+    /* work around a problem in softoken where it incorrectly
+     * reports databases opened read only as read/write. */
+    if (slot->isInternal && !slot->readOnly) {
+        CK_SESSION_HANDLE session = CK_INVALID_SESSION;
+
+        /* try to open a R/W session */
+        crv = PK11_GETTAB(slot)->C_OpenSession(slot->slotID,
+                                               CKF_RW_SESSION | CKF_SERIAL_SESSION, slot, pk11_notify, &session);
+        /* what a well behaved token should return if you open
+         * a RW session on a read only token */
+        if (crv == CKR_TOKEN_WRITE_PROTECTED) {
+            slot->readOnly = PR_TRUE;
+        } else if (crv == CKR_OK) {
+            CK_SESSION_INFO sessionInfo;
+
+            /* Because of a second bug in softoken, which silently returns
+             * a RO session, we need to check what type of session we got. */
+            crv = PK11_GETTAB(slot)->C_GetSessionInfo(session, &sessionInfo);
+            if (crv == CKR_OK) {
+                if ((sessionInfo.flags & CKF_RW_SESSION) == 0) {
+                    /* session was readonly, so this softoken slot must be readonly */
+                    slot->readOnly = PR_TRUE;
+                }
+            }
+            PK11_GETTAB(slot)
+                ->C_CloseSession(session);
+        }
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * initialize a new token
+ * unlike initialize slot, this can be called multiple times in the lifetime
+ * of NSS. It reads the information associated with a card or token,
+ * that is not going to change unless the card or token changes.
+ */
+SECStatus
+PK11_TokenRefresh(PK11SlotInfo *slot)
+{
+    CK_TOKEN_INFO tokenInfo;
+    CK_RV crv;
+
+    /* set the slot flags to the current token values */
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID, &tokenInfo);
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+
+    slot->flags = tokenInfo.flags;
+    slot->needLogin = ((tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
+    slot->readOnly = ((tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
+    slot->hasRandom = ((tokenInfo.flags & CKF_RNG) ? PR_TRUE : PR_FALSE);
+    slot->protectedAuthPath =
+        ((tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+             ? PR_TRUE
+             : PR_FALSE);
+    /* on some platforms Active Card incorrectly sets the
+     * CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */
+    if (slot->isActiveCard) {
+        slot->protectedAuthPath = PR_FALSE;
+    }
+    return SECSuccess;
+}
+
+static PRBool
+pk11_isRootSlot(PK11SlotInfo *slot)
+{
+    CK_ATTRIBUTE findTemp[1];
+    CK_ATTRIBUTE *attrs;
+    CK_OBJECT_CLASS oclass = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+    int tsize;
+    CK_OBJECT_HANDLE handle;
+
+    attrs = findTemp;
+    PK11_SETATTRS(attrs, CKA_CLASS, &oclass, sizeof(oclass));
+    attrs++;
+    tsize = attrs - findTemp;
+    PORT_Assert(tsize <= sizeof(findTemp) / sizeof(CK_ATTRIBUTE));
+
+    handle = pk11_FindObjectByTemplate(slot, findTemp, tsize);
+    if (handle == CK_INVALID_HANDLE) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/*
+ * Initialize the slot :
+ * This initialization code is called on each slot a module supports when
+ * it is loaded. It does the bringup initialization. The difference between
+ * this and InitToken is Init slot does those one time initialization stuff,
+ * usually associated with the reader, while InitToken may get called multiple
+ * times as tokens are removed and re-inserted.
+ */
+void
+PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
+{
+    SECStatus rv;
+    CK_SLOT_INFO slotInfo;
+
+    slot->functionList = mod->functionList;
+    slot->isInternal = mod->internal;
+    slot->slotID = slotID;
+    slot->isThreadSafe = mod->isThreadSafe;
+    slot->hasRSAInfo = PR_FALSE;
+
+    if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID, &slotInfo) != CKR_OK) {
+        slot->disabled = PR_TRUE;
+        slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
+        return;
+    }
+
+    /* test to make sure claimed mechanism work */
+    slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;
+    slot->module = mod; /* NOTE: we don't make a reference here because
+                         * modules have references to their slots. This
+                         * works because modules keep implicit references
+                         * from their slots, and won't unload and disappear
+                         * until all their slots have been freed */
+    (void)PK11_MakeString(NULL, slot->slot_name,
+                          (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
+    slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);
+#define ACTIVE_CARD "ActivCard SA"
+    slot->isActiveCard = (PRBool)(PORT_Strncmp((char *)slotInfo.manufacturerID,
+                                               ACTIVE_CARD, sizeof(ACTIVE_CARD) - 1) == 0);
+    if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) {
+        slot->isPerm = PR_TRUE;
+        /* permanment slots must have the token present always */
+        if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {
+            slot->disabled = PR_TRUE;
+            slot->reason = PK11_DIS_TOKEN_NOT_PRESENT;
+            return; /* nothing else to do */
+        }
+    }
+    /* if the token is present, initialize it */
+    if ((slotInfo.flags & CKF_TOKEN_PRESENT) != 0) {
+        rv = PK11_InitToken(slot, PR_TRUE);
+        /* the only hard failures are on permanent devices, or function
+         * verify failures... function verify failures are already handled
+         * by tokenInit */
+        if ((rv != SECSuccess) && (slot->isPerm) && (!slot->disabled)) {
+            slot->disabled = PR_TRUE;
+            slot->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
+        }
+        if (rv == SECSuccess && pk11_isRootSlot(slot)) {
+            if (!slot->hasRootCerts) {
+                slot->module->trustOrder = 100;
+            }
+            slot->hasRootCerts = PR_TRUE;
+        }
+    }
+}
+
+/*********************************************************************
+ *            Slot mapping utility functions.
+ *********************************************************************/
+
+/*
+ * determine if the token is present. If the token is present, make sure
+ * we have a valid session handle. Also set the value of needLogin
+ * appropriately.
+ */
+static PRBool
+pk11_IsPresentCertLoad(PK11SlotInfo *slot, PRBool loadCerts)
+{
+    CK_SLOT_INFO slotInfo;
+    CK_SESSION_INFO sessionInfo;
+    CK_RV crv;
+
+    /* disabled slots are never present */
+    if (slot->disabled) {
+        return PR_FALSE;
+    }
+
+    /* permanent slots are always present */
+    if (slot->isPerm && (slot->session != CK_INVALID_SESSION)) {
+        return PR_TRUE;
+    }
+
+    if (slot->nssToken) {
+        return nssToken_IsPresent(slot->nssToken);
+    }
+
+    /* removable slots have a flag that says they are present */
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    if (PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID, &slotInfo) != CKR_OK) {
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        return PR_FALSE;
+    }
+    if ((slotInfo.flags & CKF_TOKEN_PRESENT) == 0) {
+        /* if the slot is no longer present, close the session */
+        if (slot->session != CK_INVALID_SESSION) {
+            PK11_GETTAB(slot)
+                ->C_CloseSession(slot->session);
+            slot->session = CK_INVALID_SESSION;
+        }
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        return PR_FALSE;
+    }
+
+    /* use the session Info to determine if the card has been removed and then
+     * re-inserted */
+    if (slot->session != CK_INVALID_SESSION) {
+        if (slot->isThreadSafe)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_GetSessionInfo(slot->session, &sessionInfo);
+        if (crv != CKR_OK) {
+            PK11_GETTAB(slot)
+                ->C_CloseSession(slot->session);
+            slot->session = CK_INVALID_SESSION;
+        }
+        if (slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+    }
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+
+    /* card has not been removed, current token info is correct */
+    if (slot->session != CK_INVALID_SESSION)
+        return PR_TRUE;
+
+    /* initialize the token info state */
+    if (PK11_InitToken(slot, loadCerts) != SECSuccess) {
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+/*
+ * old version of the routine
+ */
+PRBool
+PK11_IsPresent(PK11SlotInfo *slot)
+{
+    return pk11_IsPresentCertLoad(slot, PR_TRUE);
+}
+
+/* is the slot disabled? */
+PRBool
+PK11_IsDisabled(PK11SlotInfo *slot)
+{
+    return slot->disabled;
+}
+
+/* and why? */
+PK11DisableReasons
+PK11_GetDisabledReason(PK11SlotInfo *slot)
+{
+    return slot->reason;
+}
+
+/* returns PR_TRUE if successfully disable the slot */
+/* returns PR_FALSE otherwise */
+PRBool
+PK11_UserDisableSlot(PK11SlotInfo *slot)
+{
+
+    /* Prevent users from disabling the internal module. */
+    if (slot->isInternal) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return PR_FALSE;
+    }
+
+    slot->defaultFlags |= PK11_DISABLE_FLAG;
+    slot->disabled = PR_TRUE;
+    slot->reason = PK11_DIS_USER_SELECTED;
+
+    return PR_TRUE;
+}
+
+PRBool
+PK11_UserEnableSlot(PK11SlotInfo *slot)
+{
+
+    slot->defaultFlags &= ~PK11_DISABLE_FLAG;
+    slot->disabled = PR_FALSE;
+    slot->reason = PK11_DIS_NONE;
+    return PR_TRUE;
+}
+
+PRBool
+PK11_HasRootCerts(PK11SlotInfo *slot)
+{
+    return slot->hasRootCerts;
+}
+
+/* Get the module this slot is attached to */
+SECMODModule *
+PK11_GetModule(PK11SlotInfo *slot)
+{
+    return slot->module;
+}
+
+/* return the default flags of a slot */
+unsigned long
+PK11_GetDefaultFlags(PK11SlotInfo *slot)
+{
+    return slot->defaultFlags;
+}
+
+/*
+ * The following wrapper functions allow us to export an opaque slot
+ * function to the rest of libsec and the world... */
+PRBool
+PK11_IsReadOnly(PK11SlotInfo *slot)
+{
+    return slot->readOnly;
+}
+
+PRBool
+PK11_IsHW(PK11SlotInfo *slot)
+{
+    return slot->isHW;
+}
+
+PRBool
+PK11_IsRemovable(PK11SlotInfo *slot)
+{
+    return !slot->isPerm;
+}
+
+PRBool
+PK11_IsInternal(PK11SlotInfo *slot)
+{
+    return slot->isInternal;
+}
+
+PRBool
+PK11_IsInternalKeySlot(PK11SlotInfo *slot)
+{
+    PK11SlotInfo *int_slot;
+    PRBool result;
+
+    if (!slot->isInternal) {
+        return PR_FALSE;
+    }
+
+    int_slot = PK11_GetInternalKeySlot();
+    result = (int_slot == slot) ? PR_TRUE : PR_FALSE;
+    PK11_FreeSlot(int_slot);
+    return result;
+}
+
+PRBool
+PK11_NeedLogin(PK11SlotInfo *slot)
+{
+    return slot->needLogin;
+}
+
+PRBool
+PK11_IsFriendly(PK11SlotInfo *slot)
+{
+    /* internal slot always has public readable certs */
+    return (PRBool)(slot->isInternal ||
+                    ((slot->defaultFlags & SECMOD_FRIENDLY_FLAG) ==
+                     SECMOD_FRIENDLY_FLAG));
+}
+
+char *
+PK11_GetTokenName(PK11SlotInfo *slot)
+{
+    return slot->token_name;
+}
+
+char *
+PK11_GetSlotName(PK11SlotInfo *slot)
+{
+    return slot->slot_name;
+}
+
+int
+PK11_GetSlotSeries(PK11SlotInfo *slot)
+{
+    return slot->series;
+}
+
+int
+PK11_GetCurrentWrapIndex(PK11SlotInfo *slot)
+{
+    return slot->wrapKey;
+}
+
+CK_SLOT_ID
+PK11_GetSlotID(PK11SlotInfo *slot)
+{
+    return slot->slotID;
+}
+
+SECMODModuleID
+PK11_GetModuleID(PK11SlotInfo *slot)
+{
+    return slot->module->moduleID;
+}
+
+static void
+pk11_zeroTerminatedToBlankPadded(CK_CHAR *buffer, size_t buffer_size)
+{
+    CK_CHAR *walk = buffer;
+    CK_CHAR *end = buffer + buffer_size;
+
+    /* find the NULL */
+    while (walk < end && *walk != '\0') {
+        walk++;
+    }
+
+    /* clear out the buffer */
+    while (walk < end) {
+        *walk++ = ' ';
+    }
+}
+
+/* return the slot info structure */
+SECStatus
+PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info)
+{
+    CK_RV crv;
+
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    /*
+     * some buggy drivers do not fill the buffer completely,
+     * erase the buffer first
+     */
+    PORT_Memset(info->slotDescription, ' ', sizeof(info->slotDescription));
+    PORT_Memset(info->manufacturerID, ' ', sizeof(info->manufacturerID));
+    crv = PK11_GETTAB(slot)->C_GetSlotInfo(slot->slotID, info);
+    pk11_zeroTerminatedToBlankPadded(info->slotDescription,
+                                     sizeof(info->slotDescription));
+    pk11_zeroTerminatedToBlankPadded(info->manufacturerID,
+                                     sizeof(info->manufacturerID));
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*  return the token info structure */
+SECStatus
+PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info)
+{
+    CK_RV crv;
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    /*
+     * some buggy drivers do not fill the buffer completely,
+     * erase the buffer first
+     */
+    PORT_Memset(info->label, ' ', sizeof(info->label));
+    PORT_Memset(info->manufacturerID, ' ', sizeof(info->manufacturerID));
+    PORT_Memset(info->model, ' ', sizeof(info->model));
+    PORT_Memset(info->serialNumber, ' ', sizeof(info->serialNumber));
+    crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID, info);
+    pk11_zeroTerminatedToBlankPadded(info->label, sizeof(info->label));
+    pk11_zeroTerminatedToBlankPadded(info->manufacturerID,
+                                     sizeof(info->manufacturerID));
+    pk11_zeroTerminatedToBlankPadded(info->model, sizeof(info->model));
+    pk11_zeroTerminatedToBlankPadded(info->serialNumber,
+                                     sizeof(info->serialNumber));
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Find out if we need to initialize the user's pin */
+PRBool
+PK11_NeedUserInit(PK11SlotInfo *slot)
+{
+    PRBool needUserInit = (PRBool)((slot->flags & CKF_USER_PIN_INITIALIZED) == 0);
+
+    if (needUserInit) {
+        CK_TOKEN_INFO info;
+        SECStatus rv;
+
+        /* see if token has been initialized off line */
+        rv = PK11_GetTokenInfo(slot, &info);
+        if (rv == SECSuccess) {
+            slot->flags = info.flags;
+        }
+    }
+    return (PRBool)((slot->flags & CKF_USER_PIN_INITIALIZED) == 0);
+}
+
+static PK11SlotInfo *pk11InternalKeySlot = NULL;
+
+/*
+ * Set a new default internal keyslot. If one has already been set, clear it.
+ * Passing NULL falls back to the NSS normally selected default internal key
+ * slot.
+ */
+void
+pk11_SetInternalKeySlot(PK11SlotInfo *slot)
+{
+    if (pk11InternalKeySlot) {
+        PK11_FreeSlot(pk11InternalKeySlot);
+    }
+    pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
+}
+
+/*
+ * Set a new default internal keyslot if the normal key slot has not already
+ * been overridden. Subsequent calls to this function will be ignored unless
+ * pk11_SetInternalKeySlot is used to clear the current default.
+ */
+void
+pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot)
+{
+    if (pk11InternalKeySlot) {
+        return;
+    }
+    pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
+}
+
+/*
+ * Swap out a default internal keyslot.  Caller owns the Slot Reference
+ */
+PK11SlotInfo *
+pk11_SwapInternalKeySlot(PK11SlotInfo *slot)
+{
+    PK11SlotInfo *swap = pk11InternalKeySlot;
+
+    pk11InternalKeySlot = slot ? PK11_ReferenceSlot(slot) : NULL;
+    return swap;
+}
+
+/* get the internal key slot. FIPS has only one slot for both key slots and
+ * default slots */
+PK11SlotInfo *
+PK11_GetInternalKeySlot(void)
+{
+    SECMODModule *mod;
+
+    if (pk11InternalKeySlot) {
+        return PK11_ReferenceSlot(pk11InternalKeySlot);
+    }
+
+    mod = SECMOD_GetInternalModule();
+    PORT_Assert(mod != NULL);
+    if (!mod) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return NULL;
+    }
+    return PK11_ReferenceSlot(mod->isFIPS ? mod->slots[0] : mod->slots[1]);
+}
+
+/* get the internal default slot */
+PK11SlotInfo *
+PK11_GetInternalSlot(void)
+{
+    SECMODModule *mod = SECMOD_GetInternalModule();
+    PORT_Assert(mod != NULL);
+    if (!mod) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+        return NULL;
+    }
+    if (mod->isFIPS) {
+        return PK11_GetInternalKeySlot();
+    }
+    return PK11_ReferenceSlot(mod->slots[0]);
+}
+
+/*
+ * check if a given slot supports the requested mechanism
+ */
+PRBool
+PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type)
+{
+    int i;
+
+    /* CKM_FAKE_RANDOM is not a real PKCS mechanism. It's a marker to
+     * tell us we're looking form someone that has implemented get
+     * random bits */
+    if (type == CKM_FAKE_RANDOM) {
+        return slot->hasRandom;
+    }
+
+    /* for most mechanism, bypass the linear lookup */
+    if (type < 0x7ff) {
+        return (slot->mechanismBits[type & 0xff] & (1 << (type >> 8))) ? PR_TRUE : PR_FALSE;
+    }
+
+    for (i = 0; i < (int)slot->mechanismCount; i++) {
+        if (slot->mechanismList[i] == type)
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+/*
+ * Return true if a token that can do the desired mechanism exists.
+ * This allows us to have hardware tokens that can do function XYZ magically
+ * allow SSL Ciphers to appear if they are plugged in.
+ */
+PRBool
+PK11_TokenExists(CK_MECHANISM_TYPE type)
+{
+    SECMODModuleList *mlp;
+    SECMODModuleList *modules;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+    PK11SlotInfo *slot;
+    PRBool found = PR_FALSE;
+    int i;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return found;
+    }
+    /* we only need to know if there is a token that does this mechanism.
+     * check the internal module first because it's fast, and supports
+     * almost everything. */
+    slot = PK11_GetInternalSlot();
+    if (slot) {
+        found = PK11_DoesMechanism(slot, type);
+        PK11_FreeSlot(slot);
+    }
+    if (found)
+        return PR_TRUE; /* bypass getting module locks */
+
+    SECMOD_GetReadLock(moduleLock);
+    modules = SECMOD_GetDefaultModuleList();
+    for (mlp = modules; mlp != NULL && (!found); mlp = mlp->next) {
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            slot = mlp->module->slots[i];
+            if (PK11_IsPresent(slot)) {
+                if (PK11_DoesMechanism(slot, type)) {
+                    found = PR_TRUE;
+                    break;
+                }
+            }
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+    return found;
+}
+
+/*
+ * get all the currently available tokens in a list.
+ * that can perform the given mechanism. If mechanism is CKM_INVALID_MECHANISM,
+ * get all the tokens. Make sure tokens that need authentication are put at
+ * the end of this list.
+ */
+PK11SlotList *
+PK11_GetAllTokens(CK_MECHANISM_TYPE type, PRBool needRW, PRBool loadCerts,
+                  void *wincx)
+{
+    PK11SlotList *list;
+    PK11SlotList *loginList;
+    PK11SlotList *friendlyList;
+    SECMODModuleList *mlp;
+    SECMODModuleList *modules;
+    SECMODListLock *moduleLock;
+    int i;
+#if defined(XP_WIN32)
+    int j = 0;
+    PRInt32 waste[16];
+#endif
+
+    moduleLock = SECMOD_GetDefaultModuleListLock();
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return NULL;
+    }
+
+    list = PK11_NewSlotList();
+    loginList = PK11_NewSlotList();
+    friendlyList = PK11_NewSlotList();
+    if ((list == NULL) || (loginList == NULL) || (friendlyList == NULL)) {
+        if (list)
+            PK11_FreeSlotList(list);
+        if (loginList)
+            PK11_FreeSlotList(loginList);
+        if (friendlyList)
+            PK11_FreeSlotList(friendlyList);
+        return NULL;
+    }
+
+    SECMOD_GetReadLock(moduleLock);
+
+    modules = SECMOD_GetDefaultModuleList();
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+
+#if defined(XP_WIN32)
+        /* This is works around some horrible cache/page thrashing problems
+        ** on Win32.  Without this, this loop can take up to 6 seconds at
+        ** 100% CPU on a Pentium-Pro 200.  The thing this changes is to
+        ** increase the size of the stack frame and modify it.
+        ** Moving the loop code itself seems to have no effect.
+        ** Dunno why this combination makes a difference, but it does.
+        */
+        waste[j & 0xf] = j++;
+#endif
+
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            PK11SlotInfo *slot = mlp->module->slots[i];
+
+            if (pk11_IsPresentCertLoad(slot, loadCerts)) {
+                if (needRW && slot->readOnly)
+                    continue;
+                if ((type == CKM_INVALID_MECHANISM) || PK11_DoesMechanism(slot, type)) {
+                    if (pk11_LoginStillRequired(slot, wincx)) {
+                        if (PK11_IsFriendly(slot)) {
+                            PK11_AddSlotToList(friendlyList, slot, PR_TRUE);
+                        } else {
+                            PK11_AddSlotToList(loginList, slot, PR_TRUE);
+                        }
+                    } else {
+                        PK11_AddSlotToList(list, slot, PR_TRUE);
+                    }
+                }
+            }
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    pk11_MoveListToList(list, friendlyList);
+    PK11_FreeSlotList(friendlyList);
+    pk11_MoveListToList(list, loginList);
+    PK11_FreeSlotList(loginList);
+
+    return list;
+}
+
+/*
+ * NOTE: This routine is working from a private List generated by
+ * PK11_GetAllTokens. That is why it does not need to lock.
+ */
+PK11SlotList *
+PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type, PRBool needRW, void *wincx)
+{
+    PK11SlotList *list = PK11_GetAllTokens(type, needRW, PR_TRUE, wincx);
+    PK11SlotListElement *le, *next;
+    SECStatus rv;
+
+    if (list == NULL)
+        return list;
+
+    for (le = list->head; le; le = next) {
+        next = le->next; /* save the pointer here in case we have to
+                          * free the element later */
+        rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
+        if (rv != SECSuccess) {
+            PK11_DeleteSlotFromList(list, le);
+            continue;
+        }
+    }
+    return list;
+}
+
+/*
+ * returns true if the slot doesn't conform to the requested attributes
+ */
+PRBool
+pk11_filterSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE mechanism,
+                CK_FLAGS mechanismInfoFlags, unsigned int keySize)
+{
+    CK_MECHANISM_INFO mechanism_info;
+    CK_RV crv = CKR_OK;
+
+    /* handle the only case where we don't actually fetch the mechanisms
+     * on the fly */
+    if ((keySize == 0) && (mechanism == CKM_RSA_PKCS) && (slot->hasRSAInfo)) {
+        mechanism_info.flags = slot->RSAInfoFlags;
+    } else {
+        if (!slot->isThreadSafe)
+            PK11_EnterSlotMonitor(slot);
+        crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID, mechanism,
+                                                    &mechanism_info);
+        if (!slot->isThreadSafe)
+            PK11_ExitSlotMonitor(slot);
+        /* if we were getting the RSA flags, save them */
+        if ((crv == CKR_OK) && (mechanism == CKM_RSA_PKCS) && (!slot->hasRSAInfo)) {
+            slot->RSAInfoFlags = mechanism_info.flags;
+            slot->hasRSAInfo = PR_TRUE;
+        }
+    }
+    /* couldn't get the mechanism info */
+    if (crv != CKR_OK) {
+        return PR_TRUE;
+    }
+    if (keySize && ((mechanism_info.ulMinKeySize > keySize) || (mechanism_info.ulMaxKeySize < keySize))) {
+        /* Token can do mechanism, but not at the key size we
+         * want */
+        return PR_TRUE;
+    }
+    if (mechanismInfoFlags && ((mechanism_info.flags & mechanismInfoFlags) !=
+                               mechanismInfoFlags)) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+/*
+ * Find the best slot which supports the given set of mechanisms and key sizes.
+ * In normal cases this should grab the first slot on the list with no fuss.
+ * The size array is presumed to match one for one with the mechanism type
+ * array, which allows you to specify the required key size for each
+ * mechanism in the list. Whether key size is in bits or bytes is mechanism
+ * dependent. Typically asymetric keys are in bits and symetric keys are in
+ * bytes.
+ */
+PK11SlotInfo *
+PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type,
+                                       CK_FLAGS *mechanismInfoFlags, unsigned int *keySize,
+                                       unsigned int mech_count, void *wincx)
+{
+    PK11SlotList *list = NULL;
+    PK11SlotListElement *le;
+    PK11SlotInfo *slot = NULL;
+    PRBool freeit = PR_FALSE;
+    PRBool listNeedLogin = PR_FALSE;
+    unsigned int i;
+    SECStatus rv;
+
+    list = PK11_GetSlotList(type[0]);
+
+    if ((list == NULL) || (list->head == NULL)) {
+        /* We need to look up all the tokens for the mechanism */
+        list = PK11_GetAllTokens(type[0], PR_FALSE, PR_TRUE, wincx);
+        freeit = PR_TRUE;
+    }
+
+    /* no one can do it! */
+    if (list == NULL) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
+    }
+
+    PORT_SetError(0);
+
+    listNeedLogin = PR_FALSE;
+    for (i = 0; i < mech_count; i++) {
+        if ((type[i] != CKM_FAKE_RANDOM) &&
+            (type[i] != CKM_SHA_1) &&
+            (type[i] != CKM_SHA224) &&
+            (type[i] != CKM_SHA256) &&
+            (type[i] != CKM_SHA384) &&
+            (type[i] != CKM_SHA512) &&
+            (type[i] != CKM_MD5) &&
+            (type[i] != CKM_MD2)) {
+            listNeedLogin = PR_TRUE;
+            break;
+        }
+    }
+
+    for (le = PK11_GetFirstSafe(list); le;
+         le = PK11_GetNextSafe(list, le, PR_TRUE)) {
+        if (PK11_IsPresent(le->slot)) {
+            PRBool doExit = PR_FALSE;
+            for (i = 0; i < mech_count; i++) {
+                if (!PK11_DoesMechanism(le->slot, type[i])) {
+                    doExit = PR_TRUE;
+                    break;
+                }
+                if ((mechanismInfoFlags && mechanismInfoFlags[i]) ||
+                    (keySize && keySize[i])) {
+                    if (pk11_filterSlot(le->slot, type[i],
+                                        mechanismInfoFlags ? mechanismInfoFlags[i] : 0,
+                                        keySize ? keySize[i] : 0)) {
+                        doExit = PR_TRUE;
+                        break;
+                    }
+                }
+            }
+
+            if (doExit)
+                continue;
+
+            if (listNeedLogin && le->slot->needLogin) {
+                rv = PK11_Authenticate(le->slot, PR_TRUE, wincx);
+                if (rv != SECSuccess)
+                    continue;
+            }
+            slot = le->slot;
+            PK11_ReferenceSlot(slot);
+            PK11_FreeSlotListElement(list, le);
+            if (freeit) {
+                PK11_FreeSlotList(list);
+            }
+            return slot;
+        }
+    }
+    if (freeit) {
+        PK11_FreeSlotList(list);
+    }
+    if (PORT_GetError() == 0) {
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+    }
+    return NULL;
+}
+
+PK11SlotInfo *
+PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type,
+                         unsigned int mech_count, void *wincx)
+{
+    return PK11_GetBestSlotMultipleWithAttributes(type, NULL, NULL,
+                                                  mech_count, wincx);
+}
+
+/* original get best slot now calls the multiple version with only one type */
+PK11SlotInfo *
+PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx)
+{
+    return PK11_GetBestSlotMultipleWithAttributes(&type, NULL, NULL, 1, wincx);
+}
+
+PK11SlotInfo *
+PK11_GetBestSlotWithAttributes(CK_MECHANISM_TYPE type, CK_FLAGS mechanismFlags,
+                               unsigned int keySize, void *wincx)
+{
+    return PK11_GetBestSlotMultipleWithAttributes(&type, &mechanismFlags,
+                                                  &keySize, 1, wincx);
+}
+
+int
+PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE mechanism)
+{
+    CK_MECHANISM_INFO mechanism_info;
+    CK_RV crv;
+
+    if (!slot->isThreadSafe)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
+                                                mechanism, &mechanism_info);
+    if (!slot->isThreadSafe)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK)
+        return 0;
+
+    if (mechanism_info.ulMinKeySize == mechanism_info.ulMaxKeySize)
+        return 0;
+    return mechanism_info.ulMaxKeySize;
+}
+
+/*
+ * This function uses the existing PKCS #11 module to find the
+ * longest supported key length in the preferred token for a mechanism.
+ * This varies from the above function in that 1) it returns the key length
+ * even for fixed key algorithms, and 2) it looks through the tokens
+ * generally rather than for a specific token. This is used in liu of
+ * a PK11_GetKeyLength function in pk11mech.c since we can actually read
+ * supported key lengths from PKCS #11.
+ *
+ * For symmetric key operations the length is returned in bytes.
+ */
+int
+PK11_GetMaxKeyLength(CK_MECHANISM_TYPE mechanism)
+{
+    CK_MECHANISM_INFO mechanism_info;
+    PK11SlotList *list = NULL;
+    PK11SlotListElement *le;
+    PRBool freeit = PR_FALSE;
+    int keyLength = 0;
+
+    list = PK11_GetSlotList(mechanism);
+
+    if ((list == NULL) || (list->head == NULL)) {
+        /* We need to look up all the tokens for the mechanism */
+        list = PK11_GetAllTokens(mechanism, PR_FALSE, PR_FALSE, NULL);
+        freeit = PR_TRUE;
+    }
+
+    /* no tokens recognize this mechanism */
+    if (list == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return 0;
+    }
+
+    for (le = PK11_GetFirstSafe(list); le;
+         le = PK11_GetNextSafe(list, le, PR_TRUE)) {
+        PK11SlotInfo *slot = le->slot;
+        CK_RV crv;
+        if (PK11_IsPresent(slot)) {
+            if (!slot->isThreadSafe)
+                PK11_EnterSlotMonitor(slot);
+            crv = PK11_GETTAB(slot)->C_GetMechanismInfo(slot->slotID,
+                                                        mechanism, &mechanism_info);
+            if (!slot->isThreadSafe)
+                PK11_ExitSlotMonitor(slot);
+            if ((crv == CKR_OK) && (mechanism_info.ulMaxKeySize != 0) && (mechanism_info.ulMaxKeySize != 0xffffffff)) {
+                keyLength = mechanism_info.ulMaxKeySize;
+                break;
+            }
+        }
+    }
+    if (le)
+        PK11_FreeSlotListElement(list, le);
+    if (freeit)
+        PK11_FreeSlotList(list);
+    return keyLength;
+}
+
+SECStatus
+PK11_SeedRandom(PK11SlotInfo *slot, unsigned char *data, int len)
+{
+    CK_RV crv;
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_SeedRandom(slot->session, data, (CK_ULONG)len);
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+PK11_GenerateRandomOnSlot(PK11SlotInfo *slot, unsigned char *data, int len)
+{
+    CK_RV crv;
+
+    if (!slot->isInternal)
+        PK11_EnterSlotMonitor(slot);
+    crv = PK11_GETTAB(slot)->C_GenerateRandom(slot->session, data,
+                                              (CK_ULONG)len);
+    if (!slot->isInternal)
+        PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Attempts to update the Best Slot for "FAKE RANDOM" generation.
+** If that's not the internal slot, then it also attempts to update the
+** internal slot.
+** The return value indicates if the INTERNAL slot was updated OK.
+*/
+SECStatus
+PK11_RandomUpdate(void *data, size_t bytes)
+{
+    PK11SlotInfo *slot;
+    PRBool bestIsInternal;
+    SECStatus status;
+
+    slot = PK11_GetBestSlot(CKM_FAKE_RANDOM, NULL);
+    if (slot == NULL) {
+        slot = PK11_GetInternalSlot();
+        if (!slot)
+            return SECFailure;
+    }
+
+    bestIsInternal = PK11_IsInternal(slot);
+    status = PK11_SeedRandom(slot, data, bytes);
+    PK11_FreeSlot(slot);
+
+    if (!bestIsInternal) {
+        /* do internal slot, too. */
+        slot = PK11_GetInternalSlot(); /* can't fail */
+        status = PK11_SeedRandom(slot, data, bytes);
+        PK11_FreeSlot(slot);
+    }
+    return status;
+}
+
+SECStatus
+PK11_GenerateRandom(unsigned char *data, int len)
+{
+    PK11SlotInfo *slot;
+    SECStatus rv;
+
+    slot = PK11_GetBestSlot(CKM_FAKE_RANDOM, NULL);
+    if (slot == NULL)
+        return SECFailure;
+
+    rv = PK11_GenerateRandomOnSlot(slot, data, len);
+    PK11_FreeSlot(slot);
+    return rv;
+}
+
+/*
+ * Reset the token to it's initial state. For the internal module, this will
+ * Purge your keydb, and reset your cert db certs to USER_INIT.
+ */
+SECStatus
+PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
+{
+    unsigned char tokenName[32];
+    int tokenNameLen;
+    CK_RV crv;
+
+    /* reconstruct the token name */
+    tokenNameLen = PORT_Strlen(slot->token_name);
+    if (tokenNameLen > sizeof(tokenName)) {
+        tokenNameLen = sizeof(tokenName);
+    }
+
+    PORT_Memcpy(tokenName, slot->token_name, tokenNameLen);
+    if (tokenNameLen < sizeof(tokenName)) {
+        PORT_Memset(&tokenName[tokenNameLen], ' ',
+                    sizeof(tokenName) - tokenNameLen);
+    }
+
+    /* initialize the token */
+    PK11_EnterSlotMonitor(slot);
+
+    /* first shutdown the token. Existing sessions will get closed here */
+    PK11_GETTAB(slot)
+        ->C_CloseAllSessions(slot->slotID);
+    slot->session = CK_INVALID_SESSION;
+
+    /* now re-init the token */
+    crv = PK11_GETTAB(slot)->C_InitToken(slot->slotID,
+                                         (unsigned char *)sso_pwd, sso_pwd ? PORT_Strlen(sso_pwd) : 0, tokenName);
+
+    /* finally bring the token back up */
+    PK11_InitToken(slot, PR_TRUE);
+    PK11_ExitSlotMonitor(slot);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
+                                          slot->nssToken);
+    return SECSuccess;
+}
+void
+PK11Slot_SetNSSToken(PK11SlotInfo *sl, NSSToken *nsst)
+{
+    sl->nssToken = nsst;
+}
+
+NSSToken *
+PK11Slot_GetNSSToken(PK11SlotInfo *sl)
+{
+    return sl->nssToken;
+}
+
+/*
+ * wait for a token to change it's state. The application passes in the expected
+ * new state in event.
+ */
+PK11TokenStatus
+PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event,
+                       PRIntervalTime timeout, PRIntervalTime latency, int series)
+{
+    PRIntervalTime first_time = 0;
+    PRBool first_time_set = PR_FALSE;
+    PRBool waitForRemoval;
+
+    if (slot->isPerm) {
+        return PK11TokenNotRemovable;
+    }
+    if (latency == 0) {
+        latency = PR_SecondsToInterval(5);
+    }
+    waitForRemoval = (PRBool)(event == PK11TokenRemovedOrChangedEvent);
+
+    if (series == 0) {
+        series = PK11_GetSlotSeries(slot);
+    }
+    while (PK11_IsPresent(slot) == waitForRemoval) {
+        PRIntervalTime interval;
+
+        if (waitForRemoval && series != PK11_GetSlotSeries(slot)) {
+            return PK11TokenChanged;
+        }
+        if (timeout == PR_INTERVAL_NO_WAIT) {
+            return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved;
+        }
+        if (timeout != PR_INTERVAL_NO_TIMEOUT) {
+            interval = PR_IntervalNow();
+            if (!first_time_set) {
+                first_time = interval;
+                first_time_set = PR_TRUE;
+            }
+            if ((interval - first_time) > timeout) {
+                return waitForRemoval ? PK11TokenPresent : PK11TokenRemoved;
+            }
+        }
+        PR_Sleep(latency);
+    }
+    return waitForRemoval ? PK11TokenRemoved : PK11TokenPresent;
+}
diff --git a/nss/lib/pk11wrap/pk11util.c b/nss/lib/pk11wrap/pk11util.c
new file mode 100644
index 0000000..9636b07
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11util.c
@@ -0,0 +1,1629 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Initialize the PCKS 11 subsystem
+ */
+#include "seccomon.h"
+#include "secmod.h"
+#include "nssilock.h"
+#include "secmodi.h"
+#include "secmodti.h"
+#include "pk11func.h"
+#include "pki3hack.h"
+#include "secerr.h"
+#include "dev.h"
+#include "utilpars.h"
+
+/* these are for displaying error messages */
+
+static SECMODModuleList *modules = NULL;
+static SECMODModuleList *modulesDB = NULL;
+static SECMODModuleList *modulesUnload = NULL;
+static SECMODModule *internalModule = NULL;
+static SECMODModule *defaultDBModule = NULL;
+static SECMODModule *pendingModule = NULL;
+static SECMODListLock *moduleLock = NULL;
+
+int secmod_PrivateModuleCount = 0;
+
+extern const PK11DefaultArrayEntry PK11_DefaultArray[];
+extern const int num_pk11_default_mechanisms;
+
+void
+SECMOD_Init()
+{
+    /* don't initialize twice */
+    if (moduleLock)
+        return;
+
+    moduleLock = SECMOD_NewListLock();
+    PK11_InitSlotLists();
+}
+
+SECStatus
+SECMOD_Shutdown()
+{
+    /* destroy the lock */
+    if (moduleLock) {
+        SECMOD_DestroyListLock(moduleLock);
+        moduleLock = NULL;
+    }
+    /* free the internal module */
+    if (internalModule) {
+        SECMOD_DestroyModule(internalModule);
+        internalModule = NULL;
+    }
+
+    /* free the default database module */
+    if (defaultDBModule) {
+        SECMOD_DestroyModule(defaultDBModule);
+        defaultDBModule = NULL;
+    }
+
+    /* destroy the list */
+    if (modules) {
+        SECMOD_DestroyModuleList(modules);
+        modules = NULL;
+    }
+
+    if (modulesDB) {
+        SECMOD_DestroyModuleList(modulesDB);
+        modulesDB = NULL;
+    }
+
+    if (modulesUnload) {
+        SECMOD_DestroyModuleList(modulesUnload);
+        modulesUnload = NULL;
+    }
+
+    /* make all the slots and the lists go away */
+    PK11_DestroySlotLists();
+
+    nss_DumpModuleLog();
+
+#ifdef DEBUG
+    if (PR_GetEnvSecure("NSS_STRICT_SHUTDOWN")) {
+        PORT_Assert(secmod_PrivateModuleCount == 0);
+    }
+#endif
+    if (secmod_PrivateModuleCount) {
+        PORT_SetError(SEC_ERROR_BUSY);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * retrieve the internal module
+ */
+SECMODModule *
+SECMOD_GetInternalModule(void)
+{
+    return internalModule;
+}
+
+SECStatus
+secmod_AddModuleToList(SECMODModuleList **moduleList, SECMODModule *newModule)
+{
+    SECMODModuleList *mlp, *newListElement, *last = NULL;
+
+    newListElement = SECMOD_NewModuleListElement();
+    if (newListElement == NULL) {
+        return SECFailure;
+    }
+
+    newListElement->module = SECMOD_ReferenceModule(newModule);
+
+    SECMOD_GetWriteLock(moduleLock);
+    /* Added it to the end (This is very inefficient, but Adding a module
+     * on the fly should happen maybe 2-3 times through the life this program
+     * on a given computer, and this list should be *SHORT*. */
+    for (mlp = *moduleList; mlp != NULL; mlp = mlp->next) {
+        last = mlp;
+    }
+
+    if (last == NULL) {
+        *moduleList = newListElement;
+    } else {
+        SECMOD_AddList(last, newListElement, NULL);
+    }
+    SECMOD_ReleaseWriteLock(moduleLock);
+    return SECSuccess;
+}
+
+SECStatus
+SECMOD_AddModuleToList(SECMODModule *newModule)
+{
+    if (newModule->internal && !internalModule) {
+        internalModule = SECMOD_ReferenceModule(newModule);
+    }
+    return secmod_AddModuleToList(&modules, newModule);
+}
+
+SECStatus
+SECMOD_AddModuleToDBOnlyList(SECMODModule *newModule)
+{
+    if (defaultDBModule && SECMOD_GetDefaultModDBFlag(newModule)) {
+        SECMOD_DestroyModule(defaultDBModule);
+        defaultDBModule = SECMOD_ReferenceModule(newModule);
+    } else if (defaultDBModule == NULL) {
+        defaultDBModule = SECMOD_ReferenceModule(newModule);
+    }
+    return secmod_AddModuleToList(&modulesDB, newModule);
+}
+
+SECStatus
+SECMOD_AddModuleToUnloadList(SECMODModule *newModule)
+{
+    return secmod_AddModuleToList(&modulesUnload, newModule);
+}
+
+/*
+ * get the list of PKCS11 modules that are available.
+ */
+SECMODModuleList *
+SECMOD_GetDefaultModuleList()
+{
+    return modules;
+}
+SECMODModuleList *
+SECMOD_GetDeadModuleList()
+{
+    return modulesUnload;
+}
+SECMODModuleList *
+SECMOD_GetDBModuleList()
+{
+    return modulesDB;
+}
+
+/*
+ * This lock protects the global module lists.
+ * it also protects changes to the slot array (module->slots[]) and slot count
+ * (module->slotCount) in each module. It is a read/write lock with multiple
+ * readers or one writer. Writes are uncommon.
+ * Because of legacy considerations protection of the slot array and count is
+ * only necessary in applications if the application calls
+ * SECMOD_UpdateSlotList() or SECMOD_WaitForAnyTokenEvent(), though all new
+ * applications are encouraged to acquire this lock when reading the
+ * slot array information directly.
+ */
+SECMODListLock *
+SECMOD_GetDefaultModuleListLock()
+{
+    return moduleLock;
+}
+
+/*
+ * find a module by name, and add a reference to it.
+ * return that module.
+ */
+SECMODModule *
+SECMOD_FindModule(const char *name)
+{
+    SECMODModuleList *mlp;
+    SECMODModule *module = NULL;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return module;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        if (PORT_Strcmp(name, mlp->module->commonName) == 0) {
+            module = mlp->module;
+            SECMOD_ReferenceModule(module);
+            break;
+        }
+    }
+    if (module) {
+        goto found;
+    }
+    for (mlp = modulesUnload; mlp != NULL; mlp = mlp->next) {
+        if (PORT_Strcmp(name, mlp->module->commonName) == 0) {
+            module = mlp->module;
+            SECMOD_ReferenceModule(module);
+            break;
+        }
+    }
+
+found:
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    return module;
+}
+
+/*
+ * find a module by ID, and add a reference to it.
+ * return that module.
+ */
+SECMODModule *
+SECMOD_FindModuleByID(SECMODModuleID id)
+{
+    SECMODModuleList *mlp;
+    SECMODModule *module = NULL;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return module;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        if (id == mlp->module->moduleID) {
+            module = mlp->module;
+            SECMOD_ReferenceModule(module);
+            break;
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+    if (module == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+    }
+    return module;
+}
+
+/*
+ * find the function pointer.
+ */
+SECMODModule *
+secmod_FindModuleByFuncPtr(void *funcPtr)
+{
+    SECMODModuleList *mlp;
+    SECMODModule *module = NULL;
+
+    SECMOD_GetReadLock(moduleLock);
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        /* paranoia, shouldn't ever happen */
+        if (!mlp->module) {
+            continue;
+        }
+        if (funcPtr == mlp->module->functionList) {
+            module = mlp->module;
+            SECMOD_ReferenceModule(module);
+            break;
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+    if (module == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MODULE);
+    }
+    return module;
+}
+
+/*
+ * Find the Slot based on ID and the module.
+ */
+PK11SlotInfo *
+SECMOD_FindSlotByID(SECMODModule *module, CK_SLOT_ID slotID)
+{
+    int i;
+    PK11SlotInfo *slot = NULL;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return slot;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    for (i = 0; i < module->slotCount; i++) {
+        PK11SlotInfo *cSlot = module->slots[i];
+
+        if (cSlot->slotID == slotID) {
+            slot = PK11_ReferenceSlot(cSlot);
+            break;
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    if (slot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
+    }
+    return slot;
+}
+
+/*
+ * lookup the Slot module based on it's module ID and slot ID.
+ */
+PK11SlotInfo *
+SECMOD_LookupSlot(SECMODModuleID moduleID, CK_SLOT_ID slotID)
+{
+    SECMODModule *module;
+    PK11SlotInfo *slot;
+
+    module = SECMOD_FindModuleByID(moduleID);
+    if (module == NULL)
+        return NULL;
+
+    slot = SECMOD_FindSlotByID(module, slotID);
+    SECMOD_DestroyModule(module);
+    return slot;
+}
+
+/*
+ * find a module by name or module pointer and delete it off the module list.
+ * optionally remove it from secmod.db.
+ */
+SECStatus
+SECMOD_DeleteModuleEx(const char *name, SECMODModule *mod,
+                      int *type, PRBool permdb)
+{
+    SECMODModuleList *mlp;
+    SECMODModuleList **mlpp;
+    SECStatus rv = SECFailure;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return rv;
+    }
+
+    *type = SECMOD_EXTERNAL;
+
+    SECMOD_GetWriteLock(moduleLock);
+    for (mlpp = &modules, mlp = modules;
+         mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
+        if ((name && (PORT_Strcmp(name, mlp->module->commonName) == 0)) ||
+            mod == mlp->module) {
+            /* don't delete the internal module */
+            if (!mlp->module->internal) {
+                SECMOD_RemoveList(mlpp, mlp);
+                /* delete it after we release the lock */
+                rv = STAN_RemoveModuleFromDefaultTrustDomain(mlp->module);
+            } else if (mlp->module->isFIPS) {
+                *type = SECMOD_FIPS;
+            } else {
+                *type = SECMOD_INTERNAL;
+            }
+            break;
+        }
+    }
+    if (mlp) {
+        goto found;
+    }
+    /* not on the internal list, check the unload list */
+    for (mlpp = &modulesUnload, mlp = modulesUnload;
+         mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
+        if ((name && (PORT_Strcmp(name, mlp->module->commonName) == 0)) ||
+            mod == mlp->module) {
+            /* don't delete the internal module */
+            if (!mlp->module->internal) {
+                SECMOD_RemoveList(mlpp, mlp);
+                rv = SECSuccess;
+            } else if (mlp->module->isFIPS) {
+                *type = SECMOD_FIPS;
+            } else {
+                *type = SECMOD_INTERNAL;
+            }
+            break;
+        }
+    }
+found:
+    SECMOD_ReleaseWriteLock(moduleLock);
+
+    if (rv == SECSuccess) {
+        if (permdb) {
+            SECMOD_DeletePermDB(mlp->module);
+        }
+        SECMOD_DestroyModuleListElement(mlp);
+    }
+    return rv;
+}
+
+/*
+ * find a module by name and delete it off the module list
+ */
+SECStatus
+SECMOD_DeleteModule(const char *name, int *type)
+{
+    return SECMOD_DeleteModuleEx(name, NULL, type, PR_TRUE);
+}
+
+/*
+ * find a module by name and delete it off the module list
+ */
+SECStatus
+SECMOD_DeleteInternalModule(const char *name)
+{
+    SECMODModuleList *mlp;
+    SECMODModuleList **mlpp;
+    SECStatus rv = SECFailure;
+
+    if (pendingModule) {
+        PORT_SetError(SEC_ERROR_MODULE_STUCK);
+        return rv;
+    }
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return rv;
+    }
+
+    SECMOD_GetWriteLock(moduleLock);
+    for (mlpp = &modules, mlp = modules;
+         mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
+        if (PORT_Strcmp(name, mlp->module->commonName) == 0) {
+            /* don't delete the internal module */
+            if (mlp->module->internal) {
+                SECMOD_RemoveList(mlpp, mlp);
+                rv = STAN_RemoveModuleFromDefaultTrustDomain(mlp->module);
+            }
+            break;
+        }
+    }
+    SECMOD_ReleaseWriteLock(moduleLock);
+
+    if (rv == SECSuccess) {
+        SECMODModule *newModule, *oldModule;
+
+        if (mlp->module->isFIPS) {
+            newModule = SECMOD_CreateModule(NULL, SECMOD_INT_NAME,
+                                            NULL, SECMOD_INT_FLAGS);
+        } else {
+            newModule = SECMOD_CreateModule(NULL, SECMOD_FIPS_NAME,
+                                            NULL, SECMOD_FIPS_FLAGS);
+        }
+        if (newModule) {
+            PK11SlotInfo *slot;
+            newModule->libraryParams =
+                PORT_ArenaStrdup(newModule->arena, mlp->module->libraryParams);
+            /* if an explicit internal key slot has been set, reset it */
+            slot = pk11_SwapInternalKeySlot(NULL);
+            if (slot) {
+                secmod_SetInternalKeySlotFlag(newModule, PR_TRUE);
+            }
+            rv = SECMOD_AddModule(newModule);
+            if (rv != SECSuccess) {
+                /* load failed, restore the internal key slot */
+                pk11_SetInternalKeySlot(slot);
+                SECMOD_DestroyModule(newModule);
+                newModule = NULL;
+            }
+            /* free the old explicit internal key slot, we now have a new one */
+            if (slot) {
+                PK11_FreeSlot(slot);
+            }
+        }
+        if (newModule == NULL) {
+            SECMODModuleList *last = NULL, *mlp2;
+            /* we're in pretty deep trouble if this happens...Security
+             * not going to work well... try to put the old module back on
+             * the list */
+            SECMOD_GetWriteLock(moduleLock);
+            for (mlp2 = modules; mlp2 != NULL; mlp2 = mlp->next) {
+                last = mlp2;
+            }
+
+            if (last == NULL) {
+                modules = mlp;
+            } else {
+                SECMOD_AddList(last, mlp, NULL);
+            }
+            SECMOD_ReleaseWriteLock(moduleLock);
+            return SECFailure;
+        }
+        pendingModule = oldModule = internalModule;
+        internalModule = NULL;
+        SECMOD_DestroyModule(oldModule);
+        SECMOD_DeletePermDB(mlp->module);
+        SECMOD_DestroyModuleListElement(mlp);
+        internalModule = newModule; /* adopt the module */
+    }
+    return rv;
+}
+
+SECStatus
+SECMOD_AddModule(SECMODModule *newModule)
+{
+    SECStatus rv;
+    SECMODModule *oldModule;
+
+    /* Test if a module w/ the same name already exists */
+    /* and return SECWouldBlock if so. */
+    /* We should probably add a new return value such as */
+    /* SECDublicateModule, but to minimize ripples, I'll */
+    /* give SECWouldBlock a new meaning */
+    if ((oldModule = SECMOD_FindModule(newModule->commonName)) != NULL) {
+        SECMOD_DestroyModule(oldModule);
+        return SECWouldBlock;
+        /* module already exists. */
+    }
+
+    rv = secmod_LoadPKCS11Module(newModule, NULL);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    if (newModule->parent == NULL) {
+        newModule->parent = SECMOD_ReferenceModule(defaultDBModule);
+    }
+
+    SECMOD_AddPermDB(newModule);
+    SECMOD_AddModuleToList(newModule);
+
+    rv = STAN_AddModuleToDefaultTrustDomain(newModule);
+
+    return rv;
+}
+
+PK11SlotInfo *
+SECMOD_FindSlot(SECMODModule *module, const char *name)
+{
+    int i;
+    char *string;
+    PK11SlotInfo *retSlot = NULL;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return retSlot;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    for (i = 0; i < module->slotCount; i++) {
+        PK11SlotInfo *slot = module->slots[i];
+
+        if (PK11_IsPresent(slot)) {
+            string = PK11_GetTokenName(slot);
+        } else {
+            string = PK11_GetSlotName(slot);
+        }
+        if (PORT_Strcmp(name, string) == 0) {
+            retSlot = PK11_ReferenceSlot(slot);
+            break;
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    if (retSlot == NULL) {
+        PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
+    }
+    return retSlot;
+}
+
+SECStatus
+PK11_GetModInfo(SECMODModule *mod, CK_INFO *info)
+{
+    CK_RV crv;
+
+    if (mod->functionList == NULL)
+        return SECFailure;
+    crv = PK11_GETTAB(mod)->C_GetInfo(info);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+    }
+    return (crv == CKR_OK) ? SECSuccess : SECFailure;
+}
+
+/* Determine if we have the FIP's module loaded as the default
+ * module to trigger other bogus FIPS requirements in PKCS #12 and
+ * SSL
+ */
+PRBool
+PK11_IsFIPS(void)
+{
+    SECMODModule *mod = SECMOD_GetInternalModule();
+
+    if (mod && mod->internal) {
+        return mod->isFIPS;
+    }
+
+    return PR_FALSE;
+}
+
+/* combines NewModule() & AddModule */
+/* give a string for the module name & the full-path for the dll, */
+/* installs the PKCS11 module & update registry */
+SECStatus
+SECMOD_AddNewModuleEx(const char *moduleName, const char *dllPath,
+                      unsigned long defaultMechanismFlags,
+                      unsigned long cipherEnableFlags,
+                      char *modparms, char *nssparms)
+{
+    SECMODModule *module;
+    SECStatus result = SECFailure;
+    int s, i;
+    PK11SlotInfo *slot;
+
+    PR_SetErrorText(0, NULL);
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return result;
+    }
+
+    module = SECMOD_CreateModule(dllPath, moduleName, modparms, nssparms);
+
+    if (module == NULL) {
+        return result;
+    }
+
+    if (module->dllName != NULL) {
+        if (module->dllName[0] != 0) {
+            result = SECMOD_AddModule(module);
+            if (result == SECSuccess) {
+                /* turn on SSL cipher enable flags */
+                module->ssl[0] = cipherEnableFlags;
+
+                SECMOD_GetReadLock(moduleLock);
+                /* check each slot to turn on appropriate mechanisms */
+                for (s = 0; s < module->slotCount; s++) {
+                    slot = (module->slots)[s];
+                    /* for each possible mechanism */
+                    for (i = 0; i < num_pk11_default_mechanisms; i++) {
+                        /* we are told to turn it on by default ? */
+                        PRBool add =
+                            (PK11_DefaultArray[i].flag & defaultMechanismFlags) ? PR_TRUE : PR_FALSE;
+                        result = PK11_UpdateSlotAttribute(slot,
+                                                          &(PK11_DefaultArray[i]), add);
+                        if (result != SECSuccess) {
+                            SECMOD_ReleaseReadLock(moduleLock);
+                            SECMOD_DestroyModule(module);
+                            return result;
+                        }
+                    } /* for each mechanism */
+                    /* disable each slot if the defaultFlags say so */
+                    if (defaultMechanismFlags & PK11_DISABLE_FLAG) {
+                        PK11_UserDisableSlot(slot);
+                    }
+                } /* for each slot of this module */
+                SECMOD_ReleaseReadLock(moduleLock);
+
+                /* delete and re-add module in order to save changes
+                 * to the module */
+                result = SECMOD_UpdateModule(module);
+            }
+        }
+    }
+    SECMOD_DestroyModule(module);
+    return result;
+}
+
+SECStatus
+SECMOD_AddNewModule(const char *moduleName, const char *dllPath,
+                    unsigned long defaultMechanismFlags,
+                    unsigned long cipherEnableFlags)
+{
+    return SECMOD_AddNewModuleEx(moduleName, dllPath, defaultMechanismFlags,
+                                 cipherEnableFlags,
+                                 NULL, NULL); /* don't pass module or nss params */
+}
+
+SECStatus
+SECMOD_UpdateModule(SECMODModule *module)
+{
+    SECStatus result;
+
+    result = SECMOD_DeletePermDB(module);
+
+    if (result == SECSuccess) {
+        result = SECMOD_AddPermDB(module);
+    }
+    return result;
+}
+
+/* Public & Internal(Security Library)  representation of
+ * encryption mechanism flags conversion */
+
+/* Currently, the only difference is that internal representation
+ * puts RANDOM_FLAG at bit 31 (Most-significant bit), but
+ * public representation puts this bit at bit 28
+ */
+unsigned long
+SECMOD_PubMechFlagstoInternal(unsigned long publicFlags)
+{
+    unsigned long internalFlags = publicFlags;
+
+    if (publicFlags & PUBLIC_MECH_RANDOM_FLAG) {
+        internalFlags &= ~PUBLIC_MECH_RANDOM_FLAG;
+        internalFlags |= SECMOD_RANDOM_FLAG;
+    }
+    return internalFlags;
+}
+
+unsigned long
+SECMOD_InternaltoPubMechFlags(unsigned long internalFlags)
+{
+    unsigned long publicFlags = internalFlags;
+
+    if (internalFlags & SECMOD_RANDOM_FLAG) {
+        publicFlags &= ~SECMOD_RANDOM_FLAG;
+        publicFlags |= PUBLIC_MECH_RANDOM_FLAG;
+    }
+    return publicFlags;
+}
+
+/* Public & Internal(Security Library)  representation of */
+/* cipher flags conversion */
+/* Note: currently they are just stubs */
+unsigned long
+SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags)
+{
+    return publicFlags;
+}
+
+unsigned long
+SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags)
+{
+    return internalFlags;
+}
+
+/* Funtion reports true if module of modType is installed/configured */
+PRBool
+SECMOD_IsModulePresent(unsigned long int pubCipherEnableFlags)
+{
+    PRBool result = PR_FALSE;
+    SECMODModuleList *mods;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return result;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    mods = SECMOD_GetDefaultModuleList();
+    for (; mods != NULL; mods = mods->next) {
+        if (mods->module->ssl[0] &
+            SECMOD_PubCipherFlagstoInternal(pubCipherEnableFlags)) {
+            result = PR_TRUE;
+        }
+    }
+
+    SECMOD_ReleaseReadLock(moduleLock);
+    return result;
+}
+
+/* create a new ModuleListElement */
+SECMODModuleList *
+SECMOD_NewModuleListElement(void)
+{
+    SECMODModuleList *newModList;
+
+    newModList = (SECMODModuleList *)PORT_Alloc(sizeof(SECMODModuleList));
+    if (newModList) {
+        newModList->next = NULL;
+        newModList->module = NULL;
+    }
+    return newModList;
+}
+
+/*
+ * make a new reference to a module so It doesn't go away on us
+ */
+SECMODModule *
+SECMOD_ReferenceModule(SECMODModule *module)
+{
+    PZ_Lock(module->refLock);
+    PORT_Assert(module->refCount > 0);
+
+    module->refCount++;
+    PZ_Unlock(module->refLock);
+    return module;
+}
+
+/* destroy an existing module */
+void
+SECMOD_DestroyModule(SECMODModule *module)
+{
+    PRBool willfree = PR_FALSE;
+    int slotCount;
+    int i;
+
+    PZ_Lock(module->refLock);
+    if (module->refCount-- == 1) {
+        willfree = PR_TRUE;
+    }
+    PORT_Assert(willfree || (module->refCount > 0));
+    PZ_Unlock(module->refLock);
+
+    if (!willfree) {
+        return;
+    }
+
+    if (module->parent != NULL) {
+        SECMODModule *parent = module->parent;
+        /* paranoia, don't loop forever if the modules are looped */
+        module->parent = NULL;
+        SECMOD_DestroyModule(parent);
+    }
+
+    /* slots can't really disappear until our module starts freeing them,
+     * so this check is safe */
+    slotCount = module->slotCount;
+    if (slotCount == 0) {
+        SECMOD_SlotDestroyModule(module, PR_FALSE);
+        return;
+    }
+
+    /* now free all out slots, when they are done, they will cause the
+     * module to disappear altogether */
+    for (i = 0; i < slotCount; i++) {
+        if (!module->slots[i]->disabled) {
+            PK11_ClearSlotList(module->slots[i]);
+        }
+        PK11_FreeSlot(module->slots[i]);
+    }
+    /* WARNING: once the last slot has been freed is it possible (even likely)
+     * that module is no more... touching it now is a good way to go south */
+}
+
+/* we can only get here if we've destroyed the module, or some one has
+ * erroneously freed a slot that wasn't referenced. */
+void
+SECMOD_SlotDestroyModule(SECMODModule *module, PRBool fromSlot)
+{
+    PRBool willfree = PR_FALSE;
+    if (fromSlot) {
+        PORT_Assert(module->refCount == 0);
+        PZ_Lock(module->refLock);
+        if (module->slotCount-- == 1) {
+            willfree = PR_TRUE;
+        }
+        PORT_Assert(willfree || (module->slotCount > 0));
+        PZ_Unlock(module->refLock);
+        if (!willfree)
+            return;
+    }
+
+    if (module == pendingModule) {
+        pendingModule = NULL;
+    }
+
+    if (module->loaded) {
+        SECMOD_UnloadModule(module);
+    }
+    PZ_DestroyLock(module->refLock);
+    PORT_FreeArena(module->arena, PR_FALSE);
+    secmod_PrivateModuleCount--;
+}
+
+/* destroy a list element
+ * this destroys a single element, and returns the next element
+ * on the chain. It makes it easy to implement for loops to delete
+ * the chain. It also make deleting a single element easy */
+SECMODModuleList *
+SECMOD_DestroyModuleListElement(SECMODModuleList *element)
+{
+    SECMODModuleList *next = element->next;
+
+    if (element->module) {
+        SECMOD_DestroyModule(element->module);
+        element->module = NULL;
+    }
+    PORT_Free(element);
+    return next;
+}
+
+/*
+ * Destroy an entire module list
+ */
+void
+SECMOD_DestroyModuleList(SECMODModuleList *list)
+{
+    SECMODModuleList *lp;
+
+    for (lp = list; lp != NULL; lp = SECMOD_DestroyModuleListElement(lp))
+        ;
+}
+
+PRBool
+SECMOD_CanDeleteInternalModule(void)
+{
+    return (PRBool)(pendingModule == NULL);
+}
+
+/*
+ * check to see if the module has added new slots. PKCS 11 v2.20 allows for
+ * modules to add new slots, but never remove them. Slots cannot be added
+ * between a call to C_GetSlotLlist(Flag, NULL, &count) and the subsequent
+ * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently
+ * grow on the caller. It is permissible for the slots to increase between
+ * successive calls with NULL to get the size.
+ */
+SECStatus
+SECMOD_UpdateSlotList(SECMODModule *mod)
+{
+    CK_RV crv;
+    CK_ULONG count;
+    CK_ULONG i, oldCount;
+    PRBool freeRef = PR_FALSE;
+    void *mark = NULL;
+    CK_ULONG *slotIDs = NULL;
+    PK11SlotInfo **newSlots = NULL;
+    PK11SlotInfo **oldSlots = NULL;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+
+    /* C_GetSlotList is not a session function, make sure
+     * calls are serialized */
+    PZ_Lock(mod->refLock);
+    freeRef = PR_TRUE;
+    /* see if the number of slots have changed */
+    crv = PK11_GETTAB(mod)->C_GetSlotList(PR_FALSE, NULL, &count);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+    /* nothing new, blow out early, we want this function to be quick
+     * and cheap in the normal case  */
+    if (count == mod->slotCount) {
+        PZ_Unlock(mod->refLock);
+        return SECSuccess;
+    }
+    if (count < (CK_ULONG)mod->slotCount) {
+        /* shouldn't happen with a properly functioning PKCS #11 module */
+        PORT_SetError(SEC_ERROR_INCOMPATIBLE_PKCS11);
+        goto loser;
+    }
+
+    /* get the new slot list */
+    slotIDs = PORT_NewArray(CK_SLOT_ID, count);
+    if (slotIDs == NULL) {
+        goto loser;
+    }
+
+    crv = PK11_GETTAB(mod)->C_GetSlotList(PR_FALSE, slotIDs, &count);
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        goto loser;
+    }
+    freeRef = PR_FALSE;
+    PZ_Unlock(mod->refLock);
+    mark = PORT_ArenaMark(mod->arena);
+    if (mark == NULL) {
+        goto loser;
+    }
+    newSlots = PORT_ArenaZNewArray(mod->arena, PK11SlotInfo *, count);
+
+    /* walk down the new slot ID list returned from the module. We keep
+     * the old slots which match a returned ID, and we initialize the new
+     * slots. */
+    for (i = 0; i < count; i++) {
+        PK11SlotInfo *slot = SECMOD_FindSlotByID(mod, slotIDs[i]);
+
+        if (!slot) {
+            /* we have a new slot create a new slot data structure */
+            slot = PK11_NewSlotInfo(mod);
+            if (!slot) {
+                goto loser;
+            }
+            PK11_InitSlot(mod, slotIDs[i], slot);
+            STAN_InitTokenForSlotInfo(NULL, slot);
+        }
+        newSlots[i] = slot;
+    }
+    STAN_ResetTokenInterator(NULL);
+    PORT_Free(slotIDs);
+    slotIDs = NULL;
+    PORT_ArenaUnmark(mod->arena, mark);
+
+    /* until this point we're still using the old slot list. Now we update
+     * module slot list. We update the slots (array) first then the count,
+     * since we've already guarrenteed that count has increased (just in case
+     * someone is looking at the slots field of  module without holding the
+     * moduleLock */
+    SECMOD_GetWriteLock(moduleLock);
+    oldCount = mod->slotCount;
+    oldSlots = mod->slots;
+    mod->slots = newSlots; /* typical arena 'leak'... old mod->slots is
+                            * allocated out of the module arena and won't
+                            * be freed until the module is freed */
+    mod->slotCount = count;
+    SECMOD_ReleaseWriteLock(moduleLock);
+    /* free our old references before forgetting about oldSlot*/
+    for (i = 0; i < oldCount; i++) {
+        PK11_FreeSlot(oldSlots[i]);
+    }
+    return SECSuccess;
+
+loser:
+    if (freeRef) {
+        PZ_Unlock(mod->refLock);
+    }
+    if (slotIDs) {
+        PORT_Free(slotIDs);
+    }
+    /* free all the slots we allocated. newSlots are part of the
+     * mod arena. NOTE: the newSlots array contain both new and old
+     * slots, but we kept a reference to the old slots when we built the new
+     * array, so we need to free all the slots in newSlots array. */
+    if (newSlots) {
+        for (i = 0; i < count; i++) {
+            if (newSlots[i] == NULL) {
+                break; /* hit the last one */
+            }
+            PK11_FreeSlot(newSlots[i]);
+        }
+    }
+    /* must come after freeing newSlots */
+    if (mark) {
+        PORT_ArenaRelease(mod->arena, mark);
+    }
+    return SECFailure;
+}
+
+/*
+ * this handles modules that do not support C_WaitForSlotEvent().
+ * The internal flags are stored. Note that C_WaitForSlotEvent() does not
+ * have a timeout, so we don't have one for handleWaitForSlotEvent() either.
+ */
+PK11SlotInfo *
+secmod_HandleWaitForSlotEvent(SECMODModule *mod, unsigned long flags,
+                              PRIntervalTime latency)
+{
+    PRBool removableSlotsFound = PR_FALSE;
+    int i;
+    int error = SEC_ERROR_NO_EVENT;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return NULL;
+    }
+    PZ_Lock(mod->refLock);
+    if (mod->evControlMask & SECMOD_END_WAIT) {
+        mod->evControlMask &= ~SECMOD_END_WAIT;
+        PZ_Unlock(mod->refLock);
+        PORT_SetError(SEC_ERROR_NO_EVENT);
+        return NULL;
+    }
+    mod->evControlMask |= SECMOD_WAIT_SIMULATED_EVENT;
+    while (mod->evControlMask & SECMOD_WAIT_SIMULATED_EVENT) {
+        PZ_Unlock(mod->refLock);
+        /* now is a good time to see if new slots have been added */
+        SECMOD_UpdateSlotList(mod);
+
+        /* loop through all the slots on a module */
+        SECMOD_GetReadLock(moduleLock);
+        for (i = 0; i < mod->slotCount; i++) {
+            PK11SlotInfo *slot = mod->slots[i];
+            PRUint16 series;
+            PRBool present;
+
+            /* perm modules do not change */
+            if (slot->isPerm) {
+                continue;
+            }
+            removableSlotsFound = PR_TRUE;
+            /* simulate the PKCS #11 module flags. are the flags different
+             * from the last time we called? */
+            series = slot->series;
+            present = PK11_IsPresent(slot);
+            if ((slot->flagSeries != series) || (slot->flagState != present)) {
+                slot->flagState = present;
+                slot->flagSeries = series;
+                SECMOD_ReleaseReadLock(moduleLock);
+                PZ_Lock(mod->refLock);
+                mod->evControlMask &= ~SECMOD_END_WAIT;
+                PZ_Unlock(mod->refLock);
+                return PK11_ReferenceSlot(slot);
+            }
+        }
+        SECMOD_ReleaseReadLock(moduleLock);
+        /* if everything was perm modules, don't lock up forever */
+        if ((mod->slotCount != 0) && !removableSlotsFound) {
+            error = SEC_ERROR_NO_SLOT_SELECTED;
+            PZ_Lock(mod->refLock);
+            break;
+        }
+        if (flags & CKF_DONT_BLOCK) {
+            PZ_Lock(mod->refLock);
+            break;
+        }
+        PR_Sleep(latency);
+        PZ_Lock(mod->refLock);
+    }
+    mod->evControlMask &= ~SECMOD_END_WAIT;
+    PZ_Unlock(mod->refLock);
+    PORT_SetError(error);
+    return NULL;
+}
+
+/*
+ * this function waits for a token event on any slot of a given module
+ * This function should not be called from more than one thread of the
+ * same process (though other threads can make other library calls
+ * on this module while this call is blocked).
+ */
+PK11SlotInfo *
+SECMOD_WaitForAnyTokenEvent(SECMODModule *mod, unsigned long flags,
+                            PRIntervalTime latency)
+{
+    CK_SLOT_ID id;
+    CK_RV crv;
+    PK11SlotInfo *slot;
+
+    if (!pk11_getFinalizeModulesOption() ||
+        ((mod->cryptokiVersion.major == 2) &&
+         (mod->cryptokiVersion.minor < 1))) {
+        /* if we are sharing the module with other software in our
+         * address space, we can't reliably use C_WaitForSlotEvent(),
+         * and if the module is version 2.0, C_WaitForSlotEvent() doesn't
+         * exist */
+        return secmod_HandleWaitForSlotEvent(mod, flags, latency);
+    }
+    /* first the the PKCS #11 call */
+    PZ_Lock(mod->refLock);
+    if (mod->evControlMask & SECMOD_END_WAIT) {
+        goto end_wait;
+    }
+    mod->evControlMask |= SECMOD_WAIT_PKCS11_EVENT;
+    PZ_Unlock(mod->refLock);
+    crv = PK11_GETTAB(mod)->C_WaitForSlotEvent(flags, &id, NULL);
+    PZ_Lock(mod->refLock);
+    mod->evControlMask &= ~SECMOD_WAIT_PKCS11_EVENT;
+    /* if we are in end wait, short circuit now, don't even risk
+     * going into secmod_HandleWaitForSlotEvent */
+    if (mod->evControlMask & SECMOD_END_WAIT) {
+        goto end_wait;
+    }
+    PZ_Unlock(mod->refLock);
+    if (crv == CKR_FUNCTION_NOT_SUPPORTED) {
+        /* module doesn't support that call, simulate it */
+        return secmod_HandleWaitForSlotEvent(mod, flags, latency);
+    }
+    if (crv != CKR_OK) {
+        /* we can get this error if finalize was called while we were
+         * still running. This is the only way to force a C_WaitForSlotEvent()
+         * to return in PKCS #11. In this case, just return that there
+         * was no event. */
+        if (crv == CKR_CRYPTOKI_NOT_INITIALIZED) {
+            PORT_SetError(SEC_ERROR_NO_EVENT);
+        } else {
+            PORT_SetError(PK11_MapError(crv));
+        }
+        return NULL;
+    }
+    slot = SECMOD_FindSlotByID(mod, id);
+    if (slot == NULL) {
+        /* possibly a new slot that was added? */
+        SECMOD_UpdateSlotList(mod);
+        slot = SECMOD_FindSlotByID(mod, id);
+    }
+    /* if we are in the delay period for the "isPresent" call, reset
+     * the delay since we know things have probably changed... */
+    if (slot && slot->nssToken && slot->nssToken->slot) {
+        nssSlot_ResetDelay(slot->nssToken->slot);
+    }
+    return slot;
+
+/* must be called with the lock on. */
+end_wait:
+    mod->evControlMask &= ~SECMOD_END_WAIT;
+    PZ_Unlock(mod->refLock);
+    PORT_SetError(SEC_ERROR_NO_EVENT);
+    return NULL;
+}
+
+/*
+ * This function "wakes up" WaitForAnyTokenEvent. It's a pretty drastic
+ * function, possibly bringing down the pkcs #11 module in question. This
+ * should be OK because 1) it does reinitialize, and 2) it should only be
+ * called when we are on our way to tear the whole system down anyway.
+ */
+SECStatus
+SECMOD_CancelWait(SECMODModule *mod)
+{
+    unsigned long controlMask;
+    SECStatus rv = SECSuccess;
+    CK_RV crv;
+
+    PZ_Lock(mod->refLock);
+    mod->evControlMask |= SECMOD_END_WAIT;
+    controlMask = mod->evControlMask;
+    if (controlMask & SECMOD_WAIT_PKCS11_EVENT) {
+        if (!pk11_getFinalizeModulesOption()) {
+            /* can't get here unless pk11_getFinalizeModulesOption is set */
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            rv = SECFailure;
+            goto loser;
+        }
+        /* NOTE: this call will drop all transient keys, in progress
+         * operations, and any authentication. This is the only documented
+         * way to get WaitForSlotEvent to return. Also note: for non-thread
+         * safe tokens, we need to hold the module lock, this is not yet at
+         * system shutdown/startup time, so we need to protect these calls */
+        crv = PK11_GETTAB(mod)->C_Finalize(NULL);
+        /* ok, we slammed the module down, now we need to reinit it in case
+         * we intend to use it again */
+        if (CKR_OK == crv) {
+            PRBool alreadyLoaded;
+            secmod_ModuleInit(mod, NULL, &alreadyLoaded);
+        } else {
+            /* Finalized failed for some reason,  notify the application
+             * so maybe it has a prayer of recovering... */
+            PORT_SetError(PK11_MapError(crv));
+            rv = SECFailure;
+        }
+    } else if (controlMask & SECMOD_WAIT_SIMULATED_EVENT) {
+        mod->evControlMask &= ~SECMOD_WAIT_SIMULATED_EVENT;
+        /* Simulated events will eventually timeout
+         * and wake up in the loop */
+    }
+loser:
+    PZ_Unlock(mod->refLock);
+    return rv;
+}
+
+/*
+ * check to see if the module has removable slots that we may need to
+ * watch for.
+ */
+PRBool
+SECMOD_HasRemovableSlots(SECMODModule *mod)
+{
+    int i;
+    PRBool ret = PR_FALSE;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return ret;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    for (i = 0; i < mod->slotCount; i++) {
+        PK11SlotInfo *slot = mod->slots[i];
+        /* perm modules are not inserted or removed */
+        if (slot->isPerm) {
+            continue;
+        }
+        ret = PR_TRUE;
+        break;
+    }
+    if (mod->slotCount == 0) {
+        ret = PR_TRUE;
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+    return ret;
+}
+
+/*
+ * helper function to actually create and destroy user defined slots
+ */
+static SECStatus
+secmod_UserDBOp(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass,
+                const char *sendSpec)
+{
+    CK_OBJECT_HANDLE dummy;
+    CK_ATTRIBUTE template[2];
+    CK_ATTRIBUTE *attrs = template;
+    CK_RV crv;
+
+    PK11_SETATTRS(attrs, CKA_CLASS, &objClass, sizeof(objClass));
+    attrs++;
+    PK11_SETATTRS(attrs, CKA_NETSCAPE_MODULE_SPEC, (unsigned char *)sendSpec,
+                  strlen(sendSpec) + 1);
+    attrs++;
+
+    PORT_Assert(attrs - template <= 2);
+
+    PK11_EnterSlotMonitor(slot);
+    crv = PK11_CreateNewObject(slot, slot->session,
+                               template, attrs - template, PR_FALSE, &dummy);
+    PK11_ExitSlotMonitor(slot);
+
+    if (crv != CKR_OK) {
+        PORT_SetError(PK11_MapError(crv));
+        return SECFailure;
+    }
+    return SECMOD_UpdateSlotList(slot->module);
+}
+
+/*
+ * return true if the selected slot ID is not present or doesn't exist
+ */
+static PRBool
+secmod_SlotIsEmpty(SECMODModule *mod, CK_SLOT_ID slotID)
+{
+    PK11SlotInfo *slot = SECMOD_LookupSlot(mod->moduleID, slotID);
+    if (slot) {
+        PRBool present = PK11_IsPresent(slot);
+        PK11_FreeSlot(slot);
+        if (present) {
+            return PR_FALSE;
+        }
+    }
+    /* it doesn't exist or isn't present, it's available */
+    return PR_TRUE;
+}
+
+/*
+ * Find an unused slot id in module.
+ */
+static CK_SLOT_ID
+secmod_FindFreeSlot(SECMODModule *mod)
+{
+    CK_SLOT_ID i, minSlotID, maxSlotID;
+
+    /* look for a free slot id on the internal module */
+    if (mod->internal && mod->isFIPS) {
+        minSlotID = SFTK_MIN_FIPS_USER_SLOT_ID;
+        maxSlotID = SFTK_MAX_FIPS_USER_SLOT_ID;
+    } else {
+        minSlotID = SFTK_MIN_USER_SLOT_ID;
+        maxSlotID = SFTK_MAX_USER_SLOT_ID;
+    }
+    for (i = minSlotID; i < maxSlotID; i++) {
+        if (secmod_SlotIsEmpty(mod, i)) {
+            return i;
+        }
+    }
+    PORT_SetError(SEC_ERROR_NO_SLOT_SELECTED);
+    return (CK_SLOT_ID)-1;
+}
+
+/*
+ * Attempt to open a new slot.
+ *
+ * This works the same os OpenUserDB except it can be called against
+ * any module that understands the softoken protocol for opening new
+ * slots, not just the softoken itself. If the selected module does not
+ * understand the protocol, C_CreateObject will fail with
+ * CKR_INVALID_ATTRIBUTE, and SECMOD_OpenNewSlot will return NULL and set
+ * SEC_ERROR_BAD_DATA.
+ *
+ * NewSlots can be closed with SECMOD_CloseUserDB();
+ *
+ * Modulespec is module dependent.
+ */
+PK11SlotInfo *
+SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec)
+{
+    CK_SLOT_ID slotID = 0;
+    PK11SlotInfo *slot;
+    char *escSpec;
+    char *sendSpec;
+    SECStatus rv;
+
+    slotID = secmod_FindFreeSlot(mod);
+    if (slotID == (CK_SLOT_ID)-1) {
+        return NULL;
+    }
+
+    if (mod->slotCount == 0) {
+        return NULL;
+    }
+
+    /* just grab the first slot in the module, any present slot should work */
+    slot = PK11_ReferenceSlot(mod->slots[0]);
+    if (slot == NULL) {
+        return NULL;
+    }
+
+    /* we've found the slot, now build the moduleSpec */
+    escSpec = NSSUTIL_DoubleEscape(moduleSpec, '>', ']');
+    if (escSpec == NULL) {
+        PK11_FreeSlot(slot);
+        return NULL;
+    }
+    sendSpec = PR_smprintf("tokens=[0x%x=<%s>]", slotID, escSpec);
+    PORT_Free(escSpec);
+
+    if (sendSpec == NULL) {
+        /* PR_smprintf does not set SEC_ERROR_NO_MEMORY on failure. */
+        PK11_FreeSlot(slot);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    rv = secmod_UserDBOp(slot, CKO_NETSCAPE_NEWSLOT, sendSpec);
+    PR_smprintf_free(sendSpec);
+    PK11_FreeSlot(slot);
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    slot = SECMOD_FindSlotByID(mod, slotID);
+    if (slot) {
+        /* if we are in the delay period for the "isPresent" call, reset
+         * the delay since we know things have probably changed... */
+        if (slot->nssToken && slot->nssToken->slot) {
+            nssSlot_ResetDelay(slot->nssToken->slot);
+        }
+        /* force the slot info structures to properly reset */
+        (void)PK11_IsPresent(slot);
+    }
+    return slot;
+}
+
+/*
+ * given a module spec, find the slot in the module for it.
+ */
+PK11SlotInfo *
+secmod_FindSlotFromModuleSpec(const char *moduleSpec, SECMODModule *module)
+{
+    CK_SLOT_ID slot_id = secmod_GetSlotIDFromModuleSpec(moduleSpec, module);
+    if (slot_id == -1) {
+        return NULL;
+    }
+
+    return SECMOD_FindSlotByID(module, slot_id);
+}
+
+/*
+ * Open a new database using the softoken. The caller is responsible for making
+ * sure the module spec is correct and usable. The caller should ask for one
+ * new database per call if the caller wants to get meaningful information
+ * about the new database.
+ *
+ * moduleSpec is the same data that you would pass to softoken at
+ * initialization time under the 'tokens' options. For example, if you were
+ * to specify tokens=<0x4=[configdir='./mybackup' tokenDescription='Backup']>
+ * You would specify "configdir='./mybackup' tokenDescription='Backup'" as your
+ * module spec here. The slot ID will be calculated for you by
+ * SECMOD_OpenUserDB().
+ *
+ * Typical parameters here are configdir, tokenDescription and flags.
+ *
+ * a Full list is below:
+ *
+ *
+ *  configDir - The location of the databases for this token. If configDir is
+ *         not specified, and noCertDB and noKeyDB is not specified, the load
+ *         will fail.
+ *   certPrefix - Cert prefix for this token.
+ *   keyPrefix - Prefix for the key database for this token. (if not specified,
+ *         certPrefix will be used).
+ *   tokenDescription - The label value for this token returned in the
+ *         CK_TOKEN_INFO structure with an internationalize string (UTF8).
+ *         This value will be truncated at 32 bytes (no NULL, partial UTF8
+ *         characters dropped). You should specify a user friendly name here
+ *         as this is the value the token will be referred to in most
+ *         application UI's. You should make sure tokenDescription is unique.
+ *   slotDescription - The slotDescription value for this token returned
+ *         in the CK_SLOT_INFO structure with an internationalize string
+ *         (UTF8). This value will be truncated at 64 bytes (no NULL, partial
+ *         UTF8 characters dropped). This name will not change after the
+ *         database is closed. It should have some number to make this unique.
+ *   minPWLen - minimum password length for this token.
+ *   flags - comma separated list of flag values, parsed case-insensitive.
+ *         Valid flags are:
+ *              readOnly - Databases should be opened read only.
+ *              noCertDB - Don't try to open a certificate database.
+ *              noKeyDB - Don't try to open a key database.
+ *              forceOpen - Don't fail to initialize the token if the
+ *                databases could not be opened.
+ *              passwordRequired - zero length passwords are not acceptable
+ *                (valid only if there is a keyDB).
+ *              optimizeSpace - allocate smaller hash tables and lock tables.
+ *                When this flag is not specified, Softoken will allocate
+ *                large tables to prevent lock contention.
+ */
+PK11SlotInfo *
+SECMOD_OpenUserDB(const char *moduleSpec)
+{
+    SECMODModule *mod;
+    SECMODConfigList *conflist = NULL;
+    int count = 0;
+
+    if (moduleSpec == NULL) {
+        return NULL;
+    }
+
+    /* NOTE: unlike most PK11 function, this does not return a reference
+     * to the module */
+    mod = SECMOD_GetInternalModule();
+    if (!mod) {
+        /* shouldn't happen */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+
+    /* make sure we don't open the same database twice. We only understand 
+     * the moduleSpec for internal databases well enough to do this, so only
+     * do this in OpenUserDB */
+    conflist = secmod_GetConfigList(mod->isFIPS, mod->libraryParams, &count);
+    if (conflist) {
+        PK11SlotInfo *slot = NULL;
+        if (secmod_MatchConfigList(moduleSpec, conflist, count)) {
+            slot = secmod_FindSlotFromModuleSpec(moduleSpec, mod);
+        }
+        secmod_FreeConfigList(conflist, count);
+        if (slot) {
+            return slot;
+        }
+    }
+    return SECMOD_OpenNewSlot(mod, moduleSpec);
+}
+
+/*
+ * close an already opened user database. NOTE: the database must be
+ * in the internal token, and must be one created with SECMOD_OpenUserDB().
+ * Once the database is closed, the slot will remain as an empty slot
+ * until it's used again with SECMOD_OpenUserDB() or SECMOD_OpenNewSlot().
+ */
+SECStatus
+SECMOD_CloseUserDB(PK11SlotInfo *slot)
+{
+    SECStatus rv;
+    char *sendSpec;
+
+    sendSpec = PR_smprintf("tokens=[0x%x=<>]", slot->slotID);
+    if (sendSpec == NULL) {
+        /* PR_smprintf does not set no memory error */
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    rv = secmod_UserDBOp(slot, CKO_NETSCAPE_DELSLOT, sendSpec);
+    PR_smprintf_free(sendSpec);
+    /* if we are in the delay period for the "isPresent" call, reset
+     * the delay since we know things have probably changed... */
+    if (slot->nssToken && slot->nssToken->slot) {
+        nssSlot_ResetDelay(slot->nssToken->slot);
+        /* force the slot info structures to properly reset */
+        (void)PK11_IsPresent(slot);
+    }
+    return rv;
+}
+
+/*
+ * Restart PKCS #11 modules after a fork(). See secmod.h for more information.
+ */
+SECStatus
+SECMOD_RestartModules(PRBool force)
+{
+    SECMODModuleList *mlp;
+    SECStatus rrv = SECSuccess;
+    int lastError = 0;
+
+    if (!moduleLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+
+    /* Only need to restart the PKCS #11 modules that were initialized */
+    SECMOD_GetReadLock(moduleLock);
+    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
+        SECMODModule *mod = mlp->module;
+        CK_ULONG count;
+        SECStatus rv;
+        int i;
+
+        /* If the module needs to be reset, do so */
+        if (force || (PK11_GETTAB(mod)->C_GetSlotList(CK_FALSE, NULL, &count) != CKR_OK)) {
+            PRBool alreadyLoaded;
+            /* first call Finalize. This is not required by PKCS #11, but some
+             * older modules require it, and it doesn't hurt (compliant modules
+             * will return CKR_NOT_INITIALIZED */
+            (void)PK11_GETTAB(mod)->C_Finalize(NULL);
+            /* now initialize the module, this function reinitializes
+             * a module in place, preserving existing slots (even if they
+             * no longer exist) */
+            rv = secmod_ModuleInit(mod, NULL, &alreadyLoaded);
+            if (rv != SECSuccess) {
+                /* save the last error code */
+                lastError = PORT_GetError();
+                rrv = rv;
+                /* couldn't reinit the module, disable all its slots */
+                for (i = 0; i < mod->slotCount; i++) {
+                    mod->slots[i]->disabled = PR_TRUE;
+                    mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
+                }
+                continue;
+            }
+            for (i = 0; i < mod->slotCount; i++) {
+                /* get new token sessions, bump the series up so that
+                 * we refresh other old sessions. This will tell much of
+                 * NSS to flush cached handles it may hold as well */
+                rv = PK11_InitToken(mod->slots[i], PR_TRUE);
+                /* PK11_InitToken could fail if the slot isn't present.
+                 * If it is present, though, something is wrong and we should
+                 * disable the slot and let the caller know. */
+                if (rv != SECSuccess && PK11_IsPresent(mod->slots[i])) {
+                    /* save the last error code */
+                    lastError = PORT_GetError();
+                    rrv = rv;
+                    /* disable the token */
+                    mod->slots[i]->disabled = PR_TRUE;
+                    mod->slots[i]->reason = PK11_DIS_COULD_NOT_INIT_TOKEN;
+                }
+            }
+        }
+    }
+    SECMOD_ReleaseReadLock(moduleLock);
+
+    /*
+     * on multiple failures, we are only returning the lastError. The caller
+     * can determine which slots are bad by calling PK11_IsDisabled().
+     */
+    if (rrv != SECSuccess) {
+        /* restore the last error code */
+        PORT_SetError(lastError);
+    }
+
+    return rrv;
+}
diff --git a/nss/lib/pk11wrap/pk11wrap.gyp b/nss/lib/pk11wrap/pk11wrap.gyp
new file mode 100644
index 0000000..35fdace
--- /dev/null
+++ b/nss/lib/pk11wrap/pk11wrap.gyp
@@ -0,0 +1,70 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pk11wrap_static',
+      'type': 'static_library',
+      'defines': [
+        'NSS_TEST_BUILD',
+      ],
+      'dependencies': [
+        'pk11wrap_base',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/softoken/softoken.gyp:softokn_static',
+      ],
+    },
+    {
+      'target_name': 'pk11wrap',
+      'type': 'static_library',
+      'dependencies': [
+        'pk11wrap_base',
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ],
+    },
+    {
+      'target_name': 'pk11wrap_base',
+      'type': 'none',
+      'direct_dependent_settings': {
+        'sources': [
+          'dev3hack.c',
+          'pk11akey.c',
+          'pk11auth.c',
+          'pk11cert.c',
+          'pk11cxt.c',
+          'pk11err.c',
+          'pk11kea.c',
+          'pk11list.c',
+          'pk11load.c',
+          'pk11mech.c',
+          'pk11merge.c',
+          'pk11nobj.c',
+          'pk11obj.c',
+          'pk11pars.c',
+          'pk11pbe.c',
+          'pk11pk12.c',
+          'pk11pqg.c',
+          'pk11sdr.c',
+          'pk11skey.c',
+          'pk11slot.c',
+          'pk11util.c'
+        ],
+      },
+    },
+  ],
+  'target_defaults': {
+    'defines': [
+      'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+      'SHLIB_PREFIX=\"<(dll_prefix)\"',
+      'SHLIB_VERSION=\"3\"',
+      'SOFTOKEN_SHLIB_VERSION=\"3\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/pk11wrap/secmod.h b/nss/lib/pk11wrap/secmod.h
new file mode 100644
index 0000000..fcc7707
--- /dev/null
+++ b/nss/lib/pk11wrap/secmod.h
@@ -0,0 +1,167 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _SECMOD_H_
+#define _SECMOD_H_
+#include "seccomon.h"
+#include "secmodt.h"
+#include "prinrval.h"
+
+/* These mechanisms flags are visible to all other libraries. */
+/* They must be converted to internal SECMOD_*_FLAG */
+/* if used inside the functions of the security library */
+#define PUBLIC_MECH_RSA_FLAG 0x00000001ul
+#define PUBLIC_MECH_DSA_FLAG 0x00000002ul
+#define PUBLIC_MECH_RC2_FLAG 0x00000004ul
+#define PUBLIC_MECH_RC4_FLAG 0x00000008ul
+#define PUBLIC_MECH_DES_FLAG 0x00000010ul
+#define PUBLIC_MECH_DH_FLAG 0x00000020ul
+#define PUBLIC_MECH_FORTEZZA_FLAG 0x00000040ul
+#define PUBLIC_MECH_RC5_FLAG 0x00000080ul
+#define PUBLIC_MECH_SHA1_FLAG 0x00000100ul
+#define PUBLIC_MECH_MD5_FLAG 0x00000200ul
+#define PUBLIC_MECH_MD2_FLAG 0x00000400ul
+#define PUBLIC_MECH_SSL_FLAG 0x00000800ul
+#define PUBLIC_MECH_TLS_FLAG 0x00001000ul
+#define PUBLIC_MECH_AES_FLAG 0x00002000ul
+#define PUBLIC_MECH_SHA256_FLAG 0x00004000ul
+#define PUBLIC_MECH_SHA512_FLAG 0x00008000ul
+#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul
+#define PUBLIC_MECH_SEED_FLAG 0x00020000ul
+#define PUBLIC_MECH_ECC_FLAG 0x00040000ul
+
+#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul
+#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul
+#define PUBLIC_OWN_PW_DEFAULTS 0X20000000ul
+#define PUBLIC_DISABLE_FLAG 0x40000000ul
+
+/* warning: reserved means reserved */
+#define PUBLIC_MECH_RESERVED_FLAGS 0x87FF0000ul
+
+/* These cipher flags are visible to all other libraries, */
+/* But they must be converted before used in functions */
+/* withing the security module */
+#define PUBLIC_CIPHER_FORTEZZA_FLAG 0x00000001ul
+
+/* warning: reserved means reserved */
+#define PUBLIC_CIPHER_RESERVED_FLAGS 0xFFFFFFFEul
+
+SEC_BEGIN_PROTOS
+
+/*
+ * the following functions are going to be deprecated in NSS 4.0 in
+ * favor of the new stan functions.
+ */
+
+/* Initialization */
+extern SECMODModule *SECMOD_LoadModule(char *moduleSpec, SECMODModule *parent,
+                                       PRBool recurse);
+
+extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec, SECMODModule *parent,
+                                           PRBool recurse);
+
+SECStatus SECMOD_UnloadUserModule(SECMODModule *mod);
+
+SECMODModule *SECMOD_CreateModule(const char *lib, const char *name,
+                                  const char *param, const char *nss);
+SECMODModule *SECMOD_CreateModuleEx(const char *lib, const char *name,
+                                    const char *param, const char *nss,
+                                    const char *config);
+/*
+ * After a fork(), PKCS #11 says we need to call C_Initialize again in
+ * the child before we can use the module. This function causes this
+ * reinitialization.
+ * NOTE: Any outstanding handles will become invalid, which means your
+ * keys and contexts will fail, but new ones can be created.
+ *
+ * Setting 'force' to true means to do the reinitialization even if the
+ * PKCS #11 module does not seem to need it. This allows software modules
+ * which ignore fork to preserve their keys across the fork().
+ */
+SECStatus SECMOD_RestartModules(PRBool force);
+
+/* Module Management */
+char **SECMOD_GetModuleSpecList(SECMODModule *module);
+SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module, char **moduleSpecList);
+
+/* protoypes */
+/* Get a list of active PKCS #11 modules */
+extern SECMODModuleList *SECMOD_GetDefaultModuleList(void);
+/* Get a list of defined but not loaded PKCS #11 modules */
+extern SECMODModuleList *SECMOD_GetDeadModuleList(void);
+/* Get a list of Modules which define PKCS #11 modules to load */
+extern SECMODModuleList *SECMOD_GetDBModuleList(void);
+
+/* lock to protect all three module lists above */
+extern SECMODListLock *SECMOD_GetDefaultModuleListLock(void);
+
+extern SECStatus SECMOD_UpdateModule(SECMODModule *module);
+
+/* lock management */
+extern void SECMOD_GetReadLock(SECMODListLock *);
+extern void SECMOD_ReleaseReadLock(SECMODListLock *);
+
+/* Operate on modules by name */
+extern SECMODModule *SECMOD_FindModule(const char *name);
+extern SECStatus SECMOD_DeleteModule(const char *name, int *type);
+extern SECStatus SECMOD_DeleteModuleEx(const char *name,
+                                       SECMODModule *mod,
+                                       int *type,
+                                       PRBool permdb);
+extern SECStatus SECMOD_DeleteInternalModule(const char *name);
+extern PRBool SECMOD_CanDeleteInternalModule(void);
+extern SECStatus SECMOD_AddNewModule(const char *moduleName,
+                                     const char *dllPath,
+                                     unsigned long defaultMechanismFlags,
+                                     unsigned long cipherEnableFlags);
+extern SECStatus SECMOD_AddNewModuleEx(const char *moduleName,
+                                       const char *dllPath,
+                                       unsigned long defaultMechanismFlags,
+                                       unsigned long cipherEnableFlags,
+                                       char *modparms,
+                                       char *nssparms);
+
+/* database/memory management */
+extern SECMODModule *SECMOD_GetInternalModule(void);
+extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module);
+extern void SECMOD_DestroyModule(SECMODModule *module);
+extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module,
+                                       unsigned long slotID);
+extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module, const char *name);
+
+/* Funtion reports true if at least one of the modules */
+/* of modType has been installed */
+PRBool SECMOD_IsModulePresent(unsigned long int pubCipherEnableFlags);
+
+/* accessors */
+PRBool SECMOD_GetSkipFirstFlag(SECMODModule *mod);
+PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod);
+
+/* Functions used to convert between internal & public representation
+ * of Mechanism Flags and Cipher Enable Flags */
+extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags);
+extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
+extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags);
+
+PRBool SECMOD_HasRemovableSlots(SECMODModule *mod);
+PK11SlotInfo *SECMOD_WaitForAnyTokenEvent(SECMODModule *mod,
+                                          unsigned long flags, PRIntervalTime latency);
+/*
+ * Warning: the SECMOD_CancelWait function is highly destructive, potentially
+ * finalizing  the module 'mod' (causing inprogress operations to fail,
+ * and session key material to disappear). It should only be called when
+ * shutting down  the module.
+ */
+SECStatus SECMOD_CancelWait(SECMODModule *mod);
+/*
+ * check to see if the module has added new slots. PKCS 11 v2.20 allows for
+ * modules to add new slots, but never remove them. Slots not be added between
+ * a call to C_GetSlotLlist(Flag, NULL, &count) and the corresponding
+ * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently
+ * grow on the caller. It is permissible for the slots to increase between
+ * corresponding calls with NULL to get the size.
+ */
+SECStatus SECMOD_UpdateSlotList(SECMODModule *mod);
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pk11wrap/secmodi.h b/nss/lib/pk11wrap/secmodi.h
new file mode 100644
index 0000000..1225661
--- /dev/null
+++ b/nss/lib/pk11wrap/secmodi.h
@@ -0,0 +1,170 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal header file included only by files in pkcs11 dir, or in
+ * pkcs11 specific client and server files.
+ */
+#ifndef _SECMODI_H_
+#define _SECMODI_H_ 1
+#include "pkcs11.h"
+#include "nssilock.h"
+#include "secoidt.h"
+#include "secdert.h"
+#include "certt.h"
+#include "secmodt.h"
+#include "keyt.h"
+
+SEC_BEGIN_PROTOS
+
+/* proto-types */
+extern SECStatus SECMOD_DeletePermDB(SECMODModule *module);
+extern SECStatus SECMOD_AddPermDB(SECMODModule *module);
+extern SECStatus SECMOD_Shutdown(void);
+void nss_DumpModuleLog(void);
+
+extern int secmod_PrivateModuleCount;
+
+extern void SECMOD_Init(void);
+SECStatus secmod_ModuleInit(SECMODModule *mod, SECMODModule **oldModule,
+                            PRBool *alreadyLoaded);
+
+/* list managment */
+extern SECStatus SECMOD_AddModuleToList(SECMODModule *newModule);
+extern SECStatus SECMOD_AddModuleToDBOnlyList(SECMODModule *newModule);
+extern SECStatus SECMOD_AddModuleToUnloadList(SECMODModule *newModule);
+extern void SECMOD_RemoveList(SECMODModuleList **, SECMODModuleList *);
+extern void SECMOD_AddList(SECMODModuleList *, SECMODModuleList *, SECMODListLock *);
+extern SECMODListLock *SECMOD_NewListLock(void);
+extern void SECMOD_DestroyListLock(SECMODListLock *);
+extern void SECMOD_GetWriteLock(SECMODListLock *);
+extern void SECMOD_ReleaseWriteLock(SECMODListLock *);
+
+/* Operate on modules by name */
+extern SECMODModule *SECMOD_FindModuleByID(SECMODModuleID);
+extern SECMODModule *secmod_FindModuleByFuncPtr(void *funcPtr);
+
+/* database/memory management */
+extern SECMODModuleList *SECMOD_NewModuleListElement(void);
+extern SECMODModuleList *SECMOD_DestroyModuleListElement(SECMODModuleList *);
+extern void SECMOD_DestroyModuleList(SECMODModuleList *);
+extern SECStatus SECMOD_AddModule(SECMODModule *newModule);
+
+extern unsigned long SECMOD_InternaltoPubCipherFlags(unsigned long internalFlags);
+
+/* Library functions */
+SECStatus secmod_LoadPKCS11Module(SECMODModule *, SECMODModule **oldModule);
+SECStatus SECMOD_UnloadModule(SECMODModule *);
+void SECMOD_SetInternalModule(SECMODModule *);
+PRBool secmod_IsInternalKeySlot(SECMODModule *);
+void secmod_SetInternalKeySlotFlag(SECMODModule *mod, PRBool val);
+
+/* tools for checking if we are loading the same database twice */
+typedef struct SECMODConfigListStr SECMODConfigList;
+/* collect all the databases in a given spec */
+SECMODConfigList *secmod_GetConfigList(PRBool isFIPS, char *spec, int *count);
+/* see is a spec matches a database on the list */
+PRBool secmod_MatchConfigList(const char *spec,
+                              SECMODConfigList *conflist, int count);
+/* returns the slot id from a module and modulespec */
+CK_SLOT_ID secmod_GetSlotIDFromModuleSpec(const char *moduleSpec, SECMODModule *module);
+/* free our list of databases */
+void secmod_FreeConfigList(SECMODConfigList *conflist, int count);
+
+/* parsing parameters */
+/* returned char * must be freed by caller with PORT_Free */
+/* children and ids are null terminated arrays which must be freed with
+ * secmod_FreeChildren */
+char *secmod_ParseModuleSpecForTokens(PRBool convert,
+                                      PRBool isFIPS,
+                                      const char *moduleSpec,
+                                      char ***children,
+                                      CK_SLOT_ID **ids);
+void secmod_FreeChildren(char **children, CK_SLOT_ID *ids);
+char *secmod_MkAppendTokensList(PLArenaPool *arena, char *origModuleSpec,
+                                char *newModuleSpec, CK_SLOT_ID newID,
+                                char **children, CK_SLOT_ID *ids);
+
+void SECMOD_SlotDestroyModule(SECMODModule *module, PRBool fromSlot);
+CK_RV pk11_notify(CK_SESSION_HANDLE session, CK_NOTIFICATION event,
+                  CK_VOID_PTR pdata);
+void pk11_SignedToUnsigned(CK_ATTRIBUTE *attrib);
+CK_OBJECT_HANDLE pk11_FindObjectByTemplate(PK11SlotInfo *slot,
+                                           CK_ATTRIBUTE *inTemplate, int tsize);
+CK_OBJECT_HANDLE *pk11_FindObjectsByTemplate(PK11SlotInfo *slot,
+                                             CK_ATTRIBUTE *inTemplate, int tsize, int *objCount);
+
+#define PK11_GETTAB(x) ((CK_FUNCTION_LIST_PTR)((x)->functionList))
+#define PK11_SETATTRS(x, id, v, l) \
+    (x)->type = (id);              \
+    (x)->pValue = (v);             \
+    (x)->ulValueLen = (l);
+SECStatus PK11_CreateNewObject(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
+                               const CK_ATTRIBUTE *theTemplate, int count,
+                               PRBool token, CK_OBJECT_HANDLE *objectID);
+
+SECStatus pbe_PK11AlgidToParam(SECAlgorithmID *algid, SECItem *mech);
+SECStatus PBE_PK11ParamToAlgid(SECOidTag algTag, SECItem *param,
+                               PLArenaPool *arena, SECAlgorithmID *algId);
+
+PK11SymKey *pk11_TokenKeyGenWithFlagsAndKeyType(PK11SlotInfo *slot,
+                                                CK_MECHANISM_TYPE type, SECItem *param, CK_KEY_TYPE keyType,
+                                                int keySize, SECItem *keyId, CK_FLAGS opFlags,
+                                                PK11AttrFlags attrFlags, void *wincx);
+
+CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid,
+                                             SECItem **param, SECItem *pwd, PRBool faulty3DES);
+
+extern void pk11sdr_Init(void);
+extern void pk11sdr_Shutdown(void);
+
+/*
+ * Private to pk11wrap.
+ */
+
+PRBool pk11_LoginStillRequired(PK11SlotInfo *slot, void *wincx);
+CK_SESSION_HANDLE pk11_GetNewSession(PK11SlotInfo *slot, PRBool *owner);
+void pk11_CloseSession(PK11SlotInfo *slot, CK_SESSION_HANDLE sess, PRBool own);
+PK11SymKey *pk11_ForceSlot(PK11SymKey *symKey, CK_MECHANISM_TYPE type,
+                           CK_ATTRIBUTE_TYPE operation);
+/* Convert key operation flags to PKCS #11 attributes. */
+unsigned int pk11_OpFlagsToAttributes(CK_FLAGS flags,
+                                      CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue);
+/* Check for bad (conflicting) attribute flags */
+PRBool pk11_BadAttrFlags(PK11AttrFlags attrFlags);
+/* Convert key attribute flags to PKCS #11 attributes. */
+unsigned int pk11_AttrFlagsToAttributes(PK11AttrFlags attrFlags,
+                                        CK_ATTRIBUTE *attrs, CK_BBOOL *ckTrue, CK_BBOOL *ckFalse);
+PRBool pk11_FindAttrInTemplate(CK_ATTRIBUTE *attr, unsigned int numAttrs,
+                               CK_ATTRIBUTE_TYPE target);
+
+CK_MECHANISM_TYPE pk11_mapWrapKeyType(KeyType keyType);
+PK11SymKey *pk11_KeyExchange(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
+                             CK_ATTRIBUTE_TYPE operation, CK_FLAGS flags, PRBool isPerm,
+                             PK11SymKey *symKey);
+
+PRBool pk11_HandleTrustObject(PK11SlotInfo *slot, CERTCertificate *cert,
+                              CERTCertTrust *trust);
+CK_OBJECT_HANDLE pk11_FindPubKeyByAnyCert(CERTCertificate *cert,
+                                          PK11SlotInfo **slot, void *wincx);
+SECStatus pk11_AuthenticateUnfriendly(PK11SlotInfo *slot, PRBool loadCerts,
+                                      void *wincx);
+int PK11_NumberObjectsFor(PK11SlotInfo *slot, CK_ATTRIBUTE *findTemplate,
+                          int templateCount);
+SECItem *pk11_GetLowLevelKeyFromHandle(PK11SlotInfo *slot,
+                                       CK_OBJECT_HANDLE handle);
+SECStatus PK11_TraverseSlot(PK11SlotInfo *slot, void *arg);
+CK_OBJECT_HANDLE pk11_FindPrivateKeyFromCertID(PK11SlotInfo *slot,
+                                               SECItem *keyID);
+SECKEYPrivateKey *PK11_MakePrivKey(PK11SlotInfo *slot, KeyType keyType,
+                                   PRBool isTemp, CK_OBJECT_HANDLE privID, void *wincx);
+CERTCertificate *PK11_MakeCertFromHandle(PK11SlotInfo *slot,
+                                         CK_OBJECT_HANDLE certID, CK_ATTRIBUTE *privateLabel);
+
+SECItem *pk11_GenerateNewParamWithKeyLen(CK_MECHANISM_TYPE type, int keyLen);
+SECItem *pk11_ParamFromIVWithLen(CK_MECHANISM_TYPE type,
+                                 SECItem *iv, int keyLen);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pk11wrap/secmodt.h b/nss/lib/pk11wrap/secmodt.h
new file mode 100644
index 0000000..23abe30
--- /dev/null
+++ b/nss/lib/pk11wrap/secmodt.h
@@ -0,0 +1,444 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _SECMODT_H_
+#define _SECMODT_H_ 1
+
+#include "nssrwlkt.h"
+#include "nssilckt.h"
+#include "secoid.h"
+#include "secasn1.h"
+#include "pkcs11t.h"
+#include "utilmodt.h"
+
+SEC_BEGIN_PROTOS
+
+/* find a better home for these... */
+extern const SEC_ASN1Template SECKEY_PointerToEncryptedPrivateKeyInfoTemplate[];
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate)
+extern const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[];
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_EncryptedPrivateKeyInfoTemplate)
+extern const SEC_ASN1Template SECKEY_PrivateKeyInfoTemplate[];
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PrivateKeyInfoTemplate)
+extern const SEC_ASN1Template SECKEY_PointerToPrivateKeyInfoTemplate[];
+SEC_ASN1_CHOOSER_DECLARE(SECKEY_PointerToPrivateKeyInfoTemplate)
+
+SEC_END_PROTOS
+
+/* PKCS11 needs to be included */
+typedef struct SECMODModuleStr SECMODModule;
+typedef struct SECMODModuleListStr SECMODModuleList;
+typedef NSSRWLock SECMODListLock;
+typedef struct PK11SlotInfoStr PK11SlotInfo;          /* defined in secmodti.h */
+typedef struct NSSUTILPreSlotInfoStr PK11PreSlotInfo; /* defined in secmodti.h */
+typedef struct PK11SymKeyStr PK11SymKey;              /* defined in secmodti.h */
+typedef struct PK11ContextStr PK11Context;            /* defined in secmodti.h */
+typedef struct PK11SlotListStr PK11SlotList;
+typedef struct PK11SlotListElementStr PK11SlotListElement;
+typedef struct PK11RSAGenParamsStr PK11RSAGenParams;
+typedef unsigned long SECMODModuleID;
+typedef struct PK11DefaultArrayEntryStr PK11DefaultArrayEntry;
+typedef struct PK11GenericObjectStr PK11GenericObject;
+typedef void (*PK11FreeDataFunc)(void *);
+
+struct SECMODModuleStr {
+    PLArenaPool *arena;
+    PRBool internal;           /* true of internally linked modules, false
+                                * for the loaded modules */
+    PRBool loaded;             /* Set to true if module has been loaded */
+    PRBool isFIPS;             /* Set to true if module is finst internal */
+    char *dllName;             /* name of the shared library which implements
+                                * this module */
+    char *commonName;          /* name of the module to display to the user */
+    void *library;             /* pointer to the library. opaque. used only by
+                                * pk11load.c */
+    void *functionList;        /* The PKCS #11 function table */
+    PZLock *refLock;           /* only used pk11db.c */
+    int refCount;              /* Module reference count */
+    PK11SlotInfo **slots;      /* array of slot points attached to this mod*/
+    int slotCount;             /* count of slot in above array */
+    PK11PreSlotInfo *slotInfo; /* special info about slots default settings */
+    int slotInfoCount;         /* count */
+    SECMODModuleID moduleID;   /* ID so we can find this module again */
+    PRBool isThreadSafe;
+    unsigned long ssl[2];        /* SSL cipher enable flags */
+    char *libraryParams;         /* Module specific parameters */
+    void *moduleDBFunc;          /* function to return module configuration data*/
+    SECMODModule *parent;        /* module that loaded us */
+    PRBool isCritical;           /* This module must load successfully */
+    PRBool isModuleDB;           /* this module has lists of PKCS #11 modules */
+    PRBool moduleDBOnly;         /* this module only has lists of PKCS #11 modules */
+    int trustOrder;              /* order for this module's certificate trust rollup */
+    int cipherOrder;             /* order for cipher operations */
+    unsigned long evControlMask; /* control the running and shutdown of slot
+                                  * events (SECMOD_WaitForAnyTokenEvent) */
+    CK_VERSION cryptokiVersion;  /* version of this library */
+};
+
+/* evControlMask flags */
+/*
+ * These bits tell the current state of a SECMOD_WaitForAnyTokenEvent.
+ *
+ * SECMOD_WAIT_PKCS11_EVENT - we're waiting in the PKCS #11 module in
+ *  C_WaitForSlotEvent().
+ * SECMOD_WAIT_SIMULATED_EVENT - we're waiting in the NSS simulation code
+ *  which polls for token insertion and removal events.
+ * SECMOD_END_WAIT - SECMOD_CancelWait has been called while the module is
+ *  waiting in SECMOD_WaitForAnyTokenEvent. SECMOD_WaitForAnyTokenEvent
+ *  should return immediately to it's caller.
+ */
+#define SECMOD_END_WAIT 0x01
+#define SECMOD_WAIT_SIMULATED_EVENT 0x02
+#define SECMOD_WAIT_PKCS11_EVENT 0x04
+
+struct SECMODModuleListStr {
+    SECMODModuleList *next;
+    SECMODModule *module;
+};
+
+struct PK11SlotListStr {
+    PK11SlotListElement *head;
+    PK11SlotListElement *tail;
+    PZLock *lock;
+};
+
+struct PK11SlotListElementStr {
+    PK11SlotListElement *next;
+    PK11SlotListElement *prev;
+    PK11SlotInfo *slot;
+    int refCount;
+};
+
+struct PK11RSAGenParamsStr {
+    int keySizeInBits;
+    unsigned long pe;
+};
+
+typedef enum {
+    PK11CertListUnique = 0,     /* get one instance of all certs */
+    PK11CertListUser = 1,       /* get all instances of user certs */
+    PK11CertListRootUnique = 2, /* get one instance of CA certs without a private key.
+                                 * deprecated. Use PK11CertListCAUnique
+                                 */
+    PK11CertListCA = 3,         /* get all instances of CA certs */
+    PK11CertListCAUnique = 4,   /* get one instance of CA certs */
+    PK11CertListUserUnique = 5, /* get one instance of user certs */
+    PK11CertListAll = 6         /* get all instances of all certs */
+} PK11CertListType;
+
+/*
+ * Entry into the array which lists all the legal bits for the default flags
+ * in the slot, their definition, and the PKCS #11 mechanism they represent.
+ * Always statically allocated.
+ */
+struct PK11DefaultArrayEntryStr {
+    const char *name;
+    unsigned long flag;
+    unsigned long mechanism; /* this is a long so we don't include the
+                              * whole pkcs 11 world to use this header */
+};
+
+/*
+ * PK11AttrFlags
+ *
+ * A 32-bit bitmask of PK11_ATTR_XXX flags
+ */
+typedef PRUint32 PK11AttrFlags;
+
+/*
+ * PK11_ATTR_XXX
+ *
+ * The following PK11_ATTR_XXX bitflags are used to specify
+ * PKCS #11 object attributes that have Boolean values.  Some NSS
+ * functions have a "PK11AttrFlags attrFlags" parameter whose value
+ * is the logical OR of these bitflags.  NSS use these bitflags on
+ * private keys or secret keys.  Some of these bitflags also apply
+ * to the public keys associated with the private keys.
+ *
+ * For each PKCS #11 object attribute, we need two bitflags to
+ * specify not only "true" and "false" but also "default".  For
+ * example, PK11_ATTR_PRIVATE and PK11_ATTR_PUBLIC control the
+ * CKA_PRIVATE attribute.  If PK11_ATTR_PRIVATE is set, we add
+ *     { CKA_PRIVATE, &cktrue, sizeof(CK_BBOOL) }
+ * to the template.  If PK11_ATTR_PUBLIC is set, we add
+ *     { CKA_PRIVATE, &ckfalse, sizeof(CK_BBOOL) }
+ * to the template.  If neither flag is set, we don't add any
+ * CKA_PRIVATE entry to the template.
+ */
+
+/*
+ * Attributes for PKCS #11 storage objects, which include not only
+ * keys but also certificates and domain parameters.
+ */
+
+/*
+ * PK11_ATTR_TOKEN
+ * PK11_ATTR_SESSION
+ *
+ * These two flags determine whether the object is a token or
+ * session object.
+ *
+ * These two flags are related and cannot both be set.
+ * If the PK11_ATTR_TOKEN flag is set, the object is a token
+ * object.  If the PK11_ATTR_SESSION flag is set, the object is
+ * a session object.  If neither flag is set, the object is *by
+ * default* a session object.
+ *
+ * These two flags specify the value of the PKCS #11 CKA_TOKEN
+ * attribute.
+ */
+#define PK11_ATTR_TOKEN 0x00000001L
+#define PK11_ATTR_SESSION 0x00000002L
+
+/*
+ * PK11_ATTR_PRIVATE
+ * PK11_ATTR_PUBLIC
+ *
+ * These two flags determine whether the object is a private or
+ * public object.  A user may not access a private object until the
+ * user has authenticated to the token.
+ *
+ * These two flags are related and cannot both be set.
+ * If the PK11_ATTR_PRIVATE flag is set, the object is a private
+ * object.  If the PK11_ATTR_PUBLIC flag is set, the object is a
+ * public object.  If neither flag is set, it is token-specific
+ * whether the object is private or public.
+ *
+ * These two flags specify the value of the PKCS #11 CKA_PRIVATE
+ * attribute.  NSS only uses this attribute on private and secret
+ * keys, so public keys created by NSS get the token-specific
+ * default value of the CKA_PRIVATE attribute.
+ */
+#define PK11_ATTR_PRIVATE 0x00000004L
+#define PK11_ATTR_PUBLIC 0x00000008L
+
+/*
+ * PK11_ATTR_MODIFIABLE
+ * PK11_ATTR_UNMODIFIABLE
+ *
+ * These two flags determine whether the object is modifiable or
+ * read-only.
+ *
+ * These two flags are related and cannot both be set.
+ * If the PK11_ATTR_MODIFIABLE flag is set, the object can be
+ * modified.  If the PK11_ATTR_UNMODIFIABLE flag is set, the object
+ * is read-only.  If neither flag is set, the object is *by default*
+ * modifiable.
+ *
+ * These two flags specify the value of the PKCS #11 CKA_MODIFIABLE
+ * attribute.
+ */
+#define PK11_ATTR_MODIFIABLE 0x00000010L
+#define PK11_ATTR_UNMODIFIABLE 0x00000020L
+
+/* Attributes for PKCS #11 key objects. */
+
+/*
+ * PK11_ATTR_SENSITIVE
+ * PK11_ATTR_INSENSITIVE
+ *
+ * These two flags are related and cannot both be set.
+ * If the PK11_ATTR_SENSITIVE flag is set, the key is sensitive.
+ * If the PK11_ATTR_INSENSITIVE flag is set, the key is not
+ * sensitive.  If neither flag is set, it is token-specific whether
+ * the key is sensitive or not.
+ *
+ * If a key is sensitive, certain attributes of the key cannot be
+ * revealed in plaintext outside the token.
+ *
+ * This flag specifies the value of the PKCS #11 CKA_SENSITIVE
+ * attribute.  Although the default value of the CKA_SENSITIVE
+ * attribute for secret keys is CK_FALSE per PKCS #11, some FIPS
+ * tokens set the default value to CK_TRUE because only CK_TRUE
+ * is allowed.  So in practice the default value of this attribute
+ * is token-specific, hence the need for two bitflags.
+ */
+#define PK11_ATTR_SENSITIVE 0x00000040L
+#define PK11_ATTR_INSENSITIVE 0x00000080L
+
+/*
+ * PK11_ATTR_EXTRACTABLE
+ * PK11_ATTR_UNEXTRACTABLE
+ *
+ * These two flags are related and cannot both be set.
+ * If the PK11_ATTR_EXTRACTABLE flag is set, the key is extractable
+ * and can be wrapped.  If the PK11_ATTR_UNEXTRACTABLE flag is set,
+ * the key is not extractable, and certain attributes of the key
+ * cannot be revealed in plaintext outside the token (just like a
+ * sensitive key).  If neither flag is set, it is token-specific
+ * whether the key is extractable or not.
+ *
+ * These two flags specify the value of the PKCS #11 CKA_EXTRACTABLE
+ * attribute.
+ */
+#define PK11_ATTR_EXTRACTABLE 0x00000100L
+#define PK11_ATTR_UNEXTRACTABLE 0x00000200L
+
+/* Cryptographic module types */
+#define SECMOD_EXTERNAL 0 /* external module */
+#define SECMOD_INTERNAL 1 /* internal default module */
+#define SECMOD_FIPS 2     /* internal fips module */
+
+/* default module configuration strings */
+#define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
+
+#define SECMOD_MAKE_NSS_FLAGS(fips, slot) \
+    "Flags=internal,critical" fips " slotparams=(" #slot "={" SECMOD_SLOT_FLAGS "})"
+
+#define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
+#define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("", 1)
+#define SECMOD_FIPS_NAME "NSS Internal FIPS PKCS #11 Module"
+#define SECMOD_FIPS_FLAGS SECMOD_MAKE_NSS_FLAGS(",fips", 3)
+
+/*
+ * What is the origin of a given Key. Normally this doesn't matter, but
+ * the fortezza code needs to know if it needs to invoke the SSL3 fortezza
+ * hack.
+ */
+typedef enum {
+    PK11_OriginNULL = 0,         /* There is not key, it's a null SymKey */
+    PK11_OriginDerive = 1,       /* Key was derived from some other key */
+    PK11_OriginGenerated = 2,    /* Key was generated (also PBE keys) */
+    PK11_OriginFortezzaHack = 3, /* Key was marked for fortezza hack */
+    PK11_OriginUnwrap = 4        /* Key was unwrapped or decrypted */
+} PK11Origin;
+
+/* PKCS #11 disable reasons */
+typedef enum {
+    PK11_DIS_NONE = 0,
+    PK11_DIS_USER_SELECTED = 1,
+    PK11_DIS_COULD_NOT_INIT_TOKEN = 2,
+    PK11_DIS_TOKEN_VERIFY_FAILED = 3,
+    PK11_DIS_TOKEN_NOT_PRESENT = 4
+} PK11DisableReasons;
+
+/* types of PKCS #11 objects
+ * used to identify which NSS data structure is
+ * passed to the PK11_Raw* functions. Types map as follows:
+ *   PK11_TypeGeneric            PK11GenericObject *
+ *   PK11_TypePrivKey            SECKEYPrivateKey *
+ *   PK11_TypePubKey             SECKEYPublicKey *
+ *   PK11_TypeSymKey             PK11SymKey *
+ *   PK11_TypeCert               CERTCertificate * (currently not used).
+ */
+typedef enum {
+    PK11_TypeGeneric = 0,
+    PK11_TypePrivKey = 1,
+    PK11_TypePubKey = 2,
+    PK11_TypeCert = 3,
+    PK11_TypeSymKey = 4
+} PK11ObjectType;
+
+/* function pointer type for password callback function.
+ * This type is passed in to PK11_SetPasswordFunc()
+ */
+typedef char *(PR_CALLBACK *PK11PasswordFunc)(PK11SlotInfo *slot, PRBool retry, void *arg);
+typedef PRBool(PR_CALLBACK *PK11VerifyPasswordFunc)(PK11SlotInfo *slot, void *arg);
+typedef PRBool(PR_CALLBACK *PK11IsLoggedInFunc)(PK11SlotInfo *slot, void *arg);
+
+/*
+ * Special strings the password callback function can return only if
+ * the slot is an protected auth path slot.
+ */
+#define PK11_PW_RETRY "RETRY"        /* an failed attempt to authenticate \
+                                      * has already been made, just retry \
+                                      * the operation */
+#define PK11_PW_AUTHENTICATED "AUTH" /* a successful attempt to authenticate \
+                                      * has completed. Continue without      \
+                                      * another call to C_Login */
+/* All other non-null values mean that that NSS could call C_Login to force
+ * the authentication. The following define is to aid applications in
+ * documenting that is what it's trying to do */
+#define PK11_PW_TRY "TRY" /* Default: a prompt has been presented \
+                           * to the user, initiate a C_Login      \
+                           * to authenticate the token */
+
+/*
+ * PKCS #11 key structures
+ */
+
+/*
+** Attributes
+*/
+struct SECKEYAttributeStr {
+    SECItem attrType;
+    SECItem **attrValue;
+};
+typedef struct SECKEYAttributeStr SECKEYAttribute;
+
+/*
+** A PKCS#8 private key info object
+*/
+struct SECKEYPrivateKeyInfoStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECAlgorithmID algorithm;
+    SECItem privateKey;
+    SECKEYAttribute **attributes;
+};
+typedef struct SECKEYPrivateKeyInfoStr SECKEYPrivateKeyInfo;
+
+/*
+** A PKCS#8 private key info object
+*/
+struct SECKEYEncryptedPrivateKeyInfoStr {
+    PLArenaPool *arena;
+    SECAlgorithmID algorithm;
+    SECItem encryptedData;
+};
+typedef struct SECKEYEncryptedPrivateKeyInfoStr SECKEYEncryptedPrivateKeyInfo;
+
+/*
+ * token removal detection
+ */
+typedef enum {
+    PK11TokenNotRemovable = 0,
+    PK11TokenPresent = 1,
+    PK11TokenChanged = 2,
+    PK11TokenRemoved = 3
+} PK11TokenStatus;
+
+typedef enum {
+    PK11TokenRemovedOrChangedEvent = 0,
+    PK11TokenPresentEvent = 1
+} PK11TokenEvent;
+
+/*
+ * CRL Import Flags
+ */
+#define CRL_IMPORT_DEFAULT_OPTIONS 0x00000000
+#define CRL_IMPORT_BYPASS_CHECKS 0x00000001
+
+/*
+ * Merge Error Log
+ */
+typedef struct PK11MergeLogStr PK11MergeLog;
+typedef struct PK11MergeLogNodeStr PK11MergeLogNode;
+
+/* These need to be global, leave some open fields so we can 'expand'
+ * these without breaking binary compatibility */
+struct PK11MergeLogNodeStr {
+    PK11MergeLogNode *next;    /* next entry in the list */
+    PK11MergeLogNode *prev;    /* last entry in the list */
+    PK11GenericObject *object; /* object that failed */
+    int error;                 /* what the error was */
+    CK_RV reserved1;
+    unsigned long reserved2; /* future flags */
+    unsigned long reserved3; /* future scalar */
+    void *reserved4;         /* future pointer */
+    void *reserved5;         /* future expansion pointer */
+};
+
+struct PK11MergeLogStr {
+    PK11MergeLogNode *head;
+    PK11MergeLogNode *tail;
+    PLArenaPool *arena;
+    int version;
+    unsigned long reserved1;
+    unsigned long reserved2;
+    unsigned long reserved3;
+    void *reserverd4;
+    void *reserverd5;
+};
+
+#endif /*_SECMODT_H_ */
diff --git a/nss/lib/pk11wrap/secmodti.h b/nss/lib/pk11wrap/secmodti.h
new file mode 100644
index 0000000..5201655
--- /dev/null
+++ b/nss/lib/pk11wrap/secmodti.h
@@ -0,0 +1,183 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal header file included only by files in pkcs11 dir, or in
+ * pkcs11 specific client and server files.
+ */
+
+#ifndef _SECMODTI_H_
+#define _SECMODTI_H_ 1
+#include "prmon.h"
+#include "prtypes.h"
+#include "nssilckt.h"
+#include "secmodt.h"
+#include "pkcs11t.h"
+
+#include "nssdevt.h"
+
+/* internal data structures */
+
+/* Traverse slots callback */
+typedef struct pk11TraverseSlotStr {
+    SECStatus (*callback)(PK11SlotInfo *, CK_OBJECT_HANDLE, void *);
+    void *callbackArg;
+    CK_ATTRIBUTE *findTemplate;
+    int templateCount;
+} pk11TraverseSlot;
+
+/* represent a pkcs#11 slot reference counted. */
+struct PK11SlotInfoStr {
+    /* the PKCS11 function list for this slot */
+    void *functionList;
+    SECMODModule *module; /* our parent module */
+    /* Boolean to indicate the current state of this slot */
+    PRBool needTest;           /* Has this slot been tested for Export complience */
+    PRBool isPerm;             /* is this slot a permanment device */
+    PRBool isHW;               /* is this slot a hardware device */
+    PRBool isInternal;         /* is this slot one of our internal PKCS #11 devices */
+    PRBool disabled;           /* is this slot disabled... */
+    PK11DisableReasons reason; /* Why this slot is disabled */
+    PRBool readOnly;           /* is the token in this slot read-only */
+    PRBool needLogin;          /* does the token of the type that needs
+                                * authentication (still true even if token is logged
+                                * in) */
+    PRBool hasRandom;          /* can this token generated random numbers */
+    PRBool defRWSession;       /* is the default session RW (we open our default
+                                * session rw if the token can only handle one session
+                                * at a time. */
+    PRBool isThreadSafe;       /* copied from the module */
+    /* The actual flags (many of which are distilled into the above PRBools) */
+    CK_FLAGS flags; /* flags from PKCS #11 token Info */
+    /* a default session handle to do quick and dirty functions */
+    CK_SESSION_HANDLE session;
+    PZLock *sessionLock; /* lock for this session */
+    /* our ID */
+    CK_SLOT_ID slotID;
+    /* persistant flags saved from startup to startup */
+    unsigned long defaultFlags;
+    /* keep track of who is using us so we don't accidently get freed while
+     * still in use */
+    PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */
+    PZLock *freeListLock;
+    PK11SymKey *freeSymKeysWithSessionHead;
+    PK11SymKey *freeSymKeysHead;
+    int keyCount;
+    int maxKeyCount;
+    /* Password control functions for this slot. many of these are only
+     * active if the appropriate flag is on in defaultFlags */
+    int askpw;           /* what our password options are */
+    int timeout;         /* If we're ask_timeout, what is our timeout time is
+                          * seconds */
+    int authTransact;    /* allow multiple authentications off one password if
+                          * they are all part of the same transaction */
+    PRTime authTime;     /* when were we last authenticated */
+    int minPassword;     /* smallest legal password */
+    int maxPassword;     /* largest legal password */
+    PRUint16 series;     /* break up the slot info into various groups of
+                          * inserted tokens so that keys and certs can be
+                          * invalidated */
+    PRUint16 flagSeries; /* record the last series for the last event
+                          * returned for this slot */
+    PRBool flagState;    /* record the state of the last event returned for this
+                          * slot. */
+    PRUint16 wrapKey;    /* current wrapping key for SSL master secrets */
+    CK_MECHANISM_TYPE wrapMechanism;
+    /* current wrapping mechanism for current wrapKey */
+    CK_OBJECT_HANDLE refKeys[1];      /* array of existing wrapping keys for */
+    CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
+                                       * token */
+    int mechanismCount;
+    /* cache the certificates stored on the token of this slot */
+    CERTCertificate **cert_array;
+    int array_size;
+    int cert_count;
+    char serial[16];
+    /* since these are odd sizes, keep them last. They are odd sizes to
+     * allow them to become null terminated strings */
+    char slot_name[65];
+    char token_name[33];
+    PRBool hasRootCerts;
+    PRBool hasRootTrust;
+    PRBool hasRSAInfo;
+    CK_FLAGS RSAInfoFlags;
+    PRBool protectedAuthPath;
+    PRBool isActiveCard;
+    PRIntervalTime lastLoginCheck;
+    unsigned int lastState;
+    /* for Stan */
+    NSSToken *nssToken;
+    /* fast mechanism lookup */
+    char mechanismBits[256];
+};
+
+/* Symetric Key structure. Reference Counted */
+struct PK11SymKeyStr {
+    CK_MECHANISM_TYPE type;    /* type of operation this key was created for*/
+    CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */
+    PK11SlotInfo *slot;        /* Slot this key is loaded into */
+    void *cx;                  /* window context in case we need to loggin */
+    PK11SymKey *next;
+    PRBool owner;
+    SECItem data; /* raw key data if available */
+    CK_SESSION_HANDLE session;
+    PRBool sessionOwner;
+    PRInt32 refCount;          /* number of references to this key */
+    int size;                  /* key size in bytes */
+    PK11Origin origin;         /* where this key came from
+                                * (see def in secmodt.h) */
+    PK11SymKey *parent;        /* potential owner key of the session */
+    PRUint16 series;           /* break up the slot info into various groups
+                                * of inserted tokens so that keys and certs
+                                * can be invalidated */
+    void *userData;            /* random data the application can attach to
+                                * this key */
+    PK11FreeDataFunc freeFunc; /* function to free the user data */
+};
+
+/*
+ * hold a hash, encryption or signing context for multi-part operations.
+ * hold enough information so that multiple contexts can be interleaved
+ * if necessary. ... Not RefCounted.
+ */
+struct PK11ContextStr {
+    CK_ATTRIBUTE_TYPE operation; /* type of operation this context is doing
+                                  * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */
+    PK11SymKey *key;             /* symetric key used in this context */
+    PK11SlotInfo *slot;          /* slot this context is operationing on */
+    CK_SESSION_HANDLE session;   /* session this context is using */
+    PZLock *sessionLock;         /* lock before accessing a PKCS #11
+                                  * session */
+    PRBool ownSession;           /* do we own the session? */
+    void *cx;                    /* window context in case we need to loggin*/
+    void *savedData;             /* save data when we are multiplexing on a
+                                  * single context */
+    unsigned long savedLength;   /* length of the saved context */
+    SECItem *param;              /* mechanism parameters used to build this
+                                                                context */
+    PRBool init;                 /* has this contexted been initialized */
+    CK_MECHANISM_TYPE type;      /* what is the PKCS #11 this context is
+                                  * representing (usually what algorithm is
+                                  * being used (CKM_RSA_PKCS, CKM_DES,
+                                  * CKM_SHA, etc.*/
+    PRBool fortezzaHack;         /* Fortezza SSL has some special
+                                  * non-standard semantics*/
+};
+
+/*
+ * structure to hold a pointer to a unique PKCS #11 object
+ * (pointer to the slot and the object id).
+ */
+struct PK11GenericObjectStr {
+    PK11GenericObject *prev;
+    PK11GenericObject *next;
+    PK11SlotInfo *slot;
+    CK_OBJECT_HANDLE objectID;
+};
+
+#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
+
+/* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
+#define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
+
+#endif /* _SECMODTI_H_ */
diff --git a/nss/lib/pk11wrap/secpkcs5.h b/nss/lib/pk11wrap/secpkcs5.h
new file mode 100644
index 0000000..5785676
--- /dev/null
+++ b/nss/lib/pk11wrap/secpkcs5.h
@@ -0,0 +1,61 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _SECPKCS5_H_
+#define _SECPKCS5_H_
+#include "seccomon.h"
+#include "secmodt.h"
+
+/* used for V2 PKCS 12 Draft Spec */
+typedef enum {
+    pbeBitGenIDNull = 0,
+    pbeBitGenCipherKey = 0x01,
+    pbeBitGenCipherIV = 0x02,
+    pbeBitGenIntegrityKey = 0x03
+} PBEBitGenID;
+
+typedef struct PBEBitGenContextStr PBEBitGenContext;
+
+SEC_BEGIN_PROTOS
+
+/* private */
+SECAlgorithmID *
+sec_pkcs5CreateAlgorithmID(SECOidTag algorithm, SECOidTag cipherAlgorithm,
+                           SECOidTag prfAlg, SECOidTag *pPbeAlgorithm,
+                           int keyLengh, SECItem *salt, int iteration);
+
+/* Get the initialization vector.  The password is passed in, hashing
+ * is performed, and the initialization vector is returned.
+ *  algid is a pointer to a PBE algorithm ID
+ *  pwitem is the password
+ * If an error occurs or the algorithm id is not a PBE algrithm,
+ * NULL is returned.  Otherwise, the iv is returned in a secitem.
+ */
+SECItem *
+SEC_PKCS5GetIV(SECAlgorithmID *algid, SECItem *pwitem, PRBool faulty3DES);
+
+SECOidTag SEC_PKCS5GetCryptoAlgorithm(SECAlgorithmID *algid);
+PRBool SEC_PKCS5IsAlgorithmPBEAlg(SECAlgorithmID *algid);
+PRBool SEC_PKCS5IsAlgorithmPBEAlgTag(SECOidTag algTag);
+SECOidTag SEC_PKCS5GetPBEAlgorithm(SECOidTag algTag, int keyLen);
+int SEC_PKCS5GetKeyLength(SECAlgorithmID *algid);
+
+/**********************************************************************
+ * Deprecated PBE functions.  Use the PBE functions in pk11func.h
+ * instead.
+ **********************************************************************/
+
+PBEBitGenContext *
+PBE_CreateContext(SECOidTag hashAlgorithm, PBEBitGenID bitGenPurpose,
+                  SECItem *pwitem, SECItem *salt, unsigned int bitsNeeded,
+                  unsigned int iterations);
+
+void
+PBE_DestroyContext(PBEBitGenContext *context);
+
+SECItem *
+PBE_GenerateBits(PBEBitGenContext *context);
+
+SEC_END_PROTOS
+
+#endif /* _SECPKS5_H_ */
diff --git a/nss/lib/pkcs12/Makefile b/nss/lib/pkcs12/Makefile
new file mode 100644
index 0000000..8149184
--- /dev/null
+++ b/nss/lib/pkcs12/Makefile
@@ -0,0 +1,49 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/nss/lib/pkcs12/config.mk b/nss/lib/pkcs12/config.mk
new file mode 100644
index 0000000..dc39ee4
--- /dev/null
+++ b/nss/lib/pkcs12/config.mk
@@ -0,0 +1,16 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/pkcs12/exports.gyp b/nss/lib/pkcs12/exports.gyp
new file mode 100644
index 0000000..274ef68
--- /dev/null
+++ b/nss/lib/pkcs12/exports.gyp
@@ -0,0 +1,29 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_pkcs12_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'p12.h',
+            'p12plcy.h',
+            'p12t.h',
+            'pkcs12.h',
+            'pkcs12t.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/pkcs12/manifest.mn b/nss/lib/pkcs12/manifest.mn
new file mode 100644
index 0000000..26166ec
--- /dev/null
+++ b/nss/lib/pkcs12/manifest.mn
@@ -0,0 +1,31 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+EXPORTS = \
+	pkcs12t.h \
+	pkcs12.h \
+	p12plcy.h \
+	p12.h \
+	p12t.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	p12local.c \
+	p12creat.c \
+	p12dec.c \
+	p12plcy.c \
+	p12tmpl.c \
+	p12e.c \
+	p12d.c \
+	$(NULL)
+
+LIBRARY_NAME = pkcs12
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/pkcs12/p12.h b/nss/lib/pkcs12/p12.h
new file mode 100644
index 0000000..118db6e
--- /dev/null
+++ b/nss/lib/pkcs12/p12.h
@@ -0,0 +1,236 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _P12_H_
+#define _P12_H_
+
+#include "secoid.h"
+#include "key.h"
+#include "secpkcs7.h"
+#include "p12t.h"
+
+typedef int(PR_CALLBACK *PKCS12OpenFunction)(void *arg);
+typedef int(PR_CALLBACK *PKCS12ReadFunction)(void *arg,
+                                             unsigned char *buffer,
+                                             unsigned int *lenRead,
+                                             unsigned int maxLen);
+typedef int(PR_CALLBACK *PKCS12WriteFunction)(void *arg,
+                                              unsigned char *buffer,
+                                              unsigned int *bufLen,
+                                              unsigned int *lenWritten);
+typedef int(PR_CALLBACK *PKCS12CloseFunction)(void *arg);
+typedef SECStatus(PR_CALLBACK *PKCS12UnicodeConvertFunction)(
+    PLArenaPool *arena,
+    SECItem *dest, SECItem *src,
+    PRBool toUnicode,
+    PRBool swapBytes);
+typedef void(PR_CALLBACK *SEC_PKCS12EncoderOutputCallback)(
+    void *arg, const char *buf,
+    unsigned long len);
+typedef void(PR_CALLBACK *SEC_PKCS12DecoderOutputCallback)(
+    void *arg, const char *buf,
+    unsigned long len);
+/*
+ * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate,
+ * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c.
+ * See r1.35 of p12d.c ("Patch 2" in bug 321584).
+ *
+ * This callback might be called by SEC_PKCS12DecoderValidateBags each time
+ * a nickname collission is detected. The callback must return a new
+ * nickname. The returned SECItem should be of type siAsciiString,
+ * it should be allocated using:
+ *     SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
+ * and data must contain the new nickname as a zero terminated string.
+ */
+typedef SECItem *(PR_CALLBACK *SEC_PKCS12NicknameCollisionCallback)(
+    SECItem *old_nickname,
+    PRBool *cancel,
+    void *arg);
+/*
+ * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each
+ * certificate found in the p12 source data.
+ *
+ * cert: A decoded certificate.
+ * default_nickname: The nickname as found in the source data.
+ *                   Will be NULL if source data doesn't have nickname.
+ * new_nickname: Output parameter that may contain the renamed nickname.
+ * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames.
+ *
+ * If the callback accept that NSS will use a nickname based on the
+ * default_nickname (potentially resolving conflicts), then the callback
+ * must set *new_nickname to NULL.
+ *
+ * If the callback wishes to override the nickname, it must set *new_nickname
+ * to a new SECItem which should be allocated using
+ *     SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
+ * new_nickname->type should be set to siAsciiString, and new_nickname->data
+ * must contain the new nickname as a zero terminated string.
+ *
+ * A return value of SECFailure indicates that the renaming operation failed,
+ * and callback should release new_nickname before returning if it's already
+ * being allocated.
+ * Otherwise, the callback function must return SECSuccess, including use
+ * default nickname as mentioned above.
+ */
+typedef SECStatus(PR_CALLBACK *SEC_PKCS12NicknameRenameCallback)(
+    const CERTCertificate *cert,
+    const SECItem *default_nickname,
+    SECItem **new_nickname,
+    void *arg);
+
+typedef SECStatus(PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData);
+typedef SECStatus(PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile);
+typedef int(PR_CALLBACK *digestIOFn)(void *arg, unsigned char *buf,
+                                     unsigned long len);
+
+typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext;
+typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo;
+typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext;
+typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem;
+
+struct sec_PKCS12PasswordModeInfo {
+    SECItem *password;
+    SECOidTag algorithm;
+};
+
+struct sec_PKCS12PublicKeyModeInfo {
+    CERTCertificate *cert;
+    CERTCertDBHandle *certDb;
+    SECOidTag algorithm;
+    int keySize;
+};
+
+struct SEC_PKCS12DecoderItemStr {
+    SECItem *der;
+    SECOidTag type;
+    PRBool hasKey;
+    SECItem *friendlyName; /* UTF-8 string */
+    SECAlgorithmID *shroudAlg;
+};
+
+SEC_BEGIN_PROTOS
+
+SEC_PKCS12SafeInfo *
+SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,
+                                    CERTCertDBHandle *certDb,
+                                    CERTCertificate *signer,
+                                    CERTCertificate **recipients,
+                                    SECOidTag algorithm, int keysize);
+
+extern SEC_PKCS12SafeInfo *
+SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt,
+                                 SECItem *pwitem, SECOidTag privAlg);
+
+extern SEC_PKCS12SafeInfo *
+SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt);
+
+extern SECStatus
+SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,
+                               SECItem *pwitem, SECOidTag integAlg);
+extern SECStatus
+SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,
+                                CERTCertificate *cert, CERTCertDBHandle *certDb,
+                                SECOidTag algorithm, int keySize);
+
+extern SEC_PKCS12ExportContext *
+SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,
+                              PK11SlotInfo *slot, void *wincx);
+
+extern SECStatus
+SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt,
+                  SEC_PKCS12SafeInfo *safe, void *nestedDest,
+                  CERTCertificate *cert, CERTCertDBHandle *certDb,
+                  SECItem *keyId, PRBool includeCertChain);
+
+extern SECStatus
+SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt,
+                        SEC_PKCS12SafeInfo *safe,
+                        void *nestedDest, CERTCertificate *cert,
+                        PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,
+                        SECItem *keyId, SECItem *nickName);
+
+extern SECStatus
+SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt,
+                               void *certSafe, void *certNestedDest,
+                               CERTCertificate *cert, CERTCertDBHandle *certDb,
+                               void *keySafe, void *keyNestedDest, PRBool shroudKey,
+                               SECItem *pwitem, SECOidTag algorithm,
+                               PRBool includeCertChain);
+
+extern SECStatus
+SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,
+                        void *certSafe, void *certNestedDest,
+                        CERTCertificate *cert, CERTCertDBHandle *certDb,
+                        void *keySafe, void *keyNestedDest,
+                        PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm);
+
+extern void *
+SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,
+                                   void *baseSafe, void *nestedDest);
+
+extern SECStatus
+SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp,
+                 SEC_PKCS12EncoderOutputCallback output, void *outputarg);
+
+extern void
+SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp);
+
+extern SEC_PKCS12DecoderContext *
+SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
+                       digestOpenFn dOpen, digestCloseFn dClose,
+                       digestIOFn dRead, digestIOFn dWrite, void *dArg);
+
+extern SECStatus
+SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx,
+                                   SECPKCS12TargetTokenCAs tokenCAs);
+
+extern SECStatus
+SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data,
+                        unsigned long len);
+
+extern void
+SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx);
+
+extern SECStatus
+SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx);
+
+extern SECStatus
+SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,
+                              SEC_PKCS12NicknameCollisionCallback nicknameCb);
+
+/*
+ * SEC_PKCS12DecoderRenameCertNicknames() can be used to change
+ * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling
+ * SEC_PKCS12DecoderImportBags.
+ *
+ * arg: User-defined data that will be passed to nicknameCb.
+ *
+ * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling
+ * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname
+ * will be changed.
+ * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling
+ * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags()
+ * will change the nickname of the corresponding private key, too.
+ */
+extern SECStatus
+SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx,
+                                     SEC_PKCS12NicknameRenameCallback nicknameCb,
+                                     void *arg);
+
+extern SECStatus
+SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx);
+
+CERTCertList *
+SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx);
+
+SECStatus
+SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx);
+
+SECStatus
+SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx,
+                             const SEC_PKCS12DecoderItem **ipp);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pkcs12/p12creat.c b/nss/lib/pkcs12/p12creat.c
new file mode 100644
index 0000000..7cc72cf
--- /dev/null
+++ b/nss/lib/pkcs12/p12creat.c
@@ -0,0 +1,218 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs12.h"
+#include "secitem.h"
+#include "secport.h"
+#include "secder.h"
+#include "secoid.h"
+#include "p12local.h"
+#include "secerr.h"
+
+/* allocate space for a PFX structure and set up initial
+ * arena pool.  pfx structure is cleared and a pointer to
+ * the new structure is returned.
+ */
+SEC_PKCS12PFXItem *
+sec_pkcs12_new_pfx(void)
+{
+    SEC_PKCS12PFXItem *pfx = NULL;
+    PLArenaPool *poolp = NULL;
+
+    poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE); /* XXX Different size? */
+    if (poolp == NULL)
+        goto loser;
+
+    pfx = (SEC_PKCS12PFXItem *)PORT_ArenaZAlloc(poolp,
+                                                sizeof(SEC_PKCS12PFXItem));
+    if (pfx == NULL)
+        goto loser;
+    pfx->poolp = poolp;
+
+    return pfx;
+
+loser:
+    PORT_FreeArena(poolp, PR_TRUE);
+    return NULL;
+}
+
+/* allocate space for a PFX structure and set up initial
+ * arena pool.  pfx structure is cleared and a pointer to
+ * the new structure is returned.
+ */
+SEC_PKCS12AuthenticatedSafe *
+sec_pkcs12_new_asafe(PLArenaPool *poolp)
+{
+    SEC_PKCS12AuthenticatedSafe *asafe = NULL;
+    void *mark;
+
+    mark = PORT_ArenaMark(poolp);
+    asafe = (SEC_PKCS12AuthenticatedSafe *)PORT_ArenaZAlloc(poolp,
+                                                            sizeof(SEC_PKCS12AuthenticatedSafe));
+    if (asafe == NULL)
+        goto loser;
+    asafe->poolp = poolp;
+    PORT_Memset(&asafe->old_baggage, 0, sizeof(SEC_PKCS12Baggage_OLD));
+
+    PORT_ArenaUnmark(poolp, mark);
+    return asafe;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+/* create a safe contents structure with a list of
+ * length 0 with the first element being NULL
+ */
+SEC_PKCS12SafeContents *
+sec_pkcs12_create_safe_contents(PLArenaPool *poolp)
+{
+    SEC_PKCS12SafeContents *safe;
+    void *mark;
+
+    if (poolp == NULL)
+        return NULL;
+
+    /* allocate structure */
+    mark = PORT_ArenaMark(poolp);
+    safe = (SEC_PKCS12SafeContents *)PORT_ArenaZAlloc(poolp,
+                                                      sizeof(SEC_PKCS12SafeContents));
+    if (safe == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_ArenaRelease(poolp, mark);
+        return NULL;
+    }
+
+    /* init list */
+    safe->contents = (SEC_PKCS12SafeBag **)PORT_ArenaZAlloc(poolp,
+                                                            sizeof(SEC_PKCS12SafeBag *));
+    if (safe->contents == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_ArenaRelease(poolp, mark);
+        return NULL;
+    }
+    safe->contents[0] = NULL;
+    safe->poolp = poolp;
+    safe->safe_size = 0;
+    PORT_ArenaUnmark(poolp, mark);
+    return safe;
+}
+
+/* create a new external bag which is appended onto the list
+ * of bags in baggage.  the bag is created in the same arena
+ * as baggage
+ */
+SEC_PKCS12BaggageItem *
+sec_pkcs12_create_external_bag(SEC_PKCS12Baggage *luggage)
+{
+    void *dummy, *mark;
+    SEC_PKCS12BaggageItem *bag;
+
+    if (luggage == NULL) {
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(luggage->poolp);
+
+    /* allocate space for null terminated bag list */
+    if (luggage->bags == NULL) {
+        luggage->bags = (SEC_PKCS12BaggageItem **)PORT_ArenaZAlloc(luggage->poolp,
+                                                                   sizeof(SEC_PKCS12BaggageItem *));
+        if (luggage->bags == NULL) {
+            goto loser;
+        }
+        luggage->luggage_size = 0;
+    }
+
+    /* grow the list */
+    dummy = PORT_ArenaGrow(luggage->poolp, luggage->bags,
+                           sizeof(SEC_PKCS12BaggageItem *) * (luggage->luggage_size + 1),
+                           sizeof(SEC_PKCS12BaggageItem *) * (luggage->luggage_size + 2));
+    if (dummy == NULL) {
+        goto loser;
+    }
+    luggage->bags = (SEC_PKCS12BaggageItem **)dummy;
+
+    luggage->bags[luggage->luggage_size] =
+        (SEC_PKCS12BaggageItem *)PORT_ArenaZAlloc(luggage->poolp,
+                                                  sizeof(SEC_PKCS12BaggageItem));
+    if (luggage->bags[luggage->luggage_size] == NULL) {
+        goto loser;
+    }
+
+    /* create new bag and append it to the end */
+    bag = luggage->bags[luggage->luggage_size];
+    bag->espvks = (SEC_PKCS12ESPVKItem **)PORT_ArenaZAlloc(
+        luggage->poolp,
+        sizeof(SEC_PKCS12ESPVKItem *));
+    bag->unencSecrets = (SEC_PKCS12SafeBag **)PORT_ArenaZAlloc(
+        luggage->poolp,
+        sizeof(SEC_PKCS12SafeBag *));
+    if ((bag->espvks == NULL) || (bag->unencSecrets == NULL)) {
+        goto loser;
+    }
+
+    bag->poolp = luggage->poolp;
+    luggage->luggage_size++;
+    luggage->bags[luggage->luggage_size] = NULL;
+    bag->espvks[0] = NULL;
+    bag->unencSecrets[0] = NULL;
+    bag->nEspvks = bag->nSecrets = 0;
+
+    PORT_ArenaUnmark(luggage->poolp, mark);
+    return bag;
+
+loser:
+    PORT_ArenaRelease(luggage->poolp, mark);
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    return NULL;
+}
+
+/* creates a baggage witha NULL terminated 0 length list */
+SEC_PKCS12Baggage *
+sec_pkcs12_create_baggage(PLArenaPool *poolp)
+{
+    SEC_PKCS12Baggage *luggage;
+    void *mark;
+
+    if (poolp == NULL)
+        return NULL;
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* allocate bag */
+    luggage = (SEC_PKCS12Baggage *)PORT_ArenaZAlloc(poolp,
+                                                    sizeof(SEC_PKCS12Baggage));
+    if (luggage == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_ArenaRelease(poolp, mark);
+        return NULL;
+    }
+
+    /* init list */
+    luggage->bags = (SEC_PKCS12BaggageItem **)PORT_ArenaZAlloc(poolp,
+                                                               sizeof(SEC_PKCS12BaggageItem *));
+    if (luggage->bags == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_ArenaRelease(poolp, mark);
+        return NULL;
+    }
+
+    luggage->bags[0] = NULL;
+    luggage->luggage_size = 0;
+    luggage->poolp = poolp;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return luggage;
+}
+
+/* free pfx structure and associated items in the arena */
+void
+SEC_PKCS12DestroyPFX(SEC_PKCS12PFXItem *pfx)
+{
+    if (pfx != NULL && pfx->poolp != NULL) {
+        PORT_FreeArena(pfx->poolp, PR_TRUE);
+    }
+}
diff --git a/nss/lib/pkcs12/p12d.c b/nss/lib/pkcs12/p12d.c
new file mode 100644
index 0000000..0df8dc3
--- /dev/null
+++ b/nss/lib/pkcs12/p12d.c
@@ -0,0 +1,3612 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssrenam.h"
+#include "p12t.h"
+#include "p12.h"
+#include "plarena.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "seccomon.h"
+#include "secport.h"
+#include "cert.h"
+#include "secpkcs7.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "pk11func.h"
+#include "p12plcy.h"
+#include "p12local.h"
+#include "secder.h"
+#include "secport.h"
+
+#include "certdb.h"
+
+#include "prcpucfg.h"
+
+/* This belongs in secport.h */
+#define PORT_ArenaGrowArray(poolp, oldptr, type, oldnum, newnum) \
+    (type *)PORT_ArenaGrow((poolp), (oldptr),                    \
+                           (oldnum) * sizeof(type), (newnum) * sizeof(type))
+
+typedef struct sec_PKCS12SafeContentsContextStr sec_PKCS12SafeContentsContext;
+
+/* Opaque structure for decoding SafeContents.  These are used
+ * for each authenticated safe as well as any nested safe contents.
+ */
+struct sec_PKCS12SafeContentsContextStr {
+    /* the parent decoder context */
+    SEC_PKCS12DecoderContext *p12dcx;
+
+    /* memory arena to allocate space from */
+    PLArenaPool *arena;
+
+    /* decoder context and destination for decoding safe contents */
+    SEC_ASN1DecoderContext *safeContentsA1Dcx;
+    sec_PKCS12SafeContents safeContents;
+
+    /* information for decoding safe bags within the safe contents.
+     * these variables are updated for each safe bag decoded.
+     */
+    SEC_ASN1DecoderContext *currentSafeBagA1Dcx;
+    sec_PKCS12SafeBag *currentSafeBag;
+    PRBool skipCurrentSafeBag;
+
+    /* if the safe contents is nested, the parent is pointed to here. */
+    sec_PKCS12SafeContentsContext *nestedSafeContentsCtx;
+};
+
+/* opaque decoder context structure.  information for decoding a pkcs 12
+ * PDU are stored here as well as decoding pointers for intermediary
+ * structures which are part of the PKCS 12 PDU.  Upon a successful
+ * decode, the safe bags containing certificates and keys encountered.
+ */
+struct SEC_PKCS12DecoderContextStr {
+    PLArenaPool *arena;
+    PK11SlotInfo *slot;
+    void *wincx;
+    PRBool error;
+    int errorValue;
+
+    /* password */
+    SECItem *pwitem;
+
+    /* used for decoding the PFX structure */
+    SEC_ASN1DecoderContext *pfxA1Dcx;
+    sec_PKCS12PFXItem pfx;
+
+    /* safe bags found during decoding */
+    sec_PKCS12SafeBag **safeBags;
+    unsigned int safeBagCount;
+
+    /* state variables for decoding authenticated safes. */
+    SEC_PKCS7DecoderContext *currentASafeP7Dcx;
+    SEC_ASN1DecoderContext *aSafeA1Dcx;
+    SEC_PKCS7DecoderContext *aSafeP7Dcx;
+    SEC_PKCS7ContentInfo *aSafeCinfo;
+    sec_PKCS12AuthenticatedSafe authSafe;
+    sec_PKCS12SafeContents safeContents;
+
+    /* safe contents info */
+    unsigned int safeContentsCnt;
+    sec_PKCS12SafeContentsContext **safeContentsList;
+
+    /* HMAC info */
+    sec_PKCS12MacData macData;
+
+    /* routines for reading back the data to be hmac'd */
+    /* They are called as follows.
+     *
+     * Stage 1: decode the aSafes cinfo into a buffer in dArg,
+     * which p12d.c sometimes refers to as the "temp file".
+     * This occurs during SEC_PKCS12DecoderUpdate calls.
+     *
+     * dOpen(dArg, PR_FALSE)
+     * dWrite(dArg, buf, len)
+     * ...
+     * dWrite(dArg, buf, len)
+     * dClose(dArg, PR_FALSE)
+     *
+     * Stage 2: verify MAC
+     * This occurs SEC_PKCS12DecoderVerify.
+     *
+     * dOpen(dArg, PR_TRUE)
+     * dRead(dArg, buf, IN_BUF_LEN)
+     * ...
+     * dRead(dArg, buf, IN_BUF_LEN)
+     * dClose(dArg, PR_TRUE)
+     */
+    digestOpenFn dOpen;
+    digestCloseFn dClose;
+    digestIOFn dRead, dWrite;
+    void *dArg;
+    PRBool dIsOpen; /* is the temp file created? */
+
+    /* helper functions */
+    SECKEYGetPasswordKey pwfn;
+    void *pwfnarg;
+    PRBool swapUnicodeBytes;
+
+    /* import information */
+    PRBool bagsVerified;
+
+    /* buffer management for the default callbacks implementation */
+    void *buffer;       /* storage area */
+    PRInt32 filesize;   /* actual data size */
+    PRInt32 allocated;  /* total buffer size allocated */
+    PRInt32 currentpos; /* position counter */
+    SECPKCS12TargetTokenCAs tokenCAs;
+    sec_PKCS12SafeBag **keyList; /* used by ...IterateNext() */
+    unsigned int iteration;
+    SEC_PKCS12DecoderItem decitem;
+};
+
+/* forward declarations of functions that are used when decoding
+ * safeContents bags which are nested and when decoding the
+ * authenticatedSafes.
+ */
+static SECStatus
+sec_pkcs12_decoder_begin_nested_safe_contents(sec_PKCS12SafeContentsContext
+                                                  *safeContentsCtx);
+static SECStatus
+sec_pkcs12_decoder_finish_nested_safe_contents(sec_PKCS12SafeContentsContext
+                                                   *safeContentsCtx);
+
+/* make sure that the PFX version being decoded is a version
+ * which we support.
+ */
+static PRBool
+sec_pkcs12_proper_version(sec_PKCS12PFXItem *pfx)
+{
+    /* if no version, assume it is not supported */
+    if (pfx->version.len == 0) {
+        return PR_FALSE;
+    }
+
+    if (DER_GetInteger(&pfx->version) > SEC_PKCS12_VERSION) {
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+/* retrieve the key for decrypting the safe contents */
+static PK11SymKey *
+sec_pkcs12_decoder_get_decrypt_key(void *arg, SECAlgorithmID *algid)
+{
+    SEC_PKCS12DecoderContext *p12dcx = (SEC_PKCS12DecoderContext *)arg;
+    PK11SlotInfo *slot;
+    PK11SymKey *bulkKey;
+    SECItem *pwitem;
+    SECItem decodedPwitem = { 0 };
+    SECOidTag algorithm;
+
+    if (!p12dcx) {
+        return NULL;
+    }
+
+    /* if no slot specified, use the internal key slot */
+    if (p12dcx->slot) {
+        slot = PK11_ReferenceSlot(p12dcx->slot);
+    } else {
+        slot = PK11_GetInternalKeySlot();
+    }
+
+    algorithm = SECOID_GetAlgorithmTag(algid);
+    pwitem = p12dcx->pwitem;
+
+    /* here we assume that the password is already encoded into
+     * BMPString by the caller.  if the encryption scheme is not the
+     * one defined in PKCS #12, decode the password back into
+     * UTF-8. */
+    if (!sec_pkcs12_is_pkcs12_pbe_algorithm(algorithm)) {
+        if (!sec_pkcs12_convert_item_to_unicode(NULL, &decodedPwitem,
+                                                p12dcx->pwitem,
+                                                PR_TRUE, PR_FALSE, PR_FALSE)) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return NULL;
+        }
+        pwitem = &decodedPwitem;
+    }
+
+    bulkKey = PK11_PBEKeyGen(slot, algid, pwitem,
+                             PR_FALSE, p12dcx->wincx);
+    /* some tokens can't generate PBE keys on their own, generate the
+     * key in the internal slot, and let the Import code deal with it,
+     * (if the slot can't generate PBEs, then we need to use the internal
+     * slot anyway to unwrap). */
+    if (!bulkKey && !PK11_IsInternal(slot)) {
+        PK11_FreeSlot(slot);
+        slot = PK11_GetInternalKeySlot();
+        bulkKey = PK11_PBEKeyGen(slot, algid, pwitem,
+                                 PR_FALSE, p12dcx->wincx);
+    }
+    PK11_FreeSlot(slot);
+
+    /* set the password data on the key */
+    if (bulkKey) {
+        PK11_SetSymKeyUserData(bulkKey, p12dcx->pwitem, NULL);
+    }
+
+    if (decodedPwitem.data) {
+        SECITEM_ZfreeItem(&decodedPwitem, PR_FALSE);
+    }
+
+    return bulkKey;
+}
+
+/* XXX this needs to be modified to handle enveloped data.  most
+ * likely, it should mirror the routines for SMIME in that regard.
+ */
+static PRBool
+sec_pkcs12_decoder_decryption_allowed(SECAlgorithmID *algid,
+                                      PK11SymKey *bulkkey)
+{
+    PRBool decryptionAllowed = SEC_PKCS12DecryptionAllowed(algid);
+
+    if (!decryptionAllowed) {
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+/* when we encounter a new safe bag during the decoding, we need
+ * to allocate space for the bag to be decoded to and set the
+ * state variables appropriately.  all of the safe bags are allocated
+ * in a buffer in the outer SEC_PKCS12DecoderContext, however,
+ * a pointer to the safeBag is also used in the sec_PKCS12SafeContentsContext
+ * for the current bag.
+ */
+static SECStatus
+sec_pkcs12_decoder_init_new_safe_bag(sec_PKCS12SafeContentsContext
+                                         *safeContentsCtx)
+{
+    void *mark = NULL;
+    SEC_PKCS12DecoderContext *p12dcx;
+
+    /* make sure that the structures are defined, and there has
+     * not been an error in the decoding
+     */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx || safeContentsCtx->p12dcx->error) {
+        return SECFailure;
+    }
+
+    p12dcx = safeContentsCtx->p12dcx;
+    mark = PORT_ArenaMark(p12dcx->arena);
+
+    /* allocate a new safe bag, if bags already exist, grow the
+     * list of bags, otherwise allocate a new list.  the list is
+     * NULL terminated.
+     */
+    p12dcx->safeBags = (!p12dcx->safeBagCount)
+                           ? PORT_ArenaZNewArray(p12dcx->arena, sec_PKCS12SafeBag *, 2)
+                           : PORT_ArenaGrowArray(p12dcx->arena, p12dcx->safeBags,
+                                                 sec_PKCS12SafeBag *, p12dcx->safeBagCount + 1,
+                                                 p12dcx->safeBagCount + 2);
+
+    if (!p12dcx->safeBags) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+
+    /* append the bag to the end of the list and update the reference
+     * in the safeContentsCtx.
+     */
+    p12dcx->safeBags[p12dcx->safeBagCount] =
+        safeContentsCtx->currentSafeBag =
+            PORT_ArenaZNew(p12dcx->arena, sec_PKCS12SafeBag);
+    if (!safeContentsCtx->currentSafeBag) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+    p12dcx->safeBags[++p12dcx->safeBagCount] = NULL;
+
+    safeContentsCtx->currentSafeBag->slot = safeContentsCtx->p12dcx->slot;
+    safeContentsCtx->currentSafeBag->pwitem = safeContentsCtx->p12dcx->pwitem;
+    safeContentsCtx->currentSafeBag->swapUnicodeBytes =
+        safeContentsCtx->p12dcx->swapUnicodeBytes;
+    safeContentsCtx->currentSafeBag->arena = safeContentsCtx->p12dcx->arena;
+    safeContentsCtx->currentSafeBag->tokenCAs =
+        safeContentsCtx->p12dcx->tokenCAs;
+
+    PORT_ArenaUnmark(p12dcx->arena, mark);
+    return SECSuccess;
+
+loser:
+
+    /* if an error occurred, release the memory and set the error flag
+     * the only possible errors triggered by this function are memory
+     * related.
+     */
+    if (mark) {
+        PORT_ArenaRelease(p12dcx->arena, mark);
+    }
+
+    p12dcx->error = PR_TRUE;
+    return SECFailure;
+}
+
+/* A wrapper for updating the ASN1 context in which a safeBag is
+ * being decoded.  This function is called as a callback from
+ * secasn1d when decoding SafeContents structures.
+ */
+static void
+sec_pkcs12_decoder_safe_bag_update(void *arg, const char *data,
+                                   unsigned long len, int depth,
+                                   SEC_ASN1EncodingPart data_kind)
+{
+    sec_PKCS12SafeContentsContext *safeContentsCtx =
+        (sec_PKCS12SafeContentsContext *)arg;
+    SEC_PKCS12DecoderContext *p12dcx;
+    SECStatus rv;
+
+    /* make sure that we are not skipping the current safeBag,
+     * and that there are no errors.  If so, just return rather
+     * than continuing to process.
+     */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
+        safeContentsCtx->p12dcx->error || safeContentsCtx->skipCurrentSafeBag) {
+        return;
+    }
+    p12dcx = safeContentsCtx->p12dcx;
+
+    rv = SEC_ASN1DecoderUpdate(safeContentsCtx->currentSafeBagA1Dcx, data, len);
+    if (rv != SECSuccess) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+
+    return;
+
+loser:
+    /* set the error, and finish the decoder context.  because there
+     * is not a way of returning an error message, it may be worth
+     * while to do a check higher up and finish any decoding contexts
+     * that are still open.
+     */
+    p12dcx->error = PR_TRUE;
+    SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagA1Dcx);
+    safeContentsCtx->currentSafeBagA1Dcx = NULL;
+    return;
+}
+
+/* notify function for decoding safeBags.  This function is
+ * used to filter safeBag types which are not supported,
+ * initiate the decoding of nested safe contents, and decode
+ * safeBags in general.  this function is set when the decoder
+ * context for the safeBag is first created.
+ */
+static void
+sec_pkcs12_decoder_safe_bag_notify(void *arg, PRBool before,
+                                   void *dest, int real_depth)
+{
+    sec_PKCS12SafeContentsContext *safeContentsCtx =
+        (sec_PKCS12SafeContentsContext *)arg;
+    SEC_PKCS12DecoderContext *p12dcx;
+    sec_PKCS12SafeBag *bag;
+    PRBool after;
+
+    /* if an error is encountered, return */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
+        safeContentsCtx->p12dcx->error) {
+        return;
+    }
+    p12dcx = safeContentsCtx->p12dcx;
+
+    /* to make things more readable */
+    if (before)
+        after = PR_FALSE;
+    else
+        after = PR_TRUE;
+
+    /* have we determined the safeBagType yet? */
+    bag = safeContentsCtx->currentSafeBag;
+    if (bag->bagTypeTag == NULL) {
+        if (after && (dest == &(bag->safeBagType))) {
+            bag->bagTypeTag = SECOID_FindOID(&(bag->safeBagType));
+            if (bag->bagTypeTag == NULL) {
+                p12dcx->error = PR_TRUE;
+                p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
+            }
+        }
+        return;
+    }
+
+    /* process the safeBag depending on it's type.  those
+     * which we do not support, are ignored.  we start a decoding
+     * context for a nested safeContents.
+     */
+    switch (bag->bagTypeTag->offset) {
+        case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+        case SEC_OID_PKCS12_V1_CERT_BAG_ID:
+        case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+            break;
+        case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
+            /* if we are just starting to decode the safeContents, initialize
+             * a new safeContentsCtx to process it.
+             */
+            if (before && (dest == &(bag->safeBagContent))) {
+                sec_pkcs12_decoder_begin_nested_safe_contents(safeContentsCtx);
+            } else if (after && (dest == &(bag->safeBagContent))) {
+                /* clean up the nested decoding */
+                sec_pkcs12_decoder_finish_nested_safe_contents(safeContentsCtx);
+            }
+            break;
+        case SEC_OID_PKCS12_V1_CRL_BAG_ID:
+        case SEC_OID_PKCS12_V1_SECRET_BAG_ID:
+        default:
+            /* skip any safe bag types we don't understand or handle */
+            safeContentsCtx->skipCurrentSafeBag = PR_TRUE;
+            break;
+    }
+
+    return;
+}
+
+/* notify function for decoding safe contents.  each entry in the
+ * safe contents is a safeBag which needs to be allocated and
+ * the decoding context initialized at the beginning and then
+ * the context needs to be closed and finished at the end.
+ *
+ * this function is set when the safeContents decode context is
+ * initialized.
+ */
+static void
+sec_pkcs12_decoder_safe_contents_notify(void *arg, PRBool before,
+                                        void *dest, int real_depth)
+{
+    sec_PKCS12SafeContentsContext *safeContentsCtx =
+        (sec_PKCS12SafeContentsContext *)arg;
+    SEC_PKCS12DecoderContext *p12dcx;
+    SECStatus rv;
+
+    /* if there is an error we don't want to continue processing,
+     * just return and keep going.
+     */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
+        safeContentsCtx->p12dcx->error) {
+        return;
+    }
+    p12dcx = safeContentsCtx->p12dcx;
+
+    /* if we are done with the current safeBag, then we need to
+     * finish the context and set the state variables appropriately.
+     */
+    if (!before) {
+        SEC_ASN1DecoderClearFilterProc(safeContentsCtx->safeContentsA1Dcx);
+        SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagA1Dcx);
+        safeContentsCtx->currentSafeBagA1Dcx = NULL;
+        safeContentsCtx->skipCurrentSafeBag = PR_FALSE;
+    } else {
+        /* we are starting a new safe bag.  we need to allocate space
+         * for the bag and initialize the decoding context.
+         */
+        rv = sec_pkcs12_decoder_init_new_safe_bag(safeContentsCtx);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        /* set up the decoder context */
+        safeContentsCtx->currentSafeBagA1Dcx =
+            SEC_ASN1DecoderStart(p12dcx->arena,
+                                 safeContentsCtx->currentSafeBag,
+                                 sec_PKCS12SafeBagTemplate);
+        if (!safeContentsCtx->currentSafeBagA1Dcx) {
+            p12dcx->errorValue = PORT_GetError();
+            goto loser;
+        }
+
+        /* set the notify and filter procs so that the safe bag
+         * data gets sent to the proper location when decoding.
+         */
+        SEC_ASN1DecoderSetNotifyProc(safeContentsCtx->currentSafeBagA1Dcx,
+                                     sec_pkcs12_decoder_safe_bag_notify,
+                                     safeContentsCtx);
+        SEC_ASN1DecoderSetFilterProc(safeContentsCtx->safeContentsA1Dcx,
+                                     sec_pkcs12_decoder_safe_bag_update,
+                                     safeContentsCtx, PR_TRUE);
+    }
+
+    return;
+
+loser:
+    /* in the event of an error, we want to close the decoding
+     * context and clear the filter and notify procedures.
+     */
+    p12dcx->error = PR_TRUE;
+
+    if (safeContentsCtx->currentSafeBagA1Dcx) {
+        SEC_ASN1DecoderFinish(safeContentsCtx->currentSafeBagA1Dcx);
+        safeContentsCtx->currentSafeBagA1Dcx = NULL;
+    }
+
+    SEC_ASN1DecoderClearNotifyProc(safeContentsCtx->safeContentsA1Dcx);
+    SEC_ASN1DecoderClearFilterProc(safeContentsCtx->safeContentsA1Dcx);
+
+    return;
+}
+
+/* initialize the safeContents for decoding.  this routine
+ * is used for authenticatedSafes as well as nested safeContents.
+ */
+static sec_PKCS12SafeContentsContext *
+sec_pkcs12_decoder_safe_contents_init_decode(SEC_PKCS12DecoderContext *p12dcx,
+                                             PRBool nestedSafe)
+{
+    sec_PKCS12SafeContentsContext *safeContentsCtx = NULL;
+    const SEC_ASN1Template *theTemplate;
+
+    if (!p12dcx || p12dcx->error) {
+        return NULL;
+    }
+
+    /* allocate a new safeContents list or grow the existing list and
+     * append the new safeContents onto the end.
+     */
+    p12dcx->safeContentsList = (!p12dcx->safeContentsCnt)
+                                   ? PORT_ArenaZNewArray(p12dcx->arena, sec_PKCS12SafeContentsContext *, 2)
+                                   : PORT_ArenaGrowArray(p12dcx->arena, p12dcx->safeContentsList,
+                                                         sec_PKCS12SafeContentsContext *,
+                                                         1 + p12dcx->safeContentsCnt,
+                                                         2 + p12dcx->safeContentsCnt);
+
+    if (!p12dcx->safeContentsList) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+
+    p12dcx->safeContentsList[p12dcx->safeContentsCnt] = safeContentsCtx =
+        PORT_ArenaZNew(p12dcx->arena, sec_PKCS12SafeContentsContext);
+    if (!p12dcx->safeContentsList[p12dcx->safeContentsCnt]) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+    p12dcx->safeContentsList[++p12dcx->safeContentsCnt] = NULL;
+
+    /* set up the state variables */
+    safeContentsCtx->p12dcx = p12dcx;
+    safeContentsCtx->arena = p12dcx->arena;
+
+    /* begin the decoding -- the template is based on whether we are
+     * decoding a nested safeContents or not.
+     */
+    if (nestedSafe == PR_TRUE) {
+        theTemplate = sec_PKCS12NestedSafeContentsDecodeTemplate;
+    } else {
+        theTemplate = sec_PKCS12SafeContentsDecodeTemplate;
+    }
+
+    /* start the decoder context */
+    safeContentsCtx->safeContentsA1Dcx = SEC_ASN1DecoderStart(p12dcx->arena,
+                                                              &safeContentsCtx->safeContents,
+                                                              theTemplate);
+
+    if (!safeContentsCtx->safeContentsA1Dcx) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+
+    /* set the safeContents notify procedure to look for
+     * and start the decode of safeBags.
+     */
+    SEC_ASN1DecoderSetNotifyProc(safeContentsCtx->safeContentsA1Dcx,
+                                 sec_pkcs12_decoder_safe_contents_notify,
+                                 safeContentsCtx);
+
+    return safeContentsCtx;
+
+loser:
+    /* in the case of an error, we want to finish the decoder
+     * context and set the error flag.
+     */
+    if (safeContentsCtx && safeContentsCtx->safeContentsA1Dcx) {
+        SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsA1Dcx);
+        safeContentsCtx->safeContentsA1Dcx = NULL;
+    }
+
+    p12dcx->error = PR_TRUE;
+
+    return NULL;
+}
+
+/* wrapper for updating safeContents.  this is set as the filter of
+ * safeBag when there is a nested safeContents.
+ */
+static void
+sec_pkcs12_decoder_nested_safe_contents_update(void *arg, const char *buf,
+                                               unsigned long len, int depth,
+                                               SEC_ASN1EncodingPart data_kind)
+{
+    sec_PKCS12SafeContentsContext *safeContentsCtx =
+        (sec_PKCS12SafeContentsContext *)arg;
+    SEC_PKCS12DecoderContext *p12dcx;
+    SECStatus rv;
+
+    /* check for an error */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
+        safeContentsCtx->p12dcx->error || !safeContentsCtx->safeContentsA1Dcx) {
+        return;
+    }
+
+    /* no need to update if no data sent in */
+    if (!len || !buf) {
+        return;
+    }
+
+    /* update the decoding context */
+    p12dcx = safeContentsCtx->p12dcx;
+    rv = SEC_ASN1DecoderUpdate(safeContentsCtx->safeContentsA1Dcx, buf, len);
+    if (rv != SECSuccess) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+
+    return;
+
+loser:
+    /* handle any errors.  If a decoding context is open, close it. */
+    p12dcx->error = PR_TRUE;
+    if (safeContentsCtx->safeContentsA1Dcx) {
+        SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsA1Dcx);
+        safeContentsCtx->safeContentsA1Dcx = NULL;
+    }
+}
+
+/* whenever a new safeContentsSafeBag is encountered, we need
+ * to init a safeContentsContext.
+ */
+static SECStatus
+sec_pkcs12_decoder_begin_nested_safe_contents(sec_PKCS12SafeContentsContext
+                                                  *safeContentsCtx)
+{
+    /* check for an error */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
+        safeContentsCtx->p12dcx->error) {
+        return SECFailure;
+    }
+
+    safeContentsCtx->nestedSafeContentsCtx =
+        sec_pkcs12_decoder_safe_contents_init_decode(safeContentsCtx->p12dcx,
+                                                     PR_TRUE);
+    if (!safeContentsCtx->nestedSafeContentsCtx) {
+        return SECFailure;
+    }
+
+    /* set up new filter proc */
+    SEC_ASN1DecoderSetNotifyProc(
+        safeContentsCtx->nestedSafeContentsCtx->safeContentsA1Dcx,
+        sec_pkcs12_decoder_safe_contents_notify,
+        safeContentsCtx->nestedSafeContentsCtx);
+
+    SEC_ASN1DecoderSetFilterProc(safeContentsCtx->currentSafeBagA1Dcx,
+                                 sec_pkcs12_decoder_nested_safe_contents_update,
+                                 safeContentsCtx->nestedSafeContentsCtx,
+                                 PR_TRUE);
+
+    return SECSuccess;
+}
+
+/* when the safeContents is done decoding, we need to reset the
+ * proper filter and notify procs and close the decoding context
+ */
+static SECStatus
+sec_pkcs12_decoder_finish_nested_safe_contents(sec_PKCS12SafeContentsContext
+                                                   *safeContentsCtx)
+{
+    /* check for error */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
+        safeContentsCtx->p12dcx->error) {
+        return SECFailure;
+    }
+
+    /* clean up */
+    SEC_ASN1DecoderClearFilterProc(safeContentsCtx->currentSafeBagA1Dcx);
+    SEC_ASN1DecoderClearNotifyProc(
+        safeContentsCtx->nestedSafeContentsCtx->safeContentsA1Dcx);
+    SEC_ASN1DecoderFinish(
+        safeContentsCtx->nestedSafeContentsCtx->safeContentsA1Dcx);
+    safeContentsCtx->nestedSafeContentsCtx->safeContentsA1Dcx = NULL;
+    safeContentsCtx->nestedSafeContentsCtx = NULL;
+
+    return SECSuccess;
+}
+
+/* wrapper for updating safeContents.  This is used when decoding
+ * the nested safeContents and any authenticatedSafes.
+ */
+static void
+sec_pkcs12_decoder_safe_contents_callback(void *arg, const char *buf,
+                                          unsigned long len)
+{
+    SECStatus rv;
+    sec_PKCS12SafeContentsContext *safeContentsCtx =
+        (sec_PKCS12SafeContentsContext *)arg;
+    SEC_PKCS12DecoderContext *p12dcx;
+
+    /* check for error */
+    if (!safeContentsCtx || !safeContentsCtx->p12dcx ||
+        safeContentsCtx->p12dcx->error || !safeContentsCtx->safeContentsA1Dcx) {
+        return;
+    }
+    p12dcx = safeContentsCtx->p12dcx;
+
+    /* update the decoder */
+    rv = SEC_ASN1DecoderUpdate(safeContentsCtx->safeContentsA1Dcx, buf, len);
+    if (rv != SECSuccess) {
+        /* if we fail while trying to decode a 'safe', it's probably because
+         * we didn't have the correct password. */
+        PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+        p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
+        SEC_PKCS7DecoderAbort(p12dcx->currentASafeP7Dcx, SEC_ERROR_BAD_PASSWORD);
+        goto loser;
+    }
+
+    return;
+
+loser:
+    /* set the error and finish the context */
+    p12dcx->error = PR_TRUE;
+    if (safeContentsCtx->safeContentsA1Dcx) {
+        SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsA1Dcx);
+        safeContentsCtx->safeContentsA1Dcx = NULL;
+    }
+
+    return;
+}
+
+/* this is a wrapper for the ASN1 decoder to call SEC_PKCS7DecoderUpdate
+ */
+static void
+sec_pkcs12_decoder_wrap_p7_update(void *arg, const char *data,
+                                  unsigned long len, int depth,
+                                  SEC_ASN1EncodingPart data_kind)
+{
+    SEC_PKCS7DecoderContext *p7dcx = (SEC_PKCS7DecoderContext *)arg;
+
+    SEC_PKCS7DecoderUpdate(p7dcx, data, len);
+}
+
+/* notify function for decoding aSafes.  at the beginning,
+ * of an authenticatedSafe, we start a decode of a safeContents.
+ * at the end, we clean up the safeContents decoder context and
+ * reset state variables
+ */
+static void
+sec_pkcs12_decoder_asafes_notify(void *arg, PRBool before, void *dest,
+                                 int real_depth)
+{
+    SEC_PKCS12DecoderContext *p12dcx;
+    sec_PKCS12SafeContentsContext *safeContentsCtx;
+
+    /* make sure no error occurred. */
+    p12dcx = (SEC_PKCS12DecoderContext *)arg;
+    if (!p12dcx || p12dcx->error) {
+        return;
+    }
+
+    if (before) {
+
+        /* init a new safeContentsContext */
+        safeContentsCtx = sec_pkcs12_decoder_safe_contents_init_decode(p12dcx,
+                                                                       PR_FALSE);
+        if (!safeContentsCtx) {
+            goto loser;
+        }
+
+        /* initiate the PKCS7ContentInfo decode */
+        p12dcx->currentASafeP7Dcx = SEC_PKCS7DecoderStart(
+            sec_pkcs12_decoder_safe_contents_callback,
+            safeContentsCtx,
+            p12dcx->pwfn, p12dcx->pwfnarg,
+            sec_pkcs12_decoder_get_decrypt_key, p12dcx,
+            sec_pkcs12_decoder_decryption_allowed);
+        if (!p12dcx->currentASafeP7Dcx) {
+            p12dcx->errorValue = PORT_GetError();
+            goto loser;
+        }
+        SEC_ASN1DecoderSetFilterProc(p12dcx->aSafeA1Dcx,
+                                     sec_pkcs12_decoder_wrap_p7_update,
+                                     p12dcx->currentASafeP7Dcx, PR_TRUE);
+    }
+
+    if (!before) {
+        /* if one is being decoded, finish the decode */
+        if (p12dcx->currentASafeP7Dcx != NULL) {
+            SEC_PKCS7ContentInfo *cinfo;
+            unsigned int cnt = p12dcx->safeContentsCnt - 1;
+            safeContentsCtx = p12dcx->safeContentsList[cnt];
+            if (safeContentsCtx->safeContentsA1Dcx) {
+                SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsA1Dcx);
+                safeContentsCtx->safeContentsA1Dcx = NULL;
+            }
+            cinfo = SEC_PKCS7DecoderFinish(p12dcx->currentASafeP7Dcx);
+            p12dcx->currentASafeP7Dcx = NULL;
+            if (!cinfo) {
+                p12dcx->errorValue = PORT_GetError();
+                goto loser;
+            }
+            SEC_PKCS7DestroyContentInfo(cinfo); /* don't leak it */
+        }
+    }
+
+    return;
+
+loser:
+    /* set the error flag */
+    p12dcx->error = PR_TRUE;
+    return;
+}
+
+/* wrapper for updating asafes decoding context.  this function
+ * writes data being decoded to disk, so that a mac can be computed
+ * later.
+ */
+static void
+sec_pkcs12_decoder_asafes_callback(void *arg, const char *buf,
+                                   unsigned long len)
+{
+    SEC_PKCS12DecoderContext *p12dcx = (SEC_PKCS12DecoderContext *)arg;
+    SECStatus rv;
+
+    if (!p12dcx || p12dcx->error) {
+        return;
+    }
+
+    /* update the context */
+    rv = SEC_ASN1DecoderUpdate(p12dcx->aSafeA1Dcx, buf, len);
+    if (rv != SECSuccess) {
+        p12dcx->errorValue = PORT_GetError();
+        p12dcx->error = PR_TRUE;
+        goto loser;
+    }
+
+    /* if we are writing to a file, write out the new information */
+    if (p12dcx->dWrite) {
+        unsigned long writeLen = (*p12dcx->dWrite)(p12dcx->dArg,
+                                                   (unsigned char *)buf, len);
+        if (writeLen != len) {
+            p12dcx->errorValue = PORT_GetError();
+            goto loser;
+        }
+    }
+
+    return;
+
+loser:
+    /* set the error flag */
+    p12dcx->error = PR_TRUE;
+    SEC_ASN1DecoderFinish(p12dcx->aSafeA1Dcx);
+    p12dcx->aSafeA1Dcx = NULL;
+
+    return;
+}
+
+/* start the decode of an authenticatedSafe contentInfo.
+ */
+static SECStatus
+sec_pkcs12_decode_start_asafes_cinfo(SEC_PKCS12DecoderContext *p12dcx)
+{
+    if (!p12dcx || p12dcx->error) {
+        return SECFailure;
+    }
+
+    /* start the decode context */
+    p12dcx->aSafeA1Dcx = SEC_ASN1DecoderStart(p12dcx->arena,
+                                              &p12dcx->authSafe,
+                                              sec_PKCS12AuthenticatedSafeTemplate);
+    if (!p12dcx->aSafeA1Dcx) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+
+    /* set the notify function */
+    SEC_ASN1DecoderSetNotifyProc(p12dcx->aSafeA1Dcx,
+                                 sec_pkcs12_decoder_asafes_notify, p12dcx);
+
+    /* begin the authSafe decoder context */
+    p12dcx->aSafeP7Dcx = SEC_PKCS7DecoderStart(
+        sec_pkcs12_decoder_asafes_callback, p12dcx,
+        p12dcx->pwfn, p12dcx->pwfnarg, NULL, NULL, NULL);
+    if (!p12dcx->aSafeP7Dcx) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+
+    /* open the temp file for writing, if the digest functions were set */
+    if (p12dcx->dOpen && (*p12dcx->dOpen)(p12dcx->dArg, PR_FALSE) != SECSuccess) {
+        p12dcx->errorValue = PORT_GetError();
+        goto loser;
+    }
+    /* dOpen(dArg, PR_FALSE) creates the temp file */
+    p12dcx->dIsOpen = PR_TRUE;
+
+    return SECSuccess;
+
+loser:
+    p12dcx->error = PR_TRUE;
+
+    if (p12dcx->aSafeA1Dcx) {
+        SEC_ASN1DecoderFinish(p12dcx->aSafeA1Dcx);
+        p12dcx->aSafeA1Dcx = NULL;
+    }
+
+    if (p12dcx->aSafeP7Dcx) {
+        SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
+        p12dcx->aSafeP7Dcx = NULL;
+    }
+
+    return SECFailure;
+}
+
+/* wrapper for updating the safeContents.  this function is used as
+ * a filter for the pfx when decoding the authenticated safes
+ */
+static void
+sec_pkcs12_decode_asafes_cinfo_update(void *arg, const char *buf,
+                                      unsigned long len, int depth,
+                                      SEC_ASN1EncodingPart data_kind)
+{
+    SEC_PKCS12DecoderContext *p12dcx;
+    SECStatus rv;
+
+    p12dcx = (SEC_PKCS12DecoderContext *)arg;
+    if (!p12dcx || p12dcx->error) {
+        return;
+    }
+
+    /* update the safeContents decoder */
+    rv = SEC_PKCS7DecoderUpdate(p12dcx->aSafeP7Dcx, buf, len);
+    if (rv != SECSuccess) {
+        p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
+        goto loser;
+    }
+
+    return;
+
+loser:
+
+    /* did we find an error?  if so, close the context and set the
+     * error flag.
+     */
+    SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
+    p12dcx->aSafeP7Dcx = NULL;
+    p12dcx->error = PR_TRUE;
+}
+
+/* notify procedure used while decoding the pfx.  When we encounter
+ * the authSafes, we want to trigger the decoding of authSafes as well
+ * as when we encounter the macData, trigger the decoding of it.  we do
+ * this because we we are streaming the decoder and not decoding in place.
+ * the pfx which is the destination, only has the version decoded into it.
+ */
+static void
+sec_pkcs12_decoder_pfx_notify_proc(void *arg, PRBool before, void *dest,
+                                   int real_depth)
+{
+    SECStatus rv;
+    SEC_PKCS12DecoderContext *p12dcx = (SEC_PKCS12DecoderContext *)arg;
+
+    /* if an error occurs, clear the notifyProc and the filterProc
+     * and continue.
+     */
+    if (p12dcx->error) {
+        SEC_ASN1DecoderClearNotifyProc(p12dcx->pfxA1Dcx);
+        SEC_ASN1DecoderClearFilterProc(p12dcx->pfxA1Dcx);
+        return;
+    }
+
+    if (before && (dest == &p12dcx->pfx.encodedAuthSafe)) {
+
+        /* we want to make sure this is a version we support */
+        if (!sec_pkcs12_proper_version(&p12dcx->pfx)) {
+            p12dcx->errorValue = SEC_ERROR_PKCS12_UNSUPPORTED_VERSION;
+            goto loser;
+        }
+
+        /* start the decode of the aSafes cinfo... */
+        rv = sec_pkcs12_decode_start_asafes_cinfo(p12dcx);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        /* set the filter proc to update the authenticated safes. */
+        SEC_ASN1DecoderSetFilterProc(p12dcx->pfxA1Dcx,
+                                     sec_pkcs12_decode_asafes_cinfo_update,
+                                     p12dcx, PR_TRUE);
+    }
+
+    if (!before && (dest == &p12dcx->pfx.encodedAuthSafe)) {
+
+        /* we are done decoding the authenticatedSafes, so we need to
+         * finish the decoderContext and clear the filter proc
+         * and close the hmac callback, if present
+         */
+        p12dcx->aSafeCinfo = SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
+        p12dcx->aSafeP7Dcx = NULL;
+        if (!p12dcx->aSafeCinfo) {
+            p12dcx->errorValue = PORT_GetError();
+            goto loser;
+        }
+        SEC_ASN1DecoderClearFilterProc(p12dcx->pfxA1Dcx);
+        if (p12dcx->dClose && ((*p12dcx->dClose)(p12dcx->dArg, PR_FALSE) != SECSuccess)) {
+            p12dcx->errorValue = PORT_GetError();
+            goto loser;
+        }
+    }
+
+    return;
+
+loser:
+    p12dcx->error = PR_TRUE;
+}
+
+/*  default implementations of the open/close/read/write functions for
+    SEC_PKCS12DecoderStart
+*/
+
+#define DEFAULT_TEMP_SIZE 4096
+
+static SECStatus
+p12u_DigestOpen(void *arg, PRBool readData)
+{
+    SEC_PKCS12DecoderContext *p12cxt = arg;
+
+    p12cxt->currentpos = 0;
+
+    if (PR_FALSE == readData) {
+        /* allocate an initial buffer */
+        p12cxt->filesize = 0;
+        p12cxt->allocated = DEFAULT_TEMP_SIZE;
+        p12cxt->buffer = PORT_Alloc(DEFAULT_TEMP_SIZE);
+        PR_ASSERT(p12cxt->buffer);
+    } else {
+        PR_ASSERT(p12cxt->buffer);
+        if (!p12cxt->buffer) {
+            return SECFailure; /* no data to read */
+        }
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+p12u_DigestClose(void *arg, PRBool removeFile)
+{
+    SEC_PKCS12DecoderContext *p12cxt = arg;
+
+    PR_ASSERT(p12cxt);
+    if (!p12cxt) {
+        return SECFailure;
+    }
+    p12cxt->currentpos = 0;
+
+    if (PR_TRUE == removeFile) {
+        PR_ASSERT(p12cxt->buffer);
+        if (!p12cxt->buffer) {
+            return SECFailure;
+        }
+        if (p12cxt->buffer) {
+            PORT_Free(p12cxt->buffer);
+            p12cxt->buffer = NULL;
+            p12cxt->allocated = 0;
+            p12cxt->filesize = 0;
+        }
+    }
+
+    return SECSuccess;
+}
+
+static int
+p12u_DigestRead(void *arg, unsigned char *buf, unsigned long len)
+{
+    int toread = len;
+    SEC_PKCS12DecoderContext *p12cxt = arg;
+
+    if (!buf || len == 0 || !p12cxt->buffer) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return -1;
+    }
+
+    if ((p12cxt->filesize - p12cxt->currentpos) < (long)len) {
+        /* trying to read past the end of the buffer */
+        toread = p12cxt->filesize - p12cxt->currentpos;
+    }
+    memcpy(buf, (char *)p12cxt->buffer + p12cxt->currentpos, toread);
+    p12cxt->currentpos += toread;
+    return toread;
+}
+
+static int
+p12u_DigestWrite(void *arg, unsigned char *buf, unsigned long len)
+{
+    SEC_PKCS12DecoderContext *p12cxt = arg;
+
+    if (!buf || len == 0) {
+        return -1;
+    }
+
+    if (p12cxt->currentpos + (long)len > p12cxt->filesize) {
+        p12cxt->filesize = p12cxt->currentpos + len;
+    } else {
+        p12cxt->filesize += len;
+    }
+    if (p12cxt->filesize > p12cxt->allocated) {
+        void *newbuffer;
+        size_t newsize = p12cxt->filesize + DEFAULT_TEMP_SIZE;
+        newbuffer = PORT_Realloc(p12cxt->buffer, newsize);
+        if (NULL == newbuffer) {
+            return -1; /* can't extend the buffer */
+        }
+        p12cxt->buffer = newbuffer;
+        p12cxt->allocated = newsize;
+    }
+    PR_ASSERT(p12cxt->buffer);
+    memcpy((char *)p12cxt->buffer + p12cxt->currentpos, buf, len);
+    p12cxt->currentpos += len;
+    return len;
+}
+
+/* SEC_PKCS12DecoderStart
+ *      Creates a decoder context for decoding a PKCS 12 PDU objct.
+ *      This function sets up the initial decoding context for the
+ *      PFX and sets the needed state variables.
+ *
+ *      pwitem - the password for the hMac and any encoded safes.
+ *               this should be changed to take a callback which retrieves
+ *               the password.  it may be possible for different safes to
+ *               have different passwords.  also, the password is already
+ *               in unicode.  it should probably be converted down below via
+ *               a unicode conversion callback.
+ *      slot - the slot to import the dataa into should multiple slots
+ *               be supported based on key type and cert type?
+ *      dOpen, dClose, dRead, dWrite - digest routines for writing data
+ *               to a file so it could be read back and the hmac recomputed
+ *               and verified.  doesn't seem to be a way for both encoding
+ *               and decoding to be single pass, thus the need for these
+ *               routines.
+ *      dArg - the argument for dOpen, etc.
+ *
+ *      if NULL == dOpen == dClose == dRead == dWrite == dArg, then default
+ *      implementations using a memory buffer are used
+ *
+ *      This function returns the decoder context, if it was successful.
+ *      Otherwise, null is returned.
+ */
+SEC_PKCS12DecoderContext *
+SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
+                       digestOpenFn dOpen, digestCloseFn dClose,
+                       digestIOFn dRead, digestIOFn dWrite, void *dArg)
+{
+    SEC_PKCS12DecoderContext *p12dcx;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(2048); /* different size? */
+    if (!arena) {
+        return NULL; /* error is already set */
+    }
+
+    /* allocate the decoder context and set the state variables */
+    p12dcx = PORT_ArenaZNew(arena, SEC_PKCS12DecoderContext);
+    if (!p12dcx) {
+        goto loser; /* error is already set */
+    }
+
+    if (!dOpen && !dClose && !dRead && !dWrite && !dArg) {
+        /* use default implementations */
+        dOpen = p12u_DigestOpen;
+        dClose = p12u_DigestClose;
+        dRead = p12u_DigestRead;
+        dWrite = p12u_DigestWrite;
+        dArg = (void *)p12dcx;
+    }
+
+    p12dcx->arena = arena;
+    p12dcx->pwitem = pwitem;
+    p12dcx->slot = (slot ? PK11_ReferenceSlot(slot)
+                         : PK11_GetInternalKeySlot());
+    p12dcx->wincx = wincx;
+    p12dcx->tokenCAs = SECPKCS12TargetTokenNoCAs;
+#ifdef IS_LITTLE_ENDIAN
+    p12dcx->swapUnicodeBytes = PR_TRUE;
+#else
+    p12dcx->swapUnicodeBytes = PR_FALSE;
+#endif
+    p12dcx->errorValue = 0;
+    p12dcx->error = PR_FALSE;
+
+    /* start the decoding of the PFX and set the notify proc
+     * for the PFX item.
+     */
+    p12dcx->pfxA1Dcx = SEC_ASN1DecoderStart(p12dcx->arena, &p12dcx->pfx,
+                                            sec_PKCS12PFXItemTemplate);
+    if (!p12dcx->pfxA1Dcx) {
+        PK11_FreeSlot(p12dcx->slot);
+        goto loser;
+    }
+
+    SEC_ASN1DecoderSetNotifyProc(p12dcx->pfxA1Dcx,
+                                 sec_pkcs12_decoder_pfx_notify_proc,
+                                 p12dcx);
+
+    /* set up digest functions */
+    p12dcx->dOpen = dOpen;
+    p12dcx->dWrite = dWrite;
+    p12dcx->dClose = dClose;
+    p12dcx->dRead = dRead;
+    p12dcx->dArg = dArg;
+    p12dcx->dIsOpen = PR_FALSE;
+
+    p12dcx->keyList = NULL;
+    p12dcx->decitem.type = 0;
+    p12dcx->decitem.der = NULL;
+    p12dcx->decitem.hasKey = PR_FALSE;
+    p12dcx->decitem.friendlyName = NULL;
+    p12dcx->iteration = 0;
+
+    return p12dcx;
+
+loser:
+    PORT_FreeArena(arena, PR_TRUE);
+    return NULL;
+}
+
+SECStatus
+SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx,
+                                   SECPKCS12TargetTokenCAs tokenCAs)
+{
+    if (!p12dcx || p12dcx->error) {
+        return SECFailure;
+    }
+    p12dcx->tokenCAs = tokenCAs;
+    return SECSuccess;
+}
+
+/* SEC_PKCS12DecoderUpdate
+ *      Streaming update sending more data to the decoder.  If
+ *      an error occurs, SECFailure is returned.
+ *
+ *      p12dcx - the decoder context
+ *      data, len - the data buffer and length of data to send to
+ *              the update functions.
+ */
+SECStatus
+SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx,
+                        unsigned char *data, unsigned long len)
+{
+    SECStatus rv;
+
+    if (!p12dcx || p12dcx->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* update the PFX decoder context */
+    rv = SEC_ASN1DecoderUpdate(p12dcx->pfxA1Dcx, (const char *)data, len);
+    if (rv != SECSuccess) {
+        p12dcx->errorValue = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
+        goto loser;
+    }
+
+    return SECSuccess;
+
+loser:
+
+    p12dcx->error = PR_TRUE;
+    return SECFailure;
+}
+
+/* This should be a nice sized buffer for reading in data (potentially large
+** amounts) to be MACed.  It should be MUCH larger than HASH_LENGTH_MAX.
+*/
+#define IN_BUF_LEN 1024
+#ifdef DEBUG
+static const char bufferEnd[] = { "BufferEnd" };
+#endif
+#define FUDGE 128 /* must be as large as bufferEnd or more. */
+
+/* verify the hmac by reading the data from the temporary file
+ * using the routines specified when the decodingContext was
+ * created and return SECSuccess if the hmac matches.
+ */
+static SECStatus
+sec_pkcs12_decoder_verify_mac(SEC_PKCS12DecoderContext *p12dcx)
+{
+    PK11Context *pk11cx = NULL;
+    PK11SymKey *symKey = NULL;
+    SECItem *params = NULL;
+    unsigned char *buf;
+    SECStatus rv = SECFailure;
+    SECStatus lrv;
+    unsigned int bufLen;
+    int iteration;
+    int bytesRead;
+    SECOidTag algtag;
+    SECItem hmacRes;
+    SECItem ignore = { 0 };
+    CK_MECHANISM_TYPE integrityMech;
+
+    if (!p12dcx || p12dcx->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    buf = (unsigned char *)PORT_Alloc(IN_BUF_LEN + FUDGE);
+    if (!buf)
+        return SECFailure; /* error code has been set. */
+
+#ifdef DEBUG
+    memcpy(buf + IN_BUF_LEN, bufferEnd, sizeof bufferEnd);
+#endif
+
+    /* generate hmac key */
+    if (p12dcx->macData.iter.data) {
+        iteration = (int)DER_GetInteger(&p12dcx->macData.iter);
+    } else {
+        iteration = 1;
+    }
+
+    params = PK11_CreatePBEParams(&p12dcx->macData.macSalt, p12dcx->pwitem,
+                                  iteration);
+
+    algtag = SECOID_GetAlgorithmTag(&p12dcx->macData.safeMac.digestAlgorithm);
+    switch (algtag) {
+        case SEC_OID_SHA1:
+            integrityMech = CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN;
+            break;
+        case SEC_OID_MD5:
+            integrityMech = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN;
+            break;
+        case SEC_OID_MD2:
+            integrityMech = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN;
+            break;
+        case SEC_OID_SHA224:
+            integrityMech = CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN;
+            break;
+        case SEC_OID_SHA256:
+            integrityMech = CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN;
+            break;
+        case SEC_OID_SHA384:
+            integrityMech = CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN;
+            break;
+        case SEC_OID_SHA512:
+            integrityMech = CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN;
+            break;
+        default:
+            goto loser;
+    }
+
+    symKey = PK11_KeyGen(NULL, integrityMech, params, 0, NULL);
+    PK11_DestroyPBEParams(params);
+    params = NULL;
+    if (!symKey)
+        goto loser;
+    /* init hmac */
+    pk11cx = PK11_CreateContextBySymKey(sec_pkcs12_algtag_to_mech(algtag),
+                                        CKA_SIGN, symKey, &ignore);
+    if (!pk11cx) {
+        goto loser;
+    }
+    lrv = PK11_DigestBegin(pk11cx);
+    if (lrv == SECFailure) {
+        goto loser;
+    }
+
+    /* try to open the data for readback */
+    if (p12dcx->dOpen && ((*p12dcx->dOpen)(p12dcx->dArg, PR_TRUE) != SECSuccess)) {
+        goto loser;
+    }
+
+    /* read the data back IN_BUF_LEN bytes at a time and recompute
+     * the hmac.  if fewer bytes are read than are requested, it is
+     * assumed that the end of file has been reached. if bytesRead
+     * is returned as -1, then an error occurred reading from the
+     * file.
+     */
+    do {
+        bytesRead = (*p12dcx->dRead)(p12dcx->dArg, buf, IN_BUF_LEN);
+        if (bytesRead < 0) {
+            PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_READ);
+            goto loser;
+        }
+        PORT_Assert(bytesRead <= IN_BUF_LEN);
+        PORT_Assert(!memcmp(buf + IN_BUF_LEN, bufferEnd, sizeof bufferEnd));
+
+        if (bytesRead > IN_BUF_LEN) {
+            /* dRead callback overflowed buffer. */
+            PORT_SetError(SEC_ERROR_INPUT_LEN);
+            goto loser;
+        }
+
+        if (bytesRead) {
+            lrv = PK11_DigestOp(pk11cx, buf, bytesRead);
+            if (lrv == SECFailure) {
+                goto loser;
+            }
+        }
+    } while (bytesRead == IN_BUF_LEN);
+
+    /* finish the hmac context */
+    lrv = PK11_DigestFinal(pk11cx, buf, &bufLen, IN_BUF_LEN);
+    if (lrv == SECFailure) {
+        goto loser;
+    }
+
+    hmacRes.data = buf;
+    hmacRes.len = bufLen;
+
+    /* is the hmac computed the same as the hmac which was decoded? */
+    rv = SECSuccess;
+    if (SECITEM_CompareItem(&hmacRes, &p12dcx->macData.safeMac.digest) != SECEqual) {
+        PORT_SetError(SEC_ERROR_PKCS12_INVALID_MAC);
+        rv = SECFailure;
+    }
+
+loser:
+    /* close the file and remove it */
+    if (p12dcx->dClose) {
+        (*p12dcx->dClose)(p12dcx->dArg, PR_TRUE);
+        p12dcx->dIsOpen = PR_FALSE;
+    }
+
+    if (pk11cx) {
+        PK11_DestroyContext(pk11cx, PR_TRUE);
+    }
+    if (params) {
+        PK11_DestroyPBEParams(params);
+    }
+    if (symKey) {
+        PK11_FreeSymKey(symKey);
+    }
+    PORT_ZFree(buf, IN_BUF_LEN + FUDGE);
+
+    return rv;
+}
+
+/* SEC_PKCS12DecoderVerify
+ *      Verify the macData or the signature of the decoded PKCS 12 PDU.
+ *      If the signature or the macData do not match, SECFailure is
+ *      returned.
+ *
+ *      p12dcx - the decoder context
+ */
+SECStatus
+SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx)
+{
+    SECStatus rv = SECSuccess;
+
+    /* make sure that no errors have occurred... */
+    if (!p12dcx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (p12dcx->error) {
+        /* error code is already set! PORT_SetError(p12dcx->errorValue); */
+        return SECFailure;
+    }
+
+    rv = SEC_ASN1DecoderFinish(p12dcx->pfxA1Dcx);
+    p12dcx->pfxA1Dcx = NULL;
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    /* check the signature or the mac depending on the type of
+     * integrity used.
+     */
+    if (p12dcx->pfx.encodedMacData.len) {
+        rv = SEC_ASN1DecodeItem(p12dcx->arena, &p12dcx->macData,
+                                sec_PKCS12MacDataTemplate,
+                                &p12dcx->pfx.encodedMacData);
+        if (rv == SECSuccess) {
+            return sec_pkcs12_decoder_verify_mac(p12dcx);
+        }
+        return rv;
+    }
+    if (SEC_PKCS7VerifySignature(p12dcx->aSafeCinfo, certUsageEmailSigner,
+                                 PR_FALSE)) {
+        return SECSuccess;
+    }
+    PORT_SetError(SEC_ERROR_PKCS12_INVALID_MAC);
+    return SECFailure;
+}
+
+/* SEC_PKCS12DecoderFinish
+ *      Free any open ASN1 or PKCS7 decoder contexts and then
+ *      free the arena pool which everything should be allocated
+ *      from.  This function should be called upon completion of
+ *      decoding and installing of a pfx pdu.  This should be
+ *      called even if an error occurs.
+ *
+ *      p12dcx - the decoder context
+ */
+void
+SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx)
+{
+    unsigned int i;
+
+    if (!p12dcx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    if (p12dcx->pfxA1Dcx) {
+        SEC_ASN1DecoderFinish(p12dcx->pfxA1Dcx);
+        p12dcx->pfxA1Dcx = NULL;
+    }
+
+    if (p12dcx->aSafeA1Dcx) {
+        SEC_ASN1DecoderFinish(p12dcx->aSafeA1Dcx);
+        p12dcx->aSafeA1Dcx = NULL;
+    }
+
+    /* cleanup any old ASN1 decoder contexts */
+    for (i = 0; i < p12dcx->safeContentsCnt; ++i) {
+        sec_PKCS12SafeContentsContext *safeContentsCtx, *nested;
+        safeContentsCtx = p12dcx->safeContentsList[i];
+        if (safeContentsCtx) {
+            nested = safeContentsCtx->nestedSafeContentsCtx;
+            while (nested) {
+                if (nested->safeContentsA1Dcx) {
+                    SEC_ASN1DecoderFinish(nested->safeContentsA1Dcx);
+                    nested->safeContentsA1Dcx = NULL;
+                }
+                nested = nested->nestedSafeContentsCtx;
+            }
+            if (safeContentsCtx->safeContentsA1Dcx) {
+                SEC_ASN1DecoderFinish(safeContentsCtx->safeContentsA1Dcx);
+                safeContentsCtx->safeContentsA1Dcx = NULL;
+            }
+        }
+    }
+
+    if (p12dcx->currentASafeP7Dcx &&
+        p12dcx->currentASafeP7Dcx != p12dcx->aSafeP7Dcx) {
+        SEC_PKCS7ContentInfo *cinfo;
+        cinfo = SEC_PKCS7DecoderFinish(p12dcx->currentASafeP7Dcx);
+        if (cinfo) {
+            SEC_PKCS7DestroyContentInfo(cinfo); /* don't leak it */
+        }
+    }
+    p12dcx->currentASafeP7Dcx = NULL;
+
+    if (p12dcx->aSafeP7Dcx) {
+        SEC_PKCS7ContentInfo *cinfo;
+        cinfo = SEC_PKCS7DecoderFinish(p12dcx->aSafeP7Dcx);
+        if (cinfo) {
+            SEC_PKCS7DestroyContentInfo(cinfo);
+        }
+        p12dcx->aSafeP7Dcx = NULL;
+    }
+
+    if (p12dcx->aSafeCinfo) {
+        SEC_PKCS7DestroyContentInfo(p12dcx->aSafeCinfo);
+        p12dcx->aSafeCinfo = NULL;
+    }
+
+    if (p12dcx->decitem.type != 0 && p12dcx->decitem.der != NULL) {
+        SECITEM_FreeItem(p12dcx->decitem.der, PR_TRUE);
+    }
+    if (p12dcx->decitem.friendlyName != NULL) {
+        SECITEM_FreeItem(p12dcx->decitem.friendlyName, PR_TRUE);
+    }
+
+    if (p12dcx->slot) {
+        PK11_FreeSlot(p12dcx->slot);
+        p12dcx->slot = NULL;
+    }
+
+    if (p12dcx->dIsOpen && p12dcx->dClose) {
+        (*p12dcx->dClose)(p12dcx->dArg, PR_TRUE);
+        p12dcx->dIsOpen = PR_FALSE;
+    }
+
+    if (p12dcx->arena) {
+        PORT_FreeArena(p12dcx->arena, PR_TRUE);
+    }
+}
+
+static SECStatus
+sec_pkcs12_decoder_set_attribute_value(sec_PKCS12SafeBag *bag,
+                                       SECOidTag attributeType,
+                                       SECItem *attrValue)
+{
+    int i = 0;
+    SECOidData *oid;
+
+    if (!bag || !attrValue) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    oid = SECOID_FindOIDByTag(attributeType);
+    if (!oid) {
+        return SECFailure;
+    }
+
+    if (!bag->attribs) {
+        bag->attribs =
+            PORT_ArenaZNewArray(bag->arena, sec_PKCS12Attribute *, 2);
+    } else {
+        while (bag->attribs[i])
+            i++;
+        bag->attribs = PORT_ArenaGrowArray(bag->arena, bag->attribs,
+                                           sec_PKCS12Attribute *, i + 1, i + 2);
+    }
+
+    if (!bag->attribs) {
+        return SECFailure;
+    }
+
+    bag->attribs[i] = PORT_ArenaZNew(bag->arena, sec_PKCS12Attribute);
+    if (!bag->attribs[i]) {
+        return SECFailure;
+    }
+
+    bag->attribs[i]->attrValue = PORT_ArenaZNewArray(bag->arena, SECItem *, 2);
+    if (!bag->attribs[i]->attrValue) {
+        return SECFailure;
+    }
+
+    bag->attribs[i + 1] = NULL;
+    bag->attribs[i]->attrValue[0] = attrValue;
+    bag->attribs[i]->attrValue[1] = NULL;
+
+    return SECITEM_CopyItem(bag->arena, &bag->attribs[i]->attrType, &oid->oid);
+}
+
+static SECItem *
+sec_pkcs12_get_attribute_value(sec_PKCS12SafeBag *bag,
+                               SECOidTag attributeType)
+{
+    int i;
+
+    if (!bag->attribs) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    for (i = 0; bag->attribs[i] != NULL; i++) {
+        if (SECOID_FindOIDTag(&bag->attribs[i]->attrType) == attributeType) {
+            return bag->attribs[i]->attrValue[0];
+        }
+    }
+    return NULL;
+}
+
+/* For now, this function will merely remove any ":"
+ * in the nickname which the PK11 functions may have
+ * placed there.  This will keep dual certs from appearing
+ * twice under "Your" certificates when imported onto smart
+ * cards.  Once with the name "Slot:Cert" and another with
+ * the nickname "Slot:Slot:Cert"
+ */
+static void
+sec_pkcs12_sanitize_nickname(PK11SlotInfo *slot, SECItem *nick)
+{
+    char *nickname;
+    char *delimit;
+    int delimitlen;
+
+    nickname = (char *)nick->data;
+    if ((delimit = PORT_Strchr(nickname, ':')) != NULL) {
+        char *slotName;
+        int slotNameLen;
+
+        slotNameLen = delimit - nickname;
+        slotName = PORT_NewArray(char, (slotNameLen + 1));
+        PORT_Assert(slotName);
+        if (slotName == NULL) {
+            /* What else can we do?*/
+            return;
+        }
+        PORT_Memcpy(slotName, nickname, slotNameLen);
+        slotName[slotNameLen] = '\0';
+        if (PORT_Strcmp(PK11_GetTokenName(slot), slotName) == 0) {
+            delimitlen = PORT_Strlen(delimit + 1);
+            PORT_Memmove(nickname, delimit + 1, delimitlen + 1);
+            nick->len = delimitlen;
+        }
+        PORT_Free(slotName);
+    }
+}
+
+static SECItem *
+sec_pkcs12_get_nickname(sec_PKCS12SafeBag *bag)
+{
+    SECItem *src, *dest;
+
+    if (!bag) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    src = sec_pkcs12_get_attribute_value(bag, SEC_OID_PKCS9_FRIENDLY_NAME);
+
+    /* The return value src is 16-bit Unicode characters, in big-endian format.
+     * Check if it is NULL or empty name.
+     */
+    if (!src || !src->data || src->len < 2 || (!src->data[0] && !src->data[1])) {
+        return NULL;
+    }
+
+    dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (!dest) {
+        goto loser;
+    }
+    if (!sec_pkcs12_convert_item_to_unicode(NULL, dest, src, PR_FALSE,
+                                            PR_FALSE, PR_FALSE)) {
+        goto loser;
+    }
+
+    sec_pkcs12_sanitize_nickname(bag->slot, dest);
+
+    return dest;
+
+loser:
+    if (dest) {
+        SECITEM_ZfreeItem(dest, PR_TRUE);
+    }
+
+    bag->problem = PR_TRUE;
+    bag->error = PORT_GetError();
+    return NULL;
+}
+
+static SECStatus
+sec_pkcs12_set_nickname(sec_PKCS12SafeBag *bag, SECItem *name)
+{
+    sec_PKCS12Attribute *attr = NULL;
+    SECOidData *oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_FRIENDLY_NAME);
+
+    if (!bag || !bag->arena || !name) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!bag->attribs) {
+        if (!oid) {
+            goto loser;
+        }
+
+        bag->attribs =
+            PORT_ArenaZNewArray(bag->arena, sec_PKCS12Attribute *, 2);
+        if (!bag->attribs) {
+            goto loser;
+        }
+        bag->attribs[0] = PORT_ArenaZNew(bag->arena, sec_PKCS12Attribute);
+        if (!bag->attribs[0]) {
+            goto loser;
+        }
+        bag->attribs[1] = NULL;
+
+        attr = bag->attribs[0];
+        if (SECITEM_CopyItem(bag->arena, &attr->attrType, &oid->oid) != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        int i;
+        for (i = 0; bag->attribs[i]; i++) {
+            if (SECOID_FindOIDTag(&bag->attribs[i]->attrType) == SEC_OID_PKCS9_FRIENDLY_NAME) {
+                attr = bag->attribs[i];
+                break;
+            }
+        }
+        if (!attr) {
+            if (!oid) {
+                goto loser;
+            }
+            bag->attribs = PORT_ArenaGrowArray(bag->arena, bag->attribs,
+                                               sec_PKCS12Attribute *, i + 1, i + 2);
+            if (!bag->attribs) {
+                goto loser;
+            }
+            bag->attribs[i] = PORT_ArenaZNew(bag->arena, sec_PKCS12Attribute);
+            if (!bag->attribs[i]) {
+                goto loser;
+            }
+            bag->attribs[i + 1] = NULL;
+            attr = bag->attribs[i];
+            if (SECITEM_CopyItem(bag->arena, &attr->attrType, &oid->oid) != SECSuccess) {
+                goto loser;
+            }
+        }
+    }
+
+    PORT_Assert(attr);
+    if (!attr->attrValue) {
+        attr->attrValue = PORT_ArenaZNewArray(bag->arena, SECItem *, 2);
+        if (!attr->attrValue) {
+            goto loser;
+        }
+        attr->attrValue[0] = PORT_ArenaZNew(bag->arena, SECItem);
+        if (!attr->attrValue[0]) {
+            goto loser;
+        }
+        attr->attrValue[1] = NULL;
+    }
+
+    name->len = PORT_Strlen((char *)name->data);
+    if (!sec_pkcs12_convert_item_to_unicode(bag->arena, attr->attrValue[0],
+                                            name, PR_FALSE, PR_FALSE, PR_TRUE)) {
+        goto loser;
+    }
+
+    return SECSuccess;
+
+loser:
+    bag->problem = PR_TRUE;
+    bag->error = PORT_GetError();
+    return SECFailure;
+}
+
+static SECStatus
+sec_pkcs12_get_key_info(sec_PKCS12SafeBag *key)
+{
+    int i = 0;
+    SECKEYPrivateKeyInfo *pki = NULL;
+
+    if (!key) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* if the bag does *not* contain an unencrypted PrivateKeyInfo
+     * then we cannot convert the attributes.  We are propagating
+     * attributes within the PrivateKeyInfo to the SafeBag level.
+     */
+    if (SECOID_FindOIDTag(&(key->safeBagType)) !=
+        SEC_OID_PKCS12_V1_KEY_BAG_ID) {
+        return SECSuccess;
+    }
+
+    pki = key->safeBagContent.pkcs8KeyBag;
+
+    if (!pki || !pki->attributes) {
+        return SECSuccess;
+    }
+
+    while (pki->attributes[i]) {
+        SECOidTag tag = SECOID_FindOIDTag(&pki->attributes[i]->attrType);
+
+        if (tag == SEC_OID_PKCS9_LOCAL_KEY_ID ||
+            tag == SEC_OID_PKCS9_FRIENDLY_NAME) {
+            SECItem *attrValue = sec_pkcs12_get_attribute_value(key, tag);
+            if (!attrValue) {
+                if (sec_pkcs12_decoder_set_attribute_value(key, tag,
+                                                           pki->attributes[i]->attrValue[0]) != SECSuccess) {
+                    key->problem = PR_TRUE;
+                    key->error = PORT_GetError();
+                    return SECFailure;
+                }
+            }
+        }
+        i++;
+    }
+
+    return SECSuccess;
+}
+
+/* retrieve the nickname for the certificate bag.  first look
+ * in the cert bag, otherwise get it from the key.
+ */
+static SECItem *
+sec_pkcs12_get_nickname_for_cert(sec_PKCS12SafeBag *cert,
+                                 sec_PKCS12SafeBag *key)
+{
+    SECItem *nickname;
+
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    nickname = sec_pkcs12_get_nickname(cert);
+    if (nickname) {
+        return nickname;
+    }
+
+    if (key) {
+        nickname = sec_pkcs12_get_nickname(key);
+
+        if (nickname && sec_pkcs12_set_nickname(cert, nickname) != SECSuccess) {
+            SECITEM_ZfreeItem(nickname, PR_TRUE);
+            return NULL;
+        }
+    }
+
+    return nickname;
+}
+
+/* set the nickname for the certificate */
+static SECStatus
+sec_pkcs12_set_nickname_for_cert(sec_PKCS12SafeBag *cert,
+                                 sec_PKCS12SafeBag *key,
+                                 SECItem *nickname)
+{
+    if (!nickname || !cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (sec_pkcs12_set_nickname(cert, nickname) != SECSuccess) {
+        return SECFailure;
+    }
+
+    if (key) {
+        if (sec_pkcs12_set_nickname(key, nickname) != SECSuccess) {
+            cert->problem = PR_TRUE;
+            cert->error = key->error;
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+/* retrieve the DER cert from the cert bag */
+static SECItem *
+sec_pkcs12_get_der_cert(sec_PKCS12SafeBag *cert)
+{
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (SECOID_FindOIDTag(&cert->safeBagType) != SEC_OID_PKCS12_V1_CERT_BAG_ID) {
+        return NULL;
+    }
+
+    /* only support X509 certs not SDSI */
+    if (SECOID_FindOIDTag(&cert->safeBagContent.certBag->bagID) != SEC_OID_PKCS9_X509_CERT) {
+        return NULL;
+    }
+
+    return SECITEM_DupItem(&(cert->safeBagContent.certBag->value.x509Cert));
+}
+
+struct certNickInfo {
+    PLArenaPool *arena;
+    unsigned int nNicks;
+    SECItem **nickList;
+    unsigned int error;
+};
+
+/* callback for traversing certificates to gather the nicknames
+ * used in a particular traversal.  for instance, when using
+ * CERT_TraversePermCertsForSubject, gather the nicknames and
+ * store them in the certNickInfo for a particular DN.
+ *
+ * this handles the case where multiple nicknames are allowed
+ * for the same dn, which is not currently allowed, but may be
+ * in the future.
+ */
+static SECStatus
+gatherNicknames(CERTCertificate *cert, void *arg)
+{
+    struct certNickInfo *nickArg = (struct certNickInfo *)arg;
+    SECItem tempNick;
+    unsigned int i;
+
+    if (!cert || !nickArg || nickArg->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!cert->nickname) {
+        return SECSuccess;
+    }
+
+    tempNick.data = (unsigned char *)cert->nickname;
+    tempNick.len = PORT_Strlen(cert->nickname) + 1;
+    tempNick.type = siAsciiString;
+
+    /* do we already have the nickname in the list? */
+    if (nickArg->nNicks > 0) {
+
+        /* nicknames have been encountered, but there is no list -- bad */
+        if (!nickArg->nickList) {
+            nickArg->error = SEC_ERROR_INVALID_ARGS;
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+
+        for (i = 0; i < nickArg->nNicks; i++) {
+            if (SECITEM_CompareItem(nickArg->nickList[i], &tempNick) == SECEqual) {
+                return SECSuccess;
+            }
+        }
+    }
+
+    /* add the nickname to the list */
+    nickArg->nickList = (nickArg->nNicks == 0)
+                            ? PORT_ArenaZNewArray(nickArg->arena, SECItem *, 2)
+                            : PORT_ArenaGrowArray(nickArg->arena, nickArg->nickList, SECItem *,
+                                                  nickArg->nNicks + 1, nickArg->nNicks + 2);
+
+    if (!nickArg->nickList) {
+        nickArg->error = SEC_ERROR_NO_MEMORY;
+        return SECFailure;
+    }
+
+    nickArg->nickList[nickArg->nNicks] =
+        PORT_ArenaZNew(nickArg->arena, SECItem);
+    if (!nickArg->nickList[nickArg->nNicks]) {
+        nickArg->error = PORT_GetError();
+        return SECFailure;
+    }
+
+    if (SECITEM_CopyItem(nickArg->arena, nickArg->nickList[nickArg->nNicks],
+                         &tempNick) != SECSuccess) {
+        nickArg->error = PORT_GetError();
+        return SECFailure;
+    }
+
+    nickArg->nNicks++;
+
+    return SECSuccess;
+}
+
+/* traverses the certs in the data base or in the token for the
+ * DN to see if any certs currently have a nickname set.
+ * If so, return it.
+ */
+static SECItem *
+sec_pkcs12_get_existing_nick_for_dn(sec_PKCS12SafeBag *cert)
+{
+    struct certNickInfo *nickArg = NULL;
+    SECItem *derCert, *returnDn = NULL;
+    PLArenaPool *arena = NULL;
+    CERTCertificate *tempCert;
+
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    derCert = sec_pkcs12_get_der_cert(cert);
+    if (!derCert) {
+        return NULL;
+    }
+
+    tempCert = CERT_DecodeDERCertificate(derCert, PR_FALSE, NULL);
+    if (!tempCert) {
+        returnDn = NULL;
+        goto loser;
+    }
+
+    arena = PORT_NewArena(1024);
+    if (!arena) {
+        returnDn = NULL;
+        goto loser;
+    }
+    nickArg = PORT_ArenaZNew(arena, struct certNickInfo);
+    if (!nickArg) {
+        returnDn = NULL;
+        goto loser;
+    }
+    nickArg->error = 0;
+    nickArg->nNicks = 0;
+    nickArg->nickList = NULL;
+    nickArg->arena = arena;
+
+    /* if the token is local, first traverse the cert database
+     * then traverse the token.
+     */
+    if (PK11_TraverseCertsForSubjectInSlot(tempCert, cert->slot, gatherNicknames,
+                                           (void *)nickArg) != SECSuccess) {
+        returnDn = NULL;
+        goto loser;
+    }
+
+    if (nickArg->error) {
+        /* XXX do we want to set the error? */
+        returnDn = NULL;
+        goto loser;
+    }
+
+    if (nickArg->nNicks == 0) {
+        returnDn = NULL;
+        goto loser;
+    }
+
+    /* set it to the first name, for now.  handle multiple names? */
+    returnDn = SECITEM_DupItem(nickArg->nickList[0]);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+
+    if (tempCert) {
+        CERT_DestroyCertificate(tempCert);
+    }
+
+    if (derCert) {
+        SECITEM_FreeItem(derCert, PR_TRUE);
+    }
+
+    return (returnDn);
+}
+
+/* counts certificates found for a given traversal function */
+static SECStatus
+countCertificate(CERTCertificate *cert, void *arg)
+{
+    unsigned int *nCerts = (unsigned int *)arg;
+
+    if (!cert || !arg) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    (*nCerts)++;
+    return SECSuccess;
+}
+
+static PRBool
+sec_pkcs12_certs_for_nickname_exist(SECItem *nickname, PK11SlotInfo *slot)
+{
+    unsigned int nCerts = 0;
+
+    if (!nickname || !slot) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return PR_TRUE;
+    }
+
+    /* we want to check the local database first if we are importing to it */
+    PK11_TraverseCertsForNicknameInSlot(nickname, slot, countCertificate,
+                                        (void *)&nCerts);
+    return (PRBool)(nCerts != 0);
+}
+
+/* validate cert nickname such that there is a one-to-one relation
+ * between nicknames and dn's.  we want to enforce the case that the
+ * nickname is non-NULL and that there is only one nickname per DN.
+ *
+ * if there is a problem with a nickname or the nickname is not present,
+ * the user will be prompted for it.
+ */
+static void
+sec_pkcs12_validate_cert_nickname(sec_PKCS12SafeBag *cert,
+                                  sec_PKCS12SafeBag *key,
+                                  SEC_PKCS12NicknameCollisionCallback nicknameCb,
+                                  CERTCertificate *leafCert)
+{
+    SECItem *certNickname, *existingDNNick;
+    PRBool setNickname = PR_FALSE, cancel = PR_FALSE;
+    SECItem *newNickname = NULL;
+
+    if (!cert || !cert->hasKey) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    if (!nicknameCb) {
+        cert->problem = PR_TRUE;
+        cert->error = SEC_ERROR_INVALID_ARGS;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    if (cert->hasKey && !key) {
+        cert->problem = PR_TRUE;
+        cert->error = SEC_ERROR_INVALID_ARGS;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    certNickname = sec_pkcs12_get_nickname_for_cert(cert, key);
+    existingDNNick = sec_pkcs12_get_existing_nick_for_dn(cert);
+
+    /* nickname is already used w/ this dn, so it is safe to return */
+    if (certNickname && existingDNNick &&
+        SECITEM_CompareItem(certNickname, existingDNNick) == SECEqual) {
+        goto loser;
+    }
+
+    /* nickname not set in pkcs 12 bags, but a nick is already used for
+     * this dn.  set the nicks in the p12 bags and finish.
+     */
+    if (existingDNNick) {
+        sec_pkcs12_set_nickname_for_cert(cert, key, existingDNNick);
+        goto loser;
+    }
+
+    /* at this point, we have a certificate for which the DN is not located
+     * on the token.  the nickname specified may or may not be NULL.  if it
+     * is not null, we need to make sure that there are no other certificates
+     * with this nickname in the token for it to be valid.  this imposes a
+     * one to one relationship between DN and nickname.
+     *
+     * if the nickname is null, we need the user to enter a nickname for
+     * the certificate.
+     *
+     * once we have a nickname, we make sure that the nickname is unique
+     * for the DN.  if it is not, the user is reprompted to enter a new
+     * nickname.
+     *
+     * in order to exit this loop, the nickname entered is either unique
+     * or the user hits cancel and the certificate is not imported.
+     */
+    setNickname = PR_FALSE;
+    while (1) {
+        /* we will use the nickname so long as no other certs have the
+         * same nickname.  and the nickname is not NULL.
+         */
+        if (certNickname && certNickname->data &&
+            !sec_pkcs12_certs_for_nickname_exist(certNickname, cert->slot)) {
+            if (setNickname) {
+                sec_pkcs12_set_nickname_for_cert(cert, key, certNickname);
+            }
+            break;
+        }
+
+        setNickname = PR_FALSE;
+        newNickname = (*nicknameCb)(certNickname, &cancel, leafCert);
+        if (cancel) {
+            cert->problem = PR_TRUE;
+            cert->error = SEC_ERROR_USER_CANCELLED;
+            break;
+        }
+
+        if (!newNickname) {
+            cert->problem = PR_TRUE;
+            cert->error = PORT_GetError();
+            break;
+        }
+
+        /* at this point we have a new nickname, if we have an existing
+         * certNickname, we need to free it and assign the new nickname
+         * to it to avoid a memory leak.  happy?
+         */
+        if (certNickname) {
+            SECITEM_ZfreeItem(certNickname, PR_TRUE);
+            certNickname = NULL;
+        }
+
+        certNickname = newNickname;
+        setNickname = PR_TRUE;
+        /* go back and recheck the new nickname */
+    }
+
+loser:
+    if (certNickname) {
+        SECITEM_ZfreeItem(certNickname, PR_TRUE);
+    }
+
+    if (existingDNNick) {
+        SECITEM_ZfreeItem(existingDNNick, PR_TRUE);
+    }
+}
+
+static void
+sec_pkcs12_validate_cert(sec_PKCS12SafeBag *cert,
+                         sec_PKCS12SafeBag *key,
+                         SEC_PKCS12NicknameCollisionCallback nicknameCb)
+{
+    CERTCertificate *leafCert;
+
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    cert->validated = PR_TRUE;
+
+    if (!nicknameCb) {
+        cert->noInstall = PR_TRUE;
+        cert->problem = PR_TRUE;
+        cert->error = SEC_ERROR_INVALID_ARGS;
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    if (!cert->safeBagContent.certBag) {
+        cert->noInstall = PR_TRUE;
+        cert->problem = PR_TRUE;
+        cert->error = SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE;
+        return;
+    }
+
+    cert->noInstall = PR_FALSE;
+    cert->unused = PR_FALSE;
+    cert->problem = PR_FALSE;
+    cert->error = 0;
+
+    leafCert = CERT_DecodeDERCertificate(
+        &cert->safeBagContent.certBag->value.x509Cert, PR_FALSE, NULL);
+    if (!leafCert) {
+        cert->noInstall = PR_TRUE;
+        cert->problem = PR_TRUE;
+        cert->error = PORT_GetError();
+        return;
+    }
+
+    sec_pkcs12_validate_cert_nickname(cert, key, nicknameCb, leafCert);
+
+    CERT_DestroyCertificate(leafCert);
+}
+
+static void
+sec_pkcs12_validate_key_by_cert(sec_PKCS12SafeBag *cert, sec_PKCS12SafeBag *key,
+                                void *wincx)
+{
+    CERTCertificate *leafCert;
+    SECKEYPrivateKey *privk;
+
+    if (!key) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return;
+    }
+
+    key->validated = PR_TRUE;
+
+    if (!cert) {
+        key->problem = PR_TRUE;
+        key->noInstall = PR_TRUE;
+        key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
+        return;
+    }
+
+    leafCert = CERT_DecodeDERCertificate(
+        &(cert->safeBagContent.certBag->value.x509Cert), PR_FALSE, NULL);
+    if (!leafCert) {
+        key->problem = PR_TRUE;
+        key->noInstall = PR_TRUE;
+        key->error = PORT_GetError();
+        return;
+    }
+
+    privk = PK11_FindPrivateKeyFromCert(key->slot, leafCert, wincx);
+    if (!privk) {
+        privk = PK11_FindKeyByDERCert(key->slot, leafCert, wincx);
+    }
+
+    if (privk) {
+        SECKEY_DestroyPrivateKey(privk);
+        key->noInstall = PR_TRUE;
+    }
+
+    CERT_DestroyCertificate(leafCert);
+}
+
+static SECStatus
+sec_pkcs12_add_cert(sec_PKCS12SafeBag *cert, PRBool keyExists, void *wincx)
+{
+    SECItem *derCert, *nickName;
+    char *nickData = NULL;
+    PRBool isIntermediateCA;
+    SECStatus rv;
+
+    if (!cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (cert->problem || cert->noInstall || cert->installed) {
+        return SECSuccess;
+    }
+
+    derCert = &cert->safeBagContent.certBag->value.x509Cert;
+
+    PORT_Assert(!cert->problem && !cert->noInstall);
+
+    nickName = sec_pkcs12_get_nickname(cert);
+    if (nickName) {
+        nickData = (char *)nickName->data;
+    }
+
+    isIntermediateCA = CERT_IsCADERCert(derCert, NULL) &&
+                       !CERT_IsRootDERCert(derCert);
+
+    if (keyExists) {
+        CERTCertificate *newCert;
+
+        newCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                          derCert, NULL, PR_FALSE, PR_FALSE);
+        if (!newCert) {
+            if (nickName)
+                SECITEM_ZfreeItem(nickName, PR_TRUE);
+            cert->error = PORT_GetError();
+            cert->problem = PR_TRUE;
+            return SECFailure;
+        }
+
+        rv = PK11_ImportCertForKeyToSlot(cert->slot, newCert, nickData,
+                                         PR_TRUE, wincx);
+        CERT_DestroyCertificate(newCert);
+    } else if ((cert->tokenCAs == SECPKCS12TargetTokenNoCAs) ||
+               ((cert->tokenCAs == SECPKCS12TargetTokenIntermediateCAs) &&
+                !isIntermediateCA)) {
+        SECItem *certList[2];
+        certList[0] = derCert;
+        certList[1] = NULL;
+
+        rv = CERT_ImportCerts(CERT_GetDefaultCertDB(), certUsageUserCertImport,
+                              1, certList, NULL, PR_TRUE, PR_FALSE, nickData);
+    } else {
+        rv = PK11_ImportDERCert(cert->slot, derCert, CK_INVALID_HANDLE,
+                                nickData, PR_FALSE);
+    }
+    if (rv) {
+        cert->problem = 1;
+        cert->error = PORT_GetError();
+    }
+    cert->installed = PR_TRUE;
+    if (nickName)
+        SECITEM_ZfreeItem(nickName, PR_TRUE);
+    return rv;
+}
+
+static SECItem *
+sec_pkcs12_get_public_value_and_type(SECKEYPublicKey *pubKey, KeyType *type);
+
+static SECStatus
+sec_pkcs12_add_key(sec_PKCS12SafeBag *key, SECKEYPublicKey *pubKey,
+                   unsigned int keyUsage,
+                   SECItem *nickName, void *wincx)
+{
+    SECStatus rv;
+    SECItem *publicValue = NULL;
+    KeyType keyType;
+
+    /* We should always have values for "key" and "pubKey"
+       so they can be dereferenced later. */
+    if (!key || !pubKey) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (key->problem || key->noInstall) {
+        return SECSuccess;
+    }
+
+    /* get the value and type from the public key */
+    publicValue = sec_pkcs12_get_public_value_and_type(pubKey, &keyType);
+    if (!publicValue) {
+        key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
+        key->problem = PR_TRUE;
+        return SECFailure;
+    }
+
+    switch (SECOID_FindOIDTag(&key->safeBagType)) {
+        case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+            rv = PK11_ImportPrivateKeyInfo(key->slot,
+                                           key->safeBagContent.pkcs8KeyBag,
+                                           nickName, publicValue, PR_TRUE, PR_TRUE,
+                                           keyUsage, wincx);
+            break;
+        case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+            rv = PK11_ImportEncryptedPrivateKeyInfo(key->slot,
+                                                    key->safeBagContent.pkcs8ShroudedKeyBag,
+                                                    key->pwitem, nickName, publicValue,
+                                                    PR_TRUE, PR_TRUE, keyType, keyUsage,
+                                                    wincx);
+            break;
+        default:
+            key->error = SEC_ERROR_PKCS12_UNSUPPORTED_VERSION;
+            key->problem = PR_TRUE;
+            if (nickName) {
+                SECITEM_ZfreeItem(nickName, PR_TRUE);
+            }
+            return SECFailure;
+    }
+
+    if (rv != SECSuccess) {
+        key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
+        key->problem = PR_TRUE;
+    } else {
+        /* try to import the public key. Failure to do so is not fatal,
+         * not all tokens can store the public key */
+        if (pubKey) {
+            PK11_ImportPublicKey(key->slot, pubKey, PR_TRUE);
+        }
+        key->installed = PR_TRUE;
+    }
+
+    return rv;
+}
+
+/*
+ * The correctness of the code in this file ABSOLUTELY REQUIRES
+ * that ALL BAGs share a single common arena.
+ *
+ * This function allocates the bag list from the arena of whatever bag
+ * happens to be passed to it.  Each time a new bag is handed to it,
+ * it grows (resizes) the arena of the bag that was handed to it.
+ * If the bags have different arenas, it will grow the wrong arena.
+ *
+ * Worse, if the bags had separate arenas, then while destroying the bags
+ * in a bag list, when the bag whose arena contained the bag list was
+ * destroyed, the baglist itself would be destroyed, making it difficult
+ * or impossible to continue to destroy the bags in the destroyed list.
+ */
+static SECStatus
+sec_pkcs12_add_item_to_bag_list(sec_PKCS12SafeBag ***bagList,
+                                sec_PKCS12SafeBag *bag)
+{
+    sec_PKCS12SafeBag **newBagList = NULL;
+    int i = 0;
+
+    if (!bagList || !bag) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!(*bagList)) {
+        newBagList = PORT_ArenaZNewArray(bag->arena, sec_PKCS12SafeBag *, 2);
+    } else {
+        while ((*bagList)[i])
+            i++;
+        newBagList = PORT_ArenaGrowArray(bag->arena, *bagList,
+                                         sec_PKCS12SafeBag *, i + 1, i + 2);
+    }
+
+    if (!newBagList) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    newBagList[i] = bag;
+    newBagList[i + 1] = NULL;
+    *bagList = newBagList;
+
+    return SECSuccess;
+}
+
+static sec_PKCS12SafeBag **
+sec_pkcs12_find_certs_for_key(sec_PKCS12SafeBag **safeBags,
+                              sec_PKCS12SafeBag *key)
+{
+    sec_PKCS12SafeBag **certList = NULL;
+    SECItem *keyId;
+    int i;
+
+    if (!safeBags || !safeBags[0]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    keyId = sec_pkcs12_get_attribute_value(key, SEC_OID_PKCS9_LOCAL_KEY_ID);
+    if (!keyId) {
+        return NULL;
+    }
+
+    for (i = 0; safeBags[i]; i++) {
+        if (SECOID_FindOIDTag(&(safeBags[i]->safeBagType)) == SEC_OID_PKCS12_V1_CERT_BAG_ID) {
+            SECItem *certKeyId = sec_pkcs12_get_attribute_value(safeBags[i],
+                                                                SEC_OID_PKCS9_LOCAL_KEY_ID);
+
+            if (certKeyId && (SECITEM_CompareItem(certKeyId, keyId) == SECEqual)) {
+                if (sec_pkcs12_add_item_to_bag_list(&certList, safeBags[i]) != SECSuccess) {
+                    /* This would leak the partial list of safeBags,
+                     * but that list is allocated from the arena of
+                     * one of the safebags, and will be destroyed when
+                     * that arena is destroyed.  So this is not a real leak.
+                     */
+                    return NULL;
+                }
+            }
+        }
+    }
+
+    return certList;
+}
+
+CERTCertList *
+SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx)
+{
+    CERTCertList *certList = NULL;
+    sec_PKCS12SafeBag **safeBags;
+    int i;
+
+    if (!p12dcx || !p12dcx->safeBags || !p12dcx->safeBags[0]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    safeBags = p12dcx->safeBags;
+    certList = CERT_NewCertList();
+
+    if (certList == NULL) {
+        return NULL;
+    }
+
+    for (i = 0; safeBags[i]; i++) {
+        if (SECOID_FindOIDTag(&(safeBags[i]->safeBagType)) == SEC_OID_PKCS12_V1_CERT_BAG_ID) {
+            SECItem *derCert = sec_pkcs12_get_der_cert(safeBags[i]);
+            CERTCertificate *tempCert = NULL;
+
+            if (derCert == NULL)
+                continue;
+            tempCert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                               derCert, NULL,
+                                               PR_FALSE, PR_TRUE);
+
+            if (tempCert) {
+                CERT_AddCertToListTail(certList, tempCert);
+            }
+            SECITEM_FreeItem(derCert, PR_TRUE);
+        }
+        /* fixed an infinite loop here, by ensuring that i gets incremented
+         * if derCert is NULL above.
+         */
+    }
+
+    return certList;
+}
+static sec_PKCS12SafeBag **
+sec_pkcs12_get_key_bags(sec_PKCS12SafeBag **safeBags)
+{
+    int i;
+    sec_PKCS12SafeBag **keyList = NULL;
+    SECOidTag bagType;
+
+    if (!safeBags || !safeBags[0]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    for (i = 0; safeBags[i]; i++) {
+        bagType = SECOID_FindOIDTag(&(safeBags[i]->safeBagType));
+        switch (bagType) {
+            case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+            case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+                if (sec_pkcs12_add_item_to_bag_list(&keyList, safeBags[i]) != SECSuccess) {
+                    /* This would leak, except that keyList is allocated
+                     * from the arena shared by all the safeBags.
+                     */
+                    return NULL;
+                }
+                break;
+            default:
+                break;
+        }
+    }
+
+    return keyList;
+}
+
+/* This function takes two passes over the bags, validating them
+ * The two passes are intended to mirror exactly the two passes in
+ * sec_pkcs12_install_bags.  But they don't. :(
+ */
+static SECStatus
+sec_pkcs12_validate_bags(sec_PKCS12SafeBag **safeBags,
+                         SEC_PKCS12NicknameCollisionCallback nicknameCb,
+                         void *wincx)
+{
+    sec_PKCS12SafeBag **keyList;
+    int i;
+
+    if (!safeBags || !nicknameCb) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!safeBags[0]) {
+        return SECSuccess;
+    }
+
+    /* First pass.  Find all the key bags.
+     * Find the matching cert(s) for each key.
+     */
+    keyList = sec_pkcs12_get_key_bags(safeBags);
+    if (keyList) {
+        for (i = 0; keyList[i]; ++i) {
+            sec_PKCS12SafeBag *key = keyList[i];
+            sec_PKCS12SafeBag **certList =
+                sec_pkcs12_find_certs_for_key(safeBags, key);
+
+            if (certList) {
+                int j;
+
+                if (SECOID_FindOIDTag(&(key->safeBagType)) ==
+                    SEC_OID_PKCS12_V1_KEY_BAG_ID) {
+                    /* if it is an unencrypted private key then make sure
+                     * the attributes are propageted to the appropriate
+                     * level
+                     */
+                    if (sec_pkcs12_get_key_info(key) != SECSuccess) {
+                        return SECFailure;
+                    }
+                }
+
+                sec_pkcs12_validate_key_by_cert(certList[0], key, wincx);
+                for (j = 0; certList[j]; ++j) {
+                    sec_PKCS12SafeBag *cert = certList[j];
+                    cert->hasKey = PR_TRUE;
+                    if (key->problem) {
+                        cert->problem = PR_TRUE;
+                        cert->error = key->error;
+                        continue;
+                    }
+                    sec_pkcs12_validate_cert(cert, key, nicknameCb);
+                    if (cert->problem) {
+                        key->problem = cert->problem;
+                        key->error = cert->error;
+                    }
+                }
+            }
+        }
+    }
+
+    /* Now take a second pass over the safebags and mark for installation any
+     * certs that were neither installed nor disqualified by the first pass.
+     */
+    for (i = 0; safeBags[i]; ++i) {
+        sec_PKCS12SafeBag *bag = safeBags[i];
+
+        if (!bag->validated) {
+            SECOidTag bagType = SECOID_FindOIDTag(&bag->safeBagType);
+
+            switch (bagType) {
+                case SEC_OID_PKCS12_V1_CERT_BAG_ID:
+                    sec_pkcs12_validate_cert(bag, NULL, nicknameCb);
+                    break;
+                case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+                case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+                    bag->noInstall = PR_TRUE;
+                    bag->problem = PR_TRUE;
+                    bag->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
+                    break;
+                default:
+                    bag->noInstall = PR_TRUE;
+            }
+        }
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,
+                              SEC_PKCS12NicknameCollisionCallback nicknameCb)
+{
+    SECStatus rv;
+    int i, noInstallCnt, probCnt, bagCnt, errorVal = 0;
+    if (!p12dcx || p12dcx->error || !p12dcx->safeBags) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    rv = sec_pkcs12_validate_bags(p12dcx->safeBags, nicknameCb, p12dcx->wincx);
+    if (rv == SECSuccess) {
+        p12dcx->bagsVerified = PR_TRUE;
+    }
+
+    noInstallCnt = probCnt = bagCnt = 0;
+    i = 0;
+    while (p12dcx->safeBags[i]) {
+        bagCnt++;
+        if (p12dcx->safeBags[i]->noInstall)
+            noInstallCnt++;
+        if (p12dcx->safeBags[i]->problem) {
+            probCnt++;
+            errorVal = p12dcx->safeBags[i]->error;
+        }
+        i++;
+    }
+
+    /* formerly was erroneous code here that assumed that if all bags
+     * failed to import, then the problem was duplicated data;
+     * that is, it assume that the problem must be that the file had
+     * previously been successfully imported.  But importing a
+     * previously imported file causes NO ERRORS at all, and this
+     * false assumption caused real errors to be hidden behind false
+     * errors about duplicated data.
+     */
+
+    if (probCnt) {
+        PORT_SetError(errorVal);
+        return SECFailure;
+    }
+
+    return rv;
+}
+
+SECStatus
+SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx,
+                                     SEC_PKCS12NicknameRenameCallback nicknameCb,
+                                     void *arg)
+{
+    int i;
+    sec_PKCS12SafeBag *safeBag;
+    CERTCertificate *cert;
+    SECStatus srv;
+
+    if (!p12dcx || p12dcx->error || !p12dcx->safeBags || !nicknameCb) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) {
+        SECItem *newNickname = NULL;
+        SECItem *defaultNickname = NULL;
+        SECStatus rename_rv;
+
+        if (SECOID_FindOIDTag(&(safeBag->safeBagType)) !=
+            SEC_OID_PKCS12_V1_CERT_BAG_ID) {
+            continue;
+        }
+
+        cert = CERT_DecodeDERCertificate(
+            &safeBag->safeBagContent.certBag->value.x509Cert,
+            PR_FALSE, NULL);
+        if (!cert) {
+            return SECFailure;
+        }
+
+        defaultNickname = sec_pkcs12_get_nickname(safeBag);
+        rename_rv = (*nicknameCb)(cert, defaultNickname, &newNickname, arg);
+
+        CERT_DestroyCertificate(cert);
+
+        if (defaultNickname) {
+            SECITEM_ZfreeItem(defaultNickname, PR_TRUE);
+            defaultNickname = NULL;
+        }
+
+        if (rename_rv != SECSuccess) {
+            return rename_rv;
+        }
+
+        if (newNickname) {
+            srv = sec_pkcs12_set_nickname(safeBag, newNickname);
+            SECITEM_ZfreeItem(newNickname, PR_TRUE);
+            newNickname = NULL;
+            if (srv != SECSuccess) {
+                return SECFailure;
+            }
+        }
+    }
+
+    return SECSuccess;
+}
+
+static SECKEYPublicKey *
+sec_pkcs12_get_public_key_and_usage(sec_PKCS12SafeBag *certBag,
+                                    unsigned int *usage)
+{
+    SECKEYPublicKey *pubKey = NULL;
+    CERTCertificate *cert = NULL;
+
+    if (!certBag || !usage) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    *usage = 0;
+
+    cert = CERT_DecodeDERCertificate(
+        &certBag->safeBagContent.certBag->value.x509Cert, PR_FALSE, NULL);
+    if (!cert) {
+        return NULL;
+    }
+
+    *usage = cert->keyUsage;
+    pubKey = CERT_ExtractPublicKey(cert);
+    CERT_DestroyCertificate(cert);
+    return pubKey;
+}
+
+static SECItem *
+sec_pkcs12_get_public_value_and_type(SECKEYPublicKey *pubKey,
+                                     KeyType *type)
+{
+    SECItem *pubValue = NULL;
+
+    if (!type || !pubKey) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    *type = pubKey->keyType;
+    switch (pubKey->keyType) {
+        case dsaKey:
+            pubValue = &pubKey->u.dsa.publicValue;
+            break;
+        case dhKey:
+            pubValue = &pubKey->u.dh.publicValue;
+            break;
+        case rsaKey:
+            pubValue = &pubKey->u.rsa.modulus;
+            break;
+        case ecKey:
+            pubValue = &pubKey->u.ec.publicValue;
+            break;
+        default:
+            pubValue = NULL;
+    }
+
+    return pubValue;
+}
+
+/* This function takes two passes over the bags, installing them in the
+ * desired slot.  The two passes are intended to mirror exactly the
+ * two passes in sec_pkcs12_validate_bags.
+ */
+static SECStatus
+sec_pkcs12_install_bags(sec_PKCS12SafeBag **safeBags, void *wincx)
+{
+    sec_PKCS12SafeBag **keyList;
+    int i;
+    int failedKeys = 0;
+
+    if (!safeBags) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!safeBags[0]) {
+        return SECSuccess;
+    }
+
+    /* First pass.  Find all the key bags.
+     * Try to install them, and any certs associated with them.
+     */
+    keyList = sec_pkcs12_get_key_bags(safeBags);
+    if (keyList) {
+        for (i = 0; keyList[i]; i++) {
+            SECStatus rv;
+            SECKEYPublicKey *pubKey = NULL;
+            SECItem *nickName = NULL;
+            sec_PKCS12SafeBag *key = keyList[i];
+            sec_PKCS12SafeBag **certList;
+            unsigned int keyUsage;
+
+            if (key->problem) {
+                ++failedKeys;
+                continue;
+            }
+
+            certList = sec_pkcs12_find_certs_for_key(safeBags, key);
+            if (certList && certList[0]) {
+                pubKey = sec_pkcs12_get_public_key_and_usage(certList[0],
+                                                             &keyUsage);
+                /* use the cert's nickname, if it has one, else use the
+                 * key's nickname, else fail.
+                 */
+                nickName = sec_pkcs12_get_nickname_for_cert(certList[0], key);
+            } else {
+                nickName = sec_pkcs12_get_nickname(key);
+            }
+            if (!nickName) {
+                key->error = SEC_ERROR_BAD_NICKNAME;
+                key->problem = PR_TRUE;
+                rv = SECFailure;
+            } else if (!pubKey) {
+                key->error = SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY;
+                key->problem = PR_TRUE;
+                rv = SECFailure;
+            } else {
+                rv = sec_pkcs12_add_key(key, pubKey, keyUsage, nickName, wincx);
+            }
+            if (pubKey) {
+                SECKEY_DestroyPublicKey(pubKey);
+                pubKey = NULL;
+            }
+            if (nickName) {
+                SECITEM_FreeItem(nickName, PR_TRUE);
+                nickName = NULL;
+            }
+            if (rv != SECSuccess) {
+                PORT_SetError(key->error);
+                ++failedKeys;
+            }
+
+            if (certList) {
+                int j;
+
+                for (j = 0; certList[j]; j++) {
+                    sec_PKCS12SafeBag *cert = certList[j];
+                    SECStatus certRv;
+
+                    if (!cert)
+                        continue;
+                    if (rv != SECSuccess) {
+                        cert->problem = key->problem;
+                        cert->error = key->error;
+                        cert->noInstall = PR_TRUE;
+                        continue;
+                    }
+
+                    certRv = sec_pkcs12_add_cert(cert, cert->hasKey, wincx);
+                    if (certRv != SECSuccess) {
+                        key->problem = cert->problem;
+                        key->error = cert->error;
+                        PORT_SetError(cert->error);
+                        return SECFailure;
+                    }
+                }
+            }
+        }
+    }
+    if (failedKeys)
+        return SECFailure;
+
+    /* Now take a second pass over the safebags and install any certs
+     * that were neither installed nor disqualified by the first pass.
+     */
+    for (i = 0; safeBags[i]; i++) {
+        sec_PKCS12SafeBag *bag = safeBags[i];
+
+        if (!bag->installed && !bag->problem && !bag->noInstall) {
+            SECStatus rv;
+            SECOidTag bagType = SECOID_FindOIDTag(&(bag->safeBagType));
+
+            switch (bagType) {
+                case SEC_OID_PKCS12_V1_CERT_BAG_ID:
+                    rv = sec_pkcs12_add_cert(bag, bag->hasKey, wincx);
+                    if (rv != SECSuccess) {
+                        PORT_SetError(bag->error);
+                        return SECFailure;
+                    }
+                    break;
+                case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+                case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+                default:
+                    break;
+            }
+        }
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx)
+{
+    if (!p12dcx || p12dcx->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!p12dcx->bagsVerified) {
+        return SECFailure;
+    }
+
+    return sec_pkcs12_install_bags(p12dcx->safeBags, p12dcx->wincx);
+}
+
+PRBool
+sec_pkcs12_bagHasKey(SEC_PKCS12DecoderContext *p12dcx, sec_PKCS12SafeBag *bag)
+{
+    int i;
+    SECItem *keyId;
+    SECItem *certKeyId;
+
+    certKeyId = sec_pkcs12_get_attribute_value(bag, SEC_OID_PKCS9_LOCAL_KEY_ID);
+    if (certKeyId == NULL) {
+        return PR_FALSE;
+    }
+
+    for (i = 0; p12dcx->keyList && p12dcx->keyList[i]; i++) {
+        keyId = sec_pkcs12_get_attribute_value(p12dcx->keyList[i],
+                                               SEC_OID_PKCS9_LOCAL_KEY_ID);
+        if (!keyId) {
+            continue;
+        }
+        if (SECITEM_CompareItem(certKeyId, keyId) == SECEqual) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+SECItem *
+sec_pkcs12_get_friendlyName(sec_PKCS12SafeBag *bag)
+{
+    SECItem *friendlyName;
+    SECItem *tempnm;
+
+    tempnm = sec_pkcs12_get_attribute_value(bag, SEC_OID_PKCS9_FRIENDLY_NAME);
+    friendlyName = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (friendlyName) {
+        if (!sec_pkcs12_convert_item_to_unicode(NULL, friendlyName,
+                                                tempnm, PR_TRUE, PR_FALSE, PR_FALSE)) {
+            SECITEM_FreeItem(friendlyName, PR_TRUE);
+            friendlyName = NULL;
+        }
+    }
+    return friendlyName;
+}
+
+/* Following two functions provide access to selected portions of the safe bags.
+ * Iteration is implemented per decoder context and may be accessed after
+ * SEC_PKCS12DecoderVerify() returns success.
+ * When ...DecoderIterateNext() returns SUCCESS a decoder item has been returned
+ * where item.type is always set; item.friendlyName is set if it is non-null;
+ * item.der, item.hasKey are set only for SEC_OID_PKCS12_V1_CERT_BAG_ID items.
+ * ...DecoderIterateNext() returns FAILURE when the list is exhausted or when
+ * arguments are invalid; PORT_GetError() is 0 at end-of-list.
+ * Caller has read-only access to decoder items. Any SECItems generated are
+ * owned by the decoder context and are freed by ...DecoderFinish().
+ */
+SECStatus
+SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx)
+{
+    if (!p12dcx || p12dcx->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    p12dcx->iteration = 0;
+    return SECSuccess;
+}
+
+SECStatus
+SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx,
+                             const SEC_PKCS12DecoderItem **ipp)
+{
+    sec_PKCS12SafeBag *bag;
+
+    if (!p12dcx || p12dcx->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (p12dcx->decitem.type != 0 && p12dcx->decitem.der != NULL) {
+        SECITEM_FreeItem(p12dcx->decitem.der, PR_TRUE);
+    }
+    if (p12dcx->decitem.shroudAlg != NULL) {
+        SECOID_DestroyAlgorithmID(p12dcx->decitem.shroudAlg, PR_TRUE);
+    }
+    if (p12dcx->decitem.friendlyName != NULL) {
+        SECITEM_FreeItem(p12dcx->decitem.friendlyName, PR_TRUE);
+    }
+    p12dcx->decitem.type = 0;
+    p12dcx->decitem.der = NULL;
+    p12dcx->decitem.shroudAlg = NULL;
+    p12dcx->decitem.friendlyName = NULL;
+    p12dcx->decitem.hasKey = PR_FALSE;
+    *ipp = NULL;
+    if (p12dcx->keyList == NULL) {
+        p12dcx->keyList = sec_pkcs12_get_key_bags(p12dcx->safeBags);
+    }
+
+    for (; p12dcx->iteration < p12dcx->safeBagCount; p12dcx->iteration++) {
+        bag = p12dcx->safeBags[p12dcx->iteration];
+        if (bag == NULL || bag->problem) {
+            continue;
+        }
+        p12dcx->decitem.type = SECOID_FindOIDTag(&(bag->safeBagType));
+        switch (p12dcx->decitem.type) {
+            case SEC_OID_PKCS12_V1_CERT_BAG_ID:
+                p12dcx->decitem.der = sec_pkcs12_get_der_cert(bag);
+                p12dcx->decitem.friendlyName = sec_pkcs12_get_friendlyName(bag);
+                p12dcx->decitem.hasKey = sec_pkcs12_bagHasKey(p12dcx, bag);
+                break;
+            case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+                p12dcx->decitem.shroudAlg = PORT_ZNew(SECAlgorithmID);
+                if (p12dcx->decitem.shroudAlg) {
+                    SECOID_CopyAlgorithmID(NULL, p12dcx->decitem.shroudAlg,
+                                           &bag->safeBagContent.pkcs8ShroudedKeyBag->algorithm);
+                }
+            /* fall through */
+            case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+                p12dcx->decitem.friendlyName = sec_pkcs12_get_friendlyName(bag);
+                break;
+            default:
+                /* return these even though we don't expect them */
+                break;
+            case SEC_OID_UNKNOWN:
+                /* ignore these */
+                continue;
+        }
+        *ipp = &p12dcx->decitem;
+        p12dcx->iteration++;
+        break; /* end for() */
+    }
+
+    PORT_SetError(0); /* end-of-list is SECFailure with no PORT error */
+    return ((p12dcx->decitem.type == 0) ? SECFailure : SECSuccess);
+}
+
+static SECStatus
+sec_pkcs12_decoder_append_bag_to_context(SEC_PKCS12DecoderContext *p12dcx,
+                                         sec_PKCS12SafeBag *bag)
+{
+    if (!p12dcx || p12dcx->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    p12dcx->safeBags = !p12dcx->safeBagCount
+                           ? PORT_ArenaZNewArray(p12dcx->arena, sec_PKCS12SafeBag *, 2)
+                           : PORT_ArenaGrowArray(p12dcx->arena, p12dcx->safeBags,
+                                                 sec_PKCS12SafeBag *, p12dcx->safeBagCount + 1,
+                                                 p12dcx->safeBagCount + 2);
+
+    if (!p12dcx->safeBags) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    p12dcx->safeBags[p12dcx->safeBagCount] = bag;
+    p12dcx->safeBags[p12dcx->safeBagCount + 1] = NULL;
+    p12dcx->safeBagCount++;
+
+    return SECSuccess;
+}
+
+static sec_PKCS12SafeBag *
+sec_pkcs12_decoder_convert_old_key(SEC_PKCS12DecoderContext *p12dcx,
+                                   void *key, PRBool isEspvk)
+{
+    sec_PKCS12SafeBag *keyBag;
+    SECOidData *oid;
+    SECOidTag keyTag;
+    SECItem *keyID, *nickName, *newNickName;
+
+    if (!p12dcx || p12dcx->error || !key) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    newNickName = PORT_ArenaZNew(p12dcx->arena, SECItem);
+    keyBag = PORT_ArenaZNew(p12dcx->arena, sec_PKCS12SafeBag);
+    if (!keyBag || !newNickName) {
+        return NULL;
+    }
+
+    keyBag->swapUnicodeBytes = p12dcx->swapUnicodeBytes;
+    keyBag->slot = p12dcx->slot;
+    keyBag->arena = p12dcx->arena;
+    keyBag->pwitem = p12dcx->pwitem;
+    keyBag->tokenCAs = p12dcx->tokenCAs;
+    keyBag->oldBagType = PR_TRUE;
+
+    keyTag = (isEspvk) ? SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID : SEC_OID_PKCS12_V1_KEY_BAG_ID;
+    oid = SECOID_FindOIDByTag(keyTag);
+    if (!oid) {
+        return NULL;
+    }
+
+    if (SECITEM_CopyItem(p12dcx->arena, &keyBag->safeBagType, &oid->oid) != SECSuccess) {
+        return NULL;
+    }
+
+    if (isEspvk) {
+        SEC_PKCS12ESPVKItem *espvk = (SEC_PKCS12ESPVKItem *)key;
+        keyBag->safeBagContent.pkcs8ShroudedKeyBag =
+            espvk->espvkCipherText.pkcs8KeyShroud;
+        nickName = &(espvk->espvkData.uniNickName);
+        if (!espvk->espvkData.assocCerts || !espvk->espvkData.assocCerts[0]) {
+            PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
+            return NULL;
+        }
+        keyID = &espvk->espvkData.assocCerts[0]->digest;
+    } else {
+        SEC_PKCS12PrivateKey *pk = (SEC_PKCS12PrivateKey *)key;
+        keyBag->safeBagContent.pkcs8KeyBag = &pk->pkcs8data;
+        nickName = &(pk->pvkData.uniNickName);
+        if (!pk->pvkData.assocCerts || !pk->pvkData.assocCerts[0]) {
+            PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
+            return NULL;
+        }
+        keyID = &pk->pvkData.assocCerts[0]->digest;
+    }
+
+    if (nickName->len) {
+        if (nickName->len >= 2) {
+            if (nickName->data[0] && nickName->data[1]) {
+                if (!sec_pkcs12_convert_item_to_unicode(p12dcx->arena, newNickName,
+                                                        nickName, PR_FALSE, PR_FALSE, PR_TRUE)) {
+                    return NULL;
+                }
+                nickName = newNickName;
+            } else if (nickName->data[0] && !nickName->data[1]) {
+                unsigned int j = 0;
+                unsigned char t;
+                for (j = 0; j < nickName->len; j += 2) {
+                    t = nickName->data[j + 1];
+                    nickName->data[j + 1] = nickName->data[j];
+                    nickName->data[j] = t;
+                }
+            }
+        } else {
+            if (!sec_pkcs12_convert_item_to_unicode(p12dcx->arena, newNickName,
+                                                    nickName, PR_FALSE, PR_FALSE, PR_TRUE)) {
+                return NULL;
+            }
+            nickName = newNickName;
+        }
+    }
+
+    if (sec_pkcs12_decoder_set_attribute_value(keyBag,
+                                               SEC_OID_PKCS9_FRIENDLY_NAME,
+                                               nickName) != SECSuccess) {
+        return NULL;
+    }
+
+    if (sec_pkcs12_decoder_set_attribute_value(keyBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
+                                               keyID) != SECSuccess) {
+        return NULL;
+    }
+
+    return keyBag;
+}
+
+static sec_PKCS12SafeBag *
+sec_pkcs12_decoder_create_cert(SEC_PKCS12DecoderContext *p12dcx,
+                               SECItem *derCert)
+{
+    sec_PKCS12SafeBag *certBag;
+    SECOidData *oid;
+    SGNDigestInfo *digest;
+    SECItem *keyId;
+    SECStatus rv;
+
+    if (!p12dcx || p12dcx->error || !derCert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    keyId = PORT_ArenaZNew(p12dcx->arena, SECItem);
+    if (!keyId) {
+        return NULL;
+    }
+
+    digest = sec_pkcs12_compute_thumbprint(derCert);
+    if (!digest) {
+        return NULL;
+    }
+
+    rv = SECITEM_CopyItem(p12dcx->arena, keyId, &digest->digest);
+    SGN_DestroyDigestInfo(digest);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    oid = SECOID_FindOIDByTag(SEC_OID_PKCS12_V1_CERT_BAG_ID);
+    certBag = PORT_ArenaZNew(p12dcx->arena, sec_PKCS12SafeBag);
+    if (!certBag || !oid || (SECITEM_CopyItem(p12dcx->arena,
+                                              &certBag->safeBagType, &oid->oid) != SECSuccess)) {
+        return NULL;
+    }
+
+    certBag->slot = p12dcx->slot;
+    certBag->pwitem = p12dcx->pwitem;
+    certBag->swapUnicodeBytes = p12dcx->swapUnicodeBytes;
+    certBag->arena = p12dcx->arena;
+    certBag->tokenCAs = p12dcx->tokenCAs;
+
+    oid = SECOID_FindOIDByTag(SEC_OID_PKCS9_X509_CERT);
+    certBag->safeBagContent.certBag =
+        PORT_ArenaZNew(p12dcx->arena, sec_PKCS12CertBag);
+    if (!certBag->safeBagContent.certBag || !oid ||
+        (SECITEM_CopyItem(p12dcx->arena,
+                          &certBag->safeBagContent.certBag->bagID,
+                          &oid->oid) != SECSuccess)) {
+        return NULL;
+    }
+
+    if (SECITEM_CopyItem(p12dcx->arena,
+                         &(certBag->safeBagContent.certBag->value.x509Cert),
+                         derCert) != SECSuccess) {
+        return NULL;
+    }
+
+    if (sec_pkcs12_decoder_set_attribute_value(certBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
+                                               keyId) != SECSuccess) {
+        return NULL;
+    }
+
+    return certBag;
+}
+
+static sec_PKCS12SafeBag **
+sec_pkcs12_decoder_convert_old_cert(SEC_PKCS12DecoderContext *p12dcx,
+                                    SEC_PKCS12CertAndCRL *oldCert)
+{
+    sec_PKCS12SafeBag **certList;
+    SECItem **derCertList;
+    int i, j;
+
+    if (!p12dcx || p12dcx->error || !oldCert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    derCertList = SEC_PKCS7GetCertificateList(&oldCert->value.x509->certOrCRL);
+    if (!derCertList) {
+        return NULL;
+    }
+
+    i = 0;
+    while (derCertList[i])
+        i++;
+
+    certList = PORT_ArenaZNewArray(p12dcx->arena, sec_PKCS12SafeBag *, (i + 1));
+    if (!certList) {
+        return NULL;
+    }
+
+    for (j = 0; j < i; j++) {
+        certList[j] = sec_pkcs12_decoder_create_cert(p12dcx, derCertList[j]);
+        if (!certList[j]) {
+            return NULL;
+        }
+    }
+
+    return certList;
+}
+
+static SECStatus
+sec_pkcs12_decoder_convert_old_key_and_certs(SEC_PKCS12DecoderContext *p12dcx,
+                                             void *oldKey, PRBool isEspvk,
+                                             SEC_PKCS12SafeContents *safe,
+                                             SEC_PKCS12Baggage *baggage)
+{
+    sec_PKCS12SafeBag *key, **certList;
+    SEC_PKCS12CertAndCRL *oldCert;
+    SEC_PKCS12PVKSupportingData *pvkData;
+    int i;
+    SECItem *keyName;
+
+    if (!p12dcx || !oldKey) {
+        return SECFailure;
+    }
+
+    if (isEspvk) {
+        pvkData = &((SEC_PKCS12ESPVKItem *)(oldKey))->espvkData;
+    } else {
+        pvkData = &((SEC_PKCS12PrivateKey *)(oldKey))->pvkData;
+    }
+
+    if (!pvkData->assocCerts || !pvkData->assocCerts[0]) {
+        PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
+        return SECFailure;
+    }
+
+    oldCert = (SEC_PKCS12CertAndCRL *)sec_pkcs12_find_object(safe, baggage,
+                                                             SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID, NULL,
+                                                             pvkData->assocCerts[0]);
+    if (!oldCert) {
+        PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
+        return SECFailure;
+    }
+
+    key = sec_pkcs12_decoder_convert_old_key(p12dcx, oldKey, isEspvk);
+    certList = sec_pkcs12_decoder_convert_old_cert(p12dcx, oldCert);
+    if (!key || !certList) {
+        return SECFailure;
+    }
+
+    if (sec_pkcs12_decoder_append_bag_to_context(p12dcx, key) != SECSuccess) {
+        return SECFailure;
+    }
+
+    keyName = sec_pkcs12_get_nickname(key);
+    if (!keyName) {
+        return SECFailure;
+    }
+
+    i = 0;
+    while (certList[i]) {
+        if (sec_pkcs12_decoder_append_bag_to_context(p12dcx, certList[i]) != SECSuccess) {
+            return SECFailure;
+        }
+        i++;
+    }
+
+    certList = sec_pkcs12_find_certs_for_key(p12dcx->safeBags, key);
+    if (!certList) {
+        return SECFailure;
+    }
+
+    i = 0;
+    while (certList[i] != 0) {
+        if (sec_pkcs12_set_nickname(certList[i], keyName) != SECSuccess) {
+            return SECFailure;
+        }
+        i++;
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+sec_pkcs12_decoder_convert_old_safe_to_bags(SEC_PKCS12DecoderContext *p12dcx,
+                                            SEC_PKCS12SafeContents *safe,
+                                            SEC_PKCS12Baggage *baggage)
+{
+    SECStatus rv;
+
+    if (!p12dcx || p12dcx->error) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (safe && safe->contents) {
+        int i = 0;
+        while (safe->contents[i] != NULL) {
+            if (SECOID_FindOIDTag(&safe->contents[i]->safeBagType) == SEC_OID_PKCS12_KEY_BAG_ID) {
+                int j = 0;
+                SEC_PKCS12PrivateKeyBag *privBag =
+                    safe->contents[i]->safeContent.keyBag;
+
+                while (privBag->privateKeys[j] != NULL) {
+                    SEC_PKCS12PrivateKey *pk = privBag->privateKeys[j];
+                    rv = sec_pkcs12_decoder_convert_old_key_and_certs(p12dcx, pk,
+                                                                      PR_FALSE, safe, baggage);
+                    if (rv != SECSuccess) {
+                        goto loser;
+                    }
+                    j++;
+                }
+            }
+            i++;
+        }
+    }
+
+    if (baggage && baggage->bags) {
+        int i = 0;
+        while (baggage->bags[i] != NULL) {
+            SEC_PKCS12BaggageItem *bag = baggage->bags[i];
+            int j = 0;
+
+            if (!bag->espvks) {
+                i++;
+                continue;
+            }
+
+            while (bag->espvks[j] != NULL) {
+                SEC_PKCS12ESPVKItem *espvk = bag->espvks[j];
+                rv = sec_pkcs12_decoder_convert_old_key_and_certs(p12dcx, espvk,
+                                                                  PR_TRUE, safe, baggage);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+                j++;
+            }
+            i++;
+        }
+    }
+
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+
+SEC_PKCS12DecoderContext *
+sec_PKCS12ConvertOldSafeToNew(PLArenaPool *arena, PK11SlotInfo *slot,
+                              PRBool swapUnicode, SECItem *pwitem,
+                              void *wincx, SEC_PKCS12SafeContents *safe,
+                              SEC_PKCS12Baggage *baggage)
+{
+    SEC_PKCS12DecoderContext *p12dcx;
+
+    if (!arena || !slot || !pwitem) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (!safe && !baggage) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    p12dcx = PORT_ArenaZNew(arena, SEC_PKCS12DecoderContext);
+    if (!p12dcx) {
+        return NULL;
+    }
+
+    p12dcx->arena = arena;
+    p12dcx->slot = PK11_ReferenceSlot(slot);
+    p12dcx->wincx = wincx;
+    p12dcx->error = PR_FALSE;
+    p12dcx->swapUnicodeBytes = swapUnicode;
+    p12dcx->pwitem = pwitem;
+    p12dcx->tokenCAs = SECPKCS12TargetTokenNoCAs;
+
+    if (sec_pkcs12_decoder_convert_old_safe_to_bags(p12dcx, safe, baggage) != SECSuccess) {
+        p12dcx->error = PR_TRUE;
+        return NULL;
+    }
+
+    return p12dcx;
+}
diff --git a/nss/lib/pkcs12/p12dec.c b/nss/lib/pkcs12/p12dec.c
new file mode 100644
index 0000000..5a94392
--- /dev/null
+++ b/nss/lib/pkcs12/p12dec.c
@@ -0,0 +1,670 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs12.h"
+#include "plarena.h"
+#include "secpkcs7.h"
+#include "p12local.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secport.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secerr.h"
+#include "cert.h"
+#include "certdb.h"
+#include "p12plcy.h"
+#include "p12.h"
+#include "secpkcs5.h"
+
+/* PFX extraction and validation routines */
+
+/* decode the DER encoded PFX item.  if unable to decode, check to see if it
+ * is an older PFX item.  If that fails, assume the file was not a valid
+ * pfx file.
+ * the returned pfx structure should be destroyed using SEC_PKCS12DestroyPFX
+ */
+static SEC_PKCS12PFXItem *
+sec_pkcs12_decode_pfx(SECItem *der_pfx)
+{
+    SEC_PKCS12PFXItem *pfx;
+    SECStatus rv;
+
+    if (der_pfx == NULL) {
+        return NULL;
+    }
+
+    /* allocate the space for a new PFX item */
+    pfx = sec_pkcs12_new_pfx();
+    if (pfx == NULL) {
+        return NULL;
+    }
+
+    rv = SEC_ASN1DecodeItem(pfx->poolp, pfx, SEC_PKCS12PFXItemTemplate,
+                            der_pfx);
+
+    /* if a failure occurred, check for older version...
+     * we also get rid of the old pfx structure, because we don't
+     * know where it failed and what data in may contain
+     */
+    if (rv != SECSuccess) {
+        SEC_PKCS12DestroyPFX(pfx);
+        pfx = sec_pkcs12_new_pfx();
+        if (pfx == NULL) {
+            return NULL;
+        }
+        rv = SEC_ASN1DecodeItem(pfx->poolp, pfx, SEC_PKCS12PFXItemTemplate_OLD,
+                                der_pfx);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_PKCS12_DECODING_PFX);
+            PORT_FreeArena(pfx->poolp, PR_TRUE);
+            return NULL;
+        }
+        pfx->old = PR_TRUE;
+        rv = SGN_CopyDigestInfo(pfx->poolp, &pfx->macData.safeMac, &pfx->old_safeMac);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            PORT_FreeArena(pfx->poolp, PR_TRUE);
+            return NULL;
+        }
+        rv = SECITEM_CopyItem(pfx->poolp, &pfx->macData.macSalt, &pfx->old_macSalt);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            PORT_FreeArena(pfx->poolp, PR_TRUE);
+            return NULL;
+        }
+    } else {
+        pfx->old = PR_FALSE;
+    }
+
+    /* convert bit string from bits to bytes */
+    pfx->macData.macSalt.len /= 8;
+
+    return pfx;
+}
+
+/* validate the integrity MAC used in the PFX.  The MAC is generated
+ * per the PKCS 12 document.  If the MAC is incorrect, it is most likely
+ * due to an invalid password.
+ * pwitem is the integrity password
+ * pfx is the decoded pfx item
+ */
+static PRBool
+sec_pkcs12_check_pfx_mac(SEC_PKCS12PFXItem *pfx,
+                         SECItem *pwitem)
+{
+    SECItem *key = NULL, *mac = NULL, *data = NULL;
+    SECItem *vpwd = NULL;
+    SECOidTag algorithm;
+    PRBool ret = PR_FALSE;
+
+    if (pfx == NULL) {
+        return PR_FALSE;
+    }
+
+    algorithm = SECOID_GetAlgorithmTag(&pfx->macData.safeMac.digestAlgorithm);
+    switch (algorithm) {
+        /* only SHA1 hashing supported as a MACing algorithm */
+        case SEC_OID_SHA1:
+            if (pfx->old == PR_FALSE) {
+                pfx->swapUnicode = PR_FALSE;
+            }
+
+        recheckUnicodePassword:
+            vpwd = sec_pkcs12_create_virtual_password(pwitem,
+                                                      &pfx->macData.macSalt,
+                                                      pfx->swapUnicode);
+            if (vpwd == NULL) {
+                return PR_FALSE;
+            }
+
+            key = sec_pkcs12_generate_key_from_password(algorithm,
+                                                        &pfx->macData.macSalt,
+                                                        (pfx->old ? pwitem : vpwd));
+            /* free vpwd only for newer PFX */
+            if (vpwd) {
+                SECITEM_ZfreeItem(vpwd, PR_TRUE);
+            }
+            if (key == NULL) {
+                return PR_FALSE;
+            }
+
+            data = SEC_PKCS7GetContent(&pfx->authSafe);
+            if (data == NULL) {
+                break;
+            }
+
+            /* check MAC */
+            mac = sec_pkcs12_generate_mac(key, data, pfx->old);
+            ret = PR_TRUE;
+            if (mac) {
+                SECItem *safeMac = &pfx->macData.safeMac.digest;
+                if (SECITEM_CompareItem(mac, safeMac) != SECEqual) {
+
+                    /* if we encounter an invalid mac, lets invert the
+                     * password in case of unicode changes
+                     */
+                    if (((!pfx->old) && pfx->swapUnicode) || (pfx->old)) {
+                        PORT_SetError(SEC_ERROR_PKCS12_INVALID_MAC);
+                        ret = PR_FALSE;
+                    } else {
+                        SECITEM_ZfreeItem(mac, PR_TRUE);
+                        pfx->swapUnicode = PR_TRUE;
+                        goto recheckUnicodePassword;
+                    }
+                }
+                SECITEM_ZfreeItem(mac, PR_TRUE);
+            } else {
+                ret = PR_FALSE;
+            }
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM);
+            ret = PR_FALSE;
+            break;
+    }
+
+    /* let success fall through */
+    if (key != NULL)
+        SECITEM_ZfreeItem(key, PR_TRUE);
+
+    return ret;
+}
+
+/* check the validity of the pfx structure.  we currently only support
+ * password integrity mode, so we check the MAC.
+ */
+static PRBool
+sec_pkcs12_validate_pfx(SEC_PKCS12PFXItem *pfx,
+                        SECItem *pwitem)
+{
+    SECOidTag contentType;
+
+    contentType = SEC_PKCS7ContentType(&pfx->authSafe);
+    switch (contentType) {
+        case SEC_OID_PKCS7_DATA:
+            return sec_pkcs12_check_pfx_mac(pfx, pwitem);
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+        default:
+            PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE);
+            break;
+    }
+
+    return PR_FALSE;
+}
+
+/* decode and return the valid PFX.  if the PFX item is not valid,
+ * NULL is returned.
+ */
+static SEC_PKCS12PFXItem *
+sec_pkcs12_get_pfx(SECItem *pfx_data,
+                   SECItem *pwitem)
+{
+    SEC_PKCS12PFXItem *pfx;
+    PRBool valid_pfx;
+
+    if ((pfx_data == NULL) || (pwitem == NULL)) {
+        return NULL;
+    }
+
+    pfx = sec_pkcs12_decode_pfx(pfx_data);
+    if (pfx == NULL) {
+        return NULL;
+    }
+
+    valid_pfx = sec_pkcs12_validate_pfx(pfx, pwitem);
+    if (valid_pfx != PR_TRUE) {
+        SEC_PKCS12DestroyPFX(pfx);
+        pfx = NULL;
+    }
+
+    return pfx;
+}
+
+/* authenticated safe decoding, validation, and access routines
+ */
+
+/* convert dogbert beta 3 authenticated safe structure to a post
+ * beta three structure, so that we don't have to change more routines.
+ */
+static SECStatus
+sec_pkcs12_convert_old_auth_safe(SEC_PKCS12AuthenticatedSafe *asafe)
+{
+    SEC_PKCS12Baggage *baggage;
+    SEC_PKCS12BaggageItem *bag;
+    SECStatus rv = SECSuccess;
+
+    if (asafe->old_baggage.espvks == NULL) {
+        /* XXX should the ASN1 engine produce a single NULL element list
+         * rather than setting the pointer to NULL?
+         * There is no need to return an error -- assume that the list
+         * was empty.
+         */
+        return SECSuccess;
+    }
+
+    baggage = sec_pkcs12_create_baggage(asafe->poolp);
+    if (!baggage) {
+        return SECFailure;
+    }
+    bag = sec_pkcs12_create_external_bag(baggage);
+    if (!bag) {
+        return SECFailure;
+    }
+
+    PORT_Memcpy(&asafe->baggage, baggage, sizeof(SEC_PKCS12Baggage));
+
+    /* if there are shrouded keys, append them to the bag */
+    rv = SECSuccess;
+    if (asafe->old_baggage.espvks[0] != NULL) {
+        int nEspvk = 0;
+        rv = SECSuccess;
+        while ((asafe->old_baggage.espvks[nEspvk] != NULL) &&
+               (rv == SECSuccess)) {
+            rv = sec_pkcs12_append_shrouded_key(bag,
+                                                asafe->old_baggage.espvks[nEspvk]);
+            nEspvk++;
+        }
+    }
+
+    return rv;
+}
+
+/* decodes the authenticated safe item.  a return of NULL indicates
+ * an error.  however, the error will have occurred either in memory
+ * allocation or in decoding the authenticated safe.
+ *
+ * if an old PFX item has been found, we want to convert the
+ * old authenticated safe to the new one.
+ */
+static SEC_PKCS12AuthenticatedSafe *
+sec_pkcs12_decode_authenticated_safe(SEC_PKCS12PFXItem *pfx)
+{
+    SECItem *der_asafe = NULL;
+    SEC_PKCS12AuthenticatedSafe *asafe = NULL;
+    SECStatus rv;
+
+    if (pfx == NULL) {
+        return NULL;
+    }
+
+    der_asafe = SEC_PKCS7GetContent(&pfx->authSafe);
+    if (der_asafe == NULL) {
+        /* XXX set error ? */
+        goto loser;
+    }
+
+    asafe = sec_pkcs12_new_asafe(pfx->poolp);
+    if (asafe == NULL) {
+        goto loser;
+    }
+
+    if (pfx->old == PR_FALSE) {
+        rv = SEC_ASN1DecodeItem(pfx->poolp, asafe,
+                                SEC_PKCS12AuthenticatedSafeTemplate,
+                                der_asafe);
+        asafe->old = PR_FALSE;
+        asafe->swapUnicode = pfx->swapUnicode;
+    } else {
+        /* handle beta exported files */
+        rv = SEC_ASN1DecodeItem(pfx->poolp, asafe,
+                                SEC_PKCS12AuthenticatedSafeTemplate_OLD,
+                                der_asafe);
+        asafe->safe = &(asafe->old_safe);
+        rv = sec_pkcs12_convert_old_auth_safe(asafe);
+        asafe->old = PR_TRUE;
+    }
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    asafe->poolp = pfx->poolp;
+
+    return asafe;
+
+loser:
+    return NULL;
+}
+
+/* validates the safe within the authenticated safe item.
+ * in order to be valid:
+ *  1.  the privacy salt must be present
+ *  2.  the encryption algorithm must be supported (including
+ *      export policy)
+ * PR_FALSE indicates an error, PR_TRUE indicates a valid safe
+ */
+static PRBool
+sec_pkcs12_validate_encrypted_safe(SEC_PKCS12AuthenticatedSafe *asafe)
+{
+    PRBool valid = PR_FALSE;
+    SECAlgorithmID *algid;
+
+    if (asafe == NULL) {
+        return PR_FALSE;
+    }
+
+    /* if mode is password privacy, then privacySalt is assumed
+     * to be non-zero.
+     */
+    if (asafe->privacySalt.len != 0) {
+        valid = PR_TRUE;
+        asafe->privacySalt.len /= 8;
+    } else {
+        PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
+        return PR_FALSE;
+    }
+
+    /* until spec changes, content will have between 2 and 8 bytes depending
+     * upon the algorithm used if certs are unencrypted...
+     * also want to support case where content is empty -- which we produce
+     */
+    if (SEC_PKCS7IsContentEmpty(asafe->safe, 8) == PR_TRUE) {
+        asafe->emptySafe = PR_TRUE;
+        return PR_TRUE;
+    }
+
+    asafe->emptySafe = PR_FALSE;
+
+    /* make sure that a pbe algorithm is being used */
+    algid = SEC_PKCS7GetEncryptionAlgorithm(asafe->safe);
+    if (algid != NULL) {
+        if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
+            valid = SEC_PKCS12DecryptionAllowed(algid);
+
+            if (valid == PR_FALSE) {
+                PORT_SetError(SEC_ERROR_BAD_EXPORT_ALGORITHM);
+            }
+        } else {
+            PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM);
+            valid = PR_FALSE;
+        }
+    } else {
+        valid = PR_FALSE;
+        PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM);
+    }
+
+    return valid;
+}
+
+/* validates authenticates safe:
+ *  1.  checks that the version is supported
+ *  2.  checks that only password privacy mode is used (currently)
+ *  3.  further, makes sure safe has appropriate policies per above function
+ * PR_FALSE indicates failure.
+ */
+static PRBool
+sec_pkcs12_validate_auth_safe(SEC_PKCS12AuthenticatedSafe *asafe)
+{
+    PRBool valid = PR_TRUE;
+    SECOidTag safe_type;
+    int version;
+
+    if (asafe == NULL) {
+        return PR_FALSE;
+    }
+
+    /* check version, since it is default it may not be present.
+     * therefore, assume ok
+     */
+    if ((asafe->version.len > 0) && (asafe->old == PR_FALSE)) {
+        version = DER_GetInteger(&asafe->version);
+        if (version > SEC_PKCS12_PFX_VERSION) {
+            PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION);
+            return PR_FALSE;
+        }
+    }
+
+    /* validate password mode is being used */
+    safe_type = SEC_PKCS7ContentType(asafe->safe);
+    switch (safe_type) {
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            valid = sec_pkcs12_validate_encrypted_safe(asafe);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        default:
+            PORT_SetError(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE);
+            valid = PR_FALSE;
+            break;
+    }
+
+    return valid;
+}
+
+/* retrieves the authenticated safe item from the PFX item
+ *  before returning the authenticated safe, the validity of the
+ *  authenticated safe is checked and if valid, returned.
+ * a return of NULL indicates that an error occurred.
+ */
+static SEC_PKCS12AuthenticatedSafe *
+sec_pkcs12_get_auth_safe(SEC_PKCS12PFXItem *pfx)
+{
+    SEC_PKCS12AuthenticatedSafe *asafe;
+    PRBool valid_safe;
+
+    if (pfx == NULL) {
+        return NULL;
+    }
+
+    asafe = sec_pkcs12_decode_authenticated_safe(pfx);
+    if (asafe == NULL) {
+        return NULL;
+    }
+
+    valid_safe = sec_pkcs12_validate_auth_safe(asafe);
+    if (valid_safe != PR_TRUE) {
+        asafe = NULL;
+    } else if (asafe) {
+        asafe->baggage.poolp = asafe->poolp;
+    }
+
+    return asafe;
+}
+
+/* decrypts the authenticated safe.
+ * a return of anything but SECSuccess indicates an error.  the
+ * password is not known to be valid until the call to the
+ * function sec_pkcs12_get_safe_contents.  If decoding the safe
+ * fails, it is assumed the password was incorrect and the error
+ * is set then.  any failure here is assumed to be due to
+ * internal problems in SEC_PKCS7DecryptContents or below.
+ */
+static SECStatus
+sec_pkcs12_decrypt_auth_safe(SEC_PKCS12AuthenticatedSafe *asafe,
+                             SECItem *pwitem,
+                             void *wincx)
+{
+    SECStatus rv = SECFailure;
+    SECItem *vpwd = NULL;
+
+    if ((asafe == NULL) || (pwitem == NULL)) {
+        return SECFailure;
+    }
+
+    if (asafe->old == PR_FALSE) {
+        vpwd = sec_pkcs12_create_virtual_password(pwitem, &asafe->privacySalt,
+                                                  asafe->swapUnicode);
+        if (vpwd == NULL) {
+            return SECFailure;
+        }
+    }
+
+    rv = SEC_PKCS7DecryptContents(asafe->poolp, asafe->safe,
+                                  (asafe->old ? pwitem : vpwd), wincx);
+
+    if (asafe->old == PR_FALSE) {
+        SECITEM_ZfreeItem(vpwd, PR_TRUE);
+    }
+
+    return rv;
+}
+
+/* extract the safe from the authenticated safe.
+ *  if we are unable to decode the safe, then it is likely that the
+ *  safe has not been decrypted or the password used to decrypt
+ *  the safe was invalid.  we assume that the password was invalid and
+ *  set an error accordingly.
+ * a return of NULL indicates that an error occurred.
+ */
+static SEC_PKCS12SafeContents *
+sec_pkcs12_get_safe_contents(SEC_PKCS12AuthenticatedSafe *asafe)
+{
+    SECItem *src = NULL;
+    SEC_PKCS12SafeContents *safe = NULL;
+    SECStatus rv = SECFailure;
+
+    if (asafe == NULL) {
+        return NULL;
+    }
+
+    safe = (SEC_PKCS12SafeContents *)PORT_ArenaZAlloc(asafe->poolp,
+                                                      sizeof(SEC_PKCS12SafeContents));
+    if (safe == NULL) {
+        return NULL;
+    }
+    safe->poolp = asafe->poolp;
+    safe->old = asafe->old;
+    safe->swapUnicode = asafe->swapUnicode;
+
+    src = SEC_PKCS7GetContent(asafe->safe);
+    if (src != NULL) {
+        const SEC_ASN1Template *theTemplate;
+        if (asafe->old != PR_TRUE) {
+            theTemplate = SEC_PKCS12SafeContentsTemplate;
+        } else {
+            theTemplate = SEC_PKCS12SafeContentsTemplate_OLD;
+        }
+
+        rv = SEC_ASN1DecodeItem(asafe->poolp, safe, theTemplate, src);
+
+        /* if we could not decode the item, password was probably invalid */
+        if (rv != SECSuccess) {
+            safe = NULL;
+            PORT_SetError(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT);
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE);
+        rv = SECFailure;
+    }
+
+    return safe;
+}
+
+/* import PFX item
+ * der_pfx is the der encoded pfx structure
+ * pbef and pbearg are the integrity/encryption password call back
+ * ncCall is the nickname collision calllback
+ * slot is the destination token
+ * wincx window handler
+ *
+ * on error, error code set and SECFailure returned
+ */
+SECStatus
+SEC_PKCS12PutPFX(SECItem *der_pfx, SECItem *pwitem,
+                 SEC_PKCS12NicknameCollisionCallback ncCall,
+                 PK11SlotInfo *slot,
+                 void *wincx)
+{
+    SEC_PKCS12PFXItem *pfx;
+    SEC_PKCS12AuthenticatedSafe *asafe;
+    SEC_PKCS12SafeContents *safe_contents = NULL;
+    SECStatus rv;
+
+    if (!der_pfx || !pwitem || !slot) {
+        return SECFailure;
+    }
+
+    /* decode and validate each section */
+    rv = SECFailure;
+
+    pfx = sec_pkcs12_get_pfx(der_pfx, pwitem);
+    if (pfx != NULL) {
+        asafe = sec_pkcs12_get_auth_safe(pfx);
+        if (asafe != NULL) {
+
+            /* decrypt safe -- only if not empty */
+            if (asafe->emptySafe != PR_TRUE) {
+                rv = sec_pkcs12_decrypt_auth_safe(asafe, pwitem, wincx);
+                if (rv == SECSuccess) {
+                    safe_contents = sec_pkcs12_get_safe_contents(asafe);
+                    if (safe_contents == NULL) {
+                        rv = SECFailure;
+                    }
+                }
+            } else {
+                safe_contents = sec_pkcs12_create_safe_contents(asafe->poolp);
+                if (safe_contents == NULL) {
+                    rv = SECFailure;
+                } else {
+                    safe_contents->swapUnicode = pfx->swapUnicode;
+                    rv = SECSuccess;
+                }
+            }
+
+            /* get safe contents and begin import */
+            if (rv == SECSuccess) {
+                SEC_PKCS12DecoderContext *p12dcx;
+
+                p12dcx = sec_PKCS12ConvertOldSafeToNew(pfx->poolp, slot,
+                                                       pfx->swapUnicode,
+                                                       pwitem, wincx, safe_contents,
+                                                       &asafe->baggage);
+                if (!p12dcx) {
+                    rv = SECFailure;
+                    goto loser;
+                }
+
+                if (SEC_PKCS12DecoderValidateBags(p12dcx, ncCall) != SECSuccess) {
+                    rv = SECFailure;
+                    goto loser;
+                }
+
+                rv = SEC_PKCS12DecoderImportBags(p12dcx);
+            }
+        }
+    }
+
+loser:
+
+    if (pfx) {
+        SEC_PKCS12DestroyPFX(pfx);
+    }
+
+    return rv;
+}
+
+PRBool
+SEC_PKCS12ValidData(char *buf, int bufLen, long int totalLength)
+{
+    int lengthLength;
+
+    PRBool valid = PR_FALSE;
+
+    if (buf == NULL) {
+        return PR_FALSE;
+    }
+
+    /* check for constructed sequence identifier tag */
+    if (*buf == (SEC_ASN1_CONSTRUCTED | SEC_ASN1_SEQUENCE)) {
+        totalLength--; /* header byte taken care of */
+        buf++;
+
+        lengthLength = (long int)SEC_ASN1LengthLength(totalLength - 1);
+        if (totalLength > 0x7f) {
+            lengthLength--;
+            *buf &= 0x7f; /* remove bit 8 indicator */
+            if ((*buf - (char)lengthLength) == 0) {
+                valid = PR_TRUE;
+            }
+        } else {
+            lengthLength--;
+            if ((*buf - (char)lengthLength) == 0) {
+                valid = PR_TRUE;
+            }
+        }
+    }
+
+    return valid;
+}
diff --git a/nss/lib/pkcs12/p12e.c b/nss/lib/pkcs12/p12e.c
new file mode 100644
index 0000000..4124505
--- /dev/null
+++ b/nss/lib/pkcs12/p12e.c
@@ -0,0 +1,2085 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "p12t.h"
+#include "p12.h"
+#include "plarena.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "seccomon.h"
+#include "secport.h"
+#include "cert.h"
+#include "secpkcs5.h"
+#include "secpkcs7.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "pk11func.h"
+#include "p12plcy.h"
+#include "p12local.h"
+#include "prcpucfg.h"
+
+extern const int NSS_PBE_DEFAULT_ITERATION_COUNT; /* defined in p7create.c */
+
+/*
+** This PKCS12 file encoder uses numerous nested ASN.1 and PKCS7 encoder
+** contexts.  It can be difficult to keep straight.  Here's a picture:
+**
+**  "outer"  ASN.1 encoder.  The output goes to the library caller's CB.
+**  "middle" PKCS7 encoder.  Feeds    the "outer" ASN.1 encoder.
+**  "middle" ASN1  encoder.  Encodes  the encrypted aSafes.
+**                           Feeds    the "middle" P7 encoder above.
+**  "inner"  PKCS7 encoder.  Encrypts the "authenticated Safes" (aSafes)
+**                           Feeds    the "middle" ASN.1 encoder above.
+**  "inner"  ASN.1 encoder.  Encodes  the unencrypted aSafes.
+**                           Feeds    the "inner" P7 enocder above.
+**
+** Buffering has been added at each point where the output of an ASN.1
+** encoder feeds the input of a PKCS7 encoder.
+*/
+
+/*********************************
+ * Output buffer object, used to buffer output from ASN.1 encoder
+ * before passing data on down to the next PKCS7 encoder.
+ *********************************/
+
+#define PK12_OUTPUT_BUFFER_SIZE 8192
+
+struct sec_pkcs12OutputBufferStr {
+    SEC_PKCS7EncoderContext *p7eCx;
+    PK11Context *hmacCx;
+    unsigned int numBytes;
+    unsigned int bufBytes;
+    char buf[PK12_OUTPUT_BUFFER_SIZE];
+};
+typedef struct sec_pkcs12OutputBufferStr sec_pkcs12OutputBuffer;
+
+/*********************************
+ * Structures used in exporting the PKCS 12 blob
+ *********************************/
+
+/* A SafeInfo is used for each ContentInfo which makes up the
+ * sequence of safes in the AuthenticatedSafe portion of the
+ * PFX structure.
+ */
+struct SEC_PKCS12SafeInfoStr {
+    PLArenaPool *arena;
+
+    /* information for setting up password encryption */
+    SECItem pwitem;
+    SECOidTag algorithm;
+    PK11SymKey *encryptionKey;
+
+    /* how many items have been stored in this safe,
+     * we will skip any safe which does not contain any
+     * items
+     */
+    unsigned int itemCount;
+
+    /* the content info for the safe */
+    SEC_PKCS7ContentInfo *cinfo;
+
+    sec_PKCS12SafeContents *safe;
+};
+
+/* An opaque structure which contains information needed for exporting
+ * certificates and keys through PKCS 12.
+ */
+struct SEC_PKCS12ExportContextStr {
+    PLArenaPool *arena;
+    PK11SlotInfo *slot;
+    void *wincx;
+
+    /* integrity information */
+    PRBool integrityEnabled;
+    PRBool pwdIntegrity;
+    union {
+        struct sec_PKCS12PasswordModeInfo pwdInfo;
+        struct sec_PKCS12PublicKeyModeInfo pubkeyInfo;
+    } integrityInfo;
+
+    /* helper functions */
+    /* retrieve the password call back */
+    SECKEYGetPasswordKey pwfn;
+    void *pwfnarg;
+
+    /* safe contents bags */
+    SEC_PKCS12SafeInfo **safeInfos;
+    unsigned int safeInfoCount;
+
+    /* the sequence of safes */
+    sec_PKCS12AuthenticatedSafe authSafe;
+
+    /* information needing deletion */
+    CERTCertificate **certList;
+};
+
+/* structures for passing information to encoder callbacks when processing
+ * data through the ASN1 engine.
+ */
+struct sec_pkcs12_encoder_output {
+    SEC_PKCS12EncoderOutputCallback outputfn;
+    void *outputarg;
+};
+
+struct sec_pkcs12_hmac_and_output_info {
+    void *arg;
+    struct sec_pkcs12_encoder_output output;
+};
+
+/* An encoder context which is used for the actual encoding
+ * portion of PKCS 12.
+ */
+typedef struct sec_PKCS12EncoderContextStr {
+    PLArenaPool *arena;
+    SEC_PKCS12ExportContext *p12exp;
+
+    /* encoder information - this is set up based on whether
+     * password based or public key pased privacy is being used
+     */
+    SEC_ASN1EncoderContext *outerA1ecx;
+    union {
+        struct sec_pkcs12_hmac_and_output_info hmacAndOutputInfo;
+        struct sec_pkcs12_encoder_output encOutput;
+    } output;
+
+    /* structures for encoding of PFX and MAC */
+    sec_PKCS12PFXItem pfx;
+    sec_PKCS12MacData mac;
+
+    /* authenticated safe encoding tracking information */
+    SEC_PKCS7ContentInfo *aSafeCinfo;
+    SEC_PKCS7EncoderContext *middleP7ecx;
+    SEC_ASN1EncoderContext *middleA1ecx;
+    unsigned int currentSafe;
+
+    /* hmac context */
+    PK11Context *hmacCx;
+
+    /* output buffers */
+    sec_pkcs12OutputBuffer middleBuf;
+    sec_pkcs12OutputBuffer innerBuf;
+
+} sec_PKCS12EncoderContext;
+
+/*********************************
+ * Export setup routines
+ *********************************/
+
+/* SEC_PKCS12CreateExportContext
+ *   Creates an export context and sets the unicode and password retrieval
+ *   callbacks.  This is the first call which must be made when exporting
+ *   a PKCS 12 blob.
+ *
+ * pwfn, pwfnarg - password retrieval callback and argument.  these are
+ *                 required for password-authentication mode.
+ */
+SEC_PKCS12ExportContext *
+SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,
+                              PK11SlotInfo *slot, void *wincx)
+{
+    PLArenaPool *arena = NULL;
+    SEC_PKCS12ExportContext *p12ctxt = NULL;
+
+    /* allocate the arena and create the context */
+    arena = PORT_NewArena(4096);
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    p12ctxt = (SEC_PKCS12ExportContext *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(SEC_PKCS12ExportContext));
+    if (!p12ctxt) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* password callback for key retrieval */
+    p12ctxt->pwfn = pwfn;
+    p12ctxt->pwfnarg = pwfnarg;
+
+    p12ctxt->integrityEnabled = PR_FALSE;
+    p12ctxt->arena = arena;
+    p12ctxt->wincx = wincx;
+    p12ctxt->slot = (slot) ? PK11_ReferenceSlot(slot) : PK11_GetInternalSlot();
+
+    return p12ctxt;
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+
+    return NULL;
+}
+
+/*
+ * Adding integrity mode
+ */
+
+/* SEC_PKCS12AddPasswordIntegrity
+ *      Add password integrity to the exported data.  If an integrity method
+ *      has already been set, then return an error.
+ *
+ *      p12ctxt - the export context
+ *      pwitem - the password for integrity mode
+ *      integAlg - the integrity algorithm to use for authentication.
+ */
+SECStatus
+SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,
+                               SECItem *pwitem, SECOidTag integAlg)
+{
+    if (!p12ctxt || p12ctxt->integrityEnabled) {
+        return SECFailure;
+    }
+
+    /* set up integrity information */
+    p12ctxt->pwdIntegrity = PR_TRUE;
+    p12ctxt->integrityInfo.pwdInfo.password =
+        (SECItem *)PORT_ArenaZAlloc(p12ctxt->arena, sizeof(SECItem));
+    if (!p12ctxt->integrityInfo.pwdInfo.password) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    if (SECITEM_CopyItem(p12ctxt->arena,
+                         p12ctxt->integrityInfo.pwdInfo.password, pwitem) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    p12ctxt->integrityInfo.pwdInfo.algorithm = integAlg;
+    p12ctxt->integrityEnabled = PR_TRUE;
+
+    return SECSuccess;
+}
+
+/* SEC_PKCS12AddPublicKeyIntegrity
+ *      Add public key integrity to the exported data.  If an integrity method
+ *      has already been set, then return an error.  The certificate must be
+ *      allowed to be used as a signing cert.
+ *
+ *      p12ctxt - the export context
+ *      cert - signer certificate
+ *      certDb - the certificate database
+ *      algorithm - signing algorithm
+ *      keySize - size of the signing key (?)
+ */
+SECStatus
+SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,
+                                CERTCertificate *cert, CERTCertDBHandle *certDb,
+                                SECOidTag algorithm, int keySize)
+{
+    if (!p12ctxt) {
+        return SECFailure;
+    }
+
+    p12ctxt->integrityInfo.pubkeyInfo.cert = cert;
+    p12ctxt->integrityInfo.pubkeyInfo.certDb = certDb;
+    p12ctxt->integrityInfo.pubkeyInfo.algorithm = algorithm;
+    p12ctxt->integrityInfo.pubkeyInfo.keySize = keySize;
+    p12ctxt->integrityEnabled = PR_TRUE;
+
+    return SECSuccess;
+}
+
+/*
+ * Adding safes - encrypted (password/public key) or unencrypted
+ *      Each of the safe creation routines return an opaque pointer which
+ *      are later passed into the routines for exporting certificates and
+ *      keys.
+ */
+
+/* append the newly created safeInfo to list of safeInfos in the export
+ * context.
+ */
+static SECStatus
+sec_pkcs12_append_safe_info(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *info)
+{
+    void *mark = NULL, *dummy1 = NULL, *dummy2 = NULL;
+
+    if (!p12ctxt || !info) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(p12ctxt->arena);
+
+    /* if no safeInfos have been set, create the list, otherwise expand it. */
+    if (!p12ctxt->safeInfoCount) {
+        p12ctxt->safeInfos = (SEC_PKCS12SafeInfo **)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                                     2 * sizeof(SEC_PKCS12SafeInfo *));
+        dummy1 = p12ctxt->safeInfos;
+        p12ctxt->authSafe.encodedSafes = (SECItem **)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                                      2 * sizeof(SECItem *));
+        dummy2 = p12ctxt->authSafe.encodedSafes;
+    } else {
+        dummy1 = PORT_ArenaGrow(p12ctxt->arena, p12ctxt->safeInfos,
+                                (p12ctxt->safeInfoCount + 1) * sizeof(SEC_PKCS12SafeInfo *),
+                                (p12ctxt->safeInfoCount + 2) * sizeof(SEC_PKCS12SafeInfo *));
+        p12ctxt->safeInfos = (SEC_PKCS12SafeInfo **)dummy1;
+        dummy2 = PORT_ArenaGrow(p12ctxt->arena, p12ctxt->authSafe.encodedSafes,
+                                (p12ctxt->authSafe.safeCount + 1) * sizeof(SECItem *),
+                                (p12ctxt->authSafe.safeCount + 2) * sizeof(SECItem *));
+        p12ctxt->authSafe.encodedSafes = (SECItem **)dummy2;
+    }
+    if (!dummy1 || !dummy2) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* append the new safeInfo and null terminate the list */
+    p12ctxt->safeInfos[p12ctxt->safeInfoCount] = info;
+    p12ctxt->safeInfos[++p12ctxt->safeInfoCount] = NULL;
+    p12ctxt->authSafe.encodedSafes[p12ctxt->authSafe.safeCount] =
+        (SECItem *)PORT_ArenaZAlloc(p12ctxt->arena, sizeof(SECItem));
+    if (!p12ctxt->authSafe.encodedSafes[p12ctxt->authSafe.safeCount]) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    p12ctxt->authSafe.encodedSafes[++p12ctxt->authSafe.safeCount] = NULL;
+
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(p12ctxt->arena, mark);
+    return SECFailure;
+}
+
+/* SEC_PKCS12CreatePasswordPrivSafe
+ *      Create a password privacy safe to store exported information in.
+ *
+ *      p12ctxt - export context
+ *      pwitem - password for encryption
+ *      privAlg - pbe algorithm through which encryption is done.
+ */
+SEC_PKCS12SafeInfo *
+SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt,
+                                 SECItem *pwitem, SECOidTag privAlg)
+{
+    SEC_PKCS12SafeInfo *safeInfo = NULL;
+    void *mark = NULL;
+    PK11SlotInfo *slot = NULL;
+    SECAlgorithmID *algId;
+    SECItem uniPwitem = { siBuffer, NULL, 0 };
+
+    if (!p12ctxt) {
+        return NULL;
+    }
+
+    /* allocate the safe info */
+    mark = PORT_ArenaMark(p12ctxt->arena);
+    safeInfo = (SEC_PKCS12SafeInfo *)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                      sizeof(SEC_PKCS12SafeInfo));
+    if (!safeInfo) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+        return NULL;
+    }
+
+    safeInfo->itemCount = 0;
+
+    /* create the encrypted safe */
+    if (!SEC_PKCS5IsAlgorithmPBEAlgTag(privAlg) &&
+        PK11_AlgtagToMechanism(privAlg) == CKM_AES_CBC) {
+        safeInfo->cinfo = SEC_PKCS7CreateEncryptedDataWithPBEV2(SEC_OID_PKCS5_PBES2,
+                                                                privAlg,
+                                                                SEC_OID_UNKNOWN,
+                                                                0,
+                                                                p12ctxt->pwfn,
+                                                                p12ctxt->pwfnarg);
+    } else {
+        safeInfo->cinfo = SEC_PKCS7CreateEncryptedData(privAlg, 0, p12ctxt->pwfn,
+                                                       p12ctxt->pwfnarg);
+    }
+    if (!safeInfo->cinfo) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    safeInfo->arena = p12ctxt->arena;
+
+    if (sec_pkcs12_is_pkcs12_pbe_algorithm(privAlg)) {
+        /* convert the password to unicode */
+        if (!sec_pkcs12_convert_item_to_unicode(NULL, &uniPwitem, pwitem,
+                                                PR_TRUE, PR_TRUE, PR_TRUE)) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+    } else {
+        if (SECITEM_CopyItem(NULL, &uniPwitem, pwitem) != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+    }
+    if (SECITEM_CopyItem(p12ctxt->arena, &safeInfo->pwitem, &uniPwitem) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* generate the encryption key */
+    slot = PK11_ReferenceSlot(p12ctxt->slot);
+    if (!slot) {
+        slot = PK11_GetInternalKeySlot();
+        if (!slot) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+    }
+
+    algId = SEC_PKCS7GetEncryptionAlgorithm(safeInfo->cinfo);
+    safeInfo->encryptionKey = PK11_PBEKeyGen(slot, algId, &uniPwitem,
+                                             PR_FALSE, p12ctxt->wincx);
+    if (!safeInfo->encryptionKey) {
+        goto loser;
+    }
+
+    safeInfo->arena = p12ctxt->arena;
+    safeInfo->safe = NULL;
+    if (sec_pkcs12_append_safe_info(p12ctxt, safeInfo) != SECSuccess) {
+        goto loser;
+    }
+
+    if (uniPwitem.data) {
+        SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
+    }
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    return safeInfo;
+
+loser:
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    if (safeInfo->cinfo) {
+        SEC_PKCS7DestroyContentInfo(safeInfo->cinfo);
+    }
+
+    if (uniPwitem.data) {
+        SECITEM_ZfreeItem(&uniPwitem, PR_FALSE);
+    }
+
+    PORT_ArenaRelease(p12ctxt->arena, mark);
+    return NULL;
+}
+
+/* SEC_PKCS12CreateUnencryptedSafe
+ *      Creates an unencrypted safe within the export context.
+ *
+ *      p12ctxt - the export context
+ */
+SEC_PKCS12SafeInfo *
+SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt)
+{
+    SEC_PKCS12SafeInfo *safeInfo = NULL;
+    void *mark = NULL;
+
+    if (!p12ctxt) {
+        return NULL;
+    }
+
+    /* create the safe info */
+    mark = PORT_ArenaMark(p12ctxt->arena);
+    safeInfo = (SEC_PKCS12SafeInfo *)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                      sizeof(SEC_PKCS12SafeInfo));
+    if (!safeInfo) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    safeInfo->itemCount = 0;
+
+    /* create the safe content */
+    safeInfo->cinfo = SEC_PKCS7CreateData();
+    if (!safeInfo->cinfo) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    if (sec_pkcs12_append_safe_info(p12ctxt, safeInfo) != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+    return safeInfo;
+
+loser:
+    if (safeInfo->cinfo) {
+        SEC_PKCS7DestroyContentInfo(safeInfo->cinfo);
+    }
+
+    PORT_ArenaRelease(p12ctxt->arena, mark);
+    return NULL;
+}
+
+/* SEC_PKCS12CreatePubKeyEncryptedSafe
+ *      Creates a safe which is protected by public key encryption.
+ *
+ *      p12ctxt - the export context
+ *      certDb - the certificate database
+ *      signer - the signer's certificate
+ *      recipients - the list of recipient certificates.
+ *      algorithm - the encryption algorithm to use
+ *      keysize - the algorithms key size (?)
+ */
+SEC_PKCS12SafeInfo *
+SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,
+                                    CERTCertDBHandle *certDb,
+                                    CERTCertificate *signer,
+                                    CERTCertificate **recipients,
+                                    SECOidTag algorithm, int keysize)
+{
+    SEC_PKCS12SafeInfo *safeInfo = NULL;
+    void *mark = NULL;
+
+    if (!p12ctxt || !signer || !recipients || !(*recipients)) {
+        return NULL;
+    }
+
+    /* allocate the safeInfo */
+    mark = PORT_ArenaMark(p12ctxt->arena);
+    safeInfo = (SEC_PKCS12SafeInfo *)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                      sizeof(SEC_PKCS12SafeInfo));
+    if (!safeInfo) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    safeInfo->itemCount = 0;
+    safeInfo->arena = p12ctxt->arena;
+
+    /* create the enveloped content info using certUsageEmailSigner currently.
+     * XXX We need to eventually use something other than certUsageEmailSigner
+     */
+    safeInfo->cinfo = SEC_PKCS7CreateEnvelopedData(signer, certUsageEmailSigner,
+                                                   certDb, algorithm, keysize,
+                                                   p12ctxt->pwfn, p12ctxt->pwfnarg);
+    if (!safeInfo->cinfo) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* add recipients */
+    if (recipients) {
+        unsigned int i = 0;
+        while (recipients[i] != NULL) {
+            SECStatus rv = SEC_PKCS7AddRecipient(safeInfo->cinfo, recipients[i],
+                                                 certUsageEmailRecipient, certDb);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            i++;
+        }
+    }
+
+    if (sec_pkcs12_append_safe_info(p12ctxt, safeInfo) != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+    return safeInfo;
+
+loser:
+    if (safeInfo->cinfo) {
+        SEC_PKCS7DestroyContentInfo(safeInfo->cinfo);
+        safeInfo->cinfo = NULL;
+    }
+
+    PORT_ArenaRelease(p12ctxt->arena, mark);
+    return NULL;
+}
+
+/*********************************
+ * Routines to handle the exporting of the keys and certificates
+ *********************************/
+
+/* creates a safe contents which safeBags will be appended to */
+sec_PKCS12SafeContents *
+sec_PKCS12CreateSafeContents(PLArenaPool *arena)
+{
+    sec_PKCS12SafeContents *safeContents;
+
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    /* create the safe contents */
+    safeContents = (sec_PKCS12SafeContents *)PORT_ArenaZAlloc(arena,
+                                                              sizeof(sec_PKCS12SafeContents));
+    if (!safeContents) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* set up the internal contents info */
+    safeContents->safeBags = NULL;
+    safeContents->arena = arena;
+    safeContents->bagCount = 0;
+
+    return safeContents;
+
+loser:
+    return NULL;
+}
+
+/* appends a safe bag to a safeContents using the specified arena.
+ */
+SECStatus
+sec_pkcs12_append_bag_to_safe_contents(PLArenaPool *arena,
+                                       sec_PKCS12SafeContents *safeContents,
+                                       sec_PKCS12SafeBag *safeBag)
+{
+    void *mark = NULL, *dummy = NULL;
+
+    if (!arena || !safeBag || !safeContents) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(arena);
+    if (!mark) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    /* allocate space for the list, or reallocate to increase space */
+    if (!safeContents->safeBags) {
+        safeContents->safeBags = (sec_PKCS12SafeBag **)PORT_ArenaZAlloc(arena,
+                                                                        (2 * sizeof(sec_PKCS12SafeBag *)));
+        dummy = safeContents->safeBags;
+        safeContents->bagCount = 0;
+    } else {
+        dummy = PORT_ArenaGrow(arena, safeContents->safeBags,
+                               (safeContents->bagCount + 1) * sizeof(sec_PKCS12SafeBag *),
+                               (safeContents->bagCount + 2) * sizeof(sec_PKCS12SafeBag *));
+        safeContents->safeBags = (sec_PKCS12SafeBag **)dummy;
+    }
+
+    if (!dummy) {
+        PORT_ArenaRelease(arena, mark);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    /* append the bag at the end and null terminate the list */
+    safeContents->safeBags[safeContents->bagCount++] = safeBag;
+    safeContents->safeBags[safeContents->bagCount] = NULL;
+
+    PORT_ArenaUnmark(arena, mark);
+
+    return SECSuccess;
+}
+
+/* appends a safeBag to a specific safeInfo.
+ */
+SECStatus
+sec_pkcs12_append_bag(SEC_PKCS12ExportContext *p12ctxt,
+                      SEC_PKCS12SafeInfo *safeInfo, sec_PKCS12SafeBag *safeBag)
+{
+    sec_PKCS12SafeContents *dest;
+    SECStatus rv = SECFailure;
+
+    if (!p12ctxt || !safeBag || !safeInfo) {
+        return SECFailure;
+    }
+
+    if (!safeInfo->safe) {
+        safeInfo->safe = sec_PKCS12CreateSafeContents(p12ctxt->arena);
+        if (!safeInfo->safe) {
+            return SECFailure;
+        }
+    }
+
+    dest = safeInfo->safe;
+    rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena, dest, safeBag);
+    if (rv == SECSuccess) {
+        safeInfo->itemCount++;
+    }
+
+    return rv;
+}
+
+/* Creates a safeBag of the specified type, and if bagData is specified,
+ * the contents are set.  The contents could be set later by the calling
+ * routine.
+ */
+sec_PKCS12SafeBag *
+sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType,
+                        void *bagData)
+{
+    sec_PKCS12SafeBag *safeBag;
+    void *mark = NULL;
+    SECStatus rv = SECSuccess;
+    SECOidData *oidData = NULL;
+
+    if (!p12ctxt) {
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(p12ctxt->arena);
+    if (!mark) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    safeBag = (sec_PKCS12SafeBag *)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                    sizeof(sec_PKCS12SafeBag));
+    if (!safeBag) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    /* set the bags content based upon bag type */
+    switch (bagType) {
+        case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+            safeBag->safeBagContent.pkcs8KeyBag =
+                (SECKEYPrivateKeyInfo *)bagData;
+            break;
+        case SEC_OID_PKCS12_V1_CERT_BAG_ID:
+            safeBag->safeBagContent.certBag = (sec_PKCS12CertBag *)bagData;
+            break;
+        case SEC_OID_PKCS12_V1_CRL_BAG_ID:
+            safeBag->safeBagContent.crlBag = (sec_PKCS12CRLBag *)bagData;
+            break;
+        case SEC_OID_PKCS12_V1_SECRET_BAG_ID:
+            safeBag->safeBagContent.secretBag = (sec_PKCS12SecretBag *)bagData;
+            break;
+        case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+            safeBag->safeBagContent.pkcs8ShroudedKeyBag =
+                (SECKEYEncryptedPrivateKeyInfo *)bagData;
+            break;
+        case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
+            safeBag->safeBagContent.safeContents =
+                (sec_PKCS12SafeContents *)bagData;
+            break;
+        default:
+            goto loser;
+    }
+
+    oidData = SECOID_FindOIDByTag(bagType);
+    if (oidData) {
+        rv = SECITEM_CopyItem(p12ctxt->arena, &safeBag->safeBagType, &oidData->oid);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+    } else {
+        goto loser;
+    }
+
+    safeBag->arena = p12ctxt->arena;
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+
+    return safeBag;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+    }
+
+    return NULL;
+}
+
+/* Creates a new certificate bag and returns a pointer to it.  If an error
+ * occurs NULL is returned.
+ */
+sec_PKCS12CertBag *
+sec_PKCS12NewCertBag(PLArenaPool *arena, SECOidTag certType)
+{
+    sec_PKCS12CertBag *certBag = NULL;
+    SECOidData *bagType = NULL;
+    SECStatus rv;
+    void *mark = NULL;
+
+    if (!arena) {
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(arena);
+    certBag = (sec_PKCS12CertBag *)PORT_ArenaZAlloc(arena,
+                                                    sizeof(sec_PKCS12CertBag));
+    if (!certBag) {
+        PORT_ArenaRelease(arena, mark);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    bagType = SECOID_FindOIDByTag(certType);
+    if (!bagType) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(arena, &certBag->bagID, &bagType->oid);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(arena, mark);
+    return certBag;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+/* Creates a new CRL bag and returns a pointer to it.  If an error
+ * occurs NULL is returned.
+ */
+sec_PKCS12CRLBag *
+sec_PKCS12NewCRLBag(PLArenaPool *arena, SECOidTag crlType)
+{
+    sec_PKCS12CRLBag *crlBag = NULL;
+    SECOidData *bagType = NULL;
+    SECStatus rv;
+    void *mark = NULL;
+
+    if (!arena) {
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(arena);
+    crlBag = (sec_PKCS12CRLBag *)PORT_ArenaZAlloc(arena,
+                                                  sizeof(sec_PKCS12CRLBag));
+    if (!crlBag) {
+        PORT_ArenaRelease(arena, mark);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    bagType = SECOID_FindOIDByTag(crlType);
+    if (!bagType) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(arena, &crlBag->bagID, &bagType->oid);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(arena, mark);
+    return crlBag;
+
+loser:
+    PORT_ArenaRelease(arena, mark);
+    return NULL;
+}
+
+/* sec_PKCS12AddAttributeToBag
+ * adds an attribute to a safeBag.  currently, the only attributes supported
+ * are those which are specified within PKCS 12.
+ *
+ *      p12ctxt - the export context
+ *      safeBag - the safeBag to which attributes are appended
+ *      attrType - the attribute type
+ *      attrData - the attribute data
+ */
+SECStatus
+sec_PKCS12AddAttributeToBag(SEC_PKCS12ExportContext *p12ctxt,
+                            sec_PKCS12SafeBag *safeBag, SECOidTag attrType,
+                            SECItem *attrData)
+{
+    sec_PKCS12Attribute *attribute;
+    void *mark = NULL, *dummy = NULL;
+    SECOidData *oiddata = NULL;
+    SECItem unicodeName = { siBuffer, NULL, 0 };
+    void *src = NULL;
+    unsigned int nItems = 0;
+    SECStatus rv;
+
+    if (!safeBag || !p12ctxt) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(safeBag->arena);
+
+    /* allocate the attribute */
+    attribute = (sec_PKCS12Attribute *)PORT_ArenaZAlloc(safeBag->arena,
+                                                        sizeof(sec_PKCS12Attribute));
+    if (!attribute) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* set up the attribute */
+    oiddata = SECOID_FindOIDByTag(attrType);
+    if (!oiddata) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    if (SECITEM_CopyItem(p12ctxt->arena, &attribute->attrType, &oiddata->oid) !=
+        SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    nItems = 1;
+    switch (attrType) {
+        case SEC_OID_PKCS9_LOCAL_KEY_ID: {
+            src = attrData;
+            break;
+        }
+        case SEC_OID_PKCS9_FRIENDLY_NAME: {
+            if (!sec_pkcs12_convert_item_to_unicode(p12ctxt->arena,
+                                                    &unicodeName, attrData, PR_FALSE,
+                                                    PR_FALSE, PR_TRUE)) {
+                goto loser;
+            }
+            src = &unicodeName;
+            break;
+        }
+        default:
+            goto loser;
+    }
+
+    /* append the attribute to the attribute value list  */
+    attribute->attrValue = (SECItem **)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                        ((nItems + 1) * sizeof(SECItem *)));
+    if (!attribute->attrValue) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* XXX this will need to be changed if attributes requiring more than
+     * one element are ever used.
+     */
+    attribute->attrValue[0] = (SECItem *)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                          sizeof(SECItem));
+    if (!attribute->attrValue[0]) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    attribute->attrValue[1] = NULL;
+
+    rv = SECITEM_CopyItem(p12ctxt->arena, attribute->attrValue[0],
+                          (SECItem *)src);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* append the attribute to the safeBag attributes */
+    if (safeBag->nAttribs) {
+        dummy = PORT_ArenaGrow(p12ctxt->arena, safeBag->attribs,
+                               ((safeBag->nAttribs + 1) * sizeof(sec_PKCS12Attribute *)),
+                               ((safeBag->nAttribs + 2) * sizeof(sec_PKCS12Attribute *)));
+        safeBag->attribs = (sec_PKCS12Attribute **)dummy;
+    } else {
+        safeBag->attribs = (sec_PKCS12Attribute **)PORT_ArenaZAlloc(p12ctxt->arena,
+                                                                    2 * sizeof(sec_PKCS12Attribute *));
+        dummy = safeBag->attribs;
+    }
+    if (!dummy) {
+        goto loser;
+    }
+
+    safeBag->attribs[safeBag->nAttribs] = attribute;
+    safeBag->attribs[++safeBag->nAttribs] = NULL;
+
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+    return SECSuccess;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+    }
+
+    return SECFailure;
+}
+
+/* SEC_PKCS12AddCert
+ *      Adds a certificate to the data being exported.
+ *
+ *      p12ctxt - the export context
+ *      safe - the safeInfo to which the certificate is placed
+ *      nestedDest - if the cert is to be placed within a nested safeContents then,
+ *                   this value is to be specified with the destination
+ *      cert - the cert to export
+ *      certDb - the certificate database handle
+ *      keyId - a unique identifier to associate a certificate/key pair
+ *      includeCertChain - PR_TRUE if the certificate chain is to be included.
+ */
+SECStatus
+SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe,
+                  void *nestedDest, CERTCertificate *cert,
+                  CERTCertDBHandle *certDb, SECItem *keyId,
+                  PRBool includeCertChain)
+{
+    sec_PKCS12CertBag *certBag;
+    sec_PKCS12SafeBag *safeBag;
+    void *mark;
+    SECStatus rv;
+    SECItem nick = { siBuffer, NULL, 0 };
+
+    if (!p12ctxt || !cert) {
+        return SECFailure;
+    }
+    mark = PORT_ArenaMark(p12ctxt->arena);
+
+    /* allocate the cert bag */
+    certBag = sec_PKCS12NewCertBag(p12ctxt->arena,
+                                   SEC_OID_PKCS9_X509_CERT);
+    if (!certBag) {
+        goto loser;
+    }
+
+    if (SECITEM_CopyItem(p12ctxt->arena, &certBag->value.x509Cert,
+                         &cert->derCert) != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* if the cert chain is to be included, we should only be exporting
+     * the cert from our internal database.
+     */
+    if (includeCertChain) {
+        CERTCertificateList *certList = CERT_CertChainFromCert(cert,
+                                                               certUsageSSLClient,
+                                                               PR_TRUE);
+        unsigned int count = 0;
+        if (!certList) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+
+        /* add cert chain */
+        for (count = 0; count < (unsigned int)certList->len; count++) {
+            if (SECITEM_CompareItem(&certList->certs[count], &cert->derCert) != SECEqual) {
+                CERTCertificate *tempCert;
+
+                /* decode the certificate */
+                /* XXX
+                 * This was rather silly.  The chain is constructed above
+                 * by finding all of the CERTCertificate's in the database.
+                 * Then the chain is put into a CERTCertificateList, which only
+                 * contains the DER.  Finally, the DER was decoded, and the
+                 * decoded cert was sent recursively back to this function.
+                 * Beyond being inefficent, this causes data loss (specifically,
+                 * the nickname).  Instead, for 3.4, we'll do a lookup by the
+                 * DER, which should return the cached entry.
+                 */
+                tempCert = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(),
+                                                  &certList->certs[count]);
+                if (!tempCert) {
+                    CERT_DestroyCertificateList(certList);
+                    goto loser;
+                }
+
+                /* add the certificate */
+                if (SEC_PKCS12AddCert(p12ctxt, safe, nestedDest, tempCert,
+                                      certDb, NULL, PR_FALSE) != SECSuccess) {
+                    CERT_DestroyCertificate(tempCert);
+                    CERT_DestroyCertificateList(certList);
+                    goto loser;
+                }
+                CERT_DestroyCertificate(tempCert);
+            }
+        }
+        CERT_DestroyCertificateList(certList);
+    }
+
+    /* if the certificate has a nickname, we will set the friendly name
+     * to that.
+     */
+    if (cert->nickname) {
+        if (cert->slot && !PK11_IsInternal(cert->slot)) {
+            /*
+             * The cert is coming off of an external token,
+             * let's strip the token name from the nickname
+             * and only add what comes after the colon as the
+             * nickname. -javi
+             */
+            char *delimit;
+
+            delimit = PORT_Strchr(cert->nickname, ':');
+            if (delimit == NULL) {
+                nick.data = (unsigned char *)cert->nickname;
+                nick.len = PORT_Strlen(cert->nickname);
+            } else {
+                delimit++;
+                nick.data = (unsigned char *)PORT_ArenaStrdup(p12ctxt->arena,
+                                                              delimit);
+                nick.len = PORT_Strlen(delimit);
+            }
+        } else {
+            nick.data = (unsigned char *)cert->nickname;
+            nick.len = PORT_Strlen(cert->nickname);
+        }
+    }
+
+    safeBag = sec_PKCS12CreateSafeBag(p12ctxt, SEC_OID_PKCS12_V1_CERT_BAG_ID,
+                                      certBag);
+    if (!safeBag) {
+        goto loser;
+    }
+
+    /* add the friendly name and keyId attributes, if necessary */
+    if (nick.data) {
+        if (sec_PKCS12AddAttributeToBag(p12ctxt, safeBag,
+                                        SEC_OID_PKCS9_FRIENDLY_NAME, &nick) != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    if (keyId) {
+        if (sec_PKCS12AddAttributeToBag(p12ctxt, safeBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
+                                        keyId) != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    /* append the cert safeBag */
+    if (nestedDest) {
+        rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena,
+                                                    (sec_PKCS12SafeContents *)nestedDest,
+                                                    safeBag);
+    } else {
+        rv = sec_pkcs12_append_bag(p12ctxt, safe, safeBag);
+    }
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+    return SECSuccess;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+    }
+
+    return SECFailure;
+}
+
+/* SEC_PKCS12AddKeyForCert
+ *      Extracts the key associated with a particular certificate and exports
+ *      it.
+ *
+ *      p12ctxt - the export context
+ *      safe - the safeInfo to place the key in
+ *      nestedDest - the nested safeContents to place a key
+ *      cert - the certificate which the key belongs to
+ *      shroudKey - encrypt the private key for export.  This value should
+ *              always be true.  lower level code will not allow the export
+ *              of unencrypted private keys.
+ *      algorithm - the algorithm with which to encrypt the private key
+ *      pwitem - the password to encrypt the private key with
+ *      keyId - the keyID attribute
+ *      nickName - the nickname attribute
+ */
+SECStatus
+SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, SEC_PKCS12SafeInfo *safe,
+                        void *nestedDest, CERTCertificate *cert,
+                        PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,
+                        SECItem *keyId, SECItem *nickName)
+{
+    void *mark;
+    void *keyItem;
+    SECOidTag keyType;
+    SECStatus rv = SECFailure;
+    SECItem nickname = { siBuffer, NULL, 0 }, uniPwitem = { siBuffer, NULL, 0 };
+    sec_PKCS12SafeBag *returnBag;
+
+    if (!p12ctxt || !cert || !safe) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(p12ctxt->arena);
+
+    /* retrieve the key based upon the type that it is and
+     * specify the type of safeBag to store the key in
+     */
+    if (!shroudKey) {
+
+        /* extract the key unencrypted.  this will most likely go away */
+        SECKEYPrivateKeyInfo *pki = PK11_ExportPrivateKeyInfo(cert,
+                                                              p12ctxt->wincx);
+        if (!pki) {
+            PORT_ArenaRelease(p12ctxt->arena, mark);
+            PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
+            return SECFailure;
+        }
+        keyItem = PORT_ArenaZAlloc(p12ctxt->arena, sizeof(SECKEYPrivateKeyInfo));
+        if (!keyItem) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        rv = SECKEY_CopyPrivateKeyInfo(p12ctxt->arena,
+                                       (SECKEYPrivateKeyInfo *)keyItem, pki);
+        keyType = SEC_OID_PKCS12_V1_KEY_BAG_ID;
+        SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE);
+    } else {
+
+        /* extract the key encrypted */
+        SECKEYEncryptedPrivateKeyInfo *epki = NULL;
+        PK11SlotInfo *slot = NULL;
+
+        if (!sec_pkcs12_convert_item_to_unicode(p12ctxt->arena, &uniPwitem,
+                                                pwitem, PR_TRUE, PR_TRUE, PR_TRUE)) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+
+        /* we want to make sure to take the key out of the key slot */
+        if (PK11_IsInternal(p12ctxt->slot)) {
+            slot = PK11_GetInternalKeySlot();
+        } else {
+            slot = PK11_ReferenceSlot(p12ctxt->slot);
+        }
+
+        epki = PK11_ExportEncryptedPrivateKeyInfo(slot, algorithm,
+                                                  &uniPwitem, cert,
+                                                  NSS_PBE_DEFAULT_ITERATION_COUNT,
+                                                  p12ctxt->wincx);
+        PK11_FreeSlot(slot);
+        if (!epki) {
+            PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
+            goto loser;
+        }
+
+        keyItem = PORT_ArenaZAlloc(p12ctxt->arena,
+                                   sizeof(SECKEYEncryptedPrivateKeyInfo));
+        if (!keyItem) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        rv = SECKEY_CopyEncryptedPrivateKeyInfo(p12ctxt->arena,
+                                                (SECKEYEncryptedPrivateKeyInfo *)keyItem,
+                                                epki);
+        keyType = SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID;
+        SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
+    }
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* if no nickname specified, let's see if the certificate has a
+     * nickname.
+     */
+    if (!nickName) {
+        if (cert->nickname) {
+            nickname.data = (unsigned char *)cert->nickname;
+            nickname.len = PORT_Strlen(cert->nickname);
+            nickName = &nickname;
+        }
+    }
+
+    /* create the safe bag and set any attributes */
+    returnBag = sec_PKCS12CreateSafeBag(p12ctxt, keyType, keyItem);
+    if (!returnBag) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    if (nickName) {
+        if (sec_PKCS12AddAttributeToBag(p12ctxt, returnBag,
+                                        SEC_OID_PKCS9_FRIENDLY_NAME, nickName) != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    if (keyId) {
+        if (sec_PKCS12AddAttributeToBag(p12ctxt, returnBag, SEC_OID_PKCS9_LOCAL_KEY_ID,
+                                        keyId) != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    if (nestedDest) {
+        rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena,
+                                                    (sec_PKCS12SafeContents *)nestedDest,
+                                                    returnBag);
+    } else {
+        rv = sec_pkcs12_append_bag(p12ctxt, safe, returnBag);
+    }
+
+loser:
+
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+    } else {
+        PORT_ArenaUnmark(p12ctxt->arena, mark);
+    }
+
+    return rv;
+}
+
+/* SEC_PKCS12AddCertOrChainAndKey
+ *      Add a certificate and key pair to be exported.
+ *
+ *      p12ctxt          - the export context
+ *      certSafe         - the safeInfo where the cert is stored
+ *      certNestedDest   - the nested safeContents to store the cert
+ *      keySafe          - the safeInfo where the key is stored
+ *      keyNestedDest    - the nested safeContents to store the key
+ *      shroudKey        - extract the private key encrypted?
+ *      pwitem           - the password with which the key is encrypted
+ *      algorithm        - the algorithm with which the key is encrypted
+ *      includeCertChain - also add certs from chain to bag.
+ */
+SECStatus
+SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt,
+                               void *certSafe, void *certNestedDest,
+                               CERTCertificate *cert, CERTCertDBHandle *certDb,
+                               void *keySafe, void *keyNestedDest,
+                               PRBool shroudKey, SECItem *pwitem,
+                               SECOidTag algorithm, PRBool includeCertChain)
+{
+    SECStatus rv = SECFailure;
+    SGNDigestInfo *digest = NULL;
+    void *mark = NULL;
+
+    if (!p12ctxt || !certSafe || !keySafe || !cert) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(p12ctxt->arena);
+
+    /* generate the thumbprint of the cert to use as a keyId */
+    digest = sec_pkcs12_compute_thumbprint(&cert->derCert);
+    if (!digest) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+        return SECFailure;
+    }
+
+    /* add the certificate */
+    rv = SEC_PKCS12AddCert(p12ctxt, (SEC_PKCS12SafeInfo *)certSafe,
+                           (SEC_PKCS12SafeInfo *)certNestedDest, cert, certDb,
+                           &digest->digest, includeCertChain);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* add the key */
+    rv = SEC_PKCS12AddKeyForCert(p12ctxt, (SEC_PKCS12SafeInfo *)keySafe,
+                                 keyNestedDest, cert,
+                                 shroudKey, algorithm, pwitem,
+                                 &digest->digest, NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    SGN_DestroyDigestInfo(digest);
+
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+    return SECSuccess;
+
+loser:
+    SGN_DestroyDigestInfo(digest);
+    PORT_ArenaRelease(p12ctxt->arena, mark);
+
+    return SECFailure;
+}
+
+/* like SEC_PKCS12AddCertOrChainAndKey, but always adds cert chain */
+SECStatus
+SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,
+                        void *certSafe, void *certNestedDest,
+                        CERTCertificate *cert, CERTCertDBHandle *certDb,
+                        void *keySafe, void *keyNestedDest,
+                        PRBool shroudKey, SECItem *pwItem, SECOidTag algorithm)
+{
+    return SEC_PKCS12AddCertOrChainAndKey(p12ctxt, certSafe, certNestedDest,
+                                          cert, certDb, keySafe, keyNestedDest, shroudKey, pwItem,
+                                          algorithm, PR_TRUE);
+}
+
+/* SEC_PKCS12CreateNestedSafeContents
+ *      Allows nesting of safe contents to be implemented.  No limit imposed on
+ *      depth.
+ *
+ *      p12ctxt - the export context
+ *      baseSafe - the base safeInfo
+ *      nestedDest - a parent safeContents (?)
+ */
+void *
+SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,
+                                   void *baseSafe, void *nestedDest)
+{
+    sec_PKCS12SafeContents *newSafe;
+    sec_PKCS12SafeBag *safeContentsBag;
+    void *mark;
+    SECStatus rv;
+
+    if (!p12ctxt || !baseSafe) {
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(p12ctxt->arena);
+
+    newSafe = sec_PKCS12CreateSafeContents(p12ctxt->arena);
+    if (!newSafe) {
+        PORT_ArenaRelease(p12ctxt->arena, mark);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    /* create the safeContents safeBag */
+    safeContentsBag = sec_PKCS12CreateSafeBag(p12ctxt,
+                                              SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
+                                              newSafe);
+    if (!safeContentsBag) {
+        goto loser;
+    }
+
+    /* append the safeContents to the appropriate area */
+    if (nestedDest) {
+        rv = sec_pkcs12_append_bag_to_safe_contents(p12ctxt->arena,
+                                                    (sec_PKCS12SafeContents *)nestedDest,
+                                                    safeContentsBag);
+    } else {
+        rv = sec_pkcs12_append_bag(p12ctxt, (SEC_PKCS12SafeInfo *)baseSafe,
+                                   safeContentsBag);
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(p12ctxt->arena, mark);
+    return newSafe;
+
+loser:
+    PORT_ArenaRelease(p12ctxt->arena, mark);
+    return NULL;
+}
+
+/*********************************
+ * Encoding routines
+ *********************************/
+
+/* Clean up the resources allocated by a sec_PKCS12EncoderContext. */
+static void
+sec_pkcs12_encoder_destroy_context(sec_PKCS12EncoderContext *p12enc)
+{
+    if (p12enc) {
+        if (p12enc->outerA1ecx) {
+            SEC_ASN1EncoderFinish(p12enc->outerA1ecx);
+            p12enc->outerA1ecx = NULL;
+        }
+        if (p12enc->aSafeCinfo) {
+            SEC_PKCS7DestroyContentInfo(p12enc->aSafeCinfo);
+            p12enc->aSafeCinfo = NULL;
+        }
+        if (p12enc->middleP7ecx) {
+            SEC_PKCS7EncoderFinish(p12enc->middleP7ecx, p12enc->p12exp->pwfn,
+                                   p12enc->p12exp->pwfnarg);
+            p12enc->middleP7ecx = NULL;
+        }
+        if (p12enc->middleA1ecx) {
+            SEC_ASN1EncoderFinish(p12enc->middleA1ecx);
+            p12enc->middleA1ecx = NULL;
+        }
+        if (p12enc->hmacCx) {
+            PK11_DestroyContext(p12enc->hmacCx, PR_TRUE);
+            p12enc->hmacCx = NULL;
+        }
+    }
+}
+
+/* set up the encoder context based on information in the export context
+ * and return the newly allocated enocoder context.  A return of NULL
+ * indicates an error occurred.
+ */
+static sec_PKCS12EncoderContext *
+sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp)
+{
+    sec_PKCS12EncoderContext *p12enc = NULL;
+    unsigned int i, nonEmptyCnt;
+    SECStatus rv;
+    SECItem ignore = { 0 };
+    void *mark;
+    SECItem *salt = NULL;
+    SECItem *params = NULL;
+
+    if (!p12exp || !p12exp->safeInfos) {
+        return NULL;
+    }
+
+    /* check for any empty safes and skip them */
+    i = nonEmptyCnt = 0;
+    while (p12exp->safeInfos[i]) {
+        if (p12exp->safeInfos[i]->itemCount) {
+            nonEmptyCnt++;
+        }
+        i++;
+    }
+    if (nonEmptyCnt == 0) {
+        return NULL;
+    }
+    p12exp->authSafe.encodedSafes[nonEmptyCnt] = NULL;
+
+    /* allocate the encoder context */
+    mark = PORT_ArenaMark(p12exp->arena);
+    p12enc = PORT_ArenaZNew(p12exp->arena, sec_PKCS12EncoderContext);
+    if (!p12enc) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    p12enc->arena = p12exp->arena;
+    p12enc->p12exp = p12exp;
+
+    /* set up the PFX version and information */
+    PORT_Memset(&p12enc->pfx, 0, sizeof(sec_PKCS12PFXItem));
+    if (!SEC_ASN1EncodeInteger(p12exp->arena, &(p12enc->pfx.version),
+                               SEC_PKCS12_VERSION)) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* set up the authenticated safe content info based on the
+     * type of integrity being used.  this should be changed to
+     * enforce integrity mode, but will not be implemented until
+     * it is confirmed that integrity must be in place
+     */
+    if (p12exp->integrityEnabled && !p12exp->pwdIntegrity) {
+        /* create public key integrity mode */
+        p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData(
+            p12exp->integrityInfo.pubkeyInfo.cert,
+            certUsageEmailSigner,
+            p12exp->integrityInfo.pubkeyInfo.certDb,
+            p12exp->integrityInfo.pubkeyInfo.algorithm,
+            NULL,
+            p12exp->pwfn,
+            p12exp->pwfnarg);
+        if (!p12enc->aSafeCinfo) {
+            goto loser;
+        }
+        if (SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo, NULL) != SECSuccess) {
+            goto loser;
+        }
+        PORT_CheckSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo));
+    } else {
+        p12enc->aSafeCinfo = SEC_PKCS7CreateData();
+
+        /* init password pased integrity mode */
+        if (p12exp->integrityEnabled) {
+            SECItem pwd = { siBuffer, NULL, 0 };
+            PK11SymKey *symKey;
+            CK_MECHANISM_TYPE integrityMechType;
+            CK_MECHANISM_TYPE hmacMechType;
+            salt = sec_pkcs12_generate_salt();
+
+            /* zero out macData and set values */
+            PORT_Memset(&p12enc->mac, 0, sizeof(sec_PKCS12MacData));
+
+            if (!salt) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+            if (SECITEM_CopyItem(p12exp->arena, &(p12enc->mac.macSalt), salt) != SECSuccess) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+            if (!SEC_ASN1EncodeInteger(p12exp->arena, &(p12enc->mac.iter),
+                                       NSS_PBE_DEFAULT_ITERATION_COUNT)) {
+                goto loser;
+            }
+
+            /* generate HMAC key */
+            if (!sec_pkcs12_convert_item_to_unicode(NULL, &pwd,
+                                                    p12exp->integrityInfo.pwdInfo.password, PR_TRUE,
+                                                    PR_TRUE, PR_TRUE)) {
+                goto loser;
+            }
+            /*
+             * This code only works with PKCS #12 Mac using PKCS #5 v1
+             * PBA keygens. PKCS #5 v2 support will require a change to
+             * the PKCS #12 spec.
+             */
+            params = PK11_CreatePBEParams(salt, &pwd,
+                                          NSS_PBE_DEFAULT_ITERATION_COUNT);
+            SECITEM_ZfreeItem(salt, PR_TRUE);
+            SECITEM_ZfreeItem(&pwd, PR_FALSE);
+
+            /* get the PBA Mechanism to generate the key */
+            switch (p12exp->integrityInfo.pwdInfo.algorithm) {
+                case SEC_OID_SHA1:
+                    integrityMechType = CKM_PBA_SHA1_WITH_SHA1_HMAC;
+                    break;
+                case SEC_OID_MD5:
+                    integrityMechType = CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN;
+                    break;
+                case SEC_OID_MD2:
+                    integrityMechType = CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN;
+                    break;
+                default:
+                    goto loser;
+            }
+
+            /* generate the key */
+            symKey = PK11_KeyGen(NULL, integrityMechType, params, 20, NULL);
+            PK11_DestroyPBEParams(params);
+            if (!symKey) {
+                goto loser;
+            }
+
+            /* initialize HMAC */
+            /* Get the HMAC mechanism from the hash OID */
+            hmacMechType = sec_pkcs12_algtag_to_mech(
+                p12exp->integrityInfo.pwdInfo.algorithm);
+
+            p12enc->hmacCx = PK11_CreateContextBySymKey(hmacMechType,
+                                                        CKA_SIGN, symKey, &ignore);
+
+            PK11_FreeSymKey(symKey);
+            if (!p12enc->hmacCx) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+            rv = PK11_DigestBegin(p12enc->hmacCx);
+            if (rv != SECSuccess)
+                goto loser;
+        }
+    }
+
+    if (!p12enc->aSafeCinfo) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(p12exp->arena, mark);
+
+    return p12enc;
+
+loser:
+    sec_pkcs12_encoder_destroy_context(p12enc);
+    if (p12exp->arena != NULL)
+        PORT_ArenaRelease(p12exp->arena, mark);
+    if (salt) {
+        SECITEM_ZfreeItem(salt, PR_TRUE);
+    }
+    if (params) {
+        PK11_DestroyPBEParams(params);
+    }
+
+    return NULL;
+}
+
+/* The outermost ASN.1 encoder calls this function for output.
+** This function calls back to the library caller's output routine,
+** which typically writes to a PKCS12 file.
+ */
+static void
+sec_P12A1OutputCB_Outer(void *arg, const char *buf, unsigned long len,
+                        int depth, SEC_ASN1EncodingPart data_kind)
+{
+    struct sec_pkcs12_encoder_output *output;
+
+    output = (struct sec_pkcs12_encoder_output *)arg;
+    (*output->outputfn)(output->outputarg, buf, len);
+}
+
+/* The "middle" and "inner" ASN.1 encoders call this function to output.
+** This function does HMACing, if appropriate, and then buffers the data.
+** The buffered data is eventually passed down to the underlying PKCS7 encoder.
+ */
+static void
+sec_P12A1OutputCB_HmacP7Update(void *arg, const char *buf,
+                               unsigned long len,
+                               int depth,
+                               SEC_ASN1EncodingPart data_kind)
+{
+    sec_pkcs12OutputBuffer *bufcx = (sec_pkcs12OutputBuffer *)arg;
+
+    if (!buf || !len)
+        return;
+
+    if (bufcx->hmacCx) {
+        PK11_DigestOp(bufcx->hmacCx, (unsigned char *)buf, len);
+    }
+
+    /* buffer */
+    if (bufcx->numBytes > 0) {
+        int toCopy;
+        if (len + bufcx->numBytes <= bufcx->bufBytes) {
+            memcpy(bufcx->buf + bufcx->numBytes, buf, len);
+            bufcx->numBytes += len;
+            if (bufcx->numBytes < bufcx->bufBytes)
+                return;
+            SEC_PKCS7EncoderUpdate(bufcx->p7eCx, bufcx->buf, bufcx->bufBytes);
+            bufcx->numBytes = 0;
+            return;
+        }
+        toCopy = bufcx->bufBytes - bufcx->numBytes;
+        memcpy(bufcx->buf + bufcx->numBytes, buf, toCopy);
+        SEC_PKCS7EncoderUpdate(bufcx->p7eCx, bufcx->buf, bufcx->bufBytes);
+        bufcx->numBytes = 0;
+        len -= toCopy;
+        buf += toCopy;
+    }
+    /* buffer is presently empty */
+    if (len >= bufcx->bufBytes) {
+        /* Just pass it through */
+        SEC_PKCS7EncoderUpdate(bufcx->p7eCx, buf, len);
+    } else {
+        /* copy it all into the buffer, and return */
+        memcpy(bufcx->buf, buf, len);
+        bufcx->numBytes = len;
+    }
+}
+
+void
+sec_FlushPkcs12OutputBuffer(sec_pkcs12OutputBuffer *bufcx)
+{
+    if (bufcx->numBytes > 0) {
+        SEC_PKCS7EncoderUpdate(bufcx->p7eCx, bufcx->buf, bufcx->numBytes);
+        bufcx->numBytes = 0;
+    }
+}
+
+/* Feeds the output of a PKCS7 encoder into the next outward ASN.1 encoder.
+** This function is used by both the inner and middle PCS7 encoders.
+*/
+static void
+sec_P12P7OutputCB_CallA1Update(void *arg, const char *buf, unsigned long len)
+{
+    SEC_ASN1EncoderContext *cx = (SEC_ASN1EncoderContext *)arg;
+
+    if (!buf || !len)
+        return;
+
+    SEC_ASN1EncoderUpdate(cx, buf, len);
+}
+
+/* this function encodes content infos which are part of the
+ * sequence of content infos labeled AuthenticatedSafes
+ */
+static SECStatus
+sec_pkcs12_encoder_asafe_process(sec_PKCS12EncoderContext *p12ecx)
+{
+    SEC_PKCS7EncoderContext *innerP7ecx;
+    SEC_PKCS7ContentInfo *cinfo;
+    PK11SymKey *bulkKey = NULL;
+    SEC_ASN1EncoderContext *innerA1ecx = NULL;
+    SECStatus rv = SECSuccess;
+
+    if (p12ecx->currentSafe < p12ecx->p12exp->authSafe.safeCount) {
+        SEC_PKCS12SafeInfo *safeInfo;
+        SECOidTag cinfoType;
+
+        safeInfo = p12ecx->p12exp->safeInfos[p12ecx->currentSafe];
+
+        /* skip empty safes */
+        if (safeInfo->itemCount == 0) {
+            return SECSuccess;
+        }
+
+        cinfo = safeInfo->cinfo;
+        cinfoType = SEC_PKCS7ContentType(cinfo);
+
+        /* determine the safe type and set the appropriate argument */
+        switch (cinfoType) {
+            case SEC_OID_PKCS7_DATA:
+            case SEC_OID_PKCS7_ENVELOPED_DATA:
+                break;
+            case SEC_OID_PKCS7_ENCRYPTED_DATA:
+                bulkKey = safeInfo->encryptionKey;
+                PK11_SetSymKeyUserData(bulkKey, &safeInfo->pwitem, NULL);
+                break;
+            default:
+                return SECFailure;
+        }
+
+        /* start the PKCS7 encoder */
+        innerP7ecx = SEC_PKCS7EncoderStart(cinfo,
+                                           sec_P12P7OutputCB_CallA1Update,
+                                           p12ecx->middleA1ecx, bulkKey);
+        if (!innerP7ecx) {
+            goto loser;
+        }
+
+        /* encode safe contents */
+        p12ecx->innerBuf.p7eCx = innerP7ecx;
+        p12ecx->innerBuf.hmacCx = NULL;
+        p12ecx->innerBuf.numBytes = 0;
+        p12ecx->innerBuf.bufBytes = sizeof p12ecx->innerBuf.buf;
+
+        innerA1ecx = SEC_ASN1EncoderStart(safeInfo->safe,
+                                          sec_PKCS12SafeContentsTemplate,
+                                          sec_P12A1OutputCB_HmacP7Update,
+                                          &p12ecx->innerBuf);
+        if (!innerA1ecx) {
+            goto loser;
+        }
+        rv = SEC_ASN1EncoderUpdate(innerA1ecx, NULL, 0);
+        SEC_ASN1EncoderFinish(innerA1ecx);
+        sec_FlushPkcs12OutputBuffer(&p12ecx->innerBuf);
+        innerA1ecx = NULL;
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        /* finish up safe content info */
+        rv = SEC_PKCS7EncoderFinish(innerP7ecx, p12ecx->p12exp->pwfn,
+                                    p12ecx->p12exp->pwfnarg);
+    }
+    memset(&p12ecx->innerBuf, 0, sizeof p12ecx->innerBuf);
+    return SECSuccess;
+
+loser:
+    if (innerP7ecx) {
+        SEC_PKCS7EncoderFinish(innerP7ecx, p12ecx->p12exp->pwfn,
+                               p12ecx->p12exp->pwfnarg);
+    }
+
+    if (innerA1ecx) {
+        SEC_ASN1EncoderFinish(innerA1ecx);
+    }
+    memset(&p12ecx->innerBuf, 0, sizeof p12ecx->innerBuf);
+    return SECFailure;
+}
+
+/* finish the HMAC and encode the macData so that it can be
+ * encoded.
+ */
+static SECStatus
+sec_Pkcs12FinishMac(sec_PKCS12EncoderContext *p12ecx)
+{
+    SECItem hmac = { siBuffer, NULL, 0 };
+    SECStatus rv;
+    SGNDigestInfo *di = NULL;
+    void *dummy;
+
+    if (!p12ecx) {
+        return SECFailure;
+    }
+
+    /* make sure we are using password integrity mode */
+    if (!p12ecx->p12exp->integrityEnabled) {
+        return SECSuccess;
+    }
+
+    if (!p12ecx->p12exp->pwdIntegrity) {
+        return SECSuccess;
+    }
+
+    /* finish the hmac */
+    hmac.data = (unsigned char *)PORT_ZAlloc(SHA1_LENGTH);
+    if (!hmac.data) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    rv = PK11_DigestFinal(p12ecx->hmacCx, hmac.data, &hmac.len, SHA1_LENGTH);
+
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* create the digest info */
+    di = SGN_CreateDigestInfo(p12ecx->p12exp->integrityInfo.pwdInfo.algorithm,
+                              hmac.data, hmac.len);
+    if (!di) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = SGN_CopyDigestInfo(p12ecx->arena, &p12ecx->mac.safeMac, di);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* encode the mac data */
+    dummy = SEC_ASN1EncodeItem(p12ecx->arena, &p12ecx->pfx.encodedMacData,
+                               &p12ecx->mac, sec_PKCS12MacDataTemplate);
+    if (!dummy) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
+    }
+
+loser:
+    if (di) {
+        SGN_DestroyDigestInfo(di);
+    }
+    if (hmac.data) {
+        SECITEM_ZfreeItem(&hmac, PR_FALSE);
+    }
+    PK11_DestroyContext(p12ecx->hmacCx, PR_TRUE);
+    p12ecx->hmacCx = NULL;
+
+    return rv;
+}
+
+/* pfx notify function for ASN1 encoder.
+ * We want to stop encoding once we reach the authenticated safe.
+ * At that point, the encoder will be updated via streaming
+ * as the authenticated safe is  encoded.
+ */
+static void
+sec_pkcs12_encoder_pfx_notify(void *arg, PRBool before, void *dest, int real_depth)
+{
+    sec_PKCS12EncoderContext *p12ecx;
+
+    if (!before) {
+        return;
+    }
+
+    /* look for authenticated safe */
+    p12ecx = (sec_PKCS12EncoderContext *)arg;
+    if (dest != &p12ecx->pfx.encodedAuthSafe) {
+        return;
+    }
+
+    SEC_ASN1EncoderSetTakeFromBuf(p12ecx->outerA1ecx);
+    SEC_ASN1EncoderSetStreaming(p12ecx->outerA1ecx);
+    SEC_ASN1EncoderClearNotifyProc(p12ecx->outerA1ecx);
+}
+
+/* SEC_PKCS12Encode
+ *      Encodes the PFX item and returns it to the output function, via
+ *      callback.  the output function must be capable of multiple updates.
+ *
+ *      p12exp - the export context
+ *      output - the output function callback, will be called more than once,
+ *               must be able to accept streaming data.
+ *      outputarg - argument for the output callback.
+ */
+SECStatus
+SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp,
+                 SEC_PKCS12EncoderOutputCallback output, void *outputarg)
+{
+    sec_PKCS12EncoderContext *p12enc;
+    struct sec_pkcs12_encoder_output outInfo;
+    SECStatus rv;
+
+    if (!p12exp || !output) {
+        return SECFailure;
+    }
+
+    /* get the encoder context */
+    p12enc = sec_pkcs12_encoder_start_context(p12exp);
+    if (!p12enc) {
+        return SECFailure;
+    }
+
+    outInfo.outputfn = output;
+    outInfo.outputarg = outputarg;
+
+    /* set up PFX encoder, the "outer" encoder.  Set it for streaming */
+    p12enc->outerA1ecx = SEC_ASN1EncoderStart(&p12enc->pfx,
+                                              sec_PKCS12PFXItemTemplate,
+                                              sec_P12A1OutputCB_Outer,
+                                              &outInfo);
+    if (!p12enc->outerA1ecx) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
+        goto loser;
+    }
+    SEC_ASN1EncoderSetStreaming(p12enc->outerA1ecx);
+    SEC_ASN1EncoderSetNotifyProc(p12enc->outerA1ecx,
+                                 sec_pkcs12_encoder_pfx_notify, p12enc);
+    rv = SEC_ASN1EncoderUpdate(p12enc->outerA1ecx, NULL, 0);
+    if (rv != SECSuccess) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* set up asafe cinfo - the output of the encoder feeds the PFX encoder */
+    p12enc->middleP7ecx = SEC_PKCS7EncoderStart(p12enc->aSafeCinfo,
+                                                sec_P12P7OutputCB_CallA1Update,
+                                                p12enc->outerA1ecx, NULL);
+    if (!p12enc->middleP7ecx) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* encode asafe */
+    p12enc->middleBuf.p7eCx = p12enc->middleP7ecx;
+    p12enc->middleBuf.hmacCx = NULL;
+    p12enc->middleBuf.numBytes = 0;
+    p12enc->middleBuf.bufBytes = sizeof p12enc->middleBuf.buf;
+
+    /* Setup the "inner ASN.1 encoder for Authenticated Safes.  */
+    if (p12enc->p12exp->integrityEnabled &&
+        p12enc->p12exp->pwdIntegrity) {
+        p12enc->middleBuf.hmacCx = p12enc->hmacCx;
+    }
+    p12enc->middleA1ecx = SEC_ASN1EncoderStart(&p12enc->p12exp->authSafe,
+                                               sec_PKCS12AuthenticatedSafeTemplate,
+                                               sec_P12A1OutputCB_HmacP7Update,
+                                               &p12enc->middleBuf);
+    if (!p12enc->middleA1ecx) {
+        rv = SECFailure;
+        goto loser;
+    }
+    SEC_ASN1EncoderSetStreaming(p12enc->middleA1ecx);
+    SEC_ASN1EncoderSetTakeFromBuf(p12enc->middleA1ecx);
+
+    /* encode each of the safes */
+    while (p12enc->currentSafe != p12enc->p12exp->safeInfoCount) {
+        sec_pkcs12_encoder_asafe_process(p12enc);
+        p12enc->currentSafe++;
+    }
+    SEC_ASN1EncoderClearTakeFromBuf(p12enc->middleA1ecx);
+    SEC_ASN1EncoderClearStreaming(p12enc->middleA1ecx);
+    SEC_ASN1EncoderUpdate(p12enc->middleA1ecx, NULL, 0);
+    SEC_ASN1EncoderFinish(p12enc->middleA1ecx);
+    p12enc->middleA1ecx = NULL;
+
+    sec_FlushPkcs12OutputBuffer(&p12enc->middleBuf);
+
+    /* finish the encoding of the authenticated safes */
+    rv = SEC_PKCS7EncoderFinish(p12enc->middleP7ecx, p12exp->pwfn,
+                                p12exp->pwfnarg);
+    p12enc->middleP7ecx = NULL;
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    SEC_ASN1EncoderClearTakeFromBuf(p12enc->outerA1ecx);
+    SEC_ASN1EncoderClearStreaming(p12enc->outerA1ecx);
+
+    /* update the mac, if necessary */
+    rv = sec_Pkcs12FinishMac(p12enc);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* finish encoding the pfx */
+    rv = SEC_ASN1EncoderUpdate(p12enc->outerA1ecx, NULL, 0);
+
+    SEC_ASN1EncoderFinish(p12enc->outerA1ecx);
+    p12enc->outerA1ecx = NULL;
+
+loser:
+    sec_pkcs12_encoder_destroy_context(p12enc);
+    return rv;
+}
+
+void
+SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12ecx)
+{
+    int i = 0;
+
+    if (!p12ecx) {
+        return;
+    }
+
+    if (p12ecx->safeInfos) {
+        i = 0;
+        while (p12ecx->safeInfos[i] != NULL) {
+            if (p12ecx->safeInfos[i]->encryptionKey) {
+                PK11_FreeSymKey(p12ecx->safeInfos[i]->encryptionKey);
+            }
+            if (p12ecx->safeInfos[i]->cinfo) {
+                SEC_PKCS7DestroyContentInfo(p12ecx->safeInfos[i]->cinfo);
+            }
+            i++;
+        }
+    }
+
+    PK11_FreeSlot(p12ecx->slot);
+
+    PORT_FreeArena(p12ecx->arena, PR_TRUE);
+}
diff --git a/nss/lib/pkcs12/p12exp.c b/nss/lib/pkcs12/p12exp.c
new file mode 100644
index 0000000..b9cb076
--- /dev/null
+++ b/nss/lib/pkcs12/p12exp.c
@@ -0,0 +1,1374 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plarena.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "seccomon.h"
+#include "secport.h"
+#include "cert.h"
+#include "pkcs12.h"
+#include "p12local.h"
+#include "secpkcs7.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "p12plcy.h"
+
+/* release the memory taken up by the list of nicknames */
+static void
+sec_pkcs12_destroy_nickname_list(SECItem **nicknames)
+{
+    int i = 0;
+
+    if (nicknames == NULL) {
+        return;
+    }
+
+    while (nicknames[i] != NULL) {
+        SECITEM_FreeItem(nicknames[i], PR_FALSE);
+        i++;
+    }
+
+    PORT_Free(nicknames);
+}
+
+/* release the memory taken up by the list of certificates */
+static void
+sec_pkcs12_destroy_certificate_list(CERTCertificate **ref_certs)
+{
+    int i = 0;
+
+    if (ref_certs == NULL) {
+        return;
+    }
+
+    while (ref_certs[i] != NULL) {
+        CERT_DestroyCertificate(ref_certs[i]);
+        i++;
+    }
+}
+
+static void
+sec_pkcs12_destroy_cinfos_for_cert_bags(SEC_PKCS12CertAndCRLBag *certBag)
+{
+    int j = 0;
+    j = 0;
+    while (certBag->certAndCRLs[j] != NULL) {
+        SECOidTag certType = SECOID_FindOIDTag(&certBag->certAndCRLs[j]->BagID);
+        if (certType == SEC_OID_PKCS12_X509_CERT_CRL_BAG) {
+            SEC_PKCS12X509CertCRL *x509;
+            x509 = certBag->certAndCRLs[j]->value.x509;
+            SEC_PKCS7DestroyContentInfo(&x509->certOrCRL);
+        }
+        j++;
+    }
+}
+
+/* destroy all content infos since they were not allocated in common
+ * pool
+ */
+static void
+sec_pkcs12_destroy_cert_content_infos(SEC_PKCS12SafeContents *safe,
+                                      SEC_PKCS12Baggage *baggage)
+{
+    int i, j;
+
+    if ((safe != NULL) && (safe->contents != NULL)) {
+        i = 0;
+        while (safe->contents[i] != NULL) {
+            SECOidTag bagType = SECOID_FindOIDTag(&safe->contents[i]->safeBagType);
+            if (bagType == SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID) {
+                SEC_PKCS12CertAndCRLBag *certBag;
+                certBag = safe->contents[i]->safeContent.certAndCRLBag;
+                sec_pkcs12_destroy_cinfos_for_cert_bags(certBag);
+            }
+            i++;
+        }
+    }
+
+    if ((baggage != NULL) && (baggage->bags != NULL)) {
+        i = 0;
+        while (baggage->bags[i] != NULL) {
+            if (baggage->bags[i]->unencSecrets != NULL) {
+                j = 0;
+                while (baggage->bags[i]->unencSecrets[j] != NULL) {
+                    SECOidTag bagType;
+                    bagType = SECOID_FindOIDTag(&baggage->bags[i]->unencSecrets[j]->safeBagType);
+                    if (bagType == SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID) {
+                        SEC_PKCS12CertAndCRLBag *certBag;
+                        certBag = baggage->bags[i]->unencSecrets[j]->safeContent.certAndCRLBag;
+                        sec_pkcs12_destroy_cinfos_for_cert_bags(certBag);
+                    }
+                    j++;
+                }
+            }
+            i++;
+        }
+    }
+}
+
+/* convert the nickname list from a NULL termincated Char list
+ * to a NULL terminated SECItem list
+ */
+static SECItem **
+sec_pkcs12_convert_nickname_list(char **nicknames)
+{
+    SECItem **nicks;
+    int i, j;
+    PRBool error = PR_FALSE;
+
+    if (nicknames == NULL) {
+        return NULL;
+    }
+
+    i = j = 0;
+    while (nicknames[i] != NULL) {
+        i++;
+    }
+
+    /* allocate the space and copy the data */
+    nicks = (SECItem **)PORT_ZAlloc(sizeof(SECItem *) * (i + 1));
+    if (nicks != NULL) {
+        for (j = 0; ((j < i) && (error == PR_FALSE)); j++) {
+            nicks[j] = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+            if (nicks[j] != NULL) {
+                nicks[j]->data =
+                    (unsigned char *)PORT_ZAlloc(PORT_Strlen(nicknames[j]) + 1);
+                if (nicks[j]->data != NULL) {
+                    nicks[j]->len = PORT_Strlen(nicknames[j]);
+                    PORT_Memcpy(nicks[j]->data, nicknames[j], nicks[j]->len);
+                    nicks[j]->data[nicks[j]->len] = 0;
+                } else {
+                    error = PR_TRUE;
+                }
+            } else {
+                error = PR_TRUE;
+            }
+        }
+    }
+
+    if (error == PR_TRUE) {
+        for (i = 0; i < j; i++) {
+            SECITEM_FreeItem(nicks[i], PR_TRUE);
+        }
+        PORT_Free(nicks);
+        nicks = NULL;
+    }
+
+    return nicks;
+}
+
+/* package the certificate add_cert into PKCS12 structures,
+ * retrieve the certificate chain for the cert and return
+ * the packaged contents.
+ * poolp -- common memory pool;
+ * add_cert -- certificate to package up
+ * nickname for the certificate
+ * a return of NULL indicates an error
+ */
+static SEC_PKCS12CertAndCRL *
+sec_pkcs12_get_cert(PLArenaPool *poolp,
+                    CERTCertificate *add_cert,
+                    SECItem *nickname)
+{
+    SEC_PKCS12CertAndCRL *cert;
+    SEC_PKCS7ContentInfo *cinfo;
+    SGNDigestInfo *t_di;
+    void *mark;
+    SECStatus rv;
+
+    if ((poolp == NULL) || (add_cert == NULL) || (nickname == NULL)) {
+        return NULL;
+    }
+    mark = PORT_ArenaMark(poolp);
+
+    cert = sec_pkcs12_new_cert_crl(poolp, SEC_OID_PKCS12_X509_CERT_CRL_BAG);
+    if (cert != NULL) {
+
+        /* copy the nickname */
+        rv = SECITEM_CopyItem(poolp, &cert->nickname, nickname);
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            cert = NULL;
+        } else {
+
+            /* package the certificate and cert chain into a NULL signer
+             * PKCS 7 SignedData content Info and prepare it for encoding
+             * since we cannot use DER_ANY_TEMPLATE
+             */
+            cinfo = SEC_PKCS7CreateCertsOnly(add_cert, PR_TRUE, NULL);
+            rv = SEC_PKCS7PrepareForEncode(cinfo, NULL, NULL, NULL);
+
+            /* thumbprint the certificate */
+            if ((cinfo != NULL) && (rv == SECSuccess)) {
+                PORT_Memcpy(&cert->value.x509->certOrCRL, cinfo, sizeof(*cinfo));
+                t_di = sec_pkcs12_compute_thumbprint(&add_cert->derCert);
+                if (t_di != NULL) {
+                    /* test */
+                    rv = SGN_CopyDigestInfo(poolp, &cert->value.x509->thumbprint,
+                                            t_di);
+                    if (rv != SECSuccess) {
+                        cert = NULL;
+                        PORT_SetError(SEC_ERROR_NO_MEMORY);
+                    }
+                    SGN_DestroyDigestInfo(t_di);
+                } else
+                    cert = NULL;
+            }
+        }
+    }
+
+    if (cert == NULL) {
+        PORT_ArenaRelease(poolp, mark);
+    } else {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+
+    return cert;
+}
+
+/* package the private key associated with the certificate and
+ * return the appropriate PKCS 12 structure
+ * poolp common memory pool
+ * nickname key nickname
+ * cert -- cert to look up
+ * wincx -- window handle
+ * an error is indicated by a return of NULL
+ */
+static SEC_PKCS12PrivateKey *
+sec_pkcs12_get_private_key(PLArenaPool *poolp,
+                           SECItem *nickname,
+                           CERTCertificate *cert,
+                           void *wincx)
+{
+    SECKEYPrivateKeyInfo *pki;
+    SEC_PKCS12PrivateKey *pk;
+    SECStatus rv;
+    void *mark;
+
+    if ((poolp == NULL) || (nickname == NULL)) {
+        return NULL;
+    }
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* retrieve key from the data base */
+    pki = PK11_ExportPrivateKeyInfo(nickname, cert, wincx);
+    if (pki == NULL) {
+        PORT_ArenaRelease(poolp, mark);
+        PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
+        return NULL;
+    }
+
+    pk = (SEC_PKCS12PrivateKey *)PORT_ArenaZAlloc(poolp,
+                                                  sizeof(SEC_PKCS12PrivateKey));
+    if (pk != NULL) {
+        rv = sec_pkcs12_init_pvk_data(poolp, &pk->pvkData);
+
+        if (rv == SECSuccess) {
+            /* copy the key into poolp memory space */
+            rv = SECKEY_CopyPrivateKeyInfo(poolp, &pk->pkcs8data, pki);
+            if (rv == SECSuccess) {
+                rv = SECITEM_CopyItem(poolp, &pk->pvkData.nickname, nickname);
+            }
+        }
+
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            pk = NULL;
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    /* destroy private key, zeroing out data */
+    SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE);
+    if (pk == NULL) {
+        PORT_ArenaRelease(poolp, mark);
+    } else {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+
+    return pk;
+}
+
+/* get a shrouded key item associated with a certificate
+ * return the appropriate PKCS 12 structure
+ * poolp common memory pool
+ * nickname key nickname
+ * cert -- cert to look up
+ * wincx -- window handle
+ * an error is indicated by a return of NULL
+ */
+static SEC_PKCS12ESPVKItem *
+sec_pkcs12_get_shrouded_key(PLArenaPool *poolp,
+                            SECItem *nickname,
+                            CERTCertificate *cert,
+                            SECOidTag algorithm,
+                            SECItem *pwitem,
+                            PKCS12UnicodeConvertFunction unicodeFn,
+                            void *wincx)
+{
+    SECKEYEncryptedPrivateKeyInfo *epki;
+    SEC_PKCS12ESPVKItem *pk;
+    void *mark;
+    SECStatus rv;
+    PK11SlotInfo *slot = NULL;
+    PRBool swapUnicodeBytes = PR_FALSE;
+
+#ifdef IS_LITTLE_ENDIAN
+    swapUnicodeBytes = PR_TRUE;
+#endif
+
+    if ((poolp == NULL) || (nickname == NULL))
+        return NULL;
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* use internal key slot */
+    slot = PK11_GetInternalKeySlot();
+
+    /* retrieve encrypted prviate key */
+    epki = PK11_ExportEncryptedPrivateKeyInfo(slot, algorithm, pwitem,
+                                              nickname, cert, 1, 0, NULL);
+    PK11_FreeSlot(slot);
+    if (epki == NULL) {
+        PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY);
+        PORT_ArenaRelease(poolp, mark);
+        return NULL;
+    }
+
+    /* create a private key and store the data into the poolp memory space */
+    pk = sec_pkcs12_create_espvk(poolp, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING);
+    if (pk != NULL) {
+        rv = sec_pkcs12_init_pvk_data(poolp, &pk->espvkData);
+        rv = SECITEM_CopyItem(poolp, &pk->espvkData.nickname, nickname);
+        pk->espvkCipherText.pkcs8KeyShroud =
+            (SECKEYEncryptedPrivateKeyInfo *)PORT_ArenaZAlloc(poolp,
+                                                              sizeof(SECKEYEncryptedPrivateKeyInfo));
+        if ((pk->espvkCipherText.pkcs8KeyShroud != NULL) && (rv == SECSuccess)) {
+            rv = SECKEY_CopyEncryptedPrivateKeyInfo(poolp,
+                                                    pk->espvkCipherText.pkcs8KeyShroud, epki);
+            if (rv == SECSuccess) {
+                rv = (*unicodeFn)(poolp, &pk->espvkData.uniNickName, nickname,
+                                  PR_TRUE, swapUnicodeBytes);
+            }
+        }
+
+        if (rv != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            pk = NULL;
+        }
+    }
+
+    SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
+    if (pk == NULL) {
+        PORT_ArenaRelease(poolp, mark);
+    } else {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+
+    return pk;
+}
+
+/* add a thumbprint to a private key associated certs list
+ * pvk is the area where the list is stored
+ * thumb is the thumbprint to copy
+ * a return of SECFailure indicates an error
+ */
+static SECStatus
+sec_pkcs12_add_thumbprint(SEC_PKCS12PVKSupportingData *pvk,
+                          SGNDigestInfo *thumb)
+{
+    SGNDigestInfo **thumb_list = NULL;
+    int nthumbs, size;
+    void *mark, *dummy;
+    SECStatus rv = SECFailure;
+
+    if ((pvk == NULL) || (thumb == NULL)) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(pvk->poolp);
+
+    thumb_list = pvk->assocCerts;
+    nthumbs = pvk->nThumbs;
+
+    /* allocate list space needed -- either growing or allocating
+     * list must be NULL terminated
+     */
+    size = sizeof(SGNDigestInfo *);
+    dummy = PORT_ArenaGrow(pvk->poolp, thumb_list, (size * (nthumbs + 1)),
+                           (size * (nthumbs + 2)));
+    thumb_list = dummy;
+    if (dummy != NULL) {
+        thumb_list[nthumbs] = (SGNDigestInfo *)PORT_ArenaZAlloc(pvk->poolp,
+                                                                sizeof(SGNDigestInfo));
+        if (thumb_list[nthumbs] != NULL) {
+            SGN_CopyDigestInfo(pvk->poolp, thumb_list[nthumbs], thumb);
+            nthumbs += 1;
+            thumb_list[nthumbs] = 0;
+        } else {
+            dummy = NULL;
+        }
+    }
+
+    if (dummy == NULL) {
+        PORT_ArenaRelease(pvk->poolp, mark);
+        return SECFailure;
+    }
+
+    pvk->assocCerts = thumb_list;
+    pvk->nThumbs = nthumbs;
+
+    PORT_ArenaUnmark(pvk->poolp, mark);
+    return SECSuccess;
+}
+
+/* search the list of shrouded keys in the baggage for the desired
+ * name.  return a pointer to the item.  a return of NULL indicates
+ * that no match was present or that an error occurred.
+ */
+static SEC_PKCS12ESPVKItem *
+sec_pkcs12_get_espvk_by_name(SEC_PKCS12Baggage *luggage,
+                             SECItem *name)
+{
+    PRBool found = PR_FALSE;
+    SEC_PKCS12ESPVKItem *espvk = NULL;
+    int i, j;
+    SECComparison rv = SECEqual;
+    SECItem *t_name;
+    SEC_PKCS12BaggageItem *bag;
+
+    if ((luggage == NULL) || (name == NULL)) {
+        return NULL;
+    }
+
+    i = 0;
+    while ((found == PR_FALSE) && (i < luggage->luggage_size)) {
+        j = 0;
+        bag = luggage->bags[i];
+        while ((found == PR_FALSE) && (j < bag->nEspvks)) {
+            espvk = bag->espvks[j];
+            if (espvk->poolp == NULL) {
+                espvk->poolp = luggage->poolp;
+            }
+            t_name = SECITEM_DupItem(&espvk->espvkData.nickname);
+            if (t_name != NULL) {
+                rv = SECITEM_CompareItem(name, t_name);
+                if (rv == SECEqual) {
+                    found = PR_TRUE;
+                }
+                SECITEM_FreeItem(t_name, PR_TRUE);
+            } else {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                return NULL;
+            }
+            j++;
+        }
+        i++;
+    }
+
+    if (found != PR_TRUE) {
+        PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME);
+        return NULL;
+    }
+
+    return espvk;
+}
+
+/* locates a certificate and copies the thumbprint to the
+ * appropriate private key
+ */
+static SECStatus
+sec_pkcs12_propagate_thumbprints(SECItem **nicknames,
+                                 CERTCertificate **ref_certs,
+                                 SEC_PKCS12SafeContents *safe,
+                                 SEC_PKCS12Baggage *baggage)
+{
+    SEC_PKCS12CertAndCRL *cert;
+    SEC_PKCS12PrivateKey *key;
+    SEC_PKCS12ESPVKItem *espvk;
+    int i;
+    PRBool error = PR_FALSE;
+    SECStatus rv = SECFailure;
+
+    if ((nicknames == NULL) || (safe == NULL)) {
+        return SECFailure;
+    }
+
+    i = 0;
+    while ((nicknames[i] != NULL) && (error == PR_FALSE)) {
+        /* process all certs */
+        cert = (SEC_PKCS12CertAndCRL *)sec_pkcs12_find_object(safe, baggage,
+                                                              SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
+                                                              nicknames[i], NULL);
+        if (cert != NULL) {
+            /* locate key and copy thumbprint */
+            key = (SEC_PKCS12PrivateKey *)sec_pkcs12_find_object(safe, baggage,
+                                                                 SEC_OID_PKCS12_KEY_BAG_ID,
+                                                                 nicknames[i], NULL);
+            if (key != NULL) {
+                key->pvkData.poolp = key->poolp;
+                rv = sec_pkcs12_add_thumbprint(&key->pvkData,
+                                               &cert->value.x509->thumbprint);
+                if (rv == SECFailure)
+                    error = PR_TRUE; /* XXX Set error? */
+            }
+
+            /* look in the baggage as well...*/
+            if ((baggage != NULL) && (error == PR_FALSE)) {
+                espvk = sec_pkcs12_get_espvk_by_name(baggage, nicknames[i]);
+                if (espvk != NULL) {
+                    espvk->espvkData.poolp = espvk->poolp;
+                    rv = sec_pkcs12_add_thumbprint(&espvk->espvkData,
+                                                   &cert->value.x509->thumbprint);
+                    if (rv == SECFailure)
+                        error = PR_TRUE; /* XXX Set error? */
+                }
+            }
+        }
+        i++;
+    }
+
+    if (error == PR_TRUE) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* append a safe bag to the end of the safe contents list */
+SECStatus
+sec_pkcs12_append_safe_bag(SEC_PKCS12SafeContents *safe,
+                           SEC_PKCS12SafeBag *bag)
+{
+    int size;
+    void *mark = NULL, *dummy = NULL;
+
+    if ((bag == NULL) || (safe == NULL))
+        return SECFailure;
+
+    mark = PORT_ArenaMark(safe->poolp);
+
+    size = (safe->safe_size * sizeof(SEC_PKCS12SafeBag *));
+
+    if (safe->safe_size > 0) {
+        dummy = (SEC_PKCS12SafeBag **)PORT_ArenaGrow(safe->poolp,
+                                                     safe->contents,
+                                                     size,
+                                                     (size + sizeof(SEC_PKCS12SafeBag *)));
+        safe->contents = dummy;
+    } else {
+        safe->contents = (SEC_PKCS12SafeBag **)PORT_ArenaZAlloc(safe->poolp,
+                                                                (2 * sizeof(SEC_PKCS12SafeBag *)));
+        dummy = safe->contents;
+    }
+
+    if (dummy == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    safe->contents[safe->safe_size] = bag;
+    safe->safe_size++;
+    safe->contents[safe->safe_size] = NULL;
+
+    PORT_ArenaUnmark(safe->poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(safe->poolp, mark);
+    return SECFailure;
+}
+
+/* append a certificate onto the end of a cert bag */
+static SECStatus
+sec_pkcs12_append_cert_to_bag(PLArenaPool *arena,
+                              SEC_PKCS12SafeBag *safebag,
+                              CERTCertificate *cert,
+                              SECItem *nickname)
+{
+    int size;
+    void *dummy = NULL, *mark = NULL;
+    SEC_PKCS12CertAndCRL *p12cert;
+    SEC_PKCS12CertAndCRLBag *bag;
+
+    if ((arena == NULL) || (safebag == NULL) ||
+        (cert == NULL) || (nickname == NULL)) {
+        return SECFailure;
+    }
+
+    bag = safebag->safeContent.certAndCRLBag;
+    if (bag == NULL) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(arena);
+
+    p12cert = sec_pkcs12_get_cert(arena, cert, nickname);
+    if (p12cert == NULL) {
+        PORT_ArenaRelease(bag->poolp, mark);
+        return SECFailure;
+    }
+
+    size = bag->bag_size * sizeof(SEC_PKCS12CertAndCRL *);
+    if (bag->bag_size > 0) {
+        dummy = (SEC_PKCS12CertAndCRL **)PORT_ArenaGrow(bag->poolp,
+                                                        bag->certAndCRLs,
+                                                        size,
+                                                        size + sizeof(SEC_PKCS12CertAndCRL *));
+        bag->certAndCRLs = dummy;
+    } else {
+        bag->certAndCRLs = (SEC_PKCS12CertAndCRL **)PORT_ArenaZAlloc(bag->poolp,
+                                                                     (2 * sizeof(SEC_PKCS12CertAndCRL *)));
+        dummy = bag->certAndCRLs;
+    }
+
+    if (dummy == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    bag->certAndCRLs[bag->bag_size] = p12cert;
+    bag->bag_size++;
+    bag->certAndCRLs[bag->bag_size] = NULL;
+
+    PORT_ArenaUnmark(bag->poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(bag->poolp, mark);
+    return SECFailure;
+}
+
+/* append a key onto the end of a list of keys in a key bag */
+SECStatus
+sec_pkcs12_append_key_to_bag(SEC_PKCS12SafeBag *safebag,
+                             SEC_PKCS12PrivateKey *pk)
+{
+    void *mark, *dummy;
+    SEC_PKCS12PrivateKeyBag *bag;
+    int size;
+
+    if ((safebag == NULL) || (pk == NULL))
+        return SECFailure;
+
+    bag = safebag->safeContent.keyBag;
+    if (bag == NULL) {
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(bag->poolp);
+
+    size = (bag->bag_size * sizeof(SEC_PKCS12PrivateKey *));
+
+    if (bag->bag_size > 0) {
+        dummy = (SEC_PKCS12PrivateKey **)PORT_ArenaGrow(bag->poolp,
+                                                        bag->privateKeys,
+                                                        size,
+                                                        size + sizeof(SEC_PKCS12PrivateKey *));
+        bag->privateKeys = dummy;
+    } else {
+        bag->privateKeys = (SEC_PKCS12PrivateKey **)PORT_ArenaZAlloc(bag->poolp,
+                                                                     (2 * sizeof(SEC_PKCS12PrivateKey *)));
+        dummy = bag->privateKeys;
+    }
+
+    if (dummy == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    bag->privateKeys[bag->bag_size] = pk;
+    bag->bag_size++;
+    bag->privateKeys[bag->bag_size] = NULL;
+
+    PORT_ArenaUnmark(bag->poolp, mark);
+    return SECSuccess;
+
+loser:
+    /* XXX Free memory? */
+    PORT_ArenaRelease(bag->poolp, mark);
+    return SECFailure;
+}
+
+/* append a safe bag to the baggage area */
+static SECStatus
+sec_pkcs12_append_unshrouded_bag(SEC_PKCS12BaggageItem *bag,
+                                 SEC_PKCS12SafeBag *u_bag)
+{
+    int size;
+    void *mark = NULL, *dummy = NULL;
+
+    if ((bag == NULL) || (u_bag == NULL))
+        return SECFailure;
+
+    mark = PORT_ArenaMark(bag->poolp);
+
+    /* dump things into the first bag */
+    size = (bag->nSecrets + 1) * sizeof(SEC_PKCS12SafeBag *);
+    dummy = PORT_ArenaGrow(bag->poolp,
+                           bag->unencSecrets, size,
+                           size + sizeof(SEC_PKCS12SafeBag *));
+    bag->unencSecrets = dummy;
+    if (dummy == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    bag->unencSecrets[bag->nSecrets] = u_bag;
+    bag->nSecrets++;
+    bag->unencSecrets[bag->nSecrets] = NULL;
+
+    PORT_ArenaUnmark(bag->poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(bag->poolp, mark);
+    return SECFailure;
+}
+
+/* gather up all certificates and keys and package them up
+ * in the safe, baggage, or both.
+ * nicknames is the list of nicknames and corresponding certs in ref_certs
+ * ref_certs a null terminated list of certificates
+ * rSafe, rBaggage -- return areas for safe and baggage
+ * shroud_keys -- store keys externally
+ * pwitem -- password for computing integrity mac and encrypting contents
+ * wincx -- window handle
+ *
+ * if a failure occurs, an error is set and SECFailure returned.
+ */
+static SECStatus
+sec_pkcs12_package_certs_and_keys(SECItem **nicknames,
+                                  CERTCertificate **ref_certs,
+                                  PRBool unencryptedCerts,
+                                  SEC_PKCS12SafeContents **rSafe,
+                                  SEC_PKCS12Baggage **rBaggage,
+                                  PRBool shroud_keys,
+                                  SECOidTag shroud_alg,
+                                  SECItem *pwitem,
+                                  PKCS12UnicodeConvertFunction unicodeFn,
+                                  void *wincx)
+{
+    PLArenaPool *permArena;
+    SEC_PKCS12SafeContents *safe = NULL;
+    SEC_PKCS12Baggage *baggage = NULL;
+
+    SECStatus rv = SECFailure;
+    PRBool problem = PR_FALSE;
+
+    SEC_PKCS12ESPVKItem *espvk = NULL;
+    SEC_PKCS12PrivateKey *pk = NULL;
+    CERTCertificate *add_cert = NULL;
+    SEC_PKCS12SafeBag *certbag = NULL, *keybag = NULL;
+    SEC_PKCS12BaggageItem *external_bag = NULL;
+    int ncerts = 0, nkeys = 0;
+    int i;
+
+    if ((nicknames == NULL) || (rSafe == NULL) || (rBaggage == NULL)) {
+        return SECFailure;
+    }
+
+    *rBaggage = baggage;
+    *rSafe = safe;
+
+    permArena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (permArena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    /* allocate structures */
+    safe = sec_pkcs12_create_safe_contents(permArena);
+    if (safe == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
+        goto loser;
+    }
+
+    certbag = sec_pkcs12_create_safe_bag(permArena,
+                                         SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID);
+    if (certbag == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    if (shroud_keys != PR_TRUE) {
+        keybag = sec_pkcs12_create_safe_bag(permArena,
+                                            SEC_OID_PKCS12_KEY_BAG_ID);
+        if (keybag == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    if ((shroud_keys == PR_TRUE) || (unencryptedCerts == PR_TRUE)) {
+        baggage = sec_pkcs12_create_baggage(permArena);
+        if (baggage == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
+        external_bag = sec_pkcs12_create_external_bag(baggage);
+    }
+
+    /* package keys and certs */
+    i = 0;
+    while ((nicknames[i] != NULL) && (problem == PR_FALSE)) {
+        if (ref_certs[i] != NULL) {
+            /* append cert to bag o certs */
+            rv = sec_pkcs12_append_cert_to_bag(permArena, certbag,
+                                               ref_certs[i],
+                                               nicknames[i]);
+            if (rv == SECFailure) {
+                problem = PR_FALSE;
+            } else {
+                ncerts++;
+            }
+
+            if (rv == SECSuccess) {
+                /* package up them keys */
+                if (shroud_keys == PR_TRUE) {
+                    espvk = sec_pkcs12_get_shrouded_key(permArena,
+                                                        nicknames[i],
+                                                        ref_certs[i],
+                                                        shroud_alg,
+                                                        pwitem, unicodeFn,
+                                                        wincx);
+                    if (espvk != NULL) {
+                        rv = sec_pkcs12_append_shrouded_key(external_bag, espvk);
+                        SECITEM_CopyItem(permArena, &espvk->derCert,
+                                         &ref_certs[i]->derCert);
+                    } else {
+                        rv = SECFailure;
+                    }
+                } else {
+                    pk = sec_pkcs12_get_private_key(permArena, nicknames[i],
+                                                    ref_certs[i], wincx);
+                    if (pk != NULL) {
+                        rv = sec_pkcs12_append_key_to_bag(keybag, pk);
+                        SECITEM_CopyItem(permArena, &espvk->derCert,
+                                         &ref_certs[i]->derCert);
+                    } else {
+                        rv = SECFailure;
+                    }
+                }
+
+                if (rv == SECFailure) {
+                    problem = PR_TRUE;
+                } else {
+                    nkeys++;
+                }
+            }
+        } else {
+            /* handle only keys here ? */
+            problem = PR_TRUE;
+        }
+        i++;
+    }
+
+/* let success fall through */
+loser:
+    if (problem == PR_FALSE) {
+        /* if we have certs, we want to append the cert bag to the
+         * appropriate area
+         */
+        if (ncerts > 0) {
+            if (unencryptedCerts != PR_TRUE) {
+                rv = sec_pkcs12_append_safe_bag(safe, certbag);
+            } else {
+                rv = sec_pkcs12_append_unshrouded_bag(external_bag, certbag);
+            }
+        } else {
+            rv = SECSuccess;
+        }
+
+        /* append key bag, if they are stored in safe contents */
+        if ((rv == SECSuccess) && (shroud_keys == PR_FALSE) && (nkeys > 0)) {
+            rv = sec_pkcs12_append_safe_bag(safe, keybag);
+        }
+    } else {
+        rv = SECFailure;
+    }
+
+    /* if baggage not used, NULLify it */
+    if ((shroud_keys == PR_TRUE) || (unencryptedCerts == PR_TRUE)) {
+        if (((unencryptedCerts == PR_TRUE) && (ncerts == 0)) &&
+            ((shroud_keys == PR_TRUE) && (nkeys == 0)))
+            baggage = NULL;
+    } else {
+        baggage = NULL;
+    }
+
+    if ((problem == PR_TRUE) || (rv == SECFailure)) {
+        PORT_FreeArena(permArena, PR_TRUE);
+        rv = SECFailure;
+        baggage = NULL;
+        safe = NULL;
+    }
+
+    *rBaggage = baggage;
+    *rSafe = safe;
+
+    return rv;
+}
+
+/* DER encode the safe contents and return a SECItem.  if an error
+ * occurs, NULL is returned.
+ */
+static SECItem *
+sec_pkcs12_encode_safe_contents(SEC_PKCS12SafeContents *safe)
+{
+    SECItem *dsafe = NULL, *tsafe;
+    void *dummy = NULL;
+    PLArenaPool *arena;
+
+    if (safe == NULL) {
+        return NULL;
+    }
+
+    /*    rv = sec_pkcs12_prepare_for_der_code_safe(safe, PR_TRUE);
+    if(rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }*/
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    tsafe = (SECItem *)PORT_ArenaZAlloc(arena, sizeof(SECItem));
+    if (tsafe != NULL) {
+        dummy = SEC_ASN1EncodeItem(arena, tsafe, safe,
+                                   SEC_PKCS12SafeContentsTemplate);
+        if (dummy != NULL) {
+            dsafe = SECITEM_DupItem(tsafe);
+        } else {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    PORT_FreeArena(arena, PR_TRUE);
+
+    return dsafe;
+}
+
+/* prepare the authenicated safe for encoding and encode it.
+ *   baggage is copied to the appropriate area, safe is encoded and
+ *   encrypted.  the version and transport mode are set on the asafe.
+ *   the whole ball of wax is then der encoded and packaged up into
+ *   data content info
+ * safe -- container of certs and keys, is encrypted.
+ * baggage -- container of certs and keys, keys assumed to be encrypted by
+ *    another method, certs are in the clear
+ * algorithm -- algorithm by which to encrypt safe
+ * pwitem -- password for encryption
+ * wincx - window handle
+ *
+ * return of NULL is an error condition.
+ */
+static SEC_PKCS7ContentInfo *
+sec_pkcs12_get_auth_safe(SEC_PKCS12SafeContents *safe,
+                         SEC_PKCS12Baggage *baggage,
+                         SECOidTag algorithm,
+                         SECItem *pwitem,
+                         PKCS12UnicodeConvertFunction unicodeFn,
+                         void *wincx)
+{
+    SECItem *src = NULL, *dest = NULL, *psalt = NULL;
+    PLArenaPool *poolp;
+    SEC_PKCS12AuthenticatedSafe *asafe;
+    SEC_PKCS7ContentInfo *safe_cinfo = NULL;
+    SEC_PKCS7ContentInfo *asafe_cinfo = NULL;
+    void *dummy;
+    SECStatus rv = SECSuccess;
+    PRBool swapUnicodeBytes = PR_FALSE;
+
+#ifdef IS_LITTLE_ENDIAN
+    swapUnicodeBytes = PR_TRUE;
+#endif
+
+    if (((safe != NULL) && (pwitem == NULL)) && (baggage == NULL))
+        return NULL;
+
+    poolp = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (poolp == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    /* prepare authenticated safe for encode */
+    asafe = sec_pkcs12_new_asafe(poolp);
+    if (asafe != NULL) {
+
+        /* set version */
+        dummy = SEC_ASN1EncodeInteger(asafe->poolp, &asafe->version,
+                                      SEC_PKCS12_PFX_VERSION);
+        if (dummy == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* generate the privacy salt used to create virtual pwd */
+        psalt = sec_pkcs12_generate_salt();
+        if (psalt != NULL) {
+            rv = SECITEM_CopyItem(asafe->poolp, &asafe->privacySalt,
+                                  psalt);
+            if (rv == SECSuccess) {
+                asafe->privacySalt.len *= 8;
+            } else {
+                SECITEM_ZfreeItem(psalt, PR_TRUE);
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+        }
+
+        if ((psalt == NULL) || (rv == SECFailure)) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* package up safe contents */
+        if (safe != NULL) {
+            safe_cinfo = SEC_PKCS7CreateEncryptedData(algorithm, NULL, wincx);
+            if ((safe_cinfo != NULL) && (safe->safe_size > 0)) {
+                /* encode the safe and encrypt the contents of the
+                 * content info
+                 */
+                src = sec_pkcs12_encode_safe_contents(safe);
+
+                if (src != NULL) {
+                    rv = SEC_PKCS7SetContent(safe_cinfo, (char *)src->data, src->len);
+                    SECITEM_ZfreeItem(src, PR_TRUE);
+                    if (rv == SECSuccess) {
+                        SECItem *vpwd;
+                        vpwd = sec_pkcs12_create_virtual_password(pwitem, psalt,
+                                                                  unicodeFn, swapUnicodeBytes);
+                        if (vpwd != NULL) {
+                            rv = SEC_PKCS7EncryptContents(NULL, safe_cinfo,
+                                                          vpwd, wincx);
+                            SECITEM_ZfreeItem(vpwd, PR_TRUE);
+                        } else {
+                            rv = SECFailure;
+                            PORT_SetError(SEC_ERROR_NO_MEMORY);
+                        }
+                    } else {
+                        PORT_SetError(SEC_ERROR_NO_MEMORY);
+                    }
+                } else {
+                    rv = SECFailure;
+                }
+            } else if (safe->safe_size > 0) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            } else {
+                /* case where there is NULL content in the safe contents */
+                rv = SEC_PKCS7SetContent(safe_cinfo, NULL, 0);
+                if (rv != SECFailure) {
+                    PORT_SetError(SEC_ERROR_NO_MEMORY);
+                }
+            }
+
+            if (rv != SECSuccess) {
+                SEC_PKCS7DestroyContentInfo(safe_cinfo);
+                safe_cinfo = NULL;
+                goto loser;
+            }
+
+            asafe->safe = safe_cinfo;
+            /*
+            PORT_Memcpy(&asafe->safe, safe_cinfo, sizeof(*safe_cinfo));
+            */
+        }
+
+        /* copy the baggage to the authenticated safe baggage if present */
+        if (baggage != NULL) {
+            PORT_Memcpy(&asafe->baggage, baggage, sizeof(*baggage));
+        }
+
+        /* encode authenticated safe and store it in a Data content info */
+        dest = (SECItem *)PORT_ArenaZAlloc(poolp, sizeof(SECItem));
+        if (dest != NULL) {
+            dummy = SEC_ASN1EncodeItem(poolp, dest, asafe,
+                                       SEC_PKCS12AuthenticatedSafeTemplate);
+            if (dummy != NULL) {
+                asafe_cinfo = SEC_PKCS7CreateData();
+                if (asafe_cinfo != NULL) {
+                    rv = SEC_PKCS7SetContent(asafe_cinfo,
+                                             (char *)dest->data,
+                                             dest->len);
+                    if (rv != SECSuccess) {
+                        PORT_SetError(SEC_ERROR_NO_MEMORY);
+                        SEC_PKCS7DestroyContentInfo(asafe_cinfo);
+                        asafe_cinfo = NULL;
+                    }
+                }
+            } else {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                rv = SECFailure;
+            }
+        }
+    }
+
+loser:
+    PORT_FreeArena(poolp, PR_TRUE);
+    if (safe_cinfo != NULL) {
+        SEC_PKCS7DestroyContentInfo(safe_cinfo);
+    }
+    if (psalt != NULL) {
+        SECITEM_ZfreeItem(psalt, PR_TRUE);
+    }
+
+    if (rv == SECFailure) {
+        return NULL;
+    }
+
+    return asafe_cinfo;
+}
+
+/* generates the PFX and computes the mac on the authenticated safe
+ * NULL implies an error
+ */
+static SEC_PKCS12PFXItem *
+sec_pkcs12_get_pfx(SEC_PKCS7ContentInfo *cinfo,
+                   PRBool do_mac,
+                   SECItem *pwitem, PKCS12UnicodeConvertFunction unicodeFn)
+{
+    SECItem *dest = NULL, *mac = NULL, *salt = NULL, *key = NULL;
+    SEC_PKCS12PFXItem *pfx;
+    SECStatus rv = SECFailure;
+    SGNDigestInfo *di;
+    SECItem *vpwd;
+    PRBool swapUnicodeBytes = PR_FALSE;
+
+#ifdef IS_LITTLE_ENDIAN
+    swapUnicodeBytes = PR_TRUE;
+#endif
+
+    if ((cinfo == NULL) || ((do_mac == PR_TRUE) && (pwitem == NULL))) {
+        return NULL;
+    }
+
+    /* allocate new pfx structure */
+    pfx = sec_pkcs12_new_pfx();
+    if (pfx == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    PORT_Memcpy(&pfx->authSafe, cinfo, sizeof(*cinfo));
+    if (do_mac == PR_TRUE) {
+
+        /* salt for computing mac */
+        salt = sec_pkcs12_generate_salt();
+        if (salt != NULL) {
+            rv = SECITEM_CopyItem(pfx->poolp, &pfx->macData.macSalt, salt);
+            pfx->macData.macSalt.len *= 8;
+
+            vpwd = sec_pkcs12_create_virtual_password(pwitem, salt,
+                                                      unicodeFn, swapUnicodeBytes);
+            if (vpwd == NULL) {
+                rv = SECFailure;
+                key = NULL;
+            } else {
+                key = sec_pkcs12_generate_key_from_password(SEC_OID_SHA1,
+                                                            salt, vpwd);
+                SECITEM_ZfreeItem(vpwd, PR_TRUE);
+            }
+
+            if ((key != NULL) && (rv == SECSuccess)) {
+                dest = SEC_PKCS7GetContent(cinfo);
+                if (dest != NULL) {
+
+                    /* compute mac on data -- for password integrity mode */
+                    mac = sec_pkcs12_generate_mac(key, dest, PR_FALSE);
+                    if (mac != NULL) {
+                        di = SGN_CreateDigestInfo(SEC_OID_SHA1,
+                                                  mac->data, mac->len);
+                        if (di != NULL) {
+                            rv = SGN_CopyDigestInfo(pfx->poolp,
+                                                    &pfx->macData.safeMac, di);
+                            SGN_DestroyDigestInfo(di);
+                        } else {
+                            PORT_SetError(SEC_ERROR_NO_MEMORY);
+                        }
+                        SECITEM_ZfreeItem(mac, PR_TRUE);
+                    }
+                } else {
+                    rv = SECFailure;
+                }
+            } else {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                rv = SECFailure;
+            }
+
+            if (key != NULL) {
+                SECITEM_ZfreeItem(key, PR_TRUE);
+            }
+            SECITEM_ZfreeItem(salt, PR_TRUE);
+        }
+    }
+
+    if (rv == SECFailure) {
+        SEC_PKCS12DestroyPFX(pfx);
+        pfx = NULL;
+    }
+
+    return pfx;
+}
+
+/* der encode the pfx */
+static SECItem *
+sec_pkcs12_encode_pfx(SEC_PKCS12PFXItem *pfx)
+{
+    SECItem *dest;
+    void *dummy;
+
+    if (pfx == NULL) {
+        return NULL;
+    }
+
+    dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (dest == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    dummy = SEC_ASN1EncodeItem(NULL, dest, pfx, SEC_PKCS12PFXItemTemplate);
+    if (dummy == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        SECITEM_ZfreeItem(dest, PR_TRUE);
+        dest = NULL;
+    }
+
+    return dest;
+}
+
+SECItem *
+SEC_PKCS12GetPFX(char **nicknames,
+                 CERTCertificate **ref_certs,
+                 PRBool shroud_keys,
+                 SEC_PKCS5GetPBEPassword pbef,
+                 void *pbearg,
+                 PKCS12UnicodeConvertFunction unicodeFn,
+                 void *wincx)
+{
+    SECItem **nicks = NULL;
+    SEC_PKCS12PFXItem *pfx = NULL;
+    SEC_PKCS12Baggage *baggage = NULL;
+    SEC_PKCS12SafeContents *safe = NULL;
+    SEC_PKCS7ContentInfo *cinfo = NULL;
+    SECStatus rv = SECFailure;
+    SECItem *dest = NULL, *pwitem = NULL;
+    PRBool problem = PR_FALSE;
+    PRBool unencryptedCerts;
+    SECOidTag shroud_alg, safe_alg;
+
+    /* how should we encrypt certs ? */
+    unencryptedCerts = !SEC_PKCS12IsEncryptionAllowed();
+    if (!unencryptedCerts) {
+        safe_alg = SEC_PKCS12GetPreferredEncryptionAlgorithm();
+        if (safe_alg == SEC_OID_UNKNOWN) {
+            safe_alg = SEC_PKCS12GetStrongestAllowedAlgorithm();
+        }
+        if (safe_alg == SEC_OID_UNKNOWN) {
+            unencryptedCerts = PR_TRUE;
+            /* for export where no encryption is allowed, we still need
+             * to encrypt the NULL contents per the spec.  encrypted info
+             * is known plaintext, so it shouldn't be a problem.
+             */
+            safe_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+        }
+    } else {
+        /* for export where no encryption is allowed, we still need
+         * to encrypt the NULL contents per the spec.  encrypted info
+         * is known plaintext, so it shouldn't be a problem.
+         */
+        safe_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC;
+    }
+
+    /* keys are always stored with triple DES */
+    shroud_alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
+
+    /* check for FIPS, if so, do not encrypt certs */
+    if (PK11_IsFIPS() && !unencryptedCerts) {
+        unencryptedCerts = PR_TRUE;
+    }
+
+    if ((nicknames == NULL) || (pbef == NULL) || (ref_certs == NULL)) {
+        problem = PR_TRUE;
+        goto loser;
+    }
+
+    /* get password */
+    pwitem = (*pbef)(pbearg);
+    if (pwitem == NULL) {
+        problem = PR_TRUE;
+        goto loser;
+    }
+    nicks = sec_pkcs12_convert_nickname_list(nicknames);
+
+    /* get safe and baggage */
+    rv = sec_pkcs12_package_certs_and_keys(nicks, ref_certs, unencryptedCerts,
+                                           &safe, &baggage, shroud_keys,
+                                           shroud_alg, pwitem, unicodeFn, wincx);
+    if (rv == SECFailure) {
+        problem = PR_TRUE;
+    }
+
+    if ((safe != NULL) && (problem == PR_FALSE)) {
+        /* copy thumbprints */
+        rv = sec_pkcs12_propagate_thumbprints(nicks, ref_certs, safe, baggage);
+
+        /* package everything up into AuthenticatedSafe */
+        cinfo = sec_pkcs12_get_auth_safe(safe, baggage,
+                                         safe_alg, pwitem, unicodeFn, wincx);
+
+        sec_pkcs12_destroy_cert_content_infos(safe, baggage);
+
+        /* get the pfx and mac it */
+        if (cinfo != NULL) {
+            pfx = sec_pkcs12_get_pfx(cinfo, PR_TRUE, pwitem, unicodeFn);
+            if (pfx != NULL) {
+                dest = sec_pkcs12_encode_pfx(pfx);
+                SEC_PKCS12DestroyPFX(pfx);
+            }
+            SEC_PKCS7DestroyContentInfo(cinfo);
+        }
+
+        if (safe != NULL) {
+            PORT_FreeArena(safe->poolp, PR_TRUE);
+        }
+    } else {
+        if (safe != NULL) {
+            PORT_FreeArena(safe->poolp, PR_TRUE);
+        }
+    }
+
+loser:
+    if (nicks != NULL) {
+        sec_pkcs12_destroy_nickname_list(nicks);
+    }
+
+    if (ref_certs != NULL) {
+        sec_pkcs12_destroy_certificate_list(ref_certs);
+    }
+
+    if (pwitem != NULL) {
+        SECITEM_ZfreeItem(pwitem, PR_TRUE);
+    }
+
+    if (problem == PR_TRUE) {
+        dest = NULL;
+    }
+
+    return dest;
+}
diff --git a/nss/lib/pkcs12/p12local.c b/nss/lib/pkcs12/p12local.c
new file mode 100644
index 0000000..f3c4ded
--- /dev/null
+++ b/nss/lib/pkcs12/p12local.c
@@ -0,0 +1,1368 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssrenam.h"
+#include "pkcs12.h"
+#include "secpkcs7.h"
+#include "secasn1.h"
+#include "seccomon.h"
+#include "secoid.h"
+#include "sechash.h"
+#include "secitem.h"
+#include "secerr.h"
+#include "pk11func.h"
+#include "p12local.h"
+#include "p12.h"
+
+#define SALT_LENGTH 16
+
+SEC_ASN1_MKSUB(SECKEY_PrivateKeyInfoTemplate)
+SEC_ASN1_MKSUB(sgn_DigestInfoTemplate)
+
+CK_MECHANISM_TYPE
+sec_pkcs12_algtag_to_mech(SECOidTag algtag)
+{
+    switch (algtag) {
+        case SEC_OID_MD2:
+            return CKM_MD2_HMAC;
+        case SEC_OID_MD5:
+            return CKM_MD5_HMAC;
+        case SEC_OID_SHA1:
+            return CKM_SHA_1_HMAC;
+        case SEC_OID_SHA224:
+            return CKM_SHA224_HMAC;
+        case SEC_OID_SHA256:
+            return CKM_SHA256_HMAC;
+        case SEC_OID_SHA384:
+            return CKM_SHA384_HMAC;
+        case SEC_OID_SHA512:
+            return CKM_SHA512_HMAC;
+        default:
+            break;
+    }
+    return CKM_INVALID_MECHANISM;
+}
+
+/* helper functions */
+/* returns proper bag type template based upon object type tag */
+const SEC_ASN1Template *
+sec_pkcs12_choose_bag_type_old(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    SEC_PKCS12SafeBag *safebag;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    safebag = (SEC_PKCS12SafeBag *)src_or_dest;
+
+    oiddata = safebag->safeBagTypeTag;
+    if (oiddata == NULL) {
+        oiddata = SECOID_FindOID(&safebag->safeBagType);
+        safebag->safeBagTypeTag = oiddata;
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
+            break;
+        case SEC_OID_PKCS12_KEY_BAG_ID:
+            theTemplate = SEC_PointerToPKCS12KeyBagTemplate;
+            break;
+        case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
+            theTemplate = SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD;
+            break;
+        case SEC_OID_PKCS12_SECRET_BAG_ID:
+            theTemplate = SEC_PointerToPKCS12SecretBagTemplate;
+            break;
+    }
+    return theTemplate;
+}
+
+const SEC_ASN1Template *
+sec_pkcs12_choose_bag_type(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    SEC_PKCS12SafeBag *safebag;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    safebag = (SEC_PKCS12SafeBag *)src_or_dest;
+
+    oiddata = safebag->safeBagTypeTag;
+    if (oiddata == NULL) {
+        oiddata = SECOID_FindOID(&safebag->safeBagType);
+        safebag->safeBagTypeTag = oiddata;
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+            break;
+        case SEC_OID_PKCS12_KEY_BAG_ID:
+            theTemplate = SEC_PKCS12PrivateKeyBagTemplate;
+            break;
+        case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
+            theTemplate = SEC_PKCS12CertAndCRLBagTemplate;
+            break;
+        case SEC_OID_PKCS12_SECRET_BAG_ID:
+            theTemplate = SEC_PKCS12SecretBagTemplate;
+            break;
+    }
+    return theTemplate;
+}
+
+/* returns proper cert crl template based upon type tag */
+const SEC_ASN1Template *
+sec_pkcs12_choose_cert_crl_type_old(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    SEC_PKCS12CertAndCRL *certbag;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    certbag = (SEC_PKCS12CertAndCRL *)src_or_dest;
+    oiddata = certbag->BagTypeTag;
+    if (oiddata == NULL) {
+        oiddata = SECOID_FindOID(&certbag->BagID);
+        certbag->BagTypeTag = oiddata;
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
+            break;
+        case SEC_OID_PKCS12_X509_CERT_CRL_BAG:
+            theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate_OLD;
+            break;
+        case SEC_OID_PKCS12_SDSI_CERT_BAG:
+            theTemplate = SEC_PointerToPKCS12SDSICertTemplate;
+            break;
+    }
+    return theTemplate;
+}
+
+const SEC_ASN1Template *
+sec_pkcs12_choose_cert_crl_type(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    SEC_PKCS12CertAndCRL *certbag;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    certbag = (SEC_PKCS12CertAndCRL *)src_or_dest;
+    oiddata = certbag->BagTypeTag;
+    if (oiddata == NULL) {
+        oiddata = SECOID_FindOID(&certbag->BagID);
+        certbag->BagTypeTag = oiddata;
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
+            break;
+        case SEC_OID_PKCS12_X509_CERT_CRL_BAG:
+            theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate;
+            break;
+        case SEC_OID_PKCS12_SDSI_CERT_BAG:
+            theTemplate = SEC_PointerToPKCS12SDSICertTemplate;
+            break;
+    }
+    return theTemplate;
+}
+
+/* returns appropriate shroud template based on object type tag */
+const SEC_ASN1Template *
+sec_pkcs12_choose_shroud_type(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    SEC_PKCS12ESPVKItem *espvk;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    espvk = (SEC_PKCS12ESPVKItem *)src_or_dest;
+    oiddata = espvk->espvkTag;
+    if (oiddata == NULL) {
+        oiddata = SECOID_FindOID(&espvk->espvkOID);
+        espvk->espvkTag = oiddata;
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
+            break;
+        case SEC_OID_PKCS12_PKCS8_KEY_SHROUDING:
+            theTemplate =
+                SEC_ASN1_GET(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate);
+            break;
+    }
+    return theTemplate;
+}
+
+/* generate SALT  placing it into the character array passed in.
+ * it is assumed that salt_dest is an array of appropriate size
+ * XXX We might want to generate our own random context
+ */
+SECItem *
+sec_pkcs12_generate_salt(void)
+{
+    SECItem *salt;
+
+    salt = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (salt == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    salt->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
+                                              SALT_LENGTH);
+    salt->len = SALT_LENGTH;
+    if (salt->data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        SECITEM_ZfreeItem(salt, PR_TRUE);
+        return NULL;
+    }
+
+    PK11_GenerateRandom(salt->data, salt->len);
+
+    return salt;
+}
+
+/* generate KEYS -- as per PKCS12 section 7.
+ * only used for MAC
+ */
+SECItem *
+sec_pkcs12_generate_key_from_password(SECOidTag algorithm,
+                                      SECItem *salt,
+                                      SECItem *password)
+{
+    unsigned char *pre_hash = NULL;
+    unsigned char *hash_dest = NULL;
+    SECStatus res;
+    PLArenaPool *poolp;
+    SECItem *key = NULL;
+    int key_len = 0;
+
+    if ((salt == NULL) || (password == NULL)) {
+        return NULL;
+    }
+
+    poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (poolp == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    pre_hash = (unsigned char *)PORT_ArenaZAlloc(poolp, sizeof(char) *
+                                                            (salt->len + password->len));
+    if (pre_hash == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    hash_dest = (unsigned char *)PORT_ArenaZAlloc(poolp,
+                                                  sizeof(unsigned char) * SHA1_LENGTH);
+    if (hash_dest == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    PORT_Memcpy(pre_hash, salt->data, salt->len);
+    /* handle password of 0 length case */
+    if (password->len > 0) {
+        PORT_Memcpy(&(pre_hash[salt->len]), password->data, password->len);
+    }
+
+    res = PK11_HashBuf(SEC_OID_SHA1, hash_dest, pre_hash,
+                       (salt->len + password->len));
+    if (res == SECFailure) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    switch (algorithm) {
+        case SEC_OID_SHA1:
+            if (key_len == 0)
+                key_len = 16;
+            key = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+            if (key == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+            key->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) * key_len);
+            if (key->data == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+            key->len = key_len;
+            PORT_Memcpy(key->data, &hash_dest[SHA1_LENGTH - key->len], key->len);
+            break;
+        default:
+            goto loser;
+            break;
+    }
+
+    PORT_FreeArena(poolp, PR_TRUE);
+    return key;
+
+loser:
+    PORT_FreeArena(poolp, PR_TRUE);
+    if (key != NULL) {
+        SECITEM_ZfreeItem(key, PR_TRUE);
+    }
+    return NULL;
+}
+
+/* MAC is generated per PKCS 12 section 6.  It is expected that key, msg
+ * and mac_dest are pre allocated, non-NULL arrays.  msg_len is passed in
+ * because it is not known how long the message actually is.  String
+ * manipulation routines will not necessarily work because msg may have
+ * imbedded NULLs
+ */
+static SECItem *
+sec_pkcs12_generate_old_mac(SECItem *key,
+                            SECItem *msg)
+{
+    SECStatus res;
+    PLArenaPool *temparena = NULL;
+    unsigned char *hash_dest = NULL, *hash_src1 = NULL, *hash_src2 = NULL;
+    int i;
+    SECItem *mac = NULL;
+
+    if ((key == NULL) || (msg == NULL))
+        goto loser;
+
+    /* allocate return item */
+    mac = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (mac == NULL)
+        return NULL;
+    mac->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) * SHA1_LENGTH);
+    mac->len = SHA1_LENGTH;
+    if (mac->data == NULL)
+        goto loser;
+
+    /* allocate temporary items */
+    temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (temparena == NULL)
+        goto loser;
+
+    hash_src1 = (unsigned char *)PORT_ArenaZAlloc(temparena,
+                                                  sizeof(unsigned char) * (16 + msg->len));
+    if (hash_src1 == NULL)
+        goto loser;
+
+    hash_src2 = (unsigned char *)PORT_ArenaZAlloc(temparena,
+                                                  sizeof(unsigned char) * (SHA1_LENGTH + 16));
+    if (hash_src2 == NULL)
+        goto loser;
+
+    hash_dest = (unsigned char *)PORT_ArenaZAlloc(temparena,
+                                                  sizeof(unsigned char) * SHA1_LENGTH);
+    if (hash_dest == NULL)
+        goto loser;
+
+    /* perform mac'ing as per PKCS 12 */
+
+    /* first round of hashing */
+    for (i = 0; i < 16; i++)
+        hash_src1[i] = key->data[i] ^ 0x36;
+    PORT_Memcpy(&(hash_src1[16]), msg->data, msg->len);
+    res = PK11_HashBuf(SEC_OID_SHA1, hash_dest, hash_src1, (16 + msg->len));
+    if (res == SECFailure)
+        goto loser;
+
+    /* second round of hashing */
+    for (i = 0; i < 16; i++)
+        hash_src2[i] = key->data[i] ^ 0x5c;
+    PORT_Memcpy(&(hash_src2[16]), hash_dest, SHA1_LENGTH);
+    res = PK11_HashBuf(SEC_OID_SHA1, mac->data, hash_src2, SHA1_LENGTH + 16);
+    if (res == SECFailure)
+        goto loser;
+
+    PORT_FreeArena(temparena, PR_TRUE);
+    return mac;
+
+loser:
+    if (temparena != NULL)
+        PORT_FreeArena(temparena, PR_TRUE);
+    if (mac != NULL)
+        SECITEM_ZfreeItem(mac, PR_TRUE);
+    return NULL;
+}
+
+/* MAC is generated per PKCS 12 section 6.  It is expected that key, msg
+ * and mac_dest are pre allocated, non-NULL arrays.  msg_len is passed in
+ * because it is not known how long the message actually is.  String
+ * manipulation routines will not necessarily work because msg may have
+ * imbedded NULLs
+ */
+SECItem *
+sec_pkcs12_generate_mac(SECItem *key,
+                        SECItem *msg,
+                        PRBool old_method)
+{
+    SECStatus res = SECFailure;
+    SECItem *mac = NULL;
+    PK11Context *pk11cx = NULL;
+    SECItem ignore = { 0 };
+
+    if ((key == NULL) || (msg == NULL)) {
+        return NULL;
+    }
+
+    if (old_method == PR_TRUE) {
+        return sec_pkcs12_generate_old_mac(key, msg);
+    }
+
+    /* allocate return item */
+    mac = SECITEM_AllocItem(NULL, NULL, SHA1_LENGTH);
+    if (mac == NULL) {
+        return NULL;
+    }
+
+    pk11cx = PK11_CreateContextByRawKey(NULL, CKM_SHA_1_HMAC, PK11_OriginDerive,
+                                        CKA_SIGN, key, &ignore, NULL);
+    if (pk11cx == NULL) {
+        goto loser;
+    }
+
+    res = PK11_DigestBegin(pk11cx);
+    if (res == SECFailure) {
+        goto loser;
+    }
+
+    res = PK11_DigestOp(pk11cx, msg->data, msg->len);
+    if (res == SECFailure) {
+        goto loser;
+    }
+
+    res = PK11_DigestFinal(pk11cx, mac->data, &mac->len, SHA1_LENGTH);
+    if (res == SECFailure) {
+        goto loser;
+    }
+
+    PK11_DestroyContext(pk11cx, PR_TRUE);
+    pk11cx = NULL;
+
+loser:
+
+    if (res != SECSuccess) {
+        SECITEM_ZfreeItem(mac, PR_TRUE);
+        mac = NULL;
+        if (pk11cx) {
+            PK11_DestroyContext(pk11cx, PR_TRUE);
+        }
+    }
+
+    return mac;
+}
+
+/* compute the thumbprint of the DER cert and create a digest info
+ * to store it in and return the digest info.
+ * a return of NULL indicates an error.
+ */
+SGNDigestInfo *
+sec_pkcs12_compute_thumbprint(SECItem *der_cert)
+{
+    SGNDigestInfo *thumb = NULL;
+    SECItem digest;
+    PLArenaPool *temparena = NULL;
+    SECStatus rv = SECFailure;
+
+    if (der_cert == NULL)
+        return NULL;
+
+    temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (temparena == NULL) {
+        return NULL;
+    }
+
+    digest.data = (unsigned char *)PORT_ArenaZAlloc(temparena,
+                                                    sizeof(unsigned char) *
+                                                        SHA1_LENGTH);
+    /* digest data and create digest info */
+    if (digest.data != NULL) {
+        digest.len = SHA1_LENGTH;
+        rv = PK11_HashBuf(SEC_OID_SHA1, digest.data, der_cert->data,
+                          der_cert->len);
+        if (rv == SECSuccess) {
+            thumb = SGN_CreateDigestInfo(SEC_OID_SHA1,
+                                         digest.data,
+                                         digest.len);
+        } else {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    PORT_FreeArena(temparena, PR_TRUE);
+
+    return thumb;
+}
+
+/* create a virtual password per PKCS 12, the password is converted
+ * to unicode, the salt is prepended to it, and then the whole thing
+ * is returned */
+SECItem *
+sec_pkcs12_create_virtual_password(SECItem *password, SECItem *salt,
+                                   PRBool swap)
+{
+    SECItem uniPwd = { siBuffer, NULL, 0 }, *retPwd = NULL;
+
+    if ((password == NULL) || (salt == NULL)) {
+        return NULL;
+    }
+
+    if (password->len == 0) {
+        uniPwd.data = (unsigned char *)PORT_ZAlloc(2);
+        uniPwd.len = 2;
+        if (!uniPwd.data) {
+            return NULL;
+        }
+    } else {
+        uniPwd.data = (unsigned char *)PORT_ZAlloc(password->len * 3);
+        uniPwd.len = password->len * 3;
+        if (!PORT_UCS2_ASCIIConversion(PR_TRUE, password->data, password->len,
+                                       uniPwd.data, uniPwd.len, &uniPwd.len, swap)) {
+            SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
+            return NULL;
+        }
+    }
+
+    retPwd = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (retPwd == NULL) {
+        goto loser;
+    }
+
+    /* allocate space and copy proper data */
+    retPwd->len = uniPwd.len + salt->len;
+    retPwd->data = (unsigned char *)PORT_Alloc(retPwd->len);
+    if (retPwd->data == NULL) {
+        PORT_Free(retPwd);
+        goto loser;
+    }
+
+    PORT_Memcpy(retPwd->data, salt->data, salt->len);
+    PORT_Memcpy((retPwd->data + salt->len), uniPwd.data, uniPwd.len);
+
+    SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
+
+    return retPwd;
+
+loser:
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
+    return NULL;
+}
+
+/* appends a shrouded key to a key bag.  this is used for exporting
+ * to store externally wrapped keys.  it is used when importing to convert
+ * old items to new
+ */
+SECStatus
+sec_pkcs12_append_shrouded_key(SEC_PKCS12BaggageItem *bag,
+                               SEC_PKCS12ESPVKItem *espvk)
+{
+    int size;
+    void *mark = NULL, *dummy = NULL;
+
+    if ((bag == NULL) || (espvk == NULL))
+        return SECFailure;
+
+    mark = PORT_ArenaMark(bag->poolp);
+
+    /* grow the list */
+    size = (bag->nEspvks + 1) * sizeof(SEC_PKCS12ESPVKItem *);
+    dummy = (SEC_PKCS12ESPVKItem **)PORT_ArenaGrow(bag->poolp,
+                                                   bag->espvks, size,
+                                                   size + sizeof(SEC_PKCS12ESPVKItem *));
+    bag->espvks = (SEC_PKCS12ESPVKItem **)dummy;
+    if (dummy == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    bag->espvks[bag->nEspvks] = espvk;
+    bag->nEspvks++;
+    bag->espvks[bag->nEspvks] = NULL;
+
+    PORT_ArenaUnmark(bag->poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(bag->poolp, mark);
+    return SECFailure;
+}
+
+/* search a certificate list for a nickname, a thumbprint, or both
+ * within a certificate bag.  if the certificate could not be
+ * found or an error occurs, NULL is returned;
+ */
+static SEC_PKCS12CertAndCRL *
+sec_pkcs12_find_cert_in_certbag(SEC_PKCS12CertAndCRLBag *certbag,
+                                SECItem *nickname, SGNDigestInfo *thumbprint)
+{
+    PRBool search_both = PR_FALSE, search_nickname = PR_FALSE;
+    int i, j;
+
+    if ((certbag == NULL) || ((nickname == NULL) && (thumbprint == NULL))) {
+        return NULL;
+    }
+
+    if (thumbprint && nickname) {
+        search_both = PR_TRUE;
+    }
+
+    if (nickname) {
+        search_nickname = PR_TRUE;
+    }
+
+search_again:
+    i = 0;
+    while (certbag->certAndCRLs[i] != NULL) {
+        SEC_PKCS12CertAndCRL *cert = certbag->certAndCRLs[i];
+
+        if (SECOID_FindOIDTag(&cert->BagID) == SEC_OID_PKCS12_X509_CERT_CRL_BAG) {
+
+            /* check nicknames */
+            if (search_nickname) {
+                if (SECITEM_CompareItem(nickname, &cert->nickname) == SECEqual) {
+                    return cert;
+                }
+            } else {
+                /* check thumbprints */
+                SECItem **derCertList;
+
+                /* get pointer to certificate list, does not need to
+                 * be freed since it is within the arena which will
+                 * be freed later.
+                 */
+                derCertList = SEC_PKCS7GetCertificateList(&cert->value.x509->certOrCRL);
+                j = 0;
+                if (derCertList != NULL) {
+                    while (derCertList[j] != NULL) {
+                        SECComparison eq;
+                        SGNDigestInfo *di;
+                        di = sec_pkcs12_compute_thumbprint(derCertList[j]);
+                        if (di) {
+                            eq = SGN_CompareDigestInfo(thumbprint, di);
+                            SGN_DestroyDigestInfo(di);
+                            if (eq == SECEqual) {
+                                /* copy the derCert for later reference */
+                                cert->value.x509->derLeafCert = derCertList[j];
+                                return cert;
+                            }
+                        } else {
+                            /* an error occurred */
+                            return NULL;
+                        }
+                        j++;
+                    }
+                }
+            }
+        }
+
+        i++;
+    }
+
+    if (search_both) {
+        search_both = PR_FALSE;
+        search_nickname = PR_FALSE;
+        goto search_again;
+    }
+
+    return NULL;
+}
+
+/* search a key list for a nickname, a thumbprint, or both
+ * within a key bag.  if the key could not be
+ * found or an error occurs, NULL is returned;
+ */
+static SEC_PKCS12PrivateKey *
+sec_pkcs12_find_key_in_keybag(SEC_PKCS12PrivateKeyBag *keybag,
+                              SECItem *nickname, SGNDigestInfo *thumbprint)
+{
+    PRBool search_both = PR_FALSE, search_nickname = PR_FALSE;
+    int i, j;
+
+    if ((keybag == NULL) || ((nickname == NULL) && (thumbprint == NULL))) {
+        return NULL;
+    }
+
+    if (keybag->privateKeys == NULL) {
+        return NULL;
+    }
+
+    if (thumbprint && nickname) {
+        search_both = PR_TRUE;
+    }
+
+    if (nickname) {
+        search_nickname = PR_TRUE;
+    }
+
+search_again:
+    i = 0;
+    while (keybag->privateKeys[i] != NULL) {
+        SEC_PKCS12PrivateKey *key = keybag->privateKeys[i];
+
+        /* check nicknames */
+        if (search_nickname) {
+            if (SECITEM_CompareItem(nickname, &key->pvkData.nickname) == SECEqual) {
+                return key;
+            }
+        } else {
+            /* check digests */
+            SGNDigestInfo **assocCerts = key->pvkData.assocCerts;
+            if ((assocCerts == NULL) || (assocCerts[0] == NULL)) {
+                return NULL;
+            }
+
+            j = 0;
+            while (assocCerts[j] != NULL) {
+                SECComparison eq;
+                eq = SGN_CompareDigestInfo(thumbprint, assocCerts[j]);
+                if (eq == SECEqual) {
+                    return key;
+                }
+                j++;
+            }
+        }
+        i++;
+    }
+
+    if (search_both) {
+        search_both = PR_FALSE;
+        search_nickname = PR_FALSE;
+        goto search_again;
+    }
+
+    return NULL;
+}
+
+/* seach the safe first then try the baggage bag
+ *  safe and bag contain certs and keys to search
+ *  objType is the object type to look for
+ *  bagType is the type of bag that was found by sec_pkcs12_find_object
+ *  index is the entity in safe->safeContents or bag->unencSecrets which
+ *    is being searched
+ *  nickname and thumbprint are the search criteria
+ *
+ * a return of null indicates no match
+ */
+static void *
+sec_pkcs12_try_find(SEC_PKCS12SafeContents *safe,
+                    SEC_PKCS12BaggageItem *bag,
+                    SECOidTag objType, SECOidTag bagType, int index,
+                    SECItem *nickname, SGNDigestInfo *thumbprint)
+{
+    PRBool searchSafe;
+    int i = index;
+
+    if ((safe == NULL) && (bag == NULL)) {
+        return NULL;
+    }
+
+    searchSafe = (safe == NULL ? PR_FALSE : PR_TRUE);
+    switch (objType) {
+        case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
+            if (objType == bagType) {
+                SEC_PKCS12CertAndCRLBag *certBag;
+
+                if (searchSafe) {
+                    certBag = safe->contents[i]->safeContent.certAndCRLBag;
+                } else {
+                    certBag = bag->unencSecrets[i]->safeContent.certAndCRLBag;
+                }
+                return sec_pkcs12_find_cert_in_certbag(certBag, nickname,
+                                                       thumbprint);
+            }
+            break;
+        case SEC_OID_PKCS12_KEY_BAG_ID:
+            if (objType == bagType) {
+                SEC_PKCS12PrivateKeyBag *keyBag;
+
+                if (searchSafe) {
+                    keyBag = safe->contents[i]->safeContent.keyBag;
+                } else {
+                    keyBag = bag->unencSecrets[i]->safeContent.keyBag;
+                }
+                return sec_pkcs12_find_key_in_keybag(keyBag, nickname,
+                                                     thumbprint);
+            }
+            break;
+        default:
+            break;
+    }
+
+    return NULL;
+}
+
+/* searches both the baggage and the safe areas looking for
+ * object of specified type matching either the nickname or the
+ * thumbprint specified.
+ *
+ * safe and baggage store certs and keys
+ * objType is the OID for the bag type to be searched:
+ *   SEC_OID_PKCS12_KEY_BAG_ID, or
+ *   SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID
+ * nickname and thumbprint are the search criteria
+ *
+ * if no match found, NULL returned and error set
+ */
+void *
+sec_pkcs12_find_object(SEC_PKCS12SafeContents *safe,
+                       SEC_PKCS12Baggage *baggage,
+                       SECOidTag objType,
+                       SECItem *nickname,
+                       SGNDigestInfo *thumbprint)
+{
+    int i, j;
+    void *retItem;
+
+    if (((safe == NULL) && (thumbprint == NULL)) ||
+        ((nickname == NULL) && (thumbprint == NULL))) {
+        return NULL;
+    }
+
+    i = 0;
+    if ((safe != NULL) && (safe->contents != NULL)) {
+        while (safe->contents[i] != NULL) {
+            SECOidTag bagType = SECOID_FindOIDTag(&safe->contents[i]->safeBagType);
+            retItem = sec_pkcs12_try_find(safe, NULL, objType, bagType, i,
+                                          nickname, thumbprint);
+            if (retItem != NULL) {
+                return retItem;
+            }
+            i++;
+        }
+    }
+
+    if ((baggage != NULL) && (baggage->bags != NULL)) {
+        i = 0;
+        while (baggage->bags[i] != NULL) {
+            SEC_PKCS12BaggageItem *xbag = baggage->bags[i];
+            j = 0;
+            if (xbag->unencSecrets != NULL) {
+                while (xbag->unencSecrets[j] != NULL) {
+                    SECOidTag bagType;
+                    bagType = SECOID_FindOIDTag(&xbag->unencSecrets[j]->safeBagType);
+                    retItem = sec_pkcs12_try_find(NULL, xbag, objType, bagType,
+                                                  j, nickname, thumbprint);
+                    if (retItem != NULL) {
+                        return retItem;
+                    }
+                    j++;
+                }
+            }
+            i++;
+        }
+    }
+
+    PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME);
+    return NULL;
+}
+
+/* this function converts a password to unicode and encures that the
+ * required double 0 byte be placed at the end of the string
+ */
+PRBool
+sec_pkcs12_convert_item_to_unicode(PLArenaPool *arena, SECItem *dest,
+                                   SECItem *src, PRBool zeroTerm,
+                                   PRBool asciiConvert, PRBool toUnicode)
+{
+    PRBool success = PR_FALSE;
+    if (!src || !dest) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return PR_FALSE;
+    }
+
+    dest->len = src->len * 3 + 2;
+    if (arena) {
+        dest->data = (unsigned char *)PORT_ArenaZAlloc(arena, dest->len);
+    } else {
+        dest->data = (unsigned char *)PORT_ZAlloc(dest->len);
+    }
+
+    if (!dest->data) {
+        dest->len = 0;
+        return PR_FALSE;
+    }
+
+    if (!asciiConvert) {
+        success = PORT_UCS2_UTF8Conversion(toUnicode, src->data, src->len, dest->data,
+                                           dest->len, &dest->len);
+    } else {
+#ifndef IS_LITTLE_ENDIAN
+        PRBool swapUnicode = PR_FALSE;
+#else
+        PRBool swapUnicode = PR_TRUE;
+#endif
+        success = PORT_UCS2_ASCIIConversion(toUnicode, src->data, src->len, dest->data,
+                                            dest->len, &dest->len, swapUnicode);
+    }
+
+    if (!success) {
+        if (!arena) {
+            PORT_Free(dest->data);
+            dest->data = NULL;
+            dest->len = 0;
+        }
+        return PR_FALSE;
+    }
+
+    if ((dest->len >= 2) &&
+        (dest->data[dest->len - 1] || dest->data[dest->len - 2]) && zeroTerm) {
+        if (dest->len + 2 > 3 * src->len) {
+            if (arena) {
+                dest->data = (unsigned char *)PORT_ArenaGrow(arena,
+                                                             dest->data, dest->len,
+                                                             dest->len + 2);
+            } else {
+                dest->data = (unsigned char *)PORT_Realloc(dest->data,
+                                                           dest->len + 2);
+            }
+
+            if (!dest->data) {
+                return PR_FALSE;
+            }
+        }
+        dest->len += 2;
+        dest->data[dest->len - 1] = dest->data[dest->len - 2] = 0;
+    }
+
+    return PR_TRUE;
+}
+
+PRBool
+sec_pkcs12_is_pkcs12_pbe_algorithm(SECOidTag algorithm)
+{
+    switch (algorithm) {
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
+        /* those are actually PKCS #5 v1.5 PBEs, but we
+         * historically treat them in the same way as PKCS #12
+         * PBEs */
+        case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
+        case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
+        case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+/* pkcs 12 templates */
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_shroud_chooser =
+    sec_pkcs12_choose_shroud_type;
+
+const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
+      { SEC_ASN1_ANY, offsetof(SEC_PKCS12SafeBag, derSafeContent) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
+      { SEC_ASN1_ANY, offsetof(SEC_PKCS12CertAndCRL, derValue) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[] =
+    {
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
+        SEC_PKCS12CodedCertBagTemplate },
+    };
+
+const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12ESPVKItem) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12ESPVKItem, espvkOID) },
+      { SEC_ASN1_INLINE, offsetof(SEC_PKCS12ESPVKItem, espvkData),
+        SEC_PKCS12PVKSupportingDataTemplate_OLD },
+      { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+            SEC_ASN1_DYNAMIC | 0,
+        offsetof(SEC_PKCS12ESPVKItem, espvkCipherText),
+        &sec_pkcs12_shroud_chooser },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12ESPVKItem) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12ESPVKItem, espvkOID) },
+      { SEC_ASN1_INLINE, offsetof(SEC_PKCS12ESPVKItem, espvkData),
+        SEC_PKCS12PVKSupportingDataTemplate },
+      { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+            SEC_ASN1_DYNAMIC | 0,
+        offsetof(SEC_PKCS12ESPVKItem, espvkCipherText),
+        &sec_pkcs12_shroud_chooser },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12PVKAdditionalDataTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKAdditionalData) },
+      { SEC_ASN1_OBJECT_ID,
+        offsetof(SEC_PKCS12PVKAdditionalData, pvkAdditionalType) },
+      { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+        offsetof(SEC_PKCS12PVKAdditionalData, pvkAdditionalContent) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) },
+      { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+        offsetof(SEC_PKCS12PVKSupportingData, assocCerts),
+        SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
+        offsetof(SEC_PKCS12PVKSupportingData, regenerable) },
+      { SEC_ASN1_PRINTABLE_STRING,
+        offsetof(SEC_PKCS12PVKSupportingData, nickname) },
+      { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
+        offsetof(SEC_PKCS12PVKSupportingData, pvkAdditionalDER) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) },
+      { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+        offsetof(SEC_PKCS12PVKSupportingData, assocCerts),
+        SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
+        offsetof(SEC_PKCS12PVKSupportingData, regenerable) },
+      { SEC_ASN1_BMP_STRING,
+        offsetof(SEC_PKCS12PVKSupportingData, uniNickName) },
+      { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
+        offsetof(SEC_PKCS12PVKSupportingData, pvkAdditionalDER) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12BaggageItemTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12BaggageItem) },
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, espvks),
+        SEC_PKCS12ESPVKItemTemplate },
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, unencSecrets),
+        SEC_PKCS12SafeBagTemplate },
+      /*{ SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, unencSecrets),
+        SEC_PKCS12CodedSafeBagTemplate }, */
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12BaggageTemplate[] =
+    {
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12Baggage, bags),
+        SEC_PKCS12BaggageItemTemplate },
+    };
+
+const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[] =
+    {
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12Baggage_OLD, espvks),
+        SEC_PKCS12ESPVKItemTemplate_OLD },
+    };
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_bag_chooser =
+    sec_pkcs12_choose_bag_type;
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_bag_chooser_old =
+    sec_pkcs12_choose_bag_type_old;
+
+const SEC_ASN1Template SEC_PKCS12SafeBagTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
+      { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+            SEC_ASN1_CONTEXT_SPECIFIC | 0,
+        offsetof(SEC_PKCS12SafeBag, safeContent),
+        &sec_pkcs12_bag_chooser_old },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
+      { SEC_ASN1_DYNAMIC | SEC_ASN1_POINTER,
+        offsetof(SEC_PKCS12SafeBag, safeContent),
+        &sec_pkcs12_bag_chooser },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_BMP_STRING,
+        offsetof(SEC_PKCS12SafeBag, uniSafeBagName) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[] =
+    {
+      { SEC_ASN1_SET_OF,
+        offsetof(SEC_PKCS12SafeContents, contents),
+        SEC_PKCS12SafeBagTemplate_OLD }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[] =
+    {
+      { SEC_ASN1_SET_OF,
+        offsetof(SEC_PKCS12SafeContents, contents),
+        SEC_PKCS12SafeBagTemplate } /* here */
+    };
+
+const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PrivateKey) },
+      { SEC_ASN1_INLINE, offsetof(SEC_PKCS12PrivateKey, pvkData),
+        SEC_PKCS12PVKSupportingDataTemplate },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(SEC_PKCS12PrivateKey, pkcs8data),
+        SEC_ASN1_SUB(SECKEY_PrivateKeyInfoTemplate) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PrivateKeyBag) },
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12PrivateKeyBag, privateKeys),
+        SEC_PKCS12PrivateKeyTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
+      { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, certOrCRL),
+        sec_PKCS7ContentInfoTemplate },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(SEC_PKCS12X509CertCRL, thumbprint),
+        SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
+      { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, certOrCRL),
+        sec_PKCS7ContentInfoTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
+      { SEC_ASN1_IA5_STRING, offsetof(SEC_PKCS12SDSICert, value) },
+      { 0 }
+    };
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_crl_chooser_old =
+    sec_pkcs12_choose_cert_crl_type_old;
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_crl_chooser =
+    sec_pkcs12_choose_cert_crl_type;
+
+const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
+      { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT |
+            SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | 0,
+        offsetof(SEC_PKCS12CertAndCRL, value),
+        &sec_pkcs12_cert_crl_chooser_old },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
+      { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
+      { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+            SEC_ASN1_CONTEXT_SPECIFIC | 0,
+        offsetof(SEC_PKCS12CertAndCRL, value),
+        &sec_pkcs12_cert_crl_chooser },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[] =
+    {
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
+        SEC_PKCS12CertAndCRLTemplate },
+    };
+
+const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRLBag) },
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
+        SEC_PKCS12CertAndCRLTemplate_OLD },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SecretAdditional) },
+      { SEC_ASN1_OBJECT_ID,
+        offsetof(SEC_PKCS12SecretAdditional, secretAdditionalType) },
+      { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT,
+        offsetof(SEC_PKCS12SecretAdditional, secretAdditionalContent) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SecretTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12Secret) },
+      { SEC_ASN1_BMP_STRING, offsetof(SEC_PKCS12Secret, uniSecretName) },
+      { SEC_ASN1_ANY, offsetof(SEC_PKCS12Secret, value) },
+      { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
+        offsetof(SEC_PKCS12Secret, secretAdditional),
+        SEC_PKCS12SecretAdditionalTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12Secret) },
+      { SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+        offsetof(SEC_PKCS12SecretItem, secret), SEC_PKCS12SecretTemplate },
+      { SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+        offsetof(SEC_PKCS12SecretItem, subFolder), SEC_PKCS12SafeBagTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[] =
+    {
+      { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12SecretBag, secrets),
+        SEC_PKCS12SecretItemTemplate },
+    };
+
+const SEC_ASN1Template SEC_PKCS12MacDataTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(SEC_PKCS12MacData, safeMac),
+        SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
+      { SEC_ASN1_BIT_STRING, offsetof(SEC_PKCS12MacData, macSalt) },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
+      { SEC_ASN1_OPTIONAL |
+            SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+        offsetof(SEC_PKCS12PFXItem, macData), SEC_PKCS12MacDataTemplate },
+      { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+        offsetof(SEC_PKCS12PFXItem, authSafe),
+        sec_PKCS7ContentInfoTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
+      { SEC_ASN1_OPTIONAL |
+            SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+        offsetof(SEC_PKCS12PFXItem, old_safeMac),
+        SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
+        offsetof(SEC_PKCS12PFXItem, old_macSalt) },
+      { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+        offsetof(SEC_PKCS12PFXItem, authSafe),
+        sec_PKCS7ContentInfoTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12AuthenticatedSafe) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
+        offsetof(SEC_PKCS12AuthenticatedSafe, version) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_OBJECT_ID,
+        offsetof(SEC_PKCS12AuthenticatedSafe, transportMode) },
+      { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
+        offsetof(SEC_PKCS12AuthenticatedSafe, privacySalt) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_SET_OF,
+        offsetof(SEC_PKCS12AuthenticatedSafe, baggage.bags),
+        SEC_PKCS12BaggageItemTemplate },
+      { SEC_ASN1_POINTER,
+        offsetof(SEC_PKCS12AuthenticatedSafe, safe),
+        sec_PKCS7ContentInfoTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12AuthenticatedSafe) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
+        offsetof(SEC_PKCS12AuthenticatedSafe, version) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
+        offsetof(SEC_PKCS12AuthenticatedSafe, transportMode) },
+      { SEC_ASN1_BIT_STRING,
+        offsetof(SEC_PKCS12AuthenticatedSafe, privacySalt) },
+      { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+            SEC_ASN1_CONTEXT_SPECIFIC | 0,
+        offsetof(SEC_PKCS12AuthenticatedSafe, old_baggage),
+        SEC_PKCS12BaggageTemplate_OLD },
+      { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+        offsetof(SEC_PKCS12AuthenticatedSafe, old_safe),
+        sec_PKCS7ContentInfoTemplate },
+      { 0 }
+    };
+
+const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[] =
+    {
+      { SEC_ASN1_POINTER, 0, SEC_PKCS12PrivateKeyBagTemplate }
+    };
+
+const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[] =
+    {
+      { SEC_ASN1_POINTER, 0, SEC_PKCS12CertAndCRLBagTemplate_OLD }
+    };
+
+const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[] =
+    {
+      { SEC_ASN1_POINTER, 0, SEC_PKCS12CertAndCRLBagTemplate }
+    };
+
+const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[] =
+    {
+      { SEC_ASN1_POINTER, 0, SEC_PKCS12SecretBagTemplate }
+    };
+
+const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[] =
+    {
+      { SEC_ASN1_POINTER, 0, SEC_PKCS12X509CertCRLTemplate_OLD }
+    };
+
+const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[] =
+    {
+      { SEC_ASN1_POINTER, 0, SEC_PKCS12X509CertCRLTemplate }
+    };
+
+const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[] =
+    {
+      { SEC_ASN1_POINTER, 0, SEC_PKCS12SDSICertTemplate }
+    };
diff --git a/nss/lib/pkcs12/p12local.h b/nss/lib/pkcs12/p12local.h
new file mode 100644
index 0000000..7f01459
--- /dev/null
+++ b/nss/lib/pkcs12/p12local.h
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _P12LOCAL_H_
+#define _P12LOCAL_H_
+
+#include "plarena.h"
+#include "secoidt.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "certt.h"
+#include "secpkcs7.h"
+#include "pkcs12.h"
+#include "p12.h"
+
+/* helper functions */
+extern const SEC_ASN1Template *
+sec_pkcs12_choose_bag_type(void *src_or_dest, PRBool encoding);
+extern const SEC_ASN1Template *
+sec_pkcs12_choose_cert_crl_type(void *src_or_dest, PRBool encoding);
+extern const SEC_ASN1Template *
+sec_pkcs12_choose_shroud_type(void *src_or_dest, PRBool encoding);
+extern SECItem *sec_pkcs12_generate_salt(void);
+extern SECItem *sec_pkcs12_generate_key_from_password(SECOidTag algorithm,
+                                                      SECItem *salt, SECItem *password);
+extern SECItem *sec_pkcs12_generate_mac(SECItem *key, SECItem *msg,
+                                        PRBool old_method);
+extern SGNDigestInfo *sec_pkcs12_compute_thumbprint(SECItem *der_cert);
+extern SECItem *sec_pkcs12_create_virtual_password(SECItem *password,
+                                                   SECItem *salt, PRBool swapUnicodeBytes);
+extern SECStatus sec_pkcs12_append_shrouded_key(SEC_PKCS12BaggageItem *bag,
+                                                SEC_PKCS12ESPVKItem *espvk);
+extern void *sec_pkcs12_find_object(SEC_PKCS12SafeContents *safe,
+                                    SEC_PKCS12Baggage *baggage, SECOidTag objType,
+                                    SECItem *nickname, SGNDigestInfo *thumbprint);
+extern PRBool sec_pkcs12_convert_item_to_unicode(PLArenaPool *arena, SECItem *dest,
+                                                 SECItem *src, PRBool zeroTerm,
+                                                 PRBool asciiConvert, PRBool toUnicode);
+extern CK_MECHANISM_TYPE sec_pkcs12_algtag_to_mech(SECOidTag algtag);
+
+/* create functions */
+extern SEC_PKCS12PFXItem *sec_pkcs12_new_pfx(void);
+extern SEC_PKCS12SafeContents *sec_pkcs12_create_safe_contents(
+    PLArenaPool *poolp);
+extern SEC_PKCS12Baggage *sec_pkcs12_create_baggage(PLArenaPool *poolp);
+extern SEC_PKCS12BaggageItem *sec_pkcs12_create_external_bag(SEC_PKCS12Baggage *luggage);
+extern void SEC_PKCS12DestroyPFX(SEC_PKCS12PFXItem *pfx);
+extern SEC_PKCS12AuthenticatedSafe *sec_pkcs12_new_asafe(PLArenaPool *poolp);
+
+/* conversion from old to new */
+extern SEC_PKCS12DecoderContext *
+sec_PKCS12ConvertOldSafeToNew(PLArenaPool *arena, PK11SlotInfo *slot,
+                              PRBool swapUnicode, SECItem *pwitem,
+                              void *wincx, SEC_PKCS12SafeContents *safe,
+                              SEC_PKCS12Baggage *baggage);
+
+extern PRBool sec_pkcs12_is_pkcs12_pbe_algorithm(SECOidTag algorithm);
+
+#endif
diff --git a/nss/lib/pkcs12/p12plcy.c b/nss/lib/pkcs12/p12plcy.c
new file mode 100644
index 0000000..97970ab
--- /dev/null
+++ b/nss/lib/pkcs12/p12plcy.c
@@ -0,0 +1,125 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "p12plcy.h"
+#include "secoid.h"
+#include "secport.h"
+#include "secpkcs5.h"
+
+#define PKCS12_NULL 0x0000
+
+typedef struct pkcs12SuiteMapStr {
+    SECOidTag algTag;
+    unsigned int keyLengthBits; /* in bits */
+    unsigned long suite;
+    PRBool allowed;
+    PRBool preferred;
+} pkcs12SuiteMap;
+
+static pkcs12SuiteMap pkcs12SuiteMaps[] = {
+    { SEC_OID_RC4, 40, PKCS12_RC4_40, PR_FALSE, PR_FALSE },
+    { SEC_OID_RC4, 128, PKCS12_RC4_128, PR_FALSE, PR_FALSE },
+    { SEC_OID_RC2_CBC, 40, PKCS12_RC2_CBC_40, PR_FALSE, PR_TRUE },
+    { SEC_OID_RC2_CBC, 128, PKCS12_RC2_CBC_128, PR_FALSE, PR_FALSE },
+    { SEC_OID_DES_CBC, 64, PKCS12_DES_56, PR_FALSE, PR_FALSE },
+    { SEC_OID_DES_EDE3_CBC, 192, PKCS12_DES_EDE3_168, PR_FALSE, PR_FALSE },
+    { SEC_OID_AES_128_CBC, 128, PKCS12_AES_CBC_128, PR_FALSE, PR_FALSE },
+    { SEC_OID_AES_192_CBC, 192, PKCS12_AES_CBC_192, PR_FALSE, PR_FALSE },
+    { SEC_OID_AES_256_CBC, 256, PKCS12_AES_CBC_256, PR_FALSE, PR_FALSE },
+    { SEC_OID_UNKNOWN, 0, PKCS12_NULL, PR_FALSE, PR_FALSE },
+    { SEC_OID_UNKNOWN, 0, 0L, PR_FALSE, PR_FALSE }
+};
+
+/* determine if algid is an algorithm which is allowed */
+PRBool
+SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid)
+{
+    unsigned int keyLengthBits;
+    SECOidTag algId;
+    int i;
+
+    algId = SEC_PKCS5GetCryptoAlgorithm(algid);
+    if (algId == SEC_OID_UNKNOWN) {
+        return PR_FALSE;
+    }
+
+    keyLengthBits = (unsigned int)(SEC_PKCS5GetKeyLength(algid) * 8);
+
+    i = 0;
+    while (pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
+        if ((pkcs12SuiteMaps[i].algTag == algId) &&
+            (pkcs12SuiteMaps[i].keyLengthBits == keyLengthBits)) {
+
+            return pkcs12SuiteMaps[i].allowed;
+        }
+        i++;
+    }
+
+    return PR_FALSE;
+}
+
+/* is any encryption allowed? */
+PRBool
+SEC_PKCS12IsEncryptionAllowed(void)
+{
+    int i;
+
+    i = 0;
+    while (pkcs12SuiteMaps[i].algTag != SEC_OID_UNKNOWN) {
+        if (pkcs12SuiteMaps[i].allowed == PR_TRUE) {
+            return PR_TRUE;
+        }
+        i++;
+    }
+
+    return PR_FALSE;
+}
+
+SECStatus
+SEC_PKCS12EnableCipher(long which, int on)
+{
+    int i;
+
+    i = 0;
+    while (pkcs12SuiteMaps[i].suite != 0L) {
+        if (pkcs12SuiteMaps[i].suite == (unsigned long)which) {
+            if (on) {
+                pkcs12SuiteMaps[i].allowed = PR_TRUE;
+            } else {
+                pkcs12SuiteMaps[i].allowed = PR_FALSE;
+            }
+            return SECSuccess;
+        }
+        i++;
+    }
+
+    return SECFailure;
+}
+
+SECStatus
+SEC_PKCS12SetPreferredCipher(long which, int on)
+{
+    int i;
+    PRBool turnedOff = PR_FALSE;
+    PRBool turnedOn = PR_FALSE;
+
+    i = 0;
+    while (pkcs12SuiteMaps[i].suite != 0L) {
+        if (pkcs12SuiteMaps[i].preferred == PR_TRUE) {
+            pkcs12SuiteMaps[i].preferred = PR_FALSE;
+            turnedOff = PR_TRUE;
+        }
+        if (pkcs12SuiteMaps[i].suite == (unsigned long)which) {
+            pkcs12SuiteMaps[i].preferred = PR_TRUE;
+            turnedOn = PR_TRUE;
+        }
+        i++;
+    }
+
+    if ((turnedOn) && (turnedOff)) {
+        return SECSuccess;
+    }
+
+    return SECFailure;
+}
diff --git a/nss/lib/pkcs12/p12plcy.h b/nss/lib/pkcs12/p12plcy.h
new file mode 100644
index 0000000..d3f818d
--- /dev/null
+++ b/nss/lib/pkcs12/p12plcy.h
@@ -0,0 +1,25 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _P12PLCY_H_
+#define _P12PLCY_H_
+
+#include "secoid.h"
+#include "ciferfam.h"
+
+SEC_BEGIN_PROTOS
+
+/* for the algid specified, can we decrypt it ? */
+extern PRBool SEC_PKCS12DecryptionAllowed(SECAlgorithmID *algid);
+
+/* is encryption allowed? */
+extern PRBool SEC_PKCS12IsEncryptionAllowed(void);
+
+/* enable a cipher for encryption/decryption */
+extern SECStatus SEC_PKCS12EnableCipher(long which, int on);
+
+/* return the preferred cipher for encryption */
+extern SECStatus SEC_PKCS12SetPreferredCipher(long which, int on);
+
+SEC_END_PROTOS
+#endif
diff --git a/nss/lib/pkcs12/p12t.h b/nss/lib/pkcs12/p12t.h
new file mode 100644
index 0000000..62c2b50
--- /dev/null
+++ b/nss/lib/pkcs12/p12t.h
@@ -0,0 +1,155 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _P12T_H_
+#define _P12T_H_
+
+#include "secoid.h"
+#include "key.h"
+#include "pkcs11.h"
+#include "secpkcs7.h"
+#include "secdig.h" /* for SGNDigestInfo */
+#include "pkcs12t.h"
+
+#define SEC_PKCS12_VERSION 3
+
+/* structure declarations */
+typedef struct sec_PKCS12PFXItemStr sec_PKCS12PFXItem;
+typedef struct sec_PKCS12MacDataStr sec_PKCS12MacData;
+typedef struct sec_PKCS12AuthenticatedSafeStr sec_PKCS12AuthenticatedSafe;
+typedef struct sec_PKCS12SafeContentsStr sec_PKCS12SafeContents;
+typedef struct sec_PKCS12SafeBagStr sec_PKCS12SafeBag;
+typedef struct sec_PKCS12PKCS8ShroudedKeyBagStr sec_PKCS12PKCS8ShroudedKeyBag;
+typedef struct sec_PKCS12CertBagStr sec_PKCS12CertBag;
+typedef struct sec_PKCS12CRLBagStr sec_PKCS12CRLBag;
+typedef struct sec_PKCS12SecretBag sec_PKCS12SecretBag;
+typedef struct sec_PKCS12AttributeStr sec_PKCS12Attribute;
+
+struct sec_PKCS12CertBagStr {
+    /* what type of cert is stored? */
+    SECItem bagID;
+
+    /* certificate information */
+    union {
+        SECItem x509Cert;
+        SECItem SDSICert;
+    } value;
+};
+
+struct sec_PKCS12CRLBagStr {
+    /* what type of cert is stored? */
+    SECItem bagID;
+
+    /* certificate information */
+    union {
+        SECItem x509CRL;
+    } value;
+};
+
+struct sec_PKCS12SecretBag {
+    /* what type of secret? */
+    SECItem secretType;
+
+    /* secret information.  ssshhhh be vewy vewy quiet. */
+    SECItem secretContent;
+};
+
+struct sec_PKCS12AttributeStr {
+    SECItem attrType;
+    SECItem **attrValue;
+};
+
+struct sec_PKCS12SafeBagStr {
+
+    /* What type of bag are we using? */
+    SECItem safeBagType;
+
+    /* Dependent upon the type of bag being used. */
+    union {
+        SECKEYPrivateKeyInfo *pkcs8KeyBag;
+        SECKEYEncryptedPrivateKeyInfo *pkcs8ShroudedKeyBag;
+        sec_PKCS12CertBag *certBag;
+        sec_PKCS12CRLBag *crlBag;
+        sec_PKCS12SecretBag *secretBag;
+        sec_PKCS12SafeContents *safeContents;
+    } safeBagContent;
+
+    sec_PKCS12Attribute **attribs;
+
+    /* used locally */
+    SECOidData *bagTypeTag;
+    PLArenaPool *arena;
+    unsigned int nAttribs;
+
+    /* used for validation/importing */
+    PRBool problem, noInstall, validated, hasKey, unused, installed;
+    int error;
+
+    PRBool swapUnicodeBytes;
+    PK11SlotInfo *slot;
+    SECItem *pwitem;
+    PRBool oldBagType;
+    SECPKCS12TargetTokenCAs tokenCAs;
+};
+
+struct sec_PKCS12SafeContentsStr {
+    sec_PKCS12SafeBag **safeBags;
+    SECItem **encodedSafeBags;
+
+    /* used locally */
+    PLArenaPool *arena;
+    unsigned int bagCount;
+};
+
+struct sec_PKCS12MacDataStr {
+    SGNDigestInfo safeMac;
+    SECItem macSalt;
+    SECItem iter;
+};
+
+struct sec_PKCS12PFXItemStr {
+
+    SECItem version;
+
+    /* Content type will either be Data (password integrity mode)
+     * or signedData (public-key integrity mode)
+     */
+    SEC_PKCS7ContentInfo *authSafe;
+    SECItem encodedAuthSafe;
+
+    /* Only present in password integrity mode */
+    sec_PKCS12MacData macData;
+    SECItem encodedMacData;
+};
+
+struct sec_PKCS12AuthenticatedSafeStr {
+    /* Content type will either be encryptedData (password privacy mode)
+     * or envelopedData (public-key privacy mode)
+     */
+    SEC_PKCS7ContentInfo **safes;
+    SECItem **encodedSafes;
+
+    /* used locally */
+    unsigned int safeCount;
+    SECItem dummySafe;
+};
+
+extern const SEC_ASN1Template sec_PKCS12PFXItemTemplate[];
+extern const SEC_ASN1Template sec_PKCS12MacDataTemplate[];
+extern const SEC_ASN1Template sec_PKCS12AuthenticatedSafeTemplate[];
+extern const SEC_ASN1Template sec_PKCS12SafeContentsTemplate[];
+extern const SEC_ASN1Template sec_PKCS12SafeContentsDecodeTemplate[];
+extern const SEC_ASN1Template sec_PKCS12NestedSafeContentsDecodeTemplate[];
+extern const SEC_ASN1Template sec_PKCS12CertBagTemplate[];
+extern const SEC_ASN1Template sec_PKCS12CRLBagTemplate[];
+extern const SEC_ASN1Template sec_PKCS12SecretBagTemplate[];
+extern const SEC_ASN1Template sec_PKCS12PointerToCertBagTemplate[];
+extern const SEC_ASN1Template sec_PKCS12PointerToCRLBagTemplate[];
+extern const SEC_ASN1Template sec_PKCS12PointerToSecretBagTemplate[];
+extern const SEC_ASN1Template sec_PKCS12PointerToSafeContentsTemplate[];
+extern const SEC_ASN1Template sec_PKCS12AttributeTemplate[];
+extern const SEC_ASN1Template sec_PKCS12PointerToContentInfoTemplate[];
+extern const SEC_ASN1Template sec_PKCS12SafeBagTemplate[];
+
+#endif
diff --git a/nss/lib/pkcs12/p12tmpl.c b/nss/lib/pkcs12/p12tmpl.c
new file mode 100644
index 0000000..7437cbc
--- /dev/null
+++ b/nss/lib/pkcs12/p12tmpl.c
@@ -0,0 +1,290 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plarena.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "seccomon.h"
+#include "secport.h"
+#include "cert.h"
+#include "secpkcs7.h"
+#include "secasn1.h"
+#include "p12t.h"
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(sgn_DigestInfoTemplate)
+
+static const SEC_ASN1Template *
+sec_pkcs12_choose_safe_bag_type(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    sec_PKCS12SafeBag *safeBag;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    safeBag = (sec_PKCS12SafeBag *)src_or_dest;
+
+    oiddata = SECOID_FindOID(&safeBag->safeBagType);
+    if (oiddata == NULL) {
+        return SEC_ASN1_GET(SEC_AnyTemplate);
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+            break;
+        case SEC_OID_PKCS12_V1_KEY_BAG_ID:
+            theTemplate = SEC_ASN1_GET(SECKEY_PointerToPrivateKeyInfoTemplate);
+            break;
+        case SEC_OID_PKCS12_V1_CERT_BAG_ID:
+            theTemplate = sec_PKCS12PointerToCertBagTemplate;
+            break;
+        case SEC_OID_PKCS12_V1_CRL_BAG_ID:
+            theTemplate = sec_PKCS12PointerToCRLBagTemplate;
+            break;
+        case SEC_OID_PKCS12_V1_SECRET_BAG_ID:
+            theTemplate = sec_PKCS12PointerToSecretBagTemplate;
+            break;
+        case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
+            theTemplate =
+                SEC_ASN1_GET(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate);
+            break;
+        case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
+            if (encoding) {
+                theTemplate = sec_PKCS12PointerToSafeContentsTemplate;
+            } else {
+                theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
+            }
+            break;
+    }
+    return theTemplate;
+}
+
+static const SEC_ASN1Template *
+sec_pkcs12_choose_crl_bag_type(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    sec_PKCS12CRLBag *crlbag;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    crlbag = (sec_PKCS12CRLBag *)src_or_dest;
+
+    oiddata = SECOID_FindOID(&crlbag->bagID);
+    if (oiddata == NULL) {
+        return SEC_ASN1_GET(SEC_AnyTemplate);
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+            break;
+        case SEC_OID_PKCS9_X509_CRL:
+            theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate);
+            break;
+    }
+    return theTemplate;
+}
+
+static const SEC_ASN1Template *
+sec_pkcs12_choose_cert_bag_type(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    sec_PKCS12CertBag *certbag;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    certbag = (sec_PKCS12CertBag *)src_or_dest;
+
+    oiddata = SECOID_FindOID(&certbag->bagID);
+    if (oiddata == NULL) {
+        return SEC_ASN1_GET(SEC_AnyTemplate);
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+            break;
+        case SEC_OID_PKCS9_X509_CERT:
+            theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate);
+            break;
+        case SEC_OID_PKCS9_SDSI_CERT:
+            theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
+            break;
+    }
+    return theTemplate;
+}
+
+static const SEC_ASN1Template *
+sec_pkcs12_choose_attr_type(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    sec_PKCS12Attribute *attr;
+    SECOidData *oiddata;
+
+    if (src_or_dest == NULL) {
+        return NULL;
+    }
+
+    attr = (sec_PKCS12Attribute *)src_or_dest;
+
+    oiddata = SECOID_FindOID(&attr->attrType);
+    if (oiddata == NULL) {
+        return SEC_ASN1_GET(SEC_AnyTemplate);
+    }
+
+    switch (oiddata->offset) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+            break;
+        case SEC_OID_PKCS9_FRIENDLY_NAME:
+            theTemplate = SEC_ASN1_GET(SEC_BMPStringTemplate);
+            break;
+        case SEC_OID_PKCS9_LOCAL_KEY_ID:
+            theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate);
+            break;
+        case SEC_OID_PKCS12_KEY_USAGE:
+            theTemplate = SEC_ASN1_GET(SEC_BitStringTemplate);
+            break;
+    }
+
+    return theTemplate;
+}
+
+const SEC_ASN1Template sec_PKCS12PointerToContentInfoTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM, 0, sec_PKCS7ContentInfoTemplate }
+};
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_crl_bag_chooser =
+    sec_pkcs12_choose_crl_bag_type;
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_bag_chooser =
+    sec_pkcs12_choose_cert_bag_type;
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_safe_bag_chooser =
+    sec_pkcs12_choose_safe_bag_type;
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs12_attr_chooser =
+    sec_pkcs12_choose_attr_type;
+
+const SEC_ASN1Template sec_PKCS12PointerToCertBagTemplate[] = {
+    { SEC_ASN1_POINTER, 0, sec_PKCS12CertBagTemplate }
+};
+
+const SEC_ASN1Template sec_PKCS12PointerToCRLBagTemplate[] = {
+    { SEC_ASN1_POINTER, 0, sec_PKCS12CRLBagTemplate }
+};
+
+const SEC_ASN1Template sec_PKCS12PointerToSecretBagTemplate[] = {
+    { SEC_ASN1_POINTER, 0, sec_PKCS12SecretBagTemplate }
+};
+
+const SEC_ASN1Template sec_PKCS12PointerToSafeContentsTemplate[] = {
+    { SEC_ASN1_POINTER, 0, sec_PKCS12SafeContentsTemplate }
+};
+
+const SEC_ASN1Template sec_PKCS12PFXItemTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM, 0, NULL,
+      sizeof(sec_PKCS12PFXItem) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
+      offsetof(sec_PKCS12PFXItem, version) },
+    { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM,
+      offsetof(sec_PKCS12PFXItem, encodedAuthSafe) },
+    { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM,
+      offsetof(sec_PKCS12PFXItem, encodedMacData) },
+    { 0 }
+};
+
+const SEC_ASN1Template sec_PKCS12MacDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12MacData) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN, offsetof(sec_PKCS12MacData, safeMac),
+      SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
+    { SEC_ASN1_OCTET_STRING, offsetof(sec_PKCS12MacData, macSalt) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER, offsetof(sec_PKCS12MacData, iter) },
+    { 0 }
+};
+
+const SEC_ASN1Template sec_PKCS12AuthenticatedSafeTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM | SEC_ASN1_XTRN,
+      offsetof(sec_PKCS12AuthenticatedSafe, encodedSafes),
+      SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+const SEC_ASN1Template sec_PKCS12SafeBagTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM, 0, NULL,
+      sizeof(sec_PKCS12SafeBag) },
+    { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12SafeBag, safeBagType) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(sec_PKCS12SafeBag, safeBagContent),
+      &sec_pkcs12_safe_bag_chooser },
+    { SEC_ASN1_SET_OF | SEC_ASN1_OPTIONAL, offsetof(sec_PKCS12SafeBag, attribs),
+      sec_PKCS12AttributeTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template sec_PKCS12SafeContentsTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM,
+      offsetof(sec_PKCS12SafeContents, safeBags),
+      sec_PKCS12SafeBagTemplate }
+};
+
+const SEC_ASN1Template sec_PKCS12SequenceOfAnyTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM | SEC_ASN1_XTRN, 0,
+      SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+const SEC_ASN1Template sec_PKCS12NestedSafeContentsDecodeTemplate[] = {
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0,
+      offsetof(sec_PKCS12SafeContents, encodedSafeBags),
+      sec_PKCS12SequenceOfAnyTemplate }
+};
+
+const SEC_ASN1Template sec_PKCS12SafeContentsDecodeTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_MAY_STREAM | SEC_ASN1_XTRN,
+      offsetof(sec_PKCS12SafeContents, encodedSafeBags),
+      SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+const SEC_ASN1Template sec_PKCS12CRLBagTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12CRLBag) },
+    { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12CRLBag, bagID) },
+    { SEC_ASN1_DYNAMIC | SEC_ASN1_POINTER,
+      offsetof(sec_PKCS12CRLBag, value), &sec_pkcs12_crl_bag_chooser },
+    { 0 }
+};
+
+const SEC_ASN1Template sec_PKCS12CertBagTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12CertBag) },
+    { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12CertBag, bagID) },
+    { SEC_ASN1_DYNAMIC | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(sec_PKCS12CertBag, value), &sec_pkcs12_cert_bag_chooser },
+    { 0 }
+};
+
+const SEC_ASN1Template sec_PKCS12SecretBagTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12SecretBag) },
+    { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12SecretBag, secretType) },
+    { SEC_ASN1_ANY, offsetof(sec_PKCS12SecretBag, secretContent) },
+    { 0 }
+};
+
+const SEC_ASN1Template sec_PKCS12AttributeTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(sec_PKCS12Attribute) },
+    { SEC_ASN1_OBJECT_ID, offsetof(sec_PKCS12Attribute, attrType) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_DYNAMIC,
+      offsetof(sec_PKCS12Attribute, attrValue),
+      &sec_pkcs12_attr_chooser },
+    { 0 }
+};
diff --git a/nss/lib/pkcs12/pkcs12.gyp b/nss/lib/pkcs12/pkcs12.gyp
new file mode 100644
index 0000000..5b296cc
--- /dev/null
+++ b/nss/lib/pkcs12/pkcs12.gyp
@@ -0,0 +1,29 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkcs12',
+      'type': 'static_library',
+      'sources': [
+        'p12creat.c',
+        'p12d.c',
+        'p12dec.c',
+        'p12e.c',
+        'p12local.c',
+        'p12plcy.c',
+        'p12tmpl.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/pkcs12/pkcs12.h b/nss/lib/pkcs12/pkcs12.h
new file mode 100644
index 0000000..57b3263
--- /dev/null
+++ b/nss/lib/pkcs12/pkcs12.h
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _PKCS12_H_
+#define _PKCS12_H_
+
+#include "pkcs12t.h"
+#include "p12.h"
+
+SEC_BEGIN_PROTOS
+
+typedef SECItem *(*SEC_PKCS12GetPassword)(void *arg);
+
+/* Decode functions */
+/* Import a PFX item.
+ *      der_pfx is the der-encoded pfx item to import.
+ *      pbef, and pbefarg are used to retrieve passwords for the HMAC,
+ *          and any passwords needed for passing to PKCS5 encryption
+ *          routines.
+ *      algorithm is the algorithm by which private keys are stored in
+ *          the key database.  this could be a specific algorithm or could
+ *          be based on a global setting.
+ *      slot is the slot to where the certificates will be placed.  if NULL,
+ *          the internal key slot is used.
+ * If the process is successful, a SECSuccess is returned, otherwise
+ * a failure occurred.
+ */
+SECStatus
+SEC_PKCS12PutPFX(SECItem *der_pfx, SECItem *pwitem,
+                 SEC_PKCS12NicknameCollisionCallback ncCall,
+                 PK11SlotInfo *slot, void *wincx);
+
+/* check the first two bytes of a file to make sure that it matches
+ * the desired header for a PKCS 12 file
+ */
+PRBool SEC_PKCS12ValidData(char *buf, int bufLen, long int totalLength);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/pkcs12/pkcs12t.h b/nss/lib/pkcs12/pkcs12t.h
new file mode 100644
index 0000000..ad00d7b
--- /dev/null
+++ b/nss/lib/pkcs12/pkcs12t.h
@@ -0,0 +1,341 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _PKCS12T_H_
+#define _PKCS12T_H_
+
+#include "seccomon.h"
+#include "secoid.h"
+#include "cert.h"
+#include "key.h"
+#include "plarena.h"
+#include "secpkcs7.h"
+#include "secdig.h" /* for SGNDigestInfo */
+
+typedef enum {
+    SECPKCS12TargetTokenNoCAs,           /* CA get loaded intothe fixed token,
+                                          * User certs go to target token */
+    SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to
+                                          * target token, root certs got to
+                                          * fixed token */
+    SECPKCS12TargetTokenAllCAs           /* All certs go to target token */
+} SECPKCS12TargetTokenCAs;
+
+/* PKCS12 Structures */
+typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
+typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
+typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
+typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
+typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
+typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
+typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
+typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
+typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
+typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
+typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
+typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
+typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
+typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
+typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
+typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
+typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
+typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
+typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
+typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
+typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
+
+typedef SECItem *(*SEC_PKCS12PasswordFunc)(SECItem *args);
+
+/* PKCS12 types */
+
+/* stores shrouded keys */
+struct SEC_PKCS12BaggageStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12BaggageItem **bags;
+
+    int luggage_size; /* used locally */
+};
+
+/* additional data to be associated with keys.  currently there
+ * is nothing defined to be stored here.  allows future expansion.
+ */
+struct SEC_PKCS12PVKAdditionalDataStr {
+    PLArenaPool *poolp;
+    SECOidData *pvkAdditionalTypeTag; /* used locally */
+    SECItem pvkAdditionalType;
+    SECItem pvkAdditionalContent;
+};
+
+/* cert and other supporting data for private keys.  used
+ * for both shrouded and non-shrouded keys.
+ */
+struct SEC_PKCS12PVKSupportingDataStr {
+    PLArenaPool *poolp;
+    SGNDigestInfo **assocCerts;
+    SECItem regenerable;
+    SECItem nickname;
+    SEC_PKCS12PVKAdditionalData pvkAdditional;
+    SECItem pvkAdditionalDER;
+
+    SECItem uniNickName;
+    /* used locally */
+    int nThumbs;
+};
+
+/* shrouded key structure.  supports only pkcs8 shrouding
+ * currently.
+ */
+struct SEC_PKCS12ESPVKItemStr {
+    PLArenaPool *poolp;   /* used locally */
+    SECOidData *espvkTag; /* used locally */
+    SECItem espvkOID;
+    SEC_PKCS12PVKSupportingData espvkData;
+    union {
+        SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
+    } espvkCipherText;
+
+    PRBool duplicate;    /* used locally */
+    PRBool problem_cert; /* used locally */
+    PRBool single_cert;  /* used locally */
+    int nCerts;          /* used locally */
+    SECItem derCert;     /* used locally */
+};
+
+/* generic bag store for the safe.  safeBagType identifies
+ * the type of bag stored.
+ */
+struct SEC_PKCS12SafeBagStr {
+    PLArenaPool *poolp;
+    SECOidData *safeBagTypeTag; /* used locally */
+    SECItem safeBagType;
+    union {
+        SEC_PKCS12PrivateKeyBag *keyBag;
+        SEC_PKCS12CertAndCRLBag *certAndCRLBag;
+        SEC_PKCS12SecretBag *secretBag;
+    } safeContent;
+
+    SECItem derSafeContent;
+    SECItem safeBagName;
+
+    SECItem uniSafeBagName;
+};
+
+/* stores private keys and certificates in a list.  each safebag
+ * has an ID identifying the type of content stored.
+ */
+struct SEC_PKCS12SafeContentsStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12SafeBag **contents;
+
+    /* used for tracking purposes */
+    int safe_size;
+    PRBool old;
+    PRBool swapUnicode;
+    PRBool possibleSwapUnicode;
+};
+
+/* private key structure which holds encrypted private key and
+ * supporting data including nickname and certificate thumbprint.
+ */
+struct SEC_PKCS12PrivateKeyStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12PVKSupportingData pvkData;
+    SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */
+
+    PRBool duplicate;    /* used locally */
+    PRBool problem_cert; /* used locally */
+    PRBool single_cert;  /* used locally */
+    int nCerts;          /* used locally */
+    SECItem derCert;     /* used locally */
+};
+
+/* private key bag, holds a (null terminated) list of private key
+ * structures.
+ */
+struct SEC_PKCS12PrivateKeyBagStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12PrivateKey **privateKeys;
+
+    int bag_size; /* used locally */
+};
+
+/* container to hold certificates.  currently supports x509
+ * and sdsi certificates
+ */
+struct SEC_PKCS12CertAndCRLStr {
+    PLArenaPool *poolp;
+    SECOidData *BagTypeTag; /* used locally */
+    SECItem BagID;
+    union {
+        SEC_PKCS12X509CertCRL *x509;
+        SEC_PKCS12SDSICert *sdsi;
+    } value;
+
+    SECItem derValue;
+    SECItem nickname; /* used locally */
+    PRBool duplicate; /* used locally */
+};
+
+/* x509 certificate structure.  typically holds the der encoding
+ * of the x509 certificate.  thumbprint contains a digest of the
+ * certificate
+ */
+struct SEC_PKCS12X509CertCRLStr {
+    PLArenaPool *poolp;
+    SEC_PKCS7ContentInfo certOrCRL;
+    SGNDigestInfo thumbprint;
+
+    SECItem *derLeafCert; /* used locally */
+};
+
+/* sdsi certificate structure.  typically holds the der encoding
+ * of the sdsi certificate.  thumbprint contains a digest of the
+ * certificate
+ */
+struct SEC_PKCS12SDSICertStr {
+    PLArenaPool *poolp;
+    SECItem value;
+    SGNDigestInfo thumbprint;
+};
+
+/* contains a null terminated list of certs and crls */
+struct SEC_PKCS12CertAndCRLBagStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12CertAndCRL **certAndCRLs;
+
+    int bag_size; /* used locally */
+};
+
+/* additional secret information.  currently no information
+ * stored in this structure.
+ */
+struct SEC_PKCS12SecretAdditionalStr {
+    PLArenaPool *poolp;
+    SECOidData *secretTypeTag; /* used locally */
+    SECItem secretAdditionalType;
+    SECItem secretAdditionalContent;
+};
+
+/* secrets container.  this will be used to contain currently
+ * unspecified secrets.  (it's a secret)
+ */
+struct SEC_PKCS12SecretStr {
+    PLArenaPool *poolp;
+    SECItem secretName;
+    SECItem value;
+    SEC_PKCS12SecretAdditional secretAdditional;
+
+    SECItem uniSecretName;
+};
+
+struct SEC_PKCS12SecretItemStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12Secret secret;
+    SEC_PKCS12SafeBag subFolder;
+};
+
+/* a bag of secrets.  holds a null terminated list of secrets.
+ */
+struct SEC_PKCS12SecretBagStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12SecretItem **secrets;
+
+    int bag_size; /* used locally */
+};
+
+struct SEC_PKCS12MacDataStr {
+    SGNDigestInfo safeMac;
+    SECItem macSalt;
+};
+
+/* outer transfer unit */
+struct SEC_PKCS12PFXItemStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12MacData macData;
+    SEC_PKCS7ContentInfo authSafe;
+
+    /* for compatibility with beta */
+    PRBool old;
+    SGNDigestInfo old_safeMac;
+    SECItem old_macSalt;
+
+    /* compatibility between platforms for unicode swapping */
+    PRBool swapUnicode;
+};
+
+struct SEC_PKCS12BaggageItemStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12ESPVKItem **espvks;
+    SEC_PKCS12SafeBag **unencSecrets;
+
+    int nEspvks;
+    int nSecrets;
+};
+
+/* stores shrouded keys */
+struct SEC_PKCS12Baggage_OLDStr {
+    PLArenaPool *poolp;
+    SEC_PKCS12ESPVKItem **espvks;
+
+    int luggage_size; /* used locally */
+};
+
+/* authenticated safe, stores certs, keys, and shrouded keys */
+struct SEC_PKCS12AuthenticatedSafeStr {
+    PLArenaPool *poolp;
+    SECItem version;
+    SECOidData *transportTypeTag; /* local not part of encoding*/
+    SECItem transportMode;
+    SECItem privacySalt;
+    SEC_PKCS12Baggage baggage;
+    SEC_PKCS7ContentInfo *safe;
+
+    /* used for beta compatibility */
+    PRBool old;
+    PRBool emptySafe;
+    SEC_PKCS12Baggage_OLD old_baggage;
+    SEC_PKCS7ContentInfo old_safe;
+    PRBool swapUnicode;
+};
+#define SEC_PKCS12_PFX_VERSION 1 /* what we create */
+
+/* PKCS 12 Templates */
+extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
+extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
+extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
+extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
+extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
+extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
+extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
+extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
+extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
+#endif
diff --git a/nss/lib/pkcs7/Makefile b/nss/lib/pkcs7/Makefile
new file mode 100644
index 0000000..a9cebcf
--- /dev/null
+++ b/nss/lib/pkcs7/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/nss/lib/pkcs7/certread.c b/nss/lib/pkcs7/certread.c
new file mode 100644
index 0000000..2d692f1
--- /dev/null
+++ b/nss/lib/pkcs7/certread.c
@@ -0,0 +1,528 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "base64.h"
+#include "secitem.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secerr.h"
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate)
+
+typedef struct ContentInfoStr ContentInfo;
+typedef struct DegenerateSignedDataStr DegenerateSignedData;
+
+struct ContentInfoStr {
+    SECOidTag contentTypeTag; /* local; not part of encoding */
+    SECItem contentType;
+    union {
+        SECItem *data;
+        DegenerateSignedData *signedData;
+    } content;
+};
+
+struct DegenerateSignedDataStr {
+    SECItem version;
+    SECItem **digestAlgorithms;
+    ContentInfo contentInfo;
+    SECItem **certificates;
+    SECItem **crls;
+    SECItem **signerInfos;
+};
+
+static const SEC_ASN1Template *
+choose_content_template(void *src_or_dest, PRBool encoding);
+
+static const SEC_ASN1TemplateChooserPtr template_chooser = choose_content_template;
+
+static const SEC_ASN1Template ContentInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(ContentInfo) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(ContentInfo, contentType) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(ContentInfo, content),
+      &template_chooser },
+    { 0 }
+};
+
+static const SEC_ASN1Template DegenerateSignedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(DegenerateSignedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(DegenerateSignedData, version) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+      offsetof(DegenerateSignedData, digestAlgorithms),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { SEC_ASN1_INLINE,
+      offsetof(DegenerateSignedData, contentInfo),
+      ContentInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(DegenerateSignedData, certificates),
+      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(DegenerateSignedData, crls),
+      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+      offsetof(DegenerateSignedData, signerInfos),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template PointerToDegenerateSignedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, DegenerateSignedDataTemplate }
+};
+
+static SECOidTag
+GetContentTypeTag(ContentInfo *cinfo)
+{
+    if (cinfo->contentTypeTag == SEC_OID_UNKNOWN)
+        cinfo->contentTypeTag = SECOID_FindOIDTag(&cinfo->contentType);
+    return cinfo->contentTypeTag;
+}
+
+static const SEC_ASN1Template *
+choose_content_template(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    ContentInfo *cinfo;
+    SECOidTag kind;
+
+    PORT_Assert(src_or_dest != NULL);
+    if (src_or_dest == NULL)
+        return NULL;
+
+    cinfo = (ContentInfo *)src_or_dest;
+    kind = GetContentTypeTag(cinfo);
+    switch (kind) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
+            break;
+        case SEC_OID_PKCS7_DATA:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate);
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            theTemplate = PointerToDegenerateSignedDataTemplate;
+            break;
+    }
+    return theTemplate;
+}
+
+static SECStatus
+SEC_ReadPKCS7Certs(SECItem *pkcs7Item, CERTImportCertificateFunc f, void *arg)
+{
+    ContentInfo contentInfo;
+    SECStatus rv = SECFailure;
+    SECItem **certs;
+    int count;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return rv;
+    }
+
+    PORT_Memset(&contentInfo, 0, sizeof(contentInfo));
+    if (SEC_ASN1DecodeItem(arena, &contentInfo, ContentInfoTemplate,
+                           pkcs7Item) != SECSuccess) {
+        goto done;
+    }
+
+    if (GetContentTypeTag(&contentInfo) != SEC_OID_PKCS7_SIGNED_DATA) {
+        goto done;
+    }
+
+    rv = SECSuccess;
+
+    certs = contentInfo.content.signedData->certificates;
+    if (certs) {
+        count = 0;
+
+        while (*certs) {
+            count++;
+            certs++;
+        }
+        rv = (*f)(arg, contentInfo.content.signedData->certificates, count);
+    }
+
+done:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return rv;
+}
+
+const SEC_ASN1Template SEC_CertSequenceTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF | SEC_ASN1_XTRN, 0, SEC_ASN1_SUB(SEC_AnyTemplate) }
+};
+
+static SECStatus
+SEC_ReadCertSequence(SECItem *certsItem, CERTImportCertificateFunc f, void *arg)
+{
+    SECStatus rv = SECFailure;
+    SECItem **certs;
+    int count;
+    SECItem **rawCerts = NULL;
+    PLArenaPool *arena;
+    ContentInfo contentInfo;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return rv;
+    }
+
+    PORT_Memset(&contentInfo, 0, sizeof(contentInfo));
+    if (SEC_ASN1DecodeItem(arena, &contentInfo, ContentInfoTemplate,
+                           certsItem) != SECSuccess) {
+        goto done;
+    }
+
+    if (GetContentTypeTag(&contentInfo) != SEC_OID_NS_TYPE_CERT_SEQUENCE) {
+        goto done;
+    }
+
+    if (SEC_QuickDERDecodeItem(arena, &rawCerts, SEC_CertSequenceTemplate,
+                               contentInfo.content.data) != SECSuccess) {
+        goto done;
+    }
+
+    rv = SECSuccess;
+
+    certs = rawCerts;
+    if (certs) {
+        count = 0;
+
+        while (*certs) {
+            count++;
+            certs++;
+        }
+        rv = (*f)(arg, rawCerts, count);
+    }
+
+done:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return rv;
+}
+
+CERTCertificate *
+CERT_ConvertAndDecodeCertificate(char *certstr)
+{
+    CERTCertificate *cert;
+    SECStatus rv;
+    SECItem der;
+
+    rv = ATOB_ConvertAsciiToItem(&der, certstr);
+    if (rv != SECSuccess)
+        return NULL;
+
+    cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                   &der, NULL, PR_FALSE, PR_TRUE);
+
+    PORT_Free(der.data);
+    return cert;
+}
+
+static const char NS_CERT_HEADER[] = "-----BEGIN CERTIFICATE-----";
+static const char NS_CERT_TRAILER[] = "-----END CERTIFICATE-----";
+#define NS_CERT_HEADER_LEN ((sizeof NS_CERT_HEADER) - 1)
+#define NS_CERT_TRAILER_LEN ((sizeof NS_CERT_TRAILER) - 1)
+
+/*
+ * read an old style ascii or binary certificate chain
+ */
+SECStatus
+CERT_DecodeCertPackage(char *certbuf,
+                       int certlen,
+                       CERTImportCertificateFunc f,
+                       void *arg)
+{
+    unsigned char *cp;
+    unsigned char *bincert = NULL;
+    char *ascCert = NULL;
+    SECStatus rv;
+
+    if (certbuf == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return (SECFailure);
+    }
+    /*
+     * Make sure certlen is long enough to handle the longest possible
+     * reference in the code below:
+     * 0x30 0x84 l1 l2 l3 l4  +
+     *                       tag 9 o1 o2 o3 o4 o5 o6 o7 o8 o9
+     * where 9 is the longest length of the expected oids we are testing.
+     *   6 + 11 = 17. 17 bytes is clearly too small to code any kind of
+     *  certificate (a 128 bit ECC certificate contains at least an 8 byte
+     * key and a 16 byte signature, plus coding overhead). Typically a cert
+     * is much larger. So it's safe to require certlen to be at least 17
+     * bytes.
+     */
+    if (certlen < 17) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return (SECFailure);
+    }
+
+    cp = (unsigned char *)certbuf;
+
+    /* is a DER encoded certificate of some type? */
+    if ((*cp & 0x1f) == SEC_ASN1_SEQUENCE) {
+        SECItem certitem;
+        SECItem *pcertitem = &certitem;
+        PRUint64 seqLen, seqLenLen;
+
+        cp++;
+
+        if (*cp & 0x80) {
+            /* Multibyte length */
+            seqLenLen = cp[0] & 0x7f;
+
+            switch (seqLenLen) {
+                case 4:
+                    seqLen = ((unsigned long)cp[1] << 24) |
+                             ((unsigned long)cp[2] << 16) | (cp[3] << 8) | cp[4];
+                    break;
+                case 3:
+                    seqLen = ((unsigned long)cp[1] << 16) | (cp[2] << 8) | cp[3];
+                    break;
+                case 2:
+                    seqLen = (cp[1] << 8) | cp[2];
+                    break;
+                case 1:
+                    seqLen = cp[1];
+                    break;
+                case 0:
+                    /* indefinite length */
+                    seqLen = 0;
+                    break;
+                default:
+                    goto notder;
+            }
+            cp += (seqLenLen + 1);
+
+        } else {
+            seqLenLen = 0;
+            seqLen = *cp;
+            cp++;
+        }
+
+        /* check entire length if definite length */
+        if (seqLen || seqLenLen) {
+            if (certlen != (seqLen + seqLenLen + 2L)) {
+                if (certlen > (seqLen + seqLenLen + 2L))
+                    PORT_SetError(SEC_ERROR_EXTRA_INPUT);
+                else
+                    PORT_SetError(SEC_ERROR_INPUT_LEN);
+                goto notder;
+            }
+        }
+
+        /* check the type oid */
+        if (cp[0] == SEC_ASN1_OBJECT_ID) {
+            SECOidData *oiddata;
+            SECItem oiditem;
+            /* XXX - assume DER encoding of OID len!! */
+            oiditem.len = cp[1];
+            /* if we add an oid below that is longer than 9 bytes, then we
+             * need to change the certlen check at the top of the function
+             * to prevent a buffer overflow
+             */
+            if (oiditem.len > 9) {
+                PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
+                return (SECFailure);
+            }
+            oiditem.data = (unsigned char *)&cp[2];
+            oiddata = SECOID_FindOID(&oiditem);
+            if (oiddata == NULL) {
+                return (SECFailure);
+            }
+
+            certitem.data = (unsigned char *)certbuf;
+            certitem.len = certlen;
+
+            switch (oiddata->offset) {
+                case SEC_OID_PKCS7_SIGNED_DATA:
+                    /* oid: 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02 */
+                    return (SEC_ReadPKCS7Certs(&certitem, f, arg));
+                    break;
+                case SEC_OID_NS_TYPE_CERT_SEQUENCE:
+                    /* oid: 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, 0x05 */
+                    return (SEC_ReadCertSequence(&certitem, f, arg));
+                    break;
+                default:
+                    break;
+            }
+
+        } else {
+            /* it had better be a certificate by now!! */
+            certitem.data = (unsigned char *)certbuf;
+            certitem.len = certlen;
+
+            rv = (*f)(arg, &pcertitem, 1);
+            return (rv);
+        }
+    }
+
+/* now look for a netscape base64 ascii encoded cert */
+notder : {
+    unsigned char *certbegin = NULL;
+    unsigned char *certend = NULL;
+    char *pc;
+    int cl;
+
+    /* Convert the ASCII data into a nul-terminated string */
+    ascCert = (char *)PORT_Alloc(certlen + 1);
+    if (!ascCert) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    PORT_Memcpy(ascCert, certbuf, certlen);
+    ascCert[certlen] = '\0';
+
+    pc = PORT_Strchr(ascCert, '\n'); /* find an EOL */
+    if (!pc) {                       /* maybe this is a MAC file */
+        pc = ascCert;
+        while (*pc && NULL != (pc = PORT_Strchr(pc, '\r'))) {
+            *pc++ = '\n';
+        }
+    }
+
+    cp = (unsigned char *)ascCert;
+    cl = certlen;
+
+    /* find the beginning marker */
+    while (cl > NS_CERT_HEADER_LEN) {
+        int found = 0;
+        if (!PORT_Strncasecmp((char *)cp, NS_CERT_HEADER,
+                              NS_CERT_HEADER_LEN)) {
+            cl -= NS_CERT_HEADER_LEN;
+            cp += NS_CERT_HEADER_LEN;
+            found = 1;
+        }
+
+        /* skip to next eol */
+        while (cl && (*cp != '\n')) {
+            cp++;
+            cl--;
+        }
+
+        /* skip all blank lines */
+        while (cl && (*cp == '\n' || *cp == '\r')) {
+            cp++;
+            cl--;
+        }
+        if (cl && found) {
+            certbegin = cp;
+            break;
+        }
+    }
+
+    if (certbegin) {
+        /* find the ending marker */
+        while (cl >= NS_CERT_TRAILER_LEN) {
+            if (!PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
+                                  NS_CERT_TRAILER_LEN)) {
+                certend = cp;
+                break;
+            }
+
+            /* skip to next eol */
+            while (cl && (*cp != '\n')) {
+                cp++;
+                cl--;
+            }
+
+            /* skip all blank lines */
+            while (cl && (*cp == '\n' || *cp == '\r')) {
+                cp++;
+                cl--;
+            }
+        }
+    }
+
+    if (certbegin && certend) {
+        unsigned int binLen;
+
+        *certend = 0;
+        /* convert to binary */
+        bincert = ATOB_AsciiToData((char *)certbegin, &binLen);
+        if (!bincert) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* now recurse to decode the binary */
+        rv = CERT_DecodeCertPackage((char *)bincert, binLen, f, arg);
+
+    } else {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        rv = SECFailure;
+    }
+}
+
+loser:
+
+    if (bincert) {
+        PORT_Free(bincert);
+    }
+
+    if (ascCert) {
+        PORT_Free(ascCert);
+    }
+
+    return (rv);
+}
+
+typedef struct {
+    PLArenaPool *arena;
+    SECItem cert;
+} collect_args;
+
+static SECStatus
+collect_certs(void *arg, SECItem **certs, int numcerts)
+{
+    SECStatus rv;
+    collect_args *collectArgs;
+
+    collectArgs = (collect_args *)arg;
+
+    rv = SECITEM_CopyItem(collectArgs->arena, &collectArgs->cert, *certs);
+
+    return (rv);
+}
+
+/*
+ * read an old style ascii or binary certificate
+ */
+CERTCertificate *
+CERT_DecodeCertFromPackage(char *certbuf, int certlen)
+{
+    collect_args collectArgs;
+    SECStatus rv;
+    CERTCertificate *cert = NULL;
+
+    collectArgs.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    rv = CERT_DecodeCertPackage(certbuf, certlen, collect_certs,
+                                (void *)&collectArgs);
+    if (rv == SECSuccess) {
+        cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                       &collectArgs.cert, NULL,
+                                       PR_FALSE, PR_TRUE);
+    }
+
+    PORT_FreeArena(collectArgs.arena, PR_FALSE);
+
+    return (cert);
+}
diff --git a/nss/lib/pkcs7/config.mk b/nss/lib/pkcs7/config.mk
new file mode 100644
index 0000000..36f063f
--- /dev/null
+++ b/nss/lib/pkcs7/config.mk
@@ -0,0 +1,14 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
diff --git a/nss/lib/pkcs7/exports.gyp b/nss/lib/pkcs7/exports.gyp
new file mode 100644
index 0000000..e5c9f09
--- /dev/null
+++ b/nss/lib/pkcs7/exports.gyp
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_pkcs7_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'pkcs7t.h',
+            'secmime.h',
+            'secpkcs7.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'p7local.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/pkcs7/manifest.mn b/nss/lib/pkcs7/manifest.mn
new file mode 100644
index 0000000..1a6cad0
--- /dev/null
+++ b/nss/lib/pkcs7/manifest.mn
@@ -0,0 +1,33 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+EXPORTS = \
+	secmime.h \
+	secpkcs7.h \
+	pkcs7t.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	p7local.h \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS = \
+	certread.c \
+	p7common.c \
+	p7create.c \
+	p7decode.c \
+	p7encode.c \
+	p7local.c  \
+	secmime.c  \
+	$(NULL)
+
+LIBRARY_NAME = pkcs7
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/pkcs7/p7common.c b/nss/lib/pkcs7/p7common.c
new file mode 100644
index 0000000..8a6ac03
--- /dev/null
+++ b/nss/lib/pkcs7/p7common.c
@@ -0,0 +1,663 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * PKCS7 implementation -- the exported parts that are used whether
+ * creating or decoding.
+ */
+
+#include "p7local.h"
+
+#include "cert.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+
+/*
+ * Find out (saving pointer to lookup result for future reference)
+ * and return the inner content type.
+ */
+SECOidTag
+SEC_PKCS7ContentType(SEC_PKCS7ContentInfo *cinfo)
+{
+    if (cinfo->contentTypeTag == NULL)
+        cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
+
+    if (cinfo->contentTypeTag == NULL)
+        return SEC_OID_UNKNOWN;
+
+    return cinfo->contentTypeTag->offset;
+}
+
+/*
+ * Destroy a PKCS7 contentInfo and all of its sub-pieces.
+ */
+void
+SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *cinfo)
+{
+    SECOidTag kind;
+    CERTCertificate **certs;
+    CERTCertificateList **certlists;
+    SEC_PKCS7SignerInfo **signerinfos;
+    SEC_PKCS7RecipientInfo **recipientinfos;
+
+    PORT_Assert(cinfo->refCount > 0);
+    if (cinfo->refCount <= 0)
+        return;
+
+    cinfo->refCount--;
+    if (cinfo->refCount > 0)
+        return;
+
+    certs = NULL;
+    certlists = NULL;
+    recipientinfos = NULL;
+    signerinfos = NULL;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_ENVELOPED_DATA: {
+            SEC_PKCS7EnvelopedData *edp;
+
+            edp = cinfo->content.envelopedData;
+            if (edp != NULL) {
+                recipientinfos = edp->recipientInfos;
+            }
+        } break;
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sdp;
+
+            sdp = cinfo->content.signedData;
+            if (sdp != NULL) {
+                certs = sdp->certs;
+                certlists = sdp->certLists;
+                signerinfos = sdp->signerInfos;
+            }
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            if (saedp != NULL) {
+                certs = saedp->certs;
+                certlists = saedp->certLists;
+                recipientinfos = saedp->recipientInfos;
+                signerinfos = saedp->signerInfos;
+                if (saedp->sigKey != NULL)
+                    PK11_FreeSymKey(saedp->sigKey);
+            }
+        } break;
+        default:
+            /* XXX Anything else that needs to be "manually" freed/destroyed? */
+            break;
+    }
+
+    if (certs != NULL) {
+        CERTCertificate *cert;
+
+        while ((cert = *certs++) != NULL) {
+            CERT_DestroyCertificate(cert);
+        }
+    }
+
+    if (certlists != NULL) {
+        CERTCertificateList *certlist;
+
+        while ((certlist = *certlists++) != NULL) {
+            CERT_DestroyCertificateList(certlist);
+        }
+    }
+
+    if (recipientinfos != NULL) {
+        SEC_PKCS7RecipientInfo *ri;
+
+        while ((ri = *recipientinfos++) != NULL) {
+            if (ri->cert != NULL)
+                CERT_DestroyCertificate(ri->cert);
+        }
+    }
+
+    if (signerinfos != NULL) {
+        SEC_PKCS7SignerInfo *si;
+
+        while ((si = *signerinfos++) != NULL) {
+            if (si->cert != NULL)
+                CERT_DestroyCertificate(si->cert);
+            if (si->certList != NULL)
+                CERT_DestroyCertificateList(si->certList);
+        }
+    }
+
+    if (cinfo->poolp != NULL) {
+        PORT_FreeArena(cinfo->poolp, PR_FALSE); /* XXX clear it? */
+    }
+}
+
+/*
+ * Return a copy of the given contentInfo.  The copy may be virtual
+ * or may be real -- either way, the result needs to be passed to
+ * SEC_PKCS7DestroyContentInfo later (as does the original).
+ */
+SEC_PKCS7ContentInfo *
+SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *cinfo)
+{
+    if (cinfo == NULL)
+        return NULL;
+
+    PORT_Assert(cinfo->refCount > 0);
+
+    if (cinfo->created) {
+        /*
+         * Want to do a real copy of these; otherwise subsequent
+         * changes made to either copy are likely to be a surprise.
+         * XXX I suspect that this will not actually be called for yet,
+         * which is why the assert, so to notice if it is...
+         */
+        PORT_Assert(0);
+        /*
+         * XXX Create a new pool here, and copy everything from
+         * within.  For cert stuff, need to call the appropriate
+         * copy functions, etc.
+         */
+    }
+
+    cinfo->refCount++;
+    return cinfo;
+}
+
+/*
+ * Return a pointer to the actual content.  In the case of those types
+ * which are encrypted, this returns the *plain* content.
+ * XXX Needs revisiting if/when we handle nested encrypted types.
+ */
+SECItem *
+SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo)
+{
+    SECOidTag kind;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_DATA:
+            return cinfo->content.data;
+        case SEC_OID_PKCS7_DIGESTED_DATA: {
+            SEC_PKCS7DigestedData *digd;
+
+            digd = cinfo->content.digestedData;
+            if (digd == NULL)
+                break;
+            return SEC_PKCS7GetContent(&(digd->contentInfo));
+        }
+        case SEC_OID_PKCS7_ENCRYPTED_DATA: {
+            SEC_PKCS7EncryptedData *encd;
+
+            encd = cinfo->content.encryptedData;
+            if (encd == NULL)
+                break;
+            return &(encd->encContentInfo.plainContent);
+        }
+        case SEC_OID_PKCS7_ENVELOPED_DATA: {
+            SEC_PKCS7EnvelopedData *envd;
+
+            envd = cinfo->content.envelopedData;
+            if (envd == NULL)
+                break;
+            return &(envd->encContentInfo.plainContent);
+        }
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sigd;
+
+            sigd = cinfo->content.signedData;
+            if (sigd == NULL)
+                break;
+            return SEC_PKCS7GetContent(&(sigd->contentInfo));
+        }
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saed;
+
+            saed = cinfo->content.signedAndEnvelopedData;
+            if (saed == NULL)
+                break;
+            return &(saed->encContentInfo.plainContent);
+        }
+        default:
+            PORT_Assert(0);
+            break;
+    }
+
+    return NULL;
+}
+
+/*
+ * XXX Fix the placement and formatting of the
+ * following routines (i.e. make them consistent with the rest of
+ * the pkcs7 code -- I think some/many belong in other files and
+ * they all need a formatting/style rehaul)
+ */
+
+/* retrieve the algorithm identifier for encrypted data.
+ * the identifier returned is a copy of the algorithm identifier
+ * in the content info and needs to be freed after being used.
+ *
+ *   cinfo is the content info for which to retrieve the
+ *     encryption algorithm.
+ *
+ * if the content info is not encrypted data or an error
+ * occurs NULL is returned.
+ */
+SECAlgorithmID *
+SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo)
+{
+    SECAlgorithmID *alg = 0;
+    switch (SEC_PKCS7ContentType(cinfo)) {
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            alg = &cinfo->content.encryptedData->encContentInfo.contentEncAlg;
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            alg = &cinfo->content.envelopedData->encContentInfo.contentEncAlg;
+            break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            alg = &cinfo->content.signedAndEnvelopedData
+                       ->encContentInfo.contentEncAlg;
+            break;
+        default:
+            alg = 0;
+            break;
+    }
+
+    return alg;
+}
+
+/* set the content of the content info.  For data content infos,
+ * the data is set.  For encrytped content infos, the plainContent
+ * is set, and is expected to be encrypted later.
+ *
+ * cinfo is the content info where the data will be set
+ *
+ * buf is a buffer of the data to set
+ *
+ * len is the length of the data being set.
+ *
+ * in the event of an error, SECFailure is returned.  SECSuccess
+ * indicates the content was successfully set.
+ */
+SECStatus
+SEC_PKCS7SetContent(SEC_PKCS7ContentInfo *cinfo,
+                    const char *buf,
+                    unsigned long len)
+{
+    SECOidTag cinfo_type;
+    SECStatus rv;
+    SECItem content;
+    SECOidData *contentTypeTag = NULL;
+
+    content.type = siBuffer;
+    content.data = (unsigned char *)buf;
+    content.len = len;
+
+    cinfo_type = SEC_PKCS7ContentType(cinfo);
+
+    /* set inner content */
+    switch (cinfo_type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            if (content.len > 0) {
+                /* we "leak" the old content here, but as it's all in the pool */
+                /* it does not really matter */
+
+                /* create content item if necessary */
+                if (cinfo->content.signedData->contentInfo.content.data == NULL)
+                    cinfo->content.signedData->contentInfo.content.data = SECITEM_AllocItem(cinfo->poolp, NULL, 0);
+                rv = SECITEM_CopyItem(cinfo->poolp,
+                                      cinfo->content.signedData->contentInfo.content.data,
+                                      &content);
+            } else {
+                cinfo->content.signedData->contentInfo.content.data->data = NULL;
+                cinfo->content.signedData->contentInfo.content.data->len = 0;
+                rv = SECSuccess;
+            }
+            if (rv == SECFailure)
+                goto loser;
+
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            /* XXX this forces the inner content type to be "data" */
+            /* do we really want to override without asking or reason? */
+            contentTypeTag = SECOID_FindOIDByTag(SEC_OID_PKCS7_DATA);
+            if (contentTypeTag == NULL)
+                goto loser;
+            rv = SECITEM_CopyItem(cinfo->poolp,
+                                  &(cinfo->content.encryptedData->encContentInfo.contentType),
+                                  &(contentTypeTag->oid));
+            if (rv == SECFailure)
+                goto loser;
+            if (content.len > 0) {
+                rv = SECITEM_CopyItem(cinfo->poolp,
+                                      &(cinfo->content.encryptedData->encContentInfo.plainContent),
+                                      &content);
+            } else {
+                cinfo->content.encryptedData->encContentInfo.plainContent.data = NULL;
+                cinfo->content.encryptedData->encContentInfo.encContent.data = NULL;
+                cinfo->content.encryptedData->encContentInfo.plainContent.len = 0;
+                cinfo->content.encryptedData->encContentInfo.encContent.len = 0;
+                rv = SECSuccess;
+            }
+            if (rv == SECFailure)
+                goto loser;
+            break;
+        case SEC_OID_PKCS7_DATA:
+            cinfo->content.data = (SECItem *)PORT_ArenaZAlloc(cinfo->poolp,
+                                                              sizeof(SECItem));
+            if (cinfo->content.data == NULL)
+                goto loser;
+            if (content.len > 0) {
+                rv = SECITEM_CopyItem(cinfo->poolp,
+                                      cinfo->content.data, &content);
+            } else {
+                /* handle case with NULL content */
+                rv = SECSuccess;
+            }
+            if (rv == SECFailure)
+                goto loser;
+            break;
+        default:
+            goto loser;
+    }
+
+    return SECSuccess;
+
+loser:
+
+    return SECFailure;
+}
+
+/* the content of an encrypted data content info is encrypted.
+ * it is assumed that for encrypted data, that the data has already
+ * been set and is in the "plainContent" field of the content info.
+ *
+ * cinfo is the content info to encrypt
+ *
+ * key is the key with which to perform the encryption.  if the
+ *     algorithm is a password based encryption algorithm, the
+ *     key is actually a password which will be processed per
+ *     PKCS #5.
+ *
+ * in the event of an error, SECFailure is returned.  SECSuccess
+ * indicates a success.
+ */
+SECStatus
+SEC_PKCS7EncryptContents(PLArenaPool *poolp,
+                         SEC_PKCS7ContentInfo *cinfo,
+                         SECItem *key,
+                         void *wincx)
+{
+    SECAlgorithmID *algid = NULL;
+    SECItem *src;
+    SECItem *dest;
+    SECItem *blocked_data = NULL;
+    void *mark;
+    void *cx;
+    PK11SymKey *eKey = NULL;
+    PK11SlotInfo *slot = NULL;
+
+    CK_MECHANISM_TYPE cryptoMechType;
+    int bs;
+    SECStatus rv = SECFailure;
+    SECItem *c_param = NULL;
+
+    if ((cinfo == NULL) || (key == NULL))
+        return SECFailure;
+
+    if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
+        return SECFailure;
+
+    algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);
+    if (algid == NULL)
+        return SECFailure;
+
+    if (poolp == NULL)
+        poolp = cinfo->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    src = &cinfo->content.encryptedData->encContentInfo.plainContent;
+    dest = &cinfo->content.encryptedData->encContentInfo.encContent;
+    dest->data = (unsigned char *)PORT_ArenaZAlloc(poolp, (src->len + 64));
+    dest->len = (src->len + 64);
+    if (dest->data == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    slot = PK11_GetInternalKeySlot();
+    if (slot == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
+    if (eKey == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key);
+    if (cryptoMechType == CKM_INVALID_MECHANISM) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* block according to PKCS 8 */
+    bs = PK11_GetBlockSize(cryptoMechType, c_param);
+    rv = SECSuccess;
+    if (bs) {
+        char pad_char;
+        pad_char = (char)(bs - (src->len % bs));
+        if (src->len % bs) {
+            rv = SECSuccess;
+            blocked_data = PK11_BlockData(src, bs);
+            if (blocked_data) {
+                PORT_Memset((blocked_data->data + blocked_data->len - (int)pad_char),
+                            pad_char, (int)pad_char);
+            } else {
+                rv = SECFailure;
+                goto loser;
+            }
+        } else {
+            blocked_data = SECITEM_DupItem(src);
+            if (blocked_data) {
+                blocked_data->data = (unsigned char *)PORT_Realloc(
+                    blocked_data->data,
+                    blocked_data->len + bs);
+                if (blocked_data->data) {
+                    blocked_data->len += bs;
+                    PORT_Memset((blocked_data->data + src->len), (char)bs, bs);
+                } else {
+                    rv = SECFailure;
+                    goto loser;
+                }
+            } else {
+                rv = SECFailure;
+                goto loser;
+            }
+        }
+    } else {
+        blocked_data = SECITEM_DupItem(src);
+        if (!blocked_data) {
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT,
+                                    eKey, c_param);
+    if (cx == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = PK11_CipherOp((PK11Context *)cx, dest->data, (int *)(&dest->len),
+                       (int)(src->len + 64), blocked_data->data,
+                       (int)blocked_data->len);
+    PK11_DestroyContext((PK11Context *)cx, PR_TRUE);
+
+loser:
+    /* let success fall through */
+    if (blocked_data != NULL)
+        SECITEM_ZfreeItem(blocked_data, PR_TRUE);
+
+    if (rv == SECFailure)
+        PORT_ArenaRelease(poolp, mark);
+    else
+        PORT_ArenaUnmark(poolp, mark);
+
+    if (eKey != NULL)
+        PK11_FreeSymKey(eKey);
+
+    if (slot != NULL)
+        PK11_FreeSlot(slot);
+
+    if (c_param != NULL)
+        SECITEM_ZfreeItem(c_param, PR_TRUE);
+
+    return rv;
+}
+
+/* the content of an encrypted data content info is decrypted.
+ * it is assumed that for encrypted data, that the data has already
+ * been set and is in the "encContent" field of the content info.
+ *
+ * cinfo is the content info to decrypt
+ *
+ * key is the key with which to perform the decryption.  if the
+ *     algorithm is a password based encryption algorithm, the
+ *     key is actually a password which will be processed per
+ *     PKCS #5.
+ *
+ * in the event of an error, SECFailure is returned.  SECSuccess
+ * indicates a success.
+ */
+SECStatus
+SEC_PKCS7DecryptContents(PLArenaPool *poolp,
+                         SEC_PKCS7ContentInfo *cinfo,
+                         SECItem *key,
+                         void *wincx)
+{
+    SECAlgorithmID *algid = NULL;
+    SECStatus rv = SECFailure;
+    SECItem *dest, *src;
+    void *mark;
+
+    PK11SymKey *eKey = NULL;
+    PK11SlotInfo *slot = NULL;
+    CK_MECHANISM_TYPE cryptoMechType;
+    void *cx;
+    SECItem *c_param = NULL;
+    int bs;
+
+    if ((cinfo == NULL) || (key == NULL))
+        return SECFailure;
+
+    if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_ENCRYPTED_DATA)
+        return SECFailure;
+
+    algid = SEC_PKCS7GetEncryptionAlgorithm(cinfo);
+    if (algid == NULL)
+        return SECFailure;
+
+    if (poolp == NULL)
+        poolp = cinfo->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    src = &cinfo->content.encryptedData->encContentInfo.encContent;
+    dest = &cinfo->content.encryptedData->encContentInfo.plainContent;
+    dest->data = (unsigned char *)PORT_ArenaZAlloc(poolp, (src->len + 64));
+    dest->len = (src->len + 64);
+    if (dest->data == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    slot = PK11_GetInternalKeySlot();
+    if (slot == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    eKey = PK11_PBEKeyGen(slot, algid, key, PR_FALSE, wincx);
+    if (eKey == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    cryptoMechType = PK11_GetPBECryptoMechanism(algid, &c_param, key);
+    if (cryptoMechType == CKM_INVALID_MECHANISM) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    cx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT,
+                                    eKey, c_param);
+    if (cx == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = PK11_CipherOp((PK11Context *)cx, dest->data, (int *)(&dest->len),
+                       (int)(src->len + 64), src->data, (int)src->len);
+    PK11_DestroyContext((PK11Context *)cx, PR_TRUE);
+
+    bs = PK11_GetBlockSize(cryptoMechType, c_param);
+    if (bs) {
+        /* check for proper badding in block algorithms.  this assumes
+         * RC2 cbc or a DES cbc variant.  and the padding is thus defined
+         */
+        if (((int)dest->data[dest->len - 1] <= bs) &&
+            ((int)dest->data[dest->len - 1] > 0)) {
+            dest->len -= (int)dest->data[dest->len - 1];
+        } else {
+            rv = SECFailure;
+            /* set an error ? */
+        }
+    }
+
+loser:
+    /* let success fall through */
+    if (rv == SECFailure)
+        PORT_ArenaRelease(poolp, mark);
+    else
+        PORT_ArenaUnmark(poolp, mark);
+
+    if (eKey != NULL)
+        PK11_FreeSymKey(eKey);
+
+    if (slot != NULL)
+        PK11_FreeSlot(slot);
+
+    if (c_param != NULL)
+        SECITEM_ZfreeItem(c_param, PR_TRUE);
+
+    return rv;
+}
+
+SECItem **
+SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo)
+{
+    switch (SEC_PKCS7ContentType(cinfo)) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            return cinfo->content.signedData->rawCerts;
+            break;
+        default:
+            return NULL;
+            break;
+    }
+}
+
+int
+SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo)
+{
+    if (cinfo->contentTypeTag->offset == SEC_OID_PKCS7_ENVELOPED_DATA)
+        return cinfo->content.envelopedData->encContentInfo.keysize;
+    else
+        return 0;
+}
diff --git a/nss/lib/pkcs7/p7create.c b/nss/lib/pkcs7/p7create.c
new file mode 100644
index 0000000..96ada5c
--- /dev/null
+++ b/nss/lib/pkcs7/p7create.c
@@ -0,0 +1,1300 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * PKCS7 creation.
+ */
+
+#include "p7local.h"
+
+#include "cert.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+#include "secder.h"
+#include "secpkcs5.h"
+
+const int NSS_PBE_DEFAULT_ITERATION_COUNT = 2000; /* used in p12e.c too */
+
+static SECStatus
+sec_pkcs7_init_content_info(SEC_PKCS7ContentInfo *cinfo, PLArenaPool *poolp,
+                            SECOidTag kind, PRBool detached)
+{
+    void *thing;
+    int version;
+    SECItem *versionp;
+    SECStatus rv;
+
+    PORT_Assert(cinfo != NULL && poolp != NULL);
+    if (cinfo == NULL || poolp == NULL)
+        return SECFailure;
+
+    cinfo->contentTypeTag = SECOID_FindOIDByTag(kind);
+    PORT_Assert(cinfo->contentTypeTag && cinfo->contentTypeTag->offset == kind);
+
+    rv = SECITEM_CopyItem(poolp, &(cinfo->contentType),
+                          &(cinfo->contentTypeTag->oid));
+    if (rv != SECSuccess)
+        return rv;
+
+    if (detached)
+        return SECSuccess;
+
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+            thing = PORT_ArenaZAlloc(poolp, sizeof(SECItem));
+            cinfo->content.data = (SECItem *)thing;
+            versionp = NULL;
+            version = -1;
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7DigestedData));
+            cinfo->content.digestedData = (SEC_PKCS7DigestedData *)thing;
+            versionp = &(cinfo->content.digestedData->version);
+            version = SEC_PKCS7_DIGESTED_DATA_VERSION;
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7EncryptedData));
+            cinfo->content.encryptedData = (SEC_PKCS7EncryptedData *)thing;
+            versionp = &(cinfo->content.encryptedData->version);
+            version = SEC_PKCS7_ENCRYPTED_DATA_VERSION;
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7EnvelopedData));
+            cinfo->content.envelopedData =
+                (SEC_PKCS7EnvelopedData *)thing;
+            versionp = &(cinfo->content.envelopedData->version);
+            version = SEC_PKCS7_ENVELOPED_DATA_VERSION;
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7SignedData));
+            cinfo->content.signedData =
+                (SEC_PKCS7SignedData *)thing;
+            versionp = &(cinfo->content.signedData->version);
+            version = SEC_PKCS7_SIGNED_DATA_VERSION;
+            break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            thing = PORT_ArenaZAlloc(poolp, sizeof(SEC_PKCS7SignedAndEnvelopedData));
+            cinfo->content.signedAndEnvelopedData =
+                (SEC_PKCS7SignedAndEnvelopedData *)thing;
+            versionp = &(cinfo->content.signedAndEnvelopedData->version);
+            version = SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION;
+            break;
+    }
+
+    if (thing == NULL)
+        return SECFailure;
+
+    if (versionp != NULL) {
+        SECItem *dummy;
+
+        PORT_Assert(version >= 0);
+        dummy = SEC_ASN1EncodeInteger(poolp, versionp, version);
+        if (dummy == NULL)
+            return SECFailure;
+        PORT_Assert(dummy == versionp);
+    }
+
+    return SECSuccess;
+}
+
+static SEC_PKCS7ContentInfo *
+sec_pkcs7_create_content_info(SECOidTag kind, PRBool detached,
+                              SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    PLArenaPool *poolp;
+    SECStatus rv;
+
+    poolp = PORT_NewArena(1024); /* XXX what is right value? */
+    if (poolp == NULL)
+        return NULL;
+
+    cinfo = (SEC_PKCS7ContentInfo *)PORT_ArenaZAlloc(poolp, sizeof(*cinfo));
+    if (cinfo == NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    cinfo->poolp = poolp;
+    cinfo->pwfn = pwfn;
+    cinfo->pwfn_arg = pwfn_arg;
+    cinfo->created = PR_TRUE;
+    cinfo->refCount = 1;
+
+    rv = sec_pkcs7_init_content_info(cinfo, poolp, kind, detached);
+    if (rv != SECSuccess) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    return cinfo;
+}
+
+/*
+ * Add a signer to a PKCS7 thing, verifying the signature cert first.
+ * Any error returns SECFailure.
+ *
+ * XXX Right now this only adds the *first* signer.  It fails if you try
+ * to add a second one -- this needs to be fixed.
+ */
+static SECStatus
+sec_pkcs7_add_signer(SEC_PKCS7ContentInfo *cinfo,
+                     CERTCertificate *cert,
+                     SECCertUsage certusage,
+                     CERTCertDBHandle *certdb,
+                     SECOidTag digestalgtag,
+                     SECItem *digestdata)
+{
+    SEC_PKCS7SignerInfo *signerinfo, **signerinfos, ***signerinfosp;
+    SECAlgorithmID *digestalg, **digestalgs, ***digestalgsp;
+    SECItem *digest, **digests, ***digestsp;
+    SECItem *dummy;
+    void *mark;
+    SECStatus rv;
+    SECOidTag kind;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sdp;
+
+            sdp = cinfo->content.signedData;
+            digestalgsp = &(sdp->digestAlgorithms);
+            digestsp = &(sdp->digests);
+            signerinfosp = &(sdp->signerInfos);
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            digestalgsp = &(saedp->digestAlgorithms);
+            digestsp = &(saedp->digests);
+            signerinfosp = &(saedp->signerInfos);
+        } break;
+        default:
+            return SECFailure; /* XXX set an error? */
+    }
+
+    /*
+     * XXX I think that CERT_VerifyCert should do this if *it* is passed
+     * a NULL database.
+     */
+    if (certdb == NULL) {
+        certdb = CERT_GetDefaultCertDB();
+        if (certdb == NULL)
+            return SECFailure; /* XXX set an error? */
+    }
+
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, PR_Now(),
+                        cinfo->pwfn_arg, NULL) != SECSuccess) {
+        /* XXX Did CERT_VerifyCert set an error? */
+        return SECFailure;
+    }
+
+    /*
+     * XXX This is the check that we do not already have a signer.
+     * This is not what we really want -- we want to allow this
+     * and *add* the new signer.
+     */
+    PORT_Assert(*signerinfosp == NULL && *digestalgsp == NULL && *digestsp == NULL);
+    if (*signerinfosp != NULL || *digestalgsp != NULL || *digestsp != NULL)
+        return SECFailure;
+
+    mark = PORT_ArenaMark(cinfo->poolp);
+
+    signerinfo = (SEC_PKCS7SignerInfo *)PORT_ArenaZAlloc(cinfo->poolp,
+                                                         sizeof(SEC_PKCS7SignerInfo));
+    if (signerinfo == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(cinfo->poolp, &signerinfo->version,
+                                  SEC_PKCS7_SIGNER_INFO_VERSION);
+    if (dummy == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+    PORT_Assert(dummy == &signerinfo->version);
+
+    signerinfo->cert = CERT_DupCertificate(cert);
+    if (signerinfo->cert == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    signerinfo->issuerAndSN = CERT_GetCertIssuerAndSN(cinfo->poolp, cert);
+    if (signerinfo->issuerAndSN == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    rv = SECOID_SetAlgorithmID(cinfo->poolp, &signerinfo->digestAlg,
+                               digestalgtag, NULL);
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    /*
+     * Okay, now signerinfo is all set.  We just need to put it and its
+     * companions (another copy of the digest algorithm, and the digest
+     * itself if given) into the main structure.
+     *
+     * XXX If we are handling more than one signer, the following code
+     * needs to look through the digest algorithms already specified
+     * and see if the same one is there already.  If it is, it does not
+     * need to be added again.  Also, if it is there *and* the digest
+     * is not null, then the digest given should match the digest already
+     * specified -- if not, that is an error.  Finally, the new signerinfo
+     * should be *added* to the set already found.
+     */
+
+    signerinfos = (SEC_PKCS7SignerInfo **)PORT_ArenaAlloc(cinfo->poolp,
+                                                          2 * sizeof(SEC_PKCS7SignerInfo *));
+    if (signerinfos == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+    signerinfos[0] = signerinfo;
+    signerinfos[1] = NULL;
+
+    digestalg = PORT_ArenaZAlloc(cinfo->poolp, sizeof(SECAlgorithmID));
+    digestalgs = PORT_ArenaAlloc(cinfo->poolp, 2 * sizeof(SECAlgorithmID *));
+    if (digestalg == NULL || digestalgs == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+    rv = SECOID_SetAlgorithmID(cinfo->poolp, digestalg, digestalgtag, NULL);
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+    digestalgs[0] = digestalg;
+    digestalgs[1] = NULL;
+
+    if (digestdata != NULL) {
+        digest = (SECItem *)PORT_ArenaAlloc(cinfo->poolp, sizeof(SECItem));
+        digests = (SECItem **)PORT_ArenaAlloc(cinfo->poolp,
+                                              2 * sizeof(SECItem *));
+        if (digest == NULL || digests == NULL) {
+            PORT_ArenaRelease(cinfo->poolp, mark);
+            return SECFailure;
+        }
+        rv = SECITEM_CopyItem(cinfo->poolp, digest, digestdata);
+        if (rv != SECSuccess) {
+            PORT_ArenaRelease(cinfo->poolp, mark);
+            return SECFailure;
+        }
+        digests[0] = digest;
+        digests[1] = NULL;
+    } else {
+        digests = NULL;
+    }
+
+    *signerinfosp = signerinfos;
+    *digestalgsp = digestalgs;
+    *digestsp = digests;
+
+    PORT_ArenaUnmark(cinfo->poolp, mark);
+    return SECSuccess;
+}
+
+/*
+ * Helper function for creating an empty signedData.
+ */
+static SEC_PKCS7ContentInfo *
+sec_pkcs7_create_signed_data(SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SEC_PKCS7SignedData *sigd;
+    SECStatus rv;
+
+    cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_SIGNED_DATA, PR_FALSE,
+                                          pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    sigd = cinfo->content.signedData;
+    PORT_Assert(sigd != NULL);
+
+    /*
+     * XXX Might we want to allow content types other than data?
+     * If so, via what interface?
+     */
+    rv = sec_pkcs7_init_content_info(&(sigd->contentInfo), cinfo->poolp,
+                                     SEC_OID_PKCS7_DATA, PR_TRUE);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    return cinfo;
+}
+
+/*
+ * Start a PKCS7 signing context.
+ *
+ * "cert" is the cert that will be used to sign the data.  It will be
+ * checked for validity.
+ *
+ * "certusage" describes the signing usage (e.g. certUsageEmailSigner)
+ * XXX Maybe SECCertUsage should be split so that our caller just says
+ * "email" and *we* add the "signing" part -- otherwise our caller
+ * could be lying about the usage; we do not want to allow encryption
+ * certs for signing or vice versa.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ * 
+ * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
+ *
+ * "digest" is the actual digest of the data.  It must be provided in
+ * the case of detached data or NULL if the content will be included.
+ *
+ * The return value can be passed to functions which add things to
+ * it like attributes, then eventually to SEC_PKCS7Encode() or to
+ * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
+ * SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateSignedData(CERTCertificate *cert,
+                          SECCertUsage certusage,
+                          CERTCertDBHandle *certdb,
+                          SECOidTag digestalg,
+                          SECItem *digest,
+                          SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SECStatus rv;
+
+    cinfo = sec_pkcs7_create_signed_data(pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    rv = sec_pkcs7_add_signer(cinfo, cert, certusage, certdb,
+                              digestalg, digest);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    return cinfo;
+}
+
+static SEC_PKCS7Attribute *
+sec_pkcs7_create_attribute(PLArenaPool *poolp, SECOidTag oidtag,
+                           SECItem *value, PRBool encoded)
+{
+    SEC_PKCS7Attribute *attr;
+    SECItem **values;
+    void *mark;
+
+    PORT_Assert(poolp != NULL);
+    mark = PORT_ArenaMark(poolp);
+
+    attr = (SEC_PKCS7Attribute *)PORT_ArenaAlloc(poolp,
+                                                 sizeof(SEC_PKCS7Attribute));
+    if (attr == NULL)
+        goto loser;
+
+    attr->typeTag = SECOID_FindOIDByTag(oidtag);
+    if (attr->typeTag == NULL)
+        goto loser;
+
+    if (SECITEM_CopyItem(poolp, &(attr->type),
+                         &(attr->typeTag->oid)) != SECSuccess)
+        goto loser;
+
+    values = (SECItem **)PORT_ArenaAlloc(poolp, 2 * sizeof(SECItem *));
+    if (values == NULL)
+        goto loser;
+
+    if (value != NULL) {
+        SECItem *copy;
+
+        copy = (SECItem *)PORT_ArenaAlloc(poolp, sizeof(SECItem));
+        if (copy == NULL)
+            goto loser;
+
+        if (SECITEM_CopyItem(poolp, copy, value) != SECSuccess)
+            goto loser;
+
+        value = copy;
+    }
+
+    values[0] = value;
+    values[1] = NULL;
+    attr->values = values;
+    attr->encoded = encoded;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return attr;
+
+loser:
+    PORT_Assert(mark != NULL);
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+static SECStatus
+sec_pkcs7_add_attribute(SEC_PKCS7ContentInfo *cinfo,
+                        SEC_PKCS7Attribute ***attrsp,
+                        SEC_PKCS7Attribute *attr)
+{
+    SEC_PKCS7Attribute **attrs;
+    SECItem *ct_value;
+    void *mark;
+
+    PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
+    if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
+        return SECFailure;
+
+    attrs = *attrsp;
+    if (attrs != NULL) {
+        int count;
+
+        /*
+	 * We already have some attributes, and just need to add this
+	 * new one.
+	 */
+
+        /*
+	 * We should already have the *required* attributes, which were
+	 * created/added at the same time the first attribute was added.
+	 */
+        PORT_Assert(sec_PKCS7FindAttribute(attrs,
+                                           SEC_OID_PKCS9_CONTENT_TYPE,
+                                           PR_FALSE) != NULL);
+        PORT_Assert(sec_PKCS7FindAttribute(attrs,
+                                           SEC_OID_PKCS9_MESSAGE_DIGEST,
+                                           PR_FALSE) != NULL);
+
+        for (count = 0; attrs[count] != NULL; count++)
+            ;
+        attrs = (SEC_PKCS7Attribute **)PORT_ArenaGrow(cinfo->poolp, attrs,
+                                                      (count + 1) * sizeof(SEC_PKCS7Attribute *),
+                                                      (count + 2) * sizeof(SEC_PKCS7Attribute *));
+        if (attrs == NULL)
+            return SECFailure;
+
+        attrs[count] = attr;
+        attrs[count + 1] = NULL;
+        *attrsp = attrs;
+
+        return SECSuccess;
+    }
+
+    /*
+     * This is the first time an attribute is going in.
+     * We need to create and add the required attributes, and then
+     * we will also add in the one our caller gave us.
+     */
+
+    /*
+     * There are 2 required attributes, plus the one our caller wants
+     * to add, plus we always end with a NULL one.  Thus, four slots.
+     */
+    attrs = (SEC_PKCS7Attribute **)PORT_ArenaAlloc(cinfo->poolp,
+                                                   4 * sizeof(SEC_PKCS7Attribute *));
+    if (attrs == NULL)
+        return SECFailure;
+
+    mark = PORT_ArenaMark(cinfo->poolp);
+
+    /*
+     * First required attribute is the content type of the data
+     * being signed.
+     */
+    ct_value = &(cinfo->content.signedData->contentInfo.contentType);
+    attrs[0] = sec_pkcs7_create_attribute(cinfo->poolp,
+                                          SEC_OID_PKCS9_CONTENT_TYPE,
+                                          ct_value, PR_FALSE);
+    /*
+     * Second required attribute is the message digest of the data
+     * being signed; we leave the value NULL for now (just create
+     * the place for it to go), and the encoder will fill it in later.
+     */
+    attrs[1] = sec_pkcs7_create_attribute(cinfo->poolp,
+                                          SEC_OID_PKCS9_MESSAGE_DIGEST,
+                                          NULL, PR_FALSE);
+    if (attrs[0] == NULL || attrs[1] == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    attrs[2] = attr;
+    attrs[3] = NULL;
+    *attrsp = attrs;
+
+    PORT_ArenaUnmark(cinfo->poolp, mark);
+    return SECSuccess;
+}
+
+/*
+ * Add the signing time to the authenticated (i.e. signed) attributes
+ * of "cinfo".  This is expected to be included in outgoing signed
+ * messages for email (S/MIME) but is likely useful in other situations.
+ *
+ * This should only be added once; a second call will either do
+ * nothing or replace an old signing time with a newer one.
+ *
+ * XXX This will probably just shove the current time into "cinfo"
+ * but it will not actually get signed until the entire item is
+ * processed for encoding.  Is this (expected to be small) delay okay?
+ *
+ * "cinfo" should be of type signedData (the only kind of pkcs7 data
+ * that is allowed authenticated attributes); SECFailure will be returned
+ * if it is not.
+ */
+SECStatus
+SEC_PKCS7AddSigningTime(SEC_PKCS7ContentInfo *cinfo)
+{
+    SEC_PKCS7SignerInfo **signerinfos;
+    SEC_PKCS7Attribute *attr;
+    SECItem stime;
+    SECStatus rv;
+    int si;
+
+    PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
+    if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
+        return SECFailure;
+
+    signerinfos = cinfo->content.signedData->signerInfos;
+
+    /* There has to be a signer, or it makes no sense. */
+    if (signerinfos == NULL || signerinfos[0] == NULL)
+        return SECFailure;
+
+    rv = DER_EncodeTimeChoice(NULL, &stime, PR_Now());
+    if (rv != SECSuccess)
+        return rv;
+
+    attr = sec_pkcs7_create_attribute(cinfo->poolp,
+                                      SEC_OID_PKCS9_SIGNING_TIME,
+                                      &stime, PR_FALSE);
+    SECITEM_FreeItem(&stime, PR_FALSE);
+
+    if (attr == NULL)
+        return SECFailure;
+
+    rv = SECSuccess;
+    for (si = 0; signerinfos[si] != NULL; si++) {
+        SEC_PKCS7Attribute *oattr;
+
+        oattr = sec_PKCS7FindAttribute(signerinfos[si]->authAttr,
+                                       SEC_OID_PKCS9_SIGNING_TIME, PR_FALSE);
+        PORT_Assert(oattr == NULL);
+        if (oattr != NULL)
+            continue; /* XXX or would it be better to replace it? */
+
+        rv = sec_pkcs7_add_attribute(cinfo, &(signerinfos[si]->authAttr),
+                                     attr);
+        if (rv != SECSuccess)
+            break; /* could try to continue, but may as well give up now */
+    }
+
+    return rv;
+}
+
+/*
+ * Add the specified attribute to the authenticated (i.e. signed) attributes
+ * of "cinfo" -- "oidtag" describes the attribute and "value" is the
+ * value to be associated with it.  NOTE! "value" must already be encoded;
+ * no interpretation of "oidtag" is done.  Also, it is assumed that this
+ * signedData has only one signer -- if we ever need to add attributes
+ * when there is more than one signature, we need a way to specify *which*
+ * signature should get the attribute.
+ *
+ * XXX Technically, a signed attribute can have multiple values; if/when
+ * we ever need to support an attribute which takes multiple values, we
+ * either need to change this interface or create an AddSignedAttributeValue
+ * which can be called subsequently, and would then append a value.
+ *
+ * "cinfo" should be of type signedData (the only kind of pkcs7 data
+ * that is allowed authenticated attributes); SECFailure will be returned
+ * if it is not.
+ */
+SECStatus
+SEC_PKCS7AddSignedAttribute(SEC_PKCS7ContentInfo *cinfo,
+                            SECOidTag oidtag,
+                            SECItem *value)
+{
+    SEC_PKCS7SignerInfo **signerinfos;
+    SEC_PKCS7Attribute *attr;
+
+    PORT_Assert(SEC_PKCS7ContentType(cinfo) == SEC_OID_PKCS7_SIGNED_DATA);
+    if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
+        return SECFailure;
+
+    signerinfos = cinfo->content.signedData->signerInfos;
+
+    /*
+     * No signature or more than one means no deal.
+     */
+    if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
+        return SECFailure;
+
+    attr = sec_pkcs7_create_attribute(cinfo->poolp, oidtag, value, PR_TRUE);
+    if (attr == NULL)
+        return SECFailure;
+
+    return sec_pkcs7_add_attribute(cinfo, &(signerinfos[0]->authAttr), attr);
+}
+
+/*
+ * Mark that the signer certificates and their issuing chain should
+ * be included in the encoded data.  This is expected to be used
+ * in outgoing signed messages for email (S/MIME).
+ *
+ * "certdb" is the cert database to use for finding the chain.
+ * It can be NULL, meaning use the default database.
+ *
+ * "cinfo" should be of type signedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ */
+SECStatus
+SEC_PKCS7IncludeCertChain(SEC_PKCS7ContentInfo *cinfo,
+                          CERTCertDBHandle *certdb)
+{
+    SECOidTag kind;
+    SEC_PKCS7SignerInfo *signerinfo, **signerinfos;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            signerinfos = cinfo->content.signedData->signerInfos;
+            break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
+            break;
+        default:
+            return SECFailure; /* XXX set an error? */
+    }
+
+    if (signerinfos == NULL) /* no signer, no certs? */
+        return SECFailure;   /* XXX set an error? */
+
+    if (certdb == NULL) {
+        certdb = CERT_GetDefaultCertDB();
+        if (certdb == NULL) {
+            PORT_SetError(SEC_ERROR_BAD_DATABASE);
+            return SECFailure;
+        }
+    }
+
+    /* XXX Should it be an error if we find no signerinfo or no certs? */
+    while ((signerinfo = *signerinfos++) != NULL) {
+        if (signerinfo->cert != NULL)
+            /* get the cert chain.  don't send the root to avoid contamination
+	     * of old clients with a new root that they don't trust
+	     */
+            signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert,
+                                                          certUsageEmailSigner,
+                                                          PR_FALSE);
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Helper function to add a certificate chain for inclusion in the
+ * bag of certificates in a signedData.
+ */
+static SECStatus
+sec_pkcs7_add_cert_chain(SEC_PKCS7ContentInfo *cinfo,
+                         CERTCertificate *cert,
+                         CERTCertDBHandle *certdb)
+{
+    SECOidTag kind;
+    CERTCertificateList *certlist, **certlists, ***certlistsp;
+    int count;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sdp;
+
+            sdp = cinfo->content.signedData;
+            certlistsp = &(sdp->certLists);
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            certlistsp = &(saedp->certLists);
+        } break;
+        default:
+            return SECFailure; /* XXX set an error? */
+    }
+
+    if (certdb == NULL) {
+        certdb = CERT_GetDefaultCertDB();
+        if (certdb == NULL) {
+            PORT_SetError(SEC_ERROR_BAD_DATABASE);
+            return SECFailure;
+        }
+    }
+
+    certlist = CERT_CertChainFromCert(cert, certUsageEmailSigner, PR_FALSE);
+    if (certlist == NULL)
+        return SECFailure;
+
+    certlists = *certlistsp;
+    if (certlists == NULL) {
+        count = 0;
+        certlists = (CERTCertificateList **)PORT_ArenaAlloc(cinfo->poolp,
+                                                            2 * sizeof(CERTCertificateList *));
+    } else {
+        for (count = 0; certlists[count] != NULL; count++)
+            ;
+        PORT_Assert(count); /* should be at least one already */
+        certlists = (CERTCertificateList **)PORT_ArenaGrow(cinfo->poolp,
+                                                           certlists,
+                                                           (count + 1) * sizeof(CERTCertificateList *),
+                                                           (count + 2) * sizeof(CERTCertificateList *));
+    }
+
+    if (certlists == NULL) {
+        CERT_DestroyCertificateList(certlist);
+        return SECFailure;
+    }
+
+    certlists[count] = certlist;
+    certlists[count + 1] = NULL;
+
+    *certlistsp = certlists;
+
+    return SECSuccess;
+}
+
+/*
+ * Helper function to add a certificate for inclusion in the bag of
+ * certificates in a signedData.
+ */
+static SECStatus
+sec_pkcs7_add_certificate(SEC_PKCS7ContentInfo *cinfo,
+                          CERTCertificate *cert)
+{
+    SECOidTag kind;
+    CERTCertificate **certs, ***certsp;
+    int count;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sdp;
+
+            sdp = cinfo->content.signedData;
+            certsp = &(sdp->certs);
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            certsp = &(saedp->certs);
+        } break;
+        default:
+            return SECFailure; /* XXX set an error? */
+    }
+
+    cert = CERT_DupCertificate(cert);
+    if (cert == NULL)
+        return SECFailure;
+
+    certs = *certsp;
+    if (certs == NULL) {
+        count = 0;
+        certs = (CERTCertificate **)PORT_ArenaAlloc(cinfo->poolp,
+                                                    2 * sizeof(CERTCertificate *));
+    } else {
+        for (count = 0; certs[count] != NULL; count++)
+            ;
+        PORT_Assert(count); /* should be at least one already */
+        certs = (CERTCertificate **)PORT_ArenaGrow(cinfo->poolp, certs,
+                                                   (count + 1) * sizeof(CERTCertificate *),
+                                                   (count + 2) * sizeof(CERTCertificate *));
+    }
+
+    if (certs == NULL) {
+        CERT_DestroyCertificate(cert);
+        return SECFailure;
+    }
+
+    certs[count] = cert;
+    certs[count + 1] = NULL;
+
+    *certsp = certs;
+
+    return SECSuccess;
+}
+
+/*
+ * Create a PKCS7 certs-only container.
+ *
+ * "cert" is the (first) cert that will be included.
+ *
+ * "include_chain" specifies whether the entire chain for "cert" should
+ * be included.
+ *
+ * "certdb" is the cert database to use for finding the chain.
+ * It can be NULL in when "include_chain" is false, or when meaning
+ * use the default database.
+ *
+ * More certs and chains can be added via AddCertificate and AddCertChain.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateCertsOnly(CERTCertificate *cert,
+                         PRBool include_chain,
+                         CERTCertDBHandle *certdb)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SECStatus rv;
+
+    cinfo = sec_pkcs7_create_signed_data(NULL, NULL);
+    if (cinfo == NULL)
+        return NULL;
+
+    if (include_chain)
+        rv = sec_pkcs7_add_cert_chain(cinfo, cert, certdb);
+    else
+        rv = sec_pkcs7_add_certificate(cinfo, cert);
+
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    return cinfo;
+}
+
+/*
+ * Add "cert" and its entire chain to the set of certs included in "cinfo".
+ *
+ * "certdb" is the cert database to use for finding the chain.
+ * It can be NULL, meaning use the default database.
+ *
+ * "cinfo" should be of type signedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ */
+SECStatus
+SEC_PKCS7AddCertChain(SEC_PKCS7ContentInfo *cinfo,
+                      CERTCertificate *cert,
+                      CERTCertDBHandle *certdb)
+{
+    SECOidTag kind;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    if (kind != SEC_OID_PKCS7_SIGNED_DATA && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
+        return SECFailure; /* XXX set an error? */
+
+    return sec_pkcs7_add_cert_chain(cinfo, cert, certdb);
+}
+
+/*
+ * Add "cert" to the set of certs included in "cinfo".
+ *
+ * "cinfo" should be of type signedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ */
+SECStatus
+SEC_PKCS7AddCertificate(SEC_PKCS7ContentInfo *cinfo, CERTCertificate *cert)
+{
+    SECOidTag kind;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    if (kind != SEC_OID_PKCS7_SIGNED_DATA && kind != SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA)
+        return SECFailure; /* XXX set an error? */
+
+    return sec_pkcs7_add_certificate(cinfo, cert);
+}
+
+static SECStatus
+sec_pkcs7_init_encrypted_content_info(SEC_PKCS7EncryptedContentInfo *enccinfo,
+                                      PLArenaPool *poolp,
+                                      SECOidTag kind, PRBool detached,
+                                      SECOidTag encalg, int keysize)
+{
+    SECStatus rv;
+
+    PORT_Assert(enccinfo != NULL && poolp != NULL);
+    if (enccinfo == NULL || poolp == NULL)
+        return SECFailure;
+
+    /*
+     * XXX Some day we may want to allow for other kinds.  That needs
+     * more work and modifications to the creation interface, etc.
+     * For now, allow but notice callers who pass in other kinds.
+     * They are responsible for creating the inner type and encoding,
+     * if it is other than DATA.
+     */
+    PORT_Assert(kind == SEC_OID_PKCS7_DATA);
+
+    enccinfo->contentTypeTag = SECOID_FindOIDByTag(kind);
+    PORT_Assert(enccinfo->contentTypeTag && enccinfo->contentTypeTag->offset == kind);
+
+    rv = SECITEM_CopyItem(poolp, &(enccinfo->contentType),
+                          &(enccinfo->contentTypeTag->oid));
+    if (rv != SECSuccess)
+        return rv;
+
+    /* Save keysize and algorithm for later. */
+    enccinfo->keysize = keysize;
+    enccinfo->encalg = encalg;
+
+    return SECSuccess;
+}
+
+/*
+ * Add a recipient to a PKCS7 thing, verifying their cert first.
+ * Any error returns SECFailure.
+ */
+static SECStatus
+sec_pkcs7_add_recipient(SEC_PKCS7ContentInfo *cinfo,
+                        CERTCertificate *cert,
+                        SECCertUsage certusage,
+                        CERTCertDBHandle *certdb)
+{
+    SECOidTag kind;
+    SEC_PKCS7RecipientInfo *recipientinfo, **recipientinfos, ***recipientinfosp;
+    SECItem *dummy;
+    void *mark;
+    int count;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_ENVELOPED_DATA: {
+            SEC_PKCS7EnvelopedData *edp;
+
+            edp = cinfo->content.envelopedData;
+            recipientinfosp = &(edp->recipientInfos);
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            recipientinfosp = &(saedp->recipientInfos);
+        } break;
+        default:
+            return SECFailure; /* XXX set an error? */
+    }
+
+    /*
+     * XXX I think that CERT_VerifyCert should do this if *it* is passed
+     * a NULL database.
+     */
+    if (certdb == NULL) {
+        certdb = CERT_GetDefaultCertDB();
+        if (certdb == NULL)
+            return SECFailure; /* XXX set an error? */
+    }
+
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, PR_Now(),
+                        cinfo->pwfn_arg, NULL) != SECSuccess) {
+        /* XXX Did CERT_VerifyCert set an error? */
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(cinfo->poolp);
+
+    recipientinfo = (SEC_PKCS7RecipientInfo *)PORT_ArenaZAlloc(cinfo->poolp,
+                                                               sizeof(SEC_PKCS7RecipientInfo));
+    if (recipientinfo == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(cinfo->poolp, &recipientinfo->version,
+                                  SEC_PKCS7_RECIPIENT_INFO_VERSION);
+    if (dummy == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+    PORT_Assert(dummy == &recipientinfo->version);
+
+    recipientinfo->cert = CERT_DupCertificate(cert);
+    if (recipientinfo->cert == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    recipientinfo->issuerAndSN = CERT_GetCertIssuerAndSN(cinfo->poolp, cert);
+    if (recipientinfo->issuerAndSN == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    /*
+     * Okay, now recipientinfo is all set.  We just need to put it into
+     * the main structure.
+     *
+     * If this is the first recipient, allocate a new recipientinfos array;
+     * otherwise, reallocate the array, making room for the new entry.
+     */
+    recipientinfos = *recipientinfosp;
+    if (recipientinfos == NULL) {
+        count = 0;
+        recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaAlloc(
+            cinfo->poolp,
+            2 * sizeof(SEC_PKCS7RecipientInfo *));
+    } else {
+        for (count = 0; recipientinfos[count] != NULL; count++)
+            ;
+        PORT_Assert(count); /* should be at least one already */
+        recipientinfos = (SEC_PKCS7RecipientInfo **)PORT_ArenaGrow(
+            cinfo->poolp, recipientinfos,
+            (count + 1) * sizeof(SEC_PKCS7RecipientInfo *),
+            (count + 2) * sizeof(SEC_PKCS7RecipientInfo *));
+    }
+
+    if (recipientinfos == NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+        return SECFailure;
+    }
+
+    recipientinfos[count] = recipientinfo;
+    recipientinfos[count + 1] = NULL;
+
+    *recipientinfosp = recipientinfos;
+
+    PORT_ArenaUnmark(cinfo->poolp, mark);
+    return SECSuccess;
+}
+
+/*
+ * Start a PKCS7 enveloping context.
+ *
+ * "cert" is the cert for the recipient.  It will be checked for validity.
+ *
+ * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
+ * XXX Maybe SECCertUsage should be split so that our caller just says
+ * "email" and *we* add the "recipient" part -- otherwise our caller
+ * could be lying about the usage; we do not want to allow encryption
+ * certs for signing or vice versa.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * "encalg" specifies the bulk encryption algorithm to use (e.g. SEC_OID_RC2).
+ *
+ * "keysize" specifies the bulk encryption key size, in bits.
+ *
+ * The return value can be passed to functions which add things to
+ * it like more recipients, then eventually to SEC_PKCS7Encode() or to
+ * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
+ * SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateEnvelopedData(CERTCertificate *cert,
+                             SECCertUsage certusage,
+                             CERTCertDBHandle *certdb,
+                             SECOidTag encalg,
+                             int keysize,
+                             SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SEC_PKCS7EnvelopedData *envd;
+    SECStatus rv;
+
+    cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENVELOPED_DATA,
+                                          PR_FALSE, pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    rv = sec_pkcs7_add_recipient(cinfo, cert, certusage, certdb);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    envd = cinfo->content.envelopedData;
+    PORT_Assert(envd != NULL);
+
+    /*
+     * XXX Might we want to allow content types other than data?
+     * If so, via what interface?
+     */
+    rv = sec_pkcs7_init_encrypted_content_info(&(envd->encContentInfo),
+                                               cinfo->poolp,
+                                               SEC_OID_PKCS7_DATA, PR_FALSE,
+                                               encalg, keysize);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    /* XXX Anything more to do here? */
+
+    return cinfo;
+}
+
+/*
+ * Add another recipient to an encrypted message.
+ *
+ * "cinfo" should be of type envelopedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ *
+ * "cert" is the cert for the recipient.  It will be checked for validity.
+ *
+ * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
+ * XXX Maybe SECCertUsage should be split so that our caller just says
+ * "email" and *we* add the "recipient" part -- otherwise our caller
+ * could be lying about the usage; we do not want to allow encryption
+ * certs for signing or vice versa.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ */
+SECStatus
+SEC_PKCS7AddRecipient(SEC_PKCS7ContentInfo *cinfo,
+                      CERTCertificate *cert,
+                      SECCertUsage certusage,
+                      CERTCertDBHandle *certdb)
+{
+    return sec_pkcs7_add_recipient(cinfo, cert, certusage, certdb);
+}
+
+/*
+ * Create an empty PKCS7 data content info.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateData(void)
+{
+    return sec_pkcs7_create_content_info(SEC_OID_PKCS7_DATA, PR_FALSE,
+                                         NULL, NULL);
+}
+
+/*
+ * Create an empty PKCS7 encrypted content info.
+ *
+ * "algorithm" specifies the bulk encryption algorithm to use.
+ * 
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateEncryptedData(SECOidTag algorithm, int keysize,
+                             SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SECAlgorithmID *algid;
+    SEC_PKCS7EncryptedData *enc_data;
+    SECStatus rv;
+
+    cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENCRYPTED_DATA,
+                                          PR_FALSE, pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    enc_data = cinfo->content.encryptedData;
+    algid = &(enc_data->encContentInfo.contentEncAlg);
+
+    if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) {
+        rv = SECOID_SetAlgorithmID(cinfo->poolp, algid, algorithm, NULL);
+    } else {
+        /* Assume password-based-encryption.  
+         * Note: we can't generate pkcs5v2 from this interface.
+         * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting
+         * non-PBE oids and assuming that they are pkcs5v2 oids, but
+         * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular
+         * CMS encrypted data, so we can't tell SEC_PKCS7CreateEncryptedtedData
+         * to create pkcs5v2 PBEs */
+        SECAlgorithmID *pbe_algid;
+        pbe_algid = PK11_CreatePBEAlgorithmID(algorithm,
+                                              NSS_PBE_DEFAULT_ITERATION_COUNT,
+                                              NULL);
+        if (pbe_algid == NULL) {
+            rv = SECFailure;
+        } else {
+            rv = SECOID_CopyAlgorithmID(cinfo->poolp, algid, pbe_algid);
+            SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE);
+        }
+    }
+
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    rv = sec_pkcs7_init_encrypted_content_info(&(enc_data->encContentInfo),
+                                               cinfo->poolp,
+                                               SEC_OID_PKCS7_DATA, PR_FALSE,
+                                               algorithm, keysize);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    return cinfo;
+}
+
+SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateEncryptedDataWithPBEV2(SECOidTag pbe_algorithm,
+                                      SECOidTag cipher_algorithm,
+                                      SECOidTag prf_algorithm,
+                                      int keysize,
+                                      SECKEYGetPasswordKey pwfn, void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SECAlgorithmID *algid;
+    SEC_PKCS7EncryptedData *enc_data;
+    SECStatus rv;
+
+    PORT_Assert(SEC_PKCS5IsAlgorithmPBEAlgTag(pbe_algorithm));
+
+    cinfo = sec_pkcs7_create_content_info(SEC_OID_PKCS7_ENCRYPTED_DATA,
+                                          PR_FALSE, pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    enc_data = cinfo->content.encryptedData;
+    algid = &(enc_data->encContentInfo.contentEncAlg);
+
+    SECAlgorithmID *pbe_algid;
+    pbe_algid = PK11_CreatePBEV2AlgorithmID(pbe_algorithm,
+                                            cipher_algorithm,
+                                            prf_algorithm,
+                                            keysize,
+                                            NSS_PBE_DEFAULT_ITERATION_COUNT,
+                                            NULL);
+    if (pbe_algid == NULL) {
+        rv = SECFailure;
+    } else {
+        rv = SECOID_CopyAlgorithmID(cinfo->poolp, algid, pbe_algid);
+        SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE);
+    }
+
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    rv = sec_pkcs7_init_encrypted_content_info(&(enc_data->encContentInfo),
+                                               cinfo->poolp,
+                                               SEC_OID_PKCS7_DATA, PR_FALSE,
+                                               cipher_algorithm, keysize);
+    if (rv != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    return cinfo;
+}
diff --git a/nss/lib/pkcs7/p7decode.c b/nss/lib/pkcs7/p7decode.c
new file mode 100644
index 0000000..658c61e
--- /dev/null
+++ b/nss/lib/pkcs7/p7decode.c
@@ -0,0 +1,1914 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * PKCS7 decoding, verification.
+ */
+
+#include "p7local.h"
+
+#include "cert.h"
+/* XXX do not want to have to include */
+#include "certdb.h" /* certdb.h -- the trust stuff needed by */
+                    /* the add certificate code needs to get */
+                    /* rewritten/abstracted and then this */
+                    /* include should be removed! */
+/*#include "cdbhdl.h" */
+#include "cryptohi.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+#include "sechash.h" /* for HASH_GetHashObject() */
+#include "secder.h"
+#include "secpkcs5.h"
+
+struct sec_pkcs7_decoder_worker {
+    int depth;
+    int digcnt;
+    void **digcxs;
+    const SECHashObject **digobjs;
+    sec_PKCS7CipherObject *decryptobj;
+    PRBool saw_contents;
+};
+
+struct SEC_PKCS7DecoderContextStr {
+    SEC_ASN1DecoderContext *dcx;
+    SEC_PKCS7ContentInfo *cinfo;
+    SEC_PKCS7DecoderContentCallback cb;
+    void *cb_arg;
+    SECKEYGetPasswordKey pwfn;
+    void *pwfn_arg;
+    struct sec_pkcs7_decoder_worker worker;
+    PLArenaPool *tmp_poolp;
+    int error;
+    SEC_PKCS7GetDecryptKeyCallback dkcb;
+    void *dkcb_arg;
+    SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb;
+};
+
+/*
+ * Handle one worker, decrypting and digesting the data as necessary.
+ *
+ * XXX If/when we support nested contents, this probably needs to be
+ * revised somewhat to get passed the content-info (which unfortunately
+ * can be two different types depending on whether it is encrypted or not)
+ * corresponding to the given worker.
+ */
+static void
+sec_pkcs7_decoder_work_data(SEC_PKCS7DecoderContext *p7dcx,
+                            struct sec_pkcs7_decoder_worker *worker,
+                            const unsigned char *data, unsigned long len,
+                            PRBool final)
+{
+    unsigned char *buf = NULL;
+    SECStatus rv;
+    int i;
+
+    /*
+     * We should really have data to process, or we should be trying
+     * to finish/flush the last block.  (This is an overly paranoid
+     * check since all callers are in this file and simple inspection
+     * proves they do it right.  But it could find a bug in future
+     * modifications/development, that is why it is here.)
+     */
+    PORT_Assert((data != NULL && len) || final);
+
+    /*
+     * Decrypt this chunk.
+     *
+     * XXX If we get an error, we do not want to do the digest or callback,
+     * but we want to keep decoding.  Or maybe we want to stop decoding
+     * altogether if there is a callback, because obviously we are not
+     * sending the data back and they want to know that.
+     */
+    if (worker->decryptobj != NULL) {
+        /* XXX the following lengths should all be longs? */
+        unsigned int inlen;  /* length of data being decrypted */
+        unsigned int outlen; /* length of decrypted data */
+        unsigned int buflen; /* length available for decrypted data */
+        SECItem *plain;
+
+        inlen = len;
+        buflen = sec_PKCS7DecryptLength(worker->decryptobj, inlen, final);
+        if (buflen == 0) {
+            if (inlen == 0) /* no input and no output */
+                return;
+            /*
+             * No output is expected, but the input data may be buffered
+             * so we still have to call Decrypt.
+             */
+            rv = sec_PKCS7Decrypt(worker->decryptobj, NULL, NULL, 0,
+                                  data, inlen, final);
+            if (rv != SECSuccess) {
+                p7dcx->error = PORT_GetError();
+                return; /* XXX indicate error? */
+            }
+            return;
+        }
+
+        if (p7dcx->cb != NULL) {
+            buf = (unsigned char *)PORT_Alloc(buflen);
+            plain = NULL;
+        } else {
+            unsigned long oldlen;
+
+            /*
+             * XXX This assumes one level of content only.
+             * See comment above about nested content types.
+             * XXX Also, it should work for signedAndEnvelopedData, too!
+             */
+            plain = &(p7dcx->cinfo->content.envelopedData->encContentInfo.plainContent);
+
+            oldlen = plain->len;
+            if (oldlen == 0) {
+                buf = (unsigned char *)PORT_ArenaAlloc(p7dcx->cinfo->poolp,
+                                                       buflen);
+            } else {
+                buf = (unsigned char *)PORT_ArenaGrow(p7dcx->cinfo->poolp,
+                                                      plain->data,
+                                                      oldlen, oldlen + buflen);
+                if (buf != NULL)
+                    buf += oldlen;
+            }
+            plain->data = buf;
+        }
+        if (buf == NULL) {
+            p7dcx->error = SEC_ERROR_NO_MEMORY;
+            return; /* XXX indicate error? */
+        }
+        rv = sec_PKCS7Decrypt(worker->decryptobj, buf, &outlen, buflen,
+                              data, inlen, final);
+        if (rv != SECSuccess) {
+            p7dcx->error = PORT_GetError();
+            return; /* XXX indicate error? */
+        }
+        if (plain != NULL) {
+            PORT_Assert(final || outlen == buflen);
+            plain->len += outlen;
+        }
+        data = buf;
+        len = outlen;
+    }
+
+    /*
+     * Update the running digests.
+     */
+    if (len) {
+        for (i = 0; i < worker->digcnt; i++) {
+            (*worker->digobjs[i]->update)(worker->digcxs[i], data, len);
+        }
+    }
+
+    /*
+     * Pass back the contents bytes, and free the temporary buffer.
+     */
+    if (p7dcx->cb != NULL) {
+        if (len)
+            (*p7dcx->cb)(p7dcx->cb_arg, (const char *)data, len);
+        if (worker->decryptobj != NULL) {
+            PORT_Assert(buf != NULL);
+            PORT_Free(buf);
+        }
+    }
+}
+
+static void
+sec_pkcs7_decoder_filter(void *arg, const char *data, unsigned long len,
+                         int depth, SEC_ASN1EncodingPart data_kind)
+{
+    SEC_PKCS7DecoderContext *p7dcx;
+    struct sec_pkcs7_decoder_worker *worker;
+
+    /*
+     * Since we do not handle any nested contents, the only bytes we
+     * are really interested in are the actual contents bytes (not
+     * the identifier, length, or end-of-contents bytes).  If we were
+     * handling nested types we would probably need to do something
+     * smarter based on depth and data_kind.
+     */
+    if (data_kind != SEC_ASN1_Contents)
+        return;
+
+    /*
+     * The ASN.1 decoder should not even call us with a length of 0.
+     * Just being paranoid.
+     */
+    PORT_Assert(len);
+    if (len == 0)
+        return;
+
+    p7dcx = (SEC_PKCS7DecoderContext *)arg;
+
+    /*
+     * Handling nested contents would mean that there is a chain
+     * of workers -- one per each level of content.  The following
+     * would start with the first worker and loop over them.
+     */
+    worker = &(p7dcx->worker);
+
+    worker->saw_contents = PR_TRUE;
+
+    sec_pkcs7_decoder_work_data(p7dcx, worker,
+                                (const unsigned char *)data, len, PR_FALSE);
+}
+
+/*
+ * Create digest contexts for each algorithm in "digestalgs".
+ * No algorithms is not an error, we just do not do anything.
+ * An error (like trouble allocating memory), marks the error
+ * in "p7dcx" and returns SECFailure, which means that our caller
+ * should just give up altogether.
+ */
+static SECStatus
+sec_pkcs7_decoder_start_digests(SEC_PKCS7DecoderContext *p7dcx, int depth,
+                                SECAlgorithmID **digestalgs)
+{
+    int i, digcnt;
+
+    if (digestalgs == NULL)
+        return SECSuccess;
+
+    /*
+     * Count the algorithms.
+     */
+    digcnt = 0;
+    while (digestalgs[digcnt] != NULL)
+        digcnt++;
+
+    /*
+     * No algorithms means no work to do.
+     * Just act as if there were no algorithms specified.
+     */
+    if (digcnt == 0)
+        return SECSuccess;
+
+    p7dcx->worker.digcxs = (void **)PORT_ArenaAlloc(p7dcx->tmp_poolp,
+                                                    digcnt * sizeof(void *));
+    p7dcx->worker.digobjs = (const SECHashObject **)PORT_ArenaAlloc(p7dcx->tmp_poolp,
+                                                                    digcnt * sizeof(SECHashObject *));
+    if (p7dcx->worker.digcxs == NULL || p7dcx->worker.digobjs == NULL) {
+        p7dcx->error = SEC_ERROR_NO_MEMORY;
+        return SECFailure;
+    }
+
+    p7dcx->worker.depth = depth;
+    p7dcx->worker.digcnt = 0;
+
+    /*
+     * Create a digest context for each algorithm.
+     */
+    for (i = 0; i < digcnt; i++) {
+        SECAlgorithmID *algid = digestalgs[i];
+        SECOidTag oidTag = SECOID_FindOIDTag(&(algid->algorithm));
+        const SECHashObject *digobj = HASH_GetHashObjectByOidTag(oidTag);
+        void *digcx;
+
+        /*
+         * Skip any algorithm we do not even recognize; obviously,
+         * this could be a problem, but if it is critical then the
+         * result will just be that the signature does not verify.
+         * We do not necessarily want to error out here, because
+         * the particular algorithm may not actually be important,
+         * but we cannot know that until later.
+         */
+        if (digobj == NULL) {
+            p7dcx->worker.digcnt--;
+            continue;
+        }
+
+        digcx = (*digobj->create)();
+        if (digcx != NULL) {
+            (*digobj->begin)(digcx);
+            p7dcx->worker.digobjs[p7dcx->worker.digcnt] = digobj;
+            p7dcx->worker.digcxs[p7dcx->worker.digcnt] = digcx;
+            p7dcx->worker.digcnt++;
+        }
+    }
+
+    if (p7dcx->worker.digcnt != 0)
+        SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
+                                     sec_pkcs7_decoder_filter,
+                                     p7dcx,
+                                     (PRBool)(p7dcx->cb != NULL));
+    return SECSuccess;
+}
+
+/*
+ * Close out all of the digest contexts, storing the results in "digestsp".
+ */
+static SECStatus
+sec_pkcs7_decoder_finish_digests(SEC_PKCS7DecoderContext *p7dcx,
+                                 PLArenaPool *poolp,
+                                 SECItem ***digestsp)
+{
+    struct sec_pkcs7_decoder_worker *worker;
+    const SECHashObject *digobj;
+    void *digcx;
+    SECItem **digests, *digest;
+    int i;
+    void *mark;
+
+    /*
+     * XXX Handling nested contents would mean that there is a chain
+     * of workers -- one per each level of content.  The following
+     * would want to find the last worker in the chain.
+     */
+    worker = &(p7dcx->worker);
+
+    /*
+     * If no digests, then we have nothing to do.
+     */
+    if (worker->digcnt == 0)
+        return SECSuccess;
+
+    /*
+     * No matter what happens after this, we want to stop filtering.
+     * XXX If we handle nested contents, we only want to stop filtering
+     * if we are finishing off the *last* worker.
+     */
+    SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
+
+    /*
+     * If we ended up with no contents, just destroy each
+     * digest context -- they are meaningless and potentially
+     * confusing, because their presence would imply some content
+     * was digested.
+     */
+    if (!worker->saw_contents) {
+        for (i = 0; i < worker->digcnt; i++) {
+            digcx = worker->digcxs[i];
+            digobj = worker->digobjs[i];
+            (*digobj->destroy)(digcx, PR_TRUE);
+        }
+        return SECSuccess;
+    }
+
+    mark = PORT_ArenaMark(poolp);
+
+    /*
+     * Close out each digest context, saving digest away.
+     */
+    digests =
+        (SECItem **)PORT_ArenaAlloc(poolp, (worker->digcnt + 1) * sizeof(SECItem *));
+    digest = (SECItem *)PORT_ArenaAlloc(poolp, worker->digcnt * sizeof(SECItem));
+    if (digests == NULL || digest == NULL) {
+        p7dcx->error = PORT_GetError();
+        PORT_ArenaRelease(poolp, mark);
+        return SECFailure;
+    }
+
+    for (i = 0; i < worker->digcnt; i++, digest++) {
+        digcx = worker->digcxs[i];
+        digobj = worker->digobjs[i];
+
+        digest->data = (unsigned char *)PORT_ArenaAlloc(poolp, digobj->length);
+        if (digest->data == NULL) {
+            p7dcx->error = PORT_GetError();
+            PORT_ArenaRelease(poolp, mark);
+            return SECFailure;
+        }
+
+        digest->len = digobj->length;
+        (*digobj->end)(digcx, digest->data, &(digest->len), digest->len);
+        (*digobj->destroy)(digcx, PR_TRUE);
+
+        digests[i] = digest;
+    }
+    digests[i] = NULL;
+    *digestsp = digests;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+}
+
+/*
+ * XXX Need comment explaining following helper function (which is used
+ * by sec_pkcs7_decoder_start_decrypt).
+ */
+
+static PK11SymKey *
+sec_pkcs7_decoder_get_recipient_key(SEC_PKCS7DecoderContext *p7dcx,
+                                    SEC_PKCS7RecipientInfo **recipientinfos,
+                                    SEC_PKCS7EncryptedContentInfo *enccinfo)
+{
+    SEC_PKCS7RecipientInfo *ri;
+    CERTCertificate *cert = NULL;
+    SECKEYPrivateKey *privkey = NULL;
+    PK11SymKey *bulkkey = NULL;
+    SECOidTag keyalgtag, bulkalgtag, encalgtag;
+    PK11SlotInfo *slot = NULL;
+
+    if (recipientinfos == NULL || recipientinfos[0] == NULL) {
+        p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT;
+        goto no_key_found;
+    }
+
+    cert = PK11_FindCertAndKeyByRecipientList(&slot, recipientinfos, &ri,
+                                              &privkey, p7dcx->pwfn_arg);
+    if (cert == NULL) {
+        p7dcx->error = SEC_ERROR_NOT_A_RECIPIENT;
+        goto no_key_found;
+    }
+
+    ri->cert = cert; /* so we can find it later */
+    PORT_Assert(privkey != NULL);
+
+    keyalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
+    encalgtag = SECOID_GetAlgorithmTag(&(ri->keyEncAlg));
+    if (keyalgtag != encalgtag) {
+        p7dcx->error = SEC_ERROR_PKCS7_KEYALG_MISMATCH;
+        goto no_key_found;
+    }
+    bulkalgtag = SECOID_GetAlgorithmTag(&(enccinfo->contentEncAlg));
+
+    switch (encalgtag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            bulkkey = PK11_PubUnwrapSymKey(privkey, &ri->encKey,
+                                           PK11_AlgtagToMechanism(bulkalgtag),
+                                           CKA_DECRYPT, 0);
+            if (bulkkey == NULL) {
+                p7dcx->error = PORT_GetError();
+                PORT_SetError(0);
+                goto no_key_found;
+            }
+            break;
+        default:
+            p7dcx->error = SEC_ERROR_UNSUPPORTED_KEYALG;
+            break;
+    }
+
+no_key_found:
+    if (privkey != NULL)
+        SECKEY_DestroyPrivateKey(privkey);
+    if (slot != NULL)
+        PK11_FreeSlot(slot);
+
+    return bulkkey;
+}
+
+/*
+ * XXX The following comment is old -- the function used to only handle
+ * EnvelopedData or SignedAndEnvelopedData but now handles EncryptedData
+ * as well (and it had all of the code of the helper function above
+ * built into it), though the comment was left as is.  Fix it...
+ *
+ * We are just about to decode the content of an EnvelopedData.
+ * Set up a decryption context so we can decrypt as we go.
+ * Presumably we are one of the recipients listed in "recipientinfos".
+ * (XXX And if we are not, or if we have trouble, what should we do?
+ *  It would be nice to let the decoding still work.  Maybe it should
+ *  be an error if there is a content callback, but not an error otherwise?)
+ * The encryption key and related information can be found in "enccinfo".
+ */
+static SECStatus
+sec_pkcs7_decoder_start_decrypt(SEC_PKCS7DecoderContext *p7dcx, int depth,
+                                SEC_PKCS7RecipientInfo **recipientinfos,
+                                SEC_PKCS7EncryptedContentInfo *enccinfo,
+                                PK11SymKey **copy_key_for_signature)
+{
+    PK11SymKey *bulkkey = NULL;
+    sec_PKCS7CipherObject *decryptobj;
+
+    /*
+     * If a callback is supplied to retrieve the encryption key,
+     * for instance, for Encrypted Content infos, then retrieve
+     * the bulkkey from the callback.  Otherwise, assume that
+     * we are processing Enveloped or SignedAndEnveloped data
+     * content infos.
+     *
+     * XXX Put an assert here?
+     */
+    if (SEC_PKCS7ContentType(p7dcx->cinfo) == SEC_OID_PKCS7_ENCRYPTED_DATA) {
+        if (p7dcx->dkcb != NULL) {
+            bulkkey = (*p7dcx->dkcb)(p7dcx->dkcb_arg,
+                                     &(enccinfo->contentEncAlg));
+        }
+        enccinfo->keysize = 0;
+    } else {
+        bulkkey = sec_pkcs7_decoder_get_recipient_key(p7dcx, recipientinfos,
+                                                      enccinfo);
+        if (bulkkey == NULL)
+            goto no_decryption;
+        enccinfo->keysize = PK11_GetKeyStrength(bulkkey,
+                                                &(enccinfo->contentEncAlg));
+    }
+
+    /*
+     * XXX I think following should set error in p7dcx and clear set error
+     * (as used to be done here, or as is done in get_receipient_key above.
+     */
+    if (bulkkey == NULL) {
+        goto no_decryption;
+    }
+
+    /*
+     * We want to make sure decryption is allowed.  This is done via
+     * a callback specified in SEC_PKCS7DecoderStart().
+     */
+    if (p7dcx->decrypt_allowed_cb) {
+        if ((*p7dcx->decrypt_allowed_cb)(&(enccinfo->contentEncAlg),
+                                         bulkkey) == PR_FALSE) {
+            p7dcx->error = SEC_ERROR_DECRYPTION_DISALLOWED;
+            goto no_decryption;
+        }
+    } else {
+        p7dcx->error = SEC_ERROR_DECRYPTION_DISALLOWED;
+        goto no_decryption;
+    }
+
+    /*
+     * When decrypting a signedAndEnvelopedData, the signature also has
+     * to be decrypted with the bulk encryption key; to avoid having to
+     * get it all over again later (and do another potentially expensive
+     * RSA operation), copy it for later signature verification to use.
+     */
+    if (copy_key_for_signature != NULL)
+        *copy_key_for_signature = PK11_ReferenceSymKey(bulkkey);
+
+    /*
+     * Now we have the bulk encryption key (in bulkkey) and the
+     * the algorithm (in enccinfo->contentEncAlg).  Using those,
+     * create a decryption context.
+     */
+    decryptobj = sec_PKCS7CreateDecryptObject(bulkkey,
+                                              &(enccinfo->contentEncAlg));
+
+    /*
+     * We are done with (this) bulkkey now.
+     */
+    PK11_FreeSymKey(bulkkey);
+
+    if (decryptobj == NULL) {
+        p7dcx->error = PORT_GetError();
+        PORT_SetError(0);
+        goto no_decryption;
+    }
+
+    SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
+                                 sec_pkcs7_decoder_filter,
+                                 p7dcx,
+                                 (PRBool)(p7dcx->cb != NULL));
+
+    p7dcx->worker.depth = depth;
+    p7dcx->worker.decryptobj = decryptobj;
+
+    return SECSuccess;
+
+no_decryption:
+    /*
+     * For some reason (error set already, if appropriate), we cannot
+     * decrypt the content.  I am not sure what exactly is the right
+     * thing to do here; in some cases we want to just stop, and in
+     * others we want to let the decoding finish even though we cannot
+     * decrypt the content.  My current thinking is that if the caller
+     * set up a content callback, then they are really interested in
+     * getting (decrypted) content, and if they cannot they will want
+     * to know about it.  However, if no callback was specified, then
+     * maybe it is not important that the decryption failed.
+     */
+    if (p7dcx->cb != NULL)
+        return SECFailure;
+    else
+        return SECSuccess; /* Let the decoding continue. */
+}
+
+static SECStatus
+sec_pkcs7_decoder_finish_decrypt(SEC_PKCS7DecoderContext *p7dcx,
+                                 PLArenaPool *poolp,
+                                 SEC_PKCS7EncryptedContentInfo *enccinfo)
+{
+    struct sec_pkcs7_decoder_worker *worker;
+
+    /*
+     * XXX Handling nested contents would mean that there is a chain
+     * of workers -- one per each level of content.  The following
+     * would want to find the last worker in the chain.
+     */
+    worker = &(p7dcx->worker);
+
+    /*
+     * If no decryption context, then we have nothing to do.
+     */
+    if (worker->decryptobj == NULL)
+        return SECSuccess;
+
+    /*
+     * No matter what happens after this, we want to stop filtering.
+     * XXX If we handle nested contents, we only want to stop filtering
+     * if we are finishing off the *last* worker.
+     */
+    SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
+
+    /*
+     * Handle the last block.
+     */
+    sec_pkcs7_decoder_work_data(p7dcx, worker, NULL, 0, PR_TRUE);
+
+    /*
+     * All done, destroy it.
+     */
+    sec_PKCS7DestroyDecryptObject(worker->decryptobj);
+    worker->decryptobj = NULL;
+
+    return SECSuccess;
+}
+
+static void
+sec_pkcs7_decoder_notify(void *arg, PRBool before, void *dest, int depth)
+{
+    SEC_PKCS7DecoderContext *p7dcx;
+    SEC_PKCS7ContentInfo *cinfo;
+    SEC_PKCS7SignedData *sigd;
+    SEC_PKCS7EnvelopedData *envd;
+    SEC_PKCS7SignedAndEnvelopedData *saed;
+    SEC_PKCS7EncryptedData *encd;
+    SEC_PKCS7DigestedData *digd;
+    PRBool after;
+    SECStatus rv;
+
+    /*
+     * Just to make the code easier to read, create an "after" variable
+     * that is equivalent to "not before".
+     * (This used to be just the statement "after = !before", but that
+     * causes a warning on the mac; to avoid that, we do it the long way.)
+     */
+    if (before)
+        after = PR_FALSE;
+    else
+        after = PR_TRUE;
+
+    p7dcx = (SEC_PKCS7DecoderContext *)arg;
+    if (!p7dcx) {
+        return;
+    }
+
+    cinfo = p7dcx->cinfo;
+
+    if (!cinfo) {
+        return;
+    }
+
+    if (cinfo->contentTypeTag == NULL) {
+        if (after && dest == &(cinfo->contentType))
+            cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
+        return;
+    }
+
+    switch (cinfo->contentTypeTag->offset) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            sigd = cinfo->content.signedData;
+            if (sigd == NULL)
+                break;
+
+            if (sigd->contentInfo.contentTypeTag == NULL) {
+                if (after && dest == &(sigd->contentInfo.contentType))
+                    sigd->contentInfo.contentTypeTag =
+                        SECOID_FindOID(&(sigd->contentInfo.contentType));
+                break;
+            }
+
+            /*
+             * We only set up a filtering digest if the content is
+             * plain DATA; anything else needs more work because a
+             * second pass is required to produce a DER encoding from
+             * an input that can be BER encoded.  (This is a requirement
+             * of PKCS7 that is unfortunate, but there you have it.)
+             *
+             * XXX Also, since we stop here if this is not DATA, the
+             * inner content is not getting processed at all.  Someday
+             * we may want to fix that.
+             */
+            if (sigd->contentInfo.contentTypeTag->offset != SEC_OID_PKCS7_DATA) {
+                /* XXX Set an error in p7dcx->error */
+                SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+                break;
+            }
+
+            /*
+             * Just before the content, we want to set up a digest context
+             * for each digest algorithm listed, and start a filter which
+             * will run all of the contents bytes through that digest.
+             */
+            if (before && dest == &(sigd->contentInfo.content)) {
+                rv = sec_pkcs7_decoder_start_digests(p7dcx, depth,
+                                                     sigd->digestAlgorithms);
+                if (rv != SECSuccess)
+                    SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+
+                break;
+            }
+
+            /*
+             * XXX To handle nested types, here is where we would want
+             * to check for inner boundaries that need handling.
+             */
+
+            /*
+             * Are we done?
+             */
+            if (after && dest == &(sigd->contentInfo.content)) {
+                /*
+                 * Close out the digest contexts.  We ignore any error
+                 * because we are stopping anyway; the error status left
+                 * behind in p7dcx will be seen by outer functions.
+                 */
+                (void)sec_pkcs7_decoder_finish_digests(p7dcx, cinfo->poolp,
+                                                       &(sigd->digests));
+
+                /*
+                 * XXX To handle nested contents, we would need to remove
+                 * the worker from the chain (and free it).
+                 */
+
+                /*
+                 * Stop notify.
+                 */
+                SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+            }
+            break;
+
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            envd = cinfo->content.envelopedData;
+            if (envd == NULL)
+                break;
+
+            if (envd->encContentInfo.contentTypeTag == NULL) {
+                if (after && dest == &(envd->encContentInfo.contentType))
+                    envd->encContentInfo.contentTypeTag =
+                        SECOID_FindOID(&(envd->encContentInfo.contentType));
+                break;
+            }
+
+            /*
+             * Just before the content, we want to set up a decryption
+             * context, and start a filter which will run all of the
+             * contents bytes through it to determine the plain content.
+             */
+            if (before && dest == &(envd->encContentInfo.encContent)) {
+                rv = sec_pkcs7_decoder_start_decrypt(p7dcx, depth,
+                                                     envd->recipientInfos,
+                                                     &(envd->encContentInfo),
+                                                     NULL);
+                if (rv != SECSuccess)
+                    SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+
+                break;
+            }
+
+            /*
+             * Are we done?
+             */
+            if (after && dest == &(envd->encContentInfo.encContent)) {
+                /*
+             * Close out the decryption context.  We ignore any error
+             * because we are stopping anyway; the error status left
+             * behind in p7dcx will be seen by outer functions.
+             */
+                (void)sec_pkcs7_decoder_finish_decrypt(p7dcx, cinfo->poolp,
+                                                       &(envd->encContentInfo));
+
+                /*
+                 * XXX To handle nested contents, we would need to remove
+                 * the worker from the chain (and free it).
+                 */
+
+                /*
+                 * Stop notify.
+                 */
+                SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+            }
+            break;
+
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            saed = cinfo->content.signedAndEnvelopedData;
+            if (saed == NULL)
+                break;
+
+            if (saed->encContentInfo.contentTypeTag == NULL) {
+                if (after && dest == &(saed->encContentInfo.contentType))
+                    saed->encContentInfo.contentTypeTag =
+                        SECOID_FindOID(&(saed->encContentInfo.contentType));
+                break;
+            }
+
+            /*
+             * Just before the content, we want to set up a decryption
+             * context *and* digest contexts, and start a filter which
+             * will run all of the contents bytes through both.
+             */
+            if (before && dest == &(saed->encContentInfo.encContent)) {
+                rv = sec_pkcs7_decoder_start_decrypt(p7dcx, depth,
+                                                     saed->recipientInfos,
+                                                     &(saed->encContentInfo),
+                                                     &(saed->sigKey));
+                if (rv == SECSuccess)
+                    rv = sec_pkcs7_decoder_start_digests(p7dcx, depth,
+                                                         saed->digestAlgorithms);
+                if (rv != SECSuccess)
+                    SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+
+                break;
+            }
+
+            /*
+             * Are we done?
+             */
+            if (after && dest == &(saed->encContentInfo.encContent)) {
+                /*
+                 * Close out the decryption and digests contexts.
+                 * We ignore any errors because we are stopping anyway;
+                 * the error status left behind in p7dcx will be seen by
+                 * outer functions.
+                 *
+                 * Note that the decrypt stuff must be called first;
+                 * it may have a last buffer to do which in turn has
+                 * to be added to the digest.
+                 */
+                (void)sec_pkcs7_decoder_finish_decrypt(p7dcx, cinfo->poolp,
+                                                       &(saed->encContentInfo));
+                (void)sec_pkcs7_decoder_finish_digests(p7dcx, cinfo->poolp,
+                                                       &(saed->digests));
+
+                /*
+                 * XXX To handle nested contents, we would need to remove
+                 * the worker from the chain (and free it).
+                 */
+
+                /*
+                 * Stop notify.
+                 */
+                SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+            }
+            break;
+
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            digd = cinfo->content.digestedData;
+
+            /*
+             * XXX Want to do the digest or not?  Maybe future enhancement...
+             */
+            if (before && dest == &(digd->contentInfo.content.data)) {
+                SEC_ASN1DecoderSetFilterProc(p7dcx->dcx, sec_pkcs7_decoder_filter,
+                                             p7dcx,
+                                             (PRBool)(p7dcx->cb != NULL));
+                break;
+            }
+
+            /*
+             * Are we done?
+             */
+            if (after && dest == &(digd->contentInfo.content.data)) {
+                SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
+            }
+            break;
+
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            encd = cinfo->content.encryptedData;
+
+            if (!encd) {
+                break;
+            }
+
+            /*
+             * XXX If the decryption key callback is set, we want to start
+             * the decryption.  If the callback is not set, we will treat the
+             * content as plain data, since we do not have the key.
+             *
+             * Is this the proper thing to do?
+             */
+            if (before && dest == &(encd->encContentInfo.encContent)) {
+                /*
+                 * Start the encryption process if the decryption key callback
+                 * is present.  Otherwise, treat the content like plain data.
+                 */
+                rv = SECSuccess;
+                if (p7dcx->dkcb != NULL) {
+                    rv = sec_pkcs7_decoder_start_decrypt(p7dcx, depth, NULL,
+                                                         &(encd->encContentInfo),
+                                                         NULL);
+                }
+
+                if (rv != SECSuccess)
+                    SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+
+                break;
+            }
+
+            /*
+             * Are we done?
+             */
+            if (after && dest == &(encd->encContentInfo.encContent)) {
+                /*
+                 * Close out the decryption context.  We ignore any error
+                 * because we are stopping anyway; the error status left
+                 * behind in p7dcx will be seen by outer functions.
+                 */
+                (void)sec_pkcs7_decoder_finish_decrypt(p7dcx, cinfo->poolp,
+                                                       &(encd->encContentInfo));
+
+                /*
+                 * Stop notify.
+                 */
+                SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+            }
+            break;
+
+        case SEC_OID_PKCS7_DATA:
+            /*
+             * If a output callback has been specified, we want to set the filter
+             * to call the callback.  This is taken care of in
+             * sec_pkcs7_decoder_start_decrypt() or
+             * sec_pkcs7_decoder_start_digests() for the other content types.
+             */
+
+            if (before && dest == &(cinfo->content.data)) {
+
+                /*
+                 * Set the filter proc up.
+                 */
+                SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
+                                             sec_pkcs7_decoder_filter,
+                                             p7dcx,
+                                             (PRBool)(p7dcx->cb != NULL));
+                break;
+            }
+
+            if (after && dest == &(cinfo->content.data)) {
+                /*
+                 * Time to clean up after ourself, stop the Notify and Filter
+                 * procedures.
+                 */
+                SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+                SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
+            }
+            break;
+
+        default:
+            SEC_ASN1DecoderClearNotifyProc(p7dcx->dcx);
+            break;
+    }
+}
+
+SEC_PKCS7DecoderContext *
+SEC_PKCS7DecoderStart(SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
+                      SECKEYGetPasswordKey pwfn, void *pwfn_arg,
+                      SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
+                      void *decrypt_key_cb_arg,
+                      SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb)
+{
+    SEC_PKCS7DecoderContext *p7dcx;
+    SEC_ASN1DecoderContext *dcx;
+    SEC_PKCS7ContentInfo *cinfo;
+    PLArenaPool *poolp;
+
+    poolp = PORT_NewArena(1024); /* XXX what is right value? */
+    if (poolp == NULL)
+        return NULL;
+
+    cinfo = (SEC_PKCS7ContentInfo *)PORT_ArenaZAlloc(poolp, sizeof(*cinfo));
+    if (cinfo == NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    cinfo->poolp = poolp;
+    cinfo->pwfn = pwfn;
+    cinfo->pwfn_arg = pwfn_arg;
+    cinfo->created = PR_FALSE;
+    cinfo->refCount = 1;
+
+    p7dcx =
+        (SEC_PKCS7DecoderContext *)PORT_ZAlloc(sizeof(SEC_PKCS7DecoderContext));
+    if (p7dcx == NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    p7dcx->tmp_poolp = PORT_NewArena(1024); /* XXX what is right value? */
+    if (p7dcx->tmp_poolp == NULL) {
+        PORT_Free(p7dcx);
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    dcx = SEC_ASN1DecoderStart(poolp, cinfo, sec_PKCS7ContentInfoTemplate);
+    if (dcx == NULL) {
+        PORT_FreeArena(p7dcx->tmp_poolp, PR_FALSE);
+        PORT_Free(p7dcx);
+        PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    SEC_ASN1DecoderSetNotifyProc(dcx, sec_pkcs7_decoder_notify, p7dcx);
+
+    p7dcx->dcx = dcx;
+    p7dcx->cinfo = cinfo;
+    p7dcx->cb = cb;
+    p7dcx->cb_arg = cb_arg;
+    p7dcx->pwfn = pwfn;
+    p7dcx->pwfn_arg = pwfn_arg;
+    p7dcx->dkcb = decrypt_key_cb;
+    p7dcx->dkcb_arg = decrypt_key_cb_arg;
+    p7dcx->decrypt_allowed_cb = decrypt_allowed_cb;
+
+    return p7dcx;
+}
+
+/*
+ * Do the next chunk of PKCS7 decoding.  If there is a problem, set
+ * an error and return a failure status.  Note that in the case of
+ * an error, this routine is still prepared to be called again and
+ * again in case that is the easiest route for our caller to take.
+ * We simply detect it and do not do anything except keep setting
+ * that error in case our caller has not noticed it yet...
+ */
+SECStatus
+SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx,
+                       const char *buf, unsigned long len)
+{
+    if (p7dcx->cinfo != NULL && p7dcx->dcx != NULL) {
+        PORT_Assert(p7dcx->error == 0);
+        if (p7dcx->error == 0) {
+            if (SEC_ASN1DecoderUpdate(p7dcx->dcx, buf, len) != SECSuccess) {
+                p7dcx->error = PORT_GetError();
+                PORT_Assert(p7dcx->error);
+                if (p7dcx->error == 0)
+                    p7dcx->error = -1;
+            }
+        }
+    }
+
+    if (p7dcx->error) {
+        if (p7dcx->dcx != NULL) {
+            (void)SEC_ASN1DecoderFinish(p7dcx->dcx);
+            p7dcx->dcx = NULL;
+        }
+        if (p7dcx->cinfo != NULL) {
+            SEC_PKCS7DestroyContentInfo(p7dcx->cinfo);
+            p7dcx->cinfo = NULL;
+        }
+        PORT_SetError(p7dcx->error);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SEC_PKCS7ContentInfo *
+SEC_PKCS7DecoderFinish(SEC_PKCS7DecoderContext *p7dcx)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+
+    cinfo = p7dcx->cinfo;
+    if (p7dcx->dcx != NULL) {
+        if (SEC_ASN1DecoderFinish(p7dcx->dcx) != SECSuccess) {
+            SEC_PKCS7DestroyContentInfo(cinfo);
+            cinfo = NULL;
+        }
+    }
+    /* free any NSS data structures */
+    if (p7dcx->worker.decryptobj) {
+        sec_PKCS7DestroyDecryptObject(p7dcx->worker.decryptobj);
+    }
+    PORT_FreeArena(p7dcx->tmp_poolp, PR_FALSE);
+    PORT_Free(p7dcx);
+    return cinfo;
+}
+
+SEC_PKCS7ContentInfo *
+SEC_PKCS7DecodeItem(SECItem *p7item,
+                    SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
+                    SECKEYGetPasswordKey pwfn, void *pwfn_arg,
+                    SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
+                    void *decrypt_key_cb_arg,
+                    SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb)
+{
+    SEC_PKCS7DecoderContext *p7dcx;
+
+    p7dcx = SEC_PKCS7DecoderStart(cb, cb_arg, pwfn, pwfn_arg, decrypt_key_cb,
+                                  decrypt_key_cb_arg, decrypt_allowed_cb);
+    if (!p7dcx) {
+        /* error code is set */
+        return NULL;
+    }
+    (void)SEC_PKCS7DecoderUpdate(p7dcx, (char *)p7item->data, p7item->len);
+    return SEC_PKCS7DecoderFinish(p7dcx);
+}
+
+/*
+ * Abort the ASN.1 stream. Used by pkcs 12
+ */
+void
+SEC_PKCS7DecoderAbort(SEC_PKCS7DecoderContext *p7dcx, int error)
+{
+    PORT_Assert(p7dcx);
+    SEC_ASN1DecoderAbort(p7dcx->dcx, error);
+}
+
+/*
+ * If the thing contains any certs or crls return true; false otherwise.
+ */
+PRBool
+SEC_PKCS7ContainsCertsOrCrls(SEC_PKCS7ContentInfo *cinfo)
+{
+    SECOidTag kind;
+    SECItem **certs;
+    CERTSignedCrl **crls;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            return PR_FALSE;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            certs = cinfo->content.signedData->rawCerts;
+            crls = cinfo->content.signedData->crls;
+            break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            certs = cinfo->content.signedAndEnvelopedData->rawCerts;
+            crls = cinfo->content.signedAndEnvelopedData->crls;
+            break;
+    }
+
+    /*
+     * I know this could be collapsed, but I was in a mood to be explicit.
+     */
+    if (certs != NULL && certs[0] != NULL)
+        return PR_TRUE;
+    else if (crls != NULL && crls[0] != NULL)
+        return PR_TRUE;
+    else
+        return PR_FALSE;
+}
+
+/* return the content length...could use GetContent, however we
+ * need the encrypted content length
+ */
+PRBool
+SEC_PKCS7IsContentEmpty(SEC_PKCS7ContentInfo *cinfo, unsigned int minLen)
+{
+    SECItem *item = NULL;
+
+    if (cinfo == NULL) {
+        return PR_TRUE;
+    }
+
+    switch (SEC_PKCS7ContentType(cinfo)) {
+        case SEC_OID_PKCS7_DATA:
+            item = cinfo->content.data;
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            item = &cinfo->content.encryptedData->encContentInfo.encContent;
+            break;
+        default:
+            /* add other types */
+            return PR_FALSE;
+    }
+
+    if (!item) {
+        return PR_TRUE;
+    } else if (item->len <= minLen) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+PRBool
+SEC_PKCS7ContentIsEncrypted(SEC_PKCS7ContentInfo *cinfo)
+{
+    SECOidTag kind;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            return PR_FALSE;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            return PR_TRUE;
+    }
+}
+
+/*
+ * If the PKCS7 content has a signature (not just *could* have a signature)
+ * return true; false otherwise.  This can/should be called before calling
+ * VerifySignature, which will always indicate failure if no signature is
+ * present, but that does not mean there even was a signature!
+ * Note that the content itself can be empty (detached content was sent
+ * another way); it is the presence of the signature that matters.
+ */
+PRBool
+SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo)
+{
+    SECOidTag kind;
+    SEC_PKCS7SignerInfo **signerinfos;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            return PR_FALSE;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            signerinfos = cinfo->content.signedData->signerInfos;
+            break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            signerinfos = cinfo->content.signedAndEnvelopedData->signerInfos;
+            break;
+    }
+
+    /*
+     * I know this could be collapsed; but I kind of think it will get
+     * more complicated before I am finished, so...
+     */
+    if (signerinfos != NULL && signerinfos[0] != NULL)
+        return PR_TRUE;
+    else
+        return PR_FALSE;
+}
+
+/*
+ * sec_pkcs7_verify_signature
+ *
+ *      Look at a PKCS7 contentInfo and check if the signature is good.
+ *      The digest was either calculated earlier (and is stored in the
+ *      contentInfo itself) or is passed in via "detached_digest".
+ *
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage" at
+ *      - "*atTime" if "atTime" is not null, or
+ *      - the signing time if the signing time is available in "cinfo", or
+ *      - the current time (as returned by PR_Now).
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ *
+ * XXX Each place which returns PR_FALSE should be sure to have a good
+ * error set for inspection by the caller.  Alternatively, we could create
+ * an enumeration of success and each type of failure and return that
+ * instead of a boolean.  For now, the default in a bad situation is to
+ * set the error to SEC_ERROR_PKCS7_BAD_SIGNATURE.  But this should be
+ * reviewed; better (more specific) errors should be possible (to distinguish
+ * a signature failure from a badly-formed pkcs7 signedData, for example).
+ * Some of the errors should probably just be SEC_ERROR_BAD_SIGNATURE,
+ * but that has a less helpful error string associated with it right now;
+ * if/when that changes, review and change these as needed.
+ *
+ * XXX This is broken wrt signedAndEnvelopedData.  In that case, the
+ * message digest is doubly encrypted -- first encrypted with the signer
+ * private key but then again encrypted with the bulk encryption key used
+ * to encrypt the content.  So before we can pass the digest to VerifyDigest,
+ * we need to decrypt it with the bulk encryption key.  Also, in this case,
+ * there should be NO authenticatedAttributes (signerinfo->authAttr should
+ * be NULL).
+ */
+static PRBool
+sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
+                           SECCertUsage certusage,
+                           const SECItem *detached_digest,
+                           HASH_HashType digest_type,
+                           PRBool keepcerts,
+                           const PRTime *atTime)
+{
+    SECAlgorithmID **digestalgs, *bulkid;
+    const SECItem *digest;
+    SECItem **digests;
+    SECItem **rawcerts;
+    SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
+    CERTCertificate *cert, **certs;
+    PRBool goodsig;
+    CERTCertDBHandle *certdb, *defaultdb;
+    SECOidTag encTag, digestTag;
+    HASH_HashType found_type;
+    int i, certcount;
+    SECKEYPublicKey *publickey;
+    SECItem *content_type;
+    PK11SymKey *sigkey;
+    SECItem *encoded_stime;
+    PRTime stime;
+    PRTime verificationTime;
+    SECStatus rv;
+
+    /*
+     * Everything needed in order to "goto done" safely.
+     */
+    goodsig = PR_FALSE;
+    certcount = 0;
+    cert = NULL;
+    certs = NULL;
+    certdb = NULL;
+    defaultdb = CERT_GetDefaultCertDB();
+    publickey = NULL;
+
+    if (!SEC_PKCS7ContentIsSigned(cinfo)) {
+        PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+        goto done;
+    }
+
+    PORT_Assert(cinfo->contentTypeTag != NULL);
+
+    switch (cinfo->contentTypeTag->offset) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            /* Could only get here if SEC_PKCS7ContentIsSigned is broken. */
+            PORT_Assert(0);
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sdp;
+
+            sdp = cinfo->content.signedData;
+            digestalgs = sdp->digestAlgorithms;
+            digests = sdp->digests;
+            rawcerts = sdp->rawCerts;
+            signerinfos = sdp->signerInfos;
+            content_type = &(sdp->contentInfo.contentType);
+            sigkey = NULL;
+            bulkid = NULL;
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            digestalgs = saedp->digestAlgorithms;
+            digests = saedp->digests;
+            rawcerts = saedp->rawCerts;
+            signerinfos = saedp->signerInfos;
+            content_type = &(saedp->encContentInfo.contentType);
+            sigkey = saedp->sigKey;
+            bulkid = &(saedp->encContentInfo.contentEncAlg);
+        } break;
+    }
+
+    if ((signerinfos == NULL) || (signerinfos[0] == NULL)) {
+        PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+        goto done;
+    }
+
+    /*
+     * XXX Need to handle multiple signatures; checking them is easy,
+     * but what should be the semantics here (like, return value)?
+     */
+    if (signerinfos[1] != NULL) {
+        PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+        goto done;
+    }
+
+    signerinfo = signerinfos[0];
+
+    /*
+     * XXX I would like to just pass the issuerAndSN, along with the rawcerts
+     * and crls, to some function that did all of this certificate stuff
+     * (open/close the database if necessary, verifying the certs, etc.)
+     * and gave me back a cert pointer if all was good.
+     */
+    certdb = defaultdb;
+    if (certdb == NULL) {
+        goto done;
+    }
+
+    certcount = 0;
+    if (rawcerts != NULL) {
+        for (; rawcerts[certcount] != NULL; certcount++) {
+            /* just counting */
+        }
+    }
+
+    /*
+     * Note that the result of this is that each cert in "certs"
+     * needs to be destroyed.
+     */
+    rv = CERT_ImportCerts(certdb, certusage, certcount, rawcerts, &certs,
+                          keepcerts, PR_FALSE, NULL);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /*
+     * This cert will also need to be freed, but since we save it
+     * in signerinfo for later, we do not want to destroy it when
+     * we leave this function -- we let the clean-up of the entire
+     * cinfo structure later do the destroy of this cert.
+     */
+    cert = CERT_FindCertByIssuerAndSN(certdb, signerinfo->issuerAndSN);
+    if (cert == NULL) {
+        goto done;
+    }
+
+    signerinfo->cert = cert;
+
+    /*
+     * Get and convert the signing time; if available, it will be used
+     * both on the cert verification and for importing the sender
+     * email profile.
+     */
+    encoded_stime = SEC_PKCS7GetSigningTime(cinfo);
+    if (encoded_stime != NULL) {
+        if (DER_DecodeTimeChoice(&stime, encoded_stime) != SECSuccess)
+            encoded_stime = NULL; /* conversion failed, so pretend none */
+    }
+
+    /*
+     * XXX  This uses the signing time, if available.  Additionally, we
+     * might want to, if there is no signing time, get the message time
+     * from the mail header itself, and use that.  That would require
+     * a change to our interface though, and for S/MIME callers to pass
+     * in a time (and for non-S/MIME callers to pass in nothing, or
+     * maybe make them pass in the current time, always?).
+     */
+    if (atTime) {
+        verificationTime = *atTime;
+    } else if (encoded_stime != NULL) {
+        verificationTime = stime;
+    } else {
+        verificationTime = PR_Now();
+    }
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, verificationTime,
+                        cinfo->pwfn_arg, NULL) != SECSuccess) {
+        /*
+         * XXX Give the user an option to check the signature anyway?
+         * If we want to do this, need to give a way to leave and display
+         * some dialog and get the answer and come back through (or do
+         * the rest of what we do below elsewhere, maybe by putting it
+         * in a function that we call below and could call from a dialog
+         * finish handler).
+         */
+        goto savecert;
+    }
+
+    publickey = CERT_ExtractPublicKey(cert);
+    if (publickey == NULL)
+        goto done;
+
+    /*
+     * XXX No!  If digests is empty, see if we can create it now by
+     * digesting the contents.  This is necessary if we want to allow
+     * somebody to do a simple decode (without filtering, etc.) and
+     * then later call us here to do the verification.
+     * OR, we can just specify that the interface to this routine
+     * *requires* that the digest(s) be done before calling and either
+     * stashed in the struct itself or passed in explicitly (as would
+     * be done for detached contents).
+     */
+    if ((digests == NULL || digests[0] == NULL) && (detached_digest == NULL || detached_digest->data == NULL))
+        goto done;
+
+    /*
+     * Find and confirm digest algorithm.
+     */
+    digestTag = SECOID_FindOIDTag(&(signerinfo->digestAlg.algorithm));
+
+    /* make sure we understand the digest type first */
+    found_type = HASH_GetHashTypeByOidTag(digestTag);
+    if ((digestTag == SEC_OID_UNKNOWN) || (found_type == HASH_AlgNULL)) {
+        PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (detached_digest != NULL) {
+        unsigned int hashLen = HASH_ResultLen(found_type);
+
+        if (digest_type != found_type ||
+            detached_digest->len != hashLen) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+        digest = detached_digest;
+    } else {
+        PORT_Assert(digestalgs != NULL && digestalgs[0] != NULL);
+        if (digestalgs == NULL || digestalgs[0] == NULL) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+
+        /*
+         * pick digest matching signerinfo->digestAlg from digests
+         */
+        for (i = 0; digestalgs[i] != NULL; i++) {
+            if (SECOID_FindOIDTag(&(digestalgs[i]->algorithm)) == digestTag)
+                break;
+        }
+        if (digestalgs[i] == NULL) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+
+        digest = digests[i];
+    }
+
+    encTag = SECOID_FindOIDTag(&(signerinfo->digestEncAlg.algorithm));
+    if (encTag == SEC_OID_UNKNOWN) {
+        PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (signerinfo->authAttr != NULL) {
+        SEC_PKCS7Attribute *attr;
+        SECItem *value;
+        SECItem encoded_attrs;
+
+        /*
+         * We have a sigkey only for signedAndEnvelopedData, which is
+         * not supposed to have any authenticated attributes.
+         */
+        if (sigkey != NULL) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+
+        /*
+         * PKCS #7 says that if there are any authenticated attributes,
+         * then there must be one for content type which matches the
+         * content type of the content being signed, and there must
+         * be one for message digest which matches our message digest.
+         * So check these things first.
+         * XXX Might be nice to have a compare-attribute-value function
+         * which could collapse the following nicely.
+         */
+        attr = sec_PKCS7FindAttribute(signerinfo->authAttr,
+                                      SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE);
+        value = sec_PKCS7AttributeValue(attr);
+        if (value == NULL || value->len != content_type->len) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+        if (PORT_Memcmp(value->data, content_type->data, value->len) != 0) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+
+        attr = sec_PKCS7FindAttribute(signerinfo->authAttr,
+                                      SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE);
+        value = sec_PKCS7AttributeValue(attr);
+        if (value == NULL || value->len != digest->len) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+        if (PORT_Memcmp(value->data, digest->data, value->len) != 0) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+
+        /*
+         * Okay, we met the constraints of the basic attributes.
+         * Now check the signature, which is based on a digest of
+         * the DER-encoded authenticated attributes.  So, first we
+         * encode and then we digest/verify.
+         */
+        encoded_attrs.data = NULL;
+        encoded_attrs.len = 0;
+        if (sec_PKCS7EncodeAttributes(NULL, &encoded_attrs,
+                                      &(signerinfo->authAttr)) == NULL)
+            goto done;
+
+        if (encoded_attrs.data == NULL || encoded_attrs.len == 0) {
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+
+        goodsig = (PRBool)(VFY_VerifyDataDirect(encoded_attrs.data,
+                                                encoded_attrs.len,
+                                                publickey, &(signerinfo->encDigest),
+                                                encTag, digestTag, NULL,
+                                                cinfo->pwfn_arg) == SECSuccess);
+        PORT_Free(encoded_attrs.data);
+    } else {
+        SECItem *sig;
+        SECItem holder;
+        SECStatus rv;
+
+        /*
+         * No authenticated attributes.
+         * The signature is based on the plain message digest.
+         */
+
+        sig = &(signerinfo->encDigest);
+        if (sig->len == 0) { /* bad signature */
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            goto done;
+        }
+
+        if (sigkey != NULL) {
+            sec_PKCS7CipherObject *decryptobj;
+            unsigned int buflen;
+
+            /*
+             * For signedAndEnvelopedData, we first must decrypt the encrypted
+             * digest with the bulk encryption key.  The result is the normal
+             * encrypted digest (aka the signature).
+             */
+            decryptobj = sec_PKCS7CreateDecryptObject(sigkey, bulkid);
+            if (decryptobj == NULL)
+                goto done;
+
+            buflen = sec_PKCS7DecryptLength(decryptobj, sig->len, PR_TRUE);
+            PORT_Assert(buflen);
+            if (buflen == 0) { /* something is wrong */
+                sec_PKCS7DestroyDecryptObject(decryptobj);
+                goto done;
+            }
+
+            holder.data = (unsigned char *)PORT_Alloc(buflen);
+            if (holder.data == NULL) {
+                sec_PKCS7DestroyDecryptObject(decryptobj);
+                goto done;
+            }
+
+            rv = sec_PKCS7Decrypt(decryptobj, holder.data, &holder.len, buflen,
+                                  sig->data, sig->len, PR_TRUE);
+            sec_PKCS7DestroyDecryptObject(decryptobj);
+            if (rv != SECSuccess) {
+                goto done;
+            }
+
+            sig = &holder;
+        }
+
+        goodsig = (PRBool)(VFY_VerifyDigestDirect(digest, publickey, sig,
+                                                  encTag, digestTag, cinfo->pwfn_arg) == SECSuccess);
+
+        if (sigkey != NULL) {
+            PORT_Assert(sig == &holder);
+            PORT_ZFree(holder.data, holder.len);
+        }
+    }
+
+    if (!goodsig) {
+        /*
+         * XXX Change the generic error into our specific one, because
+         * in that case we get a better explanation out of the Security
+         * Advisor.  This is really a bug in our error strings (the
+         * "generic" error has a lousy/wrong message associated with it
+         * which assumes the signature verification was done for the
+         * purposes of checking the issuer signature on a certificate)
+         * but this is at least an easy workaround and/or in the
+         * Security Advisor, which specifically checks for the error
+         * SEC_ERROR_PKCS7_BAD_SIGNATURE and gives more explanation
+         * in that case but does not similarly check for
+         * SEC_ERROR_BAD_SIGNATURE.  It probably should, but then would
+         * probably say the wrong thing in the case that it *was* the
+         * certificate signature check that failed during the cert
+         * verification done above.  Our error handling is really a mess.
+         */
+        if (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE)
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+    }
+
+savecert:
+    /*
+     * Only save the smime profile if we are checking an email message and
+     * the cert has an email address in it.
+     */
+    if (cert->emailAddr && cert->emailAddr[0] &&
+        ((certusage == certUsageEmailSigner) ||
+         (certusage == certUsageEmailRecipient))) {
+        SECItem *profile = NULL;
+        int save_error;
+
+        /*
+         * Remember the current error set because we do not care about
+         * anything set by the functions we are about to call.
+         */
+        save_error = PORT_GetError();
+
+        if (goodsig && (signerinfo->authAttr != NULL)) {
+            /*
+             * If the signature is good, then we can save the S/MIME profile,
+             * if we have one.
+             */
+            SEC_PKCS7Attribute *attr;
+
+            attr = sec_PKCS7FindAttribute(signerinfo->authAttr,
+                                          SEC_OID_PKCS9_SMIME_CAPABILITIES,
+                                          PR_TRUE);
+            profile = sec_PKCS7AttributeValue(attr);
+        }
+
+        rv = CERT_SaveSMimeProfile(cert, profile, encoded_stime);
+
+        /*
+         * Restore the saved error in case the calls above set a new
+         * one that we do not actually care about.
+         */
+        PORT_SetError(save_error);
+
+        /*
+         * XXX Failure is not indicated anywhere -- the signature
+         * verification itself is unaffected by whether or not the
+         * profile was successfully saved.
+         */
+    }
+
+done:
+
+    /*
+     * See comment above about why we do not want to destroy cert
+     * itself here.
+     */
+
+    if (certs != NULL)
+        CERT_DestroyCertArray(certs, certcount);
+
+    if (publickey != NULL)
+        SECKEY_DestroyPublicKey(publickey);
+
+    return goodsig;
+}
+
+/*
+ * SEC_PKCS7VerifySignature
+ *      Look at a PKCS7 contentInfo and check if the signature is good.
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage".
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ */
+PRBool
+SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
+                         SECCertUsage certusage,
+                         PRBool keepcerts)
+{
+    return sec_pkcs7_verify_signature(cinfo, certusage,
+                                      NULL, HASH_AlgNULL, keepcerts, NULL);
+}
+
+/*
+ * SEC_PKCS7VerifyDetachedSignature
+ *      Look at a PKCS7 contentInfo and check if the signature matches
+ *      a passed-in digest (calculated, supposedly, from detached contents).
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage".
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ */
+PRBool
+SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
+                                 SECCertUsage certusage,
+                                 const SECItem *detached_digest,
+                                 HASH_HashType digest_type,
+                                 PRBool keepcerts)
+{
+    return sec_pkcs7_verify_signature(cinfo, certusage,
+                                      detached_digest, digest_type,
+                                      keepcerts, NULL);
+}
+
+/*
+ * SEC_PKCS7VerifyDetachedSignatureAtTime
+ *      Look at a PKCS7 contentInfo and check if the signature matches
+ *      a passed-in digest (calculated, supposedly, from detached contents).
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage" at time "atTime".
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ */
+PRBool
+SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
+                                       SECCertUsage certusage,
+                                       const SECItem *detached_digest,
+                                       HASH_HashType digest_type,
+                                       PRBool keepcerts,
+                                       PRTime atTime)
+{
+    return sec_pkcs7_verify_signature(cinfo, certusage,
+                                      detached_digest, digest_type,
+                                      keepcerts, &atTime);
+}
+
+/*
+ * Return the asked-for portion of the name of the signer of a PKCS7
+ * signed object.
+ *
+ * Returns a pointer to allocated memory, which must be freed.
+ * A NULL return value is an error.
+ */
+
+#define sec_common_name 1
+#define sec_email_address 2
+
+static char *
+sec_pkcs7_get_signer_cert_info(SEC_PKCS7ContentInfo *cinfo, int selector)
+{
+    SECOidTag kind;
+    SEC_PKCS7SignerInfo **signerinfos;
+    CERTCertificate *signercert;
+    char *container;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            PORT_Assert(0);
+            return NULL;
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sdp;
+
+            sdp = cinfo->content.signedData;
+            signerinfos = sdp->signerInfos;
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            signerinfos = saedp->signerInfos;
+        } break;
+    }
+
+    if (signerinfos == NULL || signerinfos[0] == NULL)
+        return NULL;
+
+    signercert = signerinfos[0]->cert;
+
+    /*
+     * No cert there; see if we can find one by calling verify ourselves.
+     */
+    if (signercert == NULL) {
+        /*
+         * The cert usage does not matter in this case, because we do not
+         * actually care about the verification itself, but we have to pick
+         * some valid usage to pass in.
+         */
+        (void)sec_pkcs7_verify_signature(cinfo, certUsageEmailSigner,
+                                         NULL, HASH_AlgNULL, PR_FALSE, NULL);
+        signercert = signerinfos[0]->cert;
+        if (signercert == NULL)
+            return NULL;
+    }
+
+    switch (selector) {
+        case sec_common_name:
+            container = CERT_GetCommonName(&signercert->subject);
+            break;
+        case sec_email_address:
+            if (signercert->emailAddr && signercert->emailAddr[0]) {
+                container = PORT_Strdup(signercert->emailAddr);
+            } else {
+                container = NULL;
+            }
+            break;
+        default:
+            PORT_Assert(0);
+            container = NULL;
+            break;
+    }
+
+    return container;
+}
+
+char *
+SEC_PKCS7GetSignerCommonName(SEC_PKCS7ContentInfo *cinfo)
+{
+    return sec_pkcs7_get_signer_cert_info(cinfo, sec_common_name);
+}
+
+char *
+SEC_PKCS7GetSignerEmailAddress(SEC_PKCS7ContentInfo *cinfo)
+{
+    return sec_pkcs7_get_signer_cert_info(cinfo, sec_email_address);
+}
+
+/*
+ * Return the signing time, in UTCTime format, of a PKCS7 contentInfo.
+ */
+SECItem *
+SEC_PKCS7GetSigningTime(SEC_PKCS7ContentInfo *cinfo)
+{
+    SEC_PKCS7SignerInfo **signerinfos;
+    SEC_PKCS7Attribute *attr;
+
+    if (SEC_PKCS7ContentType(cinfo) != SEC_OID_PKCS7_SIGNED_DATA)
+        return NULL;
+
+    signerinfos = cinfo->content.signedData->signerInfos;
+
+    /*
+     * No signature, or more than one, means no deal.
+     */
+    if (signerinfos == NULL || signerinfos[0] == NULL || signerinfos[1] != NULL)
+        return NULL;
+
+    attr = sec_PKCS7FindAttribute(signerinfos[0]->authAttr,
+                                  SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE);
+    return sec_PKCS7AttributeValue(attr);
+}
diff --git a/nss/lib/pkcs7/p7encode.c b/nss/lib/pkcs7/p7encode.c
new file mode 100644
index 0000000..bdbc343
--- /dev/null
+++ b/nss/lib/pkcs7/p7encode.c
@@ -0,0 +1,1079 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * PKCS7 encoding.
+ */
+
+#include "p7local.h"
+
+#include "cert.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "sechash.h" /* for HASH_GetHashObject() */
+
+struct sec_pkcs7_encoder_output {
+    SEC_PKCS7EncoderOutputCallback outputfn;
+    void *outputarg;
+};
+
+struct SEC_PKCS7EncoderContextStr {
+    SEC_ASN1EncoderContext *ecx;
+    SEC_PKCS7ContentInfo *cinfo;
+    struct sec_pkcs7_encoder_output output;
+    sec_PKCS7CipherObject *encryptobj;
+    const SECHashObject *digestobj;
+    void *digestcx;
+};
+
+/*
+ * The little output function that the ASN.1 encoder calls to hand
+ * us bytes which we in turn hand back to our caller (via the callback
+ * they gave us).
+ */
+static void
+sec_pkcs7_encoder_out(void *arg, const char *buf, unsigned long len,
+                      int depth, SEC_ASN1EncodingPart data_kind)
+{
+    struct sec_pkcs7_encoder_output *output;
+
+    output = (struct sec_pkcs7_encoder_output *)arg;
+    output->outputfn(output->outputarg, buf, len);
+}
+
+static sec_PKCS7CipherObject *
+sec_pkcs7_encoder_start_encrypt(SEC_PKCS7ContentInfo *cinfo,
+                                PK11SymKey *orig_bulkkey)
+{
+    SECOidTag kind;
+    sec_PKCS7CipherObject *encryptobj;
+    SEC_PKCS7RecipientInfo **recipientinfos, *ri;
+    SEC_PKCS7EncryptedContentInfo *enccinfo;
+    SECKEYPublicKey *publickey = NULL;
+    SECKEYPrivateKey *ourPrivKey = NULL;
+    PK11SymKey *bulkkey;
+    void *mark;
+    int i;
+    PLArenaPool *arena = NULL;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            recipientinfos = NULL;
+            enccinfo = NULL;
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA: {
+            SEC_PKCS7EncryptedData *encdp;
+
+            /* To do EncryptedData we *must* be given a bulk key. */
+            PORT_Assert(orig_bulkkey != NULL);
+            if (orig_bulkkey == NULL) {
+                /* XXX error? */
+                return NULL;
+            }
+
+            encdp = cinfo->content.encryptedData;
+            recipientinfos = NULL;
+            enccinfo = &(encdp->encContentInfo);
+        } break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA: {
+            SEC_PKCS7EnvelopedData *envdp;
+
+            envdp = cinfo->content.envelopedData;
+            recipientinfos = envdp->recipientInfos;
+            enccinfo = &(envdp->encContentInfo);
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            recipientinfos = saedp->recipientInfos;
+            enccinfo = &(saedp->encContentInfo);
+        } break;
+    }
+
+    if (enccinfo == NULL)
+        return NULL;
+
+    bulkkey = orig_bulkkey;
+    if (bulkkey == NULL) {
+        CK_MECHANISM_TYPE type = PK11_AlgtagToMechanism(enccinfo->encalg);
+        PK11SlotInfo *slot;
+
+        slot = PK11_GetBestSlot(type, cinfo->pwfn_arg);
+        if (slot == NULL) {
+            return NULL;
+        }
+        bulkkey = PK11_KeyGen(slot, type, NULL, enccinfo->keysize / 8,
+                              cinfo->pwfn_arg);
+        PK11_FreeSlot(slot);
+        if (bulkkey == NULL) {
+            return NULL;
+        }
+    }
+
+    encryptobj = NULL;
+    mark = PORT_ArenaMark(cinfo->poolp);
+
+    /*
+     * Encrypt the bulk key with the public key of each recipient.
+     */
+    for (i = 0; recipientinfos && (ri = recipientinfos[i]) != NULL; i++) {
+        CERTCertificate *cert;
+        SECOidTag certalgtag, encalgtag;
+        SECStatus rv;
+        int data_len;
+        SECItem *params = NULL;
+
+        cert = ri->cert;
+        PORT_Assert(cert != NULL);
+        if (cert == NULL)
+            continue;
+
+        /*
+         * XXX Want an interface that takes a cert and some data and
+         * fills in an algorithmID and encrypts the data with the public
+         * key from the cert.  Or, give me two interfaces -- one which
+         * gets the algorithm tag from a cert (I should not have to go
+         * down into the subjectPublicKeyInfo myself) and another which
+         * takes a public key and algorithm tag and data and encrypts
+         * the data.  Or something like that.  The point is that all
+         * of the following hardwired RSA stuff should be done elsewhere.
+         */
+
+        certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
+
+        switch (certalgtag) {
+            case SEC_OID_PKCS1_RSA_ENCRYPTION:
+                encalgtag = certalgtag;
+                publickey = CERT_ExtractPublicKey(cert);
+                if (publickey == NULL)
+                    goto loser;
+
+                data_len = SECKEY_PublicKeyStrength(publickey);
+                ri->encKey.data =
+                    (unsigned char *)PORT_ArenaAlloc(cinfo->poolp, data_len);
+                ri->encKey.len = data_len;
+                if (ri->encKey.data == NULL)
+                    goto loser;
+
+                rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(certalgtag), publickey,
+                                        bulkkey, &ri->encKey);
+
+                SECKEY_DestroyPublicKey(publickey);
+                publickey = NULL;
+                if (rv != SECSuccess)
+                    goto loser;
+                params = NULL; /* paranoia */
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                goto loser;
+        }
+
+        rv = SECOID_SetAlgorithmID(cinfo->poolp, &ri->keyEncAlg, encalgtag,
+                                   params);
+        if (rv != SECSuccess)
+            goto loser;
+        if (arena)
+            PORT_FreeArena(arena, PR_FALSE);
+        arena = NULL;
+    }
+
+    encryptobj = sec_PKCS7CreateEncryptObject(cinfo->poolp, bulkkey,
+                                              enccinfo->encalg,
+                                              &(enccinfo->contentEncAlg));
+    if (encryptobj != NULL) {
+        PORT_ArenaUnmark(cinfo->poolp, mark);
+        mark = NULL; /* good one; do not want to release */
+    }
+/* fallthru */
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    if (publickey) {
+        SECKEY_DestroyPublicKey(publickey);
+    }
+    if (ourPrivKey) {
+        SECKEY_DestroyPrivateKey(ourPrivKey);
+    }
+    if (mark != NULL) {
+        PORT_ArenaRelease(cinfo->poolp, mark);
+    }
+    if (orig_bulkkey == NULL) {
+        if (bulkkey)
+            PK11_FreeSymKey(bulkkey);
+    }
+
+    return encryptobj;
+}
+
+static void
+sec_pkcs7_encoder_notify(void *arg, PRBool before, void *dest, int depth)
+{
+    SEC_PKCS7EncoderContext *p7ecx;
+    SEC_PKCS7ContentInfo *cinfo;
+    SECOidTag kind;
+    PRBool before_content;
+
+    /*
+     * We want to notice just before the content field.  After fields are
+     * not interesting to us.
+     */
+    if (!before)
+        return;
+
+    p7ecx = (SEC_PKCS7EncoderContext *)arg;
+    cinfo = p7ecx->cinfo;
+
+    before_content = PR_FALSE;
+
+    /*
+     * Watch for the content field, at which point we want to instruct
+     * the ASN.1 encoder to start taking bytes from the buffer.
+     *
+     * XXX The following assumes the inner content type is data;
+     * if/when we want to handle fully nested types, this will have
+     * to recurse until reaching the innermost data content.
+     */
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+            if (dest == &(cinfo->content.data))
+                before_content = PR_TRUE;
+            break;
+
+        case SEC_OID_PKCS7_DIGESTED_DATA: {
+            SEC_PKCS7DigestedData *digd;
+
+            digd = cinfo->content.digestedData;
+            if (digd == NULL)
+                break;
+
+            if (dest == &(digd->contentInfo.content))
+                before_content = PR_TRUE;
+        } break;
+
+        case SEC_OID_PKCS7_ENCRYPTED_DATA: {
+            SEC_PKCS7EncryptedData *encd;
+
+            encd = cinfo->content.encryptedData;
+            if (encd == NULL)
+                break;
+
+            if (dest == &(encd->encContentInfo.encContent))
+                before_content = PR_TRUE;
+        } break;
+
+        case SEC_OID_PKCS7_ENVELOPED_DATA: {
+            SEC_PKCS7EnvelopedData *envd;
+
+            envd = cinfo->content.envelopedData;
+            if (envd == NULL)
+                break;
+
+            if (dest == &(envd->encContentInfo.encContent))
+                before_content = PR_TRUE;
+        } break;
+
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sigd;
+
+            sigd = cinfo->content.signedData;
+            if (sigd == NULL)
+                break;
+
+            if (dest == &(sigd->contentInfo.content))
+                before_content = PR_TRUE;
+        } break;
+
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saed;
+
+            saed = cinfo->content.signedAndEnvelopedData;
+            if (saed == NULL)
+                break;
+
+            if (dest == &(saed->encContentInfo.encContent))
+                before_content = PR_TRUE;
+        } break;
+    }
+
+    if (before_content) {
+        /*
+         * This will cause the next SEC_ASN1EncoderUpdate to take the
+         * contents bytes from the passed-in buffer.
+         */
+        SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
+        /*
+         * And that is all we needed this notify function for.
+         */
+        SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx);
+    }
+}
+
+static SEC_PKCS7EncoderContext *
+sec_pkcs7_encoder_start_contexts(SEC_PKCS7ContentInfo *cinfo,
+                                 PK11SymKey *bulkkey)
+{
+    SEC_PKCS7EncoderContext *p7ecx;
+    SECOidTag kind;
+    PRBool encrypt;
+    SECItem **digests;
+    SECAlgorithmID *digestalg, **digestalgs;
+
+    p7ecx =
+        (SEC_PKCS7EncoderContext *)PORT_ZAlloc(sizeof(SEC_PKCS7EncoderContext));
+    if (p7ecx == NULL)
+        return NULL;
+
+    digests = NULL;
+    digestalg = NULL;
+    digestalgs = NULL;
+    encrypt = PR_FALSE;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            digestalg = &(cinfo->content.digestedData->digestAlg);
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            digests = cinfo->content.signedData->digests;
+            digestalgs = cinfo->content.signedData->digestAlgorithms;
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            encrypt = PR_TRUE;
+            break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            digests = cinfo->content.signedAndEnvelopedData->digests;
+            digestalgs = cinfo->content.signedAndEnvelopedData->digestAlgorithms;
+            encrypt = PR_TRUE;
+            break;
+    }
+
+    if (encrypt) {
+        p7ecx->encryptobj = sec_pkcs7_encoder_start_encrypt(cinfo, bulkkey);
+        if (p7ecx->encryptobj == NULL) {
+            PORT_Free(p7ecx);
+            return NULL;
+        }
+    }
+
+    if (digestalgs != NULL) {
+        if (digests != NULL) {
+            /* digests already created (probably for detached data) */
+            digestalg = NULL;
+        } else {
+            /*
+             * XXX Some day we should handle multiple digests; for now,
+             * assume only one will be done.
+             */
+            PORT_Assert(digestalgs[0] != NULL && digestalgs[1] == NULL);
+            digestalg = digestalgs[0];
+        }
+    }
+
+    if (digestalg != NULL) {
+        SECOidTag oidTag = SECOID_FindOIDTag(&(digestalg->algorithm));
+
+        p7ecx->digestobj = HASH_GetHashObjectByOidTag(oidTag);
+        if (p7ecx->digestobj != NULL) {
+            p7ecx->digestcx = (*p7ecx->digestobj->create)();
+            if (p7ecx->digestcx == NULL)
+                p7ecx->digestobj = NULL;
+            else
+                (*p7ecx->digestobj->begin)(p7ecx->digestcx);
+        }
+        if (p7ecx->digestobj == NULL) {
+            if (p7ecx->encryptobj != NULL)
+                sec_PKCS7DestroyEncryptObject(p7ecx->encryptobj);
+            PORT_Free(p7ecx);
+            return NULL;
+        }
+    }
+
+    p7ecx->cinfo = cinfo;
+    return p7ecx;
+}
+
+SEC_PKCS7EncoderContext *
+SEC_PKCS7EncoderStart(SEC_PKCS7ContentInfo *cinfo,
+                      SEC_PKCS7EncoderOutputCallback outputfn,
+                      void *outputarg,
+                      PK11SymKey *bulkkey)
+{
+    SEC_PKCS7EncoderContext *p7ecx;
+    SECStatus rv;
+
+    p7ecx = sec_pkcs7_encoder_start_contexts(cinfo, bulkkey);
+    if (p7ecx == NULL)
+        return NULL;
+
+    p7ecx->output.outputfn = outputfn;
+    p7ecx->output.outputarg = outputarg;
+
+    /*
+     * Initialize the BER encoder.
+     */
+    p7ecx->ecx = SEC_ASN1EncoderStart(cinfo, sec_PKCS7ContentInfoTemplate,
+                                      sec_pkcs7_encoder_out, &(p7ecx->output));
+    if (p7ecx->ecx == NULL) {
+        PORT_Free(p7ecx);
+        return NULL;
+    }
+
+    /*
+     * Indicate that we are streaming.  We will be streaming until we
+     * get past the contents bytes.
+     */
+    SEC_ASN1EncoderSetStreaming(p7ecx->ecx);
+
+    /*
+     * The notify function will watch for the contents field.
+     */
+    SEC_ASN1EncoderSetNotifyProc(p7ecx->ecx, sec_pkcs7_encoder_notify, p7ecx);
+
+    /*
+     * This will encode everything up to the content bytes.  (The notify
+     * function will then cause the encoding to stop there.)  Then our
+     * caller can start passing contents bytes to our Update, which we
+     * will pass along.
+     */
+    rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
+    if (rv != SECSuccess) {
+        PORT_Free(p7ecx);
+        return NULL;
+    }
+
+    return p7ecx;
+}
+
+/*
+ * XXX If/when we support nested contents, this needs to be revised.
+ */
+static SECStatus
+sec_pkcs7_encoder_work_data(SEC_PKCS7EncoderContext *p7ecx, SECItem *dest,
+                            const unsigned char *data, unsigned long len,
+                            PRBool final)
+{
+    unsigned char *buf = NULL;
+    SECStatus rv;
+
+    rv = SECSuccess; /* may as well be optimistic */
+
+    /*
+     * We should really have data to process, or we should be trying
+     * to finish/flush the last block.  (This is an overly paranoid
+     * check since all callers are in this file and simple inspection
+     * proves they do it right.  But it could find a bug in future
+     * modifications/development, that is why it is here.)
+     */
+    PORT_Assert((data != NULL && len) || final);
+
+    /*
+     * Update the running digest.
+     * XXX This needs modification if/when we handle multiple digests.
+     */
+    if (len && p7ecx->digestobj != NULL) {
+        (*p7ecx->digestobj->update)(p7ecx->digestcx, data, len);
+    }
+
+    /*
+     * Encrypt this chunk.
+     */
+    if (p7ecx->encryptobj != NULL) {
+        /* XXX the following lengths should all be longs? */
+        unsigned int inlen;  /* length of data being encrypted */
+        unsigned int outlen; /* length of encrypted data */
+        unsigned int buflen; /* length available for encrypted data */
+
+        inlen = len;
+        buflen = sec_PKCS7EncryptLength(p7ecx->encryptobj, inlen, final);
+        if (buflen == 0) {
+            /*
+             * No output is expected, but the input data may be buffered
+             * so we still have to call Encrypt.
+             */
+            rv = sec_PKCS7Encrypt(p7ecx->encryptobj, NULL, NULL, 0,
+                                  data, inlen, final);
+            if (final) {
+                len = 0;
+                goto done;
+            }
+            return rv;
+        }
+
+        if (dest != NULL)
+            buf = (unsigned char *)PORT_ArenaAlloc(p7ecx->cinfo->poolp, buflen);
+        else
+            buf = (unsigned char *)PORT_Alloc(buflen);
+
+        if (buf == NULL) {
+            rv = SECFailure;
+        } else {
+            rv = sec_PKCS7Encrypt(p7ecx->encryptobj, buf, &outlen, buflen,
+                                  data, inlen, final);
+            data = buf;
+            len = outlen;
+        }
+        if (rv != SECSuccess) {
+            if (final)
+                goto done;
+            return rv;
+        }
+    }
+
+    if (p7ecx->ecx != NULL) {
+        /*
+         * Encode the contents bytes.
+         */
+        if (len) {
+            rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, (const char *)data, len);
+        }
+    }
+
+done:
+    if (p7ecx->encryptobj != NULL) {
+        if (final)
+            sec_PKCS7DestroyEncryptObject(p7ecx->encryptobj);
+        if (dest != NULL) {
+            dest->data = buf;
+            dest->len = len;
+        } else if (buf != NULL) {
+            PORT_Free(buf);
+        }
+    }
+
+    if (final && p7ecx->digestobj != NULL) {
+        SECItem *digest, **digests, ***digestsp;
+        unsigned char *digdata;
+        SECOidTag kind;
+
+        kind = SEC_PKCS7ContentType(p7ecx->cinfo);
+        switch (kind) {
+            default:
+                PORT_Assert(0);
+                return SECFailure;
+            case SEC_OID_PKCS7_DIGESTED_DATA:
+                digest = &(p7ecx->cinfo->content.digestedData->digest);
+                digestsp = NULL;
+                break;
+            case SEC_OID_PKCS7_SIGNED_DATA:
+                digest = NULL;
+                digestsp = &(p7ecx->cinfo->content.signedData->digests);
+                break;
+            case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+                digest = NULL;
+                digestsp = &(p7ecx->cinfo->content.signedAndEnvelopedData->digests);
+                break;
+        }
+
+        digdata = (unsigned char *)PORT_ArenaAlloc(p7ecx->cinfo->poolp,
+                                                   p7ecx->digestobj->length);
+        if (digdata == NULL)
+            return SECFailure;
+
+        if (digestsp != NULL) {
+            PORT_Assert(digest == NULL);
+
+            digest = (SECItem *)PORT_ArenaAlloc(p7ecx->cinfo->poolp,
+                                                sizeof(SECItem));
+            digests = (SECItem **)PORT_ArenaAlloc(p7ecx->cinfo->poolp,
+                                                  2 * sizeof(SECItem *));
+            if (digests == NULL || digest == NULL)
+                return SECFailure;
+
+            digests[0] = digest;
+            digests[1] = NULL;
+
+            *digestsp = digests;
+        }
+
+        PORT_Assert(digest != NULL);
+
+        digest->data = digdata;
+        digest->len = p7ecx->digestobj->length;
+
+        (*p7ecx->digestobj->end)(p7ecx->digestcx, digest->data,
+                                 &(digest->len), digest->len);
+        (*p7ecx->digestobj->destroy)(p7ecx->digestcx, PR_TRUE);
+    }
+
+    return rv;
+}
+
+SECStatus
+SEC_PKCS7EncoderUpdate(SEC_PKCS7EncoderContext *p7ecx,
+                       const char *data, unsigned long len)
+{
+    /* XXX Error handling needs help.  Return what?  Do "Finish" on failure? */
+    return sec_pkcs7_encoder_work_data(p7ecx, NULL,
+                                       (const unsigned char *)data, len,
+                                       PR_FALSE);
+}
+
+static SECStatus
+sec_pkcs7_encoder_sig_and_certs(SEC_PKCS7ContentInfo *cinfo,
+                                SECKEYGetPasswordKey pwfn, void *pwfnarg)
+{
+    SECOidTag kind;
+    CERTCertificate **certs;
+    CERTCertificateList **certlists;
+    SECAlgorithmID **digestalgs;
+    SECItem **digests;
+    SEC_PKCS7SignerInfo *signerinfo, **signerinfos;
+    SECItem **rawcerts, ***rawcertsp;
+    PLArenaPool *poolp;
+    int certcount;
+    int ci, cli, rci, si;
+
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            certs = NULL;
+            certlists = NULL;
+            digestalgs = NULL;
+            digests = NULL;
+            signerinfos = NULL;
+            rawcertsp = NULL;
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA: {
+            SEC_PKCS7SignedData *sdp;
+
+            sdp = cinfo->content.signedData;
+            certs = sdp->certs;
+            certlists = sdp->certLists;
+            digestalgs = sdp->digestAlgorithms;
+            digests = sdp->digests;
+            signerinfos = sdp->signerInfos;
+            rawcertsp = &(sdp->rawCerts);
+        } break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA: {
+            SEC_PKCS7SignedAndEnvelopedData *saedp;
+
+            saedp = cinfo->content.signedAndEnvelopedData;
+            certs = saedp->certs;
+            certlists = saedp->certLists;
+            digestalgs = saedp->digestAlgorithms;
+            digests = saedp->digests;
+            signerinfos = saedp->signerInfos;
+            rawcertsp = &(saedp->rawCerts);
+        } break;
+    }
+
+    if (certs == NULL && certlists == NULL && signerinfos == NULL)
+        return SECSuccess; /* nothing for us to do! */
+
+    poolp = cinfo->poolp;
+    certcount = 0;
+
+    if (signerinfos != NULL) {
+        SECOidTag digestalgtag;
+        int di;
+        SECStatus rv;
+        CERTCertificate *cert;
+        SECKEYPrivateKey *privkey;
+        SECItem signature;
+        SECOidTag signalgtag;
+
+        PORT_Assert(digestalgs != NULL && digests != NULL);
+
+        /*
+         * If one fails, we bail right then.  If we want to continue and
+         * try to do subsequent signatures, this loop, and the departures
+         * from it, will need to be reworked.
+         */
+        for (si = 0; signerinfos[si] != NULL; si++) {
+
+            signerinfo = signerinfos[si];
+
+            /* find right digest */
+            digestalgtag = SECOID_GetAlgorithmTag(&(signerinfo->digestAlg));
+            for (di = 0; digestalgs[di] != NULL; di++) {
+                /* XXX Should I be comparing more than the tag? */
+                if (digestalgtag == SECOID_GetAlgorithmTag(digestalgs[di]))
+                    break;
+            }
+            if (digestalgs[di] == NULL) {
+                /* XXX oops; do what? set an error? */
+                return SECFailure;
+            }
+            PORT_Assert(digests[di] != NULL);
+
+            cert = signerinfo->cert;
+            privkey = PK11_FindKeyByAnyCert(cert, pwfnarg);
+            if (privkey == NULL)
+                return SECFailure;
+
+            /*
+             * XXX I think there should be a cert-level interface for this,
+             * so that I do not have to know about subjectPublicKeyInfo...
+             */
+            signalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
+
+            if (signerinfo->authAttr != NULL) {
+                SEC_PKCS7Attribute *attr;
+                SECItem encoded_attrs;
+                SECItem *dummy;
+                SECOidTag algid;
+
+                /*
+                 * First, find and fill in the message digest attribute.
+                 */
+                attr = sec_PKCS7FindAttribute(signerinfo->authAttr,
+                                              SEC_OID_PKCS9_MESSAGE_DIGEST,
+                                              PR_TRUE);
+                PORT_Assert(attr != NULL);
+                if (attr == NULL) {
+                    SECKEY_DestroyPrivateKey(privkey);
+                    return SECFailure;
+                }
+
+                /*
+                 * XXX The second half of the following assertion prevents
+                 * the encoder from being called twice on the same content.
+                 * Either just remove the second half the assertion, or
+                 * change the code to check if the value already there is
+                 * the same as digests[di], whichever seems more right.
+                 */
+                PORT_Assert(attr->values != NULL && attr->values[0] == NULL);
+                attr->values[0] = digests[di];
+
+                /*
+                 * Before encoding, reorder the attributes so that when they
+                 * are encoded, they will be conforming DER, which is required
+                 * to have a specific order and that is what must be used for
+                 * the hash/signature.  We do this here, rather than building
+                 * it into EncodeAttributes, because we do not want to do
+                 * such reordering on incoming messages (which also uses
+                 * EncodeAttributes) or our old signatures (and other "broken"
+                 * implementations) will not verify.  So, we want to guarantee
+                 * that we send out good DER encodings of attributes, but not
+                 * to expect to receive them.
+                 */
+                rv = sec_PKCS7ReorderAttributes(signerinfo->authAttr);
+                if (rv != SECSuccess) {
+                    SECKEY_DestroyPrivateKey(privkey);
+                    return SECFailure;
+                }
+
+                encoded_attrs.data = NULL;
+                encoded_attrs.len = 0;
+                dummy = sec_PKCS7EncodeAttributes(NULL, &encoded_attrs,
+                                                  &(signerinfo->authAttr));
+                if (dummy == NULL) {
+                    SECKEY_DestroyPrivateKey(privkey);
+                    return SECFailure;
+                }
+
+                algid = SEC_GetSignatureAlgorithmOidTag(privkey->keyType,
+                                                        digestalgtag);
+                if (algid == SEC_OID_UNKNOWN) {
+                    PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                    SECKEY_DestroyPrivateKey(privkey);
+                    return SECFailure;
+                }
+                rv = SEC_SignData(&signature,
+                                  encoded_attrs.data, encoded_attrs.len,
+                                  privkey,
+                                  algid);
+                SECITEM_FreeItem(&encoded_attrs, PR_FALSE);
+            } else {
+                rv = SGN_Digest(privkey, digestalgtag, &signature,
+                                digests[di]);
+            }
+
+            SECKEY_DestroyPrivateKey(privkey);
+
+            if (rv != SECSuccess)
+                return rv;
+
+            rv = SECITEM_CopyItem(poolp, &(signerinfo->encDigest), &signature);
+            if (rv != SECSuccess)
+                return rv;
+
+            SECITEM_FreeItem(&signature, PR_FALSE);
+
+            rv = SECOID_SetAlgorithmID(poolp, &(signerinfo->digestEncAlg),
+                                       signalgtag, NULL);
+            if (rv != SECSuccess)
+                return SECFailure;
+
+            /*
+             * Count the cert chain for this signer.
+             */
+            if (signerinfo->certList != NULL)
+                certcount += signerinfo->certList->len;
+        }
+    }
+
+    if (certs != NULL) {
+        for (ci = 0; certs[ci] != NULL; ci++)
+            certcount++;
+    }
+
+    if (certlists != NULL) {
+        for (cli = 0; certlists[cli] != NULL; cli++)
+            certcount += certlists[cli]->len;
+    }
+
+    if (certcount == 0)
+        return SECSuccess; /* signing done; no certs */
+
+    /*
+     * Combine all of the certs and cert chains into rawcerts.
+     * Note: certcount is an upper bound; we may not need that many slots
+     * but we will allocate anyway to avoid having to do another pass.
+     * (The temporary space saving is not worth it.)
+     */
+    rawcerts = (SECItem **)PORT_ArenaAlloc(poolp,
+                                           (certcount + 1) * sizeof(SECItem *));
+    if (rawcerts == NULL)
+        return SECFailure;
+
+    /*
+     * XXX Want to check for duplicates and not add *any* cert that is
+     * already in the set.  This will be more important when we start
+     * dealing with larger sets of certs, dual-key certs (signing and
+     * encryption), etc.  For the time being we can slide by...
+     */
+    rci = 0;
+    if (signerinfos != NULL) {
+        for (si = 0; signerinfos[si] != NULL; si++) {
+            signerinfo = signerinfos[si];
+            for (ci = 0; ci < signerinfo->certList->len; ci++)
+                rawcerts[rci++] = &(signerinfo->certList->certs[ci]);
+        }
+    }
+
+    if (certs != NULL) {
+        for (ci = 0; certs[ci] != NULL; ci++)
+            rawcerts[rci++] = &(certs[ci]->derCert);
+    }
+
+    if (certlists != NULL) {
+        for (cli = 0; certlists[cli] != NULL; cli++) {
+            for (ci = 0; ci < certlists[cli]->len; ci++)
+                rawcerts[rci++] = &(certlists[cli]->certs[ci]);
+        }
+    }
+
+    rawcerts[rci] = NULL;
+    *rawcertsp = rawcerts;
+
+    return SECSuccess;
+}
+
+SECStatus
+SEC_PKCS7EncoderFinish(SEC_PKCS7EncoderContext *p7ecx,
+                       SECKEYGetPasswordKey pwfn, void *pwfnarg)
+{
+    SECStatus rv;
+
+    /*
+     * Flush out any remaining data.
+     */
+    rv = sec_pkcs7_encoder_work_data(p7ecx, NULL, NULL, 0, PR_TRUE);
+
+    /*
+     * Turn off streaming stuff.
+     */
+    SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);
+    SEC_ASN1EncoderClearStreaming(p7ecx->ecx);
+
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = sec_pkcs7_encoder_sig_and_certs(p7ecx->cinfo, pwfn, pwfnarg);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
+
+loser:
+    SEC_ASN1EncoderFinish(p7ecx->ecx);
+    PORT_Free(p7ecx);
+    return rv;
+}
+
+/*
+ * Abort the ASN.1 stream. Used by pkcs 12
+ */
+void
+SEC_PKCS7EncoderAbort(SEC_PKCS7EncoderContext *p7ecx, int error)
+{
+    PORT_Assert(p7ecx);
+    SEC_ASN1EncoderAbort(p7ecx->ecx, error);
+}
+
+/*
+ * After this routine is called, the entire PKCS7 contentInfo is ready
+ * to be encoded.  This is used internally, but can also be called from
+ * elsewhere for those who want to be able to just have pointers to
+ * the ASN1 template for pkcs7 contentInfo built into their own encodings.
+ */
+SECStatus
+SEC_PKCS7PrepareForEncode(SEC_PKCS7ContentInfo *cinfo,
+                          PK11SymKey *bulkkey,
+                          SECKEYGetPasswordKey pwfn,
+                          void *pwfnarg)
+{
+    SEC_PKCS7EncoderContext *p7ecx;
+    SECItem *content, *enc_content;
+    SECStatus rv;
+
+    p7ecx = sec_pkcs7_encoder_start_contexts(cinfo, bulkkey);
+    if (p7ecx == NULL)
+        return SECFailure;
+
+    content = SEC_PKCS7GetContent(cinfo);
+
+    if (p7ecx->encryptobj != NULL) {
+        SECOidTag kind;
+        SEC_PKCS7EncryptedContentInfo *enccinfo;
+
+        kind = SEC_PKCS7ContentType(p7ecx->cinfo);
+        switch (kind) {
+            default:
+                PORT_Assert(0);
+                rv = SECFailure;
+                goto loser;
+            case SEC_OID_PKCS7_ENCRYPTED_DATA:
+                enccinfo = &(p7ecx->cinfo->content.encryptedData->encContentInfo);
+                break;
+            case SEC_OID_PKCS7_ENVELOPED_DATA:
+                enccinfo = &(p7ecx->cinfo->content.envelopedData->encContentInfo);
+                break;
+            case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+                enccinfo = &(p7ecx->cinfo->content.signedAndEnvelopedData->encContentInfo);
+                break;
+        }
+        enc_content = &(enccinfo->encContent);
+    } else {
+        enc_content = NULL;
+    }
+
+    if (content != NULL && content->data != NULL && content->len) {
+        rv = sec_pkcs7_encoder_work_data(p7ecx, enc_content,
+                                         content->data, content->len, PR_TRUE);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    rv = sec_pkcs7_encoder_sig_and_certs(cinfo, pwfn, pwfnarg);
+
+loser:
+    PORT_Free(p7ecx);
+    return rv;
+}
+
+/*
+ * Encode a PKCS7 object, in one shot.  All necessary components
+ * of the object must already be specified.  Either the data has
+ * already been included (via SetContent), or the data is detached,
+ * or there is no data at all (certs-only).
+ *
+ * "cinfo" specifies the object to be encoded.
+ *
+ * "outputfn" is where the encoded bytes will be passed.
+ *
+ * "outputarg" is an opaque argument to the above callback.
+ *
+ * "bulkkey" specifies the bulk encryption key to use.   This argument
+ * can be NULL if no encryption is being done, or if the bulk key should
+ * be generated internally (usually the case for EnvelopedData but never
+ * for EncryptedData, which *must* provide a bulk encryption key).
+ *
+ * "pwfn" is a callback for getting the password which protects the
+ * private key of the signer.  This argument can be NULL if it is known
+ * that no signing is going to be done.
+ *
+ * "pwfnarg" is an opaque argument to the above callback.
+ */
+SECStatus
+SEC_PKCS7Encode(SEC_PKCS7ContentInfo *cinfo,
+                SEC_PKCS7EncoderOutputCallback outputfn,
+                void *outputarg,
+                PK11SymKey *bulkkey,
+                SECKEYGetPasswordKey pwfn,
+                void *pwfnarg)
+{
+    SECStatus rv;
+
+    rv = SEC_PKCS7PrepareForEncode(cinfo, bulkkey, pwfn, pwfnarg);
+    if (rv == SECSuccess) {
+        struct sec_pkcs7_encoder_output outputcx;
+
+        outputcx.outputfn = outputfn;
+        outputcx.outputarg = outputarg;
+
+        rv = SEC_ASN1Encode(cinfo, sec_PKCS7ContentInfoTemplate,
+                            sec_pkcs7_encoder_out, &outputcx);
+    }
+
+    return rv;
+}
+
+/*
+ * Encode a PKCS7 object, in one shot.  All necessary components
+ * of the object must already be specified.  Either the data has
+ * already been included (via SetContent), or the data is detached,
+ * or there is no data at all (certs-only).  The output, rather than
+ * being passed to an output function as is done above, is all put
+ * into a SECItem.
+ *
+ * "pool" specifies a pool from which to allocate the result.
+ * It can be NULL, in which case memory is allocated generically.
+ *
+ * "dest" specifies a SECItem in which to put the result data.
+ * It can be NULL, in which case the entire item is allocated, too.
+ *
+ * "cinfo" specifies the object to be encoded.
+ *
+ * "bulkkey" specifies the bulk encryption key to use.   This argument
+ * can be NULL if no encryption is being done, or if the bulk key should
+ * be generated internally (usually the case for EnvelopedData but never
+ * for EncryptedData, which *must* provide a bulk encryption key).
+ *
+ * "pwfn" is a callback for getting the password which protects the
+ * private key of the signer.  This argument can be NULL if it is known
+ * that no signing is going to be done.
+ *
+ * "pwfnarg" is an opaque argument to the above callback.
+ */
+SECItem *
+SEC_PKCS7EncodeItem(PLArenaPool *pool,
+                    SECItem *dest,
+                    SEC_PKCS7ContentInfo *cinfo,
+                    PK11SymKey *bulkkey,
+                    SECKEYGetPasswordKey pwfn,
+                    void *pwfnarg)
+{
+    SECStatus rv;
+
+    rv = SEC_PKCS7PrepareForEncode(cinfo, bulkkey, pwfn, pwfnarg);
+    if (rv != SECSuccess)
+        return NULL;
+
+    return SEC_ASN1EncodeItem(pool, dest, cinfo, sec_PKCS7ContentInfoTemplate);
+}
diff --git a/nss/lib/pkcs7/p7local.c b/nss/lib/pkcs7/p7local.c
new file mode 100644
index 0000000..182e385
--- /dev/null
+++ b/nss/lib/pkcs7/p7local.c
@@ -0,0 +1,1310 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support routines for PKCS7 implementation, none of which are exported.
+ * This file should only contain things that are needed by both the
+ * encoding/creation side *and* the decoding/decryption side.  Anything
+ * else should be static routines in the appropriate file.
+ */
+
+#include "p7local.h"
+
+#include "cryptohi.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "pk11func.h"
+#include "secpkcs5.h"
+#include "secerr.h"
+
+/*
+ * -------------------------------------------------------------------
+ * Cipher stuff.
+ */
+
+typedef SECStatus (*sec_pkcs7_cipher_function)(void *,
+                                               unsigned char *,
+                                               unsigned *,
+                                               unsigned int,
+                                               const unsigned char *,
+                                               unsigned int);
+typedef SECStatus (*sec_pkcs7_cipher_destroy)(void *, PRBool);
+
+#define BLOCK_SIZE 4096
+
+struct sec_pkcs7_cipher_object {
+    void *cx;
+    sec_pkcs7_cipher_function doit;
+    sec_pkcs7_cipher_destroy destroy;
+    PRBool encrypt;
+    int block_size;
+    int pad_size;
+    int pending_count;
+    unsigned char pending_buf[BLOCK_SIZE];
+};
+
+SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
+SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate)
+
+/*
+ * Create a cipher object to do decryption,  based on the given bulk
+ * encryption key and algorithm identifier (which may include an iv).
+ *
+ * XXX This interface, or one similar, would be really nice available
+ * in general...  I tried to keep the pkcs7-specific stuff (mostly
+ * having to do with padding) out of here.
+ *
+ * XXX Once both are working, it might be nice to combine this and the
+ * function below (for starting up encryption) into one routine, and just
+ * have two simple cover functions which call it.
+ */
+sec_PKCS7CipherObject *
+sec_PKCS7CreateDecryptObject(PK11SymKey *key, SECAlgorithmID *algid)
+{
+    sec_PKCS7CipherObject *result;
+    SECOidTag algtag;
+    void *ciphercx;
+    CK_MECHANISM_TYPE cryptoMechType;
+    PK11SlotInfo *slot;
+    SECItem *param = NULL;
+
+    result = (struct sec_pkcs7_cipher_object *)
+        PORT_ZAlloc(sizeof(struct sec_pkcs7_cipher_object));
+    if (result == NULL)
+        return NULL;
+
+    ciphercx = NULL;
+    algtag = SECOID_GetAlgorithmTag(algid);
+
+    if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
+        SECItem *pwitem;
+
+        pwitem = (SECItem *)PK11_GetSymKeyUserData(key);
+        if (!pwitem) {
+            PORT_Free(result);
+            return NULL;
+        }
+
+        cryptoMechType = PK11_GetPBECryptoMechanism(algid, &param, pwitem);
+        if (cryptoMechType == CKM_INVALID_MECHANISM) {
+            PORT_Free(result);
+            SECITEM_FreeItem(param, PR_TRUE);
+            return NULL;
+        }
+    } else {
+        cryptoMechType = PK11_AlgtagToMechanism(algtag);
+        param = PK11_ParamFromAlgid(algid);
+        if (param == NULL) {
+            PORT_Free(result);
+            return NULL;
+        }
+    }
+
+    result->pad_size = PK11_GetBlockSize(cryptoMechType, param);
+    slot = PK11_GetSlotFromKey(key);
+    result->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : result->pad_size;
+    PK11_FreeSlot(slot);
+    ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT,
+                                          key, param);
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (ciphercx == NULL) {
+        PORT_Free(result);
+        return NULL;
+    }
+
+    result->cx = ciphercx;
+    result->doit = (sec_pkcs7_cipher_function)PK11_CipherOp;
+    result->destroy = (sec_pkcs7_cipher_destroy)PK11_DestroyContext;
+    result->encrypt = PR_FALSE;
+    result->pending_count = 0;
+
+    return result;
+}
+
+/*
+ * Create a cipher object to do encryption, based on the given bulk
+ * encryption key and algorithm tag.  Fill in the algorithm identifier
+ * (which may include an iv) appropriately.
+ *
+ * XXX This interface, or one similar, would be really nice available
+ * in general...  I tried to keep the pkcs7-specific stuff (mostly
+ * having to do with padding) out of here.
+ *
+ * XXX Once both are working, it might be nice to combine this and the
+ * function above (for starting up decryption) into one routine, and just
+ * have two simple cover functions which call it.
+ */
+sec_PKCS7CipherObject *
+sec_PKCS7CreateEncryptObject(PLArenaPool *poolp, PK11SymKey *key,
+                             SECOidTag algtag, SECAlgorithmID *algid)
+{
+    sec_PKCS7CipherObject *result;
+    void *ciphercx;
+    SECStatus rv;
+    CK_MECHANISM_TYPE cryptoMechType;
+    PK11SlotInfo *slot;
+    SECItem *param = NULL;
+    PRBool needToEncodeAlgid = PR_FALSE;
+
+    result = (struct sec_pkcs7_cipher_object *)
+        PORT_ZAlloc(sizeof(struct sec_pkcs7_cipher_object));
+    if (result == NULL)
+        return NULL;
+
+    ciphercx = NULL;
+    if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
+        SECItem *pwitem;
+
+        pwitem = (SECItem *)PK11_GetSymKeyUserData(key);
+        if (!pwitem) {
+            PORT_Free(result);
+            return NULL;
+        }
+
+        cryptoMechType = PK11_GetPBECryptoMechanism(algid, &param, pwitem);
+        if (cryptoMechType == CKM_INVALID_MECHANISM) {
+            PORT_Free(result);
+            SECITEM_FreeItem(param, PR_TRUE);
+            return NULL;
+        }
+    } else {
+        cryptoMechType = PK11_AlgtagToMechanism(algtag);
+        param = PK11_GenerateNewParam(cryptoMechType, key);
+        if (param == NULL) {
+            PORT_Free(result);
+            return NULL;
+        }
+        needToEncodeAlgid = PR_TRUE;
+    }
+
+    result->pad_size = PK11_GetBlockSize(cryptoMechType, param);
+    slot = PK11_GetSlotFromKey(key);
+    result->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : result->pad_size;
+    PK11_FreeSlot(slot);
+    ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT,
+                                          key, param);
+    if (ciphercx == NULL) {
+        PORT_Free(result);
+        SECITEM_FreeItem(param, PR_TRUE);
+        return NULL;
+    }
+
+    /*
+     * These are placed after the CreateContextBySymKey() because some
+     * mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
+     * Don't move it from here.
+     */
+    if (needToEncodeAlgid) {
+        rv = PK11_ParamToAlgid(algtag, param, poolp, algid);
+        if (rv != SECSuccess) {
+            PORT_Free(result);
+            SECITEM_FreeItem(param, PR_TRUE);
+            PK11_DestroyContext(ciphercx, PR_TRUE);
+            return NULL;
+        }
+    }
+    SECITEM_FreeItem(param, PR_TRUE);
+
+    result->cx = ciphercx;
+    result->doit = (sec_pkcs7_cipher_function)PK11_CipherOp;
+    result->destroy = (sec_pkcs7_cipher_destroy)PK11_DestroyContext;
+    result->encrypt = PR_TRUE;
+    result->pending_count = 0;
+
+    return result;
+}
+
+/*
+ * Destroy the cipher object.
+ */
+static void
+sec_pkcs7_destroy_cipher(sec_PKCS7CipherObject *obj)
+{
+    (*obj->destroy)(obj->cx, PR_TRUE);
+    PORT_Free(obj);
+}
+
+void
+sec_PKCS7DestroyDecryptObject(sec_PKCS7CipherObject *obj)
+{
+    PORT_Assert(obj != NULL);
+    if (obj == NULL)
+        return;
+    PORT_Assert(!obj->encrypt);
+    sec_pkcs7_destroy_cipher(obj);
+}
+
+void
+sec_PKCS7DestroyEncryptObject(sec_PKCS7CipherObject *obj)
+{
+    PORT_Assert(obj != NULL);
+    if (obj == NULL)
+        return;
+    PORT_Assert(obj->encrypt);
+    sec_pkcs7_destroy_cipher(obj);
+}
+
+/*
+ * XXX I think all of the following lengths should be longs instead
+ * of ints, but our current crypto interface uses ints, so I did too.
+ */
+
+/*
+ * What will be the output length of the next call to decrypt?
+ * Result can be used to perform memory allocations.  Note that the amount
+ * is exactly accurate only when not doing a block cipher or when final
+ * is false, otherwise it is an upper bound on the amount because until
+ * we see the data we do not know how many padding bytes there are
+ * (always between 1 and bsize).
+ *
+ * Note that this can return zero, which does not mean that the decrypt
+ * operation can be skipped!  (It simply means that there are not enough
+ * bytes to make up an entire block; the bytes will be reserved until
+ * there are enough to encrypt/decrypt at least one block.)  However,
+ * if zero is returned it *does* mean that no output buffer need be
+ * passed in to the subsequent decrypt operation, as no output bytes
+ * will be stored.
+ */
+unsigned int
+sec_PKCS7DecryptLength(sec_PKCS7CipherObject *obj, unsigned int input_len,
+                       PRBool final)
+{
+    int blocks, block_size;
+
+    PORT_Assert(!obj->encrypt);
+
+    block_size = obj->block_size;
+
+    /*
+     * If this is not a block cipher, then we always have the same
+     * number of output bytes as we had input bytes.
+     */
+    if (block_size == 0)
+        return input_len;
+
+    /*
+     * On the final call, we will always use up all of the pending
+     * bytes plus all of the input bytes, *but*, there will be padding
+     * at the end and we cannot predict how many bytes of padding we
+     * will end up removing.  The amount given here is actually known
+     * to be at least 1 byte too long (because we know we will have
+     * at least 1 byte of padding), but seemed clearer/better to me.
+     */
+    if (final)
+        return obj->pending_count + input_len;
+
+    /*
+     * Okay, this amount is exactly what we will output on the
+     * next cipher operation.  We will always hang onto the last
+     * 1 - block_size bytes for non-final operations.  That is,
+     * we will do as many complete blocks as we can *except* the
+     * last block (complete or partial).  (This is because until
+     * we know we are at the end, we cannot know when to interpret
+     * and removing the padding byte(s), which are guaranteed to
+     * be there.)
+     */
+    blocks = (obj->pending_count + input_len - 1) / block_size;
+    return blocks * block_size;
+}
+
+/*
+ * What will be the output length of the next call to encrypt?
+ * Result can be used to perform memory allocations.
+ *
+ * Note that this can return zero, which does not mean that the encrypt
+ * operation can be skipped!  (It simply means that there are not enough
+ * bytes to make up an entire block; the bytes will be reserved until
+ * there are enough to encrypt/decrypt at least one block.)  However,
+ * if zero is returned it *does* mean that no output buffer need be
+ * passed in to the subsequent encrypt operation, as no output bytes
+ * will be stored.
+ */
+unsigned int
+sec_PKCS7EncryptLength(sec_PKCS7CipherObject *obj, unsigned int input_len,
+                       PRBool final)
+{
+    int blocks, block_size;
+    int pad_size;
+
+    PORT_Assert(obj->encrypt);
+
+    block_size = obj->block_size;
+    pad_size = obj->pad_size;
+
+    /*
+     * If this is not a block cipher, then we always have the same
+     * number of output bytes as we had input bytes.
+     */
+    if (block_size == 0)
+        return input_len;
+
+    /*
+     * On the final call, we only send out what we need for
+     * remaining bytes plus the padding.  (There is always padding,
+     * so even if we have an exact number of blocks as input, we
+     * will add another full block that is just padding.)
+     */
+    if (final) {
+        if (pad_size == 0) {
+            return obj->pending_count + input_len;
+        } else {
+            blocks = (obj->pending_count + input_len) / pad_size;
+            blocks++;
+            return blocks * pad_size;
+        }
+    }
+
+    /*
+     * Now, count the number of complete blocks of data we have.
+     */
+    blocks = (obj->pending_count + input_len) / block_size;
+
+    return blocks * block_size;
+}
+
+/*
+ * Decrypt a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the decrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "obj" is the return value from sec_PKCS7CreateDecryptObject.
+ * When "final" is true, this is the last of the data to be decrypted.
+ *
+ * This is much more complicated than it sounds when the cipher is
+ * a block-type, meaning that the decryption function will only
+ * operate on whole blocks.  But our caller is operating stream-wise,
+ * and can pass in any number of bytes.  So we need to keep track
+ * of block boundaries.  We save excess bytes between calls in "obj".
+ * We also need to determine which bytes are padding, and remove
+ * them from the output.  We can only do this step when we know we
+ * have the final block of data.  PKCS #7 specifies that the padding
+ * used for a block cipher is a string of bytes, each of whose value is
+ * the same as the length of the padding, and that all data is padded.
+ * (Even data that starts out with an exact multiple of blocks gets
+ * added to it another block, all of which is padding.)
+ */
+SECStatus
+sec_PKCS7Decrypt(sec_PKCS7CipherObject *obj, unsigned char *output,
+                 unsigned int *output_len_p, unsigned int max_output_len,
+                 const unsigned char *input, unsigned int input_len,
+                 PRBool final)
+{
+    unsigned int blocks, bsize, pcount, padsize;
+    unsigned int max_needed, ifraglen, ofraglen, output_len;
+    unsigned char *pbuf;
+    SECStatus rv;
+
+    PORT_Assert(!obj->encrypt);
+
+    /*
+     * Check that we have enough room for the output.  Our caller should
+     * already handle this; failure is really an internal error (i.e. bug).
+     */
+    max_needed = sec_PKCS7DecryptLength(obj, input_len, final);
+    PORT_Assert(max_output_len >= max_needed);
+    if (max_output_len < max_needed) {
+        /* PORT_SetError (XXX); */
+        return SECFailure;
+    }
+
+    /*
+     * hardware encryption does not like small decryption sizes here, so we
+     * allow both blocking and padding.
+     */
+    bsize = obj->block_size;
+    padsize = obj->pad_size;
+
+    /*
+     * When no blocking or padding work to do, we can simply call the
+     * cipher function and we are done.
+     */
+    if (bsize == 0) {
+        return (*obj->doit)(obj->cx, output, output_len_p, max_output_len,
+                            input, input_len);
+    }
+
+    pcount = obj->pending_count;
+    pbuf = obj->pending_buf;
+
+    output_len = 0;
+
+    if (pcount) {
+        /*
+         * Try to fill in an entire block, starting with the bytes
+         * we already have saved away.
+         */
+        while (input_len && pcount < bsize) {
+            pbuf[pcount++] = *input++;
+            input_len--;
+        }
+        /*
+         * If we have at most a whole block and this is not our last call,
+         * then we are done for now.  (We do not try to decrypt a lone
+         * single block because we cannot interpret the padding bytes
+         * until we know we are handling the very last block of all input.)
+         */
+        if (input_len == 0 && !final) {
+            obj->pending_count = pcount;
+            if (output_len_p)
+                *output_len_p = 0;
+            return SECSuccess;
+        }
+        /*
+         * Given the logic above, we expect to have a full block by now.
+         * If we do not, there is something wrong, either with our own
+         * logic or with (length of) the data given to us.
+         */
+        PORT_Assert((padsize == 0) || (pcount % padsize) == 0);
+        if ((padsize != 0) && (pcount % padsize) != 0) {
+            PORT_Assert(final);
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+        /*
+         * Decrypt the block.
+         */
+        rv = (*obj->doit)(obj->cx, output, &ofraglen, max_output_len,
+                          pbuf, pcount);
+        if (rv != SECSuccess)
+            return rv;
+
+        /*
+         * For now anyway, all of our ciphers have the same number of
+         * bytes of output as they do input.  If this ever becomes untrue,
+         * then sec_PKCS7DecryptLength needs to be made smarter!
+         */
+        PORT_Assert(ofraglen == pcount);
+
+        /*
+         * Account for the bytes now in output.
+         */
+        max_output_len -= ofraglen;
+        output_len += ofraglen;
+        output += ofraglen;
+    }
+
+    /*
+     * If this is our last call, we expect to have an exact number of
+     * blocks left to be decrypted; we will decrypt them all.
+     *
+     * If not our last call, we always save between 1 and bsize bytes
+     * until next time.  (We must do this because we cannot be sure
+     * that none of the decrypted bytes are padding bytes until we
+     * have at least another whole block of data.  You cannot tell by
+     * looking -- the data could be anything -- you can only tell by
+     * context, knowing you are looking at the last block.)  We could
+     * decrypt a whole block now but it is easier if we just treat it
+     * the same way we treat partial block bytes.
+     */
+    if (final) {
+        if (padsize) {
+            blocks = input_len / padsize;
+            ifraglen = blocks * padsize;
+        } else
+            ifraglen = input_len;
+        PORT_Assert(ifraglen == input_len);
+
+        if (ifraglen != input_len) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+    } else {
+        blocks = (input_len - 1) / bsize;
+        ifraglen = blocks * bsize;
+        PORT_Assert(ifraglen < input_len);
+
+        pcount = input_len - ifraglen;
+        PORT_Memcpy(pbuf, input + ifraglen, pcount);
+        obj->pending_count = pcount;
+    }
+
+    if (ifraglen) {
+        rv = (*obj->doit)(obj->cx, output, &ofraglen, max_output_len,
+                          input, ifraglen);
+        if (rv != SECSuccess)
+            return rv;
+
+        /*
+         * For now anyway, all of our ciphers have the same number of
+         * bytes of output as they do input.  If this ever becomes untrue,
+         * then sec_PKCS7DecryptLength needs to be made smarter!
+         */
+        PORT_Assert(ifraglen == ofraglen);
+        if (ifraglen != ofraglen) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+
+        output_len += ofraglen;
+    } else {
+        ofraglen = 0;
+    }
+
+    /*
+     * If we just did our very last block, "remove" the padding by
+     * adjusting the output length.
+     */
+    if (final && (padsize != 0)) {
+        unsigned int padlen = *(output + ofraglen - 1);
+        if (padlen == 0 || padlen > padsize) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+        output_len -= padlen;
+    }
+
+    PORT_Assert(output_len_p != NULL || output_len == 0);
+    if (output_len_p != NULL)
+        *output_len_p = output_len;
+
+    return SECSuccess;
+}
+
+/*
+ * Encrypt a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the encrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "obj" is the return value from sec_PKCS7CreateEncryptObject.
+ * When "final" is true, this is the last of the data to be encrypted.
+ *
+ * This is much more complicated than it sounds when the cipher is
+ * a block-type, meaning that the encryption function will only
+ * operate on whole blocks.  But our caller is operating stream-wise,
+ * and can pass in any number of bytes.  So we need to keep track
+ * of block boundaries.  We save excess bytes between calls in "obj".
+ * We also need to add padding bytes at the end.  PKCS #7 specifies
+ * that the padding used for a block cipher is a string of bytes,
+ * each of whose value is the same as the length of the padding,
+ * and that all data is padded.  (Even data that starts out with
+ * an exact multiple of blocks gets added to it another block,
+ * all of which is padding.)
+ *
+ * XXX I would kind of like to combine this with the function above
+ * which does decryption, since they have a lot in common.  But the
+ * tricky parts about padding and filling blocks would be much
+ * harder to read that way, so I left them separate.  At least for
+ * now until it is clear that they are right.
+ */
+SECStatus
+sec_PKCS7Encrypt(sec_PKCS7CipherObject *obj, unsigned char *output,
+                 unsigned int *output_len_p, unsigned int max_output_len,
+                 const unsigned char *input, unsigned int input_len,
+                 PRBool final)
+{
+    int blocks, bsize, padlen, pcount, padsize;
+    unsigned int max_needed, ifraglen, ofraglen, output_len;
+    unsigned char *pbuf;
+    SECStatus rv;
+
+    PORT_Assert(obj->encrypt);
+
+    /*
+     * Check that we have enough room for the output.  Our caller should
+     * already handle this; failure is really an internal error (i.e. bug).
+     */
+    max_needed = sec_PKCS7EncryptLength(obj, input_len, final);
+    PORT_Assert(max_output_len >= max_needed);
+    if (max_output_len < max_needed) {
+        /* PORT_SetError (XXX); */
+        return SECFailure;
+    }
+
+    bsize = obj->block_size;
+    padsize = obj->pad_size;
+
+    /*
+     * When no blocking and padding work to do, we can simply call the
+     * cipher function and we are done.
+     */
+    if (bsize == 0) {
+        return (*obj->doit)(obj->cx, output, output_len_p, max_output_len,
+                            input, input_len);
+    }
+
+    pcount = obj->pending_count;
+    pbuf = obj->pending_buf;
+
+    output_len = 0;
+
+    if (pcount) {
+        /*
+         * Try to fill in an entire block, starting with the bytes
+         * we already have saved away.
+         */
+        while (input_len && pcount < bsize) {
+            pbuf[pcount++] = *input++;
+            input_len--;
+        }
+        /*
+         * If we do not have a full block and we know we will be
+         * called again, then we are done for now.
+         */
+        if (pcount < bsize && !final) {
+            obj->pending_count = pcount;
+            if (output_len_p != NULL)
+                *output_len_p = 0;
+            return SECSuccess;
+        }
+        /*
+         * If we have a whole block available, encrypt it.
+         */
+        if ((padsize == 0) || (pcount % padsize) == 0) {
+            rv = (*obj->doit)(obj->cx, output, &ofraglen, max_output_len,
+                              pbuf, pcount);
+            if (rv != SECSuccess)
+                return rv;
+
+            /*
+             * For now anyway, all of our ciphers have the same number of
+             * bytes of output as they do input.  If this ever becomes untrue,
+             * then sec_PKCS7EncryptLength needs to be made smarter!
+             */
+            PORT_Assert(ofraglen == pcount);
+
+            /*
+             * Account for the bytes now in output.
+             */
+            max_output_len -= ofraglen;
+            output_len += ofraglen;
+            output += ofraglen;
+
+            pcount = 0;
+        }
+    }
+
+    if (input_len) {
+        PORT_Assert(pcount == 0);
+
+        blocks = input_len / bsize;
+        ifraglen = blocks * bsize;
+
+        if (ifraglen) {
+            rv = (*obj->doit)(obj->cx, output, &ofraglen, max_output_len,
+                              input, ifraglen);
+            if (rv != SECSuccess)
+                return rv;
+
+            /*
+             * For now anyway, all of our ciphers have the same number of
+             * bytes of output as they do input.  If this ever becomes untrue,
+             * then sec_PKCS7EncryptLength needs to be made smarter!
+             */
+            PORT_Assert(ifraglen == ofraglen);
+
+            max_output_len -= ofraglen;
+            output_len += ofraglen;
+            output += ofraglen;
+        }
+
+        pcount = input_len - ifraglen;
+        PORT_Assert(pcount < bsize);
+        if (pcount)
+            PORT_Memcpy(pbuf, input + ifraglen, pcount);
+    }
+
+    if (final) {
+        if (padsize) {
+            padlen = padsize - (pcount % padsize);
+            PORT_Memset(pbuf + pcount, padlen, padlen);
+        } else {
+            padlen = 0;
+        }
+        rv = (*obj->doit)(obj->cx, output, &ofraglen, max_output_len,
+                          pbuf, pcount + padlen);
+        if (rv != SECSuccess)
+            return rv;
+
+        /*
+         * For now anyway, all of our ciphers have the same number of
+         * bytes of output as they do input.  If this ever becomes untrue,
+         * then sec_PKCS7EncryptLength needs to be made smarter!
+         */
+        PORT_Assert(ofraglen == (pcount + padlen));
+        output_len += ofraglen;
+    } else {
+        obj->pending_count = pcount;
+    }
+
+    PORT_Assert(output_len_p != NULL || output_len == 0);
+    if (output_len_p != NULL)
+        *output_len_p = output_len;
+
+    return SECSuccess;
+}
+
+/*
+ * End of cipher stuff.
+ * -------------------------------------------------------------------
+ */
+
+/*
+ * -------------------------------------------------------------------
+ * XXX The following Attribute stuff really belongs elsewhere.
+ * The Attribute type is *not* part of pkcs7 but rather X.501.
+ * But for now, since PKCS7 is the only customer of attributes,
+ * we define them here.  Once there is a use outside of PKCS7,
+ * then change the attribute types and functions from internal
+ * to external naming convention, and move them elsewhere!
+ */
+
+/*
+ * Look through a set of attributes and find one that matches the
+ * specified object ID.  If "only" is true, then make sure that
+ * there is not more than one attribute of the same type.  Otherwise,
+ * just return the first one found. (XXX Does anybody really want
+ * that first-found behavior?  It was like that when I found it...)
+ */
+SEC_PKCS7Attribute *
+sec_PKCS7FindAttribute(SEC_PKCS7Attribute **attrs, SECOidTag oidtag,
+                       PRBool only)
+{
+    SECOidData *oid;
+    SEC_PKCS7Attribute *attr1, *attr2;
+
+    if (attrs == NULL)
+        return NULL;
+
+    oid = SECOID_FindOIDByTag(oidtag);
+    if (oid == NULL)
+        return NULL;
+
+    while ((attr1 = *attrs++) != NULL) {
+        if (attr1->type.len == oid->oid.len && PORT_Memcmp(attr1->type.data, oid->oid.data, oid->oid.len) == 0)
+            break;
+    }
+
+    if (attr1 == NULL)
+        return NULL;
+
+    if (!only)
+        return attr1;
+
+    while ((attr2 = *attrs++) != NULL) {
+        if (attr2->type.len == oid->oid.len && PORT_Memcmp(attr2->type.data, oid->oid.data, oid->oid.len) == 0)
+            break;
+    }
+
+    if (attr2 != NULL)
+        return NULL;
+
+    return attr1;
+}
+
+/*
+ * Return the single attribute value, doing some sanity checking first:
+ * - Multiple values are *not* expected.
+ * - Empty values are *not* expected.
+ */
+SECItem *
+sec_PKCS7AttributeValue(SEC_PKCS7Attribute *attr)
+{
+    SECItem *value;
+
+    if (attr == NULL)
+        return NULL;
+
+    value = attr->values[0];
+
+    if (value == NULL || value->data == NULL || value->len == 0)
+        return NULL;
+
+    if (attr->values[1] != NULL)
+        return NULL;
+
+    return value;
+}
+
+static const SEC_ASN1Template *
+sec_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+
+    SEC_PKCS7Attribute *attribute;
+    SECOidData *oiddata;
+    PRBool encoded;
+
+    PORT_Assert(src_or_dest != NULL);
+    if (src_or_dest == NULL)
+        return NULL;
+
+    attribute = (SEC_PKCS7Attribute *)src_or_dest;
+
+    if (encoding && attribute->encoded)
+        return SEC_ASN1_GET(SEC_AnyTemplate);
+
+    oiddata = attribute->typeTag;
+    if (oiddata == NULL) {
+        oiddata = SECOID_FindOID(&attribute->type);
+        attribute->typeTag = oiddata;
+    }
+
+    if (oiddata == NULL) {
+        encoded = PR_TRUE;
+        theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+    } else {
+        switch (oiddata->offset) {
+            default:
+                encoded = PR_TRUE;
+                theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+                break;
+            case SEC_OID_PKCS9_EMAIL_ADDRESS:
+            case SEC_OID_RFC1274_MAIL:
+            case SEC_OID_PKCS9_UNSTRUCTURED_NAME:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
+                break;
+            case SEC_OID_PKCS9_CONTENT_TYPE:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(SEC_ObjectIDTemplate);
+                break;
+            case SEC_OID_PKCS9_MESSAGE_DIGEST:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate);
+                break;
+            case SEC_OID_PKCS9_SIGNING_TIME:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(CERT_TimeChoiceTemplate);
+                break;
+                /* XXX Want other types here, too */
+        }
+    }
+
+    if (encoding) {
+        /*
+         * If we are encoding and we think we have an already-encoded value,
+         * then the code which initialized this attribute should have set
+         * the "encoded" property to true (and we would have returned early,
+         * up above).  No devastating error, but that code should be fixed.
+         * (It could indicate that the resulting encoded bytes are wrong.)
+         */
+        PORT_Assert(!encoded);
+    } else {
+        /*
+         * We are decoding; record whether the resulting value is
+         * still encoded or not.
+         */
+        attribute->encoded = encoded;
+    }
+    return theTemplate;
+}
+
+static const SEC_ASN1TemplateChooserPtr sec_attr_chooser = sec_attr_choose_attr_value_template;
+
+static const SEC_ASN1Template sec_pkcs7_attribute_template[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SEC_PKCS7Attribute) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(SEC_PKCS7Attribute, type) },
+    { SEC_ASN1_DYNAMIC | SEC_ASN1_SET_OF,
+      offsetof(SEC_PKCS7Attribute, values),
+      &sec_attr_chooser },
+    { 0 }
+};
+
+static const SEC_ASN1Template sec_pkcs7_set_of_attribute_template[] = {
+    { SEC_ASN1_SET_OF, 0, sec_pkcs7_attribute_template },
+};
+
+/*
+ * If you are wondering why this routine does not reorder the attributes
+ * first, and might be tempted to make it do so, see the comment by the
+ * call to ReorderAttributes in p7encode.c.  (Or, see who else calls this
+ * and think long and hard about the implications of making it always
+ * do the reordering.)
+ */
+SECItem *
+sec_PKCS7EncodeAttributes(PLArenaPool *poolp, SECItem *dest, void *src)
+{
+    return SEC_ASN1EncodeItem(poolp, dest, src,
+                              sec_pkcs7_set_of_attribute_template);
+}
+
+/*
+ * Make sure that the order of the attributes guarantees valid DER
+ * (which must be in lexigraphically ascending order for a SET OF);
+ * if reordering is necessary it will be done in place (in attrs).
+ */
+SECStatus
+sec_PKCS7ReorderAttributes(SEC_PKCS7Attribute **attrs)
+{
+    PLArenaPool *poolp;
+    int num_attrs, i, pass, besti;
+    unsigned int j;
+    SECItem **enc_attrs;
+    SEC_PKCS7Attribute **new_attrs;
+
+    /*
+     * I think we should not be called with NULL.  But if we are,
+     * call it a success anyway, because the order *is* okay.
+     */
+    PORT_Assert(attrs != NULL);
+    if (attrs == NULL)
+        return SECSuccess;
+
+    /*
+     * Count how many attributes we are dealing with here.
+     */
+    num_attrs = 0;
+    while (attrs[num_attrs] != NULL)
+        num_attrs++;
+
+    /*
+     * Again, I think we should have some attributes here.
+     * But if we do not, or if there is only one, then call it
+     * a success because it also already has a fine order.
+     */
+    PORT_Assert(num_attrs);
+    if (num_attrs == 0 || num_attrs == 1)
+        return SECSuccess;
+
+    /*
+     * Allocate an arena for us to work with, so it is easy to
+     * clean up all of the memory (fairly small pieces, really).
+     */
+    poolp = PORT_NewArena(1024); /* XXX what is right value? */
+    if (poolp == NULL)
+        return SECFailure; /* no memory; nothing we can do... */
+
+    /*
+     * Allocate arrays to hold the individual encodings which we will use
+     * for comparisons and the reordered attributes as they are sorted.
+     */
+    enc_attrs = (SECItem **)PORT_ArenaZAlloc(poolp, num_attrs * sizeof(SECItem *));
+    new_attrs = (SEC_PKCS7Attribute **)PORT_ArenaZAlloc(poolp,
+                                                        num_attrs * sizeof(SEC_PKCS7Attribute *));
+    if (enc_attrs == NULL || new_attrs == NULL) {
+        PORT_FreeArena(poolp, PR_FALSE);
+        return SECFailure;
+    }
+
+    /*
+     * DER encode each individual attribute.
+     */
+    for (i = 0; i < num_attrs; i++) {
+        enc_attrs[i] = SEC_ASN1EncodeItem(poolp, NULL, attrs[i],
+                                          sec_pkcs7_attribute_template);
+        if (enc_attrs[i] == NULL) {
+            PORT_FreeArena(poolp, PR_FALSE);
+            return SECFailure;
+        }
+    }
+
+    /*
+     * Now compare and sort them; this is not the most efficient sorting
+     * method, but it is just fine for the problem at hand, because the
+     * number of attributes is (always) going to be small.
+     */
+    for (pass = 0; pass < num_attrs; pass++) {
+        /*
+         * Find the first not-yet-accepted attribute.  (Once one is
+         * sorted into the other array, it is cleared from enc_attrs.)
+         */
+        for (i = 0; i < num_attrs; i++) {
+            if (enc_attrs[i] != NULL)
+                break;
+        }
+        PORT_Assert(i < num_attrs);
+        besti = i;
+
+        /*
+         * Find the lowest (lexigraphically) encoding.  One that is
+         * shorter than all the rest is known to be "less" because each
+         * attribute is of the same type (a SEQUENCE) and so thus the
+         * first octet of each is the same, and the second octet is
+         * the length (or the length of the length with the high bit
+         * set, followed by the length, which also works out to always
+         * order the shorter first).  Two (or more) that have the
+         * same length need to be compared byte by byte until a mismatch
+         * is found.
+         */
+        for (i = besti + 1; i < num_attrs; i++) {
+            if (enc_attrs[i] == NULL) /* slot already handled */
+                continue;
+
+            if (enc_attrs[i]->len != enc_attrs[besti]->len) {
+                if (enc_attrs[i]->len < enc_attrs[besti]->len)
+                    besti = i;
+                continue;
+            }
+
+            for (j = 0; j < enc_attrs[i]->len; j++) {
+                if (enc_attrs[i]->data[j] < enc_attrs[besti]->data[j]) {
+                    besti = i;
+                    break;
+                }
+            }
+
+            /*
+             * For this not to be true, we would have to have encountered
+             * two *identical* attributes, which I think we should not see.
+             * So assert if it happens, but even if it does, let it go
+             * through; the ordering of the two does not matter.
+             */
+            PORT_Assert(j < enc_attrs[i]->len);
+        }
+
+        /*
+         * Now we have found the next-lowest one; copy it over and
+         * remove it from enc_attrs.
+         */
+        new_attrs[pass] = attrs[besti];
+        enc_attrs[besti] = NULL;
+    }
+
+    /*
+     * Now new_attrs has the attributes in the order we want;
+     * copy them back into the attrs array we started with.
+     */
+    for (i = 0; i < num_attrs; i++)
+        attrs[i] = new_attrs[i];
+
+    PORT_FreeArena(poolp, PR_FALSE);
+    return SECSuccess;
+}
+
+/*
+ * End of attribute stuff.
+ * -------------------------------------------------------------------
+ */
+
+/*
+ * Templates and stuff.  Keep these at the end of the file.
+ */
+
+/* forward declaration */
+static const SEC_ASN1Template *
+sec_pkcs7_choose_content_template(void *src_or_dest, PRBool encoding);
+
+static const SEC_ASN1TemplateChooserPtr sec_pkcs7_chooser = sec_pkcs7_choose_content_template;
+
+const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(SEC_PKCS7ContentInfo) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(SEC_PKCS7ContentInfo, contentType) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM | SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(SEC_PKCS7ContentInfo, content),
+      &sec_pkcs7_chooser },
+    { 0 }
+};
+
+/* XXX These names should change from external to internal convention. */
+
+static const SEC_ASN1Template SEC_PKCS7SignerInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SEC_PKCS7SignerInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(SEC_PKCS7SignerInfo, version) },
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7SignerInfo, issuerAndSN),
+      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7SignerInfo, digestAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(SEC_PKCS7SignerInfo, authAttr),
+      sec_pkcs7_set_of_attribute_template },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7SignerInfo, digestEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(SEC_PKCS7SignerInfo, encDigest) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(SEC_PKCS7SignerInfo, unAuthAttr),
+      sec_pkcs7_set_of_attribute_template },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_PKCS7SignedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(SEC_PKCS7SignedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(SEC_PKCS7SignedData, version) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7SignedData, digestAlgorithms),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_INLINE,
+      offsetof(SEC_PKCS7SignedData, contentInfo),
+      sec_PKCS7ContentInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(SEC_PKCS7SignedData, rawCerts),
+      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(SEC_PKCS7SignedData, crls),
+      SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
+    { SEC_ASN1_SET_OF,
+      offsetof(SEC_PKCS7SignedData, signerInfos),
+      SEC_PKCS7SignerInfoTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_PointerToPKCS7SignedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_PKCS7SignedDataTemplate }
+};
+
+static const SEC_ASN1Template SEC_PKCS7RecipientInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SEC_PKCS7RecipientInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(SEC_PKCS7RecipientInfo, version) },
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7RecipientInfo, issuerAndSN),
+      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7RecipientInfo, keyEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(SEC_PKCS7RecipientInfo, encKey) },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_PKCS7EncryptedContentInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(SEC_PKCS7EncryptedContentInfo) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(SEC_PKCS7EncryptedContentInfo, contentType) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7EncryptedContentInfo, contentEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_MAY_STREAM | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(SEC_PKCS7EncryptedContentInfo, encContent),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_PKCS7EnvelopedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(SEC_PKCS7EnvelopedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(SEC_PKCS7EnvelopedData, version) },
+    { SEC_ASN1_SET_OF,
+      offsetof(SEC_PKCS7EnvelopedData, recipientInfos),
+      SEC_PKCS7RecipientInfoTemplate },
+    { SEC_ASN1_INLINE,
+      offsetof(SEC_PKCS7EnvelopedData, encContentInfo),
+      SEC_PKCS7EncryptedContentInfoTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_PointerToPKCS7EnvelopedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_PKCS7EnvelopedDataTemplate }
+};
+
+static const SEC_ASN1Template SEC_PKCS7SignedAndEnvelopedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(SEC_PKCS7SignedAndEnvelopedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(SEC_PKCS7SignedAndEnvelopedData, version) },
+    { SEC_ASN1_SET_OF,
+      offsetof(SEC_PKCS7SignedAndEnvelopedData, recipientInfos),
+      SEC_PKCS7RecipientInfoTemplate },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7SignedAndEnvelopedData, digestAlgorithms),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_INLINE,
+      offsetof(SEC_PKCS7SignedAndEnvelopedData, encContentInfo),
+      SEC_PKCS7EncryptedContentInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(SEC_PKCS7SignedAndEnvelopedData, rawCerts),
+      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(SEC_PKCS7SignedAndEnvelopedData, crls),
+      SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
+    { SEC_ASN1_SET_OF,
+      offsetof(SEC_PKCS7SignedAndEnvelopedData, signerInfos),
+      SEC_PKCS7SignerInfoTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template
+    SEC_PointerToPKCS7SignedAndEnvelopedDataTemplate[] = {
+        { SEC_ASN1_POINTER, 0, SEC_PKCS7SignedAndEnvelopedDataTemplate }
+    };
+
+static const SEC_ASN1Template SEC_PKCS7DigestedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(SEC_PKCS7DigestedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(SEC_PKCS7DigestedData, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SEC_PKCS7DigestedData, digestAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_INLINE,
+      offsetof(SEC_PKCS7DigestedData, contentInfo),
+      sec_PKCS7ContentInfoTemplate },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(SEC_PKCS7DigestedData, digest) },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_PointerToPKCS7DigestedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_PKCS7DigestedDataTemplate }
+};
+
+static const SEC_ASN1Template SEC_PKCS7EncryptedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(SEC_PKCS7EncryptedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(SEC_PKCS7EncryptedData, version) },
+    { SEC_ASN1_INLINE,
+      offsetof(SEC_PKCS7EncryptedData, encContentInfo),
+      SEC_PKCS7EncryptedContentInfoTemplate },
+    { 0 }
+};
+
+static const SEC_ASN1Template SEC_PointerToPKCS7EncryptedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_PKCS7EncryptedDataTemplate }
+};
+
+static const SEC_ASN1Template *
+sec_pkcs7_choose_content_template(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    SEC_PKCS7ContentInfo *cinfo;
+    SECOidTag kind;
+
+    PORT_Assert(src_or_dest != NULL);
+    if (src_or_dest == NULL)
+        return NULL;
+
+    cinfo = (SEC_PKCS7ContentInfo *)src_or_dest;
+    kind = SEC_PKCS7ContentType(cinfo);
+    switch (kind) {
+        default:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
+            break;
+        case SEC_OID_PKCS7_DATA:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate);
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            theTemplate = SEC_PointerToPKCS7SignedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            theTemplate = SEC_PointerToPKCS7EnvelopedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
+            theTemplate = SEC_PointerToPKCS7SignedAndEnvelopedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            theTemplate = SEC_PointerToPKCS7DigestedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            theTemplate = SEC_PointerToPKCS7EncryptedDataTemplate;
+            break;
+    }
+    return theTemplate;
+}
+
+/*
+ * End of templates.  Do not add stuff after this; put new code
+ * up above the start of the template definitions.
+ */
diff --git a/nss/lib/pkcs7/p7local.h b/nss/lib/pkcs7/p7local.h
new file mode 100644
index 0000000..ad37c3a
--- /dev/null
+++ b/nss/lib/pkcs7/p7local.h
@@ -0,0 +1,137 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support routines for PKCS7 implementation, none of which are exported.
+ * This file should only contain things that are needed by both the
+ * encoding/creation side *and* the decoding/decryption side.  Anything
+ * else should just be static routines in the appropriate file.
+ *
+ * Do not export this file!  If something in here is really needed outside
+ * of pkcs7 code, first try to add a PKCS7 interface which will do it for
+ * you.  If that has a problem, then just move out what you need, changing
+ * its name as appropriate!
+ */
+
+#ifndef _P7LOCAL_H_
+#define _P7LOCAL_H_
+
+#include "secpkcs7.h"
+#include "secasn1t.h"
+
+extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
+
+/* opaque objects */
+typedef struct sec_pkcs7_cipher_object sec_PKCS7CipherObject;
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/*
+ * Look through a set of attributes and find one that matches the
+ * specified object ID.  If "only" is true, then make sure that
+ * there is not more than one attribute of the same type.  Otherwise,
+ * just return the first one found. (XXX Does anybody really want
+ * that first-found behavior?  It was like that when I found it...)
+ */
+extern SEC_PKCS7Attribute *sec_PKCS7FindAttribute(SEC_PKCS7Attribute **attrs,
+                                                  SECOidTag oidtag,
+                                                  PRBool only);
+/*
+ * Return the single attribute value, doing some sanity checking first:
+ * - Multiple values are *not* expected.
+ * - Empty values are *not* expected.
+ */
+extern SECItem *sec_PKCS7AttributeValue(SEC_PKCS7Attribute *attr);
+
+/*
+ * Encode a set of attributes (found in "src").
+ */
+extern SECItem *sec_PKCS7EncodeAttributes(PLArenaPool *poolp,
+                                          SECItem *dest, void *src);
+
+/*
+ * Make sure that the order of the attributes guarantees valid DER
+ * (which must be in lexigraphically ascending order for a SET OF);
+ * if reordering is necessary it will be done in place (in attrs).
+ */
+extern SECStatus sec_PKCS7ReorderAttributes(SEC_PKCS7Attribute **attrs);
+
+/*
+ * Create a context for decrypting, based on the given key and algorithm.
+ */
+extern sec_PKCS7CipherObject *
+sec_PKCS7CreateDecryptObject(PK11SymKey *key, SECAlgorithmID *algid);
+
+/*
+ * Create a context for encrypting, based on the given key and algorithm,
+ * and fill in the algorithm id.
+ */
+extern sec_PKCS7CipherObject *
+sec_PKCS7CreateEncryptObject(PLArenaPool *poolp, PK11SymKey *key,
+                             SECOidTag algtag, SECAlgorithmID *algid);
+
+/*
+ * Destroy the given decryption or encryption object.
+ */
+extern void sec_PKCS7DestroyDecryptObject(sec_PKCS7CipherObject *obj);
+extern void sec_PKCS7DestroyEncryptObject(sec_PKCS7CipherObject *obj);
+
+/*
+ * What will be the output length of the next call to encrypt/decrypt?
+ * Result can be used to perform memory allocations.  Note that the amount
+ * is exactly accurate only when not doing a block cipher or when final
+ * is false, otherwise it is an upper bound on the amount because until
+ * we see the data we do not know how many padding bytes there are
+ * (always between 1 and the cipher block size).
+ *
+ * Note that this can return zero, which does not mean that the cipher
+ * operation can be skipped!  (It simply means that there are not enough
+ * bytes to make up an entire block; the bytes will be reserved until
+ * there are enough to encrypt/decrypt at least one block.)  However,
+ * if zero is returned it *does* mean that no output buffer need be
+ * passed in to the subsequent cipher operation, as no output bytes
+ * will be stored.
+ */
+extern unsigned int sec_PKCS7DecryptLength(sec_PKCS7CipherObject *obj,
+                                           unsigned int input_len,
+                                           PRBool final);
+extern unsigned int sec_PKCS7EncryptLength(sec_PKCS7CipherObject *obj,
+                                           unsigned int input_len,
+                                           PRBool final);
+
+/*
+ * Decrypt a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the decrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "obj" is the return value from sec_PKCS7CreateDecryptObject.
+ * When "final" is true, this is the last of the data to be decrypted.
+ */
+extern SECStatus sec_PKCS7Decrypt(sec_PKCS7CipherObject *obj,
+                                  unsigned char *output,
+                                  unsigned int *output_len_p,
+                                  unsigned int max_output_len,
+                                  const unsigned char *input,
+                                  unsigned int input_len,
+                                  PRBool final);
+
+/*
+ * Encrypt a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the encrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "obj" is the return value from sec_PKCS7CreateEncryptObject.
+ * When "final" is true, this is the last of the data to be encrypted.
+ */
+extern SECStatus sec_PKCS7Encrypt(sec_PKCS7CipherObject *obj,
+                                  unsigned char *output,
+                                  unsigned int *output_len_p,
+                                  unsigned int max_output_len,
+                                  const unsigned char *input,
+                                  unsigned int input_len,
+                                  PRBool final);
+
+/************************************************************************/
+SEC_END_PROTOS
+
+#endif /* _P7LOCAL_H_ */
diff --git a/nss/lib/pkcs7/pkcs7.gyp b/nss/lib/pkcs7/pkcs7.gyp
new file mode 100644
index 0000000..8a73a29
--- /dev/null
+++ b/nss/lib/pkcs7/pkcs7.gyp
@@ -0,0 +1,29 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'pkcs7',
+      'type': 'static_library',
+      'sources': [
+        'certread.c',
+        'p7common.c',
+        'p7create.c',
+        'p7decode.c',
+        'p7encode.c',
+        'p7local.c',
+        'secmime.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/pkcs7/pkcs7t.h b/nss/lib/pkcs7/pkcs7t.h
new file mode 100644
index 0000000..4ef8902
--- /dev/null
+++ b/nss/lib/pkcs7/pkcs7t.h
@@ -0,0 +1,233 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Header for pkcs7 types.
+ */
+
+#ifndef _PKCS7T_H_
+#define _PKCS7T_H_
+
+#include "plarena.h"
+
+#include "seccomon.h"
+#include "secoidt.h"
+#include "certt.h"
+#include "secmodt.h"
+
+/* Opaque objects */
+typedef struct SEC_PKCS7DecoderContextStr SEC_PKCS7DecoderContext;
+typedef struct SEC_PKCS7EncoderContextStr SEC_PKCS7EncoderContext;
+
+/* legacy defines that haven't been active for years */
+typedef void *(*SECKEYGetPasswordKey)(void *arg, void *handle);
+
+/* Non-opaque objects.  NOTE, though: I want them to be treated as
+ * opaque as much as possible.  If I could hide them completely,
+ * I would.  (I tried, but ran into trouble that was taking me too
+ * much time to get out of.)  I still intend to try to do so.
+ * In fact, the only type that "outsiders" should even *name* is
+ * SEC_PKCS7ContentInfo, and they should not reference its fields.
+ */
+/* rjr: PKCS #11 cert handling (pk11cert.c) does use SEC_PKCS7RecipientInfo's.
+ * This is because when we search the recipient list for the cert and key we
+ * want, we need to invert the order of the loops we used to have. The old
+ * loops were:
+ *
+ *  For each recipient {
+ *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
+ *       [which unrolls to... ]
+ *       For each slot {
+ *            Log into slot;
+ *            search slot for cert;
+ *      }
+ *  }
+ *
+ *  the new loop searchs all the recipients at once on a slot. this allows
+ *  PKCS #11 to order slots in such a way that logout slots don't get checked
+ *  if we can find the cert on a logged in slot. This eliminates lots of
+ *  spurious password prompts when smart cards are installed... so why this
+ *  comment? If you make SEC_PKCS7RecipientInfo completely opaque, you need
+ *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
+ *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
+ *  function.
+ */
+typedef struct SEC_PKCS7ContentInfoStr SEC_PKCS7ContentInfo;
+typedef struct SEC_PKCS7SignedDataStr SEC_PKCS7SignedData;
+typedef struct SEC_PKCS7EncryptedContentInfoStr SEC_PKCS7EncryptedContentInfo;
+typedef struct SEC_PKCS7EnvelopedDataStr SEC_PKCS7EnvelopedData;
+typedef struct SEC_PKCS7SignedAndEnvelopedDataStr
+    SEC_PKCS7SignedAndEnvelopedData;
+typedef struct SEC_PKCS7SignerInfoStr SEC_PKCS7SignerInfo;
+typedef struct SEC_PKCS7RecipientInfoStr SEC_PKCS7RecipientInfo;
+typedef struct SEC_PKCS7DigestedDataStr SEC_PKCS7DigestedData;
+typedef struct SEC_PKCS7EncryptedDataStr SEC_PKCS7EncryptedData;
+/*
+ * The following is not actually a PKCS7 type, but for now it is only
+ * used by PKCS7, so we have adopted it.  If someone else *ever* needs
+ * it, its name should be changed and it should be moved out of here.
+ * Do not dare to use it without doing so!
+ */
+typedef struct SEC_PKCS7AttributeStr SEC_PKCS7Attribute;
+
+struct SEC_PKCS7ContentInfoStr {
+    PLArenaPool *poolp;         /* local; not part of encoding */
+    PRBool created;             /* local; not part of encoding */
+    int refCount;               /* local; not part of encoding */
+    SECOidData *contentTypeTag; /* local; not part of encoding */
+    SECKEYGetPasswordKey pwfn;  /* local; not part of encoding */
+    void *pwfn_arg;             /* local; not part of encoding */
+    SECItem contentType;
+    union {
+        SECItem *data;
+        SEC_PKCS7DigestedData *digestedData;
+        SEC_PKCS7EncryptedData *encryptedData;
+        SEC_PKCS7EnvelopedData *envelopedData;
+        SEC_PKCS7SignedData *signedData;
+        SEC_PKCS7SignedAndEnvelopedData *signedAndEnvelopedData;
+    } content;
+};
+
+struct SEC_PKCS7SignedDataStr {
+    SECItem version;
+    SECAlgorithmID **digestAlgorithms;
+    SEC_PKCS7ContentInfo contentInfo;
+    SECItem **rawCerts;
+    CERTSignedCrl **crls;
+    SEC_PKCS7SignerInfo **signerInfos;
+    SECItem **digests;               /* local; not part of encoding */
+    CERTCertificate **certs;         /* local; not part of encoding */
+    CERTCertificateList **certLists; /* local; not part of encoding */
+};
+#define SEC_PKCS7_SIGNED_DATA_VERSION 1 /* what we *create* */
+
+struct SEC_PKCS7EncryptedContentInfoStr {
+    SECOidData *contentTypeTag; /* local; not part of encoding */
+    SECItem contentType;
+    SECAlgorithmID contentEncAlg;
+    SECItem encContent;
+    SECItem plainContent; /* local; not part of encoding */
+                          /* bytes not encrypted, but encoded */
+    int keysize;          /* local; not part of encoding */
+                          /* size of bulk encryption key
+                           * (only used by creation code) */
+    SECOidTag encalg;     /* local; not part of encoding */
+                          /* oid tag of encryption algorithm
+                           * (only used by creation code) */
+};
+
+struct SEC_PKCS7EnvelopedDataStr {
+    SECItem version;
+    SEC_PKCS7RecipientInfo **recipientInfos;
+    SEC_PKCS7EncryptedContentInfo encContentInfo;
+};
+#define SEC_PKCS7_ENVELOPED_DATA_VERSION 0 /* what we *create* */
+
+struct SEC_PKCS7SignedAndEnvelopedDataStr {
+    SECItem version;
+    SEC_PKCS7RecipientInfo **recipientInfos;
+    SECAlgorithmID **digestAlgorithms;
+    SEC_PKCS7EncryptedContentInfo encContentInfo;
+    SECItem **rawCerts;
+    CERTSignedCrl **crls;
+    SEC_PKCS7SignerInfo **signerInfos;
+    SECItem **digests;               /* local; not part of encoding */
+    CERTCertificate **certs;         /* local; not part of encoding */
+    CERTCertificateList **certLists; /* local; not part of encoding */
+    PK11SymKey *sigKey;              /* local; not part of encoding */
+};
+#define SEC_PKCS7_SIGNED_AND_ENVELOPED_DATA_VERSION 1 /* what we *create* */
+
+struct SEC_PKCS7SignerInfoStr {
+    SECItem version;
+    CERTIssuerAndSN *issuerAndSN;
+    SECAlgorithmID digestAlg;
+    SEC_PKCS7Attribute **authAttr;
+    SECAlgorithmID digestEncAlg;
+    SECItem encDigest;
+    SEC_PKCS7Attribute **unAuthAttr;
+    CERTCertificate *cert;         /* local; not part of encoding */
+    CERTCertificateList *certList; /* local; not part of encoding */
+};
+#define SEC_PKCS7_SIGNER_INFO_VERSION 1 /* what we *create* */
+
+struct SEC_PKCS7RecipientInfoStr {
+    SECItem version;
+    CERTIssuerAndSN *issuerAndSN;
+    SECAlgorithmID keyEncAlg;
+    SECItem encKey;
+    CERTCertificate *cert; /* local; not part of encoding */
+};
+#define SEC_PKCS7_RECIPIENT_INFO_VERSION 0 /* what we *create* */
+
+struct SEC_PKCS7DigestedDataStr {
+    SECItem version;
+    SECAlgorithmID digestAlg;
+    SEC_PKCS7ContentInfo contentInfo;
+    SECItem digest;
+};
+#define SEC_PKCS7_DIGESTED_DATA_VERSION 0 /* what we *create* */
+
+struct SEC_PKCS7EncryptedDataStr {
+    SECItem version;
+    SEC_PKCS7EncryptedContentInfo encContentInfo;
+};
+#define SEC_PKCS7_ENCRYPTED_DATA_VERSION 0 /* what we *create* */
+
+/*
+ * See comment above about this type not really belonging to PKCS7.
+ */
+struct SEC_PKCS7AttributeStr {
+    /* The following fields make up an encoded Attribute: */
+    SECItem type;
+    SECItem **values; /* data may or may not be encoded */
+    /* The following fields are not part of an encoded Attribute: */
+    SECOidData *typeTag;
+    PRBool encoded; /* when true, values are encoded */
+};
+
+/*
+ * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
+ * If specified, this is where the content bytes (only) will be "sent"
+ * as they are recovered during the decoding.
+ *
+ * XXX Should just combine this with SEC_PKCS7EncoderContentCallback type
+ * and use a simpler, common name.
+ */
+typedef void (*SEC_PKCS7DecoderContentCallback)(void *arg,
+                                                const char *buf,
+                                                unsigned long len);
+
+/*
+ * Type of function passed to SEC_PKCS7Encode or SEC_PKCS7EncoderStart.
+ * This is where the encoded bytes will be "sent".
+ *
+ * XXX Should just combine this with SEC_PKCS7DecoderContentCallback type
+ * and use a simpler, common name.
+ */
+typedef void (*SEC_PKCS7EncoderOutputCallback)(void *arg,
+                                               const char *buf,
+                                               unsigned long len);
+
+/*
+ * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart
+ * to retrieve the decryption key.  This function is inteded to be
+ * used for EncryptedData content info's which do not have a key available
+ * in a certificate, etc.
+ */
+typedef PK11SymKey *(*SEC_PKCS7GetDecryptKeyCallback)(void *arg,
+                                                      SECAlgorithmID *algid);
+
+/*
+ * Type of function passed to SEC_PKCS7Decode or SEC_PKCS7DecoderStart.
+ * This function in intended to be used to verify that decrypting a
+ * particular crypto algorithm is allowed.  Content types which do not
+ * require decryption will not need the callback.  If the callback
+ * is not specified for content types which require decryption, the
+ * decryption will be disallowed.
+ */
+typedef PRBool (*SEC_PKCS7DecryptionAllowedCallback)(SECAlgorithmID *algid,
+                                                     PK11SymKey *bulkkey);
+
+#endif /* _PKCS7T_H_ */
diff --git a/nss/lib/pkcs7/secmime.c b/nss/lib/pkcs7/secmime.c
new file mode 100644
index 0000000..ca1046a
--- /dev/null
+++ b/nss/lib/pkcs7/secmime.c
@@ -0,0 +1,800 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Stuff specific to S/MIME policy and interoperability.
+ * Depends on PKCS7, but there should be no dependency the other way around.
+ */
+
+#include "secmime.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "ciferfam.h" /* for CIPHER_FAMILY symbols */
+#include "secasn1.h"
+#include "secitem.h"
+#include "cert.h"
+#include "key.h"
+#include "secerr.h"
+
+typedef struct smime_cipher_map_struct {
+    unsigned long cipher;
+    SECOidTag algtag;
+    SECItem *parms;
+} smime_cipher_map;
+
+/*
+ * These are macros because I think some subsequent parameters,
+ * like those for RC5, will want to use them, too, separately.
+ */
+#define SMIME_DER_INTVAL_16 SEC_ASN1_INTEGER, 0x01, 0x10
+#define SMIME_DER_INTVAL_40 SEC_ASN1_INTEGER, 0x01, 0x28
+#define SMIME_DER_INTVAL_64 SEC_ASN1_INTEGER, 0x01, 0x40
+#define SMIME_DER_INTVAL_128 SEC_ASN1_INTEGER, 0x02, 0x00, 0x80
+
+#ifdef SMIME_DOES_RC5 /* will be needed; quiet unused warning for now */
+static unsigned char smime_int16[] = { SMIME_DER_INTVAL_16 };
+#endif
+static unsigned char smime_int40[] = { SMIME_DER_INTVAL_40 };
+static unsigned char smime_int64[] = { SMIME_DER_INTVAL_64 };
+static unsigned char smime_int128[] = { SMIME_DER_INTVAL_128 };
+
+static SECItem smime_rc2p40 = { siBuffer, smime_int40, sizeof(smime_int40) };
+static SECItem smime_rc2p64 = { siBuffer, smime_int64, sizeof(smime_int64) };
+static SECItem smime_rc2p128 = { siBuffer, smime_int128, sizeof(smime_int128) };
+
+static smime_cipher_map smime_cipher_maps[] = {
+    { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, &smime_rc2p40 },
+    { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, &smime_rc2p64 },
+    { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, &smime_rc2p128 },
+#ifdef SMIME_DOES_RC5
+    { SMIME_RC5PAD_64_16_40, SEC_OID_RC5_CBC_PAD, &smime_rc5p40 },
+    { SMIME_RC5PAD_64_16_64, SEC_OID_RC5_CBC_PAD, &smime_rc5p64 },
+    { SMIME_RC5PAD_64_16_128, SEC_OID_RC5_CBC_PAD, &smime_rc5p128 },
+#endif
+    { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL },
+    { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL }
+};
+
+/*
+ * Note, the following value really just needs to be an upper bound
+ * on the ciphers.
+ */
+static const int smime_symmetric_count = sizeof(smime_cipher_maps) / sizeof(smime_cipher_map);
+
+static unsigned long *smime_prefs, *smime_newprefs;
+static int smime_current_pref_index = 0;
+static PRBool smime_prefs_complete = PR_FALSE;
+static PRBool smime_prefs_changed = PR_TRUE;
+
+static unsigned long smime_policy_bits = 0;
+
+static int
+smime_mapi_by_cipher(unsigned long cipher)
+{
+    int i;
+
+    for (i = 0; i < smime_symmetric_count; i++) {
+        if (smime_cipher_maps[i].cipher == cipher)
+            break;
+    }
+
+    if (i == smime_symmetric_count)
+        return -1;
+
+    return i;
+}
+
+/*
+ * this function locally records the user's preference
+ */
+SECStatus
+SECMIME_EnableCipher(long which, int on)
+{
+    unsigned long mask;
+
+    if (smime_newprefs == NULL || smime_prefs_complete) {
+        /*
+         * This is either the very first time, or we are starting over.
+         */
+        smime_newprefs = (unsigned long *)PORT_ZAlloc(smime_symmetric_count * sizeof(*smime_newprefs));
+        if (smime_newprefs == NULL)
+            return SECFailure;
+        smime_current_pref_index = 0;
+        smime_prefs_complete = PR_FALSE;
+    }
+
+    mask = which & CIPHER_FAMILYID_MASK;
+    if (mask == CIPHER_FAMILYID_MASK) {
+        /*
+         * This call signifies that all preferences have been set.
+         * Move "newprefs" over, after checking first whether or
+         * not the new ones are different from the old ones.
+         */
+        if (smime_prefs != NULL) {
+            if (PORT_Memcmp(smime_prefs, smime_newprefs,
+                            smime_symmetric_count * sizeof(*smime_prefs)) == 0)
+                smime_prefs_changed = PR_FALSE;
+            else
+                smime_prefs_changed = PR_TRUE;
+            PORT_Free(smime_prefs);
+        }
+
+        smime_prefs = smime_newprefs;
+        smime_prefs_complete = PR_TRUE;
+        return SECSuccess;
+    }
+
+    PORT_Assert(mask == CIPHER_FAMILYID_SMIME);
+    if (mask != CIPHER_FAMILYID_SMIME) {
+        /* XXX set an error! */
+        return SECFailure;
+    }
+
+    if (on) {
+        PORT_Assert(smime_current_pref_index < smime_symmetric_count);
+        if (smime_current_pref_index >= smime_symmetric_count) {
+            /* XXX set an error! */
+            return SECFailure;
+        }
+
+        smime_newprefs[smime_current_pref_index++] = which;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * this function locally records the export policy
+ */
+SECStatus
+SECMIME_SetPolicy(long which, int on)
+{
+    unsigned long mask;
+
+    PORT_Assert((which & CIPHER_FAMILYID_MASK) == CIPHER_FAMILYID_SMIME);
+    if ((which & CIPHER_FAMILYID_MASK) != CIPHER_FAMILYID_SMIME) {
+        /* XXX set an error! */
+        return SECFailure;
+    }
+
+    which &= ~CIPHER_FAMILYID_MASK;
+
+    PORT_Assert(which < 32); /* bits in the long */
+    if (which >= 32) {
+        /* XXX set an error! */
+        return SECFailure;
+    }
+
+    mask = 1UL << which;
+
+    if (on) {
+        smime_policy_bits |= mask;
+    } else {
+        smime_policy_bits &= ~mask;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Based on the given algorithm (including its parameters, in some cases!)
+ * and the given key (may or may not be inspected, depending on the
+ * algorithm), find the appropriate policy algorithm specification
+ * and return it.  If no match can be made, -1 is returned.
+ */
+static long
+smime_policy_algorithm(SECAlgorithmID *algid, PK11SymKey *key)
+{
+    SECOidTag algtag;
+
+    algtag = SECOID_GetAlgorithmTag(algid);
+    switch (algtag) {
+        case SEC_OID_RC2_CBC: {
+            unsigned int keylen_bits;
+
+            keylen_bits = PK11_GetKeyStrength(key, algid);
+            switch (keylen_bits) {
+                case 40:
+                    return SMIME_RC2_CBC_40;
+                case 64:
+                    return SMIME_RC2_CBC_64;
+                case 128:
+                    return SMIME_RC2_CBC_128;
+                default:
+                    break;
+            }
+        } break;
+        case SEC_OID_DES_CBC:
+            return SMIME_DES_CBC_56;
+        case SEC_OID_DES_EDE3_CBC:
+            return SMIME_DES_EDE3_168;
+#ifdef SMIME_DOES_RC5
+        case SEC_OID_RC5_CBC_PAD:
+            PORT_Assert(0); /* XXX need to pull out parameters and match */
+            break;
+#endif
+        default:
+            break;
+    }
+
+    return -1;
+}
+
+static PRBool
+smime_cipher_allowed(unsigned long which)
+{
+    unsigned long mask;
+
+    which &= ~CIPHER_FAMILYID_MASK;
+    PORT_Assert(which < 32); /* bits per long (min) */
+    if (which >= 32)
+        return PR_FALSE;
+
+    mask = 1UL << which;
+    if ((mask & smime_policy_bits) == 0)
+        return PR_FALSE;
+
+    return PR_TRUE;
+}
+
+PRBool
+SECMIME_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key)
+{
+    long which;
+
+    which = smime_policy_algorithm(algid, key);
+    if (which < 0)
+        return PR_FALSE;
+
+    return smime_cipher_allowed((unsigned long)which);
+}
+
+/*
+ * Does the current policy allow *any* S/MIME encryption (or decryption)?
+ *
+ * This tells whether or not *any* S/MIME encryption can be done,
+ * according to policy.  Callers may use this to do nicer user interface
+ * (say, greying out a checkbox so a user does not even try to encrypt
+ * a message when they are not allowed to) or for any reason they want
+ * to check whether S/MIME encryption (or decryption, for that matter)
+ * may be done.
+ *
+ * It takes no arguments.  The return value is a simple boolean:
+ *   PR_TRUE means encryption (or decryption) is *possible*
+ *      (but may still fail due to other reasons, like because we cannot
+ *      find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
+ *   PR_FALSE means encryption (or decryption) is not permitted
+ *
+ * There are no errors from this routine.
+ */
+PRBool
+SECMIME_EncryptionPossible(void)
+{
+    if (smime_policy_bits != 0)
+        return PR_TRUE;
+
+    return PR_FALSE;
+}
+
+/*
+ * XXX Would like the "parameters" field to be a SECItem *, but the
+ * encoder is having trouble with optional pointers to an ANY.  Maybe
+ * once that is fixed, can change this back...
+ */
+typedef struct smime_capability_struct {
+    unsigned long cipher; /* local; not part of encoding */
+    SECOidTag capIDTag;   /* local; not part of encoding */
+    SECItem capabilityID;
+    SECItem parameters;
+} smime_capability;
+
+static const SEC_ASN1Template smime_capability_template[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(smime_capability) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(smime_capability, capabilityID) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
+      offsetof(smime_capability, parameters) },
+    { 0 }
+};
+
+static const SEC_ASN1Template smime_capabilities_template[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, smime_capability_template }
+};
+
+static void
+smime_fill_capability(smime_capability *cap)
+{
+    unsigned long cipher;
+    SECOidTag algtag;
+    int i;
+
+    algtag = SECOID_FindOIDTag(&(cap->capabilityID));
+
+    for (i = 0; i < smime_symmetric_count; i++) {
+        if (smime_cipher_maps[i].algtag != algtag)
+            continue;
+        /*
+         * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
+         * 2 NULLs as equal and NULL and non-NULL as not equal), we could
+         * use that here instead of all of the following comparison code.
+         */
+        if (cap->parameters.data != NULL) {
+            if (smime_cipher_maps[i].parms == NULL)
+                continue;
+            if (cap->parameters.len != smime_cipher_maps[i].parms->len)
+                continue;
+            if (PORT_Memcmp(cap->parameters.data,
+                            smime_cipher_maps[i].parms->data,
+                            cap->parameters.len) == 0)
+                break;
+        } else if (smime_cipher_maps[i].parms == NULL) {
+            break;
+        }
+    }
+
+    if (i == smime_symmetric_count)
+        cipher = 0;
+    else
+        cipher = smime_cipher_maps[i].cipher;
+
+    cap->cipher = cipher;
+    cap->capIDTag = algtag;
+}
+
+static long
+smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts)
+{
+    PLArenaPool *poolp;
+    long chosen_cipher;
+    int *cipher_abilities;
+    int *cipher_votes;
+    int strong_mapi;
+    int rcount, mapi, max;
+
+    if (smime_policy_bits == 0) {
+        PORT_SetError(SEC_ERROR_BAD_EXPORT_ALGORITHM);
+        return -1;
+    }
+
+    chosen_cipher = SMIME_RC2_CBC_40; /* the default, LCD */
+
+    poolp = PORT_NewArena(1024); /* XXX what is right value? */
+    if (poolp == NULL)
+        goto done;
+
+    cipher_abilities = (int *)PORT_ArenaZAlloc(poolp,
+                                               smime_symmetric_count * sizeof(int));
+    if (cipher_abilities == NULL)
+        goto done;
+
+    cipher_votes = (int *)PORT_ArenaZAlloc(poolp,
+                                           smime_symmetric_count * sizeof(int));
+    if (cipher_votes == NULL)
+        goto done;
+
+    /*
+     * XXX Should have a #define somewhere which specifies default
+     * strong cipher.  (Or better, a way to configure.)
+     */
+
+    /* Make triple-DES the strong cipher. */
+    strong_mapi = smime_mapi_by_cipher(SMIME_DES_EDE3_168);
+
+    PORT_Assert(strong_mapi >= 0);
+
+    for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
+        SECItem *profile;
+        smime_capability **caps;
+        int capi, pref;
+        SECStatus dstat;
+
+        pref = smime_symmetric_count;
+        profile = CERT_FindSMimeProfile(rcerts[rcount]);
+        if (profile != NULL && profile->data != NULL && profile->len > 0) {
+            caps = NULL;
+            dstat = SEC_QuickDERDecodeItem(poolp, &caps,
+                                           smime_capabilities_template,
+                                           profile);
+            if (dstat == SECSuccess && caps != NULL) {
+                for (capi = 0; caps[capi] != NULL; capi++) {
+                    smime_fill_capability(caps[capi]);
+                    mapi = smime_mapi_by_cipher(caps[capi]->cipher);
+                    if (mapi >= 0) {
+                        cipher_abilities[mapi]++;
+                        cipher_votes[mapi] += pref;
+                        --pref;
+                    }
+                }
+            }
+        } else {
+            SECKEYPublicKey *key;
+            unsigned int pklen_bits;
+
+            /*
+             * XXX This is probably only good for RSA keys.  What I would
+             * really like is a function to just say;  Is the public key in
+             * this cert an export-length key?  Then I would not have to
+             * know things like the value 512, or the kind of key, or what
+             * a subjectPublicKeyInfo is, etc.
+             */
+            key = CERT_ExtractPublicKey(rcerts[rcount]);
+            if (key != NULL) {
+                pklen_bits = SECKEY_PublicKeyStrength(key) * 8;
+                SECKEY_DestroyPublicKey(key);
+
+                if (pklen_bits > 512) {
+                    cipher_abilities[strong_mapi]++;
+                    cipher_votes[strong_mapi] += pref;
+                }
+            }
+        }
+        if (profile != NULL)
+            SECITEM_FreeItem(profile, PR_TRUE);
+    }
+
+    max = 0;
+    for (mapi = 0; mapi < smime_symmetric_count; mapi++) {
+        if (cipher_abilities[mapi] != rcount)
+            continue;
+        if (!smime_cipher_allowed(smime_cipher_maps[mapi].cipher))
+            continue;
+        if (cipher_votes[mapi] > max) {
+            chosen_cipher = smime_cipher_maps[mapi].cipher;
+            max = cipher_votes[mapi];
+        } /* XXX else if a tie, let scert break it? */
+    }
+
+done:
+    if (poolp != NULL)
+        PORT_FreeArena(poolp, PR_FALSE);
+
+    return chosen_cipher;
+}
+
+/*
+ * XXX This is a hack for now to satisfy our current interface.
+ * Eventually, with more parameters needing to be specified, just
+ * looking up the keysize is not going to be sufficient.
+ */
+static int
+smime_keysize_by_cipher(unsigned long which)
+{
+    int keysize;
+
+    switch (which) {
+        case SMIME_RC2_CBC_40:
+            keysize = 40;
+            break;
+        case SMIME_RC2_CBC_64:
+            keysize = 64;
+            break;
+        case SMIME_RC2_CBC_128:
+            keysize = 128;
+            break;
+#ifdef SMIME_DOES_RC5
+        case SMIME_RC5PAD_64_16_40:
+        case SMIME_RC5PAD_64_16_64:
+        case SMIME_RC5PAD_64_16_128:
+            /* XXX See comment above; keysize is not enough... */
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            keysize = -1;
+            break;
+#endif
+        case SMIME_DES_CBC_56:
+        case SMIME_DES_EDE3_168:
+            /*
+             * These are special; since the key size is fixed, we actually
+             * want to *avoid* specifying a key size.
+             */
+            keysize = 0;
+            break;
+        default:
+            keysize = -1;
+            break;
+    }
+
+    return keysize;
+}
+
+/*
+ * Start an S/MIME encrypting context.
+ *
+ * "scert" is the cert for the sender.  It will be checked for validity.
+ * "rcerts" are the certs for the recipients.  They will also be checked.
+ *
+ * "certdb" is the cert database to use for verifying the certs.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * This function already does all of the stuff specific to S/MIME protocol
+ * and local policy; the return value just needs to be passed to
+ * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
+ * and finally to SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+SEC_PKCS7ContentInfo *
+SECMIME_CreateEncrypted(CERTCertificate *scert,
+                        CERTCertificate **rcerts,
+                        CERTCertDBHandle *certdb,
+                        SECKEYGetPasswordKey pwfn,
+                        void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    long cipher;
+    SECOidTag encalg;
+    int keysize;
+    int mapi, rci;
+
+    cipher = smime_choose_cipher(scert, rcerts);
+    if (cipher < 0)
+        return NULL;
+
+    mapi = smime_mapi_by_cipher(cipher);
+    if (mapi < 0)
+        return NULL;
+
+    /*
+     * XXX This is stretching it -- CreateEnvelopedData should probably
+     * take a cipher itself of some sort, because we cannot know what the
+     * future will bring in terms of parameters for each type of algorithm.
+     * For example, just an algorithm and keysize is *not* sufficient to
+     * fully specify the usage of RC5 (which also needs to know rounds and
+     * block size).  Work this out into a better API!
+     */
+    encalg = smime_cipher_maps[mapi].algtag;
+    keysize = smime_keysize_by_cipher(cipher);
+    if (keysize < 0)
+        return NULL;
+
+    cinfo = SEC_PKCS7CreateEnvelopedData(scert, certUsageEmailRecipient,
+                                         certdb, encalg, keysize,
+                                         pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    for (rci = 0; rcerts[rci] != NULL; rci++) {
+        if (rcerts[rci] == scert)
+            continue;
+        if (SEC_PKCS7AddRecipient(cinfo, rcerts[rci], certUsageEmailRecipient,
+                                  NULL) != SECSuccess) {
+            SEC_PKCS7DestroyContentInfo(cinfo);
+            return NULL;
+        }
+    }
+
+    return cinfo;
+}
+
+static smime_capability **smime_capabilities;
+static SECItem *smime_encoded_caps;
+
+static SECStatus
+smime_init_caps(void)
+{
+    smime_capability *cap;
+    smime_cipher_map *map;
+    SECOidData *oiddata;
+    SECStatus rv;
+    int i;
+
+    if (smime_encoded_caps != NULL && (!smime_prefs_changed))
+        return SECSuccess;
+
+    if (smime_encoded_caps != NULL) {
+        SECITEM_FreeItem(smime_encoded_caps, PR_TRUE);
+        smime_encoded_caps = NULL;
+    }
+
+    if (smime_capabilities == NULL) {
+        smime_capabilities = (smime_capability **)PORT_ZAlloc(
+            (smime_symmetric_count + 1) * sizeof(smime_capability *));
+        if (smime_capabilities == NULL)
+            return SECFailure;
+    }
+
+    rv = SECFailure;
+
+    /*
+       The process of creating the encoded PKCS7 cipher capability list
+       involves two basic steps:
+
+       (a) Convert our internal representation of cipher preferences
+           (smime_prefs) into an array containing cipher OIDs and
+           parameter data (smime_capabilities). This step is
+           performed here.
+
+       (b) Encode, using ASN.1, the cipher information in
+           smime_capabilities, leaving the encoded result in
+           smime_encoded_caps.
+
+       (In the process of performing (a), Lisa put in some optimizations
+       which allow us to avoid needlessly re-populating elements in
+       smime_capabilities as we walk through smime_prefs.)
+    */
+    for (i = 0; i < smime_current_pref_index; i++) {
+        int mapi;
+
+        /* Get the next cipher preference in smime_prefs. */
+        mapi = smime_mapi_by_cipher(smime_prefs[i]);
+        if (mapi < 0)
+            break;
+
+        /* Find the corresponding entry in the cipher map. */
+        PORT_Assert(mapi < smime_symmetric_count);
+        map = &(smime_cipher_maps[mapi]);
+
+        /*
+         * Convert the next preference found in smime_prefs into an
+         * smime_capability.
+         */
+
+        cap = smime_capabilities[i];
+        if (cap == NULL) {
+            cap = (smime_capability *)PORT_ZAlloc(sizeof(smime_capability));
+            if (cap == NULL)
+                break;
+            smime_capabilities[i] = cap;
+        } else if (cap->cipher == smime_prefs[i]) {
+            continue; /* no change to this one */
+        }
+
+        cap->capIDTag = map->algtag;
+        oiddata = SECOID_FindOIDByTag(map->algtag);
+        if (oiddata == NULL)
+            break;
+
+        if (cap->capabilityID.data != NULL) {
+            SECITEM_FreeItem(&(cap->capabilityID), PR_FALSE);
+            cap->capabilityID.data = NULL;
+            cap->capabilityID.len = 0;
+        }
+
+        rv = SECITEM_CopyItem(NULL, &(cap->capabilityID), &(oiddata->oid));
+        if (rv != SECSuccess)
+            break;
+
+        if (map->parms == NULL) {
+            cap->parameters.data = NULL;
+            cap->parameters.len = 0;
+        } else {
+            cap->parameters.data = map->parms->data;
+            cap->parameters.len = map->parms->len;
+        }
+
+        cap->cipher = smime_prefs[i];
+    }
+
+    if (i != smime_current_pref_index)
+        return rv;
+
+    while (i < smime_symmetric_count) {
+        cap = smime_capabilities[i];
+        if (cap != NULL) {
+            SECITEM_FreeItem(&(cap->capabilityID), PR_FALSE);
+            PORT_Free(cap);
+        }
+        smime_capabilities[i] = NULL;
+        i++;
+    }
+    smime_capabilities[i] = NULL;
+
+    smime_encoded_caps = SEC_ASN1EncodeItem(NULL, NULL, &smime_capabilities,
+                                            smime_capabilities_template);
+    if (smime_encoded_caps == NULL)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+static SECStatus
+smime_add_profile(CERTCertificate *cert, SEC_PKCS7ContentInfo *cinfo)
+{
+    PORT_Assert(smime_prefs_complete);
+    if (!smime_prefs_complete)
+        return SECFailure;
+
+    /* For that matter, if capabilities haven't been initialized yet,
+       do so now. */
+    if (smime_encoded_caps == NULL || smime_prefs_changed) {
+        SECStatus rv;
+
+        rv = smime_init_caps();
+        if (rv != SECSuccess)
+            return rv;
+
+        PORT_Assert(smime_encoded_caps != NULL);
+    }
+
+    return SEC_PKCS7AddSignedAttribute(cinfo, SEC_OID_PKCS9_SMIME_CAPABILITIES,
+                                       smime_encoded_caps);
+}
+
+/*
+ * Start an S/MIME signing context.
+ *
+ * "scert" is the cert that will be used to sign the data.  It will be
+ * checked for validity.
+ *
+ * "ecert" is the signer's encryption cert.  If it is different from
+ * scert, then it will be included in the signed message so that the
+ * recipient can save it for future encryptions.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
+ * XXX There should be SECMIME functions for hashing, or the hashing should
+ * be built into this interface, which we would like because we would
+ * support more smartcards that way, and then this argument should go away.)
+ *
+ * "digest" is the actual digest of the data.  It must be provided in
+ * the case of detached data or NULL if the content will be included.
+ *
+ * This function already does all of the stuff specific to S/MIME protocol
+ * and local policy; the return value just needs to be passed to
+ * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
+ * and finally to SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+
+SEC_PKCS7ContentInfo *
+SECMIME_CreateSigned(CERTCertificate *scert,
+                     CERTCertificate *ecert,
+                     CERTCertDBHandle *certdb,
+                     SECOidTag digestalg,
+                     SECItem *digest,
+                     SECKEYGetPasswordKey pwfn,
+                     void *pwfn_arg)
+{
+    SEC_PKCS7ContentInfo *cinfo;
+    SECStatus rv;
+
+    /* See note in header comment above about digestalg. */
+    /* Doesn't explain this. PORT_Assert (digestalg == SEC_OID_SHA1); */
+
+    cinfo = SEC_PKCS7CreateSignedData(scert, certUsageEmailSigner,
+                                      certdb, digestalg, digest,
+                                      pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    if (SEC_PKCS7IncludeCertChain(cinfo, NULL) != SECSuccess) {
+        SEC_PKCS7DestroyContentInfo(cinfo);
+        return NULL;
+    }
+
+    /* if the encryption cert and the signing cert differ, then include
+     * the encryption cert too.
+     */
+    /* it is ok to compare the pointers since we ref count, and the same
+     * cert will always have the same pointer
+     */
+    if ((ecert != NULL) && (ecert != scert)) {
+        rv = SEC_PKCS7AddCertificate(cinfo, ecert);
+        if (rv != SECSuccess) {
+            SEC_PKCS7DestroyContentInfo(cinfo);
+            return NULL;
+        }
+    }
+    /*
+     * Add the signing time.  But if it fails for some reason,
+     * may as well not give up altogether -- just assert.
+     */
+    rv = SEC_PKCS7AddSigningTime(cinfo);
+    PORT_Assert(rv == SECSuccess);
+
+    /*
+     * Add the email profile.  Again, if it fails for some reason,
+     * may as well not give up altogether -- just assert.
+     */
+    rv = smime_add_profile(ecert, cinfo);
+    PORT_Assert(rv == SECSuccess);
+
+    return cinfo;
+}
diff --git a/nss/lib/pkcs7/secmime.h b/nss/lib/pkcs7/secmime.h
new file mode 100644
index 0000000..683cd8d
--- /dev/null
+++ b/nss/lib/pkcs7/secmime.h
@@ -0,0 +1,160 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Header file for routines specific to S/MIME.  Keep things that are pure
+ * pkcs7 out of here; this is for S/MIME policy, S/MIME interoperability, etc.
+ */
+
+#ifndef _SECMIME_H_
+#define _SECMIME_H_ 1
+
+#include "secpkcs7.h"
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/*
+ * Initialize the local recording of the user S/MIME cipher preferences.
+ * This function is called once for each cipher, the order being
+ * important (first call records greatest preference, and so on).
+ * When finished, it is called with a "which" of CIPHER_FAMILID_MASK.
+ * If the function is called again after that, it is assumed that
+ * the preferences are being reset, and the old preferences are
+ * discarded.
+ *
+ * XXX This is for a particular user, and right now the storage is
+ * XXX local, static.  The preference should be stored elsewhere to allow
+ * XXX for multiple uses of one library?  How does SSL handle this;
+ * XXX it has something similar?
+ *
+ *  - The "which" values are defined in ciferfam.h (the SMIME_* values,
+ *    for example SMIME_DES_CBC_56).
+ *  - If "on" is non-zero then the named cipher is enabled, otherwise
+ *    it is disabled.  (It is not necessary to call the function for
+ *    ciphers that are disabled, however, as that is the default.)
+ *
+ * If the cipher preference is successfully recorded, SECSuccess
+ * is returned.  Otherwise SECFailure is returned.  The only errors
+ * are due to failure allocating memory or bad parameters/calls:
+ *	SEC_ERROR_XXX ("which" is not in the S/MIME cipher family)
+ *	SEC_ERROR_XXX (function is being called more times than there
+ *		are known/expected ciphers)
+ */
+extern SECStatus SECMIME_EnableCipher(long which, int on);
+
+/*
+ * Initialize the local recording of the S/MIME policy.
+ * This function is called to enable/disable a particular cipher.
+ * (S/MIME encryption or decryption using a particular cipher is only
+ * allowed if that cipher is currently enabled.)  At startup, all S/MIME
+ * ciphers are disabled.  From that point, this function can be called
+ * to enable a cipher -- it is not necessary to call this to disable
+ * a cipher unless that cipher was previously, explicitly enabled via
+ * this function.
+ *
+ * XXX This is for a the current module, I think, so local, static storage
+ * XXX is okay.  Is that correct, or could multiple uses of the same
+ * XXX library expect to operate under different policies?
+ *
+ *  - The "which" values are defined in ciferfam.h (the SMIME_* values,
+ *    for example SMIME_DES_CBC_56).
+ *  - If "on" is non-zero then the named cipher is enabled, otherwise
+ *    it is disabled.
+ *
+ * If the cipher is successfully enabled/disabled, SECSuccess is
+ * returned.  Otherwise SECFailure is returned.  The only errors
+ * are due to bad parameters:
+ *	SEC_ERROR_XXX ("which" is not in the S/MIME cipher family)
+ *	SEC_ERROR_XXX ("which" exceeds expected maximum cipher; this is
+ *		really an internal error)
+ */
+extern SECStatus SECMIME_SetPolicy(long which, int on);
+
+/*
+ * Does the current policy allow S/MIME decryption of this particular
+ * algorithm and keysize?
+ */
+extern PRBool SECMIME_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key);
+
+/*
+ * Does the current policy allow *any* S/MIME encryption (or decryption)?
+ *
+ * This tells whether or not *any* S/MIME encryption can be done,
+ * according to policy.  Callers may use this to do nicer user interface
+ * (say, greying out a checkbox so a user does not even try to encrypt
+ * a message when they are not allowed to) or for any reason they want
+ * to check whether S/MIME encryption (or decryption, for that matter)
+ * may be done.
+ *
+ * It takes no arguments.  The return value is a simple boolean:
+ *   PR_TRUE means encryption (or decryption) is *possible*
+ *	(but may still fail due to other reasons, like because we cannot
+ *	find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
+ *   PR_FALSE means encryption (or decryption) is not permitted
+ *
+ * There are no errors from this routine.
+ */
+extern PRBool SECMIME_EncryptionPossible(void);
+
+/*
+ * Start an S/MIME encrypting context.
+ *
+ * "scert" is the cert for the sender.  It will be checked for validity.
+ * "rcerts" are the certs for the recipients.  They will also be checked.
+ *
+ * "certdb" is the cert database to use for verifying the certs.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * This function already does all of the stuff specific to S/MIME protocol
+ * and local policy; the return value just needs to be passed to
+ * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
+ * and finally to SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *SECMIME_CreateEncrypted(CERTCertificate *scert,
+                                                     CERTCertificate **rcerts,
+                                                     CERTCertDBHandle *certdb,
+                                                     SECKEYGetPasswordKey pwfn,
+                                                     void *pwfn_arg);
+
+/*
+ * Start an S/MIME signing context.
+ *
+ * "scert" is the cert that will be used to sign the data.  It will be
+ * checked for validity.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * "digestalg" names the digest algorithm.  (It should be SEC_OID_SHA1;
+ * XXX There should be SECMIME functions for hashing, or the hashing should
+ * be built into this interface, which we would like because we would
+ * support more smartcards that way, and then this argument should go away.)
+ *
+ * "digest" is the actual digest of the data.  It must be provided in
+ * the case of detached data or NULL if the content will be included.
+ *
+ * This function already does all of the stuff specific to S/MIME protocol
+ * and local policy; the return value just needs to be passed to
+ * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
+ * and finally to SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *SECMIME_CreateSigned(CERTCertificate *scert,
+                                                  CERTCertificate *ecert,
+                                                  CERTCertDBHandle *certdb,
+                                                  SECOidTag digestalg,
+                                                  SECItem *digest,
+                                                  SECKEYGetPasswordKey pwfn,
+                                                  void *pwfn_arg);
+
+/************************************************************************/
+SEC_END_PROTOS
+
+#endif /* _SECMIME_H_ */
diff --git a/nss/lib/pkcs7/secpkcs7.h b/nss/lib/pkcs7/secpkcs7.h
new file mode 100644
index 0000000..78270bd
--- /dev/null
+++ b/nss/lib/pkcs7/secpkcs7.h
@@ -0,0 +1,626 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Interface to the PKCS7 implementation.
+ */
+
+#ifndef _SECPKCS7_H_
+#define _SECPKCS7_H_
+
+#include "seccomon.h"
+
+#include "secoidt.h"
+#include "certt.h"
+#include "keyt.h"
+#include "hasht.h"
+#include "pkcs7t.h"
+
+extern const SEC_ASN1Template sec_PKCS7ContentInfoTemplate[];
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/************************************************************************
+ *      Miscellaneous
+ ************************************************************************/
+
+/*
+ * Returns the content type of the given contentInfo.
+ */
+extern SECOidTag SEC_PKCS7ContentType(SEC_PKCS7ContentInfo *cinfo);
+
+/*
+ * Destroy a PKCS7 contentInfo and all of its sub-pieces.
+ */
+extern void SEC_PKCS7DestroyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
+
+/*
+ * Copy a PKCS7 contentInfo.  A Destroy is needed on *each* copy.
+ */
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7CopyContentInfo(SEC_PKCS7ContentInfo *contentInfo);
+
+/*
+ * Return a pointer to the actual content.  In the case of those types
+ * which are encrypted, this returns the *plain* content.
+ */
+extern SECItem *SEC_PKCS7GetContent(SEC_PKCS7ContentInfo *cinfo);
+
+/************************************************************************
+ *      PKCS7 Decoding, Verification, etc..
+ ************************************************************************/
+
+extern SEC_PKCS7DecoderContext *
+SEC_PKCS7DecoderStart(SEC_PKCS7DecoderContentCallback callback,
+                      void *callback_arg,
+                      SECKEYGetPasswordKey pwfn, void *pwfn_arg,
+                      SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
+                      void *decrypt_key_cb_arg,
+                      SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
+
+extern SECStatus
+SEC_PKCS7DecoderUpdate(SEC_PKCS7DecoderContext *p7dcx,
+                       const char *buf, unsigned long len);
+
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7DecoderFinish(SEC_PKCS7DecoderContext *p7dcx);
+
+/*  Abort the underlying ASN.1 stream & set an error  */
+void SEC_PKCS7DecoderAbort(SEC_PKCS7DecoderContext *p7dcx, int error);
+
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7DecodeItem(SECItem *p7item,
+                    SEC_PKCS7DecoderContentCallback cb, void *cb_arg,
+                    SECKEYGetPasswordKey pwfn, void *pwfn_arg,
+                    SEC_PKCS7GetDecryptKeyCallback decrypt_key_cb,
+                    void *decrypt_key_cb_arg,
+                    SEC_PKCS7DecryptionAllowedCallback decrypt_allowed_cb);
+
+extern PRBool SEC_PKCS7ContainsCertsOrCrls(SEC_PKCS7ContentInfo *cinfo);
+
+/* checks to see if the contents of the content info is
+ * empty.  it so, PR_TRUE is returned.  PR_FALSE, otherwise.
+ *
+ * minLen is used to specify a minimum size.  if content size <= minLen,
+ * content is assumed empty.
+ */
+extern PRBool
+SEC_PKCS7IsContentEmpty(SEC_PKCS7ContentInfo *cinfo, unsigned int minLen);
+
+extern PRBool SEC_PKCS7ContentIsEncrypted(SEC_PKCS7ContentInfo *cinfo);
+
+/*
+ * If the PKCS7 content has a signature (not just *could* have a signature)
+ * return true; false otherwise.  This can/should be called before calling
+ * VerifySignature, which will always indicate failure if no signature is
+ * present, but that does not mean there even was a signature!
+ * Note that the content itself can be empty (detached content was sent
+ * another way); it is the presence of the signature that matters.
+ */
+extern PRBool SEC_PKCS7ContentIsSigned(SEC_PKCS7ContentInfo *cinfo);
+
+/*
+ * SEC_PKCS7VerifySignature
+ *      Look at a PKCS7 contentInfo and check if the signature is good.
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage".
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ */
+extern PRBool SEC_PKCS7VerifySignature(SEC_PKCS7ContentInfo *cinfo,
+                                       SECCertUsage certusage,
+                                       PRBool keepcerts);
+
+/*
+ * SEC_PKCS7VerifyDetachedSignature
+ *      Look at a PKCS7 contentInfo and check if the signature matches
+ *      a passed-in digest (calculated, supposedly, from detached contents).
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage".
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ */
+extern PRBool SEC_PKCS7VerifyDetachedSignature(SEC_PKCS7ContentInfo *cinfo,
+                                               SECCertUsage certusage,
+                                               const SECItem *detached_digest,
+                                               HASH_HashType digest_type,
+                                               PRBool keepcerts);
+
+/*
+ * SEC_PKCS7VerifyDetachedSignatureAtTime
+ *      Look at a PKCS7 contentInfo and check if the signature matches
+ *      a passed-in digest (calculated, supposedly, from detached contents).
+ *      The verification checks that the signing cert is valid and trusted
+ *      for the purpose specified by "certusage" at time "atTime".
+ *
+ *      In addition, if "keepcerts" is true, add any new certificates found
+ *      into our local database.
+ */
+extern PRBool
+SEC_PKCS7VerifyDetachedSignatureAtTime(SEC_PKCS7ContentInfo *cinfo,
+                                       SECCertUsage certusage,
+                                       const SECItem *detached_digest,
+                                       HASH_HashType digest_type,
+                                       PRBool keepcerts,
+                                       PRTime atTime);
+
+/*
+ * SEC_PKCS7GetSignerCommonName, SEC_PKCS7GetSignerEmailAddress
+ *      The passed-in contentInfo is espected to be Signed, and these
+ *      functions return the specified portion of the full signer name.
+ *
+ *      Returns a pointer to allocated memory, which must be freed.
+ *      A NULL return value is an error.
+ */
+extern char *SEC_PKCS7GetSignerCommonName(SEC_PKCS7ContentInfo *cinfo);
+extern char *SEC_PKCS7GetSignerEmailAddress(SEC_PKCS7ContentInfo *cinfo);
+
+/*
+ * Return the the signing time, in UTCTime format, of a PKCS7 contentInfo.
+ */
+extern SECItem *SEC_PKCS7GetSigningTime(SEC_PKCS7ContentInfo *cinfo);
+
+/************************************************************************
+ *      PKCS7 Creation and Encoding.
+ ************************************************************************/
+
+/*
+ * Start a PKCS7 signing context.
+ *
+ * "cert" is the cert that will be used to sign the data.  It will be
+ * checked for validity.
+ *
+ * "certusage" describes the signing usage (e.g. certUsageEmailSigner)
+ * XXX Maybe SECCertUsage should be split so that our caller just says
+ * "email" and *we* add the "signing" part -- otherwise our caller
+ * could be lying about the usage; we do not want to allow encryption
+ * certs for signing or vice versa.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
+ *
+ * "digest" is the actual digest of the data.  It must be provided in
+ * the case of detached data or NULL if the content will be included.
+ *
+ * The return value can be passed to functions which add things to
+ * it like attributes, then eventually to SEC_PKCS7Encode() or to
+ * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
+ * SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateSignedData(CERTCertificate *cert,
+                          SECCertUsage certusage,
+                          CERTCertDBHandle *certdb,
+                          SECOidTag digestalg,
+                          SECItem *digest,
+                          SECKEYGetPasswordKey pwfn, void *pwfn_arg);
+
+/*
+ * Create a PKCS7 certs-only container.
+ *
+ * "cert" is the (first) cert that will be included.
+ *
+ * "include_chain" specifies whether the entire chain for "cert" should
+ * be included.
+ *
+ * "certdb" is the cert database to use for finding the chain.
+ * It can be NULL in when "include_chain" is false, or when meaning
+ * use the default database.
+ *
+ * More certs and chains can be added via AddCertficate and AddCertChain.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateCertsOnly(CERTCertificate *cert,
+                         PRBool include_chain,
+                         CERTCertDBHandle *certdb);
+
+/*
+ * Start a PKCS7 enveloping context.
+ *
+ * "cert" is the cert for the recipient.  It will be checked for validity.
+ *
+ * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
+ * XXX Maybe SECCertUsage should be split so that our caller just says
+ * "email" and *we* add the "recipient" part -- otherwise our caller
+ * could be lying about the usage; we do not want to allow encryption
+ * certs for signing or vice versa.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * "encalg" specifies the bulk encryption algorithm to use (e.g. SEC_OID_RC2).
+ *
+ * "keysize" specifies the bulk encryption key size, in bits.
+ *
+ * The return value can be passed to functions which add things to
+ * it like more recipients, then eventually to SEC_PKCS7Encode() or to
+ * SEC_PKCS7EncoderStart() to create the encoded data, and finally to
+ * SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateEnvelopedData(CERTCertificate *cert,
+                             SECCertUsage certusage,
+                             CERTCertDBHandle *certdb,
+                             SECOidTag encalg,
+                             int keysize,
+                             SECKEYGetPasswordKey pwfn, void *pwfn_arg);
+
+/*
+ * XXX There will be a similar routine for creating signedAndEnvelopedData.
+ * But its parameters will be different and I have no plans to implement
+ * it any time soon because we have no current need for it.
+ */
+
+/*
+ * Create an empty PKCS7 data content info.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *SEC_PKCS7CreateData(void);
+
+/*
+ * Create an empty PKCS7 encrypted content info.
+ *
+ * "algorithm" specifies the bulk encryption algorithm to use.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateEncryptedData(SECOidTag algorithm, int keysize,
+                             SECKEYGetPasswordKey pwfn, void *pwfn_arg);
+
+/*
+ * Create an empty PKCS7 encrypted content info.
+ *
+ * Similar to SEC_PKCS7CreateEncryptedData(), but this is capable of
+ * creating encrypted content for PKCS #5 v2 algorithms.
+ *
+ * "pbe_algorithm" specifies the PBE algorithm to use.
+ * "cipher_algorithm" specifies the bulk encryption algorithm to use.
+ * "prf_algorithm" specifies the PRF algorithm which pbe_algorithm uses.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern SEC_PKCS7ContentInfo *
+SEC_PKCS7CreateEncryptedDataWithPBEV2(SECOidTag pbe_algorithm,
+                                      SECOidTag cipher_algorithm,
+                                      SECOidTag prf_algorithm,
+                                      int keysize,
+                                      SECKEYGetPasswordKey pwfn, void *pwfn_arg);
+
+/*
+ * All of the following things return SECStatus to signal success or failure.
+ * Failure should have a more specific error status available via
+ * PORT_GetError()/XP_GetError().
+ */
+
+/*
+ * Add the specified attribute to the authenticated (i.e. signed) attributes
+ * of "cinfo" -- "oidtag" describes the attribute and "value" is the
+ * value to be associated with it.  NOTE! "value" must already be encoded;
+ * no interpretation of "oidtag" is done.  Also, it is assumed that this
+ * signedData has only one signer -- if we ever need to add attributes
+ * when there is more than one signature, we need a way to specify *which*
+ * signature should get the attribute.
+ *
+ * XXX Technically, a signed attribute can have multiple values; if/when
+ * we ever need to support an attribute which takes multiple values, we
+ * either need to change this interface or create an AddSignedAttributeValue
+ * which can be called subsequently, and would then append a value.
+ *
+ * "cinfo" should be of type signedData (the only kind of pkcs7 data
+ * that is allowed authenticated attributes); SECFailure will be returned
+ * if it is not.
+ */
+extern SECStatus SEC_PKCS7AddSignedAttribute(SEC_PKCS7ContentInfo *cinfo,
+                                             SECOidTag oidtag,
+                                             SECItem *value);
+
+/*
+ * Add "cert" and its entire chain to the set of certs included in "cinfo".
+ *
+ * "certdb" is the cert database to use for finding the chain.
+ * It can be NULL, meaning use the default database.
+ *
+ * "cinfo" should be of type signedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ */
+extern SECStatus SEC_PKCS7AddCertChain(SEC_PKCS7ContentInfo *cinfo,
+                                       CERTCertificate *cert,
+                                       CERTCertDBHandle *certdb);
+
+/*
+ * Add "cert" to the set of certs included in "cinfo".
+ *
+ * "cinfo" should be of type signedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ */
+extern SECStatus SEC_PKCS7AddCertificate(SEC_PKCS7ContentInfo *cinfo,
+                                         CERTCertificate *cert);
+
+/*
+ * Add another recipient to an encrypted message.
+ *
+ * "cinfo" should be of type envelopedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ *
+ * "cert" is the cert for the recipient.  It will be checked for validity.
+ *
+ * "certusage" describes the encryption usage (e.g. certUsageEmailRecipient)
+ * XXX Maybe SECCertUsage should be split so that our caller just says
+ * "email" and *we* add the "recipient" part -- otherwise our caller
+ * could be lying about the usage; we do not want to allow encryption
+ * certs for signing or vice versa.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ */
+extern SECStatus SEC_PKCS7AddRecipient(SEC_PKCS7ContentInfo *cinfo,
+                                       CERTCertificate *cert,
+                                       SECCertUsage certusage,
+                                       CERTCertDBHandle *certdb);
+
+/*
+ * Add the signing time to the authenticated (i.e. signed) attributes
+ * of "cinfo".  This is expected to be included in outgoing signed
+ * messages for email (S/MIME) but is likely useful in other situations.
+ *
+ * This should only be added once; a second call will either do
+ * nothing or replace an old signing time with a newer one.
+ *
+ * XXX This will probably just shove the current time into "cinfo"
+ * but it will not actually get signed until the entire item is
+ * processed for encoding.  Is this (expected to be small) delay okay?
+ *
+ * "cinfo" should be of type signedData (the only kind of pkcs7 data
+ * that is allowed authenticated attributes); SECFailure will be returned
+ * if it is not.
+ */
+extern SECStatus SEC_PKCS7AddSigningTime(SEC_PKCS7ContentInfo *cinfo);
+
+/*
+ * Add the signer's symmetric capabilities to the authenticated
+ * (i.e. signed) attributes of "cinfo".  This is expected to be
+ * included in outgoing signed messages for email (S/MIME).
+ *
+ * This can only be added once; a second call will return SECFailure.
+ *
+ * "cinfo" should be of type signedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ */
+extern SECStatus SEC_PKCS7AddSymmetricCapabilities(SEC_PKCS7ContentInfo *cinfo);
+
+/*
+ * Mark that the signer's certificate and its issuing chain should
+ * be included in the encoded data.  This is expected to be used
+ * in outgoing signed messages for email (S/MIME).
+ *
+ * "certdb" is the cert database to use for finding the chain.
+ * It can be NULL, meaning use the default database.
+ *
+ * "cinfo" should be of type signedData or signedAndEnvelopedData;
+ * SECFailure will be returned if it is not.
+ */
+extern SECStatus SEC_PKCS7IncludeCertChain(SEC_PKCS7ContentInfo *cinfo,
+                                           CERTCertDBHandle *certdb);
+
+/*
+ * Set the content; it will be included and also hashed and/or encrypted
+ * as appropriate.  This is for in-memory content (expected to be "small")
+ * that will be included in the PKCS7 object.  All others should stream the
+ * content through when encoding (see SEC_PKCS7Encoder{Start,Update,Finish}).
+ *
+ * "buf" points to data of length "len"; it will be copied.
+ */
+extern SECStatus SEC_PKCS7SetContent(SEC_PKCS7ContentInfo *cinfo,
+                                     const char *buf, unsigned long len);
+
+/*
+ * Encode a PKCS7 object, in one shot.  All necessary components
+ * of the object must already be specified.  Either the data has
+ * already been included (via SetContent), or the data is detached,
+ * or there is no data at all (certs-only).
+ *
+ * "cinfo" specifies the object to be encoded.
+ *
+ * "outputfn" is where the encoded bytes will be passed.
+ *
+ * "outputarg" is an opaque argument to the above callback.
+ *
+ * "bulkkey" specifies the bulk encryption key to use.   This argument
+ * can be NULL if no encryption is being done, or if the bulk key should
+ * be generated internally (usually the case for EnvelopedData but never
+ * for EncryptedData, which *must* provide a bulk encryption key).
+ *
+ * "pwfn" is a callback for getting the password which protects the
+ * private key of the signer.  This argument can be NULL if it is known
+ * that no signing is going to be done.
+ *
+ * "pwfnarg" is an opaque argument to the above callback.
+ */
+extern SECStatus SEC_PKCS7Encode(SEC_PKCS7ContentInfo *cinfo,
+                                 SEC_PKCS7EncoderOutputCallback outputfn,
+                                 void *outputarg,
+                                 PK11SymKey *bulkkey,
+                                 SECKEYGetPasswordKey pwfn,
+                                 void *pwfnarg);
+
+/*
+ * Encode a PKCS7 object, in one shot.  All necessary components
+ * of the object must already be specified.  Either the data has
+ * already been included (via SetContent), or the data is detached,
+ * or there is no data at all (certs-only).  The output, rather than
+ * being passed to an output function as is done above, is all put
+ * into a SECItem.
+ *
+ * "pool" specifies a pool from which to allocate the result.
+ * It can be NULL, in which case memory is allocated generically.
+ *
+ * "dest" specifies a SECItem in which to put the result data.
+ * It can be NULL, in which case the entire item is allocated, too.
+ *
+ * "cinfo" specifies the object to be encoded.
+ *
+ * "bulkkey" specifies the bulk encryption key to use.   This argument
+ * can be NULL if no encryption is being done, or if the bulk key should
+ * be generated internally (usually the case for EnvelopedData but never
+ * for EncryptedData, which *must* provide a bulk encryption key).
+ *
+ * "pwfn" is a callback for getting the password which protects the
+ * private key of the signer.  This argument can be NULL if it is known
+ * that no signing is going to be done.
+ *
+ * "pwfnarg" is an opaque argument to the above callback.
+ */
+extern SECItem *SEC_PKCS7EncodeItem(PLArenaPool *pool,
+                                    SECItem *dest,
+                                    SEC_PKCS7ContentInfo *cinfo,
+                                    PK11SymKey *bulkkey,
+                                    SECKEYGetPasswordKey pwfn,
+                                    void *pwfnarg);
+
+/*
+ * For those who want to simply point to the pkcs7 contentInfo ASN.1
+ * template, and *not* call the encoding functions directly, the
+ * following function can be used -- after it is called, the entire
+ * PKCS7 contentInfo is ready to be encoded.
+ */
+extern SECStatus SEC_PKCS7PrepareForEncode(SEC_PKCS7ContentInfo *cinfo,
+                                           PK11SymKey *bulkkey,
+                                           SECKEYGetPasswordKey pwfn,
+                                           void *pwfnarg);
+
+/*
+ * Start the process of encoding a PKCS7 object.  The first part of
+ * the encoded object will be passed to the output function right away;
+ * after that it is expected that SEC_PKCS7EncoderUpdate will be called,
+ * streaming in the actual content that is getting included as well as
+ * signed or encrypted (or both).
+ *
+ * "cinfo" specifies the object to be encoded.
+ *
+ * "outputfn" is where the encoded bytes will be passed.
+ *
+ * "outputarg" is an opaque argument to the above callback.
+ *
+ * "bulkkey" specifies the bulk encryption key to use.   This argument
+ * can be NULL if no encryption is being done, or if the bulk key should
+ * be generated internally (usually the case for EnvelopedData but never
+ * for EncryptedData, which *must* provide a bulk encryption key).
+ *
+ * Returns an object to be passed to EncoderUpdate and EncoderFinish.
+ */
+extern SEC_PKCS7EncoderContext *
+SEC_PKCS7EncoderStart(SEC_PKCS7ContentInfo *cinfo,
+                      SEC_PKCS7EncoderOutputCallback outputfn,
+                      void *outputarg,
+                      PK11SymKey *bulkkey);
+
+/*
+ * Encode more contents, hashing and/or encrypting along the way.
+ */
+extern SECStatus SEC_PKCS7EncoderUpdate(SEC_PKCS7EncoderContext *p7ecx,
+                                        const char *buf,
+                                        unsigned long len);
+
+/*
+ * No more contents; finish the signature creation, if appropriate,
+ * and then the encoding.
+ *
+ * "pwfn" is a callback for getting the password which protects the
+ * signer's private key.  This argument can be NULL if it is known
+ * that no signing is going to be done.
+ *
+ * "pwfnarg" is an opaque argument to the above callback.
+ */
+extern SECStatus SEC_PKCS7EncoderFinish(SEC_PKCS7EncoderContext *p7ecx,
+                                        SECKEYGetPasswordKey pwfn,
+                                        void *pwfnarg);
+
+/*  Abort the underlying ASN.1 stream & set an error  */
+void SEC_PKCS7EncoderAbort(SEC_PKCS7EncoderContext *p7dcx, int error);
+
+/* retrieve the algorithm ID used to encrypt the content info
+ * for encrypted and enveloped data.  The SECAlgorithmID pointer
+ * returned needs to be freed as it is a copy of the algorithm
+ * id in the content info.
+ */
+extern SECAlgorithmID *
+SEC_PKCS7GetEncryptionAlgorithm(SEC_PKCS7ContentInfo *cinfo);
+
+/* the content of an encrypted data content info is encrypted.
+ * it is assumed that for encrypted data, that the data has already
+ * been set and is in the "plainContent" field of the content info.
+ *
+ * cinfo is the content info to encrypt
+ *
+ * key is the key with which to perform the encryption.  if the
+ *     algorithm is a password based encryption algorithm, the
+ *     key is actually a password which will be processed per
+ *     PKCS #5.
+ *
+ * in the event of an error, SECFailure is returned.  SECSuccess
+ * indicates a success.
+ */
+extern SECStatus
+SEC_PKCS7EncryptContents(PLArenaPool *poolp,
+                         SEC_PKCS7ContentInfo *cinfo,
+                         SECItem *key,
+                         void *wincx);
+
+/* the content of an encrypted data content info is decrypted.
+ * it is assumed that for encrypted data, that the data has already
+ * been set and is in the "encContent" field of the content info.
+ *
+ * cinfo is the content info to decrypt
+ *
+ * key is the key with which to perform the decryption.  if the
+ *     algorithm is a password based encryption algorithm, the
+ *     key is actually a password which will be processed per
+ *     PKCS #5.
+ *
+ * in the event of an error, SECFailure is returned.  SECSuccess
+ * indicates a success.
+ */
+extern SECStatus
+SEC_PKCS7DecryptContents(PLArenaPool *poolp,
+                         SEC_PKCS7ContentInfo *cinfo,
+                         SECItem *key,
+                         void *wincx);
+
+/* retrieve the certificate list from the content info.  the list
+ * is a pointer to the list in the content info.  this should not
+ * be deleted or freed in any way short of calling
+ * SEC_PKCS7DestroyContentInfo
+ */
+extern SECItem **
+SEC_PKCS7GetCertificateList(SEC_PKCS7ContentInfo *cinfo);
+
+/* Returns the key length (in bits) of the algorithm used to encrypt
+   this object.  Returns 0 if it's not encrypted, or the key length is
+   irrelevant. */
+extern int
+SEC_PKCS7GetKeyLength(SEC_PKCS7ContentInfo *cinfo);
+
+/************************************************************************/
+SEC_END_PROTOS
+
+#endif /* _SECPKCS7_H_ */
diff --git a/nss/lib/pki/Makefile b/nss/lib/pki/Makefile
new file mode 100644
index 0000000..fc78ae9
--- /dev/null
+++ b/nss/lib/pki/Makefile
@@ -0,0 +1,11 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+include config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+export:: private_export
diff --git a/nss/lib/pki/asymmkey.c b/nss/lib/pki/asymmkey.c
new file mode 100644
index 0000000..ce1f503
--- /dev/null
+++ b/nss/lib/pki/asymmkey.c
@@ -0,0 +1,361 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSPKI_H
+#include "nsspki.h"
+#endif /* NSSPKI_H */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+
+NSS_IMPLEMENT PRStatus
+NSSPrivateKey_Destroy(
+    NSSPrivateKey *vk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSPrivateKey_DeleteStoredObject(
+    NSSPrivateKey *vk,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRUint32
+NSSPrivateKey_GetSignatureLength(
+    NSSPrivateKey *vk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return -1;
+}
+
+NSS_IMPLEMENT PRUint32
+NSSPrivateKey_GetPrivateModulusLength(
+    NSSPrivateKey *vk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return -1;
+}
+
+NSS_IMPLEMENT PRBool
+NSSPrivateKey_IsStillPresent(
+    NSSPrivateKey *vk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FALSE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPrivateKey_Encode(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *ap,
+    NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSTrustDomain *
+NSSPrivateKey_GetTrustDomain(
+    NSSPrivateKey *vk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSPrivateKey_GetToken(NSSPrivateKey *vk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSlot *
+NSSPrivateKey_GetSlot(NSSPrivateKey *vk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSModule *
+NSSPrivateKey_GetModule(
+    NSSPrivateKey *vk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPrivateKey_Decrypt(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *encryptedData,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPrivateKey_Sign(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPrivateKey_SignRecover(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSPrivateKey_UnwrapSymmetricKey(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSPrivateKey_DeriveSymmetricKey(
+    NSSPrivateKey *vk,
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt, /* zero for best allowed */
+    NSSOperations operations,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSPublicKey *
+NSSPrivateKey_FindPublicKey(
+    NSSPrivateKey *vk
+    /* { don't need the callback here, right? } */
+    )
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSPrivateKey_CreateCryptoContext(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSPrivateKey_FindCertificates(
+    NSSPrivateKey *vk,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSPrivateKey_FindBestCertificate(
+    NSSPrivateKey *vk,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSPublicKey_Destroy(NSSPublicKey *bk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSPublicKey_DeleteStoredObject(
+    NSSPublicKey *bk,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPublicKey_Encode(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *ap,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSTrustDomain *
+NSSPublicKey_GetTrustDomain(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSPublicKey_GetToken(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSlot *
+NSSPublicKey_GetSlot(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSModule *
+NSSPublicKey_GetModule(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPublicKey_Encrypt(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSPublicKey_Verify(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPublicKey_VerifyRecover(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSPublicKey_WrapSymmetricKey(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSPublicKey_CreateCryptoContext(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSPublicKey_FindCertificates(
+    NSSPublicKey *bk,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSPublicKey_FindBestCertificate(
+    NSSPublicKey *bk,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSPrivateKey *
+NSSPublicKey_FindPrivateKey(
+    NSSPublicKey *bk,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
diff --git a/nss/lib/pki/certdecode.c b/nss/lib/pki/certdecode.c
new file mode 100644
index 0000000..61c8033
--- /dev/null
+++ b/nss/lib/pki/certdecode.c
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIT_H
+#include "pkit.h"
+#endif /* PKIT_H */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+/* This is defined in pki3hack.c */
+NSS_EXTERN nssDecodedCert *
+nssDecodedPKIXCertificate_Create(
+    NSSArena *arenaOpt,
+    NSSDER *encoding);
+
+NSS_IMPLEMENT PRStatus
+nssDecodedPKIXCertificate_Destroy(
+    nssDecodedCert *dc);
+
+NSS_IMPLEMENT nssDecodedCert *
+nssDecodedCert_Create(
+    NSSArena *arenaOpt,
+    NSSDER *encoding,
+    NSSCertificateType type)
+{
+    nssDecodedCert *rvDC = NULL;
+    switch (type) {
+        case NSSCertificateType_PKIX:
+            rvDC = nssDecodedPKIXCertificate_Create(arenaOpt, encoding);
+            break;
+        default:
+#if 0
+    nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+#endif
+            return (nssDecodedCert *)NULL;
+    }
+    return rvDC;
+}
+
+NSS_IMPLEMENT PRStatus
+nssDecodedCert_Destroy(
+    nssDecodedCert *dc)
+{
+    if (!dc) {
+        return PR_FAILURE;
+    }
+    switch (dc->type) {
+        case NSSCertificateType_PKIX:
+            return nssDecodedPKIXCertificate_Destroy(dc);
+        default:
+#if 0
+    nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+#endif
+            break;
+    }
+    return PR_FAILURE;
+}
diff --git a/nss/lib/pki/certificate.c b/nss/lib/pki/certificate.c
new file mode 100644
index 0000000..4d94bc8
--- /dev/null
+++ b/nss/lib/pki/certificate.c
@@ -0,0 +1,1101 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSPKI_H
+#include "nsspki.h"
+#endif /* NSSPKI_H */
+
+#ifndef PKIT_H
+#include "pkit.h"
+#endif /* PKIT_H */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+#ifndef DEV_H
+#include "dev.h"
+#endif /* DEV_H */
+
+#include "pkistore.h"
+
+#include "pki3hack.h"
+#include "pk11func.h"
+#include "hasht.h"
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+
+/* Creates a certificate from a base object */
+NSS_IMPLEMENT NSSCertificate *
+nssCertificate_Create(
+    nssPKIObject *object)
+{
+    PRStatus status;
+    NSSCertificate *rvCert;
+    nssArenaMark *mark;
+    NSSArena *arena = object->arena;
+    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
+    PR_ASSERT(object->lockType == nssPKIMonitor);
+    mark = nssArena_Mark(arena);
+    rvCert = nss_ZNEW(arena, NSSCertificate);
+    if (!rvCert) {
+        return (NSSCertificate *)NULL;
+    }
+    rvCert->object = *object;
+    /* XXX should choose instance based on some criteria */
+    status = nssCryptokiCertificate_GetAttributes(object->instances[0],
+                                                  NULL, /* XXX sessionOpt */
+                                                  arena,
+                                                  &rvCert->type,
+                                                  &rvCert->id,
+                                                  &rvCert->encoding,
+                                                  &rvCert->issuer,
+                                                  &rvCert->serial,
+                                                  &rvCert->subject);
+    if (status != PR_SUCCESS ||
+        !rvCert->encoding.data ||
+        !rvCert->encoding.size ||
+        !rvCert->issuer.data ||
+        !rvCert->issuer.size ||
+        !rvCert->serial.data ||
+        !rvCert->serial.size) {
+        if (mark)
+            nssArena_Release(arena, mark);
+        return (NSSCertificate *)NULL;
+    }
+    if (mark)
+        nssArena_Unmark(arena, mark);
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssCertificate_AddRef(
+    NSSCertificate *c)
+{
+    if (c) {
+        nssPKIObject_AddRef(&c->object);
+    }
+    return c;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCertificate_Destroy(
+    NSSCertificate *c)
+{
+    nssCertificateStoreTrace lockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
+    nssCertificateStoreTrace unlockTrace = { NULL, NULL, PR_FALSE, PR_FALSE };
+
+    if (c) {
+        PRUint32 i;
+        nssDecodedCert *dc = c->decoding;
+        NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+        NSSCryptoContext *cc = c->object.cryptoContext;
+
+        PR_ASSERT(c->object.refCount > 0);
+
+        /* --- LOCK storage --- */
+        if (cc) {
+            nssCertificateStore_Lock(cc->certStore, &lockTrace);
+        } else {
+            nssTrustDomain_LockCertCache(td);
+        }
+        if (PR_ATOMIC_DECREMENT(&c->object.refCount) == 0) {
+            /* --- remove cert and UNLOCK storage --- */
+            if (cc) {
+                nssCertificateStore_RemoveCertLOCKED(cc->certStore, c);
+                nssCertificateStore_Unlock(cc->certStore, &lockTrace,
+                                           &unlockTrace);
+            } else {
+                nssTrustDomain_RemoveCertFromCacheLOCKED(td, c);
+                nssTrustDomain_UnlockCertCache(td);
+            }
+            /* free cert data */
+            for (i = 0; i < c->object.numInstances; i++) {
+                nssCryptokiObject_Destroy(c->object.instances[i]);
+            }
+            nssPKIObject_DestroyLock(&c->object);
+            nssArena_Destroy(c->object.arena);
+            nssDecodedCert_Destroy(dc);
+        } else {
+            /* --- UNLOCK storage --- */
+            if (cc) {
+                nssCertificateStore_Unlock(cc->certStore,
+                                           &lockTrace,
+                                           &unlockTrace);
+            } else {
+                nssTrustDomain_UnlockCertCache(td);
+            }
+        }
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCertificate_Destroy(NSSCertificate *c)
+{
+    return nssCertificate_Destroy(c);
+}
+
+NSS_IMPLEMENT NSSDER *
+nssCertificate_GetEncoding(NSSCertificate *c)
+{
+    if (c->encoding.size > 0 && c->encoding.data) {
+        return &c->encoding;
+    } else {
+        return (NSSDER *)NULL;
+    }
+}
+
+NSS_IMPLEMENT NSSDER *
+nssCertificate_GetIssuer(NSSCertificate *c)
+{
+    if (c->issuer.size > 0 && c->issuer.data) {
+        return &c->issuer;
+    } else {
+        return (NSSDER *)NULL;
+    }
+}
+
+NSS_IMPLEMENT NSSDER *
+nssCertificate_GetSerialNumber(NSSCertificate *c)
+{
+    if (c->serial.size > 0 && c->serial.data) {
+        return &c->serial;
+    } else {
+        return (NSSDER *)NULL;
+    }
+}
+
+NSS_IMPLEMENT NSSDER *
+nssCertificate_GetSubject(NSSCertificate *c)
+{
+    if (c->subject.size > 0 && c->subject.data) {
+        return &c->subject;
+    } else {
+        return (NSSDER *)NULL;
+    }
+}
+
+/* Returns a copy, Caller must free using nss_ZFreeIf */
+NSS_IMPLEMENT NSSUTF8 *
+nssCertificate_GetNickname(
+    NSSCertificate *c,
+    NSSToken *tokenOpt)
+{
+    return nssPKIObject_GetNicknameForToken(&c->object, tokenOpt);
+}
+
+NSS_IMPLEMENT NSSASCII7 *
+nssCertificate_GetEmailAddress(NSSCertificate *c)
+{
+    return c->email;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCertificate_DeleteStoredObject(
+    NSSCertificate *c,
+    NSSCallback *uhh)
+{
+    return nssPKIObject_DeleteStoredObject(&c->object, uhh, PR_TRUE);
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCertificate_Validate(
+    NSSCertificate *c,
+    NSSTime *timeOpt, /* NULL for "now" */
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt /* NULL for none */
+    )
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT void ** /* void *[] */
+    NSSCertificate_ValidateCompletely(
+        NSSCertificate *c,
+        NSSTime *timeOpt, /* NULL for "now" */
+        NSSUsage *usage,
+        NSSPolicies *policiesOpt, /* NULL for none */
+        void **rvOpt,             /* NULL for allocate */
+        PRUint32 rvLimit,         /* zero for no limit */
+        NSSArena *arenaOpt        /* NULL for heap */
+        )
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCertificate_ValidateAndDiscoverUsagesAndPolicies(
+    NSSCertificate *c,
+    NSSTime **notBeforeOutOpt,
+    NSSTime **notAfterOutOpt,
+    void *allowedUsages,
+    void *disallowedUsages,
+    void *allowedPolicies,
+    void *disallowedPolicies,
+    /* more args.. work on this fgmr */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSDER *
+NSSCertificate_Encode(
+    NSSCertificate *c,
+    NSSDER *rvOpt,
+    NSSArena *arenaOpt)
+{
+    /* Item, DER, BER are all typedefs now... */
+    return nssItem_Duplicate((NSSItem *)&c->encoding, arenaOpt, rvOpt);
+}
+
+NSS_IMPLEMENT nssDecodedCert *
+nssCertificate_GetDecoding(
+    NSSCertificate *c)
+{
+    nssDecodedCert *deco = NULL;
+    if (c->type == NSSCertificateType_PKIX) {
+        (void)STAN_GetCERTCertificate(c);
+    }
+    nssPKIObject_Lock(&c->object);
+    if (!c->decoding) {
+        deco = nssDecodedCert_Create(NULL, &c->encoding, c->type);
+        PORT_Assert(!c->decoding);
+        c->decoding = deco;
+    } else {
+        deco = c->decoding;
+    }
+    nssPKIObject_Unlock(&c->object);
+    return deco;
+}
+
+static NSSCertificate **
+filter_subject_certs_for_id(
+    NSSCertificate **subjectCerts,
+    void *id)
+{
+    NSSCertificate **si;
+    nssDecodedCert *dcp;
+    int nextOpenSlot = 0;
+    int i;
+    nssCertIDMatch matchLevel = nssCertIDMatch_Unknown;
+    nssCertIDMatch match;
+
+    /* walk the subject certs */
+    for (si = subjectCerts; *si; si++) {
+        dcp = nssCertificate_GetDecoding(*si);
+        if (!dcp) {
+            NSSCertificate_Destroy(*si);
+            continue;
+        }
+        match = dcp->matchIdentifier(dcp, id);
+        switch (match) {
+            case nssCertIDMatch_Yes:
+                if (matchLevel == nssCertIDMatch_Unknown) {
+                    /* we have non-definitive matches, forget them */
+                    for (i = 0; i < nextOpenSlot; i++) {
+                        NSSCertificate_Destroy(subjectCerts[i]);
+                        subjectCerts[i] = NULL;
+                    }
+                    nextOpenSlot = 0;
+                    /* only keep definitive matches from now on */
+                    matchLevel = nssCertIDMatch_Yes;
+                }
+                /* keep the cert */
+                subjectCerts[nextOpenSlot++] = *si;
+                break;
+            case nssCertIDMatch_Unknown:
+                if (matchLevel == nssCertIDMatch_Unknown) {
+                    /* only have non-definitive matches so far, keep it */
+                    subjectCerts[nextOpenSlot++] = *si;
+                    break;
+                }
+            /* else fall through, we have a definitive match already */
+            case nssCertIDMatch_No:
+            default:
+                NSSCertificate_Destroy(*si);
+                *si = NULL;
+        }
+    }
+    subjectCerts[nextOpenSlot] = NULL;
+    return subjectCerts;
+}
+
+static NSSCertificate **
+filter_certs_for_valid_issuers(NSSCertificate **certs)
+{
+    NSSCertificate **cp;
+    nssDecodedCert *dcp;
+    int nextOpenSlot = 0;
+
+    for (cp = certs; *cp; cp++) {
+        dcp = nssCertificate_GetDecoding(*cp);
+        if (dcp && dcp->isValidIssuer(dcp)) {
+            certs[nextOpenSlot++] = *cp;
+        } else {
+            NSSCertificate_Destroy(*cp);
+        }
+    }
+    certs[nextOpenSlot] = NULL;
+    return certs;
+}
+
+static NSSCertificate *
+find_cert_issuer(
+    NSSCertificate *c,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSTrustDomain *td,
+    NSSCryptoContext *cc)
+{
+    NSSArena *arena;
+    NSSCertificate **certs = NULL;
+    NSSCertificate **ccIssuers = NULL;
+    NSSCertificate **tdIssuers = NULL;
+    NSSCertificate *issuer = NULL;
+
+    if (!cc)
+        cc = c->object.cryptoContext;
+    if (!td)
+        td = NSSCertificate_GetTrustDomain(c);
+    arena = nssArena_Create();
+    if (!arena) {
+        return (NSSCertificate *)NULL;
+    }
+    if (cc) {
+        ccIssuers = nssCryptoContext_FindCertificatesBySubject(cc,
+                                                               &c->issuer,
+                                                               NULL,
+                                                               0,
+                                                               arena);
+    }
+    if (td)
+        tdIssuers = nssTrustDomain_FindCertificatesBySubject(td,
+                                                             &c->issuer,
+                                                             NULL,
+                                                             0,
+                                                             arena);
+    certs = nssCertificateArray_Join(ccIssuers, tdIssuers);
+    if (certs) {
+        nssDecodedCert *dc = NULL;
+        void *issuerID = NULL;
+        dc = nssCertificate_GetDecoding(c);
+        if (dc) {
+            issuerID = dc->getIssuerIdentifier(dc);
+        }
+        /* XXX review based on CERT_FindCertIssuer
+         * this function is not using the authCertIssuer field as a fallback
+         * if authority key id does not exist
+         */
+        if (issuerID) {
+            certs = filter_subject_certs_for_id(certs, issuerID);
+        }
+        certs = filter_certs_for_valid_issuers(certs);
+        issuer = nssCertificateArray_FindBestCertificate(certs,
+                                                         timeOpt,
+                                                         usage,
+                                                         policiesOpt);
+        nssCertificateArray_Destroy(certs);
+    }
+    nssArena_Destroy(arena);
+    return issuer;
+}
+
+/* This function returns the built chain, as far as it gets,
+** even if/when it fails to find an issuer, and returns PR_FAILURE
+*/
+NSS_IMPLEMENT NSSCertificate **
+nssCertificate_BuildChain(
+    NSSCertificate *c,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit,
+    NSSArena *arenaOpt,
+    PRStatus *statusOpt,
+    NSSTrustDomain *td,
+    NSSCryptoContext *cc)
+{
+    NSSCertificate **rvChain = NULL;
+    NSSUsage issuerUsage = *usage;
+    nssPKIObjectCollection *collection = NULL;
+    PRUint32 rvCount = 0;
+    PRStatus st;
+    PRStatus ret = PR_SUCCESS;
+
+    if (!c || !cc ||
+        (!td && (td = NSSCertificate_GetTrustDomain(c)) == NULL)) {
+        goto loser;
+    }
+    /* bump the usage up to CA level */
+    issuerUsage.nss3lookingForCA = PR_TRUE;
+    collection = nssCertificateCollection_Create(td, NULL);
+    if (!collection)
+        goto loser;
+    st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c);
+    if (st != PR_SUCCESS)
+        goto loser;
+    for (rvCount = 1; (!rvLimit || rvCount < rvLimit); ++rvCount) {
+        CERTCertificate *cCert = STAN_GetCERTCertificate(c);
+        if (cCert->isRoot) {
+            /* not including the issuer of the self-signed cert, which is,
+             * of course, itself
+             */
+            break;
+        }
+        c = find_cert_issuer(c, timeOpt, &issuerUsage, policiesOpt, td, cc);
+        if (!c) {
+            ret = PR_FAILURE;
+            break;
+        }
+        st = nssPKIObjectCollection_AddObject(collection, (nssPKIObject *)c);
+        nssCertificate_Destroy(c); /* collection has it */
+        if (st != PR_SUCCESS)
+            goto loser;
+    }
+    rvChain = nssPKIObjectCollection_GetCertificates(collection,
+                                                     rvOpt,
+                                                     rvLimit,
+                                                     arenaOpt);
+    if (rvChain) {
+        nssPKIObjectCollection_Destroy(collection);
+        if (statusOpt)
+            *statusOpt = ret;
+        if (ret != PR_SUCCESS)
+            nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
+        return rvChain;
+    }
+
+loser:
+    if (collection)
+        nssPKIObjectCollection_Destroy(collection);
+    if (statusOpt)
+        *statusOpt = PR_FAILURE;
+    nss_SetError(NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND);
+    return rvChain;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSCertificate_BuildChain(
+    NSSCertificate *c,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt,
+    PRStatus *statusOpt,
+    NSSTrustDomain *td,
+    NSSCryptoContext *cc)
+{
+    return nssCertificate_BuildChain(c, timeOpt, usage, policiesOpt,
+                                     rvOpt, rvLimit, arenaOpt, statusOpt,
+                                     td, cc);
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+nssCertificate_GetCryptoContext(NSSCertificate *c)
+{
+    return c->object.cryptoContext;
+}
+
+NSS_IMPLEMENT NSSTrustDomain *
+nssCertificate_GetTrustDomain(NSSCertificate *c)
+{
+    return c->object.trustDomain;
+}
+
+NSS_IMPLEMENT NSSTrustDomain *
+NSSCertificate_GetTrustDomain(NSSCertificate *c)
+{
+    return nssCertificate_GetTrustDomain(c);
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSCertificate_GetToken(
+    NSSCertificate *c,
+    PRStatus *statusOpt)
+{
+    return (NSSToken *)NULL;
+}
+
+NSS_IMPLEMENT NSSSlot *
+NSSCertificate_GetSlot(
+    NSSCertificate *c,
+    PRStatus *statusOpt)
+{
+    return (NSSSlot *)NULL;
+}
+
+NSS_IMPLEMENT NSSModule *
+NSSCertificate_GetModule(
+    NSSCertificate *c,
+    PRStatus *statusOpt)
+{
+    return (NSSModule *)NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCertificate_Encrypt(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCertificate_Verify(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCertificate_VerifyRecover(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCertificate_WrapSymmetricKey(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSCertificate_CreateCryptoContext(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSPublicKey *
+NSSCertificate_GetPublicKey(
+    NSSCertificate *c)
+{
+#if 0
+    CK_ATTRIBUTE pubktemplate[] = {
+    { CKA_CLASS,   NULL, 0 },
+    { CKA_ID,      NULL, 0 },
+    { CKA_SUBJECT, NULL, 0 }
+    };
+    PRStatus nssrv;
+    CK_ULONG count = sizeof(pubktemplate) / sizeof(pubktemplate[0]);
+    NSS_CK_SET_ATTRIBUTE_ITEM(pubktemplate, 0, &g_ck_class_pubkey);
+    if (c->id.size > 0) {
+    /* CKA_ID */
+    NSS_CK_ITEM_TO_ATTRIBUTE(&c->id, &pubktemplate[1]);
+    } else {
+    /* failure, yes? */
+    return (NSSPublicKey *)NULL;
+    }
+    if (c->subject.size > 0) {
+    /* CKA_SUBJECT */
+    NSS_CK_ITEM_TO_ATTRIBUTE(&c->subject, &pubktemplate[2]);
+    } else {
+    /* failure, yes? */
+    return (NSSPublicKey *)NULL;
+    }
+    /* Try the cert's token first */
+    if (c->token) {
+    nssrv = nssToken_FindObjectByTemplate(c->token, pubktemplate, count);
+    }
+#endif
+    /* Try all other key tokens */
+    return (NSSPublicKey *)NULL;
+}
+
+NSS_IMPLEMENT NSSPrivateKey *
+NSSCertificate_FindPrivateKey(
+    NSSCertificate *c,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRBool
+NSSCertificate_IsPrivateKeyAvailable(
+    NSSCertificate *c,
+    NSSCallback *uhh,
+    PRStatus *statusOpt)
+{
+    PRBool isUser = PR_FALSE;
+    nssCryptokiObject **ip;
+    nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+    if (!instances) {
+        return PR_FALSE;
+    }
+    for (ip = instances; *ip; ip++) {
+        nssCryptokiObject *instance = *ip;
+        if (nssToken_IsPrivateKeyAvailable(instance->token, c, instance)) {
+            isUser = PR_TRUE;
+        }
+    }
+    nssCryptokiObjectArray_Destroy(instances);
+    return isUser;
+}
+
+/* sort the subject cert list from newest to oldest */
+PRIntn
+nssCertificate_SubjectListSort(
+    void *v1,
+    void *v2)
+{
+    NSSCertificate *c1 = (NSSCertificate *)v1;
+    NSSCertificate *c2 = (NSSCertificate *)v2;
+    nssDecodedCert *dc1 = nssCertificate_GetDecoding(c1);
+    nssDecodedCert *dc2 = nssCertificate_GetDecoding(c2);
+    if (!dc1) {
+        return dc2 ? 1 : 0;
+    } else if (!dc2) {
+        return -1;
+    } else {
+        return dc1->isNewerThan(dc1, dc2) ? -1 : 1;
+    }
+}
+
+NSS_IMPLEMENT PRBool
+NSSUserCertificate_IsStillPresent(
+    NSSUserCertificate *uc,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FALSE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSUserCertificate_Decrypt(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSUserCertificate_Sign(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSUserCertificate_SignRecover(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSUserCertificate_UnwrapSymmetricKey(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSUserCertificate_DeriveSymmetricKey(
+    NSSUserCertificate *uc, /* provides private key */
+    NSSCertificate *c,      /* provides public key */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt, /* zero for best allowed */
+    NSSOperations operations,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT nssSMIMEProfile *
+nssSMIMEProfile_Create(
+    NSSCertificate *cert,
+    NSSItem *profileTime,
+    NSSItem *profileData)
+{
+    NSSArena *arena;
+    nssSMIMEProfile *rvProfile;
+    nssPKIObject *object;
+    NSSTrustDomain *td = nssCertificate_GetTrustDomain(cert);
+    NSSCryptoContext *cc = nssCertificate_GetCryptoContext(cert);
+    arena = nssArena_Create();
+    if (!arena) {
+        return NULL;
+    }
+    object = nssPKIObject_Create(arena, NULL, td, cc, nssPKILock);
+    if (!object) {
+        goto loser;
+    }
+    rvProfile = nss_ZNEW(arena, nssSMIMEProfile);
+    if (!rvProfile) {
+        goto loser;
+    }
+    rvProfile->object = *object;
+    rvProfile->certificate = cert;
+    rvProfile->email = nssUTF8_Duplicate(cert->email, arena);
+    rvProfile->subject = nssItem_Duplicate(&cert->subject, arena, NULL);
+    if (profileTime) {
+        rvProfile->profileTime = nssItem_Duplicate(profileTime, arena, NULL);
+    }
+    if (profileData) {
+        rvProfile->profileData = nssItem_Duplicate(profileData, arena, NULL);
+    }
+    return rvProfile;
+loser:
+    if (object)
+        nssPKIObject_Destroy(object);
+    else if (arena)
+        nssArena_Destroy(arena);
+    return (nssSMIMEProfile *)NULL;
+}
+
+/* execute a callback function on all members of a cert list */
+NSS_EXTERN PRStatus
+nssCertificateList_DoCallback(
+    nssList *certList,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg)
+{
+    nssListIterator *certs;
+    NSSCertificate *cert;
+    certs = nssList_CreateIterator(certList);
+    if (!certs) {
+        return PR_FAILURE;
+    }
+    for (cert = (NSSCertificate *)nssListIterator_Start(certs);
+         cert != (NSSCertificate *)NULL;
+         cert = (NSSCertificate *)nssListIterator_Next(certs)) {
+        (void)(*callback)(cert, arg);
+    }
+    nssListIterator_Finish(certs);
+    nssListIterator_Destroy(certs);
+    return PR_SUCCESS;
+}
+
+static PRStatus
+add_ref_callback(NSSCertificate *c, void *a)
+{
+    nssCertificate_AddRef(c);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT void
+nssCertificateList_AddReferences(
+    nssList *certList)
+{
+    (void)nssCertificateList_DoCallback(certList, add_ref_callback, NULL);
+}
+
+/*
+ * Is this trust record safe to apply to all certs of the same issuer/SN
+ * independent of the cert matching the hash. This is only true is the trust
+ * is unknown or distrusted. In general this feature is only useful to
+ * explicitly distrusting certs. It is not safe to use to trust certs, so
+ * only allow unknown and untrusted trust types.
+ */
+PRBool
+nssTrust_IsSafeToIgnoreCertHash(nssTrustLevel serverAuth,
+                                nssTrustLevel clientAuth, nssTrustLevel codeSigning,
+                                nssTrustLevel email, PRBool stepup)
+{
+    /* step up is a trust type, if it's on, we must have a hash for the cert */
+    if (stepup) {
+        return PR_FALSE;
+    }
+    if ((serverAuth != nssTrustLevel_Unknown) &&
+        (serverAuth != nssTrustLevel_NotTrusted)) {
+        return PR_FALSE;
+    }
+    if ((clientAuth != nssTrustLevel_Unknown) &&
+        (clientAuth != nssTrustLevel_NotTrusted)) {
+        return PR_FALSE;
+    }
+    if ((codeSigning != nssTrustLevel_Unknown) &&
+        (codeSigning != nssTrustLevel_NotTrusted)) {
+        return PR_FALSE;
+    }
+    if ((email != nssTrustLevel_Unknown) &&
+        (email != nssTrustLevel_NotTrusted)) {
+        return PR_FALSE;
+    }
+    /* record only has Unknown and Untrusted entries, ok to accept without a
+     * hash */
+    return PR_TRUE;
+}
+
+NSS_IMPLEMENT NSSTrust *
+nssTrust_Create(
+    nssPKIObject *object,
+    NSSItem *certData)
+{
+    PRStatus status;
+    PRUint32 i;
+    PRUint32 lastTrustOrder, myTrustOrder;
+    unsigned char sha1_hashcmp[SHA1_LENGTH];
+    unsigned char sha1_hashin[SHA1_LENGTH];
+    NSSItem sha1_hash;
+    NSSTrust *rvt;
+    nssCryptokiObject *instance;
+    nssTrustLevel serverAuth, clientAuth, codeSigning, emailProtection;
+    SECStatus rv; /* Should be stan flavor */
+    PRBool stepUp;
+
+    lastTrustOrder = 1 << 16; /* just make it big */
+    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
+    rvt = nss_ZNEW(object->arena, NSSTrust);
+    if (!rvt) {
+        return (NSSTrust *)NULL;
+    }
+    rvt->object = *object;
+
+    /* should be stan flavor of Hashbuf */
+    rv = PK11_HashBuf(SEC_OID_SHA1, sha1_hashcmp, certData->data, certData->size);
+    if (rv != SECSuccess) {
+        return (NSSTrust *)NULL;
+    }
+    sha1_hash.data = sha1_hashin;
+    sha1_hash.size = sizeof(sha1_hashin);
+    /* trust has to peek into the base object members */
+    nssPKIObject_Lock(object);
+    for (i = 0; i < object->numInstances; i++) {
+        instance = object->instances[i];
+        myTrustOrder = nssToken_GetTrustOrder(instance->token);
+        status = nssCryptokiTrust_GetAttributes(instance, NULL,
+                                                &sha1_hash,
+                                                &serverAuth,
+                                                &clientAuth,
+                                                &codeSigning,
+                                                &emailProtection,
+                                                &stepUp);
+        if (status != PR_SUCCESS) {
+            nssPKIObject_Unlock(object);
+            return (NSSTrust *)NULL;
+        }
+        /* if no hash is specified, then trust applies to all certs with
+         * this issuer/SN. NOTE: This is only true for entries that
+         * have distrust and unknown record */
+        if (!(
+                /* we continue if there is no hash, and the trust type is
+                 * safe to accept without a hash ... or ... */
+                ((sha1_hash.size == 0) &&
+                 nssTrust_IsSafeToIgnoreCertHash(serverAuth, clientAuth,
+                                                 codeSigning, emailProtection,
+                                                 stepUp)) ||
+                /* we have a hash of the correct size, and it matches */
+                ((sha1_hash.size == SHA1_LENGTH) && (PORT_Memcmp(sha1_hashin,
+                                                                 sha1_hashcmp,
+                                                                 SHA1_LENGTH) == 0)))) {
+            nssPKIObject_Unlock(object);
+            return (NSSTrust *)NULL;
+        }
+        if (rvt->serverAuth == nssTrustLevel_Unknown ||
+            myTrustOrder < lastTrustOrder) {
+            rvt->serverAuth = serverAuth;
+        }
+        if (rvt->clientAuth == nssTrustLevel_Unknown ||
+            myTrustOrder < lastTrustOrder) {
+            rvt->clientAuth = clientAuth;
+        }
+        if (rvt->emailProtection == nssTrustLevel_Unknown ||
+            myTrustOrder < lastTrustOrder) {
+            rvt->emailProtection = emailProtection;
+        }
+        if (rvt->codeSigning == nssTrustLevel_Unknown ||
+            myTrustOrder < lastTrustOrder) {
+            rvt->codeSigning = codeSigning;
+        }
+        rvt->stepUpApproved = stepUp;
+        lastTrustOrder = myTrustOrder;
+    }
+    nssPKIObject_Unlock(object);
+    return rvt;
+}
+
+NSS_IMPLEMENT NSSTrust *
+nssTrust_AddRef(NSSTrust *trust)
+{
+    if (trust) {
+        nssPKIObject_AddRef(&trust->object);
+    }
+    return trust;
+}
+
+NSS_IMPLEMENT PRStatus
+nssTrust_Destroy(NSSTrust *trust)
+{
+    if (trust) {
+        (void)nssPKIObject_Destroy(&trust->object);
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT nssSMIMEProfile *
+nssSMIMEProfile_AddRef(nssSMIMEProfile *profile)
+{
+    if (profile) {
+        nssPKIObject_AddRef(&profile->object);
+    }
+    return profile;
+}
+
+NSS_IMPLEMENT PRStatus
+nssSMIMEProfile_Destroy(nssSMIMEProfile *profile)
+{
+    if (profile) {
+        (void)nssPKIObject_Destroy(&profile->object);
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT NSSCRL *
+nssCRL_Create(nssPKIObject *object)
+{
+    PRStatus status;
+    NSSCRL *rvCRL;
+    NSSArena *arena = object->arena;
+    PR_ASSERT(object->instances != NULL && object->numInstances > 0);
+    rvCRL = nss_ZNEW(arena, NSSCRL);
+    if (!rvCRL) {
+        return (NSSCRL *)NULL;
+    }
+    rvCRL->object = *object;
+    /* XXX should choose instance based on some criteria */
+    status = nssCryptokiCRL_GetAttributes(object->instances[0],
+                                          NULL, /* XXX sessionOpt */
+                                          arena,
+                                          &rvCRL->encoding,
+                                          NULL, /* subject */
+                                          NULL, /* class */
+                                          &rvCRL->url,
+                                          &rvCRL->isKRL);
+    if (status != PR_SUCCESS) {
+        if (!arena) {
+            nssPKIObject_Destroy((nssPKIObject *)rvCRL);
+        }
+        return (NSSCRL *)NULL;
+    }
+    return rvCRL;
+}
+
+NSS_IMPLEMENT NSSCRL *
+nssCRL_AddRef(NSSCRL *crl)
+{
+    if (crl) {
+        nssPKIObject_AddRef(&crl->object);
+    }
+    return crl;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCRL_Destroy(NSSCRL *crl)
+{
+    if (crl) {
+        (void)nssPKIObject_Destroy(&crl->object);
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCRL_DeleteStoredObject(
+    NSSCRL *crl,
+    NSSCallback *uhh)
+{
+    return nssPKIObject_DeleteStoredObject(&crl->object, uhh, PR_TRUE);
+}
+
+NSS_IMPLEMENT NSSDER *
+nssCRL_GetEncoding(NSSCRL *crl)
+{
+    if (crl && crl->encoding.data != NULL && crl->encoding.size > 0) {
+        return &crl->encoding;
+    } else {
+        return (NSSDER *)NULL;
+    }
+}
diff --git a/nss/lib/pki/config.mk b/nss/lib/pki/config.mk
new file mode 100644
index 0000000..2676cd5
--- /dev/null
+++ b/nss/lib/pki/config.mk
@@ -0,0 +1,19 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef BUILD_IDG
+DEFINES += -DNSSDEBUG
+endif
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
diff --git a/nss/lib/pki/cryptocontext.c b/nss/lib/pki/cryptocontext.c
new file mode 100644
index 0000000..0ec4f2f
--- /dev/null
+++ b/nss/lib/pki/cryptocontext.c
@@ -0,0 +1,914 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEV_H
+#include "dev.h"
+#endif /* DEV_H */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+#ifndef PKISTORE_H
+#include "pkistore.h"
+#endif /* PKISTORE_H */
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
+
+NSS_IMPLEMENT NSSCryptoContext *
+nssCryptoContext_Create(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt)
+{
+    NSSArena *arena;
+    NSSCryptoContext *rvCC;
+    arena = NSSArena_Create();
+    if (!arena) {
+        return NULL;
+    }
+    rvCC = nss_ZNEW(arena, NSSCryptoContext);
+    if (!rvCC) {
+        return NULL;
+    }
+    rvCC->td = td;
+    rvCC->arena = arena;
+    rvCC->certStore = nssCertificateStore_Create(rvCC->arena);
+    if (!rvCC->certStore) {
+        nssArena_Destroy(arena);
+        return NULL;
+    }
+
+    return rvCC;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_Destroy(NSSCryptoContext *cc)
+{
+    PRStatus status = PR_SUCCESS;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc) {
+        return PR_FAILURE;
+    }
+    if (cc->certStore) {
+        status = nssCertificateStore_Destroy(cc->certStore);
+        if (status == PR_FAILURE) {
+            return status;
+        }
+    } else {
+        status = PR_FAILURE;
+    }
+    nssArena_Destroy(cc->arena);
+    return status;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_SetDefaultCallback(
+    NSSCryptoContext *td,
+    NSSCallback *newCallback,
+    NSSCallback **oldCallbackOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSCallback *
+NSSCryptoContext_GetDefaultCallback(
+    NSSCryptoContext *td,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSTrustDomain *
+NSSCryptoContext_GetTrustDomain(NSSCryptoContext *td)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindOrImportCertificate(
+    NSSCryptoContext *cc,
+    NSSCertificate *c)
+{
+    NSSCertificate *rvCert = NULL;
+
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+        return rvCert;
+    }
+    rvCert = nssCertificateStore_FindOrAdd(cc->certStore, c);
+    if (rvCert == c && c->object.cryptoContext != cc) {
+        PORT_Assert(!c->object.cryptoContext);
+        c->object.cryptoContext = cc;
+    }
+    if (rvCert) {
+        /* an NSSCertificate cannot be part of two crypto contexts
+        ** simultaneously.  If this assertion fails, then there is
+        ** a serious Stan design flaw.
+        */
+        PORT_Assert(cc == c->object.cryptoContext);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_ImportPKIXCertificate(
+    NSSCryptoContext *cc,
+    struct NSSPKIXCertificateStr *pc)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_ImportEncodedCertificate(
+    NSSCryptoContext *cc,
+    NSSBER *ber)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_ImportEncodedPKIXCertificateChain(
+    NSSCryptoContext *cc,
+    NSSBER *ber)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCryptoContext_ImportTrust(
+    NSSCryptoContext *cc,
+    NSSTrust *trust)
+{
+    PRStatus nssrv;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return PR_FAILURE;
+    }
+    nssrv = nssCertificateStore_AddTrust(cc->certStore, trust);
+#if 0
+    if (nssrv == PR_SUCCESS) {
+    trust->object.cryptoContext = cc;
+    }
+#endif
+    return nssrv;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCryptoContext_ImportSMIMEProfile(
+    NSSCryptoContext *cc,
+    nssSMIMEProfile *profile)
+{
+    PRStatus nssrv;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return PR_FAILURE;
+    }
+    nssrv = nssCertificateStore_AddSMIMEProfile(cc->certStore, profile);
+#if 0
+    if (nssrv == PR_SUCCESS) {
+    profile->object.cryptoContext = cc;
+    }
+#endif
+    return nssrv;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindBestCertificateByNickname(
+    NSSCryptoContext *cc,
+    const NSSUTF8 *name,
+    NSSTime *timeOpt, /* NULL for "now" */
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt /* NULL for none */
+    )
+{
+    NSSCertificate **certs;
+    NSSCertificate *rvCert = NULL;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    certs = nssCertificateStore_FindCertificatesByNickname(cc->certStore,
+                                                           name,
+                                                           NULL, 0, NULL);
+    if (certs) {
+        rvCert = nssCertificateArray_FindBestCertificate(certs,
+                                                         timeOpt,
+                                                         usage,
+                                                         policiesOpt);
+        nssCertificateArray_Destroy(certs);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSCryptoContext_FindCertificatesByNickname(
+    NSSCryptoContext *cc,
+    NSSUTF8 *name,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    NSSCertificate **rvCerts;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    rvCerts = nssCertificateStore_FindCertificatesByNickname(cc->certStore,
+                                                             name,
+                                                             rvOpt,
+                                                             maximumOpt,
+                                                             arenaOpt);
+    return rvCerts;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindCertificateByIssuerAndSerialNumber(
+    NSSCryptoContext *cc,
+    NSSDER *issuer,
+    NSSDER *serialNumber)
+{
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    return nssCertificateStore_FindCertificateByIssuerAndSerialNumber(
+        cc->certStore,
+        issuer,
+        serialNumber);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindBestCertificateBySubject(
+    NSSCryptoContext *cc,
+    NSSDER *subject,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    NSSCertificate **certs;
+    NSSCertificate *rvCert = NULL;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    certs = nssCertificateStore_FindCertificatesBySubject(cc->certStore,
+                                                          subject,
+                                                          NULL, 0, NULL);
+    if (certs) {
+        rvCert = nssCertificateArray_FindBestCertificate(certs,
+                                                         timeOpt,
+                                                         usage,
+                                                         policiesOpt);
+        nssCertificateArray_Destroy(certs);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+nssCryptoContext_FindCertificatesBySubject(
+    NSSCryptoContext *cc,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    NSSCertificate **rvCerts;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    rvCerts = nssCertificateStore_FindCertificatesBySubject(cc->certStore,
+                                                            subject,
+                                                            rvOpt,
+                                                            maximumOpt,
+                                                            arenaOpt);
+    return rvCerts;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSCryptoContext_FindCertificatesBySubject(
+    NSSCryptoContext *cc,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    return nssCryptoContext_FindCertificatesBySubject(cc, subject,
+                                                      rvOpt, maximumOpt,
+                                                      arenaOpt);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindBestCertificateByNameComponents(
+    NSSCryptoContext *cc,
+    NSSUTF8 *nameComponents,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSCryptoContext_FindCertificatesByNameComponents(
+    NSSCryptoContext *cc,
+    NSSUTF8 *nameComponents,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindCertificateByEncodedCertificate(
+    NSSCryptoContext *cc,
+    NSSBER *encodedCertificate)
+{
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    return nssCertificateStore_FindCertificateByEncodedCertificate(
+        cc->certStore,
+        encodedCertificate);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindBestCertificateByEmail(
+    NSSCryptoContext *cc,
+    NSSASCII7 *email,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    NSSCertificate **certs;
+    NSSCertificate *rvCert = NULL;
+
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    certs = nssCertificateStore_FindCertificatesByEmail(cc->certStore,
+                                                        email,
+                                                        NULL, 0, NULL);
+    if (certs) {
+        rvCert = nssCertificateArray_FindBestCertificate(certs,
+                                                         timeOpt,
+                                                         usage,
+                                                         policiesOpt);
+        nssCertificateArray_Destroy(certs);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSCryptoContext_FindCertificatesByEmail(
+    NSSCryptoContext *cc,
+    NSSASCII7 *email,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    NSSCertificate **rvCerts;
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    rvCerts = nssCertificateStore_FindCertificatesByEmail(cc->certStore,
+                                                          email,
+                                                          rvOpt,
+                                                          maximumOpt,
+                                                          arenaOpt);
+    return rvCerts;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindCertificateByOCSPHash(
+    NSSCryptoContext *cc,
+    NSSItem *hash)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindBestUserCertificate(
+    NSSCryptoContext *cc,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSCryptoContext_FindUserCertificates(
+    NSSCryptoContext *cc,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindBestUserCertificateForSSLClientAuth(
+    NSSCryptoContext *cc,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSCryptoContext_FindUserCertificatesForSSLClientAuth(
+    NSSCryptoContext *cc,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindBestUserCertificateForEmailSigning(
+    NSSCryptoContext *cc,
+    NSSASCII7 *signerOpt,
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSCryptoContext_FindUserCertificatesForEmailSigning(
+    NSSCryptoContext *cc,
+    NSSASCII7 *signerOpt, /* fgmr or a more general name? */
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSTrust *
+nssCryptoContext_FindTrustForCertificate(
+    NSSCryptoContext *cc,
+    NSSCertificate *cert)
+{
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    return nssCertificateStore_FindTrustForCertificate(cc->certStore, cert);
+}
+
+NSS_IMPLEMENT nssSMIMEProfile *
+nssCryptoContext_FindSMIMEProfileForCertificate(
+    NSSCryptoContext *cc,
+    NSSCertificate *cert)
+{
+    PORT_Assert(cc && cc->certStore);
+    if (!cc || !cc->certStore) {
+        return NULL;
+    }
+    return nssCertificateStore_FindSMIMEProfileForCertificate(cc->certStore,
+                                                              cert);
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_GenerateKeyPair(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *ap,
+    NSSPrivateKey **pvkOpt,
+    NSSPublicKey **pbkOpt,
+    PRBool privateKeyIsSensitive,
+    NSSToken *destination,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSCryptoContext_GenerateSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *ap,
+    PRUint32 keysize,
+    NSSToken *destination,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSCryptoContext_GenerateSymmetricKeyFromPassword(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *ap,
+    NSSUTF8 *passwordOpt, /* if null, prompt */
+    NSSToken *destinationOpt,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID(
+    NSSCryptoContext *cc,
+    NSSOID *algorithm,
+    NSSItem *keyID,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+struct token_session_str {
+    NSSToken *token;
+    nssSession *session;
+};
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_Decrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *encryptedData,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_BeginDecrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_ContinueDecrypt(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_FinishDecrypt(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_Sign(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_BeginSign(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_ContinueSign(
+    NSSCryptoContext *cc,
+    NSSItem *data)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_FinishSign(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_SignRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_BeginSignRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_ContinueSignRecover(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_FinishSignRecover(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSCryptoContext_UnwrapSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSCryptoContext_DeriveSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt, /* zero for best allowed */
+    NSSOperations operations,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_Encrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_BeginEncrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_ContinueEncrypt(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_FinishEncrypt(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_Verify(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_BeginVerify(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_ContinueVerify(
+    NSSCryptoContext *cc,
+    NSSItem *data)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_FinishVerify(
+    NSSCryptoContext *cc)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_VerifyRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_BeginVerifyRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_ContinueVerifyRecover(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_FinishVerifyRecover(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_WrapSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_Digest(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    return nssToken_Digest(cc->token, cc->session, apOpt,
+                           data, rvOpt, arenaOpt);
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_BeginDigest(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt)
+{
+    return nssToken_BeginDigest(cc->token, cc->session, apOpt);
+}
+
+NSS_IMPLEMENT PRStatus
+NSSCryptoContext_ContinueDigest(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *item)
+{
+    /*
+    NSSAlgorithmAndParameters *ap;
+    ap = (apOpt) ? apOpt : cc->ap;
+    */
+    /* why apOpt?  can't change it at this point... */
+    return nssToken_ContinueDigest(cc->token, cc->session, item);
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSCryptoContext_FinishDigest(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    return nssToken_FinishDigest(cc->token, cc->session, rvOpt, arenaOpt);
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSCryptoContext_Clone(NSSCryptoContext *cc)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
diff --git a/nss/lib/pki/doc/standiag.png b/nss/lib/pki/doc/standiag.png
new file mode 100644
index 0000000000000000000000000000000000000000..fe1aca389a4d03e05fb4e3e5b7fbcb4e1f180419
GIT binary patch
literal 20475
zcmcJ%1z1(l+Ag}lpi3kK=@My_PEooWX-O67Sae7W3JM5FDgsK1h;$<z0s<o42uOF{
zZ{gl|@BN>9?|;uZ&lwMo2&}c{m~)Qtjkm@OS5uM2!=}JSAP{)+a`!Y42=o;M0?i&1
z9e$Jg0!tFUU2v9?*TTfa9GOy`L?CDp^7rm&xhMY_^YXqrFeb5HoYaMP1=IA+#iZ{c
zh=4FUviG+s&^}(qEY(2Q>y0Oj*?p8R9Z3I<@vTl(eg8ZE*8X=)Bp2%y)Hvy*9Xwbo
z+Ze(g(W=R#GqZ}8OKmcG9h~q)9T`|#^>lZ3TUzgJo!*U4NxWsvT<Kin+>PuZM0M=E
zEpc<7ISXF@HFyDjl%x%;m&D|GY=npU8!KTG{Oiw27lsDkjid-sFR2Kky$s)6u<qc(
zx5X<@$>G~~ri(oAEnN}Q48BRm|4+OzW{?El(t~^X!dAnS!$SjN#6&>qe|#pn3OZrS
zaPHdduj(Enh5f@bBVF^?ylZMQ*g;PkDv`#A6tC9ZoeXuIWlchH5mK~aXlf*-Z+FN&
z<bGZ(yC@?iu2{>5p@t6~bu{$4Lw-51ez;E1WSu{8)#(=No$w&#GM`(0o;EI_<Jog9
z82E&rp!cnHd@nY_Dzh4=2t}?=I}%Un&3&5YK0I1&U<jBoYhv0|tH=%zGLNO|#lS9K
z{&adVZ*efG+P#)n;767{PP!&shxai&uhv<sFqjmR>D(Sh4$OShzxh=>R<L=DPII^6
zSJ07aK#Dc?C5NhP3P;@iYj6RL9h-TaN;b@JHhgRII7y?fHB})GV)u-4+kY|m__(SG
zN0<5CA73R!T6d16g?Q~Z481q~^G5sW{K7R!EI8tiW-mWgf_sclrkREs=KeTLQwO&k
zQ<FG3jeR4Oa*9gMb)496A{(C+>sgFMlL(}}TxZZAVs2=_9&mvDj-RMcT;4$TH$p1c
z7oBd5((}pDj<x}!4RtXjwXWa2H_s;bvx!on)UPT~;TL~J&L1jsVZ<g3igdK7a<b1)
zrfu}ZI0JS^uHEBCe7;L~ftDaDg(sF~qJmQO<)`qdt%T#{!W(|=2vJIeQ+;s^Vzy<3
zU4HS=dT}=vb9oTq^dxQ0m$^4RfeY4tYKSfvbJ2KjZtRGVRE=h|NF?@2L`n(Z`U^mJ
zJ}9pQ+4u3QWBBk2M<uxzzb!VAo%~8|U7$I|SgaBsbxee|-O-3UjHsJ-{Lnfx`)Kw1
ztw%xjQWFXdrq6<^*X`K;=!x2~d5a4?!jO`<c<7C!&TZ+ky}~D!^0Q*Y4l`Z06N6HW
z2l05OtB+)}@rioU2Y->2H?!f7MeP<>aWN&ZwoQD?bK@de?#~S)5$I^1aOoN7>ZO9)
z9-|>#7S4R}+K(^9%fYbzj)ThrbI1S1|IsP*zdZN;@kZu+Ht6f5!9V8UVy4A-^^Ix<
z)IC5T_NlX`ka(B8Yb{s;>nA4yBG~?(66aeMr~`Ez$P1Fxp-&72X8%yV6#a5<n6Fqa
z<qn&PKdMUjr`fF6W8X70aW=m?81hbm)R<{p|I!bKzeU40_MxP^F^)Z5-!!hB|CNX8
zI5_9U#4!Ogq;II9iL~HME8h<75~|SnKipQK2yMJWV~>7+a!4M!+gGmWp>Af9hfjTF
zeM&u@ksFE=X3Jp!!QP&D9t};AP8KeU2m5{Zu`+`qsp}GUqi1VKy-tbaeL*;>x*qO3
zxFIp{G5;^M>T1(*VOg2p<mH{69c5+ZlfxYxe0(>bvG3pOj%uQJ#;Qp_*BDwp8;k$x
z)Rf9rw4k}-u{$ps=EE^m^FvfZ;fHL2x%%{R>kjhevKQl!wMN0($1htRGtGEOU8F=r
zZ-4Ai()!26#vY&f30|z+8~4JZYk5J{Xj9dU`f9h4l6&xgZo>8I59YT;TY7J1ZAoqp
zQyNnf*%-Lu2Mia6O}#IyJ@xE;C(Xyl*C2p~z|@nLmM$+Z*B?U1JSb3(E4p3&Oe5c7
zZntA>us-pnst`T3$oIa!&*m-oQgXGvCk>5_Sacg38yPasmxc;y=osnf0`~ZjR719j
zL!&!J6UaUNU%q4c46}NRg}+;-3%vQ3X^#!%M+TFe-cvE0*x#(`b{bILuL)Yy9q*~C
z+^jxZ@z_Gf?_SF=VVe~rElT5=-|1JCprWGca^?w^B$+H;zIms~0?D70Us;(%c;)KV
zCPQ|(s~u1H<KyFrrFeOHt-6yxy1H(M^8U$d$-dcF>gr%M<XXyM`SI>jV8)oOG}nF8
ze0SaT`LHTcN(I>`N|)|!H(k7RiS8~QqK+ZrTZ07^DJdy^7*WK)z6Y*CkbQ@KK;`E;
zzjhHFDX#lZm@;jbyL`1Ng{GP4!#?KaC5!tA)6J%Otsd;pM3LlPLHO5LT3Nl0jTOB9
zA~F&;fBD@lYWoRR<*aA}KO~z&sp}t8Q;s;Eg+SxaAM|?_v+Uv120Hzxt`If-eDbxR
zfKv+d)`yD-L=~I~VNGlBNIz{Af#eT|kgsCct6@2Dk&Oa19{gp|#1{~>w~B|W>?g#f
z<gBciLt^d`4OB{=Wq;`Uw)?m>j`*&h?2~*^&dlxUR$qS9%hMILwY4)dGcOA9Ogk3e
zyI;+fx0h+lW>H&^RQ$UAr{W#1`&#*}dr|Sok6UTHt7Jm35c@JQFkBGgc~#`ZKALI5
zU3mWiwxz+m&rkto!%#u-W2uP}b}_u|SHVNi92)qh6sw21)`rz8D4VfRZ|1$L5*dHv
z4^1vBNexFS7Fmf2UFB|AX=tN)TZ7G9mxldru1Zw{&Ocs?Tb7|u798?JNM;tm!VPpG
zp2-&zvfTH^%wt~>$E2iG`<?lI%ejb1w^vfZ-I7|aK<wW_y|NV-K43{w1sCDp38$HU
z8-D5kLfuy+N61=5>CPQAC<Sw-00cbtosyRPypLI^uU)(L?b|oF4z%G>epNo$PG$%T
z{|NjtDHU9QVfYN%3nutxH;nG(2?^ZK?Tyz^a2xwRCh}R!;7MW*Pg2+1++0vJ+*@3h
z1Gd8jwbs(cnW1L}?4=iJj*oNUYNg}(*=jPye#CD#oa`p<I10OVsG-m{YLojjm%|6!
zd7{=$S6iD$qNrJv=k(d$Tj|)$f(iWT-!{?*?nm8sBfNvcXtUnEGi#2#23?$_`ttE6
zu~TLYzq3%L1;zrA<EtM2(%TaY$t=ubVn)jq{>O`HG66KEYZ5)ehcY*0?-81pjwB{0
zq^44TTe@&cV4L$s4=pXS)UG{l1tXf6_~9Z$>gFnDEuBMfGCAOzxf!Yr64!W!PZrk#
z$ybxaDf=-$X3r9HezGWHksV@54)8ELPWn<9xySUK%O>D5>h$JnoT!iN-<N#!y<1*+
z7s*t-N^xoW^tsC(OR*liyW1<8nUk<rYn*qg$gUv+C(VAZR;J$;6~Ve4$gh2=Ahff}
ztvW%NY{QDFKfX`VYM?&pv9sd(hSKBnah#emJF!TkzM2^#vaWD|(8O+WxDpXY+x)nM
zSBR(7ZcHOjd~)G?R!&rs@SoMRSiEnqSHu(oYTQD~;oLCa`}kb+_4Lqn-rdGzrIVy(
zxr`q1LRkG+vM$xO6E!$$yTY-4E;G9a^@Io;dgY^UB^$7lqW*%OA|}#i?X@D-a3d=O
zJ|EXw@Yb#3va+A1+@@++lIp@<ZdcfxpMHLEv7OKUp<qdH48hI2sPW>GNSvXj1glh?
z_3vfHAP+M{?0l#Y4>d-TUaj%e>8A9iL!7T)1$y6Nt}=;Kfd{)kYA}{8va^J|5dYcq
z=2Ki{{;XBFc(@#GPr*FimyfUHkE-O8?#c2U9x@6pgrgA7)y(2#^72;qJG1=cVfuRC
zv!v4RppJda%@XoC_LP|Jk!?PW=z{bkCs)S+!qs`KIivb9XT8zqz7->b!?rTl_%m_m
zu|?^TmVJA<SXQazp^X8_<cQ$?2P(LioO|z?z7>yRy(8u8{eoXx@Nf!~pinw^zMJ)x
zk?fPPeD<$_&v}(r9BcJI=HxVp@|dNFdGWKcDK6{#YkdCv8UMN<tyhsR6rAku1J4Cy
zf0A)#h@;!)ta+1P#P`AeZ8$roGx@UJSIT<<SH#l7f|f;w-MSflpDFl?`g>6k`Nm{&
z>yCP_Y(<l$_3csiD7Lb@6NI%YP8ha11n+`e#^2wNKXv+j)ya&pa;sZJHC6PZD~F^C
zi)w0TTbud^2ckPlZf<VY)+}_4H*Uzi{pEhIc31tiaFCdQ;%3RfOu-!rm_N?Dw>D%B
z`r2{p>J2-I84?S&Nd4pA$$trWMSMXxm|t6_AynL>vcz4aE$oxTJ^$nf**Q5kQKRB1
zqCFhV1ja30tS@sry<HFKvbV6Hgs1f!Ns;epQ<ui{SfOm}1GA{3foHc^E(a<go?(CY
zFq2e%s5xM-$rNet<QzHsOJ~xwK%^l`dh6#mRAF2qBx)LU?h$*l(B!Z3Ryo-JDclR!
zMLw2hGS5gfgu9Tl88$XH;L{tj3Mz1RyQe2dB)PBBh*L|aDr!C`BP0zHST0LaiN7J9
zDaw$p<q#H#X`DH1s!Suk;NOm_f%yL_jA}PonrBocMo$WY%8s)Fk<L-71$4>dILKNL
zqMs>^znaF}39Bs*r_^q;fAx$#p?`@fNktlQ3A%X`-Wno)fPr))9Q;b1_V%ua6W+4*
zm)JL$PktD6Ow|x-@XpDL6=W!0k$J(mMs^XqE}8LS<#<PD=RFvk*zaeXMk`!9X4<!h
zr{gN`X`s^vs4l(qH|AYqw>4f>Z}q+Zon1aKnK2rHx+H3hEFpZ8(?w`%AADQ|GIAx}
z(!3PVtO%gVz~$}3aBka^aH=}_xGL`25SrkDVY{;<&wpNs@k62DBA#i$Sqc>L*4$^a
zS9>8>tBUz<VMC4L7G1=R04gTc2!pV6h7I}cJ2IYojFwe>!<KWLkCgTaZ`ohWC{+FY
z&Fn!)%=!u=q14I`N+;W8jH`ZbucC9`SNUB)mY2qo_I4Qc$JpyB{`O%p^Yc-bpr5E6
zbnfjTspi=#3+rp@+xk*Q(mxhH$HX6O*ou611%bt$Nb>Ne0Ab#BYZctfadlp&jz{ka
zS%rAS#KgAw?ziQPzHXf14vikMJe(L9OQK%;TAoa`5<6;qNVJhkh#a{hfG4!J(HAAR
z)+isF<hp=u785^)XW=d?R3YNE`f&3jp-59_W%&!3N^YY#v~yI`r*^|*8Vv^tZ94;m
zPPs~Jn%RZvO}cur)glUA#51d>38z`nBtgkK9%tiKEmCV7WO`xIw$-BQ75i5!-U$?K
zS9(lK-)hSb5lA{>$HTZ*Jsh!mdOZO?zMCy@i@4)Y5koSY|FRg1CF>ft`1lA0Znd}w
z*72(rW}VG3TtWGo+x?-+(%Nuy_d@jE2AIwXrlkZWlQUti2xsOsAHB?o|Ly4DUx_o6
zDaD^XTD-B_<h7!axy^xfpYfC3FJC;8o^Uim>3!Fha&e;m2e1^;*fUg5b(t2-IvS4?
zX%D%Uv8m-W8Q7*xd%In^9B0vT!d+(e{6~a-`!5`uyVF<V9XcNPtd!GOdBzK^5pC?!
zVU517d}~uu9xpPEi-B~_O2*qcSS*gAHSJB(Q!tmYXa23s?o(TJ(kJ}qF{xndjR)SE
zT8Xi2pM!25(9Sm9crI}FMH%B-WzBELk1ak#-I*bK*tFbI8UZb>@|*sZ>&0*JVLkH>
zi)Pj_J!<y~ApVSuTC?%>*z^*{BQ&C8kx?%|vW`l3;*2NZ9cl=-<<~@|Z{JoFygeaA
z*&2?9NSiE(QHn|y;(^8T@r?_y)bSN;-_7^l)^N)*cIcI_CF7w$jOuzy$Gg41uaX*-
zrptR^5};UaPM@dFGI%)Ngtjz0(i;_KKqEXP+~LJvmE9@|peq32&}V05n~c)<ZB8*y
zon!&lKTXQcDy)grcn*rBH5|y=Ro<6Iij!6q>(snr&gzz^4n<#cGP96vd*@pEbUkxC
zme#x`B~nqWU`E-kwyqk5X%Ms$wq6N*p|HIDfTaTy6Ky;zrzdH`;V>XFGIDy_EU?}m
zs+jbH)W3gw3U!F#+Ujk|*t+)cBK`c7loTT)qd$NC=;W4^md3}uzfMg}ef|0q-o$tB
z-W~3((OkRsh&NnN8sS@Kj-C<CDC?<`8T4ugRfm?=OOwef$BebL2m1OnOicWK_hnKF
z*xd%k!q4yK;&R+`c1%DV6wYf}=U*R)K|sz;D=se1%xu*fO(!oekA;O*I_75J=~>bH
zP;2@|9my{(zH5S8FDsL_V!ikmYZtb&EXK}P)9n;u^Wx!7D`#6<TR0eqTomW+#&VKU
zR%>f3lwnzE=|rWh=;-KApSXwmJiWY*4iEEmYzzzxbai#Dt*vEI4TElWWw>}09f+8S
z%i?z)^XB)Nna`=kggH2rYsa)|umF;kNf^7XixsvT-IF^Y$`W8&CYldNQwu$HGV8S3
zDtBH`NfWm%(#y%sy{{`4SkG<N6joMNM#Lb)$if1B_}1La%*c38Mh2ha_QT1#05jy!
z;Nb3`(g|1!`2_?_%AMw#pHt%D;kmlH>J}PTyZr8h&+JYSL9S2USs3r{?{A5sk#L-D
z5?L*~FvP|6R(Xd7EiMM8EUZHeELpj^%Z&sQq8^*GyMIO!C7(UGO_8YgpfiDom6cWE
zbR$YOikf4sg!d+@Jwv{1oci$bV>uk;U~9qV@ng7x%F55bnHA}=Ckfay2SGo@x4+*V
z9v&{X>H?OS7FmM6c1bH~2?zZq{q29p(`YwZvYpK+C@GPvqvbY31w9gHqX$-Ua&jsv
z-S6dNn3dn$wi^}1OQMHMVg=nXZx-azaI37Ys5mU{5zqbbLC}5O)Y^I>OF4<(_Ll`W
zIkQS~nQ8sgs;a7=KlSo&;ufIiD3gSZP|Z2IX(2~8RhGN|2r&5`hJMmx?{v75n!<Q}
zl}!@eq%*u|_{m!J-uP<{1C?aKdc(=5fq`q4Yc=<att_prv){kJQEJ0=?YT@ArN_bM
z9De8w-0--#I2zymsg0Qy)f8dZr5_(HJ6<cNiV8_c_?;dfw5D!g+U6VvS;+UZ*dcwo
zQd*NsYU*COvfR2w41@gUdVX@k?(VMZ@?iC5J6k7L+H;wi&cs_}T*jh4hc07yE#$Z%
zKhE34>24{^C14>VrS@mDF{&@F3pvfUzRXmN7vJi<)$y7mA~NzvMV2@o9B=lG@z{*$
z#yf>UGAJn@?l$rLvMT18QdCn@b9XPR+Ijfs5i1ABSeYY(W(-`VYqzY}^*+(wzO6M*
z^(eQpvNA7kWwJi761m14ME<<Fg~sprU?Gi$*CK3C`vPJZkSx~eQSF%s2Z!xwnd4g3
zmWqzf>%jrEVeb07YHHtqeAFZWc&J-6QHkUFFuS_?q_p;gLz6P5?TgvBXUju{HhMI!
zU%q^~N<zZJpdgd6u~&QMqpKS~7>ADVsM;Ac=*%qn^hs^GVo}D`m5<H>jsYCjsl<6w
z^K)^r<#8Ri<+H_b$N44;YwNX%+KHnXN5ShbZa6qOSO5IM!^iiX3MPB@?3p2p-G&zk
zFn-4~G{7Mq7Y{cyGz{k5*VNK_@0y9IGa!u!E|<&7&R&?Ge{4kM<FMPL$Nt)&)b5cH
zRdiQd42!dq6AJ3mh_ladcc1O}U{2H}5;JtP<Q5m-5)deT_wFenul;xx+&v~nMt76E
z8b(IOC*xJ+A3iKjh0=)o9ByyUbx53S_ltS$E^?w_A`IzRnki*6diShDF{Tpgq{HuB
zeK#P=W8%H>?PPCaVtkyMis}S)HDDYWlYX#)LYA$P@~haor!P~HfLb&mI@$s5`Hvr3
z`O9;0si~=Wl>85ka8km<!uEFx{WvVTa&-$&*Fz<=D#U%6Sy_Kie~VaJL2>PzSB?qo
z8Rji7c+6!aPJXLipgWN+v#&jQeQ?L>?DRz9?ASR!cP0)h?8B3{g8=(Nu|=!5TWk=8
z@82^@OKcS+{N}`RGHY^}Z+d7%6g>>%J$w|4=f#?n>5o*Fc^I?(S<1`5e|xMHwS0Xt
zOrKBaM?y*Ib-4Z8V{1MxKK^XQT0#UW3l(zot!rl06;je&P)=-&aHtlSmVSMC6!SCR
zuJ&ZNxmkv3X~ueKX-OuM{Ovq7k1Ft;dlz|hatAs*%nD3u#jU%OS65e$kG=14S4l}p
zL8U5nm}-C;*PSX>SyACx=Z~hZt5C7NzOHNRA-$}>SXW{*#CVZsviKY#pA(0#@j^T>
zVJhAJ{DRpYff=%zf*cou>N8~GSM4;{E->zXcX<inF9?gITB!PdPG@lpJw5$<Ci0;l
zKVswJf`fvN|JeKW58dL$<$Q0;=9c^Y`}b<Ey~~#_+5Y<SyFHH0OaKF6d!PMvAF65G
zx5_{ukZ>AMEMA^BC96n1xcXlkr&@b@qN1XZK53LRYU2;aErKttzV>97rPZN$d86+u
zeNZG!^Qnelw@ROpueN;(2t>Yxl@%!&s+qrnrB^<YCB);?OTAD68s;F;{mH<*J*o+@
zhUNo9%9cHv$BmxsG&Yv)8g^|3A|wWWkE&(Iw}r&uWtNtf@D}50&yrcGFYgMw`4Jv;
zD0;EfMcml=UGmHf$3vzlaP6QmHWR<w`Bcx#!dB&eyUzq)^t7GI!fJVlO6MAdR?;v!
zV)mTKgkhQ`B$Gd?gc4d^T`iOGa#K<^syC!@?x3+DzTyR^$I6T&M`&qOXlc&&n@W-E
z(^oERgjg!A63ySf@I56bCkL*Rl-xgr8@aadL>}{ypJSlV;a%fxvMcpUejh=JC%C2V
zeoKE*F=g3d!s6SF*`u+WtFPOiY76Fyw0x|oNhR#-?WG&?MU$igv4`org_#169xskz
zR!aEfcXrwsO2B1Q@ncL_=}Y}c?i44BOsmGkY|+;I_qTV0qAOP`6yxB=KY_8*;JB7J
zFgz&nA)YuUKE4#*3!}rQ?G@9z%O+(fq_K2#NCuJdv*(sQTA8|SAXMCHnw^_#t29BV
zQ8<}Na`riKUI_KvLj4ktO884wR`Y=tk@4!OO2J1Cvv>`+Sx#yvfu_5KNgs@g6--Gs
zf7ulJY;_4h2jjWjF%Z9ib8o)ujIZ};;bW4V)ELC(9si8Y`kXg7v{?Jy@oVYbNty9m
z>9=?0!?AF1jyg<Er7&4<-URI6T*D=L>X3SWT!IqGT52(fqr;2m7(+jENM?EI+o=6Z
z8%w=2m;8L^$;f))cQY+f5__Z0mjfTb@M4Y$8|Ph5y+X!|c^hbe@hFYn`l)}TP&OHx
z##^qr0?CVCWG5Mb;>r2C^<5wkh2`WEEO&W%dAF>)q4p8h*kP$VSE#`N9!_fbwyM7`
z3{b>*zO!iLPe(jg?a^wb*y{|F(Pg4Js)oHI52PY187*Dy)B-8K(}R<?+j-&dqKPxE
z2aeuybXYU>KrU4XtsUhV5!M`8x6iNo>MD)~*-_UjjEY#RM_e3K-m)+96yk||PAOnq
z<-W1ln=#Y;JU1^-NnZY?VXVnbF0M2YWWm7WuC6YlO1J#M0rl5+i#+h}&ncFbYzAUp
z=6M$an8m}Rym3lWC9-PNQj8Z@!+LshHMoS%u{_eDV`}$%@nc1-?69OY^fhgj$*-e$
zM!8)lZ!|fRwqM;Jc`Q{8A_g4>{&j#PGB!5LKa0$D^Yk8+jxfc~tLEt}$Eb=6*$lGh
z4hRDjAdooz{_yI?P_GD`@|#=VUw(>3MoG!M7|m}ystJgyJ8V_?P3=CEoBA_1!B3Vu
zC>mzOt5>g}dTeew<u6Z%mZi}QJ)m9HjjGXVtr?Z($P@l#{P3IkEaL$>)A5rJGSHW7
zK&VmThYtsGw1cAKO?*8Xg0RjGhia=>zY`diInXgMn1c}^li~R1SBVI6bvvt45&7PA
zwl5x=wSQQOSRh_{XlRrZd-ZEo(!NySb8>adzmh2o1*~oEhMnAY{m`1&ZXo3@qZh1G
z@YKDRo_qi`!s0f?P~LrKKu(<ZKQ}$$C!i5Oekn`s@uy@c1ozssWm`r6=;-keO;sp=
zL{e~8Uu{QT$His3W`23#uocF(svOsn89T1qfJ~aM;+uM|RkmZH9axz^Uusrx9ecYD
zCz2@T%w?}-j-$)fdC1m?pb6<&4An};vT8yhKyi#@v3TO)BV11BK`#$MaaVp&_PK?4
zfO`OLDPliL1z4tQ;#2Zu_;Y%Cy6wo<Z!IlntH@d?|8LlXk7^DN55Gl_wS4;q-3ty0
z5r^qu;(K6OC&T?_)Cg;;Kr*d@jOeL>YMa>ls@c6E3Hnkr?)9A#hqX)PfAEk7X%!)x
zyh*5q7m6w0Ed$)vjxmh71EHxCoeG2YlgN#6zH-jE<9ywPXLls%b$mo$%bcy+_~L1a
zu!LB`YPCF=F9PG^_+ZP+)06+nPwpo_Kbag)ld-5IN86BzFT%J60Ii^;G+N_R+56BC
zhPuSrL65}o6v2s;X|2aUvjB%X{S}XEz8TR(MrVFbkNrIv?X$)!75RY|q%ST{mj?a*
zYZ#jPhJzY9RVsq&Wy=_^cAh)rQ?BJdt$cMq&0%nURC+Ws)~I-QIq%li(^AQ`o)G4H
zxGdT_I=sW&a805NQ+Og@GRW4PogS5xlyKGTPXp5thoyu-e4mz?IqTCW2XK_y+S+(m
z74N3`9{z?Gf3+L)JUMigl6&}YF$2ctN^uV}GxK93KH$PpLy{-zxIV0wvX|>?i*7pz
zzrKI;&VIF6Z(z3u!<bzmu|gz~Juxv6%6JeV?#;HRM;@ltchBlD4+Q1e>XTkoe=Lrd
zopp3x+bf{3bux2*PQkY{hMX`0e+p<206u*alb+G`_wV1&&d&on@Pg@3aa8|e%uWJ;
zh%AlIw#nI!Nq&BQXHs~0_@zsif`fzA)zyFLs2UWM5^dWDJ1dV5jB@aKpRGRMvufC(
zS`EoVj+QKrzQAtWqe)!dKxq4ut1F*lgkM`t?zb&kqZiWrd|~<lQyK%<0pq+o?VJao
zX5;!~y=InDqNs<HzW%SKaN@Y!!1(L<Ex-G-yR5c)Gi0NvL<R>3o2zK3sZZfzaq54$
z0eb6hlD?S6;i|&s{HU*0KvG0bZ66`SW6T~EbhXeh+K{$z^@5uPxR)DaSy3OpIiF;|
zI##*2zcI5`d*<uxyahiY*T$7GvGDOzg`DSMH1)$utEn0D>eY{r2_nEW@(Rvdem(~m
z*V^*3GpB-zN-BU?vAxk-Ub|14IMXSb!YH5~-Q?h43c8AN$<WkZsLnR20XG12*Oer&
z*5h~TeD`i6iilGQZ+{~*F)Vko>`4{t9#CTLFLRuMNiP#cE#|$y4ulrQ#klX$ABD(i
zf!nu#3=9|n2!Sqq{kq!_jAPxCS~C2kAeV`m`2~%HI19@{00wnfL_|y}K4NkP>@gIK
zL#JsE-?#yMUjo(A2>bf`x7t|J0KEfpRE*~w7#w`lWmP=9QsL|1;Gm?W^yJAC0E-qD
zv*~vN&CJZezdQo<frP}8HxW3Vk>4ZB;$h(R&}{h)pp?To!EAhU-h_pP-y|g!!Wn`8
zI$puV!otGDl$o8KotX)QlLJ^&uO=Fz=G>54FHa^90G2V2V%@8T^JzXlKC&;am%IJZ
zH!>OnqMY>R&C>ER{0np!+Wq?H0=Sp&8X6ix_mq@6VF>{`)xE#J-`S}oYD0lYK1Z!I
zUExG*f`Wo9ETKDA_V!%;QBFHc13(;Mz`TC_8UQg+?yn^!_wxs900yO|R#a55=@u|D
zF#$nfhX#xDjT<+Bw*!oYA3-Mho_^=TW!$i+DC<L4xCDGcGLSX^kKo@iSX+1Z;5S?q
zIyyR#Q=n}Rr26a*!@%Y=s&M)CjATg*7jc~AoSLw`?UKKYKH2kE{Z%YFgk%pj_-jAj
z4uQCUNVDWm>gedeqJ#AW(l}}_(ojnE{tFmVR)SbtAbGc^IYaX2Hn>jbLK6a!cn(JY
zid6IAFY^iu3qO32Th<So=}@g(zx4e1^Pp&;e5~q%a2SL|h&7A6Rf)cd--&C!4cg`r
zaH#xyMKz}@j0gm0XyXGI3T~BMR?an(r|};3qnJ72ZQ(!~$+fP)WhK88nO5$7u$g3E
zBjmEE#)M5q)TEcMW1E(8k@jM#cE)Wdbb~vYrF<06ue|v2xWsp7K-YNiUY9g4DO=8k
zGg*nlmqGo@pxwz?@g}BvZ^}atoN_*Va0fJ(k&zL1!|)y<IGN9r$qDCRvP6k)hP^=x
z7_%EXOwSAp4}bYd8>T7Tc+0{_PN4hg>9iTW<X5lGde@(DZP7C`!<4R3FZMha|KWmM
z+S%Q$0VH*E?T1mW%%i1?UxVB8O-uCswvr~o#57{sZhLM&j3baeG4s&nCdX}1)q;^1
zM#RvRYHa^cV+mzqfA|2f<#N3!53L>$Kmoha4^o7ahIf9IMa~x(RWj2-*TRLocJr?6
zpm7QP!;m7;+iLnTG-Oiaop{7dHw)|*)Gl)l3L&TWQsr`J^tW$s1MwZKAoZ2glDPPR
z0Hxz$<|QY<=p08*_*6Y22GX-TVqg2`P(@Cz6_(wB916rf0m^j2C-PalbLS4xd7GM=
zYS)%ihoWfw$uyuYE}s4VtLW(ThdzipE}pHX*w?SkW~n6A>7ORFx3_~x*V-y)^_4uu
z^YmaL_`PyaP>|@+O7YDf7>Hwn7-CHgji+`fs?-+VyCce@WZmhtRxN9SH^z;i1qBrG
zgD9*=1@%^7fbxlI7vcAlC@J;>!zU**a_U>=-|;RW#z8DXmHIn%b4}bg5_uLw&=6eU
z`GY@s9-O%39ba!6Eo$^sVB|2yza#vC8t?i0jKN-Z@41!{=Bc5Vj@6V*e%am%x8eb!
z&I?H8b$kpbv#KWBR@OCcdkWmkLpo_Su?|@;V%f}0pJm3&++T8ZW}>I0bKT_&NFZ*U
z?25c2fQxXC@^I4t1!s#~E;{l`Wm(PIKK_>KLi={+C<$g(<6sh^EBwKyzlZ-^C(5Hh
zc*U4IAgr?H;-Cf{6~Se))$xUbnZt&e`6@4qd}arO@d_*xkmO^Ha=9d(&B)=ZcXxD*
z6q#desk$^G{MkX&6|t7U<_hefB@(#tmdo-_aLL;(<*YfYIP-nqv*=|BydRk1eakZy
zVMu4sC?cD?Lysv1FWBZWyc<e%;=g^h3}8B$vHJrMBk@BSZrs3xORV5ry?NL`qDBYs
zl5RAlzeL%x`doM~dge6bgcBL9HOb@jYBZ1@(5=!v!bTA2bxD*XK~NPED$mMdhKRx#
zx8(7MILk4Hz6m-rUV7G{J5kn=$f46v;KYO)dU|2BGMwEZF-W4VhIOOCh-KNAHL)sd
zG+L_yzmnF{2~zPu4Y0Iiiot{Fncsgc88lr`b3xPf@~Rwo46^l~-@oORl=41)yvAd8
z4<a&pdU|qlVQm&5E-g*e`dL`KZ)2Rk8gS#GCCS{I=0&AT4q`XP*(jE;YZRR3bz7@v
zE3PdJGMracP@)H2H=L`)E~10%A1#3B<C+g!Ou3DIFgYCkir9I1kmK9Z499;_yg@7z
zfOf8UfBE_qbnmi}Pr$eG@*<B;{n0L5CZN6!MU{qzhLTdmeSH$N;-;1sP@`da!tr=*
zLAxb*9I2y2C1od8&hu_P6K=Tesw1C*d%FR1wS_HUXu8#Rgok*Mm6@YFM5{hTx!37;
z7+4f>r-)9%%68s5=NDI5-<3J+MoFVq#pPeW4w@Aubj^pL+U52`=9ut<ICm|r*ftAn
zSRin4oH_DKOG^t2dmfj-dIapx6~t*57w)$`AVrs50>sGA$;k<j4z$DV#okAc9@RKI
zZC}dIbBb*Zdrxy!pvEP>z0QDwZF}~)qYp=AG<X3{j;G(mPT!WFlu5mI3jLs$rbMTU
z7@tqp;1#2oe9i7{u<Bd>`_Al9nSk$=?vRk}cw%$@q#js+54RsheA6&8>Z(45BLWL|
zX$m6(fC?zDsHh0~3tCLzWjqQ&hxDIgfN8;7fbR11@eM$YtM#pZ`}S=?!RpdLZak-v
zFiM<uUcjdko*ng)k&&^ong<LArNx1bnNa^eNtuWwa)`ZMW4!T!k%dQL&M3eC9zlD~
zWu$?LV46#Ja>CQ6=ofj$Cr|TPCp77jB8)<vh8W8&?3Y&Nh_K3ax1H8*_RFd$>FN%J
z()hYhH-&%x%xfhV0UG>T+02XW?QN8y@c#Yrev1UPnCF+O3utf_(5fP?<I6(C42nGH
z6GobvaPEm`Z@N&hj97}Efq}+z@$JgW3TW6n%R{Qo`Ugy3KDSSeo0fB$8I#X;hh1$j
z3fT0G7zjn#0Q)W~O6KM>DD?8@*A9rjA``e+Sa8V_Z$Ih-Egpb%_SCm-Q|?I6j6sSA
zW@0uD?0#TiAkAm@zNO_{zy%Cp5fK5<!5;N9gJ2JK!zCP25JAAbc&z=vBt%EYr>Zxh
z?wq68sHf|l<7cjUR1OM)Z1$kb0rN2}u&l2?hs$DKFo4_?6rR2F+6(D@Xu)X=N&-^w
zI^aYx`0Vj&FYq*cK`+(JR^c%C`ebvq?ce}_R*&p%r0hdW%h^>u+*iExVymrn@*FP6
z<}&q<E$V&~f6rD&MG4HD3fE<050sorEfv=LFd0xX$fnt<X$6&2<bn0k=OFMfY2p|R
z5}Sz{A5hNHyf@nb#exL?8T=3HR1d4+&z3Nl^oM@vrpLv_7r&zR%GUD`g{l6!M_)me
zVD>a~apQ(SX7A)?j5;00hnjyR4bV-Xlq)KB*!vxg+zGrK_xknj_BLqolORZzgRYFS
zT~K7OBEnP;pc^TNzLv4^_`tvpETU)AWVL1R8W^7$@80>I9ZgJ>Io@5yejGS}-8ba&
z)wxRkW|g8*hxMNZzO;~$%UfSR=UEL*Hk6wT5@AV5G6@=f8lNht6DvZk8$n#IKANrL
zW7YD*mGj_=BU~Szt-OEn;>7}l+`0rNTm-K(#{g!4_7EI4-qi+VP-y7Fc`N<$rRs1g
z7i!g6f7<Dn2aO>tsqSW7Z}?7*_J%5+=1kijEV5ymEOpK2g=p^2zgr^kJqOE#y~I$}
zUEJJ!k2hLAuZ&DNRBiVu_V)JLS8ar}S?CvADTAw{$W=XCNEDe%b3BPrSaY~E*Ab6{
zgM)Xu@o;C^zVgr4A!9G)WluDJT(HpKQUDF_vS>#5OM%>~q@r~1-aT+U_C!`!R+3=|
zgER{mf1xW0ihSwgfty1g7trrWNj1Q1v9Ym%f%mh&zZjrka`JVPRKjbBAk+D9a7us~
z4OMU=PL-096TqDk6&J60_l{mz_;7uy5$F~EY$zAF1jjH4y>?f^pFI->L(1Fx7+Bv&
zFd8H)Iy*bTECon$Lpd-x0aSP(4*B3aWP=nBMD!|VpsZ9U%sH6$Fs(l1<N&Hcapl#D
zWzKxIO9%~!G)YoD?jZ&(EfEOg-uAZW?oV?V?k^2rm^^#_TnxO1Dvz!9jt;-w;<Oa-
z@Lq_ley`9#&{CW`j5$I)Lxm=3x2#o=NTjc?I6b*Bp!%cTKL(#n@5suwfRV)-HFg=1
z2I(+_D~LM9pq2o>2HT6_>07Ub6eQ%*oWb;pW7B<XM1~-I?%{R?pi^v?v5FE@pZoXk
z1D*pherIR&8j?5)dqQVL2g)a04)8FBp%wsE48@~le(a3+PKv@@Z;e$t!DoZw<?HL~
z?OnBeG%DZ4x)#00tms;nXfojXvBl})U^3EqYD6L8r_6JT5|H`9jRE~8-?&;|3JZ}=
z0+1V0sZyBbo;ypLs$!Y0Mv^LSl}6<a172=@*=fECm>%o(828sil02-}r_#k2qDpuz
zK@uHGd6r-MMXxDIJR5_?8`jemxQ`Hk-@eqN@+!TgB#v-%&F{=>tin})=+bQLn>RUz
zQ|C}qfthk1=EF<wM{9sxvFNrrb?6A3W_Fvt$M+pcxzl`{v18ryK^lomxv!8aC@L~c
zqzE9s6U`6H2SuNAq<54syn~_v0iOV0{ZYY5oBiSi{v5M}CM!#`RWU$&is#MWzpEja
z-6Q#vImAlave{ktW(^vKBJO&8=0Sc}Fzp(n!gmZ0aBt+DFN#O0K+<uz0gZO0uwWU1
z-GOk9C}f5U!wo}FO3uaQ_ET~RO?CD9rfmf^Ru<+PHx|E+*rE8**w3G>?com`1-2V~
zB0oiEcKdCL$0w9z%~Z+~iwu#CXE0#rIt-mu6zG_ksABf+6y||3nC3BmE#Kzth0Z?#
zdK11!9L`(VH4qMjBo7zMd_m>vuUfw|5COKfw#M>jo^*SV@o>5K8!jsP#I!^&q9k@g
zqn?owVC(H{g<xFOT7t!#q?=wm{NyIGS@2&8sOsbd@Fk&s6oMTGn!8L!*uf+BBaVxl
zuAAanFHfwewr>L21*0aA@Kt;~%bM@NRcdNuL&H2*4wv+dj2Vz1u2yOTuQoT&xU#cx
z3xEiNOr)A~)L%*Sav&P?`k97(D(X1aX+B@GvaCSLINP8(o3i6Ws$=ej_BWiX^jOVf
zgalkg8+d!<<r%uD3M4S$9TOXS+q@Z9J@_d0)2B}`)b#%cr|Dn9{HvH4upC{^PWC`J
z;8`oaV$aI--S6VPM3NB7>9W(yBSyS<Yd=Ysk&|HkM5>p4tS?xGHO(7@q|1R*g?=Zw
zfHLhbB5M9-rgnzq2}IW=fh)mW*3lu2DN(?5EHkZcG^*e6iBe=`s$@&neqcAX+P<e}
z?KxGjHZ(BMm3XVgu9S>~WXxx8Y+8i}v5$Z#izHQ!xJWqRXUCala66%lM^Xx`f)M$t
zV?!5=X5ayKHZ~pql+V!+th~2wMVz-@ybI|!c7Pp0FF*j_Kj`tR0f(f>yhR-BPL$y)
zJ$G=(mOF5`-LHDK;CGtcIF$fO7!a?}e)M$B^F=?*>Q!6#@0FF<^?pWOC`X{k_2y{j
zV$yNd9&ZL=5ubvk>7kiUQ|2%wB_q=e^&Z^uUnMqx#8^2tFcIDXfJr^g5<1BdYGF{}
z&io2xX5R4G07kn?Lu1dM1O^vMNgFS7Z0s=G`A}Yd@HUj1g75K<;bLp}oA2@d2CUsO
zyJ^lB{NJ#XDnhA}mv4i>M@a#WzXUN+la`hiD9KJIi%0+%CO$g@pDjC{K79(h9w`mY
zS>?pZDs<=b)zu@=bU;bFPDZ8+H-v(s0!&0OZLKUV9~p5W)^#AMP22=3B$UqeN2~Kl
zZBK(*I{L5&PG%s~*o{>%4Xt9}l7E8#0dVO_lc>$kwr&i;gRdmGXyL>xv%i7~ggv(x
z^X?a4Ato-hpRnU5C*?9e2HkB7hPnmy>x&4__?Is?8gRI()*Emz&FUya*1)NqV4^P)
z5D^(k@-Vw0^Wyr!>Cqa5MnJob5OG`i37#eBgXU&t*f=<39Qv`z$?R*ZU!3;Wr+UPX
zo`5pldG|=_?p@T4fjPp@!=t{OgXW*itr{75!`a_)f^MR#VNTffk`L=t=gPMfqQ;~*
z{fZgvJ7wjDJ6B6IO)`{Ka0}HlWU4{0fO26Aa36FoXJ_X}kA8y^i9)s{Y&sC8|7BOo
zR%9YQ{AU+dKA29PAeQb;_?^M!Ei|c3O-LvMuQn?yt8~Jbk_cBWJws8+)GRecOJDz4
zGWnXi8QIWYO23^@S~`mbEAkS(?-jT2(VjgjS5R057VKjfRxhZ<Dqux}^&{n6lHEd$
zGDtaOD<$%R9t;RO?Rb_2Tf5E+f*sqx`>l!(po^ey05C8gCm<j&`E1b!0%h^%&+ANR
z>*i2M&Xs8hvl>fLUuql~nzs8G{Q?773<-+JVtP8dBu&o{_qzh^U#na*w33i7>naW!
z#$rJ##)OOth_$?y?XgfxwosuP7>h@1wG%&nG)3Mfk^(^veD1{L<YdtDKr!?V3((;-
zuF``52sFqY0SFu#S}=qg204*!h^TmVCkurc!DgcQaP_B+T`@c41#huR9W&3lI-O&<
zV%glMr?^9YeGH5Wg;C4&<6XbSWb#mc7S%&@Dx&J{*y6V&I}n9=-uv(vX7lM*+S#$H
z-=XGzqv}F!10{KSdKw0o$I+kC4(i*m1){mRIRfUx|EI1CGAau{zs|TYVllpOteF*3
z@9k6k$pyAImzARw#a1J<V=G@9m<GK^k9rv+AQ3{}&>iyT9MnZRY5)Hde`|oLgHjkC
zevSW$-oM1(h6aGrm+`MZ<V}Rp2x@IB(vLE!Yj6bBY>J2V4GbXFF${UBztJ05vPVa~
z=h{h-F_3W4^z`%u0Usa@%#1h*nsm(CN0xDlq3;bZ2D|Jy<LpU*u!BhlegdYM#q6Zl
zW`Q&44~aX|hmYQKW%eIg#~o$v&f6^7ST`;>nO%gLmjqHVaLYu$-JKmO2=&0AhvjOa
zC(Zux<D9}m`1djB*H4~&(PMY|Gi1u$^z9quO`4jTBB?}nyG7O_qoR5`JDZBLm?YV9
zZwy_R3GK)jN?}_!?$%p~cKU6-BN`!W<S9`~&C{d8OOD$bu8w9;5Kx!7iam?xza1e&
zPlqK*eei2|y*HV>2!<ZSUi9oiTm~Y{cP>7B1xo+*>(?(|T#(3#Dv#p){I16(&{<a`
z(xl40=<VAFz^h?95U6%g#+hRtK{yR$yax{+@bK`U2sXE=q_?;CUmf1T;S+PqqTl!S
z9GO<1><=z-bbmF8D36HkBl|Q66U>!GNG<MhufBF_xmQ*yljjunLp6n+CrEaiVR|sM
zyQF(F6|a2XQzcRWZr_#j)*MBndjF4Z?csodef17ljU=R`IXVKSci3{TGxgE^#`yM}
zYiy2Z{dF_8n1{JxngYixcy|BV(&5o|AiK9;I`1}zeZQURotckdu;E4bBxi-T?T7vb
zpVw{6kLI#4UarlIAIS?+>i24@L`o&RU<zigMWcf=sT)J9s5Di7y-AI~jNRcSpBdRz
z>6P}E`k#*mu$C}E=sR)NtjUq$C#%GtYnFFv8~-uf!EnW?a&c~a;5{hi*LYObB?&Wx
z&I!8FUxKa@iX!Mz!WBN(wpJLQf<S(Co<)df+!P<9hog^F|NhQ~j5&II`%{gqLg@gr
zbJ_efnV5kvB*q*5daYc9H1NHPT$Bi}!zT7v3Xh%El4I+{9wasquCy%kXCX1)iBU(~
zbkgZFU%M)Rrq-%4w0U3gcX_~Q?Nu@Ax%pcZhQ3@kXAuJ}q9Wm_T@1k>q=GfDo1OjU
zEsG2rh+mm5!tZChf*A>Vi{D%vRJ-f$cEull)5L8==6gYmNB<5R&M7tuCc=gt*zG83
zbuMNH#1U^bQ`&ziEe#C~-CG{w5*1DM=p7$d!9=AB^9@Q3$qwp!R1uQI+S=NvcU%hK
zQ&mDD_n?})lR+vle5YI0cQXc<KV2*uq6lS`yr_G_l9ir5N#M7CS5`JOI_?b8P_$3c
z5Lkcz+8%yQ&|%U%N^JLVxzNk-7Whjbrfa@cKur2^qryg!4Z4<2W>6qpQZ5`d5v#g;
z<CgS3^gfu2ANWXs*rx$ONgvggREyOS`?Ti@BJ6K~#u#%gLlb5J4k>$j;nsR1!Gy;`
z$`VS0R<*LSay)N#b_Ij3XzSJ*PG(R>uI5Hjq<SuWgbY)q0R=U6w^9iff))=pJwQN@
zF31p43t)PLZ}Qm3=zxFW6pW#xf@=<OI5=Z~S*jlK;u}rGaLAjwScqdR@JY_e3xo#f
z8EuJN82R|L%Ns7(q>^U?TOFsJ2jp*1WEOn5gNE>foMu9r-psIkgS4zHu@owN#ggW&
z0XvJ5!SJd%-c$_6Cirg6GUj)7f*ki)0LXNItx&(@G0g2ZT3B^wg4gkrx~xh^?w`&1
zXqJ=wpg}_wA=oH_2RSvuD^yg^X`6dc0Llb|3Bo~nI=K^~B5kJJqA)#C9>{VML|x7R
z;^k|{p+9S!`u<5i#^=%+jy30m8K`hIAO(oKOC_`I%aJyGdeEpf&VZtgfSOQ4FDjY5
z8P;Om0z;3TCG7<faHGvYnGMn2lz<p7xRCQ-J)X^b{C?SG74u0O2rdwR@K>som}7b$
z;$mY@pT_Sg2a{Is{<3*Y&4;4Mvi|c;giueUQr)M+0fD?ZSO61sYjg8U{;M-b!Rtz&
zsUzx59fp2>n5dFBV6-m+$AnzOE$?SPB@xjED$AzvARxlqqI<cbLO3pv97Nxz)+}f@
z*gvJFG-;@*0Vw0*o|yywkP~I-a3Zgz^#ha)4@#l@+<Aldc$K)<1=pkejx$!`(AIc_
zcwmRa`L>cK53^)gsstZ21VL1Xg_(IAAhf=23&Azq5D<(W8Q~yG&gVRuT<P8S2n0bA
z>bU^7RU<*a2GwtA>9M_iseV30vS1g&-B5g{AP^DZu7G%hfq?-D=MNul%%kBz@@MM;
zq7J4fY%hXc6?UbtS*_&D7nIpk;qn_~KOp(Al){coFwA2^b=O8pqspg0L9ZRaNd)N&
zMj>dbcSCUHL92sA+lv<}s;Vssn22?!`6g7=kp3-*qPU4&^S^%m0yh~VL$}YH+Mqz9
zlG2&Nf1@I!7NOEoVkyujTR0q6eip&mP~Eapg0=XssqOMh_7Y+fVpE7E5Y+p}#`5)i
zM8UN|DTO|VU%r`rEGV$byi0)_f>O!9eS1#MLoXyG1g0q1p+7%8_$vm#;*LN8EKN;K
zP|?Ad1Hr>?w5%66xvnk}OjmH1QPwW3*BAuUE~{`=eSk&~v#3Dqs6I?kvhI94p-VJz
zKd5wIhNXhv4?2s|)o<Js&yk~!vYwuYV7zH)XaJB0@HBT4tPb}>OY7<yeQ2XP99LI&
zZ)eB^l7^tOgHIfRid6I4k1Jt@M@D)tz72&8taaC$fkG3BYc`h<;`pe#x;~bi0H6!i
zvtK34TRjrUnrm0C064pKF55CgMoOiTMw${g1Y~5Cb_+4sPLaPEY81)^4fVgtP$P1{
zDue@-TeA%Rhf*sO0g&N8Q_^2d)=(*F0tmvkPB|n)`W2*dpc-O;a#1>MiZCjS1C$fw
zLtr~J!?zH=or%POcbE{;2WtPO$&y%6Q)KiCg6aiwi)xy<5welzav&Yx5<b2if!YIQ
zkjra)j({_WAI!#_3$jiYuu-5#bgL7n8mQkT1+0kHb02a&JUIcpawv{)F?fx*piCz~
z%HioH9KdmNV=tMZ=7YZa<zeqT@Y6wQf-15K@-p0W!1+-Ur~7bOB`jJA^OrFZPUm;|
zUZ+dLY!gU~Fq=9`jzBF1Mu>!IU|(}!1wrU%By12_tpU9cH2t3v^yIpLkU*V=<k4gB
z?{3}%H0F2MpXR$BNFxd-050i|3O58TB{NIbmoHl7FOdk^cmJ|DTj9RB*P4emZuBW~
zLDjbZ`KjK5H~)TdR&nuGX1p<WkX`uV;v!_7c0g?d$N{N72z<dlh@^Ic4;K(~|95iq
zJn&40@XJzGQ3A)y&dyF+`VyVRc$EimK1DgX_0LLU@^W%Nt2~_5)q8=TctemE%9Y>Y
z?`)9tdX3Nt5ueUANs8GfZ*Wdgf&>VwE-u>>XQz8`k3BWtjKgJvNc`iq@oL4_>_R9#
zN~!@=a|oZ56p$h0&L#K{Da6h&e<0-#8$`~wvnBFBe#BbGY<>hY3~uu8-@l>Gwt^Zu
z9l`abfao9Zf_&%$tB9AA{}DS@Nfo_@`J1Z&j0T9W2nz`8fvPKUG~5G{4O_m=MZ^`9
za~vCs>bLsRT$5p~uMe=Mv9U3@B`7IX?db##7S=GZYgk%fii7(N1#}5qwueTn2tvGn
z=v*kRe+Vpca4U%FzgNTdM6flF08YSabO3nfp%K+TU(Ct^oHZ*i5AqkYAn_-K5Qz2#
z|JSUrzAgrOO1){iw{`XXr531+3CRiPp+5*zXuV;XM{V#Bybg8ec~lfxr7Z&7_F3rQ
zAGagWA-)vgAi`e1d|5x+luilf1;7HOC%6fm=Yfwm<7=;0KB)5q8MLFl9W?4H&z;Bl
z%k)O3<H5NyDg7Oyxc9;{QF8p1i!0fes@`g-pr#rY_2Nw#eSM09)haaq8d?@+Q=U@N
zRdina*XUeCcW`5f86MEUUi{M1p@+8*CuX8!8#_mi8fi||mY*$N;JiMm2~ptlXAq!v
zVSnIJRf5T2TRH}4fs%sao(`7-&q7W{#@*#-@L-14a4bFi&_E~I*)EOA%sx>b<e2La
zXfTi>taACSQ8aQn3o1R4)L$+99YN~|0!0!)rH=hC!CblB?bgR7c0WG_pftg3S0jWZ
zYFqe+yO|zlo12><_*D9un#CSlRz)KU8Ov=P#vtgxOog1hd_&<dnxu2LhZ)NHkp6gE
zRY_0pr^)FinUoxOY(_>YKf5lpL*`vKU*D3O{1if!Z<OdO+7WfKAX@%?&)&*=3~F~s
z7@C5G1$sCTc$h-bYGDq-%CA1;<|f^;hUghYCk`N_maol+s6%ZEQws%|f<EZUXxRps
zPLLa;60kD_hY1$ZFHXnW9v%m<(&XzbL(Lv6Fv@jxMM%>BJtxSXV*Nj4Pcup8tp7cG
z`X)Yp4{${zWKXkU3)<hT_Cr>-n>QI3ngk)q?!DbBo2!#gA5?X`*+I;#v_DjP%2a;)
z4CMA;*yIJKA?5RC$o#CritA)ThS-04zV!<z|GA-|kZH|Q&P(y!W-zZDW&{K^%>D{*
ztqf6B0IvWMY-H()J+`y+UHX^}l^PSZJqyCdFdqBBpqS(Uv3hV|z;)#(4=OlwxY@xK
z$M!ce^T$#pG8c*oDscnF1SLw8f_?*gnvRc;K{&#t68>@2;A7(Ba{?P{L3*2a5QJhL
z@$8vSfnl5IV+3Nm`(ICpfE0rQxTLdfF(n0;7DFg{RGh3Ke~Ee$#)Ah_z$x6IQh|8|
z-b`1j7)m0qra9wYfaMY8YyrZv<xc`804p#k`+nOQG$?H^8g@Lv_9!~o(nk&e0yZo4
zRgk8~!VV3lXCxpXLV8kFxxKslHIIQU?A$<w@@#GYL~zxV!KwhkNmP0gk~XaD?1o<+
zs>6O0Ly^A0sm4$V$gcncGOqPaA-qCCafnJ!!ml8cqpypHuy~!A*mjWzs-ympv;c(b
zK-|iK4bs-PTf?V7-~0e!8zhu|*v<jFacz8j#9~I$;AKfkB2d$?h?y5xF<|vSfolQS
zWCUJfW5c#(1<5$jbAh%46#F`Gp?Z0F`Dj7n47OgoOag$uxkiL4f%~;>JHbk85U)#k
zv<hk{<5{~tW@w`$*!hsNM)@<@*`XfJ|3lnyr1HOyJF*d`QV;z41^(G2lu4L?@o<6|
zP|-@@a>1q)kd(Ar4*`e*+*BB9?}3DyQI)%TiVup<X7X@+gvf^v?3I8!NkT#bXy}QZ
zom&mf_3NU5A!cV$Dj#S%u%!i$O&+t{eZvfd7TEL`j6(+28SLsyjsVOA*01m07_ukv
z77L*n84Gh*Zw09^gJ{?zJ3FgaG(KBN%Sj=4lx~xCXs)}kTgm=pNw=0h=<3z0sJ%-|
zD_3dL!|=^u11E%LdtmQW-ov>v*ind2E$R*y2r!kW146I^5-@c<tVW>m#l~JGBNKql
zTwn_s?WWgHIRGyHpU6deZq%L~)pn}3+$r-tIpi=bQ-e+Vxa_1jF@o?sh!-EhrlS=O
z6LMQ2cis|s)W>MsUkKzA5EC(wS#51su=RfZ(q9z@#~t(<XrMd8X0q$IAF6?51DO{<
zIDf%8Ji~_SDws7uC!oQm&iwp8u*d=k26_Mu=mDhdVI3@YoVjf8lQ78&e}be3sAXUV
zDo_c*6LaJ+&9pkgiE;}I*WeK^s5IE}(h|gELHqpi{rftscI`C`f%SxBWbx6_gv7+R
zK&KX2tGWegPuMiq^X4)_7gaak;6rk%cVwhvJLC30<1znIsGxU{7=)Ic-QqC`knubN
z*<`_scU_PhfZl(}Kt{p5dj1@Cjt%aXA?o%}gz8bBv)OD4Jfo<t2L%`&DG|=FK~fR1
zk9Qtc^MgJh)>+ScvY1Lf3|T?MWIQb1P#dsPQ!b`+v-YU;S-_}7R6{!L1}iIYNOCQ7
zHMryCR%%!Xg!{iG98pec2r4Nlt;bFZ;4eKLaR=Am2_y>yZ84a~uU=h|k~>cjfp&m8
zGHU1Uzb7RhDXB!N?_UPP8@LM?-eY!!`T5oE8}xJ+3pXfGUq&W=;IhMmV4#8SRTZy^
zh>p4I4@su5FiZ#y!aV{fQc4aoO^s7^|9Fzn&=A}<cxVa~U#Jr^)ye4o@d=C45E5~B
zcUM<`xt@<epeuv(3&uMXRsS>aOtzPY?0<Yv2k$No1a3&7Bn|};X7n!3+04g}wCAsN
z6b^`zmhWcXONraZEi0JmXjxU=Au>?qlTcI`3NXM2kNln)7Yr1CF2a<bIPjlI5qK&B
z{QQ6RL301QPr>@nN7p4LoWU~h^Y^iM(0N4N*@=WYhM08F*{^ie&+^hL_X?y;pZ;Gt
Ct&(;C

literal 0
HcmV?d00001

diff --git a/nss/lib/pki/doc/standoc.html b/nss/lib/pki/doc/standoc.html
new file mode 100644
index 0000000..2e110fc
--- /dev/null
+++ b/nss/lib/pki/doc/standoc.html
@@ -0,0 +1,442 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+                                                                        
+                              
+  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+  <title>Stan Design - Work In Progress</title>
+</head>
+  <body>
+ <br>
+               This is a working document for progress on Stan design/development.<br>
+ <br>
+        Current <a href="#build">build</a>
+       and <a href="#test">test</a>
+        instructions.<br>
+ <br>
+                      The current set of Stan libraries.<br>
+ <a href="#asn1">asn1</a>
+ <br>
+ <a href="#base">base</a>
+ <br>
+ <a href="#ckfw">ckfw</a>
+ <br>
+ <a href="#dev">dev</a>
+ <br>
+ <a href="#pki">pki</a>
+ <br>
+ <a href="#pki1">pki1</a>
+ <br>
+ <a href="#pkix">pkix</a>
+ <br>
+ <br>
+                     "Public" types below (those available to consumers of
+ NSS)   begin    with   "NSS".  &nbsp;"Protected" types (those only available
+ within   NSS)   begin   with  "nss".<br>
+ <br>
+        Open issues appears as numbered indents.<br>
+ <br>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"><br>
+ 
+<h3><a name="asn1"></a>
+ <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/asn1/">
+           ASN.1</a>
+ </h3>
+                          ASN.1 encoder/decoder wrapping around the current 
+ ASN.1    implementation.<br>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSASN1EncodingType">  NSSASN1EncodingType</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1Item">nssASN1Item</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1Template">nssASN1Template</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1ChooseTemplateFunction">
+                     nssASN1ChooseTemplateFunction</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1Encoder">nssASN1Encoder</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1Decoder">nssASN1Decoder</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1EncodingPart">  nssASN1EncodingPart</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1NotifyFunction">
+       nssASN1NotifyFunction</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1EncoderWriteFunction">
+                     nssASN1EncoderWriteFunction</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssASN1DecoderFilterFunction">
+                     nssASN1DecoderFilterFunction</a>
+ <br>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"> 
+<h3><a name="base"></a>
+ <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/base/">
+       Base</a>
+ </h3>
+                          Set of base utilities for Stan implementation.
+&nbsp;These       are   all   fairly straightforward, except for nssPointerTracker.<br>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSError">NSSError</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSArena">NSSArena</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSItem">NSSItem</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSBER">NSSBER</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSDER">NSSDER</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSBitString">NSSBitString</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSUTF8">NSSUTF8</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSASCII7">NSSASCII7</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssArenaMark">nssArenaMark</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssPointerTracker">nssPointerTracker</a>
+ <br>
+          This is intended for debug builds only.<br>
+ 
+<ol>
+   <li>Ignored for now.<br>
+   </li>
+ 
+</ol>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssStringType">nssStringType</a>
+ <br>
+ <br>
+          Suggested additions:<br>
+ 
+<ol>
+   <li>nssList - A list that optionally uses a lock. &nbsp;This list  would 
+   manage the currently loaded modules in a trust domain, etc.</li>
+   
+  <ul>
+     <li>SECMODListLock kept track of the number of waiting threads.  &nbsp;Will 
+  this be needed in the trust domain?</li>
+   
+  </ul>
+ 
+</ol>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"> 
+<h3><a name="ckfw"></a>
+ <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/">
+  CKFW</a>
+ </h3>
+                     The cryptoki framework, used for building cryptoki tokens. 
+   &nbsp;This      needs  to be described in a separate document showing how
+   to set up a  token    using  CKFW. &nbsp;This code only relates to tokens,
+   so it is not  relevant    here.<br>
+ <br>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"> 
+<h3><a name="dev"></a>
+ <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/dev/"> 
+ Device</a>
+ </h3>
+                          Defines cryptoki devices used in NSS. &nbsp;This
+ is  not   part  of the exposed API. &nbsp;It is a low-level API allowing
+NSS to manage   cryptoki  devices.<br>
+ <br>
+         The relationship is like this:<br>
+ <br>
+         libpki --&gt; libdev --&gt; cryptoki<br>
+ <br>
+         As an example,<br>
+ <br>
+         NSSTrustDomain_FindCertificate --&gt; NSSToken_FindCertificate --&gt;
+   C_FindObjects<br>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSModule">NSSModule</a>
+ <br>
+                     Replaces the SECMOD API. &nbsp;The module manages a
+PRLibrary       that   holds  a cryptoki implementation via a number of slots.
+&nbsp;The      API should   provide  the ability  to Load and Unload a module,
+Login  and    Logout to the   module (through its slots), and to locate a
+particular   slot/token.<br>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSSlot">NSSSlot</a>
+ <br>
+                     This and NSSToken combine to replace the PK11 API parts
+  that   relate    to  slot  and token management. &nbsp;The slot API should
+  provide   the ability   to Login/Logout   to a slot, check the login status,
+  determine    basic configuration    information   about the slot, and modify
+  the password    settings.<br>
+ 
+<ol>
+   <li>Should slots also maintain a default session? &nbsp;This session would 
+ be used for slot management calls (sections 9.5 and9.6 of PKCS#11). &nbsp;Or 
+ is the token session sufficient (this would not work if C_GetTokenInfo and 
+ C_InitToken need to be wrapped in a threadsafe session).<br>
+   </li>
+ 
+</ol>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSToken">NSSToken</a>
+ <br>
+                     Fills in the gaps left by NSSSlot. &nbsp;Much of the 
+cryptoki     API   is  directed   towards slots.  &nbsp;However,   some  functionality
+   clearly belongs with a token type. &nbsp;For  example,   a certificate
+ lives  on a token, not a slot, so one would expect  a function   NSSToken_FindCertificate.
+    &nbsp;Thus functions that deal with  importing/exporting   an object
+and    performing  actual cryptographic operations  belong here.<br>
+ 
+<ol>
+   <li>The   distinction  between a slot and a token is not clear. &nbsp;Most 
+   functions take  a slotID   as an argument,  even though it is obvious that
+     the event   is intended to occur on a token. &nbsp;That leaves various
+   possibilities:</li>
+   
+  <ol>
+     <li>Implement the API entirely as NSSToken. &nbsp;If the token  is not 
+  present, some calls will simply fail.</li>
+     <li>Divide the API between NSSToken and NSSSlot, as described  above. 
+&nbsp;NSSSlot  would handle cryptoki calls specified as "slot management",
+  while NSSToken  handles actual token operations.</li>
+     <li>Others?</li>
+   
+  </ol>
+   <li>Session management. &nbsp;Tokens needs a threadsafe session handle 
+ to perform operations. &nbsp;CryptoContexts are meant to provide such sessions, 
+ but other objects will need access to token functions as well (examples: 
+the TrustDomain_Find functions, _Login, _Logout, and others that do not exist 
+ such as NSSToken_ChangePassword). &nbsp;For those functions, the token could 
+ maintain a default session. &nbsp;Thus all NSSToken API functions would take
+ sessionOpt as an argument. &nbsp;If the caller is going to provide a session,
+ it sends an NSSSession there, otherwise it sends NULL and the default session
+ is utilized.<br>
+   </li>
+ 
+</ol>
+      Proposed:<br>
+    NSSSession<br>
+    Wraps a Cryptoki session. &nbsp;Created from a slot. &nbsp;Used to manage
+  sessions for crypto contexts. &nbsp;Has a lock field, which locks the session
+  if the slot is not threadsafe.<br>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"><br>
+ 
+<h3><a name="pki"></a>
+ <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/pki/"> 
+   PKI</a>
+ </h3>
+                          The NSS PKI library.<br>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSCertificate">NSS</a>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSCertificate">Certificate</a>
+ <br>
+ 
+<ol>
+   <li>The API leaves open the possibility of NSSCertificate meaning  various 
+ certificate types, not just X.509. &nbsp;The way to keep open this  possibility 
+ is to keep only generally useful information in the NSSCertificate  type. 
+&nbsp;Examples would be the certificate encoding, label, trust (obtained
+ from cryptoki calls), an email address, etc. &nbsp;Some type of generic
+reference  should be kept to the decoded certificate, which would then be
+accessed by  a type-specific API (e.g., NSSX509_GetSubjectName).</li>
+ 
+</ol>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSUserCertificate">NSSUserCertificate</a>
+ <br>
+ 
+<ol>
+   <li>Should this be a typedef of NSSCertificate?&nbsp; This implies  that 
+ any function that requires an   NSSUserCertificate   would fail when  called 
+ with a certificate lacking a private key. </li>
+ 
+</ol>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSPrivateKey">NSSPrivateKey</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSPublicKey">NSSPublicKey</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSSymmetricKey">NSSSymmetricKey</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSTrustDomain">NSSTrustDomain</a>
+ <br>
+                    A trust domain is "the field in which certificates may
+ be  validated."       &nbsp;It  is a collection of modules capable of performing 
+  cryptographic      operations  and storing certs and keys. &nbsp;This collection 
+  is managed     by NSS in a manner opaque to the consumer. &nbsp;The slots 
+  will have various      orderings determining which has preference for a 
+given  operation. &nbsp;For      example, the trust domain may order the storage
+ of user certificates one    way, and the storage of email certificates in
+ another way [is that a good    example?].<br>
+ <br>
+ 
+<ol>
+   <li>           How will ordering work? &nbsp;We already have the  suggestion 
+      that  there be two kinds of ordering: storage and search.  &nbsp;How 
+will     they be  constructed/managed? &nbsp;Do we want to expose  access 
+to a token     that overrides  this ordering (i.e., the download of  updated 
+root certs   may  need to override  storage order)</li>
+   <li>How are certs cached? &nbsp;Nelson wonders what it means   to   Stan 
+    when a cert does not live on a token yet. &nbsp;Bob, Terry, and    I discussed
+    this. &nbsp;My conclusion is that there should be a type,  separate 
+from   NSSCertificate,  that holds the decoded cert parts (e.g.,   NSSX509Certificate,
+    or to avoid confusion, NSSX509DecodedParts). &nbsp;NSSCertificate   would
+  keep  a handle to this type, so that it only needs to decode the  cert
+once.   &nbsp;The  NSSTrustDomain would keep a hash table of cached certs, 
+some of  which may  not live on a token yet (i.e., they are only NSSX509DecodedParts). 
+     &nbsp;This  cache could be accessed in the same way the temp db was, 
+and    when the cert  is ready to be moved onto a token a call to NSSTrustDomain_ImportCertificate 
+       is made. &nbsp;Note    that this is essentially the same as CERT_TempCertToPerm.</li>
+   
+  <ul>
+     <li>The hashtable in lib/base (copied from ckfw/hash.c) uses the identity 
+hash. &nbsp;Therefore, in a hash of certificates, the key is the certificate 
+pointer itself. &nbsp;One possibility is to store the decoded cert (NSSX509DecodedParts 
+above) as the value in the {key, value} pair. &nbsp;When a cert is decoded, 
+the cert pointer and decoding pointer are added to the hash. &nbsp;Subsequent 
+lookups have access to one or both of these pointers. &nbsp;This keeps NSSCertificate 
+separate from its decoding, while providing a way to locate it.</li>
+   
+  </ul>
+   <li>The API is designed to keep token details hidden from the user.  &nbsp;However, 
+ it has already been realized that PSM and CMS may need special  access to 
+tokens. &nbsp;Is this part of the TrustDomain API, or should PSM  and CMS 
+be allowed to use "friend" headers from the Token API?</li>
+   <li>Do we want to allow traversal via NSSTrustDomain_TraverseXXXX?<br>
+   </li>
+ 
+</ol>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSCryptoContext"><br>
+                   NSSCryptoContext</a>
+ <br>
+    Analgous to a Cryptoki session. &nbsp;Manages session objects only.<br>
+  <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSTime">NSSTime</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSUsage">NSSUsage</a>
+ <br>
+ 
+<ol>
+   <li>       See Fred's <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/pki/nsspkit.h#187">
+               comments</a>
+              .</li>
+ 
+</ol>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSPolicies">NSSPolicies</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSAlgorithmAndParameters">
+                      NSSAlgorithmAndParameters</a>
+ <br>
+ 
+<ol>
+   <li>       Again, Fred's <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/pki/nsspkit.h#215">
+               comments</a>
+              . &nbsp;The old NSS code had various types related to  algorithms 
+    running around in it. &nbsp;We had SECOidTag, SECAlgorithmID,   SECItem's
+     for parameters, CK_MECHANISM for cryptoki, etc. &nbsp;This type   should
+    be  able to encapsulate all of those.</li>
+ 
+</ol>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSCallback">NSSCallback</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSOperations">NSSOperations</a>
+ <br>
+ <br>
+ <br>
+ 
+<hr width="100%" size="2"><br>
+ <br>
+ A diagram to suggest a possible TrustDomain architecture.<br>
+ <br>
+ <img src="./standiag.png" alt="Trust Domain Diagram" width="748" height="367">
+ <br>
+ 
+<hr width="100%" size="2" align="Left"><br>
+ 
+<h3><a name="pki1"></a>
+ <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/pki1/">
+    PKI1</a>
+ </h3>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSOID">NSSOID</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSATAV">NSSATAV</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSRDN">NSSRDN</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSRDNSeq">NSSRDNSeq</a>
+ <br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=NSSName">NSSName</a>
+ <br>
+            NSSNameChoice<br>
+            NSSGeneralName<br>
+            NSSGeneralNameChoice<br>
+            NSSOtherName<br>
+            NSSRFC822Name<br>
+            NSSDNSName<br>
+            NSSX400Address<br>
+            NSSEdiParityAddress<br>
+            NSSURI<br>
+            NSSIPAddress<br>
+            NSSRegisteredID<br>
+            NSSGeneralNameSeq<br>
+ <a href="http://lxr.mozilla.org/mozilla/ident?i=nssAttributeTypeAliasTable">
+            nssAttributeTypeAliasTable</a>
+ <br>
+ <br>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"><br>
+ 
+<h3><a name="pkix"></a>
+ <a href="http://lxr.mozilla.org/mozilla/source/security/nss/lib/pkix/">
+       PKIX&nbsp;</a>
+ </h3>
+           There is a plethora of PKIX related types here.<br>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"><br>
+ 
+<h3><a name="build"></a>
+        Building Stan</h3>
+ <br>
+       From nss/lib, run "make BUILD_STAN=1"<br>
+ <br>
+ 
+<hr width="100%" size="2" align="Left"><br>
+ 
+<h3><a name="test"></a>
+       Testing Stan</h3>
+       A&nbsp;new command line tool, pkiutil, has been created to use only
+ the   Stan API. &nbsp;It depends on a new library, cmdlib, meant to replace
+ the   old secutil library. &nbsp;The old library had code used by products
+ that   needed to be integrated into the main library codebase somehow. &nbsp;The
+   goal of the new cmdlib is to have functionality needed strictly for NSS
+ tools.<br>
+ <br>
+       How to build:<br>
+ 
+<ol>
+   <li>cd nss/cmd/cmdlib; make</li>
+   <li>cd ../pkiutil; make</li>
+ 
+</ol>
+       pkiutil will give detailed help with either "pkiutil -?" or "pkiutil 
+ --help".<br>
+ <br>
+      So far, the only available test is to list certs on the builtins token. 
+  &nbsp;Copy "libnssckbi.so" (or whatever it is) to cmd/pkiutil. &nbsp;Then 
+  run "pkiutil -L" or "pkiutil --list". &nbsp;The list of certificate nicknames 
+  should be displayed.<br>
+ <br>
+ <br>
+ 
+</body>
+</html>
diff --git a/nss/lib/pki/exports.gyp b/nss/lib/pki/exports.gyp
new file mode 100644
index 0000000..a9707ae
--- /dev/null
+++ b/nss/lib/pki/exports.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_pki_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'nsspki.h',
+            'nsspkit.h',
+            'pki.h',
+            'pki3hack.h',
+            'pkim.h',
+            'pkistore.h',
+            'pkit.h',
+            'pkitm.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/pki/manifest.mn b/nss/lib/pki/manifest.mn
new file mode 100644
index 0000000..a7efb89
--- /dev/null
+++ b/nss/lib/pki/manifest.mn
@@ -0,0 +1,45 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+PRIVATE_EXPORTS = \
+	pki.h      \
+	pkit.h     \
+	nsspkit.h  \
+	nsspki.h   \
+	pkistore.h \
+	pki3hack.h \
+	pkitm.h    \
+	pkim.h     \
+	$(NULL)
+
+EXPORTS =	   \
+	$(NULL)
+
+MODULE = nss
+
+CSRCS =		        \
+	asymmkey.c      \
+	certificate.c   \
+	cryptocontext.c \
+	symmkey.c       \
+	trustdomain.c   \
+	tdcache.c       \
+	certdecode.c    \
+	pkistore.c      \
+	pkibase.c       \
+	pki3hack.c      \
+	$(NULL)
+
+#DEFINES = -DDEBUG_CACHE
+
+REQUIRES = nspr
+
+LIBRARY_NAME = nsspki
+LIBRARY_VERSION = 3
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/pki/nsspki.h b/nss/lib/pki/nsspki.h
new file mode 100644
index 0000000..28780c3
--- /dev/null
+++ b/nss/lib/pki/nsspki.h
@@ -0,0 +1,2779 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSPKI_H
+#define NSSPKI_H
+
+/*
+ * nsspki.h
+ *
+ * This file prototypes the methods of the top-level PKI objects.
+ */
+
+#ifndef NSSDEVT_H
+#include "nssdevt.h"
+#endif /* NSSDEVT_H */
+
+#ifndef NSSPKIT_H
+#include "nsspkit.h"
+#endif /* NSSPKIT_H */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * A note about interfaces
+ *
+ * Although these APIs are specified in C, a language which does
+ * not have fancy support for abstract interfaces, this library
+ * was designed from an object-oriented perspective.  It may be
+ * useful to consider the standard interfaces which went into
+ * the writing of these APIs.
+ *
+ * Basic operations on all objects:
+ *  Destroy -- free a pointer to an object
+ *  DeleteStoredObject -- delete an object permanently
+ *
+ * Public Key cryptographic operations:
+ *  Encrypt
+ *  Verify
+ *  VerifyRecover
+ *  Wrap
+ *  Derive
+ *
+ * Private Key cryptographic operations:
+ *  IsStillPresent
+ *  Decrypt
+ *  Sign
+ *  SignRecover
+ *  Unwrap
+ *  Derive
+ *
+ * Symmetric Key cryptographic operations:
+ *  IsStillPresent
+ *  Encrypt
+ *  Decrypt
+ *  Sign
+ *  SignRecover
+ *  Verify
+ *  VerifyRecover
+ *  Wrap
+ *  Unwrap
+ *  Derive
+ *
+ */
+
+/*
+ * NSSCertificate
+ *
+ * These things can do crypto ops like public keys, except that the trust,
+ * usage, and other constraints are checked.  These objects are "high-level,"
+ * so trust, usages, etc. are in the form we throw around (client auth,
+ * email signing, etc.).  Remember that theoretically another implementation
+ * (think PGP) could be beneath this object.
+ */
+
+/*
+ * NSSCertificate_Destroy
+ *
+ * Free a pointer to a certificate object.
+ */
+
+NSS_EXTERN PRStatus
+NSSCertificate_Destroy(NSSCertificate *c);
+
+/*
+ * NSSCertificate_DeleteStoredObject
+ *
+ * Permanently remove this certificate from storage.  If this is the
+ * only (remaining) certificate corresponding to a private key,
+ * public key, and/or other object; then that object (those objects)
+ * are deleted too.
+ */
+
+NSS_EXTERN PRStatus
+NSSCertificate_DeleteStoredObject(
+    NSSCertificate *c,
+    NSSCallback *uhh);
+
+/*
+ * NSSCertificate_Validate
+ *
+ * Verify that this certificate is trusted, for the specified usage(s),
+ * at the specified time, {word word} the specified policies.
+ */
+
+NSS_EXTERN PRStatus
+NSSCertificate_Validate(
+    NSSCertificate *c,
+    NSSTime *timeOpt, /* NULL for "now" */
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt /* NULL for none */
+    );
+
+/*
+ * NSSCertificate_ValidateCompletely
+ *
+ * Verify that this certificate is trusted.  The difference between
+ * this and the previous call is that NSSCertificate_Validate merely
+ * returns success or failure with an appropriate error stack.
+ * However, there may be (and often are) multiple problems with a
+ * certificate.  This routine returns an array of errors, specifying
+ * every problem.
+ */
+
+/*
+ * Return value must be an array of objects, each of which has
+ * an NSSError, and any corresponding certificate (in the chain)
+ * and/or policy.
+ */
+
+NSS_EXTERN void ** /* void *[] */
+    NSSCertificate_ValidateCompletely(
+        NSSCertificate *c,
+        NSSTime *timeOpt, /* NULL for "now" */
+        NSSUsage *usage,
+        NSSPolicies *policiesOpt, /* NULL for none */
+        void **rvOpt,             /* NULL for allocate */
+        PRUint32 rvLimit,         /* zero for no limit */
+        NSSArena *arenaOpt        /* NULL for heap */
+        );
+
+/*
+ * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
+ *
+ * Returns PR_SUCCESS if the certificate is valid for at least something.
+ */
+
+NSS_EXTERN PRStatus
+NSSCertificate_ValidateAndDiscoverUsagesAndPolicies(
+    NSSCertificate *c,
+    NSSTime **notBeforeOutOpt,
+    NSSTime **notAfterOutOpt,
+    void *allowedUsages,
+    void *disallowedUsages,
+    void *allowedPolicies,
+    void *disallowedPolicies,
+    /* more args.. work on this fgmr */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCertificate_Encode
+ *
+ */
+
+NSS_EXTERN NSSDER *
+NSSCertificate_Encode(
+    NSSCertificate *c,
+    NSSDER *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCertificate_BuildChain
+ *
+ * This routine returns NSSCertificate *'s for each certificate
+ * in the "chain" starting from the specified one up to and
+ * including the root.  The zeroth element in the array is the
+ * specified ("leaf") certificate.
+ *
+ * If statusOpt is supplied, and is returned as PR_FAILURE, possible
+ * error values are:
+ *
+ * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete
+ *
+ */
+
+extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND;
+
+NSS_EXTERN NSSCertificate **
+NSSCertificate_BuildChain(
+    NSSCertificate *c,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt,
+    PRStatus *statusOpt,
+    NSSTrustDomain *td,
+    NSSCryptoContext *cc);
+
+/*
+ * NSSCertificate_GetTrustDomain
+ *
+ */
+
+NSS_EXTERN NSSTrustDomain *
+NSSCertificate_GetTrustDomain(NSSCertificate *c);
+
+/*
+ * NSSCertificate_GetToken
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSToken *
+NSSCertificate_GetToken(
+    NSSCertificate *c,
+    PRStatus *statusOpt);
+
+/*
+ * NSSCertificate_GetSlot
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSSlot *
+NSSCertificate_GetSlot(
+    NSSCertificate *c,
+    PRStatus *statusOpt);
+
+/*
+ * NSSCertificate_GetModule
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSModule *
+NSSCertificate_GetModule(
+    NSSCertificate *c,
+    PRStatus *statusOpt);
+
+/*
+ * NSSCertificate_Encrypt
+ *
+ * Encrypt a single chunk of data with the public key corresponding to
+ * this certificate.
+ */
+
+NSS_EXTERN NSSItem *
+NSSCertificate_Encrypt(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCertificate_Verify
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCertificate_Verify(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh);
+
+/*
+ * NSSCertificate_VerifyRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCertificate_VerifyRecover(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCertificate_WrapSymmetricKey
+ *
+ * This method tries very hard to to succeed, even in situations
+ * involving sensitive keys and multiple modules.
+ * { relyea: want to add verbiage? }
+ */
+
+NSS_EXTERN NSSItem *
+NSSCertificate_WrapSymmetricKey(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCertificate_CreateCryptoContext
+ *
+ * Create a crypto context, in this certificate's trust domain, with this
+ * as the distinguished certificate.
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSCertificate_CreateCryptoContext(
+    NSSCertificate *c,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh);
+
+/*
+ * NSSCertificate_GetPublicKey
+ *
+ * Returns the public key corresponding to this certificate.
+ */
+
+NSS_EXTERN NSSPublicKey *
+NSSCertificate_GetPublicKey(NSSCertificate *c);
+
+/*
+ * NSSCertificate_FindPrivateKey
+ *
+ * Finds and returns the private key corresponding to this certificate,
+ * if it is available.
+ *
+ * { Should this hang off of NSSUserCertificate? }
+ */
+
+NSS_EXTERN NSSPrivateKey *
+NSSCertificate_FindPrivateKey(
+    NSSCertificate *c,
+    NSSCallback *uhh);
+
+/*
+ * NSSCertificate_IsPrivateKeyAvailable
+ *
+ * Returns success if the private key corresponding to this certificate
+ * is available to be used.
+ *
+ * { Should *this* hang off of NSSUserCertificate?? }
+ */
+
+NSS_EXTERN PRBool
+NSSCertificate_IsPrivateKeyAvailable(
+    NSSCertificate *c,
+    NSSCallback *uhh,
+    PRStatus *statusOpt);
+
+/*
+ * If we make NSSUserCertificate not a typedef of NSSCertificate,
+ * then we'll need implementations of the following:
+ *
+ *  NSSUserCertificate_Destroy
+ *  NSSUserCertificate_DeleteStoredObject
+ *  NSSUserCertificate_Validate
+ *  NSSUserCertificate_ValidateCompletely
+ *  NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies
+ *  NSSUserCertificate_Encode
+ *  NSSUserCertificate_BuildChain
+ *  NSSUserCertificate_GetTrustDomain
+ *  NSSUserCertificate_GetToken
+ *  NSSUserCertificate_GetSlot
+ *  NSSUserCertificate_GetModule
+ *  NSSUserCertificate_GetCryptoContext
+ *  NSSUserCertificate_GetPublicKey
+ */
+
+/*
+ * NSSUserCertificate_IsStillPresent
+ *
+ * Verify that if this certificate lives on a token, that the token
+ * is still present and the certificate still exists.  This is a
+ * lightweight call which should be used whenever it should be
+ * verified that the user hasn't perhaps popped out his or her
+ * token and strolled away.
+ */
+
+NSS_EXTERN PRBool
+NSSUserCertificate_IsStillPresent(
+    NSSUserCertificate *uc,
+    PRStatus *statusOpt);
+
+/*
+ * NSSUserCertificate_Decrypt
+ *
+ * Decrypt a single chunk of data with the private key corresponding
+ * to this certificate.
+ */
+
+NSS_EXTERN NSSItem *
+NSSUserCertificate_Decrypt(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSUserCertificate_Sign
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSUserCertificate_Sign(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSUserCertificate_SignRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSUserCertificate_SignRecover(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSUserCertificate_UnwrapSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSUserCertificate_UnwrapSymmetricKey(
+    NSSUserCertificate *uc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSUserCertificate_DeriveSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSUserCertificate_DeriveSymmetricKey(
+    NSSUserCertificate *uc, /* provides private key */
+    NSSCertificate *c,      /* provides public key */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt, /* zero for best allowed */
+    NSSOperations operations,
+    NSSCallback *uhh);
+
+/* filter-certs function(s) */
+
+/**
+ ** fgmr -- trust objects
+ **/
+
+/*
+ * NSSPrivateKey
+ *
+ */
+
+/*
+ * NSSPrivateKey_Destroy
+ *
+ * Free a pointer to a private key object.
+ */
+
+NSS_EXTERN PRStatus
+NSSPrivateKey_Destroy(NSSPrivateKey *vk);
+
+/*
+ * NSSPrivateKey_DeleteStoredObject
+ *
+ * Permanently remove this object, and any related objects (such as the
+ * certificates corresponding to this key).
+ */
+
+NSS_EXTERN PRStatus
+NSSPrivateKey_DeleteStoredObject(
+    NSSPrivateKey *vk,
+    NSSCallback *uhh);
+
+/*
+ * NSSPrivateKey_GetSignatureLength
+ *
+ */
+
+NSS_EXTERN PRUint32
+NSSPrivateKey_GetSignatureLength(NSSPrivateKey *vk);
+
+/*
+ * NSSPrivateKey_GetPrivateModulusLength
+ *
+ */
+
+NSS_EXTERN PRUint32
+NSSPrivateKey_GetPrivateModulusLength(NSSPrivateKey *vk);
+
+/*
+ * NSSPrivateKey_IsStillPresent
+ *
+ */
+
+NSS_EXTERN PRBool
+NSSPrivateKey_IsStillPresent(
+    NSSPrivateKey *vk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSPrivateKey_Encode
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSPrivateKey_Encode(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *ap,
+    NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPrivateKey_GetTrustDomain
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSTrustDomain *
+NSSPrivateKey_GetTrustDomain(
+    NSSPrivateKey *vk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSPrivateKey_GetToken
+ *
+ */
+
+NSS_EXTERN NSSToken *
+NSSPrivateKey_GetToken(NSSPrivateKey *vk);
+
+/*
+ * NSSPrivateKey_GetSlot
+ *
+ */
+
+NSS_EXTERN NSSSlot *
+NSSPrivateKey_GetSlot(NSSPrivateKey *vk);
+
+/*
+ * NSSPrivateKey_GetModule
+ *
+ */
+
+NSS_EXTERN NSSModule *
+NSSPrivateKey_GetModule(NSSPrivateKey *vk);
+
+/*
+ * NSSPrivateKey_Decrypt
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSPrivateKey_Decrypt(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *encryptedData,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPrivateKey_Sign
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSPrivateKey_Sign(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPrivateKey_SignRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSPrivateKey_SignRecover(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPrivateKey_UnwrapSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSPrivateKey_UnwrapSymmetricKey(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSCallback *uhh);
+
+/*
+ * NSSPrivateKey_DeriveSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSPrivateKey_DeriveSymmetricKey(
+    NSSPrivateKey *vk,
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt, /* zero for best allowed */
+    NSSOperations operations,
+    NSSCallback *uhh);
+
+/*
+ * NSSPrivateKey_FindPublicKey
+ *
+ */
+
+NSS_EXTERN NSSPublicKey *
+NSSPrivateKey_FindPublicKey(
+    NSSPrivateKey *vk
+    /* { don't need the callback here, right? } */
+    );
+
+/*
+ * NSSPrivateKey_CreateCryptoContext
+ *
+ * Create a crypto context, in this key's trust domain,
+ * with this as the distinguished private key.
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSPrivateKey_CreateCryptoContext(
+    NSSPrivateKey *vk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhh);
+
+/*
+ * NSSPrivateKey_FindCertificates
+ *
+ * Note that there may be more than one certificate for this
+ * private key.  { FilterCertificates function to further
+ * reduce the list. }
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSPrivateKey_FindCertificates(
+    NSSPrivateKey *vk,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPrivateKey_FindBestCertificate
+ *
+ * The parameters for this function will depend on what the users
+ * need.  This is just a starting point.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSPrivateKey_FindBestCertificate(
+    NSSPrivateKey *vk,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSPublicKey
+ *
+ * Once you generate, find, or derive one of these, you can use it
+ * to perform (simple) cryptographic operations.  Though there may
+ * be certificates associated with these public keys, they are not
+ * verified.
+ */
+
+/*
+ * NSSPublicKey_Destroy
+ *
+ * Free a pointer to a public key object.
+ */
+
+NSS_EXTERN PRStatus
+NSSPublicKey_Destroy(NSSPublicKey *bk);
+
+/*
+ * NSSPublicKey_DeleteStoredObject
+ *
+ * Permanently remove this object, and any related objects (such as the
+ * corresponding private keys and certificates).
+ */
+
+NSS_EXTERN PRStatus
+NSSPublicKey_DeleteStoredObject(
+    NSSPublicKey *bk,
+    NSSCallback *uhh);
+
+/*
+ * NSSPublicKey_Encode
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSPublicKey_Encode(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *ap,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPublicKey_GetTrustDomain
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSTrustDomain *
+NSSPublicKey_GetTrustDomain(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSPublicKey_GetToken
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSToken *
+NSSPublicKey_GetToken(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSPublicKey_GetSlot
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSSlot *
+NSSPublicKey_GetSlot(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSPublicKey_GetModule
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSModule *
+NSSPublicKey_GetModule(
+    NSSPublicKey *bk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSPublicKey_Encrypt
+ *
+ * Encrypt a single chunk of data with the public key corresponding to
+ * this certificate.
+ */
+
+NSS_EXTERN NSSItem *
+NSSPublicKey_Encrypt(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPublicKey_Verify
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSPublicKey_Verify(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSCallback *uhh);
+
+/*
+ * NSSPublicKey_VerifyRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSPublicKey_VerifyRecover(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPublicKey_WrapSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSPublicKey_WrapSymmetricKey(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPublicKey_CreateCryptoContext
+ *
+ * Create a crypto context, in this key's trust domain, with this
+ * as the distinguished public key.
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSPublicKey_CreateCryptoContext(
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhh);
+
+/*
+ * NSSPublicKey_FindCertificates
+ *
+ * Note that there may be more than one certificate for this
+ * public key.  The current implementation may not find every
+ * last certificate available for this public key: that would
+ * involve trolling e.g. huge ldap databases, which will be
+ * grossly inefficient and not generally useful.
+ * { FilterCertificates function to further reduce the list }
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSPublicKey_FindCertificates(
+    NSSPublicKey *bk,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSPrivateKey_FindBestCertificate
+ *
+ * The parameters for this function will depend on what the users
+ * need.  This is just a starting point.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSPublicKey_FindBestCertificate(
+    NSSPublicKey *bk,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSPublicKey_FindPrivateKey
+ *
+ */
+
+NSS_EXTERN NSSPrivateKey *
+NSSPublicKey_FindPrivateKey(
+    NSSPublicKey *bk,
+    NSSCallback *uhh);
+
+/*
+ * NSSSymmetricKey
+ *
+ */
+
+/*
+ * NSSSymmetricKey_Destroy
+ *
+ * Free a pointer to a symmetric key object.
+ */
+
+NSS_EXTERN PRStatus
+NSSSymmetricKey_Destroy(NSSSymmetricKey *mk);
+
+/*
+ * NSSSymmetricKey_DeleteStoredObject
+ *
+ * Permanently remove this object.
+ */
+
+NSS_EXTERN PRStatus
+NSSSymmetricKey_DeleteStoredObject(
+    NSSSymmetricKey *mk,
+    NSSCallback *uhh);
+
+/*
+ * NSSSymmetricKey_GetKeyLength
+ *
+ */
+
+NSS_EXTERN PRUint32
+NSSSymmetricKey_GetKeyLength(NSSSymmetricKey *mk);
+
+/*
+ * NSSSymmetricKey_GetKeyStrength
+ *
+ */
+
+NSS_EXTERN PRUint32
+NSSSymmetricKey_GetKeyStrength(NSSSymmetricKey *mk);
+
+/*
+ * NSSSymmetricKey_IsStillPresent
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSSymmetricKey_IsStillPresent(NSSSymmetricKey *mk);
+
+/*
+ * NSSSymmetricKey_GetTrustDomain
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSTrustDomain *
+NSSSymmetricKey_GetTrustDomain(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSSymmetricKey_GetToken
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSToken *
+NSSSymmetricKey_GetToken(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSSymmetricKey_GetSlot
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSSlot *
+NSSSymmetricKey_GetSlot(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSSymmetricKey_GetModule
+ *
+ * There doesn't have to be one.
+ */
+
+NSS_EXTERN NSSModule *
+NSSSymmetricKey_GetModule(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt);
+
+/*
+ * NSSSymmetricKey_Encrypt
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSSymmetricKey_Encrypt(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSSymmetricKey_Decrypt
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSSymmetricKey_Decrypt(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *encryptedData,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSSymmetricKey_Sign
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSSymmetricKey_Sign(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSSymmetricKey_SignRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSSymmetricKey_SignRecover(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSSymmetricKey_Verify
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSSymmetricKey_Verify(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSCallback *uhh);
+
+/*
+ * NSSSymmetricKey_VerifyRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSSymmetricKey_VerifyRecover(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSSymmetricKey_WrapSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSSymmetricKey_WrapSymmetricKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSSymmetricKey_WrapPrivateKey
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSSymmetricKey_WrapPrivateKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPrivateKey *keyToWrap,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSSymmetricKey_UnwrapSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSSymmetricKey_UnwrapSymmetricKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSOID *target,
+    PRUint32 keySizeOpt,
+    NSSOperations operations,
+    NSSCallback *uhh);
+
+/*
+ * NSSSymmetricKey_UnwrapPrivateKey
+ *
+ */
+
+NSS_EXTERN NSSPrivateKey *
+NSSSymmetricKey_UnwrapPrivateKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSUTF8 *labelOpt,
+    NSSItem *keyIDOpt,
+    PRBool persistant,
+    PRBool sensitive,
+    NSSToken *destinationOpt,
+    NSSCallback *uhh);
+
+/*
+ * NSSSymmetricKey_DeriveSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSSymmetricKey_DeriveSymmetricKey(
+    NSSSymmetricKey *originalKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt,
+    NSSOperations operations,
+    NSSCallback *uhh);
+
+/*
+ * NSSSymmetricKey_CreateCryptoContext
+ *
+ * Create a crypto context, in this key's trust domain,
+ * with this as the distinguished symmetric key.
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSSymmetricKey_CreateCryptoContext(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhh);
+
+/*
+ * NSSTrustDomain
+ *
+ */
+
+/*
+ * NSSTrustDomain_Create
+ *
+ * This creates a trust domain, optionally with an initial cryptoki
+ * module.  If the module name is not null, the module is loaded if
+ * needed (using the uriOpt argument), and initialized with the
+ * opaqueOpt argument.  If mumble mumble priority settings, then
+ * module-specification objects in the module can cause the loading
+ * and initialization of further modules.
+ *
+ * The uriOpt is defined to take a URI.  At present, we only
+ * support file: URLs pointing to platform-native shared libraries.
+ * However, by specifying this as a URI, this keeps open the
+ * possibility of supporting other, possibly remote, resources.
+ *
+ * The "reserved" arguments is held for when we figure out the
+ * module priority stuff.
+ */
+
+NSS_EXTERN NSSTrustDomain *
+NSSTrustDomain_Create(
+    NSSUTF8 *moduleOpt,
+    NSSUTF8 *uriOpt,
+    NSSUTF8 *opaqueOpt,
+    void *reserved);
+
+/*
+ * NSSTrustDomain_Destroy
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_Destroy(NSSTrustDomain *td);
+
+/*
+ * NSSTrustDomain_SetDefaultCallback
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_SetDefaultCallback(
+    NSSTrustDomain *td,
+    NSSCallback *newCallback,
+    NSSCallback **oldCallbackOpt);
+
+/*
+ * NSSTrustDomain_GetDefaultCallback
+ *
+ */
+
+NSS_EXTERN NSSCallback *
+NSSTrustDomain_GetDefaultCallback(
+    NSSTrustDomain *td,
+    PRStatus *statusOpt);
+
+/*
+ * Default policies?
+ * Default usage?
+ * Default time, for completeness?
+ */
+
+/*
+ * NSSTrustDomain_LoadModule
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_LoadModule(
+    NSSTrustDomain *td,
+    NSSUTF8 *moduleOpt,
+    NSSUTF8 *uriOpt,
+    NSSUTF8 *opaqueOpt,
+    void *reserved);
+
+/*
+ * NSSTrustDomain_AddModule
+ * NSSTrustDomain_AddSlot
+ * NSSTrustDomain_UnloadModule
+ * Managing modules, slots, tokens; priorities;
+ * Traversing all of the above
+ * this needs more work
+ */
+
+/*
+ * NSSTrustDomain_DisableToken
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_DisableToken(
+    NSSTrustDomain *td,
+    NSSToken *token,
+    NSSError why);
+
+/*
+ * NSSTrustDomain_EnableToken
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_EnableToken(
+    NSSTrustDomain *td,
+    NSSToken *token);
+
+/*
+ * NSSTrustDomain_IsTokenEnabled
+ *
+ * If disabled, "why" is always on the error stack.
+ * The optional argument is just for convenience.
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_IsTokenEnabled(
+    NSSTrustDomain *td,
+    NSSToken *token,
+    NSSError *whyOpt);
+
+/*
+ * NSSTrustDomain_FindSlotByName
+ *
+ */
+
+NSS_EXTERN NSSSlot *
+NSSTrustDomain_FindSlotByName(
+    NSSTrustDomain *td,
+    NSSUTF8 *slotName);
+
+/*
+ * NSSTrustDomain_FindTokenByName
+ *
+ */
+
+NSS_EXTERN NSSToken *
+NSSTrustDomain_FindTokenByName(
+    NSSTrustDomain *td,
+    NSSUTF8 *tokenName);
+
+/*
+ * NSSTrustDomain_FindTokenBySlotName
+ *
+ */
+
+NSS_EXTERN NSSToken *
+NSSTrustDomain_FindTokenBySlotName(
+    NSSTrustDomain *td,
+    NSSUTF8 *slotName);
+
+/*
+ * NSSTrustDomain_FindBestTokenForAlgorithm
+ *
+ */
+
+NSS_EXTERN NSSToken *
+NSSTrustDomain_FindTokenForAlgorithm(
+    NSSTrustDomain *td,
+    NSSOID *algorithm);
+
+/*
+ * NSSTrustDomain_FindBestTokenForAlgorithms
+ *
+ */
+
+NSS_EXTERN NSSToken *
+NSSTrustDomain_FindBestTokenForAlgorithms(
+    NSSTrustDomain *td,
+    NSSOID *algorithms[],   /* may be null-terminated */
+    PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
+    );
+
+/*
+ * NSSTrustDomain_Login
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_Login(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSTrustDomain_Logout
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_Logout(NSSTrustDomain *td);
+
+/* Importing things */
+
+/*
+ * NSSTrustDomain_ImportCertificate
+ *
+ * The implementation will pull some data out of the certificate
+ * (e.g. e-mail address) for use in pkcs#11 object attributes.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_ImportCertificate(
+    NSSTrustDomain *td,
+    NSSCertificate *c);
+
+/*
+ * NSSTrustDomain_ImportPKIXCertificate
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_ImportPKIXCertificate(
+    NSSTrustDomain *td,
+    /* declared as a struct until these "data types" are defined */
+    struct NSSPKIXCertificateStr *pc);
+
+/*
+ * NSSTrustDomain_ImportEncodedCertificate
+ *
+ * Imports any type of certificate we support.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_ImportEncodedCertificate(
+    NSSTrustDomain *td,
+    NSSBER *ber);
+
+/*
+ * NSSTrustDomain_ImportEncodedCertificateChain
+ *
+ * If you just want the leaf, pass in a maximum of one.
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_ImportEncodedCertificateChain(
+    NSSTrustDomain *td,
+    NSSBER *ber,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSTrustDomain_ImportEncodedPrivateKey
+ *
+ */
+
+NSS_EXTERN NSSPrivateKey *
+NSSTrustDomain_ImportEncodedPrivateKey(
+    NSSTrustDomain *td,
+    NSSBER *ber,
+    NSSItem *passwordOpt, /* NULL will cause a callback */
+    NSSCallback *uhhOpt,
+    NSSToken *destination);
+
+/*
+ * NSSTrustDomain_ImportEncodedPublicKey
+ *
+ */
+
+NSS_EXTERN NSSPublicKey *
+NSSTrustDomain_ImportEncodedPublicKey(
+    NSSTrustDomain *td,
+    NSSBER *ber);
+
+/* Other importations: S/MIME capabilities */
+
+/*
+ * NSSTrustDomain_FindBestCertificateByNickname
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindBestCertificateByNickname(
+    NSSTrustDomain *td,
+    const NSSUTF8 *name,
+    NSSTime *timeOpt, /* NULL for "now" */
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt /* NULL for none */
+    );
+
+/*
+ * NSSTrustDomain_FindCertificatesByNickname
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_FindCertificatesByNickname(
+    NSSTrustDomain *td,
+    NSSUTF8 *name,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(
+    NSSTrustDomain *td,
+    NSSDER *issuer,
+    NSSDER *serialNumber);
+
+/*
+ * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber
+ *
+ * Theoretically, this should never happen.  However, some companies
+ * we know have issued duplicate certificates with the same issuer
+ * and serial number.  Do we just ignore them?  I'm thinking yes.
+ */
+
+/*
+ * NSSTrustDomain_FindBestCertificateBySubject
+ *
+ * This does not search through alternate names hidden in extensions.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindBestCertificateBySubject(
+    NSSTrustDomain *td,
+    NSSDER /*NSSUTF8*/ *subject,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSTrustDomain_FindCertificatesBySubject
+ *
+ * This does not search through alternate names hidden in extensions.
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_FindCertificatesBySubject(
+    NSSTrustDomain *td,
+    NSSDER /*NSSUTF8*/ *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSTrustDomain_FindBestCertificateByNameComponents
+ *
+ * This call does try several tricks, including a pseudo pkcs#11
+ * attribute for the ldap module to try as a query.  Eventually
+ * this call falls back to a traversal if that's what's required.
+ * It will search through alternate names hidden in extensions.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindBestCertificateByNameComponents(
+    NSSTrustDomain *td,
+    NSSUTF8 *nameComponents,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSTrustDomain_FindCertificatesByNameComponents
+ *
+ * This call, too, tries several tricks.  It will stop on the first
+ * attempt that generates results, so it won't e.g. traverse the
+ * entire ldap database.
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_FindCertificatesByNameComponents(
+    NSSTrustDomain *td,
+    NSSUTF8 *nameComponents,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSTrustDomain_FindCertificateByEncodedCertificate
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindCertificateByEncodedCertificate(
+    NSSTrustDomain *td,
+    NSSBER *encodedCertificate);
+
+/*
+ * NSSTrustDomain_FindBestCertificateByEmail
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindCertificateByEmail(
+    NSSTrustDomain *td,
+    NSSASCII7 *email,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSTrustDomain_FindCertificatesByEmail
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_FindCertificatesByEmail(
+    NSSTrustDomain *td,
+    NSSASCII7 *email,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSTrustDomain_FindCertificateByOCSPHash
+ *
+ * There can be only one.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindCertificateByOCSPHash(
+    NSSTrustDomain *td,
+    NSSItem *hash);
+
+/*
+ * NSSTrustDomain_TraverseCertificates
+ *
+ * This function descends from one in older versions of NSS which
+ * traverses the certs in the permanent database.  That function
+ * was used to implement selection routines, but was directly
+ * available too.  Trust domains are going to contain a lot more
+ * certs now (e.g., an ldap server), so we'd really like to
+ * discourage traversal.  Thus for now, this is commented out.
+ * If it's needed, let's look at the situation more closely to
+ * find out what the actual requirements are.
+ */
+
+/* For now, adding this function.  This may only be for debugging
+ * purposes.
+ * Perhaps some equivalent function, on a specified token, will be
+ * needed in a "friend" header file?
+ */
+NSS_EXTERN PRStatus *
+NSSTrustDomain_TraverseCertificates(
+    NSSTrustDomain *td,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg);
+
+/*
+ * NSSTrustDomain_FindBestUserCertificate
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindBestUserCertificate(
+    NSSTrustDomain *td,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSTrustDomain_FindUserCertificates
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_FindUserCertificates(
+    NSSTrustDomain *td,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindBestUserCertificateForSSLClientAuth(
+    NSSTrustDomain *td,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSTrustDomain_FindUserCertificatesForSSLClientAuth
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_FindUserCertificatesForSSLClientAuth(
+    NSSTrustDomain *td,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSTrustDomain_FindBestUserCertificateForEmailSigning
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSTrustDomain_FindBestUserCertificateForEmailSigning(
+    NSSTrustDomain *td,
+    NSSASCII7 *signerOpt,
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSTrustDomain_FindUserCertificatesForEmailSigning
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSTrustDomain_FindUserCertificatesForEmailSigning(
+    NSSTrustDomain *td,
+    NSSASCII7 *signerOpt,
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt);
+
+/*
+ * Here is where we'd add more Find[Best]UserCertificate[s]For<usage>
+ * routines.
+ */
+
+/* Private Keys */
+
+/*
+ * NSSTrustDomain_GenerateKeyPair
+ *
+ * Creates persistant objects.  If you want session objects, use
+ * NSSCryptoContext_GenerateKeyPair.  The destination token is where
+ * the keys are stored.  If that token can do the required math, then
+ * that's where the keys are generated too.  Otherwise, the keys are
+ * generated elsewhere and moved to that token.
+ */
+
+NSS_EXTERN PRStatus
+NSSTrustDomain_GenerateKeyPair(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap,
+    NSSPrivateKey **pvkOpt,
+    NSSPublicKey **pbkOpt,
+    PRBool privateKeyIsSensitive,
+    NSSToken *destination,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSTrustDomain_TraversePrivateKeys
+ *
+ *
+ * NSS_EXTERN PRStatus *
+ * NSSTrustDomain_TraversePrivateKeys
+ * (
+ *   NSSTrustDomain *td,
+ *   PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
+ *   void *arg
+ * );
+ */
+
+/* Symmetric Keys */
+
+/*
+ * NSSTrustDomain_GenerateSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSTrustDomain_GenerateSymmetricKey(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap,
+    PRUint32 keysize,
+    NSSToken *destination,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSTrustDomain_GenerateSymmetricKeyFromPassword
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSTrustDomain_GenerateSymmetricKeyFromPassword(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap,
+    NSSUTF8 *passwordOpt, /* if null, prompt */
+    NSSToken *destinationOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSTrustDomain_FindSymmetricKeyByAlgorithm
+ *
+ * Is this still needed?
+ *
+ * NSS_EXTERN NSSSymmetricKey *
+ * NSSTrustDomain_FindSymmetricKeyByAlgorithm
+ * (
+ *   NSSTrustDomain *td,
+ *   NSSOID *algorithm,
+ *   NSSCallback *uhhOpt
+ * );
+ */
+
+/*
+ * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID(
+    NSSTrustDomain *td,
+    NSSOID *algorithm,
+    NSSItem *keyID,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSTrustDomain_TraverseSymmetricKeys
+ *
+ *
+ * NSS_EXTERN PRStatus *
+ * NSSTrustDomain_TraverseSymmetricKeys
+ * (
+ *   NSSTrustDomain *td,
+ *   PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
+ *   void *arg
+ * );
+ */
+
+/*
+ * NSSTrustDomain_CreateCryptoContext
+ *
+ * If a callback object is specified, it becomes the for the crypto
+ * context; otherwise, this trust domain's default (if any) is
+ * inherited.
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSTrustDomain_CreateCryptoContext(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSTrustDomain_CreateCryptoContextForAlgorithm
+ *
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSTrustDomain_CreateCryptoContextForAlgorithm(
+    NSSTrustDomain *td,
+    NSSOID *algorithm);
+
+/*
+ * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
+ *
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap);
+
+/* find/traverse other objects, e.g. s/mime profiles */
+
+/*
+ * NSSCryptoContext
+ *
+ * A crypto context is sort of a short-term snapshot of a trust domain,
+ * used for the life of "one crypto operation."  You can also think of
+ * it as a "temporary database."
+ *
+ * Just about all of the things you can do with a trust domain -- importing
+ * or creating certs, keys, etc. -- can be done with a crypto context.
+ * The difference is that the objects will be temporary ("session") objects.
+ *
+ * Also, if the context was created for a key, cert, and/or algorithm; or
+ * if such objects have been "associated" with the context, then the context
+ * can do everything the keys can, like crypto operations.
+ *
+ * And finally, because it keeps the state of the crypto operations, it
+ * can do streaming crypto ops.
+ */
+
+/*
+ * NSSTrustDomain_Destroy
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_Destroy(NSSCryptoContext *cc);
+
+/* establishing a default callback */
+
+/*
+ * NSSCryptoContext_SetDefaultCallback
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_SetDefaultCallback(
+    NSSCryptoContext *cc,
+    NSSCallback *newCallback,
+    NSSCallback **oldCallbackOpt);
+
+/*
+ * NSSCryptoContext_GetDefaultCallback
+ *
+ */
+
+NSS_EXTERN NSSCallback *
+NSSCryptoContext_GetDefaultCallback(
+    NSSCryptoContext *cc,
+    PRStatus *statusOpt);
+
+/*
+ * NSSCryptoContext_GetTrustDomain
+ *
+ */
+
+NSS_EXTERN NSSTrustDomain *
+NSSCryptoContext_GetTrustDomain(
+    NSSCryptoContext *cc);
+
+/* AddModule, etc: should we allow "temporary" changes here? */
+/* DisableToken, etc: ditto */
+/* Ordering of tokens? */
+/* Finding slots+token etc. */
+/* login+logout */
+
+/* Importing things */
+
+/*
+ * NSSCryptoContext_FindOrImportCertificate
+ *
+ * If the certificate store already contains this DER cert, return the
+ * address of the matching NSSCertificate that is already in the store,
+ * and bump its reference count.
+ *
+ * If this DER cert is NOT already in the store, then add the new
+ * NSSCertificate to the store and bump its reference count,
+ * then return its address.
+ *
+ * if this DER cert is not in the store and cannot be added to it,
+ * return NULL;
+ *
+ * Record the associated crypto context in the certificate.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindOrImportCertificate(
+    NSSCryptoContext *cc,
+    NSSCertificate *c);
+
+/*
+ * NSSCryptoContext_ImportPKIXCertificate
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_ImportPKIXCertificate(
+    NSSCryptoContext *cc,
+    struct NSSPKIXCertificateStr *pc);
+
+/*
+ * NSSCryptoContext_ImportEncodedCertificate
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_ImportEncodedCertificate(
+    NSSCryptoContext *cc,
+    NSSBER *ber);
+
+/*
+ * NSSCryptoContext_ImportEncodedPKIXCertificateChain
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_ImportEncodedPKIXCertificateChain(
+    NSSCryptoContext *cc,
+    NSSBER *ber);
+
+/* Other importations: S/MIME capabilities
+ */
+
+/*
+ * NSSCryptoContext_FindBestCertificateByNickname
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindBestCertificateByNickname(
+    NSSCryptoContext *cc,
+    const NSSUTF8 *name,
+    NSSTime *timeOpt, /* NULL for "now" */
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt /* NULL for none */
+    );
+
+/*
+ * NSSCryptoContext_FindCertificatesByNickname
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSCryptoContext_FindCertificatesByNickname(
+    NSSCryptoContext *cc,
+    NSSUTF8 *name,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindCertificateByIssuerAndSerialNumber(
+    NSSCryptoContext *cc,
+    NSSDER *issuer,
+    NSSDER *serialNumber);
+
+/*
+ * NSSCryptoContext_FindBestCertificateBySubject
+ *
+ * This does not search through alternate names hidden in extensions.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindBestCertificateBySubject(
+    NSSCryptoContext *cc,
+    NSSDER /*NSSUTF8*/ *subject,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSCryptoContext_FindCertificatesBySubject
+ *
+ * This does not search through alternate names hidden in extensions.
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSCryptoContext_FindCertificatesBySubject(
+    NSSCryptoContext *cc,
+    NSSDER /*NSSUTF8*/ *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FindBestCertificateByNameComponents
+ *
+ * This call does try several tricks, including a pseudo pkcs#11
+ * attribute for the ldap module to try as a query.  Eventually
+ * this call falls back to a traversal if that's what's required.
+ * It will search through alternate names hidden in extensions.
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindBestCertificateByNameComponents(
+    NSSCryptoContext *cc,
+    NSSUTF8 *nameComponents,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSCryptoContext_FindCertificatesByNameComponents
+ *
+ * This call, too, tries several tricks.  It will stop on the first
+ * attempt that generates results, so it won't e.g. traverse the
+ * entire ldap database.
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSCryptoContext_FindCertificatesByNameComponents(
+    NSSCryptoContext *cc,
+    NSSUTF8 *nameComponents,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FindCertificateByEncodedCertificate
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindCertificateByEncodedCertificate(
+    NSSCryptoContext *cc,
+    NSSBER *encodedCertificate);
+
+/*
+ * NSSCryptoContext_FindBestCertificateByEmail
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindBestCertificateByEmail(
+    NSSCryptoContext *cc,
+    NSSASCII7 *email,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSCryptoContext_FindCertificatesByEmail
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSCryptoContext_FindCertificatesByEmail(
+    NSSCryptoContext *cc,
+    NSSASCII7 *email,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FindCertificateByOCSPHash
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindCertificateByOCSPHash(
+    NSSCryptoContext *cc,
+    NSSItem *hash);
+
+/*
+ * NSSCryptoContext_TraverseCertificates
+ *
+ *
+ * NSS_EXTERN PRStatus *
+ * NSSCryptoContext_TraverseCertificates
+ * (
+ *   NSSCryptoContext *cc,
+ *   PRStatus (*callback)(NSSCertificate *c, void *arg),
+ *   void *arg
+ * );
+ */
+
+/*
+ * NSSCryptoContext_FindBestUserCertificate
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindBestUserCertificate(
+    NSSCryptoContext *cc,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSCryptoContext_FindUserCertificates
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSCryptoContext_FindUserCertificates(
+    NSSCryptoContext *cc,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindBestUserCertificateForSSLClientAuth(
+    NSSCryptoContext *cc,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSCryptoContext_FindUserCertificatesForSSLClientAuth
+ *
+ */
+
+NSS_EXTERN NSSCertificate **
+NSSCryptoContext_FindUserCertificatesForSSLClientAuth(
+    NSSCryptoContext *cc,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FindBestUserCertificateForEmailSigning
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindBestUserCertificateForEmailSigning(
+    NSSCryptoContext *cc,
+    NSSASCII7 *signerOpt,
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt);
+
+/*
+ * NSSCryptoContext_FindUserCertificatesForEmailSigning
+ *
+ */
+
+NSS_EXTERN NSSCertificate *
+NSSCryptoContext_FindUserCertificatesForEmailSigning(
+    NSSCryptoContext *cc,
+    NSSASCII7 *signerOpt, /* fgmr or a more general name? */
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt);
+
+/* Private Keys */
+
+/*
+ * NSSCryptoContext_GenerateKeyPair
+ *
+ * Creates session objects.  If you want persistant objects, use
+ * NSSTrustDomain_GenerateKeyPair.  The destination token is where
+ * the keys are stored.  If that token can do the required math, then
+ * that's where the keys are generated too.  Otherwise, the keys are
+ * generated elsewhere and moved to that token.
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_GenerateKeyPair(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *ap,
+    NSSPrivateKey **pvkOpt,
+    NSSPublicKey **pbkOpt,
+    PRBool privateKeyIsSensitive,
+    NSSToken *destination,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_TraversePrivateKeys
+ *
+ *
+ * NSS_EXTERN PRStatus *
+ * NSSCryptoContext_TraversePrivateKeys
+ * (
+ *   NSSCryptoContext *cc,
+ *   PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
+ *   void *arg
+ * );
+ */
+
+/* Symmetric Keys */
+
+/*
+ * NSSCryptoContext_GenerateSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSCryptoContext_GenerateSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *ap,
+    PRUint32 keysize,
+    NSSToken *destination,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_GenerateSymmetricKeyFromPassword
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSCryptoContext_GenerateSymmetricKeyFromPassword(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *ap,
+    NSSUTF8 *passwordOpt, /* if null, prompt */
+    NSSToken *destinationOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_FindSymmetricKeyByAlgorithm
+ *
+ *
+ * NSS_EXTERN NSSSymmetricKey *
+ * NSSCryptoContext_FindSymmetricKeyByType
+ * (
+ *   NSSCryptoContext *cc,
+ *   NSSOID *type,
+ *   NSSCallback *uhhOpt
+ * );
+ */
+
+/*
+ * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID(
+    NSSCryptoContext *cc,
+    NSSOID *algorithm,
+    NSSItem *keyID,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_TraverseSymmetricKeys
+ *
+ *
+ * NSS_EXTERN PRStatus *
+ * NSSCryptoContext_TraverseSymmetricKeys
+ * (
+ *   NSSCryptoContext *cc,
+ *   PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
+ *   void *arg
+ * );
+ */
+
+/* Crypto ops on distinguished keys */
+
+/*
+ * NSSCryptoContext_Decrypt
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_Decrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *encryptedData,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_BeginDecrypt
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_BeginDecrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_ContinueDecrypt
+ *
+ */
+
+/*
+ * NSSItem semantics:
+ *
+ *   If rvOpt is NULL, a new NSSItem and buffer are allocated.
+ *   If rvOpt is not null, but the buffer pointer is null,
+ *     then rvOpt is returned but a new buffer is allocated.
+ *     In this case, if the length value is not zero, then
+ *     no more than that much space will be allocated.
+ *   If rvOpt is not null and the buffer pointer is not null,
+ *     then that buffer is re-used.  No more than the buffer
+ *     length value will be used; if it's not enough, an
+ *     error is returned.  If less is used, the number is
+ *     adjusted downwards.
+ *
+ *  Note that although this is short of some ideal "Item"
+ *  definition, we can usually tell how big these buffers
+ *  have to be.
+ *
+ *  Feedback is requested; and earlier is better than later.
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_ContinueDecrypt(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FinishDecrypt
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_FinishDecrypt(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_Sign
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_Sign(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_BeginSign
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_BeginSign(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_ContinueSign
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_ContinueSign(
+    NSSCryptoContext *cc,
+    NSSItem *data);
+
+/*
+ * NSSCryptoContext_FinishSign
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_FinishSign(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_SignRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_SignRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_BeginSignRecover
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_BeginSignRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_ContinueSignRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_ContinueSignRecover(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FinishSignRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_FinishSignRecover(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_UnwrapSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSCryptoContext_UnwrapSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_DeriveSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSSymmetricKey *
+NSSCryptoContext_DeriveSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSPublicKey *bk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt, /* zero for best allowed */
+    NSSOperations operations,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_Encrypt
+ *
+ * Encrypt a single chunk of data with the distinguished public key
+ * of this crypto context.
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_Encrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_BeginEncrypt
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_BeginEncrypt(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_ContinueEncrypt
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_ContinueEncrypt(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FinishEncrypt
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_FinishEncrypt(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_Verify
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_Verify(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_BeginVerify
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_BeginVerify(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_ContinueVerify
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_ContinueVerify(
+    NSSCryptoContext *cc,
+    NSSItem *data);
+
+/*
+ * NSSCryptoContext_FinishVerify
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_FinishVerify(
+    NSSCryptoContext *cc);
+
+/*
+ * NSSCryptoContext_VerifyRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_VerifyRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_BeginVerifyRecover
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_BeginVerifyRecover(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_ContinueVerifyRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_ContinueVerifyRecover(
+    NSSCryptoContext *cc,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_FinishVerifyRecover
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_FinishVerifyRecover(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_WrapSymmetricKey
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_WrapSymmetricKey(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_Digest
+ *
+ * Digest a single chunk of data with the distinguished digest key
+ * of this crypto context.
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_Digest(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhhOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * NSSCryptoContext_BeginDigest
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_BeginDigest(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhhOpt);
+
+/*
+ * NSSCryptoContext_ContinueDigest
+ *
+ */
+
+NSS_EXTERN PRStatus
+NSSCryptoContext_ContinueDigest(
+    NSSCryptoContext *cc,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *item);
+
+/*
+ * NSSCryptoContext_FinishDigest
+ *
+ */
+
+NSS_EXTERN NSSItem *
+NSSCryptoContext_FinishDigest(
+    NSSCryptoContext *cc,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
+
+/*
+ * tbd: Combination ops
+ */
+
+/*
+ * NSSCryptoContext_Clone
+ *
+ */
+
+NSS_EXTERN NSSCryptoContext *
+NSSCryptoContext_Clone(NSSCryptoContext *cc);
+
+/*
+ * NSSCryptoContext_Save
+ * NSSCryptoContext_Restore
+ *
+ * We need to be able to save and restore the state of contexts.
+ * Perhaps a mark-and-release mechanism would be better?
+ */
+
+/*
+ * ..._SignTBSCertificate
+ *
+ * This requires feedback from the cert server team.
+ */
+
+/*
+ * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c);
+ * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool trusted);
+ *
+ * These will be helper functions which get the trust object for a cert,
+ * and then call the corresponding function(s) on it.
+ *
+ * PKIX trust objects will have methods to manipulate the low-level trust
+ * bits (which are based on key usage and extended key usage), and also the
+ * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.)
+ *
+ * Other types of trust objects (if any) might have different low-level
+ * representations, but hopefully high-level concepts would map.
+ *
+ * Only these high-level general routines would be promoted to the
+ * general certificate level here.  Hence the {xxx} above would be things
+ * like "EmailSigning."
+ *
+ *
+ * NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c);
+ * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust *t);
+ *
+ * I want to hold off on any general trust object until we've investigated
+ * other models more thoroughly.
+ */
+
+PR_END_EXTERN_C
+
+#endif /* NSSPKI_H */
diff --git a/nss/lib/pki/nsspkit.h b/nss/lib/pki/nsspkit.h
new file mode 100644
index 0000000..1d6bc71
--- /dev/null
+++ b/nss/lib/pki/nsspkit.h
@@ -0,0 +1,247 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSPKIT_H
+#define NSSPKIT_H
+
+/*
+ * nsspkit.h
+ *
+ * This file defines the types of the top-level PKI objects.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * NSSCertificate
+ *
+ * This is the public representation of a Certificate.  The certificate
+ * may be one found on a smartcard or other token, one decoded from data
+ * received as part of a protocol, one constructed from constituent
+ * parts, etc.  Usually it is associated with ("in") a trust domain; as
+ * it can be verified only within a trust domain.  The underlying type
+ * of certificate may be of any supported standard, e.g. PKIX, PGP, etc.
+ *
+ * People speak of "verifying (with) the server's, or correspondant's,
+ * certificate"; for simple operations we support that simplification
+ * by implementing public-key crypto operations as methods on this type.
+ */
+
+struct NSSCertificateStr;
+typedef struct NSSCertificateStr NSSCertificate;
+
+/*
+ * NSSUserCertificate
+ *
+ * A ``User'' certificate is one for which the private key is available.
+ * People speak of "using my certificate to sign my email" and "using
+ * my certificate to authenticate to (or login to) the server"; for
+ * simple operations, we support that simplification by implementing
+ * private-key crypto operations as methods on this type.
+ *
+ * The current design only weakly distinguishes between certificates
+ * and user certificates: as far as the compiler goes they're
+ * interchangeable; debug libraries only have one common pointer-tracker;
+ * etc.  However, attempts to do private-key operations on a certificate
+ * for which the private key is not available will fail.
+ *
+ * Open design question: should these types be more firmly separated?
+ */
+
+typedef NSSCertificate NSSUserCertificate;
+
+/*
+ * NSSPrivateKey
+ *
+ * This is the public representation of a Private Key.  In general,
+ * the actual value of the key is not available, but operations may
+ * be performed with it.
+ */
+
+struct NSSPrivateKeyStr;
+typedef struct NSSPrivateKeyStr NSSPrivateKey;
+
+/*
+ * NSSPublicKey
+ *
+ */
+
+struct NSSPublicKeyStr;
+typedef struct NSSPublicKeyStr NSSPublicKey;
+
+/*
+ * NSSSymmetricKey
+ *
+ */
+
+struct NSSSymmetricKeyStr;
+typedef struct NSSSymmetricKeyStr NSSSymmetricKey;
+
+/*
+ * NSSTrustDomain
+ *
+ * A Trust Domain is the field in which certificates may be validated.
+ * A trust domain will generally have one or more cryptographic modules
+ * open; these modules perform the cryptographic operations, and
+ * provide the basic "root" trust information from which the trust in
+ * a specific certificate or key depends.
+ *
+ * A client program, or a simple server, would typically have one
+ * trust domain.  A server supporting multiple "virtual servers" might
+ * have a separate trust domain for each virtual server.  The separate
+ * trust domains might share some modules (e.g., a hardware crypto
+ * accelerator) but not others (e.g., the tokens storing the different
+ * servers' private keys, or the databases with each server's trusted
+ * root certificates).
+ *
+ * This object descends from the "permananet database" in the old code.
+ */
+
+struct NSSTrustDomainStr;
+typedef struct NSSTrustDomainStr NSSTrustDomain;
+
+/*
+ * NSSCryptoContext
+ *
+ * A Crypto Context is a short-term, "helper" object which is used
+ * for the lifetime of one ongoing "crypto operation."  Such an
+ * operation may be the creation of a signed message, the use of an
+ * TLS socket connection, etc.  Each crypto context is "in" a
+ * specific trust domain, and it may have associated with it a
+ * distinguished certificate, public key, private key, and/or
+ * symmetric key.  It can also temporarily hold and use temporary
+ * data (e.g. intermediate certificates) which is not stored
+ * permanently in the trust domain.
+ *
+ * In OO terms, this interface inherits interfaces from the trust
+ * domain, the certificates, and the keys.  It also provides
+ * streaming crypto operations.
+ *
+ * This object descends from the "temporary database" concept in the
+ * old code, but it has changed a lot as a result of what we've
+ * learned.
+ */
+
+typedef struct NSSCryptoContextStr NSSCryptoContext;
+
+/*
+ * fgmr others
+ */
+
+/*
+ * OBJECT IDENTIFIER
+ *
+ * This is the basic OID that crops up everywhere.
+ */
+
+struct NSSOIDStr; /* unused opaque structure */
+typedef struct NSSOIDStr NSSOID;
+
+/*
+ * NSSTime
+ *
+ * Unfortunately, we need an "exceptional" value to indicate
+ * an error upon return, or "no value" on input.  Note that zero
+ * is a perfectly valid value for both time_t and PRTime.
+ *
+ * If we were to create a "range" object, with two times for
+ * Not Before and Not After, we would have an obvious place for
+ * the somewhat arbitrary logic involved in comparing them.
+ *
+ * Failing that, let's have an NSSTime_CompareRanges function.
+ */
+
+struct NSSTimeStr;
+typedef struct NSSTimeStr NSSTime;
+
+struct NSSTrustStr;
+typedef struct NSSTrustStr NSSTrust;
+
+/*
+ * NSSUsage
+ *
+ * This is trickier than originally planned; I'll write up a
+ * doc on it.
+ *
+ * We'd still like nsspki.h to have a list of common usages,
+ * e.g.:
+ *
+ *  extern const NSSUsage *NSSUsage_ClientAuth;
+ *  extern const NSSUsage *NSSUsage_ServerAuth;
+ *  extern const NSSUsage *NSSUsage_SignEmail;
+ *  extern const NSSUsage *NSSUsage_EncryptEmail;
+ *  etc.
+ */
+
+struct NSSUsageStr;
+typedef struct NSSUsageStr NSSUsage;
+
+/*
+ * NSSPolicies
+ *
+ * Placeholder, for now.
+ */
+
+struct NSSPoliciesStr;
+typedef struct NSSPoliciesStr NSSPolicies;
+
+/*
+ * NSSAlgorithmAndParameters
+ *
+ * Algorithm is an OID
+ * Parameters depend on the algorithm
+ */
+
+struct NSSAlgorithmAndParametersStr;
+typedef struct NSSAlgorithmAndParametersStr NSSAlgorithmAndParameters;
+
+/*
+ * NSSCallback
+ *
+ * At minimum, a "challenge" method and a closure argument.
+ * Usually the challenge will just be prompting for a password.
+ * How OO do we want to make it?
+ */
+
+typedef struct NSSCallbackStr NSSCallback;
+
+struct NSSCallbackStr {
+    /* Prompt for a password to initialize a slot.  */
+    PRStatus (*getInitPW)(NSSUTF8 *slotName, void *arg,
+                          NSSUTF8 **ssoPW, NSSUTF8 **userPW);
+    /* Prompt for oldPW and newPW in order to change the
+     * password on a slot.
+     */
+    PRStatus (*getNewPW)(NSSUTF8 *slotName, PRUint32 *retries, void *arg,
+                         NSSUTF8 **oldPW, NSSUTF8 **newPW);
+    /* Prompt for slot password.  */
+    PRStatus (*getPW)(NSSUTF8 *slotName, PRUint32 *retries, void *arg,
+                      NSSUTF8 **password);
+    void *arg;
+};
+
+/* set errors - user cancelled, ... */
+
+typedef PRUint32 NSSOperations;
+/* 1) Do we want these to be preprocessor definitions or constants? */
+/* 2) What is the correct and complete list? */
+
+#define NSSOperations_ENCRYPT 0x0001
+#define NSSOperations_DECRYPT 0x0002
+#define NSSOperations_WRAP 0x0004
+#define NSSOperations_UNWRAP 0x0008
+#define NSSOperations_SIGN 0x0010
+#define NSSOperations_SIGN_RECOVER 0x0020
+#define NSSOperations_VERIFY 0x0040
+#define NSSOperations_VERIFY_RECOVER 0x0080
+
+struct NSSPKIXCertificateStr;
+
+PR_END_EXTERN_C
+
+#endif /* NSSPKIT_H */
diff --git a/nss/lib/pki/pki.gyp b/nss/lib/pki/pki.gyp
new file mode 100644
index 0000000..c3475df
--- /dev/null
+++ b/nss/lib/pki/pki.gyp
@@ -0,0 +1,32 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nsspki',
+      'type': 'static_library',
+      'sources': [
+        'asymmkey.c',
+        'certdecode.c',
+        'certificate.c',
+        'cryptocontext.c',
+        'pki3hack.c',
+        'pkibase.c',
+        'pkistore.c',
+        'symmkey.c',
+        'tdcache.c',
+        'trustdomain.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/pki/pki.h b/nss/lib/pki/pki.h
new file mode 100644
index 0000000..00cebe7
--- /dev/null
+++ b/nss/lib/pki/pki.h
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKI_H
+#define PKI_H
+
+#ifndef NSSDEVT_H
+#include "nssdevt.h"
+#endif /* NSSDEVT_H */
+
+#ifndef NSSPKI_H
+#include "nsspki.h"
+#endif /* NSSPKI_H */
+
+#ifndef PKIT_H
+#include "pkit.h"
+#endif /* PKIT_H */
+
+PR_BEGIN_EXTERN_C
+
+NSS_EXTERN NSSCallback *
+nssTrustDomain_GetDefaultCallback(
+    NSSTrustDomain *td,
+    PRStatus *statusOpt);
+
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_FindCertificatesBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSTrust *
+nssTrustDomain_FindTrustForCertificate(
+    NSSTrustDomain *td,
+    NSSCertificate *c);
+
+NSS_EXTERN NSSCertificate *
+nssCertificate_AddRef(NSSCertificate *c);
+
+NSS_EXTERN PRStatus
+nssCertificate_Destroy(NSSCertificate *c);
+
+NSS_EXTERN NSSDER *
+nssCertificate_GetEncoding(NSSCertificate *c);
+
+NSS_EXTERN NSSDER *
+nssCertificate_GetIssuer(NSSCertificate *c);
+
+NSS_EXTERN NSSDER *
+nssCertificate_GetSerialNumber(NSSCertificate *c);
+
+NSS_EXTERN NSSDER *
+nssCertificate_GetSubject(NSSCertificate *c);
+
+/* Returns a copy, Caller must free using nss_ZFreeIf */
+NSS_EXTERN NSSUTF8 *
+nssCertificate_GetNickname(
+    NSSCertificate *c,
+    NSSToken *tokenOpt);
+
+NSS_EXTERN NSSASCII7 *
+nssCertificate_GetEmailAddress(NSSCertificate *c);
+
+NSS_EXTERN PRBool
+nssCertificate_IssuerAndSerialEqual(
+    NSSCertificate *c1,
+    NSSCertificate *c2);
+
+NSS_EXTERN NSSPrivateKey *
+nssPrivateKey_AddRef(NSSPrivateKey *vk);
+
+NSS_EXTERN PRStatus
+nssPrivateKey_Destroy(NSSPrivateKey *vk);
+
+NSS_EXTERN NSSItem *
+nssPrivateKey_GetID(NSSPrivateKey *vk);
+
+NSS_EXTERN NSSUTF8 *
+nssPrivateKey_GetNickname(
+    NSSPrivateKey *vk,
+    NSSToken *tokenOpt);
+
+NSS_EXTERN PRStatus
+nssPublicKey_Destroy(NSSPublicKey *bk);
+
+NSS_EXTERN NSSItem *
+nssPublicKey_GetID(NSSPublicKey *vk);
+
+NSS_EXTERN NSSCertificate **
+nssCryptoContext_FindCertificatesBySubject(
+    NSSCryptoContext *cc,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/* putting here for now, needs more thought */
+NSS_EXTERN PRStatus
+nssCryptoContext_ImportTrust(
+    NSSCryptoContext *cc,
+    NSSTrust *trust);
+
+NSS_EXTERN NSSTrust *
+nssCryptoContext_FindTrustForCertificate(
+    NSSCryptoContext *cc,
+    NSSCertificate *cert);
+
+NSS_EXTERN PRStatus
+nssCryptoContext_ImportSMIMEProfile(
+    NSSCryptoContext *cc,
+    nssSMIMEProfile *profile);
+
+NSS_EXTERN nssSMIMEProfile *
+nssCryptoContext_FindSMIMEProfileForCertificate(
+    NSSCryptoContext *cc,
+    NSSCertificate *cert);
+
+NSS_EXTERN NSSTrust *
+nssTrust_AddRef(NSSTrust *trust);
+
+NSS_EXTERN PRStatus
+nssTrust_Destroy(NSSTrust *trust);
+
+NSS_EXTERN nssSMIMEProfile *
+nssSMIMEProfile_AddRef(nssSMIMEProfile *profile);
+
+NSS_EXTERN PRStatus
+nssSMIMEProfile_Destroy(nssSMIMEProfile *profile);
+
+NSS_EXTERN nssSMIMEProfile *
+nssSMIMEProfile_Create(
+    NSSCertificate *cert,
+    NSSItem *profileTime,
+    NSSItem *profileData);
+
+PR_END_EXTERN_C
+
+#endif /* PKI_H */
diff --git a/nss/lib/pki/pki3hack.c b/nss/lib/pki/pki3hack.c
new file mode 100644
index 0000000..0826b7f
--- /dev/null
+++ b/nss/lib/pki/pki3hack.c
@@ -0,0 +1,1441 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Hacks to integrate NSS 3.4 and NSS 4.0 certificates.
+ */
+
+#ifndef NSSPKI_H
+#include "nsspki.h"
+#endif /* NSSPKI_H */
+
+#ifndef PKI_H
+#include "pki.h"
+#endif /* PKI_H */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+#ifndef DEV_H
+#include "dev.h"
+#endif /* DEV_H */
+
+#ifndef DEVNSS3HACK_H
+#include "dev3hack.h"
+#endif /* DEVNSS3HACK_H */
+
+#ifndef PKINSS3HACK_H
+#include "pki3hack.h"
+#endif /* PKINSS3HACK_H */
+
+#include "secitem.h"
+#include "certdb.h"
+#include "certt.h"
+#include "cert.h"
+#include "certi.h"
+#include "pk11func.h"
+#include "pkistore.h"
+#include "secmod.h"
+#include "nssrwlk.h"
+
+NSSTrustDomain *g_default_trust_domain = NULL;
+
+NSSCryptoContext *g_default_crypto_context = NULL;
+
+NSSTrustDomain *
+STAN_GetDefaultTrustDomain()
+{
+    return g_default_trust_domain;
+}
+
+NSSCryptoContext *
+STAN_GetDefaultCryptoContext()
+{
+    return g_default_crypto_context;
+}
+
+extern const NSSError NSS_ERROR_ALREADY_INITIALIZED;
+extern const NSSError NSS_ERROR_INTERNAL_ERROR;
+
+NSS_IMPLEMENT PRStatus
+STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot)
+{
+    NSSToken *token;
+    if (!td) {
+        td = g_default_trust_domain;
+        if (!td) {
+            /* we're called while still initting. slot will get added
+             * appropriately through normal init processes */
+            return PR_SUCCESS;
+        }
+    }
+    token = nssToken_CreateFromPK11SlotInfo(td, slot);
+    PK11Slot_SetNSSToken(slot, token);
+    /* Don't add nonexistent token to TD's token list */
+    if (token) {
+        NSSRWLock_LockWrite(td->tokensLock);
+        nssList_Add(td->tokenList, token);
+        NSSRWLock_UnlockWrite(td->tokensLock);
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+STAN_ResetTokenInterator(NSSTrustDomain *td)
+{
+    if (!td) {
+        td = g_default_trust_domain;
+        if (!td) {
+            /* we're called while still initting. slot will get added
+             * appropriately through normal init processes */
+            return PR_SUCCESS;
+        }
+    }
+    NSSRWLock_LockWrite(td->tokensLock);
+    nssListIterator_Destroy(td->tokens);
+    td->tokens = nssList_CreateIterator(td->tokenList);
+    NSSRWLock_UnlockWrite(td->tokensLock);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+STAN_LoadDefaultNSS3TrustDomain(
+    void)
+{
+    NSSTrustDomain *td;
+    SECMODModuleList *mlp;
+    SECMODListLock *moduleLock = SECMOD_GetDefaultModuleListLock();
+    int i;
+
+    if (g_default_trust_domain || g_default_crypto_context) {
+        /* Stan is already initialized or a previous shutdown failed. */
+        nss_SetError(NSS_ERROR_ALREADY_INITIALIZED);
+        return PR_FAILURE;
+    }
+    td = NSSTrustDomain_Create(NULL, NULL, NULL, NULL);
+    if (!td) {
+        return PR_FAILURE;
+    }
+    /*
+     * Deadlock warning: we should never acquire the moduleLock while
+     * we hold the tokensLock. We can use the NSSRWLock Rank feature to
+     * guarrentee this. tokensLock have a higher rank than module lock.
+     */
+    td->tokenList = nssList_Create(td->arena, PR_TRUE);
+    if (!td->tokenList) {
+        goto loser;
+    }
+    SECMOD_GetReadLock(moduleLock);
+    NSSRWLock_LockWrite(td->tokensLock);
+    for (mlp = SECMOD_GetDefaultModuleList(); mlp != NULL; mlp = mlp->next) {
+        for (i = 0; i < mlp->module->slotCount; i++) {
+            STAN_InitTokenForSlotInfo(td, mlp->module->slots[i]);
+        }
+    }
+    td->tokens = nssList_CreateIterator(td->tokenList);
+    NSSRWLock_UnlockWrite(td->tokensLock);
+    SECMOD_ReleaseReadLock(moduleLock);
+    if (!td->tokens) {
+        goto loser;
+    }
+    g_default_crypto_context = NSSTrustDomain_CreateCryptoContext(td, NULL);
+    if (!g_default_crypto_context) {
+        goto loser;
+    }
+    g_default_trust_domain = td;
+    return PR_SUCCESS;
+
+loser:
+    NSSTrustDomain_Destroy(td);
+    return PR_FAILURE;
+}
+
+/*
+ * must be called holding the ModuleListLock (either read or write).
+ */
+NSS_IMPLEMENT SECStatus
+STAN_AddModuleToDefaultTrustDomain(
+    SECMODModule *module)
+{
+    NSSTrustDomain *td;
+    int i;
+    td = STAN_GetDefaultTrustDomain();
+    for (i = 0; i < module->slotCount; i++) {
+        STAN_InitTokenForSlotInfo(td, module->slots[i]);
+    }
+    STAN_ResetTokenInterator(td);
+    return SECSuccess;
+}
+
+/*
+ * must be called holding the ModuleListLock (either read or write).
+ */
+NSS_IMPLEMENT SECStatus
+STAN_RemoveModuleFromDefaultTrustDomain(
+    SECMODModule *module)
+{
+    NSSToken *token;
+    NSSTrustDomain *td;
+    int i;
+    td = STAN_GetDefaultTrustDomain();
+    NSSRWLock_LockWrite(td->tokensLock);
+    for (i = 0; i < module->slotCount; i++) {
+        token = PK11Slot_GetNSSToken(module->slots[i]);
+        if (token) {
+            nssToken_NotifyCertsNotVisible(token);
+            nssList_Remove(td->tokenList, token);
+            PK11Slot_SetNSSToken(module->slots[i], NULL);
+            nssToken_Destroy(token);
+        }
+    }
+    nssListIterator_Destroy(td->tokens);
+    td->tokens = nssList_CreateIterator(td->tokenList);
+    NSSRWLock_UnlockWrite(td->tokensLock);
+    return SECSuccess;
+}
+
+NSS_IMPLEMENT PRStatus
+STAN_Shutdown()
+{
+    PRStatus status = PR_SUCCESS;
+    if (g_default_trust_domain) {
+        if (NSSTrustDomain_Destroy(g_default_trust_domain) == PR_SUCCESS) {
+            g_default_trust_domain = NULL;
+        } else {
+            status = PR_FAILURE;
+        }
+    }
+    if (g_default_crypto_context) {
+        if (NSSCryptoContext_Destroy(g_default_crypto_context) == PR_SUCCESS) {
+            g_default_crypto_context = NULL;
+        } else {
+            status = PR_FAILURE;
+        }
+    }
+    return status;
+}
+
+/* this function should not be a hack; it will be needed in 4.0 (rename) */
+NSS_IMPLEMENT NSSItem *
+STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der)
+{
+    NSSItem *rvKey;
+    SECItem secDER;
+    SECItem secKey = { 0 };
+    SECStatus secrv;
+    PLArenaPool *arena;
+
+    SECITEM_FROM_NSSITEM(&secDER, der);
+
+    /* nss3 call uses nss3 arena's */
+    arena = PORT_NewArena(256);
+    if (!arena) {
+        return NULL;
+    }
+    secrv = CERT_KeyFromDERCert(arena, &secDER, &secKey);
+    if (secrv != SECSuccess) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    rvKey = nssItem_Create(arenaOpt, NULL, secKey.len, (void *)secKey.data);
+    PORT_FreeArena(arena, PR_FALSE);
+    return rvKey;
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der,
+                                     NSSDER *issuer, NSSDER *serial)
+{
+    SECItem derCert = { 0 };
+    SECItem derIssuer = { 0 };
+    SECItem derSerial = { 0 };
+    SECStatus secrv;
+    derCert.data = (unsigned char *)der->data;
+    derCert.len = der->size;
+    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
+    if (secrv != SECSuccess) {
+        return PR_FAILURE;
+    }
+    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
+    if (secrv != SECSuccess) {
+        PORT_Free(derSerial.data);
+        return PR_FAILURE;
+    }
+    issuer->data = derIssuer.data;
+    issuer->size = derIssuer.len;
+    serial->data = derSerial.data;
+    serial->size = derSerial.len;
+    return PR_SUCCESS;
+}
+
+static NSSItem *
+nss3certificate_getIdentifier(nssDecodedCert *dc)
+{
+    NSSItem *rvID;
+    CERTCertificate *c = (CERTCertificate *)dc->data;
+    rvID = nssItem_Create(NULL, NULL, c->certKey.len, c->certKey.data);
+    return rvID;
+}
+
+static void *
+nss3certificate_getIssuerIdentifier(nssDecodedCert *dc)
+{
+    CERTCertificate *c = (CERTCertificate *)dc->data;
+    return (void *)c->authKeyID;
+}
+
+static nssCertIDMatch
+nss3certificate_matchIdentifier(nssDecodedCert *dc, void *id)
+{
+    CERTCertificate *c = (CERTCertificate *)dc->data;
+    CERTAuthKeyID *authKeyID = (CERTAuthKeyID *)id;
+    SECItem skid;
+    nssCertIDMatch match = nssCertIDMatch_Unknown;
+
+    /* keyIdentifier */
+    if (authKeyID->keyID.len > 0 &&
+        CERT_FindSubjectKeyIDExtension(c, &skid) == SECSuccess) {
+        PRBool skiEqual;
+        skiEqual = SECITEM_ItemsAreEqual(&authKeyID->keyID, &skid);
+        PORT_Free(skid.data);
+        if (skiEqual) {
+            /* change the state to positive match, but keep going */
+            match = nssCertIDMatch_Yes;
+        } else {
+            /* exit immediately on failure */
+            return nssCertIDMatch_No;
+        }
+    }
+
+    /* issuer/serial (treated as pair) */
+    if (authKeyID->authCertIssuer) {
+        SECItem *caName = NULL;
+        SECItem *caSN = &authKeyID->authCertSerialNumber;
+
+        caName = (SECItem *)CERT_GetGeneralNameByType(
+            authKeyID->authCertIssuer,
+            certDirectoryName, PR_TRUE);
+        if (caName != NULL &&
+            SECITEM_ItemsAreEqual(&c->derIssuer, caName) &&
+            SECITEM_ItemsAreEqual(&c->serialNumber, caSN)) {
+            match = nssCertIDMatch_Yes;
+        } else {
+            match = nssCertIDMatch_Unknown;
+        }
+    }
+    return match;
+}
+
+static PRBool
+nss3certificate_isValidIssuer(nssDecodedCert *dc)
+{
+    CERTCertificate *c = (CERTCertificate *)dc->data;
+    unsigned int ignore;
+    return CERT_IsCACert(c, &ignore);
+}
+
+static NSSUsage *
+nss3certificate_getUsage(nssDecodedCert *dc)
+{
+    /* CERTCertificate *c = (CERTCertificate *)dc->data; */
+    return NULL;
+}
+
+static PRBool
+nss3certificate_isValidAtTime(nssDecodedCert *dc, NSSTime *time)
+{
+    SECCertTimeValidity validity;
+    CERTCertificate *c = (CERTCertificate *)dc->data;
+    validity = CERT_CheckCertValidTimes(c, NSSTime_GetPRTime(time), PR_TRUE);
+    if (validity == secCertTimeValid) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+static PRBool
+nss3certificate_isNewerThan(nssDecodedCert *dc, nssDecodedCert *cmpdc)
+{
+    /* I know this isn't right, but this is glue code anyway */
+    if (cmpdc->type == dc->type) {
+        CERTCertificate *certa = (CERTCertificate *)dc->data;
+        CERTCertificate *certb = (CERTCertificate *)cmpdc->data;
+        return CERT_IsNewer(certa, certb);
+    }
+    return PR_FALSE;
+}
+
+/* CERT_FilterCertListByUsage */
+static PRBool
+nss3certificate_matchUsage(nssDecodedCert *dc, const NSSUsage *usage)
+{
+    CERTCertificate *cc;
+    unsigned int requiredKeyUsage = 0;
+    unsigned int requiredCertType = 0;
+    SECStatus secrv;
+    PRBool match;
+    PRBool ca;
+
+    /* This is for NSS 3.3 functions that do not specify a usage */
+    if (usage->anyUsage) {
+        return PR_TRUE;
+    }
+    ca = usage->nss3lookingForCA;
+    secrv = CERT_KeyUsageAndTypeForCertUsage(usage->nss3usage, ca,
+                                             &requiredKeyUsage,
+                                             &requiredCertType);
+    if (secrv != SECSuccess) {
+        return PR_FALSE;
+    }
+    cc = (CERTCertificate *)dc->data;
+    secrv = CERT_CheckKeyUsage(cc, requiredKeyUsage);
+    match = (PRBool)(secrv == SECSuccess);
+    if (match) {
+        unsigned int certType = 0;
+        if (ca) {
+            (void)CERT_IsCACert(cc, &certType);
+        } else {
+            certType = cc->nsCertType;
+        }
+        if (!(certType & requiredCertType)) {
+            match = PR_FALSE;
+        }
+    }
+    return match;
+}
+
+static PRBool
+nss3certificate_isTrustedForUsage(nssDecodedCert *dc, const NSSUsage *usage)
+{
+    CERTCertificate *cc;
+    PRBool ca;
+    SECStatus secrv;
+    unsigned int requiredFlags;
+    unsigned int trustFlags;
+    SECTrustType trustType;
+    CERTCertTrust trust;
+
+    /* This is for NSS 3.3 functions that do not specify a usage */
+    if (usage->anyUsage) {
+        return PR_FALSE; /* XXX is this right? */
+    }
+    cc = (CERTCertificate *)dc->data;
+    ca = usage->nss3lookingForCA;
+    if (!ca) {
+        PRBool trusted;
+        unsigned int failedFlags;
+        secrv = cert_CheckLeafTrust(cc, usage->nss3usage,
+                                    &failedFlags, &trusted);
+        return secrv == SECSuccess && trusted;
+    }
+    secrv = CERT_TrustFlagsForCACertUsage(usage->nss3usage, &requiredFlags,
+                                          &trustType);
+    if (secrv != SECSuccess) {
+        return PR_FALSE;
+    }
+    secrv = CERT_GetCertTrust(cc, &trust);
+    if (secrv != SECSuccess) {
+        return PR_FALSE;
+    }
+    if (trustType == trustTypeNone) {
+        /* normally trustTypeNone usages accept any of the given trust bits
+         * being on as acceptable. */
+        trustFlags = trust.sslFlags | trust.emailFlags |
+                     trust.objectSigningFlags;
+    } else {
+        trustFlags = SEC_GET_TRUST_FLAGS(&trust, trustType);
+    }
+    return (trustFlags & requiredFlags) == requiredFlags;
+}
+
+static NSSASCII7 *
+nss3certificate_getEmailAddress(nssDecodedCert *dc)
+{
+    CERTCertificate *cc = (CERTCertificate *)dc->data;
+    return (cc && cc->emailAddr && cc->emailAddr[0])
+               ? (NSSASCII7 *)cc->emailAddr
+               : NULL;
+}
+
+static PRStatus
+nss3certificate_getDERSerialNumber(nssDecodedCert *dc,
+                                   NSSDER *serial, NSSArena *arena)
+{
+    CERTCertificate *cc = (CERTCertificate *)dc->data;
+    SECItem derSerial = { 0 };
+    SECStatus secrv;
+    secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
+    if (secrv == SECSuccess) {
+        (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data);
+        PORT_Free(derSerial.data);
+        return PR_SUCCESS;
+    }
+    return PR_FAILURE;
+}
+
+/* Returns NULL if "encoding" cannot be decoded. */
+NSS_IMPLEMENT nssDecodedCert *
+nssDecodedPKIXCertificate_Create(
+    NSSArena *arenaOpt,
+    NSSDER *encoding)
+{
+    nssDecodedCert *rvDC = NULL;
+    CERTCertificate *cert;
+    SECItem secDER;
+
+    SECITEM_FROM_NSSITEM(&secDER, encoding);
+    cert = CERT_DecodeDERCertificate(&secDER, PR_TRUE, NULL);
+    if (cert) {
+        rvDC = nss_ZNEW(arenaOpt, nssDecodedCert);
+        if (rvDC) {
+            rvDC->type = NSSCertificateType_PKIX;
+            rvDC->data = (void *)cert;
+            rvDC->getIdentifier = nss3certificate_getIdentifier;
+            rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier;
+            rvDC->matchIdentifier = nss3certificate_matchIdentifier;
+            rvDC->isValidIssuer = nss3certificate_isValidIssuer;
+            rvDC->getUsage = nss3certificate_getUsage;
+            rvDC->isValidAtTime = nss3certificate_isValidAtTime;
+            rvDC->isNewerThan = nss3certificate_isNewerThan;
+            rvDC->matchUsage = nss3certificate_matchUsage;
+            rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage;
+            rvDC->getEmailAddress = nss3certificate_getEmailAddress;
+            rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber;
+        } else {
+            CERT_DestroyCertificate(cert);
+        }
+    }
+    return rvDC;
+}
+
+static nssDecodedCert *
+create_decoded_pkix_cert_from_nss3cert(
+    NSSArena *arenaOpt,
+    CERTCertificate *cc)
+{
+    nssDecodedCert *rvDC = nss_ZNEW(arenaOpt, nssDecodedCert);
+    if (rvDC) {
+        rvDC->type = NSSCertificateType_PKIX;
+        rvDC->data = (void *)cc;
+        rvDC->getIdentifier = nss3certificate_getIdentifier;
+        rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier;
+        rvDC->matchIdentifier = nss3certificate_matchIdentifier;
+        rvDC->isValidIssuer = nss3certificate_isValidIssuer;
+        rvDC->getUsage = nss3certificate_getUsage;
+        rvDC->isValidAtTime = nss3certificate_isValidAtTime;
+        rvDC->isNewerThan = nss3certificate_isNewerThan;
+        rvDC->matchUsage = nss3certificate_matchUsage;
+        rvDC->isTrustedForUsage = nss3certificate_isTrustedForUsage;
+        rvDC->getEmailAddress = nss3certificate_getEmailAddress;
+        rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber;
+    }
+    return rvDC;
+}
+
+NSS_IMPLEMENT PRStatus
+nssDecodedPKIXCertificate_Destroy(nssDecodedCert *dc)
+{
+    CERTCertificate *cert = (CERTCertificate *)dc->data;
+
+    /* The decoder may only be half initialized (the case where we find we
+     * could not decode the certificate). In this case, there is not cert to
+     * free, just free the dc structure. */
+    if (cert) {
+        PRBool freeSlot = cert->ownSlot;
+        PK11SlotInfo *slot = cert->slot;
+        PLArenaPool *arena = cert->arena;
+        /* zero cert before freeing. Any stale references to this cert
+         * after this point will probably cause an exception.  */
+        PORT_Memset(cert, 0, sizeof *cert);
+        /* free the arena that contains the cert. */
+        PORT_FreeArena(arena, PR_FALSE);
+        if (slot && freeSlot) {
+            PK11_FreeSlot(slot);
+        }
+    }
+    nss_ZFreeIf(dc);
+    return PR_SUCCESS;
+}
+
+/* see pk11cert.c:pk11_HandleTrustObject */
+static unsigned int
+get_nss3trust_from_nss4trust(nssTrustLevel t)
+{
+    unsigned int rt = 0;
+    if (t == nssTrustLevel_Trusted) {
+        rt |= CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED;
+    }
+    if (t == nssTrustLevel_TrustedDelegator) {
+        rt |= CERTDB_VALID_CA | CERTDB_TRUSTED_CA;
+    }
+    if (t == nssTrustLevel_NotTrusted) {
+        rt |= CERTDB_TERMINAL_RECORD;
+    }
+    if (t == nssTrustLevel_ValidDelegator) {
+        rt |= CERTDB_VALID_CA;
+    }
+    return rt;
+}
+
+static CERTCertTrust *
+cert_trust_from_stan_trust(NSSTrust *t, PLArenaPool *arena)
+{
+    CERTCertTrust *rvTrust;
+    unsigned int client;
+    if (!t) {
+        return NULL;
+    }
+    rvTrust = PORT_ArenaAlloc(arena, sizeof(CERTCertTrust));
+    if (!rvTrust)
+        return NULL;
+    rvTrust->sslFlags = get_nss3trust_from_nss4trust(t->serverAuth);
+    client = get_nss3trust_from_nss4trust(t->clientAuth);
+    if (client & (CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA)) {
+        client &= ~(CERTDB_TRUSTED_CA | CERTDB_NS_TRUSTED_CA);
+        rvTrust->sslFlags |= CERTDB_TRUSTED_CLIENT_CA;
+    }
+    rvTrust->sslFlags |= client;
+    rvTrust->emailFlags = get_nss3trust_from_nss4trust(t->emailProtection);
+    rvTrust->objectSigningFlags = get_nss3trust_from_nss4trust(t->codeSigning);
+    return rvTrust;
+}
+
+CERTCertTrust *
+nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc)
+{
+    CERTCertTrust *rvTrust = NULL;
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+    NSSTrust *t;
+    t = nssTrustDomain_FindTrustForCertificate(td, c);
+    if (t) {
+        rvTrust = cert_trust_from_stan_trust(t, cc->arena);
+        if (!rvTrust) {
+            nssTrust_Destroy(t);
+            return NULL;
+        }
+        nssTrust_Destroy(t);
+    } else {
+        rvTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
+        if (!rvTrust) {
+            return NULL;
+        }
+        memset(rvTrust, 0, sizeof(*rvTrust));
+    }
+    if (NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL)) {
+        rvTrust->sslFlags |= CERTDB_USER;
+        rvTrust->emailFlags |= CERTDB_USER;
+        rvTrust->objectSigningFlags |= CERTDB_USER;
+    }
+    return rvTrust;
+}
+
+static nssCryptokiInstance *
+get_cert_instance(NSSCertificate *c)
+{
+    nssCryptokiObject *instance, **ci;
+    nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+    if (!instances) {
+        return NULL;
+    }
+    instance = NULL;
+    for (ci = instances; *ci; ci++) {
+        if (!instance) {
+            instance = nssCryptokiObject_Clone(*ci);
+        } else {
+            /* This only really works for two instances...  But 3.4 can't
+             * handle more anyway.  The logic is, if there are multiple
+             * instances, prefer the one that is not internal (e.g., on
+             * a hardware device.
+             */
+            if (PK11_IsInternal(instance->token->pk11slot)) {
+                nssCryptokiObject_Destroy(instance);
+                instance = nssCryptokiObject_Clone(*ci);
+            }
+        }
+    }
+    nssCryptokiObjectArray_Destroy(instances);
+    return instance;
+}
+
+char *
+STAN_GetCERTCertificateNameForInstance(
+    PLArenaPool *arenaOpt,
+    NSSCertificate *c,
+    nssCryptokiInstance *instance)
+{
+    NSSCryptoContext *context = c->object.cryptoContext;
+    PRStatus nssrv;
+    int nicklen, tokenlen, len;
+    NSSUTF8 *tokenName = NULL;
+    NSSUTF8 *stanNick = NULL;
+    char *nickname = NULL;
+    char *nick;
+
+    if (instance) {
+        stanNick = instance->label;
+    } else if (context) {
+        stanNick = c->object.tempName;
+    }
+    if (stanNick) {
+        /* fill other fields needed by NSS3 functions using CERTCertificate */
+        if (instance && (!PK11_IsInternalKeySlot(instance->token->pk11slot) ||
+                         PORT_Strchr(stanNick, ':') != NULL)) {
+            tokenName = nssToken_GetName(instance->token);
+            tokenlen = nssUTF8_Size(tokenName, &nssrv);
+        } else {
+            /* don't use token name for internal slot; 3.3 didn't */
+            tokenlen = 0;
+        }
+        nicklen = nssUTF8_Size(stanNick, &nssrv);
+        len = tokenlen + nicklen;
+        if (arenaOpt) {
+            nickname = PORT_ArenaAlloc(arenaOpt, len);
+        } else {
+            nickname = PORT_Alloc(len);
+        }
+        nick = nickname;
+        if (tokenName) {
+            memcpy(nick, tokenName, tokenlen - 1);
+            nick += tokenlen - 1;
+            *nick++ = ':';
+        }
+        memcpy(nick, stanNick, nicklen - 1);
+        nickname[len - 1] = '\0';
+    }
+    return nickname;
+}
+
+char *
+STAN_GetCERTCertificateName(PLArenaPool *arenaOpt, NSSCertificate *c)
+{
+    char *result;
+    nssCryptokiInstance *instance = get_cert_instance(c);
+    /* It's OK to call this function, even if instance is NULL */
+    result = STAN_GetCERTCertificateNameForInstance(arenaOpt, c, instance);
+    if (instance)
+        nssCryptokiObject_Destroy(instance);
+    return result;
+}
+
+static void
+fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced)
+{
+    CERTCertTrust *trust = NULL;
+    NSSTrust *nssTrust;
+    NSSCryptoContext *context = c->object.cryptoContext;
+    nssCryptokiInstance *instance;
+    NSSUTF8 *stanNick = NULL;
+
+    /* We are holding the base class object's lock on entry of this function
+     * This lock protects writes to fields of the CERTCertificate .
+     * It is also needed by some functions to compute values such as trust.
+     */
+    instance = get_cert_instance(c);
+
+    if (instance) {
+        stanNick = instance->label;
+    } else if (context) {
+        stanNick = c->object.tempName;
+    }
+    /* fill other fields needed by NSS3 functions using CERTCertificate */
+    if ((!cc->nickname && stanNick) || forced) {
+        PRStatus nssrv;
+        int nicklen, tokenlen, len;
+        NSSUTF8 *tokenName = NULL;
+        char *nick;
+        if (instance &&
+            (!PK11_IsInternalKeySlot(instance->token->pk11slot) ||
+             (stanNick && PORT_Strchr(stanNick, ':') != NULL))) {
+            tokenName = nssToken_GetName(instance->token);
+            tokenlen = nssUTF8_Size(tokenName, &nssrv);
+        } else {
+            /* don't use token name for internal slot; 3.3 didn't */
+            tokenlen = 0;
+        }
+        if (stanNick) {
+            nicklen = nssUTF8_Size(stanNick, &nssrv);
+            len = tokenlen + nicklen;
+            nick = PORT_ArenaAlloc(cc->arena, len);
+            if (tokenName) {
+                memcpy(nick, tokenName, tokenlen - 1);
+                nick[tokenlen - 1] = ':';
+                memcpy(nick + tokenlen, stanNick, nicklen - 1);
+            } else {
+                memcpy(nick, stanNick, nicklen - 1);
+            }
+            nick[len - 1] = '\0';
+            cc->nickname = nick;
+        } else {
+            cc->nickname = NULL;
+        }
+    }
+    if (context) {
+        /* trust */
+        nssTrust = nssCryptoContext_FindTrustForCertificate(context, c);
+        if (!nssTrust) {
+            /* chicken and egg issue:
+             *
+             * c->issuer and c->serial are empty at this point, but
+             * nssTrustDomain_FindTrustForCertificate use them to look up
+             * up the trust object, so we point them to cc->derIssuer and
+             * cc->serialNumber.
+             *
+             * Our caller will fill these in with proper arena copies when we
+             * return. */
+            c->issuer.data = cc->derIssuer.data;
+            c->issuer.size = cc->derIssuer.len;
+            c->serial.data = cc->serialNumber.data;
+            c->serial.size = cc->serialNumber.len;
+            nssTrust = nssTrustDomain_FindTrustForCertificate(context->td, c);
+        }
+        if (nssTrust) {
+            trust = cert_trust_from_stan_trust(nssTrust, cc->arena);
+            if (trust) {
+                /* we should destroy cc->trust before replacing it, but it's
+                   allocated in cc->arena, so memory growth will occur on each
+                   refresh */
+                CERT_LockCertTrust(cc);
+                cc->trust = trust;
+                CERT_UnlockCertTrust(cc);
+            }
+            nssTrust_Destroy(nssTrust);
+        }
+    } else if (instance) {
+        /* slot */
+        if (cc->slot != instance->token->pk11slot) {
+            if (cc->slot) {
+                PK11_FreeSlot(cc->slot);
+            }
+            cc->slot = PK11_ReferenceSlot(instance->token->pk11slot);
+        }
+        cc->ownSlot = PR_TRUE;
+        /* pkcs11ID */
+        cc->pkcs11ID = instance->handle;
+        /* trust */
+        trust = nssTrust_GetCERTCertTrustForCert(c, cc);
+        if (trust) {
+            /* we should destroy cc->trust before replacing it, but it's
+               allocated in cc->arena, so memory growth will occur on each
+               refresh */
+            CERT_LockCertTrust(cc);
+            cc->trust = trust;
+            CERT_UnlockCertTrust(cc);
+        }
+    }
+    if (instance) {
+        nssCryptokiObject_Destroy(instance);
+    }
+    /* database handle is now the trust domain */
+    cc->dbhandle = c->object.trustDomain;
+    /* subjectList ? */
+    /* istemp and isperm are supported in NSS 3.4 */
+    cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */
+    cc->isperm = PR_TRUE;  /* by default */
+    /* pointer back */
+    cc->nssCertificate = c;
+    if (trust) {
+        /* force the cert type to be recomputed to include trust info */
+        PRUint32 nsCertType = cert_ComputeCertType(cc);
+
+        /* Assert that it is safe to cast &cc->nsCertType to "PRInt32 *" */
+        PORT_Assert(sizeof(cc->nsCertType) == sizeof(PRInt32));
+        PR_ATOMIC_SET((PRInt32 *)&cc->nsCertType, nsCertType);
+    }
+}
+
+static CERTCertificate *
+stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate)
+{
+    nssDecodedCert *dc = NULL;
+    CERTCertificate *cc = NULL;
+    CERTCertTrust certTrust;
+
+    /* make sure object does not go away until we finish */
+    nssPKIObject_AddRef(&c->object);
+    nssPKIObject_Lock(&c->object);
+
+    dc = c->decoding;
+    if (!dc) {
+        dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding);
+        if (!dc) {
+            goto loser;
+        }
+        cc = (CERTCertificate *)dc->data;
+        PORT_Assert(cc); /* software error */
+        if (!cc) {
+            nssDecodedPKIXCertificate_Destroy(dc);
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+            goto loser;
+        }
+        PORT_Assert(!c->decoding);
+        if (!c->decoding) {
+            c->decoding = dc;
+        } else {
+            /* this should never happen. Fail. */
+            nssDecodedPKIXCertificate_Destroy(dc);
+            nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+            goto loser;
+        }
+    }
+    cc = (CERTCertificate *)dc->data;
+    PORT_Assert(cc);
+    if (!cc) {
+        nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+        goto loser;
+    }
+    if (!cc->nssCertificate || forceUpdate) {
+        fill_CERTCertificateFields(c, cc, forceUpdate);
+    } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
+               !c->object.cryptoContext) {
+        /* if it's a perm cert, it might have been stored before the
+         * trust, so look for the trust again.  But a temp cert can be
+         * ignored.
+         */
+        CERTCertTrust *trust = NULL;
+        trust = nssTrust_GetCERTCertTrustForCert(c, cc);
+
+        CERT_LockCertTrust(cc);
+        cc->trust = trust;
+        CERT_UnlockCertTrust(cc);
+    }
+
+loser:
+    nssPKIObject_Unlock(&c->object);
+    nssPKIObject_Destroy(&c->object);
+    return cc;
+}
+
+NSS_IMPLEMENT CERTCertificate *
+STAN_ForceCERTCertificateUpdate(NSSCertificate *c)
+{
+    if (c->decoding) {
+        return stan_GetCERTCertificate(c, PR_TRUE);
+    }
+    return NULL;
+}
+
+NSS_IMPLEMENT CERTCertificate *
+STAN_GetCERTCertificate(NSSCertificate *c)
+{
+    return stan_GetCERTCertificate(c, PR_FALSE);
+}
+/*
+ * many callers of STAN_GetCERTCertificate() intend that
+ * the CERTCertificate returned inherits the reference to the
+ * NSSCertificate. For these callers it's convenient to have
+ * this function 'own' the reference and either return a valid
+ * CERTCertificate structure which inherits the reference or
+ * destroy the reference to NSSCertificate and returns NULL.
+ */
+NSS_IMPLEMENT CERTCertificate *
+STAN_GetCERTCertificateOrRelease(NSSCertificate *c)
+{
+    CERTCertificate *nss3cert = stan_GetCERTCertificate(c, PR_FALSE);
+    if (!nss3cert) {
+        nssCertificate_Destroy(c);
+    }
+    return nss3cert;
+}
+
+static nssTrustLevel
+get_stan_trust(unsigned int t, PRBool isClientAuth)
+{
+    if (isClientAuth) {
+        if (t & CERTDB_TRUSTED_CLIENT_CA) {
+            return nssTrustLevel_TrustedDelegator;
+        }
+    } else {
+        if (t & CERTDB_TRUSTED_CA || t & CERTDB_NS_TRUSTED_CA) {
+            return nssTrustLevel_TrustedDelegator;
+        }
+    }
+    if (t & CERTDB_TRUSTED) {
+        return nssTrustLevel_Trusted;
+    }
+    if (t & CERTDB_TERMINAL_RECORD) {
+        return nssTrustLevel_NotTrusted;
+    }
+    if (t & CERTDB_VALID_CA) {
+        return nssTrustLevel_ValidDelegator;
+    }
+    return nssTrustLevel_MustVerify;
+}
+
+NSS_EXTERN NSSCertificate *
+STAN_GetNSSCertificate(CERTCertificate *cc)
+{
+    NSSCertificate *c;
+    nssCryptokiInstance *instance;
+    nssPKIObject *pkiob;
+    NSSArena *arena;
+    c = cc->nssCertificate;
+    if (c) {
+        return c;
+    }
+    /* i don't think this should happen.  but if it can, need to create
+     * NSSCertificate from CERTCertificate values here.  */
+    /* Yup, it can happen. */
+    arena = NSSArena_Create();
+    if (!arena) {
+        return NULL;
+    }
+    c = nss_ZNEW(arena, NSSCertificate);
+    if (!c) {
+        nssArena_Destroy(arena);
+        return NULL;
+    }
+    NSSITEM_FROM_SECITEM(&c->encoding, &cc->derCert);
+    c->type = NSSCertificateType_PKIX;
+    pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKIMonitor);
+    if (!pkiob) {
+        nssArena_Destroy(arena);
+        return NULL;
+    }
+    c->object = *pkiob;
+    nssItem_Create(arena,
+                   &c->issuer, cc->derIssuer.len, cc->derIssuer.data);
+    nssItem_Create(arena,
+                   &c->subject, cc->derSubject.len, cc->derSubject.data);
+    if (PR_TRUE) {
+        /* CERTCertificate stores serial numbers decoded.  I need the DER
+        * here.  sigh.
+        */
+        SECItem derSerial;
+        SECStatus secrv;
+        secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
+        if (secrv == SECFailure) {
+            nssArena_Destroy(arena);
+            return NULL;
+        }
+        nssItem_Create(arena, &c->serial, derSerial.len, derSerial.data);
+        PORT_Free(derSerial.data);
+    }
+    if (cc->emailAddr && cc->emailAddr[0]) {
+        c->email = nssUTF8_Create(arena,
+                                  nssStringType_PrintableString,
+                                  (NSSUTF8 *)cc->emailAddr,
+                                  PORT_Strlen(cc->emailAddr));
+    }
+    if (cc->slot) {
+        instance = nss_ZNEW(arena, nssCryptokiInstance);
+        if (!instance) {
+            nssArena_Destroy(arena);
+            return NULL;
+        }
+        instance->token = nssToken_AddRef(PK11Slot_GetNSSToken(cc->slot));
+        instance->handle = cc->pkcs11ID;
+        instance->isTokenObject = PR_TRUE;
+        if (cc->nickname) {
+            instance->label = nssUTF8_Create(arena,
+                                             nssStringType_UTF8String,
+                                             (NSSUTF8 *)cc->nickname,
+                                             PORT_Strlen(cc->nickname));
+        }
+        nssPKIObject_AddInstance(&c->object, instance);
+    }
+    c->decoding = create_decoded_pkix_cert_from_nss3cert(NULL, cc);
+    cc->nssCertificate = c;
+    return c;
+}
+
+static NSSToken *
+stan_GetTrustToken(
+    NSSCertificate *c)
+{
+    NSSToken *ttok = NULL;
+    NSSToken *rtok = NULL;
+    NSSToken *tok = NULL;
+    nssCryptokiObject **ip;
+    nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+    if (!instances) {
+        return PR_FALSE;
+    }
+    for (ip = instances; *ip; ip++) {
+        nssCryptokiObject *instance = *ip;
+        nssCryptokiObject *to =
+            nssToken_FindTrustForCertificate(instance->token, NULL,
+                                             &c->encoding, &c->issuer, &c->serial,
+                                             nssTokenSearchType_TokenOnly);
+        NSSToken *ctok = instance->token;
+        PRBool ro = PK11_IsReadOnly(ctok->pk11slot);
+
+        if (to) {
+            nssCryptokiObject_Destroy(to);
+            ttok = ctok;
+            if (!ro) {
+                break;
+            }
+        } else {
+            if (!rtok && ro) {
+                rtok = ctok;
+            }
+            if (!tok && !ro) {
+                tok = ctok;
+            }
+        }
+    }
+    nssCryptokiObjectArray_Destroy(instances);
+    return ttok ? ttok : (tok ? tok : rtok);
+}
+
+NSS_EXTERN PRStatus
+STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
+{
+    PRStatus nssrv;
+    NSSCertificate *c = STAN_GetNSSCertificate(cc);
+    NSSToken *tok;
+    NSSTrustDomain *td;
+    NSSTrust *nssTrust;
+    NSSArena *arena;
+    CERTCertTrust *oldTrust;
+    CERTCertTrust *newTrust;
+    nssListIterator *tokens;
+    PRBool moving_object;
+    nssCryptokiObject *newInstance;
+    nssPKIObject *pkiob;
+
+    if (c == NULL) {
+        return PR_FAILURE;
+    }
+    oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc);
+    if (oldTrust) {
+        if (memcmp(oldTrust, trust, sizeof(CERTCertTrust)) == 0) {
+            /* ... and the new trust is no different, done) */
+            return PR_SUCCESS;
+        } else {
+            /* take over memory already allocated in cc's arena */
+            newTrust = oldTrust;
+        }
+    } else {
+        newTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
+    }
+    memcpy(newTrust, trust, sizeof(CERTCertTrust));
+    CERT_LockCertTrust(cc);
+    cc->trust = newTrust;
+    CERT_UnlockCertTrust(cc);
+    /* Set the NSSCerticate's trust */
+    arena = nssArena_Create();
+    if (!arena)
+        return PR_FAILURE;
+    nssTrust = nss_ZNEW(arena, NSSTrust);
+    if (!nssTrust) {
+        nssArena_Destroy(arena);
+        return PR_FAILURE;
+    }
+    pkiob = nssPKIObject_Create(arena, NULL, cc->dbhandle, NULL, nssPKILock);
+    if (!pkiob) {
+        nssArena_Destroy(arena);
+        return PR_FAILURE;
+    }
+    nssTrust->object = *pkiob;
+    nssTrust->certificate = c;
+    nssTrust->serverAuth = get_stan_trust(trust->sslFlags, PR_FALSE);
+    nssTrust->clientAuth = get_stan_trust(trust->sslFlags, PR_TRUE);
+    nssTrust->emailProtection = get_stan_trust(trust->emailFlags, PR_FALSE);
+    nssTrust->codeSigning = get_stan_trust(trust->objectSigningFlags, PR_FALSE);
+    nssTrust->stepUpApproved =
+        (PRBool)(trust->sslFlags & CERTDB_GOVT_APPROVED_CA);
+    if (c->object.cryptoContext != NULL) {
+        /* The cert is in a context, set the trust there */
+        NSSCryptoContext *cc = c->object.cryptoContext;
+        nssrv = nssCryptoContext_ImportTrust(cc, nssTrust);
+        if (nssrv != PR_SUCCESS) {
+            goto done;
+        }
+        if (c->object.numInstances == 0) {
+            /* The context is the only instance, finished */
+            goto done;
+        }
+    }
+    td = STAN_GetDefaultTrustDomain();
+    tok = stan_GetTrustToken(c);
+    moving_object = PR_FALSE;
+    if (tok && PK11_IsReadOnly(tok->pk11slot)) {
+        NSSRWLock_LockRead(td->tokensLock);
+        tokens = nssList_CreateIterator(td->tokenList);
+        if (!tokens) {
+            nssrv = PR_FAILURE;
+            NSSRWLock_UnlockRead(td->tokensLock);
+            goto done;
+        }
+        for (tok = (NSSToken *)nssListIterator_Start(tokens);
+             tok != (NSSToken *)NULL;
+             tok = (NSSToken *)nssListIterator_Next(tokens)) {
+            if (!PK11_IsReadOnly(tok->pk11slot))
+                break;
+        }
+        nssListIterator_Finish(tokens);
+        nssListIterator_Destroy(tokens);
+        NSSRWLock_UnlockRead(td->tokensLock);
+        moving_object = PR_TRUE;
+    }
+    if (tok) {
+        if (moving_object) {
+            /* this is kind of hacky.  the softoken needs the cert
+             * object in order to store trust.  forcing it to be perm
+             */
+            NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
+            NSSASCII7 *email = NULL;
+
+            if (PK11_IsInternal(tok->pk11slot)) {
+                email = c->email;
+            }
+            newInstance = nssToken_ImportCertificate(tok, NULL,
+                                                     NSSCertificateType_PKIX,
+                                                     &c->id,
+                                                     nickname,
+                                                     &c->encoding,
+                                                     &c->issuer,
+                                                     &c->subject,
+                                                     &c->serial,
+                                                     email,
+                                                     PR_TRUE);
+            nss_ZFreeIf(nickname);
+            nickname = NULL;
+            if (!newInstance) {
+                nssrv = PR_FAILURE;
+                goto done;
+            }
+            nssPKIObject_AddInstance(&c->object, newInstance);
+        }
+        newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding,
+                                           &c->issuer, &c->serial,
+                                           nssTrust->serverAuth,
+                                           nssTrust->clientAuth,
+                                           nssTrust->codeSigning,
+                                           nssTrust->emailProtection,
+                                           nssTrust->stepUpApproved, PR_TRUE);
+        /* If the selected token can't handle trust, dump the trust on
+         * the internal token */
+        if (!newInstance && !PK11_IsInternalKeySlot(tok->pk11slot)) {
+            PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+            NSSUTF8 *nickname = nssCertificate_GetNickname(c, NULL);
+            NSSASCII7 *email = c->email;
+            tok = PK11Slot_GetNSSToken(slot);
+            PK11_FreeSlot(slot);
+
+            newInstance = nssToken_ImportCertificate(tok, NULL,
+                                                     NSSCertificateType_PKIX,
+                                                     &c->id,
+                                                     nickname,
+                                                     &c->encoding,
+                                                     &c->issuer,
+                                                     &c->subject,
+                                                     &c->serial,
+                                                     email,
+                                                     PR_TRUE);
+            nss_ZFreeIf(nickname);
+            nickname = NULL;
+            if (!newInstance) {
+                nssrv = PR_FAILURE;
+                goto done;
+            }
+            nssPKIObject_AddInstance(&c->object, newInstance);
+            newInstance = nssToken_ImportTrust(tok, NULL, &c->encoding,
+                                               &c->issuer, &c->serial,
+                                               nssTrust->serverAuth,
+                                               nssTrust->clientAuth,
+                                               nssTrust->codeSigning,
+                                               nssTrust->emailProtection,
+                                               nssTrust->stepUpApproved, PR_TRUE);
+        }
+        if (newInstance) {
+            nssCryptokiObject_Destroy(newInstance);
+            nssrv = PR_SUCCESS;
+        } else {
+            nssrv = PR_FAILURE;
+        }
+    } else {
+        nssrv = PR_FAILURE;
+    }
+done:
+    (void)nssTrust_Destroy(nssTrust);
+    return nssrv;
+}
+
+/*
+** Delete trust objects matching the given slot.
+** Returns error if a device fails to delete.
+**
+** This function has the side effect of moving the
+** surviving entries to the front of the object list
+** and nullifying the rest.
+*/
+static PRStatus
+DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject)
+{
+    int numNotDestroyed = 0; /* the ones skipped plus the failures */
+    int failureCount = 0;    /* actual deletion failures by devices */
+    unsigned int index;
+
+    nssPKIObject_AddRef(tObject);
+    nssPKIObject_Lock(tObject);
+    /* Keep going even if a module fails to delete. */
+    for (index = 0; index < tObject->numInstances; index++) {
+        nssCryptokiObject *instance = tObject->instances[index];
+        if (!instance) {
+            continue;
+        }
+
+        /* ReadOnly and not matched treated the same */
+        if (PK11_IsReadOnly(instance->token->pk11slot) ||
+            pk11slot != instance->token->pk11slot) {
+            tObject->instances[numNotDestroyed++] = instance;
+            continue;
+        }
+
+        /* Here we have found a matching one */
+        tObject->instances[index] = NULL;
+        if (nssToken_DeleteStoredObject(instance) == PR_SUCCESS) {
+            nssCryptokiObject_Destroy(instance);
+        } else {
+            tObject->instances[numNotDestroyed++] = instance;
+            failureCount++;
+        }
+    }
+    if (numNotDestroyed == 0) {
+        nss_ZFreeIf(tObject->instances);
+        tObject->numInstances = 0;
+    } else {
+        tObject->numInstances = numNotDestroyed;
+    }
+
+    nssPKIObject_Unlock(tObject);
+    nssPKIObject_Destroy(tObject);
+
+    return failureCount == 0 ? PR_SUCCESS : PR_FAILURE;
+}
+
+/*
+** Delete trust objects matching the slot of the given certificate.
+** Returns an error if any device fails to delete.
+*/
+NSS_EXTERN PRStatus
+STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c)
+{
+    PRStatus nssrv = PR_SUCCESS;
+
+    unsigned int i;
+    nssPKIObject *tobject = NULL;
+    nssPKIObject *cobject = &c->object;
+
+    NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+    NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c);
+    if (!nssTrust) {
+        return PR_FAILURE;
+    }
+
+    tobject = &nssTrust->object;
+
+    /* Iterate through the cert and trust object instances looking for
+     * those with matching pk11 slots to delete. Even if some device
+     * can't delete we keep going. Keeping a status variable for the
+     * loop so that once it's failed the other gets set.
+     */
+    NSSRWLock_LockRead(td->tokensLock);
+    nssPKIObject_AddRef(cobject);
+    nssPKIObject_Lock(cobject);
+    for (i = 0; i < cobject->numInstances; i++) {
+        nssCryptokiObject *cInstance = cobject->instances[i];
+        if (cInstance && !PK11_IsReadOnly(cInstance->token->pk11slot)) {
+            PRStatus status;
+            if (!tobject->numInstances || !tobject->instances)
+                continue;
+            status = DeleteCertTrustMatchingSlot(cInstance->token->pk11slot, tobject);
+            if (status == PR_FAILURE) {
+                /* set the outer one but keep going */
+                nssrv = PR_FAILURE;
+            }
+        }
+    }
+    nssTrust_Destroy(nssTrust);
+    nssPKIObject_Unlock(cobject);
+    nssPKIObject_Destroy(cobject);
+    NSSRWLock_UnlockRead(td->tokensLock);
+    return nssrv;
+}
+
+/* CERT_TraversePermCertsForSubject */
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_TraverseCertificatesBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg)
+{
+    PRStatus nssrv = PR_SUCCESS;
+    NSSArena *tmpArena;
+    NSSCertificate **subjectCerts;
+    NSSCertificate *c;
+    PRIntn i;
+    tmpArena = NSSArena_Create();
+    if (!tmpArena) {
+        return PR_FAILURE;
+    }
+    subjectCerts = NSSTrustDomain_FindCertificatesBySubject(td, subject, NULL,
+                                                            0, tmpArena);
+    if (subjectCerts) {
+        for (i = 0, c = subjectCerts[i]; c; i++) {
+            nssrv = callback(c, arg);
+            if (nssrv != PR_SUCCESS)
+                break;
+        }
+    }
+    nssArena_Destroy(tmpArena);
+    return nssrv;
+}
+
+/* CERT_TraversePermCertsForNickname */
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_TraverseCertificatesByNickname(
+    NSSTrustDomain *td,
+    NSSUTF8 *nickname,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg)
+{
+    PRStatus nssrv = PR_SUCCESS;
+    NSSArena *tmpArena;
+    NSSCertificate **nickCerts;
+    NSSCertificate *c;
+    PRIntn i;
+    tmpArena = NSSArena_Create();
+    if (!tmpArena) {
+        return PR_FAILURE;
+    }
+    nickCerts = NSSTrustDomain_FindCertificatesByNickname(td, nickname, NULL,
+                                                          0, tmpArena);
+    if (nickCerts) {
+        for (i = 0, c = nickCerts[i]; c; i++) {
+            nssrv = callback(c, arg);
+            if (nssrv != PR_SUCCESS)
+                break;
+        }
+    }
+    nssArena_Destroy(tmpArena);
+    return nssrv;
+}
+
+static void
+cert_dump_iter(const void *k, void *v, void *a)
+{
+    NSSCertificate *c = (NSSCertificate *)k;
+    CERTCertificate *cert = STAN_GetCERTCertificate(c);
+    printf("[%2d] \"%s\"\n", c->object.refCount, cert->subjectName);
+}
+
+void
+nss_DumpCertificateCacheInfo()
+{
+    NSSTrustDomain *td;
+    NSSCryptoContext *cc;
+    td = STAN_GetDefaultTrustDomain();
+    cc = STAN_GetDefaultCryptoContext();
+    printf("\n\nCertificates in the cache:\n");
+    nssTrustDomain_DumpCacheInfo(td, cert_dump_iter, NULL);
+    printf("\n\nCertificates in the temporary store:\n");
+    if (cc->certStore) {
+        nssCertificateStore_DumpStoreInfo(cc->certStore, cert_dump_iter, NULL);
+    }
+}
diff --git a/nss/lib/pki/pki3hack.h b/nss/lib/pki/pki3hack.h
new file mode 100644
index 0000000..818872a
--- /dev/null
+++ b/nss/lib/pki/pki3hack.h
@@ -0,0 +1,149 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKINSS3HACK_H
+#define PKINSS3HACK_H
+
+#ifndef NSSDEVT_H
+#include "nssdevt.h"
+#endif /* NSSDEVT_H */
+
+#ifndef DEVT_H
+#include "devt.h"
+#endif /* DEVT_H */
+
+#ifndef NSSPKIT_H
+#include "nsspkit.h"
+#endif /* NSSPKIT_H */
+
+#include "base.h"
+
+#include "cert.h"
+
+PR_BEGIN_EXTERN_C
+
+#define NSSITEM_FROM_SECITEM(nssit, secit) \
+    (nssit)->data = (void *)(secit)->data; \
+    (nssit)->size = (PRUint32)(secit)->len;
+
+#define SECITEM_FROM_NSSITEM(secit, nssit)          \
+    (secit)->data = (unsigned char *)(nssit)->data; \
+    (secit)->len = (unsigned int)(nssit)->size;
+
+NSS_EXTERN NSSTrustDomain *
+STAN_GetDefaultTrustDomain();
+
+NSS_EXTERN NSSCryptoContext *
+STAN_GetDefaultCryptoContext();
+
+NSS_EXTERN PRStatus
+STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot);
+
+NSS_EXTERN PRStatus
+STAN_ResetTokenInterator(NSSTrustDomain *td);
+
+NSS_EXTERN PRStatus
+STAN_LoadDefaultNSS3TrustDomain(void);
+
+NSS_EXTERN PRStatus
+STAN_Shutdown();
+
+NSS_EXTERN SECStatus
+STAN_AddModuleToDefaultTrustDomain(SECMODModule *module);
+
+NSS_EXTERN SECStatus
+STAN_RemoveModuleFromDefaultTrustDomain(SECMODModule *module);
+
+NSS_EXTERN CERTCertificate *
+STAN_ForceCERTCertificateUpdate(NSSCertificate *c);
+
+NSS_EXTERN CERTCertificate *
+STAN_GetCERTCertificate(NSSCertificate *c);
+
+NSS_EXTERN CERTCertificate *
+STAN_GetCERTCertificateOrRelease(NSSCertificate *c);
+
+NSS_EXTERN NSSCertificate *
+STAN_GetNSSCertificate(CERTCertificate *c);
+
+NSS_EXTERN CERTCertTrust *
+nssTrust_GetCERTCertTrustForCert(NSSCertificate *c, CERTCertificate *cc);
+
+NSS_EXTERN PRStatus
+STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c);
+
+NSS_EXTERN PRStatus
+STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust);
+
+NSS_EXTERN PRStatus
+nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der,
+                                     NSSDER *issuer, NSSDER *serial);
+
+NSS_EXTERN char *
+STAN_GetCERTCertificateName(PLArenaPool *arenaOpt, NSSCertificate *c);
+
+NSS_EXTERN char *
+STAN_GetCERTCertificateNameForInstance(PLArenaPool *arenaOpt,
+                                       NSSCertificate *c,
+                                       nssCryptokiInstance *instance);
+
+/* exposing this */
+NSS_EXTERN NSSCertificate *
+NSSCertificate_Create(NSSArena *arenaOpt);
+
+/* This function is being put here because it is a hack for
+ * PK11_FindCertFromNickname.
+ */
+NSS_EXTERN NSSCertificate *
+nssTrustDomain_FindBestCertificateByNicknameForToken(
+    NSSTrustDomain *td,
+    NSSToken *token,
+    NSSUTF8 *name,
+    NSSTime *timeOpt, /* NULL for "now" */
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt /* NULL for none */
+    );
+
+/* This function is being put here because it is a hack for
+ * PK11_FindCertsFromNickname.
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_FindCertificatesByNicknameForToken(
+    NSSTrustDomain *td,
+    NSSToken *token,
+    NSSUTF8 *name,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt);
+
+/* CERT_TraversePermCertsForSubject */
+NSS_EXTERN PRStatus
+nssTrustDomain_TraverseCertificatesBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg);
+
+/* CERT_TraversePermCertsForNickname */
+NSS_EXTERN PRStatus
+nssTrustDomain_TraverseCertificatesByNickname(
+    NSSTrustDomain *td,
+    NSSUTF8 *nickname,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg);
+
+/* SEC_TraversePermCerts */
+NSS_EXTERN PRStatus
+nssTrustDomain_TraverseCertificates(
+    NSSTrustDomain *td,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg);
+
+/* CERT_AddTempCertToPerm */
+NSS_EXTERN PRStatus
+nssTrustDomain_AddTempCertToPerm(NSSCertificate *c);
+
+PR_END_EXTERN_C
+
+#endif /* PKINSS3HACK_H */
diff --git a/nss/lib/pki/pkibase.c b/nss/lib/pki/pkibase.c
new file mode 100644
index 0000000..4082a37
--- /dev/null
+++ b/nss/lib/pki/pkibase.c
@@ -0,0 +1,1222 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEV_H
+#include "dev.h"
+#endif /* DEV_H */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+#include "pki3hack.h"
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+
+NSS_IMPLEMENT void
+nssPKIObject_Lock(nssPKIObject *object)
+{
+    switch (object->lockType) {
+        case nssPKIMonitor:
+            PZ_EnterMonitor(object->sync.mlock);
+            break;
+        case nssPKILock:
+            PZ_Lock(object->sync.lock);
+            break;
+        default:
+            PORT_Assert(0);
+    }
+}
+
+NSS_IMPLEMENT void
+nssPKIObject_Unlock(nssPKIObject *object)
+{
+    switch (object->lockType) {
+        case nssPKIMonitor:
+            PZ_ExitMonitor(object->sync.mlock);
+            break;
+        case nssPKILock:
+            PZ_Unlock(object->sync.lock);
+            break;
+        default:
+            PORT_Assert(0);
+    }
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIObject_NewLock(nssPKIObject *object, nssPKILockType lockType)
+{
+    object->lockType = lockType;
+    switch (lockType) {
+        case nssPKIMonitor:
+            object->sync.mlock = PZ_NewMonitor(nssILockSSL);
+            return (object->sync.mlock ? PR_SUCCESS : PR_FAILURE);
+        case nssPKILock:
+            object->sync.lock = PZ_NewLock(nssILockSSL);
+            return (object->sync.lock ? PR_SUCCESS : PR_FAILURE);
+        default:
+            PORT_Assert(0);
+            return PR_FAILURE;
+    }
+}
+
+NSS_IMPLEMENT void
+nssPKIObject_DestroyLock(nssPKIObject *object)
+{
+    switch (object->lockType) {
+        case nssPKIMonitor:
+            PZ_DestroyMonitor(object->sync.mlock);
+            object->sync.mlock = NULL;
+            break;
+        case nssPKILock:
+            PZ_DestroyLock(object->sync.lock);
+            object->sync.lock = NULL;
+            break;
+        default:
+            PORT_Assert(0);
+    }
+}
+
+NSS_IMPLEMENT nssPKIObject *
+nssPKIObject_Create(
+    NSSArena *arenaOpt,
+    nssCryptokiObject *instanceOpt,
+    NSSTrustDomain *td,
+    NSSCryptoContext *cc,
+    nssPKILockType lockType)
+{
+    NSSArena *arena;
+    nssArenaMark *mark = NULL;
+    nssPKIObject *object;
+    if (arenaOpt) {
+        arena = arenaOpt;
+        mark = nssArena_Mark(arena);
+    } else {
+        arena = nssArena_Create();
+        if (!arena) {
+            return (nssPKIObject *)NULL;
+        }
+    }
+    object = nss_ZNEW(arena, nssPKIObject);
+    if (!object) {
+        goto loser;
+    }
+    object->arena = arena;
+    object->trustDomain = td; /* XXX */
+    object->cryptoContext = cc;
+    if (PR_SUCCESS != nssPKIObject_NewLock(object, lockType)) {
+        goto loser;
+    }
+    if (instanceOpt) {
+        if (nssPKIObject_AddInstance(object, instanceOpt) != PR_SUCCESS) {
+            goto loser;
+        }
+    }
+    PR_ATOMIC_INCREMENT(&object->refCount);
+    if (mark) {
+        nssArena_Unmark(arena, mark);
+    }
+    return object;
+loser:
+    if (mark) {
+        nssArena_Release(arena, mark);
+    } else {
+        nssArena_Destroy(arena);
+    }
+    return (nssPKIObject *)NULL;
+}
+
+NSS_IMPLEMENT PRBool
+nssPKIObject_Destroy(
+    nssPKIObject *object)
+{
+    PRUint32 i;
+    PR_ASSERT(object->refCount > 0);
+    if (PR_ATOMIC_DECREMENT(&object->refCount) == 0) {
+        for (i = 0; i < object->numInstances; i++) {
+            nssCryptokiObject_Destroy(object->instances[i]);
+        }
+        nssPKIObject_DestroyLock(object);
+        nssArena_Destroy(object->arena);
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+NSS_IMPLEMENT nssPKIObject *
+nssPKIObject_AddRef(
+    nssPKIObject *object)
+{
+    PR_ATOMIC_INCREMENT(&object->refCount);
+    return object;
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIObject_AddInstance(
+    nssPKIObject *object,
+    nssCryptokiObject *instance)
+{
+    nssCryptokiObject **newInstances = NULL;
+
+    nssPKIObject_Lock(object);
+    if (object->numInstances == 0) {
+        newInstances = nss_ZNEWARRAY(object->arena,
+                                     nssCryptokiObject *,
+                                     object->numInstances + 1);
+    } else {
+        PRBool found = PR_FALSE;
+        PRUint32 i;
+        for (i = 0; i < object->numInstances; i++) {
+            if (nssCryptokiObject_Equal(object->instances[i], instance)) {
+                found = PR_TRUE;
+                break;
+            }
+        }
+        if (found) {
+            /* The new instance is identical to one in the array, except
+             * perhaps that the label may be different.  So replace
+             * the label in the array instance with the label from the
+             * new instance, and discard the new instance.
+             */
+            nss_ZFreeIf(object->instances[i]->label);
+            object->instances[i]->label = instance->label;
+            nssPKIObject_Unlock(object);
+            instance->label = NULL;
+            nssCryptokiObject_Destroy(instance);
+            return PR_SUCCESS;
+        }
+        newInstances = nss_ZREALLOCARRAY(object->instances,
+                                         nssCryptokiObject *,
+                                         object->numInstances + 1);
+    }
+    if (newInstances) {
+        object->instances = newInstances;
+        newInstances[object->numInstances++] = instance;
+    }
+    nssPKIObject_Unlock(object);
+    return (newInstances ? PR_SUCCESS : PR_FAILURE);
+}
+
+NSS_IMPLEMENT PRBool
+nssPKIObject_HasInstance(
+    nssPKIObject *object,
+    nssCryptokiObject *instance)
+{
+    PRUint32 i;
+    PRBool hasIt = PR_FALSE;
+    ;
+    nssPKIObject_Lock(object);
+    for (i = 0; i < object->numInstances; i++) {
+        if (nssCryptokiObject_Equal(object->instances[i], instance)) {
+            hasIt = PR_TRUE;
+            break;
+        }
+    }
+    nssPKIObject_Unlock(object);
+    return hasIt;
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIObject_RemoveInstanceForToken(
+    nssPKIObject *object,
+    NSSToken *token)
+{
+    PRUint32 i;
+    nssCryptokiObject *instanceToRemove = NULL;
+    nssPKIObject_Lock(object);
+    if (object->numInstances == 0) {
+        nssPKIObject_Unlock(object);
+        return PR_SUCCESS;
+    }
+    for (i = 0; i < object->numInstances; i++) {
+        if (object->instances[i]->token == token) {
+            instanceToRemove = object->instances[i];
+            object->instances[i] = object->instances[object->numInstances - 1];
+            object->instances[object->numInstances - 1] = NULL;
+            break;
+        }
+    }
+    if (--object->numInstances > 0) {
+        nssCryptokiObject **instances = nss_ZREALLOCARRAY(object->instances,
+                                                          nssCryptokiObject *,
+                                                          object->numInstances);
+        if (instances) {
+            object->instances = instances;
+        }
+    } else {
+        nss_ZFreeIf(object->instances);
+    }
+    nssCryptokiObject_Destroy(instanceToRemove);
+    nssPKIObject_Unlock(object);
+    return PR_SUCCESS;
+}
+
+/* this needs more thought on what will happen when there are multiple
+ * instances
+ */
+NSS_IMPLEMENT PRStatus
+nssPKIObject_DeleteStoredObject(
+    nssPKIObject *object,
+    NSSCallback *uhh,
+    PRBool isFriendly)
+{
+    PRUint32 i, numNotDestroyed;
+    PRStatus status = PR_SUCCESS;
+    numNotDestroyed = 0;
+    nssPKIObject_Lock(object);
+    for (i = 0; i < object->numInstances; i++) {
+        nssCryptokiObject *instance = object->instances[i];
+        status = nssToken_DeleteStoredObject(instance);
+        object->instances[i] = NULL;
+        if (status == PR_SUCCESS) {
+            nssCryptokiObject_Destroy(instance);
+        } else {
+            object->instances[numNotDestroyed++] = instance;
+        }
+    }
+    if (numNotDestroyed == 0) {
+        nss_ZFreeIf(object->instances);
+        object->numInstances = 0;
+    } else {
+        object->numInstances = numNotDestroyed;
+    }
+    nssPKIObject_Unlock(object);
+    return status;
+}
+
+NSS_IMPLEMENT NSSToken **
+nssPKIObject_GetTokens(
+    nssPKIObject *object,
+    PRStatus *statusOpt)
+{
+    NSSToken **tokens = NULL;
+    nssPKIObject_Lock(object);
+    if (object->numInstances > 0) {
+        tokens = nss_ZNEWARRAY(NULL, NSSToken *, object->numInstances + 1);
+        if (tokens) {
+            PRUint32 i;
+            for (i = 0; i < object->numInstances; i++) {
+                tokens[i] = nssToken_AddRef(object->instances[i]->token);
+            }
+        }
+    }
+    nssPKIObject_Unlock(object);
+    if (statusOpt)
+        *statusOpt = PR_SUCCESS; /* until more logic here */
+    return tokens;
+}
+
+NSS_IMPLEMENT NSSUTF8 *
+nssPKIObject_GetNicknameForToken(
+    nssPKIObject *object,
+    NSSToken *tokenOpt)
+{
+    PRUint32 i;
+    NSSUTF8 *nickname = NULL;
+    nssPKIObject_Lock(object);
+    for (i = 0; i < object->numInstances; i++) {
+        if ((!tokenOpt && object->instances[i]->label) ||
+            (object->instances[i]->token == tokenOpt)) {
+            /* Must copy, see bug 745548 */
+            nickname = nssUTF8_Duplicate(object->instances[i]->label, NULL);
+            break;
+        }
+    }
+    nssPKIObject_Unlock(object);
+    return nickname;
+}
+
+NSS_IMPLEMENT nssCryptokiObject **
+nssPKIObject_GetInstances(
+    nssPKIObject *object)
+{
+    nssCryptokiObject **instances = NULL;
+    PRUint32 i;
+    if (object->numInstances == 0) {
+        return (nssCryptokiObject **)NULL;
+    }
+    nssPKIObject_Lock(object);
+    instances = nss_ZNEWARRAY(NULL, nssCryptokiObject *,
+                              object->numInstances + 1);
+    if (instances) {
+        for (i = 0; i < object->numInstances; i++) {
+            instances[i] = nssCryptokiObject_Clone(object->instances[i]);
+        }
+    }
+    nssPKIObject_Unlock(object);
+    return instances;
+}
+
+NSS_IMPLEMENT void
+nssCertificateArray_Destroy(
+    NSSCertificate **certs)
+{
+    if (certs) {
+        NSSCertificate **certp;
+        for (certp = certs; *certp; certp++) {
+            if ((*certp)->decoding) {
+                CERTCertificate *cc = STAN_GetCERTCertificate(*certp);
+                if (cc) {
+                    CERT_DestroyCertificate(cc);
+                }
+                continue;
+            }
+            nssCertificate_Destroy(*certp);
+        }
+        nss_ZFreeIf(certs);
+    }
+}
+
+NSS_IMPLEMENT void
+NSSCertificateArray_Destroy(
+    NSSCertificate **certs)
+{
+    nssCertificateArray_Destroy(certs);
+}
+
+NSS_IMPLEMENT NSSCertificate **
+nssCertificateArray_Join(
+    NSSCertificate **certs1,
+    NSSCertificate **certs2)
+{
+    if (certs1 && certs2) {
+        NSSCertificate **certs, **cp;
+        PRUint32 count = 0;
+        PRUint32 count1 = 0;
+        cp = certs1;
+        while (*cp++)
+            count1++;
+        count = count1;
+        cp = certs2;
+        while (*cp++)
+            count++;
+        certs = nss_ZREALLOCARRAY(certs1, NSSCertificate *, count + 1);
+        if (!certs) {
+            nss_ZFreeIf(certs1);
+            nss_ZFreeIf(certs2);
+            return (NSSCertificate **)NULL;
+        }
+        for (cp = certs2; *cp; cp++, count1++) {
+            certs[count1] = *cp;
+        }
+        nss_ZFreeIf(certs2);
+        return certs;
+    } else if (certs1) {
+        return certs1;
+    } else {
+        return certs2;
+    }
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssCertificateArray_FindBestCertificate(
+    NSSCertificate **certs,
+    NSSTime *timeOpt,
+    const NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    NSSCertificate *bestCert = NULL;
+    nssDecodedCert *bestdc = NULL;
+    NSSTime *time, sTime;
+    PRBool bestCertMatches = PR_FALSE;
+    PRBool thisCertMatches;
+    PRBool bestCertIsValidAtTime = PR_FALSE;
+    PRBool bestCertIsTrusted = PR_FALSE;
+
+    if (timeOpt) {
+        time = timeOpt;
+    } else {
+        NSSTime_Now(&sTime);
+        time = &sTime;
+    }
+    if (!certs) {
+        return (NSSCertificate *)NULL;
+    }
+    for (; *certs; certs++) {
+        nssDecodedCert *dc;
+        NSSCertificate *c = *certs;
+        dc = nssCertificate_GetDecoding(c);
+        if (!dc)
+            continue;
+        thisCertMatches = dc->matchUsage(dc, usage);
+        if (!bestCert) {
+            /* always take the first cert, but remember whether or not
+             * the usage matched
+             */
+            bestCert = nssCertificate_AddRef(c);
+            bestCertMatches = thisCertMatches;
+            bestdc = dc;
+            continue;
+        } else {
+            if (bestCertMatches && !thisCertMatches) {
+                /* if already have a cert for this usage, and if this cert
+                 * doesn't have the correct usage, continue
+                 */
+                continue;
+            } else if (!bestCertMatches && thisCertMatches) {
+                /* this one does match usage, replace the other */
+                nssCertificate_Destroy(bestCert);
+                bestCert = nssCertificate_AddRef(c);
+                bestCertMatches = thisCertMatches;
+                bestdc = dc;
+                continue;
+            }
+            /* this cert match as well as any cert we've found so far,
+             * defer to time/policies
+             * */
+        }
+        /* time */
+        if (bestCertIsValidAtTime || bestdc->isValidAtTime(bestdc, time)) {
+            /* The current best cert is valid at time */
+            bestCertIsValidAtTime = PR_TRUE;
+            if (!dc->isValidAtTime(dc, time)) {
+                /* If the new cert isn't valid at time, it's not better */
+                continue;
+            }
+        } else {
+            /* The current best cert is not valid at time */
+            if (dc->isValidAtTime(dc, time)) {
+                /* If the new cert is valid at time, it's better */
+                nssCertificate_Destroy(bestCert);
+                bestCert = nssCertificate_AddRef(c);
+                bestdc = dc;
+                bestCertIsValidAtTime = PR_TRUE;
+                continue;
+            }
+        }
+        /* Either they are both valid at time, or neither valid.
+         * If only one is trusted for this usage, take it.
+         */
+        if (bestCertIsTrusted || bestdc->isTrustedForUsage(bestdc, usage)) {
+            bestCertIsTrusted = PR_TRUE;
+            if (!dc->isTrustedForUsage(dc, usage)) {
+                continue;
+            }
+        } else {
+            /* The current best cert is not trusted */
+            if (dc->isTrustedForUsage(dc, usage)) {
+                /* If the new cert is trusted, it's better */
+                nssCertificate_Destroy(bestCert);
+                bestCert = nssCertificate_AddRef(c);
+                bestdc = dc;
+                bestCertIsTrusted = PR_TRUE;
+                continue;
+            }
+        }
+        /* Otherwise, take the newer one. */
+        if (!bestdc->isNewerThan(bestdc, dc)) {
+            nssCertificate_Destroy(bestCert);
+            bestCert = nssCertificate_AddRef(c);
+            bestdc = dc;
+            continue;
+        }
+        /* policies */
+        /* XXX later -- defer to policies */
+    }
+    return bestCert;
+}
+
+NSS_IMPLEMENT PRStatus
+nssCertificateArray_Traverse(
+    NSSCertificate **certs,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg)
+{
+    PRStatus status = PR_SUCCESS;
+    if (certs) {
+        NSSCertificate **certp;
+        for (certp = certs; *certp; certp++) {
+            status = (*callback)(*certp, arg);
+            if (status != PR_SUCCESS) {
+                break;
+            }
+        }
+    }
+    return status;
+}
+
+NSS_IMPLEMENT void
+nssCRLArray_Destroy(
+    NSSCRL **crls)
+{
+    if (crls) {
+        NSSCRL **crlp;
+        for (crlp = crls; *crlp; crlp++) {
+            nssCRL_Destroy(*crlp);
+        }
+        nss_ZFreeIf(crls);
+    }
+}
+
+/*
+ * Object collections
+ */
+
+typedef enum {
+    pkiObjectType_Certificate = 0,
+    pkiObjectType_CRL = 1,
+    pkiObjectType_PrivateKey = 2,
+    pkiObjectType_PublicKey = 3
+} pkiObjectType;
+
+/* Each object is defined by a set of items that uniquely identify it.
+ * Here are the uid sets:
+ *
+ * NSSCertificate ==>  { issuer, serial }
+ * NSSPrivateKey
+ *         (RSA) ==> { modulus, public exponent }
+ *
+ */
+#define MAX_ITEMS_FOR_UID 2
+
+/* pkiObjectCollectionNode
+ *
+ * A node in the collection is the set of unique identifiers for a single
+ * object, along with either the actual object or a proto-object.
+ */
+typedef struct
+{
+    PRCList link;
+    PRBool haveObject;
+    nssPKIObject *object;
+    NSSItem uid[MAX_ITEMS_FOR_UID];
+} pkiObjectCollectionNode;
+
+/* nssPKIObjectCollection
+ *
+ * The collection is the set of all objects, plus the interfaces needed
+ * to manage the objects.
+ *
+ */
+struct nssPKIObjectCollectionStr {
+    NSSArena *arena;
+    NSSTrustDomain *td;
+    NSSCryptoContext *cc;
+    PRCList head; /* list of pkiObjectCollectionNode's */
+    PRUint32 size;
+    pkiObjectType objectType;
+    void (*destroyObject)(nssPKIObject *o);
+    PRStatus (*getUIDFromObject)(nssPKIObject *o, NSSItem *uid);
+    PRStatus (*getUIDFromInstance)(nssCryptokiObject *co, NSSItem *uid,
+                                   NSSArena *arena);
+    nssPKIObject *(*createObject)(nssPKIObject *o);
+    nssPKILockType lockType; /* type of lock to use for new proto-objects */
+};
+
+static nssPKIObjectCollection *
+nssPKIObjectCollection_Create(
+    NSSTrustDomain *td,
+    NSSCryptoContext *ccOpt,
+    nssPKILockType lockType)
+{
+    NSSArena *arena;
+    nssPKIObjectCollection *rvCollection = NULL;
+    arena = nssArena_Create();
+    if (!arena) {
+        return (nssPKIObjectCollection *)NULL;
+    }
+    rvCollection = nss_ZNEW(arena, nssPKIObjectCollection);
+    if (!rvCollection) {
+        goto loser;
+    }
+    PR_INIT_CLIST(&rvCollection->head);
+    rvCollection->arena = arena;
+    rvCollection->td = td; /* XXX */
+    rvCollection->cc = ccOpt;
+    rvCollection->lockType = lockType;
+    return rvCollection;
+loser:
+    nssArena_Destroy(arena);
+    return (nssPKIObjectCollection *)NULL;
+}
+
+NSS_IMPLEMENT void
+nssPKIObjectCollection_Destroy(
+    nssPKIObjectCollection *collection)
+{
+    if (collection) {
+        PRCList *link;
+        pkiObjectCollectionNode *node;
+        /* first destroy any objects in the collection */
+        link = PR_NEXT_LINK(&collection->head);
+        while (link != &collection->head) {
+            node = (pkiObjectCollectionNode *)link;
+            if (node->haveObject) {
+                (*collection->destroyObject)(node->object);
+            } else {
+                nssPKIObject_Destroy(node->object);
+            }
+            link = PR_NEXT_LINK(link);
+        }
+        /* then destroy it */
+        nssArena_Destroy(collection->arena);
+    }
+}
+
+NSS_IMPLEMENT PRUint32
+nssPKIObjectCollection_Count(
+    nssPKIObjectCollection *collection)
+{
+    return collection->size;
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIObjectCollection_AddObject(
+    nssPKIObjectCollection *collection,
+    nssPKIObject *object)
+{
+    pkiObjectCollectionNode *node;
+    node = nss_ZNEW(collection->arena, pkiObjectCollectionNode);
+    if (!node) {
+        return PR_FAILURE;
+    }
+    node->haveObject = PR_TRUE;
+    node->object = nssPKIObject_AddRef(object);
+    (*collection->getUIDFromObject)(object, node->uid);
+    PR_INIT_CLIST(&node->link);
+    PR_INSERT_BEFORE(&node->link, &collection->head);
+    collection->size++;
+    return PR_SUCCESS;
+}
+
+static pkiObjectCollectionNode *
+find_instance_in_collection(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject *instance)
+{
+    PRCList *link;
+    pkiObjectCollectionNode *node;
+    link = PR_NEXT_LINK(&collection->head);
+    while (link != &collection->head) {
+        node = (pkiObjectCollectionNode *)link;
+        if (nssPKIObject_HasInstance(node->object, instance)) {
+            return node;
+        }
+        link = PR_NEXT_LINK(link);
+    }
+    return (pkiObjectCollectionNode *)NULL;
+}
+
+static pkiObjectCollectionNode *
+find_object_in_collection(
+    nssPKIObjectCollection *collection,
+    NSSItem *uid)
+{
+    PRUint32 i;
+    PRStatus status;
+    PRCList *link;
+    pkiObjectCollectionNode *node;
+    link = PR_NEXT_LINK(&collection->head);
+    while (link != &collection->head) {
+        node = (pkiObjectCollectionNode *)link;
+        for (i = 0; i < MAX_ITEMS_FOR_UID; i++) {
+            if (!nssItem_Equal(&node->uid[i], &uid[i], &status)) {
+                break;
+            }
+        }
+        if (i == MAX_ITEMS_FOR_UID) {
+            return node;
+        }
+        link = PR_NEXT_LINK(link);
+    }
+    return (pkiObjectCollectionNode *)NULL;
+}
+
+static pkiObjectCollectionNode *
+add_object_instance(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject *instance,
+    PRBool *foundIt)
+{
+    PRUint32 i;
+    PRStatus status;
+    pkiObjectCollectionNode *node;
+    nssArenaMark *mark = NULL;
+    NSSItem uid[MAX_ITEMS_FOR_UID];
+    nsslibc_memset(uid, 0, sizeof uid);
+    /* The list is traversed twice, first (here) looking to match the
+     * { token, handle } tuple, and if that is not found, below a search
+     * for unique identifier is done.  Here, a match means this exact object
+     * instance is already in the collection, and we have nothing to do.
+     */
+    *foundIt = PR_FALSE;
+    node = find_instance_in_collection(collection, instance);
+    if (node) {
+        /* The collection is assumed to take over the instance.  Since we
+         * are not using it, it must be destroyed.
+         */
+        nssCryptokiObject_Destroy(instance);
+        *foundIt = PR_TRUE;
+        return node;
+    }
+    mark = nssArena_Mark(collection->arena);
+    if (!mark) {
+        goto loser;
+    }
+    status = (*collection->getUIDFromInstance)(instance, uid,
+                                               collection->arena);
+    if (status != PR_SUCCESS) {
+        goto loser;
+    }
+    /* Search for unique identifier.  A match here means the object exists
+     * in the collection, but does not have this instance, so the instance
+     * needs to be added.
+     */
+    node = find_object_in_collection(collection, uid);
+    if (node) {
+        /* This is an object with multiple instances */
+        status = nssPKIObject_AddInstance(node->object, instance);
+    } else {
+        /* This is a completely new object.  Create a node for it. */
+        node = nss_ZNEW(collection->arena, pkiObjectCollectionNode);
+        if (!node) {
+            goto loser;
+        }
+        node->object = nssPKIObject_Create(NULL, instance,
+                                           collection->td, collection->cc,
+                                           collection->lockType);
+        if (!node->object) {
+            goto loser;
+        }
+        for (i = 0; i < MAX_ITEMS_FOR_UID; i++) {
+            node->uid[i] = uid[i];
+        }
+        node->haveObject = PR_FALSE;
+        PR_INIT_CLIST(&node->link);
+        PR_INSERT_BEFORE(&node->link, &collection->head);
+        collection->size++;
+        status = PR_SUCCESS;
+    }
+    nssArena_Unmark(collection->arena, mark);
+    return node;
+loser:
+    if (mark) {
+        nssArena_Release(collection->arena, mark);
+    }
+    nssCryptokiObject_Destroy(instance);
+    return (pkiObjectCollectionNode *)NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIObjectCollection_AddInstances(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject **instances,
+    PRUint32 numInstances)
+{
+    PRStatus status = PR_SUCCESS;
+    PRUint32 i = 0;
+    PRBool foundIt;
+    pkiObjectCollectionNode *node;
+    if (instances) {
+        while ((!numInstances || i < numInstances) && *instances) {
+            if (status == PR_SUCCESS) {
+                node = add_object_instance(collection, *instances, &foundIt);
+                if (node == NULL) {
+                    /* add_object_instance freed the current instance */
+                    /* free the remaining instances */
+                    status = PR_FAILURE;
+                }
+            } else {
+                nssCryptokiObject_Destroy(*instances);
+            }
+            instances++;
+            i++;
+        }
+    }
+    return status;
+}
+
+static void
+nssPKIObjectCollection_RemoveNode(
+    nssPKIObjectCollection *collection,
+    pkiObjectCollectionNode *node)
+{
+    PR_REMOVE_LINK(&node->link);
+    collection->size--;
+}
+
+static PRStatus
+nssPKIObjectCollection_GetObjects(
+    nssPKIObjectCollection *collection,
+    nssPKIObject **rvObjects,
+    PRUint32 rvSize)
+{
+    PRUint32 i = 0;
+    PRCList *link = PR_NEXT_LINK(&collection->head);
+    pkiObjectCollectionNode *node;
+    int error = 0;
+    while ((i < rvSize) && (link != &collection->head)) {
+        node = (pkiObjectCollectionNode *)link;
+        if (!node->haveObject) {
+            /* Convert the proto-object to an object */
+            node->object = (*collection->createObject)(node->object);
+            if (!node->object) {
+                link = PR_NEXT_LINK(link);
+                /*remove bogus object from list*/
+                nssPKIObjectCollection_RemoveNode(collection, node);
+                error++;
+                continue;
+            }
+            node->haveObject = PR_TRUE;
+        }
+        rvObjects[i++] = nssPKIObject_AddRef(node->object);
+        link = PR_NEXT_LINK(link);
+    }
+    if (!error && *rvObjects == NULL) {
+        nss_SetError(NSS_ERROR_NOT_FOUND);
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIObjectCollection_Traverse(
+    nssPKIObjectCollection *collection,
+    nssPKIObjectCallback *callback)
+{
+    PRCList *link = PR_NEXT_LINK(&collection->head);
+    pkiObjectCollectionNode *node;
+    while (link != &collection->head) {
+        node = (pkiObjectCollectionNode *)link;
+        if (!node->haveObject) {
+            node->object = (*collection->createObject)(node->object);
+            if (!node->object) {
+                link = PR_NEXT_LINK(link);
+                /*remove bogus object from list*/
+                nssPKIObjectCollection_RemoveNode(collection, node);
+                continue;
+            }
+            node->haveObject = PR_TRUE;
+        }
+        switch (collection->objectType) {
+            case pkiObjectType_Certificate:
+                (void)(*callback->func.cert)((NSSCertificate *)node->object,
+                                             callback->arg);
+                break;
+            case pkiObjectType_CRL:
+                (void)(*callback->func.crl)((NSSCRL *)node->object,
+                                            callback->arg);
+                break;
+            case pkiObjectType_PrivateKey:
+                (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object,
+                                              callback->arg);
+                break;
+            case pkiObjectType_PublicKey:
+                (void)(*callback->func.pbkey)((NSSPublicKey *)node->object,
+                                              callback->arg);
+                break;
+        }
+        link = PR_NEXT_LINK(link);
+    }
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssPKIObjectCollection_AddInstanceAsObject(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject *instance)
+{
+    pkiObjectCollectionNode *node;
+    PRBool foundIt;
+    node = add_object_instance(collection, instance, &foundIt);
+    if (node == NULL) {
+        return PR_FAILURE;
+    }
+    if (!node->haveObject) {
+        node->object = (*collection->createObject)(node->object);
+        if (!node->object) {
+            /*remove bogus object from list*/
+            nssPKIObjectCollection_RemoveNode(collection, node);
+            return PR_FAILURE;
+        }
+        node->haveObject = PR_TRUE;
+    } else if (!foundIt) {
+        /* The instance was added to a pre-existing node.  This
+         * function is *only* being used for certificates, and having
+         * multiple instances of certs in 3.X requires updating the
+         * CERTCertificate.
+         * But only do it if it was a new instance!!!  If the same instance
+         * is encountered, we set *foundIt to true.  Detect that here and
+         * ignore it.
+         */
+        STAN_ForceCERTCertificateUpdate((NSSCertificate *)node->object);
+    }
+    return PR_SUCCESS;
+}
+
+/*
+ * Certificate collections
+ */
+
+static void
+cert_destroyObject(nssPKIObject *o)
+{
+    NSSCertificate *c = (NSSCertificate *)o;
+    if (c->decoding) {
+        CERTCertificate *cc = STAN_GetCERTCertificate(c);
+        if (cc) {
+            CERT_DestroyCertificate(cc);
+            return;
+        } /* else destroy it as NSSCertificate below */
+    }
+    nssCertificate_Destroy(c);
+}
+
+static PRStatus
+cert_getUIDFromObject(nssPKIObject *o, NSSItem *uid)
+{
+    NSSCertificate *c = (NSSCertificate *)o;
+    /* The builtins are still returning decoded serial numbers.  Until
+     * this compatibility issue is resolved, use the full DER of the
+     * cert to uniquely identify it.
+     */
+    NSSDER *derCert;
+    derCert = nssCertificate_GetEncoding(c);
+    uid[0].data = NULL;
+    uid[0].size = 0;
+    uid[1].data = NULL;
+    uid[1].size = 0;
+    if (derCert != NULL) {
+        uid[0] = *derCert;
+    }
+    return PR_SUCCESS;
+}
+
+static PRStatus
+cert_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid,
+                        NSSArena *arena)
+{
+    /* The builtins are still returning decoded serial numbers.  Until
+     * this compatibility issue is resolved, use the full DER of the
+     * cert to uniquely identify it.
+     */
+    uid[1].data = NULL;
+    uid[1].size = 0;
+    return nssCryptokiCertificate_GetAttributes(instance,
+                                                NULL,    /* XXX sessionOpt */
+                                                arena,   /* arena    */
+                                                NULL,    /* type     */
+                                                NULL,    /* id       */
+                                                &uid[0], /* encoding */
+                                                NULL,    /* issuer   */
+                                                NULL,    /* serial   */
+                                                NULL);   /* subject  */
+}
+
+static nssPKIObject *
+cert_createObject(nssPKIObject *o)
+{
+    NSSCertificate *cert;
+    cert = nssCertificate_Create(o);
+    /*    if (STAN_GetCERTCertificate(cert) == NULL) {
+        nssCertificate_Destroy(cert);
+        return (nssPKIObject *)NULL;
+    } */
+    /* In 3.4, have to maintain uniqueness of cert pointers by caching all
+     * certs.  Cache the cert here, before returning.  If it is already
+     * cached, take the cached entry.
+     */
+    {
+        NSSTrustDomain *td = o->trustDomain;
+        nssTrustDomain_AddCertsToCache(td, &cert, 1);
+    }
+    return (nssPKIObject *)cert;
+}
+
+NSS_IMPLEMENT nssPKIObjectCollection *
+nssCertificateCollection_Create(
+    NSSTrustDomain *td,
+    NSSCertificate **certsOpt)
+{
+    nssPKIObjectCollection *collection;
+    collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor);
+    if (!collection) {
+        return NULL;
+    }
+    collection->objectType = pkiObjectType_Certificate;
+    collection->destroyObject = cert_destroyObject;
+    collection->getUIDFromObject = cert_getUIDFromObject;
+    collection->getUIDFromInstance = cert_getUIDFromInstance;
+    collection->createObject = cert_createObject;
+    if (certsOpt) {
+        for (; *certsOpt; certsOpt++) {
+            nssPKIObject *object = (nssPKIObject *)(*certsOpt);
+            (void)nssPKIObjectCollection_AddObject(collection, object);
+        }
+    }
+    return collection;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+nssPKIObjectCollection_GetCertificates(
+    nssPKIObjectCollection *collection,
+    NSSCertificate **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt)
+{
+    PRStatus status;
+    PRUint32 rvSize;
+    PRBool allocated = PR_FALSE;
+    if (collection->size == 0) {
+        return (NSSCertificate **)NULL;
+    }
+    if (maximumOpt == 0) {
+        rvSize = collection->size;
+    } else {
+        rvSize = PR_MIN(collection->size, maximumOpt);
+    }
+    if (!rvOpt) {
+        rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, rvSize + 1);
+        if (!rvOpt) {
+            return (NSSCertificate **)NULL;
+        }
+        allocated = PR_TRUE;
+    }
+    status = nssPKIObjectCollection_GetObjects(collection,
+                                               (nssPKIObject **)rvOpt,
+                                               rvSize);
+    if (status != PR_SUCCESS) {
+        if (allocated) {
+            nss_ZFreeIf(rvOpt);
+        }
+        return (NSSCertificate **)NULL;
+    }
+    return rvOpt;
+}
+
+/*
+ * CRL/KRL collections
+ */
+
+static void
+crl_destroyObject(nssPKIObject *o)
+{
+    NSSCRL *crl = (NSSCRL *)o;
+    nssCRL_Destroy(crl);
+}
+
+static PRStatus
+crl_getUIDFromObject(nssPKIObject *o, NSSItem *uid)
+{
+    NSSCRL *crl = (NSSCRL *)o;
+    NSSDER *encoding;
+    encoding = nssCRL_GetEncoding(crl);
+    if (!encoding) {
+        nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+        return PR_FALSE;
+    }
+    uid[0] = *encoding;
+    uid[1].data = NULL;
+    uid[1].size = 0;
+    return PR_SUCCESS;
+}
+
+static PRStatus
+crl_getUIDFromInstance(nssCryptokiObject *instance, NSSItem *uid,
+                       NSSArena *arena)
+{
+    return nssCryptokiCRL_GetAttributes(instance,
+                                        NULL,    /* XXX sessionOpt */
+                                        arena,   /* arena    */
+                                        &uid[0], /* encoding */
+                                        NULL,    /* subject  */
+                                        NULL,    /* class    */
+                                        NULL,    /* url      */
+                                        NULL);   /* isKRL    */
+}
+
+static nssPKIObject *
+crl_createObject(nssPKIObject *o)
+{
+    return (nssPKIObject *)nssCRL_Create(o);
+}
+
+NSS_IMPLEMENT nssPKIObjectCollection *
+nssCRLCollection_Create(
+    NSSTrustDomain *td,
+    NSSCRL **crlsOpt)
+{
+    nssPKIObjectCollection *collection;
+    collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock);
+    if (!collection) {
+        return NULL;
+    }
+    collection->objectType = pkiObjectType_CRL;
+    collection->destroyObject = crl_destroyObject;
+    collection->getUIDFromObject = crl_getUIDFromObject;
+    collection->getUIDFromInstance = crl_getUIDFromInstance;
+    collection->createObject = crl_createObject;
+    if (crlsOpt) {
+        for (; *crlsOpt; crlsOpt++) {
+            nssPKIObject *object = (nssPKIObject *)(*crlsOpt);
+            (void)nssPKIObjectCollection_AddObject(collection, object);
+        }
+    }
+    return collection;
+}
+
+NSS_IMPLEMENT NSSCRL **
+nssPKIObjectCollection_GetCRLs(
+    nssPKIObjectCollection *collection,
+    NSSCRL **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt)
+{
+    PRStatus status;
+    PRUint32 rvSize;
+    PRBool allocated = PR_FALSE;
+    if (collection->size == 0) {
+        return (NSSCRL **)NULL;
+    }
+    if (maximumOpt == 0) {
+        rvSize = collection->size;
+    } else {
+        rvSize = PR_MIN(collection->size, maximumOpt);
+    }
+    if (!rvOpt) {
+        rvOpt = nss_ZNEWARRAY(arenaOpt, NSSCRL *, rvSize + 1);
+        if (!rvOpt) {
+            return (NSSCRL **)NULL;
+        }
+        allocated = PR_TRUE;
+    }
+    status = nssPKIObjectCollection_GetObjects(collection,
+                                               (nssPKIObject **)rvOpt,
+                                               rvSize);
+    if (status != PR_SUCCESS) {
+        if (allocated) {
+            nss_ZFreeIf(rvOpt);
+        }
+        return (NSSCRL **)NULL;
+    }
+    return rvOpt;
+}
+
+/* how bad would it be to have a static now sitting around, updated whenever
+ * this was called?  would avoid repeated allocs...
+ */
+NSS_IMPLEMENT NSSTime *
+NSSTime_Now(NSSTime *timeOpt)
+{
+    return NSSTime_SetPRTime(timeOpt, PR_Now());
+}
+
+NSS_IMPLEMENT NSSTime *
+NSSTime_SetPRTime(
+    NSSTime *timeOpt,
+    PRTime prTime)
+{
+    NSSTime *rvTime;
+    rvTime = (timeOpt) ? timeOpt : nss_ZNEW(NULL, NSSTime);
+    if (rvTime) {
+        rvTime->prTime = prTime;
+    }
+    return rvTime;
+}
+
+NSS_IMPLEMENT PRTime
+NSSTime_GetPRTime(
+    NSSTime *time)
+{
+    return time->prTime;
+}
diff --git a/nss/lib/pki/pkim.h b/nss/lib/pki/pkim.h
new file mode 100644
index 0000000..3be3337
--- /dev/null
+++ b/nss/lib/pki/pkim.h
@@ -0,0 +1,547 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIM_H
+#define PKIM_H
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#ifndef PKI_H
+#include "pki.h"
+#endif /* PKI_H */
+
+#ifndef PKITM_H
+#include "pkitm.h"
+#endif /* PKITM_H */
+
+PR_BEGIN_EXTERN_C
+
+/* nssPKIObject
+ *
+ * This is the base object class, common to all PKI objects defined in
+ * in this module.  Each object can be safely 'casted' to an nssPKIObject,
+ * then passed to these methods.
+ *
+ * nssPKIObject_Create
+ * nssPKIObject_Destroy
+ * nssPKIObject_AddRef
+ * nssPKIObject_AddInstance
+ * nssPKIObject_HasInstance
+ * nssPKIObject_GetTokens
+ * nssPKIObject_GetNicknameForToken
+ * nssPKIObject_RemoveInstanceForToken
+ * nssPKIObject_DeleteStoredObject
+ */
+
+NSS_EXTERN void nssPKIObject_Lock(nssPKIObject *object);
+NSS_EXTERN void nssPKIObject_Unlock(nssPKIObject *object);
+NSS_EXTERN PRStatus nssPKIObject_NewLock(nssPKIObject *object,
+                                         nssPKILockType lockType);
+NSS_EXTERN void nssPKIObject_DestroyLock(nssPKIObject *object);
+
+/* nssPKIObject_Create
+ *
+ * A generic PKI object.  It must live in a trust domain.  It may be
+ * initialized with a token instance, or alternatively in a crypto context.
+ */
+NSS_EXTERN nssPKIObject *
+nssPKIObject_Create(
+    NSSArena *arenaOpt,
+    nssCryptokiObject *instanceOpt,
+    NSSTrustDomain *td,
+    NSSCryptoContext *ccOpt,
+    nssPKILockType lockType);
+
+/* nssPKIObject_AddRef
+ */
+NSS_EXTERN nssPKIObject *
+nssPKIObject_AddRef(nssPKIObject *object);
+
+/* nssPKIObject_Destroy
+ *
+ * Returns true if object was destroyed.  This notifies the subclass that
+ * all references are gone and it should delete any members it owns.
+ */
+NSS_EXTERN PRBool
+nssPKIObject_Destroy(nssPKIObject *object);
+
+/* nssPKIObject_AddInstance
+ *
+ * Add a token instance to the object, if it does not have it already.
+ */
+NSS_EXTERN PRStatus
+nssPKIObject_AddInstance(
+    nssPKIObject *object,
+    nssCryptokiObject *instance);
+
+/* nssPKIObject_HasInstance
+ *
+ * Query the object for a token instance.
+ */
+NSS_EXTERN PRBool
+nssPKIObject_HasInstance(
+    nssPKIObject *object,
+    nssCryptokiObject *instance);
+
+/* nssPKIObject_GetTokens
+ *
+ * Get all tokens which have an instance of the object.
+ */
+NSS_EXTERN NSSToken **
+nssPKIObject_GetTokens(
+    nssPKIObject *object,
+    PRStatus *statusOpt);
+
+/* nssPKIObject_GetNicknameForToken
+ *
+ * tokenOpt == NULL means take the first available, otherwise return the
+ * nickname for the specified token.
+ */
+NSS_EXTERN NSSUTF8 *
+nssPKIObject_GetNicknameForToken(
+    nssPKIObject *object,
+    NSSToken *tokenOpt);
+
+/* nssPKIObject_RemoveInstanceForToken
+ *
+ * Remove the instance of the object on the specified token.
+ */
+NSS_EXTERN PRStatus
+nssPKIObject_RemoveInstanceForToken(
+    nssPKIObject *object,
+    NSSToken *token);
+
+/* nssPKIObject_DeleteStoredObject
+ *
+ * Delete all token instances of the object, as well as any crypto context
+ * instances (TODO).  If any of the instances are read-only, or if the
+ * removal fails, the object will keep those instances.  'isFriendly' refers
+ * to the object -- can this object be removed from a friendly token without
+ * login?  For example, certificates are friendly, private keys are not.
+ * Note that if the token is not friendly, authentication will be required
+ * regardless of the value of 'isFriendly'.
+ */
+NSS_EXTERN PRStatus
+nssPKIObject_DeleteStoredObject(
+    nssPKIObject *object,
+    NSSCallback *uhh,
+    PRBool isFriendly);
+
+NSS_EXTERN nssCryptokiObject **
+nssPKIObject_GetInstances(
+    nssPKIObject *object);
+
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_FindCertificatesByID(
+    NSSTrustDomain *td,
+    NSSItem *id,
+    NSSCertificate **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSCRL **
+nssTrustDomain_FindCRLsBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject);
+
+/* module-private nsspki methods */
+
+NSS_EXTERN NSSCryptoContext *
+nssCryptoContext_Create(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt);
+
+/* XXX for the collection */
+NSS_EXTERN NSSCertificate *
+nssCertificate_Create(nssPKIObject *object);
+
+NSS_EXTERN PRStatus
+nssCertificate_SetCertTrust(
+    NSSCertificate *c,
+    NSSTrust *trust);
+
+NSS_EXTERN nssDecodedCert *
+nssCertificate_GetDecoding(NSSCertificate *c);
+
+extern PRIntn
+nssCertificate_SubjectListSort(
+    void *v1,
+    void *v2);
+
+NSS_EXTERN nssDecodedCert *
+nssDecodedCert_Create(
+    NSSArena *arenaOpt,
+    NSSDER *encoding,
+    NSSCertificateType type);
+
+NSS_EXTERN PRStatus
+nssDecodedCert_Destroy(nssDecodedCert *dc);
+
+NSS_EXTERN NSSTrust *
+nssTrust_Create(
+    nssPKIObject *object,
+    NSSItem *certData);
+
+NSS_EXTERN NSSCRL *
+nssCRL_Create(nssPKIObject *object);
+
+NSS_EXTERN NSSCRL *
+nssCRL_AddRef(NSSCRL *crl);
+
+NSS_EXTERN PRStatus
+nssCRL_Destroy(NSSCRL *crl);
+
+NSS_EXTERN PRStatus
+nssCRL_DeleteStoredObject(
+    NSSCRL *crl,
+    NSSCallback *uhh);
+
+NSS_EXTERN NSSPrivateKey *
+nssPrivateKey_Create(nssPKIObject *o);
+
+NSS_EXTERN NSSDER *
+nssCRL_GetEncoding(NSSCRL *crl);
+
+NSS_EXTERN NSSPublicKey *
+nssPublicKey_Create(nssPKIObject *object);
+
+/* nssCertificateArray
+ *
+ * These are being thrown around a lot, might as well group together some
+ * functionality.
+ *
+ * nssCertificateArray_Destroy
+ * nssCertificateArray_Join
+ * nssCertificateArray_FindBestCertificate
+ * nssCertificateArray_Traverse
+ */
+
+/* nssCertificateArray_Destroy
+ *
+ * Will destroy the array and the certs within it.  If the array was created
+ * in an arena, will *not* (of course) destroy the arena.  However, is safe
+ * to call this method on an arena-allocated array.
+ */
+NSS_EXTERN void
+nssCertificateArray_Destroy(NSSCertificate **certs);
+
+/* nssCertificateArray_Join
+ *
+ * Join two arrays into one.  The two arrays, certs1 and certs2, should
+ * be considered invalid after a call to this function (they may be destroyed
+ * as part of the join).  certs1 and/or certs2 may be NULL.  Safe to
+ * call with arrays allocated in an arena, the result will also be in the
+ * arena.
+ */
+NSS_EXTERN NSSCertificate **
+nssCertificateArray_Join(
+    NSSCertificate **certs1,
+    NSSCertificate **certs2);
+
+/* nssCertificateArray_FindBestCertificate
+ *
+ * Use the usual { time, usage, policies } to find the best cert in the
+ * array.
+ */
+NSS_EXTERN NSSCertificate *
+nssCertificateArray_FindBestCertificate(
+    NSSCertificate **certs,
+    NSSTime *timeOpt,
+    const NSSUsage *usage,
+    NSSPolicies *policiesOpt);
+
+/* nssCertificateArray_Traverse
+ *
+ * Do the callback for each cert, terminate the traversal if the callback
+ * fails.
+ */
+NSS_EXTERN PRStatus
+nssCertificateArray_Traverse(
+    NSSCertificate **certs,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg);
+
+NSS_EXTERN void
+nssCRLArray_Destroy(NSSCRL **crls);
+
+/* nssPKIObjectCollection
+ *
+ * This is a handy way to group objects together and perform operations
+ * on them.  It can also handle "proto-objects"-- references to
+ * objects instances on tokens, where the actual object hasn't
+ * been formed yet.
+ *
+ * nssCertificateCollection_Create
+ * nssPrivateKeyCollection_Create
+ * nssPublicKeyCollection_Create
+ *
+ * If this was a language that provided for inheritance, each type would
+ * inherit all of the following methods.  Instead, there is only one
+ * type (nssPKIObjectCollection), shared among all.  This may cause
+ * confusion; an alternative would be to define all of the methods
+ * for each subtype (nssCertificateCollection_Destroy, ...), but that doesn't
+ * seem worth the code bloat..  It is left up to the caller to remember
+ * what type of collection he/she is dealing with.
+ *
+ * nssPKIObjectCollection_Destroy
+ * nssPKIObjectCollection_Count
+ * nssPKIObjectCollection_AddObject
+ * nssPKIObjectCollection_AddInstances
+ * nssPKIObjectCollection_Traverse
+ *
+ * Back to type-specific methods.
+ *
+ * nssPKIObjectCollection_GetCertificates
+ * nssPKIObjectCollection_GetCRLs
+ * nssPKIObjectCollection_GetPrivateKeys
+ * nssPKIObjectCollection_GetPublicKeys
+ */
+
+/* nssCertificateCollection_Create
+ *
+ * Create a collection of certificates in the specified trust domain.
+ * Optionally provide a starting set of certs.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssCertificateCollection_Create(
+    NSSTrustDomain *td,
+    NSSCertificate **certsOpt);
+
+/* nssCRLCollection_Create
+ *
+ * Create a collection of CRLs/KRLs in the specified trust domain.
+ * Optionally provide a starting set of CRLs.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssCRLCollection_Create(
+    NSSTrustDomain *td,
+    NSSCRL **crlsOpt);
+
+/* nssPrivateKeyCollection_Create
+ *
+ * Create a collection of private keys in the specified trust domain.
+ * Optionally provide a starting set of keys.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssPrivateKeyCollection_Create(
+    NSSTrustDomain *td,
+    NSSPrivateKey **pvkOpt);
+
+/* nssPublicKeyCollection_Create
+ *
+ * Create a collection of public keys in the specified trust domain.
+ * Optionally provide a starting set of keys.
+ */
+NSS_EXTERN nssPKIObjectCollection *
+nssPublicKeyCollection_Create(
+    NSSTrustDomain *td,
+    NSSPublicKey **pvkOpt);
+
+/* nssPKIObjectCollection_Destroy
+ */
+NSS_EXTERN void
+nssPKIObjectCollection_Destroy(nssPKIObjectCollection *collection);
+
+/* nssPKIObjectCollection_Count
+ */
+NSS_EXTERN PRUint32
+nssPKIObjectCollection_Count(nssPKIObjectCollection *collection);
+
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_AddObject(
+    nssPKIObjectCollection *collection,
+    nssPKIObject *object);
+
+/* nssPKIObjectCollection_AddInstances
+ *
+ * Add a set of object instances to the collection.  The instances
+ * will be sorted into any existing certs/proto-certs that may be in
+ * the collection.  The instances will be absorbed by the collection,
+ * the array should not be used after this call (except to free it).
+ *
+ * Failure means the collection is in an invalid state.
+ *
+ * numInstances = 0 means the array is NULL-terminated
+ */
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_AddInstances(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject **instances,
+    PRUint32 numInstances);
+
+/* nssPKIObjectCollection_Traverse
+ */
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_Traverse(
+    nssPKIObjectCollection *collection,
+    nssPKIObjectCallback *callback);
+
+/* This function is being added for NSS 3.5.  It corresponds to the function
+ * nssToken_TraverseCertificates.  The idea is to use the collection during
+ * a traversal, creating certs each time a new instance is added for which
+ * a cert does not already exist.
+ */
+NSS_EXTERN PRStatus
+nssPKIObjectCollection_AddInstanceAsObject(
+    nssPKIObjectCollection *collection,
+    nssCryptokiObject *instance);
+
+/* nssPKIObjectCollection_GetCertificates
+ *
+ * Get all of the certificates in the collection.
+ */
+NSS_EXTERN NSSCertificate **
+nssPKIObjectCollection_GetCertificates(
+    nssPKIObjectCollection *collection,
+    NSSCertificate **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSCRL **
+nssPKIObjectCollection_GetCRLs(
+    nssPKIObjectCollection *collection,
+    NSSCRL **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSPrivateKey **
+nssPKIObjectCollection_GetPrivateKeys(
+    nssPKIObjectCollection *collection,
+    NSSPrivateKey **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSPublicKey **
+nssPKIObjectCollection_GetPublicKeys(
+    nssPKIObjectCollection *collection,
+    NSSPublicKey **rvOpt,
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSTime *
+NSSTime_Now(NSSTime *timeOpt);
+
+NSS_EXTERN NSSTime *
+NSSTime_SetPRTime(
+    NSSTime *timeOpt,
+    PRTime prTime);
+
+NSS_EXTERN PRTime
+NSSTime_GetPRTime(
+    NSSTime *time);
+
+NSS_EXTERN nssHash *
+nssHash_CreateCertificate(
+    NSSArena *arenaOpt,
+    PRUint32 numBuckets);
+
+/* 3.4 Certificate cache routines */
+
+NSS_EXTERN PRStatus
+nssTrustDomain_InitializeCache(
+    NSSTrustDomain *td,
+    PRUint32 cacheSize);
+
+NSS_EXTERN PRStatus
+nssTrustDomain_AddCertsToCache(
+    NSSTrustDomain *td,
+    NSSCertificate **certs,
+    PRUint32 numCerts);
+
+NSS_EXTERN void
+nssTrustDomain_RemoveCertFromCacheLOCKED(
+    NSSTrustDomain *td,
+    NSSCertificate *cert);
+
+NSS_EXTERN void
+nssTrustDomain_LockCertCache(NSSTrustDomain *td);
+
+NSS_EXTERN void
+nssTrustDomain_UnlockCertCache(NSSTrustDomain *td);
+
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_DestroyCache(NSSTrustDomain *td);
+
+/*
+ * Remove all certs for the given token from the cache.  This is
+ * needed if the token is removed.
+ */
+NSS_EXTERN PRStatus
+nssTrustDomain_RemoveTokenCertsFromCache(
+    NSSTrustDomain *td,
+    NSSToken *token);
+
+NSS_EXTERN PRStatus
+nssTrustDomain_UpdateCachedTokenCerts(
+    NSSTrustDomain *td,
+    NSSToken *token);
+
+/*
+ * Find all cached certs with this nickname (label).
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsForNicknameFromCache(
+    NSSTrustDomain *td,
+    const NSSUTF8 *nickname,
+    nssList *certListOpt);
+
+/*
+ * Find all cached certs with this email address.
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsForEmailAddressFromCache(
+    NSSTrustDomain *td,
+    NSSASCII7 *email,
+    nssList *certListOpt);
+
+/*
+ * Find all cached certs with this subject.
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsForSubjectFromCache(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    nssList *certListOpt);
+
+/*
+ * Look for a specific cert in the cache.
+ */
+NSS_EXTERN NSSCertificate *
+nssTrustDomain_GetCertForIssuerAndSNFromCache(
+    NSSTrustDomain *td,
+    NSSDER *issuer,
+    NSSDER *serialNum);
+
+/*
+ * Look for a specific cert in the cache.
+ */
+NSS_EXTERN NSSCertificate *
+nssTrustDomain_GetCertByDERFromCache(
+    NSSTrustDomain *td,
+    NSSDER *der);
+
+/* Get all certs from the cache */
+/* XXX this is being included to make some old-style calls word, not to
+ *     say we should keep it
+ */
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsFromCache(
+    NSSTrustDomain *td,
+    nssList *certListOpt);
+
+NSS_EXTERN void
+nssTrustDomain_DumpCacheInfo(
+    NSSTrustDomain *td,
+    void (*cert_dump_iter)(const void *, void *, void *),
+    void *arg);
+
+NSS_EXTERN void
+nssCertificateList_AddReferences(
+    nssList *certList);
+
+PR_END_EXTERN_C
+
+#endif /* PKIM_H */
diff --git a/nss/lib/pki/pkistore.c b/nss/lib/pki/pkistore.c
new file mode 100644
index 0000000..6113442
--- /dev/null
+++ b/nss/lib/pki/pkistore.c
@@ -0,0 +1,675 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+#ifndef PKI_H
+#include "pki.h"
+#endif /* PKI_H */
+
+#ifndef NSSPKI_H
+#include "nsspki.h"
+#endif /* NSSPKI_H */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#ifndef PKISTORE_H
+#include "pkistore.h"
+#endif /* PKISTORE_H */
+
+#include "cert.h"
+#include "pki3hack.h"
+
+#include "prbit.h"
+
+/*
+ * Certificate Store
+ *
+ * This differs from the cache in that it is a true storage facility.  Items
+ * stay in until they are explicitly removed.  It is only used by crypto
+ * contexts at this time, but may be more generally useful...
+ *
+ */
+
+struct nssCertificateStoreStr {
+    PRBool i_alloced_arena;
+    NSSArena *arena;
+    PZLock *lock;
+    nssHash *subject;
+    nssHash *issuer_and_serial;
+};
+
+typedef struct certificate_hash_entry_str certificate_hash_entry;
+
+struct certificate_hash_entry_str {
+    NSSCertificate *cert;
+    NSSTrust *trust;
+    nssSMIMEProfile *profile;
+};
+
+/* forward static declarations */
+static NSSCertificate *
+nssCertStore_FindCertByIssuerAndSerialNumberLocked(
+    nssCertificateStore *store,
+    NSSDER *issuer,
+    NSSDER *serial);
+
+NSS_IMPLEMENT nssCertificateStore *
+nssCertificateStore_Create(NSSArena *arenaOpt)
+{
+    NSSArena *arena;
+    nssCertificateStore *store;
+    PRBool i_alloced_arena;
+    if (arenaOpt) {
+        arena = arenaOpt;
+        i_alloced_arena = PR_FALSE;
+    } else {
+        arena = nssArena_Create();
+        if (!arena) {
+            return NULL;
+        }
+        i_alloced_arena = PR_TRUE;
+    }
+    store = nss_ZNEW(arena, nssCertificateStore);
+    if (!store) {
+        goto loser;
+    }
+    store->lock = PZ_NewLock(nssILockOther);
+    if (!store->lock) {
+        goto loser;
+    }
+    /* Create the issuer/serial --> {cert, trust, S/MIME profile } hash */
+    store->issuer_and_serial = nssHash_CreateCertificate(arena, 0);
+    if (!store->issuer_and_serial) {
+        goto loser;
+    }
+    /* Create the subject DER --> subject list hash */
+    store->subject = nssHash_CreateItem(arena, 0);
+    if (!store->subject) {
+        goto loser;
+    }
+    store->arena = arena;
+    store->i_alloced_arena = i_alloced_arena;
+    return store;
+loser:
+    if (store) {
+        if (store->lock) {
+            PZ_DestroyLock(store->lock);
+        }
+        if (store->issuer_and_serial) {
+            nssHash_Destroy(store->issuer_and_serial);
+        }
+        if (store->subject) {
+            nssHash_Destroy(store->subject);
+        }
+    }
+    if (i_alloced_arena) {
+        nssArena_Destroy(arena);
+    }
+    return NULL;
+}
+
+extern const NSSError NSS_ERROR_BUSY;
+
+NSS_IMPLEMENT PRStatus
+nssCertificateStore_Destroy(nssCertificateStore *store)
+{
+    if (nssHash_Count(store->issuer_and_serial) > 0) {
+        nss_SetError(NSS_ERROR_BUSY);
+        return PR_FAILURE;
+    }
+    PZ_DestroyLock(store->lock);
+    nssHash_Destroy(store->issuer_and_serial);
+    nssHash_Destroy(store->subject);
+    if (store->i_alloced_arena) {
+        nssArena_Destroy(store->arena);
+    } else {
+        nss_ZFreeIf(store);
+    }
+    return PR_SUCCESS;
+}
+
+static PRStatus
+add_certificate_entry(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    PRStatus nssrv;
+    certificate_hash_entry *entry;
+    entry = nss_ZNEW(cert->object.arena, certificate_hash_entry);
+    if (!entry) {
+        return PR_FAILURE;
+    }
+    entry->cert = cert;
+    nssrv = nssHash_Add(store->issuer_and_serial, cert, entry);
+    if (nssrv != PR_SUCCESS) {
+        nss_ZFreeIf(entry);
+    }
+    return nssrv;
+}
+
+static PRStatus
+add_subject_entry(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    PRStatus nssrv;
+    nssList *subjectList;
+    subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
+    if (subjectList) {
+        /* The subject is already in, add this cert to the list */
+        nssrv = nssList_AddUnique(subjectList, cert);
+    } else {
+        /* Create a new subject list for the subject */
+        subjectList = nssList_Create(NULL, PR_FALSE);
+        if (!subjectList) {
+            return PR_FAILURE;
+        }
+        nssList_SetSortFunction(subjectList, nssCertificate_SubjectListSort);
+        /* Add the cert entry to this list of subjects */
+        nssrv = nssList_Add(subjectList, cert);
+        if (nssrv != PR_SUCCESS) {
+            return nssrv;
+        }
+        /* Add the subject list to the cache */
+        nssrv = nssHash_Add(store->subject, &cert->subject, subjectList);
+    }
+    return nssrv;
+}
+
+/* declared below */
+static void
+remove_certificate_entry(
+    nssCertificateStore *store,
+    NSSCertificate *cert);
+
+/* Caller must hold store->lock */
+static PRStatus
+nssCertificateStore_AddLocked(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    PRStatus nssrv = add_certificate_entry(store, cert);
+    if (nssrv == PR_SUCCESS) {
+        nssrv = add_subject_entry(store, cert);
+        if (nssrv == PR_FAILURE) {
+            remove_certificate_entry(store, cert);
+        }
+    }
+    return nssrv;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssCertificateStore_FindOrAdd(
+    nssCertificateStore *store,
+    NSSCertificate *c)
+{
+    PRStatus nssrv;
+    NSSCertificate *rvCert = NULL;
+
+    PZ_Lock(store->lock);
+    rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked(
+        store, &c->issuer, &c->serial);
+    if (!rvCert) {
+        nssrv = nssCertificateStore_AddLocked(store, c);
+        if (PR_SUCCESS == nssrv) {
+            rvCert = nssCertificate_AddRef(c);
+        }
+    }
+    PZ_Unlock(store->lock);
+    return rvCert;
+}
+
+static void
+remove_certificate_entry(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    certificate_hash_entry *entry;
+    entry = (certificate_hash_entry *)
+        nssHash_Lookup(store->issuer_and_serial, cert);
+    if (entry) {
+        nssHash_Remove(store->issuer_and_serial, cert);
+        if (entry->trust) {
+            nssTrust_Destroy(entry->trust);
+        }
+        if (entry->profile) {
+            nssSMIMEProfile_Destroy(entry->profile);
+        }
+        nss_ZFreeIf(entry);
+    }
+}
+
+static void
+remove_subject_entry(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    nssList *subjectList;
+    /* Get the subject list for the cert's subject */
+    subjectList = (nssList *)nssHash_Lookup(store->subject, &cert->subject);
+    if (subjectList) {
+        /* Remove the cert from the subject hash */
+        nssList_Remove(subjectList, cert);
+        nssHash_Remove(store->subject, &cert->subject);
+        if (nssList_Count(subjectList) == 0) {
+            nssList_Destroy(subjectList);
+        } else {
+            /* The cert being released may have keyed the subject entry.
+             * Since there are still subject certs around, get another and
+             * rekey the entry just in case.
+             */
+            NSSCertificate *subjectCert;
+            (void)nssList_GetArray(subjectList, (void **)&subjectCert, 1);
+            nssHash_Add(store->subject, &subjectCert->subject, subjectList);
+        }
+    }
+}
+
+NSS_IMPLEMENT void
+nssCertificateStore_RemoveCertLOCKED(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    certificate_hash_entry *entry;
+    entry = (certificate_hash_entry *)
+        nssHash_Lookup(store->issuer_and_serial, cert);
+    if (entry && entry->cert == cert) {
+        remove_certificate_entry(store, cert);
+        remove_subject_entry(store, cert);
+    }
+}
+
+NSS_IMPLEMENT void
+nssCertificateStore_Lock(nssCertificateStore *store, nssCertificateStoreTrace *out)
+{
+#ifdef DEBUG
+    PORT_Assert(out);
+    out->store = store;
+    out->lock = store->lock;
+    out->locked = PR_TRUE;
+    PZ_Lock(out->lock);
+#else
+    PZ_Lock(store->lock);
+#endif
+}
+
+NSS_IMPLEMENT void
+nssCertificateStore_Unlock(
+    nssCertificateStore *store, const nssCertificateStoreTrace *in,
+    nssCertificateStoreTrace *out)
+{
+#ifdef DEBUG
+    PORT_Assert(in);
+    PORT_Assert(out);
+    out->store = store;
+    out->lock = store->lock;
+    PORT_Assert(!out->locked);
+    out->unlocked = PR_TRUE;
+
+    PORT_Assert(in->store == out->store);
+    PORT_Assert(in->lock == out->lock);
+    PORT_Assert(in->locked);
+    PORT_Assert(!in->unlocked);
+
+    PZ_Unlock(out->lock);
+#else
+    PZ_Unlock(store->lock);
+#endif
+}
+
+static NSSCertificate **
+get_array_from_list(
+    nssList *certList,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt)
+{
+    PRUint32 count;
+    NSSCertificate **rvArray = NULL;
+    count = nssList_Count(certList);
+    if (count == 0) {
+        return NULL;
+    }
+    if (maximumOpt > 0) {
+        count = PR_MIN(maximumOpt, count);
+    }
+    if (rvOpt) {
+        nssList_GetArray(certList, (void **)rvOpt, count);
+    } else {
+        rvArray = nss_ZNEWARRAY(arenaOpt, NSSCertificate *, count + 1);
+        if (rvArray) {
+            nssList_GetArray(certList, (void **)rvArray, count);
+        }
+    }
+    return rvArray;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+nssCertificateStore_FindCertificatesBySubject(
+    nssCertificateStore *store,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt)
+{
+    NSSCertificate **rvArray = NULL;
+    nssList *subjectList;
+    PZ_Lock(store->lock);
+    subjectList = (nssList *)nssHash_Lookup(store->subject, subject);
+    if (subjectList) {
+        nssCertificateList_AddReferences(subjectList);
+        rvArray = get_array_from_list(subjectList,
+                                      rvOpt, maximumOpt, arenaOpt);
+    }
+    PZ_Unlock(store->lock);
+    return rvArray;
+}
+
+/* Because only subject indexing is implemented, all other lookups require
+ * full traversal (unfortunately, PLHashTable doesn't allow you to exit
+ * early from the enumeration).  The assumptions are that 1) lookups by
+ * fields other than subject will be rare, and 2) the hash will not have
+ * a large number of entries.  These assumptions will be tested.
+ *
+ * XXX
+ * For NSS 3.4, it is worth consideration to do all forms of indexing,
+ * because the only crypto context is global and persistent.
+ */
+
+struct nickname_template_str {
+    NSSUTF8 *nickname;
+    nssList *subjectList;
+};
+
+static void
+match_nickname(const void *k, void *v, void *a)
+{
+    PRStatus nssrv;
+    NSSCertificate *c;
+    NSSUTF8 *nickname;
+    nssList *subjectList = (nssList *)v;
+    struct nickname_template_str *nt = (struct nickname_template_str *)a;
+    nssrv = nssList_GetArray(subjectList, (void **)&c, 1);
+    nickname = nssCertificate_GetNickname(c, NULL);
+    if (nssrv == PR_SUCCESS && nickname &&
+        nssUTF8_Equal(nickname, nt->nickname, &nssrv)) {
+        nt->subjectList = subjectList;
+    }
+    nss_ZFreeIf(nickname);
+}
+
+/*
+ * Find all cached certs with this label.
+ */
+NSS_IMPLEMENT NSSCertificate **
+nssCertificateStore_FindCertificatesByNickname(
+    nssCertificateStore *store,
+    const NSSUTF8 *nickname,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt)
+{
+    NSSCertificate **rvArray = NULL;
+    struct nickname_template_str nt;
+    nt.nickname = (char *)nickname;
+    nt.subjectList = NULL;
+    PZ_Lock(store->lock);
+    nssHash_Iterate(store->subject, match_nickname, &nt);
+    if (nt.subjectList) {
+        nssCertificateList_AddReferences(nt.subjectList);
+        rvArray = get_array_from_list(nt.subjectList,
+                                      rvOpt, maximumOpt, arenaOpt);
+    }
+    PZ_Unlock(store->lock);
+    return rvArray;
+}
+
+struct email_template_str {
+    NSSASCII7 *email;
+    nssList *emailList;
+};
+
+static void
+match_email(const void *k, void *v, void *a)
+{
+    PRStatus nssrv;
+    NSSCertificate *c;
+    nssList *subjectList = (nssList *)v;
+    struct email_template_str *et = (struct email_template_str *)a;
+    nssrv = nssList_GetArray(subjectList, (void **)&c, 1);
+    if (nssrv == PR_SUCCESS &&
+        nssUTF8_Equal(c->email, et->email, &nssrv)) {
+        nssListIterator *iter = nssList_CreateIterator(subjectList);
+        if (iter) {
+            for (c = (NSSCertificate *)nssListIterator_Start(iter);
+                 c != (NSSCertificate *)NULL;
+                 c = (NSSCertificate *)nssListIterator_Next(iter)) {
+                nssList_Add(et->emailList, c);
+            }
+            nssListIterator_Finish(iter);
+            nssListIterator_Destroy(iter);
+        }
+    }
+}
+
+/*
+ * Find all cached certs with this email address.
+ */
+NSS_IMPLEMENT NSSCertificate **
+nssCertificateStore_FindCertificatesByEmail(
+    nssCertificateStore *store,
+    NSSASCII7 *email,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt)
+{
+    NSSCertificate **rvArray = NULL;
+    struct email_template_str et;
+    et.email = email;
+    et.emailList = nssList_Create(NULL, PR_FALSE);
+    if (!et.emailList) {
+        return NULL;
+    }
+    PZ_Lock(store->lock);
+    nssHash_Iterate(store->subject, match_email, &et);
+    if (et.emailList) {
+        /* get references before leaving the store's lock protection */
+        nssCertificateList_AddReferences(et.emailList);
+    }
+    PZ_Unlock(store->lock);
+    if (et.emailList) {
+        rvArray = get_array_from_list(et.emailList,
+                                      rvOpt, maximumOpt, arenaOpt);
+        nssList_Destroy(et.emailList);
+    }
+    return rvArray;
+}
+
+/* Caller holds store->lock */
+static NSSCertificate *
+nssCertStore_FindCertByIssuerAndSerialNumberLocked(
+    nssCertificateStore *store,
+    NSSDER *issuer,
+    NSSDER *serial)
+{
+    certificate_hash_entry *entry;
+    NSSCertificate *rvCert = NULL;
+    NSSCertificate index;
+
+    index.issuer = *issuer;
+    index.serial = *serial;
+    entry = (certificate_hash_entry *)
+        nssHash_Lookup(store->issuer_and_serial, &index);
+    if (entry) {
+        rvCert = nssCertificate_AddRef(entry->cert);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssCertificateStore_FindCertificateByIssuerAndSerialNumber(
+    nssCertificateStore *store,
+    NSSDER *issuer,
+    NSSDER *serial)
+{
+    NSSCertificate *rvCert = NULL;
+
+    PZ_Lock(store->lock);
+    rvCert = nssCertStore_FindCertByIssuerAndSerialNumberLocked(
+        store, issuer, serial);
+    PZ_Unlock(store->lock);
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssCertificateStore_FindCertificateByEncodedCertificate(
+    nssCertificateStore *store,
+    NSSDER *encoding)
+{
+    PRStatus nssrv = PR_FAILURE;
+    NSSDER issuer, serial;
+    NSSCertificate *rvCert = NULL;
+    nssrv = nssPKIX509_GetIssuerAndSerialFromDER(encoding, &issuer, &serial);
+    if (nssrv != PR_SUCCESS) {
+        return NULL;
+    }
+    rvCert = nssCertificateStore_FindCertificateByIssuerAndSerialNumber(store,
+                                                                        &issuer,
+                                                                        &serial);
+    PORT_Free(issuer.data);
+    PORT_Free(serial.data);
+    return rvCert;
+}
+
+NSS_EXTERN PRStatus
+nssCertificateStore_AddTrust(
+    nssCertificateStore *store,
+    NSSTrust *trust)
+{
+    NSSCertificate *cert;
+    certificate_hash_entry *entry;
+    cert = trust->certificate;
+    PZ_Lock(store->lock);
+    entry = (certificate_hash_entry *)
+        nssHash_Lookup(store->issuer_and_serial, cert);
+    if (entry) {
+        NSSTrust *newTrust = nssTrust_AddRef(trust);
+        if (entry->trust) {
+            nssTrust_Destroy(entry->trust);
+        }
+        entry->trust = newTrust;
+    }
+    PZ_Unlock(store->lock);
+    return (entry) ? PR_SUCCESS : PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSTrust *
+nssCertificateStore_FindTrustForCertificate(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    certificate_hash_entry *entry;
+    NSSTrust *rvTrust = NULL;
+    PZ_Lock(store->lock);
+    entry = (certificate_hash_entry *)
+        nssHash_Lookup(store->issuer_and_serial, cert);
+    if (entry && entry->trust) {
+        rvTrust = nssTrust_AddRef(entry->trust);
+    }
+    PZ_Unlock(store->lock);
+    return rvTrust;
+}
+
+NSS_EXTERN PRStatus
+nssCertificateStore_AddSMIMEProfile(
+    nssCertificateStore *store,
+    nssSMIMEProfile *profile)
+{
+    NSSCertificate *cert;
+    certificate_hash_entry *entry;
+    cert = profile->certificate;
+    PZ_Lock(store->lock);
+    entry = (certificate_hash_entry *)
+        nssHash_Lookup(store->issuer_and_serial, cert);
+    if (entry) {
+        nssSMIMEProfile *newProfile = nssSMIMEProfile_AddRef(profile);
+        if (entry->profile) {
+            nssSMIMEProfile_Destroy(entry->profile);
+        }
+        entry->profile = newProfile;
+    }
+    PZ_Unlock(store->lock);
+    return (entry) ? PR_SUCCESS : PR_FAILURE;
+}
+
+NSS_IMPLEMENT nssSMIMEProfile *
+nssCertificateStore_FindSMIMEProfileForCertificate(
+    nssCertificateStore *store,
+    NSSCertificate *cert)
+{
+    certificate_hash_entry *entry;
+    nssSMIMEProfile *rvProfile = NULL;
+    PZ_Lock(store->lock);
+    entry = (certificate_hash_entry *)
+        nssHash_Lookup(store->issuer_and_serial, cert);
+    if (entry && entry->profile) {
+        rvProfile = nssSMIMEProfile_AddRef(entry->profile);
+    }
+    PZ_Unlock(store->lock);
+    return rvProfile;
+}
+
+/* XXX this is also used by cache and should be somewhere else */
+
+static PLHashNumber
+nss_certificate_hash(const void *key)
+{
+    unsigned int i;
+    PLHashNumber h;
+    NSSCertificate *c = (NSSCertificate *)key;
+    h = 0;
+    for (i = 0; i < c->issuer.size; i++)
+        h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->issuer.data)[i];
+    for (i = 0; i < c->serial.size; i++)
+        h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)c->serial.data)[i];
+    return h;
+}
+
+static int
+nss_compare_certs(const void *v1, const void *v2)
+{
+    PRStatus ignore;
+    NSSCertificate *c1 = (NSSCertificate *)v1;
+    NSSCertificate *c2 = (NSSCertificate *)v2;
+    return (int)(nssItem_Equal(&c1->issuer, &c2->issuer, &ignore) &&
+                 nssItem_Equal(&c1->serial, &c2->serial, &ignore));
+}
+
+NSS_IMPLEMENT nssHash *
+nssHash_CreateCertificate(
+    NSSArena *arenaOpt,
+    PRUint32 numBuckets)
+{
+    return nssHash_Create(arenaOpt,
+                          numBuckets,
+                          nss_certificate_hash,
+                          nss_compare_certs,
+                          PL_CompareValues);
+}
+
+NSS_IMPLEMENT void
+nssCertificateStore_DumpStoreInfo(
+    nssCertificateStore *store,
+    void (*cert_dump_iter)(const void *, void *, void *),
+    void *arg)
+{
+    PZ_Lock(store->lock);
+    nssHash_Iterate(store->issuer_and_serial, cert_dump_iter, arg);
+    PZ_Unlock(store->lock);
+}
diff --git a/nss/lib/pki/pkistore.h b/nss/lib/pki/pkistore.h
new file mode 100644
index 0000000..729f209
--- /dev/null
+++ b/nss/lib/pki/pkistore.h
@@ -0,0 +1,138 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKISTORE_H
+#define PKISTORE_H
+
+#ifndef NSSPKIT_H
+#include "nsspkit.h"
+#endif /* NSSPKIT_H */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * PKI Stores
+ *
+ * This is a set of routines for managing local stores of PKI objects.
+ * Currently, the only application is in crypto contexts, where the
+ * certificate store is used.  In the future, methods should be added
+ * here for storing local references to keys.
+ */
+
+/*
+ * nssCertificateStore
+ *
+ * Manages local store of certificate, trust, and S/MIME profile objects.
+ * Within a crypto context, mappings of cert to trust and cert to S/MIME
+ * profile are always 1-1.  Therefore, it is reasonable to store all objects
+ * in a single collection, indexed by the certificate.
+ */
+
+NSS_EXTERN nssCertificateStore *
+nssCertificateStore_Create(
+    NSSArena *arenaOpt);
+
+NSS_EXTERN PRStatus
+nssCertificateStore_Destroy(
+    nssCertificateStore *store);
+
+/* Atomic Find cert in store, or add this cert to the store.
+** Ref counts properly maintained.
+*/
+NSS_EXTERN NSSCertificate *
+nssCertificateStore_FindOrAdd(
+    nssCertificateStore *store,
+    NSSCertificate *c);
+
+NSS_EXTERN void
+nssCertificateStore_RemoveCertLOCKED(
+    nssCertificateStore *store,
+    NSSCertificate *cert);
+
+struct nssCertificateStoreTraceStr {
+    nssCertificateStore *store;
+    PZLock *lock;
+    PRBool locked;
+    PRBool unlocked;
+};
+
+typedef struct nssCertificateStoreTraceStr nssCertificateStoreTrace;
+
+NSS_EXTERN void
+nssCertificateStore_Lock(
+    nssCertificateStore *store, nssCertificateStoreTrace *out);
+
+NSS_EXTERN void
+nssCertificateStore_Unlock(
+    nssCertificateStore *store, const nssCertificateStoreTrace *in,
+    nssCertificateStoreTrace *out);
+
+NSS_EXTERN NSSCertificate **
+nssCertificateStore_FindCertificatesBySubject(
+    nssCertificateStore *store,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSCertificate **
+nssCertificateStore_FindCertificatesByNickname(
+    nssCertificateStore *store,
+    const NSSUTF8 *nickname,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSCertificate **
+nssCertificateStore_FindCertificatesByEmail(
+    nssCertificateStore *store,
+    NSSASCII7 *email,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt);
+
+NSS_EXTERN NSSCertificate *
+nssCertificateStore_FindCertificateByIssuerAndSerialNumber(
+    nssCertificateStore *store,
+    NSSDER *issuer,
+    NSSDER *serial);
+
+NSS_EXTERN NSSCertificate *
+nssCertificateStore_FindCertificateByEncodedCertificate(
+    nssCertificateStore *store,
+    NSSDER *encoding);
+
+NSS_EXTERN PRStatus
+nssCertificateStore_AddTrust(
+    nssCertificateStore *store,
+    NSSTrust *trust);
+
+NSS_EXTERN NSSTrust *
+nssCertificateStore_FindTrustForCertificate(
+    nssCertificateStore *store,
+    NSSCertificate *cert);
+
+NSS_EXTERN PRStatus
+nssCertificateStore_AddSMIMEProfile(
+    nssCertificateStore *store,
+    nssSMIMEProfile *profile);
+
+NSS_EXTERN nssSMIMEProfile *
+nssCertificateStore_FindSMIMEProfileForCertificate(
+    nssCertificateStore *store,
+    NSSCertificate *cert);
+
+NSS_EXTERN void
+nssCertificateStore_DumpStoreInfo(
+    nssCertificateStore *store,
+    void (*cert_dump_iter)(const void *, void *, void *),
+    void *arg);
+
+PR_END_EXTERN_C
+
+#endif /* PKISTORE_H */
diff --git a/nss/lib/pki/pkit.h b/nss/lib/pki/pkit.h
new file mode 100644
index 0000000..5d17a45
--- /dev/null
+++ b/nss/lib/pki/pkit.h
@@ -0,0 +1,183 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIT_H
+#define PKIT_H
+
+/*
+ * pkit.h
+ *
+ * This file contains definitions for the types of the top-level PKI objects.
+ */
+
+#ifndef NSSBASET_H
+#include "nssbaset.h"
+#endif /* NSSBASET_H */
+
+#ifndef BASET_H
+#include "baset.h"
+#endif /* BASET_H */
+
+#include "certt.h"
+#include "pkcs11t.h"
+
+#ifndef NSSPKIT_H
+#include "nsspkit.h"
+#endif /* NSSPKIT_H */
+
+#ifndef NSSDEVT_H
+#include "nssdevt.h"
+#endif /* NSSDEVT_H */
+
+#ifndef DEVT_H
+#include "devt.h"
+#endif /* DEVT_H */
+
+#ifndef nssrwlkt_h__
+#include "nssrwlkt.h"
+#endif /* nssrwlkt_h__ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * A note on ephemeral certs
+ *
+ * The key objects defined here can only be created on tokens, and can only
+ * exist on tokens.  Therefore, any instance of a key object must have
+ * a corresponding cryptoki instance.  OTOH, certificates created in
+ * crypto contexts need not be stored as session objects on the token.
+ * There are good performance reasons for not doing so.  The certificate
+ * and trust objects have been defined with a cryptoContext field to
+ * allow for ephemeral certs, which may have a single instance in a crypto
+ * context along with any number (including zero) of cryptoki instances.
+ * Since contexts may not share objects, there can be only one context
+ * for each object.
+ */
+
+typedef enum {
+    nssPKILock = 1,
+    nssPKIMonitor = 2
+} nssPKILockType;
+
+/* nssPKIObject
+ *
+ * This is the base object class, common to all PKI objects defined in
+ * nsspkit.h
+ */
+struct nssPKIObjectStr {
+    /* The arena for all object memory */
+    NSSArena *arena;
+    /* Atomically incremented/decremented reference counting */
+    PRInt32 refCount;
+    /* lock protects the array of nssCryptokiInstance's of the object */
+    union {
+        PZLock *lock;
+        PZMonitor *mlock;
+    } sync;
+    nssPKILockType lockType;
+    /* XXX with LRU cache, this cannot be guaranteed up-to-date.  It cannot
+     * be compared against the update level of the trust domain, since it is
+     * also affected by import/export.  Where is this array needed?
+     */
+    nssCryptokiObject **instances;
+    PRUint32 numInstances;
+    /* The object must live in a trust domain */
+    NSSTrustDomain *trustDomain;
+    /* The object may live in a crypto context */
+    NSSCryptoContext *cryptoContext;
+    /* XXX added so temp certs can have nickname, think more ... */
+    NSSUTF8 *tempName;
+};
+
+typedef struct nssDecodedCertStr nssDecodedCert;
+
+typedef struct nssCertificateStoreStr nssCertificateStore;
+
+/* How wide is the scope of this? */
+typedef struct nssSMIMEProfileStr nssSMIMEProfile;
+
+typedef struct nssPKIObjectStr nssPKIObject;
+
+struct NSSTrustStr {
+    nssPKIObject object;
+    NSSCertificate *certificate;
+    nssTrustLevel serverAuth;
+    nssTrustLevel clientAuth;
+    nssTrustLevel emailProtection;
+    nssTrustLevel codeSigning;
+    PRBool stepUpApproved;
+};
+
+struct nssSMIMEProfileStr {
+    nssPKIObject object;
+    NSSCertificate *certificate;
+    NSSASCII7 *email;
+    NSSDER *subject;
+    NSSItem *profileTime;
+    NSSItem *profileData;
+};
+
+struct NSSCertificateStr {
+    nssPKIObject object;
+    NSSCertificateType type;
+    NSSItem id;
+    NSSBER encoding;
+    NSSDER issuer;
+    NSSDER subject;
+    NSSDER serial;
+    NSSASCII7 *email;
+    nssDecodedCert *decoding;
+};
+
+struct NSSPrivateKeyStr;
+
+struct NSSPublicKeyStr;
+
+struct NSSSymmetricKeyStr;
+
+typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
+
+struct NSSTrustDomainStr {
+    PRInt32 refCount;
+    NSSArena *arena;
+    NSSCallback *defaultCallback;
+    nssList *tokenList;
+    nssListIterator *tokens;
+    nssTDCertificateCache *cache;
+    NSSRWLock *tokensLock;
+    void *spkDigestInfo;
+    CERTStatusConfig *statusConfig;
+};
+
+struct NSSCryptoContextStr {
+    PRInt32 refCount;
+    NSSArena *arena;
+    NSSTrustDomain *td;
+    NSSToken *token;
+    nssSession *session;
+    nssCertificateStore *certStore;
+};
+
+struct NSSTimeStr {
+    PRTime prTime;
+};
+
+struct NSSCRLStr {
+    nssPKIObject object;
+    NSSDER encoding;
+    NSSUTF8 *url;
+    PRBool isKRL;
+};
+
+typedef struct NSSCRLStr NSSCRL;
+
+struct NSSPoliciesStr;
+
+struct NSSAlgorithmAndParametersStr;
+
+struct NSSPKIXCertificateStr;
+
+PR_END_EXTERN_C
+
+#endif /* PKIT_H */
diff --git a/nss/lib/pki/pkitm.h b/nss/lib/pki/pkitm.h
new file mode 100644
index 0000000..38a5fac
--- /dev/null
+++ b/nss/lib/pki/pkitm.h
@@ -0,0 +1,88 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKITM_H
+#define PKITM_H
+
+/*
+ * pkitm.h
+ *
+ * This file contains PKI-module specific types.
+ */
+
+#ifndef BASET_H
+#include "baset.h"
+#endif /* BASET_H */
+
+#ifndef PKIT_H
+#include "pkit.h"
+#endif /* PKIT_H */
+
+PR_BEGIN_EXTERN_C
+
+typedef enum nssCertIDMatchEnum {
+    nssCertIDMatch_Yes = 0,
+    nssCertIDMatch_No = 1,
+    nssCertIDMatch_Unknown = 2
+} nssCertIDMatch;
+
+/*
+ * nssDecodedCert
+ *
+ * This is an interface to allow the PKI module access to certificate
+ * information that can only be found by decoding.  The interface is
+ * generic, allowing each certificate type its own way of providing
+ * the information
+ */
+struct nssDecodedCertStr {
+    NSSCertificateType type;
+    void *data;
+    /* returns the unique identifier for the cert */
+    NSSItem *(*getIdentifier)(nssDecodedCert *dc);
+    /* returns the unique identifier for this cert's issuer */
+    void *(*getIssuerIdentifier)(nssDecodedCert *dc);
+    /* is id the identifier for this cert? */
+    nssCertIDMatch (*matchIdentifier)(nssDecodedCert *dc, void *id);
+    /* is this cert a valid CA cert? */
+    PRBool (*isValidIssuer)(nssDecodedCert *dc);
+    /* returns the cert usage */
+    NSSUsage *(*getUsage)(nssDecodedCert *dc);
+    /* is time within the validity period of the cert? */
+    PRBool (*isValidAtTime)(nssDecodedCert *dc, NSSTime *time);
+    /* is the validity period of this cert newer than cmpdc? */
+    PRBool (*isNewerThan)(nssDecodedCert *dc, nssDecodedCert *cmpdc);
+    /* does the usage for this cert match the requested usage? */
+    PRBool (*matchUsage)(nssDecodedCert *dc, const NSSUsage *usage);
+    /* is this cert trusted for the requested usage? */
+    PRBool (*isTrustedForUsage)(nssDecodedCert *dc,
+                                const NSSUsage *usage);
+    /* extract the email address */
+    NSSASCII7 *(*getEmailAddress)(nssDecodedCert *dc);
+    /* extract the DER-encoded serial number */
+    PRStatus (*getDERSerialNumber)(nssDecodedCert *dc,
+                                   NSSDER *derSerial, NSSArena *arena);
+};
+
+struct NSSUsageStr {
+    PRBool anyUsage;
+    SECCertUsage nss3usage;
+    PRBool nss3lookingForCA;
+};
+
+typedef struct nssPKIObjectCollectionStr nssPKIObjectCollection;
+
+typedef struct
+{
+    union {
+        PRStatus (*cert)(NSSCertificate *c, void *arg);
+        PRStatus (*crl)(NSSCRL *crl, void *arg);
+        PRStatus (*pvkey)(NSSPrivateKey *vk, void *arg);
+        PRStatus (*pbkey)(NSSPublicKey *bk, void *arg);
+    } func;
+    void *arg;
+} nssPKIObjectCallback;
+
+PR_END_EXTERN_C
+
+#endif /* PKITM_H */
diff --git a/nss/lib/pki/symmkey.c b/nss/lib/pki/symmkey.c
new file mode 100644
index 0000000..3103f20
--- /dev/null
+++ b/nss/lib/pki/symmkey.c
@@ -0,0 +1,238 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSPKI_H
+#include "nsspki.h"
+#endif /* NSSPKI_H */
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+
+NSS_IMPLEMENT PRStatus
+NSSSymmetricKey_Destroy(NSSSymmetricKey *mk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSSymmetricKey_DeleteStoredObject(
+    NSSSymmetricKey *mk,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRUint32
+NSSSymmetricKey_GetKeyLength(NSSSymmetricKey *mk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return -1;
+}
+
+NSS_IMPLEMENT PRUint32
+NSSSymmetricKey_GetKeyStrength(NSSSymmetricKey *mk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return -1;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSSymmetricKey_IsStillPresent(NSSSymmetricKey *mk)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSTrustDomain *
+NSSSymmetricKey_GetTrustDomain(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSSymmetricKey_GetToken(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSlot *
+NSSSymmetricKey_GetSlot(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSModule *
+NSSSymmetricKey_GetModule(
+    NSSSymmetricKey *mk,
+    PRStatus *statusOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSSymmetricKey_Encrypt(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSSymmetricKey_Decrypt(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *encryptedData,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSSymmetricKey_Sign(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSSymmetricKey_SignRecover(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSSymmetricKey_Verify(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *data,
+    NSSItem *signature,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSSymmetricKey_VerifyRecover(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *signature,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSSymmetricKey_WrapSymmetricKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSSymmetricKey *keyToWrap,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSItem *
+NSSSymmetricKey_WrapPrivateKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPrivateKey *keyToWrap,
+    NSSCallback *uhh,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSSymmetricKey_UnwrapSymmetricKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSOID *target,
+    PRUint32 keySizeOpt,
+    NSSOperations operations,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSPrivateKey *
+NSSSymmetricKey_UnwrapPrivateKey(
+    NSSSymmetricKey *wrappingKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSItem *wrappedKey,
+    NSSUTF8 *labelOpt,
+    NSSItem *keyIDOpt,
+    PRBool persistant,
+    PRBool sensitive,
+    NSSToken *destinationOpt,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSSymmetricKey_DeriveSymmetricKey(
+    NSSSymmetricKey *originalKey,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSOID *target,
+    PRUint32 keySizeOpt,
+    NSSOperations operations,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSSymmetricKey_CreateCryptoContext(
+    NSSSymmetricKey *mk,
+    NSSAlgorithmAndParameters *apOpt,
+    NSSCallback *uhh)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
diff --git a/nss/lib/pki/tdcache.c b/nss/lib/pki/tdcache.c
new file mode 100644
index 0000000..385b8e4
--- /dev/null
+++ b/nss/lib/pki/tdcache.c
@@ -0,0 +1,1106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+#ifndef PKIT_H
+#include "pkit.h"
+#endif /* PKIT_H */
+
+#ifndef NSSPKI_H
+#include "nsspki.h"
+#endif /* NSSPKI_H */
+
+#ifndef PKI_H
+#include "pki.h"
+#endif /* PKI_H */
+
+#ifndef NSSBASE_H
+#include "nssbase.h"
+#endif /* NSSBASE_H */
+
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+
+#include "cert.h"
+#include "dev.h"
+#include "pki3hack.h"
+
+#ifdef DEBUG_CACHE
+static PRLogModuleInfo *s_log = NULL;
+#endif
+
+#ifdef DEBUG_CACHE
+static void
+log_item_dump(const char *msg, NSSItem *it)
+{
+    char buf[33];
+    int i, j;
+    for (i = 0; i < 10 && i < it->size; i++) {
+        sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[i]);
+    }
+    if (it->size > 10) {
+        sprintf(&buf[2 * i], "..");
+        i += 1;
+        for (j = it->size - 1; i <= 16 && j > 10; i++, j--) {
+            sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[j]);
+        }
+    }
+    PR_LOG(s_log, PR_LOG_DEBUG, ("%s: %s", msg, buf));
+}
+#endif
+
+#ifdef DEBUG_CACHE
+static void
+log_cert_ref(const char *msg, NSSCertificate *c)
+{
+    PR_LOG(s_log, PR_LOG_DEBUG, ("%s: %s", msg,
+                                 (c->nickname) ? c->nickname : c->email));
+    log_item_dump("\tserial", &c->serial);
+    log_item_dump("\tsubject", &c->subject);
+}
+#endif
+
+/* Certificate cache routines */
+
+/* XXX
+ * Locking is not handled well at all.  A single, global lock with sub-locks
+ * in the collection types.  Cleanup needed.
+ */
+
+/* should it live in its own arena? */
+struct nssTDCertificateCacheStr {
+    PZLock *lock;
+    NSSArena *arena;
+    nssHash *issuerAndSN;
+    nssHash *subject;
+    nssHash *nickname;
+    nssHash *email;
+};
+
+struct cache_entry_str {
+    union {
+        NSSCertificate *cert;
+        nssList *list;
+        void *value;
+    } entry;
+    PRUint32 hits;
+    PRTime lastHit;
+    NSSArena *arena;
+    NSSUTF8 *nickname;
+};
+
+typedef struct cache_entry_str cache_entry;
+
+static cache_entry *
+new_cache_entry(NSSArena *arena, void *value, PRBool ownArena)
+{
+    cache_entry *ce = nss_ZNEW(arena, cache_entry);
+    if (ce) {
+        ce->entry.value = value;
+        ce->hits = 1;
+        ce->lastHit = PR_Now();
+        if (ownArena) {
+            ce->arena = arena;
+        }
+        ce->nickname = NULL;
+    }
+    return ce;
+}
+
+/* this should not be exposed in a header, but is here to keep the above
+ * types/functions static
+ */
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_InitializeCache(
+    NSSTrustDomain *td,
+    PRUint32 cacheSize)
+{
+    NSSArena *arena;
+    nssTDCertificateCache *cache = td->cache;
+#ifdef DEBUG_CACHE
+    s_log = PR_NewLogModule("nss_cache");
+    PR_ASSERT(s_log);
+#endif
+    PR_ASSERT(!cache);
+    arena = nssArena_Create();
+    if (!arena) {
+        return PR_FAILURE;
+    }
+    cache = nss_ZNEW(arena, nssTDCertificateCache);
+    if (!cache) {
+        nssArena_Destroy(arena);
+        return PR_FAILURE;
+    }
+    cache->lock = PZ_NewLock(nssILockCache);
+    if (!cache->lock) {
+        nssArena_Destroy(arena);
+        return PR_FAILURE;
+    }
+    /* Create the issuer and serial DER --> certificate hash */
+    cache->issuerAndSN = nssHash_CreateCertificate(arena, cacheSize);
+    if (!cache->issuerAndSN) {
+        goto loser;
+    }
+    /* Create the subject DER --> subject list hash */
+    cache->subject = nssHash_CreateItem(arena, cacheSize);
+    if (!cache->subject) {
+        goto loser;
+    }
+    /* Create the nickname --> subject list hash */
+    cache->nickname = nssHash_CreateString(arena, cacheSize);
+    if (!cache->nickname) {
+        goto loser;
+    }
+    /* Create the email --> list of subject lists hash */
+    cache->email = nssHash_CreateString(arena, cacheSize);
+    if (!cache->email) {
+        goto loser;
+    }
+    cache->arena = arena;
+    td->cache = cache;
+#ifdef DEBUG_CACHE
+    PR_LOG(s_log, PR_LOG_DEBUG, ("Cache initialized."));
+#endif
+    return PR_SUCCESS;
+loser:
+    PZ_DestroyLock(cache->lock);
+    nssArena_Destroy(arena);
+    td->cache = NULL;
+#ifdef DEBUG_CACHE
+    PR_LOG(s_log, PR_LOG_DEBUG, ("Cache initialization failed."));
+#endif
+    return PR_FAILURE;
+}
+
+/* The entries of the hashtable are currently dependent on the certificate(s)
+ * that produced them.  That is, the entries will be freed when the cert is
+ * released from the cache.  If there are certs in the cache at any time,
+ * including shutdown, the hash table entries will hold memory.  In order for
+ * clean shutdown, it is necessary for there to be no certs in the cache.
+ */
+
+extern const NSSError NSS_ERROR_INTERNAL_ERROR;
+extern const NSSError NSS_ERROR_BUSY;
+
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_DestroyCache(NSSTrustDomain *td)
+{
+    if (!td->cache) {
+        nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+        return PR_FAILURE;
+    }
+    if (nssHash_Count(td->cache->issuerAndSN) > 0) {
+        nss_SetError(NSS_ERROR_BUSY);
+        return PR_FAILURE;
+    }
+    PZ_DestroyLock(td->cache->lock);
+    nssHash_Destroy(td->cache->issuerAndSN);
+    nssHash_Destroy(td->cache->subject);
+    nssHash_Destroy(td->cache->nickname);
+    nssHash_Destroy(td->cache->email);
+    nssArena_Destroy(td->cache->arena);
+    td->cache = NULL;
+#ifdef DEBUG_CACHE
+    PR_LOG(s_log, PR_LOG_DEBUG, ("Cache destroyed."));
+#endif
+    return PR_SUCCESS;
+}
+
+static PRStatus
+remove_issuer_and_serial_entry(
+    nssTDCertificateCache *cache,
+    NSSCertificate *cert)
+{
+    /* Remove the cert from the issuer/serial hash */
+    nssHash_Remove(cache->issuerAndSN, cert);
+#ifdef DEBUG_CACHE
+    log_cert_ref("removed issuer/sn", cert);
+#endif
+    return PR_SUCCESS;
+}
+
+static PRStatus
+remove_subject_entry(
+    nssTDCertificateCache *cache,
+    NSSCertificate *cert,
+    nssList **subjectList,
+    NSSUTF8 **nickname,
+    NSSArena **arena)
+{
+    PRStatus nssrv;
+    cache_entry *ce;
+    *subjectList = NULL;
+    *arena = NULL;
+    /* Get the subject list for the cert's subject */
+    ce = (cache_entry *)nssHash_Lookup(cache->subject, &cert->subject);
+    if (ce) {
+        /* Remove the cert from the subject hash */
+        nssList_Remove(ce->entry.list, cert);
+        *subjectList = ce->entry.list;
+        *nickname = ce->nickname;
+        *arena = ce->arena;
+        nssrv = PR_SUCCESS;
+#ifdef DEBUG_CACHE
+        log_cert_ref("removed cert", cert);
+        log_item_dump("from subject list", &cert->subject);
+#endif
+    } else {
+        nssrv = PR_FAILURE;
+    }
+    return nssrv;
+}
+
+static PRStatus
+remove_nickname_entry(
+    nssTDCertificateCache *cache,
+    NSSUTF8 *nickname,
+    nssList *subjectList)
+{
+    PRStatus nssrv;
+    if (nickname) {
+        nssHash_Remove(cache->nickname, nickname);
+        nssrv = PR_SUCCESS;
+#ifdef DEBUG_CACHE
+        PR_LOG(s_log, PR_LOG_DEBUG, ("removed nickname %s", nickname));
+#endif
+    } else {
+        nssrv = PR_FAILURE;
+    }
+    return nssrv;
+}
+
+static PRStatus
+remove_email_entry(
+    nssTDCertificateCache *cache,
+    NSSCertificate *cert,
+    nssList *subjectList)
+{
+    PRStatus nssrv = PR_FAILURE;
+    cache_entry *ce;
+    /* Find the subject list in the email hash */
+    if (cert->email) {
+        ce = (cache_entry *)nssHash_Lookup(cache->email, cert->email);
+        if (ce) {
+            nssList *subjects = ce->entry.list;
+            /* Remove the subject list from the email hash */
+            if (subjects) {
+                nssList_Remove(subjects, subjectList);
+#ifdef DEBUG_CACHE
+                log_item_dump("removed subject list", &cert->subject);
+                PR_LOG(s_log, PR_LOG_DEBUG, ("for email %s", cert->email));
+#endif
+                if (nssList_Count(subjects) == 0) {
+                    /* No more subject lists for email, delete list and
+                     * remove hash entry
+                     */
+                    (void)nssList_Destroy(subjects);
+                    nssHash_Remove(cache->email, cert->email);
+                    /* there are no entries left for this address, free space
+                     * used for email entries
+                     */
+                    nssArena_Destroy(ce->arena);
+#ifdef DEBUG_CACHE
+                    PR_LOG(s_log, PR_LOG_DEBUG, ("removed email %s", cert->email));
+#endif
+                }
+            }
+            nssrv = PR_SUCCESS;
+        }
+    }
+    return nssrv;
+}
+
+NSS_IMPLEMENT void
+nssTrustDomain_RemoveCertFromCacheLOCKED(
+    NSSTrustDomain *td,
+    NSSCertificate *cert)
+{
+    nssList *subjectList;
+    cache_entry *ce;
+    NSSArena *arena;
+    NSSUTF8 *nickname = NULL;
+
+#ifdef DEBUG_CACHE
+    log_cert_ref("attempt to remove cert", cert);
+#endif
+    ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert);
+    if (!ce || ce->entry.cert != cert) {
+/* If it's not in the cache, or a different cert is (this is really
+         * for safety reasons, though it shouldn't happen), do nothing
+         */
+#ifdef DEBUG_CACHE
+        PR_LOG(s_log, PR_LOG_DEBUG, ("but it wasn't in the cache"));
+#endif
+        return;
+    }
+    (void)remove_issuer_and_serial_entry(td->cache, cert);
+    (void)remove_subject_entry(td->cache, cert, &subjectList,
+                               &nickname, &arena);
+    if (nssList_Count(subjectList) == 0) {
+        (void)remove_nickname_entry(td->cache, nickname, subjectList);
+        (void)remove_email_entry(td->cache, cert, subjectList);
+        (void)nssList_Destroy(subjectList);
+        nssHash_Remove(td->cache->subject, &cert->subject);
+        /* there are no entries left for this subject, free the space used
+         * for both the nickname and subject entries
+         */
+        if (arena) {
+            nssArena_Destroy(arena);
+        }
+    }
+}
+
+NSS_IMPLEMENT void
+nssTrustDomain_LockCertCache(NSSTrustDomain *td)
+{
+    PZ_Lock(td->cache->lock);
+}
+
+NSS_IMPLEMENT void
+nssTrustDomain_UnlockCertCache(NSSTrustDomain *td)
+{
+    PZ_Unlock(td->cache->lock);
+}
+
+struct token_cert_dtor {
+    NSSToken *token;
+    nssTDCertificateCache *cache;
+    NSSCertificate **certs;
+    PRUint32 numCerts, arrSize;
+};
+
+static void
+remove_token_certs(const void *k, void *v, void *a)
+{
+    NSSCertificate *c = (NSSCertificate *)k;
+    nssPKIObject *object = &c->object;
+    struct token_cert_dtor *dtor = a;
+    PRUint32 i;
+    nssPKIObject_AddRef(object);
+    nssPKIObject_Lock(object);
+    for (i = 0; i < object->numInstances; i++) {
+        if (object->instances[i]->token == dtor->token) {
+            nssCryptokiObject_Destroy(object->instances[i]);
+            object->instances[i] = object->instances[object->numInstances - 1];
+            object->instances[object->numInstances - 1] = NULL;
+            object->numInstances--;
+            dtor->certs[dtor->numCerts++] = c;
+            if (dtor->numCerts == dtor->arrSize) {
+                dtor->arrSize *= 2;
+                dtor->certs = nss_ZREALLOCARRAY(dtor->certs,
+                                                NSSCertificate *,
+                                                dtor->arrSize);
+            }
+            break;
+        }
+    }
+    nssPKIObject_Unlock(object);
+    nssPKIObject_Destroy(object);
+    return;
+}
+
+/*
+ * Remove all certs for the given token from the cache.  This is
+ * needed if the token is removed.
+ */
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_RemoveTokenCertsFromCache(
+    NSSTrustDomain *td,
+    NSSToken *token)
+{
+    NSSCertificate **certs;
+    PRUint32 i, arrSize = 10;
+    struct token_cert_dtor dtor;
+    certs = nss_ZNEWARRAY(NULL, NSSCertificate *, arrSize);
+    if (!certs) {
+        return PR_FAILURE;
+    }
+    dtor.cache = td->cache;
+    dtor.token = token;
+    dtor.certs = certs;
+    dtor.numCerts = 0;
+    dtor.arrSize = arrSize;
+    PZ_Lock(td->cache->lock);
+    nssHash_Iterate(td->cache->issuerAndSN, remove_token_certs, &dtor);
+    for (i = 0; i < dtor.numCerts; i++) {
+        if (dtor.certs[i]->object.numInstances == 0) {
+            nssTrustDomain_RemoveCertFromCacheLOCKED(td, dtor.certs[i]);
+            dtor.certs[i] = NULL; /* skip this cert in the second for loop */
+        } else {
+            /* make sure it doesn't disappear on us before we finish */
+            nssCertificate_AddRef(dtor.certs[i]);
+        }
+    }
+    PZ_Unlock(td->cache->lock);
+    for (i = 0; i < dtor.numCerts; i++) {
+        if (dtor.certs[i]) {
+            STAN_ForceCERTCertificateUpdate(dtor.certs[i]);
+            nssCertificate_Destroy(dtor.certs[i]);
+        }
+    }
+    nss_ZFreeIf(dtor.certs);
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_UpdateCachedTokenCerts(
+    NSSTrustDomain *td,
+    NSSToken *token)
+{
+    NSSCertificate **cp, **cached = NULL;
+    nssList *certList;
+    PRUint32 count;
+    certList = nssList_Create(NULL, PR_FALSE);
+    if (!certList)
+        return PR_FAILURE;
+    (void)nssTrustDomain_GetCertsFromCache(td, certList);
+    count = nssList_Count(certList);
+    if (count > 0) {
+        cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
+        if (!cached) {
+            nssList_Destroy(certList);
+            return PR_FAILURE;
+        }
+        nssList_GetArray(certList, (void **)cached, count);
+        for (cp = cached; *cp; cp++) {
+            nssCryptokiObject *instance;
+            NSSCertificate *c = *cp;
+            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+            instance = nssToken_FindCertificateByIssuerAndSerialNumber(
+                token,
+                NULL,
+                &c->issuer,
+                &c->serial,
+                tokenOnly,
+                NULL);
+            if (instance) {
+                nssPKIObject_AddInstance(&c->object, instance);
+                STAN_ForceCERTCertificateUpdate(c);
+            }
+        }
+        nssCertificateArray_Destroy(cached);
+    }
+    nssList_Destroy(certList);
+    return PR_SUCCESS;
+}
+
+static PRStatus
+add_issuer_and_serial_entry(
+    NSSArena *arena,
+    nssTDCertificateCache *cache,
+    NSSCertificate *cert)
+{
+    cache_entry *ce;
+    ce = new_cache_entry(arena, (void *)cert, PR_FALSE);
+#ifdef DEBUG_CACHE
+    log_cert_ref("added to issuer/sn", cert);
+#endif
+    return nssHash_Add(cache->issuerAndSN, cert, (void *)ce);
+}
+
+static PRStatus
+add_subject_entry(
+    NSSArena *arena,
+    nssTDCertificateCache *cache,
+    NSSCertificate *cert,
+    NSSUTF8 *nickname,
+    nssList **subjectList)
+{
+    PRStatus nssrv;
+    nssList *list;
+    cache_entry *ce;
+    *subjectList = NULL; /* this is only set if a new one is created */
+    ce = (cache_entry *)nssHash_Lookup(cache->subject, &cert->subject);
+    if (ce) {
+        ce->hits++;
+        ce->lastHit = PR_Now();
+        /* The subject is already in, add this cert to the list */
+        nssrv = nssList_AddUnique(ce->entry.list, cert);
+#ifdef DEBUG_CACHE
+        log_cert_ref("added to existing subject list", cert);
+#endif
+    } else {
+        NSSDER *subject;
+        /* Create a new subject list for the subject */
+        list = nssList_Create(arena, PR_FALSE);
+        if (!list) {
+            return PR_FAILURE;
+        }
+        ce = new_cache_entry(arena, (void *)list, PR_TRUE);
+        if (!ce) {
+            return PR_FAILURE;
+        }
+        if (nickname) {
+            ce->nickname = nssUTF8_Duplicate(nickname, arena);
+        }
+        nssList_SetSortFunction(list, nssCertificate_SubjectListSort);
+        /* Add the cert entry to this list of subjects */
+        nssrv = nssList_AddUnique(list, cert);
+        if (nssrv != PR_SUCCESS) {
+            return nssrv;
+        }
+        /* Add the subject list to the cache */
+        subject = nssItem_Duplicate(&cert->subject, arena, NULL);
+        if (!subject) {
+            return PR_FAILURE;
+        }
+        nssrv = nssHash_Add(cache->subject, subject, ce);
+        if (nssrv != PR_SUCCESS) {
+            return nssrv;
+        }
+        *subjectList = list;
+#ifdef DEBUG_CACHE
+        log_cert_ref("created subject list", cert);
+#endif
+    }
+    return nssrv;
+}
+
+static PRStatus
+add_nickname_entry(
+    NSSArena *arena,
+    nssTDCertificateCache *cache,
+    NSSUTF8 *certNickname,
+    nssList *subjectList)
+{
+    PRStatus nssrv = PR_SUCCESS;
+    cache_entry *ce;
+    ce = (cache_entry *)nssHash_Lookup(cache->nickname, certNickname);
+    if (ce) {
+        /* This is a collision.  A nickname entry already exists for this
+         * subject, but a subject entry didn't.  This would imply there are
+         * two subjects using the same nickname, which is not allowed.
+         */
+        return PR_FAILURE;
+    } else {
+        NSSUTF8 *nickname;
+        ce = new_cache_entry(arena, subjectList, PR_FALSE);
+        if (!ce) {
+            return PR_FAILURE;
+        }
+        nickname = nssUTF8_Duplicate(certNickname, arena);
+        if (!nickname) {
+            return PR_FAILURE;
+        }
+        nssrv = nssHash_Add(cache->nickname, nickname, ce);
+#ifdef DEBUG_CACHE
+        log_cert_ref("created nickname for", cert);
+#endif
+    }
+    return nssrv;
+}
+
+static PRStatus
+add_email_entry(
+    nssTDCertificateCache *cache,
+    NSSCertificate *cert,
+    nssList *subjectList)
+{
+    PRStatus nssrv = PR_SUCCESS;
+    nssList *subjects;
+    cache_entry *ce;
+    ce = (cache_entry *)nssHash_Lookup(cache->email, cert->email);
+    if (ce) {
+        /* Already have an entry for this email address, but not subject */
+        subjects = ce->entry.list;
+        nssrv = nssList_AddUnique(subjects, subjectList);
+        ce->hits++;
+        ce->lastHit = PR_Now();
+#ifdef DEBUG_CACHE
+        log_cert_ref("added subject to email for", cert);
+#endif
+    } else {
+        NSSASCII7 *email;
+        NSSArena *arena;
+        arena = nssArena_Create();
+        if (!arena) {
+            return PR_FAILURE;
+        }
+        /* Create a new list of subject lists, add this subject */
+        subjects = nssList_Create(arena, PR_TRUE);
+        if (!subjects) {
+            nssArena_Destroy(arena);
+            return PR_FAILURE;
+        }
+        /* Add the new subject to the list */
+        nssrv = nssList_AddUnique(subjects, subjectList);
+        if (nssrv != PR_SUCCESS) {
+            nssArena_Destroy(arena);
+            return nssrv;
+        }
+        /* Add the new entry to the cache */
+        ce = new_cache_entry(arena, (void *)subjects, PR_TRUE);
+        if (!ce) {
+            nssArena_Destroy(arena);
+            return PR_FAILURE;
+        }
+        email = nssUTF8_Duplicate(cert->email, arena);
+        if (!email) {
+            nssArena_Destroy(arena);
+            return PR_FAILURE;
+        }
+        nssrv = nssHash_Add(cache->email, email, ce);
+        if (nssrv != PR_SUCCESS) {
+            nssArena_Destroy(arena);
+            return nssrv;
+        }
+#ifdef DEBUG_CACHE
+        log_cert_ref("created email for", cert);
+#endif
+    }
+    return nssrv;
+}
+
+extern const NSSError NSS_ERROR_CERTIFICATE_IN_CACHE;
+
+static void
+remove_object_instances(
+    nssPKIObject *object,
+    nssCryptokiObject **instances,
+    int numInstances)
+{
+    int i;
+
+    for (i = 0; i < numInstances; i++) {
+        nssPKIObject_RemoveInstanceForToken(object, instances[i]->token);
+    }
+}
+
+static SECStatus
+merge_object_instances(
+    nssPKIObject *to,
+    nssPKIObject *from)
+{
+    nssCryptokiObject **instances, **ci;
+    int i;
+    SECStatus rv = SECSuccess;
+
+    instances = nssPKIObject_GetInstances(from);
+    if (instances == NULL) {
+        return SECFailure;
+    }
+    for (ci = instances, i = 0; *ci; ci++, i++) {
+        nssCryptokiObject *instance = nssCryptokiObject_Clone(*ci);
+        if (instance) {
+            if (nssPKIObject_AddInstance(to, instance) == PR_SUCCESS) {
+                continue;
+            }
+            nssCryptokiObject_Destroy(instance);
+        }
+        remove_object_instances(to, instances, i);
+        rv = SECFailure;
+        break;
+    }
+    nssCryptokiObjectArray_Destroy(instances);
+    return rv;
+}
+
+static NSSCertificate *
+add_cert_to_cache(
+    NSSTrustDomain *td,
+    NSSCertificate *cert)
+{
+    NSSArena *arena = NULL;
+    nssList *subjectList = NULL;
+    PRStatus nssrv;
+    PRUint32 added = 0;
+    cache_entry *ce;
+    NSSCertificate *rvCert = NULL;
+    NSSUTF8 *certNickname = nssCertificate_GetNickname(cert, NULL);
+
+    PZ_Lock(td->cache->lock);
+    /* If it exists in the issuer/serial hash, it's already in all */
+    ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert);
+    if (ce) {
+        ce->hits++;
+        ce->lastHit = PR_Now();
+        rvCert = nssCertificate_AddRef(ce->entry.cert);
+#ifdef DEBUG_CACHE
+        log_cert_ref("attempted to add cert already in cache", cert);
+#endif
+        PZ_Unlock(td->cache->lock);
+        nss_ZFreeIf(certNickname);
+        /* collision - somebody else already added the cert
+         * to the cache before this thread got around to it.
+         */
+        /* merge the instances of the cert */
+        if (merge_object_instances(&rvCert->object, &cert->object) != SECSuccess) {
+            nssCertificate_Destroy(rvCert);
+            return NULL;
+        }
+        STAN_ForceCERTCertificateUpdate(rvCert);
+        nssCertificate_Destroy(cert);
+        return rvCert;
+    }
+    /* create a new cache entry for this cert within the cert's arena*/
+    nssrv = add_issuer_and_serial_entry(cert->object.arena, td->cache, cert);
+    if (nssrv != PR_SUCCESS) {
+        goto loser;
+    }
+    added++;
+    /* create an arena for the nickname and subject entries */
+    arena = nssArena_Create();
+    if (!arena) {
+        goto loser;
+    }
+    /* create a new subject list for this cert, or add to existing */
+    nssrv = add_subject_entry(arena, td->cache, cert,
+                              certNickname, &subjectList);
+    if (nssrv != PR_SUCCESS) {
+        goto loser;
+    }
+    added++;
+    /* If a new subject entry was created, also need nickname and/or email */
+    if (subjectList != NULL) {
+#ifdef nodef
+        PRBool handle = PR_FALSE;
+#endif
+        if (certNickname) {
+            nssrv = add_nickname_entry(arena, td->cache,
+                                       certNickname, subjectList);
+            if (nssrv != PR_SUCCESS) {
+                goto loser;
+            }
+#ifdef nodef
+            handle = PR_TRUE;
+#endif
+            added++;
+        }
+        if (cert->email) {
+            nssrv = add_email_entry(td->cache, cert, subjectList);
+            if (nssrv != PR_SUCCESS) {
+                goto loser;
+            }
+#ifdef nodef
+            handle = PR_TRUE;
+#endif
+            added += 2;
+        }
+#ifdef nodef
+        /* I think either a nickname or email address must be associated
+         * with the cert.  However, certs are passed to NewTemp without
+         * either.  This worked in the old code, so it must work now.
+         */
+        if (!handle) {
+            /* Require either nickname or email handle */
+            nssrv = PR_FAILURE;
+            goto loser;
+        }
+#endif
+    } else {
+        /* A new subject entry was not created.  arena is unused. */
+        nssArena_Destroy(arena);
+    }
+    rvCert = cert;
+    PZ_Unlock(td->cache->lock);
+    nss_ZFreeIf(certNickname);
+    return rvCert;
+loser:
+    nss_ZFreeIf(certNickname);
+    certNickname = NULL;
+    /* Remove any handles that have been created */
+    subjectList = NULL;
+    if (added >= 1) {
+        (void)remove_issuer_and_serial_entry(td->cache, cert);
+    }
+    if (added >= 2) {
+        (void)remove_subject_entry(td->cache, cert, &subjectList,
+                                   &certNickname, &arena);
+    }
+    if (added == 3 || added == 5) {
+        (void)remove_nickname_entry(td->cache, certNickname, subjectList);
+    }
+    if (added >= 4) {
+        (void)remove_email_entry(td->cache, cert, subjectList);
+    }
+    if (subjectList) {
+        nssHash_Remove(td->cache->subject, &cert->subject);
+        nssList_Destroy(subjectList);
+    }
+    if (arena) {
+        nssArena_Destroy(arena);
+    }
+    PZ_Unlock(td->cache->lock);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+nssTrustDomain_AddCertsToCache(
+    NSSTrustDomain *td,
+    NSSCertificate **certs,
+    PRUint32 numCerts)
+{
+    PRUint32 i;
+    NSSCertificate *c;
+    for (i = 0; i < numCerts && certs[i]; i++) {
+        c = add_cert_to_cache(td, certs[i]);
+        if (c == NULL) {
+            return PR_FAILURE;
+        } else {
+            certs[i] = c;
+        }
+    }
+    return PR_SUCCESS;
+}
+
+static NSSCertificate **
+collect_subject_certs(
+    nssList *subjectList,
+    nssList *rvCertListOpt)
+{
+    NSSCertificate *c;
+    NSSCertificate **rvArray = NULL;
+    PRUint32 count;
+    nssCertificateList_AddReferences(subjectList);
+    if (rvCertListOpt) {
+        nssListIterator *iter = nssList_CreateIterator(subjectList);
+        if (!iter) {
+            return (NSSCertificate **)NULL;
+        }
+        for (c = (NSSCertificate *)nssListIterator_Start(iter);
+             c != (NSSCertificate *)NULL;
+             c = (NSSCertificate *)nssListIterator_Next(iter)) {
+            nssList_Add(rvCertListOpt, c);
+        }
+        nssListIterator_Finish(iter);
+        nssListIterator_Destroy(iter);
+    } else {
+        count = nssList_Count(subjectList);
+        rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
+        if (!rvArray) {
+            return (NSSCertificate **)NULL;
+        }
+        nssList_GetArray(subjectList, (void **)rvArray, count);
+    }
+    return rvArray;
+}
+
+/*
+ * Find all cached certs with this subject.
+ */
+NSS_IMPLEMENT NSSCertificate **
+nssTrustDomain_GetCertsForSubjectFromCache(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    nssList *certListOpt)
+{
+    NSSCertificate **rvArray = NULL;
+    cache_entry *ce;
+#ifdef DEBUG_CACHE
+    log_item_dump("looking for cert by subject", subject);
+#endif
+    PZ_Lock(td->cache->lock);
+    ce = (cache_entry *)nssHash_Lookup(td->cache->subject, subject);
+    if (ce) {
+        ce->hits++;
+        ce->lastHit = PR_Now();
+#ifdef DEBUG_CACHE
+        PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
+#endif
+        rvArray = collect_subject_certs(ce->entry.list, certListOpt);
+    }
+    PZ_Unlock(td->cache->lock);
+    return rvArray;
+}
+
+/*
+ * Find all cached certs with this label.
+ */
+NSS_IMPLEMENT NSSCertificate **
+nssTrustDomain_GetCertsForNicknameFromCache(
+    NSSTrustDomain *td,
+    const NSSUTF8 *nickname,
+    nssList *certListOpt)
+{
+    NSSCertificate **rvArray = NULL;
+    cache_entry *ce;
+#ifdef DEBUG_CACHE
+    PR_LOG(s_log, PR_LOG_DEBUG, ("looking for cert by nick %s", nickname));
+#endif
+    PZ_Lock(td->cache->lock);
+    ce = (cache_entry *)nssHash_Lookup(td->cache->nickname, nickname);
+    if (ce) {
+        ce->hits++;
+        ce->lastHit = PR_Now();
+#ifdef DEBUG_CACHE
+        PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
+#endif
+        rvArray = collect_subject_certs(ce->entry.list, certListOpt);
+    }
+    PZ_Unlock(td->cache->lock);
+    return rvArray;
+}
+
+/*
+ * Find all cached certs with this email address.
+ */
+NSS_IMPLEMENT NSSCertificate **
+nssTrustDomain_GetCertsForEmailAddressFromCache(
+    NSSTrustDomain *td,
+    NSSASCII7 *email,
+    nssList *certListOpt)
+{
+    NSSCertificate **rvArray = NULL;
+    cache_entry *ce;
+    nssList *collectList = NULL;
+    nssListIterator *iter = NULL;
+    nssList *subjectList;
+#ifdef DEBUG_CACHE
+    PR_LOG(s_log, PR_LOG_DEBUG, ("looking for cert by email %s", email));
+#endif
+    PZ_Lock(td->cache->lock);
+    ce = (cache_entry *)nssHash_Lookup(td->cache->email, email);
+    if (ce) {
+        ce->hits++;
+        ce->lastHit = PR_Now();
+#ifdef DEBUG_CACHE
+        PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
+#endif
+        /* loop over subject lists and get refs for certs */
+        if (certListOpt) {
+            collectList = certListOpt;
+        } else {
+            collectList = nssList_Create(NULL, PR_FALSE);
+            if (!collectList) {
+                PZ_Unlock(td->cache->lock);
+                return NULL;
+            }
+        }
+        iter = nssList_CreateIterator(ce->entry.list);
+        if (!iter) {
+            PZ_Unlock(td->cache->lock);
+            if (!certListOpt) {
+                nssList_Destroy(collectList);
+            }
+            return NULL;
+        }
+        for (subjectList = (nssList *)nssListIterator_Start(iter);
+             subjectList != (nssList *)NULL;
+             subjectList = (nssList *)nssListIterator_Next(iter)) {
+            (void)collect_subject_certs(subjectList, collectList);
+        }
+        nssListIterator_Finish(iter);
+        nssListIterator_Destroy(iter);
+    }
+    PZ_Unlock(td->cache->lock);
+    if (!certListOpt && collectList) {
+        PRUint32 count = nssList_Count(collectList);
+        rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count);
+        if (rvArray) {
+            nssList_GetArray(collectList, (void **)rvArray, count);
+        }
+        nssList_Destroy(collectList);
+    }
+    return rvArray;
+}
+
+/*
+ * Look for a specific cert in the cache
+ */
+NSS_IMPLEMENT NSSCertificate *
+nssTrustDomain_GetCertForIssuerAndSNFromCache(
+    NSSTrustDomain *td,
+    NSSDER *issuer,
+    NSSDER *serial)
+{
+    NSSCertificate certkey;
+    NSSCertificate *rvCert = NULL;
+    cache_entry *ce;
+    certkey.issuer.data = issuer->data;
+    certkey.issuer.size = issuer->size;
+    certkey.serial.data = serial->data;
+    certkey.serial.size = serial->size;
+#ifdef DEBUG_CACHE
+    log_item_dump("looking for cert by issuer/sn, issuer", issuer);
+    log_item_dump("                               serial", serial);
+#endif
+    PZ_Lock(td->cache->lock);
+    ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, &certkey);
+    if (ce) {
+        ce->hits++;
+        ce->lastHit = PR_Now();
+        rvCert = nssCertificate_AddRef(ce->entry.cert);
+#ifdef DEBUG_CACHE
+        PR_LOG(s_log, PR_LOG_DEBUG, ("... found, %d hits", ce->hits));
+#endif
+    }
+    PZ_Unlock(td->cache->lock);
+    return rvCert;
+}
+
+/*
+ * Look for a specific cert in the cache
+ */
+NSS_IMPLEMENT NSSCertificate *
+nssTrustDomain_GetCertByDERFromCache(
+    NSSTrustDomain *td,
+    NSSDER *der)
+{
+    PRStatus nssrv = PR_FAILURE;
+    NSSDER issuer, serial;
+    NSSCertificate *rvCert;
+    nssrv = nssPKIX509_GetIssuerAndSerialFromDER(der, &issuer, &serial);
+    if (nssrv != PR_SUCCESS) {
+        return NULL;
+    }
+#ifdef DEBUG_CACHE
+    log_item_dump("looking for cert by DER", der);
+#endif
+    rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
+                                                           &issuer, &serial);
+    PORT_Free(issuer.data);
+    PORT_Free(serial.data);
+    return rvCert;
+}
+
+static void
+cert_iter(const void *k, void *v, void *a)
+{
+    nssList *certList = (nssList *)a;
+    NSSCertificate *c = (NSSCertificate *)k;
+    nssList_Add(certList, nssCertificate_AddRef(c));
+}
+
+NSS_EXTERN NSSCertificate **
+nssTrustDomain_GetCertsFromCache(
+    NSSTrustDomain *td,
+    nssList *certListOpt)
+{
+    NSSCertificate **rvArray = NULL;
+    nssList *certList;
+    if (certListOpt) {
+        certList = certListOpt;
+    } else {
+        certList = nssList_Create(NULL, PR_FALSE);
+        if (!certList) {
+            return NULL;
+        }
+    }
+    PZ_Lock(td->cache->lock);
+    nssHash_Iterate(td->cache->issuerAndSN, cert_iter, (void *)certList);
+    PZ_Unlock(td->cache->lock);
+    if (!certListOpt) {
+        PRUint32 count = nssList_Count(certList);
+        rvArray = nss_ZNEWARRAY(NULL, NSSCertificate *, count);
+        nssList_GetArray(certList, (void **)rvArray, count);
+        /* array takes the references */
+        nssList_Destroy(certList);
+    }
+    return rvArray;
+}
+
+NSS_IMPLEMENT void
+nssTrustDomain_DumpCacheInfo(
+    NSSTrustDomain *td,
+    void (*cert_dump_iter)(const void *, void *, void *),
+    void *arg)
+{
+    PZ_Lock(td->cache->lock);
+    nssHash_Iterate(td->cache->issuerAndSN, cert_dump_iter, arg);
+    PZ_Unlock(td->cache->lock);
+}
diff --git a/nss/lib/pki/trustdomain.c b/nss/lib/pki/trustdomain.c
new file mode 100644
index 0000000..49f7dc5
--- /dev/null
+++ b/nss/lib/pki/trustdomain.c
@@ -0,0 +1,1192 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DEV_H
+#include "dev.h"
+#endif /* DEV_H */
+
+#ifndef PKIM_H
+#include "pkim.h"
+#endif /* PKIM_H */
+
+#include "cert.h"
+#include "pki3hack.h"
+#include "pk11pub.h"
+#include "nssrwlk.h"
+
+#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
+
+extern const NSSError NSS_ERROR_NOT_FOUND;
+
+typedef PRUint32 nssUpdateLevel;
+
+NSS_IMPLEMENT NSSTrustDomain *
+NSSTrustDomain_Create(
+    NSSUTF8 *moduleOpt,
+    NSSUTF8 *uriOpt,
+    NSSUTF8 *opaqueOpt,
+    void *reserved)
+{
+    NSSArena *arena;
+    NSSTrustDomain *rvTD;
+    arena = NSSArena_Create();
+    if (!arena) {
+        return (NSSTrustDomain *)NULL;
+    }
+    rvTD = nss_ZNEW(arena, NSSTrustDomain);
+    if (!rvTD) {
+        goto loser;
+    }
+    /* protect the token list and the token iterator */
+    rvTD->tokensLock = NSSRWLock_New(100, "tokens");
+    if (!rvTD->tokensLock) {
+        goto loser;
+    }
+    nssTrustDomain_InitializeCache(rvTD, NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE);
+    rvTD->arena = arena;
+    rvTD->refCount = 1;
+    rvTD->statusConfig = NULL;
+    return rvTD;
+loser:
+    if (rvTD && rvTD->tokensLock) {
+        NSSRWLock_Destroy(rvTD->tokensLock);
+    }
+    nssArena_Destroy(arena);
+    return (NSSTrustDomain *)NULL;
+}
+
+static void
+token_destructor(void *t)
+{
+    NSSToken *tok = (NSSToken *)t;
+    /* The token holds the first/last reference to the slot.
+     * When the token is actually destroyed (ref count == 0),
+     * the slot will also be destroyed.
+     */
+    nssToken_Destroy(tok);
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_Destroy(
+    NSSTrustDomain *td)
+{
+    PRStatus status = PR_SUCCESS;
+    if (--td->refCount == 0) {
+        /* Destroy each token in the list of tokens */
+        if (td->tokens) {
+            nssListIterator_Destroy(td->tokens);
+            td->tokens = NULL;
+        }
+        if (td->tokenList) {
+            nssList_Clear(td->tokenList, token_destructor);
+            nssList_Destroy(td->tokenList);
+            td->tokenList = NULL;
+        }
+        NSSRWLock_Destroy(td->tokensLock);
+        td->tokensLock = NULL;
+        status = nssTrustDomain_DestroyCache(td);
+        if (status == PR_FAILURE) {
+            return status;
+        }
+        if (td->statusConfig) {
+            td->statusConfig->statusDestroy(td->statusConfig);
+            td->statusConfig = NULL;
+        }
+        /* Destroy the trust domain */
+        nssArena_Destroy(td->arena);
+    }
+    return status;
+}
+
+/* XXX uses tokens until slot list is in place */
+static NSSSlot **
+nssTrustDomain_GetActiveSlots(
+    NSSTrustDomain *td,
+    nssUpdateLevel *updateLevel)
+{
+    PRUint32 count;
+    NSSSlot **slots = NULL;
+    NSSToken **tp, **tokens;
+    *updateLevel = 1;
+    if (!td->tokenList) {
+        return NULL;
+    }
+    NSSRWLock_LockRead(td->tokensLock);
+    count = nssList_Count(td->tokenList);
+    tokens = nss_ZNEWARRAY(NULL, NSSToken *, count + 1);
+    if (!tokens) {
+        NSSRWLock_UnlockRead(td->tokensLock);
+        return NULL;
+    }
+    slots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
+    if (!slots) {
+        NSSRWLock_UnlockRead(td->tokensLock);
+        nss_ZFreeIf(tokens);
+        return NULL;
+    }
+    nssList_GetArray(td->tokenList, (void **)tokens, count);
+    NSSRWLock_UnlockRead(td->tokensLock);
+    count = 0;
+    for (tp = tokens; *tp; tp++) {
+        NSSSlot *slot = nssToken_GetSlot(*tp);
+        if (!PK11_IsDisabled(slot->pk11slot)) {
+            slots[count++] = slot;
+        } else {
+            nssSlot_Destroy(slot);
+        }
+    }
+    nss_ZFreeIf(tokens);
+    if (!count) {
+        nss_ZFreeIf(slots);
+        slots = NULL;
+    }
+    return slots;
+}
+
+/* XXX */
+static nssSession *
+nssTrustDomain_GetSessionForToken(
+    NSSTrustDomain *td,
+    NSSToken *token)
+{
+    return nssToken_GetDefaultSession(token);
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_SetDefaultCallback(
+    NSSTrustDomain *td,
+    NSSCallback *newCallback,
+    NSSCallback **oldCallbackOpt)
+{
+    if (oldCallbackOpt) {
+        *oldCallbackOpt = td->defaultCallback;
+    }
+    td->defaultCallback = newCallback;
+    return PR_SUCCESS;
+}
+
+NSS_IMPLEMENT NSSCallback *
+nssTrustDomain_GetDefaultCallback(
+    NSSTrustDomain *td,
+    PRStatus *statusOpt)
+{
+    if (statusOpt) {
+        *statusOpt = PR_SUCCESS;
+    }
+    return td->defaultCallback;
+}
+
+NSS_IMPLEMENT NSSCallback *
+NSSTrustDomain_GetDefaultCallback(
+    NSSTrustDomain *td,
+    PRStatus *statusOpt)
+{
+    return nssTrustDomain_GetDefaultCallback(td, statusOpt);
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_LoadModule(
+    NSSTrustDomain *td,
+    NSSUTF8 *moduleOpt,
+    NSSUTF8 *uriOpt,
+    NSSUTF8 *opaqueOpt,
+    void *reserved)
+{
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_DisableToken(
+    NSSTrustDomain *td,
+    NSSToken *token,
+    NSSError why)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_EnableToken(
+    NSSTrustDomain *td,
+    NSSToken *token)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_IsTokenEnabled(
+    NSSTrustDomain *td,
+    NSSToken *token,
+    NSSError *whyOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSSlot *
+NSSTrustDomain_FindSlotByName(
+    NSSTrustDomain *td,
+    NSSUTF8 *slotName)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSTrustDomain_FindTokenByName(
+    NSSTrustDomain *td,
+    NSSUTF8 *tokenName)
+{
+    PRStatus nssrv;
+    NSSUTF8 *myName;
+    NSSToken *tok = NULL;
+    NSSRWLock_LockRead(td->tokensLock);
+    for (tok = (NSSToken *)nssListIterator_Start(td->tokens);
+         tok != (NSSToken *)NULL;
+         tok = (NSSToken *)nssListIterator_Next(td->tokens)) {
+        if (nssToken_IsPresent(tok)) {
+            myName = nssToken_GetName(tok);
+            if (nssUTF8_Equal(tokenName, myName, &nssrv))
+                break;
+        }
+    }
+    nssListIterator_Finish(td->tokens);
+    NSSRWLock_UnlockRead(td->tokensLock);
+    return tok;
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSTrustDomain_FindTokenBySlotName(
+    NSSTrustDomain *td,
+    NSSUTF8 *slotName)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSTrustDomain_FindTokenForAlgorithm(
+    NSSTrustDomain *td,
+    NSSOID *algorithm)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSToken *
+NSSTrustDomain_FindBestTokenForAlgorithms(
+    NSSTrustDomain *td,
+    NSSOID *algorithms[],   /* may be null-terminated */
+    PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
+    )
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_Login(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_Logout(NSSTrustDomain *td)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_ImportCertificate(
+    NSSTrustDomain *td,
+    NSSCertificate *c)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_ImportPKIXCertificate(
+    NSSTrustDomain *td,
+    /* declared as a struct until these "data types" are defined */
+    struct NSSPKIXCertificateStr *pc)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_ImportEncodedCertificate(
+    NSSTrustDomain *td,
+    NSSBER *ber)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_ImportEncodedCertificateChain(
+    NSSTrustDomain *td,
+    NSSBER *ber,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSPrivateKey *
+NSSTrustDomain_ImportEncodedPrivateKey(
+    NSSTrustDomain *td,
+    NSSBER *ber,
+    NSSItem *passwordOpt, /* NULL will cause a callback */
+    NSSCallback *uhhOpt,
+    NSSToken *destination)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSPublicKey *
+NSSTrustDomain_ImportEncodedPublicKey(
+    NSSTrustDomain *td,
+    NSSBER *ber)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+static NSSCertificate **
+get_certs_from_list(nssList *list)
+{
+    PRUint32 count = nssList_Count(list);
+    NSSCertificate **certs = NULL;
+    if (count > 0) {
+        certs = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
+        if (certs) {
+            nssList_GetArray(list, (void **)certs, count);
+        }
+    }
+    return certs;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+nssTrustDomain_FindCertificatesByNickname(
+    NSSTrustDomain *td,
+    const NSSUTF8 *name,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    NSSToken *token = NULL;
+    NSSSlot **slots = NULL;
+    NSSSlot **slotp;
+    NSSCertificate **rvCerts = NULL;
+    nssPKIObjectCollection *collection = NULL;
+    nssUpdateLevel updateLevel;
+    nssList *nameList;
+    PRUint32 numRemaining = maximumOpt;
+    PRUint32 collectionCount = 0;
+    PRUint32 errors = 0;
+
+    /* First, grab from the cache */
+    nameList = nssList_Create(NULL, PR_FALSE);
+    if (!nameList) {
+        return NULL;
+    }
+    (void)nssTrustDomain_GetCertsForNicknameFromCache(td, name, nameList);
+    rvCerts = get_certs_from_list(nameList);
+    /* initialize the collection of token certificates with the set of
+     * cached certs (if any).
+     */
+    collection = nssCertificateCollection_Create(td, rvCerts);
+    nssCertificateArray_Destroy(rvCerts);
+    nssList_Destroy(nameList);
+    if (!collection) {
+        return (NSSCertificate **)NULL;
+    }
+    /* obtain the current set of active slots in the trust domain */
+    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
+    if (!slots) {
+        goto loser;
+    }
+    /* iterate over the slots */
+    for (slotp = slots; *slotp; slotp++) {
+        token = nssSlot_GetToken(*slotp);
+        if (token) {
+            nssSession *session;
+            nssCryptokiObject **instances = NULL;
+            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+            PRStatus status = PR_FAILURE;
+
+            session = nssTrustDomain_GetSessionForToken(td, token);
+            if (session) {
+                instances = nssToken_FindCertificatesByNickname(token,
+                                                                session,
+                                                                name,
+                                                                tokenOnly,
+                                                                numRemaining,
+                                                                &status);
+            }
+            nssToken_Destroy(token);
+            if (status != PR_SUCCESS) {
+                errors++;
+                continue;
+            }
+            if (instances) {
+                status = nssPKIObjectCollection_AddInstances(collection,
+                                                             instances, 0);
+                nss_ZFreeIf(instances);
+                if (status != PR_SUCCESS) {
+                    errors++;
+                    continue;
+                }
+                collectionCount = nssPKIObjectCollection_Count(collection);
+                if (maximumOpt > 0) {
+                    if (collectionCount >= maximumOpt)
+                        break;
+                    numRemaining = maximumOpt - collectionCount;
+                }
+            }
+        }
+    }
+    if (!collectionCount && errors)
+        goto loser;
+    /* Grab the certs collected in the search. */
+    rvCerts = nssPKIObjectCollection_GetCertificates(collection,
+                                                     rvOpt, maximumOpt,
+                                                     arenaOpt);
+    /* clean up */
+    nssPKIObjectCollection_Destroy(collection);
+    nssSlotArray_Destroy(slots);
+    return rvCerts;
+loser:
+    if (slots) {
+        nssSlotArray_Destroy(slots);
+    }
+    if (collection) {
+        nssPKIObjectCollection_Destroy(collection);
+    }
+    return (NSSCertificate **)NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_FindCertificatesByNickname(
+    NSSTrustDomain *td,
+    NSSUTF8 *name,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    return nssTrustDomain_FindCertificatesByNickname(td,
+                                                     name,
+                                                     rvOpt,
+                                                     maximumOpt,
+                                                     arenaOpt);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssTrustDomain_FindBestCertificateByNickname(
+    NSSTrustDomain *td,
+    const NSSUTF8 *name,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    NSSCertificate **nicknameCerts;
+    NSSCertificate *rvCert = NULL;
+    nicknameCerts = nssTrustDomain_FindCertificatesByNickname(td, name,
+                                                              NULL,
+                                                              0,
+                                                              NULL);
+    if (nicknameCerts) {
+        rvCert = nssCertificateArray_FindBestCertificate(nicknameCerts,
+                                                         timeOpt,
+                                                         usage,
+                                                         policiesOpt);
+        nssCertificateArray_Destroy(nicknameCerts);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindBestCertificateByNickname(
+    NSSTrustDomain *td,
+    const NSSUTF8 *name,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    return nssTrustDomain_FindBestCertificateByNickname(td,
+                                                        name,
+                                                        timeOpt,
+                                                        usage,
+                                                        policiesOpt);
+}
+
+NSS_IMPLEMENT NSSCertificate **
+nssTrustDomain_FindCertificatesBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    NSSToken *token = NULL;
+    NSSSlot **slots = NULL;
+    NSSSlot **slotp;
+    NSSCertificate **rvCerts = NULL;
+    nssPKIObjectCollection *collection = NULL;
+    nssUpdateLevel updateLevel;
+    nssList *subjectList;
+    PRUint32 numRemaining = maximumOpt;
+    PRUint32 collectionCount = 0;
+    PRUint32 errors = 0;
+
+    /* look in cache */
+    subjectList = nssList_Create(NULL, PR_FALSE);
+    if (!subjectList) {
+        return NULL;
+    }
+    (void)nssTrustDomain_GetCertsForSubjectFromCache(td, subject, subjectList);
+    rvCerts = get_certs_from_list(subjectList);
+    collection = nssCertificateCollection_Create(td, rvCerts);
+    nssCertificateArray_Destroy(rvCerts);
+    nssList_Destroy(subjectList);
+    if (!collection) {
+        return (NSSCertificate **)NULL;
+    }
+    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
+    if (!slots) {
+        goto loser;
+    }
+    for (slotp = slots; *slotp; slotp++) {
+        token = nssSlot_GetToken(*slotp);
+        if (token) {
+            nssSession *session;
+            nssCryptokiObject **instances = NULL;
+            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+            PRStatus status = PR_FAILURE;
+
+            session = nssTrustDomain_GetSessionForToken(td, token);
+            if (session) {
+                instances = nssToken_FindCertificatesBySubject(token,
+                                                               session,
+                                                               subject,
+                                                               tokenOnly,
+                                                               numRemaining,
+                                                               &status);
+            }
+            nssToken_Destroy(token);
+            if (status != PR_SUCCESS) {
+                errors++;
+                continue;
+            }
+            if (instances) {
+                status = nssPKIObjectCollection_AddInstances(collection,
+                                                             instances, 0);
+                nss_ZFreeIf(instances);
+                if (status != PR_SUCCESS) {
+                    errors++;
+                    continue;
+                }
+                collectionCount = nssPKIObjectCollection_Count(collection);
+                if (maximumOpt > 0) {
+                    if (collectionCount >= maximumOpt)
+                        break;
+                    numRemaining = maximumOpt - collectionCount;
+                }
+            }
+        }
+    }
+    if (!collectionCount && errors)
+        goto loser;
+    rvCerts = nssPKIObjectCollection_GetCertificates(collection,
+                                                     rvOpt, maximumOpt,
+                                                     arenaOpt);
+    nssPKIObjectCollection_Destroy(collection);
+    nssSlotArray_Destroy(slots);
+    return rvCerts;
+loser:
+    if (slots) {
+        nssSlotArray_Destroy(slots);
+    }
+    if (collection) {
+        nssPKIObjectCollection_Destroy(collection);
+    }
+    return (NSSCertificate **)NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_FindCertificatesBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt,
+    NSSArena *arenaOpt)
+{
+    return nssTrustDomain_FindCertificatesBySubject(td,
+                                                    subject,
+                                                    rvOpt,
+                                                    maximumOpt,
+                                                    arenaOpt);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssTrustDomain_FindBestCertificateBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    NSSCertificate **subjectCerts;
+    NSSCertificate *rvCert = NULL;
+    subjectCerts = nssTrustDomain_FindCertificatesBySubject(td, subject,
+                                                            NULL,
+                                                            0,
+                                                            NULL);
+    if (subjectCerts) {
+        rvCert = nssCertificateArray_FindBestCertificate(subjectCerts,
+                                                         timeOpt,
+                                                         usage,
+                                                         policiesOpt);
+        nssCertificateArray_Destroy(subjectCerts);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindBestCertificateBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    return nssTrustDomain_FindBestCertificateBySubject(td,
+                                                       subject,
+                                                       timeOpt,
+                                                       usage,
+                                                       policiesOpt);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindBestCertificateByNameComponents(
+    NSSTrustDomain *td,
+    NSSUTF8 *nameComponents,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_FindCertificatesByNameComponents(
+    NSSTrustDomain *td,
+    NSSUTF8 *nameComponents,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+/* This returns at most a single certificate, so it can stop the loop
+ * when one is found.
+ */
+NSS_IMPLEMENT NSSCertificate *
+nssTrustDomain_FindCertificateByIssuerAndSerialNumber(
+    NSSTrustDomain *td,
+    NSSDER *issuer,
+    NSSDER *serial)
+{
+    NSSSlot **slots = NULL;
+    NSSSlot **slotp;
+    NSSCertificate *rvCert = NULL;
+    nssPKIObjectCollection *collection = NULL;
+    nssUpdateLevel updateLevel;
+
+    /* see if this search is already cached */
+    rvCert = nssTrustDomain_GetCertForIssuerAndSNFromCache(td,
+                                                           issuer,
+                                                           serial);
+    if (rvCert) {
+        return rvCert;
+    }
+    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
+    if (slots) {
+        for (slotp = slots; *slotp; slotp++) {
+            NSSToken *token = nssSlot_GetToken(*slotp);
+            nssSession *session;
+            nssCryptokiObject *instance;
+            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+            PRStatus status = PR_FAILURE;
+
+            if (!token)
+                continue;
+            session = nssTrustDomain_GetSessionForToken(td, token);
+            if (session) {
+                instance = nssToken_FindCertificateByIssuerAndSerialNumber(
+                    token,
+                    session,
+                    issuer,
+                    serial,
+                    tokenOnly,
+                    &status);
+            }
+            nssToken_Destroy(token);
+            if (status != PR_SUCCESS) {
+                continue;
+            }
+            if (instance) {
+                if (!collection) {
+                    collection = nssCertificateCollection_Create(td, NULL);
+                    if (!collection) {
+                        break; /* don't keep looping if out if memory */
+                    }
+                }
+                status = nssPKIObjectCollection_AddInstances(collection,
+                                                             &instance, 1);
+                if (status == PR_SUCCESS) {
+                    (void)nssPKIObjectCollection_GetCertificates(
+                        collection, &rvCert, 1, NULL);
+                }
+                if (rvCert) {
+                    break; /* found one cert, all done */
+                }
+            }
+        }
+    }
+    if (collection) {
+        nssPKIObjectCollection_Destroy(collection);
+    }
+    if (slots) {
+        nssSlotArray_Destroy(slots);
+    }
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(
+    NSSTrustDomain *td,
+    NSSDER *issuer,
+    NSSDER *serial)
+{
+    return nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
+                                                                 issuer,
+                                                                 serial);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+nssTrustDomain_FindCertificateByEncodedCertificate(
+    NSSTrustDomain *td,
+    NSSBER *ber)
+{
+    PRStatus status;
+    NSSCertificate *rvCert = NULL;
+    NSSDER issuer = { 0 };
+    NSSDER serial = { 0 };
+    /* XXX this is not generic...  will any cert crack into issuer/serial? */
+    status = nssPKIX509_GetIssuerAndSerialFromDER(ber, &issuer, &serial);
+    if (status != PR_SUCCESS) {
+        return NULL;
+    }
+    rvCert = nssTrustDomain_FindCertificateByIssuerAndSerialNumber(td,
+                                                                   &issuer,
+                                                                   &serial);
+    PORT_Free(issuer.data);
+    PORT_Free(serial.data);
+    return rvCert;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindCertificateByEncodedCertificate(
+    NSSTrustDomain *td,
+    NSSBER *ber)
+{
+    return nssTrustDomain_FindCertificateByEncodedCertificate(td, ber);
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindBestCertificateByEmail(
+    NSSTrustDomain *td,
+    NSSASCII7 *email,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    return 0;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_FindCertificatesByEmail(
+    NSSTrustDomain *td,
+    NSSASCII7 *email,
+    NSSCertificate *rvOpt[],
+    PRUint32 maximumOpt, /* 0 for no max */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindCertificateByOCSPHash(
+    NSSTrustDomain *td,
+    NSSItem *hash)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindBestUserCertificate(
+    NSSTrustDomain *td,
+    NSSTime *timeOpt,
+    NSSUsage *usage,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_FindUserCertificates(
+    NSSTrustDomain *td,
+    NSSTime *timeOpt,
+    NSSUsage *usageOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindBestUserCertificateForSSLClientAuth(
+    NSSTrustDomain *td,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_FindUserCertificatesForSSLClientAuth(
+    NSSTrustDomain *td,
+    NSSUTF8 *sslHostOpt,
+    NSSDER *rootCAsOpt[],   /* null pointer for none */
+    PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate *
+NSSTrustDomain_FindBestUserCertificateForEmailSigning(
+    NSSTrustDomain *td,
+    NSSASCII7 *signerOpt,
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCertificate **
+NSSTrustDomain_FindUserCertificatesForEmailSigning(
+    NSSTrustDomain *td,
+    NSSASCII7 *signerOpt,
+    NSSASCII7 *recipientOpt,
+    /* anything more here? */
+    NSSAlgorithmAndParameters *apOpt,
+    NSSPolicies *policiesOpt,
+    NSSCertificate **rvOpt,
+    PRUint32 rvLimit, /* zero for no limit */
+    NSSArena *arenaOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+static PRStatus
+collector(nssCryptokiObject *instance, void *arg)
+{
+    nssPKIObjectCollection *collection = (nssPKIObjectCollection *)arg;
+    return nssPKIObjectCollection_AddInstanceAsObject(collection, instance);
+}
+
+NSS_IMPLEMENT PRStatus *
+NSSTrustDomain_TraverseCertificates(
+    NSSTrustDomain *td,
+    PRStatus (*callback)(NSSCertificate *c, void *arg),
+    void *arg)
+{
+    NSSToken *token = NULL;
+    NSSSlot **slots = NULL;
+    NSSSlot **slotp;
+    nssPKIObjectCollection *collection = NULL;
+    nssPKIObjectCallback pkiCallback;
+    nssUpdateLevel updateLevel;
+    NSSCertificate **cached = NULL;
+    nssList *certList;
+
+    certList = nssList_Create(NULL, PR_FALSE);
+    if (!certList)
+        return NULL;
+    (void)nssTrustDomain_GetCertsFromCache(td, certList);
+    cached = get_certs_from_list(certList);
+    collection = nssCertificateCollection_Create(td, cached);
+    nssCertificateArray_Destroy(cached);
+    nssList_Destroy(certList);
+    if (!collection) {
+        return (PRStatus *)NULL;
+    }
+    /* obtain the current set of active slots in the trust domain */
+    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
+    if (!slots) {
+        goto loser;
+    }
+    /* iterate over the slots */
+    for (slotp = slots; *slotp; slotp++) {
+        /* get the token for the slot, if present */
+        token = nssSlot_GetToken(*slotp);
+        if (token) {
+            nssSession *session;
+            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+            /* get a session for the token */
+            session = nssTrustDomain_GetSessionForToken(td, token);
+            if (session) {
+                /* perform the traversal */
+                (void)nssToken_TraverseCertificates(token,
+                                                    session,
+                                                    tokenOnly,
+                                                    collector,
+                                                    collection);
+            }
+            nssToken_Destroy(token);
+        }
+    }
+
+    /* Traverse the collection */
+    pkiCallback.func.cert = callback;
+    pkiCallback.arg = arg;
+    (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback);
+loser:
+    if (slots) {
+        nssSlotArray_Destroy(slots);
+    }
+    if (collection) {
+        nssPKIObjectCollection_Destroy(collection);
+    }
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSTrust *
+nssTrustDomain_FindTrustForCertificate(
+    NSSTrustDomain *td,
+    NSSCertificate *c)
+{
+    NSSSlot **slots;
+    NSSSlot **slotp;
+    nssCryptokiObject *to = NULL;
+    nssPKIObject *pkio = NULL;
+    NSSTrust *rvt = NULL;
+    nssUpdateLevel updateLevel;
+    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
+    if (!slots) {
+        return (NSSTrust *)NULL;
+    }
+    for (slotp = slots; *slotp; slotp++) {
+        NSSToken *token = nssSlot_GetToken(*slotp);
+
+        if (token) {
+            to = nssToken_FindTrustForCertificate(token, NULL,
+                                                  &c->encoding,
+                                                  &c->issuer,
+                                                  &c->serial,
+                                                  nssTokenSearchType_TokenOnly);
+            if (to) {
+                PRStatus status;
+                if (!pkio) {
+                    pkio = nssPKIObject_Create(NULL, to, td, NULL, nssPKILock);
+                    status = pkio ? PR_SUCCESS : PR_FAILURE;
+                } else {
+                    status = nssPKIObject_AddInstance(pkio, to);
+                }
+                if (status != PR_SUCCESS) {
+                    nssCryptokiObject_Destroy(to);
+                }
+            }
+            nssToken_Destroy(token);
+        }
+    }
+    if (pkio) {
+        rvt = nssTrust_Create(pkio, &c->encoding);
+        if (rvt) {
+            pkio = NULL; /* rvt object now owns the pkio reference */
+        }
+    }
+    nssSlotArray_Destroy(slots);
+    if (pkio) {
+        nssPKIObject_Destroy(pkio);
+    }
+    return rvt;
+}
+
+NSS_IMPLEMENT NSSCRL **
+nssTrustDomain_FindCRLsBySubject(
+    NSSTrustDomain *td,
+    NSSDER *subject)
+{
+    NSSSlot **slots;
+    NSSSlot **slotp;
+    NSSToken *token;
+    nssUpdateLevel updateLevel;
+    nssPKIObjectCollection *collection;
+    NSSCRL **rvCRLs = NULL;
+    collection = nssCRLCollection_Create(td, NULL);
+    if (!collection) {
+        return (NSSCRL **)NULL;
+    }
+    slots = nssTrustDomain_GetActiveSlots(td, &updateLevel);
+    if (!slots) {
+        goto loser;
+    }
+    for (slotp = slots; *slotp; slotp++) {
+        token = nssSlot_GetToken(*slotp);
+        if (token) {
+            PRStatus status = PR_FAILURE;
+            nssSession *session;
+            nssCryptokiObject **instances = NULL;
+            nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+
+            /* get a session for the token */
+            session = nssTrustDomain_GetSessionForToken(td, token);
+            if (session) {
+                /* perform the traversal */
+                instances = nssToken_FindCRLsBySubject(token, session, subject,
+                                                       tokenOnly, 0, &status);
+            }
+            nssToken_Destroy(token);
+            if (status == PR_SUCCESS) {
+                /* add the found CRL's to the collection */
+                status = nssPKIObjectCollection_AddInstances(collection,
+                                                             instances, 0);
+            }
+            nss_ZFreeIf(instances);
+        }
+    }
+    rvCRLs = nssPKIObjectCollection_GetCRLs(collection, NULL, 0, NULL);
+loser:
+    nssPKIObjectCollection_Destroy(collection);
+    nssSlotArray_Destroy(slots);
+    return rvCRLs;
+}
+
+NSS_IMPLEMENT PRStatus
+NSSTrustDomain_GenerateKeyPair(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap,
+    NSSPrivateKey **pvkOpt,
+    NSSPublicKey **pbkOpt,
+    PRBool privateKeyIsSensitive,
+    NSSToken *destination,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return PR_FAILURE;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSTrustDomain_GenerateSymmetricKey(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap,
+    PRUint32 keysize,
+    NSSToken *destination,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSTrustDomain_GenerateSymmetricKeyFromPassword(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap,
+    NSSUTF8 *passwordOpt, /* if null, prompt */
+    NSSToken *destinationOpt,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSSymmetricKey *
+NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID(
+    NSSTrustDomain *td,
+    NSSOID *algorithm,
+    NSSItem *keyID,
+    NSSCallback *uhhOpt)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+nssTrustDomain_CreateCryptoContext(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt)
+{
+    return nssCryptoContext_Create(td, uhhOpt);
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSTrustDomain_CreateCryptoContext(
+    NSSTrustDomain *td,
+    NSSCallback *uhhOpt)
+{
+    return nssTrustDomain_CreateCryptoContext(td, uhhOpt);
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSTrustDomain_CreateCryptoContextForAlgorithm(
+    NSSTrustDomain *td,
+    NSSOID *algorithm)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
+
+NSS_IMPLEMENT NSSCryptoContext *
+NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters(
+    NSSTrustDomain *td,
+    NSSAlgorithmAndParameters *ap)
+{
+    nss_SetError(NSS_ERROR_NOT_FOUND);
+    return NULL;
+}
diff --git a/nss/lib/smime/Makefile b/nss/lib/smime/Makefile
new file mode 100644
index 0000000..a9cebcf
--- /dev/null
+++ b/nss/lib/smime/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
diff --git a/nss/lib/smime/cms.h b/nss/lib/smime/cms.h
new file mode 100644
index 0000000..244df48
--- /dev/null
+++ b/nss/lib/smime/cms.h
@@ -0,0 +1,1153 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Interfaces of the CMS implementation.
+ */
+
+#ifndef _CMS_H_
+#define _CMS_H_
+
+#include "seccomon.h"
+
+#include "secoidt.h"
+#include "certt.h"
+#include "keyt.h"
+#include "hasht.h"
+#include "cmst.h"
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/************************************************************************
+ * cmsdecode.c - CMS decoding
+ ************************************************************************/
+
+/*
+ * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message
+ *
+ * "poolp" - pointer to arena for message, or NULL if new pool should be created
+ * "cb", "cb_arg" - callback function and argument for delivery of inner content
+ *                  inner content will be stored in the message if cb is NULL.
+ * "pwfn", pwfn_arg" - callback function for getting token password
+ * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
+ */
+extern NSSCMSDecoderContext *
+NSS_CMSDecoder_Start(PLArenaPool *poolp,
+                     NSSCMSContentCallback cb, void *cb_arg,
+                     PK11PasswordFunc pwfn, void *pwfn_arg,
+                     NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
+
+/*
+ * NSS_CMSDecoder_Update - feed DER-encoded data to decoder
+ */
+extern SECStatus
+NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf, unsigned long len);
+
+/*
+ * NSS_CMSDecoder_Cancel - cancel a decoding process
+ */
+extern void
+NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx);
+
+/*
+ * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding
+ */
+extern NSSCMSMessage *
+NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx);
+
+/*
+ * NSS_CMSMessage_CreateFromDER - decode a CMS message from DER encoded data
+ */
+extern NSSCMSMessage *
+NSS_CMSMessage_CreateFromDER(SECItem *DERmessage,
+                             NSSCMSContentCallback cb, void *cb_arg,
+                             PK11PasswordFunc pwfn, void *pwfn_arg,
+                             NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg);
+
+/************************************************************************
+ * cmsencode.c - CMS encoding
+ ************************************************************************/
+
+/*
+ * NSS_CMSEncoder_Start - set up encoding of a CMS message
+ *
+ * "cmsg" - message to encode
+ * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
+ *                           will not be called if NULL.
+ * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
+ * "destpoolp" - pool to allocate DER-encoded output in
+ * "pwfn", pwfn_arg" - callback function for getting token password
+ * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
+ * "detached_digestalgs", "detached_digests" - digests from detached content
+ */
+extern NSSCMSEncoderContext *
+NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
+                     NSSCMSContentCallback outputfn, void *outputarg,
+                     SECItem *dest, PLArenaPool *destpoolp,
+                     PK11PasswordFunc pwfn, void *pwfn_arg,
+                     NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
+                     SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
+
+/*
+ * NSS_CMSEncoder_Update - take content data delivery from the user
+ *
+ * "p7ecx" - encoder context
+ * "data" - content data
+ * "len" - length of content data
+ */
+extern SECStatus
+NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len);
+
+/*
+ * NSS_CMSEncoder_Cancel - stop all encoding
+ */
+extern SECStatus
+NSS_CMSEncoder_Cancel(NSSCMSEncoderContext *p7ecx);
+
+/*
+ * NSS_CMSEncoder_Finish - signal the end of data
+ *
+ * we need to walk down the chain of encoders and the finish them from the innermost out
+ */
+extern SECStatus
+NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx);
+
+/************************************************************************
+ * cmsmessage.c - CMS message object
+ ************************************************************************/
+
+/*
+ * NSS_CMSMessage_Create - create a CMS message object
+ *
+ * "poolp" - arena to allocate memory from, or NULL if new arena should be created
+ */
+extern NSSCMSMessage *
+NSS_CMSMessage_Create(PLArenaPool *poolp);
+
+/*
+ * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
+ *
+ * "cmsg" - message object
+ * "pwfn", pwfn_arg" - callback function for getting token password
+ * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
+ * "detached_digestalgs", "detached_digests" - digests from detached content
+ *
+ * used internally.
+ */
+extern void
+NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
+                                 PK11PasswordFunc pwfn, void *pwfn_arg,
+                                 NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
+                                 SECAlgorithmID **detached_digestalgs, SECItem **detached_digests);
+
+/*
+ * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
+ */
+extern void
+NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_Copy - return a copy of the given message.
+ *
+ * The copy may be virtual or may be real -- either way, the result needs
+ * to be passed to NSS_CMSMessage_Destroy later (as does the original).
+ */
+extern NSSCMSMessage *
+NSS_CMSMessage_Copy(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
+ */
+extern PLArenaPool *
+NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
+ */
+extern NSSCMSContentInfo *
+NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg);
+
+/*
+ * Return a pointer to the actual content.
+ * In the case of those types which are encrypted, this returns the *plain* content.
+ * In case of nested contentInfos, this descends and retrieves the innermost content.
+ */
+extern SECItem *
+NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
+ *
+ * CMS data content objects do not count.
+ */
+extern int
+NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_ContentLevel - find content level #n
+ *
+ * CMS data content objects do not count.
+ */
+extern NSSCMSContentInfo *
+NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n);
+
+/*
+ * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
+ */
+extern PRBool
+NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
+ */
+extern PRBool
+NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
+ *
+ * If the CMS message has a SignedData with a signature (not just a SignedData)
+ * return true; false otherwise.  This can/should be called before calling
+ * VerifySignature, which will always indicate failure if no signature is
+ * present, but that does not mean there even was a signature!
+ * Note that the content itself can be empty (detached content was sent
+ * another way); it is the presence of the signature that matters.
+ */
+extern PRBool
+NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg);
+
+/*
+ * NSS_CMSMessage_IsContentEmpty - see if content is empty
+ *
+ * returns PR_TRUE is innermost content length is < minLen
+ * XXX need the encrypted content length (why?)
+ */
+extern PRBool
+NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen);
+
+/************************************************************************
+ * cmscinfo.c - CMS contentInfo methods
+ ************************************************************************/
+
+/*
+ * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
+ */
+extern void
+NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo);
+
+/*
+ * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
+ */
+extern NSSCMSContentInfo *
+NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo);
+
+/*
+ * NSS_CMSContentInfo_SetContent - set cinfo's content type & content to CMS object
+ */
+extern SECStatus
+NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECOidTag type, void *ptr);
+
+/*
+ * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo_SetType
+ *   set cinfo's content type & content to CMS object
+ */
+extern SECStatus
+NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, SECItem *data, PRBool detached);
+
+extern SECStatus
+NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSSignedData *sigd);
+
+extern SECStatus
+NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEnvelopedData *envd);
+
+extern SECStatus
+NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSDigestedData *digd);
+
+extern SECStatus
+NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, NSSCMSEncryptedData *encd);
+
+/*
+ * turn off streaming for this content type.
+ * This could fail with SEC_ERROR_NO_MEMORY in memory constrained conditions.
+ */
+extern SECStatus
+NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream);
+
+/*
+ * NSS_CMSContentInfo_GetContent - get pointer to inner content
+ *
+ * needs to be casted...
+ */
+extern void *
+NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo);
+
+/*
+ * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content
+ *
+ * this is typically only called by NSS_CMSMessage_GetContent()
+ */
+extern SECItem *
+NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo);
+
+/*
+ * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
+ * for future reference) and return the inner content type.
+ */
+extern SECOidTag
+NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo);
+
+extern SECItem *
+NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo);
+
+/*
+ * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
+ * for future reference) and return the content encryption algorithm tag.
+ */
+extern SECOidTag
+NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo);
+
+/*
+ * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
+ */
+extern SECAlgorithmID *
+NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo);
+
+extern SECStatus
+NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
+                                    SECOidTag bulkalgtag, SECItem *parameters, int keysize);
+
+extern SECStatus
+NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
+                                      SECAlgorithmID *algid, int keysize);
+
+extern void
+NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey);
+
+extern PK11SymKey *
+NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo);
+
+extern int
+NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo);
+
+/************************************************************************
+ * cmsutil.c - CMS misc utility functions
+ ************************************************************************/
+
+/*
+ * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding
+ *
+ * make sure that the order of the objects guarantees valid DER (which must be
+ * in lexigraphically ascending order for a SET OF); if reordering is necessary it
+ * will be done in place (in objs).
+ */
+extern SECStatus
+NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **objs2);
+
+/*
+ * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to
+ *  sort arrays of SECItems containing DER
+ */
+extern int
+NSS_CMSUtil_DERCompare(void *a, void *b);
+
+/*
+ * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
+ * algorithms.
+ *
+ * algorithmArray - array of algorithm IDs
+ * algid - algorithmid of algorithm to pick
+ *
+ * Returns:
+ *  An integer containing the index of the algorithm in the array or -1 if
+ *  algorithm was not found.
+ */
+extern int
+NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid);
+
+/*
+ * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
+ * algorithms.
+ *
+ * algorithmArray - array of algorithm IDs
+ * algiddata - id of algorithm to pick
+ *
+ * Returns:
+ *  An integer containing the index of the algorithm in the array or -1 if
+ *  algorithm was not found.
+ */
+extern int
+NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray, SECOidTag algtag);
+
+extern const SECHashObject *
+NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid);
+
+extern const SEC_ASN1Template *
+NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type);
+
+extern size_t
+NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type);
+
+extern NSSCMSContentInfo *
+NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type);
+
+extern const char *
+NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs);
+
+/************************************************************************
+ * cmssigdata.c - CMS signedData methods
+ ************************************************************************/
+
+extern NSSCMSSignedData *
+NSS_CMSSignedData_Create(NSSCMSMessage *cmsg);
+
+extern void
+NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a SignedData
+ *     before start of encoding.
+ *
+ * In detail:
+ *  - find out about the right value to put into sigd->version
+ *  - come up with a list of digestAlgorithms (which should be the union of the algorithms
+ *         in the signerinfos).
+ *         If we happen to have a pre-set list of algorithms (and digest values!), we
+ *         check if we have all the signerinfos' algorithms. If not, this is an error.
+ */
+extern SECStatus
+NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd);
+
+extern SECStatus
+NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedData
+ *     after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ *  - create the signatures in all the SignerInfos
+ *
+ * Please note that nothing is done to the Certificates and CRLs in the message - this
+ * is entirely the responsibility of our callers.
+ */
+extern SECStatus
+NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd);
+
+extern SECStatus
+NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a SignedData
+ *     after all the encapsulated data was passed through the decoder.
+ */
+extern SECStatus
+NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedData
+ *     after all decoding is finished.
+ */
+extern SECStatus
+NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list
+ */
+extern NSSCMSSignerInfo **
+NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd);
+
+extern int
+NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd);
+
+extern NSSCMSSignerInfo *
+NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i);
+
+/*
+ * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm list
+ */
+extern SECAlgorithmID **
+NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's contentinfo
+ */
+extern NSSCMSContentInfo *
+NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate list
+ */
+extern SECItem **
+NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd);
+
+extern SECStatus
+NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
+                              SECCertUsage certusage, PRBool keepcerts);
+
+/*
+ * NSS_CMSSignedData_HasDigests - see if we have digests in place
+ */
+extern PRBool
+NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd);
+
+/*
+ * NSS_CMSSignedData_VerifySignerInfo - check a signature.
+ *
+ * The digests were either calculated during decoding (and are stored in the
+ * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
+ *
+ * The verification checks if the signing cert is valid and has a trusted chain
+ * for the purpose specified by "certusage".
+ */
+extern SECStatus
+NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i, CERTCertDBHandle *certdb,
+                                   SECCertUsage certusage);
+
+/*
+ * NSS_CMSSignedData_VerifyCertsOnly - verify the certs in a certs-only message
+*/
+extern SECStatus
+NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd,
+                                  CERTCertDBHandle *certdb,
+                                  SECCertUsage usage);
+
+extern SECStatus
+NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certlist);
+
+/*
+ * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of certs
+ */
+extern SECStatus
+NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert);
+
+extern SECStatus
+NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
+
+extern PRBool
+NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd);
+
+extern SECStatus
+NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
+                                NSSCMSSignerInfo *signerinfo);
+
+extern SECStatus
+NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
+                             SECAlgorithmID **digestalgs,
+                             SECItem **digests);
+
+extern SECStatus
+NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
+                                 SECOidTag digestalgtag,
+                                 SECItem *digestdata);
+
+extern SECStatus
+NSS_CMSSignedData_AddDigest(PLArenaPool *poolp,
+                            NSSCMSSignedData *sigd,
+                            SECOidTag digestalgtag,
+                            SECItem *digest);
+
+extern SECItem *
+NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag);
+
+/*
+ * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData.
+ *
+ * cert          - base certificates that will be included
+ * include_chain - if true, include the complete cert chain for cert
+ *
+ * More certs and chains can be added via AddCertificate and AddCertChain.
+ *
+ * An error results in a return value of NULL and an error set.
+ */
+extern NSSCMSSignedData *
+NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain);
+
+/************************************************************************
+ * cmssiginfo.c - signerinfo methods
+ ************************************************************************/
+
+extern NSSCMSSignerInfo *
+NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag);
+extern NSSCMSSignerInfo *
+NSS_CMSSignerInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, SECItem *subjKeyID, SECKEYPublicKey *pubKey, SECKEYPrivateKey *signingKey, SECOidTag digestalgtag);
+
+/*
+ * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
+ */
+extern void
+NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si);
+
+/*
+ * NSS_CMSSignerInfo_Sign - sign something
+ *
+ */
+extern SECStatus
+NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
+
+extern SECStatus
+NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
+                                    SECCertUsage certusage);
+
+/*
+ * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
+ *
+ * Just verifies the signature. The assumption is that verification of the certificate
+ * is done already.
+ */
+extern SECStatus
+NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, SECItem *digest, SECItem *contentType);
+
+extern NSSCMSVerificationStatus
+NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo);
+
+extern SECOidData *
+NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo);
+
+extern SECOidTag
+NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo);
+
+extern int
+NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo);
+
+extern CERTCertificateList *
+NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo);
+
+/*
+ * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
+ *                                    in UTCTime format, of a CMS signerInfo.
+ *
+ * sinfo - signerInfo data for this signer
+ *
+ * Returns a pointer to XXXX (what?)
+ * A return value of NULL is an error.
+ */
+extern SECStatus
+NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime);
+
+/*
+ * Return the signing cert of a CMS signerInfo.
+ *
+ * the certs in the enclosing SignedData must have been imported already
+ */
+extern CERTCertificate *
+NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb);
+
+/*
+ * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
+ *
+ * sinfo - signerInfo data for this signer
+ *
+ * Returns a pointer to allocated memory, which must be freed with PORT_Free.
+ * A return value of NULL is an error.
+ */
+extern char *
+NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo);
+
+/*
+ * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
+ *
+ * sinfo - signerInfo data for this signer
+ *
+ * Returns a pointer to allocated memory, which must be freed.
+ * A return value of NULL is an error.
+ */
+extern char *
+NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo);
+
+/*
+ * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ */
+extern SECStatus
+NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
+
+/*
+ * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
+ * unauthenticated attributes of "signerinfo".
+ */
+extern SECStatus
+NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr);
+
+/*
+ * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ *
+ * This is expected to be included in outgoing signed
+ * messages for email (S/MIME) but is likely useful in other situations.
+ *
+ * This should only be added once; a second call will do nothing.
+ *
+ * XXX This will probably just shove the current time into "signerinfo"
+ * but it will not actually get signed until the entire item is
+ * processed for encoding.  Is this (expected to be small) delay okay?
+ */
+extern SECStatus
+NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t);
+
+/*
+ * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ *
+ * This is expected to be included in outgoing signed
+ * messages for email (S/MIME).
+ */
+extern SECStatus
+NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo);
+
+/*
+ * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ *
+ * This is expected to be included in outgoing signed messages for email (S/MIME).
+ */
+SECStatus
+NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
+
+/*
+ * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo", using the OID preferred by Microsoft.
+ *
+ * This is expected to be included in outgoing signed messages for email (S/MIME),
+ * if compatibility with Microsoft mail clients is wanted.
+ */
+SECStatus
+NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb);
+
+/*
+ * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
+ */
+extern SECStatus
+NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
+                                      SECOidTag digestalg, CERTCertificate signingcert);
+
+/*
+ * XXXX the following needs to be done in the S/MIME layer code
+ * after signature of a signerinfo is verified
+ */
+extern SECStatus
+NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo);
+
+/*
+ * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
+ */
+extern SECStatus
+NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo, NSSCMSCertChainMode cm, SECCertUsage usage);
+
+/************************************************************************
+ * cmsenvdata.c - CMS envelopedData methods
+ ************************************************************************/
+
+/*
+ * NSS_CMSEnvelopedData_Create - create an enveloped data message
+ */
+extern NSSCMSEnvelopedData *
+NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
+
+/*
+ * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message
+ */
+extern void
+NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp);
+
+/*
+ * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's contentinfo
+ */
+extern NSSCMSContentInfo *
+NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd);
+
+/*
+ * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data msg
+ *
+ * rip must be created on the same pool as edp - this is not enforced, though.
+ */
+extern SECStatus
+NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo *rip);
+
+/*
+ * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
+ *
+ * at this point, we need
+ * - recipientinfos set up with recipient's certificates
+ * - a content encryption algorithm (if none, 3DES will be used)
+ *
+ * this function will generate a random content encryption key (aka bulk key),
+ * initialize the recipientinfos with certificate identification and wrap the bulk key
+ * using the proper algorithm for every certificiate.
+ * it will finally set the bulk algorithm and key so that the encode step can find it.
+ */
+extern SECStatus
+NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd);
+
+/*
+ * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption
+ */
+extern SECStatus
+NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd);
+
+/*
+ * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encoding
+ */
+extern SECStatus
+NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd);
+
+/*
+ * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo,
+ * derive bulk key & set up our contentinfo
+ */
+extern SECStatus
+NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd);
+
+/*
+ * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData's content
+ */
+extern SECStatus
+NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd);
+
+/*
+ * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData
+ */
+extern SECStatus
+NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd);
+
+/************************************************************************
+ * cmsrecinfo.c - CMS recipientInfo methods
+ ************************************************************************/
+
+/*
+ * NSS_CMSRecipientInfo_Create - create a recipientinfo
+ *
+ * we currently do not create KeyAgreement recipientinfos with multiple recipientEncryptedKeys
+ * the certificate is supposed to have been verified by the caller
+ */
+extern NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert);
+
+extern NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg,
+                                         SECItem *subjKeyID,
+                                         SECKEYPublicKey *pubKey);
+
+extern NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg,
+                                                 CERTCertificate *cert);
+
+/*
+ * NSS_CMSRecipientInfo_CreateNew - create a blank recipientinfo for
+ * applications which want to encode their own CMS structures and
+ * key exchange types.
+ */
+extern NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateNew(void *pwfn_arg);
+
+/*
+ * NSS_CMSRecipientInfo_CreateFromDER - create a recipientinfo  from partially
+ * decoded DER data for applications which want to encode their own CMS
+ * structures and key exchange types.
+ */
+extern NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateFromDER(SECItem *input, void *pwfn_arg);
+
+extern void
+NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri);
+
+/*
+ * NSS_CMSRecipientInfo_GetCertAndKey - retrieve the cert and key from the
+ * recipientInfo struct. If retcert or retkey are NULL, the cert or
+ * key (respectively) would not be returned). This function is a no-op if both
+ * retcert and retkey are NULL. Caller inherits ownership of the cert and key
+ * he requested (and is responsible to free them).
+ */
+SECStatus NSS_CMSRecipientInfo_GetCertAndKey(NSSCMSRecipientInfo *ri,
+                                             CERTCertificate **retcert,
+                                             SECKEYPrivateKey **retkey);
+
+extern int
+NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri);
+
+extern SECItem *
+NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex);
+
+/*
+ * NSS_CMSRecipientInfo_Encode - encode an NSS_CMSRecipientInfo as ASN.1
+ */
+SECStatus NSS_CMSRecipientInfo_Encode(PLArenaPool *poolp,
+                                      const NSSCMSRecipientInfo *src,
+                                      SECItem *returned);
+
+extern SECOidTag
+NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri);
+
+extern SECStatus
+NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey,
+                                 SECOidTag bulkalgtag);
+
+extern PK11SymKey *
+NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
+                                   CERTCertificate *cert, SECKEYPrivateKey *privkey,
+                                   SECOidTag bulkalgtag);
+
+/************************************************************************
+ * cmsencdata.c - CMS encryptedData methods
+ ************************************************************************/
+/*
+ * NSS_CMSEncryptedData_Create - create an empty encryptedData object.
+ *
+ * "algorithm" specifies the bulk encryption algorithm to use.
+ * "keysize" is the key size.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+extern NSSCMSEncryptedData *
+NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize);
+
+/*
+ * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
+ */
+extern void
+NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd);
+
+/*
+ * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
+ */
+extern NSSCMSContentInfo *
+NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd);
+
+/*
+ * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
+ *     before encoding begins.
+ *
+ * In particular:
+ *  - set the correct version value.
+ *  - get the encryption key
+ */
+extern SECStatus
+NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd);
+
+/*
+ * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
+ */
+extern SECStatus
+NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd);
+
+/*
+ * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
+ */
+extern SECStatus
+NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd);
+
+/*
+ * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
+ */
+extern SECStatus
+NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd);
+
+/*
+ * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
+ */
+extern SECStatus
+NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd);
+
+/*
+ * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
+ */
+extern SECStatus
+NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd);
+
+/************************************************************************
+ * cmsdigdata.c - CMS encryptedData methods
+ ************************************************************************/
+/*
+ * NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
+ *
+ * version will be set by NSS_CMSDigestedData_Encode_BeforeStart
+ * digestAlg is passed as parameter
+ * contentInfo must be filled by the user
+ * digest will be calculated while encoding
+ */
+extern NSSCMSDigestedData *
+NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg);
+
+/*
+ * NSS_CMSDigestedData_Destroy - destroy a digestedData object
+ */
+extern void
+NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd);
+
+/*
+ * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
+ */
+extern NSSCMSContentInfo *
+NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd);
+
+/*
+ * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a DigestedData
+ *     before encoding begins.
+ *
+ * In particular:
+ *  - set the right version number. The contentInfo's content type must be set up already.
+ */
+extern SECStatus
+NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd);
+
+/*
+ * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a DigestedData
+ *     before the encapsulated data is passed through the encoder.
+ *
+ * In detail:
+ *  - set up the digests if necessary
+ */
+extern SECStatus
+NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd);
+
+/*
+ * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a DigestedData
+ *     after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ *  - finish the digests
+ */
+extern SECStatus
+NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd);
+
+/*
+ * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a DigestedData
+ *     before the encapsulated data is passed through the encoder.
+ *
+ * In detail:
+ *  - set up the digests if necessary
+ */
+extern SECStatus
+NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd);
+
+/*
+ * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a DigestedData
+ *     after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ *  - finish the digests
+ */
+extern SECStatus
+NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd);
+
+/*
+ * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData.
+ *
+ * In detail:
+ *  - check the digests for equality
+ */
+extern SECStatus
+NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd);
+
+/************************************************************************
+ * cmsdigest.c - digestion routines
+ ************************************************************************/
+
+/*
+ * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the
+ *  digest algorithms in "digestalgs" in parallel.
+ */
+extern NSSCMSDigestContext *
+NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs);
+
+/*
+ * NSS_CMSDigestContext_StartSingle - same as NSS_CMSDigestContext_StartMultiple, but
+ *  only one algorithm.
+ */
+extern NSSCMSDigestContext *
+NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg);
+
+/*
+ * NSS_CMSDigestContext_Update - feed more data into the digest machine
+ */
+extern void
+NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx, const unsigned char *data, int len);
+
+/*
+ * NSS_CMSDigestContext_Cancel - cancel digesting operation
+ */
+extern void
+NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx);
+
+/*
+ * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them
+ *  into an array of SECItems (allocated on poolp)
+ */
+extern SECStatus
+NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
+                                    SECItem ***digestsp);
+
+/*
+ * NSS_CMSDigestContext_FinishSingle - same as NSS_CMSDigestContext_FinishMultiple,
+ *  but for one digest.
+ */
+extern SECStatus
+NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx, PLArenaPool *poolp,
+                                  SECItem *digest);
+
+/************************************************************************
+ *
+ ************************************************************************/
+
+/* shortcuts for basic use */
+
+/*
+ * NSS_CMSDEREncode - DER Encode a CMS message, with input being
+ *                    the plaintext message and derOut being the output,
+ *                    stored in arena's pool.
+ */
+extern SECStatus
+NSS_CMSDEREncode(NSSCMSMessage *cmsg, SECItem *input, SECItem *derOut,
+                 PLArenaPool *arena);
+
+/************************************************************************
+ *
+ ************************************************************************/
+
+/*
+ *  define new S/MIME content type entries
+ *
+ *  S/MIME uses the builtin PKCS7 oid types for encoding and decoding the
+ *  various S/MIME content. Some applications have their own content type
+ *  which is different from the standard content type defined by S/MIME.
+ *
+ *  This function allows you to register new content types. There are basically
+ *  Two different types of content, Wrappping content, and Data.
+ *
+ *  For data types, All the functions below can be zero or NULL excext
+ *  type and is isData, which should be your oid tag and PR_FALSE respectively
+ *
+ *  For wrapping types, everything must be provided, or you will get encoder
+ *  failures.
+ *
+ *  If NSS doesn't already define the OID that you need, you can register
+ *  your own with SECOID_AddEntry.
+ *
+ *  Once you have defined your new content type, you can pass your new content
+ *  type to NSS_CMSContentInfo_SetContent().
+ *
+ *  If you are using a wrapping type you can pass your own data structure in
+ *  the ptr field, but it must contain and embedded NSSCMSGenericWrappingData
+ *  structure as the first element. The size you pass to
+ *  NSS_CMSType_RegisterContentType is the total size of your self defined
+ *  data structure. NSS_CMSContentInfo_GetContent will return that data
+ *  structure from the content info. Your ASN1Template will be evaluated
+ *  against that data structure.
+ */
+SECStatus NSS_CMSType_RegisterContentType(SECOidTag type,
+                                          SEC_ASN1Template *asn1Template, size_t size,
+                                          NSSCMSGenericWrapperDataDestroy destroy,
+                                          NSSCMSGenericWrapperDataCallback decode_before,
+                                          NSSCMSGenericWrapperDataCallback decode_after,
+                                          NSSCMSGenericWrapperDataCallback decode_end,
+                                          NSSCMSGenericWrapperDataCallback encode_start,
+                                          NSSCMSGenericWrapperDataCallback encode_before,
+                                          NSSCMSGenericWrapperDataCallback encode_after,
+                                          PRBool isData);
+
+/************************************************************************/
+SEC_END_PROTOS
+
+#endif /* _CMS_H_ */
diff --git a/nss/lib/smime/cmsarray.c b/nss/lib/smime/cmsarray.c
new file mode 100644
index 0000000..6665d12
--- /dev/null
+++ b/nss/lib/smime/cmsarray.c
@@ -0,0 +1,186 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS array functions.
+ */
+
+#include "cmslocal.h"
+
+#include "secerr.h"
+
+/*
+ * ARRAY FUNCTIONS
+ *
+ * In NSS, arrays are rather primitive arrays of pointers.
+ * Makes it easy to walk the array, but hard to count elements
+ * and manage the storage.
+ *
+ * This is a feeble attempt to encapsulate the functionality
+ * and get rid of hundreds of lines of similar code
+ */
+
+/*
+ * NSS_CMSArray_Alloc - allocate an array in an arena
+ *
+ * This allocates space for the array of pointers
+ */
+void **
+NSS_CMSArray_Alloc(PLArenaPool *poolp, int n)
+{
+    return (void **)PORT_ArenaZAlloc(poolp, n * sizeof(void *));
+}
+
+/*
+ * NSS_CMSArray_Add - add an element to the end of an array
+ *
+ * The array of pointers is either created (if array was empty before) or grown.
+ */
+SECStatus
+NSS_CMSArray_Add(PLArenaPool *poolp, void ***array, void *obj)
+{
+    void **p;
+    int n;
+    void **dest;
+
+    PORT_Assert(array != NULL);
+    if (array == NULL)
+        return SECFailure;
+
+    if (*array == NULL) {
+        dest = (void **)PORT_ArenaAlloc(poolp, 2 * sizeof(void *));
+        n = 0;
+    } else {
+        n = 0;
+        p = *array;
+        while (*p++)
+            n++;
+        dest = (void **)PORT_ArenaGrow(poolp,
+                                       *array,
+                                       (n + 1) * sizeof(void *),
+                                       (n + 2) * sizeof(void *));
+    }
+
+    if (dest == NULL)
+        return SECFailure;
+
+    dest[n] = obj;
+    dest[n + 1] = NULL;
+    *array = dest;
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSArray_IsEmpty - check if array is empty
+ */
+PRBool
+NSS_CMSArray_IsEmpty(void **array)
+{
+    return (array == NULL || array[0] == NULL);
+}
+
+/*
+ * NSS_CMSArray_Count - count number of elements in array
+ */
+int
+NSS_CMSArray_Count(void **array)
+{
+    int n = 0;
+
+    if (array == NULL)
+        return 0;
+
+    while (*array++ != NULL)
+        n++;
+
+    return n;
+}
+
+/*
+ * NSS_CMSArray_Sort - sort an array in place
+ *
+ * If "secondary" or "tertiary are not NULL, it must be arrays with the same
+ *  number of elements as "primary". The same reordering will get applied to it.
+ *
+ * "compare" is a function that returns
+ *  < 0 when the first element is less than the second
+ *  = 0 when the first element is equal to the second
+ *  > 0 when the first element is greater than the second
+ * to acheive ascending ordering.
+ */
+void
+NSS_CMSArray_Sort(void **primary, int (*compare)(void *, void *), void **secondary, void **tertiary)
+{
+    int n, i, limit, lastxchg;
+    void *tmp;
+
+    n = NSS_CMSArray_Count(primary);
+
+    PORT_Assert(secondary == NULL || NSS_CMSArray_Count(secondary) == n);
+    PORT_Assert(tertiary == NULL || NSS_CMSArray_Count(tertiary) == n);
+
+    if (n <= 1) /* ordering is fine */
+        return;
+
+    /* yes, ladies and gentlemen, it's BUBBLE SORT TIME! */
+    limit = n - 1;
+    while (1) {
+        lastxchg = 0;
+        for (i = 0; i < limit; i++) {
+            if ((*compare)(primary[i], primary[i + 1]) > 0) {
+                /* exchange the neighbours */
+                tmp = primary[i + 1];
+                primary[i + 1] = primary[i];
+                primary[i] = tmp;
+                if (secondary) {            /* secondary array? */
+                    tmp = secondary[i + 1]; /* exchange there as well */
+                    secondary[i + 1] = secondary[i];
+                    secondary[i] = tmp;
+                }
+                if (tertiary) {            /* tertiary array? */
+                    tmp = tertiary[i + 1]; /* exchange there as well */
+                    tertiary[i + 1] = tertiary[i];
+                    tertiary[i] = tmp;
+                }
+                lastxchg = i + 1; /* index of the last element bubbled up */
+            }
+        }
+        if (lastxchg == 0) /* no exchanges, so array is sorted */
+            break;         /* we're done */
+        limit = lastxchg;  /* array is sorted up to [limit] */
+    }
+}
+
+#if 0
+
+/* array iterator stuff... not used */
+
+typedef void **NSSCMSArrayIterator;
+
+/* iterator */
+NSSCMSArrayIterator
+NSS_CMSArray_First(void **array)
+{
+    if (array == NULL || array[0] == NULL)
+    return NULL;
+    return (NSSCMSArrayIterator)&(array[0]);
+}
+
+void *
+NSS_CMSArray_Obj(NSSCMSArrayIterator iter)
+{
+    void **p = (void **)iter;
+
+    return *iter;   /* which is NULL if we are at the end of the array */
+}
+
+NSSCMSArrayIterator
+NSS_CMSArray_Next(NSSCMSArrayIterator iter)
+{
+    void **p = (void **)iter;
+
+    return (NSSCMSArrayIterator)(p + 1);
+}
+
+#endif
diff --git a/nss/lib/smime/cmsasn1.c b/nss/lib/smime/cmsasn1.c
new file mode 100644
index 0000000..15cf08f
--- /dev/null
+++ b/nss/lib/smime/cmsasn1.c
@@ -0,0 +1,491 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS ASN.1 templates
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "prtime.h"
+#include "secerr.h"
+
+extern const SEC_ASN1Template nss_cms_set_of_attribute_template[];
+
+SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
+SEC_ASN1_MKSUB(CERT_SetOfSignedCrlTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+SEC_ASN1_MKSUB(SEC_BitStringTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+SEC_ASN1_MKSUB(SEC_PointerToOctetStringTemplate)
+SEC_ASN1_MKSUB(SEC_SetOfAnyTemplate)
+
+/* -----------------------------------------------------------------------------
+ * MESSAGE
+ * (uses NSSCMSContentInfo)
+ */
+
+/* forward declaration */
+static const SEC_ASN1Template *
+nss_cms_choose_content_template(void *src_or_dest, PRBool encoding);
+
+static const SEC_ASN1TemplateChooserPtr nss_cms_chooser = nss_cms_choose_content_template;
+
+const SEC_ASN1Template NSSCMSMessageTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(NSSCMSMessage) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(NSSCMSMessage, contentInfo.contentType) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(NSSCMSMessage, contentInfo.content),
+      &nss_cms_chooser },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ * ENCAPSULATED & ENCRYPTED CONTENTINFO
+ * (both use a NSSCMSContentInfo)
+ */
+static const SEC_ASN1Template NSSCMSEncapsulatedContentInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(NSSCMSContentInfo) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(NSSCMSContentInfo, contentType) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_EXPLICIT | SEC_ASN1_MAY_STREAM |
+          SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(NSSCMSContentInfo, rawContent),
+      SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSCMSEncryptedContentInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(NSSCMSContentInfo) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(NSSCMSContentInfo, contentType) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSContentInfo, contentEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(NSSCMSContentInfo, rawContent),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate) },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ * SIGNED DATA
+ */
+
+const SEC_ASN1Template NSSCMSSignerInfoTemplate[];
+
+const SEC_ASN1Template NSSCMSSignedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(NSSCMSSignedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSSignedData, version) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+      offsetof(NSSCMSSignedData, digestAlgorithms),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSSignedData, contentInfo),
+      NSSCMSEncapsulatedContentInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(NSSCMSSignedData, rawCerts),
+      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(NSSCMSSignedData, crls),
+      SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
+    { SEC_ASN1_SET_OF,
+      offsetof(NSSCMSSignedData, signerInfos),
+      NSSCMSSignerInfoTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template NSS_PointerToCMSSignedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, NSSCMSSignedDataTemplate }
+};
+
+/* -----------------------------------------------------------------------------
+ * signeridentifier
+ */
+
+static const SEC_ASN1Template NSSCMSSignerIdentifierTemplate[] = {
+    { SEC_ASN1_CHOICE,
+      offsetof(NSSCMSSignerIdentifier, identifierType), NULL,
+      sizeof(NSSCMSSignerIdentifier) },
+    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(NSSCMSSignerIdentifier, id.subjectKeyID),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate),
+      NSSCMSRecipientID_SubjectKeyID },
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(NSSCMSSignerIdentifier, id.issuerAndSN),
+      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
+      NSSCMSRecipientID_IssuerSN },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ * signerinfo
+ */
+
+const SEC_ASN1Template NSSCMSSignerInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSSignerInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSSignerInfo, version) },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSSignerInfo, signerIdentifier),
+      NSSCMSSignerIdentifierTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSSignerInfo, digestAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(NSSCMSSignerInfo, authAttr),
+      nss_cms_set_of_attribute_template },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSSignerInfo, digestEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSSignerInfo, encDigest) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(NSSCMSSignerInfo, unAuthAttr),
+      nss_cms_set_of_attribute_template },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ * ENVELOPED DATA
+ */
+
+static const SEC_ASN1Template NSSCMSOriginatorInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSOriginatorInfo) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(NSSCMSOriginatorInfo, rawCerts),
+      SEC_ASN1_SUB(SEC_SetOfAnyTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(NSSCMSOriginatorInfo, crls),
+      SEC_ASN1_SUB(CERT_SetOfSignedCrlTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
+
+const SEC_ASN1Template NSSCMSEnvelopedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(NSSCMSEnvelopedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSEnvelopedData, version) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_POINTER | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(NSSCMSEnvelopedData, originatorInfo),
+      NSSCMSOriginatorInfoTemplate },
+    { SEC_ASN1_SET_OF,
+      offsetof(NSSCMSEnvelopedData, recipientInfos),
+      NSSCMSRecipientInfoTemplate },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSEnvelopedData, contentInfo),
+      NSSCMSEncryptedContentInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(NSSCMSEnvelopedData, unprotectedAttr),
+      nss_cms_set_of_attribute_template },
+    { 0 }
+};
+
+const SEC_ASN1Template NSS_PointerToCMSEnvelopedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, NSSCMSEnvelopedDataTemplate }
+};
+
+/* here come the 15 gazillion templates for all the v3 varieties of RecipientInfo */
+
+/* -----------------------------------------------------------------------------
+ * key transport recipient info
+ */
+
+static const SEC_ASN1Template NSSCMSRecipientIdentifierTemplate[] = {
+    { SEC_ASN1_CHOICE,
+      offsetof(NSSCMSRecipientIdentifier, identifierType), NULL,
+      sizeof(NSSCMSRecipientIdentifier) },
+    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(NSSCMSRecipientIdentifier, id.subjectKeyID),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate),
+      NSSCMSRecipientID_SubjectKeyID },
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(NSSCMSRecipientIdentifier, id.issuerAndSN),
+      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
+      NSSCMSRecipientID_IssuerSN },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSCMSKeyTransRecipientInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSKeyTransRecipientInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSKeyTransRecipientInfo, version) },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSKeyTransRecipientInfo, recipientIdentifier),
+      NSSCMSRecipientIdentifierTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSKeyTransRecipientInfo, keyEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSKeyTransRecipientInfo, encKey) },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ * key agreement recipient info
+ */
+
+static const SEC_ASN1Template NSSCMSOriginatorPublicKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSOriginatorPublicKey) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSOriginatorPublicKey, algorithmIdentifier),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSOriginatorPublicKey, publicKey),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSCMSOriginatorIdentifierOrKeyTemplate[] = {
+    { SEC_ASN1_CHOICE,
+      offsetof(NSSCMSOriginatorIdentifierOrKey, identifierType), NULL,
+      sizeof(NSSCMSOriginatorIdentifierOrKey) },
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(NSSCMSOriginatorIdentifierOrKey, id.issuerAndSN),
+      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
+      NSSCMSOriginatorIDOrKey_IssuerSN },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(NSSCMSOriginatorIdentifierOrKey, id.subjectKeyID),
+      SEC_ASN1_SUB(SEC_PointerToOctetStringTemplate),
+      NSSCMSOriginatorIDOrKey_SubjectKeyID },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+      offsetof(NSSCMSOriginatorIdentifierOrKey, id.originatorPublicKey),
+      NSSCMSOriginatorPublicKeyTemplate,
+      NSSCMSOriginatorIDOrKey_OriginatorPublicKey },
+    { 0 }
+};
+
+const SEC_ASN1Template NSSCMSRecipientKeyIdentifierTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSRecipientKeyIdentifier) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSRecipientKeyIdentifier, subjectKeyIdentifier) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSRecipientKeyIdentifier, date) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSRecipientKeyIdentifier, other) },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSCMSKeyAgreeRecipientIdentifierTemplate[] = {
+    { SEC_ASN1_CHOICE,
+      offsetof(NSSCMSKeyAgreeRecipientIdentifier, identifierType), NULL,
+      sizeof(NSSCMSKeyAgreeRecipientIdentifier) },
+    { SEC_ASN1_POINTER | SEC_ASN1_XTRN,
+      offsetof(NSSCMSKeyAgreeRecipientIdentifier, id.issuerAndSN),
+      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
+      NSSCMSKeyAgreeRecipientID_IssuerSN },
+    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(NSSCMSKeyAgreeRecipientIdentifier, id.recipientKeyIdentifier),
+      NSSCMSRecipientKeyIdentifierTemplate,
+      NSSCMSKeyAgreeRecipientID_RKeyID },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSCMSRecipientEncryptedKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSRecipientEncryptedKey) },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSRecipientEncryptedKey, recipientIdentifier),
+      NSSCMSKeyAgreeRecipientIdentifierTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSRecipientEncryptedKey, encKey),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSCMSKeyAgreeRecipientInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSKeyAgreeRecipientInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSKeyAgreeRecipientInfo, version) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(NSSCMSKeyAgreeRecipientInfo, originatorIdentifierOrKey),
+      NSSCMSOriginatorIdentifierOrKeyTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
+          SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
+      offsetof(NSSCMSKeyAgreeRecipientInfo, ukm),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSKeyAgreeRecipientInfo, keyEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_SEQUENCE_OF,
+      offsetof(NSSCMSKeyAgreeRecipientInfo, recipientEncryptedKeys),
+      NSSCMSRecipientEncryptedKeyTemplate },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ * KEK recipient info
+ */
+
+static const SEC_ASN1Template NSSCMSKEKIdentifierTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSKEKIdentifier) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSKEKIdentifier, keyIdentifier) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSKEKIdentifier, date) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSKEKIdentifier, other) },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSCMSKEKRecipientInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSKEKRecipientInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSKEKRecipientInfo, version) },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSKEKRecipientInfo, kekIdentifier),
+      NSSCMSKEKIdentifierTemplate },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSKEKRecipientInfo, keyEncAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSKEKRecipientInfo, encKey) },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ * recipient info
+ */
+const SEC_ASN1Template NSSCMSRecipientInfoTemplate[] = {
+    { SEC_ASN1_CHOICE,
+      offsetof(NSSCMSRecipientInfo, recipientInfoType), NULL,
+      sizeof(NSSCMSRecipientInfo) },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(NSSCMSRecipientInfo, ri.keyAgreeRecipientInfo),
+      NSSCMSKeyAgreeRecipientInfoTemplate,
+      NSSCMSRecipientInfoID_KeyAgree },
+    { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 2,
+      offsetof(NSSCMSRecipientInfo, ri.kekRecipientInfo),
+      NSSCMSKEKRecipientInfoTemplate,
+      NSSCMSRecipientInfoID_KEK },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSRecipientInfo, ri.keyTransRecipientInfo),
+      NSSCMSKeyTransRecipientInfoTemplate,
+      NSSCMSRecipientInfoID_KeyTrans },
+    { 0 }
+};
+
+/* -----------------------------------------------------------------------------
+ *
+ */
+
+const SEC_ASN1Template NSSCMSDigestedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(NSSCMSDigestedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSDigestedData, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSCMSDigestedData, digestAlg),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSDigestedData, contentInfo),
+      NSSCMSEncapsulatedContentInfoTemplate },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSCMSDigestedData, digest) },
+    { 0 }
+};
+
+const SEC_ASN1Template NSS_PointerToCMSDigestedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, NSSCMSDigestedDataTemplate }
+};
+
+const SEC_ASN1Template NSSCMSEncryptedDataTemplate[] = {
+    { SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
+      0, NULL, sizeof(NSSCMSEncryptedData) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSCMSEncryptedData, version) },
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSEncryptedData, contentInfo),
+      NSSCMSEncryptedContentInfoTemplate },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
+      offsetof(NSSCMSEncryptedData, unprotectedAttr),
+      nss_cms_set_of_attribute_template },
+    { 0 }
+};
+
+const SEC_ASN1Template NSS_PointerToCMSEncryptedDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, NSSCMSEncryptedDataTemplate }
+};
+
+const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[] = {
+    { SEC_ASN1_INLINE,
+      offsetof(NSSCMSGenericWrapperData, contentInfo),
+      NSSCMSEncapsulatedContentInfoTemplate },
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(NSSCMSGenericWrapperDataTemplate)
+
+const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[] = {
+    { SEC_ASN1_POINTER, 0, NSSCMSGenericWrapperDataTemplate }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(NSS_PointerToCMSGenericWrapperDataTemplate)
+
+/* -----------------------------------------------------------------------------
+ *
+ */
+static const SEC_ASN1Template *
+nss_cms_choose_content_template(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    NSSCMSContentInfo *cinfo;
+    SECOidTag type;
+
+    PORT_Assert(src_or_dest != NULL);
+    if (src_or_dest == NULL)
+        return NULL;
+
+    cinfo = (NSSCMSContentInfo *)src_or_dest;
+    type = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+    switch (type) {
+        default:
+            theTemplate = NSS_CMSType_GetTemplate(type);
+            break;
+        case SEC_OID_PKCS7_DATA:
+            theTemplate = SEC_ASN1_GET(SEC_PointerToOctetStringTemplate);
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            theTemplate = NSS_PointerToCMSSignedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            theTemplate = NSS_PointerToCMSEnvelopedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            theTemplate = NSS_PointerToCMSDigestedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            theTemplate = NSS_PointerToCMSEncryptedDataTemplate;
+            break;
+    }
+    return theTemplate;
+}
diff --git a/nss/lib/smime/cmsattr.c b/nss/lib/smime/cmsattr.c
new file mode 100644
index 0000000..c1ec760
--- /dev/null
+++ b/nss/lib/smime/cmsattr.c
@@ -0,0 +1,425 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS attributes.
+ */
+
+#include "cmslocal.h"
+
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+
+/*
+ * -------------------------------------------------------------------
+ * XXX The following Attribute stuff really belongs elsewhere.
+ * The Attribute type is *not* part of CMS but rather X.501.
+ * But for now, since CMS is the only customer of attributes,
+ * we define them here.  Once there is a use outside of CMS,
+ * then change the attribute types and functions from internal
+ * to external naming convention, and move them elsewhere!
+ */
+
+/*
+ * NSS_CMSAttribute_Create - create an attribute
+ *
+ * if value is NULL, the attribute won't have a value. It can be added later
+ * with NSS_CMSAttribute_AddValue.
+ */
+NSSCMSAttribute *
+NSS_CMSAttribute_Create(PLArenaPool *poolp, SECOidTag oidtag, SECItem *value,
+                        PRBool encoded)
+{
+    NSSCMSAttribute *attr;
+    SECItem *copiedvalue;
+    void *mark;
+
+    PORT_Assert(poolp != NULL);
+
+    mark = PORT_ArenaMark(poolp);
+
+    attr = (NSSCMSAttribute *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSAttribute));
+    if (attr == NULL)
+        goto loser;
+
+    attr->typeTag = SECOID_FindOIDByTag(oidtag);
+    if (attr->typeTag == NULL)
+        goto loser;
+
+    if (SECITEM_CopyItem(poolp, &(attr->type), &(attr->typeTag->oid)) != SECSuccess)
+        goto loser;
+
+    if (value != NULL) {
+        if ((copiedvalue = SECITEM_ArenaDupItem(poolp, value)) == NULL)
+            goto loser;
+
+        if (NSS_CMSArray_Add(poolp, (void ***)&(attr->values), (void *)copiedvalue) != SECSuccess)
+            goto loser;
+    }
+
+    attr->encoded = encoded;
+
+    PORT_ArenaUnmark(poolp, mark);
+
+    return attr;
+
+loser:
+    PORT_Assert(mark != NULL);
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+/*
+ * NSS_CMSAttribute_AddValue - add another value to an attribute
+ */
+SECStatus
+NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value)
+{
+    SECItem *copiedvalue;
+    void *mark;
+
+    PORT_Assert(poolp != NULL);
+
+    mark = PORT_ArenaMark(poolp);
+
+    if (value == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+
+    if ((copiedvalue = SECITEM_ArenaDupItem(poolp, value)) == NULL)
+        goto loser;
+
+    if (NSS_CMSArray_Add(poolp, (void ***)&(attr->values), (void *)copiedvalue) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_Assert(mark != NULL);
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSAttribute_GetType - return the OID tag
+ */
+SECOidTag
+NSS_CMSAttribute_GetType(NSSCMSAttribute *attr)
+{
+    SECOidData *typetag;
+
+    typetag = SECOID_FindOID(&(attr->type));
+    if (typetag == NULL)
+        return SEC_OID_UNKNOWN;
+
+    return typetag->offset;
+}
+
+/*
+ * NSS_CMSAttribute_GetValue - return the first attribute value
+ *
+ * We do some sanity checking first:
+ * - Multiple values are *not* expected.
+ * - Empty values are *not* expected.
+ */
+SECItem *
+NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr)
+{
+    SECItem *value;
+
+    if (attr == NULL)
+        return NULL;
+
+    value = attr->values[0];
+
+    if (value == NULL || value->data == NULL || value->len == 0)
+        return NULL;
+
+    if (attr->values[1] != NULL)
+        return NULL;
+
+    return value;
+}
+
+/*
+ * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
+ */
+PRBool
+NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av)
+{
+    SECItem *value;
+
+    if (attr == NULL)
+        return PR_FALSE;
+
+    value = NSS_CMSAttribute_GetValue(attr);
+
+    return (value != NULL && value->len == av->len &&
+            PORT_Memcmp(value->data, av->data, value->len) == 0);
+}
+
+/*
+ * templates and functions for separate ASN.1 encoding of attributes
+ *
+ * used in NSS_CMSAttributeArray_Reorder
+ */
+
+/*
+ * helper function for dynamic template determination of the attribute value
+ */
+static const SEC_ASN1Template *
+cms_attr_choose_attr_value_template(void *src_or_dest, PRBool encoding)
+{
+    const SEC_ASN1Template *theTemplate;
+    NSSCMSAttribute *attribute;
+    SECOidData *oiddata;
+    PRBool encoded;
+
+    PORT_Assert(src_or_dest != NULL);
+    if (src_or_dest == NULL)
+        return NULL;
+
+    attribute = (NSSCMSAttribute *)src_or_dest;
+
+    if (encoding && (!attribute->values || !attribute->values[0] ||
+                     attribute->encoded)) {
+        /* we're encoding, and the attribute has no value or the attribute
+         * value is already encoded. */
+        return SEC_ASN1_GET(SEC_AnyTemplate);
+    }
+
+    /* get attribute's typeTag */
+    oiddata = attribute->typeTag;
+    if (oiddata == NULL) {
+        oiddata = SECOID_FindOID(&attribute->type);
+        attribute->typeTag = oiddata;
+    }
+
+    if (oiddata == NULL) {
+        /* still no OID tag? OID is unknown then. en/decode value as ANY. */
+        encoded = PR_TRUE;
+        theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+    } else {
+        switch (oiddata->offset) {
+            case SEC_OID_PKCS9_SMIME_CAPABILITIES:
+            case SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE:
+            /* these guys need to stay DER-encoded */
+            default:
+                /* same goes for OIDs that are not handled here */
+                encoded = PR_TRUE;
+                theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
+                break;
+            /* otherwise choose proper template */
+            case SEC_OID_PKCS9_EMAIL_ADDRESS:
+            case SEC_OID_RFC1274_MAIL:
+            case SEC_OID_PKCS9_UNSTRUCTURED_NAME:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(SEC_IA5StringTemplate);
+                break;
+            case SEC_OID_PKCS9_CONTENT_TYPE:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(SEC_ObjectIDTemplate);
+                break;
+            case SEC_OID_PKCS9_MESSAGE_DIGEST:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(SEC_OctetStringTemplate);
+                break;
+            case SEC_OID_PKCS9_SIGNING_TIME:
+                encoded = PR_FALSE;
+                theTemplate = SEC_ASN1_GET(CERT_TimeChoiceTemplate);
+                break;
+                /* XXX Want other types here, too */
+        }
+    }
+
+    if (encoding) {
+        /*
+         * If we are encoding and we think we have an already-encoded value,
+         * then the code which initialized this attribute should have set
+         * the "encoded" property to true (and we would have returned early,
+         * up above).  No devastating error, but that code should be fixed.
+         * (It could indicate that the resulting encoded bytes are wrong.)
+         */
+        PORT_Assert(!encoded);
+    } else {
+        /*
+         * We are decoding; record whether the resulting value is
+         * still encoded or not.
+         */
+        attribute->encoded = encoded;
+    }
+    return theTemplate;
+}
+
+static const SEC_ASN1TemplateChooserPtr cms_attr_chooser = cms_attr_choose_attr_value_template;
+
+const SEC_ASN1Template nss_cms_attribute_template[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSCMSAttribute) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(NSSCMSAttribute, type) },
+    { SEC_ASN1_DYNAMIC | SEC_ASN1_SET_OF,
+      offsetof(NSSCMSAttribute, values),
+      &cms_attr_chooser },
+    { 0 }
+};
+
+const SEC_ASN1Template nss_cms_set_of_attribute_template[] = {
+    { SEC_ASN1_SET_OF, 0, nss_cms_attribute_template },
+};
+
+/* =============================================================================
+ * Attribute Array methods
+ */
+
+/*
+ * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
+ *
+ * If you are wondering why this routine does not reorder the attributes
+ * first, and might be tempted to make it do so, see the comment by the
+ * call to ReorderAttributes in cmsencode.c.  (Or, see who else calls this
+ * and think long and hard about the implications of making it always
+ * do the reordering.)
+ */
+SECItem *
+NSS_CMSAttributeArray_Encode(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest)
+{
+    return SEC_ASN1EncodeItem(poolp, dest, (void *)attrs, nss_cms_set_of_attribute_template);
+}
+
+/*
+ * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
+ *
+ * make sure that the order of the attributes guarantees valid DER (which must be
+ * in lexigraphically ascending order for a SET OF); if reordering is necessary it
+ * will be done in place (in attrs).
+ */
+SECStatus
+NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs)
+{
+    return NSS_CMSArray_SortByDER((void **)attrs, nss_cms_attribute_template, NULL);
+}
+
+/*
+ * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
+ * find one that matches the specified object ID.
+ *
+ * If "only" is true, then make sure that there is not more than one attribute
+ * of the same type.  Otherwise, just return the first one found. (XXX Does
+ * anybody really want that first-found behavior?  It was like that when I found it...)
+ */
+NSSCMSAttribute *
+NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only)
+{
+    SECOidData *oid;
+    NSSCMSAttribute *attr1, *attr2;
+
+    if (attrs == NULL)
+        return NULL;
+
+    oid = SECOID_FindOIDByTag(oidtag);
+    if (oid == NULL)
+        return NULL;
+
+    while ((attr1 = *attrs++) != NULL) {
+        if (attr1->type.len == oid->oid.len &&
+            PORT_Memcmp(attr1->type.data, oid->oid.data, oid->oid.len) == 0)
+            break;
+    }
+
+    if (attr1 == NULL)
+        return NULL;
+
+    if (!only)
+        return attr1;
+
+    while ((attr2 = *attrs++) != NULL) {
+        if (attr2->type.len == oid->oid.len &&
+            PORT_Memcmp(attr2->type.data, oid->oid.data, oid->oid.len) == 0)
+            break;
+    }
+
+    if (attr2 != NULL)
+        return NULL;
+
+    return attr1;
+}
+
+/*
+ * NSS_CMSAttributeArray_AddAttr - add an attribute to an
+ * array of attributes.
+ */
+SECStatus
+NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs,
+                              NSSCMSAttribute *attr)
+{
+    NSSCMSAttribute *oattr;
+    void *mark;
+    SECOidTag type;
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* find oidtag of attr */
+    type = NSS_CMSAttribute_GetType(attr);
+
+    /* see if we have one already */
+    oattr = NSS_CMSAttributeArray_FindAttrByOidTag(*attrs, type, PR_FALSE);
+    PORT_Assert(oattr == NULL);
+    if (oattr != NULL)
+        goto loser; /* XXX or would it be better to replace it? */
+
+    /* no, shove it in */
+    if (NSS_CMSArray_Add(poolp, (void ***)attrs, (void *)attr) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
+ */
+SECStatus
+NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs,
+                              SECOidTag type, SECItem *value, PRBool encoded)
+{
+    NSSCMSAttribute *attr;
+    void *mark;
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* see if we have one already */
+    attr = NSS_CMSAttributeArray_FindAttrByOidTag(*attrs, type, PR_FALSE);
+    if (attr == NULL) {
+        /* not found? create one! */
+        attr = NSS_CMSAttribute_Create(poolp, type, value, encoded);
+        if (attr == NULL)
+            goto loser;
+        /* and add it to the list */
+        if (NSS_CMSArray_Add(poolp, (void ***)attrs, (void *)attr) != SECSuccess)
+            goto loser;
+    } else {
+        /* found, shove it in */
+        /* XXX we need a decent memory model @#$#$!#!!! */
+        attr->values[0] = value;
+        attr->encoded = encoded;
+    }
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
diff --git a/nss/lib/smime/cmscinfo.c b/nss/lib/smime/cmscinfo.c
new file mode 100644
index 0000000..08db662
--- /dev/null
+++ b/nss/lib/smime/cmscinfo.c
@@ -0,0 +1,375 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS contentInfo methods.
+ */
+
+#include "cmslocal.h"
+
+#include "pk11func.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secerr.h"
+
+/*
+ * NSS_CMSContentInfo_Create - create a content info
+ *
+ * version is set in the _Finalize procedures for each content type
+ */
+SECStatus
+NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo)
+{
+    if (cinfo->privateInfo) {
+        return SECSuccess;
+    }
+    cinfo->privateInfo = PORT_ZNew(NSSCMSContentInfoPrivate);
+    return (cinfo->privateInfo) ? SECSuccess : SECFailure;
+}
+
+static void
+nss_cmsContentInfo_private_destroy(NSSCMSContentInfoPrivate *privateInfo)
+{
+    if (privateInfo->digcx) {
+        /* must destroy digest objects */
+        NSS_CMSDigestContext_Cancel(privateInfo->digcx);
+        privateInfo->digcx = NULL;
+    }
+    if (privateInfo->ciphcx) {
+        NSS_CMSCipherContext_Destroy(privateInfo->ciphcx);
+        privateInfo->ciphcx = NULL;
+    }
+    PORT_Free(privateInfo);
+}
+
+/*
+ * NSS_CMSContentInfo_Destroy - destroy a CMS contentInfo and all of its sub-pieces.
+ */
+void
+NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
+{
+    SECOidTag kind;
+
+    kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+    switch (kind) {
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            NSS_CMSEnvelopedData_Destroy(cinfo->content.envelopedData);
+            break;
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            NSS_CMSSignedData_Destroy(cinfo->content.signedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            NSS_CMSEncryptedData_Destroy(cinfo->content.encryptedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            NSS_CMSDigestedData_Destroy(cinfo->content.digestedData);
+            break;
+        default:
+            NSS_CMSGenericWrapperData_Destroy(kind, cinfo->content.genericData);
+            /* XXX Anything else that needs to be "manually" freed/destroyed? */
+            break;
+    }
+    if (cinfo->privateInfo) {
+        nss_cmsContentInfo_private_destroy(cinfo->privateInfo);
+        cinfo->privateInfo = NULL;
+    }
+    if (cinfo->bulkkey) {
+        PK11_FreeSymKey(cinfo->bulkkey);
+    }
+}
+
+/*
+ * NSS_CMSContentInfo_GetChildContentInfo - get content's contentInfo (if it exists)
+ */
+NSSCMSContentInfo *
+NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo)
+{
+    NSSCMSContentInfo *ccinfo = NULL;
+    SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+    switch (tag) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            if (cinfo->content.signedData != NULL) {
+                ccinfo = &(cinfo->content.signedData->contentInfo);
+            }
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            if (cinfo->content.envelopedData != NULL) {
+                ccinfo = &(cinfo->content.envelopedData->contentInfo);
+            }
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            if (cinfo->content.digestedData != NULL) {
+                ccinfo = &(cinfo->content.digestedData->contentInfo);
+            }
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            if (cinfo->content.encryptedData != NULL) {
+                ccinfo = &(cinfo->content.encryptedData->contentInfo);
+            }
+            break;
+        case SEC_OID_PKCS7_DATA:
+        default:
+            if (NSS_CMSType_IsWrapper(tag)) {
+                if (cinfo->content.genericData != NULL) {
+                    ccinfo = &(cinfo->content.genericData->contentInfo);
+                }
+            }
+            break;
+    }
+    if (ccinfo && !ccinfo->privateInfo) {
+        NSS_CMSContentInfo_Private_Init(ccinfo);
+    }
+    return ccinfo;
+}
+
+SECStatus
+NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream)
+{
+    SECStatus rv;
+
+    rv = NSS_CMSContentInfo_Private_Init(cinfo);
+    if (rv != SECSuccess) {
+        /* default is streaming, failure to get ccinfo will not effect this */
+        return dontStream ? SECFailure : SECSuccess;
+    }
+    cinfo->privateInfo->dontStream = dontStream;
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSContentInfo_SetContent - set content type & content
+ */
+SECStatus
+NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
+                              SECOidTag type, void *ptr)
+{
+    SECStatus rv;
+
+    cinfo->contentTypeTag = SECOID_FindOIDByTag(type);
+    if (cinfo->contentTypeTag == NULL)
+        return SECFailure;
+
+    /* do not copy the oid, just create a reference */
+    rv = SECITEM_CopyItem(cmsg->poolp, &(cinfo->contentType), &(cinfo->contentTypeTag->oid));
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    cinfo->content.pointer = ptr;
+
+    if (NSS_CMSType_IsData(type) && ptr) {
+        cinfo->rawContent = ptr;
+    } else {
+        /* as we always have some inner data,
+     * we need to set it to something, just to fool the encoder enough to work on it
+     * and get us into nss_cms_encoder_notify at that point */
+        cinfo->rawContent = SECITEM_AllocItem(cmsg->poolp, NULL, 1);
+        if (cinfo->rawContent == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSContentInfo_SetContent_XXXX - typesafe wrappers for NSS_CMSContentInfo_SetContent
+ */
+
+/*
+ * data == NULL -> pass in data via NSS_CMSEncoder_Update
+ * data != NULL -> take this data
+ */
+SECStatus
+NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
+                                   SECItem *data, PRBool detached)
+{
+    if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess)
+        return SECFailure;
+    if (detached) {
+        cinfo->rawContent = NULL;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+NSS_CMSContentInfo_SetContent_SignedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
+                                         NSSCMSSignedData *sigd)
+{
+    return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_SIGNED_DATA, (void *)sigd);
+}
+
+SECStatus
+NSS_CMSContentInfo_SetContent_EnvelopedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
+                                            NSSCMSEnvelopedData *envd)
+{
+    return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_ENVELOPED_DATA, (void *)envd);
+}
+
+SECStatus
+NSS_CMSContentInfo_SetContent_DigestedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
+                                           NSSCMSDigestedData *digd)
+{
+    return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DIGESTED_DATA, (void *)digd);
+}
+
+SECStatus
+NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
+                                            NSSCMSEncryptedData *encd)
+{
+    return NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_ENCRYPTED_DATA, (void *)encd);
+}
+
+/*
+ * NSS_CMSContentInfo_GetContent - get pointer to inner content
+ *
+ * needs to be casted...
+ */
+void *
+NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
+{
+    SECOidTag tag = cinfo->contentTypeTag
+                        ? cinfo->contentTypeTag->offset
+                        : SEC_OID_UNKNOWN;
+    switch (tag) {
+        case SEC_OID_PKCS7_DATA:
+        case SEC_OID_PKCS7_SIGNED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            return cinfo->content.pointer;
+        default:
+            return NSS_CMSType_IsWrapper(tag) ? cinfo->content.pointer
+                                              : (NSS_CMSType_IsData(tag) ? cinfo->rawContent
+                                                                         : NULL);
+    }
+}
+
+/*
+ * NSS_CMSContentInfo_GetInnerContent - get pointer to innermost content
+ *
+ * this is typically only called by NSS_CMSMessage_GetContent()
+ */
+
+SECItem *
+NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
+{
+    NSSCMSContentInfo *ccinfo;
+    SECOidTag tag;
+    SECItem *pItem = NULL;
+
+    tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+    if (NSS_CMSType_IsData(tag)) {
+        pItem = cinfo->content.data;
+    } else if (NSS_CMSType_IsWrapper(tag)) {
+        ccinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo);
+        if (ccinfo != NULL) {
+            pItem = NSS_CMSContentInfo_GetContent(ccinfo);
+        }
+    } else {
+        PORT_Assert(0);
+    }
+
+    return pItem;
+}
+
+/*
+ * NSS_CMSContentInfo_GetContentType{Tag,OID} - find out (saving pointer to lookup result
+ * for future reference) and return the inner content type.
+ */
+SECOidTag
+NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo)
+{
+    if (cinfo->contentTypeTag == NULL)
+        cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
+
+    if (cinfo->contentTypeTag == NULL)
+        return SEC_OID_UNKNOWN;
+
+    return cinfo->contentTypeTag->offset;
+}
+
+SECItem *
+NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo)
+{
+    if (cinfo->contentTypeTag == NULL)
+        cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
+
+    if (cinfo->contentTypeTag == NULL)
+        return NULL;
+
+    return &(cinfo->contentTypeTag->oid);
+}
+
+/*
+ * NSS_CMSContentInfo_GetContentEncAlgTag - find out (saving pointer to lookup result
+ * for future reference) and return the content encryption algorithm tag.
+ */
+SECOidTag
+NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo)
+{
+    if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN)
+        cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg));
+
+    return cinfo->contentEncAlgTag;
+}
+
+/*
+ * NSS_CMSContentInfo_GetContentEncAlg - find out and return the content encryption algorithm tag.
+ */
+SECAlgorithmID *
+NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo)
+{
+    return &(cinfo->contentEncAlg);
+}
+
+SECStatus
+NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
+                                    SECOidTag bulkalgtag, SECItem *parameters, int keysize)
+{
+    SECStatus rv;
+
+    rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters);
+    if (rv != SECSuccess)
+        return SECFailure;
+    cinfo->keysize = keysize;
+    return SECSuccess;
+}
+
+SECStatus
+NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cinfo,
+                                      SECAlgorithmID *algid, int keysize)
+{
+    SECStatus rv;
+
+    rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid);
+    if (rv != SECSuccess)
+        return SECFailure;
+    if (keysize >= 0)
+        cinfo->keysize = keysize;
+    return SECSuccess;
+}
+
+void
+NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey)
+{
+    cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
+    cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
+}
+
+PK11SymKey *
+NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo)
+{
+    if (cinfo->bulkkey == NULL)
+        return NULL;
+
+    return PK11_ReferenceSymKey(cinfo->bulkkey);
+}
+
+int
+NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo)
+{
+    return cinfo->keysize;
+}
diff --git a/nss/lib/smime/cmscipher.c b/nss/lib/smime/cmscipher.c
new file mode 100644
index 0000000..9c8330b
--- /dev/null
+++ b/nss/lib/smime/cmscipher.c
@@ -0,0 +1,722 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Encryption/decryption routines for CMS implementation, none of which are exported.
+ */
+
+#include "cmslocal.h"
+
+#include "secoid.h"
+#include "secitem.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "secpkcs5.h"
+
+/*
+ * -------------------------------------------------------------------
+ * Cipher stuff.
+ */
+
+typedef SECStatus (*nss_cms_cipher_function)(void *, unsigned char *, unsigned int *,
+                                             unsigned int, const unsigned char *, unsigned int);
+typedef SECStatus (*nss_cms_cipher_destroy)(void *, PRBool);
+
+#define BLOCK_SIZE 4096
+
+struct NSSCMSCipherContextStr {
+    void *cx; /* PK11 cipher context */
+    nss_cms_cipher_function doit;
+    nss_cms_cipher_destroy destroy;
+    PRBool encrypt; /* encrypt / decrypt switch */
+    int block_size; /* block & pad sizes for cipher */
+    int pad_size;
+    int pending_count;                     /* pending data (not yet en/decrypted */
+    unsigned char pending_buf[BLOCK_SIZE]; /* because of blocking */
+};
+
+/*
+ * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
+ * based on the given bulk encryption key and algorithm identifier (which
+ * may include an iv).
+ *
+ * XXX Once both are working, it might be nice to combine this and the
+ * function below (for starting up encryption) into one routine, and just
+ * have two simple cover functions which call it.
+ */
+NSSCMSCipherContext *
+NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid)
+{
+    NSSCMSCipherContext *cc;
+    void *ciphercx;
+    CK_MECHANISM_TYPE cryptoMechType;
+    PK11SlotInfo *slot;
+    SECOidTag algtag;
+    SECItem *param = NULL;
+
+    algtag = SECOID_GetAlgorithmTag(algid);
+
+    /* set param and mechanism */
+    if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
+        SECItem *pwitem;
+
+        pwitem = PK11_GetSymKeyUserData(key);
+        if (!pwitem)
+            return NULL;
+
+        cryptoMechType = PK11_GetPBECryptoMechanism(algid, &param, pwitem);
+        if (cryptoMechType == CKM_INVALID_MECHANISM) {
+            SECITEM_FreeItem(param, PR_TRUE);
+            return NULL;
+        }
+
+    } else {
+        cryptoMechType = PK11_AlgtagToMechanism(algtag);
+        if ((param = PK11_ParamFromAlgid(algid)) == NULL)
+            return NULL;
+    }
+
+    cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
+    if (cc == NULL) {
+        SECITEM_FreeItem(param, PR_TRUE);
+        return NULL;
+    }
+
+    /* figure out pad and block sizes */
+    cc->pad_size = PK11_GetBlockSize(cryptoMechType, param);
+    slot = PK11_GetSlotFromKey(key);
+    cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
+    PK11_FreeSlot(slot);
+
+    /* create PK11 cipher context */
+    ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_DECRYPT,
+                                          key, param);
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (ciphercx == NULL) {
+        PORT_Free(cc);
+        return NULL;
+    }
+
+    cc->cx = ciphercx;
+    cc->doit = (nss_cms_cipher_function)PK11_CipherOp;
+    cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext;
+    cc->encrypt = PR_FALSE;
+    cc->pending_count = 0;
+
+    return cc;
+}
+
+/*
+ * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
+ * based on the given bulk encryption key and algorithm tag.  Fill in the
+ * algorithm identifier (which may include an iv) appropriately.
+ *
+ * XXX Once both are working, it might be nice to combine this and the
+ * function above (for starting up decryption) into one routine, and just
+ * have two simple cover functions which call it.
+ */
+NSSCMSCipherContext *
+NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid)
+{
+    NSSCMSCipherContext *cc;
+    void *ciphercx = NULL;
+    SECStatus rv;
+    CK_MECHANISM_TYPE cryptoMechType;
+    PK11SlotInfo *slot;
+    SECItem *param = NULL;
+    PRBool needToEncodeAlgid = PR_FALSE;
+    SECOidTag algtag = SECOID_GetAlgorithmTag(algid);
+
+    /* set param and mechanism */
+    if (SEC_PKCS5IsAlgorithmPBEAlg(algid)) {
+        SECItem *pwitem;
+
+        pwitem = PK11_GetSymKeyUserData(key);
+        if (!pwitem)
+            return NULL;
+
+        cryptoMechType = PK11_GetPBECryptoMechanism(algid, &param, pwitem);
+        if (cryptoMechType == CKM_INVALID_MECHANISM) {
+            SECITEM_FreeItem(param, PR_TRUE);
+            return NULL;
+        }
+    } else {
+        cryptoMechType = PK11_AlgtagToMechanism(algtag);
+        if ((param = PK11_GenerateNewParam(cryptoMechType, key)) == NULL)
+            return NULL;
+        needToEncodeAlgid = PR_TRUE;
+    }
+
+    cc = (NSSCMSCipherContext *)PORT_ZAlloc(sizeof(NSSCMSCipherContext));
+    if (cc == NULL) {
+        goto loser;
+    }
+
+    /* now find pad and block sizes for our mechanism */
+    cc->pad_size = PK11_GetBlockSize(cryptoMechType, param);
+    slot = PK11_GetSlotFromKey(key);
+    cc->block_size = PK11_IsHW(slot) ? BLOCK_SIZE : cc->pad_size;
+    PK11_FreeSlot(slot);
+
+    /* and here we go, creating a PK11 cipher context */
+    ciphercx = PK11_CreateContextBySymKey(cryptoMechType, CKA_ENCRYPT,
+                                          key, param);
+    if (ciphercx == NULL) {
+        PORT_Free(cc);
+        cc = NULL;
+        goto loser;
+    }
+
+    /*
+     * These are placed after the CreateContextBySymKey() because some
+     * mechanisms have to generate their IVs from their card (i.e. FORTEZZA).
+     * Don't move it from here.
+     * XXX is that right? the purpose of this is to get the correct algid
+     *     containing the IVs etc. for encoding. this means we need to set this up
+     *     BEFORE encoding the algid in the contentInfo, right?
+     */
+    if (needToEncodeAlgid) {
+        rv = PK11_ParamToAlgid(algtag, param, poolp, algid);
+        if (rv != SECSuccess) {
+            PORT_Free(cc);
+            cc = NULL;
+            goto loser;
+        }
+    }
+
+    cc->cx = ciphercx;
+    ciphercx = NULL;
+    cc->doit = (nss_cms_cipher_function)PK11_CipherOp;
+    cc->destroy = (nss_cms_cipher_destroy)PK11_DestroyContext;
+    cc->encrypt = PR_TRUE;
+    cc->pending_count = 0;
+
+loser:
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (ciphercx) {
+        PK11_DestroyContext(ciphercx, PR_TRUE);
+    }
+
+    return cc;
+}
+
+void
+NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc)
+{
+    PORT_Assert(cc != NULL);
+    if (cc == NULL)
+        return;
+    (*cc->destroy)(cc->cx, PR_TRUE);
+    PORT_Free(cc);
+}
+
+/*
+ * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
+ *
+ * cc - the cipher context
+ * input_len - number of bytes used as input
+ * final - true if this is the final chunk of data
+ *
+ * Result can be used to perform memory allocations.  Note that the amount
+ * is exactly accurate only when not doing a block cipher or when final
+ * is false, otherwise it is an upper bound on the amount because until
+ * we see the data we do not know how many padding bytes there are
+ * (always between 1 and bsize).
+ *
+ * Note that this can return zero, which does not mean that the decrypt
+ * operation can be skipped!  (It simply means that there are not enough
+ * bytes to make up an entire block; the bytes will be reserved until
+ * there are enough to encrypt/decrypt at least one block.)  However,
+ * if zero is returned it *does* mean that no output buffer need be
+ * passed in to the subsequent decrypt operation, as no output bytes
+ * will be stored.
+ */
+unsigned int
+NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final)
+{
+    int blocks, block_size;
+
+    PORT_Assert(!cc->encrypt);
+
+    block_size = cc->block_size;
+
+    /*
+     * If this is not a block cipher, then we always have the same
+     * number of output bytes as we had input bytes.
+     */
+    if (block_size == 0)
+        return input_len;
+
+    /*
+     * On the final call, we will always use up all of the pending
+     * bytes plus all of the input bytes, *but*, there will be padding
+     * at the end and we cannot predict how many bytes of padding we
+     * will end up removing.  The amount given here is actually known
+     * to be at least 1 byte too long (because we know we will have
+     * at least 1 byte of padding), but seemed clearer/better to me.
+     */
+    if (final)
+        return cc->pending_count + input_len;
+
+    /*
+     * Okay, this amount is exactly what we will output on the
+     * next cipher operation.  We will always hang onto the last
+     * 1 - block_size bytes for non-final operations.  That is,
+     * we will do as many complete blocks as we can *except* the
+     * last block (complete or partial).  (This is because until
+     * we know we are at the end, we cannot know when to interpret
+     * and removing the padding byte(s), which are guaranteed to
+     * be there.)
+     */
+    blocks = (cc->pending_count + input_len - 1) / block_size;
+    return blocks * block_size;
+}
+
+/*
+ * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
+ *
+ * cc - the cipher context
+ * input_len - number of bytes used as input
+ * final - true if this is the final chunk of data
+ *
+ * Result can be used to perform memory allocations.
+ *
+ * Note that this can return zero, which does not mean that the encrypt
+ * operation can be skipped!  (It simply means that there are not enough
+ * bytes to make up an entire block; the bytes will be reserved until
+ * there are enough to encrypt/decrypt at least one block.)  However,
+ * if zero is returned it *does* mean that no output buffer need be
+ * passed in to the subsequent encrypt operation, as no output bytes
+ * will be stored.
+ */
+unsigned int
+NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final)
+{
+    int blocks, block_size;
+    int pad_size;
+
+    PORT_Assert(cc->encrypt);
+
+    block_size = cc->block_size;
+    pad_size = cc->pad_size;
+
+    /*
+     * If this is not a block cipher, then we always have the same
+     * number of output bytes as we had input bytes.
+     */
+    if (block_size == 0)
+        return input_len;
+
+    /*
+     * On the final call, we only send out what we need for
+     * remaining bytes plus the padding.  (There is always padding,
+     * so even if we have an exact number of blocks as input, we
+     * will add another full block that is just padding.)
+     */
+    if (final) {
+        if (pad_size == 0) {
+            return cc->pending_count + input_len;
+        } else {
+            blocks = (cc->pending_count + input_len) / pad_size;
+            blocks++;
+            return blocks * pad_size;
+        }
+    }
+
+    /*
+     * Now, count the number of complete blocks of data we have.
+     */
+    blocks = (cc->pending_count + input_len) / block_size;
+
+    return blocks * block_size;
+}
+
+/*
+ * NSS_CMSCipherContext_Decrypt - do the decryption
+ *
+ * cc - the cipher context
+ * output - buffer for decrypted result bytes
+ * output_len_p - number of bytes in output
+ * max_output_len - upper bound on bytes to put into output
+ * input - pointer to input bytes
+ * input_len - number of input bytes
+ * final - true if this is the final chunk of data
+ *
+ * Decrypts a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the decrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
+ * When "final" is true, this is the last of the data to be decrypted.
+ *
+ * This is much more complicated than it sounds when the cipher is
+ * a block-type, meaning that the decryption function will only
+ * operate on whole blocks.  But our caller is operating stream-wise,
+ * and can pass in any number of bytes.  So we need to keep track
+ * of block boundaries.  We save excess bytes between calls in "cc".
+ * We also need to determine which bytes are padding, and remove
+ * them from the output.  We can only do this step when we know we
+ * have the final block of data.  PKCS #7 specifies that the padding
+ * used for a block cipher is a string of bytes, each of whose value is
+ * the same as the length of the padding, and that all data is padded.
+ * (Even data that starts out with an exact multiple of blocks gets
+ * added to it another block, all of which is padding.)
+ */
+SECStatus
+NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
+                             unsigned int *output_len_p, unsigned int max_output_len,
+                             const unsigned char *input, unsigned int input_len,
+                             PRBool final)
+{
+    unsigned int blocks, bsize, pcount, padsize;
+    unsigned int max_needed, ifraglen, ofraglen, output_len;
+    unsigned char *pbuf;
+    SECStatus rv;
+
+    PORT_Assert(!cc->encrypt);
+
+    /*
+     * Check that we have enough room for the output.  Our caller should
+     * already handle this; failure is really an internal error (i.e. bug).
+     */
+    max_needed = NSS_CMSCipherContext_DecryptLength(cc, input_len, final);
+    PORT_Assert(max_output_len >= max_needed);
+    if (max_output_len < max_needed) {
+        /* PORT_SetError (XXX); */
+        return SECFailure;
+    }
+
+    /*
+     * hardware encryption does not like small decryption sizes here, so we
+     * allow both blocking and padding.
+     */
+    bsize = cc->block_size;
+    padsize = cc->pad_size;
+
+    /*
+     * When no blocking or padding work to do, we can simply call the
+     * cipher function and we are done.
+     */
+    if (bsize == 0) {
+        return (*cc->doit)(cc->cx, output, output_len_p, max_output_len,
+                           input, input_len);
+    }
+
+    pcount = cc->pending_count;
+    pbuf = cc->pending_buf;
+
+    output_len = 0;
+
+    if (pcount) {
+        /*
+         * Try to fill in an entire block, starting with the bytes
+         * we already have saved away.
+         */
+        while (input_len && pcount < bsize) {
+            pbuf[pcount++] = *input++;
+            input_len--;
+        }
+        /*
+         * If we have at most a whole block and this is not our last call,
+         * then we are done for now.  (We do not try to decrypt a lone
+         * single block because we cannot interpret the padding bytes
+         * until we know we are handling the very last block of all input.)
+         */
+        if (input_len == 0 && !final) {
+            cc->pending_count = pcount;
+            if (output_len_p)
+                *output_len_p = 0;
+            return SECSuccess;
+        }
+        /*
+         * Given the logic above, we expect to have a full block by now.
+         * If we do not, there is something wrong, either with our own
+         * logic or with (length of) the data given to us.
+         */
+        if ((padsize != 0) && (pcount % padsize) != 0) {
+            PORT_Assert(final);
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+        /*
+         * Decrypt the block.
+         */
+        rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len,
+                         pbuf, pcount);
+        if (rv != SECSuccess)
+            return rv;
+
+        /*
+         * For now anyway, all of our ciphers have the same number of
+         * bytes of output as they do input.  If this ever becomes untrue,
+         * then NSS_CMSCipherContext_DecryptLength needs to be made smarter!
+         */
+        PORT_Assert(ofraglen == pcount);
+
+        /*
+         * Account for the bytes now in output.
+         */
+        max_output_len -= ofraglen;
+        output_len += ofraglen;
+        output += ofraglen;
+    }
+
+    /*
+     * If this is our last call, we expect to have an exact number of
+     * blocks left to be decrypted; we will decrypt them all.
+     *
+     * If not our last call, we always save between 1 and bsize bytes
+     * until next time.  (We must do this because we cannot be sure
+     * that none of the decrypted bytes are padding bytes until we
+     * have at least another whole block of data.  You cannot tell by
+     * looking -- the data could be anything -- you can only tell by
+     * context, knowing you are looking at the last block.)  We could
+     * decrypt a whole block now but it is easier if we just treat it
+     * the same way we treat partial block bytes.
+     */
+    if (final) {
+        if (padsize) {
+            blocks = input_len / padsize;
+            ifraglen = blocks * padsize;
+        } else
+            ifraglen = input_len;
+        PORT_Assert(ifraglen == input_len);
+
+        if (ifraglen != input_len) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+    } else {
+        blocks = (input_len - 1) / bsize;
+        ifraglen = blocks * bsize;
+        PORT_Assert(ifraglen < input_len);
+
+        pcount = input_len - ifraglen;
+        PORT_Memcpy(pbuf, input + ifraglen, pcount);
+        cc->pending_count = pcount;
+    }
+
+    if (ifraglen) {
+        rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len,
+                         input, ifraglen);
+        if (rv != SECSuccess)
+            return rv;
+
+        /*
+         * For now anyway, all of our ciphers have the same number of
+         * bytes of output as they do input.  If this ever becomes untrue,
+         * then sec_PKCS7DecryptLength needs to be made smarter!
+         */
+        PORT_Assert(ifraglen == ofraglen);
+        if (ifraglen != ofraglen) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+
+        output_len += ofraglen;
+    } else {
+        ofraglen = 0;
+    }
+
+    /*
+     * If we just did our very last block, "remove" the padding by
+     * adjusting the output length.
+     */
+    if (final && (padsize != 0)) {
+        unsigned int padlen = *(output + ofraglen - 1);
+
+        if (padlen == 0 || padlen > padsize) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+            return SECFailure;
+        }
+        output_len -= padlen;
+    }
+
+    PORT_Assert(output_len_p != NULL || output_len == 0);
+    if (output_len_p != NULL)
+        *output_len_p = output_len;
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSCipherContext_Encrypt - do the encryption
+ *
+ * cc - the cipher context
+ * output - buffer for decrypted result bytes
+ * output_len_p - number of bytes in output
+ * max_output_len - upper bound on bytes to put into output
+ * input - pointer to input bytes
+ * input_len - number of input bytes
+ * final - true if this is the final chunk of data
+ *
+ * Encrypts a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the encrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
+ * When "final" is true, this is the last of the data to be encrypted.
+ *
+ * This is much more complicated than it sounds when the cipher is
+ * a block-type, meaning that the encryption function will only
+ * operate on whole blocks.  But our caller is operating stream-wise,
+ * and can pass in any number of bytes.  So we need to keep track
+ * of block boundaries.  We save excess bytes between calls in "cc".
+ * We also need to add padding bytes at the end.  PKCS #7 specifies
+ * that the padding used for a block cipher is a string of bytes,
+ * each of whose value is the same as the length of the padding,
+ * and that all data is padded.  (Even data that starts out with
+ * an exact multiple of blocks gets added to it another block,
+ * all of which is padding.)
+ *
+ * XXX I would kind of like to combine this with the function above
+ * which does decryption, since they have a lot in common.  But the
+ * tricky parts about padding and filling blocks would be much
+ * harder to read that way, so I left them separate.  At least for
+ * now until it is clear that they are right.
+ */
+SECStatus
+NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
+                             unsigned int *output_len_p, unsigned int max_output_len,
+                             const unsigned char *input, unsigned int input_len,
+                             PRBool final)
+{
+    int blocks, bsize, padlen, pcount, padsize;
+    unsigned int max_needed, ifraglen, ofraglen, output_len;
+    unsigned char *pbuf;
+    SECStatus rv;
+
+    PORT_Assert(cc->encrypt);
+
+    /*
+     * Check that we have enough room for the output.  Our caller should
+     * already handle this; failure is really an internal error (i.e. bug).
+     */
+    max_needed = NSS_CMSCipherContext_EncryptLength(cc, input_len, final);
+    PORT_Assert(max_output_len >= max_needed);
+    if (max_output_len < max_needed) {
+        /* PORT_SetError (XXX); */
+        return SECFailure;
+    }
+
+    bsize = cc->block_size;
+    padsize = cc->pad_size;
+
+    /*
+     * When no blocking and padding work to do, we can simply call the
+     * cipher function and we are done.
+     */
+    if (bsize == 0) {
+        return (*cc->doit)(cc->cx, output, output_len_p, max_output_len,
+                           input, input_len);
+    }
+
+    pcount = cc->pending_count;
+    pbuf = cc->pending_buf;
+
+    output_len = 0;
+
+    if (pcount) {
+        /*
+         * Try to fill in an entire block, starting with the bytes
+         * we already have saved away.
+         */
+        while (input_len && pcount < bsize) {
+            pbuf[pcount++] = *input++;
+            input_len--;
+        }
+        /*
+         * If we do not have a full block and we know we will be
+         * called again, then we are done for now.
+         */
+        if (pcount < bsize && !final) {
+            cc->pending_count = pcount;
+            if (output_len_p != NULL)
+                *output_len_p = 0;
+            return SECSuccess;
+        }
+        /*
+         * If we have a whole block available, encrypt it.
+         */
+        if ((padsize == 0) || (pcount % padsize) == 0) {
+            rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len,
+                             pbuf, pcount);
+            if (rv != SECSuccess)
+                return rv;
+
+            /*
+             * For now anyway, all of our ciphers have the same number of
+             * bytes of output as they do input.  If this ever becomes untrue,
+             * then sec_PKCS7EncryptLength needs to be made smarter!
+             */
+            PORT_Assert(ofraglen == pcount);
+
+            /*
+             * Account for the bytes now in output.
+             */
+            max_output_len -= ofraglen;
+            output_len += ofraglen;
+            output += ofraglen;
+
+            pcount = 0;
+        }
+    }
+
+    if (input_len) {
+        PORT_Assert(pcount == 0);
+
+        blocks = input_len / bsize;
+        ifraglen = blocks * bsize;
+
+        if (ifraglen) {
+            rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len,
+                             input, ifraglen);
+            if (rv != SECSuccess)
+                return rv;
+
+            /*
+             * For now anyway, all of our ciphers have the same number of
+             * bytes of output as they do input.  If this ever becomes untrue,
+             * then sec_PKCS7EncryptLength needs to be made smarter!
+             */
+            PORT_Assert(ifraglen == ofraglen);
+
+            max_output_len -= ofraglen;
+            output_len += ofraglen;
+            output += ofraglen;
+        }
+
+        pcount = input_len - ifraglen;
+        PORT_Assert(pcount < bsize);
+        if (pcount)
+            PORT_Memcpy(pbuf, input + ifraglen, pcount);
+    }
+
+    if (final) {
+        if (padsize <= 0) {
+            padlen = 0;
+        } else {
+            padlen = padsize - (pcount % padsize);
+            PORT_Memset(pbuf + pcount, padlen, padlen);
+        }
+        rv = (*cc->doit)(cc->cx, output, &ofraglen, max_output_len,
+                         pbuf, pcount + padlen);
+        if (rv != SECSuccess)
+            return rv;
+
+        /*
+         * For now anyway, all of our ciphers have the same number of
+         * bytes of output as they do input.  If this ever becomes untrue,
+         * then sec_PKCS7EncryptLength needs to be made smarter!
+         */
+        PORT_Assert(ofraglen == (pcount + padlen));
+        output_len += ofraglen;
+    } else {
+        cc->pending_count = pcount;
+    }
+
+    PORT_Assert(output_len_p != NULL || output_len == 0);
+    if (output_len_p != NULL)
+        *output_len_p = output_len;
+
+    return SECSuccess;
+}
diff --git a/nss/lib/smime/cmsdecode.c b/nss/lib/smime/cmsdecode.c
new file mode 100644
index 0000000..d965111
--- /dev/null
+++ b/nss/lib/smime/cmsdecode.c
@@ -0,0 +1,738 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS decoding.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "prtime.h"
+#include "secerr.h"
+
+struct NSSCMSDecoderContextStr {
+    SEC_ASN1DecoderContext *dcx;      /* ASN.1 decoder context */
+    NSSCMSMessage *cmsg;              /* backpointer to the root message */
+    SECOidTag type;                   /* type of message */
+    NSSCMSContent content;            /* pointer to message */
+    NSSCMSDecoderContext *childp7dcx; /* inner CMS decoder context */
+    PRBool saw_contents;
+    int error;
+    NSSCMSContentCallback cb;
+    void *cb_arg;
+    PRBool first_decoded;
+    PRBool need_indefinite_finish;
+};
+
+struct NSSCMSDecoderDataStr {
+    SECItem data; /* must be first */
+    unsigned int totalBufferSize;
+};
+
+typedef struct NSSCMSDecoderDataStr NSSCMSDecoderData;
+
+static void nss_cms_decoder_update_filter(void *arg, const char *data,
+                                          unsigned long len, int depth,
+                                          SEC_ASN1EncodingPart data_kind);
+static SECStatus nss_cms_before_data(NSSCMSDecoderContext *p7dcx);
+static SECStatus nss_cms_after_data(NSSCMSDecoderContext *p7dcx);
+static SECStatus nss_cms_after_end(NSSCMSDecoderContext *p7dcx);
+static void nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
+                                      const unsigned char *data,
+                                      unsigned long len,
+                                      PRBool final);
+static NSSCMSDecoderData *nss_cms_create_decoder_data(PLArenaPool *poolp);
+
+extern const SEC_ASN1Template NSSCMSMessageTemplate[];
+
+static NSSCMSDecoderData *
+nss_cms_create_decoder_data(PLArenaPool *poolp)
+{
+    NSSCMSDecoderData *decoderData = NULL;
+
+    decoderData = (NSSCMSDecoderData *)
+        PORT_ArenaAlloc(poolp, sizeof(NSSCMSDecoderData));
+    if (!decoderData) {
+        return NULL;
+    }
+    decoderData->data.data = NULL;
+    decoderData->data.len = 0;
+    decoderData->totalBufferSize = 0;
+    return decoderData;
+}
+
+/*
+ * nss_cms_decoder_notify -
+ *  this is the driver of the decoding process. It gets called by the ASN.1
+ *  decoder before and after an object is decoded.
+ *  at various points in the decoding process, we intercept to set up and do
+ *  further processing.
+ */
+static void
+nss_cms_decoder_notify(void *arg, PRBool before, void *dest, int depth)
+{
+    NSSCMSDecoderContext *p7dcx;
+    NSSCMSContentInfo *rootcinfo, *cinfo;
+    PRBool after = !before;
+
+    p7dcx = (NSSCMSDecoderContext *)arg;
+    rootcinfo = &(p7dcx->cmsg->contentInfo);
+
+/* XXX error handling: need to set p7dcx->error */
+
+#ifdef CMSDEBUG
+    fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before"
+                                                                 : "after",
+            dest, depth);
+#endif
+
+    /* so what are we working on right now? */
+    if (p7dcx->type == SEC_OID_UNKNOWN) {
+        /*
+         * right now, we are still decoding the OUTER (root) cinfo
+         * As soon as we know the inner content type, set up the info,
+         * but NO inner decoder or filter. The root decoder handles the first
+         * level children by itself - only for encapsulated contents (which
+         * are encoded as DER inside of an OCTET STRING) we need to set up a
+         * child decoder...
+         */
+        if (after && dest == &(rootcinfo->contentType)) {
+            p7dcx->type = NSS_CMSContentInfo_GetContentTypeTag(rootcinfo);
+            p7dcx->content = rootcinfo->content;
+            /* is this ready already ? need to alloc? */
+            /* XXX yes we need to alloc -- continue here */
+        }
+    } else if (NSS_CMSType_IsData(p7dcx->type)) {
+        /* this can only happen if the outermost cinfo has DATA in it */
+        /* otherwise, we handle this type implicitely in the inner decoders */
+
+        if (before && dest == &(rootcinfo->content)) {
+            /* cause the filter to put the data in the right place...
+            ** We want the ASN.1 decoder to deliver the decoded bytes to us
+            ** from now on
+            */
+            SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
+                                         nss_cms_decoder_update_filter,
+                                         p7dcx,
+                                         (PRBool)(p7dcx->cb != NULL));
+        } else if (after && dest == &(rootcinfo->content.data)) {
+            /* remove the filter */
+            SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
+        }
+    } else if (NSS_CMSType_IsWrapper(p7dcx->type)) {
+        if (!before || dest != &(rootcinfo->content)) {
+
+            if (p7dcx->content.pointer == NULL)
+                p7dcx->content = rootcinfo->content;
+
+            /* get this data type's inner contentInfo */
+            cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer,
+                                                  p7dcx->type);
+
+            if (before && dest == &(cinfo->contentType)) {
+                /* at this point, set up the &%$&$ back pointer */
+                /* we cannot do it later, because the content itself
+                 * is optional! */
+                switch (p7dcx->type) {
+                    case SEC_OID_PKCS7_SIGNED_DATA:
+                        p7dcx->content.signedData->cmsg = p7dcx->cmsg;
+                        break;
+                    case SEC_OID_PKCS7_DIGESTED_DATA:
+                        p7dcx->content.digestedData->cmsg = p7dcx->cmsg;
+                        break;
+                    case SEC_OID_PKCS7_ENVELOPED_DATA:
+                        p7dcx->content.envelopedData->cmsg = p7dcx->cmsg;
+                        break;
+                    case SEC_OID_PKCS7_ENCRYPTED_DATA:
+                        p7dcx->content.encryptedData->cmsg = p7dcx->cmsg;
+                        break;
+                    default:
+                        p7dcx->content.genericData->cmsg = p7dcx->cmsg;
+                        break;
+                }
+            }
+
+            if (before && dest == &(cinfo->rawContent)) {
+                /* we want the ASN.1 decoder to deliver the decoded bytes to us
+                 ** from now on
+                 */
+                SEC_ASN1DecoderSetFilterProc(p7dcx->dcx,
+                                             nss_cms_decoder_update_filter,
+                                             p7dcx, (PRBool)(p7dcx->cb != NULL));
+
+                /* we're right in front of the data */
+                if (nss_cms_before_data(p7dcx) != SECSuccess) {
+                    SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
+                    /* stop all processing */
+                    p7dcx->error = PORT_GetError();
+                }
+            }
+            if (after && dest == &(cinfo->rawContent)) {
+                /* we're right after of the data */
+                if (nss_cms_after_data(p7dcx) != SECSuccess)
+                    p7dcx->error = PORT_GetError();
+
+                /* we don't need to see the contents anymore */
+                SEC_ASN1DecoderClearFilterProc(p7dcx->dcx);
+            }
+        }
+    } else {
+        /* unsupported or unknown message type - fail  gracefully */
+        p7dcx->error = SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE;
+    }
+}
+
+/*
+ * nss_cms_before_data - set up the current encoder to receive data
+ */
+static SECStatus
+nss_cms_before_data(NSSCMSDecoderContext *p7dcx)
+{
+    SECStatus rv;
+    SECOidTag childtype;
+    PLArenaPool *poolp;
+    NSSCMSDecoderContext *childp7dcx;
+    NSSCMSContentInfo *cinfo;
+    const SEC_ASN1Template *template;
+    void *mark = NULL;
+    size_t size;
+
+    poolp = p7dcx->cmsg->poolp;
+
+    /* call _Decode_BeforeData handlers */
+    switch (p7dcx->type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            /* we're decoding a signedData, so set up the digests */
+            rv = NSS_CMSSignedData_Decode_BeforeData(p7dcx->content.signedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            /* we're encoding a digestedData, so set up the digest */
+            rv = NSS_CMSDigestedData_Decode_BeforeData(p7dcx->content.digestedData);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            rv = NSS_CMSEnvelopedData_Decode_BeforeData(
+                p7dcx->content.envelopedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            rv = NSS_CMSEncryptedData_Decode_BeforeData(
+                p7dcx->content.encryptedData);
+            break;
+        default:
+            rv = NSS_CMSGenericWrapperData_Decode_BeforeData(p7dcx->type,
+                                                             p7dcx->content.genericData);
+    }
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    /* ok, now we have a pointer to cinfo */
+    /* find out what kind of data is encapsulated */
+
+    cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer, p7dcx->type);
+    childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+
+    if (NSS_CMSType_IsData(childtype)) {
+        cinfo->content.pointer = (void *)nss_cms_create_decoder_data(poolp);
+        if (cinfo->content.pointer == NULL)
+            /* set memory error */
+            return SECFailure;
+
+        p7dcx->childp7dcx = NULL;
+        return SECSuccess;
+    }
+
+    /* set up inner decoder */
+
+    if ((template = NSS_CMSUtil_GetTemplateByTypeTag(childtype)) == NULL)
+        return SECFailure;
+
+    childp7dcx = PORT_ZNew(NSSCMSDecoderContext);
+    if (childp7dcx == NULL)
+        return SECFailure;
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* allocate space for the stuff we're creating */
+    size = NSS_CMSUtil_GetSizeByTypeTag(childtype);
+    childp7dcx->content.pointer = (void *)PORT_ArenaZAlloc(poolp, size);
+    if (childp7dcx->content.pointer == NULL)
+        goto loser;
+
+    /* give the parent a copy of the pointer so that it doesn't get lost */
+    cinfo->content.pointer = childp7dcx->content.pointer;
+
+    /* start the child decoder */
+    childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer,
+                                           template);
+    if (childp7dcx->dcx == NULL)
+        goto loser;
+
+    /* the new decoder needs to notify, too */
+    SEC_ASN1DecoderSetNotifyProc(childp7dcx->dcx, nss_cms_decoder_notify,
+                                 childp7dcx);
+
+    /* tell the parent decoder that it needs to feed us the content data */
+    p7dcx->childp7dcx = childp7dcx;
+
+    childp7dcx->type = childtype; /* our type */
+
+    childp7dcx->cmsg = p7dcx->cmsg; /* backpointer to root message */
+
+    /* should the child decoder encounter real data,
+    ** it must give it to the caller
+    */
+    childp7dcx->cb = p7dcx->cb;
+    childp7dcx->cb_arg = p7dcx->cb_arg;
+    childp7dcx->first_decoded = PR_FALSE;
+    childp7dcx->need_indefinite_finish = PR_FALSE;
+    if (childtype == SEC_OID_PKCS7_SIGNED_DATA) {
+        childp7dcx->first_decoded = PR_TRUE;
+    }
+
+    /* now set up the parent to hand decoded data to the next level decoder */
+    p7dcx->cb = (NSSCMSContentCallback)NSS_CMSDecoder_Update;
+    p7dcx->cb_arg = childp7dcx;
+
+    PORT_ArenaUnmark(poolp, mark);
+
+    return SECSuccess;
+
+loser:
+    if (mark)
+        PORT_ArenaRelease(poolp, mark);
+    PORT_Free(childp7dcx);
+    p7dcx->childp7dcx = NULL;
+    return SECFailure;
+}
+
+static SECStatus
+nss_cms_after_data(NSSCMSDecoderContext *p7dcx)
+{
+    NSSCMSDecoderContext *childp7dcx;
+    SECStatus rv = SECFailure;
+
+    /* Handle last block. This is necessary to flush out the last bytes
+     * of a possibly incomplete block */
+    nss_cms_decoder_work_data(p7dcx, NULL, 0, PR_TRUE);
+
+    /* finish any "inner" decoders - there's no more data coming... */
+    if (p7dcx->childp7dcx != NULL) {
+        childp7dcx = p7dcx->childp7dcx;
+        if (childp7dcx->dcx != NULL) {
+            /* we started and indefinite sequence somewhere, not complete it */
+            if (childp7dcx->need_indefinite_finish) {
+                static const char lbuf[2] = { 0, 0 };
+                NSS_CMSDecoder_Update(childp7dcx, lbuf, sizeof(lbuf));
+                childp7dcx->need_indefinite_finish = PR_FALSE;
+            }
+
+            if (SEC_ASN1DecoderFinish(childp7dcx->dcx) != SECSuccess) {
+                /* do what? free content? */
+                rv = SECFailure;
+            } else {
+                rv = nss_cms_after_end(childp7dcx);
+            }
+            if (rv != SECSuccess)
+                goto done;
+        }
+        PORT_Free(p7dcx->childp7dcx);
+        p7dcx->childp7dcx = NULL;
+    }
+
+    switch (p7dcx->type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            /* this will finish the digests and verify */
+            rv = NSS_CMSSignedData_Decode_AfterData(p7dcx->content.signedData);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            rv = NSS_CMSEnvelopedData_Decode_AfterData(
+                p7dcx->content.envelopedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            rv = NSS_CMSDigestedData_Decode_AfterData(
+                p7dcx->content.digestedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            rv = NSS_CMSEncryptedData_Decode_AfterData(
+                p7dcx->content.encryptedData);
+            break;
+        case SEC_OID_PKCS7_DATA:
+            /* do nothing */
+            break;
+        default:
+            rv = NSS_CMSGenericWrapperData_Decode_AfterData(p7dcx->type,
+                                                            p7dcx->content.genericData);
+            break;
+    }
+done:
+    return rv;
+}
+
+static SECStatus
+nss_cms_after_end(NSSCMSDecoderContext *p7dcx)
+{
+    SECStatus rv = SECSuccess;
+
+    switch (p7dcx->type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            if (p7dcx->content.signedData)
+                rv = NSS_CMSSignedData_Decode_AfterEnd(p7dcx->content.signedData);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            if (p7dcx->content.envelopedData)
+                rv = NSS_CMSEnvelopedData_Decode_AfterEnd(
+                    p7dcx->content.envelopedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            if (p7dcx->content.digestedData)
+                rv = NSS_CMSDigestedData_Decode_AfterEnd(
+                    p7dcx->content.digestedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            if (p7dcx->content.encryptedData)
+                rv = NSS_CMSEncryptedData_Decode_AfterEnd(
+                    p7dcx->content.encryptedData);
+            break;
+        case SEC_OID_PKCS7_DATA:
+            break;
+        default:
+            rv = NSS_CMSGenericWrapperData_Decode_AfterEnd(p7dcx->type,
+                                                           p7dcx->content.genericData);
+            break;
+    }
+    return rv;
+}
+
+/*
+ * nss_cms_decoder_work_data - handle decoded data bytes.
+ *
+ * This function either decrypts the data if needed, and/or calculates digests
+ * on it, then either stores it or passes it on to the next level decoder.
+ */
+static void
+nss_cms_decoder_work_data(NSSCMSDecoderContext *p7dcx,
+                          const unsigned char *data, unsigned long len,
+                          PRBool final)
+{
+    NSSCMSContentInfo *cinfo;
+    unsigned char *buf = NULL;
+    unsigned char *dest;
+    unsigned int offset;
+    SECStatus rv;
+
+    /*
+     * We should really have data to process, or we should be trying
+     * to finish/flush the last block.  (This is an overly paranoid
+     * check since all callers are in this file and simple inspection
+     * proves they do it right.  But it could find a bug in future
+     * modifications/development, that is why it is here.)
+     */
+    PORT_Assert((data != NULL && len) || final);
+
+    cinfo = NSS_CMSContent_GetContentInfo(p7dcx->content.pointer, p7dcx->type);
+    if (!cinfo) {
+        /* The original programmer didn't expect this to happen */
+        p7dcx->error = SEC_ERROR_LIBRARY_FAILURE;
+        goto loser;
+    }
+
+    if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
+        /*
+         * we are decrypting.
+         *
+         * XXX If we get an error, we do not want to do the digest or callback,
+         * but we want to keep decoding.  Or maybe we want to stop decoding
+         * altogether if there is a callback, because obviously we are not
+         * sending the data back and they want to know that.
+         */
+
+        unsigned int outlen = 0; /* length of decrypted data */
+        unsigned int buflen;     /* length available for decrypted data */
+
+        /* find out about the length of decrypted data */
+        buflen = NSS_CMSCipherContext_DecryptLength(cinfo->privateInfo->ciphcx, len, final);
+
+        /*
+         * it might happen that we did not provide enough data for a full
+         * block (decryption unit), and that there is no output available
+         */
+
+        /* no output available, AND no input? */
+        if (buflen == 0 && len == 0)
+            goto loser; /* bail out */
+
+        /*
+         * have inner decoder: pass the data on (means inner content type is NOT data)
+         * no inner decoder: we have DATA in here: either call callback or store
+         */
+        if (buflen != 0) {
+            /* there will be some output - need to make room for it */
+            /* allocate buffer from the heap */
+            buf = (unsigned char *)PORT_Alloc(buflen);
+            if (buf == NULL) {
+                p7dcx->error = SEC_ERROR_NO_MEMORY;
+                goto loser;
+            }
+        }
+
+        /*
+         * decrypt incoming data
+         * buf can still be NULL here (and buflen == 0) here if we don't expect
+         * any output (see above), but we still need to call NSS_CMSCipherContext_Decrypt to
+         * keep track of incoming data
+         */
+        rv = NSS_CMSCipherContext_Decrypt(cinfo->privateInfo->ciphcx, buf, &outlen, buflen,
+                                          data, len, final);
+        if (rv != SECSuccess) {
+            p7dcx->error = PORT_GetError();
+            goto loser;
+        }
+
+        PORT_Assert(final || outlen == buflen);
+
+        /* swap decrypted data in */
+        data = buf;
+        len = outlen;
+    }
+
+    if (len == 0)
+        goto done; /* nothing more to do */
+
+    /*
+     * Update the running digests with plaintext bytes (if we need to).
+     */
+    if (cinfo->privateInfo && cinfo->privateInfo->digcx)
+        NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
+
+    /* at this point, we have the plain decoded & decrypted data
+    ** which is either more encoded DER (which we need to hand to the child
+    ** decoder) or data we need to hand back to our caller
+    */
+
+    /* pass the content back to our caller or */
+    /* feed our freshly decrypted and decoded data into child decoder */
+    if (p7dcx->cb != NULL) {
+        (*p7dcx->cb)(p7dcx->cb_arg, (const char *)data, len);
+    }
+#if 1
+    else
+#endif
+        if (NSS_CMSContentInfo_GetContentTypeTag(cinfo) == SEC_OID_PKCS7_DATA) {
+        /* store it in "inner" data item as well */
+        /* find the DATA item in the encapsulated cinfo and store it there */
+        NSSCMSDecoderData *decoderData =
+            (NSSCMSDecoderData *)cinfo->content.pointer;
+        SECItem *dataItem = &decoderData->data;
+
+        offset = dataItem->len;
+        if (dataItem->len + len > decoderData->totalBufferSize) {
+            int needLen = (dataItem->len + len) * 2;
+            dest = (unsigned char *)
+                PORT_ArenaAlloc(p7dcx->cmsg->poolp, needLen);
+            if (dest == NULL) {
+                p7dcx->error = SEC_ERROR_NO_MEMORY;
+                goto loser;
+            }
+
+            if (dataItem->len) {
+                PORT_Memcpy(dest, dataItem->data, dataItem->len);
+            }
+            decoderData->totalBufferSize = needLen;
+            dataItem->data = dest;
+        }
+
+        /* copy it in */
+        PORT_Memcpy(dataItem->data + offset, data, len);
+        dataItem->len += len;
+    }
+
+done:
+loser:
+    if (buf)
+        PORT_Free(buf);
+}
+
+/*
+ * nss_cms_decoder_update_filter - process ASN.1 data
+ *
+ * once we have set up a filter in nss_cms_decoder_notify(),
+ * all data processed by the ASN.1 decoder is also passed through here.
+ * we pass the content bytes (as opposed to length and tag bytes) on to
+ * nss_cms_decoder_work_data().
+ */
+static void
+nss_cms_decoder_update_filter(void *arg, const char *data, unsigned long len,
+                              int depth, SEC_ASN1EncodingPart data_kind)
+{
+    NSSCMSDecoderContext *p7dcx;
+
+    PORT_Assert(len); /* paranoia */
+    if (len == 0)
+        return;
+
+    p7dcx = (NSSCMSDecoderContext *)arg;
+
+    p7dcx->saw_contents = PR_TRUE;
+
+    /* pass on the content bytes only */
+    if (data_kind == SEC_ASN1_Contents)
+        nss_cms_decoder_work_data(p7dcx, (const unsigned char *)data, len,
+                                  PR_FALSE);
+}
+
+/*
+ * NSS_CMSDecoder_Start - set up decoding of a DER-encoded CMS message
+ *
+ * "poolp" - pointer to arena for message, or NULL if new pool should be created
+ * "cb", "cb_arg" - callback function and argument for delivery of inner content
+ * "pwfn", pwfn_arg" - callback function for getting token password
+ * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
+ */
+NSSCMSDecoderContext *
+NSS_CMSDecoder_Start(PLArenaPool *poolp,
+                     NSSCMSContentCallback cb, void *cb_arg,
+                     PK11PasswordFunc pwfn, void *pwfn_arg,
+                     NSSCMSGetDecryptKeyCallback decrypt_key_cb,
+                     void *decrypt_key_cb_arg)
+{
+    NSSCMSDecoderContext *p7dcx;
+    NSSCMSMessage *cmsg;
+
+    cmsg = NSS_CMSMessage_Create(poolp);
+    if (cmsg == NULL)
+        return NULL;
+
+    NSS_CMSMessage_SetEncodingParams(cmsg, pwfn, pwfn_arg, decrypt_key_cb,
+                                     decrypt_key_cb_arg, NULL, NULL);
+
+    p7dcx = PORT_ZNew(NSSCMSDecoderContext);
+    if (p7dcx == NULL) {
+        NSS_CMSMessage_Destroy(cmsg);
+        return NULL;
+    }
+
+    p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, NSSCMSMessageTemplate);
+    if (p7dcx->dcx == NULL) {
+        PORT_Free(p7dcx);
+        NSS_CMSMessage_Destroy(cmsg);
+        return NULL;
+    }
+
+    SEC_ASN1DecoderSetNotifyProc(p7dcx->dcx, nss_cms_decoder_notify, p7dcx);
+
+    p7dcx->cmsg = cmsg;
+    p7dcx->type = SEC_OID_UNKNOWN;
+
+    p7dcx->cb = cb;
+    p7dcx->cb_arg = cb_arg;
+    p7dcx->first_decoded = PR_FALSE;
+    p7dcx->need_indefinite_finish = PR_FALSE;
+    return p7dcx;
+}
+
+/*
+ * NSS_CMSDecoder_Update - feed DER-encoded data to decoder
+ */
+SECStatus
+NSS_CMSDecoder_Update(NSSCMSDecoderContext *p7dcx, const char *buf,
+                      unsigned long len)
+{
+    SECStatus rv = SECSuccess;
+    if (p7dcx->dcx != NULL && p7dcx->error == 0) {
+        /* if error is set already, don't bother */
+        if ((p7dcx->type == SEC_OID_PKCS7_SIGNED_DATA) && (p7dcx->first_decoded == PR_TRUE) && (buf[0] == SEC_ASN1_INTEGER)) {
+            /* Microsoft Windows 2008 left out the Sequence wrapping in some
+             * of their kerberos replies. If we are here, we most likely are
+             * dealing with one of those replies. Supply the Sequence wrap
+             * as indefinite encoding (since we don't know the total length
+             * yet) */
+            static const char lbuf[2] =
+                { SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED, 0x80 };
+            rv = SEC_ASN1DecoderUpdate(p7dcx->dcx, lbuf, sizeof(lbuf));
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            /* ok, we're going to need the indefinite finish when we are done */
+            p7dcx->need_indefinite_finish = PR_TRUE;
+        }
+
+        rv = SEC_ASN1DecoderUpdate(p7dcx->dcx, buf, len);
+    }
+
+loser:
+    p7dcx->first_decoded = PR_FALSE;
+    if (rv != SECSuccess) {
+        p7dcx->error = PORT_GetError();
+        PORT_Assert(p7dcx->error);
+        if (p7dcx->error == 0)
+            p7dcx->error = -1;
+    }
+
+    if (p7dcx->error == 0)
+        return SECSuccess;
+
+    /* there has been a problem, let's finish the decoder */
+    if (p7dcx->dcx != NULL) {
+        (void)SEC_ASN1DecoderFinish(p7dcx->dcx);
+        p7dcx->dcx = NULL;
+    }
+    PORT_SetError(p7dcx->error);
+
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSDecoder_Cancel - stop decoding in case of error
+ */
+void
+NSS_CMSDecoder_Cancel(NSSCMSDecoderContext *p7dcx)
+{
+    if (p7dcx->dcx != NULL)
+        (void)SEC_ASN1DecoderFinish(p7dcx->dcx);
+    NSS_CMSMessage_Destroy(p7dcx->cmsg);
+    PORT_Free(p7dcx);
+}
+
+/*
+ * NSS_CMSDecoder_Finish - mark the end of inner content and finish decoding
+ */
+NSSCMSMessage *
+NSS_CMSDecoder_Finish(NSSCMSDecoderContext *p7dcx)
+{
+    NSSCMSMessage *cmsg;
+
+    cmsg = p7dcx->cmsg;
+
+    if (p7dcx->dcx == NULL ||
+        SEC_ASN1DecoderFinish(p7dcx->dcx) != SECSuccess ||
+        nss_cms_after_end(p7dcx) != SECSuccess) {
+        NSS_CMSMessage_Destroy(cmsg); /* get rid of pool if it's ours */
+        cmsg = NULL;
+    }
+
+    PORT_Free(p7dcx);
+    return cmsg;
+}
+
+NSSCMSMessage *
+NSS_CMSMessage_CreateFromDER(SECItem *DERmessage,
+                             NSSCMSContentCallback cb, void *cb_arg,
+                             PK11PasswordFunc pwfn, void *pwfn_arg,
+                             NSSCMSGetDecryptKeyCallback decrypt_key_cb,
+                             void *decrypt_key_cb_arg)
+{
+    NSSCMSDecoderContext *p7dcx;
+
+    /* first arg(poolp) == NULL => create our own pool */
+    p7dcx = NSS_CMSDecoder_Start(NULL, cb, cb_arg, pwfn, pwfn_arg,
+                                 decrypt_key_cb, decrypt_key_cb_arg);
+    if (p7dcx == NULL)
+        return NULL;
+    NSS_CMSDecoder_Update(p7dcx, (char *)DERmessage->data, DERmessage->len);
+    return NSS_CMSDecoder_Finish(p7dcx);
+}
diff --git a/nss/lib/smime/cmsdigdata.c b/nss/lib/smime/cmsdigdata.c
new file mode 100644
index 0000000..9ea2270
--- /dev/null
+++ b/nss/lib/smime/cmsdigdata.c
@@ -0,0 +1,210 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS digestedData methods.
+ */
+
+#include "cmslocal.h"
+
+#include "secitem.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secerr.h"
+
+/*
+ * NSS_CMSDigestedData_Create - create a digestedData object (presumably for encoding)
+ *
+ * version will be set by NSS_CMSDigestedData_Encode_BeforeStart
+ * digestAlg is passed as parameter
+ * contentInfo must be filled by the user
+ * digest will be calculated while encoding
+ */
+NSSCMSDigestedData *
+NSS_CMSDigestedData_Create(NSSCMSMessage *cmsg, SECAlgorithmID *digestalg)
+{
+    void *mark;
+    NSSCMSDigestedData *digd;
+    PLArenaPool *poolp;
+
+    poolp = cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    digd = (NSSCMSDigestedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSDigestedData));
+    if (digd == NULL)
+        goto loser;
+
+    digd->cmsg = cmsg;
+
+    if (SECOID_CopyAlgorithmID(poolp, &(digd->digestAlg), digestalg) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return digd;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+/*
+ * NSS_CMSDigestedData_Destroy - destroy a digestedData object
+ */
+void
+NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd)
+{
+    /* everything's in a pool, so don't worry about the storage */
+    NSS_CMSContentInfo_Destroy(&(digd->contentInfo));
+    return;
+}
+
+/*
+ * NSS_CMSDigestedData_GetContentInfo - return pointer to digestedData object's contentInfo
+ */
+NSSCMSContentInfo *
+NSS_CMSDigestedData_GetContentInfo(NSSCMSDigestedData *digd)
+{
+    return &(digd->contentInfo);
+}
+
+/*
+ * NSS_CMSDigestedData_Encode_BeforeStart - do all the necessary things to a DigestedData
+ *     before encoding begins.
+ *
+ * In particular:
+ *  - set the right version number. The contentInfo's content type must be set up already.
+ */
+SECStatus
+NSS_CMSDigestedData_Encode_BeforeStart(NSSCMSDigestedData *digd)
+{
+    unsigned long version;
+    SECItem *dummy;
+
+    version = NSS_CMS_DIGESTED_DATA_VERSION_DATA;
+    if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(
+            &(digd->contentInfo))))
+        version = NSS_CMS_DIGESTED_DATA_VERSION_ENCAP;
+
+    dummy = SEC_ASN1EncodeInteger(digd->cmsg->poolp, &(digd->version), version);
+    return (dummy == NULL) ? SECFailure : SECSuccess;
+}
+
+/*
+ * NSS_CMSDigestedData_Encode_BeforeData - do all the necessary things to a DigestedData
+ *     before the encapsulated data is passed through the encoder.
+ *
+ * In detail:
+ *  - set up the digests if necessary
+ */
+SECStatus
+NSS_CMSDigestedData_Encode_BeforeData(NSSCMSDigestedData *digd)
+{
+    SECStatus rv = NSS_CMSContentInfo_Private_Init(&digd->contentInfo);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* set up the digests */
+    if (digd->digestAlg.algorithm.len != 0 && digd->digest.len == 0) {
+        /* if digest is already there, do nothing */
+        digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
+        if (digd->contentInfo.privateInfo->digcx == NULL)
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSDigestedData_Encode_AfterData - do all the necessary things to a DigestedData
+ *     after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ *  - finish the digests
+ */
+SECStatus
+NSS_CMSDigestedData_Encode_AfterData(NSSCMSDigestedData *digd)
+{
+    SECStatus rv = SECSuccess;
+    /* did we have digest calculation going on? */
+    if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
+        rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
+                                               digd->cmsg->poolp,
+                                               &(digd->digest));
+        /* error has been set by NSS_CMSDigestContext_FinishSingle */
+        digd->contentInfo.privateInfo->digcx = NULL;
+    }
+
+    return rv;
+}
+
+/*
+ * NSS_CMSDigestedData_Decode_BeforeData - do all the necessary things to a DigestedData
+ *     before the encapsulated data is passed through the encoder.
+ *
+ * In detail:
+ *  - set up the digests if necessary
+ */
+SECStatus
+NSS_CMSDigestedData_Decode_BeforeData(NSSCMSDigestedData *digd)
+{
+    SECStatus rv;
+
+    /* is there a digest algorithm yet? */
+    if (digd->digestAlg.algorithm.len == 0)
+        return SECFailure;
+
+    rv = NSS_CMSContentInfo_Private_Init(&digd->contentInfo);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    digd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartSingle(&(digd->digestAlg));
+    if (digd->contentInfo.privateInfo->digcx == NULL)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSDigestedData_Decode_AfterData - do all the necessary things to a DigestedData
+ *     after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ *  - finish the digests
+ */
+SECStatus
+NSS_CMSDigestedData_Decode_AfterData(NSSCMSDigestedData *digd)
+{
+    SECStatus rv = SECSuccess;
+    /* did we have digest calculation going on? */
+    if (digd->contentInfo.privateInfo && digd->contentInfo.privateInfo->digcx) {
+        rv = NSS_CMSDigestContext_FinishSingle(digd->contentInfo.privateInfo->digcx,
+                                               digd->cmsg->poolp,
+                                               &(digd->cdigest));
+        /* error has been set by NSS_CMSDigestContext_FinishSingle */
+        digd->contentInfo.privateInfo->digcx = NULL;
+    }
+
+    return rv;
+}
+
+/*
+ * NSS_CMSDigestedData_Decode_AfterEnd - finalize a digestedData.
+ *
+ * In detail:
+ *  - check the digests for equality
+ */
+SECStatus
+NSS_CMSDigestedData_Decode_AfterEnd(NSSCMSDigestedData *digd)
+{
+    /* did we have digest calculation going on? */
+    if (digd->cdigest.len != 0) {
+        /* XXX comparision btw digest & cdigest */
+        /* XXX set status */
+        /* TODO!!!! */
+    }
+
+    return SECSuccess;
+}
diff --git a/nss/lib/smime/cmsdigest.c b/nss/lib/smime/cmsdigest.c
new file mode 100644
index 0000000..64b64a0
--- /dev/null
+++ b/nss/lib/smime/cmsdigest.c
@@ -0,0 +1,259 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS digesting.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+
+/*  #define CMS_FIND_LEAK_MULTIPLE 1 */
+#ifdef CMS_FIND_LEAK_MULTIPLE
+static int stop_on_err = 1;
+static int global_num_digests = 0;
+#endif
+
+struct digestPairStr {
+    const SECHashObject *digobj;
+    void *digcx;
+};
+typedef struct digestPairStr digestPair;
+
+struct NSSCMSDigestContextStr {
+    PRBool saw_contents;
+    PLArenaPool *pool;
+    int digcnt;
+    digestPair *digPairs;
+};
+
+/*
+ * NSS_CMSDigestContext_StartMultiple - start digest calculation using all the
+ *  digest algorithms in "digestalgs" in parallel.
+ */
+NSSCMSDigestContext *
+NSS_CMSDigestContext_StartMultiple(SECAlgorithmID **digestalgs)
+{
+    PLArenaPool *pool;
+    NSSCMSDigestContext *cmsdigcx;
+    int digcnt;
+    int i;
+
+#ifdef CMS_FIND_LEAK_MULTIPLE
+    PORT_Assert(global_num_digests == 0 || !stop_on_err);
+#endif
+
+    digcnt = (digestalgs == NULL) ? 0 : NSS_CMSArray_Count((void **)digestalgs);
+    /* It's OK if digcnt is zero.  We have to allow this for "certs only"
+    ** messages.
+    */
+    pool = PORT_NewArena(2048);
+    if (!pool)
+        return NULL;
+
+    cmsdigcx = PORT_ArenaNew(pool, NSSCMSDigestContext);
+    if (cmsdigcx == NULL)
+        goto loser;
+
+    cmsdigcx->saw_contents = PR_FALSE;
+    cmsdigcx->pool = pool;
+    cmsdigcx->digcnt = digcnt;
+
+    cmsdigcx->digPairs = PORT_ArenaZNewArray(pool, digestPair, digcnt);
+    if (cmsdigcx->digPairs == NULL) {
+        goto loser;
+    }
+
+    /*
+     * Create a digest object context for each algorithm.
+     */
+    for (i = 0; i < digcnt; i++) {
+        const SECHashObject *digobj;
+        void *digcx;
+
+        digobj = NSS_CMSUtil_GetHashObjByAlgID(digestalgs[i]);
+        /*
+         * Skip any algorithm we do not even recognize; obviously,
+         * this could be a problem, but if it is critical then the
+         * result will just be that the signature does not verify.
+         * We do not necessarily want to error out here, because
+         * the particular algorithm may not actually be important,
+         * but we cannot know that until later.
+         */
+        if (digobj == NULL)
+            continue;
+
+        digcx = (*digobj->create)();
+        if (digcx != NULL) {
+            (*digobj->begin)(digcx);
+            cmsdigcx->digPairs[i].digobj = digobj;
+            cmsdigcx->digPairs[i].digcx = digcx;
+#ifdef CMS_FIND_LEAK_MULTIPLE
+            global_num_digests++;
+#endif
+        }
+    }
+    return cmsdigcx;
+
+loser:
+    /* no digest objects have been created, or need to be destroyed. */
+    if (pool) {
+        PORT_FreeArena(pool, PR_FALSE);
+    }
+    return NULL;
+}
+
+/*
+ * NSS_CMSDigestContext_StartSingle - same as
+ * NSS_CMSDigestContext_StartMultiple, but only one algorithm.
+ */
+NSSCMSDigestContext *
+NSS_CMSDigestContext_StartSingle(SECAlgorithmID *digestalg)
+{
+    SECAlgorithmID *digestalgs[] = { NULL, NULL }; /* fake array */
+
+    digestalgs[0] = digestalg;
+    return NSS_CMSDigestContext_StartMultiple(digestalgs);
+}
+
+/*
+ * NSS_CMSDigestContext_Update - feed more data into the digest machine
+ */
+void
+NSS_CMSDigestContext_Update(NSSCMSDigestContext *cmsdigcx,
+                            const unsigned char *data, int len)
+{
+    int i;
+    digestPair *pair = cmsdigcx->digPairs;
+
+    cmsdigcx->saw_contents = PR_TRUE;
+
+    for (i = 0; i < cmsdigcx->digcnt; i++, pair++) {
+        if (pair->digcx) {
+            (*pair->digobj->update)(pair->digcx, data, len);
+        }
+    }
+}
+
+/*
+ * NSS_CMSDigestContext_Cancel - cancel digesting operation
+ */
+void
+NSS_CMSDigestContext_Cancel(NSSCMSDigestContext *cmsdigcx)
+{
+    int i;
+    digestPair *pair = cmsdigcx->digPairs;
+
+    for (i = 0; i < cmsdigcx->digcnt; i++, pair++) {
+        if (pair->digcx) {
+            (*pair->digobj->destroy)(pair->digcx, PR_TRUE);
+#ifdef CMS_FIND_LEAK_MULTIPLE
+            --global_num_digests;
+#endif
+        }
+    }
+#ifdef CMS_FIND_LEAK_MULTIPLE
+    PORT_Assert(global_num_digests == 0 || !stop_on_err);
+#endif
+    PORT_FreeArena(cmsdigcx->pool, PR_FALSE);
+}
+
+/*
+ * NSS_CMSDigestContext_FinishMultiple - finish the digests and put them
+ *  into an array of SECItems (allocated on poolp)
+ */
+SECStatus
+NSS_CMSDigestContext_FinishMultiple(NSSCMSDigestContext *cmsdigcx,
+                                    PLArenaPool *poolp,
+                                    SECItem ***digestsp)
+{
+    SECItem **digests = NULL;
+    digestPair *pair;
+    void *mark;
+    int i;
+    SECStatus rv;
+
+    /* no contents? do not finish digests */
+    if (digestsp == NULL || !cmsdigcx->saw_contents) {
+        rv = SECSuccess;
+        goto cleanup;
+    }
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* allocate digest array & SECItems on arena */
+    digests = PORT_ArenaNewArray(poolp, SECItem *, cmsdigcx->digcnt + 1);
+
+    rv = ((digests == NULL) ? SECFailure : SECSuccess);
+    pair = cmsdigcx->digPairs;
+    for (i = 0; rv == SECSuccess && i < cmsdigcx->digcnt; i++, pair++) {
+        SECItem digest;
+        unsigned char hash[HASH_LENGTH_MAX];
+
+        if (!pair->digcx) {
+            digests[i] = NULL;
+            continue;
+        }
+
+        digest.type = siBuffer;
+        digest.data = hash;
+        digest.len = pair->digobj->length;
+        (*pair->digobj->end)(pair->digcx, hash, &digest.len, digest.len);
+        digests[i] = SECITEM_ArenaDupItem(poolp, &digest);
+        if (!digests[i]) {
+            rv = SECFailure;
+        }
+    }
+    digests[i] = NULL;
+    if (rv == SECSuccess) {
+        PORT_ArenaUnmark(poolp, mark);
+    } else
+        PORT_ArenaRelease(poolp, mark);
+
+cleanup:
+    NSS_CMSDigestContext_Cancel(cmsdigcx);
+    /* Don't change the caller's digests pointer if we have no digests.
+    **  NSS_CMSSignedData_Encode_AfterData depends on this behavior.
+    */
+    if (rv == SECSuccess && digestsp && digests) {
+        *digestsp = digests;
+    }
+    return rv;
+}
+
+/*
+ * NSS_CMSDigestContext_FinishSingle - same as
+ * NSS_CMSDigestContext_FinishMultiple, but for one digest.
+ */
+SECStatus
+NSS_CMSDigestContext_FinishSingle(NSSCMSDigestContext *cmsdigcx,
+                                  PLArenaPool *poolp,
+                                  SECItem *digest)
+{
+    SECStatus rv = SECFailure;
+    SECItem **dp;
+    PLArenaPool *arena = NULL;
+
+    if ((arena = PORT_NewArena(1024)) == NULL)
+        goto loser;
+
+    /* get the digests into arena, then copy the first digest into poolp */
+    rv = NSS_CMSDigestContext_FinishMultiple(cmsdigcx, arena, &dp);
+    if (rv == SECSuccess) {
+        /* now copy it into poolp */
+        rv = SECITEM_CopyItem(poolp, digest, dp[0]);
+    }
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+
+    return rv;
+}
diff --git a/nss/lib/smime/cmsencdata.c b/nss/lib/smime/cmsencdata.c
new file mode 100644
index 0000000..c3a4549
--- /dev/null
+++ b/nss/lib/smime/cmsencdata.c
@@ -0,0 +1,260 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS encryptedData methods.
+ */
+
+#include "cmslocal.h"
+
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+#include "secpkcs5.h"
+
+/*
+ * NSS_CMSEncryptedData_Create - create an empty encryptedData object.
+ *
+ * "algorithm" specifies the bulk encryption algorithm to use.
+ * "keysize" is the key size.
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+NSSCMSEncryptedData *
+NSS_CMSEncryptedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm,
+                            int keysize)
+{
+    void *mark;
+    NSSCMSEncryptedData *encd;
+    PLArenaPool *poolp;
+    SECAlgorithmID *pbe_algid;
+    SECStatus rv;
+
+    poolp = cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    encd = PORT_ArenaZNew(poolp, NSSCMSEncryptedData);
+    if (encd == NULL)
+        goto loser;
+
+    encd->cmsg = cmsg;
+
+    /* version is set in NSS_CMSEncryptedData_Encode_BeforeStart() */
+
+    if (!SEC_PKCS5IsAlgorithmPBEAlgTag(algorithm)) {
+        rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(encd->contentInfo),
+                                                 algorithm, NULL, keysize);
+    } else {
+        /* Assume password-based-encryption.
+         * Note: we can't generate pkcs5v2 from this interface.
+         * PK11_CreateBPEAlgorithmID generates pkcs5v2 by accepting
+         * non-PBE oids and assuming that they are pkcs5v2 oids, but
+         * NSS_CMSEncryptedData_Create accepts non-PBE oids as regular
+         * CMS encrypted data, so we can't tell NSS_CMS_EncryptedData_Create
+         * to create pkcs5v2 PBEs */
+        pbe_algid = PK11_CreatePBEAlgorithmID(algorithm, 1, NULL);
+        if (pbe_algid == NULL) {
+            rv = SECFailure;
+        } else {
+            rv = NSS_CMSContentInfo_SetContentEncAlgID(poolp,
+                                                       &(encd->contentInfo),
+                                                       pbe_algid, keysize);
+            SECOID_DestroyAlgorithmID(pbe_algid, PR_TRUE);
+        }
+    }
+    if (rv != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return encd;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+/*
+ * NSS_CMSEncryptedData_Destroy - destroy an encryptedData object
+ */
+void
+NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd)
+{
+    /* everything's in a pool, so don't worry about the storage */
+    NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
+    return;
+}
+
+/*
+ * NSS_CMSEncryptedData_GetContentInfo - return pointer to encryptedData object's contentInfo
+ */
+NSSCMSContentInfo *
+NSS_CMSEncryptedData_GetContentInfo(NSSCMSEncryptedData *encd)
+{
+    return &(encd->contentInfo);
+}
+
+/*
+ * NSS_CMSEncryptedData_Encode_BeforeStart - do all the necessary things to a EncryptedData
+ *     before encoding begins.
+ *
+ * In particular:
+ *  - set the correct version value.
+ *  - get the encryption key
+ */
+SECStatus
+NSS_CMSEncryptedData_Encode_BeforeStart(NSSCMSEncryptedData *encd)
+{
+    int version;
+    PK11SymKey *bulkkey = NULL;
+    SECItem *dummy;
+    NSSCMSContentInfo *cinfo = &(encd->contentInfo);
+
+    if (NSS_CMSArray_IsEmpty((void **)encd->unprotectedAttr))
+        version = NSS_CMS_ENCRYPTED_DATA_VERSION;
+    else
+        version = NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR;
+
+    dummy = SEC_ASN1EncodeInteger(encd->cmsg->poolp, &(encd->version), version);
+    if (dummy == NULL)
+        return SECFailure;
+
+    /* now get content encryption key (bulk key) by using our cmsg callback */
+    if (encd->cmsg->decrypt_key_cb)
+        bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg,
+                                                NSS_CMSContentInfo_GetContentEncAlg(cinfo));
+    if (bulkkey == NULL)
+        return SECFailure;
+
+    /* store the bulk key in the contentInfo so that the encoder can find it */
+    NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
+    PK11_FreeSymKey(bulkkey);
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEncryptedData_Encode_BeforeData - set up encryption
+ */
+SECStatus
+NSS_CMSEncryptedData_Encode_BeforeData(NSSCMSEncryptedData *encd)
+{
+    NSSCMSContentInfo *cinfo;
+    PK11SymKey *bulkkey;
+    SECAlgorithmID *algid;
+    SECStatus rv;
+
+    cinfo = &(encd->contentInfo);
+
+    /* find bulkkey and algorithm - must have been set by NSS_CMSEncryptedData_Encode_BeforeStart */
+    bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
+    if (bulkkey == NULL)
+        return SECFailure;
+    algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
+    if (algid == NULL)
+        return SECFailure;
+
+    rv = NSS_CMSContentInfo_Private_Init(cinfo);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    /* this may modify algid (with IVs generated in a token).
+     * it is therefore essential that algid is a pointer to the "real" contentEncAlg,
+     * not just to a copy */
+    cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(encd->cmsg->poolp,
+                                                                   bulkkey, algid);
+    PK11_FreeSymKey(bulkkey);
+    if (cinfo->privateInfo->ciphcx == NULL)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEncryptedData_Encode_AfterData - finalize this encryptedData for encoding
+ */
+SECStatus
+NSS_CMSEncryptedData_Encode_AfterData(NSSCMSEncryptedData *encd)
+{
+    if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
+        NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
+        encd->contentInfo.privateInfo->ciphcx = NULL;
+    }
+
+    /* nothing to do after data */
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEncryptedData_Decode_BeforeData - find bulk key & set up decryption
+ */
+SECStatus
+NSS_CMSEncryptedData_Decode_BeforeData(NSSCMSEncryptedData *encd)
+{
+    PK11SymKey *bulkkey = NULL;
+    NSSCMSContentInfo *cinfo;
+    SECAlgorithmID *bulkalg;
+    SECStatus rv = SECFailure;
+
+    cinfo = &(encd->contentInfo);
+
+    bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
+
+    if (encd->cmsg->decrypt_key_cb == NULL) /* no callback? no key../ */
+        goto loser;
+
+    bulkkey = (*encd->cmsg->decrypt_key_cb)(encd->cmsg->decrypt_key_cb_arg, bulkalg);
+    if (bulkkey == NULL)
+        /* no success finding a bulk key */
+        goto loser;
+
+    NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
+
+    rv = NSS_CMSContentInfo_Private_Init(cinfo);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECFailure;
+
+    cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
+    if (cinfo->privateInfo->ciphcx == NULL)
+        goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
+
+    /* we are done with (this) bulkkey now. */
+    PK11_FreeSymKey(bulkkey);
+
+    rv = SECSuccess;
+
+loser:
+    return rv;
+}
+
+/*
+ * NSS_CMSEncryptedData_Decode_AfterData - finish decrypting this encryptedData's content
+ */
+SECStatus
+NSS_CMSEncryptedData_Decode_AfterData(NSSCMSEncryptedData *encd)
+{
+    if (encd->contentInfo.privateInfo && encd->contentInfo.privateInfo->ciphcx) {
+        NSS_CMSCipherContext_Destroy(encd->contentInfo.privateInfo->ciphcx);
+        encd->contentInfo.privateInfo->ciphcx = NULL;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEncryptedData_Decode_AfterEnd - finish decoding this encryptedData
+ */
+SECStatus
+NSS_CMSEncryptedData_Decode_AfterEnd(NSSCMSEncryptedData *encd)
+{
+    /* apply final touches */
+    return SECSuccess;
+}
diff --git a/nss/lib/smime/cmsencode.c b/nss/lib/smime/cmsencode.c
new file mode 100644
index 0000000..a4414e0
--- /dev/null
+++ b/nss/lib/smime/cmsencode.c
@@ -0,0 +1,763 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS encoding.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "pk11func.h"
+#include "secerr.h"
+
+struct nss_cms_encoder_output {
+    NSSCMSContentCallback outputfn;
+    void *outputarg;
+    PLArenaPool *destpoolp;
+    SECItem *dest;
+};
+
+struct NSSCMSEncoderContextStr {
+    SEC_ASN1EncoderContext *ecx;          /* ASN.1 encoder context */
+    PRBool ecxupdated;                    /* true if data was handed in */
+    NSSCMSMessage *cmsg;                  /* pointer to the root message */
+    SECOidTag type;                       /* type tag of the current content */
+    NSSCMSContent content;                /* pointer to current content */
+    struct nss_cms_encoder_output output; /* output function */
+    int error;                            /* error code */
+    NSSCMSEncoderContext *childp7ecx;     /* link to child encoder context */
+};
+
+static SECStatus nss_cms_before_data(NSSCMSEncoderContext *p7ecx);
+static SECStatus nss_cms_after_data(NSSCMSEncoderContext *p7ecx);
+static SECStatus nss_cms_encoder_update(NSSCMSEncoderContext *p7ecx,
+                                        const char *data, unsigned long len);
+static SECStatus nss_cms_encoder_work_data(NSSCMSEncoderContext *p7ecx, SECItem *dest,
+                                           const unsigned char *data, unsigned long len,
+                                           PRBool final, PRBool innermost);
+
+extern const SEC_ASN1Template NSSCMSMessageTemplate[];
+
+/*
+ * The little output function that the ASN.1 encoder calls to hand
+ * us bytes which we in turn hand back to our caller (via the callback
+ * they gave us).
+ */
+static void
+nss_cms_encoder_out(void *arg, const char *buf, unsigned long len,
+                    int depth, SEC_ASN1EncodingPart data_kind)
+{
+    struct nss_cms_encoder_output *output = (struct nss_cms_encoder_output *)arg;
+    unsigned char *dest;
+    unsigned long offset;
+
+#ifdef CMSDEBUG
+    int i;
+    const char *data_name = "unknown";
+
+    switch (data_kind) {
+        case SEC_ASN1_Identifier:
+            data_name = "identifier";
+            break;
+        case SEC_ASN1_Length:
+            data_name = "length";
+            break;
+        case SEC_ASN1_Contents:
+            data_name = "contents";
+            break;
+        case SEC_ASN1_EndOfContents:
+            data_name = "end-of-contents";
+            break;
+    }
+    fprintf(stderr, "kind = %s, depth = %d, len = %d\n", data_name, depth, len);
+    for (i = 0; i < len; i++) {
+        fprintf(stderr, " %02x%s", (unsigned int)buf[i] & 0xff, ((i % 16) == 15) ? "\n" : "");
+    }
+    if ((i % 16) != 0)
+        fprintf(stderr, "\n");
+#endif
+
+    if (output->outputfn != NULL)
+        /* call output callback with DER data */
+        output->outputfn(output->outputarg, buf, len);
+
+    if (output->dest != NULL) {
+        /* store DER data in SECItem */
+        offset = output->dest->len;
+        if (offset == 0) {
+            dest = (unsigned char *)PORT_ArenaAlloc(output->destpoolp, len);
+        } else {
+            dest = (unsigned char *)PORT_ArenaGrow(output->destpoolp,
+                                                   output->dest->data,
+                                                   output->dest->len,
+                                                   output->dest->len + len);
+        }
+        if (dest == NULL)
+            /* oops */
+            return;
+
+        output->dest->data = dest;
+        output->dest->len += len;
+
+        /* copy it in */
+        if (len) {
+            PORT_Memcpy(output->dest->data + offset, buf, len);
+        }
+    }
+}
+
+/*
+ * nss_cms_encoder_notify - ASN.1 encoder callback
+ *
+ * this function is called by the ASN.1 encoder before and after the encoding of
+ * every object. here, it is used to keep track of data structures, set up
+ * encryption and/or digesting and possibly set up child encoders.
+ */
+static void
+nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
+{
+    NSSCMSEncoderContext *p7ecx;
+    NSSCMSContentInfo *rootcinfo, *cinfo;
+    PRBool after = !before;
+    SECOidTag childtype;
+    SECItem *item;
+
+    p7ecx = (NSSCMSEncoderContext *)arg;
+    PORT_Assert(p7ecx != NULL);
+
+    rootcinfo = &(p7ecx->cmsg->contentInfo);
+
+#ifdef CMSDEBUG
+    fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before"
+                                                                 : "after",
+            dest, depth);
+#endif
+
+    /*
+     * Watch for the content field, at which point we want to instruct
+     * the ASN.1 encoder to start taking bytes from the buffer.
+     */
+    if (NSS_CMSType_IsData(p7ecx->type)) {
+        cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+        if (before && dest == &(cinfo->rawContent)) {
+            /* just set up encoder to grab from user - no encryption or digesting */
+            if ((item = cinfo->content.data) != NULL)
+                (void)nss_cms_encoder_work_data(p7ecx, NULL, item->data,
+                                                item->len, PR_TRUE, PR_TRUE);
+            else
+                SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
+            SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx); /* no need to get notified anymore */
+        }
+    } else if (NSS_CMSType_IsWrapper(p7ecx->type)) {
+        /* when we know what the content is, we encode happily until we reach the inner content */
+        cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+        childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+
+        if (after && dest == &(cinfo->contentType)) {
+            /* we're right before encoding the data (if we have some or not) */
+            /* (for encrypted data, we're right before the contentEncAlg which may change */
+            /*  in nss_cms_before_data because of IV calculation when setting up encryption) */
+            if (nss_cms_before_data(p7ecx) != SECSuccess)
+                p7ecx->error = PORT_GetError();
+        }
+        if (before && dest == &(cinfo->rawContent)) {
+            if (p7ecx->childp7ecx == NULL) {
+                if ((NSS_CMSType_IsData(childtype) && (item = cinfo->content.data) != NULL)) {
+                    /* we are the innermost non-data and we have data - feed it in */
+                    (void)nss_cms_encoder_work_data(p7ecx, NULL, item->data,
+                                                    item->len, PR_TRUE, PR_TRUE);
+                } else {
+                    /* else we'll have to get data from user */
+                    SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
+                }
+            } else {
+                /* if we have a nested encoder, wait for its data */
+                SEC_ASN1EncoderSetTakeFromBuf(p7ecx->ecx);
+            }
+        }
+        if (after && dest == &(cinfo->rawContent)) {
+            if (nss_cms_after_data(p7ecx) != SECSuccess)
+                p7ecx->error = PORT_GetError();
+            SEC_ASN1EncoderClearNotifyProc(p7ecx->ecx); /* no need to get notified anymore */
+        }
+    } else {
+        /* we're still in the root message */
+        if (after && dest == &(rootcinfo->contentType)) {
+            /* got the content type OID now - so find out the type tag */
+            p7ecx->type = NSS_CMSContentInfo_GetContentTypeTag(rootcinfo);
+            /* set up a pointer to our current content */
+            p7ecx->content = rootcinfo->content;
+        }
+    }
+}
+
+/*
+ * nss_cms_before_data - setup the current encoder to receive data
+ */
+static SECStatus
+nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
+{
+    SECStatus rv;
+    SECOidTag childtype;
+    NSSCMSContentInfo *cinfo;
+    NSSCMSEncoderContext *childp7ecx;
+    const SEC_ASN1Template *template;
+
+    /* call _Encode_BeforeData handlers */
+    switch (p7ecx->type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            /* we're encoding a signedData, so set up the digests */
+            rv = NSS_CMSSignedData_Encode_BeforeData(p7ecx->content.signedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            /* we're encoding a digestedData, so set up the digest */
+            rv = NSS_CMSDigestedData_Encode_BeforeData(p7ecx->content.digestedData);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            rv = NSS_CMSEnvelopedData_Encode_BeforeData(p7ecx->content.envelopedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            rv = NSS_CMSEncryptedData_Encode_BeforeData(p7ecx->content.encryptedData);
+            break;
+        default:
+            if (NSS_CMSType_IsWrapper(p7ecx->type)) {
+                rv = NSS_CMSGenericWrapperData_Encode_BeforeData(p7ecx->type,
+                                                                 p7ecx->content.genericData);
+            } else {
+                rv = SECFailure;
+            }
+    }
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    /* ok, now we have a pointer to cinfo */
+    /* find out what kind of data is encapsulated */
+
+    cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+    childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+
+    if (NSS_CMSType_IsWrapper(childtype)) {
+        /* in these cases, we need to set up a child encoder! */
+        /* create new encoder context */
+        childp7ecx = PORT_ZAlloc(sizeof(NSSCMSEncoderContext));
+        if (childp7ecx == NULL)
+            return SECFailure;
+
+        /* the CHILD encoder needs to hand its encoded data to the CURRENT encoder
+         * (which will encrypt and/or digest it)
+         * this needs to route back into our update function
+         * which finds the lowest encoding context & encrypts and computes digests */
+        childp7ecx->type = childtype;
+        childp7ecx->content = cinfo->content;
+        /* use the non-recursive update function here, of course */
+        childp7ecx->output.outputfn = (NSSCMSContentCallback)nss_cms_encoder_update;
+        childp7ecx->output.outputarg = p7ecx;
+        childp7ecx->output.destpoolp = NULL;
+        childp7ecx->output.dest = NULL;
+        childp7ecx->cmsg = p7ecx->cmsg;
+        childp7ecx->ecxupdated = PR_FALSE;
+        childp7ecx->childp7ecx = NULL;
+
+        template = NSS_CMSUtil_GetTemplateByTypeTag(childtype);
+        if (template == NULL)
+            goto loser; /* cannot happen */
+
+        /* now initialize the data for encoding the first third */
+        switch (childp7ecx->type) {
+            case SEC_OID_PKCS7_SIGNED_DATA:
+                rv = NSS_CMSSignedData_Encode_BeforeStart(cinfo->content.signedData);
+                break;
+            case SEC_OID_PKCS7_ENVELOPED_DATA:
+                rv = NSS_CMSEnvelopedData_Encode_BeforeStart(cinfo->content.envelopedData);
+                break;
+            case SEC_OID_PKCS7_DIGESTED_DATA:
+                rv = NSS_CMSDigestedData_Encode_BeforeStart(cinfo->content.digestedData);
+                break;
+            case SEC_OID_PKCS7_ENCRYPTED_DATA:
+                rv = NSS_CMSEncryptedData_Encode_BeforeStart(cinfo->content.encryptedData);
+                break;
+            default:
+                rv = NSS_CMSGenericWrapperData_Encode_BeforeStart(childp7ecx->type,
+                                                                  cinfo->content.genericData);
+                break;
+        }
+        if (rv != SECSuccess)
+            goto loser;
+
+        /*
+         * Initialize the BER encoder.
+         */
+        childp7ecx->ecx = SEC_ASN1EncoderStart(cinfo->content.pointer, template,
+                                               nss_cms_encoder_out, &(childp7ecx->output));
+        if (childp7ecx->ecx == NULL)
+            goto loser;
+
+        /*
+         * Indicate that we are streaming.  We will be streaming until we
+         * get past the contents bytes.
+         */
+        if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
+            SEC_ASN1EncoderSetStreaming(childp7ecx->ecx);
+
+        /*
+         * The notify function will watch for the contents field.
+         */
+        p7ecx->childp7ecx = childp7ecx;
+        SEC_ASN1EncoderSetNotifyProc(childp7ecx->ecx, nss_cms_encoder_notify,
+                                     childp7ecx);
+
+        /* please note that we are NOT calling SEC_ASN1EncoderUpdate here to kick off the */
+        /* encoding process - we'll do that from the update function instead */
+        /* otherwise we'd be encoding data from a call of the notify function of the */
+        /* parent encoder (which would not work) */
+
+    } else if (NSS_CMSType_IsData(childtype)) {
+        p7ecx->childp7ecx = NULL;
+    } else {
+        /* we do not know this type */
+        p7ecx->error = SEC_ERROR_BAD_DER;
+    }
+
+    return SECSuccess;
+
+loser:
+    if (childp7ecx) {
+        if (childp7ecx->ecx)
+            SEC_ASN1EncoderFinish(childp7ecx->ecx);
+        PORT_Free(childp7ecx);
+        p7ecx->childp7ecx = NULL;
+    }
+    return SECFailure;
+}
+
+static SECStatus
+nss_cms_after_data(NSSCMSEncoderContext *p7ecx)
+{
+    SECStatus rv = SECFailure;
+
+    switch (p7ecx->type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            /* this will finish the digests and sign */
+            rv = NSS_CMSSignedData_Encode_AfterData(p7ecx->content.signedData);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            rv = NSS_CMSEnvelopedData_Encode_AfterData(p7ecx->content.envelopedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            rv = NSS_CMSDigestedData_Encode_AfterData(p7ecx->content.digestedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            rv = NSS_CMSEncryptedData_Encode_AfterData(p7ecx->content.encryptedData);
+            break;
+        default:
+            if (NSS_CMSType_IsWrapper(p7ecx->type)) {
+                rv = NSS_CMSGenericWrapperData_Encode_AfterData(p7ecx->type,
+                                                                p7ecx->content.genericData);
+            } else {
+                rv = SECFailure;
+            }
+            break;
+    }
+    return rv;
+}
+
+/*
+ * nss_cms_encoder_work_data - process incoming data
+ *
+ * (from the user or the next encoding layer)
+ * Here, we need to digest and/or encrypt, then pass it on
+ */
+static SECStatus
+nss_cms_encoder_work_data(NSSCMSEncoderContext *p7ecx, SECItem *dest,
+                          const unsigned char *data, unsigned long len,
+                          PRBool final, PRBool innermost)
+{
+    unsigned char *buf = NULL;
+    SECStatus rv;
+    NSSCMSContentInfo *cinfo;
+
+    rv = SECSuccess; /* may as well be optimistic */
+
+    /*
+     * We should really have data to process, or we should be trying
+     * to finish/flush the last block.  (This is an overly paranoid
+     * check since all callers are in this file and simple inspection
+     * proves they do it right.  But it could find a bug in future
+     * modifications/development, that is why it is here.)
+     */
+    PORT_Assert((data != NULL && len) || final);
+
+    /* we got data (either from the caller, or from a lower level encoder) */
+    cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+    if (!cinfo) {
+        /* The original programmer didn't expect this to happen */
+        p7ecx->error = SEC_ERROR_LIBRARY_FAILURE;
+        return SECFailure;
+    }
+
+    /* Update the running digest. */
+    if (len && cinfo->privateInfo && cinfo->privateInfo->digcx != NULL)
+        NSS_CMSDigestContext_Update(cinfo->privateInfo->digcx, data, len);
+
+    /* Encrypt this chunk. */
+    if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
+        unsigned int inlen;  /* length of data being encrypted */
+        unsigned int outlen; /* length of encrypted data */
+        unsigned int buflen; /* length available for encrypted data */
+
+        inlen = len;
+        buflen = NSS_CMSCipherContext_EncryptLength(cinfo->privateInfo->ciphcx,
+                                                    inlen, final);
+        if (buflen == 0) {
+            /*
+             * No output is expected, but the input data may be buffered
+             * so we still have to call Encrypt.
+             */
+            rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, NULL, NULL, 0,
+                                              data, inlen, final);
+            if (final) {
+                len = 0;
+                goto done;
+            }
+            return rv;
+        }
+
+        if (dest != NULL)
+            buf = (unsigned char *)PORT_ArenaAlloc(p7ecx->cmsg->poolp, buflen);
+        else
+            buf = (unsigned char *)PORT_Alloc(buflen);
+
+        if (buf == NULL) {
+            rv = SECFailure;
+        } else {
+            rv = NSS_CMSCipherContext_Encrypt(cinfo->privateInfo->ciphcx, buf,
+                                              &outlen, buflen,
+                                              data, inlen, final);
+            data = buf;
+            len = outlen;
+        }
+        if (rv != SECSuccess)
+            /* encryption or malloc failed? */
+            return rv;
+    }
+
+    /*
+     * at this point (data,len) has everything we'd like to give to the CURRENT encoder
+     * (which will encode it, then hand it back to the user or the parent encoder)
+     * We don't encode the data if we're innermost and we're told not to include the data
+     */
+    if (p7ecx->ecx != NULL && len &&
+        (!innermost || cinfo->rawContent != cinfo->content.pointer))
+        rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, (const char *)data, len);
+
+done:
+
+    if (cinfo->privateInfo && cinfo->privateInfo->ciphcx != NULL) {
+        if (dest != NULL) {
+            dest->data = buf;
+            dest->len = len;
+        } else if (buf != NULL) {
+            PORT_Free(buf);
+        }
+    }
+    return rv;
+}
+
+/*
+ * nss_cms_encoder_update - deliver encoded data to the next higher level
+ *
+ * no recursion here because we REALLY want to end up at the next higher encoder!
+ */
+static SECStatus
+nss_cms_encoder_update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len)
+{
+    /* XXX Error handling needs help.  Return what?  Do "Finish" on failure? */
+    return nss_cms_encoder_work_data(p7ecx, NULL, (const unsigned char *)data,
+                                     len, PR_FALSE, PR_FALSE);
+}
+
+/*
+ * NSS_CMSEncoder_Start - set up encoding of a CMS message
+ *
+ * "cmsg" - message to encode
+ * "outputfn", "outputarg" - callback function for delivery of DER-encoded output
+ *                           will not be called if NULL.
+ * "dest" - if non-NULL, pointer to SECItem that will hold the DER-encoded output
+ * "destpoolp" - pool to allocate DER-encoded output in
+ * "pwfn", pwfn_arg" - callback function for getting token password
+ * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
+ * "detached_digestalgs", "detached_digests" - digests from detached content
+ */
+NSSCMSEncoderContext *
+NSS_CMSEncoder_Start(NSSCMSMessage *cmsg,
+                     NSSCMSContentCallback outputfn, void *outputarg,
+                     SECItem *dest, PLArenaPool *destpoolp,
+                     PK11PasswordFunc pwfn, void *pwfn_arg,
+                     NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
+                     SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
+{
+    NSSCMSEncoderContext *p7ecx;
+    SECStatus rv;
+    NSSCMSContentInfo *cinfo;
+    SECOidTag tag;
+
+    NSS_CMSMessage_SetEncodingParams(cmsg, pwfn, pwfn_arg, decrypt_key_cb, decrypt_key_cb_arg,
+                                     detached_digestalgs, detached_digests);
+
+    p7ecx = (NSSCMSEncoderContext *)PORT_ZAlloc(sizeof(NSSCMSEncoderContext));
+    if (p7ecx == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    p7ecx->cmsg = cmsg;
+    p7ecx->output.outputfn = outputfn;
+    p7ecx->output.outputarg = outputarg;
+    p7ecx->output.dest = dest;
+    p7ecx->output.destpoolp = destpoolp;
+    p7ecx->type = SEC_OID_UNKNOWN;
+
+    cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
+
+    tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+    switch (tag) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            rv = NSS_CMSSignedData_Encode_BeforeStart(cinfo->content.signedData);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            rv = NSS_CMSEnvelopedData_Encode_BeforeStart(cinfo->content.envelopedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            rv = NSS_CMSDigestedData_Encode_BeforeStart(cinfo->content.digestedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            rv = NSS_CMSEncryptedData_Encode_BeforeStart(cinfo->content.encryptedData);
+            break;
+        default:
+            if (NSS_CMSType_IsWrapper(tag)) {
+                rv = NSS_CMSGenericWrapperData_Encode_BeforeStart(tag,
+                                                                  p7ecx->content.genericData);
+            } else {
+                rv = SECFailure;
+            }
+            break;
+    }
+    if (rv != SECSuccess) {
+        PORT_Free(p7ecx);
+        return NULL;
+    }
+
+    /* Initialize the BER encoder.
+     * Note that this will not encode anything until the first call to SEC_ASN1EncoderUpdate */
+    p7ecx->ecx = SEC_ASN1EncoderStart(cmsg, NSSCMSMessageTemplate,
+                                      nss_cms_encoder_out, &(p7ecx->output));
+    if (p7ecx->ecx == NULL) {
+        PORT_Free(p7ecx);
+        return NULL;
+    }
+    p7ecx->ecxupdated = PR_FALSE;
+
+    /*
+     * Indicate that we are streaming.  We will be streaming until we
+     * get past the contents bytes.
+     */
+    if (!cinfo->privateInfo || !cinfo->privateInfo->dontStream)
+        SEC_ASN1EncoderSetStreaming(p7ecx->ecx);
+
+    /*
+     * The notify function will watch for the contents field.
+     */
+    SEC_ASN1EncoderSetNotifyProc(p7ecx->ecx, nss_cms_encoder_notify, p7ecx);
+
+    /* this will kick off the encoding process & encode everything up to the content bytes,
+     * at which point the notify function sets streaming mode (and possibly creates
+     * a child encoder). */
+    p7ecx->ecxupdated = PR_TRUE;
+    if (SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0) != SECSuccess) {
+        PORT_Free(p7ecx);
+        return NULL;
+    }
+
+    return p7ecx;
+}
+
+/*
+ * NSS_CMSEncoder_Update - take content data delivery from the user
+ *
+ * "p7ecx" - encoder context
+ * "data" - content data
+ * "len" - length of content data
+ *
+ * need to find the lowest level (and call SEC_ASN1EncoderUpdate on the way down),
+ * then hand the data to the work_data fn
+ */
+SECStatus
+NSS_CMSEncoder_Update(NSSCMSEncoderContext *p7ecx, const char *data, unsigned long len)
+{
+    SECStatus rv;
+    NSSCMSContentInfo *cinfo;
+    SECOidTag childtype;
+
+    if (p7ecx->error)
+        return SECFailure;
+
+    /* hand data to the innermost decoder */
+    if (p7ecx->childp7ecx) {
+        /* tell the child to start encoding, up to its first data byte, if it
+         * hasn't started yet */
+        if (!p7ecx->childp7ecx->ecxupdated) {
+            p7ecx->childp7ecx->ecxupdated = PR_TRUE;
+            if (SEC_ASN1EncoderUpdate(p7ecx->childp7ecx->ecx, NULL, 0) != SECSuccess)
+                return SECFailure;
+        }
+        /* recursion here */
+        rv = NSS_CMSEncoder_Update(p7ecx->childp7ecx, data, len);
+    } else {
+        /* we are at innermost decoder */
+        /* find out about our inner content type - must be data */
+        cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+        if (!cinfo) {
+            /* The original programmer didn't expect this to happen */
+            p7ecx->error = SEC_ERROR_LIBRARY_FAILURE;
+            return SECFailure;
+        }
+
+        childtype = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
+        if (!NSS_CMSType_IsData(childtype))
+            return SECFailure;
+        /* and we must not have preset data */
+        if (cinfo->content.data != NULL)
+            return SECFailure;
+
+        /*  hand it the data so it can encode it (let DER trickle up the chain) */
+        rv = nss_cms_encoder_work_data(p7ecx, NULL, (const unsigned char *)data,
+                                       len, PR_FALSE, PR_TRUE);
+    }
+    return rv;
+}
+
+/*
+ * NSS_CMSEncoder_Cancel - stop all encoding
+ *
+ * we need to walk down the chain of encoders and the finish them from the innermost out
+ */
+SECStatus
+NSS_CMSEncoder_Cancel(NSSCMSEncoderContext *p7ecx)
+{
+    SECStatus rv = SECFailure;
+
+    /* XXX do this right! */
+
+    /*
+     * Finish any inner decoders before us so that all the encoded data is flushed
+     * This basically finishes all the decoders from the innermost to the outermost.
+     * Finishing an inner decoder may result in data being updated to the outer decoder
+     * while we are already in NSS_CMSEncoder_Finish, but that's allright.
+     */
+    if (p7ecx->childp7ecx) {
+        rv = NSS_CMSEncoder_Cancel(p7ecx->childp7ecx); /* frees p7ecx->childp7ecx */
+                                                       /* remember rv for now */
+#ifdef CMSDEBUG
+        if (rv != SECSuccess) {
+            fprintf(stderr, "Fail to cancel inner encoder\n");
+        }
+#endif
+    }
+
+    /*
+     * On the way back up, there will be no more data (if we had an
+     * inner encoder, it is done now!)
+     * Flush out any remaining data and/or finish digests.
+     */
+    rv = nss_cms_encoder_work_data(p7ecx, NULL, NULL, 0, PR_TRUE, (p7ecx->childp7ecx == NULL));
+    if (rv != SECSuccess)
+        goto loser;
+
+    p7ecx->childp7ecx = NULL;
+
+    /* kick the encoder back into working mode again.
+     * We turn off streaming stuff (which will cause the encoder to continue
+     * encoding happily, now that we have all the data (like digests) ready for it).
+     */
+    SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);
+    SEC_ASN1EncoderClearStreaming(p7ecx->ecx);
+
+    /* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
+    rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
+
+loser:
+    SEC_ASN1EncoderFinish(p7ecx->ecx);
+    PORT_Free(p7ecx);
+    return rv;
+}
+
+/*
+ * NSS_CMSEncoder_Finish - signal the end of data
+ *
+ * we need to walk down the chain of encoders and the finish them from the innermost out
+ */
+SECStatus
+NSS_CMSEncoder_Finish(NSSCMSEncoderContext *p7ecx)
+{
+    SECStatus rv = SECFailure;
+    NSSCMSContentInfo *cinfo;
+
+    /*
+     * Finish any inner decoders before us so that all the encoded data is flushed
+     * This basically finishes all the decoders from the innermost to the outermost.
+     * Finishing an inner decoder may result in data being updated to the outer decoder
+     * while we are already in NSS_CMSEncoder_Finish, but that's allright.
+     */
+    if (p7ecx->childp7ecx) {
+        /* tell the child to start encoding, up to its first data byte, if it
+         * hasn't yet */
+        if (!p7ecx->childp7ecx->ecxupdated) {
+            p7ecx->childp7ecx->ecxupdated = PR_TRUE;
+            rv = SEC_ASN1EncoderUpdate(p7ecx->childp7ecx->ecx, NULL, 0);
+            if (rv != SECSuccess) {
+                NSS_CMSEncoder_Finish(p7ecx->childp7ecx); /* frees p7ecx->childp7ecx */
+                goto loser;
+            }
+        }
+        rv = NSS_CMSEncoder_Finish(p7ecx->childp7ecx); /* frees p7ecx->childp7ecx */
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    /*
+     * On the way back up, there will be no more data (if we had an
+     * inner encoder, it is done now!)
+     * Flush out any remaining data and/or finish digests.
+     */
+    rv = nss_cms_encoder_work_data(p7ecx, NULL, NULL, 0, PR_TRUE, (p7ecx->childp7ecx == NULL));
+    if (rv != SECSuccess)
+        goto loser;
+
+    p7ecx->childp7ecx = NULL;
+
+    cinfo = NSS_CMSContent_GetContentInfo(p7ecx->content.pointer, p7ecx->type);
+    if (!cinfo) {
+        /* The original programmer didn't expect this to happen */
+        p7ecx->error = SEC_ERROR_LIBRARY_FAILURE;
+        rv = SECFailure;
+        goto loser;
+    }
+    SEC_ASN1EncoderClearTakeFromBuf(p7ecx->ecx);
+    SEC_ASN1EncoderClearStreaming(p7ecx->ecx);
+    /* now that TakeFromBuf is off, this will kick this encoder to finish encoding */
+    rv = SEC_ASN1EncoderUpdate(p7ecx->ecx, NULL, 0);
+
+    if (p7ecx->error)
+        rv = SECFailure;
+
+loser:
+    SEC_ASN1EncoderFinish(p7ecx->ecx);
+    PORT_Free(p7ecx);
+    return rv;
+}
diff --git a/nss/lib/smime/cmsenvdata.c b/nss/lib/smime/cmsenvdata.c
new file mode 100644
index 0000000..f2c8e17
--- /dev/null
+++ b/nss/lib/smime/cmsenvdata.c
@@ -0,0 +1,398 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS envelopedData methods.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "secpkcs5.h"
+
+/*
+ * NSS_CMSEnvelopedData_Create - create an enveloped data message
+ */
+NSSCMSEnvelopedData *
+NSS_CMSEnvelopedData_Create(NSSCMSMessage *cmsg, SECOidTag algorithm, int keysize)
+{
+    void *mark;
+    NSSCMSEnvelopedData *envd;
+    PLArenaPool *poolp;
+    SECStatus rv;
+
+    poolp = cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    envd = (NSSCMSEnvelopedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSEnvelopedData));
+    if (envd == NULL)
+        goto loser;
+
+    envd->cmsg = cmsg;
+
+    /* version is set in NSS_CMSEnvelopedData_Encode_BeforeStart() */
+
+    rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, &(envd->contentInfo),
+                                             algorithm, NULL, keysize);
+    if (rv != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return envd;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+/*
+ * NSS_CMSEnvelopedData_Destroy - destroy an enveloped data message
+ */
+void
+NSS_CMSEnvelopedData_Destroy(NSSCMSEnvelopedData *edp)
+{
+    NSSCMSRecipientInfo **recipientinfos;
+    NSSCMSRecipientInfo *ri;
+
+    if (edp == NULL)
+        return;
+
+    recipientinfos = edp->recipientInfos;
+    if (recipientinfos == NULL)
+        return;
+
+    while ((ri = *recipientinfos++) != NULL)
+        NSS_CMSRecipientInfo_Destroy(ri);
+
+    NSS_CMSContentInfo_Destroy(&(edp->contentInfo));
+}
+
+/*
+ * NSS_CMSEnvelopedData_GetContentInfo - return pointer to this envelopedData's contentinfo
+ */
+NSSCMSContentInfo *
+NSS_CMSEnvelopedData_GetContentInfo(NSSCMSEnvelopedData *envd)
+{
+    return &(envd->contentInfo);
+}
+
+/*
+ * NSS_CMSEnvelopedData_AddRecipient - add a recipientinfo to the enveloped data msg
+ *
+ * rip must be created on the same pool as edp - this is not enforced, though.
+ */
+SECStatus
+NSS_CMSEnvelopedData_AddRecipient(NSSCMSEnvelopedData *edp, NSSCMSRecipientInfo *rip)
+{
+    void *mark;
+    SECStatus rv;
+
+    /* XXX compare pools, if not same, copy rip into edp's pool */
+
+    PR_ASSERT(edp != NULL);
+    PR_ASSERT(rip != NULL);
+
+    mark = PORT_ArenaMark(edp->cmsg->poolp);
+
+    rv = NSS_CMSArray_Add(edp->cmsg->poolp, (void ***)&(edp->recipientInfos), (void *)rip);
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(edp->cmsg->poolp, mark);
+        return SECFailure;
+    }
+
+    PORT_ArenaUnmark(edp->cmsg->poolp, mark);
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEnvelopedData_Encode_BeforeStart - prepare this envelopedData for encoding
+ *
+ * at this point, we need
+ * - recipientinfos set up with recipient's certificates
+ * - a content encryption algorithm (if none, 3DES will be used)
+ *
+ * this function will generate a random content encryption key (aka bulk key),
+ * initialize the recipientinfos with certificate identification and wrap the bulk key
+ * using the proper algorithm for every certificiate.
+ * it will finally set the bulk algorithm and key so that the encode step can find it.
+ */
+SECStatus
+NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd)
+{
+    int version;
+    NSSCMSRecipientInfo **recipientinfos;
+    NSSCMSContentInfo *cinfo;
+    PK11SymKey *bulkkey = NULL;
+    SECOidTag bulkalgtag;
+    CK_MECHANISM_TYPE type;
+    PK11SlotInfo *slot;
+    SECStatus rv;
+    SECItem *dummy;
+    PLArenaPool *poolp;
+    extern const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
+    void *mark = NULL;
+    int i;
+
+    poolp = envd->cmsg->poolp;
+    cinfo = &(envd->contentInfo);
+
+    recipientinfos = envd->recipientInfos;
+    if (recipientinfos == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+#if 0
+    PORT_SetErrorString("Cannot find recipientinfos to encode.");
+#endif
+        goto loser;
+    }
+
+    version = NSS_CMS_ENVELOPED_DATA_VERSION_REG;
+    if (envd->originatorInfo != NULL || envd->unprotectedAttr != NULL) {
+        version = NSS_CMS_ENVELOPED_DATA_VERSION_ADV;
+    } else {
+        for (i = 0; recipientinfos[i] != NULL; i++) {
+            if (NSS_CMSRecipientInfo_GetVersion(recipientinfos[i]) != 0) {
+                version = NSS_CMS_ENVELOPED_DATA_VERSION_ADV;
+                break;
+            }
+        }
+    }
+    dummy = SEC_ASN1EncodeInteger(poolp, &(envd->version), version);
+    if (dummy == NULL)
+        goto loser;
+
+    /* now we need to have a proper content encryption algorithm
+     * on the SMIME level, we would figure one out by looking at SMIME capabilities
+     * we cannot do that on our level, so if none is set already, we'll just go
+     * with one of the mandatory algorithms (3DES) */
+    if ((bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo)) == SEC_OID_UNKNOWN) {
+        rv = NSS_CMSContentInfo_SetContentEncAlg(poolp, cinfo, SEC_OID_DES_EDE3_CBC, NULL, 168);
+        if (rv != SECSuccess)
+            goto loser;
+        bulkalgtag = SEC_OID_DES_EDE3_CBC;
+    }
+
+    /* generate a random bulk key suitable for content encryption alg */
+    type = PK11_AlgtagToMechanism(bulkalgtag);
+    slot = PK11_GetBestSlot(type, envd->cmsg->pwfn_arg);
+    if (slot == NULL)
+        goto loser; /* error has been set by PK11_GetBestSlot */
+
+    /* this is expensive... */
+    bulkkey = PK11_KeyGen(slot, type, NULL,
+                          NSS_CMSContentInfo_GetBulkKeySize(cinfo) / 8,
+                          envd->cmsg->pwfn_arg);
+    PK11_FreeSlot(slot);
+    if (bulkkey == NULL)
+        goto loser; /* error has been set by PK11_KeyGen */
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* Encrypt the bulk key with the public key of each recipient.  */
+    for (i = 0; recipientinfos[i] != NULL; i++) {
+        rv = NSS_CMSRecipientInfo_WrapBulkKey(recipientinfos[i], bulkkey, bulkalgtag);
+        if (rv != SECSuccess)
+            goto loser; /* error has been set by NSS_CMSRecipientInfo_EncryptBulkKey */
+                        /* could be: alg not supported etc. */
+    }
+
+    /* the recipientinfos are all finished. now sort them by DER for SET OF encoding */
+    rv = NSS_CMSArray_SortByDER((void **)envd->recipientInfos,
+                                NSSCMSRecipientInfoTemplate, NULL);
+    if (rv != SECSuccess)
+        goto loser; /* error has been set by NSS_CMSArray_SortByDER */
+
+    /* store the bulk key in the contentInfo so that the encoder can find it */
+    NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
+
+    PORT_ArenaUnmark(poolp, mark);
+
+    PK11_FreeSymKey(bulkkey);
+
+    return SECSuccess;
+
+loser:
+    if (mark != NULL)
+        PORT_ArenaRelease(poolp, mark);
+    if (bulkkey)
+        PK11_FreeSymKey(bulkkey);
+
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSEnvelopedData_Encode_BeforeData - set up encryption
+ *
+ * it is essential that this is called before the contentEncAlg is encoded, because
+ * setting up the encryption may generate IVs and thus change it!
+ */
+SECStatus
+NSS_CMSEnvelopedData_Encode_BeforeData(NSSCMSEnvelopedData *envd)
+{
+    NSSCMSContentInfo *cinfo;
+    PK11SymKey *bulkkey;
+    SECAlgorithmID *algid;
+    SECStatus rv;
+
+    cinfo = &(envd->contentInfo);
+
+    /* find bulkkey and algorithm - must have been set by NSS_CMSEnvelopedData_Encode_BeforeStart */
+    bulkkey = NSS_CMSContentInfo_GetBulkKey(cinfo);
+    if (bulkkey == NULL)
+        return SECFailure;
+    algid = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
+    if (algid == NULL)
+        return SECFailure;
+
+    rv = NSS_CMSContentInfo_Private_Init(cinfo);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    /* this may modify algid (with IVs generated in a token).
+     * it is essential that algid is a pointer to the contentEncAlg data, not a
+     * pointer to a copy! */
+    cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartEncrypt(envd->cmsg->poolp, bulkkey, algid);
+    PK11_FreeSymKey(bulkkey);
+    if (cinfo->privateInfo->ciphcx == NULL)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEnvelopedData_Encode_AfterData - finalize this envelopedData for encoding
+ */
+SECStatus
+NSS_CMSEnvelopedData_Encode_AfterData(NSSCMSEnvelopedData *envd)
+{
+    if (envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
+        NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
+        envd->contentInfo.privateInfo->ciphcx = NULL;
+    }
+
+    /* nothing else to do after data */
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEnvelopedData_Decode_BeforeData - find our recipientinfo,
+ * derive bulk key & set up our contentinfo
+ */
+SECStatus
+NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd)
+{
+    NSSCMSRecipientInfo *ri;
+    PK11SymKey *bulkkey = NULL;
+    SECOidTag bulkalgtag;
+    SECAlgorithmID *bulkalg;
+    SECStatus rv = SECFailure;
+    NSSCMSContentInfo *cinfo;
+    NSSCMSRecipient **recipient_list = NULL;
+    NSSCMSRecipient *recipient;
+    int rlIndex;
+
+    if (NSS_CMSArray_Count((void **)envd->recipientInfos) == 0) {
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+#if 0
+    PORT_SetErrorString("No recipient data in envelope.");
+#endif
+        goto loser;
+    }
+
+    /* look if one of OUR cert's issuerSN is on the list of recipients, and if so,  */
+    /* get the cert and private key for it right away */
+    recipient_list = nss_cms_recipient_list_create(envd->recipientInfos);
+    if (recipient_list == NULL)
+        goto loser;
+
+    /* what about multiple recipientInfos that match?
+     * especially if, for some reason, we could not produce a bulk key with the first match?!
+     * we could loop & feed partial recipient_list to PK11_FindCertAndKeyByRecipientList...
+     * maybe later... */
+    rlIndex = PK11_FindCertAndKeyByRecipientListNew(recipient_list, envd->cmsg->pwfn_arg);
+
+    /* if that fails, then we're not an intended recipient and cannot decrypt */
+    if (rlIndex < 0) {
+        PORT_SetError(SEC_ERROR_NOT_A_RECIPIENT);
+#if 0
+    PORT_SetErrorString("Cannot decrypt data because proper key cannot be found.");
+#endif
+        goto loser;
+    }
+
+    recipient = recipient_list[rlIndex];
+    if (!recipient->cert || !recipient->privkey) {
+        /* XXX should set an error code ?!? */
+        goto loser;
+    }
+    /* get a pointer to "our" recipientinfo */
+    ri = envd->recipientInfos[recipient->riIndex];
+
+    cinfo = &(envd->contentInfo);
+    bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo);
+    if (bulkalgtag == SEC_OID_UNKNOWN) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+    } else
+        bulkkey =
+            NSS_CMSRecipientInfo_UnwrapBulkKey(ri, recipient->subIndex,
+                                               recipient->cert,
+                                               recipient->privkey,
+                                               bulkalgtag);
+    if (bulkkey == NULL) {
+        /* no success finding a bulk key */
+        goto loser;
+    }
+
+    NSS_CMSContentInfo_SetBulkKey(cinfo, bulkkey);
+
+    bulkalg = NSS_CMSContentInfo_GetContentEncAlg(cinfo);
+
+    rv = NSS_CMSContentInfo_Private_Init(cinfo);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECFailure;
+    cinfo->privateInfo->ciphcx = NSS_CMSCipherContext_StartDecrypt(bulkkey, bulkalg);
+    if (cinfo->privateInfo->ciphcx == NULL)
+        goto loser; /* error has been set by NSS_CMSCipherContext_StartDecrypt */
+
+    rv = SECSuccess;
+
+loser:
+    if (bulkkey)
+        PK11_FreeSymKey(bulkkey);
+    if (recipient_list != NULL)
+        nss_cms_recipient_list_destroy(recipient_list);
+    return rv;
+}
+
+/*
+ * NSS_CMSEnvelopedData_Decode_AfterData - finish decrypting this envelopedData's content
+ */
+SECStatus
+NSS_CMSEnvelopedData_Decode_AfterData(NSSCMSEnvelopedData *envd)
+{
+    if (envd && envd->contentInfo.privateInfo && envd->contentInfo.privateInfo->ciphcx) {
+        NSS_CMSCipherContext_Destroy(envd->contentInfo.privateInfo->ciphcx);
+        envd->contentInfo.privateInfo->ciphcx = NULL;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSEnvelopedData_Decode_AfterEnd - finish decoding this envelopedData
+ */
+SECStatus
+NSS_CMSEnvelopedData_Decode_AfterEnd(NSSCMSEnvelopedData *envd)
+{
+    /* apply final touches */
+    return SECSuccess;
+}
diff --git a/nss/lib/smime/cmslocal.h b/nss/lib/smime/cmslocal.h
new file mode 100644
index 0000000..ef7d500
--- /dev/null
+++ b/nss/lib/smime/cmslocal.h
@@ -0,0 +1,351 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support routines for CMS implementation, none of which are exported.
+ *
+ * Do not export this file!  If something in here is really needed outside
+ * of smime code, first try to add a CMS interface which will do it for
+ * you.  If that has a problem, then just move out what you need, changing
+ * its name as appropriate!
+ */
+
+#ifndef _CMSLOCAL_H_
+#define _CMSLOCAL_H_
+
+#include "cms.h"
+#include "cmsreclist.h"
+#include "secasn1t.h"
+
+extern const SEC_ASN1Template NSSCMSContentInfoTemplate[];
+
+struct NSSCMSContentInfoPrivateStr {
+    NSSCMSCipherContext *ciphcx;
+    NSSCMSDigestContext *digcx;
+    PRBool dontStream;
+};
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/*
+ * private content Info stuff
+ */
+
+/* initialize the private content info field. If this returns
+ * SECSuccess, the cinfo->private field is safe to dereference.
+ */
+SECStatus NSS_CMSContentInfo_Private_Init(NSSCMSContentInfo *cinfo);
+
+/***********************************************************************
+ * cmscipher.c - en/decryption routines
+ ***********************************************************************/
+
+/*
+ * NSS_CMSCipherContext_StartDecrypt - create a cipher context to do decryption
+ * based on the given bulk * encryption key and algorithm identifier (which may include an iv).
+ */
+extern NSSCMSCipherContext *
+NSS_CMSCipherContext_StartDecrypt(PK11SymKey *key, SECAlgorithmID *algid);
+
+/*
+ * NSS_CMSCipherContext_StartEncrypt - create a cipher object to do encryption,
+ * based on the given bulk encryption key and algorithm tag.  Fill in the algorithm
+ * identifier (which may include an iv) appropriately.
+ */
+extern NSSCMSCipherContext *
+NSS_CMSCipherContext_StartEncrypt(PLArenaPool *poolp, PK11SymKey *key, SECAlgorithmID *algid);
+
+extern void
+NSS_CMSCipherContext_Destroy(NSSCMSCipherContext *cc);
+
+/*
+ * NSS_CMSCipherContext_DecryptLength - find the output length of the next call to decrypt.
+ *
+ * cc - the cipher context
+ * input_len - number of bytes used as input
+ * final - true if this is the final chunk of data
+ *
+ * Result can be used to perform memory allocations.  Note that the amount
+ * is exactly accurate only when not doing a block cipher or when final
+ * is false, otherwise it is an upper bound on the amount because until
+ * we see the data we do not know how many padding bytes there are
+ * (always between 1 and bsize).
+ */
+extern unsigned int
+NSS_CMSCipherContext_DecryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
+
+/*
+ * NSS_CMSCipherContext_EncryptLength - find the output length of the next call to encrypt.
+ *
+ * cc - the cipher context
+ * input_len - number of bytes used as input
+ * final - true if this is the final chunk of data
+ *
+ * Result can be used to perform memory allocations.
+ */
+extern unsigned int
+NSS_CMSCipherContext_EncryptLength(NSSCMSCipherContext *cc, unsigned int input_len, PRBool final);
+
+/*
+ * NSS_CMSCipherContext_Decrypt - do the decryption
+ *
+ * cc - the cipher context
+ * output - buffer for decrypted result bytes
+ * output_len_p - number of bytes in output
+ * max_output_len - upper bound on bytes to put into output
+ * input - pointer to input bytes
+ * input_len - number of input bytes
+ * final - true if this is the final chunk of data
+ *
+ * Decrypts a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the decrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "cc" is the return value from NSS_CMSCipher_StartDecrypt.
+ * When "final" is true, this is the last of the data to be decrypted.
+ */
+extern SECStatus
+NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
+                             unsigned int *output_len_p, unsigned int max_output_len,
+                             const unsigned char *input, unsigned int input_len,
+                             PRBool final);
+
+/*
+ * NSS_CMSCipherContext_Encrypt - do the encryption
+ *
+ * cc - the cipher context
+ * output - buffer for decrypted result bytes
+ * output_len_p - number of bytes in output
+ * max_output_len - upper bound on bytes to put into output
+ * input - pointer to input bytes
+ * input_len - number of input bytes
+ * final - true if this is the final chunk of data
+ *
+ * Encrypts a given length of input buffer (starting at "input" and
+ * containing "input_len" bytes), placing the encrypted bytes in
+ * "output" and storing the output length in "*output_len_p".
+ * "cc" is the return value from NSS_CMSCipher_StartEncrypt.
+ * When "final" is true, this is the last of the data to be encrypted.
+ */
+extern SECStatus
+NSS_CMSCipherContext_Encrypt(NSSCMSCipherContext *cc, unsigned char *output,
+                             unsigned int *output_len_p, unsigned int max_output_len,
+                             const unsigned char *input, unsigned int input_len,
+                             PRBool final);
+
+/************************************************************************
+ * cmspubkey.c - public key operations
+ ************************************************************************/
+
+/*
+ * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
+ *
+ * this function takes a symmetric key and encrypts it using an RSA public key
+ * according to PKCS#1 and RFC2633 (S/MIME)
+ */
+extern SECStatus
+NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
+                              PK11SymKey *key,
+                              SECItem *encKey);
+
+extern SECStatus
+NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
+                                    SECKEYPublicKey *publickey,
+                                    PK11SymKey *bulkkey, SECItem *encKey);
+
+/*
+ * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
+ *
+ * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
+ * key handle. Please note that the actual unwrapped key data may not be allowed to leave
+ * a hardware token...
+ */
+extern PK11SymKey *
+NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag);
+
+extern SECStatus
+NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
+                               SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
+                               SECItem *originatorPubKey);
+
+extern PK11SymKey *
+NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey,
+                               SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag, void *pwfn_arg);
+
+/************************************************************************
+ * cmsreclist.c - recipient list stuff
+ ************************************************************************/
+extern NSSCMSRecipient **nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos);
+extern void nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list);
+extern NSSCMSRecipientEncryptedKey *NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp);
+
+/************************************************************************
+ * cmsarray.c - misc array functions
+ ************************************************************************/
+/*
+ * NSS_CMSArray_Alloc - allocate an array in an arena
+ */
+extern void **
+NSS_CMSArray_Alloc(PLArenaPool *poolp, int n);
+
+/*
+ * NSS_CMSArray_Add - add an element to the end of an array
+ */
+extern SECStatus
+NSS_CMSArray_Add(PLArenaPool *poolp, void ***array, void *obj);
+
+/*
+ * NSS_CMSArray_IsEmpty - check if array is empty
+ */
+extern PRBool
+NSS_CMSArray_IsEmpty(void **array);
+
+/*
+ * NSS_CMSArray_Count - count number of elements in array
+ */
+extern int
+NSS_CMSArray_Count(void **array);
+
+/*
+ * NSS_CMSArray_Sort - sort an array ascending, in place
+ *
+ * If "secondary" is not NULL, the same reordering gets applied to it.
+ * If "tertiary" is not NULL, the same reordering gets applied to it.
+ * "compare" is a function that returns
+ *  < 0 when the first element is less than the second
+ *  = 0 when the first element is equal to the second
+ *  > 0 when the first element is greater than the second
+ */
+extern void
+NSS_CMSArray_Sort(void **primary, int (*compare)(void *, void *), void **secondary, void **tertiary);
+
+/************************************************************************
+ * cmsattr.c - misc attribute functions
+ ************************************************************************/
+/*
+ * NSS_CMSAttribute_Create - create an attribute
+ *
+ * if value is NULL, the attribute won't have a value. It can be added later
+ * with NSS_CMSAttribute_AddValue.
+ */
+extern NSSCMSAttribute *
+NSS_CMSAttribute_Create(PLArenaPool *poolp, SECOidTag oidtag, SECItem *value, PRBool encoded);
+
+/*
+ * NSS_CMSAttribute_AddValue - add another value to an attribute
+ */
+extern SECStatus
+NSS_CMSAttribute_AddValue(PLArenaPool *poolp, NSSCMSAttribute *attr, SECItem *value);
+
+/*
+ * NSS_CMSAttribute_GetType - return the OID tag
+ */
+extern SECOidTag
+NSS_CMSAttribute_GetType(NSSCMSAttribute *attr);
+
+/*
+ * NSS_CMSAttribute_GetValue - return the first attribute value
+ *
+ * We do some sanity checking first:
+ * - Multiple values are *not* expected.
+ * - Empty values are *not* expected.
+ */
+extern SECItem *
+NSS_CMSAttribute_GetValue(NSSCMSAttribute *attr);
+
+/*
+ * NSS_CMSAttribute_CompareValue - compare the attribute's first value against data
+ */
+extern PRBool
+NSS_CMSAttribute_CompareValue(NSSCMSAttribute *attr, SECItem *av);
+
+/*
+ * NSS_CMSAttributeArray_Encode - encode an Attribute array as SET OF Attributes
+ *
+ * If you are wondering why this routine does not reorder the attributes
+ * first, and might be tempted to make it do so, see the comment by the
+ * call to ReorderAttributes in cmsencode.c.  (Or, see who else calls this
+ * and think long and hard about the implications of making it always
+ * do the reordering.)
+ */
+extern SECItem *
+NSS_CMSAttributeArray_Encode(PLArenaPool *poolp, NSSCMSAttribute ***attrs, SECItem *dest);
+
+/*
+ * NSS_CMSAttributeArray_Reorder - sort attribute array by attribute's DER encoding
+ *
+ * make sure that the order of the attributes guarantees valid DER (which must be
+ * in lexigraphically ascending order for a SET OF); if reordering is necessary it
+ * will be done in place (in attrs).
+ */
+extern SECStatus
+NSS_CMSAttributeArray_Reorder(NSSCMSAttribute **attrs);
+
+/*
+ * NSS_CMSAttributeArray_FindAttrByOidTag - look through a set of attributes and
+ * find one that matches the specified object ID.
+ *
+ * If "only" is true, then make sure that there is not more than one attribute
+ * of the same type.  Otherwise, just return the first one found. (XXX Does
+ * anybody really want that first-found behavior?  It was like that when I found it...)
+ */
+extern NSSCMSAttribute *
+NSS_CMSAttributeArray_FindAttrByOidTag(NSSCMSAttribute **attrs, SECOidTag oidtag, PRBool only);
+
+/*
+ * NSS_CMSAttributeArray_AddAttr - add an attribute to an
+ * array of attributes.
+ */
+extern SECStatus
+NSS_CMSAttributeArray_AddAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs, NSSCMSAttribute *attr);
+
+/*
+ * NSS_CMSAttributeArray_SetAttr - set an attribute's value in a set of attributes
+ */
+extern SECStatus
+NSS_CMSAttributeArray_SetAttr(PLArenaPool *poolp, NSSCMSAttribute ***attrs,
+                              SECOidTag type, SECItem *value, PRBool encoded);
+
+/*
+ * NSS_CMSSignedData_AddTempCertificate - add temporary certificate references.
+ * They may be needed for signature verification on the data, for example.
+ */
+extern SECStatus
+NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert);
+
+/*
+ * local function to handle compatibility issues
+ * by mapping a signature algorithm back to a digest.
+ */
+SECOidTag NSS_CMSUtil_MapSignAlgs(SECOidTag signAlg);
+
+/************************************************************************/
+
+/*
+ * local functions to handle user defined S/MIME content types
+ */
+
+PRBool NSS_CMSType_IsWrapper(SECOidTag type);
+PRBool NSS_CMSType_IsData(SECOidTag type);
+size_t NSS_CMSType_GetContentSize(SECOidTag type);
+const SEC_ASN1Template *NSS_CMSType_GetTemplate(SECOidTag type);
+
+void NSS_CMSGenericWrapperData_Destroy(SECOidTag type,
+                                       NSSCMSGenericWrapperData *gd);
+SECStatus NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type,
+                                                      NSSCMSGenericWrapperData *gd);
+SECStatus NSS_CMSGenericWrapperData_Decode_AfterData(SECOidTag type,
+                                                     NSSCMSGenericWrapperData *gd);
+SECStatus NSS_CMSGenericWrapperData_Decode_AfterEnd(SECOidTag type,
+                                                    NSSCMSGenericWrapperData *gd);
+SECStatus NSS_CMSGenericWrapperData_Encode_BeforeStart(SECOidTag type,
+                                                       NSSCMSGenericWrapperData *gd);
+SECStatus NSS_CMSGenericWrapperData_Encode_BeforeData(SECOidTag type,
+                                                      NSSCMSGenericWrapperData *gd);
+SECStatus NSS_CMSGenericWrapperData_Encode_AfterData(SECOidTag type,
+                                                     NSSCMSGenericWrapperData *gd);
+
+SEC_END_PROTOS
+
+#endif /* _CMSLOCAL_H_ */
diff --git a/nss/lib/smime/cmsmessage.c b/nss/lib/smime/cmsmessage.c
new file mode 100644
index 0000000..27d1256
--- /dev/null
+++ b/nss/lib/smime/cmsmessage.c
@@ -0,0 +1,293 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS message methods.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "secerr.h"
+
+/*
+ * NSS_CMSMessage_Create - create a CMS message object
+ *
+ * "poolp" - arena to allocate memory from, or NULL if new arena should be created
+ */
+NSSCMSMessage *
+NSS_CMSMessage_Create(PLArenaPool *poolp)
+{
+    void *mark = NULL;
+    NSSCMSMessage *cmsg;
+    PRBool poolp_is_ours = PR_FALSE;
+
+    if (poolp == NULL) {
+        poolp = PORT_NewArena(1024); /* XXX what is right value? */
+        if (poolp == NULL)
+            return NULL;
+        poolp_is_ours = PR_TRUE;
+    }
+
+    if (!poolp_is_ours)
+        mark = PORT_ArenaMark(poolp);
+
+    cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSMessage));
+    if (cmsg == NULL ||
+        NSS_CMSContentInfo_Private_Init(&(cmsg->contentInfo)) != SECSuccess) {
+        if (!poolp_is_ours) {
+            if (mark) {
+                PORT_ArenaRelease(poolp, mark);
+            }
+        } else
+            PORT_FreeArena(poolp, PR_FALSE);
+        return NULL;
+    }
+
+    cmsg->poolp = poolp;
+    cmsg->poolp_is_ours = poolp_is_ours;
+    cmsg->refCount = 1;
+
+    if (mark)
+        PORT_ArenaUnmark(poolp, mark);
+
+    return cmsg;
+}
+
+/*
+ * NSS_CMSMessage_SetEncodingParams - set up a CMS message object for encoding or decoding
+ *
+ * "cmsg" - message object
+ * "pwfn", pwfn_arg" - callback function for getting token password
+ * "decrypt_key_cb", "decrypt_key_cb_arg" - callback function for getting bulk key for encryptedData
+ * "detached_digestalgs", "detached_digests" - digests from detached content
+ */
+void
+NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
+                                 PK11PasswordFunc pwfn, void *pwfn_arg,
+                                 NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
+                                 SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
+{
+    if (pwfn)
+        PK11_SetPasswordFunc(pwfn);
+    cmsg->pwfn_arg = pwfn_arg;
+    cmsg->decrypt_key_cb = decrypt_key_cb;
+    cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
+    cmsg->detached_digestalgs = detached_digestalgs;
+    cmsg->detached_digests = detached_digests;
+}
+
+/*
+ * NSS_CMSMessage_Destroy - destroy a CMS message and all of its sub-pieces.
+ */
+void
+NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
+{
+    PORT_Assert(cmsg->refCount > 0);
+    if (cmsg->refCount <= 0) /* oops */
+        return;
+
+    cmsg->refCount--; /* thread safety? */
+    if (cmsg->refCount > 0)
+        return;
+
+    NSS_CMSContentInfo_Destroy(&(cmsg->contentInfo));
+
+    /* if poolp is not NULL, cmsg is the owner of its arena */
+    if (cmsg->poolp_is_ours)
+        PORT_FreeArena(cmsg->poolp, PR_FALSE); /* XXX clear it? */
+}
+
+/*
+ * NSS_CMSMessage_Copy - return a copy of the given message.
+ *
+ * The copy may be virtual or may be real -- either way, the result needs
+ * to be passed to NSS_CMSMessage_Destroy later (as does the original).
+ */
+NSSCMSMessage *
+NSS_CMSMessage_Copy(NSSCMSMessage *cmsg)
+{
+    if (cmsg == NULL)
+        return NULL;
+
+    PORT_Assert(cmsg->refCount > 0);
+
+    cmsg->refCount++; /* XXX chrisk thread safety? */
+    return cmsg;
+}
+
+/*
+ * NSS_CMSMessage_GetArena - return a pointer to the message's arena pool
+ */
+PLArenaPool *
+NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
+{
+    return cmsg->poolp;
+}
+
+/*
+ * NSS_CMSMessage_GetContentInfo - return a pointer to the top level contentInfo
+ */
+NSSCMSContentInfo *
+NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
+{
+    return &(cmsg->contentInfo);
+}
+
+/*
+ * Return a pointer to the actual content.
+ * In the case of those types which are encrypted, this returns the *plain* content.
+ * In case of nested contentInfos, this descends and retrieves the innermost content.
+ */
+SECItem *
+NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg)
+{
+    /* this is a shortcut */
+    NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
+    SECItem *pItem = NSS_CMSContentInfo_GetInnerContent(cinfo);
+    return pItem;
+}
+
+/*
+ * NSS_CMSMessage_ContentLevelCount - count number of levels of CMS content objects in this message
+ *
+ * CMS data content objects do not count.
+ */
+int
+NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg)
+{
+    int count = 0;
+    NSSCMSContentInfo *cinfo;
+
+    /* walk down the chain of contentinfos */
+    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;) {
+        count++;
+        cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo);
+    }
+    return count;
+}
+
+/*
+ * NSS_CMSMessage_ContentLevel - find content level #n
+ *
+ * CMS data content objects do not count.
+ */
+NSSCMSContentInfo *
+NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n)
+{
+    int count = 0;
+    NSSCMSContentInfo *cinfo;
+
+    /* walk down the chain of contentinfos */
+    for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n;
+         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
+        count++;
+    }
+
+    return cinfo;
+}
+
+/*
+ * NSS_CMSMessage_ContainsCertsOrCrls - see if message contains certs along the way
+ */
+PRBool
+NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg)
+{
+    NSSCMSContentInfo *cinfo;
+
+    /* descend into CMS message */
+    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
+         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
+        if (!NSS_CMSType_IsData(NSS_CMSContentInfo_GetContentTypeTag(cinfo)))
+            continue; /* next level */
+
+        if (NSS_CMSSignedData_ContainsCertsOrCrls(cinfo->content.signedData))
+            return PR_TRUE;
+        /* callback here for generic wrappers? */
+    }
+    return PR_FALSE;
+}
+
+/*
+ * NSS_CMSMessage_IsEncrypted - see if message contains a encrypted submessage
+ */
+PRBool
+NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg)
+{
+    NSSCMSContentInfo *cinfo;
+
+    /* walk down the chain of contentinfos */
+    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
+         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
+        switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
+            case SEC_OID_PKCS7_ENVELOPED_DATA:
+            case SEC_OID_PKCS7_ENCRYPTED_DATA:
+                return PR_TRUE;
+            default:
+                /* callback here for generic wrappers? */
+                break;
+        }
+    }
+    return PR_FALSE;
+}
+
+/*
+ * NSS_CMSMessage_IsSigned - see if message contains a signed submessage
+ *
+ * If the CMS message has a SignedData with a signature (not just a SignedData)
+ * return true; false otherwise.  This can/should be called before calling
+ * VerifySignature, which will always indicate failure if no signature is
+ * present, but that does not mean there even was a signature!
+ * Note that the content itself can be empty (detached content was sent
+ * another way); it is the presence of the signature that matters.
+ */
+PRBool
+NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg)
+{
+    NSSCMSContentInfo *cinfo;
+
+    /* walk down the chain of contentinfos */
+    for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
+         cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
+        switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
+            case SEC_OID_PKCS7_SIGNED_DATA:
+                if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos))
+                    return PR_TRUE;
+                break;
+            default:
+                /* callback here for generic wrappers? */
+                break;
+        }
+    }
+    return PR_FALSE;
+}
+
+/*
+ * NSS_CMSMessage_IsContentEmpty - see if content is empty
+ *
+ * returns PR_TRUE is innermost content length is < minLen
+ * XXX need the encrypted content length (why?)
+ */
+PRBool
+NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen)
+{
+    SECItem *item = NULL;
+
+    if (cmsg == NULL)
+        return PR_TRUE;
+
+    item = NSS_CMSContentInfo_GetContent(NSS_CMSMessage_GetContentInfo(cmsg));
+
+    if (!item) {
+        return PR_TRUE;
+    } else if (item->len <= minLen) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
diff --git a/nss/lib/smime/cmspubkey.c b/nss/lib/smime/cmspubkey.c
new file mode 100644
index 0000000..bc3cd99
--- /dev/null
+++ b/nss/lib/smime/cmspubkey.c
@@ -0,0 +1,285 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS public key crypto
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "secerr.h"
+
+/* ====== RSA ======================================================================= */
+
+/*
+ * NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
+ *
+ * this function takes a symmetric key and encrypts it using an RSA public key
+ * according to PKCS#1 and RFC2633 (S/MIME)
+ */
+SECStatus
+NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
+                              PK11SymKey *bulkkey,
+                              SECItem *encKey)
+{
+    SECStatus rv;
+    SECKEYPublicKey *publickey;
+
+    publickey = CERT_ExtractPublicKey(cert);
+    if (publickey == NULL)
+        return SECFailure;
+
+    rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, publickey, bulkkey, encKey);
+    SECKEY_DestroyPublicKey(publickey);
+    return rv;
+}
+
+SECStatus
+NSS_CMSUtil_EncryptSymKey_RSAPubKey(PLArenaPool *poolp,
+                                    SECKEYPublicKey *publickey,
+                                    PK11SymKey *bulkkey, SECItem *encKey)
+{
+    SECStatus rv;
+    int data_len;
+    KeyType keyType;
+    void *mark = NULL;
+
+    mark = PORT_ArenaMark(poolp);
+    if (!mark)
+        goto loser;
+
+    /* sanity check */
+    keyType = SECKEY_GetPublicKeyType(publickey);
+    PORT_Assert(keyType == rsaKey);
+    if (keyType != rsaKey) {
+        goto loser;
+    }
+    /* allocate memory for the encrypted key */
+    data_len = SECKEY_PublicKeyStrength(publickey); /* block size (assumed to be > keylen) */
+    encKey->data = (unsigned char *)PORT_ArenaAlloc(poolp, data_len);
+    encKey->len = data_len;
+    if (encKey->data == NULL)
+        goto loser;
+
+    /* encrypt the key now */
+    rv = PK11_PubWrapSymKey(PK11_AlgtagToMechanism(SEC_OID_PKCS1_RSA_ENCRYPTION),
+                            publickey, bulkkey, encKey);
+
+    if (rv != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    if (mark) {
+        PORT_ArenaRelease(poolp, mark);
+    }
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSUtil_DecryptSymKey_RSA - unwrap a RSA-wrapped symmetric key
+ *
+ * this function takes an RSA-wrapped symmetric key and unwraps it, returning a symmetric
+ * key handle. Please note that the actual unwrapped key data may not be allowed to leave
+ * a hardware token...
+ */
+PK11SymKey *
+NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag)
+{
+    /* that's easy */
+    CK_MECHANISM_TYPE target;
+    PORT_Assert(bulkalgtag != SEC_OID_UNKNOWN);
+    target = PK11_AlgtagToMechanism(bulkalgtag);
+    if (bulkalgtag == SEC_OID_UNKNOWN || target == CKM_INVALID_MECHANISM) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return NULL;
+    }
+    return PK11_PubUnwrapSymKey(privkey, encKey, target, CKA_DECRYPT, 0);
+}
+
+/* ====== ESDH (Ephemeral-Static Diffie-Hellman) ==================================== */
+
+SECStatus
+NSS_CMSUtil_EncryptSymKey_ESDH(PLArenaPool *poolp, CERTCertificate *cert, PK11SymKey *key,
+                               SECItem *encKey, SECItem **ukm, SECAlgorithmID *keyEncAlg,
+                               SECItem *pubKey)
+{
+#if 0 /* not yet done */
+    SECOidTag certalgtag;       /* the certificate's encryption algorithm */
+    SECOidTag encalgtag;        /* the algorithm used for key exchange/agreement */
+    SECStatus rv;
+    SECItem *params = NULL;
+    int data_len;
+    SECStatus err;
+    PK11SymKey *tek;
+    CERTCertificate *ourCert;
+    SECKEYPublicKey *ourPubKey;
+    NSSCMSKEATemplateSelector whichKEA = NSSCMSKEAInvalid;
+
+    certalgtag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
+    PORT_Assert(certalgtag == SEC_OID_X942_DIFFIE_HELMAN_KEY);
+
+    /* We really want to show our KEA tag as the key exchange algorithm tag. */
+    encalgtag = SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN;
+
+    /* Get the public key of the recipient. */
+    publickey = CERT_ExtractPublicKey(cert);
+    if (publickey == NULL) goto loser;
+
+    /* XXXX generate a DH key pair on a PKCS11 module (XXX which parameters?) */
+    /* XXXX */ourCert = PK11_FindBestKEAMatch(cert, wincx);
+    if (ourCert == NULL) goto loser;
+
+    arena = PORT_NewArena(1024);
+    if (arena == NULL) goto loser;
+
+    /* While we're here, extract the key pair's public key data and copy it into */
+    /* the outgoing parameters. */
+    /* XXXX */ourPubKey = CERT_ExtractPublicKey(ourCert);
+    if (ourPubKey == NULL)
+    {
+        goto loser;
+    }
+    SECITEM_CopyItem(arena, pubKey, /* XXX */&(ourPubKey->u.fortezza.KEAKey));
+    SECKEY_DestroyPublicKey(ourPubKey); /* we only need the private key from now on */
+    ourPubKey = NULL;
+
+    /* Extract our private key in order to derive the KEA key. */
+    ourPrivKey = PK11_FindKeyByAnyCert(ourCert,wincx);
+    CERT_DestroyCertificate(ourCert); /* we're done with this */
+    if (!ourPrivKey) goto loser;
+
+    /* If ukm desired, prepare it - allocate enough space (filled with zeros). */
+    if (ukm) {
+        ukm->data = (unsigned char*)PORT_ArenaZAlloc(arena,/* XXXX */);
+        ukm->len = /* XXXX */;
+    }
+
+    /* Generate the KEK (key exchange key) according to RFC2631 which we use
+     * to wrap the bulk encryption key. */
+    kek = PK11_PubDerive(ourPrivKey, publickey, PR_TRUE,
+                         ukm, NULL,
+                         /* XXXX */CKM_KEA_KEY_DERIVE, /* XXXX */CKM_SKIPJACK_WRAP,
+                         CKA_WRAP, 0, wincx);
+
+    SECKEY_DestroyPublicKey(publickey);
+    SECKEY_DestroyPrivateKey(ourPrivKey);
+    publickey = NULL;
+    ourPrivKey = NULL;
+
+    if (!kek)
+        goto loser;
+
+    /* allocate space for the encrypted CEK (bulk key) */
+    encKey->data = (unsigned char*)PORT_ArenaAlloc(poolp, SMIME_FORTEZZA_MAX_KEY_SIZE);
+    encKey->len = SMIME_FORTEZZA_MAX_KEY_SIZE;
+
+    if (encKey->data == NULL)
+    {
+        PK11_FreeSymKey(kek);
+        goto loser;
+    }
+
+
+    /* Wrap the bulk key using CMSRC2WRAP or CMS3DESWRAP, depending on the */
+    /* bulk encryption algorithm */
+    switch (/* XXXX */PK11_AlgtagToMechanism(enccinfo->encalg))
+    {
+    case /* XXXX */CKM_SKIPJACK_CFB8:
+        err = PK11_WrapSymKey(/* XXXX */CKM_CMS3DES_WRAP, NULL, kek, bulkkey, encKey);
+        whichKEA = NSSCMSKEAUsesSkipjack;
+        break;
+    case /* XXXX */CKM_SKIPJACK_CFB8:
+        err = PK11_WrapSymKey(/* XXXX */CKM_CMSRC2_WRAP, NULL, kek, bulkkey, encKey);
+        whichKEA = NSSCMSKEAUsesSkipjack;
+        break;
+    default:
+        /* XXXX what do we do here? Neither RC2 nor 3DES... */
+        err = SECFailure;
+        /* set error */
+        break;
+    }
+
+    PK11_FreeSymKey(kek);       /* we do not need the KEK anymore */
+    if (err != SECSuccess)
+        goto loser;
+
+    PORT_Assert(whichKEA != NSSCMSKEAInvalid);
+
+    /* see RFC2630 12.3.1.1 "keyEncryptionAlgorithm must be ..." */
+    /* params is the DER encoded key wrap algorithm (with parameters!) (XXX) */
+    params = SEC_ASN1EncodeItem(arena, NULL, &keaParams, sec_pkcs7_get_kea_template(whichKEA));
+    if (params == NULL)
+        goto loser;
+
+    /* now set keyEncAlg */
+    rv = SECOID_SetAlgorithmID(poolp, keyEncAlg, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, params);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* XXXXXXX this is not right yet */
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    if (publickey) {
+        SECKEY_DestroyPublicKey(publickey);
+    }
+    if (ourPrivKey) {
+        SECKEY_DestroyPrivateKey(ourPrivKey);
+    }
+#endif
+    return SECFailure;
+}
+
+PK11SymKey *
+NSS_CMSUtil_DecryptSymKey_ESDH(SECKEYPrivateKey *privkey, SECItem *encKey,
+                               SECAlgorithmID *keyEncAlg, SECOidTag bulkalgtag,
+                               void *pwfn_arg)
+{
+#if 0 /* not yet done */
+    SECStatus err;
+    CK_MECHANISM_TYPE bulkType;
+    PK11SymKey *tek;
+    SECKEYPublicKey *originatorPubKey;
+    NSSCMSSMIMEKEAParameters keaParams;
+
+   /* XXXX get originator's public key */
+   originatorPubKey = PK11_MakeKEAPubKey(keaParams.originatorKEAKey.data,
+                           keaParams.originatorKEAKey.len);
+   if (originatorPubKey == NULL)
+      goto loser;
+
+   /* Generate the TEK (token exchange key) which we use to unwrap the bulk encryption key.
+      The Derive function generates a shared secret and combines it with the originatorRA
+      data to come up with an unique session key */
+   tek = PK11_PubDerive(privkey, originatorPubKey, PR_FALSE,
+                         &keaParams.originatorRA, NULL,
+                         CKM_KEA_KEY_DERIVE, CKM_SKIPJACK_WRAP,
+                         CKA_WRAP, 0, pwfn_arg);
+   SECKEY_DestroyPublicKey(originatorPubKey);   /* not needed anymore */
+   if (tek == NULL)
+        goto loser;
+
+    /* Now that we have the TEK, unwrap the bulk key
+       with which to decrypt the message. */
+    /* Skipjack is being used as the bulk encryption algorithm.*/
+    /* Unwrap the bulk key. */
+    bulkkey = PK11_UnwrapSymKey(tek, CKM_SKIPJACK_WRAP, NULL,
+                                encKey, CKM_SKIPJACK_CBC64, CKA_DECRYPT, 0);
+
+    return bulkkey;
+
+loser:
+#endif
+    return NULL;
+}
diff --git a/nss/lib/smime/cmsrecinfo.c b/nss/lib/smime/cmsrecinfo.c
new file mode 100644
index 0000000..2efb6b1
--- /dev/null
+++ b/nss/lib/smime/cmsrecinfo.c
@@ -0,0 +1,669 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS recipientInfo methods.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "secerr.h"
+
+PRBool
+nss_cmsrecipientinfo_usessubjectkeyid(NSSCMSRecipientInfo *ri)
+{
+    if (ri->recipientInfoType == NSSCMSRecipientInfoID_KeyTrans) {
+        NSSCMSRecipientIdentifier *rid;
+        rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
+        if (rid->identifierType == NSSCMSRecipientID_SubjectKeyID) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+/*
+ * NOTE: fakeContent marks CMSMessage structure which is only used as a carrier
+ * of pwfn_arg and arena pools. In an ideal world, NSSCMSMessage would not have
+ * been exported, and we would have added an ordinary enum to handle this
+ * check. Unfortunatly wo don't have that luxury so we are overloading the
+ * contentTypeTag field. NO code should every try to interpret this content tag
+ * as a real OID tag, or use any fields other than pwfn_arg or poolp of this
+ * CMSMessage for that matter */
+static const SECOidData fakeContent;
+NSSCMSRecipientInfo *
+nss_cmsrecipientinfo_create(NSSCMSMessage *cmsg,
+                            NSSCMSRecipientIDSelector type,
+                            CERTCertificate *cert,
+                            SECKEYPublicKey *pubKey,
+                            SECItem *subjKeyID,
+                            void *pwfn_arg,
+                            SECItem *DERinput)
+{
+    NSSCMSRecipientInfo *ri;
+    void *mark;
+    SECOidTag certalgtag;
+    SECStatus rv = SECSuccess;
+    NSSCMSRecipientEncryptedKey *rek;
+    NSSCMSOriginatorIdentifierOrKey *oiok;
+    unsigned long version;
+    SECItem *dummy;
+    PLArenaPool *poolp;
+    CERTSubjectPublicKeyInfo *spki, *freeSpki = NULL;
+    NSSCMSRecipientIdentifier *rid;
+    extern const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
+
+    if (!cmsg) {
+        /* a CMSMessage wasn't supplied, create a fake one to hold the pwfunc
+         * and a private arena pool */
+        cmsg = NSS_CMSMessage_Create(NULL);
+        cmsg->pwfn_arg = pwfn_arg;
+        /* mark it as a special cms message */
+        cmsg->contentInfo.contentTypeTag = (SECOidData *)&fakeContent;
+    }
+
+    poolp = cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    ri = (NSSCMSRecipientInfo *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSRecipientInfo));
+    if (ri == NULL)
+        goto loser;
+
+    ri->cmsg = cmsg;
+
+    if (DERinput) {
+        /* decode everything from DER */
+        SECItem newinput;
+        SECStatus rv = SECITEM_CopyItem(poolp, &newinput, DERinput);
+        if (SECSuccess != rv)
+            goto loser;
+        rv = SEC_QuickDERDecodeItem(poolp, ri, NSSCMSRecipientInfoTemplate, &newinput);
+        if (SECSuccess != rv)
+            goto loser;
+    }
+
+    switch (type) {
+        case NSSCMSRecipientID_IssuerSN: {
+            ri->cert = CERT_DupCertificate(cert);
+            if (NULL == ri->cert)
+                goto loser;
+            spki = &(cert->subjectPublicKeyInfo);
+            break;
+        }
+
+        case NSSCMSRecipientID_SubjectKeyID: {
+            PORT_Assert(pubKey);
+            spki = freeSpki = SECKEY_CreateSubjectPublicKeyInfo(pubKey);
+            break;
+        }
+
+        case NSSCMSRecipientID_BrandNew:
+            goto done;
+            break;
+
+        default:
+            /* unkown type */
+            goto loser;
+            break;
+    }
+
+    certalgtag = SECOID_GetAlgorithmTag(&(spki->algorithm));
+
+    rid = &ri->ri.keyTransRecipientInfo.recipientIdentifier;
+    switch (certalgtag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            ri->recipientInfoType = NSSCMSRecipientInfoID_KeyTrans;
+            rid->identifierType = type;
+            if (type == NSSCMSRecipientID_IssuerSN) {
+                rid->id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert);
+                if (rid->id.issuerAndSN == NULL) {
+                    break;
+                }
+            } else if (type == NSSCMSRecipientID_SubjectKeyID) {
+                NSSCMSKeyTransRecipientInfoEx *riExtra;
+
+                rid->id.subjectKeyID = PORT_ArenaNew(poolp, SECItem);
+                if (rid->id.subjectKeyID == NULL) {
+                    rv = SECFailure;
+                    PORT_SetError(SEC_ERROR_NO_MEMORY);
+                    break;
+                }
+                rv = SECITEM_CopyItem(poolp, rid->id.subjectKeyID, subjKeyID);
+                if (rv != SECSuccess || rid->id.subjectKeyID->data == NULL) {
+                    rv = SECFailure;
+                    PORT_SetError(SEC_ERROR_NO_MEMORY);
+                    break;
+                }
+                riExtra = &ri->ri.keyTransRecipientInfoEx;
+                riExtra->version = 0;
+                riExtra->pubKey = SECKEY_CopyPublicKey(pubKey);
+                if (riExtra->pubKey == NULL) {
+                    rv = SECFailure;
+                    PORT_SetError(SEC_ERROR_NO_MEMORY);
+                    break;
+                }
+            } else {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+            }
+            break;
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
+            PORT_Assert(type == NSSCMSRecipientID_IssuerSN);
+            if (type != NSSCMSRecipientID_IssuerSN) {
+                rv = SECFailure;
+                break;
+            }
+            /* a key agreement op */
+            ri->recipientInfoType = NSSCMSRecipientInfoID_KeyAgree;
+
+            if (ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN == NULL) {
+                rv = SECFailure;
+                break;
+            }
+            /* we do not support the case where multiple recipients
+             * share the same KeyAgreeRecipientInfo and have multiple RecipientEncryptedKeys
+             * in this case, we would need to walk all the recipientInfos, take the
+             * ones that do KeyAgreement algorithms and join them, algorithm by algorithm
+             * Then, we'd generate ONE ukm and OriginatorIdentifierOrKey */
+
+            /* only epheremal-static Diffie-Hellman is supported for now
+             * this is the only form of key agreement that provides potential anonymity
+             * of the sender, plus we do not have to include certs in the message */
+
+            /* force single recipientEncryptedKey for now */
+            if ((rek = NSS_CMSRecipientEncryptedKey_Create(poolp)) == NULL) {
+                rv = SECFailure;
+                break;
+            }
+
+            /* hardcoded IssuerSN choice for now */
+            rek->recipientIdentifier.identifierType = NSSCMSKeyAgreeRecipientID_IssuerSN;
+            if ((rek->recipientIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL) {
+                rv = SECFailure;
+                break;
+            }
+
+            oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
+
+            /* see RFC2630 12.3.1.1 */
+            oiok->identifierType = NSSCMSOriginatorIDOrKey_OriginatorPublicKey;
+
+            rv = NSS_CMSArray_Add(poolp, (void ***)&ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys,
+                                  (void *)rek);
+
+            break;
+        default:
+            /* other algorithms not supported yet */
+            /* NOTE that we do not support any KEK algorithm */
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            rv = SECFailure;
+            break;
+    }
+
+    if (rv == SECFailure)
+        goto loser;
+
+    /* set version */
+    switch (ri->recipientInfoType) {
+        case NSSCMSRecipientInfoID_KeyTrans:
+            if (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType == NSSCMSRecipientID_IssuerSN)
+                version = NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN;
+            else
+                version = NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY;
+            dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyTransRecipientInfo.version), version);
+            if (dummy == NULL)
+                goto loser;
+            break;
+        case NSSCMSRecipientInfoID_KeyAgree:
+            dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.keyAgreeRecipientInfo.version),
+                                          NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION);
+            if (dummy == NULL)
+                goto loser;
+            break;
+        case NSSCMSRecipientInfoID_KEK:
+            /* NOTE: this cannot happen as long as we do not support any KEK algorithm */
+            dummy = SEC_ASN1EncodeInteger(poolp, &(ri->ri.kekRecipientInfo.version),
+                                          NSS_CMS_KEK_RECIPIENT_INFO_VERSION);
+            if (dummy == NULL)
+                goto loser;
+            break;
+    }
+
+done:
+    PORT_ArenaUnmark(poolp, mark);
+    if (freeSpki)
+        SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
+    return ri;
+
+loser:
+    if (ri && ri->cert) {
+        CERT_DestroyCertificate(ri->cert);
+    }
+    if (freeSpki) {
+        SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
+    }
+    PORT_ArenaRelease(poolp, mark);
+    if (cmsg->contentInfo.contentTypeTag == &fakeContent) {
+        NSS_CMSMessage_Destroy(cmsg);
+    }
+    return NULL;
+}
+
+/*
+ * NSS_CMSRecipientInfo_Create - create a recipientinfo
+ *
+ * we currently do not create KeyAgreement recipientinfos with multiple
+ * recipientEncryptedKeys the certificate is supposed to have been
+ * verified by the caller
+ */
+NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert)
+{
+    return nss_cmsrecipientinfo_create(cmsg, NSSCMSRecipientID_IssuerSN, cert,
+                                       NULL, NULL, NULL, NULL);
+}
+
+NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateNew(void *pwfn_arg)
+{
+    return nss_cmsrecipientinfo_create(NULL, NSSCMSRecipientID_BrandNew, NULL,
+                                       NULL, NULL, pwfn_arg, NULL);
+}
+
+NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateFromDER(SECItem *input, void *pwfn_arg)
+{
+    return nss_cmsrecipientinfo_create(NULL, NSSCMSRecipientID_BrandNew, NULL,
+                                       NULL, NULL, pwfn_arg, input);
+}
+
+NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg,
+                                         SECItem *subjKeyID,
+                                         SECKEYPublicKey *pubKey)
+{
+    return nss_cmsrecipientinfo_create(cmsg, NSSCMSRecipientID_SubjectKeyID,
+                                       NULL, pubKey, subjKeyID, NULL, NULL);
+}
+
+NSSCMSRecipientInfo *
+NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg,
+                                                 CERTCertificate *cert)
+{
+    SECKEYPublicKey *pubKey = NULL;
+    SECItem subjKeyID = { siBuffer, NULL, 0 };
+    NSSCMSRecipientInfo *retVal = NULL;
+
+    if (!cmsg || !cert) {
+        return NULL;
+    }
+    pubKey = CERT_ExtractPublicKey(cert);
+    if (!pubKey) {
+        goto done;
+    }
+    if (CERT_FindSubjectKeyIDExtension(cert, &subjKeyID) != SECSuccess ||
+        subjKeyID.data == NULL) {
+        goto done;
+    }
+    retVal = NSS_CMSRecipientInfo_CreateWithSubjKeyID(cmsg, &subjKeyID, pubKey);
+done:
+    if (pubKey)
+        SECKEY_DestroyPublicKey(pubKey);
+
+    if (subjKeyID.data)
+        SECITEM_FreeItem(&subjKeyID, PR_FALSE);
+
+    return retVal;
+}
+
+void
+NSS_CMSRecipientInfo_Destroy(NSSCMSRecipientInfo *ri)
+{
+    if (!ri) {
+        return;
+    }
+    /* version was allocated on the pool, so no need to destroy it */
+    /* issuerAndSN was allocated on the pool, so no need to destroy it */
+    if (ri->cert != NULL)
+        CERT_DestroyCertificate(ri->cert);
+
+    if (nss_cmsrecipientinfo_usessubjectkeyid(ri)) {
+        NSSCMSKeyTransRecipientInfoEx *extra;
+        extra = &ri->ri.keyTransRecipientInfoEx;
+        if (extra->pubKey)
+            SECKEY_DestroyPublicKey(extra->pubKey);
+    }
+    if (ri->cmsg && ri->cmsg->contentInfo.contentTypeTag == &fakeContent) {
+        NSS_CMSMessage_Destroy(ri->cmsg);
+    }
+
+    /* we're done. */
+}
+
+int
+NSS_CMSRecipientInfo_GetVersion(NSSCMSRecipientInfo *ri)
+{
+    unsigned long version;
+    SECItem *versionitem = NULL;
+
+    switch (ri->recipientInfoType) {
+        case NSSCMSRecipientInfoID_KeyTrans:
+            /* ignore subIndex */
+            versionitem = &(ri->ri.keyTransRecipientInfo.version);
+            break;
+        case NSSCMSRecipientInfoID_KEK:
+            /* ignore subIndex */
+            versionitem = &(ri->ri.kekRecipientInfo.version);
+            break;
+        case NSSCMSRecipientInfoID_KeyAgree:
+            versionitem = &(ri->ri.keyAgreeRecipientInfo.version);
+            break;
+    }
+
+    PORT_Assert(versionitem);
+    if (versionitem == NULL)
+        return 0;
+
+    /* always take apart the SECItem */
+    if (SEC_ASN1DecodeInteger(versionitem, &version) != SECSuccess)
+        return 0;
+    else
+        return (int)version;
+}
+
+SECItem *
+NSS_CMSRecipientInfo_GetEncryptedKey(NSSCMSRecipientInfo *ri, int subIndex)
+{
+    SECItem *enckey = NULL;
+
+    switch (ri->recipientInfoType) {
+        case NSSCMSRecipientInfoID_KeyTrans:
+            /* ignore subIndex */
+            enckey = &(ri->ri.keyTransRecipientInfo.encKey);
+            break;
+        case NSSCMSRecipientInfoID_KEK:
+            /* ignore subIndex */
+            enckey = &(ri->ri.kekRecipientInfo.encKey);
+            break;
+        case NSSCMSRecipientInfoID_KeyAgree:
+            enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
+            break;
+    }
+    return enckey;
+}
+
+SECOidTag
+NSS_CMSRecipientInfo_GetKeyEncryptionAlgorithmTag(NSSCMSRecipientInfo *ri)
+{
+    SECOidTag encalgtag = SEC_OID_UNKNOWN; /* an invalid encryption alg */
+
+    switch (ri->recipientInfoType) {
+        case NSSCMSRecipientInfoID_KeyTrans:
+            encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
+            break;
+        case NSSCMSRecipientInfoID_KeyAgree:
+            encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
+            break;
+        case NSSCMSRecipientInfoID_KEK:
+            encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
+            break;
+    }
+    return encalgtag;
+}
+
+SECStatus
+NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSRecipientInfo *ri, PK11SymKey *bulkkey,
+                                 SECOidTag bulkalgtag)
+{
+    CERTCertificate *cert;
+    SECOidTag certalgtag;
+    SECStatus rv = SECSuccess;
+    NSSCMSRecipientEncryptedKey *rek;
+    NSSCMSOriginatorIdentifierOrKey *oiok;
+    CERTSubjectPublicKeyInfo *spki, *freeSpki = NULL;
+    PLArenaPool *poolp;
+    NSSCMSKeyTransRecipientInfoEx *extra = NULL;
+    PRBool usesSubjKeyID;
+
+    poolp = ri->cmsg->poolp;
+    cert = ri->cert;
+    usesSubjKeyID = nss_cmsrecipientinfo_usessubjectkeyid(ri);
+    if (cert) {
+        spki = &cert->subjectPublicKeyInfo;
+    } else if (usesSubjKeyID) {
+        extra = &ri->ri.keyTransRecipientInfoEx;
+        /* sanity check */
+        PORT_Assert(extra->pubKey);
+        if (!extra->pubKey) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        spki = freeSpki = SECKEY_CreateSubjectPublicKeyInfo(extra->pubKey);
+    } else {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* XXX set ri->recipientInfoType to the proper value here */
+    /* or should we look if it's been set already ? */
+
+    certalgtag = SECOID_GetAlgorithmTag(&spki->algorithm);
+    switch (certalgtag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            /* wrap the symkey */
+            if (cert) {
+                rv = NSS_CMSUtil_EncryptSymKey_RSA(poolp, cert, bulkkey,
+                                                   &ri->ri.keyTransRecipientInfo.encKey);
+                if (rv != SECSuccess)
+                    break;
+            } else if (usesSubjKeyID) {
+                PORT_Assert(extra != NULL);
+                rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, extra->pubKey,
+                                                         bulkkey, &ri->ri.keyTransRecipientInfo.encKey);
+                if (rv != SECSuccess)
+                    break;
+            }
+
+            rv = SECOID_SetAlgorithmID(poolp, &(ri->ri.keyTransRecipientInfo.keyEncAlg), certalgtag, NULL);
+            break;
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY: /* dh-public-number */
+            rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[0];
+            if (rek == NULL) {
+                rv = SECFailure;
+                break;
+            }
+
+            oiok = &(ri->ri.keyAgreeRecipientInfo.originatorIdentifierOrKey);
+            PORT_Assert(oiok->identifierType == NSSCMSOriginatorIDOrKey_OriginatorPublicKey);
+
+            /* see RFC2630 12.3.1.1 */
+            if (SECOID_SetAlgorithmID(poolp, &oiok->id.originatorPublicKey.algorithmIdentifier,
+                                      SEC_OID_X942_DIFFIE_HELMAN_KEY, NULL) != SECSuccess) {
+                rv = SECFailure;
+                break;
+            }
+
+            /* this will generate a key pair, compute the shared secret, */
+            /* derive a key and ukm for the keyEncAlg out of it, encrypt the bulk key with */
+            /* the keyEncAlg, set encKey, keyEncAlg, publicKey etc. */
+            rv = NSS_CMSUtil_EncryptSymKey_ESDH(poolp, cert, bulkkey,
+                                                &rek->encKey,
+                                                &ri->ri.keyAgreeRecipientInfo.ukm,
+                                                &ri->ri.keyAgreeRecipientInfo.keyEncAlg,
+                                                &oiok->id.originatorPublicKey.publicKey);
+
+            break;
+        default:
+            /* other algorithms not supported yet */
+            /* NOTE that we do not support any KEK algorithm */
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            rv = SECFailure;
+    }
+    if (freeSpki)
+        SECKEY_DestroySubjectPublicKeyInfo(freeSpki);
+
+    return rv;
+}
+
+PK11SymKey *
+NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
+                                   CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
+{
+    PK11SymKey *bulkkey = NULL;
+    SECOidTag encalgtag;
+    SECItem *enckey;
+    int error;
+
+    ri->cert = CERT_DupCertificate(cert);
+    /* mark the recipientInfo so we can find it later */
+
+    switch (ri->recipientInfoType) {
+        case NSSCMSRecipientInfoID_KeyTrans:
+            encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
+            enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */
+            switch (encalgtag) {
+                case SEC_OID_PKCS1_RSA_ENCRYPTION:
+                    /* RSA encryption algorithm: */
+                    /* get the symmetric (bulk) key by unwrapping it using our private key */
+                    bulkkey = NSS_CMSUtil_DecryptSymKey_RSA(privkey, enckey, bulkalgtag);
+                    break;
+                default:
+                    error = SEC_ERROR_UNSUPPORTED_KEYALG;
+                    goto loser;
+            }
+            break;
+        case NSSCMSRecipientInfoID_KeyAgree:
+            encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
+            enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
+            switch (encalgtag) {
+                case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+                    /* Diffie-Helman key exchange */
+                    /* XXX not yet implemented */
+                    /* XXX problem: SEC_OID_X942_DIFFIE_HELMAN_KEY points to a PKCS3 mechanism! */
+                    /* we support ephemeral-static DH only, so if the recipientinfo */
+                    /* has originator stuff in it, we punt (or do we? shouldn't be that hard...) */
+                    /* first, we derive the KEK (a symkey!) using a Derive operation, then we get the */
+                    /* content encryption key using a Unwrap op */
+                    /* the derive operation has to generate the key using the algorithm in RFC2631 */
+                    error = SEC_ERROR_UNSUPPORTED_KEYALG;
+                    goto loser;
+                    break;
+                default:
+                    error = SEC_ERROR_UNSUPPORTED_KEYALG;
+                    goto loser;
+            }
+            break;
+        case NSSCMSRecipientInfoID_KEK:
+            encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
+            enckey = &(ri->ri.kekRecipientInfo.encKey);
+            /* not supported yet */
+            error = SEC_ERROR_UNSUPPORTED_KEYALG;
+            goto loser;
+            break;
+    }
+    /* XXXX continue here */
+    return bulkkey;
+
+loser:
+    PORT_SetError(error);
+    return NULL;
+}
+
+SECStatus
+NSS_CMSRecipientInfo_GetCertAndKey(NSSCMSRecipientInfo *ri,
+                                   CERTCertificate **retcert,
+                                   SECKEYPrivateKey **retkey)
+{
+    CERTCertificate *cert = NULL;
+    NSSCMSRecipient **recipients = NULL;
+    NSSCMSRecipientInfo *recipientInfos[2];
+    SECStatus rv = SECSuccess;
+    SECKEYPrivateKey *key = NULL;
+
+    if (!ri)
+        return SECFailure;
+
+    if (!retcert && !retkey) {
+        /* nothing requested, nothing found, success */
+        return SECSuccess;
+    }
+
+    if (retcert) {
+        *retcert = NULL;
+    }
+    if (retkey) {
+        *retkey = NULL;
+    }
+
+    if (ri->cert) {
+        cert = CERT_DupCertificate(ri->cert);
+        if (!cert) {
+            rv = SECFailure;
+        }
+    }
+    if (SECSuccess == rv && !cert) {
+        /* we don't have the cert, we have to look for it */
+        /* first build an NSS_CMSRecipient */
+        recipientInfos[0] = ri;
+        recipientInfos[1] = NULL;
+
+        recipients = nss_cms_recipient_list_create(recipientInfos);
+        if (recipients) {
+            /* now look for the cert and key */
+            if (0 == PK11_FindCertAndKeyByRecipientListNew(recipients,
+                                                           ri->cmsg->pwfn_arg)) {
+                cert = CERT_DupCertificate(recipients[0]->cert);
+                key = SECKEY_CopyPrivateKey(recipients[0]->privkey);
+            } else {
+                rv = SECFailure;
+            }
+
+            nss_cms_recipient_list_destroy(recipients);
+        } else {
+            rv = SECFailure;
+        }
+    } else if (SECSuccess == rv && cert && retkey) {
+        /* we have the cert, we just need the key now */
+        key = PK11_FindPrivateKeyFromCert(cert->slot, cert, ri->cmsg->pwfn_arg);
+    }
+    if (retcert) {
+        *retcert = cert;
+    } else {
+        if (cert) {
+            CERT_DestroyCertificate(cert);
+        }
+    }
+    if (retkey) {
+        *retkey = key;
+    } else {
+        if (key) {
+            SECKEY_DestroyPrivateKey(key);
+        }
+    }
+
+    return rv;
+}
+
+SECStatus
+NSS_CMSRecipientInfo_Encode(PLArenaPool *poolp,
+                            const NSSCMSRecipientInfo *src,
+                            SECItem *returned)
+{
+    extern const SEC_ASN1Template NSSCMSRecipientInfoTemplate[];
+    SECStatus rv = SECFailure;
+    if (!src || !returned) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    } else if (SEC_ASN1EncodeItem(poolp, returned, src,
+                                  NSSCMSRecipientInfoTemplate)) {
+        rv = SECSuccess;
+    }
+    return rv;
+}
diff --git a/nss/lib/smime/cmsreclist.c b/nss/lib/smime/cmsreclist.c
new file mode 100644
index 0000000..99d7e90
--- /dev/null
+++ b/nss/lib/smime/cmsreclist.c
@@ -0,0 +1,170 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS recipient list functions
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+
+static int
+nss_cms_recipients_traverse(NSSCMSRecipientInfo **recipientinfos,
+                            NSSCMSRecipient **recipient_list)
+{
+    int count = 0;
+    int rlindex = 0;
+    int i, j;
+    NSSCMSRecipient *rle;
+    NSSCMSRecipientInfo *ri;
+    NSSCMSRecipientEncryptedKey *rek;
+
+    for (i = 0; recipientinfos[i] != NULL; i++) {
+        ri = recipientinfos[i];
+        switch (ri->recipientInfoType) {
+            case NSSCMSRecipientInfoID_KeyTrans:
+                if (recipient_list) {
+                    NSSCMSRecipientIdentifier *recipId =
+                        &ri->ri.keyTransRecipientInfo.recipientIdentifier;
+
+                    if (recipId->identifierType != NSSCMSRecipientID_IssuerSN &&
+                        recipId->identifierType != NSSCMSRecipientID_SubjectKeyID) {
+                        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                        return -1;
+                    }
+                    /* alloc one & fill it out */
+                    rle = (NSSCMSRecipient *)PORT_ZAlloc(sizeof(NSSCMSRecipient));
+                    if (!rle)
+                        return -1;
+
+                    rle->riIndex = i;
+                    rle->subIndex = -1;
+                    switch (recipId->identifierType) {
+                        case NSSCMSRecipientID_IssuerSN:
+                            rle->kind = RLIssuerSN;
+                            rle->id.issuerAndSN = recipId->id.issuerAndSN;
+                            break;
+                        case NSSCMSRecipientID_SubjectKeyID:
+                            rle->kind = RLSubjKeyID;
+                            rle->id.subjectKeyID = recipId->id.subjectKeyID;
+                            break;
+                        default: /* we never get here because of identifierType check
+                                    we done before. Leaving it to kill compiler warning */
+                            break;
+                    }
+                    recipient_list[rlindex++] = rle;
+                } else {
+                    count++;
+                }
+                break;
+            case NSSCMSRecipientInfoID_KeyAgree:
+                if (ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys == NULL)
+                    break;
+                for (j = 0; ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j] != NULL; j++) {
+                    if (recipient_list) {
+                        rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j];
+                        /* alloc one & fill it out */
+                        rle = (NSSCMSRecipient *)PORT_ZAlloc(sizeof(NSSCMSRecipient));
+                        if (!rle)
+                            return -1;
+
+                        rle->riIndex = i;
+                        rle->subIndex = j;
+                        switch (rek->recipientIdentifier.identifierType) {
+                            case NSSCMSKeyAgreeRecipientID_IssuerSN:
+                                rle->kind = RLIssuerSN;
+                                rle->id.issuerAndSN = rek->recipientIdentifier.id.issuerAndSN;
+                                break;
+                            case NSSCMSKeyAgreeRecipientID_RKeyID:
+                                rle->kind = RLSubjKeyID;
+                                rle->id.subjectKeyID =
+                                    rek->recipientIdentifier.id.recipientKeyIdentifier.subjectKeyIdentifier;
+                                break;
+                        }
+                        recipient_list[rlindex++] = rle;
+                    } else {
+                        count++;
+                    }
+                }
+                break;
+            case NSSCMSRecipientInfoID_KEK:
+                /* KEK is not implemented */
+                break;
+        }
+    }
+    /* if we have a recipient list, we return on success (-1, above, on failure) */
+    /* otherwise, we return the count. */
+    if (recipient_list) {
+        recipient_list[rlindex] = NULL;
+        return 0;
+    } else {
+        return count;
+    }
+}
+
+NSSCMSRecipient **
+nss_cms_recipient_list_create(NSSCMSRecipientInfo **recipientinfos)
+{
+    int count, rv;
+    NSSCMSRecipient **recipient_list;
+
+    /* count the number of recipient identifiers */
+    count = nss_cms_recipients_traverse(recipientinfos, NULL);
+    if (count <= 0) {
+        /* no recipients? */
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+#if 0
+    PORT_SetErrorString("Cannot find recipient data in envelope.");
+#endif
+        return NULL;
+    }
+
+    /* allocate an array of pointers */
+    recipient_list = (NSSCMSRecipient **)
+        PORT_ZAlloc((count + 1) * sizeof(NSSCMSRecipient *));
+    if (recipient_list == NULL)
+        return NULL;
+
+    /* now fill in the recipient_list */
+    rv = nss_cms_recipients_traverse(recipientinfos, recipient_list);
+    if (rv < 0) {
+        nss_cms_recipient_list_destroy(recipient_list);
+        return NULL;
+    }
+    return recipient_list;
+}
+
+void
+nss_cms_recipient_list_destroy(NSSCMSRecipient **recipient_list)
+{
+    int i;
+    NSSCMSRecipient *recipient;
+
+    for (i = 0; recipient_list[i] != NULL; i++) {
+        recipient = recipient_list[i];
+        if (recipient->cert)
+            CERT_DestroyCertificate(recipient->cert);
+        if (recipient->privkey)
+            SECKEY_DestroyPrivateKey(recipient->privkey);
+        if (recipient->slot)
+            PK11_FreeSlot(recipient->slot);
+        PORT_Free(recipient);
+    }
+    PORT_Free(recipient_list);
+}
+
+NSSCMSRecipientEncryptedKey *
+NSS_CMSRecipientEncryptedKey_Create(PLArenaPool *poolp)
+{
+    return (NSSCMSRecipientEncryptedKey *)PORT_ArenaZAlloc(poolp,
+                                                           sizeof(NSSCMSRecipientEncryptedKey));
+}
diff --git a/nss/lib/smime/cmsreclist.h b/nss/lib/smime/cmsreclist.h
new file mode 100644
index 0000000..f424aca
--- /dev/null
+++ b/nss/lib/smime/cmsreclist.h
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _CMSRECLIST_H
+#define _CMSRECLIST_H
+
+struct NSSCMSRecipientStr {
+    int riIndex;  /* this recipient's index in recipientInfo array */
+    int subIndex; /* index into recipientEncryptedKeys */
+                  /* (only in NSSCMSKeyAgreeRecipientInfoStr) */
+    enum { RLIssuerSN = 0,
+           RLSubjKeyID = 1 } kind; /* for conversion recipientinfos -> recipientlist */
+    union {
+        CERTIssuerAndSN* issuerAndSN;
+        SECItem* subjectKeyID;
+    } id;
+
+    /* result data (filled out for each recipient that's us) */
+    CERTCertificate* cert;
+    SECKEYPrivateKey* privkey;
+    PK11SlotInfo* slot;
+};
+
+typedef struct NSSCMSRecipientStr NSSCMSRecipient;
+
+#endif /* _CMSRECLIST_H */
diff --git a/nss/lib/smime/cmssigdata.c b/nss/lib/smime/cmssigdata.c
new file mode 100644
index 0000000..7dd6ea4
--- /dev/null
+++ b/nss/lib/smime/cmssigdata.c
@@ -0,0 +1,1141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS signedData methods.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+/*#include "cdbhdl.h"*/
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "secerr.h"
+
+NSSCMSSignedData *
+NSS_CMSSignedData_Create(NSSCMSMessage *cmsg)
+{
+    void *mark;
+    NSSCMSSignedData *sigd;
+    PLArenaPool *poolp;
+
+    if (!cmsg) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    poolp = cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    sigd = (NSSCMSSignedData *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSSignedData));
+    if (sigd == NULL)
+        goto loser;
+
+    sigd->cmsg = cmsg;
+
+    /* signerInfos, certs, certlists, crls are all empty */
+    /* version is set in NSS_CMSSignedData_Finalize() */
+
+    PORT_ArenaUnmark(poolp, mark);
+    return sigd;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+void
+NSS_CMSSignedData_Destroy(NSSCMSSignedData *sigd)
+{
+    CERTCertificate **certs, **tempCerts, *cert;
+    CERTCertificateList **certlists, *certlist;
+    NSSCMSSignerInfo **signerinfos, *si;
+
+    if (sigd == NULL)
+        return;
+
+    certs = sigd->certs;
+    tempCerts = sigd->tempCerts;
+    certlists = sigd->certLists;
+    signerinfos = sigd->signerInfos;
+
+    if (certs != NULL) {
+        while ((cert = *certs++) != NULL)
+            CERT_DestroyCertificate(cert);
+    }
+
+    if (tempCerts != NULL) {
+        while ((cert = *tempCerts++) != NULL)
+            CERT_DestroyCertificate(cert);
+    }
+
+    if (certlists != NULL) {
+        while ((certlist = *certlists++) != NULL)
+            CERT_DestroyCertificateList(certlist);
+    }
+
+    if (signerinfos != NULL) {
+        while ((si = *signerinfos++) != NULL)
+            NSS_CMSSignerInfo_Destroy(si);
+    }
+
+    /* everything's in a pool, so don't worry about the storage */
+    NSS_CMSContentInfo_Destroy(&(sigd->contentInfo));
+}
+
+/*
+ * NSS_CMSSignedData_Encode_BeforeStart - do all the necessary things to a SignedData
+ *     before start of encoding.
+ *
+ * In detail:
+ *  - find out about the right value to put into sigd->version
+ *  - come up with a list of digestAlgorithms (which should be the union of the algorithms
+ *         in the signerinfos).
+ *         If we happen to have a pre-set list of algorithms (and digest values!), we
+ *         check if we have all the signerinfos' algorithms. If not, this is an error.
+ */
+SECStatus
+NSS_CMSSignedData_Encode_BeforeStart(NSSCMSSignedData *sigd)
+{
+    NSSCMSSignerInfo *signerinfo;
+    SECOidTag digestalgtag;
+    SECItem *dummy;
+    int version;
+    SECStatus rv;
+    PRBool haveDigests = PR_FALSE;
+    int n, i;
+    PLArenaPool *poolp;
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    poolp = sigd->cmsg->poolp;
+
+    /* we assume that we have precomputed digests if there is a list of algorithms, and */
+    /* a chunk of data for each of those algorithms */
+    if (sigd->digestAlgorithms != NULL && sigd->digests != NULL) {
+        for (i = 0; sigd->digestAlgorithms[i] != NULL; i++) {
+            if (sigd->digests[i] == NULL)
+                break;
+        }
+        if (sigd->digestAlgorithms[i] == NULL) /* reached the end of the array? */
+            haveDigests = PR_TRUE;             /* yes: we must have all the digests */
+    }
+
+    version = NSS_CMS_SIGNED_DATA_VERSION_BASIC;
+
+    /* RFC2630 5.1 "version is the syntax version number..." */
+    if (NSS_CMSContentInfo_GetContentTypeTag(&(sigd->contentInfo)) != SEC_OID_PKCS7_DATA)
+        version = NSS_CMS_SIGNED_DATA_VERSION_EXT;
+
+    /* prepare all the SignerInfos (there may be none) */
+    for (i = 0; i < NSS_CMSSignedData_SignerInfoCount(sigd); i++) {
+        signerinfo = NSS_CMSSignedData_GetSignerInfo(sigd, i);
+
+        /* RFC2630 5.1 "version is the syntax version number..." */
+        if (NSS_CMSSignerInfo_GetVersion(signerinfo) != NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN)
+            version = NSS_CMS_SIGNED_DATA_VERSION_EXT;
+
+        /* collect digestAlgorithms from SignerInfos */
+        /* (we need to know which algorithms we have when the content comes in) */
+        /* do not overwrite any existing digestAlgorithms (and digest) */
+        digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
+        n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
+        if (n < 0 && haveDigests) {
+            /* oops, there is a digestalg we do not have a digest for */
+            /* but we were supposed to have all the digests already... */
+            goto loser;
+        } else if (n < 0) {
+            /* add the digestAlgorithm & a NULL digest */
+            rv = NSS_CMSSignedData_AddDigest(poolp, sigd, digestalgtag, NULL);
+            if (rv != SECSuccess)
+                goto loser;
+        } else {
+            /* found it, nothing to do */
+        }
+    }
+
+    dummy = SEC_ASN1EncodeInteger(poolp, &(sigd->version), (long)version);
+    if (dummy == NULL)
+        return SECFailure;
+
+    /* this is a SET OF, so we need to sort them guys */
+    rv = NSS_CMSArray_SortByDER((void **)sigd->digestAlgorithms,
+                                SEC_ASN1_GET(SECOID_AlgorithmIDTemplate),
+                                (void **)sigd->digests);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSSignedData_Encode_BeforeData(NSSCMSSignedData *sigd)
+{
+    SECStatus rv;
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    rv = NSS_CMSContentInfo_Private_Init(&sigd->contentInfo);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    /* set up the digests */
+    if (sigd->digests && sigd->digests[0]) {
+        sigd->contentInfo.privateInfo->digcx = NULL; /* don't attempt to make new ones. */
+    } else if (sigd->digestAlgorithms != NULL) {
+        sigd->contentInfo.privateInfo->digcx =
+            NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
+        if (sigd->contentInfo.privateInfo->digcx == NULL)
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSSignedData_Encode_AfterData - do all the necessary things to a SignedData
+ *     after all the encapsulated data was passed through the encoder.
+ *
+ * In detail:
+ *  - create the signatures in all the SignerInfos
+ *
+ * Please note that nothing is done to the Certificates and CRLs in the message - this
+ * is entirely the responsibility of our callers.
+ */
+SECStatus
+NSS_CMSSignedData_Encode_AfterData(NSSCMSSignedData *sigd)
+{
+    NSSCMSSignerInfo **signerinfos, *signerinfo;
+    NSSCMSContentInfo *cinfo;
+    SECOidTag digestalgtag;
+    SECStatus ret = SECFailure;
+    SECStatus rv;
+    SECItem *contentType;
+    int certcount;
+    int i, ci, cli, n, rci, si;
+    PLArenaPool *poolp;
+    CERTCertificateList *certlist;
+    extern const SEC_ASN1Template NSSCMSSignerInfoTemplate[];
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    poolp = sigd->cmsg->poolp;
+    cinfo = &(sigd->contentInfo);
+
+    /* did we have digest calculation going on? */
+    if (cinfo->privateInfo && cinfo->privateInfo->digcx) {
+        rv = NSS_CMSDigestContext_FinishMultiple(cinfo->privateInfo->digcx, poolp,
+                                                 &(sigd->digests));
+        /* error has been set by NSS_CMSDigestContext_FinishMultiple */
+        cinfo->privateInfo->digcx = NULL;
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    signerinfos = sigd->signerInfos;
+    certcount = 0;
+
+    /* prepare all the SignerInfos (there may be none) */
+    for (i = 0; i < NSS_CMSSignedData_SignerInfoCount(sigd); i++) {
+        signerinfo = NSS_CMSSignedData_GetSignerInfo(sigd, i);
+
+        /* find correct digest for this signerinfo */
+        digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
+        n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
+        if (n < 0 || sigd->digests == NULL || sigd->digests[n] == NULL) {
+            /* oops - digest not found */
+            PORT_SetError(SEC_ERROR_DIGEST_NOT_FOUND);
+            goto loser;
+        }
+
+        /* XXX if our content is anything else but data, we need to force the
+         * presence of signed attributes (RFC2630 5.3 "signedAttributes is a
+         * collection...") */
+
+        /* pass contentType here as we want a contentType attribute */
+        if ((contentType = NSS_CMSContentInfo_GetContentTypeOID(cinfo)) == NULL)
+            goto loser;
+
+        /* sign the thing */
+        rv = NSS_CMSSignerInfo_Sign(signerinfo, sigd->digests[n], contentType);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* while we're at it, count number of certs in certLists */
+        certlist = NSS_CMSSignerInfo_GetCertList(signerinfo);
+        if (certlist)
+            certcount += certlist->len;
+    }
+
+    /* this is a SET OF, so we need to sort them guys */
+    rv = NSS_CMSArray_SortByDER((void **)signerinfos, NSSCMSSignerInfoTemplate, NULL);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /*
+     * now prepare certs & crls
+     */
+
+    /* count the rest of the certs */
+    if (sigd->certs != NULL) {
+        for (ci = 0; sigd->certs[ci] != NULL; ci++)
+            certcount++;
+    }
+
+    if (sigd->certLists != NULL) {
+        for (cli = 0; sigd->certLists[cli] != NULL; cli++)
+            certcount += sigd->certLists[cli]->len;
+    }
+
+    if (certcount == 0) {
+        sigd->rawCerts = NULL;
+    } else {
+        /*
+         * Combine all of the certs and cert chains into rawcerts.
+         * Note: certcount is an upper bound; we may not need that many slots
+         * but we will allocate anyway to avoid having to do another pass.
+         * (The temporary space saving is not worth it.)
+         *
+         * XXX ARGH - this NEEDS to be fixed. need to come up with a decent
+         *  SetOfDERcertficates implementation
+         */
+        sigd->rawCerts = (SECItem **)PORT_ArenaAlloc(poolp, (certcount + 1) * sizeof(SECItem *));
+        if (sigd->rawCerts == NULL)
+            return SECFailure;
+
+        /*
+         * XXX Want to check for duplicates and not add *any* cert that is
+         * already in the set.  This will be more important when we start
+         * dealing with larger sets of certs, dual-key certs (signing and
+         * encryption), etc.  For the time being we can slide by...
+         *
+         * XXX ARGH - this NEEDS to be fixed. need to come up with a decent
+         *  SetOfDERcertficates implementation
+         */
+        rci = 0;
+        if (signerinfos != NULL) {
+            for (si = 0; signerinfos[si] != NULL; si++) {
+                signerinfo = signerinfos[si];
+                for (ci = 0; ci < signerinfo->certList->len; ci++)
+                    sigd->rawCerts[rci++] = &(signerinfo->certList->certs[ci]);
+            }
+        }
+
+        if (sigd->certs != NULL) {
+            for (ci = 0; sigd->certs[ci] != NULL; ci++)
+                sigd->rawCerts[rci++] = &(sigd->certs[ci]->derCert);
+        }
+
+        if (sigd->certLists != NULL) {
+            for (cli = 0; sigd->certLists[cli] != NULL; cli++) {
+                for (ci = 0; ci < sigd->certLists[cli]->len; ci++)
+                    sigd->rawCerts[rci++] = &(sigd->certLists[cli]->certs[ci]);
+            }
+        }
+
+        sigd->rawCerts[rci] = NULL;
+
+        /* this is a SET OF, so we need to sort them guys - we have the DER already, though */
+        NSS_CMSArray_Sort((void **)sigd->rawCerts, NSS_CMSUtil_DERCompare, NULL, NULL);
+    }
+
+    ret = SECSuccess;
+
+loser:
+    return ret;
+}
+
+SECStatus
+NSS_CMSSignedData_Decode_BeforeData(NSSCMSSignedData *sigd)
+{
+    SECStatus rv;
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    rv = NSS_CMSContentInfo_Private_Init(&sigd->contentInfo);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    /* handle issue with Windows 2003 servers and kerberos */
+    if (sigd->digestAlgorithms != NULL) {
+        int i;
+        for (i = 0; sigd->digestAlgorithms[i] != NULL; i++) {
+            SECAlgorithmID *algid = sigd->digestAlgorithms[i];
+            SECOidTag senttag = SECOID_FindOIDTag(&algid->algorithm);
+            SECOidTag maptag = NSS_CMSUtil_MapSignAlgs(senttag);
+
+            if (maptag != senttag) {
+                SECOidData *hashoid = SECOID_FindOIDByTag(maptag);
+                rv = SECITEM_CopyItem(sigd->cmsg->poolp, &algid->algorithm, &hashoid->oid);
+                if (rv != SECSuccess) {
+                    return rv;
+                }
+            }
+        }
+    }
+
+    /* set up the digests */
+    if (sigd->digestAlgorithms != NULL && sigd->digests == NULL) {
+        /* if digests are already there, do nothing */
+        sigd->contentInfo.privateInfo->digcx = NSS_CMSDigestContext_StartMultiple(sigd->digestAlgorithms);
+        if (sigd->contentInfo.privateInfo->digcx == NULL)
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSSignedData_Decode_AfterData - do all the necessary things to a
+ *   SignedData after all the encapsulated data was passed through the decoder.
+ */
+SECStatus
+NSS_CMSSignedData_Decode_AfterData(NSSCMSSignedData *sigd)
+{
+    SECStatus rv = SECSuccess;
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* did we have digest calculation going on? */
+    if (sigd->contentInfo.privateInfo && sigd->contentInfo.privateInfo->digcx) {
+        rv = NSS_CMSDigestContext_FinishMultiple(sigd->contentInfo.privateInfo->digcx,
+                                                 sigd->cmsg->poolp, &(sigd->digests));
+        /* error set by NSS_CMSDigestContext_FinishMultiple */
+        sigd->contentInfo.privateInfo->digcx = NULL;
+    }
+    return rv;
+}
+
+/*
+ * NSS_CMSSignedData_Decode_AfterEnd - do all the necessary things to a SignedData
+ *     after all decoding is finished.
+ */
+SECStatus
+NSS_CMSSignedData_Decode_AfterEnd(NSSCMSSignedData *sigd)
+{
+    NSSCMSSignerInfo **signerinfos = NULL;
+    int i;
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* set cmsg for all the signerinfos */
+    signerinfos = sigd->signerInfos;
+
+    /* set cmsg for all the signerinfos */
+    if (signerinfos) {
+        for (i = 0; signerinfos[i] != NULL; i++)
+            signerinfos[i]->cmsg = sigd->cmsg;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSSignedData_GetSignerInfos - retrieve the SignedData's signer list
+ */
+NSSCMSSignerInfo **
+NSS_CMSSignedData_GetSignerInfos(NSSCMSSignedData *sigd)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    return sigd->signerInfos;
+}
+
+int
+NSS_CMSSignedData_SignerInfoCount(NSSCMSSignedData *sigd)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return 0;
+    }
+    return NSS_CMSArray_Count((void **)sigd->signerInfos);
+}
+
+NSSCMSSignerInfo *
+NSS_CMSSignedData_GetSignerInfo(NSSCMSSignedData *sigd, int i)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    return sigd->signerInfos[i];
+}
+
+/*
+ * NSS_CMSSignedData_GetDigestAlgs - retrieve the SignedData's digest algorithm list
+ */
+SECAlgorithmID **
+NSS_CMSSignedData_GetDigestAlgs(NSSCMSSignedData *sigd)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    return sigd->digestAlgorithms;
+}
+
+/*
+ * NSS_CMSSignedData_GetContentInfo - return pointer to this signedData's contentinfo
+ */
+NSSCMSContentInfo *
+NSS_CMSSignedData_GetContentInfo(NSSCMSSignedData *sigd)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    return &(sigd->contentInfo);
+}
+
+/*
+ * NSS_CMSSignedData_GetCertificateList - retrieve the SignedData's certificate list
+ */
+SECItem **
+NSS_CMSSignedData_GetCertificateList(NSSCMSSignedData *sigd)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    return sigd->rawCerts;
+}
+
+SECStatus
+NSS_CMSSignedData_ImportCerts(NSSCMSSignedData *sigd, CERTCertDBHandle *certdb,
+                              SECCertUsage certusage, PRBool keepcerts)
+{
+    int certcount;
+    CERTCertificate **certArray = NULL;
+    CERTCertList *certList = NULL;
+    CERTCertListNode *node;
+    SECStatus rv;
+    SECItem **rawArray;
+    int i;
+    PRTime now;
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    certcount = NSS_CMSArray_Count((void **)sigd->rawCerts);
+
+    /* get the certs in the temp DB */
+    rv = CERT_ImportCerts(certdb, certusage, certcount, sigd->rawCerts,
+                          &certArray, PR_FALSE, PR_FALSE, NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* save the certs so they don't get destroyed */
+    for (i = 0; i < certcount; i++) {
+        CERTCertificate *cert = certArray[i];
+        if (cert)
+            NSS_CMSSignedData_AddTempCertificate(sigd, cert);
+    }
+
+    if (!keepcerts) {
+        goto done;
+    }
+
+    /* build a CertList for filtering */
+    certList = CERT_NewCertList();
+    if (certList == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    for (i = 0; i < certcount; i++) {
+        CERTCertificate *cert = certArray[i];
+        if (cert)
+            cert = CERT_DupCertificate(cert);
+        if (cert)
+            CERT_AddCertToListTail(certList, cert);
+    }
+
+    /* filter out the certs we don't want */
+    rv = CERT_FilterCertListByUsage(certList, certusage, PR_FALSE);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* go down the remaining list of certs and verify that they have
+     * valid chains, then import them.
+     */
+    now = PR_Now();
+    for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
+         node = CERT_LIST_NEXT(node)) {
+        CERTCertificateList *certChain;
+
+        if (CERT_VerifyCert(certdb, node->cert,
+                            PR_TRUE, certusage, now, NULL, NULL) != SECSuccess) {
+            continue;
+        }
+
+        certChain = CERT_CertChainFromCert(node->cert, certusage, PR_FALSE);
+        if (!certChain) {
+            continue;
+        }
+
+        /*
+         * CertChain returns an array of SECItems, import expects an array of
+         * SECItem pointers. Create the SECItem Pointers from the array of
+         * SECItems.
+         */
+        rawArray = (SECItem **)PORT_Alloc(certChain->len * sizeof(SECItem *));
+        if (!rawArray) {
+            CERT_DestroyCertificateList(certChain);
+            continue;
+        }
+        for (i = 0; i < certChain->len; i++) {
+            rawArray[i] = &certChain->certs[i];
+        }
+        (void)CERT_ImportCerts(certdb, certusage, certChain->len,
+                               rawArray, NULL, keepcerts, PR_FALSE, NULL);
+        PORT_Free(rawArray);
+        CERT_DestroyCertificateList(certChain);
+    }
+
+    rv = SECSuccess;
+
+/* XXX CRL handling */
+
+done:
+    if (sigd->signerInfos != NULL) {
+        /* fill in all signerinfo's certs */
+        for (i = 0; sigd->signerInfos[i] != NULL; i++)
+            (void)NSS_CMSSignerInfo_GetSigningCertificate(
+                sigd->signerInfos[i], certdb);
+    }
+
+loser:
+    /* now free everything */
+    if (certArray) {
+        CERT_DestroyCertArray(certArray, certcount);
+    }
+    if (certList) {
+        CERT_DestroyCertList(certList);
+    }
+
+    return rv;
+}
+
+/*
+ * XXX the digests need to be passed in BETWEEN the decoding and the verification in case
+ *     of external signatures!
+ */
+
+/*
+ * NSS_CMSSignedData_VerifySignerInfo - check the signatures.
+ *
+ * The digests were either calculated during decoding (and are stored in the
+ * signedData itself) or set after decoding using NSS_CMSSignedData_SetDigests.
+ *
+ * The verification checks if the signing cert is valid and has a trusted chain
+ * for the purpose specified by "certusage".
+ */
+SECStatus
+NSS_CMSSignedData_VerifySignerInfo(NSSCMSSignedData *sigd, int i,
+                                   CERTCertDBHandle *certdb, SECCertUsage certusage)
+{
+    NSSCMSSignerInfo *signerinfo;
+    NSSCMSContentInfo *cinfo;
+    SECOidData *algiddata;
+    SECItem *contentType, *digest;
+    SECOidTag oidTag;
+    SECStatus rv;
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    cinfo = &(sigd->contentInfo);
+
+    signerinfo = sigd->signerInfos[i];
+
+    /* verify certificate */
+    rv = NSS_CMSSignerInfo_VerifyCertificate(signerinfo, certdb, certusage);
+    if (rv != SECSuccess)
+        return rv; /* error is set */
+
+    /* find digest and contentType for signerinfo */
+    algiddata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo);
+    oidTag = algiddata ? algiddata->offset : SEC_OID_UNKNOWN;
+    digest = NSS_CMSSignedData_GetDigestValue(sigd, oidTag);
+    /* NULL digest is acceptable. */
+    contentType = NSS_CMSContentInfo_GetContentTypeOID(cinfo);
+    /* NULL contentType is acceptable. */
+
+    /* now verify signature */
+    rv = NSS_CMSSignerInfo_Verify(signerinfo, digest, contentType);
+    return rv;
+}
+
+/*
+ * NSS_CMSSignedData_VerifyCertsOnly - verify the certs in a certs-only message
+ */
+SECStatus
+NSS_CMSSignedData_VerifyCertsOnly(NSSCMSSignedData *sigd,
+                                  CERTCertDBHandle *certdb,
+                                  SECCertUsage usage)
+{
+    CERTCertificate *cert;
+    SECStatus rv = SECSuccess;
+    int i;
+    int count;
+    PRTime now;
+    void *pwarg = NULL;
+
+    if (!sigd || !certdb || !sigd->rawCerts) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    count = NSS_CMSArray_Count((void **)sigd->rawCerts);
+    now = PR_Now();
+    for (i = 0; i < count; i++) {
+        if (sigd->certs && sigd->certs[i]) {
+            cert = CERT_DupCertificate(sigd->certs[i]);
+        } else {
+            cert = CERT_FindCertByDERCert(certdb, sigd->rawCerts[i]);
+            if (!cert) {
+                rv = SECFailure;
+                break;
+            }
+        }
+        if (sigd->cmsg) {
+            pwarg = sigd->cmsg->pwfn_arg;
+        }
+        rv |= CERT_VerifyCert(certdb, cert, PR_TRUE, usage, now,
+                              pwarg, NULL);
+        CERT_DestroyCertificate(cert);
+    }
+
+    return rv;
+}
+
+/*
+ * NSS_CMSSignedData_HasDigests - see if we have digests in place
+ */
+PRBool
+NSS_CMSSignedData_HasDigests(NSSCMSSignedData *sigd)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return PR_FALSE;
+    }
+    return (sigd->digests != NULL);
+}
+
+SECStatus
+NSS_CMSSignedData_AddCertList(NSSCMSSignedData *sigd, CERTCertificateList *certlist)
+{
+    SECStatus rv;
+
+    if (!sigd || !certlist) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* XXX memory?? a certlist has an arena of its own and is not refcounted!?!? */
+    rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certLists), (void *)certlist);
+
+    return rv;
+}
+
+/*
+ * NSS_CMSSignedData_AddCertChain - add cert and its entire chain to the set of certs
+ */
+SECStatus
+NSS_CMSSignedData_AddCertChain(NSSCMSSignedData *sigd, CERTCertificate *cert)
+{
+    CERTCertificateList *certlist;
+    SECCertUsage usage;
+    SECStatus rv;
+
+    usage = certUsageEmailSigner;
+
+    if (!sigd || !cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* do not include root */
+    certlist = CERT_CertChainFromCert(cert, usage, PR_FALSE);
+    if (certlist == NULL)
+        return SECFailure;
+
+    rv = NSS_CMSSignedData_AddCertList(sigd, certlist);
+
+    return rv;
+}
+
+extern SECStatus
+NSS_CMSSignedData_AddTempCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
+{
+    CERTCertificate *c;
+    SECStatus rv;
+
+    if (!sigd || !cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    c = CERT_DupCertificate(cert);
+    rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->tempCerts), (void *)c);
+    return rv;
+}
+
+SECStatus
+NSS_CMSSignedData_AddCertificate(NSSCMSSignedData *sigd, CERTCertificate *cert)
+{
+    CERTCertificate *c;
+    SECStatus rv;
+
+    if (!sigd || !cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    c = CERT_DupCertificate(cert);
+    rv = NSS_CMSArray_Add(sigd->cmsg->poolp, (void ***)&(sigd->certs), (void *)c);
+    return rv;
+}
+
+PRBool
+NSS_CMSSignedData_ContainsCertsOrCrls(NSSCMSSignedData *sigd)
+{
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return PR_FALSE;
+    }
+    if (sigd->rawCerts != NULL && sigd->rawCerts[0] != NULL)
+        return PR_TRUE;
+    else if (sigd->crls != NULL && sigd->crls[0] != NULL)
+        return PR_TRUE;
+    else
+        return PR_FALSE;
+}
+
+SECStatus
+NSS_CMSSignedData_AddSignerInfo(NSSCMSSignedData *sigd,
+                                NSSCMSSignerInfo *signerinfo)
+{
+    void *mark;
+    SECStatus rv;
+    SECOidTag digestalgtag;
+    PLArenaPool *poolp;
+
+    if (!sigd || !signerinfo) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    poolp = sigd->cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* add signerinfo */
+    rv = NSS_CMSArray_Add(poolp, (void ***)&(sigd->signerInfos), (void *)signerinfo);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /*
+     * add empty digest
+     * Empty because we don't have it yet. Either it gets created during encoding
+     * (if the data is present) or has to be set externally.
+     * XXX maybe pass it in optionally?
+     */
+    digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
+    rv = NSS_CMSSignedData_SetDigestValue(sigd, digestalgtag, NULL);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /*
+     * The last thing to get consistency would be adding the digest.
+     */
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSSignedData_SetDigests - set a signedData's digests member
+ *
+ * "digestalgs" - array of digest algorithm IDs
+ * "digests"    - array of digests corresponding to the digest algorithms
+ */
+SECStatus
+NSS_CMSSignedData_SetDigests(NSSCMSSignedData *sigd,
+                             SECAlgorithmID **digestalgs,
+                             SECItem **digests)
+{
+    int cnt, i, idx;
+
+    if (!sigd || !digestalgs || !digests) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (sigd->digestAlgorithms == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* we assume that the digests array is just not there yet */
+    PORT_Assert(sigd->digests == NULL);
+    if (sigd->digests != NULL) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /* now allocate one (same size as digestAlgorithms) */
+    cnt = NSS_CMSArray_Count((void **)sigd->digestAlgorithms);
+    sigd->digests = PORT_ArenaZAlloc(sigd->cmsg->poolp, (cnt + 1) * sizeof(SECItem *));
+    if (sigd->digests == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    for (i = 0; sigd->digestAlgorithms[i] != NULL; i++) {
+        /* try to find the sigd's i'th digest algorithm in the array we passed in */
+        idx = NSS_CMSAlgArray_GetIndexByAlgID(digestalgs, sigd->digestAlgorithms[i]);
+        if (idx < 0) {
+            PORT_SetError(SEC_ERROR_DIGEST_NOT_FOUND);
+            return SECFailure;
+        }
+        if (!digests[idx]) {
+            /* We have no digest for this algorithm, probably because it is
+            ** unrecognized or unsupported.  We'll ignore this here.  If this
+            ** digest is needed later, an error will be be generated then.
+            */
+            continue;
+        }
+
+        /* found it - now set it */
+        if ((sigd->digests[i] = SECITEM_AllocItem(sigd->cmsg->poolp, NULL, 0)) == NULL ||
+            SECITEM_CopyItem(sigd->cmsg->poolp, sigd->digests[i], digests[idx]) != SECSuccess) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+NSS_CMSSignedData_SetDigestValue(NSSCMSSignedData *sigd,
+                                 SECOidTag digestalgtag,
+                                 SECItem *digestdata)
+{
+    SECItem *digest = NULL;
+    PLArenaPool *poolp;
+    void *mark;
+    int n, cnt;
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    poolp = sigd->cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    if (digestdata) {
+        digest = (SECItem *)PORT_ArenaZAlloc(poolp, sizeof(SECItem));
+
+        /* copy digestdata item to arena (in case we have it and are not only making room) */
+        if (SECITEM_CopyItem(poolp, digest, digestdata) != SECSuccess)
+            goto loser;
+    }
+
+    /* now allocate one (same size as digestAlgorithms) */
+    if (sigd->digests == NULL) {
+        cnt = NSS_CMSArray_Count((void **)sigd->digestAlgorithms);
+        sigd->digests = PORT_ArenaZAlloc(sigd->cmsg->poolp, (cnt + 1) * sizeof(SECItem *));
+        if (sigd->digests == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return SECFailure;
+        }
+    }
+
+    n = -1;
+    if (sigd->digestAlgorithms != NULL)
+        n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
+
+    /* if not found, add a digest */
+    if (n < 0) {
+        if (NSS_CMSSignedData_AddDigest(poolp, sigd, digestalgtag, digest) != SECSuccess)
+            goto loser;
+    } else {
+        /* replace NULL pointer with digest item (and leak previous value) */
+        sigd->digests[n] = digest;
+    }
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSSignedData_AddDigest(PLArenaPool *poolp,
+                            NSSCMSSignedData *sigd,
+                            SECOidTag digestalgtag,
+                            SECItem *digest)
+{
+    SECAlgorithmID *digestalg;
+    void *mark;
+
+    if (!sigd || !poolp) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    mark = PORT_ArenaMark(poolp);
+
+    digestalg = PORT_ArenaZAlloc(poolp, sizeof(SECAlgorithmID));
+    if (digestalg == NULL)
+        goto loser;
+
+    if (SECOID_SetAlgorithmID(poolp, digestalg, digestalgtag, NULL) != SECSuccess) /* no params */
+        goto loser;
+
+    if (NSS_CMSArray_Add(poolp, (void ***)&(sigd->digestAlgorithms),
+                         (void *)digestalg) != SECSuccess ||
+        /* even if digest is NULL, add dummy to have same-size array */
+        NSS_CMSArray_Add(poolp, (void ***)&(sigd->digests),
+                         (void *)digest) != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/* XXX This function doesn't set the error code on failure. */
+SECItem *
+NSS_CMSSignedData_GetDigestValue(NSSCMSSignedData *sigd, SECOidTag digestalgtag)
+{
+    int n;
+
+    if (!sigd) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (sigd->digestAlgorithms == NULL || sigd->digests == NULL) {
+        PORT_SetError(SEC_ERROR_DIGEST_NOT_FOUND);
+        return NULL;
+    }
+
+    n = NSS_CMSAlgArray_GetIndexByAlgTag(sigd->digestAlgorithms, digestalgtag);
+
+    return (n < 0) ? NULL : sigd->digests[n];
+}
+
+/* =============================================================================
+ * Misc. utility functions
+ */
+
+/*
+ * NSS_CMSSignedData_CreateCertsOnly - create a certs-only SignedData.
+ *
+ * cert          - base certificates that will be included
+ * include_chain - if true, include the complete cert chain for cert
+ *
+ * More certs and chains can be added via AddCertificate and AddCertChain.
+ *
+ * An error results in a return value of NULL and an error set.
+ *
+ * XXXX CRLs
+ */
+NSSCMSSignedData *
+NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain)
+{
+    NSSCMSSignedData *sigd;
+    void *mark;
+    PLArenaPool *poolp;
+    SECStatus rv;
+
+    if (!cmsg || !cert) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    poolp = cmsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+
+    sigd = NSS_CMSSignedData_Create(cmsg);
+    if (sigd == NULL)
+        goto loser;
+
+    /* no signerinfos, thus no digestAlgorithms */
+
+    /* but certs */
+    if (include_chain) {
+        rv = NSS_CMSSignedData_AddCertChain(sigd, cert);
+    } else {
+        rv = NSS_CMSSignedData_AddCertificate(sigd, cert);
+    }
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* RFC2630 5.2 sez:
+     * In the degenerate case where there are no signers, the
+     * EncapsulatedContentInfo value being "signed" is irrelevant.  In this
+     * case, the content type within the EncapsulatedContentInfo value being
+     * "signed" should be id-data (as defined in section 4), and the content
+     * field of the EncapsulatedContentInfo value should be omitted.
+     */
+    rv = NSS_CMSContentInfo_SetContent_Data(cmsg, &(sigd->contentInfo), NULL, PR_TRUE);
+    if (rv != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return sigd;
+
+loser:
+    if (sigd)
+        NSS_CMSSignedData_Destroy(sigd);
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+/* TODO:
+ * NSS_CMSSignerInfo_GetReceiptRequest()
+ * NSS_CMSSignedData_HasReceiptRequest()
+ * easy way to iterate over signers
+ */
diff --git a/nss/lib/smime/cmssiginfo.c b/nss/lib/smime/cmssiginfo.c
new file mode 100644
index 0000000..ce4f87c
--- /dev/null
+++ b/nss/lib/smime/cmssiginfo.c
@@ -0,0 +1,1024 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS signerInfo methods.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+#include "secder.h"
+#include "cryptohi.h"
+
+#include "smime.h"
+
+/* =============================================================================
+ * SIGNERINFO
+ */
+NSSCMSSignerInfo *
+nss_cmssignerinfo_create(NSSCMSMessage *cmsg, NSSCMSSignerIDSelector type,
+                         CERTCertificate *cert, SECItem *subjKeyID, SECKEYPublicKey *pubKey,
+                         SECKEYPrivateKey *signingKey, SECOidTag digestalgtag);
+
+NSSCMSSignerInfo *
+NSS_CMSSignerInfo_CreateWithSubjKeyID(NSSCMSMessage *cmsg, SECItem *subjKeyID,
+                                      SECKEYPublicKey *pubKey,
+                                      SECKEYPrivateKey *signingKey, SECOidTag digestalgtag)
+{
+    return nss_cmssignerinfo_create(cmsg, NSSCMSSignerID_SubjectKeyID, NULL,
+                                    subjKeyID, pubKey, signingKey, digestalgtag);
+}
+
+NSSCMSSignerInfo *
+NSS_CMSSignerInfo_Create(NSSCMSMessage *cmsg, CERTCertificate *cert, SECOidTag digestalgtag)
+{
+    return nss_cmssignerinfo_create(cmsg, NSSCMSSignerID_IssuerSN, cert, NULL,
+                                    NULL, NULL, digestalgtag);
+}
+
+NSSCMSSignerInfo *
+nss_cmssignerinfo_create(NSSCMSMessage *cmsg, NSSCMSSignerIDSelector type,
+                         CERTCertificate *cert, SECItem *subjKeyID, SECKEYPublicKey *pubKey,
+                         SECKEYPrivateKey *signingKey, SECOidTag digestalgtag)
+{
+    void *mark;
+    NSSCMSSignerInfo *signerinfo;
+    int version;
+    PLArenaPool *poolp;
+    SECStatus rv;
+
+    poolp = cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    signerinfo = (NSSCMSSignerInfo *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSSignerInfo));
+    if (signerinfo == NULL) {
+        PORT_ArenaRelease(poolp, mark);
+        return NULL;
+    }
+
+    signerinfo->cmsg = cmsg;
+
+    switch (type) {
+        case NSSCMSSignerID_IssuerSN:
+            signerinfo->signerIdentifier.identifierType = NSSCMSSignerID_IssuerSN;
+            if ((signerinfo->cert = CERT_DupCertificate(cert)) == NULL)
+                goto loser;
+            if ((signerinfo->signerIdentifier.id.issuerAndSN = CERT_GetCertIssuerAndSN(poolp, cert)) == NULL)
+                goto loser;
+            break;
+        case NSSCMSSignerID_SubjectKeyID:
+            signerinfo->signerIdentifier.identifierType = NSSCMSSignerID_SubjectKeyID;
+            PORT_Assert(subjKeyID);
+            if (!subjKeyID)
+                goto loser;
+
+            signerinfo->signerIdentifier.id.subjectKeyID = PORT_ArenaNew(poolp, SECItem);
+            rv = SECITEM_CopyItem(poolp, signerinfo->signerIdentifier.id.subjectKeyID,
+                                  subjKeyID);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+            signerinfo->signingKey = SECKEY_CopyPrivateKey(signingKey);
+            if (!signerinfo->signingKey)
+                goto loser;
+            signerinfo->pubKey = SECKEY_CopyPublicKey(pubKey);
+            if (!signerinfo->pubKey)
+                goto loser;
+            break;
+        default:
+            goto loser;
+    }
+
+    /* set version right now */
+    version = NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN;
+    /* RFC2630 5.3 "version is the syntax version number. If the .... " */
+    if (signerinfo->signerIdentifier.identifierType == NSSCMSSignerID_SubjectKeyID)
+        version = NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY;
+    (void)SEC_ASN1EncodeInteger(poolp, &(signerinfo->version), (long)version);
+
+    if (SECOID_SetAlgorithmID(poolp, &signerinfo->digestAlg, digestalgtag, NULL) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return signerinfo;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return NULL;
+}
+
+/*
+ * NSS_CMSSignerInfo_Destroy - destroy a SignerInfo data structure
+ */
+void
+NSS_CMSSignerInfo_Destroy(NSSCMSSignerInfo *si)
+{
+    if (si->cert != NULL)
+        CERT_DestroyCertificate(si->cert);
+
+    if (si->certList != NULL)
+        CERT_DestroyCertificateList(si->certList);
+
+    /* XXX storage ??? */
+}
+
+/*
+ * NSS_CMSSignerInfo_Sign - sign something
+ *
+ */
+SECStatus
+NSS_CMSSignerInfo_Sign(NSSCMSSignerInfo *signerinfo, SECItem *digest,
+                       SECItem *contentType)
+{
+    CERTCertificate *cert;
+    SECKEYPrivateKey *privkey = NULL;
+    SECOidTag digestalgtag;
+    SECOidTag pubkAlgTag;
+    SECItem signature = { 0 };
+    SECStatus rv;
+    PLArenaPool *poolp, *tmppoolp = NULL;
+    SECAlgorithmID *algID, freeAlgID;
+    CERTSubjectPublicKeyInfo *spki;
+
+    PORT_Assert(digest != NULL);
+
+    poolp = signerinfo->cmsg->poolp;
+
+    switch (signerinfo->signerIdentifier.identifierType) {
+        case NSSCMSSignerID_IssuerSN:
+            cert = signerinfo->cert;
+
+            privkey = PK11_FindKeyByAnyCert(cert, signerinfo->cmsg->pwfn_arg);
+            if (privkey == NULL)
+                goto loser;
+            algID = &cert->subjectPublicKeyInfo.algorithm;
+            break;
+        case NSSCMSSignerID_SubjectKeyID:
+            privkey = signerinfo->signingKey;
+            signerinfo->signingKey = NULL;
+            spki = SECKEY_CreateSubjectPublicKeyInfo(signerinfo->pubKey);
+            SECKEY_DestroyPublicKey(signerinfo->pubKey);
+            signerinfo->pubKey = NULL;
+            SECOID_CopyAlgorithmID(NULL, &freeAlgID, &spki->algorithm);
+            SECKEY_DestroySubjectPublicKeyInfo(spki);
+            algID = &freeAlgID;
+            break;
+        default:
+            goto loser;
+    }
+    digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
+    /*
+     * XXX I think there should be a cert-level interface for this,
+     * so that I do not have to know about subjectPublicKeyInfo...
+     */
+    pubkAlgTag = SECOID_GetAlgorithmTag(algID);
+    if (signerinfo->signerIdentifier.identifierType == NSSCMSSignerID_SubjectKeyID) {
+        SECOID_DestroyAlgorithmID(&freeAlgID, PR_FALSE);
+    }
+
+    if (signerinfo->authAttr != NULL) {
+        SECOidTag signAlgTag;
+        SECItem encoded_attrs;
+
+        /* find and fill in the message digest attribute. */
+        rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
+                                           SEC_OID_PKCS9_MESSAGE_DIGEST, digest, PR_FALSE);
+        if (rv != SECSuccess)
+            goto loser;
+
+        if (contentType != NULL) {
+            /* if the caller wants us to, find and fill in the content type attribute. */
+            rv = NSS_CMSAttributeArray_SetAttr(poolp, &(signerinfo->authAttr),
+                                               SEC_OID_PKCS9_CONTENT_TYPE, contentType, PR_FALSE);
+            if (rv != SECSuccess)
+                goto loser;
+        }
+
+        if ((tmppoolp = PORT_NewArena(1024)) == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+
+        /*
+     * Before encoding, reorder the attributes so that when they
+     * are encoded, they will be conforming DER, which is required
+     * to have a specific order and that is what must be used for
+     * the hash/signature.  We do this here, rather than building
+     * it into EncodeAttributes, because we do not want to do
+     * such reordering on incoming messages (which also uses
+     * EncodeAttributes) or our old signatures (and other "broken"
+     * implementations) will not verify.  So, we want to guarantee
+     * that we send out good DER encodings of attributes, but not
+     * to expect to receive them.
+     */
+        if (NSS_CMSAttributeArray_Reorder(signerinfo->authAttr) != SECSuccess)
+            goto loser;
+
+        encoded_attrs.data = NULL;
+        encoded_attrs.len = 0;
+        if (NSS_CMSAttributeArray_Encode(tmppoolp, &(signerinfo->authAttr),
+                                         &encoded_attrs) == NULL)
+            goto loser;
+
+        signAlgTag = SEC_GetSignatureAlgorithmOidTag(privkey->keyType,
+                                                     digestalgtag);
+        if (signAlgTag == SEC_OID_UNKNOWN) {
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            goto loser;
+        }
+
+        rv = SEC_SignData(&signature, encoded_attrs.data, encoded_attrs.len,
+                          privkey, signAlgTag);
+        PORT_FreeArena(tmppoolp, PR_FALSE); /* awkward memory management :-( */
+        tmppoolp = 0;
+    } else {
+        rv = SGN_Digest(privkey, digestalgtag, &signature, digest);
+    }
+    SECKEY_DestroyPrivateKey(privkey);
+    privkey = NULL;
+
+    if (rv != SECSuccess)
+        goto loser;
+
+    if (SECITEM_CopyItem(poolp, &(signerinfo->encDigest), &signature) != SECSuccess)
+        goto loser;
+
+    SECITEM_FreeItem(&signature, PR_FALSE);
+
+    if (SECOID_SetAlgorithmID(poolp, &(signerinfo->digestEncAlg), pubkAlgTag,
+                              NULL) != SECSuccess)
+        goto loser;
+
+    return SECSuccess;
+
+loser:
+    if (signature.len != 0)
+        SECITEM_FreeItem(&signature, PR_FALSE);
+    if (privkey)
+        SECKEY_DestroyPrivateKey(privkey);
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSSignerInfo_VerifyCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb,
+                                    SECCertUsage certusage)
+{
+    CERTCertificate *cert;
+    PRTime stime;
+
+    if ((cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, certdb)) == NULL) {
+        signerinfo->verificationStatus = NSSCMSVS_SigningCertNotFound;
+        return SECFailure;
+    }
+
+    /*
+     * Get and convert the signing time; if available, it will be used
+     * both on the cert verification and for importing the sender
+     * email profile.
+     */
+    if (NSS_CMSSignerInfo_GetSigningTime(signerinfo, &stime) != SECSuccess)
+        stime = PR_Now(); /* not found or conversion failed, so check against now */
+
+    /*
+     * XXX  This uses the signing time, if available.  Additionally, we
+     * might want to, if there is no signing time, get the message time
+     * from the mail header itself, and use that.  That would require
+     * a change to our interface though, and for S/MIME callers to pass
+     * in a time (and for non-S/MIME callers to pass in nothing, or
+     * maybe make them pass in the current time, always?).
+     */
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certusage, stime,
+                        signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
+        signerinfo->verificationStatus = NSSCMSVS_SigningCertNotTrusted;
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*
+ * NSS_CMSSignerInfo_Verify - verify the signature of a single SignerInfo
+ *
+ * Just verifies the signature. The assumption is that verification of
+ * the certificate is done already.
+ */
+SECStatus
+NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo,
+                         SECItem *digest,      /* may be NULL */
+                         SECItem *contentType) /* may be NULL */
+{
+    SECKEYPublicKey *publickey = NULL;
+    NSSCMSAttribute *attr;
+    SECItem encoded_attrs;
+    CERTCertificate *cert;
+    NSSCMSVerificationStatus vs = NSSCMSVS_Unverified;
+    PLArenaPool *poolp;
+    SECOidTag digestalgtag;
+    SECOidTag pubkAlgTag;
+
+    if (signerinfo == NULL)
+        return SECFailure;
+
+    /* NSS_CMSSignerInfo_GetSigningCertificate will fail if 2nd parm is NULL
+    ** and cert has not been verified
+    */
+    cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, NULL);
+    if (cert == NULL) {
+        vs = NSSCMSVS_SigningCertNotFound;
+        goto loser;
+    }
+
+    if ((publickey = CERT_ExtractPublicKey(cert)) == NULL) {
+        vs = NSSCMSVS_ProcessingError;
+        goto loser;
+    }
+
+    digestalgtag = NSS_CMSSignerInfo_GetDigestAlgTag(signerinfo);
+    pubkAlgTag = SECOID_GetAlgorithmTag(&(signerinfo->digestEncAlg));
+    if ((pubkAlgTag == SEC_OID_UNKNOWN) || (digestalgtag == SEC_OID_UNKNOWN)) {
+        vs = NSSCMSVS_SignatureAlgorithmUnknown;
+        goto loser;
+    }
+
+    if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) {
+        if (contentType) {
+            /*
+         * Check content type
+         *
+         * RFC2630 sez that if there are any authenticated attributes,
+         * then there must be one for content type which matches the
+         * content type of the content being signed, and there must
+         * be one for message digest which matches our message digest.
+         * So check these things first.
+         */
+            attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
+                                                          SEC_OID_PKCS9_CONTENT_TYPE, PR_TRUE);
+            if (attr == NULL) {
+                vs = NSSCMSVS_MalformedSignature;
+                goto loser;
+            }
+
+            if (NSS_CMSAttribute_CompareValue(attr, contentType) == PR_FALSE) {
+                vs = NSSCMSVS_MalformedSignature;
+                goto loser;
+            }
+        }
+
+        /*
+     * Check digest
+     */
+        attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
+                                                      SEC_OID_PKCS9_MESSAGE_DIGEST, PR_TRUE);
+        if (attr == NULL) {
+            vs = NSSCMSVS_MalformedSignature;
+            goto loser;
+        }
+        if (!digest ||
+            NSS_CMSAttribute_CompareValue(attr, digest) == PR_FALSE) {
+            vs = NSSCMSVS_DigestMismatch;
+            goto loser;
+        }
+
+        if ((poolp = PORT_NewArena(1024)) == NULL) {
+            vs = NSSCMSVS_ProcessingError;
+            goto loser;
+        }
+
+        /*
+     * Check signature
+     *
+     * The signature is based on a digest of the DER-encoded authenticated
+     * attributes.  So, first we encode and then we digest/verify.
+     * we trust the decoder to have the attributes in the right (sorted)
+     * order
+     */
+        encoded_attrs.data = NULL;
+        encoded_attrs.len = 0;
+
+        if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr),
+                                         &encoded_attrs) == NULL ||
+            encoded_attrs.data == NULL || encoded_attrs.len == 0) {
+            PORT_FreeArena(poolp, PR_FALSE);
+            vs = NSSCMSVS_ProcessingError;
+            goto loser;
+        }
+
+        vs = (VFY_VerifyDataDirect(encoded_attrs.data, encoded_attrs.len,
+                                   publickey, &(signerinfo->encDigest), pubkAlgTag,
+                                   digestalgtag, NULL, signerinfo->cmsg->pwfn_arg) != SECSuccess)
+                 ? NSSCMSVS_BadSignature
+                 : NSSCMSVS_GoodSignature;
+
+        PORT_FreeArena(poolp, PR_FALSE); /* awkward memory management :-( */
+
+    } else {
+        SECItem *sig;
+
+        /* No authenticated attributes.
+    ** The signature is based on the plain message digest.
+    */
+        sig = &(signerinfo->encDigest);
+        if (sig->len == 0)
+            goto loser;
+
+        vs = (!digest ||
+              VFY_VerifyDigestDirect(digest, publickey, sig, pubkAlgTag,
+                                     digestalgtag, signerinfo->cmsg->pwfn_arg) != SECSuccess)
+                 ? NSSCMSVS_BadSignature
+                 : NSSCMSVS_GoodSignature;
+    }
+
+    if (vs == NSSCMSVS_BadSignature) {
+        int error = PORT_GetError();
+        /*
+     * XXX Change the generic error into our specific one, because
+     * in that case we get a better explanation out of the Security
+     * Advisor.  This is really a bug in the PSM error strings (the
+     * "generic" error has a lousy/wrong message associated with it
+     * which assumes the signature verification was done for the
+     * purposes of checking the issuer signature on a certificate)
+     * but this is at least an easy workaround and/or in the
+     * Security Advisor, which specifically checks for the error
+     * SEC_ERROR_PKCS7_BAD_SIGNATURE and gives more explanation
+     * in that case but does not similarly check for
+     * SEC_ERROR_BAD_SIGNATURE.  It probably should, but then would
+     * probably say the wrong thing in the case that it *was* the
+     * certificate signature check that failed during the cert
+     * verification done above.  Our error handling is really a mess.
+     */
+        if (error == SEC_ERROR_BAD_SIGNATURE)
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+        /*
+     * map algorithm failures to NSSCMSVS values
+     */
+        if ((error == SEC_ERROR_PKCS7_KEYALG_MISMATCH) ||
+            (error == SEC_ERROR_INVALID_ALGORITHM)) {
+            /* keep the same error code as 3.11 and before */
+            PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+            vs = NSSCMSVS_SignatureAlgorithmUnsupported;
+        }
+    }
+
+    if (publickey != NULL)
+        SECKEY_DestroyPublicKey(publickey);
+
+    signerinfo->verificationStatus = vs;
+
+    return (vs == NSSCMSVS_GoodSignature) ? SECSuccess : SECFailure;
+
+loser:
+    if (publickey != NULL)
+        SECKEY_DestroyPublicKey(publickey);
+
+    signerinfo->verificationStatus = vs;
+
+    PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
+    return SECFailure;
+}
+
+NSSCMSVerificationStatus
+NSS_CMSSignerInfo_GetVerificationStatus(NSSCMSSignerInfo *signerinfo)
+{
+    return signerinfo->verificationStatus;
+}
+
+SECOidData *
+NSS_CMSSignerInfo_GetDigestAlg(NSSCMSSignerInfo *signerinfo)
+{
+    SECOidData *algdata;
+    SECOidTag algtag;
+
+    algdata = SECOID_FindOID(&(signerinfo->digestAlg.algorithm));
+    if (algdata == NULL) {
+        return algdata;
+    }
+    /* Windows may have given us a signer algorithm oid instead of a digest
+     * algorithm oid. This call will map to a signer oid to a digest one,
+     * otherwise it leaves the oid alone and let the chips fall as they may
+     * if it's not a digest oid.
+     */
+    algtag = NSS_CMSUtil_MapSignAlgs(algdata->offset);
+    if (algtag != algdata->offset) {
+        /* if the tags don't match, then we must have received a signer
+     * algorithID. Now we need to get the oid data for the digest
+     * oid, which the rest of the code is expecting */
+        algdata = SECOID_FindOIDByTag(algtag);
+    }
+
+    return algdata;
+}
+
+SECOidTag
+NSS_CMSSignerInfo_GetDigestAlgTag(NSSCMSSignerInfo *signerinfo)
+{
+    SECOidData *algdata;
+
+    if (!signerinfo) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SEC_OID_UNKNOWN;
+    }
+
+    algdata = NSS_CMSSignerInfo_GetDigestAlg(signerinfo);
+    if (algdata != NULL)
+        return algdata->offset;
+    else
+        return SEC_OID_UNKNOWN;
+}
+
+CERTCertificateList *
+NSS_CMSSignerInfo_GetCertList(NSSCMSSignerInfo *signerinfo)
+{
+    return signerinfo->certList;
+}
+
+int
+NSS_CMSSignerInfo_GetVersion(NSSCMSSignerInfo *signerinfo)
+{
+    unsigned long version;
+
+    /* always take apart the SECItem */
+    if (SEC_ASN1DecodeInteger(&(signerinfo->version), &version) != SECSuccess)
+        return 0;
+    else
+        return (int)version;
+}
+
+/*
+ * NSS_CMSSignerInfo_GetSigningTime - return the signing time,
+ *                    in UTCTime or GeneralizedTime format,
+ *                                    of a CMS signerInfo.
+ *
+ * sinfo - signerInfo data for this signer
+ *
+ * Returns a pointer to XXXX (what?)
+ * A return value of NULL is an error.
+ */
+SECStatus
+NSS_CMSSignerInfo_GetSigningTime(NSSCMSSignerInfo *sinfo, PRTime *stime)
+{
+    NSSCMSAttribute *attr;
+    SECItem *value;
+
+    if (sinfo == NULL)
+        return SECFailure;
+
+    if (sinfo->signingTime != 0) {
+        *stime = sinfo->signingTime; /* cached copy */
+        return SECSuccess;
+    }
+
+    attr = NSS_CMSAttributeArray_FindAttrByOidTag(sinfo->authAttr,
+                                                  SEC_OID_PKCS9_SIGNING_TIME, PR_TRUE);
+    /* XXXX multi-valued attributes NIH */
+    if (attr == NULL || (value = NSS_CMSAttribute_GetValue(attr)) == NULL)
+        return SECFailure;
+    if (DER_DecodeTimeChoice(stime, value) != SECSuccess)
+        return SECFailure;
+    sinfo->signingTime = *stime; /* make cached copy */
+    return SECSuccess;
+}
+
+/*
+ * Return the signing cert of a CMS signerInfo.
+ *
+ * the certs in the enclosing SignedData must have been imported already
+ */
+CERTCertificate *
+NSS_CMSSignerInfo_GetSigningCertificate(NSSCMSSignerInfo *signerinfo, CERTCertDBHandle *certdb)
+{
+    CERTCertificate *cert;
+    NSSCMSSignerIdentifier *sid;
+
+    if (signerinfo->cert != NULL)
+        return signerinfo->cert;
+
+    /* no certdb, and cert hasn't been set yet? */
+    if (certdb == NULL)
+        return NULL;
+
+    /*
+     * This cert will also need to be freed, but since we save it
+     * in signerinfo for later, we do not want to destroy it when
+     * we leave this function -- we let the clean-up of the entire
+     * cinfo structure later do the destroy of this cert.
+     */
+    sid = &signerinfo->signerIdentifier;
+    switch (sid->identifierType) {
+        case NSSCMSSignerID_IssuerSN:
+            cert = CERT_FindCertByIssuerAndSN(certdb, sid->id.issuerAndSN);
+            break;
+        case NSSCMSSignerID_SubjectKeyID:
+            cert = CERT_FindCertBySubjectKeyID(certdb, sid->id.subjectKeyID);
+            break;
+        default:
+            cert = NULL;
+            break;
+    }
+
+    /* cert can be NULL at that point */
+    signerinfo->cert = cert; /* earmark it */
+
+    return cert;
+}
+
+/*
+ * NSS_CMSSignerInfo_GetSignerCommonName - return the common name of the signer
+ *
+ * sinfo - signerInfo data for this signer
+ *
+ * Returns a pointer to allocated memory, which must be freed with PORT_Free.
+ * A return value of NULL is an error.
+ */
+char *
+NSS_CMSSignerInfo_GetSignerCommonName(NSSCMSSignerInfo *sinfo)
+{
+    CERTCertificate *signercert;
+
+    /* will fail if cert is not verified */
+    if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL)
+        return NULL;
+
+    return (CERT_GetCommonName(&signercert->subject));
+}
+
+/*
+ * NSS_CMSSignerInfo_GetSignerEmailAddress - return the common name of the signer
+ *
+ * sinfo - signerInfo data for this signer
+ *
+ * Returns a pointer to allocated memory, which must be freed.
+ * A return value of NULL is an error.
+ */
+char *
+NSS_CMSSignerInfo_GetSignerEmailAddress(NSSCMSSignerInfo *sinfo)
+{
+    CERTCertificate *signercert;
+
+    if ((signercert = NSS_CMSSignerInfo_GetSigningCertificate(sinfo, NULL)) == NULL)
+        return NULL;
+
+    if (!signercert->emailAddr || !signercert->emailAddr[0])
+        return NULL;
+
+    return (PORT_Strdup(signercert->emailAddr));
+}
+
+/*
+ * NSS_CMSSignerInfo_AddAuthAttr - add an attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ */
+SECStatus
+NSS_CMSSignerInfo_AddAuthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
+{
+    return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->authAttr), attr);
+}
+
+/*
+ * NSS_CMSSignerInfo_AddUnauthAttr - add an attribute to the
+ * unauthenticated attributes of "signerinfo".
+ */
+SECStatus
+NSS_CMSSignerInfo_AddUnauthAttr(NSSCMSSignerInfo *signerinfo, NSSCMSAttribute *attr)
+{
+    return NSS_CMSAttributeArray_AddAttr(signerinfo->cmsg->poolp, &(signerinfo->unAuthAttr), attr);
+}
+
+/*
+ * NSS_CMSSignerInfo_AddSigningTime - add the signing time to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ *
+ * This is expected to be included in outgoing signed
+ * messages for email (S/MIME) but is likely useful in other situations.
+ *
+ * This should only be added once; a second call will do nothing.
+ *
+ * XXX This will probably just shove the current time into "signerinfo"
+ * but it will not actually get signed until the entire item is
+ * processed for encoding.  Is this (expected to be small) delay okay?
+ */
+SECStatus
+NSS_CMSSignerInfo_AddSigningTime(NSSCMSSignerInfo *signerinfo, PRTime t)
+{
+    NSSCMSAttribute *attr;
+    SECItem stime;
+    void *mark;
+    PLArenaPool *poolp;
+
+    poolp = signerinfo->cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    /* create new signing time attribute */
+    if (DER_EncodeTimeChoice(NULL, &stime, t) != SECSuccess)
+        goto loser;
+
+    if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_PKCS9_SIGNING_TIME, &stime, PR_FALSE)) == NULL) {
+        SECITEM_FreeItem(&stime, PR_FALSE);
+        goto loser;
+    }
+
+    SECITEM_FreeItem(&stime, PR_FALSE);
+
+    if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSSignerInfo_AddSMIMECaps - add a SMIMECapabilities attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ *
+ * This is expected to be included in outgoing signed
+ * messages for email (S/MIME).
+ */
+SECStatus
+NSS_CMSSignerInfo_AddSMIMECaps(NSSCMSSignerInfo *signerinfo)
+{
+    NSSCMSAttribute *attr;
+    SECItem *smimecaps = NULL;
+    void *mark;
+    PLArenaPool *poolp;
+
+    poolp = signerinfo->cmsg->poolp;
+
+    mark = PORT_ArenaMark(poolp);
+
+    smimecaps = SECITEM_AllocItem(poolp, NULL, 0);
+    if (smimecaps == NULL)
+        goto loser;
+
+    /* create new signing time attribute */
+    if (NSS_SMIMEUtil_CreateSMIMECapabilities(poolp, smimecaps) != SECSuccess)
+        goto loser;
+
+    if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_PKCS9_SMIME_CAPABILITIES, smimecaps, PR_TRUE)) == NULL)
+        goto loser;
+
+    if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo".
+ *
+ * This is expected to be included in outgoing signed messages for email (S/MIME).
+ */
+SECStatus
+NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
+{
+    NSSCMSAttribute *attr;
+    SECItem *smimeekp = NULL;
+    void *mark;
+    PLArenaPool *poolp;
+
+    /* verify this cert for encryption */
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
+        return SECFailure;
+    }
+
+    poolp = signerinfo->cmsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+
+    smimeekp = SECITEM_AllocItem(poolp, NULL, 0);
+    if (smimeekp == NULL)
+        goto loser;
+
+    /* create new signing time attribute */
+    if (NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(poolp, smimeekp, cert) != SECSuccess)
+        goto loser;
+
+    if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, smimeekp, PR_TRUE)) == NULL)
+        goto loser;
+
+    if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs - add a SMIMEEncryptionKeyPreferences attribute to the
+ * authenticated (i.e. signed) attributes of "signerinfo", using the OID preferred by Microsoft.
+ *
+ * This is expected to be included in outgoing signed messages for email (S/MIME),
+ * if compatibility with Microsoft mail clients is wanted.
+ */
+SECStatus
+NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs(NSSCMSSignerInfo *signerinfo, CERTCertificate *cert, CERTCertDBHandle *certdb)
+{
+    NSSCMSAttribute *attr;
+    SECItem *smimeekp = NULL;
+    void *mark;
+    PLArenaPool *poolp;
+
+    /* verify this cert for encryption */
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
+        return SECFailure;
+    }
+
+    poolp = signerinfo->cmsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+
+    smimeekp = SECITEM_AllocItem(poolp, NULL, 0);
+    if (smimeekp == NULL)
+        goto loser;
+
+    /* create new signing time attribute */
+    if (NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs(poolp, smimeekp, cert) != SECSuccess)
+        goto loser;
+
+    if ((attr = NSS_CMSAttribute_Create(poolp, SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, smimeekp, PR_TRUE)) == NULL)
+        goto loser;
+
+    if (NSS_CMSSignerInfo_AddAuthAttr(signerinfo, attr) != SECSuccess)
+        goto loser;
+
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+
+loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+/*
+ * NSS_CMSSignerInfo_AddCounterSignature - countersign a signerinfo
+ *
+ * 1. digest the DER-encoded signature value of the original signerinfo
+ * 2. create new signerinfo with correct version, sid, digestAlg
+ * 3. add message-digest authAttr, but NO content-type
+ * 4. sign the authAttrs
+ * 5. DER-encode the new signerInfo
+ * 6. add the whole thing to original signerInfo's unAuthAttrs
+ *    as a SEC_OID_PKCS9_COUNTER_SIGNATURE attribute
+ *
+ * XXXX give back the new signerinfo?
+ */
+SECStatus
+NSS_CMSSignerInfo_AddCounterSignature(NSSCMSSignerInfo *signerinfo,
+                                      SECOidTag digestalg, CERTCertificate signingcert)
+{
+    /* XXXX TBD XXXX */
+    return SECFailure;
+}
+
+/*
+ * XXXX the following needs to be done in the S/MIME layer code
+ * after signature of a signerinfo is verified
+ */
+SECStatus
+NSS_SMIMESignerInfo_SaveSMIMEProfile(NSSCMSSignerInfo *signerinfo)
+{
+    CERTCertificate *cert = NULL;
+    SECItem *profile = NULL;
+    NSSCMSAttribute *attr;
+    SECItem *stime = NULL;
+    SECItem *ekp;
+    CERTCertDBHandle *certdb;
+    int save_error;
+    SECStatus rv;
+    PRBool must_free_cert = PR_FALSE;
+
+    certdb = CERT_GetDefaultCertDB();
+
+    /* sanity check - see if verification status is ok (unverified does not count...) */
+    if (signerinfo->verificationStatus != NSSCMSVS_GoodSignature)
+        return SECFailure;
+
+    /* find preferred encryption cert */
+    if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr) &&
+        (attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
+                                                       SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, PR_TRUE)) != NULL) { /* we have a SMIME_ENCRYPTION_KEY_PREFERENCE attribute! */
+        ekp = NSS_CMSAttribute_GetValue(attr);
+        if (ekp == NULL)
+            return SECFailure;
+
+        /* we assume that all certs coming with the message have been imported to the */
+        /* temporary database */
+        cert = NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(certdb, ekp);
+        if (cert == NULL)
+            return SECFailure;
+        must_free_cert = PR_TRUE;
+    }
+
+    if (cert == NULL) {
+        /* no preferred cert found?
+     * find the cert the signerinfo is signed with instead */
+        cert = NSS_CMSSignerInfo_GetSigningCertificate(signerinfo, certdb);
+        if (cert == NULL || cert->emailAddr == NULL || !cert->emailAddr[0])
+            return SECFailure;
+    }
+
+/* verify this cert for encryption (has been verified for signing so far) */
+/* don't verify this cert for encryption. It may just be a signing cert.
+     * that's OK, we can still save the S/MIME profile. The encryption cert
+     * should have already been saved */
+#ifdef notdef
+    if (CERT_VerifyCert(certdb, cert, PR_TRUE, certUsageEmailRecipient, PR_Now(), signerinfo->cmsg->pwfn_arg, NULL) != SECSuccess) {
+        if (must_free_cert)
+            CERT_DestroyCertificate(cert);
+        return SECFailure;
+    }
+#endif
+
+    /* XXX store encryption cert permanently? */
+
+    /*
+     * Remember the current error set because we do not care about
+     * anything set by the functions we are about to call.
+     */
+    save_error = PORT_GetError();
+
+    if (!NSS_CMSArray_IsEmpty((void **)signerinfo->authAttr)) {
+        attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
+                                                      SEC_OID_PKCS9_SMIME_CAPABILITIES,
+                                                      PR_TRUE);
+        profile = NSS_CMSAttribute_GetValue(attr);
+        attr = NSS_CMSAttributeArray_FindAttrByOidTag(signerinfo->authAttr,
+                                                      SEC_OID_PKCS9_SIGNING_TIME,
+                                                      PR_TRUE);
+        stime = NSS_CMSAttribute_GetValue(attr);
+    }
+
+    rv = CERT_SaveSMimeProfile(cert, profile, stime);
+    if (must_free_cert)
+        CERT_DestroyCertificate(cert);
+
+    /*
+     * Restore the saved error in case the calls above set a new
+     * one that we do not actually care about.
+     */
+    PORT_SetError(save_error);
+
+    return rv;
+}
+
+/*
+ * NSS_CMSSignerInfo_IncludeCerts - set cert chain inclusion mode for this signer
+ */
+SECStatus
+NSS_CMSSignerInfo_IncludeCerts(NSSCMSSignerInfo *signerinfo,
+                               NSSCMSCertChainMode cm, SECCertUsage usage)
+{
+    if (signerinfo->cert == NULL)
+        return SECFailure;
+
+    /* don't leak if we get called twice */
+    if (signerinfo->certList != NULL) {
+        CERT_DestroyCertificateList(signerinfo->certList);
+        signerinfo->certList = NULL;
+    }
+
+    switch (cm) {
+        case NSSCMSCM_None:
+            signerinfo->certList = NULL;
+            break;
+        case NSSCMSCM_CertOnly:
+            signerinfo->certList = CERT_CertListFromCert(signerinfo->cert);
+            break;
+        case NSSCMSCM_CertChain:
+            signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert,
+                                                          usage, PR_FALSE);
+            break;
+        case NSSCMSCM_CertChainWithRoot:
+            signerinfo->certList = CERT_CertChainFromCert(signerinfo->cert,
+                                                          usage, PR_TRUE);
+            break;
+    }
+
+    if (cm != NSSCMSCM_None && signerinfo->certList == NULL)
+        return SECFailure;
+
+    return SECSuccess;
+}
diff --git a/nss/lib/smime/cmst.h b/nss/lib/smime/cmst.h
new file mode 100644
index 0000000..3d888bc
--- /dev/null
+++ b/nss/lib/smime/cmst.h
@@ -0,0 +1,491 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Header for CMS types.
+ */
+
+#ifndef _CMST_H_
+#define _CMST_H_
+
+#include "seccomon.h"
+#include "secoidt.h"
+#include "certt.h"
+#include "secmodt.h"
+#include "secmodt.h"
+
+#include "plarena.h"
+
+/* Non-opaque objects.  NOTE, though: I want them to be treated as
+ * opaque as much as possible.  If I could hide them completely,
+ * I would.  (I tried, but ran into trouble that was taking me too
+ * much time to get out of.)  I still intend to try to do so.
+ * In fact, the only type that "outsiders" should even *name* is
+ * NSSCMSMessage, and they should not reference its fields.
+ */
+/* rjr: PKCS #11 cert handling (pk11cert.c) does use NSSCMSRecipientInfo's.
+ * This is because when we search the recipient list for the cert and key we
+ * want, we need to invert the order of the loops we used to have. The old
+ * loops were:
+ *
+ *  For each recipient {
+ *       find_cert = PK11_Find_AllCert(recipient->issuerSN);
+ *       [which unrolls to... ]
+ *       For each slot {
+ *            Log into slot;
+ *            search slot for cert;
+ *      }
+ *  }
+ *
+ *  the new loop searchs all the recipients at once on a slot. this allows
+ *  PKCS #11 to order slots in such a way that logout slots don't get checked
+ *  if we can find the cert on a logged in slot. This eliminates lots of
+ *  spurious password prompts when smart cards are installed... so why this
+ *  comment? If you make NSSCMSRecipientInfo completely opaque, you need
+ *  to provide a non-opaque list of issuerSN's (the only field PKCS#11 needs
+ *  and fix up pk11cert.c first. NOTE: Only S/MIME calls this special PKCS #11
+ *  function.
+ */
+
+typedef struct NSSCMSMessageStr NSSCMSMessage;
+
+typedef union NSSCMSContentUnion NSSCMSContent;
+typedef struct NSSCMSContentInfoStr NSSCMSContentInfo;
+
+typedef struct NSSCMSSignedDataStr NSSCMSSignedData;
+typedef struct NSSCMSSignerInfoStr NSSCMSSignerInfo;
+typedef struct NSSCMSSignerIdentifierStr NSSCMSSignerIdentifier;
+
+typedef struct NSSCMSEnvelopedDataStr NSSCMSEnvelopedData;
+typedef struct NSSCMSOriginatorInfoStr NSSCMSOriginatorInfo;
+typedef struct NSSCMSRecipientInfoStr NSSCMSRecipientInfo;
+
+typedef struct NSSCMSDigestedDataStr NSSCMSDigestedData;
+typedef struct NSSCMSEncryptedDataStr NSSCMSEncryptedData;
+
+typedef struct NSSCMSGenericWrapperDataStr NSSCMSGenericWrapperData;
+
+typedef struct NSSCMSAttributeStr NSSCMSAttribute;
+
+typedef struct NSSCMSDecoderContextStr NSSCMSDecoderContext;
+typedef struct NSSCMSEncoderContextStr NSSCMSEncoderContext;
+
+typedef struct NSSCMSCipherContextStr NSSCMSCipherContext;
+typedef struct NSSCMSDigestContextStr NSSCMSDigestContext;
+
+typedef struct NSSCMSContentInfoPrivateStr NSSCMSContentInfoPrivate;
+
+typedef SECStatus (*NSSCMSGenericWrapperDataCallback)(NSSCMSGenericWrapperData *);
+typedef void (*NSSCMSGenericWrapperDataDestroy)(NSSCMSGenericWrapperData *);
+
+extern const SEC_ASN1Template NSSCMSGenericWrapperDataTemplate[];
+extern const SEC_ASN1Template NSS_PointerToCMSGenericWrapperDataTemplate[];
+
+SEC_ASN1_CHOOSER_DECLARE(NSS_PointerToCMSGenericWrapperDataTemplate)
+SEC_ASN1_CHOOSER_DECLARE(NSSCMSGenericWrapperDataTemplate)
+
+/*
+ * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart.
+ * If specified, this is where the content bytes (only) will be "sent"
+ * as they are recovered during the decoding.
+ * And:
+ * Type of function passed to NSSCMSEncode or NSSCMSEncoderStart.
+ * This is where the DER-encoded bytes will be "sent".
+ *
+ * XXX Should just combine this with NSSCMSEncoderContentCallback type
+ * and use a simpler, common name.
+ */
+typedef void (*NSSCMSContentCallback)(void *arg, const char *buf, unsigned long len);
+
+/*
+ * Type of function passed to NSSCMSDecode or NSSCMSDecoderStart
+ * to retrieve the decryption key.  This function is intended to be
+ * used for EncryptedData content info's which do not have a key available
+ * in a certificate, etc.
+ */
+typedef PK11SymKey *(*NSSCMSGetDecryptKeyCallback)(void *arg, SECAlgorithmID *algid);
+
+/* =============================================================================
+ * ENCAPSULATED CONTENTINFO & CONTENTINFO
+ */
+
+union NSSCMSContentUnion {
+    /* either unstructured */
+    SECItem *data;
+    /* or structured data */
+    NSSCMSDigestedData *digestedData;
+    NSSCMSEncryptedData *encryptedData;
+    NSSCMSEnvelopedData *envelopedData;
+    NSSCMSSignedData *signedData;
+    NSSCMSGenericWrapperData *genericData;
+    /* or anonymous pointer to something */
+    void *pointer;
+};
+
+struct NSSCMSContentInfoStr {
+    SECItem contentType;
+    NSSCMSContent content;
+    /* --------- local; not part of encoding --------- */
+    SECOidData *contentTypeTag;
+
+    /* additional info for encryptedData and envelopedData */
+    /* we waste this space for signedData and digestedData. sue me. */
+
+    SECAlgorithmID contentEncAlg;
+    SECItem *rawContent; /* encrypted DER, optional */
+                         /* XXXX bytes not encrypted, but encoded? */
+    /* --------- local; not part of encoding --------- */
+    PK11SymKey *bulkkey;                   /* bulk encryption key */
+    int keysize;                           /* size of bulk encryption key
+                                           * (only used by creation code) */
+    SECOidTag contentEncAlgTag;            /* oid tag of encryption algorithm
+                                           * (only used by creation code) */
+    NSSCMSContentInfoPrivate *privateInfo; /* place for NSS private info */
+    void *reserved;                        /* keep binary compatibility */
+};
+
+/* =============================================================================
+ * MESSAGE
+ */
+
+struct NSSCMSMessageStr {
+    NSSCMSContentInfo contentInfo; /* "outer" cinfo */
+    /* --------- local; not part of encoding --------- */
+    PLArenaPool *poolp;
+    PRBool poolp_is_ours;
+    int refCount;
+    /* properties of the "inner" data */
+    SECAlgorithmID **detached_digestalgs;
+    SECItem **detached_digests;
+    void *pwfn_arg;
+    NSSCMSGetDecryptKeyCallback decrypt_key_cb;
+    void *decrypt_key_cb_arg;
+};
+
+/* ============================================================================
+ * GENERIC WRAPPER
+ *
+ * used for user defined types.
+ */
+struct NSSCMSGenericWrapperDataStr {
+    NSSCMSContentInfo contentInfo;
+    /* ---- local; not part of encoding ------ */
+    NSSCMSMessage *cmsg;
+    /* wrapperspecific data starts here */
+};
+
+/* =============================================================================
+ * SIGNEDDATA
+ */
+
+struct NSSCMSSignedDataStr {
+    SECItem version;
+    SECAlgorithmID **digestAlgorithms;
+    NSSCMSContentInfo contentInfo;
+    SECItem **rawCerts;
+    CERTSignedCrl **crls;
+    NSSCMSSignerInfo **signerInfos;
+    /* --------- local; not part of encoding --------- */
+    NSSCMSMessage *cmsg; /* back pointer to message */
+    SECItem **digests;
+    CERTCertificate **certs;
+    CERTCertificateList **certLists;
+    CERTCertificate **tempCerts; /* temporary certs, needed
+                                  * for example for signature
+                                  * verification */
+};
+#define NSS_CMS_SIGNED_DATA_VERSION_BASIC 1 /* what we *create* */
+#define NSS_CMS_SIGNED_DATA_VERSION_EXT 3   /* what we *create* */
+
+typedef enum {
+    NSSCMSVS_Unverified = 0,
+    NSSCMSVS_GoodSignature = 1,
+    NSSCMSVS_BadSignature = 2,
+    NSSCMSVS_DigestMismatch = 3,
+    NSSCMSVS_SigningCertNotFound = 4,
+    NSSCMSVS_SigningCertNotTrusted = 5,
+    NSSCMSVS_SignatureAlgorithmUnknown = 6,
+    NSSCMSVS_SignatureAlgorithmUnsupported = 7,
+    NSSCMSVS_MalformedSignature = 8,
+    NSSCMSVS_ProcessingError = 9
+} NSSCMSVerificationStatus;
+
+typedef enum {
+    NSSCMSSignerID_IssuerSN = 0,
+    NSSCMSSignerID_SubjectKeyID = 1
+} NSSCMSSignerIDSelector;
+
+struct NSSCMSSignerIdentifierStr {
+    NSSCMSSignerIDSelector identifierType;
+    union {
+        CERTIssuerAndSN *issuerAndSN;
+        SECItem *subjectKeyID;
+    } id;
+};
+
+struct NSSCMSSignerInfoStr {
+    SECItem version;
+    NSSCMSSignerIdentifier signerIdentifier;
+    SECAlgorithmID digestAlg;
+    NSSCMSAttribute **authAttr;
+    SECAlgorithmID digestEncAlg;
+    SECItem encDigest;
+    NSSCMSAttribute **unAuthAttr;
+    /* --------- local; not part of encoding --------- */
+    NSSCMSMessage *cmsg; /* back pointer to message */
+    CERTCertificate *cert;
+    CERTCertificateList *certList;
+    PRTime signingTime;
+    NSSCMSVerificationStatus verificationStatus;
+    SECKEYPrivateKey *signingKey; /* Used if we're using subjKeyID*/
+    SECKEYPublicKey *pubKey;
+};
+#define NSS_CMS_SIGNER_INFO_VERSION_ISSUERSN 1 /* what we *create* */
+#define NSS_CMS_SIGNER_INFO_VERSION_SUBJKEY 3  /* what we *create* */
+
+typedef enum {
+    NSSCMSCM_None = 0,
+    NSSCMSCM_CertOnly = 1,
+    NSSCMSCM_CertChain = 2,
+    NSSCMSCM_CertChainWithRoot = 3
+} NSSCMSCertChainMode;
+
+/* =============================================================================
+ * ENVELOPED DATA
+ */
+struct NSSCMSEnvelopedDataStr {
+    SECItem version;
+    NSSCMSOriginatorInfo *originatorInfo; /* optional */
+    NSSCMSRecipientInfo **recipientInfos;
+    NSSCMSContentInfo contentInfo;
+    NSSCMSAttribute **unprotectedAttr;
+    /* --------- local; not part of encoding --------- */
+    NSSCMSMessage *cmsg; /* back pointer to message */
+};
+#define NSS_CMS_ENVELOPED_DATA_VERSION_REG 0 /* what we *create* */
+#define NSS_CMS_ENVELOPED_DATA_VERSION_ADV 2 /* what we *create* */
+
+struct NSSCMSOriginatorInfoStr {
+    SECItem **rawCerts;
+    CERTSignedCrl **crls;
+    /* --------- local; not part of encoding --------- */
+    CERTCertificate **certs;
+};
+
+/* -----------------------------------------------------------------------------
+ * key transport recipient info
+ */
+typedef enum {
+    NSSCMSRecipientID_IssuerSN = 0,
+    NSSCMSRecipientID_SubjectKeyID = 1,
+    NSSCMSRecipientID_BrandNew = 2
+} NSSCMSRecipientIDSelector;
+
+struct NSSCMSRecipientIdentifierStr {
+    NSSCMSRecipientIDSelector identifierType;
+    union {
+        CERTIssuerAndSN *issuerAndSN;
+        SECItem *subjectKeyID;
+    } id;
+};
+typedef struct NSSCMSRecipientIdentifierStr NSSCMSRecipientIdentifier;
+
+struct NSSCMSKeyTransRecipientInfoStr {
+    SECItem version;
+    NSSCMSRecipientIdentifier recipientIdentifier;
+    SECAlgorithmID keyEncAlg;
+    SECItem encKey;
+};
+typedef struct NSSCMSKeyTransRecipientInfoStr NSSCMSKeyTransRecipientInfo;
+
+/*
+ * View comments before NSSCMSRecipientInfoStr for purpose of this
+ * structure.
+ */
+struct NSSCMSKeyTransRecipientInfoExStr {
+    NSSCMSKeyTransRecipientInfo recipientInfo;
+    int version; /* version of this structure (0) */
+    SECKEYPublicKey *pubKey;
+};
+
+typedef struct NSSCMSKeyTransRecipientInfoExStr NSSCMSKeyTransRecipientInfoEx;
+
+#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_ISSUERSN 0 /* what we *create* */
+#define NSS_CMS_KEYTRANS_RECIPIENT_INFO_VERSION_SUBJKEY 2  /* what we *create* */
+
+/* -----------------------------------------------------------------------------
+ * key agreement recipient info
+ */
+struct NSSCMSOriginatorPublicKeyStr {
+    SECAlgorithmID algorithmIdentifier;
+    SECItem publicKey; /* bit string! */
+};
+typedef struct NSSCMSOriginatorPublicKeyStr NSSCMSOriginatorPublicKey;
+
+typedef enum {
+    NSSCMSOriginatorIDOrKey_IssuerSN = 0,
+    NSSCMSOriginatorIDOrKey_SubjectKeyID = 1,
+    NSSCMSOriginatorIDOrKey_OriginatorPublicKey = 2
+} NSSCMSOriginatorIDOrKeySelector;
+
+struct NSSCMSOriginatorIdentifierOrKeyStr {
+    NSSCMSOriginatorIDOrKeySelector identifierType;
+    union {
+        CERTIssuerAndSN *issuerAndSN;                  /* static-static */
+        SECItem *subjectKeyID;                         /* static-static */
+        NSSCMSOriginatorPublicKey originatorPublicKey; /* ephemeral-static */
+    } id;
+};
+typedef struct NSSCMSOriginatorIdentifierOrKeyStr NSSCMSOriginatorIdentifierOrKey;
+
+struct NSSCMSRecipientKeyIdentifierStr {
+    SECItem *subjectKeyIdentifier;
+    SECItem *date;  /* optional */
+    SECItem *other; /* optional */
+};
+typedef struct NSSCMSRecipientKeyIdentifierStr NSSCMSRecipientKeyIdentifier;
+
+typedef enum {
+    NSSCMSKeyAgreeRecipientID_IssuerSN = 0,
+    NSSCMSKeyAgreeRecipientID_RKeyID = 1
+} NSSCMSKeyAgreeRecipientIDSelector;
+
+struct NSSCMSKeyAgreeRecipientIdentifierStr {
+    NSSCMSKeyAgreeRecipientIDSelector identifierType;
+    union {
+        CERTIssuerAndSN *issuerAndSN;
+        NSSCMSRecipientKeyIdentifier recipientKeyIdentifier;
+    } id;
+};
+typedef struct NSSCMSKeyAgreeRecipientIdentifierStr NSSCMSKeyAgreeRecipientIdentifier;
+
+struct NSSCMSRecipientEncryptedKeyStr {
+    NSSCMSKeyAgreeRecipientIdentifier recipientIdentifier;
+    SECItem encKey;
+};
+typedef struct NSSCMSRecipientEncryptedKeyStr NSSCMSRecipientEncryptedKey;
+
+struct NSSCMSKeyAgreeRecipientInfoStr {
+    SECItem version;
+    NSSCMSOriginatorIdentifierOrKey originatorIdentifierOrKey;
+    SECItem *ukm; /* optional */
+    SECAlgorithmID keyEncAlg;
+    NSSCMSRecipientEncryptedKey **recipientEncryptedKeys;
+};
+typedef struct NSSCMSKeyAgreeRecipientInfoStr NSSCMSKeyAgreeRecipientInfo;
+
+#define NSS_CMS_KEYAGREE_RECIPIENT_INFO_VERSION 3 /* what we *create* */
+
+/* -----------------------------------------------------------------------------
+ * KEK recipient info
+ */
+struct NSSCMSKEKIdentifierStr {
+    SECItem keyIdentifier;
+    SECItem *date;  /* optional */
+    SECItem *other; /* optional */
+};
+typedef struct NSSCMSKEKIdentifierStr NSSCMSKEKIdentifier;
+
+struct NSSCMSKEKRecipientInfoStr {
+    SECItem version;
+    NSSCMSKEKIdentifier kekIdentifier;
+    SECAlgorithmID keyEncAlg;
+    SECItem encKey;
+};
+typedef struct NSSCMSKEKRecipientInfoStr NSSCMSKEKRecipientInfo;
+
+#define NSS_CMS_KEK_RECIPIENT_INFO_VERSION 4 /* what we *create* */
+
+/* -----------------------------------------------------------------------------
+ * recipient info
+ */
+
+typedef enum {
+    NSSCMSRecipientInfoID_KeyTrans = 0,
+    NSSCMSRecipientInfoID_KeyAgree = 1,
+    NSSCMSRecipientInfoID_KEK = 2
+} NSSCMSRecipientInfoIDSelector;
+
+/*
+ * In order to preserve backwards binary compatibility when implementing
+ * creation of Recipient Info's that uses subjectKeyID in the
+ * keyTransRecipientInfo we need to stash a public key pointer in this
+ * structure somewhere.  We figured out that NSSCMSKeyTransRecipientInfo
+ * is the smallest member of the ri union.  We're in luck since that's
+ * the very structure that would need to use the public key. So we created
+ * a new structure NSSCMSKeyTransRecipientInfoEx which has a member
+ * NSSCMSKeyTransRecipientInfo as the first member followed by a version
+ * and a public key pointer.  This way we can keep backwards compatibility
+ * without changing the size of this structure.
+ *
+ * BTW, size of structure:
+ * NSSCMSKeyTransRecipientInfo:  9 ints, 4 pointers
+ * NSSCMSKeyAgreeRecipientInfo: 12 ints, 8 pointers
+ * NSSCMSKEKRecipientInfo:      10 ints, 7 pointers
+ *
+ * The new structure:
+ * NSSCMSKeyTransRecipientInfoEx: sizeof(NSSCMSKeyTransRecipientInfo) +
+ *                                1 int, 1 pointer
+ */
+
+struct NSSCMSRecipientInfoStr {
+    NSSCMSRecipientInfoIDSelector recipientInfoType;
+    union {
+        NSSCMSKeyTransRecipientInfo keyTransRecipientInfo;
+        NSSCMSKeyAgreeRecipientInfo keyAgreeRecipientInfo;
+        NSSCMSKEKRecipientInfo kekRecipientInfo;
+        NSSCMSKeyTransRecipientInfoEx keyTransRecipientInfoEx;
+    } ri;
+    /* --------- local; not part of encoding --------- */
+    NSSCMSMessage *cmsg;   /* back pointer to message */
+    CERTCertificate *cert; /* recipient's certificate */
+};
+
+/* =============================================================================
+ * DIGESTED DATA
+ */
+struct NSSCMSDigestedDataStr {
+    SECItem version;
+    SECAlgorithmID digestAlg;
+    NSSCMSContentInfo contentInfo;
+    SECItem digest;
+    /* --------- local; not part of encoding --------- */
+    NSSCMSMessage *cmsg; /* back pointer */
+    SECItem cdigest;     /* calculated digest */
+};
+#define NSS_CMS_DIGESTED_DATA_VERSION_DATA 0  /* what we *create* */
+#define NSS_CMS_DIGESTED_DATA_VERSION_ENCAP 2 /* what we *create* */
+
+/* =============================================================================
+ * ENCRYPTED DATA
+ */
+struct NSSCMSEncryptedDataStr {
+    SECItem version;
+    NSSCMSContentInfo contentInfo;
+    NSSCMSAttribute **unprotectedAttr; /* optional */
+    /* --------- local; not part of encoding --------- */
+    NSSCMSMessage *cmsg; /* back pointer */
+};
+#define NSS_CMS_ENCRYPTED_DATA_VERSION 0        /* what we *create* */
+#define NSS_CMS_ENCRYPTED_DATA_VERSION_UPATTR 2 /* what we *create* */
+
+/*
+ * *****************************************************************************
+ * *****************************************************************************
+ * *****************************************************************************
+ */
+
+/*
+ * See comment above about this type not really belonging to CMS.
+ */
+struct NSSCMSAttributeStr {
+    /* The following fields make up an encoded Attribute: */
+    SECItem type;
+    SECItem **values; /* data may or may not be encoded */
+    /* The following fields are not part of an encoded Attribute: */
+    SECOidData *typeTag;
+    PRBool encoded; /* when true, values are encoded */
+};
+
+#endif /* _CMST_H_ */
diff --git a/nss/lib/smime/cmsudf.c b/nss/lib/smime/cmsudf.c
new file mode 100644
index 0000000..3ef4268
--- /dev/null
+++ b/nss/lib/smime/cmsudf.c
@@ -0,0 +1,440 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS User Define Types
+ */
+
+#include "cmslocal.h"
+
+#include "prinit.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "secerr.h"
+#include "nss.h"
+
+typedef struct nsscmstypeInfoStr nsscmstypeInfo;
+struct nsscmstypeInfoStr {
+    SECOidTag type;
+    SEC_ASN1Template *template;
+    size_t size;
+    PRBool isData;
+    NSSCMSGenericWrapperDataDestroy destroy;
+    NSSCMSGenericWrapperDataCallback decode_before;
+    NSSCMSGenericWrapperDataCallback decode_after;
+    NSSCMSGenericWrapperDataCallback decode_end;
+    NSSCMSGenericWrapperDataCallback encode_start;
+    NSSCMSGenericWrapperDataCallback encode_before;
+    NSSCMSGenericWrapperDataCallback encode_after;
+};
+
+/* make sure the global tables are only initialized once */
+static PRCallOnceType nsscmstypeOnce;
+static PRCallOnceType nsscmstypeClearOnce;
+/* lock for adding a new entry */
+static PRLock *nsscmstypeAddLock;
+/* lock for the hash table */
+static PRLock *nsscmstypeHashLock;
+/* the hash table itself */
+static PLHashTable *nsscmstypeHash;
+/* arena to hold all the hash table data */
+static PLArenaPool *nsscmstypeArena;
+
+/*
+ * clean up our global tables
+ */
+SECStatus
+nss_cmstype_shutdown(void *appData, void *reserved)
+{
+    if (nsscmstypeHashLock) {
+        PR_Lock(nsscmstypeHashLock);
+    }
+    if (nsscmstypeHash) {
+        PL_HashTableDestroy(nsscmstypeHash);
+        nsscmstypeHash = NULL;
+    }
+    if (nsscmstypeArena) {
+        PORT_FreeArena(nsscmstypeArena, PR_FALSE);
+        nsscmstypeArena = NULL;
+    }
+    if (nsscmstypeAddLock) {
+        PR_DestroyLock(nsscmstypeAddLock);
+    }
+    if (nsscmstypeHashLock) {
+        PRLock *oldLock = nsscmstypeHashLock;
+        nsscmstypeHashLock = NULL;
+        PR_Unlock(oldLock);
+        PR_DestroyLock(oldLock);
+    }
+
+    /* don't clear out the PR_ONCE data if we failed our inital call */
+    if (appData == NULL) {
+        nsscmstypeOnce = nsscmstypeClearOnce;
+    }
+    return SECSuccess;
+}
+
+static PLHashNumber
+nss_cmstype_hash_key(const void *key)
+{
+    return (PLHashNumber)((char *)key - (char *)NULL);
+}
+
+static PRIntn
+nss_cmstype_compare_keys(const void *v1, const void *v2)
+{
+    PLHashNumber value1 = nss_cmstype_hash_key(v1);
+    PLHashNumber value2 = nss_cmstype_hash_key(v2);
+
+    return (value1 == value2);
+}
+
+/*
+ * initialize our hash tables, called once on the first attemat to register
+ * a new SMIME type.
+ */
+static PRStatus
+nss_cmstype_init(void)
+{
+    SECStatus rv;
+
+    nsscmstypeHashLock = PR_NewLock();
+    if (nsscmstypeHashLock == NULL) {
+        return PR_FAILURE;
+    }
+    nsscmstypeAddLock = PR_NewLock();
+    if (nsscmstypeHashLock == NULL) {
+        goto fail;
+    }
+    nsscmstypeHash = PL_NewHashTable(64, nss_cmstype_hash_key,
+                                     nss_cmstype_compare_keys,
+                                     PL_CompareValues, NULL, NULL);
+    if (nsscmstypeHash == NULL) {
+        goto fail;
+    }
+    nsscmstypeArena = PORT_NewArena(2048);
+    if (nsscmstypeArena == NULL) {
+        goto fail;
+    }
+    rv = NSS_RegisterShutdown(nss_cmstype_shutdown, NULL);
+    if (rv != SECSuccess) {
+        goto fail;
+    }
+    return PR_SUCCESS;
+
+fail:
+    nss_cmstype_shutdown(&nsscmstypeOnce, NULL);
+    return PR_FAILURE;
+}
+
+/*
+ * look up and registered SIME type
+ */
+static const nsscmstypeInfo *
+nss_cmstype_lookup(SECOidTag type)
+{
+    nsscmstypeInfo *typeInfo = NULL;
+    ;
+    if (!nsscmstypeHash) {
+        return NULL;
+    }
+    PR_Lock(nsscmstypeHashLock);
+    if (nsscmstypeHash) {
+        typeInfo = PL_HashTableLookupConst(nsscmstypeHash, (void *)type);
+    }
+    PR_Unlock(nsscmstypeHashLock);
+    return typeInfo;
+}
+
+/*
+ * add a new type to the SMIME type table
+ */
+static SECStatus
+nss_cmstype_add(SECOidTag type, nsscmstypeInfo *typeinfo)
+{
+    PLHashEntry *entry;
+
+    if (!nsscmstypeHash) {
+        /* assert? this shouldn't happen */
+        return SECFailure;
+    }
+    PR_Lock(nsscmstypeHashLock);
+    /* this is really paranoia. If we really are racing nsscmstypeHash, we'll
+     * also be racing nsscmstypeHashLock... */
+    if (!nsscmstypeHash) {
+        PR_Unlock(nsscmstypeHashLock);
+        return SECFailure;
+    }
+    entry = PL_HashTableAdd(nsscmstypeHash, (void *)type, typeinfo);
+    PR_Unlock(nsscmstypeHashLock);
+    return entry ? SECSuccess : SECFailure;
+}
+
+/* helper functions to manage new content types
+ */
+
+PRBool
+NSS_CMSType_IsWrapper(SECOidTag type)
+{
+    const nsscmstypeInfo *typeInfo = NULL;
+
+    switch (type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            return PR_TRUE;
+        default:
+            typeInfo = nss_cmstype_lookup(type);
+            if (typeInfo && !typeInfo->isData) {
+                return PR_TRUE;
+            }
+    }
+    return PR_FALSE;
+}
+
+PRBool
+NSS_CMSType_IsData(SECOidTag type)
+{
+    const nsscmstypeInfo *typeInfo = NULL;
+
+    switch (type) {
+        case SEC_OID_PKCS7_DATA:
+            return PR_TRUE;
+        default:
+            typeInfo = nss_cmstype_lookup(type);
+            if (typeInfo && typeInfo->isData) {
+                return PR_TRUE;
+            }
+    }
+    return PR_FALSE;
+}
+
+const SEC_ASN1Template *
+NSS_CMSType_GetTemplate(SECOidTag type)
+{
+    const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type);
+
+    if (typeInfo && typeInfo->template) {
+        return typeInfo->template;
+    }
+    return SEC_ASN1_GET(SEC_PointerToOctetStringTemplate);
+}
+
+size_t
+NSS_CMSType_GetContentSize(SECOidTag type)
+{
+    const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type);
+
+    if (typeInfo) {
+        return typeInfo->size;
+    }
+    return sizeof(SECItem *);
+}
+
+void
+NSS_CMSGenericWrapperData_Destroy(SECOidTag type, NSSCMSGenericWrapperData *gd)
+{
+    const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type);
+
+    if (typeInfo && typeInfo->destroy) {
+        (*typeInfo->destroy)(gd);
+    }
+}
+
+SECStatus
+NSS_CMSGenericWrapperData_Decode_BeforeData(SECOidTag type,
+                                            NSSCMSGenericWrapperData *gd)
+{
+    const nsscmstypeInfo *typeInfo;
+
+    /* short cut common case */
+    if (type == SEC_OID_PKCS7_DATA) {
+        return SECSuccess;
+    }
+
+    typeInfo = nss_cmstype_lookup(type);
+    if (typeInfo) {
+        if (typeInfo->decode_before) {
+            return (*typeInfo->decode_before)(gd);
+        }
+        /* decoder ops optional for data tags */
+        if (typeInfo->isData) {
+            return SECSuccess;
+        }
+    }
+    /* expected a function, but none existed */
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSGenericWrapperData_Decode_AfterData(SECOidTag type,
+                                           NSSCMSGenericWrapperData *gd)
+{
+    const nsscmstypeInfo *typeInfo;
+
+    /* short cut common case */
+    if (type == SEC_OID_PKCS7_DATA) {
+        return SECSuccess;
+    }
+
+    typeInfo = nss_cmstype_lookup(type);
+    if (typeInfo) {
+        if (typeInfo->decode_after) {
+            return (*typeInfo->decode_after)(gd);
+        }
+        /* decoder ops optional for data tags */
+        if (typeInfo->isData) {
+            return SECSuccess;
+        }
+    }
+    /* expected a function, but none existed */
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSGenericWrapperData_Decode_AfterEnd(SECOidTag type,
+                                          NSSCMSGenericWrapperData *gd)
+{
+    const nsscmstypeInfo *typeInfo;
+
+    /* short cut common case */
+    if (type == SEC_OID_PKCS7_DATA) {
+        return SECSuccess;
+    }
+
+    typeInfo = nss_cmstype_lookup(type);
+    if (typeInfo) {
+        if (typeInfo->decode_end) {
+            return (*typeInfo->decode_end)(gd);
+        }
+        /* decoder ops optional for data tags */
+        if (typeInfo->isData) {
+            return SECSuccess;
+        }
+    }
+    /* expected a function, but none existed */
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSGenericWrapperData_Encode_BeforeStart(SECOidTag type,
+                                             NSSCMSGenericWrapperData *gd)
+{
+    const nsscmstypeInfo *typeInfo;
+
+    /* short cut common case */
+    if (type == SEC_OID_PKCS7_DATA) {
+        return SECSuccess;
+    }
+
+    typeInfo = nss_cmstype_lookup(type);
+    if (typeInfo) {
+        if (typeInfo->encode_start) {
+            return (*typeInfo->encode_start)(gd);
+        }
+        /* decoder ops optional for data tags */
+        if (typeInfo->isData) {
+            return SECSuccess;
+        }
+    }
+    /* expected a function, but none existed */
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSGenericWrapperData_Encode_BeforeData(SECOidTag type,
+                                            NSSCMSGenericWrapperData *gd)
+{
+    const nsscmstypeInfo *typeInfo;
+
+    /* short cut common case */
+    if (type == SEC_OID_PKCS7_DATA) {
+        return SECSuccess;
+    }
+
+    typeInfo = nss_cmstype_lookup(type);
+    if (typeInfo) {
+        if (typeInfo->encode_before) {
+            return (*typeInfo->encode_before)(gd);
+        }
+        /* decoder ops optional for data tags */
+        if (typeInfo->isData) {
+            return SECSuccess;
+        }
+    }
+    /* expected a function, but none existed */
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSGenericWrapperData_Encode_AfterData(SECOidTag type,
+                                           NSSCMSGenericWrapperData *gd)
+{
+    const nsscmstypeInfo *typeInfo;
+
+    /* short cut common case */
+    if (type == SEC_OID_PKCS7_DATA) {
+        return SECSuccess;
+    }
+
+    typeInfo = nss_cmstype_lookup(type);
+    if (typeInfo) {
+        if (typeInfo->encode_after) {
+            return (*typeInfo->encode_after)(gd);
+        }
+        /* decoder ops optional for data tags */
+        if (typeInfo->isData) {
+            return SECSuccess;
+        }
+    }
+    /* expected a function, but none existed */
+    return SECFailure;
+}
+
+SECStatus
+NSS_CMSType_RegisterContentType(SECOidTag type,
+                                SEC_ASN1Template *asn1Template, size_t size,
+                                NSSCMSGenericWrapperDataDestroy destroy,
+                                NSSCMSGenericWrapperDataCallback decode_before,
+                                NSSCMSGenericWrapperDataCallback decode_after,
+                                NSSCMSGenericWrapperDataCallback decode_end,
+                                NSSCMSGenericWrapperDataCallback encode_start,
+                                NSSCMSGenericWrapperDataCallback encode_before,
+                                NSSCMSGenericWrapperDataCallback encode_after,
+                                PRBool isData)
+{
+    PRStatus rc;
+    SECStatus rv;
+    nsscmstypeInfo *typeInfo;
+    const nsscmstypeInfo *exists;
+
+    rc = PR_CallOnce(&nsscmstypeOnce, nss_cmstype_init);
+    if (rc == PR_FAILURE) {
+        return SECFailure;
+    }
+    PR_Lock(nsscmstypeAddLock);
+    exists = nss_cmstype_lookup(type);
+    if (exists) {
+        PR_Unlock(nsscmstypeAddLock);
+        /* already added */
+        return SECSuccess;
+    }
+    typeInfo = PORT_ArenaNew(nsscmstypeArena, nsscmstypeInfo);
+    typeInfo->type = type;
+    typeInfo->size = size;
+    typeInfo->isData = isData;
+    typeInfo->template = asn1Template;
+    typeInfo->destroy = destroy;
+    typeInfo->decode_before = decode_before;
+    typeInfo->decode_after = decode_after;
+    typeInfo->decode_end = decode_end;
+    typeInfo->encode_start = encode_start;
+    typeInfo->encode_before = encode_before;
+    typeInfo->encode_after = encode_after;
+    rv = nss_cmstype_add(type, typeInfo);
+    PR_Unlock(nsscmstypeAddLock);
+    return rv;
+}
diff --git a/nss/lib/smime/cmsutil.c b/nss/lib/smime/cmsutil.c
new file mode 100644
index 0000000..cd12603
--- /dev/null
+++ b/nss/lib/smime/cmsutil.c
@@ -0,0 +1,367 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * CMS miscellaneous utility functions.
+ */
+
+#include "cmslocal.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "secerr.h"
+#include "sechash.h"
+
+/*
+ * NSS_CMSArray_SortByDER - sort array of objects by objects' DER encoding
+ *
+ * make sure that the order of the objects guarantees valid DER (which must be
+ * in lexigraphically ascending order for a SET OF); if reordering is necessary it
+ * will be done in place (in objs).
+ */
+SECStatus
+NSS_CMSArray_SortByDER(void **objs, const SEC_ASN1Template *objtemplate, void **objs2)
+{
+    PLArenaPool *poolp;
+    int num_objs;
+    SECItem **enc_objs;
+    SECStatus rv = SECFailure;
+    int i;
+
+    if (objs == NULL) /* already sorted */
+        return SECSuccess;
+
+    num_objs = NSS_CMSArray_Count((void **)objs);
+    if (num_objs == 0 || num_objs == 1) /* already sorted. */
+        return SECSuccess;
+
+    poolp = PORT_NewArena(1024); /* arena for temporaries */
+    if (poolp == NULL)
+        return SECFailure; /* no memory; nothing we can do... */
+
+    /*
+     * Allocate arrays to hold the individual encodings which we will use
+     * for comparisons and the reordered attributes as they are sorted.
+     */
+    enc_objs = (SECItem **)PORT_ArenaZAlloc(poolp, (num_objs + 1) * sizeof(SECItem *));
+    if (enc_objs == NULL)
+        goto loser;
+
+    /* DER encode each individual object. */
+    for (i = 0; i < num_objs; i++) {
+        enc_objs[i] = SEC_ASN1EncodeItem(poolp, NULL, objs[i], objtemplate);
+        if (enc_objs[i] == NULL)
+            goto loser;
+    }
+    enc_objs[num_objs] = NULL;
+
+    /* now compare and sort objs by the order of enc_objs */
+    NSS_CMSArray_Sort((void **)enc_objs, NSS_CMSUtil_DERCompare, objs, objs2);
+
+    rv = SECSuccess;
+
+loser:
+    PORT_FreeArena(poolp, PR_FALSE);
+    return rv;
+}
+
+/*
+ * NSS_CMSUtil_DERCompare - for use with NSS_CMSArray_Sort to
+ *  sort arrays of SECItems containing DER
+ */
+int
+NSS_CMSUtil_DERCompare(void *a, void *b)
+{
+    SECItem *der1 = (SECItem *)a;
+    SECItem *der2 = (SECItem *)b;
+    unsigned int j;
+
+    /*
+     * Find the lowest (lexigraphically) encoding.  One that is
+     * shorter than all the rest is known to be "less" because each
+     * attribute is of the same type (a SEQUENCE) and so thus the
+     * first octet of each is the same, and the second octet is
+     * the length (or the length of the length with the high bit
+     * set, followed by the length, which also works out to always
+     * order the shorter first).  Two (or more) that have the
+     * same length need to be compared byte by byte until a mismatch
+     * is found.
+     */
+    if (der1->len != der2->len)
+        return (der1->len < der2->len) ? -1 : 1;
+
+    for (j = 0; j < der1->len; j++) {
+        if (der1->data[j] == der2->data[j])
+            continue;
+        return (der1->data[j] < der2->data[j]) ? -1 : 1;
+    }
+    return 0;
+}
+
+/*
+ * NSS_CMSAlgArray_GetIndexByAlgID - find a specific algorithm in an array of
+ * algorithms.
+ *
+ * algorithmArray - array of algorithm IDs
+ * algid - algorithmid of algorithm to pick
+ *
+ * Returns:
+ *  An integer containing the index of the algorithm in the array or -1 if
+ *  algorithm was not found.
+ */
+int
+NSS_CMSAlgArray_GetIndexByAlgID(SECAlgorithmID **algorithmArray, SECAlgorithmID *algid)
+{
+    int i;
+
+    if (algorithmArray == NULL || algorithmArray[0] == NULL)
+        return -1;
+
+    for (i = 0; algorithmArray[i] != NULL; i++) {
+        if (SECOID_CompareAlgorithmID(algorithmArray[i], algid) == SECEqual)
+            break; /* bingo */
+    }
+
+    if (algorithmArray[i] == NULL)
+        return -1; /* not found */
+
+    return i;
+}
+
+/*
+ * NSS_CMSAlgArray_GetIndexByAlgTag - find a specific algorithm in an array of
+ * algorithms.
+ *
+ * algorithmArray - array of algorithm IDs
+ * algtag - algorithm tag of algorithm to pick
+ *
+ * Returns:
+ *  An integer containing the index of the algorithm in the array or -1 if
+ *  algorithm was not found.
+ */
+int
+NSS_CMSAlgArray_GetIndexByAlgTag(SECAlgorithmID **algorithmArray,
+                                 SECOidTag algtag)
+{
+    SECOidData *algid;
+    int i = -1;
+
+    if (algorithmArray == NULL || algorithmArray[0] == NULL)
+        return i;
+
+#ifdef ORDER_N_SQUARED
+    for (i = 0; algorithmArray[i] != NULL; i++) {
+        algid = SECOID_FindOID(&(algorithmArray[i]->algorithm));
+        if (algid->offset == algtag)
+            break; /* bingo */
+    }
+#else
+    algid = SECOID_FindOIDByTag(algtag);
+    if (!algid)
+        return i;
+    for (i = 0; algorithmArray[i] != NULL; i++) {
+        if (SECITEM_ItemsAreEqual(&algorithmArray[i]->algorithm, &algid->oid))
+            break; /* bingo */
+    }
+#endif
+
+    if (algorithmArray[i] == NULL)
+        return -1; /* not found */
+
+    return i;
+}
+
+/*
+ * Map a sign algorithm to a digest algorithm.
+ * This is used to handle incorrectly formatted packages sent to us
+ * from Windows 2003.
+ */
+SECOidTag
+NSS_CMSUtil_MapSignAlgs(SECOidTag signAlg)
+{
+    switch (signAlg) {
+        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+            return SEC_OID_MD2;
+            break;
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+            return SEC_OID_MD5;
+            break;
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+        case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+            return SEC_OID_SHA1;
+            break;
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+            return SEC_OID_SHA256;
+            break;
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+            return SEC_OID_SHA384;
+            break;
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+            return SEC_OID_SHA512;
+            break;
+        default:
+            break;
+    }
+    /* not one of the algtags incorrectly sent to us*/
+    return signAlg;
+}
+
+const SECHashObject *
+NSS_CMSUtil_GetHashObjByAlgID(SECAlgorithmID *algid)
+{
+    SECOidTag oidTag = SECOID_FindOIDTag(&(algid->algorithm));
+    const SECHashObject *digobj = HASH_GetHashObjectByOidTag(oidTag);
+
+    return digobj;
+}
+
+const SEC_ASN1Template *
+NSS_CMSUtil_GetTemplateByTypeTag(SECOidTag type)
+{
+    const SEC_ASN1Template *template;
+    extern const SEC_ASN1Template NSSCMSSignedDataTemplate[];
+    extern const SEC_ASN1Template NSSCMSEnvelopedDataTemplate[];
+    extern const SEC_ASN1Template NSSCMSEncryptedDataTemplate[];
+    extern const SEC_ASN1Template NSSCMSDigestedDataTemplate[];
+
+    switch (type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            template = NSSCMSSignedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            template = NSSCMSEnvelopedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            template = NSSCMSEncryptedDataTemplate;
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            template = NSSCMSDigestedDataTemplate;
+            break;
+        default:
+            template = NSS_CMSType_GetTemplate(type);
+            break;
+    }
+    return template;
+}
+
+size_t
+NSS_CMSUtil_GetSizeByTypeTag(SECOidTag type)
+{
+    size_t size;
+
+    switch (type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            size = sizeof(NSSCMSSignedData);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            size = sizeof(NSSCMSEnvelopedData);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            size = sizeof(NSSCMSEncryptedData);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            size = sizeof(NSSCMSDigestedData);
+            break;
+        default:
+            size = NSS_CMSType_GetContentSize(type);
+            break;
+    }
+    return size;
+}
+
+NSSCMSContentInfo *
+NSS_CMSContent_GetContentInfo(void *msg, SECOidTag type)
+{
+    NSSCMSContent c;
+    NSSCMSContentInfo *cinfo = NULL;
+
+    if (!msg)
+        return cinfo;
+    c.pointer = msg;
+    switch (type) {
+        case SEC_OID_PKCS7_SIGNED_DATA:
+            cinfo = &(c.signedData->contentInfo);
+            break;
+        case SEC_OID_PKCS7_ENVELOPED_DATA:
+            cinfo = &(c.envelopedData->contentInfo);
+            break;
+        case SEC_OID_PKCS7_ENCRYPTED_DATA:
+            cinfo = &(c.encryptedData->contentInfo);
+            break;
+        case SEC_OID_PKCS7_DIGESTED_DATA:
+            cinfo = &(c.digestedData->contentInfo);
+            break;
+        default:
+            cinfo = NULL;
+            if (NSS_CMSType_IsWrapper(type)) {
+                cinfo = &(c.genericData->contentInfo);
+            }
+    }
+    return cinfo;
+}
+
+const char *
+NSS_CMSUtil_VerificationStatusToString(NSSCMSVerificationStatus vs)
+{
+    switch (vs) {
+        case NSSCMSVS_Unverified:
+            return "Unverified";
+        case NSSCMSVS_GoodSignature:
+            return "GoodSignature";
+        case NSSCMSVS_BadSignature:
+            return "BadSignature";
+        case NSSCMSVS_DigestMismatch:
+            return "DigestMismatch";
+        case NSSCMSVS_SigningCertNotFound:
+            return "SigningCertNotFound";
+        case NSSCMSVS_SigningCertNotTrusted:
+            return "SigningCertNotTrusted";
+        case NSSCMSVS_SignatureAlgorithmUnknown:
+            return "SignatureAlgorithmUnknown";
+        case NSSCMSVS_SignatureAlgorithmUnsupported:
+            return "SignatureAlgorithmUnsupported";
+        case NSSCMSVS_MalformedSignature:
+            return "MalformedSignature";
+        case NSSCMSVS_ProcessingError:
+            return "ProcessingError";
+        default:
+            return "Unknown";
+    }
+}
+
+SECStatus
+NSS_CMSDEREncode(NSSCMSMessage *cmsg, SECItem *input, SECItem *derOut,
+                 PLArenaPool *arena)
+{
+    NSSCMSEncoderContext *ecx;
+    SECStatus rv = SECSuccess;
+    if (!cmsg || !derOut || !arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    ecx = NSS_CMSEncoder_Start(cmsg, 0, 0, derOut, arena, 0, 0, 0, 0, 0, 0);
+    if (!ecx) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (input) {
+        rv = NSS_CMSEncoder_Update(ecx, (const char *)input->data, input->len);
+        if (rv) {
+            PORT_SetError(SEC_ERROR_BAD_DATA);
+        }
+    }
+    rv |= NSS_CMSEncoder_Finish(ecx);
+    if (rv) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    }
+    return rv;
+}
diff --git a/nss/lib/smime/config.mk b/nss/lib/smime/config.mk
new file mode 100644
index 0000000..85d39e8
--- /dev/null
+++ b/nss/lib/smime/config.mk
@@ -0,0 +1,63 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+RELEASE_LIBS = $(TARGETS)
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/smime.res
+RESNAME = smime.rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-lnss3 \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(DIST)/lib/nss3.lib \
+	$(DIST)/lib/nssutil3.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-lnss3 \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+
+SHARED_LIBRARY_LIBS = \
+	$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
+	$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
+	$(NULL)
+
+SHARED_LIBRARY_DIRS = \
+	../pkcs12 \
+	../pkcs7 \
+	$(NULL)
+
diff --git a/nss/lib/smime/exports.gyp b/nss/lib/smime/exports.gyp
new file mode 100644
index 0000000..3865bb4
--- /dev/null
+++ b/nss/lib/smime/exports.gyp
@@ -0,0 +1,34 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_smime_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'cms.h',
+            'cmsreclist.h',
+            'cmst.h',
+            'smime.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'cmslocal.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/smime/manifest.mn b/nss/lib/smime/manifest.mn
new file mode 100644
index 0000000..e049d88
--- /dev/null
+++ b/nss/lib/smime/manifest.mn
@@ -0,0 +1,51 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+EXPORTS = \
+	cms.h \
+	cmst.h \
+	smime.h \
+	cmsreclist.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	cmslocal.h \
+	$(NULL)
+
+MODULE = nss
+MAPFILE = $(OBJDIR)/smime.def
+
+CSRCS = \
+	cmsarray.c \
+	cmsasn1.c \
+	cmsattr.c \
+	cmscinfo.c \
+	cmscipher.c \
+	cmsdecode.c \
+	cmsdigdata.c \
+	cmsdigest.c \
+	cmsencdata.c \
+	cmsencode.c \
+	cmsenvdata.c \
+	cmsmessage.c \
+	cmspubkey.c \
+	cmsrecinfo.c \
+	cmsreclist.c \
+	cmssigdata.c \
+	cmssiginfo.c \
+	cmsudf.c \
+	cmsutil.c \
+	smimemessage.c \
+	smimeutil.c \
+	smimever.c \
+	$(NULL)
+
+LIBRARY_NAME = smime
+LIBRARY_VERSION = 3
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/smime/smime.def b/nss/lib/smime/smime.def
new file mode 100644
index 0000000..900d6df
--- /dev/null
+++ b/nss/lib/smime/smime.def
@@ -0,0 +1,287 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSS_3.2 {               # NSS 3.2 release
+;+    global:
+LIBRARY smime3 ;-
+EXPORTS	;-
+NSS_CMSContentInfo_GetBulkKey;
+NSS_CMSContentInfo_GetBulkKeySize;
+NSS_CMSContentInfo_GetContent;
+NSS_CMSContentInfo_GetContentEncAlgTag;
+NSS_CMSContentInfo_GetContentTypeTag;
+NSS_CMSContentInfo_SetBulkKey;
+NSS_CMSContentInfo_SetContent;
+NSS_CMSContentInfo_SetContentEncAlg;
+NSS_CMSContentInfo_SetContent_Data;
+NSS_CMSContentInfo_SetContent_DigestedData;
+NSS_CMSContentInfo_SetContent_EncryptedData;
+NSS_CMSContentInfo_SetContent_EnvelopedData;
+NSS_CMSContentInfo_SetContent_SignedData;
+NSS_CMSDEREncode;
+NSS_CMSDecoder_Cancel;
+NSS_CMSDecoder_Finish;
+NSS_CMSDecoder_Start;
+NSS_CMSDecoder_Update;
+NSS_CMSDigestContext_Cancel;
+NSS_CMSDigestContext_FinishMultiple;
+NSS_CMSDigestContext_FinishSingle;
+NSS_CMSDigestContext_StartMultiple;
+NSS_CMSDigestContext_StartSingle;
+NSS_CMSDigestContext_Update;
+NSS_CMSDigestedData_Create;
+NSS_CMSDigestedData_Destroy;
+NSS_CMSDigestedData_GetContentInfo;
+NSS_CMSEncoder_Cancel;
+NSS_CMSEncoder_Finish;
+NSS_CMSEncoder_Start;
+NSS_CMSEncoder_Update;
+NSS_CMSEncryptedData_Create;
+NSS_CMSEncryptedData_Destroy;
+NSS_CMSEncryptedData_GetContentInfo;
+NSS_CMSEnvelopedData_AddRecipient;
+NSS_CMSEnvelopedData_Create;
+NSS_CMSEnvelopedData_Destroy;
+NSS_CMSEnvelopedData_GetContentInfo;
+NSS_CMSMessage_ContentLevel;
+NSS_CMSMessage_ContentLevelCount;
+NSS_CMSMessage_Copy;
+NSS_CMSMessage_Create;
+NSS_CMSMessage_CreateFromDER;
+NSS_CMSMessage_Destroy;
+NSS_CMSMessage_GetContent;
+NSS_CMSMessage_GetContentInfo;
+NSS_CMSRecipientInfo_Create;
+NSS_CMSRecipientInfo_Destroy;
+NSS_CMSSignedData_AddCertChain;
+NSS_CMSSignedData_AddCertList;
+NSS_CMSSignedData_AddCertificate;
+NSS_CMSSignedData_AddDigest;
+NSS_CMSSignedData_AddSignerInfo;
+NSS_CMSSignedData_Create;
+NSS_CMSSignedData_CreateCertsOnly;
+NSS_CMSSignedData_Destroy;
+NSS_CMSSignedData_GetContentInfo;
+NSS_CMSSignedData_GetDigestAlgs;
+NSS_CMSSignedData_GetSignerInfo;
+NSS_CMSSignedData_HasDigests;
+NSS_CMSSignedData_ImportCerts;
+NSS_CMSSignedData_SetDigests;
+NSS_CMSSignedData_SignerInfoCount;
+NSS_CMSSignedData_VerifyCertsOnly;
+NSS_CMSSignedData_VerifySignerInfo;
+NSS_CMSSignerInfo_AddSMIMECaps;
+NSS_CMSSignerInfo_AddSMIMEEncKeyPrefs;
+NSS_CMSSignerInfo_AddSigningTime;
+NSS_CMSSignerInfo_Create;
+NSS_CMSSignerInfo_Destroy;
+NSS_CMSSignerInfo_GetCertList;
+NSS_CMSSignerInfo_GetSignerCommonName;
+NSS_CMSSignerInfo_GetSignerEmailAddress;
+NSS_CMSSignerInfo_GetSigningCertificate;
+NSS_CMSSignerInfo_GetSigningTime;
+NSS_CMSSignerInfo_GetVerificationStatus;
+NSS_CMSSignerInfo_GetVersion;
+NSS_CMSSignerInfo_IncludeCerts;
+NSS_CMSUtil_VerificationStatusToString;
+NSS_SMIMEUtil_FindBulkAlgForRecipients;
+CERT_DecodeCertPackage;
+SEC_PKCS7AddRecipient;
+SEC_PKCS7AddSigningTime;
+SEC_PKCS7ContentType;
+SEC_PKCS7CreateData;
+SEC_PKCS7CreateEncryptedData;
+SEC_PKCS7CreateEnvelopedData;
+SEC_PKCS7CreateSignedData;
+SEC_PKCS7DecodeItem;
+SEC_PKCS7DecoderFinish;
+SEC_PKCS7DecoderStart;
+SEC_PKCS7DecoderUpdate;
+SEC_PKCS7DecryptContents;
+SEC_PKCS7DestroyContentInfo;
+SEC_PKCS7EncoderFinish;
+SEC_PKCS7EncoderStart;
+SEC_PKCS7EncoderUpdate;
+SEC_PKCS7GetCertificateList;
+SEC_PKCS7GetContent;
+SEC_PKCS7GetEncryptionAlgorithm;
+SEC_PKCS7IncludeCertChain;
+SEC_PKCS7IsContentEmpty;
+SEC_PKCS7VerifySignature;
+SEC_PKCS12AddCertAndKey;
+SEC_PKCS12AddPasswordIntegrity;
+SEC_PKCS12CreateExportContext;
+SEC_PKCS12CreatePasswordPrivSafe;
+SEC_PKCS12CreateUnencryptedSafe;
+SEC_PKCS12EnableCipher;
+SEC_PKCS12Encode;
+SEC_PKCS12DecoderImportBags;
+SEC_PKCS12DecoderFinish;
+SEC_PKCS12DecoderStart;
+SEC_PKCS12DecoderUpdate;
+SEC_PKCS12DecoderValidateBags;
+SEC_PKCS12DecoderVerify;
+SEC_PKCS12DestroyExportContext;
+SEC_PKCS12IsEncryptionAllowed;
+SEC_PKCS12SetPreferredCipher;
+;+    local:
+;+        *;
+;+};
+;+NSS_3.2.1 {               # NSS 3.2.1 release
+;+    global:
+NSSSMIME_VersionCheck;
+;+    local:
+;+        *;
+;+};
+;+NSS_3.3 {     # NSS 3.3 release
+;+    global:
+SEC_PKCS7AddCertificate;
+SEC_PKCS7CreateCertsOnly;
+SEC_PKCS7Encode;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.4 {     # NSS 3.4 release
+;+    global:
+CERT_DecodeCertFromPackage;
+NSS_CMSMessage_IsSigned;
+NSS_CMSSignedData_SetDigestValue;
+NSS_SMIMESignerInfo_SaveSMIMEProfile;
+SEC_PKCS12DecoderGetCerts;
+SEC_PKCS7ContainsCertsOrCrls;
+SEC_PKCS7ContentIsEncrypted;
+SEC_PKCS7ContentIsSigned;
+SEC_PKCS7CopyContentInfo;
+SEC_PKCS7GetSignerCommonName;
+SEC_PKCS7GetSignerEmailAddress;
+SEC_PKCS7GetSigningTime;
+SEC_PKCS7SetContent;
+SEC_PKCS7VerifyDetachedSignature;
+SECMIME_DecryptionAllowed;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.4.1 {     # NSS 3.4.1 release
+;+    global:
+NSS_CMSMessage_IsEncrypted;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.6 {     # NSS 3.6 release
+;+    global:
+NSS_CMSSignerInfo_AddMSSMIMEEncKeyPrefs;
+NSS_CMSSignerInfo_CreateWithSubjKeyID;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.7 {     # NSS 3.7 release
+;+    global:
+NSS_CMSRecipientInfo_CreateWithSubjKeyID;
+NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.7.2 {   # NSS 3.7.2 release
+;+    global:
+NSS_CMSRecipientInfo_WrapBulkKey;
+NSS_CMSRecipientInfo_UnwrapBulkKey;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.8 {   # NSS 3.8 release
+;+    global:
+NSS_CMSRecipientInfo_CreateNew;
+NSS_CMSRecipientInfo_CreateFromDER;
+NSS_CMSRecipientInfo_Encode;
+NSS_CMSRecipientInfo_GetCertAndKey;
+SEC_PKCS12DecoderSetTargetTokenCAs;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.9 {   # NSS 3.9 release
+;+    global:
+SEC_PKCS7DecoderAbort;
+SEC_PKCS7EncoderAbort;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.9.3 {   # NSS 3.9.3 release
+;+    global:
+CERT_ConvertAndDecodeCertificate;
+SEC_PKCS7EncodeItem;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.10 {   # NSS 3.10 release
+;+    global:
+SEC_PKCS12DecoderIterateInit;
+SEC_PKCS12DecoderIterateNext;
+SEC_PKCS12DecryptionAllowed;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.2 {   # NSS 3.12.2 release
+;+    global:
+SEC_PKCS12AddCertOrChainAndKey;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.12.10 {   # NSS 3.12.10 release
+;+    global:
+NSS_CMSType_RegisterContentType;
+NSS_CMSContentInfo_SetDontStream;
+NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs;
+;+#
+;+# Data objects
+;+#
+;+# Don't export these DATA symbols on Windows because they don't work right.
+;+# Use the SEC_ASN1_GET / SEC_ASN1_SUB / SEC_ASN1_XTRN macros to access them.
+;+#
+;+# See nssutil for other examples.
+;+#
+;;NSSCMSGenericWrapperDataTemplate DATA ;
+;;NSS_PointerToCMSGenericWrapperDataTemplate DATA ;
+NSS_Get_NSSCMSGenericWrapperDataTemplate;
+NSS_Get_NSS_PointerToCMSGenericWrapperDataTemplate;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.13 {    # NSS 3.13 release
+;+    global:
+NSSSMIME_GetVersion;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.15 {    # NSS 3.15 release
+;+    global:
+SEC_PKCS7VerifyDetachedSignatureAtTime;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.16 {    # NSS 3.16 release
+;+    global:
+NSS_CMSSignerInfo_Verify;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.18 {    # NSS 3.18 release
+;+    global:
+SEC_PKCS12DecoderRenameCertNicknames;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/smime/smime.gyp b/nss/lib/smime/smime.gyp
new file mode 100644
index 0000000..fa74cd9
--- /dev/null
+++ b/nss/lib/smime/smime.gyp
@@ -0,0 +1,80 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'smime',
+      'type': 'static_library',
+      'sources': [
+        'cmsarray.c',
+        'cmsasn1.c',
+        'cmsattr.c',
+        'cmscinfo.c',
+        'cmscipher.c',
+        'cmsdecode.c',
+        'cmsdigdata.c',
+        'cmsdigest.c',
+        'cmsencdata.c',
+        'cmsencode.c',
+        'cmsenvdata.c',
+        'cmsmessage.c',
+        'cmspubkey.c',
+        'cmsrecinfo.c',
+        'cmsreclist.c',
+        'cmssigdata.c',
+        'cmssiginfo.c',
+        'cmsudf.c',
+        'cmsutil.c',
+        'smimemessage.c',
+        'smimeutil.c',
+        'smimever.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ]
+    },
+    {
+      # This is here so Firefox can link this without having to
+      # repeat the list of dependencies.
+      'target_name': 'smime3_deps',
+      'type': 'none',
+      'dependencies': [
+        'smime',
+        '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
+        '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7'
+      ],
+    },
+    {
+      'target_name': 'smime3',
+      'type': 'shared_library',
+      'dependencies': [
+        'smime3_deps',
+        '<(DEPTH)/lib/nss/nss.gyp:nss3',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3'
+      ],
+      'variables': {
+        'mapfile': 'smime.def'
+      }
+    }
+  ],
+  'conditions': [
+    [ 'moz_fold_libs==1', {
+      'targets': [
+        {
+          'target_name': 'smime3_static',
+          'type': 'static_library',
+          'dependencies': [
+            'smime3_deps',
+          ],
+        }
+      ],
+    }],
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/smime/smime.h b/nss/lib/smime/smime.h
new file mode 100644
index 0000000..e534ef0
--- /dev/null
+++ b/nss/lib/smime/smime.h
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Header file for routines specific to S/MIME.  Keep things that are pure
+ * pkcs7 out of here; this is for S/MIME policy, S/MIME interoperability, etc.
+ */
+
+#ifndef _SMIME_H_
+#define _SMIME_H_ 1
+
+#include "cms.h"
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/*
+ * Initialize the local recording of the user S/MIME cipher preferences.
+ * This function is called once for each cipher, the order being
+ * important (first call records greatest preference, and so on).
+ * When finished, it is called with a "which" of CIPHER_FAMILID_MASK.
+ * If the function is called again after that, it is assumed that
+ * the preferences are being reset, and the old preferences are
+ * discarded.
+ *
+ * XXX This is for a particular user, and right now the storage is
+ * XXX local, static.  The preference should be stored elsewhere to allow
+ * XXX for multiple uses of one library?  How does SSL handle this;
+ * XXX it has something similar?
+ *
+ *  - The "which" values are defined in ciferfam.h (the SMIME_* values,
+ *    for example SMIME_DES_CBC_56).
+ *  - If "on" is non-zero then the named cipher is enabled, otherwise
+ *    it is disabled.  (It is not necessary to call the function for
+ *    ciphers that are disabled, however, as that is the default.)
+ *
+ * If the cipher preference is successfully recorded, SECSuccess
+ * is returned.  Otherwise SECFailure is returned.  The only errors
+ * are due to failure allocating memory or bad parameters/calls:
+ *      SEC_ERROR_XXX ("which" is not in the S/MIME cipher family)
+ *      SEC_ERROR_XXX (function is being called more times than there
+ *              are known/expected ciphers)
+ */
+extern SECStatus NSS_SMIMEUtil_EnableCipher(long which, int on);
+
+/*
+ * Initialize the local recording of the S/MIME policy.
+ * This function is called to allow/disallow a particular cipher.
+ *
+ * XXX This is for the current module, I think, so local, static storage
+ * XXX is okay.  Is that correct, or could multiple uses of the same
+ * XXX library expect to operate under different policies?
+ *
+ *  - The "which" values are defined in ciferfam.h (the SMIME_* values,
+ *    for example SMIME_DES_CBC_56).
+ *  - If "on" is non-zero then the named cipher is enabled, otherwise
+ *    it is disabled.
+ */
+extern SECStatus NSS_SMIMEUtils_AllowCipher(long which, int on);
+
+/*
+ * Does the current policy allow S/MIME decryption of this particular
+ * algorithm and keysize?
+ */
+extern PRBool NSS_SMIMEUtil_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key);
+
+/*
+ * Does the current policy allow *any* S/MIME encryption (or decryption)?
+ *
+ * This tells whether or not *any* S/MIME encryption can be done,
+ * according to policy.  Callers may use this to do nicer user interface
+ * (say, greying out a checkbox so a user does not even try to encrypt
+ * a message when they are not allowed to) or for any reason they want
+ * to check whether S/MIME encryption (or decryption, for that matter)
+ * may be done.
+ *
+ * It takes no arguments.  The return value is a simple boolean:
+ *   PR_TRUE means encryption (or decryption) is *possible*
+ *      (but may still fail due to other reasons, like because we cannot
+ *      find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
+ *   PR_FALSE means encryption (or decryption) is not permitted
+ *
+ * There are no errors from this routine.
+ */
+extern PRBool NSS_SMIMEUtil_EncryptionPossible(void);
+
+/*
+ * NSS_SMIMEUtil_CreateSMIMECapabilities - get S/MIME capabilities attr value
+ *
+ * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant
+ * S/MIME capabilities attribute value.
+ */
+extern SECStatus NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest);
+
+/*
+ * NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value
+ */
+extern SECStatus NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(PLArenaPool *poolp,
+                                                      SECItem *dest, CERTCertificate *cert);
+
+/*
+ * NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value using MS oid
+ */
+extern SECStatus NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs(PLArenaPool *poolp,
+                                                        SECItem *dest, CERTCertificate *cert);
+
+/*
+ * NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference - find cert marked by EncryptionKeyPreference
+ *          attribute
+ */
+extern CERTCertificate *NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(CERTCertDBHandle *certdb,
+                                                                         SECItem *DERekp);
+
+/*
+ * NSS_SMIMEUtil_FindBulkAlgForRecipients - find bulk algorithm suitable for all recipients
+ */
+extern SECStatus
+NSS_SMIMEUtil_FindBulkAlgForRecipients(CERTCertificate **rcerts,
+                                       SECOidTag *bulkalgtag, int *keysize);
+
+/*
+ * Return a boolean that indicates whether the underlying library
+ * will perform as the caller expects.
+ *
+ * The only argument is a string, which should be the version
+ * identifier of the NSS library. That string will be compared
+ * against a string that represents the actual build version of
+ * the S/MIME library.
+ */
+extern PRBool NSSSMIME_VersionCheck(const char *importedVersion);
+
+/*
+ * Returns a const string of the S/MIME library version.
+ */
+extern const char *NSSSMIME_GetVersion(void);
+
+/************************************************************************/
+SEC_END_PROTOS
+
+#endif /* _SECMIME_H_ */
diff --git a/nss/lib/smime/smime.rc b/nss/lib/smime/smime.rc
new file mode 100644
index 0000000..ad24732
--- /dev/null
+++ b/nss/lib/smime/smime.rc
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include <winver.h>
+
+#define MY_LIBNAME "smime"
+#define MY_FILEDESCRIPTION "NSS S/MIME Library"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if NSS_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
+ PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", NSS_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", NSS_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/smime/smimemessage.c b/nss/lib/smime/smimemessage.c
new file mode 100644
index 0000000..774b9f3
--- /dev/null
+++ b/nss/lib/smime/smimemessage.c
@@ -0,0 +1,183 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * SMIME message methods
+ */
+
+#include "cmslocal.h"
+#include "smime.h"
+
+#include "cert.h"
+#include "key.h"
+#include "secasn1.h"
+#include "secitem.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "secerr.h"
+
+#if 0
+/*
+ * NSS_SMIMEMessage_CreateEncrypted - start an S/MIME encrypting context.
+ *
+ * "scert" is the cert for the sender.  It will be checked for validity.
+ * "rcerts" are the certs for the recipients.  They will also be checked.
+ *
+ * "certdb" is the cert database to use for verifying the certs.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * This function already does all of the stuff specific to S/MIME protocol
+ * and local policy; the return value just needs to be passed to
+ * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
+ * and finally to SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+NSSCMSMessage *
+NSS_SMIMEMessage_CreateEncrypted(CERTCertificate *scert,
+                        CERTCertificate **rcerts,
+                        CERTCertDBHandle *certdb,
+                        PK11PasswordFunc pwfn,
+                        void *pwfn_arg)
+{
+    NSSCMSMessage *cmsg;
+    long cipher;
+    SECOidTag encalg;
+    int keysize;
+    int mapi, rci;
+
+    cipher = smime_choose_cipher (scert, rcerts);
+    if (cipher < 0)
+        return NULL;
+
+    mapi = smime_mapi_by_cipher (cipher);
+    if (mapi < 0)
+        return NULL;
+
+    /*
+     * XXX This is stretching it -- CreateEnvelopedData should probably
+     * take a cipher itself of some sort, because we cannot know what the
+     * future will bring in terms of parameters for each type of algorithm.
+     * For example, just an algorithm and keysize is *not* sufficient to
+     * fully specify the usage of RC5 (which also needs to know rounds and
+     * block size).  Work this out into a better API!
+     */
+    encalg = smime_cipher_map[mapi].algtag;
+    keysize = smime_keysize_by_cipher (cipher);
+    if (keysize < 0)
+        return NULL;
+
+    cinfo = SEC_PKCS7CreateEnvelopedData (scert, certUsageEmailRecipient,
+                                          certdb, encalg, keysize,
+                                          pwfn, pwfn_arg);
+    if (cinfo == NULL)
+        return NULL;
+
+    for (rci = 0; rcerts[rci] != NULL; rci++) {
+        if (rcerts[rci] == scert)
+            continue;
+        if (SEC_PKCS7AddRecipient (cinfo, rcerts[rci], certUsageEmailRecipient,
+                                   NULL) != SECSuccess) {
+            SEC_PKCS7DestroyContentInfo (cinfo);
+            return NULL;
+        }
+    }
+
+    return cinfo;
+}
+
+
+/*
+ * Start an S/MIME signing context.
+ *
+ * "scert" is the cert that will be used to sign the data.  It will be
+ * checked for validity.
+ *
+ * "ecert" is the signer's encryption cert.  If it is different from
+ * scert, then it will be included in the signed message so that the
+ * recipient can save it for future encryptions.
+ *
+ * "certdb" is the cert database to use for verifying the cert.
+ * It can be NULL if a default database is available (like in the client).
+ *
+ * "digestalg" names the digest algorithm (e.g. SEC_OID_SHA1).
+ * XXX There should be SECMIME functions for hashing, or the hashing should
+ * be built into this interface, which we would like because we would
+ * support more smartcards that way, and then this argument should go away.)
+ *
+ * "digest" is the actual digest of the data.  It must be provided in
+ * the case of detached data or NULL if the content will be included.
+ *
+ * This function already does all of the stuff specific to S/MIME protocol
+ * and local policy; the return value just needs to be passed to
+ * SEC_PKCS7Encode() or to SEC_PKCS7EncoderStart() to create the encoded data,
+ * and finally to SEC_PKCS7DestroyContentInfo().
+ *
+ * An error results in a return value of NULL and an error set.
+ * (Retrieve specific errors via PORT_GetError()/XP_GetError().)
+ */
+
+NSSCMSMessage *
+NSS_SMIMEMessage_CreateSigned(CERTCertificate *scert,
+                      CERTCertificate *ecert,
+                      CERTCertDBHandle *certdb,
+                      SECOidTag digestalgtag,
+                      SECItem *digest,
+                      PK11PasswordFunc pwfn,
+                      void *pwfn_arg)
+{
+    NSSCMSMessage *cmsg;
+    NSSCMSSignedData *sigd;
+    NSSCMSSignerInfo *signerinfo;
+
+    /* See note in header comment above about digestalg. */
+    /* Doesn't explain this.  PORT_Assert (digestalgtag == SEC_OID_SHA1); */
+
+    cmsg = NSS_CMSMessage_Create(NULL);
+    if (cmsg == NULL)
+        return NULL;
+
+    sigd = NSS_CMSSignedData_Create(cmsg);
+    if (sigd == NULL)
+        goto loser;
+
+    /* create just one signerinfo */
+    signerinfo = NSS_CMSSignerInfo_Create(cmsg, scert, digestalgtag);
+    if (signerinfo == NULL)
+        goto loser;
+
+    /* Add the signing time to the signerinfo.  */
+    if (NSS_CMSSignerInfo_AddSigningTime(signerinfo, PR_Now()) != SECSuccess)
+        goto loser;
+
+    /* and add the SMIME profile */
+    if (NSS_SMIMESignerInfo_AddSMIMEProfile(signerinfo, scert) != SECSuccess)
+        goto loser;
+
+    /* now add the signerinfo to the signeddata */
+    if (NSS_CMSSignedData_AddSignerInfo(sigd, signerinfo) != SECSuccess)
+        goto loser;
+
+    /* include the signing cert and its entire chain */
+    /* note that there are no checks for duplicate certs in place, as all the */
+    /* essential data structures (like set of certificate) are not there */
+    if (NSS_CMSSignedData_AddCertChain(sigd, scert) != SECSuccess)
+        goto loser;
+
+    /* If the encryption cert and the signing cert differ, then include
+     * the encryption cert too. */
+    if ( ( ecert != NULL ) && ( ecert != scert ) ) {
+        if (NSS_CMSSignedData_AddCertificate(sigd, ecert) != SECSuccess)
+            goto loser;
+    }
+
+    return cmsg;
+loser:
+    if (cmsg)
+        NSS_CMSMessage_Destroy(cmsg);
+    return NULL;
+}
+#endif
diff --git a/nss/lib/smime/smimesym.c b/nss/lib/smime/smimesym.c
new file mode 100644
index 0000000..2ae39f4
--- /dev/null
+++ b/nss/lib/smime/smimesym.c
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+extern void SEC_PKCS7DecodeItem();
+extern void SEC_PKCS7DestroyContentInfo();
+
+smime_CMDExports()
+{
+    SEC_PKCS7DecodeItem();
+    SEC_PKCS7DestroyContentInfo();
+}
diff --git a/nss/lib/smime/smimeutil.c b/nss/lib/smime/smimeutil.c
new file mode 100644
index 0000000..7674a65
--- /dev/null
+++ b/nss/lib/smime/smimeutil.c
@@ -0,0 +1,776 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Stuff specific to S/MIME policy and interoperability.
+ */
+
+#include "secmime.h"
+#include "secoid.h"
+#include "pk11func.h"
+#include "ciferfam.h" /* for CIPHER_FAMILY symbols */
+#include "secasn1.h"
+#include "secitem.h"
+#include "cert.h"
+#include "key.h"
+#include "secerr.h"
+#include "cms.h"
+#include "nss.h"
+
+SEC_ASN1_MKSUB(CERT_IssuerAndSNTemplate)
+SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(CERT_IssuerAndSNTemplate)
+
+/* various integer's ASN.1 encoding */
+static unsigned char asn1_int40[] = { SEC_ASN1_INTEGER, 0x01, 0x28 };
+static unsigned char asn1_int64[] = { SEC_ASN1_INTEGER, 0x01, 0x40 };
+static unsigned char asn1_int128[] = { SEC_ASN1_INTEGER, 0x02, 0x00, 0x80 };
+
+/* RC2 algorithm parameters (used in smime_cipher_map) */
+static SECItem param_int40 = { siBuffer, asn1_int40, sizeof(asn1_int40) };
+static SECItem param_int64 = { siBuffer, asn1_int64, sizeof(asn1_int64) };
+static SECItem param_int128 = { siBuffer, asn1_int128, sizeof(asn1_int128) };
+
+/*
+ * XXX Would like the "parameters" field to be a SECItem *, but the
+ * encoder is having trouble with optional pointers to an ANY.  Maybe
+ * once that is fixed, can change this back...
+ */
+typedef struct {
+    SECItem capabilityID;
+    SECItem parameters;
+    long cipher; /* optimization */
+} NSSSMIMECapability;
+
+static const SEC_ASN1Template NSSSMIMECapabilityTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSSMIMECapability) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(NSSSMIMECapability, capabilityID) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
+      offsetof(NSSSMIMECapability, parameters) },
+    { 0 }
+};
+
+static const SEC_ASN1Template NSSSMIMECapabilitiesTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, NSSSMIMECapabilityTemplate }
+};
+
+/*
+ * NSSSMIMEEncryptionKeyPreference - if we find one of these, it needs to prompt us
+ *  to store this and only this certificate permanently for the sender email address.
+ */
+typedef enum {
+    NSSSMIMEEncryptionKeyPref_IssuerSN,
+    NSSSMIMEEncryptionKeyPref_RKeyID,
+    NSSSMIMEEncryptionKeyPref_SubjectKeyID
+} NSSSMIMEEncryptionKeyPrefSelector;
+
+typedef struct {
+    NSSSMIMEEncryptionKeyPrefSelector selector;
+    union {
+        CERTIssuerAndSN *issuerAndSN;
+        NSSCMSRecipientKeyIdentifier *recipientKeyID;
+        SECItem *subjectKeyID;
+    } id;
+} NSSSMIMEEncryptionKeyPreference;
+
+extern const SEC_ASN1Template NSSCMSRecipientKeyIdentifierTemplate[];
+
+static const SEC_ASN1Template smime_encryptionkeypref_template[] = {
+    { SEC_ASN1_CHOICE,
+      offsetof(NSSSMIMEEncryptionKeyPreference, selector), NULL,
+      sizeof(NSSSMIMEEncryptionKeyPreference) },
+    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0 | SEC_ASN1_CONSTRUCTED,
+      offsetof(NSSSMIMEEncryptionKeyPreference, id.issuerAndSN),
+      SEC_ASN1_SUB(CERT_IssuerAndSNTemplate),
+      NSSSMIMEEncryptionKeyPref_IssuerSN },
+    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 1 | SEC_ASN1_CONSTRUCTED,
+      offsetof(NSSSMIMEEncryptionKeyPreference, id.recipientKeyID),
+      NSSCMSRecipientKeyIdentifierTemplate,
+      NSSSMIMEEncryptionKeyPref_RKeyID },
+    { SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2 | SEC_ASN1_CONSTRUCTED,
+      offsetof(NSSSMIMEEncryptionKeyPreference, id.subjectKeyID),
+      SEC_ASN1_SUB(SEC_OctetStringTemplate),
+      NSSSMIMEEncryptionKeyPref_SubjectKeyID },
+    { 0 }
+};
+
+/* smime_cipher_map - map of SMIME symmetric "ciphers" to algtag & parameters */
+typedef struct {
+    unsigned long cipher;
+    SECOidTag algtag;
+    SECItem *parms;
+    PRBool enabled; /* in the user's preferences */
+    PRBool allowed; /* per export policy */
+} smime_cipher_map_entry;
+
+/* global: list of supported SMIME symmetric ciphers, ordered roughly by increasing strength */
+static smime_cipher_map_entry smime_cipher_map[] = {
+    /*    cipher, algtag, parms, enabled, allowed    */
+    /*    ---------------------------------------    */
+    { SMIME_RC2_CBC_40, SEC_OID_RC2_CBC, &param_int40, PR_TRUE, PR_TRUE },
+    { SMIME_DES_CBC_56, SEC_OID_DES_CBC, NULL, PR_TRUE, PR_TRUE },
+    { SMIME_RC2_CBC_64, SEC_OID_RC2_CBC, &param_int64, PR_TRUE, PR_TRUE },
+    { SMIME_RC2_CBC_128, SEC_OID_RC2_CBC, &param_int128, PR_TRUE, PR_TRUE },
+    { SMIME_DES_EDE3_168, SEC_OID_DES_EDE3_CBC, NULL, PR_TRUE, PR_TRUE },
+    { SMIME_AES_CBC_128, SEC_OID_AES_128_CBC, NULL, PR_TRUE, PR_TRUE },
+    { SMIME_AES_CBC_256, SEC_OID_AES_256_CBC, NULL, PR_TRUE, PR_TRUE }
+};
+static const int smime_cipher_map_count = sizeof(smime_cipher_map) / sizeof(smime_cipher_map_entry);
+
+/*
+ * smime_mapi_by_cipher - find index into smime_cipher_map by cipher
+ */
+static int
+smime_mapi_by_cipher(unsigned long cipher)
+{
+    int i;
+
+    for (i = 0; i < smime_cipher_map_count; i++) {
+        if (smime_cipher_map[i].cipher == cipher)
+            return i; /* bingo */
+    }
+    return -1; /* should not happen if we're consistent, right? */
+}
+
+/*
+ * NSS_SMIME_EnableCipher - this function locally records the user's preference
+ */
+SECStatus
+NSS_SMIMEUtil_EnableCipher(unsigned long which, PRBool on)
+{
+    unsigned long mask;
+    int mapi;
+
+    mask = which & CIPHER_FAMILYID_MASK;
+
+    PORT_Assert(mask == CIPHER_FAMILYID_SMIME);
+    if (mask != CIPHER_FAMILYID_SMIME)
+        /* XXX set an error! */
+        return SECFailure;
+
+    mapi = smime_mapi_by_cipher(which);
+    if (mapi < 0)
+        /* XXX set an error */
+        return SECFailure;
+
+    /* do we try to turn on a forbidden cipher? */
+    if (!smime_cipher_map[mapi].allowed && on) {
+        PORT_SetError(SEC_ERROR_BAD_EXPORT_ALGORITHM);
+        return SECFailure;
+    }
+
+    if (smime_cipher_map[mapi].enabled != on)
+        smime_cipher_map[mapi].enabled = on;
+
+    return SECSuccess;
+}
+
+/*
+ * this function locally records the export policy
+ */
+SECStatus
+NSS_SMIMEUtil_AllowCipher(unsigned long which, PRBool on)
+{
+    unsigned long mask;
+    int mapi;
+
+    mask = which & CIPHER_FAMILYID_MASK;
+
+    PORT_Assert(mask == CIPHER_FAMILYID_SMIME);
+    if (mask != CIPHER_FAMILYID_SMIME)
+        /* XXX set an error! */
+        return SECFailure;
+
+    mapi = smime_mapi_by_cipher(which);
+    if (mapi < 0)
+        /* XXX set an error */
+        return SECFailure;
+
+    if (smime_cipher_map[mapi].allowed != on)
+        smime_cipher_map[mapi].allowed = on;
+
+    return SECSuccess;
+}
+
+/*
+ * Based on the given algorithm (including its parameters, in some cases!)
+ * and the given key (may or may not be inspected, depending on the
+ * algorithm), find the appropriate policy algorithm specification
+ * and return it.  If no match can be made, -1 is returned.
+ */
+static SECStatus
+nss_smime_get_cipher_for_alg_and_key(SECAlgorithmID *algid, PK11SymKey *key,
+                                     unsigned long *cipher)
+{
+    SECOidTag algtag;
+    unsigned int keylen_bits;
+    unsigned long c;
+
+    algtag = SECOID_GetAlgorithmTag(algid);
+    switch (algtag) {
+        case SEC_OID_RC2_CBC:
+            keylen_bits = PK11_GetKeyStrength(key, algid);
+            switch (keylen_bits) {
+                case 40:
+                    c = SMIME_RC2_CBC_40;
+                    break;
+                case 64:
+                    c = SMIME_RC2_CBC_64;
+                    break;
+                case 128:
+                    c = SMIME_RC2_CBC_128;
+                    break;
+                default:
+                    return SECFailure;
+            }
+            break;
+        case SEC_OID_DES_CBC:
+            c = SMIME_DES_CBC_56;
+            break;
+        case SEC_OID_DES_EDE3_CBC:
+            c = SMIME_DES_EDE3_168;
+            break;
+        case SEC_OID_AES_128_CBC:
+            c = SMIME_AES_CBC_128;
+            break;
+        case SEC_OID_AES_256_CBC:
+            c = SMIME_AES_CBC_256;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            return SECFailure;
+    }
+    *cipher = c;
+    return SECSuccess;
+}
+
+static PRBool
+nss_smime_cipher_allowed(unsigned long which)
+{
+    int mapi;
+
+    mapi = smime_mapi_by_cipher(which);
+    if (mapi < 0)
+        return PR_FALSE;
+    return smime_cipher_map[mapi].allowed;
+}
+
+PRBool
+NSS_SMIMEUtil_DecryptionAllowed(SECAlgorithmID *algid, PK11SymKey *key)
+{
+    unsigned long which;
+
+    if (nss_smime_get_cipher_for_alg_and_key(algid, key, &which) != SECSuccess)
+        return PR_FALSE;
+
+    return nss_smime_cipher_allowed(which);
+}
+
+/*
+ * NSS_SMIME_EncryptionPossible - check if any encryption is allowed
+ *
+ * This tells whether or not *any* S/MIME encryption can be done,
+ * according to policy.  Callers may use this to do nicer user interface
+ * (say, greying out a checkbox so a user does not even try to encrypt
+ * a message when they are not allowed to) or for any reason they want
+ * to check whether S/MIME encryption (or decryption, for that matter)
+ * may be done.
+ *
+ * It takes no arguments.  The return value is a simple boolean:
+ *   PR_TRUE means encryption (or decryption) is *possible*
+ *      (but may still fail due to other reasons, like because we cannot
+ *      find all the necessary certs, etc.; PR_TRUE is *not* a guarantee)
+ *   PR_FALSE means encryption (or decryption) is not permitted
+ *
+ * There are no errors from this routine.
+ */
+PRBool
+NSS_SMIMEUtil_EncryptionPossible(void)
+{
+    int i;
+
+    for (i = 0; i < smime_cipher_map_count; i++) {
+        if (smime_cipher_map[i].allowed)
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+static int
+nss_SMIME_FindCipherForSMIMECap(NSSSMIMECapability *cap)
+{
+    int i;
+    SECOidTag capIDTag;
+
+    /* we need the OIDTag here */
+    capIDTag = SECOID_FindOIDTag(&(cap->capabilityID));
+
+    /* go over all the SMIME ciphers we know and see if we find a match */
+    for (i = 0; i < smime_cipher_map_count; i++) {
+        if (smime_cipher_map[i].algtag != capIDTag)
+            continue;
+        /*
+         * XXX If SECITEM_CompareItem allowed NULLs as arguments (comparing
+         * 2 NULLs as equal and NULL and non-NULL as not equal), we could
+         * use that here instead of all of the following comparison code.
+         */
+        if (!smime_cipher_map[i].parms) {
+            if (!cap->parameters.data || !cap->parameters.len)
+                break; /* both empty: bingo */
+            if (cap->parameters.len == 2 &&
+                cap->parameters.data[0] == SEC_ASN1_NULL &&
+                cap->parameters.data[1] == 0)
+                break; /* DER NULL == NULL, bingo */
+        } else if (cap->parameters.data != NULL &&
+                   cap->parameters.len == smime_cipher_map[i].parms->len &&
+                   PORT_Memcmp(cap->parameters.data, smime_cipher_map[i].parms->data,
+                               cap->parameters.len) == 0) {
+            break; /* both not empty, same length & equal content: bingo */
+        }
+    }
+
+    if (i == smime_cipher_map_count)
+        return 0;                      /* no match found */
+    return smime_cipher_map[i].cipher; /* match found, point to cipher */
+}
+
+/*
+ * smime_choose_cipher - choose a cipher that works for all the recipients
+ *
+ * "scert"  - sender's certificate
+ * "rcerts" - recipient's certificates
+ */
+static long
+smime_choose_cipher(CERTCertificate *scert, CERTCertificate **rcerts)
+{
+    PLArenaPool *poolp;
+    long cipher;
+    long chosen_cipher;
+    int *cipher_abilities;
+    int *cipher_votes;
+    int weak_mapi;
+    int strong_mapi;
+    int aes128_mapi;
+    int aes256_mapi;
+    int rcount, mapi, max, i;
+
+    chosen_cipher = SMIME_RC2_CBC_40; /* the default, LCD */
+    weak_mapi = smime_mapi_by_cipher(chosen_cipher);
+    aes128_mapi = smime_mapi_by_cipher(SMIME_AES_CBC_128);
+    aes256_mapi = smime_mapi_by_cipher(SMIME_AES_CBC_256);
+
+    poolp = PORT_NewArena(1024); /* XXX what is right value? */
+    if (poolp == NULL)
+        goto done;
+
+    cipher_abilities = (int *)PORT_ArenaZAlloc(poolp, smime_cipher_map_count * sizeof(int));
+    cipher_votes = (int *)PORT_ArenaZAlloc(poolp, smime_cipher_map_count * sizeof(int));
+    if (cipher_votes == NULL || cipher_abilities == NULL)
+        goto done;
+
+    /* Make triple-DES the strong cipher. */
+    strong_mapi = smime_mapi_by_cipher(SMIME_DES_EDE3_168);
+
+    /* walk all the recipient's certs */
+    for (rcount = 0; rcerts[rcount] != NULL; rcount++) {
+        SECItem *profile;
+        NSSSMIMECapability **caps;
+        int pref;
+
+        /* the first cipher that matches in the user's SMIME profile gets
+         * "smime_cipher_map_count" votes; the next one gets "smime_cipher_map_count" - 1
+         * and so on. If every cipher matches, the last one gets 1 (one) vote */
+        pref = smime_cipher_map_count;
+
+        /* find recipient's SMIME profile */
+        profile = CERT_FindSMimeProfile(rcerts[rcount]);
+
+        if (profile != NULL && profile->data != NULL && profile->len > 0) {
+            /* we have a profile (still DER-encoded) */
+            caps = NULL;
+            /* decode it */
+            if (SEC_QuickDERDecodeItem(poolp, &caps,
+                                       NSSSMIMECapabilitiesTemplate, profile) == SECSuccess &&
+                caps != NULL) {
+                /* walk the SMIME capabilities for this recipient */
+                for (i = 0; caps[i] != NULL; i++) {
+                    cipher = nss_SMIME_FindCipherForSMIMECap(caps[i]);
+                    mapi = smime_mapi_by_cipher(cipher);
+                    if (mapi >= 0) {
+                        /* found the cipher */
+                        cipher_abilities[mapi]++;
+                        cipher_votes[mapi] += pref;
+                        --pref;
+                    }
+                }
+            }
+        } else {
+            /* no profile found - so we can only assume that the user can do
+             * the mandatory algorithms which are RC2-40 (weak crypto) and
+             * 3DES (strong crypto), unless the user has an elliptic curve
+             * key.  For elliptic curve keys, RFC 5753 mandates support
+             * for AES 128 CBC. */
+            SECKEYPublicKey *key;
+            unsigned int pklen_bits;
+            KeyType key_type;
+
+            /*
+             * if recipient's public key length is > 512, vote for a strong cipher
+             * please not that the side effect of this is that if only one recipient
+             * has an export-level public key, the strong cipher is disabled.
+             *
+             * XXX This is probably only good for RSA keys.  What I would
+             * really like is a function to just say;  Is the public key in
+             * this cert an export-length key?  Then I would not have to
+             * know things like the value 512, or the kind of key, or what
+             * a subjectPublicKeyInfo is, etc.
+             */
+            key = CERT_ExtractPublicKey(rcerts[rcount]);
+            pklen_bits = 0;
+            key_type = nullKey;
+            if (key != NULL) {
+                pklen_bits = SECKEY_PublicKeyStrengthInBits(key);
+                key_type = SECKEY_GetPublicKeyType(key);
+                SECKEY_DestroyPublicKey(key);
+                key = NULL;
+            }
+
+            if (key_type == ecKey) {
+                /* While RFC 5753 mandates support for AES-128 CBC, should use
+                 * AES 256 if user's key provides more than 128 bits of
+                 * security strength so that symmetric key is not weak link. */
+
+                /* RC2-40 is not compatible with elliptic curve keys. */
+                chosen_cipher = SMIME_DES_EDE3_168;
+                if (pklen_bits > 256) {
+                    cipher_abilities[aes256_mapi]++;
+                    cipher_votes[aes256_mapi] += pref;
+                    pref--;
+                }
+                cipher_abilities[aes128_mapi]++;
+                cipher_votes[aes128_mapi] += pref;
+                pref--;
+                cipher_abilities[strong_mapi]++;
+                cipher_votes[strong_mapi] += pref;
+                pref--;
+            } else {
+                if (pklen_bits > 512) {
+                    /* cast votes for the strong algorithm */
+                    cipher_abilities[strong_mapi]++;
+                    cipher_votes[strong_mapi] += pref;
+                    pref--;
+                }
+
+                /* always cast (possibly less) votes for the weak algorithm */
+                cipher_abilities[weak_mapi]++;
+                cipher_votes[weak_mapi] += pref;
+            }
+        }
+        if (profile != NULL)
+            SECITEM_FreeItem(profile, PR_TRUE);
+    }
+
+    /* find cipher that is agreeable by all recipients and that has the most votes */
+    max = 0;
+    for (mapi = 0; mapi < smime_cipher_map_count; mapi++) {
+        /* if not all of the recipients can do this, forget it */
+        if (cipher_abilities[mapi] != rcount)
+            continue;
+        /* if cipher is not enabled or not allowed by policy, forget it */
+        if (!smime_cipher_map[mapi].enabled || !smime_cipher_map[mapi].allowed)
+            continue;
+        /* now see if this one has more votes than the last best one */
+        if (cipher_votes[mapi] >= max) {
+            /* if equal number of votes, prefer the ones further down in the list */
+            /* with the expectation that these are higher rated ciphers */
+            chosen_cipher = smime_cipher_map[mapi].cipher;
+            max = cipher_votes[mapi];
+        }
+    }
+/* if no common cipher was found, chosen_cipher stays at the default */
+
+done:
+    if (poolp != NULL)
+        PORT_FreeArena(poolp, PR_FALSE);
+
+    return chosen_cipher;
+}
+
+/*
+ * XXX This is a hack for now to satisfy our current interface.
+ * Eventually, with more parameters needing to be specified, just
+ * looking up the keysize is not going to be sufficient.
+ */
+static int
+smime_keysize_by_cipher(unsigned long which)
+{
+    int keysize;
+
+    switch (which) {
+        case SMIME_RC2_CBC_40:
+            keysize = 40;
+            break;
+        case SMIME_RC2_CBC_64:
+            keysize = 64;
+            break;
+        case SMIME_RC2_CBC_128:
+        case SMIME_AES_CBC_128:
+            keysize = 128;
+            break;
+        case SMIME_AES_CBC_256:
+            keysize = 256;
+            break;
+        case SMIME_DES_CBC_56:
+        case SMIME_DES_EDE3_168:
+            /*
+         * These are special; since the key size is fixed, we actually
+         * want to *avoid* specifying a key size.
+         */
+            keysize = 0;
+            break;
+        default:
+            keysize = -1;
+            break;
+    }
+
+    return keysize;
+}
+
+/*
+ * NSS_SMIMEUtil_FindBulkAlgForRecipients - find bulk algorithm suitable for all recipients
+ *
+ * it would be great for UI purposes if there would be a way to find out which recipients
+ * prevented a strong cipher from being used...
+ */
+SECStatus
+NSS_SMIMEUtil_FindBulkAlgForRecipients(CERTCertificate **rcerts,
+                                       SECOidTag *bulkalgtag, int *keysize)
+{
+    unsigned long cipher;
+    int mapi;
+
+    cipher = smime_choose_cipher(NULL, rcerts);
+    mapi = smime_mapi_by_cipher(cipher);
+
+    *bulkalgtag = smime_cipher_map[mapi].algtag;
+    *keysize = smime_keysize_by_cipher(smime_cipher_map[mapi].cipher);
+
+    return SECSuccess;
+}
+
+/*
+ * NSS_SMIMEUtil_CreateSMIMECapabilities - get S/MIME capabilities for this instance of NSS
+ *
+ * scans the list of allowed and enabled ciphers and construct a PKCS9-compliant
+ * S/MIME capabilities attribute value.
+ *
+ * XXX Please note that, in contradiction to RFC2633 2.5.2, the capabilities only include
+ * symmetric ciphers, NO signature algorithms or key encipherment algorithms.
+ *
+ * "poolp" - arena pool to create the S/MIME capabilities data on
+ * "dest" - SECItem to put the data in
+ */
+SECStatus
+NSS_SMIMEUtil_CreateSMIMECapabilities(PLArenaPool *poolp, SECItem *dest)
+{
+    NSSSMIMECapability *cap;
+    NSSSMIMECapability **smime_capabilities;
+    smime_cipher_map_entry *map;
+    SECOidData *oiddata;
+    SECItem *dummy;
+    int i, capIndex;
+
+    /* if we have an old NSSSMIMECapability array, we'll reuse it (has the right size) */
+    /* smime_cipher_map_count + 1 is an upper bound - we might end up with less */
+    smime_capabilities = (NSSSMIMECapability **)PORT_ZAlloc((smime_cipher_map_count + 1) * sizeof(NSSSMIMECapability *));
+    if (smime_capabilities == NULL)
+        return SECFailure;
+
+    capIndex = 0;
+
+    /* Add all the symmetric ciphers
+     * We walk the cipher list backwards, as it is ordered by increasing strength,
+     * we prefer the stronger cipher over a weaker one, and we have to list the
+     * preferred algorithm first */
+    for (i = smime_cipher_map_count - 1; i >= 0; i--) {
+        /* Find the corresponding entry in the cipher map. */
+        map = &(smime_cipher_map[i]);
+        if (!map->enabled)
+            continue;
+
+        /* get next SMIME capability */
+        cap = (NSSSMIMECapability *)PORT_ZAlloc(sizeof(NSSSMIMECapability));
+        if (cap == NULL)
+            break;
+        smime_capabilities[capIndex++] = cap;
+
+        oiddata = SECOID_FindOIDByTag(map->algtag);
+        if (oiddata == NULL)
+            break;
+
+        cap->capabilityID.data = oiddata->oid.data;
+        cap->capabilityID.len = oiddata->oid.len;
+        cap->parameters.data = map->parms ? map->parms->data : NULL;
+        cap->parameters.len = map->parms ? map->parms->len : 0;
+        cap->cipher = smime_cipher_map[i].cipher;
+    }
+
+    /* XXX add signature algorithms */
+    /* XXX add key encipherment algorithms */
+
+    smime_capabilities[capIndex] = NULL; /* last one - now encode */
+    dummy = SEC_ASN1EncodeItem(poolp, dest, &smime_capabilities, NSSSMIMECapabilitiesTemplate);
+
+    /* now that we have the proper encoded SMIMECapabilities (or not),
+     * free the work data */
+    for (i = 0; smime_capabilities[i] != NULL; i++)
+        PORT_Free(smime_capabilities[i]);
+    PORT_Free(smime_capabilities);
+
+    return (dummy == NULL) ? SECFailure : SECSuccess;
+}
+
+/*
+ * NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value
+ *
+ * "poolp" - arena pool to create the attr value on
+ * "dest" - SECItem to put the data in
+ * "cert" - certificate that should be marked as preferred encryption key
+ *          cert is expected to have been verified for EmailRecipient usage.
+ */
+SECStatus
+NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs(PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert)
+{
+    NSSSMIMEEncryptionKeyPreference ekp;
+    SECItem *dummy = NULL;
+    PLArenaPool *tmppoolp = NULL;
+
+    if (cert == NULL)
+        goto loser;
+
+    tmppoolp = PORT_NewArena(1024);
+    if (tmppoolp == NULL)
+        goto loser;
+
+    /* XXX hardcoded IssuerSN choice for now */
+    ekp.selector = NSSSMIMEEncryptionKeyPref_IssuerSN;
+    ekp.id.issuerAndSN = CERT_GetCertIssuerAndSN(tmppoolp, cert);
+    if (ekp.id.issuerAndSN == NULL)
+        goto loser;
+
+    dummy = SEC_ASN1EncodeItem(poolp, dest, &ekp, smime_encryptionkeypref_template);
+
+loser:
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+
+    return (dummy == NULL) ? SECFailure : SECSuccess;
+}
+
+/*
+ * NSS_SMIMEUtil_CreateSMIMEEncKeyPrefs - create S/MIME encryption key preferences attr value using MS oid
+ *
+ * "poolp" - arena pool to create the attr value on
+ * "dest" - SECItem to put the data in
+ * "cert" - certificate that should be marked as preferred encryption key
+ *          cert is expected to have been verified for EmailRecipient usage.
+ */
+SECStatus
+NSS_SMIMEUtil_CreateMSSMIMEEncKeyPrefs(PLArenaPool *poolp, SECItem *dest, CERTCertificate *cert)
+{
+    SECItem *dummy = NULL;
+    PLArenaPool *tmppoolp = NULL;
+    CERTIssuerAndSN *isn;
+
+    if (cert == NULL)
+        goto loser;
+
+    tmppoolp = PORT_NewArena(1024);
+    if (tmppoolp == NULL)
+        goto loser;
+
+    isn = CERT_GetCertIssuerAndSN(tmppoolp, cert);
+    if (isn == NULL)
+        goto loser;
+
+    dummy = SEC_ASN1EncodeItem(poolp, dest, isn, SEC_ASN1_GET(CERT_IssuerAndSNTemplate));
+
+loser:
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+
+    return (dummy == NULL) ? SECFailure : SECSuccess;
+}
+
+/*
+ * NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference -
+ *                              find cert marked by EncryptionKeyPreference attribute
+ *
+ * "certdb" - handle for the cert database to look in
+ * "DERekp" - DER-encoded value of S/MIME Encryption Key Preference attribute
+ *
+ * if certificate is supposed to be found among the message's included certificates,
+ * they are assumed to have been imported already.
+ */
+CERTCertificate *
+NSS_SMIMEUtil_GetCertFromEncryptionKeyPreference(CERTCertDBHandle *certdb, SECItem *DERekp)
+{
+    PLArenaPool *tmppoolp = NULL;
+    CERTCertificate *cert = NULL;
+    NSSSMIMEEncryptionKeyPreference ekp;
+
+    tmppoolp = PORT_NewArena(1024);
+    if (tmppoolp == NULL)
+        return NULL;
+
+    /* decode DERekp */
+    if (SEC_QuickDERDecodeItem(tmppoolp, &ekp, smime_encryptionkeypref_template,
+                               DERekp) != SECSuccess)
+        goto loser;
+
+    /* find cert */
+    switch (ekp.selector) {
+        case NSSSMIMEEncryptionKeyPref_IssuerSN:
+            cert = CERT_FindCertByIssuerAndSN(certdb, ekp.id.issuerAndSN);
+            break;
+        case NSSSMIMEEncryptionKeyPref_RKeyID:
+        case NSSSMIMEEncryptionKeyPref_SubjectKeyID:
+            /* XXX not supported yet - we need to be able to look up certs by SubjectKeyID */
+            break;
+        default:
+            PORT_Assert(0);
+    }
+loser:
+    if (tmppoolp)
+        PORT_FreeArena(tmppoolp, PR_FALSE);
+
+    return cert;
+}
+
+extern const char __nss_smime_version[];
+
+PRBool
+NSSSMIME_VersionCheck(const char *importedVersion)
+{
+#define NSS_VERSION_VARIABLE __nss_smime_version
+#include "verref.h"
+    /*
+     * This is the secret handshake algorithm.
+     *
+     * This release has a simple version compatibility
+     * check algorithm.  This release is not backward
+     * compatible with previous major releases.  It is
+     * not compatible with future major, minor, or
+     * patch releases.
+     */
+    return NSS_VersionCheck(importedVersion);
+}
+
+const char *
+NSSSMIME_GetVersion(void)
+{
+    return NSS_VERSION;
+}
diff --git a/nss/lib/smime/smimever.c b/nss/lib/smime/smimever.c
new file mode 100644
index 0000000..8c06130
--- /dev/null
+++ b/nss/lib/smime/smimever.c
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Library identity and versioning */
+
+#include "nss.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_smime_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING;
diff --git a/nss/lib/softoken/Makefile b/nss/lib/softoken/Makefile
new file mode 100644
index 0000000..90a9da2
--- /dev/null
+++ b/nss/lib/softoken/Makefile
@@ -0,0 +1,78 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+ifdef NSS_NO_INIT_SUPPORT
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif
+ifeq ($(OS_TARGET),Linux)
+ifeq ($(CPU_ARCH),ppc)
+ifdef USE_64
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif # USE_64
+endif # ppc
+endif # Linux
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+ifdef NSS_DISABLE_DBM
+DIRS=
+endif
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+# indicates dependency on freebl static lib
+$(SHARED_LIBRARY): $(CRYPTOLIB)
+
+# On AIX 4.3, IBM xlC_r compiler (version 3.6.6) cannot compile
+# pkcs11c.c in 64-bit mode for unknown reasons.  A workaround is
+# to compile it with optimizations turned on.  (Bugzilla bug #63815)
+ifeq ($(OS_TARGET)$(OS_RELEASE),AIX4.3)
+ifeq ($(USE_64),1)
+ifndef BUILD_OPT
+$(OBJDIR)/pkcs11.o: pkcs11.c
+	@$(MAKE_OBJDIR)
+	$(CC) -o $@ -c -O2 $(CFLAGS) $<
+$(OBJDIR)/pkcs11c.o: pkcs11c.c
+	@$(MAKE_OBJDIR)
+	$(CC) -o $@ -c -O2 $(CFLAGS) $<
+endif
+endif
+endif
diff --git a/nss/lib/softoken/config.mk b/nss/lib/softoken/config.mk
new file mode 100644
index 0000000..2924b24
--- /dev/null
+++ b/nss/lib/softoken/config.mk
@@ -0,0 +1,63 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
+
+EXTRA_LIBS += \
+	$(CRYPTOLIB) \
+	$(NULL)
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = $(LIBRARY_NAME).rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(SQLITE_LIB_DIR) \
+	-l$(SQLITE_LIB_NAME) \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+else # ! NS_USE_GCC
+
+EXTRA_SHARED_LIBS += \
+	$(SQLITE_LIB_DIR)/$(SQLITE_LIB_NAME).lib \
+	$(NSSUTIL_LIB_DIR)/nssutil3.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(SQLITE_LIB_DIR) \
+	-l$(SQLITE_LIB_NAME) \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+endif
+
+ifeq ($(OS_TARGET),AIX)
+OS_LIBS += -lpthread
+endif
diff --git a/nss/lib/softoken/exports.gyp b/nss/lib/softoken/exports.gyp
new file mode 100644
index 0000000..d11d8e4
--- /dev/null
+++ b/nss/lib/softoken/exports.gyp
@@ -0,0 +1,38 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_softoken_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'lowkeyi.h',
+            'lowkeyti.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'lgglue.h',
+            'pkcs11ni.h',
+            'sdb.h',
+            'sftkdbt.h',
+            'softkver.h',
+            'softoken.h',
+            'softoknt.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/softoken/fipsaudt.c b/nss/lib/softoken/fipsaudt.c
new file mode 100644
index 0000000..e0fd641
--- /dev/null
+++ b/nss/lib/softoken/fipsaudt.c
@@ -0,0 +1,321 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * This file implements audit logging required by FIPS 140-2 Security
+ * Level 2.
+ */
+
+#include "prprf.h"
+#include "softoken.h"
+
+/*
+ * Print the value of the returned object handle in the output buffer
+ * on a successful return of the PKCS #11 function.  If the PKCS #11
+ * function failed or the pointer to object handle is NULL (which is
+ * the case for C_DeriveKey with CKM_TLS_KEY_AND_MAC_DERIVE), an empty
+ * string is stored in the output buffer.
+ *
+ * out: the output buffer
+ * outlen: the length of the output buffer
+ * argName: the name of the "pointer to object handle" argument
+ * phObject: the pointer to object handle
+ * rv: the return value of the PKCS #11 function
+ */
+static void
+sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen,
+                               const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
+{
+    if ((rv == CKR_OK) && phObject) {
+        PR_snprintf(out, outlen,
+                    " *%s=0x%08lX", argName, (PRUint32)*phObject);
+    } else {
+        PORT_Assert(outlen != 0);
+        out[0] = '\0';
+    }
+}
+
+/*
+ * MECHANISM_BUFSIZE needs to be large enough for sftk_PrintMechanism,
+ * which uses <= 49 bytes.
+ */
+#define MECHANISM_BUFSIZE 64
+
+static void
+sftk_PrintMechanism(char *out, PRUint32 outlen,
+                    CK_MECHANISM_PTR pMechanism)
+{
+    if (pMechanism) {
+        /*
+         * If we change the format string, we need to make sure
+         * MECHANISM_BUFSIZE is still large enough.  We allow
+         * 20 bytes for %p on a 64-bit platform.
+         */
+        PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}",
+                    pMechanism, (PRUint32)pMechanism->mechanism);
+    } else {
+        PR_snprintf(out, outlen, "%p", pMechanism);
+    }
+}
+
+void
+sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
+                       CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                       CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
+{
+    char msg[256];
+    char shObject[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintReturnedObjectHandle(shObject, sizeof shObject,
+                                   "phObject", phObject, rv);
+    PR_snprintf(msg, sizeof msg,
+                "C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
+                "phObject=%p)=0x%08lX%s",
+                (PRUint32)hSession, pTemplate, (PRUint32)ulCount,
+                phObject, (PRUint32)rv, shObject);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg);
+}
+
+void
+sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                     CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
+{
+    char msg[256];
+    char shNewObject[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject,
+                                   "phNewObject", phNewObject, rv);
+    PR_snprintf(msg, sizeof msg,
+                "C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
+                "pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg);
+}
+
+/* WARNING: hObject has been destroyed and can only be printed. */
+void
+sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
+                        CK_OBJECT_HANDLE hObject, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+                "C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg);
+}
+
+void
+sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
+                        CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+                "C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
+                "pulSize=%p)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pulSize, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
+}
+
+void
+sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
+                            CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+                            CK_ULONG ulCount, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+                "C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+                "pTemplate=%p, ulCount=%lu)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
+}
+
+void
+sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
+                            CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+                            CK_ULONG ulCount, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+                "C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+                "pTemplate=%p, ulCount=%lu)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg);
+}
+
+void
+sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    PR_snprintf(msg, sizeof msg,
+                "C_%sInit(hSession=0x%08lX, pMechanism=%s, "
+                "hKey=0x%08lX)=0x%08lX",
+                opName, (PRUint32)hSession, mech,
+                (PRUint32)hKey, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg);
+}
+
+void
+sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
+                      CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
+                      CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    char shKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
+    PR_snprintf(msg, sizeof msg,
+                "C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
+                "pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
+                (PRUint32)hSession, mech,
+                pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
+}
+
+void
+sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
+                          CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+                          CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+                          CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
+                          CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
+{
+    char msg[512];
+    char mech[MECHANISM_BUFSIZE];
+    char shPublicKey[32];
+    char shPrivateKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey,
+                                   "phPublicKey", phPublicKey, rv);
+    sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey,
+                                   "phPrivateKey", phPrivateKey, rv);
+    PR_snprintf(msg, sizeof msg,
+                "C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
+                "pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
+                "pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
+                "phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
+                (PRUint32)hSession, mech,
+                pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
+                pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
+                phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
+}
+
+void
+sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
+                  CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
+                  CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
+                  CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    PR_snprintf(msg, sizeof msg,
+                "C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
+                "hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
+                (PRUint32)hSession, mech, (PRUint32)hWrappingKey,
+                (PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg);
+}
+
+void
+sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
+                    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+                    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[256];
+    char mech[MECHANISM_BUFSIZE];
+    char shKey[32];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
+    PR_snprintf(msg, sizeof msg,
+                "C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
+                "hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
+                "pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
+                (PRUint32)hSession, mech,
+                (PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
+                pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg);
+}
+
+void
+sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
+                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+                    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+{
+    char msg[512];
+    char mech[MECHANISM_BUFSIZE];
+    char shKey[32];
+    char sTlsKeys[128];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    sftk_PrintMechanism(mech, sizeof mech, pMechanism);
+    sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
+    if ((rv == CKR_OK) &&
+        (pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
+        CK_SSL3_KEY_MAT_PARAMS *param =
+            (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
+        CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
+        PR_snprintf(sTlsKeys, sizeof sTlsKeys,
+                    " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
+                    " hClientKey=0x%08lX hServerKey=0x%08lX",
+                    (PRUint32)keymat->hClientMacSecret,
+                    (PRUint32)keymat->hServerMacSecret,
+                    (PRUint32)keymat->hClientKey,
+                    (PRUint32)keymat->hServerKey);
+    } else {
+        sTlsKeys[0] = '\0';
+    }
+    PR_snprintf(msg, sizeof msg,
+                "C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
+                "hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
+                "phKey=%p)=0x%08lX%s%s",
+                (PRUint32)hSession, mech,
+                (PRUint32)hBaseKey, pTemplate, (PRUint32)ulAttributeCount,
+                phKey, (PRUint32)rv, shKey, sTlsKeys);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg);
+}
+
+void
+sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
+                    CK_OBJECT_HANDLE hKey, CK_RV rv)
+{
+    char msg[256];
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+
+    PR_snprintf(msg, sizeof msg,
+                "C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
+    sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg);
+}
diff --git a/nss/lib/softoken/fipstest.c b/nss/lib/softoken/fipstest.c
new file mode 100644
index 0000000..3563bd2
--- /dev/null
+++ b/nss/lib/softoken/fipstest.c
@@ -0,0 +1,654 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "blapi.h"
+#include "softoken.h"
+#include "lowkeyi.h"
+#include "secoid.h"
+#include "secerr.h"
+
+/*
+ * different platforms have different ways of calling and initial entry point
+ * when the dll/.so is loaded. Most platforms support either a posix pragma
+ * or the GCC attribute. Some platforms suppor a pre-defined name, and some
+ * platforms have a link line way of invoking this function.
+ */
+
+/* The pragma */
+#if defined(USE_INIT_PRAGMA)
+#pragma init(sftk_startup_tests)
+#endif
+
+/* GCC Attribute */
+#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT)
+#define INIT_FUNCTION __attribute__((constructor))
+#else
+#define INIT_FUNCTION
+#endif
+
+static void INIT_FUNCTION sftk_startup_tests(void);
+
+/* Windows pre-defined entry */
+#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
+#include <windows.h>
+
+BOOL WINAPI DllMain(
+    HINSTANCE hinstDLL, // handle to DLL module
+    DWORD fdwReason,    // reason for calling function
+    LPVOID lpReserved)  // reserved
+{
+    // Perform actions based on the reason for calling.
+    switch (fdwReason) {
+        case DLL_PROCESS_ATTACH:
+            // Initialize once for each new process.
+            // Return FALSE to fail DLL load.
+            sftk_startup_tests();
+            break;
+
+        case DLL_THREAD_ATTACH:
+            // Do thread-specific initialization.
+            break;
+
+        case DLL_THREAD_DETACH:
+            // Do thread-specific cleanup.
+            break;
+
+        case DLL_PROCESS_DETACH:
+            // Perform any necessary cleanup.
+            break;
+    }
+    return TRUE; // Successful DLL_PROCESS_ATTACH.
+}
+#endif
+
+/* FIPS preprocessor directives for RSA.                         */
+#define FIPS_RSA_TYPE siBuffer
+#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3    /*   24-bits */
+#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1    /*    8-bits */
+#define FIPS_RSA_MESSAGE_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_COEFFICIENT_LENGTH 128      /* 1024-bits */
+#define FIPS_RSA_PRIME0_LENGTH 128           /* 1024-bits */
+#define FIPS_RSA_PRIME1_LENGTH 128           /* 1024-bits */
+#define FIPS_RSA_EXPONENT0_LENGTH 128        /* 1024-bits */
+#define FIPS_RSA_EXPONENT1_LENGTH 128        /* 1024-bits */
+#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_ENCRYPT_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_DECRYPT_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_SIGNATURE_LENGTH 256        /* 2048-bits */
+#define FIPS_RSA_MODULUS_LENGTH 256          /* 2048-bits */
+
+/*
+* Test the softoken RSA_HashSign and RSH_HashCheckSign.
+*/
+static SECStatus
+sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg,
+                                 NSSLOWKEYPublicKey *rsa_public_key,
+                                 NSSLOWKEYPrivateKey *rsa_private_key,
+                                 const unsigned char *rsa_known_msg,
+                                 const unsigned int rsa_kmsg_length,
+                                 const unsigned char *rsa_known_signature)
+{
+    SECOidTag shaOid;                   /* SHA OID */
+    unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
+    unsigned int shaLength = 0;         /* length of SHA */
+    unsigned int rsa_bytes_signed;
+    unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
+    SECStatus rv;
+
+    if (shaAlg == HASH_AlgSHA1) {
+        if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
+        }
+        shaLength = SHA1_LENGTH;
+        shaOid = SEC_OID_SHA1;
+    } else if (shaAlg == HASH_AlgSHA256) {
+        if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
+        }
+        shaLength = SHA256_LENGTH;
+        shaOid = SEC_OID_SHA256;
+    } else if (shaAlg == HASH_AlgSHA384) {
+        if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
+        }
+        shaLength = SHA384_LENGTH;
+        shaOid = SEC_OID_SHA384;
+    } else if (shaAlg == HASH_AlgSHA512) {
+        if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
+        }
+        shaLength = SHA512_LENGTH;
+        shaOid = SEC_OID_SHA512;
+    } else {
+        goto loser;
+    }
+
+    /*************************************************/
+    /* RSA Single-Round Known Answer Signature Test. */
+    /*************************************************/
+
+    /* Perform RSA signature with the RSA private key. */
+    rv = RSA_HashSign(shaOid,
+                      rsa_private_key,
+                      rsa_computed_signature,
+                      &rsa_bytes_signed,
+                      FIPS_RSA_SIGNATURE_LENGTH,
+                      sha,
+                      shaLength);
+
+    if ((rv != SECSuccess) ||
+        (rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) ||
+        (PORT_Memcmp(rsa_computed_signature, rsa_known_signature,
+                     FIPS_RSA_SIGNATURE_LENGTH) != 0)) {
+        goto loser;
+    }
+
+    /****************************************************/
+    /* RSA Single-Round Known Answer Verification Test. */
+    /****************************************************/
+
+    /* Perform RSA verification with the RSA public key. */
+    rv = RSA_HashCheckSign(shaOid,
+                           rsa_public_key,
+                           rsa_computed_signature,
+                           rsa_bytes_signed,
+                           sha,
+                           shaLength);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    return (SECSuccess);
+
+loser:
+
+    return (SECFailure);
+}
+
+static SECStatus
+sftk_fips_RSA_PowerUpSelfTest(void)
+{
+    /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
+    static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
+        0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
+        0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
+        0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
+        0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
+        0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
+        0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
+        0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
+        0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
+        0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
+        0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
+        0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
+        0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
+        0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
+        0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
+        0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
+        0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
+        0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
+        0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
+        0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
+        0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
+        0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
+        0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
+        0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
+        0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
+        0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
+        0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
+        0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
+        0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
+        0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
+        0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
+        0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
+        0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b
+    };
+
+    /* RSA Known Public Key Values (24-bits). */
+    static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 };
+    /* RSA Known Private Key Values (version                 is    8-bits), */
+    /*                              (private exponent        is 2048-bits), */
+    /*                              (private prime0          is 1024-bits), */
+    /*                              (private prime1          is 1024-bits), */
+    /*                              (private prime exponent0 is 1024-bits), */
+    /*                              (private prime exponent1 is 1024-bits), */
+    /*                          and (private coefficient     is 1024-bits). */
+    static const PRUint8 rsa_version[] = { 0x00 };
+
+    static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = {
+        0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
+        0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
+        0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
+        0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
+        0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
+        0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
+        0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
+        0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
+        0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
+        0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
+        0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
+        0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
+        0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
+        0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
+        0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
+        0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
+        0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
+        0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
+        0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
+        0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
+        0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
+        0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
+        0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
+        0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
+        0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
+        0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
+        0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
+        0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
+        0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
+        0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
+        0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
+        0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81
+    };
+
+    static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
+        0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
+        0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
+        0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
+        0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
+        0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
+        0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
+        0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
+        0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
+        0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
+        0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
+        0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
+        0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
+        0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
+        0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
+        0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
+        0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05
+    };
+    static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
+        0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
+        0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
+        0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
+        0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
+        0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
+        0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
+        0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
+        0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
+        0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
+        0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
+        0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
+        0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
+        0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
+        0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
+        0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
+        0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf
+    };
+    static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
+        0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
+        0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
+        0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
+        0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
+        0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
+        0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
+        0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
+        0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
+        0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
+        0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
+        0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
+        0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
+        0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
+        0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
+        0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
+        0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d
+    };
+    static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
+        0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
+        0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
+        0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
+        0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
+        0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
+        0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
+        0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
+        0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
+        0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
+        0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
+        0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
+        0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
+        0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
+        0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
+        0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
+        0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59
+    };
+    static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
+        0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
+        0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
+        0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
+        0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
+        0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
+        0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
+        0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
+        0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
+        0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
+        0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
+        0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
+        0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
+        0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
+        0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
+        0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
+        0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02
+    };
+
+    /* RSA Known Plaintext Message (1024-bits). */
+    static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
+        "Known plaintext message utilized"
+        "for RSA Encryption &  Decryption"
+        "blocks SHA256, SHA384  and      "
+        "SHA512 RSA Signature KAT tests. "
+        "Known plaintext message utilized"
+        "for RSA Encryption &  Decryption"
+        "blocks SHA256, SHA384  and      "
+        "SHA512 RSA Signature KAT  tests."
+    };
+
+    /* RSA Known Signed Hash (2048-bits). */
+    static const PRUint8 rsa_known_sha256_signature[] = {
+        0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
+        0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
+        0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
+        0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
+        0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
+        0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
+        0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
+        0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
+        0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
+        0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
+        0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
+        0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
+        0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
+        0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
+        0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
+        0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
+        0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
+        0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
+        0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
+        0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
+        0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
+        0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
+        0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
+        0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
+        0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
+        0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
+        0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
+        0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
+        0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
+        0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
+        0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
+        0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92
+    };
+
+    /* RSA Known Signed Hash (2048-bits). */
+    static const PRUint8 rsa_known_sha384_signature[] = {
+        0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
+        0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
+        0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
+        0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
+        0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
+        0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
+        0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
+        0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
+        0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
+        0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
+        0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
+        0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
+        0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
+        0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
+        0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
+        0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
+        0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
+        0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
+        0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
+        0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
+        0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
+        0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
+        0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
+        0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
+        0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
+        0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
+        0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
+        0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
+        0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
+        0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
+        0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
+        0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa
+    };
+
+    /* RSA Known Signed Hash (2048-bits). */
+    static const PRUint8 rsa_known_sha512_signature[] = {
+        0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
+        0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
+        0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
+        0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
+        0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
+        0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
+        0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
+        0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
+        0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
+        0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
+        0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
+        0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
+        0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
+        0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
+        0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
+        0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
+        0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
+        0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
+        0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
+        0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
+        0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
+        0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
+        0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
+        0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
+        0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
+        0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
+        0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
+        0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
+        0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
+        0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
+        0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
+        0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81
+    };
+
+    static const RSAPublicKey bl_public_key = {
+        NULL,
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+          FIPS_RSA_MODULUS_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+          FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
+    };
+    static const RSAPrivateKey bl_private_key = {
+        NULL,
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
+          FIPS_RSA_PRIVATE_VERSION_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+          FIPS_RSA_MODULUS_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+          FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
+          FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
+          FIPS_RSA_PRIME0_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
+          FIPS_RSA_PRIME1_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
+          FIPS_RSA_EXPONENT0_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
+          FIPS_RSA_EXPONENT1_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
+          FIPS_RSA_COEFFICIENT_LENGTH }
+    };
+
+/* RSA variables. */
+#ifdef CREATE_TEMP_ARENAS
+    PLArenaPool *rsa_public_arena;
+    PLArenaPool *rsa_private_arena;
+#endif
+    NSSLOWKEYPublicKey *rsa_public_key;
+    NSSLOWKEYPrivateKey *rsa_private_key;
+    SECStatus rsa_status;
+
+    NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey };
+    NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey };
+
+    /****************************************/
+    /* Compose RSA Public/Private Key Pair. */
+    /****************************************/
+
+    low_public_key.u.rsa = bl_public_key;
+    low_private_key.u.rsa = bl_private_key;
+
+    rsa_public_key = &low_public_key;
+    rsa_private_key = &low_private_key;
+
+#ifdef CREATE_TEMP_ARENAS
+    /* Create some space for the RSA public key. */
+    rsa_public_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
+
+    if (rsa_public_arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    /* Create some space for the RSA private key. */
+    rsa_private_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
+
+    if (rsa_private_arena == NULL) {
+        PORT_FreeArena(rsa_public_arena, PR_TRUE);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
+    }
+
+    rsa_public_key->arena = rsa_public_arena;
+    rsa_private_key->arena = rsa_private_arena;
+#endif
+
+    /**************************************************/
+    /* RSA Hash tests                                 */
+    /**************************************************/
+
+    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA256,
+                                                  rsa_public_key, rsa_private_key,
+                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
+                                                  rsa_known_sha256_signature);
+    if (rsa_status != SECSuccess)
+        goto rsa_loser;
+
+    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA384,
+                                                  rsa_public_key, rsa_private_key,
+                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
+                                                  rsa_known_sha384_signature);
+    if (rsa_status != SECSuccess)
+        goto rsa_loser;
+
+    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA512,
+                                                  rsa_public_key, rsa_private_key,
+                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
+                                                  rsa_known_sha512_signature);
+    if (rsa_status != SECSuccess)
+        goto rsa_loser;
+
+    /* Dispose of all RSA key material. */
+    nsslowkey_DestroyPublicKey(rsa_public_key);
+    nsslowkey_DestroyPrivateKey(rsa_private_key);
+
+    return (SECSuccess);
+
+rsa_loser:
+
+    nsslowkey_DestroyPublicKey(rsa_public_key);
+    nsslowkey_DestroyPrivateKey(rsa_private_key);
+
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return (SECFailure);
+}
+
+static PRBool sftk_self_tests_ran = PR_FALSE;
+static PRBool sftk_self_tests_success = PR_FALSE;
+
+/*
+ * This function is called at dll load time, the code tha makes this
+ * happen is platform specific on defined above.
+ */
+static void
+sftk_startup_tests(void)
+{
+    SECStatus rv;
+    const char *libraryName = SOFTOKEN_LIB_NAME;
+
+    PORT_Assert(!sftk_self_tests_ran);
+    PORT_Assert(!sftk_self_tests_success);
+    sftk_self_tests_ran = PR_TRUE;
+    sftk_self_tests_success = PR_FALSE; /* just in case */
+
+    /* need to initiallize the oid library before the RSA tests */
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        return;
+    }
+    /* make sure freebl is initialized, or our RSA check
+     * may fail. This is normally done at freebl load time, but it's
+     * possible we may have shut freebl down without unloading it. */
+    rv = BL_Init();
+    if (rv != SECSuccess) {
+        return;
+    }
+
+    rv = RNG_RNGInit();
+    if (rv != SECSuccess) {
+        return;
+    }
+    /* check the RSA combined functions in softoken */
+    rv = sftk_fips_RSA_PowerUpSelfTest();
+    if (rv != SECSuccess) {
+        return;
+    }
+    if (!BLAPI_SHVerify(libraryName,
+                        (PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) {
+        /* something is wrong with the library, fail without enabling
+         * the token */
+        return;
+    }
+    sftk_self_tests_success = PR_TRUE;
+}
+
+/*
+ * this is called from nsc_Common_Initizialize entry points that gates access
+ * to * all other pkcs11 functions. This prevents softoken operation if our
+ * power on selftest failed.
+ */
+CK_RV
+sftk_FIPSEntryOK()
+{
+#ifdef NSS_NO_INIT_SUPPORT
+    /* this should only be set on platforms that can't handle one of the INIT
+     * schemes.  This code allows those platforms to continue to function,
+     * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
+     * is not set, and init support has not been properly enabled, softken
+     * will always fail because of the test below
+     */
+    if (!sftk_self_tests_ran) {
+        sftk_startup_tests();
+    }
+#endif
+    if (!sftk_self_tests_success) {
+        return CKR_DEVICE_ERROR;
+    }
+    return CKR_OK;
+}
diff --git a/nss/lib/softoken/fipstokn.c b/nss/lib/softoken/fipstokn.c
new file mode 100644
index 0000000..12ff77c
--- /dev/null
+++ b/nss/lib/softoken/fipstokn.c
@@ -0,0 +1,1656 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file implements PKCS 11 on top of our existing security modules
+ *
+ * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
+ *   This implementation has two slots:
+ *  slot 1 is our generic crypto support. It does not require login
+ *   (unless you've enabled FIPS). It supports Public Key ops, and all they
+ *   bulk ciphers and hashes. It can also support Private Key ops for imported
+ *   Private keys. It does not have any token storage.
+ *  slot 2 is our private key support. It requires a login before use. It
+ *   can store Private Keys and Certs as token objects. Currently only private
+ *   keys and their associated Certificates are saved on the token.
+ *
+ *   In this implementation, session objects are only visible to the session
+ *   that created or generated them.
+ */
+#include "seccomon.h"
+#include "softoken.h"
+#include "lowkeyi.h"
+#include "pkcs11.h"
+#include "pkcs11i.h"
+#include "prenv.h"
+#include "prprf.h"
+
+#include <ctype.h>
+
+#ifdef XP_UNIX
+#define NSS_AUDIT_WITH_SYSLOG 1
+#include <syslog.h>
+#include <unistd.h>
+#endif
+
+#ifdef LINUX
+#include <pthread.h>
+#include <dlfcn.h>
+#define LIBAUDIT_NAME "libaudit.so.0"
+#ifndef AUDIT_CRYPTO_TEST_USER
+#define AUDIT_CRYPTO_TEST_USER 2400         /* Crypto test results */
+#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */
+#define AUDIT_CRYPTO_LOGIN 2402             /* Logged in as crypto officer */
+#define AUDIT_CRYPTO_LOGOUT 2403            /* Logged out from crypto */
+#define AUDIT_CRYPTO_KEY_USER 2404          /* Create,delete,negotiate */
+#define AUDIT_CRYPTO_FAILURE_USER 2405      /* Fail decrypt,encrypt,randomize */
+#endif
+static void *libaudit_handle;
+static int (*audit_open_func)(void);
+static void (*audit_close_func)(int fd);
+static int (*audit_log_user_message_func)(int audit_fd, int type,
+                                          const char *message, const char *hostname, const char *addr,
+                                          const char *tty, int result);
+static int (*audit_send_user_message_func)(int fd, int type,
+                                           const char *message);
+
+static pthread_once_t libaudit_once_control = PTHREAD_ONCE_INIT;
+
+static void
+libaudit_init(void)
+{
+    libaudit_handle = dlopen(LIBAUDIT_NAME, RTLD_LAZY);
+    if (!libaudit_handle) {
+        return;
+    }
+    audit_open_func = dlsym(libaudit_handle, "audit_open");
+    audit_close_func = dlsym(libaudit_handle, "audit_close");
+    /*
+     * audit_send_user_message is the older function.
+     * audit_log_user_message, if available, is preferred.
+     */
+    audit_log_user_message_func = dlsym(libaudit_handle,
+                                        "audit_log_user_message");
+    if (!audit_log_user_message_func) {
+        audit_send_user_message_func = dlsym(libaudit_handle,
+                                             "audit_send_user_message");
+    }
+    if (!audit_open_func || !audit_close_func ||
+        (!audit_log_user_message_func && !audit_send_user_message_func)) {
+        dlclose(libaudit_handle);
+        libaudit_handle = NULL;
+        audit_open_func = NULL;
+        audit_close_func = NULL;
+        audit_log_user_message_func = NULL;
+        audit_send_user_message_func = NULL;
+    }
+}
+#endif /* LINUX */
+
+/*
+ * ******************** Password Utilities *******************************
+ */
+static PRBool isLoggedIn = PR_FALSE;
+static PRBool isLevel2 = PR_TRUE;
+PRBool sftk_fatalError = PR_FALSE;
+
+/*
+ * This function returns
+ *   - CKR_PIN_INVALID if the password/PIN is not a legal UTF8 string
+ *   - CKR_PIN_LEN_RANGE if the password/PIN is too short or does not
+ *     consist of characters from three or more character classes.
+ *   - CKR_OK otherwise
+ *
+ * The minimum password/PIN length is FIPS_MIN_PIN Unicode characters.
+ * We define five character classes: digits (0-9), ASCII lowercase letters,
+ * ASCII uppercase letters, ASCII non-alphanumeric characters (such as
+ * space and punctuation marks), and non-ASCII characters.  If an ASCII
+ * uppercase letter is the first character of the password/PIN, the
+ * uppercase letter is not counted toward its character class.  Similarly,
+ * if a digit is the last character of the password/PIN, the digit is not
+ * counted toward its character class.
+ *
+ * Although NSC_SetPIN and NSC_InitPIN already do the maximum and minimum
+ * password/PIN length checks, they check the length in bytes as opposed
+ * to characters.  To meet the minimum password/PIN guessing probability
+ * requirements in FIPS 140-2, we need to check the length in characters.
+ */
+static CK_RV
+sftk_newPinCheck(CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+    unsigned int i;
+    int nchar = 0;     /* number of characters */
+    int ntrail = 0;    /* number of trailing bytes to follow */
+    int ndigit = 0;    /* number of decimal digits */
+    int nlower = 0;    /* number of ASCII lowercase letters */
+    int nupper = 0;    /* number of ASCII uppercase letters */
+    int nnonalnum = 0; /* number of ASCII non-alphanumeric characters */
+    int nnonascii = 0; /* number of non-ASCII characters */
+    int nclass;        /* number of character classes */
+
+    for (i = 0; i < ulPinLen; i++) {
+        unsigned int byte = pPin[i];
+
+        if (ntrail) {
+            if ((byte & 0xc0) != 0x80) {
+                /* illegal */
+                nchar = -1;
+                break;
+            }
+            if (--ntrail == 0) {
+                nchar++;
+                nnonascii++;
+            }
+            continue;
+        }
+        if ((byte & 0x80) == 0x00) {
+            /* single-byte (ASCII) character */
+            nchar++;
+            if (isdigit(byte)) {
+                if (i < ulPinLen - 1) {
+                    ndigit++;
+                }
+            } else if (islower(byte)) {
+                nlower++;
+            } else if (isupper(byte)) {
+                if (i > 0) {
+                    nupper++;
+                }
+            } else {
+                nnonalnum++;
+            }
+        } else if ((byte & 0xe0) == 0xc0) {
+            /* leading byte of two-byte character */
+            ntrail = 1;
+        } else if ((byte & 0xf0) == 0xe0) {
+            /* leading byte of three-byte character */
+            ntrail = 2;
+        } else if ((byte & 0xf8) == 0xf0) {
+            /* leading byte of four-byte character */
+            ntrail = 3;
+        } else {
+            /* illegal */
+            nchar = -1;
+            break;
+        }
+    }
+    if (nchar == -1) {
+        /* illegal UTF8 string */
+        return CKR_PIN_INVALID;
+    }
+    if (nchar < FIPS_MIN_PIN) {
+        return CKR_PIN_LEN_RANGE;
+    }
+    nclass = (ndigit != 0) + (nlower != 0) + (nupper != 0) +
+             (nnonalnum != 0) + (nnonascii != 0);
+    if (nclass < 3) {
+        return CKR_PIN_LEN_RANGE;
+    }
+    return CKR_OK;
+}
+
+/* FIPS required checks before any useful cryptographic services */
+static CK_RV
+sftk_fipsCheck(void)
+{
+    if (sftk_fatalError)
+        return CKR_DEVICE_ERROR;
+    if (isLevel2 && !isLoggedIn)
+        return CKR_USER_NOT_LOGGED_IN;
+    return CKR_OK;
+}
+
+#define SFTK_FIPSCHECK()                   \
+    CK_RV rv;                              \
+    if ((rv = sftk_fipsCheck()) != CKR_OK) \
+        return rv;
+
+#define SFTK_FIPSFATALCHECK() \
+    if (sftk_fatalError)      \
+        return CKR_DEVICE_ERROR;
+
+/* grab an attribute out of a raw template */
+void *
+fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate,
+                CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type)
+{
+    int i;
+
+    for (i = 0; i < (int)ulCount; i++) {
+        if (pTemplate[i].type == type) {
+            return pTemplate[i].pValue;
+        }
+    }
+    return NULL;
+}
+
+#define __PASTE(x, y) x##y
+
+/* ------------- forward declare all the NSC_ functions ------------- */
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(NS, name)
+#define CK_NEED_ARG_LIST 1
+
+#include "pkcs11f.h"
+
+/* ------------- forward declare all the FIPS functions ------------- */
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F, name)
+#define CK_NEED_ARG_LIST 1
+
+#include "pkcs11f.h"
+
+/* ------------- build the CK_CRYPTO_TABLE ------------------------- */
+static CK_FUNCTION_LIST sftk_fipsTable = {
+    { 1, 10 },
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+#define CK_PKCS11_FUNCTION_INFO(name) \
+    __PASTE(F, name)                  \
+    ,
+
+#include "pkcs11f.h"
+
+};
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+#undef __PASTE
+
+/* CKO_NOT_A_KEY can be any object class that's not a key object. */
+#define CKO_NOT_A_KEY CKO_DATA
+
+#define SFTK_IS_KEY_OBJECT(objClass)    \
+    (((objClass) == CKO_PUBLIC_KEY) ||  \
+     ((objClass) == CKO_PRIVATE_KEY) || \
+     ((objClass) == CKO_SECRET_KEY))
+
+#define SFTK_IS_NONPUBLIC_KEY_OBJECT(objClass) \
+    (((objClass) == CKO_PRIVATE_KEY) || ((objClass) == CKO_SECRET_KEY))
+
+static CK_RV
+sftk_get_object_class_and_fipsCheck(CK_SESSION_HANDLE hSession,
+                                    CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS *pObjClass)
+{
+    CK_RV rv;
+    CK_ATTRIBUTE class;
+    class.type = CKA_CLASS;
+    class.pValue = pObjClass;
+    class.ulValueLen = sizeof(*pObjClass);
+    rv = NSC_GetAttributeValue(hSession, hObject, &class, 1);
+    if ((rv == CKR_OK) && SFTK_IS_NONPUBLIC_KEY_OBJECT(*pObjClass)) {
+        rv = sftk_fipsCheck();
+    }
+    return rv;
+}
+
+#ifdef LINUX
+
+int
+sftk_mapLinuxAuditType(NSSAuditSeverity severity, NSSAuditType auditType)
+{
+    switch (auditType) {
+        case NSS_AUDIT_ACCESS_KEY:
+        case NSS_AUDIT_CHANGE_KEY:
+        case NSS_AUDIT_COPY_KEY:
+        case NSS_AUDIT_DERIVE_KEY:
+        case NSS_AUDIT_DESTROY_KEY:
+        case NSS_AUDIT_DIGEST_KEY:
+        case NSS_AUDIT_GENERATE_KEY:
+        case NSS_AUDIT_LOAD_KEY:
+        case NSS_AUDIT_UNWRAP_KEY:
+        case NSS_AUDIT_WRAP_KEY:
+            return AUDIT_CRYPTO_KEY_USER;
+        case NSS_AUDIT_CRYPT:
+            return (severity == NSS_AUDIT_ERROR) ? AUDIT_CRYPTO_FAILURE_USER : AUDIT_CRYPTO_KEY_USER;
+        case NSS_AUDIT_FIPS_STATE:
+        case NSS_AUDIT_INIT_PIN:
+        case NSS_AUDIT_INIT_TOKEN:
+        case NSS_AUDIT_SET_PIN:
+            return AUDIT_CRYPTO_PARAM_CHANGE_USER;
+        case NSS_AUDIT_SELF_TEST:
+            return AUDIT_CRYPTO_TEST_USER;
+        case NSS_AUDIT_LOGIN:
+            return AUDIT_CRYPTO_LOGIN;
+        case NSS_AUDIT_LOGOUT:
+            return AUDIT_CRYPTO_LOGOUT;
+            /* we skip the fault case here so we can get compiler
+             * warnings if new 'NSSAuditType's are added without
+             * added them to this list, defaults fall through */
+    }
+    /* default */
+    return AUDIT_CRYPTO_PARAM_CHANGE_USER;
+}
+#endif
+
+/**********************************************************************
+ *
+ *     FIPS 140 auditable event logging
+ *
+ **********************************************************************/
+
+PRBool sftk_audit_enabled = PR_FALSE;
+
+/*
+ * Each audit record must have the following information:
+ * - Date and time of the event
+ * - Type of event
+ * - user (subject) identity
+ * - outcome (success or failure) of the event
+ * - process ID
+ * - name (ID) of the object
+ * - for changes to data (except for authentication data and CSPs), the new
+ *   and old values of the data
+ * - for authentication attempts, the origin of the attempt (e.g., terminal
+ *   identifier)
+ * - for assuming a role, the type of role, and the location of the request
+ */
+void
+sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType,
+                     const char *msg)
+{
+#ifdef NSS_AUDIT_WITH_SYSLOG
+    int level;
+
+    switch (severity) {
+        case NSS_AUDIT_ERROR:
+            level = LOG_ERR;
+            break;
+        case NSS_AUDIT_WARNING:
+            level = LOG_WARNING;
+            break;
+        default:
+            level = LOG_INFO;
+            break;
+    }
+    /* timestamp is provided by syslog in the message header */
+    syslog(level | LOG_USER /* facility */,
+           "NSS " SOFTOKEN_LIB_NAME "[pid=%d uid=%d]: %s",
+           (int)getpid(), (int)getuid(), msg);
+#ifdef LINUX
+    if (pthread_once(&libaudit_once_control, libaudit_init) != 0) {
+        return;
+    }
+    if (libaudit_handle) {
+        int audit_fd;
+        int linuxAuditType;
+        int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */
+        char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
+        if (!message) {
+            return;
+        }
+        audit_fd = audit_open_func();
+        if (audit_fd < 0) {
+            PR_smprintf_free(message);
+            return;
+        }
+        linuxAuditType = sftk_mapLinuxAuditType(severity, auditType);
+        if (audit_log_user_message_func) {
+            audit_log_user_message_func(audit_fd, linuxAuditType, message,
+                                        NULL, NULL, NULL, result);
+        } else {
+            audit_send_user_message_func(audit_fd, linuxAuditType, message);
+        }
+        audit_close_func(audit_fd);
+        PR_smprintf_free(message);
+    }
+#endif /* LINUX */
+#else
+/* do nothing */
+#endif
+}
+
+/**********************************************************************
+ *
+ *     Start of PKCS 11 functions
+ *
+ **********************************************************************/
+/* return the function list */
+CK_RV
+FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
+{
+
+    CHECK_FORK();
+
+    *pFunctionList = &sftk_fipsTable;
+    return CKR_OK;
+}
+
+/* sigh global so pkcs11 can read it */
+PRBool nsf_init = PR_FALSE;
+
+void
+fc_log_init_error(CK_RV crv)
+{
+    if (sftk_audit_enabled) {
+        char msg[128];
+        PR_snprintf(msg, sizeof msg,
+                    "C_Initialize()=0x%08lX "
+                    "power-up self-tests failed",
+                    (PRUint32)crv);
+        sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
+    }
+}
+
+/* FC_Initialize initializes the PKCS #11 library. */
+CK_RV
+FC_Initialize(CK_VOID_PTR pReserved)
+{
+    const char *envp;
+    CK_RV crv;
+
+    if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) {
+        sftk_audit_enabled = (atoi(envp) == 1);
+    }
+
+    /* At this point we should have already done post and integrity checks.
+     * if we haven't, it probably means the FIPS product has not been installed
+     * or the tests failed. Don't let an application try to enter FIPS mode */
+    crv = sftk_FIPSEntryOK();
+    if (crv != CKR_OK) {
+        sftk_fatalError = PR_TRUE;
+        fc_log_init_error(crv);
+        return crv;
+    }
+
+    sftk_ForkReset(pReserved, &crv);
+
+    if (nsf_init) {
+        return CKR_CRYPTOKI_ALREADY_INITIALIZED;
+    }
+
+    crv = nsc_CommonInitialize(pReserved, PR_TRUE);
+
+    /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
+    if (crv != CKR_OK) {
+        sftk_fatalError = PR_TRUE;
+        return crv;
+    }
+
+    sftk_fatalError = PR_FALSE; /* any error has been reset */
+    nsf_init = PR_TRUE;
+    isLevel2 = PR_TRUE; /* assume level 2 unless we learn otherwise */
+
+    return CKR_OK;
+}
+
+/*FC_Finalize indicates that an application is done with the PKCS #11 library.*/
+CK_RV
+FC_Finalize(CK_VOID_PTR pReserved)
+{
+    CK_RV crv;
+
+    if (sftk_ForkReset(pReserved, &crv)) {
+        return crv;
+    }
+
+    if (!nsf_init) {
+        return CKR_OK;
+    }
+
+    crv = nsc_CommonFinalize(pReserved, PR_TRUE);
+
+    nsf_init = (PRBool) !(crv == CKR_OK);
+    return crv;
+}
+
+/* FC_GetInfo returns general information about PKCS #11. */
+CK_RV
+FC_GetInfo(CK_INFO_PTR pInfo)
+{
+    CHECK_FORK();
+
+    return NSC_GetInfo(pInfo);
+}
+
+/* FC_GetSlotList obtains a list of slots in the system. */
+CK_RV
+FC_GetSlotList(CK_BBOOL tokenPresent,
+               CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
+{
+    CHECK_FORK();
+
+    return nsc_CommonGetSlotList(tokenPresent, pSlotList, pulCount,
+                                 NSC_FIPS_MODULE);
+}
+
+/* FC_GetSlotInfo obtains information about a particular slot in the system. */
+CK_RV
+FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+{
+    CHECK_FORK();
+
+    return NSC_GetSlotInfo(slotID, pInfo);
+}
+
+/*FC_GetTokenInfo obtains information about a particular token in the system.*/
+CK_RV
+FC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+{
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    crv = NSC_GetTokenInfo(slotID, pInfo);
+    if (crv == CKR_OK) {
+        if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
+            isLevel2 = PR_FALSE;
+        }
+    }
+    return crv;
+}
+
+/*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/
+CK_RV
+FC_GetMechanismList(CK_SLOT_ID slotID,
+                    CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount)
+{
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    if ((slotID == FIPS_SLOT_ID) || (slotID >= SFTK_MIN_FIPS_USER_SLOT_ID)) {
+        slotID = NETSCAPE_SLOT_ID;
+    }
+    /* FIPS Slots support all functions */
+    return NSC_GetMechanismList(slotID, pMechanismList, pusCount);
+}
+
+/* FC_GetMechanismInfo obtains information about a particular mechanism
+ * possibly supported by a token. */
+CK_RV
+FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
+                    CK_MECHANISM_INFO_PTR pInfo)
+{
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    if ((slotID == FIPS_SLOT_ID) || (slotID >= SFTK_MIN_FIPS_USER_SLOT_ID)) {
+        slotID = NETSCAPE_SLOT_ID;
+    }
+    /* FIPS Slots support all functions */
+    return NSC_GetMechanismInfo(slotID, type, pInfo);
+}
+
+/* FC_InitToken initializes a token. */
+CK_RV
+FC_InitToken(CK_SLOT_ID slotID, CK_CHAR_PTR pPin,
+             CK_ULONG usPinLen, CK_CHAR_PTR pLabel)
+{
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    crv = NSC_InitToken(slotID, pPin, usPinLen, pLabel);
+    if (sftk_audit_enabled) {
+        char msg[128];
+        NSSAuditSeverity severity = (crv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        /* pLabel points to a 32-byte label, which is not null-terminated */
+        PR_snprintf(msg, sizeof msg,
+                    "C_InitToken(slotID=%lu, pLabel=\"%.32s\")=0x%08lX",
+                    (PRUint32)slotID, pLabel, (PRUint32)crv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_TOKEN, msg);
+    }
+    return crv;
+}
+
+/* FC_InitPIN initializes the normal user's PIN. */
+CK_RV
+FC_InitPIN(CK_SESSION_HANDLE hSession,
+           CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+    CK_RV rv;
+
+    CHECK_FORK();
+
+    if (sftk_fatalError)
+        return CKR_DEVICE_ERROR;
+    /* NSC_InitPIN will only work once per database. We can either initialize
+     * it to level1 (pin len == 0) or level2. If we initialize to level 2, then
+     * we need to make sure the pin meets FIPS requirements */
+    if ((ulPinLen == 0) || ((rv = sftk_newPinCheck(pPin, ulPinLen)) == CKR_OK)) {
+        rv = NSC_InitPIN(hSession, pPin, ulPinLen);
+        if (rv == CKR_OK) {
+            isLevel2 = (ulPinLen > 0) ? PR_TRUE : PR_FALSE;
+        }
+    }
+    if (sftk_audit_enabled) {
+        char msg[128];
+        NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_InitPIN(hSession=0x%08lX)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_PIN, msg);
+    }
+    return rv;
+}
+
+/* FC_SetPIN modifies the PIN of user that is currently logged in. */
+/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
+CK_RV
+FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
+          CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen)
+{
+    CK_RV rv;
+
+    CHECK_FORK();
+
+    if ((rv = sftk_fipsCheck()) == CKR_OK &&
+        (rv = sftk_newPinCheck(pNewPin, usNewLen)) == CKR_OK) {
+        rv = NSC_SetPIN(hSession, pOldPin, usOldLen, pNewPin, usNewLen);
+        if (rv == CKR_OK) {
+            /* if we set the password in level1 we now go
+             * to level2. NOTE: we don't allow the user to
+             * go from level2 to level1 */
+            isLevel2 = PR_TRUE;
+        }
+    }
+    if (sftk_audit_enabled) {
+        char msg[128];
+        NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_SetPIN(hSession=0x%08lX)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_SET_PIN, msg);
+    }
+    return rv;
+}
+
+/* FC_OpenSession opens a session between an application and a token. */
+CK_RV
+FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
+               CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
+{
+    SFTK_FIPSFATALCHECK();
+
+    CHECK_FORK();
+
+    return NSC_OpenSession(slotID, flags, pApplication, Notify, phSession);
+}
+
+/* FC_CloseSession closes a session between an application and a token. */
+CK_RV
+FC_CloseSession(CK_SESSION_HANDLE hSession)
+{
+    CHECK_FORK();
+
+    return NSC_CloseSession(hSession);
+}
+
+/* FC_CloseAllSessions closes all sessions with a token. */
+CK_RV
+FC_CloseAllSessions(CK_SLOT_ID slotID)
+{
+
+    CHECK_FORK();
+
+    return NSC_CloseAllSessions(slotID);
+}
+
+/* FC_GetSessionInfo obtains information about the session. */
+CK_RV
+FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                  CK_SESSION_INFO_PTR pInfo)
+{
+    CK_RV rv;
+    SFTK_FIPSFATALCHECK();
+
+    CHECK_FORK();
+
+    rv = NSC_GetSessionInfo(hSession, pInfo);
+    if (rv == CKR_OK) {
+        if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
+            pInfo->state = CKS_RO_USER_FUNCTIONS;
+        }
+        if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
+            pInfo->state = CKS_RW_USER_FUNCTIONS;
+        }
+    }
+    return rv;
+}
+
+/* FC_Login logs a user into a token. */
+CK_RV
+FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
+         CK_CHAR_PTR pPin, CK_ULONG usPinLen)
+{
+    CK_RV rv;
+    PRBool successful;
+    if (sftk_fatalError)
+        return CKR_DEVICE_ERROR;
+    rv = NSC_Login(hSession, userType, pPin, usPinLen);
+    successful = (rv == CKR_OK) || (rv == CKR_USER_ALREADY_LOGGED_IN);
+    if (successful)
+        isLoggedIn = PR_TRUE;
+    if (sftk_audit_enabled) {
+        char msg[128];
+        NSSAuditSeverity severity;
+        severity = successful ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)userType, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_LOGIN, msg);
+    }
+    return rv;
+}
+
+/* FC_Logout logs a user out from a token. */
+CK_RV
+FC_Logout(CK_SESSION_HANDLE hSession)
+{
+    CK_RV rv;
+
+    CHECK_FORK();
+
+    if ((rv = sftk_fipsCheck()) == CKR_OK) {
+        rv = NSC_Logout(hSession);
+        isLoggedIn = PR_FALSE;
+    }
+    if (sftk_audit_enabled) {
+        char msg[128];
+        NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_Logout(hSession=0x%08lX)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_LOGOUT, msg);
+    }
+    return rv;
+}
+
+/* FC_CreateObject creates a new object. */
+CK_RV
+FC_CreateObject(CK_SESSION_HANDLE hSession,
+                CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                CK_OBJECT_HANDLE_PTR phObject)
+{
+    CK_OBJECT_CLASS *classptr;
+    CK_RV rv = CKR_OK;
+
+    CHECK_FORK();
+
+    classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate, ulCount, CKA_CLASS);
+    if (classptr == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+
+    if (*classptr == CKO_NETSCAPE_NEWSLOT || *classptr == CKO_NETSCAPE_DELSLOT) {
+        if (sftk_fatalError)
+            return CKR_DEVICE_ERROR;
+    } else {
+        rv = sftk_fipsCheck();
+        if (rv != CKR_OK)
+            return rv;
+    }
+
+    /* FIPS can't create keys from raw key material */
+    if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) {
+        rv = CKR_ATTRIBUTE_VALUE_INVALID;
+    } else {
+        rv = NSC_CreateObject(hSession, pTemplate, ulCount, phObject);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) {
+        sftk_AuditCreateObject(hSession, pTemplate, ulCount, phObject, rv);
+    }
+    return rv;
+}
+
+/* FC_CopyObject copies an object, creating a new object for the copy. */
+CK_RV
+FC_CopyObject(CK_SESSION_HANDLE hSession,
+              CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+              CK_OBJECT_HANDLE_PTR phNewObject)
+{
+    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
+
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
+    if (rv == CKR_OK) {
+        rv = NSC_CopyObject(hSession, hObject, pTemplate, ulCount, phNewObject);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+        sftk_AuditCopyObject(hSession,
+                             hObject, pTemplate, ulCount, phNewObject, rv);
+    }
+    return rv;
+}
+
+/* FC_DestroyObject destroys an object. */
+CK_RV
+FC_DestroyObject(CK_SESSION_HANDLE hSession,
+                 CK_OBJECT_HANDLE hObject)
+{
+    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
+
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
+    if (rv == CKR_OK) {
+        rv = NSC_DestroyObject(hSession, hObject);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+        sftk_AuditDestroyObject(hSession, hObject, rv);
+    }
+    return rv;
+}
+
+/* FC_GetObjectSize gets the size of an object in bytes. */
+CK_RV
+FC_GetObjectSize(CK_SESSION_HANDLE hSession,
+                 CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
+{
+    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
+
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
+    if (rv == CKR_OK) {
+        rv = NSC_GetObjectSize(hSession, hObject, pulSize);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+        sftk_AuditGetObjectSize(hSession, hObject, pulSize, rv);
+    }
+    return rv;
+}
+
+/* FC_GetAttributeValue obtains the value of one or more object attributes. */
+CK_RV
+FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
+
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
+    if (rv == CKR_OK) {
+        rv = NSC_GetAttributeValue(hSession, hObject, pTemplate, ulCount);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+        sftk_AuditGetAttributeValue(hSession, hObject, pTemplate, ulCount, rv);
+    }
+    return rv;
+}
+
+/* FC_SetAttributeValue modifies the value of one or more object attributes */
+CK_RV
+FC_SetAttributeValue(CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+    CK_RV rv;
+    CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
+
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
+    if (rv == CKR_OK) {
+        rv = NSC_SetAttributeValue(hSession, hObject, pTemplate, ulCount);
+    }
+    if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
+        sftk_AuditSetAttributeValue(hSession, hObject, pTemplate, ulCount, rv);
+    }
+    return rv;
+}
+
+/* FC_FindObjectsInit initializes a search for token and session objects
+ * that match a template. */
+CK_RV
+FC_FindObjectsInit(CK_SESSION_HANDLE hSession,
+                   CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount)
+{
+    /* let publically readable object be found */
+    unsigned int i;
+    CK_RV rv;
+    PRBool needLogin = PR_FALSE;
+
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+
+    for (i = 0; i < usCount; i++) {
+        CK_OBJECT_CLASS class;
+        if (pTemplate[i].type != CKA_CLASS) {
+            continue;
+        }
+        if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
+            continue;
+        }
+        if (pTemplate[i].pValue == NULL) {
+            continue;
+        }
+        class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+        if ((class == CKO_PRIVATE_KEY) || (class == CKO_SECRET_KEY)) {
+            needLogin = PR_TRUE;
+            break;
+        }
+    }
+    if (needLogin) {
+        if ((rv = sftk_fipsCheck()) != CKR_OK)
+            return rv;
+    }
+    return NSC_FindObjectsInit(hSession, pTemplate, usCount);
+}
+
+/* FC_FindObjects continues a search for token and session objects
+ * that match a template, obtaining additional object handles. */
+CK_RV
+FC_FindObjects(CK_SESSION_HANDLE hSession,
+               CK_OBJECT_HANDLE_PTR phObject, CK_ULONG usMaxObjectCount,
+               CK_ULONG_PTR pusObjectCount)
+{
+    CHECK_FORK();
+
+    /* let publically readable object be found */
+    SFTK_FIPSFATALCHECK();
+    return NSC_FindObjects(hSession, phObject, usMaxObjectCount,
+                           pusObjectCount);
+}
+
+/*
+ ************** Crypto Functions:     Encrypt ************************
+ */
+
+/* FC_EncryptInit initializes an encryption operation. */
+CK_RV
+FC_EncryptInit(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_EncryptInit(hSession, pMechanism, hKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditCryptInit("Encrypt", hSession, pMechanism, hKey, rv);
+    }
+    return rv;
+}
+
+/* FC_Encrypt encrypts single-part data. */
+CK_RV
+FC_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+           CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
+           CK_ULONG_PTR pusEncryptedDataLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_Encrypt(hSession, pData, usDataLen, pEncryptedData,
+                       pusEncryptedDataLen);
+}
+
+/* FC_EncryptUpdate continues a multiple-part encryption operation. */
+CK_RV
+FC_EncryptUpdate(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,
+                 CK_ULONG_PTR pusEncryptedPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_EncryptUpdate(hSession, pPart, usPartLen, pEncryptedPart,
+                             pusEncryptedPartLen);
+}
+
+/* FC_EncryptFinal finishes a multiple-part encryption operation. */
+CK_RV
+FC_EncryptFinal(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_EncryptFinal(hSession, pLastEncryptedPart,
+                            pusLastEncryptedPartLen);
+}
+
+/*
+ ************** Crypto Functions:     Decrypt ************************
+ */
+
+/* FC_DecryptInit initializes a decryption operation. */
+CK_RV
+FC_DecryptInit(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_DecryptInit(hSession, pMechanism, hKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditCryptInit("Decrypt", hSession, pMechanism, hKey, rv);
+    }
+    return rv;
+}
+
+/* FC_Decrypt decrypts encrypted data in a single part. */
+CK_RV
+FC_Decrypt(CK_SESSION_HANDLE hSession,
+           CK_BYTE_PTR pEncryptedData, CK_ULONG usEncryptedDataLen, CK_BYTE_PTR pData,
+           CK_ULONG_PTR pusDataLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_Decrypt(hSession, pEncryptedData, usEncryptedDataLen, pData,
+                       pusDataLen);
+}
+
+/* FC_DecryptUpdate continues a multiple-part decryption operation. */
+CK_RV
+FC_DecryptUpdate(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen,
+                 CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_DecryptUpdate(hSession, pEncryptedPart, usEncryptedPartLen,
+                             pPart, pusPartLen);
+}
+
+/* FC_DecryptFinal finishes a multiple-part decryption operation. */
+CK_RV
+FC_DecryptFinal(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_DecryptFinal(hSession, pLastPart, pusLastPartLen);
+}
+
+/*
+ ************** Crypto Functions:     Digest (HASH)  ************************
+ */
+
+/* FC_DigestInit initializes a message-digesting operation. */
+CK_RV
+FC_DigestInit(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism)
+{
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    return NSC_DigestInit(hSession, pMechanism);
+}
+
+/* FC_Digest digests data in a single part. */
+CK_RV
+FC_Digest(CK_SESSION_HANDLE hSession,
+          CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
+          CK_ULONG_PTR pusDigestLen)
+{
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    return NSC_Digest(hSession, pData, usDataLen, pDigest, pusDigestLen);
+}
+
+/* FC_DigestUpdate continues a multiple-part message-digesting operation. */
+CK_RV
+FC_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                CK_ULONG usPartLen)
+{
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    return NSC_DigestUpdate(hSession, pPart, usPartLen);
+}
+
+/* FC_DigestFinal finishes a multiple-part message-digesting operation. */
+CK_RV
+FC_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
+               CK_ULONG_PTR pusDigestLen)
+{
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    return NSC_DigestFinal(hSession, pDigest, pusDigestLen);
+}
+
+/*
+ ************** Crypto Functions:     Sign  ************************
+ */
+
+/* FC_SignInit initializes a signature (private key encryption) operation,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature */
+CK_RV
+FC_SignInit(CK_SESSION_HANDLE hSession,
+            CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_SignInit(hSession, pMechanism, hKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditCryptInit("Sign", hSession, pMechanism, hKey, rv);
+    }
+    return rv;
+}
+
+/* FC_Sign signs (encrypts with private key) data in a single part,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature */
+CK_RV
+FC_Sign(CK_SESSION_HANDLE hSession,
+        CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pSignature,
+        CK_ULONG_PTR pusSignatureLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_Sign(hSession, pData, usDataLen, pSignature, pusSignatureLen);
+}
+
+/* FC_SignUpdate continues a multiple-part signature operation,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature */
+CK_RV
+FC_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+              CK_ULONG usPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_SignUpdate(hSession, pPart, usPartLen);
+}
+
+/* FC_SignFinal finishes a multiple-part signature operation,
+ * returning the signature. */
+CK_RV
+FC_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
+             CK_ULONG_PTR pusSignatureLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_SignFinal(hSession, pSignature, pusSignatureLen);
+}
+
+/*
+ ************** Crypto Functions:     Sign Recover  ************************
+ */
+/* FC_SignRecoverInit initializes a signature operation,
+ * where the (digest) data can be recovered from the signature.
+ * E.g. encryption with the user's private key */
+CK_RV
+FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
+                   CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_SignRecoverInit(hSession, pMechanism, hKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditCryptInit("SignRecover", hSession, pMechanism, hKey, rv);
+    }
+    return rv;
+}
+
+/* FC_SignRecover signs data in a single operation
+ * where the (digest) data can be recovered from the signature.
+ * E.g. encryption with the user's private key */
+CK_RV
+FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+               CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_SignRecover(hSession, pData, usDataLen, pSignature, pusSignatureLen);
+}
+
+/*
+ ************** Crypto Functions:     verify  ************************
+ */
+
+/* FC_VerifyInit initializes a verification operation,
+ * where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature (e.g. DSA) */
+CK_RV
+FC_VerifyInit(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_VerifyInit(hSession, pMechanism, hKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditCryptInit("Verify", hSession, pMechanism, hKey, rv);
+    }
+    return rv;
+}
+
+/* FC_Verify verifies a signature in a single-part operation,
+ * where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature */
+CK_RV
+FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+          CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen)
+{
+    /* make sure we're legal */
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_Verify(hSession, pData, usDataLen, pSignature, usSignatureLen);
+}
+
+/* FC_VerifyUpdate continues a multiple-part verification operation,
+ * where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature */
+CK_RV
+FC_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                CK_ULONG usPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_VerifyUpdate(hSession, pPart, usPartLen);
+}
+
+/* FC_VerifyFinal finishes a multiple-part verification operation,
+ * checking the signature. */
+CK_RV
+FC_VerifyFinal(CK_SESSION_HANDLE hSession,
+               CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_VerifyFinal(hSession, pSignature, usSignatureLen);
+}
+
+/*
+ ************** Crypto Functions:     Verify  Recover ************************
+ */
+
+/* FC_VerifyRecoverInit initializes a signature verification operation,
+ * where the data is recovered from the signature.
+ * E.g. Decryption with the user's public key */
+CK_RV
+FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
+                     CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_VerifyRecoverInit(hSession, pMechanism, hKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditCryptInit("VerifyRecover", hSession, pMechanism, hKey, rv);
+    }
+    return rv;
+}
+
+/* FC_VerifyRecover verifies a signature in a single-part operation,
+ * where the data is recovered from the signature.
+ * E.g. Decryption with the user's public key */
+CK_RV
+FC_VerifyRecover(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen,
+                 CK_BYTE_PTR pData, CK_ULONG_PTR pusDataLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_VerifyRecover(hSession, pSignature, usSignatureLen, pData,
+                             pusDataLen);
+}
+
+/*
+ **************************** Key Functions:  ************************
+ */
+
+/* FC_GenerateKey generates a secret key, creating a new key object. */
+CK_RV
+FC_GenerateKey(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+               CK_OBJECT_HANDLE_PTR phKey)
+{
+    CK_BBOOL *boolptr;
+
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    /* all secret keys must be sensitive, if the upper level code tries to say
+     * otherwise, reject it. */
+    boolptr = (CK_BBOOL *)fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE);
+    if (boolptr != NULL) {
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
+    }
+
+    rv = NSC_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditGenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey, rv);
+    }
+    return rv;
+}
+
+/* FC_GenerateKeyPair generates a public-key/private-key pair,
+ * creating new key objects. */
+CK_RV
+FC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
+                   CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+                   CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+                   CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
+                   CK_OBJECT_HANDLE_PTR phPrivateKey)
+{
+    CK_BBOOL *boolptr;
+    CK_RV crv;
+
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    /* all private keys must be sensitive, if the upper level code tries to say
+     * otherwise, reject it. */
+    boolptr = (CK_BBOOL *)fc_getAttribute(pPrivateKeyTemplate,
+                                          usPrivateKeyAttributeCount, CKA_SENSITIVE);
+    if (boolptr != NULL) {
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
+    }
+    crv = NSC_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate,
+                              usPublicKeyAttributeCount, pPrivateKeyTemplate,
+                              usPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
+    if (crv == CKR_GENERAL_ERROR) {
+        /* pairwise consistency check failed. */
+        sftk_fatalError = PR_TRUE;
+    }
+    if (sftk_audit_enabled) {
+        sftk_AuditGenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate,
+                                  usPublicKeyAttributeCount, pPrivateKeyTemplate,
+                                  usPrivateKeyAttributeCount, phPublicKey, phPrivateKey, crv);
+    }
+    return crv;
+}
+
+/* FC_WrapKey wraps (i.e., encrypts) a key. */
+CK_RV
+FC_WrapKey(CK_SESSION_HANDLE hSession,
+           CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
+           CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
+           CK_ULONG_PTR pulWrappedKeyLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey,
+                     pulWrappedKeyLen);
+    if (sftk_audit_enabled) {
+        sftk_AuditWrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey,
+                          pulWrappedKeyLen, rv);
+    }
+    return rv;
+}
+
+/* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
+CK_RV
+FC_UnwrapKey(CK_SESSION_HANDLE hSession,
+             CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
+             CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+             CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+             CK_OBJECT_HANDLE_PTR phKey)
+{
+    CK_BBOOL *boolptr;
+
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    /* all secret keys must be sensitive, if the upper level code tries to say
+     * otherwise, reject it. */
+    boolptr = (CK_BBOOL *)fc_getAttribute(pTemplate,
+                                          ulAttributeCount, CKA_SENSITIVE);
+    if (boolptr != NULL) {
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
+    }
+    rv = NSC_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey,
+                       ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditUnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey,
+                            ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey, rv);
+    }
+    return rv;
+}
+
+/* FC_DeriveKey derives a key from a base key, creating a new key object. */
+CK_RV
+FC_DeriveKey(CK_SESSION_HANDLE hSession,
+             CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
+             CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+             CK_OBJECT_HANDLE_PTR phKey)
+{
+    CK_BBOOL *boolptr;
+
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    /* all secret keys must be sensitive, if the upper level code tries to say
+     * otherwise, reject it. */
+    boolptr = (CK_BBOOL *)fc_getAttribute(pTemplate,
+                                          ulAttributeCount, CKA_SENSITIVE);
+    if (boolptr != NULL) {
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
+    }
+    rv = NSC_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate,
+                       ulAttributeCount, phKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditDeriveKey(hSession, pMechanism, hBaseKey, pTemplate,
+                            ulAttributeCount, phKey, rv);
+    }
+    return rv;
+}
+
+/*
+ **************************** Radom Functions:  ************************
+ */
+
+/* FC_SeedRandom mixes additional seed material into the token's random number
+ * generator. */
+CK_RV
+FC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
+              CK_ULONG usSeedLen)
+{
+    CK_RV crv;
+
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    crv = NSC_SeedRandom(hSession, pSeed, usSeedLen);
+    if (crv != CKR_OK) {
+        sftk_fatalError = PR_TRUE;
+    }
+    return crv;
+}
+
+/* FC_GenerateRandom generates random data. */
+CK_RV
+FC_GenerateRandom(CK_SESSION_HANDLE hSession,
+                  CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
+{
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    crv = NSC_GenerateRandom(hSession, pRandomData, ulRandomLen);
+    if (crv != CKR_OK) {
+        sftk_fatalError = PR_TRUE;
+        if (sftk_audit_enabled) {
+            char msg[128];
+            PR_snprintf(msg, sizeof msg,
+                        "C_GenerateRandom(hSession=0x%08lX, pRandomData=%p, "
+                        "ulRandomLen=%lu)=0x%08lX "
+                        "self-test: continuous RNG test failed",
+                        (PRUint32)hSession, pRandomData,
+                        (PRUint32)ulRandomLen, (PRUint32)crv);
+            sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
+        }
+    }
+    return crv;
+}
+
+/* FC_GetFunctionStatus obtains an updated status of a function running
+ * in parallel with an application. */
+CK_RV
+FC_GetFunctionStatus(CK_SESSION_HANDLE hSession)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_GetFunctionStatus(hSession);
+}
+
+/* FC_CancelFunction cancels a function running in parallel */
+CK_RV
+FC_CancelFunction(CK_SESSION_HANDLE hSession)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_CancelFunction(hSession);
+}
+
+/*
+ ****************************  Version 1.1 Functions:  ************************
+ */
+
+/* FC_GetOperationState saves the state of the cryptographic
+ *operation in a session. */
+CK_RV
+FC_GetOperationState(CK_SESSION_HANDLE hSession,
+                     CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)
+{
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    return NSC_GetOperationState(hSession, pOperationState, pulOperationStateLen);
+}
+
+/* FC_SetOperationState restores the state of the cryptographic operation
+ * in a session. */
+CK_RV
+FC_SetOperationState(CK_SESSION_HANDLE hSession,
+                     CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen,
+                     CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey)
+{
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    return NSC_SetOperationState(hSession, pOperationState, ulOperationStateLen,
+                                 hEncryptionKey, hAuthenticationKey);
+}
+
+/* FC_FindObjectsFinal finishes a search for token and session objects. */
+CK_RV
+FC_FindObjectsFinal(CK_SESSION_HANDLE hSession)
+{
+    /* let publically readable object be found */
+    SFTK_FIPSFATALCHECK();
+    CHECK_FORK();
+
+    return NSC_FindObjectsFinal(hSession);
+}
+
+/* Dual-function cryptographic operations */
+
+/* FC_DigestEncryptUpdate continues a multiple-part digesting and encryption
+ * operation. */
+CK_RV
+FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                       CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
+                       CK_ULONG_PTR pulEncryptedPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_DigestEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart,
+                                   pulEncryptedPartLen);
+}
+
+/* FC_DecryptDigestUpdate continues a multiple-part decryption and digesting
+ * operation. */
+CK_RV
+FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
+                       CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
+                       CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_DecryptDigestUpdate(hSession, pEncryptedPart, ulEncryptedPartLen,
+                                   pPart, pulPartLen);
+}
+
+/* FC_SignEncryptUpdate continues a multiple-part signing and encryption
+ * operation. */
+CK_RV
+FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                     CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
+                     CK_ULONG_PTR pulEncryptedPartLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_SignEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart,
+                                 pulEncryptedPartLen);
+}
+
+/* FC_DecryptVerifyUpdate continues a multiple-part decryption and verify
+ * operation. */
+CK_RV
+FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
+                       CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
+                       CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    return NSC_DecryptVerifyUpdate(hSession, pEncryptedData, ulEncryptedDataLen,
+                                   pData, pulDataLen);
+}
+
+/* FC_DigestKey continues a multi-part message-digesting operation,
+ * by digesting the value of a secret key as part of the data already digested.
+ */
+CK_RV
+FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
+{
+    SFTK_FIPSCHECK();
+    CHECK_FORK();
+
+    rv = NSC_DigestKey(hSession, hKey);
+    if (sftk_audit_enabled) {
+        sftk_AuditDigestKey(hSession, hKey, rv);
+    }
+    return rv;
+}
+
+CK_RV
+FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
+                    CK_VOID_PTR pReserved)
+{
+    CHECK_FORK();
+
+    return NSC_WaitForSlotEvent(flags, pSlot, pReserved);
+}
diff --git a/nss/lib/softoken/jpakesftk.c b/nss/lib/softoken/jpakesftk.c
new file mode 100644
index 0000000..7ed1e34
--- /dev/null
+++ b/nss/lib/softoken/jpakesftk.c
@@ -0,0 +1,359 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "secerr.h"
+#include "blapi.h"
+#include "pkcs11i.h"
+#include "softoken.h"
+
+static CK_RV
+jpake_mapStatus(SECStatus rv, CK_RV invalidArgsMapping)
+{
+    int err;
+    if (rv == SECSuccess)
+        return CKR_OK;
+    err = PORT_GetError();
+    switch (err) {
+        /* XXX: SEC_ERROR_INVALID_ARGS might be caused by invalid template
+            parameters. */
+        case SEC_ERROR_INVALID_ARGS:
+            return invalidArgsMapping;
+        case SEC_ERROR_BAD_SIGNATURE:
+            return CKR_SIGNATURE_INVALID;
+        case SEC_ERROR_NO_MEMORY:
+            return CKR_HOST_MEMORY;
+    }
+    return CKR_FUNCTION_FAILED;
+}
+
+/* If key is not NULL then the gx value will be stored as an attribute with
+   the type given by the gxAttrType parameter. */
+static CK_RV
+jpake_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+           const SECItem *signerID, const SECItem *x,
+           CK_NSS_JPAKEPublicValue *out)
+{
+    SECItem gx, gv, r;
+    CK_RV crv;
+
+    PORT_Assert(arena != NULL);
+
+    gx.data = NULL;
+    gv.data = NULL;
+    r.data = NULL;
+    crv = jpake_mapStatus(JPAKE_Sign(arena, pqg, hashType, signerID, x, NULL,
+                                     NULL, &gx, &gv, &r),
+                          CKR_MECHANISM_PARAM_INVALID);
+    if (crv == CKR_OK) {
+        if ((out->pGX != NULL && out->ulGXLen >= gx.len) ||
+            (out->pGV != NULL && out->ulGVLen >= gv.len) ||
+            (out->pR != NULL && out->ulRLen >= r.len)) {
+            PORT_Memcpy(out->pGX, gx.data, gx.len);
+            PORT_Memcpy(out->pGV, gv.data, gv.len);
+            PORT_Memcpy(out->pR, r.data, r.len);
+            out->ulGXLen = gx.len;
+            out->ulGVLen = gv.len;
+            out->ulRLen = r.len;
+        } else {
+            crv = CKR_MECHANISM_PARAM_INVALID;
+        }
+    }
+    return crv;
+}
+
+static CK_RV
+jpake_Verify(PLArenaPool *arena, const PQGParams *pqg,
+             HASH_HashType hashType, const SECItem *signerID,
+             const CK_BYTE *peerIDData, CK_ULONG peerIDLen,
+             const CK_NSS_JPAKEPublicValue *publicValueIn)
+{
+    SECItem peerID, gx, gv, r;
+    peerID.data = (unsigned char *)peerIDData;
+    peerID.len = peerIDLen;
+    gx.data = publicValueIn->pGX;
+    gx.len = publicValueIn->ulGXLen;
+    gv.data = publicValueIn->pGV;
+    gv.len = publicValueIn->ulGVLen;
+    r.data = publicValueIn->pR;
+    r.len = publicValueIn->ulRLen;
+    return jpake_mapStatus(JPAKE_Verify(arena, pqg, hashType, signerID, &peerID,
+                                        &gx, &gv, &r),
+                           CKR_MECHANISM_PARAM_INVALID);
+}
+
+#define NUM_ELEM(x) (sizeof(x) / sizeof(x)[0])
+
+/* If the template has the key type set, ensure that it was set to the correct
+ * value. If the template did not have the key type set, set it to the
+ * correct value.
+ */
+static CK_RV
+jpake_enforceKeyType(SFTKObject *key, CK_KEY_TYPE keyType)
+{
+    CK_RV crv;
+    SFTKAttribute *keyTypeAttr = sftk_FindAttribute(key, CKA_KEY_TYPE);
+    if (keyTypeAttr != NULL) {
+        crv = *(CK_KEY_TYPE *)keyTypeAttr->attrib.pValue == keyType
+                  ? CKR_OK
+                  : CKR_TEMPLATE_INCONSISTENT;
+        sftk_FreeAttribute(keyTypeAttr);
+    } else {
+        crv = sftk_forceAttribute(key, CKA_KEY_TYPE, &keyType, sizeof keyType);
+    }
+    return crv;
+}
+
+static CK_RV
+jpake_MultipleSecItem2Attribute(SFTKObject *key, const SFTKItemTemplate *attrs,
+                                size_t attrsCount)
+{
+    size_t i;
+
+    for (i = 0; i < attrsCount; ++i) {
+        CK_RV crv = sftk_forceAttribute(key, attrs[i].type, attrs[i].item->data,
+                                        attrs[i].item->len);
+        if (crv != CKR_OK)
+            return crv;
+    }
+    return CKR_OK;
+}
+
+CK_RV
+jpake_Round1(HASH_HashType hashType, CK_NSS_JPAKERound1Params *params,
+             SFTKObject *key)
+{
+    CK_RV crv;
+    PQGParams pqg;
+    PLArenaPool *arena;
+    SECItem signerID;
+    SFTKItemTemplate templateAttrs[] = {
+        { CKA_PRIME, &pqg.prime },
+        { CKA_SUBPRIME, &pqg.subPrime },
+        { CKA_BASE, &pqg.base },
+        { CKA_NSS_JPAKE_SIGNERID, &signerID }
+    };
+    SECItem x2, gx1, gx2;
+    const SFTKItemTemplate generatedAttrs[] = {
+        { CKA_NSS_JPAKE_X2, &x2 },
+        { CKA_NSS_JPAKE_GX1, &gx1 },
+        { CKA_NSS_JPAKE_GX2, &gx2 },
+    };
+    SECItem x1;
+
+    PORT_Assert(params != NULL);
+    PORT_Assert(key != NULL);
+
+    arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        crv = CKR_HOST_MEMORY;
+
+    crv = sftk_MultipleAttribute2SecItem(arena, key, templateAttrs,
+                                         NUM_ELEM(templateAttrs));
+
+    if (crv == CKR_OK && (signerID.data == NULL || signerID.len == 0))
+        crv = CKR_TEMPLATE_INCOMPLETE;
+
+    /* generate x1, g^x1 and the proof of knowledge of x1 */
+    if (crv == CKR_OK) {
+        x1.data = NULL;
+        crv = jpake_mapStatus(DSA_NewRandom(arena, &pqg.subPrime, &x1),
+                              CKR_TEMPLATE_INCONSISTENT);
+    }
+    if (crv == CKR_OK)
+        crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x1, &params->gx1);
+
+    /* generate x2, g^x2 and the proof of knowledge of x2 */
+    if (crv == CKR_OK) {
+        x2.data = NULL;
+        crv = jpake_mapStatus(DSA_NewRandom(arena, &pqg.subPrime, &x2),
+                              CKR_TEMPLATE_INCONSISTENT);
+    }
+    if (crv == CKR_OK)
+        crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x2, &params->gx2);
+
+    /* Save the values needed for round 2 into CKA_VALUE */
+    if (crv == CKR_OK) {
+        gx1.data = params->gx1.pGX;
+        gx1.len = params->gx1.ulGXLen;
+        gx2.data = params->gx2.pGX;
+        gx2.len = params->gx2.ulGXLen;
+        crv = jpake_MultipleSecItem2Attribute(key, generatedAttrs,
+                                              NUM_ELEM(generatedAttrs));
+    }
+
+    PORT_FreeArena(arena, PR_TRUE);
+    return crv;
+}
+
+CK_RV
+jpake_Round2(HASH_HashType hashType, CK_NSS_JPAKERound2Params *params,
+             SFTKObject *sourceKey, SFTKObject *key)
+{
+    CK_RV crv;
+    PLArenaPool *arena;
+    PQGParams pqg;
+    SECItem signerID, x2, gx1, gx2;
+    SFTKItemTemplate sourceAttrs[] = {
+        { CKA_PRIME, &pqg.prime },
+        { CKA_SUBPRIME, &pqg.subPrime },
+        { CKA_BASE, &pqg.base },
+        { CKA_NSS_JPAKE_SIGNERID, &signerID },
+        { CKA_NSS_JPAKE_X2, &x2 },
+        { CKA_NSS_JPAKE_GX1, &gx1 },
+        { CKA_NSS_JPAKE_GX2, &gx2 },
+    };
+    SECItem x2s, gx3, gx4;
+    const SFTKItemTemplate copiedAndGeneratedAttrs[] = {
+        { CKA_NSS_JPAKE_SIGNERID, &signerID },
+        { CKA_PRIME, &pqg.prime },
+        { CKA_SUBPRIME, &pqg.subPrime },
+        { CKA_NSS_JPAKE_X2, &x2 },
+        { CKA_NSS_JPAKE_X2S, &x2s },
+        { CKA_NSS_JPAKE_GX1, &gx1 },
+        { CKA_NSS_JPAKE_GX2, &gx2 },
+        { CKA_NSS_JPAKE_GX3, &gx3 },
+        { CKA_NSS_JPAKE_GX4, &gx4 }
+    };
+    SECItem peerID;
+
+    PORT_Assert(params != NULL);
+    PORT_Assert(sourceKey != NULL);
+    PORT_Assert(key != NULL);
+
+    arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        crv = CKR_HOST_MEMORY;
+
+    /* TODO: check CKK_NSS_JPAKE_ROUND1 */
+
+    crv = sftk_MultipleAttribute2SecItem(arena, sourceKey, sourceAttrs,
+                                         NUM_ELEM(sourceAttrs));
+
+    /* Get the peer's ID out of the template and sanity-check it. */
+    if (crv == CKR_OK)
+        crv = sftk_Attribute2SecItem(arena, &peerID, key,
+                                     CKA_NSS_JPAKE_PEERID);
+    if (crv == CKR_OK && (peerID.data == NULL || peerID.len == 0))
+        crv = CKR_TEMPLATE_INCOMPLETE;
+    if (crv == CKR_OK && SECITEM_CompareItem(&signerID, &peerID) == SECEqual)
+        crv = CKR_TEMPLATE_INCONSISTENT;
+
+    /* Verify zero-knowledge proofs for g^x3 and g^x4 */
+    if (crv == CKR_OK)
+        crv = jpake_Verify(arena, &pqg, hashType, &signerID,
+                           peerID.data, peerID.len, &params->gx3);
+    if (crv == CKR_OK)
+        crv = jpake_Verify(arena, &pqg, hashType, &signerID,
+                           peerID.data, peerID.len, &params->gx4);
+
+    /* Calculate the base and x2s for A=base^x2s */
+    if (crv == CKR_OK) {
+        SECItem s;
+        s.data = params->pSharedKey;
+        s.len = params->ulSharedKeyLen;
+        gx3.data = params->gx3.pGX;
+        gx3.len = params->gx3.ulGXLen;
+        gx4.data = params->gx4.pGX;
+        gx4.len = params->gx4.ulGXLen;
+        pqg.base.data = NULL;
+        x2s.data = NULL;
+        crv = jpake_mapStatus(JPAKE_Round2(arena, &pqg.prime, &pqg.subPrime,
+                                           &gx1, &gx3, &gx4, &pqg.base,
+                                           &x2, &s, &x2s),
+                              CKR_MECHANISM_PARAM_INVALID);
+    }
+
+    /* Generate A=base^x2s and its zero-knowledge proof. */
+    if (crv == CKR_OK)
+        crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x2s, &params->A);
+
+    /* Copy P and Q from the ROUND1 key to the ROUND2 key and save the values
+       needed for the final key material derivation into CKA_VALUE. */
+    if (crv == CKR_OK)
+        crv = sftk_forceAttribute(key, CKA_PRIME, pqg.prime.data,
+                                  pqg.prime.len);
+    if (crv == CKR_OK)
+        crv = sftk_forceAttribute(key, CKA_SUBPRIME, pqg.subPrime.data,
+                                  pqg.subPrime.len);
+    if (crv == CKR_OK) {
+        crv = jpake_MultipleSecItem2Attribute(key, copiedAndGeneratedAttrs,
+                                              NUM_ELEM(copiedAndGeneratedAttrs));
+    }
+
+    if (crv == CKR_OK)
+        crv = jpake_enforceKeyType(key, CKK_NSS_JPAKE_ROUND2);
+
+    PORT_FreeArena(arena, PR_TRUE);
+    return crv;
+}
+
+CK_RV
+jpake_Final(HASH_HashType hashType, const CK_NSS_JPAKEFinalParams *param,
+            SFTKObject *sourceKey, SFTKObject *key)
+{
+    PLArenaPool *arena;
+    SECItem K;
+    PQGParams pqg;
+    CK_RV crv;
+    SECItem peerID, signerID, x2s, x2, gx1, gx2, gx3, gx4;
+    SFTKItemTemplate sourceAttrs[] = {
+        { CKA_NSS_JPAKE_PEERID, &peerID },
+        { CKA_NSS_JPAKE_SIGNERID, &signerID },
+        { CKA_PRIME, &pqg.prime },
+        { CKA_SUBPRIME, &pqg.subPrime },
+        { CKA_NSS_JPAKE_X2, &x2 },
+        { CKA_NSS_JPAKE_X2S, &x2s },
+        { CKA_NSS_JPAKE_GX1, &gx1 },
+        { CKA_NSS_JPAKE_GX2, &gx2 },
+        { CKA_NSS_JPAKE_GX3, &gx3 },
+        { CKA_NSS_JPAKE_GX4, &gx4 }
+    };
+
+    PORT_Assert(param != NULL);
+    PORT_Assert(sourceKey != NULL);
+    PORT_Assert(key != NULL);
+
+    arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        crv = CKR_HOST_MEMORY;
+
+    /* TODO: verify key type CKK_NSS_JPAKE_ROUND2 */
+
+    crv = sftk_MultipleAttribute2SecItem(arena, sourceKey, sourceAttrs,
+                                         NUM_ELEM(sourceAttrs));
+
+    /* Calculate base for B=base^x4s */
+    if (crv == CKR_OK) {
+        pqg.base.data = NULL;
+        crv = jpake_mapStatus(JPAKE_Round2(arena, &pqg.prime, &pqg.subPrime,
+                                           &gx1, &gx2, &gx3, &pqg.base,
+                                           NULL, NULL, NULL),
+                              CKR_MECHANISM_PARAM_INVALID);
+    }
+
+    /* Verify zero-knowledge proof for B */
+    if (crv == CKR_OK)
+        crv = jpake_Verify(arena, &pqg, hashType, &signerID,
+                           peerID.data, peerID.len, &param->B);
+    if (crv == CKR_OK) {
+        SECItem B;
+        B.data = param->B.pGX;
+        B.len = param->B.ulGXLen;
+        K.data = NULL;
+        crv = jpake_mapStatus(JPAKE_Final(arena, &pqg.prime, &pqg.subPrime,
+                                          &x2, &gx4, &x2s, &B, &K),
+                              CKR_MECHANISM_PARAM_INVALID);
+    }
+
+    /* Save key material into CKA_VALUE. */
+    if (crv == CKR_OK)
+        crv = sftk_forceAttribute(key, CKA_VALUE, K.data, K.len);
+
+    if (crv == CKR_OK)
+        crv = jpake_enforceKeyType(key, CKK_GENERIC_SECRET);
+
+    PORT_FreeArena(arena, PR_TRUE);
+    return crv;
+}
diff --git a/nss/lib/softoken/legacydb/Makefile b/nss/lib/softoken/legacydb/Makefile
new file mode 100644
index 0000000..b7e94ca
--- /dev/null
+++ b/nss/lib/softoken/legacydb/Makefile
@@ -0,0 +1,62 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+ifdef NSS_NO_INIT_SUPPORT
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif
+ifeq ($(OS_TARGET),Linux)
+ifeq ($(CPU_ARCH),ppc)
+ifdef USE_64
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif # USE_64
+endif # ppc
+else # !Linux
+    # turn off no init support everywhere for now
+    DEFINES += -DNSS_NO_INIT_SUPPORT
+endif # Linux
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+# indicates dependency on freebl static lib
+$(SHARED_LIBRARY): $(CRYPTOLIB)
diff --git a/nss/lib/softoken/legacydb/cdbhdl.h b/nss/lib/softoken/legacydb/cdbhdl.h
new file mode 100644
index 0000000..e7243db
--- /dev/null
+++ b/nss/lib/softoken/legacydb/cdbhdl.h
@@ -0,0 +1,51 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * cdbhdl.h - certificate database handle
+ *   private to the certdb module
+ */
+#ifndef _CDBHDL_H_
+#define _CDBHDL_H_
+
+#include "nspr.h"
+#include "mcom_db.h"
+#include "pcertt.h"
+#include "prtypes.h"
+
+/*
+ * Handle structure for open certificate databases
+ */
+struct NSSLOWCERTCertDBHandleStr {
+    DB *permCertDB;
+    PZMonitor *dbMon;
+    PRBool dbVerify;
+    PRInt32 ref; /* reference count */
+};
+
+#ifdef DBM_USING_NSPR
+#define NO_RDONLY PR_RDONLY
+#define NO_RDWR PR_RDWR
+#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
+#else
+#define NO_RDONLY O_RDONLY
+#define NO_RDWR O_RDWR
+#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC)
+#endif
+
+typedef DB *(*rdbfunc)(const char *appName, const char *prefix,
+                       const char *type, int flags);
+typedef int (*rdbstatusfunc)(void);
+
+#define RDB_FAIL 1
+#define RDB_RETRY 2
+
+DB *rdbopen(const char *appName, const char *prefix,
+            const char *type, int flags, int *status);
+
+DB *dbsopen(const char *dbname, int flags, int mode, DBTYPE type,
+            const void *appData);
+SECStatus db_Copy(DB *dest, DB *src);
+int db_InitComplete(DB *db);
+
+#endif
diff --git a/nss/lib/softoken/legacydb/config.mk b/nss/lib/softoken/legacydb/config.mk
new file mode 100644
index 0000000..ac7240e
--- /dev/null
+++ b/nss/lib/softoken/legacydb/config.mk
@@ -0,0 +1,57 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+CRYPTOLIB=$(DIST)/lib/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
+
+EXTRA_LIBS += \
+	$(CRYPTOLIB) \
+	$(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) \
+	$(NULL)
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = $(LIBRARY_NAME).rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+else # ! NS_USE_GCC
+
+EXTRA_SHARED_LIBS += \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(DIST)/lib/nssutil3.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+endif
diff --git a/nss/lib/softoken/legacydb/dbmshim.c b/nss/lib/softoken/legacydb/dbmshim.c
new file mode 100644
index 0000000..cca24bc
--- /dev/null
+++ b/nss/lib/softoken/legacydb/dbmshim.c
@@ -0,0 +1,539 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Berkeley DB 1.85 Shim code to handle blobs.
+ */
+#include "mcom_db.h"
+#include "secitem.h"
+#include "nssb64.h"
+#include "blapi.h"
+#include "secerr.h"
+
+#include "lgdb.h"
+
+/*
+ *   Blob block:
+ *   Byte 0   CERTDB Version           -+                       -+
+ *   Byte 1   certDBEntryTypeBlob       |  BLOB_HEAD_LEN         |
+ *   Byte 2   flags (always '0');       |                        |
+ *   Byte 3   reserved (always '0');   -+                        |
+ *   Byte 4   LSB length                | <--BLOB_LENGTH_START   | BLOB_BUF_LEN
+ *   Byte 5       .                     |                        |
+ *   Byte 6       .                     | BLOB_LENGTH_LEN        |
+ *   Byte 7   MSB length                |                        |
+ *   Byte 8   blob_filename   -+       -+  <-- BLOB_NAME_START   |
+ *   Byte 9       .            | BLOB_NAME_LEN                   |
+ *     .          .            |                                 |
+ *   Byte 37      .           -+                                -+
+ */
+#define DBS_BLOCK_SIZE (16 * 1024)                   /* 16 k */
+#define DBS_MAX_ENTRY_SIZE (DBS_BLOCK_SIZE - (2048)) /* 14 k */
+#define DBS_CACHE_SIZE DBS_BLOCK_SIZE * 8
+#define ROUNDDIV(x, y) (x + (y - 1)) / y
+#define BLOB_HEAD_LEN 4
+#define BLOB_LENGTH_START BLOB_HEAD_LEN
+#define BLOB_LENGTH_LEN 4
+#define BLOB_NAME_START BLOB_LENGTH_START + BLOB_LENGTH_LEN
+#define BLOB_NAME_LEN 1 + ROUNDDIV(SHA1_LENGTH, 3) * 4 + 1
+#define BLOB_BUF_LEN BLOB_HEAD_LEN + BLOB_LENGTH_LEN + BLOB_NAME_LEN
+
+/* a Shim data structure. This data structure has a db built into it. */
+typedef struct DBSStr DBS;
+
+struct DBSStr {
+    DB db;
+    char *blobdir;
+    int mode;
+    PRBool readOnly;
+    char staticBlobArea[BLOB_BUF_LEN];
+};
+
+/*
+ * return true if the Datablock contains a blobtype
+ */
+static PRBool
+dbs_IsBlob(DBT *blobData)
+{
+    unsigned char *addr = (unsigned char *)blobData->data;
+    if (blobData->size < BLOB_BUF_LEN) {
+        return PR_FALSE;
+    }
+    return addr && ((certDBEntryType)addr[1] == certDBEntryTypeBlob);
+}
+
+/*
+ * extract the filename in the blob of the real data set.
+ * This value is not malloced (does not need to be freed by the caller.
+ */
+static const char *
+dbs_getBlobFileName(DBT *blobData)
+{
+    char *addr = (char *)blobData->data;
+
+    return &addr[BLOB_NAME_START];
+}
+
+/*
+ * extract the size of the actual blob from the blob record
+ */
+static PRUint32
+dbs_getBlobSize(DBT *blobData)
+{
+    unsigned char *addr = (unsigned char *)blobData->data;
+
+    return (PRUint32)(addr[BLOB_LENGTH_START + 3] << 24) |
+           (addr[BLOB_LENGTH_START + 2] << 16) |
+           (addr[BLOB_LENGTH_START + 1] << 8) |
+           addr[BLOB_LENGTH_START];
+}
+
+/* We are using base64 data for the filename, but base64 data can include a
+ * '/' which is interpreted as a path separator on  many platforms. Replace it
+ * with an inocuous '-'. We don't need to convert back because we never actual
+ * decode the filename.
+ */
+
+static void
+dbs_replaceSlash(char *cp, int len)
+{
+    while (len--) {
+        if (*cp == '/')
+            *cp = '-';
+        cp++;
+    }
+}
+
+/*
+ * create a blob record from a key, data and return it in blobData.
+ * NOTE: The data element is static data (keeping with the dbm model).
+ */
+static void
+dbs_mkBlob(DBS *dbsp, const DBT *key, const DBT *data, DBT *blobData)
+{
+    unsigned char sha1_data[SHA1_LENGTH];
+    char *b = dbsp->staticBlobArea;
+    PRUint32 length = data->size;
+    SECItem sha1Item;
+
+    b[0] = CERT_DB_FILE_VERSION;      /* certdb version number */
+    b[1] = (char)certDBEntryTypeBlob; /* type */
+    b[2] = 0;                         /* flags */
+    b[3] = 0;                         /* reserved */
+    b[BLOB_LENGTH_START] = length & 0xff;
+    b[BLOB_LENGTH_START + 1] = (length >> 8) & 0xff;
+    b[BLOB_LENGTH_START + 2] = (length >> 16) & 0xff;
+    b[BLOB_LENGTH_START + 3] = (length >> 24) & 0xff;
+    sha1Item.data = sha1_data;
+    sha1Item.len = SHA1_LENGTH;
+    SHA1_HashBuf(sha1_data, key->data, key->size);
+    b[BLOB_NAME_START] = 'b'; /* Make sure we start with a alpha */
+    NSSBase64_EncodeItem(NULL, &b[BLOB_NAME_START + 1], BLOB_NAME_LEN - 1, &sha1Item);
+    b[BLOB_BUF_LEN - 1] = 0;
+    dbs_replaceSlash(&b[BLOB_NAME_START + 1], BLOB_NAME_LEN - 1);
+    blobData->data = b;
+    blobData->size = BLOB_BUF_LEN;
+    return;
+}
+
+/*
+ * construct a path to the actual blob. The string returned must be
+ * freed by the caller with PR_smprintf_free.
+ *
+ * Note: this file does lots of consistancy checks on the DBT. The
+ * routines that call this depend on these checks, so they don't worry
+ * about them (success of this routine implies a good blobdata record).
+ */
+static char *
+dbs_getBlobFilePath(char *blobdir, DBT *blobData)
+{
+    const char *name;
+
+    if (blobdir == NULL) {
+        PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        return NULL;
+    }
+    if (!dbs_IsBlob(blobData)) {
+        PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        return NULL;
+    }
+    name = dbs_getBlobFileName(blobData);
+    if (!name || *name == 0) {
+        PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        return NULL;
+    }
+    return PR_smprintf("%s" PATH_SEPARATOR "%s", blobdir, name);
+}
+
+/*
+ * Delete a blob file pointed to by the blob record.
+ */
+static void
+dbs_removeBlob(DBS *dbsp, DBT *blobData)
+{
+    char *file;
+
+    file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
+    if (!file) {
+        return;
+    }
+    PR_Delete(file);
+    PR_smprintf_free(file);
+}
+
+/*
+ * Directory modes are slightly different, the 'x' bit needs to be on to
+ * access them. Copy all the read bits to 'x' bits
+ */
+static int
+dbs_DirMode(int mode)
+{
+    int x_bits = (mode >> 2) & 0111;
+    return mode | x_bits;
+}
+
+/*
+ * write a data blob to it's file. blobdData is the blob record that will be
+ * stored in the database. data is the actual data to go out on disk.
+ */
+static int
+dbs_writeBlob(DBS *dbsp, int mode, DBT *blobData, const DBT *data)
+{
+    char *file = NULL;
+    PRFileDesc *filed;
+    PRStatus status;
+    int len;
+    int error = 0;
+
+    file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
+    if (!file) {
+        goto loser;
+    }
+    if (PR_Access(dbsp->blobdir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+        status = PR_MkDir(dbsp->blobdir, dbs_DirMode(mode));
+        if (status != PR_SUCCESS) {
+            goto loser;
+        }
+    }
+    filed = PR_OpenFile(file, PR_CREATE_FILE | PR_TRUNCATE | PR_WRONLY, mode);
+    if (filed == NULL) {
+        error = PR_GetError();
+        goto loser;
+    }
+    len = PR_Write(filed, data->data, data->size);
+    error = PR_GetError();
+    PR_Close(filed);
+    if (len < (int)data->size) {
+        goto loser;
+    }
+    PR_smprintf_free(file);
+    return 0;
+
+loser:
+    if (file) {
+        PR_Delete(file);
+        PR_smprintf_free(file);
+    }
+    /* don't let close or delete reset the error */
+    PR_SetError(error, 0);
+    return -1;
+}
+
+/*
+ * platforms that cannot map the file need to read it into a temp buffer.
+ */
+static unsigned char *
+dbs_EmulateMap(PRFileDesc *filed, int len)
+{
+    unsigned char *addr;
+    PRInt32 dataRead;
+
+    addr = PORT_Alloc(len);
+    if (addr == NULL) {
+        return NULL;
+    }
+
+    dataRead = PR_Read(filed, addr, len);
+    if (dataRead != len) {
+        PORT_Free(addr);
+        if (dataRead > 0) {
+            /* PR_Read didn't set an error, we need to */
+            PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        }
+        return NULL;
+    }
+
+    return addr;
+}
+
+/*
+ * pull a database record off the disk
+ * data points to the blob record on input and the real record (if we could
+ * read it) on output. if there is an error data is not modified.
+ */
+static int
+dbs_readBlob(DBS *dbsp, DBT *data)
+{
+    char *file = NULL;
+    PRFileDesc *filed = NULL;
+    unsigned char *addr = NULL;
+    int error;
+    int len = -1;
+
+    file = dbs_getBlobFilePath(dbsp->blobdir, data);
+    if (!file) {
+        goto loser;
+    }
+    filed = PR_OpenFile(file, PR_RDONLY, 0);
+    PR_smprintf_free(file);
+    file = NULL;
+    if (filed == NULL) {
+        goto loser;
+    }
+
+    len = dbs_getBlobSize(data);
+    /* Bug 1323150
+     * PR_MemMap fails on Windows for larger certificates.
+     * https://msdn.microsoft.com/en-us/library/windows/desktop/aa366761(v=vs.85).aspx
+     * Let's always use the emulated map, i.e. read the file.
+     */
+    addr = dbs_EmulateMap(filed, len);
+    if (addr == NULL) {
+        goto loser;
+    }
+    PR_Close(filed);
+
+    data->data = addr;
+    data->size = len;
+    return 0;
+
+loser:
+    /* preserve the error code */
+    error = PR_GetError();
+    if (filed) {
+        PR_Close(filed);
+    }
+    PR_SetError(error, 0);
+    return -1;
+}
+
+/*
+ * actual DBM shims
+ */
+static int
+dbs_get(const DB *dbs, const DBT *key, DBT *data, unsigned int flags)
+{
+    int ret;
+    DBS *dbsp = (DBS *)dbs;
+    DB *db = (DB *)dbs->internal;
+
+    ret = (*db->get)(db, key, data, flags);
+    if ((ret == 0) && dbs_IsBlob(data)) {
+        ret = dbs_readBlob(dbsp, data);
+    }
+
+    return (ret);
+}
+
+static int
+dbs_put(const DB *dbs, DBT *key, const DBT *data, unsigned int flags)
+{
+    DBT blob;
+    int ret = 0;
+    DBS *dbsp = (DBS *)dbs;
+    DB *db = (DB *)dbs->internal;
+
+    /* If the db is readonly, just pass the data down to rdb and let it fail */
+    if (!dbsp->readOnly) {
+        DBT oldData;
+        int ret1;
+
+        /* make sure the current record is deleted if it's a blob */
+        ret1 = (*db->get)(db, key, &oldData, 0);
+        if ((ret1 == 0) && flags == R_NOOVERWRITE) {
+            /* let DBM return the error to maintain consistancy */
+            return (*db->put)(db, key, data, flags);
+        }
+        if ((ret1 == 0) && dbs_IsBlob(&oldData)) {
+            dbs_removeBlob(dbsp, &oldData);
+        }
+
+        if (data->size > DBS_MAX_ENTRY_SIZE) {
+            dbs_mkBlob(dbsp, key, data, &blob);
+            ret = dbs_writeBlob(dbsp, dbsp->mode, &blob, data);
+            data = &blob;
+        }
+    }
+
+    if (ret == 0) {
+        ret = (*db->put)(db, key, data, flags);
+    }
+    return (ret);
+}
+
+static int
+dbs_sync(const DB *dbs, unsigned int flags)
+{
+    DB *db = (DB *)dbs->internal;
+    return (*db->sync)(db, flags);
+}
+
+static int
+dbs_del(const DB *dbs, const DBT *key, unsigned int flags)
+{
+    int ret;
+    DBS *dbsp = (DBS *)dbs;
+    DB *db = (DB *)dbs->internal;
+
+    if (!dbsp->readOnly) {
+        DBT oldData;
+        ret = (*db->get)(db, key, &oldData, 0);
+        if ((ret == 0) && dbs_IsBlob(&oldData)) {
+            dbs_removeBlob(dbsp, &oldData);
+        }
+    }
+
+    return (*db->del)(db, key, flags);
+}
+
+static int
+dbs_seq(const DB *dbs, DBT *key, DBT *data, unsigned int flags)
+{
+    int ret;
+    DBS *dbsp = (DBS *)dbs;
+    DB *db = (DB *)dbs->internal;
+
+    ret = (*db->seq)(db, key, data, flags);
+    if ((ret == 0) && dbs_IsBlob(data)) {
+        /* don't return a blob read as an error so traversals keep going */
+        (void)dbs_readBlob(dbsp, data);
+    }
+
+    return (ret);
+}
+
+static int
+dbs_close(DB *dbs)
+{
+    DBS *dbsp = (DBS *)dbs;
+    DB *db = (DB *)dbs->internal;
+    int ret;
+
+    ret = (*db->close)(db);
+    PORT_Free(dbsp->blobdir);
+    PORT_Free(dbsp);
+    return ret;
+}
+
+static int
+dbs_fd(const DB *dbs)
+{
+    DB *db = (DB *)dbs->internal;
+
+    return (*db->fd)(db);
+}
+
+/*
+ * the naming convention we use is
+ * change the .xxx into .dir. (for nss it's always .db);
+ * if no .extension exists or is equal to .dir, add a .dir
+ * the returned data must be freed.
+ */
+#define DIRSUFFIX ".dir"
+static char *
+dbs_mkBlobDirName(const char *dbname)
+{
+    int dbname_len = PORT_Strlen(dbname);
+    int dbname_end = dbname_len;
+    const char *cp;
+    char *blobDir = NULL;
+
+    /* scan back from the end looking for either a directory separator, a '.',
+     * or the end of the string. NOTE: Windows should check for both separators
+     * here. For now this is safe because we know NSS always uses a '.'
+     */
+    for (cp = &dbname[dbname_len];
+         (cp > dbname) && (*cp != '.') && (*cp != *PATH_SEPARATOR);
+         cp--)
+        /* Empty */;
+    if (*cp == '.') {
+        dbname_end = cp - dbname;
+        if (PORT_Strcmp(cp, DIRSUFFIX) == 0) {
+            dbname_end = dbname_len;
+        }
+    }
+    blobDir = PORT_ZAlloc(dbname_end + sizeof(DIRSUFFIX));
+    if (blobDir == NULL) {
+        return NULL;
+    }
+    PORT_Memcpy(blobDir, dbname, dbname_end);
+    PORT_Memcpy(&blobDir[dbname_end], DIRSUFFIX, sizeof(DIRSUFFIX));
+    return blobDir;
+}
+
+#define DBM_DEFAULT 0
+static const HASHINFO dbs_hashInfo = {
+    DBS_BLOCK_SIZE, /* bucket size, must be greater than = to
+				     * or maximum entry size (+ header)
+				     * we allow before blobing */
+    DBM_DEFAULT,    /* Fill Factor */
+    DBM_DEFAULT,    /* number of elements */
+    DBS_CACHE_SIZE, /* cache size */
+    DBM_DEFAULT,    /* hash function */
+    DBM_DEFAULT,    /* byte order */
+};
+
+/*
+ * the open function. NOTE: this is the only exposed function in this file.
+ * everything else is called through the function table pointer.
+ */
+DB *
+dbsopen(const char *dbname, int flags, int mode, DBTYPE type,
+        const void *userData)
+{
+    DB *db = NULL, *dbs = NULL;
+    DBS *dbsp = NULL;
+
+    /* NOTE: we are overriding userData with dbs_hashInfo. since all known
+     * callers pass 0, this is ok, otherwise we should merge the two */
+
+    dbsp = (DBS *)PORT_ZAlloc(sizeof(DBS));
+    if (!dbsp) {
+        return NULL;
+    }
+    dbs = &dbsp->db;
+
+    dbsp->blobdir = dbs_mkBlobDirName(dbname);
+    if (dbsp->blobdir == NULL) {
+        goto loser;
+    }
+    dbsp->mode = mode;
+    dbsp->readOnly = (PRBool)(flags == NO_RDONLY);
+
+    /* the real dbm call */
+    db = dbopen(dbname, flags, mode, type, &dbs_hashInfo);
+    if (db == NULL) {
+        goto loser;
+    }
+    dbs->internal = (void *)db;
+    dbs->type = type;
+    dbs->close = dbs_close;
+    dbs->get = dbs_get;
+    dbs->del = dbs_del;
+    dbs->put = dbs_put;
+    dbs->seq = dbs_seq;
+    dbs->sync = dbs_sync;
+    dbs->fd = dbs_fd;
+
+    return dbs;
+loser:
+    if (db) {
+        (*db->close)(db);
+    }
+    if (dbsp->blobdir) {
+        PORT_Free(dbsp->blobdir);
+    }
+    PORT_Free(dbsp);
+    return NULL;
+}
diff --git a/nss/lib/softoken/legacydb/keydb.c b/nss/lib/softoken/legacydb/keydb.c
new file mode 100644
index 0000000..178e333
--- /dev/null
+++ b/nss/lib/softoken/legacydb/keydb.c
@@ -0,0 +1,2250 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "lowkeyi.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secoid.h"
+#include "blapi.h"
+#include "secitem.h"
+#include "pcert.h"
+#include "mcom_db.h"
+#include "secerr.h"
+
+#include "keydbi.h"
+#include "lgdb.h"
+
+/*
+ * Record keys for keydb
+ */
+#define SALT_STRING "global-salt"
+#define VERSION_STRING "Version"
+#define KEYDB_PW_CHECK_STRING "password-check"
+#define KEYDB_PW_CHECK_LEN 14
+#define KEYDB_FAKE_PW_CHECK_STRING "fake-password-check"
+#define KEYDB_FAKE_PW_CHECK_LEN 19
+
+/* Size of the global salt for key database */
+#define SALT_LENGTH 16
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSLOWKEYEncryptedPrivateKeyInfo) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSLOWKEYEncryptedPrivateKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSLOWKEYEncryptedPrivateKeyInfo, encryptedData) },
+    { 0 }
+};
+
+const SEC_ASN1Template nsslowkey_PointerToEncryptedPrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_POINTER, 0, nsslowkey_EncryptedPrivateKeyInfoTemplate }
+};
+
+/* ====== Default key databse encryption algorithm ====== */
+static void
+sec_destroy_dbkey(NSSLOWKEYDBKey *dbkey)
+{
+    if (dbkey && dbkey->arena) {
+        PORT_FreeArena(dbkey->arena, PR_FALSE);
+    }
+}
+
+static void
+free_dbt(DBT *dbt)
+{
+    if (dbt) {
+        PORT_Free(dbt->data);
+        PORT_Free(dbt);
+    }
+
+    return;
+}
+
+static int keydb_Get(NSSLOWKEYDBHandle *db, DBT *key, DBT *data,
+                     unsigned int flags);
+static int keydb_Put(NSSLOWKEYDBHandle *db, DBT *key, DBT *data,
+                     unsigned int flags);
+static int keydb_Sync(NSSLOWKEYDBHandle *db, unsigned int flags);
+static int keydb_Del(NSSLOWKEYDBHandle *db, DBT *key, unsigned int flags);
+static int keydb_Seq(NSSLOWKEYDBHandle *db, DBT *key, DBT *data,
+                     unsigned int flags);
+static void keydb_Close(NSSLOWKEYDBHandle *db);
+
+/*
+ * format of key database entries for version 3 of database:
+ *  byte offset field
+ *  ----------- -----
+ *  0       version
+ *  1       salt-len
+ *  2       nn-len
+ *  3..     salt-data
+ *  ...     nickname
+ *  ...     encrypted-key-data
+ */
+static DBT *
+encode_dbkey(NSSLOWKEYDBKey *dbkey, unsigned char version)
+{
+    DBT *bufitem = NULL;
+    unsigned char *buf;
+    int nnlen;
+    char *nn;
+
+    bufitem = (DBT *)PORT_ZAlloc(sizeof(DBT));
+    if (bufitem == NULL) {
+        goto loser;
+    }
+
+    if (dbkey->nickname) {
+        nn = dbkey->nickname;
+        nnlen = PORT_Strlen(nn) + 1;
+    } else {
+        nn = "";
+        nnlen = 1;
+    }
+
+    /* compute the length of the record */
+    /* 1 + 1 + 1 == version number header + salt length + nn len */
+    bufitem->size = dbkey->salt.len + nnlen + dbkey->derPK.len + 1 + 1 + 1;
+
+    bufitem->data = (void *)PORT_ZAlloc(bufitem->size);
+    if (bufitem->data == NULL) {
+        goto loser;
+    }
+
+    buf = (unsigned char *)bufitem->data;
+
+    /* set version number */
+    buf[0] = version;
+
+    /* set length of salt */
+    PORT_Assert(dbkey->salt.len < 256);
+    buf[1] = dbkey->salt.len;
+
+    /* set length of nickname */
+    PORT_Assert(nnlen < 256);
+    buf[2] = nnlen;
+
+    /* copy salt */
+    if (dbkey->salt.len > 0) {
+        PORT_Memcpy(&buf[3], dbkey->salt.data, dbkey->salt.len);
+    }
+
+    /* copy nickname */
+    PORT_Memcpy(&buf[3 + dbkey->salt.len], nn, nnlen);
+
+    /* copy encrypted key */
+    PORT_Memcpy(&buf[3 + dbkey->salt.len + nnlen], dbkey->derPK.data,
+                dbkey->derPK.len);
+
+    return (bufitem);
+
+loser:
+    if (bufitem) {
+        free_dbt(bufitem);
+    }
+
+    return (NULL);
+}
+
+static NSSLOWKEYDBKey *
+decode_dbkey(DBT *bufitem, int expectedVersion)
+{
+    NSSLOWKEYDBKey *dbkey;
+    PLArenaPool *arena = NULL;
+    unsigned char *buf;
+    int version;
+    int keyoff;
+    int nnlen;
+    int saltoff;
+
+    buf = (unsigned char *)bufitem->data;
+
+    version = buf[0];
+
+    if (version != expectedVersion) {
+        goto loser;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    dbkey = (NSSLOWKEYDBKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYDBKey));
+    if (dbkey == NULL) {
+        goto loser;
+    }
+
+    dbkey->arena = arena;
+    dbkey->salt.data = NULL;
+    dbkey->derPK.data = NULL;
+
+    dbkey->salt.len = buf[1];
+    dbkey->salt.data = (unsigned char *)PORT_ArenaZAlloc(arena, dbkey->salt.len);
+    if (dbkey->salt.data == NULL) {
+        goto loser;
+    }
+
+    saltoff = 2;
+    keyoff = 2 + dbkey->salt.len;
+
+    if (expectedVersion >= 3) {
+        nnlen = buf[2];
+        if (nnlen) {
+            dbkey->nickname = (char *)PORT_ArenaZAlloc(arena, nnlen + 1);
+            if (dbkey->nickname) {
+                PORT_Memcpy(dbkey->nickname, &buf[keyoff + 1], nnlen);
+            }
+        }
+        keyoff += (nnlen + 1);
+        saltoff = 3;
+    }
+
+    PORT_Memcpy(dbkey->salt.data, &buf[saltoff], dbkey->salt.len);
+
+    dbkey->derPK.len = bufitem->size - keyoff;
+    dbkey->derPK.data = (unsigned char *)PORT_ArenaZAlloc(arena, dbkey->derPK.len);
+    if (dbkey->derPK.data == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(dbkey->derPK.data, &buf[keyoff], dbkey->derPK.len);
+
+    return (dbkey);
+
+loser:
+
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+static NSSLOWKEYDBKey *
+get_dbkey(NSSLOWKEYDBHandle *handle, DBT *index)
+{
+    NSSLOWKEYDBKey *dbkey;
+    DBT entry;
+    int ret;
+
+    /* get it from the database */
+    ret = keydb_Get(handle, index, &entry, 0);
+    if (ret) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return NULL;
+    }
+
+    /* set up dbkey struct */
+
+    dbkey = decode_dbkey(&entry, handle->version);
+
+    return (dbkey);
+}
+
+static SECStatus
+put_dbkey(NSSLOWKEYDBHandle *handle, DBT *index, NSSLOWKEYDBKey *dbkey, PRBool update)
+{
+    DBT *keydata = NULL;
+    int status;
+
+    keydata = encode_dbkey(dbkey, handle->version);
+    if (keydata == NULL) {
+        goto loser;
+    }
+
+    /* put it in the database */
+    if (update) {
+        status = keydb_Put(handle, index, keydata, 0);
+    } else {
+        status = keydb_Put(handle, index, keydata, R_NOOVERWRITE);
+    }
+
+    if (status) {
+        goto loser;
+    }
+
+    /* sync the database */
+    status = keydb_Sync(handle, 0);
+    if (status) {
+        goto loser;
+    }
+
+    free_dbt(keydata);
+    return (SECSuccess);
+
+loser:
+    if (keydata) {
+        free_dbt(keydata);
+    }
+
+    return (SECFailure);
+}
+
+SECStatus
+nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle,
+                       SECStatus (*keyfunc)(DBT *k, DBT *d, void *pdata),
+                       void *udata)
+{
+    DBT data;
+    DBT key;
+    SECStatus status;
+    int ret;
+
+    if (handle == NULL) {
+        return (SECFailure);
+    }
+
+    ret = keydb_Seq(handle, &key, &data, R_FIRST);
+    if (ret) {
+        return (SECFailure);
+    }
+
+    do {
+        /* skip version record */
+        if (data.size > 1) {
+            if (key.size == (sizeof(SALT_STRING) - 1)) {
+                if (PORT_Memcmp(key.data, SALT_STRING, key.size) == 0) {
+                    continue;
+                }
+            }
+
+            /* skip password check */
+            if (key.size == KEYDB_PW_CHECK_LEN) {
+                if (PORT_Memcmp(key.data, KEYDB_PW_CHECK_STRING,
+                                KEYDB_PW_CHECK_LEN) == 0) {
+                    continue;
+                }
+            }
+
+            status = (*keyfunc)(&key, &data, udata);
+            if (status != SECSuccess) {
+                return (status);
+            }
+        }
+    } while (keydb_Seq(handle, &key, &data, R_NEXT) == 0);
+
+    return (SECSuccess);
+}
+
+#ifdef notdef
+typedef struct keyNode {
+    struct keyNode *next;
+    DBT key;
+} keyNode;
+
+typedef struct {
+    PLArenaPool *arena;
+    keyNode *head;
+} keyList;
+
+static SECStatus
+sec_add_key_to_list(DBT *key, DBT *data, void *arg)
+{
+    keyList *keylist;
+    keyNode *node;
+    void *keydata;
+
+    keylist = (keyList *)arg;
+
+    /* allocate the node struct */
+    node = (keyNode *)PORT_ArenaZAlloc(keylist->arena, sizeof(keyNode));
+    if (node == NULL) {
+        return (SECFailure);
+    }
+
+    /* allocate room for key data */
+    keydata = PORT_ArenaZAlloc(keylist->arena, key->size);
+    if (keydata == NULL) {
+        return (SECFailure);
+    }
+
+    /* link node into list */
+    node->next = keylist->head;
+    keylist->head = node;
+
+    /* copy key into node */
+    PORT_Memcpy(keydata, key->data, key->size);
+    node->key.size = key->size;
+    node->key.data = keydata;
+
+    return (SECSuccess);
+}
+#endif
+
+static SECItem *
+decodeKeyDBGlobalSalt(DBT *saltData)
+{
+    SECItem *saltitem;
+
+    saltitem = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (saltitem == NULL) {
+        return (NULL);
+    }
+
+    saltitem->data = (unsigned char *)PORT_ZAlloc(saltData->size);
+    if (saltitem->data == NULL) {
+        PORT_Free(saltitem);
+        return (NULL);
+    }
+
+    saltitem->len = saltData->size;
+    PORT_Memcpy(saltitem->data, saltData->data, saltitem->len);
+
+    return (saltitem);
+}
+
+static SECItem *
+GetKeyDBGlobalSalt(NSSLOWKEYDBHandle *handle)
+{
+    DBT saltKey;
+    DBT saltData;
+    int ret;
+
+    saltKey.data = SALT_STRING;
+    saltKey.size = sizeof(SALT_STRING) - 1;
+
+    ret = keydb_Get(handle, &saltKey, &saltData, 0);
+    if (ret) {
+        return (NULL);
+    }
+
+    return (decodeKeyDBGlobalSalt(&saltData));
+}
+
+static SECStatus
+StoreKeyDBGlobalSalt(NSSLOWKEYDBHandle *handle, SECItem *salt)
+{
+    DBT saltKey;
+    DBT saltData;
+    int status;
+
+    saltKey.data = SALT_STRING;
+    saltKey.size = sizeof(SALT_STRING) - 1;
+
+    saltData.data = (void *)salt->data;
+    saltData.size = salt->len;
+
+    /* put global salt into the database now */
+    status = keydb_Put(handle, &saltKey, &saltData, 0);
+    if (status) {
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+makeGlobalVersion(NSSLOWKEYDBHandle *handle)
+{
+    unsigned char version;
+    DBT versionData;
+    DBT versionKey;
+    int status;
+
+    version = NSSLOWKEY_DB_FILE_VERSION;
+    versionData.data = &version;
+    versionData.size = 1;
+    versionKey.data = VERSION_STRING;
+    versionKey.size = sizeof(VERSION_STRING) - 1;
+
+    /* put version string into the database now */
+    status = keydb_Put(handle, &versionKey, &versionData, 0);
+    if (status) {
+        return (SECFailure);
+    }
+    handle->version = version;
+
+    return (SECSuccess);
+}
+
+static SECStatus
+makeGlobalSalt(NSSLOWKEYDBHandle *handle)
+{
+    DBT saltKey;
+    DBT saltData;
+    unsigned char saltbuf[16];
+    int status;
+
+    saltKey.data = SALT_STRING;
+    saltKey.size = sizeof(SALT_STRING) - 1;
+
+    saltData.data = (void *)saltbuf;
+    saltData.size = sizeof(saltbuf);
+    RNG_GenerateGlobalRandomBytes(saltbuf, sizeof(saltbuf));
+
+    /* put global salt into the database now */
+    status = keydb_Put(handle, &saltKey, &saltData, 0);
+    if (status) {
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
+                   SECItem *encCheck);
+
+static unsigned char
+nsslowkey_version(NSSLOWKEYDBHandle *handle)
+{
+    DBT versionKey;
+    DBT versionData;
+    int ret;
+    versionKey.data = VERSION_STRING;
+    versionKey.size = sizeof(VERSION_STRING) - 1;
+
+    if (handle->db == NULL) {
+        return 255;
+    }
+
+    /* lookup version string in database */
+    ret = keydb_Get(handle, &versionKey, &versionData, 0);
+
+    /* error accessing the database */
+    if (ret < 0) {
+        return 255;
+    }
+
+    if (ret >= 1) {
+        return 0;
+    }
+    return *((unsigned char *)versionData.data);
+}
+
+static PRBool
+seckey_HasAServerKey(NSSLOWKEYDBHandle *handle)
+{
+    DBT key;
+    DBT data;
+    int ret;
+    PRBool found = PR_FALSE;
+
+    ret = keydb_Seq(handle, &key, &data, R_FIRST);
+    if (ret) {
+        return PR_FALSE;
+    }
+
+    do {
+        /* skip version record */
+        if (data.size > 1) {
+            /* skip salt */
+            if (key.size == (sizeof(SALT_STRING) - 1)) {
+                if (PORT_Memcmp(key.data, SALT_STRING, key.size) == 0) {
+                    continue;
+                }
+            }
+            /* skip pw check entry */
+            if (key.size == KEYDB_PW_CHECK_LEN) {
+                if (PORT_Memcmp(key.data, KEYDB_PW_CHECK_STRING,
+                                KEYDB_PW_CHECK_LEN) == 0) {
+                    continue;
+                }
+            }
+
+            /* keys stored by nickname will have 0 as the last byte of the
+             * db key.  Other keys must be stored by modulus.  We will not
+             * update those because they are left over from a keygen that
+             * never resulted in a cert.
+             */
+            if (((unsigned char *)key.data)[key.size - 1] != 0) {
+                continue;
+            }
+
+            if (PORT_Strcmp(key.data, "Server-Key") == 0) {
+                found = PR_TRUE;
+                break;
+            }
+        }
+    } while (keydb_Seq(handle, &key, &data, R_NEXT) == 0);
+
+    return found;
+}
+
+/* forward declare local create function */
+static NSSLOWKEYDBHandle *nsslowkey_NewHandle(DB *dbHandle);
+
+/*
+ * currently updates key database from v2 to v3
+ */
+static SECStatus
+nsslowkey_UpdateKeyDBPass1(NSSLOWKEYDBHandle *handle)
+{
+    SECStatus rv;
+    DBT checkKey;
+    DBT checkData;
+    DBT saltKey;
+    DBT saltData;
+    DBT key;
+    DBT data;
+    unsigned char version;
+    NSSLOWKEYDBKey *dbkey = NULL;
+    NSSLOWKEYDBHandle *update = NULL;
+    SECItem *oldSalt = NULL;
+    int ret;
+    SECItem checkitem;
+
+    if (handle->updatedb == NULL) {
+        return SECSuccess;
+    }
+
+    /* create a full DB Handle for our update so we
+     * can use the correct locks for the db primatives */
+    update = nsslowkey_NewHandle(handle->updatedb);
+    if (update == NULL) {
+        return SECSuccess;
+    }
+
+    /* update has now inherited the database handle */
+    handle->updatedb = NULL;
+
+    /*
+     * check the version record
+     */
+    version = nsslowkey_version(update);
+    if (version != 2) {
+        goto done;
+    }
+
+    saltKey.data = SALT_STRING;
+    saltKey.size = sizeof(SALT_STRING) - 1;
+
+    ret = keydb_Get(update, &saltKey, &saltData, 0);
+    if (ret) {
+        /* no salt in old db, so it is corrupted */
+        goto done;
+    }
+
+    oldSalt = decodeKeyDBGlobalSalt(&saltData);
+    if (oldSalt == NULL) {
+        /* bad salt in old db, so it is corrupted */
+        goto done;
+    }
+
+    /*
+     * look for a pw check entry
+     */
+    checkKey.data = KEYDB_PW_CHECK_STRING;
+    checkKey.size = KEYDB_PW_CHECK_LEN;
+
+    ret = keydb_Get(update, &checkKey, &checkData, 0);
+    if (ret) {
+        /*
+     * if we have a key, but no KEYDB_PW_CHECK_STRING, then this must
+     * be an old server database, and it does have a password associated
+     * with it. Put a fake entry in so we can identify this db when we do
+     * get the password for it.
+     */
+        if (seckey_HasAServerKey(update)) {
+            DBT fcheckKey;
+            DBT fcheckData;
+
+            /*
+         * include a fake string
+         */
+            fcheckKey.data = KEYDB_FAKE_PW_CHECK_STRING;
+            fcheckKey.size = KEYDB_FAKE_PW_CHECK_LEN;
+            fcheckData.data = "1";
+            fcheckData.size = 1;
+            /* put global salt into the new database now */
+            ret = keydb_Put(handle, &saltKey, &saltData, 0);
+            if (ret) {
+                goto done;
+            }
+            ret = keydb_Put(handle, &fcheckKey, &fcheckData, 0);
+            if (ret) {
+                goto done;
+            }
+        } else {
+            goto done;
+        }
+    } else {
+        /* put global salt into the new database now */
+        ret = keydb_Put(handle, &saltKey, &saltData, 0);
+        if (ret) {
+            goto done;
+        }
+
+        dbkey = decode_dbkey(&checkData, 2);
+        if (dbkey == NULL) {
+            goto done;
+        }
+        checkitem = dbkey->derPK;
+        dbkey->derPK.data = NULL;
+
+        /* format the new pw check entry */
+        rv = encodePWCheckEntry(NULL, &dbkey->derPK, SEC_OID_RC4, &checkitem);
+        if (rv != SECSuccess) {
+            goto done;
+        }
+
+        rv = put_dbkey(handle, &checkKey, dbkey, PR_TRUE);
+        if (rv != SECSuccess) {
+            goto done;
+        }
+
+        /* free the dbkey */
+        sec_destroy_dbkey(dbkey);
+        dbkey = NULL;
+    }
+
+    /* now traverse the database */
+    ret = keydb_Seq(update, &key, &data, R_FIRST);
+    if (ret) {
+        goto done;
+    }
+
+    do {
+        /* skip version record */
+        if (data.size > 1) {
+            /* skip salt */
+            if (key.size == (sizeof(SALT_STRING) - 1)) {
+                if (PORT_Memcmp(key.data, SALT_STRING, key.size) == 0) {
+                    continue;
+                }
+            }
+            /* skip pw check entry */
+            if (key.size == checkKey.size) {
+                if (PORT_Memcmp(key.data, checkKey.data, key.size) == 0) {
+                    continue;
+                }
+            }
+
+            /* keys stored by nickname will have 0 as the last byte of the
+             * db key.  Other keys must be stored by modulus.  We will not
+             * update those because they are left over from a keygen that
+             * never resulted in a cert.
+             */
+            if (((unsigned char *)key.data)[key.size - 1] != 0) {
+                continue;
+            }
+
+            dbkey = decode_dbkey(&data, 2);
+            if (dbkey == NULL) {
+                continue;
+            }
+
+            /* This puts the key into the new database with the same
+             * index (nickname) that it had before.  The second pass
+             * of the update will have the password.  It will decrypt
+             * and re-encrypt the entries using a new algorithm.
+             */
+            dbkey->nickname = (char *)key.data;
+            rv = put_dbkey(handle, &key, dbkey, PR_FALSE);
+            dbkey->nickname = NULL;
+
+            sec_destroy_dbkey(dbkey);
+        }
+    } while (keydb_Seq(update, &key, &data, R_NEXT) == 0);
+
+    dbkey = NULL;
+
+done:
+    /* sync the database */
+    ret = keydb_Sync(handle, 0);
+
+    nsslowkey_CloseKeyDB(update);
+
+    if (oldSalt) {
+        SECITEM_FreeItem(oldSalt, PR_TRUE);
+    }
+
+    if (dbkey) {
+        sec_destroy_dbkey(dbkey);
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+openNewDB(const char *appName, const char *prefix, const char *dbname,
+          NSSLOWKEYDBHandle *handle, NSSLOWKEYDBNameFunc namecb, void *cbarg)
+{
+    SECStatus rv = SECFailure;
+    int status = RDB_FAIL;
+    char *updname = NULL;
+    DB *updatedb = NULL;
+    PRBool updated = PR_FALSE;
+    int ret;
+
+    if (appName) {
+        handle->db = rdbopen(appName, prefix, "key", NO_CREATE, &status);
+    } else {
+        handle->db = dbopen(dbname, NO_CREATE, 0600, DB_HASH, 0);
+    }
+    /* if create fails then we lose */
+    if (handle->db == NULL) {
+        return (status == RDB_RETRY) ? SECWouldBlock : SECFailure;
+    }
+
+    /* force a transactional read, which will verify that one and only one
+     * process attempts the update. */
+    if (nsslowkey_version(handle) == NSSLOWKEY_DB_FILE_VERSION) {
+        /* someone else has already updated the database for us */
+        db_InitComplete(handle->db);
+        return SECSuccess;
+    }
+
+    /*
+     * if we are creating a multiaccess database, see if there is a
+     * local database we can update from.
+     */
+    if (appName) {
+        NSSLOWKEYDBHandle *updateHandle;
+        updatedb = dbopen(dbname, NO_RDONLY, 0600, DB_HASH, 0);
+        if (!updatedb) {
+            goto noupdate;
+        }
+
+        /* nsslowkey_version needs a full handle because it calls
+         * the kdb_Get() function, which needs to lock.
+         */
+        updateHandle = nsslowkey_NewHandle(updatedb);
+        if (!updateHandle) {
+            updatedb->close(updatedb);
+            goto noupdate;
+        }
+
+        handle->version = nsslowkey_version(updateHandle);
+        if (handle->version != NSSLOWKEY_DB_FILE_VERSION) {
+            nsslowkey_CloseKeyDB(updateHandle);
+            goto noupdate;
+        }
+
+        /* copy the new DB from the old one */
+        db_Copy(handle->db, updatedb);
+        nsslowkey_CloseKeyDB(updateHandle);
+        db_InitComplete(handle->db);
+        return SECSuccess;
+    }
+noupdate:
+
+    /* update the version number */
+    rv = makeGlobalVersion(handle);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * try to update from v2 db
+     */
+    updname = (*namecb)(cbarg, 2);
+    if (updname != NULL) {
+        handle->updatedb = dbopen(updname, NO_RDONLY, 0600, DB_HASH, 0);
+        PORT_Free(updname);
+
+        if (handle->updatedb) {
+            /*
+             * Try to update the db using a null password.  If the db
+             * doesn't have a password, then this will work.  If it does
+             * have a password, then this will fail and we will do the
+             * update later
+             */
+            rv = nsslowkey_UpdateKeyDBPass1(handle);
+            if (rv == SECSuccess) {
+                updated = PR_TRUE;
+            }
+        }
+    }
+
+    /* we are using the old salt if we updated from an old db */
+    if (!updated) {
+        rv = makeGlobalSalt(handle);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    /* sync the database */
+    ret = keydb_Sync(handle, 0);
+    if (ret) {
+        rv = SECFailure;
+        goto loser;
+    }
+    rv = SECSuccess;
+
+loser:
+    db_InitComplete(handle->db);
+    return rv;
+}
+
+static DB *
+openOldDB(const char *appName, const char *prefix, const char *dbname,
+          PRBool openflags)
+{
+    DB *db = NULL;
+
+    if (appName) {
+        db = rdbopen(appName, prefix, "key", openflags, NULL);
+    } else {
+        db = dbopen(dbname, openflags, 0600, DB_HASH, 0);
+    }
+
+    return db;
+}
+
+/* check for correct version number */
+static PRBool
+verifyVersion(NSSLOWKEYDBHandle *handle)
+{
+    int version = nsslowkey_version(handle);
+
+    handle->version = version;
+    if (version != NSSLOWKEY_DB_FILE_VERSION) {
+        if (handle->db) {
+            keydb_Close(handle);
+            handle->db = NULL;
+        }
+    }
+    return handle->db != NULL;
+}
+
+static NSSLOWKEYDBHandle *
+nsslowkey_NewHandle(DB *dbHandle)
+{
+    NSSLOWKEYDBHandle *handle;
+    handle = (NSSLOWKEYDBHandle *)PORT_ZAlloc(sizeof(NSSLOWKEYDBHandle));
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    handle->appname = NULL;
+    handle->dbname = NULL;
+    handle->global_salt = NULL;
+    handle->updatedb = NULL;
+    handle->db = dbHandle;
+    handle->ref = 1;
+    handle->lock = PZ_NewLock(nssILockKeyDB);
+
+    return handle;
+}
+
+NSSLOWKEYDBHandle *
+nsslowkey_OpenKeyDB(PRBool readOnly, const char *appName, const char *prefix,
+                    NSSLOWKEYDBNameFunc namecb, void *cbarg)
+{
+    NSSLOWKEYDBHandle *handle = NULL;
+    SECStatus rv;
+    int openflags;
+    char *dbname = NULL;
+
+    handle = nsslowkey_NewHandle(NULL);
+
+    openflags = readOnly ? NO_RDONLY : NO_RDWR;
+
+    dbname = (*namecb)(cbarg, NSSLOWKEY_DB_FILE_VERSION);
+    if (dbname == NULL) {
+        goto loser;
+    }
+    handle->appname = appName ? PORT_Strdup(appName) : NULL;
+    handle->dbname = (appName == NULL) ? PORT_Strdup(dbname) : (prefix ? PORT_Strdup(prefix) : NULL);
+    handle->readOnly = readOnly;
+
+    handle->db = openOldDB(appName, prefix, dbname, openflags);
+    if (handle->db) {
+        verifyVersion(handle);
+        if (handle->version == 255) {
+            goto loser;
+        }
+    }
+
+    /* if first open fails, try to create a new DB */
+    if (handle->db == NULL) {
+        if (readOnly) {
+            goto loser;
+        }
+
+        rv = openNewDB(appName, prefix, dbname, handle, namecb, cbarg);
+        /* two processes started to initialize the database at the same time.
+         * The multiprocess code blocked the second one, then had it retry to
+         * see if it can just open the database normally */
+        if (rv == SECWouldBlock) {
+            handle->db = openOldDB(appName, prefix, dbname, openflags);
+            verifyVersion(handle);
+            if (handle->db == NULL) {
+                goto loser;
+            }
+        } else if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    handle->global_salt = GetKeyDBGlobalSalt(handle);
+    if (dbname)
+        PORT_Free(dbname);
+    return handle;
+
+loser:
+
+    if (dbname)
+        PORT_Free(dbname);
+    PORT_SetError(SEC_ERROR_BAD_DATABASE);
+    nsslowkey_CloseKeyDB(handle);
+    return NULL;
+}
+
+/*
+ * Close the database
+ */
+void
+nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle)
+{
+    if (handle != NULL) {
+        if (handle->db != NULL) {
+            keydb_Close(handle);
+        }
+        if (handle->updatedb) {
+            handle->updatedb->close(handle->updatedb);
+        }
+        if (handle->dbname)
+            PORT_Free(handle->dbname);
+        if (handle->appname)
+            PORT_Free(handle->appname);
+        if (handle->global_salt) {
+            SECITEM_FreeItem(handle->global_salt, PR_TRUE);
+        }
+        if (handle->lock != NULL) {
+            SKIP_AFTER_FORK(PZ_DestroyLock(handle->lock));
+        }
+
+        PORT_Free(handle);
+    }
+}
+
+/* Get the key database version */
+int
+nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle)
+{
+    PORT_Assert(handle != NULL);
+
+    return handle->version;
+}
+
+/*
+ * Delete a private key that was stored in the database
+ */
+SECStatus
+nsslowkey_DeleteKey(NSSLOWKEYDBHandle *handle, const SECItem *pubkey)
+{
+    DBT namekey;
+    int ret;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
+    }
+
+    /* set up db key and data */
+    namekey.data = pubkey->data;
+    namekey.size = pubkey->len;
+
+    /* delete it from the database */
+    ret = keydb_Del(handle, &namekey, 0);
+    if (ret) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
+    }
+
+    /* sync the database */
+    ret = keydb_Sync(handle, 0);
+    if (ret) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+/*
+ * Store a key in the database, indexed by its public key modulus.(value!)
+ */
+SECStatus
+nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle,
+                              NSSLOWKEYPrivateKey *privkey,
+                              SECItem *pubKeyData,
+                              char *nickname,
+                              SDB *sdb)
+{
+    return nsslowkey_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData,
+                                            nickname, sdb, PR_FALSE);
+}
+
+SECStatus
+nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle,
+                         NSSLOWKEYPrivateKey *privkey,
+                         SECItem *pubKeyData,
+                         char *nickname,
+                         SDB *sdb)
+{
+    return nsslowkey_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData,
+                                            nickname, sdb, PR_TRUE);
+}
+
+/* see if the symetric CKA_ID already Exists.
+ */
+PRBool
+nsslowkey_KeyForIDExists(NSSLOWKEYDBHandle *handle, SECItem *id)
+{
+    DBT namekey;
+    DBT dummy;
+    int status;
+
+    namekey.data = (char *)id->data;
+    namekey.size = id->len;
+    status = keydb_Get(handle, &namekey, &dummy, 0);
+    if (status) {
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+/* see if the public key for this cert is in the database filed
+ * by modulus
+ */
+PRBool
+nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cert)
+{
+    NSSLOWKEYPublicKey *pubkey = NULL;
+    DBT namekey;
+    DBT dummy;
+    int status;
+
+    /* get cert's public key */
+    pubkey = nsslowcert_ExtractPublicKey(cert);
+    if (pubkey == NULL) {
+        return PR_FALSE;
+    }
+
+    /* TNH - make key from NSSLOWKEYPublicKey */
+    switch (pubkey->keyType) {
+        case NSSLOWKEYRSAKey:
+            namekey.data = pubkey->u.rsa.modulus.data;
+            namekey.size = pubkey->u.rsa.modulus.len;
+            break;
+        case NSSLOWKEYDSAKey:
+            namekey.data = pubkey->u.dsa.publicValue.data;
+            namekey.size = pubkey->u.dsa.publicValue.len;
+            break;
+        case NSSLOWKEYDHKey:
+            namekey.data = pubkey->u.dh.publicValue.data;
+            namekey.size = pubkey->u.dh.publicValue.len;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            namekey.data = pubkey->u.ec.publicValue.data;
+            namekey.size = pubkey->u.ec.publicValue.len;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            /* XXX We don't do Fortezza or DH yet. */
+            return PR_FALSE;
+    }
+
+    if (handle->version != 3) {
+        unsigned char buf[SHA1_LENGTH];
+        SHA1_HashBuf(buf, namekey.data, namekey.size);
+        /* NOTE: don't use pubkey after this! it's now thrashed */
+        PORT_Memcpy(namekey.data, buf, sizeof(buf));
+        namekey.size = sizeof(buf);
+    }
+
+    status = keydb_Get(handle, &namekey, &dummy, 0);
+    /* some databases have the key stored as a signed value */
+    if (status) {
+        unsigned char *buf = (unsigned char *)PORT_Alloc(namekey.size + 1);
+        if (buf) {
+            PORT_Memcpy(&buf[1], namekey.data, namekey.size);
+            buf[0] = 0;
+            namekey.data = buf;
+            namekey.size++;
+            status = keydb_Get(handle, &namekey, &dummy, 0);
+            PORT_Free(buf);
+        }
+    }
+    lg_nsslowkey_DestroyPublicKey(pubkey);
+    if (status) {
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+typedef struct NSSLowPasswordDataParamStr {
+    SECItem salt;
+    SECItem iter;
+} NSSLowPasswordDataParam;
+
+static const SEC_ASN1Template NSSLOWPasswordParamTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLowPasswordDataParam) },
+      { SEC_ASN1_OCTET_STRING, offsetof(NSSLowPasswordDataParam, salt) },
+      { SEC_ASN1_INTEGER, offsetof(NSSLowPasswordDataParam, iter) },
+      { 0 }
+    };
+struct LGEncryptedDataInfoStr {
+    SECAlgorithmID algorithm;
+    SECItem encryptedData;
+};
+typedef struct LGEncryptedDataInfoStr LGEncryptedDataInfo;
+
+const SEC_ASN1Template lg_EncryptedDataInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(LGEncryptedDataInfo) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(LGEncryptedDataInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(LGEncryptedDataInfo, encryptedData) },
+    { 0 }
+};
+
+static SECItem *
+nsslowkey_EncodePW(SECOidTag alg, const SECItem *salt, SECItem *data)
+{
+    NSSLowPasswordDataParam param;
+    LGEncryptedDataInfo edi;
+    PLArenaPool *arena;
+    unsigned char one = 1;
+    SECItem *epw = NULL;
+    SECItem *encParam;
+    SECStatus rv;
+
+    param.salt = *salt;
+    param.iter.type = siBuffer; /* encode as signed integer */
+    param.iter.data = &one;
+    param.iter.len = 1;
+    edi.encryptedData = *data;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    encParam = SEC_ASN1EncodeItem(arena, NULL, &param,
+                                  NSSLOWPasswordParamTemplate);
+    if (encParam == NULL) {
+        goto loser;
+    }
+    rv = SECOID_SetAlgorithmID(arena, &edi.algorithm, alg, encParam);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    epw = SEC_ASN1EncodeItem(NULL, NULL, &edi, lg_EncryptedDataInfoTemplate);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return epw;
+}
+
+static SECItem *
+nsslowkey_DecodePW(const SECItem *derData, SECOidTag *alg, SECItem *salt)
+{
+    NSSLowPasswordDataParam param;
+    LGEncryptedDataInfo edi;
+    PLArenaPool *arena;
+    SECItem *pwe = NULL;
+    SECStatus rv;
+
+    salt->data = NULL;
+    param.iter.type = siBuffer; /* decode as signed integer */
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    rv = SEC_QuickDERDecodeItem(arena, &edi, lg_EncryptedDataInfoTemplate,
+                                derData);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    *alg = SECOID_GetAlgorithmTag(&edi.algorithm);
+    rv = SEC_QuickDERDecodeItem(arena, &param, NSSLOWPasswordParamTemplate,
+                                &edi.algorithm.parameters);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(NULL, salt, &param.salt);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    pwe = SECITEM_DupItem(&edi.encryptedData);
+
+loser:
+    if (!pwe && salt->data) {
+        PORT_Free(salt->data);
+        salt->data = NULL;
+    }
+    PORT_FreeArena(arena, PR_FALSE);
+    return pwe;
+}
+
+/*
+ * check to see if the user has a password
+ */
+static SECStatus
+nsslowkey_GetPWCheckEntry(NSSLOWKEYDBHandle *handle, NSSLOWKEYPasswordEntry *entry)
+{
+    DBT checkkey; /*, checkdata; */
+    NSSLOWKEYDBKey *dbkey = NULL;
+    SECItem *global_salt = NULL;
+    SECItem *item = NULL;
+    SECItem entryData, oid;
+    SECItem none = { siBuffer, NULL, 0 };
+    SECStatus rv = SECFailure;
+    SECOidTag algorithm;
+
+    if (handle == NULL) {
+        /* PORT_SetError */
+        return (SECFailure);
+    }
+
+    global_salt = GetKeyDBGlobalSalt(handle);
+    if (!global_salt) {
+        global_salt = &none;
+    }
+    if (global_salt->len > sizeof(entry->data)) {
+        /* PORT_SetError */
+        goto loser;
+    }
+
+    PORT_Memcpy(entry->data, global_salt->data, global_salt->len);
+    entry->salt.data = entry->data;
+    entry->salt.len = global_salt->len;
+    entry->value.data = &entry->data[entry->salt.len];
+
+    checkkey.data = KEYDB_PW_CHECK_STRING;
+    checkkey.size = KEYDB_PW_CHECK_LEN;
+    dbkey = get_dbkey(handle, &checkkey);
+    if (dbkey == NULL) {
+        /* handle 'FAKE' check here */
+        goto loser;
+    }
+
+    oid.len = dbkey->derPK.data[0];
+    oid.data = &dbkey->derPK.data[1];
+
+    if (dbkey->derPK.len < (KEYDB_PW_CHECK_LEN + 1 + oid.len)) {
+        goto loser;
+    }
+    algorithm = SECOID_FindOIDTag(&oid);
+    entryData.type = siBuffer;
+    entryData.len = dbkey->derPK.len - (oid.len + 1);
+    entryData.data = &dbkey->derPK.data[oid.len + 1];
+
+    item = nsslowkey_EncodePW(algorithm, &dbkey->salt, &entryData);
+    if (!item || (item->len + entry->salt.len) > sizeof(entry->data)) {
+        goto loser;
+    }
+    PORT_Memcpy(entry->value.data, item->data, item->len);
+    entry->value.len = item->len;
+    rv = SECSuccess;
+
+loser:
+    if (item) {
+        SECITEM_FreeItem(item, PR_TRUE);
+    }
+    if (dbkey) {
+        sec_destroy_dbkey(dbkey);
+    }
+    if (global_salt != &none) {
+        SECITEM_FreeItem(global_salt, PR_TRUE);
+    }
+    return rv;
+}
+
+/*
+ * check to see if the user has a password
+ */
+static SECStatus
+nsslowkey_PutPWCheckEntry(NSSLOWKEYDBHandle *handle, NSSLOWKEYPasswordEntry *entry)
+{
+    DBT checkkey;
+    NSSLOWKEYDBKey *dbkey = NULL;
+    SECItem *item = NULL;
+    SECItem salt;
+    SECOidTag algid = SEC_OID_UNKNOWN;
+    SECStatus rv = SECFailure;
+    PLArenaPool *arena;
+    int ret;
+
+    if (handle == NULL) {
+        /* PORT_SetError */
+        return (SECFailure);
+    }
+
+    checkkey.data = KEYDB_PW_CHECK_STRING;
+    checkkey.size = KEYDB_PW_CHECK_LEN;
+
+    salt.data = NULL;
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return SECFailure;
+    }
+
+    item = nsslowkey_DecodePW(&entry->value, &algid, &salt);
+    if (item == NULL) {
+        goto loser;
+    }
+
+    dbkey = PORT_ArenaZNew(arena, NSSLOWKEYDBKey);
+    if (dbkey == NULL) {
+        goto loser;
+    }
+
+    dbkey->arena = arena;
+
+    rv = SECITEM_CopyItem(arena, &dbkey->salt, &salt);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = encodePWCheckEntry(arena, &dbkey->derPK, algid, item);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = put_dbkey(handle, &checkkey, dbkey, PR_TRUE);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (handle->global_salt) {
+        SECITEM_FreeItem(handle->global_salt, PR_TRUE);
+        handle->global_salt = NULL;
+    }
+    rv = StoreKeyDBGlobalSalt(handle, &entry->salt);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    ret = keydb_Sync(handle, 0);
+    if (ret) {
+        rv = SECFailure;
+        goto loser;
+    }
+    handle->global_salt = GetKeyDBGlobalSalt(handle);
+
+loser:
+    if (item) {
+        SECITEM_FreeItem(item, PR_TRUE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    if (salt.data) {
+        PORT_Free(salt.data);
+    }
+    return rv;
+}
+
+#ifdef EC_DEBUG
+#define SEC_PRINT(str1, str2, num, sitem)             \
+    printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
+           str1, str2, num, sitem->len);              \
+    for (i = 0; i < sitem->len; i++) {                \
+        printf("%02x:", sitem->data[i]);              \
+    }                                                 \
+    printf("\n")
+#else
+#define SEC_PRINT(a, b, c, d)
+#endif /* EC_DEBUG */
+
+SECStatus
+seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
+                           SDB *sdbpw, SECItem *result)
+{
+    NSSLOWKEYPrivateKeyInfo *pki = NULL;
+    SECStatus rv = SECFailure;
+    PLArenaPool *temparena = NULL;
+    SECItem *der_item = NULL;
+    SECItem *cipherText = NULL;
+    SECItem *dummy = NULL;
+#ifndef NSS_DISABLE_ECC
+#ifdef EC_DEBUG
+    SECItem *fordebug = NULL;
+#endif
+    int savelen;
+#endif
+
+    temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (temparena == NULL)
+        goto loser;
+
+    /* allocate structures */
+    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
+                                                      sizeof(NSSLOWKEYPrivateKeyInfo));
+    der_item = (SECItem *)PORT_ArenaZAlloc(temparena, sizeof(SECItem));
+    if ((pki == NULL) || (der_item == NULL))
+        goto loser;
+
+    /* setup private key info */
+    dummy = SEC_ASN1EncodeInteger(temparena, &(pki->version),
+                                  NSSLOWKEY_PRIVATE_KEY_INFO_VERSION);
+    if (dummy == NULL)
+        goto loser;
+
+    /* Encode the key, and set the algorithm (with params) */
+    switch (pk->keyType) {
+        case NSSLOWKEYRSAKey:
+            lg_prepare_low_rsa_priv_key_for_asn1(pk);
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_RSAPrivateKeyTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
+            if (rv == SECFailure) {
+                goto loser;
+            }
+
+            break;
+        case NSSLOWKEYDSAKey:
+            lg_prepare_low_dsa_priv_key_for_asn1(pk);
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_DSAPrivateKeyTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            lg_prepare_low_pqg_params_for_asn1(&pk->u.dsa.params);
+            dummy = SEC_ASN1EncodeItem(temparena, NULL, &pk->u.dsa.params,
+                                       lg_nsslowkey_PQGParamsTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_ANSIX9_DSA_SIGNATURE, dummy);
+            if (rv == SECFailure) {
+                goto loser;
+            }
+
+            break;
+        case NSSLOWKEYDHKey:
+            lg_prepare_low_dh_priv_key_for_asn1(pk);
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_DHPrivateKeyTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_X942_DIFFIE_HELMAN_KEY, dummy);
+            if (rv == SECFailure) {
+                goto loser;
+            }
+            break;
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            lg_prepare_low_ec_priv_key_for_asn1(pk);
+            /* Public value is encoded as a bit string so adjust length
+             * to be in bits before ASN encoding and readjust
+             * immediately after.
+             *
+             * Since the SECG specification recommends not including the
+             * parameters as part of ECPrivateKey, we zero out the curveOID
+             * length before encoding and restore it later.
+             */
+            pk->u.ec.publicValue.len <<= 3;
+            savelen = pk->u.ec.ecParams.curveOID.len;
+            pk->u.ec.ecParams.curveOID.len = 0;
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_ECPrivateKeyTemplate);
+            pk->u.ec.ecParams.curveOID.len = savelen;
+            pk->u.ec.publicValue.len >>= 3;
+
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            dummy = &pk->u.ec.ecParams.DEREncoding;
+
+            /* At this point dummy should contain the encoded params */
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_ANSIX962_EC_PUBLIC_KEY, dummy);
+
+            if (rv == SECFailure) {
+                goto loser;
+            }
+
+#ifdef EC_DEBUG
+            fordebug = &(pki->privateKey);
+            SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey",
+                      pk->keyType, fordebug);
+#endif
+
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            /* We don't support DH or Fortezza private keys yet */
+            PORT_Assert(PR_FALSE);
+            break;
+    }
+
+    /* setup encrypted private key info */
+    dummy = SEC_ASN1EncodeItem(temparena, der_item, pki,
+                               lg_nsslowkey_PrivateKeyInfoTemplate);
+
+    SEC_PRINT("seckey_encrypt_private_key()", "PrivateKeyInfo",
+              pk->keyType, der_item);
+
+    if (dummy == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = lg_util_encrypt(temparena, sdbpw, dummy, &cipherText);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(permarena, result, cipherText);
+
+loser:
+
+    if (temparena != NULL)
+        PORT_FreeArena(temparena, PR_TRUE);
+
+    return rv;
+}
+
+static SECStatus
+seckey_put_private_key(NSSLOWKEYDBHandle *keydb, DBT *index, SDB *sdbpw,
+                       NSSLOWKEYPrivateKey *pk, char *nickname, PRBool update)
+{
+    NSSLOWKEYDBKey *dbkey = NULL;
+    PLArenaPool *arena = NULL;
+    SECStatus rv = SECFailure;
+
+    if ((keydb == NULL) || (index == NULL) || (sdbpw == NULL) ||
+        (pk == NULL))
+        return SECFailure;
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL)
+        return SECFailure;
+
+    dbkey = (NSSLOWKEYDBKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYDBKey));
+    if (dbkey == NULL)
+        goto loser;
+    dbkey->arena = arena;
+    dbkey->nickname = nickname;
+
+    rv = seckey_encrypt_private_key(arena, pk, sdbpw, &dbkey->derPK);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = put_dbkey(keydb, index, dbkey, update);
+
+/* let success fall through */
+loser:
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_TRUE);
+
+    return rv;
+}
+
+/*
+ * Store a key in the database, indexed by its public key modulus.
+ * Note that the nickname is optional.  It was only used by keyutil.
+ */
+SECStatus
+nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle,
+                                 NSSLOWKEYPrivateKey *privkey,
+                                 SECItem *pubKeyData,
+                                 char *nickname,
+                                 SDB *sdbpw,
+                                 PRBool update)
+{
+    DBT namekey;
+    SECStatus rv;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
+    }
+
+    /* set up db key and data */
+    namekey.data = pubKeyData->data;
+    namekey.size = pubKeyData->len;
+
+    /* encrypt the private key */
+    rv = seckey_put_private_key(handle, &namekey, sdbpw, privkey, nickname,
+                                update);
+
+    return (rv);
+}
+
+static NSSLOWKEYPrivateKey *
+seckey_decrypt_private_key(SECItem *epki,
+                           SDB *sdbpw)
+{
+    NSSLOWKEYPrivateKey *pk = NULL;
+    NSSLOWKEYPrivateKeyInfo *pki = NULL;
+    SECStatus rv = SECFailure;
+    PLArenaPool *temparena = NULL, *permarena = NULL;
+    SECItem *dest = NULL;
+#ifdef EC_DEBUG
+    SECItem *fordebug = NULL;
+#endif
+
+    if ((epki == NULL) || (sdbpw == NULL))
+        goto loser;
+
+    temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    permarena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if ((temparena == NULL) || (permarena == NULL))
+        goto loser;
+
+    /* allocate temporary items */
+    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
+                                                      sizeof(NSSLOWKEYPrivateKeyInfo));
+
+    /* allocate permanent arena items */
+    pk = (NSSLOWKEYPrivateKey *)PORT_ArenaZAlloc(permarena,
+                                                 sizeof(NSSLOWKEYPrivateKey));
+
+    if ((pk == NULL) || (pki == NULL))
+        goto loser;
+
+    pk->arena = permarena;
+
+    rv = lg_util_decrypt(sdbpw, epki, &dest);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (dest != NULL) {
+        SECItem newPrivateKey;
+        SECItem newAlgParms;
+
+        SEC_PRINT("seckey_decrypt_private_key()", "PrivateKeyInfo", -1,
+                  dest);
+
+        rv = SEC_QuickDERDecodeItem(temparena, pki,
+                                    lg_nsslowkey_PrivateKeyInfoTemplate, dest);
+        if (rv == SECSuccess) {
+            switch (SECOID_GetAlgorithmTag(&pki->algorithm)) {
+                case SEC_OID_X500_RSA_ENCRYPTION:
+                case SEC_OID_PKCS1_RSA_ENCRYPTION:
+                    pk->keyType = NSSLOWKEYRSAKey;
+                    lg_prepare_low_rsa_priv_key_for_asn1(pk);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_RSAPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    if (rv == SECSuccess) {
+                        break;
+                    }
+                    /* Try decoding with the alternative template, but only allow
+                     * a zero-length modulus for a secret key object.
+                     * See bug 715073.
+                     */
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_RSAPrivateKeyTemplate2,
+                                                &newPrivateKey);
+                    /* A publicExponent of 0 is the defining property of a secret
+                     * key disguised as an RSA key. When decoding with the
+                     * alternative template, only accept a secret key with an
+                     * improperly encoded modulus and a publicExponent of 0.
+                     */
+                    if (rv == SECSuccess) {
+                        if (pk->u.rsa.modulus.len == 2 &&
+                            pk->u.rsa.modulus.data[0] == SEC_ASN1_INTEGER &&
+                            pk->u.rsa.modulus.data[1] == 0 &&
+                            pk->u.rsa.publicExponent.len == 1 &&
+                            pk->u.rsa.publicExponent.data[0] == 0) {
+                            /* Fix the zero-length integer by setting it to 0. */
+                            pk->u.rsa.modulus.data = pk->u.rsa.publicExponent.data;
+                            pk->u.rsa.modulus.len = pk->u.rsa.publicExponent.len;
+                        } else {
+                            PORT_SetError(SEC_ERROR_BAD_DER);
+                            rv = SECFailure;
+                        }
+                    }
+                    break;
+                case SEC_OID_ANSIX9_DSA_SIGNATURE:
+                    pk->keyType = NSSLOWKEYDSAKey;
+                    lg_prepare_low_dsa_priv_key_for_asn1(pk);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_DSAPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    if (rv != SECSuccess)
+                        goto loser;
+                    lg_prepare_low_pqg_params_for_asn1(&pk->u.dsa.params);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newAlgParms,
+                                                       &pki->algorithm.parameters))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, &pk->u.dsa.params,
+                                                lg_nsslowkey_PQGParamsTemplate,
+                                                &newAlgParms);
+                    break;
+                case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+                    pk->keyType = NSSLOWKEYDHKey;
+                    lg_prepare_low_dh_priv_key_for_asn1(pk);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_DHPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    break;
+#ifndef NSS_DISABLE_ECC
+                case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+                    pk->keyType = NSSLOWKEYECKey;
+                    lg_prepare_low_ec_priv_key_for_asn1(pk);
+
+#ifdef EC_DEBUG
+                    fordebug = &pki->privateKey;
+                    SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey",
+                              pk->keyType, fordebug);
+#endif
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_ECPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    if (rv != SECSuccess)
+                        goto loser;
+
+                    lg_prepare_low_ecparams_for_asn1(&pk->u.ec.ecParams);
+
+                    rv = SECITEM_CopyItem(permarena,
+                                          &pk->u.ec.ecParams.DEREncoding,
+                                          &pki->algorithm.parameters);
+
+                    if (rv != SECSuccess)
+                        goto loser;
+
+                    /* Fill out the rest of EC params */
+                    rv = LGEC_FillParams(permarena, &pk->u.ec.ecParams.DEREncoding,
+                                         &pk->u.ec.ecParams);
+
+                    if (rv != SECSuccess)
+                        goto loser;
+
+                    if (pk->u.ec.publicValue.len != 0) {
+                        pk->u.ec.publicValue.len >>= 3;
+                    }
+
+                    break;
+#endif /* NSS_DISABLE_ECC */
+                default:
+                    rv = SECFailure;
+                    break;
+            }
+        } else if (PORT_GetError() == SEC_ERROR_BAD_DER) {
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            goto loser;
+        }
+    }
+
+/* let success fall through */
+loser:
+    if (temparena != NULL)
+        PORT_FreeArena(temparena, PR_TRUE);
+    if (dest != NULL)
+        SECITEM_ZfreeItem(dest, PR_TRUE);
+
+    if (rv != SECSuccess) {
+        if (permarena != NULL)
+            PORT_FreeArena(permarena, PR_TRUE);
+        pk = NULL;
+    }
+
+    return pk;
+}
+
+static NSSLOWKEYPrivateKey *
+seckey_decode_encrypted_private_key(NSSLOWKEYDBKey *dbkey, SDB *sdbpw)
+{
+    if ((dbkey == NULL) || (sdbpw == NULL)) {
+        return NULL;
+    }
+
+    return seckey_decrypt_private_key(&(dbkey->derPK), sdbpw);
+}
+
+static NSSLOWKEYPrivateKey *
+seckey_get_private_key(NSSLOWKEYDBHandle *keydb, DBT *index, char **nickname,
+                       SDB *sdbpw)
+{
+    NSSLOWKEYDBKey *dbkey = NULL;
+    NSSLOWKEYPrivateKey *pk = NULL;
+
+    if ((keydb == NULL) || (index == NULL) || (sdbpw == NULL)) {
+        return NULL;
+    }
+
+    dbkey = get_dbkey(keydb, index);
+    if (dbkey == NULL) {
+        goto loser;
+    }
+
+    if (nickname) {
+        if (dbkey->nickname && (dbkey->nickname[0] != 0)) {
+            *nickname = PORT_Strdup(dbkey->nickname);
+        } else {
+            *nickname = NULL;
+        }
+    }
+
+    pk = seckey_decode_encrypted_private_key(dbkey, sdbpw);
+
+/* let success fall through */
+loser:
+
+    if (dbkey != NULL) {
+        sec_destroy_dbkey(dbkey);
+    }
+
+    return pk;
+}
+
+/*
+ * Find a key in the database, indexed by its public key modulus
+ * This is used to find keys that have been stored before their
+ * certificate arrives.  Once the certificate arrives the key
+ * is looked up by the public modulus in the certificate, and the
+ * re-stored by its nickname.
+ */
+NSSLOWKEYPrivateKey *
+nsslowkey_FindKeyByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus,
+                             SDB *sdbpw)
+{
+    DBT namekey;
+    NSSLOWKEYPrivateKey *pk = NULL;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return NULL;
+    }
+
+    /* set up db key */
+    namekey.data = modulus->data;
+    namekey.size = modulus->len;
+
+    pk = seckey_get_private_key(handle, &namekey, NULL, sdbpw);
+
+    /* no need to free dbkey, since its on the stack, and the data it
+     * points to is owned by the database
+     */
+    return (pk);
+}
+
+char *
+nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
+                                     SECItem *modulus, SDB *sdbpw)
+{
+    DBT namekey;
+    NSSLOWKEYPrivateKey *pk = NULL;
+    char *nickname = NULL;
+
+    if (handle == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return NULL;
+    }
+
+    /* set up db key */
+    namekey.data = modulus->data;
+    namekey.size = modulus->len;
+
+    pk = seckey_get_private_key(handle, &namekey, &nickname, sdbpw);
+    if (pk) {
+        lg_nsslowkey_DestroyPrivateKey(pk);
+    }
+
+    /* no need to free dbkey, since its on the stack, and the data it
+     * points to is owned by the database
+     */
+    return (nickname);
+}
+/* ===== ENCODING ROUTINES ===== */
+
+static SECStatus
+encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
+                   SECItem *encCheck)
+{
+    SECOidData *oidData;
+
+    oidData = SECOID_FindOIDByTag(alg);
+    if (oidData == NULL) {
+        return SECFailure;
+    }
+
+    entry->len = 1 + oidData->oid.len + encCheck->len;
+    if (arena) {
+        entry->data = (unsigned char *)PORT_ArenaAlloc(arena, entry->len);
+    } else {
+        entry->data = (unsigned char *)PORT_Alloc(entry->len);
+    }
+
+    if (entry->data == NULL) {
+        return SECFailure;
+    }
+
+    /* first length of oid */
+    entry->data[0] = (unsigned char)oidData->oid.len;
+    /* next oid itself */
+    PORT_Memcpy(&entry->data[1], oidData->oid.data, oidData->oid.len);
+    /* finally the encrypted check string */
+    PORT_Memcpy(&entry->data[1 + oidData->oid.len], encCheck->data,
+                encCheck->len);
+
+    return SECSuccess;
+}
+
+#define MAX_DB_SIZE 0xffff
+/*
+ * Clear out all the keys in the existing database
+ */
+static SECStatus
+nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle)
+{
+    SECStatus rv;
+    int errors = 0;
+
+    if (handle->db == NULL) {
+        return (SECSuccess);
+    }
+
+    if (handle->readOnly) {
+        /* set an error code */
+        return SECFailure;
+    }
+
+    if (handle->appname == NULL && handle->dbname == NULL) {
+        return SECFailure;
+    }
+
+    keydb_Close(handle);
+    if (handle->appname) {
+        handle->db =
+            rdbopen(handle->appname, handle->dbname, "key", NO_CREATE, NULL);
+    } else {
+        handle->db = dbopen(handle->dbname, NO_CREATE, 0600, DB_HASH, 0);
+    }
+    if (handle->db == NULL) {
+        /* set an error code */
+        return SECFailure;
+    }
+
+    rv = makeGlobalVersion(handle);
+    if (rv != SECSuccess) {
+        errors++;
+        goto done;
+    }
+
+    if (handle->global_salt) {
+        rv = StoreKeyDBGlobalSalt(handle, handle->global_salt);
+    } else {
+        rv = makeGlobalSalt(handle);
+        if (rv == SECSuccess) {
+            handle->global_salt = GetKeyDBGlobalSalt(handle);
+        }
+    }
+    if (rv != SECSuccess) {
+        errors++;
+    }
+
+done:
+    /* sync the database */
+    (void)keydb_Sync(handle, 0);
+    db_InitComplete(handle->db);
+
+    return (errors == 0 ? SECSuccess : SECFailure);
+}
+
+static int
+keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
+{
+    int ret;
+    PRLock *kdbLock = kdb->lock;
+    DB *db = kdb->db;
+
+    PORT_Assert(kdbLock != NULL);
+    PZ_Lock(kdbLock);
+
+    ret = (*db->get)(db, key, data, flags);
+
+    (void)PZ_Unlock(kdbLock);
+
+    return (ret);
+}
+
+static int
+keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
+{
+    int ret = 0;
+    PRLock *kdbLock = kdb->lock;
+    DB *db = kdb->db;
+
+    PORT_Assert(kdbLock != NULL);
+    PZ_Lock(kdbLock);
+
+    ret = (*db->put)(db, key, data, flags);
+
+    (void)PZ_Unlock(kdbLock);
+
+    return (ret);
+}
+
+static int
+keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags)
+{
+    int ret;
+    PRLock *kdbLock = kdb->lock;
+    DB *db = kdb->db;
+
+    PORT_Assert(kdbLock != NULL);
+    PZ_Lock(kdbLock);
+
+    ret = (*db->sync)(db, flags);
+
+    (void)PZ_Unlock(kdbLock);
+
+    return (ret);
+}
+
+static int
+keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags)
+{
+    int ret;
+    PRLock *kdbLock = kdb->lock;
+    DB *db = kdb->db;
+
+    PORT_Assert(kdbLock != NULL);
+    PZ_Lock(kdbLock);
+
+    ret = (*db->del)(db, key, flags);
+
+    (void)PZ_Unlock(kdbLock);
+
+    return (ret);
+}
+
+static int
+keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
+{
+    int ret;
+    PRLock *kdbLock = kdb->lock;
+    DB *db = kdb->db;
+
+    PORT_Assert(kdbLock != NULL);
+    PZ_Lock(kdbLock);
+
+    ret = (*db->seq)(db, key, data, flags);
+
+    (void)PZ_Unlock(kdbLock);
+
+    return (ret);
+}
+
+static void
+keydb_Close(NSSLOWKEYDBHandle *kdb)
+{
+    PRLock *kdbLock = kdb->lock;
+    DB *db = kdb->db;
+
+    PORT_Assert(kdbLock != NULL);
+    SKIP_AFTER_FORK(PZ_Lock(kdbLock));
+
+    (*db->close)(db);
+
+    SKIP_AFTER_FORK(PZ_Unlock(kdbLock));
+
+    return;
+}
+
+/*
+ * SDB Entry Points for the Key DB
+ */
+
+CK_RV
+lg_GetMetaData(SDB *sdb, const char *id, SECItem *item1, SECItem *item2)
+{
+    NSSLOWKEYDBHandle *keydb;
+    NSSLOWKEYPasswordEntry entry;
+    SECStatus rv;
+
+    keydb = lg_getKeyDB(sdb);
+    if (keydb == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+    if (PORT_Strcmp(id, "password") != 0) {
+        /* shouldn't happen */
+        return CKR_GENERAL_ERROR; /* no extra data stored */
+    }
+    rv = nsslowkey_GetPWCheckEntry(keydb, &entry);
+    if (rv != SECSuccess) {
+        return CKR_GENERAL_ERROR;
+    }
+    item1->len = entry.salt.len;
+    PORT_Memcpy(item1->data, entry.salt.data, item1->len);
+    item2->len = entry.value.len;
+    PORT_Memcpy(item2->data, entry.value.data, item2->len);
+    return CKR_OK;
+}
+
+CK_RV
+lg_PutMetaData(SDB *sdb, const char *id,
+               const SECItem *item1, const SECItem *item2)
+{
+    NSSLOWKEYDBHandle *keydb;
+    NSSLOWKEYPasswordEntry entry;
+    SECStatus rv;
+
+    keydb = lg_getKeyDB(sdb);
+    if (keydb == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+    if (PORT_Strcmp(id, "password") != 0) {
+        /* shouldn't happen */
+        return CKR_GENERAL_ERROR; /* no extra data stored */
+    }
+    entry.salt = *item1;
+    entry.value = *item2;
+    rv = nsslowkey_PutPWCheckEntry(keydb, &entry);
+    if (rv != SECSuccess) {
+        return CKR_GENERAL_ERROR;
+    }
+    return CKR_OK;
+}
+
+CK_RV
+lg_Reset(SDB *sdb)
+{
+    NSSLOWKEYDBHandle *keydb;
+    SECStatus rv;
+
+    keydb = lg_getKeyDB(sdb);
+    if (keydb == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+    rv = nsslowkey_ResetKeyDB(keydb);
+    if (rv != SECSuccess) {
+        return CKR_GENERAL_ERROR;
+    }
+    return CKR_OK;
+}
diff --git a/nss/lib/softoken/legacydb/keydbi.h b/nss/lib/softoken/legacydb/keydbi.h
new file mode 100644
index 0000000..783c98e
--- /dev/null
+++ b/nss/lib/softoken/legacydb/keydbi.h
@@ -0,0 +1,52 @@
+/*
+ * private.h - Private data structures for the software token library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _KEYDBI_H_
+#define _KEYDBI_H_
+
+#include "nspr.h"
+#include "seccomon.h"
+#include "mcom_db.h"
+
+/*
+ * Handle structure for open key databases
+ */
+struct NSSLOWKEYDBHandleStr {
+    DB *db;
+    DB *updatedb;         /* used when updating an old version */
+    SECItem *global_salt; /* password hashing salt for this db */
+    int version;          /* version of the database */
+    char *appname;        /* multiaccess app name */
+    char *dbname;         /* name of the openned DB */
+    PRBool readOnly;      /* is the DB read only */
+    PRLock *lock;
+    PRInt32 ref; /* reference count */
+};
+
+/*
+** Typedef for callback for traversing key database.
+**      "key" is the key used to index the data in the database (nickname)
+**      "data" is the key data
+**      "pdata" is the user's data
+*/
+typedef SECStatus (*NSSLOWKEYTraverseKeysFunc)(DBT *key, DBT *data, void *pdata);
+
+SEC_BEGIN_PROTOS
+
+/*
+** Traverse the entire key database, and pass the nicknames and keys to a
+** user supplied function.
+**      "f" is the user function to call for each key
+**      "udata" is the user's data, which is passed through to "f"
+*/
+extern SECStatus nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle,
+                                        NSSLOWKEYTraverseKeysFunc f,
+                                        void *udata);
+
+SEC_END_PROTOS
+
+#endif /* _KEYDBI_H_ */
diff --git a/nss/lib/softoken/legacydb/legacydb.gyp b/nss/lib/softoken/legacydb/legacydb.gyp
new file mode 100644
index 0000000..6431fb5
--- /dev/null
+++ b/nss/lib/softoken/legacydb/legacydb.gyp
@@ -0,0 +1,66 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nssdbm',
+      'type': 'static_library',
+      'sources': [
+        'dbmshim.c',
+        'keydb.c',
+        'lgattr.c',
+        'lgcreate.c',
+        'lgdestroy.c',
+        'lgfind.c',
+        'lgfips.c',
+        'lginit.c',
+        'lgutil.c',
+        'lowcert.c',
+        'lowkey.c',
+        'pcertdb.c',
+        'pk11db.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+        '<(DEPTH)/lib/dbm/src/src.gyp:dbm'
+      ]
+    },
+    {
+      'target_name': 'nssdbm3',
+      'type': 'shared_library',
+      'dependencies': [
+        'nssdbm'
+      ],
+      'conditions': [
+        [ 'moz_fold_libs==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/util/util.gyp:nssutil3',
+          ],
+        }, {
+          'libraries': [
+            '<(moz_folded_library_name)',
+          ],
+        }],
+      ],
+      'variables': {
+        'mapfile': 'nssdbm.def'
+      }
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+      'SHLIB_PREFIX=\"<(dll_prefix)\"',
+      'LG_LIB_NAME=\"libnssdbm3.so\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/softoken/legacydb/lgattr.c b/nss/lib/softoken/legacydb/lgattr.c
new file mode 100644
index 0000000..5c2cbdb
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lgattr.c
@@ -0,0 +1,1792 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal PKCS #11 functions. Should only be called by pkcs11.c
+ */
+#include "pkcs11.h"
+#include "lgdb.h"
+
+#include "pcertt.h"
+#include "lowkeyi.h"
+#include "pcert.h"
+#include "blapi.h"
+#include "secerr.h"
+#include "secasn1.h"
+
+/*
+ * Cache the object we are working on during Set's and Get's
+ */
+typedef struct LGObjectCacheStr {
+    CK_OBJECT_CLASS objclass;
+    CK_OBJECT_HANDLE handle;
+    SDB *sdb;
+    void *objectInfo;
+    LGFreeFunc infoFree;
+    SECItem dbKey;
+} LGObjectCache;
+
+static const CK_OBJECT_HANDLE lg_classArray[] = {
+    0, CKO_PRIVATE_KEY, CKO_PUBLIC_KEY, CKO_SECRET_KEY,
+    CKO_NSS_TRUST, CKO_NSS_CRL, CKO_NSS_SMIME,
+    CKO_CERTIFICATE
+};
+
+#define handleToClass(handle) \
+    lg_classArray[((handle & LG_TOKEN_TYPE_MASK)) >> LG_TOKEN_TYPE_SHIFT]
+
+static void lg_DestroyObjectCache(LGObjectCache *obj);
+
+static LGObjectCache *
+lg_NewObjectCache(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE handle)
+{
+    LGObjectCache *obj = NULL;
+    SECStatus rv;
+
+    obj = PORT_New(LGObjectCache);
+    if (obj == NULL) {
+        return NULL;
+    }
+
+    obj->objclass = handleToClass(handle);
+    obj->handle = handle;
+    obj->sdb = sdb;
+    obj->objectInfo = NULL;
+    obj->infoFree = NULL;
+    obj->dbKey.data = NULL;
+    obj->dbKey.len = 0;
+    lg_DBLock(sdb);
+    if (dbKey == NULL) {
+        dbKey = lg_lookupTokenKeyByHandle(sdb, handle);
+    }
+    if (dbKey == NULL) {
+        lg_DBUnlock(sdb);
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(NULL, &obj->dbKey, dbKey);
+    lg_DBUnlock(sdb);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return obj;
+loser:
+    (void)lg_DestroyObjectCache(obj);
+    return NULL;
+}
+
+/*
+ * free all the data associated with an object. Object reference count must
+ * be 'zero'.
+ */
+static void
+lg_DestroyObjectCache(LGObjectCache *obj)
+{
+    if (obj->dbKey.data) {
+        PORT_Free(obj->dbKey.data);
+        obj->dbKey.data = NULL;
+    }
+    if (obj->objectInfo) {
+        (*obj->infoFree)(obj->objectInfo);
+        obj->objectInfo = NULL;
+        obj->infoFree = NULL;
+    }
+    PORT_Free(obj);
+}
+/*
+ * ******************** Attribute Utilities *******************************
+ */
+
+static CK_RV
+lg_ULongAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type, CK_ULONG value)
+{
+    unsigned char *data;
+    int i;
+
+    if (attr->pValue == NULL) {
+        attr->ulValueLen = 4;
+        return CKR_OK;
+    }
+    if (attr->ulValueLen < 4) {
+        attr->ulValueLen = (CK_ULONG)-1;
+        return CKR_BUFFER_TOO_SMALL;
+    }
+
+    data = (unsigned char *)attr->pValue;
+    for (i = 0; i < 4; i++) {
+        data[i] = (value >> ((3 - i) * 8)) & 0xff;
+    }
+    attr->ulValueLen = 4;
+    return CKR_OK;
+}
+
+static CK_RV
+lg_CopyAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type,
+                 CK_VOID_PTR value, CK_ULONG len)
+{
+
+    if (attr->pValue == NULL) {
+        attr->ulValueLen = len;
+        return CKR_OK;
+    }
+    if (attr->ulValueLen < len) {
+        attr->ulValueLen = (CK_ULONG)-1;
+        return CKR_BUFFER_TOO_SMALL;
+    }
+    if (value != NULL) {
+        PORT_Memcpy(attr->pValue, value, len);
+    }
+    attr->ulValueLen = len;
+    return CKR_OK;
+}
+
+static CK_RV
+lg_CopyAttributeSigned(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type,
+                       void *value, CK_ULONG len)
+{
+    unsigned char *dval = (unsigned char *)value;
+    if (*dval == 0) {
+        dval++;
+        len--;
+    }
+    return lg_CopyAttribute(attribute, type, dval, len);
+}
+
+static CK_RV
+lg_CopyPrivAttribute(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type,
+                     void *value, CK_ULONG len, SDB *sdbpw)
+{
+    SECItem plainText, *cipherText = NULL;
+    CK_RV crv = CKR_USER_NOT_LOGGED_IN;
+    SECStatus rv;
+
+    plainText.data = value;
+    plainText.len = len;
+    rv = lg_util_encrypt(NULL, sdbpw, &plainText, &cipherText);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    crv = lg_CopyAttribute(attribute, type, cipherText->data, cipherText->len);
+loser:
+    if (cipherText) {
+        SECITEM_FreeItem(cipherText, PR_TRUE);
+    }
+    return crv;
+}
+
+static CK_RV
+lg_CopyPrivAttrSigned(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type,
+                      void *value, CK_ULONG len, SDB *sdbpw)
+{
+    unsigned char *dval = (unsigned char *)value;
+
+    if (*dval == 0) {
+        dval++;
+        len--;
+    }
+    return lg_CopyPrivAttribute(attribute, type, dval, len, sdbpw);
+}
+
+static CK_RV
+lg_invalidAttribute(CK_ATTRIBUTE *attr)
+{
+    attr->ulValueLen = (CK_ULONG)-1;
+    return CKR_ATTRIBUTE_TYPE_INVALID;
+}
+
+#define LG_DEF_ATTRIBUTE(value, len) \
+    {                                \
+        0, value, len                \
+    }
+
+#define LG_CLONE_ATTR(attribute, type, staticAttr) \
+    lg_CopyAttribute(attribute, type, staticAttr.pValue, staticAttr.ulValueLen)
+
+CK_BBOOL lg_staticTrueValue = CK_TRUE;
+CK_BBOOL lg_staticFalseValue = CK_FALSE;
+static const CK_ATTRIBUTE lg_StaticTrueAttr =
+    LG_DEF_ATTRIBUTE(&lg_staticTrueValue, sizeof(lg_staticTrueValue));
+static const CK_ATTRIBUTE lg_StaticFalseAttr =
+    LG_DEF_ATTRIBUTE(&lg_staticFalseValue, sizeof(lg_staticFalseValue));
+static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL, 0);
+char lg_StaticOneValue = 1;
+
+/*
+ * helper functions which get the database and call the underlying
+ * low level database function.
+ */
+static char *
+lg_FindKeyNicknameByPublicKey(SDB *sdb, SECItem *dbKey)
+{
+    NSSLOWKEYDBHandle *keyHandle;
+    char *label;
+
+    keyHandle = lg_getKeyDB(sdb);
+    if (!keyHandle) {
+        return NULL;
+    }
+
+    label = nsslowkey_FindKeyNicknameByPublicKey(keyHandle, dbKey,
+                                                 sdb);
+    return label;
+}
+
+NSSLOWKEYPrivateKey *
+lg_FindKeyByPublicKey(SDB *sdb, SECItem *dbKey)
+{
+    NSSLOWKEYPrivateKey *privKey;
+    NSSLOWKEYDBHandle *keyHandle;
+
+    keyHandle = lg_getKeyDB(sdb);
+    if (keyHandle == NULL) {
+        return NULL;
+    }
+    privKey = nsslowkey_FindKeyByPublicKey(keyHandle, dbKey, sdb);
+    if (privKey == NULL) {
+        return NULL;
+    }
+    return privKey;
+}
+
+static certDBEntrySMime *
+lg_getSMime(LGObjectCache *obj)
+{
+    certDBEntrySMime *entry;
+    NSSLOWCERTCertDBHandle *certHandle;
+
+    if (obj->objclass != CKO_NSS_SMIME) {
+        return NULL;
+    }
+    if (obj->objectInfo) {
+        return (certDBEntrySMime *)obj->objectInfo;
+    }
+
+    certHandle = lg_getCertDB(obj->sdb);
+    if (!certHandle) {
+        return NULL;
+    }
+    entry = nsslowcert_ReadDBSMimeEntry(certHandle, (char *)obj->dbKey.data);
+    obj->objectInfo = (void *)entry;
+    obj->infoFree = (LGFreeFunc)nsslowcert_DestroyDBEntry;
+    return entry;
+}
+
+static certDBEntryRevocation *
+lg_getCrl(LGObjectCache *obj)
+{
+    certDBEntryRevocation *crl;
+    PRBool isKrl;
+    NSSLOWCERTCertDBHandle *certHandle;
+
+    if (obj->objclass != CKO_NSS_CRL) {
+        return NULL;
+    }
+    if (obj->objectInfo) {
+        return (certDBEntryRevocation *)obj->objectInfo;
+    }
+
+    isKrl = (PRBool)(obj->handle == LG_TOKEN_KRL_HANDLE);
+    certHandle = lg_getCertDB(obj->sdb);
+    if (!certHandle) {
+        return NULL;
+    }
+
+    crl = nsslowcert_FindCrlByKey(certHandle, &obj->dbKey, isKrl);
+    obj->objectInfo = (void *)crl;
+    obj->infoFree = (LGFreeFunc)nsslowcert_DestroyDBEntry;
+    return crl;
+}
+
+static NSSLOWCERTCertificate *
+lg_getCert(LGObjectCache *obj, NSSLOWCERTCertDBHandle *certHandle)
+{
+    NSSLOWCERTCertificate *cert;
+    CK_OBJECT_CLASS objClass = obj->objclass;
+
+    if ((objClass != CKO_CERTIFICATE) && (objClass != CKO_NSS_TRUST)) {
+        return NULL;
+    }
+    if (objClass == CKO_CERTIFICATE && obj->objectInfo) {
+        return (NSSLOWCERTCertificate *)obj->objectInfo;
+    }
+    cert = nsslowcert_FindCertByKey(certHandle, &obj->dbKey);
+    if (objClass == CKO_CERTIFICATE) {
+        obj->objectInfo = (void *)cert;
+        obj->infoFree = (LGFreeFunc)nsslowcert_DestroyCertificate;
+    }
+    return cert;
+}
+
+static NSSLOWCERTTrust *
+lg_getTrust(LGObjectCache *obj, NSSLOWCERTCertDBHandle *certHandle)
+{
+    NSSLOWCERTTrust *trust;
+
+    if (obj->objclass != CKO_NSS_TRUST) {
+        return NULL;
+    }
+    if (obj->objectInfo) {
+        return (NSSLOWCERTTrust *)obj->objectInfo;
+    }
+    trust = nsslowcert_FindTrustByKey(certHandle, &obj->dbKey);
+    obj->objectInfo = (void *)trust;
+    obj->infoFree = (LGFreeFunc)nsslowcert_DestroyTrust;
+    return trust;
+}
+
+static NSSLOWKEYPublicKey *
+lg_GetPublicKey(LGObjectCache *obj)
+{
+    NSSLOWKEYPublicKey *pubKey;
+    NSSLOWKEYPrivateKey *privKey;
+
+    if (obj->objclass != CKO_PUBLIC_KEY) {
+        return NULL;
+    }
+    if (obj->objectInfo) {
+        return (NSSLOWKEYPublicKey *)obj->objectInfo;
+    }
+    privKey = lg_FindKeyByPublicKey(obj->sdb, &obj->dbKey);
+    if (privKey == NULL) {
+        return NULL;
+    }
+    pubKey = lg_nsslowkey_ConvertToPublicKey(privKey);
+    lg_nsslowkey_DestroyPrivateKey(privKey);
+    obj->objectInfo = (void *)pubKey;
+    obj->infoFree = (LGFreeFunc)lg_nsslowkey_DestroyPublicKey;
+    return pubKey;
+}
+
+/*
+ * we need two versions of lg_GetPrivateKey. One version that takes the
+ * DB handle so we can pass the handle we have already acquired in,
+ *  rather than going through the 'getKeyDB' code again,
+ *  which may fail the second time and another which just aquires
+ *  the key handle from the sdb (where we don't already have a key handle.
+ * This version does the former.
+ */
+static NSSLOWKEYPrivateKey *
+lg_GetPrivateKeyWithDB(LGObjectCache *obj, NSSLOWKEYDBHandle *keyHandle)
+{
+    NSSLOWKEYPrivateKey *privKey;
+
+    if ((obj->objclass != CKO_PRIVATE_KEY) &&
+        (obj->objclass != CKO_SECRET_KEY)) {
+        return NULL;
+    }
+    if (obj->objectInfo) {
+        return (NSSLOWKEYPrivateKey *)obj->objectInfo;
+    }
+    privKey = nsslowkey_FindKeyByPublicKey(keyHandle, &obj->dbKey, obj->sdb);
+    if (privKey == NULL) {
+        return NULL;
+    }
+    obj->objectInfo = (void *)privKey;
+    obj->infoFree = (LGFreeFunc)lg_nsslowkey_DestroyPrivateKey;
+    return privKey;
+}
+
+/* this version does the latter */
+static NSSLOWKEYPrivateKey *
+lg_GetPrivateKey(LGObjectCache *obj)
+{
+    NSSLOWKEYDBHandle *keyHandle;
+    NSSLOWKEYPrivateKey *privKey;
+
+    keyHandle = lg_getKeyDB(obj->sdb);
+    if (!keyHandle) {
+        return NULL;
+    }
+    privKey = lg_GetPrivateKeyWithDB(obj, keyHandle);
+    return privKey;
+}
+
+/* lg_GetPubItem returns data associated with the public key.
+ * one only needs to free the public key. This comment is here
+ * because this sematic would be non-obvious otherwise. All callers
+ * should include this comment.
+ */
+static SECItem *
+lg_GetPubItem(NSSLOWKEYPublicKey *pubKey)
+{
+    SECItem *pubItem = NULL;
+    /* get value to compare from the cert's public key */
+    switch (pubKey->keyType) {
+        case NSSLOWKEYRSAKey:
+            pubItem = &pubKey->u.rsa.modulus;
+            break;
+        case NSSLOWKEYDSAKey:
+            pubItem = &pubKey->u.dsa.publicValue;
+            break;
+        case NSSLOWKEYDHKey:
+            pubItem = &pubKey->u.dh.publicValue;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            pubItem = &pubKey->u.ec.publicValue;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            break;
+    }
+    return pubItem;
+}
+
+static CK_RV
+lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
+                             CK_ATTRIBUTE *attribute)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_RSA;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.rsa.modulus.data, key->u.rsa.modulus.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_ENCRYPT:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_MODULUS:
+            return lg_CopyAttributeSigned(attribute, type, key->u.rsa.modulus.data,
+                                          key->u.rsa.modulus.len);
+        case CKA_PUBLIC_EXPONENT:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.rsa.publicExponent.data,
+                                          key->u.rsa.publicExponent.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindDSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
+                             CK_ATTRIBUTE *attribute)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_DSA;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dsa.publicValue.data,
+                         key->u.dsa.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VERIFY:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_VALUE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.publicValue.data,
+                                          key->u.dsa.publicValue.len);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.prime.data,
+                                          key->u.dsa.params.prime.len);
+        case CKA_SUBPRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.subPrime.data,
+                                          key->u.dsa.params.subPrime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.base.data,
+                                          key->u.dsa.params.base.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
+                            CK_ATTRIBUTE *attribute)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_DH;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dh.publicValue.data, key->u.dh.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_ENCRYPT:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VALUE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dh.publicValue.data,
+                                          key->u.dh.publicValue.len);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.prime.data,
+                                          key->u.dh.prime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.base.data,
+                                          key->u.dh.base.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+#ifndef NSS_DISABLE_ECC
+static CK_RV
+lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
+                            CK_ATTRIBUTE *attribute)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_EC;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.ec.publicValue.data,
+                         key->u.ec.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_VERIFY:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_ENCRYPT:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_EC_PARAMS:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.ec.ecParams.DEREncoding.data,
+                                          key->u.ec.ecParams.DEREncoding.len);
+        case CKA_EC_POINT:
+            if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
+                return lg_CopyAttributeSigned(attribute, type,
+                                              key->u.ec.publicValue.data,
+                                              key->u.ec.publicValue.len);
+            } else {
+                SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
+                                                       &(key->u.ec.publicValue),
+                                                       SEC_ASN1_GET(SEC_OctetStringTemplate));
+                CK_RV crv;
+                if (!pubValue) {
+                    return CKR_HOST_MEMORY;
+                }
+                crv = lg_CopyAttributeSigned(attribute, type,
+                                             pubValue->data,
+                                             pubValue->len);
+                SECITEM_FreeItem(pubValue, PR_TRUE);
+                return crv;
+            }
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+#endif /* NSS_DISABLE_ECC */
+
+static CK_RV
+lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                          CK_ATTRIBUTE *attribute)
+{
+    NSSLOWKEYPublicKey *key;
+    CK_RV crv;
+    char *label;
+
+    switch (type) {
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_NEVER_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_MODIFIABLE:
+        case CKA_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_SUBJECT:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_START_DATE:
+        case CKA_END_DATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_LABEL:
+            label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
+            if (label == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            crv = lg_CopyAttribute(attribute, type, label, PORT_Strlen(label));
+            PORT_Free(label);
+            return crv;
+        default:
+            break;
+    }
+
+    key = lg_GetPublicKey(obj);
+    if (key == NULL) {
+        if (type == CKA_ID) {
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        }
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    switch (key->keyType) {
+        case NSSLOWKEYRSAKey:
+            return lg_FindRSAPublicKeyAttribute(key, type, attribute);
+        case NSSLOWKEYDSAKey:
+            return lg_FindDSAPublicKeyAttribute(key, type, attribute);
+        case NSSLOWKEYDHKey:
+            return lg_FindDHPublicKeyAttribute(key, type, attribute);
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            return lg_FindECPublicKeyAttribute(key, type, attribute);
+#endif /* NSS_DISABLE_ECC */
+        default:
+            break;
+    }
+
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindSecretKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                          CK_ATTRIBUTE *attribute)
+{
+    NSSLOWKEYPrivateKey *key;
+    char *label;
+    unsigned char *keyString;
+    CK_RV crv;
+    int keyTypeLen;
+    CK_ULONG keyLen;
+    CK_KEY_TYPE keyType;
+    PRUint32 keyTypeStorage;
+
+    switch (type) {
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_EXTRACTABLE:
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_DECRYPT:
+        case CKA_SIGN:
+        case CKA_VERIFY:
+        case CKA_WRAP:
+        case CKA_UNWRAP:
+        case CKA_MODIFIABLE:
+        case CKA_LOCAL:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_NEVER_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_START_DATE:
+        case CKA_END_DATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_LABEL:
+            label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
+            if (label == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            crv = lg_CopyAttribute(attribute, type, label, PORT_Strlen(label));
+            PORT_Free(label);
+            return crv;
+        case CKA_ID:
+            return lg_CopyAttribute(attribute, type, obj->dbKey.data,
+                                    obj->dbKey.len);
+        case CKA_KEY_TYPE:
+        case CKA_VALUE_LEN:
+        case CKA_VALUE:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
+    }
+
+    key = lg_GetPrivateKey(obj);
+    if (key == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    switch (type) {
+        case CKA_KEY_TYPE:
+            /* handle legacy databases. In legacy databases key_type was stored
+             * in host order, with any leading zeros stripped off. Only key types
+             * under 0x1f (AES) were stored. We assume that any values which are
+             * either 1 byte long (big endian), or have byte[0] between 0 and
+             * 0x7f and bytes[1]-bytes[3] equal to '0' (little endian). All other
+             * values are assumed to be from the new database, which is always 4
+             * bytes in network order */
+            keyType = 0;
+            keyString = key->u.rsa.coefficient.data;
+            keyTypeLen = key->u.rsa.coefficient.len;
+
+            /*
+             * Because of various endian and word lengths The database may have
+             * stored the keyType value in one of the following formats:
+             *   (kt) <= 0x1f
+             *                                   length data
+             * Big Endian,     pre-3.9, all lengths: 1  (kt)
+             * Little Endian,  pre-3.9, 32 bits:     4  (kt) 0  0  0
+             * Little Endian,  pre-3.9, 64 bits:     8  (kt) 0  0  0   0  0  0  0
+             * All platforms,      3.9, 32 bits:     4    0  0  0 (kt)
+             * Big Endian,         3.9, 64 bits:     8    0  0  0 (kt) 0  0  0  0
+             * Little  Endian,     3.9, 64 bits:     8    0  0  0  0   0  0  0 (kt)
+             * All platforms, >= 3.9.1, all lengths: 4   (a) k1 k2 k3
+             * where (a) is 0 or >= 0x80. currently (a) can only be 0.
+             */
+            /*
+             * this key was written on a 64 bit platform with a using NSS 3.9
+             * or earlier. Reduce the 64 bit possibilities above. When we are
+             * through, we will only have:
+             *
+             * Big Endian,     pre-3.9, all lengths: 1  (kt)
+             * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+             * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
+             * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
+             */
+            if (keyTypeLen == 8) {
+                keyTypeStorage = *(PRUint32 *)keyString;
+                if (keyTypeStorage == 0) {
+                    keyString += sizeof(PRUint32);
+                }
+                keyTypeLen = 4;
+            }
+            /*
+             * Now Handle:
+             *
+             * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
+             * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
+             *
+             * NOTE: if  kt == 0 or ak1k2k3 == 0, the test fails and
+             * we handle it as:
+             *
+             * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+             */
+            if (keyTypeLen == sizeof(keyTypeStorage) &&
+                (((keyString[0] & 0x80) == 0x80) ||
+                 !((keyString[1] == 0) && (keyString[2] == 0) && (keyString[3] == 0)))) {
+                PORT_Memcpy(&keyTypeStorage, keyString, sizeof(keyTypeStorage));
+                keyType = (CK_KEY_TYPE)PR_ntohl(keyTypeStorage);
+            } else {
+                /*
+                 * Now Handle:
+                 *
+                 * Big Endian,     pre-3.9, all lengths: 1  (kt)
+                 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+                 *  -- KeyType == 0 all other cases ---: 4    0  0  0  0
+                 */
+                keyType = (CK_KEY_TYPE)keyString[0];
+            }
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_VALUE:
+            return lg_CopyPrivAttribute(attribute, type, key->u.rsa.privateExponent.data,
+                                        key->u.rsa.privateExponent.len, obj->sdb);
+        case CKA_VALUE_LEN:
+            keyLen = key->u.rsa.privateExponent.len;
+            return lg_ULongAttribute(attribute, type, keyLen);
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindRSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
+                              CK_ATTRIBUTE *attribute, SDB *sdbpw)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_RSA;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.rsa.modulus.data, key->u.rsa.modulus.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_DECRYPT:
+        case CKA_SIGN:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_MODULUS:
+            return lg_CopyAttributeSigned(attribute, type, key->u.rsa.modulus.data,
+                                          key->u.rsa.modulus.len);
+        case CKA_PUBLIC_EXPONENT:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.rsa.publicExponent.data,
+                                          key->u.rsa.publicExponent.len);
+        case CKA_PRIVATE_EXPONENT:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.privateExponent.data,
+                                         key->u.rsa.privateExponent.len, sdbpw);
+        case CKA_PRIME_1:
+            return lg_CopyPrivAttrSigned(attribute, type, key->u.rsa.prime1.data,
+                                         key->u.rsa.prime1.len, sdbpw);
+        case CKA_PRIME_2:
+            return lg_CopyPrivAttrSigned(attribute, type, key->u.rsa.prime2.data,
+                                         key->u.rsa.prime2.len, sdbpw);
+        case CKA_EXPONENT_1:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.exponent1.data,
+                                         key->u.rsa.exponent1.len, sdbpw);
+        case CKA_EXPONENT_2:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.exponent2.data,
+                                         key->u.rsa.exponent2.len, sdbpw);
+        case CKA_COEFFICIENT:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.coefficient.data,
+                                         key->u.rsa.coefficient.len, sdbpw);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindDSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
+                              CK_ATTRIBUTE *attribute, SDB *sdbpw)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_DSA;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dsa.publicValue.data,
+                         key->u.dsa.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_DECRYPT:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_SIGN:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_VALUE:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.dsa.privateValue.data,
+                                         key->u.dsa.privateValue.len, sdbpw);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.prime.data,
+                                          key->u.dsa.params.prime.len);
+        case CKA_SUBPRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.subPrime.data,
+                                          key->u.dsa.params.subPrime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.base.data,
+                                          key->u.dsa.params.base.len);
+        case CKA_NETSCAPE_DB:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.publicValue.data,
+                                          key->u.dsa.publicValue.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
+                             CK_ATTRIBUTE *attribute, SDB *sdbpw)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_DH;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dh.publicValue.data, key->u.dh.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_DECRYPT:
+        case CKA_SIGN:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VALUE:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.dh.privateValue.data,
+                                         key->u.dh.privateValue.len, sdbpw);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.prime.data,
+                                          key->u.dh.prime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.base.data,
+                                          key->u.dh.base.len);
+        case CKA_NETSCAPE_DB:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dh.publicValue.data,
+                                          key->u.dh.publicValue.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+#ifndef NSS_DISABLE_ECC
+static CK_RV
+lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
+                             CK_ATTRIBUTE *attribute, SDB *sdbpw)
+{
+    unsigned char hash[SHA1_LENGTH];
+    CK_KEY_TYPE keyType = CKK_EC;
+
+    switch (type) {
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.ec.publicValue.data, key->u.ec.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_SIGN:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_DECRYPT:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VALUE:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.ec.privateValue.data,
+                                         key->u.ec.privateValue.len, sdbpw);
+        case CKA_EC_PARAMS:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.ec.ecParams.DEREncoding.data,
+                                          key->u.ec.ecParams.DEREncoding.len);
+        case CKA_NETSCAPE_DB:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.ec.publicValue.data,
+                                          key->u.ec.publicValue.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+#endif /* NSS_DISABLE_ECC */
+
+static CK_RV
+lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                           CK_ATTRIBUTE *attribute)
+{
+    NSSLOWKEYPrivateKey *key;
+    char *label;
+    CK_RV crv;
+
+    switch (type) {
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_EXTRACTABLE:
+        case CKA_MODIFIABLE:
+        case CKA_LOCAL:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_NEVER_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_SUBJECT:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_START_DATE:
+        case CKA_END_DATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_LABEL:
+            label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
+            if (label == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            crv = lg_CopyAttribute(attribute, type, label, PORT_Strlen(label));
+            PORT_Free(label);
+            return crv;
+        default:
+            break;
+    }
+    key = lg_GetPrivateKey(obj);
+    if (key == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    switch (key->keyType) {
+        case NSSLOWKEYRSAKey:
+            return lg_FindRSAPrivateKeyAttribute(key, type, attribute, obj->sdb);
+        case NSSLOWKEYDSAKey:
+            return lg_FindDSAPrivateKeyAttribute(key, type, attribute, obj->sdb);
+        case NSSLOWKEYDHKey:
+            return lg_FindDHPrivateKeyAttribute(key, type, attribute, obj->sdb);
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            return lg_FindECPrivateKeyAttribute(key, type, attribute, obj->sdb);
+#endif /* NSS_DISABLE_ECC */
+        default:
+            break;
+    }
+
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindSMIMEAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                      CK_ATTRIBUTE *attribute)
+{
+    certDBEntrySMime *entry;
+    switch (type) {
+        case CKA_PRIVATE:
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_NSS_EMAIL:
+            return lg_CopyAttribute(attribute, type, obj->dbKey.data,
+                                    obj->dbKey.len - 1);
+        case CKA_NSS_SMIME_TIMESTAMP:
+        case CKA_SUBJECT:
+        case CKA_VALUE:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
+    }
+    entry = lg_getSMime(obj);
+    if (entry == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    switch (type) {
+        case CKA_NSS_SMIME_TIMESTAMP:
+            return lg_CopyAttribute(attribute, type, entry->optionsDate.data,
+                                    entry->optionsDate.len);
+        case CKA_SUBJECT:
+            return lg_CopyAttribute(attribute, type, entry->subjectName.data,
+                                    entry->subjectName.len);
+        case CKA_VALUE:
+            return lg_CopyAttribute(attribute, type, entry->smimeOptions.data,
+                                    entry->smimeOptions.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindTrustAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                      CK_ATTRIBUTE *attribute)
+{
+    NSSLOWCERTTrust *trust;
+    NSSLOWCERTCertDBHandle *certHandle;
+    NSSLOWCERTCertificate *cert;
+    unsigned char hash[SHA1_LENGTH];
+    unsigned int trustFlags;
+    CK_RV crv;
+
+    switch (type) {
+        case CKA_PRIVATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_CERT_SHA1_HASH:
+        case CKA_CERT_MD5_HASH:
+        case CKA_TRUST_CLIENT_AUTH:
+        case CKA_TRUST_SERVER_AUTH:
+        case CKA_TRUST_EMAIL_PROTECTION:
+        case CKA_TRUST_CODE_SIGNING:
+        case CKA_TRUST_STEP_UP_APPROVED:
+        case CKA_ISSUER:
+        case CKA_SERIAL_NUMBER:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
+    }
+    certHandle = lg_getCertDB(obj->sdb);
+    if (!certHandle) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    trust = lg_getTrust(obj, certHandle);
+    if (trust == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    switch (type) {
+        case CKA_CERT_SHA1_HASH:
+            SHA1_HashBuf(hash, trust->derCert->data, trust->derCert->len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_CERT_MD5_HASH:
+            MD5_HashBuf(hash, trust->derCert->data, trust->derCert->len);
+            return lg_CopyAttribute(attribute, type, hash, MD5_LENGTH);
+        case CKA_TRUST_CLIENT_AUTH:
+            trustFlags = trust->trust->sslFlags &
+                                 CERTDB_TRUSTED_CLIENT_CA
+                             ? trust->trust->sslFlags | CERTDB_TRUSTED_CA
+                             : 0;
+            goto trust;
+        case CKA_TRUST_SERVER_AUTH:
+            trustFlags = trust->trust->sslFlags;
+            goto trust;
+        case CKA_TRUST_EMAIL_PROTECTION:
+            trustFlags = trust->trust->emailFlags;
+            goto trust;
+        case CKA_TRUST_CODE_SIGNING:
+            trustFlags = trust->trust->objectSigningFlags;
+        trust:
+            if (trustFlags & CERTDB_TRUSTED_CA) {
+                return lg_ULongAttribute(attribute, type,
+                                         CKT_NSS_TRUSTED_DELEGATOR);
+            }
+            if (trustFlags & CERTDB_TRUSTED) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_TRUSTED);
+            }
+            if (trustFlags & CERTDB_MUST_VERIFY) {
+                return lg_ULongAttribute(attribute, type,
+                                         CKT_NSS_MUST_VERIFY_TRUST);
+            }
+            if (trustFlags & CERTDB_TRUSTED_UNKNOWN) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_TRUST_UNKNOWN);
+            }
+            if (trustFlags & CERTDB_VALID_CA) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_VALID_DELEGATOR);
+            }
+            if (trustFlags & CERTDB_TERMINAL_RECORD) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_NOT_TRUSTED);
+            }
+            return lg_ULongAttribute(attribute, type, CKT_NSS_TRUST_UNKNOWN);
+        case CKA_TRUST_STEP_UP_APPROVED:
+            if (trust->trust->sslFlags & CERTDB_GOVT_APPROVED_CA) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+            } else {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+            }
+        default:
+            break;
+    }
+
+    switch (type) {
+        case CKA_ISSUER:
+            cert = lg_getCert(obj, certHandle);
+            if (cert == NULL)
+                break;
+            crv = lg_CopyAttribute(attribute, type, cert->derIssuer.data,
+                                   cert->derIssuer.len);
+            break;
+        case CKA_SERIAL_NUMBER:
+            cert = lg_getCert(obj, certHandle);
+            if (cert == NULL)
+                break;
+            crv = lg_CopyAttribute(attribute, type, cert->derSN.data,
+                                   cert->derSN.len);
+            break;
+        default:
+            cert = NULL;
+            break;
+    }
+    if (cert) {
+        nsslowcert_DestroyCertificate(cert);
+        return crv;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindCrlAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                    CK_ATTRIBUTE *attribute)
+{
+    certDBEntryRevocation *crl;
+
+    switch (type) {
+        case CKA_PRIVATE:
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_NSS_KRL:
+            return ((obj->handle == LG_TOKEN_KRL_HANDLE)
+                        ? LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr)
+                        : LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr));
+        case CKA_SUBJECT:
+            return lg_CopyAttribute(attribute, type, obj->dbKey.data,
+                                    obj->dbKey.len);
+        case CKA_NSS_URL:
+        case CKA_VALUE:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
+    }
+    crl = lg_getCrl(obj);
+    if (!crl) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    switch (type) {
+        case CKA_NSS_URL:
+            if (crl->url == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            return lg_CopyAttribute(attribute, type, crl->url,
+                                    PORT_Strlen(crl->url) + 1);
+        case CKA_VALUE:
+            return lg_CopyAttribute(attribute, type, crl->derCrl.data,
+                                    crl->derCrl.len);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+static CK_RV
+lg_FindCertAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                     CK_ATTRIBUTE *attribute)
+{
+    NSSLOWCERTCertificate *cert;
+    NSSLOWCERTCertDBHandle *certHandle;
+    NSSLOWKEYPublicKey *pubKey;
+    unsigned char hash[SHA1_LENGTH];
+    SECItem *item;
+
+    switch (type) {
+        case CKA_PRIVATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_CERTIFICATE_TYPE:
+            /* hardcoding X.509 into here */
+            return lg_ULongAttribute(attribute, type, CKC_X_509);
+        case CKA_VALUE:
+        case CKA_ID:
+        case CKA_LABEL:
+        case CKA_SUBJECT:
+        case CKA_ISSUER:
+        case CKA_SERIAL_NUMBER:
+        case CKA_NSS_EMAIL:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
+    }
+
+    certHandle = lg_getCertDB(obj->sdb);
+    if (certHandle == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    cert = lg_getCert(obj, certHandle);
+    if (cert == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    switch (type) {
+        case CKA_VALUE:
+            return lg_CopyAttribute(attribute, type, cert->derCert.data,
+                                    cert->derCert.len);
+        case CKA_ID:
+            if (((cert->trust->sslFlags & CERTDB_USER) == 0) &&
+                ((cert->trust->emailFlags & CERTDB_USER) == 0) &&
+                ((cert->trust->objectSigningFlags & CERTDB_USER) == 0)) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            pubKey = nsslowcert_ExtractPublicKey(cert);
+            if (pubKey == NULL)
+                break;
+            item = lg_GetPubItem(pubKey);
+            if (item == NULL) {
+                lg_nsslowkey_DestroyPublicKey(pubKey);
+                break;
+            }
+            SHA1_HashBuf(hash, item->data, item->len);
+            /* item is imbedded in pubKey, just free the key */
+            lg_nsslowkey_DestroyPublicKey(pubKey);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_LABEL:
+            return cert->nickname
+                       ? lg_CopyAttribute(attribute, type, cert->nickname,
+                                          PORT_Strlen(cert->nickname))
+                       : LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_SUBJECT:
+            return lg_CopyAttribute(attribute, type, cert->derSubject.data,
+                                    cert->derSubject.len);
+        case CKA_ISSUER:
+            return lg_CopyAttribute(attribute, type, cert->derIssuer.data,
+                                    cert->derIssuer.len);
+        case CKA_SERIAL_NUMBER:
+            return lg_CopyAttribute(attribute, type, cert->derSN.data,
+                                    cert->derSN.len);
+        case CKA_NSS_EMAIL:
+            return (cert->emailAddr && cert->emailAddr[0])
+                       ? lg_CopyAttribute(attribute, type, cert->emailAddr,
+                                          PORT_Strlen(cert->emailAddr))
+                       : LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+CK_RV
+lg_GetSingleAttribute(LGObjectCache *obj, CK_ATTRIBUTE *attribute)
+{
+    /* handle the common ones */
+    CK_ATTRIBUTE_TYPE type = attribute->type;
+    switch (type) {
+        case CKA_CLASS:
+            return lg_ULongAttribute(attribute, type, obj->objclass);
+        case CKA_TOKEN:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_LABEL:
+            if ((obj->objclass == CKO_CERTIFICATE) ||
+                (obj->objclass == CKO_PRIVATE_KEY) ||
+                (obj->objclass == CKO_PUBLIC_KEY) ||
+                (obj->objclass == CKO_SECRET_KEY)) {
+                break;
+            }
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        default:
+            break;
+    }
+    switch (obj->objclass) {
+        case CKO_CERTIFICATE:
+            return lg_FindCertAttribute(obj, type, attribute);
+        case CKO_NSS_CRL:
+            return lg_FindCrlAttribute(obj, type, attribute);
+        case CKO_NSS_TRUST:
+            return lg_FindTrustAttribute(obj, type, attribute);
+        case CKO_NSS_SMIME:
+            return lg_FindSMIMEAttribute(obj, type, attribute);
+        case CKO_PUBLIC_KEY:
+            return lg_FindPublicKeyAttribute(obj, type, attribute);
+        case CKO_PRIVATE_KEY:
+            return lg_FindPrivateKeyAttribute(obj, type, attribute);
+        case CKO_SECRET_KEY:
+            return lg_FindSecretKeyAttribute(obj, type, attribute);
+        default:
+            break;
+    }
+    return lg_invalidAttribute(attribute);
+}
+
+/*
+ * Fill in the attribute template based on the data in the database.
+ */
+CK_RV
+lg_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle, CK_ATTRIBUTE *templ,
+                     CK_ULONG count)
+{
+    LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK);
+    CK_RV crv, crvCollect = CKR_OK;
+    unsigned int i;
+
+    if (obj == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    for (i = 0; i < count; i++) {
+        crv = lg_GetSingleAttribute(obj, &templ[i]);
+        if (crvCollect == CKR_OK)
+            crvCollect = crv;
+    }
+
+    lg_DestroyObjectCache(obj);
+    return crvCollect;
+}
+
+PRBool
+lg_cmpAttribute(LGObjectCache *obj, const CK_ATTRIBUTE *attribute)
+{
+    unsigned char buf[LG_BUF_SPACE];
+    CK_ATTRIBUTE testAttr;
+    unsigned char *tempBuf = NULL;
+    PRBool match = PR_TRUE;
+    CK_RV crv;
+
+    /* we're going to compare 'attribute' with the actual attribute from
+     * the object. We'll use the length of 'attribute' to decide how much
+     * space we need to read the test attribute. If 'attribute' doesn't give
+     * enough space, then we know the values don't match and that will
+     * show up as ckr != CKR_OK */
+    testAttr = *attribute;
+    testAttr.pValue = buf;
+
+    /* if we don't have enough space, malloc it */
+    if (attribute->ulValueLen > LG_BUF_SPACE) {
+        tempBuf = PORT_Alloc(attribute->ulValueLen);
+        if (!tempBuf) {
+            return PR_FALSE;
+        }
+        testAttr.pValue = tempBuf;
+    }
+
+    /* get the attribute */
+    crv = lg_GetSingleAttribute(obj, &testAttr);
+    /* if the attribute was read OK, compare it */
+    if ((crv != CKR_OK) ||
+        (attribute->pValue == NULL) ||
+        (attribute->ulValueLen != testAttr.ulValueLen) ||
+        (PORT_Memcmp(attribute->pValue, testAttr.pValue, testAttr.ulValueLen) != 0)) {
+        /* something didn't match, this isn't the object we are looking for */
+        match = PR_FALSE;
+    }
+    /* free the buffer we may have allocated */
+    if (tempBuf) {
+        PORT_Free(tempBuf);
+    }
+    return match;
+}
+
+PRBool
+lg_tokenMatch(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE class,
+              const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    PRBool match = PR_TRUE;
+    LGObjectCache *obj = lg_NewObjectCache(sdb, dbKey, class);
+    unsigned int i;
+
+    if (obj == NULL) {
+        return PR_FALSE;
+    }
+
+    for (i = 0; i < count; i++) {
+        match = lg_cmpAttribute(obj, &templ[i]);
+        if (!match) {
+            break;
+        }
+    }
+
+    /* done looking, free up our cache */
+    lg_DestroyObjectCache(obj);
+
+    /* if we get through the whole list without finding a mismatched attribute,
+     * then this object fits the criteria we are matching */
+    return match;
+}
+
+static CK_RV
+lg_SetCertAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                    const void *value, unsigned int len)
+{
+    NSSLOWCERTCertificate *cert;
+    NSSLOWCERTCertDBHandle *certHandle;
+    char *nickname = NULL;
+    SECStatus rv;
+    CK_RV crv;
+
+    /* we can't change  the EMAIL values, but let the
+     * upper layers feel better about the fact we tried to set these */
+    if (type == CKA_NSS_EMAIL) {
+        return CKR_OK;
+    }
+
+    certHandle = lg_getCertDB(obj->sdb);
+    if (certHandle == NULL) {
+        crv = CKR_TOKEN_WRITE_PROTECTED;
+        goto done;
+    }
+
+    if ((type != CKA_LABEL) && (type != CKA_ID)) {
+        crv = CKR_ATTRIBUTE_READ_ONLY;
+        goto done;
+    }
+
+    cert = lg_getCert(obj, certHandle);
+    if (cert == NULL) {
+        crv = CKR_OBJECT_HANDLE_INVALID;
+        goto done;
+    }
+
+    /* if the app is trying to set CKA_ID, it's probably because it just
+     * imported the key. Look to see if we need to set the CERTDB_USER bits.
+     */
+    if (type == CKA_ID) {
+        if (((cert->trust->sslFlags & CERTDB_USER) == 0) &&
+            ((cert->trust->emailFlags & CERTDB_USER) == 0) &&
+            ((cert->trust->objectSigningFlags & CERTDB_USER) == 0)) {
+            NSSLOWKEYDBHandle *keyHandle;
+
+            keyHandle = lg_getKeyDB(obj->sdb);
+            if (keyHandle) {
+                if (nsslowkey_KeyForCertExists(keyHandle, cert)) {
+                    NSSLOWCERTCertTrust trust = *cert->trust;
+                    trust.sslFlags |= CERTDB_USER;
+                    trust.emailFlags |= CERTDB_USER;
+                    trust.objectSigningFlags |= CERTDB_USER;
+                    nsslowcert_ChangeCertTrust(certHandle, cert, &trust);
+                }
+            }
+        }
+        crv = CKR_OK;
+        goto done;
+    }
+
+    /* must be CKA_LABEL */
+    if (value != NULL) {
+        nickname = PORT_ZAlloc(len + 1);
+        if (nickname == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto done;
+        }
+        PORT_Memcpy(nickname, value, len);
+        nickname[len] = 0;
+    }
+    rv = nsslowcert_AddPermNickname(certHandle, cert, nickname);
+    crv = (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
+
+done:
+    if (nickname) {
+        PORT_Free(nickname);
+    }
+    return crv;
+}
+
+static CK_RV
+lg_SetPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                          const void *value, unsigned int len,
+                          PRBool *writePrivate)
+{
+    NSSLOWKEYPrivateKey *privKey;
+    NSSLOWKEYDBHandle *keyHandle;
+    char *nickname = NULL;
+    SECStatus rv;
+    CK_RV crv;
+
+    /* we can't change the ID and we don't store the subject, but let the
+     * upper layers feel better about the fact we tried to set these */
+    if ((type == CKA_ID) || (type == CKA_SUBJECT) ||
+        (type == CKA_LOCAL) || (type == CKA_NEVER_EXTRACTABLE) ||
+        (type == CKA_ALWAYS_SENSITIVE)) {
+        return CKR_OK;
+    }
+
+    keyHandle = lg_getKeyDB(obj->sdb);
+    if (keyHandle == NULL) {
+        crv = CKR_TOKEN_WRITE_PROTECTED;
+        goto done;
+    }
+
+    privKey = lg_GetPrivateKeyWithDB(obj, keyHandle);
+    if (privKey == NULL) {
+        crv = CKR_OBJECT_HANDLE_INVALID;
+        goto done;
+    }
+
+    crv = CKR_ATTRIBUTE_READ_ONLY;
+    switch (type) {
+        case CKA_LABEL:
+            if (value != NULL) {
+                nickname = PORT_ZAlloc(len + 1);
+                if (nickname == NULL) {
+                    crv = CKR_HOST_MEMORY;
+                    goto done;
+                }
+                PORT_Memcpy(nickname, value, len);
+                nickname[len] = 0;
+            }
+            rv = nsslowkey_UpdateNickname(keyHandle, privKey, &obj->dbKey,
+                                          nickname, obj->sdb);
+            crv = (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
+            break;
+        case CKA_UNWRAP:
+        case CKA_SIGN:
+        case CKA_DERIVE:
+        case CKA_SIGN_RECOVER:
+        case CKA_DECRYPT:
+            /* ignore attempts to change restrict these.
+             * legacyDB ignore these flags and always presents all of them
+             * that are valid as true.
+             * NOTE: We only get here if the current value and the new value do
+             * not match. */
+            if (*(char *)value == 0) {
+                crv = CKR_OK;
+            }
+            break;
+        case CKA_VALUE:
+        case CKA_PRIVATE_EXPONENT:
+        case CKA_PRIME_1:
+        case CKA_PRIME_2:
+        case CKA_EXPONENT_1:
+        case CKA_EXPONENT_2:
+        case CKA_COEFFICIENT:
+            /* We aren't really changing these values, we are just triggering
+     * the database to update it's entry */
+            *writePrivate = PR_TRUE;
+            crv = CKR_OK;
+            break;
+        default:
+            crv = CKR_ATTRIBUTE_READ_ONLY;
+            break;
+    }
+done:
+    if (nickname) {
+        PORT_Free(nickname);
+    }
+    return crv;
+}
+
+static CK_RV
+lg_SetPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
+                         const void *value, unsigned int len,
+                         PRBool *writePrivate)
+{
+    /* we can't change the ID and we don't store the subject, but let the
+     * upper layers feel better about the fact we tried to set these */
+    if ((type == CKA_ID) || (type == CKA_SUBJECT) || (type == CKA_LABEL)) {
+        return CKR_OK;
+    }
+    return CKR_ATTRIBUTE_READ_ONLY;
+}
+
+static CK_RV
+lg_SetTrustAttribute(LGObjectCache *obj, const CK_ATTRIBUTE *attr)
+{
+    unsigned int flags;
+    CK_TRUST trust;
+    NSSLOWCERTCertificate *cert = NULL;
+    NSSLOWCERTCertDBHandle *certHandle;
+    NSSLOWCERTCertTrust dbTrust;
+    SECStatus rv;
+    CK_RV crv;
+
+    if (attr->type == CKA_LABEL) {
+        return CKR_OK;
+    }
+
+    crv = lg_GetULongAttribute(attr->type, attr, 1, &trust);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+    flags = lg_MapTrust(trust, (PRBool)(attr->type == CKA_TRUST_CLIENT_AUTH));
+
+    certHandle = lg_getCertDB(obj->sdb);
+
+    if (certHandle == NULL) {
+        crv = CKR_TOKEN_WRITE_PROTECTED;
+        goto done;
+    }
+
+    cert = lg_getCert(obj, certHandle);
+    if (cert == NULL) {
+        crv = CKR_OBJECT_HANDLE_INVALID;
+        goto done;
+    }
+    dbTrust = *cert->trust;
+
+    switch (attr->type) {
+        case CKA_TRUST_EMAIL_PROTECTION:
+            dbTrust.emailFlags = flags |
+                                 (cert->trust->emailFlags & CERTDB_PRESERVE_TRUST_BITS);
+            break;
+        case CKA_TRUST_CODE_SIGNING:
+            dbTrust.objectSigningFlags = flags |
+                                         (cert->trust->objectSigningFlags & CERTDB_PRESERVE_TRUST_BITS);
+            break;
+        case CKA_TRUST_CLIENT_AUTH:
+            dbTrust.sslFlags = flags | (cert->trust->sslFlags &
+                                        (CERTDB_PRESERVE_TRUST_BITS | CERTDB_TRUSTED_CA));
+            break;
+        case CKA_TRUST_SERVER_AUTH:
+            dbTrust.sslFlags = flags | (cert->trust->sslFlags &
+                                        (CERTDB_PRESERVE_TRUST_BITS | CERTDB_TRUSTED_CLIENT_CA));
+            break;
+        default:
+            crv = CKR_ATTRIBUTE_READ_ONLY;
+            goto done;
+    }
+
+    rv = nsslowcert_ChangeCertTrust(certHandle, cert, &dbTrust);
+    crv = (rv == SECSuccess) ? CKR_OK : CKR_DEVICE_ERROR;
+done:
+    if (cert) {
+        nsslowcert_DestroyCertificate(cert);
+    }
+    return crv;
+}
+
+static CK_RV
+lg_SetSingleAttribute(LGObjectCache *obj, const CK_ATTRIBUTE *attr,
+                      PRBool *writePrivate)
+{
+    CK_ATTRIBUTE attribLocal;
+    CK_RV crv;
+
+    if ((attr->type == CKA_NETSCAPE_DB) && (obj->objclass == CKO_PRIVATE_KEY)) {
+        *writePrivate = PR_TRUE;
+        return CKR_OK;
+    }
+
+    /* Make sure the attribute exists first */
+    attribLocal.type = attr->type;
+    attribLocal.pValue = NULL;
+    attribLocal.ulValueLen = 0;
+    crv = lg_GetSingleAttribute(obj, &attribLocal);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    /* if we are just setting it to the value we already have,
+     * allow it to happen. Let label setting go through so
+     * we have the opportunity to repair any database corruption. */
+    if (attr->type != CKA_LABEL) {
+        if (lg_cmpAttribute(obj, attr)) {
+            return CKR_OK;
+        }
+    }
+
+    crv = CKR_ATTRIBUTE_READ_ONLY;
+    switch (obj->objclass) {
+        case CKO_CERTIFICATE:
+            /* change NICKNAME, EMAIL,  */
+            crv = lg_SetCertAttribute(obj, attr->type,
+                                      attr->pValue, attr->ulValueLen);
+            break;
+        case CKO_NSS_CRL:
+            /* change URL */
+            break;
+        case CKO_NSS_TRUST:
+            crv = lg_SetTrustAttribute(obj, attr);
+            break;
+        case CKO_PRIVATE_KEY:
+        case CKO_SECRET_KEY:
+            crv = lg_SetPrivateKeyAttribute(obj, attr->type,
+                                            attr->pValue, attr->ulValueLen, writePrivate);
+            break;
+        case CKO_PUBLIC_KEY:
+            crv = lg_SetPublicKeyAttribute(obj, attr->type,
+                                           attr->pValue, attr->ulValueLen, writePrivate);
+            break;
+    }
+    return crv;
+}
+
+/*
+ * Fill in the attribute template based on the data in the database.
+ */
+CK_RV
+lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE handle,
+                     const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    LGObjectCache *obj = lg_NewObjectCache(sdb, NULL, handle & ~LG_TOKEN_MASK);
+    CK_RV crv, crvCollect = CKR_OK;
+    PRBool writePrivate = PR_FALSE;
+    unsigned int i;
+
+    if (obj == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    for (i = 0; i < count; i++) {
+        crv = lg_SetSingleAttribute(obj, &templ[i], &writePrivate);
+        if (crvCollect == CKR_OK)
+            crvCollect = crv;
+    }
+
+    /* Write any collected changes out for private and secret keys.
+     *  don't do the write for just the label */
+    if (writePrivate) {
+        NSSLOWKEYPrivateKey *privKey = lg_GetPrivateKey(obj);
+        SECStatus rv = SECFailure;
+        char *label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
+
+        if (privKey) {
+            rv = nsslowkey_StoreKeyByPublicKeyAlg(lg_getKeyDB(sdb), privKey,
+                                                  &obj->dbKey, label, sdb, PR_TRUE);
+        }
+        if (rv != SECSuccess) {
+            crv = CKR_DEVICE_ERROR;
+        }
+        PORT_Free(label);
+    }
+
+    lg_DestroyObjectCache(obj);
+    return crvCollect;
+}
diff --git a/nss/lib/softoken/legacydb/lgcreate.c b/nss/lib/softoken/legacydb/lgcreate.c
new file mode 100644
index 0000000..a0d2b2e
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lgcreate.c
@@ -0,0 +1,1017 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "secitem.h"
+#include "pkcs11.h"
+#include "lgdb.h"
+#include "pcert.h"
+#include "lowkeyi.h"
+#include "blapi.h"
+#include "secder.h"
+#include "secasn1.h"
+
+#include "keydbi.h"
+
+/*
+ * ******************** Object Creation Utilities ***************************
+ */
+
+/*
+ * check the consistancy and initialize a Certificate Object
+ */
+static CK_RV
+lg_createCertObject(SDB *sdb, CK_OBJECT_HANDLE *handle,
+                    const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    SECItem derCert;
+    NSSLOWCERTCertificate *cert;
+    NSSLOWCERTCertTrust *trust = NULL;
+    NSSLOWCERTCertTrust userTrust =
+        { CERTDB_USER, CERTDB_USER, CERTDB_USER };
+    NSSLOWCERTCertTrust defTrust =
+        { CERTDB_TRUSTED_UNKNOWN,
+          CERTDB_TRUSTED_UNKNOWN, CERTDB_TRUSTED_UNKNOWN };
+    char *label = NULL;
+    char *email = NULL;
+    SECStatus rv;
+    CK_RV crv;
+    PRBool inDB = PR_TRUE;
+    NSSLOWCERTCertDBHandle *certHandle = lg_getCertDB(sdb);
+    NSSLOWKEYDBHandle *keyHandle = NULL;
+    CK_CERTIFICATE_TYPE type;
+    const CK_ATTRIBUTE *attribute;
+
+    /* we can't store any certs private */
+    if (lg_isTrue(CKA_PRIVATE, templ, count)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* We only support X.509 Certs for now */
+    crv = lg_GetULongAttribute(CKA_CERTIFICATE_TYPE, templ, count, &type);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    if (type != CKC_X_509) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* X.509 Certificate */
+
+    if (certHandle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    /* get the der cert */
+    attribute = lg_FindAttribute(CKA_VALUE, templ, count);
+    if (!attribute) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    derCert.type = 0;
+    derCert.data = (unsigned char *)attribute->pValue;
+    derCert.len = attribute->ulValueLen;
+
+    label = lg_getString(CKA_LABEL, templ, count);
+
+    cert = nsslowcert_FindCertByDERCert(certHandle, &derCert);
+    if (cert == NULL) {
+        cert = nsslowcert_DecodeDERCertificate(&derCert, label);
+        inDB = PR_FALSE;
+    }
+    if (cert == NULL) {
+        if (label)
+            PORT_Free(label);
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    keyHandle = lg_getKeyDB(sdb);
+    if (keyHandle) {
+        if (nsslowkey_KeyForCertExists(keyHandle, cert)) {
+            trust = &userTrust;
+        }
+    }
+
+    if (!inDB) {
+        if (!trust)
+            trust = &defTrust;
+        rv = nsslowcert_AddPermCert(certHandle, cert, label, trust);
+    } else {
+        rv = trust ? nsslowcert_ChangeCertTrust(certHandle, cert, trust) : SECSuccess;
+    }
+
+    if (label)
+        PORT_Free(label);
+
+    if (rv != SECSuccess) {
+        nsslowcert_DestroyCertificate(cert);
+        return CKR_DEVICE_ERROR;
+    }
+
+    /*
+     * Add a NULL S/MIME profile if necessary.
+     */
+    email = lg_getString(CKA_NSS_EMAIL, templ, count);
+    if (email) {
+        certDBEntrySMime *entry;
+
+        entry = nsslowcert_ReadDBSMimeEntry(certHandle, email);
+        if (!entry) {
+            nsslowcert_SaveSMimeProfile(certHandle, email,
+                                        &cert->derSubject, NULL, NULL);
+        } else {
+            nsslowcert_DestroyDBEntry((certDBEntry *)entry);
+        }
+        PORT_Free(email);
+    }
+    *handle = lg_mkHandle(sdb, &cert->certKey, LG_TOKEN_TYPE_CERT);
+    nsslowcert_DestroyCertificate(cert);
+
+    return CKR_OK;
+}
+
+unsigned int
+lg_MapTrust(CK_TRUST trust, PRBool clientAuth)
+{
+    unsigned int trustCA = clientAuth ? CERTDB_TRUSTED_CLIENT_CA : CERTDB_TRUSTED_CA;
+    switch (trust) {
+        case CKT_NSS_TRUSTED:
+            return CERTDB_TERMINAL_RECORD | CERTDB_TRUSTED;
+        case CKT_NSS_TRUSTED_DELEGATOR:
+            return CERTDB_VALID_CA | trustCA;
+        case CKT_NSS_MUST_VERIFY_TRUST:
+            return CERTDB_MUST_VERIFY;
+        case CKT_NSS_NOT_TRUSTED:
+            return CERTDB_TERMINAL_RECORD;
+        case CKT_NSS_VALID_DELEGATOR: /* implies must verify */
+            return CERTDB_VALID_CA;
+        default:
+            break;
+    }
+    return CERTDB_TRUSTED_UNKNOWN;
+}
+
+/*
+ * check the consistancy and initialize a Trust Object
+ */
+static CK_RV
+lg_createTrustObject(SDB *sdb, CK_OBJECT_HANDLE *handle,
+                     const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    const CK_ATTRIBUTE *issuer = NULL;
+    const CK_ATTRIBUTE *serial = NULL;
+    NSSLOWCERTCertificate *cert = NULL;
+    const CK_ATTRIBUTE *trust;
+    CK_TRUST sslTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_TRUST clientTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_TRUST emailTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_TRUST signTrust = CKT_NSS_TRUST_UNKNOWN;
+    CK_BBOOL stepUp;
+    NSSLOWCERTCertTrust dbTrust = { 0 };
+    SECStatus rv;
+    NSSLOWCERTCertDBHandle *certHandle = lg_getCertDB(sdb);
+    NSSLOWCERTIssuerAndSN issuerSN;
+
+    /* we can't store any certs private */
+    if (lg_isTrue(CKA_PRIVATE, templ, count)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    if (certHandle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    issuer = lg_FindAttribute(CKA_ISSUER, templ, count);
+    serial = lg_FindAttribute(CKA_SERIAL_NUMBER, templ, count);
+
+    if (issuer && serial) {
+        issuerSN.derIssuer.data = (unsigned char *)issuer->pValue;
+        issuerSN.derIssuer.len = issuer->ulValueLen;
+
+        issuerSN.serialNumber.data = (unsigned char *)serial->pValue;
+        issuerSN.serialNumber.len = serial->ulValueLen;
+
+        cert = nsslowcert_FindCertByIssuerAndSN(certHandle, &issuerSN);
+    }
+
+    if (cert == NULL) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    lg_GetULongAttribute(CKA_TRUST_SERVER_AUTH, templ, count, &sslTrust);
+    lg_GetULongAttribute(CKA_TRUST_CLIENT_AUTH, templ, count, &clientTrust);
+    lg_GetULongAttribute(CKA_TRUST_EMAIL_PROTECTION, templ, count, &emailTrust);
+    lg_GetULongAttribute(CKA_TRUST_CODE_SIGNING, templ, count, &signTrust);
+    stepUp = CK_FALSE;
+    trust = lg_FindAttribute(CKA_TRUST_STEP_UP_APPROVED, templ, count);
+    if (trust) {
+        if (trust->ulValueLen == sizeof(CK_BBOOL)) {
+            stepUp = *(CK_BBOOL *)trust->pValue;
+        }
+    }
+
+    /* preserve certain old fields */
+    if (cert->trust) {
+        dbTrust.sslFlags = cert->trust->sslFlags & CERTDB_PRESERVE_TRUST_BITS;
+        dbTrust.emailFlags =
+            cert->trust->emailFlags & CERTDB_PRESERVE_TRUST_BITS;
+        dbTrust.objectSigningFlags =
+            cert->trust->objectSigningFlags & CERTDB_PRESERVE_TRUST_BITS;
+    }
+
+    dbTrust.sslFlags |= lg_MapTrust(sslTrust, PR_FALSE);
+    dbTrust.sslFlags |= lg_MapTrust(clientTrust, PR_TRUE);
+    dbTrust.emailFlags |= lg_MapTrust(emailTrust, PR_FALSE);
+    dbTrust.objectSigningFlags |= lg_MapTrust(signTrust, PR_FALSE);
+    if (stepUp) {
+        dbTrust.sslFlags |= CERTDB_GOVT_APPROVED_CA;
+    }
+
+    rv = nsslowcert_ChangeCertTrust(certHandle, cert, &dbTrust);
+    *handle = lg_mkHandle(sdb, &cert->certKey, LG_TOKEN_TYPE_TRUST);
+    nsslowcert_DestroyCertificate(cert);
+    if (rv != SECSuccess) {
+        return CKR_DEVICE_ERROR;
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Trust Object
+ */
+static CK_RV
+lg_createSMimeObject(SDB *sdb, CK_OBJECT_HANDLE *handle,
+                     const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    SECItem derSubj, rawProfile, rawTime, emailKey;
+    SECItem *pRawProfile = NULL;
+    SECItem *pRawTime = NULL;
+    char *email = NULL;
+    const CK_ATTRIBUTE *subject = NULL,
+                       *profile = NULL,
+                       *time = NULL;
+    SECStatus rv;
+    NSSLOWCERTCertDBHandle *certHandle;
+    CK_RV ck_rv = CKR_OK;
+
+    /* we can't store any certs private */
+    if (lg_isTrue(CKA_PRIVATE, templ, count)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    certHandle = lg_getCertDB(sdb);
+    if (certHandle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    /* lookup SUBJECT */
+    subject = lg_FindAttribute(CKA_SUBJECT, templ, count);
+    PORT_Assert(subject);
+    if (!subject) {
+        ck_rv = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+
+    derSubj.data = (unsigned char *)subject->pValue;
+    derSubj.len = subject->ulValueLen;
+    derSubj.type = 0;
+
+    /* lookup VALUE */
+    profile = lg_FindAttribute(CKA_VALUE, templ, count);
+    if (profile) {
+        rawProfile.data = (unsigned char *)profile->pValue;
+        rawProfile.len = profile->ulValueLen;
+        rawProfile.type = siBuffer;
+        pRawProfile = &rawProfile;
+    }
+
+    /* lookup Time */
+    time = lg_FindAttribute(CKA_NSS_SMIME_TIMESTAMP, templ, count);
+    if (time) {
+        rawTime.data = (unsigned char *)time->pValue;
+        rawTime.len = time->ulValueLen;
+        rawTime.type = siBuffer;
+        pRawTime = &rawTime;
+    }
+
+    email = lg_getString(CKA_NSS_EMAIL, templ, count);
+    if (!email) {
+        ck_rv = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+
+    /* Store S/MIME Profile by SUBJECT */
+    rv = nsslowcert_SaveSMimeProfile(certHandle, email, &derSubj,
+                                     pRawProfile, pRawTime);
+    if (rv != SECSuccess) {
+        ck_rv = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+    emailKey.data = (unsigned char *)email;
+    emailKey.len = PORT_Strlen(email) + 1;
+
+    *handle = lg_mkHandle(sdb, &emailKey, LG_TOKEN_TYPE_SMIME);
+
+loser:
+    if (email)
+        PORT_Free(email);
+
+    return ck_rv;
+}
+
+/*
+ * check the consistancy and initialize a Trust Object
+ */
+static CK_RV
+lg_createCrlObject(SDB *sdb, CK_OBJECT_HANDLE *handle,
+                   const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    PRBool isKRL = PR_FALSE;
+    SECItem derSubj, derCrl;
+    char *url = NULL;
+    const CK_ATTRIBUTE *subject, *crl;
+    SECStatus rv;
+    NSSLOWCERTCertDBHandle *certHandle;
+
+    certHandle = lg_getCertDB(sdb);
+
+    /* we can't store any private crls */
+    if (lg_isTrue(CKA_PRIVATE, templ, count)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    if (certHandle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    /* lookup SUBJECT */
+    subject = lg_FindAttribute(CKA_SUBJECT, templ, count);
+    if (!subject) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    derSubj.data = (unsigned char *)subject->pValue;
+    derSubj.len = subject->ulValueLen;
+
+    /* lookup VALUE */
+    crl = lg_FindAttribute(CKA_VALUE, templ, count);
+    PORT_Assert(crl);
+    if (!crl) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    derCrl.data = (unsigned char *)crl->pValue;
+    derCrl.len = crl->ulValueLen;
+
+    url = lg_getString(CKA_NSS_URL, templ, count);
+    isKRL = lg_isTrue(CKA_NSS_KRL, templ, count);
+
+    /* Store CRL by SUBJECT */
+    rv = nsslowcert_AddCrl(certHandle, &derCrl, &derSubj, url, isKRL);
+
+    if (url) {
+        PORT_Free(url);
+    }
+    if (rv != SECSuccess) {
+        return CKR_DEVICE_ERROR;
+    }
+
+    /* if we overwrote the existing CRL, poison the handle entry so we get
+     * a new object handle */
+    (void)lg_poisonHandle(sdb, &derSubj,
+                          isKRL ? LG_TOKEN_KRL_HANDLE : LG_TOKEN_TYPE_CRL);
+    *handle = lg_mkHandle(sdb, &derSubj,
+                          isKRL ? LG_TOKEN_KRL_HANDLE : LG_TOKEN_TYPE_CRL);
+
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Public Key Object
+ */
+static CK_RV
+lg_createPublicKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
+                         CK_OBJECT_HANDLE *handle, const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    CK_ATTRIBUTE_TYPE pubKeyAttr = CKA_VALUE;
+    CK_RV crv = CKR_OK;
+    NSSLOWKEYPrivateKey *priv;
+    SECItem pubKeySpace = { siBuffer, NULL, 0 };
+    SECItem *pubKey;
+#ifndef NSS_DISABLE_ECC
+    SECItem pubKey2Space = { siBuffer, NULL, 0 };
+    PLArenaPool *arena = NULL;
+#endif /* NSS_DISABLE_ECC */
+    NSSLOWKEYDBHandle *keyHandle = NULL;
+
+    switch (key_type) {
+        case CKK_RSA:
+            pubKeyAttr = CKA_MODULUS;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            pubKeyAttr = CKA_EC_POINT;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        case CKK_DSA:
+        case CKK_DH:
+            break;
+        default:
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    pubKey = &pubKeySpace;
+    crv = lg_Attribute2SSecItem(NULL, pubKeyAttr, templ, count, pubKey);
+    if (crv != CKR_OK)
+        return crv;
+
+#ifndef NSS_DISABLE_ECC
+    if (key_type == CKK_EC) {
+        SECStatus rv;
+        /*
+         * for ECC, use the decoded key first.
+         */
+        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        if (arena == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto done;
+        }
+        rv = SEC_QuickDERDecodeItem(arena, &pubKey2Space,
+                                    SEC_ASN1_GET(SEC_OctetStringTemplate),
+                                    pubKey);
+        if (rv != SECSuccess) {
+            /* decode didn't work, just try the pubKey */
+            PORT_FreeArena(arena, PR_FALSE);
+            arena = NULL;
+        } else {
+            /* try the decoded pub key first */
+            pubKey = &pubKey2Space;
+        }
+    }
+#endif /* NSS_DISABLE_ECC */
+
+    PORT_Assert(pubKey->data);
+    if (pubKey->data == NULL) {
+        crv = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto done;
+    }
+    keyHandle = lg_getKeyDB(sdb);
+    if (keyHandle == NULL) {
+        crv = CKR_TOKEN_WRITE_PROTECTED;
+        goto done;
+    }
+    if (keyHandle->version != 3) {
+        unsigned char buf[SHA1_LENGTH];
+        SHA1_HashBuf(buf, pubKey->data, pubKey->len);
+        PORT_Memcpy(pubKey->data, buf, sizeof(buf));
+        pubKey->len = sizeof(buf);
+    }
+    /* make sure the associated private key already exists */
+    /* only works if we are logged in */
+    priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey, sdb /*password*/);
+#ifndef NSS_DISABLE_ECC
+    if (priv == NULL && pubKey == &pubKey2Space) {
+        /* no match on the decoded key, match the original pubkey */
+        pubKey = &pubKeySpace;
+        priv = nsslowkey_FindKeyByPublicKey(keyHandle, pubKey,
+                                            sdb /*password*/);
+    }
+#endif
+    if (priv == NULL) {
+        /* the legacy database can only 'store' public keys which already
+         * have their corresponding private keys in the database */
+        crv = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto done;
+    }
+    lg_nsslowkey_DestroyPrivateKey(priv);
+    crv = CKR_OK;
+
+    *handle = lg_mkHandle(sdb, pubKey, LG_TOKEN_TYPE_PUB);
+
+done:
+    PORT_Free(pubKeySpace.data);
+#ifndef NSS_DISABLE_ECC
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+#endif
+
+    return crv;
+}
+
+/* make a private key from a verified object */
+static NSSLOWKEYPrivateKey *
+lg_mkPrivKey(SDB *sdb, const CK_ATTRIBUTE *templ, CK_ULONG count,
+             CK_KEY_TYPE key_type, CK_RV *crvp)
+{
+    NSSLOWKEYPrivateKey *privKey;
+    PLArenaPool *arena;
+    CK_RV crv = CKR_OK;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        *crvp = CKR_HOST_MEMORY;
+        return NULL;
+    }
+
+    privKey = (NSSLOWKEYPrivateKey *)
+        PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPrivateKey));
+    if (privKey == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        *crvp = CKR_HOST_MEMORY;
+        return NULL;
+    }
+
+    /* in future this would be a switch on key_type */
+    privKey->arena = arena;
+    switch (key_type) {
+        case CKK_RSA:
+            privKey->keyType = NSSLOWKEYRSAKey;
+            crv = lg_Attribute2SSecItem(arena, CKA_MODULUS, templ, count,
+                                        &privKey->u.rsa.modulus);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_Attribute2SSecItem(arena, CKA_PUBLIC_EXPONENT, templ, count,
+                                        &privKey->u.rsa.publicExponent);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_PRIVATE_EXPONENT, templ, count,
+                                       &privKey->u.rsa.privateExponent, sdb);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_PRIME_1, templ, count,
+                                       &privKey->u.rsa.prime1, sdb);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_PRIME_2, templ, count,
+                                       &privKey->u.rsa.prime2, sdb);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_EXPONENT_1, templ, count,
+                                       &privKey->u.rsa.exponent1, sdb);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_EXPONENT_2, templ, count,
+                                       &privKey->u.rsa.exponent2, sdb);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_COEFFICIENT, templ, count,
+                                       &privKey->u.rsa.coefficient, sdb);
+            if (crv != CKR_OK)
+                break;
+            rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version,
+                                 NSSLOWKEY_VERSION);
+            if (rv != SECSuccess)
+                crv = CKR_HOST_MEMORY;
+            break;
+
+        case CKK_DSA:
+            privKey->keyType = NSSLOWKEYDSAKey;
+            crv = lg_Attribute2SSecItem(arena, CKA_PRIME, templ, count,
+                                        &privKey->u.dsa.params.prime);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_Attribute2SSecItem(arena, CKA_SUBPRIME, templ, count,
+                                        &privKey->u.dsa.params.subPrime);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_Attribute2SSecItem(arena, CKA_BASE, templ, count,
+                                        &privKey->u.dsa.params.base);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_VALUE, templ, count,
+                                       &privKey->u.dsa.privateValue, sdb);
+            if (crv != CKR_OK)
+                break;
+            if (lg_hasAttribute(CKA_NETSCAPE_DB, templ, count)) {
+                crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB, templ, count,
+                                            &privKey->u.dsa.publicValue);
+                /* privKey was zero'd so public value is already set to NULL, 0
+                 * if we don't set it explicitly */
+            }
+            break;
+
+        case CKK_DH:
+            privKey->keyType = NSSLOWKEYDHKey;
+            crv = lg_Attribute2SSecItem(arena, CKA_PRIME, templ, count,
+                                        &privKey->u.dh.prime);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_Attribute2SSecItem(arena, CKA_BASE, templ, count,
+                                        &privKey->u.dh.base);
+            if (crv != CKR_OK)
+                break;
+            crv = lg_PrivAttr2SSecItem(arena, CKA_VALUE, templ, count,
+                                       &privKey->u.dh.privateValue, sdb);
+            if (crv != CKR_OK)
+                break;
+            if (lg_hasAttribute(CKA_NETSCAPE_DB, templ, count)) {
+                crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB, templ, count,
+                                            &privKey->u.dh.publicValue);
+                /* privKey was zero'd so public value is already set to NULL, 0
+                 * if we don't set it explicitly */
+            }
+            break;
+
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            privKey->keyType = NSSLOWKEYECKey;
+            crv = lg_Attribute2SSecItem(arena, CKA_EC_PARAMS, templ, count,
+                                        &privKey->u.ec.ecParams.DEREncoding);
+            if (crv != CKR_OK)
+                break;
+
+            /* Fill out the rest of the ecParams structure
+             * based on the encoded params
+             */
+            if (LGEC_FillParams(arena, &privKey->u.ec.ecParams.DEREncoding,
+                                &privKey->u.ec.ecParams) != SECSuccess) {
+                crv = CKR_DOMAIN_PARAMS_INVALID;
+                break;
+            }
+            crv = lg_PrivAttr2SSecItem(arena, CKA_VALUE, templ, count,
+                                       &privKey->u.ec.privateValue, sdb);
+            if (crv != CKR_OK)
+                break;
+            if (lg_hasAttribute(CKA_NETSCAPE_DB, templ, count)) {
+                crv = lg_Attribute2SSecItem(arena, CKA_NETSCAPE_DB, templ, count,
+                                            &privKey->u.ec.publicValue);
+                if (crv != CKR_OK)
+                    break;
+                /* privKey was zero'd so public value is already set to NULL, 0
+                 * if we don't set it explicitly */
+            }
+            rv = DER_SetUInteger(privKey->arena, &privKey->u.ec.version,
+                                 NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
+            if (rv != SECSuccess)
+                crv = CKR_HOST_MEMORY;
+            break;
+#endif /* NSS_DISABLE_ECC */
+
+        default:
+            crv = CKR_KEY_TYPE_INCONSISTENT;
+            break;
+    }
+    *crvp = crv;
+    if (crv != CKR_OK) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    return privKey;
+}
+
+/*
+ * check the consistancy and initialize a Private Key Object
+ */
+static CK_RV
+lg_createPrivateKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
+                          CK_OBJECT_HANDLE *handle, const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    NSSLOWKEYPrivateKey *privKey;
+    char *label;
+    SECStatus rv = SECSuccess;
+    CK_RV crv = CKR_DEVICE_ERROR;
+    SECItem pubKey;
+    NSSLOWKEYDBHandle *keyHandle = lg_getKeyDB(sdb);
+
+    if (keyHandle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    privKey = lg_mkPrivKey(sdb, templ, count, key_type, &crv);
+    if (privKey == NULL)
+        return crv;
+    label = lg_getString(CKA_LABEL, templ, count);
+
+    crv = lg_Attribute2SSecItem(NULL, CKA_NETSCAPE_DB, templ, count, &pubKey);
+    if (crv != CKR_OK) {
+        crv = CKR_TEMPLATE_INCOMPLETE;
+        rv = SECFailure;
+        goto fail;
+    }
+#ifdef notdef
+    if (keyHandle->version != 3) {
+        unsigned char buf[SHA1_LENGTH];
+        SHA1_HashBuf(buf, pubKey.data, pubKey.len);
+        PORT_Memcpy(pubKey.data, buf, sizeof(buf));
+        pubKey.len = sizeof(buf);
+    }
+#endif
+    /* get the key type */
+    if (key_type == CKK_RSA) {
+        rv = RSA_PrivateKeyCheck(&privKey->u.rsa);
+        if (rv == SECFailure) {
+            goto fail;
+        }
+    }
+    rv = nsslowkey_StoreKeyByPublicKey(keyHandle, privKey, &pubKey,
+                                       label, sdb /*->password*/);
+
+fail:
+    if (label)
+        PORT_Free(label);
+    *handle = lg_mkHandle(sdb, &pubKey, LG_TOKEN_TYPE_PRIV);
+    if (pubKey.data)
+        PORT_Free(pubKey.data);
+    lg_nsslowkey_DestroyPrivateKey(privKey);
+    if (rv != SECSuccess)
+        return crv;
+
+    return CKR_OK;
+}
+
+#define LG_KEY_MAX_RETRIES 10 /* don't hang if we are having problems with the rng */
+#define LG_KEY_ID_SIZE 18     /* don't use either SHA1 or MD5 sizes */
+/*
+ * Secret keys must have a CKA_ID value to be stored in the database. This code
+ * will generate one if there wasn't one already.
+ */
+static CK_RV
+lg_GenerateSecretCKA_ID(NSSLOWKEYDBHandle *handle, SECItem *id, char *label)
+{
+    unsigned int retries;
+    SECStatus rv = SECSuccess;
+    CK_RV crv = CKR_OK;
+
+    id->data = NULL;
+    if (label) {
+        id->data = (unsigned char *)PORT_Strdup(label);
+        if (id->data == NULL) {
+            return CKR_HOST_MEMORY;
+        }
+        id->len = PORT_Strlen(label) + 1;
+        if (!nsslowkey_KeyForIDExists(handle, id)) {
+            return CKR_OK;
+        }
+        PORT_Free(id->data);
+        id->data = NULL;
+        id->len = 0;
+    }
+    id->data = (unsigned char *)PORT_Alloc(LG_KEY_ID_SIZE);
+    if (id->data == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    id->len = LG_KEY_ID_SIZE;
+
+    retries = 0;
+    do {
+        rv = RNG_GenerateGlobalRandomBytes(id->data, id->len);
+    } while (rv == SECSuccess && nsslowkey_KeyForIDExists(handle, id) &&
+             (++retries <= LG_KEY_MAX_RETRIES));
+
+    if ((rv != SECSuccess) || (retries > LG_KEY_MAX_RETRIES)) {
+        crv = CKR_DEVICE_ERROR; /* random number generator is bad */
+        PORT_Free(id->data);
+        id->data = NULL;
+        id->len = 0;
+    }
+    return crv;
+}
+
+static NSSLOWKEYPrivateKey *
+lg_mkSecretKeyRep(const CK_ATTRIBUTE *templ,
+                  CK_ULONG count, CK_KEY_TYPE key_type,
+                  SECItem *pubkey, SDB *sdbpw)
+{
+    NSSLOWKEYPrivateKey *privKey = 0;
+    PLArenaPool *arena = 0;
+    CK_KEY_TYPE keyType;
+    PRUint32 keyTypeStorage;
+    SECItem keyTypeItem;
+    CK_RV crv;
+    SECStatus rv;
+    static unsigned char derZero[1] = { 0 };
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    privKey = (NSSLOWKEYPrivateKey *)
+        PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPrivateKey));
+    if (privKey == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    privKey->arena = arena;
+
+    /* Secret keys are represented in the database as "fake" RSA keys.
+     * The RSA key is marked as a secret key representation by setting the
+     * public exponent field to 0, which is an invalid RSA exponent.
+     * The other fields are set as follows:
+     *   modulus - CKA_ID value for the secret key
+     *   private exponent - CKA_VALUE (the key itself)
+     *   coefficient - CKA_KEY_TYPE, which indicates what encryption algorithm
+     *      is used for the key.
+     *   all others - set to integer 0
+     */
+    privKey->keyType = NSSLOWKEYRSAKey;
+
+    /* The modulus is set to the key id of the symmetric key */
+    privKey->u.rsa.modulus.data =
+        (unsigned char *)PORT_ArenaAlloc(arena, pubkey->len);
+    if (privKey->u.rsa.modulus.data == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    privKey->u.rsa.modulus.len = pubkey->len;
+    PORT_Memcpy(privKey->u.rsa.modulus.data, pubkey->data, pubkey->len);
+
+    /* The public exponent is set to 0 to indicate a special key */
+    privKey->u.rsa.publicExponent.len = sizeof derZero;
+    privKey->u.rsa.publicExponent.data = derZero;
+
+    /* The private exponent is the actual key value */
+    crv = lg_PrivAttr2SecItem(arena, CKA_VALUE, templ, count,
+                              &privKey->u.rsa.privateExponent, sdbpw);
+    if (crv != CKR_OK)
+        goto loser;
+
+    /* All other fields empty - needs testing */
+    privKey->u.rsa.prime1.len = sizeof derZero;
+    privKey->u.rsa.prime1.data = derZero;
+
+    privKey->u.rsa.prime2.len = sizeof derZero;
+    privKey->u.rsa.prime2.data = derZero;
+
+    privKey->u.rsa.exponent1.len = sizeof derZero;
+    privKey->u.rsa.exponent1.data = derZero;
+
+    privKey->u.rsa.exponent2.len = sizeof derZero;
+    privKey->u.rsa.exponent2.data = derZero;
+
+    /* Coeficient set to KEY_TYPE */
+    crv = lg_GetULongAttribute(CKA_KEY_TYPE, templ, count, &keyType);
+    if (crv != CKR_OK)
+        goto loser;
+    /* on 64 bit platforms, we still want to store 32 bits of keyType (This is
+     * safe since the PKCS #11 defines for all types are 32 bits or less). */
+    keyTypeStorage = (PRUint32)keyType;
+    keyTypeStorage = PR_htonl(keyTypeStorage);
+    keyTypeItem.data = (unsigned char *)&keyTypeStorage;
+    keyTypeItem.len = sizeof(keyTypeStorage);
+    rv = SECITEM_CopyItem(arena, &privKey->u.rsa.coefficient, &keyTypeItem);
+    if (rv != SECSuccess) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    /* Private key version field set normally for compatibility */
+    rv = DER_SetUInteger(privKey->arena,
+                         &privKey->u.rsa.version, NSSLOWKEY_VERSION);
+    if (rv != SECSuccess) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+loser:
+    if (crv != CKR_OK) {
+        PORT_FreeArena(arena, PR_FALSE);
+        privKey = 0;
+    }
+
+    return privKey;
+}
+
+/*
+ * check the consistancy and initialize a Secret Key Object
+ */
+static CK_RV
+lg_createSecretKeyObject(SDB *sdb, CK_KEY_TYPE key_type,
+                         CK_OBJECT_HANDLE *handle, const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    CK_RV crv;
+    NSSLOWKEYPrivateKey *privKey = NULL;
+    NSSLOWKEYDBHandle *keyHandle = NULL;
+    SECItem pubKey;
+    char *label = NULL;
+    SECStatus rv = SECSuccess;
+
+    pubKey.data = 0;
+
+    /* If the object is a TOKEN object, store in the database */
+    keyHandle = lg_getKeyDB(sdb);
+
+    if (keyHandle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    label = lg_getString(CKA_LABEL, templ, count);
+
+    crv = lg_Attribute2SecItem(NULL, CKA_ID, templ, count, &pubKey);
+    /* Should this be ID? */
+    if (crv != CKR_OK)
+        goto loser;
+
+    /* if we don't have an ID, generate one */
+    if (pubKey.len == 0) {
+        if (pubKey.data) {
+            PORT_Free(pubKey.data);
+            pubKey.data = NULL;
+        }
+        crv = lg_GenerateSecretCKA_ID(keyHandle, &pubKey, label);
+        if (crv != CKR_OK)
+            goto loser;
+    }
+
+    privKey = lg_mkSecretKeyRep(templ, count, key_type, &pubKey, sdb);
+    if (privKey == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    rv = nsslowkey_StoreKeyByPublicKey(keyHandle,
+                                       privKey, &pubKey, label, sdb /*->password*/);
+    if (rv != SECSuccess) {
+        crv = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    *handle = lg_mkHandle(sdb, &pubKey, LG_TOKEN_TYPE_KEY);
+
+loser:
+    if (label)
+        PORT_Free(label);
+    if (privKey)
+        lg_nsslowkey_DestroyPrivateKey(privKey);
+    if (pubKey.data)
+        PORT_Free(pubKey.data);
+
+    return crv;
+}
+
+/*
+ * check the consistancy and initialize a Key Object
+ */
+static CK_RV
+lg_createKeyObject(SDB *sdb, CK_OBJECT_CLASS objclass,
+                   CK_OBJECT_HANDLE *handle, const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    CK_RV crv;
+    CK_KEY_TYPE key_type;
+
+    /* get the key type */
+    crv = lg_GetULongAttribute(CKA_KEY_TYPE, templ, count, &key_type);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    switch (objclass) {
+        case CKO_PUBLIC_KEY:
+            return lg_createPublicKeyObject(sdb, key_type, handle, templ, count);
+        case CKO_PRIVATE_KEY:
+            return lg_createPrivateKeyObject(sdb, key_type, handle, templ, count);
+        case CKO_SECRET_KEY:
+            return lg_createSecretKeyObject(sdb, key_type, handle, templ, count);
+        default:
+            break;
+    }
+    return CKR_ATTRIBUTE_VALUE_INVALID;
+}
+
+/*
+ * Parse the template and create an object stored in the DB that reflects.
+ * the object specified in the database.
+ */
+CK_RV
+lg_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *handle,
+                const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    CK_RV crv;
+    CK_OBJECT_CLASS objclass;
+
+    /* get the object class */
+    crv = lg_GetULongAttribute(CKA_CLASS, templ, count, &objclass);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    /* Now handle the specific object class.
+     */
+    switch (objclass) {
+        case CKO_CERTIFICATE:
+            crv = lg_createCertObject(sdb, handle, templ, count);
+            break;
+        case CKO_NSS_TRUST:
+            crv = lg_createTrustObject(sdb, handle, templ, count);
+            break;
+        case CKO_NSS_CRL:
+            crv = lg_createCrlObject(sdb, handle, templ, count);
+            break;
+        case CKO_NSS_SMIME:
+            crv = lg_createSMimeObject(sdb, handle, templ, count);
+            break;
+        case CKO_PRIVATE_KEY:
+        case CKO_PUBLIC_KEY:
+        case CKO_SECRET_KEY:
+            crv = lg_createKeyObject(sdb, objclass, handle, templ, count);
+            break;
+        default:
+            crv = CKR_ATTRIBUTE_VALUE_INVALID;
+            break;
+    }
+
+    return crv;
+}
diff --git a/nss/lib/softoken/legacydb/lgdb.h b/nss/lib/softoken/legacydb/lgdb.h
new file mode 100644
index 0000000..ee80f4b
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lgdb.h
@@ -0,0 +1,175 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal data structures and functions used by pkcs11.c
+ */
+#ifndef _LGDB_H_
+#define _LGDB_H_ 1
+
+#include "nssilock.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "lowkeyti.h"
+#include "pkcs11t.h"
+#include "sdb.h"
+#include "cdbhdl.h"
+
+#define MULTIACCESS "multiaccess:"
+
+/* path stuff (was machine dependent) used by dbinit.c and pk11db.c */
+#define PATH_SEPARATOR "/"
+#define SECMOD_DB "secmod.db"
+#define CERT_DB_FMT "%scert%s.db"
+#define KEY_DB_FMT "%skey%s.db"
+
+SEC_BEGIN_PROTOS
+
+/* internal utility functions used by pkcs11.c */
+extern const CK_ATTRIBUTE *lg_FindAttribute(CK_ATTRIBUTE_TYPE type,
+                                            const CK_ATTRIBUTE *templ, CK_ULONG count);
+extern CK_RV lg_Attribute2SecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type,
+                                  const CK_ATTRIBUTE *templ, CK_ULONG count,
+                                  SECItem *item);
+extern CK_RV lg_Attribute2SSecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type,
+                                   const CK_ATTRIBUTE *templ, CK_ULONG count,
+                                   SECItem *item);
+extern CK_RV lg_PrivAttr2SecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type,
+                                 const CK_ATTRIBUTE *templ, CK_ULONG count,
+                                 SECItem *item, SDB *sdbpw);
+extern CK_RV lg_PrivAttr2SSecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type,
+                                  const CK_ATTRIBUTE *templ, CK_ULONG count,
+                                  SECItem *item, SDB *sdbpw);
+extern CK_RV lg_GetULongAttribute(CK_ATTRIBUTE_TYPE type,
+                                  const CK_ATTRIBUTE *templ, CK_ULONG count,
+                                  CK_ULONG *out);
+extern PRBool lg_hasAttribute(CK_ATTRIBUTE_TYPE type,
+                              const CK_ATTRIBUTE *templ, CK_ULONG count);
+extern PRBool lg_isTrue(CK_ATTRIBUTE_TYPE type,
+                        const CK_ATTRIBUTE *templ, CK_ULONG count);
+extern PRBool lg_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
+extern char *lg_getString(CK_ATTRIBUTE_TYPE type,
+                          const CK_ATTRIBUTE *templ, CK_ULONG count);
+extern unsigned int lg_MapTrust(CK_TRUST trust, PRBool clientAuth);
+
+/* clear out all the existing object ID to database key mappings.
+ * used to reinit a token */
+extern CK_RV lg_ClearTokenKeyHashTable(SDB *sdb);
+
+extern void lg_FreeSearch(SDBFind *search);
+
+NSSLOWCERTCertDBHandle *lg_getCertDB(SDB *sdb);
+NSSLOWKEYDBHandle *lg_getKeyDB(SDB *sdb);
+
+const char *lg_EvaluateConfigDir(const char *configdir, char **domain);
+
+/* verify the FIPS selftests ran and were successful */
+PRBool lg_FIPSEntryOK(void);
+
+/*
+ * object handle modifiers
+ */
+#define LG_TOKEN_MASK 0xc0000000L
+#define LG_TOKEN_TYPE_MASK 0x38000000L
+#define LG_TOKEN_TYPE_SHIFT 27
+/* keydb (high bit == 0) */
+#define LG_TOKEN_TYPE_PRIV 0x08000000L
+#define LG_TOKEN_TYPE_PUB 0x10000000L
+#define LG_TOKEN_TYPE_KEY 0x18000000L
+/* certdb (high bit == 1) */
+#define LG_TOKEN_TYPE_TRUST 0x20000000L
+#define LG_TOKEN_TYPE_CRL 0x28000000L
+#define LG_TOKEN_TYPE_SMIME 0x30000000L
+#define LG_TOKEN_TYPE_CERT 0x38000000L
+
+#define LG_TOKEN_KRL_HANDLE (LG_TOKEN_TYPE_CRL | 1)
+
+#define LG_SEARCH_BLOCK_SIZE 10
+#define LG_BUF_SPACE 50
+#define LG_STRICT PR_FALSE
+
+/*
+ * token object utilities
+ */
+void lg_addHandle(SDBFind *search, CK_OBJECT_HANDLE handle);
+PRBool lg_poisonHandle(SDB *sdb, SECItem *dbkey, CK_OBJECT_HANDLE handle);
+PRBool lg_tokenMatch(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE class,
+                     const CK_ATTRIBUTE *templ, CK_ULONG count);
+const SECItem *lg_lookupTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle);
+CK_OBJECT_HANDLE lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class);
+SECStatus lg_deleteTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle);
+
+SECStatus lg_util_encrypt(PLArenaPool *arena, SDB *sdbpw,
+                          SECItem *plainText, SECItem **cipherText);
+SECStatus lg_util_decrypt(SDB *sdbpw,
+                          SECItem *cipherText, SECItem **plainText);
+PLHashTable *lg_GetHashTable(SDB *sdb);
+void lg_DBLock(SDB *sdb);
+void lg_DBUnlock(SDB *sdb);
+
+typedef void (*LGFreeFunc)(void *);
+
+/*
+ * database functions
+ */
+
+/* lg_FindObjectsInit initializes a search for token and session objects
+ * that match a template. */
+CK_RV lg_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *pTemplate,
+                         CK_ULONG ulCount, SDBFind **search);
+/* lg_FindObjects continues a search for token and session objects
+ * that match a template, obtaining additional object handles. */
+CK_RV lg_FindObjects(SDB *sdb, SDBFind *search,
+                     CK_OBJECT_HANDLE *phObject, CK_ULONG ulMaxObjectCount,
+                     CK_ULONG *pulObjectCount);
+
+/* lg_FindObjectsFinal finishes a search for token and session objects. */
+CK_RV lg_FindObjectsFinal(SDB *lgdb, SDBFind *search);
+
+/* lg_CreateObject parses the template and create an object stored in the
+ * DB that reflects the object specified in the template.  */
+CK_RV lg_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *handle,
+                      const CK_ATTRIBUTE *templ, CK_ULONG count);
+
+CK_RV lg_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
+                           CK_ATTRIBUTE *template, CK_ULONG count);
+CK_RV lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
+                           const CK_ATTRIBUTE *template, CK_ULONG count);
+CK_RV lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id);
+
+CK_RV lg_Close(SDB *sdb);
+CK_RV lg_Reset(SDB *sdb);
+
+/*
+ * The old database doesn't share and doesn't support
+ * transactions.
+ */
+CK_RV lg_Begin(SDB *sdb);
+CK_RV lg_Commit(SDB *sdb);
+CK_RV lg_Abort(SDB *sdb);
+CK_RV lg_GetMetaData(SDB *sdb, const char *id, SECItem *item1, SECItem *item2);
+CK_RV lg_PutMetaData(SDB *sdb, const char *id,
+                     const SECItem *item1, const SECItem *item2);
+
+SEC_END_PROTOS
+
+#ifndef XP_UNIX
+
+#define NO_FORK_CHECK
+
+#endif
+
+#ifndef NO_FORK_CHECK
+
+extern PRBool lg_parentForkedAfterC_Initialize;
+#define SKIP_AFTER_FORK(x)                 \
+    if (!lg_parentForkedAfterC_Initialize) \
+    x
+
+#else
+
+#define SKIP_AFTER_FORK(x) x
+
+#endif /* NO_FORK_CHECK */
+
+#endif /* _LGDB_H_ */
diff --git a/nss/lib/softoken/legacydb/lgdestroy.c b/nss/lib/softoken/legacydb/lgdestroy.c
new file mode 100644
index 0000000..1e3839d
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lgdestroy.c
@@ -0,0 +1,110 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal PKCS #11 functions. Should only be called by pkcs11.c
+ */
+#include "pkcs11.h"
+#include "lgdb.h"
+#include "pcert.h"
+#include "lowkeyi.h"
+
+/*
+ * remove an object.
+ */
+CK_RV
+lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
+{
+    CK_RV crv = CKR_OK;
+    SECStatus rv;
+    NSSLOWCERTCertificate *cert;
+    NSSLOWCERTCertTrust tmptrust;
+    PRBool isKrl;
+    NSSLOWKEYDBHandle *keyHandle;
+    NSSLOWCERTCertDBHandle *certHandle;
+    const SECItem *dbKey;
+
+    object_id &= ~LG_TOKEN_MASK;
+    dbKey = lg_lookupTokenKeyByHandle(sdb, object_id);
+    if (dbKey == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    /* remove the objects from the real data base */
+    switch (object_id & LG_TOKEN_TYPE_MASK) {
+        case LG_TOKEN_TYPE_PRIV:
+        case LG_TOKEN_TYPE_KEY:
+            /* KEYID is the public KEY for DSA and DH, and the MODULUS for
+             *  RSA */
+            keyHandle = lg_getKeyDB(sdb);
+            if (!keyHandle) {
+                crv = CKR_TOKEN_WRITE_PROTECTED;
+                break;
+            }
+            rv = nsslowkey_DeleteKey(keyHandle, dbKey);
+            if (rv != SECSuccess) {
+                crv = CKR_DEVICE_ERROR;
+            }
+            break;
+        case LG_TOKEN_TYPE_PUB:
+            break; /* public keys only exist at the behest of the priv key */
+        case LG_TOKEN_TYPE_CERT:
+            certHandle = lg_getCertDB(sdb);
+            if (!certHandle) {
+                crv = CKR_TOKEN_WRITE_PROTECTED;
+                break;
+            }
+            cert = nsslowcert_FindCertByKey(certHandle, dbKey);
+            if (cert == NULL) {
+                crv = CKR_DEVICE_ERROR;
+                break;
+            }
+            rv = nsslowcert_DeletePermCertificate(cert);
+            if (rv != SECSuccess) {
+                crv = CKR_DEVICE_ERROR;
+            }
+            nsslowcert_DestroyCertificate(cert);
+            break;
+        case LG_TOKEN_TYPE_CRL:
+            certHandle = lg_getCertDB(sdb);
+            if (!certHandle) {
+                crv = CKR_TOKEN_WRITE_PROTECTED;
+                break;
+            }
+            isKrl = (PRBool)(object_id == LG_TOKEN_KRL_HANDLE);
+            rv = nsslowcert_DeletePermCRL(certHandle, dbKey, isKrl);
+            if (rv == SECFailure)
+                crv = CKR_DEVICE_ERROR;
+            break;
+        case LG_TOKEN_TYPE_TRUST:
+            certHandle = lg_getCertDB(sdb);
+            if (!certHandle) {
+                crv = CKR_TOKEN_WRITE_PROTECTED;
+                break;
+            }
+            cert = nsslowcert_FindCertByKey(certHandle, dbKey);
+            if (cert == NULL) {
+                crv = CKR_DEVICE_ERROR;
+                break;
+            }
+            tmptrust = *cert->trust;
+            tmptrust.sslFlags &= CERTDB_PRESERVE_TRUST_BITS;
+            tmptrust.emailFlags &= CERTDB_PRESERVE_TRUST_BITS;
+            tmptrust.objectSigningFlags &= CERTDB_PRESERVE_TRUST_BITS;
+            tmptrust.sslFlags |= CERTDB_TRUSTED_UNKNOWN;
+            tmptrust.emailFlags |= CERTDB_TRUSTED_UNKNOWN;
+            tmptrust.objectSigningFlags |= CERTDB_TRUSTED_UNKNOWN;
+            rv = nsslowcert_ChangeCertTrust(certHandle, cert, &tmptrust);
+            if (rv != SECSuccess)
+                crv = CKR_DEVICE_ERROR;
+            nsslowcert_DestroyCertificate(cert);
+            break;
+        default:
+            break;
+    }
+    lg_DBLock(sdb);
+    lg_deleteTokenKeyByHandle(sdb, object_id);
+    lg_DBUnlock(sdb);
+
+    return crv;
+}
diff --git a/nss/lib/softoken/legacydb/lgfind.c b/nss/lib/softoken/legacydb/lgfind.c
new file mode 100644
index 0000000..288e56c
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lgfind.c
@@ -0,0 +1,912 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "secitem.h"
+#include "pkcs11.h"
+#include "lgdb.h"
+#include "lowkeyi.h"
+#include "pcert.h"
+#include "blapi.h"
+
+#include "keydbi.h"
+
+/*
+ * This code maps PKCS #11 Finds to legacy database searches. This code
+ * was orginally in pkcs11.c in previous versions of NSS.
+ */
+
+struct SDBFindStr {
+    CK_OBJECT_HANDLE *handles;
+    int size;
+    int index;
+    int array_size;
+};
+
+/*
+ * free a search structure
+ */
+void
+lg_FreeSearch(SDBFind *search)
+{
+    if (search->handles) {
+        PORT_Free(search->handles);
+    }
+    PORT_Free(search);
+}
+
+void
+lg_addHandle(SDBFind *search, CK_OBJECT_HANDLE handle)
+{
+    if (search->handles == NULL) {
+        return;
+    }
+    if (search->size >= search->array_size) {
+        search->array_size += LG_SEARCH_BLOCK_SIZE;
+        search->handles = (CK_OBJECT_HANDLE *)PORT_Realloc(search->handles,
+                                                           sizeof(CK_OBJECT_HANDLE) * search->array_size);
+        if (search->handles == NULL) {
+            return;
+        }
+    }
+    search->handles[search->size] = handle;
+    search->size++;
+}
+
+/*
+ * find any certs that may match the template and load them.
+ */
+#define LG_CERT 0x00000001
+#define LG_TRUST 0x00000002
+#define LG_CRL 0x00000004
+#define LG_SMIME 0x00000008
+#define LG_PRIVATE 0x00000010
+#define LG_PUBLIC 0x00000020
+#define LG_KEY 0x00000040
+
+/*
+ * structure to collect key handles.
+ */
+typedef struct lgEntryDataStr {
+    SDB *sdb;
+    SDBFind *searchHandles;
+    const CK_ATTRIBUTE *template;
+    CK_ULONG templ_count;
+} lgEntryData;
+
+static SECStatus
+lg_crl_collect(SECItem *data, SECItem *key, certDBEntryType type, void *arg)
+{
+    lgEntryData *crlData;
+    CK_OBJECT_HANDLE class_handle;
+    SDB *sdb;
+
+    crlData = (lgEntryData *)arg;
+    sdb = crlData->sdb;
+
+    class_handle = (type == certDBEntryTypeRevocation) ? LG_TOKEN_TYPE_CRL : LG_TOKEN_KRL_HANDLE;
+    if (lg_tokenMatch(sdb, key, class_handle,
+                      crlData->template, crlData->templ_count)) {
+        lg_addHandle(crlData->searchHandles,
+                     lg_mkHandle(sdb, key, class_handle));
+    }
+    return (SECSuccess);
+}
+
+static void
+lg_searchCrls(SDB *sdb, SECItem *derSubject, PRBool isKrl,
+              unsigned long classFlags, SDBFind *search,
+              const CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
+{
+    NSSLOWCERTCertDBHandle *certHandle = NULL;
+
+    certHandle = lg_getCertDB(sdb);
+    if (certHandle == NULL) {
+        return;
+    }
+    if (derSubject->data != NULL) {
+        certDBEntryRevocation *crl =
+            nsslowcert_FindCrlByKey(certHandle, derSubject, isKrl);
+
+        if (crl != NULL) {
+            lg_addHandle(search, lg_mkHandle(sdb, derSubject,
+                                             isKrl ? LG_TOKEN_KRL_HANDLE : LG_TOKEN_TYPE_CRL));
+            nsslowcert_DestroyDBEntry((certDBEntry *)crl);
+        }
+    } else {
+        lgEntryData crlData;
+
+        /* traverse */
+        crlData.sdb = sdb;
+        crlData.searchHandles = search;
+        crlData.template = pTemplate;
+        crlData.templ_count = ulCount;
+        nsslowcert_TraverseDBEntries(certHandle, certDBEntryTypeRevocation,
+                                     lg_crl_collect, (void *)&crlData);
+        nsslowcert_TraverseDBEntries(certHandle, certDBEntryTypeKeyRevocation,
+                                     lg_crl_collect, (void *)&crlData);
+    }
+}
+
+/*
+ * structure to collect key handles.
+ */
+typedef struct lgKeyDataStr {
+    SDB *sdb;
+    NSSLOWKEYDBHandle *keyHandle;
+    SDBFind *searchHandles;
+    SECItem *id;
+    const CK_ATTRIBUTE *template;
+    CK_ULONG templ_count;
+    unsigned long classFlags;
+    PRBool strict;
+} lgKeyData;
+
+static PRBool
+isSecretKey(NSSLOWKEYPrivateKey *privKey)
+{
+    if (privKey->keyType == NSSLOWKEYRSAKey &&
+        privKey->u.rsa.publicExponent.len == 1 &&
+        privKey->u.rsa.publicExponent.data[0] == 0)
+        return PR_TRUE;
+
+    return PR_FALSE;
+}
+
+static SECStatus
+lg_key_collect(DBT *key, DBT *data, void *arg)
+{
+    lgKeyData *keyData;
+    NSSLOWKEYPrivateKey *privKey = NULL;
+    SECItem tmpDBKey;
+    SDB *sdb;
+    unsigned long classFlags;
+
+    keyData = (lgKeyData *)arg;
+    sdb = keyData->sdb;
+    classFlags = keyData->classFlags;
+
+    tmpDBKey.data = key->data;
+    tmpDBKey.len = key->size;
+    tmpDBKey.type = siBuffer;
+
+    PORT_Assert(keyData->keyHandle);
+    if (!keyData->strict && keyData->id && keyData->id->data) {
+        SECItem result;
+        PRBool haveMatch = PR_FALSE;
+        unsigned char hashKey[SHA1_LENGTH];
+        result.data = hashKey;
+        result.len = sizeof(hashKey);
+
+        if (keyData->id->len == 0) {
+            /* Make sure this isn't a LG_KEY */
+            privKey = nsslowkey_FindKeyByPublicKey(keyData->keyHandle,
+                                                   &tmpDBKey, keyData->sdb /*->password*/);
+            if (privKey) {
+                /* turn off the unneeded class flags */
+                classFlags &= isSecretKey(privKey) ? ~(LG_PRIVATE | LG_PUBLIC) : ~LG_KEY;
+                haveMatch = (PRBool)((classFlags & (LG_KEY | LG_PRIVATE | LG_PUBLIC)) != 0);
+                lg_nsslowkey_DestroyPrivateKey(privKey);
+            }
+        } else {
+            SHA1_HashBuf(hashKey, key->data, key->size); /* match id */
+            haveMatch = SECITEM_ItemsAreEqual(keyData->id, &result);
+            if (!haveMatch && ((unsigned char *)key->data)[0] == 0) {
+                /* This is a fix for backwards compatibility.  The key
+                 * database indexes private keys by the public key, and
+                 * versions of NSS prior to 3.4 stored the public key as
+                 * a signed integer.  The public key is now treated as an
+                 * unsigned integer, with no leading zero.  In order to
+                 * correctly compute the hash of an old key, it is necessary
+                 * to fallback and detect the leading zero.
+                 */
+                SHA1_HashBuf(hashKey,
+                             (unsigned char *)key->data + 1, key->size - 1);
+                haveMatch = SECITEM_ItemsAreEqual(keyData->id, &result);
+            }
+        }
+        if (haveMatch) {
+            if (classFlags & LG_PRIVATE) {
+                lg_addHandle(keyData->searchHandles,
+                             lg_mkHandle(sdb, &tmpDBKey, LG_TOKEN_TYPE_PRIV));
+            }
+            if (classFlags & LG_PUBLIC) {
+                lg_addHandle(keyData->searchHandles,
+                             lg_mkHandle(sdb, &tmpDBKey, LG_TOKEN_TYPE_PUB));
+            }
+            if (classFlags & LG_KEY) {
+                lg_addHandle(keyData->searchHandles,
+                             lg_mkHandle(sdb, &tmpDBKey, LG_TOKEN_TYPE_KEY));
+            }
+        }
+        return SECSuccess;
+    }
+
+    privKey = nsslowkey_FindKeyByPublicKey(keyData->keyHandle, &tmpDBKey,
+                                           keyData->sdb /*->password*/);
+    if (privKey == NULL) {
+        goto loser;
+    }
+
+    if (isSecretKey(privKey)) {
+        if ((classFlags & LG_KEY) &&
+            lg_tokenMatch(keyData->sdb, &tmpDBKey, LG_TOKEN_TYPE_KEY,
+                          keyData->template, keyData->templ_count)) {
+            lg_addHandle(keyData->searchHandles,
+                         lg_mkHandle(keyData->sdb, &tmpDBKey, LG_TOKEN_TYPE_KEY));
+        }
+    } else {
+        if ((classFlags & LG_PRIVATE) &&
+            lg_tokenMatch(keyData->sdb, &tmpDBKey, LG_TOKEN_TYPE_PRIV,
+                          keyData->template, keyData->templ_count)) {
+            lg_addHandle(keyData->searchHandles,
+                         lg_mkHandle(keyData->sdb, &tmpDBKey, LG_TOKEN_TYPE_PRIV));
+        }
+        if ((classFlags & LG_PUBLIC) &&
+            lg_tokenMatch(keyData->sdb, &tmpDBKey, LG_TOKEN_TYPE_PUB,
+                          keyData->template, keyData->templ_count)) {
+            lg_addHandle(keyData->searchHandles,
+                         lg_mkHandle(keyData->sdb, &tmpDBKey, LG_TOKEN_TYPE_PUB));
+        }
+    }
+
+loser:
+    if (privKey) {
+        lg_nsslowkey_DestroyPrivateKey(privKey);
+    }
+    return (SECSuccess);
+}
+
+static void
+lg_searchKeys(SDB *sdb, SECItem *key_id,
+              unsigned long classFlags, SDBFind *search, PRBool mustStrict,
+              const CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
+{
+    NSSLOWKEYDBHandle *keyHandle = NULL;
+    NSSLOWKEYPrivateKey *privKey;
+    lgKeyData keyData;
+    PRBool found = PR_FALSE;
+
+    keyHandle = lg_getKeyDB(sdb);
+    if (keyHandle == NULL) {
+        return;
+    }
+
+    if (key_id->data) {
+        privKey = nsslowkey_FindKeyByPublicKey(keyHandle, key_id, sdb);
+        if (privKey) {
+            if ((classFlags & LG_KEY) && isSecretKey(privKey)) {
+                lg_addHandle(search,
+                             lg_mkHandle(sdb, key_id, LG_TOKEN_TYPE_KEY));
+                found = PR_TRUE;
+            }
+            if ((classFlags & LG_PRIVATE) && !isSecretKey(privKey)) {
+                lg_addHandle(search,
+                             lg_mkHandle(sdb, key_id, LG_TOKEN_TYPE_PRIV));
+                found = PR_TRUE;
+            }
+            if ((classFlags & LG_PUBLIC) && !isSecretKey(privKey)) {
+                lg_addHandle(search,
+                             lg_mkHandle(sdb, key_id, LG_TOKEN_TYPE_PUB));
+                found = PR_TRUE;
+            }
+            lg_nsslowkey_DestroyPrivateKey(privKey);
+        }
+        /* don't do the traversal if we have an up to date db */
+        if (keyHandle->version != 3) {
+            goto loser;
+        }
+        /* don't do the traversal if it can't possibly be the correct id */
+        /* all soft token id's are SHA1_HASH_LEN's */
+        if (key_id->len != SHA1_LENGTH) {
+            goto loser;
+        }
+        if (found) {
+            /* if we already found some keys, don't do the traversal */
+            goto loser;
+        }
+    }
+    keyData.sdb = sdb;
+    keyData.keyHandle = keyHandle;
+    keyData.searchHandles = search;
+    keyData.id = key_id;
+    keyData.template = pTemplate;
+    keyData.templ_count = ulCount;
+    keyData.classFlags = classFlags;
+    keyData.strict = mustStrict ? mustStrict : LG_STRICT;
+
+    nsslowkey_TraverseKeys(keyHandle, lg_key_collect, &keyData);
+
+loser:
+    return;
+}
+
+/*
+ * structure to collect certs into
+ */
+typedef struct lgCertDataStr {
+    SDB *sdb;
+    int cert_count;
+    int max_cert_count;
+    NSSLOWCERTCertificate **certs;
+    const CK_ATTRIBUTE *template;
+    CK_ULONG templ_count;
+    unsigned long classFlags;
+    PRBool strict;
+} lgCertData;
+
+/*
+ * collect all the certs from the traverse call.
+ */
+static SECStatus
+lg_cert_collect(NSSLOWCERTCertificate *cert, void *arg)
+{
+    lgCertData *cd = (lgCertData *)arg;
+
+    if (cert == NULL) {
+        return SECSuccess;
+    }
+
+    if (cd->certs == NULL) {
+        return SECFailure;
+    }
+
+    if (cd->strict) {
+        if ((cd->classFlags & LG_CERT) &&
+            !lg_tokenMatch(cd->sdb, &cert->certKey, LG_TOKEN_TYPE_CERT, cd->template, cd->templ_count)) {
+            return SECSuccess;
+        }
+        if ((cd->classFlags & LG_TRUST) &&
+            !lg_tokenMatch(cd->sdb, &cert->certKey, LG_TOKEN_TYPE_TRUST, cd->template, cd->templ_count)) {
+            return SECSuccess;
+        }
+    }
+
+    /* allocate more space if we need it. This should only happen in
+     * the general traversal case */
+    if (cd->cert_count >= cd->max_cert_count) {
+        int size;
+        cd->max_cert_count += LG_SEARCH_BLOCK_SIZE;
+        size = cd->max_cert_count * sizeof(NSSLOWCERTCertificate *);
+        cd->certs = (NSSLOWCERTCertificate **)PORT_Realloc(cd->certs, size);
+        if (cd->certs == NULL) {
+            return SECFailure;
+        }
+    }
+
+    cd->certs[cd->cert_count++] = nsslowcert_DupCertificate(cert);
+    return SECSuccess;
+}
+
+/* provide impedence matching ... */
+static SECStatus
+lg_cert_collect2(NSSLOWCERTCertificate *cert, SECItem *dymmy, void *arg)
+{
+    return lg_cert_collect(cert, arg);
+}
+
+static void
+lg_searchSingleCert(lgCertData *certData, NSSLOWCERTCertificate *cert)
+{
+    if (cert == NULL) {
+        return;
+    }
+    if (certData->strict &&
+        !lg_tokenMatch(certData->sdb, &cert->certKey, LG_TOKEN_TYPE_CERT,
+                       certData->template, certData->templ_count)) {
+        nsslowcert_DestroyCertificate(cert);
+        return;
+    }
+    certData->certs = (NSSLOWCERTCertificate **)
+        PORT_Alloc(sizeof(NSSLOWCERTCertificate *));
+    if (certData->certs == NULL) {
+        nsslowcert_DestroyCertificate(cert);
+        return;
+    }
+    certData->certs[0] = cert;
+    certData->cert_count = 1;
+}
+
+static void
+lg_CertSetupData(lgCertData *certData, int count)
+{
+    certData->max_cert_count = count;
+
+    if (certData->max_cert_count <= 0) {
+        return;
+    }
+    certData->certs = (NSSLOWCERTCertificate **)
+        PORT_Alloc(count * sizeof(NSSLOWCERTCertificate *));
+    return;
+}
+
+static void
+lg_searchCertsAndTrust(SDB *sdb, SECItem *derCert, SECItem *name,
+                       SECItem *derSubject, NSSLOWCERTIssuerAndSN *issuerSN,
+                       SECItem *email,
+                       unsigned long classFlags, SDBFind *handles,
+                       const CK_ATTRIBUTE *pTemplate, CK_LONG ulCount)
+{
+    NSSLOWCERTCertDBHandle *certHandle = NULL;
+    lgCertData certData;
+    int i;
+
+    certHandle = lg_getCertDB(sdb);
+    if (certHandle == NULL)
+        return;
+
+    certData.sdb = sdb;
+    certData.max_cert_count = 0;
+    certData.certs = NULL;
+    certData.cert_count = 0;
+    certData.template = pTemplate;
+    certData.templ_count = ulCount;
+    certData.classFlags = classFlags;
+    certData.strict = LG_STRICT;
+
+    /*
+     * Find the Cert.
+     */
+    if (derCert->data != NULL) {
+        NSSLOWCERTCertificate *cert =
+            nsslowcert_FindCertByDERCert(certHandle, derCert);
+        lg_searchSingleCert(&certData, cert);
+    } else if (name->data != NULL) {
+        char *tmp_name = (char *)PORT_Alloc(name->len + 1);
+        int count;
+
+        if (tmp_name == NULL) {
+            return;
+        }
+        PORT_Memcpy(tmp_name, name->data, name->len);
+        tmp_name[name->len] = 0;
+
+        count = nsslowcert_NumPermCertsForNickname(certHandle, tmp_name);
+        lg_CertSetupData(&certData, count);
+        nsslowcert_TraversePermCertsForNickname(certHandle, tmp_name,
+                                                lg_cert_collect, &certData);
+        PORT_Free(tmp_name);
+    } else if (derSubject->data != NULL) {
+        int count;
+
+        count = nsslowcert_NumPermCertsForSubject(certHandle, derSubject);
+        lg_CertSetupData(&certData, count);
+        nsslowcert_TraversePermCertsForSubject(certHandle, derSubject,
+                                               lg_cert_collect, &certData);
+    } else if ((issuerSN->derIssuer.data != NULL) &&
+               (issuerSN->serialNumber.data != NULL)) {
+        if (classFlags & LG_CERT) {
+            NSSLOWCERTCertificate *cert =
+                nsslowcert_FindCertByIssuerAndSN(certHandle, issuerSN);
+
+            lg_searchSingleCert(&certData, cert);
+        }
+        if (classFlags & LG_TRUST) {
+            NSSLOWCERTTrust *trust =
+                nsslowcert_FindTrustByIssuerAndSN(certHandle, issuerSN);
+
+            if (trust) {
+                lg_addHandle(handles,
+                             lg_mkHandle(sdb, &trust->dbKey, LG_TOKEN_TYPE_TRUST));
+                nsslowcert_DestroyTrust(trust);
+            }
+        }
+    } else if (email->data != NULL) {
+        char *tmp_name = (char *)PORT_Alloc(email->len + 1);
+        certDBEntrySMime *entry = NULL;
+
+        if (tmp_name == NULL) {
+            return;
+        }
+        PORT_Memcpy(tmp_name, email->data, email->len);
+        tmp_name[email->len] = 0;
+
+        entry = nsslowcert_ReadDBSMimeEntry(certHandle, tmp_name);
+        if (entry) {
+            int count;
+            SECItem *subjectName = &entry->subjectName;
+
+            count = nsslowcert_NumPermCertsForSubject(certHandle, subjectName);
+            lg_CertSetupData(&certData, count);
+            nsslowcert_TraversePermCertsForSubject(certHandle, subjectName,
+                                                   lg_cert_collect, &certData);
+
+            nsslowcert_DestroyDBEntry((certDBEntry *)entry);
+        }
+        PORT_Free(tmp_name);
+    } else {
+        /* we aren't filtering the certs, we are working on all, so turn
+         * on the strict filters. */
+        certData.strict = PR_TRUE;
+        lg_CertSetupData(&certData, LG_SEARCH_BLOCK_SIZE);
+        nsslowcert_TraversePermCerts(certHandle, lg_cert_collect2, &certData);
+    }
+
+    /*
+     * build the handles
+     */
+    for (i = 0; i < certData.cert_count; i++) {
+        NSSLOWCERTCertificate *cert = certData.certs[i];
+
+        /* if we filtered it would have been on the stuff above */
+        if (classFlags & LG_CERT) {
+            lg_addHandle(handles,
+                         lg_mkHandle(sdb, &cert->certKey, LG_TOKEN_TYPE_CERT));
+        }
+        if ((classFlags & LG_TRUST) && nsslowcert_hasTrust(cert->trust)) {
+            lg_addHandle(handles,
+                         lg_mkHandle(sdb, &cert->certKey, LG_TOKEN_TYPE_TRUST));
+        }
+        nsslowcert_DestroyCertificate(cert);
+    }
+
+    if (certData.certs)
+        PORT_Free(certData.certs);
+    return;
+}
+
+static SECStatus
+lg_smime_collect(SECItem *data, SECItem *key, certDBEntryType type, void *arg)
+{
+    lgEntryData *smimeData;
+    SDB *sdb;
+
+    smimeData = (lgEntryData *)arg;
+    sdb = smimeData->sdb;
+
+    if (lg_tokenMatch(sdb, key, LG_TOKEN_TYPE_SMIME,
+                      smimeData->template, smimeData->templ_count)) {
+        lg_addHandle(smimeData->searchHandles,
+                     lg_mkHandle(sdb, key, LG_TOKEN_TYPE_SMIME));
+    }
+    return (SECSuccess);
+}
+
+static void
+lg_searchSMime(SDB *sdb, SECItem *email, SDBFind *handles,
+               const CK_ATTRIBUTE *pTemplate, CK_LONG ulCount)
+{
+    NSSLOWCERTCertDBHandle *certHandle = NULL;
+    certDBEntrySMime *entry;
+
+    certHandle = lg_getCertDB(sdb);
+    if (certHandle == NULL)
+        return;
+
+    if (email->data != NULL) {
+        char *tmp_name = (char *)PORT_Alloc(email->len + 1);
+
+        if (tmp_name == NULL) {
+            return;
+        }
+        PORT_Memcpy(tmp_name, email->data, email->len);
+        tmp_name[email->len] = 0;
+
+        entry = nsslowcert_ReadDBSMimeEntry(certHandle, tmp_name);
+        if (entry) {
+            SECItem emailKey;
+
+            emailKey.data = (unsigned char *)tmp_name;
+            emailKey.len = PORT_Strlen(tmp_name) + 1;
+            emailKey.type = 0;
+            lg_addHandle(handles,
+                         lg_mkHandle(sdb, &emailKey, LG_TOKEN_TYPE_SMIME));
+            nsslowcert_DestroyDBEntry((certDBEntry *)entry);
+        }
+        PORT_Free(tmp_name);
+    } else {
+        /* traverse */
+        lgEntryData smimeData;
+
+        /* traverse */
+        smimeData.sdb = sdb;
+        smimeData.searchHandles = handles;
+        smimeData.template = pTemplate;
+        smimeData.templ_count = ulCount;
+        nsslowcert_TraverseDBEntries(certHandle, certDBEntryTypeSMimeProfile,
+                                     lg_smime_collect, (void *)&smimeData);
+    }
+    return;
+}
+
+static CK_RV
+lg_searchTokenList(SDB *sdb, SDBFind *search,
+                   const CK_ATTRIBUTE *pTemplate, CK_LONG ulCount)
+{
+    int i;
+    PRBool isKrl = PR_FALSE;
+    SECItem derCert = { siBuffer, NULL, 0 };
+    SECItem derSubject = { siBuffer, NULL, 0 };
+    SECItem name = { siBuffer, NULL, 0 };
+    SECItem email = { siBuffer, NULL, 0 };
+    SECItem key_id = { siBuffer, NULL, 0 };
+    SECItem cert_sha1_hash = { siBuffer, NULL, 0 };
+    SECItem cert_md5_hash = { siBuffer, NULL, 0 };
+    NSSLOWCERTIssuerAndSN issuerSN = {
+        { siBuffer, NULL, 0 },
+        { siBuffer, NULL, 0 }
+    };
+    SECItem *copy = NULL;
+    CK_CERTIFICATE_TYPE certType;
+    CK_OBJECT_CLASS objectClass;
+    CK_RV crv;
+    unsigned long classFlags;
+
+    if (lg_getCertDB(sdb) == NULL) {
+        classFlags = LG_PRIVATE | LG_KEY;
+    } else {
+        classFlags = LG_CERT | LG_TRUST | LG_PUBLIC | LG_SMIME | LG_CRL;
+    }
+
+    /*
+     * look for things to search on token objects for. If the right options
+     * are specified, we can use them as direct indeces into the database
+     * (rather than using linear searches. We can also use the attributes to
+     * limit the kinds of objects we are searching for. Later we can use this
+     * array to filter the remaining objects more finely.
+     */
+    for (i = 0; classFlags && i < (int)ulCount; i++) {
+
+        switch (pTemplate[i].type) {
+            case CKA_SUBJECT:
+                copy = &derSubject;
+                classFlags &= (LG_CERT | LG_PRIVATE | LG_PUBLIC | LG_SMIME | LG_CRL);
+                break;
+            case CKA_ISSUER:
+                copy = &issuerSN.derIssuer;
+                classFlags &= (LG_CERT | LG_TRUST);
+                break;
+            case CKA_SERIAL_NUMBER:
+                copy = &issuerSN.serialNumber;
+                classFlags &= (LG_CERT | LG_TRUST);
+                break;
+            case CKA_VALUE:
+                copy = &derCert;
+                classFlags &= (LG_CERT | LG_CRL | LG_SMIME);
+                break;
+            case CKA_LABEL:
+                copy = &name;
+                break;
+            case CKA_NETSCAPE_EMAIL:
+                copy = &email;
+                classFlags &= LG_SMIME | LG_CERT;
+                break;
+            case CKA_NETSCAPE_SMIME_TIMESTAMP:
+                classFlags &= LG_SMIME;
+                break;
+            case CKA_CLASS:
+                crv = lg_GetULongAttribute(CKA_CLASS, &pTemplate[i], 1, &objectClass);
+                if (crv != CKR_OK) {
+                    classFlags = 0;
+                    break;
+                }
+                switch (objectClass) {
+                    case CKO_CERTIFICATE:
+                        classFlags &= LG_CERT;
+                        break;
+                    case CKO_NETSCAPE_TRUST:
+                        classFlags &= LG_TRUST;
+                        break;
+                    case CKO_NETSCAPE_CRL:
+                        classFlags &= LG_CRL;
+                        break;
+                    case CKO_NETSCAPE_SMIME:
+                        classFlags &= LG_SMIME;
+                        break;
+                    case CKO_PRIVATE_KEY:
+                        classFlags &= LG_PRIVATE;
+                        break;
+                    case CKO_PUBLIC_KEY:
+                        classFlags &= LG_PUBLIC;
+                        break;
+                    case CKO_SECRET_KEY:
+                        classFlags &= LG_KEY;
+                        break;
+                    default:
+                        classFlags = 0;
+                        break;
+                }
+                break;
+            case CKA_PRIVATE:
+                if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
+                    classFlags = 0;
+                    break;
+                }
+                if (*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE) {
+                    classFlags &= (LG_PRIVATE | LG_KEY);
+                } else {
+                    classFlags &= ~(LG_PRIVATE | LG_KEY);
+                }
+                break;
+            case CKA_SENSITIVE:
+                if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
+                    classFlags = 0;
+                    break;
+                }
+                if (*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE) {
+                    classFlags &= (LG_PRIVATE | LG_KEY);
+                } else {
+                    classFlags = 0;
+                }
+                break;
+            case CKA_TOKEN:
+                if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
+                    classFlags = 0;
+                    break;
+                }
+                if (*((CK_BBOOL *)pTemplate[i].pValue) != CK_TRUE) {
+                    classFlags = 0;
+                }
+                break;
+            case CKA_CERT_SHA1_HASH:
+                classFlags &= LG_TRUST;
+                copy = &cert_sha1_hash;
+                break;
+            case CKA_CERT_MD5_HASH:
+                classFlags &= LG_TRUST;
+                copy = &cert_md5_hash;
+                break;
+            case CKA_CERTIFICATE_TYPE:
+                crv = lg_GetULongAttribute(CKA_CERTIFICATE_TYPE, &pTemplate[i],
+                                           1, &certType);
+                if (crv != CKR_OK) {
+                    classFlags = 0;
+                    break;
+                }
+                classFlags &= LG_CERT;
+                if (certType != CKC_X_509) {
+                    classFlags = 0;
+                }
+                break;
+            case CKA_ID:
+                copy = &key_id;
+                classFlags &= (LG_CERT | LG_PRIVATE | LG_KEY | LG_PUBLIC);
+                break;
+            case CKA_NETSCAPE_KRL:
+                if (pTemplate[i].ulValueLen != sizeof(CK_BBOOL)) {
+                    classFlags = 0;
+                    break;
+                }
+                classFlags &= LG_CRL;
+                isKrl = (PRBool)(*((CK_BBOOL *)pTemplate[i].pValue) == CK_TRUE);
+                break;
+            case CKA_MODIFIABLE:
+                break;
+            case CKA_KEY_TYPE:
+            case CKA_DERIVE:
+                classFlags &= LG_PUBLIC | LG_PRIVATE | LG_KEY;
+                break;
+            case CKA_VERIFY_RECOVER:
+                classFlags &= LG_PUBLIC;
+                break;
+            case CKA_SIGN_RECOVER:
+                classFlags &= LG_PRIVATE;
+                break;
+            case CKA_ENCRYPT:
+            case CKA_VERIFY:
+            case CKA_WRAP:
+                classFlags &= LG_PUBLIC | LG_KEY;
+                break;
+            case CKA_DECRYPT:
+            case CKA_SIGN:
+            case CKA_UNWRAP:
+            case CKA_ALWAYS_SENSITIVE:
+            case CKA_EXTRACTABLE:
+            case CKA_NEVER_EXTRACTABLE:
+                classFlags &= LG_PRIVATE | LG_KEY;
+                break;
+            /* can't be a certificate if it doesn't match one of the above
+             * attributes */
+            default:
+                classFlags = 0;
+                break;
+        }
+        if (copy) {
+            copy->data = (unsigned char *)pTemplate[i].pValue;
+            copy->len = pTemplate[i].ulValueLen;
+        }
+        copy = NULL;
+    }
+
+    /* certs */
+    if (classFlags & (LG_CERT | LG_TRUST)) {
+        lg_searchCertsAndTrust(sdb, &derCert, &name, &derSubject,
+                               &issuerSN, &email, classFlags, search,
+                               pTemplate, ulCount);
+    }
+
+    /* keys */
+    if (classFlags & (LG_PRIVATE | LG_PUBLIC | LG_KEY)) {
+        PRBool mustStrict = (name.len != 0);
+        lg_searchKeys(sdb, &key_id, classFlags, search,
+                      mustStrict, pTemplate, ulCount);
+    }
+
+    /* crl's */
+    if (classFlags & LG_CRL) {
+        lg_searchCrls(sdb, &derSubject, isKrl, classFlags, search,
+                      pTemplate, ulCount);
+    }
+    /* Add S/MIME entry stuff */
+    if (classFlags & LG_SMIME) {
+        lg_searchSMime(sdb, &email, search, pTemplate, ulCount);
+    }
+    return CKR_OK;
+}
+
+/* lg_FindObjectsInit initializes a search for token and session objects
+ * that match a template. */
+CK_RV
+lg_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *pTemplate,
+                   CK_ULONG ulCount, SDBFind **retSearch)
+{
+    SDBFind *search;
+    CK_RV crv = CKR_OK;
+
+    *retSearch = NULL;
+
+    search = (SDBFind *)PORT_Alloc(sizeof(SDBFind));
+    if (search == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    search->handles = (CK_OBJECT_HANDLE *)
+        PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * LG_SEARCH_BLOCK_SIZE);
+    if (search->handles == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    search->index = 0;
+    search->size = 0;
+    search->array_size = LG_SEARCH_BLOCK_SIZE;
+    /* FIXME - do we still need to get Login state? */
+
+    crv = lg_searchTokenList(sdb, search, pTemplate, ulCount);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    *retSearch = search;
+    return CKR_OK;
+
+loser:
+    if (search) {
+        lg_FreeSearch(search);
+    }
+    return crv;
+}
+
+/* lg_FindObjects continues a search for token and session objects
+ * that match a template, obtaining additional object handles. */
+CK_RV
+lg_FindObjects(SDB *sdb, SDBFind *search,
+               CK_OBJECT_HANDLE *phObject, CK_ULONG ulMaxObjectCount,
+               CK_ULONG *pulObjectCount)
+{
+    int transfer;
+    int left;
+
+    *pulObjectCount = 0;
+    left = search->size - search->index;
+    transfer = ((int)ulMaxObjectCount > left) ? left : ulMaxObjectCount;
+    if (transfer > 0) {
+        PORT_Memcpy(phObject, &search->handles[search->index],
+                    transfer * sizeof(CK_OBJECT_HANDLE));
+    } else {
+        *phObject = CK_INVALID_HANDLE;
+    }
+
+    search->index += transfer;
+    *pulObjectCount = transfer;
+    return CKR_OK;
+}
+
+/* lg_FindObjectsFinal finishes a search for token and session objects. */
+CK_RV
+lg_FindObjectsFinal(SDB *lgdb, SDBFind *search)
+{
+
+    if (search != NULL) {
+        lg_FreeSearch(search);
+    }
+    return CKR_OK;
+}
diff --git a/nss/lib/softoken/legacydb/lgfips.c b/nss/lib/softoken/legacydb/lgfips.c
new file mode 100644
index 0000000..b017424
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lgfips.c
@@ -0,0 +1,115 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* $Id: fipstest.c,v 1.31 2012/06/28 17:55:06 rrelyea%redhat.com Exp $ */
+
+#include "seccomon.h"
+#include "lgdb.h"
+#include "blapi.h"
+
+/*
+ * different platforms have different ways of calling and initial entry point
+ * when the dll/.so is loaded. Most platforms support either a posix pragma
+ * or the GCC attribute. Some platforms suppor a pre-defined name, and some
+ * platforms have a link line way of invoking this function.
+ */
+
+/* The pragma */
+#if defined(USE_INIT_PRAGMA)
+#pragma init(lg_startup_tests)
+#endif
+
+/* GCC Attribute */
+#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT)
+#define INIT_FUNCTION __attribute__((constructor))
+#else
+#define INIT_FUNCTION
+#endif
+
+static void INIT_FUNCTION lg_startup_tests(void);
+
+/* Windows pre-defined entry */
+#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
+#include <windows.h>
+
+BOOL WINAPI DllMain(
+    HINSTANCE hinstDLL, // handle to DLL module
+    DWORD fdwReason,    // reason for calling function
+    LPVOID lpReserved)  // reserved
+{
+    // Perform actions based on the reason for calling.
+    switch (fdwReason) {
+        case DLL_PROCESS_ATTACH:
+            // Initialize once for each new process.
+            // Return FALSE to fail DLL load.
+            lg_startup_tests();
+            break;
+
+        case DLL_THREAD_ATTACH:
+            // Do thread-specific initialization.
+            break;
+
+        case DLL_THREAD_DETACH:
+            // Do thread-specific cleanup.
+            break;
+
+        case DLL_PROCESS_DETACH:
+            // Perform any necessary cleanup.
+            break;
+    }
+    return TRUE; // Successful DLL_PROCESS_ATTACH.
+}
+#endif
+
+static PRBool lg_self_tests_ran = PR_FALSE;
+static PRBool lg_self_tests_success = PR_FALSE;
+
+static void
+lg_local_function(void)
+{
+}
+
+/*
+ * This function is called at dll load time, the code tha makes this
+ * happen is platform specific on defined above.
+ */
+static void
+lg_startup_tests(void)
+{
+    const char *libraryName = LG_LIB_NAME;
+
+    PORT_Assert(!lg_self_tests_ran);
+    PORT_Assert(!lg_self_tests_success);
+    lg_self_tests_ran = PR_TRUE;
+    lg_self_tests_success = PR_FALSE; /* just in case */
+
+    /* no self tests required for the legacy db, only the integrity check */
+    /* check the integrity of our shared library */
+    if (!BLAPI_SHVerify(libraryName, (PRFuncPtr)&lg_local_function)) {
+        /* something is wrong with the library, fail without enabling
+         * the fips token */
+        return;
+    }
+    /* FIPS product has been installed and is functioning, allow
+     * the module to operate in fips mode */
+    lg_self_tests_success = PR_TRUE;
+}
+
+PRBool
+lg_FIPSEntryOK()
+{
+#ifdef NSS_NO_INIT_SUPPORT
+    /* this should only be set on platforms that can't handle one of the INIT
+     * schemes.  This code allows those platforms to continue to function,
+     * though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT
+     * is not set, and init support has not been properly enabled, softken
+     * will always fail because of the test below */
+    if (!lg_self_tests_ran) {
+        lg_startup_tests();
+    }
+#endif
+    return lg_self_tests_success;
+}
diff --git a/nss/lib/softoken/legacydb/lginit.c b/nss/lib/softoken/legacydb/lginit.c
new file mode 100644
index 0000000..6913eea
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lginit.c
@@ -0,0 +1,660 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "lowkeyi.h"
+#include "pcert.h"
+#include "keydbi.h"
+#include "lgdb.h"
+#include "secoid.h"
+#include "prenv.h"
+#include "softkver.h"
+
+/* Library identity and versioning */
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_dbm_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING;
+
+typedef struct LGPrivateStr {
+    NSSLOWCERTCertDBHandle *certDB;
+    NSSLOWKEYDBHandle *keyDB;
+    PRLock *dbLock;
+    PLHashTable *hashTable;
+} LGPrivate;
+
+static char *
+lg_certdb_name_cb(void *arg, int dbVersion)
+{
+    const char *configdir = (const char *)arg;
+    const char *dbver;
+    char *smpname = NULL;
+    char *dbname = NULL;
+
+    switch (dbVersion) {
+        case 8:
+            dbver = "8";
+            break;
+        case 7:
+            dbver = "7";
+            break;
+        case 6:
+            dbver = "6";
+            break;
+        case 5:
+            dbver = "5";
+            break;
+        case 4:
+        default:
+            dbver = "";
+            break;
+    }
+
+    /* make sure we return something allocated with PORT_ so we have properly
+     * matched frees at the end */
+    smpname = PR_smprintf(CERT_DB_FMT, configdir, dbver);
+    if (smpname) {
+        dbname = PORT_Strdup(smpname);
+        PR_smprintf_free(smpname);
+    }
+    return dbname;
+}
+
+static char *
+lg_keydb_name_cb(void *arg, int dbVersion)
+{
+    const char *configdir = (const char *)arg;
+    const char *dbver;
+    char *smpname = NULL;
+    char *dbname = NULL;
+
+    switch (dbVersion) {
+        case 4:
+            dbver = "4";
+            break;
+        case 3:
+            dbver = "3";
+            break;
+        case 1:
+            dbver = "1";
+            break;
+        case 2:
+        default:
+            dbver = "";
+            break;
+    }
+
+    smpname = PR_smprintf(KEY_DB_FMT, configdir, dbver);
+    if (smpname) {
+        dbname = PORT_Strdup(smpname);
+        PR_smprintf_free(smpname);
+    }
+    return dbname;
+}
+
+const char *
+lg_EvaluateConfigDir(const char *configdir, char **appName)
+{
+    if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS) - 1) == 0) {
+        char *cdir;
+
+        *appName = PORT_Strdup(configdir + sizeof(MULTIACCESS) - 1);
+        if (*appName == NULL) {
+            return configdir;
+        }
+        cdir = *appName;
+        while (*cdir && *cdir != ':') {
+            cdir++;
+        }
+        if (*cdir == ':') {
+            *cdir = 0;
+            cdir++;
+        }
+        configdir = cdir;
+    }
+    return configdir;
+}
+
+static int rdbmapflags(int flags);
+static rdbfunc lg_rdbfunc = NULL;
+static rdbstatusfunc lg_rdbstatusfunc = NULL;
+
+/* NOTE: SHLIB_SUFFIX is defined on the command line */
+#define RDBLIB SHLIB_PREFIX "rdb." SHLIB_SUFFIX
+
+DB *
+rdbopen(const char *appName, const char *prefix,
+        const char *type, int flags, int *status)
+{
+    PRLibrary *lib;
+    DB *db;
+    char *disableUnload = NULL;
+
+    if (lg_rdbfunc) {
+        db = (*lg_rdbfunc)(appName, prefix, type, rdbmapflags(flags));
+        if (!db && status && lg_rdbstatusfunc) {
+            *status = (*lg_rdbstatusfunc)();
+        }
+        return db;
+    }
+
+    /*
+     * try to open the library.
+     */
+    lib = PR_LoadLibrary(RDBLIB);
+
+    if (!lib) {
+        return NULL;
+    }
+
+    /* get the entry points */
+    lg_rdbstatusfunc = (rdbstatusfunc)PR_FindSymbol(lib, "rdbstatus");
+    lg_rdbfunc = (rdbfunc)PR_FindSymbol(lib, "rdbopen");
+    if (lg_rdbfunc) {
+        db = (*lg_rdbfunc)(appName, prefix, type, rdbmapflags(flags));
+        if (!db && status && lg_rdbstatusfunc) {
+            *status = (*lg_rdbstatusfunc)();
+        }
+        return db;
+    }
+
+    /* couldn't find the entry point, unload the library and fail */
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+    if (!disableUnload) {
+        PR_UnloadLibrary(lib);
+    }
+    return NULL;
+}
+
+/*
+ * the following data structures are from rdb.h.
+ */
+struct RDBStr {
+    DB db;
+    int (*xactstart)(DB *db);
+    int (*xactdone)(DB *db, PRBool abort);
+    int version;
+    int (*dbinitcomplete)(DB *db);
+};
+
+#define DB_RDB ((DBTYPE)0xff)
+#define RDB_RDONLY 1
+#define RDB_RDWR 2
+#define RDB_CREATE 4
+
+static int
+rdbmapflags(int flags)
+{
+    switch (flags) {
+        case NO_RDONLY:
+            return RDB_RDONLY;
+        case NO_RDWR:
+            return RDB_RDWR;
+        case NO_CREATE:
+            return RDB_CREATE;
+        default:
+            break;
+    }
+    return 0;
+}
+
+PRBool
+db_IsRDB(DB *db)
+{
+    return (PRBool)db->type == DB_RDB;
+}
+
+int
+db_BeginTransaction(DB *db)
+{
+    struct RDBStr *rdb = (struct RDBStr *)db;
+    if (db->type != DB_RDB) {
+        return 0;
+    }
+
+    return rdb->xactstart(db);
+}
+
+int
+db_FinishTransaction(DB *db, PRBool abort)
+{
+    struct RDBStr *rdb = (struct RDBStr *)db;
+    if (db->type != DB_RDB) {
+        return 0;
+    }
+
+    return rdb->xactdone(db, abort);
+}
+
+static DB *
+lg_getRawDB(SDB *sdb)
+{
+    NSSLOWCERTCertDBHandle *certDB;
+    NSSLOWKEYDBHandle *keyDB;
+
+    certDB = lg_getCertDB(sdb);
+    if (certDB) {
+        return certDB->permCertDB;
+    }
+    keyDB = lg_getKeyDB(sdb);
+    if (keyDB) {
+        return keyDB->db;
+    }
+    return NULL;
+}
+
+CK_RV
+lg_Begin(SDB *sdb)
+{
+    DB *db = lg_getRawDB(sdb);
+    int ret;
+
+    if (db == NULL) {
+        return CKR_GENERAL_ERROR; /* shouldn't happen */
+    }
+    ret = db_BeginTransaction(db);
+    if (ret != 0) {
+        return CKR_GENERAL_ERROR; /* could happen */
+    }
+    return CKR_OK;
+}
+
+CK_RV
+lg_Commit(SDB *sdb)
+{
+    DB *db = lg_getRawDB(sdb);
+    int ret;
+
+    if (db == NULL) {
+        return CKR_GENERAL_ERROR; /* shouldn't happen */
+    }
+    ret = db_FinishTransaction(db, PR_FALSE);
+    if (ret != 0) {
+        return CKR_GENERAL_ERROR; /* could happen */
+    }
+    return CKR_OK;
+}
+
+CK_RV
+lg_Abort(SDB *sdb)
+{
+    DB *db = lg_getRawDB(sdb);
+    int ret;
+
+    if (db == NULL) {
+        return CKR_GENERAL_ERROR; /* shouldn't happen */
+    }
+    ret = db_FinishTransaction(db, PR_TRUE);
+    if (ret != 0) {
+        return CKR_GENERAL_ERROR; /* could happen */
+    }
+    return CKR_OK;
+}
+
+int
+db_InitComplete(DB *db)
+{
+    struct RDBStr *rdb = (struct RDBStr *)db;
+    if (db->type != DB_RDB) {
+        return 0;
+    }
+    /* we should have added a version number to the RDBS structure. Since we
+     * didn't, we detect that we have and 'extended' structure if the rdbstatus
+     * func exists */
+    if (!lg_rdbstatusfunc) {
+        return 0;
+    }
+
+    return rdb->dbinitcomplete(db);
+}
+
+SECStatus
+db_Copy(DB *dest, DB *src)
+{
+    int ret;
+    DBT key, data;
+    ret = (*src->seq)(src, &key, &data, R_FIRST);
+    if (ret) {
+        return SECSuccess;
+    }
+
+    do {
+        (void)(*dest->put)(dest, &key, &data, R_NOOVERWRITE);
+    } while ((*src->seq)(src, &key, &data, R_NEXT) == 0);
+    (void)(*dest->sync)(dest, 0);
+
+    return SECSuccess;
+}
+
+static CK_RV
+lg_OpenCertDB(const char *configdir, const char *prefix, PRBool readOnly,
+              NSSLOWCERTCertDBHandle **certdbPtr)
+{
+    NSSLOWCERTCertDBHandle *certdb = NULL;
+    CK_RV crv = CKR_NETSCAPE_CERTDB_FAILED;
+    SECStatus rv;
+    char *name = NULL;
+    char *appName = NULL;
+
+    if (prefix == NULL) {
+        prefix = "";
+    }
+
+    configdir = lg_EvaluateConfigDir(configdir, &appName);
+
+    name = PR_smprintf("%s" PATH_SEPARATOR "%s", configdir, prefix);
+    if (name == NULL)
+        goto loser;
+
+    certdb = (NSSLOWCERTCertDBHandle *)PORT_ZAlloc(sizeof(NSSLOWCERTCertDBHandle));
+    if (certdb == NULL)
+        goto loser;
+
+    certdb->ref = 1;
+    /* fix when we get the DB in */
+    rv = nsslowcert_OpenCertDB(certdb, readOnly, appName, prefix,
+                               lg_certdb_name_cb, (void *)name, PR_FALSE);
+    if (rv == SECSuccess) {
+        crv = CKR_OK;
+        *certdbPtr = certdb;
+        certdb = NULL;
+    }
+loser:
+    if (certdb)
+        PR_Free(certdb);
+    if (name)
+        PR_smprintf_free(name);
+    if (appName)
+        PORT_Free(appName);
+    return crv;
+}
+
+static CK_RV
+lg_OpenKeyDB(const char *configdir, const char *prefix, PRBool readOnly,
+             NSSLOWKEYDBHandle **keydbPtr)
+{
+    NSSLOWKEYDBHandle *keydb;
+    char *name = NULL;
+    char *appName = NULL;
+
+    if (prefix == NULL) {
+        prefix = "";
+    }
+    configdir = lg_EvaluateConfigDir(configdir, &appName);
+
+    name = PR_smprintf("%s" PATH_SEPARATOR "%s", configdir, prefix);
+    if (name == NULL)
+        return CKR_HOST_MEMORY;
+    keydb = nsslowkey_OpenKeyDB(readOnly, appName, prefix,
+                                lg_keydb_name_cb, (void *)name);
+    PR_smprintf_free(name);
+    if (appName)
+        PORT_Free(appName);
+    if (keydb == NULL)
+        return CKR_NETSCAPE_KEYDB_FAILED;
+    *keydbPtr = keydb;
+
+    return CKR_OK;
+}
+
+/*
+ * Accessors for the private parts of the sdb structure.
+ */
+void
+lg_DBLock(SDB *sdb)
+{
+    LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
+    SKIP_AFTER_FORK(PR_Lock(lgdb_p->dbLock));
+}
+
+void
+lg_DBUnlock(SDB *sdb)
+{
+    LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
+    SKIP_AFTER_FORK(PR_Unlock(lgdb_p->dbLock));
+}
+
+PLHashTable *
+lg_GetHashTable(SDB *sdb)
+{
+    LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
+    return lgdb_p->hashTable;
+}
+
+NSSLOWCERTCertDBHandle *
+lg_getCertDB(SDB *sdb)
+{
+    LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
+
+    return lgdb_p->certDB;
+}
+
+NSSLOWKEYDBHandle *
+lg_getKeyDB(SDB *sdb)
+{
+    LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
+
+    return lgdb_p->keyDB;
+}
+
+PRBool lg_parentForkedAfterC_Initialize;
+
+void
+lg_SetForkState(PRBool forked)
+{
+    lg_parentForkedAfterC_Initialize = forked;
+}
+
+CK_RV
+lg_Close(SDB *sdb)
+{
+    LGPrivate *lgdb_p = (LGPrivate *)sdb->private;
+    lg_ClearTokenKeyHashTable(sdb);
+    if (lgdb_p) {
+        if (lgdb_p->certDB) {
+            nsslowcert_ClosePermCertDB(lgdb_p->certDB);
+        } else if (lgdb_p->keyDB) {
+            nsslowkey_CloseKeyDB(lgdb_p->keyDB);
+        }
+        if (lgdb_p->dbLock) {
+            SKIP_AFTER_FORK(PR_DestroyLock(lgdb_p->dbLock));
+        }
+        if (lgdb_p->hashTable) {
+            PL_HashTableDestroy(lgdb_p->hashTable);
+        }
+        PORT_Free(lgdb_p);
+    }
+    PORT_Free(sdb);
+    return CKR_OK;
+}
+
+static PLHashNumber
+lg_HashNumber(const void *key)
+{
+    return (PLHashNumber)((char *)key - (char *)NULL);
+}
+
+/*
+ * helper function to wrap a NSSLOWCERTCertDBHandle or a NSSLOWKEYDBHandle
+ * with and sdb structure.
+ */
+CK_RV
+lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr,
+        NSSLOWKEYDBHandle *keydbPtr)
+{
+    SDB *sdb = NULL;
+    LGPrivate *lgdb_p = NULL;
+    CK_RV error = CKR_HOST_MEMORY;
+
+    *pSdb = NULL;
+    sdb = (SDB *)PORT_Alloc(sizeof(SDB));
+    if (sdb == NULL) {
+        goto loser;
+    }
+    lgdb_p = (LGPrivate *)PORT_Alloc(sizeof(LGPrivate));
+    if (lgdb_p == NULL) {
+        goto loser;
+    }
+    /* invariant fields */
+    lgdb_p->certDB = certdbPtr;
+    lgdb_p->keyDB = keydbPtr;
+    lgdb_p->dbLock = PR_NewLock();
+    if (lgdb_p->dbLock == NULL) {
+        goto loser;
+    }
+    lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, PL_CompareValues,
+                                        SECITEM_HashCompare, NULL, 0);
+    if (lgdb_p->hashTable == NULL) {
+        goto loser;
+    }
+
+    sdb->private = lgdb_p;
+    sdb->version = 0;
+    sdb->sdb_flags = flags;
+    sdb->app_private = NULL;
+    sdb->sdb_FindObjectsInit = lg_FindObjectsInit;
+    sdb->sdb_FindObjects = lg_FindObjects;
+    sdb->sdb_FindObjectsFinal = lg_FindObjectsFinal;
+    sdb->sdb_GetAttributeValue = lg_GetAttributeValue;
+    sdb->sdb_SetAttributeValue = lg_SetAttributeValue;
+    sdb->sdb_CreateObject = lg_CreateObject;
+    sdb->sdb_DestroyObject = lg_DestroyObject;
+    sdb->sdb_GetMetaData = lg_GetMetaData;
+    sdb->sdb_PutMetaData = lg_PutMetaData;
+    sdb->sdb_Begin = lg_Begin;
+    sdb->sdb_Commit = lg_Commit;
+    sdb->sdb_Abort = lg_Abort;
+    sdb->sdb_Reset = lg_Reset;
+    sdb->sdb_Close = lg_Close;
+    sdb->sdb_SetForkState = lg_SetForkState;
+
+    *pSdb = sdb;
+    return CKR_OK;
+
+loser:
+    if (sdb) {
+        PORT_Free(sdb);
+    }
+    if (lgdb_p) {
+        if (lgdb_p->dbLock) {
+            PR_DestroyLock(lgdb_p->dbLock);
+        }
+        if (lgdb_p->hashTable) {
+            PL_HashTableDestroy(lgdb_p->hashTable);
+        }
+        PORT_Free(lgdb_p);
+    }
+    return error;
+}
+
+/*
+ * OK there are now lots of options here, lets go through them all:
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ *              "https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ *             "https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * readOnly - Boolean: true if the databases are to be openned read only.
+ * nocertdb - Don't open the cert DB and key DB's, just initialize the
+ *            Volatile certdb.
+ * nomoddb - Don't open the security module DB, just initialize the
+ *           PKCS #11 module.
+ * forceOpen - Continue to force initializations even if the databases cannot
+ *             be opened.
+ */
+CK_RV
+legacy_Open(const char *configdir, const char *certPrefix,
+            const char *keyPrefix, int certVersion, int keyVersion,
+            int flags, SDB **certDB, SDB **keyDB)
+{
+    CK_RV crv = CKR_OK;
+    SECStatus rv;
+    PRBool readOnly = ((flags & 0x7) == SDB_RDONLY) ? PR_TRUE : PR_FALSE;
+
+#define NSS_VERSION_VARIABLE __nss_dbm_version
+#include "verref.h"
+
+    if (flags & SDB_FIPS) {
+        if (!lg_FIPSEntryOK()) {
+            return CKR_DEVICE_ERROR;
+        }
+    }
+
+    rv = SECOID_Init();
+    if (SECSuccess != rv) {
+        return CKR_DEVICE_ERROR;
+    }
+    nsslowcert_InitLocks();
+
+    if (keyDB)
+        *keyDB = NULL;
+    if (certDB)
+        *certDB = NULL;
+
+    if (certDB) {
+        NSSLOWCERTCertDBHandle *certdbPtr = NULL;
+
+        crv = lg_OpenCertDB(configdir, certPrefix, readOnly, &certdbPtr);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        crv = lg_init(certDB, flags, certdbPtr, NULL);
+        if (crv != CKR_OK) {
+            nsslowcert_ClosePermCertDB(certdbPtr);
+            goto loser;
+        }
+    }
+    if (keyDB) {
+        NSSLOWKEYDBHandle *keydbPtr;
+
+        crv = lg_OpenKeyDB(configdir, keyPrefix, readOnly, &keydbPtr);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        crv = lg_init(keyDB, flags, NULL, keydbPtr);
+        if (crv != CKR_OK) {
+            nsslowkey_CloseKeyDB(keydbPtr);
+            goto loser;
+        }
+        if (certDB && *certDB) {
+            LGPrivate *lgdb_p = (LGPrivate *)(*certDB)->private;
+            lgdb_p->keyDB = keydbPtr;
+        }
+    }
+
+loser:
+    if (crv != CKR_OK) {
+        if (keyDB && *keyDB) {
+            lg_Close(*keyDB);
+            *keyDB = NULL;
+        }
+        if (certDB && *certDB) {
+            lg_Close(*certDB);
+            *certDB = NULL;
+        }
+    }
+    return crv;
+}
+
+CK_RV
+legacy_Shutdown(PRBool forked)
+{
+    lg_SetForkState(forked);
+    nsslowcert_DestroyFreeLists();
+    nsslowcert_DestroyGlobalLocks();
+    SECOID_Shutdown();
+    lg_SetForkState(PR_FALSE);
+    return CKR_OK;
+}
diff --git a/nss/lib/softoken/legacydb/lgutil.c b/nss/lib/softoken/legacydb/lgutil.c
new file mode 100644
index 0000000..d872bf4
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lgutil.c
@@ -0,0 +1,399 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "lgdb.h"
+#include "secerr.h"
+#include "lgglue.h"
+
+/*
+ * ******************** Attribute Utilities *******************************
+ */
+
+/*
+ * look up and attribute structure from a type and Object structure.
+ * The returned attribute is referenced and needs to be freed when
+ * it is no longer needed.
+ */
+const CK_ATTRIBUTE *
+lg_FindAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ,
+                 CK_ULONG count)
+{
+    unsigned int i;
+
+    for (i = 0; i < count; i++) {
+        if (templ[i].type == type) {
+            return &templ[i];
+        }
+    }
+    return NULL;
+}
+
+/*
+ * return true if object has attribute
+ */
+PRBool
+lg_hasAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ,
+                CK_ULONG count)
+{
+    if (lg_FindAttribute(type, templ, count) == NULL) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/*
+ * copy an attribute into a SECItem. Secitem is allocated in the specified
+ * arena.
+ */
+CK_RV
+lg_Attribute2SecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type,
+                     const CK_ATTRIBUTE *templ, CK_ULONG count,
+                     SECItem *item)
+{
+    int len;
+    const CK_ATTRIBUTE *attribute;
+
+    attribute = lg_FindAttribute(type, templ, count);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+    len = attribute->ulValueLen;
+
+    if (arena) {
+        item->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
+    } else {
+        item->data = (unsigned char *)PORT_Alloc(len);
+    }
+    if (item->data == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    item->len = len;
+    if (item->len) {
+        PORT_Memcpy(item->data, attribute->pValue, len);
+    }
+    return CKR_OK;
+}
+
+/*
+ * copy an unsigned attribute into a SECItem. Secitem is allocated in
+ * the specified arena.
+ */
+CK_RV
+lg_Attribute2SSecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type,
+                      const CK_ATTRIBUTE *templ, CK_ULONG count,
+                      SECItem *item)
+{
+    const CK_ATTRIBUTE *attribute;
+    item->data = NULL;
+
+    attribute = lg_FindAttribute(type, templ, count);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+
+    (void)SECITEM_AllocItem(arena, item, attribute->ulValueLen);
+    if (item->data == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    PORT_Memcpy(item->data, attribute->pValue, item->len);
+    return CKR_OK;
+}
+
+/*
+ * copy an unsigned attribute into a SECItem. Secitem is allocated in
+ * the specified arena.
+ */
+CK_RV
+lg_PrivAttr2SSecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type,
+                     const CK_ATTRIBUTE *templ, CK_ULONG count,
+                     SECItem *item, SDB *sdbpw)
+{
+    const CK_ATTRIBUTE *attribute;
+    SECItem epki, *dest = NULL;
+    SECStatus rv;
+
+    item->data = NULL;
+
+    attribute = lg_FindAttribute(type, templ, count);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+
+    epki.data = attribute->pValue;
+    epki.len = attribute->ulValueLen;
+
+    rv = lg_util_decrypt(sdbpw, &epki, &dest);
+    if (rv != SECSuccess) {
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+    (void)SECITEM_AllocItem(arena, item, dest->len);
+    if (item->data == NULL) {
+        SECITEM_FreeItem(dest, PR_TRUE);
+        return CKR_HOST_MEMORY;
+    }
+
+    PORT_Memcpy(item->data, dest->data, item->len);
+    SECITEM_FreeItem(dest, PR_TRUE);
+    return CKR_OK;
+}
+
+CK_RV
+lg_PrivAttr2SecItem(PLArenaPool *arena, CK_ATTRIBUTE_TYPE type,
+                    const CK_ATTRIBUTE *templ, CK_ULONG count,
+                    SECItem *item, SDB *sdbpw)
+{
+    return lg_PrivAttr2SSecItem(arena, type, templ, count, item, sdbpw);
+}
+
+/*
+ * this is only valid for CK_BBOOL type attributes. Return the state
+ * of that attribute.
+ */
+PRBool
+lg_isTrue(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    const CK_ATTRIBUTE *attribute;
+    PRBool tok = PR_FALSE;
+
+    attribute = lg_FindAttribute(type, templ, count);
+    if (attribute == NULL) {
+        return PR_FALSE;
+    }
+    tok = (PRBool)(*(CK_BBOOL *)attribute->pValue);
+
+    return tok;
+}
+
+/*
+ * return a null terminated string from attribute 'type'. This string
+ * is allocated and needs to be freed with PORT_Free() When complete.
+ */
+char *
+lg_getString(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ, CK_ULONG count)
+{
+    const CK_ATTRIBUTE *attribute;
+    char *label = NULL;
+
+    attribute = lg_FindAttribute(type, templ, count);
+    if (attribute == NULL)
+        return NULL;
+
+    if (attribute->pValue != NULL) {
+        label = (char *)PORT_Alloc(attribute->ulValueLen + 1);
+        if (label == NULL) {
+            return NULL;
+        }
+
+        PORT_Memcpy(label, attribute->pValue, attribute->ulValueLen);
+        label[attribute->ulValueLen] = 0;
+    }
+    return label;
+}
+
+CK_RV
+lg_GetULongAttribute(CK_ATTRIBUTE_TYPE type, const CK_ATTRIBUTE *templ,
+                     CK_ULONG count, CK_ULONG *longData)
+{
+    const CK_ATTRIBUTE *attribute;
+    CK_ULONG value = 0;
+    const unsigned char *data;
+    int i;
+
+    attribute = lg_FindAttribute(type, templ, count);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+
+    if (attribute->ulValueLen != 4) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    data = (const unsigned char *)attribute->pValue;
+    for (i = 0; i < 4; i++) {
+        value |= (CK_ULONG)(data[i]) << ((3 - i) * 8);
+    }
+
+    *longData = value;
+    return CKR_OK;
+}
+
+/*
+ * ******************** Object Utilities *******************************
+ */
+
+SECStatus
+lg_deleteTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle)
+{
+    SECItem *item;
+    PRBool rem;
+    PLHashTable *hashTable = lg_GetHashTable(sdb);
+
+    item = (SECItem *)PL_HashTableLookup(hashTable, (void *)handle);
+    rem = PL_HashTableRemove(hashTable, (void *)handle);
+    if (rem && item) {
+        SECITEM_FreeItem(item, PR_TRUE);
+    }
+    return rem ? SECSuccess : SECFailure;
+}
+
+/* must be called holding lg_DBLock(sdb) */
+static SECStatus
+lg_addTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle, SECItem *key)
+{
+    PLHashEntry *entry;
+    SECItem *item;
+    PLHashTable *hashTable = lg_GetHashTable(sdb);
+
+    item = SECITEM_DupItem(key);
+    if (item == NULL) {
+        return SECFailure;
+    }
+    entry = PL_HashTableAdd(hashTable, (void *)handle, item);
+    if (entry == NULL) {
+        SECITEM_FreeItem(item, PR_TRUE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* must be called holding lg_DBLock(sdb) */
+const SECItem *
+lg_lookupTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle)
+{
+    PLHashTable *hashTable = lg_GetHashTable(sdb);
+    return (const SECItem *)PL_HashTableLookup(hashTable, (void *)handle);
+}
+
+static PRIntn
+lg_freeHashItem(PLHashEntry *entry, PRIntn index, void *arg)
+{
+    SECItem *item = (SECItem *)entry->value;
+
+    SECITEM_FreeItem(item, PR_TRUE);
+    return HT_ENUMERATE_NEXT;
+}
+
+CK_RV
+lg_ClearTokenKeyHashTable(SDB *sdb)
+{
+    PLHashTable *hashTable;
+    lg_DBLock(sdb);
+    hashTable = lg_GetHashTable(sdb);
+    PL_HashTableEnumerateEntries(hashTable, lg_freeHashItem, NULL);
+    lg_DBUnlock(sdb);
+    return CKR_OK;
+}
+
+/*
+ * handle Token Object stuff
+ */
+static void
+lg_XORHash(unsigned char *key, unsigned char *dbkey, int len)
+{
+    int i;
+
+    PORT_Memset(key, 0, 4);
+
+    for (i = 0; i < len - 4; i += 4) {
+        key[0] ^= dbkey[i];
+        key[1] ^= dbkey[i + 1];
+        key[2] ^= dbkey[i + 2];
+        key[3] ^= dbkey[i + 3];
+    }
+}
+
+/* Make a token handle for an object and record it so we can find it again */
+CK_OBJECT_HANDLE
+lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class)
+{
+    unsigned char hashBuf[4];
+    CK_OBJECT_HANDLE handle;
+    const SECItem *key;
+
+    handle = class;
+    /* there is only one KRL, use a fixed handle for it */
+    if (handle != LG_TOKEN_KRL_HANDLE) {
+        lg_XORHash(hashBuf, dbKey->data, dbKey->len);
+        handle = ((CK_OBJECT_HANDLE)hashBuf[0] << 24) |
+                 ((CK_OBJECT_HANDLE)hashBuf[1] << 16) |
+                 ((CK_OBJECT_HANDLE)hashBuf[2] << 8) |
+                 (CK_OBJECT_HANDLE)hashBuf[3];
+        handle = class | (handle & ~(LG_TOKEN_TYPE_MASK | LG_TOKEN_MASK));
+        /* we have a CRL who's handle has randomly matched the reserved KRL
+         * handle, increment it */
+        if (handle == LG_TOKEN_KRL_HANDLE) {
+            handle++;
+        }
+    }
+
+    lg_DBLock(sdb);
+    while ((key = lg_lookupTokenKeyByHandle(sdb, handle)) != NULL) {
+        if (SECITEM_ItemsAreEqual(key, dbKey)) {
+            lg_DBUnlock(sdb);
+            return handle;
+        }
+        handle++;
+    }
+    lg_addTokenKeyByHandle(sdb, handle, dbKey);
+    lg_DBUnlock(sdb);
+    return handle;
+}
+
+PRBool
+lg_poisonHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class)
+{
+    unsigned char hashBuf[4];
+    CK_OBJECT_HANDLE handle;
+    const SECItem *key;
+
+    handle = class;
+    /* there is only one KRL, use a fixed handle for it */
+    if (handle != LG_TOKEN_KRL_HANDLE) {
+        lg_XORHash(hashBuf, dbKey->data, dbKey->len);
+        handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) |
+                 (hashBuf[2] << 8) | hashBuf[3];
+        handle = class | (handle & ~(LG_TOKEN_TYPE_MASK | LG_TOKEN_MASK));
+        /* we have a CRL who's handle has randomly matched the reserved KRL
+         * handle, increment it */
+        if (handle == LG_TOKEN_KRL_HANDLE) {
+            handle++;
+        }
+    }
+    lg_DBLock(sdb);
+    while ((key = lg_lookupTokenKeyByHandle(sdb, handle)) != NULL) {
+        if (SECITEM_ItemsAreEqual(key, dbKey)) {
+            key->data[0] ^= 0x80;
+            lg_DBUnlock(sdb);
+            return PR_TRUE;
+        }
+        handle++;
+    }
+    lg_DBUnlock(sdb);
+    return PR_FALSE;
+}
+
+static LGEncryptFunc lg_encrypt_stub = NULL;
+static LGDecryptFunc lg_decrypt_stub = NULL;
+
+void
+legacy_SetCryptFunctions(LGEncryptFunc enc, LGDecryptFunc dec)
+{
+    lg_encrypt_stub = enc;
+    lg_decrypt_stub = dec;
+}
+
+SECStatus
+lg_util_encrypt(PLArenaPool *arena, SDB *sdb,
+                SECItem *plainText, SECItem **cipherText)
+{
+    if (lg_encrypt_stub == NULL) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return (*lg_encrypt_stub)(arena, sdb, plainText, cipherText);
+}
+
+SECStatus
+lg_util_decrypt(SDB *sdb, SECItem *cipherText, SECItem **plainText)
+{
+    if (lg_decrypt_stub == NULL) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return (*lg_decrypt_stub)(sdb, cipherText, plainText);
+}
diff --git a/nss/lib/softoken/legacydb/lowcert.c b/nss/lib/softoken/legacydb/lowcert.c
new file mode 100644
index 0000000..2906120
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lowcert.c
@@ -0,0 +1,856 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Certificate handling code
+ */
+
+#include "seccomon.h"
+#include "secder.h"
+#include "nssilock.h"
+#include "lowkeyi.h"
+#include "secasn1.h"
+#include "secoid.h"
+#include "secerr.h"
+#include "pcert.h"
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+static const SEC_ASN1Template nsslowcert_SubjectPublicKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWCERTSubjectPublicKeyInfo) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSLOWCERTSubjectPublicKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_BIT_STRING,
+      offsetof(NSSLOWCERTSubjectPublicKeyInfo, subjectPublicKey) },
+    { 0 }
+};
+
+static const SEC_ASN1Template nsslowcert_RSAPublicKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPublicKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey, u.rsa.modulus) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey, u.rsa.publicExponent) },
+    { 0 }
+};
+static const SEC_ASN1Template nsslowcert_DSAPublicKeyTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey, u.dsa.publicValue) },
+    { 0 }
+};
+static const SEC_ASN1Template nsslowcert_DHPublicKeyTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPublicKey, u.dh.publicValue) },
+    { 0 }
+};
+
+/*
+ * See bugzilla bug 125359
+ * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
+ * all of the templates above that en/decode into integers must be converted
+ * from ASN.1's signed integer type.  This is done by marking either the
+ * source or destination (encoding or decoding, respectively) type as
+ * siUnsignedInteger.
+ */
+
+static void
+prepare_low_rsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
+{
+    pubk->u.rsa.modulus.type = siUnsignedInteger;
+    pubk->u.rsa.publicExponent.type = siUnsignedInteger;
+}
+
+static void
+prepare_low_dsa_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
+{
+    pubk->u.dsa.publicValue.type = siUnsignedInteger;
+    pubk->u.dsa.params.prime.type = siUnsignedInteger;
+    pubk->u.dsa.params.subPrime.type = siUnsignedInteger;
+    pubk->u.dsa.params.base.type = siUnsignedInteger;
+}
+
+static void
+prepare_low_dh_pub_key_for_asn1(NSSLOWKEYPublicKey *pubk)
+{
+    pubk->u.dh.prime.type = siUnsignedInteger;
+    pubk->u.dh.base.type = siUnsignedInteger;
+    pubk->u.dh.publicValue.type = siUnsignedInteger;
+}
+
+/*
+ * simple cert decoder to avoid the cost of asn1 engine
+ */
+static unsigned char *
+nsslowcert_dataStart(unsigned char *buf, unsigned int length,
+                     unsigned int *data_length, PRBool includeTag,
+                     unsigned char *rettag)
+{
+    unsigned char tag;
+    unsigned int used_length = 0;
+
+    /* need at least a tag and a 1 byte length */
+    if (length < 2) {
+        return NULL;
+    }
+
+    tag = buf[used_length++];
+
+    if (rettag) {
+        *rettag = tag;
+    }
+
+    /* blow out when we come to the end */
+    if (tag == 0) {
+        return NULL;
+    }
+
+    *data_length = buf[used_length++];
+
+    if (*data_length & 0x80) {
+        int len_count = *data_length & 0x7f;
+
+        if (len_count + used_length > length) {
+            return NULL;
+        }
+
+        *data_length = 0;
+
+        while (len_count-- > 0) {
+            *data_length = (*data_length << 8) | buf[used_length++];
+        }
+    }
+
+    if (*data_length > (length - used_length)) {
+        *data_length = length - used_length;
+        return NULL;
+    }
+    if (includeTag)
+        *data_length += used_length;
+
+    return (buf + (includeTag ? 0 : used_length));
+}
+
+static void
+SetTimeType(SECItem *item, unsigned char tagtype)
+{
+    switch (tagtype) {
+        case SEC_ASN1_UTC_TIME:
+            item->type = siUTCTime;
+            break;
+
+        case SEC_ASN1_GENERALIZED_TIME:
+            item->type = siGeneralizedTime;
+            break;
+
+        default:
+            PORT_Assert(0);
+            break;
+    }
+}
+
+static int
+nsslowcert_GetValidityFields(unsigned char *buf, int buf_length,
+                             SECItem *notBefore, SECItem *notAfter)
+{
+    unsigned char tagtype;
+    notBefore->data = nsslowcert_dataStart(buf, buf_length,
+                                           &notBefore->len, PR_FALSE, &tagtype);
+    if (notBefore->data == NULL)
+        return SECFailure;
+    SetTimeType(notBefore, tagtype);
+    buf_length -= (notBefore->data - buf) + notBefore->len;
+    buf = notBefore->data + notBefore->len;
+    notAfter->data = nsslowcert_dataStart(buf, buf_length,
+                                          &notAfter->len, PR_FALSE, &tagtype);
+    if (notAfter->data == NULL)
+        return SECFailure;
+    SetTimeType(notAfter, tagtype);
+    return SECSuccess;
+}
+
+static int
+nsslowcert_GetCertFields(unsigned char *cert, int cert_length,
+                         SECItem *issuer, SECItem *serial, SECItem *derSN, SECItem *subject,
+                         SECItem *valid, SECItem *subjkey, SECItem *extensions)
+{
+    unsigned char *buf;
+    unsigned int buf_length;
+    unsigned char *dummy;
+    unsigned int dummylen;
+
+    /* get past the signature wrap */
+    buf = nsslowcert_dataStart(cert, cert_length, &buf_length, PR_FALSE, NULL);
+    if (buf == NULL)
+        return SECFailure;
+    /* get into the raw cert data */
+    buf = nsslowcert_dataStart(buf, buf_length, &buf_length, PR_FALSE, NULL);
+    if (buf == NULL)
+        return SECFailure;
+    /* skip past any optional version number */
+    if ((buf[0] & 0xa0) == 0xa0) {
+        dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
+        if (dummy == NULL)
+            return SECFailure;
+        buf_length -= (dummy - buf) + dummylen;
+        buf = dummy + dummylen;
+    }
+    /* serial number */
+    if (derSN) {
+        derSN->data = nsslowcert_dataStart(buf, buf_length, &derSN->len, PR_TRUE, NULL);
+        /* derSN->data  doesn't need to be checked because if it fails so will
+         * serial->data below. The only difference between the two calls is
+         * whether or not the tags are included in the returned buffer */
+    }
+    serial->data = nsslowcert_dataStart(buf, buf_length, &serial->len, PR_FALSE, NULL);
+    if (serial->data == NULL)
+        return SECFailure;
+    buf_length -= (serial->data - buf) + serial->len;
+    buf = serial->data + serial->len;
+    /* skip the OID */
+    dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
+    if (dummy == NULL)
+        return SECFailure;
+    buf_length -= (dummy - buf) + dummylen;
+    buf = dummy + dummylen;
+    /* issuer */
+    issuer->data = nsslowcert_dataStart(buf, buf_length, &issuer->len, PR_TRUE, NULL);
+    if (issuer->data == NULL)
+        return SECFailure;
+    buf_length -= (issuer->data - buf) + issuer->len;
+    buf = issuer->data + issuer->len;
+
+    /* only wanted issuer/SN */
+    if (valid == NULL) {
+        return SECSuccess;
+    }
+    /* validity */
+    valid->data = nsslowcert_dataStart(buf, buf_length, &valid->len, PR_FALSE, NULL);
+    if (valid->data == NULL)
+        return SECFailure;
+    buf_length -= (valid->data - buf) + valid->len;
+    buf = valid->data + valid->len;
+    /*subject */
+    subject->data = nsslowcert_dataStart(buf, buf_length, &subject->len, PR_TRUE, NULL);
+    if (subject->data == NULL)
+        return SECFailure;
+    buf_length -= (subject->data - buf) + subject->len;
+    buf = subject->data + subject->len;
+    /* subject  key info */
+    subjkey->data = nsslowcert_dataStart(buf, buf_length, &subjkey->len, PR_TRUE, NULL);
+    if (subjkey->data == NULL)
+        return SECFailure;
+    buf_length -= (subjkey->data - buf) + subjkey->len;
+    buf = subjkey->data + subjkey->len;
+
+    extensions->data = NULL;
+    extensions->len = 0;
+    while (buf_length > 0) {
+        /* EXTENSIONS */
+        if (buf[0] == 0xa3) {
+            extensions->data = nsslowcert_dataStart(buf, buf_length,
+                                                    &extensions->len, PR_FALSE, NULL);
+            /* if the DER is bad, we should fail. Previously we accepted
+             * bad DER here and treated the extension as missin */
+            if (extensions->data == NULL ||
+                (extensions->data - buf) + extensions->len != buf_length)
+                return SECFailure;
+            buf = extensions->data;
+            buf_length = extensions->len;
+            /* now parse the SEQUENCE holding the extensions. */
+            dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
+            if (dummy == NULL ||
+                (dummy - buf) + dummylen != buf_length)
+                return SECFailure;
+            buf_length -= (dummy - buf);
+            buf = dummy;
+            /* Now parse the extensions inside this sequence */
+        }
+        dummy = nsslowcert_dataStart(buf, buf_length, &dummylen, PR_FALSE, NULL);
+        if (dummy == NULL)
+            return SECFailure;
+        buf_length -= (dummy - buf) + dummylen;
+        buf = dummy + dummylen;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+nsslowcert_GetCertTimes(NSSLOWCERTCertificate *c, PRTime *notBefore, PRTime *notAfter)
+{
+    int rv;
+    NSSLOWCERTValidity validity;
+
+    rv = nsslowcert_GetValidityFields(c->validity.data, c->validity.len,
+                                      &validity.notBefore, &validity.notAfter);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    /* convert DER not-before time */
+    rv = DER_DecodeTimeChoice(notBefore, &validity.notBefore);
+    if (rv) {
+        return (SECFailure);
+    }
+
+    /* convert DER not-after time */
+    rv = DER_DecodeTimeChoice(notAfter, &validity.notAfter);
+    if (rv) {
+        return (SECFailure);
+    }
+
+    return (SECSuccess);
+}
+
+/*
+ * is certa newer than certb?  If one is expired, pick the other one.
+ */
+PRBool
+nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb)
+{
+    PRTime notBeforeA, notAfterA, notBeforeB, notAfterB, now;
+    SECStatus rv;
+    PRBool newerbefore, newerafter;
+
+    rv = nsslowcert_GetCertTimes(certa, &notBeforeA, &notAfterA);
+    if (rv != SECSuccess) {
+        return (PR_FALSE);
+    }
+
+    rv = nsslowcert_GetCertTimes(certb, &notBeforeB, &notAfterB);
+    if (rv != SECSuccess) {
+        return (PR_TRUE);
+    }
+
+    newerbefore = PR_FALSE;
+    if (LL_CMP(notBeforeA, >, notBeforeB)) {
+        newerbefore = PR_TRUE;
+    }
+
+    newerafter = PR_FALSE;
+    if (LL_CMP(notAfterA, >, notAfterB)) {
+        newerafter = PR_TRUE;
+    }
+
+    if (newerbefore && newerafter) {
+        return (PR_TRUE);
+    }
+
+    if ((!newerbefore) && (!newerafter)) {
+        return (PR_FALSE);
+    }
+
+    /* get current time */
+    now = PR_Now();
+
+    if (newerbefore) {
+        /* cert A was issued after cert B, but expires sooner */
+        /* if A is expired, then pick B */
+        if (LL_CMP(notAfterA, <, now)) {
+            return (PR_FALSE);
+        }
+        return (PR_TRUE);
+    } else {
+        /* cert B was issued after cert A, but expires sooner */
+        /* if B is expired, then pick A */
+        if (LL_CMP(notAfterB, <, now)) {
+            return (PR_TRUE);
+        }
+        return (PR_FALSE);
+    }
+}
+
+#define SOFT_DEFAULT_CHUNKSIZE 2048
+
+static SECStatus
+nsslowcert_KeyFromIssuerAndSN(PLArenaPool *arena,
+                              SECItem *issuer, SECItem *sn, SECItem *key)
+{
+    unsigned int len = sn->len + issuer->len;
+
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+    if (len > NSS_MAX_LEGACY_DB_KEY_SIZE) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        goto loser;
+    }
+    key->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
+    if (!key->data) {
+        goto loser;
+    }
+
+    key->len = len;
+    /* copy the serialNumber */
+    PORT_Memcpy(key->data, sn->data, sn->len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+static SECStatus
+nsslowcert_KeyFromIssuerAndSNStatic(unsigned char *space,
+                                    int spaceLen, SECItem *issuer, SECItem *sn, SECItem *key)
+{
+    unsigned int len = sn->len + issuer->len;
+
+    key->data = pkcs11_allocStaticData(len, space, spaceLen);
+    if (!key->data) {
+        goto loser;
+    }
+
+    key->len = len;
+    /* copy the serialNumber */
+    PORT_Memcpy(key->data, sn->data, sn->len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&key->data[sn->len], issuer->data, issuer->len);
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+static char *
+nsslowcert_EmailName(SECItem *derDN, char *space, unsigned int len)
+{
+    unsigned char *buf;
+    unsigned int buf_length;
+
+    /* unwrap outer sequence */
+    buf = nsslowcert_dataStart(derDN->data, derDN->len, &buf_length, PR_FALSE, NULL);
+    if (buf == NULL)
+        return NULL;
+
+    /* Walk each RDN */
+    while (buf_length > 0) {
+        unsigned char *rdn;
+        unsigned int rdn_length;
+
+        /* grab next rdn */
+        rdn = nsslowcert_dataStart(buf, buf_length, &rdn_length, PR_FALSE, NULL);
+        if (rdn == NULL) {
+            return NULL;
+        }
+        buf_length -= (rdn - buf) + rdn_length;
+        buf = rdn + rdn_length;
+
+        while (rdn_length > 0) {
+            unsigned char *ava;
+            unsigned int ava_length;
+            unsigned char *oid;
+            unsigned int oid_length;
+            unsigned char *name;
+            unsigned int name_length;
+            SECItem oidItem;
+            SECOidTag type;
+
+            /* unwrap the ava */
+            ava = nsslowcert_dataStart(rdn, rdn_length, &ava_length, PR_FALSE,
+                                       NULL);
+            if (ava == NULL)
+                return NULL;
+            rdn_length -= (ava - rdn) + ava_length;
+            rdn = ava + ava_length;
+
+            oid = nsslowcert_dataStart(ava, ava_length, &oid_length, PR_FALSE,
+                                       NULL);
+            if (oid == NULL) {
+                return NULL;
+            }
+            ava_length -= (oid - ava) + oid_length;
+            ava = oid + oid_length;
+
+            name = nsslowcert_dataStart(ava, ava_length, &name_length, PR_FALSE,
+                                        NULL);
+            if (name == NULL) {
+                return NULL;
+            }
+            ava_length -= (name - ava) + name_length;
+            ava = name + name_length;
+
+            oidItem.data = oid;
+            oidItem.len = oid_length;
+            type = SECOID_FindOIDTag(&oidItem);
+            if ((type == SEC_OID_PKCS9_EMAIL_ADDRESS) ||
+                (type == SEC_OID_RFC1274_MAIL)) {
+                /* Email is supposed to be IA5String, so no
+                 * translation necessary */
+                char *emailAddr;
+                emailAddr = (char *)pkcs11_copyStaticData(name, name_length + 1,
+                                                          (unsigned char *)space, len);
+                if (emailAddr) {
+                    emailAddr[name_length] = 0;
+                }
+                return emailAddr;
+            }
+        }
+    }
+    return NULL;
+}
+
+static char *
+nsslowcert_EmailAltName(NSSLOWCERTCertificate *cert, char *space,
+                        unsigned int len)
+{
+    unsigned char *exts;
+    unsigned int exts_length;
+
+    /* unwrap the sequence */
+    exts = nsslowcert_dataStart(cert->extensions.data, cert->extensions.len,
+                                &exts_length, PR_FALSE, NULL);
+    /* loop through extension */
+    while (exts && exts_length > 0) {
+        unsigned char *ext;
+        unsigned int ext_length;
+        unsigned char *oid;
+        unsigned int oid_length;
+        unsigned char *nameList;
+        unsigned int nameList_length;
+        SECItem oidItem;
+        SECOidTag type;
+
+        ext = nsslowcert_dataStart(exts, exts_length, &ext_length,
+                                   PR_FALSE, NULL);
+        if (ext == NULL) {
+            break;
+        }
+        exts_length -= (ext - exts) + ext_length;
+        exts = ext + ext_length;
+
+        oid = nsslowcert_dataStart(ext, ext_length, &oid_length, PR_FALSE, NULL);
+        if (oid == NULL) {
+            break;
+        }
+        ext_length -= (oid - ext) + oid_length;
+        ext = oid + oid_length;
+        oidItem.data = oid;
+        oidItem.len = oid_length;
+        type = SECOID_FindOIDTag(&oidItem);
+
+        /* get Alt Extension */
+        if (type != SEC_OID_X509_SUBJECT_ALT_NAME) {
+            continue;
+        }
+
+        /* skip passed the critical flag */
+        if (ext[0] == 0x01) { /* BOOLEAN */
+            unsigned char *dummy;
+            unsigned int dummy_length;
+            dummy = nsslowcert_dataStart(ext, ext_length, &dummy_length,
+                                         PR_FALSE, NULL);
+            if (dummy == NULL) {
+                break;
+            }
+            ext_length -= (dummy - ext) + dummy_length;
+            ext = dummy + dummy_length;
+        }
+
+        /* unwrap the name list */
+        nameList = nsslowcert_dataStart(ext, ext_length, &nameList_length,
+                                        PR_FALSE, NULL);
+        if (nameList == NULL) {
+            break;
+        }
+        ext_length -= (nameList - ext) + nameList_length;
+        ext = nameList + nameList_length;
+        nameList = nsslowcert_dataStart(nameList, nameList_length,
+                                        &nameList_length, PR_FALSE, NULL);
+        /* loop through the name list */
+        while (nameList && nameList_length > 0) {
+            unsigned char *thisName;
+            unsigned int thisName_length;
+
+            thisName = nsslowcert_dataStart(nameList, nameList_length,
+                                            &thisName_length, PR_FALSE, NULL);
+            if (thisName == NULL) {
+                break;
+            }
+            if (nameList[0] == 0xa2) { /* DNS Name */
+                SECItem dn;
+                char *emailAddr;
+
+                dn.data = thisName;
+                dn.len = thisName_length;
+                emailAddr = nsslowcert_EmailName(&dn, space, len);
+                if (emailAddr) {
+                    return emailAddr;
+                }
+            }
+            if (nameList[0] == 0x81) { /* RFC 822name */
+                char *emailAddr;
+                emailAddr = (char *)pkcs11_copyStaticData(thisName,
+                                                          thisName_length + 1, (unsigned char *)space, len);
+                if (emailAddr) {
+                    emailAddr[thisName_length] = 0;
+                }
+                return emailAddr;
+            }
+            nameList_length -= (thisName - nameList) + thisName_length;
+            nameList = thisName + thisName_length;
+        }
+        break;
+    }
+    return NULL;
+}
+
+static char *
+nsslowcert_GetCertificateEmailAddress(NSSLOWCERTCertificate *cert)
+{
+    char *emailAddr = NULL;
+    char *str;
+
+    emailAddr = nsslowcert_EmailName(&cert->derSubject, cert->emailAddrSpace,
+                                     sizeof(cert->emailAddrSpace));
+    /* couldn't find the email address in the DN, check the subject Alt name */
+    if (!emailAddr && cert->extensions.data) {
+        emailAddr = nsslowcert_EmailAltName(cert, cert->emailAddrSpace,
+                                            sizeof(cert->emailAddrSpace));
+    }
+
+    /* make it lower case */
+    str = emailAddr;
+    while (str && *str) {
+        *str = tolower(*str);
+        str++;
+    }
+    return emailAddr;
+}
+
+/*
+ * take a DER certificate and decode it into a certificate structure
+ */
+NSSLOWCERTCertificate *
+nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname)
+{
+    NSSLOWCERTCertificate *cert;
+    int rv;
+
+    /* allocate the certificate structure */
+    cert = nsslowcert_CreateCert();
+
+    if (!cert) {
+        goto loser;
+    }
+
+    /* point to passed in DER data */
+    cert->derCert = *derSignedCert;
+    cert->nickname = NULL;
+    cert->certKey.data = NULL;
+    cert->referenceCount = 1;
+
+    /* decode the certificate info */
+    rv = nsslowcert_GetCertFields(cert->derCert.data, cert->derCert.len,
+                                  &cert->derIssuer, &cert->serialNumber, &cert->derSN, &cert->derSubject,
+                                  &cert->validity, &cert->derSubjKeyInfo, &cert->extensions);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* cert->subjectKeyID;   x509v3 subject key identifier */
+    cert->subjectKeyID.data = NULL;
+    cert->subjectKeyID.len = 0;
+    cert->dbEntry = NULL;
+    cert->trust = NULL;
+    cert->dbhandle = NULL;
+
+    /* generate and save the database key for the cert */
+    rv = nsslowcert_KeyFromIssuerAndSNStatic(cert->certKeySpace,
+                                             sizeof(cert->certKeySpace), &cert->derIssuer,
+                                             &cert->serialNumber, &cert->certKey);
+    if (rv) {
+        goto loser;
+    }
+
+    /* set the nickname */
+    if (nickname == NULL) {
+        cert->nickname = NULL;
+    } else {
+        /* copy and install the nickname */
+        cert->nickname = pkcs11_copyNickname(nickname, cert->nicknameSpace,
+                                             sizeof(cert->nicknameSpace));
+    }
+
+#ifdef FIXME
+    /* initialize the subjectKeyID */
+    rv = cert_GetKeyID(cert);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+#endif
+
+    /* set the email address */
+    cert->emailAddr = nsslowcert_GetCertificateEmailAddress(cert);
+
+    cert->referenceCount = 1;
+
+    return (cert);
+
+loser:
+    if (cert) {
+        nsslowcert_DestroyCertificate(cert);
+    }
+
+    return (0);
+}
+
+char *
+nsslowcert_FixupEmailAddr(char *emailAddr)
+{
+    char *retaddr;
+    char *str;
+
+    if (emailAddr == NULL) {
+        return (NULL);
+    }
+
+    /* copy the string */
+    str = retaddr = PORT_Strdup(emailAddr);
+    if (str == NULL) {
+        return (NULL);
+    }
+
+    /* make it lower case */
+    while (*str) {
+        *str = tolower(*str);
+        str++;
+    }
+
+    return (retaddr);
+}
+
+/*
+ * Generate a database key, based on serial number and issuer, from a
+ * DER certificate.
+ */
+SECStatus
+nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key)
+{
+    int rv;
+    NSSLOWCERTCertKey certkey;
+
+    PORT_Memset(&certkey, 0, sizeof(NSSLOWCERTCertKey));
+
+    rv = nsslowcert_GetCertFields(derCert->data, derCert->len,
+                                  &certkey.derIssuer, &certkey.serialNumber, NULL, NULL,
+                                  NULL, NULL, NULL);
+
+    if (rv) {
+        goto loser;
+    }
+
+    return (nsslowcert_KeyFromIssuerAndSN(arena, &certkey.derIssuer,
+                                          &certkey.serialNumber, key));
+loser:
+    return (SECFailure);
+}
+
+NSSLOWKEYPublicKey *
+nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *cert)
+{
+    NSSLOWCERTSubjectPublicKeyInfo spki;
+    NSSLOWKEYPublicKey *pubk;
+    SECItem os;
+    SECStatus rv;
+    PLArenaPool *arena;
+    SECOidTag tag;
+    SECItem newDerSubjKeyInfo;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        return NULL;
+
+    pubk = (NSSLOWKEYPublicKey *)
+        PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPublicKey));
+    if (pubk == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    pubk->arena = arena;
+    PORT_Memset(&spki, 0, sizeof(spki));
+
+    /* copy the DER into the arena, since Quick DER returns data that points
+       into the DER input, which may get freed by the caller */
+    rv = SECITEM_CopyItem(arena, &newDerSubjKeyInfo, &cert->derSubjKeyInfo);
+    if (rv != SECSuccess) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    /* we haven't bothered decoding the spki struct yet, do it now */
+    rv = SEC_QuickDERDecodeItem(arena, &spki,
+                                nsslowcert_SubjectPublicKeyInfoTemplate, &newDerSubjKeyInfo);
+    if (rv != SECSuccess) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    /* Convert bit string length from bits to bytes */
+    os = spki.subjectPublicKey;
+    DER_ConvertBitString(&os);
+
+    tag = SECOID_GetAlgorithmTag(&spki.algorithm);
+    switch (tag) {
+        case SEC_OID_X500_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+            pubk->keyType = NSSLOWKEYRSAKey;
+            prepare_low_rsa_pub_key_for_asn1(pubk);
+            rv = SEC_QuickDERDecodeItem(arena, pubk,
+                                        nsslowcert_RSAPublicKeyTemplate, &os);
+            if (rv == SECSuccess)
+                return pubk;
+            break;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            pubk->keyType = NSSLOWKEYDSAKey;
+            prepare_low_dsa_pub_key_for_asn1(pubk);
+            rv = SEC_QuickDERDecodeItem(arena, pubk,
+                                        nsslowcert_DSAPublicKeyTemplate, &os);
+            if (rv == SECSuccess)
+                return pubk;
+            break;
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+            pubk->keyType = NSSLOWKEYDHKey;
+            prepare_low_dh_pub_key_for_asn1(pubk);
+            rv = SEC_QuickDERDecodeItem(arena, pubk,
+                                        nsslowcert_DHPublicKeyTemplate, &os);
+            if (rv == SECSuccess)
+                return pubk;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+            pubk->keyType = NSSLOWKEYECKey;
+            /* Since PKCS#11 directly takes the DER encoding of EC params
+             * and public value, we don't need any decoding here.
+             */
+            rv = SECITEM_CopyItem(arena, &pubk->u.ec.ecParams.DEREncoding,
+                                  &spki.algorithm.parameters);
+            if (rv != SECSuccess)
+                break;
+
+            /* Fill out the rest of the ecParams structure
+             * based on the encoded params
+             */
+            if (LGEC_FillParams(arena, &pubk->u.ec.ecParams.DEREncoding,
+                                &pubk->u.ec.ecParams) != SECSuccess)
+                break;
+
+            rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue, &os);
+            if (rv == SECSuccess)
+                return pubk;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            rv = SECFailure;
+            break;
+    }
+
+    lg_nsslowkey_DestroyPublicKey(pubk);
+    return NULL;
+}
diff --git a/nss/lib/softoken/legacydb/lowkey.c b/nss/lib/softoken/legacydb/lowkey.c
new file mode 100644
index 0000000..7de4197
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lowkey.c
@@ -0,0 +1,395 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "lowkeyi.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secder.h"
+#include "secasn1.h"
+#include "secerr.h"
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_BitStringTemplate)
+SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+static const SEC_ASN1Template nsslowkey_AttributeTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSLOWKEYAttribute) },
+    { SEC_ASN1_OBJECT_ID, offsetof(NSSLOWKEYAttribute, attrType) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(NSSLOWKEYAttribute, attrValue),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+static const SEC_ASN1Template nsslowkey_SetOfAttributeTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, nsslowkey_AttributeTemplate },
+};
+/* ASN1 Templates for new decoder/encoder */
+const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSLOWKEYPrivateKeyInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSLOWKEYPrivateKeyInfo, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSLOWKEYPrivateKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSLOWKEYPrivateKeyInfo, privateKey) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(NSSLOWKEYPrivateKeyInfo, attributes),
+      nsslowkey_SetOfAttributeTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template lg_nsslowkey_PQGParamsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams, prime) },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams, subPrime) },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams, base) },
+    { 0 }
+};
+
+const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.version) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.modulus) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.publicExponent) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.privateExponent) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.prime1) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.prime2) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.exponent1) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.exponent2) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.coefficient) },
+    { 0 }
+};
+
+/*
+ * Allows u.rsa.modulus to be zero length for secret keys with an empty
+ * CKA_ID incorrectly generated in NSS 3.13.3 or earlier.  Only used for
+ * decoding.  See bug 715073.
+ */
+const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.version) },
+    { SEC_ASN1_ANY, offsetof(NSSLOWKEYPrivateKey, u.rsa.modulus) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.publicExponent) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.privateExponent) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.prime1) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.prime2) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.exponent1) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.exponent2) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.coefficient) },
+    { 0 }
+};
+
+const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dsa.publicValue) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dsa.privateValue) },
+    { 0 }
+};
+
+const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.publicValue) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.privateValue) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.base) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.prime) },
+    { 0 }
+};
+
+#ifndef NSS_DISABLE_ECC
+
+/* NOTE: The SECG specification allows the private key structure
+ * to contain curve parameters but recommends that they be stored
+ * in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
+ * instead.
+ */
+const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.ec.version) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSLOWKEYPrivateKey, u.ec.privateValue) },
+    /* We only support named curves for which the parameters are
+     * encoded as an object ID.
+     */
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+      offsetof(NSSLOWKEYPrivateKey, u.ec.ecParams.curveOID),
+      SEC_ASN1_SUB(SEC_ObjectIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(NSSLOWKEYPrivateKey, u.ec.publicValue),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+
+/*
+ * smaller version of EC_FillParams. In this code, we only need
+ * oid and DER data.
+ */
+SECStatus
+LGEC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
+                ECParams *params)
+{
+    SECOidTag tag;
+    SECItem oid = { siBuffer, NULL, 0 };
+
+#if EC_DEBUG
+    int i;
+
+    printf("Encoded params in EC_DecodeParams: ");
+    for (i = 0; i < encodedParams->len; i++) {
+        printf("%02x:", encodedParams->data[i]);
+    }
+    printf("\n");
+#endif
+
+    oid.len = encodedParams->len - 2;
+    oid.data = encodedParams->data + 2;
+    if ((encodedParams->data[0] != SEC_ASN1_OBJECT_ID) ||
+        ((tag = SECOID_FindOIDTag(&oid)) == SEC_OID_UNKNOWN)) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+        return SECFailure;
+    }
+
+    params->arena = arena;
+
+    /* For named curves, fill out curveOID */
+    params->curveOID.len = oid.len;
+    params->curveOID.data = (unsigned char *)PORT_ArenaAlloc(arena, oid.len);
+    if (params->curveOID.data == NULL) {
+        return SECFailure;
+    }
+    memcpy(params->curveOID.data, oid.data, oid.len);
+
+    return SECSuccess;
+}
+
+/* Copy all of the fields from srcParams into dstParams
+ */
+SECStatus
+LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                const ECParams *srcParams)
+{
+    SECStatus rv = SECFailure;
+
+    dstParams->arena = arena;
+    rv = SECITEM_CopyItem(arena, &dstParams->DEREncoding,
+                          &srcParams->DEREncoding);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(arena, &dstParams->curveOID,
+                          &srcParams->curveOID);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+#endif /* NSS_DISABLE_ECC */
+/*
+ * See bugzilla bug 125359
+ * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
+ * all of the templates above that en/decode into integers must be converted
+ * from ASN.1's signed integer type.  This is done by marking either the
+ * source or destination (encoding or decoding, respectively) type as
+ * siUnsignedInteger.
+ */
+
+void
+lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.rsa.modulus.type = siUnsignedInteger;
+    key->u.rsa.publicExponent.type = siUnsignedInteger;
+    key->u.rsa.privateExponent.type = siUnsignedInteger;
+    key->u.rsa.prime1.type = siUnsignedInteger;
+    key->u.rsa.prime2.type = siUnsignedInteger;
+    key->u.rsa.exponent1.type = siUnsignedInteger;
+    key->u.rsa.exponent2.type = siUnsignedInteger;
+    key->u.rsa.coefficient.type = siUnsignedInteger;
+}
+
+void
+lg_prepare_low_pqg_params_for_asn1(PQGParams *params)
+{
+    params->prime.type = siUnsignedInteger;
+    params->subPrime.type = siUnsignedInteger;
+    params->base.type = siUnsignedInteger;
+}
+
+void
+lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.dsa.publicValue.type = siUnsignedInteger;
+    key->u.dsa.privateValue.type = siUnsignedInteger;
+    key->u.dsa.params.prime.type = siUnsignedInteger;
+    key->u.dsa.params.subPrime.type = siUnsignedInteger;
+    key->u.dsa.params.base.type = siUnsignedInteger;
+}
+
+void
+lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.dh.prime.type = siUnsignedInteger;
+    key->u.dh.base.type = siUnsignedInteger;
+    key->u.dh.publicValue.type = siUnsignedInteger;
+    key->u.dh.privateValue.type = siUnsignedInteger;
+}
+
+#ifndef NSS_DISABLE_ECC
+void
+lg_prepare_low_ecparams_for_asn1(ECParams *params)
+{
+    params->DEREncoding.type = siUnsignedInteger;
+    params->curveOID.type = siUnsignedInteger;
+}
+
+void
+lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.ec.version.type = siUnsignedInteger;
+    key->u.ec.ecParams.DEREncoding.type = siUnsignedInteger;
+    key->u.ec.ecParams.curveOID.type = siUnsignedInteger;
+    key->u.ec.privateValue.type = siUnsignedInteger;
+    key->u.ec.publicValue.type = siUnsignedInteger;
+}
+#endif /* NSS_DISABLE_ECC */
+
+void
+lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
+{
+    if (privk && privk->arena) {
+        PORT_FreeArena(privk->arena, PR_TRUE);
+    }
+}
+
+void
+lg_nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *pubk)
+{
+    if (pubk && pubk->arena) {
+        PORT_FreeArena(pubk->arena, PR_FALSE);
+    }
+}
+
+NSSLOWKEYPublicKey *
+lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
+{
+    NSSLOWKEYPublicKey *pubk;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    switch (privk->keyType) {
+        case NSSLOWKEYRSAKey:
+        case NSSLOWKEYNullKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                if (privk->keyType == NSSLOWKEYNullKey)
+                    return pubk;
+                rv = SECITEM_CopyItem(arena, &pubk->u.rsa.modulus,
+                                      &privk->u.rsa.modulus);
+                if (rv == SECSuccess) {
+                    rv = SECITEM_CopyItem(arena, &pubk->u.rsa.publicExponent,
+                                          &privk->u.rsa.publicExponent);
+                    if (rv == SECSuccess)
+                        return pubk;
+                }
+            } else {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+            }
+            break;
+        case NSSLOWKEYDSAKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
+                                      &privk->u.dsa.publicValue);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
+                                      &privk->u.dsa.params.prime);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
+                                      &privk->u.dsa.params.subPrime);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
+                                      &privk->u.dsa.params.base);
+                if (rv == SECSuccess)
+                    return pubk;
+            }
+            break;
+        case NSSLOWKEYDHKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
+                                      &privk->u.dh.publicValue);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dh.prime,
+                                      &privk->u.dh.prime);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dh.base,
+                                      &privk->u.dh.base);
+                if (rv == SECSuccess)
+                    return pubk;
+            }
+            break;
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue,
+                                      &privk->u.ec.publicValue);
+                if (rv != SECSuccess)
+                    break;
+                pubk->u.ec.ecParams.arena = arena;
+                /* Copy the rest of the params */
+                rv = LGEC_CopyParams(arena, &(pubk->u.ec.ecParams),
+                                     &(privk->u.ec.ecParams));
+                if (rv == SECSuccess)
+                    return pubk;
+            }
+            break;
+#endif /* NSS_DISABLE_ECC */
+        /* No Fortezza in Low Key implementations (Fortezza keys aren't
+         * stored in our data base */
+        default:
+            break;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
diff --git a/nss/lib/softoken/legacydb/lowkeyi.h b/nss/lib/softoken/legacydb/lowkeyi.h
new file mode 100644
index 0000000..5136b56
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lowkeyi.h
@@ -0,0 +1,151 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _LOWKEYI_H_
+#define _LOWKEYI_H_
+
+#include "prtypes.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "pcertt.h"
+#include "lowkeyti.h"
+#include "sdb.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * See bugzilla bug 125359
+ * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
+ * all of the templates above that en/decode into integers must be converted
+ * from ASN.1's signed integer type.  This is done by marking either the
+ * source or destination (encoding or decoding, respectively) type as
+ * siUnsignedInteger.
+ */
+extern void lg_prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+extern void lg_prepare_low_pqg_params_for_asn1(PQGParams *params);
+extern void lg_prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+extern void lg_prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+#ifndef NSS_DISABLE_ECC
+extern void lg_prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+extern void lg_prepare_low_ecparams_for_asn1(ECParams *params);
+#endif /* NSS_DISABLE_ECC */
+
+typedef char *(*NSSLOWKEYDBNameFunc)(void *arg, int dbVersion);
+
+/*
+** Open a key database.
+*/
+extern NSSLOWKEYDBHandle *nsslowkey_OpenKeyDB(PRBool readOnly,
+                                              const char *domain,
+                                              const char *prefix,
+                                              NSSLOWKEYDBNameFunc namecb,
+                                              void *cbarg);
+
+/*
+** Close the specified key database.
+*/
+extern void nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle);
+
+/*
+ * Get the version number of the database
+ */
+extern int nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle);
+
+/*
+** Delete a key from the database
+*/
+extern SECStatus nsslowkey_DeleteKey(NSSLOWKEYDBHandle *handle,
+                                     const SECItem *pubkey);
+
+/*
+** Store a key in the database, indexed by its public key modulus.
+**  "pk" is the private key to store
+**  "f" is the callback function for getting the password
+**  "arg" is the argument for the callback
+*/
+extern SECStatus nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle,
+                                               NSSLOWKEYPrivateKey *pk,
+                                               SECItem *pubKeyData,
+                                               char *nickname,
+                                               SDB *sdb);
+
+/* does the key for this cert exist in the database filed by modulus */
+extern PRBool nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle,
+                                         NSSLOWCERTCertificate *cert);
+/* does a key with this ID already exist? */
+extern PRBool nsslowkey_KeyForIDExists(NSSLOWKEYDBHandle *handle, SECItem *id);
+
+/*
+** Destroy a private key object.
+**  "key" the object
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void lg_nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *key);
+
+/*
+** Destroy a public key object.
+**  "key" the object
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void lg_nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *key);
+
+/*
+** Convert a low private key "privateKey" into a public low key
+*/
+extern NSSLOWKEYPublicKey
+    *
+    lg_nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privateKey);
+
+SECStatus
+nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle,
+                         NSSLOWKEYPrivateKey *privkey,
+                         SECItem *pubKeyData,
+                         char *nickname,
+                         SDB *sdb);
+
+/* Store key by modulus and specify an encryption algorithm to use.
+ *   handle is the pointer to the key database,
+ *   privkey is the private key to be stored,
+ *   f and arg are the function and arguments to the callback
+ *       to get a password,
+ *   algorithm is the algorithm which the privKey is to be stored.
+ * A return of anything but SECSuccess indicates failure.
+ */
+extern SECStatus
+nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle,
+                                 NSSLOWKEYPrivateKey *privkey,
+                                 SECItem *pubKeyData,
+                                 char *nickname,
+                                 SDB *sdb,
+                                 PRBool update);
+
+/* Find key by modulus.  This function is the inverse of store key
+ * by modulus.  An attempt to locate the key with "modulus" is
+ * performed.  If the key is found, the private key is returned,
+ * else NULL is returned.
+ *   modulus is the modulus to locate
+ */
+extern NSSLOWKEYPrivateKey *
+nsslowkey_FindKeyByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus,
+                             SDB *sdb);
+
+extern char *
+nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
+                                     SECItem *modulus, SDB *sdb);
+
+#ifndef NSS_DISABLE_ECC
+/*
+ * smaller version of EC_FillParams. In this code, we only need
+ * oid and DER data.
+ */
+SECStatus LGEC_FillParams(PLArenaPool *arena, const SECItem *encodedParams,
+                          ECParams *params);
+
+/* Copy all of the fields from srcParams into dstParams */
+SECStatus LGEC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
+                          const ECParams *srcParams);
+#endif
+SEC_END_PROTOS
+
+#endif /* _LOWKEYI_H_ */
diff --git a/nss/lib/softoken/legacydb/lowkeyti.h b/nss/lib/softoken/legacydb/lowkeyti.h
new file mode 100644
index 0000000..ef92689
--- /dev/null
+++ b/nss/lib/softoken/legacydb/lowkeyti.h
@@ -0,0 +1,132 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _LOWKEYTI_H_
+#define _LOWKEYTI_H_ 1
+
+#include "blapit.h"
+#include "prtypes.h"
+#include "plarena.h"
+#include "secitem.h"
+#include "secasn1t.h"
+#include "secoidt.h"
+
+/*
+ * a key in/for the data base
+ */
+struct NSSLOWKEYDBKeyStr {
+    PLArenaPool *arena;
+    int version;
+    char *nickname;
+    SECItem salt;
+    SECItem derPK;
+};
+typedef struct NSSLOWKEYDBKeyStr NSSLOWKEYDBKey;
+
+typedef struct NSSLOWKEYDBHandleStr NSSLOWKEYDBHandle;
+
+#ifdef NSS_USE_KEY4_DB
+#define NSSLOWKEY_DB_FILE_VERSION 4
+#else
+#define NSSLOWKEY_DB_FILE_VERSION 3
+#endif
+
+#define NSSLOWKEY_VERSION 0 /* what we *create* */
+
+/*
+** Typedef for callback to get a password "key".
+*/
+extern const SEC_ASN1Template lg_nsslowkey_PQGParamsTemplate[];
+extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate[];
+extern const SEC_ASN1Template lg_nsslowkey_RSAPrivateKeyTemplate2[];
+extern const SEC_ASN1Template lg_nsslowkey_DSAPrivateKeyTemplate[];
+extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyTemplate[];
+extern const SEC_ASN1Template lg_nsslowkey_DHPrivateKeyExportTemplate[];
+#ifndef NSS_DISABLE_ECC
+#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
+extern const SEC_ASN1Template lg_nsslowkey_ECPrivateKeyTemplate[];
+#endif /* NSS_DISABLE_ECC */
+
+extern const SEC_ASN1Template lg_nsslowkey_PrivateKeyInfoTemplate[];
+extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
+
+/*
+ * PKCS #8 attributes
+ */
+struct NSSLOWKEYAttributeStr {
+    SECItem attrType;
+    SECItem *attrValue;
+};
+typedef struct NSSLOWKEYAttributeStr NSSLOWKEYAttribute;
+
+/*
+** A PKCS#8 private key info object
+*/
+struct NSSLOWKEYPrivateKeyInfoStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECAlgorithmID algorithm;
+    SECItem privateKey;
+    NSSLOWKEYAttribute **attributes;
+};
+typedef struct NSSLOWKEYPrivateKeyInfoStr NSSLOWKEYPrivateKeyInfo;
+#define NSSLOWKEY_PRIVATE_KEY_INFO_VERSION 0 /* what we *create* */
+
+/*
+** A PKCS#8 private key info object
+*/
+struct NSSLOWKEYEncryptedPrivateKeyInfoStr {
+    PLArenaPool *arena;
+    SECAlgorithmID algorithm;
+    SECItem encryptedData;
+};
+typedef struct NSSLOWKEYEncryptedPrivateKeyInfoStr NSSLOWKEYEncryptedPrivateKeyInfo;
+
+typedef enum {
+    NSSLOWKEYNullKey = 0,
+    NSSLOWKEYRSAKey = 1,
+    NSSLOWKEYDSAKey = 2,
+    NSSLOWKEYDHKey = 4,
+    NSSLOWKEYECKey = 5
+} NSSLOWKEYType;
+
+/*
+** An RSA public key object.
+*/
+struct NSSLOWKEYPublicKeyStr {
+    PLArenaPool *arena;
+    NSSLOWKEYType keyType;
+    union {
+        RSAPublicKey rsa;
+        DSAPublicKey dsa;
+        DHPublicKey dh;
+        ECPublicKey ec;
+    } u;
+};
+typedef struct NSSLOWKEYPublicKeyStr NSSLOWKEYPublicKey;
+
+/*
+** Low Level private key object
+** This is only used by the raw Crypto engines (crypto), keydb (keydb),
+** and PKCS #11. Everyone else uses the high level key structure.
+*/
+struct NSSLOWKEYPrivateKeyStr {
+    PLArenaPool *arena;
+    NSSLOWKEYType keyType;
+    union {
+        RSAPrivateKey rsa;
+        DSAPrivateKey dsa;
+        DHPrivateKey dh;
+        ECPrivateKey ec;
+    } u;
+};
+typedef struct NSSLOWKEYPrivateKeyStr NSSLOWKEYPrivateKey;
+
+typedef struct NSSLOWKEYPasswordEntryStr NSSLOWKEYPasswordEntry;
+struct NSSLOWKEYPasswordEntryStr {
+    SECItem salt;
+    SECItem value;
+    unsigned char data[128];
+};
+
+#endif /* _LOWKEYTI_H_ */
diff --git a/nss/lib/softoken/legacydb/manifest.mn b/nss/lib/softoken/legacydb/manifest.mn
new file mode 100644
index 0000000..9cce849
--- /dev/null
+++ b/nss/lib/softoken/legacydb/manifest.mn
@@ -0,0 +1,32 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../../..
+
+MODULE = nss
+
+REQUIRES = dbm
+
+LIBRARY_NAME = nssdbm
+LIBRARY_VERSION = 3
+MAPFILE = $(OBJDIR)/nssdbm.def
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DLG_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\"
+
+CSRCS = \
+	dbmshim.c \
+	keydb.c \
+	lgattr.c \
+	lgcreate.c \
+	lgdestroy.c \
+	lgfind.c \
+	lgfips.c \
+	lginit.c \
+	lgutil.c \
+	lowcert.c \
+	lowkey.c \
+	pcertdb.c \
+	pk11db.c \
+	$(NULL)
+
diff --git a/nss/lib/softoken/legacydb/nssdbm.def b/nss/lib/softoken/legacydb/nssdbm.def
new file mode 100644
index 0000000..dd6d5fa
--- /dev/null
+++ b/nss/lib/softoken/legacydb/nssdbm.def
@@ -0,0 +1,31 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+NSSDBM_3.12 {       # NSS 3.12 release
+;+    global:
+LIBRARY nssdbm3 ;-
+EXPORTS ;-
+legacy_Open;
+legacy_Shutdown;
+legacy_ReadSecmodDB;
+legacy_ReleaseSecmodDBData;
+legacy_AddSecmodDB;
+legacy_DeleteSecmodDB;
+legacy_SetCryptFunctions;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/softoken/legacydb/nssdbm.rc b/nss/lib/softoken/legacydb/nssdbm.rc
new file mode 100644
index 0000000..cff8616
--- /dev/null
+++ b/nss/lib/softoken/legacydb/nssdbm.rc
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "../softkver.h"
+#include <winver.h>
+
+#define MY_LIBNAME "nssdbm"
+#define MY_FILEDESCRIPTION "Legacy Database Driver"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define SOFTOKEN_VMAJOR_STR STRINGIZE2(SOFTOKEN_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if SOFTOKEN_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME SOFTOKEN_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,SOFTOKEN_VBUILD
+ PRODUCTVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,SOFTOKEN_VBUILD
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", SOFTOKEN_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", SOFTOKEN_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/softoken/legacydb/pcert.h b/nss/lib/softoken/legacydb/pcert.h
new file mode 100644
index 0000000..d4be3f9
--- /dev/null
+++ b/nss/lib/softoken/legacydb/pcert.h
@@ -0,0 +1,228 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _PCERTDB_H_
+#define _PCERTDB_H_
+
+#include "plarena.h"
+#include "prlong.h"
+#include "pcertt.h"
+
+#include "lowkeyti.h" /* for struct NSSLOWKEYPublicKeyStr */
+
+SEC_BEGIN_PROTOS
+
+/*
+ * initialize any global certificate locks
+ */
+SECStatus nsslowcert_InitLocks(void);
+
+/*
+** Add a DER encoded certificate to the permanent database.
+**  "derCert" is the DER encoded certificate.
+**  "nickname" is the nickname to use for the cert
+**  "trust" is the trust parameters for the cert
+*/
+SECStatus nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *handle,
+                                 NSSLOWCERTCertificate *cert,
+                                 char *nickname, NSSLOWCERTCertTrust *trust);
+SECStatus nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
+                                     NSSLOWCERTCertificate *cert, char *nickname);
+
+SECStatus nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert);
+
+typedef SECStatus(PR_CALLBACK *PermCertCallback)(NSSLOWCERTCertificate *cert,
+                                                 SECItem *k, void *pdata);
+/*
+** Traverse the entire permanent database, and pass the certs off to a
+** user supplied function.
+**  "certfunc" is the user function to call for each certificate
+**  "udata" is the user's data, which is passed through to "certfunc"
+*/
+SECStatus
+nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
+                             PermCertCallback certfunc,
+                             void *udata);
+
+PRBool
+nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
+
+certDBEntryRevocation *
+nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
+                        SECItem *crlKey, PRBool isKRL);
+
+SECStatus
+nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle, const SECItem *derName,
+                         PRBool isKRL);
+SECStatus
+nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl,
+                  SECItem *derKey, char *url, PRBool isKRL);
+
+NSSLOWCERTCertDBHandle *nsslowcert_GetDefaultCertDB();
+NSSLOWKEYPublicKey *nsslowcert_ExtractPublicKey(NSSLOWCERTCertificate *);
+
+NSSLOWCERTCertificate *
+nsslowcert_NewTempCertificate(NSSLOWCERTCertDBHandle *handle, SECItem *derCert,
+                              char *nickname, PRBool isperm, PRBool copyDER);
+NSSLOWCERTCertificate *
+nsslowcert_DupCertificate(NSSLOWCERTCertificate *cert);
+void nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert);
+void nsslowcert_DestroyTrust(NSSLOWCERTTrust *Trust);
+
+/*
+ * Lookup a certificate in the databases without locking
+ *  "certKey" is the database key to look for
+ *
+ * XXX - this should be internal, but pkcs 11 needs to call it during a
+ * traversal.
+ */
+NSSLOWCERTCertificate *
+nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
+
+/*
+ * Lookup trust for a certificate in the databases without locking
+ *  "certKey" is the database key to look for
+ *
+ * XXX - this should be internal, but pkcs 11 needs to call it during a
+ * traversal.
+ */
+NSSLOWCERTTrust *
+nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey);
+
+/*
+** Generate a certificate key from the issuer and serialnumber, then look it
+** up in the database.  Return the cert if found.
+**  "issuerAndSN" is the issuer and serial number to look for
+*/
+extern NSSLOWCERTCertificate *
+nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
+
+/*
+** Generate a certificate key from the issuer and serialnumber, then look it
+** up in the database.  Return the cert if found.
+**  "issuerAndSN" is the issuer and serial number to look for
+*/
+extern NSSLOWCERTTrust *
+nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN);
+
+/*
+** Find a certificate in the database by a DER encoded certificate
+**  "derCert" is the DER encoded certificate
+*/
+extern NSSLOWCERTCertificate *
+nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
+
+/* convert an email address to lower case */
+char *nsslowcert_FixupEmailAddr(char *emailAddr);
+
+/*
+** Decode a DER encoded certificate into an NSSLOWCERTCertificate structure
+**      "derSignedCert" is the DER encoded signed certificate
+**      "copyDER" is true if the DER should be copied, false if the
+**              existing copy should be referenced
+**      "nickname" is the nickname to use in the database.  If it is NULL
+**              then a temporary nickname is generated.
+*/
+extern NSSLOWCERTCertificate *
+nsslowcert_DecodeDERCertificate(SECItem *derSignedCert, char *nickname);
+
+SECStatus
+nsslowcert_KeyFromDERCert(PLArenaPool *arena, SECItem *derCert, SECItem *key);
+
+certDBEntrySMime *
+nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *certHandle,
+                            char *emailAddr);
+void
+nsslowcert_DestroyDBEntry(certDBEntry *entry);
+
+SECStatus
+nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
+                      const char *domain, const char *prefix,
+                      NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile);
+
+void
+nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle);
+
+/*
+ * is certa newer than certb?  If one is expired, pick the other one.
+ */
+PRBool
+nsslowcert_IsNewer(NSSLOWCERTCertificate *certa, NSSLOWCERTCertificate *certb);
+
+SECStatus
+nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
+                             certDBEntryType type,
+                             SECStatus (*callback)(SECItem *data, SECItem *key,
+                                                   certDBEntryType type, void *pdata),
+                             void *udata);
+SECStatus
+nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
+                                       SECItem *derSubject,
+                                       NSSLOWCERTCertCallback cb, void *cbarg);
+int
+nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
+                                  SECItem *derSubject);
+SECStatus
+nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
+                                        char *nickname, NSSLOWCERTCertCallback cb, void *cbarg);
+
+int
+nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
+                                   char *nickname);
+SECStatus
+nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert,
+                        NSSLOWCERTCertTrust *trust);
+
+SECStatus
+nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr,
+                            SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime);
+
+/*
+ * Change the trust attributes of a certificate and make them permanent
+ * in the database.
+ */
+SECStatus
+nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle,
+                           NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust);
+
+PRBool
+nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle);
+
+void
+nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value);
+
+PRBool
+nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust);
+
+void
+nsslowcert_DestroyFreeLists(void);
+
+void
+nsslowcert_DestroyGlobalLocks(void);
+
+void
+pkcs11_freeNickname(char *nickname, char *space);
+
+char *
+pkcs11_copyNickname(char *nickname, char *space, int spaceLen);
+
+void
+pkcs11_freeStaticData(unsigned char *data, unsigned char *space);
+
+unsigned char *
+pkcs11_allocStaticData(int datalen, unsigned char *space, int spaceLen);
+
+unsigned char *
+pkcs11_copyStaticData(unsigned char *data, int datalen, unsigned char *space,
+                      int spaceLen);
+NSSLOWCERTCertificate *
+nsslowcert_CreateCert(void);
+
+certDBEntry *
+nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey,
+                            certDBEntryType entryType, void *pdata);
+
+SEC_END_PROTOS
+
+#endif /* _PCERTDB_H_ */
diff --git a/nss/lib/softoken/legacydb/pcertdb.c b/nss/lib/softoken/legacydb/pcertdb.c
new file mode 100644
index 0000000..65da516
--- /dev/null
+++ b/nss/lib/softoken/legacydb/pcertdb.c
@@ -0,0 +1,5333 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Permanent Certificate database handling code
+ */
+#include "lowkeyti.h"
+#include "pcert.h"
+#include "mcom_db.h"
+#include "pcert.h"
+#include "secitem.h"
+#include "secder.h"
+
+#include "secerr.h"
+#include "lgdb.h"
+
+/* forward declaration */
+NSSLOWCERTCertificate *
+nsslowcert_FindCertByDERCertNoLocking(NSSLOWCERTCertDBHandle *handle, SECItem *derCert);
+static SECStatus
+nsslowcert_UpdateSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle,
+                              char *emailAddr, SECItem *derSubject, SECItem *emailProfile,
+                              SECItem *profileTime);
+static SECStatus
+nsslowcert_UpdatePermCert(NSSLOWCERTCertDBHandle *dbhandle,
+                          NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust);
+static SECStatus
+nsslowcert_UpdateCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl,
+                     SECItem *crlKey, char *url, PRBool isKRL);
+
+static NSSLOWCERTCertificate *certListHead = NULL;
+static NSSLOWCERTTrust *trustListHead = NULL;
+static certDBEntryCert *entryListHead = NULL;
+static int certListCount = 0;
+static int trustListCount = 0;
+static int entryListCount = 0;
+#define MAX_CERT_LIST_COUNT 10
+#define MAX_TRUST_LIST_COUNT 10
+#define MAX_ENTRY_LIST_COUNT 10
+
+/*
+ * the following functions are wrappers for the db library that implement
+ * a global lock to make the database thread safe.
+ */
+static PZLock *dbLock = NULL;
+static PZLock *certRefCountLock = NULL;
+static PZLock *certTrustLock = NULL;
+static PZLock *freeListLock = NULL;
+
+void
+certdb_InitDBLock(NSSLOWCERTCertDBHandle *handle)
+{
+    if (dbLock == NULL) {
+        dbLock = PZ_NewLock(nssILockCertDB);
+        PORT_Assert(dbLock != NULL);
+    }
+}
+
+SECStatus
+nsslowcert_InitLocks(void)
+{
+    if (freeListLock == NULL) {
+        freeListLock = PZ_NewLock(nssILockRefLock);
+        if (freeListLock == NULL) {
+            return SECFailure;
+        }
+    }
+    if (certRefCountLock == NULL) {
+        certRefCountLock = PZ_NewLock(nssILockRefLock);
+        if (certRefCountLock == NULL) {
+            return SECFailure;
+        }
+    }
+    if (certTrustLock == NULL) {
+        certTrustLock = PZ_NewLock(nssILockCertDB);
+        if (certTrustLock == NULL) {
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Acquire the global lock on the cert database.
+ * This lock is currently used for the following operations:
+ *  adding or deleting a cert to either the temp or perm databases
+ *  converting a temp to perm or perm to temp
+ *  changing (maybe just adding!?) the trust of a cert
+ *      chaning the DB status checking Configuration
+ */
+static void
+nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle)
+{
+    PZ_EnterMonitor(handle->dbMon);
+    return;
+}
+
+/*
+ * Free the global cert database lock.
+ */
+static void
+nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle)
+{
+#ifdef DEBUG
+    PRStatus prstat = PZ_ExitMonitor(handle->dbMon);
+    PORT_Assert(prstat == PR_SUCCESS);
+#else
+    PZ_ExitMonitor(handle->dbMon);
+#endif
+}
+
+/*
+ * Acquire the cert reference count lock
+ * There is currently one global lock for all certs, but I'm putting a cert
+ * arg here so that it will be easy to make it per-cert in the future if
+ * that turns out to be necessary.
+ */
+static void
+nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert)
+{
+    PORT_Assert(certRefCountLock != NULL);
+
+    PZ_Lock(certRefCountLock);
+    return;
+}
+
+/*
+ * Free the cert reference count lock
+ */
+static void
+nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert)
+{
+    PORT_Assert(certRefCountLock != NULL);
+
+#ifdef DEBUG
+    {
+        PRStatus prstat = PZ_Unlock(certRefCountLock);
+        PORT_Assert(prstat == PR_SUCCESS);
+    }
+#else
+    PZ_Unlock(certRefCountLock);
+#endif
+}
+
+/*
+ * Acquire the cert trust lock
+ * There is currently one global lock for all certs, but I'm putting a cert
+ * arg here so that it will be easy to make it per-cert in the future if
+ * that turns out to be necessary.
+ */
+static void
+nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert)
+{
+    PORT_Assert(certTrustLock != NULL);
+
+    PZ_Lock(certTrustLock);
+    return;
+}
+
+/*
+ * Free the cert trust lock
+ */
+static void
+nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert)
+{
+    PORT_Assert(certTrustLock != NULL);
+
+#ifdef DEBUG
+    {
+        PRStatus prstat = PZ_Unlock(certTrustLock);
+        PORT_Assert(prstat == PR_SUCCESS);
+    }
+#else
+    PZ_Unlock(certTrustLock);
+#endif
+}
+
+/*
+ * Acquire the cert reference count lock
+ * There is currently one global lock for all certs, but I'm putting a cert
+ * arg here so that it will be easy to make it per-cert in the future if
+ * that turns out to be necessary.
+ */
+static void
+nsslowcert_LockFreeList(void)
+{
+    PORT_Assert(freeListLock != NULL);
+
+    SKIP_AFTER_FORK(PZ_Lock(freeListLock));
+    return;
+}
+
+/*
+ * Free the cert reference count lock
+ */
+static void
+nsslowcert_UnlockFreeList(void)
+{
+    PORT_Assert(freeListLock != NULL);
+
+#ifdef DEBUG
+    {
+        PRStatus prstat = PR_SUCCESS;
+        SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock));
+        PORT_Assert(prstat == PR_SUCCESS);
+    }
+#else
+    SKIP_AFTER_FORK(PZ_Unlock(freeListLock));
+#endif
+}
+
+NSSLOWCERTCertificate *
+nsslowcert_DupCertificate(NSSLOWCERTCertificate *c)
+{
+    if (c) {
+        nsslowcert_LockCertRefCount(c);
+        ++c->referenceCount;
+        nsslowcert_UnlockCertRefCount(c);
+    }
+    return c;
+}
+
+static int
+certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
+{
+    int ret;
+
+    PORT_Assert(dbLock != NULL);
+    PZ_Lock(dbLock);
+
+    ret = (*db->get)(db, key, data, flags);
+
+    (void)PZ_Unlock(dbLock);
+
+    return (ret);
+}
+
+static int
+certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
+{
+    int ret = 0;
+
+    PORT_Assert(dbLock != NULL);
+    PZ_Lock(dbLock);
+
+    ret = (*db->put)(db, key, data, flags);
+
+    (void)PZ_Unlock(dbLock);
+
+    return (ret);
+}
+
+static int
+certdb_Sync(DB *db, unsigned int flags)
+{
+    int ret;
+
+    PORT_Assert(dbLock != NULL);
+    PZ_Lock(dbLock);
+
+    ret = (*db->sync)(db, flags);
+
+    (void)PZ_Unlock(dbLock);
+
+    return (ret);
+}
+
+#define DB_NOT_FOUND -30991 /* from DBM 3.2 */
+static int
+certdb_Del(DB *db, DBT *key, unsigned int flags)
+{
+    int ret;
+
+    PORT_Assert(dbLock != NULL);
+    PZ_Lock(dbLock);
+
+    ret = (*db->del)(db, key, flags);
+
+    (void)PZ_Unlock(dbLock);
+
+    /* don't fail if the record is already deleted */
+    if (ret == DB_NOT_FOUND) {
+        ret = 0;
+    }
+
+    return (ret);
+}
+
+static int
+certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
+{
+    int ret;
+
+    PORT_Assert(dbLock != NULL);
+    PZ_Lock(dbLock);
+
+    ret = (*db->seq)(db, key, data, flags);
+
+    (void)PZ_Unlock(dbLock);
+
+    return (ret);
+}
+
+static void
+certdb_Close(DB *db)
+{
+    PORT_Assert(dbLock != NULL);
+    SKIP_AFTER_FORK(PZ_Lock(dbLock));
+
+    (*db->close)(db);
+
+    SKIP_AFTER_FORK(PZ_Unlock(dbLock));
+
+    return;
+}
+
+void
+pkcs11_freeNickname(char *nickname, char *space)
+{
+    if (nickname && nickname != space) {
+        PORT_Free(nickname);
+    }
+}
+
+char *
+pkcs11_copyNickname(char *nickname, char *space, int spaceLen)
+{
+    int len;
+    char *copy = NULL;
+
+    len = PORT_Strlen(nickname) + 1;
+    if (len <= spaceLen) {
+        copy = space;
+        PORT_Memcpy(copy, nickname, len);
+    } else {
+        copy = PORT_Strdup(nickname);
+    }
+
+    return copy;
+}
+
+void
+pkcs11_freeStaticData(unsigned char *data, unsigned char *space)
+{
+    if (data && data != space) {
+        PORT_Free(data);
+    }
+}
+
+unsigned char *
+pkcs11_allocStaticData(int len, unsigned char *space, int spaceLen)
+{
+    unsigned char *data = NULL;
+
+    if (len <= spaceLen) {
+        data = space;
+    } else {
+        data = (unsigned char *)PORT_Alloc(len);
+    }
+
+    return data;
+}
+
+unsigned char *
+pkcs11_copyStaticData(unsigned char *data, int len,
+                      unsigned char *space, int spaceLen)
+{
+    unsigned char *copy = pkcs11_allocStaticData(len, space, spaceLen);
+    if (copy) {
+        PORT_Memcpy(copy, data, len);
+    }
+
+    return copy;
+}
+
+/*
+ * destroy a database entry
+ */
+static void
+DestroyDBEntry(certDBEntry *entry)
+{
+    PLArenaPool *arena = entry->common.arena;
+
+    /* must be one of our certDBEntry from the free list */
+    if (arena == NULL) {
+        certDBEntryCert *certEntry;
+        if (entry->common.type != certDBEntryTypeCert) {
+            return;
+        }
+        certEntry = (certDBEntryCert *)entry;
+
+        pkcs11_freeStaticData(certEntry->derCert.data, certEntry->derCertSpace);
+        pkcs11_freeNickname(certEntry->nickname, certEntry->nicknameSpace);
+
+        nsslowcert_LockFreeList();
+        if (entryListCount > MAX_ENTRY_LIST_COUNT) {
+            PORT_Free(certEntry);
+        } else {
+            entryListCount++;
+            PORT_Memset(certEntry, 0, sizeof(*certEntry));
+            certEntry->next = entryListHead;
+            entryListHead = certEntry;
+        }
+        nsslowcert_UnlockFreeList();
+        return;
+    }
+
+    /* Zero out the entry struct, so that any further attempts to use it
+     * will cause an exception (e.g. null pointer reference). */
+    PORT_Memset(&entry->common, 0, sizeof entry->common);
+    PORT_FreeArena(arena, PR_FALSE);
+
+    return;
+}
+
+/* forward references */
+static void nsslowcert_DestroyCertificateNoLocking(NSSLOWCERTCertificate *cert);
+
+static SECStatus
+DeleteDBEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryType type, SECItem *dbkey)
+{
+    DBT key;
+    int ret;
+
+    /* init the database key */
+    key.data = dbkey->data;
+    key.size = dbkey->len;
+
+    dbkey->data[0] = (unsigned char)type;
+
+    /* delete entry from database */
+    ret = certdb_Del(handle->permCertDB, &key, 0);
+    if (ret != 0) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    ret = certdb_Sync(handle->permCertDB, 0);
+    if (ret) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+static SECStatus
+ReadDBEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry,
+            SECItem *dbkey, SECItem *dbentry, PLArenaPool *arena)
+{
+    DBT data, key;
+    int ret;
+    unsigned char *buf;
+
+    /* init the database key */
+    key.data = dbkey->data;
+    key.size = dbkey->len;
+
+    dbkey->data[0] = (unsigned char)entry->type;
+
+    /* read entry from database */
+    ret = certdb_Get(handle->permCertDB, &key, &data, 0);
+    if (ret != 0) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    /* validate the entry */
+    if (data.size < SEC_DB_ENTRY_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+    buf = (unsigned char *)data.data;
+    /* version 7 has the same schema, we may be using a v7 db if we openned
+     * the databases readonly. */
+    if (!((buf[0] == (unsigned char)CERT_DB_FILE_VERSION) ||
+          (buf[0] == (unsigned char)CERT_DB_V7_FILE_VERSION))) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+    if (buf[1] != (unsigned char)entry->type) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    /* copy out header information */
+    entry->version = (unsigned int)buf[0];
+    entry->type = (certDBEntryType)buf[1];
+    entry->flags = (unsigned int)buf[2];
+
+    /* format body of entry for return to caller */
+    dbentry->len = data.size - SEC_DB_ENTRY_HEADER_LEN;
+    if (dbentry->len) {
+        if (arena) {
+            dbentry->data = (unsigned char *)
+                PORT_ArenaAlloc(arena, dbentry->len);
+            if (dbentry->data == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+
+            PORT_Memcpy(dbentry->data, &buf[SEC_DB_ENTRY_HEADER_LEN],
+                        dbentry->len);
+        } else {
+            dbentry->data = &buf[SEC_DB_ENTRY_HEADER_LEN];
+        }
+    } else {
+        dbentry->data = NULL;
+    }
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/**
+ ** Implement low level database access
+ **/
+static SECStatus
+WriteDBEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCommon *entry,
+             SECItem *dbkey, SECItem *dbentry)
+{
+    int ret;
+    DBT data, key;
+    unsigned char *buf;
+
+    data.data = dbentry->data;
+    data.size = dbentry->len;
+
+    buf = (unsigned char *)data.data;
+
+    buf[0] = (unsigned char)entry->version;
+    buf[1] = (unsigned char)entry->type;
+    buf[2] = (unsigned char)entry->flags;
+
+    key.data = dbkey->data;
+    key.size = dbkey->len;
+
+    dbkey->data[0] = (unsigned char)entry->type;
+
+    /* put the record into the database now */
+    ret = certdb_Put(handle->permCertDB, &key, &data, 0);
+
+    if (ret != 0) {
+        goto loser;
+    }
+
+    ret = certdb_Sync(handle->permCertDB, 0);
+
+    if (ret) {
+        goto loser;
+    }
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * encode a database cert record
+ */
+static SECStatus
+EncodeDBCertEntry(certDBEntryCert *entry, PLArenaPool *arena, SECItem *dbitem)
+{
+    unsigned int nnlen;
+    unsigned char *buf;
+    char *nn;
+    char zbuf = 0;
+
+    if (entry->nickname) {
+        nn = entry->nickname;
+    } else {
+        nn = &zbuf;
+    }
+    nnlen = PORT_Strlen(nn) + 1;
+
+    /* allocate space for encoded database record, including space
+     * for low level header
+     */
+    dbitem->len = entry->derCert.len + nnlen + DB_CERT_ENTRY_HEADER_LEN +
+                  SEC_DB_ENTRY_HEADER_LEN;
+
+    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
+    if (dbitem->data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* fill in database record */
+    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
+
+    buf[0] = (PRUint8)(entry->trust.sslFlags >> 8);
+    buf[1] = (PRUint8)(entry->trust.sslFlags);
+    buf[2] = (PRUint8)(entry->trust.emailFlags >> 8);
+    buf[3] = (PRUint8)(entry->trust.emailFlags);
+    buf[4] = (PRUint8)(entry->trust.objectSigningFlags >> 8);
+    buf[5] = (PRUint8)(entry->trust.objectSigningFlags);
+    buf[6] = (PRUint8)(entry->derCert.len >> 8);
+    buf[7] = (PRUint8)(entry->derCert.len);
+    buf[8] = (PRUint8)(nnlen >> 8);
+    buf[9] = (PRUint8)(nnlen);
+
+    PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN], entry->derCert.data,
+                entry->derCert.len);
+
+    PORT_Memcpy(&buf[DB_CERT_ENTRY_HEADER_LEN + entry->derCert.len],
+                nn, nnlen);
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * encode a database key for a cert record
+ */
+static SECStatus
+EncodeDBCertKey(const SECItem *certKey, PLArenaPool *arena, SECItem *dbkey)
+{
+    unsigned int len = certKey->len + SEC_DB_KEY_HEADER_LEN;
+    if (len > NSS_MAX_LEGACY_DB_KEY_SIZE)
+        goto loser;
+    if (arena) {
+        dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
+    } else {
+        if (dbkey->len < len) {
+            dbkey->data = (unsigned char *)PORT_Alloc(len);
+        }
+    }
+    dbkey->len = len;
+    if (dbkey->data == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
+                certKey->data, certKey->len);
+    dbkey->data[0] = certDBEntryTypeCert;
+
+    return (SECSuccess);
+loser:
+    return (SECFailure);
+}
+
+static SECStatus
+EncodeDBGenericKey(const SECItem *certKey, PLArenaPool *arena, SECItem *dbkey,
+                   certDBEntryType entryType)
+{
+    /*
+     * we only allow _one_ KRL key!
+     */
+    if (entryType == certDBEntryTypeKeyRevocation) {
+        dbkey->len = SEC_DB_KEY_HEADER_LEN;
+        dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
+        if (dbkey->data == NULL) {
+            goto loser;
+        }
+        dbkey->data[0] = (unsigned char)entryType;
+        return (SECSuccess);
+    }
+
+    dbkey->len = certKey->len + SEC_DB_KEY_HEADER_LEN;
+    if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE)
+        goto loser;
+    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
+    if (dbkey->data == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN],
+                certKey->data, certKey->len);
+    dbkey->data[0] = (unsigned char)entryType;
+
+    return (SECSuccess);
+loser:
+    return (SECFailure);
+}
+
+static SECStatus
+DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
+{
+    unsigned int nnlen;
+    unsigned int headerlen;
+    int lenoff;
+
+    /* allow updates of old versions of the database */
+    switch (entry->common.version) {
+        case 5:
+            headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
+            lenoff = 3;
+            break;
+        case 6:
+            /* should not get here */
+            PORT_Assert(0);
+            headerlen = DB_CERT_V6_ENTRY_HEADER_LEN;
+            lenoff = 3;
+            break;
+        case 7:
+        case 8:
+            headerlen = DB_CERT_ENTRY_HEADER_LEN;
+            lenoff = 6;
+            break;
+        default:
+            /* better not get here */
+            PORT_Assert(0);
+            headerlen = DB_CERT_V5_ENTRY_HEADER_LEN;
+            lenoff = 3;
+            break;
+    }
+
+    /* is record long enough for header? */
+    if (dbentry->len < headerlen) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    /* is database entry correct length? */
+    entry->derCert.len = ((dbentry->data[lenoff] << 8) |
+                          dbentry->data[lenoff + 1]);
+    nnlen = ((dbentry->data[lenoff + 2] << 8) | dbentry->data[lenoff + 3]);
+    lenoff = dbentry->len - (entry->derCert.len + nnlen + headerlen);
+    if (lenoff) {
+        if (lenoff < 0 || (lenoff & 0xffff) != 0) {
+            PORT_SetError(SEC_ERROR_BAD_DATABASE);
+            goto loser;
+        }
+        /* The cert size exceeded 64KB.  Reconstruct the correct length. */
+        entry->derCert.len += lenoff;
+    }
+
+    /* copy the dercert */
+    entry->derCert.data = pkcs11_copyStaticData(&dbentry->data[headerlen],
+                                                entry->derCert.len, entry->derCertSpace, sizeof(entry->derCertSpace));
+    if (entry->derCert.data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* copy the nickname */
+    if (nnlen > 1) {
+        entry->nickname = (char *)pkcs11_copyStaticData(
+            &dbentry->data[headerlen + entry->derCert.len], nnlen,
+            (unsigned char *)entry->nicknameSpace,
+            sizeof(entry->nicknameSpace));
+        if (entry->nickname == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+    } else {
+        entry->nickname = NULL;
+    }
+
+    if (entry->common.version < 7) {
+        /* allow updates of v5 db */
+        entry->trust.sslFlags = dbentry->data[0];
+        entry->trust.emailFlags = dbentry->data[1];
+        entry->trust.objectSigningFlags = dbentry->data[2];
+    } else {
+        entry->trust.sslFlags = (dbentry->data[0] << 8) | dbentry->data[1];
+        entry->trust.emailFlags = (dbentry->data[2] << 8) | dbentry->data[3];
+        entry->trust.objectSigningFlags =
+            (dbentry->data[4] << 8) | dbentry->data[5];
+    }
+
+    return (SECSuccess);
+loser:
+    return (SECFailure);
+}
+
+/*
+ * Create a new certDBEntryCert from existing data
+ */
+static certDBEntryCert *
+NewDBCertEntry(SECItem *derCert, char *nickname,
+               NSSLOWCERTCertTrust *trust, int flags)
+{
+    certDBEntryCert *entry;
+    PLArenaPool *arena = NULL;
+    int nnlen;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+
+    entry = PORT_ArenaZNew(arena, certDBEntryCert);
+    if (entry == NULL) {
+        goto loser;
+    }
+
+    /* fill in the dbCert */
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeCert;
+    entry->common.version = CERT_DB_FILE_VERSION;
+    entry->common.flags = flags;
+
+    if (trust) {
+        entry->trust = *trust;
+    }
+
+    entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, derCert->len);
+    if (!entry->derCert.data) {
+        goto loser;
+    }
+    entry->derCert.len = derCert->len;
+    PORT_Memcpy(entry->derCert.data, derCert->data, derCert->len);
+
+    nnlen = (nickname ? strlen(nickname) + 1 : 0);
+
+    if (nnlen) {
+        entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
+        if (!entry->nickname) {
+            goto loser;
+        }
+        PORT_Memcpy(entry->nickname, nickname, nnlen);
+
+    } else {
+        entry->nickname = 0;
+    }
+
+    return (entry);
+
+loser:
+
+    /* allocation error, free arena and return */
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    return (0);
+}
+
+/*
+ * Decode a version 4 DBCert from the byte stream database format
+ * and construct a current database entry struct
+ */
+static certDBEntryCert *
+DecodeV4DBCertEntry(unsigned char *buf, int len)
+{
+    certDBEntryCert *entry;
+    int certlen;
+    int nnlen;
+    PLArenaPool *arena;
+
+    /* make sure length is at least long enough for the header */
+    if (len < DBCERT_V4_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (0);
+    }
+
+    /* get other lengths */
+    certlen = buf[3] << 8 | buf[4];
+    nnlen = buf[5] << 8 | buf[6];
+
+    /* make sure DB entry is the right size */
+    if ((certlen + nnlen + DBCERT_V4_HEADER_LEN) != len) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (0);
+    }
+
+    /* allocate arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (0);
+    }
+
+    /* allocate structure and members */
+    entry = (certDBEntryCert *)PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));
+
+    if (!entry) {
+        goto loser;
+    }
+
+    entry->common.arena = arena;
+    entry->common.version = CERT_DB_FILE_VERSION;
+    entry->common.type = certDBEntryTypeCert;
+    entry->common.flags = 0;
+    entry->trust.sslFlags = buf[0];
+    entry->trust.emailFlags = buf[1];
+    entry->trust.objectSigningFlags = buf[2];
+
+    entry->derCert.data = (unsigned char *)PORT_ArenaAlloc(arena, certlen);
+    if (!entry->derCert.data) {
+        goto loser;
+    }
+    entry->derCert.len = certlen;
+    PORT_Memcpy(entry->derCert.data, &buf[DBCERT_V4_HEADER_LEN], certlen);
+
+    if (nnlen) {
+        entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
+        if (!entry->nickname) {
+            goto loser;
+        }
+        PORT_Memcpy(entry->nickname, &buf[DBCERT_V4_HEADER_LEN + certlen], nnlen);
+
+        if (PORT_Strcmp(entry->nickname, "Server-Cert") == 0) {
+            entry->trust.sslFlags |= CERTDB_USER;
+        }
+    } else {
+        entry->nickname = 0;
+    }
+
+    return (entry);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    return (0);
+}
+
+/*
+ * Encode a Certificate database entry into byte stream suitable for
+ * the database
+ */
+static SECStatus
+WriteDBCertEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry)
+{
+    SECItem dbitem, dbkey;
+    PLArenaPool *tmparena = NULL;
+    SECItem tmpitem;
+    SECStatus rv;
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBCertEntry(entry, tmparena, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* get the database key and format it */
+    rv = nsslowcert_KeyFromDERCert(tmparena, &entry->derCert, &tmpitem);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    rv = EncodeDBCertKey(&tmpitem, tmparena, &dbkey);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    /* now write it to the database */
+    rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    return (SECFailure);
+}
+
+/*
+ * delete a certificate entry
+ */
+static SECStatus
+DeleteDBCertEntry(NSSLOWCERTCertDBHandle *handle, SECItem *certKey)
+{
+    SECItem dbkey;
+    SECStatus rv;
+
+    dbkey.data = NULL;
+    dbkey.len = 0;
+
+    rv = EncodeDBCertKey(certKey, NULL, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = DeleteDBEntry(handle, certDBEntryTypeCert, &dbkey);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    PORT_Free(dbkey.data);
+
+    return (SECSuccess);
+
+loser:
+    if (dbkey.data) {
+        PORT_Free(dbkey.data);
+    }
+    return (SECFailure);
+}
+
+static certDBEntryCert *
+CreateCertEntry(void)
+{
+    certDBEntryCert *entry;
+
+    nsslowcert_LockFreeList();
+    entry = entryListHead;
+    if (entry) {
+        entryListCount--;
+        entryListHead = entry->next;
+    }
+    PORT_Assert(entryListCount >= 0);
+    nsslowcert_UnlockFreeList();
+    if (entry) {
+        return entry;
+    }
+
+    return PORT_ZNew(certDBEntryCert);
+}
+
+static void
+DestroyCertEntryFreeList(void)
+{
+    certDBEntryCert *entry;
+
+    nsslowcert_LockFreeList();
+    while (NULL != (entry = entryListHead)) {
+        entryListCount--;
+        entryListHead = entry->next;
+        PORT_Free(entry);
+    }
+    PORT_Assert(!entryListCount);
+    entryListCount = 0;
+    nsslowcert_UnlockFreeList();
+}
+
+/*
+ * Read a certificate entry
+ */
+static certDBEntryCert *
+ReadDBCertEntry(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey)
+{
+    certDBEntryCert *entry;
+    SECItem dbkey;
+    SECItem dbentry;
+    SECStatus rv;
+    unsigned char buf[512];
+
+    dbkey.data = buf;
+    dbkey.len = sizeof(buf);
+
+    entry = CreateCertEntry();
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    entry->common.arena = NULL;
+    entry->common.type = certDBEntryTypeCert;
+
+    rv = EncodeDBCertKey(certKey, NULL, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    rv = DecodeDBCertEntry(entry, &dbentry);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    pkcs11_freeStaticData(dbkey.data, buf);
+    dbkey.data = NULL;
+    return (entry);
+
+loser:
+    pkcs11_freeStaticData(dbkey.data, buf);
+    dbkey.data = NULL;
+    if (entry) {
+        DestroyDBEntry((certDBEntry *)entry);
+    }
+
+    return (NULL);
+}
+
+/*
+ * encode a database cert record
+ */
+static SECStatus
+EncodeDBCrlEntry(certDBEntryRevocation *entry, PLArenaPool *arena, SECItem *dbitem)
+{
+    unsigned int nnlen = 0;
+    unsigned char *buf;
+
+    if (entry->url) {
+        nnlen = PORT_Strlen(entry->url) + 1;
+    }
+
+    /* allocate space for encoded database record, including space
+     * for low level header
+     */
+    dbitem->len = entry->derCrl.len + nnlen + SEC_DB_ENTRY_HEADER_LEN + DB_CRL_ENTRY_HEADER_LEN;
+
+    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
+    if (dbitem->data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* fill in database record */
+    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
+
+    buf[0] = (PRUint8)(entry->derCrl.len >> 8);
+    buf[1] = (PRUint8)(entry->derCrl.len);
+    buf[2] = (PRUint8)(nnlen >> 8);
+    buf[3] = (PRUint8)(nnlen);
+
+    PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN], entry->derCrl.data,
+                entry->derCrl.len);
+
+    if (nnlen != 0) {
+        PORT_Memcpy(&buf[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
+                    entry->url, nnlen);
+    }
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+static SECStatus
+DecodeDBCrlEntry(certDBEntryRevocation *entry, SECItem *dbentry)
+{
+    unsigned int urlLen;
+    int lenDiff;
+
+    /* is record long enough for header? */
+    if (dbentry->len < DB_CRL_ENTRY_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    /* is database entry correct length? */
+    entry->derCrl.len = ((dbentry->data[0] << 8) | dbentry->data[1]);
+    urlLen = ((dbentry->data[2] << 8) | dbentry->data[3]);
+    lenDiff = dbentry->len -
+              (entry->derCrl.len + urlLen + DB_CRL_ENTRY_HEADER_LEN);
+    if (lenDiff) {
+        if (lenDiff < 0 || (lenDiff & 0xffff) != 0) {
+            PORT_SetError(SEC_ERROR_BAD_DATABASE);
+            goto loser;
+        }
+        /* CRL entry is greater than 64 K. Hack to make this continue to work */
+        entry->derCrl.len += lenDiff;
+    }
+
+    /* copy the der CRL */
+    entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
+                                                          entry->derCrl.len);
+    if (entry->derCrl.data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    PORT_Memcpy(entry->derCrl.data, &dbentry->data[DB_CRL_ENTRY_HEADER_LEN],
+                entry->derCrl.len);
+
+    /* copy the url */
+    entry->url = NULL;
+    if (urlLen != 0) {
+        entry->url = (char *)PORT_ArenaAlloc(entry->common.arena, urlLen);
+        if (entry->url == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        PORT_Memcpy(entry->url,
+                    &dbentry->data[DB_CRL_ENTRY_HEADER_LEN + entry->derCrl.len],
+                    urlLen);
+    }
+
+    return (SECSuccess);
+loser:
+    return (SECFailure);
+}
+
+/*
+ * Create a new certDBEntryRevocation from existing data
+ */
+static certDBEntryRevocation *
+NewDBCrlEntry(SECItem *derCrl, char *url, certDBEntryType crlType, int flags)
+{
+    certDBEntryRevocation *entry;
+    PLArenaPool *arena = NULL;
+    int nnlen;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+
+    if (!arena) {
+        goto loser;
+    }
+
+    entry = PORT_ArenaZNew(arena, certDBEntryRevocation);
+    if (entry == NULL) {
+        goto loser;
+    }
+
+    /* fill in the dbRevolcation */
+    entry->common.arena = arena;
+    entry->common.type = crlType;
+    entry->common.version = CERT_DB_FILE_VERSION;
+    entry->common.flags = flags;
+
+    entry->derCrl.data = (unsigned char *)PORT_ArenaAlloc(arena, derCrl->len);
+    if (!entry->derCrl.data) {
+        goto loser;
+    }
+
+    if (url) {
+        nnlen = PORT_Strlen(url) + 1;
+        entry->url = (char *)PORT_ArenaAlloc(arena, nnlen);
+        if (!entry->url) {
+            goto loser;
+        }
+        PORT_Memcpy(entry->url, url, nnlen);
+    } else {
+        entry->url = NULL;
+    }
+
+    entry->derCrl.len = derCrl->len;
+    PORT_Memcpy(entry->derCrl.data, derCrl->data, derCrl->len);
+
+    return (entry);
+
+loser:
+
+    /* allocation error, free arena and return */
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    return (0);
+}
+
+static SECStatus
+WriteDBCrlEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryRevocation *entry,
+                SECItem *crlKey)
+{
+    SECItem dbkey;
+    PLArenaPool *tmparena = NULL;
+    SECItem encodedEntry;
+    SECStatus rv;
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBCrlEntry(entry, tmparena, &encodedEntry);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    rv = EncodeDBGenericKey(crlKey, tmparena, &dbkey, entry->common.type);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    /* now write it to the database */
+    rv = WriteDBEntry(handle, &entry->common, &dbkey, &encodedEntry);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    return (SECFailure);
+}
+/*
+ * delete a crl entry
+ */
+static SECStatus
+DeleteDBCrlEntry(NSSLOWCERTCertDBHandle *handle, const SECItem *crlKey,
+                 certDBEntryType crlType)
+{
+    SECItem dbkey;
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBGenericKey(crlKey, arena, &dbkey, crlType);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = DeleteDBEntry(handle, crlType, &dbkey);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (SECFailure);
+}
+
+/*
+ * Read a certificate entry
+ */
+static certDBEntryRevocation *
+ReadDBCrlEntry(NSSLOWCERTCertDBHandle *handle, SECItem *certKey,
+               certDBEntryType crlType)
+{
+    PLArenaPool *arena = NULL;
+    PLArenaPool *tmparena = NULL;
+    certDBEntryRevocation *entry;
+    SECItem dbkey;
+    SECItem dbentry;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = (certDBEntryRevocation *)
+        PORT_ArenaAlloc(arena, sizeof(certDBEntryRevocation));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    entry->common.arena = arena;
+    entry->common.type = crlType;
+
+    rv = EncodeDBGenericKey(certKey, tmparena, &dbkey, crlType);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    rv = DecodeDBCrlEntry(entry, &dbentry);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (entry);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+void
+nsslowcert_DestroyDBEntry(certDBEntry *entry)
+{
+    DestroyDBEntry(entry);
+    return;
+}
+
+/*
+ * Encode a database nickname record
+ */
+static SECStatus
+EncodeDBNicknameEntry(certDBEntryNickname *entry, PLArenaPool *arena,
+                      SECItem *dbitem)
+{
+    unsigned char *buf;
+
+    /* allocate space for encoded database record, including space
+     * for low level header
+     */
+    dbitem->len = entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN +
+                  SEC_DB_ENTRY_HEADER_LEN;
+    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
+    if (dbitem->data == NULL) {
+        goto loser;
+    }
+
+    /* fill in database record */
+    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
+    buf[0] = (PRUint8)(entry->subjectName.len >> 8);
+    buf[1] = (PRUint8)(entry->subjectName.len);
+    PORT_Memcpy(&buf[DB_NICKNAME_ENTRY_HEADER_LEN], entry->subjectName.data,
+                entry->subjectName.len);
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * Encode a database key for a nickname record
+ */
+static SECStatus
+EncodeDBNicknameKey(char *nickname, PLArenaPool *arena,
+                    SECItem *dbkey)
+{
+    unsigned int nnlen;
+
+    nnlen = PORT_Strlen(nickname) + 1; /* includes null */
+
+    /* now get the database key and format it */
+    dbkey->len = nnlen + SEC_DB_KEY_HEADER_LEN;
+    if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE)
+        goto loser;
+    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
+    if (dbkey->data == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], nickname, nnlen);
+    dbkey->data[0] = certDBEntryTypeNickname;
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+static SECStatus
+DecodeDBNicknameEntry(certDBEntryNickname *entry, SECItem *dbentry,
+                      char *nickname)
+{
+    int lenDiff;
+
+    /* is record long enough for header? */
+    if (dbentry->len < DB_NICKNAME_ENTRY_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    /* is database entry correct length? */
+    entry->subjectName.len = ((dbentry->data[0] << 8) | dbentry->data[1]);
+    lenDiff = dbentry->len -
+              (entry->subjectName.len + DB_NICKNAME_ENTRY_HEADER_LEN);
+    if (lenDiff) {
+        if (lenDiff < 0 || (lenDiff & 0xffff) != 0) {
+            PORT_SetError(SEC_ERROR_BAD_DATABASE);
+            goto loser;
+        }
+        /* The entry size exceeded 64KB.  Reconstruct the correct length. */
+        entry->subjectName.len += lenDiff;
+    }
+
+    /* copy the certkey */
+    entry->subjectName.data =
+        (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
+                                         entry->subjectName.len);
+    if (entry->subjectName.data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    PORT_Memcpy(entry->subjectName.data,
+                &dbentry->data[DB_NICKNAME_ENTRY_HEADER_LEN],
+                entry->subjectName.len);
+    entry->subjectName.type = siBuffer;
+
+    entry->nickname = (char *)PORT_ArenaAlloc(entry->common.arena,
+                                              PORT_Strlen(nickname) + 1);
+    if (entry->nickname) {
+        PORT_Strcpy(entry->nickname, nickname);
+    }
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * create a new nickname entry
+ */
+static certDBEntryNickname *
+NewDBNicknameEntry(char *nickname, SECItem *subjectName, unsigned int flags)
+{
+    PLArenaPool *arena = NULL;
+    certDBEntryNickname *entry;
+    int nnlen;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = (certDBEntryNickname *)PORT_ArenaAlloc(arena,
+                                                   sizeof(certDBEntryNickname));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* init common fields */
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeNickname;
+    entry->common.version = CERT_DB_FILE_VERSION;
+    entry->common.flags = flags;
+
+    /* copy the nickname */
+    nnlen = PORT_Strlen(nickname) + 1;
+
+    entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
+    if (entry->nickname == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(entry->nickname, nickname, nnlen);
+
+    rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return (entry);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * delete a nickname entry
+ */
+static SECStatus
+DeleteDBNicknameEntry(NSSLOWCERTCertDBHandle *handle, char *nickname)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    SECItem dbkey;
+
+    if (nickname == NULL) {
+        return (SECSuccess);
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBNicknameKey(nickname, arena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = DeleteDBEntry(handle, certDBEntryTypeNickname, &dbkey);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (SECFailure);
+}
+
+/*
+ * Read a nickname entry
+ */
+static certDBEntryNickname *
+ReadDBNicknameEntry(NSSLOWCERTCertDBHandle *handle, char *nickname)
+{
+    PLArenaPool *arena = NULL;
+    PLArenaPool *tmparena = NULL;
+    certDBEntryNickname *entry;
+    SECItem dbkey;
+    SECItem dbentry;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = (certDBEntryNickname *)PORT_ArenaAlloc(arena,
+                                                   sizeof(certDBEntryNickname));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeNickname;
+
+    rv = EncodeDBNicknameKey(nickname, tmparena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    /* is record long enough for header? */
+    if (dbentry.len < DB_NICKNAME_ENTRY_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    rv = DecodeDBNicknameEntry(entry, &dbentry, nickname);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (entry);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * Encode a nickname entry into byte stream suitable for
+ * the database
+ */
+static SECStatus
+WriteDBNicknameEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryNickname *entry)
+{
+    SECItem dbitem, dbkey;
+    PLArenaPool *tmparena = NULL;
+    SECStatus rv;
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBNicknameEntry(entry, tmparena, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = EncodeDBNicknameKey(entry->nickname, tmparena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* now write it to the database */
+    rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    return (SECFailure);
+}
+
+static SECStatus
+EncodeDBSMimeEntry(certDBEntrySMime *entry, PLArenaPool *arena,
+                   SECItem *dbitem)
+{
+    unsigned char *buf;
+
+    /* allocate space for encoded database record, including space
+     * for low level header
+     */
+    dbitem->len = entry->subjectName.len + entry->smimeOptions.len +
+                  entry->optionsDate.len +
+                  DB_SMIME_ENTRY_HEADER_LEN + SEC_DB_ENTRY_HEADER_LEN;
+
+    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
+    if (dbitem->data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* fill in database record */
+    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
+
+    buf[0] = (PRUint8)(entry->subjectName.len >> 8);
+    buf[1] = (PRUint8)(entry->subjectName.len);
+    buf[2] = (PRUint8)(entry->smimeOptions.len >> 8);
+    buf[3] = (PRUint8)(entry->smimeOptions.len);
+    buf[4] = (PRUint8)(entry->optionsDate.len >> 8);
+    buf[5] = (PRUint8)(entry->optionsDate.len);
+
+    /* if no smime options, then there should not be an options date either */
+    PORT_Assert(!((entry->smimeOptions.len == 0) &&
+                  (entry->optionsDate.len != 0)));
+
+    PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN], entry->subjectName.data,
+                entry->subjectName.len);
+    if (entry->smimeOptions.len) {
+        PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN + entry->subjectName.len],
+                    entry->smimeOptions.data,
+                    entry->smimeOptions.len);
+        PORT_Memcpy(&buf[DB_SMIME_ENTRY_HEADER_LEN + entry->subjectName.len +
+                         entry->smimeOptions.len],
+                    entry->optionsDate.data,
+                    entry->optionsDate.len);
+    }
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * Encode a database key for a SMIME record
+ */
+static SECStatus
+EncodeDBSMimeKey(char *emailAddr, PLArenaPool *arena,
+                 SECItem *dbkey)
+{
+    unsigned int addrlen;
+
+    addrlen = PORT_Strlen(emailAddr) + 1; /* includes null */
+
+    /* now get the database key and format it */
+    dbkey->len = addrlen + SEC_DB_KEY_HEADER_LEN;
+    if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE)
+        goto loser;
+    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
+    if (dbkey->data == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], emailAddr, addrlen);
+    dbkey->data[0] = certDBEntryTypeSMimeProfile;
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * Decode a database SMIME record
+ */
+static SECStatus
+DecodeDBSMimeEntry(certDBEntrySMime *entry, SECItem *dbentry, char *emailAddr)
+{
+    int lenDiff;
+
+    /* is record long enough for header? */
+    if (dbentry->len < DB_SMIME_ENTRY_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    /* is database entry correct length? */
+    entry->subjectName.len = ((dbentry->data[0] << 8) | dbentry->data[1]);
+    entry->smimeOptions.len = ((dbentry->data[2] << 8) | dbentry->data[3]);
+    entry->optionsDate.len = ((dbentry->data[4] << 8) | dbentry->data[5]);
+    lenDiff = dbentry->len - (entry->subjectName.len +
+                              entry->smimeOptions.len +
+                              entry->optionsDate.len +
+                              DB_SMIME_ENTRY_HEADER_LEN);
+    if (lenDiff) {
+        if (lenDiff < 0 || (lenDiff & 0xffff) != 0) {
+            PORT_SetError(SEC_ERROR_BAD_DATABASE);
+            goto loser;
+        }
+        /* The entry size exceeded 64KB.  Reconstruct the correct length. */
+        entry->subjectName.len += lenDiff;
+    }
+
+    /* copy the subject name */
+    entry->subjectName.data =
+        (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
+                                         entry->subjectName.len);
+    if (entry->subjectName.data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    PORT_Memcpy(entry->subjectName.data,
+                &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN],
+                entry->subjectName.len);
+
+    /* copy the smime options */
+    if (entry->smimeOptions.len) {
+        entry->smimeOptions.data =
+            (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
+                                             entry->smimeOptions.len);
+        if (entry->smimeOptions.data == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        PORT_Memcpy(entry->smimeOptions.data,
+                    &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
+                                   entry->subjectName.len],
+                    entry->smimeOptions.len);
+    }
+    if (entry->optionsDate.len) {
+        entry->optionsDate.data =
+            (unsigned char *)PORT_ArenaAlloc(entry->common.arena,
+                                             entry->optionsDate.len);
+        if (entry->optionsDate.data == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        PORT_Memcpy(entry->optionsDate.data,
+                    &dbentry->data[DB_SMIME_ENTRY_HEADER_LEN +
+                                   entry->subjectName.len +
+                                   entry->smimeOptions.len],
+                    entry->optionsDate.len);
+    }
+
+    /* both options and options date must either exist or not exist */
+    if (((entry->optionsDate.len == 0) ||
+         (entry->smimeOptions.len == 0)) &&
+        entry->smimeOptions.len != entry->optionsDate.len) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    entry->emailAddr = (char *)PORT_ArenaAlloc(entry->common.arena,
+                                               PORT_Strlen(emailAddr) + 1);
+    if (entry->emailAddr) {
+        PORT_Strcpy(entry->emailAddr, emailAddr);
+    }
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * create a new SMIME entry
+ */
+static certDBEntrySMime *
+NewDBSMimeEntry(char *emailAddr, SECItem *subjectName, SECItem *smimeOptions,
+                SECItem *optionsDate, unsigned int flags)
+{
+    PLArenaPool *arena = NULL;
+    certDBEntrySMime *entry;
+    int addrlen;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
+                                                sizeof(certDBEntrySMime));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* init common fields */
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeSMimeProfile;
+    entry->common.version = CERT_DB_FILE_VERSION;
+    entry->common.flags = flags;
+
+    /* copy the email addr */
+    addrlen = PORT_Strlen(emailAddr) + 1;
+
+    entry->emailAddr = (char *)PORT_ArenaAlloc(arena, addrlen);
+    if (entry->emailAddr == NULL) {
+        goto loser;
+    }
+
+    PORT_Memcpy(entry->emailAddr, emailAddr, addrlen);
+
+    /* copy the subject name */
+    rv = SECITEM_CopyItem(arena, &entry->subjectName, subjectName);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* copy the smime options */
+    if (smimeOptions) {
+        rv = SECITEM_CopyItem(arena, &entry->smimeOptions, smimeOptions);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        PORT_Assert(optionsDate == NULL);
+        entry->smimeOptions.data = NULL;
+        entry->smimeOptions.len = 0;
+    }
+
+    /* copy the options date */
+    if (optionsDate) {
+        rv = SECITEM_CopyItem(arena, &entry->optionsDate, optionsDate);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        PORT_Assert(smimeOptions == NULL);
+        entry->optionsDate.data = NULL;
+        entry->optionsDate.len = 0;
+    }
+
+    return (entry);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * delete a SMIME entry
+ */
+static SECStatus
+DeleteDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
+{
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+    SECItem dbkey;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBSMimeKey(emailAddr, arena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = DeleteDBEntry(handle, certDBEntryTypeSMimeProfile, &dbkey);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (SECFailure);
+}
+
+/*
+ * Read a SMIME entry
+ */
+certDBEntrySMime *
+nsslowcert_ReadDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, char *emailAddr)
+{
+    PLArenaPool *arena = NULL;
+    PLArenaPool *tmparena = NULL;
+    certDBEntrySMime *entry;
+    SECItem dbkey;
+    SECItem dbentry;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = (certDBEntrySMime *)PORT_ArenaAlloc(arena,
+                                                sizeof(certDBEntrySMime));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeSMimeProfile;
+
+    rv = EncodeDBSMimeKey(emailAddr, tmparena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    /* is record long enough for header? */
+    if (dbentry.len < DB_SMIME_ENTRY_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    rv = DecodeDBSMimeEntry(entry, &dbentry, emailAddr);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (entry);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * Encode a SMIME entry into byte stream suitable for
+ * the database
+ */
+static SECStatus
+WriteDBSMimeEntry(NSSLOWCERTCertDBHandle *handle, certDBEntrySMime *entry)
+{
+    SECItem dbitem, dbkey;
+    PLArenaPool *tmparena = NULL;
+    SECStatus rv;
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBSMimeEntry(entry, tmparena, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = EncodeDBSMimeKey(entry->emailAddr, tmparena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* now write it to the database */
+    rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    return (SECFailure);
+}
+
+/*
+ * Encode a database subject record
+ */
+static SECStatus
+EncodeDBSubjectEntry(certDBEntrySubject *entry, PLArenaPool *arena,
+                     SECItem *dbitem)
+{
+    unsigned char *buf;
+    int len;
+    unsigned int ncerts;
+    unsigned int i;
+    unsigned char *tmpbuf;
+    unsigned int nnlen = 0;
+    unsigned int eaddrslen = 0;
+    int keyidoff;
+    SECItem *certKeys = entry->certKeys;
+    SECItem *keyIDs = entry->keyIDs;
+    ;
+
+    if (entry->nickname) {
+        nnlen = PORT_Strlen(entry->nickname) + 1;
+    }
+    if (entry->emailAddrs) {
+        eaddrslen = 2;
+        for (i = 0; i < entry->nemailAddrs; i++) {
+            eaddrslen += PORT_Strlen(entry->emailAddrs[i]) + 1 + 2;
+        }
+    }
+
+    ncerts = entry->ncerts;
+
+    /* compute the length of the entry */
+    keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen;
+    len = keyidoff + (4 * ncerts) + eaddrslen;
+    for (i = 0; i < ncerts; i++) {
+        if (keyIDs[i].len > 0xffff ||
+            (certKeys[i].len > 0xffff)) {
+            PORT_SetError(SEC_ERROR_INPUT_LEN);
+            goto loser;
+        }
+        len += certKeys[i].len;
+        len += keyIDs[i].len;
+    }
+
+    /* allocate space for encoded database record, including space
+     * for low level header
+     */
+    dbitem->len = len + SEC_DB_ENTRY_HEADER_LEN;
+
+    dbitem->data = (unsigned char *)PORT_ArenaAlloc(arena, dbitem->len);
+    if (dbitem->data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* fill in database record */
+    buf = &dbitem->data[SEC_DB_ENTRY_HEADER_LEN];
+
+    buf[0] = (PRUint8)(ncerts >> 8);
+    buf[1] = (PRUint8)(ncerts);
+    buf[2] = (PRUint8)(nnlen >> 8);
+    buf[3] = (PRUint8)(nnlen);
+    /* v7 email field is NULL in v8 */
+    buf[4] = 0;
+    buf[5] = 0;
+
+    PORT_Assert(DB_SUBJECT_ENTRY_HEADER_LEN == 6);
+
+    if (entry->nickname) {
+        PORT_Memcpy(&buf[DB_SUBJECT_ENTRY_HEADER_LEN], entry->nickname, nnlen);
+    }
+    tmpbuf = &buf[keyidoff];
+    for (i = 0; i < ncerts; i++) {
+        tmpbuf[0] = (PRUint8)(certKeys[i].len >> 8);
+        tmpbuf[1] = (PRUint8)(certKeys[i].len);
+        tmpbuf += 2;
+    }
+    for (i = 0; i < ncerts; i++) {
+        tmpbuf[0] = (PRUint8)(keyIDs[i].len >> 8);
+        tmpbuf[1] = (PRUint8)(keyIDs[i].len);
+        tmpbuf += 2;
+    }
+
+    for (i = 0; i < ncerts; i++) {
+        PORT_Memcpy(tmpbuf, certKeys[i].data, certKeys[i].len);
+        tmpbuf += certKeys[i].len;
+    }
+    for (i = 0; i < ncerts; i++) {
+        if (keyIDs[i].len) {
+            PORT_Memcpy(tmpbuf, keyIDs[i].data, keyIDs[i].len);
+            tmpbuf += keyIDs[i].len;
+        }
+    }
+
+    if (entry->emailAddrs) {
+        tmpbuf[0] = (PRUint8)(entry->nemailAddrs >> 8);
+        tmpbuf[1] = (PRUint8)(entry->nemailAddrs);
+        tmpbuf += 2;
+        for (i = 0; i < entry->nemailAddrs; i++) {
+            int nameLen = PORT_Strlen(entry->emailAddrs[i]) + 1;
+            tmpbuf[0] = (PRUint8)(nameLen >> 8);
+            tmpbuf[1] = (PRUint8)(nameLen);
+            tmpbuf += 2;
+            PORT_Memcpy(tmpbuf, entry->emailAddrs[i], nameLen);
+            tmpbuf += nameLen;
+        }
+    }
+
+    PORT_Assert(tmpbuf == &buf[len]);
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * Encode a database key for a subject record
+ */
+static SECStatus
+EncodeDBSubjectKey(SECItem *derSubject, PLArenaPool *arena,
+                   SECItem *dbkey)
+{
+    dbkey->len = derSubject->len + SEC_DB_KEY_HEADER_LEN;
+    if (dbkey->len > NSS_MAX_LEGACY_DB_KEY_SIZE)
+        goto loser;
+    dbkey->data = (unsigned char *)PORT_ArenaAlloc(arena, dbkey->len);
+    if (dbkey->data == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(&dbkey->data[SEC_DB_KEY_HEADER_LEN], derSubject->data,
+                derSubject->len);
+    dbkey->data[0] = certDBEntryTypeSubject;
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+static SECStatus
+DecodeDBSubjectEntry(certDBEntrySubject *entry, SECItem *dbentry,
+                     const SECItem *derSubject)
+{
+    PLArenaPool *arena = entry->common.arena;
+    unsigned char *tmpbuf;
+    unsigned char *end;
+    void *mark = PORT_ArenaMark(arena);
+    unsigned int eaddrlen;
+    unsigned int i;
+    unsigned int keyidoff;
+    unsigned int len;
+    unsigned int ncerts = 0;
+    unsigned int nnlen;
+    SECStatus rv;
+
+    rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* is record long enough for header? */
+    if (dbentry->len < DB_SUBJECT_ENTRY_HEADER_LEN) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    entry->ncerts = ncerts = ((dbentry->data[0] << 8) | dbentry->data[1]);
+    nnlen = ((dbentry->data[2] << 8) | dbentry->data[3]);
+    eaddrlen = ((dbentry->data[4] << 8) | dbentry->data[5]);
+    keyidoff = DB_SUBJECT_ENTRY_HEADER_LEN + nnlen + eaddrlen;
+    len = keyidoff + (4 * ncerts);
+    if (dbentry->len < len) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    entry->certKeys = PORT_ArenaNewArray(arena, SECItem, ncerts);
+    entry->keyIDs = PORT_ArenaNewArray(arena, SECItem, ncerts);
+    if ((entry->certKeys == NULL) || (entry->keyIDs == NULL)) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    if (nnlen > 1) { /* null terminator is stored */
+        entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
+        if (entry->nickname == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        PORT_Memcpy(entry->nickname,
+                    &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN],
+                    nnlen);
+    } else {
+        entry->nickname = NULL;
+    }
+
+    /* if we have an old style email entry, there is only one */
+    entry->nemailAddrs = 0;
+    if (eaddrlen > 1) { /* null terminator is stored */
+        entry->emailAddrs = PORT_ArenaNewArray(arena, char *, 2);
+        if (entry->emailAddrs == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        entry->emailAddrs[0] = (char *)PORT_ArenaAlloc(arena, eaddrlen);
+        if (entry->emailAddrs[0] == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        PORT_Memcpy(entry->emailAddrs[0],
+                    &dbentry->data[DB_SUBJECT_ENTRY_HEADER_LEN + nnlen],
+                    eaddrlen);
+        entry->nemailAddrs = 1;
+    } else {
+        entry->emailAddrs = NULL;
+    }
+
+    /* collect the lengths of the certKeys and keyIDs, and total the
+     * overall length.
+     */
+    tmpbuf = &dbentry->data[keyidoff];
+    for (i = 0; i < ncerts; i++) {
+        unsigned int itemlen = (tmpbuf[0] << 8) | tmpbuf[1];
+        entry->certKeys[i].len = itemlen;
+        len += itemlen;
+        tmpbuf += 2;
+    }
+    for (i = 0; i < ncerts; i++) {
+        unsigned int itemlen = (tmpbuf[0] << 8) | tmpbuf[1];
+        entry->keyIDs[i].len = itemlen;
+        len += itemlen;
+        tmpbuf += 2;
+    }
+
+    /* is encoded entry large enough ? */
+    if (len > dbentry->len) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        goto loser;
+    }
+
+    for (i = 0; i < ncerts; i++) {
+        unsigned int kLen = entry->certKeys[i].len;
+        entry->certKeys[i].data = (unsigned char *)PORT_ArenaAlloc(arena, kLen);
+        if (entry->certKeys[i].data == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        PORT_Memcpy(entry->certKeys[i].data, tmpbuf, kLen);
+        tmpbuf += kLen;
+    }
+    for (i = 0; i < ncerts; i++) {
+        unsigned int iLen = entry->keyIDs[i].len;
+        entry->keyIDs[i].data = (unsigned char *)PORT_ArenaAlloc(arena, iLen);
+        if (entry->keyIDs[i].data == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        PORT_Memcpy(entry->keyIDs[i].data, tmpbuf, iLen);
+        tmpbuf += iLen;
+    }
+
+    end = dbentry->data + dbentry->len;
+    if ((eaddrlen == 0) && (end - tmpbuf > 1)) {
+        /* read in the additional email addresses */
+        entry->nemailAddrs = (((unsigned int)tmpbuf[0]) << 8) | tmpbuf[1];
+        tmpbuf += 2;
+        if (end - tmpbuf < 2 * (int)entry->nemailAddrs)
+            goto loser;
+        entry->emailAddrs = PORT_ArenaNewArray(arena, char *, entry->nemailAddrs);
+        if (entry->emailAddrs == NULL) {
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            goto loser;
+        }
+        for (i = 0; i < entry->nemailAddrs; i++) {
+            int nameLen;
+            if (end - tmpbuf < 2) {
+                goto loser;
+            }
+            nameLen = (((int)tmpbuf[0]) << 8) | tmpbuf[1];
+            tmpbuf += 2;
+            if (end - tmpbuf < nameLen) {
+                goto loser;
+            }
+            entry->emailAddrs[i] = PORT_ArenaAlloc(arena, nameLen);
+            if (entry->emailAddrs == NULL) {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                goto loser;
+            }
+            PORT_Memcpy(entry->emailAddrs[i], tmpbuf, nameLen);
+            tmpbuf += nameLen;
+        }
+        if (tmpbuf != end)
+            goto loser;
+    }
+    PORT_ArenaUnmark(arena, mark);
+    return (SECSuccess);
+
+loser:
+    PORT_ArenaRelease(arena, mark); /* discard above allocations */
+    return (SECFailure);
+}
+
+/*
+ * create a new subject entry with a single cert
+ */
+static certDBEntrySubject *
+NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey,
+                  SECItem *keyID, char *nickname, char *emailAddr,
+                  unsigned int flags)
+{
+    PLArenaPool *arena = NULL;
+    certDBEntrySubject *entry;
+    SECStatus rv;
+    unsigned int nnlen;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
+                                                  sizeof(certDBEntrySubject));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* init common fields */
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeSubject;
+    entry->common.version = CERT_DB_FILE_VERSION;
+    entry->common.flags = flags;
+
+    /* copy the subject */
+    rv = SECITEM_CopyItem(arena, &entry->derSubject, derSubject);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    entry->ncerts = 1;
+    entry->nemailAddrs = 0;
+    /* copy nickname */
+    if (nickname && (*nickname != '\0')) {
+        nnlen = PORT_Strlen(nickname) + 1;
+        entry->nickname = (char *)PORT_ArenaAlloc(arena, nnlen);
+        if (entry->nickname == NULL) {
+            goto loser;
+        }
+
+        PORT_Memcpy(entry->nickname, nickname, nnlen);
+    } else {
+        entry->nickname = NULL;
+    }
+
+    /* copy email addr */
+    if (emailAddr && (*emailAddr != '\0')) {
+        emailAddr = nsslowcert_FixupEmailAddr(emailAddr);
+        if (emailAddr == NULL) {
+            entry->emailAddrs = NULL;
+            goto loser;
+        }
+
+        entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *));
+        if (entry->emailAddrs == NULL) {
+            PORT_Free(emailAddr);
+            goto loser;
+        }
+        entry->emailAddrs[0] = PORT_ArenaStrdup(arena, emailAddr);
+        if (entry->emailAddrs[0]) {
+            entry->nemailAddrs = 1;
+        }
+
+        PORT_Free(emailAddr);
+    } else {
+        entry->emailAddrs = NULL;
+    }
+
+    /* allocate space for certKeys and keyIDs */
+    entry->certKeys = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
+    entry->keyIDs = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
+    if ((entry->certKeys == NULL) || (entry->keyIDs == NULL)) {
+        goto loser;
+    }
+
+    /* copy the certKey and keyID */
+    rv = SECITEM_CopyItem(arena, &entry->certKeys[0], certKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = SECITEM_CopyItem(arena, &entry->keyIDs[0], keyID);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    return (entry);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * delete a subject entry
+ */
+static SECStatus
+DeleteDBSubjectEntry(NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
+{
+    SECItem dbkey;
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBSubjectKey(derSubject, arena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = DeleteDBEntry(handle, certDBEntryTypeSubject, &dbkey);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (SECFailure);
+}
+
+/*
+ * Read the subject entry
+ */
+static certDBEntrySubject *
+ReadDBSubjectEntry(NSSLOWCERTCertDBHandle *handle, SECItem *derSubject)
+{
+    /* |arena| isn't function-bounded, so cannot be a PORTCheapArenaPool. */
+    PLArenaPool *arena = NULL;
+    PORTCheapArenaPool tmpArena;
+
+    certDBEntrySubject *entry;
+    SECItem dbkey;
+    SECItem dbentry;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    PORT_InitCheapArena(&tmpArena, DER_DEFAULT_CHUNKSIZE);
+
+    entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
+                                                  sizeof(certDBEntrySubject));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeSubject;
+
+    rv = EncodeDBSubjectKey(derSubject, &tmpArena.arena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, &tmpArena.arena);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    rv = DecodeDBSubjectEntry(entry, &dbentry, derSubject);
+    if (rv == SECFailure) {
+        goto loser;
+    }
+
+    PORT_DestroyCheapArena(&tmpArena);
+    return (entry);
+
+loser:
+    PORT_DestroyCheapArena(&tmpArena);
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * Encode a subject name entry into byte stream suitable for
+ * the database
+ */
+static SECStatus
+WriteDBSubjectEntry(NSSLOWCERTCertDBHandle *handle, certDBEntrySubject *entry)
+{
+    SECItem dbitem, dbkey;
+    PLArenaPool *tmparena = NULL;
+    SECStatus rv;
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBSubjectEntry(entry, tmparena, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = EncodeDBSubjectKey(&entry->derSubject, tmparena, &dbkey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* now write it to the database */
+    rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    return (SECFailure);
+}
+
+typedef enum { nsslowcert_remove,
+               nsslowcert_add } nsslowcertUpdateType;
+
+static SECStatus
+nsslowcert_UpdateSubjectEmailAddr(NSSLOWCERTCertDBHandle *dbhandle,
+                                  SECItem *derSubject, char *emailAddr, nsslowcertUpdateType updateType)
+{
+    certDBEntrySubject *entry = NULL;
+    int index = -1, i;
+    SECStatus rv;
+
+    if (emailAddr) {
+        emailAddr = nsslowcert_FixupEmailAddr(emailAddr);
+        if (emailAddr == NULL) {
+            return SECFailure;
+        }
+    } else {
+        return SECSuccess;
+    }
+
+    entry = ReadDBSubjectEntry(dbhandle, derSubject);
+    if (entry == NULL) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    for (i = 0; i < (int)(entry->nemailAddrs); i++) {
+        if (PORT_Strcmp(entry->emailAddrs[i], emailAddr) == 0) {
+            index = i;
+        }
+    }
+
+    if (updateType == nsslowcert_remove) {
+        if (index == -1) {
+            rv = SECSuccess;
+            goto done;
+        }
+        entry->nemailAddrs--;
+        for (i = index; i < (int)(entry->nemailAddrs); i++) {
+            entry->emailAddrs[i] = entry->emailAddrs[i + 1];
+        }
+    } else {
+        char **newAddrs = NULL;
+
+        if (index != -1) {
+            rv = SECSuccess;
+            goto done;
+        }
+        newAddrs = (char **)PORT_ArenaAlloc(entry->common.arena,
+                                            (entry->nemailAddrs + 1) * sizeof(char *));
+        if (!newAddrs) {
+            rv = SECFailure;
+            goto done;
+        }
+        for (i = 0; i < (int)(entry->nemailAddrs); i++) {
+            newAddrs[i] = entry->emailAddrs[i];
+        }
+        newAddrs[entry->nemailAddrs] =
+            PORT_ArenaStrdup(entry->common.arena, emailAddr);
+        if (!newAddrs[entry->nemailAddrs]) {
+            rv = SECFailure;
+            goto done;
+        }
+        entry->emailAddrs = newAddrs;
+        entry->nemailAddrs++;
+    }
+
+    /* delete the subject entry */
+    DeleteDBSubjectEntry(dbhandle, derSubject);
+
+    /* write the new one */
+    rv = WriteDBSubjectEntry(dbhandle, entry);
+
+done:
+    if (entry)
+        DestroyDBEntry((certDBEntry *)entry);
+    if (emailAddr)
+        PORT_Free(emailAddr);
+    return rv;
+}
+
+/*
+ * writes a nickname to an existing subject entry that does not currently
+ * have one
+ */
+static SECStatus
+AddNicknameToSubject(NSSLOWCERTCertDBHandle *dbhandle,
+                     NSSLOWCERTCertificate *cert, char *nickname)
+{
+    certDBEntrySubject *entry;
+    SECStatus rv;
+
+    if (nickname == NULL) {
+        return (SECFailure);
+    }
+
+    entry = ReadDBSubjectEntry(dbhandle, &cert->derSubject);
+    PORT_Assert(entry != NULL);
+    if (entry == NULL) {
+        goto loser;
+    }
+
+    PORT_Assert(entry->nickname == NULL);
+    if (entry->nickname != NULL) {
+        goto loser;
+    }
+
+    entry->nickname = PORT_ArenaStrdup(entry->common.arena, nickname);
+
+    if (entry->nickname == NULL) {
+        goto loser;
+    }
+
+    /* delete the subject entry */
+    DeleteDBSubjectEntry(dbhandle, &cert->derSubject);
+
+    /* write the new one */
+    rv = WriteDBSubjectEntry(dbhandle, entry);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    DestroyDBEntry((certDBEntry *)entry);
+    return (SECSuccess);
+
+loser:
+    DestroyDBEntry((certDBEntry *)entry);
+    return (SECFailure);
+}
+
+/*
+ * create a new version entry
+ */
+static certDBEntryVersion *
+NewDBVersionEntry(unsigned int flags)
+{
+    PLArenaPool *arena = NULL;
+    certDBEntryVersion *entry;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = (certDBEntryVersion *)PORT_ArenaAlloc(arena,
+                                                  sizeof(certDBEntryVersion));
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeVersion;
+    entry->common.version = CERT_DB_FILE_VERSION;
+    entry->common.flags = flags;
+
+    return (entry);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * Read the version entry
+ */
+static certDBEntryVersion *
+ReadDBVersionEntry(NSSLOWCERTCertDBHandle *handle)
+{
+    PLArenaPool *arena = NULL;
+    PLArenaPool *tmparena = NULL;
+    certDBEntryVersion *entry;
+    SECItem dbkey;
+    SECItem dbentry;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    entry = PORT_ArenaZNew(arena, certDBEntryVersion);
+    if (entry == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    entry->common.arena = arena;
+    entry->common.type = certDBEntryTypeVersion;
+
+    /* now get the database key and format it */
+    dbkey.len = SEC_DB_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
+    dbkey.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbkey.len);
+    if (dbkey.data == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY,
+                SEC_DB_VERSION_KEY_LEN);
+
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (entry);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (NULL);
+}
+
+/*
+ * Encode a version entry into byte stream suitable for
+ * the database
+ */
+static SECStatus
+WriteDBVersionEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryVersion *entry)
+{
+    SECItem dbitem, dbkey;
+    PLArenaPool *tmparena = NULL;
+    SECStatus rv;
+
+    tmparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (tmparena == NULL) {
+        goto loser;
+    }
+
+    /* allocate space for encoded database record, including space
+     * for low level header
+     */
+    dbitem.len = SEC_DB_ENTRY_HEADER_LEN;
+
+    dbitem.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbitem.len);
+    if (dbitem.data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    /* now get the database key and format it */
+    dbkey.len = SEC_DB_VERSION_KEY_LEN + SEC_DB_KEY_HEADER_LEN;
+    dbkey.data = (unsigned char *)PORT_ArenaAlloc(tmparena, dbkey.len);
+    if (dbkey.data == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(&dbkey.data[SEC_DB_KEY_HEADER_LEN], SEC_DB_VERSION_KEY,
+                SEC_DB_VERSION_KEY_LEN);
+
+    /* now write it to the database */
+    rv = WriteDBEntry(handle, &entry->common, &dbkey, &dbitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    PORT_FreeArena(tmparena, PR_FALSE);
+    return (SECSuccess);
+
+loser:
+    if (tmparena) {
+        PORT_FreeArena(tmparena, PR_FALSE);
+    }
+    return (SECFailure);
+}
+
+/*
+ * cert is no longer a perm cert, but will remain a temp cert
+ */
+static SECStatus
+RemovePermSubjectNode(NSSLOWCERTCertificate *cert)
+{
+    certDBEntrySubject *entry;
+    unsigned int i;
+    SECStatus rv;
+
+    entry = ReadDBSubjectEntry(cert->dbhandle, &cert->derSubject);
+    if (entry == NULL) {
+        return (SECFailure);
+    }
+
+    PORT_Assert(entry->ncerts);
+    rv = SECFailure;
+
+    if (entry->ncerts > 1) {
+        for (i = 0; i < entry->ncerts; i++) {
+            if (SECITEM_CompareItem(&entry->certKeys[i], &cert->certKey) ==
+                SECEqual) {
+                /* copy rest of list forward one entry */
+                for (i = i + 1; i < entry->ncerts; i++) {
+                    entry->certKeys[i - 1] = entry->certKeys[i];
+                    entry->keyIDs[i - 1] = entry->keyIDs[i];
+                }
+                entry->ncerts--;
+                DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
+                rv = WriteDBSubjectEntry(cert->dbhandle, entry);
+                break;
+            }
+        }
+    } else {
+        /* no entries left, delete the perm entry in the DB */
+        if (entry->emailAddrs) {
+            /* if the subject had an email record, then delete it too */
+            for (i = 0; i < entry->nemailAddrs; i++) {
+                DeleteDBSMimeEntry(cert->dbhandle, entry->emailAddrs[i]);
+            }
+        }
+        if (entry->nickname) {
+            DeleteDBNicknameEntry(cert->dbhandle, entry->nickname);
+        }
+
+        DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
+    }
+    DestroyDBEntry((certDBEntry *)entry);
+
+    return (rv);
+}
+
+/*
+ * add a cert to the perm subject list
+ */
+static SECStatus
+AddPermSubjectNode(certDBEntrySubject *entry, NSSLOWCERTCertificate *cert,
+                   char *nickname)
+{
+    SECItem *newCertKeys, *newKeyIDs;
+    unsigned int i, new_i;
+    SECStatus rv;
+    unsigned int ncerts;
+
+    PORT_Assert(entry);
+    ncerts = entry->ncerts;
+
+    if (nickname && entry->nickname) {
+        /* nicknames must be the same */
+        PORT_Assert(PORT_Strcmp(nickname, entry->nickname) == 0);
+    }
+
+    if ((entry->nickname == NULL) && (nickname != NULL)) {
+        /* copy nickname into the entry */
+        entry->nickname = PORT_ArenaStrdup(entry->common.arena, nickname);
+        if (entry->nickname == NULL) {
+            return (SECFailure);
+        }
+    }
+
+    /* a DB entry already exists, so add this cert */
+    newCertKeys = PORT_ArenaZNewArray(entry->common.arena, SECItem, ncerts + 1);
+    newKeyIDs = PORT_ArenaZNewArray(entry->common.arena, SECItem, ncerts + 1);
+
+    if ((newCertKeys == NULL) || (newKeyIDs == NULL)) {
+        return (SECFailure);
+    }
+
+    /* Step 1: copy certs older than "cert" into new entry. */
+    for (i = 0, new_i = 0; i < ncerts; i++) {
+        NSSLOWCERTCertificate *cmpcert;
+        PRBool isNewer;
+        cmpcert = nsslowcert_FindCertByKey(cert->dbhandle,
+                                           &entry->certKeys[i]);
+        /* The entry has been corrupted, remove it from the list */
+        if (!cmpcert) {
+            continue;
+        }
+
+        isNewer = nsslowcert_IsNewer(cert, cmpcert);
+        nsslowcert_DestroyCertificate(cmpcert);
+        if (isNewer)
+            break;
+        /* copy this cert entry */
+        newCertKeys[new_i] = entry->certKeys[i];
+        newKeyIDs[new_i] = entry->keyIDs[i];
+        new_i++;
+    }
+
+    /* Step 2: Add "cert" to the entry. */
+    rv = SECITEM_CopyItem(entry->common.arena, &newCertKeys[new_i],
+                          &cert->certKey);
+    if (rv != SECSuccess) {
+        return (SECFailure);
+    }
+    rv = SECITEM_CopyItem(entry->common.arena, &newKeyIDs[new_i],
+                          &cert->subjectKeyID);
+    if (rv != SECSuccess) {
+        return (SECFailure);
+    }
+    new_i++;
+
+    /* Step 3: copy remaining certs (if any) from old entry to new. */
+    for (; i < ncerts; i++, new_i++) {
+        newCertKeys[new_i] = entry->certKeys[i];
+        newKeyIDs[new_i] = entry->keyIDs[i];
+    }
+
+    /* update certKeys and keyIDs */
+    entry->certKeys = newCertKeys;
+    entry->keyIDs = newKeyIDs;
+
+    /* set new count value */
+    entry->ncerts = new_i;
+
+    DeleteDBSubjectEntry(cert->dbhandle, &cert->derSubject);
+    rv = WriteDBSubjectEntry(cert->dbhandle, entry);
+    return (rv);
+}
+
+SECStatus
+nsslowcert_TraversePermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
+                                       SECItem *derSubject,
+                                       NSSLOWCERTCertCallback cb, void *cbarg)
+{
+    certDBEntrySubject *entry;
+    unsigned int i;
+    NSSLOWCERTCertificate *cert;
+    SECStatus rv = SECSuccess;
+
+    entry = ReadDBSubjectEntry(handle, derSubject);
+
+    if (entry == NULL) {
+        return (SECFailure);
+    }
+
+    for (i = 0; i < entry->ncerts; i++) {
+        cert = nsslowcert_FindCertByKey(handle, &entry->certKeys[i]);
+        if (!cert) {
+            continue;
+        }
+        rv = (*cb)(cert, cbarg);
+        nsslowcert_DestroyCertificate(cert);
+        if (rv == SECFailure) {
+            break;
+        }
+    }
+
+    DestroyDBEntry((certDBEntry *)entry);
+
+    return (rv);
+}
+
+int
+nsslowcert_NumPermCertsForSubject(NSSLOWCERTCertDBHandle *handle,
+                                  SECItem *derSubject)
+{
+    certDBEntrySubject *entry;
+    int ret;
+
+    entry = ReadDBSubjectEntry(handle, derSubject);
+
+    if (entry == NULL) {
+        return (SECFailure);
+    }
+
+    ret = entry->ncerts;
+
+    DestroyDBEntry((certDBEntry *)entry);
+
+    return (ret);
+}
+
+SECStatus
+nsslowcert_TraversePermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
+                                        char *nickname, NSSLOWCERTCertCallback cb, void *cbarg)
+{
+    certDBEntryNickname *nnentry = NULL;
+    certDBEntrySMime *smentry = NULL;
+    SECStatus rv;
+    SECItem *derSubject = NULL;
+
+    nnentry = ReadDBNicknameEntry(handle, nickname);
+    if (nnentry) {
+        derSubject = &nnentry->subjectName;
+    } else {
+        smentry = nsslowcert_ReadDBSMimeEntry(handle, nickname);
+        if (smentry) {
+            derSubject = &smentry->subjectName;
+        }
+    }
+
+    if (derSubject) {
+        rv = nsslowcert_TraversePermCertsForSubject(handle, derSubject,
+                                                    cb, cbarg);
+    } else {
+        rv = SECFailure;
+    }
+
+    if (nnentry) {
+        DestroyDBEntry((certDBEntry *)nnentry);
+    }
+    if (smentry) {
+        DestroyDBEntry((certDBEntry *)smentry);
+    }
+
+    return (rv);
+}
+
+int
+nsslowcert_NumPermCertsForNickname(NSSLOWCERTCertDBHandle *handle,
+                                   char *nickname)
+{
+    certDBEntryNickname *entry;
+    int ret;
+
+    entry = ReadDBNicknameEntry(handle, nickname);
+
+    if (entry) {
+        ret = nsslowcert_NumPermCertsForSubject(handle, &entry->subjectName);
+        DestroyDBEntry((certDBEntry *)entry);
+    } else {
+        ret = 0;
+    }
+    return (ret);
+}
+
+/*
+ * add a nickname to a cert that doesn't have one
+ */
+static SECStatus
+AddNicknameToPermCert(NSSLOWCERTCertDBHandle *dbhandle,
+                      NSSLOWCERTCertificate *cert, char *nickname)
+{
+    certDBEntryCert *entry;
+    int rv;
+
+    entry = cert->dbEntry;
+    PORT_Assert(entry != NULL);
+    if (entry == NULL) {
+        goto loser;
+    }
+
+    pkcs11_freeNickname(entry->nickname, entry->nicknameSpace);
+    entry->nickname = NULL;
+    entry->nickname = pkcs11_copyNickname(nickname, entry->nicknameSpace,
+                                          sizeof(entry->nicknameSpace));
+
+    rv = WriteDBCertEntry(dbhandle, entry);
+    if (rv) {
+        goto loser;
+    }
+
+    pkcs11_freeNickname(cert->nickname, cert->nicknameSpace);
+    cert->nickname = NULL;
+    cert->nickname = pkcs11_copyNickname(nickname, cert->nicknameSpace,
+                                         sizeof(cert->nicknameSpace));
+
+    return (SECSuccess);
+
+loser:
+    return (SECFailure);
+}
+
+/*
+ * add a nickname to a cert that is already in the perm database, but doesn't
+ * have one yet (it is probably an e-mail cert).
+ */
+SECStatus
+nsslowcert_AddPermNickname(NSSLOWCERTCertDBHandle *dbhandle,
+                           NSSLOWCERTCertificate *cert, char *nickname)
+{
+    SECStatus rv = SECFailure;
+    certDBEntrySubject *entry = NULL;
+    certDBEntryNickname *nicknameEntry = NULL;
+
+    nsslowcert_LockDB(dbhandle);
+
+    entry = ReadDBSubjectEntry(dbhandle, &cert->derSubject);
+    if (entry == NULL)
+        goto loser;
+
+    if (entry->nickname == NULL) {
+
+        /* no nickname for subject */
+        rv = AddNicknameToSubject(dbhandle, cert, nickname);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = AddNicknameToPermCert(dbhandle, cert, nickname);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0);
+        if (nicknameEntry == NULL) {
+            goto loser;
+        }
+
+        rv = WriteDBNicknameEntry(dbhandle, nicknameEntry);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        /* subject already has a nickname */
+        rv = AddNicknameToPermCert(dbhandle, cert, entry->nickname);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        /* make sure nickname entry exists. If the database was corrupted,
+         * we may have lost the nickname entry. Add it back now  */
+        nicknameEntry = ReadDBNicknameEntry(dbhandle, entry->nickname);
+        if (nicknameEntry == NULL) {
+            nicknameEntry = NewDBNicknameEntry(entry->nickname,
+                                               &cert->derSubject, 0);
+            if (nicknameEntry == NULL) {
+                goto loser;
+            }
+
+            rv = WriteDBNicknameEntry(dbhandle, nicknameEntry);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+        }
+    }
+    rv = SECSuccess;
+
+loser:
+    if (entry) {
+        DestroyDBEntry((certDBEntry *)entry);
+    }
+    if (nicknameEntry) {
+        DestroyDBEntry((certDBEntry *)nicknameEntry);
+    }
+    nsslowcert_UnlockDB(dbhandle);
+    return (rv);
+}
+
+static certDBEntryCert *
+AddCertToPermDB(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert,
+                char *nickname, NSSLOWCERTCertTrust *trust)
+{
+    certDBEntryCert *certEntry = NULL;
+    certDBEntryNickname *nicknameEntry = NULL;
+    certDBEntrySubject *subjectEntry = NULL;
+    int state = 0;
+    SECStatus rv;
+    PRBool donnentry = PR_FALSE;
+
+    if (nickname) {
+        donnentry = PR_TRUE;
+    }
+
+    subjectEntry = ReadDBSubjectEntry(handle, &cert->derSubject);
+
+    if (subjectEntry && subjectEntry->nickname) {
+        donnentry = PR_FALSE;
+        nickname = subjectEntry->nickname;
+    }
+
+    certEntry = NewDBCertEntry(&cert->derCert, nickname, trust, 0);
+    if (certEntry == NULL) {
+        goto loser;
+    }
+
+    if (donnentry) {
+        nicknameEntry = NewDBNicknameEntry(nickname, &cert->derSubject, 0);
+        if (nicknameEntry == NULL) {
+            goto loser;
+        }
+    }
+
+    rv = WriteDBCertEntry(handle, certEntry);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    state = 1;
+
+    if (nicknameEntry) {
+        rv = WriteDBNicknameEntry(handle, nicknameEntry);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    state = 2;
+
+    /* "Change" handles if necessary */
+    cert->dbhandle = handle;
+
+    /* add to or create new subject entry */
+    if (subjectEntry) {
+        /* REWRITE BASED ON SUBJECT ENTRY */
+        rv = AddPermSubjectNode(subjectEntry, cert, nickname);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    } else {
+        /* make a new subject entry - this case is only used when updating
+         * an old version of the database.  This is OK because the oldnickname
+         * db format didn't allow multiple certs with the same subject.
+         */
+        /* where does subjectKeyID and certKey come from? */
+        subjectEntry = NewDBSubjectEntry(&cert->derSubject, &cert->certKey,
+                                         &cert->subjectKeyID, nickname,
+                                         NULL, 0);
+        if (subjectEntry == NULL) {
+            goto loser;
+        }
+        rv = WriteDBSubjectEntry(handle, subjectEntry);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    state = 3;
+
+    if (nicknameEntry) {
+        DestroyDBEntry((certDBEntry *)nicknameEntry);
+    }
+
+    if (subjectEntry) {
+        DestroyDBEntry((certDBEntry *)subjectEntry);
+    }
+
+    return (certEntry);
+
+loser:
+    /* don't leave partial entry in the database */
+    if (state > 0) {
+        DeleteDBCertEntry(handle, &cert->certKey);
+    }
+    if ((state > 1) && donnentry) {
+        DeleteDBNicknameEntry(handle, nickname);
+    }
+    if (certEntry) {
+        DestroyDBEntry((certDBEntry *)certEntry);
+    }
+    if (nicknameEntry) {
+        DestroyDBEntry((certDBEntry *)nicknameEntry);
+    }
+    if (subjectEntry) {
+        DestroyDBEntry((certDBEntry *)subjectEntry);
+    }
+
+    return (NULL);
+}
+
+/* forward declaration */
+static SECStatus
+UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb);
+
+/*
+ * version 8 uses the same schema as version 7. The only differences are
+ * 1) version 8 db uses the blob shim to store data entries > 32k.
+ * 2) version 8 db sets the db block size to 32k.
+ * both of these are dealt with by the handle.
+ */
+
+static SECStatus
+UpdateV8DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
+{
+    return UpdateV7DB(handle, updatedb);
+}
+
+/*
+ * we could just blindly sequence through reading key data pairs and writing
+ * them back out, but some cert.db's have gotten quite large and may have some
+ * subtle corruption problems, so instead we cycle through the certs and
+ * CRL's and S/MIME profiles and rebuild our subject lists from those records.
+ */
+static SECStatus
+UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
+{
+    DBT key, data;
+    int ret;
+    NSSLOWCERTCertificate *cert;
+    PRBool isKRL = PR_FALSE;
+    certDBEntryType entryType;
+    SECItem dbEntry, dbKey;
+    certDBEntryRevocation crlEntry;
+    certDBEntryCert certEntry;
+    certDBEntrySMime smimeEntry;
+    SECStatus rv;
+
+    ret = (*updatedb->seq)(updatedb, &key, &data, R_FIRST);
+
+    if (ret) {
+        return (SECFailure);
+    }
+
+    do {
+        unsigned char *dataBuf = (unsigned char *)data.data;
+        unsigned char *keyBuf = (unsigned char *)key.data;
+        dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN];
+        dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN;
+        entryType = (certDBEntryType)keyBuf[0];
+        dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN];
+        dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN;
+        if ((dbEntry.len <= 0) || (dbKey.len <= 0)) {
+            continue;
+        }
+
+        switch (entryType) {
+            /* these entries will get regenerated as we read the
+             * rest of the data from the database */
+            case certDBEntryTypeVersion:
+            case certDBEntryTypeSubject:
+            case certDBEntryTypeContentVersion:
+            case certDBEntryTypeNickname:
+            /* smime profiles need entries created after the certs have
+             * been imported, loop over them in a second run */
+            case certDBEntryTypeSMimeProfile:
+                break;
+
+            case certDBEntryTypeCert:
+                /* decode Entry */
+                certEntry.common.version = (unsigned int)dataBuf[0];
+                certEntry.common.type = entryType;
+                certEntry.common.flags = (unsigned int)dataBuf[2];
+                rv = DecodeDBCertEntry(&certEntry, &dbEntry);
+                if (rv != SECSuccess) {
+                    break;
+                }
+                /* should we check for existing duplicates? */
+                cert = nsslowcert_DecodeDERCertificate(&certEntry.derCert,
+                                                       certEntry.nickname);
+                if (cert) {
+                    nsslowcert_UpdatePermCert(handle, cert, certEntry.nickname,
+                                              &certEntry.trust);
+                    nsslowcert_DestroyCertificate(cert);
+                }
+                /* free any data the decode may have allocated. */
+                pkcs11_freeStaticData(certEntry.derCert.data,
+                                      certEntry.derCertSpace);
+                pkcs11_freeNickname(certEntry.nickname, certEntry.nicknameSpace);
+                break;
+
+            case certDBEntryTypeKeyRevocation:
+                isKRL = PR_TRUE;
+            /* fall through */
+            case certDBEntryTypeRevocation:
+                crlEntry.common.version = (unsigned int)dataBuf[0];
+                crlEntry.common.type = entryType;
+                crlEntry.common.flags = (unsigned int)dataBuf[2];
+                crlEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (crlEntry.common.arena == NULL) {
+                    break;
+                }
+                rv = DecodeDBCrlEntry(&crlEntry, &dbEntry);
+                if (rv != SECSuccess) {
+                    break;
+                }
+                nsslowcert_UpdateCrl(handle, &crlEntry.derCrl, &dbKey,
+                                     crlEntry.url, isKRL);
+                /* free data allocated by the decode */
+                PORT_FreeArena(crlEntry.common.arena, PR_FALSE);
+                crlEntry.common.arena = NULL;
+                break;
+
+            default:
+                break;
+        }
+    } while ((*updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0);
+
+    /* now loop again updating just the SMimeProfile. */
+    ret = (*updatedb->seq)(updatedb, &key, &data, R_FIRST);
+
+    if (ret) {
+        return (SECFailure);
+    }
+
+    do {
+        unsigned char *dataBuf = (unsigned char *)data.data;
+        unsigned char *keyBuf = (unsigned char *)key.data;
+        dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN];
+        dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN;
+        entryType = (certDBEntryType)keyBuf[0];
+        if (entryType != certDBEntryTypeSMimeProfile) {
+            continue;
+        }
+        dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN];
+        dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN;
+        if ((dbEntry.len <= 0) || (dbKey.len <= 0)) {
+            continue;
+        }
+        smimeEntry.common.version = (unsigned int)dataBuf[0];
+        smimeEntry.common.type = entryType;
+        smimeEntry.common.flags = (unsigned int)dataBuf[2];
+        smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+        /* decode entry */
+        rv = DecodeDBSMimeEntry(&smimeEntry, &dbEntry, (char *)dbKey.data);
+        if (rv == SECSuccess) {
+            nsslowcert_UpdateSMimeProfile(handle, smimeEntry.emailAddr,
+                                          &smimeEntry.subjectName, &smimeEntry.smimeOptions,
+                                          &smimeEntry.optionsDate);
+        }
+        PORT_FreeArena(smimeEntry.common.arena, PR_FALSE);
+        smimeEntry.common.arena = NULL;
+    } while ((*updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0);
+
+    (*updatedb->close)(updatedb);
+
+    /* a database update is a good time to go back and verify the integrity of
+     * the keys and certs */
+    handle->dbVerify = PR_TRUE;
+    return (SECSuccess);
+}
+
+/*
+ * NOTE - Version 6 DB did not go out to the real world in a release,
+ * so we can remove this function in a later release.
+ */
+static SECStatus
+UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
+{
+    int ret;
+    DBT key, data;
+    unsigned char *buf, *tmpbuf = NULL;
+    certDBEntryType type;
+    certDBEntryNickname *nnEntry = NULL;
+    certDBEntrySubject *subjectEntry = NULL;
+    certDBEntrySMime *emailEntry = NULL;
+    char *nickname;
+    char *emailAddr;
+
+    /*
+     * Sequence through the old database and copy all of the entries
+     * to the new database.  Subject name entries will have the new
+     * fields inserted into them (with zero length).
+     */
+    ret = (*updatedb->seq)(updatedb, &key, &data, R_FIRST);
+    if (ret) {
+        return (SECFailure);
+    }
+
+    do {
+        buf = (unsigned char *)data.data;
+
+        if (data.size >= 3) {
+            if (buf[0] == 6) { /* version number */
+                type = (certDBEntryType)buf[1];
+                if (type == certDBEntryTypeSubject) {
+                    /* expando subjecto entrieo */
+                    tmpbuf = (unsigned char *)PORT_Alloc(data.size + 4);
+                    if (tmpbuf) {
+                        /* copy header stuff */
+                        PORT_Memcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN + 2);
+                        /* insert 4 more bytes of zero'd header */
+                        PORT_Memset(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 2],
+                                    0, 4);
+                        /* copy rest of the data */
+                        PORT_Memcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 6],
+                                    &buf[SEC_DB_ENTRY_HEADER_LEN + 2],
+                                    data.size - (SEC_DB_ENTRY_HEADER_LEN + 2));
+
+                        data.data = (void *)tmpbuf;
+                        data.size += 4;
+                        buf = tmpbuf;
+                    }
+                } else if (type == certDBEntryTypeCert) {
+                    /* expando certo entrieo */
+                    tmpbuf = (unsigned char *)PORT_Alloc(data.size + 3);
+                    if (tmpbuf) {
+                        /* copy header stuff */
+                        PORT_Memcpy(tmpbuf, buf, SEC_DB_ENTRY_HEADER_LEN);
+
+                        /* copy trust flage, setting msb's to 0 */
+                        tmpbuf[SEC_DB_ENTRY_HEADER_LEN] = 0;
+                        tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 1] =
+                            buf[SEC_DB_ENTRY_HEADER_LEN];
+                        tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 2] = 0;
+                        tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 3] =
+                            buf[SEC_DB_ENTRY_HEADER_LEN + 1];
+                        tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 4] = 0;
+                        tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 5] =
+                            buf[SEC_DB_ENTRY_HEADER_LEN + 2];
+
+                        /* copy rest of the data */
+                        PORT_Memcpy(&tmpbuf[SEC_DB_ENTRY_HEADER_LEN + 6],
+                                    &buf[SEC_DB_ENTRY_HEADER_LEN + 3],
+                                    data.size - (SEC_DB_ENTRY_HEADER_LEN + 3));
+
+                        data.data = (void *)tmpbuf;
+                        data.size += 3;
+                        buf = tmpbuf;
+                    }
+                }
+
+                /* update the record version number */
+                buf[0] = CERT_DB_FILE_VERSION;
+
+                /* copy to the new database */
+                ret = certdb_Put(handle->permCertDB, &key, &data, 0);
+                if (tmpbuf) {
+                    PORT_Free(tmpbuf);
+                    tmpbuf = NULL;
+                }
+                if (ret) {
+                    return SECFailure;
+                }
+            }
+        }
+    } while ((*updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0);
+
+    ret = certdb_Sync(handle->permCertDB, 0);
+    if (ret) {
+        return SECFailure;
+    }
+
+    ret = (*updatedb->seq)(updatedb, &key, &data, R_FIRST);
+    if (ret) {
+        return (SECFailure);
+    }
+
+    do {
+        buf = (unsigned char *)data.data;
+
+        if (data.size >= 3) {
+            if (buf[0] == CERT_DB_FILE_VERSION) { /* version number */
+                type = (certDBEntryType)buf[1];
+                if (type == certDBEntryTypeNickname) {
+                    nickname = &((char *)key.data)[1];
+
+                    /* get the matching nickname entry in the new DB */
+                    nnEntry = ReadDBNicknameEntry(handle, nickname);
+                    if (nnEntry == NULL) {
+                        goto endloop;
+                    }
+
+                    /* find the subject entry pointed to by nickname */
+                    subjectEntry = ReadDBSubjectEntry(handle,
+                                                      &nnEntry->subjectName);
+                    if (subjectEntry == NULL) {
+                        goto endloop;
+                    }
+
+                    subjectEntry->nickname =
+                        (char *)PORT_ArenaAlloc(subjectEntry->common.arena,
+                                                key.size - 1);
+                    if (subjectEntry->nickname) {
+                        PORT_Memcpy(subjectEntry->nickname, nickname,
+                                    key.size - 1);
+                        (void)WriteDBSubjectEntry(handle, subjectEntry);
+                    }
+                } else if (type == certDBEntryTypeSMimeProfile) {
+                    emailAddr = &((char *)key.data)[1];
+
+                    /* get the matching smime entry in the new DB */
+                    emailEntry = nsslowcert_ReadDBSMimeEntry(handle, emailAddr);
+                    if (emailEntry == NULL) {
+                        goto endloop;
+                    }
+
+                    /* find the subject entry pointed to by nickname */
+                    subjectEntry = ReadDBSubjectEntry(handle,
+                                                      &emailEntry->subjectName);
+                    if (subjectEntry == NULL) {
+                        goto endloop;
+                    }
+
+                    subjectEntry->emailAddrs = (char **)
+                        PORT_ArenaAlloc(subjectEntry->common.arena,
+                                        sizeof(char *));
+                    if (subjectEntry->emailAddrs) {
+                        subjectEntry->emailAddrs[0] =
+                            (char *)PORT_ArenaAlloc(subjectEntry->common.arena,
+                                                    key.size - 1);
+                        if (subjectEntry->emailAddrs[0]) {
+                            PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr,
+                                        key.size - 1);
+                            subjectEntry->nemailAddrs = 1;
+                            (void)WriteDBSubjectEntry(handle, subjectEntry);
+                        }
+                    }
+                }
+
+            endloop:
+                if (subjectEntry) {
+                    DestroyDBEntry((certDBEntry *)subjectEntry);
+                    subjectEntry = NULL;
+                }
+                if (nnEntry) {
+                    DestroyDBEntry((certDBEntry *)nnEntry);
+                    nnEntry = NULL;
+                }
+                if (emailEntry) {
+                    DestroyDBEntry((certDBEntry *)emailEntry);
+                    emailEntry = NULL;
+                }
+            }
+        }
+    } while ((*updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0);
+
+    ret = certdb_Sync(handle->permCertDB, 0);
+    if (ret) {
+        return SECFailure;
+    }
+
+    (*updatedb->close)(updatedb);
+    return (SECSuccess);
+}
+
+static SECStatus
+updateV5Callback(NSSLOWCERTCertificate *cert, SECItem *k, void *pdata)
+{
+    NSSLOWCERTCertDBHandle *handle;
+    certDBEntryCert *entry;
+    NSSLOWCERTCertTrust *trust;
+
+    handle = (NSSLOWCERTCertDBHandle *)pdata;
+    trust = &cert->dbEntry->trust;
+
+    /* SSL user certs can be used for email if they have an email addr */
+    if (cert->emailAddr && (trust->sslFlags & CERTDB_USER) &&
+        (trust->emailFlags == 0)) {
+        trust->emailFlags = CERTDB_USER;
+    }
+    /* servers didn't set the user flags on the server cert.. */
+    if (PORT_Strcmp(cert->dbEntry->nickname, "Server-Cert") == 0) {
+        trust->sslFlags |= CERTDB_USER;
+    }
+
+    entry = AddCertToPermDB(handle, cert, cert->dbEntry->nickname,
+                            &cert->dbEntry->trust);
+    if (entry) {
+        DestroyDBEntry((certDBEntry *)entry);
+    }
+
+    return (SECSuccess);
+}
+
+static SECStatus
+UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
+{
+    NSSLOWCERTCertDBHandle updatehandle;
+
+    updatehandle.permCertDB = updatedb;
+    updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB);
+    updatehandle.dbVerify = 0;
+    updatehandle.ref = 1; /* prevent premature close */
+
+    (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback,
+                                       (void *)handle);
+
+    PZ_DestroyMonitor(updatehandle.dbMon);
+
+    (*updatedb->close)(updatedb);
+    return (SECSuccess);
+}
+
+static PRBool
+isV4DB(DB *db)
+{
+    DBT key, data;
+    int ret;
+
+    key.data = "Version";
+    key.size = 7;
+
+    ret = (*db->get)(db, &key, &data, 0);
+    if (ret) {
+        return PR_FALSE;
+    }
+
+    if ((data.size == 1) && (*(unsigned char *)data.data <= 4)) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+static SECStatus
+UpdateV4DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
+{
+    DBT key, data;
+    certDBEntryCert *entry, *entry2;
+    int ret;
+    NSSLOWCERTCertificate *cert;
+
+    ret = (*updatedb->seq)(updatedb, &key, &data, R_FIRST);
+
+    if (ret) {
+        return (SECFailure);
+    }
+
+    do {
+        if (data.size != 1) { /* skip version number */
+
+            /* decode the old DB entry */
+            entry = (certDBEntryCert *)
+                DecodeV4DBCertEntry((unsigned char *)data.data, data.size);
+
+            if (entry) {
+                cert = nsslowcert_DecodeDERCertificate(&entry->derCert,
+                                                       entry->nickname);
+
+                if (cert != NULL) {
+                    /* add to new database */
+                    entry2 = AddCertToPermDB(handle, cert, entry->nickname,
+                                             &entry->trust);
+
+                    nsslowcert_DestroyCertificate(cert);
+                    if (entry2) {
+                        DestroyDBEntry((certDBEntry *)entry2);
+                    }
+                }
+                DestroyDBEntry((certDBEntry *)entry);
+            }
+        }
+    } while ((*updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0);
+
+    (*updatedb->close)(updatedb);
+    return (SECSuccess);
+}
+
+/*
+ * return true if a database key conflict exists
+ */
+PRBool
+nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle)
+{
+    SECStatus rv;
+    DBT tmpdata;
+    DBT namekey;
+    int ret;
+    SECItem keyitem;
+    PLArenaPool *arena = NULL;
+    SECItem derKey;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    /* get the db key of the cert */
+    rv = nsslowcert_KeyFromDERCert(arena, derCert, &derKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = EncodeDBCertKey(&derKey, arena, &keyitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    namekey.data = keyitem.data;
+    namekey.size = keyitem.len;
+
+    ret = certdb_Get(handle->permCertDB, &namekey, &tmpdata, 0);
+    if (ret == 0) {
+        goto loser;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+
+    return (PR_FALSE);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return (PR_TRUE);
+}
+
+/*
+ * return true if a nickname conflict exists
+ * NOTE: caller must have already made sure that this exact cert
+ * doesn't exist in the DB
+ */
+static PRBool
+nsslowcert_CertNicknameConflict(char *nickname, SECItem *derSubject,
+                                NSSLOWCERTCertDBHandle *handle)
+{
+    PRBool rv;
+    certDBEntryNickname *entry;
+
+    if (nickname == NULL) {
+        return (PR_FALSE);
+    }
+
+    entry = ReadDBNicknameEntry(handle, nickname);
+
+    if (entry == NULL) {
+        /* no entry for this nickname, so no conflict */
+        return (PR_FALSE);
+    }
+
+    rv = PR_TRUE;
+    if (SECITEM_CompareItem(derSubject, &entry->subjectName) == SECEqual) {
+        /* if subject names are the same, then no conflict */
+        rv = PR_FALSE;
+    }
+
+    DestroyDBEntry((certDBEntry *)entry);
+    return (rv);
+}
+
+#ifdef DBM_USING_NSPR
+#define NO_RDONLY PR_RDONLY
+#define NO_RDWR PR_RDWR
+#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
+#else
+#define NO_RDONLY O_RDONLY
+#define NO_RDWR O_RDWR
+#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC)
+#endif
+
+/*
+ * open an old database that needs to be updated
+ */
+static DB *
+nsslowcert_openolddb(NSSLOWCERTDBNameFunc namecb, void *cbarg, int version)
+{
+    char *tmpname;
+    DB *updatedb = NULL;
+
+    tmpname = (*namecb)(cbarg, version); /* get v6 db name */
+    if (tmpname) {
+        updatedb = dbopen(tmpname, NO_RDONLY, 0600, DB_HASH, 0);
+        PORT_Free(tmpname);
+    }
+    return updatedb;
+}
+
+static SECStatus
+openNewCertDB(const char *appName, const char *prefix, const char *certdbname,
+              NSSLOWCERTCertDBHandle *handle, NSSLOWCERTDBNameFunc namecb, void *cbarg)
+{
+    SECStatus rv;
+    certDBEntryVersion *versionEntry = NULL;
+    DB *updatedb = NULL;
+    int status = RDB_FAIL;
+
+    if (appName) {
+        handle->permCertDB = rdbopen(appName, prefix, "cert", NO_CREATE, &status);
+    } else {
+        handle->permCertDB = dbsopen(certdbname, NO_CREATE, 0600, DB_HASH, 0);
+    }
+
+    /* if create fails then we lose */
+    if (handle->permCertDB == 0) {
+        return status == RDB_RETRY ? SECWouldBlock : SECFailure;
+    }
+
+    /* Verify version number; */
+    versionEntry = NewDBVersionEntry(0);
+    if (versionEntry == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = WriteDBVersionEntry(handle, versionEntry);
+
+    DestroyDBEntry((certDBEntry *)versionEntry);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* rv must already be Success here because of previous if statement */
+    /* try to upgrade old db here */
+    if (appName &&
+        (updatedb = dbsopen(certdbname, NO_RDONLY, 0600, DB_HASH, 0)) != NULL) {
+        rv = UpdateV8DB(handle, updatedb);
+    } else if ((updatedb = nsslowcert_openolddb(namecb, cbarg, 7)) != NULL) {
+        rv = UpdateV7DB(handle, updatedb);
+    } else if ((updatedb = nsslowcert_openolddb(namecb, cbarg, 6)) != NULL) {
+        rv = UpdateV6DB(handle, updatedb);
+    } else if ((updatedb = nsslowcert_openolddb(namecb, cbarg, 5)) != NULL) {
+        rv = UpdateV5DB(handle, updatedb);
+    } else if ((updatedb = nsslowcert_openolddb(namecb, cbarg, 4)) != NULL) {
+        /* NES has v5 format db's with v4 db names! */
+        if (isV4DB(updatedb)) {
+            rv = UpdateV4DB(handle, updatedb);
+        } else {
+            rv = UpdateV5DB(handle, updatedb);
+        }
+    }
+
+loser:
+    db_InitComplete(handle->permCertDB);
+    return rv;
+}
+
+static int
+nsslowcert_GetVersionNumber(NSSLOWCERTCertDBHandle *handle)
+{
+    certDBEntryVersion *versionEntry = NULL;
+    int version = 0;
+
+    versionEntry = ReadDBVersionEntry(handle);
+    if (versionEntry == NULL) {
+        return 0;
+    }
+    version = versionEntry->common.version;
+    DestroyDBEntry((certDBEntry *)versionEntry);
+    return version;
+}
+
+/*
+ * Open the certificate database and index databases.  Create them if
+ * they are not there or bad.
+ */
+static SECStatus
+nsslowcert_OpenPermCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
+                          const char *appName, const char *prefix,
+                          NSSLOWCERTDBNameFunc namecb, void *cbarg)
+{
+    SECStatus rv;
+    int openflags;
+    char *certdbname;
+    int version = 0;
+
+    certdbname = (*namecb)(cbarg, CERT_DB_FILE_VERSION);
+    if (certdbname == NULL) {
+        return (SECFailure);
+    }
+
+    openflags = readOnly ? NO_RDONLY : NO_RDWR;
+
+    /*
+     * first open the permanent file based database.
+     */
+    if (appName) {
+        handle->permCertDB = rdbopen(appName, prefix, "cert", openflags, NULL);
+    } else {
+        handle->permCertDB = dbsopen(certdbname, openflags, 0600, DB_HASH, 0);
+    }
+
+    /* check for correct version number */
+    if (handle->permCertDB) {
+        version = nsslowcert_GetVersionNumber(handle);
+        if ((version != CERT_DB_FILE_VERSION) &&
+            !(appName && version == CERT_DB_V7_FILE_VERSION)) {
+            goto loser;
+        }
+    } else if (readOnly) {
+        /* don't create if readonly */
+        /* Try openning a version 7 database */
+        handle->permCertDB = nsslowcert_openolddb(namecb, cbarg, 7);
+        if (!handle->permCertDB) {
+            goto loser;
+        }
+        if (nsslowcert_GetVersionNumber(handle) != 7) {
+            goto loser;
+        }
+    } else {
+        /* if first open fails, try to create a new DB */
+        rv = openNewCertDB(appName, prefix, certdbname, handle, namecb, cbarg);
+        if (rv == SECWouldBlock) {
+            /* only the rdb version can fail with wouldblock */
+            handle->permCertDB =
+                rdbopen(appName, prefix, "cert", openflags, NULL);
+
+            /* check for correct version number */
+            if (!handle->permCertDB) {
+                goto loser;
+            }
+            version = nsslowcert_GetVersionNumber(handle);
+            if ((version != CERT_DB_FILE_VERSION) &&
+                !(appName && version == CERT_DB_V7_FILE_VERSION)) {
+                goto loser;
+            }
+        } else if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    PORT_Free(certdbname);
+
+    return (SECSuccess);
+
+loser:
+
+    PORT_SetError(SEC_ERROR_BAD_DATABASE);
+
+    if (handle->permCertDB) {
+        certdb_Close(handle->permCertDB);
+        handle->permCertDB = 0;
+    }
+
+    PORT_Free(certdbname);
+
+    return (SECFailure);
+}
+
+/*
+ * delete all DB records associated with a particular certificate
+ */
+static SECStatus
+DeletePermCert(NSSLOWCERTCertificate *cert)
+{
+    SECStatus rv;
+    SECStatus ret;
+
+    ret = SECSuccess;
+
+    rv = DeleteDBCertEntry(cert->dbhandle, &cert->certKey);
+    if (rv != SECSuccess) {
+        ret = SECFailure;
+    }
+
+    rv = RemovePermSubjectNode(cert);
+
+    return (ret);
+}
+
+/*
+ * Delete a certificate from the permanent database.
+ */
+SECStatus
+nsslowcert_DeletePermCertificate(NSSLOWCERTCertificate *cert)
+{
+    SECStatus rv;
+
+    nsslowcert_LockDB(cert->dbhandle);
+
+    /* delete the records from the permanent database */
+    rv = DeletePermCert(cert);
+
+    /* get rid of dbcert and stuff pointing to it */
+    DestroyDBEntry((certDBEntry *)cert->dbEntry);
+    cert->dbEntry = NULL;
+    cert->trust = NULL;
+
+    nsslowcert_UnlockDB(cert->dbhandle);
+    return (rv);
+}
+
+/*
+ * Traverse all of the entries in the database of a particular type
+ * call the given function for each one.
+ */
+SECStatus
+nsslowcert_TraverseDBEntries(NSSLOWCERTCertDBHandle *handle,
+                             certDBEntryType type,
+                             SECStatus (*callback)(SECItem *data, SECItem *key,
+                                                   certDBEntryType type, void *pdata),
+                             void *udata)
+{
+    DBT data;
+    DBT key;
+    SECStatus rv = SECSuccess;
+    int ret;
+    SECItem dataitem;
+    SECItem keyitem;
+    unsigned char *buf;
+    unsigned char *keybuf;
+
+    ret = certdb_Seq(handle->permCertDB, &key, &data, R_FIRST);
+    if (ret) {
+        return (SECFailure);
+    }
+    /* here, ret is zero and rv is SECSuccess.
+     * Below here, ret is a count of successful calls to the callback function.
+     */
+    do {
+        buf = (unsigned char *)data.data;
+
+        if (buf[1] == (unsigned char)type) {
+            dataitem.len = data.size;
+            dataitem.data = buf;
+            dataitem.type = siBuffer;
+            keyitem.len = key.size - SEC_DB_KEY_HEADER_LEN;
+            keybuf = (unsigned char *)key.data;
+            keyitem.data = &keybuf[SEC_DB_KEY_HEADER_LEN];
+            keyitem.type = siBuffer;
+            /* type should equal keybuf[0].  */
+
+            rv = (*callback)(&dataitem, &keyitem, type, udata);
+            if (rv == SECSuccess) {
+                ++ret;
+            }
+        }
+    } while (certdb_Seq(handle->permCertDB, &key, &data, R_NEXT) == 0);
+    /* If any callbacks succeeded, or no calls to callbacks were made,
+     * then report success.  Otherwise, report failure.
+     */
+    return (ret ? SECSuccess : rv);
+}
+/*
+ * Decode a certificate and enter it into the temporary certificate database.
+ * Deal with nicknames correctly
+ *
+ * This is the private entry point.
+ */
+static NSSLOWCERTCertificate *
+DecodeACert(NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry)
+{
+    NSSLOWCERTCertificate *cert = NULL;
+
+    cert = nsslowcert_DecodeDERCertificate(&entry->derCert, entry->nickname);
+
+    if (cert == NULL) {
+        goto loser;
+    }
+
+    cert->dbhandle = handle;
+    cert->dbEntry = entry;
+    cert->trust = &entry->trust;
+
+    return (cert);
+
+loser:
+    return (0);
+}
+
+static NSSLOWCERTTrust *
+CreateTrust(void)
+{
+    NSSLOWCERTTrust *trust = NULL;
+
+    nsslowcert_LockFreeList();
+    trust = trustListHead;
+    if (trust) {
+        trustListCount--;
+        trustListHead = trust->next;
+    }
+    PORT_Assert(trustListCount >= 0);
+    nsslowcert_UnlockFreeList();
+    if (trust) {
+        return trust;
+    }
+
+    return PORT_ZNew(NSSLOWCERTTrust);
+}
+
+static void
+DestroyTrustFreeList(void)
+{
+    NSSLOWCERTTrust *trust;
+
+    nsslowcert_LockFreeList();
+    while (NULL != (trust = trustListHead)) {
+        trustListCount--;
+        trustListHead = trust->next;
+        PORT_Free(trust);
+    }
+    PORT_Assert(!trustListCount);
+    trustListCount = 0;
+    nsslowcert_UnlockFreeList();
+}
+
+static NSSLOWCERTTrust *
+DecodeTrustEntry(NSSLOWCERTCertDBHandle *handle, certDBEntryCert *entry,
+                 const SECItem *dbKey)
+{
+    NSSLOWCERTTrust *trust = CreateTrust();
+    if (trust == NULL) {
+        return trust;
+    }
+    trust->dbhandle = handle;
+    trust->dbEntry = entry;
+    trust->dbKey.data = pkcs11_copyStaticData(dbKey->data, dbKey->len,
+                                              trust->dbKeySpace, sizeof(trust->dbKeySpace));
+    if (!trust->dbKey.data) {
+        PORT_Free(trust);
+        return NULL;
+    }
+    trust->dbKey.len = dbKey->len;
+
+    trust->trust = &entry->trust;
+    trust->derCert = &entry->derCert;
+
+    return (trust);
+}
+
+typedef struct {
+    PermCertCallback certfunc;
+    NSSLOWCERTCertDBHandle *handle;
+    void *data;
+} PermCertCallbackState;
+
+/*
+ * traversal callback to decode certs and call callers callback
+ */
+static SECStatus
+certcallback(SECItem *dbdata, SECItem *dbkey, certDBEntryType type, void *data)
+{
+    PermCertCallbackState *mystate;
+    SECStatus rv;
+    certDBEntryCert *entry;
+    SECItem entryitem;
+    NSSLOWCERTCertificate *cert;
+    PLArenaPool *arena = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    entry = (certDBEntryCert *)PORT_ArenaAlloc(arena, sizeof(certDBEntryCert));
+    if (!entry) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+    mystate = (PermCertCallbackState *)data;
+    entry->common.version = (unsigned int)dbdata->data[0];
+    entry->common.type = (certDBEntryType)dbdata->data[1];
+    entry->common.flags = (unsigned int)dbdata->data[2];
+    entry->common.arena = arena;
+
+    entryitem.len = dbdata->len - SEC_DB_ENTRY_HEADER_LEN;
+    entryitem.data = &dbdata->data[SEC_DB_ENTRY_HEADER_LEN];
+
+    rv = DecodeDBCertEntry(entry, &entryitem);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    entry->derCert.type = siBuffer;
+
+    /* note: Entry is 'inheritted'.  */
+    cert = DecodeACert(mystate->handle, entry);
+
+    rv = (*mystate->certfunc)(cert, dbkey, mystate->data);
+
+    /* arena stored in entry destroyed by nsslowcert_DestroyCertificate */
+    nsslowcert_DestroyCertificateNoLocking(cert);
+
+    return (rv);
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return (SECFailure);
+}
+
+/*
+ * Traverse all of the certificates in the permanent database and
+ * call the given function for each one; expect the caller to have lock.
+ */
+static SECStatus
+TraversePermCertsNoLocking(NSSLOWCERTCertDBHandle *handle,
+                           SECStatus (*certfunc)(NSSLOWCERTCertificate *cert,
+                                                 SECItem *k,
+                                                 void *pdata),
+                           void *udata)
+{
+    SECStatus rv;
+    PermCertCallbackState mystate;
+
+    mystate.certfunc = certfunc;
+    mystate.handle = handle;
+    mystate.data = udata;
+    rv = nsslowcert_TraverseDBEntries(handle, certDBEntryTypeCert, certcallback,
+                                      (void *)&mystate);
+
+    return (rv);
+}
+
+/*
+ * Traverse all of the certificates in the permanent database and
+ * call the given function for each one.
+ */
+SECStatus
+nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
+                             SECStatus (*certfunc)(NSSLOWCERTCertificate *cert, SECItem *k,
+                                                   void *pdata),
+                             void *udata)
+{
+    SECStatus rv;
+
+    nsslowcert_LockDB(handle);
+    rv = TraversePermCertsNoLocking(handle, certfunc, udata);
+    nsslowcert_UnlockDB(handle);
+
+    return (rv);
+}
+
+/*
+ * Close the database
+ */
+void
+nsslowcert_ClosePermCertDB(NSSLOWCERTCertDBHandle *handle)
+{
+    if (handle) {
+        if (handle->permCertDB) {
+            certdb_Close(handle->permCertDB);
+            handle->permCertDB = NULL;
+        }
+        if (handle->dbMon) {
+            PZ_DestroyMonitor(handle->dbMon);
+            handle->dbMon = NULL;
+        }
+        PORT_Free(handle);
+    }
+    return;
+}
+
+/*
+ * Get the trust attributes from a certificate
+ */
+SECStatus
+nsslowcert_GetCertTrust(NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust)
+{
+    SECStatus rv;
+
+    nsslowcert_LockCertTrust(cert);
+
+    if (cert->trust == NULL) {
+        rv = SECFailure;
+    } else {
+        *trust = *cert->trust;
+        rv = SECSuccess;
+    }
+
+    nsslowcert_UnlockCertTrust(cert);
+    return (rv);
+}
+
+/*
+ * Change the trust attributes of a certificate and make them permanent
+ * in the database.
+ */
+SECStatus
+nsslowcert_ChangeCertTrust(NSSLOWCERTCertDBHandle *handle,
+                           NSSLOWCERTCertificate *cert, NSSLOWCERTCertTrust *trust)
+{
+    certDBEntryCert *entry;
+    int rv;
+    SECStatus ret;
+
+    nsslowcert_LockDB(handle);
+    nsslowcert_LockCertTrust(cert);
+    /* only set the trust on permanent certs */
+    if (cert->trust == NULL) {
+        ret = SECFailure;
+        goto done;
+    }
+
+    *cert->trust = *trust;
+    if (cert->dbEntry == NULL) {
+        ret = SECSuccess; /* not in permanent database */
+        goto done;
+    }
+
+    entry = cert->dbEntry;
+    entry->trust = *trust;
+
+    rv = WriteDBCertEntry(handle, entry);
+    if (rv) {
+        ret = SECFailure;
+        goto done;
+    }
+
+    ret = SECSuccess;
+
+done:
+    nsslowcert_UnlockCertTrust(cert);
+    nsslowcert_UnlockDB(handle);
+    return (ret);
+}
+
+static SECStatus
+nsslowcert_UpdatePermCert(NSSLOWCERTCertDBHandle *dbhandle,
+                          NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
+{
+    char *oldnn;
+    certDBEntryCert *entry;
+    PRBool conflict;
+    SECStatus ret;
+
+    PORT_Assert(!cert->dbEntry);
+
+    /* don't add a conflicting nickname */
+    conflict = nsslowcert_CertNicknameConflict(nickname, &cert->derSubject,
+                                               dbhandle);
+    if (conflict) {
+        ret = SECFailure;
+        goto done;
+    }
+
+    /* save old nickname so that we can delete it */
+    oldnn = cert->nickname;
+
+    entry = AddCertToPermDB(dbhandle, cert, nickname, trust);
+
+    if (entry == NULL) {
+        ret = SECFailure;
+        goto done;
+    }
+
+    pkcs11_freeNickname(oldnn, cert->nicknameSpace);
+
+    cert->nickname = (entry->nickname) ? pkcs11_copyNickname(entry->nickname,
+                                                             cert->nicknameSpace, sizeof(cert->nicknameSpace))
+                                       : NULL;
+    cert->trust = &entry->trust;
+    cert->dbEntry = entry;
+
+    ret = SECSuccess;
+done:
+    return (ret);
+}
+
+SECStatus
+nsslowcert_AddPermCert(NSSLOWCERTCertDBHandle *dbhandle,
+                       NSSLOWCERTCertificate *cert, char *nickname, NSSLOWCERTCertTrust *trust)
+{
+    SECStatus ret;
+
+    nsslowcert_LockDB(dbhandle);
+
+    ret = nsslowcert_UpdatePermCert(dbhandle, cert, nickname, trust);
+
+    nsslowcert_UnlockDB(dbhandle);
+    return (ret);
+}
+
+/*
+ * Open the certificate database and index databases.  Create them if
+ * they are not there or bad.
+ */
+SECStatus
+nsslowcert_OpenCertDB(NSSLOWCERTCertDBHandle *handle, PRBool readOnly,
+                      const char *appName, const char *prefix,
+                      NSSLOWCERTDBNameFunc namecb, void *cbarg, PRBool openVolatile)
+{
+    int rv;
+
+    certdb_InitDBLock(handle);
+
+    handle->dbMon = PZ_NewMonitor(nssILockCertDB);
+    PORT_Assert(handle->dbMon != NULL);
+    handle->dbVerify = PR_FALSE;
+
+    rv = nsslowcert_OpenPermCertDB(handle, readOnly, appName, prefix,
+                                   namecb, cbarg);
+    if (rv) {
+        goto loser;
+    }
+
+    return (SECSuccess);
+
+loser:
+    if (handle->dbMon) {
+        PZ_DestroyMonitor(handle->dbMon);
+        handle->dbMon = NULL;
+    }
+    PORT_SetError(SEC_ERROR_BAD_DATABASE);
+    return (SECFailure);
+}
+
+PRBool
+nsslowcert_needDBVerify(NSSLOWCERTCertDBHandle *handle)
+{
+    if (!handle)
+        return PR_FALSE;
+    return handle->dbVerify;
+}
+
+void
+nsslowcert_setDBVerify(NSSLOWCERTCertDBHandle *handle, PRBool value)
+{
+    handle->dbVerify = value;
+}
+
+/*
+ * Lookup a certificate in the databases.
+ */
+static NSSLOWCERTCertificate *
+FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey, PRBool lockdb)
+{
+    NSSLOWCERTCertificate *cert = NULL;
+    certDBEntryCert *entry;
+    PRBool locked = PR_FALSE;
+
+    if (lockdb) {
+        locked = PR_TRUE;
+        nsslowcert_LockDB(handle);
+    }
+
+    /* find in perm database */
+    entry = ReadDBCertEntry(handle, certKey);
+
+    if (entry == NULL) {
+        goto loser;
+    }
+
+    /* inherit entry */
+    cert = DecodeACert(handle, entry);
+
+loser:
+    if (cert == NULL) {
+        if (entry) {
+            DestroyDBEntry((certDBEntry *)entry);
+        }
+    }
+
+    if (locked) {
+        nsslowcert_UnlockDB(handle);
+    }
+
+    return (cert);
+}
+
+/*
+ * Lookup a certificate in the databases.
+ */
+static NSSLOWCERTTrust *
+FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey, PRBool lockdb)
+{
+    NSSLOWCERTTrust *trust = NULL;
+    certDBEntryCert *entry;
+    PRBool locked = PR_FALSE;
+
+    if (lockdb) {
+        locked = PR_TRUE;
+        nsslowcert_LockDB(handle);
+    }
+
+    /* find in perm database */
+    entry = ReadDBCertEntry(handle, certKey);
+
+    if (entry == NULL) {
+        goto loser;
+    }
+
+    if (!nsslowcert_hasTrust(&entry->trust)) {
+        goto loser;
+    }
+
+    /* inherit entry */
+    trust = DecodeTrustEntry(handle, entry, certKey);
+
+loser:
+    if (trust == NULL) {
+        if (entry) {
+            DestroyDBEntry((certDBEntry *)entry);
+        }
+    }
+
+    if (locked) {
+        nsslowcert_UnlockDB(handle);
+    }
+
+    return (trust);
+}
+
+/*
+ * Lookup a certificate in the databases without locking
+ */
+NSSLOWCERTCertificate *
+nsslowcert_FindCertByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey)
+{
+    return (FindCertByKey(handle, certKey, PR_FALSE));
+}
+
+/*
+ * Lookup a trust object in the databases without locking
+ */
+NSSLOWCERTTrust *
+nsslowcert_FindTrustByKey(NSSLOWCERTCertDBHandle *handle, const SECItem *certKey)
+{
+    return (FindTrustByKey(handle, certKey, PR_FALSE));
+}
+
+/*
+ * Generate a key from an issuerAndSerialNumber, and find the
+ * associated cert in the database.
+ */
+NSSLOWCERTCertificate *
+nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssuerAndSN *issuerAndSN)
+{
+    SECItem certKey;
+    SECItem *sn = &issuerAndSN->serialNumber;
+    SECItem *issuer = &issuerAndSN->derIssuer;
+    NSSLOWCERTCertificate *cert;
+    int data_len = sn->len;
+    int index = 0;
+
+    /* automatically detect DER encoded serial numbers and remove the der
+     * encoding since the database expects unencoded data.
+     * if it's DER encoded, there must be at least 3 bytes, tag, len, data */
+    if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
+        /* remove the der encoding of the serial number before generating the
+         * key.. */
+        int data_left = sn->len - 2;
+        data_len = sn->data[1];
+        index = 2;
+
+        /* extended length ? (not very likely for a serial number) */
+        if (data_len & 0x80) {
+            int len_count = data_len & 0x7f;
+
+            data_len = 0;
+            data_left -= len_count;
+            if (data_left > 0) {
+                while (len_count--) {
+                    data_len = (data_len << 8) | sn->data[index++];
+                }
+            }
+        }
+        /* XXX leaving any leading zeros on the serial number for backwards
+         * compatibility
+         */
+        /* not a valid der, must be just an unlucky serial number value */
+        if (data_len != data_left) {
+            data_len = sn->len;
+            index = 0;
+        }
+    }
+
+    certKey.type = 0;
+    certKey.data = (unsigned char *)PORT_Alloc(sn->len + issuer->len);
+    certKey.len = data_len + issuer->len;
+
+    if (certKey.data == NULL) {
+        return (0);
+    }
+
+    /* first try the serial number as hand-decoded above*/
+    /* copy the serialNumber */
+    PORT_Memcpy(certKey.data, &sn->data[index], data_len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&certKey.data[data_len], issuer->data, issuer->len);
+
+    cert = nsslowcert_FindCertByKey(handle, &certKey);
+    if (cert) {
+        PORT_Free(certKey.data);
+        return (cert);
+    }
+
+    /* didn't find it, try by der encoded serial number */
+    /* copy the serialNumber */
+    PORT_Memcpy(certKey.data, sn->data, sn->len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&certKey.data[sn->len], issuer->data, issuer->len);
+    certKey.len = sn->len + issuer->len;
+
+    cert = nsslowcert_FindCertByKey(handle, &certKey);
+
+    PORT_Free(certKey.data);
+
+    return (cert);
+}
+
+/*
+ * Generate a key from an issuerAndSerialNumber, and find the
+ * associated cert in the database.
+ */
+NSSLOWCERTTrust *
+nsslowcert_FindTrustByIssuerAndSN(NSSLOWCERTCertDBHandle *handle,
+                                  NSSLOWCERTIssuerAndSN *issuerAndSN)
+{
+    SECItem certKey;
+    SECItem *sn = &issuerAndSN->serialNumber;
+    SECItem *issuer = &issuerAndSN->derIssuer;
+    NSSLOWCERTTrust *trust;
+    unsigned char keyBuf[512];
+    int data_len = sn->len;
+    int index = 0;
+    int len;
+
+    /* automatically detect DER encoded serial numbers and remove the der
+     * encoding since the database expects unencoded data.
+     * if it's DER encoded, there must be at least 3 bytes, tag, len, data */
+    if ((sn->len >= 3) && (sn->data[0] == 0x2)) {
+        /* remove the der encoding of the serial number before generating the
+         * key.. */
+        int data_left = sn->len - 2;
+        data_len = sn->data[1];
+        index = 2;
+
+        /* extended length ? (not very likely for a serial number) */
+        if (data_len & 0x80) {
+            int len_count = data_len & 0x7f;
+
+            data_len = 0;
+            data_left -= len_count;
+            if (data_left > 0) {
+                while (len_count--) {
+                    data_len = (data_len << 8) | sn->data[index++];
+                }
+            }
+        }
+        /* XXX leaving any leading zeros on the serial number for backwards
+         * compatibility
+         */
+        /* not a valid der, must be just an unlucky serial number value */
+        if (data_len != data_left) {
+            data_len = sn->len;
+            index = 0;
+        }
+    }
+
+    certKey.type = 0;
+    certKey.len = data_len + issuer->len;
+    len = sn->len + issuer->len;
+    if (len > sizeof(keyBuf)) {
+        certKey.data = (unsigned char *)PORT_Alloc(len);
+    } else {
+        certKey.data = keyBuf;
+    }
+
+    if (certKey.data == NULL) {
+        return (0);
+    }
+
+    /* first try the serial number as hand-decoded above*/
+    /* copy the serialNumber */
+    PORT_Memcpy(certKey.data, &sn->data[index], data_len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&certKey.data[data_len], issuer->data, issuer->len);
+
+    trust = nsslowcert_FindTrustByKey(handle, &certKey);
+    if (trust) {
+        pkcs11_freeStaticData(certKey.data, keyBuf);
+        return (trust);
+    }
+
+    if (index == 0) {
+        pkcs11_freeStaticData(certKey.data, keyBuf);
+        return NULL;
+    }
+
+    /* didn't find it, try by der encoded serial number */
+    /* copy the serialNumber */
+    PORT_Memcpy(certKey.data, sn->data, sn->len);
+
+    /* copy the issuer */
+    PORT_Memcpy(&certKey.data[sn->len], issuer->data, issuer->len);
+    certKey.len = sn->len + issuer->len;
+
+    trust = nsslowcert_FindTrustByKey(handle, &certKey);
+
+    pkcs11_freeStaticData(certKey.data, keyBuf);
+
+    return (trust);
+}
+
+/*
+ * look for the given DER certificate in the database
+ */
+NSSLOWCERTCertificate *
+nsslowcert_FindCertByDERCert(NSSLOWCERTCertDBHandle *handle, SECItem *derCert)
+{
+    PLArenaPool *arena;
+    SECItem certKey;
+    SECStatus rv;
+    NSSLOWCERTCertificate *cert = NULL;
+
+    /* create a scratch arena */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return (NULL);
+    }
+
+    /* extract the database key from the cert */
+    rv = nsslowcert_KeyFromDERCert(arena, derCert, &certKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* find the certificate */
+    cert = nsslowcert_FindCertByKey(handle, &certKey);
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return (cert);
+}
+
+static void
+DestroyCertificate(NSSLOWCERTCertificate *cert, PRBool lockdb)
+{
+    int refCount;
+    NSSLOWCERTCertDBHandle *handle;
+
+    if (cert) {
+
+        handle = cert->dbhandle;
+
+        /*
+         * handle may be NULL, for example if the cert was created with
+         * nsslowcert_DecodeDERCertificate.
+         */
+        if (lockdb && handle) {
+            nsslowcert_LockDB(handle);
+        }
+
+        nsslowcert_LockCertRefCount(cert);
+        PORT_Assert(cert->referenceCount > 0);
+        refCount = --cert->referenceCount;
+        nsslowcert_UnlockCertRefCount(cert);
+
+        if (refCount == 0) {
+            certDBEntryCert *entry = cert->dbEntry;
+
+            if (entry) {
+                DestroyDBEntry((certDBEntry *)entry);
+            }
+
+            pkcs11_freeNickname(cert->nickname, cert->nicknameSpace);
+            pkcs11_freeNickname(cert->emailAddr, cert->emailAddrSpace);
+            pkcs11_freeStaticData(cert->certKey.data, cert->certKeySpace);
+            cert->certKey.data = NULL;
+            cert->nickname = NULL;
+
+            /* zero cert before freeing. Any stale references to this cert
+             * after this point will probably cause an exception.  */
+            PORT_Memset(cert, 0, sizeof *cert);
+
+            /* use reflock to protect the free list */
+            nsslowcert_LockFreeList();
+            if (certListCount > MAX_CERT_LIST_COUNT) {
+                PORT_Free(cert);
+            } else {
+                certListCount++;
+                cert->next = certListHead;
+                certListHead = cert;
+            }
+            nsslowcert_UnlockFreeList();
+            cert = NULL;
+        }
+        if (lockdb && handle) {
+            nsslowcert_UnlockDB(handle);
+        }
+    }
+
+    return;
+}
+
+NSSLOWCERTCertificate *
+nsslowcert_CreateCert(void)
+{
+    NSSLOWCERTCertificate *cert;
+    nsslowcert_LockFreeList();
+    cert = certListHead;
+    if (cert) {
+        certListHead = cert->next;
+        certListCount--;
+    }
+    PORT_Assert(certListCount >= 0);
+    nsslowcert_UnlockFreeList();
+    if (cert) {
+        return cert;
+    }
+    return PORT_ZNew(NSSLOWCERTCertificate);
+}
+
+static void
+DestroyCertFreeList(void)
+{
+    NSSLOWCERTCertificate *cert;
+
+    nsslowcert_LockFreeList();
+    while (NULL != (cert = certListHead)) {
+        certListCount--;
+        certListHead = cert->next;
+        PORT_Free(cert);
+    }
+    PORT_Assert(!certListCount);
+    certListCount = 0;
+    nsslowcert_UnlockFreeList();
+}
+
+void
+nsslowcert_DestroyTrust(NSSLOWCERTTrust *trust)
+{
+    certDBEntryCert *entry = trust->dbEntry;
+
+    if (entry) {
+        DestroyDBEntry((certDBEntry *)entry);
+    }
+    pkcs11_freeStaticData(trust->dbKey.data, trust->dbKeySpace);
+    PORT_Memset(trust, 0, sizeof(*trust));
+
+    nsslowcert_LockFreeList();
+    if (trustListCount > MAX_TRUST_LIST_COUNT) {
+        PORT_Free(trust);
+    } else {
+        trustListCount++;
+        trust->next = trustListHead;
+        trustListHead = trust;
+    }
+    nsslowcert_UnlockFreeList();
+
+    return;
+}
+
+void
+nsslowcert_DestroyCertificate(NSSLOWCERTCertificate *cert)
+{
+    DestroyCertificate(cert, PR_TRUE);
+    return;
+}
+
+static void
+nsslowcert_DestroyCertificateNoLocking(NSSLOWCERTCertificate *cert)
+{
+    DestroyCertificate(cert, PR_FALSE);
+    return;
+}
+
+/*
+ * Lookup a CRL in the databases. We mirror the same fast caching data base
+ *  caching stuff used by certificates....?
+ */
+certDBEntryRevocation *
+nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
+                        SECItem *crlKey, PRBool isKRL)
+{
+    SECItem keyitem;
+    SECStatus rv;
+    PLArenaPool *arena = NULL;
+    certDBEntryRevocation *entry = NULL;
+    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation
+                                    : certDBEntryTypeRevocation;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+
+    rv = EncodeDBGenericKey(crlKey, arena, &keyitem, crlType);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* find in perm database */
+    entry = ReadDBCrlEntry(handle, crlKey, crlType);
+
+    if (entry == NULL) {
+        goto loser;
+    }
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+
+    return entry;
+}
+
+/*
+ * replace the existing URL in the data base with a new one
+ */
+static SECStatus
+nsslowcert_UpdateCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl,
+                     SECItem *crlKey, char *url, PRBool isKRL)
+{
+    SECStatus rv = SECFailure;
+    certDBEntryRevocation *entry = NULL;
+    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation
+                                    : certDBEntryTypeRevocation;
+    DeleteDBCrlEntry(handle, crlKey, crlType);
+
+    /* Write the new entry into the data base */
+    entry = NewDBCrlEntry(derCrl, url, crlType, 0);
+    if (entry == NULL)
+        goto done;
+
+    rv = WriteDBCrlEntry(handle, entry, crlKey);
+    if (rv != SECSuccess)
+        goto done;
+
+done:
+    if (entry) {
+        DestroyDBEntry((certDBEntry *)entry);
+    }
+    return rv;
+}
+
+SECStatus
+nsslowcert_AddCrl(NSSLOWCERTCertDBHandle *handle, SECItem *derCrl,
+                  SECItem *crlKey, char *url, PRBool isKRL)
+{
+    SECStatus rv;
+
+    rv = nsslowcert_UpdateCrl(handle, derCrl, crlKey, url, isKRL);
+
+    return rv;
+}
+
+SECStatus
+nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle, const SECItem *derName,
+                         PRBool isKRL)
+{
+    SECStatus rv;
+    certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation
+                                    : certDBEntryTypeRevocation;
+
+    rv = DeleteDBCrlEntry(handle, derName, crlType);
+    if (rv != SECSuccess)
+        goto done;
+
+done:
+    return rv;
+}
+
+PRBool
+nsslowcert_hasTrust(NSSLOWCERTCertTrust *trust)
+{
+    if (trust == NULL) {
+        return PR_FALSE;
+    }
+    return !((trust->sslFlags & CERTDB_TRUSTED_UNKNOWN) &&
+             (trust->emailFlags & CERTDB_TRUSTED_UNKNOWN) &&
+             (trust->objectSigningFlags & CERTDB_TRUSTED_UNKNOWN));
+}
+
+/*
+ * This function has the logic that decides if another person's cert and
+ * email profile from an S/MIME message should be saved.  It can deal with
+ * the case when there is no profile.
+ */
+static SECStatus
+nsslowcert_UpdateSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle,
+                              char *emailAddr, SECItem *derSubject, SECItem *emailProfile,
+                              SECItem *profileTime)
+{
+    certDBEntrySMime *entry = NULL;
+    SECStatus rv = SECFailure;
+    ;
+
+    /* find our existing entry */
+    entry = nsslowcert_ReadDBSMimeEntry(dbhandle, emailAddr);
+
+    if (entry) {
+        /* keep our old db entry consistant for old applications. */
+        if (!SECITEM_ItemsAreEqual(derSubject, &entry->subjectName)) {
+            nsslowcert_UpdateSubjectEmailAddr(dbhandle, &entry->subjectName,
+                                              emailAddr, nsslowcert_remove);
+        }
+        DestroyDBEntry((certDBEntry *)entry);
+        entry = NULL;
+    }
+
+    /* now save the entry */
+    entry = NewDBSMimeEntry(emailAddr, derSubject, emailProfile,
+                            profileTime, 0);
+    if (entry == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    nsslowcert_LockDB(dbhandle);
+
+    rv = DeleteDBSMimeEntry(dbhandle, emailAddr);
+    /* if delete fails, try to write new entry anyway... */
+
+    /* link subject entry back here */
+    rv = nsslowcert_UpdateSubjectEmailAddr(dbhandle, derSubject, emailAddr,
+                                           nsslowcert_add);
+    if (rv != SECSuccess) {
+        nsslowcert_UnlockDB(dbhandle);
+        goto loser;
+    }
+
+    rv = WriteDBSMimeEntry(dbhandle, entry);
+    if (rv != SECSuccess) {
+        nsslowcert_UnlockDB(dbhandle);
+        goto loser;
+    }
+
+    nsslowcert_UnlockDB(dbhandle);
+
+    rv = SECSuccess;
+
+loser:
+    if (entry) {
+        DestroyDBEntry((certDBEntry *)entry);
+    }
+    return (rv);
+}
+
+SECStatus
+nsslowcert_SaveSMimeProfile(NSSLOWCERTCertDBHandle *dbhandle, char *emailAddr,
+                            SECItem *derSubject, SECItem *emailProfile, SECItem *profileTime)
+{
+    SECStatus rv = SECFailure;
+    ;
+
+    rv = nsslowcert_UpdateSMimeProfile(dbhandle, emailAddr,
+                                       derSubject, emailProfile, profileTime);
+
+    return (rv);
+}
+
+void
+nsslowcert_DestroyFreeLists(void)
+{
+    if (freeListLock == NULL) {
+        return;
+    }
+    DestroyCertEntryFreeList();
+    DestroyTrustFreeList();
+    DestroyCertFreeList();
+    SKIP_AFTER_FORK(PZ_DestroyLock(freeListLock));
+    freeListLock = NULL;
+}
+
+void
+nsslowcert_DestroyGlobalLocks(void)
+{
+    if (dbLock) {
+        SKIP_AFTER_FORK(PZ_DestroyLock(dbLock));
+        dbLock = NULL;
+    }
+    if (certRefCountLock) {
+        SKIP_AFTER_FORK(PZ_DestroyLock(certRefCountLock));
+        certRefCountLock = NULL;
+    }
+    if (certTrustLock) {
+        SKIP_AFTER_FORK(PZ_DestroyLock(certTrustLock));
+        certTrustLock = NULL;
+    }
+}
+
+certDBEntry *
+nsslowcert_DecodeAnyDBEntry(SECItem *dbData, const SECItem *dbKey,
+                            certDBEntryType entryType, void *pdata)
+{
+    PLArenaPool *arena = NULL;
+    certDBEntry *entry;
+    SECStatus rv;
+    SECItem dbEntry;
+
+    if ((dbData->len < SEC_DB_ENTRY_HEADER_LEN) || (dbKey->len == 0)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+    dbEntry.data = &dbData->data[SEC_DB_ENTRY_HEADER_LEN];
+    dbEntry.len = dbData->len - SEC_DB_ENTRY_HEADER_LEN;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        goto loser;
+    }
+    entry = PORT_ArenaZNew(arena, certDBEntry);
+    if (!entry)
+        goto loser;
+
+    entry->common.version = (unsigned int)dbData->data[0];
+    entry->common.flags = (unsigned int)dbData->data[2];
+    entry->common.type = entryType;
+    entry->common.arena = arena;
+
+    switch (entryType) {
+        case certDBEntryTypeContentVersion: /* This type appears to be unused */
+        case certDBEntryTypeVersion:        /* This type has only the common hdr */
+            rv = SECSuccess;
+            break;
+
+        case certDBEntryTypeSubject:
+            rv = DecodeDBSubjectEntry(&entry->subject, &dbEntry, dbKey);
+            break;
+
+        case certDBEntryTypeNickname:
+            rv = DecodeDBNicknameEntry(&entry->nickname, &dbEntry,
+                                       (char *)dbKey->data);
+            break;
+
+        /* smime profiles need entries created after the certs have
+         * been imported, loop over them in a second run */
+        case certDBEntryTypeSMimeProfile:
+            rv = DecodeDBSMimeEntry(&entry->smime, &dbEntry, (char *)dbKey->data);
+            break;
+
+        case certDBEntryTypeCert:
+            rv = DecodeDBCertEntry(&entry->cert, &dbEntry);
+            break;
+
+        case certDBEntryTypeKeyRevocation:
+        case certDBEntryTypeRevocation:
+            rv = DecodeDBCrlEntry(&entry->revocation, &dbEntry);
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+    }
+
+    if (rv == SECSuccess)
+        return entry;
+
+loser:
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
diff --git a/nss/lib/softoken/legacydb/pcertt.h b/nss/lib/softoken/legacydb/pcertt.h
new file mode 100644
index 0000000..7eaa82d
--- /dev/null
+++ b/nss/lib/softoken/legacydb/pcertt.h
@@ -0,0 +1,418 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * certt.h - public data structures for the certificate library
+ */
+#ifndef _PCERTT_H_
+#define _PCERTT_H_
+
+#include "prclist.h"
+#include "pkcs11t.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "plarena.h"
+#include "prcvar.h"
+#include "nssilock.h"
+#include "prio.h"
+#include "prmon.h"
+
+/* Non-opaque objects */
+typedef struct NSSLOWCERTCertDBHandleStr NSSLOWCERTCertDBHandle;
+typedef struct NSSLOWCERTCertKeyStr NSSLOWCERTCertKey;
+
+typedef struct NSSLOWCERTTrustStr NSSLOWCERTTrust;
+typedef struct NSSLOWCERTCertTrustStr NSSLOWCERTCertTrust;
+typedef struct NSSLOWCERTCertificateStr NSSLOWCERTCertificate;
+typedef struct NSSLOWCERTCertificateListStr NSSLOWCERTCertificateList;
+typedef struct NSSLOWCERTIssuerAndSNStr NSSLOWCERTIssuerAndSN;
+typedef struct NSSLOWCERTSignedDataStr NSSLOWCERTSignedData;
+typedef struct NSSLOWCERTSubjectPublicKeyInfoStr NSSLOWCERTSubjectPublicKeyInfo;
+typedef struct NSSLOWCERTValidityStr NSSLOWCERTValidity;
+
+/*
+** An X.509 validity object
+*/
+struct NSSLOWCERTValidityStr {
+    PLArenaPool *arena;
+    SECItem notBefore;
+    SECItem notAfter;
+};
+
+/*
+ * A serial number and issuer name, which is used as a database key
+ */
+struct NSSLOWCERTCertKeyStr {
+    SECItem serialNumber;
+    SECItem derIssuer;
+};
+
+/*
+** A signed data object. Used to implement the "signed" macro used
+** in the X.500 specs.
+*/
+struct NSSLOWCERTSignedDataStr {
+    SECItem data;
+    SECAlgorithmID signatureAlgorithm;
+    SECItem signature;
+};
+
+/*
+** An X.509 subject-public-key-info object
+*/
+struct NSSLOWCERTSubjectPublicKeyInfoStr {
+    PLArenaPool *arena;
+    SECAlgorithmID algorithm;
+    SECItem subjectPublicKey;
+};
+
+typedef struct _certDBEntryCert certDBEntryCert;
+typedef struct _certDBEntryRevocation certDBEntryRevocation;
+
+struct NSSLOWCERTCertTrustStr {
+    unsigned int sslFlags;
+    unsigned int emailFlags;
+    unsigned int objectSigningFlags;
+};
+
+/*
+** PKCS11 Trust representation
+*/
+struct NSSLOWCERTTrustStr {
+    NSSLOWCERTTrust *next;
+    NSSLOWCERTCertDBHandle *dbhandle;
+    SECItem dbKey;            /* database key for this cert */
+    certDBEntryCert *dbEntry; /* database entry struct */
+    NSSLOWCERTCertTrust *trust;
+    SECItem *derCert; /* original DER for the cert */
+    unsigned char dbKeySpace[512];
+};
+
+/*
+** An X.509 certificate object (the unsigned form)
+*/
+struct NSSLOWCERTCertificateStr {
+    /* the arena is used to allocate any data structures that have the same
+     * lifetime as the cert.  This is all stuff that hangs off of the cert
+     * structure, and is all freed at the same time.  I is used when the
+     * cert is decoded, destroyed, and at some times when it changes
+     * state
+     */
+    NSSLOWCERTCertificate *next;
+    NSSLOWCERTCertDBHandle *dbhandle;
+
+    SECItem derCert;   /* original DER for the cert */
+    SECItem derIssuer; /* DER for issuer name */
+    SECItem derSN;
+    SECItem serialNumber;
+    SECItem derSubject; /* DER for subject name */
+    SECItem derSubjKeyInfo;
+    NSSLOWCERTSubjectPublicKeyInfo *subjectPublicKeyInfo;
+    SECItem certKey; /* database key for this cert */
+    SECItem validity;
+    certDBEntryCert *dbEntry; /* database entry struct */
+    SECItem subjectKeyID;     /* x509v3 subject key identifier */
+    SECItem extensions;
+    char *nickname;
+    char *emailAddr;
+    NSSLOWCERTCertTrust *trust;
+
+    /* the reference count is modified whenever someone looks up, dups
+     * or destroys a certificate
+     */
+    int referenceCount;
+
+    char nicknameSpace[200];
+    char emailAddrSpace[200];
+    unsigned char certKeySpace[512];
+};
+
+#define SEC_CERTIFICATE_VERSION_1 0 /* default created */
+#define SEC_CERTIFICATE_VERSION_2 1 /* v2 */
+#define SEC_CERTIFICATE_VERSION_3 2 /* v3 extensions */
+
+#define SEC_CRL_VERSION_1 0 /* default */
+#define SEC_CRL_VERSION_2 1 /* v2 extensions */
+
+#define NSS_MAX_LEGACY_DB_KEY_SIZE (60 * 1024)
+
+struct NSSLOWCERTIssuerAndSNStr {
+    SECItem derIssuer;
+    SECItem serialNumber;
+};
+
+typedef SECStatus (*NSSLOWCERTCertCallback)(NSSLOWCERTCertificate *cert, void *arg);
+
+/* This is the typedef for the callback passed to nsslowcert_OpenCertDB() */
+/* callback to return database name based on version number */
+typedef char *(*NSSLOWCERTDBNameFunc)(void *arg, int dbVersion);
+
+/* XXX Lisa thinks the template declarations belong in cert.h, not here? */
+
+#include "secasn1t.h" /* way down here because I expect template stuff to
+             * move out of here anyway */
+
+/*
+ * Certificate Database related definitions and data structures
+ */
+
+/* version number of certificate database */
+#define CERT_DB_FILE_VERSION 8
+#define CERT_DB_V7_FILE_VERSION 7
+#define CERT_DB_CONTENT_VERSION 2
+
+#define SEC_DB_ENTRY_HEADER_LEN 3
+#define SEC_DB_KEY_HEADER_LEN 1
+
+/* All database entries have this form:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  0       version
+ *  1       type
+ *  2       flags
+ */
+
+/* database entry types */
+typedef enum {
+    certDBEntryTypeVersion = 0,
+    certDBEntryTypeCert = 1,
+    certDBEntryTypeNickname = 2,
+    certDBEntryTypeSubject = 3,
+    certDBEntryTypeRevocation = 4,
+    certDBEntryTypeKeyRevocation = 5,
+    certDBEntryTypeSMimeProfile = 6,
+    certDBEntryTypeContentVersion = 7,
+    certDBEntryTypeBlob = 8
+} certDBEntryType;
+
+typedef struct {
+    certDBEntryType type;
+    unsigned int version;
+    unsigned int flags;
+    PLArenaPool *arena;
+} certDBEntryCommon;
+
+/*
+ * Certificate entry:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  0       sslFlags-msb
+ *  1       sslFlags-lsb
+ *  2       emailFlags-msb
+ *  3       emailFlags-lsb
+ *  4       objectSigningFlags-msb
+ *  5       objectSigningFlags-lsb
+ *  6       derCert-len-msb
+ *  7       derCert-len-lsb
+ *  8       nickname-len-msb
+ *  9       nickname-len-lsb
+ *  ...     derCert
+ *  ...     nickname
+ *
+ * NOTE: the nickname string as stored in the database is null terminated,
+ *      in other words, the last byte of the db entry is always 0
+ *      if a nickname is present.
+ * NOTE: if nickname is not present, then nickname-len-msb and
+ *      nickname-len-lsb will both be zero.
+ */
+struct _certDBEntryCert {
+    certDBEntryCommon common;
+    certDBEntryCert *next;
+    NSSLOWCERTCertTrust trust;
+    SECItem derCert;
+    char *nickname;
+    char nicknameSpace[200];
+    unsigned char derCertSpace[2048];
+};
+
+/*
+ * Certificate Nickname entry:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  0       subjectname-len-msb
+ *  1           subjectname-len-lsb
+ *  2...        subjectname
+ *
+ * The database key for this type of entry is a nickname string
+ * The "subjectname" value is the DER encoded DN of the identity
+ *   that matches this nickname.
+ */
+typedef struct {
+    certDBEntryCommon common;
+    char *nickname;
+    SECItem subjectName;
+} certDBEntryNickname;
+
+#define DB_NICKNAME_ENTRY_HEADER_LEN 2
+
+/*
+ * Certificate Subject entry:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  0       ncerts-msb
+ *  1       ncerts-lsb
+ *  2       nickname-msb
+ *  3       nickname-lsb
+ *  4       emailAddr-msb
+ *  5       emailAddr-lsb
+ *  ...     nickname
+ *  ...     emailAddr
+ *  ...+2*i     certkey-len-msb
+ *  ...+1+2*i       certkey-len-lsb
+ *  ...+2*ncerts+2*i keyid-len-msb
+ *  ...+1+2*ncerts+2*i keyid-len-lsb
+ *  ...     certkeys
+ *  ...     keyids
+ *
+ * The database key for this type of entry is the DER encoded subject name
+ * The "certkey" value is an array of  certificate database lookup keys that
+ *   points to the database entries for the certificates that matche
+ *   this subject.
+ *
+ */
+typedef struct _certDBEntrySubject {
+    certDBEntryCommon common;
+    SECItem derSubject;
+    unsigned int ncerts;
+    char *nickname;
+    SECItem *certKeys;
+    SECItem *keyIDs;
+    char **emailAddrs;
+    unsigned int nemailAddrs;
+} certDBEntrySubject;
+
+#define DB_SUBJECT_ENTRY_HEADER_LEN 6
+
+/*
+ * Certificate SMIME profile entry:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  0       subjectname-len-msb
+ *  1           subjectname-len-lsb
+ *  2       smimeoptions-len-msb
+ *  3       smimeoptions-len-lsb
+ *  4       options-date-len-msb
+ *  5       options-date-len-lsb
+ *  6...        subjectname
+ *  ...     smimeoptions
+ *  ...     options-date
+ *
+ * The database key for this type of entry is the email address string
+ * The "subjectname" value is the DER encoded DN of the identity
+ *   that matches this nickname.
+ * The "smimeoptions" value is a string that represents the algorithm
+ *   capabilities on the remote user.
+ * The "options-date" is the date that the smime options value was created.
+ *   This is generally the signing time of the signed message that contained
+ *   the options.  It is a UTCTime value.
+ */
+typedef struct {
+    certDBEntryCommon common;
+    char *emailAddr;
+    SECItem subjectName;
+    SECItem smimeOptions;
+    SECItem optionsDate;
+} certDBEntrySMime;
+
+#define DB_SMIME_ENTRY_HEADER_LEN 6
+
+/*
+ * Crl/krl entry:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  0       derCert-len-msb
+ *  1       derCert-len-lsb
+ *  2       url-len-msb
+ *  3       url-len-lsb
+ *  ...     derCert
+ *  ...     url
+ *
+ * NOTE: the url string as stored in the database is null terminated,
+ *      in other words, the last byte of the db entry is always 0
+ *      if a nickname is present.
+ * NOTE: if url is not present, then url-len-msb and
+ *      url-len-lsb will both be zero.
+ */
+#define DB_CRL_ENTRY_HEADER_LEN 4
+struct _certDBEntryRevocation {
+    certDBEntryCommon common;
+    SECItem derCrl;
+    char *url; /* where to load the crl from */
+};
+
+/*
+ * Database Version Entry:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  only the low level header...
+ *
+ * The database key for this type of entry is the string "Version"
+ */
+typedef struct {
+    certDBEntryCommon common;
+} certDBEntryVersion;
+
+#define SEC_DB_VERSION_KEY "Version"
+#define SEC_DB_VERSION_KEY_LEN sizeof(SEC_DB_VERSION_KEY)
+
+/*
+ * Database Content Version Entry:
+ *
+ *  byte offset field
+ *  ----------- -----
+ *  0       contentVersion
+ *
+ * The database key for this type of entry is the string "ContentVersion"
+ */
+typedef struct {
+    certDBEntryCommon common;
+    char contentVersion;
+} certDBEntryContentVersion;
+
+#define SEC_DB_CONTENT_VERSION_KEY "ContentVersion"
+#define SEC_DB_CONTENT_VERSION_KEY_LEN sizeof(SEC_DB_CONTENT_VERSION_KEY)
+
+typedef union {
+    certDBEntryCommon common;
+    certDBEntryCert cert;
+    certDBEntryContentVersion content;
+    certDBEntryNickname nickname;
+    certDBEntryRevocation revocation;
+    certDBEntrySMime smime;
+    certDBEntrySubject subject;
+    certDBEntryVersion version;
+} certDBEntry;
+
+/* length of the fixed part of a database entry */
+#define DBCERT_V4_HEADER_LEN 7
+#define DB_CERT_V5_ENTRY_HEADER_LEN 7
+#define DB_CERT_V6_ENTRY_HEADER_LEN 7
+#define DB_CERT_ENTRY_HEADER_LEN 10
+
+/* common flags for all types of certificates */
+#define CERTDB_TERMINAL_RECORD (1u << 0)
+#define CERTDB_TRUSTED (1u << 1)
+#define CERTDB_SEND_WARN (1u << 2)
+#define CERTDB_VALID_CA (1u << 3)
+#define CERTDB_TRUSTED_CA (1u << 4) /* trusted for issuing server certs */
+#define CERTDB_NS_TRUSTED_CA (1u << 5)
+#define CERTDB_USER (1u << 6)
+#define CERTDB_TRUSTED_CLIENT_CA (1u << 7) /* trusted for issuing client certs */
+#define CERTDB_INVISIBLE_CA (1u << 8)      /* don't show in UI */
+#define CERTDB_GOVT_APPROVED_CA (1u << 9)  /* can do strong crypto in export ver */
+#define CERTDB_MUST_VERIFY (1u << 10)      /* explicitly don't trust this cert */
+#define CERTDB_TRUSTED_UNKNOWN (1u << 11)  /* accept trust from another source */
+
+/* bits not affected by the CKO_NETSCAPE_TRUST object */
+#define CERTDB_PRESERVE_TRUST_BITS (CERTDB_USER |                                                  \
+                                    CERTDB_NS_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_INVISIBLE_CA | \
+                                    CERTDB_GOVT_APPROVED_CA)
+
+#endif /* _PCERTT_H_ */
diff --git a/nss/lib/softoken/legacydb/pk11db.c b/nss/lib/softoken/legacydb/pk11db.c
new file mode 100644
index 0000000..a7421c8
--- /dev/null
+++ b/nss/lib/softoken/legacydb/pk11db.c
@@ -0,0 +1,731 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ *  The following code handles the storage of PKCS 11 modules used by the
+ * NSS. This file is written to abstract away how the modules are
+ * stored so we can deside that later.
+ */
+
+#include "lgdb.h"
+#include "mcom_db.h"
+#include "secerr.h"
+#include "utilpars.h"
+
+#define FREE_CLEAR(p) \
+    if (p) {          \
+        PORT_Free(p); \
+        p = NULL;     \
+    }
+
+/* Construct a database key for a given module */
+static SECStatus
+lgdb_MakeKey(DBT *key, char *module)
+{
+    int len = 0;
+    char *commonName;
+
+    commonName = NSSUTIL_ArgGetParamValue("name", module);
+    if (commonName == NULL) {
+        commonName = NSSUTIL_ArgGetParamValue("library", module);
+    }
+    if (commonName == NULL)
+        return SECFailure;
+    len = PORT_Strlen(commonName);
+    key->data = commonName;
+    key->size = len;
+    return SECSuccess;
+}
+
+/* free out constructed database key */
+static void
+lgdb_FreeKey(DBT *key)
+{
+    if (key->data) {
+        PORT_Free(key->data);
+    }
+    key->data = NULL;
+    key->size = 0;
+}
+
+typedef struct lgdbDataStr lgdbData;
+typedef struct lgdbSlotDataStr lgdbSlotData;
+struct lgdbDataStr {
+    unsigned char major;
+    unsigned char minor;
+    unsigned char nameStart[2];
+    unsigned char slotOffset[2];
+    unsigned char internal;
+    unsigned char fips;
+    unsigned char ssl[8];
+    unsigned char trustOrder[4];
+    unsigned char cipherOrder[4];
+    unsigned char reserved1;
+    unsigned char isModuleDB;
+    unsigned char isModuleDBOnly;
+    unsigned char isCritical;
+    unsigned char reserved[4];
+    unsigned char names[6]; /* enough space for the length fields */
+};
+
+struct lgdbSlotDataStr {
+    unsigned char slotID[4];
+    unsigned char defaultFlags[4];
+    unsigned char timeout[4];
+    unsigned char askpw;
+    unsigned char hasRootCerts;
+    unsigned char reserved[18]; /* this makes it a round 32 bytes */
+};
+
+#define LGDB_DB_VERSION_MAJOR 0
+#define LGDB_DB_VERSION_MINOR 6
+#define LGDB_DB_EXT1_VERSION_MAJOR 0
+#define LGDB_DB_EXT1_VERSION_MINOR 6
+#define LGDB_DB_NOUI_VERSION_MAJOR 0
+#define LGDB_DB_NOUI_VERSION_MINOR 4
+
+#define LGDB_PUTSHORT(dest, src)             \
+    (dest)[1] = (unsigned char)((src)&0xff); \
+    (dest)[0] = (unsigned char)(((src) >> 8) & 0xff);
+#define LGDB_PUTLONG(dest, src)                        \
+    (dest)[3] = (unsigned char)((src)&0xff);           \
+    (dest)[2] = (unsigned char)(((src) >> 8) & 0xff);  \
+    (dest)[1] = (unsigned char)(((src) >> 16) & 0xff); \
+    (dest)[0] = (unsigned char)(((src) >> 24) & 0xff);
+#define LGDB_GETSHORT(src) \
+    ((unsigned short)(((src)[0] << 8) | (src)[1]))
+#define LGDB_GETLONG(src)                              \
+    ((unsigned long)(((unsigned long)(src)[0] << 24) | \
+                     ((unsigned long)(src)[1] << 16) | \
+                     ((unsigned long)(src)[2] << 8) |  \
+                     (unsigned long)(src)[3]))
+
+/*
+ * build a data base entry from a module
+ */
+static SECStatus
+lgdb_EncodeData(DBT *data, char *module)
+{
+    lgdbData *encoded = NULL;
+    lgdbSlotData *slot;
+    unsigned char *dataPtr, *offsetPtr;
+    unsigned short len, len2 = 0, len3 = 0;
+    int count = 0;
+    unsigned short offset;
+    int dataLen, i;
+    unsigned long order;
+    unsigned long ssl[2];
+    char *commonName = NULL, *dllName = NULL, *param = NULL, *nss = NULL;
+    char *slotParams, *ciphers;
+    struct NSSUTILPreSlotInfoStr *slotInfo = NULL;
+    SECStatus rv = SECFailure;
+
+    rv = NSSUTIL_ArgParseModuleSpec(module, &dllName, &commonName, &param, &nss);
+    if (rv != SECSuccess)
+        return rv;
+    rv = SECFailure;
+
+    if (commonName == NULL) {
+        /* set error */
+        goto loser;
+    }
+
+    len = PORT_Strlen(commonName);
+    if (dllName) {
+        len2 = PORT_Strlen(dllName);
+    }
+    if (param) {
+        len3 = PORT_Strlen(param);
+    }
+
+    slotParams = NSSUTIL_ArgGetParamValue("slotParams", nss);
+    slotInfo = NSSUTIL_ArgParseSlotInfo(NULL, slotParams, &count);
+    if (slotParams)
+        PORT_Free(slotParams);
+
+    if (count && slotInfo == NULL) {
+        /* set error */
+        goto loser;
+    }
+
+    dataLen = sizeof(lgdbData) + len + len2 + len3 + sizeof(unsigned short) +
+              count * sizeof(lgdbSlotData);
+
+    data->data = (unsigned char *)PORT_ZAlloc(dataLen);
+    encoded = (lgdbData *)data->data;
+    dataPtr = (unsigned char *)data->data;
+    data->size = dataLen;
+
+    if (encoded == NULL) {
+        /* set error */
+        goto loser;
+    }
+
+    encoded->major = LGDB_DB_VERSION_MAJOR;
+    encoded->minor = LGDB_DB_VERSION_MINOR;
+    encoded->internal = (unsigned char)(NSSUTIL_ArgHasFlag("flags", "internal", nss) ? 1 : 0);
+    encoded->fips = (unsigned char)(NSSUTIL_ArgHasFlag("flags", "FIPS", nss) ? 1 : 0);
+    encoded->isModuleDB = (unsigned char)(NSSUTIL_ArgHasFlag("flags", "isModuleDB", nss) ? 1 : 0);
+    encoded->isModuleDBOnly = (unsigned char)(NSSUTIL_ArgHasFlag("flags", "isModuleDBOnly", nss) ? 1 : 0);
+    encoded->isCritical = (unsigned char)(NSSUTIL_ArgHasFlag("flags", "critical", nss) ? 1 : 0);
+
+    order = NSSUTIL_ArgReadLong("trustOrder", nss,
+                                NSSUTIL_DEFAULT_TRUST_ORDER, NULL);
+    LGDB_PUTLONG(encoded->trustOrder, order);
+    order = NSSUTIL_ArgReadLong("cipherOrder", nss,
+                                NSSUTIL_DEFAULT_CIPHER_ORDER, NULL);
+    LGDB_PUTLONG(encoded->cipherOrder, order);
+
+    ciphers = NSSUTIL_ArgGetParamValue("ciphers", nss);
+    NSSUTIL_ArgParseCipherFlags(&ssl[0], ciphers);
+    LGDB_PUTLONG(encoded->ssl, ssl[0]);
+    LGDB_PUTLONG(&encoded->ssl[4], ssl[1]);
+    if (ciphers)
+        PORT_Free(ciphers);
+
+    offset = (unsigned short)offsetof(lgdbData, names);
+    LGDB_PUTSHORT(encoded->nameStart, offset);
+    offset = offset + len + len2 + len3 + 3 * sizeof(unsigned short);
+    LGDB_PUTSHORT(encoded->slotOffset, offset);
+
+    LGDB_PUTSHORT(&dataPtr[offset], ((unsigned short)count));
+    slot = (lgdbSlotData *)(dataPtr + offset + sizeof(unsigned short));
+
+    offsetPtr = encoded->names;
+    LGDB_PUTSHORT(encoded->names, len);
+    offsetPtr += sizeof(unsigned short);
+    PORT_Memcpy(offsetPtr, commonName, len);
+    offsetPtr += len;
+
+    LGDB_PUTSHORT(offsetPtr, len2);
+    offsetPtr += sizeof(unsigned short);
+    if (len2) {
+        PORT_Memcpy(offsetPtr, dllName, len2);
+    }
+    offsetPtr += len2;
+
+    LGDB_PUTSHORT(offsetPtr, len3);
+    offsetPtr += sizeof(unsigned short);
+    if (len3) {
+        PORT_Memcpy(offsetPtr, param, len3);
+    }
+    offsetPtr += len3;
+
+    if (count) {
+        for (i = 0; i < count; i++) {
+            LGDB_PUTLONG(slot[i].slotID, slotInfo[i].slotID);
+            LGDB_PUTLONG(slot[i].defaultFlags,
+                         slotInfo[i].defaultFlags);
+            LGDB_PUTLONG(slot[i].timeout, slotInfo[i].timeout);
+            slot[i].askpw = slotInfo[i].askpw;
+            slot[i].hasRootCerts = slotInfo[i].hasRootCerts;
+            PORT_Memset(slot[i].reserved, 0, sizeof(slot[i].reserved));
+        }
+    }
+    rv = SECSuccess;
+
+loser:
+    if (commonName)
+        PORT_Free(commonName);
+    if (dllName)
+        PORT_Free(dllName);
+    if (param)
+        PORT_Free(param);
+    if (slotInfo)
+        PORT_Free(slotInfo);
+    if (nss)
+        PORT_Free(nss);
+    return rv;
+}
+
+static void
+lgdb_FreeData(DBT *data)
+{
+    if (data->data) {
+        PORT_Free(data->data);
+    }
+}
+
+static void
+lgdb_FreeSlotStrings(char **slotStrings, int count)
+{
+    int i;
+
+    for (i = 0; i < count; i++) {
+        if (slotStrings[i]) {
+            PR_smprintf_free(slotStrings[i]);
+            slotStrings[i] = NULL;
+        }
+    }
+}
+
+/*
+ * build a module from the data base entry.
+ */
+static char *
+lgdb_DecodeData(char *defParams, DBT *data, PRBool *retInternal)
+{
+    lgdbData *encoded;
+    lgdbSlotData *slots;
+    PLArenaPool *arena;
+    char *commonName = NULL;
+    char *dllName = NULL;
+    char *parameters = NULL;
+    char *nss;
+    char *moduleSpec;
+    char **slotStrings = NULL;
+    unsigned char *names;
+    unsigned long slotCount;
+    unsigned long ssl0 = 0;
+    unsigned long ssl1 = 0;
+    unsigned long slotID;
+    unsigned long defaultFlags;
+    unsigned long timeout;
+    unsigned long trustOrder = NSSUTIL_DEFAULT_TRUST_ORDER;
+    unsigned long cipherOrder = NSSUTIL_DEFAULT_CIPHER_ORDER;
+    unsigned short len;
+    unsigned short namesOffset = 0;   /* start of the names block */
+    unsigned long namesRunningOffset; /* offset to name we are
+                     * currently processing */
+    unsigned short slotOffset;
+    PRBool isOldVersion = PR_FALSE;
+    PRBool internal;
+    PRBool isFIPS;
+    PRBool isModuleDB = PR_FALSE;
+    PRBool isModuleDBOnly = PR_FALSE;
+    PRBool extended = PR_FALSE;
+    int i;
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL)
+        return NULL;
+
+#define CHECK_SIZE(x)                                 \
+    if ((unsigned int)data->size < (unsigned int)(x)) \
+    goto db_loser
+
+    /* -------------------------------------------------------------
+    ** Process the buffer header, which is the lgdbData struct.
+    ** It may be an old or new version.  Check the length for each.
+    */
+
+    CHECK_SIZE(offsetof(lgdbData, trustOrder[0]));
+
+    encoded = (lgdbData *)data->data;
+
+    internal = (encoded->internal != 0) ? PR_TRUE : PR_FALSE;
+    isFIPS = (encoded->fips != 0) ? PR_TRUE : PR_FALSE;
+
+    if (retInternal)
+        *retInternal = internal;
+    if (internal) {
+        parameters = PORT_ArenaStrdup(arena, defParams);
+        if (parameters == NULL)
+            goto loser;
+    }
+    if (internal && (encoded->major == LGDB_DB_NOUI_VERSION_MAJOR) &&
+        (encoded->minor <= LGDB_DB_NOUI_VERSION_MINOR)) {
+        isOldVersion = PR_TRUE;
+    }
+    if ((encoded->major == LGDB_DB_EXT1_VERSION_MAJOR) &&
+        (encoded->minor >= LGDB_DB_EXT1_VERSION_MINOR)) {
+        CHECK_SIZE(sizeof(lgdbData));
+        trustOrder = LGDB_GETLONG(encoded->trustOrder);
+        cipherOrder = LGDB_GETLONG(encoded->cipherOrder);
+        isModuleDB = (encoded->isModuleDB != 0) ? PR_TRUE : PR_FALSE;
+        isModuleDBOnly = (encoded->isModuleDBOnly != 0) ? PR_TRUE : PR_FALSE;
+        extended = PR_TRUE;
+    }
+    if (internal && !extended) {
+        trustOrder = 0;
+        cipherOrder = 100;
+    }
+    /* decode SSL cipher enable flags */
+    ssl0 = LGDB_GETLONG(encoded->ssl);
+    ssl1 = LGDB_GETLONG(encoded->ssl + 4);
+
+    slotOffset = LGDB_GETSHORT(encoded->slotOffset);
+    namesOffset = LGDB_GETSHORT(encoded->nameStart);
+
+    /*--------------------------------------------------------------
+    ** Now process the variable length set of names.
+    ** The names have this structure:
+    ** struct {
+    **     BYTE  commonNameLen[ 2 ];
+    **     BYTE  commonName   [ commonNameLen ];
+    **     BTTE  libNameLen   [ 2 ];
+    **     BYTE  libName      [ libNameLen ];
+    ** If it is "extended" it also has these members:
+    **     BYTE  initStringLen[ 2 ];
+    **     BYTE  initString   [ initStringLen ];
+    ** }
+    */
+
+    namesRunningOffset = namesOffset;
+    /* copy the module's common name */
+    CHECK_SIZE(namesRunningOffset + 2);
+    names = (unsigned char *)data->data;
+    len = LGDB_GETSHORT(names + namesRunningOffset);
+
+    CHECK_SIZE(namesRunningOffset + 2 + len);
+    commonName = (char *)PORT_ArenaAlloc(arena, len + 1);
+    if (commonName == NULL)
+        goto loser;
+    PORT_Memcpy(commonName, names + namesRunningOffset + 2, len);
+    commonName[len] = 0;
+    namesRunningOffset += len + 2;
+
+    /* copy the module's shared library file name. */
+    CHECK_SIZE(namesRunningOffset + 2);
+    len = LGDB_GETSHORT(names + namesRunningOffset);
+    if (len) {
+        CHECK_SIZE(namesRunningOffset + 2 + len);
+        dllName = (char *)PORT_ArenaAlloc(arena, len + 1);
+        if (dllName == NULL)
+            goto loser;
+        PORT_Memcpy(dllName, names + namesRunningOffset + 2, len);
+        dllName[len] = 0;
+    }
+    namesRunningOffset += len + 2;
+
+    /* copy the module's initialization string, if present. */
+    if (!internal && extended) {
+        CHECK_SIZE(namesRunningOffset + 2);
+        len = LGDB_GETSHORT(names + namesRunningOffset);
+        if (len) {
+            CHECK_SIZE(namesRunningOffset + 2 + len);
+            parameters = (char *)PORT_ArenaAlloc(arena, len + 1);
+            if (parameters == NULL)
+                goto loser;
+            PORT_Memcpy(parameters, names + namesRunningOffset + 2, len);
+            parameters[len] = 0;
+        }
+        namesRunningOffset += len + 2;
+    }
+
+    /*
+     * Consistency check: Make sure the slot and names blocks don't
+     * overlap. These blocks can occur in any order, so this check is made
+     * in 2 parts. First we check the case where the slot block starts
+     * after the name block. Later, when we have the slot block length,
+     * we check the case where slot block starts before the name block.
+     * NOTE: in most cases any overlap will likely be detected by invalid
+     * data read from the blocks, but it's better to find out sooner
+     * than later.
+     */
+    if (slotOffset >= namesOffset) { /* slot block starts after name block */
+        if (slotOffset < namesRunningOffset) {
+            goto db_loser;
+        }
+    }
+
+    /* ------------------------------------------------------------------
+    ** Part 3, process the slot table.
+    ** This part has this structure:
+    ** struct {
+    **     BYTE slotCount [ 2 ];
+    **     lgdbSlotData [ slotCount ];
+    ** {
+    */
+
+    CHECK_SIZE(slotOffset + 2);
+    slotCount = LGDB_GETSHORT((unsigned char *)data->data + slotOffset);
+
+    /*
+     * Consistency check: Part 2. We now have the slot block length, we can
+     * check the case where the slotblock procedes the name block.
+     */
+    if (slotOffset < namesOffset) { /* slot block starts before name block */
+        if (namesOffset < slotOffset + 2 + slotCount * sizeof(lgdbSlotData)) {
+            goto db_loser;
+        }
+    }
+
+    CHECK_SIZE((slotOffset + 2 + slotCount * sizeof(lgdbSlotData)));
+    slots = (lgdbSlotData *)((unsigned char *)data->data + slotOffset + 2);
+
+    /*  slotCount; */
+    slotStrings = (char **)PORT_ArenaZAlloc(arena, slotCount * sizeof(char *));
+    if (slotStrings == NULL)
+        goto loser;
+    for (i = 0; i < (int)slotCount; i++, slots++) {
+        PRBool hasRootCerts = PR_FALSE;
+        PRBool hasRootTrust = PR_FALSE;
+        slotID = LGDB_GETLONG(slots->slotID);
+        defaultFlags = LGDB_GETLONG(slots->defaultFlags);
+        timeout = LGDB_GETLONG(slots->timeout);
+        hasRootCerts = slots->hasRootCerts;
+        if (isOldVersion && internal && (slotID != 2)) {
+            unsigned long internalFlags =
+                NSSUTIL_ArgParseSlotFlags("slotFlags",
+                                          NSSUTIL_DEFAULT_SFTKN_FLAGS);
+            defaultFlags |= internalFlags;
+        }
+        if (hasRootCerts && !extended) {
+            trustOrder = 100;
+        }
+
+        slotStrings[i] = NSSUTIL_MkSlotString(slotID, defaultFlags, timeout,
+                                              (unsigned char)slots->askpw,
+                                              hasRootCerts, hasRootTrust);
+        if (slotStrings[i] == NULL) {
+            lgdb_FreeSlotStrings(slotStrings, i);
+            goto loser;
+        }
+    }
+
+    nss = NSSUTIL_MkNSSString(slotStrings, slotCount, internal, isFIPS,
+                              isModuleDB, isModuleDBOnly, internal, trustOrder,
+                              cipherOrder, ssl0, ssl1);
+    lgdb_FreeSlotStrings(slotStrings, slotCount);
+    /* it's permissible (and normal) for nss to be NULL. it simply means
+     * there are no NSS specific parameters in the database */
+    moduleSpec = NSSUTIL_MkModuleSpec(dllName, commonName, parameters, nss);
+    PR_smprintf_free(nss);
+    PORT_FreeArena(arena, PR_TRUE);
+    return moduleSpec;
+
+db_loser:
+    PORT_SetError(SEC_ERROR_BAD_DATABASE);
+loser:
+    PORT_FreeArena(arena, PR_TRUE);
+    return NULL;
+}
+
+static DB *
+lgdb_OpenDB(const char *appName, const char *filename, const char *dbName,
+            PRBool readOnly, PRBool update)
+{
+    DB *pkcs11db = NULL;
+
+    if (appName) {
+        char *secname = PORT_Strdup(filename);
+        int len = strlen(secname);
+        int status = RDB_FAIL;
+
+        if (len >= 3 && PORT_Strcmp(&secname[len - 3], ".db") == 0) {
+            secname[len - 3] = 0;
+        }
+        pkcs11db =
+            rdbopen(appName, "", secname, readOnly ? NO_RDONLY : NO_RDWR, NULL);
+        if (update && !pkcs11db) {
+            DB *updatedb;
+
+            pkcs11db = rdbopen(appName, "", secname, NO_CREATE, &status);
+            if (!pkcs11db) {
+                if (status == RDB_RETRY) {
+                    pkcs11db = rdbopen(appName, "", secname,
+                                       readOnly ? NO_RDONLY : NO_RDWR, NULL);
+                }
+                PORT_Free(secname);
+                return pkcs11db;
+            }
+            updatedb = dbopen(dbName, NO_RDONLY, 0600, DB_HASH, 0);
+            if (updatedb) {
+                db_Copy(pkcs11db, updatedb);
+                (*updatedb->close)(updatedb);
+            } else {
+                (*pkcs11db->close)(pkcs11db);
+                PORT_Free(secname);
+                return NULL;
+            }
+        }
+        PORT_Free(secname);
+        return pkcs11db;
+    }
+
+    /* I'm sure we should do more checks here sometime... */
+    pkcs11db = dbopen(dbName, readOnly ? NO_RDONLY : NO_RDWR, 0600, DB_HASH, 0);
+
+    /* didn't exist? create it */
+    if (pkcs11db == NULL) {
+        if (readOnly)
+            return NULL;
+
+        pkcs11db = dbopen(dbName, NO_CREATE, 0600, DB_HASH, 0);
+        if (pkcs11db)
+            (*pkcs11db->sync)(pkcs11db, 0);
+    }
+    return pkcs11db;
+}
+
+static void
+lgdb_CloseDB(DB *pkcs11db)
+{
+    (*pkcs11db->close)(pkcs11db);
+}
+
+SECStatus legacy_AddSecmodDB(const char *appName, const char *filename,
+                             const char *dbname, char *module, PRBool rw);
+
+#define LGDB_STEP 10
+/*
+ * Read all the existing modules in
+ */
+char **
+legacy_ReadSecmodDB(const char *appName, const char *filename,
+                    const char *dbname, char *params, PRBool rw)
+{
+    DBT key, data;
+    int ret;
+    DB *pkcs11db = NULL;
+    char **moduleList = NULL, **newModuleList = NULL;
+    int moduleCount = 1;
+    int useCount = LGDB_STEP;
+
+    moduleList = (char **)PORT_ZAlloc(useCount * sizeof(char **));
+    if (moduleList == NULL)
+        return NULL;
+
+    pkcs11db = lgdb_OpenDB(appName, filename, dbname, PR_TRUE, rw);
+    if (pkcs11db == NULL)
+        goto done;
+
+    /* read and parse the file or data base */
+    ret = (*pkcs11db->seq)(pkcs11db, &key, &data, R_FIRST);
+    if (ret)
+        goto done;
+
+    do {
+        char *moduleString;
+        PRBool internal = PR_FALSE;
+        if ((moduleCount + 1) >= useCount) {
+            useCount += LGDB_STEP;
+            newModuleList =
+                (char **)PORT_Realloc(moduleList, useCount * sizeof(char *));
+            if (newModuleList == NULL)
+                goto done;
+            moduleList = newModuleList;
+            PORT_Memset(&moduleList[moduleCount + 1], 0,
+                        sizeof(char *) * LGDB_STEP);
+        }
+        moduleString = lgdb_DecodeData(params, &data, &internal);
+        if (internal) {
+            moduleList[0] = moduleString;
+        } else {
+            moduleList[moduleCount] = moduleString;
+            moduleCount++;
+        }
+    } while ((*pkcs11db->seq)(pkcs11db, &key, &data, R_NEXT) == 0);
+
+done:
+    if (!moduleList[0]) {
+        char *newparams = NSSUTIL_Quote(params, '"');
+        if (newparams) {
+            moduleList[0] = PR_smprintf(
+                NSSUTIL_DEFAULT_INTERNAL_INIT1 "%s" NSSUTIL_DEFAULT_INTERNAL_INIT2 "%s" NSSUTIL_DEFAULT_INTERNAL_INIT3,
+                newparams, NSSUTIL_DEFAULT_SFTKN_FLAGS);
+            PORT_Free(newparams);
+        }
+    }
+    /* deal with trust cert db here */
+
+    if (pkcs11db) {
+        lgdb_CloseDB(pkcs11db);
+    } else if (moduleList[0] && rw) {
+        legacy_AddSecmodDB(appName, filename, dbname, moduleList[0], rw);
+    }
+    if (!moduleList[0]) {
+        PORT_Free(moduleList);
+        moduleList = NULL;
+    }
+    return moduleList;
+}
+
+SECStatus
+legacy_ReleaseSecmodDBData(const char *appName, const char *filename,
+                           const char *dbname, char **moduleSpecList, PRBool rw)
+{
+    if (moduleSpecList) {
+        char **index;
+        for (index = moduleSpecList; *index; index++) {
+            PR_smprintf_free(*index);
+        }
+        PORT_Free(moduleSpecList);
+    }
+    return SECSuccess;
+}
+
+/*
+ * Delete a module from the Data Base
+ */
+SECStatus
+legacy_DeleteSecmodDB(const char *appName, const char *filename,
+                      const char *dbname, char *args, PRBool rw)
+{
+    DBT key;
+    SECStatus rv = SECFailure;
+    DB *pkcs11db = NULL;
+    int ret;
+
+    if (!rw)
+        return SECFailure;
+
+    /* make sure we have a db handle */
+    pkcs11db = lgdb_OpenDB(appName, filename, dbname, PR_FALSE, PR_FALSE);
+    if (pkcs11db == NULL) {
+        return SECFailure;
+    }
+
+    rv = lgdb_MakeKey(&key, args);
+    if (rv != SECSuccess)
+        goto done;
+    rv = SECFailure;
+    ret = (*pkcs11db->del)(pkcs11db, &key, 0);
+    lgdb_FreeKey(&key);
+    if (ret != 0)
+        goto done;
+
+    ret = (*pkcs11db->sync)(pkcs11db, 0);
+    if (ret == 0)
+        rv = SECSuccess;
+
+done:
+    lgdb_CloseDB(pkcs11db);
+    return rv;
+}
+
+/*
+ * Add a module to the Data base
+ */
+SECStatus
+legacy_AddSecmodDB(const char *appName, const char *filename,
+                   const char *dbname, char *module, PRBool rw)
+{
+    DBT key, data;
+    SECStatus rv = SECFailure;
+    DB *pkcs11db = NULL;
+    int ret;
+
+    if (!rw)
+        return SECFailure;
+
+    /* make sure we have a db handle */
+    pkcs11db = lgdb_OpenDB(appName, filename, dbname, PR_FALSE, PR_FALSE);
+    if (pkcs11db == NULL) {
+        return SECFailure;
+    }
+
+    rv = lgdb_MakeKey(&key, module);
+    if (rv != SECSuccess)
+        goto done;
+    rv = lgdb_EncodeData(&data, module);
+    if (rv != SECSuccess) {
+        lgdb_FreeKey(&key);
+        goto done;
+    }
+    rv = SECFailure;
+    ret = (*pkcs11db->put)(pkcs11db, &key, &data, 0);
+    lgdb_FreeKey(&key);
+    lgdb_FreeData(&data);
+    if (ret != 0)
+        goto done;
+
+    ret = (*pkcs11db->sync)(pkcs11db, 0);
+    if (ret == 0)
+        rv = SECSuccess;
+
+done:
+    lgdb_CloseDB(pkcs11db);
+    return rv;
+}
diff --git a/nss/lib/softoken/lgglue.c b/nss/lib/softoken/lgglue.c
new file mode 100644
index 0000000..94f0541
--- /dev/null
+++ b/nss/lib/softoken/lgglue.c
@@ -0,0 +1,408 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ *  The following code handles the storage of PKCS 11 modules used by the
+ * NSS. This file is written to abstract away how the modules are
+ * stored so we can deside that later.
+ */
+#include "sftkdb.h"
+#include "sftkdbti.h"
+#include "sdb.h"
+#include "prsystem.h"
+#include "prprf.h"
+#include "prenv.h"
+#include "lgglue.h"
+#include "secerr.h"
+#include "softoken.h"
+
+static LGOpenFunc legacy_glue_open = NULL;
+static LGReadSecmodFunc legacy_glue_readSecmod = NULL;
+static LGReleaseSecmodFunc legacy_glue_releaseSecmod = NULL;
+static LGDeleteSecmodFunc legacy_glue_deleteSecmod = NULL;
+static LGAddSecmodFunc legacy_glue_addSecmod = NULL;
+static LGShutdownFunc legacy_glue_shutdown = NULL;
+
+/*
+ * The following 3 functions duplicate the work done by bl_LoadLibrary.
+ * We should make bl_LoadLibrary a global and replace the call to
+ * sftkdb_LoadLibrary(const char *libname) with it.
+ */
+#ifdef XP_UNIX
+#include <unistd.h>
+#define LG_MAX_LINKS 20
+static char *
+sftkdb_resolvePath(const char *orig)
+{
+    int count = 0;
+    int len = 0;
+    int ret = -1;
+    char *resolved = NULL;
+    char *source = NULL;
+
+    len = 1025; /* MAX PATH +1*/
+    if (strlen(orig) + 1 > len) {
+        /* PATH TOO LONG */
+        return NULL;
+    }
+    resolved = PORT_Alloc(len);
+    if (!resolved) {
+        return NULL;
+    }
+    source = PORT_Alloc(len);
+    if (!source) {
+        goto loser;
+    }
+    PORT_Strcpy(source, orig);
+    /* Walk down all the links */
+    while (count++ < LG_MAX_LINKS) {
+        char *tmp;
+        /* swap our previous sorce out with resolved */
+        /* read it */
+        ret = readlink(source, resolved, len - 1);
+        if (ret < 0) {
+            break;
+        }
+        resolved[ret] = 0;
+        tmp = source;
+        source = resolved;
+        resolved = tmp;
+    }
+    if (count > 1) {
+        ret = 0;
+    }
+loser:
+    if (resolved) {
+        PORT_Free(resolved);
+    }
+    if (ret < 0) {
+        if (source) {
+            PORT_Free(source);
+            source = NULL;
+        }
+    }
+    return source;
+}
+
+#endif
+
+static PRLibrary *
+sftkdb_LoadFromPath(const char *path, const char *libname)
+{
+    char *c;
+    int pathLen, nameLen, fullPathLen;
+    char *fullPathName = NULL;
+    PRLibSpec libSpec;
+    PRLibrary *lib = NULL;
+
+    /* strip of our parent's library name */
+    c = strrchr(path, PR_GetDirectorySeparator());
+    if (!c) {
+        return NULL; /* invalid path */
+    }
+    pathLen = (c - path) + 1;
+    nameLen = strlen(libname);
+    fullPathLen = pathLen + nameLen + 1;
+    fullPathName = (char *)PORT_Alloc(fullPathLen);
+    if (fullPathName == NULL) {
+        return NULL; /* memory allocation error */
+    }
+    PORT_Memcpy(fullPathName, path, pathLen);
+    PORT_Memcpy(fullPathName + pathLen, libname, nameLen);
+    fullPathName[fullPathLen - 1] = 0;
+
+    libSpec.type = PR_LibSpec_Pathname;
+    libSpec.value.pathname = fullPathName;
+    lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+    PORT_Free(fullPathName);
+    return lib;
+}
+
+static PRLibrary *
+sftkdb_LoadLibrary(const char *libname)
+{
+    PRLibrary *lib = NULL;
+    PRFuncPtr fn_addr;
+    char *parentLibPath = NULL;
+
+    fn_addr = (PRFuncPtr)&sftkdb_LoadLibrary;
+    parentLibPath = PR_GetLibraryFilePathname(SOFTOKEN_LIB_NAME, fn_addr);
+
+    if (!parentLibPath) {
+        goto done;
+    }
+
+    lib = sftkdb_LoadFromPath(parentLibPath, libname);
+#ifdef XP_UNIX
+    /* handle symbolic link case */
+    if (!lib) {
+        char *trueParentLibPath = sftkdb_resolvePath(parentLibPath);
+        if (!trueParentLibPath) {
+            goto done;
+        }
+        lib = sftkdb_LoadFromPath(trueParentLibPath, libname);
+        PORT_Free(trueParentLibPath);
+    }
+#endif
+
+done:
+    if (parentLibPath) {
+        PORT_Free(parentLibPath);
+    }
+
+    /* still couldn't load it, try the generic path */
+    if (!lib) {
+        PRLibSpec libSpec;
+        libSpec.type = PR_LibSpec_Pathname;
+        libSpec.value.pathname = libname;
+        lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+    }
+
+    return lib;
+}
+
+/*
+ * stub files for legacy db's to be able to encrypt and decrypt
+ * various keys and attributes.
+ */
+static SECStatus
+sftkdb_encrypt_stub(PLArenaPool *arena, SDB *sdb, SECItem *plainText,
+                    SECItem **cipherText)
+{
+    SFTKDBHandle *handle = sdb->app_private;
+    SECStatus rv;
+
+    if (handle == NULL) {
+        return SECFailure;
+    }
+
+    /* if we aren't the key handle, try the other handle */
+    if (handle->type != SFTK_KEYDB_TYPE) {
+        handle = handle->peerDB;
+    }
+
+    /* not a key handle */
+    if (handle == NULL || handle->passwordLock == NULL) {
+        return SECFailure;
+    }
+
+    PZ_Lock(handle->passwordLock);
+    if (handle->passwordKey.data == NULL) {
+        PZ_Unlock(handle->passwordLock);
+        /* PORT_SetError */
+        return SECFailure;
+    }
+
+    rv = sftkdb_EncryptAttribute(arena,
+                                 handle->newKey ? handle->newKey : &handle->passwordKey,
+                                 plainText, cipherText);
+    PZ_Unlock(handle->passwordLock);
+
+    return rv;
+}
+
+/*
+ * stub files for legacy db's to be able to encrypt and decrypt
+ * various keys and attributes.
+ */
+static SECStatus
+sftkdb_decrypt_stub(SDB *sdb, SECItem *cipherText, SECItem **plainText)
+{
+    SFTKDBHandle *handle = sdb->app_private;
+    SECStatus rv;
+    SECItem *oldKey = NULL;
+
+    if (handle == NULL) {
+        return SECFailure;
+    }
+
+    /* if we aren't th handle, try the other handle */
+    oldKey = handle->oldKey;
+    if (handle->type != SFTK_KEYDB_TYPE) {
+        handle = handle->peerDB;
+    }
+
+    /* not a key handle */
+    if (handle == NULL || handle->passwordLock == NULL) {
+        return SECFailure;
+    }
+
+    PZ_Lock(handle->passwordLock);
+    if (handle->passwordKey.data == NULL) {
+        PZ_Unlock(handle->passwordLock);
+        /* PORT_SetError */
+        return SECFailure;
+    }
+    rv = sftkdb_DecryptAttribute(oldKey ? oldKey : &handle->passwordKey,
+                                 cipherText, plainText);
+    PZ_Unlock(handle->passwordLock);
+
+    return rv;
+}
+
+static const char *LEGACY_LIB_NAME =
+    SHLIB_PREFIX "nssdbm" SHLIB_VERSION "." SHLIB_SUFFIX;
+/*
+ * 2 bools to tell us if we've check the legacy library successfully or
+ * not. Initialize on startup to false by the C BSS segment;
+ */
+static PRLibrary *legacy_glue_lib = NULL;
+static SECStatus
+sftkdbLoad_Legacy()
+{
+    PRLibrary *lib = NULL;
+    LGSetCryptFunc setCryptFunction = NULL;
+
+    if (legacy_glue_lib) {
+        return SECSuccess;
+    }
+
+    lib = sftkdb_LoadLibrary(LEGACY_LIB_NAME);
+    if (lib == NULL) {
+        return SECFailure;
+    }
+
+    legacy_glue_open = (LGOpenFunc)PR_FindFunctionSymbol(lib, "legacy_Open");
+    legacy_glue_readSecmod =
+        (LGReadSecmodFunc)PR_FindFunctionSymbol(lib, "legacy_ReadSecmodDB");
+    legacy_glue_releaseSecmod =
+        (LGReleaseSecmodFunc)PR_FindFunctionSymbol(lib, "legacy_ReleaseSecmodDBData");
+    legacy_glue_deleteSecmod =
+        (LGDeleteSecmodFunc)PR_FindFunctionSymbol(lib, "legacy_DeleteSecmodDB");
+    legacy_glue_addSecmod =
+        (LGAddSecmodFunc)PR_FindFunctionSymbol(lib, "legacy_AddSecmodDB");
+    legacy_glue_shutdown =
+        (LGShutdownFunc)PR_FindFunctionSymbol(lib, "legacy_Shutdown");
+    setCryptFunction =
+        (LGSetCryptFunc)PR_FindFunctionSymbol(lib, "legacy_SetCryptFunctions");
+
+    if (!legacy_glue_open || !legacy_glue_readSecmod ||
+        !legacy_glue_releaseSecmod || !legacy_glue_deleteSecmod ||
+        !legacy_glue_addSecmod || !setCryptFunction) {
+        PR_UnloadLibrary(lib);
+        return SECFailure;
+    }
+
+    setCryptFunction(sftkdb_encrypt_stub, sftkdb_decrypt_stub);
+    legacy_glue_lib = lib;
+    return SECSuccess;
+}
+
+CK_RV
+sftkdbCall_open(const char *dir, const char *certPrefix, const char *keyPrefix,
+                int certVersion, int keyVersion, int flags,
+                SDB **certDB, SDB **keyDB)
+{
+    SECStatus rv;
+
+    rv = sftkdbLoad_Legacy();
+    if (rv != SECSuccess) {
+        return CKR_GENERAL_ERROR;
+    }
+    if (!legacy_glue_open) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return (*legacy_glue_open)(dir, certPrefix, keyPrefix,
+                               certVersion, keyVersion,
+                               flags, certDB, keyDB);
+}
+
+char **
+sftkdbCall_ReadSecmodDB(const char *appName, const char *filename,
+                        const char *dbname, char *params, PRBool rw)
+{
+    SECStatus rv;
+
+    rv = sftkdbLoad_Legacy();
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+    if (!legacy_glue_readSecmod) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+    return (*legacy_glue_readSecmod)(appName, filename, dbname, params, rw);
+}
+
+SECStatus
+sftkdbCall_ReleaseSecmodDBData(const char *appName,
+                               const char *filename, const char *dbname,
+                               char **moduleSpecList, PRBool rw)
+{
+    SECStatus rv;
+
+    rv = sftkdbLoad_Legacy();
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    if (!legacy_glue_releaseSecmod) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return (*legacy_glue_releaseSecmod)(appName, filename, dbname,
+                                        moduleSpecList, rw);
+}
+
+SECStatus
+sftkdbCall_DeleteSecmodDB(const char *appName,
+                          const char *filename, const char *dbname,
+                          char *args, PRBool rw)
+{
+    SECStatus rv;
+
+    rv = sftkdbLoad_Legacy();
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    if (!legacy_glue_deleteSecmod) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return (*legacy_glue_deleteSecmod)(appName, filename, dbname, args, rw);
+}
+
+SECStatus
+sftkdbCall_AddSecmodDB(const char *appName,
+                       const char *filename, const char *dbname,
+                       char *module, PRBool rw)
+{
+    SECStatus rv;
+
+    rv = sftkdbLoad_Legacy();
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    if (!legacy_glue_addSecmod) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return (*legacy_glue_addSecmod)(appName, filename, dbname, module, rw);
+}
+
+CK_RV
+sftkdbCall_Shutdown(void)
+{
+    CK_RV crv = CKR_OK;
+    char *disableUnload = NULL;
+    if (!legacy_glue_lib) {
+        return CKR_OK;
+    }
+    if (legacy_glue_shutdown) {
+#ifdef NO_FORK_CHECK
+        PRBool parentForkedAfterC_Initialize = PR_FALSE;
+#endif
+        crv = (*legacy_glue_shutdown)(parentForkedAfterC_Initialize);
+    }
+    disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD");
+    if (!disableUnload) {
+        PR_UnloadLibrary(legacy_glue_lib);
+    }
+    legacy_glue_lib = NULL;
+    legacy_glue_open = NULL;
+    legacy_glue_readSecmod = NULL;
+    legacy_glue_releaseSecmod = NULL;
+    legacy_glue_deleteSecmod = NULL;
+    legacy_glue_addSecmod = NULL;
+    return crv;
+}
diff --git a/nss/lib/softoken/lgglue.h b/nss/lib/softoken/lgglue.h
new file mode 100644
index 0000000..61dbfec
--- /dev/null
+++ b/nss/lib/softoken/lgglue.h
@@ -0,0 +1,59 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This code defines the glue layer between softoken and the legacy DB library
+ */
+#include "sdb.h"
+
+/*
+ * function prototypes for the callbacks into softoken from the legacyDB
+ */
+
+typedef SECStatus (*LGEncryptFunc)(PLArenaPool *arena, SDB *sdb,
+                                   SECItem *plainText, SECItem **cipherText);
+typedef SECStatus (*LGDecryptFunc)(SDB *sdb, SECItem *cipherText,
+                                   SECItem **plainText);
+
+/*
+ * function prototypes for the exported functions.
+ */
+typedef CK_RV (*LGOpenFunc)(const char *dir, const char *certPrefix,
+                            const char *keyPrefix,
+                            int certVersion, int keyVersion, int flags,
+                            SDB **certDB, SDB **keyDB);
+typedef char **(*LGReadSecmodFunc)(const char *appName,
+                                   const char *filename,
+                                   const char *dbname, char *params, PRBool rw);
+typedef SECStatus (*LGReleaseSecmodFunc)(const char *appName,
+                                         const char *filename,
+                                         const char *dbname, char **params, PRBool rw);
+typedef SECStatus (*LGDeleteSecmodFunc)(const char *appName,
+                                        const char *filename,
+                                        const char *dbname, char *params, PRBool rw);
+typedef SECStatus (*LGAddSecmodFunc)(const char *appName,
+                                     const char *filename,
+                                     const char *dbname, char *params, PRBool rw);
+typedef SECStatus (*LGShutdownFunc)(PRBool forked);
+typedef void (*LGSetForkStateFunc)(PRBool);
+typedef void (*LGSetCryptFunc)(LGEncryptFunc, LGDecryptFunc);
+
+/*
+ * Softoken Glue Functions
+ */
+CK_RV sftkdbCall_open(const char *dir, const char *certPrefix,
+                      const char *keyPrefix,
+                      int certVersion, int keyVersion, int flags,
+                      SDB **certDB, SDB **keyDB);
+char **sftkdbCall_ReadSecmodDB(const char *appName, const char *filename,
+                               const char *dbname, char *params, PRBool rw);
+SECStatus sftkdbCall_ReleaseSecmodDBData(const char *appName,
+                                         const char *filename, const char *dbname,
+                                         char **moduleSpecList, PRBool rw);
+SECStatus sftkdbCall_DeleteSecmodDB(const char *appName,
+                                    const char *filename, const char *dbname,
+                                    char *args, PRBool rw);
+SECStatus sftkdbCall_AddSecmodDB(const char *appName,
+                                 const char *filename, const char *dbname,
+                                 char *module, PRBool rw);
+CK_RV sftkdbCall_Shutdown(void);
diff --git a/nss/lib/softoken/lowkey.c b/nss/lib/softoken/lowkey.c
new file mode 100644
index 0000000..73b1dc9
--- /dev/null
+++ b/nss/lib/softoken/lowkey.c
@@ -0,0 +1,500 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "lowkeyi.h"
+#include "secoid.h"
+#include "secitem.h"
+#include "secder.h"
+#include "base64.h"
+#include "secasn1.h"
+#include "secerr.h"
+
+#ifndef NSS_DISABLE_ECC
+#include "softoken.h"
+#endif
+
+SEC_ASN1_MKSUB(SEC_AnyTemplate)
+SEC_ASN1_MKSUB(SEC_BitStringTemplate)
+SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+const SEC_ASN1Template nsslowkey_AttributeTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSLOWKEYAttribute) },
+    { SEC_ASN1_OBJECT_ID, offsetof(NSSLOWKEYAttribute, attrType) },
+    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN,
+      offsetof(NSSLOWKEYAttribute, attrValue),
+      SEC_ASN1_SUB(SEC_AnyTemplate) },
+    { 0 }
+};
+
+const SEC_ASN1Template nsslowkey_SetOfAttributeTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, nsslowkey_AttributeTemplate },
+};
+/* ASN1 Templates for new decoder/encoder */
+const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(NSSLOWKEYPrivateKeyInfo) },
+    { SEC_ASN1_INTEGER,
+      offsetof(NSSLOWKEYPrivateKeyInfo, version) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(NSSLOWKEYPrivateKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSLOWKEYPrivateKeyInfo, privateKey) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
+      offsetof(NSSLOWKEYPrivateKeyInfo, attributes),
+      nsslowkey_SetOfAttributeTemplate },
+    { 0 }
+};
+
+const SEC_ASN1Template nsslowkey_PQGParamsTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(PQGParams) },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams, prime) },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams, subPrime) },
+    { SEC_ASN1_INTEGER, offsetof(PQGParams, base) },
+    { 0 }
+};
+
+const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.version) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.modulus) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.publicExponent) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.privateExponent) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.prime1) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.prime2) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.exponent1) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.exponent2) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.rsa.coefficient) },
+    { 0 }
+};
+
+const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dsa.publicValue) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dsa.privateValue) },
+    { 0 }
+};
+
+const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[] = {
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dsa.privateValue) },
+};
+
+const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.publicValue) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.privateValue) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.base) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.dh.prime) },
+    { 0 }
+};
+
+#ifndef NSS_DISABLE_ECC
+
+/* NOTE: The SECG specification allows the private key structure
+ * to contain curve parameters but recommends that they be stored
+ * in the PrivateKeyAlgorithmIdentifier field of the PrivateKeyInfo
+ * instead.
+ */
+const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[] = {
+    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLOWKEYPrivateKey) },
+    { SEC_ASN1_INTEGER, offsetof(NSSLOWKEYPrivateKey, u.ec.version) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(NSSLOWKEYPrivateKey, u.ec.privateValue) },
+    /* We only support named curves for which the parameters are
+     * encoded as an object ID.
+     */
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 0,
+      offsetof(NSSLOWKEYPrivateKey, u.ec.ecParams.curveOID),
+      SEC_ASN1_SUB(SEC_ObjectIDTemplate) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+          SEC_ASN1_EXPLICIT | SEC_ASN1_CONTEXT_SPECIFIC |
+          SEC_ASN1_XTRN | 1,
+      offsetof(NSSLOWKEYPrivateKey, u.ec.publicValue),
+      SEC_ASN1_SUB(SEC_BitStringTemplate) },
+    { 0 }
+};
+#endif /* NSS_DISABLE_ECC */
+/*
+ * See bugzilla bug 125359
+ * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
+ * all of the templates above that en/decode into integers must be converted
+ * from ASN.1's signed integer type.  This is done by marking either the
+ * source or destination (encoding or decoding, respectively) type as
+ * siUnsignedInteger.
+ */
+
+void
+prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.rsa.modulus.type = siUnsignedInteger;
+    key->u.rsa.publicExponent.type = siUnsignedInteger;
+    key->u.rsa.privateExponent.type = siUnsignedInteger;
+    key->u.rsa.prime1.type = siUnsignedInteger;
+    key->u.rsa.prime2.type = siUnsignedInteger;
+    key->u.rsa.exponent1.type = siUnsignedInteger;
+    key->u.rsa.exponent2.type = siUnsignedInteger;
+    key->u.rsa.coefficient.type = siUnsignedInteger;
+}
+
+void
+prepare_low_pqg_params_for_asn1(PQGParams *params)
+{
+    params->prime.type = siUnsignedInteger;
+    params->subPrime.type = siUnsignedInteger;
+    params->base.type = siUnsignedInteger;
+}
+
+void
+prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.dsa.publicValue.type = siUnsignedInteger;
+    key->u.dsa.privateValue.type = siUnsignedInteger;
+    key->u.dsa.params.prime.type = siUnsignedInteger;
+    key->u.dsa.params.subPrime.type = siUnsignedInteger;
+    key->u.dsa.params.base.type = siUnsignedInteger;
+}
+
+void
+prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.dsa.privateValue.type = siUnsignedInteger;
+}
+
+void
+prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.dh.prime.type = siUnsignedInteger;
+    key->u.dh.base.type = siUnsignedInteger;
+    key->u.dh.publicValue.type = siUnsignedInteger;
+    key->u.dh.privateValue.type = siUnsignedInteger;
+}
+
+#ifndef NSS_DISABLE_ECC
+void
+prepare_low_ecparams_for_asn1(ECParams *params)
+{
+    params->DEREncoding.type = siUnsignedInteger;
+    params->curveOID.type = siUnsignedInteger;
+}
+
+void
+prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key)
+{
+    key->u.ec.version.type = siUnsignedInteger;
+    key->u.ec.ecParams.DEREncoding.type = siUnsignedInteger;
+    key->u.ec.ecParams.curveOID.type = siUnsignedInteger;
+    key->u.ec.privateValue.type = siUnsignedInteger;
+    key->u.ec.publicValue.type = siUnsignedInteger;
+}
+#endif /* NSS_DISABLE_ECC */
+
+void
+nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *privk)
+{
+    if (privk && privk->arena) {
+        PORT_FreeArena(privk->arena, PR_TRUE);
+    }
+}
+
+void
+nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *pubk)
+{
+    if (pubk && pubk->arena) {
+        PORT_FreeArena(pubk->arena, PR_FALSE);
+    }
+}
+unsigned
+nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubk)
+{
+    unsigned char b0;
+
+    /* interpret modulus length as key strength... in
+     * fortezza that's the public key length */
+
+    switch (pubk->keyType) {
+        case NSSLOWKEYRSAKey:
+            b0 = pubk->u.rsa.modulus.data[0];
+            return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1;
+        default:
+            break;
+    }
+    return 0;
+}
+
+unsigned
+nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privk)
+{
+
+    unsigned char b0;
+
+    switch (privk->keyType) {
+        case NSSLOWKEYRSAKey:
+            b0 = privk->u.rsa.modulus.data[0];
+            return b0 ? privk->u.rsa.modulus.len : privk->u.rsa.modulus.len - 1;
+        default:
+            break;
+    }
+    return 0;
+}
+
+NSSLOWKEYPublicKey *
+nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privk)
+{
+    NSSLOWKEYPublicKey *pubk;
+    PLArenaPool *arena;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    switch (privk->keyType) {
+        case NSSLOWKEYRSAKey:
+        case NSSLOWKEYNullKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                if (privk->keyType == NSSLOWKEYNullKey)
+                    return pubk;
+                rv = SECITEM_CopyItem(arena, &pubk->u.rsa.modulus,
+                                      &privk->u.rsa.modulus);
+                if (rv == SECSuccess) {
+                    rv = SECITEM_CopyItem(arena, &pubk->u.rsa.publicExponent,
+                                          &privk->u.rsa.publicExponent);
+                    if (rv == SECSuccess)
+                        return pubk;
+                }
+            } else {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+            }
+            break;
+        case NSSLOWKEYDSAKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.publicValue,
+                                      &privk->u.dsa.publicValue);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.prime,
+                                      &privk->u.dsa.params.prime);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.subPrime,
+                                      &privk->u.dsa.params.subPrime);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dsa.params.base,
+                                      &privk->u.dsa.params.base);
+                if (rv == SECSuccess)
+                    return pubk;
+            }
+            break;
+        case NSSLOWKEYDHKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
+                                      &privk->u.dh.publicValue);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dh.prime,
+                                      &privk->u.dh.prime);
+                if (rv != SECSuccess)
+                    break;
+                rv = SECITEM_CopyItem(arena, &pubk->u.dh.base,
+                                      &privk->u.dh.base);
+                if (rv == SECSuccess)
+                    return pubk;
+            }
+            break;
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+                                                          sizeof(NSSLOWKEYPublicKey));
+            if (pubk != NULL) {
+                SECStatus rv;
+
+                pubk->arena = arena;
+                pubk->keyType = privk->keyType;
+                rv = SECITEM_CopyItem(arena, &pubk->u.ec.publicValue,
+                                      &privk->u.ec.publicValue);
+                if (rv != SECSuccess)
+                    break;
+                pubk->u.ec.ecParams.arena = arena;
+                /* Copy the rest of the params */
+                rv = EC_CopyParams(arena, &(pubk->u.ec.ecParams),
+                                   &(privk->u.ec.ecParams));
+                if (rv == SECSuccess)
+                    return pubk;
+            }
+            break;
+#endif /* NSS_DISABLE_ECC */
+        /* No Fortezza in Low Key implementations (Fortezza keys aren't
+         * stored in our data base */
+        default:
+            break;
+    }
+
+    PORT_FreeArena(arena, PR_FALSE);
+    return NULL;
+}
+
+NSSLOWKEYPrivateKey *
+nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey)
+{
+    NSSLOWKEYPrivateKey *returnKey = NULL;
+    SECStatus rv = SECFailure;
+    PLArenaPool *poolp;
+
+    if (!privKey) {
+        return NULL;
+    }
+
+    poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!poolp) {
+        return NULL;
+    }
+
+    returnKey = (NSSLOWKEYPrivateKey *)PORT_ArenaZAlloc(poolp, sizeof(NSSLOWKEYPrivateKey));
+    if (!returnKey) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    returnKey->keyType = privKey->keyType;
+    returnKey->arena = poolp;
+
+    switch (privKey->keyType) {
+        case NSSLOWKEYRSAKey:
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.modulus),
+                                  &(privKey->u.rsa.modulus));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.version),
+                                  &(privKey->u.rsa.version));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.publicExponent),
+                                  &(privKey->u.rsa.publicExponent));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.privateExponent),
+                                  &(privKey->u.rsa.privateExponent));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime1),
+                                  &(privKey->u.rsa.prime1));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.prime2),
+                                  &(privKey->u.rsa.prime2));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent1),
+                                  &(privKey->u.rsa.exponent1));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.exponent2),
+                                  &(privKey->u.rsa.exponent2));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.rsa.coefficient),
+                                  &(privKey->u.rsa.coefficient));
+            if (rv != SECSuccess)
+                break;
+            break;
+        case NSSLOWKEYDSAKey:
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.publicValue),
+                                  &(privKey->u.dsa.publicValue));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.privateValue),
+                                  &(privKey->u.dsa.privateValue));
+            if (rv != SECSuccess)
+                break;
+            returnKey->u.dsa.params.arena = poolp;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.prime),
+                                  &(privKey->u.dsa.params.prime));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.subPrime),
+                                  &(privKey->u.dsa.params.subPrime));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dsa.params.base),
+                                  &(privKey->u.dsa.params.base));
+            if (rv != SECSuccess)
+                break;
+            break;
+        case NSSLOWKEYDHKey:
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.publicValue),
+                                  &(privKey->u.dh.publicValue));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.privateValue),
+                                  &(privKey->u.dh.privateValue));
+            if (rv != SECSuccess)
+                break;
+            returnKey->u.dsa.params.arena = poolp;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.prime),
+                                  &(privKey->u.dh.prime));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.dh.base),
+                                  &(privKey->u.dh.base));
+            if (rv != SECSuccess)
+                break;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.version),
+                                  &(privKey->u.ec.version));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.publicValue),
+                                  &(privKey->u.ec.publicValue));
+            if (rv != SECSuccess)
+                break;
+            rv = SECITEM_CopyItem(poolp, &(returnKey->u.ec.privateValue),
+                                  &(privKey->u.ec.privateValue));
+            if (rv != SECSuccess)
+                break;
+            returnKey->u.ec.ecParams.arena = poolp;
+            /* Copy the rest of the params */
+            rv = EC_CopyParams(poolp, &(returnKey->u.ec.ecParams),
+                               &(privKey->u.ec.ecParams));
+            if (rv != SECSuccess)
+                break;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            rv = SECFailure;
+    }
+
+loser:
+
+    if (rv != SECSuccess) {
+        PORT_FreeArena(poolp, PR_TRUE);
+        returnKey = NULL;
+    }
+
+    return returnKey;
+}
diff --git a/nss/lib/softoken/lowkeyi.h b/nss/lib/softoken/lowkeyi.h
new file mode 100644
index 0000000..a5878c2
--- /dev/null
+++ b/nss/lib/softoken/lowkeyi.h
@@ -0,0 +1,71 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _LOWKEYI_H_
+#define _LOWKEYI_H_
+
+#include "prtypes.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "lowkeyti.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * See bugzilla bug 125359
+ * Since NSS (via PKCS#11) wants to handle big integers as unsigned ints,
+ * all of the templates above that en/decode into integers must be converted
+ * from ASN.1's signed integer type.  This is done by marking either the
+ * source or destination (encoding or decoding, respectively) type as
+ * siUnsignedInteger.
+ */
+extern void prepare_low_rsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+extern void prepare_low_pqg_params_for_asn1(PQGParams *params);
+extern void prepare_low_dsa_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+extern void prepare_low_dsa_priv_key_export_for_asn1(NSSLOWKEYPrivateKey *key);
+extern void prepare_low_dh_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+#ifndef NSS_DISABLE_ECC
+extern void prepare_low_ec_priv_key_for_asn1(NSSLOWKEYPrivateKey *key);
+extern void prepare_low_ecparams_for_asn1(ECParams *params);
+#endif /* NSS_DISABLE_ECC */
+
+/*
+** Destroy a private key object.
+**  "key" the object
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void nsslowkey_DestroyPrivateKey(NSSLOWKEYPrivateKey *key);
+
+/*
+** Destroy a public key object.
+**  "key" the object
+**  "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void nsslowkey_DestroyPublicKey(NSSLOWKEYPublicKey *key);
+
+/*
+** Return the modulus length of "pubKey".
+*/
+extern unsigned int nsslowkey_PublicModulusLen(NSSLOWKEYPublicKey *pubKey);
+
+/*
+** Return the modulus length of "privKey".
+*/
+extern unsigned int nsslowkey_PrivateModulusLen(NSSLOWKEYPrivateKey *privKey);
+
+/*
+** Convert a low private key "privateKey" into a public low key
+*/
+extern NSSLOWKEYPublicKey *
+nsslowkey_ConvertToPublicKey(NSSLOWKEYPrivateKey *privateKey);
+
+/* Make a copy of a low private key in it's own arena.
+ * a return of NULL indicates an error.
+ */
+extern NSSLOWKEYPrivateKey *
+nsslowkey_CopyPrivateKey(NSSLOWKEYPrivateKey *privKey);
+
+SEC_END_PROTOS
+
+#endif /* _LOWKEYI_H_ */
diff --git a/nss/lib/softoken/lowkeyti.h b/nss/lib/softoken/lowkeyti.h
new file mode 100644
index 0000000..2ef1640
--- /dev/null
+++ b/nss/lib/softoken/lowkeyti.h
@@ -0,0 +1,93 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _LOWKEYTI_H_
+#define _LOWKEYTI_H_ 1
+
+#include "blapit.h"
+#include "prtypes.h"
+#include "plarena.h"
+#include "secitem.h"
+#include "secasn1t.h"
+#include "secoidt.h"
+
+/*
+** Typedef for callback to get a password "key".
+*/
+extern const SEC_ASN1Template nsslowkey_PQGParamsTemplate[];
+extern const SEC_ASN1Template nsslowkey_RSAPrivateKeyTemplate[];
+extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyTemplate[];
+extern const SEC_ASN1Template nsslowkey_DSAPrivateKeyExportTemplate[];
+extern const SEC_ASN1Template nsslowkey_DHPrivateKeyTemplate[];
+extern const SEC_ASN1Template nsslowkey_DHPrivateKeyExportTemplate[];
+#ifndef NSS_DISABLE_ECC
+#define NSSLOWKEY_EC_PRIVATE_KEY_VERSION 1 /* as per SECG 1 C.4 */
+extern const SEC_ASN1Template nsslowkey_ECPrivateKeyTemplate[];
+#endif /* NSS_DISABLE_ECC */
+
+extern const SEC_ASN1Template nsslowkey_PrivateKeyInfoTemplate[];
+extern const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[];
+
+/*
+ * PKCS #8 attributes
+ */
+struct NSSLOWKEYAttributeStr {
+    SECItem attrType;
+    SECItem *attrValue;
+};
+typedef struct NSSLOWKEYAttributeStr NSSLOWKEYAttribute;
+
+/*
+** A PKCS#8 private key info object
+*/
+struct NSSLOWKEYPrivateKeyInfoStr {
+    PLArenaPool *arena;
+    SECItem version;
+    SECAlgorithmID algorithm;
+    SECItem privateKey;
+    NSSLOWKEYAttribute **attributes;
+};
+typedef struct NSSLOWKEYPrivateKeyInfoStr NSSLOWKEYPrivateKeyInfo;
+#define NSSLOWKEY_PRIVATE_KEY_INFO_VERSION 0 /* what we *create* */
+
+typedef enum {
+    NSSLOWKEYNullKey = 0,
+    NSSLOWKEYRSAKey = 1,
+    NSSLOWKEYDSAKey = 2,
+    NSSLOWKEYDHKey = 4,
+    NSSLOWKEYECKey = 5
+} NSSLOWKEYType;
+
+/*
+** An RSA public key object.
+*/
+struct NSSLOWKEYPublicKeyStr {
+    PLArenaPool *arena;
+    NSSLOWKEYType keyType;
+    union {
+        RSAPublicKey rsa;
+        DSAPublicKey dsa;
+        DHPublicKey dh;
+        ECPublicKey ec;
+    } u;
+};
+typedef struct NSSLOWKEYPublicKeyStr NSSLOWKEYPublicKey;
+
+/*
+** Low Level private key object
+** This is only used by the raw Crypto engines (crypto), keydb (keydb),
+** and PKCS #11. Everyone else uses the high level key structure.
+*/
+struct NSSLOWKEYPrivateKeyStr {
+    PLArenaPool *arena;
+    NSSLOWKEYType keyType;
+    union {
+        RSAPrivateKey rsa;
+        DSAPrivateKey dsa;
+        DHPrivateKey dh;
+        ECPrivateKey ec;
+    } u;
+};
+typedef struct NSSLOWKEYPrivateKeyStr NSSLOWKEYPrivateKey;
+
+#endif /* _LOWKEYTI_H_ */
diff --git a/nss/lib/softoken/lowpbe.c b/nss/lib/softoken/lowpbe.c
new file mode 100644
index 0000000..0a47804
--- /dev/null
+++ b/nss/lib/softoken/lowpbe.c
@@ -0,0 +1,1366 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plarena.h"
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "secport.h"
+#include "hasht.h"
+#include "pkcs11t.h"
+#include "blapi.h"
+#include "hasht.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "lowpbe.h"
+#include "secoid.h"
+#include "alghmac.h"
+#include "softoken.h"
+#include "secerr.h"
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+/* template for PKCS 5 PBE Parameter.  This template has been expanded
+ * based upon the additions in PKCS 12.  This should eventually be moved
+ * if RSA updates PKCS 5.
+ */
+static const SEC_ASN1Template NSSPKCS5PBEParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE,
+        0, NULL, sizeof(NSSPKCS5PBEParameter) },
+      { SEC_ASN1_OCTET_STRING,
+        offsetof(NSSPKCS5PBEParameter, salt) },
+      { SEC_ASN1_INTEGER,
+        offsetof(NSSPKCS5PBEParameter, iteration) },
+      { 0 }
+    };
+
+static const SEC_ASN1Template NSSPKCS5PKCS12V2PBEParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) },
+      { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) },
+      { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) },
+      { 0 }
+    };
+
+/* PKCS5 v2 */
+
+struct nsspkcs5V2PBEParameterStr {
+    SECAlgorithmID keyParams; /* parameters of the key generation */
+    SECAlgorithmID algParams; /* parameters for the encryption or mac op */
+};
+
+typedef struct nsspkcs5V2PBEParameterStr nsspkcs5V2PBEParameter;
+
+static const SEC_ASN1Template NSSPKCS5V2PBES2ParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(nsspkcs5V2PBEParameter) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(nsspkcs5V2PBEParameter, keyParams),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(nsspkcs5V2PBEParameter, algParams),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { 0 }
+    };
+
+static const SEC_ASN1Template NSSPKCS5V2PBEParameterTemplate[] =
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSPKCS5PBEParameter) },
+      /* this is really a choice, but since we don't understand any other
+       * choice, just inline it. */
+      { SEC_ASN1_OCTET_STRING, offsetof(NSSPKCS5PBEParameter, salt) },
+      { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, iteration) },
+      { SEC_ASN1_INTEGER, offsetof(NSSPKCS5PBEParameter, keyLength) },
+      { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(NSSPKCS5PBEParameter, prfAlg),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      { 0 }
+    };
+
+SECStatus
+nsspkcs5_HashBuf(const SECHashObject *hashObj, unsigned char *dest,
+                 unsigned char *src, int len)
+{
+    void *ctx;
+    unsigned int retLen;
+
+    ctx = hashObj->create();
+    if (ctx == NULL) {
+        return SECFailure;
+    }
+    hashObj->begin(ctx);
+    hashObj->update(ctx, src, len);
+    hashObj->end(ctx, dest, &retLen, hashObj->length);
+    hashObj->destroy(ctx, PR_TRUE);
+    return SECSuccess;
+}
+
+/* generate bits using any hash
+ */
+static SECItem *
+nsspkcs5_PBKDF1(const SECHashObject *hashObj, SECItem *salt, SECItem *pwd,
+                int iter, PRBool faulty3DES)
+{
+    SECItem *hash = NULL, *pre_hash = NULL;
+    SECStatus rv = SECFailure;
+
+    if ((salt == NULL) || (pwd == NULL) || (iter < 0)) {
+        return NULL;
+    }
+
+    hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    pre_hash = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+
+    if ((hash != NULL) && (pre_hash != NULL)) {
+        int i, ph_len;
+
+        ph_len = hashObj->length;
+        if ((salt->len + pwd->len) > hashObj->length) {
+            ph_len = salt->len + pwd->len;
+        }
+
+        rv = SECFailure;
+
+        /* allocate buffers */
+        hash->len = hashObj->length;
+        hash->data = (unsigned char *)PORT_ZAlloc(hash->len);
+        pre_hash->data = (unsigned char *)PORT_ZAlloc(ph_len);
+
+        /* in pbeSHA1TripleDESCBC there was an allocation error that made
+         * it into the caller.  We do not want to propagate those errors
+         * further, so we are doing it correctly, but reading the old method.
+         */
+        if (faulty3DES) {
+            pre_hash->len = ph_len;
+        } else {
+            pre_hash->len = salt->len + pwd->len;
+        }
+
+        /* preform hash */
+        if ((hash->data != NULL) && (pre_hash->data != NULL)) {
+            rv = SECSuccess;
+            /* check for 0 length password */
+            if (pwd->len > 0) {
+                PORT_Memcpy(pre_hash->data, pwd->data, pwd->len);
+            }
+            if (salt->len > 0) {
+                PORT_Memcpy((pre_hash->data + pwd->len), salt->data, salt->len);
+            }
+            for (i = 0; ((i < iter) && (rv == SECSuccess)); i++) {
+                rv = nsspkcs5_HashBuf(hashObj, hash->data,
+                                      pre_hash->data, pre_hash->len);
+                if (rv != SECFailure) {
+                    pre_hash->len = hashObj->length;
+                    PORT_Memcpy(pre_hash->data, hash->data, hashObj->length);
+                }
+            }
+        }
+    }
+
+    if (pre_hash != NULL) {
+        SECITEM_FreeItem(pre_hash, PR_TRUE);
+    }
+
+    if ((rv != SECSuccess) && (hash != NULL)) {
+        SECITEM_FreeItem(hash, PR_TRUE);
+        hash = NULL;
+    }
+
+    return hash;
+}
+
+/* this bit generation routine is described in PKCS 12 and the proposed
+ * extensions to PKCS 5.  an initial hash is generated following the
+ * instructions laid out in PKCS 5.  If the number of bits generated is
+ * insufficient, then the method discussed in the proposed extensions to
+ * PKCS 5 in PKCS 12 are used.  This extension makes use of the HMAC
+ * function.  And the P_Hash function from the TLS standard.
+ */
+static SECItem *
+nsspkcs5_PFXPBE(const SECHashObject *hashObj, NSSPKCS5PBEParameter *pbe_param,
+                SECItem *init_hash, unsigned int bytes_needed)
+{
+    SECItem *ret_bits = NULL;
+    int hash_size = 0;
+    unsigned int i;
+    unsigned int hash_iter;
+    unsigned int dig_len;
+    SECStatus rv = SECFailure;
+    unsigned char *state = NULL;
+    unsigned int state_len;
+    HMACContext *cx = NULL;
+
+    hash_size = hashObj->length;
+    hash_iter = (bytes_needed + (unsigned int)hash_size - 1) / hash_size;
+
+    /* allocate return buffer */
+    ret_bits = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (ret_bits == NULL)
+        return NULL;
+    ret_bits->data = (unsigned char *)PORT_ZAlloc((hash_iter * hash_size) + 1);
+    ret_bits->len = (hash_iter * hash_size);
+    if (ret_bits->data == NULL) {
+        PORT_Free(ret_bits);
+        return NULL;
+    }
+
+    /* allocate intermediate hash buffer.  8 is for the 8 bytes of
+     * data which are added based on iteration number
+     */
+
+    if ((unsigned int)hash_size > pbe_param->salt.len) {
+        state_len = hash_size;
+    } else {
+        state_len = pbe_param->salt.len;
+    }
+    state = (unsigned char *)PORT_ZAlloc(state_len);
+    if (state == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    if (pbe_param->salt.len > 0) {
+        PORT_Memcpy(state, pbe_param->salt.data, pbe_param->salt.len);
+    }
+
+    cx = HMAC_Create(hashObj, init_hash->data, init_hash->len, PR_TRUE);
+    if (cx == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    for (i = 0; i < hash_iter; i++) {
+
+        /* generate output bits */
+        HMAC_Begin(cx);
+        HMAC_Update(cx, state, state_len);
+        HMAC_Update(cx, pbe_param->salt.data, pbe_param->salt.len);
+        rv = HMAC_Finish(cx, ret_bits->data + (i * hash_size),
+                         &dig_len, hash_size);
+        if (rv != SECSuccess)
+            goto loser;
+        PORT_Assert((unsigned int)hash_size == dig_len);
+
+        /* generate new state */
+        HMAC_Begin(cx);
+        HMAC_Update(cx, state, state_len);
+        rv = HMAC_Finish(cx, state, &state_len, state_len);
+        if (rv != SECSuccess)
+            goto loser;
+        PORT_Assert(state_len == dig_len);
+    }
+
+loser:
+    if (state != NULL)
+        PORT_ZFree(state, state_len);
+    HMAC_Destroy(cx, PR_TRUE);
+
+    if (rv != SECSuccess) {
+        SECITEM_ZfreeItem(ret_bits, PR_TRUE);
+        ret_bits = NULL;
+    }
+
+    return ret_bits;
+}
+
+/* generate bits for the key and iv determination.  if enough bits
+ * are not generated using PKCS 5, then we need to generate more bits
+ * based on the extension proposed in PKCS 12
+ */
+static SECItem *
+nsspkcs5_PBKDF1Extended(const SECHashObject *hashObj,
+                        NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem, PRBool faulty3DES)
+{
+    SECItem *hash = NULL;
+    SECItem *newHash = NULL;
+    int bytes_needed;
+    int bytes_available;
+
+    bytes_needed = pbe_param->ivLen + pbe_param->keyLen;
+    bytes_available = hashObj->length;
+
+    hash = nsspkcs5_PBKDF1(hashObj, &pbe_param->salt, pwitem,
+                           pbe_param->iter, faulty3DES);
+
+    if (hash == NULL) {
+        return NULL;
+    }
+
+    if (bytes_needed <= bytes_available) {
+        return hash;
+    }
+
+    newHash = nsspkcs5_PFXPBE(hashObj, pbe_param, hash, bytes_needed);
+    if (hash != newHash)
+        SECITEM_FreeItem(hash, PR_TRUE);
+    return newHash;
+}
+
+/*
+ * PBDKDF2 is PKCS #5 v2.0 it's currently not used by NSS
+ */
+static void
+do_xor(unsigned char *dest, unsigned char *src, int len)
+{
+    /* use byt xor, not all platforms are happy about inaligned
+     * integer fetches */
+    while (len--) {
+        *dest = *dest ^ *src;
+        dest++;
+        src++;
+    }
+}
+
+static SECStatus
+nsspkcs5_PBKDF2_F(const SECHashObject *hashobj, SECItem *pwitem, SECItem *salt,
+                  int iterations, unsigned int i, unsigned char *T)
+{
+    int j;
+    HMACContext *cx = NULL;
+    unsigned int hLen = hashobj->length;
+    SECStatus rv = SECFailure;
+    unsigned char *last = NULL;
+    unsigned int lastLength = salt->len + 4;
+    unsigned int lastBufLength;
+
+    cx = HMAC_Create(hashobj, pwitem->data, pwitem->len, PR_FALSE);
+    if (cx == NULL) {
+        goto loser;
+    }
+    PORT_Memset(T, 0, hLen);
+    lastBufLength = PR_MAX(lastLength, hLen);
+    last = PORT_Alloc(lastBufLength);
+    if (last == NULL) {
+        goto loser;
+    }
+    PORT_Memcpy(last, salt->data, salt->len);
+    last[salt->len] = (i >> 24) & 0xff;
+    last[salt->len + 1] = (i >> 16) & 0xff;
+    last[salt->len + 2] = (i >> 8) & 0xff;
+    last[salt->len + 3] = i & 0xff;
+
+    /* NOTE: we need at least one iteration to return success! */
+    for (j = 0; j < iterations; j++) {
+        HMAC_Begin(cx);
+        HMAC_Update(cx, last, lastLength);
+        rv = HMAC_Finish(cx, last, &lastLength, hLen);
+        if (rv != SECSuccess) {
+            break;
+        }
+        do_xor(T, last, hLen);
+    }
+loser:
+    if (cx) {
+        HMAC_Destroy(cx, PR_TRUE);
+    }
+    if (last) {
+        PORT_ZFree(last, lastBufLength);
+    }
+    return rv;
+}
+
+static SECItem *
+nsspkcs5_PBKDF2(const SECHashObject *hashobj, NSSPKCS5PBEParameter *pbe_param,
+                SECItem *pwitem)
+{
+    int iterations = pbe_param->iter;
+    int bytesNeeded = pbe_param->keyLen;
+    unsigned int dkLen = bytesNeeded;
+    unsigned int hLen = hashobj->length;
+    unsigned int nblocks = (dkLen + hLen - 1) / hLen;
+    unsigned int i;
+    unsigned char *rp;
+    unsigned char *T = NULL;
+    SECItem *result = NULL;
+    SECItem *salt = &pbe_param->salt;
+    SECStatus rv = SECFailure;
+
+    result = SECITEM_AllocItem(NULL, NULL, nblocks * hLen);
+    if (result == NULL) {
+        return NULL;
+    }
+
+    T = PORT_Alloc(hLen);
+    if (T == NULL) {
+        goto loser;
+    }
+
+    for (i = 1, rp = result->data; i <= nblocks; i++, rp += hLen) {
+        rv = nsspkcs5_PBKDF2_F(hashobj, pwitem, salt, iterations, i, T);
+        if (rv != SECSuccess) {
+            break;
+        }
+        PORT_Memcpy(rp, T, hLen);
+    }
+
+loser:
+    if (T) {
+        PORT_ZFree(T, hLen);
+    }
+    if (rv != SECSuccess) {
+        SECITEM_FreeItem(result, PR_TRUE);
+        result = NULL;
+    } else {
+        result->len = dkLen;
+    }
+
+    return result;
+}
+
+#define NSSPBE_ROUNDUP(x, y) ((((x) + ((y)-1)) / (y)) * (y))
+#define NSSPBE_MIN(x, y) ((x) < (y) ? (x) : (y))
+/*
+ * This is the extended PBE function defined by the final PKCS #12 spec.
+ */
+static SECItem *
+nsspkcs5_PKCS12PBE(const SECHashObject *hashObject,
+                   NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem,
+                   PBEBitGenID bitGenPurpose, unsigned int bytesNeeded)
+{
+    PLArenaPool *arena = NULL;
+    unsigned int SLen, PLen;
+    unsigned int hashLength = hashObject->length;
+    unsigned char *S, *P;
+    SECItem *A = NULL, B, D, I;
+    SECItem *salt = &pbe_param->salt;
+    unsigned int c, i = 0;
+    unsigned int hashLen;
+    int iter;
+    unsigned char *iterBuf;
+    void *hash = NULL;
+    unsigned int bufferLength;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        return NULL;
+    }
+
+    /* how many hash object lengths are needed */
+    c = (bytesNeeded + (hashLength - 1)) / hashLength;
+
+    /* 64 if 0 < hashLength <= 32, 128 if 32 < hashLength <= 64 */
+    bufferLength = NSSPBE_ROUNDUP(hashLength * 2, 64);
+
+    /* initialize our buffers */
+    D.len = bufferLength;
+    /* B and D are the same length, use one alloc go get both */
+    D.data = (unsigned char *)PORT_ArenaZAlloc(arena, D.len * 2);
+    B.len = D.len;
+    B.data = D.data + D.len;
+
+    /* if all goes well, A will be returned, so don't use our temp arena */
+    A = SECITEM_AllocItem(NULL, NULL, c * hashLength);
+    if (A == NULL) {
+        goto loser;
+    }
+
+    SLen = NSSPBE_ROUNDUP(salt->len, bufferLength);
+    PLen = NSSPBE_ROUNDUP(pwitem->len, bufferLength);
+    I.len = SLen + PLen;
+    I.data = (unsigned char *)PORT_ArenaZAlloc(arena, I.len);
+    if (I.data == NULL) {
+        goto loser;
+    }
+
+    /* S & P are only used to initialize I */
+    S = I.data;
+    P = S + SLen;
+
+    PORT_Memset(D.data, (char)bitGenPurpose, D.len);
+    if (SLen) {
+        for (i = 0; i < SLen; i += salt->len) {
+            PORT_Memcpy(S + i, salt->data, NSSPBE_MIN(SLen - i, salt->len));
+        }
+    }
+    if (PLen) {
+        for (i = 0; i < PLen; i += pwitem->len) {
+            PORT_Memcpy(P + i, pwitem->data, NSSPBE_MIN(PLen - i, pwitem->len));
+        }
+    }
+
+    iterBuf = (unsigned char *)PORT_ArenaZAlloc(arena, hashLength);
+    if (iterBuf == NULL) {
+        goto loser;
+    }
+
+    hash = hashObject->create();
+    if (!hash) {
+        goto loser;
+    }
+    /* calculate the PBE now */
+    for (i = 0; i < c; i++) {
+        int Bidx; /* must be signed or the for loop won't terminate */
+        unsigned int k, j;
+        unsigned char *Ai = A->data + i * hashLength;
+
+        for (iter = 0; iter < pbe_param->iter; iter++) {
+            hashObject->begin(hash);
+
+            if (iter) {
+                hashObject->update(hash, iterBuf, hashLen);
+            } else {
+                hashObject->update(hash, D.data, D.len);
+                hashObject->update(hash, I.data, I.len);
+            }
+
+            hashObject->end(hash, iterBuf, &hashLen, hashObject->length);
+            if (hashLen != hashObject->length) {
+                break;
+            }
+        }
+
+        PORT_Memcpy(Ai, iterBuf, hashLength);
+        for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) {
+            PORT_Memcpy(B.data + Bidx, iterBuf, NSSPBE_MIN(B.len - Bidx, hashLength));
+        }
+
+        k = I.len / B.len;
+        for (j = 0; j < k; j++) {
+            unsigned int q, carryBit;
+            unsigned char *Ij = I.data + j * B.len;
+
+            /* (Ij = Ij+B+1) */
+            for (Bidx = (B.len - 1), q = 1, carryBit = 0; Bidx >= 0; Bidx--, q = 0) {
+                q += (unsigned int)Ij[Bidx];
+                q += (unsigned int)B.data[Bidx];
+                q += carryBit;
+
+                carryBit = (q > 0xff);
+                Ij[Bidx] = (unsigned char)(q & 0xff);
+            }
+        }
+    }
+loser:
+    if (hash) {
+        hashObject->destroy(hash, PR_TRUE);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+
+    if (A) {
+        /* if i != c, then we didn't complete the loop above and must of failed
+         * somwhere along the way */
+        if (i != c) {
+            SECITEM_ZfreeItem(A, PR_TRUE);
+            A = NULL;
+        } else {
+            A->len = bytesNeeded;
+        }
+    }
+
+    return A;
+}
+
+/*
+ * generate key as per PKCS 5
+ */
+SECItem *
+nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem,
+                         SECItem *iv, PRBool faulty3DES)
+{
+    SECItem *hash = NULL, *key = NULL;
+    const SECHashObject *hashObj;
+    PRBool getIV = PR_FALSE;
+
+    if ((pbe_param == NULL) || (pwitem == NULL)) {
+        return NULL;
+    }
+
+    key = SECITEM_AllocItem(NULL, NULL, pbe_param->keyLen);
+    if (key == NULL) {
+        return NULL;
+    }
+
+    if (iv && (pbe_param->ivLen) && (iv->data == NULL)) {
+        getIV = PR_TRUE;
+        iv->data = (unsigned char *)PORT_Alloc(pbe_param->ivLen);
+        if (iv->data == NULL) {
+            goto loser;
+        }
+        iv->len = pbe_param->ivLen;
+    }
+
+    hashObj = HASH_GetRawHashObject(pbe_param->hashType);
+    switch (pbe_param->pbeType) {
+        case NSSPKCS5_PBKDF1:
+            hash = nsspkcs5_PBKDF1Extended(hashObj, pbe_param, pwitem, faulty3DES);
+            if (hash == NULL) {
+                goto loser;
+            }
+            PORT_Assert(hash->len >= key->len + (getIV ? iv->len : 0));
+            if (getIV) {
+                PORT_Memcpy(iv->data, hash->data + (hash->len - iv->len), iv->len);
+            }
+
+            break;
+        case NSSPKCS5_PBKDF2:
+            hash = nsspkcs5_PBKDF2(hashObj, pbe_param, pwitem);
+            if (getIV) {
+                PORT_Memcpy(iv->data, pbe_param->ivData, iv->len);
+            }
+            break;
+        case NSSPKCS5_PKCS12_V2:
+            if (getIV) {
+                hash = nsspkcs5_PKCS12PBE(hashObj, pbe_param, pwitem,
+                                          pbeBitGenCipherIV, iv->len);
+                if (hash == NULL) {
+                    goto loser;
+                }
+                PORT_Memcpy(iv->data, hash->data, iv->len);
+                SECITEM_ZfreeItem(hash, PR_TRUE);
+                hash = NULL;
+            }
+            hash = nsspkcs5_PKCS12PBE(hashObj, pbe_param, pwitem,
+                                      pbe_param->keyID, key->len);
+        default:
+            break;
+    }
+
+    if (hash == NULL) {
+        goto loser;
+    }
+
+    if (pbe_param->is2KeyDES) {
+        PORT_Memcpy(key->data, hash->data, (key->len * 2) / 3);
+        PORT_Memcpy(&(key->data[(key->len * 2) / 3]), key->data,
+                    key->len / 3);
+    } else {
+        PORT_Memcpy(key->data, hash->data, key->len);
+    }
+
+    SECITEM_ZfreeItem(hash, PR_TRUE);
+    return key;
+
+loser:
+    if (getIV && iv->data) {
+        PORT_ZFree(iv->data, iv->len);
+        iv->data = NULL;
+    }
+
+    SECITEM_ZfreeItem(key, PR_TRUE);
+    return NULL;
+}
+
+static SECStatus
+nsspkcs5_FillInParam(SECOidTag algorithm, HASH_HashType hashType,
+                     NSSPKCS5PBEParameter *pbe_param)
+{
+    PRBool skipType = PR_FALSE;
+
+    pbe_param->keyLen = 5;
+    pbe_param->ivLen = 8;
+    pbe_param->hashType = hashType;
+    pbe_param->pbeType = NSSPKCS5_PBKDF1;
+    pbe_param->encAlg = SEC_OID_RC2_CBC;
+    pbe_param->is2KeyDES = PR_FALSE;
+    switch (algorithm) {
+        /* DES3 Algorithms */
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC:
+            pbe_param->is2KeyDES = PR_TRUE;
+        /* fall through */
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC:
+            pbe_param->pbeType = NSSPKCS5_PKCS12_V2;
+        /* fall through */
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC:
+            pbe_param->keyLen = 24;
+            pbe_param->encAlg = SEC_OID_DES_EDE3_CBC;
+            break;
+
+        /* DES Algorithms */
+        case SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC:
+            pbe_param->hashType = HASH_AlgMD2;
+            goto finish_des;
+        case SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC:
+            pbe_param->hashType = HASH_AlgMD5;
+        /* fall through */
+        case SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC:
+        finish_des:
+            pbe_param->keyLen = 8;
+            pbe_param->encAlg = SEC_OID_DES_CBC;
+            break;
+
+        /* RC2 Algorithms */
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+            pbe_param->keyLen = 16;
+        /* fall through */
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+            pbe_param->pbeType = NSSPKCS5_PKCS12_V2;
+            break;
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC:
+            pbe_param->keyLen = 16;
+        /* fall through */
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC:
+            break;
+
+        /* RC4 algorithms */
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4:
+            skipType = PR_TRUE;
+        /* fall through */
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4:
+            pbe_param->keyLen = 16;
+        /* fall through */
+        case SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4:
+            if (!skipType) {
+                pbe_param->pbeType = NSSPKCS5_PKCS12_V2;
+            }
+        /* fall through */
+        case SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4:
+            pbe_param->ivLen = 0;
+            pbe_param->encAlg = SEC_OID_RC4;
+            break;
+
+        case SEC_OID_PKCS5_PBKDF2:
+        case SEC_OID_PKCS5_PBES2:
+        case SEC_OID_PKCS5_PBMAC1:
+            /* everything else will be filled in by the template */
+            pbe_param->ivLen = 0;
+            pbe_param->pbeType = NSSPKCS5_PBKDF2;
+            pbe_param->encAlg = SEC_OID_PKCS5_PBKDF2;
+            pbe_param->keyLen = 0; /* needs to be set by caller after return */
+            break;
+
+        default:
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* decode the algid and generate a PKCS 5 parameter from it
+ */
+NSSPKCS5PBEParameter *
+nsspkcs5_NewParam(SECOidTag alg, HASH_HashType hashType, SECItem *salt,
+                  int iterationCount)
+{
+    PLArenaPool *arena = NULL;
+    NSSPKCS5PBEParameter *pbe_param = NULL;
+    SECStatus rv = SECFailure;
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL)
+        return NULL;
+
+    /* allocate memory for the parameter */
+    pbe_param = (NSSPKCS5PBEParameter *)PORT_ArenaZAlloc(arena,
+                                                         sizeof(NSSPKCS5PBEParameter));
+
+    if (pbe_param == NULL) {
+        goto loser;
+    }
+
+    pbe_param->poolp = arena;
+
+    rv = nsspkcs5_FillInParam(alg, hashType, pbe_param);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    pbe_param->iter = iterationCount;
+    if (salt) {
+        rv = SECITEM_CopyItem(arena, &pbe_param->salt, salt);
+    }
+
+    /* default key gen */
+    pbe_param->keyID = pbeBitGenCipherKey;
+
+loser:
+    if (rv != SECSuccess) {
+        PORT_FreeArena(arena, PR_TRUE);
+        pbe_param = NULL;
+    }
+
+    return pbe_param;
+}
+
+/*
+ * find the hash type needed to implement a specific HMAC.
+ * OID definitions are from pkcs 5 v2.0 and 2.1
+ */
+HASH_HashType
+HASH_FromHMACOid(SECOidTag hmac)
+{
+    switch (hmac) {
+        case SEC_OID_HMAC_SHA1:
+            return HASH_AlgSHA1;
+        case SEC_OID_HMAC_SHA256:
+            return HASH_AlgSHA256;
+        case SEC_OID_HMAC_SHA384:
+            return HASH_AlgSHA384;
+        case SEC_OID_HMAC_SHA512:
+            return HASH_AlgSHA512;
+        case SEC_OID_HMAC_SHA224:
+        default:
+            break;
+    }
+    return HASH_AlgNULL;
+}
+
+/* decode the algid and generate a PKCS 5 parameter from it
+ */
+NSSPKCS5PBEParameter *
+nsspkcs5_AlgidToParam(SECAlgorithmID *algid)
+{
+    NSSPKCS5PBEParameter *pbe_param = NULL;
+    nsspkcs5V2PBEParameter pbev2_param;
+    SECOidTag algorithm;
+    SECStatus rv = SECFailure;
+
+    if (algid == NULL) {
+        return NULL;
+    }
+
+    algorithm = SECOID_GetAlgorithmTag(algid);
+    if (algorithm == SEC_OID_UNKNOWN) {
+        goto loser;
+    }
+
+    pbe_param = nsspkcs5_NewParam(algorithm, HASH_AlgSHA1, NULL, 1);
+    if (pbe_param == NULL) {
+        goto loser;
+    }
+
+    /* decode parameter */
+    rv = SECFailure;
+    switch (pbe_param->pbeType) {
+        case NSSPKCS5_PBKDF1:
+            rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
+                                    NSSPKCS5PBEParameterTemplate, &algid->parameters);
+            break;
+        case NSSPKCS5_PKCS12_V2:
+            rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
+                                    NSSPKCS5PKCS12V2PBEParameterTemplate, &algid->parameters);
+            break;
+        case NSSPKCS5_PBKDF2:
+            PORT_Memset(&pbev2_param, 0, sizeof(pbev2_param));
+            /* just the PBE */
+            if (algorithm == SEC_OID_PKCS5_PBKDF2) {
+                rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
+                                        NSSPKCS5V2PBEParameterTemplate, &algid->parameters);
+            } else {
+                /* PBE data an others */
+                rv = SEC_ASN1DecodeItem(pbe_param->poolp, &pbev2_param,
+                                        NSSPKCS5V2PBES2ParameterTemplate, &algid->parameters);
+                if (rv != SECSuccess) {
+                    break;
+                }
+                pbe_param->encAlg = SECOID_GetAlgorithmTag(&pbev2_param.algParams);
+                rv = SEC_ASN1DecodeItem(pbe_param->poolp, pbe_param,
+                                        NSSPKCS5V2PBEParameterTemplate,
+                                        &pbev2_param.keyParams.parameters);
+                if (rv != SECSuccess) {
+                    break;
+                }
+                pbe_param->keyLen = DER_GetInteger(&pbe_param->keyLength);
+            }
+            /* we we are encrypting, save any iv's */
+            if (algorithm == SEC_OID_PKCS5_PBES2) {
+                pbe_param->ivLen = pbev2_param.algParams.parameters.len;
+                pbe_param->ivData = pbev2_param.algParams.parameters.data;
+            }
+            pbe_param->hashType =
+                HASH_FromHMACOid(SECOID_GetAlgorithmTag(&pbe_param->prfAlg));
+            if (pbe_param->hashType == HASH_AlgNULL) {
+                PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+                rv = SECFailure;
+            }
+            break;
+    }
+
+loser:
+    if (rv == SECSuccess) {
+        pbe_param->iter = DER_GetInteger(&pbe_param->iteration);
+    } else {
+        nsspkcs5_DestroyPBEParameter(pbe_param);
+        pbe_param = NULL;
+    }
+
+    return pbe_param;
+}
+
+/* destroy a pbe parameter.  it assumes that the parameter was
+ * generated using the appropriate create function and therefor
+ * contains an arena pool.
+ */
+void
+nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *pbe_param)
+{
+    if (pbe_param != NULL) {
+        PORT_FreeArena(pbe_param->poolp, PR_FALSE);
+    }
+}
+
+/* crypto routines */
+/* perform DES encryption and decryption.  these routines are called
+ * by nsspkcs5_CipherData.  In the case of an error, NULL is returned.
+ */
+static SECItem *
+sec_pkcs5_des(SECItem *key, SECItem *iv, SECItem *src, PRBool triple_des,
+              PRBool encrypt)
+{
+    SECItem *dest;
+    SECItem *dup_src;
+    SECStatus rv = SECFailure;
+    int pad;
+
+    if ((src == NULL) || (key == NULL) || (iv == NULL))
+        return NULL;
+
+    dup_src = SECITEM_DupItem(src);
+    if (dup_src == NULL) {
+        return NULL;
+    }
+
+    if (encrypt != PR_FALSE) {
+        void *dummy;
+
+        dummy = CBC_PadBuffer(NULL, dup_src->data,
+                              dup_src->len, &dup_src->len, 8 /* DES_BLOCK_SIZE */);
+        if (dummy == NULL) {
+            SECITEM_FreeItem(dup_src, PR_TRUE);
+            return NULL;
+        }
+        dup_src->data = (unsigned char *)dummy;
+    }
+
+    dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (dest != NULL) {
+        /* allocate with over flow */
+        dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
+        if (dest->data != NULL) {
+            DESContext *ctxt;
+            ctxt = DES_CreateContext(key->data, iv->data,
+                                     (triple_des ? NSS_DES_EDE3_CBC : NSS_DES_CBC),
+                                     encrypt);
+
+            if (ctxt != NULL) {
+                rv = (encrypt ? DES_Encrypt : DES_Decrypt)(
+                    ctxt, dest->data, &dest->len,
+                    dup_src->len + 64, dup_src->data, dup_src->len);
+
+                /* remove padding -- assumes 64 bit blocks */
+                if ((encrypt == PR_FALSE) && (rv == SECSuccess)) {
+                    pad = dest->data[dest->len - 1];
+                    if ((pad > 0) && (pad <= 8)) {
+                        if (dest->data[dest->len - pad] != pad) {
+                            rv = SECFailure;
+                            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                        } else {
+                            dest->len -= pad;
+                        }
+                    } else {
+                        rv = SECFailure;
+                        PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                    }
+                }
+                DES_DestroyContext(ctxt, PR_TRUE);
+            }
+        }
+    }
+
+    if (rv == SECFailure) {
+        if (dest != NULL) {
+            SECITEM_FreeItem(dest, PR_TRUE);
+        }
+        dest = NULL;
+    }
+
+    if (dup_src != NULL) {
+        SECITEM_FreeItem(dup_src, PR_TRUE);
+    }
+
+    return dest;
+}
+
+/* perform aes encryption/decryption if an error occurs, NULL is returned
+ */
+static SECItem *
+sec_pkcs5_aes(SECItem *key, SECItem *iv, SECItem *src, PRBool triple_des,
+              PRBool encrypt)
+{
+    SECItem *dest;
+    SECItem *dup_src;
+    SECStatus rv = SECFailure;
+    int pad;
+
+    if ((src == NULL) || (key == NULL) || (iv == NULL))
+        return NULL;
+
+    dup_src = SECITEM_DupItem(src);
+    if (dup_src == NULL) {
+        return NULL;
+    }
+
+    if (encrypt != PR_FALSE) {
+        void *dummy;
+
+        dummy = CBC_PadBuffer(NULL, dup_src->data,
+                              dup_src->len, &dup_src->len, AES_BLOCK_SIZE);
+        if (dummy == NULL) {
+            SECITEM_FreeItem(dup_src, PR_TRUE);
+            return NULL;
+        }
+        dup_src->data = (unsigned char *)dummy;
+    }
+
+    dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (dest != NULL) {
+        /* allocate with over flow */
+        dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
+        if (dest->data != NULL) {
+            AESContext *ctxt;
+            ctxt = AES_CreateContext(key->data, iv->data,
+                                     NSS_AES_CBC, encrypt, key->len, 16);
+
+            if (ctxt != NULL) {
+                rv = (encrypt ? AES_Encrypt : AES_Decrypt)(
+                    ctxt, dest->data, &dest->len,
+                    dup_src->len + 64, dup_src->data, dup_src->len);
+
+                /* remove padding -- assumes 64 bit blocks */
+                if ((encrypt == PR_FALSE) && (rv == SECSuccess)) {
+                    pad = dest->data[dest->len - 1];
+                    if ((pad > 0) && (pad <= 16)) {
+                        if (dest->data[dest->len - pad] != pad) {
+                            rv = SECFailure;
+                            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                        } else {
+                            dest->len -= pad;
+                        }
+                    } else {
+                        rv = SECFailure;
+                        PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                    }
+                }
+                AES_DestroyContext(ctxt, PR_TRUE);
+            }
+        }
+    }
+
+    if (rv == SECFailure) {
+        if (dest != NULL) {
+            SECITEM_FreeItem(dest, PR_TRUE);
+        }
+        dest = NULL;
+    }
+
+    if (dup_src != NULL) {
+        SECITEM_FreeItem(dup_src, PR_TRUE);
+    }
+
+    return dest;
+}
+
+/* perform rc2 encryption/decryption if an error occurs, NULL is returned
+ */
+static SECItem *
+sec_pkcs5_rc2(SECItem *key, SECItem *iv, SECItem *src, PRBool dummy,
+              PRBool encrypt)
+{
+    SECItem *dest;
+    SECItem *dup_src;
+    SECStatus rv = SECFailure;
+    int pad;
+
+    if ((src == NULL) || (key == NULL) || (iv == NULL)) {
+        return NULL;
+    }
+
+    dup_src = SECITEM_DupItem(src);
+    if (dup_src == NULL) {
+        return NULL;
+    }
+
+    if (encrypt != PR_FALSE) {
+        void *dummy;
+
+        dummy = CBC_PadBuffer(NULL, dup_src->data,
+                              dup_src->len, &dup_src->len, 8 /* RC2_BLOCK_SIZE */);
+        if (dummy == NULL) {
+            SECITEM_FreeItem(dup_src, PR_TRUE);
+            return NULL;
+        }
+        dup_src->data = (unsigned char *)dummy;
+    }
+
+    dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (dest != NULL) {
+        dest->data = (unsigned char *)PORT_ZAlloc(dup_src->len + 64);
+        if (dest->data != NULL) {
+            RC2Context *ctxt;
+
+            ctxt = RC2_CreateContext(key->data, key->len, iv->data,
+                                     NSS_RC2_CBC, key->len);
+
+            if (ctxt != NULL) {
+                rv = (encrypt ? RC2_Encrypt : RC2_Decrypt)(
+                    ctxt, dest->data, &dest->len,
+                    dup_src->len + 64, dup_src->data, dup_src->len);
+
+                /* assumes 8 byte blocks  -- remove padding */
+                if ((rv == SECSuccess) && (encrypt != PR_TRUE)) {
+                    pad = dest->data[dest->len - 1];
+                    if ((pad > 0) && (pad <= 8)) {
+                        if (dest->data[dest->len - pad] != pad) {
+                            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                            rv = SECFailure;
+                        } else {
+                            dest->len -= pad;
+                        }
+                    } else {
+                        PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+                        rv = SECFailure;
+                    }
+                }
+            }
+        }
+    }
+
+    if ((rv != SECSuccess) && (dest != NULL)) {
+        SECITEM_FreeItem(dest, PR_TRUE);
+        dest = NULL;
+    }
+
+    if (dup_src != NULL) {
+        SECITEM_FreeItem(dup_src, PR_TRUE);
+    }
+
+    return dest;
+}
+
+/* perform rc4 encryption and decryption */
+static SECItem *
+sec_pkcs5_rc4(SECItem *key, SECItem *iv, SECItem *src, PRBool dummy_op,
+              PRBool encrypt)
+{
+    SECItem *dest;
+    SECStatus rv = SECFailure;
+
+    if ((src == NULL) || (key == NULL) || (iv == NULL)) {
+        return NULL;
+    }
+
+    dest = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
+    if (dest != NULL) {
+        dest->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
+                                                  (src->len + 64));
+        if (dest->data != NULL) {
+            RC4Context *ctxt;
+
+            ctxt = RC4_CreateContext(key->data, key->len);
+            if (ctxt) {
+                rv = (encrypt ? RC4_Encrypt : RC4_Decrypt)(
+                    ctxt, dest->data, &dest->len,
+                    src->len + 64, src->data, src->len);
+                RC4_DestroyContext(ctxt, PR_TRUE);
+            }
+        }
+    }
+
+    if ((rv != SECSuccess) && (dest)) {
+        SECITEM_FreeItem(dest, PR_TRUE);
+        dest = NULL;
+    }
+
+    return dest;
+}
+/* function pointer template for crypto functions */
+typedef SECItem *(*pkcs5_crypto_func)(SECItem *key, SECItem *iv,
+                                      SECItem *src, PRBool op1, PRBool op2);
+
+/* performs the cipher operation on the src and returns the result.
+ * if an error occurs, NULL is returned.
+ *
+ * a null length password is allowed.  this corresponds to encrypting
+ * the data with ust the salt.
+ */
+/* change this to use PKCS 11? */
+SECItem *
+nsspkcs5_CipherData(NSSPKCS5PBEParameter *pbe_param, SECItem *pwitem,
+                    SECItem *src, PRBool encrypt, PRBool *update)
+{
+    SECItem *key = NULL, iv;
+    SECItem *dest = NULL;
+    PRBool tripleDES = PR_TRUE;
+    pkcs5_crypto_func cryptof;
+
+    iv.data = NULL;
+
+    if (update) {
+        *update = PR_FALSE;
+    }
+
+    if ((pwitem == NULL) || (src == NULL)) {
+        return NULL;
+    }
+
+    /* get key, and iv */
+    key = nsspkcs5_ComputeKeyAndIV(pbe_param, pwitem, &iv, PR_FALSE);
+    if (key == NULL) {
+        return NULL;
+    }
+
+    switch (pbe_param->encAlg) {
+        /* PKCS 5 v2 only */
+        case SEC_OID_AES_128_CBC:
+        case SEC_OID_AES_192_CBC:
+        case SEC_OID_AES_256_CBC:
+            cryptof = sec_pkcs5_aes;
+            break;
+        case SEC_OID_DES_EDE3_CBC:
+            cryptof = sec_pkcs5_des;
+            tripleDES = PR_TRUE;
+            break;
+        case SEC_OID_DES_CBC:
+            cryptof = sec_pkcs5_des;
+            tripleDES = PR_FALSE;
+            break;
+        case SEC_OID_RC2_CBC:
+            cryptof = sec_pkcs5_rc2;
+            break;
+        case SEC_OID_RC4:
+            cryptof = sec_pkcs5_rc4;
+            break;
+        default:
+            cryptof = NULL;
+            break;
+    }
+
+    if (cryptof == NULL) {
+        goto loser;
+    }
+
+    dest = (*cryptof)(key, &iv, src, tripleDES, encrypt);
+    /*
+     * it's possible for some keys and keydb's to claim to
+     * be triple des when they're really des. In this case
+     * we simply try des. If des works we set the update flag
+     * so the key db knows it needs to update all it's entries.
+     *  The case can only happen on decrypted of a
+     *  SEC_OID_DES_EDE3_CBD.
+     */
+    if ((dest == NULL) && (encrypt == PR_FALSE) &&
+        (pbe_param->encAlg == SEC_OID_DES_EDE3_CBC)) {
+        dest = (*cryptof)(key, &iv, src, PR_FALSE, encrypt);
+        if (update && (dest != NULL))
+            *update = PR_TRUE;
+    }
+
+loser:
+    if (key != NULL) {
+        SECITEM_ZfreeItem(key, PR_TRUE);
+    }
+    if (iv.data != NULL) {
+        SECITEM_ZfreeItem(&iv, PR_FALSE);
+    }
+
+    return dest;
+}
+
+/* creates a algorithm ID containing the PBE algorithm and appropriate
+ * parameters.  the required parameter is the algorithm.  if salt is
+ * not specified, it is generated randomly.  if IV is specified, it overrides
+ * the PKCS 5 generation of the IV.
+ *
+ * the returned SECAlgorithmID should be destroyed using
+ * SECOID_DestroyAlgorithmID
+ */
+SECAlgorithmID *
+nsspkcs5_CreateAlgorithmID(PLArenaPool *arena, SECOidTag algorithm,
+                           NSSPKCS5PBEParameter *pbe_param)
+{
+    SECAlgorithmID *algid, *ret_algid = NULL;
+    SECItem der_param;
+    nsspkcs5V2PBEParameter pkcs5v2_param;
+
+    SECStatus rv = SECFailure;
+    void *dummy = NULL;
+
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    der_param.data = NULL;
+    der_param.len = 0;
+
+    /* generate the algorithm id */
+    algid = (SECAlgorithmID *)PORT_ArenaZAlloc(arena, sizeof(SECAlgorithmID));
+    if (algid == NULL) {
+        goto loser;
+    }
+
+    if (pbe_param->iteration.data == NULL) {
+        dummy = SEC_ASN1EncodeInteger(pbe_param->poolp, &pbe_param->iteration,
+                                      pbe_param->iter);
+        if (dummy == NULL) {
+            goto loser;
+        }
+    }
+    switch (pbe_param->pbeType) {
+        case NSSPKCS5_PBKDF1:
+            dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
+                                       NSSPKCS5PBEParameterTemplate);
+            break;
+        case NSSPKCS5_PKCS12_V2:
+            dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
+                                       NSSPKCS5PKCS12V2PBEParameterTemplate);
+            break;
+        case NSSPKCS5_PBKDF2:
+            if (pbe_param->keyLength.data == NULL) {
+                dummy = SEC_ASN1EncodeInteger(pbe_param->poolp,
+                                              &pbe_param->keyLength, pbe_param->keyLen);
+                if (dummy == NULL) {
+                    goto loser;
+                }
+            }
+            PORT_Memset(&pkcs5v2_param, 0, sizeof(pkcs5v2_param));
+            dummy = SEC_ASN1EncodeItem(arena, &der_param, pbe_param,
+                                       NSSPKCS5V2PBEParameterTemplate);
+            if (dummy == NULL) {
+                break;
+            }
+            dummy = NULL;
+            rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.keyParams,
+                                       SEC_OID_PKCS5_PBKDF2, &der_param);
+            if (rv != SECSuccess) {
+                break;
+            }
+            der_param.data = pbe_param->ivData;
+            der_param.len = pbe_param->ivLen;
+            rv = SECOID_SetAlgorithmID(arena, &pkcs5v2_param.algParams,
+                                       pbe_param->encAlg, pbe_param->ivLen ? &der_param : NULL);
+            if (rv != SECSuccess) {
+                break;
+            }
+            dummy = SEC_ASN1EncodeItem(arena, &der_param, &pkcs5v2_param,
+                                       NSSPKCS5V2PBES2ParameterTemplate);
+            break;
+        default:
+            break;
+    }
+
+    if (dummy == NULL) {
+        goto loser;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, algid, algorithm, &der_param);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    ret_algid = (SECAlgorithmID *)PORT_ZAlloc(sizeof(SECAlgorithmID));
+    if (ret_algid == NULL) {
+        goto loser;
+    }
+
+    rv = SECOID_CopyAlgorithmID(NULL, ret_algid, algid);
+    if (rv != SECSuccess) {
+        SECOID_DestroyAlgorithmID(ret_algid, PR_TRUE);
+        ret_algid = NULL;
+    }
+
+loser:
+
+    return ret_algid;
+}
diff --git a/nss/lib/softoken/lowpbe.h b/nss/lib/softoken/lowpbe.h
new file mode 100644
index 0000000..2080138
--- /dev/null
+++ b/nss/lib/softoken/lowpbe.h
@@ -0,0 +1,107 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECPKCS5_H_
+#define _SECPKCS5_H_
+
+#include "plarena.h"
+#include "secitem.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "hasht.h"
+
+typedef SECItem *(*SEC_PKCS5GetPBEPassword)(void *arg);
+
+/* used for V2 PKCS 12 Draft Spec */
+typedef enum {
+    pbeBitGenIDNull = 0,
+    pbeBitGenCipherKey = 0x01,
+    pbeBitGenCipherIV = 0x02,
+    pbeBitGenIntegrityKey = 0x03
+} PBEBitGenID;
+
+typedef enum {
+    NSSPKCS5_PBKDF1 = 0,
+    NSSPKCS5_PBKDF2 = 1,
+    NSSPKCS5_PKCS12_V2 = 2
+} NSSPKCS5PBEType;
+
+typedef struct NSSPKCS5PBEParameterStr NSSPKCS5PBEParameter;
+
+struct NSSPKCS5PBEParameterStr {
+    PLArenaPool *poolp;
+    SECItem salt;      /* octet string */
+    SECItem iteration; /* integer */
+    SECItem keyLength; /* integer */
+
+    /* used locally */
+    int iter;
+    int keyLen;
+    int ivLen;
+    unsigned char *ivData;
+    HASH_HashType hashType;
+    NSSPKCS5PBEType pbeType;
+    SECAlgorithmID prfAlg;
+    PBEBitGenID keyID;
+    SECOidTag encAlg;
+    PRBool is2KeyDES;
+};
+
+SEC_BEGIN_PROTOS
+/* Create a PKCS5 Algorithm ID
+ * The algorithm ID is set up using the PKCS #5 parameter structure
+ *  algorithm is the PBE algorithm ID for the desired algorithm
+ *  pbe is a pbe param block with all the info needed to create the
+ *   algorithm id.
+ * If an error occurs or the algorithm specified is not supported
+ * or is not a password based encryption algorithm, NULL is returned.
+ * Otherwise, a pointer to the algorithm id is returned.
+ */
+extern SECAlgorithmID *
+nsspkcs5_CreateAlgorithmID(PLArenaPool *arena, SECOidTag algorithm,
+                           NSSPKCS5PBEParameter *pbe);
+
+/*
+ * Convert an Algorithm ID to a PBE Param.
+ * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
+ * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
+ */
+NSSPKCS5PBEParameter *
+nsspkcs5_AlgidToParam(SECAlgorithmID *algid);
+
+/*
+ * Convert an Algorithm ID to a PBE Param.
+ * NOTE: this does not suppport PKCS 5 v2 because it's only used for the
+ * keyDB which only support PKCS 5 v1, PFX, and PKCS 12.
+ */
+NSSPKCS5PBEParameter *
+nsspkcs5_NewParam(SECOidTag alg, HASH_HashType hashType, SECItem *salt,
+                  int iterationCount);
+
+/* Encrypt/Decrypt data using password based encryption.
+ *  algid is the PBE algorithm identifier,
+ *  pwitem is the password,
+ *  src is the source for encryption/decryption,
+ *  encrypt is PR_TRUE for encryption, PR_FALSE for decryption.
+ * The key and iv are generated based upon PKCS #5 then the src
+ * is either encrypted or decrypted.  If an error occurs, NULL
+ * is returned, otherwise the ciphered contents is returned.
+ */
+extern SECItem *
+nsspkcs5_CipherData(NSSPKCS5PBEParameter *, SECItem *pwitem,
+                    SECItem *src, PRBool encrypt, PRBool *update);
+
+extern SECItem *
+nsspkcs5_ComputeKeyAndIV(NSSPKCS5PBEParameter *, SECItem *pwitem,
+                         SECItem *iv, PRBool faulty3DES);
+
+/* Destroys PBE parameter */
+extern void
+nsspkcs5_DestroyPBEParameter(NSSPKCS5PBEParameter *param);
+
+HASH_HashType HASH_FromHMACOid(SECOidTag oid);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/softoken/manifest.mn b/nss/lib/softoken/manifest.mn
new file mode 100644
index 0000000..256d443
--- /dev/null
+++ b/nss/lib/softoken/manifest.mn
@@ -0,0 +1,61 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+MODULE = nss
+DIRS = legacydb
+
+LIBRARY_NAME = softokn
+LIBRARY_VERSION = 3
+MAPFILE = $(OBJDIR)/softokn.def
+
+DEFINES += -DSHLIB_SUFFIX=\"$(DLL_SUFFIX)\" -DSHLIB_PREFIX=\"$(DLL_PREFIX)\" -DSOFTOKEN_LIB_NAME=\"$(notdir $(SHARED_LIBRARY))\" -DSHLIB_VERSION=\"$(LIBRARY_VERSION)\"
+
+ifdef SQLITE_INCLUDE_DIR
+INCLUDES += -I$(SQLITE_INCLUDE_DIR)
+endif
+
+EXPORTS = \
+	lowkeyi.h \
+	lowkeyti.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	lgglue.h  \
+	pkcs11ni.h \
+	softoken.h \
+	softoknt.h \
+	softkver.h \
+	sdb.h \
+	sftkdbt.h \
+	$(NULL)
+
+CSRCS = \
+	fipsaudt.c \
+	fipstest.c \
+	fipstokn.c \
+	lgglue.c   \
+	lowkey.c   \
+	lowpbe.c   \
+	padbuf.c   \
+	pkcs11.c   \
+	pkcs11c.c  \
+	pkcs11u.c  \
+	sdb.c  \
+	sftkdb.c  \
+	sftkhmac.c  \
+	sftkpars.c  \
+	sftkpwd.c  \
+	softkver.c  \
+	tlsprf.c   \
+	jpakesftk.c \
+	$(NULL)
+
+ifdef SQLITE_UNSAFE_THREADS
+DEFINES += -DSQLITE_UNSAFE_THREADS
+endif
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/softoken/padbuf.c b/nss/lib/softoken/padbuf.c
new file mode 100644
index 0000000..6e897f2
--- /dev/null
+++ b/nss/lib/softoken/padbuf.c
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "blapit.h"
+#include "secport.h"
+#include "secerr.h"
+
+/*
+ * Prepare a buffer for any padded CBC encryption algorithm, growing to the
+ * appropriate boundary and filling with the appropriate padding.
+ * blockSize must be a power of 2.
+ *
+ * NOTE: If arena is non-NULL, we re-allocate from there, otherwise
+ * we assume (and use) XP memory (re)allocation.
+ */
+unsigned char *
+CBC_PadBuffer(PLArenaPool *arena, unsigned char *inbuf, unsigned int inlen,
+              unsigned int *outlen, int blockSize)
+{
+    unsigned char *outbuf;
+    unsigned int des_len;
+    unsigned int i;
+    unsigned char des_pad_len;
+
+    /*
+     * We need from 1 to blockSize bytes -- we *always* grow.
+     * The extra bytes contain the value of the length of the padding:
+     * if we have 2 bytes of padding, then the padding is "0x02, 0x02".
+     */
+    des_len = (inlen + blockSize) & ~(blockSize - 1);
+
+    if (arena != NULL) {
+        outbuf = (unsigned char *)PORT_ArenaGrow(arena, inbuf, inlen, des_len);
+    } else {
+        outbuf = (unsigned char *)PORT_Realloc(inbuf, des_len);
+    }
+
+    if (outbuf == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    des_pad_len = des_len - inlen;
+    for (i = inlen; i < des_len; i++)
+        outbuf[i] = des_pad_len;
+
+    *outlen = des_len;
+    return outbuf;
+}
diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c
new file mode 100644
index 0000000..1e09158
--- /dev/null
+++ b/nss/lib/softoken/pkcs11.c
@@ -0,0 +1,4936 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file implements PKCS 11 on top of our existing security modules
+ *
+ * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
+ *   This implementation has two slots:
+ *      slot 1 is our generic crypto support. It does not require login.
+ *   It supports Public Key ops, and all they bulk ciphers and hashes.
+ *   It can also support Private Key ops for imported Private keys. It does
+ *   not have any token storage.
+ *      slot 2 is our private key support. It requires a login before use. It
+ *   can store Private Keys and Certs as token objects. Currently only private
+ *   keys and their associated Certificates are saved on the token.
+ *
+ *   In this implementation, session objects are only visible to the session
+ *   that created or generated them.
+ */
+#include "seccomon.h"
+#include "secitem.h"
+#include "pkcs11.h"
+#include "pkcs11i.h"
+#include "softoken.h"
+#include "lowkeyi.h"
+#include "blapi.h"
+#include "secder.h"
+#include "secport.h"
+#include "secrng.h"
+#include "prtypes.h"
+#include "nspr.h"
+#include "softkver.h"
+#include "secoid.h"
+#include "sftkdb.h"
+#include "utilpars.h"
+#include "ec.h"
+#include "secasn1.h"
+#include "secerr.h"
+#include "lgglue.h"
+
+PRBool parentForkedAfterC_Initialize;
+
+#ifndef NO_FORK_CHECK
+
+PRBool sftkForkCheckDisabled;
+
+#if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED)
+PRBool forked = PR_FALSE;
+#endif
+
+#if defined(CHECK_FORK_GETPID) || defined(CHECK_FORK_MIXED)
+#include <unistd.h>
+pid_t myPid;
+#endif
+
+#ifdef CHECK_FORK_MIXED
+#include <sys/systeminfo.h>
+PRBool usePthread_atfork;
+#endif
+
+#endif
+
+/*
+ * ******************** Static data *******************************
+ */
+
+/* The next three strings must be exactly 32 characters long */
+static char *manufacturerID = "Mozilla Foundation              ";
+static char manufacturerID_space[33];
+static char *libraryDescription = "NSS Internal Crypto Services    ";
+static char libraryDescription_space[33];
+
+/*
+ * In FIPS mode, we disallow login attempts for 1 second after a login
+ * failure so that there are at most 60 login attempts per minute.
+ */
+static PRIntervalTime loginWaitTime;
+static PRUint32 minSessionObjectHandle = 1U;
+
+#define __PASTE(x, y) x##y
+
+/*
+ * we renamed all our internal functions, get the correct
+ * definitions for them...
+ */
+#undef CK_PKCS11_FUNCTION_INFO
+#undef CK_NEED_ARG_LIST
+
+#define CK_EXTERN extern
+#define CK_PKCS11_FUNCTION_INFO(func) \
+    CK_RV __PASTE(NS, func)
+#define CK_NEED_ARG_LIST 1
+
+#include "pkcs11f.h"
+
+/* build the crypto module table */
+static const CK_FUNCTION_LIST sftk_funcList = {
+    { 1, 10 },
+
+#undef CK_PKCS11_FUNCTION_INFO
+#undef CK_NEED_ARG_LIST
+
+#define CK_PKCS11_FUNCTION_INFO(func) \
+    __PASTE(NS, func)                 \
+    ,
+#include "pkcs11f.h"
+
+};
+
+#undef CK_PKCS11_FUNCTION_INFO
+#undef CK_NEED_ARG_LIST
+
+#undef __PASTE
+
+/* List of DES Weak Keys */
+typedef unsigned char desKey[8];
+static const desKey sftk_desWeakTable[] = {
+#ifdef noParity
+    /* weak */
+    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+    { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e },
+    { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 },
+    { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
+    /* semi-weak */
+    { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe },
+    { 0xfe, 0x00, 0xfe, 0x00, 0x00, 0xfe, 0x00, 0xfe },
+
+    { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 },
+    { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e },
+
+    { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0x0f, 0x00, 0x0f },
+    { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 },
+
+    { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe },
+    { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e },
+
+    { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e },
+    { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 },
+
+    { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe },
+    { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 },
+#else
+    /* weak */
+    { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
+    { 0x1f, 0x1f, 0x1f, 0x1f, 0x0e, 0x0e, 0x0e, 0x0e },
+    { 0xe0, 0xe0, 0xe0, 0xe0, 0xf1, 0xf1, 0xf1, 0xf1 },
+    { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe },
+
+    /* semi-weak */
+    { 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe },
+    { 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01 },
+
+    { 0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1 },
+    { 0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e },
+
+    { 0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1 },
+    { 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01 },
+
+    { 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe },
+    { 0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e },
+
+    { 0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e },
+    { 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01 },
+
+    { 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe },
+    { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1 }
+#endif
+};
+
+static const int sftk_desWeakTableSize = sizeof(sftk_desWeakTable) /
+                                         sizeof(sftk_desWeakTable[0]);
+
+/* DES KEY Parity conversion table. Takes each byte/2 as an index, returns
+ * that byte with the proper parity bit set */
+static const unsigned char parityTable[256] = {
+    /* Even...0x00,0x02,0x04,0x06,0x08,0x0a,0x0c,0x0e */
+    /* E */ 0x01, 0x02, 0x04, 0x07, 0x08, 0x0b, 0x0d, 0x0e,
+    /* Odd....0x10,0x12,0x14,0x16,0x18,0x1a,0x1c,0x1e */
+    /* O */ 0x10, 0x13, 0x15, 0x16, 0x19, 0x1a, 0x1c, 0x1f,
+    /* Odd....0x20,0x22,0x24,0x26,0x28,0x2a,0x2c,0x2e */
+    /* O */ 0x20, 0x23, 0x25, 0x26, 0x29, 0x2a, 0x2c, 0x2f,
+    /* Even...0x30,0x32,0x34,0x36,0x38,0x3a,0x3c,0x3e */
+    /* E */ 0x31, 0x32, 0x34, 0x37, 0x38, 0x3b, 0x3d, 0x3e,
+    /* Odd....0x40,0x42,0x44,0x46,0x48,0x4a,0x4c,0x4e */
+    /* O */ 0x40, 0x43, 0x45, 0x46, 0x49, 0x4a, 0x4c, 0x4f,
+    /* Even...0x50,0x52,0x54,0x56,0x58,0x5a,0x5c,0x5e */
+    /* E */ 0x51, 0x52, 0x54, 0x57, 0x58, 0x5b, 0x5d, 0x5e,
+    /* Even...0x60,0x62,0x64,0x66,0x68,0x6a,0x6c,0x6e */
+    /* E */ 0x61, 0x62, 0x64, 0x67, 0x68, 0x6b, 0x6d, 0x6e,
+    /* Odd....0x70,0x72,0x74,0x76,0x78,0x7a,0x7c,0x7e */
+    /* O */ 0x70, 0x73, 0x75, 0x76, 0x79, 0x7a, 0x7c, 0x7f,
+    /* Odd....0x80,0x82,0x84,0x86,0x88,0x8a,0x8c,0x8e */
+    /* O */ 0x80, 0x83, 0x85, 0x86, 0x89, 0x8a, 0x8c, 0x8f,
+    /* Even...0x90,0x92,0x94,0x96,0x98,0x9a,0x9c,0x9e */
+    /* E */ 0x91, 0x92, 0x94, 0x97, 0x98, 0x9b, 0x9d, 0x9e,
+    /* Even...0xa0,0xa2,0xa4,0xa6,0xa8,0xaa,0xac,0xae */
+    /* E */ 0xa1, 0xa2, 0xa4, 0xa7, 0xa8, 0xab, 0xad, 0xae,
+    /* Odd....0xb0,0xb2,0xb4,0xb6,0xb8,0xba,0xbc,0xbe */
+    /* O */ 0xb0, 0xb3, 0xb5, 0xb6, 0xb9, 0xba, 0xbc, 0xbf,
+    /* Even...0xc0,0xc2,0xc4,0xc6,0xc8,0xca,0xcc,0xce */
+    /* E */ 0xc1, 0xc2, 0xc4, 0xc7, 0xc8, 0xcb, 0xcd, 0xce,
+    /* Odd....0xd0,0xd2,0xd4,0xd6,0xd8,0xda,0xdc,0xde */
+    /* O */ 0xd0, 0xd3, 0xd5, 0xd6, 0xd9, 0xda, 0xdc, 0xdf,
+    /* Odd....0xe0,0xe2,0xe4,0xe6,0xe8,0xea,0xec,0xee */
+    /* O */ 0xe0, 0xe3, 0xe5, 0xe6, 0xe9, 0xea, 0xec, 0xef,
+    /* Even...0xf0,0xf2,0xf4,0xf6,0xf8,0xfa,0xfc,0xfe */
+    /* E */ 0xf1, 0xf2, 0xf4, 0xf7, 0xf8, 0xfb, 0xfd, 0xfe,
+};
+
+/* Mechanisms */
+struct mechanismList {
+    CK_MECHANISM_TYPE type;
+    CK_MECHANISM_INFO info;
+    PRBool privkey;
+};
+
+/*
+ * the following table includes a complete list of mechanism defined by
+ * PKCS #11 version 2.01. Those Mechanisms not supported by this PKCS #11
+ * module are ifdef'ed out.
+ */
+#define CKF_EN_DE CKF_ENCRYPT | CKF_DECRYPT
+#define CKF_WR_UN CKF_WRAP | CKF_UNWRAP
+#define CKF_SN_VR CKF_SIGN | CKF_VERIFY
+#define CKF_SN_RE CKF_SIGN_RECOVER | CKF_VERIFY_RECOVER
+
+#define CKF_EN_DE_WR_UN CKF_EN_DE | CKF_WR_UN
+#define CKF_SN_VR_RE CKF_SN_VR | CKF_SN_RE
+#define CKF_DUZ_IT_ALL CKF_EN_DE_WR_UN | CKF_SN_VR_RE
+
+#define CKF_EC_PNU CKF_EC_FP | CKF_EC_NAMEDCURVE | CKF_EC_UNCOMPRESS
+
+#define CKF_EC_BPNU CKF_EC_F_2M | CKF_EC_PNU
+
+#define CK_MAX 0xffffffff
+
+static const struct mechanismList mechanisms[] = {
+
+    /*
+      * PKCS #11 Mechanism List.
+      *
+      * The first argument is the PKCS #11 Mechanism we support.
+      * The second argument is Mechanism info structure. It includes:
+      *    The minimum key size,
+      *       in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs.
+      *       in bytes for RC5, AES, Camellia, and CAST*
+      *       ignored for DES*, IDEA and FORTEZZA based
+      *    The maximum key size,
+      *       in bits for RSA, DSA, DH, EC*, KEA, RC2 and RC4 * algs.
+      *       in bytes for RC5, AES, Camellia, and CAST*
+      *       ignored for DES*, IDEA and FORTEZZA based
+      *     Flags
+      *       What operations are supported by this mechanism.
+      *  The third argument is a bool which tells if this mechanism is
+      *    supported in the database token.
+      *
+      */
+
+    /* ------------------------- RSA Operations ---------------------------*/
+    { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_GENERATE_KEY_PAIR }, PR_TRUE },
+    { CKM_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_DUZ_IT_ALL }, PR_TRUE },
+    { CKM_RSA_PKCS_PSS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    { CKM_RSA_PKCS_OAEP, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_EN_DE_WR_UN }, PR_TRUE },
+#ifdef SFTK_RSA9796_SUPPORTED
+    { CKM_RSA_9796, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_DUZ_IT_ALL }, PR_TRUE },
+#endif
+    { CKM_RSA_X_509, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_DUZ_IT_ALL }, PR_TRUE },
+    /* -------------- RSA Multipart Signing Operations -------------------- */
+    { CKM_MD2_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    { CKM_MD5_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA1_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA224_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA256_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA384_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA512_RSA_PKCS, { RSA_MIN_MODULUS_BITS, CK_MAX, CKF_SN_VR }, PR_TRUE },
+    /* ------------------------- DSA Operations --------------------------- */
+    { CKM_DSA_KEY_PAIR_GEN, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_GENERATE_KEY_PAIR }, PR_TRUE },
+    { CKM_DSA, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
+    { CKM_DSA_PARAMETER_GEN, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_GENERATE }, PR_TRUE },
+    { CKM_DSA_SHA1, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE },
+    /* -------------------- Diffie Hellman Operations --------------------- */
+    /* no diffie hellman yet */
+    { CKM_DH_PKCS_KEY_PAIR_GEN, { DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_GENERATE_KEY_PAIR }, PR_TRUE },
+    { CKM_DH_PKCS_DERIVE, { DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_DERIVE }, PR_TRUE },
+#ifndef NSS_DISABLE_ECC
+    /* -------------------- Elliptic Curve Operations --------------------- */
+    { CKM_EC_KEY_PAIR_GEN, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_GENERATE_KEY_PAIR | CKF_EC_BPNU }, PR_TRUE },
+    { CKM_ECDH1_DERIVE, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_DERIVE | CKF_EC_BPNU }, PR_TRUE },
+    { CKM_ECDSA, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
+    { CKM_ECDSA_SHA1, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE },
+#endif /* NSS_DISABLE_ECC */
+    /* ------------------------- RC2 Operations --------------------------- */
+    { CKM_RC2_KEY_GEN, { 1, 128, CKF_GENERATE }, PR_TRUE },
+    { CKM_RC2_ECB, { 1, 128, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_RC2_CBC, { 1, 128, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_RC2_MAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_RC2_MAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_RC2_CBC_PAD, { 1, 128, CKF_EN_DE_WR_UN }, PR_TRUE },
+    /* ------------------------- RC4 Operations --------------------------- */
+    { CKM_RC4_KEY_GEN, { 1, 256, CKF_GENERATE }, PR_FALSE },
+    { CKM_RC4, { 1, 256, CKF_EN_DE_WR_UN }, PR_FALSE },
+    /* ------------------------- DES Operations --------------------------- */
+    { CKM_DES_KEY_GEN, { 8, 8, CKF_GENERATE }, PR_TRUE },
+    { CKM_DES_ECB, { 8, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_DES_CBC, { 8, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_DES_MAC, { 8, 8, CKF_SN_VR }, PR_TRUE },
+    { CKM_DES_MAC_GENERAL, { 8, 8, CKF_SN_VR }, PR_TRUE },
+    { CKM_DES_CBC_PAD, { 8, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_DES2_KEY_GEN, { 24, 24, CKF_GENERATE }, PR_TRUE },
+    { CKM_DES3_KEY_GEN, { 24, 24, CKF_GENERATE }, PR_TRUE },
+    { CKM_DES3_ECB, { 24, 24, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_DES3_CBC, { 24, 24, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_DES3_MAC, { 24, 24, CKF_SN_VR }, PR_TRUE },
+    { CKM_DES3_MAC_GENERAL, { 24, 24, CKF_SN_VR }, PR_TRUE },
+    { CKM_DES3_CBC_PAD, { 24, 24, CKF_EN_DE_WR_UN }, PR_TRUE },
+    /* ------------------------- CDMF Operations --------------------------- */
+    { CKM_CDMF_KEY_GEN, { 8, 8, CKF_GENERATE }, PR_TRUE },
+    { CKM_CDMF_ECB, { 8, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CDMF_CBC, { 8, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CDMF_MAC, { 8, 8, CKF_SN_VR }, PR_TRUE },
+    { CKM_CDMF_MAC_GENERAL, { 8, 8, CKF_SN_VR }, PR_TRUE },
+    { CKM_CDMF_CBC_PAD, { 8, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    /* ------------------------- AES Operations --------------------------- */
+    { CKM_AES_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
+    { CKM_AES_ECB, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_AES_CBC, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_AES_MAC, { 16, 32, CKF_SN_VR }, PR_TRUE },
+    { CKM_AES_MAC_GENERAL, { 16, 32, CKF_SN_VR }, PR_TRUE },
+    { CKM_AES_CBC_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_AES_CTS, { 16, 32, CKF_EN_DE }, PR_TRUE },
+    { CKM_AES_CTR, { 16, 32, CKF_EN_DE }, PR_TRUE },
+    { CKM_AES_GCM, { 16, 32, CKF_EN_DE }, PR_TRUE },
+    /* ------------------------- Camellia Operations --------------------- */
+    { CKM_CAMELLIA_KEY_GEN, { 16, 32, CKF_GENERATE }, PR_TRUE },
+    { CKM_CAMELLIA_ECB, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAMELLIA_CBC, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAMELLIA_MAC, { 16, 32, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAMELLIA_MAC_GENERAL, { 16, 32, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAMELLIA_CBC_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    /* ------------------------- SEED Operations --------------------------- */
+    { CKM_SEED_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
+    { CKM_SEED_ECB, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_SEED_CBC, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_SEED_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_SEED_MAC_GENERAL, { 16, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_SEED_CBC_PAD, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+#ifndef NSS_DISABLE_CHACHAPOLY
+    /* ------------------------- ChaCha20 Operations ---------------------- */
+    { CKM_NSS_CHACHA20_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_CHACHA20_POLY1305, { 32, 32, CKF_EN_DE }, PR_TRUE },
+#endif /* NSS_DISABLE_CHACHAPOLY */
+    /* ------------------------- Hashing Operations ----------------------- */
+    { CKM_MD2, { 0, 0, CKF_DIGEST }, PR_FALSE },
+    { CKM_MD2_HMAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_MD2_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_MD5, { 0, 0, CKF_DIGEST }, PR_FALSE },
+    { CKM_MD5_HMAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_MD5_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA_1, { 0, 0, CKF_DIGEST }, PR_FALSE },
+    { CKM_SHA_1_HMAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA_1_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA224, { 0, 0, CKF_DIGEST }, PR_FALSE },
+    { CKM_SHA224_HMAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA224_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA256, { 0, 0, CKF_DIGEST }, PR_FALSE },
+    { CKM_SHA256_HMAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA256_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA384, { 0, 0, CKF_DIGEST }, PR_FALSE },
+    { CKM_SHA384_HMAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA384_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA512, { 0, 0, CKF_DIGEST }, PR_FALSE },
+    { CKM_SHA512_HMAC, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_SHA512_HMAC_GENERAL, { 1, 128, CKF_SN_VR }, PR_TRUE },
+    { CKM_TLS_PRF_GENERAL, { 0, 512, CKF_SN_VR }, PR_FALSE },
+    { CKM_TLS_MAC, { 0, 512, CKF_SN_VR }, PR_FALSE },
+    { CKM_NSS_TLS_PRF_GENERAL_SHA256,
+      { 0, 512, CKF_SN_VR },
+      PR_FALSE },
+    /* ------------------------- HKDF Operations -------------------------- */
+    { CKM_NSS_HKDF_SHA1, { 1, 128, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_HKDF_SHA256, { 1, 128, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_HKDF_SHA384, { 1, 128, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_HKDF_SHA512, { 1, 128, CKF_DERIVE }, PR_TRUE },
+/* ------------------------- CAST Operations --------------------------- */
+#ifdef NSS_SOFTOKEN_DOES_CAST
+    /* Cast operations are not supported ( yet? ) */
+    { CKM_CAST_KEY_GEN, { 1, 8, CKF_GENERATE }, PR_TRUE },
+    { CKM_CAST_ECB, { 1, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST_CBC, { 1, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST_MAC, { 1, 8, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAST_MAC_GENERAL, { 1, 8, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAST_CBC_PAD, { 1, 8, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST3_KEY_GEN, { 1, 16, CKF_GENERATE }, PR_TRUE },
+    { CKM_CAST3_ECB, { 1, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST3_CBC, { 1, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST3_MAC, { 1, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAST3_MAC_GENERAL, { 1, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAST3_CBC_PAD, { 1, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST5_KEY_GEN, { 1, 16, CKF_GENERATE }, PR_TRUE },
+    { CKM_CAST5_ECB, { 1, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST5_CBC, { 1, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_CAST5_MAC, { 1, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAST5_MAC_GENERAL, { 1, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_CAST5_CBC_PAD, { 1, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+#endif
+#if NSS_SOFTOKEN_DOES_RC5
+    /* ------------------------- RC5 Operations --------------------------- */
+    { CKM_RC5_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
+    { CKM_RC5_ECB, { 1, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_RC5_CBC, { 1, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_RC5_MAC, { 1, 32, CKF_SN_VR }, PR_TRUE },
+    { CKM_RC5_MAC_GENERAL, { 1, 32, CKF_SN_VR }, PR_TRUE },
+    { CKM_RC5_CBC_PAD, { 1, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+#endif
+#ifdef NSS_SOFTOKEN_DOES_IDEA
+    /* ------------------------- IDEA Operations -------------------------- */
+    { CKM_IDEA_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
+    { CKM_IDEA_ECB, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_IDEA_CBC, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_IDEA_MAC, { 16, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_IDEA_MAC_GENERAL, { 16, 16, CKF_SN_VR }, PR_TRUE },
+    { CKM_IDEA_CBC_PAD, { 16, 16, CKF_EN_DE_WR_UN }, PR_TRUE },
+#endif
+    /* --------------------- Secret Key Operations ------------------------ */
+    { CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
+    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
+    /* ---------------------- SSL Key Derivations ------------------------- */
+    { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
+    { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
+    { CKM_SSL3_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
+    { CKM_SSL3_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
+    { CKM_SSL3_MD5_MAC, { 0, 16, CKF_DERIVE }, PR_FALSE },
+    { CKM_SSL3_SHA1_MAC, { 0, 20, CKF_DERIVE }, PR_FALSE },
+    { CKM_MD5_KEY_DERIVATION, { 0, 16, CKF_DERIVE }, PR_FALSE },
+    { CKM_MD2_KEY_DERIVATION, { 0, 16, CKF_DERIVE }, PR_FALSE },
+    { CKM_SHA1_KEY_DERIVATION, { 0, 20, CKF_DERIVE }, PR_FALSE },
+    { CKM_SHA224_KEY_DERIVATION, { 0, 28, CKF_DERIVE }, PR_FALSE },
+    { CKM_SHA256_KEY_DERIVATION, { 0, 32, CKF_DERIVE }, PR_FALSE },
+    { CKM_SHA384_KEY_DERIVATION, { 0, 48, CKF_DERIVE }, PR_FALSE },
+    { CKM_SHA512_KEY_DERIVATION, { 0, 64, CKF_DERIVE }, PR_FALSE },
+    { CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
+    { CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
+    { CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,
+      { 48, 48, CKF_DERIVE },
+      PR_FALSE },
+    { CKM_TLS_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
+    { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
+    { CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256,
+      { 8, 128, CKF_DERIVE },
+      PR_FALSE },
+    { CKM_TLS_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
+    { CKM_TLS12_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
+    { CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
+      { 48, 48, CKF_DERIVE },
+      PR_FALSE },
+    { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
+      { 48, 128, CKF_DERIVE },
+      PR_FALSE },
+    { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
+      { 48, 128, CKF_DERIVE },
+      PR_FALSE },
+    /* ---------------------- PBE Key Derivations  ------------------------ */
+    { CKM_PBE_MD2_DES_CBC, { 8, 8, CKF_DERIVE }, PR_TRUE },
+    { CKM_PBE_MD5_DES_CBC, { 8, 8, CKF_DERIVE }, PR_TRUE },
+    /* ------------------ NETSCAPE PBE Key Derivations  ------------------- */
+    { CKM_NETSCAPE_PBE_SHA1_DES_CBC, { 8, 8, CKF_GENERATE }, PR_TRUE },
+    { CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, { 24, 24, CKF_GENERATE }, PR_TRUE },
+    { CKM_PBE_SHA1_DES3_EDE_CBC, { 24, 24, CKF_GENERATE }, PR_TRUE },
+    { CKM_PBE_SHA1_DES2_EDE_CBC, { 24, 24, CKF_GENERATE }, PR_TRUE },
+    { CKM_PBE_SHA1_RC2_40_CBC, { 40, 40, CKF_GENERATE }, PR_TRUE },
+    { CKM_PBE_SHA1_RC2_128_CBC, { 128, 128, CKF_GENERATE }, PR_TRUE },
+    { CKM_PBE_SHA1_RC4_40, { 40, 40, CKF_GENERATE }, PR_TRUE },
+    { CKM_PBE_SHA1_RC4_128, { 128, 128, CKF_GENERATE }, PR_TRUE },
+    { CKM_PBA_SHA1_WITH_SHA1_HMAC, { 20, 20, CKF_GENERATE }, PR_TRUE },
+    { CKM_PKCS5_PBKD2, { 1, 256, CKF_GENERATE }, PR_TRUE },
+    { CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, { 20, 20, CKF_GENERATE }, PR_TRUE },
+    { CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
+    { CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 28, 28, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 64, 64, CKF_GENERATE }, PR_TRUE },
+    /* ------------------ AES Key Wrap (also encrypt)  ------------------- */
+    { CKM_NETSCAPE_AES_KEY_WRAP, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    { CKM_NETSCAPE_AES_KEY_WRAP_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
+    /* --------------------------- J-PAKE -------------------------------- */
+    { CKM_NSS_JPAKE_ROUND1_SHA1, { 0, 0, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_JPAKE_ROUND1_SHA256, { 0, 0, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_JPAKE_ROUND1_SHA384, { 0, 0, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_JPAKE_ROUND1_SHA512, { 0, 0, CKF_GENERATE }, PR_TRUE },
+    { CKM_NSS_JPAKE_ROUND2_SHA1, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_JPAKE_ROUND2_SHA256, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_JPAKE_ROUND2_SHA384, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_JPAKE_ROUND2_SHA512, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_JPAKE_FINAL_SHA1, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_JPAKE_FINAL_SHA256, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_JPAKE_FINAL_SHA384, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    { CKM_NSS_JPAKE_FINAL_SHA512, { 0, 0, CKF_DERIVE }, PR_TRUE },
+    /* -------------------- Constant Time TLS MACs ----------------------- */
+    { CKM_NSS_HMAC_CONSTANT_TIME, { 0, 0, CKF_DIGEST }, PR_TRUE },
+    { CKM_NSS_SSL3_MAC_CONSTANT_TIME, { 0, 0, CKF_DIGEST }, PR_TRUE }
+};
+static const CK_ULONG mechanismCount = sizeof(mechanisms) / sizeof(mechanisms[0]);
+
+/* sigh global so fipstokn can read it */
+PRBool nsc_init = PR_FALSE;
+
+#if defined(CHECK_FORK_PTHREAD) || defined(CHECK_FORK_MIXED)
+
+#include <pthread.h>
+
+static void
+ForkedChild(void)
+{
+    if (nsc_init || nsf_init) {
+        forked = PR_TRUE;
+    }
+}
+
+#endif
+
+static char *
+sftk_setStringName(const char *inString, char *buffer, int buffer_length, PRBool nullTerminate)
+{
+    int full_length, string_length;
+
+    full_length = nullTerminate ? buffer_length - 1 : buffer_length;
+    string_length = PORT_Strlen(inString);
+    /*
+     *  shorten the string, respecting utf8 encoding
+     *  to do so, we work backward from the end
+     *  bytes looking from the end are either:
+     *    - ascii [0x00,0x7f]
+     *    - the [2-n]th byte of a multibyte sequence
+     *        [0x3F,0xBF], i.e, most significant 2 bits are '10'
+     *    - the first byte of a multibyte sequence [0xC0,0xFD],
+     *        i.e, most significant 2 bits are '11'
+     *
+     *    When the string is too long, we lop off any trailing '10' bytes,
+     *  if any. When these are all eliminated we lop off
+     *  one additional byte. Thus if we lopped any '10'
+     *  we'll be lopping a '11' byte (the first byte of the multibyte sequence),
+     *  otherwise we're lopping off an ascii character.
+     *
+     *    To test for '10' bytes, we first AND it with
+     *  11000000 (0xc0) so that we get 10000000 (0x80) if and only if
+     *  the byte starts with 10. We test for equality.
+     */
+    while (string_length > full_length) {
+        /* need to shorten */
+        while (string_length > 0 &&
+               ((inString[string_length - 1] & (char)0xc0) == (char)0x80)) {
+            /* lop off '10' byte */
+            string_length--;
+        }
+        /*
+         * test string_length in case bad data is received
+         * and string consisted of all '10' bytes,
+         * avoiding any infinite loop
+         */
+        if (string_length) {
+            /* remove either '11' byte or an asci byte */
+            string_length--;
+        }
+    }
+    PORT_Memset(buffer, ' ', full_length);
+    if (nullTerminate) {
+        buffer[full_length] = 0;
+    }
+    PORT_Memcpy(buffer, inString, string_length);
+    return buffer;
+}
+/*
+ * Configuration utils
+ */
+static CK_RV
+sftk_configure(const char *man, const char *libdes)
+{
+
+    /* make sure the internationalization was done correctly... */
+    if (man) {
+        manufacturerID = sftk_setStringName(man, manufacturerID_space,
+                                            sizeof(manufacturerID_space), PR_TRUE);
+    }
+    if (libdes) {
+        libraryDescription = sftk_setStringName(libdes,
+                                                libraryDescription_space, sizeof(libraryDescription_space),
+                                                PR_TRUE);
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * ******************** Password Utilities *******************************
+ */
+
+/*
+ * see if the key DB password is enabled
+ */
+static PRBool
+sftk_hasNullPassword(SFTKSlot *slot, SFTKDBHandle *keydb)
+{
+    PRBool pwenabled;
+
+    pwenabled = PR_FALSE;
+    if (sftkdb_HasPasswordSet(keydb) == SECSuccess) {
+        PRBool tokenRemoved = PR_FALSE;
+        SECStatus rv = sftkdb_CheckPassword(keydb, "", &tokenRemoved);
+        if (tokenRemoved) {
+            sftk_CloseAllSessions(slot, PR_FALSE);
+        }
+        return (rv == SECSuccess);
+    }
+
+    return pwenabled;
+}
+
+/*
+ * ******************** Object Creation Utilities ***************************
+ */
+
+/* Make sure a given attribute exists. If it doesn't, initialize it to
+ * value and len
+ */
+CK_RV
+sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                      const void *value, unsigned int len)
+{
+    if (!sftk_hasAttribute(object, type)) {
+        return sftk_AddAttributeType(object, type, value, len);
+    }
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Data Object
+ */
+static CK_RV
+sftk_handleDataObject(SFTKSession *session, SFTKObject *object)
+{
+    CK_RV crv;
+
+    /* first reject private and token data objects */
+    if (sftk_isTrue(object, CKA_PRIVATE) || sftk_isTrue(object, CKA_TOKEN)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* now just verify the required date fields */
+    crv = sftk_defaultAttribute(object, CKA_APPLICATION, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_VALUE, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Certificate Object
+ */
+static CK_RV
+sftk_handleCertObject(SFTKSession *session, SFTKObject *object)
+{
+    CK_CERTIFICATE_TYPE type;
+    SFTKAttribute *attribute;
+    CK_RV crv;
+
+    /* certificates must have a type */
+    if (!sftk_hasAttribute(object, CKA_CERTIFICATE_TYPE)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    /* we can't store any certs private */
+    if (sftk_isTrue(object, CKA_PRIVATE)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* We only support X.509 Certs for now */
+    attribute = sftk_FindAttribute(object, CKA_CERTIFICATE_TYPE);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+    type = *(CK_CERTIFICATE_TYPE *)attribute->attrib.pValue;
+    sftk_FreeAttribute(attribute);
+
+    if (type != CKC_X_509) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* X.509 Certificate */
+
+    /* make sure we have a cert */
+    if (!sftk_hasAttribute(object, CKA_VALUE)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    /* in PKCS #11, Subject is a required field */
+    if (!sftk_hasAttribute(object, CKA_SUBJECT)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    /* in PKCS #11, Issuer is a required field */
+    if (!sftk_hasAttribute(object, CKA_ISSUER)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    /* in PKCS #11, Serial is a required field */
+    if (!sftk_hasAttribute(object, CKA_SERIAL_NUMBER)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    /* add it to the object */
+    object->objectInfo = NULL;
+    object->infoFree = (SFTKFree)NULL;
+
+    /* now just verify the required date fields */
+    crv = sftk_defaultAttribute(object, CKA_ID, NULL, 0);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    if (sftk_isTrue(object, CKA_TOKEN)) {
+        SFTKSlot *slot = session->slot;
+        SFTKDBHandle *certHandle = sftk_getCertDB(slot);
+
+        if (certHandle == NULL) {
+            return CKR_TOKEN_WRITE_PROTECTED;
+        }
+
+        crv = sftkdb_write(certHandle, object, &object->handle);
+        sftk_freeDB(certHandle);
+        return crv;
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Trust Object
+ */
+static CK_RV
+sftk_handleTrustObject(SFTKSession *session, SFTKObject *object)
+{
+    /* we can't store any certs private */
+    if (sftk_isTrue(object, CKA_PRIVATE)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* certificates must have a type */
+    if (!sftk_hasAttribute(object, CKA_ISSUER)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    if (!sftk_hasAttribute(object, CKA_SERIAL_NUMBER)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    if (!sftk_hasAttribute(object, CKA_CERT_SHA1_HASH)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    if (!sftk_hasAttribute(object, CKA_CERT_MD5_HASH)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    if (sftk_isTrue(object, CKA_TOKEN)) {
+        SFTKSlot *slot = session->slot;
+        SFTKDBHandle *certHandle = sftk_getCertDB(slot);
+        CK_RV crv;
+
+        if (certHandle == NULL) {
+            return CKR_TOKEN_WRITE_PROTECTED;
+        }
+
+        crv = sftkdb_write(certHandle, object, &object->handle);
+        sftk_freeDB(certHandle);
+        return crv;
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Trust Object
+ */
+static CK_RV
+sftk_handleSMimeObject(SFTKSession *session, SFTKObject *object)
+{
+
+    /* we can't store any certs private */
+    if (sftk_isTrue(object, CKA_PRIVATE)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* certificates must have a type */
+    if (!sftk_hasAttribute(object, CKA_SUBJECT)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    if (!sftk_hasAttribute(object, CKA_NETSCAPE_EMAIL)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    if (sftk_isTrue(object, CKA_TOKEN)) {
+        SFTKSlot *slot = session->slot;
+        SFTKDBHandle *certHandle;
+        CK_RV crv;
+
+        PORT_Assert(slot);
+        if (slot == NULL) {
+            return CKR_SESSION_HANDLE_INVALID;
+        }
+
+        certHandle = sftk_getCertDB(slot);
+        if (certHandle == NULL) {
+            return CKR_TOKEN_WRITE_PROTECTED;
+        }
+
+        crv = sftkdb_write(certHandle, object, &object->handle);
+        sftk_freeDB(certHandle);
+        return crv;
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Trust Object
+ */
+static CK_RV
+sftk_handleCrlObject(SFTKSession *session, SFTKObject *object)
+{
+
+    /* we can't store any certs private */
+    if (sftk_isTrue(object, CKA_PRIVATE)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* certificates must have a type */
+    if (!sftk_hasAttribute(object, CKA_SUBJECT)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    if (!sftk_hasAttribute(object, CKA_VALUE)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    if (sftk_isTrue(object, CKA_TOKEN)) {
+        SFTKSlot *slot = session->slot;
+        SFTKDBHandle *certHandle = sftk_getCertDB(slot);
+        CK_RV crv;
+
+        if (certHandle == NULL) {
+            return CKR_TOKEN_WRITE_PROTECTED;
+        }
+
+        crv = sftkdb_write(certHandle, object, &object->handle);
+        sftk_freeDB(certHandle);
+        return crv;
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * check the consistancy and initialize a Public Key Object
+ */
+static CK_RV
+sftk_handlePublicKeyObject(SFTKSession *session, SFTKObject *object,
+                           CK_KEY_TYPE key_type)
+{
+    CK_BBOOL encrypt = CK_TRUE;
+    CK_BBOOL recover = CK_TRUE;
+    CK_BBOOL wrap = CK_TRUE;
+    CK_BBOOL derive = CK_FALSE;
+    CK_BBOOL verify = CK_TRUE;
+    CK_RV crv;
+
+    switch (key_type) {
+        case CKK_RSA:
+            crv = sftk_ConstrainAttribute(object, CKA_MODULUS,
+                                          RSA_MIN_MODULUS_BITS, 0, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            crv = sftk_ConstrainAttribute(object, CKA_PUBLIC_EXPONENT, 2, 0, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            break;
+        case CKK_DSA:
+            crv = sftk_ConstrainAttribute(object, CKA_SUBPRIME,
+                                          DSA_MIN_Q_BITS, DSA_MAX_Q_BITS, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            crv = sftk_ConstrainAttribute(object, CKA_PRIME,
+                                          DSA_MIN_P_BITS, DSA_MAX_P_BITS, 64);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            crv = sftk_ConstrainAttribute(object, CKA_BASE, 2, DSA_MAX_P_BITS, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            crv = sftk_ConstrainAttribute(object, CKA_VALUE, 2, DSA_MAX_P_BITS, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            encrypt = CK_FALSE;
+            recover = CK_FALSE;
+            wrap = CK_FALSE;
+            break;
+        case CKK_DH:
+            crv = sftk_ConstrainAttribute(object, CKA_PRIME,
+                                          DH_MIN_P_BITS, DH_MAX_P_BITS, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            crv = sftk_ConstrainAttribute(object, CKA_BASE, 2, DH_MAX_P_BITS, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            crv = sftk_ConstrainAttribute(object, CKA_VALUE, 2, DH_MAX_P_BITS, 0);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+            verify = CK_FALSE;
+            derive = CK_TRUE;
+            encrypt = CK_FALSE;
+            recover = CK_FALSE;
+            wrap = CK_FALSE;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            if (!sftk_hasAttribute(object, CKA_EC_PARAMS)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            if (!sftk_hasAttribute(object, CKA_EC_POINT)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            derive = CK_TRUE; /* for ECDH */
+            verify = CK_TRUE; /* for ECDSA */
+            encrypt = CK_FALSE;
+            recover = CK_FALSE;
+            wrap = CK_FALSE;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    /* make sure the required fields exist */
+    crv = sftk_defaultAttribute(object, CKA_SUBJECT, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_ENCRYPT, &encrypt, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_VERIFY, &verify, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_VERIFY_RECOVER,
+                                &recover, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_WRAP, &wrap, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_DERIVE, &derive, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+
+    object->objectInfo = sftk_GetPubKey(object, key_type, &crv);
+    if (object->objectInfo == NULL) {
+        return crv;
+    }
+    object->infoFree = (SFTKFree)nsslowkey_DestroyPublicKey;
+
+    /* Check that an imported EC key is valid */
+    if (key_type == CKK_EC) {
+        NSSLOWKEYPublicKey *pubKey = (NSSLOWKEYPublicKey *)object->objectInfo;
+        SECStatus rv = EC_ValidatePublicKey(&pubKey->u.ec.ecParams,
+                                            &pubKey->u.ec.publicValue);
+
+        if (rv != SECSuccess) {
+            return CKR_TEMPLATE_INCONSISTENT;
+        }
+    }
+
+    if (sftk_isTrue(object, CKA_TOKEN)) {
+        SFTKSlot *slot = session->slot;
+        SFTKDBHandle *certHandle = sftk_getCertDB(slot);
+
+        if (certHandle == NULL) {
+            return CKR_TOKEN_WRITE_PROTECTED;
+        }
+
+        crv = sftkdb_write(certHandle, object, &object->handle);
+        sftk_freeDB(certHandle);
+        return crv;
+    }
+
+    return CKR_OK;
+}
+
+static NSSLOWKEYPrivateKey *
+sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key, CK_RV *rvp);
+
+static SECStatus
+sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded);
+
+/*
+ * check the consistancy and initialize a Private Key Object
+ */
+static CK_RV
+sftk_handlePrivateKeyObject(SFTKSession *session, SFTKObject *object, CK_KEY_TYPE key_type)
+{
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL encrypt = CK_TRUE;
+    CK_BBOOL sign = CK_FALSE;
+    CK_BBOOL recover = CK_TRUE;
+    CK_BBOOL wrap = CK_TRUE;
+    CK_BBOOL derive = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    PRBool createObjectInfo = PR_TRUE;
+    PRBool fillPrivateKey = PR_FALSE;
+    int missing_rsa_mod_component = 0;
+    int missing_rsa_exp_component = 0;
+    int missing_rsa_crt_component = 0;
+
+    SECItem mod;
+    CK_RV crv;
+    SECStatus rv;
+
+    switch (key_type) {
+        case CKK_RSA:
+            if (!sftk_hasAttribute(object, CKA_MODULUS)) {
+                missing_rsa_mod_component++;
+            }
+            if (!sftk_hasAttribute(object, CKA_PUBLIC_EXPONENT)) {
+                missing_rsa_exp_component++;
+            }
+            if (!sftk_hasAttribute(object, CKA_PRIVATE_EXPONENT)) {
+                missing_rsa_exp_component++;
+            }
+            if (!sftk_hasAttribute(object, CKA_PRIME_1)) {
+                missing_rsa_mod_component++;
+            }
+            if (!sftk_hasAttribute(object, CKA_PRIME_2)) {
+                missing_rsa_mod_component++;
+            }
+            if (!sftk_hasAttribute(object, CKA_EXPONENT_1)) {
+                missing_rsa_crt_component++;
+            }
+            if (!sftk_hasAttribute(object, CKA_EXPONENT_2)) {
+                missing_rsa_crt_component++;
+            }
+            if (!sftk_hasAttribute(object, CKA_COEFFICIENT)) {
+                missing_rsa_crt_component++;
+            }
+            if (missing_rsa_mod_component || missing_rsa_exp_component ||
+                missing_rsa_crt_component) {
+                /* we are missing a component, see if we have enough to rebuild
+                 * the rest */
+                int have_exp = 2 - missing_rsa_exp_component;
+                int have_component = 5 -
+                                     (missing_rsa_exp_component + missing_rsa_mod_component);
+
+                if ((have_exp == 0) || (have_component < 3)) {
+                    /* nope, not enough to reconstruct the private key */
+                    return CKR_TEMPLATE_INCOMPLETE;
+                }
+                fillPrivateKey = PR_TRUE;
+            }
+            /*verify the parameters for consistency*/
+            rv = sftk_verifyRSAPrivateKey(object, fillPrivateKey);
+            if (rv != SECSuccess) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+
+            /* make sure Netscape DB attribute is set correctly */
+            crv = sftk_Attribute2SSecItem(NULL, &mod, object, CKA_MODULUS);
+            if (crv != CKR_OK)
+                return crv;
+            crv = sftk_forceAttribute(object, CKA_NETSCAPE_DB,
+                                      sftk_item_expand(&mod));
+            if (mod.data)
+                PORT_Free(mod.data);
+            if (crv != CKR_OK)
+                return crv;
+
+            sign = CK_TRUE;
+            derive = CK_FALSE;
+            break;
+        case CKK_DSA:
+            if (!sftk_hasAttribute(object, CKA_SUBPRIME)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            sign = CK_TRUE;
+            derive = CK_FALSE;
+        /* fall through */
+        case CKK_DH:
+            if (!sftk_hasAttribute(object, CKA_PRIME)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            if (!sftk_hasAttribute(object, CKA_BASE)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            if (!sftk_hasAttribute(object, CKA_VALUE)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            encrypt = CK_FALSE;
+            recover = CK_FALSE;
+            wrap = CK_FALSE;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            if (!sftk_hasAttribute(object, CKA_EC_PARAMS)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            if (!sftk_hasAttribute(object, CKA_VALUE)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            encrypt = CK_FALSE;
+            sign = CK_TRUE;
+            recover = CK_FALSE;
+            wrap = CK_FALSE;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        case CKK_NSS_JPAKE_ROUND1:
+            if (!sftk_hasAttribute(object, CKA_PRIME) ||
+                !sftk_hasAttribute(object, CKA_SUBPRIME) ||
+                !sftk_hasAttribute(object, CKA_BASE)) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+        /* fall through */
+        case CKK_NSS_JPAKE_ROUND2:
+            /* CKA_NSS_JPAKE_SIGNERID and CKA_NSS_JPAKE_PEERID are checked in
+               the J-PAKE code. */
+            encrypt = sign = recover = wrap = CK_FALSE;
+            derive = CK_TRUE;
+            createObjectInfo = PR_FALSE;
+            break;
+        default:
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    crv = sftk_defaultAttribute(object, CKA_SUBJECT, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_SENSITIVE, &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_EXTRACTABLE, &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_DECRYPT, &encrypt, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_SIGN, &sign, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_SIGN_RECOVER, &recover,
+                                sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_UNWRAP, &wrap, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_DERIVE, &derive, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    /* the next two bits get modified only in the key gen and token cases */
+    crv = sftk_forceAttribute(object, CKA_ALWAYS_SENSITIVE,
+                              &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_forceAttribute(object, CKA_NEVER_EXTRACTABLE,
+                              &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+
+    /* should we check the non-token RSA private keys? */
+
+    if (sftk_isTrue(object, CKA_TOKEN)) {
+        SFTKSlot *slot = session->slot;
+        SFTKDBHandle *keyHandle = sftk_getKeyDB(slot);
+
+        if (keyHandle == NULL) {
+            return CKR_TOKEN_WRITE_PROTECTED;
+        }
+
+        crv = sftkdb_write(keyHandle, object, &object->handle);
+        sftk_freeDB(keyHandle);
+        return crv;
+    } else if (createObjectInfo) {
+        object->objectInfo = sftk_mkPrivKey(object, key_type, &crv);
+        if (object->objectInfo == NULL)
+            return crv;
+        object->infoFree = (SFTKFree)nsslowkey_DestroyPrivateKey;
+    }
+    return CKR_OK;
+}
+
+/* forward declare the DES formating function for handleSecretKey */
+void sftk_FormatDESKey(unsigned char *key, int length);
+
+/* Validate secret key data, and set defaults */
+static CK_RV
+validateSecretKey(SFTKSession *session, SFTKObject *object,
+                  CK_KEY_TYPE key_type, PRBool isFIPS)
+{
+    CK_RV crv;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    SFTKAttribute *attribute = NULL;
+    unsigned long requiredLen;
+
+    crv = sftk_defaultAttribute(object, CKA_SENSITIVE,
+                                isFIPS ? &cktrue : &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_EXTRACTABLE,
+                                &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_ENCRYPT, &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_DECRYPT, &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_SIGN, &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_VERIFY, &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_WRAP, &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_UNWRAP, &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+
+    if (!sftk_hasAttribute(object, CKA_VALUE)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    /* the next two bits get modified only in the key gen and token cases */
+    crv = sftk_forceAttribute(object, CKA_ALWAYS_SENSITIVE,
+                              &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_forceAttribute(object, CKA_NEVER_EXTRACTABLE,
+                              &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+
+    /* some types of keys have a value length */
+    crv = CKR_OK;
+    switch (key_type) {
+        /* force CKA_VALUE_LEN to be set */
+        case CKK_GENERIC_SECRET:
+        case CKK_RC2:
+        case CKK_RC4:
+#if NSS_SOFTOKEN_DOES_RC5
+        case CKK_RC5:
+#endif
+#ifdef NSS_SOFTOKEN_DOES_CAST
+        case CKK_CAST:
+        case CKK_CAST3:
+        case CKK_CAST5:
+#endif
+#if NSS_SOFTOKEN_DOES_IDEA
+        case CKK_IDEA:
+#endif
+            attribute = sftk_FindAttribute(object, CKA_VALUE);
+            /* shouldn't happen */
+            if (attribute == NULL)
+                return CKR_TEMPLATE_INCOMPLETE;
+            crv = sftk_forceAttribute(object, CKA_VALUE_LEN,
+                                      &attribute->attrib.ulValueLen, sizeof(CK_ULONG));
+            sftk_FreeAttribute(attribute);
+            break;
+        /* force the value to have the correct parity */
+        case CKK_DES:
+        case CKK_DES2:
+        case CKK_DES3:
+        case CKK_CDMF:
+            attribute = sftk_FindAttribute(object, CKA_VALUE);
+            /* shouldn't happen */
+            if (attribute == NULL)
+                return CKR_TEMPLATE_INCOMPLETE;
+            requiredLen = sftk_MapKeySize(key_type);
+            if (attribute->attrib.ulValueLen != requiredLen) {
+                sftk_FreeAttribute(attribute);
+                return CKR_KEY_SIZE_RANGE;
+            }
+            sftk_FormatDESKey((unsigned char *)attribute->attrib.pValue,
+                              attribute->attrib.ulValueLen);
+            sftk_FreeAttribute(attribute);
+            break;
+        case CKK_AES:
+            attribute = sftk_FindAttribute(object, CKA_VALUE);
+            /* shouldn't happen */
+            if (attribute == NULL)
+                return CKR_TEMPLATE_INCOMPLETE;
+            if (attribute->attrib.ulValueLen != 16 &&
+                attribute->attrib.ulValueLen != 24 &&
+                attribute->attrib.ulValueLen != 32) {
+                sftk_FreeAttribute(attribute);
+                return CKR_KEY_SIZE_RANGE;
+            }
+            crv = sftk_forceAttribute(object, CKA_VALUE_LEN,
+                                      &attribute->attrib.ulValueLen, sizeof(CK_ULONG));
+            sftk_FreeAttribute(attribute);
+            break;
+        default:
+            break;
+    }
+
+    return crv;
+}
+
+/*
+ * check the consistancy and initialize a Secret Key Object
+ */
+static CK_RV
+sftk_handleSecretKeyObject(SFTKSession *session, SFTKObject *object,
+                           CK_KEY_TYPE key_type, PRBool isFIPS)
+{
+    CK_RV crv;
+
+    /* First validate and set defaults */
+    crv = validateSecretKey(session, object, key_type, isFIPS);
+    if (crv != CKR_OK)
+        goto loser;
+
+    /* If the object is a TOKEN object, store in the database */
+    if (sftk_isTrue(object, CKA_TOKEN)) {
+        SFTKSlot *slot = session->slot;
+        SFTKDBHandle *keyHandle = sftk_getKeyDB(slot);
+        CK_RV crv;
+
+        if (keyHandle == NULL) {
+            return CKR_TOKEN_WRITE_PROTECTED;
+        }
+
+        crv = sftkdb_write(keyHandle, object, &object->handle);
+        sftk_freeDB(keyHandle);
+        return crv;
+    }
+
+loser:
+
+    return crv;
+}
+
+/*
+ * check the consistancy and initialize a Key Object
+ */
+static CK_RV
+sftk_handleKeyObject(SFTKSession *session, SFTKObject *object)
+{
+    SFTKAttribute *attribute;
+    CK_KEY_TYPE key_type;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_RV crv;
+
+    /* verify the required fields */
+    if (!sftk_hasAttribute(object, CKA_KEY_TYPE)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    /* now verify the common fields */
+    crv = sftk_defaultAttribute(object, CKA_ID, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_START_DATE, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_END_DATE, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+    /* CKA_DERIVE is common to all keys, but it's default value is
+     * key dependent */
+    crv = sftk_defaultAttribute(object, CKA_LOCAL, &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+
+    /* get the key type */
+    attribute = sftk_FindAttribute(object, CKA_KEY_TYPE);
+    if (!attribute) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
+    sftk_FreeAttribute(attribute);
+
+    switch (object->objclass) {
+        case CKO_PUBLIC_KEY:
+            return sftk_handlePublicKeyObject(session, object, key_type);
+        case CKO_PRIVATE_KEY:
+            return sftk_handlePrivateKeyObject(session, object, key_type);
+        case CKO_SECRET_KEY:
+            /* make sure the required fields exist */
+            return sftk_handleSecretKeyObject(session, object, key_type,
+                                              (PRBool)(session->slot->slotID == FIPS_SLOT_ID));
+        default:
+            break;
+    }
+    return CKR_ATTRIBUTE_VALUE_INVALID;
+}
+
+/*
+ * check the consistancy and Verify a DSA Parameter Object
+ */
+static CK_RV
+sftk_handleDSAParameterObject(SFTKSession *session, SFTKObject *object)
+{
+    SFTKAttribute *primeAttr = NULL;
+    SFTKAttribute *subPrimeAttr = NULL;
+    SFTKAttribute *baseAttr = NULL;
+    SFTKAttribute *seedAttr = NULL;
+    SFTKAttribute *hAttr = NULL;
+    SFTKAttribute *attribute;
+    CK_RV crv = CKR_TEMPLATE_INCOMPLETE;
+    PQGParams params;
+    PQGVerify vfy, *verify = NULL;
+    SECStatus result, rv;
+    /* This bool keeps track of whether or not we need verify parameters.
+     * If a P, Q and G or supplied, we dont' need verify parameters, as we
+     * have PQ and G.
+     *   - If G is not supplied, the presumption is that we want to
+     * verify P and Q only.
+     *   - If counter is supplied, it is presumed we want to verify PQ because
+     * the counter is only used in verification.
+     *   - If H is supplied, is is presumed we want to verify G because H is
+     * only used to verify G.
+     *   - Any verification step must have the SEED (counter or H could be
+     * missing depending on exactly what we want to verify). If SEED is supplied,
+     * the code just goes ahead and runs verify (other errors are parameter
+     * errors are detected by the PQG_VerifyParams function). If SEED is not
+     * supplied, but we determined that we are trying to verify (because needVfy
+     * is set, go ahead and return CKR_TEMPLATE_INCOMPLETE.
+     */
+    PRBool needVfy = PR_FALSE;
+
+    primeAttr = sftk_FindAttribute(object, CKA_PRIME);
+    if (primeAttr == NULL)
+        goto loser;
+    params.prime.data = primeAttr->attrib.pValue;
+    params.prime.len = primeAttr->attrib.ulValueLen;
+
+    subPrimeAttr = sftk_FindAttribute(object, CKA_SUBPRIME);
+    if (subPrimeAttr == NULL)
+        goto loser;
+    params.subPrime.data = subPrimeAttr->attrib.pValue;
+    params.subPrime.len = subPrimeAttr->attrib.ulValueLen;
+
+    baseAttr = sftk_FindAttribute(object, CKA_BASE);
+    if (baseAttr != NULL) {
+        params.base.data = baseAttr->attrib.pValue;
+        params.base.len = baseAttr->attrib.ulValueLen;
+    } else {
+        params.base.data = NULL;
+        params.base.len = 0;
+        needVfy = PR_TRUE; /* presumably only including PQ so we can verify
+                            * them. */
+    }
+
+    attribute = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_COUNTER);
+    if (attribute != NULL) {
+        vfy.counter = *(CK_ULONG *)attribute->attrib.pValue;
+        sftk_FreeAttribute(attribute);
+        needVfy = PR_TRUE; /* included a count so we can verify PQ */
+    } else {
+        vfy.counter = -1;
+    }
+
+    hAttr = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_H);
+    if (hAttr != NULL) {
+        vfy.h.data = hAttr->attrib.pValue;
+        vfy.h.len = hAttr->attrib.ulValueLen;
+        needVfy = PR_TRUE; /* included H so we can verify G */
+    } else {
+        vfy.h.data = NULL;
+        vfy.h.len = 0;
+    }
+    seedAttr = sftk_FindAttribute(object, CKA_NETSCAPE_PQG_SEED);
+    if (seedAttr != NULL) {
+        vfy.seed.data = seedAttr->attrib.pValue;
+        vfy.seed.len = seedAttr->attrib.ulValueLen;
+
+        verify = &vfy;
+    } else if (needVfy) {
+        goto loser; /* Verify always needs seed, if we need verify and not seed
+                     * then fail */
+    }
+
+    crv = CKR_FUNCTION_FAILED;
+    rv = PQG_VerifyParams(&params, verify, &result);
+    if (rv == SECSuccess) {
+        crv = (result == SECSuccess) ? CKR_OK : CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+loser:
+    if (hAttr)
+        sftk_FreeAttribute(hAttr);
+    if (seedAttr)
+        sftk_FreeAttribute(seedAttr);
+    if (baseAttr)
+        sftk_FreeAttribute(baseAttr);
+    if (subPrimeAttr)
+        sftk_FreeAttribute(subPrimeAttr);
+    if (primeAttr)
+        sftk_FreeAttribute(primeAttr);
+
+    return crv;
+}
+
+/*
+ * check the consistancy and initialize a Key Parameter Object
+ */
+static CK_RV
+sftk_handleKeyParameterObject(SFTKSession *session, SFTKObject *object)
+{
+    SFTKAttribute *attribute;
+    CK_KEY_TYPE key_type;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_RV crv;
+
+    /* verify the required fields */
+    if (!sftk_hasAttribute(object, CKA_KEY_TYPE)) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+
+    /* now verify the common fields */
+    crv = sftk_defaultAttribute(object, CKA_LOCAL, &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+
+    /* get the key type */
+    attribute = sftk_FindAttribute(object, CKA_KEY_TYPE);
+    if (!attribute) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
+    sftk_FreeAttribute(attribute);
+
+    switch (key_type) {
+        case CKK_DSA:
+            return sftk_handleDSAParameterObject(session, object);
+
+        default:
+            break;
+    }
+    return CKR_KEY_TYPE_INCONSISTENT;
+}
+
+/*
+ * Handle Object does all the object consistancy checks, automatic attribute
+ * generation, attribute defaulting, etc. If handleObject succeeds, the object
+ * will be assigned an object handle, and the object installed in the session
+ * or stored in the DB.
+ */
+CK_RV
+sftk_handleObject(SFTKObject *object, SFTKSession *session)
+{
+    SFTKSlot *slot = session->slot;
+    SFTKAttribute *attribute;
+    SFTKObject *duplicateObject = NULL;
+    CK_OBJECT_HANDLE handle;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_RV crv;
+
+    /* make sure all the base object types are defined. If not set the
+     * defaults */
+    crv = sftk_defaultAttribute(object, CKA_TOKEN, &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_PRIVATE, &ckfalse, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_LABEL, NULL, 0);
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_defaultAttribute(object, CKA_MODIFIABLE, &cktrue, sizeof(CK_BBOOL));
+    if (crv != CKR_OK)
+        return crv;
+
+    /* don't create a private object if we aren't logged in */
+    if ((!slot->isLoggedIn) && (slot->needLogin) &&
+        (sftk_isTrue(object, CKA_PRIVATE))) {
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+
+    if (((session->info.flags & CKF_RW_SESSION) == 0) &&
+        (sftk_isTrue(object, CKA_TOKEN))) {
+        return CKR_SESSION_READ_ONLY;
+    }
+
+    /* Assign a unique SESSION object handle to every new object,
+     * whether it is a session object or a token object.
+     * At this point, all new objects are structured as session objects.
+     * Objects with the CKA_TOKEN attribute true will be turned into
+     * token objects and will have a token object handle assigned to
+     * them by a call to sftk_mkHandle in the handler for each object
+     * class, invoked below.
+     *
+     * It may be helpful to note/remember that
+     * sftk_narrowToXxxObject uses sftk_isToken,
+     * sftk_isToken examines the sign bit of the object's handle, but
+     * sftk_isTrue(...,CKA_TOKEN) examines the CKA_TOKEN attribute.
+     */
+    do {
+        PRUint32 wrappedAround;
+
+        duplicateObject = NULL;
+        PZ_Lock(slot->objectLock);
+        wrappedAround = slot->sessionObjectHandleCount & SFTK_TOKEN_MASK;
+        handle = slot->sessionObjectHandleCount & ~SFTK_TOKEN_MASK;
+        if (!handle) /* don't allow zero handle */
+            handle = minSessionObjectHandle;
+        slot->sessionObjectHandleCount = (handle + 1U) | wrappedAround;
+        /* Is there already a session object with this handle? */
+        if (wrappedAround) {
+            sftkqueue_find(duplicateObject, handle, slot->sessObjHashTable,
+                           slot->sessObjHashSize);
+        }
+        PZ_Unlock(slot->objectLock);
+    } while (duplicateObject != NULL);
+    object->handle = handle;
+
+    /* get the object class */
+    attribute = sftk_FindAttribute(object, CKA_CLASS);
+    if (attribute == NULL) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    object->objclass = *(CK_OBJECT_CLASS *)attribute->attrib.pValue;
+    sftk_FreeAttribute(attribute);
+
+    /* Now handle the specific object class.
+     * At this point, all objects are session objects, and the session
+     * number must be passed to the object class handlers.
+     */
+    switch (object->objclass) {
+        case CKO_DATA:
+            crv = sftk_handleDataObject(session, object);
+            break;
+        case CKO_CERTIFICATE:
+            crv = sftk_handleCertObject(session, object);
+            break;
+        case CKO_NETSCAPE_TRUST:
+            crv = sftk_handleTrustObject(session, object);
+            break;
+        case CKO_NETSCAPE_CRL:
+            crv = sftk_handleCrlObject(session, object);
+            break;
+        case CKO_NETSCAPE_SMIME:
+            crv = sftk_handleSMimeObject(session, object);
+            break;
+        case CKO_PRIVATE_KEY:
+        case CKO_PUBLIC_KEY:
+        case CKO_SECRET_KEY:
+            crv = sftk_handleKeyObject(session, object);
+            break;
+        case CKO_KG_PARAMETERS:
+            crv = sftk_handleKeyParameterObject(session, object);
+            break;
+        default:
+            crv = CKR_ATTRIBUTE_VALUE_INVALID;
+            break;
+    }
+
+    /* can't fail from here on out unless the pk_handlXXX functions have
+     * failed the request */
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    /* Now link the object into the slot and session structures.
+     * If the object has a true CKA_TOKEN attribute, the above object
+     * class handlers will have set the sign bit in the object handle,
+     * causing the following test to be true.
+     */
+    if (sftk_isToken(object->handle)) {
+        sftk_convertSessionToToken(object);
+    } else {
+        object->slot = slot;
+        sftk_AddObject(session, object);
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * ******************** Public Key Utilities ***************************
+ */
+/* Generate a low public key structure from an object */
+NSSLOWKEYPublicKey *
+sftk_GetPubKey(SFTKObject *object, CK_KEY_TYPE key_type,
+               CK_RV *crvp)
+{
+    NSSLOWKEYPublicKey *pubKey;
+    PLArenaPool *arena;
+    CK_RV crv;
+
+    if (object->objclass != CKO_PUBLIC_KEY) {
+        *crvp = CKR_KEY_TYPE_INCONSISTENT;
+        return NULL;
+    }
+
+    if (sftk_isToken(object->handle)) {
+        /* ferret out the token object handle */
+    }
+
+    /* If we already have a key, use it */
+    if (object->objectInfo) {
+        *crvp = CKR_OK;
+        return (NSSLOWKEYPublicKey *)object->objectInfo;
+    }
+
+    /* allocate the structure */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        *crvp = CKR_HOST_MEMORY;
+        return NULL;
+    }
+
+    pubKey = (NSSLOWKEYPublicKey *)
+        PORT_ArenaAlloc(arena, sizeof(NSSLOWKEYPublicKey));
+    if (pubKey == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        *crvp = CKR_HOST_MEMORY;
+        return NULL;
+    }
+
+    /* fill in the structure */
+    pubKey->arena = arena;
+    switch (key_type) {
+        case CKK_RSA:
+            pubKey->keyType = NSSLOWKEYRSAKey;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.rsa.modulus,
+                                          object, CKA_MODULUS);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.rsa.publicExponent,
+                                          object, CKA_PUBLIC_EXPONENT);
+            break;
+        case CKK_DSA:
+            pubKey->keyType = NSSLOWKEYDSAKey;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dsa.params.prime,
+                                          object, CKA_PRIME);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dsa.params.subPrime,
+                                          object, CKA_SUBPRIME);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dsa.params.base,
+                                          object, CKA_BASE);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dsa.publicValue,
+                                          object, CKA_VALUE);
+            break;
+        case CKK_DH:
+            pubKey->keyType = NSSLOWKEYDHKey;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dh.prime,
+                                          object, CKA_PRIME);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dh.base,
+                                          object, CKA_BASE);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.dh.publicValue,
+                                          object, CKA_VALUE);
+            break;
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            pubKey->keyType = NSSLOWKEYECKey;
+            crv = sftk_Attribute2SSecItem(arena,
+                                          &pubKey->u.ec.ecParams.DEREncoding,
+                                          object, CKA_EC_PARAMS);
+            if (crv != CKR_OK)
+                break;
+
+            /* Fill out the rest of the ecParams structure
+             * based on the encoded params
+             */
+            if (EC_FillParams(arena, &pubKey->u.ec.ecParams.DEREncoding,
+                              &pubKey->u.ec.ecParams) != SECSuccess) {
+                crv = CKR_DOMAIN_PARAMS_INVALID;
+                break;
+            }
+
+            crv = sftk_Attribute2SSecItem(arena, &pubKey->u.ec.publicValue,
+                                          object, CKA_EC_POINT);
+            if (crv == CKR_OK) {
+                unsigned int keyLen = EC_GetPointSize(&pubKey->u.ec.ecParams);
+
+                /* special note: We can't just use the first byte to distinguish
+                 * between EC_POINT_FORM_UNCOMPRESSED and SEC_ASN1_OCTET_STRING.
+                 * Both are 0x04. */
+
+                /* Handle the non-DER encoded case.
+                 * Some curves are always pressumed to be non-DER.
+                 */
+                if (pubKey->u.ec.publicValue.len == keyLen &&
+                    (pubKey->u.ec.ecParams.fieldID.type == ec_field_plain ||
+                     pubKey->u.ec.publicValue.data[0] == EC_POINT_FORM_UNCOMPRESSED)) {
+                    break; /* key was not DER encoded, no need to unwrap */
+                }
+
+                PORT_Assert(pubKey->u.ec.ecParams.name != ECCurve25519);
+
+                /* handle the encoded case */
+                if ((pubKey->u.ec.publicValue.data[0] == SEC_ASN1_OCTET_STRING) &&
+                    pubKey->u.ec.publicValue.len > keyLen) {
+                    SECItem publicValue;
+                    SECStatus rv;
+
+                    rv = SEC_QuickDERDecodeItem(arena, &publicValue,
+                                                SEC_ASN1_GET(SEC_OctetStringTemplate),
+                                                &pubKey->u.ec.publicValue);
+                    /* nope, didn't decode correctly */
+                    if ((rv != SECSuccess) || (publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) || (publicValue.len != keyLen)) {
+                        crv = CKR_ATTRIBUTE_VALUE_INVALID;
+                        break;
+                    }
+                    /* replace our previous with the decoded key */
+                    pubKey->u.ec.publicValue = publicValue;
+                    break;
+                }
+                crv = CKR_ATTRIBUTE_VALUE_INVALID;
+            }
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            crv = CKR_KEY_TYPE_INCONSISTENT;
+            break;
+    }
+    *crvp = crv;
+    if (crv != CKR_OK) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    object->objectInfo = pubKey;
+    object->infoFree = (SFTKFree)nsslowkey_DestroyPublicKey;
+    return pubKey;
+}
+
+/* make a private key from a verified object */
+static NSSLOWKEYPrivateKey *
+sftk_mkPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
+{
+    NSSLOWKEYPrivateKey *privKey;
+    SFTKItemTemplate itemTemplate[SFTK_MAX_ITEM_TEMPLATE];
+    int itemTemplateCount = 0;
+    PLArenaPool *arena;
+    CK_RV crv = CKR_OK;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        *crvp = CKR_HOST_MEMORY;
+        return NULL;
+    }
+
+    privKey = (NSSLOWKEYPrivateKey *)
+        PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYPrivateKey));
+    if (privKey == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        *crvp = CKR_HOST_MEMORY;
+        return NULL;
+    }
+
+    /* in future this would be a switch on key_type */
+    privKey->arena = arena;
+    switch (key_type) {
+        case CKK_RSA:
+            privKey->keyType = NSSLOWKEYRSAKey;
+
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.modulus, CKA_MODULUS);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.publicExponent, CKA_PUBLIC_EXPONENT);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.privateExponent, CKA_PRIVATE_EXPONENT);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.prime1, CKA_PRIME_1);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.prime2, CKA_PRIME_2);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.exponent1, CKA_EXPONENT_1);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.exponent2, CKA_EXPONENT_2);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.rsa.coefficient, CKA_COEFFICIENT);
+            itemTemplateCount++;
+            rv = DER_SetUInteger(privKey->arena, &privKey->u.rsa.version,
+                                 NSSLOWKEY_PRIVATE_KEY_INFO_VERSION);
+            if (rv != SECSuccess)
+                crv = CKR_HOST_MEMORY;
+            break;
+
+        case CKK_DSA:
+            privKey->keyType = NSSLOWKEYDSAKey;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.dsa.params.prime, CKA_PRIME);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.dsa.params.subPrime, CKA_SUBPRIME);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.dsa.params.base, CKA_BASE);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.dsa.privateValue, CKA_VALUE);
+            itemTemplateCount++;
+            /* privKey was zero'd so public value is already set to NULL, 0
+             * if we don't set it explicitly */
+            break;
+
+        case CKK_DH:
+            privKey->keyType = NSSLOWKEYDHKey;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.dh.prime, CKA_PRIME);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.dh.base, CKA_BASE);
+            itemTemplateCount++;
+            SFTK_SET_ITEM_TEMPLATE(itemTemplate, itemTemplateCount,
+                                   &privKey->u.dh.privateValue, CKA_VALUE);
+            itemTemplateCount++;
+            /* privKey was zero'd so public value is already set to NULL, 0
+             * if we don't set it explicitly */
+            break;
+
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            privKey->keyType = NSSLOWKEYECKey;
+            crv = sftk_Attribute2SSecItem(arena,
+                                          &privKey->u.ec.ecParams.DEREncoding,
+                                          object, CKA_EC_PARAMS);
+            if (crv != CKR_OK)
+                break;
+
+            /* Fill out the rest of the ecParams structure
+             * based on the encoded params
+             */
+            if (EC_FillParams(arena, &privKey->u.ec.ecParams.DEREncoding,
+                              &privKey->u.ec.ecParams) != SECSuccess) {
+                crv = CKR_DOMAIN_PARAMS_INVALID;
+                break;
+            }
+            crv = sftk_Attribute2SSecItem(arena, &privKey->u.ec.privateValue,
+                                          object, CKA_VALUE);
+            if (crv != CKR_OK)
+                break;
+
+            if (sftk_hasAttribute(object, CKA_NETSCAPE_DB)) {
+                crv = sftk_Attribute2SSecItem(arena, &privKey->u.ec.publicValue,
+                                              object, CKA_NETSCAPE_DB);
+                if (crv != CKR_OK)
+                    break;
+                /* privKey was zero'd so public value is already set to NULL, 0
+             * if we don't set it explicitly */
+            }
+            rv = DER_SetUInteger(privKey->arena, &privKey->u.ec.version,
+                                 NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
+            if (rv != SECSuccess) {
+                crv = CKR_HOST_MEMORY;
+/* The following ifdef is needed for Linux arm distros and
+ * Android as gcc 4.6 has a bug when targeting arm (but not
+ * thumb). The bug has been fixed in gcc 4.7.
+ * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56561
+ */
+#if defined(__arm__) && !defined(__thumb__) && defined(__GNUC__)
+                *crvp = CKR_HOST_MEMORY;
+                break;
+#endif
+            }
+            break;
+#endif /* NSS_DISABLE_ECC */
+
+        default:
+            crv = CKR_KEY_TYPE_INCONSISTENT;
+            break;
+    }
+    if (crv == CKR_OK && itemTemplateCount != 0) {
+        PORT_Assert(itemTemplateCount > 0);
+        PORT_Assert(itemTemplateCount <= SFTK_MAX_ITEM_TEMPLATE);
+        crv = sftk_MultipleAttribute2SecItem(arena, object, itemTemplate,
+                                             itemTemplateCount);
+    }
+    *crvp = crv;
+    if (crv != CKR_OK) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+    return privKey;
+}
+
+/*
+ * If a partial RSA private key is present, fill in the rest if necessary,
+ * and then verify the parameters are well-formed
+ */
+static SECStatus
+sftk_verifyRSAPrivateKey(SFTKObject *object, PRBool fillIfNeeded)
+{
+    RSAPrivateKey tmpKey = { 0 };
+    SFTKAttribute *modulus = NULL;
+    SFTKAttribute *prime1 = NULL;
+    SFTKAttribute *prime2 = NULL;
+    SFTKAttribute *privateExponent = NULL;
+    SFTKAttribute *publicExponent = NULL;
+    SFTKAttribute *exponent1 = NULL;
+    SFTKAttribute *exponent2 = NULL;
+    SFTKAttribute *coefficient = NULL;
+    SECStatus rv;
+    CK_RV crv;
+
+    /* first fill in the components that we have. Populate only uses
+     * the non-crt components, so only fill those in  */
+    tmpKey.arena = NULL;
+    modulus = sftk_FindAttribute(object, CKA_MODULUS);
+    if (modulus) {
+        tmpKey.modulus.data = modulus->attrib.pValue;
+        tmpKey.modulus.len = modulus->attrib.ulValueLen;
+    }
+    prime1 = sftk_FindAttribute(object, CKA_PRIME_1);
+    if (prime1) {
+        tmpKey.prime1.data = prime1->attrib.pValue;
+        tmpKey.prime1.len = prime1->attrib.ulValueLen;
+    }
+    prime2 = sftk_FindAttribute(object, CKA_PRIME_2);
+    if (prime2) {
+        tmpKey.prime2.data = prime2->attrib.pValue;
+        tmpKey.prime2.len = prime2->attrib.ulValueLen;
+    }
+    privateExponent = sftk_FindAttribute(object, CKA_PRIVATE_EXPONENT);
+    if (privateExponent) {
+        tmpKey.privateExponent.data = privateExponent->attrib.pValue;
+        tmpKey.privateExponent.len = privateExponent->attrib.ulValueLen;
+    }
+    publicExponent = sftk_FindAttribute(object, CKA_PUBLIC_EXPONENT);
+    if (publicExponent) {
+        tmpKey.publicExponent.data = publicExponent->attrib.pValue;
+        tmpKey.publicExponent.len = publicExponent->attrib.ulValueLen;
+    }
+    exponent1 = sftk_FindAttribute(object, CKA_EXPONENT_1);
+    if (exponent1) {
+        tmpKey.exponent1.data = exponent1->attrib.pValue;
+        tmpKey.exponent1.len = exponent1->attrib.ulValueLen;
+    }
+    exponent2 = sftk_FindAttribute(object, CKA_EXPONENT_2);
+    if (exponent2) {
+        tmpKey.exponent2.data = exponent2->attrib.pValue;
+        tmpKey.exponent2.len = exponent2->attrib.ulValueLen;
+    }
+    coefficient = sftk_FindAttribute(object, CKA_COEFFICIENT);
+    if (coefficient) {
+        tmpKey.coefficient.data = coefficient->attrib.pValue;
+        tmpKey.coefficient.len = coefficient->attrib.ulValueLen;
+    }
+
+    if (fillIfNeeded) {
+        /*
+         * populate requires one exponent plus 2 other components to work.
+         * we expected our caller to check that first. If that didn't happen,
+         * populate will simply return an error here.
+         */
+        rv = RSA_PopulatePrivateKey(&tmpKey);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    rv = RSA_PrivateKeyCheck(&tmpKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* now that we have a fully populated key, set all our attribute values */
+    rv = SECFailure;
+    if (!modulus || modulus->attrib.pValue != tmpKey.modulus.data) {
+        crv = sftk_forceAttribute(object, CKA_MODULUS,
+                                  sftk_item_expand(&tmpKey.modulus));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    if (!publicExponent ||
+        publicExponent->attrib.pValue != tmpKey.publicExponent.data) {
+        crv = sftk_forceAttribute(object, CKA_PUBLIC_EXPONENT,
+                                  sftk_item_expand(&tmpKey.publicExponent));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    if (!privateExponent ||
+        privateExponent->attrib.pValue != tmpKey.privateExponent.data) {
+        crv = sftk_forceAttribute(object, CKA_PRIVATE_EXPONENT,
+                                  sftk_item_expand(&tmpKey.privateExponent));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    if (!prime1 || prime1->attrib.pValue != tmpKey.prime1.data) {
+        crv = sftk_forceAttribute(object, CKA_PRIME_1,
+                                  sftk_item_expand(&tmpKey.prime1));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    if (!prime2 || prime2->attrib.pValue != tmpKey.prime2.data) {
+        crv = sftk_forceAttribute(object, CKA_PRIME_2,
+                                  sftk_item_expand(&tmpKey.prime2));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    if (!exponent1 || exponent1->attrib.pValue != tmpKey.exponent1.data) {
+        crv = sftk_forceAttribute(object, CKA_EXPONENT_1,
+                                  sftk_item_expand(&tmpKey.exponent1));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    if (!exponent2 || exponent2->attrib.pValue != tmpKey.exponent2.data) {
+        crv = sftk_forceAttribute(object, CKA_EXPONENT_2,
+                                  sftk_item_expand(&tmpKey.exponent2));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    if (!coefficient || coefficient->attrib.pValue != tmpKey.coefficient.data) {
+        crv = sftk_forceAttribute(object, CKA_COEFFICIENT,
+                                  sftk_item_expand(&tmpKey.coefficient));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    rv = SECSuccess;
+
+/* we're done (one way or the other), clean up all our stuff */
+loser:
+    if (tmpKey.arena) {
+        PORT_FreeArena(tmpKey.arena, PR_TRUE);
+    }
+    if (modulus) {
+        sftk_FreeAttribute(modulus);
+    }
+    if (prime1) {
+        sftk_FreeAttribute(prime1);
+    }
+    if (prime2) {
+        sftk_FreeAttribute(prime2);
+    }
+    if (privateExponent) {
+        sftk_FreeAttribute(privateExponent);
+    }
+    if (publicExponent) {
+        sftk_FreeAttribute(publicExponent);
+    }
+    if (exponent1) {
+        sftk_FreeAttribute(exponent1);
+    }
+    if (exponent2) {
+        sftk_FreeAttribute(exponent2);
+    }
+    if (coefficient) {
+        sftk_FreeAttribute(coefficient);
+    }
+    return rv;
+}
+
+/* Generate a low private key structure from an object */
+NSSLOWKEYPrivateKey *
+sftk_GetPrivKey(SFTKObject *object, CK_KEY_TYPE key_type, CK_RV *crvp)
+{
+    NSSLOWKEYPrivateKey *priv = NULL;
+
+    if (object->objclass != CKO_PRIVATE_KEY) {
+        *crvp = CKR_KEY_TYPE_INCONSISTENT;
+        return NULL;
+    }
+    if (object->objectInfo) {
+        *crvp = CKR_OK;
+        return (NSSLOWKEYPrivateKey *)object->objectInfo;
+    }
+
+    priv = sftk_mkPrivKey(object, key_type, crvp);
+    object->objectInfo = priv;
+    object->infoFree = (SFTKFree)nsslowkey_DestroyPrivateKey;
+    return priv;
+}
+
+/*
+ **************************** Symetric Key utils ************************
+ */
+/*
+ * set the DES key with parity bits correctly
+ */
+void
+sftk_FormatDESKey(unsigned char *key, int length)
+{
+    int i;
+
+    /* format the des key */
+    for (i = 0; i < length; i++) {
+        key[i] = parityTable[key[i] >> 1];
+    }
+}
+
+/*
+ * check a des key (des2 or des3 subkey) for weak keys.
+ */
+PRBool
+sftk_CheckDESKey(unsigned char *key)
+{
+    int i;
+
+    /* format the des key with parity  */
+    sftk_FormatDESKey(key, 8);
+
+    for (i = 0; i < sftk_desWeakTableSize; i++) {
+        if (PORT_Memcmp(key, sftk_desWeakTable[i], 8) == 0) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+/*
+ * check if a des or triple des key is weak.
+ */
+PRBool
+sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type)
+{
+
+    switch (key_type) {
+        case CKK_DES:
+            return sftk_CheckDESKey(key);
+        case CKM_DES2_KEY_GEN:
+            if (sftk_CheckDESKey(key))
+                return PR_TRUE;
+            return sftk_CheckDESKey(&key[8]);
+        case CKM_DES3_KEY_GEN:
+            if (sftk_CheckDESKey(key))
+                return PR_TRUE;
+            if (sftk_CheckDESKey(&key[8]))
+                return PR_TRUE;
+            return sftk_CheckDESKey(&key[16]);
+        default:
+            break;
+    }
+    return PR_FALSE;
+}
+
+/**********************************************************************
+ *
+ *     Start of PKCS 11 functions
+ *
+ **********************************************************************/
+
+/* return the function list */
+CK_RV
+NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
+{
+    *pFunctionList = (CK_FUNCTION_LIST_PTR)&sftk_funcList;
+    return CKR_OK;
+}
+
+/* return the function list */
+CK_RV
+C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
+{
+    return NSC_GetFunctionList(pFunctionList);
+}
+
+static PLHashNumber
+sftk_HashNumber(const void *key)
+{
+    return (PLHashNumber)((char *)key - (char *)NULL);
+}
+
+/*
+ * eventually I'd like to expunge all occurances of XXX_SLOT_ID and
+ * just go with the info in the slot. This is one place, however,
+ * where it might be a little difficult.
+ */
+const char *
+sftk_getDefTokName(CK_SLOT_ID slotID)
+{
+    static char buf[33];
+
+    switch (slotID) {
+        case NETSCAPE_SLOT_ID:
+            return "NSS Generic Crypto Services     ";
+        case PRIVATE_KEY_SLOT_ID:
+            return "NSS Certificate DB              ";
+        case FIPS_SLOT_ID:
+            return "NSS FIPS 140-2 Certificate DB   ";
+        default:
+            break;
+    }
+    sprintf(buf, "NSS Application Token %08x  ", (unsigned int)slotID);
+    return buf;
+}
+
+const char *
+sftk_getDefSlotName(CK_SLOT_ID slotID)
+{
+    static char buf[65];
+
+    switch (slotID) {
+        case NETSCAPE_SLOT_ID:
+            return "NSS Internal Cryptographic Services                             ";
+        case PRIVATE_KEY_SLOT_ID:
+            return "NSS User Private Key and Certificate Services                   ";
+        case FIPS_SLOT_ID:
+            return "NSS FIPS 140-2 User Private Key Services                        ";
+        default:
+            break;
+    }
+    sprintf(buf,
+            "NSS Application Slot %08x                                   ",
+            (unsigned int)slotID);
+    return buf;
+}
+
+static CK_ULONG nscSlotCount[2] = { 0, 0 };
+static CK_SLOT_ID_PTR nscSlotList[2] = { NULL, NULL };
+static CK_ULONG nscSlotListSize[2] = { 0, 0 };
+static PLHashTable *nscSlotHashTable[2] = { NULL, NULL };
+
+static unsigned int
+sftk_GetModuleIndex(CK_SLOT_ID slotID)
+{
+    if ((slotID == FIPS_SLOT_ID) || (slotID >= SFTK_MIN_FIPS_USER_SLOT_ID)) {
+        return NSC_FIPS_MODULE;
+    }
+    return NSC_NON_FIPS_MODULE;
+}
+
+/* look up a slot structure from the ID (used to be a macro when we only
+ * had two slots) */
+/* if all is true, return the slot even if it has been 'unloaded' */
+/* if all is false, only return the slots which are present */
+SFTKSlot *
+sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all)
+{
+    SFTKSlot *slot;
+    int index = sftk_GetModuleIndex(slotID);
+
+    if (nscSlotHashTable[index] == NULL)
+        return NULL;
+    slot = (SFTKSlot *)PL_HashTableLookupConst(nscSlotHashTable[index],
+                                               (void *)slotID);
+    /* cleared slots shouldn't 'show up' */
+    if (slot && !all && !slot->present)
+        slot = NULL;
+    return slot;
+}
+
+SFTKSlot *
+sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle)
+{
+    CK_ULONG slotIDIndex = (handle >> 24) & 0x7f;
+    CK_ULONG moduleIndex = (handle >> 31) & 1;
+
+    if (slotIDIndex >= nscSlotCount[moduleIndex]) {
+        return NULL;
+    }
+
+    return sftk_SlotFromID(nscSlotList[moduleIndex][slotIDIndex], PR_FALSE);
+}
+
+static CK_RV
+sftk_RegisterSlot(SFTKSlot *slot, int moduleIndex)
+{
+    PLHashEntry *entry;
+    unsigned int index;
+
+    index = sftk_GetModuleIndex(slot->slotID);
+
+    /* make sure the slotID for this module is valid */
+    if (moduleIndex != index) {
+        return CKR_SLOT_ID_INVALID;
+    }
+
+    if (nscSlotList[index] == NULL) {
+        nscSlotListSize[index] = NSC_SLOT_LIST_BLOCK_SIZE;
+        nscSlotList[index] = (CK_SLOT_ID *)
+            PORT_ZAlloc(nscSlotListSize[index] * sizeof(CK_SLOT_ID));
+        if (nscSlotList[index] == NULL) {
+            return CKR_HOST_MEMORY;
+        }
+    }
+    if (nscSlotCount[index] >= nscSlotListSize[index]) {
+        CK_SLOT_ID *oldNscSlotList = nscSlotList[index];
+        CK_ULONG oldNscSlotListSize = nscSlotListSize[index];
+        nscSlotListSize[index] += NSC_SLOT_LIST_BLOCK_SIZE;
+        nscSlotList[index] = (CK_SLOT_ID *)PORT_Realloc(oldNscSlotList,
+                                                        nscSlotListSize[index] * sizeof(CK_SLOT_ID));
+        if (nscSlotList[index] == NULL) {
+            nscSlotList[index] = oldNscSlotList;
+            nscSlotListSize[index] = oldNscSlotListSize;
+            return CKR_HOST_MEMORY;
+        }
+    }
+
+    if (nscSlotHashTable[index] == NULL) {
+        nscSlotHashTable[index] = PL_NewHashTable(64, sftk_HashNumber,
+                                                  PL_CompareValues, PL_CompareValues, NULL, 0);
+        if (nscSlotHashTable[index] == NULL) {
+            return CKR_HOST_MEMORY;
+        }
+    }
+
+    entry = PL_HashTableAdd(nscSlotHashTable[index], (void *)slot->slotID, slot);
+    if (entry == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    slot->index = (nscSlotCount[index] & 0x7f) | ((index << 7) & 0x80);
+    nscSlotList[index][nscSlotCount[index]++] = slot->slotID;
+
+    return CKR_OK;
+}
+
+/*
+ * ths function has all the common initialization that happens whenever we
+ * create a new slot or repurpose an old slot (only valid for slotID's 4
+ * and greater).
+ *
+ * things that are not reinitialized are:
+ *   slotID (can't change)
+ *   slotDescription (can't change once defined)
+ *   the locks and hash tables (difficult to change in running code, and
+ *     unnecessary. hash tables and list are cleared on shutdown, but they
+ *     are cleared in a 'friendly' way).
+ *   session and object ID counters -- so any old sessions and objects in the
+ *     application will get properly notified that the world has changed.
+ *
+ * things that are reinitialized:
+ *   database (otherwise what would the point be;).
+ *   state variables related to databases.
+ *   session count stat info.
+ *   tokenDescription.
+ *
+ * NOTE: slotID's 4 and greater show up as removable devices.
+ *
+ */
+CK_RV
+SFTK_SlotReInit(SFTKSlot *slot, char *configdir, char *updatedir,
+                char *updateID, sftk_token_parameters *params, int moduleIndex)
+{
+    PRBool needLogin = !params->noKeyDB;
+    CK_RV crv;
+
+    slot->hasTokens = PR_FALSE;
+    slot->sessionIDConflict = 0;
+    slot->sessionCount = 0;
+    slot->rwSessionCount = 0;
+    slot->needLogin = PR_FALSE;
+    slot->isLoggedIn = PR_FALSE;
+    slot->ssoLoggedIn = PR_FALSE;
+    slot->DB_loaded = PR_FALSE;
+    slot->certDB = NULL;
+    slot->keyDB = NULL;
+    slot->minimumPinLen = 0;
+    slot->readOnly = params->readOnly;
+    sftk_setStringName(params->tokdes ? params->tokdes : sftk_getDefTokName(slot->slotID), slot->tokDescription,
+                       sizeof(slot->tokDescription), PR_TRUE);
+    sftk_setStringName(params->updtokdes ? params->updtokdes : " ",
+                       slot->updateTokDescription,
+                       sizeof(slot->updateTokDescription), PR_TRUE);
+
+    if ((!params->noCertDB) || (!params->noKeyDB)) {
+        SFTKDBHandle *certHandle = NULL;
+        SFTKDBHandle *keyHandle = NULL;
+        crv = sftk_DBInit(params->configdir ? params->configdir : configdir,
+                          params->certPrefix, params->keyPrefix,
+                          params->updatedir ? params->updatedir : updatedir,
+                          params->updCertPrefix, params->updKeyPrefix,
+                          params->updateID ? params->updateID : updateID,
+                          params->readOnly, params->noCertDB, params->noKeyDB,
+                          params->forceOpen,
+                          moduleIndex == NSC_FIPS_MODULE,
+                          &certHandle, &keyHandle);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+
+        slot->certDB = certHandle;
+        slot->keyDB = keyHandle;
+    }
+    if (needLogin) {
+        /* if the data base is initialized with a null password,remember that */
+        slot->needLogin =
+            (PRBool)!sftk_hasNullPassword(slot, slot->keyDB);
+        if ((params->minPW >= 0) && (params->minPW <= SFTK_MAX_PIN)) {
+            slot->minimumPinLen = params->minPW;
+        }
+        if ((slot->minimumPinLen == 0) && (params->pwRequired)) {
+            slot->minimumPinLen = 1;
+        }
+        /* Make sure the pin len is set to the Minimum allowed value for fips
+         * when in FIPS mode. NOTE: we don't set it if the database has not
+         * been initialized yet so that we can init into level1 mode if needed
+         */
+        if ((sftkdb_HasPasswordSet(slot->keyDB) == SECSuccess) &&
+            (moduleIndex == NSC_FIPS_MODULE) &&
+            (slot->minimumPinLen < FIPS_MIN_PIN)) {
+            slot->minimumPinLen = FIPS_MIN_PIN;
+        }
+    }
+
+    slot->present = PR_TRUE;
+    return CKR_OK;
+
+loser:
+    SFTK_ShutdownSlot(slot);
+    return crv;
+}
+
+/*
+ * initialize one of the slot structures. figure out which by the ID
+ */
+CK_RV
+SFTK_SlotInit(char *configdir, char *updatedir, char *updateID,
+              sftk_token_parameters *params, int moduleIndex)
+{
+    unsigned int i;
+    CK_SLOT_ID slotID = params->slotID;
+    SFTKSlot *slot;
+    CK_RV crv = CKR_HOST_MEMORY;
+
+    /*
+     * first we initialize everything that is 'permanent' with this slot.
+     * that is everything we aren't going to shutdown if we close this slot
+     * and open it up again with different databases */
+
+    slot = PORT_ZNew(SFTKSlot);
+
+    if (slot == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    slot->optimizeSpace = params->optimizeSpace;
+    if (slot->optimizeSpace) {
+        slot->sessObjHashSize = SPACE_SESSION_OBJECT_HASH_SIZE;
+        slot->sessHashSize = SPACE_SESSION_HASH_SIZE;
+        slot->numSessionLocks = 1;
+    } else {
+        slot->sessObjHashSize = TIME_SESSION_OBJECT_HASH_SIZE;
+        slot->sessHashSize = TIME_SESSION_HASH_SIZE;
+        slot->numSessionLocks = slot->sessHashSize / BUCKETS_PER_SESSION_LOCK;
+    }
+    slot->sessionLockMask = slot->numSessionLocks - 1;
+
+    slot->slotLock = PZ_NewLock(nssILockSession);
+    if (slot->slotLock == NULL)
+        goto mem_loser;
+    slot->sessionLock = PORT_ZNewArray(PZLock *, slot->numSessionLocks);
+    if (slot->sessionLock == NULL)
+        goto mem_loser;
+    for (i = 0; i < slot->numSessionLocks; i++) {
+        slot->sessionLock[i] = PZ_NewLock(nssILockSession);
+        if (slot->sessionLock[i] == NULL)
+            goto mem_loser;
+    }
+    slot->objectLock = PZ_NewLock(nssILockObject);
+    if (slot->objectLock == NULL)
+        goto mem_loser;
+    slot->pwCheckLock = PR_NewLock();
+    if (slot->pwCheckLock == NULL)
+        goto mem_loser;
+    slot->head = PORT_ZNewArray(SFTKSession *, slot->sessHashSize);
+    if (slot->head == NULL)
+        goto mem_loser;
+    slot->sessObjHashTable = PORT_ZNewArray(SFTKObject *, slot->sessObjHashSize);
+    if (slot->sessObjHashTable == NULL)
+        goto mem_loser;
+    slot->tokObjHashTable = PL_NewHashTable(64, sftk_HashNumber, PL_CompareValues,
+                                            SECITEM_HashCompare, NULL, 0);
+    if (slot->tokObjHashTable == NULL)
+        goto mem_loser;
+
+    slot->sessionIDCount = 0;
+    slot->sessionObjectHandleCount = minSessionObjectHandle;
+    slot->slotID = slotID;
+    sftk_setStringName(params->slotdes ? params->slotdes : sftk_getDefSlotName(slotID), slot->slotDescription,
+                       sizeof(slot->slotDescription), PR_TRUE);
+
+    /* call the reinit code to set everything that changes between token
+     * init calls */
+    crv = SFTK_SlotReInit(slot, configdir, updatedir, updateID,
+                          params, moduleIndex);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    crv = sftk_RegisterSlot(slot, moduleIndex);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    return CKR_OK;
+
+mem_loser:
+    crv = CKR_HOST_MEMORY;
+loser:
+    SFTK_DestroySlotData(slot);
+    return crv;
+}
+
+CK_RV
+sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout)
+{
+    SFTKSession *session;
+    unsigned int i;
+    SFTKDBHandle *handle;
+
+    /* first log out the card */
+    /* special case - if we are in a middle of upgrade, we want to close the
+     * sessions to fake a token removal to tell the upper level code we have
+     * switched from one database to another, but we don't want to
+     * explicity logout in case we can continue the upgrade with the
+     * existing password if possible.
+     */
+    if (logout) {
+        handle = sftk_getKeyDB(slot);
+        SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
+        slot->isLoggedIn = PR_FALSE;
+        if (slot->needLogin && handle) {
+            sftkdb_ClearPassword(handle);
+        }
+        SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
+        if (handle) {
+            sftk_freeDB(handle);
+        }
+    }
+
+    /* now close all the current sessions */
+    /* NOTE: If you try to open new sessions before NSC_CloseAllSessions
+     * completes, some of those new sessions may or may not be closed by
+     * NSC_CloseAllSessions... but any session running when this code starts
+     * will guarrenteed be close, and no session will be partially closed */
+    for (i = 0; i < slot->sessHashSize; i++) {
+        PZLock *lock = SFTK_SESSION_LOCK(slot, i);
+        do {
+            SKIP_AFTER_FORK(PZ_Lock(lock));
+            session = slot->head[i];
+            /* hand deque */
+            /* this duplicates function of NSC_close session functions, but
+             * because we know that we are freeing all the sessions, we can
+             * do more efficient processing */
+            if (session) {
+                slot->head[i] = session->next;
+                if (session->next)
+                    session->next->prev = NULL;
+                session->next = session->prev = NULL;
+                SKIP_AFTER_FORK(PZ_Unlock(lock));
+                SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
+                --slot->sessionCount;
+                SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
+                if (session->info.flags & CKF_RW_SESSION) {
+                    (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount);
+                }
+            } else {
+                SKIP_AFTER_FORK(PZ_Unlock(lock));
+            }
+            if (session)
+                sftk_FreeSession(session);
+        } while (session != NULL);
+    }
+    return CKR_OK;
+}
+
+/*
+ * shut down the databases.
+ * we get the slot lock (which also protects slot->certDB and slot->keyDB)
+ * and clear the values so the new users will not find the databases.
+ * once things are clear, we can release our references to the databases.
+ * The databases will close when the last reference is released.
+ *
+ * We use reference counts so that we don't crash if someone shuts down
+ * a token that another thread is actively using.
+ */
+static void
+sftk_DBShutdown(SFTKSlot *slot)
+{
+    SFTKDBHandle *certHandle;
+    SFTKDBHandle *keyHandle;
+    SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
+    certHandle = slot->certDB;
+    slot->certDB = NULL;
+    keyHandle = slot->keyDB;
+    slot->keyDB = NULL;
+    SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
+    if (certHandle) {
+        sftk_freeDB(certHandle);
+    }
+    if (keyHandle) {
+        sftk_freeDB(keyHandle);
+    }
+}
+
+CK_RV
+SFTK_ShutdownSlot(SFTKSlot *slot)
+{
+    /* make sure no new PK11 calls work except C_GetSlotInfo */
+    slot->present = PR_FALSE;
+
+    /* close all outstanding sessions
+     * the sessHashSize variable guarentees we have all the session
+     * mechanism set up */
+    if (slot->head) {
+        sftk_CloseAllSessions(slot, PR_TRUE);
+    }
+
+    /* clear all objects.. session objects are cleared as a result of
+     * closing all the sessions. We just need to clear the token object
+     * cache. slot->tokObjHashTable guarentees we have the token
+     * infrastructure set up. */
+    if (slot->tokObjHashTable) {
+        SFTK_ClearTokenKeyHashTable(slot);
+    }
+
+    /* clear the slot description for the next guy */
+    PORT_Memset(slot->tokDescription, 0, sizeof(slot->tokDescription));
+
+    /* now shut down the databases. */
+    sftk_DBShutdown(slot);
+    return CKR_OK;
+}
+
+/*
+ * initialize one of the slot structures. figure out which by the ID
+ */
+CK_RV
+SFTK_DestroySlotData(SFTKSlot *slot)
+{
+    unsigned int i;
+
+    SFTK_ShutdownSlot(slot);
+
+    if (slot->tokObjHashTable) {
+        PL_HashTableDestroy(slot->tokObjHashTable);
+        slot->tokObjHashTable = NULL;
+    }
+
+    if (slot->sessObjHashTable) {
+        PORT_Free(slot->sessObjHashTable);
+        slot->sessObjHashTable = NULL;
+    }
+    slot->sessObjHashSize = 0;
+
+    if (slot->head) {
+        PORT_Free(slot->head);
+        slot->head = NULL;
+    }
+    slot->sessHashSize = 0;
+
+    /* OK everything has been disassembled, now we can finally get rid
+     * of the locks */
+    SKIP_AFTER_FORK(PZ_DestroyLock(slot->slotLock));
+    slot->slotLock = NULL;
+    if (slot->sessionLock) {
+        for (i = 0; i < slot->numSessionLocks; i++) {
+            if (slot->sessionLock[i]) {
+                SKIP_AFTER_FORK(PZ_DestroyLock(slot->sessionLock[i]));
+                slot->sessionLock[i] = NULL;
+            }
+        }
+        PORT_Free(slot->sessionLock);
+        slot->sessionLock = NULL;
+    }
+    if (slot->objectLock) {
+        SKIP_AFTER_FORK(PZ_DestroyLock(slot->objectLock));
+        slot->objectLock = NULL;
+    }
+    if (slot->pwCheckLock) {
+        SKIP_AFTER_FORK(PR_DestroyLock(slot->pwCheckLock));
+        slot->pwCheckLock = NULL;
+    }
+    PORT_Free(slot);
+    return CKR_OK;
+}
+
+/*
+ * handle the SECMOD.db
+ */
+char **
+NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args)
+{
+    char *secmod = NULL;
+    char *appName = NULL;
+    char *filename = NULL;
+    NSSDBType dbType = NSS_DB_TYPE_NONE;
+    PRBool rw;
+    static char *success = "Success";
+    char **rvstr = NULL;
+
+    rvstr = NSSUTIL_DoModuleDBFunction(function, parameters, args);
+    if (rvstr != NULL) {
+        return rvstr;
+    }
+
+    if (PORT_GetError() != SEC_ERROR_LEGACY_DATABASE) {
+        return NULL;
+    }
+
+    /* The legacy database uses the old dbm, which is only linked with the
+     * legacy DB handler, which is only callable from softoken */
+
+    secmod = _NSSUTIL_GetSecmodName(parameters, &dbType, &appName,
+                                    &filename, &rw);
+
+    switch (function) {
+        case SECMOD_MODULE_DB_FUNCTION_FIND:
+            if (secmod == NULL) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                goto loser;
+            }
+            if (rw && (dbType != NSS_DB_TYPE_LEGACY) &&
+                (dbType != NSS_DB_TYPE_MULTIACCESS)) {
+                /* if we get here, we are trying to update the local database */
+                /* force data from the legacy DB */
+                char *oldSecmod = NULL;
+                char *oldAppName = NULL;
+                char *oldFilename = NULL;
+                PRBool oldrw;
+                char **strings = NULL;
+                int i;
+
+                dbType = NSS_DB_TYPE_LEGACY;
+                oldSecmod = _NSSUTIL_GetSecmodName(parameters, &dbType, &oldAppName,
+                                                   &oldFilename, &oldrw);
+                strings = sftkdbCall_ReadSecmodDB(appName, oldFilename, oldSecmod,
+                                                  (char *)parameters, oldrw);
+                if (strings) {
+                    /* write out the strings */
+                    for (i = 0; strings[i]; i++) {
+                        NSSUTIL_DoModuleDBFunction(SECMOD_MODULE_DB_FUNCTION_ADD,
+                                                   parameters, strings[i]);
+                    }
+                    sftkdbCall_ReleaseSecmodDBData(oldAppName, oldFilename, oldSecmod,
+                                                   (char **)strings, oldrw);
+                } else {
+                    /* write out a dummy record */
+                    NSSUTIL_DoModuleDBFunction(SECMOD_MODULE_DB_FUNCTION_ADD,
+                                               parameters, " ");
+                }
+                if (oldSecmod) {
+                    PR_smprintf_free(oldSecmod);
+                }
+                if (oldAppName) {
+                    PORT_Free(oldAppName);
+                }
+                if (oldFilename) {
+                    PORT_Free(oldFilename);
+                }
+                rvstr = NSSUTIL_DoModuleDBFunction(function, parameters, args);
+                break;
+            }
+            rvstr = sftkdbCall_ReadSecmodDB(appName, filename, secmod,
+                                            (char *)parameters, rw);
+            break;
+        case SECMOD_MODULE_DB_FUNCTION_ADD:
+            if (secmod == NULL) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                goto loser;
+            }
+            rvstr = (sftkdbCall_AddSecmodDB(appName, filename, secmod,
+                                            (char *)args, rw) == SECSuccess)
+                        ? &success
+                        : NULL;
+            break;
+        case SECMOD_MODULE_DB_FUNCTION_DEL:
+            if (secmod == NULL) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                goto loser;
+            }
+            rvstr = (sftkdbCall_DeleteSecmodDB(appName, filename, secmod,
+                                               (char *)args, rw) == SECSuccess)
+                        ? &success
+                        : NULL;
+            break;
+        case SECMOD_MODULE_DB_FUNCTION_RELEASE:
+            rvstr = (sftkdbCall_ReleaseSecmodDBData(appName, filename, secmod,
+                                                    (char **)args, rw) == SECSuccess)
+                        ? &success
+                        : NULL;
+            break;
+    }
+
+loser:
+    if (secmod)
+        PR_smprintf_free(secmod);
+    if (appName)
+        PORT_Free(appName);
+    if (filename)
+        PORT_Free(filename);
+    return rvstr;
+}
+
+static void
+nscFreeAllSlots(int moduleIndex)
+{
+    /* free all the slots */
+    SFTKSlot *slot = NULL;
+    CK_SLOT_ID slotID;
+    int i;
+
+    if (nscSlotList[moduleIndex]) {
+        CK_ULONG tmpSlotCount = nscSlotCount[moduleIndex];
+        CK_SLOT_ID_PTR tmpSlotList = nscSlotList[moduleIndex];
+        PLHashTable *tmpSlotHashTable = nscSlotHashTable[moduleIndex];
+
+        /* first close all the session */
+        for (i = 0; i < (int)tmpSlotCount; i++) {
+            slotID = tmpSlotList[i];
+            (void)NSC_CloseAllSessions(slotID);
+        }
+
+        /* now clear out the statics */
+        nscSlotList[moduleIndex] = NULL;
+        nscSlotCount[moduleIndex] = 0;
+        nscSlotHashTable[moduleIndex] = NULL;
+        nscSlotListSize[moduleIndex] = 0;
+
+        for (i = 0; i < (int)tmpSlotCount; i++) {
+            slotID = tmpSlotList[i];
+            slot = (SFTKSlot *)
+                PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
+            PORT_Assert(slot);
+            if (!slot)
+                continue;
+            SFTK_DestroySlotData(slot);
+            PL_HashTableRemove(tmpSlotHashTable, (void *)slotID);
+        }
+        PORT_Free(tmpSlotList);
+        PL_HashTableDestroy(tmpSlotHashTable);
+    }
+}
+
+static void
+sftk_closePeer(PRBool isFIPS)
+{
+    CK_SLOT_ID slotID = isFIPS ? PRIVATE_KEY_SLOT_ID : FIPS_SLOT_ID;
+    SFTKSlot *slot;
+    int moduleIndex = isFIPS ? NSC_NON_FIPS_MODULE : NSC_FIPS_MODULE;
+    PLHashTable *tmpSlotHashTable = nscSlotHashTable[moduleIndex];
+
+    slot = (SFTKSlot *)PL_HashTableLookup(tmpSlotHashTable, (void *)slotID);
+    if (slot == NULL) {
+        return;
+    }
+    sftk_DBShutdown(slot);
+    return;
+}
+
+/* NSC_Initialize initializes the Cryptoki library. */
+CK_RV
+nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS)
+{
+    CK_RV crv = CKR_OK;
+    SECStatus rv;
+    CK_C_INITIALIZE_ARGS *init_args = (CK_C_INITIALIZE_ARGS *)pReserved;
+    int i;
+    int moduleIndex = isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE;
+
+    if (isFIPS) {
+        loginWaitTime = PR_SecondsToInterval(1);
+    }
+
+    ENABLE_FORK_CHECK();
+
+    rv = SECOID_Init();
+    if (rv != SECSuccess) {
+        crv = CKR_DEVICE_ERROR;
+        return crv;
+    }
+
+    rv = RNG_RNGInit(); /* initialize random number generator */
+    if (rv != SECSuccess) {
+        crv = CKR_DEVICE_ERROR;
+        return crv;
+    }
+    rv = BL_Init(); /* initialize freebl engine */
+    if (rv != SECSuccess) {
+        crv = CKR_DEVICE_ERROR;
+        return crv;
+    }
+
+    /* NOTE:
+     * we should be getting out mutexes from this list, not statically binding
+     * them from NSPR. This should happen before we allow the internal to split
+     * off from the rest on NSS.
+     */
+
+    /* initialize the key and cert db's */
+    if (init_args && (!(init_args->flags & CKF_OS_LOCKING_OK))) {
+        if (init_args->CreateMutex && init_args->DestroyMutex &&
+            init_args->LockMutex && init_args->UnlockMutex) {
+            /* softoken always uses NSPR (ie. OS locking), and doesn't know how
+             * to use the lock functions provided by the application.
+             */
+            crv = CKR_CANT_LOCK;
+            return crv;
+        }
+        if (init_args->CreateMutex || init_args->DestroyMutex ||
+            init_args->LockMutex || init_args->UnlockMutex) {
+            /* only some of the lock functions were provided by the
+             * application. This is invalid per PKCS#11 spec.
+             */
+            crv = CKR_ARGUMENTS_BAD;
+            return crv;
+        }
+    }
+    crv = CKR_ARGUMENTS_BAD;
+    if ((init_args && init_args->LibraryParameters)) {
+        sftk_parameters paramStrings;
+
+        crv = sftk_parseParameters((char *)init_args->LibraryParameters, &paramStrings, isFIPS);
+        if (crv != CKR_OK) {
+            return crv;
+        }
+        crv = sftk_configure(paramStrings.man, paramStrings.libdes);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+
+        /* if we have a peer already open, have him close his DB's so we
+         * don't clobber each other. */
+        if ((isFIPS && nsc_init) || (!isFIPS && nsf_init)) {
+            sftk_closePeer(isFIPS);
+            if (sftk_audit_enabled) {
+                if (isFIPS && nsc_init) {
+                    sftk_LogAuditMessage(NSS_AUDIT_INFO, NSS_AUDIT_FIPS_STATE,
+                                         "enabled FIPS mode");
+                } else {
+                    sftk_LogAuditMessage(NSS_AUDIT_INFO, NSS_AUDIT_FIPS_STATE,
+                                         "disabled FIPS mode");
+                }
+            }
+        }
+
+        for (i = 0; i < paramStrings.token_count; i++) {
+            crv = SFTK_SlotInit(paramStrings.configdir,
+                                paramStrings.updatedir, paramStrings.updateID,
+                                &paramStrings.tokens[i], moduleIndex);
+            if (crv != CKR_OK) {
+                nscFreeAllSlots(moduleIndex);
+                break;
+            }
+        }
+    loser:
+        sftk_freeParams(&paramStrings);
+    }
+    if (CKR_OK == crv) {
+        sftk_InitFreeLists();
+    }
+
+#ifndef NO_FORK_CHECK
+    if (CKR_OK == crv) {
+#if defined(CHECK_FORK_MIXED)
+        /* Before Solaris 10, fork handlers are not unregistered at dlclose()
+         * time. So, we only use pthread_atfork on Solaris 10 and later. For
+         * earlier versions, we use PID checks.
+         */
+        char buf[200];
+        int major = 0, minor = 0;
+
+        long rv = sysinfo(SI_RELEASE, buf, sizeof(buf));
+        if (rv > 0 && rv < sizeof(buf)) {
+            if (2 == sscanf(buf, "%d.%d", &major, &minor)) {
+                /* Are we on Solaris 10 or greater ? */
+                if (major > 5 || (5 == major && minor >= 10)) {
+                    /* we are safe to use pthread_atfork */
+                    usePthread_atfork = PR_TRUE;
+                }
+            }
+        }
+        if (usePthread_atfork) {
+            pthread_atfork(NULL, NULL, ForkedChild);
+        } else {
+            myPid = getpid();
+        }
+
+#elif defined(CHECK_FORK_PTHREAD)
+        pthread_atfork(NULL, NULL, ForkedChild);
+#elif defined(CHECK_FORK_GETPID)
+        myPid = getpid();
+#else
+#error Incorrect fork check method.
+#endif
+    }
+#endif
+    return crv;
+}
+
+CK_RV
+NSC_Initialize(CK_VOID_PTR pReserved)
+{
+    CK_RV crv;
+
+    sftk_ForkReset(pReserved, &crv);
+
+    if (nsc_init) {
+        return CKR_CRYPTOKI_ALREADY_INITIALIZED;
+    }
+    crv = nsc_CommonInitialize(pReserved, PR_FALSE);
+    nsc_init = (PRBool)(crv == CKR_OK);
+    return crv;
+}
+
+/* NSC_Finalize indicates that an application is done with the
+ * Cryptoki library.*/
+CK_RV
+nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS)
+{
+    /* propagate the fork status to freebl and util */
+    BL_SetForkState(parentForkedAfterC_Initialize);
+    UTIL_SetForkState(parentForkedAfterC_Initialize);
+
+    nscFreeAllSlots(isFIPS ? NSC_FIPS_MODULE : NSC_NON_FIPS_MODULE);
+
+    /* don't muck with the globals if our peer is still initialized */
+    if (isFIPS && nsc_init) {
+        return CKR_OK;
+    }
+    if (!isFIPS && nsf_init) {
+        return CKR_OK;
+    }
+
+    sftk_CleanupFreeLists();
+    sftkdb_Shutdown();
+
+    /* This function does not discard all our previously aquired entropy. */
+    RNG_RNGShutdown();
+
+    /* tell freeBL to clean up after itself */
+    BL_Cleanup();
+
+    /* reset fork status in freebl. We must do this before BL_Unload so that
+     * this call doesn't force freebl to be reloaded. */
+    BL_SetForkState(PR_FALSE);
+
+#ifndef NSS_TEST_BUILD
+    /* unload freeBL shared library from memory. This may only decrement the
+     * OS refcount if it's been loaded multiple times, eg. by libssl */
+    BL_Unload();
+#endif
+
+    /* clean up the default OID table */
+    SECOID_Shutdown();
+
+    /* reset fork status in util */
+    UTIL_SetForkState(PR_FALSE);
+
+    nsc_init = PR_FALSE;
+
+#ifdef CHECK_FORK_MIXED
+    if (!usePthread_atfork) {
+        myPid = 0; /* allow CHECK_FORK in the next softoken initialization to
+                    * succeed */
+    } else {
+        forked = PR_FALSE; /* allow reinitialization */
+    }
+#elif defined(CHECK_FORK_GETPID)
+    myPid = 0; /* allow reinitialization */
+#elif defined(CHECK_FORK_PTHREAD)
+    forked = PR_FALSE; /* allow reinitialization */
+#endif
+    return CKR_OK;
+}
+
+/* Hard-reset the entire softoken PKCS#11 module if the parent process forked
+ * while it was initialized. */
+PRBool
+sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV *crv)
+{
+#ifndef NO_FORK_CHECK
+    if (PARENT_FORKED()) {
+        parentForkedAfterC_Initialize = PR_TRUE;
+        if (nsc_init) {
+            /* finalize non-FIPS token */
+            *crv = nsc_CommonFinalize(pReserved, PR_FALSE);
+            PORT_Assert(CKR_OK == *crv);
+            nsc_init = (PRBool) !(*crv == CKR_OK);
+        }
+        if (nsf_init) {
+            /* finalize FIPS token */
+            *crv = nsc_CommonFinalize(pReserved, PR_TRUE);
+            PORT_Assert(CKR_OK == *crv);
+            nsf_init = (PRBool) !(*crv == CKR_OK);
+        }
+        parentForkedAfterC_Initialize = PR_FALSE;
+        return PR_TRUE;
+    }
+#endif
+    return PR_FALSE;
+}
+
+/* NSC_Finalize indicates that an application is done with the
+ * Cryptoki library.*/
+CK_RV
+NSC_Finalize(CK_VOID_PTR pReserved)
+{
+    CK_RV crv;
+
+    /* reset entire PKCS#11 module upon fork */
+    if (sftk_ForkReset(pReserved, &crv)) {
+        return crv;
+    }
+
+    if (!nsc_init) {
+        return CKR_OK;
+    }
+
+    crv = nsc_CommonFinalize(pReserved, PR_FALSE);
+
+    nsc_init = (PRBool) !(crv == CKR_OK);
+
+    return crv;
+}
+
+extern const char __nss_softokn_version[];
+
+/* NSC_GetInfo returns general information about Cryptoki. */
+CK_RV
+NSC_GetInfo(CK_INFO_PTR pInfo)
+{
+#define NSS_VERSION_VARIABLE __nss_softokn_version
+#include "verref.h"
+
+    CHECK_FORK();
+
+    pInfo->cryptokiVersion.major = 2;
+    pInfo->cryptokiVersion.minor = 20;
+    PORT_Memcpy(pInfo->manufacturerID, manufacturerID, 32);
+    pInfo->libraryVersion.major = SOFTOKEN_VMAJOR;
+    pInfo->libraryVersion.minor = SOFTOKEN_VMINOR;
+    PORT_Memcpy(pInfo->libraryDescription, libraryDescription, 32);
+    pInfo->flags = 0;
+    return CKR_OK;
+}
+
+/* NSC_GetSlotList obtains a list of slots in the system. */
+CK_RV
+nsc_CommonGetSlotList(CK_BBOOL tokenPresent,
+                      CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex)
+{
+    *pulCount = nscSlotCount[moduleIndex];
+    if (pSlotList != NULL) {
+        PORT_Memcpy(pSlotList, nscSlotList[moduleIndex],
+                    nscSlotCount[moduleIndex] * sizeof(CK_SLOT_ID));
+    }
+    return CKR_OK;
+}
+
+/* NSC_GetSlotList obtains a list of slots in the system. */
+CK_RV
+NSC_GetSlotList(CK_BBOOL tokenPresent,
+                CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
+{
+    CHECK_FORK();
+    return nsc_CommonGetSlotList(tokenPresent, pSlotList, pulCount,
+                                 NSC_NON_FIPS_MODULE);
+}
+
+/* NSC_GetSlotInfo obtains information about a particular slot in the system. */
+CK_RV
+NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+{
+    SFTKSlot *slot = sftk_SlotFromID(slotID, PR_TRUE);
+
+    CHECK_FORK();
+
+    if (slot == NULL)
+        return CKR_SLOT_ID_INVALID;
+
+    PORT_Memcpy(pInfo->manufacturerID, manufacturerID,
+                sizeof(pInfo->manufacturerID));
+    PORT_Memcpy(pInfo->slotDescription, slot->slotDescription,
+                sizeof(pInfo->slotDescription));
+    pInfo->flags = (slot->present) ? CKF_TOKEN_PRESENT : 0;
+
+    /* all user defined slots are defined as removable */
+    if (slotID >= SFTK_MIN_USER_SLOT_ID) {
+        pInfo->flags |= CKF_REMOVABLE_DEVICE;
+    } else {
+        /* In the case where we are doing a merge update, we need
+         * the DB slot to be removable so the token name can change
+         * appropriately. */
+        SFTKDBHandle *handle = sftk_getKeyDB(slot);
+        if (handle) {
+            if (sftkdb_InUpdateMerge(handle)) {
+                pInfo->flags |= CKF_REMOVABLE_DEVICE;
+            }
+            sftk_freeDB(handle);
+        }
+    }
+
+    /* ok we really should read it out of the keydb file. */
+    /* pInfo->hardwareVersion.major = NSSLOWKEY_DB_FILE_VERSION; */
+    pInfo->hardwareVersion.major = SOFTOKEN_VMAJOR;
+    pInfo->hardwareVersion.minor = SOFTOKEN_VMINOR;
+    pInfo->firmwareVersion.major = SOFTOKEN_VPATCH;
+    pInfo->firmwareVersion.minor = SOFTOKEN_VBUILD;
+    return CKR_OK;
+}
+
+/*
+ * check the current state of the 'needLogin' flag in case the database has
+ * been changed underneath us.
+ */
+static PRBool
+sftk_checkNeedLogin(SFTKSlot *slot, SFTKDBHandle *keyHandle)
+{
+    if (sftkdb_PWCached(keyHandle) == SECSuccess) {
+        return slot->needLogin;
+    }
+    slot->needLogin = (PRBool)!sftk_hasNullPassword(slot, keyHandle);
+    return (slot->needLogin);
+}
+
+static PRBool
+sftk_isBlank(const char *s, int len)
+{
+    int i;
+    for (i = 0; i < len; i++) {
+        if (s[i] != ' ') {
+            return PR_FALSE;
+        }
+    }
+    return PR_TRUE;
+}
+
+/* NSC_GetTokenInfo obtains information about a particular token in
+ * the system. */
+CK_RV
+NSC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+{
+    SFTKSlot *slot;
+    SFTKDBHandle *handle;
+
+    CHECK_FORK();
+
+    if (!nsc_init && !nsf_init)
+        return CKR_CRYPTOKI_NOT_INITIALIZED;
+    slot = sftk_SlotFromID(slotID, PR_FALSE);
+    if (slot == NULL)
+        return CKR_SLOT_ID_INVALID;
+
+    PORT_Memcpy(pInfo->manufacturerID, manufacturerID, 32);
+    PORT_Memcpy(pInfo->model, "NSS 3           ", 16);
+    PORT_Memcpy(pInfo->serialNumber, "0000000000000000", 16);
+    PORT_Memcpy(pInfo->utcTime, "0000000000000000", 16);
+    pInfo->ulMaxSessionCount = 0; /* arbitrarily large */
+    pInfo->ulSessionCount = slot->sessionCount;
+    pInfo->ulMaxRwSessionCount = 0; /* arbitarily large */
+    pInfo->ulRwSessionCount = slot->rwSessionCount;
+    pInfo->firmwareVersion.major = 0;
+    pInfo->firmwareVersion.minor = 0;
+    PORT_Memcpy(pInfo->label, slot->tokDescription, sizeof(pInfo->label));
+    handle = sftk_getKeyDB(slot);
+    pInfo->flags = CKF_RNG | CKF_DUAL_CRYPTO_OPERATIONS;
+    if (handle == NULL) {
+        pInfo->flags |= CKF_WRITE_PROTECTED;
+        pInfo->ulMaxPinLen = 0;
+        pInfo->ulMinPinLen = 0;
+        pInfo->ulTotalPublicMemory = 0;
+        pInfo->ulFreePublicMemory = 0;
+        pInfo->ulTotalPrivateMemory = 0;
+        pInfo->ulFreePrivateMemory = 0;
+        pInfo->hardwareVersion.major = 4;
+        pInfo->hardwareVersion.minor = 0;
+    } else {
+        /*
+         * we have three possible states which we may be in:
+         *   (1) No DB password has been initialized. This also means we
+         *   have no keys in the key db.
+         *   (2) Password initialized to NULL. This means we have keys, but
+         *   the user has chosen not use a password.
+         *   (3) Finally we have an initialized password whicn is not NULL, and
+         *   we will need to prompt for it.
+         */
+        if (sftkdb_HasPasswordSet(handle) == SECFailure) {
+            pInfo->flags |= CKF_LOGIN_REQUIRED;
+        } else if (!sftk_checkNeedLogin(slot, handle)) {
+            pInfo->flags |= CKF_USER_PIN_INITIALIZED;
+        } else {
+            pInfo->flags |= CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED;
+            /*
+             * if we are doing a merge style update, and we need to get the password
+             * of our source database (the database we are updating from), make sure we
+             * return a token name that will match the database we are prompting for.
+             */
+            if (sftkdb_NeedUpdateDBPassword(handle)) {
+                /* if we have an update tok description, use it. otherwise
+                 * use the updateID for this database */
+                if (!sftk_isBlank(slot->updateTokDescription,
+                                  sizeof(pInfo->label))) {
+                    PORT_Memcpy(pInfo->label, slot->updateTokDescription,
+                                sizeof(pInfo->label));
+                } else {
+                    /* build from updateID */
+                    const char *updateID = sftkdb_GetUpdateID(handle);
+                    if (updateID) {
+                        sftk_setStringName(updateID, (char *)pInfo->label,
+                                           sizeof(pInfo->label), PR_FALSE);
+                    }
+                }
+            }
+        }
+        pInfo->ulMaxPinLen = SFTK_MAX_PIN;
+        pInfo->ulMinPinLen = (CK_ULONG)slot->minimumPinLen;
+        pInfo->ulTotalPublicMemory = 1;
+        pInfo->ulFreePublicMemory = 1;
+        pInfo->ulTotalPrivateMemory = 1;
+        pInfo->ulFreePrivateMemory = 1;
+#ifdef SHDB_FIXME
+        pInfo->hardwareVersion.major = CERT_DB_FILE_VERSION;
+        pInfo->hardwareVersion.minor = handle->version;
+#else
+        pInfo->hardwareVersion.major = 0;
+        pInfo->hardwareVersion.minor = 0;
+#endif
+        sftk_freeDB(handle);
+    }
+    /*
+     * CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED  how CKF_TOKEN_INITIALIZED
+     *                                              should be set
+     *         0                   0                           1
+     *         1                   0                           0
+     *         0                   1                           1
+     *         1                   1                           1
+     */
+    if (!(pInfo->flags & CKF_LOGIN_REQUIRED) ||
+        (pInfo->flags & CKF_USER_PIN_INITIALIZED)) {
+        pInfo->flags |= CKF_TOKEN_INITIALIZED;
+    }
+    return CKR_OK;
+}
+
+/* NSC_GetMechanismList obtains a list of mechanism types
+ * supported by a token. */
+CK_RV
+NSC_GetMechanismList(CK_SLOT_ID slotID,
+                     CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pulCount)
+{
+    CK_ULONG i;
+
+    CHECK_FORK();
+
+    switch (slotID) {
+        /* default: */
+        case NETSCAPE_SLOT_ID:
+            *pulCount = mechanismCount;
+            if (pMechanismList != NULL) {
+                for (i = 0; i < mechanismCount; i++) {
+                    pMechanismList[i] = mechanisms[i].type;
+                }
+            }
+            break;
+        default:
+            *pulCount = 0;
+            for (i = 0; i < mechanismCount; i++) {
+                if (mechanisms[i].privkey) {
+                    (*pulCount)++;
+                    if (pMechanismList != NULL) {
+                        *pMechanismList++ = mechanisms[i].type;
+                    }
+                }
+            }
+            break;
+    }
+    return CKR_OK;
+}
+
+/* NSC_GetMechanismInfo obtains information about a particular mechanism
+ * possibly supported by a token. */
+CK_RV
+NSC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
+                     CK_MECHANISM_INFO_PTR pInfo)
+{
+    PRBool isPrivateKey;
+    CK_ULONG i;
+
+    CHECK_FORK();
+
+    switch (slotID) {
+        case NETSCAPE_SLOT_ID:
+            isPrivateKey = PR_FALSE;
+            break;
+        default:
+            isPrivateKey = PR_TRUE;
+            break;
+    }
+    for (i = 0; i < mechanismCount; i++) {
+        if (type == mechanisms[i].type) {
+            if (isPrivateKey && !mechanisms[i].privkey) {
+                return CKR_MECHANISM_INVALID;
+            }
+            PORT_Memcpy(pInfo, &mechanisms[i].info, sizeof(CK_MECHANISM_INFO));
+            return CKR_OK;
+        }
+    }
+    return CKR_MECHANISM_INVALID;
+}
+
+CK_RV
+sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op)
+{
+    CK_ULONG i;
+    CK_FLAGS flags;
+
+    switch (op) {
+        case CKA_ENCRYPT:
+            flags = CKF_ENCRYPT;
+            break;
+        case CKA_DECRYPT:
+            flags = CKF_DECRYPT;
+            break;
+        case CKA_WRAP:
+            flags = CKF_WRAP;
+            break;
+        case CKA_UNWRAP:
+            flags = CKF_UNWRAP;
+            break;
+        case CKA_SIGN:
+            flags = CKF_SIGN;
+            break;
+        case CKA_SIGN_RECOVER:
+            flags = CKF_SIGN_RECOVER;
+            break;
+        case CKA_VERIFY:
+            flags = CKF_VERIFY;
+            break;
+        case CKA_VERIFY_RECOVER:
+            flags = CKF_VERIFY_RECOVER;
+            break;
+        case CKA_DERIVE:
+            flags = CKF_DERIVE;
+            break;
+        default:
+            return CKR_ARGUMENTS_BAD;
+    }
+    for (i = 0; i < mechanismCount; i++) {
+        if (type == mechanisms[i].type) {
+            return (flags & mechanisms[i].info.flags) ? CKR_OK
+                                                      : CKR_MECHANISM_INVALID;
+        }
+    }
+    return CKR_MECHANISM_INVALID;
+}
+
+/* NSC_InitToken initializes a token. */
+CK_RV
+NSC_InitToken(CK_SLOT_ID slotID, CK_CHAR_PTR pPin,
+              CK_ULONG ulPinLen, CK_CHAR_PTR pLabel)
+{
+    SFTKSlot *slot = sftk_SlotFromID(slotID, PR_FALSE);
+    SFTKDBHandle *handle;
+    SFTKDBHandle *certHandle;
+    SECStatus rv;
+    unsigned int i;
+    SFTKObject *object;
+
+    CHECK_FORK();
+
+    if (slot == NULL)
+        return CKR_SLOT_ID_INVALID;
+
+    /* don't initialize the database if we aren't talking to a token
+     * that uses the key database.
+     */
+    if (slotID == NETSCAPE_SLOT_ID) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    /* first, delete all our loaded key and cert objects from our
+     * internal list. */
+    PZ_Lock(slot->objectLock);
+    for (i = 0; i < slot->sessObjHashSize; i++) {
+        do {
+            object = slot->sessObjHashTable[i];
+            /* hand deque */
+            /* this duplicates function of NSC_close session functions, but
+             * because we know that we are freeing all the sessions, we can
+             * do more efficient processing */
+            if (object) {
+                slot->sessObjHashTable[i] = object->next;
+
+                if (object->next)
+                    object->next->prev = NULL;
+                object->next = object->prev = NULL;
+            }
+            if (object)
+                sftk_FreeObject(object);
+        } while (object != NULL);
+    }
+    slot->DB_loaded = PR_FALSE;
+    PZ_Unlock(slot->objectLock);
+
+    /* then clear out the key database */
+    handle = sftk_getKeyDB(slot);
+    if (handle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    rv = sftkdb_ResetKeyDB(handle);
+    sftk_freeDB(handle);
+    if (rv != SECSuccess) {
+        return CKR_DEVICE_ERROR;
+    }
+
+    /* finally  mark all the user certs as non-user certs */
+    certHandle = sftk_getCertDB(slot);
+    if (certHandle == NULL)
+        return CKR_OK;
+
+    sftk_freeDB(certHandle);
+
+    return CKR_OK; /*is this the right function for not implemented*/
+}
+
+/* NSC_InitPIN initializes the normal user's PIN. */
+CK_RV
+NSC_InitPIN(CK_SESSION_HANDLE hSession,
+            CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+    SFTKSession *sp = NULL;
+    SFTKSlot *slot;
+    SFTKDBHandle *handle = NULL;
+    char newPinStr[SFTK_MAX_PIN + 1];
+    SECStatus rv;
+    CK_RV crv = CKR_SESSION_HANDLE_INVALID;
+    PRBool tokenRemoved = PR_FALSE;
+
+    CHECK_FORK();
+
+    sp = sftk_SessionFromHandle(hSession);
+    if (sp == NULL) {
+        goto loser;
+    }
+
+    slot = sftk_SlotFromSession(sp);
+    if (slot == NULL) {
+        goto loser;
+    }
+
+    handle = sftk_getKeyDB(slot);
+    if (handle == NULL) {
+        crv = CKR_PIN_LEN_RANGE;
+        goto loser;
+    }
+
+    if (sp->info.state != CKS_RW_SO_FUNCTIONS) {
+        crv = CKR_USER_NOT_LOGGED_IN;
+        goto loser;
+    }
+
+    sftk_FreeSession(sp);
+    sp = NULL;
+
+    /* make sure the pins aren't too long */
+    if (ulPinLen > SFTK_MAX_PIN) {
+        crv = CKR_PIN_LEN_RANGE;
+        goto loser;
+    }
+    if (ulPinLen < (CK_ULONG)slot->minimumPinLen) {
+        crv = CKR_PIN_LEN_RANGE;
+        goto loser;
+    }
+
+    if (sftkdb_HasPasswordSet(handle) != SECFailure) {
+        crv = CKR_DEVICE_ERROR;
+        goto loser;
+    }
+
+    /* convert to null terminated string */
+    PORT_Memcpy(newPinStr, pPin, ulPinLen);
+    newPinStr[ulPinLen] = 0;
+
+    /* build the hashed pins which we pass around */
+
+    /* change the data base */
+    rv = sftkdb_ChangePassword(handle, NULL, newPinStr, &tokenRemoved);
+    if (tokenRemoved) {
+        sftk_CloseAllSessions(slot, PR_FALSE);
+    }
+    sftk_freeDB(handle);
+    handle = NULL;
+
+    /* Now update our local copy of the pin */
+    if (rv == SECSuccess) {
+        if (ulPinLen == 0)
+            slot->needLogin = PR_FALSE;
+        /* database has been initialized, now force min password in FIPS
+         * mode. NOTE: if we are in level1, we may not have a password, but
+         * forcing it now will prevent an insufficient password from being set.
+         */
+        if ((sftk_GetModuleIndex(slot->slotID) == NSC_FIPS_MODULE) &&
+            (slot->minimumPinLen < FIPS_MIN_PIN)) {
+            slot->minimumPinLen = FIPS_MIN_PIN;
+        }
+        return CKR_OK;
+    }
+    crv = CKR_PIN_INCORRECT;
+
+loser:
+    if (sp) {
+        sftk_FreeSession(sp);
+    }
+    if (handle) {
+        sftk_freeDB(handle);
+    }
+    return crv;
+}
+
+/* NSC_SetPIN modifies the PIN of user that is currently logged in. */
+/* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
+CK_RV
+NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
+           CK_ULONG ulOldLen, CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen)
+{
+    SFTKSession *sp = NULL;
+    SFTKSlot *slot;
+    SFTKDBHandle *handle = NULL;
+    char newPinStr[SFTK_MAX_PIN + 1], oldPinStr[SFTK_MAX_PIN + 1];
+    SECStatus rv;
+    CK_RV crv = CKR_SESSION_HANDLE_INVALID;
+    PRBool tokenRemoved = PR_FALSE;
+
+    CHECK_FORK();
+
+    sp = sftk_SessionFromHandle(hSession);
+    if (sp == NULL) {
+        goto loser;
+    }
+
+    slot = sftk_SlotFromSession(sp);
+    if (!slot) {
+        goto loser;
+    }
+
+    handle = sftk_getKeyDB(slot);
+    if (handle == NULL) {
+        sftk_FreeSession(sp);
+        return CKR_PIN_LEN_RANGE; /* XXX FIXME wrong return value */
+    }
+
+    if (slot->needLogin && sp->info.state != CKS_RW_USER_FUNCTIONS) {
+        crv = CKR_USER_NOT_LOGGED_IN;
+        goto loser;
+    }
+
+    sftk_FreeSession(sp);
+    sp = NULL;
+
+    /* make sure the pins aren't too long */
+    if ((ulNewLen > SFTK_MAX_PIN) || (ulOldLen > SFTK_MAX_PIN)) {
+        crv = CKR_PIN_LEN_RANGE;
+        goto loser;
+    }
+    if (ulNewLen < (CK_ULONG)slot->minimumPinLen) {
+        crv = CKR_PIN_LEN_RANGE;
+        goto loser;
+    }
+
+    /* convert to null terminated string */
+    PORT_Memcpy(newPinStr, pNewPin, ulNewLen);
+    newPinStr[ulNewLen] = 0;
+    PORT_Memcpy(oldPinStr, pOldPin, ulOldLen);
+    oldPinStr[ulOldLen] = 0;
+
+    /* change the data base password */
+    PR_Lock(slot->pwCheckLock);
+    rv = sftkdb_ChangePassword(handle, oldPinStr, newPinStr, &tokenRemoved);
+    if (tokenRemoved) {
+        sftk_CloseAllSessions(slot, PR_FALSE);
+    }
+    if ((rv != SECSuccess) && (slot->slotID == FIPS_SLOT_ID)) {
+        PR_Sleep(loginWaitTime);
+    }
+    PR_Unlock(slot->pwCheckLock);
+
+    /* Now update our local copy of the pin */
+    if (rv == SECSuccess) {
+        slot->needLogin = (PRBool)(ulNewLen != 0);
+        /* Reset login flags. */
+        if (ulNewLen == 0) {
+            PRBool tokenRemoved = PR_FALSE;
+            PZ_Lock(slot->slotLock);
+            slot->isLoggedIn = PR_FALSE;
+            slot->ssoLoggedIn = PR_FALSE;
+            PZ_Unlock(slot->slotLock);
+
+            rv = sftkdb_CheckPassword(handle, "", &tokenRemoved);
+            if (tokenRemoved) {
+                sftk_CloseAllSessions(slot, PR_FALSE);
+            }
+        }
+        sftk_update_all_states(slot);
+        sftk_freeDB(handle);
+        return CKR_OK;
+    }
+    crv = CKR_PIN_INCORRECT;
+loser:
+    if (sp) {
+        sftk_FreeSession(sp);
+    }
+    if (handle) {
+        sftk_freeDB(handle);
+    }
+    return crv;
+}
+
+/* NSC_OpenSession opens a session between an application and a token. */
+CK_RV
+NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
+                CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
+{
+    SFTKSlot *slot;
+    CK_SESSION_HANDLE sessionID;
+    SFTKSession *session;
+    SFTKSession *sameID;
+
+    CHECK_FORK();
+
+    slot = sftk_SlotFromID(slotID, PR_FALSE);
+    if (slot == NULL)
+        return CKR_SLOT_ID_INVALID;
+
+    /* new session (we only have serial sessions) */
+    session = sftk_NewSession(slotID, Notify, pApplication,
+                              flags | CKF_SERIAL_SESSION);
+    if (session == NULL)
+        return CKR_HOST_MEMORY;
+
+    if (slot->readOnly && (flags & CKF_RW_SESSION)) {
+        /* NETSCAPE_SLOT_ID is Read ONLY */
+        session->info.flags &= ~CKF_RW_SESSION;
+    }
+    PZ_Lock(slot->slotLock);
+    ++slot->sessionCount;
+    PZ_Unlock(slot->slotLock);
+    if (session->info.flags & CKF_RW_SESSION) {
+        (void)PR_ATOMIC_INCREMENT(&slot->rwSessionCount);
+    }
+
+    do {
+        PZLock *lock;
+        do {
+            sessionID = (PR_ATOMIC_INCREMENT(&slot->sessionIDCount) & 0xffffff) | (slot->index << 24);
+        } while (sessionID == CK_INVALID_HANDLE);
+        lock = SFTK_SESSION_LOCK(slot, sessionID);
+        PZ_Lock(lock);
+        sftkqueue_find(sameID, sessionID, slot->head, slot->sessHashSize);
+        if (sameID == NULL) {
+            session->handle = sessionID;
+            sftk_update_state(slot, session);
+            sftkqueue_add(session, sessionID, slot->head, slot->sessHashSize);
+        } else {
+            slot->sessionIDConflict++; /* for debugging */
+        }
+        PZ_Unlock(lock);
+    } while (sameID != NULL);
+
+    *phSession = sessionID;
+    return CKR_OK;
+}
+
+/* NSC_CloseSession closes a session between an application and a token. */
+CK_RV
+NSC_CloseSession(CK_SESSION_HANDLE hSession)
+{
+    SFTKSlot *slot;
+    SFTKSession *session;
+    PRBool sessionFound;
+    PZLock *lock;
+
+    CHECK_FORK();
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    slot = sftk_SlotFromSession(session);
+    sessionFound = PR_FALSE;
+
+    /* lock */
+    lock = SFTK_SESSION_LOCK(slot, hSession);
+    PZ_Lock(lock);
+    if (sftkqueue_is_queued(session, hSession, slot->head, slot->sessHashSize)) {
+        sessionFound = PR_TRUE;
+        sftkqueue_delete(session, hSession, slot->head, slot->sessHashSize);
+        session->refCount--; /* can't go to zero while we hold the reference */
+        PORT_Assert(session->refCount > 0);
+    }
+    PZ_Unlock(lock);
+
+    if (sessionFound) {
+        SFTKDBHandle *handle;
+        handle = sftk_getKeyDB(slot);
+        PZ_Lock(slot->slotLock);
+        if (--slot->sessionCount == 0) {
+            slot->isLoggedIn = PR_FALSE;
+            if (slot->needLogin && handle) {
+                sftkdb_ClearPassword(handle);
+            }
+        }
+        PZ_Unlock(slot->slotLock);
+        if (handle) {
+            sftk_freeDB(handle);
+        }
+        if (session->info.flags & CKF_RW_SESSION) {
+            (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount);
+        }
+    }
+
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_CloseAllSessions closes all sessions with a token. */
+CK_RV
+NSC_CloseAllSessions(CK_SLOT_ID slotID)
+{
+    SFTKSlot *slot;
+
+#ifndef NO_FORK_CHECK
+    /* skip fork check if we are being called from C_Initialize or C_Finalize */
+    if (!parentForkedAfterC_Initialize) {
+        CHECK_FORK();
+    }
+#endif
+
+    slot = sftk_SlotFromID(slotID, PR_FALSE);
+    if (slot == NULL)
+        return CKR_SLOT_ID_INVALID;
+
+    return sftk_CloseAllSessions(slot, PR_TRUE);
+}
+
+/* NSC_GetSessionInfo obtains information about the session. */
+CK_RV
+NSC_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                   CK_SESSION_INFO_PTR pInfo)
+{
+    SFTKSession *session;
+
+    CHECK_FORK();
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+
+    PORT_Memcpy(pInfo, &session->info, sizeof(CK_SESSION_INFO));
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_Login logs a user into a token. */
+CK_RV
+NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
+          CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
+    SFTKSlot *slot;
+    SFTKSession *session;
+    SFTKDBHandle *handle;
+    CK_FLAGS sessionFlags;
+    SECStatus rv;
+    CK_RV crv;
+    char pinStr[SFTK_MAX_PIN + 1];
+    PRBool tokenRemoved = PR_FALSE;
+
+    CHECK_FORK();
+
+    /* get the slot */
+    slot = sftk_SlotFromSessionHandle(hSession);
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    /* make sure the session is valid */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    sessionFlags = session->info.flags;
+    sftk_FreeSession(session);
+    session = NULL;
+
+    /* can't log into the Netscape Slot */
+    if (slot->slotID == NETSCAPE_SLOT_ID) {
+        return CKR_USER_TYPE_INVALID;
+    }
+
+    if (slot->isLoggedIn)
+        return CKR_USER_ALREADY_LOGGED_IN;
+    if (!slot->needLogin) {
+        return ulPinLen ? CKR_PIN_INCORRECT : CKR_OK;
+    }
+    slot->ssoLoggedIn = PR_FALSE;
+
+    if (ulPinLen > SFTK_MAX_PIN)
+        return CKR_PIN_LEN_RANGE;
+
+    /* convert to null terminated string */
+    if (ulPinLen) {
+        PORT_Memcpy(pinStr, pPin, ulPinLen);
+    }
+    pinStr[ulPinLen] = 0;
+
+    handle = sftk_getKeyDB(slot);
+    if (handle == NULL) {
+        return CKR_USER_TYPE_INVALID;
+    }
+
+    /*
+     * Deal with bootstrap. We allow the SSO to login in with a NULL
+     * password if and only if we haven't initialized the KEY DB yet.
+     * We only allow this on a RW session.
+     */
+    rv = sftkdb_HasPasswordSet(handle);
+    if (rv == SECFailure) {
+        /* allow SSO's to log in only if there is not password on the
+         * key database */
+        if (((userType == CKU_SO) && (sessionFlags & CKF_RW_SESSION))
+            /* fips always needs to authenticate, even if there isn't a db */
+            || (slot->slotID == FIPS_SLOT_ID)) {
+            /* should this be a fixed password? */
+            if (ulPinLen == 0) {
+                sftkdb_ClearPassword(handle);
+                PZ_Lock(slot->slotLock);
+                slot->isLoggedIn = PR_TRUE;
+                slot->ssoLoggedIn = (PRBool)(userType == CKU_SO);
+                PZ_Unlock(slot->slotLock);
+                sftk_update_all_states(slot);
+                crv = CKR_OK;
+                goto done;
+            }
+            crv = CKR_PIN_INCORRECT;
+            goto done;
+        }
+        crv = CKR_USER_TYPE_INVALID;
+        goto done;
+    }
+
+    /* don't allow the SSO to log in if the user is already initialized */
+    if (userType != CKU_USER) {
+        crv = CKR_USER_TYPE_INVALID;
+        goto done;
+    }
+
+    /* build the hashed pins which we pass around */
+    PR_Lock(slot->pwCheckLock);
+    rv = sftkdb_CheckPassword(handle, pinStr, &tokenRemoved);
+    if (tokenRemoved) {
+        sftk_CloseAllSessions(slot, PR_FALSE);
+    }
+    if ((rv != SECSuccess) && (slot->slotID == FIPS_SLOT_ID)) {
+        PR_Sleep(loginWaitTime);
+    }
+    PR_Unlock(slot->pwCheckLock);
+    if (rv == SECSuccess) {
+        PZ_Lock(slot->slotLock);
+        /* make sure the login state matches the underlying
+         * database state */
+        slot->isLoggedIn = sftkdb_PWCached(handle) == SECSuccess ? PR_TRUE : PR_FALSE;
+        PZ_Unlock(slot->slotLock);
+
+        sftk_freeDB(handle);
+        handle = NULL;
+
+        /* update all sessions */
+        sftk_update_all_states(slot);
+        return CKR_OK;
+    }
+
+    crv = CKR_PIN_INCORRECT;
+done:
+    if (handle) {
+        sftk_freeDB(handle);
+    }
+    return crv;
+}
+
+/* NSC_Logout logs a user out from a token. */
+CK_RV
+NSC_Logout(CK_SESSION_HANDLE hSession)
+{
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    SFTKSession *session;
+    SFTKDBHandle *handle;
+
+    CHECK_FORK();
+
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    sftk_FreeSession(session);
+    session = NULL;
+
+    if (!slot->isLoggedIn)
+        return CKR_USER_NOT_LOGGED_IN;
+
+    handle = sftk_getKeyDB(slot);
+    PZ_Lock(slot->slotLock);
+    slot->isLoggedIn = PR_FALSE;
+    slot->ssoLoggedIn = PR_FALSE;
+    if (slot->needLogin && handle) {
+        sftkdb_ClearPassword(handle);
+    }
+    PZ_Unlock(slot->slotLock);
+    if (handle) {
+        sftk_freeDB(handle);
+    }
+
+    sftk_update_all_states(slot);
+    return CKR_OK;
+}
+
+/*
+ * Create or remove a new slot on the fly.
+ * When creating a slot, "slot" is the slot that the request came from. The
+ * resulting slot will live in the same module as "slot".
+ * When removing a slot, "slot" is the slot to be removed.
+ * "object" is the creation object that specifies the module spec for the slot
+ * to add or remove.
+ */
+static CK_RV
+sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class,
+                   SFTKObject *object)
+{
+    PRBool isValidUserSlot = PR_FALSE;
+    PRBool isValidFIPSUserSlot = PR_FALSE;
+    PRBool isValidSlot = PR_FALSE;
+    PRBool isFIPS = PR_FALSE;
+    unsigned long moduleIndex = NSC_NON_FIPS_MODULE;
+    SFTKAttribute *attribute;
+    sftk_parameters paramStrings;
+    char *paramString;
+    CK_SLOT_ID slotID = 0;
+    SFTKSlot *newSlot = NULL;
+    CK_RV crv = CKR_OK;
+
+    if (class != CKO_NETSCAPE_DELSLOT && class != CKO_NETSCAPE_NEWSLOT) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    if (class == CKO_NETSCAPE_NEWSLOT && slot->slotID == FIPS_SLOT_ID) {
+        isFIPS = PR_TRUE;
+    }
+    attribute = sftk_FindAttribute(object, CKA_NETSCAPE_MODULE_SPEC);
+    if (attribute == NULL) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    paramString = (char *)attribute->attrib.pValue;
+    crv = sftk_parseParameters(paramString, &paramStrings, isFIPS);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    /* enforce only one at a time */
+    if (paramStrings.token_count != 1) {
+        crv = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+
+    slotID = paramStrings.tokens[0].slotID;
+
+    /* stay within the valid ID space */
+    isValidUserSlot = (slotID >= SFTK_MIN_USER_SLOT_ID &&
+                       slotID <= SFTK_MAX_USER_SLOT_ID);
+    isValidFIPSUserSlot = (slotID >= SFTK_MIN_FIPS_USER_SLOT_ID &&
+                           slotID <= SFTK_MAX_FIPS_USER_SLOT_ID);
+
+    if (class == CKO_NETSCAPE_DELSLOT) {
+        if (slot->slotID == slotID) {
+            isValidSlot = isValidUserSlot || isValidFIPSUserSlot;
+        }
+    } else {
+        /* only the crypto or FIPS slots can create new slot objects */
+        if (slot->slotID == NETSCAPE_SLOT_ID) {
+            isValidSlot = isValidUserSlot;
+            moduleIndex = NSC_NON_FIPS_MODULE;
+        } else if (slot->slotID == FIPS_SLOT_ID) {
+            isValidSlot = isValidFIPSUserSlot;
+            moduleIndex = NSC_FIPS_MODULE;
+        }
+    }
+
+    if (!isValidSlot) {
+        crv = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+
+    /* unload any existing slot at this id */
+    newSlot = sftk_SlotFromID(slotID, PR_TRUE);
+    if (newSlot && newSlot->present) {
+        crv = SFTK_ShutdownSlot(newSlot);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+    }
+
+    /* if we were just planning on deleting the slot, then do so now */
+    if (class == CKO_NETSCAPE_DELSLOT) {
+        /* sort of a unconventional use of this error code, be we are
+         * overusing CKR_ATTRIBUTE_VALUE_INVALID, and it does apply */
+        crv = newSlot ? CKR_OK : CKR_SLOT_ID_INVALID;
+        goto loser; /* really exit */
+    }
+
+    if (newSlot) {
+        crv = SFTK_SlotReInit(newSlot, paramStrings.configdir,
+                              paramStrings.updatedir, paramStrings.updateID,
+                              &paramStrings.tokens[0], moduleIndex);
+    } else {
+        crv = SFTK_SlotInit(paramStrings.configdir,
+                            paramStrings.updatedir, paramStrings.updateID,
+                            &paramStrings.tokens[0], moduleIndex);
+    }
+
+loser:
+    sftk_freeParams(&paramStrings);
+    sftk_FreeAttribute(attribute);
+
+    return crv;
+}
+
+/* NSC_CreateObject creates a new object. */
+CK_RV
+NSC_CreateObject(CK_SESSION_HANDLE hSession,
+                 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                 CK_OBJECT_HANDLE_PTR phObject)
+{
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    SFTKSession *session;
+    SFTKObject *object;
+    /* make sure class isn't randomly CKO_NETSCAPE_NEWSLOT or
+     * CKO_NETSCPE_DELSLOT. */
+    CK_OBJECT_CLASS class = CKO_VENDOR_DEFINED;
+    CK_RV crv;
+    int i;
+
+    CHECK_FORK();
+
+    *phObject = CK_INVALID_HANDLE;
+
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * now lets create an object to hang the attributes off of
+     */
+    object = sftk_NewObject(slot); /* fill in the handle later */
+    if (object == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /*
+     * load the template values into the object
+     */
+    for (i = 0; i < (int)ulCount; i++) {
+        crv = sftk_AddAttributeType(object, sftk_attr_expand(&pTemplate[i]));
+        if (crv != CKR_OK) {
+            sftk_FreeObject(object);
+            return crv;
+        }
+        if ((pTemplate[i].type == CKA_CLASS) && pTemplate[i].pValue) {
+            class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+        }
+    }
+
+    /* get the session */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        sftk_FreeObject(object);
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    /*
+     * handle pseudo objects (CKO_NEWSLOT)
+     */
+    if ((class == CKO_NETSCAPE_NEWSLOT) || (class == CKO_NETSCAPE_DELSLOT)) {
+        crv = sftk_CreateNewSlot(slot, class, object);
+        goto done;
+    }
+
+    /*
+     * handle the base object stuff
+     */
+    crv = sftk_handleObject(object, session);
+    *phObject = object->handle;
+done:
+    sftk_FreeSession(session);
+    sftk_FreeObject(object);
+
+    return crv;
+}
+
+/* NSC_CopyObject copies an object, creating a new object for the copy. */
+CK_RV
+NSC_CopyObject(CK_SESSION_HANDLE hSession,
+               CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+               CK_OBJECT_HANDLE_PTR phNewObject)
+{
+    SFTKObject *destObject, *srcObject;
+    SFTKSession *session;
+    CK_RV crv = CKR_OK;
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    int i;
+
+    CHECK_FORK();
+
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /* Get srcObject so we can find the class */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    srcObject = sftk_ObjectFromHandle(hObject, session);
+    if (srcObject == NULL) {
+        sftk_FreeSession(session);
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+    /*
+     * create an object to hang the attributes off of
+     */
+    destObject = sftk_NewObject(slot); /* fill in the handle later */
+    if (destObject == NULL) {
+        sftk_FreeSession(session);
+        sftk_FreeObject(srcObject);
+        return CKR_HOST_MEMORY;
+    }
+
+    /*
+     * load the template values into the object
+     */
+    for (i = 0; i < (int)ulCount; i++) {
+        if (sftk_modifyType(pTemplate[i].type, srcObject->objclass) == SFTK_NEVER) {
+            crv = CKR_ATTRIBUTE_READ_ONLY;
+            break;
+        }
+        crv = sftk_AddAttributeType(destObject, sftk_attr_expand(&pTemplate[i]));
+        if (crv != CKR_OK) {
+            break;
+        }
+    }
+    if (crv != CKR_OK) {
+        sftk_FreeSession(session);
+        sftk_FreeObject(srcObject);
+        sftk_FreeObject(destObject);
+        return crv;
+    }
+
+    /* sensitive can only be changed to CK_TRUE */
+    if (sftk_hasAttribute(destObject, CKA_SENSITIVE)) {
+        if (!sftk_isTrue(destObject, CKA_SENSITIVE)) {
+            sftk_FreeSession(session);
+            sftk_FreeObject(srcObject);
+            sftk_FreeObject(destObject);
+            return CKR_ATTRIBUTE_READ_ONLY;
+        }
+    }
+
+    /*
+     * now copy the old attributes from the new attributes
+     */
+    /* don't create a token object if we aren't in a rw session */
+    /* we need to hold the lock to copy a consistant version of
+     * the object. */
+    crv = sftk_CopyObject(destObject, srcObject);
+
+    destObject->objclass = srcObject->objclass;
+    sftk_FreeObject(srcObject);
+    if (crv != CKR_OK) {
+        sftk_FreeObject(destObject);
+        sftk_FreeSession(session);
+        return crv;
+    }
+
+    crv = sftk_handleObject(destObject, session);
+    *phNewObject = destObject->handle;
+    sftk_FreeSession(session);
+    sftk_FreeObject(destObject);
+
+    return crv;
+}
+
+/* NSC_GetObjectSize gets the size of an object in bytes. */
+CK_RV
+NSC_GetObjectSize(CK_SESSION_HANDLE hSession,
+                  CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
+{
+    CHECK_FORK();
+
+    *pulSize = 0;
+    return CKR_OK;
+}
+
+/* NSC_GetAttributeValue obtains the value of one or more object attributes. */
+CK_RV
+NSC_GetAttributeValue(CK_SESSION_HANDLE hSession,
+                      CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    SFTKSession *session;
+    SFTKObject *object;
+    SFTKAttribute *attribute;
+    PRBool sensitive;
+    CK_RV crv;
+    int i;
+
+    CHECK_FORK();
+
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * make sure we're allowed
+     */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    /* short circuit everything for token objects */
+    if (sftk_isToken(hObject)) {
+        SFTKSlot *slot = sftk_SlotFromSession(session);
+        SFTKDBHandle *dbHandle = sftk_getDBForTokenObject(slot, hObject);
+        SFTKDBHandle *keydb = NULL;
+
+        if (dbHandle == NULL) {
+            sftk_FreeSession(session);
+            return CKR_OBJECT_HANDLE_INVALID;
+        }
+
+        crv = sftkdb_GetAttributeValue(dbHandle, hObject, pTemplate, ulCount);
+
+        /* make sure we don't export any sensitive information */
+        keydb = sftk_getKeyDB(slot);
+        if (dbHandle == keydb) {
+            for (i = 0; i < (int)ulCount; i++) {
+                if (sftk_isSensitive(pTemplate[i].type, CKO_PRIVATE_KEY)) {
+                    crv = CKR_ATTRIBUTE_SENSITIVE;
+                    if (pTemplate[i].pValue && (pTemplate[i].ulValueLen != -1)) {
+                        PORT_Memset(pTemplate[i].pValue, 0,
+                                    pTemplate[i].ulValueLen);
+                    }
+                    pTemplate[i].ulValueLen = -1;
+                }
+            }
+        }
+
+        sftk_FreeSession(session);
+        sftk_freeDB(dbHandle);
+        if (keydb) {
+            sftk_freeDB(keydb);
+        }
+        return crv;
+    }
+
+    /* handle the session object */
+    object = sftk_ObjectFromHandle(hObject, session);
+    sftk_FreeSession(session);
+    if (object == NULL) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    /* don't read a private object if we aren't logged in */
+    if ((!slot->isLoggedIn) && (slot->needLogin) &&
+        (sftk_isTrue(object, CKA_PRIVATE))) {
+        sftk_FreeObject(object);
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+
+    crv = CKR_OK;
+    sensitive = sftk_isTrue(object, CKA_SENSITIVE);
+    for (i = 0; i < (int)ulCount; i++) {
+        /* Make sure that this attribute is retrievable */
+        if (sensitive && sftk_isSensitive(pTemplate[i].type, object->objclass)) {
+            crv = CKR_ATTRIBUTE_SENSITIVE;
+            pTemplate[i].ulValueLen = -1;
+            continue;
+        }
+        attribute = sftk_FindAttribute(object, pTemplate[i].type);
+        if (attribute == NULL) {
+            crv = CKR_ATTRIBUTE_TYPE_INVALID;
+            pTemplate[i].ulValueLen = -1;
+            continue;
+        }
+        if (pTemplate[i].pValue != NULL) {
+            PORT_Memcpy(pTemplate[i].pValue, attribute->attrib.pValue,
+                        attribute->attrib.ulValueLen);
+        }
+        pTemplate[i].ulValueLen = attribute->attrib.ulValueLen;
+        sftk_FreeAttribute(attribute);
+    }
+
+    sftk_FreeObject(object);
+    return crv;
+}
+
+/* NSC_SetAttributeValue modifies the value of one or more object attributes */
+CK_RV
+NSC_SetAttributeValue(CK_SESSION_HANDLE hSession,
+                      CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    SFTKSession *session;
+    SFTKAttribute *attribute;
+    SFTKObject *object;
+    PRBool isToken;
+    CK_RV crv = CKR_OK;
+    CK_BBOOL legal;
+    int i;
+
+    CHECK_FORK();
+
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * make sure we're allowed
+     */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    object = sftk_ObjectFromHandle(hObject, session);
+    if (object == NULL) {
+        sftk_FreeSession(session);
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    /* don't modify a private object if we aren't logged in */
+    if ((!slot->isLoggedIn) && (slot->needLogin) &&
+        (sftk_isTrue(object, CKA_PRIVATE))) {
+        sftk_FreeSession(session);
+        sftk_FreeObject(object);
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+
+    /* don't modify a token object if we aren't in a rw session */
+    isToken = sftk_isTrue(object, CKA_TOKEN);
+    if (((session->info.flags & CKF_RW_SESSION) == 0) && isToken) {
+        sftk_FreeSession(session);
+        sftk_FreeObject(object);
+        return CKR_SESSION_READ_ONLY;
+    }
+    sftk_FreeSession(session);
+
+    /* only change modifiable objects */
+    if (!sftk_isTrue(object, CKA_MODIFIABLE)) {
+        sftk_FreeObject(object);
+        return CKR_ATTRIBUTE_READ_ONLY;
+    }
+
+    for (i = 0; i < (int)ulCount; i++) {
+        /* Make sure that this attribute is changeable */
+        switch (sftk_modifyType(pTemplate[i].type, object->objclass)) {
+            case SFTK_NEVER:
+            case SFTK_ONCOPY:
+            default:
+                crv = CKR_ATTRIBUTE_READ_ONLY;
+                break;
+
+            case SFTK_SENSITIVE:
+                legal = (pTemplate[i].type == CKA_EXTRACTABLE) ? CK_FALSE : CK_TRUE;
+                if ((*(CK_BBOOL *)pTemplate[i].pValue) != legal) {
+                    crv = CKR_ATTRIBUTE_READ_ONLY;
+                }
+                break;
+            case SFTK_ALWAYS:
+                break;
+        }
+        if (crv != CKR_OK)
+            break;
+
+        /* find the old attribute */
+        attribute = sftk_FindAttribute(object, pTemplate[i].type);
+        if (attribute == NULL) {
+            crv = CKR_ATTRIBUTE_TYPE_INVALID;
+            break;
+        }
+        sftk_FreeAttribute(attribute);
+        crv = sftk_forceAttribute(object, sftk_attr_expand(&pTemplate[i]));
+        if (crv != CKR_OK)
+            break;
+    }
+
+    sftk_FreeObject(object);
+    return crv;
+}
+
+static CK_RV
+sftk_expandSearchList(SFTKSearchResults *search, int count)
+{
+    search->array_size += count;
+    search->handles = (CK_OBJECT_HANDLE *)PORT_Realloc(search->handles,
+                                                       sizeof(CK_OBJECT_HANDLE) * search->array_size);
+    return search->handles ? CKR_OK : CKR_HOST_MEMORY;
+}
+
+static CK_RV
+sftk_searchDatabase(SFTKDBHandle *handle, SFTKSearchResults *search,
+                    const CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
+{
+    CK_RV crv;
+    int objectListSize = search->array_size - search->size;
+    CK_OBJECT_HANDLE *array = &search->handles[search->size];
+    SDBFind *find;
+    CK_ULONG count;
+
+    crv = sftkdb_FindObjectsInit(handle, pTemplate, ulCount, &find);
+    if (crv != CKR_OK)
+        return crv;
+    do {
+        crv = sftkdb_FindObjects(handle, find, array, objectListSize, &count);
+        if ((crv != CKR_OK) || (count == 0))
+            break;
+        search->size += count;
+        objectListSize -= count;
+        if (objectListSize > 0)
+            break;
+        crv = sftk_expandSearchList(search, NSC_SEARCH_BLOCK_SIZE);
+        objectListSize = NSC_SEARCH_BLOCK_SIZE;
+        array = &search->handles[search->size];
+    } while (crv == CKR_OK);
+    sftkdb_FindObjectsFinal(handle, find);
+
+    return crv;
+}
+
+/* softoken used to search the SMimeEntries automatically instead of
+ * doing this in pk11wrap. This code should really be up in
+ * pk11wrap so that it will work with other tokens other than softoken.
+ */
+CK_RV
+sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle,
+               SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
+{
+    PRBool isCert = PR_FALSE;
+    int emailIndex = -1;
+    unsigned int i;
+    SFTKSearchResults smime_search;
+    CK_ATTRIBUTE smime_template[2];
+    CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME;
+    SFTKAttribute *attribute = NULL;
+    SFTKObject *object = NULL;
+    CK_RV crv = CKR_OK;
+
+    smime_search.handles = NULL; /* paranoia, some one is bound to add a goto
+                                  * loser before this gets initialized */
+
+    /* see if we are looking for email certs */
+    for (i = 0; i < ulCount; i++) {
+        if (pTemplate[i].type == CKA_CLASS) {
+            if ((pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS) ||
+                 (*(CK_OBJECT_CLASS *)pTemplate[i].pValue) != CKO_CERTIFICATE)) {
+                /* not a cert, skip out */
+                break;
+            }
+            isCert = PR_TRUE;
+        } else if (pTemplate[i].type == CKA_NETSCAPE_EMAIL) {
+            emailIndex = i;
+        }
+        if (isCert && (emailIndex != -1))
+            break;
+    }
+
+    if (!isCert || (emailIndex == -1)) {
+        return CKR_OK;
+    }
+
+    /* we are doing a cert and email search, find the SMimeEntry */
+    smime_template[0].type = CKA_CLASS;
+    smime_template[0].pValue = &smime_class;
+    smime_template[0].ulValueLen = sizeof(smime_class);
+    smime_template[1] = pTemplate[emailIndex];
+
+    smime_search.handles = (CK_OBJECT_HANDLE *)
+        PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * NSC_SEARCH_BLOCK_SIZE);
+    if (smime_search.handles == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    smime_search.index = 0;
+    smime_search.size = 0;
+    smime_search.array_size = NSC_SEARCH_BLOCK_SIZE;
+
+    crv = sftk_searchDatabase(handle, &smime_search, smime_template, 2);
+    if (crv != CKR_OK || smime_search.size == 0) {
+        goto loser;
+    }
+
+    /* get the SMime subject */
+    object = sftk_NewTokenObject(slot, NULL, smime_search.handles[0]);
+    if (object == NULL) {
+        crv = CKR_HOST_MEMORY; /* is there any other reason for this failure? */
+        goto loser;
+    }
+    attribute = sftk_FindAttribute(object, CKA_SUBJECT);
+    if (attribute == NULL) {
+        crv = CKR_ATTRIBUTE_TYPE_INVALID;
+        goto loser;
+    }
+
+    /* now find the certs with that subject */
+    pTemplate[emailIndex] = attribute->attrib;
+    /* now add the appropriate certs to the search list */
+    crv = sftk_searchDatabase(handle, search, pTemplate, ulCount);
+    pTemplate[emailIndex] = smime_template[1]; /* restore the user's template*/
+
+loser:
+    if (attribute) {
+        sftk_FreeAttribute(attribute);
+    }
+    if (object) {
+        sftk_FreeObject(object);
+    }
+    if (smime_search.handles) {
+        PORT_Free(smime_search.handles);
+    }
+
+    return crv;
+}
+
+static void
+sftk_pruneSearch(CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount,
+                 PRBool *searchCertDB, PRBool *searchKeyDB)
+{
+    CK_ULONG i;
+
+    *searchCertDB = PR_TRUE;
+    *searchKeyDB = PR_TRUE;
+    for (i = 0; i < ulCount; i++) {
+        if (pTemplate[i].type == CKA_CLASS && pTemplate[i].pValue != NULL) {
+            CK_OBJECT_CLASS class = *((CK_OBJECT_CLASS *)pTemplate[i].pValue);
+            if (class == CKO_PRIVATE_KEY || class == CKO_SECRET_KEY) {
+                *searchCertDB = PR_FALSE;
+            } else {
+                *searchKeyDB = PR_FALSE;
+            }
+            break;
+        }
+    }
+}
+
+static CK_RV
+sftk_searchTokenList(SFTKSlot *slot, SFTKSearchResults *search,
+                     CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount,
+                     PRBool *tokenOnly, PRBool isLoggedIn)
+{
+    CK_RV crv = CKR_OK;
+    CK_RV crv2;
+    PRBool searchCertDB;
+    PRBool searchKeyDB;
+
+    sftk_pruneSearch(pTemplate, ulCount, &searchCertDB, &searchKeyDB);
+
+    if (searchCertDB) {
+        SFTKDBHandle *certHandle = sftk_getCertDB(slot);
+        crv = sftk_searchDatabase(certHandle, search, pTemplate, ulCount);
+        crv2 = sftk_emailhack(slot, certHandle, search, pTemplate, ulCount);
+        if (crv == CKR_OK)
+            crv = crv2;
+        sftk_freeDB(certHandle);
+    }
+
+    if (crv == CKR_OK && isLoggedIn && searchKeyDB) {
+        SFTKDBHandle *keyHandle = sftk_getKeyDB(slot);
+        crv = sftk_searchDatabase(keyHandle, search, pTemplate, ulCount);
+        sftk_freeDB(keyHandle);
+    }
+    return crv;
+}
+
+/* NSC_FindObjectsInit initializes a search for token and session objects
+ * that match a template. */
+CK_RV
+NSC_FindObjectsInit(CK_SESSION_HANDLE hSession,
+                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
+    SFTKSearchResults *search = NULL, *freeSearch = NULL;
+    SFTKSession *session = NULL;
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    PRBool tokenOnly = PR_FALSE;
+    CK_RV crv = CKR_OK;
+    PRBool isLoggedIn;
+
+    CHECK_FORK();
+
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        crv = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
+    }
+
+    search = (SFTKSearchResults *)PORT_Alloc(sizeof(SFTKSearchResults));
+    if (search == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    search->handles = (CK_OBJECT_HANDLE *)
+        PORT_Alloc(sizeof(CK_OBJECT_HANDLE) * NSC_SEARCH_BLOCK_SIZE);
+    if (search->handles == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    search->index = 0;
+    search->size = 0;
+    search->array_size = NSC_SEARCH_BLOCK_SIZE;
+    isLoggedIn = (PRBool)((!slot->needLogin) || slot->isLoggedIn);
+
+    crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, &tokenOnly,
+                               isLoggedIn);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    /* build list of found objects in the session */
+    if (!tokenOnly) {
+        crv = sftk_searchObjectList(search, slot->sessObjHashTable,
+                                    slot->sessObjHashSize, slot->objectLock,
+                                    pTemplate, ulCount, isLoggedIn);
+    }
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    if ((freeSearch = session->search) != NULL) {
+        session->search = NULL;
+        sftk_FreeSearch(freeSearch);
+    }
+    session->search = search;
+    sftk_FreeSession(session);
+    return CKR_OK;
+
+loser:
+    if (search) {
+        sftk_FreeSearch(search);
+    }
+    if (session) {
+        sftk_FreeSession(session);
+    }
+    return crv;
+}
+
+/* NSC_FindObjects continues a search for token and session objects
+ * that match a template, obtaining additional object handles. */
+CK_RV
+NSC_FindObjects(CK_SESSION_HANDLE hSession,
+                CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount,
+                CK_ULONG_PTR pulObjectCount)
+{
+    SFTKSession *session;
+    SFTKSearchResults *search;
+    int transfer;
+    int left;
+
+    CHECK_FORK();
+
+    *pulObjectCount = 0;
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    if (session->search == NULL) {
+        sftk_FreeSession(session);
+        return CKR_OK;
+    }
+    search = session->search;
+    left = session->search->size - session->search->index;
+    transfer = ((int)ulMaxObjectCount > left) ? left : ulMaxObjectCount;
+    if (transfer > 0) {
+        PORT_Memcpy(phObject, &search->handles[search->index],
+                    transfer * sizeof(CK_OBJECT_HANDLE));
+    } else {
+        *phObject = CK_INVALID_HANDLE;
+    }
+
+    search->index += transfer;
+    if (search->index == search->size) {
+        session->search = NULL;
+        sftk_FreeSearch(search);
+    }
+    *pulObjectCount = transfer;
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_FindObjectsFinal finishes a search for token and session objects. */
+CK_RV
+NSC_FindObjectsFinal(CK_SESSION_HANDLE hSession)
+{
+    SFTKSession *session;
+    SFTKSearchResults *search;
+
+    CHECK_FORK();
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    search = session->search;
+    session->search = NULL;
+    sftk_FreeSession(session);
+    if (search != NULL) {
+        sftk_FreeSearch(search);
+    }
+    return CKR_OK;
+}
+
+CK_RV
+NSC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
+                     CK_VOID_PTR pReserved)
+{
+    CHECK_FORK();
+
+    return CKR_FUNCTION_NOT_SUPPORTED;
+}
diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c
new file mode 100644
index 0000000..9f20240
--- /dev/null
+++ b/nss/lib/softoken/pkcs11c.c
@@ -0,0 +1,7804 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file implements PKCS 11 on top of our existing security modules
+ *
+ * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
+ *   This implementation has two slots:
+ *      slot 1 is our generic crypto support. It does not require login.
+ *   It supports Public Key ops, and all they bulk ciphers and hashes.
+ *   It can also support Private Key ops for imported Private keys. It does
+ *   not have any token storage.
+ *      slot 2 is our private key support. It requires a login before use. It
+ *   can store Private Keys and Certs as token objects. Currently only private
+ *   keys and their associated Certificates are saved on the token.
+ *
+ *   In this implementation, session objects are only visible to the session
+ *   that created or generated them.
+ */
+#include "seccomon.h"
+#include "secitem.h"
+#include "secport.h"
+#include "blapi.h"
+#include "pkcs11.h"
+#include "pkcs11i.h"
+#include "pkcs1sig.h"
+#include "lowkeyi.h"
+#include "secder.h"
+#include "secdig.h"
+#include "lowpbe.h" /* We do PBE below */
+#include "pkcs11t.h"
+#include "secoid.h"
+#include "alghmac.h"
+#include "softoken.h"
+#include "secasn1.h"
+#include "secerr.h"
+
+#include "prprf.h"
+#include "prenv.h"
+
+#define __PASTE(x, y) x##y
+
+/*
+ * we renamed all our internal functions, get the correct
+ * definitions for them...
+ */
+#undef CK_PKCS11_FUNCTION_INFO
+#undef CK_NEED_ARG_LIST
+
+#define CK_EXTERN extern
+#define CK_PKCS11_FUNCTION_INFO(func) \
+    CK_RV __PASTE(NS, func)
+#define CK_NEED_ARG_LIST 1
+
+#include "pkcs11f.h"
+
+typedef struct {
+    PRUint8 client_version[2];
+    PRUint8 random[46];
+} SSL3RSAPreMasterSecret;
+
+static void
+sftk_Null(void *data, PRBool freeit)
+{
+    return;
+}
+
+#ifndef NSS_DISABLE_ECC
+#ifdef EC_DEBUG
+#define SEC_PRINT(str1, str2, num, sitem)             \
+    printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
+           str1, str2, num, sitem->len);              \
+    for (i = 0; i < sitem->len; i++) {                \
+        printf("%02x:", sitem->data[i]);              \
+    }                                                 \
+    printf("\n")
+#else
+#undef EC_DEBUG
+#define SEC_PRINT(a, b, c, d)
+#endif
+#endif /* NSS_DISABLE_ECC */
+
+/*
+ * free routines.... Free local type  allocated data, and convert
+ * other free routines to the destroy signature.
+ */
+static void
+sftk_FreePrivKey(NSSLOWKEYPrivateKey *key, PRBool freeit)
+{
+    nsslowkey_DestroyPrivateKey(key);
+}
+
+static void
+sftk_Space(void *data, PRBool freeit)
+{
+    PORT_Free(data);
+}
+
+/*
+ * map all the SEC_ERROR_xxx error codes that may be returned by freebl
+ * functions to CKR_xxx.  return CKR_DEVICE_ERROR by default for backward
+ * compatibility.
+ */
+static CK_RV
+sftk_MapCryptError(int error)
+{
+    switch (error) {
+        case SEC_ERROR_INVALID_ARGS:
+        case SEC_ERROR_BAD_DATA: /* MP_RANGE gets mapped to this */
+            return CKR_ARGUMENTS_BAD;
+        case SEC_ERROR_INPUT_LEN:
+            return CKR_DATA_LEN_RANGE;
+        case SEC_ERROR_OUTPUT_LEN:
+            return CKR_BUFFER_TOO_SMALL;
+        case SEC_ERROR_LIBRARY_FAILURE:
+            return CKR_GENERAL_ERROR;
+        case SEC_ERROR_NO_MEMORY:
+            return CKR_HOST_MEMORY;
+        case SEC_ERROR_BAD_SIGNATURE:
+            return CKR_SIGNATURE_INVALID;
+        case SEC_ERROR_INVALID_KEY:
+            return CKR_KEY_SIZE_RANGE;
+        case SEC_ERROR_BAD_KEY:        /* an EC public key that fails validation */
+            return CKR_KEY_SIZE_RANGE; /* the closest error code */
+        case SEC_ERROR_UNSUPPORTED_EC_POINT_FORM:
+            return CKR_TEMPLATE_INCONSISTENT;
+        /* EC functions set this error if NSS_DISABLE_ECC is defined */
+        case SEC_ERROR_UNSUPPORTED_KEYALG:
+            return CKR_MECHANISM_INVALID;
+        case SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE:
+            return CKR_DOMAIN_PARAMS_INVALID;
+        /* key pair generation failed after max number of attempts */
+        case SEC_ERROR_NEED_RANDOM:
+            return CKR_FUNCTION_FAILED;
+    }
+    return CKR_DEVICE_ERROR;
+}
+
+/* used by Decrypt and UnwrapKey (indirectly) */
+static CK_RV
+sftk_MapDecryptError(int error)
+{
+    switch (error) {
+        case SEC_ERROR_BAD_DATA:
+            return CKR_ENCRYPTED_DATA_INVALID;
+        default:
+            return sftk_MapCryptError(error);
+    }
+}
+
+/*
+ * return CKR_SIGNATURE_INVALID instead of CKR_DEVICE_ERROR by default for
+ * backward compatibilty.
+ */
+static CK_RV
+sftk_MapVerifyError(int error)
+{
+    CK_RV crv = sftk_MapCryptError(error);
+    if (crv == CKR_DEVICE_ERROR)
+        crv = CKR_SIGNATURE_INVALID;
+    return crv;
+}
+
+/*
+ * turn a CDMF key into a des key. CDMF is an old IBM scheme to export DES by
+ * Deprecating a full des key to 40 bit key strenth.
+ */
+static CK_RV
+sftk_cdmf2des(unsigned char *cdmfkey, unsigned char *deskey)
+{
+    unsigned char key1[8] = { 0xc4, 0x08, 0xb0, 0x54, 0x0b, 0xa1, 0xe0, 0xae };
+    unsigned char key2[8] = { 0xef, 0x2c, 0x04, 0x1c, 0xe6, 0x38, 0x2f, 0xe6 };
+    unsigned char enc_src[8];
+    unsigned char enc_dest[8];
+    unsigned int leng, i;
+    DESContext *descx;
+    SECStatus rv;
+
+    /* zero the parity bits */
+    for (i = 0; i < 8; i++) {
+        enc_src[i] = cdmfkey[i] & 0xfe;
+    }
+
+    /* encrypt with key 1 */
+    descx = DES_CreateContext(key1, NULL, NSS_DES, PR_TRUE);
+    if (descx == NULL)
+        return CKR_HOST_MEMORY;
+    rv = DES_Encrypt(descx, enc_dest, &leng, 8, enc_src, 8);
+    DES_DestroyContext(descx, PR_TRUE);
+    if (rv != SECSuccess)
+        return sftk_MapCryptError(PORT_GetError());
+
+    /* xor source with des, zero the parity bits and deprecate the key*/
+    for (i = 0; i < 8; i++) {
+        if (i & 1) {
+            enc_src[i] = (enc_src[i] ^ enc_dest[i]) & 0xfe;
+        } else {
+            enc_src[i] = (enc_src[i] ^ enc_dest[i]) & 0x0e;
+        }
+    }
+
+    /* encrypt with key 2 */
+    descx = DES_CreateContext(key2, NULL, NSS_DES, PR_TRUE);
+    if (descx == NULL)
+        return CKR_HOST_MEMORY;
+    rv = DES_Encrypt(descx, deskey, &leng, 8, enc_src, 8);
+    DES_DestroyContext(descx, PR_TRUE);
+    if (rv != SECSuccess)
+        return sftk_MapCryptError(PORT_GetError());
+
+    /* set the corret parity on our new des key */
+    sftk_FormatDESKey(deskey, 8);
+    return CKR_OK;
+}
+
+/* NSC_DestroyObject destroys an object. */
+CK_RV
+NSC_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
+{
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    SFTKSession *session;
+    SFTKObject *object;
+    SFTKFreeStatus status;
+
+    CHECK_FORK();
+
+    if (slot == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * This whole block just makes sure we really can destroy the
+     * requested object.
+     */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    object = sftk_ObjectFromHandle(hObject, session);
+    if (object == NULL) {
+        sftk_FreeSession(session);
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    /* don't destroy a private object if we aren't logged in */
+    if ((!slot->isLoggedIn) && (slot->needLogin) &&
+        (sftk_isTrue(object, CKA_PRIVATE))) {
+        sftk_FreeSession(session);
+        sftk_FreeObject(object);
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+
+    /* don't destroy a token object if we aren't in a rw session */
+
+    if (((session->info.flags & CKF_RW_SESSION) == 0) &&
+        (sftk_isTrue(object, CKA_TOKEN))) {
+        sftk_FreeSession(session);
+        sftk_FreeObject(object);
+        return CKR_SESSION_READ_ONLY;
+    }
+
+    sftk_DeleteObject(session, object);
+
+    sftk_FreeSession(session);
+
+    /*
+     * get some indication if the object is destroyed. Note: this is not
+     * 100%. Someone may have an object reference outstanding (though that
+     * should not be the case by here. Also note that the object is "half"
+     * destroyed. Our internal representation is destroyed, but it may still
+     * be in the data base.
+     */
+    status = sftk_FreeObject(object);
+
+    return (status != SFTK_DestroyFailure) ? CKR_OK : CKR_DEVICE_ERROR;
+}
+
+/*
+ ************** Crypto Functions:     Utilities ************************
+ */
+/*
+ * Utility function for converting PSS/OAEP parameter types into
+ * HASH_HashTypes. Note: Only SHA family functions are defined in RFC 3447.
+ */
+static HASH_HashType
+GetHashTypeFromMechanism(CK_MECHANISM_TYPE mech)
+{
+    switch (mech) {
+        case CKM_SHA_1:
+        case CKG_MGF1_SHA1:
+            return HASH_AlgSHA1;
+        case CKM_SHA224:
+        case CKG_MGF1_SHA224:
+            return HASH_AlgSHA224;
+        case CKM_SHA256:
+        case CKG_MGF1_SHA256:
+            return HASH_AlgSHA256;
+        case CKM_SHA384:
+        case CKG_MGF1_SHA384:
+            return HASH_AlgSHA384;
+        case CKM_SHA512:
+        case CKG_MGF1_SHA512:
+            return HASH_AlgSHA512;
+        default:
+            return HASH_AlgNULL;
+    }
+}
+
+/*
+ * Returns true if "params" contains a valid set of PSS parameters
+ */
+static PRBool
+sftk_ValidatePssParams(const CK_RSA_PKCS_PSS_PARAMS *params)
+{
+    if (!params) {
+        return PR_FALSE;
+    }
+    if (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL ||
+        GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/*
+ * Returns true if "params" contains a valid set of OAEP parameters
+ */
+static PRBool
+sftk_ValidateOaepParams(const CK_RSA_PKCS_OAEP_PARAMS *params)
+{
+    if (!params) {
+        return PR_FALSE;
+    }
+    /* The requirements of ulSourceLen/pSourceData come from PKCS #11, which
+     * state:
+     *   If the parameter is empty, pSourceData must be NULL and
+     *   ulSourceDataLen must be zero.
+     */
+    if (params->source != CKZ_DATA_SPECIFIED ||
+        (GetHashTypeFromMechanism(params->hashAlg) == HASH_AlgNULL) ||
+        (GetHashTypeFromMechanism(params->mgf) == HASH_AlgNULL) ||
+        (params->ulSourceDataLen == 0 && params->pSourceData != NULL) ||
+        (params->ulSourceDataLen != 0 && params->pSourceData == NULL)) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/*
+ * return a context based on the SFTKContext type.
+ */
+SFTKSessionContext *
+sftk_ReturnContextByType(SFTKSession *session, SFTKContextType type)
+{
+    switch (type) {
+        case SFTK_ENCRYPT:
+        case SFTK_DECRYPT:
+            return session->enc_context;
+        case SFTK_HASH:
+            return session->hash_context;
+        case SFTK_SIGN:
+        case SFTK_SIGN_RECOVER:
+        case SFTK_VERIFY:
+        case SFTK_VERIFY_RECOVER:
+            return session->hash_context;
+    }
+    return NULL;
+}
+
+/*
+ * change a context based on the SFTKContext type.
+ */
+void
+sftk_SetContextByType(SFTKSession *session, SFTKContextType type,
+                      SFTKSessionContext *context)
+{
+    switch (type) {
+        case SFTK_ENCRYPT:
+        case SFTK_DECRYPT:
+            session->enc_context = context;
+            break;
+        case SFTK_HASH:
+            session->hash_context = context;
+            break;
+        case SFTK_SIGN:
+        case SFTK_SIGN_RECOVER:
+        case SFTK_VERIFY:
+        case SFTK_VERIFY_RECOVER:
+            session->hash_context = context;
+            break;
+    }
+    return;
+}
+
+/*
+ * code to grab the context. Needed by every C_XXXUpdate, C_XXXFinal,
+ * and C_XXX function. The function takes a session handle, the context type,
+ * and wether or not the session needs to be multipart. It returns the context,
+ * and optionally returns the session pointer (if sessionPtr != NULL) if session
+ * pointer is returned, the caller is responsible for freeing it.
+ */
+static CK_RV
+sftk_GetContext(CK_SESSION_HANDLE handle, SFTKSessionContext **contextPtr,
+                SFTKContextType type, PRBool needMulti, SFTKSession **sessionPtr)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+
+    session = sftk_SessionFromHandle(handle);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    context = sftk_ReturnContextByType(session, type);
+    /* make sure the context is valid */
+    if ((context == NULL) || (context->type != type) || (needMulti && !(context->multi))) {
+        sftk_FreeSession(session);
+        return CKR_OPERATION_NOT_INITIALIZED;
+    }
+    *contextPtr = context;
+    if (sessionPtr != NULL) {
+        *sessionPtr = session;
+    } else {
+        sftk_FreeSession(session);
+    }
+    return CKR_OK;
+}
+
+/** Terminate operation (in the PKCS#11 spec sense).
+ *  Intuitive name for FreeContext/SetNullContext pair.
+ */
+static void
+sftk_TerminateOp(SFTKSession *session, SFTKContextType ctype,
+                 SFTKSessionContext *context)
+{
+    sftk_FreeContext(context);
+    sftk_SetContextByType(session, ctype, NULL);
+}
+
+/*
+ ************** Crypto Functions:     Encrypt ************************
+ */
+
+/*
+ * All the NSC_InitXXX functions have a set of common checks and processing they
+ * all need to do at the beginning. This is done here.
+ */
+static CK_RV
+sftk_InitGeneric(SFTKSession *session, SFTKSessionContext **contextPtr,
+                 SFTKContextType ctype, SFTKObject **keyPtr,
+                 CK_OBJECT_HANDLE hKey, CK_KEY_TYPE *keyTypePtr,
+                 CK_OBJECT_CLASS pubKeyType, CK_ATTRIBUTE_TYPE operation)
+{
+    SFTKObject *key = NULL;
+    SFTKAttribute *att;
+    SFTKSessionContext *context;
+
+    /* We can only init if there is not current context active */
+    if (sftk_ReturnContextByType(session, ctype) != NULL) {
+        return CKR_OPERATION_ACTIVE;
+    }
+
+    /* find the key */
+    if (keyPtr) {
+        key = sftk_ObjectFromHandle(hKey, session);
+        if (key == NULL) {
+            return CKR_KEY_HANDLE_INVALID;
+        }
+
+        /* make sure it's a valid  key for this operation */
+        if (((key->objclass != CKO_SECRET_KEY) && (key->objclass != pubKeyType)) || !sftk_isTrue(key, operation)) {
+            sftk_FreeObject(key);
+            return CKR_KEY_TYPE_INCONSISTENT;
+        }
+        /* get the key type */
+        att = sftk_FindAttribute(key, CKA_KEY_TYPE);
+        if (att == NULL) {
+            sftk_FreeObject(key);
+            return CKR_KEY_TYPE_INCONSISTENT;
+        }
+        PORT_Assert(att->attrib.ulValueLen == sizeof(CK_KEY_TYPE));
+        if (att->attrib.ulValueLen != sizeof(CK_KEY_TYPE)) {
+            sftk_FreeAttribute(att);
+            sftk_FreeObject(key);
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
+        PORT_Memcpy(keyTypePtr, att->attrib.pValue, sizeof(CK_KEY_TYPE));
+        sftk_FreeAttribute(att);
+        *keyPtr = key;
+    }
+
+    /* allocate the context structure */
+    context = (SFTKSessionContext *)PORT_Alloc(sizeof(SFTKSessionContext));
+    if (context == NULL) {
+        if (key)
+            sftk_FreeObject(key);
+        return CKR_HOST_MEMORY;
+    }
+    context->type = ctype;
+    context->multi = PR_TRUE;
+    context->rsa = PR_FALSE;
+    context->cipherInfo = NULL;
+    context->hashInfo = NULL;
+    context->doPad = PR_FALSE;
+    context->padDataLength = 0;
+    context->key = key;
+    context->blockSize = 0;
+    context->maxLen = 0;
+
+    *contextPtr = context;
+    return CKR_OK;
+}
+
+static int
+sftk_aes_mode(CK_MECHANISM_TYPE mechanism)
+{
+    switch (mechanism) {
+        case CKM_AES_CBC_PAD:
+        case CKM_AES_CBC:
+            return NSS_AES_CBC;
+        case CKM_AES_ECB:
+            return NSS_AES;
+        case CKM_AES_CTS:
+            return NSS_AES_CTS;
+        case CKM_AES_CTR:
+            return NSS_AES_CTR;
+        case CKM_AES_GCM:
+            return NSS_AES_GCM;
+    }
+    return -1;
+}
+
+static SECStatus
+sftk_RSAEncryptRaw(NSSLOWKEYPublicKey *key, unsigned char *output,
+                   unsigned int *outputLen, unsigned int maxLen,
+                   const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    rv = RSA_EncryptRaw(&key->u.rsa, output, outputLen, maxLen, input,
+                        inputLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+
+    return rv;
+}
+
+static SECStatus
+sftk_RSADecryptRaw(NSSLOWKEYPrivateKey *key, unsigned char *output,
+                   unsigned int *outputLen, unsigned int maxLen,
+                   const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    rv = RSA_DecryptRaw(&key->u.rsa, output, outputLen, maxLen, input,
+                        inputLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+
+    return rv;
+}
+
+static SECStatus
+sftk_RSAEncrypt(NSSLOWKEYPublicKey *key, unsigned char *output,
+                unsigned int *outputLen, unsigned int maxLen,
+                const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    rv = RSA_EncryptBlock(&key->u.rsa, output, outputLen, maxLen, input,
+                          inputLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+
+    return rv;
+}
+
+static SECStatus
+sftk_RSADecrypt(NSSLOWKEYPrivateKey *key, unsigned char *output,
+                unsigned int *outputLen, unsigned int maxLen,
+                const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    rv = RSA_DecryptBlock(&key->u.rsa, output, outputLen, maxLen, input,
+                          inputLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+
+    return rv;
+}
+
+static SECStatus
+sftk_RSAEncryptOAEP(SFTKOAEPEncryptInfo *info, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    HASH_HashType hashAlg;
+    HASH_HashType maskHashAlg;
+
+    PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey);
+    if (info->key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    hashAlg = GetHashTypeFromMechanism(info->params->hashAlg);
+    maskHashAlg = GetHashTypeFromMechanism(info->params->mgf);
+
+    return RSA_EncryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg,
+                           (const unsigned char *)info->params->pSourceData,
+                           info->params->ulSourceDataLen, NULL, 0,
+                           output, outputLen, maxLen, input, inputLen);
+}
+
+static SECStatus
+sftk_RSADecryptOAEP(SFTKOAEPDecryptInfo *info, unsigned char *output,
+                    unsigned int *outputLen, unsigned int maxLen,
+                    const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+    HASH_HashType hashAlg;
+    HASH_HashType maskHashAlg;
+
+    PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey);
+    if (info->key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    hashAlg = GetHashTypeFromMechanism(info->params->hashAlg);
+    maskHashAlg = GetHashTypeFromMechanism(info->params->mgf);
+
+    rv = RSA_DecryptOAEP(&info->key->u.rsa, hashAlg, maskHashAlg,
+                         (const unsigned char *)info->params->pSourceData,
+                         info->params->ulSourceDataLen,
+                         output, outputLen, maxLen, input, inputLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+    return rv;
+}
+
+static SFTKChaCha20Poly1305Info *
+sftk_ChaCha20Poly1305_CreateContext(const unsigned char *key,
+                                    unsigned int keyLen,
+                                    const CK_NSS_AEAD_PARAMS *params)
+{
+    SFTKChaCha20Poly1305Info *ctx;
+
+    if (params->ulNonceLen != sizeof(ctx->nonce)) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return NULL;
+    }
+
+    ctx = PORT_New(SFTKChaCha20Poly1305Info);
+    if (ctx == NULL) {
+        return NULL;
+    }
+
+    if (ChaCha20Poly1305_InitContext(&ctx->freeblCtx, key, keyLen,
+                                     params->ulTagLen) != SECSuccess) {
+        PORT_Free(ctx);
+        return NULL;
+    }
+
+    PORT_Memcpy(ctx->nonce, params->pNonce, sizeof(ctx->nonce));
+
+    /* AAD data and length must both be null, or both non-null. */
+    PORT_Assert((params->pAAD == NULL) == (params->ulAADLen == 0));
+
+    if (params->ulAADLen > sizeof(ctx->ad)) {
+        /* Need to allocate an overflow buffer for the additional data. */
+        ctx->adOverflow = (unsigned char *)PORT_Alloc(params->ulAADLen);
+        if (!ctx->adOverflow) {
+            PORT_Free(ctx);
+            return NULL;
+        }
+        PORT_Memcpy(ctx->adOverflow, params->pAAD, params->ulAADLen);
+    } else {
+        ctx->adOverflow = NULL;
+        if (params->pAAD) {
+            PORT_Memcpy(ctx->ad, params->pAAD, params->ulAADLen);
+        }
+    }
+    ctx->adLen = params->ulAADLen;
+
+    return ctx;
+}
+
+static void
+sftk_ChaCha20Poly1305_DestroyContext(SFTKChaCha20Poly1305Info *ctx,
+                                     PRBool freeit)
+{
+    ChaCha20Poly1305_DestroyContext(&ctx->freeblCtx, PR_FALSE);
+    if (ctx->adOverflow != NULL) {
+        PORT_Free(ctx->adOverflow);
+        ctx->adOverflow = NULL;
+    }
+    ctx->adLen = 0;
+    if (freeit) {
+        PORT_Free(ctx);
+    }
+}
+
+static SECStatus
+sftk_ChaCha20Poly1305_Encrypt(const SFTKChaCha20Poly1305Info *ctx,
+                              unsigned char *output, unsigned int *outputLen,
+                              unsigned int maxOutputLen,
+                              const unsigned char *input, unsigned int inputLen)
+{
+    const unsigned char *ad = ctx->adOverflow;
+
+    if (ad == NULL) {
+        ad = ctx->ad;
+    }
+
+    return ChaCha20Poly1305_Seal(&ctx->freeblCtx, output, outputLen,
+                                 maxOutputLen, input, inputLen, ctx->nonce,
+                                 sizeof(ctx->nonce), ad, ctx->adLen);
+}
+
+static SECStatus
+sftk_ChaCha20Poly1305_Decrypt(const SFTKChaCha20Poly1305Info *ctx,
+                              unsigned char *output, unsigned int *outputLen,
+                              unsigned int maxOutputLen,
+                              const unsigned char *input, unsigned int inputLen)
+{
+    const unsigned char *ad = ctx->adOverflow;
+
+    if (ad == NULL) {
+        ad = ctx->ad;
+    }
+
+    return ChaCha20Poly1305_Open(&ctx->freeblCtx, output, outputLen,
+                                 maxOutputLen, input, inputLen, ctx->nonce,
+                                 sizeof(ctx->nonce), ad, ctx->adLen);
+}
+
+/** NSC_CryptInit initializes an encryption/Decryption operation.
+ *
+ * Always called by NSC_EncryptInit, NSC_DecryptInit, NSC_WrapKey,NSC_UnwrapKey.
+ * Called by NSC_SignInit, NSC_VerifyInit (via sftk_InitCBCMac) only for block
+ *  ciphers MAC'ing.
+ */
+static CK_RV
+sftk_CryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
+               CK_OBJECT_HANDLE hKey,
+               CK_ATTRIBUTE_TYPE mechUsage, CK_ATTRIBUTE_TYPE keyUsage,
+               SFTKContextType contextType, PRBool isEncrypt)
+{
+    SFTKSession *session;
+    SFTKObject *key;
+    SFTKSessionContext *context;
+    SFTKAttribute *att;
+    CK_RC2_CBC_PARAMS *rc2_param;
+#if NSS_SOFTOKEN_DOES_RC5
+    CK_RC5_CBC_PARAMS *rc5_param;
+    SECItem rc5Key;
+#endif
+    CK_KEY_TYPE key_type;
+    CK_RV crv = CKR_OK;
+    unsigned effectiveKeyLength;
+    unsigned char newdeskey[24];
+    PRBool useNewKey = PR_FALSE;
+    int t;
+
+    crv = sftk_MechAllowsOperation(pMechanism->mechanism, mechUsage);
+    if (crv != CKR_OK)
+        return crv;
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+
+    crv = sftk_InitGeneric(session, &context, contextType, &key, hKey, &key_type,
+                           isEncrypt ? CKO_PUBLIC_KEY : CKO_PRIVATE_KEY, keyUsage);
+
+    if (crv != CKR_OK) {
+        sftk_FreeSession(session);
+        return crv;
+    }
+
+    context->doPad = PR_FALSE;
+    switch (pMechanism->mechanism) {
+        case CKM_RSA_PKCS:
+        case CKM_RSA_X_509:
+            if (key_type != CKK_RSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            context->multi = PR_FALSE;
+            context->rsa = PR_TRUE;
+            if (isEncrypt) {
+                NSSLOWKEYPublicKey *pubKey = sftk_GetPubKey(key, CKK_RSA, &crv);
+                if (pubKey == NULL) {
+                    crv = CKR_KEY_HANDLE_INVALID;
+                    break;
+                }
+                context->maxLen = nsslowkey_PublicModulusLen(pubKey);
+                context->cipherInfo = (void *)pubKey;
+                context->update = (SFTKCipher)(pMechanism->mechanism == CKM_RSA_X_509
+                                                   ? sftk_RSAEncryptRaw
+                                                   : sftk_RSAEncrypt);
+            } else {
+                NSSLOWKEYPrivateKey *privKey = sftk_GetPrivKey(key, CKK_RSA, &crv);
+                if (privKey == NULL) {
+                    crv = CKR_KEY_HANDLE_INVALID;
+                    break;
+                }
+                context->maxLen = nsslowkey_PrivateModulusLen(privKey);
+                context->cipherInfo = (void *)privKey;
+                context->update = (SFTKCipher)(pMechanism->mechanism == CKM_RSA_X_509
+                                                   ? sftk_RSADecryptRaw
+                                                   : sftk_RSADecrypt);
+            }
+            context->destroy = sftk_Null;
+            break;
+        case CKM_RSA_PKCS_OAEP:
+            if (key_type != CKK_RSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_OAEP_PARAMS) ||
+                !sftk_ValidateOaepParams((CK_RSA_PKCS_OAEP_PARAMS *)pMechanism->pParameter)) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            context->multi = PR_FALSE;
+            context->rsa = PR_TRUE;
+            if (isEncrypt) {
+                SFTKOAEPEncryptInfo *info = PORT_New(SFTKOAEPEncryptInfo);
+                if (info == NULL) {
+                    crv = CKR_HOST_MEMORY;
+                    break;
+                }
+                info->params = pMechanism->pParameter;
+                info->key = sftk_GetPubKey(key, CKK_RSA, &crv);
+                if (info->key == NULL) {
+                    PORT_Free(info);
+                    crv = CKR_KEY_HANDLE_INVALID;
+                    break;
+                }
+                context->update = (SFTKCipher)sftk_RSAEncryptOAEP;
+                context->maxLen = nsslowkey_PublicModulusLen(info->key);
+                context->cipherInfo = info;
+            } else {
+                SFTKOAEPDecryptInfo *info = PORT_New(SFTKOAEPDecryptInfo);
+                if (info == NULL) {
+                    crv = CKR_HOST_MEMORY;
+                    break;
+                }
+                info->params = pMechanism->pParameter;
+                info->key = sftk_GetPrivKey(key, CKK_RSA, &crv);
+                if (info->key == NULL) {
+                    PORT_Free(info);
+                    crv = CKR_KEY_HANDLE_INVALID;
+                    break;
+                }
+                context->update = (SFTKCipher)sftk_RSADecryptOAEP;
+                context->maxLen = nsslowkey_PrivateModulusLen(info->key);
+                context->cipherInfo = info;
+            }
+            context->destroy = (SFTKDestroy)sftk_Space;
+            break;
+        case CKM_RC2_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_RC2_ECB:
+        case CKM_RC2_CBC:
+            context->blockSize = 8;
+            if (key_type != CKK_RC2) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            rc2_param = (CK_RC2_CBC_PARAMS *)pMechanism->pParameter;
+            effectiveKeyLength = (rc2_param->ulEffectiveBits + 7) / 8;
+            context->cipherInfo =
+                RC2_CreateContext((unsigned char *)att->attrib.pValue,
+                                  att->attrib.ulValueLen, rc2_param->iv,
+                                  pMechanism->mechanism == CKM_RC2_ECB ? NSS_RC2 : NSS_RC2_CBC, effectiveKeyLength);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? RC2_Encrypt : RC2_Decrypt);
+            context->destroy = (SFTKDestroy)RC2_DestroyContext;
+            break;
+#if NSS_SOFTOKEN_DOES_RC5
+        case CKM_RC5_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_RC5_ECB:
+        case CKM_RC5_CBC:
+            if (key_type != CKK_RC5) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            rc5_param = (CK_RC5_CBC_PARAMS *)pMechanism->pParameter;
+            context->blockSize = rc5_param->ulWordsize * 2;
+            rc5Key.data = (unsigned char *)att->attrib.pValue;
+            rc5Key.len = att->attrib.ulValueLen;
+            context->cipherInfo = RC5_CreateContext(&rc5Key, rc5_param->ulRounds,
+                                                    rc5_param->ulWordsize, rc5_param->pIv,
+                                                    pMechanism->mechanism == CKM_RC5_ECB ? NSS_RC5 : NSS_RC5_CBC);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? RC5_Encrypt : RC5_Decrypt);
+            context->destroy = (SFTKDestroy)RC5_DestroyContext;
+            break;
+#endif
+        case CKM_RC4:
+            if (key_type != CKK_RC4) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            context->cipherInfo =
+                RC4_CreateContext((unsigned char *)att->attrib.pValue,
+                                  att->attrib.ulValueLen);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY; /* WRONG !!! */
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? RC4_Encrypt : RC4_Decrypt);
+            context->destroy = (SFTKDestroy)RC4_DestroyContext;
+            break;
+        case CKM_CDMF_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_CDMF_ECB:
+        case CKM_CDMF_CBC:
+            if (key_type != CKK_CDMF) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            t = (pMechanism->mechanism == CKM_CDMF_ECB) ? NSS_DES : NSS_DES_CBC;
+            goto finish_des;
+        case CKM_DES_ECB:
+            if (key_type != CKK_DES) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            t = NSS_DES;
+            goto finish_des;
+        case CKM_DES_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_DES_CBC:
+            if (key_type != CKK_DES) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            t = NSS_DES_CBC;
+            goto finish_des;
+        case CKM_DES3_ECB:
+            if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            t = NSS_DES_EDE3;
+            goto finish_des;
+        case CKM_DES3_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_DES3_CBC:
+            if ((key_type != CKK_DES2) && (key_type != CKK_DES3)) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            t = NSS_DES_EDE3_CBC;
+        finish_des:
+            context->blockSize = 8;
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            if (key_type == CKK_DES2 &&
+                (t == NSS_DES_EDE3_CBC || t == NSS_DES_EDE3)) {
+                /* extend DES2 key to DES3 key. */
+                memcpy(newdeskey, att->attrib.pValue, 16);
+                memcpy(newdeskey + 16, newdeskey, 8);
+                useNewKey = PR_TRUE;
+            } else if (key_type == CKK_CDMF) {
+                crv = sftk_cdmf2des((unsigned char *)att->attrib.pValue, newdeskey);
+                if (crv != CKR_OK) {
+                    sftk_FreeAttribute(att);
+                    break;
+                }
+                useNewKey = PR_TRUE;
+            }
+            context->cipherInfo = DES_CreateContext(
+                useNewKey ? newdeskey : (unsigned char *)att->attrib.pValue,
+                (unsigned char *)pMechanism->pParameter, t, isEncrypt);
+            if (useNewKey)
+                memset(newdeskey, 0, sizeof newdeskey);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? DES_Encrypt : DES_Decrypt);
+            context->destroy = (SFTKDestroy)DES_DestroyContext;
+            break;
+        case CKM_SEED_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_SEED_CBC:
+            if (!pMechanism->pParameter ||
+                pMechanism->ulParameterLen != 16) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+        /* fall thru */
+        case CKM_SEED_ECB:
+            context->blockSize = 16;
+            if (key_type != CKK_SEED) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            context->cipherInfo = SEED_CreateContext(
+                (unsigned char *)att->attrib.pValue,
+                (unsigned char *)pMechanism->pParameter,
+                pMechanism->mechanism == CKM_SEED_ECB ? NSS_SEED : NSS_SEED_CBC,
+                isEncrypt);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? SEED_Encrypt : SEED_Decrypt);
+            context->destroy = (SFTKDestroy)SEED_DestroyContext;
+            break;
+
+        case CKM_CAMELLIA_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_CAMELLIA_CBC:
+            if (!pMechanism->pParameter ||
+                pMechanism->ulParameterLen != 16) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+        /* fall thru */
+        case CKM_CAMELLIA_ECB:
+            context->blockSize = 16;
+            if (key_type != CKK_CAMELLIA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            context->cipherInfo = Camellia_CreateContext(
+                (unsigned char *)att->attrib.pValue,
+                (unsigned char *)pMechanism->pParameter,
+                pMechanism->mechanism ==
+                        CKM_CAMELLIA_ECB
+                    ? NSS_CAMELLIA
+                    : NSS_CAMELLIA_CBC,
+                isEncrypt, att->attrib.ulValueLen);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? Camellia_Encrypt : Camellia_Decrypt);
+            context->destroy = (SFTKDestroy)Camellia_DestroyContext;
+            break;
+
+        case CKM_AES_CBC_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_AES_ECB:
+        case CKM_AES_CBC:
+            context->blockSize = 16;
+        case CKM_AES_CTS:
+        case CKM_AES_CTR:
+        case CKM_AES_GCM:
+            if (pMechanism->mechanism == CKM_AES_GCM) {
+                context->multi = PR_FALSE;
+            }
+            if (key_type != CKK_AES) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            context->cipherInfo = AES_CreateContext(
+                (unsigned char *)att->attrib.pValue,
+                (unsigned char *)pMechanism->pParameter,
+                sftk_aes_mode(pMechanism->mechanism),
+                isEncrypt, att->attrib.ulValueLen, 16);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? AES_Encrypt : AES_Decrypt);
+            context->destroy = (SFTKDestroy)AES_DestroyContext;
+            break;
+
+        case CKM_NSS_CHACHA20_POLY1305:
+            if (pMechanism->ulParameterLen != sizeof(CK_NSS_AEAD_PARAMS)) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            context->multi = PR_FALSE;
+            if (key_type != CKK_NSS_CHACHA20) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            context->cipherInfo = sftk_ChaCha20Poly1305_CreateContext(
+                (unsigned char *)att->attrib.pValue, att->attrib.ulValueLen,
+                (CK_NSS_AEAD_PARAMS *)pMechanism->pParameter);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = sftk_MapCryptError(PORT_GetError());
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? sftk_ChaCha20Poly1305_Encrypt : sftk_ChaCha20Poly1305_Decrypt);
+            context->destroy = (SFTKDestroy)sftk_ChaCha20Poly1305_DestroyContext;
+            break;
+
+        case CKM_NSS_AES_KEY_WRAP_PAD:
+            context->doPad = PR_TRUE;
+        /* fall thru */
+        case CKM_NSS_AES_KEY_WRAP:
+            context->multi = PR_FALSE;
+            context->blockSize = 8;
+            if (key_type != CKK_AES) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att = sftk_FindAttribute(key, CKA_VALUE);
+            if (att == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            context->cipherInfo = AESKeyWrap_CreateContext(
+                (unsigned char *)att->attrib.pValue,
+                (unsigned char *)pMechanism->pParameter,
+                isEncrypt, att->attrib.ulValueLen);
+            sftk_FreeAttribute(att);
+            if (context->cipherInfo == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->update = (SFTKCipher)(isEncrypt ? AESKeyWrap_Encrypt
+                                                     : AESKeyWrap_Decrypt);
+            context->destroy = (SFTKDestroy)AESKeyWrap_DestroyContext;
+            break;
+
+        default:
+            crv = CKR_MECHANISM_INVALID;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        sftk_FreeContext(context);
+        sftk_FreeSession(session);
+        return crv;
+    }
+    sftk_SetContextByType(session, contextType, context);
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_EncryptInit initializes an encryption operation. */
+CK_RV
+NSC_EncryptInit(CK_SESSION_HANDLE hSession,
+                CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    CHECK_FORK();
+    return sftk_CryptInit(hSession, pMechanism, hKey, CKA_ENCRYPT, CKA_ENCRYPT,
+                          SFTK_ENCRYPT, PR_TRUE);
+}
+
+/* NSC_EncryptUpdate continues a multiple-part encryption operation. */
+CK_RV
+NSC_EncryptUpdate(CK_SESSION_HANDLE hSession,
+                  CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
+                  CK_ULONG_PTR pulEncryptedPartLen)
+{
+    SFTKSessionContext *context;
+    unsigned int outlen, i;
+    unsigned int padoutlen = 0;
+    unsigned int maxout = *pulEncryptedPartLen;
+    CK_RV crv;
+    SECStatus rv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_ENCRYPT, PR_TRUE, NULL);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (!pEncryptedPart) {
+        if (context->doPad) {
+            CK_ULONG totalDataAvailable = ulPartLen + context->padDataLength;
+            CK_ULONG blocksToSend = totalDataAvailable / context->blockSize;
+
+            *pulEncryptedPartLen = blocksToSend * context->blockSize;
+            return CKR_OK;
+        }
+        *pulEncryptedPartLen = ulPartLen;
+        return CKR_OK;
+    }
+
+    /* do padding */
+    if (context->doPad) {
+        /* deal with previous buffered data */
+        if (context->padDataLength != 0) {
+            /* fill in the padded to a full block size */
+            for (i = context->padDataLength;
+                 (ulPartLen != 0) && i < context->blockSize; i++) {
+                context->padBuf[i] = *pPart++;
+                ulPartLen--;
+                context->padDataLength++;
+            }
+
+            /* not enough data to encrypt yet? then return */
+            if (context->padDataLength != context->blockSize) {
+                *pulEncryptedPartLen = 0;
+                return CKR_OK;
+            }
+            /* encrypt the current padded data */
+            rv = (*context->update)(context->cipherInfo, pEncryptedPart,
+                                    &padoutlen, context->blockSize, context->padBuf,
+                                    context->blockSize);
+            if (rv != SECSuccess) {
+                return sftk_MapCryptError(PORT_GetError());
+            }
+            pEncryptedPart += padoutlen;
+            maxout -= padoutlen;
+        }
+        /* save the residual */
+        context->padDataLength = ulPartLen % context->blockSize;
+        if (context->padDataLength) {
+            PORT_Memcpy(context->padBuf,
+                        &pPart[ulPartLen - context->padDataLength],
+                        context->padDataLength);
+            ulPartLen -= context->padDataLength;
+        }
+        /* if we've exhausted our new buffer, we're done */
+        if (ulPartLen == 0) {
+            *pulEncryptedPartLen = padoutlen;
+            return CKR_OK;
+        }
+    }
+
+    /* do it: NOTE: this assumes buf size in is >= buf size out! */
+    rv = (*context->update)(context->cipherInfo, pEncryptedPart,
+                            &outlen, maxout, pPart, ulPartLen);
+    *pulEncryptedPartLen = (CK_ULONG)(outlen + padoutlen);
+    return (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
+}
+
+/* NSC_EncryptFinal finishes a multiple-part encryption operation. */
+CK_RV
+NSC_EncryptFinal(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int outlen, i;
+    unsigned int maxout = *pulLastEncryptedPartLen;
+    CK_RV crv;
+    SECStatus rv = SECSuccess;
+    PRBool contextFinished = PR_TRUE;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_ENCRYPT, PR_TRUE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    *pulLastEncryptedPartLen = 0;
+    if (!pLastEncryptedPart) {
+        /* caller is checking the amount of remaining data */
+        if (context->blockSize > 0 && context->doPad) {
+            *pulLastEncryptedPartLen = context->blockSize;
+            contextFinished = PR_FALSE; /* still have padding to go */
+        }
+        goto finish;
+    }
+
+    /* do padding */
+    if (context->doPad) {
+        unsigned char padbyte = (unsigned char)(context->blockSize - context->padDataLength);
+        /* fill out rest of pad buffer with pad magic*/
+        for (i = context->padDataLength; i < context->blockSize; i++) {
+            context->padBuf[i] = padbyte;
+        }
+        rv = (*context->update)(context->cipherInfo, pLastEncryptedPart,
+                                &outlen, maxout, context->padBuf, context->blockSize);
+        if (rv == SECSuccess)
+            *pulLastEncryptedPartLen = (CK_ULONG)outlen;
+    }
+
+finish:
+    if (contextFinished)
+        sftk_TerminateOp(session, SFTK_ENCRYPT, context);
+    sftk_FreeSession(session);
+    return (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
+}
+
+/* NSC_Encrypt encrypts single-part data. */
+CK_RV
+NSC_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+            CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
+            CK_ULONG_PTR pulEncryptedDataLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int outlen;
+    unsigned int maxoutlen = *pulEncryptedDataLen;
+    CK_RV crv;
+    CK_RV crv2;
+    SECStatus rv = SECSuccess;
+    SECItem pText;
+
+    pText.type = siBuffer;
+    pText.data = pData;
+    pText.len = ulDataLen;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_ENCRYPT, PR_FALSE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (!pEncryptedData) {
+        *pulEncryptedDataLen = context->rsa ? context->maxLen : ulDataLen + 2 * context->blockSize;
+        goto finish;
+    }
+
+    if (context->doPad) {
+        if (context->multi) {
+            CK_ULONG finalLen;
+            /* padding is fairly complicated, have the update and final
+             * code deal with it */
+            sftk_FreeSession(session);
+            crv = NSC_EncryptUpdate(hSession, pData, ulDataLen, pEncryptedData,
+                                    pulEncryptedDataLen);
+            if (crv != CKR_OK)
+                *pulEncryptedDataLen = 0;
+            maxoutlen -= *pulEncryptedDataLen;
+            pEncryptedData += *pulEncryptedDataLen;
+            finalLen = maxoutlen;
+            crv2 = NSC_EncryptFinal(hSession, pEncryptedData, &finalLen);
+            if (crv2 == CKR_OK)
+                *pulEncryptedDataLen += finalLen;
+            return crv == CKR_OK ? crv2 : crv;
+        }
+        /* doPad without multi means that padding must be done on the first
+        ** and only update.  There will be no final.
+        */
+        PORT_Assert(context->blockSize > 1);
+        if (context->blockSize > 1) {
+            CK_ULONG remainder = ulDataLen % context->blockSize;
+            CK_ULONG padding = context->blockSize - remainder;
+            pText.len += padding;
+            pText.data = PORT_ZAlloc(pText.len);
+            if (pText.data) {
+                memcpy(pText.data, pData, ulDataLen);
+                memset(pText.data + ulDataLen, padding, padding);
+            } else {
+                crv = CKR_HOST_MEMORY;
+                goto fail;
+            }
+        }
+    }
+
+    /* do it: NOTE: this assumes buf size is big enough. */
+    rv = (*context->update)(context->cipherInfo, pEncryptedData,
+                            &outlen, maxoutlen, pText.data, pText.len);
+    crv = (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
+    *pulEncryptedDataLen = (CK_ULONG)outlen;
+    if (pText.data != pData)
+        PORT_ZFree(pText.data, pText.len);
+fail:
+    sftk_TerminateOp(session, SFTK_ENCRYPT, context);
+finish:
+    sftk_FreeSession(session);
+
+    return crv;
+}
+
+/*
+ ************** Crypto Functions:     Decrypt ************************
+ */
+
+/* NSC_DecryptInit initializes a decryption operation. */
+CK_RV
+NSC_DecryptInit(CK_SESSION_HANDLE hSession,
+                CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    CHECK_FORK();
+    return sftk_CryptInit(hSession, pMechanism, hKey, CKA_DECRYPT, CKA_DECRYPT,
+                          SFTK_DECRYPT, PR_FALSE);
+}
+
+/* NSC_DecryptUpdate continues a multiple-part decryption operation. */
+CK_RV
+NSC_DecryptUpdate(CK_SESSION_HANDLE hSession,
+                  CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
+                  CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
+{
+    SFTKSessionContext *context;
+    unsigned int padoutlen = 0;
+    unsigned int outlen;
+    unsigned int maxout = *pulPartLen;
+    CK_RV crv;
+    SECStatus rv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_DECRYPT, PR_TRUE, NULL);
+    if (crv != CKR_OK)
+        return crv;
+
+    /* this can only happen on an NSS programming error */
+    PORT_Assert((context->padDataLength == 0) || context->padDataLength == context->blockSize);
+
+    if (context->doPad) {
+        /* Check the data length for block ciphers. If we are padding,
+         * then we must be using a block cipher. In the non-padding case
+         * the error will be returned by the underlying decryption
+         * function when we do the actual decrypt. We need to do the
+         * check here to avoid returning a negative length to the caller
+         * or reading before the beginning of the pEncryptedPart buffer.
+         */
+        if ((ulEncryptedPartLen == 0) ||
+            (ulEncryptedPartLen % context->blockSize) != 0) {
+            return CKR_ENCRYPTED_DATA_LEN_RANGE;
+        }
+    }
+
+    if (!pPart) {
+        if (context->doPad) {
+            *pulPartLen =
+                ulEncryptedPartLen + context->padDataLength - context->blockSize;
+            return CKR_OK;
+        }
+        /* for stream ciphers there is are no constraints on ulEncryptedPartLen.
+         * for block ciphers, it must be a multiple of blockSize. The error is
+         * detected when this function is called again do decrypt the output.
+         */
+        *pulPartLen = ulEncryptedPartLen;
+        return CKR_OK;
+    }
+
+    if (context->doPad) {
+        /* first decrypt our saved buffer */
+        if (context->padDataLength != 0) {
+            rv = (*context->update)(context->cipherInfo, pPart, &padoutlen,
+                                    maxout, context->padBuf, context->blockSize);
+            if (rv != SECSuccess)
+                return sftk_MapDecryptError(PORT_GetError());
+            pPart += padoutlen;
+            maxout -= padoutlen;
+        }
+        /* now save the final block for the next decrypt or the final */
+        PORT_Memcpy(context->padBuf, &pEncryptedPart[ulEncryptedPartLen -
+                                                     context->blockSize],
+                    context->blockSize);
+        context->padDataLength = context->blockSize;
+        ulEncryptedPartLen -= context->padDataLength;
+    }
+
+    /* do it: NOTE: this assumes buf size in is >= buf size out! */
+    rv = (*context->update)(context->cipherInfo, pPart, &outlen,
+                            maxout, pEncryptedPart, ulEncryptedPartLen);
+    *pulPartLen = (CK_ULONG)(outlen + padoutlen);
+    return (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
+}
+
+/* NSC_DecryptFinal finishes a multiple-part decryption operation. */
+CK_RV
+NSC_DecryptFinal(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int outlen;
+    unsigned int maxout = *pulLastPartLen;
+    CK_RV crv;
+    SECStatus rv = SECSuccess;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_DECRYPT, PR_TRUE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    *pulLastPartLen = 0;
+    if (!pLastPart) {
+        /* caller is checking the amount of remaining data */
+        if (context->padDataLength > 0) {
+            *pulLastPartLen = context->padDataLength;
+        }
+        goto finish;
+    }
+
+    if (context->doPad) {
+        /* decrypt our saved buffer */
+        if (context->padDataLength != 0) {
+            /* this assumes that pLastPart is big enough to hold the *whole*
+             * buffer!!! */
+            rv = (*context->update)(context->cipherInfo, pLastPart, &outlen,
+                                    maxout, context->padBuf, context->blockSize);
+            if (rv != SECSuccess) {
+                crv = sftk_MapDecryptError(PORT_GetError());
+            } else {
+                unsigned int padSize =
+                    (unsigned int)pLastPart[context->blockSize - 1];
+                if ((padSize > context->blockSize) || (padSize == 0)) {
+                    crv = CKR_ENCRYPTED_DATA_INVALID;
+                } else {
+                    unsigned int i;
+                    unsigned int badPadding = 0; /* used as a boolean */
+                    for (i = 0; i < padSize; i++) {
+                        badPadding |=
+                            (unsigned int)pLastPart[context->blockSize - 1 - i] ^
+                            padSize;
+                    }
+                    if (badPadding) {
+                        crv = CKR_ENCRYPTED_DATA_INVALID;
+                    } else {
+                        *pulLastPartLen = outlen - padSize;
+                    }
+                }
+            }
+        }
+    }
+
+    sftk_TerminateOp(session, SFTK_DECRYPT, context);
+finish:
+    sftk_FreeSession(session);
+    return crv;
+}
+
+/* NSC_Decrypt decrypts encrypted data in a single part. */
+CK_RV
+NSC_Decrypt(CK_SESSION_HANDLE hSession,
+            CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData,
+            CK_ULONG_PTR pulDataLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int outlen;
+    unsigned int maxoutlen = *pulDataLen;
+    CK_RV crv;
+    CK_RV crv2;
+    SECStatus rv = SECSuccess;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_DECRYPT, PR_FALSE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (!pData) {
+        *pulDataLen = ulEncryptedDataLen + context->blockSize;
+        goto finish;
+    }
+
+    if (context->doPad && context->multi) {
+        CK_ULONG finalLen;
+        /* padding is fairly complicated, have the update and final
+         * code deal with it */
+        sftk_FreeSession(session);
+        crv = NSC_DecryptUpdate(hSession, pEncryptedData, ulEncryptedDataLen,
+                                pData, pulDataLen);
+        if (crv != CKR_OK)
+            *pulDataLen = 0;
+        maxoutlen -= *pulDataLen;
+        pData += *pulDataLen;
+        finalLen = maxoutlen;
+        crv2 = NSC_DecryptFinal(hSession, pData, &finalLen);
+        if (crv2 == CKR_OK)
+            *pulDataLen += finalLen;
+        return crv == CKR_OK ? crv2 : crv;
+    }
+
+    rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen,
+                            pEncryptedData, ulEncryptedDataLen);
+    /* XXX need to do MUCH better error mapping than this. */
+    crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
+    if (rv == SECSuccess && context->doPad) {
+        unsigned int padding = pData[outlen - 1];
+        if (padding > context->blockSize || !padding) {
+            crv = CKR_ENCRYPTED_DATA_INVALID;
+        } else {
+            unsigned int i;
+            unsigned int badPadding = 0; /* used as a boolean */
+            for (i = 0; i < padding; i++) {
+                badPadding |= (unsigned int)pData[outlen - 1 - i] ^ padding;
+            }
+            if (badPadding) {
+                crv = CKR_ENCRYPTED_DATA_INVALID;
+            } else {
+                outlen -= padding;
+            }
+        }
+    }
+    *pulDataLen = (CK_ULONG)outlen;
+    sftk_TerminateOp(session, SFTK_DECRYPT, context);
+finish:
+    sftk_FreeSession(session);
+    return crv;
+}
+
+/*
+ ************** Crypto Functions:     Digest (HASH)  ************************
+ */
+
+/* NSC_DigestInit initializes a message-digesting operation. */
+CK_RV
+NSC_DigestInit(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    CK_RV crv = CKR_OK;
+
+    CHECK_FORK();
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    crv = sftk_InitGeneric(session, &context, SFTK_HASH, NULL, 0, NULL, 0, 0);
+    if (crv != CKR_OK) {
+        sftk_FreeSession(session);
+        return crv;
+    }
+
+#define INIT_MECH(mech, mmm)                                   \
+    case mech: {                                               \
+        mmm##Context *mmm##_ctx = mmm##_NewContext();          \
+        context->cipherInfo = (void *)mmm##_ctx;               \
+        context->cipherInfoLen = mmm##_FlattenSize(mmm##_ctx); \
+        context->currentMech = mech;                           \
+        context->hashUpdate = (SFTKHash)mmm##_Update;          \
+        context->end = (SFTKEnd)mmm##_End;                     \
+        context->destroy = (SFTKDestroy)mmm##_DestroyContext;  \
+        context->maxLen = mmm##_LENGTH;                        \
+        if (mmm##_ctx)                                         \
+            mmm##_Begin(mmm##_ctx);                            \
+        else                                                   \
+            crv = CKR_HOST_MEMORY;                             \
+        break;                                                 \
+    }
+
+    switch (pMechanism->mechanism) {
+        INIT_MECH(CKM_MD2, MD2)
+        INIT_MECH(CKM_MD5, MD5)
+        INIT_MECH(CKM_SHA_1, SHA1)
+        INIT_MECH(CKM_SHA224, SHA224)
+        INIT_MECH(CKM_SHA256, SHA256)
+        INIT_MECH(CKM_SHA384, SHA384)
+        INIT_MECH(CKM_SHA512, SHA512)
+
+        default:
+            crv = CKR_MECHANISM_INVALID;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        sftk_FreeContext(context);
+        sftk_FreeSession(session);
+        return crv;
+    }
+    sftk_SetContextByType(session, SFTK_HASH, context);
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_Digest digests data in a single part. */
+CK_RV
+NSC_Digest(CK_SESSION_HANDLE hSession,
+           CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest,
+           CK_ULONG_PTR pulDigestLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int digestLen;
+    unsigned int maxout = *pulDigestLen;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_FALSE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (pDigest == NULL) {
+        *pulDigestLen = context->maxLen;
+        goto finish;
+    }
+
+    /* do it: */
+    (*context->hashUpdate)(context->cipherInfo, pData, ulDataLen);
+    /*  NOTE: this assumes buf size is bigenough for the algorithm */
+    (*context->end)(context->cipherInfo, pDigest, &digestLen, maxout);
+    *pulDigestLen = digestLen;
+
+    sftk_TerminateOp(session, SFTK_HASH, context);
+finish:
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_DigestUpdate continues a multiple-part message-digesting operation. */
+CK_RV
+NSC_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                 CK_ULONG ulPartLen)
+{
+    SFTKSessionContext *context;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE, NULL);
+    if (crv != CKR_OK)
+        return crv;
+    /* do it: */
+    (*context->hashUpdate)(context->cipherInfo, pPart, ulPartLen);
+    return CKR_OK;
+}
+
+/* NSC_DigestFinal finishes a multiple-part message-digesting operation. */
+CK_RV
+NSC_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
+                CK_ULONG_PTR pulDigestLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int maxout = *pulDigestLen;
+    unsigned int digestLen;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (pDigest != NULL) {
+        (*context->end)(context->cipherInfo, pDigest, &digestLen, maxout);
+        *pulDigestLen = digestLen;
+        sftk_TerminateOp(session, SFTK_HASH, context);
+    } else {
+        *pulDigestLen = context->maxLen;
+    }
+
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/*
+ * these helper functions are used by Generic Macing and Signing functions
+ * that use hashes as part of their operations.
+ */
+#define DOSUB(mmm)                                                \
+    static CK_RV                                                  \
+        sftk_doSub##mmm(SFTKSessionContext *context)              \
+    {                                                             \
+        mmm##Context *mmm##_ctx = mmm##_NewContext();             \
+        context->hashInfo = (void *)mmm##_ctx;                    \
+        context->hashUpdate = (SFTKHash)mmm##_Update;             \
+        context->end = (SFTKEnd)mmm##_End;                        \
+        context->hashdestroy = (SFTKDestroy)mmm##_DestroyContext; \
+        if (!context->hashInfo) {                                 \
+            return CKR_HOST_MEMORY;                               \
+        }                                                         \
+        mmm##_Begin(mmm##_ctx);                                   \
+        return CKR_OK;                                            \
+    }
+
+DOSUB(MD2)
+DOSUB(MD5)
+DOSUB(SHA1)
+DOSUB(SHA224)
+DOSUB(SHA256)
+DOSUB(SHA384)
+DOSUB(SHA512)
+
+static SECStatus
+sftk_SignCopy(
+    CK_ULONG *copyLen,
+    void *out, unsigned int *outLength,
+    unsigned int maxLength,
+    const unsigned char *hashResult,
+    unsigned int hashResultLength)
+{
+    unsigned int toCopy = *copyLen;
+    if (toCopy > maxLength) {
+        toCopy = maxLength;
+    }
+    if (toCopy > hashResultLength) {
+        toCopy = hashResultLength;
+    }
+    memcpy(out, hashResult, toCopy);
+    if (outLength) {
+        *outLength = toCopy;
+    }
+    return SECSuccess;
+}
+
+/* Verify is just a compare for HMAC */
+static SECStatus
+sftk_HMACCmp(CK_ULONG *copyLen, unsigned char *sig, unsigned int sigLen,
+             unsigned char *hash, unsigned int hashLen)
+{
+    return (PORT_Memcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure;
+}
+
+/*
+ * common HMAC initalization routine
+ */
+static CK_RV
+sftk_doHMACInit(SFTKSessionContext *context, HASH_HashType hash,
+                SFTKObject *key, CK_ULONG mac_size)
+{
+    SFTKAttribute *keyval;
+    HMACContext *HMACcontext;
+    CK_ULONG *intpointer;
+    const SECHashObject *hashObj = HASH_GetRawHashObject(hash);
+    PRBool isFIPS = (key->slot->slotID == FIPS_SLOT_ID);
+
+    /* required by FIPS 198 Section 4 */
+    if (isFIPS && (mac_size < 4 || mac_size < hashObj->length / 2)) {
+        return CKR_BUFFER_TOO_SMALL;
+    }
+
+    keyval = sftk_FindAttribute(key, CKA_VALUE);
+    if (keyval == NULL)
+        return CKR_KEY_SIZE_RANGE;
+
+    HMACcontext = HMAC_Create(hashObj,
+                              (const unsigned char *)keyval->attrib.pValue,
+                              keyval->attrib.ulValueLen, isFIPS);
+    context->hashInfo = HMACcontext;
+    context->multi = PR_TRUE;
+    sftk_FreeAttribute(keyval);
+    if (context->hashInfo == NULL) {
+        if (PORT_GetError() == SEC_ERROR_INVALID_ARGS) {
+            return CKR_KEY_SIZE_RANGE;
+        }
+        return CKR_HOST_MEMORY;
+    }
+    context->hashUpdate = (SFTKHash)HMAC_Update;
+    context->end = (SFTKEnd)HMAC_Finish;
+
+    context->hashdestroy = (SFTKDestroy)HMAC_Destroy;
+    intpointer = PORT_New(CK_ULONG);
+    if (intpointer == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    *intpointer = mac_size;
+    context->cipherInfo = intpointer;
+    context->destroy = (SFTKDestroy)sftk_Space;
+    context->update = (SFTKCipher)sftk_SignCopy;
+    context->verify = (SFTKVerify)sftk_HMACCmp;
+    context->maxLen = hashObj->length;
+    HMAC_Begin(HMACcontext);
+    return CKR_OK;
+}
+
+/*
+ *  SSL Macing support. SSL Macs are inited, then update with the base
+ * hashing algorithm, then finalized in sign and verify
+ */
+
+/*
+ * FROM SSL:
+ * 60 bytes is 3 times the maximum length MAC size that is supported.
+ * We probably should have one copy of this table. We still need this table
+ * in ssl to 'sign' the handshake hashes.
+ */
+static unsigned char ssl_pad_1[60] = {
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36
+};
+static unsigned char ssl_pad_2[60] = {
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c
+};
+
+static SECStatus
+sftk_SSLMACSign(SFTKSSLMACInfo *info, unsigned char *sig, unsigned int *sigLen,
+                unsigned int maxLen, unsigned char *hash, unsigned int hashLen)
+{
+    unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH];
+    unsigned int out;
+
+    info->begin(info->hashContext);
+    info->update(info->hashContext, info->key, info->keySize);
+    info->update(info->hashContext, ssl_pad_2, info->padSize);
+    info->update(info->hashContext, hash, hashLen);
+    info->end(info->hashContext, tmpBuf, &out, SFTK_MAX_MAC_LENGTH);
+    PORT_Memcpy(sig, tmpBuf, info->macSize);
+    *sigLen = info->macSize;
+    return SECSuccess;
+}
+
+static SECStatus
+sftk_SSLMACVerify(SFTKSSLMACInfo *info, unsigned char *sig, unsigned int sigLen,
+                  unsigned char *hash, unsigned int hashLen)
+{
+    unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH];
+    unsigned int out;
+
+    info->begin(info->hashContext);
+    info->update(info->hashContext, info->key, info->keySize);
+    info->update(info->hashContext, ssl_pad_2, info->padSize);
+    info->update(info->hashContext, hash, hashLen);
+    info->end(info->hashContext, tmpBuf, &out, SFTK_MAX_MAC_LENGTH);
+    return (PORT_Memcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure;
+}
+
+/*
+ * common HMAC initalization routine
+ */
+static CK_RV
+sftk_doSSLMACInit(SFTKSessionContext *context, SECOidTag oid,
+                  SFTKObject *key, CK_ULONG mac_size)
+{
+    SFTKAttribute *keyval;
+    SFTKBegin begin;
+    int padSize;
+    SFTKSSLMACInfo *sslmacinfo;
+    CK_RV crv = CKR_MECHANISM_INVALID;
+
+    if (oid == SEC_OID_SHA1) {
+        crv = sftk_doSubSHA1(context);
+        if (crv != CKR_OK)
+            return crv;
+        begin = (SFTKBegin)SHA1_Begin;
+        padSize = 40;
+    } else {
+        crv = sftk_doSubMD5(context);
+        if (crv != CKR_OK)
+            return crv;
+        begin = (SFTKBegin)MD5_Begin;
+        padSize = 48;
+    }
+    context->multi = PR_TRUE;
+
+    keyval = sftk_FindAttribute(key, CKA_VALUE);
+    if (keyval == NULL)
+        return CKR_KEY_SIZE_RANGE;
+
+    context->hashUpdate(context->hashInfo, keyval->attrib.pValue,
+                        keyval->attrib.ulValueLen);
+    context->hashUpdate(context->hashInfo, ssl_pad_1, padSize);
+    sslmacinfo = (SFTKSSLMACInfo *)PORT_Alloc(sizeof(SFTKSSLMACInfo));
+    if (sslmacinfo == NULL) {
+        sftk_FreeAttribute(keyval);
+        return CKR_HOST_MEMORY;
+    }
+    sslmacinfo->macSize = mac_size;
+    sslmacinfo->hashContext = context->hashInfo;
+    PORT_Memcpy(sslmacinfo->key, keyval->attrib.pValue,
+                keyval->attrib.ulValueLen);
+    sslmacinfo->keySize = keyval->attrib.ulValueLen;
+    sslmacinfo->begin = begin;
+    sslmacinfo->end = context->end;
+    sslmacinfo->update = context->hashUpdate;
+    sslmacinfo->padSize = padSize;
+    sftk_FreeAttribute(keyval);
+    context->cipherInfo = (void *)sslmacinfo;
+    context->destroy = (SFTKDestroy)sftk_Space;
+    context->update = (SFTKCipher)sftk_SSLMACSign;
+    context->verify = (SFTKVerify)sftk_SSLMACVerify;
+    context->maxLen = mac_size;
+    return CKR_OK;
+}
+
+/*
+ ************** Crypto Functions:     Sign  ************************
+ */
+
+/**
+ * Check if We're using CBCMacing and initialize the session context if we are.
+ *  @param contextType SFTK_SIGN or SFTK_VERIFY
+ *  @param keyUsage    check whether key allows this usage
+ */
+static CK_RV
+sftk_InitCBCMac(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
+                CK_OBJECT_HANDLE hKey, CK_ATTRIBUTE_TYPE keyUsage,
+                SFTKContextType contextType)
+
+{
+    CK_MECHANISM cbc_mechanism;
+    CK_ULONG mac_bytes = SFTK_INVALID_MAC_SIZE;
+    CK_RC2_CBC_PARAMS rc2_params;
+#if NSS_SOFTOKEN_DOES_RC5
+    CK_RC5_CBC_PARAMS rc5_params;
+    CK_RC5_MAC_GENERAL_PARAMS *rc5_mac;
+#endif
+    unsigned char ivBlock[SFTK_MAX_BLOCK_SIZE];
+    SFTKSessionContext *context;
+    CK_RV crv;
+    unsigned int blockSize;
+
+    switch (pMechanism->mechanism) {
+        case CKM_RC2_MAC_GENERAL:
+            if (!pMechanism->pParameter) {
+                return CKR_MECHANISM_PARAM_INVALID;
+            }
+            mac_bytes =
+                ((CK_RC2_MAC_GENERAL_PARAMS *)pMechanism->pParameter)->ulMacLength;
+        /* fall through */
+        case CKM_RC2_MAC:
+            /* this works because ulEffectiveBits is in the same place in both the
+             * CK_RC2_MAC_GENERAL_PARAMS and CK_RC2_CBC_PARAMS */
+            rc2_params.ulEffectiveBits = ((CK_RC2_MAC_GENERAL_PARAMS *)
+                                              pMechanism->pParameter)
+                                             ->ulEffectiveBits;
+            PORT_Memset(rc2_params.iv, 0, sizeof(rc2_params.iv));
+            cbc_mechanism.mechanism = CKM_RC2_CBC;
+            cbc_mechanism.pParameter = &rc2_params;
+            cbc_mechanism.ulParameterLen = sizeof(rc2_params);
+            blockSize = 8;
+            break;
+#if NSS_SOFTOKEN_DOES_RC5
+        case CKM_RC5_MAC_GENERAL:
+            mac_bytes =
+                ((CK_RC5_MAC_GENERAL_PARAMS *)pMechanism->pParameter)->ulMacLength;
+        /* fall through */
+        case CKM_RC5_MAC:
+            /* this works because ulEffectiveBits is in the same place in both the
+             * CK_RC5_MAC_GENERAL_PARAMS and CK_RC5_CBC_PARAMS */
+            rc5_mac = (CK_RC5_MAC_GENERAL_PARAMS *)pMechanism->pParameter;
+            rc5_params.ulWordsize = rc5_mac->ulWordsize;
+            rc5_params.ulRounds = rc5_mac->ulRounds;
+            rc5_params.pIv = ivBlock;
+            if ((blockSize = rc5_mac->ulWordsize * 2) > SFTK_MAX_BLOCK_SIZE)
+                return CKR_MECHANISM_PARAM_INVALID;
+            rc5_params.ulIvLen = blockSize;
+            PORT_Memset(ivBlock, 0, blockSize);
+            cbc_mechanism.mechanism = CKM_RC5_CBC;
+            cbc_mechanism.pParameter = &rc5_params;
+            cbc_mechanism.ulParameterLen = sizeof(rc5_params);
+            break;
+#endif
+        /* add cast and idea later */
+        case CKM_DES_MAC_GENERAL:
+            mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
+        /* fall through */
+        case CKM_DES_MAC:
+            blockSize = 8;
+            PORT_Memset(ivBlock, 0, blockSize);
+            cbc_mechanism.mechanism = CKM_DES_CBC;
+            cbc_mechanism.pParameter = &ivBlock;
+            cbc_mechanism.ulParameterLen = blockSize;
+            break;
+        case CKM_DES3_MAC_GENERAL:
+            mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
+        /* fall through */
+        case CKM_DES3_MAC:
+            blockSize = 8;
+            PORT_Memset(ivBlock, 0, blockSize);
+            cbc_mechanism.mechanism = CKM_DES3_CBC;
+            cbc_mechanism.pParameter = &ivBlock;
+            cbc_mechanism.ulParameterLen = blockSize;
+            break;
+        case CKM_CDMF_MAC_GENERAL:
+            mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
+        /* fall through */
+        case CKM_CDMF_MAC:
+            blockSize = 8;
+            PORT_Memset(ivBlock, 0, blockSize);
+            cbc_mechanism.mechanism = CKM_CDMF_CBC;
+            cbc_mechanism.pParameter = &ivBlock;
+            cbc_mechanism.ulParameterLen = blockSize;
+            break;
+        case CKM_SEED_MAC_GENERAL:
+            mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
+        /* fall through */
+        case CKM_SEED_MAC:
+            blockSize = 16;
+            PORT_Memset(ivBlock, 0, blockSize);
+            cbc_mechanism.mechanism = CKM_SEED_CBC;
+            cbc_mechanism.pParameter = &ivBlock;
+            cbc_mechanism.ulParameterLen = blockSize;
+            break;
+        case CKM_CAMELLIA_MAC_GENERAL:
+            mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
+        /* fall through */
+        case CKM_CAMELLIA_MAC:
+            blockSize = 16;
+            PORT_Memset(ivBlock, 0, blockSize);
+            cbc_mechanism.mechanism = CKM_CAMELLIA_CBC;
+            cbc_mechanism.pParameter = &ivBlock;
+            cbc_mechanism.ulParameterLen = blockSize;
+            break;
+        case CKM_AES_MAC_GENERAL:
+            mac_bytes = *(CK_ULONG *)pMechanism->pParameter;
+        /* fall through */
+        case CKM_AES_MAC:
+            blockSize = 16;
+            PORT_Memset(ivBlock, 0, blockSize);
+            cbc_mechanism.mechanism = CKM_AES_CBC;
+            cbc_mechanism.pParameter = &ivBlock;
+            cbc_mechanism.ulParameterLen = blockSize;
+            break;
+        default:
+            return CKR_FUNCTION_NOT_SUPPORTED;
+    }
+
+    /* if MAC size is externally supplied, it should be checked.
+     */
+    if (mac_bytes == SFTK_INVALID_MAC_SIZE)
+        mac_bytes = blockSize >> 1;
+    else {
+        if (mac_bytes > blockSize)
+            return CKR_MECHANISM_PARAM_INVALID;
+    }
+
+    crv = sftk_CryptInit(hSession, &cbc_mechanism, hKey,
+                         CKA_ENCRYPT, /* CBC mech is able to ENCRYPT, not SIGN/VERIFY */
+                         keyUsage, contextType, PR_TRUE);
+    if (crv != CKR_OK)
+        return crv;
+    crv = sftk_GetContext(hSession, &context, contextType, PR_TRUE, NULL);
+
+    /* this shouldn't happen! */
+    PORT_Assert(crv == CKR_OK);
+    if (crv != CKR_OK)
+        return crv;
+    context->blockSize = blockSize;
+    context->macSize = mac_bytes;
+    return CKR_OK;
+}
+
+/*
+ * encode RSA PKCS #1 Signature data before signing...
+ */
+static SECStatus
+sftk_RSAHashSign(SFTKHashSignInfo *info, unsigned char *sig,
+                 unsigned int *sigLen, unsigned int maxLen,
+                 const unsigned char *hash, unsigned int hashLen)
+{
+    PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey);
+    if (info->key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return RSA_HashSign(info->hashOid, info->key, sig, sigLen, maxLen,
+                        hash, hashLen);
+}
+
+/* XXX Old template; want to expunge it eventually. */
+static DERTemplate SECAlgorithmIDTemplate[] = {
+    { DER_SEQUENCE,
+      0, NULL, sizeof(SECAlgorithmID) },
+    { DER_OBJECT_ID,
+      offsetof(SECAlgorithmID, algorithm) },
+    { DER_OPTIONAL | DER_ANY,
+      offsetof(SECAlgorithmID, parameters) },
+    { 0 }
+};
+
+/*
+ * XXX OLD Template.  Once all uses have been switched over to new one,
+ * remove this.
+ */
+static DERTemplate SGNDigestInfoTemplate[] = {
+    { DER_SEQUENCE,
+      0, NULL, sizeof(SGNDigestInfo) },
+    { DER_INLINE,
+      offsetof(SGNDigestInfo, digestAlgorithm),
+      SECAlgorithmIDTemplate },
+    { DER_OCTET_STRING,
+      offsetof(SGNDigestInfo, digest) },
+    { 0 }
+};
+
+/*
+ * encode RSA PKCS #1 Signature data before signing...
+ */
+SECStatus
+RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
+             unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
+             const unsigned char *hash, unsigned int hashLen)
+{
+    SECStatus rv = SECFailure;
+    SECItem digder;
+    PLArenaPool *arena = NULL;
+    SGNDigestInfo *di = NULL;
+
+    digder.data = NULL;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        goto loser;
+    }
+
+    /* Construct digest info */
+    di = SGN_CreateDigestInfo(hashOid, hash, hashLen);
+    if (!di) {
+        goto loser;
+    }
+
+    /* Der encode the digest as a DigestInfo */
+    rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+    ** Encrypt signature after constructing appropriate PKCS#1 signature
+    ** block
+    */
+    rv = RSA_Sign(&key->u.rsa, sig, sigLen, maxLen, digder.data,
+                  digder.len);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+
+loser:
+    SGN_DestroyDigestInfo(di);
+    if (arena != NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return rv;
+}
+
+static SECStatus
+sftk_RSASign(NSSLOWKEYPrivateKey *key, unsigned char *output,
+             unsigned int *outputLen, unsigned int maxOutputLen,
+             const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    rv = RSA_Sign(&key->u.rsa, output, outputLen, maxOutputLen, input,
+                  inputLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+    return rv;
+}
+
+static SECStatus
+sftk_RSASignRaw(NSSLOWKEYPrivateKey *key, unsigned char *output,
+                unsigned int *outputLen, unsigned int maxOutputLen,
+                const unsigned char *input, unsigned int inputLen)
+{
+    SECStatus rv = SECFailure;
+
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    rv = RSA_SignRaw(&key->u.rsa, output, outputLen, maxOutputLen, input,
+                     inputLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+    return rv;
+}
+
+static SECStatus
+sftk_RSASignPSS(SFTKHashSignInfo *info, unsigned char *sig,
+                unsigned int *sigLen, unsigned int maxLen,
+                const unsigned char *hash, unsigned int hashLen)
+{
+    SECStatus rv = SECFailure;
+    HASH_HashType hashAlg;
+    HASH_HashType maskHashAlg;
+    CK_RSA_PKCS_PSS_PARAMS *params = (CK_RSA_PKCS_PSS_PARAMS *)info->params;
+
+    PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey);
+    if (info->key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    hashAlg = GetHashTypeFromMechanism(params->hashAlg);
+    maskHashAlg = GetHashTypeFromMechanism(params->mgf);
+
+    rv = RSA_SignPSS(&info->key->u.rsa, hashAlg, maskHashAlg, NULL,
+                     params->sLen, sig, sigLen, maxLen, hash, hashLen);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+    return rv;
+}
+
+static SECStatus
+nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen,
+                    void *dataBuf, unsigned int dataLen)
+{
+    SECItem signature, digest;
+    NSSLOWKEYPublicKey *key = (NSSLOWKEYPublicKey *)ctx;
+
+    signature.data = (unsigned char *)sigBuf;
+    signature.len = sigLen;
+    digest.data = (unsigned char *)dataBuf;
+    digest.len = dataLen;
+    return DSA_VerifyDigest(&(key->u.dsa), &signature, &digest);
+}
+
+static SECStatus
+nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
+                  unsigned int *sigLen, unsigned int maxSigLen,
+                  void *dataBuf, unsigned int dataLen)
+{
+    SECItem signature, digest;
+    SECStatus rv;
+    NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx;
+
+    signature.data = (unsigned char *)sigBuf;
+    signature.len = maxSigLen;
+    digest.data = (unsigned char *)dataBuf;
+    digest.len = dataLen;
+    rv = DSA_SignDigest(&(key->u.dsa), &signature, &digest);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+    *sigLen = signature.len;
+    return rv;
+}
+
+#ifndef NSS_DISABLE_ECC
+static SECStatus
+nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
+                    void *dataBuf, unsigned int dataLen)
+{
+    SECItem signature, digest;
+    NSSLOWKEYPublicKey *key = (NSSLOWKEYPublicKey *)ctx;
+
+    signature.data = (unsigned char *)sigBuf;
+    signature.len = sigLen;
+    digest.data = (unsigned char *)dataBuf;
+    digest.len = dataLen;
+    return ECDSA_VerifyDigest(&(key->u.ec), &signature, &digest);
+}
+
+static SECStatus
+nsc_ECDSASignStub(void *ctx, void *sigBuf,
+                  unsigned int *sigLen, unsigned int maxSigLen,
+                  void *dataBuf, unsigned int dataLen)
+{
+    SECItem signature, digest;
+    SECStatus rv;
+    NSSLOWKEYPrivateKey *key = (NSSLOWKEYPrivateKey *)ctx;
+
+    signature.data = (unsigned char *)sigBuf;
+    signature.len = maxSigLen;
+    digest.data = (unsigned char *)dataBuf;
+    digest.len = dataLen;
+    rv = ECDSA_SignDigest(&(key->u.ec), &signature, &digest);
+    if (rv != SECSuccess && PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+        sftk_fatalError = PR_TRUE;
+    }
+    *sigLen = signature.len;
+    return rv;
+}
+#endif /* NSS_DISABLE_ECC */
+
+/* NSC_SignInit setups up the signing operations. There are three basic
+ * types of signing:
+ *      (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
+ *  to data in a single Sign operation (which often looks a lot like an
+ *  encrypt, with data coming in and data going out).
+ *      (2) Hash based signing, where we continually hash the data, then apply
+ *  some sort of signature to the end.
+ *      (3) Block Encryption CBC MAC's, where the Data is encrypted with a key,
+ *  and only the final block is part of the mac.
+ *
+ *  For case number 3, we initialize a context much like the Encryption Context
+ *  (in fact we share code). We detect case 3 in C_SignUpdate, C_Sign, and
+ *  C_Final by the following method... if it's not multi-part, and it's doesn't
+ *  have a hash context, it must be a block Encryption CBC MAC.
+ *
+ *  For case number 2, we initialize a hash structure, as well as make it
+ *  multi-part. Updates are simple calls to the hash update function. Final
+ *  calls the hashend, then passes the result to the 'update' function (which
+ *  operates as a final signature function). In some hash based MAC'ing (as
+ *  opposed to hash base signatures), the update function is can be simply a
+ *  copy (as is the case with HMAC).
+ */
+CK_RV
+NSC_SignInit(CK_SESSION_HANDLE hSession,
+             CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTKSession *session;
+    SFTKObject *key;
+    SFTKSessionContext *context;
+    CK_KEY_TYPE key_type;
+    CK_RV crv = CKR_OK;
+    NSSLOWKEYPrivateKey *privKey;
+    SFTKHashSignInfo *info = NULL;
+
+    CHECK_FORK();
+
+    /* Block Cipher MACing Algorithms use a different Context init method..*/
+    crv = sftk_InitCBCMac(hSession, pMechanism, hKey, CKA_SIGN, SFTK_SIGN);
+    if (crv != CKR_FUNCTION_NOT_SUPPORTED)
+        return crv;
+
+    /* we're not using a block cipher mac */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    crv = sftk_InitGeneric(session, &context, SFTK_SIGN, &key, hKey, &key_type,
+                           CKO_PRIVATE_KEY, CKA_SIGN);
+    if (crv != CKR_OK) {
+        sftk_FreeSession(session);
+        return crv;
+    }
+
+    context->multi = PR_FALSE;
+
+#define INIT_RSA_SIGN_MECH(mmm)                         \
+    case CKM_##mmm##_RSA_PKCS:                          \
+        context->multi = PR_TRUE;                       \
+        crv = sftk_doSub##mmm(context);                 \
+        if (crv != CKR_OK)                              \
+            break;                                      \
+        context->update = (SFTKCipher)sftk_RSAHashSign; \
+        info = PORT_New(SFTKHashSignInfo);              \
+        if (info == NULL) {                             \
+            crv = CKR_HOST_MEMORY;                      \
+            break;                                      \
+        }                                               \
+        info->hashOid = SEC_OID_##mmm;                  \
+        goto finish_rsa;
+
+    switch (pMechanism->mechanism) {
+        INIT_RSA_SIGN_MECH(MD5)
+        INIT_RSA_SIGN_MECH(MD2)
+        INIT_RSA_SIGN_MECH(SHA1)
+        INIT_RSA_SIGN_MECH(SHA224)
+        INIT_RSA_SIGN_MECH(SHA256)
+        INIT_RSA_SIGN_MECH(SHA384)
+        INIT_RSA_SIGN_MECH(SHA512)
+
+        case CKM_RSA_PKCS:
+            context->update = (SFTKCipher)sftk_RSASign;
+            goto finish_rsa;
+        case CKM_RSA_X_509:
+            context->update = (SFTKCipher)sftk_RSASignRaw;
+        finish_rsa:
+            if (key_type != CKK_RSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            context->rsa = PR_TRUE;
+            privKey = sftk_GetPrivKey(key, CKK_RSA, &crv);
+            if (privKey == NULL) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            /* OK, info is allocated only if we're doing hash and sign mechanism.
+             * It's necessary to be able to set the correct OID in the final
+             * signature.
+             */
+            if (info) {
+                info->key = privKey;
+                context->cipherInfo = info;
+                context->destroy = (SFTKDestroy)sftk_Space;
+            } else {
+                context->cipherInfo = privKey;
+                context->destroy = (SFTKDestroy)sftk_Null;
+            }
+            context->maxLen = nsslowkey_PrivateModulusLen(privKey);
+            break;
+        case CKM_RSA_PKCS_PSS:
+            if (key_type != CKK_RSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            context->rsa = PR_TRUE;
+            if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+                !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS *)pMechanism->pParameter)) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            info = PORT_New(SFTKHashSignInfo);
+            if (info == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            info->params = pMechanism->pParameter;
+            info->key = sftk_GetPrivKey(key, CKK_RSA, &crv);
+            if (info->key == NULL) {
+                PORT_Free(info);
+                break;
+            }
+            context->cipherInfo = info;
+            context->destroy = (SFTKDestroy)sftk_Space;
+            context->update = (SFTKCipher)sftk_RSASignPSS;
+            context->maxLen = nsslowkey_PrivateModulusLen(info->key);
+            break;
+
+        case CKM_DSA_SHA1:
+            context->multi = PR_TRUE;
+            crv = sftk_doSubSHA1(context);
+            if (crv != CKR_OK)
+                break;
+        /* fall through */
+        case CKM_DSA:
+            if (key_type != CKK_DSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            privKey = sftk_GetPrivKey(key, CKK_DSA, &crv);
+            if (privKey == NULL) {
+                break;
+            }
+            context->cipherInfo = privKey;
+            context->update = (SFTKCipher)nsc_DSA_Sign_Stub;
+            context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey;
+            context->maxLen = DSA_MAX_SIGNATURE_LEN;
+
+            break;
+
+#ifndef NSS_DISABLE_ECC
+        case CKM_ECDSA_SHA1:
+            context->multi = PR_TRUE;
+            crv = sftk_doSubSHA1(context);
+            if (crv != CKR_OK)
+                break;
+        /* fall through */
+        case CKM_ECDSA:
+            if (key_type != CKK_EC) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            privKey = sftk_GetPrivKey(key, CKK_EC, &crv);
+            if (privKey == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->cipherInfo = privKey;
+            context->update = (SFTKCipher)nsc_ECDSASignStub;
+            context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey;
+            context->maxLen = MAX_ECKEY_LEN * 2;
+
+            break;
+#endif /* NSS_DISABLE_ECC */
+
+#define INIT_HMAC_MECH(mmm)                                               \
+    case CKM_##mmm##_HMAC_GENERAL:                                        \
+        crv = sftk_doHMACInit(context, HASH_Alg##mmm, key,                \
+                              *(CK_ULONG *)pMechanism->pParameter);       \
+        break;                                                            \
+    case CKM_##mmm##_HMAC:                                                \
+        crv = sftk_doHMACInit(context, HASH_Alg##mmm, key, mmm##_LENGTH); \
+        break;
+
+            INIT_HMAC_MECH(MD2)
+            INIT_HMAC_MECH(MD5)
+            INIT_HMAC_MECH(SHA224)
+            INIT_HMAC_MECH(SHA256)
+            INIT_HMAC_MECH(SHA384)
+            INIT_HMAC_MECH(SHA512)
+
+        case CKM_SHA_1_HMAC_GENERAL:
+            crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
+                                  *(CK_ULONG *)pMechanism->pParameter);
+            break;
+        case CKM_SHA_1_HMAC:
+            crv = sftk_doHMACInit(context, HASH_AlgSHA1, key, SHA1_LENGTH);
+            break;
+
+        case CKM_SSL3_MD5_MAC:
+            crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
+                                    *(CK_ULONG *)pMechanism->pParameter);
+            break;
+        case CKM_SSL3_SHA1_MAC:
+            crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
+                                    *(CK_ULONG *)pMechanism->pParameter);
+            break;
+        case CKM_TLS_PRF_GENERAL:
+            crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0);
+            break;
+        case CKM_TLS_MAC: {
+            CK_TLS_MAC_PARAMS *tls12_mac_params;
+            HASH_HashType tlsPrfHash;
+            const char *label;
+
+            if (pMechanism->ulParameterLen != sizeof(CK_TLS_MAC_PARAMS)) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            tls12_mac_params = (CK_TLS_MAC_PARAMS *)pMechanism->pParameter;
+            if (tls12_mac_params->prfMechanism == CKM_TLS_PRF) {
+                /* The TLS 1.0 and 1.1 PRF */
+                tlsPrfHash = HASH_AlgNULL;
+                if (tls12_mac_params->ulMacLength != 12) {
+                    crv = CKR_MECHANISM_PARAM_INVALID;
+                    break;
+                }
+            } else {
+                /* The hash function for the TLS 1.2 PRF */
+                tlsPrfHash =
+                    GetHashTypeFromMechanism(tls12_mac_params->prfMechanism);
+                if (tlsPrfHash == HASH_AlgNULL ||
+                    tls12_mac_params->ulMacLength < 12) {
+                    crv = CKR_MECHANISM_PARAM_INVALID;
+                    break;
+                }
+            }
+            if (tls12_mac_params->ulServerOrClient == 1) {
+                label = "server finished";
+            } else if (tls12_mac_params->ulServerOrClient == 2) {
+                label = "client finished";
+            } else {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash,
+                                  tls12_mac_params->ulMacLength);
+            if (crv == CKR_OK) {
+                context->hashUpdate(context->hashInfo, label, 15);
+            }
+            break;
+        }
+        case CKM_NSS_TLS_PRF_GENERAL_SHA256:
+            crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0);
+            break;
+
+        case CKM_NSS_HMAC_CONSTANT_TIME: {
+            sftk_MACConstantTimeCtx *ctx =
+                sftk_HMACConstantTime_New(pMechanism, key);
+            CK_ULONG *intpointer;
+
+            if (ctx == NULL) {
+                crv = CKR_ARGUMENTS_BAD;
+                break;
+            }
+            intpointer = PORT_New(CK_ULONG);
+            if (intpointer == NULL) {
+                PORT_Free(ctx);
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            *intpointer = ctx->hash->length;
+
+            context->cipherInfo = intpointer;
+            context->hashInfo = ctx;
+            context->currentMech = pMechanism->mechanism;
+            context->hashUpdate = sftk_HMACConstantTime_Update;
+            context->hashdestroy = sftk_MACConstantTime_DestroyContext;
+            context->end = sftk_MACConstantTime_EndHash;
+            context->update = (SFTKCipher)sftk_SignCopy;
+            context->destroy = sftk_Space;
+            context->maxLen = 64;
+            context->multi = PR_TRUE;
+            break;
+        }
+
+        case CKM_NSS_SSL3_MAC_CONSTANT_TIME: {
+            sftk_MACConstantTimeCtx *ctx =
+                sftk_SSLv3MACConstantTime_New(pMechanism, key);
+            CK_ULONG *intpointer;
+
+            if (ctx == NULL) {
+                crv = CKR_ARGUMENTS_BAD;
+                break;
+            }
+            intpointer = PORT_New(CK_ULONG);
+            if (intpointer == NULL) {
+                PORT_Free(ctx);
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            *intpointer = ctx->hash->length;
+
+            context->cipherInfo = intpointer;
+            context->hashInfo = ctx;
+            context->currentMech = pMechanism->mechanism;
+            context->hashUpdate = sftk_SSLv3MACConstantTime_Update;
+            context->hashdestroy = sftk_MACConstantTime_DestroyContext;
+            context->end = sftk_MACConstantTime_EndHash;
+            context->update = (SFTKCipher)sftk_SignCopy;
+            context->destroy = sftk_Space;
+            context->maxLen = 64;
+            context->multi = PR_TRUE;
+            break;
+        }
+
+        default:
+            crv = CKR_MECHANISM_INVALID;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        if (info)
+            PORT_Free(info);
+        sftk_FreeContext(context);
+        sftk_FreeSession(session);
+        return crv;
+    }
+    sftk_SetContextByType(session, SFTK_SIGN, context);
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/** MAC one block of data by block cipher
+ */
+static CK_RV
+sftk_MACBlock(SFTKSessionContext *ctx, void *blk)
+{
+    unsigned int outlen;
+    return (SECSuccess == (ctx->update)(ctx->cipherInfo, ctx->macBuf, &outlen,
+                                        SFTK_MAX_BLOCK_SIZE, blk, ctx->blockSize))
+               ? CKR_OK
+               : sftk_MapCryptError(PORT_GetError());
+}
+
+/** MAC last (incomplete) block of data by block cipher
+ *
+ *  Call once, then terminate MACing operation.
+ */
+static CK_RV
+sftk_MACFinal(SFTKSessionContext *ctx)
+{
+    unsigned int padLen = ctx->padDataLength;
+    /* pad and proceed the residual */
+    if (padLen) {
+        /* shd clr ctx->padLen to make sftk_MACFinal idempotent */
+        PORT_Memset(ctx->padBuf + padLen, 0, ctx->blockSize - padLen);
+        return sftk_MACBlock(ctx, ctx->padBuf);
+    } else
+        return CKR_OK;
+}
+
+/** The common implementation for {Sign,Verify}Update. (S/V only vary in their
+ * setup and final operations).
+ *
+ * A call which results in an error terminates the operation [PKCS#11,v2.11]
+ */
+static CK_RV
+sftk_MACUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+               CK_ULONG ulPartLen, SFTKContextType type)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    CK_RV crv;
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, type, PR_TRUE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (context->hashInfo) {
+        (*context->hashUpdate)(context->hashInfo, pPart, ulPartLen);
+    } else {
+        /* must be block cipher MACing */
+
+        unsigned int blkSize = context->blockSize;
+        unsigned char *residual = /* free room in context->padBuf */
+            context->padBuf + context->padDataLength;
+        unsigned int minInput = /* min input for MACing at least one block */
+            blkSize - context->padDataLength;
+
+        /* not enough data even for one block */
+        if (ulPartLen < minInput) {
+            PORT_Memcpy(residual, pPart, ulPartLen);
+            context->padDataLength += ulPartLen;
+            goto cleanup;
+        }
+        /* MACing residual */
+        if (context->padDataLength) {
+            PORT_Memcpy(residual, pPart, minInput);
+            ulPartLen -= minInput;
+            pPart += minInput;
+            if (CKR_OK != (crv = sftk_MACBlock(context, context->padBuf)))
+                goto terminate;
+        }
+        /* MACing full blocks */
+        while (ulPartLen >= blkSize) {
+            if (CKR_OK != (crv = sftk_MACBlock(context, pPart)))
+                goto terminate;
+            ulPartLen -= blkSize;
+            pPart += blkSize;
+        }
+        /* save the residual */
+        if ((context->padDataLength = ulPartLen))
+            PORT_Memcpy(context->padBuf, pPart, ulPartLen);
+    } /* blk cipher MACing */
+
+    goto cleanup;
+
+terminate:
+    sftk_TerminateOp(session, type, context);
+cleanup:
+    sftk_FreeSession(session);
+    return crv;
+}
+
+/* NSC_SignUpdate continues a multiple-part signature operation,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature
+ *
+ * A call which results in an error terminates the operation [PKCS#11,v2.11]
+ */
+CK_RV
+NSC_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+               CK_ULONG ulPartLen)
+{
+    CHECK_FORK();
+    return sftk_MACUpdate(hSession, pPart, ulPartLen, SFTK_SIGN);
+}
+
+/* NSC_SignFinal finishes a multiple-part signature operation,
+ * returning the signature. */
+CK_RV
+NSC_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
+              CK_ULONG_PTR pulSignatureLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int outlen;
+    unsigned int maxoutlen = *pulSignatureLen;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_SIGN, PR_TRUE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (context->hashInfo) {
+        unsigned int digestLen;
+        unsigned char tmpbuf[SFTK_MAX_MAC_LENGTH];
+
+        if (!pSignature) {
+            outlen = context->maxLen;
+            goto finish;
+        }
+        (*context->end)(context->hashInfo, tmpbuf, &digestLen, sizeof(tmpbuf));
+        if (SECSuccess != (context->update)(context->cipherInfo, pSignature,
+                                            &outlen, maxoutlen, tmpbuf, digestLen))
+            crv = sftk_MapCryptError(PORT_GetError());
+        /* CKR_BUFFER_TOO_SMALL here isn't continuable, let operation terminate.
+         * Keeping "too small" CK_RV intact is a standard violation, but allows
+         * application read EXACT signature length */
+    } else {
+        /* must be block cipher MACing */
+        outlen = context->macSize;
+        /* null or "too small" buf doesn't terminate operation [PKCS#11,v2.11]*/
+        if (!pSignature || maxoutlen < outlen) {
+            if (pSignature)
+                crv = CKR_BUFFER_TOO_SMALL;
+            goto finish;
+        }
+        if (CKR_OK == (crv = sftk_MACFinal(context)))
+            PORT_Memcpy(pSignature, context->macBuf, outlen);
+    }
+
+    sftk_TerminateOp(session, SFTK_SIGN, context);
+finish:
+    *pulSignatureLen = outlen;
+    sftk_FreeSession(session);
+    return crv;
+}
+
+/* NSC_Sign signs (encrypts with private key) data in a single part,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature */
+CK_RV
+NSC_Sign(CK_SESSION_HANDLE hSession,
+         CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
+         CK_ULONG_PTR pulSignatureLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_SIGN, PR_FALSE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (!pSignature) {
+        /* see also how C_SignUpdate implements this */
+        *pulSignatureLen = (!context->multi || context->hashInfo)
+                               ? context->maxLen
+                               : context->macSize; /* must be block cipher MACing */
+        goto finish;
+    }
+
+    /* multi part Signing are completely implemented by SignUpdate and
+     * sign Final */
+    if (context->multi) {
+        /* SignFinal can't follow failed SignUpdate */
+        if (CKR_OK == (crv = NSC_SignUpdate(hSession, pData, ulDataLen)))
+            crv = NSC_SignFinal(hSession, pSignature, pulSignatureLen);
+    } else {
+        /* single-part PKC signature (e.g. CKM_ECDSA) */
+        unsigned int outlen;
+        unsigned int maxoutlen = *pulSignatureLen;
+        if (SECSuccess != (*context->update)(context->cipherInfo, pSignature,
+                                             &outlen, maxoutlen, pData, ulDataLen))
+            crv = sftk_MapCryptError(PORT_GetError());
+        *pulSignatureLen = (CK_ULONG)outlen;
+        /*  "too small" here is certainly continuable */
+        if (crv != CKR_BUFFER_TOO_SMALL)
+            sftk_TerminateOp(session, SFTK_SIGN, context);
+    } /* single-part */
+
+finish:
+    sftk_FreeSession(session);
+    return crv;
+}
+
+/*
+ ************** Crypto Functions:     Sign Recover  ************************
+ */
+/* NSC_SignRecoverInit initializes a signature operation,
+ * where the (digest) data can be recovered from the signature.
+ * E.g. encryption with the user's private key */
+CK_RV
+NSC_SignRecoverInit(CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    CHECK_FORK();
+
+    switch (pMechanism->mechanism) {
+        case CKM_RSA_PKCS:
+        case CKM_RSA_X_509:
+            return NSC_SignInit(hSession, pMechanism, hKey);
+        default:
+            break;
+    }
+    return CKR_MECHANISM_INVALID;
+}
+
+/* NSC_SignRecover signs data in a single operation
+ * where the (digest) data can be recovered from the signature.
+ * E.g. encryption with the user's private key */
+CK_RV
+NSC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+                CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
+{
+    CHECK_FORK();
+
+    return NSC_Sign(hSession, pData, ulDataLen, pSignature, pulSignatureLen);
+}
+
+/*
+ ************** Crypto Functions:     verify  ************************
+ */
+
+/* Handle RSA Signature formatting */
+static SECStatus
+sftk_hashCheckSign(SFTKHashVerifyInfo *info, const unsigned char *sig,
+                   unsigned int sigLen, const unsigned char *digest,
+                   unsigned int digestLen)
+{
+    PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey);
+    if (info->key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return RSA_HashCheckSign(info->hashOid, info->key, sig, sigLen, digest,
+                             digestLen);
+}
+
+SECStatus
+RSA_HashCheckSign(SECOidTag digestOid, NSSLOWKEYPublicKey *key,
+                  const unsigned char *sig, unsigned int sigLen,
+                  const unsigned char *digestData, unsigned int digestLen)
+{
+    unsigned char *pkcs1DigestInfoData;
+    SECItem pkcs1DigestInfo;
+    SECItem digest;
+    unsigned int bufferSize;
+    SECStatus rv;
+
+    /* pkcs1DigestInfo.data must be less than key->u.rsa.modulus.len */
+    bufferSize = key->u.rsa.modulus.len;
+    pkcs1DigestInfoData = PORT_ZAlloc(bufferSize);
+    if (!pkcs1DigestInfoData) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    pkcs1DigestInfo.data = pkcs1DigestInfoData;
+    pkcs1DigestInfo.len = bufferSize;
+
+    /* decrypt the block */
+    rv = RSA_CheckSignRecover(&key->u.rsa, pkcs1DigestInfo.data,
+                              &pkcs1DigestInfo.len, pkcs1DigestInfo.len,
+                              sig, sigLen);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+    } else {
+        digest.data = (PRUint8 *)digestData;
+        digest.len = digestLen;
+        rv = _SGN_VerifyPKCS1DigestInfo(
+            digestOid, &digest, &pkcs1DigestInfo,
+            PR_TRUE /*XXX: unsafeAllowMissingParameters*/);
+    }
+
+    PORT_Free(pkcs1DigestInfoData);
+    return rv;
+}
+
+static SECStatus
+sftk_RSACheckSign(NSSLOWKEYPublicKey *key, const unsigned char *sig,
+                  unsigned int sigLen, const unsigned char *digest,
+                  unsigned int digestLen)
+{
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return RSA_CheckSign(&key->u.rsa, sig, sigLen, digest, digestLen);
+}
+
+static SECStatus
+sftk_RSACheckSignRaw(NSSLOWKEYPublicKey *key, const unsigned char *sig,
+                     unsigned int sigLen, const unsigned char *digest,
+                     unsigned int digestLen)
+{
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return RSA_CheckSignRaw(&key->u.rsa, sig, sigLen, digest, digestLen);
+}
+
+static SECStatus
+sftk_RSACheckSignPSS(SFTKHashVerifyInfo *info, const unsigned char *sig,
+                     unsigned int sigLen, const unsigned char *digest,
+                     unsigned int digestLen)
+{
+    HASH_HashType hashAlg;
+    HASH_HashType maskHashAlg;
+    CK_RSA_PKCS_PSS_PARAMS *params = (CK_RSA_PKCS_PSS_PARAMS *)info->params;
+
+    PORT_Assert(info->key->keyType == NSSLOWKEYRSAKey);
+    if (info->key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    hashAlg = GetHashTypeFromMechanism(params->hashAlg);
+    maskHashAlg = GetHashTypeFromMechanism(params->mgf);
+
+    return RSA_CheckSignPSS(&info->key->u.rsa, hashAlg, maskHashAlg,
+                            params->sLen, sig, sigLen, digest, digestLen);
+}
+
+/* NSC_VerifyInit initializes a verification operation,
+ * where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature (e.g. DSA) */
+CK_RV
+NSC_VerifyInit(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTKSession *session;
+    SFTKObject *key;
+    SFTKSessionContext *context;
+    CK_KEY_TYPE key_type;
+    CK_RV crv = CKR_OK;
+    NSSLOWKEYPublicKey *pubKey;
+    SFTKHashVerifyInfo *info = NULL;
+
+    CHECK_FORK();
+
+    /* Block Cipher MACing Algorithms use a different Context init method..*/
+    crv = sftk_InitCBCMac(hSession, pMechanism, hKey, CKA_VERIFY, SFTK_VERIFY);
+    if (crv != CKR_FUNCTION_NOT_SUPPORTED)
+        return crv;
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    crv = sftk_InitGeneric(session, &context, SFTK_VERIFY, &key, hKey, &key_type,
+                           CKO_PUBLIC_KEY, CKA_VERIFY);
+    if (crv != CKR_OK) {
+        sftk_FreeSession(session);
+        return crv;
+    }
+
+    context->multi = PR_FALSE;
+
+#define INIT_RSA_VFY_MECH(mmm)                            \
+    case CKM_##mmm##_RSA_PKCS:                            \
+        context->multi = PR_TRUE;                         \
+        crv = sftk_doSub##mmm(context);                   \
+        if (crv != CKR_OK)                                \
+            break;                                        \
+        context->verify = (SFTKVerify)sftk_hashCheckSign; \
+        info = PORT_New(SFTKHashVerifyInfo);              \
+        if (info == NULL) {                               \
+            crv = CKR_HOST_MEMORY;                        \
+            break;                                        \
+        }                                                 \
+        info->hashOid = SEC_OID_##mmm;                    \
+        goto finish_rsa;
+
+    switch (pMechanism->mechanism) {
+        INIT_RSA_VFY_MECH(MD5)
+        INIT_RSA_VFY_MECH(MD2)
+        INIT_RSA_VFY_MECH(SHA1)
+        INIT_RSA_VFY_MECH(SHA224)
+        INIT_RSA_VFY_MECH(SHA256)
+        INIT_RSA_VFY_MECH(SHA384)
+        INIT_RSA_VFY_MECH(SHA512)
+
+        case CKM_RSA_PKCS:
+            context->verify = (SFTKVerify)sftk_RSACheckSign;
+            goto finish_rsa;
+        case CKM_RSA_X_509:
+            context->verify = (SFTKVerify)sftk_RSACheckSignRaw;
+        finish_rsa:
+            if (key_type != CKK_RSA) {
+                if (info)
+                    PORT_Free(info);
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            context->rsa = PR_TRUE;
+            pubKey = sftk_GetPubKey(key, CKK_RSA, &crv);
+            if (pubKey == NULL) {
+                if (info)
+                    PORT_Free(info);
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            if (info) {
+                info->key = pubKey;
+                context->cipherInfo = info;
+                context->destroy = sftk_Space;
+            } else {
+                context->cipherInfo = pubKey;
+                context->destroy = sftk_Null;
+            }
+            break;
+        case CKM_RSA_PKCS_PSS:
+            if (key_type != CKK_RSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            context->rsa = PR_TRUE;
+            if (pMechanism->ulParameterLen != sizeof(CK_RSA_PKCS_PSS_PARAMS) ||
+                !sftk_ValidatePssParams((const CK_RSA_PKCS_PSS_PARAMS *)pMechanism->pParameter)) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            info = PORT_New(SFTKHashVerifyInfo);
+            if (info == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            info->params = pMechanism->pParameter;
+            info->key = sftk_GetPubKey(key, CKK_RSA, &crv);
+            if (info->key == NULL) {
+                PORT_Free(info);
+                break;
+            }
+            context->cipherInfo = info;
+            context->destroy = (SFTKDestroy)sftk_Space;
+            context->verify = (SFTKVerify)sftk_RSACheckSignPSS;
+            break;
+        case CKM_DSA_SHA1:
+            context->multi = PR_TRUE;
+            crv = sftk_doSubSHA1(context);
+            if (crv != CKR_OK)
+                break;
+        /* fall through */
+        case CKM_DSA:
+            if (key_type != CKK_DSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            pubKey = sftk_GetPubKey(key, CKK_DSA, &crv);
+            if (pubKey == NULL) {
+                break;
+            }
+            context->cipherInfo = pubKey;
+            context->verify = (SFTKVerify)nsc_DSA_Verify_Stub;
+            context->destroy = sftk_Null;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case CKM_ECDSA_SHA1:
+            context->multi = PR_TRUE;
+            crv = sftk_doSubSHA1(context);
+            if (crv != CKR_OK)
+                break;
+        /* fall through */
+        case CKM_ECDSA:
+            if (key_type != CKK_EC) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            pubKey = sftk_GetPubKey(key, CKK_EC, &crv);
+            if (pubKey == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            context->cipherInfo = pubKey;
+            context->verify = (SFTKVerify)nsc_ECDSAVerifyStub;
+            context->destroy = sftk_Null;
+            break;
+#endif /* NSS_DISABLE_ECC */
+
+            INIT_HMAC_MECH(MD2)
+            INIT_HMAC_MECH(MD5)
+            INIT_HMAC_MECH(SHA224)
+            INIT_HMAC_MECH(SHA256)
+            INIT_HMAC_MECH(SHA384)
+            INIT_HMAC_MECH(SHA512)
+
+        case CKM_SHA_1_HMAC_GENERAL:
+            crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
+                                  *(CK_ULONG *)pMechanism->pParameter);
+            break;
+        case CKM_SHA_1_HMAC:
+            crv = sftk_doHMACInit(context, HASH_AlgSHA1, key, SHA1_LENGTH);
+            break;
+
+        case CKM_SSL3_MD5_MAC:
+            crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
+                                    *(CK_ULONG *)pMechanism->pParameter);
+            break;
+        case CKM_SSL3_SHA1_MAC:
+            crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
+                                    *(CK_ULONG *)pMechanism->pParameter);
+            break;
+        case CKM_TLS_PRF_GENERAL:
+            crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0);
+            break;
+        case CKM_NSS_TLS_PRF_GENERAL_SHA256:
+            crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0);
+            break;
+
+        default:
+            crv = CKR_MECHANISM_INVALID;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        if (info)
+            PORT_Free(info);
+        sftk_FreeContext(context);
+        sftk_FreeSession(session);
+        return crv;
+    }
+    sftk_SetContextByType(session, SFTK_VERIFY, context);
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_Verify verifies a signature in a single-part operation,
+ * where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature */
+CK_RV
+NSC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+           CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_VERIFY, PR_FALSE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    /* multi part Verifying are completely implemented by VerifyUpdate and
+     * VerifyFinal */
+    if (context->multi) {
+        /* VerifyFinal can't follow failed VerifyUpdate */
+        if (CKR_OK == (crv = NSC_VerifyUpdate(hSession, pData, ulDataLen)))
+            crv = NSC_VerifyFinal(hSession, pSignature, ulSignatureLen);
+    } else {
+        if (SECSuccess != (*context->verify)(context->cipherInfo, pSignature,
+                                             ulSignatureLen, pData, ulDataLen))
+            crv = sftk_MapCryptError(PORT_GetError());
+
+        sftk_TerminateOp(session, SFTK_VERIFY, context);
+    }
+    sftk_FreeSession(session);
+    return crv;
+}
+
+/* NSC_VerifyUpdate continues a multiple-part verification operation,
+ * where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature
+ *
+ * A call which results in an error terminates the operation [PKCS#11,v2.11]
+ */
+CK_RV
+NSC_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                 CK_ULONG ulPartLen)
+{
+    CHECK_FORK();
+    return sftk_MACUpdate(hSession, pPart, ulPartLen, SFTK_VERIFY);
+}
+
+/* NSC_VerifyFinal finishes a multiple-part verification operation,
+ * checking the signature. */
+CK_RV
+NSC_VerifyFinal(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    if (!pSignature)
+        return CKR_ARGUMENTS_BAD;
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_VERIFY, PR_TRUE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    if (context->hashInfo) {
+        unsigned int digestLen;
+        unsigned char tmpbuf[SFTK_MAX_MAC_LENGTH];
+
+        (*context->end)(context->hashInfo, tmpbuf, &digestLen, sizeof(tmpbuf));
+        if (SECSuccess != (context->verify)(context->cipherInfo, pSignature,
+                                            ulSignatureLen, tmpbuf, digestLen))
+            crv = sftk_MapCryptError(PORT_GetError());
+    } else if (ulSignatureLen != context->macSize) {
+        /* must be block cipher MACing */
+        crv = CKR_SIGNATURE_LEN_RANGE;
+    } else if (CKR_OK == (crv = sftk_MACFinal(context))) {
+        if (PORT_Memcmp(pSignature, context->macBuf, ulSignatureLen))
+            crv = CKR_SIGNATURE_INVALID;
+    }
+
+    sftk_TerminateOp(session, SFTK_VERIFY, context);
+    sftk_FreeSession(session);
+    return crv;
+}
+
+/*
+ ************** Crypto Functions:     Verify  Recover ************************
+ */
+static SECStatus
+sftk_RSACheckSignRecover(NSSLOWKEYPublicKey *key, unsigned char *data,
+                         unsigned int *dataLen, unsigned int maxDataLen,
+                         const unsigned char *sig, unsigned int sigLen)
+{
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return RSA_CheckSignRecover(&key->u.rsa, data, dataLen, maxDataLen,
+                                sig, sigLen);
+}
+
+static SECStatus
+sftk_RSACheckSignRecoverRaw(NSSLOWKEYPublicKey *key, unsigned char *data,
+                            unsigned int *dataLen, unsigned int maxDataLen,
+                            const unsigned char *sig, unsigned int sigLen)
+{
+    PORT_Assert(key->keyType == NSSLOWKEYRSAKey);
+    if (key->keyType != NSSLOWKEYRSAKey) {
+        PORT_SetError(SEC_ERROR_INVALID_KEY);
+        return SECFailure;
+    }
+
+    return RSA_CheckSignRecoverRaw(&key->u.rsa, data, dataLen, maxDataLen,
+                                   sig, sigLen);
+}
+
+/* NSC_VerifyRecoverInit initializes a signature verification operation,
+ * where the data is recovered from the signature.
+ * E.g. Decryption with the user's public key */
+CK_RV
+NSC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
+                      CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
+    SFTKSession *session;
+    SFTKObject *key;
+    SFTKSessionContext *context;
+    CK_KEY_TYPE key_type;
+    CK_RV crv = CKR_OK;
+    NSSLOWKEYPublicKey *pubKey;
+
+    CHECK_FORK();
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+    crv = sftk_InitGeneric(session, &context, SFTK_VERIFY_RECOVER,
+                           &key, hKey, &key_type, CKO_PUBLIC_KEY, CKA_VERIFY_RECOVER);
+    if (crv != CKR_OK) {
+        sftk_FreeSession(session);
+        return crv;
+    }
+
+    context->multi = PR_TRUE;
+
+    switch (pMechanism->mechanism) {
+        case CKM_RSA_PKCS:
+        case CKM_RSA_X_509:
+            if (key_type != CKK_RSA) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            context->multi = PR_FALSE;
+            context->rsa = PR_TRUE;
+            pubKey = sftk_GetPubKey(key, CKK_RSA, &crv);
+            if (pubKey == NULL) {
+                break;
+            }
+            context->cipherInfo = pubKey;
+            context->update = (SFTKCipher)(pMechanism->mechanism == CKM_RSA_X_509
+                                               ? sftk_RSACheckSignRecoverRaw
+                                               : sftk_RSACheckSignRecover);
+            context->destroy = sftk_Null;
+            break;
+        default:
+            crv = CKR_MECHANISM_INVALID;
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        PORT_Free(context);
+        sftk_FreeSession(session);
+        return crv;
+    }
+    sftk_SetContextByType(session, SFTK_VERIFY_RECOVER, context);
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+/* NSC_VerifyRecover verifies a signature in a single-part operation,
+ * where the data is recovered from the signature.
+ * E.g. Decryption with the user's public key */
+CK_RV
+NSC_VerifyRecover(CK_SESSION_HANDLE hSession,
+                  CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
+                  CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+    SFTKSession *session;
+    SFTKSessionContext *context;
+    unsigned int outlen;
+    unsigned int maxoutlen = *pulDataLen;
+    CK_RV crv;
+    SECStatus rv;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_VERIFY_RECOVER,
+                          PR_FALSE, &session);
+    if (crv != CKR_OK)
+        return crv;
+    if (pData == NULL) {
+        /* to return the actual size, we need  to do the decrypt, just return
+         * the max size, which is the size of the input signature. */
+        *pulDataLen = ulSignatureLen;
+        rv = SECSuccess;
+        goto finish;
+    }
+
+    rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen,
+                            pSignature, ulSignatureLen);
+    *pulDataLen = (CK_ULONG)outlen;
+
+    sftk_TerminateOp(session, SFTK_VERIFY_RECOVER, context);
+finish:
+    sftk_FreeSession(session);
+    return (rv == SECSuccess) ? CKR_OK : sftk_MapVerifyError(PORT_GetError());
+}
+
+/*
+ **************************** Random Functions:  ************************
+ */
+
+/* NSC_SeedRandom mixes additional seed material into the token's random number
+ * generator. */
+CK_RV
+NSC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
+               CK_ULONG ulSeedLen)
+{
+    SECStatus rv;
+
+    CHECK_FORK();
+
+    rv = RNG_RandomUpdate(pSeed, ulSeedLen);
+    return (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
+}
+
+/* NSC_GenerateRandom generates random data. */
+CK_RV
+NSC_GenerateRandom(CK_SESSION_HANDLE hSession,
+                   CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
+{
+    SECStatus rv;
+
+    CHECK_FORK();
+
+    rv = RNG_GenerateGlobalRandomBytes(pRandomData, ulRandomLen);
+    /*
+     * This may fail with SEC_ERROR_NEED_RANDOM, which means the RNG isn't
+     * seeded with enough entropy.
+     */
+    return (rv == SECSuccess) ? CKR_OK : sftk_MapCryptError(PORT_GetError());
+}
+
+/*
+ **************************** Key Functions:  ************************
+ */
+
+/*
+ * generate a password based encryption key. This code uses
+ * PKCS5 to do the work.
+ */
+static CK_RV
+nsc_pbe_key_gen(NSSPKCS5PBEParameter *pkcs5_pbe, CK_MECHANISM_PTR pMechanism,
+                void *buf, CK_ULONG *key_length, PRBool faulty3DES)
+{
+    SECItem *pbe_key = NULL, iv, pwitem;
+    CK_PBE_PARAMS *pbe_params = NULL;
+    CK_PKCS5_PBKD2_PARAMS *pbkd2_params = NULL;
+
+    *key_length = 0;
+    iv.data = NULL;
+    iv.len = 0;
+
+    if (pMechanism->mechanism == CKM_PKCS5_PBKD2) {
+        pbkd2_params = (CK_PKCS5_PBKD2_PARAMS *)pMechanism->pParameter;
+        pwitem.data = (unsigned char *)pbkd2_params->pPassword;
+        /* was this a typo in the PKCS #11 spec? */
+        pwitem.len = *pbkd2_params->ulPasswordLen;
+    } else {
+        pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
+        pwitem.data = (unsigned char *)pbe_params->pPassword;
+        pwitem.len = pbe_params->ulPasswordLen;
+    }
+    pbe_key = nsspkcs5_ComputeKeyAndIV(pkcs5_pbe, &pwitem, &iv, faulty3DES);
+    if (pbe_key == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    PORT_Memcpy(buf, pbe_key->data, pbe_key->len);
+    *key_length = pbe_key->len;
+    SECITEM_ZfreeItem(pbe_key, PR_TRUE);
+    pbe_key = NULL;
+
+    if (iv.data) {
+        if (pbe_params && pbe_params->pInitVector != NULL) {
+            PORT_Memcpy(pbe_params->pInitVector, iv.data, iv.len);
+        }
+        PORT_Free(iv.data);
+    }
+
+    return CKR_OK;
+}
+
+/*
+ * this is coded for "full" support. These selections will be limitted to
+ * the official subset by freebl.
+ */
+static unsigned int
+sftk_GetSubPrimeFromPrime(unsigned int primeBits)
+{
+    if (primeBits <= 1024) {
+        return 160;
+    } else if (primeBits <= 2048) {
+        return 224;
+    } else if (primeBits <= 3072) {
+        return 256;
+    } else if (primeBits <= 7680) {
+        return 384;
+    } else {
+        return 512;
+    }
+}
+
+static CK_RV
+nsc_parameter_gen(CK_KEY_TYPE key_type, SFTKObject *key)
+{
+    SFTKAttribute *attribute;
+    CK_ULONG counter;
+    unsigned int seedBits = 0;
+    unsigned int subprimeBits = 0;
+    unsigned int primeBits;
+    unsigned int j = 8; /* default to 1024 bits */
+    CK_RV crv = CKR_OK;
+    PQGParams *params = NULL;
+    PQGVerify *vfy = NULL;
+    SECStatus rv;
+
+    attribute = sftk_FindAttribute(key, CKA_PRIME_BITS);
+    if (attribute == NULL) {
+        attribute = sftk_FindAttribute(key, CKA_PRIME);
+        if (attribute == NULL) {
+            return CKR_TEMPLATE_INCOMPLETE;
+        } else {
+            primeBits = attribute->attrib.ulValueLen;
+            sftk_FreeAttribute(attribute);
+        }
+    } else {
+        primeBits = (unsigned int)*(CK_ULONG *)attribute->attrib.pValue;
+        sftk_FreeAttribute(attribute);
+    }
+    if (primeBits < 1024) {
+        j = PQG_PBITS_TO_INDEX(primeBits);
+        if (j == (unsigned int)-1) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
+    }
+
+    attribute = sftk_FindAttribute(key, CKA_NSS_PQG_SEED_BITS);
+    if (attribute != NULL) {
+        seedBits = (unsigned int)*(CK_ULONG *)attribute->attrib.pValue;
+        sftk_FreeAttribute(attribute);
+    }
+
+    attribute = sftk_FindAttribute(key, CKA_SUBPRIME_BITS);
+    if (attribute != NULL) {
+        subprimeBits = (unsigned int)*(CK_ULONG *)attribute->attrib.pValue;
+        sftk_FreeAttribute(attribute);
+    }
+
+    /* if P and Q are supplied, we want to generate a new G */
+    attribute = sftk_FindAttribute(key, CKA_PRIME);
+    if (attribute != NULL) {
+        PLArenaPool *arena;
+
+        sftk_FreeAttribute(attribute);
+        arena = PORT_NewArena(1024);
+        if (arena == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        params = PORT_ArenaAlloc(arena, sizeof(*params));
+        if (params == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        params->arena = arena;
+        crv = sftk_Attribute2SSecItem(arena, &params->prime, key, CKA_PRIME);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        crv = sftk_Attribute2SSecItem(arena, &params->subPrime,
+                                      key, CKA_SUBPRIME);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+
+        arena = PORT_NewArena(1024);
+        if (arena == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        vfy = PORT_ArenaAlloc(arena, sizeof(*vfy));
+        if (vfy == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        vfy->arena = arena;
+        crv = sftk_Attribute2SSecItem(arena, &vfy->seed, key, CKA_NSS_PQG_SEED);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        crv = sftk_Attribute2SSecItem(arena, &vfy->h, key, CKA_NSS_PQG_H);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        sftk_DeleteAttributeType(key, CKA_PRIME);
+        sftk_DeleteAttributeType(key, CKA_SUBPRIME);
+        sftk_DeleteAttributeType(key, CKA_NSS_PQG_SEED);
+        sftk_DeleteAttributeType(key, CKA_NSS_PQG_H);
+    }
+
+    sftk_DeleteAttributeType(key, CKA_PRIME_BITS);
+    sftk_DeleteAttributeType(key, CKA_SUBPRIME_BITS);
+    sftk_DeleteAttributeType(key, CKA_NSS_PQG_SEED_BITS);
+
+    /* use the old PQG interface if we have old input data */
+    if ((primeBits < 1024) || ((primeBits == 1024) && (subprimeBits == 0))) {
+        if (seedBits == 0) {
+            rv = PQG_ParamGen(j, &params, &vfy);
+        } else {
+            rv = PQG_ParamGenSeedLen(j, seedBits / 8, &params, &vfy);
+        }
+    } else {
+        if (subprimeBits == 0) {
+            subprimeBits = sftk_GetSubPrimeFromPrime(primeBits);
+        }
+        if (seedBits == 0) {
+            seedBits = primeBits;
+        }
+        rv = PQG_ParamGenV2(primeBits, subprimeBits, seedBits / 8, &params, &vfy);
+    }
+
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+            sftk_fatalError = PR_TRUE;
+        }
+        return sftk_MapCryptError(PORT_GetError());
+    }
+    crv = sftk_AddAttributeType(key, CKA_PRIME,
+                                params->prime.data, params->prime.len);
+    if (crv != CKR_OK)
+        goto loser;
+    crv = sftk_AddAttributeType(key, CKA_SUBPRIME,
+                                params->subPrime.data, params->subPrime.len);
+    if (crv != CKR_OK)
+        goto loser;
+    crv = sftk_AddAttributeType(key, CKA_BASE,
+                                params->base.data, params->base.len);
+    if (crv != CKR_OK)
+        goto loser;
+    counter = vfy->counter;
+    crv = sftk_AddAttributeType(key, CKA_NSS_PQG_COUNTER,
+                                &counter, sizeof(counter));
+    crv = sftk_AddAttributeType(key, CKA_NSS_PQG_SEED,
+                                vfy->seed.data, vfy->seed.len);
+    if (crv != CKR_OK)
+        goto loser;
+    crv = sftk_AddAttributeType(key, CKA_NSS_PQG_H,
+                                vfy->h.data, vfy->h.len);
+    if (crv != CKR_OK)
+        goto loser;
+
+loser:
+    if (params) {
+        PQG_DestroyParams(params);
+    }
+
+    if (vfy) {
+        PQG_DestroyVerify(vfy);
+    }
+    return crv;
+}
+
+static CK_RV
+nsc_SetupBulkKeyGen(CK_MECHANISM_TYPE mechanism, CK_KEY_TYPE *key_type,
+                    CK_ULONG *key_length)
+{
+    CK_RV crv = CKR_OK;
+
+    switch (mechanism) {
+        case CKM_RC2_KEY_GEN:
+            *key_type = CKK_RC2;
+            if (*key_length == 0)
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            break;
+#if NSS_SOFTOKEN_DOES_RC5
+        case CKM_RC5_KEY_GEN:
+            *key_type = CKK_RC5;
+            if (*key_length == 0)
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            break;
+#endif
+        case CKM_RC4_KEY_GEN:
+            *key_type = CKK_RC4;
+            if (*key_length == 0)
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            break;
+        case CKM_GENERIC_SECRET_KEY_GEN:
+            *key_type = CKK_GENERIC_SECRET;
+            if (*key_length == 0)
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            break;
+        case CKM_CDMF_KEY_GEN:
+            *key_type = CKK_CDMF;
+            *key_length = 8;
+            break;
+        case CKM_DES_KEY_GEN:
+            *key_type = CKK_DES;
+            *key_length = 8;
+            break;
+        case CKM_DES2_KEY_GEN:
+            *key_type = CKK_DES2;
+            *key_length = 16;
+            break;
+        case CKM_DES3_KEY_GEN:
+            *key_type = CKK_DES3;
+            *key_length = 24;
+            break;
+        case CKM_SEED_KEY_GEN:
+            *key_type = CKK_SEED;
+            *key_length = 16;
+            break;
+        case CKM_CAMELLIA_KEY_GEN:
+            *key_type = CKK_CAMELLIA;
+            if (*key_length == 0)
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            break;
+        case CKM_AES_KEY_GEN:
+            *key_type = CKK_AES;
+            if (*key_length == 0)
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            break;
+        case CKM_NSS_CHACHA20_KEY_GEN:
+            *key_type = CKK_NSS_CHACHA20;
+            if (*key_length == 0)
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            break;
+        default:
+            PORT_Assert(0);
+            crv = CKR_MECHANISM_INVALID;
+            break;
+    }
+
+    return crv;
+}
+
+CK_RV
+nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter **pbe)
+{
+    SECItem salt;
+    CK_PBE_PARAMS *pbe_params = NULL;
+    NSSPKCS5PBEParameter *params;
+    PLArenaPool *arena = NULL;
+    SECStatus rv;
+
+    *pbe = NULL;
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    params = (NSSPKCS5PBEParameter *)PORT_ArenaZAlloc(arena,
+                                                      sizeof(NSSPKCS5PBEParameter));
+    if (params == NULL) {
+        PORT_FreeArena(arena, PR_TRUE);
+        return CKR_HOST_MEMORY;
+    }
+
+    params->poolp = arena;
+    params->ivLen = 0;
+    params->pbeType = NSSPKCS5_PKCS12_V2;
+    params->hashType = HASH_AlgSHA1;
+    params->encAlg = SEC_OID_SHA1; /* any invalid value */
+    params->is2KeyDES = PR_FALSE;
+    params->keyID = pbeBitGenIntegrityKey;
+    pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
+    params->iter = pbe_params->ulIteration;
+
+    salt.data = (unsigned char *)pbe_params->pSalt;
+    salt.len = (unsigned int)pbe_params->ulSaltLen;
+    salt.type = siBuffer;
+    rv = SECITEM_CopyItem(arena, &params->salt, &salt);
+    if (rv != SECSuccess) {
+        PORT_FreeArena(arena, PR_TRUE);
+        return CKR_HOST_MEMORY;
+    }
+    switch (pMechanism->mechanism) {
+        case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+        case CKM_PBA_SHA1_WITH_SHA1_HMAC:
+            params->hashType = HASH_AlgSHA1;
+            params->keyLen = 20;
+            break;
+        case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+            params->hashType = HASH_AlgMD5;
+            params->keyLen = 16;
+            break;
+        case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+            params->hashType = HASH_AlgMD2;
+            params->keyLen = 16;
+            break;
+        case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
+            params->hashType = HASH_AlgSHA224;
+            params->keyLen = 28;
+            break;
+        case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
+            params->hashType = HASH_AlgSHA256;
+            params->keyLen = 32;
+            break;
+        case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
+            params->hashType = HASH_AlgSHA384;
+            params->keyLen = 48;
+            break;
+        case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
+            params->hashType = HASH_AlgSHA512;
+            params->keyLen = 64;
+            break;
+        default:
+            PORT_FreeArena(arena, PR_TRUE);
+            return CKR_MECHANISM_INVALID;
+    }
+    *pbe = params;
+    return CKR_OK;
+}
+
+/* maybe this should be table driven? */
+static CK_RV
+nsc_SetupPBEKeyGen(CK_MECHANISM_PTR pMechanism, NSSPKCS5PBEParameter **pbe,
+                   CK_KEY_TYPE *key_type, CK_ULONG *key_length)
+{
+    CK_RV crv = CKR_OK;
+    SECOidData *oid;
+    CK_PBE_PARAMS *pbe_params = NULL;
+    NSSPKCS5PBEParameter *params = NULL;
+    HASH_HashType hashType = HASH_AlgSHA1;
+    CK_PKCS5_PBKD2_PARAMS *pbkd2_params = NULL;
+    SECItem salt;
+    CK_ULONG iteration = 0;
+
+    *pbe = NULL;
+
+    oid = SECOID_FindOIDByMechanism(pMechanism->mechanism);
+    if (oid == NULL) {
+        return CKR_MECHANISM_INVALID;
+    }
+
+    if (pMechanism->mechanism == CKM_PKCS5_PBKD2) {
+        pbkd2_params = (CK_PKCS5_PBKD2_PARAMS *)pMechanism->pParameter;
+        if (pbkd2_params == NULL) {
+            return CKR_MECHANISM_PARAM_INVALID;
+        }
+        switch (pbkd2_params->prf) {
+            case CKP_PKCS5_PBKD2_HMAC_SHA1:
+                hashType = HASH_AlgSHA1;
+                break;
+            case CKP_PKCS5_PBKD2_HMAC_SHA224:
+                hashType = HASH_AlgSHA224;
+                break;
+            case CKP_PKCS5_PBKD2_HMAC_SHA256:
+                hashType = HASH_AlgSHA256;
+                break;
+            case CKP_PKCS5_PBKD2_HMAC_SHA384:
+                hashType = HASH_AlgSHA384;
+                break;
+            case CKP_PKCS5_PBKD2_HMAC_SHA512:
+                hashType = HASH_AlgSHA512;
+                break;
+            default:
+                return CKR_MECHANISM_PARAM_INVALID;
+        }
+        if (pbkd2_params->saltSource != CKZ_SALT_SPECIFIED) {
+            return CKR_MECHANISM_PARAM_INVALID;
+        }
+        salt.data = (unsigned char *)pbkd2_params->pSaltSourceData;
+        salt.len = (unsigned int)pbkd2_params->ulSaltSourceDataLen;
+        iteration = pbkd2_params->iterations;
+    } else {
+        pbe_params = (CK_PBE_PARAMS *)pMechanism->pParameter;
+        salt.data = (unsigned char *)pbe_params->pSalt;
+        salt.len = (unsigned int)pbe_params->ulSaltLen;
+        iteration = pbe_params->ulIteration;
+    }
+    params = nsspkcs5_NewParam(oid->offset, hashType, &salt, iteration);
+    if (params == NULL) {
+        return CKR_MECHANISM_INVALID;
+    }
+
+    switch (params->encAlg) {
+        case SEC_OID_DES_CBC:
+            *key_type = CKK_DES;
+            *key_length = params->keyLen;
+            break;
+        case SEC_OID_DES_EDE3_CBC:
+            *key_type = params->is2KeyDES ? CKK_DES2 : CKK_DES3;
+            *key_length = params->keyLen;
+            break;
+        case SEC_OID_RC2_CBC:
+            *key_type = CKK_RC2;
+            *key_length = params->keyLen;
+            break;
+        case SEC_OID_RC4:
+            *key_type = CKK_RC4;
+            *key_length = params->keyLen;
+            break;
+        case SEC_OID_PKCS5_PBKDF2:
+            /* key type must already be set */
+            if (*key_type == CKK_INVALID_KEY_TYPE) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                break;
+            }
+            /* PBKDF2 needs to calculate the key length from the other parameters
+             */
+            if (*key_length == 0) {
+                *key_length = sftk_MapKeySize(*key_type);
+            }
+            if (*key_length == 0) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                break;
+            }
+            params->keyLen = *key_length;
+            break;
+        default:
+            crv = CKR_MECHANISM_INVALID;
+            nsspkcs5_DestroyPBEParameter(params);
+            break;
+    }
+    if (crv == CKR_OK) {
+        *pbe = params;
+    }
+    return crv;
+}
+
+/* NSC_GenerateKey generates a secret key, creating a new key object. */
+CK_RV
+NSC_GenerateKey(CK_SESSION_HANDLE hSession,
+                CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                CK_OBJECT_HANDLE_PTR phKey)
+{
+    SFTKObject *key;
+    SFTKSession *session;
+    PRBool checkWeak = PR_FALSE;
+    CK_ULONG key_length = 0;
+    CK_KEY_TYPE key_type = CKK_INVALID_KEY_TYPE;
+    CK_OBJECT_CLASS objclass = CKO_SECRET_KEY;
+    CK_RV crv = CKR_OK;
+    CK_BBOOL cktrue = CK_TRUE;
+    int i;
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    unsigned char buf[MAX_KEY_LEN];
+    enum { nsc_pbe,
+           nsc_ssl,
+           nsc_bulk,
+           nsc_param,
+           nsc_jpake } key_gen_type;
+    NSSPKCS5PBEParameter *pbe_param;
+    SSL3RSAPreMasterSecret *rsa_pms;
+    CK_VERSION *version;
+    /* in very old versions of NSS, there were implementation errors with key
+     * generation methods.  We want to beable to read these, but not
+     * produce them any more.  The affected algorithm was 3DES.
+     */
+    PRBool faultyPBE3DES = PR_FALSE;
+    HASH_HashType hashType = HASH_AlgNULL;
+
+    CHECK_FORK();
+
+    if (!slot) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * now lets create an object to hang the attributes off of
+     */
+    key = sftk_NewObject(slot); /* fill in the handle later */
+    if (key == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /*
+     * load the template values into the object
+     */
+    for (i = 0; i < (int)ulCount; i++) {
+        if (pTemplate[i].type == CKA_VALUE_LEN) {
+            key_length = *(CK_ULONG *)pTemplate[i].pValue;
+            continue;
+        }
+        /* some algorithms need keytype specified */
+        if (pTemplate[i].type == CKA_KEY_TYPE) {
+            key_type = *(CK_ULONG *)pTemplate[i].pValue;
+            continue;
+        }
+
+        crv = sftk_AddAttributeType(key, sftk_attr_expand(&pTemplate[i]));
+        if (crv != CKR_OK)
+            break;
+    }
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+
+    /* make sure we don't have any class, key_type, or value fields */
+    sftk_DeleteAttributeType(key, CKA_CLASS);
+    sftk_DeleteAttributeType(key, CKA_KEY_TYPE);
+    sftk_DeleteAttributeType(key, CKA_VALUE);
+
+    /* Now Set up the parameters to generate the key (based on mechanism) */
+    key_gen_type = nsc_bulk; /* bulk key by default */
+    switch (pMechanism->mechanism) {
+        case CKM_CDMF_KEY_GEN:
+        case CKM_DES_KEY_GEN:
+        case CKM_DES2_KEY_GEN:
+        case CKM_DES3_KEY_GEN:
+            checkWeak = PR_TRUE;
+        /* fall through */
+        case CKM_RC2_KEY_GEN:
+        case CKM_RC4_KEY_GEN:
+        case CKM_GENERIC_SECRET_KEY_GEN:
+        case CKM_SEED_KEY_GEN:
+        case CKM_CAMELLIA_KEY_GEN:
+        case CKM_AES_KEY_GEN:
+        case CKM_NSS_CHACHA20_KEY_GEN:
+#if NSS_SOFTOKEN_DOES_RC5
+        case CKM_RC5_KEY_GEN:
+#endif
+            crv = nsc_SetupBulkKeyGen(pMechanism->mechanism, &key_type, &key_length);
+            break;
+        case CKM_SSL3_PRE_MASTER_KEY_GEN:
+            key_type = CKK_GENERIC_SECRET;
+            key_length = 48;
+            key_gen_type = nsc_ssl;
+            break;
+        case CKM_PBA_SHA1_WITH_SHA1_HMAC:
+        case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
+        case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
+        case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
+        case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
+            key_gen_type = nsc_pbe;
+            key_type = CKK_GENERIC_SECRET;
+            crv = nsc_SetupHMACKeyGen(pMechanism, &pbe_param);
+            break;
+        case CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC:
+            faultyPBE3DES = PR_TRUE;
+        /* fall through */
+        case CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_DES_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC:
+        case CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4:
+        case CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4:
+        case CKM_PBE_SHA1_DES3_EDE_CBC:
+        case CKM_PBE_SHA1_DES2_EDE_CBC:
+        case CKM_PBE_SHA1_RC2_128_CBC:
+        case CKM_PBE_SHA1_RC2_40_CBC:
+        case CKM_PBE_SHA1_RC4_128:
+        case CKM_PBE_SHA1_RC4_40:
+        case CKM_PBE_MD5_DES_CBC:
+        case CKM_PBE_MD2_DES_CBC:
+        case CKM_PKCS5_PBKD2:
+            key_gen_type = nsc_pbe;
+            crv = nsc_SetupPBEKeyGen(pMechanism, &pbe_param, &key_type, &key_length);
+            break;
+        case CKM_DSA_PARAMETER_GEN:
+            key_gen_type = nsc_param;
+            key_type = CKK_DSA;
+            objclass = CKO_KG_PARAMETERS;
+            crv = CKR_OK;
+            break;
+        case CKM_NSS_JPAKE_ROUND1_SHA1:
+            hashType = HASH_AlgSHA1;
+            goto jpake1;
+        case CKM_NSS_JPAKE_ROUND1_SHA256:
+            hashType = HASH_AlgSHA256;
+            goto jpake1;
+        case CKM_NSS_JPAKE_ROUND1_SHA384:
+            hashType = HASH_AlgSHA384;
+            goto jpake1;
+        case CKM_NSS_JPAKE_ROUND1_SHA512:
+            hashType = HASH_AlgSHA512;
+            goto jpake1;
+        jpake1:
+            key_gen_type = nsc_jpake;
+            key_type = CKK_NSS_JPAKE_ROUND1;
+            objclass = CKO_PRIVATE_KEY;
+            if (pMechanism->pParameter == NULL ||
+                pMechanism->ulParameterLen != sizeof(CK_NSS_JPAKERound1Params)) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            if (sftk_isTrue(key, CKA_TOKEN)) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            crv = CKR_OK;
+            break;
+        default:
+            crv = CKR_MECHANISM_INVALID;
+            break;
+    }
+
+    /* make sure we aren't going to overflow the buffer */
+    if (sizeof(buf) < key_length) {
+        /* someone is getting pretty optimistic about how big their key can
+         * be... */
+        crv = CKR_TEMPLATE_INCONSISTENT;
+    }
+
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+
+    /* if there was no error,
+     * key_type *MUST* be set in the switch statement above */
+    PORT_Assert(key_type != CKK_INVALID_KEY_TYPE);
+
+    /*
+     * now to the actual key gen.
+     */
+    switch (key_gen_type) {
+        case nsc_pbe:
+            crv = nsc_pbe_key_gen(pbe_param, pMechanism, buf, &key_length,
+                                  faultyPBE3DES);
+            nsspkcs5_DestroyPBEParameter(pbe_param);
+            break;
+        case nsc_ssl:
+            rsa_pms = (SSL3RSAPreMasterSecret *)buf;
+            version = (CK_VERSION *)pMechanism->pParameter;
+            rsa_pms->client_version[0] = version->major;
+            rsa_pms->client_version[1] = version->minor;
+            crv =
+                NSC_GenerateRandom(0, &rsa_pms->random[0], sizeof(rsa_pms->random));
+            break;
+        case nsc_bulk:
+            /* get the key, check for weak keys and repeat if found */
+            do {
+                crv = NSC_GenerateRandom(0, buf, key_length);
+            } while (crv == CKR_OK && checkWeak && sftk_IsWeakKey(buf, key_type));
+            break;
+        case nsc_param:
+            /* generate parameters */
+            *buf = 0;
+            crv = nsc_parameter_gen(key_type, key);
+            break;
+        case nsc_jpake:
+            crv = jpake_Round1(hashType,
+                               (CK_NSS_JPAKERound1Params *)pMechanism->pParameter,
+                               key);
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+
+    /* Add the class, key_type, and value */
+    crv = sftk_AddAttributeType(key, CKA_CLASS, &objclass, sizeof(CK_OBJECT_CLASS));
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+    crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &key_type, sizeof(CK_KEY_TYPE));
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+    if (key_length != 0) {
+        crv = sftk_AddAttributeType(key, CKA_VALUE, buf, key_length);
+        if (crv != CKR_OK) {
+            sftk_FreeObject(key);
+            return crv;
+        }
+    }
+
+    /* get the session */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        sftk_FreeObject(key);
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    /*
+     * handle the base object stuff
+     */
+    crv = sftk_handleObject(key, session);
+    sftk_FreeSession(session);
+    if (crv == CKR_OK && sftk_isTrue(key, CKA_SENSITIVE)) {
+        crv = sftk_forceAttribute(key, CKA_ALWAYS_SENSITIVE, &cktrue, sizeof(CK_BBOOL));
+    }
+    if (crv == CKR_OK && !sftk_isTrue(key, CKA_EXTRACTABLE)) {
+        crv = sftk_forceAttribute(key, CKA_NEVER_EXTRACTABLE, &cktrue, sizeof(CK_BBOOL));
+    }
+    if (crv == CKR_OK) {
+        *phKey = key->handle;
+    }
+    sftk_FreeObject(key);
+    return crv;
+}
+
+#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
+#define PAIRWISE_MESSAGE_LENGTH 20         /* 160-bits */
+
+/*
+ * FIPS 140-2 pairwise consistency check utilized to validate key pair.
+ *
+ * This function returns
+ *   CKR_OK               if pairwise consistency check passed
+ *   CKR_GENERAL_ERROR    if pairwise consistency check failed
+ *   other error codes    if paiswise consistency check could not be
+ *                        performed, for example, CKR_HOST_MEMORY.
+ */
+static CK_RV
+sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
+                              SFTKObject *publicKey, SFTKObject *privateKey, CK_KEY_TYPE keyType)
+{
+    /*
+     *                      Key type    Mechanism type
+     *                      --------------------------------
+     * For encrypt/decrypt: CKK_RSA  => CKM_RSA_PKCS
+     *                      others   => CKM_INVALID_MECHANISM
+     *
+     * For sign/verify:     CKK_RSA  => CKM_RSA_PKCS
+     *                      CKK_DSA  => CKM_DSA
+     *                      CKK_EC   => CKM_ECDSA
+     *                      others   => CKM_INVALID_MECHANISM
+     *
+     * None of these mechanisms has a parameter.
+     */
+    CK_MECHANISM mech = { 0, NULL, 0 };
+
+    CK_ULONG modulusLen = 0;
+    CK_ULONG subPrimeLen = 0;
+    PRBool isEncryptable = PR_FALSE;
+    PRBool canSignVerify = PR_FALSE;
+    PRBool isDerivable = PR_FALSE;
+    CK_RV crv;
+
+    /* Variables used for Encrypt/Decrypt functions. */
+    unsigned char *known_message = (unsigned char *)"Known Crypto Message";
+    unsigned char plaintext[PAIRWISE_MESSAGE_LENGTH];
+    CK_ULONG bytes_decrypted;
+    unsigned char *ciphertext;
+    unsigned char *text_compared;
+    CK_ULONG bytes_encrypted;
+    CK_ULONG bytes_compared;
+    CK_ULONG pairwise_digest_length = PAIRWISE_DIGEST_LENGTH;
+
+    /* Variables used for Signature/Verification functions. */
+    /* Must be at least 256 bits for DSA2 digest */
+    unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
+    unsigned char *signature;
+    CK_ULONG signature_length;
+
+    if (keyType == CKK_RSA) {
+        SFTKAttribute *attribute;
+
+        /* Get modulus length of private key. */
+        attribute = sftk_FindAttribute(privateKey, CKA_MODULUS);
+        if (attribute == NULL) {
+            return CKR_DEVICE_ERROR;
+        }
+        modulusLen = attribute->attrib.ulValueLen;
+        if (*(unsigned char *)attribute->attrib.pValue == 0) {
+            modulusLen--;
+        }
+        sftk_FreeAttribute(attribute);
+    } else if (keyType == CKK_DSA) {
+        SFTKAttribute *attribute;
+
+        /* Get subprime length of private key. */
+        attribute = sftk_FindAttribute(privateKey, CKA_SUBPRIME);
+        if (attribute == NULL) {
+            return CKR_DEVICE_ERROR;
+        }
+        subPrimeLen = attribute->attrib.ulValueLen;
+        if (subPrimeLen > 1 && *(unsigned char *)attribute->attrib.pValue == 0) {
+            subPrimeLen--;
+        }
+        sftk_FreeAttribute(attribute);
+    }
+
+    /**************************************************/
+    /* Pairwise Consistency Check of Encrypt/Decrypt. */
+    /**************************************************/
+
+    isEncryptable = sftk_isTrue(privateKey, CKA_DECRYPT);
+
+    /*
+     * If the decryption attribute is set, attempt to encrypt
+     * with the public key and decrypt with the private key.
+     */
+    if (isEncryptable) {
+        if (keyType != CKK_RSA) {
+            return CKR_DEVICE_ERROR;
+        }
+        bytes_encrypted = modulusLen;
+        mech.mechanism = CKM_RSA_PKCS;
+
+        /* Allocate space for ciphertext. */
+        ciphertext = (unsigned char *)PORT_ZAlloc(bytes_encrypted);
+        if (ciphertext == NULL) {
+            return CKR_HOST_MEMORY;
+        }
+
+        /* Prepare for encryption using the public key. */
+        crv = NSC_EncryptInit(hSession, &mech, publicKey->handle);
+        if (crv != CKR_OK) {
+            PORT_Free(ciphertext);
+            return crv;
+        }
+
+        /* Encrypt using the public key. */
+        crv = NSC_Encrypt(hSession,
+                          known_message,
+                          PAIRWISE_MESSAGE_LENGTH,
+                          ciphertext,
+                          &bytes_encrypted);
+        if (crv != CKR_OK) {
+            PORT_Free(ciphertext);
+            return crv;
+        }
+
+        /* Always use the smaller of these two values . . . */
+        bytes_compared = PR_MIN(bytes_encrypted, PAIRWISE_MESSAGE_LENGTH);
+
+        /*
+         * If there was a failure, the plaintext
+         * goes at the end, therefore . . .
+         */
+        text_compared = ciphertext + bytes_encrypted - bytes_compared;
+
+        /*
+         * Check to ensure that ciphertext does
+         * NOT EQUAL known input message text
+         * per FIPS PUB 140-2 directive.
+         */
+        if (PORT_Memcmp(text_compared, known_message,
+                        bytes_compared) == 0) {
+            /* Set error to Invalid PRIVATE Key. */
+            PORT_SetError(SEC_ERROR_INVALID_KEY);
+            PORT_Free(ciphertext);
+            return CKR_GENERAL_ERROR;
+        }
+
+        /* Prepare for decryption using the private key. */
+        crv = NSC_DecryptInit(hSession, &mech, privateKey->handle);
+        if (crv != CKR_OK) {
+            PORT_Free(ciphertext);
+            return crv;
+        }
+
+        memset(plaintext, 0, PAIRWISE_MESSAGE_LENGTH);
+
+        /*
+         * Initialize bytes decrypted to be the
+         * expected PAIRWISE_MESSAGE_LENGTH.
+         */
+        bytes_decrypted = PAIRWISE_MESSAGE_LENGTH;
+
+        /*
+         * Decrypt using the private key.
+         * NOTE:  No need to reset the
+         *        value of bytes_encrypted.
+         */
+        crv = NSC_Decrypt(hSession,
+                          ciphertext,
+                          bytes_encrypted,
+                          plaintext,
+                          &bytes_decrypted);
+
+        /* Finished with ciphertext; free it. */
+        PORT_Free(ciphertext);
+
+        if (crv != CKR_OK) {
+            return crv;
+        }
+
+        /*
+         * Check to ensure that the output plaintext
+         * does EQUAL known input message text.
+         */
+        if ((bytes_decrypted != PAIRWISE_MESSAGE_LENGTH) ||
+            (PORT_Memcmp(plaintext, known_message,
+                         PAIRWISE_MESSAGE_LENGTH) != 0)) {
+            /* Set error to Bad PUBLIC Key. */
+            PORT_SetError(SEC_ERROR_BAD_KEY);
+            return CKR_GENERAL_ERROR;
+        }
+    }
+
+    /**********************************************/
+    /* Pairwise Consistency Check of Sign/Verify. */
+    /**********************************************/
+
+    canSignVerify = sftk_isTrue(privateKey, CKA_SIGN);
+    /* Unfortunately CKA_SIGN is always true in lg dbs. We have to check the
+     * actual curve to determine if we can do sign/verify. */
+    if (canSignVerify && keyType == CKK_EC) {
+        NSSLOWKEYPrivateKey *privKey = sftk_GetPrivKey(privateKey, CKK_EC, &crv);
+        if (privKey && privKey->u.ec.ecParams.name == ECCurve25519) {
+            canSignVerify = PR_FALSE;
+        }
+    }
+
+    if (canSignVerify) {
+        /* Determine length of signature. */
+        switch (keyType) {
+            case CKK_RSA:
+                signature_length = modulusLen;
+                mech.mechanism = CKM_RSA_PKCS;
+                break;
+            case CKK_DSA:
+                signature_length = DSA_MAX_SIGNATURE_LEN;
+                pairwise_digest_length = subPrimeLen;
+                mech.mechanism = CKM_DSA;
+                break;
+#ifndef NSS_DISABLE_ECC
+            case CKK_EC:
+                signature_length = MAX_ECKEY_LEN * 2;
+                mech.mechanism = CKM_ECDSA;
+                break;
+#endif
+            default:
+                return CKR_DEVICE_ERROR;
+        }
+
+        /* Allocate space for signature data. */
+        signature = (unsigned char *)PORT_ZAlloc(signature_length);
+        if (signature == NULL) {
+            return CKR_HOST_MEMORY;
+        }
+
+        /* Sign the known hash using the private key. */
+        crv = NSC_SignInit(hSession, &mech, privateKey->handle);
+        if (crv != CKR_OK) {
+            PORT_Free(signature);
+            return crv;
+        }
+
+        crv = NSC_Sign(hSession,
+                       known_digest,
+                       pairwise_digest_length,
+                       signature,
+                       &signature_length);
+        if (crv != CKR_OK) {
+            PORT_Free(signature);
+            return crv;
+        }
+
+        /* Verify the known hash using the public key. */
+        crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
+        if (crv != CKR_OK) {
+            PORT_Free(signature);
+            return crv;
+        }
+
+        crv = NSC_Verify(hSession,
+                         known_digest,
+                         pairwise_digest_length,
+                         signature,
+                         signature_length);
+
+        /* Free signature data. */
+        PORT_Free(signature);
+
+        if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
+            (crv == CKR_SIGNATURE_INVALID)) {
+            return CKR_GENERAL_ERROR;
+        }
+        if (crv != CKR_OK) {
+            return crv;
+        }
+    }
+
+    /**********************************************/
+    /* Pairwise Consistency Check for Derivation  */
+    /**********************************************/
+
+    isDerivable = sftk_isTrue(privateKey, CKA_DERIVE);
+
+    if (isDerivable) {
+        /*
+         * We are not doing consistency check for Diffie-Hellman Key -
+         * otherwise it would be here
+         * This is also true for Elliptic Curve Diffie-Hellman keys
+         * NOTE: EC keys are currently subjected to pairwise
+         * consistency check for signing/verification.
+         */
+        /*
+         * FIPS 140-2 had the following pairwise consistency test for
+         * public and private keys used for key agreement:
+         *   If the keys are used to perform key agreement, then the
+         *   cryptographic module shall create a second, compatible
+         *   key pair.  The cryptographic module shall perform both
+         *   sides of the key agreement algorithm and shall compare
+         *   the resulting shared values.  If the shared values are
+         *   not equal, the test shall fail.
+         * This test was removed in Change Notice 3.
+         */
+    }
+
+    return CKR_OK;
+}
+
+/* NSC_GenerateKeyPair generates a public-key/private-key pair,
+ * creating new key objects. */
+CK_RV
+NSC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+                    CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+                    CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
+                    CK_OBJECT_HANDLE_PTR phPrivateKey)
+{
+    SFTKObject *publicKey, *privateKey;
+    SFTKSession *session;
+    CK_KEY_TYPE key_type;
+    CK_RV crv = CKR_OK;
+    CK_BBOOL cktrue = CK_TRUE;
+    SECStatus rv;
+    CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY;
+    CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
+    int i;
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    unsigned int bitSize;
+
+    /* RSA */
+    int public_modulus_bits = 0;
+    SECItem pubExp;
+    RSAPrivateKey *rsaPriv;
+
+    /* DSA */
+    PQGParams pqgParam;
+    DHParams dhParam;
+    DSAPrivateKey *dsaPriv;
+
+    /* Diffie Hellman */
+    DHPrivateKey *dhPriv;
+
+#ifndef NSS_DISABLE_ECC
+    /* Elliptic Curve Cryptography */
+    SECItem ecEncodedParams; /* DER Encoded parameters */
+    ECPrivateKey *ecPriv;
+    ECParams *ecParams;
+#endif /* NSS_DISABLE_ECC */
+
+    CHECK_FORK();
+
+    if (!slot) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * now lets create an object to hang the attributes off of
+     */
+    publicKey = sftk_NewObject(slot); /* fill in the handle later */
+    if (publicKey == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /*
+     * load the template values into the publicKey
+     */
+    for (i = 0; i < (int)ulPublicKeyAttributeCount; i++) {
+        if (pPublicKeyTemplate[i].type == CKA_MODULUS_BITS) {
+            public_modulus_bits = *(CK_ULONG *)pPublicKeyTemplate[i].pValue;
+            continue;
+        }
+
+        crv = sftk_AddAttributeType(publicKey,
+                                    sftk_attr_expand(&pPublicKeyTemplate[i]));
+        if (crv != CKR_OK)
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        sftk_FreeObject(publicKey);
+        return CKR_HOST_MEMORY;
+    }
+
+    privateKey = sftk_NewObject(slot); /* fill in the handle later */
+    if (privateKey == NULL) {
+        sftk_FreeObject(publicKey);
+        return CKR_HOST_MEMORY;
+    }
+    /*
+     * now load the private key template
+     */
+    for (i = 0; i < (int)ulPrivateKeyAttributeCount; i++) {
+        if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) {
+            continue;
+        }
+
+        crv = sftk_AddAttributeType(privateKey,
+                                    sftk_attr_expand(&pPrivateKeyTemplate[i]));
+        if (crv != CKR_OK)
+            break;
+    }
+
+    if (crv != CKR_OK) {
+        sftk_FreeObject(publicKey);
+        sftk_FreeObject(privateKey);
+        return CKR_HOST_MEMORY;
+    }
+    sftk_DeleteAttributeType(privateKey, CKA_CLASS);
+    sftk_DeleteAttributeType(privateKey, CKA_KEY_TYPE);
+    sftk_DeleteAttributeType(privateKey, CKA_VALUE);
+    sftk_DeleteAttributeType(publicKey, CKA_CLASS);
+    sftk_DeleteAttributeType(publicKey, CKA_KEY_TYPE);
+    sftk_DeleteAttributeType(publicKey, CKA_VALUE);
+
+    /* Now Set up the parameters to generate the key (based on mechanism) */
+    switch (pMechanism->mechanism) {
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+            /* format the keys */
+            sftk_DeleteAttributeType(publicKey, CKA_MODULUS);
+            sftk_DeleteAttributeType(privateKey, CKA_NETSCAPE_DB);
+            sftk_DeleteAttributeType(privateKey, CKA_MODULUS);
+            sftk_DeleteAttributeType(privateKey, CKA_PRIVATE_EXPONENT);
+            sftk_DeleteAttributeType(privateKey, CKA_PUBLIC_EXPONENT);
+            sftk_DeleteAttributeType(privateKey, CKA_PRIME_1);
+            sftk_DeleteAttributeType(privateKey, CKA_PRIME_2);
+            sftk_DeleteAttributeType(privateKey, CKA_EXPONENT_1);
+            sftk_DeleteAttributeType(privateKey, CKA_EXPONENT_2);
+            sftk_DeleteAttributeType(privateKey, CKA_COEFFICIENT);
+            key_type = CKK_RSA;
+            if (public_modulus_bits == 0) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                break;
+            }
+            if (public_modulus_bits < RSA_MIN_MODULUS_BITS) {
+                crv = CKR_ATTRIBUTE_VALUE_INVALID;
+                break;
+            }
+            if (public_modulus_bits % 2 != 0) {
+                crv = CKR_ATTRIBUTE_VALUE_INVALID;
+                break;
+            }
+
+            /* extract the exponent */
+            crv = sftk_Attribute2SSecItem(NULL, &pubExp, publicKey, CKA_PUBLIC_EXPONENT);
+            if (crv != CKR_OK)
+                break;
+            bitSize = sftk_GetLengthInBits(pubExp.data, pubExp.len);
+            if (bitSize < 2) {
+                crv = CKR_ATTRIBUTE_VALUE_INVALID;
+                break;
+            }
+            crv = sftk_AddAttributeType(privateKey, CKA_PUBLIC_EXPONENT,
+                                        sftk_item_expand(&pubExp));
+            if (crv != CKR_OK) {
+                PORT_Free(pubExp.data);
+                break;
+            }
+
+            rsaPriv = RSA_NewKey(public_modulus_bits, &pubExp);
+            PORT_Free(pubExp.data);
+            if (rsaPriv == NULL) {
+                if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+                    sftk_fatalError = PR_TRUE;
+                }
+                crv = sftk_MapCryptError(PORT_GetError());
+                break;
+            }
+            /* now fill in the RSA dependent paramenters in the public key */
+            crv = sftk_AddAttributeType(publicKey, CKA_MODULUS,
+                                        sftk_item_expand(&rsaPriv->modulus));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            /* now fill in the RSA dependent paramenters in the private key */
+            crv = sftk_AddAttributeType(privateKey, CKA_NETSCAPE_DB,
+                                        sftk_item_expand(&rsaPriv->modulus));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_MODULUS,
+                                        sftk_item_expand(&rsaPriv->modulus));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_PRIVATE_EXPONENT,
+                                        sftk_item_expand(&rsaPriv->privateExponent));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_PRIME_1,
+                                        sftk_item_expand(&rsaPriv->prime1));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_PRIME_2,
+                                        sftk_item_expand(&rsaPriv->prime2));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_EXPONENT_1,
+                                        sftk_item_expand(&rsaPriv->exponent1));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_EXPONENT_2,
+                                        sftk_item_expand(&rsaPriv->exponent2));
+            if (crv != CKR_OK)
+                goto kpg_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_COEFFICIENT,
+                                        sftk_item_expand(&rsaPriv->coefficient));
+        kpg_done:
+            /* Should zeroize the contents first, since this func doesn't. */
+            PORT_FreeArena(rsaPriv->arena, PR_TRUE);
+            break;
+        case CKM_DSA_KEY_PAIR_GEN:
+            sftk_DeleteAttributeType(publicKey, CKA_VALUE);
+            sftk_DeleteAttributeType(privateKey, CKA_NETSCAPE_DB);
+            sftk_DeleteAttributeType(privateKey, CKA_PRIME);
+            sftk_DeleteAttributeType(privateKey, CKA_SUBPRIME);
+            sftk_DeleteAttributeType(privateKey, CKA_BASE);
+            key_type = CKK_DSA;
+
+            /* extract the necessary parameters and copy them to the private key */
+            crv = sftk_Attribute2SSecItem(NULL, &pqgParam.prime, publicKey, CKA_PRIME);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(NULL, &pqgParam.subPrime, publicKey,
+                                          CKA_SUBPRIME);
+            if (crv != CKR_OK) {
+                PORT_Free(pqgParam.prime.data);
+                break;
+            }
+            crv = sftk_Attribute2SSecItem(NULL, &pqgParam.base, publicKey, CKA_BASE);
+            if (crv != CKR_OK) {
+                PORT_Free(pqgParam.prime.data);
+                PORT_Free(pqgParam.subPrime.data);
+                break;
+            }
+            crv = sftk_AddAttributeType(privateKey, CKA_PRIME,
+                                        sftk_item_expand(&pqgParam.prime));
+            if (crv != CKR_OK) {
+                PORT_Free(pqgParam.prime.data);
+                PORT_Free(pqgParam.subPrime.data);
+                PORT_Free(pqgParam.base.data);
+                break;
+            }
+            crv = sftk_AddAttributeType(privateKey, CKA_SUBPRIME,
+                                        sftk_item_expand(&pqgParam.subPrime));
+            if (crv != CKR_OK) {
+                PORT_Free(pqgParam.prime.data);
+                PORT_Free(pqgParam.subPrime.data);
+                PORT_Free(pqgParam.base.data);
+                break;
+            }
+            crv = sftk_AddAttributeType(privateKey, CKA_BASE,
+                                        sftk_item_expand(&pqgParam.base));
+            if (crv != CKR_OK) {
+                PORT_Free(pqgParam.prime.data);
+                PORT_Free(pqgParam.subPrime.data);
+                PORT_Free(pqgParam.base.data);
+                break;
+            }
+
+            /*
+             * these are checked by DSA_NewKey
+             */
+            bitSize = sftk_GetLengthInBits(pqgParam.subPrime.data,
+                                           pqgParam.subPrime.len);
+            if ((bitSize < DSA_MIN_Q_BITS) || (bitSize > DSA_MAX_Q_BITS)) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                PORT_Free(pqgParam.prime.data);
+                PORT_Free(pqgParam.subPrime.data);
+                PORT_Free(pqgParam.base.data);
+                break;
+            }
+            bitSize = sftk_GetLengthInBits(pqgParam.prime.data, pqgParam.prime.len);
+            if ((bitSize < DSA_MIN_P_BITS) || (bitSize > DSA_MAX_P_BITS)) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                PORT_Free(pqgParam.prime.data);
+                PORT_Free(pqgParam.subPrime.data);
+                PORT_Free(pqgParam.base.data);
+                break;
+            }
+            bitSize = sftk_GetLengthInBits(pqgParam.base.data, pqgParam.base.len);
+            if ((bitSize < 2) || (bitSize > DSA_MAX_P_BITS)) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                PORT_Free(pqgParam.prime.data);
+                PORT_Free(pqgParam.subPrime.data);
+                PORT_Free(pqgParam.base.data);
+                break;
+            }
+
+            /* Generate the key */
+            rv = DSA_NewKey(&pqgParam, &dsaPriv);
+
+            PORT_Free(pqgParam.prime.data);
+            PORT_Free(pqgParam.subPrime.data);
+            PORT_Free(pqgParam.base.data);
+
+            if (rv != SECSuccess) {
+                if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+                    sftk_fatalError = PR_TRUE;
+                }
+                crv = sftk_MapCryptError(PORT_GetError());
+                break;
+            }
+
+            /* store the generated key into the attributes */
+            crv = sftk_AddAttributeType(publicKey, CKA_VALUE,
+                                        sftk_item_expand(&dsaPriv->publicValue));
+            if (crv != CKR_OK)
+                goto dsagn_done;
+
+            /* now fill in the RSA dependent paramenters in the private key */
+            crv = sftk_AddAttributeType(privateKey, CKA_NETSCAPE_DB,
+                                        sftk_item_expand(&dsaPriv->publicValue));
+            if (crv != CKR_OK)
+                goto dsagn_done;
+            crv = sftk_AddAttributeType(privateKey, CKA_VALUE,
+                                        sftk_item_expand(&dsaPriv->privateValue));
+
+        dsagn_done:
+            /* should zeroize, since this function doesn't. */
+            PORT_FreeArena(dsaPriv->params.arena, PR_TRUE);
+            break;
+
+        case CKM_DH_PKCS_KEY_PAIR_GEN:
+            sftk_DeleteAttributeType(privateKey, CKA_PRIME);
+            sftk_DeleteAttributeType(privateKey, CKA_BASE);
+            sftk_DeleteAttributeType(privateKey, CKA_VALUE);
+            sftk_DeleteAttributeType(privateKey, CKA_NETSCAPE_DB);
+            key_type = CKK_DH;
+
+            /* extract the necessary parameters and copy them to private keys */
+            crv = sftk_Attribute2SSecItem(NULL, &dhParam.prime, publicKey,
+                                          CKA_PRIME);
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_Attribute2SSecItem(NULL, &dhParam.base, publicKey, CKA_BASE);
+            if (crv != CKR_OK) {
+                PORT_Free(dhParam.prime.data);
+                break;
+            }
+            crv = sftk_AddAttributeType(privateKey, CKA_PRIME,
+                                        sftk_item_expand(&dhParam.prime));
+            if (crv != CKR_OK) {
+                PORT_Free(dhParam.prime.data);
+                PORT_Free(dhParam.base.data);
+                break;
+            }
+            crv = sftk_AddAttributeType(privateKey, CKA_BASE,
+                                        sftk_item_expand(&dhParam.base));
+            if (crv != CKR_OK) {
+                PORT_Free(dhParam.prime.data);
+                PORT_Free(dhParam.base.data);
+                break;
+            }
+            bitSize = sftk_GetLengthInBits(dhParam.prime.data, dhParam.prime.len);
+            if ((bitSize < DH_MIN_P_BITS) || (bitSize > DH_MAX_P_BITS)) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                PORT_Free(dhParam.prime.data);
+                PORT_Free(dhParam.base.data);
+                break;
+            }
+            bitSize = sftk_GetLengthInBits(dhParam.base.data, dhParam.base.len);
+            if ((bitSize < 1) || (bitSize > DH_MAX_P_BITS)) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                PORT_Free(dhParam.prime.data);
+                PORT_Free(dhParam.base.data);
+                break;
+            }
+
+            rv = DH_NewKey(&dhParam, &dhPriv);
+            PORT_Free(dhParam.prime.data);
+            PORT_Free(dhParam.base.data);
+            if (rv != SECSuccess) {
+                if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+                    sftk_fatalError = PR_TRUE;
+                }
+                crv = sftk_MapCryptError(PORT_GetError());
+                break;
+            }
+
+            crv = sftk_AddAttributeType(publicKey, CKA_VALUE,
+                                        sftk_item_expand(&dhPriv->publicValue));
+            if (crv != CKR_OK)
+                goto dhgn_done;
+
+            crv = sftk_AddAttributeType(privateKey, CKA_NETSCAPE_DB,
+                                        sftk_item_expand(&dhPriv->publicValue));
+            if (crv != CKR_OK)
+                goto dhgn_done;
+
+            crv = sftk_AddAttributeType(privateKey, CKA_VALUE,
+                                        sftk_item_expand(&dhPriv->privateValue));
+
+        dhgn_done:
+            /* should zeroize, since this function doesn't. */
+            PORT_FreeArena(dhPriv->arena, PR_TRUE);
+            break;
+
+#ifndef NSS_DISABLE_ECC
+        case CKM_EC_KEY_PAIR_GEN:
+            sftk_DeleteAttributeType(privateKey, CKA_EC_PARAMS);
+            sftk_DeleteAttributeType(privateKey, CKA_VALUE);
+            sftk_DeleteAttributeType(privateKey, CKA_NETSCAPE_DB);
+            key_type = CKK_EC;
+
+            /* extract the necessary parameters and copy them to private keys */
+            crv = sftk_Attribute2SSecItem(NULL, &ecEncodedParams, publicKey,
+                                          CKA_EC_PARAMS);
+            if (crv != CKR_OK)
+                break;
+
+            crv = sftk_AddAttributeType(privateKey, CKA_EC_PARAMS,
+                                        sftk_item_expand(&ecEncodedParams));
+            if (crv != CKR_OK) {
+                PORT_Free(ecEncodedParams.data);
+                break;
+            }
+
+            /* Decode ec params before calling EC_NewKey */
+            rv = EC_DecodeParams(&ecEncodedParams, &ecParams);
+            PORT_Free(ecEncodedParams.data);
+            if (rv != SECSuccess) {
+                crv = sftk_MapCryptError(PORT_GetError());
+                break;
+            }
+            rv = EC_NewKey(ecParams, &ecPriv);
+            if (rv != SECSuccess) {
+                if (PORT_GetError() == SEC_ERROR_LIBRARY_FAILURE) {
+                    sftk_fatalError = PR_TRUE;
+                }
+                PORT_FreeArena(ecParams->arena, PR_TRUE);
+                crv = sftk_MapCryptError(PORT_GetError());
+                break;
+            }
+
+            if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT") ||
+                ecParams->fieldID.type == ec_field_plain) {
+                PORT_FreeArena(ecParams->arena, PR_TRUE);
+                crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT,
+                                            sftk_item_expand(&ecPriv->publicValue));
+            } else {
+                PORT_FreeArena(ecParams->arena, PR_TRUE);
+                SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
+                                                       &ecPriv->publicValue,
+                                                       SEC_ASN1_GET(SEC_OctetStringTemplate));
+                if (!pubValue) {
+                    crv = CKR_ARGUMENTS_BAD;
+                    goto ecgn_done;
+                }
+                crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT,
+                                            sftk_item_expand(pubValue));
+                SECITEM_FreeItem(pubValue, PR_TRUE);
+            }
+            if (crv != CKR_OK)
+                goto ecgn_done;
+
+            crv = sftk_AddAttributeType(privateKey, CKA_VALUE,
+                                        sftk_item_expand(&ecPriv->privateValue));
+            if (crv != CKR_OK)
+                goto ecgn_done;
+
+            crv = sftk_AddAttributeType(privateKey, CKA_NETSCAPE_DB,
+                                        sftk_item_expand(&ecPriv->publicValue));
+        ecgn_done:
+            /* should zeroize, since this function doesn't. */
+            PORT_FreeArena(ecPriv->ecParams.arena, PR_TRUE);
+            break;
+#endif /* NSS_DISABLE_ECC */
+
+        default:
+            crv = CKR_MECHANISM_INVALID;
+    }
+
+    if (crv != CKR_OK) {
+        sftk_FreeObject(privateKey);
+        sftk_FreeObject(publicKey);
+        return crv;
+    }
+
+    /* Add the class, key_type The loop lets us check errors blow out
+     *  on errors and clean up at the bottom */
+    session = NULL; /* make pedtantic happy... session cannot leave the*/
+                    /* loop below NULL unless an error is set... */
+    do {
+        crv = sftk_AddAttributeType(privateKey, CKA_CLASS, &privClass,
+                                    sizeof(CK_OBJECT_CLASS));
+        if (crv != CKR_OK)
+            break;
+        crv = sftk_AddAttributeType(publicKey, CKA_CLASS, &pubClass,
+                                    sizeof(CK_OBJECT_CLASS));
+        if (crv != CKR_OK)
+            break;
+        crv = sftk_AddAttributeType(privateKey, CKA_KEY_TYPE, &key_type,
+                                    sizeof(CK_KEY_TYPE));
+        if (crv != CKR_OK)
+            break;
+        crv = sftk_AddAttributeType(publicKey, CKA_KEY_TYPE, &key_type,
+                                    sizeof(CK_KEY_TYPE));
+        if (crv != CKR_OK)
+            break;
+        session = sftk_SessionFromHandle(hSession);
+        if (session == NULL)
+            crv = CKR_SESSION_HANDLE_INVALID;
+    } while (0);
+
+    if (crv != CKR_OK) {
+        sftk_FreeObject(privateKey);
+        sftk_FreeObject(publicKey);
+        return crv;
+    }
+
+    /*
+     * handle the base object cleanup for the public Key
+     */
+    crv = sftk_handleObject(privateKey, session);
+    if (crv != CKR_OK) {
+        sftk_FreeSession(session);
+        sftk_FreeObject(privateKey);
+        sftk_FreeObject(publicKey);
+        return crv;
+    }
+
+    /*
+     * handle the base object cleanup for the private Key
+     * If we have any problems, we destroy the public Key we've
+     * created and linked.
+     */
+    crv = sftk_handleObject(publicKey, session);
+    sftk_FreeSession(session);
+    if (crv != CKR_OK) {
+        sftk_FreeObject(publicKey);
+        NSC_DestroyObject(hSession, privateKey->handle);
+        sftk_FreeObject(privateKey);
+        return crv;
+    }
+    if (sftk_isTrue(privateKey, CKA_SENSITIVE)) {
+        crv = sftk_forceAttribute(privateKey, CKA_ALWAYS_SENSITIVE,
+                                  &cktrue, sizeof(CK_BBOOL));
+    }
+    if (crv == CKR_OK && sftk_isTrue(publicKey, CKA_SENSITIVE)) {
+        crv = sftk_forceAttribute(publicKey, CKA_ALWAYS_SENSITIVE,
+                                  &cktrue, sizeof(CK_BBOOL));
+    }
+    if (crv == CKR_OK && !sftk_isTrue(privateKey, CKA_EXTRACTABLE)) {
+        crv = sftk_forceAttribute(privateKey, CKA_NEVER_EXTRACTABLE,
+                                  &cktrue, sizeof(CK_BBOOL));
+    }
+    if (crv == CKR_OK && !sftk_isTrue(publicKey, CKA_EXTRACTABLE)) {
+        crv = sftk_forceAttribute(publicKey, CKA_NEVER_EXTRACTABLE,
+                                  &cktrue, sizeof(CK_BBOOL));
+    }
+
+    if (crv == CKR_OK) {
+        /* Perform FIPS 140-2 pairwise consistency check. */
+        crv = sftk_PairwiseConsistencyCheck(hSession,
+                                            publicKey, privateKey, key_type);
+        if (crv != CKR_OK) {
+            if (sftk_audit_enabled) {
+                char msg[128];
+                PR_snprintf(msg, sizeof msg,
+                            "C_GenerateKeyPair(hSession=0x%08lX, "
+                            "pMechanism->mechanism=0x%08lX)=0x%08lX "
+                            "self-test: pair-wise consistency test failed",
+                            (PRUint32)hSession, (PRUint32)pMechanism->mechanism,
+                            (PRUint32)crv);
+                sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
+            }
+        }
+    }
+
+    if (crv != CKR_OK) {
+        NSC_DestroyObject(hSession, publicKey->handle);
+        sftk_FreeObject(publicKey);
+        NSC_DestroyObject(hSession, privateKey->handle);
+        sftk_FreeObject(privateKey);
+        return crv;
+    }
+
+    *phPrivateKey = privateKey->handle;
+    *phPublicKey = publicKey->handle;
+    sftk_FreeObject(publicKey);
+    sftk_FreeObject(privateKey);
+
+    return CKR_OK;
+}
+
+static SECItem *
+sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
+{
+    NSSLOWKEYPrivateKey *lk = NULL;
+    NSSLOWKEYPrivateKeyInfo *pki = NULL;
+    SFTKAttribute *attribute = NULL;
+    PLArenaPool *arena = NULL;
+    SECOidTag algorithm = SEC_OID_UNKNOWN;
+    void *dummy, *param = NULL;
+    SECStatus rv = SECSuccess;
+    SECItem *encodedKey = NULL;
+#ifndef NSS_DISABLE_ECC
+#ifdef EC_DEBUG
+    SECItem *fordebug;
+#endif
+    int savelen;
+#endif
+
+    if (!key) {
+        *crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */
+        return NULL;
+    }
+
+    attribute = sftk_FindAttribute(key, CKA_KEY_TYPE);
+    if (!attribute) {
+        *crvp = CKR_KEY_TYPE_INCONSISTENT;
+        return NULL;
+    }
+
+    lk = sftk_GetPrivKey(key, *(CK_KEY_TYPE *)attribute->attrib.pValue, crvp);
+    sftk_FreeAttribute(attribute);
+    if (!lk) {
+        return NULL;
+    }
+
+    arena = PORT_NewArena(2048); /* XXX different size? */
+    if (!arena) {
+        *crvp = CKR_HOST_MEMORY;
+        rv = SECFailure;
+        goto loser;
+    }
+
+    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(arena,
+                                                      sizeof(NSSLOWKEYPrivateKeyInfo));
+    if (!pki) {
+        *crvp = CKR_HOST_MEMORY;
+        rv = SECFailure;
+        goto loser;
+    }
+    pki->arena = arena;
+
+    param = NULL;
+    switch (lk->keyType) {
+        case NSSLOWKEYRSAKey:
+            prepare_low_rsa_priv_key_for_asn1(lk);
+            dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
+                                       nsslowkey_RSAPrivateKeyTemplate);
+            algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
+            break;
+        case NSSLOWKEYDSAKey:
+            prepare_low_dsa_priv_key_export_for_asn1(lk);
+            dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
+                                       nsslowkey_DSAPrivateKeyExportTemplate);
+            prepare_low_pqg_params_for_asn1(&lk->u.dsa.params);
+            param = SEC_ASN1EncodeItem(NULL, NULL, &(lk->u.dsa.params),
+                                       nsslowkey_PQGParamsTemplate);
+            algorithm = SEC_OID_ANSIX9_DSA_SIGNATURE;
+            break;
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            prepare_low_ec_priv_key_for_asn1(lk);
+            /* Public value is encoded as a bit string so adjust length
+             * to be in bits before ASN encoding and readjust
+             * immediately after.
+             *
+             * Since the SECG specification recommends not including the
+             * parameters as part of ECPrivateKey, we zero out the curveOID
+             * length before encoding and restore it later.
+             */
+            lk->u.ec.publicValue.len <<= 3;
+            savelen = lk->u.ec.ecParams.curveOID.len;
+            lk->u.ec.ecParams.curveOID.len = 0;
+            dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
+                                       nsslowkey_ECPrivateKeyTemplate);
+            lk->u.ec.ecParams.curveOID.len = savelen;
+            lk->u.ec.publicValue.len >>= 3;
+
+#ifdef EC_DEBUG
+            fordebug = &pki->privateKey;
+            SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType,
+                      fordebug);
+#endif
+
+            param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding);
+
+            algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+            break;
+#endif /* NSS_DISABLE_ECC */
+        case NSSLOWKEYDHKey:
+        default:
+            dummy = NULL;
+            break;
+    }
+
+    if (!dummy || ((lk->keyType == NSSLOWKEYDSAKey) && !param)) {
+        *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */
+        rv = SECFailure;
+        goto loser;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, &pki->algorithm, algorithm,
+                               (SECItem *)param);
+    if (rv != SECSuccess) {
+        *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */
+        rv = SECFailure;
+        goto loser;
+    }
+
+    dummy = SEC_ASN1EncodeInteger(arena, &pki->version,
+                                  NSSLOWKEY_PRIVATE_KEY_INFO_VERSION);
+    if (!dummy) {
+        *crvp = CKR_DEVICE_ERROR; /* should map NSS SECError */
+        rv = SECFailure;
+        goto loser;
+    }
+
+    encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki,
+                                    nsslowkey_PrivateKeyInfoTemplate);
+    *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR;
+
+#ifdef EC_DEBUG
+    fordebug = encodedKey;
+    SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType,
+              fordebug);
+#endif
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+
+    if (lk && (lk != key->objectInfo)) {
+        nsslowkey_DestroyPrivateKey(lk);
+    }
+
+    if (param) {
+        SECITEM_ZfreeItem((SECItem *)param, PR_TRUE);
+    }
+
+    if (rv != SECSuccess) {
+        return NULL;
+    }
+
+    return encodedKey;
+}
+
+/* it doesn't matter yet, since we colapse error conditions in the
+ * level above, but we really should map those few key error differences */
+static CK_RV
+sftk_mapWrap(CK_RV crv)
+{
+    switch (crv) {
+        case CKR_ENCRYPTED_DATA_INVALID:
+            crv = CKR_WRAPPED_KEY_INVALID;
+            break;
+    }
+    return crv;
+}
+
+/* NSC_WrapKey wraps (i.e., encrypts) a key. */
+CK_RV
+NSC_WrapKey(CK_SESSION_HANDLE hSession,
+            CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
+            CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
+            CK_ULONG_PTR pulWrappedKeyLen)
+{
+    SFTKSession *session;
+    SFTKAttribute *attribute;
+    SFTKObject *key;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    key = sftk_ObjectFromHandle(hKey, session);
+    sftk_FreeSession(session);
+    if (key == NULL) {
+        return CKR_KEY_HANDLE_INVALID;
+    }
+
+    switch (key->objclass) {
+        case CKO_SECRET_KEY: {
+            SFTKSessionContext *context = NULL;
+            SECItem pText;
+
+            attribute = sftk_FindAttribute(key, CKA_VALUE);
+
+            if (attribute == NULL) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            crv = sftk_CryptInit(hSession, pMechanism, hWrappingKey,
+                                 CKA_WRAP, CKA_WRAP, SFTK_ENCRYPT, PR_TRUE);
+            if (crv != CKR_OK) {
+                sftk_FreeAttribute(attribute);
+                break;
+            }
+
+            pText.type = siBuffer;
+            pText.data = (unsigned char *)attribute->attrib.pValue;
+            pText.len = attribute->attrib.ulValueLen;
+
+            /* Find out if this is a block cipher. */
+            crv = sftk_GetContext(hSession, &context, SFTK_ENCRYPT, PR_FALSE, NULL);
+            if (crv != CKR_OK || !context)
+                break;
+            if (context->blockSize > 1) {
+                unsigned int remainder = pText.len % context->blockSize;
+                if (!context->doPad && remainder) {
+                    /* When wrapping secret keys with unpadded block ciphers,
+                    ** the keys are zero padded, if necessary, to fill out
+                    ** a full block.
+                    */
+                    pText.len += context->blockSize - remainder;
+                    pText.data = PORT_ZAlloc(pText.len);
+                    if (pText.data)
+                        memcpy(pText.data, attribute->attrib.pValue,
+                               attribute->attrib.ulValueLen);
+                    else {
+                        crv = CKR_HOST_MEMORY;
+                        break;
+                    }
+                }
+            }
+
+            crv = NSC_Encrypt(hSession, (CK_BYTE_PTR)pText.data,
+                              pText.len, pWrappedKey, pulWrappedKeyLen);
+            /* always force a finalize, both on errors and when
+             * we are just getting the size */
+            if (crv != CKR_OK || pWrappedKey == NULL) {
+                CK_RV lcrv;
+                lcrv = sftk_GetContext(hSession, &context,
+                                       SFTK_ENCRYPT, PR_FALSE, NULL);
+                sftk_SetContextByType(session, SFTK_ENCRYPT, NULL);
+                if (lcrv == CKR_OK && context) {
+                    sftk_FreeContext(context);
+                }
+            }
+
+            if (pText.data != (unsigned char *)attribute->attrib.pValue)
+                PORT_ZFree(pText.data, pText.len);
+            sftk_FreeAttribute(attribute);
+            break;
+        }
+
+        case CKO_PRIVATE_KEY: {
+            SECItem *bpki = sftk_PackagePrivateKey(key, &crv);
+            SFTKSessionContext *context = NULL;
+
+            if (!bpki) {
+                break;
+            }
+
+            crv = sftk_CryptInit(hSession, pMechanism, hWrappingKey,
+                                 CKA_WRAP, CKA_WRAP, SFTK_ENCRYPT, PR_TRUE);
+            if (crv != CKR_OK) {
+                SECITEM_ZfreeItem(bpki, PR_TRUE);
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+
+            crv = NSC_Encrypt(hSession, bpki->data, bpki->len,
+                              pWrappedKey, pulWrappedKeyLen);
+            /* always force a finalize */
+            if (crv != CKR_OK || pWrappedKey == NULL) {
+                CK_RV lcrv;
+                lcrv = sftk_GetContext(hSession, &context,
+                                       SFTK_ENCRYPT, PR_FALSE, NULL);
+                sftk_SetContextByType(session, SFTK_ENCRYPT, NULL);
+                if (lcrv == CKR_OK && context) {
+                    sftk_FreeContext(context);
+                }
+            }
+            SECITEM_ZfreeItem(bpki, PR_TRUE);
+            break;
+        }
+
+        default:
+            crv = CKR_KEY_TYPE_INCONSISTENT;
+            break;
+    }
+    sftk_FreeObject(key);
+
+    return sftk_mapWrap(crv);
+}
+
+/*
+ * import a pprivate key info into the desired slot
+ */
+static SECStatus
+sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
+{
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_KEY_TYPE keyType = CKK_RSA;
+    SECStatus rv = SECFailure;
+    const SEC_ASN1Template *keyTemplate, *paramTemplate;
+    void *paramDest = NULL;
+    PLArenaPool *arena;
+    NSSLOWKEYPrivateKey *lpk = NULL;
+    NSSLOWKEYPrivateKeyInfo *pki = NULL;
+    CK_RV crv = CKR_KEY_TYPE_INCONSISTENT;
+
+    arena = PORT_NewArena(2048);
+    if (!arena) {
+        return SECFailure;
+    }
+
+    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(arena,
+                                                      sizeof(NSSLOWKEYPrivateKeyInfo));
+    if (!pki) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return SECFailure;
+    }
+
+    if (SEC_ASN1DecodeItem(arena, pki, nsslowkey_PrivateKeyInfoTemplate, bpki) != SECSuccess) {
+        PORT_FreeArena(arena, PR_TRUE);
+        return SECFailure;
+    }
+
+    lpk = (NSSLOWKEYPrivateKey *)PORT_ArenaZAlloc(arena,
+                                                  sizeof(NSSLOWKEYPrivateKey));
+    if (lpk == NULL) {
+        goto loser;
+    }
+    lpk->arena = arena;
+
+    switch (SECOID_GetAlgorithmTag(&pki->algorithm)) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            keyTemplate = nsslowkey_RSAPrivateKeyTemplate;
+            paramTemplate = NULL;
+            paramDest = NULL;
+            lpk->keyType = NSSLOWKEYRSAKey;
+            prepare_low_rsa_priv_key_for_asn1(lpk);
+            break;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            keyTemplate = nsslowkey_DSAPrivateKeyExportTemplate;
+            paramTemplate = nsslowkey_PQGParamsTemplate;
+            paramDest = &(lpk->u.dsa.params);
+            lpk->keyType = NSSLOWKEYDSAKey;
+            prepare_low_dsa_priv_key_export_for_asn1(lpk);
+            prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params);
+            break;
+/* case NSSLOWKEYDHKey: */
+#ifndef NSS_DISABLE_ECC
+        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+            keyTemplate = nsslowkey_ECPrivateKeyTemplate;
+            paramTemplate = NULL;
+            paramDest = &(lpk->u.ec.ecParams.DEREncoding);
+            lpk->keyType = NSSLOWKEYECKey;
+            prepare_low_ec_priv_key_for_asn1(lpk);
+            prepare_low_ecparams_for_asn1(&lpk->u.ec.ecParams);
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            keyTemplate = NULL;
+            paramTemplate = NULL;
+            paramDest = NULL;
+            break;
+    }
+
+    if (!keyTemplate) {
+        goto loser;
+    }
+
+    /* decode the private key and any algorithm parameters */
+    rv = SEC_QuickDERDecodeItem(arena, lpk, keyTemplate, &pki->privateKey);
+
+#ifndef NSS_DISABLE_ECC
+    if (lpk->keyType == NSSLOWKEYECKey) {
+        /* convert length in bits to length in bytes */
+        lpk->u.ec.publicValue.len >>= 3;
+        rv = SECITEM_CopyItem(arena,
+                              &(lpk->u.ec.ecParams.DEREncoding),
+                              &(pki->algorithm.parameters));
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+#endif /* NSS_DISABLE_ECC */
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (paramDest && paramTemplate) {
+        rv = SEC_QuickDERDecodeItem(arena, paramDest, paramTemplate,
+                                    &(pki->algorithm.parameters));
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    rv = SECFailure;
+
+    switch (lpk->keyType) {
+        case NSSLOWKEYRSAKey:
+            keyType = CKK_RSA;
+            if (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) {
+                sftk_DeleteAttributeType(key, CKA_NETSCAPE_DB);
+            }
+            crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
+                                        sizeof(keyType));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_UNWRAP, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_DECRYPT, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_MODULUS,
+                                        sftk_item_expand(&lpk->u.rsa.modulus));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_PUBLIC_EXPONENT,
+                                        sftk_item_expand(&lpk->u.rsa.publicExponent));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_PRIVATE_EXPONENT,
+                                        sftk_item_expand(&lpk->u.rsa.privateExponent));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_PRIME_1,
+                                        sftk_item_expand(&lpk->u.rsa.prime1));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_PRIME_2,
+                                        sftk_item_expand(&lpk->u.rsa.prime2));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_EXPONENT_1,
+                                        sftk_item_expand(&lpk->u.rsa.exponent1));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_EXPONENT_2,
+                                        sftk_item_expand(&lpk->u.rsa.exponent2));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_COEFFICIENT,
+                                        sftk_item_expand(&lpk->u.rsa.coefficient));
+            break;
+        case NSSLOWKEYDSAKey:
+            keyType = CKK_DSA;
+            crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
+                                        sizeof(keyType));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_PRIME,
+                                        sftk_item_expand(&lpk->u.dsa.params.prime));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_SUBPRIME,
+                                        sftk_item_expand(&lpk->u.dsa.params.subPrime));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_BASE,
+                                        sftk_item_expand(&lpk->u.dsa.params.base));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_VALUE,
+                                        sftk_item_expand(&lpk->u.dsa.privateValue));
+            if (crv != CKR_OK)
+                break;
+            break;
+#ifdef notdef
+        case NSSLOWKEYDHKey:
+            template = dhTemplate;
+            templateCount = sizeof(dhTemplate) / sizeof(CK_ATTRIBUTE);
+            keyType = CKK_DH;
+            break;
+#endif
+/* what about fortezza??? */
+#ifndef NSS_DISABLE_ECC
+        case NSSLOWKEYECKey:
+            keyType = CKK_EC;
+            crv = (sftk_hasAttribute(key, CKA_NETSCAPE_DB)) ? CKR_OK : CKR_KEY_TYPE_INCONSISTENT;
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_KEY_TYPE, &keyType,
+                                        sizeof(keyType));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_SIGN, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_SIGN_RECOVER, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_DERIVE, &cktrue,
+                                        sizeof(CK_BBOOL));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_EC_PARAMS,
+                                        sftk_item_expand(&lpk->u.ec.ecParams.DEREncoding));
+            if (crv != CKR_OK)
+                break;
+            crv = sftk_AddAttributeType(key, CKA_VALUE,
+                                        sftk_item_expand(&lpk->u.ec.privateValue));
+            if (crv != CKR_OK)
+                break;
+            /* XXX Do we need to decode the EC Params here ?? */
+            break;
+#endif /* NSS_DISABLE_ECC */
+        default:
+            crv = CKR_KEY_TYPE_INCONSISTENT;
+            break;
+    }
+
+loser:
+    if (lpk) {
+        nsslowkey_DestroyPrivateKey(lpk);
+    }
+
+    if (crv != CKR_OK) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* NSC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
+CK_RV
+NSC_UnwrapKey(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
+              CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+              CK_OBJECT_HANDLE_PTR phKey)
+{
+    SFTKObject *key = NULL;
+    SFTKSession *session;
+    CK_ULONG key_length = 0;
+    unsigned char *buf = NULL;
+    CK_RV crv = CKR_OK;
+    int i;
+    CK_ULONG bsize = ulWrappedKeyLen;
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    SECItem bpki;
+    CK_OBJECT_CLASS target_type = CKO_SECRET_KEY;
+
+    CHECK_FORK();
+
+    if (!slot) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * now lets create an object to hang the attributes off of
+     */
+    key = sftk_NewObject(slot); /* fill in the handle later */
+    if (key == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /*
+     * load the template values into the object
+     */
+    for (i = 0; i < (int)ulAttributeCount; i++) {
+        if (pTemplate[i].type == CKA_VALUE_LEN) {
+            key_length = *(CK_ULONG *)pTemplate[i].pValue;
+            continue;
+        }
+        if (pTemplate[i].type == CKA_CLASS) {
+            target_type = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+        }
+        crv = sftk_AddAttributeType(key, sftk_attr_expand(&pTemplate[i]));
+        if (crv != CKR_OK)
+            break;
+    }
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+
+    crv = sftk_CryptInit(hSession, pMechanism, hUnwrappingKey, CKA_UNWRAP,
+                         CKA_UNWRAP, SFTK_DECRYPT, PR_FALSE);
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return sftk_mapWrap(crv);
+    }
+
+    /* allocate the buffer to decrypt into
+     * this assumes the unwrapped key is never larger than the
+     * wrapped key. For all the mechanisms we support this is true */
+    buf = (unsigned char *)PORT_Alloc(ulWrappedKeyLen);
+    bsize = ulWrappedKeyLen;
+
+    crv = NSC_Decrypt(hSession, pWrappedKey, ulWrappedKeyLen, buf, &bsize);
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        PORT_Free(buf);
+        return sftk_mapWrap(crv);
+    }
+
+    switch (target_type) {
+        case CKO_SECRET_KEY:
+            if (!sftk_hasAttribute(key, CKA_KEY_TYPE)) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                break;
+            }
+
+            if (key_length == 0 || key_length > bsize) {
+                key_length = bsize;
+            }
+            if (key_length > MAX_KEY_LEN) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+
+            /* add the value */
+            crv = sftk_AddAttributeType(key, CKA_VALUE, buf, key_length);
+            break;
+        case CKO_PRIVATE_KEY:
+            bpki.data = (unsigned char *)buf;
+            bpki.len = bsize;
+            crv = CKR_OK;
+            if (sftk_unwrapPrivateKey(key, &bpki) != SECSuccess) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+            }
+            break;
+        default:
+            crv = CKR_TEMPLATE_INCONSISTENT;
+            break;
+    }
+
+    PORT_ZFree(buf, bsize);
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+
+    /* get the session */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        sftk_FreeObject(key);
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    /*
+     * handle the base object stuff
+     */
+    crv = sftk_handleObject(key, session);
+    *phKey = key->handle;
+    sftk_FreeSession(session);
+    sftk_FreeObject(key);
+
+    return crv;
+}
+
+/*
+ * The SSL key gen mechanism create's lots of keys. This function handles the
+ * details of each of these key creation.
+ */
+static CK_RV
+sftk_buildSSLKey(CK_SESSION_HANDLE hSession, SFTKObject *baseKey,
+                 PRBool isMacKey, unsigned char *keyBlock, unsigned int keySize,
+                 CK_OBJECT_HANDLE *keyHandle)
+{
+    SFTKObject *key;
+    SFTKSession *session;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_BBOOL ckfalse = CK_FALSE;
+    CK_RV crv = CKR_HOST_MEMORY;
+
+    /*
+     * now lets create an object to hang the attributes off of
+     */
+    *keyHandle = CK_INVALID_HANDLE;
+    key = sftk_NewObject(baseKey->slot);
+    if (key == NULL)
+        return CKR_HOST_MEMORY;
+    sftk_narrowToSessionObject(key)->wasDerived = PR_TRUE;
+
+    crv = sftk_CopyObject(key, baseKey);
+    if (crv != CKR_OK)
+        goto loser;
+    if (isMacKey) {
+        crv = sftk_forceAttribute(key, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+        if (crv != CKR_OK)
+            goto loser;
+        crv = sftk_forceAttribute(key, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+        if (crv != CKR_OK)
+            goto loser;
+        crv = sftk_forceAttribute(key, CKA_ENCRYPT, &ckfalse, sizeof(CK_BBOOL));
+        if (crv != CKR_OK)
+            goto loser;
+        crv = sftk_forceAttribute(key, CKA_DECRYPT, &ckfalse, sizeof(CK_BBOOL));
+        if (crv != CKR_OK)
+            goto loser;
+        crv = sftk_forceAttribute(key, CKA_SIGN, &cktrue, sizeof(CK_BBOOL));
+        if (crv != CKR_OK)
+            goto loser;
+        crv = sftk_forceAttribute(key, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+        if (crv != CKR_OK)
+            goto loser;
+        crv = sftk_forceAttribute(key, CKA_WRAP, &ckfalse, sizeof(CK_BBOOL));
+        if (crv != CKR_OK)
+            goto loser;
+        crv = sftk_forceAttribute(key, CKA_UNWRAP, &ckfalse, sizeof(CK_BBOOL));
+        if (crv != CKR_OK)
+            goto loser;
+    }
+    crv = sftk_forceAttribute(key, CKA_VALUE, keyBlock, keySize);
+    if (crv != CKR_OK)
+        goto loser;
+
+    /* get the session */
+    crv = CKR_HOST_MEMORY;
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        goto loser;
+    }
+
+    crv = sftk_handleObject(key, session);
+    sftk_FreeSession(session);
+    *keyHandle = key->handle;
+loser:
+    if (key)
+        sftk_FreeObject(key);
+    return crv;
+}
+
+/*
+ * if there is an error, we need to free the keys we already created in SSL
+ * This is the routine that will do it..
+ */
+static void
+sftk_freeSSLKeys(CK_SESSION_HANDLE session,
+                 CK_SSL3_KEY_MAT_OUT *returnedMaterial)
+{
+    if (returnedMaterial->hClientMacSecret != CK_INVALID_HANDLE) {
+        NSC_DestroyObject(session, returnedMaterial->hClientMacSecret);
+    }
+    if (returnedMaterial->hServerMacSecret != CK_INVALID_HANDLE) {
+        NSC_DestroyObject(session, returnedMaterial->hServerMacSecret);
+    }
+    if (returnedMaterial->hClientKey != CK_INVALID_HANDLE) {
+        NSC_DestroyObject(session, returnedMaterial->hClientKey);
+    }
+    if (returnedMaterial->hServerKey != CK_INVALID_HANDLE) {
+        NSC_DestroyObject(session, returnedMaterial->hServerKey);
+    }
+}
+
+/*
+ * when deriving from sensitive and extractable keys, we need to preserve some
+ * of the semantics in the derived key. This helper routine maintains these
+ * semantics.
+ */
+static CK_RV
+sftk_DeriveSensitiveCheck(SFTKObject *baseKey, SFTKObject *destKey)
+{
+    PRBool hasSensitive;
+    PRBool sensitive = PR_FALSE;
+    PRBool hasExtractable;
+    PRBool extractable = PR_TRUE;
+    CK_RV crv = CKR_OK;
+    SFTKAttribute *att;
+
+    hasSensitive = PR_FALSE;
+    att = sftk_FindAttribute(destKey, CKA_SENSITIVE);
+    if (att) {
+        hasSensitive = PR_TRUE;
+        sensitive = (PRBool) * (CK_BBOOL *)att->attrib.pValue;
+        sftk_FreeAttribute(att);
+    }
+
+    hasExtractable = PR_FALSE;
+    att = sftk_FindAttribute(destKey, CKA_EXTRACTABLE);
+    if (att) {
+        hasExtractable = PR_TRUE;
+        extractable = (PRBool) * (CK_BBOOL *)att->attrib.pValue;
+        sftk_FreeAttribute(att);
+    }
+
+    /* don't make a key more accessible */
+    if (sftk_isTrue(baseKey, CKA_SENSITIVE) && hasSensitive &&
+        (sensitive == PR_FALSE)) {
+        return CKR_KEY_FUNCTION_NOT_PERMITTED;
+    }
+    if (!sftk_isTrue(baseKey, CKA_EXTRACTABLE) && hasExtractable &&
+        (extractable == PR_TRUE)) {
+        return CKR_KEY_FUNCTION_NOT_PERMITTED;
+    }
+
+    /* inherit parent's sensitivity */
+    if (!hasSensitive) {
+        att = sftk_FindAttribute(baseKey, CKA_SENSITIVE);
+        if (att == NULL)
+            return CKR_KEY_TYPE_INCONSISTENT;
+        crv = sftk_defaultAttribute(destKey, sftk_attr_expand(&att->attrib));
+        sftk_FreeAttribute(att);
+        if (crv != CKR_OK)
+            return crv;
+    }
+    if (!hasExtractable) {
+        att = sftk_FindAttribute(baseKey, CKA_EXTRACTABLE);
+        if (att == NULL)
+            return CKR_KEY_TYPE_INCONSISTENT;
+        crv = sftk_defaultAttribute(destKey, sftk_attr_expand(&att->attrib));
+        sftk_FreeAttribute(att);
+        if (crv != CKR_OK)
+            return crv;
+    }
+
+    /* we should inherit the parent's always extractable/ never sensitive info,
+     * but handleObject always forces this attributes, so we would need to do
+     * something special. */
+    return CKR_OK;
+}
+
+/*
+ * make known fixed PKCS #11 key types to their sizes in bytes
+ */
+unsigned long
+sftk_MapKeySize(CK_KEY_TYPE keyType)
+{
+    switch (keyType) {
+        case CKK_CDMF:
+            return 8;
+        case CKK_DES:
+            return 8;
+        case CKK_DES2:
+            return 16;
+        case CKK_DES3:
+            return 24;
+        /* IDEA and CAST need to be added */
+        default:
+            break;
+    }
+    return 0;
+}
+
+#ifndef NSS_DISABLE_ECC
+/* Inputs:
+ *  key_len: Length of derived key to be generated.
+ *  SharedSecret: a shared secret that is the output of a key agreement primitive.
+ *  SharedInfo: (Optional) some data shared by the entities computing the secret key.
+ *  SharedInfoLen: the length in octets of SharedInfo
+ *  Hash: The hash function to be used in the KDF
+ *  HashLen: the length in octets of the output of Hash
+ * Output:
+ *  key: Pointer to a buffer containing derived key, if return value is SECSuccess.
+ */
+static CK_RV
+sftk_compute_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len, SECItem *SharedSecret,
+                            CK_BYTE_PTR SharedInfo, CK_ULONG SharedInfoLen,
+                            SECStatus Hash(unsigned char *, const unsigned char *, PRUint32),
+                            CK_ULONG HashLen)
+{
+    unsigned char *buffer = NULL, *output_buffer = NULL;
+    PRUint32 buffer_len, max_counter, i;
+    SECStatus rv;
+    CK_RV crv;
+
+    /* Check that key_len isn't too long.  The maximum key length could be
+     * greatly increased if the code below did not limit the 4-byte counter
+     * to a maximum value of 255. */
+    if (key_len > 254 * HashLen)
+        return CKR_ARGUMENTS_BAD;
+
+    if (SharedInfo == NULL)
+        SharedInfoLen = 0;
+
+    buffer_len = SharedSecret->len + 4 + SharedInfoLen;
+    buffer = (CK_BYTE *)PORT_Alloc(buffer_len);
+    if (buffer == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    max_counter = key_len / HashLen;
+    if (key_len > max_counter * HashLen)
+        max_counter++;
+
+    output_buffer = (CK_BYTE *)PORT_Alloc(max_counter * HashLen);
+    if (output_buffer == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    /* Populate buffer with SharedSecret || Counter || [SharedInfo]
+     * where Counter is 0x00000001 */
+    PORT_Memcpy(buffer, SharedSecret->data, SharedSecret->len);
+    buffer[SharedSecret->len] = 0;
+    buffer[SharedSecret->len + 1] = 0;
+    buffer[SharedSecret->len + 2] = 0;
+    buffer[SharedSecret->len + 3] = 1;
+    if (SharedInfo) {
+        PORT_Memcpy(&buffer[SharedSecret->len + 4], SharedInfo, SharedInfoLen);
+    }
+
+    for (i = 0; i < max_counter; i++) {
+        rv = Hash(&output_buffer[i * HashLen], buffer, buffer_len);
+        if (rv != SECSuccess) {
+            /* 'Hash' should not fail. */
+            crv = CKR_FUNCTION_FAILED;
+            goto loser;
+        }
+
+        /* Increment counter (assumes max_counter < 255) */
+        buffer[SharedSecret->len + 3]++;
+    }
+
+    PORT_ZFree(buffer, buffer_len);
+    if (key_len < max_counter * HashLen) {
+        PORT_Memset(output_buffer + key_len, 0, max_counter * HashLen - key_len);
+    }
+    *key = output_buffer;
+
+    return CKR_OK;
+
+loser:
+    if (buffer) {
+        PORT_ZFree(buffer, buffer_len);
+    }
+    if (output_buffer) {
+        PORT_ZFree(output_buffer, max_counter * HashLen);
+    }
+    return crv;
+}
+
+static CK_RV
+sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_ULONG key_len,
+                    SECItem *SharedSecret,
+                    CK_BYTE_PTR SharedInfo, CK_ULONG SharedInfoLen,
+                    CK_EC_KDF_TYPE kdf)
+{
+    if (kdf == CKD_SHA1_KDF)
+        return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo,
+                                           SharedInfoLen, SHA1_HashBuf, SHA1_LENGTH);
+    else if (kdf == CKD_SHA224_KDF)
+        return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo,
+                                           SharedInfoLen, SHA224_HashBuf, SHA224_LENGTH);
+    else if (kdf == CKD_SHA256_KDF)
+        return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo,
+                                           SharedInfoLen, SHA256_HashBuf, SHA256_LENGTH);
+    else if (kdf == CKD_SHA384_KDF)
+        return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo,
+                                           SharedInfoLen, SHA384_HashBuf, SHA384_LENGTH);
+    else if (kdf == CKD_SHA512_KDF)
+        return sftk_compute_ANSI_X9_63_kdf(key, key_len, SharedSecret, SharedInfo,
+                                           SharedInfoLen, SHA512_HashBuf, SHA512_LENGTH);
+    else
+        return CKR_MECHANISM_INVALID;
+}
+#endif /* NSS_DISABLE_ECC */
+
+/*
+ * SSL Key generation given pre master secret
+ */
+#define NUM_MIXERS 9
+static const char *const mixers[NUM_MIXERS] = {
+    "A",
+    "BB",
+    "CCC",
+    "DDDD",
+    "EEEEE",
+    "FFFFFF",
+    "GGGGGGG",
+    "HHHHHHHH",
+    "IIIIIIIII"
+};
+#define SSL3_PMS_LENGTH 48
+#define SSL3_MASTER_SECRET_LENGTH 48
+#define SSL3_RANDOM_LENGTH 32
+
+/* NSC_DeriveKey derives a key from a base key, creating a new key object. */
+CK_RV
+NSC_DeriveKey(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
+              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+              CK_OBJECT_HANDLE_PTR phKey)
+{
+    SFTKSession *session;
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
+    SFTKObject *key;
+    SFTKObject *sourceKey;
+    SFTKAttribute *att = NULL;
+    SFTKAttribute *att2 = NULL;
+    unsigned char *buf;
+    SHA1Context *sha;
+    MD5Context *md5;
+    MD2Context *md2;
+    CK_ULONG macSize;
+    CK_ULONG tmpKeySize;
+    CK_ULONG IVSize;
+    CK_ULONG keySize = 0;
+    CK_RV crv = CKR_OK;
+    CK_BBOOL cktrue = CK_TRUE;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
+    CK_KEY_DERIVATION_STRING_DATA *stringPtr;
+    CK_MECHANISM_TYPE mechanism = pMechanism->mechanism;
+    PRBool isTLS = PR_FALSE;
+    PRBool isDH = PR_FALSE;
+    HASH_HashType tlsPrfHash = HASH_AlgNULL;
+    SECStatus rv;
+    int i;
+    unsigned int outLen;
+    unsigned char sha_out[SHA1_LENGTH];
+    unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH];
+    PRBool isFIPS;
+    HASH_HashType hashType;
+    PRBool extractValue = PR_TRUE;
+
+    CHECK_FORK();
+
+    if (!slot) {
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+    /*
+     * now lets create an object to hang the attributes off of
+     */
+    if (phKey)
+        *phKey = CK_INVALID_HANDLE;
+
+    key = sftk_NewObject(slot); /* fill in the handle later */
+    if (key == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    isFIPS = (slot->slotID == FIPS_SLOT_ID);
+
+    /*
+     * load the template values into the object
+     */
+    for (i = 0; i < (int)ulAttributeCount; i++) {
+        crv = sftk_AddAttributeType(key, sftk_attr_expand(&pTemplate[i]));
+        if (crv != CKR_OK)
+            break;
+
+        if (pTemplate[i].type == CKA_KEY_TYPE) {
+            keyType = *(CK_KEY_TYPE *)pTemplate[i].pValue;
+        }
+        if (pTemplate[i].type == CKA_VALUE_LEN) {
+            keySize = *(CK_ULONG *)pTemplate[i].pValue;
+        }
+    }
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+
+    if (keySize == 0) {
+        keySize = sftk_MapKeySize(keyType);
+    }
+
+    switch (mechanism) {
+        case CKM_NSS_JPAKE_ROUND2_SHA1:   /* fall through */
+        case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */
+        case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */
+        case CKM_NSS_JPAKE_ROUND2_SHA512:
+            extractValue = PR_FALSE;
+            classType = CKO_PRIVATE_KEY;
+            break;
+        case CKM_NSS_JPAKE_FINAL_SHA1:   /* fall through */
+        case CKM_NSS_JPAKE_FINAL_SHA256: /* fall through */
+        case CKM_NSS_JPAKE_FINAL_SHA384: /* fall through */
+        case CKM_NSS_JPAKE_FINAL_SHA512:
+            extractValue = PR_FALSE;
+        /* fall through */
+        default:
+            classType = CKO_SECRET_KEY;
+    }
+
+    crv = sftk_forceAttribute(key, CKA_CLASS, &classType, sizeof(classType));
+    if (crv != CKR_OK) {
+        sftk_FreeObject(key);
+        return crv;
+    }
+
+    /* look up the base key we're deriving with */
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL) {
+        sftk_FreeObject(key);
+        return CKR_SESSION_HANDLE_INVALID;
+    }
+
+    sourceKey = sftk_ObjectFromHandle(hBaseKey, session);
+    sftk_FreeSession(session);
+    if (sourceKey == NULL) {
+        sftk_FreeObject(key);
+        return CKR_KEY_HANDLE_INVALID;
+    }
+
+    if (extractValue) {
+        /* get the value of the base key */
+        att = sftk_FindAttribute(sourceKey, CKA_VALUE);
+        if (att == NULL) {
+            sftk_FreeObject(key);
+            sftk_FreeObject(sourceKey);
+            return CKR_KEY_HANDLE_INVALID;
+        }
+    }
+
+    switch (mechanism) {
+        /*
+         * generate the master secret
+         */
+        case CKM_TLS12_MASTER_KEY_DERIVE:
+        case CKM_TLS12_MASTER_KEY_DERIVE_DH:
+        case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256:
+        case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256:
+        case CKM_TLS_MASTER_KEY_DERIVE:
+        case CKM_TLS_MASTER_KEY_DERIVE_DH:
+        case CKM_SSL3_MASTER_KEY_DERIVE:
+        case CKM_SSL3_MASTER_KEY_DERIVE_DH: {
+            CK_SSL3_MASTER_KEY_DERIVE_PARAMS *ssl3_master;
+            SSL3RSAPreMasterSecret *rsa_pms;
+            unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
+
+            if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) ||
+                (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) {
+                CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master =
+                    (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *)pMechanism->pParameter;
+                tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism);
+                if (tlsPrfHash == HASH_AlgNULL) {
+                    crv = CKR_MECHANISM_PARAM_INVALID;
+                    break;
+                }
+            } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) ||
+                       (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) {
+                tlsPrfHash = HASH_AlgSHA256;
+            }
+
+            if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) &&
+                (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) {
+                isTLS = PR_TRUE;
+            }
+            if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) ||
+                (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) ||
+                (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) ||
+                (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) {
+                isDH = PR_TRUE;
+            }
+
+            /* first do the consistency checks */
+            if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att2 = sftk_FindAttribute(sourceKey, CKA_KEY_TYPE);
+            if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue !=
+                                   CKK_GENERIC_SECRET)) {
+                if (att2)
+                    sftk_FreeAttribute(att2);
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+            sftk_FreeAttribute(att2);
+            if (keyType != CKK_GENERIC_SECRET) {
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+            if ((keySize != 0) && (keySize != SSL3_MASTER_SECRET_LENGTH)) {
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+
+            /* finally do the key gen */
+            ssl3_master = (CK_SSL3_MASTER_KEY_DERIVE_PARAMS *)
+                              pMechanism->pParameter;
+
+            PORT_Memcpy(crsrdata,
+                        ssl3_master->RandomInfo.pClientRandom, SSL3_RANDOM_LENGTH);
+            PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH,
+                        ssl3_master->RandomInfo.pServerRandom, SSL3_RANDOM_LENGTH);
+
+            if (ssl3_master->pVersion) {
+                SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key);
+                rsa_pms = (SSL3RSAPreMasterSecret *)att->attrib.pValue;
+                /* don't leak more key material then necessary for SSL to work */
+                if ((sessKey == NULL) || sessKey->wasDerived) {
+                    ssl3_master->pVersion->major = 0xff;
+                    ssl3_master->pVersion->minor = 0xff;
+                } else {
+                    ssl3_master->pVersion->major = rsa_pms->client_version[0];
+                    ssl3_master->pVersion->minor = rsa_pms->client_version[1];
+                }
+            }
+            if (ssl3_master->RandomInfo.ulClientRandomLen != SSL3_RANDOM_LENGTH) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            if (ssl3_master->RandomInfo.ulServerRandomLen != SSL3_RANDOM_LENGTH) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+
+            if (isTLS) {
+                SECStatus status;
+                SECItem crsr = { siBuffer, NULL, 0 };
+                SECItem master = { siBuffer, NULL, 0 };
+                SECItem pms = { siBuffer, NULL, 0 };
+
+                crsr.data = crsrdata;
+                crsr.len = sizeof crsrdata;
+                master.data = key_block;
+                master.len = SSL3_MASTER_SECRET_LENGTH;
+                pms.data = (unsigned char *)att->attrib.pValue;
+                pms.len = att->attrib.ulValueLen;
+
+                if (tlsPrfHash != HASH_AlgNULL) {
+                    status = TLS_P_hash(tlsPrfHash, &pms, "master secret",
+                                        &crsr, &master, isFIPS);
+                } else {
+                    status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS);
+                }
+                if (status != SECSuccess) {
+                    crv = CKR_FUNCTION_FAILED;
+                    break;
+                }
+            } else {
+                /* now allocate the hash contexts */
+                md5 = MD5_NewContext();
+                if (md5 == NULL) {
+                    crv = CKR_HOST_MEMORY;
+                    break;
+                }
+                sha = SHA1_NewContext();
+                if (sha == NULL) {
+                    PORT_Free(md5);
+                    crv = CKR_HOST_MEMORY;
+                    break;
+                }
+                for (i = 0; i < 3; i++) {
+                    SHA1_Begin(sha);
+                    SHA1_Update(sha, (unsigned char *)mixers[i], strlen(mixers[i]));
+                    SHA1_Update(sha, (const unsigned char *)att->attrib.pValue,
+                                att->attrib.ulValueLen);
+                    SHA1_Update(sha, crsrdata, sizeof crsrdata);
+                    SHA1_End(sha, sha_out, &outLen, SHA1_LENGTH);
+                    PORT_Assert(outLen == SHA1_LENGTH);
+
+                    MD5_Begin(md5);
+                    MD5_Update(md5, (const unsigned char *)att->attrib.pValue,
+                               att->attrib.ulValueLen);
+                    MD5_Update(md5, sha_out, outLen);
+                    MD5_End(md5, &key_block[i * MD5_LENGTH], &outLen, MD5_LENGTH);
+                    PORT_Assert(outLen == MD5_LENGTH);
+                }
+                PORT_Free(md5);
+                PORT_Free(sha);
+            }
+
+            /* store the results */
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, SSL3_MASTER_SECRET_LENGTH);
+            if (crv != CKR_OK)
+                break;
+            keyType = CKK_GENERIC_SECRET;
+            crv = sftk_forceAttribute(key, CKA_KEY_TYPE, &keyType, sizeof(keyType));
+            if (isTLS) {
+                /* TLS's master secret is used to "sign" finished msgs with PRF. */
+                /* XXX This seems like a hack.   But SFTK_Derive only accepts
+                 * one "operation" argument. */
+                crv = sftk_forceAttribute(key, CKA_SIGN, &cktrue, sizeof(CK_BBOOL));
+                if (crv != CKR_OK)
+                    break;
+                crv = sftk_forceAttribute(key, CKA_VERIFY, &cktrue, sizeof(CK_BBOOL));
+                if (crv != CKR_OK)
+                    break;
+                /* While we're here, we might as well force this, too. */
+                crv = sftk_forceAttribute(key, CKA_DERIVE, &cktrue, sizeof(CK_BBOOL));
+                if (crv != CKR_OK)
+                    break;
+            }
+            break;
+        }
+
+        /* Extended master key derivation [draft-ietf-tls-session-hash] */
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE:
+        case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: {
+            CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS *ems_params;
+            SSL3RSAPreMasterSecret *rsa_pms;
+            SECStatus status;
+            SECItem pms = { siBuffer, NULL, 0 };
+            SECItem seed = { siBuffer, NULL, 0 };
+            SECItem master = { siBuffer, NULL, 0 };
+
+            ems_params = (CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS *)
+                             pMechanism->pParameter;
+
+            /* First do the consistency checks */
+            if ((mechanism == CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE) &&
+                (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) {
+                crv = CKR_KEY_TYPE_INCONSISTENT;
+                break;
+            }
+            att2 = sftk_FindAttribute(sourceKey, CKA_KEY_TYPE);
+            if ((att2 == NULL) ||
+                (*(CK_KEY_TYPE *)att2->attrib.pValue != CKK_GENERIC_SECRET)) {
+                if (att2)
+                    sftk_FreeAttribute(att2);
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+            sftk_FreeAttribute(att2);
+            if (keyType != CKK_GENERIC_SECRET) {
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+            if ((keySize != 0) && (keySize != SSL3_MASTER_SECRET_LENGTH)) {
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+
+            /* Do the key derivation */
+            pms.data = (unsigned char *)att->attrib.pValue;
+            pms.len = att->attrib.ulValueLen;
+            seed.data = ems_params->pSessionHash;
+            seed.len = ems_params->ulSessionHashLen;
+            master.data = key_block;
+            master.len = SSL3_MASTER_SECRET_LENGTH;
+            if (ems_params->prfHashMechanism == CKM_TLS_PRF) {
+                /*
+                 * In this case, the session hash is the concatenation of SHA-1
+                 * and MD5, so it should be 36 bytes long.
+                 */
+                if (seed.len != MD5_LENGTH + SHA1_LENGTH) {
+                    crv = CKR_TEMPLATE_INCONSISTENT;
+                    break;
+                }
+
+                status = TLS_PRF(&pms, "extended master secret",
+                                 &seed, &master, isFIPS);
+            } else {
+                const SECHashObject *hashObj;
+
+                tlsPrfHash = GetHashTypeFromMechanism(ems_params->prfHashMechanism);
+                if (tlsPrfHash == HASH_AlgNULL) {
+                    crv = CKR_MECHANISM_PARAM_INVALID;
+                    break;
+                }
+
+                hashObj = HASH_GetRawHashObject(tlsPrfHash);
+                if (seed.len != hashObj->length) {
+                    crv = CKR_TEMPLATE_INCONSISTENT;
+                    break;
+                }
+
+                status = TLS_P_hash(tlsPrfHash, &pms, "extended master secret",
+                                    &seed, &master, isFIPS);
+            }
+            if (status != SECSuccess) {
+                crv = CKR_FUNCTION_FAILED;
+                break;
+            }
+
+            /* Reflect the version if required */
+            if (ems_params->pVersion) {
+                SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key);
+                rsa_pms = (SSL3RSAPreMasterSecret *)att->attrib.pValue;
+                /* don't leak more key material than necessary for SSL to work */
+                if ((sessKey == NULL) || sessKey->wasDerived) {
+                    ems_params->pVersion->major = 0xff;
+                    ems_params->pVersion->minor = 0xff;
+                } else {
+                    ems_params->pVersion->major = rsa_pms->client_version[0];
+                    ems_params->pVersion->minor = rsa_pms->client_version[1];
+                }
+            }
+
+            /* Store the results */
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block,
+                                      SSL3_MASTER_SECRET_LENGTH);
+            break;
+        }
+
+        case CKM_TLS12_KEY_AND_MAC_DERIVE:
+        case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256:
+        case CKM_TLS_KEY_AND_MAC_DERIVE:
+        case CKM_SSL3_KEY_AND_MAC_DERIVE: {
+            CK_SSL3_KEY_MAT_PARAMS *ssl3_keys;
+            CK_SSL3_KEY_MAT_OUT *ssl3_keys_out;
+            CK_ULONG effKeySize;
+            unsigned int block_needed;
+            unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2];
+            unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
+
+            if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) {
+                CK_TLS12_KEY_MAT_PARAMS *tls12_keys =
+                    (CK_TLS12_KEY_MAT_PARAMS *)pMechanism->pParameter;
+                tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism);
+                if (tlsPrfHash == HASH_AlgNULL) {
+                    crv = CKR_MECHANISM_PARAM_INVALID;
+                    break;
+                }
+            } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) {
+                tlsPrfHash = HASH_AlgSHA256;
+            }
+
+            if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) {
+                isTLS = PR_TRUE;
+            }
+
+            crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv != CKR_OK)
+                break;
+
+            if (att->attrib.ulValueLen != SSL3_MASTER_SECRET_LENGTH) {
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+            att2 = sftk_FindAttribute(sourceKey, CKA_KEY_TYPE);
+            if ((att2 == NULL) || (*(CK_KEY_TYPE *)att2->attrib.pValue !=
+                                   CKK_GENERIC_SECRET)) {
+                if (att2)
+                    sftk_FreeAttribute(att2);
+                crv = CKR_KEY_FUNCTION_NOT_PERMITTED;
+                break;
+            }
+            sftk_FreeAttribute(att2);
+            md5 = MD5_NewContext();
+            if (md5 == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            sha = SHA1_NewContext();
+            if (sha == NULL) {
+                MD5_DestroyContext(md5, PR_TRUE);
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            ssl3_keys = (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
+
+            PORT_Memcpy(srcrdata,
+                        ssl3_keys->RandomInfo.pServerRandom, SSL3_RANDOM_LENGTH);
+            PORT_Memcpy(srcrdata + SSL3_RANDOM_LENGTH,
+                        ssl3_keys->RandomInfo.pClientRandom, SSL3_RANDOM_LENGTH);
+
+            PORT_Memcpy(crsrdata,
+                        ssl3_keys->RandomInfo.pClientRandom, SSL3_RANDOM_LENGTH);
+            PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH,
+                        ssl3_keys->RandomInfo.pServerRandom, SSL3_RANDOM_LENGTH);
+
+            /*
+             * clear out our returned keys so we can recover on failure
+             */
+            ssl3_keys_out = ssl3_keys->pReturnedKeyMaterial;
+            ssl3_keys_out->hClientMacSecret = CK_INVALID_HANDLE;
+            ssl3_keys_out->hServerMacSecret = CK_INVALID_HANDLE;
+            ssl3_keys_out->hClientKey = CK_INVALID_HANDLE;
+            ssl3_keys_out->hServerKey = CK_INVALID_HANDLE;
+
+            /*
+             * How much key material do we need?
+             */
+            macSize = ssl3_keys->ulMacSizeInBits / 8;
+            effKeySize = ssl3_keys->ulKeySizeInBits / 8;
+            IVSize = ssl3_keys->ulIVSizeInBits / 8;
+            if (keySize == 0) {
+                effKeySize = keySize;
+            }
+
+            /* bIsExport must be false. */
+            if (ssl3_keys->bIsExport) {
+                MD5_DestroyContext(md5, PR_TRUE);
+                SHA1_DestroyContext(sha, PR_TRUE);
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+
+            block_needed = 2 * (macSize + effKeySize + IVSize);
+            PORT_Assert(block_needed <= sizeof key_block);
+            if (block_needed > sizeof key_block)
+                block_needed = sizeof key_block;
+
+            /*
+             * generate the key material: This looks amazingly similar to the
+             * PMS code, and is clearly crying out for a function to provide it.
+             */
+            if (isTLS) {
+                SECStatus status;
+                SECItem srcr = { siBuffer, NULL, 0 };
+                SECItem keyblk = { siBuffer, NULL, 0 };
+                SECItem master = { siBuffer, NULL, 0 };
+
+                srcr.data = srcrdata;
+                srcr.len = sizeof srcrdata;
+                keyblk.data = key_block;
+                keyblk.len = block_needed;
+                master.data = (unsigned char *)att->attrib.pValue;
+                master.len = att->attrib.ulValueLen;
+
+                if (tlsPrfHash != HASH_AlgNULL) {
+                    status = TLS_P_hash(tlsPrfHash, &master, "key expansion",
+                                        &srcr, &keyblk, isFIPS);
+                } else {
+                    status = TLS_PRF(&master, "key expansion", &srcr, &keyblk,
+                                     isFIPS);
+                }
+                if (status != SECSuccess) {
+                    goto key_and_mac_derive_fail;
+                }
+            } else {
+                unsigned int block_bytes = 0;
+                /* key_block =
+                 *     MD5(master_secret + SHA('A' + master_secret +
+                 *                      ServerHello.random + ClientHello.random)) +
+                 *     MD5(master_secret + SHA('BB' + master_secret +
+                 *                      ServerHello.random + ClientHello.random)) +
+                 *     MD5(master_secret + SHA('CCC' + master_secret +
+                 *                      ServerHello.random + ClientHello.random)) +
+                 *     [...];
+                 */
+                for (i = 0; i < NUM_MIXERS && block_bytes < block_needed; i++) {
+                    SHA1_Begin(sha);
+                    SHA1_Update(sha, (unsigned char *)mixers[i], strlen(mixers[i]));
+                    SHA1_Update(sha, (const unsigned char *)att->attrib.pValue,
+                                att->attrib.ulValueLen);
+                    SHA1_Update(sha, srcrdata, sizeof srcrdata);
+                    SHA1_End(sha, sha_out, &outLen, SHA1_LENGTH);
+                    PORT_Assert(outLen == SHA1_LENGTH);
+                    MD5_Begin(md5);
+                    MD5_Update(md5, (const unsigned char *)att->attrib.pValue,
+                               att->attrib.ulValueLen);
+                    MD5_Update(md5, sha_out, outLen);
+                    MD5_End(md5, &key_block[i * MD5_LENGTH], &outLen, MD5_LENGTH);
+                    PORT_Assert(outLen == MD5_LENGTH);
+                    block_bytes += outLen;
+                }
+            }
+
+            /*
+             * Put the key material where it goes.
+             */
+            i = 0; /* now shows how much consumed */
+
+            /*
+             * The key_block is partitioned as follows:
+             * client_write_MAC_secret[CipherSpec.hash_size]
+             */
+            crv = sftk_buildSSLKey(hSession, key, PR_TRUE, &key_block[i], macSize,
+                                   &ssl3_keys_out->hClientMacSecret);
+            if (crv != CKR_OK)
+                goto key_and_mac_derive_fail;
+
+            i += macSize;
+
+            /*
+             * server_write_MAC_secret[CipherSpec.hash_size]
+             */
+            crv = sftk_buildSSLKey(hSession, key, PR_TRUE, &key_block[i], macSize,
+                                   &ssl3_keys_out->hServerMacSecret);
+            if (crv != CKR_OK) {
+                goto key_and_mac_derive_fail;
+            }
+            i += macSize;
+
+            if (keySize) {
+                /*
+                ** Generate Domestic write keys and IVs.
+                ** client_write_key[CipherSpec.key_material]
+                */
+                crv = sftk_buildSSLKey(hSession, key, PR_FALSE, &key_block[i],
+                                       keySize, &ssl3_keys_out->hClientKey);
+                if (crv != CKR_OK) {
+                    goto key_and_mac_derive_fail;
+                }
+                i += keySize;
+
+                /*
+                ** server_write_key[CipherSpec.key_material]
+                */
+                crv = sftk_buildSSLKey(hSession, key, PR_FALSE, &key_block[i],
+                                       keySize, &ssl3_keys_out->hServerKey);
+                if (crv != CKR_OK) {
+                    goto key_and_mac_derive_fail;
+                }
+                i += keySize;
+
+                /*
+                ** client_write_IV[CipherSpec.IV_size]
+                */
+                if (IVSize > 0) {
+                    PORT_Memcpy(ssl3_keys_out->pIVClient,
+                                &key_block[i], IVSize);
+                    i += IVSize;
+                }
+
+                /*
+                ** server_write_IV[CipherSpec.IV_size]
+                */
+                if (IVSize > 0) {
+                    PORT_Memcpy(ssl3_keys_out->pIVServer,
+                                &key_block[i], IVSize);
+                    i += IVSize;
+                }
+                PORT_Assert(i <= sizeof key_block);
+            }
+
+            crv = CKR_OK;
+
+            if (0) {
+            key_and_mac_derive_fail:
+                if (crv == CKR_OK)
+                    crv = CKR_FUNCTION_FAILED;
+                sftk_freeSSLKeys(hSession, ssl3_keys_out);
+            }
+            MD5_DestroyContext(md5, PR_TRUE);
+            SHA1_DestroyContext(sha, PR_TRUE);
+            sftk_FreeObject(key);
+            key = NULL;
+            break;
+        }
+
+        case CKM_CONCATENATE_BASE_AND_KEY: {
+            SFTKObject *newKey;
+
+            crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv != CKR_OK)
+                break;
+
+            session = sftk_SessionFromHandle(hSession);
+            if (session == NULL) {
+                crv = CKR_SESSION_HANDLE_INVALID;
+                break;
+            }
+
+            newKey = sftk_ObjectFromHandle(*(CK_OBJECT_HANDLE *)
+                                                pMechanism->pParameter,
+                                           session);
+            sftk_FreeSession(session);
+            if (newKey == NULL) {
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+
+            if (sftk_isTrue(newKey, CKA_SENSITIVE)) {
+                crv = sftk_forceAttribute(newKey, CKA_SENSITIVE, &cktrue,
+                                          sizeof(CK_BBOOL));
+                if (crv != CKR_OK) {
+                    sftk_FreeObject(newKey);
+                    break;
+                }
+            }
+
+            att2 = sftk_FindAttribute(newKey, CKA_VALUE);
+            if (att2 == NULL) {
+                sftk_FreeObject(newKey);
+                crv = CKR_KEY_HANDLE_INVALID;
+                break;
+            }
+            tmpKeySize = att->attrib.ulValueLen + att2->attrib.ulValueLen;
+            if (keySize == 0)
+                keySize = tmpKeySize;
+            if (keySize > tmpKeySize) {
+                sftk_FreeObject(newKey);
+                sftk_FreeAttribute(att2);
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            buf = (unsigned char *)PORT_Alloc(tmpKeySize);
+            if (buf == NULL) {
+                sftk_FreeAttribute(att2);
+                sftk_FreeObject(newKey);
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+
+            PORT_Memcpy(buf, att->attrib.pValue, att->attrib.ulValueLen);
+            PORT_Memcpy(buf + att->attrib.ulValueLen,
+                        att2->attrib.pValue, att2->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, buf, keySize);
+            PORT_ZFree(buf, tmpKeySize);
+            sftk_FreeAttribute(att2);
+            sftk_FreeObject(newKey);
+            break;
+        }
+
+        case CKM_CONCATENATE_BASE_AND_DATA:
+            crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv != CKR_OK)
+                break;
+
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
+            tmpKeySize = att->attrib.ulValueLen + stringPtr->ulLen;
+            if (keySize == 0)
+                keySize = tmpKeySize;
+            if (keySize > tmpKeySize) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            buf = (unsigned char *)PORT_Alloc(tmpKeySize);
+            if (buf == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+
+            PORT_Memcpy(buf, att->attrib.pValue, att->attrib.ulValueLen);
+            PORT_Memcpy(buf + att->attrib.ulValueLen, stringPtr->pData,
+                        stringPtr->ulLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, buf, keySize);
+            PORT_ZFree(buf, tmpKeySize);
+            break;
+        case CKM_CONCATENATE_DATA_AND_BASE:
+            crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv != CKR_OK)
+                break;
+
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
+            tmpKeySize = att->attrib.ulValueLen + stringPtr->ulLen;
+            if (keySize == 0)
+                keySize = tmpKeySize;
+            if (keySize > tmpKeySize) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            buf = (unsigned char *)PORT_Alloc(tmpKeySize);
+            if (buf == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+
+            PORT_Memcpy(buf, stringPtr->pData, stringPtr->ulLen);
+            PORT_Memcpy(buf + stringPtr->ulLen, att->attrib.pValue,
+                        att->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, buf, keySize);
+            PORT_ZFree(buf, tmpKeySize);
+            break;
+        case CKM_XOR_BASE_AND_DATA:
+            crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv != CKR_OK)
+                break;
+
+            stringPtr = (CK_KEY_DERIVATION_STRING_DATA *)pMechanism->pParameter;
+            tmpKeySize = PR_MIN(att->attrib.ulValueLen, stringPtr->ulLen);
+            if (keySize == 0)
+                keySize = tmpKeySize;
+            if (keySize > tmpKeySize) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            buf = (unsigned char *)PORT_Alloc(keySize);
+            if (buf == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+
+            PORT_Memcpy(buf, att->attrib.pValue, keySize);
+            for (i = 0; i < (int)keySize; i++) {
+                buf[i] ^= stringPtr->pData[i];
+            }
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, buf, keySize);
+            PORT_ZFree(buf, keySize);
+            break;
+
+        case CKM_EXTRACT_KEY_FROM_KEY: {
+            /* the following assumes 8 bits per byte */
+            CK_ULONG extract = *(CK_EXTRACT_PARAMS *)pMechanism->pParameter;
+            CK_ULONG shift = extract & 0x7; /* extract mod 8 the fast way */
+            CK_ULONG offset = extract >> 3; /* extract div 8 the fast way */
+
+            crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv != CKR_OK)
+                break;
+
+            if (keySize == 0) {
+                crv = CKR_TEMPLATE_INCOMPLETE;
+                break;
+            }
+            /* make sure we have enough bits in the original key */
+            if (att->attrib.ulValueLen <
+                (offset + keySize + ((shift != 0) ? 1 : 0))) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            buf = (unsigned char *)PORT_Alloc(keySize);
+            if (buf == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+
+            /* copy the bits we need into the new key */
+            for (i = 0; i < (int)keySize; i++) {
+                unsigned char *value =
+                    ((unsigned char *)att->attrib.pValue) + offset + i;
+                if (shift) {
+                    buf[i] = (value[0] << (shift)) | (value[1] >> (8 - shift));
+                } else {
+                    buf[i] = value[0];
+                }
+            }
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, buf, keySize);
+            PORT_ZFree(buf, keySize);
+            break;
+        }
+        case CKM_MD2_KEY_DERIVATION:
+            if (keySize == 0)
+                keySize = MD2_LENGTH;
+            if (keySize > MD2_LENGTH) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            /* now allocate the hash contexts */
+            md2 = MD2_NewContext();
+            if (md2 == NULL) {
+                crv = CKR_HOST_MEMORY;
+                break;
+            }
+            MD2_Begin(md2);
+            MD2_Update(md2, (const unsigned char *)att->attrib.pValue,
+                       att->attrib.ulValueLen);
+            MD2_End(md2, key_block, &outLen, MD2_LENGTH);
+            MD2_DestroyContext(md2, PR_TRUE);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+            break;
+        case CKM_MD5_KEY_DERIVATION:
+            if (keySize == 0)
+                keySize = MD5_LENGTH;
+            if (keySize > MD5_LENGTH) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            MD5_HashBuf(key_block, (const unsigned char *)att->attrib.pValue,
+                        att->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+            break;
+        case CKM_SHA1_KEY_DERIVATION:
+            if (keySize == 0)
+                keySize = SHA1_LENGTH;
+            if (keySize > SHA1_LENGTH) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            SHA1_HashBuf(key_block, (const unsigned char *)att->attrib.pValue,
+                         att->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+            break;
+
+        case CKM_SHA224_KEY_DERIVATION:
+            if (keySize == 0)
+                keySize = SHA224_LENGTH;
+            if (keySize > SHA224_LENGTH) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            SHA224_HashBuf(key_block, (const unsigned char *)att->attrib.pValue,
+                           att->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+            break;
+
+        case CKM_SHA256_KEY_DERIVATION:
+            if (keySize == 0)
+                keySize = SHA256_LENGTH;
+            if (keySize > SHA256_LENGTH) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            SHA256_HashBuf(key_block, (const unsigned char *)att->attrib.pValue,
+                           att->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+            break;
+
+        case CKM_SHA384_KEY_DERIVATION:
+            if (keySize == 0)
+                keySize = SHA384_LENGTH;
+            if (keySize > SHA384_LENGTH) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            SHA384_HashBuf(key_block, (const unsigned char *)att->attrib.pValue,
+                           att->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+            break;
+
+        case CKM_SHA512_KEY_DERIVATION:
+            if (keySize == 0)
+                keySize = SHA512_LENGTH;
+            if (keySize > SHA512_LENGTH) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            SHA512_HashBuf(key_block, (const unsigned char *)att->attrib.pValue,
+                           att->attrib.ulValueLen);
+
+            crv = sftk_forceAttribute(key, CKA_VALUE, key_block, keySize);
+            break;
+
+        case CKM_DH_PKCS_DERIVE: {
+            SECItem derived, dhPublic;
+            SECItem dhPrime, dhValue;
+            /* sourceKey - values for the local existing low key */
+            /* get prime and value attributes */
+            crv = sftk_Attribute2SecItem(NULL, &dhPrime, sourceKey, CKA_PRIME);
+            if (crv != SECSuccess)
+                break;
+            crv = sftk_Attribute2SecItem(NULL, &dhValue, sourceKey, CKA_VALUE);
+            if (crv != SECSuccess) {
+                PORT_Free(dhPrime.data);
+                break;
+            }
+
+            dhPublic.data = pMechanism->pParameter;
+            dhPublic.len = pMechanism->ulParameterLen;
+
+            /* calculate private value - oct */
+            rv = DH_Derive(&dhPublic, &dhPrime, &dhValue, &derived, keySize);
+
+            PORT_Free(dhPrime.data);
+            PORT_Free(dhValue.data);
+
+            if (rv == SECSuccess) {
+                sftk_forceAttribute(key, CKA_VALUE, derived.data, derived.len);
+                PORT_ZFree(derived.data, derived.len);
+            } else
+                crv = CKR_HOST_MEMORY;
+
+            break;
+        }
+
+#ifndef NSS_DISABLE_ECC
+        case CKM_ECDH1_DERIVE:
+        case CKM_ECDH1_COFACTOR_DERIVE: {
+            SECItem ecScalar, ecPoint;
+            SECItem tmp;
+            PRBool withCofactor = PR_FALSE;
+            unsigned char *secret;
+            unsigned char *keyData = NULL;
+            unsigned int secretlen, pubKeyLen;
+            CK_ECDH1_DERIVE_PARAMS *mechParams;
+            NSSLOWKEYPrivateKey *privKey;
+            PLArenaPool *arena = NULL;
+
+            /* Check mechanism parameters */
+            mechParams = (CK_ECDH1_DERIVE_PARAMS *)pMechanism->pParameter;
+            if ((pMechanism->ulParameterLen != sizeof(CK_ECDH1_DERIVE_PARAMS)) ||
+                ((mechParams->kdf == CKD_NULL) &&
+                 ((mechParams->ulSharedDataLen != 0) ||
+                  (mechParams->pSharedData != NULL)))) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+
+            privKey = sftk_GetPrivKey(sourceKey, CKK_EC, &crv);
+            if (privKey == NULL) {
+                break;
+            }
+
+            /* Now we are working with a non-NULL private key */
+            SECITEM_CopyItem(NULL, &ecScalar, &privKey->u.ec.privateValue);
+
+            ecPoint.data = mechParams->pPublicData;
+            ecPoint.len = mechParams->ulPublicDataLen;
+
+            pubKeyLen = EC_GetPointSize(&privKey->u.ec.ecParams);
+
+            /* if the len is too large, might be an encoded point */
+            if (ecPoint.len > pubKeyLen) {
+                SECItem newPoint;
+
+                arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+                if (arena == NULL) {
+                    goto ec_loser;
+                }
+
+                rv = SEC_QuickDERDecodeItem(arena, &newPoint,
+                                            SEC_ASN1_GET(SEC_OctetStringTemplate),
+                                            &ecPoint);
+                if (rv != SECSuccess) {
+                    goto ec_loser;
+                }
+                ecPoint = newPoint;
+            }
+
+            if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) {
+                withCofactor = PR_TRUE;
+            }
+
+            rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar,
+                             withCofactor, &tmp);
+            PORT_Free(ecScalar.data);
+            ecScalar.data = NULL;
+            if (privKey != sourceKey->objectInfo) {
+                nsslowkey_DestroyPrivateKey(privKey);
+                privKey = NULL;
+            }
+            if (arena) {
+                PORT_FreeArena(arena, PR_FALSE);
+                arena = NULL;
+            }
+
+            if (rv != SECSuccess) {
+                crv = sftk_MapCryptError(PORT_GetError());
+                break;
+            }
+
+            /*
+             * apply the kdf function.
+             */
+            if (mechParams->kdf == CKD_NULL) {
+                /*
+             * tmp is the raw data created by ECDH_Derive,
+             * secret and secretlen are the values we will
+             * eventually pass as our generated key.
+             */
+                secret = tmp.data;
+                secretlen = tmp.len;
+            } else {
+                secretlen = keySize;
+                crv = sftk_ANSI_X9_63_kdf(&secret, keySize,
+                                          &tmp, mechParams->pSharedData,
+                                          mechParams->ulSharedDataLen, mechParams->kdf);
+                PORT_ZFree(tmp.data, tmp.len);
+                if (crv != CKR_OK) {
+                    break;
+                }
+                tmp.data = secret;
+                tmp.len = secretlen;
+            }
+
+            /*
+             * if keySize is supplied, then we are generating a key of a specific
+             * length. This is done by taking the least significant 'keySize'
+             * bytes from the unsigned value calculated by ECDH. Note: this may
+             * mean padding temp with extra leading zeros from what ECDH_Derive
+             * already returned (which itself may contain leading zeros).
+             */
+            if (keySize) {
+                if (secretlen < keySize) {
+                    keyData = PORT_ZAlloc(keySize);
+                    if (!keyData) {
+                        PORT_ZFree(tmp.data, tmp.len);
+                        crv = CKR_HOST_MEMORY;
+                        break;
+                    }
+                    PORT_Memcpy(&keyData[keySize - secretlen], secret, secretlen);
+                    secret = keyData;
+                } else {
+                    secret += (secretlen - keySize);
+                }
+                secretlen = keySize;
+            }
+
+            sftk_forceAttribute(key, CKA_VALUE, secret, secretlen);
+            PORT_ZFree(tmp.data, tmp.len);
+            if (keyData) {
+                PORT_ZFree(keyData, keySize);
+            }
+            break;
+
+        ec_loser:
+            crv = CKR_ARGUMENTS_BAD;
+            PORT_Free(ecScalar.data);
+            if (privKey != sourceKey->objectInfo)
+                nsslowkey_DestroyPrivateKey(privKey);
+            if (arena) {
+                PORT_FreeArena(arena, PR_FALSE);
+            }
+            break;
+        }
+#endif /* NSS_DISABLE_ECC */
+
+        /* See RFC 5869 and CK_NSS_HKDFParams for documentation. */
+        case CKM_NSS_HKDF_SHA1:
+            hashType = HASH_AlgSHA1;
+            goto hkdf;
+        case CKM_NSS_HKDF_SHA256:
+            hashType = HASH_AlgSHA256;
+            goto hkdf;
+        case CKM_NSS_HKDF_SHA384:
+            hashType = HASH_AlgSHA384;
+            goto hkdf;
+        case CKM_NSS_HKDF_SHA512:
+            hashType = HASH_AlgSHA512;
+            goto hkdf;
+        hkdf : {
+            const CK_NSS_HKDFParams *params =
+                (const CK_NSS_HKDFParams *)pMechanism->pParameter;
+            const SECHashObject *rawHash;
+            unsigned hashLen;
+            CK_BYTE buf[HASH_LENGTH_MAX];
+            CK_BYTE *prk; /* psuedo-random key */
+            CK_ULONG prkLen;
+            CK_BYTE *okm; /* output keying material */
+
+            rawHash = HASH_GetRawHashObject(hashType);
+            if (rawHash == NULL || rawHash->length > sizeof buf) {
+                crv = CKR_FUNCTION_FAILED;
+                break;
+            }
+            hashLen = rawHash->length;
+
+            if (pMechanism->ulParameterLen != sizeof(CK_NSS_HKDFParams) ||
+                !params || (!params->bExpand && !params->bExtract) ||
+                (params->bExtract && params->ulSaltLen > 0 && !params->pSalt) ||
+                (params->bExpand && params->ulInfoLen > 0 && !params->pInfo)) {
+                crv = CKR_MECHANISM_PARAM_INVALID;
+                break;
+            }
+            if (keySize == 0 || keySize > sizeof key_block ||
+                (!params->bExpand && keySize > hashLen) ||
+                (params->bExpand && keySize > 255 * hashLen)) {
+                crv = CKR_TEMPLATE_INCONSISTENT;
+                break;
+            }
+            crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv != CKR_OK)
+                break;
+
+            /* HKDF-Extract(salt, base key value) */
+            if (params->bExtract) {
+                CK_BYTE *salt;
+                CK_ULONG saltLen;
+                HMACContext *hmac;
+                unsigned int bufLen;
+
+                salt = params->pSalt;
+                saltLen = params->ulSaltLen;
+                if (salt == NULL) {
+                    saltLen = hashLen;
+                    salt = buf;
+                    memset(salt, 0, saltLen);
+                }
+                hmac = HMAC_Create(rawHash, salt, saltLen, isFIPS);
+                if (!hmac) {
+                    crv = CKR_HOST_MEMORY;
+                    break;
+                }
+                HMAC_Begin(hmac);
+                HMAC_Update(hmac, (const unsigned char *)att->attrib.pValue,
+                            att->attrib.ulValueLen);
+                HMAC_Finish(hmac, buf, &bufLen, sizeof(buf));
+                HMAC_Destroy(hmac, PR_TRUE);
+                PORT_Assert(bufLen == rawHash->length);
+                prk = buf;
+                prkLen = bufLen;
+            } else {
+                /* PRK = base key value */
+                prk = (CK_BYTE *)att->attrib.pValue;
+                prkLen = att->attrib.ulValueLen;
+            }
+
+            /* HKDF-Expand */
+            if (!params->bExpand) {
+                okm = prk;
+            } else {
+                /* T(1) = HMAC-Hash(prk, "" | info | 0x01)
+                 * T(n) = HMAC-Hash(prk, T(n-1) | info | n
+                 * key material = T(1) | ... | T(n)
+                 */
+                HMACContext *hmac;
+                CK_BYTE i;
+                unsigned iterations = PR_ROUNDUP(keySize, hashLen) / hashLen;
+                hmac = HMAC_Create(rawHash, prk, prkLen, isFIPS);
+                if (hmac == NULL) {
+                    crv = CKR_HOST_MEMORY;
+                    break;
+                }
+                for (i = 1; i <= iterations; ++i) {
+                    unsigned len;
+                    HMAC_Begin(hmac);
+                    if (i > 1) {
+                        HMAC_Update(hmac, key_block + ((i - 2) * hashLen), hashLen);
+                    }
+                    if (params->ulInfoLen != 0) {
+                        HMAC_Update(hmac, params->pInfo, params->ulInfoLen);
+                    }
+                    HMAC_Update(hmac, &i, 1);
+                    HMAC_Finish(hmac, key_block + ((i - 1) * hashLen), &len,
+                                hashLen);
+                    PORT_Assert(len == hashLen);
+                }
+                HMAC_Destroy(hmac, PR_TRUE);
+                okm = key_block;
+            }
+            /* key material = prk */
+            crv = sftk_forceAttribute(key, CKA_VALUE, okm, keySize);
+            break;
+        } /* end of CKM_NSS_HKDF_* */
+
+        case CKM_NSS_JPAKE_ROUND2_SHA1:
+            hashType = HASH_AlgSHA1;
+            goto jpake2;
+        case CKM_NSS_JPAKE_ROUND2_SHA256:
+            hashType = HASH_AlgSHA256;
+            goto jpake2;
+        case CKM_NSS_JPAKE_ROUND2_SHA384:
+            hashType = HASH_AlgSHA384;
+            goto jpake2;
+        case CKM_NSS_JPAKE_ROUND2_SHA512:
+            hashType = HASH_AlgSHA512;
+            goto jpake2;
+        jpake2:
+            if (pMechanism->pParameter == NULL ||
+                pMechanism->ulParameterLen != sizeof(CK_NSS_JPAKERound2Params))
+                crv = CKR_MECHANISM_PARAM_INVALID;
+            if (crv == CKR_OK && sftk_isTrue(key, CKA_TOKEN))
+                crv = CKR_TEMPLATE_INCONSISTENT;
+            if (crv == CKR_OK)
+                crv = sftk_DeriveSensitiveCheck(sourceKey, key);
+            if (crv == CKR_OK)
+                crv = jpake_Round2(hashType,
+                                   (CK_NSS_JPAKERound2Params *)pMechanism->pParameter,
+                                   sourceKey, key);
+            break;
+
+        case CKM_NSS_JPAKE_FINAL_SHA1:
+            hashType = HASH_AlgSHA1;
+            goto jpakeFinal;
+        case CKM_NSS_JPAKE_FINAL_SHA256:
+            hashType = HASH_AlgSHA256;
+            goto jpakeFinal;
+        case CKM_NSS_JPAKE_FINAL_SHA384:
+            hashType = HASH_AlgSHA384;
+            goto jpakeFinal;
+        case CKM_NSS_JPAKE_FINAL_SHA512:
+            hashType = HASH_AlgSHA512;
+            goto jpakeFinal;
+        jpakeFinal:
+            if (pMechanism->pParameter == NULL ||
+                pMechanism->ulParameterLen != sizeof(CK_NSS_JPAKEFinalParams))
+                crv = CKR_MECHANISM_PARAM_INVALID;
+            /* We purposely do not do the derive sensitivity check; we want to be
+               able to derive non-sensitive keys while allowing the ROUND1 and
+               ROUND2 keys to be sensitive (which they always are, since they are
+               in the CKO_PRIVATE_KEY class). The caller must include CKA_SENSITIVE
+               in the template in order for the resultant keyblock key to be
+               sensitive.
+             */
+            if (crv == CKR_OK)
+                crv = jpake_Final(hashType,
+                                  (CK_NSS_JPAKEFinalParams *)pMechanism->pParameter,
+                                  sourceKey, key);
+            break;
+
+        default:
+            crv = CKR_MECHANISM_INVALID;
+    }
+    if (att) {
+        sftk_FreeAttribute(att);
+    }
+    sftk_FreeObject(sourceKey);
+    if (crv != CKR_OK) {
+        if (key)
+            sftk_FreeObject(key);
+        return crv;
+    }
+
+    /* link the key object into the list */
+    if (key) {
+        SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key);
+        PORT_Assert(sessKey);
+        /* get the session */
+        sessKey->wasDerived = PR_TRUE;
+        session = sftk_SessionFromHandle(hSession);
+        if (session == NULL) {
+            sftk_FreeObject(key);
+            return CKR_HOST_MEMORY;
+        }
+
+        crv = sftk_handleObject(key, session);
+        sftk_FreeSession(session);
+        *phKey = key->handle;
+        sftk_FreeObject(key);
+    }
+    return crv;
+}
+
+/* NSC_GetFunctionStatus obtains an updated status of a function running
+ * in parallel with an application. */
+CK_RV
+NSC_GetFunctionStatus(CK_SESSION_HANDLE hSession)
+{
+    CHECK_FORK();
+
+    return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+/* NSC_CancelFunction cancels a function running in parallel */
+CK_RV
+NSC_CancelFunction(CK_SESSION_HANDLE hSession)
+{
+    CHECK_FORK();
+
+    return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+/* NSC_GetOperationState saves the state of the cryptographic
+ * operation in a session.
+ * NOTE: This code only works for digest functions for now. eventually need
+ * to add full flatten/resurect to our state stuff so that all types of state
+ * can be saved */
+CK_RV
+NSC_GetOperationState(CK_SESSION_HANDLE hSession,
+                      CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)
+{
+    SFTKSessionContext *context;
+    SFTKSession *session;
+    CK_RV crv;
+    CK_ULONG pOSLen = *pulOperationStateLen;
+
+    CHECK_FORK();
+
+    /* make sure we're legal */
+    crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE, &session);
+    if (crv != CKR_OK)
+        return crv;
+
+    *pulOperationStateLen = context->cipherInfoLen + sizeof(CK_MECHANISM_TYPE) + sizeof(SFTKContextType);
+    if (pOperationState == NULL) {
+        sftk_FreeSession(session);
+        return CKR_OK;
+    } else {
+        if (pOSLen < *pulOperationStateLen) {
+            return CKR_BUFFER_TOO_SMALL;
+        }
+    }
+    PORT_Memcpy(pOperationState, &context->type, sizeof(SFTKContextType));
+    pOperationState += sizeof(SFTKContextType);
+    PORT_Memcpy(pOperationState, &context->currentMech,
+                sizeof(CK_MECHANISM_TYPE));
+    pOperationState += sizeof(CK_MECHANISM_TYPE);
+    PORT_Memcpy(pOperationState, context->cipherInfo, context->cipherInfoLen);
+    sftk_FreeSession(session);
+    return CKR_OK;
+}
+
+#define sftk_Decrement(stateSize, len) \
+    stateSize = ((stateSize) > (CK_ULONG)(len)) ? ((stateSize) - (CK_ULONG)(len)) : 0;
+
+/* NSC_SetOperationState restores the state of the cryptographic
+ * operation in a session. This is coded like it can restore lots of
+ * states, but it only works for truly flat cipher structures. */
+CK_RV
+NSC_SetOperationState(CK_SESSION_HANDLE hSession,
+                      CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen,
+                      CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey)
+{
+    SFTKSessionContext *context;
+    SFTKSession *session;
+    SFTKContextType type;
+    CK_MECHANISM mech;
+    CK_RV crv = CKR_OK;
+
+    CHECK_FORK();
+
+    while (ulOperationStateLen != 0) {
+        /* get what type of state we're dealing with... */
+        PORT_Memcpy(&type, pOperationState, sizeof(SFTKContextType));
+
+        /* fix up session contexts based on type */
+        session = sftk_SessionFromHandle(hSession);
+        if (session == NULL)
+            return CKR_SESSION_HANDLE_INVALID;
+        context = sftk_ReturnContextByType(session, type);
+        sftk_SetContextByType(session, type, NULL);
+        if (context) {
+            sftk_FreeContext(context);
+        }
+        pOperationState += sizeof(SFTKContextType);
+        sftk_Decrement(ulOperationStateLen, sizeof(SFTKContextType));
+
+        /* get the mechanism structure */
+        PORT_Memcpy(&mech.mechanism, pOperationState, sizeof(CK_MECHANISM_TYPE));
+        pOperationState += sizeof(CK_MECHANISM_TYPE);
+        sftk_Decrement(ulOperationStateLen, sizeof(CK_MECHANISM_TYPE));
+        /* should be filled in... but not necessary for hash */
+        mech.pParameter = NULL;
+        mech.ulParameterLen = 0;
+        switch (type) {
+            case SFTK_HASH:
+                crv = NSC_DigestInit(hSession, &mech);
+                if (crv != CKR_OK)
+                    break;
+                crv = sftk_GetContext(hSession, &context, SFTK_HASH, PR_TRUE,
+                                      NULL);
+                if (crv != CKR_OK)
+                    break;
+                PORT_Memcpy(context->cipherInfo, pOperationState,
+                            context->cipherInfoLen);
+                pOperationState += context->cipherInfoLen;
+                sftk_Decrement(ulOperationStateLen, context->cipherInfoLen);
+                break;
+            default:
+                /* do sign/encrypt/decrypt later */
+                crv = CKR_SAVED_STATE_INVALID;
+        }
+        sftk_FreeSession(session);
+        if (crv != CKR_OK)
+            break;
+    }
+    return crv;
+}
+
+/* Dual-function cryptographic operations */
+
+/* NSC_DigestEncryptUpdate continues a multiple-part digesting and encryption
+ * operation. */
+CK_RV
+NSC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                        CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
+                        CK_ULONG_PTR pulEncryptedPartLen)
+{
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    crv = NSC_EncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart,
+                            pulEncryptedPartLen);
+    if (crv != CKR_OK)
+        return crv;
+    crv = NSC_DigestUpdate(hSession, pPart, ulPartLen);
+
+    return crv;
+}
+
+/* NSC_DecryptDigestUpdate continues a multiple-part decryption and
+ * digesting operation. */
+CK_RV
+NSC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
+                        CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
+                        CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
+{
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    crv = NSC_DecryptUpdate(hSession, pEncryptedPart, ulEncryptedPartLen,
+                            pPart, pulPartLen);
+    if (crv != CKR_OK)
+        return crv;
+    crv = NSC_DigestUpdate(hSession, pPart, *pulPartLen);
+
+    return crv;
+}
+
+/* NSC_SignEncryptUpdate continues a multiple-part signing and
+ * encryption operation. */
+CK_RV
+NSC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                      CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
+                      CK_ULONG_PTR pulEncryptedPartLen)
+{
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    crv = NSC_EncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart,
+                            pulEncryptedPartLen);
+    if (crv != CKR_OK)
+        return crv;
+    crv = NSC_SignUpdate(hSession, pPart, ulPartLen);
+
+    return crv;
+}
+
+/* NSC_DecryptVerifyUpdate continues a multiple-part decryption
+ * and verify operation. */
+CK_RV
+NSC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
+                        CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
+                        CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    crv = NSC_DecryptUpdate(hSession, pEncryptedData, ulEncryptedDataLen,
+                            pData, pulDataLen);
+    if (crv != CKR_OK)
+        return crv;
+    crv = NSC_VerifyUpdate(hSession, pData, *pulDataLen);
+
+    return crv;
+}
+
+/* NSC_DigestKey continues a multi-part message-digesting operation,
+ * by digesting the value of a secret key as part of the data already digested.
+ */
+CK_RV
+NSC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
+{
+    SFTKSession *session = NULL;
+    SFTKObject *key = NULL;
+    SFTKAttribute *att;
+    CK_RV crv;
+
+    CHECK_FORK();
+
+    session = sftk_SessionFromHandle(hSession);
+    if (session == NULL)
+        return CKR_SESSION_HANDLE_INVALID;
+
+    key = sftk_ObjectFromHandle(hKey, session);
+    sftk_FreeSession(session);
+    if (key == NULL)
+        return CKR_KEY_HANDLE_INVALID;
+
+    /* PUT ANY DIGEST KEY RESTRICTION CHECKS HERE */
+
+    /* make sure it's a valid  key for this operation */
+    if (key->objclass != CKO_SECRET_KEY) {
+        sftk_FreeObject(key);
+        return CKR_KEY_TYPE_INCONSISTENT;
+    }
+    /* get the key value */
+    att = sftk_FindAttribute(key, CKA_VALUE);
+    sftk_FreeObject(key);
+    if (!att) {
+        return CKR_KEY_HANDLE_INVALID;
+    }
+    crv = NSC_DigestUpdate(hSession, (CK_BYTE_PTR)att->attrib.pValue,
+                           att->attrib.ulValueLen);
+    sftk_FreeAttribute(att);
+    return crv;
+}
diff --git a/nss/lib/softoken/pkcs11i.h b/nss/lib/softoken/pkcs11i.h
new file mode 100644
index 0000000..c5f21c3
--- /dev/null
+++ b/nss/lib/softoken/pkcs11i.h
@@ -0,0 +1,763 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal data structures and functions used by pkcs11.c
+ */
+#ifndef _PKCS11I_H_
+#define _PKCS11I_H_ 1
+
+#include "nssilock.h"
+#include "seccomon.h"
+#include "secoidt.h"
+#include "lowkeyti.h"
+#include "pkcs11t.h"
+
+#include "sftkdbt.h"
+#include "chacha20poly1305.h"
+#include "hasht.h"
+
+/*
+ * Configuration Defines
+ *
+ * The following defines affect the space verse speed trade offs of
+ * the PKCS #11 module. For the most part the current settings are optimized
+ * for web servers, where we want faster speed and lower lock contention at
+ * the expense of space.
+ */
+
+/*
+ * The attribute allocation strategy is static allocation:
+ *   Attributes are pre-allocated as part of the session object and used from
+ *   the object array.
+ */
+#define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in \
+                           * the object (must me the absolute max) */
+#define ATTR_SPACE 50     /* Maximum size of attribute data before extra \
+                           * data needs to be allocated. This is set to  \
+                           * enough space to hold an SSL MASTER secret */
+
+#define NSC_STRICT PR_FALSE /* forces the code to do strict template     \
+                             * matching when doing C_FindObject on token \
+                             * objects. This will slow down search in    \
+                             * NSS. */
+/* default search block allocations and increments */
+#define NSC_CERT_BLOCK_SIZE 50
+#define NSC_SEARCH_BLOCK_SIZE 5
+#define NSC_SLOT_LIST_BLOCK_SIZE 10
+
+#define NSC_FIPS_MODULE 1
+#define NSC_NON_FIPS_MODULE 0
+
+/* these are data base storage hashes, not cryptographic hashes.. The define
+ * the effective size of the various object hash tables */
+/* clients care more about memory usage than lookup performance on
+ * cyrptographic objects. Clients also have less objects around to play with
+ *
+ * we eventually should make this configurable at runtime! Especially now that
+ * NSS is a shared library.
+ */
+#define SPACE_ATTRIBUTE_HASH_SIZE 32
+#define SPACE_SESSION_OBJECT_HASH_SIZE 32
+#define SPACE_SESSION_HASH_SIZE 32
+#define TIME_ATTRIBUTE_HASH_SIZE 32
+#define TIME_SESSION_OBJECT_HASH_SIZE 1024
+#define TIME_SESSION_HASH_SIZE 1024
+#define MAX_OBJECT_LIST_SIZE 800
+/* how many objects to keep on the free list
+                   * before we start freeing them */
+#define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */
+
+/*
+ * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
+ * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
+ * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
+ *
+ * HASH_SIZE   LOG2_BUCKETS_PER   BUCKETS_PER_LOCK  NUMBER_OF_BUCKETS
+ * 1024        9                  512               2
+ * 1024        5                  32                32
+ * 1024        1                  2                 512
+ * 1024        0                  1                 1024
+ * 4096        11                 2048              2
+ * 4096        9                  512               8
+ * 4096        5                  32                128
+ * 4096        1                  2                 2048
+ * 4096        0                  1                 4096
+ */
+#define LOG2_BUCKETS_PER_SESSION_LOCK 1
+#define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
+/* NOSPREAD sessionID to hash table index macro has been slower. */
+
+/* define typedefs, double as forward declarations as well */
+typedef struct SFTKAttributeStr SFTKAttribute;
+typedef struct SFTKObjectListStr SFTKObjectList;
+typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
+typedef struct SFTKObjectListElementStr SFTKObjectListElement;
+typedef struct SFTKObjectStr SFTKObject;
+typedef struct SFTKSessionObjectStr SFTKSessionObject;
+typedef struct SFTKTokenObjectStr SFTKTokenObject;
+typedef struct SFTKSessionStr SFTKSession;
+typedef struct SFTKSlotStr SFTKSlot;
+typedef struct SFTKSessionContextStr SFTKSessionContext;
+typedef struct SFTKSearchResultsStr SFTKSearchResults;
+typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
+typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
+typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo;
+typedef struct SFTKOAEPDecryptInfoStr SFTKOAEPDecryptInfo;
+typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
+typedef struct SFTKChaCha20Poly1305InfoStr SFTKChaCha20Poly1305Info;
+typedef struct SFTKItemTemplateStr SFTKItemTemplate;
+
+/* define function pointer typdefs for pointer tables */
+typedef void (*SFTKDestroy)(void *, PRBool);
+typedef void (*SFTKBegin)(void *);
+typedef SECStatus (*SFTKCipher)(void *, void *, unsigned int *, unsigned int,
+                                void *, unsigned int);
+typedef SECStatus (*SFTKVerify)(void *, void *, unsigned int, void *, unsigned int);
+typedef void (*SFTKHash)(void *, const void *, unsigned int);
+typedef void (*SFTKEnd)(void *, void *, unsigned int *, unsigned int);
+typedef void (*SFTKFree)(void *);
+
+/* Value to tell if an attribute is modifiable or not.
+ *    NEVER: attribute is only set on creation.
+ *    ONCOPY: attribute is set on creation and can only be changed on copy.
+ *    SENSITIVE: attribute can only be changed to TRUE.
+ *    ALWAYS: attribute can always be changed.
+ */
+typedef enum {
+    SFTK_NEVER = 0,
+    SFTK_ONCOPY = 1,
+    SFTK_SENSITIVE = 2,
+    SFTK_ALWAYS = 3
+} SFTKModifyType;
+
+/*
+ * Free Status Enum... tell us more information when we think we're
+ * deleting an object.
+ */
+typedef enum {
+    SFTK_DestroyFailure,
+    SFTK_Destroyed,
+    SFTK_Busy
+} SFTKFreeStatus;
+
+/*
+ * attribute values of an object.
+ */
+struct SFTKAttributeStr {
+    SFTKAttribute *next;
+    SFTKAttribute *prev;
+    PRBool freeAttr;
+    PRBool freeData;
+    /*must be called handle to make sftkqueue_find work */
+    CK_ATTRIBUTE_TYPE handle;
+    CK_ATTRIBUTE attrib;
+    unsigned char space[ATTR_SPACE];
+};
+
+/*
+ * doubly link list of objects
+ */
+struct SFTKObjectListStr {
+    SFTKObjectList *next;
+    SFTKObjectList *prev;
+    SFTKObject *parent;
+};
+
+struct SFTKObjectFreeListStr {
+    SFTKObject *head;
+    PZLock *lock;
+    int count;
+};
+
+/*
+ * PKCS 11 crypto object structure
+ */
+struct SFTKObjectStr {
+    SFTKObject *next;
+    SFTKObject *prev;
+    CK_OBJECT_CLASS objclass;
+    CK_OBJECT_HANDLE handle;
+    int refCount;
+    PZLock *refLock;
+    SFTKSlot *slot;
+    void *objectInfo;
+    SFTKFree infoFree;
+};
+
+struct SFTKTokenObjectStr {
+    SFTKObject obj;
+    SECItem dbKey;
+};
+
+struct SFTKSessionObjectStr {
+    SFTKObject obj;
+    SFTKObjectList sessionList;
+    PZLock *attributeLock;
+    SFTKSession *session;
+    PRBool wasDerived;
+    int nextAttr;
+    SFTKAttribute attrList[MAX_OBJS_ATTRS];
+    PRBool optimizeSpace;
+    unsigned int hashSize;
+    SFTKAttribute *head[1];
+};
+
+/*
+ * struct to deal with a temparary list of objects
+ */
+struct SFTKObjectListElementStr {
+    SFTKObjectListElement *next;
+    SFTKObject *object;
+};
+
+/*
+ * Area to hold Search results
+ */
+struct SFTKSearchResultsStr {
+    CK_OBJECT_HANDLE *handles;
+    int size;
+    int index;
+    int array_size;
+};
+
+/*
+ * the universal crypto/hash/sign/verify context structure
+ */
+typedef enum {
+    SFTK_ENCRYPT,
+    SFTK_DECRYPT,
+    SFTK_HASH,
+    SFTK_SIGN,
+    SFTK_SIGN_RECOVER,
+    SFTK_VERIFY,
+    SFTK_VERIFY_RECOVER
+} SFTKContextType;
+
+/** max block size of supported block ciphers */
+#define SFTK_MAX_BLOCK_SIZE 16
+/** currently SHA512 is the biggest hash length */
+#define SFTK_MAX_MAC_LENGTH 64
+#define SFTK_INVALID_MAC_SIZE 0xffffffff
+
+/** Particular ongoing operation in session (sign/verify/digest/encrypt/...)
+ *
+ *  Understanding sign/verify context:
+ *      multi=1 hashInfo=0   block (symmetric) cipher MACing
+ *      multi=1 hashInfo=X   PKC S/V with prior hashing
+ *      multi=0 hashInfo=0   PKC S/V one shot (w/o hashing)
+ *      multi=0 hashInfo=X   *** shouldn't happen ***
+ */
+struct SFTKSessionContextStr {
+    SFTKContextType type;
+    PRBool multi;               /* is multipart */
+    PRBool rsa;                 /* is rsa */
+    PRBool doPad;               /* use PKCS padding for block ciphers */
+    unsigned int blockSize;     /* blocksize for padding */
+    unsigned int padDataLength; /* length of the valid data in padbuf */
+    /** latest incomplete block of data for block cipher */
+    unsigned char padBuf[SFTK_MAX_BLOCK_SIZE];
+    /** result of MAC'ing of latest full block of data with block cipher */
+    unsigned char macBuf[SFTK_MAX_BLOCK_SIZE];
+    CK_ULONG macSize; /* size of a general block cipher mac*/
+    void *cipherInfo;
+    void *hashInfo;
+    unsigned int cipherInfoLen;
+    CK_MECHANISM_TYPE currentMech;
+    SFTKCipher update;
+    SFTKHash hashUpdate;
+    SFTKEnd end;
+    SFTKDestroy destroy;
+    SFTKDestroy hashdestroy;
+    SFTKVerify verify;
+    unsigned int maxLen;
+    SFTKObject *key;
+};
+
+/*
+ * Sessions (have objects)
+ */
+struct SFTKSessionStr {
+    SFTKSession *next;
+    SFTKSession *prev;
+    CK_SESSION_HANDLE handle;
+    int refCount;
+    PZLock *objectLock;
+    int objectIDCount;
+    CK_SESSION_INFO info;
+    CK_NOTIFY notify;
+    CK_VOID_PTR appData;
+    SFTKSlot *slot;
+    SFTKSearchResults *search;
+    SFTKSessionContext *enc_context;
+    SFTKSessionContext *hash_context;
+    SFTKSessionContext *sign_context;
+    SFTKObjectList *objects[1];
+};
+
+/*
+ * slots (have sessions and objects)
+ *
+ * The array of sessionLock's protect the session hash table (head[])
+ * as well as the reference count of session objects in that bucket
+ * (head[]->refCount),  objectLock protects all elements of the slot's
+ * object hash tables (sessObjHashTable[] and tokObjHashTable), and
+ * sessionObjectHandleCount.
+ * slotLock protects the remaining protected elements:
+ * password, isLoggedIn, ssoLoggedIn, and sessionCount,
+ * and pwCheckLock serializes the key database password checks in
+ * NSC_SetPIN and NSC_Login.
+ *
+ * Each of the fields below has the following lifetime as commented
+ * next to the fields:
+ *   invariant  - This value is set when the slot is first created and
+ * never changed until it is destroyed.
+ *   per load   - This value is set when the slot is first created, or
+ * when the slot is used to open another directory. Between open and close
+ * this field does not change.
+ *   variable - This value changes through the normal process of slot operation.
+ *      - reset. The value of this variable is cleared during an open/close
+ *   cycles.
+ *      - preserved. The value of this variable is preserved over open/close
+ *   cycles.
+ */
+struct SFTKSlotStr {
+    CK_SLOT_ID slotID;             /* invariant */
+    PZLock *slotLock;              /* invariant */
+    PZLock **sessionLock;          /* invariant */
+    unsigned int numSessionLocks;  /* invariant */
+    unsigned long sessionLockMask; /* invariant */
+    PZLock *objectLock;            /* invariant */
+    PRLock *pwCheckLock;           /* invariant */
+    PRBool present;                /* variable -set */
+    PRBool hasTokens;              /* per load */
+    PRBool isLoggedIn;             /* variable - reset */
+    PRBool ssoLoggedIn;            /* variable - reset */
+    PRBool needLogin;              /* per load */
+    PRBool DB_loaded;              /* per load */
+    PRBool readOnly;               /* per load */
+    PRBool optimizeSpace;          /* invariant */
+    SFTKDBHandle *certDB;          /* per load */
+    SFTKDBHandle *keyDB;           /* per load */
+    int minimumPinLen;             /* per load */
+    PRInt32 sessionIDCount;        /* atomically incremented */
+                                   /* (preserved) */
+    int sessionIDConflict;         /* not protected by a lock */
+                                   /* (preserved) */
+    int sessionCount;              /* variable - reset */
+    PRInt32 rwSessionCount;        /* set by atomic operations */
+                                   /* (reset) */
+    int sessionObjectHandleCount;  /* variable - perserved */
+    CK_ULONG index;                /* invariant */
+    PLHashTable *tokObjHashTable;  /* invariant */
+    SFTKObject **sessObjHashTable; /* variable - reset */
+    unsigned int sessObjHashSize;  /* invariant */
+    SFTKSession **head;            /* variable -reset */
+    unsigned int sessHashSize;     /* invariant */
+    char tokDescription[33];       /* per load */
+    char updateTokDescription[33]; /* per load */
+    char slotDescription[65];      /* invariant */
+};
+
+/*
+ * special joint operations Contexts
+ */
+struct SFTKHashVerifyInfoStr {
+    SECOidTag hashOid;
+    void *params;
+    NSSLOWKEYPublicKey *key;
+};
+
+struct SFTKHashSignInfoStr {
+    SECOidTag hashOid;
+    void *params;
+    NSSLOWKEYPrivateKey *key;
+};
+
+/**
+ * Contexts for RSA-OAEP
+ */
+struct SFTKOAEPEncryptInfoStr {
+    CK_RSA_PKCS_OAEP_PARAMS *params;
+    NSSLOWKEYPublicKey *key;
+};
+
+struct SFTKOAEPDecryptInfoStr {
+    CK_RSA_PKCS_OAEP_PARAMS *params;
+    NSSLOWKEYPrivateKey *key;
+};
+
+/* context for the Final SSLMAC message */
+struct SFTKSSLMACInfoStr {
+    void *hashContext;
+    SFTKBegin begin;
+    SFTKHash update;
+    SFTKEnd end;
+    CK_ULONG macSize;
+    int padSize;
+    unsigned char key[MAX_KEY_LEN];
+    unsigned int keySize;
+};
+
+/* SFTKChaCha20Poly1305Info saves the key, tag length, nonce,
+ * and additional data for a ChaCha20+Poly1305 AEAD operation. */
+struct SFTKChaCha20Poly1305InfoStr {
+    ChaCha20Poly1305Context freeblCtx;
+    unsigned char nonce[12];
+    unsigned char ad[16];
+    unsigned char *adOverflow;
+    unsigned int adLen;
+};
+
+/*
+ * Template based on SECItems, suitable for passing as arrays
+ */
+struct SFTKItemTemplateStr {
+    CK_ATTRIBUTE_TYPE type;
+    SECItem *item;
+};
+
+/* macro for setting SFTKTemplates. */
+#define SFTK_SET_ITEM_TEMPLATE(templ, count, itemPtr, attr) \
+    templ[count].type = attr;                               \
+    templ[count].item = itemPtr
+
+#define SFTK_MAX_ITEM_TEMPLATE 10
+
+/*
+ * session handle modifiers
+ */
+#define SFTK_SESSION_SLOT_MASK 0xff000000L
+
+/*
+ * object handle modifiers
+ */
+#define SFTK_TOKEN_MASK 0x80000000L
+#define SFTK_TOKEN_MAGIC 0x80000000L
+#define SFTK_TOKEN_TYPE_MASK 0x70000000L
+/* keydb (high bit == 0) */
+#define SFTK_TOKEN_TYPE_PRIV 0x10000000L
+#define SFTK_TOKEN_TYPE_PUB 0x20000000L
+#define SFTK_TOKEN_TYPE_KEY 0x30000000L
+/* certdb (high bit == 1) */
+#define SFTK_TOKEN_TYPE_TRUST 0x40000000L
+#define SFTK_TOKEN_TYPE_CRL 0x50000000L
+#define SFTK_TOKEN_TYPE_SMIME 0x60000000L
+#define SFTK_TOKEN_TYPE_CERT 0x70000000L
+
+#define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC | SFTK_TOKEN_TYPE_CRL | 1)
+/* how big (in bytes) a password/pin we can deal with */
+#define SFTK_MAX_PIN 255
+/* minimum password/pin length (in Unicode characters) in FIPS mode */
+#define FIPS_MIN_PIN 7
+
+/* slot ID's */
+#define NETSCAPE_SLOT_ID 1
+#define PRIVATE_KEY_SLOT_ID 2
+#define FIPS_SLOT_ID 3
+
+/* slot helper macros */
+#define sftk_SlotFromSession(sp) ((sp)->slot)
+#define sftk_isToken(id) (((id)&SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
+
+/* the session hash multiplier (see bug 201081) */
+#define SHMULTIPLIER 1791398085
+
+/* queueing helper macros */
+#define sftk_hash(value, size) \
+    ((PRUint32)((value)*SHMULTIPLIER) & (size - 1))
+#define sftkqueue_add(element, id, head, hash_size) \
+    {                                               \
+        int tmp = sftk_hash(id, hash_size);         \
+        (element)->next = (head)[tmp];              \
+        (element)->prev = NULL;                     \
+        if ((head)[tmp])                            \
+            (head)[tmp]->prev = (element);          \
+        (head)[tmp] = (element);                    \
+    }
+#define sftkqueue_find(element, id, head, hash_size)                      \
+    for ((element) = (head)[sftk_hash(id, hash_size)]; (element) != NULL; \
+         (element) = (element)->next) {                                   \
+        if ((element)->handle == (id)) {                                  \
+            break;                                                        \
+        }                                                                 \
+    }
+#define sftkqueue_is_queued(element, id, head, hash_size) \
+    (((element)->next) || ((element)->prev) ||            \
+     ((head)[sftk_hash(id, hash_size)] == (element)))
+#define sftkqueue_delete(element, id, head, hash_size)        \
+    if ((element)->next)                                      \
+        (element)->next->prev = (element)->prev;              \
+    if ((element)->prev)                                      \
+        (element)->prev->next = (element)->next;              \
+    else                                                      \
+        (head)[sftk_hash(id, hash_size)] = ((element)->next); \
+    (element)->next = NULL;                                   \
+    (element)->prev = NULL;
+
+#define sftkqueue_init_element(element) \
+    (element)->prev = NULL;
+
+#define sftkqueue_add2(element, id, index, head) \
+    {                                            \
+        (element)->next = (head)[index];         \
+        if ((head)[index])                       \
+            (head)[index]->prev = (element);     \
+        (head)[index] = (element);               \
+    }
+
+#define sftkqueue_find2(element, id, index, head) \
+    for ((element) = (head)[index];               \
+         (element) != NULL;                       \
+         (element) = (element)->next) {           \
+        if ((element)->handle == (id)) {          \
+            break;                                \
+        }                                         \
+    }
+
+#define sftkqueue_delete2(element, id, index, head) \
+    if ((element)->next)                            \
+        (element)->next->prev = (element)->prev;    \
+    if ((element)->prev)                            \
+        (element)->prev->next = (element)->next;    \
+    else                                            \
+        (head)[index] = ((element)->next);
+
+#define sftkqueue_clear_deleted_element(element) \
+    (element)->next = NULL;                      \
+    (element)->prev = NULL;
+
+/* sessionID (handle) is used to determine session lock bucket */
+#ifdef NOSPREAD
+/* NOSPREAD:    (ID>>L2LPB) & (perbucket-1) */
+#define SFTK_SESSION_LOCK(slot, handle) \
+    ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) & (slot)->sessionLockMask])
+#else
+/* SPREAD:  ID & (perbucket-1) */
+#define SFTK_SESSION_LOCK(slot, handle) \
+    ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
+#endif
+
+/* expand an attribute & secitem structures out */
+#define sftk_attr_expand(ap) (ap)->type, (ap)->pValue, (ap)->ulValueLen
+#define sftk_item_expand(ip) (ip)->data, (ip)->len
+
+typedef struct sftk_token_parametersStr {
+    CK_SLOT_ID slotID;
+    char *configdir;
+    char *certPrefix;
+    char *keyPrefix;
+    char *updatedir;
+    char *updCertPrefix;
+    char *updKeyPrefix;
+    char *updateID;
+    char *tokdes;
+    char *slotdes;
+    char *updtokdes;
+    int minPW;
+    PRBool readOnly;
+    PRBool noCertDB;
+    PRBool noKeyDB;
+    PRBool forceOpen;
+    PRBool pwRequired;
+    PRBool optimizeSpace;
+} sftk_token_parameters;
+
+typedef struct sftk_parametersStr {
+    char *configdir;
+    char *updatedir;
+    char *updateID;
+    char *secmodName;
+    char *man;
+    char *libdes;
+    PRBool readOnly;
+    PRBool noModDB;
+    PRBool noCertDB;
+    PRBool forceOpen;
+    PRBool pwRequired;
+    PRBool optimizeSpace;
+    sftk_token_parameters *tokens;
+    int token_count;
+} sftk_parameters;
+
+/* path stuff (was machine dependent) used by dbinit.c and pk11db.c */
+#define CERT_DB_FMT "%scert%s.db"
+#define KEY_DB_FMT "%skey%s.db"
+
+SEC_BEGIN_PROTOS
+
+/* shared functions between pkcs11.c and fipstokn.c */
+extern PRBool nsf_init;
+extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
+extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
+extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV *crv);
+extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
+                                   CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
+
+/* slot initialization, reinit, shutdown and destruction */
+extern CK_RV SFTK_SlotInit(char *configdir, char *updatedir, char *updateID,
+                           sftk_token_parameters *params, int moduleIndex);
+extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir,
+                             char *updatedir, char *updateID,
+                             sftk_token_parameters *params, int moduleIndex);
+extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot);
+extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot);
+extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout);
+
+/* internal utility functions used by pkcs11.c */
+extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
+                                         CK_ATTRIBUTE_TYPE type);
+extern void sftk_FreeAttribute(SFTKAttribute *attribute);
+extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                                   const void *valPtr, CK_ULONG length);
+extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
+                                    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
+extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena,
+                                            SFTKObject *object,
+                                            SFTKItemTemplate *templ, int count);
+extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
+                                         unsigned int bufLen);
+extern CK_RV sftk_ConstrainAttribute(SFTKObject *object,
+                                     CK_ATTRIBUTE_TYPE type, int minLength,
+                                     int maxLength, int minMultiple);
+extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
+extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
+extern void sftk_DeleteAttributeType(SFTKObject *object,
+                                     CK_ATTRIBUTE_TYPE type);
+extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
+                                    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
+extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
+                                     SFTKObject *object,
+                                     CK_ATTRIBUTE_TYPE type);
+extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
+                                      CK_OBJECT_CLASS inClass);
+extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
+extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
+extern void sftk_nullAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
+extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                                    CK_ULONG *longData);
+extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                                 const void *value, unsigned int len);
+extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                                   const void *value, unsigned int len);
+extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
+
+extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
+extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
+extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
+extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
+extern void sftk_ReferenceObject(SFTKObject *object);
+extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
+                                         SFTKSession *session);
+extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
+extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
+/* clear out all the existing object ID to database key mappings.
+ * used to reinit a token */
+extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot);
+
+extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
+                                   SFTKObject **head, unsigned int size,
+                                   PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
+                                   int count, PRBool isLoggedIn);
+extern SFTKObjectListElement *sftk_FreeObjectListElement(
+    SFTKObjectListElement *objectList);
+extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
+extern void sftk_FreeSearch(SFTKSearchResults *search);
+extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
+
+extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
+extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
+extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
+extern void sftk_FreeSession(SFTKSession *session);
+extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
+                                    CK_VOID_PTR pApplication, CK_FLAGS flags);
+extern void sftk_update_state(SFTKSlot *slot, SFTKSession *session);
+extern void sftk_update_all_states(SFTKSlot *slot);
+extern void sftk_FreeContext(SFTKSessionContext *context);
+extern void sftk_InitFreeLists(void);
+extern void sftk_CleanupFreeLists(void);
+
+extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
+                                          CK_KEY_TYPE key_type, CK_RV *crvp);
+extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
+                                            CK_KEY_TYPE key_type, CK_RV *crvp);
+extern void sftk_FormatDESKey(unsigned char *key, int length);
+extern PRBool sftk_CheckDESKey(unsigned char *key);
+extern PRBool sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type);
+
+/* mechanism allows this operation */
+extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
+
+/* helper function which calls nsslowkey_FindKeyByPublicKey after safely
+ * acquiring a reference to the keydb from the slot */
+NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);
+
+/*
+ * parameter parsing functions
+ */
+CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS);
+void sftk_freeParams(sftk_parameters *params);
+
+/*
+ * narrow objects
+ */
+SFTKSessionObject *sftk_narrowToSessionObject(SFTKObject *);
+SFTKTokenObject *sftk_narrowToTokenObject(SFTKObject *);
+
+/*
+ * token object utilities
+ */
+void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
+PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey,
+                         CK_OBJECT_HANDLE handle);
+SFTKObject *sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey,
+                                CK_OBJECT_HANDLE handle);
+SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
+
+/* J-PAKE (jpakesftk.c) */
+extern CK_RV jpake_Round1(HASH_HashType hashType,
+                          CK_NSS_JPAKERound1Params *params,
+                          SFTKObject *key);
+extern CK_RV jpake_Round2(HASH_HashType hashType,
+                          CK_NSS_JPAKERound2Params *params,
+                          SFTKObject *sourceKey, SFTKObject *key);
+extern CK_RV jpake_Final(HASH_HashType hashType,
+                         const CK_NSS_JPAKEFinalParams *params,
+                         SFTKObject *sourceKey, SFTKObject *key);
+
+/* Constant time MAC functions (hmacct.c) */
+
+struct sftk_MACConstantTimeCtxStr {
+    const SECHashObject *hash;
+    unsigned char mac[64];
+    unsigned char secret[64];
+    unsigned int headerLength;
+    unsigned int secretLength;
+    unsigned int totalLength;
+    unsigned char header[75];
+};
+typedef struct sftk_MACConstantTimeCtxStr sftk_MACConstantTimeCtx;
+sftk_MACConstantTimeCtx *sftk_HMACConstantTime_New(
+    CK_MECHANISM_PTR mech, SFTKObject *key);
+sftk_MACConstantTimeCtx *sftk_SSLv3MACConstantTime_New(
+    CK_MECHANISM_PTR mech, SFTKObject *key);
+void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len);
+void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len);
+void sftk_MACConstantTime_EndHash(
+    void *pctx, void *out, unsigned int *outLength, unsigned int maxLength);
+void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool);
+
+/****************************************
+ * implement TLS Pseudo Random Function (PRF)
+ */
+
+extern CK_RV
+sftk_TLSPRFInit(SFTKSessionContext *context,
+                SFTKObject *key,
+                CK_KEY_TYPE key_type,
+                HASH_HashType hash_alg,
+                unsigned int out_len);
+
+SEC_END_PROTOS
+
+#endif /* _PKCS11I_H_ */
diff --git a/nss/lib/softoken/pkcs11ni.h b/nss/lib/softoken/pkcs11ni.h
new file mode 100644
index 0000000..612842c
--- /dev/null
+++ b/nss/lib/softoken/pkcs11ni.h
@@ -0,0 +1,20 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _PKCS11NI_H_
+#define _PKCS11NI_H_
+
+/*
+ * pkcs11ni.h
+ *
+ * This file contains softoken private exports for NSS
+ */
+
+/* softoken slot ID's */
+#define SFTK_MIN_USER_SLOT_ID 4
+#define SFTK_MAX_USER_SLOT_ID 100
+#define SFTK_MIN_FIPS_USER_SLOT_ID 101
+#define SFTK_MAX_FIPS_USER_SLOT_ID 127
+
+#endif /* _PKCS11NI_H_ */
diff --git a/nss/lib/softoken/pkcs11u.c b/nss/lib/softoken/pkcs11u.c
new file mode 100644
index 0000000..a5694ee
--- /dev/null
+++ b/nss/lib/softoken/pkcs11u.c
@@ -0,0 +1,1994 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal PKCS #11 functions. Should only be called by pkcs11.c
+ */
+#include "pkcs11.h"
+#include "pkcs11i.h"
+#include "lowkeyi.h"
+#include "secasn1.h"
+#include "blapi.h"
+#include "secerr.h"
+#include "prnetdb.h" /* for PR_ntohl */
+#include "sftkdb.h"
+#include "softoken.h"
+
+/*
+ * ******************** Attribute Utilities *******************************
+ */
+
+/*
+ * create a new attribute with type, value, and length. Space is allocated
+ * to hold value.
+ */
+static SFTKAttribute *
+sftk_NewAttribute(SFTKObject *object,
+                  CK_ATTRIBUTE_TYPE type, const void *value, CK_ULONG len)
+{
+    SFTKAttribute *attribute;
+
+    SFTKSessionObject *so = sftk_narrowToSessionObject(object);
+    int index;
+
+    if (so == NULL) {
+        /* allocate new attribute in a buffer */
+        PORT_Assert(0);
+        return NULL;
+    }
+    /*
+     * We attempt to keep down contention on Malloc and Arena locks by
+     * limiting the number of these calls on high traversed paths. This
+     * is done for attributes by 'allocating' them from a pool already
+     * allocated by the parent object.
+     */
+    PZ_Lock(so->attributeLock);
+    index = so->nextAttr++;
+    PZ_Unlock(so->attributeLock);
+    PORT_Assert(index < MAX_OBJS_ATTRS);
+    if (index >= MAX_OBJS_ATTRS)
+        return NULL;
+
+    attribute = &so->attrList[index];
+    attribute->attrib.type = type;
+    attribute->freeAttr = PR_FALSE;
+    attribute->freeData = PR_FALSE;
+    if (value) {
+        if (len <= ATTR_SPACE) {
+            attribute->attrib.pValue = attribute->space;
+        } else {
+            attribute->attrib.pValue = PORT_Alloc(len);
+            attribute->freeData = PR_TRUE;
+        }
+        if (attribute->attrib.pValue == NULL) {
+            return NULL;
+        }
+        PORT_Memcpy(attribute->attrib.pValue, value, len);
+        attribute->attrib.ulValueLen = len;
+    } else {
+        attribute->attrib.pValue = NULL;
+        attribute->attrib.ulValueLen = 0;
+    }
+    attribute->attrib.type = type;
+    attribute->handle = type;
+    attribute->next = attribute->prev = NULL;
+    return attribute;
+}
+
+/*
+ * Free up all the memory associated with an attribute. Reference count
+ * must be zero to call this.
+ */
+static void
+sftk_DestroyAttribute(SFTKAttribute *attribute)
+{
+    if (attribute->freeData) {
+        if (attribute->attrib.pValue) {
+            /* clear out the data in the attribute value... it may have been
+             * sensitive data */
+            PORT_Memset(attribute->attrib.pValue, 0,
+                        attribute->attrib.ulValueLen);
+        }
+        PORT_Free(attribute->attrib.pValue);
+    }
+    PORT_Free(attribute);
+}
+
+/*
+ * release a reference to an attribute structure
+ */
+void
+sftk_FreeAttribute(SFTKAttribute *attribute)
+{
+    if (attribute->freeAttr) {
+        sftk_DestroyAttribute(attribute);
+        return;
+    }
+}
+
+static SFTKAttribute *
+sftk_FindTokenAttribute(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *myattribute = NULL;
+    SFTKDBHandle *dbHandle = NULL;
+    CK_RV crv = CKR_HOST_MEMORY;
+
+    myattribute = (SFTKAttribute *)PORT_Alloc(sizeof(SFTKAttribute));
+    if (myattribute == NULL) {
+        goto loser;
+    }
+
+    dbHandle = sftk_getDBForTokenObject(object->obj.slot, object->obj.handle);
+
+    myattribute->handle = type;
+    myattribute->attrib.type = type;
+    myattribute->attrib.pValue = myattribute->space;
+    myattribute->attrib.ulValueLen = ATTR_SPACE;
+    myattribute->next = myattribute->prev = NULL;
+    myattribute->freeAttr = PR_TRUE;
+    myattribute->freeData = PR_FALSE;
+
+    crv = sftkdb_GetAttributeValue(dbHandle, object->obj.handle,
+                                   &myattribute->attrib, 1);
+
+    /* attribute is bigger than our attribute space buffer, malloc it */
+    if (crv == CKR_BUFFER_TOO_SMALL) {
+        myattribute->attrib.pValue = NULL;
+        crv = sftkdb_GetAttributeValue(dbHandle, object->obj.handle,
+                                       &myattribute->attrib, 1);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        myattribute->attrib.pValue = PORT_Alloc(myattribute->attrib.ulValueLen);
+        if (myattribute->attrib.pValue == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        myattribute->freeData = PR_TRUE;
+        crv = sftkdb_GetAttributeValue(dbHandle, object->obj.handle,
+                                       &myattribute->attrib, 1);
+    }
+loser:
+    if (dbHandle) {
+        sftk_freeDB(dbHandle);
+    }
+    if (crv != CKR_OK) {
+        if (myattribute) {
+            myattribute->attrib.ulValueLen = 0;
+            sftk_FreeAttribute(myattribute);
+            myattribute = NULL;
+        }
+    }
+    return myattribute;
+}
+
+/*
+ * look up and attribute structure from a type and Object structure.
+ * The returned attribute is referenced and needs to be freed when
+ * it is no longer needed.
+ */
+SFTKAttribute *
+sftk_FindAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *attribute;
+    SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);
+
+    if (sessObject == NULL) {
+        return sftk_FindTokenAttribute(sftk_narrowToTokenObject(object), type);
+    }
+
+    PZ_Lock(sessObject->attributeLock);
+    sftkqueue_find(attribute, type, sessObject->head, sessObject->hashSize);
+    PZ_Unlock(sessObject->attributeLock);
+
+    return (attribute);
+}
+
+/*
+ * Take a buffer and it's length and return it's true size in bits;
+ */
+unsigned int
+sftk_GetLengthInBits(unsigned char *buf, unsigned int bufLen)
+{
+    unsigned int size = bufLen * 8;
+    unsigned int i;
+
+    /* Get the real length in bytes */
+    for (i = 0; i < bufLen; i++) {
+        unsigned char c = *buf++;
+        if (c != 0) {
+            unsigned char m;
+            for (m = 0x80; m > 0; m = m >> 1) {
+                if ((c & m) != 0) {
+                    break;
+                }
+                size--;
+            }
+            break;
+        }
+        size -= 8;
+    }
+    return size;
+}
+
+/*
+ * Constrain a big num attribute. to size and padding
+ * minLength means length of the object must be greater than equal to minLength
+ * maxLength means length of the object must be less than equal to maxLength
+ * minMultiple means that object length mod minMultiple must equal 0.
+ * all input sizes are in bits.
+ * if any constraint is '0' that constraint is not checked.
+ */
+CK_RV
+sftk_ConstrainAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                        int minLength, int maxLength, int minMultiple)
+{
+    SFTKAttribute *attribute;
+    int size;
+    unsigned char *ptr;
+
+    attribute = sftk_FindAttribute(object, type);
+    if (!attribute) {
+        return CKR_TEMPLATE_INCOMPLETE;
+    }
+    ptr = (unsigned char *)attribute->attrib.pValue;
+    if (ptr == NULL) {
+        sftk_FreeAttribute(attribute);
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    size = sftk_GetLengthInBits(ptr, attribute->attrib.ulValueLen);
+    sftk_FreeAttribute(attribute);
+
+    if ((minLength != 0) && (size < minLength)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    if ((maxLength != 0) && (size > maxLength)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    if ((minMultiple != 0) && ((size % minMultiple) != 0)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+    return CKR_OK;
+}
+
+PRBool
+sftk_hasAttributeToken(SFTKTokenObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    CK_ATTRIBUTE template;
+    CK_RV crv;
+    SFTKDBHandle *dbHandle;
+
+    dbHandle = sftk_getDBForTokenObject(object->obj.slot, object->obj.handle);
+    template.type = type;
+    template.pValue = NULL;
+    template.ulValueLen = 0;
+
+    crv = sftkdb_GetAttributeValue(dbHandle, object->obj.handle, &template, 1);
+    sftk_freeDB(dbHandle);
+
+    /* attribute is bigger than our attribute space buffer, malloc it */
+    return (crv == CKR_OK) ? PR_TRUE : PR_FALSE;
+}
+
+/*
+ * return true if object has attribute
+ */
+PRBool
+sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *attribute;
+    SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);
+
+    if (sessObject == NULL) {
+        return sftk_hasAttributeToken(sftk_narrowToTokenObject(object), type);
+    }
+
+    PZ_Lock(sessObject->attributeLock);
+    sftkqueue_find(attribute, type, sessObject->head, sessObject->hashSize);
+    PZ_Unlock(sessObject->attributeLock);
+
+    return (PRBool)(attribute != NULL);
+}
+
+/*
+ * add an attribute to an object
+ */
+static void
+sftk_AddAttribute(SFTKObject *object, SFTKAttribute *attribute)
+{
+    SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);
+
+    if (sessObject == NULL)
+        return;
+    PZ_Lock(sessObject->attributeLock);
+    sftkqueue_add(attribute, attribute->handle,
+                  sessObject->head, sessObject->hashSize);
+    PZ_Unlock(sessObject->attributeLock);
+}
+
+/*
+ * copy an unsigned attribute into a SECItem. Secitem is allocated in
+ * the specified arena.
+ */
+CK_RV
+sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item, SFTKObject *object,
+                        CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *attribute;
+
+    item->data = NULL;
+
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+
+    (void)SECITEM_AllocItem(arena, item, attribute->attrib.ulValueLen);
+    if (item->data == NULL) {
+        sftk_FreeAttribute(attribute);
+        return CKR_HOST_MEMORY;
+    }
+    PORT_Memcpy(item->data, attribute->attrib.pValue, item->len);
+    sftk_FreeAttribute(attribute);
+    return CKR_OK;
+}
+
+/*
+ * fetch multiple attributes into  SECItems. Secitem data is allocated in
+ * the specified arena.
+ */
+CK_RV
+sftk_MultipleAttribute2SecItem(PLArenaPool *arena, SFTKObject *object,
+                               SFTKItemTemplate *itemTemplate, int itemTemplateCount)
+{
+
+    CK_RV crv = CKR_OK;
+    CK_ATTRIBUTE templateSpace[SFTK_MAX_ITEM_TEMPLATE];
+    CK_ATTRIBUTE *template;
+    SFTKTokenObject *tokObject;
+    SFTKDBHandle *dbHandle = NULL;
+    int i;
+
+    tokObject = sftk_narrowToTokenObject(object);
+
+    /* session objects, just loop through the list */
+    if (tokObject == NULL) {
+        for (i = 0; i < itemTemplateCount; i++) {
+            crv = sftk_Attribute2SecItem(arena, itemTemplate[i].item, object,
+                                         itemTemplate[i].type);
+            if (crv != CKR_OK) {
+                return crv;
+            }
+        }
+        return CKR_OK;
+    }
+
+    /* don't do any work if none is required */
+    if (itemTemplateCount == 0) {
+        return CKR_OK;
+    }
+
+    /* don't allocate the template unless we need it */
+    if (itemTemplateCount > SFTK_MAX_ITEM_TEMPLATE) {
+        template = PORT_NewArray(CK_ATTRIBUTE, itemTemplateCount);
+    } else {
+        template = templateSpace;
+    }
+
+    if (template == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    dbHandle = sftk_getDBForTokenObject(object->slot, object->handle);
+    if (dbHandle == NULL) {
+        crv = CKR_OBJECT_HANDLE_INVALID;
+        goto loser;
+    }
+
+    /* set up the PKCS #11 template */
+    for (i = 0; i < itemTemplateCount; i++) {
+        template[i].type = itemTemplate[i].type;
+        template[i].pValue = NULL;
+        template[i].ulValueLen = 0;
+    }
+
+    /* fetch the attribute lengths */
+    crv = sftkdb_GetAttributeValue(dbHandle, object->handle,
+                                   template, itemTemplateCount);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    /* allocate space for the attributes */
+    for (i = 0; i < itemTemplateCount; i++) {
+        template[i].pValue = PORT_ArenaAlloc(arena, template[i].ulValueLen);
+        if (template[i].pValue == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+    }
+
+    /* fetch the attributes */
+    crv = sftkdb_GetAttributeValue(dbHandle, object->handle,
+                                   template, itemTemplateCount);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    /* Fill in the items */
+    for (i = 0; i < itemTemplateCount; i++) {
+        itemTemplate[i].item->data = template[i].pValue;
+        itemTemplate[i].item->len = template[i].ulValueLen;
+    }
+
+loser:
+    if (template != templateSpace) {
+        PORT_Free(template);
+    }
+    if (dbHandle) {
+        sftk_freeDB(dbHandle);
+    }
+
+    return crv;
+}
+
+/*
+ * delete an attribute from an object
+ */
+static void
+sftk_DeleteAttribute(SFTKObject *object, SFTKAttribute *attribute)
+{
+    SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);
+
+    if (sessObject == NULL) {
+        return;
+    }
+    PZ_Lock(sessObject->attributeLock);
+    if (sftkqueue_is_queued(attribute, attribute->handle,
+                            sessObject->head, sessObject->hashSize)) {
+        sftkqueue_delete(attribute, attribute->handle,
+                         sessObject->head, sessObject->hashSize);
+    }
+    PZ_Unlock(sessObject->attributeLock);
+}
+
+/*
+ * this is only valid for CK_BBOOL type attributes. Return the state
+ * of that attribute.
+ */
+PRBool
+sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *attribute;
+    PRBool tok = PR_FALSE;
+
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL) {
+        return PR_FALSE;
+    }
+    tok = (PRBool)(*(CK_BBOOL *)attribute->attrib.pValue);
+    sftk_FreeAttribute(attribute);
+
+    return tok;
+}
+
+/*
+ * force an attribute to null.
+ * this is for sensitive keys which are stored in the database, we don't
+ * want to keep this info around in memory in the clear.
+ */
+void
+sftk_nullAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *attribute;
+
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL)
+        return;
+
+    if (attribute->attrib.pValue != NULL) {
+        PORT_Memset(attribute->attrib.pValue, 0, attribute->attrib.ulValueLen);
+        if (attribute->freeData) {
+            PORT_Free(attribute->attrib.pValue);
+        }
+        attribute->freeData = PR_FALSE;
+        attribute->attrib.pValue = NULL;
+        attribute->attrib.ulValueLen = 0;
+    }
+    sftk_FreeAttribute(attribute);
+}
+
+static CK_RV
+sftk_forceTokenAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                         const void *value, unsigned int len)
+{
+    CK_ATTRIBUTE attribute;
+    SFTKDBHandle *dbHandle = NULL;
+    SFTKTokenObject *to = sftk_narrowToTokenObject(object);
+    CK_RV crv;
+
+    PORT_Assert(to);
+    if (to == NULL) {
+        return CKR_DEVICE_ERROR;
+    }
+
+    dbHandle = sftk_getDBForTokenObject(object->slot, object->handle);
+
+    attribute.type = type;
+    attribute.pValue = (void *)value;
+    attribute.ulValueLen = len;
+
+    crv = sftkdb_SetAttributeValue(dbHandle, object, &attribute, 1);
+    sftk_freeDB(dbHandle);
+    return crv;
+}
+
+/*
+ * force an attribute to a specifc value.
+ */
+CK_RV
+sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                    const void *value, unsigned int len)
+{
+    SFTKAttribute *attribute;
+    void *att_val = NULL;
+    PRBool freeData = PR_FALSE;
+
+    PORT_Assert(object);
+    PORT_Assert(object->refCount);
+    PORT_Assert(object->slot);
+    if (!object ||
+        !object->refCount ||
+        !object->slot) {
+        return CKR_DEVICE_ERROR;
+    }
+    if (sftk_isToken(object->handle)) {
+        return sftk_forceTokenAttribute(object, type, value, len);
+    }
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL)
+        return sftk_AddAttributeType(object, type, value, len);
+
+    if (value) {
+        if (len <= ATTR_SPACE) {
+            att_val = attribute->space;
+        } else {
+            att_val = PORT_Alloc(len);
+            freeData = PR_TRUE;
+        }
+        if (att_val == NULL) {
+            return CKR_HOST_MEMORY;
+        }
+        if (attribute->attrib.pValue == att_val) {
+            PORT_Memset(attribute->attrib.pValue, 0,
+                        attribute->attrib.ulValueLen);
+        }
+        PORT_Memcpy(att_val, value, len);
+    }
+    if (attribute->attrib.pValue != NULL) {
+        if (attribute->attrib.pValue != att_val) {
+            PORT_Memset(attribute->attrib.pValue, 0,
+                        attribute->attrib.ulValueLen);
+        }
+        if (attribute->freeData) {
+            PORT_Free(attribute->attrib.pValue);
+        }
+        attribute->freeData = PR_FALSE;
+        attribute->attrib.pValue = NULL;
+        attribute->attrib.ulValueLen = 0;
+    }
+    if (att_val) {
+        attribute->attrib.pValue = att_val;
+        attribute->attrib.ulValueLen = len;
+        attribute->freeData = freeData;
+    }
+    sftk_FreeAttribute(attribute);
+    return CKR_OK;
+}
+
+/*
+ * return a null terminated string from attribute 'type'. This string
+ * is allocated and needs to be freed with PORT_Free() When complete.
+ */
+char *
+sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *attribute;
+    char *label = NULL;
+
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL)
+        return NULL;
+
+    if (attribute->attrib.pValue != NULL) {
+        label = (char *)PORT_Alloc(attribute->attrib.ulValueLen + 1);
+        if (label == NULL) {
+            sftk_FreeAttribute(attribute);
+            return NULL;
+        }
+
+        PORT_Memcpy(label, attribute->attrib.pValue,
+                    attribute->attrib.ulValueLen);
+        label[attribute->attrib.ulValueLen] = 0;
+    }
+    sftk_FreeAttribute(attribute);
+    return label;
+}
+
+/*
+ * decode when a particular attribute may be modified
+ *  SFTK_NEVER: This attribute must be set at object creation time and
+ *  can never be modified.
+ *  SFTK_ONCOPY: This attribute may be modified only when you copy the
+ *  object.
+ *  SFTK_SENSITIVE: The CKA_SENSITIVE attribute can only be changed from
+ *  CK_FALSE to CK_TRUE.
+ *  SFTK_ALWAYS: This attribute can always be modified.
+ * Some attributes vary their modification type based on the class of the
+ *   object.
+ */
+SFTKModifyType
+sftk_modifyType(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass)
+{
+    /* if we don't know about it, user user defined, always allow modify */
+    SFTKModifyType mtype = SFTK_ALWAYS;
+
+    switch (type) {
+        /* NEVER */
+        case CKA_CLASS:
+        case CKA_CERTIFICATE_TYPE:
+        case CKA_KEY_TYPE:
+        case CKA_MODULUS:
+        case CKA_MODULUS_BITS:
+        case CKA_PUBLIC_EXPONENT:
+        case CKA_PRIVATE_EXPONENT:
+        case CKA_PRIME:
+        case CKA_SUBPRIME:
+        case CKA_BASE:
+        case CKA_PRIME_1:
+        case CKA_PRIME_2:
+        case CKA_EXPONENT_1:
+        case CKA_EXPONENT_2:
+        case CKA_COEFFICIENT:
+        case CKA_VALUE_LEN:
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_NEVER_EXTRACTABLE:
+        case CKA_NETSCAPE_DB:
+            mtype = SFTK_NEVER;
+            break;
+
+        /* ONCOPY */
+        case CKA_TOKEN:
+        case CKA_PRIVATE:
+        case CKA_MODIFIABLE:
+            mtype = SFTK_ONCOPY;
+            break;
+
+        /* SENSITIVE */
+        case CKA_SENSITIVE:
+        case CKA_EXTRACTABLE:
+            mtype = SFTK_SENSITIVE;
+            break;
+
+        /* ALWAYS */
+        case CKA_LABEL:
+        case CKA_APPLICATION:
+        case CKA_ID:
+        case CKA_SERIAL_NUMBER:
+        case CKA_START_DATE:
+        case CKA_END_DATE:
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_DECRYPT:
+        case CKA_SIGN:
+        case CKA_VERIFY:
+        case CKA_SIGN_RECOVER:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+        case CKA_UNWRAP:
+            mtype = SFTK_ALWAYS;
+            break;
+
+        /* DEPENDS ON CLASS */
+        case CKA_VALUE:
+            mtype = (inClass == CKO_DATA) ? SFTK_ALWAYS : SFTK_NEVER;
+            break;
+
+        case CKA_SUBJECT:
+            mtype = (inClass == CKO_CERTIFICATE) ? SFTK_NEVER : SFTK_ALWAYS;
+            break;
+        default:
+            break;
+    }
+    return mtype;
+}
+
+/* decode if a particular attribute is sensitive (cannot be read
+ * back to the user of if the object is set to SENSITIVE) */
+PRBool
+sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass)
+{
+    switch (type) {
+        /* ALWAYS */
+        case CKA_PRIVATE_EXPONENT:
+        case CKA_PRIME_1:
+        case CKA_PRIME_2:
+        case CKA_EXPONENT_1:
+        case CKA_EXPONENT_2:
+        case CKA_COEFFICIENT:
+            return PR_TRUE;
+
+        /* DEPENDS ON CLASS */
+        case CKA_VALUE:
+            /* PRIVATE and SECRET KEYS have SENSITIVE values */
+            return (PRBool)((inClass == CKO_PRIVATE_KEY) || (inClass == CKO_SECRET_KEY));
+
+        default:
+            break;
+    }
+    return PR_FALSE;
+}
+
+/*
+ * copy an attribute into a SECItem. Secitem is allocated in the specified
+ * arena.
+ */
+CK_RV
+sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, SFTKObject *object,
+                       CK_ATTRIBUTE_TYPE type)
+{
+    int len;
+    SFTKAttribute *attribute;
+
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+    len = attribute->attrib.ulValueLen;
+
+    if (arena) {
+        item->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
+    } else {
+        item->data = (unsigned char *)PORT_Alloc(len);
+    }
+    if (item->data == NULL) {
+        sftk_FreeAttribute(attribute);
+        return CKR_HOST_MEMORY;
+    }
+    item->len = len;
+    PORT_Memcpy(item->data, attribute->attrib.pValue, len);
+    sftk_FreeAttribute(attribute);
+    return CKR_OK;
+}
+
+CK_RV
+sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                       CK_ULONG *longData)
+{
+    SFTKAttribute *attribute;
+
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
+
+    if (attribute->attrib.ulValueLen != sizeof(CK_ULONG)) {
+        return CKR_ATTRIBUTE_VALUE_INVALID;
+    }
+
+    *longData = *(CK_ULONG *)attribute->attrib.pValue;
+    sftk_FreeAttribute(attribute);
+    return CKR_OK;
+}
+
+void
+sftk_DeleteAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type)
+{
+    SFTKAttribute *attribute;
+    attribute = sftk_FindAttribute(object, type);
+    if (attribute == NULL)
+        return;
+    sftk_DeleteAttribute(object, attribute);
+    sftk_FreeAttribute(attribute);
+}
+
+CK_RV
+sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
+                      const void *valPtr, CK_ULONG length)
+{
+    SFTKAttribute *attribute;
+    attribute = sftk_NewAttribute(object, type, valPtr, length);
+    if (attribute == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    sftk_AddAttribute(object, attribute);
+    return CKR_OK;
+}
+
+/*
+ * ******************** Object Utilities *******************************
+ */
+
+/* must be called holding sftk_tokenKeyLock(slot) */
+static SECItem *
+sftk_lookupTokenKeyByHandle(SFTKSlot *slot, CK_OBJECT_HANDLE handle)
+{
+    return (SECItem *)PL_HashTableLookup(slot->tokObjHashTable, (void *)handle);
+}
+
+/*
+ * use the refLock. This operations should be very rare, so the added
+ * contention on the ref lock should be lower than the overhead of adding
+ * a new lock. We use separate functions for this just in case I'm wrong.
+ */
+static void
+sftk_tokenKeyLock(SFTKSlot *slot)
+{
+    SKIP_AFTER_FORK(PZ_Lock(slot->objectLock));
+}
+
+static void
+sftk_tokenKeyUnlock(SFTKSlot *slot)
+{
+    SKIP_AFTER_FORK(PZ_Unlock(slot->objectLock));
+}
+
+static PRIntn
+sftk_freeHashItem(PLHashEntry *entry, PRIntn index, void *arg)
+{
+    SECItem *item = (SECItem *)entry->value;
+
+    SECITEM_FreeItem(item, PR_TRUE);
+    return HT_ENUMERATE_NEXT;
+}
+
+CK_RV
+SFTK_ClearTokenKeyHashTable(SFTKSlot *slot)
+{
+    sftk_tokenKeyLock(slot);
+    PORT_Assert(!slot->present);
+    PL_HashTableEnumerateEntries(slot->tokObjHashTable, sftk_freeHashItem, NULL);
+    sftk_tokenKeyUnlock(slot);
+    return CKR_OK;
+}
+
+/* allocation hooks that allow us to recycle old object structures */
+static SFTKObjectFreeList sessionObjectList = { NULL, NULL, 0 };
+static SFTKObjectFreeList tokenObjectList = { NULL, NULL, 0 };
+
+SFTKObject *
+sftk_GetObjectFromList(PRBool *hasLocks, PRBool optimizeSpace,
+                       SFTKObjectFreeList *list, unsigned int hashSize, PRBool isSessionObject)
+{
+    SFTKObject *object;
+    int size = 0;
+
+    if (!optimizeSpace) {
+        PZ_Lock(list->lock);
+        object = list->head;
+        if (object) {
+            list->head = object->next;
+            list->count--;
+        }
+        PZ_Unlock(list->lock);
+        if (object) {
+            object->next = object->prev = NULL;
+            *hasLocks = PR_TRUE;
+            return object;
+        }
+    }
+    size = isSessionObject ? sizeof(SFTKSessionObject) + hashSize * sizeof(SFTKAttribute *) : sizeof(SFTKTokenObject);
+
+    object = (SFTKObject *)PORT_ZAlloc(size);
+    if (isSessionObject && object) {
+        ((SFTKSessionObject *)object)->hashSize = hashSize;
+    }
+    *hasLocks = PR_FALSE;
+    return object;
+}
+
+static void
+sftk_PutObjectToList(SFTKObject *object, SFTKObjectFreeList *list,
+                     PRBool isSessionObject)
+{
+
+    /* the code below is equivalent to :
+     *     optimizeSpace = isSessionObject ? object->optimizeSpace : PR_FALSE;
+     * just faster.
+     */
+    PRBool optimizeSpace = isSessionObject &&
+                           ((SFTKSessionObject *)object)->optimizeSpace;
+    if (object->refLock && !optimizeSpace && (list->count < MAX_OBJECT_LIST_SIZE)) {
+        PZ_Lock(list->lock);
+        object->next = list->head;
+        list->head = object;
+        list->count++;
+        PZ_Unlock(list->lock);
+        return;
+    }
+    if (isSessionObject) {
+        SFTKSessionObject *so = (SFTKSessionObject *)object;
+        PZ_DestroyLock(so->attributeLock);
+        so->attributeLock = NULL;
+    }
+    if (object->refLock) {
+        PZ_DestroyLock(object->refLock);
+        object->refLock = NULL;
+    }
+    PORT_Free(object);
+}
+
+static SFTKObject *
+sftk_freeObjectData(SFTKObject *object)
+{
+    SFTKObject *next = object->next;
+
+    PORT_Free(object);
+    return next;
+}
+
+static void
+sftk_InitFreeList(SFTKObjectFreeList *list)
+{
+    if (!list->lock) {
+        list->lock = PZ_NewLock(nssILockObject);
+    }
+}
+
+void
+sftk_InitFreeLists(void)
+{
+    sftk_InitFreeList(&sessionObjectList);
+    sftk_InitFreeList(&tokenObjectList);
+}
+
+static void
+sftk_CleanupFreeList(SFTKObjectFreeList *list, PRBool isSessionList)
+{
+    SFTKObject *object;
+
+    if (!list->lock) {
+        return;
+    }
+    SKIP_AFTER_FORK(PZ_Lock(list->lock));
+    for (object = list->head; object != NULL;
+         object = sftk_freeObjectData(object)) {
+        PZ_DestroyLock(object->refLock);
+        if (isSessionList) {
+            PZ_DestroyLock(((SFTKSessionObject *)object)->attributeLock);
+        }
+    }
+    list->count = 0;
+    list->head = NULL;
+    SKIP_AFTER_FORK(PZ_Unlock(list->lock));
+    SKIP_AFTER_FORK(PZ_DestroyLock(list->lock));
+    list->lock = NULL;
+}
+
+void
+sftk_CleanupFreeLists(void)
+{
+    sftk_CleanupFreeList(&sessionObjectList, PR_TRUE);
+    sftk_CleanupFreeList(&tokenObjectList, PR_FALSE);
+}
+
+/*
+ * Create a new object
+ */
+SFTKObject *
+sftk_NewObject(SFTKSlot *slot)
+{
+    SFTKObject *object;
+    SFTKSessionObject *sessObject;
+    PRBool hasLocks = PR_FALSE;
+    unsigned int i;
+    unsigned int hashSize = 0;
+
+    hashSize = (slot->optimizeSpace) ? SPACE_ATTRIBUTE_HASH_SIZE : TIME_ATTRIBUTE_HASH_SIZE;
+
+    object = sftk_GetObjectFromList(&hasLocks, slot->optimizeSpace,
+                                    &sessionObjectList, hashSize, PR_TRUE);
+    if (object == NULL) {
+        return NULL;
+    }
+    sessObject = (SFTKSessionObject *)object;
+    sessObject->nextAttr = 0;
+
+    for (i = 0; i < MAX_OBJS_ATTRS; i++) {
+        sessObject->attrList[i].attrib.pValue = NULL;
+        sessObject->attrList[i].freeData = PR_FALSE;
+    }
+    sessObject->optimizeSpace = slot->optimizeSpace;
+
+    object->handle = 0;
+    object->next = object->prev = NULL;
+    object->slot = slot;
+
+    object->refCount = 1;
+    sessObject->sessionList.next = NULL;
+    sessObject->sessionList.prev = NULL;
+    sessObject->sessionList.parent = object;
+    sessObject->session = NULL;
+    sessObject->wasDerived = PR_FALSE;
+    if (!hasLocks)
+        object->refLock = PZ_NewLock(nssILockRefLock);
+    if (object->refLock == NULL) {
+        PORT_Free(object);
+        return NULL;
+    }
+    if (!hasLocks)
+        sessObject->attributeLock = PZ_NewLock(nssILockAttribute);
+    if (sessObject->attributeLock == NULL) {
+        PZ_DestroyLock(object->refLock);
+        PORT_Free(object);
+        return NULL;
+    }
+    for (i = 0; i < sessObject->hashSize; i++) {
+        sessObject->head[i] = NULL;
+    }
+    object->objectInfo = NULL;
+    object->infoFree = NULL;
+    return object;
+}
+
+static CK_RV
+sftk_DestroySessionObjectData(SFTKSessionObject *so)
+{
+    int i;
+
+    for (i = 0; i < MAX_OBJS_ATTRS; i++) {
+        unsigned char *value = so->attrList[i].attrib.pValue;
+        if (value) {
+            PORT_Memset(value, 0, so->attrList[i].attrib.ulValueLen);
+            if (so->attrList[i].freeData) {
+                PORT_Free(value);
+            }
+            so->attrList[i].attrib.pValue = NULL;
+            so->attrList[i].freeData = PR_FALSE;
+        }
+    }
+    /*  PZ_DestroyLock(so->attributeLock);*/
+    return CKR_OK;
+}
+
+/*
+ * free all the data associated with an object. Object reference count must
+ * be 'zero'.
+ */
+static CK_RV
+sftk_DestroyObject(SFTKObject *object)
+{
+    CK_RV crv = CKR_OK;
+    SFTKSessionObject *so = sftk_narrowToSessionObject(object);
+    SFTKTokenObject *to = sftk_narrowToTokenObject(object);
+
+    PORT_Assert(object->refCount == 0);
+
+    /* delete the database value */
+    if (to) {
+        if (to->dbKey.data) {
+            PORT_Free(to->dbKey.data);
+            to->dbKey.data = NULL;
+        }
+    }
+    if (so) {
+        sftk_DestroySessionObjectData(so);
+    }
+    if (object->objectInfo) {
+        (*object->infoFree)(object->objectInfo);
+        object->objectInfo = NULL;
+        object->infoFree = NULL;
+    }
+    if (so) {
+        sftk_PutObjectToList(object, &sessionObjectList, PR_TRUE);
+    } else {
+        sftk_PutObjectToList(object, &tokenObjectList, PR_FALSE);
+    }
+    return crv;
+}
+
+void
+sftk_ReferenceObject(SFTKObject *object)
+{
+    PZ_Lock(object->refLock);
+    object->refCount++;
+    PZ_Unlock(object->refLock);
+}
+
+static SFTKObject *
+sftk_ObjectFromHandleOnSlot(CK_OBJECT_HANDLE handle, SFTKSlot *slot)
+{
+    SFTKObject *object;
+    PRUint32 index = sftk_hash(handle, slot->sessObjHashSize);
+
+    if (sftk_isToken(handle)) {
+        return sftk_NewTokenObject(slot, NULL, handle);
+    }
+
+    PZ_Lock(slot->objectLock);
+    sftkqueue_find2(object, handle, index, slot->sessObjHashTable);
+    if (object) {
+        sftk_ReferenceObject(object);
+    }
+    PZ_Unlock(slot->objectLock);
+
+    return (object);
+}
+/*
+ * look up and object structure from a handle. OBJECT_Handles only make
+ * sense in terms of a given session.  make a reference to that object
+ * structure returned.
+ */
+SFTKObject *
+sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle, SFTKSession *session)
+{
+    SFTKSlot *slot = sftk_SlotFromSession(session);
+
+    return sftk_ObjectFromHandleOnSlot(handle, slot);
+}
+
+/*
+ * release a reference to an object handle
+ */
+SFTKFreeStatus
+sftk_FreeObject(SFTKObject *object)
+{
+    PRBool destroy = PR_FALSE;
+    CK_RV crv;
+
+    PZ_Lock(object->refLock);
+    if (object->refCount == 1)
+        destroy = PR_TRUE;
+    object->refCount--;
+    PZ_Unlock(object->refLock);
+
+    if (destroy) {
+        crv = sftk_DestroyObject(object);
+        if (crv != CKR_OK) {
+            return SFTK_DestroyFailure;
+        }
+        return SFTK_Destroyed;
+    }
+    return SFTK_Busy;
+}
+
+/*
+ * add an object to a slot and session queue. These two functions
+ * adopt the object.
+ */
+void
+sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object)
+{
+    PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize);
+    sftkqueue_init_element(object);
+    PZ_Lock(slot->objectLock);
+    sftkqueue_add2(object, object->handle, index, slot->sessObjHashTable);
+    PZ_Unlock(slot->objectLock);
+}
+
+void
+sftk_AddObject(SFTKSession *session, SFTKObject *object)
+{
+    SFTKSlot *slot = sftk_SlotFromSession(session);
+    SFTKSessionObject *so = sftk_narrowToSessionObject(object);
+
+    if (so) {
+        PZ_Lock(session->objectLock);
+        sftkqueue_add(&so->sessionList, 0, session->objects, 0);
+        so->session = session;
+        PZ_Unlock(session->objectLock);
+    }
+    sftk_AddSlotObject(slot, object);
+    sftk_ReferenceObject(object);
+}
+
+/*
+ * delete an object from a slot and session queue
+ */
+CK_RV
+sftk_DeleteObject(SFTKSession *session, SFTKObject *object)
+{
+    SFTKSlot *slot = sftk_SlotFromSession(session);
+    SFTKSessionObject *so = sftk_narrowToSessionObject(object);
+    CK_RV crv = CKR_OK;
+    PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize);
+
+    /* Handle Token case */
+    if (so && so->session) {
+        SFTKSession *session = so->session;
+        PZ_Lock(session->objectLock);
+        sftkqueue_delete(&so->sessionList, 0, session->objects, 0);
+        PZ_Unlock(session->objectLock);
+        PZ_Lock(slot->objectLock);
+        sftkqueue_delete2(object, object->handle, index, slot->sessObjHashTable);
+        PZ_Unlock(slot->objectLock);
+        sftkqueue_clear_deleted_element(object);
+        sftk_FreeObject(object); /* free the reference owned by the queue */
+    } else {
+        SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle);
+#ifdef DEBUG
+        SFTKTokenObject *to = sftk_narrowToTokenObject(object);
+        PORT_Assert(to);
+#endif
+        crv = sftkdb_DestroyObject(handle, object->handle);
+        sftk_freeDB(handle);
+    }
+    return crv;
+}
+
+/*
+ * Token objects don't explicitly store their attributes, so we need to know
+ * what attributes make up a particular token object before we can copy it.
+ * below are the tables by object type.
+ */
+static const CK_ATTRIBUTE_TYPE commonAttrs[] = {
+    CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL, CKA_MODIFIABLE
+};
+static const CK_ULONG commonAttrsCount =
+    sizeof(commonAttrs) / sizeof(commonAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE commonKeyAttrs[] = {
+    CKA_ID, CKA_START_DATE, CKA_END_DATE, CKA_DERIVE, CKA_LOCAL, CKA_KEY_TYPE
+};
+static const CK_ULONG commonKeyAttrsCount =
+    sizeof(commonKeyAttrs) / sizeof(commonKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE secretKeyAttrs[] = {
+    CKA_SENSITIVE, CKA_EXTRACTABLE, CKA_ENCRYPT, CKA_DECRYPT, CKA_SIGN,
+    CKA_VERIFY, CKA_WRAP, CKA_UNWRAP, CKA_VALUE
+};
+static const CK_ULONG secretKeyAttrsCount =
+    sizeof(secretKeyAttrs) / sizeof(secretKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE commonPubKeyAttrs[] = {
+    CKA_ENCRYPT, CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_WRAP, CKA_SUBJECT
+};
+static const CK_ULONG commonPubKeyAttrsCount =
+    sizeof(commonPubKeyAttrs) / sizeof(commonPubKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE rsaPubKeyAttrs[] = {
+    CKA_MODULUS, CKA_PUBLIC_EXPONENT
+};
+static const CK_ULONG rsaPubKeyAttrsCount =
+    sizeof(rsaPubKeyAttrs) / sizeof(rsaPubKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE dsaPubKeyAttrs[] = {
+    CKA_SUBPRIME, CKA_PRIME, CKA_BASE, CKA_VALUE
+};
+static const CK_ULONG dsaPubKeyAttrsCount =
+    sizeof(dsaPubKeyAttrs) / sizeof(dsaPubKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE dhPubKeyAttrs[] = {
+    CKA_PRIME, CKA_BASE, CKA_VALUE
+};
+static const CK_ULONG dhPubKeyAttrsCount =
+    sizeof(dhPubKeyAttrs) / sizeof(dhPubKeyAttrs[0]);
+#ifndef NSS_DISABLE_ECC
+static const CK_ATTRIBUTE_TYPE ecPubKeyAttrs[] = {
+    CKA_EC_PARAMS, CKA_EC_POINT
+};
+static const CK_ULONG ecPubKeyAttrsCount =
+    sizeof(ecPubKeyAttrs) / sizeof(ecPubKeyAttrs[0]);
+#endif
+
+static const CK_ATTRIBUTE_TYPE commonPrivKeyAttrs[] = {
+    CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER, CKA_UNWRAP, CKA_SUBJECT,
+    CKA_SENSITIVE, CKA_EXTRACTABLE, CKA_NETSCAPE_DB
+};
+static const CK_ULONG commonPrivKeyAttrsCount =
+    sizeof(commonPrivKeyAttrs) / sizeof(commonPrivKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE rsaPrivKeyAttrs[] = {
+    CKA_MODULUS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT,
+    CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT
+};
+static const CK_ULONG rsaPrivKeyAttrsCount =
+    sizeof(rsaPrivKeyAttrs) / sizeof(rsaPrivKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE dsaPrivKeyAttrs[] = {
+    CKA_SUBPRIME, CKA_PRIME, CKA_BASE, CKA_VALUE
+};
+static const CK_ULONG dsaPrivKeyAttrsCount =
+    sizeof(dsaPrivKeyAttrs) / sizeof(dsaPrivKeyAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE dhPrivKeyAttrs[] = {
+    CKA_PRIME, CKA_BASE, CKA_VALUE
+};
+static const CK_ULONG dhPrivKeyAttrsCount =
+    sizeof(dhPrivKeyAttrs) / sizeof(dhPrivKeyAttrs[0]);
+#ifndef NSS_DISABLE_ECC
+static const CK_ATTRIBUTE_TYPE ecPrivKeyAttrs[] = {
+    CKA_EC_PARAMS, CKA_VALUE
+};
+static const CK_ULONG ecPrivKeyAttrsCount =
+    sizeof(ecPrivKeyAttrs) / sizeof(ecPrivKeyAttrs[0]);
+#endif
+
+static const CK_ATTRIBUTE_TYPE certAttrs[] = {
+    CKA_CERTIFICATE_TYPE, CKA_VALUE, CKA_SUBJECT, CKA_ISSUER, CKA_SERIAL_NUMBER
+};
+static const CK_ULONG certAttrsCount =
+    sizeof(certAttrs) / sizeof(certAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE trustAttrs[] = {
+    CKA_ISSUER, CKA_SERIAL_NUMBER, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
+    CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH, CKA_TRUST_EMAIL_PROTECTION,
+    CKA_TRUST_CODE_SIGNING, CKA_TRUST_STEP_UP_APPROVED
+};
+static const CK_ULONG trustAttrsCount =
+    sizeof(trustAttrs) / sizeof(trustAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE smimeAttrs[] = {
+    CKA_SUBJECT, CKA_NETSCAPE_EMAIL, CKA_NETSCAPE_SMIME_TIMESTAMP, CKA_VALUE
+};
+static const CK_ULONG smimeAttrsCount =
+    sizeof(smimeAttrs) / sizeof(smimeAttrs[0]);
+
+static const CK_ATTRIBUTE_TYPE crlAttrs[] = {
+    CKA_SUBJECT, CKA_VALUE, CKA_NETSCAPE_URL, CKA_NETSCAPE_KRL
+};
+static const CK_ULONG crlAttrsCount =
+    sizeof(crlAttrs) / sizeof(crlAttrs[0]);
+
+/* copy an object based on it's table */
+CK_RV
+stfk_CopyTokenAttributes(SFTKObject *destObject, SFTKTokenObject *src_to,
+                         const CK_ATTRIBUTE_TYPE *attrArray, CK_ULONG attrCount)
+{
+    SFTKAttribute *attribute;
+    SFTKAttribute *newAttribute;
+    CK_RV crv = CKR_OK;
+    unsigned int i;
+
+    for (i = 0; i < attrCount; i++) {
+        if (!sftk_hasAttribute(destObject, attrArray[i])) {
+            attribute = sftk_FindAttribute(&src_to->obj, attrArray[i]);
+            if (!attribute) {
+                continue; /* return CKR_ATTRIBUTE_VALUE_INVALID; */
+            }
+            /* we need to copy the attribute since each attribute
+             * only has one set of link list pointers */
+            newAttribute = sftk_NewAttribute(destObject,
+                                             sftk_attr_expand(&attribute->attrib));
+            sftk_FreeAttribute(attribute); /* free the old attribute */
+            if (!newAttribute) {
+                return CKR_HOST_MEMORY;
+            }
+            sftk_AddAttribute(destObject, newAttribute);
+        }
+    }
+    return crv;
+}
+
+CK_RV
+stfk_CopyTokenPrivateKey(SFTKObject *destObject, SFTKTokenObject *src_to)
+{
+    CK_RV crv;
+    CK_KEY_TYPE key_type;
+    SFTKAttribute *attribute;
+
+    /* copy the common attributes for all keys first */
+    crv = stfk_CopyTokenAttributes(destObject, src_to, commonKeyAttrs,
+                                   commonKeyAttrsCount);
+    if (crv != CKR_OK) {
+        goto fail;
+    }
+    /* copy the common attributes for all private keys next */
+    crv = stfk_CopyTokenAttributes(destObject, src_to, commonPrivKeyAttrs,
+                                   commonPrivKeyAttrsCount);
+    if (crv != CKR_OK) {
+        goto fail;
+    }
+    attribute = sftk_FindAttribute(&src_to->obj, CKA_KEY_TYPE);
+    PORT_Assert(attribute); /* if it wasn't here, ww should have failed
+                 * copying the common attributes */
+    if (!attribute) {
+        /* OK, so CKR_ATTRIBUTE_VALUE_INVALID is the immediate error, but
+         * the fact is, the only reason we couldn't get the attribute would
+         * be a memory error or database error (an error in the 'device').
+         * if we have a database error code, we could return it here */
+        crv = CKR_DEVICE_ERROR;
+        goto fail;
+    }
+    key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
+    sftk_FreeAttribute(attribute);
+
+    /* finally copy the attributes for various private key types */
+    switch (key_type) {
+        case CKK_RSA:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, rsaPrivKeyAttrs,
+                                           rsaPrivKeyAttrsCount);
+            break;
+        case CKK_DSA:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, dsaPrivKeyAttrs,
+                                           dsaPrivKeyAttrsCount);
+            break;
+        case CKK_DH:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, dhPrivKeyAttrs,
+                                           dhPrivKeyAttrsCount);
+            break;
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, ecPrivKeyAttrs,
+                                           ecPrivKeyAttrsCount);
+            break;
+#endif
+        default:
+            crv = CKR_DEVICE_ERROR; /* shouldn't happen unless we store more types
+                                     * of token keys into our database. */
+    }
+fail:
+    return crv;
+}
+
+CK_RV
+stfk_CopyTokenPublicKey(SFTKObject *destObject, SFTKTokenObject *src_to)
+{
+    CK_RV crv;
+    CK_KEY_TYPE key_type;
+    SFTKAttribute *attribute;
+
+    /* copy the common attributes for all keys first */
+    crv = stfk_CopyTokenAttributes(destObject, src_to, commonKeyAttrs,
+                                   commonKeyAttrsCount);
+    if (crv != CKR_OK) {
+        goto fail;
+    }
+
+    /* copy the common attributes for all public keys next */
+    crv = stfk_CopyTokenAttributes(destObject, src_to, commonPubKeyAttrs,
+                                   commonPubKeyAttrsCount);
+    if (crv != CKR_OK) {
+        goto fail;
+    }
+    attribute = sftk_FindAttribute(&src_to->obj, CKA_KEY_TYPE);
+    PORT_Assert(attribute); /* if it wasn't here, ww should have failed
+                 * copying the common attributes */
+    if (!attribute) {
+        /* OK, so CKR_ATTRIBUTE_VALUE_INVALID is the immediate error, but
+         * the fact is, the only reason we couldn't get the attribute would
+         * be a memory error or database error (an error in the 'device').
+         * if we have a database error code, we could return it here */
+        crv = CKR_DEVICE_ERROR;
+        goto fail;
+    }
+    key_type = *(CK_KEY_TYPE *)attribute->attrib.pValue;
+    sftk_FreeAttribute(attribute);
+
+    /* finally copy the attributes for various public key types */
+    switch (key_type) {
+        case CKK_RSA:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, rsaPubKeyAttrs,
+                                           rsaPubKeyAttrsCount);
+            break;
+        case CKK_DSA:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, dsaPubKeyAttrs,
+                                           dsaPubKeyAttrsCount);
+            break;
+        case CKK_DH:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, dhPubKeyAttrs,
+                                           dhPubKeyAttrsCount);
+            break;
+#ifndef NSS_DISABLE_ECC
+        case CKK_EC:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, ecPubKeyAttrs,
+                                           ecPubKeyAttrsCount);
+            break;
+#endif
+        default:
+            crv = CKR_DEVICE_ERROR; /* shouldn't happen unless we store more types
+                                     * of token keys into our database. */
+    }
+fail:
+    return crv;
+}
+CK_RV
+stfk_CopyTokenSecretKey(SFTKObject *destObject, SFTKTokenObject *src_to)
+{
+    CK_RV crv;
+    crv = stfk_CopyTokenAttributes(destObject, src_to, commonKeyAttrs,
+                                   commonKeyAttrsCount);
+    if (crv != CKR_OK) {
+        goto fail;
+    }
+    crv = stfk_CopyTokenAttributes(destObject, src_to, secretKeyAttrs,
+                                   secretKeyAttrsCount);
+fail:
+    return crv;
+}
+
+/*
+ * Copy a token object. We need to explicitly copy the relevant
+ * attributes since token objects don't store those attributes in
+ * the token itself.
+ */
+CK_RV
+sftk_CopyTokenObject(SFTKObject *destObject, SFTKObject *srcObject)
+{
+    SFTKTokenObject *src_to = sftk_narrowToTokenObject(srcObject);
+    CK_RV crv;
+
+    PORT_Assert(src_to);
+    if (src_to == NULL) {
+        return CKR_DEVICE_ERROR; /* internal state inconsistant */
+    }
+
+    crv = stfk_CopyTokenAttributes(destObject, src_to, commonAttrs,
+                                   commonAttrsCount);
+    if (crv != CKR_OK) {
+        goto fail;
+    }
+    switch (src_to->obj.objclass) {
+        case CKO_CERTIFICATE:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, certAttrs,
+                                           certAttrsCount);
+            break;
+        case CKO_NETSCAPE_TRUST:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, trustAttrs,
+                                           trustAttrsCount);
+            break;
+        case CKO_NETSCAPE_SMIME:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, smimeAttrs,
+                                           smimeAttrsCount);
+            break;
+        case CKO_NETSCAPE_CRL:
+            crv = stfk_CopyTokenAttributes(destObject, src_to, crlAttrs,
+                                           crlAttrsCount);
+            break;
+        case CKO_PRIVATE_KEY:
+            crv = stfk_CopyTokenPrivateKey(destObject, src_to);
+            break;
+        case CKO_PUBLIC_KEY:
+            crv = stfk_CopyTokenPublicKey(destObject, src_to);
+            break;
+        case CKO_SECRET_KEY:
+            crv = stfk_CopyTokenSecretKey(destObject, src_to);
+            break;
+        default:
+            crv = CKR_DEVICE_ERROR; /* shouldn't happen unless we store more types
+                                     * of token keys into our database. */
+    }
+fail:
+    return crv;
+}
+
+/*
+ * copy the attributes from one object to another. Don't overwrite existing
+ * attributes. NOTE: This is a pretty expensive operation since it
+ * grabs the attribute locks for the src object for a *long* time.
+ */
+CK_RV
+sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject)
+{
+    SFTKAttribute *attribute;
+    SFTKSessionObject *src_so = sftk_narrowToSessionObject(srcObject);
+    unsigned int i;
+
+    if (src_so == NULL) {
+        return sftk_CopyTokenObject(destObject, srcObject);
+    }
+
+    PZ_Lock(src_so->attributeLock);
+    for (i = 0; i < src_so->hashSize; i++) {
+        attribute = src_so->head[i];
+        do {
+            if (attribute) {
+                if (!sftk_hasAttribute(destObject, attribute->handle)) {
+                    /* we need to copy the attribute since each attribute
+                     * only has one set of link list pointers */
+                    SFTKAttribute *newAttribute = sftk_NewAttribute(
+                        destObject, sftk_attr_expand(&attribute->attrib));
+                    if (newAttribute == NULL) {
+                        PZ_Unlock(src_so->attributeLock);
+                        return CKR_HOST_MEMORY;
+                    }
+                    sftk_AddAttribute(destObject, newAttribute);
+                }
+                attribute = attribute->next;
+            }
+        } while (attribute != NULL);
+    }
+    PZ_Unlock(src_so->attributeLock);
+
+    return CKR_OK;
+}
+
+/*
+ * ******************** Search Utilities *******************************
+ */
+
+/* add an object to a search list */
+CK_RV
+AddToList(SFTKObjectListElement **list, SFTKObject *object)
+{
+    SFTKObjectListElement *newElem =
+        (SFTKObjectListElement *)PORT_Alloc(sizeof(SFTKObjectListElement));
+
+    if (newElem == NULL)
+        return CKR_HOST_MEMORY;
+
+    newElem->next = *list;
+    newElem->object = object;
+    sftk_ReferenceObject(object);
+
+    *list = newElem;
+    return CKR_OK;
+}
+
+/* return true if the object matches the template */
+PRBool
+sftk_objectMatch(SFTKObject *object, CK_ATTRIBUTE_PTR theTemplate, int count)
+{
+    int i;
+
+    for (i = 0; i < count; i++) {
+        SFTKAttribute *attribute = sftk_FindAttribute(object, theTemplate[i].type);
+        if (attribute == NULL) {
+            return PR_FALSE;
+        }
+        if (attribute->attrib.ulValueLen == theTemplate[i].ulValueLen) {
+            if (PORT_Memcmp(attribute->attrib.pValue, theTemplate[i].pValue,
+                            theTemplate[i].ulValueLen) == 0) {
+                sftk_FreeAttribute(attribute);
+                continue;
+            }
+        }
+        sftk_FreeAttribute(attribute);
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/* search through all the objects in the queue and return the template matches
+ * in the object list.
+ */
+CK_RV
+sftk_searchObjectList(SFTKSearchResults *search, SFTKObject **head,
+                      unsigned int size, PZLock *lock, CK_ATTRIBUTE_PTR theTemplate,
+                      int count, PRBool isLoggedIn)
+{
+    unsigned int i;
+    SFTKObject *object;
+    CK_RV crv = CKR_OK;
+
+    for (i = 0; i < size; i++) {
+        /* We need to hold the lock to copy a consistant version of
+         * the linked list. */
+        PZ_Lock(lock);
+        for (object = head[i]; object != NULL; object = object->next) {
+            if (sftk_objectMatch(object, theTemplate, count)) {
+                /* don't return objects that aren't yet visible */
+                if ((!isLoggedIn) && sftk_isTrue(object, CKA_PRIVATE))
+                    continue;
+                sftk_addHandle(search, object->handle);
+            }
+        }
+        PZ_Unlock(lock);
+    }
+    return crv;
+}
+
+/*
+ * free a single list element. Return the Next object in the list.
+ */
+SFTKObjectListElement *
+sftk_FreeObjectListElement(SFTKObjectListElement *objectList)
+{
+    SFTKObjectListElement *ol = objectList->next;
+
+    sftk_FreeObject(objectList->object);
+    PORT_Free(objectList);
+    return ol;
+}
+
+/* free an entire object list */
+void
+sftk_FreeObjectList(SFTKObjectListElement *objectList)
+{
+    SFTKObjectListElement *ol;
+
+    for (ol = objectList; ol != NULL; ol = sftk_FreeObjectListElement(ol)) {
+    }
+}
+
+/*
+ * free a search structure
+ */
+void
+sftk_FreeSearch(SFTKSearchResults *search)
+{
+    if (search->handles) {
+        PORT_Free(search->handles);
+    }
+    PORT_Free(search);
+}
+
+/*
+ * ******************** Session Utilities *******************************
+ */
+
+/* update the sessions state based in it's flags and wether or not it's
+ * logged in */
+void
+sftk_update_state(SFTKSlot *slot, SFTKSession *session)
+{
+    if (slot->isLoggedIn) {
+        if (slot->ssoLoggedIn) {
+            session->info.state = CKS_RW_SO_FUNCTIONS;
+        } else if (session->info.flags & CKF_RW_SESSION) {
+            session->info.state = CKS_RW_USER_FUNCTIONS;
+        } else {
+            session->info.state = CKS_RO_USER_FUNCTIONS;
+        }
+    } else {
+        if (session->info.flags & CKF_RW_SESSION) {
+            session->info.state = CKS_RW_PUBLIC_SESSION;
+        } else {
+            session->info.state = CKS_RO_PUBLIC_SESSION;
+        }
+    }
+}
+
+/* update the state of all the sessions on a slot */
+void
+sftk_update_all_states(SFTKSlot *slot)
+{
+    unsigned int i;
+    SFTKSession *session;
+
+    for (i = 0; i < slot->sessHashSize; i++) {
+        PZLock *lock = SFTK_SESSION_LOCK(slot, i);
+        PZ_Lock(lock);
+        for (session = slot->head[i]; session; session = session->next) {
+            sftk_update_state(slot, session);
+        }
+        PZ_Unlock(lock);
+    }
+}
+
+/*
+ * context are cipher and digest contexts that are associated with a session
+ */
+void
+sftk_FreeContext(SFTKSessionContext *context)
+{
+    if (context->cipherInfo) {
+        (*context->destroy)(context->cipherInfo, PR_TRUE);
+    }
+    if (context->hashInfo) {
+        (*context->hashdestroy)(context->hashInfo, PR_TRUE);
+    }
+    if (context->key) {
+        sftk_FreeObject(context->key);
+        context->key = NULL;
+    }
+    PORT_Free(context);
+}
+
+/*
+ * create a new nession. NOTE: The session handle is not set, and the
+ * session is not added to the slot's session queue.
+ */
+SFTKSession *
+sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, CK_VOID_PTR pApplication,
+                CK_FLAGS flags)
+{
+    SFTKSession *session;
+    SFTKSlot *slot = sftk_SlotFromID(slotID, PR_FALSE);
+
+    if (slot == NULL)
+        return NULL;
+
+    session = (SFTKSession *)PORT_Alloc(sizeof(SFTKSession));
+    if (session == NULL)
+        return NULL;
+
+    session->next = session->prev = NULL;
+    session->refCount = 1;
+    session->enc_context = NULL;
+    session->hash_context = NULL;
+    session->sign_context = NULL;
+    session->search = NULL;
+    session->objectIDCount = 1;
+    session->objectLock = PZ_NewLock(nssILockObject);
+    if (session->objectLock == NULL) {
+        PORT_Free(session);
+        return NULL;
+    }
+    session->objects[0] = NULL;
+
+    session->slot = slot;
+    session->notify = notify;
+    session->appData = pApplication;
+    session->info.flags = flags;
+    session->info.slotID = slotID;
+    session->info.ulDeviceError = 0;
+    sftk_update_state(slot, session);
+    return session;
+}
+
+/* free all the data associated with a session. */
+static void
+sftk_DestroySession(SFTKSession *session)
+{
+    SFTKObjectList *op, *next;
+    PORT_Assert(session->refCount == 0);
+
+    /* clean out the attributes */
+    /* since no one is referencing us, it's safe to walk the chain
+     * without a lock */
+    for (op = session->objects[0]; op != NULL; op = next) {
+        next = op->next;
+        /* paranoia */
+        op->next = op->prev = NULL;
+        sftk_DeleteObject(session, op->parent);
+    }
+    PZ_DestroyLock(session->objectLock);
+    if (session->enc_context) {
+        sftk_FreeContext(session->enc_context);
+    }
+    if (session->hash_context) {
+        sftk_FreeContext(session->hash_context);
+    }
+    if (session->sign_context) {
+        sftk_FreeContext(session->sign_context);
+    }
+    if (session->search) {
+        sftk_FreeSearch(session->search);
+    }
+    PORT_Free(session);
+}
+
+/*
+ * look up a session structure from a session handle
+ * generate a reference to it.
+ */
+SFTKSession *
+sftk_SessionFromHandle(CK_SESSION_HANDLE handle)
+{
+    SFTKSlot *slot = sftk_SlotFromSessionHandle(handle);
+    SFTKSession *session;
+    PZLock *lock;
+
+    if (!slot)
+        return NULL;
+    lock = SFTK_SESSION_LOCK(slot, handle);
+
+    PZ_Lock(lock);
+    sftkqueue_find(session, handle, slot->head, slot->sessHashSize);
+    if (session)
+        session->refCount++;
+    PZ_Unlock(lock);
+
+    return (session);
+}
+
+/*
+ * release a reference to a session handle
+ */
+void
+sftk_FreeSession(SFTKSession *session)
+{
+    PRBool destroy = PR_FALSE;
+    SFTKSlot *slot = sftk_SlotFromSession(session);
+    PZLock *lock = SFTK_SESSION_LOCK(slot, session->handle);
+
+    PZ_Lock(lock);
+    if (session->refCount == 1)
+        destroy = PR_TRUE;
+    session->refCount--;
+    PZ_Unlock(lock);
+
+    if (destroy)
+        sftk_DestroySession(session);
+}
+
+void
+sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle)
+{
+    if (search->handles == NULL) {
+        return;
+    }
+    if (search->size >= search->array_size) {
+        search->array_size += NSC_SEARCH_BLOCK_SIZE;
+        search->handles = (CK_OBJECT_HANDLE *)PORT_Realloc(search->handles,
+                                                           sizeof(CK_OBJECT_HANDLE) * search->array_size);
+        if (search->handles == NULL) {
+            return;
+        }
+    }
+    search->handles[search->size] = handle;
+    search->size++;
+}
+
+static CK_RV
+handleToClass(SFTKSlot *slot, CK_OBJECT_HANDLE handle,
+              CK_OBJECT_CLASS *objClass)
+{
+    SFTKDBHandle *dbHandle = sftk_getDBForTokenObject(slot, handle);
+    CK_ATTRIBUTE objClassTemplate;
+    CK_RV crv;
+
+    *objClass = CKO_DATA;
+    objClassTemplate.type = CKA_CLASS;
+    objClassTemplate.pValue = objClass;
+    objClassTemplate.ulValueLen = sizeof(*objClass);
+    crv = sftkdb_GetAttributeValue(dbHandle, handle, &objClassTemplate, 1);
+    sftk_freeDB(dbHandle);
+    return crv;
+}
+
+SFTKObject *
+sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle)
+{
+    SFTKObject *object = NULL;
+    PRBool hasLocks = PR_FALSE;
+    CK_RV crv;
+
+    object = sftk_GetObjectFromList(&hasLocks, PR_FALSE, &tokenObjectList, 0,
+                                    PR_FALSE);
+    if (object == NULL) {
+        return NULL;
+    }
+
+    object->handle = handle;
+    /* every object must have a class, if we can't get it, the object
+     * doesn't exist */
+    crv = handleToClass(slot, handle, &object->objclass);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    object->slot = slot;
+    object->objectInfo = NULL;
+    object->infoFree = NULL;
+    if (!hasLocks) {
+        object->refLock = PZ_NewLock(nssILockRefLock);
+    }
+    if (object->refLock == NULL) {
+        goto loser;
+    }
+    object->refCount = 1;
+
+    return object;
+loser:
+    (void)sftk_DestroyObject(object);
+    return NULL;
+}
+
+SFTKTokenObject *
+sftk_convertSessionToToken(SFTKObject *obj)
+{
+    SECItem *key;
+    SFTKSessionObject *so = (SFTKSessionObject *)obj;
+    SFTKTokenObject *to = sftk_narrowToTokenObject(obj);
+    SECStatus rv;
+
+    sftk_DestroySessionObjectData(so);
+    PZ_DestroyLock(so->attributeLock);
+    if (to == NULL) {
+        return NULL;
+    }
+    sftk_tokenKeyLock(so->obj.slot);
+    key = sftk_lookupTokenKeyByHandle(so->obj.slot, so->obj.handle);
+    if (key == NULL) {
+        sftk_tokenKeyUnlock(so->obj.slot);
+        return NULL;
+    }
+    rv = SECITEM_CopyItem(NULL, &to->dbKey, key);
+    sftk_tokenKeyUnlock(so->obj.slot);
+    if (rv == SECFailure) {
+        return NULL;
+    }
+
+    return to;
+}
+
+SFTKSessionObject *
+sftk_narrowToSessionObject(SFTKObject *obj)
+{
+    return !sftk_isToken(obj->handle) ? (SFTKSessionObject *)obj : NULL;
+}
+
+SFTKTokenObject *
+sftk_narrowToTokenObject(SFTKObject *obj)
+{
+    return sftk_isToken(obj->handle) ? (SFTKTokenObject *)obj : NULL;
+}
diff --git a/nss/lib/softoken/sdb.c b/nss/lib/softoken/sdb.c
new file mode 100644
index 0000000..0e321dd
--- /dev/null
+++ b/nss/lib/softoken/sdb.c
@@ -0,0 +1,2107 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file implements PKCS 11 on top of our existing security modules
+ *
+ * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
+ *   This implementation has two slots:
+ *      slot 1 is our generic crypto support. It does not require login.
+ *   It supports Public Key ops, and all they bulk ciphers and hashes.
+ *   It can also support Private Key ops for imported Private keys. It does
+ *   not have any token storage.
+ *      slot 2 is our private key support. It requires a login before use. It
+ *   can store Private Keys and Certs as token objects. Currently only private
+ *   keys and their associated Certificates are saved on the token.
+ *
+ *   In this implementation, session objects are only visible to the session
+ *   that created or generated them.
+ */
+
+#include "sdb.h"
+#include "pkcs11t.h"
+#include "seccomon.h"
+#include <sqlite3.h>
+#include "prthread.h"
+#include "prio.h"
+#include <stdio.h>
+#include "secport.h"
+#include "prmon.h"
+#include "prenv.h"
+#include "prprf.h"
+#include "prsystem.h" /* for PR_GetDirectorySeparator() */
+#include <sys/stat.h>
+#if defined(_WIN32)
+#include <io.h>
+#include <windows.h>
+#elif defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#ifdef SQLITE_UNSAFE_THREADS
+#include "prlock.h"
+/*
+ * SQLite can be compiled to be thread safe or not.
+ * turn on SQLITE_UNSAFE_THREADS if the OS does not support
+ * a thread safe version of sqlite.
+ */
+static PRLock *sqlite_lock = NULL;
+
+#define LOCK_SQLITE() PR_Lock(sqlite_lock);
+#define UNLOCK_SQLITE() PR_Unlock(sqlite_lock);
+#else
+#define LOCK_SQLITE()
+#define UNLOCK_SQLITE()
+#endif
+
+typedef enum {
+    SDB_CERT = 1,
+    SDB_KEY = 2
+} sdbDataType;
+
+/*
+ * defines controlling how long we wait to acquire locks.
+ *
+ * SDB_SQLITE_BUSY_TIMEOUT specifies how long (in milliseconds)
+ *  sqlite will wait on lock. If that timeout expires, sqlite will
+ *  return SQLITE_BUSY.
+ * SDB_BUSY_RETRY_TIME specifies how many seconds the sdb_ code waits
+ *  after receiving a busy before retrying.
+ * SDB_MAX_BUSY_RETRIES specifies how many times the sdb_ will retry on
+ *  a busy condition.
+ *
+ * SDB_SQLITE_BUSY_TIMEOUT affects all opertions, both manual
+ *   (prepare/step/reset/finalize) and automatic (sqlite3_exec()).
+ * SDB_BUSY_RETRY_TIME and SDB_MAX_BUSY_RETRIES only affect manual operations
+ *
+ * total wait time for automatic operations:
+ *   1 second (SDB_SQLITE_BUSY_TIMEOUT/1000).
+ * total wait time for manual operations:
+ *   (1 second + 5 seconds) * 10 = 60 seconds.
+ * (SDB_SQLITE_BUSY_TIMEOUT/1000 + SDB_BUSY_RETRY_TIME)*SDB_MAX_BUSY_RETRIES
+ */
+#define SDB_SQLITE_BUSY_TIMEOUT 1000 /* milliseconds */
+#define SDB_BUSY_RETRY_TIME 5        /* seconds */
+#define SDB_MAX_BUSY_RETRIES 10
+
+/*
+ * Note on use of sqlReadDB: Only one thread at a time may have an actual
+ * operation going on given sqlite3 * database. An operation is defined as
+ * the time from a sqlite3_prepare() until the sqlite3_finalize().
+ * Multiple sqlite3 * databases can be open and have simultaneous operations
+ * going. We use the sqlXactDB for all write operations. This database
+ * is only opened when we first create a transaction and closed when the
+ * transaction is complete. sqlReadDB is open when we first opened the database
+ * and is used for all read operation. It's use is protected by a monitor. This
+ * is because an operation can span the use of FindObjectsInit() through the
+ * call to FindObjectsFinal(). In the intermediate time it is possible to call
+ * other operations like NSC_GetAttributeValue */
+
+struct SDBPrivateStr {
+    char *sqlDBName;               /* invariant, path to this database */
+    sqlite3 *sqlXactDB;            /* access protected by dbMon, use protected
+                                    * by the transaction. Current transaction db*/
+    PRThread *sqlXactThread;       /* protected by dbMon,
+                                    * current transaction thread */
+    sqlite3 *sqlReadDB;            /* use protected by dbMon, value invariant */
+    PRIntervalTime lastUpdateTime; /* last time the cache was updated */
+    PRIntervalTime updateInterval; /* how long the cache can go before it
+                                    * must be updated again */
+    sdbDataType type;              /* invariant, database type */
+    char *table;                   /* invariant, SQL table which contains the db */
+    char *cacheTable;              /* invariant, SQL table cache of db */
+    PRMonitor *dbMon;              /* invariant, monitor to protect
+                                    * sqlXact* fields, and use of the sqlReadDB */
+};
+
+typedef struct SDBPrivateStr SDBPrivate;
+
+/*
+ * known attributes
+ */
+static const CK_ATTRIBUTE_TYPE known_attributes[] = {
+    CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL, CKA_APPLICATION,
+    CKA_VALUE, CKA_OBJECT_ID, CKA_CERTIFICATE_TYPE, CKA_ISSUER,
+    CKA_SERIAL_NUMBER, CKA_AC_ISSUER, CKA_OWNER, CKA_ATTR_TYPES, CKA_TRUSTED,
+    CKA_CERTIFICATE_CATEGORY, CKA_JAVA_MIDP_SECURITY_DOMAIN, CKA_URL,
+    CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CKA_HASH_OF_ISSUER_PUBLIC_KEY,
+    CKA_CHECK_VALUE, CKA_KEY_TYPE, CKA_SUBJECT, CKA_ID, CKA_SENSITIVE,
+    CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP, CKA_SIGN, CKA_SIGN_RECOVER,
+    CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_DERIVE, CKA_START_DATE, CKA_END_DATE,
+    CKA_MODULUS, CKA_MODULUS_BITS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT,
+    CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT,
+    CKA_PRIME, CKA_SUBPRIME, CKA_BASE, CKA_PRIME_BITS,
+    CKA_SUB_PRIME_BITS, CKA_VALUE_BITS, CKA_VALUE_LEN, CKA_EXTRACTABLE,
+    CKA_LOCAL, CKA_NEVER_EXTRACTABLE, CKA_ALWAYS_SENSITIVE,
+    CKA_KEY_GEN_MECHANISM, CKA_MODIFIABLE, CKA_EC_PARAMS,
+    CKA_EC_POINT, CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
+    CKA_ALWAYS_AUTHENTICATE, CKA_WRAP_WITH_TRUSTED, CKA_WRAP_TEMPLATE,
+    CKA_UNWRAP_TEMPLATE, CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT,
+    CKA_HAS_RESET, CKA_PIXEL_X, CKA_PIXEL_Y, CKA_RESOLUTION, CKA_CHAR_ROWS,
+    CKA_CHAR_COLUMNS, CKA_COLOR, CKA_BITS_PER_PIXEL, CKA_CHAR_SETS,
+    CKA_ENCODING_METHODS, CKA_MIME_TYPES, CKA_MECHANISM_TYPE,
+    CKA_REQUIRED_CMS_ATTRIBUTES, CKA_DEFAULT_CMS_ATTRIBUTES,
+    CKA_SUPPORTED_CMS_ATTRIBUTES, CKA_NETSCAPE_URL, CKA_NETSCAPE_EMAIL,
+    CKA_NETSCAPE_SMIME_INFO, CKA_NETSCAPE_SMIME_TIMESTAMP,
+    CKA_NETSCAPE_PKCS8_SALT, CKA_NETSCAPE_PASSWORD_CHECK, CKA_NETSCAPE_EXPIRES,
+    CKA_NETSCAPE_KRL, CKA_NETSCAPE_PQG_COUNTER, CKA_NETSCAPE_PQG_SEED,
+    CKA_NETSCAPE_PQG_H, CKA_NETSCAPE_PQG_SEED_BITS, CKA_NETSCAPE_MODULE_SPEC,
+    CKA_TRUST_DIGITAL_SIGNATURE, CKA_TRUST_NON_REPUDIATION,
+    CKA_TRUST_KEY_ENCIPHERMENT, CKA_TRUST_DATA_ENCIPHERMENT,
+    CKA_TRUST_KEY_AGREEMENT, CKA_TRUST_KEY_CERT_SIGN, CKA_TRUST_CRL_SIGN,
+    CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH, CKA_TRUST_CODE_SIGNING,
+    CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_IPSEC_END_SYSTEM,
+    CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER, CKA_TRUST_TIME_STAMPING,
+    CKA_TRUST_STEP_UP_APPROVED, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
+    CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS
+};
+
+static int known_attributes_size = sizeof(known_attributes) /
+                                   sizeof(known_attributes[0]);
+
+/* Magic for an explicit NULL. NOTE: ideally this should be
+ * out of band data. Since it's not completely out of band, pick
+ * a value that has no meaning to any existing PKCS #11 attributes.
+ * This value is 1) not a valid string (imbedded '\0'). 2) not a U_LONG
+ * or a normal key (too short). 3) not a bool (too long). 4) not an RSA
+ * public exponent (too many bits).
+ */
+const unsigned char SQLITE_EXPLICIT_NULL[] = { 0xa5, 0x0, 0x5a };
+#define SQLITE_EXPLICIT_NULL_LEN 3
+
+/*
+ * determine when we've completed our tasks
+ */
+static int
+sdb_done(int err, int *count)
+{
+    /* allow as many rows as the database wants to give */
+    if (err == SQLITE_ROW) {
+        *count = 0;
+        return 0;
+    }
+    if (err != SQLITE_BUSY) {
+        return 1;
+    }
+    /* err == SQLITE_BUSY, Dont' retry forever in this case */
+    if (++(*count) >= SDB_MAX_BUSY_RETRIES) {
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * find out where sqlite stores the temp tables. We do this by replicating
+ * the logic from sqlite.
+ */
+#if defined(_WIN32)
+static char *
+sdb_getFallbackTempDir(void)
+{
+    /* sqlite uses sqlite3_temp_directory if it is not NULL. We don't have
+     * access to sqlite3_temp_directory because it is not exported from
+     * sqlite3.dll. Assume sqlite3_win32_set_directory isn't called and
+     * sqlite3_temp_directory is NULL.
+     */
+    char path[MAX_PATH];
+    DWORD rv;
+    size_t len;
+
+    rv = GetTempPathA(MAX_PATH, path);
+    if (rv > MAX_PATH || rv == 0)
+        return NULL;
+    len = strlen(path);
+    if (len == 0)
+        return NULL;
+    /* The returned string ends with a backslash, for example, "C:\TEMP\". */
+    if (path[len - 1] == '\\')
+        path[len - 1] = '\0';
+    return PORT_Strdup(path);
+}
+#elif defined(XP_UNIX)
+static char *
+sdb_getFallbackTempDir(void)
+{
+    const char *azDirs[] = {
+        NULL,
+        NULL,
+        "/var/tmp",
+        "/usr/tmp",
+        "/tmp",
+        NULL /* List terminator */
+    };
+    unsigned int i;
+    struct stat buf;
+    const char *zDir = NULL;
+
+    azDirs[0] = sqlite3_temp_directory;
+    azDirs[1] = PR_GetEnvSecure("TMPDIR");
+
+    for (i = 0; i < PR_ARRAY_SIZE(azDirs); i++) {
+        zDir = azDirs[i];
+        if (zDir == NULL)
+            continue;
+        if (stat(zDir, &buf))
+            continue;
+        if (!S_ISDIR(buf.st_mode))
+            continue;
+        if (access(zDir, 07))
+            continue;
+        break;
+    }
+
+    if (zDir == NULL)
+        return NULL;
+    return PORT_Strdup(zDir);
+}
+#else
+#error "sdb_getFallbackTempDir not implemented"
+#endif
+
+#ifndef SQLITE_FCNTL_TEMPFILENAME
+/* SQLITE_FCNTL_TEMPFILENAME was added in SQLite 3.7.15 */
+#define SQLITE_FCNTL_TEMPFILENAME 16
+#endif
+
+static char *
+sdb_getTempDir(sqlite3 *sqlDB)
+{
+    int sqlrv;
+    char *result = NULL;
+    char *tempName = NULL;
+    char *foundSeparator = NULL;
+
+    /* Obtain temporary filename in sqlite's directory for temporary tables */
+    sqlrv = sqlite3_file_control(sqlDB, 0, SQLITE_FCNTL_TEMPFILENAME,
+                                 (void *)&tempName);
+    if (sqlrv == SQLITE_NOTFOUND) {
+        /* SQLITE_FCNTL_TEMPFILENAME not implemented because we are using
+         * an older SQLite. */
+        return sdb_getFallbackTempDir();
+    }
+    if (sqlrv != SQLITE_OK) {
+        return NULL;
+    }
+
+    /* We'll extract the temporary directory from tempName */
+    foundSeparator = PORT_Strrchr(tempName, PR_GetDirectorySeparator());
+    if (foundSeparator) {
+        /* We shorten the temp filename string to contain only
+         * the directory name (including the trailing separator).
+         * We know the byte after the foundSeparator position is
+         * safe to use, in the shortest scenario it contains the
+         * end-of-string byte.
+         * By keeping the separator at the found position, it will
+         * even work if tempDir consists of the separator, only.
+         * (In this case the toplevel directory will be used for
+         * access speed testing). */
+        ++foundSeparator;
+        *foundSeparator = 0;
+
+        /* Now we copy the directory name for our caller */
+        result = PORT_Strdup(tempName);
+    }
+
+    sqlite3_free(tempName);
+    return result;
+}
+
+/*
+ * Map SQL_LITE errors to PKCS #11 errors as best we can.
+ */
+static CK_RV
+sdb_mapSQLError(sdbDataType type, int sqlerr)
+{
+    switch (sqlerr) {
+        /* good matches */
+        case SQLITE_OK:
+        case SQLITE_DONE:
+            return CKR_OK;
+        case SQLITE_NOMEM:
+            return CKR_HOST_MEMORY;
+        case SQLITE_READONLY:
+            return CKR_TOKEN_WRITE_PROTECTED;
+        /* close matches */
+        case SQLITE_AUTH:
+        case SQLITE_PERM:
+        /*return CKR_USER_NOT_LOGGED_IN; */
+        case SQLITE_CANTOPEN:
+        case SQLITE_NOTFOUND:
+            /* NSS distiguishes between failure to open the cert and the key db */
+            return type == SDB_CERT ? CKR_NETSCAPE_CERTDB_FAILED : CKR_NETSCAPE_KEYDB_FAILED;
+        case SQLITE_IOERR:
+            return CKR_DEVICE_ERROR;
+        default:
+            break;
+    }
+    return CKR_GENERAL_ERROR;
+}
+
+/*
+ * build up database name from a directory, prefix, name, version and flags.
+ */
+static char *
+sdb_BuildFileName(const char *directory,
+                  const char *prefix, const char *type,
+                  int version)
+{
+    char *dbname = NULL;
+    /* build the full dbname */
+    dbname = sqlite3_mprintf("%s%c%s%s%d.db", directory,
+                             (int)(unsigned char)PR_GetDirectorySeparator(),
+                             prefix, type, version);
+    return dbname;
+}
+
+/*
+ * find out how expensive the access system call is for non-existant files
+ * in the given directory.  Return the number of operations done in 33 ms.
+ */
+static PRUint32
+sdb_measureAccess(const char *directory)
+{
+    PRUint32 i;
+    PRIntervalTime time;
+    PRIntervalTime delta;
+    PRIntervalTime duration = PR_MillisecondsToInterval(33);
+    const char *doesntExistName = "_dOeSnotExist_.db";
+    char *temp, *tempStartOfFilename;
+    size_t maxTempLen, maxFileNameLen, directoryLength;
+
+    /* no directory, just return one */
+    if (directory == NULL) {
+        return 1;
+    }
+
+    /* our calculation assumes time is a 4 bytes == 32 bit integer */
+    PORT_Assert(sizeof(time) == 4);
+
+    directoryLength = strlen(directory);
+
+    maxTempLen = directoryLength + strlen(doesntExistName) + 1 /* potential additional separator char */
+                 + 11                                          /* max chars for 32 bit int plus potential sign */
+                 + 1;                                          /* zero terminator */
+
+    temp = PORT_Alloc(maxTempLen);
+    if (!temp) {
+        return 1;
+    }
+
+    /* We'll copy directory into temp just once, then ensure it ends
+     * with the directory separator, then remember the position after
+     * the separator, and calculate the number of remaining bytes. */
+
+    strcpy(temp, directory);
+    if (directory[directoryLength - 1] != PR_GetDirectorySeparator()) {
+        temp[directoryLength++] = PR_GetDirectorySeparator();
+    }
+    tempStartOfFilename = temp + directoryLength;
+    maxFileNameLen = maxTempLen - directoryLength;
+
+    /* measure number of Access operations that can be done in 33 milliseconds
+     * (1/30'th of a second), or 10000 operations, which ever comes first.
+     */
+    time = PR_IntervalNow();
+    for (i = 0; i < 10000u; i++) {
+        PRIntervalTime next;
+
+        /* We'll use the variable part first in the filename string, just in
+         * case it's longer than assumed, so if anything gets cut off, it
+         * will be cut off from the constant part.
+         * This code assumes the directory name at the beginning of
+         * temp remains unchanged during our loop. */
+        PR_snprintf(tempStartOfFilename, maxFileNameLen,
+                    ".%lu%s", (PRUint32)(time + i), doesntExistName);
+        PR_Access(temp, PR_ACCESS_EXISTS);
+        next = PR_IntervalNow();
+        delta = next - time;
+        if (delta >= duration)
+            break;
+    }
+
+    PORT_Free(temp);
+
+    /* always return 1 or greater */
+    return i ? i : 1u;
+}
+
+/*
+ * some file sytems are very slow to run sqlite3 on, particularly if the
+ * access count is pretty high. On these filesystems is faster to create
+ * a temporary database on the local filesystem and access that. This
+ * code uses a temporary table to create that cache. Temp tables are
+ * automatically cleared when the database handle it was created on
+ * Is freed.
+ */
+static const char DROP_CACHE_CMD[] = "DROP TABLE %s";
+static const char CREATE_CACHE_CMD[] =
+    "CREATE TEMPORARY TABLE %s AS SELECT * FROM %s";
+static const char CREATE_ISSUER_INDEX_CMD[] =
+    "CREATE INDEX issuer ON %s (a81)";
+static const char CREATE_SUBJECT_INDEX_CMD[] =
+    "CREATE INDEX subject ON %s (a101)";
+static const char CREATE_LABEL_INDEX_CMD[] = "CREATE INDEX label ON %s (a3)";
+static const char CREATE_ID_INDEX_CMD[] = "CREATE INDEX ckaid ON %s (a102)";
+
+static CK_RV
+sdb_buildCache(sqlite3 *sqlDB, sdbDataType type,
+               const char *cacheTable, const char *table)
+{
+    char *newStr;
+    int sqlerr = SQLITE_OK;
+
+    newStr = sqlite3_mprintf(CREATE_CACHE_CMD, cacheTable, table);
+    if (newStr == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+    if (sqlerr != SQLITE_OK) {
+        return sdb_mapSQLError(type, sqlerr);
+    }
+    /* failure to create the indexes is not an issue */
+    newStr = sqlite3_mprintf(CREATE_ISSUER_INDEX_CMD, cacheTable);
+    if (newStr == NULL) {
+        return CKR_OK;
+    }
+    sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+    newStr = sqlite3_mprintf(CREATE_SUBJECT_INDEX_CMD, cacheTable);
+    if (newStr == NULL) {
+        return CKR_OK;
+    }
+    sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+    newStr = sqlite3_mprintf(CREATE_LABEL_INDEX_CMD, cacheTable);
+    if (newStr == NULL) {
+        return CKR_OK;
+    }
+    sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+    newStr = sqlite3_mprintf(CREATE_ID_INDEX_CMD, cacheTable);
+    if (newStr == NULL) {
+        return CKR_OK;
+    }
+    sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+    return CKR_OK;
+}
+
+/*
+ * update the cache and the data records describing it.
+ *  The cache is updated by dropping the temp database and recreating it.
+ */
+static CK_RV
+sdb_updateCache(SDBPrivate *sdb_p)
+{
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    char *newStr;
+
+    /* drop the old table */
+    newStr = sqlite3_mprintf(DROP_CACHE_CMD, sdb_p->cacheTable);
+    if (newStr == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    sqlerr = sqlite3_exec(sdb_p->sqlReadDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+    if ((sqlerr != SQLITE_OK) && (sqlerr != SQLITE_ERROR)) {
+        /* something went wrong with the drop, don't try to refresh...
+         * NOTE: SQLITE_ERROR is returned if the table doesn't exist. In
+         * that case, we just continue on and try to reload it */
+        return sdb_mapSQLError(sdb_p->type, sqlerr);
+    }
+
+    /* set up the new table */
+    error = sdb_buildCache(sdb_p->sqlReadDB, sdb_p->type,
+                           sdb_p->cacheTable, sdb_p->table);
+    if (error == CKR_OK) {
+        /* we have a new cache! */
+        sdb_p->lastUpdateTime = PR_IntervalNow();
+    }
+    return error;
+}
+
+/*
+ *  The sharing of sqlite3 handles across threads is tricky. Older versions
+ *  couldn't at all, but newer ones can under strict conditions. Basically
+ *  no 2 threads can use the same handle while another thread has an open
+ *  stmt running. Once the sqlite3_stmt is finalized, another thread can then
+ *  use the database handle.
+ *
+ *  We use monitors to protect against trying to use a database before
+ *  it's sqlite3_stmt is finalized. This is preferable to the opening and
+ *  closing the database each operation because there is significant overhead
+ *  in the open and close. Also continually opening and closing the database
+ *  defeats the cache code as the cache table is lost on close (thus
+ *  requiring us to have to reinitialize the cache every operation).
+ *
+ *  An execption to the shared handle is transations. All writes happen
+ *  through a transaction. When we are in  a transaction, we must use the
+ *  same database pointer for that entire transation. In this case we save
+ *  the transaction database and use it for all accesses on the transaction
+ *  thread. Other threads use the common database.
+ *
+ *  There can only be once active transaction on the database at a time.
+ *
+ *  sdb_openDBLocal() provides us with a valid database handle for whatever
+ *  state we are in (reading or in a transaction), and acquires any locks
+ *  appropriate to that state. It also decides when it's time to refresh
+ *  the cache before we start an operation. Any database handle returned
+ *  just eventually be closed with sdb_closeDBLocal().
+ *
+ *  The table returned either points to the database's physical table, or
+ *  to the cached shadow. Tranactions always return the physical table
+ *  and read operations return either the physical table or the cache
+ *  depending on whether or not the cache exists.
+ */
+static CK_RV
+sdb_openDBLocal(SDBPrivate *sdb_p, sqlite3 **sqlDB, const char **table)
+{
+    *sqlDB = NULL;
+
+    PR_EnterMonitor(sdb_p->dbMon);
+
+    if (table) {
+        *table = sdb_p->table;
+    }
+
+    /* We're in a transaction, use the transaction DB */
+    if ((sdb_p->sqlXactDB) && (sdb_p->sqlXactThread == PR_GetCurrentThread())) {
+        *sqlDB = sdb_p->sqlXactDB;
+        /* only one thread can get here, safe to unlock */
+        PR_ExitMonitor(sdb_p->dbMon);
+        return CKR_OK;
+    }
+
+    /*
+     * if we are just reading from the table, we may have the table
+     * cached in a temporary table (especially if it's on a shared FS).
+     * In that case we want to see updates to the table, the the granularity
+     * is on order of human scale, not computer scale.
+     */
+    if (table && sdb_p->cacheTable) {
+        PRIntervalTime now = PR_IntervalNow();
+        if ((now - sdb_p->lastUpdateTime) > sdb_p->updateInterval) {
+            sdb_updateCache(sdb_p);
+        }
+        *table = sdb_p->cacheTable;
+    }
+
+    *sqlDB = sdb_p->sqlReadDB;
+
+    /* leave holding the lock. only one thread can actually use a given
+     * database connection at once */
+
+    return CKR_OK;
+}
+
+/* closing the local database currenly means unlocking the monitor */
+static CK_RV
+sdb_closeDBLocal(SDBPrivate *sdb_p, sqlite3 *sqlDB)
+{
+    if (sdb_p->sqlXactDB != sqlDB) {
+        /* if we weren't in a transaction, we got a lock */
+        PR_ExitMonitor(sdb_p->dbMon);
+    }
+    return CKR_OK;
+}
+
+/*
+ * wrapper to sqlite3_open which also sets the busy_timeout
+ */
+static int
+sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
+{
+    int sqlerr;
+    /*
+     * in sqlite3 3.5.0, there is a new open call that allows us
+     * to specify read only. Most new OS's are still on 3.3.x (including
+     * NSS's internal version and the version shipped with Firefox).
+     */
+    *sqlDB = NULL;
+    sqlerr = sqlite3_open(name, sqlDB);
+    if (sqlerr != SQLITE_OK) {
+        return sqlerr;
+    }
+
+    sqlerr = sqlite3_busy_timeout(*sqlDB, SDB_SQLITE_BUSY_TIMEOUT);
+    if (sqlerr != SQLITE_OK) {
+        sqlite3_close(*sqlDB);
+        *sqlDB = NULL;
+        return sqlerr;
+    }
+    return SQLITE_OK;
+}
+
+/* Sigh, if we created a new table since we opened the database,
+ * the database handle will not see the new table, we need to close this
+ * database and reopen it. Caller must be in a transaction or holding
+ * the dbMon. sqlDB is changed on success. */
+static int
+sdb_reopenDBLocal(SDBPrivate *sdb_p, sqlite3 **sqlDB)
+{
+    sqlite3 *newDB;
+    int sqlerr;
+
+    /* open a new database */
+    sqlerr = sdb_openDB(sdb_p->sqlDBName, &newDB, SDB_RDONLY);
+    if (sqlerr != SQLITE_OK) {
+        return sqlerr;
+    }
+
+    /* if we are in a transaction, we may not be holding the monitor.
+     * grab it before we update the transaction database. This is
+     * safe since are using monitors. */
+    PR_EnterMonitor(sdb_p->dbMon);
+    /* update our view of the database */
+    if (sdb_p->sqlReadDB == *sqlDB) {
+        sdb_p->sqlReadDB = newDB;
+    } else if (sdb_p->sqlXactDB == *sqlDB) {
+        sdb_p->sqlXactDB = newDB;
+    }
+    PR_ExitMonitor(sdb_p->dbMon);
+
+    /* close the old one */
+    sqlite3_close(*sqlDB);
+
+    *sqlDB = newDB;
+    return SQLITE_OK;
+}
+
+struct SDBFindStr {
+    sqlite3 *sqlDB;
+    sqlite3_stmt *findstmt;
+};
+
+static const char FIND_OBJECTS_CMD[] = "SELECT ALL * FROM %s WHERE %s;";
+static const char FIND_OBJECTS_ALL_CMD[] = "SELECT ALL * FROM %s;";
+CK_RV
+sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count,
+                    SDBFind **find)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    const char *table;
+    char *newStr, *findStr = NULL;
+    sqlite3_stmt *findstmt = NULL;
+    char *join = "";
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    unsigned int i;
+
+    LOCK_SQLITE()
+    *find = NULL;
+    error = sdb_openDBLocal(sdb_p, &sqlDB, &table);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+
+    findStr = sqlite3_mprintf("");
+    for (i = 0; findStr && i < count; i++) {
+        newStr = sqlite3_mprintf("%s%sa%x=$DATA%d", findStr, join,
+                                 template[i].type, i);
+        join = " AND ";
+        sqlite3_free(findStr);
+        findStr = newStr;
+    }
+
+    if (findStr == NULL) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    if (count == 0) {
+        newStr = sqlite3_mprintf(FIND_OBJECTS_ALL_CMD, table);
+    } else {
+        newStr = sqlite3_mprintf(FIND_OBJECTS_CMD, table, findStr);
+    }
+    sqlite3_free(findStr);
+    if (newStr == NULL) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &findstmt, NULL);
+    sqlite3_free(newStr);
+    for (i = 0; sqlerr == SQLITE_OK && i < count; i++) {
+        const void *blobData = template[i].pValue;
+        unsigned int blobSize = template[i].ulValueLen;
+        if (blobSize == 0) {
+            blobSize = SQLITE_EXPLICIT_NULL_LEN;
+            blobData = SQLITE_EXPLICIT_NULL;
+        }
+        sqlerr = sqlite3_bind_blob(findstmt, i + 1, blobData, blobSize,
+                                   SQLITE_TRANSIENT);
+    }
+    if (sqlerr == SQLITE_OK) {
+        *find = PORT_New(SDBFind);
+        if (*find == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        (*find)->findstmt = findstmt;
+        (*find)->sqlDB = sqlDB;
+        UNLOCK_SQLITE()
+        return CKR_OK;
+    }
+    error = sdb_mapSQLError(sdb_p->type, sqlerr);
+
+loser:
+    if (findstmt) {
+        sqlite3_reset(findstmt);
+        sqlite3_finalize(findstmt);
+    }
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+    UNLOCK_SQLITE()
+    return error;
+}
+
+CK_RV
+sdb_FindObjects(SDB *sdb, SDBFind *sdbFind, CK_OBJECT_HANDLE *object,
+                CK_ULONG arraySize, CK_ULONG *count)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3_stmt *stmt = sdbFind->findstmt;
+    int sqlerr = SQLITE_OK;
+    int retry = 0;
+
+    *count = 0;
+
+    if (arraySize == 0) {
+        return CKR_OK;
+    }
+    LOCK_SQLITE()
+
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+        if (sqlerr == SQLITE_ROW) {
+            /* only care about the id */
+            *object++ = sqlite3_column_int(stmt, 0);
+            arraySize--;
+            (*count)++;
+        }
+    } while (!sdb_done(sqlerr, &retry) && (arraySize > 0));
+
+    /* we only have some of the objects, there is probably more,
+     * set the sqlerr to an OK value so we return CKR_OK */
+    if (sqlerr == SQLITE_ROW && arraySize == 0) {
+        sqlerr = SQLITE_DONE;
+    }
+    UNLOCK_SQLITE()
+
+    return sdb_mapSQLError(sdb_p->type, sqlerr);
+}
+
+CK_RV
+sdb_FindObjectsFinal(SDB *sdb, SDBFind *sdbFind)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3_stmt *stmt = sdbFind->findstmt;
+    sqlite3 *sqlDB = sdbFind->sqlDB;
+    int sqlerr = SQLITE_OK;
+
+    LOCK_SQLITE()
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlerr = sqlite3_finalize(stmt);
+    }
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+    PORT_Free(sdbFind);
+
+    UNLOCK_SQLITE()
+    return sdb_mapSQLError(sdb_p->type, sqlerr);
+}
+
+static const char GET_ATTRIBUTE_CMD[] = "SELECT ALL %s FROM %s WHERE id=$ID;";
+CK_RV
+sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id,
+                            CK_ATTRIBUTE *template, CK_ULONG count)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    sqlite3_stmt *stmt = NULL;
+    char *getStr = NULL;
+    char *newStr = NULL;
+    const char *table = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    int found = 0;
+    int retry = 0;
+    unsigned int i;
+
+    /* open a new db if necessary */
+    error = sdb_openDBLocal(sdb_p, &sqlDB, &table);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+
+    for (i = 0; i < count; i++) {
+        getStr = sqlite3_mprintf("a%x", template[i].type);
+
+        if (getStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+
+        newStr = sqlite3_mprintf(GET_ATTRIBUTE_CMD, getStr, table);
+        sqlite3_free(getStr);
+        getStr = NULL;
+        if (newStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+
+        sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
+        sqlite3_free(newStr);
+        newStr = NULL;
+        if (sqlerr == SQLITE_ERROR) {
+            template[i].ulValueLen = -1;
+            error = CKR_ATTRIBUTE_TYPE_INVALID;
+            continue;
+        } else if (sqlerr != SQLITE_OK) {
+            goto loser;
+        }
+
+        sqlerr = sqlite3_bind_int(stmt, 1, object_id);
+        if (sqlerr != SQLITE_OK) {
+            goto loser;
+        }
+
+        do {
+            sqlerr = sqlite3_step(stmt);
+            if (sqlerr == SQLITE_BUSY) {
+                PR_Sleep(SDB_BUSY_RETRY_TIME);
+            }
+            if (sqlerr == SQLITE_ROW) {
+                unsigned int blobSize;
+                const char *blobData;
+
+                blobSize = sqlite3_column_bytes(stmt, 0);
+                blobData = sqlite3_column_blob(stmt, 0);
+                if (blobData == NULL) {
+                    template[i].ulValueLen = -1;
+                    error = CKR_ATTRIBUTE_TYPE_INVALID;
+                    break;
+                }
+                /* If the blob equals our explicit NULL value, then the
+                 * attribute is a NULL. */
+                if ((blobSize == SQLITE_EXPLICIT_NULL_LEN) &&
+                    (PORT_Memcmp(blobData, SQLITE_EXPLICIT_NULL,
+                                 SQLITE_EXPLICIT_NULL_LEN) == 0)) {
+                    blobSize = 0;
+                }
+                if (template[i].pValue) {
+                    if (template[i].ulValueLen < blobSize) {
+                        template[i].ulValueLen = -1;
+                        error = CKR_BUFFER_TOO_SMALL;
+                        break;
+                    }
+                    PORT_Memcpy(template[i].pValue, blobData, blobSize);
+                }
+                template[i].ulValueLen = blobSize;
+                found = 1;
+            }
+        } while (!sdb_done(sqlerr, &retry));
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+        stmt = NULL;
+    }
+
+loser:
+    /* fix up the error if necessary */
+    if (error == CKR_OK) {
+        error = sdb_mapSQLError(sdb_p->type, sqlerr);
+        if (!found && error == CKR_OK) {
+            error = CKR_OBJECT_HANDLE_INVALID;
+        }
+    }
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+    /* if we had to open a new database, free it now */
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+    return error;
+}
+
+CK_RV
+sdb_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
+                      CK_ATTRIBUTE *template, CK_ULONG count)
+{
+    CK_RV crv;
+
+    if (count == 0) {
+        return CKR_OK;
+    }
+
+    LOCK_SQLITE()
+    crv = sdb_GetAttributeValueNoLock(sdb, object_id, template, count);
+    UNLOCK_SQLITE()
+    return crv;
+}
+
+static const char SET_ATTRIBUTE_CMD[] = "UPDATE %s SET %s WHERE id=$ID;";
+CK_RV
+sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
+                      const CK_ATTRIBUTE *template, CK_ULONG count)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    sqlite3_stmt *stmt = NULL;
+    char *setStr = NULL;
+    char *newStr = NULL;
+    int sqlerr = SQLITE_OK;
+    int retry = 0;
+    CK_RV error = CKR_OK;
+    unsigned int i;
+
+    if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    if (count == 0) {
+        return CKR_OK;
+    }
+
+    LOCK_SQLITE()
+    setStr = sqlite3_mprintf("");
+    for (i = 0; setStr && i < count; i++) {
+        if (i == 0) {
+            sqlite3_free(setStr);
+            setStr = sqlite3_mprintf("a%x=$VALUE%d",
+                                     template[i].type, i);
+            continue;
+        }
+        newStr = sqlite3_mprintf("%s,a%x=$VALUE%d", setStr,
+                                 template[i].type, i);
+        sqlite3_free(setStr);
+        setStr = newStr;
+    }
+    newStr = NULL;
+
+    if (setStr == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    newStr = sqlite3_mprintf(SET_ATTRIBUTE_CMD, sdb_p->table, setStr);
+    sqlite3_free(setStr);
+    if (newStr == NULL) {
+        UNLOCK_SQLITE()
+        return CKR_HOST_MEMORY;
+    }
+    error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+    sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    for (i = 0; i < count; i++) {
+        if (template[i].ulValueLen != 0) {
+            sqlerr = sqlite3_bind_blob(stmt, i + 1, template[i].pValue,
+                                       template[i].ulValueLen, SQLITE_STATIC);
+        } else {
+            sqlerr = sqlite3_bind_blob(stmt, i + 1, SQLITE_EXPLICIT_NULL,
+                                       SQLITE_EXPLICIT_NULL_LEN, SQLITE_STATIC);
+        }
+        if (sqlerr != SQLITE_OK)
+            goto loser;
+    }
+    sqlerr = sqlite3_bind_int(stmt, i + 1, object_id);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+    } while (!sdb_done(sqlerr, &retry));
+
+loser:
+    if (newStr) {
+        sqlite3_free(newStr);
+    }
+    if (error == CKR_OK) {
+        error = sdb_mapSQLError(sdb_p->type, sqlerr);
+    }
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+
+    UNLOCK_SQLITE()
+    return error;
+}
+
+/*
+ * check to see if a candidate object handle already exists.
+ */
+static PRBool
+sdb_objectExists(SDB *sdb, CK_OBJECT_HANDLE candidate)
+{
+    CK_RV crv;
+    CK_ATTRIBUTE template = { CKA_LABEL, NULL, 0 };
+
+    crv = sdb_GetAttributeValueNoLock(sdb, candidate, &template, 1);
+    if (crv == CKR_OBJECT_HANDLE_INVALID) {
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/*
+ * if we're here, we are in a transaction, so it's safe
+ * to examine the current state of the database
+ */
+static CK_OBJECT_HANDLE
+sdb_getObjectId(SDB *sdb)
+{
+    CK_OBJECT_HANDLE candidate;
+    static CK_OBJECT_HANDLE next_obj = CK_INVALID_HANDLE;
+    int count;
+    /*
+     * get an initial object handle to use
+     */
+    if (next_obj == CK_INVALID_HANDLE) {
+        PRTime time;
+        time = PR_Now();
+
+        next_obj = (CK_OBJECT_HANDLE)(time & 0x3fffffffL);
+    }
+    candidate = next_obj++;
+    /* detect that we've looped through all the handles... */
+    for (count = 0; count < 0x40000000; count++, candidate = next_obj++) {
+        /* mask off excess bits */
+        candidate &= 0x3fffffff;
+        /* if we hit zero, go to the next entry */
+        if (candidate == CK_INVALID_HANDLE) {
+            continue;
+        }
+        /* make sure we aren't already using */
+        if (!sdb_objectExists(sdb, candidate)) {
+            /* this one is free */
+            return candidate;
+        }
+    }
+
+    /* no handle is free, fail */
+    return CK_INVALID_HANDLE;
+}
+
+static const char CREATE_CMD[] = "INSERT INTO %s (id%s) VALUES($ID%s);";
+CK_RV
+sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id,
+                 const CK_ATTRIBUTE *template, CK_ULONG count)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    sqlite3_stmt *stmt = NULL;
+    char *columnStr = NULL;
+    char *valueStr = NULL;
+    char *newStr = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE;
+    int retry = 0;
+    unsigned int i;
+
+    if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    LOCK_SQLITE()
+    if ((*object_id != CK_INVALID_HANDLE) &&
+        !sdb_objectExists(sdb, *object_id)) {
+        this_object = *object_id;
+    } else {
+        this_object = sdb_getObjectId(sdb);
+    }
+    if (this_object == CK_INVALID_HANDLE) {
+        UNLOCK_SQLITE();
+        return CKR_HOST_MEMORY;
+    }
+    columnStr = sqlite3_mprintf("");
+    valueStr = sqlite3_mprintf("");
+    *object_id = this_object;
+    for (i = 0; columnStr && valueStr && i < count; i++) {
+        newStr = sqlite3_mprintf("%s,a%x", columnStr, template[i].type);
+        sqlite3_free(columnStr);
+        columnStr = newStr;
+        newStr = sqlite3_mprintf("%s,$VALUE%d", valueStr, i);
+        sqlite3_free(valueStr);
+        valueStr = newStr;
+    }
+    newStr = NULL;
+    if ((columnStr == NULL) || (valueStr == NULL)) {
+        if (columnStr) {
+            sqlite3_free(columnStr);
+        }
+        if (valueStr) {
+            sqlite3_free(valueStr);
+        }
+        UNLOCK_SQLITE()
+        return CKR_HOST_MEMORY;
+    }
+    newStr = sqlite3_mprintf(CREATE_CMD, sdb_p->table, columnStr, valueStr);
+    sqlite3_free(columnStr);
+    sqlite3_free(valueStr);
+    error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+    sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    sqlerr = sqlite3_bind_int(stmt, 1, *object_id);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    for (i = 0; i < count; i++) {
+        if (template[i].ulValueLen) {
+            sqlerr = sqlite3_bind_blob(stmt, i + 2, template[i].pValue,
+                                       template[i].ulValueLen, SQLITE_STATIC);
+        } else {
+            sqlerr = sqlite3_bind_blob(stmt, i + 2, SQLITE_EXPLICIT_NULL,
+                                       SQLITE_EXPLICIT_NULL_LEN, SQLITE_STATIC);
+        }
+        if (sqlerr != SQLITE_OK)
+            goto loser;
+    }
+
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+    } while (!sdb_done(sqlerr, &retry));
+
+loser:
+    if (newStr) {
+        sqlite3_free(newStr);
+    }
+    if (error == CKR_OK) {
+        error = sdb_mapSQLError(sdb_p->type, sqlerr);
+    }
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+    UNLOCK_SQLITE()
+
+    return error;
+}
+
+static const char DESTROY_CMD[] = "DELETE FROM %s WHERE (id=$ID);";
+
+CK_RV
+sdb_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    sqlite3_stmt *stmt = NULL;
+    char *newStr = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    int retry = 0;
+
+    if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    LOCK_SQLITE()
+    error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+    newStr = sqlite3_mprintf(DESTROY_CMD, sdb_p->table);
+    if (newStr == NULL) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL);
+    sqlite3_free(newStr);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    sqlerr = sqlite3_bind_int(stmt, 1, object_id);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+    } while (!sdb_done(sqlerr, &retry));
+
+loser:
+    if (error == CKR_OK) {
+        error = sdb_mapSQLError(sdb_p->type, sqlerr);
+    }
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+
+    UNLOCK_SQLITE()
+    return error;
+}
+
+static const char BEGIN_CMD[] = "BEGIN IMMEDIATE TRANSACTION;";
+
+/*
+ * start a transaction.
+ *
+ * We need to open a new database, then store that new database into
+ * the private data structure. We open the database first, then use locks
+ * to protect storing the data to prevent deadlocks.
+ */
+CK_RV
+sdb_Begin(SDB *sdb)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    sqlite3_stmt *stmt = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    int retry = 0;
+
+    if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    LOCK_SQLITE()
+
+    /* get a new version that we will use for the entire transaction */
+    sqlerr = sdb_openDB(sdb_p->sqlDBName, &sqlDB, SDB_RDWR);
+    if (sqlerr != SQLITE_OK) {
+        goto loser;
+    }
+
+    sqlerr = sqlite3_prepare_v2(sqlDB, BEGIN_CMD, -1, &stmt, NULL);
+
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+    } while (!sdb_done(sqlerr, &retry));
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+loser:
+    error = sdb_mapSQLError(sdb_p->type, sqlerr);
+
+    /* we are starting a new transaction,
+     * and if we succeeded, then save this database for the rest of
+     * our transaction */
+    if (error == CKR_OK) {
+        /* we hold a 'BEGIN TRANSACTION' and a sdb_p->lock. At this point
+         * sdb_p->sqlXactDB MUST be null */
+        PR_EnterMonitor(sdb_p->dbMon);
+        PORT_Assert(sdb_p->sqlXactDB == NULL);
+        sdb_p->sqlXactDB = sqlDB;
+        sdb_p->sqlXactThread = PR_GetCurrentThread();
+        PR_ExitMonitor(sdb_p->dbMon);
+    } else {
+        /* we failed to start our transaction,
+         * free any databases we opened. */
+        if (sqlDB) {
+            sqlite3_close(sqlDB);
+        }
+    }
+
+    UNLOCK_SQLITE()
+    return error;
+}
+
+/*
+ * Complete a transaction. Basically undo everything we did in begin.
+ * There are 2 flavors Abort and Commit. Basically the only differerence between
+ * these 2 are what the database will show. (no change in to former, change in
+ * the latter).
+ */
+static CK_RV
+sdb_complete(SDB *sdb, const char *cmd)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    sqlite3_stmt *stmt = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    int retry = 0;
+
+    if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    /* We must have a transation database, or we shouldn't have arrived here */
+    PR_EnterMonitor(sdb_p->dbMon);
+    PORT_Assert(sdb_p->sqlXactDB);
+    if (sdb_p->sqlXactDB == NULL) {
+        PR_ExitMonitor(sdb_p->dbMon);
+        return CKR_GENERAL_ERROR; /* shouldn't happen */
+    }
+    PORT_Assert(sdb_p->sqlXactThread == PR_GetCurrentThread());
+    if (sdb_p->sqlXactThread != PR_GetCurrentThread()) {
+        PR_ExitMonitor(sdb_p->dbMon);
+        return CKR_GENERAL_ERROR; /* shouldn't happen */
+    }
+    sqlDB = sdb_p->sqlXactDB;
+    sdb_p->sqlXactDB = NULL; /* no one else can get to this DB,
+                              * safe to unlock */
+    sdb_p->sqlXactThread = NULL;
+    PR_ExitMonitor(sdb_p->dbMon);
+
+    sqlerr = sqlite3_prepare_v2(sqlDB, cmd, -1, &stmt, NULL);
+
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+    } while (!sdb_done(sqlerr, &retry));
+
+    /* Pending BEGIN TRANSACTIONS Can move forward at this point. */
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+    /* we we have a cached DB image, update it as well */
+    if (sdb_p->cacheTable) {
+        PR_EnterMonitor(sdb_p->dbMon);
+        sdb_updateCache(sdb_p);
+        PR_ExitMonitor(sdb_p->dbMon);
+    }
+
+    error = sdb_mapSQLError(sdb_p->type, sqlerr);
+
+    /* We just finished a transaction.
+     * Free the database, and remove it from the list */
+    sqlite3_close(sqlDB);
+
+    return error;
+}
+
+static const char COMMIT_CMD[] = "COMMIT TRANSACTION;";
+CK_RV
+sdb_Commit(SDB *sdb)
+{
+    CK_RV crv;
+    LOCK_SQLITE()
+    crv = sdb_complete(sdb, COMMIT_CMD);
+    UNLOCK_SQLITE()
+    return crv;
+}
+
+static const char ROLLBACK_CMD[] = "ROLLBACK TRANSACTION;";
+CK_RV
+sdb_Abort(SDB *sdb)
+{
+    CK_RV crv;
+    LOCK_SQLITE()
+    crv = sdb_complete(sdb, ROLLBACK_CMD);
+    UNLOCK_SQLITE()
+    return crv;
+}
+
+static int tableExists(sqlite3 *sqlDB, const char *tableName);
+
+static const char GET_PW_CMD[] = "SELECT ALL * FROM metaData WHERE id=$ID;";
+CK_RV
+sdb_GetMetaData(SDB *sdb, const char *id, SECItem *item1, SECItem *item2)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = sdb_p->sqlXactDB;
+    sqlite3_stmt *stmt = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    int found = 0;
+    int retry = 0;
+
+    LOCK_SQLITE()
+    error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+
+    /* handle 'test' versions of the sqlite db */
+    sqlerr = sqlite3_prepare_v2(sqlDB, GET_PW_CMD, -1, &stmt, NULL);
+    /* Sigh, if we created a new table since we opened the database,
+     * the database handle will not see the new table, we need to close this
+     * database and reopen it. This is safe because we are holding the lock
+     * still. */
+    if (sqlerr == SQLITE_SCHEMA) {
+        sqlerr = sdb_reopenDBLocal(sdb_p, &sqlDB);
+        if (sqlerr != SQLITE_OK) {
+            goto loser;
+        }
+        sqlerr = sqlite3_prepare_v2(sqlDB, GET_PW_CMD, -1, &stmt, NULL);
+    }
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    sqlerr = sqlite3_bind_text(stmt, 1, id, PORT_Strlen(id), SQLITE_STATIC);
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+        if (sqlerr == SQLITE_ROW) {
+            const char *blobData;
+            unsigned int len = item1->len;
+            item1->len = sqlite3_column_bytes(stmt, 1);
+            if (item1->len > len) {
+                error = CKR_BUFFER_TOO_SMALL;
+                continue;
+            }
+            blobData = sqlite3_column_blob(stmt, 1);
+            PORT_Memcpy(item1->data, blobData, item1->len);
+            if (item2) {
+                len = item2->len;
+                item2->len = sqlite3_column_bytes(stmt, 2);
+                if (item2->len > len) {
+                    error = CKR_BUFFER_TOO_SMALL;
+                    continue;
+                }
+                blobData = sqlite3_column_blob(stmt, 2);
+                PORT_Memcpy(item2->data, blobData, item2->len);
+            }
+            found = 1;
+        }
+    } while (!sdb_done(sqlerr, &retry));
+
+loser:
+    /* fix up the error if necessary */
+    if (error == CKR_OK) {
+        error = sdb_mapSQLError(sdb_p->type, sqlerr);
+        if (!found && error == CKR_OK) {
+            error = CKR_OBJECT_HANDLE_INVALID;
+        }
+    }
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+    UNLOCK_SQLITE()
+
+    return error;
+}
+
+static const char PW_CREATE_TABLE_CMD[] =
+    "CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);";
+static const char PW_CREATE_CMD[] =
+    "INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);";
+static const char MD_CREATE_CMD[] =
+    "INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);";
+
+CK_RV
+sdb_PutMetaData(SDB *sdb, const char *id, const SECItem *item1,
+                const SECItem *item2)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = sdb_p->sqlXactDB;
+    sqlite3_stmt *stmt = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    int retry = 0;
+    const char *cmd = PW_CREATE_CMD;
+
+    if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    LOCK_SQLITE()
+    error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+
+    if (!tableExists(sqlDB, "metaData")) {
+        sqlerr = sqlite3_exec(sqlDB, PW_CREATE_TABLE_CMD, NULL, 0, NULL);
+        if (sqlerr != SQLITE_OK)
+            goto loser;
+    }
+    if (item2 == NULL) {
+        cmd = MD_CREATE_CMD;
+    }
+    sqlerr = sqlite3_prepare_v2(sqlDB, cmd, -1, &stmt, NULL);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    sqlerr = sqlite3_bind_text(stmt, 1, id, PORT_Strlen(id), SQLITE_STATIC);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    sqlerr = sqlite3_bind_blob(stmt, 2, item1->data, item1->len, SQLITE_STATIC);
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+    if (item2) {
+        sqlerr = sqlite3_bind_blob(stmt, 3, item2->data,
+                                   item2->len, SQLITE_STATIC);
+        if (sqlerr != SQLITE_OK)
+            goto loser;
+    }
+
+    do {
+        sqlerr = sqlite3_step(stmt);
+        if (sqlerr == SQLITE_BUSY) {
+            PR_Sleep(SDB_BUSY_RETRY_TIME);
+        }
+    } while (!sdb_done(sqlerr, &retry));
+
+loser:
+    /* fix up the error if necessary */
+    if (error == CKR_OK) {
+        error = sdb_mapSQLError(sdb_p->type, sqlerr);
+    }
+
+    if (stmt) {
+        sqlite3_reset(stmt);
+        sqlite3_finalize(stmt);
+    }
+
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+    UNLOCK_SQLITE()
+
+    return error;
+}
+
+static const char RESET_CMD[] = "DROP TABLE IF EXISTS %s;";
+CK_RV
+sdb_Reset(SDB *sdb)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    sqlite3 *sqlDB = NULL;
+    char *newStr;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+
+    /* only Key databases can be reset */
+    if (sdb_p->type != SDB_KEY) {
+        return CKR_OBJECT_HANDLE_INVALID;
+    }
+
+    LOCK_SQLITE()
+    error = sdb_openDBLocal(sdb_p, &sqlDB, NULL);
+    if (error != CKR_OK) {
+        goto loser;
+    }
+
+    /* delete the key table */
+    newStr = sqlite3_mprintf(RESET_CMD, sdb_p->table);
+    if (newStr == NULL) {
+        error = CKR_HOST_MEMORY;
+        goto loser;
+    }
+    sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+    sqlite3_free(newStr);
+
+    if (sqlerr != SQLITE_OK)
+        goto loser;
+
+    /* delete the password entry table */
+    sqlerr = sqlite3_exec(sqlDB, "DROP TABLE IF EXISTS metaData;",
+                          NULL, 0, NULL);
+
+loser:
+    /* fix up the error if necessary */
+    if (error == CKR_OK) {
+        error = sdb_mapSQLError(sdb_p->type, sqlerr);
+    }
+
+    if (sqlDB) {
+        sdb_closeDBLocal(sdb_p, sqlDB);
+    }
+
+    UNLOCK_SQLITE()
+    return error;
+}
+
+CK_RV
+sdb_Close(SDB *sdb)
+{
+    SDBPrivate *sdb_p = sdb->private;
+    int sqlerr = SQLITE_OK;
+    sdbDataType type = sdb_p->type;
+
+    sqlerr = sqlite3_close(sdb_p->sqlReadDB);
+    PORT_Free(sdb_p->sqlDBName);
+    if (sdb_p->cacheTable) {
+        sqlite3_free(sdb_p->cacheTable);
+    }
+    if (sdb_p->dbMon) {
+        PR_DestroyMonitor(sdb_p->dbMon);
+    }
+    free(sdb_p);
+    free(sdb);
+    return sdb_mapSQLError(type, sqlerr);
+}
+
+/*
+ * functions to support open
+ */
+
+static const char CHECK_TABLE_CMD[] = "SELECT ALL * FROM %s LIMIT 0;";
+
+/* return 1 if sqlDB contains table 'tableName */
+static int
+tableExists(sqlite3 *sqlDB, const char *tableName)
+{
+    char *cmd = sqlite3_mprintf(CHECK_TABLE_CMD, tableName);
+    int sqlerr = SQLITE_OK;
+
+    if (cmd == NULL) {
+        return 0;
+    }
+
+    sqlerr = sqlite3_exec(sqlDB, cmd, NULL, 0, 0);
+    sqlite3_free(cmd);
+
+    return (sqlerr == SQLITE_OK) ? 1 : 0;
+}
+
+void
+sdb_SetForkState(PRBool forked)
+{
+    /* XXXright now this is a no-op. The global fork state in the softokn3
+     * shared library is already taken care of at the PKCS#11 level.
+     * If and when we add fork state to the sqlite shared library and extern
+     * interface, we will need to set it and reset it from here */
+}
+
+/*
+ * initialize a single database
+ */
+static const char INIT_CMD[] =
+    "CREATE TABLE %s (id PRIMARY KEY UNIQUE ON CONFLICT ABORT%s)";
+
+CK_RV
+sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
+         int *newInit, int inFlags, PRUint32 accessOps, SDB **pSdb)
+{
+    int i;
+    char *initStr = NULL;
+    char *newStr;
+    int inTransaction = 0;
+    SDB *sdb = NULL;
+    SDBPrivate *sdb_p = NULL;
+    sqlite3 *sqlDB = NULL;
+    int sqlerr = SQLITE_OK;
+    CK_RV error = CKR_OK;
+    char *cacheTable = NULL;
+    PRIntervalTime now = 0;
+    char *env;
+    PRBool enableCache = PR_FALSE;
+    PRBool create;
+    int flags = inFlags & 0x7;
+
+    *pSdb = NULL;
+    *inUpdate = 0;
+
+    /* sqlite3 doesn't have a flag to specify that we want to
+     * open the database read only. If the db doesn't exist,
+     * sqlite3 will always create it.
+     */
+    LOCK_SQLITE();
+    create = (PR_Access(dbname, PR_ACCESS_EXISTS) != PR_SUCCESS);
+    if ((flags == SDB_RDONLY) && create) {
+        error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
+        goto loser;
+    }
+    sqlerr = sdb_openDB(dbname, &sqlDB, flags);
+    if (sqlerr != SQLITE_OK) {
+        error = sdb_mapSQLError(type, sqlerr);
+        goto loser;
+    }
+
+    /*
+     * SQL created the file, but it doesn't set appropriate modes for
+     * a database.
+     *
+     * NO NSPR call for chmod? :(
+     */
+    if (create && chmod(dbname, 0600) != 0) {
+        error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
+        goto loser;
+    }
+
+    if (flags != SDB_RDONLY) {
+        sqlerr = sqlite3_exec(sqlDB, BEGIN_CMD, NULL, 0, NULL);
+        if (sqlerr != SQLITE_OK) {
+            error = sdb_mapSQLError(type, sqlerr);
+            goto loser;
+        }
+        inTransaction = 1;
+    }
+    if (!tableExists(sqlDB, table)) {
+        *newInit = 1;
+        if (flags != SDB_CREATE) {
+            error = sdb_mapSQLError(type, SQLITE_CANTOPEN);
+            goto loser;
+        }
+        initStr = sqlite3_mprintf("");
+        for (i = 0; initStr && i < known_attributes_size; i++) {
+            newStr = sqlite3_mprintf("%s, a%x", initStr, known_attributes[i]);
+            sqlite3_free(initStr);
+            initStr = newStr;
+        }
+        if (initStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+
+        newStr = sqlite3_mprintf(INIT_CMD, table, initStr);
+        sqlite3_free(initStr);
+        if (newStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+        sqlite3_free(newStr);
+        if (sqlerr != SQLITE_OK) {
+            error = sdb_mapSQLError(type, sqlerr);
+            goto loser;
+        }
+
+        newStr = sqlite3_mprintf(CREATE_ISSUER_INDEX_CMD, table);
+        if (newStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+        sqlite3_free(newStr);
+        if (sqlerr != SQLITE_OK) {
+            error = sdb_mapSQLError(type, sqlerr);
+            goto loser;
+        }
+
+        newStr = sqlite3_mprintf(CREATE_SUBJECT_INDEX_CMD, table);
+        if (newStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+        sqlite3_free(newStr);
+        if (sqlerr != SQLITE_OK) {
+            error = sdb_mapSQLError(type, sqlerr);
+            goto loser;
+        }
+
+        newStr = sqlite3_mprintf(CREATE_LABEL_INDEX_CMD, table);
+        if (newStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+        sqlite3_free(newStr);
+        if (sqlerr != SQLITE_OK) {
+            error = sdb_mapSQLError(type, sqlerr);
+            goto loser;
+        }
+
+        newStr = sqlite3_mprintf(CREATE_ID_INDEX_CMD, table);
+        if (newStr == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        sqlerr = sqlite3_exec(sqlDB, newStr, NULL, 0, NULL);
+        sqlite3_free(newStr);
+        if (sqlerr != SQLITE_OK) {
+            error = sdb_mapSQLError(type, sqlerr);
+            goto loser;
+        }
+    }
+    /*
+     * detect the case where we have created the database, but have
+     * not yet updated it.
+     *
+     * We only check the Key database because only the key database has
+     * a metaData table. The metaData table is created when a password
+     * is set, or in the case of update, when a password is supplied.
+     * If no key database exists, then the update would have happened immediately
+     * on noticing that the cert database didn't exist (see newInit set above).
+     */
+    if (type == SDB_KEY && !tableExists(sqlDB, "metaData")) {
+        *newInit = 1;
+    }
+
+    /* access to network filesystems are significantly slower than local ones
+     * for database operations. In those cases we need to create a cached copy
+     * of the database in a temporary location on the local disk. SQLITE
+     * already provides a way to create a temporary table and initialize it,
+     * so we use it for the cache (see sdb_buildCache for how it's done).*/
+
+    /*
+      * we decide whether or not to use the cache based on the following input.
+      *
+      * NSS_SDB_USE_CACHE environment variable is non-existant or set to
+      *   anything other than "no" or "yes" ("auto", for instance).
+      *   This is the normal case. NSS will measure the performance of access
+      *   to the temp database versus the access to the users passed in
+      *   database location. If the temp database location is "significantly"
+      *   faster we will use the cache.
+      *
+      * NSS_SDB_USE_CACHE environment variable is set to "no": cache will not
+      *   be used.
+      *
+      * NSS_SDB_USE_CACHE environment variable is set to "yes": cache will
+      *   always be used.
+      *
+      * It is expected that most applications would use the "auto" selection,
+      * the environment variable is primarily to simplify testing, and to
+      * correct potential corner cases where  */
+
+    env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
+
+    if (env && PORT_Strcasecmp(env, "no") == 0) {
+        enableCache = PR_FALSE;
+    } else if (env && PORT_Strcasecmp(env, "yes") == 0) {
+        enableCache = PR_TRUE;
+    } else {
+        char *tempDir = NULL;
+        PRUint32 tempOps = 0;
+        /*
+         *  Use PR_Access to determine how expensive it
+         * is to check for the existance of a local file compared to the same
+         * check in the temp directory. If the temp directory is faster, cache
+         * the database there. */
+        tempDir = sdb_getTempDir(sqlDB);
+        if (tempDir) {
+            tempOps = sdb_measureAccess(tempDir);
+            PORT_Free(tempDir);
+
+            /* There is a cost to continually copying the database.
+             * Account for that cost  with the arbitrary factor of 10 */
+            enableCache = (PRBool)(tempOps > accessOps * 10);
+        }
+    }
+
+    if (enableCache) {
+        /* try to set the temp store to memory.*/
+        sqlite3_exec(sqlDB, "PRAGMA temp_store=MEMORY", NULL, 0, NULL);
+        /* Failure to set the temp store to memory is not fatal,
+         * ignore the error */
+
+        cacheTable = sqlite3_mprintf("%sCache", table);
+        if (cacheTable == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+        /* build the cache table */
+        error = sdb_buildCache(sqlDB, type, cacheTable, table);
+        if (error != CKR_OK) {
+            goto loser;
+        }
+        /* initialize the last cache build time */
+        now = PR_IntervalNow();
+    }
+
+    sdb = (SDB *)malloc(sizeof(SDB));
+    sdb_p = (SDBPrivate *)malloc(sizeof(SDBPrivate));
+
+    /* invariant fields */
+    sdb_p->sqlDBName = PORT_Strdup(dbname);
+    sdb_p->type = type;
+    sdb_p->table = table;
+    sdb_p->cacheTable = cacheTable;
+    sdb_p->lastUpdateTime = now;
+    /* set the cache delay time. This is how long we will wait before we
+     * decide the existing cache is stale. Currently set to 10 sec */
+    sdb_p->updateInterval = PR_SecondsToInterval(10);
+    sdb_p->dbMon = PR_NewMonitor();
+    /* these fields are protected by the lock */
+    sdb_p->sqlXactDB = NULL;
+    sdb_p->sqlXactThread = NULL;
+    sdb->private = sdb_p;
+    sdb->version = 0;
+    sdb->sdb_flags = inFlags | SDB_HAS_META;
+    sdb->app_private = NULL;
+    sdb->sdb_FindObjectsInit = sdb_FindObjectsInit;
+    sdb->sdb_FindObjects = sdb_FindObjects;
+    sdb->sdb_FindObjectsFinal = sdb_FindObjectsFinal;
+    sdb->sdb_GetAttributeValue = sdb_GetAttributeValue;
+    sdb->sdb_SetAttributeValue = sdb_SetAttributeValue;
+    sdb->sdb_CreateObject = sdb_CreateObject;
+    sdb->sdb_DestroyObject = sdb_DestroyObject;
+    sdb->sdb_GetMetaData = sdb_GetMetaData;
+    sdb->sdb_PutMetaData = sdb_PutMetaData;
+    sdb->sdb_Begin = sdb_Begin;
+    sdb->sdb_Commit = sdb_Commit;
+    sdb->sdb_Abort = sdb_Abort;
+    sdb->sdb_Reset = sdb_Reset;
+    sdb->sdb_Close = sdb_Close;
+    sdb->sdb_SetForkState = sdb_SetForkState;
+
+    if (inTransaction) {
+        sqlerr = sqlite3_exec(sqlDB, COMMIT_CMD, NULL, 0, NULL);
+        if (sqlerr != SQLITE_OK) {
+            error = sdb_mapSQLError(sdb_p->type, sqlerr);
+            goto loser;
+        }
+        inTransaction = 0;
+    }
+
+    sdb_p->sqlReadDB = sqlDB;
+
+    *pSdb = sdb;
+    UNLOCK_SQLITE();
+    return CKR_OK;
+
+loser:
+    /* lots of stuff to do */
+    if (inTransaction) {
+        sqlite3_exec(sqlDB, ROLLBACK_CMD, NULL, 0, NULL);
+    }
+    if (sdb) {
+        free(sdb);
+    }
+    if (sdb_p) {
+        free(sdb_p);
+    }
+    if (sqlDB) {
+        sqlite3_close(sqlDB);
+    }
+    UNLOCK_SQLITE();
+    return error;
+}
+
+/* sdbopen */
+CK_RV
+s_open(const char *directory, const char *certPrefix, const char *keyPrefix,
+       int cert_version, int key_version, int flags,
+       SDB **certdb, SDB **keydb, int *newInit)
+{
+    char *cert = sdb_BuildFileName(directory, certPrefix,
+                                   "cert", cert_version);
+    char *key = sdb_BuildFileName(directory, keyPrefix,
+                                  "key", key_version);
+    CK_RV error = CKR_OK;
+    int inUpdate;
+    PRUint32 accessOps;
+
+    if (certdb)
+        *certdb = NULL;
+    if (keydb)
+        *keydb = NULL;
+    *newInit = 0;
+
+#ifdef SQLITE_UNSAFE_THREADS
+    if (sqlite_lock == NULL) {
+        sqlite_lock = PR_NewLock();
+        if (sqlite_lock == NULL) {
+            error = CKR_HOST_MEMORY;
+            goto loser;
+        }
+    }
+#endif
+
+    /* how long does it take to test for a non-existant file in our working
+     * directory? Allows us to test if we may be on a network file system */
+    accessOps = 1;
+    {
+        char *env;
+        env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
+        /* If the environment variable is set to yes or no, sdb_init() will
+         * ignore the value of accessOps, and we can skip the measuring.*/
+        if (!env || ((PORT_Strcasecmp(env, "no") != 0) &&
+                     (PORT_Strcasecmp(env, "yes") != 0))) {
+            accessOps = sdb_measureAccess(directory);
+        }
+    }
+
+    /*
+     * open the cert data base
+     */
+    if (certdb) {
+        /* initialize Certificate database */
+        error = sdb_init(cert, "nssPublic", SDB_CERT, &inUpdate,
+                         newInit, flags, accessOps, certdb);
+        if (error != CKR_OK) {
+            goto loser;
+        }
+    }
+
+    /*
+     * open the key data base:
+     *  NOTE:if we want to implement a single database, we open
+     *  the same database file as the certificate here.
+     *
+     *  cert an key db's have different tables, so they will not
+     *  conflict.
+     */
+    if (keydb) {
+        /* initialize the Key database */
+        error = sdb_init(key, "nssPrivate", SDB_KEY, &inUpdate,
+                         newInit, flags, accessOps, keydb);
+        if (error != CKR_OK) {
+            goto loser;
+        }
+    }
+
+loser:
+    if (cert) {
+        sqlite3_free(cert);
+    }
+    if (key) {
+        sqlite3_free(key);
+    }
+
+    if (error != CKR_OK) {
+        /* currently redundant, but could be necessary if more code is added
+         * just before loser */
+        if (keydb && *keydb) {
+            sdb_Close(*keydb);
+        }
+        if (certdb && *certdb) {
+            sdb_Close(*certdb);
+        }
+    }
+
+    return error;
+}
+
+CK_RV
+s_shutdown()
+{
+#ifdef SQLITE_UNSAFE_THREADS
+    if (sqlite_lock) {
+        PR_DestroyLock(sqlite_lock);
+        sqlite_lock = NULL;
+    }
+#endif
+    return CKR_OK;
+}
diff --git a/nss/lib/softoken/sdb.h b/nss/lib/softoken/sdb.h
new file mode 100644
index 0000000..04b873e
--- /dev/null
+++ b/nss/lib/softoken/sdb.h
@@ -0,0 +1,93 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * This file implements PKCS 11 on top of our existing security modules
+ *
+ * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
+ *   This implementation has two slots:
+ *      slot 1 is our generic crypto support. It does not require login.
+ *   It supports Public Key ops, and all they bulk ciphers and hashes.
+ *   It can also support Private Key ops for imported Private keys. It does
+ *   not have any token storage.
+ *      slot 2 is our private key support. It requires a login before use. It
+ *   can store Private Keys and Certs as token objects. Currently only private
+ *   keys and their associated Certificates are saved on the token.
+ *
+ *   In this implementation, session objects are only visible to the session
+ *   that created or generated them.
+ */
+
+/*
+ * the following data structures should be moved to a 'rdb.h'.
+ */
+
+#ifndef _SDB_H
+#define _SDB_H 1
+#include "pkcs11t.h"
+#include "secitem.h"
+#include "sftkdbt.h"
+
+#define STATIC_CMD_SIZE 2048
+
+typedef struct SDBFindStr SDBFind;
+typedef struct SDBStr SDB;
+
+struct SDBStr {
+    void *private;
+    int version;
+    int reserved;
+    int sdb_flags;
+    void *app_private;
+    CK_RV(*sdb_FindObjectsInit)
+    (SDB *sdb, const CK_ATTRIBUTE *template,
+     CK_ULONG count, SDBFind **find);
+    CK_RV(*sdb_FindObjects)
+    (SDB *sdb, SDBFind *find, CK_OBJECT_HANDLE *ids,
+     CK_ULONG arraySize, CK_ULONG *count);
+    CK_RV(*sdb_FindObjectsFinal)
+    (SDB *sdb, SDBFind *find);
+    CK_RV(*sdb_GetAttributeValue)
+    (SDB *sdb, CK_OBJECT_HANDLE object,
+     CK_ATTRIBUTE *template, CK_ULONG count);
+    CK_RV(*sdb_SetAttributeValue)
+    (SDB *sdb, CK_OBJECT_HANDLE object,
+     const CK_ATTRIBUTE *template, CK_ULONG count);
+    CK_RV(*sdb_CreateObject)
+    (SDB *sdb, CK_OBJECT_HANDLE *object,
+     const CK_ATTRIBUTE *template, CK_ULONG count);
+    CK_RV(*sdb_DestroyObject)
+    (SDB *sdb, CK_OBJECT_HANDLE object);
+    CK_RV(*sdb_GetMetaData)
+    (SDB *sdb, const char *id,
+     SECItem *item1, SECItem *item2);
+    CK_RV(*sdb_PutMetaData)
+    (SDB *sdb, const char *id,
+     const SECItem *item1, const SECItem *item2);
+    CK_RV(*sdb_Begin)
+    (SDB *sdb);
+    CK_RV(*sdb_Commit)
+    (SDB *sdb);
+    CK_RV(*sdb_Abort)
+    (SDB *sdb);
+    CK_RV(*sdb_Reset)
+    (SDB *sdb);
+    CK_RV(*sdb_Close)
+    (SDB *sdb);
+    void (*sdb_SetForkState)(PRBool forked);
+};
+
+CK_RV s_open(const char *directory, const char *certPrefix,
+             const char *keyPrefix,
+             int cert_version, int key_version,
+             int flags, SDB **certdb, SDB **keydb, int *newInit);
+CK_RV s_shutdown();
+
+/* flags */
+#define SDB_RDONLY 1
+#define SDB_RDWR 2
+#define SDB_CREATE 4
+#define SDB_HAS_META 8
+#define SDB_FIPS 0x10
+
+#endif
diff --git a/nss/lib/softoken/sftkdb.c b/nss/lib/softoken/sftkdb.c
new file mode 100644
index 0000000..52e5161
--- /dev/null
+++ b/nss/lib/softoken/sftkdb.c
@@ -0,0 +1,2716 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ *  The following code handles the storage of PKCS 11 modules used by the
+ * NSS. For the rest of NSS, only one kind of database handle exists:
+ *
+ *     SFTKDBHandle
+ *
+ * There is one SFTKDBHandle for the each key database and one for each cert
+ * database. These databases are opened as associated pairs, one pair per
+ * slot. SFTKDBHandles are reference counted objects.
+ *
+ * Each SFTKDBHandle points to a low level database handle (SDB). This handle
+ * represents the underlying physical database. These objects are not
+ * reference counted, an are 'owned' by their respective SFTKDBHandles.
+ *
+ *
+ */
+#include "sftkdb.h"
+#include "sftkdbti.h"
+#include "pkcs11t.h"
+#include "pkcs11i.h"
+#include "sdb.h"
+#include "prprf.h"
+#include "pratom.h"
+#include "lgglue.h"
+#include "utilpars.h"
+#include "secerr.h"
+#include "softoken.h"
+
+/*
+ * We want all databases to have the same binary representation independent of
+ * endianness or length of the host architecture. In general PKCS #11 attributes
+ * are endian/length independent except those attributes that pass CK_ULONG.
+ *
+ * The following functions fixes up the CK_ULONG type attributes so that the data
+ * base sees a machine independent view. CK_ULONGs are stored as 4 byte network
+ * byte order values (big endian).
+ */
+#define BBP 8
+
+static PRBool
+sftkdb_isULONGAttribute(CK_ATTRIBUTE_TYPE type)
+{
+    switch (type) {
+        case CKA_CERTIFICATE_CATEGORY:
+        case CKA_CERTIFICATE_TYPE:
+        case CKA_CLASS:
+        case CKA_JAVA_MIDP_SECURITY_DOMAIN:
+        case CKA_KEY_GEN_MECHANISM:
+        case CKA_KEY_TYPE:
+        case CKA_MECHANISM_TYPE:
+        case CKA_MODULUS_BITS:
+        case CKA_PRIME_BITS:
+        case CKA_SUBPRIME_BITS:
+        case CKA_VALUE_BITS:
+        case CKA_VALUE_LEN:
+
+        case CKA_TRUST_DIGITAL_SIGNATURE:
+        case CKA_TRUST_NON_REPUDIATION:
+        case CKA_TRUST_KEY_ENCIPHERMENT:
+        case CKA_TRUST_DATA_ENCIPHERMENT:
+        case CKA_TRUST_KEY_AGREEMENT:
+        case CKA_TRUST_KEY_CERT_SIGN:
+        case CKA_TRUST_CRL_SIGN:
+
+        case CKA_TRUST_SERVER_AUTH:
+        case CKA_TRUST_CLIENT_AUTH:
+        case CKA_TRUST_CODE_SIGNING:
+        case CKA_TRUST_EMAIL_PROTECTION:
+        case CKA_TRUST_IPSEC_END_SYSTEM:
+        case CKA_TRUST_IPSEC_TUNNEL:
+        case CKA_TRUST_IPSEC_USER:
+        case CKA_TRUST_TIME_STAMPING:
+        case CKA_TRUST_STEP_UP_APPROVED:
+            return PR_TRUE;
+        default:
+            break;
+    }
+    return PR_FALSE;
+}
+
+/* are the attributes private? */
+static PRBool
+sftkdb_isPrivateAttribute(CK_ATTRIBUTE_TYPE type)
+{
+    switch (type) {
+        case CKA_VALUE:
+        case CKA_PRIVATE_EXPONENT:
+        case CKA_PRIME_1:
+        case CKA_PRIME_2:
+        case CKA_EXPONENT_1:
+        case CKA_EXPONENT_2:
+        case CKA_COEFFICIENT:
+            return PR_TRUE;
+        default:
+            break;
+    }
+    return PR_FALSE;
+}
+
+/* These attributes must be authenticated with an hmac. */
+static PRBool
+sftkdb_isAuthenticatedAttribute(CK_ATTRIBUTE_TYPE type)
+{
+    switch (type) {
+        case CKA_MODULUS:
+        case CKA_PUBLIC_EXPONENT:
+        case CKA_CERT_SHA1_HASH:
+        case CKA_CERT_MD5_HASH:
+        case CKA_TRUST_SERVER_AUTH:
+        case CKA_TRUST_CLIENT_AUTH:
+        case CKA_TRUST_EMAIL_PROTECTION:
+        case CKA_TRUST_CODE_SIGNING:
+        case CKA_TRUST_STEP_UP_APPROVED:
+        case CKA_NSS_OVERRIDE_EXTENSIONS:
+            return PR_TRUE;
+        default:
+            break;
+    }
+    return PR_FALSE;
+}
+
+/*
+ * convert a native ULONG to a database ulong. Database ulong's
+ * are all 4 byte big endian values.
+ */
+void
+sftk_ULong2SDBULong(unsigned char *data, CK_ULONG value)
+{
+    int i;
+
+    for (i = 0; i < SDB_ULONG_SIZE; i++) {
+        data[i] = (value >> (SDB_ULONG_SIZE - 1 - i) * BBP) & 0xff;
+    }
+}
+
+/*
+ * convert a database ulong back to a native ULONG. (reverse of the above
+ * function.
+ */
+static CK_ULONG
+sftk_SDBULong2ULong(unsigned char *data)
+{
+    int i;
+    CK_ULONG value = 0;
+
+    for (i = 0; i < SDB_ULONG_SIZE; i++) {
+        value |= (((CK_ULONG)data[i]) << (SDB_ULONG_SIZE - 1 - i) * BBP);
+    }
+    return value;
+}
+
+/*
+ * fix up the input templates. Our fixed up ints are stored in data and must
+ * be freed by the caller. The new template must also be freed. If there are no
+ * CK_ULONG attributes, the orignal template is passed in as is.
+ */
+static CK_ATTRIBUTE *
+sftkdb_fixupTemplateIn(const CK_ATTRIBUTE *template, int count,
+                       unsigned char **dataOut)
+{
+    int i;
+    int ulongCount = 0;
+    unsigned char *data;
+    CK_ATTRIBUTE *ntemplate;
+
+    *dataOut = NULL;
+
+    /* first count the number of CK_ULONG attributes */
+    for (i = 0; i < count; i++) {
+        /* Don't 'fixup' NULL values */
+        if (!template[i].pValue) {
+            continue;
+        }
+        if (template[i].ulValueLen == sizeof(CK_ULONG)) {
+            if (sftkdb_isULONGAttribute(template[i].type)) {
+                ulongCount++;
+            }
+        }
+    }
+    /* no attributes to fixup, just call on through */
+    if (ulongCount == 0) {
+        return (CK_ATTRIBUTE *)template;
+    }
+
+    /* allocate space for new ULONGS */
+    data = (unsigned char *)PORT_Alloc(SDB_ULONG_SIZE * ulongCount);
+    if (!data) {
+        return NULL;
+    }
+
+    /* allocate new template */
+    ntemplate = PORT_NewArray(CK_ATTRIBUTE, count);
+    if (!ntemplate) {
+        PORT_Free(data);
+        return NULL;
+    }
+    *dataOut = data;
+    /* copy the old template, fixup the actual ulongs */
+    for (i = 0; i < count; i++) {
+        ntemplate[i] = template[i];
+        /* Don't 'fixup' NULL values */
+        if (!template[i].pValue) {
+            continue;
+        }
+        if (template[i].ulValueLen == sizeof(CK_ULONG)) {
+            if (sftkdb_isULONGAttribute(template[i].type)) {
+                CK_ULONG value = *(CK_ULONG *)template[i].pValue;
+                sftk_ULong2SDBULong(data, value);
+                ntemplate[i].pValue = data;
+                ntemplate[i].ulValueLen = SDB_ULONG_SIZE;
+                data += SDB_ULONG_SIZE;
+            }
+        }
+    }
+    return ntemplate;
+}
+
+static const char SFTKDB_META_SIG_TEMPLATE[] = "sig_%s_%08x_%08x";
+
+/*
+ * return a string describing the database type (key or cert)
+ */
+const char *
+sftkdb_TypeString(SFTKDBHandle *handle)
+{
+    return (handle->type == SFTK_KEYDB_TYPE) ? "key" : "cert";
+}
+
+/*
+ * Some attributes are signed with an Hmac and a pbe key generated from
+ * the password. This signature is stored indexed by object handle and
+ * attribute type in the meta data table in the key database.
+ *
+ * Signature entries are indexed by the string
+ * sig_[cert/key]_{ObjectID}_{Attribute}
+ *
+ * This function fetches that pkcs5 signature. Caller supplies a SECItem
+ * pre-allocated to the appropriate size if the SECItem is too small the
+ * function will fail with CKR_BUFFER_TOO_SMALL.
+ */
+static CK_RV
+sftkdb_getAttributeSignature(SFTKDBHandle *handle, SFTKDBHandle *keyHandle,
+                             CK_OBJECT_HANDLE objectID, CK_ATTRIBUTE_TYPE type,
+                             SECItem *signText)
+{
+    SDB *db;
+    char id[30];
+    CK_RV crv;
+
+    db = SFTK_GET_SDB(keyHandle);
+
+    sprintf(id, SFTKDB_META_SIG_TEMPLATE,
+            sftkdb_TypeString(handle),
+            (unsigned int)objectID, (unsigned int)type);
+
+    crv = (*db->sdb_GetMetaData)(db, id, signText, NULL);
+    return crv;
+}
+
+/*
+ * Some attributes are signed with an Hmac and a pbe key generated from
+ * the password. This signature is stored indexed by object handle and
+ * attribute type in the meta data table in the key database.
+ *
+ * Signature entries are indexed by the string
+ * sig_[cert/key]_{ObjectID}_{Attribute}
+ *
+ * This function stores that pkcs5 signature.
+ */
+CK_RV
+sftkdb_PutAttributeSignature(SFTKDBHandle *handle, SDB *keyTarget,
+                             CK_OBJECT_HANDLE objectID, CK_ATTRIBUTE_TYPE type,
+                             SECItem *signText)
+{
+    char id[30];
+    CK_RV crv;
+
+    sprintf(id, SFTKDB_META_SIG_TEMPLATE,
+            sftkdb_TypeString(handle),
+            (unsigned int)objectID, (unsigned int)type);
+
+    crv = (*keyTarget->sdb_PutMetaData)(keyTarget, id, signText, NULL);
+    return crv;
+}
+
+/*
+ * fix up returned data. NOTE: sftkdb_fixupTemplateIn has already allocated
+ * separate data sections for the database ULONG values.
+ */
+static CK_RV
+sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID,
+                        CK_ATTRIBUTE *ntemplate, int count, SFTKDBHandle *handle)
+{
+    int i;
+    CK_RV crv = CKR_OK;
+    SFTKDBHandle *keyHandle;
+    PRBool checkSig = PR_TRUE;
+    PRBool checkEnc = PR_TRUE;
+
+    PORT_Assert(handle);
+
+    /* find the key handle */
+    keyHandle = handle;
+    if (handle->type != SFTK_KEYDB_TYPE) {
+        checkEnc = PR_FALSE;
+        keyHandle = handle->peerDB;
+    }
+
+    if ((keyHandle == NULL) ||
+        ((SFTK_GET_SDB(keyHandle)->sdb_flags & SDB_HAS_META) == 0) ||
+        (keyHandle->passwordKey.data == NULL)) {
+        checkSig = PR_FALSE;
+    }
+
+    for (i = 0; i < count; i++) {
+        CK_ULONG length = template[i].ulValueLen;
+        template[i].ulValueLen = ntemplate[i].ulValueLen;
+        /* fixup ulongs */
+        if (ntemplate[i].ulValueLen == SDB_ULONG_SIZE) {
+            if (sftkdb_isULONGAttribute(template[i].type)) {
+                if (template[i].pValue) {
+                    CK_ULONG value;
+
+                    value = sftk_SDBULong2ULong(ntemplate[i].pValue);
+                    if (length < sizeof(CK_ULONG)) {
+                        template[i].ulValueLen = -1;
+                        crv = CKR_BUFFER_TOO_SMALL;
+                        continue;
+                    }
+                    PORT_Memcpy(template[i].pValue, &value, sizeof(CK_ULONG));
+                }
+                template[i].ulValueLen = sizeof(CK_ULONG);
+            }
+        }
+
+        /* if no data was retrieved, no need to process encrypted or signed
+         * attributes */
+        if ((template[i].pValue == NULL) || (template[i].ulValueLen == -1)) {
+            continue;
+        }
+
+        /* fixup private attributes */
+        if (checkEnc && sftkdb_isPrivateAttribute(ntemplate[i].type)) {
+            /* we have a private attribute */
+            /* This code depends on the fact that the cipherText is bigger
+             * than the plain text */
+            SECItem cipherText;
+            SECItem *plainText;
+            SECStatus rv;
+
+            cipherText.data = ntemplate[i].pValue;
+            cipherText.len = ntemplate[i].ulValueLen;
+            PZ_Lock(handle->passwordLock);
+            if (handle->passwordKey.data == NULL) {
+                PZ_Unlock(handle->passwordLock);
+                template[i].ulValueLen = -1;
+                crv = CKR_USER_NOT_LOGGED_IN;
+                continue;
+            }
+            rv = sftkdb_DecryptAttribute(&handle->passwordKey,
+                                         &cipherText, &plainText);
+            PZ_Unlock(handle->passwordLock);
+            if (rv != SECSuccess) {
+                PORT_Memset(template[i].pValue, 0, template[i].ulValueLen);
+                template[i].ulValueLen = -1;
+                crv = CKR_GENERAL_ERROR;
+                continue;
+            }
+            PORT_Assert(template[i].ulValueLen >= plainText->len);
+            if (template[i].ulValueLen < plainText->len) {
+                SECITEM_FreeItem(plainText, PR_TRUE);
+                PORT_Memset(template[i].pValue, 0, template[i].ulValueLen);
+                template[i].ulValueLen = -1;
+                crv = CKR_GENERAL_ERROR;
+                continue;
+            }
+
+            /* copy the plain text back into the template */
+            PORT_Memcpy(template[i].pValue, plainText->data, plainText->len);
+            template[i].ulValueLen = plainText->len;
+            SECITEM_FreeItem(plainText, PR_TRUE);
+        }
+        /* make sure signed attributes are valid */
+        if (checkSig && sftkdb_isAuthenticatedAttribute(ntemplate[i].type)) {
+            SECStatus rv;
+            SECItem signText;
+            SECItem plainText;
+            unsigned char signData[SDB_MAX_META_DATA_LEN];
+
+            signText.data = signData;
+            signText.len = sizeof(signData);
+
+            rv = sftkdb_getAttributeSignature(handle, keyHandle,
+                                              objectID, ntemplate[i].type, &signText);
+            if (rv != SECSuccess) {
+                PORT_Memset(template[i].pValue, 0, template[i].ulValueLen);
+                template[i].ulValueLen = -1;
+                crv = CKR_DATA_INVALID; /* better error code? */
+                continue;
+            }
+
+            plainText.data = ntemplate[i].pValue;
+            plainText.len = ntemplate[i].ulValueLen;
+
+            /*
+             * we do a second check holding the lock just in case the user
+             * loggout while we were trying to get the signature.
+             */
+            PZ_Lock(keyHandle->passwordLock);
+            if (keyHandle->passwordKey.data == NULL) {
+                /* if we are no longer logged in, no use checking the other
+                 * Signatures either. */
+                checkSig = PR_FALSE;
+                PZ_Unlock(keyHandle->passwordLock);
+                continue;
+            }
+
+            rv = sftkdb_VerifyAttribute(&keyHandle->passwordKey,
+                                        objectID, ntemplate[i].type,
+                                        &plainText, &signText);
+            PZ_Unlock(keyHandle->passwordLock);
+            if (rv != SECSuccess) {
+                PORT_Memset(template[i].pValue, 0, template[i].ulValueLen);
+                template[i].ulValueLen = -1;
+                crv = CKR_SIGNATURE_INVALID; /* better error code? */
+            }
+            /* This Attribute is fine */
+        }
+    }
+    return crv;
+}
+
+/*
+ * Some attributes are signed with an HMAC and a pbe key generated from
+ * the password. This signature is stored indexed by object handle and
+ *
+ * Those attributes are:
+ * 1) Trust object hashes and trust values.
+ * 2) public key values.
+ *
+ * Certs themselves are considered properly authenticated by virtue of their
+ * signature, or their matching hash with the trust object.
+ *
+ * These signature is only checked for objects coming from shared databases.
+ * Older dbm style databases have such no signature checks. HMACs are also
+ * only checked when the token is logged in, as it requires a pbe generated
+ * from the password.
+ *
+ * Tokens which have no key database (and therefore no master password) do not
+ * have any stored signature values. Signature values are stored in the key
+ * database, since the signature data is tightly coupled to the key database
+ * password.
+ *
+ * This function takes a template of attributes that were either created or
+ * modified. These attributes are checked to see if the need to be signed.
+ * If they do, then this function signs the attributes and writes them
+ * to the meta data store.
+ *
+ * This function can fail if there are attributes that must be signed, but
+ * the token is not logged in.
+ *
+ * The caller is expected to abort any transaction he was in in the
+ * event of a failure of this function.
+ */
+static CK_RV
+sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle,
+                  PRBool mayBeUpdateDB,
+                  CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template,
+                  CK_ULONG count)
+{
+    unsigned int i;
+    CK_RV crv;
+    SFTKDBHandle *keyHandle = handle;
+    SDB *keyTarget = NULL;
+    PRBool usingPeerDB = PR_FALSE;
+    PRBool inPeerDBTransaction = PR_FALSE;
+
+    PORT_Assert(handle);
+
+    if (handle->type != SFTK_KEYDB_TYPE) {
+        keyHandle = handle->peerDB;
+        usingPeerDB = PR_TRUE;
+    }
+
+    /* no key DB defined? then no need to sign anything */
+    if (keyHandle == NULL) {
+        crv = CKR_OK;
+        goto loser;
+    }
+
+    /* When we are in a middle of an update, we have an update database set,
+     * but we want to write to the real database. The bool mayBeUpdateDB is
+     * set to TRUE if it's possible that we want to write an update database
+     * rather than a primary */
+    keyTarget = (mayBeUpdateDB && keyHandle->update) ? keyHandle->update : keyHandle->db;
+
+    /* skip the the database does not support meta data */
+    if ((keyTarget->sdb_flags & SDB_HAS_META) == 0) {
+        crv = CKR_OK;
+        goto loser;
+    }
+
+    /* If we had to switch databases, we need to initialize a transaction. */
+    if (usingPeerDB) {
+        crv = (*keyTarget->sdb_Begin)(keyTarget);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        inPeerDBTransaction = PR_TRUE;
+    }
+
+    for (i = 0; i < count; i++) {
+        if (sftkdb_isAuthenticatedAttribute(template[i].type)) {
+            SECStatus rv;
+            SECItem *signText;
+            SECItem plainText;
+
+            plainText.data = template[i].pValue;
+            plainText.len = template[i].ulValueLen;
+            PZ_Lock(keyHandle->passwordLock);
+            if (keyHandle->passwordKey.data == NULL) {
+                PZ_Unlock(keyHandle->passwordLock);
+                crv = CKR_USER_NOT_LOGGED_IN;
+                goto loser;
+            }
+            rv = sftkdb_SignAttribute(arena, &keyHandle->passwordKey,
+                                      objectID, template[i].type,
+                                      &plainText, &signText);
+            PZ_Unlock(keyHandle->passwordLock);
+            if (rv != SECSuccess) {
+                crv = CKR_GENERAL_ERROR; /* better error code here? */
+                goto loser;
+            }
+            rv = sftkdb_PutAttributeSignature(handle, keyTarget,
+                                              objectID, template[i].type, signText);
+            if (rv != SECSuccess) {
+                crv = CKR_GENERAL_ERROR; /* better error code here? */
+                goto loser;
+            }
+        }
+    }
+    crv = CKR_OK;
+
+    /* If necessary, commit the transaction */
+    if (inPeerDBTransaction) {
+        crv = (*keyTarget->sdb_Commit)(keyTarget);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+        inPeerDBTransaction = PR_FALSE;
+    }
+
+loser:
+    if (inPeerDBTransaction) {
+        /* The transaction must have failed. Abort. */
+        (*keyTarget->sdb_Abort)(keyTarget);
+        PORT_Assert(crv != CKR_OK);
+        if (crv == CKR_OK)
+            crv = CKR_GENERAL_ERROR;
+    }
+    return crv;
+}
+
+static CK_RV
+sftkdb_CreateObject(PLArenaPool *arena, SFTKDBHandle *handle,
+                    SDB *db, CK_OBJECT_HANDLE *objectID,
+                    CK_ATTRIBUTE *template, CK_ULONG count)
+{
+    CK_RV crv;
+
+    crv = (*db->sdb_CreateObject)(db, objectID, template, count);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    crv = sftk_signTemplate(arena, handle, (db == handle->update),
+                            *objectID, template, count);
+loser:
+
+    return crv;
+}
+
+CK_ATTRIBUTE *
+sftk_ExtractTemplate(PLArenaPool *arena, SFTKObject *object,
+                     SFTKDBHandle *handle, CK_ULONG *pcount,
+                     CK_RV *crv)
+{
+    unsigned int count;
+    CK_ATTRIBUTE *template;
+    unsigned int i, templateIndex;
+    SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);
+    PRBool doEnc = PR_TRUE;
+
+    *crv = CKR_OK;
+
+    if (sessObject == NULL) {
+        *crv = CKR_GENERAL_ERROR; /* internal programming error */
+        return NULL;
+    }
+
+    PORT_Assert(handle);
+    /* find the key handle */
+    if (handle->type != SFTK_KEYDB_TYPE) {
+        doEnc = PR_FALSE;
+    }
+
+    PZ_Lock(sessObject->attributeLock);
+    count = 0;
+    for (i = 0; i < sessObject->hashSize; i++) {
+        SFTKAttribute *attr;
+        for (attr = sessObject->head[i]; attr; attr = attr->next) {
+            count++;
+        }
+    }
+    template = PORT_ArenaNewArray(arena, CK_ATTRIBUTE, count);
+    if (template == NULL) {
+        PZ_Unlock(sessObject->attributeLock);
+        *crv = CKR_HOST_MEMORY;
+        return NULL;
+    }
+    templateIndex = 0;
+    for (i = 0; i < sessObject->hashSize; i++) {
+        SFTKAttribute *attr;
+        for (attr = sessObject->head[i]; attr; attr = attr->next) {
+            CK_ATTRIBUTE *tp = &template[templateIndex++];
+            /* copy the attribute */
+            *tp = attr->attrib;
+
+            /* fixup  ULONG s */
+            if ((tp->ulValueLen == sizeof(CK_ULONG)) &&
+                (sftkdb_isULONGAttribute(tp->type))) {
+                CK_ULONG value = *(CK_ULONG *)tp->pValue;
+                unsigned char *data;
+
+                tp->pValue = PORT_ArenaAlloc(arena, SDB_ULONG_SIZE);
+                data = (unsigned char *)tp->pValue;
+                if (data == NULL) {
+                    *crv = CKR_HOST_MEMORY;
+                    break;
+                }
+                sftk_ULong2SDBULong(data, value);
+                tp->ulValueLen = SDB_ULONG_SIZE;
+            }
+
+            /* encrypt private attributes */
+            if (doEnc && sftkdb_isPrivateAttribute(tp->type)) {
+                /* we have a private attribute */
+                SECItem *cipherText;
+                SECItem plainText;
+                SECStatus rv;
+
+                plainText.data = tp->pValue;
+                plainText.len = tp->ulValueLen;
+                PZ_Lock(handle->passwordLock);
+                if (handle->passwordKey.data == NULL) {
+                    PZ_Unlock(handle->passwordLock);
+                    *crv = CKR_USER_NOT_LOGGED_IN;
+                    break;
+                }
+                rv = sftkdb_EncryptAttribute(arena, &handle->passwordKey,
+                                             &plainText, &cipherText);
+                PZ_Unlock(handle->passwordLock);
+                if (rv == SECSuccess) {
+                    tp->pValue = cipherText->data;
+                    tp->ulValueLen = cipherText->len;
+                } else {
+                    *crv = CKR_GENERAL_ERROR; /* better error code here? */
+                    break;
+                }
+                PORT_Memset(plainText.data, 0, plainText.len);
+            }
+        }
+    }
+    PORT_Assert(templateIndex <= count);
+    PZ_Unlock(sessObject->attributeLock);
+
+    if (*crv != CKR_OK) {
+        return NULL;
+    }
+    if (pcount) {
+        *pcount = count;
+    }
+    return template;
+}
+
+/*
+ * return a pointer to the attribute in the give template.
+ * The return value is not const, as the caller may modify
+ * the given attribute value, but such modifications will
+ * modify the actual value in the template.
+ */
+static CK_ATTRIBUTE *
+sftkdb_getAttributeFromTemplate(CK_ATTRIBUTE_TYPE attribute,
+                                CK_ATTRIBUTE *ptemplate, CK_ULONG len)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < len; i++) {
+        if (attribute == ptemplate[i].type) {
+            return &ptemplate[i];
+        }
+    }
+    return NULL;
+}
+
+static const CK_ATTRIBUTE *
+sftkdb_getAttributeFromConstTemplate(CK_ATTRIBUTE_TYPE attribute,
+                                     const CK_ATTRIBUTE *ptemplate, CK_ULONG len)
+{
+    CK_ULONG i;
+
+    for (i = 0; i < len; i++) {
+        if (attribute == ptemplate[i].type) {
+            return &ptemplate[i];
+        }
+    }
+    return NULL;
+}
+
+/*
+ * fetch a template which identifies 'unique' entries based on object type
+ */
+static CK_RV
+sftkdb_getFindTemplate(CK_OBJECT_CLASS objectType, unsigned char *objTypeData,
+                       CK_ATTRIBUTE *findTemplate, CK_ULONG *findCount,
+                       CK_ATTRIBUTE *ptemplate, int len)
+{
+    CK_ATTRIBUTE *attr;
+    CK_ULONG count = 1;
+
+    sftk_ULong2SDBULong(objTypeData, objectType);
+    findTemplate[0].type = CKA_CLASS;
+    findTemplate[0].pValue = objTypeData;
+    findTemplate[0].ulValueLen = SDB_ULONG_SIZE;
+
+    switch (objectType) {
+        case CKO_CERTIFICATE:
+        case CKO_NSS_TRUST:
+            attr = sftkdb_getAttributeFromTemplate(CKA_ISSUER, ptemplate, len);
+            if (attr == NULL) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            findTemplate[1] = *attr;
+            attr = sftkdb_getAttributeFromTemplate(CKA_SERIAL_NUMBER,
+                                                   ptemplate, len);
+            if (attr == NULL) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            findTemplate[2] = *attr;
+            count = 3;
+            break;
+
+        case CKO_PRIVATE_KEY:
+        case CKO_PUBLIC_KEY:
+        case CKO_SECRET_KEY:
+            attr = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, len);
+            if (attr == NULL) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            if (attr->ulValueLen == 0) {
+                /* key is too generic to determine that it's unique, usually
+                 * happens in the key gen case */
+                return CKR_OBJECT_HANDLE_INVALID;
+            }
+
+            findTemplate[1] = *attr;
+            count = 2;
+            break;
+
+        case CKO_NSS_CRL:
+            attr = sftkdb_getAttributeFromTemplate(CKA_SUBJECT, ptemplate, len);
+            if (attr == NULL) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            findTemplate[1] = *attr;
+            count = 2;
+            break;
+
+        case CKO_NSS_SMIME:
+            attr = sftkdb_getAttributeFromTemplate(CKA_SUBJECT, ptemplate, len);
+            if (attr == NULL) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            findTemplate[1] = *attr;
+            attr = sftkdb_getAttributeFromTemplate(CKA_NSS_EMAIL, ptemplate, len);
+            if (attr == NULL) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            findTemplate[2] = *attr;
+            count = 3;
+            break;
+        default:
+            attr = sftkdb_getAttributeFromTemplate(CKA_VALUE, ptemplate, len);
+            if (attr == NULL) {
+                return CKR_TEMPLATE_INCOMPLETE;
+            }
+            findTemplate[1] = *attr;
+            count = 2;
+            break;
+    }
+    *findCount = count;
+
+    return CKR_OK;
+}
+
+/*
+ * look to see if this object already exists and return its object ID if
+ * it does.
+ */
+static CK_RV
+sftkdb_lookupObject(SDB *db, CK_OBJECT_CLASS objectType,
+                    CK_OBJECT_HANDLE *id, CK_ATTRIBUTE *ptemplate, CK_ULONG len)
+{
+    CK_ATTRIBUTE findTemplate[3];
+    CK_ULONG count = 1;
+    CK_ULONG objCount = 0;
+    SDBFind *find = NULL;
+    unsigned char objTypeData[SDB_ULONG_SIZE];
+    CK_RV crv;
+
+    *id = CK_INVALID_HANDLE;
+    if (objectType == CKO_NSS_CRL) {
+        return CKR_OK;
+    }
+    crv = sftkdb_getFindTemplate(objectType, objTypeData,
+                                 findTemplate, &count, ptemplate, len);
+
+    if (crv == CKR_OBJECT_HANDLE_INVALID) {
+        /* key is too generic to determine that it's unique, usually
+         * happens in the key gen case, tell the caller to go ahead
+         * and just create it */
+        return CKR_OK;
+    }
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    /* use the raw find, so we get the correct database */
+    crv = (*db->sdb_FindObjectsInit)(db, findTemplate, count, &find);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+    (*db->sdb_FindObjects)(db, find, id, 1, &objCount);
+    (*db->sdb_FindObjectsFinal)(db, find);
+
+    if (objCount == 0) {
+        *id = CK_INVALID_HANDLE;
+    }
+    return CKR_OK;
+}
+
+/*
+ * check to see if this template conflicts with others in our current database.
+ */
+static CK_RV
+sftkdb_checkConflicts(SDB *db, CK_OBJECT_CLASS objectType,
+                      const CK_ATTRIBUTE *ptemplate, CK_ULONG len,
+                      CK_OBJECT_HANDLE sourceID)
+{
+    CK_ATTRIBUTE findTemplate[2];
+    unsigned char objTypeData[SDB_ULONG_SIZE];
+    /* we may need to allocate some temporaries. Keep track of what was
+     * allocated so we can free it in the end */
+    unsigned char *temp1 = NULL;
+    unsigned char *temp2 = NULL;
+    CK_ULONG objCount = 0;
+    SDBFind *find = NULL;
+    CK_OBJECT_HANDLE id;
+    const CK_ATTRIBUTE *attr, *attr2;
+    CK_RV crv;
+    CK_ATTRIBUTE subject;
+
+    /* Currently the only conflict is with nicknames pointing to the same
+     * subject when creating or modifying a certificate. */
+    /* If the object is not a cert, no problem. */
+    if (objectType != CKO_CERTIFICATE) {
+        return CKR_OK;
+    }
+    /* if not setting a nickname then there's still no problem */
+    attr = sftkdb_getAttributeFromConstTemplate(CKA_LABEL, ptemplate, len);
+    if ((attr == NULL) || (attr->ulValueLen == 0)) {
+        return CKR_OK;
+    }
+    /* fetch the subject of the source. For creation and merge, this should
+     * be found in the template */
+    attr2 = sftkdb_getAttributeFromConstTemplate(CKA_SUBJECT, ptemplate, len);
+    if (sourceID == CK_INVALID_HANDLE) {
+        if ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen < 0)) {
+            crv = CKR_TEMPLATE_INCOMPLETE;
+            goto done;
+        }
+    } else if ((attr2 == NULL) || ((CK_LONG)attr2->ulValueLen <= 0)) {
+        /* sourceID is set if we are trying to modify an existing entry instead
+         * of creating a new one. In this case the subject may not be (probably
+         * isn't) in the template, we have to read it from the database */
+        subject.type = CKA_SUBJECT;
+        subject.pValue = NULL;
+        subject.ulValueLen = 0;
+        crv = (*db->sdb_GetAttributeValue)(db, sourceID, &subject, 1);
+        if (crv != CKR_OK) {
+            goto done;
+        }
+        if ((CK_LONG)subject.ulValueLen < 0) {
+            crv = CKR_DEVICE_ERROR; /* closest pkcs11 error to corrupted DB */
+            goto done;
+        }
+        temp1 = subject.pValue = PORT_Alloc(++subject.ulValueLen);
+        if (temp1 == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto done;
+        }
+        crv = (*db->sdb_GetAttributeValue)(db, sourceID, &subject, 1);
+        if (crv != CKR_OK) {
+            goto done;
+        }
+        attr2 = &subject;
+    }
+
+    /* check for another cert in the database with the same nickname */
+    sftk_ULong2SDBULong(objTypeData, objectType);
+    findTemplate[0].type = CKA_CLASS;
+    findTemplate[0].pValue = objTypeData;
+    findTemplate[0].ulValueLen = SDB_ULONG_SIZE;
+    findTemplate[1] = *attr;
+
+    crv = (*db->sdb_FindObjectsInit)(db, findTemplate, 2, &find);
+    if (crv != CKR_OK) {
+        goto done;
+    }
+    (*db->sdb_FindObjects)(db, find, &id, 1, &objCount);
+    (*db->sdb_FindObjectsFinal)(db, find);
+
+    /* object count == 0 means no conflicting certs found,
+     * go on with the operation */
+    if (objCount == 0) {
+        crv = CKR_OK;
+        goto done;
+    }
+
+    /* There is a least one cert that shares the nickname, make sure it also
+     * matches the subject. */
+    findTemplate[0] = *attr2;
+    /* we know how big the source subject was. Use that length to create the
+     * space for the target. If it's not enough space, then it means the
+     * source subject is too big, and therefore not a match. GetAttributeValue
+     * will return CKR_BUFFER_TOO_SMALL. Otherwise it should be exactly enough
+     * space (or enough space to be able to compare the result. */
+    temp2 = findTemplate[0].pValue = PORT_Alloc(++findTemplate[0].ulValueLen);
+    if (temp2 == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto done;
+    }
+    crv = (*db->sdb_GetAttributeValue)(db, id, findTemplate, 1);
+    if (crv != CKR_OK) {
+        if (crv == CKR_BUFFER_TOO_SMALL) {
+            /* if our buffer is too small, then the Subjects clearly do
+             * not match */
+            crv = CKR_ATTRIBUTE_VALUE_INVALID;
+            goto loser;
+        }
+        /* otherwise we couldn't get the value, just fail */
+        goto done;
+    }
+
+    /* Ok, we have both subjects, make sure they are the same.
+     * Compare the subjects */
+    if ((findTemplate[0].ulValueLen != attr2->ulValueLen) ||
+        (attr2->ulValueLen > 0 &&
+         PORT_Memcmp(findTemplate[0].pValue, attr2->pValue, attr2->ulValueLen) != 0)) {
+        crv = CKR_ATTRIBUTE_VALUE_INVALID;
+        goto loser;
+    }
+    crv = CKR_OK;
+
+done:
+    /* If we've failed for some other reason than a conflict, make sure we
+     * return an error code other than CKR_ATTRIBUTE_VALUE_INVALID.
+     * (NOTE: neither sdb_FindObjectsInit nor sdb_GetAttributeValue should
+     * return CKR_ATTRIBUTE_VALUE_INVALID, so the following is paranoia).
+     */
+    if (crv == CKR_ATTRIBUTE_VALUE_INVALID) {
+        crv = CKR_GENERAL_ERROR; /* clearly a programming error */
+    }
+
+/* exit point if we found a conflict */
+loser:
+    PORT_Free(temp1);
+    PORT_Free(temp2);
+    return crv;
+}
+
+/*
+ * try to update the template to fix any errors. This is only done
+ * during update.
+ *
+ * NOTE: we must update the template or return an error, or the update caller
+ * will loop forever!
+ *
+ * Two copies of the source code for this algorithm exist in NSS.
+ * Changes must be made in both copies.
+ * The other copy is in pk11_IncrementNickname() in pk11wrap/pk11merge.c.
+ *
+ */
+static CK_RV
+sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType,
+                        CK_ATTRIBUTE *ptemplate, CK_ULONG *plen)
+{
+    CK_ATTRIBUTE *attr;
+    char *nickname, *newNickname;
+    unsigned int end, digit;
+
+    /* sanity checks. We should never get here with these errors */
+    if (objectType != CKO_CERTIFICATE) {
+        return CKR_GENERAL_ERROR; /* shouldn't happen */
+    }
+    attr = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen);
+    if ((attr == NULL) || (attr->ulValueLen == 0)) {
+        return CKR_GENERAL_ERROR; /* shouldn't happen */
+    }
+
+    /* update the nickname */
+    /* is there a number at the end of the nickname already?
+     * if so just increment that number  */
+    nickname = (char *)attr->pValue;
+
+    /* does nickname end with " #n*" ? */
+    for (end = attr->ulValueLen - 1;
+         end >= 2 && (digit = nickname[end]) <= '9' && digit >= '0';
+         end--) /* just scan */
+        ;
+    if (attr->ulValueLen >= 3 &&
+        end < (attr->ulValueLen - 1) /* at least one digit */ &&
+        nickname[end] == '#' &&
+        nickname[end - 1] == ' ') {
+        /* Already has a suitable suffix string */
+    } else {
+        /* ... append " #2" to the name */
+        static const char num2[] = " #2";
+        newNickname = PORT_ArenaAlloc(arena, attr->ulValueLen + sizeof(num2));
+        if (!newNickname) {
+            return CKR_HOST_MEMORY;
+        }
+        PORT_Memcpy(newNickname, nickname, attr->ulValueLen);
+        PORT_Memcpy(&newNickname[attr->ulValueLen], num2, sizeof(num2));
+        attr->pValue = newNickname; /* modifies ptemplate */
+        attr->ulValueLen += 3;      /* 3 is strlen(num2)  */
+        return CKR_OK;
+    }
+
+    for (end = attr->ulValueLen; end-- > 0;) {
+        digit = nickname[end];
+        if (digit > '9' || digit < '0') {
+            break;
+        }
+        if (digit < '9') {
+            nickname[end]++;
+            return CKR_OK;
+        }
+        nickname[end] = '0';
+    }
+
+    /* we overflowed, insert a new '1' for a carry in front of the number */
+    newNickname = PORT_ArenaAlloc(arena, attr->ulValueLen + 1);
+    if (!newNickname) {
+        return CKR_HOST_MEMORY;
+    }
+    /* PORT_Memcpy should handle len of '0' */
+    PORT_Memcpy(newNickname, nickname, ++end);
+    newNickname[end] = '1';
+    PORT_Memset(&newNickname[end + 1], '0', attr->ulValueLen - end);
+    attr->pValue = newNickname;
+    attr->ulValueLen++;
+    return CKR_OK;
+}
+
+/*
+ * set an attribute and sign it if necessary
+ */
+static CK_RV
+sftkdb_setAttributeValue(PLArenaPool *arena, SFTKDBHandle *handle,
+                         SDB *db, CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template,
+                         CK_ULONG count)
+{
+    CK_RV crv;
+    crv = (*db->sdb_SetAttributeValue)(db, objectID, template, count);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+    crv = sftk_signTemplate(arena, handle, db == handle->update,
+                            objectID, template, count);
+    return crv;
+}
+
+/*
+ * write a softoken object out to the database.
+ */
+CK_RV
+sftkdb_write(SFTKDBHandle *handle, SFTKObject *object,
+             CK_OBJECT_HANDLE *objectID)
+{
+    CK_ATTRIBUTE *template;
+    PLArenaPool *arena;
+    CK_ULONG count;
+    CK_RV crv;
+    SDB *db;
+    PRBool inTransaction = PR_FALSE;
+    CK_OBJECT_HANDLE id;
+
+    *objectID = CK_INVALID_HANDLE;
+
+    if (handle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+    db = SFTK_GET_SDB(handle);
+
+    /*
+     * we have opened a new database, but we have not yet updated it. We are
+     * still running pointing to the old database (so the application can
+     * still read). We don't want to write to the old database at this point,
+     * however, since it leads to user confusion. So at this point we simply
+     * require a user login. Let NSS know this so it can prompt the user.
+     */
+    if (db == handle->update) {
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+
+    arena = PORT_NewArena(256);
+    if (arena == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    template = sftk_ExtractTemplate(arena, object, handle, &count, &crv);
+    if (!template) {
+        goto loser;
+    }
+
+    crv = (*db->sdb_Begin)(db);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    inTransaction = PR_TRUE;
+
+    /*
+     * We want to make the base database as free from object specific knowledge
+     * as possible. To maintain compatibility, keep some of the desirable
+     * object specific semantics of the old database.
+     *
+     * These were 2 fold:
+     *  1) there were certain conflicts (like trying to set the same nickname
+     * on two different subjects) that would return an error.
+     *  2) Importing the 'same' object would silently update that object.
+     *
+     * The following 2 functions mimic the desirable effects of these two
+     * semantics without pushing any object knowledge to the underlying database
+     * code.
+     */
+
+    /* make sure we don't have attributes that conflict with the existing DB */
+    crv = sftkdb_checkConflicts(db, object->objclass, template, count,
+                                CK_INVALID_HANDLE);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    /* Find any copies that match this particular object */
+    crv = sftkdb_lookupObject(db, object->objclass, &id, template, count);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    if (id == CK_INVALID_HANDLE) {
+        crv = sftkdb_CreateObject(arena, handle, db, objectID, template, count);
+    } else {
+        /* object already exists, modify it's attributes */
+        *objectID = id;
+        crv = sftkdb_setAttributeValue(arena, handle, db, id, template, count);
+    }
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    crv = (*db->sdb_Commit)(db);
+    inTransaction = PR_FALSE;
+
+loser:
+    if (inTransaction) {
+        (*db->sdb_Abort)(db);
+        /* It is trivial to show the following code cannot
+         * happen unless something is horribly wrong with our compilier or
+         * hardware */
+        PORT_Assert(crv != CKR_OK);
+        if (crv == CKR_OK)
+            crv = CKR_GENERAL_ERROR;
+    }
+
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    if (crv == CKR_OK) {
+        *objectID |= (handle->type | SFTK_TOKEN_TYPE);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_FindObjectsInit(SFTKDBHandle *handle, const CK_ATTRIBUTE *template,
+                       CK_ULONG count, SDBFind **find)
+{
+    unsigned char *data = NULL;
+    CK_ATTRIBUTE *ntemplate = NULL;
+    CK_RV crv;
+    SDB *db;
+
+    if (handle == NULL) {
+        return CKR_OK;
+    }
+    db = SFTK_GET_SDB(handle);
+
+    if (count != 0) {
+        ntemplate = sftkdb_fixupTemplateIn(template, count, &data);
+        if (ntemplate == NULL) {
+            return CKR_HOST_MEMORY;
+        }
+    }
+
+    crv = (*db->sdb_FindObjectsInit)(db, ntemplate,
+                                     count, find);
+    if (data) {
+        PORT_Free(ntemplate);
+        PORT_Free(data);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_FindObjects(SFTKDBHandle *handle, SDBFind *find,
+                   CK_OBJECT_HANDLE *ids, int arraySize, CK_ULONG *count)
+{
+    CK_RV crv;
+    SDB *db;
+
+    if (handle == NULL) {
+        *count = 0;
+        return CKR_OK;
+    }
+    db = SFTK_GET_SDB(handle);
+
+    crv = (*db->sdb_FindObjects)(db, find, ids,
+                                 arraySize, count);
+    if (crv == CKR_OK) {
+        unsigned int i;
+        for (i = 0; i < *count; i++) {
+            ids[i] |= (handle->type | SFTK_TOKEN_TYPE);
+        }
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_FindObjectsFinal(SFTKDBHandle *handle, SDBFind *find)
+{
+    SDB *db;
+    if (handle == NULL) {
+        return CKR_OK;
+    }
+    db = SFTK_GET_SDB(handle);
+    return (*db->sdb_FindObjectsFinal)(db, find);
+}
+
+CK_RV
+sftkdb_GetAttributeValue(SFTKDBHandle *handle, CK_OBJECT_HANDLE objectID,
+                         CK_ATTRIBUTE *template, CK_ULONG count)
+{
+    CK_RV crv, crv2;
+    CK_ATTRIBUTE *ntemplate;
+    unsigned char *data = NULL;
+    SDB *db;
+
+    if (handle == NULL) {
+        return CKR_GENERAL_ERROR;
+    }
+
+    /* short circuit common attributes */
+    if (count == 1 &&
+        (template[0].type == CKA_TOKEN ||
+         template[0].type == CKA_PRIVATE ||
+         template[0].type == CKA_SENSITIVE)) {
+        CK_BBOOL boolVal = CK_TRUE;
+
+        if (template[0].pValue == NULL) {
+            template[0].ulValueLen = sizeof(CK_BBOOL);
+            return CKR_OK;
+        }
+        if (template[0].ulValueLen < sizeof(CK_BBOOL)) {
+            template[0].ulValueLen = -1;
+            return CKR_BUFFER_TOO_SMALL;
+        }
+
+        if ((template[0].type == CKA_PRIVATE) &&
+            (handle->type != SFTK_KEYDB_TYPE)) {
+            boolVal = CK_FALSE;
+        }
+        if ((template[0].type == CKA_SENSITIVE) &&
+            (handle->type != SFTK_KEYDB_TYPE)) {
+            boolVal = CK_FALSE;
+        }
+        *(CK_BBOOL *)template[0].pValue = boolVal;
+        template[0].ulValueLen = sizeof(CK_BBOOL);
+        return CKR_OK;
+    }
+
+    db = SFTK_GET_SDB(handle);
+    /* nothing to do */
+    if (count == 0) {
+        return CKR_OK;
+    }
+    ntemplate = sftkdb_fixupTemplateIn(template, count, &data);
+    if (ntemplate == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+    objectID &= SFTK_OBJ_ID_MASK;
+    crv = (*db->sdb_GetAttributeValue)(db, objectID,
+                                       ntemplate, count);
+    crv2 = sftkdb_fixupTemplateOut(template, objectID, ntemplate,
+                                   count, handle);
+    if (crv == CKR_OK)
+        crv = crv2;
+    if (data) {
+        PORT_Free(ntemplate);
+        PORT_Free(data);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_SetAttributeValue(SFTKDBHandle *handle, SFTKObject *object,
+                         const CK_ATTRIBUTE *template, CK_ULONG count)
+{
+    CK_ATTRIBUTE *ntemplate;
+    unsigned char *data = NULL;
+    PLArenaPool *arena = NULL;
+    SDB *db;
+    CK_RV crv = CKR_OK;
+    CK_OBJECT_HANDLE objectID = (object->handle & SFTK_OBJ_ID_MASK);
+    PRBool inTransaction = PR_FALSE;
+
+    if (handle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+
+    db = SFTK_GET_SDB(handle);
+    /* nothing to do */
+    if (count == 0) {
+        return CKR_OK;
+    }
+    /*
+     * we have opened a new database, but we have not yet updated it. We are
+     * still running  pointing to the old database (so the application can
+     * still read). We don't want to write to the old database at this point,
+     * however, since it leads to user confusion. So at this point we simply
+     * require a user login. Let NSS know this so it can prompt the user.
+     */
+    if (db == handle->update) {
+        return CKR_USER_NOT_LOGGED_IN;
+    }
+
+    ntemplate = sftkdb_fixupTemplateIn(template, count, &data);
+    if (ntemplate == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /* make sure we don't have attributes that conflict with the existing DB */
+    crv = sftkdb_checkConflicts(db, object->objclass, template, count, objectID);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    arena = PORT_NewArena(256);
+    if (arena == NULL) {
+        crv = CKR_HOST_MEMORY;
+        goto loser;
+    }
+
+    crv = (*db->sdb_Begin)(db);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    inTransaction = PR_TRUE;
+    crv = sftkdb_setAttributeValue(arena, handle, db,
+                                   objectID, template, count);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    crv = (*db->sdb_Commit)(db);
+loser:
+    if (crv != CKR_OK && inTransaction) {
+        (*db->sdb_Abort)(db);
+    }
+    if (data) {
+        PORT_Free(ntemplate);
+        PORT_Free(data);
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_DestroyObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE objectID)
+{
+    CK_RV crv = CKR_OK;
+    SDB *db;
+
+    if (handle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+    db = SFTK_GET_SDB(handle);
+    objectID &= SFTK_OBJ_ID_MASK;
+    crv = (*db->sdb_Begin)(db);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    crv = (*db->sdb_DestroyObject)(db, objectID);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    crv = (*db->sdb_Commit)(db);
+loser:
+    if (crv != CKR_OK) {
+        (*db->sdb_Abort)(db);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_CloseDB(SFTKDBHandle *handle)
+{
+#ifdef NO_FORK_CHECK
+    PRBool parentForkedAfterC_Initialize = PR_FALSE;
+#endif
+    if (handle == NULL) {
+        return CKR_OK;
+    }
+    if (handle->update) {
+        if (handle->db->sdb_SetForkState) {
+            (*handle->db->sdb_SetForkState)(parentForkedAfterC_Initialize);
+        }
+        (*handle->update->sdb_Close)(handle->update);
+    }
+    if (handle->db) {
+        if (handle->db->sdb_SetForkState) {
+            (*handle->db->sdb_SetForkState)(parentForkedAfterC_Initialize);
+        }
+        (*handle->db->sdb_Close)(handle->db);
+    }
+    if (handle->passwordKey.data) {
+        PORT_ZFree(handle->passwordKey.data, handle->passwordKey.len);
+    }
+    if (handle->passwordLock) {
+        SKIP_AFTER_FORK(PZ_DestroyLock(handle->passwordLock));
+    }
+    if (handle->updatePasswordKey) {
+        SECITEM_FreeItem(handle->updatePasswordKey, PR_TRUE);
+    }
+    if (handle->updateID) {
+        PORT_Free(handle->updateID);
+    }
+    PORT_Free(handle);
+    return CKR_OK;
+}
+
+/*
+ * reset a database to it's uninitialized state.
+ */
+static CK_RV
+sftkdb_ResetDB(SFTKDBHandle *handle)
+{
+    CK_RV crv = CKR_OK;
+    SDB *db;
+    if (handle == NULL) {
+        return CKR_TOKEN_WRITE_PROTECTED;
+    }
+    db = SFTK_GET_SDB(handle);
+    crv = (*db->sdb_Begin)(db);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    crv = (*db->sdb_Reset)(db);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    crv = (*db->sdb_Commit)(db);
+loser:
+    if (crv != CKR_OK) {
+        (*db->sdb_Abort)(db);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_Begin(SFTKDBHandle *handle)
+{
+    CK_RV crv = CKR_OK;
+    SDB *db;
+
+    if (handle == NULL) {
+        return CKR_OK;
+    }
+    db = SFTK_GET_SDB(handle);
+    if (db) {
+        crv = (*db->sdb_Begin)(db);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_Commit(SFTKDBHandle *handle)
+{
+    CK_RV crv = CKR_OK;
+    SDB *db;
+
+    if (handle == NULL) {
+        return CKR_OK;
+    }
+    db = SFTK_GET_SDB(handle);
+    if (db) {
+        (*db->sdb_Commit)(db);
+    }
+    return crv;
+}
+
+CK_RV
+sftkdb_Abort(SFTKDBHandle *handle)
+{
+    CK_RV crv = CKR_OK;
+    SDB *db;
+
+    if (handle == NULL) {
+        return CKR_OK;
+    }
+    db = SFTK_GET_SDB(handle);
+    if (db) {
+        crv = (db->sdb_Abort)(db);
+    }
+    return crv;
+}
+
+/*
+ * functions to update the database from an old database
+ */
+
+/*
+ * known attributes
+ */
+static const CK_ATTRIBUTE_TYPE known_attributes[] = {
+    CKA_CLASS, CKA_TOKEN, CKA_PRIVATE, CKA_LABEL, CKA_APPLICATION,
+    CKA_VALUE, CKA_OBJECT_ID, CKA_CERTIFICATE_TYPE, CKA_ISSUER,
+    CKA_SERIAL_NUMBER, CKA_AC_ISSUER, CKA_OWNER, CKA_ATTR_TYPES, CKA_TRUSTED,
+    CKA_CERTIFICATE_CATEGORY, CKA_JAVA_MIDP_SECURITY_DOMAIN, CKA_URL,
+    CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CKA_HASH_OF_ISSUER_PUBLIC_KEY,
+    CKA_CHECK_VALUE, CKA_KEY_TYPE, CKA_SUBJECT, CKA_ID, CKA_SENSITIVE,
+    CKA_ENCRYPT, CKA_DECRYPT, CKA_WRAP, CKA_UNWRAP, CKA_SIGN, CKA_SIGN_RECOVER,
+    CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_DERIVE, CKA_START_DATE, CKA_END_DATE,
+    CKA_MODULUS, CKA_MODULUS_BITS, CKA_PUBLIC_EXPONENT, CKA_PRIVATE_EXPONENT,
+    CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT,
+    CKA_PRIME, CKA_SUBPRIME, CKA_BASE, CKA_PRIME_BITS,
+    CKA_SUB_PRIME_BITS, CKA_VALUE_BITS, CKA_VALUE_LEN, CKA_EXTRACTABLE,
+    CKA_LOCAL, CKA_NEVER_EXTRACTABLE, CKA_ALWAYS_SENSITIVE,
+    CKA_KEY_GEN_MECHANISM, CKA_MODIFIABLE, CKA_EC_PARAMS,
+    CKA_EC_POINT, CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
+    CKA_ALWAYS_AUTHENTICATE, CKA_WRAP_WITH_TRUSTED, CKA_WRAP_TEMPLATE,
+    CKA_UNWRAP_TEMPLATE, CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT,
+    CKA_HAS_RESET, CKA_PIXEL_X, CKA_PIXEL_Y, CKA_RESOLUTION, CKA_CHAR_ROWS,
+    CKA_CHAR_COLUMNS, CKA_COLOR, CKA_BITS_PER_PIXEL, CKA_CHAR_SETS,
+    CKA_ENCODING_METHODS, CKA_MIME_TYPES, CKA_MECHANISM_TYPE,
+    CKA_REQUIRED_CMS_ATTRIBUTES, CKA_DEFAULT_CMS_ATTRIBUTES,
+    CKA_SUPPORTED_CMS_ATTRIBUTES, CKA_NSS_URL, CKA_NSS_EMAIL,
+    CKA_NSS_SMIME_INFO, CKA_NSS_SMIME_TIMESTAMP,
+    CKA_NSS_PKCS8_SALT, CKA_NSS_PASSWORD_CHECK, CKA_NSS_EXPIRES,
+    CKA_NSS_KRL, CKA_NSS_PQG_COUNTER, CKA_NSS_PQG_SEED,
+    CKA_NSS_PQG_H, CKA_NSS_PQG_SEED_BITS, CKA_NSS_MODULE_SPEC,
+    CKA_TRUST_DIGITAL_SIGNATURE, CKA_TRUST_NON_REPUDIATION,
+    CKA_TRUST_KEY_ENCIPHERMENT, CKA_TRUST_DATA_ENCIPHERMENT,
+    CKA_TRUST_KEY_AGREEMENT, CKA_TRUST_KEY_CERT_SIGN, CKA_TRUST_CRL_SIGN,
+    CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH, CKA_TRUST_CODE_SIGNING,
+    CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_IPSEC_END_SYSTEM,
+    CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER, CKA_TRUST_TIME_STAMPING,
+    CKA_TRUST_STEP_UP_APPROVED, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
+    CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS
+};
+
+static unsigned int known_attributes_size = sizeof(known_attributes) /
+                                            sizeof(known_attributes[0]);
+
+static CK_RV
+sftkdb_GetObjectTemplate(SDB *source, CK_OBJECT_HANDLE id,
+                         CK_ATTRIBUTE *ptemplate, CK_ULONG *max)
+{
+    unsigned int i, j;
+    CK_RV crv;
+
+    if (*max < known_attributes_size) {
+        *max = known_attributes_size;
+        return CKR_BUFFER_TOO_SMALL;
+    }
+    for (i = 0; i < known_attributes_size; i++) {
+        ptemplate[i].type = known_attributes[i];
+        ptemplate[i].pValue = NULL;
+        ptemplate[i].ulValueLen = 0;
+    }
+
+    crv = (*source->sdb_GetAttributeValue)(source, id,
+                                           ptemplate, known_attributes_size);
+
+    if ((crv != CKR_OK) && (crv != CKR_ATTRIBUTE_TYPE_INVALID)) {
+        return crv;
+    }
+
+    for (i = 0, j = 0; i < known_attributes_size; i++, j++) {
+        while (i < known_attributes_size && (ptemplate[i].ulValueLen == -1)) {
+            i++;
+        }
+        if (i >= known_attributes_size) {
+            break;
+        }
+        /* cheap optimization */
+        if (i == j) {
+            continue;
+        }
+        ptemplate[j] = ptemplate[i];
+    }
+    *max = j;
+    return CKR_OK;
+}
+
+static const char SFTKDB_META_UPDATE_TEMPLATE[] = "upd_%s_%s";
+
+/*
+ * check to see if we have already updated this database.
+ * a NULL updateID means we are trying to do an in place
+ * single database update. In that case we have already
+ * determined that an update was necessary.
+ */
+static PRBool
+sftkdb_hasUpdate(const char *typeString, SDB *db, const char *updateID)
+{
+    char *id;
+    CK_RV crv;
+    SECItem dummy = { 0, NULL, 0 };
+    unsigned char dummyData[SDB_MAX_META_DATA_LEN];
+
+    if (!updateID) {
+        return PR_FALSE;
+    }
+    id = PR_smprintf(SFTKDB_META_UPDATE_TEMPLATE, typeString, updateID);
+    if (id == NULL) {
+        return PR_FALSE;
+    }
+    dummy.data = dummyData;
+    dummy.len = sizeof(dummyData);
+
+    crv = (*db->sdb_GetMetaData)(db, id, &dummy, NULL);
+    PR_smprintf_free(id);
+    return crv == CKR_OK ? PR_TRUE : PR_FALSE;
+}
+
+/*
+ * we just completed an update, store the update id
+ * so we don't need to do it again. If non was given,
+ * there is nothing to do.
+ */
+static CK_RV
+sftkdb_putUpdate(const char *typeString, SDB *db, const char *updateID)
+{
+    char *id;
+    CK_RV crv;
+    SECItem dummy = { 0, NULL, 0 };
+
+    /* if no id was given, nothing to do */
+    if (updateID == NULL) {
+        return CKR_OK;
+    }
+
+    dummy.data = (unsigned char *)updateID;
+    dummy.len = PORT_Strlen(updateID);
+
+    id = PR_smprintf(SFTKDB_META_UPDATE_TEMPLATE, typeString, updateID);
+    if (id == NULL) {
+        return PR_FALSE;
+    }
+
+    crv = (*db->sdb_PutMetaData)(db, id, &dummy, NULL);
+    PR_smprintf_free(id);
+    return crv;
+}
+
+/*
+ * get a ULong attribute from a template:
+ * NOTE: this is a raw templated stored in database order!
+ */
+static CK_ULONG
+sftkdb_getULongFromTemplate(CK_ATTRIBUTE_TYPE type,
+                            CK_ATTRIBUTE *ptemplate, CK_ULONG len)
+{
+    CK_ATTRIBUTE *attr = sftkdb_getAttributeFromTemplate(type,
+                                                         ptemplate, len);
+
+    if (attr && attr->pValue && attr->ulValueLen == SDB_ULONG_SIZE) {
+        return sftk_SDBULong2ULong(attr->pValue);
+    }
+    return (CK_ULONG)-1;
+}
+
+/*
+ * we need to find a unique CKA_ID.
+ *  The basic idea is to just increment the lowest byte.
+ *  This code also handles the following corner cases:
+ *   1) the single byte overflows. On overflow we increment the next byte up
+ *    and so forth until we have overflowed the entire CKA_ID.
+ *   2) If we overflow the entire CKA_ID we expand it by one byte.
+ *   3) the CKA_ID is non-existant, we create a new one with one byte.
+ *    This means no matter what CKA_ID is passed, the result of this function
+ *    is always a new CKA_ID, and this function will never return the same
+ *    CKA_ID the it has returned in the passed.
+ */
+static CK_RV
+sftkdb_incrementCKAID(PLArenaPool *arena, CK_ATTRIBUTE *ptemplate)
+{
+    unsigned char *buf = ptemplate->pValue;
+    CK_ULONG len = ptemplate->ulValueLen;
+
+    if (buf == NULL || len == (CK_ULONG)-1) {
+        /* we have no valid CKAID, we'll create a basic one byte CKA_ID below */
+        len = 0;
+    } else {
+        CK_ULONG i;
+
+        /* walk from the back to front, incrementing
+         * the CKA_ID until we no longer have a carry,
+         * or have hit the front of the id. */
+        for (i = len; i != 0; i--) {
+            buf[i - 1]++;
+            if (buf[i - 1] != 0) {
+                /* no more carries, the increment is complete */
+                return CKR_OK;
+            }
+        }
+        /* we've now overflowed, fall through and expand the CKA_ID by
+         * one byte */
+    }
+    buf = PORT_ArenaAlloc(arena, len + 1);
+    if (!buf) {
+        return CKR_HOST_MEMORY;
+    }
+    if (len > 0) {
+        PORT_Memcpy(buf, ptemplate->pValue, len);
+    }
+    buf[len] = 0;
+    ptemplate->pValue = buf;
+    ptemplate->ulValueLen = len + 1;
+    return CKR_OK;
+}
+
+/*
+ * drop an attribute from a template.
+ */
+void
+sftkdb_dropAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE *ptemplate,
+                     CK_ULONG *plen)
+{
+    CK_ULONG count = *plen;
+    CK_ULONG i;
+
+    for (i = 0; i < count; i++) {
+        if (attr->type == ptemplate[i].type) {
+            break;
+        }
+    }
+
+    if (i == count) {
+        /* attribute not found */
+        return;
+    }
+
+    /* copy the remaining attributes up */
+    for (i++; i < count; i++) {
+        ptemplate[i - 1] = ptemplate[i];
+    }
+
+    /* decrement the template size */
+    *plen = count - 1;
+}
+
+/*
+ * create some defines for the following functions to document the meaning
+ * of true/false. (make's it easier to remember what means what.
+ */
+typedef enum {
+    SFTKDB_DO_NOTHING = 0,
+    SFTKDB_ADD_OBJECT,
+    SFTKDB_MODIFY_OBJECT,
+    SFTKDB_DROP_ATTRIBUTE
+} sftkdbUpdateStatus;
+
+/*
+ * helper function to reconcile a single trust entry.
+ *   Identify which trust entry we want to keep.
+ *   If we don't need to do anything (the records are already equal).
+ *       return SFTKDB_DO_NOTHING.
+ *   If we want to use the source version,
+ *       return SFTKDB_MODIFY_OBJECT
+ *   If we want to use the target version,
+ *       return SFTKDB_DROP_ATTRIBUTE
+ *
+ *   In the end the caller will remove any attributes in the source
+ *   template when SFTKDB_DROP_ATTRIBUTE is specified, then use do a
+ *   set attributes with that template on the target if we received
+ *   any SFTKDB_MODIFY_OBJECT returns.
+ */
+sftkdbUpdateStatus
+sftkdb_reconcileTrustEntry(PLArenaPool *arena, CK_ATTRIBUTE *target,
+                           CK_ATTRIBUTE *source)
+{
+    CK_ULONG targetTrust = sftkdb_getULongFromTemplate(target->type,
+                                                       target, 1);
+    CK_ULONG sourceTrust = sftkdb_getULongFromTemplate(target->type,
+                                                       source, 1);
+
+    /*
+     * try to pick the best solution between the source and the
+     * target. Update the source template if we want the target value
+     * to win out. Prefer cases where we don't actually update the
+     * trust entry.
+     */
+
+    /* they are the same, everything is already kosher */
+    if (targetTrust == sourceTrust) {
+        return SFTKDB_DO_NOTHING;
+    }
+
+    /* handle the case where the source Trust attribute may be a bit
+     * flakey */
+    if (sourceTrust == (CK_ULONG)-1) {
+        /*
+         * The source Trust is invalid. We know that the target Trust
+         * must be valid here, otherwise the above
+         * targetTrust == sourceTrust check would have succeeded.
+         */
+        return SFTKDB_DROP_ATTRIBUTE;
+    }
+
+    /* target is invalid, use the source's idea of the trust value */
+    if (targetTrust == (CK_ULONG)-1) {
+        /* overwriting the target in this case is OK */
+        return SFTKDB_MODIFY_OBJECT;
+    }
+
+    /* at this point we know that both attributes exist and have the
+     * appropriate length (SDB_ULONG_SIZE). We no longer need to check
+     * ulValueLen for either attribute.
+     */
+    if (sourceTrust == CKT_NSS_TRUST_UNKNOWN) {
+        return SFTKDB_DROP_ATTRIBUTE;
+    }
+
+    /* target has no idea, use the source's idea of the trust value */
+    if (targetTrust == CKT_NSS_TRUST_UNKNOWN) {
+        /* overwriting the target in this case is OK */
+        return SFTKDB_MODIFY_OBJECT;
+    }
+
+    /* so both the target and the source have some idea of what this
+     * trust attribute should be, and neither agree exactly.
+     * At this point, we prefer 'hard' attributes over 'soft' ones.
+     * 'hard' ones are CKT_NSS_TRUSTED, CKT_NSS_TRUSTED_DELEGATOR, and
+     * CKT_NSS_NOT_TRUTED. Soft ones are ones which don't change the
+     * actual trust of the cert (CKT_MUST_VERIFY_TRUST,
+     * CKT_NSS_VALID_DELEGATOR).
+     */
+    if ((sourceTrust == CKT_NSS_MUST_VERIFY_TRUST) || (sourceTrust == CKT_NSS_VALID_DELEGATOR)) {
+        return SFTKDB_DROP_ATTRIBUTE;
+    }
+    if ((targetTrust == CKT_NSS_MUST_VERIFY_TRUST) || (targetTrust == CKT_NSS_VALID_DELEGATOR)) {
+        /* again, overwriting the target in this case is OK */
+        return SFTKDB_MODIFY_OBJECT;
+    }
+
+    /* both have hard attributes, we have a conflict, let the target win. */
+    return SFTKDB_DROP_ATTRIBUTE;
+}
+
+const CK_ATTRIBUTE_TYPE sftkdb_trustList[] =
+    { CKA_TRUST_SERVER_AUTH, CKA_TRUST_CLIENT_AUTH,
+      CKA_TRUST_CODE_SIGNING, CKA_TRUST_EMAIL_PROTECTION,
+      CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER,
+      CKA_TRUST_TIME_STAMPING };
+
+#define SFTK_TRUST_TEMPLATE_COUNT \
+    (sizeof(sftkdb_trustList) / sizeof(sftkdb_trustList[0]))
+/*
+ * Run through the list of known trust types, and reconcile each trust
+ * entry one by one. Keep track of we really need to write out the source
+ * trust object (overwriting the existing one).
+ */
+static sftkdbUpdateStatus
+sftkdb_reconcileTrust(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
+                      CK_ATTRIBUTE *ptemplate, CK_ULONG *plen)
+{
+    CK_ATTRIBUTE trustTemplate[SFTK_TRUST_TEMPLATE_COUNT];
+    unsigned char trustData[SFTK_TRUST_TEMPLATE_COUNT * SDB_ULONG_SIZE];
+    sftkdbUpdateStatus update = SFTKDB_DO_NOTHING;
+    CK_ULONG i;
+    CK_RV crv;
+
+    for (i = 0; i < SFTK_TRUST_TEMPLATE_COUNT; i++) {
+        trustTemplate[i].type = sftkdb_trustList[i];
+        trustTemplate[i].pValue = &trustData[i * SDB_ULONG_SIZE];
+        trustTemplate[i].ulValueLen = SDB_ULONG_SIZE;
+    }
+    crv = (*db->sdb_GetAttributeValue)(db, id,
+                                       trustTemplate, SFTK_TRUST_TEMPLATE_COUNT);
+    if ((crv != CKR_OK) && (crv != CKR_ATTRIBUTE_TYPE_INVALID)) {
+        /* target trust has some problems, update it */
+        update = SFTKDB_MODIFY_OBJECT;
+        goto done;
+    }
+
+    for (i = 0; i < SFTK_TRUST_TEMPLATE_COUNT; i++) {
+        CK_ATTRIBUTE *attr = sftkdb_getAttributeFromTemplate(
+            trustTemplate[i].type, ptemplate, *plen);
+        sftkdbUpdateStatus status;
+
+        /* if target trust value doesn't exist, nothing to merge */
+        if (trustTemplate[i].ulValueLen == (CK_ULONG)-1) {
+            /* if the source exists, then we want the source entry,
+             * go ahead and update */
+            if (attr && attr->ulValueLen != (CK_ULONG)-1) {
+                update = SFTKDB_MODIFY_OBJECT;
+            }
+            continue;
+        }
+
+        /*
+         * the source doesn't have the attribute, go to the next attribute
+         */
+        if (attr == NULL) {
+            continue;
+        }
+        status = sftkdb_reconcileTrustEntry(arena, &trustTemplate[i], attr);
+        if (status == SFTKDB_MODIFY_OBJECT) {
+            update = SFTKDB_MODIFY_OBJECT;
+        } else if (status == SFTKDB_DROP_ATTRIBUTE) {
+            /* drop the source copy of the attribute, we are going with
+             * the target's version */
+            sftkdb_dropAttribute(attr, ptemplate, plen);
+        }
+    }
+
+    /* finally manage stepup */
+    if (update == SFTKDB_MODIFY_OBJECT) {
+        CK_BBOOL stepUpBool = CK_FALSE;
+        /* if we are going to write from the source, make sure we don't
+         * overwrite the stepup bit if it's on*/
+        trustTemplate[0].type = CKA_TRUST_STEP_UP_APPROVED;
+        trustTemplate[0].pValue = &stepUpBool;
+        trustTemplate[0].ulValueLen = sizeof(stepUpBool);
+        crv = (*db->sdb_GetAttributeValue)(db, id, trustTemplate, 1);
+        if ((crv == CKR_OK) && (stepUpBool == CK_TRUE)) {
+            sftkdb_dropAttribute(trustTemplate, ptemplate, plen);
+        }
+    } else {
+        /* we currently aren't going to update. If the source stepup bit is
+         * on however, do an update so the target gets it as well */
+        CK_ATTRIBUTE *attr;
+
+        attr = sftkdb_getAttributeFromTemplate(CKA_TRUST_STEP_UP_APPROVED,
+                                               ptemplate, *plen);
+        if (attr && (attr->ulValueLen == sizeof(CK_BBOOL)) &&
+            (*(CK_BBOOL *)(attr->pValue) == CK_TRUE)) {
+            update = SFTKDB_MODIFY_OBJECT;
+        }
+    }
+
+done:
+    return update;
+}
+
+static sftkdbUpdateStatus
+sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
+                       CK_ATTRIBUTE *ptemplate, CK_ULONG *plen)
+{
+    sftkdbUpdateStatus update = SFTKDB_DO_NOTHING;
+    CK_ATTRIBUTE *attr1, *attr2;
+    CK_ATTRIBUTE ttemplate[2] = {
+        { CKA_ID, NULL, 0 },
+        { CKA_LABEL, NULL, 0 }
+    };
+
+    attr1 = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen);
+    attr2 = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen);
+
+    /* if the source has neither an id nor label, don't bother updating */
+    if ((!attr1 || attr1->ulValueLen == 0) &&
+        (!attr2 || attr2->ulValueLen == 0)) {
+        return SFTKDB_DO_NOTHING;
+    }
+
+    /* the source has either an id or a label, see what the target has */
+    (void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2);
+
+    /* if the target has neither, update from the source */
+    if (((ttemplate[0].ulValueLen == 0) ||
+         (ttemplate[0].ulValueLen == (CK_ULONG)-1)) &&
+        ((ttemplate[1].ulValueLen == 0) ||
+         (ttemplate[1].ulValueLen == (CK_ULONG)-1))) {
+        return SFTKDB_MODIFY_OBJECT;
+    }
+
+    /* check the CKA_ID */
+    if ((ttemplate[0].ulValueLen != 0) &&
+        (ttemplate[0].ulValueLen != (CK_ULONG)-1)) {
+        /* we have a CKA_ID in the target, don't overwrite
+         * the target with an empty CKA_ID from the source*/
+        if (attr1 && attr1->ulValueLen == 0) {
+            sftkdb_dropAttribute(attr1, ptemplate, plen);
+        }
+    } else if (attr1 && attr1->ulValueLen != 0) {
+        /* source has a CKA_ID, but the target doesn't, update the target */
+        update = SFTKDB_MODIFY_OBJECT;
+    }
+
+    /* check the nickname */
+    if ((ttemplate[1].ulValueLen != 0) &&
+        (ttemplate[1].ulValueLen != (CK_ULONG)-1)) {
+
+        /* we have a nickname in the target, and we don't have to update
+         * the CKA_ID. We are done. NOTE: if we add addition attributes
+         * in this check, this shortcut can only go on the last of them. */
+        if (update == SFTKDB_DO_NOTHING) {
+            return update;
+        }
+        /* we have a nickname in the target, don't overwrite
+         * the target with an empty nickname from the source */
+        if (attr2 && attr2->ulValueLen == 0) {
+            sftkdb_dropAttribute(attr2, ptemplate, plen);
+        }
+    } else if (attr2 && attr2->ulValueLen != 0) {
+        /* source has a nickname, but the target doesn't, update the target */
+        update = SFTKDB_MODIFY_OBJECT;
+    }
+
+    return update;
+}
+
+/*
+ * This function updates the template before we write the object out.
+ *
+ * If we are going to skip updating this object, return PR_FALSE.
+ * If it should be updated we return PR_TRUE.
+ * To help readability, these have been defined
+ * as SFTK_DONT_UPDATE and SFTK_UPDATE respectively.
+ */
+static PRBool
+sftkdb_updateObjectTemplate(PLArenaPool *arena, SDB *db,
+                            CK_OBJECT_CLASS objectType,
+                            CK_ATTRIBUTE *ptemplate, CK_ULONG *plen,
+                            CK_OBJECT_HANDLE *targetID)
+{
+    PRBool done; /* should we repeat the loop? */
+    CK_OBJECT_HANDLE id;
+    CK_RV crv = CKR_OK;
+
+    do {
+        crv = sftkdb_checkConflicts(db, objectType, ptemplate,
+                                    *plen, CK_INVALID_HANDLE);
+        if (crv != CKR_ATTRIBUTE_VALUE_INVALID) {
+            break;
+        }
+        crv = sftkdb_resolveConflicts(arena, objectType, ptemplate, plen);
+    } while (crv == CKR_OK);
+
+    if (crv != CKR_OK) {
+        return SFTKDB_DO_NOTHING;
+    }
+
+    do {
+        done = PR_TRUE;
+        crv = sftkdb_lookupObject(db, objectType, &id, ptemplate, *plen);
+        if (crv != CKR_OK) {
+            return SFTKDB_DO_NOTHING;
+        }
+
+        /* This object already exists, merge it, don't update */
+        if (id != CK_INVALID_HANDLE) {
+            CK_ATTRIBUTE *attr = NULL;
+            /* special post processing for attributes */
+            switch (objectType) {
+                case CKO_CERTIFICATE:
+                case CKO_PUBLIC_KEY:
+                case CKO_PRIVATE_KEY:
+                    /* update target's CKA_ID and labels if they don't already
+                     * exist */
+                    *targetID = id;
+                    return sftkdb_handleIDAndName(arena, db, id, ptemplate, plen);
+                case CKO_NSS_TRUST:
+                    /* if we have conflicting trust object types,
+                     * we need to reconcile them */
+                    *targetID = id;
+                    return sftkdb_reconcileTrust(arena, db, id, ptemplate, plen);
+                case CKO_SECRET_KEY:
+                    /* secret keys in the old database are all sdr keys,
+                     * unfortunately they all appear to have the same CKA_ID,
+                     * even though they are truly different keys, so we always
+                     * want to update these keys, but we need to
+                     * give them a new CKA_ID */
+                    /* NOTE: this changes ptemplate */
+                    attr = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen);
+                    crv = attr ? sftkdb_incrementCKAID(arena, attr)
+                               : CKR_HOST_MEMORY;
+                    /* in the extremely rare event that we needed memory and
+                     * couldn't get it, just drop the key */
+                    if (crv != CKR_OK) {
+                        return SFTKDB_DO_NOTHING;
+                    }
+                    done = PR_FALSE; /* repeat this find loop */
+                    break;
+                default:
+                    /* for all other objects, if we found the equivalent object,
+                     * don't update it */
+                    return SFTKDB_DO_NOTHING;
+            }
+        }
+    } while (!done);
+
+    /* this object doesn't exist, update it */
+    return SFTKDB_ADD_OBJECT;
+}
+
+#define MAX_ATTRIBUTES 500
+static CK_RV
+sftkdb_mergeObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE id,
+                   SECItem *key)
+{
+    CK_ATTRIBUTE template[MAX_ATTRIBUTES];
+    CK_ATTRIBUTE *ptemplate;
+    CK_ULONG max_attributes = MAX_ATTRIBUTES;
+    CK_OBJECT_CLASS objectType;
+    SDB *source = handle->update;
+    SDB *target = handle->db;
+    unsigned int i;
+    CK_RV crv;
+    PLArenaPool *arena = NULL;
+
+    arena = PORT_NewArena(256);
+    if (arena == NULL) {
+        return CKR_HOST_MEMORY;
+    }
+
+    ptemplate = &template[0];
+    id &= SFTK_OBJ_ID_MASK;
+    crv = sftkdb_GetObjectTemplate(source, id, ptemplate, &max_attributes);
+    if (crv == CKR_BUFFER_TOO_SMALL) {
+        ptemplate = PORT_ArenaNewArray(arena, CK_ATTRIBUTE, max_attributes);
+        if (ptemplate == NULL) {
+            crv = CKR_HOST_MEMORY;
+        } else {
+            crv = sftkdb_GetObjectTemplate(source, id,
+                                           ptemplate, &max_attributes);
+        }
+    }
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    for (i = 0; i < max_attributes; i++) {
+        ptemplate[i].pValue = PORT_ArenaAlloc(arena, ptemplate[i].ulValueLen);
+        if (ptemplate[i].pValue == NULL) {
+            crv = CKR_HOST_MEMORY;
+            goto loser;
+        }
+    }
+    crv = (*source->sdb_GetAttributeValue)(source, id,
+                                           ptemplate, max_attributes);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    objectType = sftkdb_getULongFromTemplate(CKA_CLASS, ptemplate,
+                                             max_attributes);
+
+    /*
+     * Update Object updates the object template if necessary then returns
+     * whether or not we need to actually write the object out to our target
+     * database.
+     */
+    if (!handle->updateID) {
+        crv = sftkdb_CreateObject(arena, handle, target, &id,
+                                  ptemplate, max_attributes);
+    } else {
+        sftkdbUpdateStatus update_status;
+        update_status = sftkdb_updateObjectTemplate(arena, target,
+                                                    objectType, ptemplate, &max_attributes, &id);
+        switch (update_status) {
+            case SFTKDB_ADD_OBJECT:
+                crv = sftkdb_CreateObject(arena, handle, target, &id,
+                                          ptemplate, max_attributes);
+                break;
+            case SFTKDB_MODIFY_OBJECT:
+                crv = sftkdb_setAttributeValue(arena, handle, target,
+                                               id, ptemplate, max_attributes);
+                break;
+            case SFTKDB_DO_NOTHING:
+            case SFTKDB_DROP_ATTRIBUTE:
+                break;
+        }
+    }
+
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_TRUE);
+    }
+    return crv;
+}
+
+#define MAX_IDS 10
+/*
+ * update a new database from an old one, now that we have the key
+ */
+CK_RV
+sftkdb_Update(SFTKDBHandle *handle, SECItem *key)
+{
+    SDBFind *find = NULL;
+    CK_ULONG idCount = MAX_IDS;
+    CK_OBJECT_HANDLE ids[MAX_IDS];
+    SECItem *updatePasswordKey = NULL;
+    CK_RV crv, crv2;
+    PRBool inTransaction = PR_FALSE;
+    unsigned int i;
+
+    if (handle == NULL) {
+        return CKR_OK;
+    }
+    if (handle->update == NULL) {
+        return CKR_OK;
+    }
+
+    /*
+     * put the whole update under a transaction. This allows us to handle
+     * any possible race conditions between with the updateID check.
+     */
+    crv = (*handle->db->sdb_Begin)(handle->db);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    inTransaction = PR_TRUE;
+
+    /* some one else has already updated this db */
+    if (sftkdb_hasUpdate(sftkdb_TypeString(handle),
+                         handle->db, handle->updateID)) {
+        crv = CKR_OK;
+        goto done;
+    }
+
+    updatePasswordKey = sftkdb_GetUpdatePasswordKey(handle);
+    if (updatePasswordKey) {
+        /* pass the source DB key to the legacy code,
+         * so it can decrypt things */
+        handle->oldKey = updatePasswordKey;
+    }
+
+    /* find all the objects */
+    crv = sftkdb_FindObjectsInit(handle, NULL, 0, &find);
+
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+    while ((crv == CKR_OK) && (idCount == MAX_IDS)) {
+        crv = sftkdb_FindObjects(handle, find, ids, MAX_IDS, &idCount);
+        for (i = 0; (crv == CKR_OK) && (i < idCount); i++) {
+            crv = sftkdb_mergeObject(handle, ids[i], key);
+        }
+    }
+    crv2 = sftkdb_FindObjectsFinal(handle, find);
+    if (crv == CKR_OK)
+        crv = crv2;
+
+loser:
+    /* no longer need the old key value */
+    handle->oldKey = NULL;
+
+    /* update the password - even if we didn't update objects */
+    if (handle->type == SFTK_KEYDB_TYPE) {
+        SECItem item1, item2;
+        unsigned char data1[SDB_MAX_META_DATA_LEN];
+        unsigned char data2[SDB_MAX_META_DATA_LEN];
+
+        item1.data = data1;
+        item1.len = sizeof(data1);
+        item2.data = data2;
+        item2.len = sizeof(data2);
+
+        /* if the target db already has a password, skip this. */
+        crv = (*handle->db->sdb_GetMetaData)(handle->db, "password",
+                                             &item1, &item2);
+        if (crv == CKR_OK) {
+            goto done;
+        }
+
+        /* nope, update it from the source */
+        crv = (*handle->update->sdb_GetMetaData)(handle->update, "password",
+                                                 &item1, &item2);
+        if (crv != CKR_OK) {
+            goto done;
+        }
+        crv = (*handle->db->sdb_PutMetaData)(handle->db, "password", &item1,
+                                             &item2);
+        if (crv != CKR_OK) {
+            goto done;
+        }
+    }
+
+done:
+    /* finally mark this up to date db up to date */
+    /* some one else has already updated this db */
+    if (crv == CKR_OK) {
+        crv = sftkdb_putUpdate(sftkdb_TypeString(handle),
+                               handle->db, handle->updateID);
+    }
+
+    if (inTransaction) {
+        if (crv == CKR_OK) {
+            crv = (*handle->db->sdb_Commit)(handle->db);
+        } else {
+            (*handle->db->sdb_Abort)(handle->db);
+        }
+    }
+    if (handle->update) {
+        (*handle->update->sdb_Close)(handle->update);
+        handle->update = NULL;
+    }
+    if (handle->updateID) {
+        PORT_Free(handle->updateID);
+        handle->updateID = NULL;
+    }
+    sftkdb_FreeUpdatePasswordKey(handle);
+    if (updatePasswordKey) {
+        SECITEM_ZfreeItem(updatePasswordKey, PR_TRUE);
+    }
+    handle->updateDBIsInit = PR_FALSE;
+    return crv;
+}
+
+/******************************************************************
+ * DB handle managing functions.
+ *
+ * These functions are called by softoken to initialize, acquire,
+ * and release database handles.
+ */
+
+const char *
+sftkdb_GetUpdateID(SFTKDBHandle *handle)
+{
+    return handle->updateID;
+}
+
+/* release a database handle */
+void
+sftk_freeDB(SFTKDBHandle *handle)
+{
+    PRInt32 ref;
+
+    if (!handle)
+        return;
+    ref = PR_ATOMIC_DECREMENT(&handle->ref);
+    if (ref == 0) {
+        sftkdb_CloseDB(handle);
+    }
+    return;
+}
+
+/*
+ * acquire a database handle for a certificate db
+ * (database for public objects)
+ */
+SFTKDBHandle *
+sftk_getCertDB(SFTKSlot *slot)
+{
+    SFTKDBHandle *dbHandle;
+
+    PZ_Lock(slot->slotLock);
+    dbHandle = slot->certDB;
+    if (dbHandle) {
+        (void)PR_ATOMIC_INCREMENT(&dbHandle->ref);
+    }
+    PZ_Unlock(slot->slotLock);
+    return dbHandle;
+}
+
+/*
+ * acquire a database handle for a key database
+ * (database for private objects)
+ */
+SFTKDBHandle *
+sftk_getKeyDB(SFTKSlot *slot)
+{
+    SFTKDBHandle *dbHandle;
+
+    SKIP_AFTER_FORK(PZ_Lock(slot->slotLock));
+    dbHandle = slot->keyDB;
+    if (dbHandle) {
+        (void)PR_ATOMIC_INCREMENT(&dbHandle->ref);
+    }
+    SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock));
+    return dbHandle;
+}
+
+/*
+ * acquire the database for a specific object. NOTE: objectID must point
+ * to a Token object!
+ */
+SFTKDBHandle *
+sftk_getDBForTokenObject(SFTKSlot *slot, CK_OBJECT_HANDLE objectID)
+{
+    SFTKDBHandle *dbHandle;
+
+    PZ_Lock(slot->slotLock);
+    dbHandle = objectID & SFTK_KEYDB_TYPE ? slot->keyDB : slot->certDB;
+    if (dbHandle) {
+        (void)PR_ATOMIC_INCREMENT(&dbHandle->ref);
+    }
+    PZ_Unlock(slot->slotLock);
+    return dbHandle;
+}
+
+/*
+ * initialize a new database handle
+ */
+static SFTKDBHandle *
+sftk_NewDBHandle(SDB *sdb, int type)
+{
+    SFTKDBHandle *handle = PORT_New(SFTKDBHandle);
+    handle->ref = 1;
+    handle->db = sdb;
+    handle->update = NULL;
+    handle->peerDB = NULL;
+    handle->newKey = NULL;
+    handle->oldKey = NULL;
+    handle->updatePasswordKey = NULL;
+    handle->updateID = NULL;
+    handle->type = type;
+    handle->passwordKey.data = NULL;
+    handle->passwordKey.len = 0;
+    handle->passwordLock = NULL;
+    if (type == SFTK_KEYDB_TYPE) {
+        handle->passwordLock = PZ_NewLock(nssILockAttribute);
+    }
+    sdb->app_private = handle;
+    return handle;
+}
+
+/*
+ * reset the key database to it's uninitialized state. This call
+ * will clear all the key entried.
+ */
+SECStatus
+sftkdb_ResetKeyDB(SFTKDBHandle *handle)
+{
+    CK_RV crv;
+
+    /* only rest the key db */
+    if (handle->type != SFTK_KEYDB_TYPE) {
+        return SECFailure;
+    }
+    crv = sftkdb_ResetDB(handle);
+    if (crv != CKR_OK) {
+        /* set error */
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static PRBool
+sftk_oldVersionExists(const char *dir, int version)
+{
+    int i;
+    PRStatus exists = PR_FAILURE;
+    char *file = NULL;
+
+    for (i = version; i > 1; i--) {
+        file = PR_smprintf("%s%d.db", dir, i);
+        if (file == NULL) {
+            continue;
+        }
+        exists = PR_Access(file, PR_ACCESS_EXISTS);
+        PR_smprintf_free(file);
+        if (exists == PR_SUCCESS) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+static PRBool
+sftk_hasLegacyDB(const char *confdir, const char *certPrefix,
+                 const char *keyPrefix, int certVersion, int keyVersion)
+{
+    char *dir;
+    PRBool exists;
+
+    if (certPrefix == NULL) {
+        certPrefix = "";
+    }
+
+    if (keyPrefix == NULL) {
+        keyPrefix = "";
+    }
+
+    dir = PR_smprintf("%s/%scert", confdir, certPrefix);
+    if (dir == NULL) {
+        return PR_FALSE;
+    }
+
+    exists = sftk_oldVersionExists(dir, certVersion);
+    PR_smprintf_free(dir);
+    if (exists) {
+        return PR_TRUE;
+    }
+
+    dir = PR_smprintf("%s/%skey", confdir, keyPrefix);
+    if (dir == NULL) {
+        return PR_FALSE;
+    }
+
+    exists = sftk_oldVersionExists(dir, keyVersion);
+    PR_smprintf_free(dir);
+    return exists;
+}
+
+/*
+ * initialize certificate and key database handles as a pair.
+ *
+ * This function figures out what type of database we are opening and
+ * calls the appropriate low level function to open the database.
+ * It also figures out whether or not to setup up automatic update.
+ */
+CK_RV
+sftk_DBInit(const char *configdir, const char *certPrefix,
+            const char *keyPrefix, const char *updatedir,
+            const char *updCertPrefix, const char *updKeyPrefix,
+            const char *updateID, PRBool readOnly, PRBool noCertDB,
+            PRBool noKeyDB, PRBool forceOpen, PRBool isFIPS,
+            SFTKDBHandle **certDB, SFTKDBHandle **keyDB)
+{
+    const char *confdir;
+    NSSDBType dbType = NSS_DB_TYPE_NONE;
+    char *appName = NULL;
+    SDB *keySDB, *certSDB;
+    CK_RV crv = CKR_OK;
+    int flags = SDB_RDONLY;
+    PRBool newInit = PR_FALSE;
+    PRBool needUpdate = PR_FALSE;
+
+    if (!readOnly) {
+        flags = SDB_CREATE;
+    }
+    if (isFIPS) {
+        flags |= SDB_FIPS;
+    }
+
+    *certDB = NULL;
+    *keyDB = NULL;
+
+    if (noKeyDB && noCertDB) {
+        return CKR_OK;
+    }
+    confdir = _NSSUTIL_EvaluateConfigDir(configdir, &dbType, &appName);
+
+    /*
+     * now initialize the appropriate database
+     */
+    switch (dbType) {
+        case NSS_DB_TYPE_LEGACY:
+            crv = sftkdbCall_open(confdir, certPrefix, keyPrefix, 8, 3, flags,
+                                  noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB);
+            break;
+        case NSS_DB_TYPE_MULTIACCESS:
+            crv = sftkdbCall_open(configdir, certPrefix, keyPrefix, 8, 3, flags,
+                                  noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB);
+            break;
+        case NSS_DB_TYPE_SQL:
+        case NSS_DB_TYPE_EXTERN: /* SHOULD open a loadable db */
+            crv = s_open(confdir, certPrefix, keyPrefix, 9, 4, flags,
+                         noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB, &newInit);
+
+            /*
+             * if we failed to open the DB's read only, use the old ones if
+             * the exists.
+             */
+            if (crv != CKR_OK) {
+                if (((flags & SDB_RDONLY) == SDB_RDONLY) &&
+                    sftk_hasLegacyDB(confdir, certPrefix, keyPrefix, 8, 3)) {
+                    /* we have legacy databases, if we failed to open the new format
+                     * DB's read only, just use the legacy ones */
+                    crv = sftkdbCall_open(confdir, certPrefix,
+                                          keyPrefix, 8, 3, flags,
+                                          noCertDB ? NULL : &certSDB, noKeyDB ? NULL : &keySDB);
+                }
+                /* Handle the database merge case.
+                 *
+                 * For the merge case, we need help from the application. Only
+                 * the application knows where the old database is, and what unique
+                 * identifier it has associated with it.
+                 *
+                 * If the client supplies these values, we use them to determine
+                 * if we need to update.
+                 */
+            } else if (
+                /* both update params have been supplied */
+                updatedir && *updatedir && updateID && *updateID
+                /* old dbs exist? */
+                && sftk_hasLegacyDB(updatedir, updCertPrefix, updKeyPrefix, 8, 3)
+                /* and they have not yet been updated? */
+                && ((noKeyDB || !sftkdb_hasUpdate("key", keySDB, updateID)) || (noCertDB || !sftkdb_hasUpdate("cert", certSDB, updateID)))) {
+                /* we need to update */
+                confdir = updatedir;
+                certPrefix = updCertPrefix;
+                keyPrefix = updKeyPrefix;
+                needUpdate = PR_TRUE;
+            } else if (newInit) {
+                /* if the new format DB was also a newly created DB, and we
+                 * succeeded, then need to update that new database with data
+                 * from the existing legacy DB */
+                if (sftk_hasLegacyDB(confdir, certPrefix, keyPrefix, 8, 3)) {
+                    needUpdate = PR_TRUE;
+                }
+            }
+            break;
+        default:
+            crv = CKR_GENERAL_ERROR; /* can't happen, EvaluationConfigDir MUST
+                                      * return one of the types we already
+                                      * specified. */
+    }
+    if (crv != CKR_OK) {
+        goto done;
+    }
+    if (!noCertDB) {
+        *certDB = sftk_NewDBHandle(certSDB, SFTK_CERTDB_TYPE);
+    } else {
+        *certDB = NULL;
+    }
+    if (!noKeyDB) {
+        *keyDB = sftk_NewDBHandle(keySDB, SFTK_KEYDB_TYPE);
+    } else {
+        *keyDB = NULL;
+    }
+
+    /* link them together */
+    if (*certDB) {
+        (*certDB)->peerDB = *keyDB;
+    }
+    if (*keyDB) {
+        (*keyDB)->peerDB = *certDB;
+    }
+
+    /*
+     * if we need to update, open the legacy database and
+     * mark the handle as needing update.
+     */
+    if (needUpdate) {
+        SDB *updateCert = NULL;
+        SDB *updateKey = NULL;
+        CK_RV crv2;
+
+        crv2 = sftkdbCall_open(confdir, certPrefix, keyPrefix, 8, 3, flags,
+                               noCertDB ? NULL : &updateCert,
+                               noKeyDB ? NULL : &updateKey);
+        if (crv2 == CKR_OK) {
+            if (*certDB) {
+                (*certDB)->update = updateCert;
+                (*certDB)->updateID = updateID && *updateID
+                                          ? PORT_Strdup(updateID)
+                                          : NULL;
+                updateCert->app_private = (*certDB);
+            }
+            if (*keyDB) {
+                PRBool tokenRemoved = PR_FALSE;
+                (*keyDB)->update = updateKey;
+                (*keyDB)->updateID = updateID && *updateID ? PORT_Strdup(updateID) : NULL;
+                updateKey->app_private = (*keyDB);
+                (*keyDB)->updateDBIsInit = PR_TRUE;
+                (*keyDB)->updateDBIsInit =
+                    (sftkdb_HasPasswordSet(*keyDB) == SECSuccess) ? PR_TRUE : PR_FALSE;
+                /* if the password on the key db is NULL, kick off our update
+                 * chain of events */
+                sftkdb_CheckPassword((*keyDB), "", &tokenRemoved);
+            } else {
+                /* we don't have a key DB, update the certificate DB now */
+                sftkdb_Update(*certDB, NULL);
+            }
+        }
+    }
+done:
+    if (appName) {
+        PORT_Free(appName);
+    }
+    return forceOpen ? CKR_OK : crv;
+}
+
+CK_RV
+sftkdb_Shutdown(void)
+{
+    s_shutdown();
+    sftkdbCall_Shutdown();
+    return CKR_OK;
+}
diff --git a/nss/lib/softoken/sftkdb.h b/nss/lib/softoken/sftkdb.h
new file mode 100644
index 0000000..a47c896
--- /dev/null
+++ b/nss/lib/softoken/sftkdb.h
@@ -0,0 +1,71 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "sftkdbt.h"
+#include "sdb.h"
+#include "pkcs11i.h"
+#include "pkcs11t.h"
+
+/* raw database stuff */
+CK_RV sftkdb_write(SFTKDBHandle *handle, SFTKObject *, CK_OBJECT_HANDLE *);
+CK_RV sftkdb_FindObjectsInit(SFTKDBHandle *sdb, const CK_ATTRIBUTE *template,
+                             CK_ULONG count, SDBFind **find);
+CK_RV sftkdb_FindObjects(SFTKDBHandle *sdb, SDBFind *find,
+                         CK_OBJECT_HANDLE *ids, int arraySize, CK_ULONG *count);
+CK_RV sftkdb_FindObjectsFinal(SFTKDBHandle *sdb, SDBFind *find);
+CK_RV sftkdb_GetAttributeValue(SFTKDBHandle *handle,
+                               CK_OBJECT_HANDLE object_id, CK_ATTRIBUTE *template, CK_ULONG count);
+CK_RV sftkdb_SetAttributeValue(SFTKDBHandle *handle, SFTKObject *object,
+                               const CK_ATTRIBUTE *template, CK_ULONG count);
+CK_RV sftkdb_DestroyObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE object_id);
+CK_RV sftkdb_closeDB(SFTKDBHandle *handle);
+
+/* keydb functions */
+
+SECStatus sftkdb_PWIsInitialized(SFTKDBHandle *keydb);
+SECStatus sftkdb_CheckPassword(SFTKDBHandle *keydb, const char *pw,
+                               PRBool *tokenRemoved);
+SECStatus sftkdb_PWCached(SFTKDBHandle *keydb);
+SECStatus sftkdb_HasPasswordSet(SFTKDBHandle *keydb);
+SECStatus sftkdb_ResetKeyDB(SFTKDBHandle *keydb);
+SECStatus sftkdb_ChangePassword(SFTKDBHandle *keydb,
+                                char *oldPin, char *newPin,
+                                PRBool *tokenRemoved);
+SECStatus sftkdb_ClearPassword(SFTKDBHandle *keydb);
+PRBool sftkdb_InUpdateMerge(SFTKDBHandle *keydb);
+PRBool sftkdb_NeedUpdateDBPassword(SFTKDBHandle *keydb);
+const char *sftkdb_GetUpdateID(SFTKDBHandle *keydb);
+SECItem *sftkdb_GetUpdatePasswordKey(SFTKDBHandle *keydb);
+void sftkdb_FreeUpdatePasswordKey(SFTKDBHandle *keydb);
+
+/* Utility functions */
+/*
+ * OK there are now lots of options here, lets go through them all:
+ *
+ * configdir - base directory where all the cert, key, and module datbases live.
+ * certPrefix - prefix added to the beginning of the cert database example: "
+ *                      "https-server1-"
+ * keyPrefix - prefix added to the beginning of the key database example: "
+ *                      "https-server1-"
+ * secmodName - name of the security module database (usually "secmod.db").
+ * readOnly - Boolean: true if the databases are to be openned read only.
+ * nocertdb - Don't open the cert DB and key DB's, just initialize the
+ *                      Volatile certdb.
+ * nomoddb - Don't open the security module DB, just initialize the
+ *                      PKCS #11 module.
+ * forceOpen - Continue to force initializations even if the databases cannot
+ *                      be opened.
+ */
+CK_RV sftk_DBInit(const char *configdir, const char *certPrefix,
+                  const char *keyPrefix, const char *updatedir,
+                  const char *updCertPrefix, const char *updKeyPrefix,
+                  const char *updateID, PRBool readOnly, PRBool noCertDB,
+                  PRBool noKeyDB, PRBool forceOpen, PRBool isFIPS,
+                  SFTKDBHandle **certDB, SFTKDBHandle **keyDB);
+CK_RV sftkdb_Shutdown(void);
+
+SFTKDBHandle *sftk_getCertDB(SFTKSlot *slot);
+SFTKDBHandle *sftk_getKeyDB(SFTKSlot *slot);
+SFTKDBHandle *sftk_getDBForTokenObject(SFTKSlot *slot,
+                                       CK_OBJECT_HANDLE objectID);
+void sftk_freeDB(SFTKDBHandle *certHandle);
diff --git a/nss/lib/softoken/sftkdbt.h b/nss/lib/softoken/sftkdbt.h
new file mode 100644
index 0000000..77beb84
--- /dev/null
+++ b/nss/lib/softoken/sftkdbt.h
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SFTKDBT_H
+#define SFTKDBT_H 1
+typedef struct SFTKDBHandleStr SFTKDBHandle;
+
+#define SDB_MAX_META_DATA_LEN 256
+#define SDB_ULONG_SIZE 4
+
+#endif
diff --git a/nss/lib/softoken/sftkdbti.h b/nss/lib/softoken/sftkdbti.h
new file mode 100644
index 0000000..4942e1b
--- /dev/null
+++ b/nss/lib/softoken/sftkdbti.h
@@ -0,0 +1,58 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SFTKDBTI_H
+#define SFTKDBTI_H 1
+
+/*
+ * private defines
+ */
+struct SFTKDBHandleStr {
+    SDB *db;
+    PRInt32 ref;
+    CK_OBJECT_HANDLE type;
+    SECItem passwordKey;
+    SECItem *newKey;
+    SECItem *oldKey;
+    SECItem *updatePasswordKey;
+    PZLock *passwordLock;
+    SFTKDBHandle *peerDB;
+    SDB *update;
+    char *updateID;
+    PRBool updateDBIsInit;
+};
+
+#define SFTK_KEYDB_TYPE 0x40000000
+#define SFTK_CERTDB_TYPE 0x00000000
+#define SFTK_OBJ_TYPE_MASK 0xc0000000
+#define SFTK_OBJ_ID_MASK (~SFTK_OBJ_TYPE_MASK)
+#define SFTK_TOKEN_TYPE 0x80000000
+
+/* the following is the number of id's to handle on the stack at a time,
+ * it's not an upper limit of IDS that can be stored in the database */
+#define SFTK_MAX_IDS 10
+
+#define SFTK_GET_SDB(handle) \
+    ((handle)->update ? (handle)->update : (handle)->db)
+
+SECStatus sftkdb_DecryptAttribute(SECItem *passKey, SECItem *cipherText,
+                                  SECItem **plainText);
+SECStatus sftkdb_EncryptAttribute(PLArenaPool *arena, SECItem *passKey,
+                                  SECItem *plainText, SECItem **cipherText);
+SECStatus sftkdb_SignAttribute(PLArenaPool *arena, SECItem *passKey,
+                               CK_OBJECT_HANDLE objectID,
+                               CK_ATTRIBUTE_TYPE attrType,
+                               SECItem *plainText, SECItem **sigText);
+SECStatus sftkdb_VerifyAttribute(SECItem *passKey,
+                                 CK_OBJECT_HANDLE objectID,
+                                 CK_ATTRIBUTE_TYPE attrType,
+                                 SECItem *plainText, SECItem *sigText);
+
+void sftk_ULong2SDBULong(unsigned char *data, CK_ULONG value);
+CK_RV sftkdb_Update(SFTKDBHandle *handle, SECItem *key);
+CK_RV sftkdb_PutAttributeSignature(SFTKDBHandle *handle,
+                                   SDB *keyTarget, CK_OBJECT_HANDLE objectID,
+                                   CK_ATTRIBUTE_TYPE type, SECItem *signText);
+
+#endif
diff --git a/nss/lib/softoken/sftkhmac.c b/nss/lib/softoken/sftkhmac.c
new file mode 100644
index 0000000..be6344c
--- /dev/null
+++ b/nss/lib/softoken/sftkhmac.c
@@ -0,0 +1,190 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "secerr.h"
+#include "blapi.h"
+#include "pkcs11i.h"
+#include "softoken.h"
+#include "hmacct.h"
+
+/* MACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash
+ * type. */
+static HASH_HashType
+MACMechanismToHash(CK_MECHANISM_TYPE mech)
+{
+    switch (mech) {
+        case CKM_MD5_HMAC:
+        case CKM_SSL3_MD5_MAC:
+            return HASH_AlgMD5;
+        case CKM_SHA_1_HMAC:
+        case CKM_SSL3_SHA1_MAC:
+            return HASH_AlgSHA1;
+        case CKM_SHA224_HMAC:
+            return HASH_AlgSHA224;
+        case CKM_SHA256_HMAC:
+            return HASH_AlgSHA256;
+        case CKM_SHA384_HMAC:
+            return HASH_AlgSHA384;
+        case CKM_SHA512_HMAC:
+            return HASH_AlgSHA512;
+    }
+    return HASH_AlgNULL;
+}
+
+static sftk_MACConstantTimeCtx *
+SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key)
+{
+    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
+        (CK_NSS_MAC_CONSTANT_TIME_PARAMS *)mech->pParameter;
+    sftk_MACConstantTimeCtx *ctx;
+    HASH_HashType alg;
+    SFTKAttribute *keyval;
+    unsigned char secret[sizeof(ctx->secret)];
+    unsigned int secretLength;
+
+    if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) {
+        return NULL;
+    }
+
+    alg = MACMechanismToHash(params->macAlg);
+    if (alg == HASH_AlgNULL) {
+        return NULL;
+    }
+
+    keyval = sftk_FindAttribute(key, CKA_VALUE);
+    if (keyval == NULL) {
+        return NULL;
+    }
+    secretLength = keyval->attrib.ulValueLen;
+    if (secretLength > sizeof(secret)) {
+        sftk_FreeAttribute(keyval);
+        return NULL;
+    }
+    memcpy(secret, keyval->attrib.pValue, secretLength);
+    sftk_FreeAttribute(keyval);
+
+    ctx = PORT_Alloc(sizeof(sftk_MACConstantTimeCtx));
+    if (!ctx) {
+        return NULL;
+    }
+
+    memcpy(ctx->secret, secret, secretLength);
+    ctx->secretLength = secretLength;
+    ctx->hash = HASH_GetRawHashObject(alg);
+    ctx->totalLength = params->ulBodyTotalLen;
+
+    return ctx;
+}
+
+sftk_MACConstantTimeCtx *
+sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
+{
+    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
+        (CK_NSS_MAC_CONSTANT_TIME_PARAMS *)mech->pParameter;
+    sftk_MACConstantTimeCtx *ctx;
+
+    if (params->ulHeaderLen > sizeof(ctx->header)) {
+        return NULL;
+    }
+    ctx = SetupMAC(mech, key);
+    if (!ctx) {
+        return NULL;
+    }
+
+    ctx->headerLength = params->ulHeaderLen;
+    memcpy(ctx->header, params->pHeader, params->ulHeaderLen);
+    return ctx;
+}
+
+sftk_MACConstantTimeCtx *
+sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
+{
+    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
+        (CK_NSS_MAC_CONSTANT_TIME_PARAMS *)mech->pParameter;
+    unsigned int padLength = 40, j;
+    sftk_MACConstantTimeCtx *ctx;
+
+    if (params->macAlg != CKM_SSL3_MD5_MAC &&
+        params->macAlg != CKM_SSL3_SHA1_MAC) {
+        return NULL;
+    }
+    ctx = SetupMAC(mech, key);
+    if (!ctx) {
+        return NULL;
+    }
+
+    if (params->macAlg == CKM_SSL3_MD5_MAC) {
+        padLength = 48;
+    }
+
+    ctx->headerLength =
+        ctx->secretLength +
+        padLength +
+        params->ulHeaderLen;
+
+    if (ctx->headerLength > sizeof(ctx->header)) {
+        goto loser;
+    }
+
+    j = 0;
+    memcpy(&ctx->header[j], ctx->secret, ctx->secretLength);
+    j += ctx->secretLength;
+    memset(&ctx->header[j], 0x36, padLength);
+    j += padLength;
+    memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLen);
+
+    return ctx;
+
+loser:
+    PORT_Free(ctx);
+    return NULL;
+}
+
+void
+sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len)
+{
+    sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *)pctx;
+    PORT_CheckSuccess(HMAC_ConstantTime(
+        ctx->mac, NULL, sizeof(ctx->mac),
+        ctx->hash,
+        ctx->secret, ctx->secretLength,
+        ctx->header, ctx->headerLength,
+        data, len,
+        ctx->totalLength));
+}
+
+void
+sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len)
+{
+    sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *)pctx;
+    PORT_CheckSuccess(SSLv3_MAC_ConstantTime(
+        ctx->mac, NULL, sizeof(ctx->mac),
+        ctx->hash,
+        ctx->secret, ctx->secretLength,
+        ctx->header, ctx->headerLength,
+        data, len,
+        ctx->totalLength));
+}
+
+void
+sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength,
+                             unsigned int maxLength)
+{
+    const sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *)pctx;
+    unsigned int toCopy = ctx->hash->length;
+    if (toCopy > maxLength) {
+        toCopy = maxLength;
+    }
+    memcpy(out, ctx->mac, toCopy);
+    if (outLength) {
+        *outLength = toCopy;
+    }
+}
+
+void
+sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free)
+{
+    PORT_Free(pctx);
+}
diff --git a/nss/lib/softoken/sftkpars.c b/nss/lib/softoken/sftkpars.c
new file mode 100644
index 0000000..e972fe8
--- /dev/null
+++ b/nss/lib/softoken/sftkpars.c
@@ -0,0 +1,251 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ *  The following code handles the storage of PKCS 11 modules used by the
+ * NSS. This file is written to abstract away how the modules are
+ * stored so we can deside that later.
+ */
+#include "pkcs11i.h"
+#include "sdb.h"
+#include "prprf.h"
+#include "prenv.h"
+#include "utilpars.h"
+
+#define FREE_CLEAR(p) \
+    if (p) {          \
+        PORT_Free(p); \
+        p = NULL;     \
+    }
+
+static void
+sftk_parseTokenFlags(char *tmp, sftk_token_parameters *parsed)
+{
+    parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
+    parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
+    parsed->noKeyDB = NSSUTIL_ArgHasFlag("flags", "noKeyDB", tmp);
+    parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
+    parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
+    parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
+    return;
+}
+
+static void
+sftk_parseFlags(char *tmp, sftk_parameters *parsed)
+{
+    parsed->noModDB = NSSUTIL_ArgHasFlag("flags", "noModDB", tmp);
+    parsed->readOnly = NSSUTIL_ArgHasFlag("flags", "readOnly", tmp);
+    /* keep legacy interface working */
+    parsed->noCertDB = NSSUTIL_ArgHasFlag("flags", "noCertDB", tmp);
+    parsed->forceOpen = NSSUTIL_ArgHasFlag("flags", "forceOpen", tmp);
+    parsed->pwRequired = NSSUTIL_ArgHasFlag("flags", "passwordRequired", tmp);
+    parsed->optimizeSpace = NSSUTIL_ArgHasFlag("flags", "optimizeSpace", tmp);
+    return;
+}
+
+static CK_RV
+sftk_parseTokenParameters(char *param, sftk_token_parameters *parsed)
+{
+    int next;
+    char *tmp = NULL;
+    const char *index;
+    index = NSSUTIL_ArgStrip(param);
+
+    while (*index) {
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updCertPrefix, "updateCertPrefix=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updKeyPrefix, "updateKeyPrefix=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->certPrefix, "certPrefix=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->keyPrefix, "keyPrefix=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->tokdes, "tokenDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updtokdes, "updateTokenDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->slotdes, "slotDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "minPWLen=",
+                                  if (tmp) { parsed->minPW=atoi(tmp); PORT_Free(tmp); tmp = NULL; })
+        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "flags=",
+                                  if (tmp) { sftk_parseTokenFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
+        NSSUTIL_HANDLE_FINAL_ARG(index)
+    }
+    return CKR_OK;
+}
+
+static void
+sftk_parseTokens(char *tokenParams, sftk_parameters *parsed)
+{
+    const char *tokenIndex;
+    sftk_token_parameters *tokens = NULL;
+    int i = 0, count = 0, next;
+
+    if ((tokenParams == NULL) || (*tokenParams == 0))
+        return;
+
+    /* first count the number of slots */
+    for (tokenIndex = NSSUTIL_ArgStrip(tokenParams); *tokenIndex;
+         tokenIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(tokenIndex))) {
+        count++;
+    }
+
+    /* get the data structures */
+    tokens = (sftk_token_parameters *)
+        PORT_ZAlloc(count * sizeof(sftk_token_parameters));
+    if (tokens == NULL)
+        return;
+
+    for (tokenIndex = NSSUTIL_ArgStrip(tokenParams), i = 0;
+         *tokenIndex && i < count; i++) {
+        char *name;
+        name = NSSUTIL_ArgGetLabel(tokenIndex, &next);
+        tokenIndex += next;
+
+        tokens[i].slotID = NSSUTIL_ArgDecodeNumber(name);
+        tokens[i].readOnly = PR_FALSE;
+        tokens[i].noCertDB = PR_FALSE;
+        tokens[i].noKeyDB = PR_FALSE;
+        if (!NSSUTIL_ArgIsBlank(*tokenIndex)) {
+            char *args = NSSUTIL_ArgFetchValue(tokenIndex, &next);
+            tokenIndex += next;
+            if (args) {
+                sftk_parseTokenParameters(args, &tokens[i]);
+                PORT_Free(args);
+            }
+        }
+        if (name)
+            PORT_Free(name);
+        tokenIndex = NSSUTIL_ArgStrip(tokenIndex);
+    }
+    parsed->token_count = i;
+    parsed->tokens = tokens;
+    return;
+}
+
+CK_RV
+sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS)
+{
+    int next;
+    char *tmp = NULL;
+    const char *index;
+    char *certPrefix = NULL, *keyPrefix = NULL;
+    char *tokdes = NULL, *ptokdes = NULL, *pupdtokdes = NULL;
+    char *slotdes = NULL, *pslotdes = NULL;
+    char *fslotdes = NULL, *ftokdes = NULL;
+    char *minPW = NULL;
+    index = NSSUTIL_ArgStrip(param);
+
+    PORT_Memset(parsed, 0, sizeof(sftk_parameters));
+
+    while (*index) {
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->configdir, "configDir=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updatedir, "updateDir=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->updateID, "updateID=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->secmodName, "secmod=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->man, "manufacturerID=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, parsed->libdes, "libraryDescription=", ;)
+        /* constructed values, used so legacy interfaces still work */
+        NSSUTIL_HANDLE_STRING_ARG(index, certPrefix, "certPrefix=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, keyPrefix, "keyPrefix=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, tokdes, "cryptoTokenDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, ptokdes, "dbTokenDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, slotdes, "cryptoSlotDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, pslotdes, "dbSlotDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, fslotdes, "FIPSSlotDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, ftokdes, "FIPSTokenDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, pupdtokdes, "updateTokenDescription=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(index, minPW, "minPWLen=", ;)
+
+        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "flags=",
+                                  if (tmp) { sftk_parseFlags(param,parsed); PORT_Free(tmp); tmp = NULL; })
+        NSSUTIL_HANDLE_STRING_ARG(index, tmp, "tokens=",
+                                  if (tmp) { sftk_parseTokens(tmp,parsed); PORT_Free(tmp); tmp = NULL; })
+        NSSUTIL_HANDLE_FINAL_ARG(index)
+    }
+    if (parsed->tokens == NULL) {
+        int count = isFIPS ? 1 : 2;
+        int index = count - 1;
+        sftk_token_parameters *tokens = NULL;
+
+        tokens = (sftk_token_parameters *)
+            PORT_ZAlloc(count * sizeof(sftk_token_parameters));
+        if (tokens == NULL) {
+            goto loser;
+        }
+        parsed->tokens = tokens;
+        parsed->token_count = count;
+        tokens[index].slotID = isFIPS ? FIPS_SLOT_ID : PRIVATE_KEY_SLOT_ID;
+        tokens[index].certPrefix = certPrefix;
+        tokens[index].keyPrefix = keyPrefix;
+        tokens[index].minPW = minPW ? atoi(minPW) : 0;
+        tokens[index].readOnly = parsed->readOnly;
+        tokens[index].noCertDB = parsed->noCertDB;
+        tokens[index].noKeyDB = parsed->noCertDB;
+        tokens[index].forceOpen = parsed->forceOpen;
+        tokens[index].pwRequired = parsed->pwRequired;
+        tokens[index].optimizeSpace = parsed->optimizeSpace;
+        tokens[0].optimizeSpace = parsed->optimizeSpace;
+        certPrefix = NULL;
+        keyPrefix = NULL;
+        if (isFIPS) {
+            tokens[index].tokdes = ftokdes;
+            tokens[index].updtokdes = pupdtokdes;
+            tokens[index].slotdes = fslotdes;
+            fslotdes = NULL;
+            ftokdes = NULL;
+            pupdtokdes = NULL;
+        } else {
+            tokens[index].tokdes = ptokdes;
+            tokens[index].updtokdes = pupdtokdes;
+            tokens[index].slotdes = pslotdes;
+            tokens[0].slotID = NETSCAPE_SLOT_ID;
+            tokens[0].tokdes = tokdes;
+            tokens[0].slotdes = slotdes;
+            tokens[0].noCertDB = PR_TRUE;
+            tokens[0].noKeyDB = PR_TRUE;
+            pupdtokdes = NULL;
+            ptokdes = NULL;
+            pslotdes = NULL;
+            tokdes = NULL;
+            slotdes = NULL;
+        }
+    }
+
+loser:
+    FREE_CLEAR(certPrefix);
+    FREE_CLEAR(keyPrefix);
+    FREE_CLEAR(tokdes);
+    FREE_CLEAR(ptokdes);
+    FREE_CLEAR(pupdtokdes);
+    FREE_CLEAR(slotdes);
+    FREE_CLEAR(pslotdes);
+    FREE_CLEAR(fslotdes);
+    FREE_CLEAR(ftokdes);
+    FREE_CLEAR(minPW);
+    return CKR_OK;
+}
+
+void
+sftk_freeParams(sftk_parameters *params)
+{
+    int i;
+
+    for (i = 0; i < params->token_count; i++) {
+        FREE_CLEAR(params->tokens[i].configdir);
+        FREE_CLEAR(params->tokens[i].certPrefix);
+        FREE_CLEAR(params->tokens[i].keyPrefix);
+        FREE_CLEAR(params->tokens[i].tokdes);
+        FREE_CLEAR(params->tokens[i].slotdes);
+        FREE_CLEAR(params->tokens[i].updatedir);
+        FREE_CLEAR(params->tokens[i].updCertPrefix);
+        FREE_CLEAR(params->tokens[i].updKeyPrefix);
+        FREE_CLEAR(params->tokens[i].updateID);
+        FREE_CLEAR(params->tokens[i].updtokdes);
+    }
+
+    FREE_CLEAR(params->configdir);
+    FREE_CLEAR(params->secmodName);
+    FREE_CLEAR(params->man);
+    FREE_CLEAR(params->libdes);
+    FREE_CLEAR(params->tokens);
+    FREE_CLEAR(params->updatedir);
+    FREE_CLEAR(params->updateID);
+}
diff --git a/nss/lib/softoken/sftkpars.h b/nss/lib/softoken/sftkpars.h
new file mode 100644
index 0000000..a7707fc
--- /dev/null
+++ b/nss/lib/softoken/sftkpars.h
@@ -0,0 +1,14 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "pkcs11i.h"
+#include "sftkdbt.h"
+
+/* parsing functions */
+char *sftk_argFetchValue(char *string, int *pcount);
+char *sftk_getSecmodName(char *param, SDBType *dbType, char **appName, char **filename, PRBool *rw);
+char *sftk_argStrip(char *c);
+CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS);
+void sftk_freeParams(sftk_parameters *params);
+const char *sftk_EvaluateConfigDir(const char *configdir, SDBType *dbType, char **app);
+char *sftk_argGetParamValue(char *paramName, char *parameters);
diff --git a/nss/lib/softoken/sftkpwd.c b/nss/lib/softoken/sftkpwd.c
new file mode 100644
index 0000000..0b8c91b
--- /dev/null
+++ b/nss/lib/softoken/sftkpwd.c
@@ -0,0 +1,1261 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ *  The following code handles the storage of PKCS 11 modules used by the
+ * NSS. For the rest of NSS, only one kind of database handle exists:
+ *
+ *     SFTKDBHandle
+ *
+ * There is one SFTKDBHandle for the each key database and one for each cert
+ * database. These databases are opened as associated pairs, one pair per
+ * slot. SFTKDBHandles are reference counted objects.
+ *
+ * Each SFTKDBHandle points to a low level database handle (SDB). This handle
+ * represents the underlying physical database. These objects are not
+ * reference counted, an are 'owned' by their respective SFTKDBHandles.
+ *
+ *
+ */
+#include "sftkdb.h"
+#include "sftkdbti.h"
+#include "pkcs11t.h"
+#include "pkcs11i.h"
+#include "sdb.h"
+#include "prprf.h"
+#include "secasn1.h"
+#include "pratom.h"
+#include "blapi.h"
+#include "secoid.h"
+#include "lowpbe.h"
+#include "secdert.h"
+#include "prsystem.h"
+#include "lgglue.h"
+#include "secerr.h"
+#include "softoken.h"
+
+/******************************************************************
+ *
+ * Key DB password handling functions
+ *
+ * These functions manage the key db password (set, reset, initialize, use).
+ *
+ * The key is managed on 'this side' of the database. All private data is
+ * encrypted before it is sent to the database itself. Besides PBE's, the
+ * database management code can also mix in various fixed keys so the data
+ * in the database is no longer considered 'plain text'.
+ */
+
+/* take string password and turn it into a key. The key is dependent
+ * on a global salt entry acquired from the database. This salted
+ * value will be based to a pkcs5 pbe function before it is used
+ * in an actual encryption */
+static SECStatus
+sftkdb_passwordToKey(SFTKDBHandle *keydb, SECItem *salt,
+                     const char *pw, SECItem *key)
+{
+    SHA1Context *cx = NULL;
+    SECStatus rv = SECFailure;
+
+    key->data = PORT_Alloc(SHA1_LENGTH);
+    if (key->data == NULL) {
+        goto loser;
+    }
+    key->len = SHA1_LENGTH;
+
+    cx = SHA1_NewContext();
+    if (cx == NULL) {
+        goto loser;
+    }
+    SHA1_Begin(cx);
+    if (salt && salt->data) {
+        SHA1_Update(cx, salt->data, salt->len);
+    }
+    SHA1_Update(cx, (unsigned char *)pw, PORT_Strlen(pw));
+    SHA1_End(cx, key->data, &key->len, key->len);
+    rv = SECSuccess;
+
+loser:
+    if (cx) {
+        SHA1_DestroyContext(cx, PR_TRUE);
+    }
+    if (rv != SECSuccess) {
+        if (key->data != NULL) {
+            PORT_ZFree(key->data, key->len);
+        }
+        key->data = NULL;
+    }
+    return rv;
+}
+
+/*
+ * Cipher text stored in the database contains 3 elements:
+ * 1) an identifier describing the encryption algorithm.
+ * 2) an entry specific salt value.
+ * 3) the encrypted value.
+ *
+ * The following data structure represents the encrypted data in a decoded
+ * (but still encrypted) form.
+ */
+typedef struct sftkCipherValueStr sftkCipherValue;
+struct sftkCipherValueStr {
+    PLArenaPool *arena;
+    SECOidTag alg;
+    NSSPKCS5PBEParameter *param;
+    SECItem salt;
+    SECItem value;
+};
+
+#define SFTK_CIPHERTEXT_VERSION 3
+
+struct SFTKDBEncryptedDataInfoStr {
+    SECAlgorithmID algorithm;
+    SECItem encryptedData;
+};
+typedef struct SFTKDBEncryptedDataInfoStr SFTKDBEncryptedDataInfo;
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+const SEC_ASN1Template sftkdb_EncryptedDataInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SFTKDBEncryptedDataInfo) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+      offsetof(SFTKDBEncryptedDataInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(SFTKDBEncryptedDataInfo, encryptedData) },
+    { 0 }
+};
+
+/*
+ * This parses the cipherText into cipher value. NOTE: cipherValue will point
+ * to data in cipherText, if cipherText is freed, cipherValue will be invalid.
+ */
+static SECStatus
+sftkdb_decodeCipherText(SECItem *cipherText, sftkCipherValue *cipherValue)
+{
+    PLArenaPool *arena = NULL;
+    SFTKDBEncryptedDataInfo edi;
+    SECStatus rv;
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return SECFailure;
+    }
+    cipherValue->arena = NULL;
+    cipherValue->param = NULL;
+
+    rv = SEC_QuickDERDecodeItem(arena, &edi, sftkdb_EncryptedDataInfoTemplate,
+                                cipherText);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    cipherValue->alg = SECOID_GetAlgorithmTag(&edi.algorithm);
+    cipherValue->param = nsspkcs5_AlgidToParam(&edi.algorithm);
+    if (cipherValue->param == NULL) {
+        goto loser;
+    }
+    cipherValue->value = edi.encryptedData;
+    cipherValue->arena = arena;
+
+    return SECSuccess;
+loser:
+    if (cipherValue->param) {
+        nsspkcs5_DestroyPBEParameter(cipherValue->param);
+        cipherValue->param = NULL;
+    }
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    return SECFailure;
+}
+
+/*
+ * unlike decode, Encode actually allocates a SECItem the caller must free
+ * The caller can pass an optional arena to to indicate where to place
+ * the resultant cipherText.
+ */
+static SECStatus
+sftkdb_encodeCipherText(PLArenaPool *arena, sftkCipherValue *cipherValue,
+                        SECItem **cipherText)
+{
+    SFTKDBEncryptedDataInfo edi;
+    SECAlgorithmID *algid;
+    SECStatus rv;
+    PLArenaPool *localArena = NULL;
+
+    localArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (localArena == NULL) {
+        return SECFailure;
+    }
+
+    algid = nsspkcs5_CreateAlgorithmID(localArena, cipherValue->alg,
+                                       cipherValue->param);
+    if (algid == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    rv = SECOID_CopyAlgorithmID(localArena, &edi.algorithm, algid);
+    SECOID_DestroyAlgorithmID(algid, PR_TRUE);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    edi.encryptedData = cipherValue->value;
+
+    *cipherText = SEC_ASN1EncodeItem(arena, NULL, &edi,
+                                     sftkdb_EncryptedDataInfoTemplate);
+    if (*cipherText == NULL) {
+        rv = SECFailure;
+    }
+
+loser:
+    if (localArena) {
+        PORT_FreeArena(localArena, PR_FALSE);
+    }
+
+    return rv;
+}
+
+/*
+ * Use our key to decode a cipherText block from the database.
+ *
+ * plain text is allocated by nsspkcs5_CipherData and must be freed
+ * with SECITEM_FreeItem by the caller.
+ */
+SECStatus
+sftkdb_DecryptAttribute(SECItem *passKey, SECItem *cipherText, SECItem **plain)
+{
+    SECStatus rv;
+    sftkCipherValue cipherValue;
+
+    /* First get the cipher type */
+    rv = sftkdb_decodeCipherText(cipherText, &cipherValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    *plain = nsspkcs5_CipherData(cipherValue.param, passKey, &cipherValue.value,
+                                 PR_FALSE, NULL);
+    if (*plain == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+loser:
+    if (cipherValue.param) {
+        nsspkcs5_DestroyPBEParameter(cipherValue.param);
+    }
+    if (cipherValue.arena) {
+        PORT_FreeArena(cipherValue.arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*
+ * encrypt a block. This function returned the encrypted ciphertext which
+ * the caller must free. If the caller provides an arena, cipherText will
+ * be allocated out of that arena. This also generated the per entry
+ * salt automatically.
+ */
+SECStatus
+sftkdb_EncryptAttribute(PLArenaPool *arena, SECItem *passKey,
+                        SECItem *plainText, SECItem **cipherText)
+{
+    SECStatus rv;
+    sftkCipherValue cipherValue;
+    SECItem *cipher = NULL;
+    NSSPKCS5PBEParameter *param = NULL;
+    unsigned char saltData[HASH_LENGTH_MAX];
+
+    cipherValue.alg = SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC;
+    cipherValue.salt.len = SHA1_LENGTH;
+    cipherValue.salt.data = saltData;
+    RNG_GenerateGlobalRandomBytes(saltData, cipherValue.salt.len);
+
+    param = nsspkcs5_NewParam(cipherValue.alg, HASH_AlgSHA1, &cipherValue.salt,
+                              1);
+    if (param == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    cipher = nsspkcs5_CipherData(param, passKey, plainText, PR_TRUE, NULL);
+    if (cipher == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    cipherValue.value = *cipher;
+    cipherValue.param = param;
+
+    rv = sftkdb_encodeCipherText(arena, &cipherValue, cipherText);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+loser:
+    if (cipher) {
+        SECITEM_FreeItem(cipher, PR_TRUE);
+    }
+    if (param) {
+        nsspkcs5_DestroyPBEParameter(param);
+    }
+    return rv;
+}
+
+/*
+ * use the password and the pbe parameters to generate an HMAC for the
+ * given plain text data. This is used by sftkdb_VerifyAttribute and
+ * sftkdb_SignAttribute. Signature is returned in signData. The caller
+ * must preallocate the space in the secitem.
+ */
+static SECStatus
+sftkdb_pbehash(SECOidTag sigOid, SECItem *passKey,
+               NSSPKCS5PBEParameter *param,
+               CK_OBJECT_HANDLE objectID, CK_ATTRIBUTE_TYPE attrType,
+               SECItem *plainText, SECItem *signData)
+{
+    SECStatus rv = SECFailure;
+    SECItem *key = NULL;
+    HMACContext *hashCx = NULL;
+    HASH_HashType hashType = HASH_AlgNULL;
+    const SECHashObject *hashObj;
+    unsigned char addressData[SDB_ULONG_SIZE];
+
+    hashType = HASH_FromHMACOid(param->encAlg);
+    if (hashType == HASH_AlgNULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    hashObj = HASH_GetRawHashObject(hashType);
+    if (hashObj == NULL) {
+        goto loser;
+    }
+
+    key = nsspkcs5_ComputeKeyAndIV(param, passKey, NULL, PR_FALSE);
+    if (!key) {
+        goto loser;
+    }
+
+    hashCx = HMAC_Create(hashObj, key->data, key->len, PR_TRUE);
+    if (!hashCx) {
+        goto loser;
+    }
+    HMAC_Begin(hashCx);
+    /* Tie this value to a particular object. This is most important for
+     * the trust attributes, where and attacker could copy a value for
+     * 'validCA' from another cert in the database */
+    sftk_ULong2SDBULong(addressData, objectID);
+    HMAC_Update(hashCx, addressData, SDB_ULONG_SIZE);
+    sftk_ULong2SDBULong(addressData, attrType);
+    HMAC_Update(hashCx, addressData, SDB_ULONG_SIZE);
+
+    HMAC_Update(hashCx, plainText->data, plainText->len);
+    rv = HMAC_Finish(hashCx, signData->data, &signData->len, signData->len);
+
+loser:
+    if (hashCx) {
+        HMAC_Destroy(hashCx, PR_TRUE);
+    }
+    if (key) {
+        SECITEM_FreeItem(key, PR_TRUE);
+    }
+    return rv;
+}
+
+/*
+ * Use our key to verify a signText block from the database matches
+ * the plainText from the database. The signText is a PKCS 5 v2 pbe.
+ * plainText is the plainText of the attribute.
+ */
+SECStatus
+sftkdb_VerifyAttribute(SECItem *passKey, CK_OBJECT_HANDLE objectID,
+                       CK_ATTRIBUTE_TYPE attrType,
+                       SECItem *plainText, SECItem *signText)
+{
+    SECStatus rv;
+    sftkCipherValue signValue;
+    SECItem signature;
+    unsigned char signData[HASH_LENGTH_MAX];
+
+    /* First get the cipher type */
+    rv = sftkdb_decodeCipherText(signText, &signValue);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    signature.data = signData;
+    signature.len = sizeof(signData);
+
+    rv = sftkdb_pbehash(signValue.alg, passKey, signValue.param,
+                        objectID, attrType, plainText, &signature);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    if (SECITEM_CompareItem(&signValue.value, &signature) != 0) {
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+        rv = SECFailure;
+    }
+
+loser:
+    if (signValue.param) {
+        nsspkcs5_DestroyPBEParameter(signValue.param);
+    }
+    if (signValue.arena) {
+        PORT_FreeArena(signValue.arena, PR_FALSE);
+    }
+    return rv;
+}
+
+/*
+ * Use our key to create a signText block the plain text of an
+ * attribute. The signText is a PKCS 5 v2 pbe.
+ */
+SECStatus
+sftkdb_SignAttribute(PLArenaPool *arena, SECItem *passKey,
+                     CK_OBJECT_HANDLE objectID, CK_ATTRIBUTE_TYPE attrType,
+                     SECItem *plainText, SECItem **signature)
+{
+    SECStatus rv;
+    sftkCipherValue signValue;
+    NSSPKCS5PBEParameter *param = NULL;
+    unsigned char saltData[HASH_LENGTH_MAX];
+    unsigned char signData[HASH_LENGTH_MAX];
+    SECOidTag hmacAlg = SEC_OID_HMAC_SHA256; /* hash for authentication */
+    SECOidTag prfAlg = SEC_OID_HMAC_SHA256;  /* hash for pb key generation */
+    HASH_HashType prfType;
+    unsigned int hmacLength;
+    unsigned int prfLength;
+
+    /* this code allows us to fetch the lengths and hashes on the fly
+     * by simply changing the OID above */
+    prfType = HASH_FromHMACOid(prfAlg);
+    PORT_Assert(prfType != HASH_AlgNULL);
+    prfLength = HASH_GetRawHashObject(prfType)->length;
+    PORT_Assert(prfLength <= HASH_LENGTH_MAX);
+
+    hmacLength = HASH_GetRawHashObject(HASH_FromHMACOid(hmacAlg))->length;
+    PORT_Assert(hmacLength <= HASH_LENGTH_MAX);
+
+    /* initialize our CipherValue structure */
+    signValue.alg = SEC_OID_PKCS5_PBMAC1;
+    signValue.salt.len = prfLength;
+    signValue.salt.data = saltData;
+    signValue.value.data = signData;
+    signValue.value.len = hmacLength;
+    RNG_GenerateGlobalRandomBytes(saltData, prfLength);
+
+    /* initialize our pkcs5 parameter */
+    param = nsspkcs5_NewParam(signValue.alg, HASH_AlgSHA1, &signValue.salt, 1);
+    if (param == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    param->keyID = pbeBitGenIntegrityKey;
+    /* set the PKCS 5 v2 parameters, not extractable from the
+     * data passed into nsspkcs5_NewParam */
+    param->encAlg = hmacAlg;
+    param->hashType = prfType;
+    param->keyLen = hmacLength;
+    rv = SECOID_SetAlgorithmID(param->poolp, &param->prfAlg, prfAlg, NULL);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* calculate the mac */
+    rv = sftkdb_pbehash(signValue.alg, passKey, param, objectID, attrType,
+                        plainText, &signValue.value);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    signValue.param = param;
+
+    /* write it out */
+    rv = sftkdb_encodeCipherText(arena, &signValue, signature);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+loser:
+    if (param) {
+        nsspkcs5_DestroyPBEParameter(param);
+    }
+    return rv;
+}
+
+/*
+ * safely swith the passed in key for the one caches in the keydb handle
+ *
+ * A key attached to the handle tells us the the token is logged in.
+ * We can used the key attached to the handle in sftkdb_EncryptAttribute
+ *  and sftkdb_DecryptAttribute calls.
+ */
+static void
+sftkdb_switchKeys(SFTKDBHandle *keydb, SECItem *passKey)
+{
+    unsigned char *data;
+    int len;
+
+    if (keydb->passwordLock == NULL) {
+        PORT_Assert(keydb->type != SFTK_KEYDB_TYPE);
+        return;
+    }
+
+    /* an atomic pointer set would be nice */
+    SKIP_AFTER_FORK(PZ_Lock(keydb->passwordLock));
+    data = keydb->passwordKey.data;
+    len = keydb->passwordKey.len;
+    keydb->passwordKey.data = passKey->data;
+    keydb->passwordKey.len = passKey->len;
+    passKey->data = data;
+    passKey->len = len;
+    SKIP_AFTER_FORK(PZ_Unlock(keydb->passwordLock));
+}
+
+/*
+ * returns true if we are in a middle of a merge style update.
+ */
+PRBool
+sftkdb_InUpdateMerge(SFTKDBHandle *keydb)
+{
+    return keydb->updateID ? PR_TRUE : PR_FALSE;
+}
+
+/*
+ * returns true if we are looking for the password for the user's old source
+ * database as part of a merge style update.
+ */
+PRBool
+sftkdb_NeedUpdateDBPassword(SFTKDBHandle *keydb)
+{
+    if (!sftkdb_InUpdateMerge(keydb)) {
+        return PR_FALSE;
+    }
+    if (keydb->updateDBIsInit && !keydb->updatePasswordKey) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+/*
+ * fetch an update password key from a handle.
+ */
+SECItem *
+sftkdb_GetUpdatePasswordKey(SFTKDBHandle *handle)
+{
+    SECItem *key = NULL;
+
+    /* if we're a cert db, fetch it from our peer key db */
+    if (handle->type == SFTK_CERTDB_TYPE) {
+        handle = handle->peerDB;
+    }
+
+    /* don't have one */
+    if (!handle) {
+        return NULL;
+    }
+
+    PZ_Lock(handle->passwordLock);
+    if (handle->updatePasswordKey) {
+        key = SECITEM_DupItem(handle->updatePasswordKey);
+    }
+    PZ_Unlock(handle->passwordLock);
+
+    return key;
+}
+
+/*
+ * free the update password key from a handle.
+ */
+void
+sftkdb_FreeUpdatePasswordKey(SFTKDBHandle *handle)
+{
+    SECItem *key = NULL;
+
+    /* don't have one */
+    if (!handle) {
+        return;
+    }
+
+    /* if we're a cert db, we don't have one */
+    if (handle->type == SFTK_CERTDB_TYPE) {
+        return;
+    }
+
+    PZ_Lock(handle->passwordLock);
+    if (handle->updatePasswordKey) {
+        key = handle->updatePasswordKey;
+        handle->updatePasswordKey = NULL;
+    }
+    PZ_Unlock(handle->passwordLock);
+
+    if (key) {
+        SECITEM_ZfreeItem(key, PR_TRUE);
+    }
+
+    return;
+}
+
+/*
+ * what password db we use depends heavily on the update state machine
+ *
+ *  1) no update db, return the normal database.
+ *  2) update db and no merge return the update db.
+ *  3) update db and in merge:
+ *      return the update db if we need the update db's password,
+ *      otherwise return our normal datbase.
+ */
+static SDB *
+sftk_getPWSDB(SFTKDBHandle *keydb)
+{
+    if (!keydb->update) {
+        return keydb->db;
+    }
+    if (!sftkdb_InUpdateMerge(keydb)) {
+        return keydb->update;
+    }
+    if (sftkdb_NeedUpdateDBPassword(keydb)) {
+        return keydb->update;
+    }
+    return keydb->db;
+}
+
+/*
+ * return success if we have a valid password entry.
+ * This is will show up outside of PKCS #11 as CKF_USER_PIN_INIT
+ * in the token flags.
+ */
+SECStatus
+sftkdb_HasPasswordSet(SFTKDBHandle *keydb)
+{
+    SECItem salt, value;
+    unsigned char saltData[SDB_MAX_META_DATA_LEN];
+    unsigned char valueData[SDB_MAX_META_DATA_LEN];
+    CK_RV crv;
+    SDB *db;
+
+    if (keydb == NULL) {
+        return SECFailure;
+    }
+
+    db = sftk_getPWSDB(keydb);
+    if (db == NULL) {
+        return SECFailure;
+    }
+
+    salt.data = saltData;
+    salt.len = sizeof(saltData);
+    value.data = valueData;
+    value.len = sizeof(valueData);
+    crv = (*db->sdb_GetMetaData)(db, "password", &salt, &value);
+
+    /* If no password is set, we can update right away */
+    if (((keydb->db->sdb_flags & SDB_RDONLY) == 0) && keydb->update && crv != CKR_OK) {
+        /* update the peer certdb if it exists */
+        if (keydb->peerDB) {
+            sftkdb_Update(keydb->peerDB, NULL);
+        }
+        sftkdb_Update(keydb, NULL);
+    }
+    return (crv == CKR_OK) ? SECSuccess : SECFailure;
+}
+
+#define SFTK_PW_CHECK_STRING "password-check"
+#define SFTK_PW_CHECK_LEN 14
+
+/*
+ * check if the supplied password is valid
+ */
+SECStatus
+sftkdb_CheckPassword(SFTKDBHandle *keydb, const char *pw, PRBool *tokenRemoved)
+{
+    SECStatus rv;
+    SECItem salt, value;
+    unsigned char saltData[SDB_MAX_META_DATA_LEN];
+    unsigned char valueData[SDB_MAX_META_DATA_LEN];
+    SECItem key;
+    SECItem *result = NULL;
+    SDB *db;
+    CK_RV crv;
+
+    if (keydb == NULL) {
+        return SECFailure;
+    }
+
+    db = sftk_getPWSDB(keydb);
+    if (db == NULL) {
+        return SECFailure;
+    }
+
+    key.data = NULL;
+    key.len = 0;
+
+    if (pw == NULL)
+        pw = "";
+
+    /* get the entry from the database */
+    salt.data = saltData;
+    salt.len = sizeof(saltData);
+    value.data = valueData;
+    value.len = sizeof(valueData);
+    crv = (*db->sdb_GetMetaData)(db, "password", &salt, &value);
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* get our intermediate key based on the entry salt value */
+    rv = sftkdb_passwordToKey(keydb, &salt, pw, &key);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /* decrypt the entry value */
+    rv = sftkdb_DecryptAttribute(&key, &value, &result);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /* if it's what we expect, update our key in the database handle and
+     * return Success */
+    if ((result->len == SFTK_PW_CHECK_LEN) &&
+        PORT_Memcmp(result->data, SFTK_PW_CHECK_STRING, SFTK_PW_CHECK_LEN) == 0) {
+        /*
+         * We have a password, now lets handle any potential update cases..
+         *
+         * First, the normal case: no update. In this case we only need the
+         *  the password for our only DB, which we now have, we switch
+         *  the keys and fall through.
+         * Second regular (non-merge) update: The target DB does not yet have
+         *  a password initialized, we now have the password for the source DB,
+         *  so we can switch the keys and simply update the target database.
+         * Merge update case: This one is trickier.
+         *   1) If we need the source DB password, then we just got it here.
+         *       We need to save that password,
+         *       then we need to check to see if we need or have the target
+         *         database password.
+         *       If we have it (it's the same as the source), or don't need
+         *         it (it's not set or is ""), we can start the update now.
+         *       If we don't have it, we need the application to get it from
+         *         the user. Clear our sessions out to simulate a token
+         *         removal. C_GetTokenInfo will change the token description
+         *         and the token will still appear to be logged out.
+         *   2) If we already have the source DB  password, this password is
+         *         for the target database. We can now move forward with the
+         *         update, as we now have both required passwords.
+         *
+         */
+        PZ_Lock(keydb->passwordLock);
+        if (sftkdb_NeedUpdateDBPassword(keydb)) {
+            /* Squirrel this special key away.
+             * This has the side effect of turning sftkdb_NeedLegacyPW off,
+             * as well as changing which database is returned from
+             * SFTK_GET_PW_DB (thus effecting both sftkdb_CheckPassword()
+             * and sftkdb_HasPasswordSet()) */
+            keydb->updatePasswordKey = SECITEM_DupItem(&key);
+            PZ_Unlock(keydb->passwordLock);
+            if (keydb->updatePasswordKey == NULL) {
+                /* PORT_Error set by SECITEM_DupItem */
+                rv = SECFailure;
+                goto done;
+            }
+
+            /* Simulate a token removal -- we need to do this any
+             * any case at this point so the token name is correct. */
+            *tokenRemoved = PR_TRUE;
+
+            /*
+             * OK, we got the update DB password, see if we need a password
+             * for the target...
+             */
+            if (sftkdb_HasPasswordSet(keydb) == SECSuccess) {
+                /* We have a password, do we know what the password is?
+                 *  check 1) for the password the user supplied for the
+                 *           update DB,
+                 *    and 2) for the null password.
+                 *
+                 * RECURSION NOTE: we are calling ourselves here. This means
+                 *  any updates, switchKeys, etc will have been completed
+                 *  if these functions return successfully, in those cases
+                 *  just exit returning Success. We don't recurse infinitely
+                 *  because we are making this call from a NeedUpdateDBPassword
+                 *  block and we've already set that update password at this
+                 *  point.  */
+                rv = sftkdb_CheckPassword(keydb, pw, tokenRemoved);
+                if (rv == SECSuccess) {
+                    /* source and target databases have the same password, we
+                     * are good to go */
+                    goto done;
+                }
+                sftkdb_CheckPassword(keydb, "", tokenRemoved);
+
+                /*
+                 * Important 'NULL' code here. At this point either we
+                 * succeeded in logging in with "" or we didn't.
+                 *
+                 *  If we did succeed at login, our machine state will be set
+                 * to logged in appropriately. The application will find that
+                 * it's logged in as soon as it opens a new session. We have
+                 * also completed the update. Life is good.
+                 *
+                 *  If we did not succeed, well the user still successfully
+                 * logged into the update database, since we faked the token
+                 * removal it's just like the user logged into his smart card
+                 * then removed it. the actual login work, so we report that
+                 * success back to the user, but we won't actually be
+                 * logged in. The application will find this out when it
+                 * checks it's login state, thus triggering another password
+                 * prompt so we can get the real target DB password.
+                 *
+                 * summary, we exit from here with SECSuccess no matter what.
+                 */
+                rv = SECSuccess;
+                goto done;
+            } else {
+                /* there is no password, just fall through to update.
+                 * update will write the source DB's password record
+                 * into the target DB just like it would in a non-merge
+                 * update case. */
+            }
+        } else {
+            PZ_Unlock(keydb->passwordLock);
+        }
+        /* load the keys, so the keydb can parse it's key set */
+        sftkdb_switchKeys(keydb, &key);
+
+        /* we need to update, do it now */
+        if (((keydb->db->sdb_flags & SDB_RDONLY) == 0) && keydb->update) {
+            /* update the peer certdb if it exists */
+            if (keydb->peerDB) {
+                sftkdb_Update(keydb->peerDB, &key);
+            }
+            sftkdb_Update(keydb, &key);
+        }
+    } else {
+        rv = SECFailure;
+        /*PORT_SetError( bad password); */
+    }
+
+done:
+    if (key.data) {
+        PORT_ZFree(key.data, key.len);
+    }
+    if (result) {
+        SECITEM_FreeItem(result, PR_TRUE);
+    }
+    return rv;
+}
+
+/*
+ * return Success if the there is a cached password key.
+ */
+SECStatus
+sftkdb_PWCached(SFTKDBHandle *keydb)
+{
+    return keydb->passwordKey.data ? SECSuccess : SECFailure;
+}
+
+static CK_RV
+sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
+                CK_OBJECT_HANDLE id, SECItem *newKey)
+{
+    CK_ATTRIBUTE authAttrs[] = {
+        { CKA_MODULUS, NULL, 0 },
+        { CKA_PUBLIC_EXPONENT, NULL, 0 },
+        { CKA_CERT_SHA1_HASH, NULL, 0 },
+        { CKA_CERT_MD5_HASH, NULL, 0 },
+        { CKA_TRUST_SERVER_AUTH, NULL, 0 },
+        { CKA_TRUST_CLIENT_AUTH, NULL, 0 },
+        { CKA_TRUST_EMAIL_PROTECTION, NULL, 0 },
+        { CKA_TRUST_CODE_SIGNING, NULL, 0 },
+        { CKA_TRUST_STEP_UP_APPROVED, NULL, 0 },
+        { CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0 },
+    };
+    CK_ULONG authAttrCount = sizeof(authAttrs) / sizeof(CK_ATTRIBUTE);
+    unsigned int i, count;
+    SFTKDBHandle *keyHandle = handle;
+    SDB *keyTarget = NULL;
+
+    id &= SFTK_OBJ_ID_MASK;
+
+    if (handle->type != SFTK_KEYDB_TYPE) {
+        keyHandle = handle->peerDB;
+    }
+
+    if (keyHandle == NULL) {
+        return CKR_OK;
+    }
+
+    /* old DB's don't have meta data, finished with MACs */
+    keyTarget = SFTK_GET_SDB(keyHandle);
+    if ((keyTarget->sdb_flags & SDB_HAS_META) == 0) {
+        return CKR_OK;
+    }
+
+    /*
+     * STEP 1: find the MACed attributes of this object
+     */
+    (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
+    count = 0;
+    /* allocate space for the attributes */
+    for (i = 0; i < authAttrCount; i++) {
+        if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)) {
+            continue;
+        }
+        count++;
+        authAttrs[i].pValue = PORT_ArenaAlloc(arena, authAttrs[i].ulValueLen);
+        if (authAttrs[i].pValue == NULL) {
+            break;
+        }
+    }
+
+    /* if count was zero, none were found, finished with MACs */
+    if (count == 0) {
+        return CKR_OK;
+    }
+
+    (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
+    /* ignore error code, we expect some possible errors */
+
+    /* GetAttributeValue just verified the old macs, safe to write
+     * them out then... */
+    for (i = 0; i < authAttrCount; i++) {
+        SECItem *signText;
+        SECItem plainText;
+        SECStatus rv;
+
+        if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)) {
+            continue;
+        }
+
+        plainText.data = authAttrs[i].pValue;
+        plainText.len = authAttrs[i].ulValueLen;
+        rv = sftkdb_SignAttribute(arena, newKey, id,
+                                  authAttrs[i].type, &plainText, &signText);
+        if (rv != SECSuccess) {
+            return CKR_GENERAL_ERROR;
+        }
+        rv = sftkdb_PutAttributeSignature(handle, keyTarget, id,
+                                          authAttrs[i].type, signText);
+        if (rv != SECSuccess) {
+            return CKR_GENERAL_ERROR;
+        }
+    }
+
+    return CKR_OK;
+}
+
+static CK_RV
+sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb,
+                     CK_OBJECT_HANDLE id, SECItem *newKey)
+{
+    CK_RV crv = CKR_OK;
+    CK_RV crv2;
+    CK_ATTRIBUTE *first, *last;
+    CK_ATTRIBUTE privAttrs[] = {
+        { CKA_VALUE, NULL, 0 },
+        { CKA_PRIVATE_EXPONENT, NULL, 0 },
+        { CKA_PRIME_1, NULL, 0 },
+        { CKA_PRIME_2, NULL, 0 },
+        { CKA_EXPONENT_1, NULL, 0 },
+        { CKA_EXPONENT_2, NULL, 0 },
+        { CKA_COEFFICIENT, NULL, 0 }
+    };
+    CK_ULONG privAttrCount = sizeof(privAttrs) / sizeof(CK_ATTRIBUTE);
+    unsigned int i, count;
+
+    /*
+     * STEP 1. Read the old attributes in the clear.
+     */
+
+    /* Get the attribute sizes.
+     *  ignore the error code, we will have unknown attributes here */
+    crv2 = sftkdb_GetAttributeValue(keydb, id, privAttrs, privAttrCount);
+
+    /*
+     * find the valid block of attributes and fill allocate space for
+     * their data */
+    first = last = NULL;
+    for (i = 0; i < privAttrCount; i++) {
+        /* find the block of attributes that are appropriate for this
+          * objects. There should only be once contiguous block, if not
+          * there's an error.
+          *
+          * find the first and last good entry.
+          */
+        if ((privAttrs[i].ulValueLen == -1) || (privAttrs[i].ulValueLen == 0)) {
+            if (!first)
+                continue;
+            if (!last) {
+                /* previous entry was last good entry */
+                last = &privAttrs[i - 1];
+            }
+            continue;
+        }
+        if (!first) {
+            first = &privAttrs[i];
+        }
+        if (last) {
+            /* OOPS, we've found another good entry beyond the end of the
+             * last good entry, we need to fail here. */
+            crv = CKR_GENERAL_ERROR;
+            break;
+        }
+        privAttrs[i].pValue = PORT_ArenaAlloc(arena, privAttrs[i].ulValueLen);
+        if (privAttrs[i].pValue == NULL) {
+            crv = CKR_HOST_MEMORY;
+            break;
+        }
+    }
+    if (first == NULL) {
+        /* no valid entries found, return error based on crv2 */
+        return crv2;
+    }
+    if (last == NULL) {
+        last = &privAttrs[privAttrCount - 1];
+    }
+    if (crv != CKR_OK) {
+        return crv;
+    }
+    /* read the attributes */
+    count = (last - first) + 1;
+    crv = sftkdb_GetAttributeValue(keydb, id, first, count);
+    if (crv != CKR_OK) {
+        return crv;
+    }
+
+    /*
+     * STEP 2: read the encrypt the attributes with the new key.
+     */
+    for (i = 0; i < count; i++) {
+        SECItem plainText;
+        SECItem *result;
+        SECStatus rv;
+
+        plainText.data = first[i].pValue;
+        plainText.len = first[i].ulValueLen;
+        rv = sftkdb_EncryptAttribute(arena, newKey, &plainText, &result);
+        if (rv != SECSuccess) {
+            return CKR_GENERAL_ERROR;
+        }
+        first[i].pValue = result->data;
+        first[i].ulValueLen = result->len;
+        /* clear our sensitive data out */
+        PORT_Memset(plainText.data, 0, plainText.len);
+    }
+
+    /*
+     * STEP 3: write the newly encrypted attributes out directly
+     */
+    id &= SFTK_OBJ_ID_MASK;
+    keydb->newKey = newKey;
+    crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, id, first, count);
+    keydb->newKey = NULL;
+
+    return crv;
+}
+
+static CK_RV
+sftk_convertAttributes(SFTKDBHandle *handle,
+                       CK_OBJECT_HANDLE id, SECItem *newKey)
+{
+    CK_RV crv = CKR_OK;
+    PLArenaPool *arena = NULL;
+
+    /* get a new arena to simplify cleanup */
+    arena = PORT_NewArena(1024);
+    if (!arena) {
+        return CKR_HOST_MEMORY;
+    }
+
+    /*
+     * first handle the MACS
+     */
+    crv = sftk_updateMacs(arena, handle, id, newKey);
+    if (crv != CKR_OK) {
+        goto loser;
+    }
+
+    if (handle->type == SFTK_KEYDB_TYPE) {
+        crv = sftk_updateEncrypted(arena, handle, id, newKey);
+        if (crv != CKR_OK) {
+            goto loser;
+        }
+    }
+
+    /* free up our mess */
+    /* NOTE: at this point we know we've cleared out any unencrypted data */
+    PORT_FreeArena(arena, PR_FALSE);
+    return CKR_OK;
+
+loser:
+    /* there may be unencrypted data, clear it out down */
+    PORT_FreeArena(arena, PR_TRUE);
+    return crv;
+}
+
+/*
+ * must be called with the old key active.
+ */
+CK_RV
+sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template,
+                      CK_ULONG count, SECItem *newKey)
+{
+    SDBFind *find = NULL;
+    CK_ULONG idCount = SFTK_MAX_IDS;
+    CK_OBJECT_HANDLE ids[SFTK_MAX_IDS];
+    CK_RV crv, crv2;
+    unsigned int i;
+
+    crv = sftkdb_FindObjectsInit(handle, template, count, &find);
+
+    if (crv != CKR_OK) {
+        return crv;
+    }
+    while ((crv == CKR_OK) && (idCount == SFTK_MAX_IDS)) {
+        crv = sftkdb_FindObjects(handle, find, ids, SFTK_MAX_IDS, &idCount);
+        for (i = 0; (crv == CKR_OK) && (i < idCount); i++) {
+            crv = sftk_convertAttributes(handle, ids[i], newKey);
+        }
+    }
+    crv2 = sftkdb_FindObjectsFinal(handle, find);
+    if (crv == CKR_OK)
+        crv = crv2;
+
+    return crv;
+}
+
+/*
+ * change the database password.
+ */
+SECStatus
+sftkdb_ChangePassword(SFTKDBHandle *keydb,
+                      char *oldPin, char *newPin, PRBool *tokenRemoved)
+{
+    SECStatus rv = SECSuccess;
+    SECItem plainText;
+    SECItem newKey;
+    SECItem *result = NULL;
+    SECItem salt, value;
+    SFTKDBHandle *certdb;
+    unsigned char saltData[SDB_MAX_META_DATA_LEN];
+    unsigned char valueData[SDB_MAX_META_DATA_LEN];
+    CK_RV crv;
+    SDB *db;
+
+    if (keydb == NULL) {
+        return SECFailure;
+    }
+
+    db = SFTK_GET_SDB(keydb);
+    if (db == NULL) {
+        return SECFailure;
+    }
+
+    newKey.data = NULL;
+
+    /* make sure we have a valid old pin */
+    crv = (*keydb->db->sdb_Begin)(keydb->db);
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
+    }
+    salt.data = saltData;
+    salt.len = sizeof(saltData);
+    value.data = valueData;
+    value.len = sizeof(valueData);
+    crv = (*db->sdb_GetMetaData)(db, "password", &salt, &value);
+    if (crv == CKR_OK) {
+        rv = sftkdb_CheckPassword(keydb, oldPin, tokenRemoved);
+        if (rv == SECFailure) {
+            goto loser;
+        }
+    } else {
+        salt.len = SHA1_LENGTH;
+        RNG_GenerateGlobalRandomBytes(salt.data, salt.len);
+    }
+
+    rv = sftkdb_passwordToKey(keydb, &salt, newPin, &newKey);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * convert encrypted entries here.
+     */
+    crv = sftkdb_convertObjects(keydb, NULL, 0, &newKey);
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
+    }
+    /* fix up certdb macs */
+    certdb = keydb->peerDB;
+    if (certdb) {
+        CK_ATTRIBUTE objectType = { CKA_CLASS, 0, sizeof(CK_OBJECT_CLASS) };
+        CK_OBJECT_CLASS myClass = CKO_NETSCAPE_TRUST;
+
+        objectType.pValue = &myClass;
+        crv = sftkdb_convertObjects(certdb, &objectType, 1, &newKey);
+        if (crv != CKR_OK) {
+            rv = SECFailure;
+            goto loser;
+        }
+        myClass = CKO_PUBLIC_KEY;
+        crv = sftkdb_convertObjects(certdb, &objectType, 1, &newKey);
+        if (crv != CKR_OK) {
+            rv = SECFailure;
+            goto loser;
+        }
+    }
+
+    plainText.data = (unsigned char *)SFTK_PW_CHECK_STRING;
+    plainText.len = SFTK_PW_CHECK_LEN;
+
+    rv = sftkdb_EncryptAttribute(NULL, &newKey, &plainText, &result);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    value.data = result->data;
+    value.len = result->len;
+    crv = (*keydb->db->sdb_PutMetaData)(keydb->db, "password", &salt, &value);
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
+    }
+    crv = (*keydb->db->sdb_Commit)(keydb->db);
+    if (crv != CKR_OK) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    keydb->newKey = NULL;
+
+    sftkdb_switchKeys(keydb, &newKey);
+
+loser:
+    if (newKey.data) {
+        PORT_ZFree(newKey.data, newKey.len);
+    }
+    if (result) {
+        SECITEM_FreeItem(result, PR_TRUE);
+    }
+    if (rv != SECSuccess) {
+        (*keydb->db->sdb_Abort)(keydb->db);
+    }
+
+    return rv;
+}
+
+/*
+ * lose our cached password
+ */
+SECStatus
+sftkdb_ClearPassword(SFTKDBHandle *keydb)
+{
+    SECItem oldKey;
+    oldKey.data = NULL;
+    oldKey.len = 0;
+    sftkdb_switchKeys(keydb, &oldKey);
+    if (oldKey.data) {
+        PORT_ZFree(oldKey.data, oldKey.len);
+    }
+    return SECSuccess;
+}
diff --git a/nss/lib/softoken/softkver.c b/nss/lib/softoken/softkver.c
new file mode 100644
index 0000000..3f20fad
--- /dev/null
+++ b/nss/lib/softoken/softkver.c
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Library identity and versioning */
+
+#include "softkver.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_softokn_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING;
diff --git a/nss/lib/softoken/softkver.h b/nss/lib/softoken/softkver.h
new file mode 100644
index 0000000..688ac05
--- /dev/null
+++ b/nss/lib/softoken/softkver.h
@@ -0,0 +1,31 @@
+/*
+ * Softoken version numbers
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SOFTKVER_H_
+#define _SOFTKVER_H_
+
+#ifndef NSS_DISABLE_ECC
+#define SOFTOKEN_ECC_STRING " Basic ECC"
+#else
+#define SOFTOKEN_ECC_STRING ""
+#endif
+
+/*
+ * Softoken's major version, minor version, patch level, build number,
+ * and whether this is a beta release.
+ *
+ * The format of the version string should be
+ *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
+ */
+#define SOFTOKEN_VERSION "3.30.1" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VMAJOR 3
+#define SOFTOKEN_VMINOR 30
+#define SOFTOKEN_VPATCH 1
+#define SOFTOKEN_VBUILD 0
+#define SOFTOKEN_BETA PR_FALSE
+
+#endif /* _SOFTKVER_H_ */
diff --git a/nss/lib/softoken/softoken.gyp b/nss/lib/softoken/softoken.gyp
new file mode 100644
index 0000000..f32bacf
--- /dev/null
+++ b/nss/lib/softoken/softoken.gyp
@@ -0,0 +1,101 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'softokn_static',
+      'type': 'static_library',
+      'defines': [
+        'NSS_TEST_BUILD',
+      ],
+      'dependencies': [
+        'softokn_base',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl_static',
+      ],
+      'conditions': [
+        [ 'use_system_sqlite==1', {
+          'dependencies': [
+            '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+          ],
+        }, {
+          'dependencies': [
+            '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite',
+          ],
+        }],
+      ],
+    },
+    {
+      'target_name': 'softokn',
+      'type': 'static_library',
+      'dependencies': [
+        'softokn_base',
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+      ]
+    },
+    {
+      'target_name': 'softokn_base',
+      'type': 'none',
+      'direct_dependent_settings': {
+        'sources': [
+          'fipsaudt.c',
+          'fipstest.c',
+          'fipstokn.c',
+          'jpakesftk.c',
+          'lgglue.c',
+          'lowkey.c',
+          'lowpbe.c',
+          'padbuf.c',
+          'pkcs11.c',
+          'pkcs11c.c',
+          'pkcs11u.c',
+          'sdb.c',
+          'sftkdb.c',
+          'sftkhmac.c',
+          'sftkpars.c',
+          'sftkpwd.c',
+          'softkver.c',
+          'tlsprf.c'
+        ],
+      },
+    },
+    {
+      'target_name': 'softokn3',
+      'type': 'shared_library',
+      'dependencies': [
+        'softokn',
+      ],
+      'conditions': [
+        [ 'moz_fold_libs==0', {
+          'dependencies': [
+            '<(DEPTH)/lib/util/util.gyp:nssutil3',
+          ],
+        }, {
+          'libraries': [
+            '<(moz_folded_library_name)',
+          ],
+        }],
+      ],
+      'variables': {
+        'mapfile': 'softokn.def'
+      }
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'SHLIB_SUFFIX=\"<(dll_suffix)\"',
+      'SHLIB_PREFIX=\"<(dll_prefix)\"',
+      'SOFTOKEN_LIB_NAME=\"libsoftokn3.so\"',
+      'SHLIB_VERSION=\"3\"'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/softoken/softoken.h b/nss/lib/softoken/softoken.h
new file mode 100644
index 0000000..8a47fb7
--- /dev/null
+++ b/nss/lib/softoken/softoken.h
@@ -0,0 +1,265 @@
+/*
+ * softoken.h - private data structures and prototypes for the softoken lib
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SOFTOKEN_H_
+#define _SOFTOKEN_H_
+
+#include "blapi.h"
+#include "lowkeyti.h"
+#include "softoknt.h"
+#include "secoidt.h"
+
+#include "pkcs11t.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * Convenience wrapper for doing a single PKCS#1 v1.5 RSA operations where the
+ * encoded digest info is computed internally, rather than by the caller.
+ *
+ * The HashSign variants expect as input the value of H, the computed hash
+ * from RFC 3447, Section 9.2, Step 1, and will compute the DER-encoded
+ * DigestInfo structure internally prior to signing/verifying.
+ */
+extern SECStatus
+RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
+             unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
+             const unsigned char *hash, unsigned int hashLen);
+
+extern SECStatus
+RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
+                  const unsigned char *sig, unsigned int sigLen,
+                  const unsigned char *hash, unsigned int hashLen);
+
+/*
+** Prepare a buffer for padded CBC encryption, growing to the appropriate
+** boundary, filling with the appropriate padding.
+**
+** blockSize must be a power of 2.
+**
+** We add from 1 to blockSize bytes -- we *always* grow.
+** The extra bytes contain the value of the length of the padding:
+** if we have 2 bytes of padding, then the padding is "0x02, 0x02".
+**
+** NOTE: If arena is non-NULL, we re-allocate from there, otherwise
+** we assume (and use) PR memory (re)allocation.
+*/
+extern unsigned char *CBC_PadBuffer(PLArenaPool *arena, unsigned char *inbuf,
+                                    unsigned int inlen, unsigned int *outlen,
+                                    int blockSize);
+
+/****************************************/
+/*
+** Power-Up selftests are required for FIPS.
+*/
+/* make sure Power-up selftests have been run. */
+extern CK_RV sftk_FIPSEntryOK(void);
+
+/*
+** make known fixed PKCS #11 key types to their sizes in bytes
+*/
+unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
+
+/*
+** FIPS 140-2 auditing
+*/
+extern PRBool sftk_audit_enabled;
+
+extern void sftk_LogAuditMessage(NSSAuditSeverity severity,
+                                 NSSAuditType, const char *msg);
+
+extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
+                                   CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                                   CK_OBJECT_HANDLE_PTR phObject, CK_RV rv);
+
+extern void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
+                                 CK_OBJECT_HANDLE hObject,
+                                 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                                 CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv);
+
+extern void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
+                                    CK_OBJECT_HANDLE hObject, CK_RV rv);
+
+extern void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
+                                    CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize,
+                                    CK_RV rv);
+
+extern void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
+                                        CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+                                        CK_ULONG ulCount, CK_RV rv);
+
+extern void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
+                                        CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+                                        CK_ULONG ulCount, CK_RV rv);
+
+extern void sftk_AuditCryptInit(const char *opName,
+                                CK_SESSION_HANDLE hSession,
+                                CK_MECHANISM_PTR pMechanism,
+                                CK_OBJECT_HANDLE hKey, CK_RV rv);
+
+extern void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
+                                  CK_MECHANISM_PTR pMechanism,
+                                  CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                                  CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
+
+extern void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
+                                      CK_MECHANISM_PTR pMechanism,
+                                      CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+                                      CK_ULONG ulPublicKeyAttributeCount,
+                                      CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+                                      CK_ULONG ulPrivateKeyAttributeCount,
+                                      CK_OBJECT_HANDLE_PTR phPublicKey,
+                                      CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv);
+
+extern void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
+                              CK_MECHANISM_PTR pMechanism,
+                              CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
+                              CK_BYTE_PTR pWrappedKey,
+                              CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv);
+
+extern void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
+                                CK_MECHANISM_PTR pMechanism,
+                                CK_OBJECT_HANDLE hUnwrappingKey,
+                                CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+                                CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+                                CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
+
+extern void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
+                                CK_MECHANISM_PTR pMechanism,
+                                CK_OBJECT_HANDLE hBaseKey,
+                                CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+                                CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
+
+extern void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
+                                CK_OBJECT_HANDLE hKey, CK_RV rv);
+
+/*
+** FIPS 140-2 Error state
+*/
+extern PRBool sftk_fatalError;
+
+/*
+** macros to check for forked child process after C_Initialize
+*/
+#if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
+
+#ifdef DEBUG
+
+#define FORK_ASSERT()                                            \
+    {                                                            \
+        char *forkAssert = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \
+        if ((!forkAssert) || (0 == strcmp(forkAssert, "1"))) {   \
+            PORT_Assert(0);                                      \
+        }                                                        \
+    }
+
+#else
+
+#define FORK_ASSERT()
+
+#endif
+
+/* we have 3 methods of implementing the fork checks :
+ * - Solaris "mixed" method
+ * - pthread_atfork method
+ * - getpid method
+ */
+
+#if !defined(CHECK_FORK_MIXED) && !defined(CHECK_FORK_PTHREAD) && \
+    !defined(CHECK_FORK_GETPID)
+
+/* Choose fork check method automatically unless specified
+ * This section should be updated as more platforms get pthread fixes
+ * to unregister fork handlers in dlclose.
+ */
+
+#ifdef SOLARIS
+
+/* Solaris 8, s9 use PID checks, s10 uses pthread_atfork */
+
+#define CHECK_FORK_MIXED
+
+#elif defined(LINUX) || defined(__GLIBC__)
+
+#define CHECK_FORK_PTHREAD
+
+#else
+
+/* Other Unix platforms use only PID checks. Even if pthread_atfork is
+ * available, the behavior of dlclose isn't guaranteed by POSIX to
+ * unregister the fork handler. */
+
+#define CHECK_FORK_GETPID
+
+#endif
+
+#endif
+
+#if defined(CHECK_FORK_MIXED)
+
+extern PRBool usePthread_atfork;
+#include <unistd.h>
+extern pid_t myPid;
+extern PRBool forked;
+
+#define PARENT_FORKED() (usePthread_atfork ? forked : (myPid && myPid != getpid()))
+
+#elif defined(CHECK_FORK_PTHREAD)
+
+extern PRBool forked;
+
+#define PARENT_FORKED() forked
+
+#elif defined(CHECK_FORK_GETPID)
+
+#include <unistd.h>
+extern pid_t myPid;
+
+#define PARENT_FORKED() (myPid && myPid != getpid())
+
+#endif
+
+extern PRBool parentForkedAfterC_Initialize;
+extern PRBool sftkForkCheckDisabled;
+
+#define CHECK_FORK()                                     \
+    do {                                                 \
+        if (!sftkForkCheckDisabled && PARENT_FORKED()) { \
+            FORK_ASSERT();                               \
+            return CKR_DEVICE_ERROR;                     \
+        }                                                \
+    } while (0)
+
+#define SKIP_AFTER_FORK(x)              \
+    if (!parentForkedAfterC_Initialize) \
+    x
+
+#define ENABLE_FORK_CHECK()                                       \
+    {                                                             \
+        char *doForkCheck = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \
+        if (doForkCheck && !strcmp(doForkCheck, "DISABLED")) {    \
+            sftkForkCheckDisabled = PR_TRUE;                      \
+        }                                                         \
+    }
+
+#else
+
+/* non-Unix platforms, or fork check disabled */
+
+#define CHECK_FORK()
+#define SKIP_AFTER_FORK(x) x
+#define ENABLE_FORK_CHECK()
+
+#ifndef NO_FORK_CHECK
+#define NO_FORK_CHECK
+#endif
+
+#endif
+
+SEC_END_PROTOS
+
+#endif /* _SOFTOKEN_H_ */
diff --git a/nss/lib/softoken/softokn.def b/nss/lib/softoken/softokn.def
new file mode 100644
index 0000000..0c71a1b
--- /dev/null
+++ b/nss/lib/softoken/softokn.def
@@ -0,0 +1,28 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+NSS_3.4 {       # NSS 3.4 release
+;+    global:
+LIBRARY softokn3 ;-
+EXPORTS ;-
+C_GetFunctionList; Make this function like a real PKCS #11 module as well
+FC_GetFunctionList;
+NSC_GetFunctionList;
+NSC_ModuleDBFunc;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/softoken/softokn.rc b/nss/lib/softoken/softokn.rc
new file mode 100644
index 0000000..f3dbb5c
--- /dev/null
+++ b/nss/lib/softoken/softokn.rc
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "softkver.h"
+#include <winver.h>
+
+#define MY_LIBNAME "softokn"
+#define MY_FILEDESCRIPTION "NSS PKCS #11 Library"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define SOFTOKEN_VMAJOR_STR STRINGIZE2(SOFTOKEN_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if SOFTOKEN_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME SOFTOKEN_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,SOFTOKEN_VBUILD
+ PRODUCTVERSION SOFTOKEN_VMAJOR,SOFTOKEN_VMINOR,SOFTOKEN_VPATCH,SOFTOKEN_VBUILD
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", SOFTOKEN_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", SOFTOKEN_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/softoken/softoknt.h b/nss/lib/softoken/softoknt.h
new file mode 100644
index 0000000..0716898
--- /dev/null
+++ b/nss/lib/softoken/softoknt.h
@@ -0,0 +1,43 @@
+/*
+ * softoknt.h - public data structures for the software token library
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SOFTOKNT_H_
+#define _SOFTOKNT_H_
+
+#define NSS_SOFTOKEN_DEFAULT_CHUNKSIZE 2048
+
+/*
+ * FIPS 140-2 auditing
+ */
+typedef enum {
+    NSS_AUDIT_ERROR = 3,   /* errors */
+    NSS_AUDIT_WARNING = 2, /* warning messages */
+    NSS_AUDIT_INFO = 1     /* informational messages */
+} NSSAuditSeverity;
+
+typedef enum {
+    NSS_AUDIT_ACCESS_KEY = 0,
+    NSS_AUDIT_CHANGE_KEY,
+    NSS_AUDIT_COPY_KEY,
+    NSS_AUDIT_CRYPT,
+    NSS_AUDIT_DERIVE_KEY,
+    NSS_AUDIT_DESTROY_KEY,
+    NSS_AUDIT_DIGEST_KEY,
+    NSS_AUDIT_FIPS_STATE,
+    NSS_AUDIT_GENERATE_KEY,
+    NSS_AUDIT_INIT_PIN,
+    NSS_AUDIT_INIT_TOKEN,
+    NSS_AUDIT_LOAD_KEY,
+    NSS_AUDIT_LOGIN,
+    NSS_AUDIT_LOGOUT,
+    NSS_AUDIT_SELF_TEST,
+    NSS_AUDIT_SET_PIN,
+    NSS_AUDIT_UNWRAP_KEY,
+    NSS_AUDIT_WRAP_KEY
+} NSSAuditType;
+
+#endif /* _SOFTOKNT_H_ */
diff --git a/nss/lib/softoken/tlsprf.c b/nss/lib/softoken/tlsprf.c
new file mode 100644
index 0000000..05e2468
--- /dev/null
+++ b/nss/lib/softoken/tlsprf.c
@@ -0,0 +1,198 @@
+/* tlsprf.c - TLS Pseudo Random Function (PRF) implementation
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pkcs11i.h"
+#include "blapi.h"
+#include "secerr.h"
+
+static void
+sftk_TLSPRFNull(void *data, PRBool freeit)
+{
+    return;
+}
+
+typedef struct {
+    PRUint32 cxSize;          /* size of allocated block, in bytes.        */
+    PRUint32 cxBufSize;       /* sizeof buffer at cxBufPtr.                */
+    unsigned char *cxBufPtr;  /* points to real buffer, may be cxBuf.      */
+    PRUint32 cxKeyLen;        /* bytes of cxBufPtr containing key.         */
+    PRUint32 cxDataLen;       /* bytes of cxBufPtr containing data.        */
+    SECStatus cxRv;           /* records failure of void functions.        */
+    PRBool cxIsFIPS;          /* true if conforming to FIPS 198.           */
+    HASH_HashType cxHashAlg;  /* hash algorithm to use for TLS 1.2+        */
+    unsigned int cxOutLen;    /* bytes of output if nonzero                */
+    unsigned char cxBuf[512]; /* actual size may be larger than 512.       */
+} TLSPRFContext;
+
+static void
+sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data,
+                      unsigned int data_len)
+{
+    PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen;
+
+    if (cx->cxRv != SECSuccess) /* function has previously failed. */
+        return;
+    if (bytesUsed + data_len > cx->cxBufSize) {
+        /* We don't use realloc here because
+        ** (a) realloc doesn't zero out the old block, and
+        ** (b) if realloc fails, we lose the old block.
+        */
+        PRUint32 newBufSize = bytesUsed + data_len + 512;
+        unsigned char *newBuf = (unsigned char *)PORT_Alloc(newBufSize);
+        if (!newBuf) {
+            cx->cxRv = SECFailure;
+            return;
+        }
+        PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed);
+        if (cx->cxBufPtr != cx->cxBuf) {
+            PORT_ZFree(cx->cxBufPtr, bytesUsed);
+        }
+        cx->cxBufPtr = newBuf;
+        cx->cxBufSize = newBufSize;
+    }
+    PORT_Memcpy(cx->cxBufPtr + bytesUsed, data, data_len);
+    cx->cxDataLen += data_len;
+}
+
+static void
+sftk_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout,
+               unsigned int *pDigestLen, unsigned int maxDigestLen)
+{
+    *pDigestLen = 0; /* tells Verify that no data has been input yet. */
+}
+
+/* Compute the PRF values from the data previously input. */
+static SECStatus
+sftk_TLSPRFUpdate(TLSPRFContext *cx,
+                  unsigned char *sig,   /* output goes here. */
+                  unsigned int *sigLen, /* how much output.  */
+                  unsigned int maxLen,  /* output buffer size */
+                  unsigned char *hash,  /* unused. */
+                  unsigned int hashLen) /* unused. */
+{
+    SECStatus rv;
+    SECItem sigItem;
+    SECItem seedItem;
+    SECItem secretItem;
+
+    if (cx->cxRv != SECSuccess)
+        return cx->cxRv;
+
+    secretItem.data = cx->cxBufPtr;
+    secretItem.len = cx->cxKeyLen;
+
+    seedItem.data = cx->cxBufPtr + cx->cxKeyLen;
+    seedItem.len = cx->cxDataLen;
+
+    sigItem.data = sig;
+    if (cx->cxOutLen == 0) {
+        sigItem.len = maxLen;
+    } else if (cx->cxOutLen <= maxLen) {
+        sigItem.len = cx->cxOutLen;
+    } else {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+
+    if (cx->cxHashAlg != HASH_AlgNULL) {
+        rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem,
+                        cx->cxIsFIPS);
+    } else {
+        rv = TLS_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS);
+    }
+    if (rv == SECSuccess && sigLen != NULL)
+        *sigLen = sigItem.len;
+    return rv;
+}
+
+static SECStatus
+sftk_TLSPRFVerify(TLSPRFContext *cx,
+                  unsigned char *sig,   /* input, for comparison. */
+                  unsigned int sigLen,  /* length of sig.         */
+                  unsigned char *hash,  /* data to be verified.   */
+                  unsigned int hashLen) /* size of hash data.     */
+{
+    unsigned char *tmp = (unsigned char *)PORT_Alloc(sigLen);
+    unsigned int tmpLen = sigLen;
+    SECStatus rv;
+
+    if (!tmp)
+        return SECFailure;
+    if (hashLen) {
+        /* hashLen is non-zero when the user does a one-step verify.
+        ** In this case, none of the data has been input yet.
+        */
+        sftk_TLSPRFHashUpdate(cx, hash, hashLen);
+    }
+    rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
+    if (rv == SECSuccess) {
+        rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
+    }
+    PORT_ZFree(tmp, sigLen);
+    return rv;
+}
+
+static void
+sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
+{
+    if (freeit) {
+        if (cx->cxBufPtr != cx->cxBuf)
+            PORT_ZFree(cx->cxBufPtr, cx->cxBufSize);
+        PORT_ZFree(cx, cx->cxSize);
+    }
+}
+
+CK_RV
+sftk_TLSPRFInit(SFTKSessionContext *context,
+                SFTKObject *key,
+                CK_KEY_TYPE key_type,
+                HASH_HashType hash_alg,
+                unsigned int out_len)
+{
+    SFTKAttribute *keyVal;
+    TLSPRFContext *prf_cx;
+    CK_RV crv = CKR_HOST_MEMORY;
+    PRUint32 keySize;
+    PRUint32 blockSize;
+
+    if (key_type != CKK_GENERIC_SECRET)
+        return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */
+
+    context->multi = PR_TRUE;
+
+    keyVal = sftk_FindAttribute(key, CKA_VALUE);
+    keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen;
+    blockSize = keySize + sizeof(TLSPRFContext);
+    prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize);
+    if (!prf_cx)
+        goto done;
+    prf_cx->cxSize = blockSize;
+    prf_cx->cxKeyLen = keySize;
+    prf_cx->cxDataLen = 0;
+    prf_cx->cxBufSize = blockSize - offsetof(TLSPRFContext, cxBuf);
+    prf_cx->cxRv = SECSuccess;
+    prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID);
+    prf_cx->cxBufPtr = prf_cx->cxBuf;
+    prf_cx->cxHashAlg = hash_alg;
+    prf_cx->cxOutLen = out_len;
+    if (keySize)
+        PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize);
+
+    context->hashInfo = (void *)prf_cx;
+    context->cipherInfo = (void *)prf_cx;
+    context->hashUpdate = (SFTKHash)sftk_TLSPRFHashUpdate;
+    context->end = (SFTKEnd)sftk_TLSPRFEnd;
+    context->update = (SFTKCipher)sftk_TLSPRFUpdate;
+    context->verify = (SFTKVerify)sftk_TLSPRFVerify;
+    context->destroy = (SFTKDestroy)sftk_TLSPRFNull;
+    context->hashdestroy = (SFTKDestroy)sftk_TLSPRFHashDestroy;
+    crv = CKR_OK;
+
+done:
+    if (keyVal)
+        sftk_FreeAttribute(keyVal);
+    return crv;
+}
diff --git a/nss/lib/sqlite/Makefile b/nss/lib/sqlite/Makefile
new file mode 100644
index 0000000..9149368
--- /dev/null
+++ b/nss/lib/sqlite/Makefile
@@ -0,0 +1,54 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+USE_GCOV =
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+-include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+ifeq (WINNT,$(OS_ARCH))
+# sqlite calls the deprecated GetVersionExA method
+OS_CFLAGS += -w44996
+endif
+
diff --git a/nss/lib/sqlite/README b/nss/lib/sqlite/README
new file mode 100644
index 0000000..b3a726f
--- /dev/null
+++ b/nss/lib/sqlite/README
@@ -0,0 +1,3 @@
+This is SQLite 3.10.2.
+
+Local changes:
diff --git a/nss/lib/sqlite/config.mk b/nss/lib/sqlite/config.mk
new file mode 100644
index 0000000..b0e9390
--- /dev/null
+++ b/nss/lib/sqlite/config.mk
@@ -0,0 +1,43 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+#RES = $(OBJDIR)/$(LIBRARY_NAME).res
+#RESNAME = $(LIBRARY_NAME).rc
+endif
+
+ifeq ($(OS_TARGET),AIX)
+EXTRA_LIBS += -lpthreads
+ifdef BUILD_OPT
+OPTIMIZER=
+endif
+endif
+
+ifeq ($(OS_TARGET),Darwin)
+# These version numbers come from the -version-info 8:6:8 libtool option in
+# sqlite upstream's Makefile.in.  (Given -version-info current:revision:age,
+# libtool passes
+#     -compatibility_version current+1 -current_version current+1.revision
+# to the linker.)  Apple builds the system libsqlite3.dylib with these
+# version numbers, so we use the same to be compatible.
+DARWIN_DYLIB_VERSIONS = -compatibility_version 9 -current_version 9.6
+
+# The SQLite code that uses the Apple zone allocator calls
+# OSAtomicCompareAndSwapPtrBarrier, which is only available on Mac OS X 10.5
+# (Darwin 9.0) and later. Define SQLITE_WITHOUT_ZONEMALLOC to disable
+# that code for older versions of Mac OS X. See bug 820374.
+DARWIN_VER_MAJOR := $(shell uname -r | cut -f1 -d.)
+DARWIN_LT_9 := $(shell [ $(DARWIN_VER_MAJOR) -lt 9 ] && echo true)
+ifeq ($(DARWIN_LT_9),true)
+OS_CFLAGS += -DSQLITE_WITHOUT_ZONEMALLOC
+endif
+endif # Darwin
diff --git a/nss/lib/sqlite/exports.gyp b/nss/lib/sqlite/exports.gyp
new file mode 100644
index 0000000..0a424ba
--- /dev/null
+++ b/nss/lib/sqlite/exports.gyp
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_sqlite_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'sqlite3.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/sqlite/manifest.mn b/nss/lib/sqlite/manifest.mn
new file mode 100644
index 0000000..022749b
--- /dev/null
+++ b/nss/lib/sqlite/manifest.mn
@@ -0,0 +1,34 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+LIBRARY_NAME = sqlite
+LIBRARY_VERSION = 3
+MAPFILE = $(OBJDIR)/sqlite.def
+DEFINES += -DSQLITE_THREADSAFE=1
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	sqlite3.h \
+	$(NULL)
+
+
+CSRCS = \
+	sqlite3.c \
+	$(NULL)
+
+
+
+# only add module debugging in opt builds if DEBUG_PKCS11 is set
+ifdef DEBUG_PKCS11
+  DEFINES += -DDEBUG_MODULE
+endif
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/sqlite/sqlite.def b/nss/lib/sqlite/sqlite.def
new file mode 100644
index 0000000..00fa623
--- /dev/null
+++ b/nss/lib/sqlite/sqlite.def
@@ -0,0 +1,147 @@
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any 
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.  
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.  
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+SQLITE_3 {       
+;+    global:
+LIBRARY sqlite3 ;-
+EXPORTS ;-
+sqlite3_aggregate_context;
+sqlite3_aggregate_count;
+sqlite3_auto_extension;
+sqlite3_bind_blob;
+sqlite3_bind_double;
+sqlite3_bind_int;
+sqlite3_bind_int64;
+sqlite3_bind_null;
+sqlite3_bind_parameter_count;
+sqlite3_bind_parameter_index;
+sqlite3_bind_parameter_name;
+sqlite3_bind_text;
+sqlite3_bind_text16;
+sqlite3_bind_value;
+sqlite3_busy_handler;
+sqlite3_busy_timeout;
+sqlite3_changes;
+sqlite3_clear_bindings;
+sqlite3_close;
+sqlite3_collation_needed;
+sqlite3_collation_needed16;
+sqlite3_column_blob;
+sqlite3_column_bytes;
+sqlite3_column_bytes16;
+sqlite3_column_count;
+sqlite3_column_decltype;
+sqlite3_column_decltype16;
+sqlite3_column_double;
+sqlite3_column_int;
+sqlite3_column_int64;
+sqlite3_column_name;
+sqlite3_column_name16;
+sqlite3_column_text;
+sqlite3_column_text16;
+sqlite3_column_type;
+sqlite3_column_value;
+sqlite3_commit_hook;
+sqlite3_complete;
+sqlite3_complete16;
+sqlite3_create_collation;
+sqlite3_create_collation16;
+sqlite3_create_function;
+sqlite3_create_function16;
+sqlite3_create_module;
+sqlite3_data_count;
+sqlite3_db_handle;
+sqlite3_declare_vtab;
+sqlite3_enable_load_extension;
+sqlite3_enable_shared_cache;
+sqlite3_errcode;
+sqlite3_errmsg;
+sqlite3_errmsg16;
+sqlite3_exec;
+sqlite3_expired;
+sqlite3_extended_result_codes;
+sqlite3_file_control;
+sqlite3_finalize;
+sqlite3_free;
+sqlite3_free_table;
+sqlite3_get_autocommit;
+sqlite3_get_auxdata;
+sqlite3_get_table;
+sqlite3_global_recover;
+sqlite3_interrupt;
+sqlite3_last_insert_rowid;
+sqlite3_libversion;
+sqlite3_libversion_number;
+sqlite3_load_extension;
+sqlite3_malloc;
+sqlite3_mprintf;
+sqlite3_open;
+sqlite3_open16;
+sqlite3_open_v2;
+sqlite3_overload_function;
+sqlite3_prepare;
+sqlite3_prepare16;
+sqlite3_prepare16_v2;
+sqlite3_prepare_v2;
+sqlite3_profile;
+sqlite3_progress_handler;
+sqlite3_realloc;
+sqlite3_reset;
+sqlite3_reset_auto_extension;
+sqlite3_result_blob;
+sqlite3_result_double;
+sqlite3_result_error;
+sqlite3_result_error16;
+sqlite3_result_int;
+sqlite3_result_int64;
+sqlite3_result_null;
+sqlite3_result_text;
+sqlite3_result_text16;
+sqlite3_result_text16be;
+sqlite3_result_text16le;
+sqlite3_result_value;
+sqlite3_rollback_hook;
+sqlite3_set_authorizer;
+sqlite3_set_auxdata;
+sqlite3_sleep;
+sqlite3_snprintf;
+sqlite3_step;
+;;sqlite3_temp_directory DATA ;
+sqlite3_thread_cleanup;
+sqlite3_total_changes;
+sqlite3_trace;
+sqlite3_transfer_bindings;
+sqlite3_update_hook;
+sqlite3_user_data;
+sqlite3_value_blob;
+sqlite3_value_bytes;
+sqlite3_value_bytes16;
+sqlite3_value_double;
+sqlite3_value_int;
+sqlite3_value_int64;
+sqlite3_value_numeric_type;
+sqlite3_value_text;
+sqlite3_value_text16;
+sqlite3_value_text16be;
+sqlite3_value_text16le;
+sqlite3_value_type;
+sqlite3_version;
+sqlite3_vmprintf;
+sqlite3_wal_checkpoint;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/sqlite/sqlite.gyp b/nss/lib/sqlite/sqlite.gyp
new file mode 100644
index 0000000..6969893
--- /dev/null
+++ b/nss/lib/sqlite/sqlite.gyp
@@ -0,0 +1,50 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'conditions': [
+    ['use_system_sqlite==1', {
+      'targets': [{
+        'target_name': 'sqlite3',
+        'type': 'none',
+        'link_settings': {
+          'libraries': ['<(sqlite_libs)'],
+        },
+      }],
+    }, {
+      'targets': [
+        {
+          'target_name': 'sqlite',
+          'type': 'static_library',
+          'sources': [
+            'sqlite3.c'
+          ],
+          'dependencies': [
+            '<(DEPTH)/exports.gyp:nss_exports'
+          ]
+        },
+        {
+          'target_name': 'sqlite3',
+          'type': 'shared_library',
+          'dependencies': [
+            'sqlite'
+          ],
+          'variables': {
+            'mapfile': 'sqlite.def'
+          }
+        }
+      ],
+      'target_defaults': {
+        'defines': [
+          'SQLITE_THREADSAFE=1'
+        ]
+      },
+      'variables': {
+        'module': 'nss'
+      }
+    }]
+  ],
+}
diff --git a/nss/lib/sqlite/sqlite3.c b/nss/lib/sqlite/sqlite3.c
new file mode 100644
index 0000000..c0ab233
--- /dev/null
+++ b/nss/lib/sqlite/sqlite3.c
@@ -0,0 +1,186041 @@
+/******************************************************************************
+** This file is an amalgamation of many separate C source files from SQLite
+** version 3.10.2.  By combining all the individual C code files into this 
+** single large file, the entire code can be compiled as a single translation
+** unit.  This allows many compilers to do optimizations that would not be
+** possible if the files were compiled separately.  Performance improvements
+** of 5% or more are commonly seen when SQLite is compiled as a single
+** translation unit.
+**
+** This file is all you need to compile SQLite.  To use SQLite in other
+** programs, you need this file and the "sqlite3.h" header file that defines
+** the programming interface to the SQLite library.  (If you do not have 
+** the "sqlite3.h" header file at hand, you will find a copy embedded within
+** the text of this file.  Search for "Begin file sqlite3.h" to find the start
+** of the embedded sqlite3.h header file.) Additional code files may be needed
+** if you want a wrapper to interface SQLite with your choice of programming
+** language. The code for the "sqlite3" command-line shell is also in a
+** separate file. This file contains only code for the core SQLite library.
+*/
+#define SQLITE_CORE 1
+#define SQLITE_AMALGAMATION 1
+#ifndef SQLITE_PRIVATE
+# define SQLITE_PRIVATE static
+#endif
+/************** Begin file sqliteInt.h ***************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Internal interface definitions for SQLite.
+**
+*/
+#ifndef _SQLITEINT_H_
+#define _SQLITEINT_H_
+
+/*
+** Include the header file used to customize the compiler options for MSVC.
+** This should be done first so that it can successfully prevent spurious
+** compiler warnings due to subsequent content in this file and other files
+** that are included by this file.
+*/
+/************** Include msvc.h in the middle of sqliteInt.h ******************/
+/************** Begin file msvc.h ********************************************/
+/*
+** 2015 January 12
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains code that is specific to MSVC.
+*/
+#ifndef _MSVC_H_
+#define _MSVC_H_
+
+#if defined(_MSC_VER)
+#pragma warning(disable : 4054)
+#pragma warning(disable : 4055)
+#pragma warning(disable : 4100)
+#pragma warning(disable : 4127)
+#pragma warning(disable : 4130)
+#pragma warning(disable : 4152)
+#pragma warning(disable : 4189)
+#pragma warning(disable : 4206)
+#pragma warning(disable : 4210)
+#pragma warning(disable : 4232)
+#pragma warning(disable : 4244)
+#pragma warning(disable : 4305)
+#pragma warning(disable : 4306)
+#pragma warning(disable : 4702)
+#pragma warning(disable : 4706)
+#endif /* defined(_MSC_VER) */
+
+#endif /* _MSVC_H_ */
+
+/************** End of msvc.h ************************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+
+/*
+** Special setup for VxWorks
+*/
+/************** Include vxworks.h in the middle of sqliteInt.h ***************/
+/************** Begin file vxworks.h *****************************************/
+/*
+** 2015-03-02
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains code that is specific to Wind River's VxWorks
+*/
+#if defined(__RTP__) || defined(_WRS_KERNEL)
+/* This is VxWorks.  Set up things specially for that OS
+*/
+#include <vxWorks.h>
+#include <pthread.h>  /* amalgamator: dontcache */
+#define OS_VXWORKS 1
+#define SQLITE_OS_OTHER 0
+#define SQLITE_HOMEGROWN_RECURSIVE_MUTEX 1
+#define SQLITE_OMIT_LOAD_EXTENSION 1
+#define SQLITE_ENABLE_LOCKING_STYLE 0
+#define HAVE_UTIME 1
+#else
+/* This is not VxWorks. */
+#define OS_VXWORKS 0
+#endif /* defined(_WRS_KERNEL) */
+
+/************** End of vxworks.h *********************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+
+/*
+** These #defines should enable >2GB file support on POSIX if the
+** underlying operating system supports it.  If the OS lacks
+** large file support, or if the OS is windows, these should be no-ops.
+**
+** Ticket #2739:  The _LARGEFILE_SOURCE macro must appear before any
+** system #includes.  Hence, this block of code must be the very first
+** code in all source files.
+**
+** Large file support can be disabled using the -DSQLITE_DISABLE_LFS switch
+** on the compiler command line.  This is necessary if you are compiling
+** on a recent machine (ex: Red Hat 7.2) but you want your code to work
+** on an older machine (ex: Red Hat 6.0).  If you compile on Red Hat 7.2
+** without this option, LFS is enable.  But LFS does not exist in the kernel
+** in Red Hat 6.0, so the code won't work.  Hence, for maximum binary
+** portability you should omit LFS.
+**
+** The previous paragraph was written in 2005.  (This paragraph is written
+** on 2008-11-28.) These days, all Linux kernels support large files, so
+** you should probably leave LFS enabled.  But some embedded platforms might
+** lack LFS in which case the SQLITE_DISABLE_LFS macro might still be useful.
+**
+** Similar is true for Mac OS X.  LFS is only supported on Mac OS X 9 and later.
+*/
+#ifndef SQLITE_DISABLE_LFS
+# define _LARGE_FILE       1
+# ifndef _FILE_OFFSET_BITS
+#   define _FILE_OFFSET_BITS 64
+# endif
+# define _LARGEFILE_SOURCE 1
+#endif
+
+/* What version of GCC is being used.  0 means GCC is not being used */
+#ifdef __GNUC__
+# define GCC_VERSION (__GNUC__*1000000+__GNUC_MINOR__*1000+__GNUC_PATCHLEVEL__)
+#else
+# define GCC_VERSION 0
+#endif
+
+/* Needed for various definitions... */
+#if defined(__GNUC__) && !defined(_GNU_SOURCE)
+# define _GNU_SOURCE
+#endif
+
+#if defined(__OpenBSD__) && !defined(_BSD_SOURCE)
+# define _BSD_SOURCE
+#endif
+
+/*
+** For MinGW, check to see if we can include the header file containing its
+** version information, among other things.  Normally, this internal MinGW
+** header file would [only] be included automatically by other MinGW header
+** files; however, the contained version information is now required by this
+** header file to work around binary compatibility issues (see below) and
+** this is the only known way to reliably obtain it.  This entire #if block
+** would be completely unnecessary if there was any other way of detecting
+** MinGW via their preprocessor (e.g. if they customized their GCC to define
+** some MinGW-specific macros).  When compiling for MinGW, either the
+** _HAVE_MINGW_H or _HAVE__MINGW_H (note the extra underscore) macro must be
+** defined; otherwise, detection of conditions specific to MinGW will be
+** disabled.
+*/
+#if defined(_HAVE_MINGW_H)
+# include "mingw.h"
+#elif defined(_HAVE__MINGW_H)
+# include "_mingw.h"
+#endif
+
+/*
+** For MinGW version 4.x (and higher), check to see if the _USE_32BIT_TIME_T
+** define is required to maintain binary compatibility with the MSVC runtime
+** library in use (e.g. for Windows XP).
+*/
+#if !defined(_USE_32BIT_TIME_T) && !defined(_USE_64BIT_TIME_T) && \
+    defined(_WIN32) && !defined(_WIN64) && \
+    defined(__MINGW_MAJOR_VERSION) && __MINGW_MAJOR_VERSION >= 4 && \
+    defined(__MSVCRT__)
+# define _USE_32BIT_TIME_T
+#endif
+
+/* The public SQLite interface.  The _FILE_OFFSET_BITS macro must appear
+** first in QNX.  Also, the _USE_32BIT_TIME_T macro must appear first for
+** MinGW.
+*/
+/************** Include sqlite3.h in the middle of sqliteInt.h ***************/
+/************** Begin file sqlite3.h *****************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This header file defines the interface that the SQLite library
+** presents to client programs.  If a C-function, structure, datatype,
+** or constant definition does not appear in this file, then it is
+** not a published API of SQLite, is subject to change without
+** notice, and should not be referenced by programs that use SQLite.
+**
+** Some of the definitions that are in this file are marked as
+** "experimental".  Experimental interfaces are normally new
+** features recently added to SQLite.  We do not anticipate changes
+** to experimental interfaces but reserve the right to make minor changes
+** if experience from use "in the wild" suggest such changes are prudent.
+**
+** The official C-language API documentation for SQLite is derived
+** from comments in this file.  This file is the authoritative source
+** on how SQLite interfaces are supposed to operate.
+**
+** The name of this file under configuration management is "sqlite.h.in".
+** The makefile makes some minor changes to this file (such as inserting
+** the version number) and changes its name to "sqlite3.h" as
+** part of the build process.
+*/
+#ifndef _SQLITE3_H_
+#define _SQLITE3_H_
+#include <stdarg.h>     /* Needed for the definition of va_list */
+
+/*
+** Make sure we can call this stuff from C++.
+*/
+#if 0
+extern "C" {
+#endif
+
+
+/*
+** Provide the ability to override linkage features of the interface.
+*/
+#ifndef SQLITE_EXTERN
+# define SQLITE_EXTERN extern
+#endif
+#ifndef SQLITE_API
+# define SQLITE_API
+#endif
+#ifndef SQLITE_CDECL
+# define SQLITE_CDECL
+#endif
+#ifndef SQLITE_STDCALL
+# define SQLITE_STDCALL
+#endif
+
+/*
+** These no-op macros are used in front of interfaces to mark those
+** interfaces as either deprecated or experimental.  New applications
+** should not use deprecated interfaces - they are supported for backwards
+** compatibility only.  Application writers should be aware that
+** experimental interfaces are subject to change in point releases.
+**
+** These macros used to resolve to various kinds of compiler magic that
+** would generate warning messages when they were used.  But that
+** compiler magic ended up generating such a flurry of bug reports
+** that we have taken it all out and gone back to using simple
+** noop macros.
+*/
+#define SQLITE_DEPRECATED
+#define SQLITE_EXPERIMENTAL
+
+/*
+** Ensure these symbols were not defined by some previous header file.
+*/
+#ifdef SQLITE_VERSION
+# undef SQLITE_VERSION
+#endif
+#ifdef SQLITE_VERSION_NUMBER
+# undef SQLITE_VERSION_NUMBER
+#endif
+
+/*
+** CAPI3REF: Compile-Time Library Version Numbers
+**
+** ^(The [SQLITE_VERSION] C preprocessor macro in the sqlite3.h header
+** evaluates to a string literal that is the SQLite version in the
+** format "X.Y.Z" where X is the major version number (always 3 for
+** SQLite3) and Y is the minor version number and Z is the release number.)^
+** ^(The [SQLITE_VERSION_NUMBER] C preprocessor macro resolves to an integer
+** with the value (X*1000000 + Y*1000 + Z) where X, Y, and Z are the same
+** numbers used in [SQLITE_VERSION].)^
+** The SQLITE_VERSION_NUMBER for any given release of SQLite will also
+** be larger than the release from which it is derived.  Either Y will
+** be held constant and Z will be incremented or else Y will be incremented
+** and Z will be reset to zero.
+**
+** Since version 3.6.18, SQLite source code has been stored in the
+** <a href="http://www.fossil-scm.org/">Fossil configuration management
+** system</a>.  ^The SQLITE_SOURCE_ID macro evaluates to
+** a string which identifies a particular check-in of SQLite
+** within its configuration management system.  ^The SQLITE_SOURCE_ID
+** string contains the date and time of the check-in (UTC) and an SHA1
+** hash of the entire source tree.
+**
+** See also: [sqlite3_libversion()],
+** [sqlite3_libversion_number()], [sqlite3_sourceid()],
+** [sqlite_version()] and [sqlite_source_id()].
+*/
+#define SQLITE_VERSION        "3.10.2"
+#define SQLITE_VERSION_NUMBER 3010002
+#define SQLITE_SOURCE_ID      "2016-01-20 15:27:19 17efb4209f97fb4971656086b138599a91a75ff9"
+
+/*
+** CAPI3REF: Run-Time Library Version Numbers
+** KEYWORDS: sqlite3_version, sqlite3_sourceid
+**
+** These interfaces provide the same information as the [SQLITE_VERSION],
+** [SQLITE_VERSION_NUMBER], and [SQLITE_SOURCE_ID] C preprocessor macros
+** but are associated with the library instead of the header file.  ^(Cautious
+** programmers might include assert() statements in their application to
+** verify that values returned by these interfaces match the macros in
+** the header, and thus ensure that the application is
+** compiled with matching library and header files.
+**
+** <blockquote><pre>
+** assert( sqlite3_libversion_number()==SQLITE_VERSION_NUMBER );
+** assert( strcmp(sqlite3_sourceid(),SQLITE_SOURCE_ID)==0 );
+** assert( strcmp(sqlite3_libversion(),SQLITE_VERSION)==0 );
+** </pre></blockquote>)^
+**
+** ^The sqlite3_version[] string constant contains the text of [SQLITE_VERSION]
+** macro.  ^The sqlite3_libversion() function returns a pointer to the
+** to the sqlite3_version[] string constant.  The sqlite3_libversion()
+** function is provided for use in DLLs since DLL users usually do not have
+** direct access to string constants within the DLL.  ^The
+** sqlite3_libversion_number() function returns an integer equal to
+** [SQLITE_VERSION_NUMBER].  ^The sqlite3_sourceid() function returns 
+** a pointer to a string constant whose value is the same as the 
+** [SQLITE_SOURCE_ID] C preprocessor macro.
+**
+** See also: [sqlite_version()] and [sqlite_source_id()].
+*/
+SQLITE_API const char sqlite3_version[] = SQLITE_VERSION;
+SQLITE_API const char *SQLITE_STDCALL sqlite3_libversion(void);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_sourceid(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_libversion_number(void);
+
+/*
+** CAPI3REF: Run-Time Library Compilation Options Diagnostics
+**
+** ^The sqlite3_compileoption_used() function returns 0 or 1 
+** indicating whether the specified option was defined at 
+** compile time.  ^The SQLITE_ prefix may be omitted from the 
+** option name passed to sqlite3_compileoption_used().  
+**
+** ^The sqlite3_compileoption_get() function allows iterating
+** over the list of options that were defined at compile time by
+** returning the N-th compile time option string.  ^If N is out of range,
+** sqlite3_compileoption_get() returns a NULL pointer.  ^The SQLITE_ 
+** prefix is omitted from any strings returned by 
+** sqlite3_compileoption_get().
+**
+** ^Support for the diagnostic functions sqlite3_compileoption_used()
+** and sqlite3_compileoption_get() may be omitted by specifying the 
+** [SQLITE_OMIT_COMPILEOPTION_DIAGS] option at compile time.
+**
+** See also: SQL functions [sqlite_compileoption_used()] and
+** [sqlite_compileoption_get()] and the [compile_options pragma].
+*/
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+SQLITE_API int SQLITE_STDCALL sqlite3_compileoption_used(const char *zOptName);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_compileoption_get(int N);
+#endif
+
+/*
+** CAPI3REF: Test To See If The Library Is Threadsafe
+**
+** ^The sqlite3_threadsafe() function returns zero if and only if
+** SQLite was compiled with mutexing code omitted due to the
+** [SQLITE_THREADSAFE] compile-time option being set to 0.
+**
+** SQLite can be compiled with or without mutexes.  When
+** the [SQLITE_THREADSAFE] C preprocessor macro is 1 or 2, mutexes
+** are enabled and SQLite is threadsafe.  When the
+** [SQLITE_THREADSAFE] macro is 0, 
+** the mutexes are omitted.  Without the mutexes, it is not safe
+** to use SQLite concurrently from more than one thread.
+**
+** Enabling mutexes incurs a measurable performance penalty.
+** So if speed is of utmost importance, it makes sense to disable
+** the mutexes.  But for maximum safety, mutexes should be enabled.
+** ^The default behavior is for mutexes to be enabled.
+**
+** This interface can be used by an application to make sure that the
+** version of SQLite that it is linking against was compiled with
+** the desired setting of the [SQLITE_THREADSAFE] macro.
+**
+** This interface only reports on the compile-time mutex setting
+** of the [SQLITE_THREADSAFE] flag.  If SQLite is compiled with
+** SQLITE_THREADSAFE=1 or =2 then mutexes are enabled by default but
+** can be fully or partially disabled using a call to [sqlite3_config()]
+** with the verbs [SQLITE_CONFIG_SINGLETHREAD], [SQLITE_CONFIG_MULTITHREAD],
+** or [SQLITE_CONFIG_SERIALIZED].  ^(The return value of the
+** sqlite3_threadsafe() function shows only the compile-time setting of
+** thread safety, not any run-time changes to that setting made by
+** sqlite3_config(). In other words, the return value from sqlite3_threadsafe()
+** is unchanged by calls to sqlite3_config().)^
+**
+** See the [threading mode] documentation for additional information.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_threadsafe(void);
+
+/*
+** CAPI3REF: Database Connection Handle
+** KEYWORDS: {database connection} {database connections}
+**
+** Each open SQLite database is represented by a pointer to an instance of
+** the opaque structure named "sqlite3".  It is useful to think of an sqlite3
+** pointer as an object.  The [sqlite3_open()], [sqlite3_open16()], and
+** [sqlite3_open_v2()] interfaces are its constructors, and [sqlite3_close()]
+** and [sqlite3_close_v2()] are its destructors.  There are many other
+** interfaces (such as
+** [sqlite3_prepare_v2()], [sqlite3_create_function()], and
+** [sqlite3_busy_timeout()] to name but three) that are methods on an
+** sqlite3 object.
+*/
+typedef struct sqlite3 sqlite3;
+
+/*
+** CAPI3REF: 64-Bit Integer Types
+** KEYWORDS: sqlite_int64 sqlite_uint64
+**
+** Because there is no cross-platform way to specify 64-bit integer types
+** SQLite includes typedefs for 64-bit signed and unsigned integers.
+**
+** The sqlite3_int64 and sqlite3_uint64 are the preferred type definitions.
+** The sqlite_int64 and sqlite_uint64 types are supported for backwards
+** compatibility only.
+**
+** ^The sqlite3_int64 and sqlite_int64 types can store integer values
+** between -9223372036854775808 and +9223372036854775807 inclusive.  ^The
+** sqlite3_uint64 and sqlite_uint64 types can store integer values 
+** between 0 and +18446744073709551615 inclusive.
+*/
+#ifdef SQLITE_INT64_TYPE
+  typedef SQLITE_INT64_TYPE sqlite_int64;
+  typedef unsigned SQLITE_INT64_TYPE sqlite_uint64;
+#elif defined(_MSC_VER) || defined(__BORLANDC__)
+  typedef __int64 sqlite_int64;
+  typedef unsigned __int64 sqlite_uint64;
+#else
+  typedef long long int sqlite_int64;
+  typedef unsigned long long int sqlite_uint64;
+#endif
+typedef sqlite_int64 sqlite3_int64;
+typedef sqlite_uint64 sqlite3_uint64;
+
+/*
+** If compiling for a processor that lacks floating point support,
+** substitute integer for floating-point.
+*/
+#ifdef SQLITE_OMIT_FLOATING_POINT
+# define double sqlite3_int64
+#endif
+
+/*
+** CAPI3REF: Closing A Database Connection
+** DESTRUCTOR: sqlite3
+**
+** ^The sqlite3_close() and sqlite3_close_v2() routines are destructors
+** for the [sqlite3] object.
+** ^Calls to sqlite3_close() and sqlite3_close_v2() return [SQLITE_OK] if
+** the [sqlite3] object is successfully destroyed and all associated
+** resources are deallocated.
+**
+** ^If the database connection is associated with unfinalized prepared
+** statements or unfinished sqlite3_backup objects then sqlite3_close()
+** will leave the database connection open and return [SQLITE_BUSY].
+** ^If sqlite3_close_v2() is called with unfinalized prepared statements
+** and/or unfinished sqlite3_backups, then the database connection becomes
+** an unusable "zombie" which will automatically be deallocated when the
+** last prepared statement is finalized or the last sqlite3_backup is
+** finished.  The sqlite3_close_v2() interface is intended for use with
+** host languages that are garbage collected, and where the order in which
+** destructors are called is arbitrary.
+**
+** Applications should [sqlite3_finalize | finalize] all [prepared statements],
+** [sqlite3_blob_close | close] all [BLOB handles], and 
+** [sqlite3_backup_finish | finish] all [sqlite3_backup] objects associated
+** with the [sqlite3] object prior to attempting to close the object.  ^If
+** sqlite3_close_v2() is called on a [database connection] that still has
+** outstanding [prepared statements], [BLOB handles], and/or
+** [sqlite3_backup] objects then it returns [SQLITE_OK] and the deallocation
+** of resources is deferred until all [prepared statements], [BLOB handles],
+** and [sqlite3_backup] objects are also destroyed.
+**
+** ^If an [sqlite3] object is destroyed while a transaction is open,
+** the transaction is automatically rolled back.
+**
+** The C parameter to [sqlite3_close(C)] and [sqlite3_close_v2(C)]
+** must be either a NULL
+** pointer or an [sqlite3] object pointer obtained
+** from [sqlite3_open()], [sqlite3_open16()], or
+** [sqlite3_open_v2()], and not previously closed.
+** ^Calling sqlite3_close() or sqlite3_close_v2() with a NULL pointer
+** argument is a harmless no-op.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_close(sqlite3*);
+SQLITE_API int SQLITE_STDCALL sqlite3_close_v2(sqlite3*);
+
+/*
+** The type for a callback function.
+** This is legacy and deprecated.  It is included for historical
+** compatibility and is not documented.
+*/
+typedef int (*sqlite3_callback)(void*,int,char**, char**);
+
+/*
+** CAPI3REF: One-Step Query Execution Interface
+** METHOD: sqlite3
+**
+** The sqlite3_exec() interface is a convenience wrapper around
+** [sqlite3_prepare_v2()], [sqlite3_step()], and [sqlite3_finalize()],
+** that allows an application to run multiple statements of SQL
+** without having to use a lot of C code. 
+**
+** ^The sqlite3_exec() interface runs zero or more UTF-8 encoded,
+** semicolon-separate SQL statements passed into its 2nd argument,
+** in the context of the [database connection] passed in as its 1st
+** argument.  ^If the callback function of the 3rd argument to
+** sqlite3_exec() is not NULL, then it is invoked for each result row
+** coming out of the evaluated SQL statements.  ^The 4th argument to
+** sqlite3_exec() is relayed through to the 1st argument of each
+** callback invocation.  ^If the callback pointer to sqlite3_exec()
+** is NULL, then no callback is ever invoked and result rows are
+** ignored.
+**
+** ^If an error occurs while evaluating the SQL statements passed into
+** sqlite3_exec(), then execution of the current statement stops and
+** subsequent statements are skipped.  ^If the 5th parameter to sqlite3_exec()
+** is not NULL then any error message is written into memory obtained
+** from [sqlite3_malloc()] and passed back through the 5th parameter.
+** To avoid memory leaks, the application should invoke [sqlite3_free()]
+** on error message strings returned through the 5th parameter of
+** of sqlite3_exec() after the error message string is no longer needed.
+** ^If the 5th parameter to sqlite3_exec() is not NULL and no errors
+** occur, then sqlite3_exec() sets the pointer in its 5th parameter to
+** NULL before returning.
+**
+** ^If an sqlite3_exec() callback returns non-zero, the sqlite3_exec()
+** routine returns SQLITE_ABORT without invoking the callback again and
+** without running any subsequent SQL statements.
+**
+** ^The 2nd argument to the sqlite3_exec() callback function is the
+** number of columns in the result.  ^The 3rd argument to the sqlite3_exec()
+** callback is an array of pointers to strings obtained as if from
+** [sqlite3_column_text()], one for each column.  ^If an element of a
+** result row is NULL then the corresponding string pointer for the
+** sqlite3_exec() callback is a NULL pointer.  ^The 4th argument to the
+** sqlite3_exec() callback is an array of pointers to strings where each
+** entry represents the name of corresponding result column as obtained
+** from [sqlite3_column_name()].
+**
+** ^If the 2nd parameter to sqlite3_exec() is a NULL pointer, a pointer
+** to an empty string, or a pointer that contains only whitespace and/or 
+** SQL comments, then no SQL statements are evaluated and the database
+** is not changed.
+**
+** Restrictions:
+**
+** <ul>
+** <li> The application must ensure that the 1st parameter to sqlite3_exec()
+**      is a valid and open [database connection].
+** <li> The application must not close the [database connection] specified by
+**      the 1st parameter to sqlite3_exec() while sqlite3_exec() is running.
+** <li> The application must not modify the SQL statement text passed into
+**      the 2nd parameter of sqlite3_exec() while sqlite3_exec() is running.
+** </ul>
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_exec(
+  sqlite3*,                                  /* An open database */
+  const char *sql,                           /* SQL to be evaluated */
+  int (*callback)(void*,int,char**,char**),  /* Callback function */
+  void *,                                    /* 1st argument to callback */
+  char **errmsg                              /* Error msg written here */
+);
+
+/*
+** CAPI3REF: Result Codes
+** KEYWORDS: {result code definitions}
+**
+** Many SQLite functions return an integer result code from the set shown
+** here in order to indicate success or failure.
+**
+** New error codes may be added in future versions of SQLite.
+**
+** See also: [extended result code definitions]
+*/
+#define SQLITE_OK           0   /* Successful result */
+/* beginning-of-error-codes */
+#define SQLITE_ERROR        1   /* SQL error or missing database */
+#define SQLITE_INTERNAL     2   /* Internal logic error in SQLite */
+#define SQLITE_PERM         3   /* Access permission denied */
+#define SQLITE_ABORT        4   /* Callback routine requested an abort */
+#define SQLITE_BUSY         5   /* The database file is locked */
+#define SQLITE_LOCKED       6   /* A table in the database is locked */
+#define SQLITE_NOMEM        7   /* A malloc() failed */
+#define SQLITE_READONLY     8   /* Attempt to write a readonly database */
+#define SQLITE_INTERRUPT    9   /* Operation terminated by sqlite3_interrupt()*/
+#define SQLITE_IOERR       10   /* Some kind of disk I/O error occurred */
+#define SQLITE_CORRUPT     11   /* The database disk image is malformed */
+#define SQLITE_NOTFOUND    12   /* Unknown opcode in sqlite3_file_control() */
+#define SQLITE_FULL        13   /* Insertion failed because database is full */
+#define SQLITE_CANTOPEN    14   /* Unable to open the database file */
+#define SQLITE_PROTOCOL    15   /* Database lock protocol error */
+#define SQLITE_EMPTY       16   /* Database is empty */
+#define SQLITE_SCHEMA      17   /* The database schema changed */
+#define SQLITE_TOOBIG      18   /* String or BLOB exceeds size limit */
+#define SQLITE_CONSTRAINT  19   /* Abort due to constraint violation */
+#define SQLITE_MISMATCH    20   /* Data type mismatch */
+#define SQLITE_MISUSE      21   /* Library used incorrectly */
+#define SQLITE_NOLFS       22   /* Uses OS features not supported on host */
+#define SQLITE_AUTH        23   /* Authorization denied */
+#define SQLITE_FORMAT      24   /* Auxiliary database format error */
+#define SQLITE_RANGE       25   /* 2nd parameter to sqlite3_bind out of range */
+#define SQLITE_NOTADB      26   /* File opened that is not a database file */
+#define SQLITE_NOTICE      27   /* Notifications from sqlite3_log() */
+#define SQLITE_WARNING     28   /* Warnings from sqlite3_log() */
+#define SQLITE_ROW         100  /* sqlite3_step() has another row ready */
+#define SQLITE_DONE        101  /* sqlite3_step() has finished executing */
+/* end-of-error-codes */
+
+/*
+** CAPI3REF: Extended Result Codes
+** KEYWORDS: {extended result code definitions}
+**
+** In its default configuration, SQLite API routines return one of 30 integer
+** [result codes].  However, experience has shown that many of
+** these result codes are too coarse-grained.  They do not provide as
+** much information about problems as programmers might like.  In an effort to
+** address this, newer versions of SQLite (version 3.3.8 and later) include
+** support for additional result codes that provide more detailed information
+** about errors. These [extended result codes] are enabled or disabled
+** on a per database connection basis using the
+** [sqlite3_extended_result_codes()] API.  Or, the extended code for
+** the most recent error can be obtained using
+** [sqlite3_extended_errcode()].
+*/
+#define SQLITE_IOERR_READ              (SQLITE_IOERR | (1<<8))
+#define SQLITE_IOERR_SHORT_READ        (SQLITE_IOERR | (2<<8))
+#define SQLITE_IOERR_WRITE             (SQLITE_IOERR | (3<<8))
+#define SQLITE_IOERR_FSYNC             (SQLITE_IOERR | (4<<8))
+#define SQLITE_IOERR_DIR_FSYNC         (SQLITE_IOERR | (5<<8))
+#define SQLITE_IOERR_TRUNCATE          (SQLITE_IOERR | (6<<8))
+#define SQLITE_IOERR_FSTAT             (SQLITE_IOERR | (7<<8))
+#define SQLITE_IOERR_UNLOCK            (SQLITE_IOERR | (8<<8))
+#define SQLITE_IOERR_RDLOCK            (SQLITE_IOERR | (9<<8))
+#define SQLITE_IOERR_DELETE            (SQLITE_IOERR | (10<<8))
+#define SQLITE_IOERR_BLOCKED           (SQLITE_IOERR | (11<<8))
+#define SQLITE_IOERR_NOMEM             (SQLITE_IOERR | (12<<8))
+#define SQLITE_IOERR_ACCESS            (SQLITE_IOERR | (13<<8))
+#define SQLITE_IOERR_CHECKRESERVEDLOCK (SQLITE_IOERR | (14<<8))
+#define SQLITE_IOERR_LOCK              (SQLITE_IOERR | (15<<8))
+#define SQLITE_IOERR_CLOSE             (SQLITE_IOERR | (16<<8))
+#define SQLITE_IOERR_DIR_CLOSE         (SQLITE_IOERR | (17<<8))
+#define SQLITE_IOERR_SHMOPEN           (SQLITE_IOERR | (18<<8))
+#define SQLITE_IOERR_SHMSIZE           (SQLITE_IOERR | (19<<8))
+#define SQLITE_IOERR_SHMLOCK           (SQLITE_IOERR | (20<<8))
+#define SQLITE_IOERR_SHMMAP            (SQLITE_IOERR | (21<<8))
+#define SQLITE_IOERR_SEEK              (SQLITE_IOERR | (22<<8))
+#define SQLITE_IOERR_DELETE_NOENT      (SQLITE_IOERR | (23<<8))
+#define SQLITE_IOERR_MMAP              (SQLITE_IOERR | (24<<8))
+#define SQLITE_IOERR_GETTEMPPATH       (SQLITE_IOERR | (25<<8))
+#define SQLITE_IOERR_CONVPATH          (SQLITE_IOERR | (26<<8))
+#define SQLITE_IOERR_VNODE             (SQLITE_IOERR | (27<<8))
+#define SQLITE_IOERR_AUTH              (SQLITE_IOERR | (28<<8))
+#define SQLITE_LOCKED_SHAREDCACHE      (SQLITE_LOCKED |  (1<<8))
+#define SQLITE_BUSY_RECOVERY           (SQLITE_BUSY   |  (1<<8))
+#define SQLITE_BUSY_SNAPSHOT           (SQLITE_BUSY   |  (2<<8))
+#define SQLITE_CANTOPEN_NOTEMPDIR      (SQLITE_CANTOPEN | (1<<8))
+#define SQLITE_CANTOPEN_ISDIR          (SQLITE_CANTOPEN | (2<<8))
+#define SQLITE_CANTOPEN_FULLPATH       (SQLITE_CANTOPEN | (3<<8))
+#define SQLITE_CANTOPEN_CONVPATH       (SQLITE_CANTOPEN | (4<<8))
+#define SQLITE_CORRUPT_VTAB            (SQLITE_CORRUPT | (1<<8))
+#define SQLITE_READONLY_RECOVERY       (SQLITE_READONLY | (1<<8))
+#define SQLITE_READONLY_CANTLOCK       (SQLITE_READONLY | (2<<8))
+#define SQLITE_READONLY_ROLLBACK       (SQLITE_READONLY | (3<<8))
+#define SQLITE_READONLY_DBMOVED        (SQLITE_READONLY | (4<<8))
+#define SQLITE_ABORT_ROLLBACK          (SQLITE_ABORT | (2<<8))
+#define SQLITE_CONSTRAINT_CHECK        (SQLITE_CONSTRAINT | (1<<8))
+#define SQLITE_CONSTRAINT_COMMITHOOK   (SQLITE_CONSTRAINT | (2<<8))
+#define SQLITE_CONSTRAINT_FOREIGNKEY   (SQLITE_CONSTRAINT | (3<<8))
+#define SQLITE_CONSTRAINT_FUNCTION     (SQLITE_CONSTRAINT | (4<<8))
+#define SQLITE_CONSTRAINT_NOTNULL      (SQLITE_CONSTRAINT | (5<<8))
+#define SQLITE_CONSTRAINT_PRIMARYKEY   (SQLITE_CONSTRAINT | (6<<8))
+#define SQLITE_CONSTRAINT_TRIGGER      (SQLITE_CONSTRAINT | (7<<8))
+#define SQLITE_CONSTRAINT_UNIQUE       (SQLITE_CONSTRAINT | (8<<8))
+#define SQLITE_CONSTRAINT_VTAB         (SQLITE_CONSTRAINT | (9<<8))
+#define SQLITE_CONSTRAINT_ROWID        (SQLITE_CONSTRAINT |(10<<8))
+#define SQLITE_NOTICE_RECOVER_WAL      (SQLITE_NOTICE | (1<<8))
+#define SQLITE_NOTICE_RECOVER_ROLLBACK (SQLITE_NOTICE | (2<<8))
+#define SQLITE_WARNING_AUTOINDEX       (SQLITE_WARNING | (1<<8))
+#define SQLITE_AUTH_USER               (SQLITE_AUTH | (1<<8))
+
+/*
+** CAPI3REF: Flags For File Open Operations
+**
+** These bit values are intended for use in the
+** 3rd parameter to the [sqlite3_open_v2()] interface and
+** in the 4th parameter to the [sqlite3_vfs.xOpen] method.
+*/
+#define SQLITE_OPEN_READONLY         0x00000001  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_READWRITE        0x00000002  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_CREATE           0x00000004  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_DELETEONCLOSE    0x00000008  /* VFS only */
+#define SQLITE_OPEN_EXCLUSIVE        0x00000010  /* VFS only */
+#define SQLITE_OPEN_AUTOPROXY        0x00000020  /* VFS only */
+#define SQLITE_OPEN_URI              0x00000040  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_MEMORY           0x00000080  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_MAIN_DB          0x00000100  /* VFS only */
+#define SQLITE_OPEN_TEMP_DB          0x00000200  /* VFS only */
+#define SQLITE_OPEN_TRANSIENT_DB     0x00000400  /* VFS only */
+#define SQLITE_OPEN_MAIN_JOURNAL     0x00000800  /* VFS only */
+#define SQLITE_OPEN_TEMP_JOURNAL     0x00001000  /* VFS only */
+#define SQLITE_OPEN_SUBJOURNAL       0x00002000  /* VFS only */
+#define SQLITE_OPEN_MASTER_JOURNAL   0x00004000  /* VFS only */
+#define SQLITE_OPEN_NOMUTEX          0x00008000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_FULLMUTEX        0x00010000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_SHAREDCACHE      0x00020000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_PRIVATECACHE     0x00040000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_WAL              0x00080000  /* VFS only */
+
+/* Reserved:                         0x00F00000 */
+
+/*
+** CAPI3REF: Device Characteristics
+**
+** The xDeviceCharacteristics method of the [sqlite3_io_methods]
+** object returns an integer which is a vector of these
+** bit values expressing I/O characteristics of the mass storage
+** device that holds the file that the [sqlite3_io_methods]
+** refers to.
+**
+** The SQLITE_IOCAP_ATOMIC property means that all writes of
+** any size are atomic.  The SQLITE_IOCAP_ATOMICnnn values
+** mean that writes of blocks that are nnn bytes in size and
+** are aligned to an address which is an integer multiple of
+** nnn are atomic.  The SQLITE_IOCAP_SAFE_APPEND value means
+** that when data is appended to a file, the data is appended
+** first then the size of the file is extended, never the other
+** way around.  The SQLITE_IOCAP_SEQUENTIAL property means that
+** information is written to disk in the same order as calls
+** to xWrite().  The SQLITE_IOCAP_POWERSAFE_OVERWRITE property means that
+** after reboot following a crash or power loss, the only bytes in a
+** file that were written at the application level might have changed
+** and that adjacent bytes, even bytes within the same sector are
+** guaranteed to be unchanged.  The SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN
+** flag indicate that a file cannot be deleted when open.  The
+** SQLITE_IOCAP_IMMUTABLE flag indicates that the file is on
+** read-only media and cannot be changed even by processes with
+** elevated privileges.
+*/
+#define SQLITE_IOCAP_ATOMIC                 0x00000001
+#define SQLITE_IOCAP_ATOMIC512              0x00000002
+#define SQLITE_IOCAP_ATOMIC1K               0x00000004
+#define SQLITE_IOCAP_ATOMIC2K               0x00000008
+#define SQLITE_IOCAP_ATOMIC4K               0x00000010
+#define SQLITE_IOCAP_ATOMIC8K               0x00000020
+#define SQLITE_IOCAP_ATOMIC16K              0x00000040
+#define SQLITE_IOCAP_ATOMIC32K              0x00000080
+#define SQLITE_IOCAP_ATOMIC64K              0x00000100
+#define SQLITE_IOCAP_SAFE_APPEND            0x00000200
+#define SQLITE_IOCAP_SEQUENTIAL             0x00000400
+#define SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN  0x00000800
+#define SQLITE_IOCAP_POWERSAFE_OVERWRITE    0x00001000
+#define SQLITE_IOCAP_IMMUTABLE              0x00002000
+
+/*
+** CAPI3REF: File Locking Levels
+**
+** SQLite uses one of these integer values as the second
+** argument to calls it makes to the xLock() and xUnlock() methods
+** of an [sqlite3_io_methods] object.
+*/
+#define SQLITE_LOCK_NONE          0
+#define SQLITE_LOCK_SHARED        1
+#define SQLITE_LOCK_RESERVED      2
+#define SQLITE_LOCK_PENDING       3
+#define SQLITE_LOCK_EXCLUSIVE     4
+
+/*
+** CAPI3REF: Synchronization Type Flags
+**
+** When SQLite invokes the xSync() method of an
+** [sqlite3_io_methods] object it uses a combination of
+** these integer values as the second argument.
+**
+** When the SQLITE_SYNC_DATAONLY flag is used, it means that the
+** sync operation only needs to flush data to mass storage.  Inode
+** information need not be flushed. If the lower four bits of the flag
+** equal SQLITE_SYNC_NORMAL, that means to use normal fsync() semantics.
+** If the lower four bits equal SQLITE_SYNC_FULL, that means
+** to use Mac OS X style fullsync instead of fsync().
+**
+** Do not confuse the SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags
+** with the [PRAGMA synchronous]=NORMAL and [PRAGMA synchronous]=FULL
+** settings.  The [synchronous pragma] determines when calls to the
+** xSync VFS method occur and applies uniformly across all platforms.
+** The SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags determine how
+** energetic or rigorous or forceful the sync operations are and
+** only make a difference on Mac OSX for the default SQLite code.
+** (Third-party VFS implementations might also make the distinction
+** between SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL, but among the
+** operating systems natively supported by SQLite, only Mac OSX
+** cares about the difference.)
+*/
+#define SQLITE_SYNC_NORMAL        0x00002
+#define SQLITE_SYNC_FULL          0x00003
+#define SQLITE_SYNC_DATAONLY      0x00010
+
+/*
+** CAPI3REF: OS Interface Open File Handle
+**
+** An [sqlite3_file] object represents an open file in the 
+** [sqlite3_vfs | OS interface layer].  Individual OS interface
+** implementations will
+** want to subclass this object by appending additional fields
+** for their own use.  The pMethods entry is a pointer to an
+** [sqlite3_io_methods] object that defines methods for performing
+** I/O operations on the open file.
+*/
+typedef struct sqlite3_file sqlite3_file;
+struct sqlite3_file {
+  const struct sqlite3_io_methods *pMethods;  /* Methods for an open file */
+};
+
+/*
+** CAPI3REF: OS Interface File Virtual Methods Object
+**
+** Every file opened by the [sqlite3_vfs.xOpen] method populates an
+** [sqlite3_file] object (or, more commonly, a subclass of the
+** [sqlite3_file] object) with a pointer to an instance of this object.
+** This object defines the methods used to perform various operations
+** against the open file represented by the [sqlite3_file] object.
+**
+** If the [sqlite3_vfs.xOpen] method sets the sqlite3_file.pMethods element 
+** to a non-NULL pointer, then the sqlite3_io_methods.xClose method
+** may be invoked even if the [sqlite3_vfs.xOpen] reported that it failed.  The
+** only way to prevent a call to xClose following a failed [sqlite3_vfs.xOpen]
+** is for the [sqlite3_vfs.xOpen] to set the sqlite3_file.pMethods element
+** to NULL.
+**
+** The flags argument to xSync may be one of [SQLITE_SYNC_NORMAL] or
+** [SQLITE_SYNC_FULL].  The first choice is the normal fsync().
+** The second choice is a Mac OS X style fullsync.  The [SQLITE_SYNC_DATAONLY]
+** flag may be ORed in to indicate that only the data of the file
+** and not its inode needs to be synced.
+**
+** The integer values to xLock() and xUnlock() are one of
+** <ul>
+** <li> [SQLITE_LOCK_NONE],
+** <li> [SQLITE_LOCK_SHARED],
+** <li> [SQLITE_LOCK_RESERVED],
+** <li> [SQLITE_LOCK_PENDING], or
+** <li> [SQLITE_LOCK_EXCLUSIVE].
+** </ul>
+** xLock() increases the lock. xUnlock() decreases the lock.
+** The xCheckReservedLock() method checks whether any database connection,
+** either in this process or in some other process, is holding a RESERVED,
+** PENDING, or EXCLUSIVE lock on the file.  It returns true
+** if such a lock exists and false otherwise.
+**
+** The xFileControl() method is a generic interface that allows custom
+** VFS implementations to directly control an open file using the
+** [sqlite3_file_control()] interface.  The second "op" argument is an
+** integer opcode.  The third argument is a generic pointer intended to
+** point to a structure that may contain arguments or space in which to
+** write return values.  Potential uses for xFileControl() might be
+** functions to enable blocking locks with timeouts, to change the
+** locking strategy (for example to use dot-file locks), to inquire
+** about the status of a lock, or to break stale locks.  The SQLite
+** core reserves all opcodes less than 100 for its own use.
+** A [file control opcodes | list of opcodes] less than 100 is available.
+** Applications that define a custom xFileControl method should use opcodes
+** greater than 100 to avoid conflicts.  VFS implementations should
+** return [SQLITE_NOTFOUND] for file control opcodes that they do not
+** recognize.
+**
+** The xSectorSize() method returns the sector size of the
+** device that underlies the file.  The sector size is the
+** minimum write that can be performed without disturbing
+** other bytes in the file.  The xDeviceCharacteristics()
+** method returns a bit vector describing behaviors of the
+** underlying device:
+**
+** <ul>
+** <li> [SQLITE_IOCAP_ATOMIC]
+** <li> [SQLITE_IOCAP_ATOMIC512]
+** <li> [SQLITE_IOCAP_ATOMIC1K]
+** <li> [SQLITE_IOCAP_ATOMIC2K]
+** <li> [SQLITE_IOCAP_ATOMIC4K]
+** <li> [SQLITE_IOCAP_ATOMIC8K]
+** <li> [SQLITE_IOCAP_ATOMIC16K]
+** <li> [SQLITE_IOCAP_ATOMIC32K]
+** <li> [SQLITE_IOCAP_ATOMIC64K]
+** <li> [SQLITE_IOCAP_SAFE_APPEND]
+** <li> [SQLITE_IOCAP_SEQUENTIAL]
+** </ul>
+**
+** The SQLITE_IOCAP_ATOMIC property means that all writes of
+** any size are atomic.  The SQLITE_IOCAP_ATOMICnnn values
+** mean that writes of blocks that are nnn bytes in size and
+** are aligned to an address which is an integer multiple of
+** nnn are atomic.  The SQLITE_IOCAP_SAFE_APPEND value means
+** that when data is appended to a file, the data is appended
+** first then the size of the file is extended, never the other
+** way around.  The SQLITE_IOCAP_SEQUENTIAL property means that
+** information is written to disk in the same order as calls
+** to xWrite().
+**
+** If xRead() returns SQLITE_IOERR_SHORT_READ it must also fill
+** in the unread portions of the buffer with zeros.  A VFS that
+** fails to zero-fill short reads might seem to work.  However,
+** failure to zero-fill short reads will eventually lead to
+** database corruption.
+*/
+typedef struct sqlite3_io_methods sqlite3_io_methods;
+struct sqlite3_io_methods {
+  int iVersion;
+  int (*xClose)(sqlite3_file*);
+  int (*xRead)(sqlite3_file*, void*, int iAmt, sqlite3_int64 iOfst);
+  int (*xWrite)(sqlite3_file*, const void*, int iAmt, sqlite3_int64 iOfst);
+  int (*xTruncate)(sqlite3_file*, sqlite3_int64 size);
+  int (*xSync)(sqlite3_file*, int flags);
+  int (*xFileSize)(sqlite3_file*, sqlite3_int64 *pSize);
+  int (*xLock)(sqlite3_file*, int);
+  int (*xUnlock)(sqlite3_file*, int);
+  int (*xCheckReservedLock)(sqlite3_file*, int *pResOut);
+  int (*xFileControl)(sqlite3_file*, int op, void *pArg);
+  int (*xSectorSize)(sqlite3_file*);
+  int (*xDeviceCharacteristics)(sqlite3_file*);
+  /* Methods above are valid for version 1 */
+  int (*xShmMap)(sqlite3_file*, int iPg, int pgsz, int, void volatile**);
+  int (*xShmLock)(sqlite3_file*, int offset, int n, int flags);
+  void (*xShmBarrier)(sqlite3_file*);
+  int (*xShmUnmap)(sqlite3_file*, int deleteFlag);
+  /* Methods above are valid for version 2 */
+  int (*xFetch)(sqlite3_file*, sqlite3_int64 iOfst, int iAmt, void **pp);
+  int (*xUnfetch)(sqlite3_file*, sqlite3_int64 iOfst, void *p);
+  /* Methods above are valid for version 3 */
+  /* Additional methods may be added in future releases */
+};
+
+/*
+** CAPI3REF: Standard File Control Opcodes
+** KEYWORDS: {file control opcodes} {file control opcode}
+**
+** These integer constants are opcodes for the xFileControl method
+** of the [sqlite3_io_methods] object and for the [sqlite3_file_control()]
+** interface.
+**
+** <ul>
+** <li>[[SQLITE_FCNTL_LOCKSTATE]]
+** The [SQLITE_FCNTL_LOCKSTATE] opcode is used for debugging.  This
+** opcode causes the xFileControl method to write the current state of
+** the lock (one of [SQLITE_LOCK_NONE], [SQLITE_LOCK_SHARED],
+** [SQLITE_LOCK_RESERVED], [SQLITE_LOCK_PENDING], or [SQLITE_LOCK_EXCLUSIVE])
+** into an integer that the pArg argument points to. This capability
+** is used during testing and is only available when the SQLITE_TEST
+** compile-time option is used.
+**
+** <li>[[SQLITE_FCNTL_SIZE_HINT]]
+** The [SQLITE_FCNTL_SIZE_HINT] opcode is used by SQLite to give the VFS
+** layer a hint of how large the database file will grow to be during the
+** current transaction.  This hint is not guaranteed to be accurate but it
+** is often close.  The underlying VFS might choose to preallocate database
+** file space based on this hint in order to help writes to the database
+** file run faster.
+**
+** <li>[[SQLITE_FCNTL_CHUNK_SIZE]]
+** The [SQLITE_FCNTL_CHUNK_SIZE] opcode is used to request that the VFS
+** extends and truncates the database file in chunks of a size specified
+** by the user. The fourth argument to [sqlite3_file_control()] should 
+** point to an integer (type int) containing the new chunk-size to use
+** for the nominated database. Allocating database file space in large
+** chunks (say 1MB at a time), may reduce file-system fragmentation and
+** improve performance on some systems.
+**
+** <li>[[SQLITE_FCNTL_FILE_POINTER]]
+** The [SQLITE_FCNTL_FILE_POINTER] opcode is used to obtain a pointer
+** to the [sqlite3_file] object associated with a particular database
+** connection.  See also [SQLITE_FCNTL_JOURNAL_POINTER].
+**
+** <li>[[SQLITE_FCNTL_JOURNAL_POINTER]]
+** The [SQLITE_FCNTL_JOURNAL_POINTER] opcode is used to obtain a pointer
+** to the [sqlite3_file] object associated with the journal file (either
+** the [rollback journal] or the [write-ahead log]) for a particular database
+** connection.  See also [SQLITE_FCNTL_FILE_POINTER].
+**
+** <li>[[SQLITE_FCNTL_SYNC_OMITTED]]
+** No longer in use.
+**
+** <li>[[SQLITE_FCNTL_SYNC]]
+** The [SQLITE_FCNTL_SYNC] opcode is generated internally by SQLite and
+** sent to the VFS immediately before the xSync method is invoked on a
+** database file descriptor. Or, if the xSync method is not invoked 
+** because the user has configured SQLite with 
+** [PRAGMA synchronous | PRAGMA synchronous=OFF] it is invoked in place 
+** of the xSync method. In most cases, the pointer argument passed with
+** this file-control is NULL. However, if the database file is being synced
+** as part of a multi-database commit, the argument points to a nul-terminated
+** string containing the transactions master-journal file name. VFSes that 
+** do not need this signal should silently ignore this opcode. Applications 
+** should not call [sqlite3_file_control()] with this opcode as doing so may 
+** disrupt the operation of the specialized VFSes that do require it.  
+**
+** <li>[[SQLITE_FCNTL_COMMIT_PHASETWO]]
+** The [SQLITE_FCNTL_COMMIT_PHASETWO] opcode is generated internally by SQLite
+** and sent to the VFS after a transaction has been committed immediately
+** but before the database is unlocked. VFSes that do not need this signal
+** should silently ignore this opcode. Applications should not call
+** [sqlite3_file_control()] with this opcode as doing so may disrupt the 
+** operation of the specialized VFSes that do require it.  
+**
+** <li>[[SQLITE_FCNTL_WIN32_AV_RETRY]]
+** ^The [SQLITE_FCNTL_WIN32_AV_RETRY] opcode is used to configure automatic
+** retry counts and intervals for certain disk I/O operations for the
+** windows [VFS] in order to provide robustness in the presence of
+** anti-virus programs.  By default, the windows VFS will retry file read,
+** file write, and file delete operations up to 10 times, with a delay
+** of 25 milliseconds before the first retry and with the delay increasing
+** by an additional 25 milliseconds with each subsequent retry.  This
+** opcode allows these two values (10 retries and 25 milliseconds of delay)
+** to be adjusted.  The values are changed for all database connections
+** within the same process.  The argument is a pointer to an array of two
+** integers where the first integer i the new retry count and the second
+** integer is the delay.  If either integer is negative, then the setting
+** is not changed but instead the prior value of that setting is written
+** into the array entry, allowing the current retry settings to be
+** interrogated.  The zDbName parameter is ignored.
+**
+** <li>[[SQLITE_FCNTL_PERSIST_WAL]]
+** ^The [SQLITE_FCNTL_PERSIST_WAL] opcode is used to set or query the
+** persistent [WAL | Write Ahead Log] setting.  By default, the auxiliary
+** write ahead log and shared memory files used for transaction control
+** are automatically deleted when the latest connection to the database
+** closes.  Setting persistent WAL mode causes those files to persist after
+** close.  Persisting the files is useful when other processes that do not
+** have write permission on the directory containing the database file want
+** to read the database file, as the WAL and shared memory files must exist
+** in order for the database to be readable.  The fourth parameter to
+** [sqlite3_file_control()] for this opcode should be a pointer to an integer.
+** That integer is 0 to disable persistent WAL mode or 1 to enable persistent
+** WAL mode.  If the integer is -1, then it is overwritten with the current
+** WAL persistence setting.
+**
+** <li>[[SQLITE_FCNTL_POWERSAFE_OVERWRITE]]
+** ^The [SQLITE_FCNTL_POWERSAFE_OVERWRITE] opcode is used to set or query the
+** persistent "powersafe-overwrite" or "PSOW" setting.  The PSOW setting
+** determines the [SQLITE_IOCAP_POWERSAFE_OVERWRITE] bit of the
+** xDeviceCharacteristics methods. The fourth parameter to
+** [sqlite3_file_control()] for this opcode should be a pointer to an integer.
+** That integer is 0 to disable zero-damage mode or 1 to enable zero-damage
+** mode.  If the integer is -1, then it is overwritten with the current
+** zero-damage mode setting.
+**
+** <li>[[SQLITE_FCNTL_OVERWRITE]]
+** ^The [SQLITE_FCNTL_OVERWRITE] opcode is invoked by SQLite after opening
+** a write transaction to indicate that, unless it is rolled back for some
+** reason, the entire database file will be overwritten by the current 
+** transaction. This is used by VACUUM operations.
+**
+** <li>[[SQLITE_FCNTL_VFSNAME]]
+** ^The [SQLITE_FCNTL_VFSNAME] opcode can be used to obtain the names of
+** all [VFSes] in the VFS stack.  The names are of all VFS shims and the
+** final bottom-level VFS are written into memory obtained from 
+** [sqlite3_malloc()] and the result is stored in the char* variable
+** that the fourth parameter of [sqlite3_file_control()] points to.
+** The caller is responsible for freeing the memory when done.  As with
+** all file-control actions, there is no guarantee that this will actually
+** do anything.  Callers should initialize the char* variable to a NULL
+** pointer in case this file-control is not implemented.  This file-control
+** is intended for diagnostic use only.
+**
+** <li>[[SQLITE_FCNTL_VFS_POINTER]]
+** ^The [SQLITE_FCNTL_VFS_POINTER] opcode finds a pointer to the top-level
+** [VFSes] currently in use.  ^(The argument X in
+** sqlite3_file_control(db,SQLITE_FCNTL_VFS_POINTER,X) must be
+** of type "[sqlite3_vfs] **".  This opcodes will set *X
+** to a pointer to the top-level VFS.)^
+** ^When there are multiple VFS shims in the stack, this opcode finds the
+** upper-most shim only.
+**
+** <li>[[SQLITE_FCNTL_PRAGMA]]
+** ^Whenever a [PRAGMA] statement is parsed, an [SQLITE_FCNTL_PRAGMA] 
+** file control is sent to the open [sqlite3_file] object corresponding
+** to the database file to which the pragma statement refers. ^The argument
+** to the [SQLITE_FCNTL_PRAGMA] file control is an array of
+** pointers to strings (char**) in which the second element of the array
+** is the name of the pragma and the third element is the argument to the
+** pragma or NULL if the pragma has no argument.  ^The handler for an
+** [SQLITE_FCNTL_PRAGMA] file control can optionally make the first element
+** of the char** argument point to a string obtained from [sqlite3_mprintf()]
+** or the equivalent and that string will become the result of the pragma or
+** the error message if the pragma fails. ^If the
+** [SQLITE_FCNTL_PRAGMA] file control returns [SQLITE_NOTFOUND], then normal 
+** [PRAGMA] processing continues.  ^If the [SQLITE_FCNTL_PRAGMA]
+** file control returns [SQLITE_OK], then the parser assumes that the
+** VFS has handled the PRAGMA itself and the parser generates a no-op
+** prepared statement if result string is NULL, or that returns a copy
+** of the result string if the string is non-NULL.
+** ^If the [SQLITE_FCNTL_PRAGMA] file control returns
+** any result code other than [SQLITE_OK] or [SQLITE_NOTFOUND], that means
+** that the VFS encountered an error while handling the [PRAGMA] and the
+** compilation of the PRAGMA fails with an error.  ^The [SQLITE_FCNTL_PRAGMA]
+** file control occurs at the beginning of pragma statement analysis and so
+** it is able to override built-in [PRAGMA] statements.
+**
+** <li>[[SQLITE_FCNTL_BUSYHANDLER]]
+** ^The [SQLITE_FCNTL_BUSYHANDLER]
+** file-control may be invoked by SQLite on the database file handle
+** shortly after it is opened in order to provide a custom VFS with access
+** to the connections busy-handler callback. The argument is of type (void **)
+** - an array of two (void *) values. The first (void *) actually points
+** to a function of type (int (*)(void *)). In order to invoke the connections
+** busy-handler, this function should be invoked with the second (void *) in
+** the array as the only argument. If it returns non-zero, then the operation
+** should be retried. If it returns zero, the custom VFS should abandon the
+** current operation.
+**
+** <li>[[SQLITE_FCNTL_TEMPFILENAME]]
+** ^Application can invoke the [SQLITE_FCNTL_TEMPFILENAME] file-control
+** to have SQLite generate a
+** temporary filename using the same algorithm that is followed to generate
+** temporary filenames for TEMP tables and other internal uses.  The
+** argument should be a char** which will be filled with the filename
+** written into memory obtained from [sqlite3_malloc()].  The caller should
+** invoke [sqlite3_free()] on the result to avoid a memory leak.
+**
+** <li>[[SQLITE_FCNTL_MMAP_SIZE]]
+** The [SQLITE_FCNTL_MMAP_SIZE] file control is used to query or set the
+** maximum number of bytes that will be used for memory-mapped I/O.
+** The argument is a pointer to a value of type sqlite3_int64 that
+** is an advisory maximum number of bytes in the file to memory map.  The
+** pointer is overwritten with the old value.  The limit is not changed if
+** the value originally pointed to is negative, and so the current limit 
+** can be queried by passing in a pointer to a negative number.  This
+** file-control is used internally to implement [PRAGMA mmap_size].
+**
+** <li>[[SQLITE_FCNTL_TRACE]]
+** The [SQLITE_FCNTL_TRACE] file control provides advisory information
+** to the VFS about what the higher layers of the SQLite stack are doing.
+** This file control is used by some VFS activity tracing [shims].
+** The argument is a zero-terminated string.  Higher layers in the
+** SQLite stack may generate instances of this file control if
+** the [SQLITE_USE_FCNTL_TRACE] compile-time option is enabled.
+**
+** <li>[[SQLITE_FCNTL_HAS_MOVED]]
+** The [SQLITE_FCNTL_HAS_MOVED] file control interprets its argument as a
+** pointer to an integer and it writes a boolean into that integer depending
+** on whether or not the file has been renamed, moved, or deleted since it
+** was first opened.
+**
+** <li>[[SQLITE_FCNTL_WIN32_SET_HANDLE]]
+** The [SQLITE_FCNTL_WIN32_SET_HANDLE] opcode is used for debugging.  This
+** opcode causes the xFileControl method to swap the file handle with the one
+** pointed to by the pArg argument.  This capability is used during testing
+** and only needs to be supported when SQLITE_TEST is defined.
+**
+** <li>[[SQLITE_FCNTL_WAL_BLOCK]]
+** The [SQLITE_FCNTL_WAL_BLOCK] is a signal to the VFS layer that it might
+** be advantageous to block on the next WAL lock if the lock is not immediately
+** available.  The WAL subsystem issues this signal during rare
+** circumstances in order to fix a problem with priority inversion.
+** Applications should <em>not</em> use this file-control.
+**
+** <li>[[SQLITE_FCNTL_ZIPVFS]]
+** The [SQLITE_FCNTL_ZIPVFS] opcode is implemented by zipvfs only. All other
+** VFS should return SQLITE_NOTFOUND for this opcode.
+**
+** <li>[[SQLITE_FCNTL_RBU]]
+** The [SQLITE_FCNTL_RBU] opcode is implemented by the special VFS used by
+** the RBU extension only.  All other VFS should return SQLITE_NOTFOUND for
+** this opcode.  
+** </ul>
+*/
+#define SQLITE_FCNTL_LOCKSTATE               1
+#define SQLITE_FCNTL_GET_LOCKPROXYFILE       2
+#define SQLITE_FCNTL_SET_LOCKPROXYFILE       3
+#define SQLITE_FCNTL_LAST_ERRNO              4
+#define SQLITE_FCNTL_SIZE_HINT               5
+#define SQLITE_FCNTL_CHUNK_SIZE              6
+#define SQLITE_FCNTL_FILE_POINTER            7
+#define SQLITE_FCNTL_SYNC_OMITTED            8
+#define SQLITE_FCNTL_WIN32_AV_RETRY          9
+#define SQLITE_FCNTL_PERSIST_WAL            10
+#define SQLITE_FCNTL_OVERWRITE              11
+#define SQLITE_FCNTL_VFSNAME                12
+#define SQLITE_FCNTL_POWERSAFE_OVERWRITE    13
+#define SQLITE_FCNTL_PRAGMA                 14
+#define SQLITE_FCNTL_BUSYHANDLER            15
+#define SQLITE_FCNTL_TEMPFILENAME           16
+#define SQLITE_FCNTL_MMAP_SIZE              18
+#define SQLITE_FCNTL_TRACE                  19
+#define SQLITE_FCNTL_HAS_MOVED              20
+#define SQLITE_FCNTL_SYNC                   21
+#define SQLITE_FCNTL_COMMIT_PHASETWO        22
+#define SQLITE_FCNTL_WIN32_SET_HANDLE       23
+#define SQLITE_FCNTL_WAL_BLOCK              24
+#define SQLITE_FCNTL_ZIPVFS                 25
+#define SQLITE_FCNTL_RBU                    26
+#define SQLITE_FCNTL_VFS_POINTER            27
+#define SQLITE_FCNTL_JOURNAL_POINTER        28
+
+/* deprecated names */
+#define SQLITE_GET_LOCKPROXYFILE      SQLITE_FCNTL_GET_LOCKPROXYFILE
+#define SQLITE_SET_LOCKPROXYFILE      SQLITE_FCNTL_SET_LOCKPROXYFILE
+#define SQLITE_LAST_ERRNO             SQLITE_FCNTL_LAST_ERRNO
+
+
+/*
+** CAPI3REF: Mutex Handle
+**
+** The mutex module within SQLite defines [sqlite3_mutex] to be an
+** abstract type for a mutex object.  The SQLite core never looks
+** at the internal representation of an [sqlite3_mutex].  It only
+** deals with pointers to the [sqlite3_mutex] object.
+**
+** Mutexes are created using [sqlite3_mutex_alloc()].
+*/
+typedef struct sqlite3_mutex sqlite3_mutex;
+
+/*
+** CAPI3REF: OS Interface Object
+**
+** An instance of the sqlite3_vfs object defines the interface between
+** the SQLite core and the underlying operating system.  The "vfs"
+** in the name of the object stands for "virtual file system".  See
+** the [VFS | VFS documentation] for further information.
+**
+** The value of the iVersion field is initially 1 but may be larger in
+** future versions of SQLite.  Additional fields may be appended to this
+** object when the iVersion value is increased.  Note that the structure
+** of the sqlite3_vfs object changes in the transaction between
+** SQLite version 3.5.9 and 3.6.0 and yet the iVersion field was not
+** modified.
+**
+** The szOsFile field is the size of the subclassed [sqlite3_file]
+** structure used by this VFS.  mxPathname is the maximum length of
+** a pathname in this VFS.
+**
+** Registered sqlite3_vfs objects are kept on a linked list formed by
+** the pNext pointer.  The [sqlite3_vfs_register()]
+** and [sqlite3_vfs_unregister()] interfaces manage this list
+** in a thread-safe way.  The [sqlite3_vfs_find()] interface
+** searches the list.  Neither the application code nor the VFS
+** implementation should use the pNext pointer.
+**
+** The pNext field is the only field in the sqlite3_vfs
+** structure that SQLite will ever modify.  SQLite will only access
+** or modify this field while holding a particular static mutex.
+** The application should never modify anything within the sqlite3_vfs
+** object once the object has been registered.
+**
+** The zName field holds the name of the VFS module.  The name must
+** be unique across all VFS modules.
+**
+** [[sqlite3_vfs.xOpen]]
+** ^SQLite guarantees that the zFilename parameter to xOpen
+** is either a NULL pointer or string obtained
+** from xFullPathname() with an optional suffix added.
+** ^If a suffix is added to the zFilename parameter, it will
+** consist of a single "-" character followed by no more than
+** 11 alphanumeric and/or "-" characters.
+** ^SQLite further guarantees that
+** the string will be valid and unchanged until xClose() is
+** called. Because of the previous sentence,
+** the [sqlite3_file] can safely store a pointer to the
+** filename if it needs to remember the filename for some reason.
+** If the zFilename parameter to xOpen is a NULL pointer then xOpen
+** must invent its own temporary name for the file.  ^Whenever the 
+** xFilename parameter is NULL it will also be the case that the
+** flags parameter will include [SQLITE_OPEN_DELETEONCLOSE].
+**
+** The flags argument to xOpen() includes all bits set in
+** the flags argument to [sqlite3_open_v2()].  Or if [sqlite3_open()]
+** or [sqlite3_open16()] is used, then flags includes at least
+** [SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]. 
+** If xOpen() opens a file read-only then it sets *pOutFlags to
+** include [SQLITE_OPEN_READONLY].  Other bits in *pOutFlags may be set.
+**
+** ^(SQLite will also add one of the following flags to the xOpen()
+** call, depending on the object being opened:
+**
+** <ul>
+** <li>  [SQLITE_OPEN_MAIN_DB]
+** <li>  [SQLITE_OPEN_MAIN_JOURNAL]
+** <li>  [SQLITE_OPEN_TEMP_DB]
+** <li>  [SQLITE_OPEN_TEMP_JOURNAL]
+** <li>  [SQLITE_OPEN_TRANSIENT_DB]
+** <li>  [SQLITE_OPEN_SUBJOURNAL]
+** <li>  [SQLITE_OPEN_MASTER_JOURNAL]
+** <li>  [SQLITE_OPEN_WAL]
+** </ul>)^
+**
+** The file I/O implementation can use the object type flags to
+** change the way it deals with files.  For example, an application
+** that does not care about crash recovery or rollback might make
+** the open of a journal file a no-op.  Writes to this journal would
+** also be no-ops, and any attempt to read the journal would return
+** SQLITE_IOERR.  Or the implementation might recognize that a database
+** file will be doing page-aligned sector reads and writes in a random
+** order and set up its I/O subsystem accordingly.
+**
+** SQLite might also add one of the following flags to the xOpen method:
+**
+** <ul>
+** <li> [SQLITE_OPEN_DELETEONCLOSE]
+** <li> [SQLITE_OPEN_EXCLUSIVE]
+** </ul>
+**
+** The [SQLITE_OPEN_DELETEONCLOSE] flag means the file should be
+** deleted when it is closed.  ^The [SQLITE_OPEN_DELETEONCLOSE]
+** will be set for TEMP databases and their journals, transient
+** databases, and subjournals.
+**
+** ^The [SQLITE_OPEN_EXCLUSIVE] flag is always used in conjunction
+** with the [SQLITE_OPEN_CREATE] flag, which are both directly
+** analogous to the O_EXCL and O_CREAT flags of the POSIX open()
+** API.  The SQLITE_OPEN_EXCLUSIVE flag, when paired with the 
+** SQLITE_OPEN_CREATE, is used to indicate that file should always
+** be created, and that it is an error if it already exists.
+** It is <i>not</i> used to indicate the file should be opened 
+** for exclusive access.
+**
+** ^At least szOsFile bytes of memory are allocated by SQLite
+** to hold the  [sqlite3_file] structure passed as the third
+** argument to xOpen.  The xOpen method does not have to
+** allocate the structure; it should just fill it in.  Note that
+** the xOpen method must set the sqlite3_file.pMethods to either
+** a valid [sqlite3_io_methods] object or to NULL.  xOpen must do
+** this even if the open fails.  SQLite expects that the sqlite3_file.pMethods
+** element will be valid after xOpen returns regardless of the success
+** or failure of the xOpen call.
+**
+** [[sqlite3_vfs.xAccess]]
+** ^The flags argument to xAccess() may be [SQLITE_ACCESS_EXISTS]
+** to test for the existence of a file, or [SQLITE_ACCESS_READWRITE] to
+** test whether a file is readable and writable, or [SQLITE_ACCESS_READ]
+** to test whether a file is at least readable.   The file can be a
+** directory.
+**
+** ^SQLite will always allocate at least mxPathname+1 bytes for the
+** output buffer xFullPathname.  The exact size of the output buffer
+** is also passed as a parameter to both  methods. If the output buffer
+** is not large enough, [SQLITE_CANTOPEN] should be returned. Since this is
+** handled as a fatal error by SQLite, vfs implementations should endeavor
+** to prevent this by setting mxPathname to a sufficiently large value.
+**
+** The xRandomness(), xSleep(), xCurrentTime(), and xCurrentTimeInt64()
+** interfaces are not strictly a part of the filesystem, but they are
+** included in the VFS structure for completeness.
+** The xRandomness() function attempts to return nBytes bytes
+** of good-quality randomness into zOut.  The return value is
+** the actual number of bytes of randomness obtained.
+** The xSleep() method causes the calling thread to sleep for at
+** least the number of microseconds given.  ^The xCurrentTime()
+** method returns a Julian Day Number for the current date and time as
+** a floating point value.
+** ^The xCurrentTimeInt64() method returns, as an integer, the Julian
+** Day Number multiplied by 86400000 (the number of milliseconds in 
+** a 24-hour day).  
+** ^SQLite will use the xCurrentTimeInt64() method to get the current
+** date and time if that method is available (if iVersion is 2 or 
+** greater and the function pointer is not NULL) and will fall back
+** to xCurrentTime() if xCurrentTimeInt64() is unavailable.
+**
+** ^The xSetSystemCall(), xGetSystemCall(), and xNestSystemCall() interfaces
+** are not used by the SQLite core.  These optional interfaces are provided
+** by some VFSes to facilitate testing of the VFS code. By overriding 
+** system calls with functions under its control, a test program can
+** simulate faults and error conditions that would otherwise be difficult
+** or impossible to induce.  The set of system calls that can be overridden
+** varies from one VFS to another, and from one version of the same VFS to the
+** next.  Applications that use these interfaces must be prepared for any
+** or all of these interfaces to be NULL or for their behavior to change
+** from one release to the next.  Applications must not attempt to access
+** any of these methods if the iVersion of the VFS is less than 3.
+*/
+typedef struct sqlite3_vfs sqlite3_vfs;
+typedef void (*sqlite3_syscall_ptr)(void);
+struct sqlite3_vfs {
+  int iVersion;            /* Structure version number (currently 3) */
+  int szOsFile;            /* Size of subclassed sqlite3_file */
+  int mxPathname;          /* Maximum file pathname length */
+  sqlite3_vfs *pNext;      /* Next registered VFS */
+  const char *zName;       /* Name of this virtual file system */
+  void *pAppData;          /* Pointer to application-specific data */
+  int (*xOpen)(sqlite3_vfs*, const char *zName, sqlite3_file*,
+               int flags, int *pOutFlags);
+  int (*xDelete)(sqlite3_vfs*, const char *zName, int syncDir);
+  int (*xAccess)(sqlite3_vfs*, const char *zName, int flags, int *pResOut);
+  int (*xFullPathname)(sqlite3_vfs*, const char *zName, int nOut, char *zOut);
+  void *(*xDlOpen)(sqlite3_vfs*, const char *zFilename);
+  void (*xDlError)(sqlite3_vfs*, int nByte, char *zErrMsg);
+  void (*(*xDlSym)(sqlite3_vfs*,void*, const char *zSymbol))(void);
+  void (*xDlClose)(sqlite3_vfs*, void*);
+  int (*xRandomness)(sqlite3_vfs*, int nByte, char *zOut);
+  int (*xSleep)(sqlite3_vfs*, int microseconds);
+  int (*xCurrentTime)(sqlite3_vfs*, double*);
+  int (*xGetLastError)(sqlite3_vfs*, int, char *);
+  /*
+  ** The methods above are in version 1 of the sqlite_vfs object
+  ** definition.  Those that follow are added in version 2 or later
+  */
+  int (*xCurrentTimeInt64)(sqlite3_vfs*, sqlite3_int64*);
+  /*
+  ** The methods above are in versions 1 and 2 of the sqlite_vfs object.
+  ** Those below are for version 3 and greater.
+  */
+  int (*xSetSystemCall)(sqlite3_vfs*, const char *zName, sqlite3_syscall_ptr);
+  sqlite3_syscall_ptr (*xGetSystemCall)(sqlite3_vfs*, const char *zName);
+  const char *(*xNextSystemCall)(sqlite3_vfs*, const char *zName);
+  /*
+  ** The methods above are in versions 1 through 3 of the sqlite_vfs object.
+  ** New fields may be appended in figure versions.  The iVersion
+  ** value will increment whenever this happens. 
+  */
+};
+
+/*
+** CAPI3REF: Flags for the xAccess VFS method
+**
+** These integer constants can be used as the third parameter to
+** the xAccess method of an [sqlite3_vfs] object.  They determine
+** what kind of permissions the xAccess method is looking for.
+** With SQLITE_ACCESS_EXISTS, the xAccess method
+** simply checks whether the file exists.
+** With SQLITE_ACCESS_READWRITE, the xAccess method
+** checks whether the named directory is both readable and writable
+** (in other words, if files can be added, removed, and renamed within
+** the directory).
+** The SQLITE_ACCESS_READWRITE constant is currently used only by the
+** [temp_store_directory pragma], though this could change in a future
+** release of SQLite.
+** With SQLITE_ACCESS_READ, the xAccess method
+** checks whether the file is readable.  The SQLITE_ACCESS_READ constant is
+** currently unused, though it might be used in a future release of
+** SQLite.
+*/
+#define SQLITE_ACCESS_EXISTS    0
+#define SQLITE_ACCESS_READWRITE 1   /* Used by PRAGMA temp_store_directory */
+#define SQLITE_ACCESS_READ      2   /* Unused */
+
+/*
+** CAPI3REF: Flags for the xShmLock VFS method
+**
+** These integer constants define the various locking operations
+** allowed by the xShmLock method of [sqlite3_io_methods].  The
+** following are the only legal combinations of flags to the
+** xShmLock method:
+**
+** <ul>
+** <li>  SQLITE_SHM_LOCK | SQLITE_SHM_SHARED
+** <li>  SQLITE_SHM_LOCK | SQLITE_SHM_EXCLUSIVE
+** <li>  SQLITE_SHM_UNLOCK | SQLITE_SHM_SHARED
+** <li>  SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE
+** </ul>
+**
+** When unlocking, the same SHARED or EXCLUSIVE flag must be supplied as
+** was given on the corresponding lock.  
+**
+** The xShmLock method can transition between unlocked and SHARED or
+** between unlocked and EXCLUSIVE.  It cannot transition between SHARED
+** and EXCLUSIVE.
+*/
+#define SQLITE_SHM_UNLOCK       1
+#define SQLITE_SHM_LOCK         2
+#define SQLITE_SHM_SHARED       4
+#define SQLITE_SHM_EXCLUSIVE    8
+
+/*
+** CAPI3REF: Maximum xShmLock index
+**
+** The xShmLock method on [sqlite3_io_methods] may use values
+** between 0 and this upper bound as its "offset" argument.
+** The SQLite core will never attempt to acquire or release a
+** lock outside of this range
+*/
+#define SQLITE_SHM_NLOCK        8
+
+
+/*
+** CAPI3REF: Initialize The SQLite Library
+**
+** ^The sqlite3_initialize() routine initializes the
+** SQLite library.  ^The sqlite3_shutdown() routine
+** deallocates any resources that were allocated by sqlite3_initialize().
+** These routines are designed to aid in process initialization and
+** shutdown on embedded systems.  Workstation applications using
+** SQLite normally do not need to invoke either of these routines.
+**
+** A call to sqlite3_initialize() is an "effective" call if it is
+** the first time sqlite3_initialize() is invoked during the lifetime of
+** the process, or if it is the first time sqlite3_initialize() is invoked
+** following a call to sqlite3_shutdown().  ^(Only an effective call
+** of sqlite3_initialize() does any initialization.  All other calls
+** are harmless no-ops.)^
+**
+** A call to sqlite3_shutdown() is an "effective" call if it is the first
+** call to sqlite3_shutdown() since the last sqlite3_initialize().  ^(Only
+** an effective call to sqlite3_shutdown() does any deinitialization.
+** All other valid calls to sqlite3_shutdown() are harmless no-ops.)^
+**
+** The sqlite3_initialize() interface is threadsafe, but sqlite3_shutdown()
+** is not.  The sqlite3_shutdown() interface must only be called from a
+** single thread.  All open [database connections] must be closed and all
+** other SQLite resources must be deallocated prior to invoking
+** sqlite3_shutdown().
+**
+** Among other things, ^sqlite3_initialize() will invoke
+** sqlite3_os_init().  Similarly, ^sqlite3_shutdown()
+** will invoke sqlite3_os_end().
+**
+** ^The sqlite3_initialize() routine returns [SQLITE_OK] on success.
+** ^If for some reason, sqlite3_initialize() is unable to initialize
+** the library (perhaps it is unable to allocate a needed resource such
+** as a mutex) it returns an [error code] other than [SQLITE_OK].
+**
+** ^The sqlite3_initialize() routine is called internally by many other
+** SQLite interfaces so that an application usually does not need to
+** invoke sqlite3_initialize() directly.  For example, [sqlite3_open()]
+** calls sqlite3_initialize() so the SQLite library will be automatically
+** initialized when [sqlite3_open()] is called if it has not be initialized
+** already.  ^However, if SQLite is compiled with the [SQLITE_OMIT_AUTOINIT]
+** compile-time option, then the automatic calls to sqlite3_initialize()
+** are omitted and the application must call sqlite3_initialize() directly
+** prior to using any other SQLite interface.  For maximum portability,
+** it is recommended that applications always invoke sqlite3_initialize()
+** directly prior to using any other SQLite interface.  Future releases
+** of SQLite may require this.  In other words, the behavior exhibited
+** when SQLite is compiled with [SQLITE_OMIT_AUTOINIT] might become the
+** default behavior in some future release of SQLite.
+**
+** The sqlite3_os_init() routine does operating-system specific
+** initialization of the SQLite library.  The sqlite3_os_end()
+** routine undoes the effect of sqlite3_os_init().  Typical tasks
+** performed by these routines include allocation or deallocation
+** of static resources, initialization of global variables,
+** setting up a default [sqlite3_vfs] module, or setting up
+** a default configuration using [sqlite3_config()].
+**
+** The application should never invoke either sqlite3_os_init()
+** or sqlite3_os_end() directly.  The application should only invoke
+** sqlite3_initialize() and sqlite3_shutdown().  The sqlite3_os_init()
+** interface is called automatically by sqlite3_initialize() and
+** sqlite3_os_end() is called by sqlite3_shutdown().  Appropriate
+** implementations for sqlite3_os_init() and sqlite3_os_end()
+** are built into SQLite when it is compiled for Unix, Windows, or OS/2.
+** When [custom builds | built for other platforms]
+** (using the [SQLITE_OS_OTHER=1] compile-time
+** option) the application must supply a suitable implementation for
+** sqlite3_os_init() and sqlite3_os_end().  An application-supplied
+** implementation of sqlite3_os_init() or sqlite3_os_end()
+** must return [SQLITE_OK] on success and some other [error code] upon
+** failure.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_initialize(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_shutdown(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_os_init(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_os_end(void);
+
+/*
+** CAPI3REF: Configuring The SQLite Library
+**
+** The sqlite3_config() interface is used to make global configuration
+** changes to SQLite in order to tune SQLite to the specific needs of
+** the application.  The default configuration is recommended for most
+** applications and so this routine is usually not necessary.  It is
+** provided to support rare applications with unusual needs.
+**
+** <b>The sqlite3_config() interface is not threadsafe. The application
+** must ensure that no other SQLite interfaces are invoked by other
+** threads while sqlite3_config() is running.</b>
+**
+** The sqlite3_config() interface
+** may only be invoked prior to library initialization using
+** [sqlite3_initialize()] or after shutdown by [sqlite3_shutdown()].
+** ^If sqlite3_config() is called after [sqlite3_initialize()] and before
+** [sqlite3_shutdown()] then it will return SQLITE_MISUSE.
+** Note, however, that ^sqlite3_config() can be called as part of the
+** implementation of an application-defined [sqlite3_os_init()].
+**
+** The first argument to sqlite3_config() is an integer
+** [configuration option] that determines
+** what property of SQLite is to be configured.  Subsequent arguments
+** vary depending on the [configuration option]
+** in the first argument.
+**
+** ^When a configuration option is set, sqlite3_config() returns [SQLITE_OK].
+** ^If the option is unknown or SQLite is unable to set the option
+** then this routine returns a non-zero [error code].
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_config(int, ...);
+
+/*
+** CAPI3REF: Configure database connections
+** METHOD: sqlite3
+**
+** The sqlite3_db_config() interface is used to make configuration
+** changes to a [database connection].  The interface is similar to
+** [sqlite3_config()] except that the changes apply to a single
+** [database connection] (specified in the first argument).
+**
+** The second argument to sqlite3_db_config(D,V,...)  is the
+** [SQLITE_DBCONFIG_LOOKASIDE | configuration verb] - an integer code 
+** that indicates what aspect of the [database connection] is being configured.
+** Subsequent arguments vary depending on the configuration verb.
+**
+** ^Calls to sqlite3_db_config() return SQLITE_OK if and only if
+** the call is considered successful.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_db_config(sqlite3*, int op, ...);
+
+/*
+** CAPI3REF: Memory Allocation Routines
+**
+** An instance of this object defines the interface between SQLite
+** and low-level memory allocation routines.
+**
+** This object is used in only one place in the SQLite interface.
+** A pointer to an instance of this object is the argument to
+** [sqlite3_config()] when the configuration option is
+** [SQLITE_CONFIG_MALLOC] or [SQLITE_CONFIG_GETMALLOC].  
+** By creating an instance of this object
+** and passing it to [sqlite3_config]([SQLITE_CONFIG_MALLOC])
+** during configuration, an application can specify an alternative
+** memory allocation subsystem for SQLite to use for all of its
+** dynamic memory needs.
+**
+** Note that SQLite comes with several [built-in memory allocators]
+** that are perfectly adequate for the overwhelming majority of applications
+** and that this object is only useful to a tiny minority of applications
+** with specialized memory allocation requirements.  This object is
+** also used during testing of SQLite in order to specify an alternative
+** memory allocator that simulates memory out-of-memory conditions in
+** order to verify that SQLite recovers gracefully from such
+** conditions.
+**
+** The xMalloc, xRealloc, and xFree methods must work like the
+** malloc(), realloc() and free() functions from the standard C library.
+** ^SQLite guarantees that the second argument to
+** xRealloc is always a value returned by a prior call to xRoundup.
+**
+** xSize should return the allocated size of a memory allocation
+** previously obtained from xMalloc or xRealloc.  The allocated size
+** is always at least as big as the requested size but may be larger.
+**
+** The xRoundup method returns what would be the allocated size of
+** a memory allocation given a particular requested size.  Most memory
+** allocators round up memory allocations at least to the next multiple
+** of 8.  Some allocators round up to a larger multiple or to a power of 2.
+** Every memory allocation request coming in through [sqlite3_malloc()]
+** or [sqlite3_realloc()] first calls xRoundup.  If xRoundup returns 0, 
+** that causes the corresponding memory allocation to fail.
+**
+** The xInit method initializes the memory allocator.  For example,
+** it might allocate any require mutexes or initialize internal data
+** structures.  The xShutdown method is invoked (indirectly) by
+** [sqlite3_shutdown()] and should deallocate any resources acquired
+** by xInit.  The pAppData pointer is used as the only parameter to
+** xInit and xShutdown.
+**
+** SQLite holds the [SQLITE_MUTEX_STATIC_MASTER] mutex when it invokes
+** the xInit method, so the xInit method need not be threadsafe.  The
+** xShutdown method is only called from [sqlite3_shutdown()] so it does
+** not need to be threadsafe either.  For all other methods, SQLite
+** holds the [SQLITE_MUTEX_STATIC_MEM] mutex as long as the
+** [SQLITE_CONFIG_MEMSTATUS] configuration option is turned on (which
+** it is by default) and so the methods are automatically serialized.
+** However, if [SQLITE_CONFIG_MEMSTATUS] is disabled, then the other
+** methods must be threadsafe or else make their own arrangements for
+** serialization.
+**
+** SQLite will never invoke xInit() more than once without an intervening
+** call to xShutdown().
+*/
+typedef struct sqlite3_mem_methods sqlite3_mem_methods;
+struct sqlite3_mem_methods {
+  void *(*xMalloc)(int);         /* Memory allocation function */
+  void (*xFree)(void*);          /* Free a prior allocation */
+  void *(*xRealloc)(void*,int);  /* Resize an allocation */
+  int (*xSize)(void*);           /* Return the size of an allocation */
+  int (*xRoundup)(int);          /* Round up request size to allocation size */
+  int (*xInit)(void*);           /* Initialize the memory allocator */
+  void (*xShutdown)(void*);      /* Deinitialize the memory allocator */
+  void *pAppData;                /* Argument to xInit() and xShutdown() */
+};
+
+/*
+** CAPI3REF: Configuration Options
+** KEYWORDS: {configuration option}
+**
+** These constants are the available integer configuration options that
+** can be passed as the first argument to the [sqlite3_config()] interface.
+**
+** New configuration options may be added in future releases of SQLite.
+** Existing configuration options might be discontinued.  Applications
+** should check the return code from [sqlite3_config()] to make sure that
+** the call worked.  The [sqlite3_config()] interface will return a
+** non-zero [error code] if a discontinued or unsupported configuration option
+** is invoked.
+**
+** <dl>
+** [[SQLITE_CONFIG_SINGLETHREAD]] <dt>SQLITE_CONFIG_SINGLETHREAD</dt>
+** <dd>There are no arguments to this option.  ^This option sets the
+** [threading mode] to Single-thread.  In other words, it disables
+** all mutexing and puts SQLite into a mode where it can only be used
+** by a single thread.   ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** it is not possible to change the [threading mode] from its default
+** value of Single-thread and so [sqlite3_config()] will return 
+** [SQLITE_ERROR] if called with the SQLITE_CONFIG_SINGLETHREAD
+** configuration option.</dd>
+**
+** [[SQLITE_CONFIG_MULTITHREAD]] <dt>SQLITE_CONFIG_MULTITHREAD</dt>
+** <dd>There are no arguments to this option.  ^This option sets the
+** [threading mode] to Multi-thread.  In other words, it disables
+** mutexing on [database connection] and [prepared statement] objects.
+** The application is responsible for serializing access to
+** [database connections] and [prepared statements].  But other mutexes
+** are enabled so that SQLite will be safe to use in a multi-threaded
+** environment as long as no two threads attempt to use the same
+** [database connection] at the same time.  ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** it is not possible to set the Multi-thread [threading mode] and
+** [sqlite3_config()] will return [SQLITE_ERROR] if called with the
+** SQLITE_CONFIG_MULTITHREAD configuration option.</dd>
+**
+** [[SQLITE_CONFIG_SERIALIZED]] <dt>SQLITE_CONFIG_SERIALIZED</dt>
+** <dd>There are no arguments to this option.  ^This option sets the
+** [threading mode] to Serialized. In other words, this option enables
+** all mutexes including the recursive
+** mutexes on [database connection] and [prepared statement] objects.
+** In this mode (which is the default when SQLite is compiled with
+** [SQLITE_THREADSAFE=1]) the SQLite library will itself serialize access
+** to [database connections] and [prepared statements] so that the
+** application is free to use the same [database connection] or the
+** same [prepared statement] in different threads at the same time.
+** ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** it is not possible to set the Serialized [threading mode] and
+** [sqlite3_config()] will return [SQLITE_ERROR] if called with the
+** SQLITE_CONFIG_SERIALIZED configuration option.</dd>
+**
+** [[SQLITE_CONFIG_MALLOC]] <dt>SQLITE_CONFIG_MALLOC</dt>
+** <dd> ^(The SQLITE_CONFIG_MALLOC option takes a single argument which is 
+** a pointer to an instance of the [sqlite3_mem_methods] structure.
+** The argument specifies
+** alternative low-level memory allocation routines to be used in place of
+** the memory allocation routines built into SQLite.)^ ^SQLite makes
+** its own private copy of the content of the [sqlite3_mem_methods] structure
+** before the [sqlite3_config()] call returns.</dd>
+**
+** [[SQLITE_CONFIG_GETMALLOC]] <dt>SQLITE_CONFIG_GETMALLOC</dt>
+** <dd> ^(The SQLITE_CONFIG_GETMALLOC option takes a single argument which
+** is a pointer to an instance of the [sqlite3_mem_methods] structure.
+** The [sqlite3_mem_methods]
+** structure is filled with the currently defined memory allocation routines.)^
+** This option can be used to overload the default memory allocation
+** routines with a wrapper that simulations memory allocation failure or
+** tracks memory usage, for example. </dd>
+**
+** [[SQLITE_CONFIG_MEMSTATUS]] <dt>SQLITE_CONFIG_MEMSTATUS</dt>
+** <dd> ^The SQLITE_CONFIG_MEMSTATUS option takes single argument of type int,
+** interpreted as a boolean, which enables or disables the collection of
+** memory allocation statistics. ^(When memory allocation statistics are
+** disabled, the following SQLite interfaces become non-operational:
+**   <ul>
+**   <li> [sqlite3_memory_used()]
+**   <li> [sqlite3_memory_highwater()]
+**   <li> [sqlite3_soft_heap_limit64()]
+**   <li> [sqlite3_status64()]
+**   </ul>)^
+** ^Memory allocation statistics are enabled by default unless SQLite is
+** compiled with [SQLITE_DEFAULT_MEMSTATUS]=0 in which case memory
+** allocation statistics are disabled by default.
+** </dd>
+**
+** [[SQLITE_CONFIG_SCRATCH]] <dt>SQLITE_CONFIG_SCRATCH</dt>
+** <dd> ^The SQLITE_CONFIG_SCRATCH option specifies a static memory buffer
+** that SQLite can use for scratch memory.  ^(There are three arguments
+** to SQLITE_CONFIG_SCRATCH:  A pointer an 8-byte
+** aligned memory buffer from which the scratch allocations will be
+** drawn, the size of each scratch allocation (sz),
+** and the maximum number of scratch allocations (N).)^
+** The first argument must be a pointer to an 8-byte aligned buffer
+** of at least sz*N bytes of memory.
+** ^SQLite will not use more than one scratch buffers per thread.
+** ^SQLite will never request a scratch buffer that is more than 6
+** times the database page size.
+** ^If SQLite needs needs additional
+** scratch memory beyond what is provided by this configuration option, then 
+** [sqlite3_malloc()] will be used to obtain the memory needed.<p>
+** ^When the application provides any amount of scratch memory using
+** SQLITE_CONFIG_SCRATCH, SQLite avoids unnecessary large
+** [sqlite3_malloc|heap allocations].
+** This can help [Robson proof|prevent memory allocation failures] due to heap
+** fragmentation in low-memory embedded systems.
+** </dd>
+**
+** [[SQLITE_CONFIG_PAGECACHE]] <dt>SQLITE_CONFIG_PAGECACHE</dt>
+** <dd> ^The SQLITE_CONFIG_PAGECACHE option specifies a memory pool
+** that SQLite can use for the database page cache with the default page
+** cache implementation.  
+** This configuration option is a no-op if an application-define page
+** cache implementation is loaded using the [SQLITE_CONFIG_PCACHE2].
+** ^There are three arguments to SQLITE_CONFIG_PAGECACHE: A pointer to
+** 8-byte aligned memory (pMem), the size of each page cache line (sz),
+** and the number of cache lines (N).
+** The sz argument should be the size of the largest database page
+** (a power of two between 512 and 65536) plus some extra bytes for each
+** page header.  ^The number of extra bytes needed by the page header
+** can be determined using [SQLITE_CONFIG_PCACHE_HDRSZ].
+** ^It is harmless, apart from the wasted memory,
+** for the sz parameter to be larger than necessary.  The pMem
+** argument must be either a NULL pointer or a pointer to an 8-byte
+** aligned block of memory of at least sz*N bytes, otherwise
+** subsequent behavior is undefined.
+** ^When pMem is not NULL, SQLite will strive to use the memory provided
+** to satisfy page cache needs, falling back to [sqlite3_malloc()] if
+** a page cache line is larger than sz bytes or if all of the pMem buffer
+** is exhausted.
+** ^If pMem is NULL and N is non-zero, then each database connection
+** does an initial bulk allocation for page cache memory
+** from [sqlite3_malloc()] sufficient for N cache lines if N is positive or
+** of -1024*N bytes if N is negative, . ^If additional
+** page cache memory is needed beyond what is provided by the initial
+** allocation, then SQLite goes to [sqlite3_malloc()] separately for each
+** additional cache line. </dd>
+**
+** [[SQLITE_CONFIG_HEAP]] <dt>SQLITE_CONFIG_HEAP</dt>
+** <dd> ^The SQLITE_CONFIG_HEAP option specifies a static memory buffer 
+** that SQLite will use for all of its dynamic memory allocation needs
+** beyond those provided for by [SQLITE_CONFIG_SCRATCH] and
+** [SQLITE_CONFIG_PAGECACHE].
+** ^The SQLITE_CONFIG_HEAP option is only available if SQLite is compiled
+** with either [SQLITE_ENABLE_MEMSYS3] or [SQLITE_ENABLE_MEMSYS5] and returns
+** [SQLITE_ERROR] if invoked otherwise.
+** ^There are three arguments to SQLITE_CONFIG_HEAP:
+** An 8-byte aligned pointer to the memory,
+** the number of bytes in the memory buffer, and the minimum allocation size.
+** ^If the first pointer (the memory pointer) is NULL, then SQLite reverts
+** to using its default memory allocator (the system malloc() implementation),
+** undoing any prior invocation of [SQLITE_CONFIG_MALLOC].  ^If the
+** memory pointer is not NULL then the alternative memory
+** allocator is engaged to handle all of SQLites memory allocation needs.
+** The first pointer (the memory pointer) must be aligned to an 8-byte
+** boundary or subsequent behavior of SQLite will be undefined.
+** The minimum allocation size is capped at 2**12. Reasonable values
+** for the minimum allocation size are 2**5 through 2**8.</dd>
+**
+** [[SQLITE_CONFIG_MUTEX]] <dt>SQLITE_CONFIG_MUTEX</dt>
+** <dd> ^(The SQLITE_CONFIG_MUTEX option takes a single argument which is a
+** pointer to an instance of the [sqlite3_mutex_methods] structure.
+** The argument specifies alternative low-level mutex routines to be used
+** in place the mutex routines built into SQLite.)^  ^SQLite makes a copy of
+** the content of the [sqlite3_mutex_methods] structure before the call to
+** [sqlite3_config()] returns. ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** the entire mutexing subsystem is omitted from the build and hence calls to
+** [sqlite3_config()] with the SQLITE_CONFIG_MUTEX configuration option will
+** return [SQLITE_ERROR].</dd>
+**
+** [[SQLITE_CONFIG_GETMUTEX]] <dt>SQLITE_CONFIG_GETMUTEX</dt>
+** <dd> ^(The SQLITE_CONFIG_GETMUTEX option takes a single argument which
+** is a pointer to an instance of the [sqlite3_mutex_methods] structure.  The
+** [sqlite3_mutex_methods]
+** structure is filled with the currently defined mutex routines.)^
+** This option can be used to overload the default mutex allocation
+** routines with a wrapper used to track mutex usage for performance
+** profiling or testing, for example.   ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** the entire mutexing subsystem is omitted from the build and hence calls to
+** [sqlite3_config()] with the SQLITE_CONFIG_GETMUTEX configuration option will
+** return [SQLITE_ERROR].</dd>
+**
+** [[SQLITE_CONFIG_LOOKASIDE]] <dt>SQLITE_CONFIG_LOOKASIDE</dt>
+** <dd> ^(The SQLITE_CONFIG_LOOKASIDE option takes two arguments that determine
+** the default size of lookaside memory on each [database connection].
+** The first argument is the
+** size of each lookaside buffer slot and the second is the number of
+** slots allocated to each database connection.)^  ^(SQLITE_CONFIG_LOOKASIDE
+** sets the <i>default</i> lookaside size. The [SQLITE_DBCONFIG_LOOKASIDE]
+** option to [sqlite3_db_config()] can be used to change the lookaside
+** configuration on individual connections.)^ </dd>
+**
+** [[SQLITE_CONFIG_PCACHE2]] <dt>SQLITE_CONFIG_PCACHE2</dt>
+** <dd> ^(The SQLITE_CONFIG_PCACHE2 option takes a single argument which is 
+** a pointer to an [sqlite3_pcache_methods2] object.  This object specifies
+** the interface to a custom page cache implementation.)^
+** ^SQLite makes a copy of the [sqlite3_pcache_methods2] object.</dd>
+**
+** [[SQLITE_CONFIG_GETPCACHE2]] <dt>SQLITE_CONFIG_GETPCACHE2</dt>
+** <dd> ^(The SQLITE_CONFIG_GETPCACHE2 option takes a single argument which
+** is a pointer to an [sqlite3_pcache_methods2] object.  SQLite copies of
+** the current page cache implementation into that object.)^ </dd>
+**
+** [[SQLITE_CONFIG_LOG]] <dt>SQLITE_CONFIG_LOG</dt>
+** <dd> The SQLITE_CONFIG_LOG option is used to configure the SQLite
+** global [error log].
+** (^The SQLITE_CONFIG_LOG option takes two arguments: a pointer to a
+** function with a call signature of void(*)(void*,int,const char*), 
+** and a pointer to void. ^If the function pointer is not NULL, it is
+** invoked by [sqlite3_log()] to process each logging event.  ^If the
+** function pointer is NULL, the [sqlite3_log()] interface becomes a no-op.
+** ^The void pointer that is the second argument to SQLITE_CONFIG_LOG is
+** passed through as the first parameter to the application-defined logger
+** function whenever that function is invoked.  ^The second parameter to
+** the logger function is a copy of the first parameter to the corresponding
+** [sqlite3_log()] call and is intended to be a [result code] or an
+** [extended result code].  ^The third parameter passed to the logger is
+** log message after formatting via [sqlite3_snprintf()].
+** The SQLite logging interface is not reentrant; the logger function
+** supplied by the application must not invoke any SQLite interface.
+** In a multi-threaded application, the application-defined logger
+** function must be threadsafe. </dd>
+**
+** [[SQLITE_CONFIG_URI]] <dt>SQLITE_CONFIG_URI
+** <dd>^(The SQLITE_CONFIG_URI option takes a single argument of type int.
+** If non-zero, then URI handling is globally enabled. If the parameter is zero,
+** then URI handling is globally disabled.)^ ^If URI handling is globally
+** enabled, all filenames passed to [sqlite3_open()], [sqlite3_open_v2()],
+** [sqlite3_open16()] or
+** specified as part of [ATTACH] commands are interpreted as URIs, regardless
+** of whether or not the [SQLITE_OPEN_URI] flag is set when the database
+** connection is opened. ^If it is globally disabled, filenames are
+** only interpreted as URIs if the SQLITE_OPEN_URI flag is set when the
+** database connection is opened. ^(By default, URI handling is globally
+** disabled. The default value may be changed by compiling with the
+** [SQLITE_USE_URI] symbol defined.)^
+**
+** [[SQLITE_CONFIG_COVERING_INDEX_SCAN]] <dt>SQLITE_CONFIG_COVERING_INDEX_SCAN
+** <dd>^The SQLITE_CONFIG_COVERING_INDEX_SCAN option takes a single integer
+** argument which is interpreted as a boolean in order to enable or disable
+** the use of covering indices for full table scans in the query optimizer.
+** ^The default setting is determined
+** by the [SQLITE_ALLOW_COVERING_INDEX_SCAN] compile-time option, or is "on"
+** if that compile-time option is omitted.
+** The ability to disable the use of covering indices for full table scans
+** is because some incorrectly coded legacy applications might malfunction
+** when the optimization is enabled.  Providing the ability to
+** disable the optimization allows the older, buggy application code to work
+** without change even with newer versions of SQLite.
+**
+** [[SQLITE_CONFIG_PCACHE]] [[SQLITE_CONFIG_GETPCACHE]]
+** <dt>SQLITE_CONFIG_PCACHE and SQLITE_CONFIG_GETPCACHE
+** <dd> These options are obsolete and should not be used by new code.
+** They are retained for backwards compatibility but are now no-ops.
+** </dd>
+**
+** [[SQLITE_CONFIG_SQLLOG]]
+** <dt>SQLITE_CONFIG_SQLLOG
+** <dd>This option is only available if sqlite is compiled with the
+** [SQLITE_ENABLE_SQLLOG] pre-processor macro defined. The first argument should
+** be a pointer to a function of type void(*)(void*,sqlite3*,const char*, int).
+** The second should be of type (void*). The callback is invoked by the library
+** in three separate circumstances, identified by the value passed as the
+** fourth parameter. If the fourth parameter is 0, then the database connection
+** passed as the second argument has just been opened. The third argument
+** points to a buffer containing the name of the main database file. If the
+** fourth parameter is 1, then the SQL statement that the third parameter
+** points to has just been executed. Or, if the fourth parameter is 2, then
+** the connection being passed as the second parameter is being closed. The
+** third parameter is passed NULL In this case.  An example of using this
+** configuration option can be seen in the "test_sqllog.c" source file in
+** the canonical SQLite source tree.</dd>
+**
+** [[SQLITE_CONFIG_MMAP_SIZE]]
+** <dt>SQLITE_CONFIG_MMAP_SIZE
+** <dd>^SQLITE_CONFIG_MMAP_SIZE takes two 64-bit integer (sqlite3_int64) values
+** that are the default mmap size limit (the default setting for
+** [PRAGMA mmap_size]) and the maximum allowed mmap size limit.
+** ^The default setting can be overridden by each database connection using
+** either the [PRAGMA mmap_size] command, or by using the
+** [SQLITE_FCNTL_MMAP_SIZE] file control.  ^(The maximum allowed mmap size
+** will be silently truncated if necessary so that it does not exceed the
+** compile-time maximum mmap size set by the
+** [SQLITE_MAX_MMAP_SIZE] compile-time option.)^
+** ^If either argument to this option is negative, then that argument is
+** changed to its compile-time default.
+**
+** [[SQLITE_CONFIG_WIN32_HEAPSIZE]]
+** <dt>SQLITE_CONFIG_WIN32_HEAPSIZE
+** <dd>^The SQLITE_CONFIG_WIN32_HEAPSIZE option is only available if SQLite is
+** compiled for Windows with the [SQLITE_WIN32_MALLOC] pre-processor macro
+** defined. ^SQLITE_CONFIG_WIN32_HEAPSIZE takes a 32-bit unsigned integer value
+** that specifies the maximum size of the created heap.
+**
+** [[SQLITE_CONFIG_PCACHE_HDRSZ]]
+** <dt>SQLITE_CONFIG_PCACHE_HDRSZ
+** <dd>^The SQLITE_CONFIG_PCACHE_HDRSZ option takes a single parameter which
+** is a pointer to an integer and writes into that integer the number of extra
+** bytes per page required for each page in [SQLITE_CONFIG_PAGECACHE].
+** The amount of extra space required can change depending on the compiler,
+** target platform, and SQLite version.
+**
+** [[SQLITE_CONFIG_PMASZ]]
+** <dt>SQLITE_CONFIG_PMASZ
+** <dd>^The SQLITE_CONFIG_PMASZ option takes a single parameter which
+** is an unsigned integer and sets the "Minimum PMA Size" for the multithreaded
+** sorter to that integer.  The default minimum PMA Size is set by the
+** [SQLITE_SORTER_PMASZ] compile-time option.  New threads are launched
+** to help with sort operations when multithreaded sorting
+** is enabled (using the [PRAGMA threads] command) and the amount of content
+** to be sorted exceeds the page size times the minimum of the
+** [PRAGMA cache_size] setting and this value.
+** </dl>
+*/
+#define SQLITE_CONFIG_SINGLETHREAD  1  /* nil */
+#define SQLITE_CONFIG_MULTITHREAD   2  /* nil */
+#define SQLITE_CONFIG_SERIALIZED    3  /* nil */
+#define SQLITE_CONFIG_MALLOC        4  /* sqlite3_mem_methods* */
+#define SQLITE_CONFIG_GETMALLOC     5  /* sqlite3_mem_methods* */
+#define SQLITE_CONFIG_SCRATCH       6  /* void*, int sz, int N */
+#define SQLITE_CONFIG_PAGECACHE     7  /* void*, int sz, int N */
+#define SQLITE_CONFIG_HEAP          8  /* void*, int nByte, int min */
+#define SQLITE_CONFIG_MEMSTATUS     9  /* boolean */
+#define SQLITE_CONFIG_MUTEX        10  /* sqlite3_mutex_methods* */
+#define SQLITE_CONFIG_GETMUTEX     11  /* sqlite3_mutex_methods* */
+/* previously SQLITE_CONFIG_CHUNKALLOC 12 which is now unused. */ 
+#define SQLITE_CONFIG_LOOKASIDE    13  /* int int */
+#define SQLITE_CONFIG_PCACHE       14  /* no-op */
+#define SQLITE_CONFIG_GETPCACHE    15  /* no-op */
+#define SQLITE_CONFIG_LOG          16  /* xFunc, void* */
+#define SQLITE_CONFIG_URI          17  /* int */
+#define SQLITE_CONFIG_PCACHE2      18  /* sqlite3_pcache_methods2* */
+#define SQLITE_CONFIG_GETPCACHE2   19  /* sqlite3_pcache_methods2* */
+#define SQLITE_CONFIG_COVERING_INDEX_SCAN 20  /* int */
+#define SQLITE_CONFIG_SQLLOG       21  /* xSqllog, void* */
+#define SQLITE_CONFIG_MMAP_SIZE    22  /* sqlite3_int64, sqlite3_int64 */
+#define SQLITE_CONFIG_WIN32_HEAPSIZE      23  /* int nByte */
+#define SQLITE_CONFIG_PCACHE_HDRSZ        24  /* int *psz */
+#define SQLITE_CONFIG_PMASZ               25  /* unsigned int szPma */
+
+/*
+** CAPI3REF: Database Connection Configuration Options
+**
+** These constants are the available integer configuration options that
+** can be passed as the second argument to the [sqlite3_db_config()] interface.
+**
+** New configuration options may be added in future releases of SQLite.
+** Existing configuration options might be discontinued.  Applications
+** should check the return code from [sqlite3_db_config()] to make sure that
+** the call worked.  ^The [sqlite3_db_config()] interface will return a
+** non-zero [error code] if a discontinued or unsupported configuration option
+** is invoked.
+**
+** <dl>
+** <dt>SQLITE_DBCONFIG_LOOKASIDE</dt>
+** <dd> ^This option takes three additional arguments that determine the 
+** [lookaside memory allocator] configuration for the [database connection].
+** ^The first argument (the third parameter to [sqlite3_db_config()] is a
+** pointer to a memory buffer to use for lookaside memory.
+** ^The first argument after the SQLITE_DBCONFIG_LOOKASIDE verb
+** may be NULL in which case SQLite will allocate the
+** lookaside buffer itself using [sqlite3_malloc()]. ^The second argument is the
+** size of each lookaside buffer slot.  ^The third argument is the number of
+** slots.  The size of the buffer in the first argument must be greater than
+** or equal to the product of the second and third arguments.  The buffer
+** must be aligned to an 8-byte boundary.  ^If the second argument to
+** SQLITE_DBCONFIG_LOOKASIDE is not a multiple of 8, it is internally
+** rounded down to the next smaller multiple of 8.  ^(The lookaside memory
+** configuration for a database connection can only be changed when that
+** connection is not currently using lookaside memory, or in other words
+** when the "current value" returned by
+** [sqlite3_db_status](D,[SQLITE_CONFIG_LOOKASIDE],...) is zero.
+** Any attempt to change the lookaside memory configuration when lookaside
+** memory is in use leaves the configuration unchanged and returns 
+** [SQLITE_BUSY].)^</dd>
+**
+** <dt>SQLITE_DBCONFIG_ENABLE_FKEY</dt>
+** <dd> ^This option is used to enable or disable the enforcement of
+** [foreign key constraints].  There should be two additional arguments.
+** The first argument is an integer which is 0 to disable FK enforcement,
+** positive to enable FK enforcement or negative to leave FK enforcement
+** unchanged.  The second parameter is a pointer to an integer into which
+** is written 0 or 1 to indicate whether FK enforcement is off or on
+** following this call.  The second parameter may be a NULL pointer, in
+** which case the FK enforcement setting is not reported back. </dd>
+**
+** <dt>SQLITE_DBCONFIG_ENABLE_TRIGGER</dt>
+** <dd> ^This option is used to enable or disable [CREATE TRIGGER | triggers].
+** There should be two additional arguments.
+** The first argument is an integer which is 0 to disable triggers,
+** positive to enable triggers or negative to leave the setting unchanged.
+** The second parameter is a pointer to an integer into which
+** is written 0 or 1 to indicate whether triggers are disabled or enabled
+** following this call.  The second parameter may be a NULL pointer, in
+** which case the trigger setting is not reported back. </dd>
+**
+** </dl>
+*/
+#define SQLITE_DBCONFIG_LOOKASIDE       1001  /* void* int int */
+#define SQLITE_DBCONFIG_ENABLE_FKEY     1002  /* int int* */
+#define SQLITE_DBCONFIG_ENABLE_TRIGGER  1003  /* int int* */
+
+
+/*
+** CAPI3REF: Enable Or Disable Extended Result Codes
+** METHOD: sqlite3
+**
+** ^The sqlite3_extended_result_codes() routine enables or disables the
+** [extended result codes] feature of SQLite. ^The extended result
+** codes are disabled by default for historical compatibility.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_extended_result_codes(sqlite3*, int onoff);
+
+/*
+** CAPI3REF: Last Insert Rowid
+** METHOD: sqlite3
+**
+** ^Each entry in most SQLite tables (except for [WITHOUT ROWID] tables)
+** has a unique 64-bit signed
+** integer key called the [ROWID | "rowid"]. ^The rowid is always available
+** as an undeclared column named ROWID, OID, or _ROWID_ as long as those
+** names are not also used by explicitly declared columns. ^If
+** the table has a column of type [INTEGER PRIMARY KEY] then that column
+** is another alias for the rowid.
+**
+** ^The sqlite3_last_insert_rowid(D) interface returns the [rowid] of the 
+** most recent successful [INSERT] into a rowid table or [virtual table]
+** on database connection D.
+** ^Inserts into [WITHOUT ROWID] tables are not recorded.
+** ^If no successful [INSERT]s into rowid tables
+** have ever occurred on the database connection D, 
+** then sqlite3_last_insert_rowid(D) returns zero.
+**
+** ^(If an [INSERT] occurs within a trigger or within a [virtual table]
+** method, then this routine will return the [rowid] of the inserted
+** row as long as the trigger or virtual table method is running.
+** But once the trigger or virtual table method ends, the value returned 
+** by this routine reverts to what it was before the trigger or virtual
+** table method began.)^
+**
+** ^An [INSERT] that fails due to a constraint violation is not a
+** successful [INSERT] and does not change the value returned by this
+** routine.  ^Thus INSERT OR FAIL, INSERT OR IGNORE, INSERT OR ROLLBACK,
+** and INSERT OR ABORT make no changes to the return value of this
+** routine when their insertion fails.  ^(When INSERT OR REPLACE
+** encounters a constraint violation, it does not fail.  The
+** INSERT continues to completion after deleting rows that caused
+** the constraint problem so INSERT OR REPLACE will always change
+** the return value of this interface.)^
+**
+** ^For the purposes of this routine, an [INSERT] is considered to
+** be successful even if it is subsequently rolled back.
+**
+** This function is accessible to SQL statements via the
+** [last_insert_rowid() SQL function].
+**
+** If a separate thread performs a new [INSERT] on the same
+** database connection while the [sqlite3_last_insert_rowid()]
+** function is running and thus changes the last insert [rowid],
+** then the value returned by [sqlite3_last_insert_rowid()] is
+** unpredictable and might not equal either the old or the new
+** last insert [rowid].
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_last_insert_rowid(sqlite3*);
+
+/*
+** CAPI3REF: Count The Number Of Rows Modified
+** METHOD: sqlite3
+**
+** ^This function returns the number of rows modified, inserted or
+** deleted by the most recently completed INSERT, UPDATE or DELETE
+** statement on the database connection specified by the only parameter.
+** ^Executing any other type of SQL statement does not modify the value
+** returned by this function.
+**
+** ^Only changes made directly by the INSERT, UPDATE or DELETE statement are
+** considered - auxiliary changes caused by [CREATE TRIGGER | triggers], 
+** [foreign key actions] or [REPLACE] constraint resolution are not counted.
+** 
+** Changes to a view that are intercepted by 
+** [INSTEAD OF trigger | INSTEAD OF triggers] are not counted. ^The value 
+** returned by sqlite3_changes() immediately after an INSERT, UPDATE or 
+** DELETE statement run on a view is always zero. Only changes made to real 
+** tables are counted.
+**
+** Things are more complicated if the sqlite3_changes() function is
+** executed while a trigger program is running. This may happen if the
+** program uses the [changes() SQL function], or if some other callback
+** function invokes sqlite3_changes() directly. Essentially:
+** 
+** <ul>
+**   <li> ^(Before entering a trigger program the value returned by
+**        sqlite3_changes() function is saved. After the trigger program 
+**        has finished, the original value is restored.)^
+** 
+**   <li> ^(Within a trigger program each INSERT, UPDATE and DELETE 
+**        statement sets the value returned by sqlite3_changes() 
+**        upon completion as normal. Of course, this value will not include 
+**        any changes performed by sub-triggers, as the sqlite3_changes() 
+**        value will be saved and restored after each sub-trigger has run.)^
+** </ul>
+** 
+** ^This means that if the changes() SQL function (or similar) is used
+** by the first INSERT, UPDATE or DELETE statement within a trigger, it 
+** returns the value as set when the calling statement began executing.
+** ^If it is used by the second or subsequent such statement within a trigger 
+** program, the value returned reflects the number of rows modified by the 
+** previous INSERT, UPDATE or DELETE statement within the same trigger.
+**
+** See also the [sqlite3_total_changes()] interface, the
+** [count_changes pragma], and the [changes() SQL function].
+**
+** If a separate thread makes changes on the same database connection
+** while [sqlite3_changes()] is running then the value returned
+** is unpredictable and not meaningful.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_changes(sqlite3*);
+
+/*
+** CAPI3REF: Total Number Of Rows Modified
+** METHOD: sqlite3
+**
+** ^This function returns the total number of rows inserted, modified or
+** deleted by all [INSERT], [UPDATE] or [DELETE] statements completed
+** since the database connection was opened, including those executed as
+** part of trigger programs. ^Executing any other type of SQL statement
+** does not affect the value returned by sqlite3_total_changes().
+** 
+** ^Changes made as part of [foreign key actions] are included in the
+** count, but those made as part of REPLACE constraint resolution are
+** not. ^Changes to a view that are intercepted by INSTEAD OF triggers 
+** are not counted.
+** 
+** See also the [sqlite3_changes()] interface, the
+** [count_changes pragma], and the [total_changes() SQL function].
+**
+** If a separate thread makes changes on the same database connection
+** while [sqlite3_total_changes()] is running then the value
+** returned is unpredictable and not meaningful.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_total_changes(sqlite3*);
+
+/*
+** CAPI3REF: Interrupt A Long-Running Query
+** METHOD: sqlite3
+**
+** ^This function causes any pending database operation to abort and
+** return at its earliest opportunity. This routine is typically
+** called in response to a user action such as pressing "Cancel"
+** or Ctrl-C where the user wants a long query operation to halt
+** immediately.
+**
+** ^It is safe to call this routine from a thread different from the
+** thread that is currently running the database operation.  But it
+** is not safe to call this routine with a [database connection] that
+** is closed or might close before sqlite3_interrupt() returns.
+**
+** ^If an SQL operation is very nearly finished at the time when
+** sqlite3_interrupt() is called, then it might not have an opportunity
+** to be interrupted and might continue to completion.
+**
+** ^An SQL operation that is interrupted will return [SQLITE_INTERRUPT].
+** ^If the interrupted SQL operation is an INSERT, UPDATE, or DELETE
+** that is inside an explicit transaction, then the entire transaction
+** will be rolled back automatically.
+**
+** ^The sqlite3_interrupt(D) call is in effect until all currently running
+** SQL statements on [database connection] D complete.  ^Any new SQL statements
+** that are started after the sqlite3_interrupt() call and before the 
+** running statements reaches zero are interrupted as if they had been
+** running prior to the sqlite3_interrupt() call.  ^New SQL statements
+** that are started after the running statement count reaches zero are
+** not effected by the sqlite3_interrupt().
+** ^A call to sqlite3_interrupt(D) that occurs when there are no running
+** SQL statements is a no-op and has no effect on SQL statements
+** that are started after the sqlite3_interrupt() call returns.
+**
+** If the database connection closes while [sqlite3_interrupt()]
+** is running then bad things will likely happen.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_interrupt(sqlite3*);
+
+/*
+** CAPI3REF: Determine If An SQL Statement Is Complete
+**
+** These routines are useful during command-line input to determine if the
+** currently entered text seems to form a complete SQL statement or
+** if additional input is needed before sending the text into
+** SQLite for parsing.  ^These routines return 1 if the input string
+** appears to be a complete SQL statement.  ^A statement is judged to be
+** complete if it ends with a semicolon token and is not a prefix of a
+** well-formed CREATE TRIGGER statement.  ^Semicolons that are embedded within
+** string literals or quoted identifier names or comments are not
+** independent tokens (they are part of the token in which they are
+** embedded) and thus do not count as a statement terminator.  ^Whitespace
+** and comments that follow the final semicolon are ignored.
+**
+** ^These routines return 0 if the statement is incomplete.  ^If a
+** memory allocation fails, then SQLITE_NOMEM is returned.
+**
+** ^These routines do not parse the SQL statements thus
+** will not detect syntactically incorrect SQL.
+**
+** ^(If SQLite has not been initialized using [sqlite3_initialize()] prior 
+** to invoking sqlite3_complete16() then sqlite3_initialize() is invoked
+** automatically by sqlite3_complete16().  If that initialization fails,
+** then the return value from sqlite3_complete16() will be non-zero
+** regardless of whether or not the input SQL is complete.)^
+**
+** The input to [sqlite3_complete()] must be a zero-terminated
+** UTF-8 string.
+**
+** The input to [sqlite3_complete16()] must be a zero-terminated
+** UTF-16 string in native byte order.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_complete(const char *sql);
+SQLITE_API int SQLITE_STDCALL sqlite3_complete16(const void *sql);
+
+/*
+** CAPI3REF: Register A Callback To Handle SQLITE_BUSY Errors
+** KEYWORDS: {busy-handler callback} {busy handler}
+** METHOD: sqlite3
+**
+** ^The sqlite3_busy_handler(D,X,P) routine sets a callback function X
+** that might be invoked with argument P whenever
+** an attempt is made to access a database table associated with
+** [database connection] D when another thread
+** or process has the table locked.
+** The sqlite3_busy_handler() interface is used to implement
+** [sqlite3_busy_timeout()] and [PRAGMA busy_timeout].
+**
+** ^If the busy callback is NULL, then [SQLITE_BUSY]
+** is returned immediately upon encountering the lock.  ^If the busy callback
+** is not NULL, then the callback might be invoked with two arguments.
+**
+** ^The first argument to the busy handler is a copy of the void* pointer which
+** is the third argument to sqlite3_busy_handler().  ^The second argument to
+** the busy handler callback is the number of times that the busy handler has
+** been invoked previously for the same locking event.  ^If the
+** busy callback returns 0, then no additional attempts are made to
+** access the database and [SQLITE_BUSY] is returned
+** to the application.
+** ^If the callback returns non-zero, then another attempt
+** is made to access the database and the cycle repeats.
+**
+** The presence of a busy handler does not guarantee that it will be invoked
+** when there is lock contention. ^If SQLite determines that invoking the busy
+** handler could result in a deadlock, it will go ahead and return [SQLITE_BUSY]
+** to the application instead of invoking the 
+** busy handler.
+** Consider a scenario where one process is holding a read lock that
+** it is trying to promote to a reserved lock and
+** a second process is holding a reserved lock that it is trying
+** to promote to an exclusive lock.  The first process cannot proceed
+** because it is blocked by the second and the second process cannot
+** proceed because it is blocked by the first.  If both processes
+** invoke the busy handlers, neither will make any progress.  Therefore,
+** SQLite returns [SQLITE_BUSY] for the first process, hoping that this
+** will induce the first process to release its read lock and allow
+** the second process to proceed.
+**
+** ^The default busy callback is NULL.
+**
+** ^(There can only be a single busy handler defined for each
+** [database connection].  Setting a new busy handler clears any
+** previously set handler.)^  ^Note that calling [sqlite3_busy_timeout()]
+** or evaluating [PRAGMA busy_timeout=N] will change the
+** busy handler and thus clear any previously set busy handler.
+**
+** The busy callback should not take any actions which modify the
+** database connection that invoked the busy handler.  In other words,
+** the busy handler is not reentrant.  Any such actions
+** result in undefined behavior.
+** 
+** A busy handler must not close the database connection
+** or [prepared statement] that invoked the busy handler.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_busy_handler(sqlite3*, int(*)(void*,int), void*);
+
+/*
+** CAPI3REF: Set A Busy Timeout
+** METHOD: sqlite3
+**
+** ^This routine sets a [sqlite3_busy_handler | busy handler] that sleeps
+** for a specified amount of time when a table is locked.  ^The handler
+** will sleep multiple times until at least "ms" milliseconds of sleeping
+** have accumulated.  ^After at least "ms" milliseconds of sleeping,
+** the handler returns 0 which causes [sqlite3_step()] to return
+** [SQLITE_BUSY].
+**
+** ^Calling this routine with an argument less than or equal to zero
+** turns off all busy handlers.
+**
+** ^(There can only be a single busy handler for a particular
+** [database connection] at any given moment.  If another busy handler
+** was defined  (using [sqlite3_busy_handler()]) prior to calling
+** this routine, that other busy handler is cleared.)^
+**
+** See also:  [PRAGMA busy_timeout]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_busy_timeout(sqlite3*, int ms);
+
+/*
+** CAPI3REF: Convenience Routines For Running Queries
+** METHOD: sqlite3
+**
+** This is a legacy interface that is preserved for backwards compatibility.
+** Use of this interface is not recommended.
+**
+** Definition: A <b>result table</b> is memory data structure created by the
+** [sqlite3_get_table()] interface.  A result table records the
+** complete query results from one or more queries.
+**
+** The table conceptually has a number of rows and columns.  But
+** these numbers are not part of the result table itself.  These
+** numbers are obtained separately.  Let N be the number of rows
+** and M be the number of columns.
+**
+** A result table is an array of pointers to zero-terminated UTF-8 strings.
+** There are (N+1)*M elements in the array.  The first M pointers point
+** to zero-terminated strings that  contain the names of the columns.
+** The remaining entries all point to query results.  NULL values result
+** in NULL pointers.  All other values are in their UTF-8 zero-terminated
+** string representation as returned by [sqlite3_column_text()].
+**
+** A result table might consist of one or more memory allocations.
+** It is not safe to pass a result table directly to [sqlite3_free()].
+** A result table should be deallocated using [sqlite3_free_table()].
+**
+** ^(As an example of the result table format, suppose a query result
+** is as follows:
+**
+** <blockquote><pre>
+**        Name        | Age
+**        -----------------------
+**        Alice       | 43
+**        Bob         | 28
+**        Cindy       | 21
+** </pre></blockquote>
+**
+** There are two column (M==2) and three rows (N==3).  Thus the
+** result table has 8 entries.  Suppose the result table is stored
+** in an array names azResult.  Then azResult holds this content:
+**
+** <blockquote><pre>
+**        azResult&#91;0] = "Name";
+**        azResult&#91;1] = "Age";
+**        azResult&#91;2] = "Alice";
+**        azResult&#91;3] = "43";
+**        azResult&#91;4] = "Bob";
+**        azResult&#91;5] = "28";
+**        azResult&#91;6] = "Cindy";
+**        azResult&#91;7] = "21";
+** </pre></blockquote>)^
+**
+** ^The sqlite3_get_table() function evaluates one or more
+** semicolon-separated SQL statements in the zero-terminated UTF-8
+** string of its 2nd parameter and returns a result table to the
+** pointer given in its 3rd parameter.
+**
+** After the application has finished with the result from sqlite3_get_table(),
+** it must pass the result table pointer to sqlite3_free_table() in order to
+** release the memory that was malloced.  Because of the way the
+** [sqlite3_malloc()] happens within sqlite3_get_table(), the calling
+** function must not try to call [sqlite3_free()] directly.  Only
+** [sqlite3_free_table()] is able to release the memory properly and safely.
+**
+** The sqlite3_get_table() interface is implemented as a wrapper around
+** [sqlite3_exec()].  The sqlite3_get_table() routine does not have access
+** to any internal data structures of SQLite.  It uses only the public
+** interface defined here.  As a consequence, errors that occur in the
+** wrapper layer outside of the internal [sqlite3_exec()] call are not
+** reflected in subsequent calls to [sqlite3_errcode()] or
+** [sqlite3_errmsg()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_get_table(
+  sqlite3 *db,          /* An open database */
+  const char *zSql,     /* SQL to be evaluated */
+  char ***pazResult,    /* Results of the query */
+  int *pnRow,           /* Number of result rows written here */
+  int *pnColumn,        /* Number of result columns written here */
+  char **pzErrmsg       /* Error msg written here */
+);
+SQLITE_API void SQLITE_STDCALL sqlite3_free_table(char **result);
+
+/*
+** CAPI3REF: Formatted String Printing Functions
+**
+** These routines are work-alikes of the "printf()" family of functions
+** from the standard C library.
+** These routines understand most of the common K&R formatting options,
+** plus some additional non-standard formats, detailed below.
+** Note that some of the more obscure formatting options from recent
+** C-library standards are omitted from this implementation.
+**
+** ^The sqlite3_mprintf() and sqlite3_vmprintf() routines write their
+** results into memory obtained from [sqlite3_malloc()].
+** The strings returned by these two routines should be
+** released by [sqlite3_free()].  ^Both routines return a
+** NULL pointer if [sqlite3_malloc()] is unable to allocate enough
+** memory to hold the resulting string.
+**
+** ^(The sqlite3_snprintf() routine is similar to "snprintf()" from
+** the standard C library.  The result is written into the
+** buffer supplied as the second parameter whose size is given by
+** the first parameter. Note that the order of the
+** first two parameters is reversed from snprintf().)^  This is an
+** historical accident that cannot be fixed without breaking
+** backwards compatibility.  ^(Note also that sqlite3_snprintf()
+** returns a pointer to its buffer instead of the number of
+** characters actually written into the buffer.)^  We admit that
+** the number of characters written would be a more useful return
+** value but we cannot change the implementation of sqlite3_snprintf()
+** now without breaking compatibility.
+**
+** ^As long as the buffer size is greater than zero, sqlite3_snprintf()
+** guarantees that the buffer is always zero-terminated.  ^The first
+** parameter "n" is the total size of the buffer, including space for
+** the zero terminator.  So the longest string that can be completely
+** written will be n-1 characters.
+**
+** ^The sqlite3_vsnprintf() routine is a varargs version of sqlite3_snprintf().
+**
+** These routines all implement some additional formatting
+** options that are useful for constructing SQL statements.
+** All of the usual printf() formatting options apply.  In addition, there
+** is are "%q", "%Q", "%w" and "%z" options.
+**
+** ^(The %q option works like %s in that it substitutes a nul-terminated
+** string from the argument list.  But %q also doubles every '\'' character.
+** %q is designed for use inside a string literal.)^  By doubling each '\''
+** character it escapes that character and allows it to be inserted into
+** the string.
+**
+** For example, assume the string variable zText contains text as follows:
+**
+** <blockquote><pre>
+**  char *zText = "It's a happy day!";
+** </pre></blockquote>
+**
+** One can use this text in an SQL statement as follows:
+**
+** <blockquote><pre>
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES('%q')", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+** </pre></blockquote>
+**
+** Because the %q format string is used, the '\'' character in zText
+** is escaped and the SQL generated is as follows:
+**
+** <blockquote><pre>
+**  INSERT INTO table1 VALUES('It''s a happy day!')
+** </pre></blockquote>
+**
+** This is correct.  Had we used %s instead of %q, the generated SQL
+** would have looked like this:
+**
+** <blockquote><pre>
+**  INSERT INTO table1 VALUES('It's a happy day!');
+** </pre></blockquote>
+**
+** This second example is an SQL syntax error.  As a general rule you should
+** always use %q instead of %s when inserting text into a string literal.
+**
+** ^(The %Q option works like %q except it also adds single quotes around
+** the outside of the total string.  Additionally, if the parameter in the
+** argument list is a NULL pointer, %Q substitutes the text "NULL" (without
+** single quotes).)^  So, for example, one could say:
+**
+** <blockquote><pre>
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES(%Q)", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+** </pre></blockquote>
+**
+** The code above will render a correct SQL statement in the zSQL
+** variable even if the zText variable is a NULL pointer.
+**
+** ^(The "%w" formatting option is like "%q" except that it expects to
+** be contained within double-quotes instead of single quotes, and it
+** escapes the double-quote character instead of the single-quote
+** character.)^  The "%w" formatting option is intended for safely inserting
+** table and column names into a constructed SQL statement.
+**
+** ^(The "%z" formatting option works like "%s" but with the
+** addition that after the string has been read and copied into
+** the result, [sqlite3_free()] is called on the input string.)^
+*/
+SQLITE_API char *SQLITE_CDECL sqlite3_mprintf(const char*,...);
+SQLITE_API char *SQLITE_STDCALL sqlite3_vmprintf(const char*, va_list);
+SQLITE_API char *SQLITE_CDECL sqlite3_snprintf(int,char*,const char*, ...);
+SQLITE_API char *SQLITE_STDCALL sqlite3_vsnprintf(int,char*,const char*, va_list);
+
+/*
+** CAPI3REF: Memory Allocation Subsystem
+**
+** The SQLite core uses these three routines for all of its own
+** internal memory allocation needs. "Core" in the previous sentence
+** does not include operating-system specific VFS implementation.  The
+** Windows VFS uses native malloc() and free() for some operations.
+**
+** ^The sqlite3_malloc() routine returns a pointer to a block
+** of memory at least N bytes in length, where N is the parameter.
+** ^If sqlite3_malloc() is unable to obtain sufficient free
+** memory, it returns a NULL pointer.  ^If the parameter N to
+** sqlite3_malloc() is zero or negative then sqlite3_malloc() returns
+** a NULL pointer.
+**
+** ^The sqlite3_malloc64(N) routine works just like
+** sqlite3_malloc(N) except that N is an unsigned 64-bit integer instead
+** of a signed 32-bit integer.
+**
+** ^Calling sqlite3_free() with a pointer previously returned
+** by sqlite3_malloc() or sqlite3_realloc() releases that memory so
+** that it might be reused.  ^The sqlite3_free() routine is
+** a no-op if is called with a NULL pointer.  Passing a NULL pointer
+** to sqlite3_free() is harmless.  After being freed, memory
+** should neither be read nor written.  Even reading previously freed
+** memory might result in a segmentation fault or other severe error.
+** Memory corruption, a segmentation fault, or other severe error
+** might result if sqlite3_free() is called with a non-NULL pointer that
+** was not obtained from sqlite3_malloc() or sqlite3_realloc().
+**
+** ^The sqlite3_realloc(X,N) interface attempts to resize a
+** prior memory allocation X to be at least N bytes.
+** ^If the X parameter to sqlite3_realloc(X,N)
+** is a NULL pointer then its behavior is identical to calling
+** sqlite3_malloc(N).
+** ^If the N parameter to sqlite3_realloc(X,N) is zero or
+** negative then the behavior is exactly the same as calling
+** sqlite3_free(X).
+** ^sqlite3_realloc(X,N) returns a pointer to a memory allocation
+** of at least N bytes in size or NULL if insufficient memory is available.
+** ^If M is the size of the prior allocation, then min(N,M) bytes
+** of the prior allocation are copied into the beginning of buffer returned
+** by sqlite3_realloc(X,N) and the prior allocation is freed.
+** ^If sqlite3_realloc(X,N) returns NULL and N is positive, then the
+** prior allocation is not freed.
+**
+** ^The sqlite3_realloc64(X,N) interfaces works the same as
+** sqlite3_realloc(X,N) except that N is a 64-bit unsigned integer instead
+** of a 32-bit signed integer.
+**
+** ^If X is a memory allocation previously obtained from sqlite3_malloc(),
+** sqlite3_malloc64(), sqlite3_realloc(), or sqlite3_realloc64(), then
+** sqlite3_msize(X) returns the size of that memory allocation in bytes.
+** ^The value returned by sqlite3_msize(X) might be larger than the number
+** of bytes requested when X was allocated.  ^If X is a NULL pointer then
+** sqlite3_msize(X) returns zero.  If X points to something that is not
+** the beginning of memory allocation, or if it points to a formerly
+** valid memory allocation that has now been freed, then the behavior
+** of sqlite3_msize(X) is undefined and possibly harmful.
+**
+** ^The memory returned by sqlite3_malloc(), sqlite3_realloc(),
+** sqlite3_malloc64(), and sqlite3_realloc64()
+** is always aligned to at least an 8 byte boundary, or to a
+** 4 byte boundary if the [SQLITE_4_BYTE_ALIGNED_MALLOC] compile-time
+** option is used.
+**
+** In SQLite version 3.5.0 and 3.5.1, it was possible to define
+** the SQLITE_OMIT_MEMORY_ALLOCATION which would cause the built-in
+** implementation of these routines to be omitted.  That capability
+** is no longer provided.  Only built-in memory allocators can be used.
+**
+** Prior to SQLite version 3.7.10, the Windows OS interface layer called
+** the system malloc() and free() directly when converting
+** filenames between the UTF-8 encoding used by SQLite
+** and whatever filename encoding is used by the particular Windows
+** installation.  Memory allocation errors were detected, but
+** they were reported back as [SQLITE_CANTOPEN] or
+** [SQLITE_IOERR] rather than [SQLITE_NOMEM].
+**
+** The pointer arguments to [sqlite3_free()] and [sqlite3_realloc()]
+** must be either NULL or else pointers obtained from a prior
+** invocation of [sqlite3_malloc()] or [sqlite3_realloc()] that have
+** not yet been released.
+**
+** The application must not read or write any part of
+** a block of memory after it has been released using
+** [sqlite3_free()] or [sqlite3_realloc()].
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_malloc(int);
+SQLITE_API void *SQLITE_STDCALL sqlite3_malloc64(sqlite3_uint64);
+SQLITE_API void *SQLITE_STDCALL sqlite3_realloc(void*, int);
+SQLITE_API void *SQLITE_STDCALL sqlite3_realloc64(void*, sqlite3_uint64);
+SQLITE_API void SQLITE_STDCALL sqlite3_free(void*);
+SQLITE_API sqlite3_uint64 SQLITE_STDCALL sqlite3_msize(void*);
+
+/*
+** CAPI3REF: Memory Allocator Statistics
+**
+** SQLite provides these two interfaces for reporting on the status
+** of the [sqlite3_malloc()], [sqlite3_free()], and [sqlite3_realloc()]
+** routines, which form the built-in memory allocation subsystem.
+**
+** ^The [sqlite3_memory_used()] routine returns the number of bytes
+** of memory currently outstanding (malloced but not freed).
+** ^The [sqlite3_memory_highwater()] routine returns the maximum
+** value of [sqlite3_memory_used()] since the high-water mark
+** was last reset.  ^The values returned by [sqlite3_memory_used()] and
+** [sqlite3_memory_highwater()] include any overhead
+** added by SQLite in its implementation of [sqlite3_malloc()],
+** but not overhead added by the any underlying system library
+** routines that [sqlite3_malloc()] may call.
+**
+** ^The memory high-water mark is reset to the current value of
+** [sqlite3_memory_used()] if and only if the parameter to
+** [sqlite3_memory_highwater()] is true.  ^The value returned
+** by [sqlite3_memory_highwater(1)] is the high-water mark
+** prior to the reset.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_memory_used(void);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_memory_highwater(int resetFlag);
+
+/*
+** CAPI3REF: Pseudo-Random Number Generator
+**
+** SQLite contains a high-quality pseudo-random number generator (PRNG) used to
+** select random [ROWID | ROWIDs] when inserting new records into a table that
+** already uses the largest possible [ROWID].  The PRNG is also used for
+** the build-in random() and randomblob() SQL functions.  This interface allows
+** applications to access the same PRNG for other purposes.
+**
+** ^A call to this routine stores N bytes of randomness into buffer P.
+** ^The P parameter can be a NULL pointer.
+**
+** ^If this routine has not been previously called or if the previous
+** call had N less than one or a NULL pointer for P, then the PRNG is
+** seeded using randomness obtained from the xRandomness method of
+** the default [sqlite3_vfs] object.
+** ^If the previous call to this routine had an N of 1 or more and a
+** non-NULL P then the pseudo-randomness is generated
+** internally and without recourse to the [sqlite3_vfs] xRandomness
+** method.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_randomness(int N, void *P);
+
+/*
+** CAPI3REF: Compile-Time Authorization Callbacks
+** METHOD: sqlite3
+**
+** ^This routine registers an authorizer callback with a particular
+** [database connection], supplied in the first argument.
+** ^The authorizer callback is invoked as SQL statements are being compiled
+** by [sqlite3_prepare()] or its variants [sqlite3_prepare_v2()],
+** [sqlite3_prepare16()] and [sqlite3_prepare16_v2()].  ^At various
+** points during the compilation process, as logic is being created
+** to perform various actions, the authorizer callback is invoked to
+** see if those actions are allowed.  ^The authorizer callback should
+** return [SQLITE_OK] to allow the action, [SQLITE_IGNORE] to disallow the
+** specific action but allow the SQL statement to continue to be
+** compiled, or [SQLITE_DENY] to cause the entire SQL statement to be
+** rejected with an error.  ^If the authorizer callback returns
+** any value other than [SQLITE_IGNORE], [SQLITE_OK], or [SQLITE_DENY]
+** then the [sqlite3_prepare_v2()] or equivalent call that triggered
+** the authorizer will fail with an error message.
+**
+** When the callback returns [SQLITE_OK], that means the operation
+** requested is ok.  ^When the callback returns [SQLITE_DENY], the
+** [sqlite3_prepare_v2()] or equivalent call that triggered the
+** authorizer will fail with an error message explaining that
+** access is denied. 
+**
+** ^The first parameter to the authorizer callback is a copy of the third
+** parameter to the sqlite3_set_authorizer() interface. ^The second parameter
+** to the callback is an integer [SQLITE_COPY | action code] that specifies
+** the particular action to be authorized. ^The third through sixth parameters
+** to the callback are zero-terminated strings that contain additional
+** details about the action to be authorized.
+**
+** ^If the action code is [SQLITE_READ]
+** and the callback returns [SQLITE_IGNORE] then the
+** [prepared statement] statement is constructed to substitute
+** a NULL value in place of the table column that would have
+** been read if [SQLITE_OK] had been returned.  The [SQLITE_IGNORE]
+** return can be used to deny an untrusted user access to individual
+** columns of a table.
+** ^If the action code is [SQLITE_DELETE] and the callback returns
+** [SQLITE_IGNORE] then the [DELETE] operation proceeds but the
+** [truncate optimization] is disabled and all rows are deleted individually.
+**
+** An authorizer is used when [sqlite3_prepare | preparing]
+** SQL statements from an untrusted source, to ensure that the SQL statements
+** do not try to access data they are not allowed to see, or that they do not
+** try to execute malicious statements that damage the database.  For
+** example, an application may allow a user to enter arbitrary
+** SQL queries for evaluation by a database.  But the application does
+** not want the user to be able to make arbitrary changes to the
+** database.  An authorizer could then be put in place while the
+** user-entered SQL is being [sqlite3_prepare | prepared] that
+** disallows everything except [SELECT] statements.
+**
+** Applications that need to process SQL from untrusted sources
+** might also consider lowering resource limits using [sqlite3_limit()]
+** and limiting database size using the [max_page_count] [PRAGMA]
+** in addition to using an authorizer.
+**
+** ^(Only a single authorizer can be in place on a database connection
+** at a time.  Each call to sqlite3_set_authorizer overrides the
+** previous call.)^  ^Disable the authorizer by installing a NULL callback.
+** The authorizer is disabled by default.
+**
+** The authorizer callback must not do anything that will modify
+** the database connection that invoked the authorizer callback.
+** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their
+** database connections for the meaning of "modify" in this paragraph.
+**
+** ^When [sqlite3_prepare_v2()] is used to prepare a statement, the
+** statement might be re-prepared during [sqlite3_step()] due to a 
+** schema change.  Hence, the application should ensure that the
+** correct authorizer callback remains in place during the [sqlite3_step()].
+**
+** ^Note that the authorizer callback is invoked only during
+** [sqlite3_prepare()] or its variants.  Authorization is not
+** performed during statement evaluation in [sqlite3_step()], unless
+** as stated in the previous paragraph, sqlite3_step() invokes
+** sqlite3_prepare_v2() to reprepare a statement after a schema change.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_set_authorizer(
+  sqlite3*,
+  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
+  void *pUserData
+);
+
+/*
+** CAPI3REF: Authorizer Return Codes
+**
+** The [sqlite3_set_authorizer | authorizer callback function] must
+** return either [SQLITE_OK] or one of these two constants in order
+** to signal SQLite whether or not the action is permitted.  See the
+** [sqlite3_set_authorizer | authorizer documentation] for additional
+** information.
+**
+** Note that SQLITE_IGNORE is also used as a [conflict resolution mode]
+** returned from the [sqlite3_vtab_on_conflict()] interface.
+*/
+#define SQLITE_DENY   1   /* Abort the SQL statement with an error */
+#define SQLITE_IGNORE 2   /* Don't allow access, but don't generate an error */
+
+/*
+** CAPI3REF: Authorizer Action Codes
+**
+** The [sqlite3_set_authorizer()] interface registers a callback function
+** that is invoked to authorize certain SQL statement actions.  The
+** second parameter to the callback is an integer code that specifies
+** what action is being authorized.  These are the integer action codes that
+** the authorizer callback may be passed.
+**
+** These action code values signify what kind of operation is to be
+** authorized.  The 3rd and 4th parameters to the authorization
+** callback function will be parameters or NULL depending on which of these
+** codes is used as the second parameter.  ^(The 5th parameter to the
+** authorizer callback is the name of the database ("main", "temp",
+** etc.) if applicable.)^  ^The 6th parameter to the authorizer callback
+** is the name of the inner-most trigger or view that is responsible for
+** the access attempt or NULL if this access attempt is directly from
+** top-level SQL code.
+*/
+/******************************************* 3rd ************ 4th ***********/
+#define SQLITE_CREATE_INDEX          1   /* Index Name      Table Name      */
+#define SQLITE_CREATE_TABLE          2   /* Table Name      NULL            */
+#define SQLITE_CREATE_TEMP_INDEX     3   /* Index Name      Table Name      */
+#define SQLITE_CREATE_TEMP_TABLE     4   /* Table Name      NULL            */
+#define SQLITE_CREATE_TEMP_TRIGGER   5   /* Trigger Name    Table Name      */
+#define SQLITE_CREATE_TEMP_VIEW      6   /* View Name       NULL            */
+#define SQLITE_CREATE_TRIGGER        7   /* Trigger Name    Table Name      */
+#define SQLITE_CREATE_VIEW           8   /* View Name       NULL            */
+#define SQLITE_DELETE                9   /* Table Name      NULL            */
+#define SQLITE_DROP_INDEX           10   /* Index Name      Table Name      */
+#define SQLITE_DROP_TABLE           11   /* Table Name      NULL            */
+#define SQLITE_DROP_TEMP_INDEX      12   /* Index Name      Table Name      */
+#define SQLITE_DROP_TEMP_TABLE      13   /* Table Name      NULL            */
+#define SQLITE_DROP_TEMP_TRIGGER    14   /* Trigger Name    Table Name      */
+#define SQLITE_DROP_TEMP_VIEW       15   /* View Name       NULL            */
+#define SQLITE_DROP_TRIGGER         16   /* Trigger Name    Table Name      */
+#define SQLITE_DROP_VIEW            17   /* View Name       NULL            */
+#define SQLITE_INSERT               18   /* Table Name      NULL            */
+#define SQLITE_PRAGMA               19   /* Pragma Name     1st arg or NULL */
+#define SQLITE_READ                 20   /* Table Name      Column Name     */
+#define SQLITE_SELECT               21   /* NULL            NULL            */
+#define SQLITE_TRANSACTION          22   /* Operation       NULL            */
+#define SQLITE_UPDATE               23   /* Table Name      Column Name     */
+#define SQLITE_ATTACH               24   /* Filename        NULL            */
+#define SQLITE_DETACH               25   /* Database Name   NULL            */
+#define SQLITE_ALTER_TABLE          26   /* Database Name   Table Name      */
+#define SQLITE_REINDEX              27   /* Index Name      NULL            */
+#define SQLITE_ANALYZE              28   /* Table Name      NULL            */
+#define SQLITE_CREATE_VTABLE        29   /* Table Name      Module Name     */
+#define SQLITE_DROP_VTABLE          30   /* Table Name      Module Name     */
+#define SQLITE_FUNCTION             31   /* NULL            Function Name   */
+#define SQLITE_SAVEPOINT            32   /* Operation       Savepoint Name  */
+#define SQLITE_COPY                  0   /* No longer used */
+#define SQLITE_RECURSIVE            33   /* NULL            NULL            */
+
+/*
+** CAPI3REF: Tracing And Profiling Functions
+** METHOD: sqlite3
+**
+** These routines register callback functions that can be used for
+** tracing and profiling the execution of SQL statements.
+**
+** ^The callback function registered by sqlite3_trace() is invoked at
+** various times when an SQL statement is being run by [sqlite3_step()].
+** ^The sqlite3_trace() callback is invoked with a UTF-8 rendering of the
+** SQL statement text as the statement first begins executing.
+** ^(Additional sqlite3_trace() callbacks might occur
+** as each triggered subprogram is entered.  The callbacks for triggers
+** contain a UTF-8 SQL comment that identifies the trigger.)^
+**
+** The [SQLITE_TRACE_SIZE_LIMIT] compile-time option can be used to limit
+** the length of [bound parameter] expansion in the output of sqlite3_trace().
+**
+** ^The callback function registered by sqlite3_profile() is invoked
+** as each SQL statement finishes.  ^The profile callback contains
+** the original statement text and an estimate of wall-clock time
+** of how long that statement took to run.  ^The profile callback
+** time is in units of nanoseconds, however the current implementation
+** is only capable of millisecond resolution so the six least significant
+** digits in the time are meaningless.  Future versions of SQLite
+** might provide greater resolution on the profiler callback.  The
+** sqlite3_profile() function is considered experimental and is
+** subject to change in future versions of SQLite.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_trace(sqlite3*, void(*xTrace)(void*,const char*), void*);
+SQLITE_API SQLITE_EXPERIMENTAL void *SQLITE_STDCALL sqlite3_profile(sqlite3*,
+   void(*xProfile)(void*,const char*,sqlite3_uint64), void*);
+
+/*
+** CAPI3REF: Query Progress Callbacks
+** METHOD: sqlite3
+**
+** ^The sqlite3_progress_handler(D,N,X,P) interface causes the callback
+** function X to be invoked periodically during long running calls to
+** [sqlite3_exec()], [sqlite3_step()] and [sqlite3_get_table()] for
+** database connection D.  An example use for this
+** interface is to keep a GUI updated during a large query.
+**
+** ^The parameter P is passed through as the only parameter to the 
+** callback function X.  ^The parameter N is the approximate number of 
+** [virtual machine instructions] that are evaluated between successive
+** invocations of the callback X.  ^If N is less than one then the progress
+** handler is disabled.
+**
+** ^Only a single progress handler may be defined at one time per
+** [database connection]; setting a new progress handler cancels the
+** old one.  ^Setting parameter X to NULL disables the progress handler.
+** ^The progress handler is also disabled by setting N to a value less
+** than 1.
+**
+** ^If the progress callback returns non-zero, the operation is
+** interrupted.  This feature can be used to implement a
+** "Cancel" button on a GUI progress dialog box.
+**
+** The progress handler callback must not do anything that will modify
+** the database connection that invoked the progress handler.
+** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their
+** database connections for the meaning of "modify" in this paragraph.
+**
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_progress_handler(sqlite3*, int, int(*)(void*), void*);
+
+/*
+** CAPI3REF: Opening A New Database Connection
+** CONSTRUCTOR: sqlite3
+**
+** ^These routines open an SQLite database file as specified by the 
+** filename argument. ^The filename argument is interpreted as UTF-8 for
+** sqlite3_open() and sqlite3_open_v2() and as UTF-16 in the native byte
+** order for sqlite3_open16(). ^(A [database connection] handle is usually
+** returned in *ppDb, even if an error occurs.  The only exception is that
+** if SQLite is unable to allocate memory to hold the [sqlite3] object,
+** a NULL will be written into *ppDb instead of a pointer to the [sqlite3]
+** object.)^ ^(If the database is opened (and/or created) successfully, then
+** [SQLITE_OK] is returned.  Otherwise an [error code] is returned.)^ ^The
+** [sqlite3_errmsg()] or [sqlite3_errmsg16()] routines can be used to obtain
+** an English language description of the error following a failure of any
+** of the sqlite3_open() routines.
+**
+** ^The default encoding will be UTF-8 for databases created using
+** sqlite3_open() or sqlite3_open_v2().  ^The default encoding for databases
+** created using sqlite3_open16() will be UTF-16 in the native byte order.
+**
+** Whether or not an error occurs when it is opened, resources
+** associated with the [database connection] handle should be released by
+** passing it to [sqlite3_close()] when it is no longer required.
+**
+** The sqlite3_open_v2() interface works like sqlite3_open()
+** except that it accepts two additional parameters for additional control
+** over the new database connection.  ^(The flags parameter to
+** sqlite3_open_v2() can take one of
+** the following three values, optionally combined with the 
+** [SQLITE_OPEN_NOMUTEX], [SQLITE_OPEN_FULLMUTEX], [SQLITE_OPEN_SHAREDCACHE],
+** [SQLITE_OPEN_PRIVATECACHE], and/or [SQLITE_OPEN_URI] flags:)^
+**
+** <dl>
+** ^(<dt>[SQLITE_OPEN_READONLY]</dt>
+** <dd>The database is opened in read-only mode.  If the database does not
+** already exist, an error is returned.</dd>)^
+**
+** ^(<dt>[SQLITE_OPEN_READWRITE]</dt>
+** <dd>The database is opened for reading and writing if possible, or reading
+** only if the file is write protected by the operating system.  In either
+** case the database must already exist, otherwise an error is returned.</dd>)^
+**
+** ^(<dt>[SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]</dt>
+** <dd>The database is opened for reading and writing, and is created if
+** it does not already exist. This is the behavior that is always used for
+** sqlite3_open() and sqlite3_open16().</dd>)^
+** </dl>
+**
+** If the 3rd parameter to sqlite3_open_v2() is not one of the
+** combinations shown above optionally combined with other
+** [SQLITE_OPEN_READONLY | SQLITE_OPEN_* bits]
+** then the behavior is undefined.
+**
+** ^If the [SQLITE_OPEN_NOMUTEX] flag is set, then the database connection
+** opens in the multi-thread [threading mode] as long as the single-thread
+** mode has not been set at compile-time or start-time.  ^If the
+** [SQLITE_OPEN_FULLMUTEX] flag is set then the database connection opens
+** in the serialized [threading mode] unless single-thread was
+** previously selected at compile-time or start-time.
+** ^The [SQLITE_OPEN_SHAREDCACHE] flag causes the database connection to be
+** eligible to use [shared cache mode], regardless of whether or not shared
+** cache is enabled using [sqlite3_enable_shared_cache()].  ^The
+** [SQLITE_OPEN_PRIVATECACHE] flag causes the database connection to not
+** participate in [shared cache mode] even if it is enabled.
+**
+** ^The fourth parameter to sqlite3_open_v2() is the name of the
+** [sqlite3_vfs] object that defines the operating system interface that
+** the new database connection should use.  ^If the fourth parameter is
+** a NULL pointer then the default [sqlite3_vfs] object is used.
+**
+** ^If the filename is ":memory:", then a private, temporary in-memory database
+** is created for the connection.  ^This in-memory database will vanish when
+** the database connection is closed.  Future versions of SQLite might
+** make use of additional special filenames that begin with the ":" character.
+** It is recommended that when a database filename actually does begin with
+** a ":" character you should prefix the filename with a pathname such as
+** "./" to avoid ambiguity.
+**
+** ^If the filename is an empty string, then a private, temporary
+** on-disk database will be created.  ^This private database will be
+** automatically deleted as soon as the database connection is closed.
+**
+** [[URI filenames in sqlite3_open()]] <h3>URI Filenames</h3>
+**
+** ^If [URI filename] interpretation is enabled, and the filename argument
+** begins with "file:", then the filename is interpreted as a URI. ^URI
+** filename interpretation is enabled if the [SQLITE_OPEN_URI] flag is
+** set in the fourth argument to sqlite3_open_v2(), or if it has
+** been enabled globally using the [SQLITE_CONFIG_URI] option with the
+** [sqlite3_config()] method or by the [SQLITE_USE_URI] compile-time option.
+** As of SQLite version 3.7.7, URI filename interpretation is turned off
+** by default, but future releases of SQLite might enable URI filename
+** interpretation by default.  See "[URI filenames]" for additional
+** information.
+**
+** URI filenames are parsed according to RFC 3986. ^If the URI contains an
+** authority, then it must be either an empty string or the string 
+** "localhost". ^If the authority is not an empty string or "localhost", an 
+** error is returned to the caller. ^The fragment component of a URI, if 
+** present, is ignored.
+**
+** ^SQLite uses the path component of the URI as the name of the disk file
+** which contains the database. ^If the path begins with a '/' character, 
+** then it is interpreted as an absolute path. ^If the path does not begin 
+** with a '/' (meaning that the authority section is omitted from the URI)
+** then the path is interpreted as a relative path. 
+** ^(On windows, the first component of an absolute path 
+** is a drive specification (e.g. "C:").)^
+**
+** [[core URI query parameters]]
+** The query component of a URI may contain parameters that are interpreted
+** either by SQLite itself, or by a [VFS | custom VFS implementation].
+** SQLite and its built-in [VFSes] interpret the
+** following query parameters:
+**
+** <ul>
+**   <li> <b>vfs</b>: ^The "vfs" parameter may be used to specify the name of
+**     a VFS object that provides the operating system interface that should
+**     be used to access the database file on disk. ^If this option is set to
+**     an empty string the default VFS object is used. ^Specifying an unknown
+**     VFS is an error. ^If sqlite3_open_v2() is used and the vfs option is
+**     present, then the VFS specified by the option takes precedence over
+**     the value passed as the fourth parameter to sqlite3_open_v2().
+**
+**   <li> <b>mode</b>: ^(The mode parameter may be set to either "ro", "rw",
+**     "rwc", or "memory". Attempting to set it to any other value is
+**     an error)^. 
+**     ^If "ro" is specified, then the database is opened for read-only 
+**     access, just as if the [SQLITE_OPEN_READONLY] flag had been set in the 
+**     third argument to sqlite3_open_v2(). ^If the mode option is set to 
+**     "rw", then the database is opened for read-write (but not create) 
+**     access, as if SQLITE_OPEN_READWRITE (but not SQLITE_OPEN_CREATE) had 
+**     been set. ^Value "rwc" is equivalent to setting both 
+**     SQLITE_OPEN_READWRITE and SQLITE_OPEN_CREATE.  ^If the mode option is
+**     set to "memory" then a pure [in-memory database] that never reads
+**     or writes from disk is used. ^It is an error to specify a value for
+**     the mode parameter that is less restrictive than that specified by
+**     the flags passed in the third parameter to sqlite3_open_v2().
+**
+**   <li> <b>cache</b>: ^The cache parameter may be set to either "shared" or
+**     "private". ^Setting it to "shared" is equivalent to setting the
+**     SQLITE_OPEN_SHAREDCACHE bit in the flags argument passed to
+**     sqlite3_open_v2(). ^Setting the cache parameter to "private" is 
+**     equivalent to setting the SQLITE_OPEN_PRIVATECACHE bit.
+**     ^If sqlite3_open_v2() is used and the "cache" parameter is present in
+**     a URI filename, its value overrides any behavior requested by setting
+**     SQLITE_OPEN_PRIVATECACHE or SQLITE_OPEN_SHAREDCACHE flag.
+**
+**  <li> <b>psow</b>: ^The psow parameter indicates whether or not the
+**     [powersafe overwrite] property does or does not apply to the
+**     storage media on which the database file resides.
+**
+**  <li> <b>nolock</b>: ^The nolock parameter is a boolean query parameter
+**     which if set disables file locking in rollback journal modes.  This
+**     is useful for accessing a database on a filesystem that does not
+**     support locking.  Caution:  Database corruption might result if two
+**     or more processes write to the same database and any one of those
+**     processes uses nolock=1.
+**
+**  <li> <b>immutable</b>: ^The immutable parameter is a boolean query
+**     parameter that indicates that the database file is stored on
+**     read-only media.  ^When immutable is set, SQLite assumes that the
+**     database file cannot be changed, even by a process with higher
+**     privilege, and so the database is opened read-only and all locking
+**     and change detection is disabled.  Caution: Setting the immutable
+**     property on a database file that does in fact change can result
+**     in incorrect query results and/or [SQLITE_CORRUPT] errors.
+**     See also: [SQLITE_IOCAP_IMMUTABLE].
+**       
+** </ul>
+**
+** ^Specifying an unknown parameter in the query component of a URI is not an
+** error.  Future versions of SQLite might understand additional query
+** parameters.  See "[query parameters with special meaning to SQLite]" for
+** additional information.
+**
+** [[URI filename examples]] <h3>URI filename examples</h3>
+**
+** <table border="1" align=center cellpadding=5>
+** <tr><th> URI filenames <th> Results
+** <tr><td> file:data.db <td> 
+**          Open the file "data.db" in the current directory.
+** <tr><td> file:/home/fred/data.db<br>
+**          file:///home/fred/data.db <br> 
+**          file://localhost/home/fred/data.db <br> <td> 
+**          Open the database file "/home/fred/data.db".
+** <tr><td> file://darkstar/home/fred/data.db <td> 
+**          An error. "darkstar" is not a recognized authority.
+** <tr><td style="white-space:nowrap"> 
+**          file:///C:/Documents%20and%20Settings/fred/Desktop/data.db
+**     <td> Windows only: Open the file "data.db" on fred's desktop on drive
+**          C:. Note that the %20 escaping in this example is not strictly 
+**          necessary - space characters can be used literally
+**          in URI filenames.
+** <tr><td> file:data.db?mode=ro&cache=private <td> 
+**          Open file "data.db" in the current directory for read-only access.
+**          Regardless of whether or not shared-cache mode is enabled by
+**          default, use a private cache.
+** <tr><td> file:/home/fred/data.db?vfs=unix-dotfile <td>
+**          Open file "/home/fred/data.db". Use the special VFS "unix-dotfile"
+**          that uses dot-files in place of posix advisory locking.
+** <tr><td> file:data.db?mode=readonly <td> 
+**          An error. "readonly" is not a valid option for the "mode" parameter.
+** </table>
+**
+** ^URI hexadecimal escape sequences (%HH) are supported within the path and
+** query components of a URI. A hexadecimal escape sequence consists of a
+** percent sign - "%" - followed by exactly two hexadecimal digits 
+** specifying an octet value. ^Before the path or query components of a
+** URI filename are interpreted, they are encoded using UTF-8 and all 
+** hexadecimal escape sequences replaced by a single byte containing the
+** corresponding octet. If this process generates an invalid UTF-8 encoding,
+** the results are undefined.
+**
+** <b>Note to Windows users:</b>  The encoding used for the filename argument
+** of sqlite3_open() and sqlite3_open_v2() must be UTF-8, not whatever
+** codepage is currently defined.  Filenames containing international
+** characters must be converted to UTF-8 prior to passing them into
+** sqlite3_open() or sqlite3_open_v2().
+**
+** <b>Note to Windows Runtime users:</b>  The temporary directory must be set
+** prior to calling sqlite3_open() or sqlite3_open_v2().  Otherwise, various
+** features that require the use of temporary files may fail.
+**
+** See also: [sqlite3_temp_directory]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_open(
+  const char *filename,   /* Database filename (UTF-8) */
+  sqlite3 **ppDb          /* OUT: SQLite db handle */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_open16(
+  const void *filename,   /* Database filename (UTF-16) */
+  sqlite3 **ppDb          /* OUT: SQLite db handle */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_open_v2(
+  const char *filename,   /* Database filename (UTF-8) */
+  sqlite3 **ppDb,         /* OUT: SQLite db handle */
+  int flags,              /* Flags */
+  const char *zVfs        /* Name of VFS module to use */
+);
+
+/*
+** CAPI3REF: Obtain Values For URI Parameters
+**
+** These are utility routines, useful to VFS implementations, that check
+** to see if a database file was a URI that contained a specific query 
+** parameter, and if so obtains the value of that query parameter.
+**
+** If F is the database filename pointer passed into the xOpen() method of 
+** a VFS implementation when the flags parameter to xOpen() has one or 
+** more of the [SQLITE_OPEN_URI] or [SQLITE_OPEN_MAIN_DB] bits set and
+** P is the name of the query parameter, then
+** sqlite3_uri_parameter(F,P) returns the value of the P
+** parameter if it exists or a NULL pointer if P does not appear as a 
+** query parameter on F.  If P is a query parameter of F
+** has no explicit value, then sqlite3_uri_parameter(F,P) returns
+** a pointer to an empty string.
+**
+** The sqlite3_uri_boolean(F,P,B) routine assumes that P is a boolean
+** parameter and returns true (1) or false (0) according to the value
+** of P.  The sqlite3_uri_boolean(F,P,B) routine returns true (1) if the
+** value of query parameter P is one of "yes", "true", or "on" in any
+** case or if the value begins with a non-zero number.  The 
+** sqlite3_uri_boolean(F,P,B) routines returns false (0) if the value of
+** query parameter P is one of "no", "false", or "off" in any case or
+** if the value begins with a numeric zero.  If P is not a query
+** parameter on F or if the value of P is does not match any of the
+** above, then sqlite3_uri_boolean(F,P,B) returns (B!=0).
+**
+** The sqlite3_uri_int64(F,P,D) routine converts the value of P into a
+** 64-bit signed integer and returns that integer, or D if P does not
+** exist.  If the value of P is something other than an integer, then
+** zero is returned.
+** 
+** If F is a NULL pointer, then sqlite3_uri_parameter(F,P) returns NULL and
+** sqlite3_uri_boolean(F,P,B) returns B.  If F is not a NULL pointer and
+** is not a database file pathname pointer that SQLite passed into the xOpen
+** VFS method, then the behavior of this routine is undefined and probably
+** undesirable.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_uri_parameter(const char *zFilename, const char *zParam);
+SQLITE_API int SQLITE_STDCALL sqlite3_uri_boolean(const char *zFile, const char *zParam, int bDefault);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_uri_int64(const char*, const char*, sqlite3_int64);
+
+
+/*
+** CAPI3REF: Error Codes And Messages
+** METHOD: sqlite3
+**
+** ^If the most recent sqlite3_* API call associated with 
+** [database connection] D failed, then the sqlite3_errcode(D) interface
+** returns the numeric [result code] or [extended result code] for that
+** API call.
+** If the most recent API call was successful,
+** then the return value from sqlite3_errcode() is undefined.
+** ^The sqlite3_extended_errcode()
+** interface is the same except that it always returns the 
+** [extended result code] even when extended result codes are
+** disabled.
+**
+** ^The sqlite3_errmsg() and sqlite3_errmsg16() return English-language
+** text that describes the error, as either UTF-8 or UTF-16 respectively.
+** ^(Memory to hold the error message string is managed internally.
+** The application does not need to worry about freeing the result.
+** However, the error string might be overwritten or deallocated by
+** subsequent calls to other SQLite interface functions.)^
+**
+** ^The sqlite3_errstr() interface returns the English-language text
+** that describes the [result code], as UTF-8.
+** ^(Memory to hold the error message string is managed internally
+** and must not be freed by the application)^.
+**
+** When the serialized [threading mode] is in use, it might be the
+** case that a second error occurs on a separate thread in between
+** the time of the first error and the call to these interfaces.
+** When that happens, the second error will be reported since these
+** interfaces always report the most recent result.  To avoid
+** this, each thread can obtain exclusive use of the [database connection] D
+** by invoking [sqlite3_mutex_enter]([sqlite3_db_mutex](D)) before beginning
+** to use D and invoking [sqlite3_mutex_leave]([sqlite3_db_mutex](D)) after
+** all calls to the interfaces listed here are completed.
+**
+** If an interface fails with SQLITE_MISUSE, that means the interface
+** was invoked incorrectly by the application.  In that case, the
+** error code and message may or may not be set.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_errcode(sqlite3 *db);
+SQLITE_API int SQLITE_STDCALL sqlite3_extended_errcode(sqlite3 *db);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_errmsg(sqlite3*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_errmsg16(sqlite3*);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_errstr(int);
+
+/*
+** CAPI3REF: Prepared Statement Object
+** KEYWORDS: {prepared statement} {prepared statements}
+**
+** An instance of this object represents a single SQL statement that
+** has been compiled into binary form and is ready to be evaluated.
+**
+** Think of each SQL statement as a separate computer program.  The
+** original SQL text is source code.  A prepared statement object 
+** is the compiled object code.  All SQL must be converted into a
+** prepared statement before it can be run.
+**
+** The life-cycle of a prepared statement object usually goes like this:
+**
+** <ol>
+** <li> Create the prepared statement object using [sqlite3_prepare_v2()].
+** <li> Bind values to [parameters] using the sqlite3_bind_*()
+**      interfaces.
+** <li> Run the SQL by calling [sqlite3_step()] one or more times.
+** <li> Reset the prepared statement using [sqlite3_reset()] then go back
+**      to step 2.  Do this zero or more times.
+** <li> Destroy the object using [sqlite3_finalize()].
+** </ol>
+*/
+typedef struct sqlite3_stmt sqlite3_stmt;
+
+/*
+** CAPI3REF: Run-time Limits
+** METHOD: sqlite3
+**
+** ^(This interface allows the size of various constructs to be limited
+** on a connection by connection basis.  The first parameter is the
+** [database connection] whose limit is to be set or queried.  The
+** second parameter is one of the [limit categories] that define a
+** class of constructs to be size limited.  The third parameter is the
+** new limit for that construct.)^
+**
+** ^If the new limit is a negative number, the limit is unchanged.
+** ^(For each limit category SQLITE_LIMIT_<i>NAME</i> there is a 
+** [limits | hard upper bound]
+** set at compile-time by a C preprocessor macro called
+** [limits | SQLITE_MAX_<i>NAME</i>].
+** (The "_LIMIT_" in the name is changed to "_MAX_".))^
+** ^Attempts to increase a limit above its hard upper bound are
+** silently truncated to the hard upper bound.
+**
+** ^Regardless of whether or not the limit was changed, the 
+** [sqlite3_limit()] interface returns the prior value of the limit.
+** ^Hence, to find the current value of a limit without changing it,
+** simply invoke this interface with the third parameter set to -1.
+**
+** Run-time limits are intended for use in applications that manage
+** both their own internal database and also databases that are controlled
+** by untrusted external sources.  An example application might be a
+** web browser that has its own databases for storing history and
+** separate databases controlled by JavaScript applications downloaded
+** off the Internet.  The internal databases can be given the
+** large, default limits.  Databases managed by external sources can
+** be given much smaller limits designed to prevent a denial of service
+** attack.  Developers might also want to use the [sqlite3_set_authorizer()]
+** interface to further control untrusted SQL.  The size of the database
+** created by an untrusted script can be contained using the
+** [max_page_count] [PRAGMA].
+**
+** New run-time limit categories may be added in future releases.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_limit(sqlite3*, int id, int newVal);
+
+/*
+** CAPI3REF: Run-Time Limit Categories
+** KEYWORDS: {limit category} {*limit categories}
+**
+** These constants define various performance limits
+** that can be lowered at run-time using [sqlite3_limit()].
+** The synopsis of the meanings of the various limits is shown below.
+** Additional information is available at [limits | Limits in SQLite].
+**
+** <dl>
+** [[SQLITE_LIMIT_LENGTH]] ^(<dt>SQLITE_LIMIT_LENGTH</dt>
+** <dd>The maximum size of any string or BLOB or table row, in bytes.<dd>)^
+**
+** [[SQLITE_LIMIT_SQL_LENGTH]] ^(<dt>SQLITE_LIMIT_SQL_LENGTH</dt>
+** <dd>The maximum length of an SQL statement, in bytes.</dd>)^
+**
+** [[SQLITE_LIMIT_COLUMN]] ^(<dt>SQLITE_LIMIT_COLUMN</dt>
+** <dd>The maximum number of columns in a table definition or in the
+** result set of a [SELECT] or the maximum number of columns in an index
+** or in an ORDER BY or GROUP BY clause.</dd>)^
+**
+** [[SQLITE_LIMIT_EXPR_DEPTH]] ^(<dt>SQLITE_LIMIT_EXPR_DEPTH</dt>
+** <dd>The maximum depth of the parse tree on any expression.</dd>)^
+**
+** [[SQLITE_LIMIT_COMPOUND_SELECT]] ^(<dt>SQLITE_LIMIT_COMPOUND_SELECT</dt>
+** <dd>The maximum number of terms in a compound SELECT statement.</dd>)^
+**
+** [[SQLITE_LIMIT_VDBE_OP]] ^(<dt>SQLITE_LIMIT_VDBE_OP</dt>
+** <dd>The maximum number of instructions in a virtual machine program
+** used to implement an SQL statement.  This limit is not currently
+** enforced, though that might be added in some future release of
+** SQLite.</dd>)^
+**
+** [[SQLITE_LIMIT_FUNCTION_ARG]] ^(<dt>SQLITE_LIMIT_FUNCTION_ARG</dt>
+** <dd>The maximum number of arguments on a function.</dd>)^
+**
+** [[SQLITE_LIMIT_ATTACHED]] ^(<dt>SQLITE_LIMIT_ATTACHED</dt>
+** <dd>The maximum number of [ATTACH | attached databases].)^</dd>
+**
+** [[SQLITE_LIMIT_LIKE_PATTERN_LENGTH]]
+** ^(<dt>SQLITE_LIMIT_LIKE_PATTERN_LENGTH</dt>
+** <dd>The maximum length of the pattern argument to the [LIKE] or
+** [GLOB] operators.</dd>)^
+**
+** [[SQLITE_LIMIT_VARIABLE_NUMBER]]
+** ^(<dt>SQLITE_LIMIT_VARIABLE_NUMBER</dt>
+** <dd>The maximum index number of any [parameter] in an SQL statement.)^
+**
+** [[SQLITE_LIMIT_TRIGGER_DEPTH]] ^(<dt>SQLITE_LIMIT_TRIGGER_DEPTH</dt>
+** <dd>The maximum depth of recursion for triggers.</dd>)^
+**
+** [[SQLITE_LIMIT_WORKER_THREADS]] ^(<dt>SQLITE_LIMIT_WORKER_THREADS</dt>
+** <dd>The maximum number of auxiliary worker threads that a single
+** [prepared statement] may start.</dd>)^
+** </dl>
+*/
+#define SQLITE_LIMIT_LENGTH                    0
+#define SQLITE_LIMIT_SQL_LENGTH                1
+#define SQLITE_LIMIT_COLUMN                    2
+#define SQLITE_LIMIT_EXPR_DEPTH                3
+#define SQLITE_LIMIT_COMPOUND_SELECT           4
+#define SQLITE_LIMIT_VDBE_OP                   5
+#define SQLITE_LIMIT_FUNCTION_ARG              6
+#define SQLITE_LIMIT_ATTACHED                  7
+#define SQLITE_LIMIT_LIKE_PATTERN_LENGTH       8
+#define SQLITE_LIMIT_VARIABLE_NUMBER           9
+#define SQLITE_LIMIT_TRIGGER_DEPTH            10
+#define SQLITE_LIMIT_WORKER_THREADS           11
+
+/*
+** CAPI3REF: Compiling An SQL Statement
+** KEYWORDS: {SQL statement compiler}
+** METHOD: sqlite3
+** CONSTRUCTOR: sqlite3_stmt
+**
+** To execute an SQL query, it must first be compiled into a byte-code
+** program using one of these routines.
+**
+** The first argument, "db", is a [database connection] obtained from a
+** prior successful call to [sqlite3_open()], [sqlite3_open_v2()] or
+** [sqlite3_open16()].  The database connection must not have been closed.
+**
+** The second argument, "zSql", is the statement to be compiled, encoded
+** as either UTF-8 or UTF-16.  The sqlite3_prepare() and sqlite3_prepare_v2()
+** interfaces use UTF-8, and sqlite3_prepare16() and sqlite3_prepare16_v2()
+** use UTF-16.
+**
+** ^If the nByte argument is negative, then zSql is read up to the
+** first zero terminator. ^If nByte is positive, then it is the
+** number of bytes read from zSql.  ^If nByte is zero, then no prepared
+** statement is generated.
+** If the caller knows that the supplied string is nul-terminated, then
+** there is a small performance advantage to passing an nByte parameter that
+** is the number of bytes in the input string <i>including</i>
+** the nul-terminator.
+**
+** ^If pzTail is not NULL then *pzTail is made to point to the first byte
+** past the end of the first SQL statement in zSql.  These routines only
+** compile the first statement in zSql, so *pzTail is left pointing to
+** what remains uncompiled.
+**
+** ^*ppStmt is left pointing to a compiled [prepared statement] that can be
+** executed using [sqlite3_step()].  ^If there is an error, *ppStmt is set
+** to NULL.  ^If the input text contains no SQL (if the input is an empty
+** string or a comment) then *ppStmt is set to NULL.
+** The calling procedure is responsible for deleting the compiled
+** SQL statement using [sqlite3_finalize()] after it has finished with it.
+** ppStmt may not be NULL.
+**
+** ^On success, the sqlite3_prepare() family of routines return [SQLITE_OK];
+** otherwise an [error code] is returned.
+**
+** The sqlite3_prepare_v2() and sqlite3_prepare16_v2() interfaces are
+** recommended for all new programs. The two older interfaces are retained
+** for backwards compatibility, but their use is discouraged.
+** ^In the "v2" interfaces, the prepared statement
+** that is returned (the [sqlite3_stmt] object) contains a copy of the
+** original SQL text. This causes the [sqlite3_step()] interface to
+** behave differently in three ways:
+**
+** <ol>
+** <li>
+** ^If the database schema changes, instead of returning [SQLITE_SCHEMA] as it
+** always used to do, [sqlite3_step()] will automatically recompile the SQL
+** statement and try to run it again. As many as [SQLITE_MAX_SCHEMA_RETRY]
+** retries will occur before sqlite3_step() gives up and returns an error.
+** </li>
+**
+** <li>
+** ^When an error occurs, [sqlite3_step()] will return one of the detailed
+** [error codes] or [extended error codes].  ^The legacy behavior was that
+** [sqlite3_step()] would only return a generic [SQLITE_ERROR] result code
+** and the application would have to make a second call to [sqlite3_reset()]
+** in order to find the underlying cause of the problem. With the "v2" prepare
+** interfaces, the underlying reason for the error is returned immediately.
+** </li>
+**
+** <li>
+** ^If the specific value bound to [parameter | host parameter] in the 
+** WHERE clause might influence the choice of query plan for a statement,
+** then the statement will be automatically recompiled, as if there had been 
+** a schema change, on the first  [sqlite3_step()] call following any change
+** to the [sqlite3_bind_text | bindings] of that [parameter]. 
+** ^The specific value of WHERE-clause [parameter] might influence the 
+** choice of query plan if the parameter is the left-hand side of a [LIKE]
+** or [GLOB] operator or if the parameter is compared to an indexed column
+** and the [SQLITE_ENABLE_STAT3] compile-time option is enabled.
+** </li>
+** </ol>
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare(
+  sqlite3 *db,            /* Database handle */
+  const char *zSql,       /* SQL statement, UTF-8 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const char **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare_v2(
+  sqlite3 *db,            /* Database handle */
+  const char *zSql,       /* SQL statement, UTF-8 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const char **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare16(
+  sqlite3 *db,            /* Database handle */
+  const void *zSql,       /* SQL statement, UTF-16 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const void **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare16_v2(
+  sqlite3 *db,            /* Database handle */
+  const void *zSql,       /* SQL statement, UTF-16 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const void **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+
+/*
+** CAPI3REF: Retrieving Statement SQL
+** METHOD: sqlite3_stmt
+**
+** ^This interface can be used to retrieve a saved copy of the original
+** SQL text used to create a [prepared statement] if that statement was
+** compiled using either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()].
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_sql(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Determine If An SQL Statement Writes The Database
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_stmt_readonly(X) interface returns true (non-zero) if
+** and only if the [prepared statement] X makes no direct changes to
+** the content of the database file.
+**
+** Note that [application-defined SQL functions] or
+** [virtual tables] might change the database indirectly as a side effect.  
+** ^(For example, if an application defines a function "eval()" that 
+** calls [sqlite3_exec()], then the following SQL statement would
+** change the database file through side-effects:
+**
+** <blockquote><pre>
+**    SELECT eval('DELETE FROM t1') FROM t2;
+** </pre></blockquote>
+**
+** But because the [SELECT] statement does not change the database file
+** directly, sqlite3_stmt_readonly() would still return true.)^
+**
+** ^Transaction control statements such as [BEGIN], [COMMIT], [ROLLBACK],
+** [SAVEPOINT], and [RELEASE] cause sqlite3_stmt_readonly() to return true,
+** since the statements themselves do not actually modify the database but
+** rather they control the timing of when other statements modify the 
+** database.  ^The [ATTACH] and [DETACH] statements also cause
+** sqlite3_stmt_readonly() to return true since, while those statements
+** change the configuration of a database connection, they do not make 
+** changes to the content of the database files on disk.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_readonly(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Determine If A Prepared Statement Has Been Reset
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_stmt_busy(S) interface returns true (non-zero) if the
+** [prepared statement] S has been stepped at least once using 
+** [sqlite3_step(S)] but has neither run to completion (returned
+** [SQLITE_DONE] from [sqlite3_step(S)]) nor
+** been reset using [sqlite3_reset(S)].  ^The sqlite3_stmt_busy(S)
+** interface returns false if S is a NULL pointer.  If S is not a 
+** NULL pointer and is not a pointer to a valid [prepared statement]
+** object, then the behavior is undefined and probably undesirable.
+**
+** This interface can be used in combination [sqlite3_next_stmt()]
+** to locate all prepared statements associated with a database 
+** connection that are in need of being reset.  This can be used,
+** for example, in diagnostic routines to search for prepared 
+** statements that are holding a transaction open.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_busy(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Dynamically Typed Value Object
+** KEYWORDS: {protected sqlite3_value} {unprotected sqlite3_value}
+**
+** SQLite uses the sqlite3_value object to represent all values
+** that can be stored in a database table. SQLite uses dynamic typing
+** for the values it stores.  ^Values stored in sqlite3_value objects
+** can be integers, floating point values, strings, BLOBs, or NULL.
+**
+** An sqlite3_value object may be either "protected" or "unprotected".
+** Some interfaces require a protected sqlite3_value.  Other interfaces
+** will accept either a protected or an unprotected sqlite3_value.
+** Every interface that accepts sqlite3_value arguments specifies
+** whether or not it requires a protected sqlite3_value.  The
+** [sqlite3_value_dup()] interface can be used to construct a new 
+** protected sqlite3_value from an unprotected sqlite3_value.
+**
+** The terms "protected" and "unprotected" refer to whether or not
+** a mutex is held.  An internal mutex is held for a protected
+** sqlite3_value object but no mutex is held for an unprotected
+** sqlite3_value object.  If SQLite is compiled to be single-threaded
+** (with [SQLITE_THREADSAFE=0] and with [sqlite3_threadsafe()] returning 0)
+** or if SQLite is run in one of reduced mutex modes 
+** [SQLITE_CONFIG_SINGLETHREAD] or [SQLITE_CONFIG_MULTITHREAD]
+** then there is no distinction between protected and unprotected
+** sqlite3_value objects and they can be used interchangeably.  However,
+** for maximum code portability it is recommended that applications
+** still make the distinction between protected and unprotected
+** sqlite3_value objects even when not strictly required.
+**
+** ^The sqlite3_value objects that are passed as parameters into the
+** implementation of [application-defined SQL functions] are protected.
+** ^The sqlite3_value object returned by
+** [sqlite3_column_value()] is unprotected.
+** Unprotected sqlite3_value objects may only be used with
+** [sqlite3_result_value()] and [sqlite3_bind_value()].
+** The [sqlite3_value_blob | sqlite3_value_type()] family of
+** interfaces require protected sqlite3_value objects.
+*/
+typedef struct Mem sqlite3_value;
+
+/*
+** CAPI3REF: SQL Function Context Object
+**
+** The context in which an SQL function executes is stored in an
+** sqlite3_context object.  ^A pointer to an sqlite3_context object
+** is always first parameter to [application-defined SQL functions].
+** The application-defined SQL function implementation will pass this
+** pointer through into calls to [sqlite3_result_int | sqlite3_result()],
+** [sqlite3_aggregate_context()], [sqlite3_user_data()],
+** [sqlite3_context_db_handle()], [sqlite3_get_auxdata()],
+** and/or [sqlite3_set_auxdata()].
+*/
+typedef struct sqlite3_context sqlite3_context;
+
+/*
+** CAPI3REF: Binding Values To Prepared Statements
+** KEYWORDS: {host parameter} {host parameters} {host parameter name}
+** KEYWORDS: {SQL parameter} {SQL parameters} {parameter binding}
+** METHOD: sqlite3_stmt
+**
+** ^(In the SQL statement text input to [sqlite3_prepare_v2()] and its variants,
+** literals may be replaced by a [parameter] that matches one of following
+** templates:
+**
+** <ul>
+** <li>  ?
+** <li>  ?NNN
+** <li>  :VVV
+** <li>  @VVV
+** <li>  $VVV
+** </ul>
+**
+** In the templates above, NNN represents an integer literal,
+** and VVV represents an alphanumeric identifier.)^  ^The values of these
+** parameters (also called "host parameter names" or "SQL parameters")
+** can be set using the sqlite3_bind_*() routines defined here.
+**
+** ^The first argument to the sqlite3_bind_*() routines is always
+** a pointer to the [sqlite3_stmt] object returned from
+** [sqlite3_prepare_v2()] or its variants.
+**
+** ^The second argument is the index of the SQL parameter to be set.
+** ^The leftmost SQL parameter has an index of 1.  ^When the same named
+** SQL parameter is used more than once, second and subsequent
+** occurrences have the same index as the first occurrence.
+** ^The index for named parameters can be looked up using the
+** [sqlite3_bind_parameter_index()] API if desired.  ^The index
+** for "?NNN" parameters is the value of NNN.
+** ^The NNN value must be between 1 and the [sqlite3_limit()]
+** parameter [SQLITE_LIMIT_VARIABLE_NUMBER] (default value: 999).
+**
+** ^The third argument is the value to bind to the parameter.
+** ^If the third parameter to sqlite3_bind_text() or sqlite3_bind_text16()
+** or sqlite3_bind_blob() is a NULL pointer then the fourth parameter
+** is ignored and the end result is the same as sqlite3_bind_null().
+**
+** ^(In those routines that have a fourth argument, its value is the
+** number of bytes in the parameter.  To be clear: the value is the
+** number of <u>bytes</u> in the value, not the number of characters.)^
+** ^If the fourth parameter to sqlite3_bind_text() or sqlite3_bind_text16()
+** is negative, then the length of the string is
+** the number of bytes up to the first zero terminator.
+** If the fourth parameter to sqlite3_bind_blob() is negative, then
+** the behavior is undefined.
+** If a non-negative fourth parameter is provided to sqlite3_bind_text()
+** or sqlite3_bind_text16() or sqlite3_bind_text64() then
+** that parameter must be the byte offset
+** where the NUL terminator would occur assuming the string were NUL
+** terminated.  If any NUL characters occur at byte offsets less than 
+** the value of the fourth parameter then the resulting string value will
+** contain embedded NULs.  The result of expressions involving strings
+** with embedded NULs is undefined.
+**
+** ^The fifth argument to the BLOB and string binding interfaces
+** is a destructor used to dispose of the BLOB or
+** string after SQLite has finished with it.  ^The destructor is called
+** to dispose of the BLOB or string even if the call to bind API fails.
+** ^If the fifth argument is
+** the special value [SQLITE_STATIC], then SQLite assumes that the
+** information is in static, unmanaged space and does not need to be freed.
+** ^If the fifth argument has the value [SQLITE_TRANSIENT], then
+** SQLite makes its own private copy of the data immediately, before
+** the sqlite3_bind_*() routine returns.
+**
+** ^The sixth argument to sqlite3_bind_text64() must be one of
+** [SQLITE_UTF8], [SQLITE_UTF16], [SQLITE_UTF16BE], or [SQLITE_UTF16LE]
+** to specify the encoding of the text in the third parameter.  If
+** the sixth argument to sqlite3_bind_text64() is not one of the
+** allowed values shown above, or if the text encoding is different
+** from the encoding specified by the sixth parameter, then the behavior
+** is undefined.
+**
+** ^The sqlite3_bind_zeroblob() routine binds a BLOB of length N that
+** is filled with zeroes.  ^A zeroblob uses a fixed amount of memory
+** (just an integer to hold its size) while it is being processed.
+** Zeroblobs are intended to serve as placeholders for BLOBs whose
+** content is later written using
+** [sqlite3_blob_open | incremental BLOB I/O] routines.
+** ^A negative value for the zeroblob results in a zero-length BLOB.
+**
+** ^If any of the sqlite3_bind_*() routines are called with a NULL pointer
+** for the [prepared statement] or with a prepared statement for which
+** [sqlite3_step()] has been called more recently than [sqlite3_reset()],
+** then the call will return [SQLITE_MISUSE].  If any sqlite3_bind_()
+** routine is passed a [prepared statement] that has been finalized, the
+** result is undefined and probably harmful.
+**
+** ^Bindings are not cleared by the [sqlite3_reset()] routine.
+** ^Unbound parameters are interpreted as NULL.
+**
+** ^The sqlite3_bind_* routines return [SQLITE_OK] on success or an
+** [error code] if anything goes wrong.
+** ^[SQLITE_TOOBIG] might be returned if the size of a string or BLOB
+** exceeds limits imposed by [sqlite3_limit]([SQLITE_LIMIT_LENGTH]) or
+** [SQLITE_MAX_LENGTH].
+** ^[SQLITE_RANGE] is returned if the parameter
+** index is out of range.  ^[SQLITE_NOMEM] is returned if malloc() fails.
+**
+** See also: [sqlite3_bind_parameter_count()],
+** [sqlite3_bind_parameter_name()], and [sqlite3_bind_parameter_index()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_blob(sqlite3_stmt*, int, const void*, int n, void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_blob64(sqlite3_stmt*, int, const void*, sqlite3_uint64,
+                        void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_double(sqlite3_stmt*, int, double);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_int(sqlite3_stmt*, int, int);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_int64(sqlite3_stmt*, int, sqlite3_int64);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_null(sqlite3_stmt*, int);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text(sqlite3_stmt*,int,const char*,int,void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text16(sqlite3_stmt*, int, const void*, int, void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text64(sqlite3_stmt*, int, const char*, sqlite3_uint64,
+                         void(*)(void*), unsigned char encoding);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_value(sqlite3_stmt*, int, const sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_zeroblob(sqlite3_stmt*, int, int n);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_zeroblob64(sqlite3_stmt*, int, sqlite3_uint64);
+
+/*
+** CAPI3REF: Number Of SQL Parameters
+** METHOD: sqlite3_stmt
+**
+** ^This routine can be used to find the number of [SQL parameters]
+** in a [prepared statement].  SQL parameters are tokens of the
+** form "?", "?NNN", ":AAA", "$AAA", or "@AAA" that serve as
+** placeholders for values that are [sqlite3_bind_blob | bound]
+** to the parameters at a later time.
+**
+** ^(This routine actually returns the index of the largest (rightmost)
+** parameter. For all forms except ?NNN, this will correspond to the
+** number of unique parameters.  If parameters of the ?NNN form are used,
+** there may be gaps in the list.)^
+**
+** See also: [sqlite3_bind_blob|sqlite3_bind()],
+** [sqlite3_bind_parameter_name()], and
+** [sqlite3_bind_parameter_index()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_parameter_count(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Name Of A Host Parameter
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_bind_parameter_name(P,N) interface returns
+** the name of the N-th [SQL parameter] in the [prepared statement] P.
+** ^(SQL parameters of the form "?NNN" or ":AAA" or "@AAA" or "$AAA"
+** have a name which is the string "?NNN" or ":AAA" or "@AAA" or "$AAA"
+** respectively.
+** In other words, the initial ":" or "$" or "@" or "?"
+** is included as part of the name.)^
+** ^Parameters of the form "?" without a following integer have no name
+** and are referred to as "nameless" or "anonymous parameters".
+**
+** ^The first host parameter has an index of 1, not 0.
+**
+** ^If the value N is out of range or if the N-th parameter is
+** nameless, then NULL is returned.  ^The returned string is
+** always in UTF-8 encoding even if the named parameter was
+** originally specified as UTF-16 in [sqlite3_prepare16()] or
+** [sqlite3_prepare16_v2()].
+**
+** See also: [sqlite3_bind_blob|sqlite3_bind()],
+** [sqlite3_bind_parameter_count()], and
+** [sqlite3_bind_parameter_index()].
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_bind_parameter_name(sqlite3_stmt*, int);
+
+/*
+** CAPI3REF: Index Of A Parameter With A Given Name
+** METHOD: sqlite3_stmt
+**
+** ^Return the index of an SQL parameter given its name.  ^The
+** index value returned is suitable for use as the second
+** parameter to [sqlite3_bind_blob|sqlite3_bind()].  ^A zero
+** is returned if no matching parameter is found.  ^The parameter
+** name must be given in UTF-8 even if the original statement
+** was prepared from UTF-16 text using [sqlite3_prepare16_v2()].
+**
+** See also: [sqlite3_bind_blob|sqlite3_bind()],
+** [sqlite3_bind_parameter_count()], and
+** [sqlite3_bind_parameter_name()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_parameter_index(sqlite3_stmt*, const char *zName);
+
+/*
+** CAPI3REF: Reset All Bindings On A Prepared Statement
+** METHOD: sqlite3_stmt
+**
+** ^Contrary to the intuition of many, [sqlite3_reset()] does not reset
+** the [sqlite3_bind_blob | bindings] on a [prepared statement].
+** ^Use this routine to reset all host parameters to NULL.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_clear_bindings(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Number Of Columns In A Result Set
+** METHOD: sqlite3_stmt
+**
+** ^Return the number of columns in the result set returned by the
+** [prepared statement]. ^This routine returns 0 if pStmt is an SQL
+** statement that does not return data (for example an [UPDATE]).
+**
+** See also: [sqlite3_data_count()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_column_count(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Column Names In A Result Set
+** METHOD: sqlite3_stmt
+**
+** ^These routines return the name assigned to a particular column
+** in the result set of a [SELECT] statement.  ^The sqlite3_column_name()
+** interface returns a pointer to a zero-terminated UTF-8 string
+** and sqlite3_column_name16() returns a pointer to a zero-terminated
+** UTF-16 string.  ^The first parameter is the [prepared statement]
+** that implements the [SELECT] statement. ^The second parameter is the
+** column number.  ^The leftmost column is number 0.
+**
+** ^The returned string pointer is valid until either the [prepared statement]
+** is destroyed by [sqlite3_finalize()] or until the statement is automatically
+** reprepared by the first call to [sqlite3_step()] for a particular run
+** or until the next call to
+** sqlite3_column_name() or sqlite3_column_name16() on the same column.
+**
+** ^If sqlite3_malloc() fails during the processing of either routine
+** (for example during a conversion from UTF-8 to UTF-16) then a
+** NULL pointer is returned.
+**
+** ^The name of a result column is the value of the "AS" clause for
+** that column, if there is an AS clause.  If there is no AS clause
+** then the name of the column is unspecified and may change from
+** one release of SQLite to the next.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_name(sqlite3_stmt*, int N);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_name16(sqlite3_stmt*, int N);
+
+/*
+** CAPI3REF: Source Of Data In A Query Result
+** METHOD: sqlite3_stmt
+**
+** ^These routines provide a means to determine the database, table, and
+** table column that is the origin of a particular result column in
+** [SELECT] statement.
+** ^The name of the database or table or column can be returned as
+** either a UTF-8 or UTF-16 string.  ^The _database_ routines return
+** the database name, the _table_ routines return the table name, and
+** the origin_ routines return the column name.
+** ^The returned string is valid until the [prepared statement] is destroyed
+** using [sqlite3_finalize()] or until the statement is automatically
+** reprepared by the first call to [sqlite3_step()] for a particular run
+** or until the same information is requested
+** again in a different encoding.
+**
+** ^The names returned are the original un-aliased names of the
+** database, table, and column.
+**
+** ^The first argument to these interfaces is a [prepared statement].
+** ^These functions return information about the Nth result column returned by
+** the statement, where N is the second function argument.
+** ^The left-most column is column 0 for these routines.
+**
+** ^If the Nth column returned by the statement is an expression or
+** subquery and is not a column value, then all of these functions return
+** NULL.  ^These routine might also return NULL if a memory allocation error
+** occurs.  ^Otherwise, they return the name of the attached database, table,
+** or column that query result column was extracted from.
+**
+** ^As with all other SQLite APIs, those whose names end with "16" return
+** UTF-16 encoded strings and the other functions return UTF-8.
+**
+** ^These APIs are only available if the library was compiled with the
+** [SQLITE_ENABLE_COLUMN_METADATA] C-preprocessor symbol.
+**
+** If two or more threads call one or more of these routines against the same
+** prepared statement and column at the same time then the results are
+** undefined.
+**
+** If two or more threads call one or more
+** [sqlite3_column_database_name | column metadata interfaces]
+** for the same [prepared statement] and result column
+** at the same time then the results are undefined.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_database_name(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_database_name16(sqlite3_stmt*,int);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_table_name(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_table_name16(sqlite3_stmt*,int);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_origin_name(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_origin_name16(sqlite3_stmt*,int);
+
+/*
+** CAPI3REF: Declared Datatype Of A Query Result
+** METHOD: sqlite3_stmt
+**
+** ^(The first parameter is a [prepared statement].
+** If this statement is a [SELECT] statement and the Nth column of the
+** returned result set of that [SELECT] is a table column (not an
+** expression or subquery) then the declared type of the table
+** column is returned.)^  ^If the Nth column of the result set is an
+** expression or subquery, then a NULL pointer is returned.
+** ^The returned string is always UTF-8 encoded.
+**
+** ^(For example, given the database schema:
+**
+** CREATE TABLE t1(c1 VARIANT);
+**
+** and the following statement to be compiled:
+**
+** SELECT c1 + 1, c1 FROM t1;
+**
+** this routine would return the string "VARIANT" for the second result
+** column (i==1), and a NULL pointer for the first result column (i==0).)^
+**
+** ^SQLite uses dynamic run-time typing.  ^So just because a column
+** is declared to contain a particular type does not mean that the
+** data stored in that column is of the declared type.  SQLite is
+** strongly typed, but the typing is dynamic not static.  ^Type
+** is associated with individual values, not with the containers
+** used to hold those values.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_decltype(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_decltype16(sqlite3_stmt*,int);
+
+/*
+** CAPI3REF: Evaluate An SQL Statement
+** METHOD: sqlite3_stmt
+**
+** After a [prepared statement] has been prepared using either
+** [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] or one of the legacy
+** interfaces [sqlite3_prepare()] or [sqlite3_prepare16()], this function
+** must be called one or more times to evaluate the statement.
+**
+** The details of the behavior of the sqlite3_step() interface depend
+** on whether the statement was prepared using the newer "v2" interface
+** [sqlite3_prepare_v2()] and [sqlite3_prepare16_v2()] or the older legacy
+** interface [sqlite3_prepare()] and [sqlite3_prepare16()].  The use of the
+** new "v2" interface is recommended for new applications but the legacy
+** interface will continue to be supported.
+**
+** ^In the legacy interface, the return value will be either [SQLITE_BUSY],
+** [SQLITE_DONE], [SQLITE_ROW], [SQLITE_ERROR], or [SQLITE_MISUSE].
+** ^With the "v2" interface, any of the other [result codes] or
+** [extended result codes] might be returned as well.
+**
+** ^[SQLITE_BUSY] means that the database engine was unable to acquire the
+** database locks it needs to do its job.  ^If the statement is a [COMMIT]
+** or occurs outside of an explicit transaction, then you can retry the
+** statement.  If the statement is not a [COMMIT] and occurs within an
+** explicit transaction then you should rollback the transaction before
+** continuing.
+**
+** ^[SQLITE_DONE] means that the statement has finished executing
+** successfully.  sqlite3_step() should not be called again on this virtual
+** machine without first calling [sqlite3_reset()] to reset the virtual
+** machine back to its initial state.
+**
+** ^If the SQL statement being executed returns any data, then [SQLITE_ROW]
+** is returned each time a new row of data is ready for processing by the
+** caller. The values may be accessed using the [column access functions].
+** sqlite3_step() is called again to retrieve the next row of data.
+**
+** ^[SQLITE_ERROR] means that a run-time error (such as a constraint
+** violation) has occurred.  sqlite3_step() should not be called again on
+** the VM. More information may be found by calling [sqlite3_errmsg()].
+** ^With the legacy interface, a more specific error code (for example,
+** [SQLITE_INTERRUPT], [SQLITE_SCHEMA], [SQLITE_CORRUPT], and so forth)
+** can be obtained by calling [sqlite3_reset()] on the
+** [prepared statement].  ^In the "v2" interface,
+** the more specific error code is returned directly by sqlite3_step().
+**
+** [SQLITE_MISUSE] means that the this routine was called inappropriately.
+** Perhaps it was called on a [prepared statement] that has
+** already been [sqlite3_finalize | finalized] or on one that had
+** previously returned [SQLITE_ERROR] or [SQLITE_DONE].  Or it could
+** be the case that the same database connection is being used by two or
+** more threads at the same moment in time.
+**
+** For all versions of SQLite up to and including 3.6.23.1, a call to
+** [sqlite3_reset()] was required after sqlite3_step() returned anything
+** other than [SQLITE_ROW] before any subsequent invocation of
+** sqlite3_step().  Failure to reset the prepared statement using 
+** [sqlite3_reset()] would result in an [SQLITE_MISUSE] return from
+** sqlite3_step().  But after version 3.6.23.1, sqlite3_step() began
+** calling [sqlite3_reset()] automatically in this circumstance rather
+** than returning [SQLITE_MISUSE].  This is not considered a compatibility
+** break because any application that ever receives an SQLITE_MISUSE error
+** is broken by definition.  The [SQLITE_OMIT_AUTORESET] compile-time option
+** can be used to restore the legacy behavior.
+**
+** <b>Goofy Interface Alert:</b> In the legacy interface, the sqlite3_step()
+** API always returns a generic error code, [SQLITE_ERROR], following any
+** error other than [SQLITE_BUSY] and [SQLITE_MISUSE].  You must call
+** [sqlite3_reset()] or [sqlite3_finalize()] in order to find one of the
+** specific [error codes] that better describes the error.
+** We admit that this is a goofy design.  The problem has been fixed
+** with the "v2" interface.  If you prepare all of your SQL statements
+** using either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] instead
+** of the legacy [sqlite3_prepare()] and [sqlite3_prepare16()] interfaces,
+** then the more specific [error codes] are returned directly
+** by sqlite3_step().  The use of the "v2" interface is recommended.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_step(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Number of columns in a result set
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_data_count(P) interface returns the number of columns in the
+** current row of the result set of [prepared statement] P.
+** ^If prepared statement P does not have results ready to return
+** (via calls to the [sqlite3_column_int | sqlite3_column_*()] of
+** interfaces) then sqlite3_data_count(P) returns 0.
+** ^The sqlite3_data_count(P) routine also returns 0 if P is a NULL pointer.
+** ^The sqlite3_data_count(P) routine returns 0 if the previous call to
+** [sqlite3_step](P) returned [SQLITE_DONE].  ^The sqlite3_data_count(P)
+** will return non-zero if previous call to [sqlite3_step](P) returned
+** [SQLITE_ROW], except in the case of the [PRAGMA incremental_vacuum]
+** where it always returns zero since each step of that multi-step
+** pragma returns 0 columns of data.
+**
+** See also: [sqlite3_column_count()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_data_count(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Fundamental Datatypes
+** KEYWORDS: SQLITE_TEXT
+**
+** ^(Every value in SQLite has one of five fundamental datatypes:
+**
+** <ul>
+** <li> 64-bit signed integer
+** <li> 64-bit IEEE floating point number
+** <li> string
+** <li> BLOB
+** <li> NULL
+** </ul>)^
+**
+** These constants are codes for each of those types.
+**
+** Note that the SQLITE_TEXT constant was also used in SQLite version 2
+** for a completely different meaning.  Software that links against both
+** SQLite version 2 and SQLite version 3 should use SQLITE3_TEXT, not
+** SQLITE_TEXT.
+*/
+#define SQLITE_INTEGER  1
+#define SQLITE_FLOAT    2
+#define SQLITE_BLOB     4
+#define SQLITE_NULL     5
+#ifdef SQLITE_TEXT
+# undef SQLITE_TEXT
+#else
+# define SQLITE_TEXT     3
+#endif
+#define SQLITE3_TEXT     3
+
+/*
+** CAPI3REF: Result Values From A Query
+** KEYWORDS: {column access functions}
+** METHOD: sqlite3_stmt
+**
+** ^These routines return information about a single column of the current
+** result row of a query.  ^In every case the first argument is a pointer
+** to the [prepared statement] that is being evaluated (the [sqlite3_stmt*]
+** that was returned from [sqlite3_prepare_v2()] or one of its variants)
+** and the second argument is the index of the column for which information
+** should be returned. ^The leftmost column of the result set has the index 0.
+** ^The number of columns in the result can be determined using
+** [sqlite3_column_count()].
+**
+** If the SQL statement does not currently point to a valid row, or if the
+** column index is out of range, the result is undefined.
+** These routines may only be called when the most recent call to
+** [sqlite3_step()] has returned [SQLITE_ROW] and neither
+** [sqlite3_reset()] nor [sqlite3_finalize()] have been called subsequently.
+** If any of these routines are called after [sqlite3_reset()] or
+** [sqlite3_finalize()] or after [sqlite3_step()] has returned
+** something other than [SQLITE_ROW], the results are undefined.
+** If [sqlite3_step()] or [sqlite3_reset()] or [sqlite3_finalize()]
+** are called from a different thread while any of these routines
+** are pending, then the results are undefined.
+**
+** ^The sqlite3_column_type() routine returns the
+** [SQLITE_INTEGER | datatype code] for the initial data type
+** of the result column.  ^The returned value is one of [SQLITE_INTEGER],
+** [SQLITE_FLOAT], [SQLITE_TEXT], [SQLITE_BLOB], or [SQLITE_NULL].  The value
+** returned by sqlite3_column_type() is only meaningful if no type
+** conversions have occurred as described below.  After a type conversion,
+** the value returned by sqlite3_column_type() is undefined.  Future
+** versions of SQLite may change the behavior of sqlite3_column_type()
+** following a type conversion.
+**
+** ^If the result is a BLOB or UTF-8 string then the sqlite3_column_bytes()
+** routine returns the number of bytes in that BLOB or string.
+** ^If the result is a UTF-16 string, then sqlite3_column_bytes() converts
+** the string to UTF-8 and then returns the number of bytes.
+** ^If the result is a numeric value then sqlite3_column_bytes() uses
+** [sqlite3_snprintf()] to convert that value to a UTF-8 string and returns
+** the number of bytes in that string.
+** ^If the result is NULL, then sqlite3_column_bytes() returns zero.
+**
+** ^If the result is a BLOB or UTF-16 string then the sqlite3_column_bytes16()
+** routine returns the number of bytes in that BLOB or string.
+** ^If the result is a UTF-8 string, then sqlite3_column_bytes16() converts
+** the string to UTF-16 and then returns the number of bytes.
+** ^If the result is a numeric value then sqlite3_column_bytes16() uses
+** [sqlite3_snprintf()] to convert that value to a UTF-16 string and returns
+** the number of bytes in that string.
+** ^If the result is NULL, then sqlite3_column_bytes16() returns zero.
+**
+** ^The values returned by [sqlite3_column_bytes()] and 
+** [sqlite3_column_bytes16()] do not include the zero terminators at the end
+** of the string.  ^For clarity: the values returned by
+** [sqlite3_column_bytes()] and [sqlite3_column_bytes16()] are the number of
+** bytes in the string, not the number of characters.
+**
+** ^Strings returned by sqlite3_column_text() and sqlite3_column_text16(),
+** even empty strings, are always zero-terminated.  ^The return
+** value from sqlite3_column_blob() for a zero-length BLOB is a NULL pointer.
+**
+** <b>Warning:</b> ^The object returned by [sqlite3_column_value()] is an
+** [unprotected sqlite3_value] object.  In a multithreaded environment,
+** an unprotected sqlite3_value object may only be used safely with
+** [sqlite3_bind_value()] and [sqlite3_result_value()].
+** If the [unprotected sqlite3_value] object returned by
+** [sqlite3_column_value()] is used in any other way, including calls
+** to routines like [sqlite3_value_int()], [sqlite3_value_text()],
+** or [sqlite3_value_bytes()], the behavior is not threadsafe.
+**
+** These routines attempt to convert the value where appropriate.  ^For
+** example, if the internal representation is FLOAT and a text result
+** is requested, [sqlite3_snprintf()] is used internally to perform the
+** conversion automatically.  ^(The following table details the conversions
+** that are applied:
+**
+** <blockquote>
+** <table border="1">
+** <tr><th> Internal<br>Type <th> Requested<br>Type <th>  Conversion
+**
+** <tr><td>  NULL    <td> INTEGER   <td> Result is 0
+** <tr><td>  NULL    <td>  FLOAT    <td> Result is 0.0
+** <tr><td>  NULL    <td>   TEXT    <td> Result is a NULL pointer
+** <tr><td>  NULL    <td>   BLOB    <td> Result is a NULL pointer
+** <tr><td> INTEGER  <td>  FLOAT    <td> Convert from integer to float
+** <tr><td> INTEGER  <td>   TEXT    <td> ASCII rendering of the integer
+** <tr><td> INTEGER  <td>   BLOB    <td> Same as INTEGER->TEXT
+** <tr><td>  FLOAT   <td> INTEGER   <td> [CAST] to INTEGER
+** <tr><td>  FLOAT   <td>   TEXT    <td> ASCII rendering of the float
+** <tr><td>  FLOAT   <td>   BLOB    <td> [CAST] to BLOB
+** <tr><td>  TEXT    <td> INTEGER   <td> [CAST] to INTEGER
+** <tr><td>  TEXT    <td>  FLOAT    <td> [CAST] to REAL
+** <tr><td>  TEXT    <td>   BLOB    <td> No change
+** <tr><td>  BLOB    <td> INTEGER   <td> [CAST] to INTEGER
+** <tr><td>  BLOB    <td>  FLOAT    <td> [CAST] to REAL
+** <tr><td>  BLOB    <td>   TEXT    <td> Add a zero terminator if needed
+** </table>
+** </blockquote>)^
+**
+** Note that when type conversions occur, pointers returned by prior
+** calls to sqlite3_column_blob(), sqlite3_column_text(), and/or
+** sqlite3_column_text16() may be invalidated.
+** Type conversions and pointer invalidations might occur
+** in the following cases:
+**
+** <ul>
+** <li> The initial content is a BLOB and sqlite3_column_text() or
+**      sqlite3_column_text16() is called.  A zero-terminator might
+**      need to be added to the string.</li>
+** <li> The initial content is UTF-8 text and sqlite3_column_bytes16() or
+**      sqlite3_column_text16() is called.  The content must be converted
+**      to UTF-16.</li>
+** <li> The initial content is UTF-16 text and sqlite3_column_bytes() or
+**      sqlite3_column_text() is called.  The content must be converted
+**      to UTF-8.</li>
+** </ul>
+**
+** ^Conversions between UTF-16be and UTF-16le are always done in place and do
+** not invalidate a prior pointer, though of course the content of the buffer
+** that the prior pointer references will have been modified.  Other kinds
+** of conversion are done in place when it is possible, but sometimes they
+** are not possible and in those cases prior pointers are invalidated.
+**
+** The safest policy is to invoke these routines
+** in one of the following ways:
+**
+** <ul>
+**  <li>sqlite3_column_text() followed by sqlite3_column_bytes()</li>
+**  <li>sqlite3_column_blob() followed by sqlite3_column_bytes()</li>
+**  <li>sqlite3_column_text16() followed by sqlite3_column_bytes16()</li>
+** </ul>
+**
+** In other words, you should call sqlite3_column_text(),
+** sqlite3_column_blob(), or sqlite3_column_text16() first to force the result
+** into the desired format, then invoke sqlite3_column_bytes() or
+** sqlite3_column_bytes16() to find the size of the result.  Do not mix calls
+** to sqlite3_column_text() or sqlite3_column_blob() with calls to
+** sqlite3_column_bytes16(), and do not mix calls to sqlite3_column_text16()
+** with calls to sqlite3_column_bytes().
+**
+** ^The pointers returned are valid until a type conversion occurs as
+** described above, or until [sqlite3_step()] or [sqlite3_reset()] or
+** [sqlite3_finalize()] is called.  ^The memory space used to hold strings
+** and BLOBs is freed automatically.  Do <em>not</em> pass the pointers returned
+** from [sqlite3_column_blob()], [sqlite3_column_text()], etc. into
+** [sqlite3_free()].
+**
+** ^(If a memory allocation error occurs during the evaluation of any
+** of these routines, a default value is returned.  The default value
+** is either the integer 0, the floating point number 0.0, or a NULL
+** pointer.  Subsequent calls to [sqlite3_errcode()] will return
+** [SQLITE_NOMEM].)^
+*/
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_blob(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_bytes(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_bytes16(sqlite3_stmt*, int iCol);
+SQLITE_API double SQLITE_STDCALL sqlite3_column_double(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_int(sqlite3_stmt*, int iCol);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_column_int64(sqlite3_stmt*, int iCol);
+SQLITE_API const unsigned char *SQLITE_STDCALL sqlite3_column_text(sqlite3_stmt*, int iCol);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_text16(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_type(sqlite3_stmt*, int iCol);
+SQLITE_API sqlite3_value *SQLITE_STDCALL sqlite3_column_value(sqlite3_stmt*, int iCol);
+
+/*
+** CAPI3REF: Destroy A Prepared Statement Object
+** DESTRUCTOR: sqlite3_stmt
+**
+** ^The sqlite3_finalize() function is called to delete a [prepared statement].
+** ^If the most recent evaluation of the statement encountered no errors
+** or if the statement is never been evaluated, then sqlite3_finalize() returns
+** SQLITE_OK.  ^If the most recent evaluation of statement S failed, then
+** sqlite3_finalize(S) returns the appropriate [error code] or
+** [extended error code].
+**
+** ^The sqlite3_finalize(S) routine can be called at any point during
+** the life cycle of [prepared statement] S:
+** before statement S is ever evaluated, after
+** one or more calls to [sqlite3_reset()], or after any call
+** to [sqlite3_step()] regardless of whether or not the statement has
+** completed execution.
+**
+** ^Invoking sqlite3_finalize() on a NULL pointer is a harmless no-op.
+**
+** The application must finalize every [prepared statement] in order to avoid
+** resource leaks.  It is a grievous error for the application to try to use
+** a prepared statement after it has been finalized.  Any use of a prepared
+** statement after it has been finalized can result in undefined and
+** undesirable behavior such as segfaults and heap corruption.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_finalize(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Reset A Prepared Statement Object
+** METHOD: sqlite3_stmt
+**
+** The sqlite3_reset() function is called to reset a [prepared statement]
+** object back to its initial state, ready to be re-executed.
+** ^Any SQL statement variables that had values bound to them using
+** the [sqlite3_bind_blob | sqlite3_bind_*() API] retain their values.
+** Use [sqlite3_clear_bindings()] to reset the bindings.
+**
+** ^The [sqlite3_reset(S)] interface resets the [prepared statement] S
+** back to the beginning of its program.
+**
+** ^If the most recent call to [sqlite3_step(S)] for the
+** [prepared statement] S returned [SQLITE_ROW] or [SQLITE_DONE],
+** or if [sqlite3_step(S)] has never before been called on S,
+** then [sqlite3_reset(S)] returns [SQLITE_OK].
+**
+** ^If the most recent call to [sqlite3_step(S)] for the
+** [prepared statement] S indicated an error, then
+** [sqlite3_reset(S)] returns an appropriate [error code].
+**
+** ^The [sqlite3_reset(S)] interface does not change the values
+** of any [sqlite3_bind_blob|bindings] on the [prepared statement] S.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_reset(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Create Or Redefine SQL Functions
+** KEYWORDS: {function creation routines}
+** KEYWORDS: {application-defined SQL function}
+** KEYWORDS: {application-defined SQL functions}
+** METHOD: sqlite3
+**
+** ^These functions (collectively known as "function creation routines")
+** are used to add SQL functions or aggregates or to redefine the behavior
+** of existing SQL functions or aggregates.  The only differences between
+** these routines are the text encoding expected for
+** the second parameter (the name of the function being created)
+** and the presence or absence of a destructor callback for
+** the application data pointer.
+**
+** ^The first parameter is the [database connection] to which the SQL
+** function is to be added.  ^If an application uses more than one database
+** connection then application-defined SQL functions must be added
+** to each database connection separately.
+**
+** ^The second parameter is the name of the SQL function to be created or
+** redefined.  ^The length of the name is limited to 255 bytes in a UTF-8
+** representation, exclusive of the zero-terminator.  ^Note that the name
+** length limit is in UTF-8 bytes, not characters nor UTF-16 bytes.  
+** ^Any attempt to create a function with a longer name
+** will result in [SQLITE_MISUSE] being returned.
+**
+** ^The third parameter (nArg)
+** is the number of arguments that the SQL function or
+** aggregate takes. ^If this parameter is -1, then the SQL function or
+** aggregate may take any number of arguments between 0 and the limit
+** set by [sqlite3_limit]([SQLITE_LIMIT_FUNCTION_ARG]).  If the third
+** parameter is less than -1 or greater than 127 then the behavior is
+** undefined.
+**
+** ^The fourth parameter, eTextRep, specifies what
+** [SQLITE_UTF8 | text encoding] this SQL function prefers for
+** its parameters.  The application should set this parameter to
+** [SQLITE_UTF16LE] if the function implementation invokes 
+** [sqlite3_value_text16le()] on an input, or [SQLITE_UTF16BE] if the
+** implementation invokes [sqlite3_value_text16be()] on an input, or
+** [SQLITE_UTF16] if [sqlite3_value_text16()] is used, or [SQLITE_UTF8]
+** otherwise.  ^The same SQL function may be registered multiple times using
+** different preferred text encodings, with different implementations for
+** each encoding.
+** ^When multiple implementations of the same function are available, SQLite
+** will pick the one that involves the least amount of data conversion.
+**
+** ^The fourth parameter may optionally be ORed with [SQLITE_DETERMINISTIC]
+** to signal that the function will always return the same result given
+** the same inputs within a single SQL statement.  Most SQL functions are
+** deterministic.  The built-in [random()] SQL function is an example of a
+** function that is not deterministic.  The SQLite query planner is able to
+** perform additional optimizations on deterministic functions, so use
+** of the [SQLITE_DETERMINISTIC] flag is recommended where possible.
+**
+** ^(The fifth parameter is an arbitrary pointer.  The implementation of the
+** function can gain access to this pointer using [sqlite3_user_data()].)^
+**
+** ^The sixth, seventh and eighth parameters, xFunc, xStep and xFinal, are
+** pointers to C-language functions that implement the SQL function or
+** aggregate. ^A scalar SQL function requires an implementation of the xFunc
+** callback only; NULL pointers must be passed as the xStep and xFinal
+** parameters. ^An aggregate SQL function requires an implementation of xStep
+** and xFinal and NULL pointer must be passed for xFunc. ^To delete an existing
+** SQL function or aggregate, pass NULL pointers for all three function
+** callbacks.
+**
+** ^(If the ninth parameter to sqlite3_create_function_v2() is not NULL,
+** then it is destructor for the application data pointer. 
+** The destructor is invoked when the function is deleted, either by being
+** overloaded or when the database connection closes.)^
+** ^The destructor is also invoked if the call to
+** sqlite3_create_function_v2() fails.
+** ^When the destructor callback of the tenth parameter is invoked, it
+** is passed a single argument which is a copy of the application data 
+** pointer which was the fifth parameter to sqlite3_create_function_v2().
+**
+** ^It is permitted to register multiple implementations of the same
+** functions with the same name but with either differing numbers of
+** arguments or differing preferred text encodings.  ^SQLite will use
+** the implementation that most closely matches the way in which the
+** SQL function is used.  ^A function implementation with a non-negative
+** nArg parameter is a better match than a function implementation with
+** a negative nArg.  ^A function where the preferred text encoding
+** matches the database encoding is a better
+** match than a function where the encoding is different.  
+** ^A function where the encoding difference is between UTF16le and UTF16be
+** is a closer match than a function where the encoding difference is
+** between UTF8 and UTF16.
+**
+** ^Built-in functions may be overloaded by new application-defined functions.
+**
+** ^An application-defined function is permitted to call other
+** SQLite interfaces.  However, such calls must not
+** close the database connection nor finalize or reset the prepared
+** statement in which the function is running.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function(
+  sqlite3 *db,
+  const char *zFunctionName,
+  int nArg,
+  int eTextRep,
+  void *pApp,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+  void (*xFinal)(sqlite3_context*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function16(
+  sqlite3 *db,
+  const void *zFunctionName,
+  int nArg,
+  int eTextRep,
+  void *pApp,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+  void (*xFinal)(sqlite3_context*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function_v2(
+  sqlite3 *db,
+  const char *zFunctionName,
+  int nArg,
+  int eTextRep,
+  void *pApp,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+  void (*xFinal)(sqlite3_context*),
+  void(*xDestroy)(void*)
+);
+
+/*
+** CAPI3REF: Text Encodings
+**
+** These constant define integer codes that represent the various
+** text encodings supported by SQLite.
+*/
+#define SQLITE_UTF8           1    /* IMP: R-37514-35566 */
+#define SQLITE_UTF16LE        2    /* IMP: R-03371-37637 */
+#define SQLITE_UTF16BE        3    /* IMP: R-51971-34154 */
+#define SQLITE_UTF16          4    /* Use native byte order */
+#define SQLITE_ANY            5    /* Deprecated */
+#define SQLITE_UTF16_ALIGNED  8    /* sqlite3_create_collation only */
+
+/*
+** CAPI3REF: Function Flags
+**
+** These constants may be ORed together with the 
+** [SQLITE_UTF8 | preferred text encoding] as the fourth argument
+** to [sqlite3_create_function()], [sqlite3_create_function16()], or
+** [sqlite3_create_function_v2()].
+*/
+#define SQLITE_DETERMINISTIC    0x800
+
+/*
+** CAPI3REF: Deprecated Functions
+** DEPRECATED
+**
+** These functions are [deprecated].  In order to maintain
+** backwards compatibility with older code, these functions continue 
+** to be supported.  However, new applications should avoid
+** the use of these functions.  To encourage programmers to avoid
+** these functions, we will not explain what they do.
+*/
+#ifndef SQLITE_OMIT_DEPRECATED
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_aggregate_count(sqlite3_context*);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_expired(sqlite3_stmt*);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_transfer_bindings(sqlite3_stmt*, sqlite3_stmt*);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_global_recover(void);
+SQLITE_API SQLITE_DEPRECATED void SQLITE_STDCALL sqlite3_thread_cleanup(void);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_memory_alarm(void(*)(void*,sqlite3_int64,int),
+                      void*,sqlite3_int64);
+#endif
+
+/*
+** CAPI3REF: Obtaining SQL Values
+** METHOD: sqlite3_value
+**
+** The C-language implementation of SQL functions and aggregates uses
+** this set of interface routines to access the parameter values on
+** the function or aggregate.  
+**
+** The xFunc (for scalar functions) or xStep (for aggregates) parameters
+** to [sqlite3_create_function()] and [sqlite3_create_function16()]
+** define callbacks that implement the SQL functions and aggregates.
+** The 3rd parameter to these callbacks is an array of pointers to
+** [protected sqlite3_value] objects.  There is one [sqlite3_value] object for
+** each parameter to the SQL function.  These routines are used to
+** extract values from the [sqlite3_value] objects.
+**
+** These routines work only with [protected sqlite3_value] objects.
+** Any attempt to use these routines on an [unprotected sqlite3_value]
+** object results in undefined behavior.
+**
+** ^These routines work just like the corresponding [column access functions]
+** except that these routines take a single [protected sqlite3_value] object
+** pointer instead of a [sqlite3_stmt*] pointer and an integer column number.
+**
+** ^The sqlite3_value_text16() interface extracts a UTF-16 string
+** in the native byte-order of the host machine.  ^The
+** sqlite3_value_text16be() and sqlite3_value_text16le() interfaces
+** extract UTF-16 strings as big-endian and little-endian respectively.
+**
+** ^(The sqlite3_value_numeric_type() interface attempts to apply
+** numeric affinity to the value.  This means that an attempt is
+** made to convert the value to an integer or floating point.  If
+** such a conversion is possible without loss of information (in other
+** words, if the value is a string that looks like a number)
+** then the conversion is performed.  Otherwise no conversion occurs.
+** The [SQLITE_INTEGER | datatype] after conversion is returned.)^
+**
+** Please pay particular attention to the fact that the pointer returned
+** from [sqlite3_value_blob()], [sqlite3_value_text()], or
+** [sqlite3_value_text16()] can be invalidated by a subsequent call to
+** [sqlite3_value_bytes()], [sqlite3_value_bytes16()], [sqlite3_value_text()],
+** or [sqlite3_value_text16()].
+**
+** These routines must be called from the same thread as
+** the SQL function that supplied the [sqlite3_value*] parameters.
+*/
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_blob(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_bytes(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_bytes16(sqlite3_value*);
+SQLITE_API double SQLITE_STDCALL sqlite3_value_double(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_int(sqlite3_value*);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_value_int64(sqlite3_value*);
+SQLITE_API const unsigned char *SQLITE_STDCALL sqlite3_value_text(sqlite3_value*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16(sqlite3_value*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16le(sqlite3_value*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16be(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_type(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_numeric_type(sqlite3_value*);
+
+/*
+** CAPI3REF: Finding The Subtype Of SQL Values
+** METHOD: sqlite3_value
+**
+** The sqlite3_value_subtype(V) function returns the subtype for
+** an [application-defined SQL function] argument V.  The subtype
+** information can be used to pass a limited amount of context from
+** one SQL function to another.  Use the [sqlite3_result_subtype()]
+** routine to set the subtype for the return value of an SQL function.
+**
+** SQLite makes no use of subtype itself.  It merely passes the subtype
+** from the result of one [application-defined SQL function] into the
+** input of another.
+*/
+SQLITE_API unsigned int SQLITE_STDCALL sqlite3_value_subtype(sqlite3_value*);
+
+/*
+** CAPI3REF: Copy And Free SQL Values
+** METHOD: sqlite3_value
+**
+** ^The sqlite3_value_dup(V) interface makes a copy of the [sqlite3_value]
+** object D and returns a pointer to that copy.  ^The [sqlite3_value] returned
+** is a [protected sqlite3_value] object even if the input is not.
+** ^The sqlite3_value_dup(V) interface returns NULL if V is NULL or if a
+** memory allocation fails.
+**
+** ^The sqlite3_value_free(V) interface frees an [sqlite3_value] object
+** previously obtained from [sqlite3_value_dup()].  ^If V is a NULL pointer
+** then sqlite3_value_free(V) is a harmless no-op.
+*/
+SQLITE_API sqlite3_value *SQLITE_STDCALL sqlite3_value_dup(const sqlite3_value*);
+SQLITE_API void SQLITE_STDCALL sqlite3_value_free(sqlite3_value*);
+
+/*
+** CAPI3REF: Obtain Aggregate Function Context
+** METHOD: sqlite3_context
+**
+** Implementations of aggregate SQL functions use this
+** routine to allocate memory for storing their state.
+**
+** ^The first time the sqlite3_aggregate_context(C,N) routine is called 
+** for a particular aggregate function, SQLite
+** allocates N of memory, zeroes out that memory, and returns a pointer
+** to the new memory. ^On second and subsequent calls to
+** sqlite3_aggregate_context() for the same aggregate function instance,
+** the same buffer is returned.  Sqlite3_aggregate_context() is normally
+** called once for each invocation of the xStep callback and then one
+** last time when the xFinal callback is invoked.  ^(When no rows match
+** an aggregate query, the xStep() callback of the aggregate function
+** implementation is never called and xFinal() is called exactly once.
+** In those cases, sqlite3_aggregate_context() might be called for the
+** first time from within xFinal().)^
+**
+** ^The sqlite3_aggregate_context(C,N) routine returns a NULL pointer 
+** when first called if N is less than or equal to zero or if a memory
+** allocate error occurs.
+**
+** ^(The amount of space allocated by sqlite3_aggregate_context(C,N) is
+** determined by the N parameter on first successful call.  Changing the
+** value of N in subsequent call to sqlite3_aggregate_context() within
+** the same aggregate function instance will not resize the memory
+** allocation.)^  Within the xFinal callback, it is customary to set
+** N=0 in calls to sqlite3_aggregate_context(C,N) so that no 
+** pointless memory allocations occur.
+**
+** ^SQLite automatically frees the memory allocated by 
+** sqlite3_aggregate_context() when the aggregate query concludes.
+**
+** The first parameter must be a copy of the
+** [sqlite3_context | SQL function context] that is the first parameter
+** to the xStep or xFinal callback routine that implements the aggregate
+** function.
+**
+** This routine must be called from the same thread in which
+** the aggregate SQL function is running.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_aggregate_context(sqlite3_context*, int nBytes);
+
+/*
+** CAPI3REF: User Data For Functions
+** METHOD: sqlite3_context
+**
+** ^The sqlite3_user_data() interface returns a copy of
+** the pointer that was the pUserData parameter (the 5th parameter)
+** of the [sqlite3_create_function()]
+** and [sqlite3_create_function16()] routines that originally
+** registered the application defined function.
+**
+** This routine must be called from the same thread in which
+** the application-defined function is running.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_user_data(sqlite3_context*);
+
+/*
+** CAPI3REF: Database Connection For Functions
+** METHOD: sqlite3_context
+**
+** ^The sqlite3_context_db_handle() interface returns a copy of
+** the pointer to the [database connection] (the 1st parameter)
+** of the [sqlite3_create_function()]
+** and [sqlite3_create_function16()] routines that originally
+** registered the application defined function.
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3_context_db_handle(sqlite3_context*);
+
+/*
+** CAPI3REF: Function Auxiliary Data
+** METHOD: sqlite3_context
+**
+** These functions may be used by (non-aggregate) SQL functions to
+** associate metadata with argument values. If the same value is passed to
+** multiple invocations of the same SQL function during query execution, under
+** some circumstances the associated metadata may be preserved.  An example
+** of where this might be useful is in a regular-expression matching
+** function. The compiled version of the regular expression can be stored as
+** metadata associated with the pattern string.  
+** Then as long as the pattern string remains the same,
+** the compiled regular expression can be reused on multiple
+** invocations of the same function.
+**
+** ^The sqlite3_get_auxdata() interface returns a pointer to the metadata
+** associated by the sqlite3_set_auxdata() function with the Nth argument
+** value to the application-defined function. ^If there is no metadata
+** associated with the function argument, this sqlite3_get_auxdata() interface
+** returns a NULL pointer.
+**
+** ^The sqlite3_set_auxdata(C,N,P,X) interface saves P as metadata for the N-th
+** argument of the application-defined function.  ^Subsequent
+** calls to sqlite3_get_auxdata(C,N) return P from the most recent
+** sqlite3_set_auxdata(C,N,P,X) call if the metadata is still valid or
+** NULL if the metadata has been discarded.
+** ^After each call to sqlite3_set_auxdata(C,N,P,X) where X is not NULL,
+** SQLite will invoke the destructor function X with parameter P exactly
+** once, when the metadata is discarded.
+** SQLite is free to discard the metadata at any time, including: <ul>
+** <li> when the corresponding function parameter changes, or
+** <li> when [sqlite3_reset()] or [sqlite3_finalize()] is called for the
+**      SQL statement, or
+** <li> when sqlite3_set_auxdata() is invoked again on the same parameter, or
+** <li> during the original sqlite3_set_auxdata() call when a memory 
+**      allocation error occurs. </ul>)^
+**
+** Note the last bullet in particular.  The destructor X in 
+** sqlite3_set_auxdata(C,N,P,X) might be called immediately, before the
+** sqlite3_set_auxdata() interface even returns.  Hence sqlite3_set_auxdata()
+** should be called near the end of the function implementation and the
+** function implementation should not make any use of P after
+** sqlite3_set_auxdata() has been called.
+**
+** ^(In practice, metadata is preserved between function calls for
+** function parameters that are compile-time constants, including literal
+** values and [parameters] and expressions composed from the same.)^
+**
+** These routines must be called from the same thread in which
+** the SQL function is running.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_get_auxdata(sqlite3_context*, int N);
+SQLITE_API void SQLITE_STDCALL sqlite3_set_auxdata(sqlite3_context*, int N, void*, void (*)(void*));
+
+
+/*
+** CAPI3REF: Constants Defining Special Destructor Behavior
+**
+** These are special values for the destructor that is passed in as the
+** final argument to routines like [sqlite3_result_blob()].  ^If the destructor
+** argument is SQLITE_STATIC, it means that the content pointer is constant
+** and will never change.  It does not need to be destroyed.  ^The
+** SQLITE_TRANSIENT value means that the content will likely change in
+** the near future and that SQLite should make its own private copy of
+** the content before returning.
+**
+** The typedef is necessary to work around problems in certain
+** C++ compilers.
+*/
+typedef void (*sqlite3_destructor_type)(void*);
+#define SQLITE_STATIC      ((sqlite3_destructor_type)0)
+#define SQLITE_TRANSIENT   ((sqlite3_destructor_type)-1)
+
+/*
+** CAPI3REF: Setting The Result Of An SQL Function
+** METHOD: sqlite3_context
+**
+** These routines are used by the xFunc or xFinal callbacks that
+** implement SQL functions and aggregates.  See
+** [sqlite3_create_function()] and [sqlite3_create_function16()]
+** for additional information.
+**
+** These functions work very much like the [parameter binding] family of
+** functions used to bind values to host parameters in prepared statements.
+** Refer to the [SQL parameter] documentation for additional information.
+**
+** ^The sqlite3_result_blob() interface sets the result from
+** an application-defined function to be the BLOB whose content is pointed
+** to by the second parameter and which is N bytes long where N is the
+** third parameter.
+**
+** ^The sqlite3_result_zeroblob(C,N) and sqlite3_result_zeroblob64(C,N)
+** interfaces set the result of the application-defined function to be
+** a BLOB containing all zero bytes and N bytes in size.
+**
+** ^The sqlite3_result_double() interface sets the result from
+** an application-defined function to be a floating point value specified
+** by its 2nd argument.
+**
+** ^The sqlite3_result_error() and sqlite3_result_error16() functions
+** cause the implemented SQL function to throw an exception.
+** ^SQLite uses the string pointed to by the
+** 2nd parameter of sqlite3_result_error() or sqlite3_result_error16()
+** as the text of an error message.  ^SQLite interprets the error
+** message string from sqlite3_result_error() as UTF-8. ^SQLite
+** interprets the string from sqlite3_result_error16() as UTF-16 in native
+** byte order.  ^If the third parameter to sqlite3_result_error()
+** or sqlite3_result_error16() is negative then SQLite takes as the error
+** message all text up through the first zero character.
+** ^If the third parameter to sqlite3_result_error() or
+** sqlite3_result_error16() is non-negative then SQLite takes that many
+** bytes (not characters) from the 2nd parameter as the error message.
+** ^The sqlite3_result_error() and sqlite3_result_error16()
+** routines make a private copy of the error message text before
+** they return.  Hence, the calling function can deallocate or
+** modify the text after they return without harm.
+** ^The sqlite3_result_error_code() function changes the error code
+** returned by SQLite as a result of an error in a function.  ^By default,
+** the error code is SQLITE_ERROR.  ^A subsequent call to sqlite3_result_error()
+** or sqlite3_result_error16() resets the error code to SQLITE_ERROR.
+**
+** ^The sqlite3_result_error_toobig() interface causes SQLite to throw an
+** error indicating that a string or BLOB is too long to represent.
+**
+** ^The sqlite3_result_error_nomem() interface causes SQLite to throw an
+** error indicating that a memory allocation failed.
+**
+** ^The sqlite3_result_int() interface sets the return value
+** of the application-defined function to be the 32-bit signed integer
+** value given in the 2nd argument.
+** ^The sqlite3_result_int64() interface sets the return value
+** of the application-defined function to be the 64-bit signed integer
+** value given in the 2nd argument.
+**
+** ^The sqlite3_result_null() interface sets the return value
+** of the application-defined function to be NULL.
+**
+** ^The sqlite3_result_text(), sqlite3_result_text16(),
+** sqlite3_result_text16le(), and sqlite3_result_text16be() interfaces
+** set the return value of the application-defined function to be
+** a text string which is represented as UTF-8, UTF-16 native byte order,
+** UTF-16 little endian, or UTF-16 big endian, respectively.
+** ^The sqlite3_result_text64() interface sets the return value of an
+** application-defined function to be a text string in an encoding
+** specified by the fifth (and last) parameter, which must be one
+** of [SQLITE_UTF8], [SQLITE_UTF16], [SQLITE_UTF16BE], or [SQLITE_UTF16LE].
+** ^SQLite takes the text result from the application from
+** the 2nd parameter of the sqlite3_result_text* interfaces.
+** ^If the 3rd parameter to the sqlite3_result_text* interfaces
+** is negative, then SQLite takes result text from the 2nd parameter
+** through the first zero character.
+** ^If the 3rd parameter to the sqlite3_result_text* interfaces
+** is non-negative, then as many bytes (not characters) of the text
+** pointed to by the 2nd parameter are taken as the application-defined
+** function result.  If the 3rd parameter is non-negative, then it
+** must be the byte offset into the string where the NUL terminator would
+** appear if the string where NUL terminated.  If any NUL characters occur
+** in the string at a byte offset that is less than the value of the 3rd
+** parameter, then the resulting string will contain embedded NULs and the
+** result of expressions operating on strings with embedded NULs is undefined.
+** ^If the 4th parameter to the sqlite3_result_text* interfaces
+** or sqlite3_result_blob is a non-NULL pointer, then SQLite calls that
+** function as the destructor on the text or BLOB result when it has
+** finished using that result.
+** ^If the 4th parameter to the sqlite3_result_text* interfaces or to
+** sqlite3_result_blob is the special constant SQLITE_STATIC, then SQLite
+** assumes that the text or BLOB result is in constant space and does not
+** copy the content of the parameter nor call a destructor on the content
+** when it has finished using that result.
+** ^If the 4th parameter to the sqlite3_result_text* interfaces
+** or sqlite3_result_blob is the special constant SQLITE_TRANSIENT
+** then SQLite makes a copy of the result into space obtained from
+** from [sqlite3_malloc()] before it returns.
+**
+** ^The sqlite3_result_value() interface sets the result of
+** the application-defined function to be a copy of the
+** [unprotected sqlite3_value] object specified by the 2nd parameter.  ^The
+** sqlite3_result_value() interface makes a copy of the [sqlite3_value]
+** so that the [sqlite3_value] specified in the parameter may change or
+** be deallocated after sqlite3_result_value() returns without harm.
+** ^A [protected sqlite3_value] object may always be used where an
+** [unprotected sqlite3_value] object is required, so either
+** kind of [sqlite3_value] object can be used with this interface.
+**
+** If these routines are called from within the different thread
+** than the one containing the application-defined function that received
+** the [sqlite3_context] pointer, the results are undefined.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_result_blob(sqlite3_context*, const void*, int, void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_blob64(sqlite3_context*,const void*,
+                           sqlite3_uint64,void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_double(sqlite3_context*, double);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error(sqlite3_context*, const char*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error16(sqlite3_context*, const void*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_toobig(sqlite3_context*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_nomem(sqlite3_context*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_code(sqlite3_context*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_int(sqlite3_context*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_int64(sqlite3_context*, sqlite3_int64);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_null(sqlite3_context*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text(sqlite3_context*, const char*, int, void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text64(sqlite3_context*, const char*,sqlite3_uint64,
+                           void(*)(void*), unsigned char encoding);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16(sqlite3_context*, const void*, int, void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16le(sqlite3_context*, const void*, int,void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16be(sqlite3_context*, const void*, int,void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_value(sqlite3_context*, sqlite3_value*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_zeroblob(sqlite3_context*, int n);
+SQLITE_API int SQLITE_STDCALL sqlite3_result_zeroblob64(sqlite3_context*, sqlite3_uint64 n);
+
+
+/*
+** CAPI3REF: Setting The Subtype Of An SQL Function
+** METHOD: sqlite3_context
+**
+** The sqlite3_result_subtype(C,T) function causes the subtype of
+** the result from the [application-defined SQL function] with 
+** [sqlite3_context] C to be the value T.  Only the lower 8 bits 
+** of the subtype T are preserved in current versions of SQLite;
+** higher order bits are discarded.
+** The number of subtype bytes preserved by SQLite might increase
+** in future releases of SQLite.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_result_subtype(sqlite3_context*,unsigned int);
+
+/*
+** CAPI3REF: Define New Collating Sequences
+** METHOD: sqlite3
+**
+** ^These functions add, remove, or modify a [collation] associated
+** with the [database connection] specified as the first argument.
+**
+** ^The name of the collation is a UTF-8 string
+** for sqlite3_create_collation() and sqlite3_create_collation_v2()
+** and a UTF-16 string in native byte order for sqlite3_create_collation16().
+** ^Collation names that compare equal according to [sqlite3_strnicmp()] are
+** considered to be the same name.
+**
+** ^(The third argument (eTextRep) must be one of the constants:
+** <ul>
+** <li> [SQLITE_UTF8],
+** <li> [SQLITE_UTF16LE],
+** <li> [SQLITE_UTF16BE],
+** <li> [SQLITE_UTF16], or
+** <li> [SQLITE_UTF16_ALIGNED].
+** </ul>)^
+** ^The eTextRep argument determines the encoding of strings passed
+** to the collating function callback, xCallback.
+** ^The [SQLITE_UTF16] and [SQLITE_UTF16_ALIGNED] values for eTextRep
+** force strings to be UTF16 with native byte order.
+** ^The [SQLITE_UTF16_ALIGNED] value for eTextRep forces strings to begin
+** on an even byte address.
+**
+** ^The fourth argument, pArg, is an application data pointer that is passed
+** through as the first argument to the collating function callback.
+**
+** ^The fifth argument, xCallback, is a pointer to the collating function.
+** ^Multiple collating functions can be registered using the same name but
+** with different eTextRep parameters and SQLite will use whichever
+** function requires the least amount of data transformation.
+** ^If the xCallback argument is NULL then the collating function is
+** deleted.  ^When all collating functions having the same name are deleted,
+** that collation is no longer usable.
+**
+** ^The collating function callback is invoked with a copy of the pArg 
+** application data pointer and with two strings in the encoding specified
+** by the eTextRep argument.  The collating function must return an
+** integer that is negative, zero, or positive
+** if the first string is less than, equal to, or greater than the second,
+** respectively.  A collating function must always return the same answer
+** given the same inputs.  If two or more collating functions are registered
+** to the same collation name (using different eTextRep values) then all
+** must give an equivalent answer when invoked with equivalent strings.
+** The collating function must obey the following properties for all
+** strings A, B, and C:
+**
+** <ol>
+** <li> If A==B then B==A.
+** <li> If A==B and B==C then A==C.
+** <li> If A&lt;B THEN B&gt;A.
+** <li> If A&lt;B and B&lt;C then A&lt;C.
+** </ol>
+**
+** If a collating function fails any of the above constraints and that
+** collating function is  registered and used, then the behavior of SQLite
+** is undefined.
+**
+** ^The sqlite3_create_collation_v2() works like sqlite3_create_collation()
+** with the addition that the xDestroy callback is invoked on pArg when
+** the collating function is deleted.
+** ^Collating functions are deleted when they are overridden by later
+** calls to the collation creation functions or when the
+** [database connection] is closed using [sqlite3_close()].
+**
+** ^The xDestroy callback is <u>not</u> called if the 
+** sqlite3_create_collation_v2() function fails.  Applications that invoke
+** sqlite3_create_collation_v2() with a non-NULL xDestroy argument should 
+** check the return code and dispose of the application data pointer
+** themselves rather than expecting SQLite to deal with it for them.
+** This is different from every other SQLite interface.  The inconsistency 
+** is unfortunate but cannot be changed without breaking backwards 
+** compatibility.
+**
+** See also:  [sqlite3_collation_needed()] and [sqlite3_collation_needed16()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation(
+  sqlite3*, 
+  const char *zName, 
+  int eTextRep, 
+  void *pArg,
+  int(*xCompare)(void*,int,const void*,int,const void*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation_v2(
+  sqlite3*, 
+  const char *zName, 
+  int eTextRep, 
+  void *pArg,
+  int(*xCompare)(void*,int,const void*,int,const void*),
+  void(*xDestroy)(void*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation16(
+  sqlite3*, 
+  const void *zName,
+  int eTextRep, 
+  void *pArg,
+  int(*xCompare)(void*,int,const void*,int,const void*)
+);
+
+/*
+** CAPI3REF: Collation Needed Callbacks
+** METHOD: sqlite3
+**
+** ^To avoid having to register all collation sequences before a database
+** can be used, a single callback function may be registered with the
+** [database connection] to be invoked whenever an undefined collation
+** sequence is required.
+**
+** ^If the function is registered using the sqlite3_collation_needed() API,
+** then it is passed the names of undefined collation sequences as strings
+** encoded in UTF-8. ^If sqlite3_collation_needed16() is used,
+** the names are passed as UTF-16 in machine native byte order.
+** ^A call to either function replaces the existing collation-needed callback.
+**
+** ^(When the callback is invoked, the first argument passed is a copy
+** of the second argument to sqlite3_collation_needed() or
+** sqlite3_collation_needed16().  The second argument is the database
+** connection.  The third argument is one of [SQLITE_UTF8], [SQLITE_UTF16BE],
+** or [SQLITE_UTF16LE], indicating the most desirable form of the collation
+** sequence function required.  The fourth parameter is the name of the
+** required collation sequence.)^
+**
+** The callback function should register the desired collation using
+** [sqlite3_create_collation()], [sqlite3_create_collation16()], or
+** [sqlite3_create_collation_v2()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_collation_needed(
+  sqlite3*, 
+  void*, 
+  void(*)(void*,sqlite3*,int eTextRep,const char*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_collation_needed16(
+  sqlite3*, 
+  void*,
+  void(*)(void*,sqlite3*,int eTextRep,const void*)
+);
+
+#ifdef SQLITE_HAS_CODEC
+/*
+** Specify the key for an encrypted database.  This routine should be
+** called right after sqlite3_open().
+**
+** The code to implement this API is not available in the public release
+** of SQLite.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_key(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const void *pKey, int nKey     /* The key */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_key_v2(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const char *zDbName,           /* Name of the database */
+  const void *pKey, int nKey     /* The key */
+);
+
+/*
+** Change the key on an open database.  If the current database is not
+** encrypted, this routine will encrypt it.  If pNew==0 or nNew==0, the
+** database is decrypted.
+**
+** The code to implement this API is not available in the public release
+** of SQLite.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rekey(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const void *pKey, int nKey     /* The new key */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_rekey_v2(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const char *zDbName,           /* Name of the database */
+  const void *pKey, int nKey     /* The new key */
+);
+
+/*
+** Specify the activation key for a SEE database.  Unless 
+** activated, none of the SEE routines will work.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_activate_see(
+  const char *zPassPhrase        /* Activation phrase */
+);
+#endif
+
+#ifdef SQLITE_ENABLE_CEROD
+/*
+** Specify the activation key for a CEROD database.  Unless 
+** activated, none of the CEROD routines will work.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_activate_cerod(
+  const char *zPassPhrase        /* Activation phrase */
+);
+#endif
+
+/*
+** CAPI3REF: Suspend Execution For A Short Time
+**
+** The sqlite3_sleep() function causes the current thread to suspend execution
+** for at least a number of milliseconds specified in its parameter.
+**
+** If the operating system does not support sleep requests with
+** millisecond time resolution, then the time will be rounded up to
+** the nearest second. The number of milliseconds of sleep actually
+** requested from the operating system is returned.
+**
+** ^SQLite implements this interface by calling the xSleep()
+** method of the default [sqlite3_vfs] object.  If the xSleep() method
+** of the default VFS is not implemented correctly, or not implemented at
+** all, then the behavior of sqlite3_sleep() may deviate from the description
+** in the previous paragraphs.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_sleep(int);
+
+/*
+** CAPI3REF: Name Of The Folder Holding Temporary Files
+**
+** ^(If this global variable is made to point to a string which is
+** the name of a folder (a.k.a. directory), then all temporary files
+** created by SQLite when using a built-in [sqlite3_vfs | VFS]
+** will be placed in that directory.)^  ^If this variable
+** is a NULL pointer, then SQLite performs a search for an appropriate
+** temporary file directory.
+**
+** Applications are strongly discouraged from using this global variable.
+** It is required to set a temporary folder on Windows Runtime (WinRT).
+** But for all other platforms, it is highly recommended that applications
+** neither read nor write this variable.  This global variable is a relic
+** that exists for backwards compatibility of legacy applications and should
+** be avoided in new projects.
+**
+** It is not safe to read or modify this variable in more than one
+** thread at a time.  It is not safe to read or modify this variable
+** if a [database connection] is being used at the same time in a separate
+** thread.
+** It is intended that this variable be set once
+** as part of process initialization and before any SQLite interface
+** routines have been called and that this variable remain unchanged
+** thereafter.
+**
+** ^The [temp_store_directory pragma] may modify this variable and cause
+** it to point to memory obtained from [sqlite3_malloc].  ^Furthermore,
+** the [temp_store_directory pragma] always assumes that any string
+** that this variable points to is held in memory obtained from 
+** [sqlite3_malloc] and the pragma may attempt to free that memory
+** using [sqlite3_free].
+** Hence, if this variable is modified directly, either it should be
+** made NULL or made to point to memory obtained from [sqlite3_malloc]
+** or else the use of the [temp_store_directory pragma] should be avoided.
+** Except when requested by the [temp_store_directory pragma], SQLite
+** does not free the memory that sqlite3_temp_directory points to.  If
+** the application wants that memory to be freed, it must do
+** so itself, taking care to only do so after all [database connection]
+** objects have been destroyed.
+**
+** <b>Note to Windows Runtime users:</b>  The temporary directory must be set
+** prior to calling [sqlite3_open] or [sqlite3_open_v2].  Otherwise, various
+** features that require the use of temporary files may fail.  Here is an
+** example of how to do this using C++ with the Windows Runtime:
+**
+** <blockquote><pre>
+** LPCWSTR zPath = Windows::Storage::ApplicationData::Current->
+** &nbsp;     TemporaryFolder->Path->Data();
+** char zPathBuf&#91;MAX_PATH + 1&#93;;
+** memset(zPathBuf, 0, sizeof(zPathBuf));
+** WideCharToMultiByte(CP_UTF8, 0, zPath, -1, zPathBuf, sizeof(zPathBuf),
+** &nbsp;     NULL, NULL);
+** sqlite3_temp_directory = sqlite3_mprintf("%s", zPathBuf);
+** </pre></blockquote>
+*/
+SQLITE_API char *sqlite3_temp_directory;
+
+/*
+** CAPI3REF: Name Of The Folder Holding Database Files
+**
+** ^(If this global variable is made to point to a string which is
+** the name of a folder (a.k.a. directory), then all database files
+** specified with a relative pathname and created or accessed by
+** SQLite when using a built-in windows [sqlite3_vfs | VFS] will be assumed
+** to be relative to that directory.)^ ^If this variable is a NULL
+** pointer, then SQLite assumes that all database files specified
+** with a relative pathname are relative to the current directory
+** for the process.  Only the windows VFS makes use of this global
+** variable; it is ignored by the unix VFS.
+**
+** Changing the value of this variable while a database connection is
+** open can result in a corrupt database.
+**
+** It is not safe to read or modify this variable in more than one
+** thread at a time.  It is not safe to read or modify this variable
+** if a [database connection] is being used at the same time in a separate
+** thread.
+** It is intended that this variable be set once
+** as part of process initialization and before any SQLite interface
+** routines have been called and that this variable remain unchanged
+** thereafter.
+**
+** ^The [data_store_directory pragma] may modify this variable and cause
+** it to point to memory obtained from [sqlite3_malloc].  ^Furthermore,
+** the [data_store_directory pragma] always assumes that any string
+** that this variable points to is held in memory obtained from 
+** [sqlite3_malloc] and the pragma may attempt to free that memory
+** using [sqlite3_free].
+** Hence, if this variable is modified directly, either it should be
+** made NULL or made to point to memory obtained from [sqlite3_malloc]
+** or else the use of the [data_store_directory pragma] should be avoided.
+*/
+SQLITE_API char *sqlite3_data_directory;
+
+/*
+** CAPI3REF: Test For Auto-Commit Mode
+** KEYWORDS: {autocommit mode}
+** METHOD: sqlite3
+**
+** ^The sqlite3_get_autocommit() interface returns non-zero or
+** zero if the given database connection is or is not in autocommit mode,
+** respectively.  ^Autocommit mode is on by default.
+** ^Autocommit mode is disabled by a [BEGIN] statement.
+** ^Autocommit mode is re-enabled by a [COMMIT] or [ROLLBACK].
+**
+** If certain kinds of errors occur on a statement within a multi-statement
+** transaction (errors including [SQLITE_FULL], [SQLITE_IOERR],
+** [SQLITE_NOMEM], [SQLITE_BUSY], and [SQLITE_INTERRUPT]) then the
+** transaction might be rolled back automatically.  The only way to
+** find out whether SQLite automatically rolled back the transaction after
+** an error is to use this function.
+**
+** If another thread changes the autocommit status of the database
+** connection while this routine is running, then the return value
+** is undefined.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_get_autocommit(sqlite3*);
+
+/*
+** CAPI3REF: Find The Database Handle Of A Prepared Statement
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_db_handle interface returns the [database connection] handle
+** to which a [prepared statement] belongs.  ^The [database connection]
+** returned by sqlite3_db_handle is the same [database connection]
+** that was the first argument
+** to the [sqlite3_prepare_v2()] call (or its variants) that was used to
+** create the statement in the first place.
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3_db_handle(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Return The Filename For A Database Connection
+** METHOD: sqlite3
+**
+** ^The sqlite3_db_filename(D,N) interface returns a pointer to a filename
+** associated with database N of connection D.  ^The main database file
+** has the name "main".  If there is no attached database N on the database
+** connection D, or if database N is a temporary or in-memory database, then
+** a NULL pointer is returned.
+**
+** ^The filename returned by this function is the output of the
+** xFullPathname method of the [VFS].  ^In other words, the filename
+** will be an absolute pathname, even if the filename used
+** to open the database originally was a URI or relative pathname.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_db_filename(sqlite3 *db, const char *zDbName);
+
+/*
+** CAPI3REF: Determine if a database is read-only
+** METHOD: sqlite3
+**
+** ^The sqlite3_db_readonly(D,N) interface returns 1 if the database N
+** of connection D is read-only, 0 if it is read/write, or -1 if N is not
+** the name of a database on connection D.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_readonly(sqlite3 *db, const char *zDbName);
+
+/*
+** CAPI3REF: Find the next prepared statement
+** METHOD: sqlite3
+**
+** ^This interface returns a pointer to the next [prepared statement] after
+** pStmt associated with the [database connection] pDb.  ^If pStmt is NULL
+** then this interface returns a pointer to the first prepared statement
+** associated with the database connection pDb.  ^If no prepared statement
+** satisfies the conditions of this routine, it returns NULL.
+**
+** The [database connection] pointer D in a call to
+** [sqlite3_next_stmt(D,S)] must refer to an open database
+** connection and in particular must not be a NULL pointer.
+*/
+SQLITE_API sqlite3_stmt *SQLITE_STDCALL sqlite3_next_stmt(sqlite3 *pDb, sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Commit And Rollback Notification Callbacks
+** METHOD: sqlite3
+**
+** ^The sqlite3_commit_hook() interface registers a callback
+** function to be invoked whenever a transaction is [COMMIT | committed].
+** ^Any callback set by a previous call to sqlite3_commit_hook()
+** for the same database connection is overridden.
+** ^The sqlite3_rollback_hook() interface registers a callback
+** function to be invoked whenever a transaction is [ROLLBACK | rolled back].
+** ^Any callback set by a previous call to sqlite3_rollback_hook()
+** for the same database connection is overridden.
+** ^The pArg argument is passed through to the callback.
+** ^If the callback on a commit hook function returns non-zero,
+** then the commit is converted into a rollback.
+**
+** ^The sqlite3_commit_hook(D,C,P) and sqlite3_rollback_hook(D,C,P) functions
+** return the P argument from the previous call of the same function
+** on the same [database connection] D, or NULL for
+** the first call for each function on D.
+**
+** The commit and rollback hook callbacks are not reentrant.
+** The callback implementation must not do anything that will modify
+** the database connection that invoked the callback.  Any actions
+** to modify the database connection must be deferred until after the
+** completion of the [sqlite3_step()] call that triggered the commit
+** or rollback hook in the first place.
+** Note that running any other SQL statements, including SELECT statements,
+** or merely calling [sqlite3_prepare_v2()] and [sqlite3_step()] will modify
+** the database connections for the meaning of "modify" in this paragraph.
+**
+** ^Registering a NULL function disables the callback.
+**
+** ^When the commit hook callback routine returns zero, the [COMMIT]
+** operation is allowed to continue normally.  ^If the commit hook
+** returns non-zero, then the [COMMIT] is converted into a [ROLLBACK].
+** ^The rollback hook is invoked on a rollback that results from a commit
+** hook returning non-zero, just as it would be with any other rollback.
+**
+** ^For the purposes of this API, a transaction is said to have been
+** rolled back if an explicit "ROLLBACK" statement is executed, or
+** an error or constraint causes an implicit rollback to occur.
+** ^The rollback callback is not invoked if a transaction is
+** automatically rolled back because the database connection is closed.
+**
+** See also the [sqlite3_update_hook()] interface.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_commit_hook(sqlite3*, int(*)(void*), void*);
+SQLITE_API void *SQLITE_STDCALL sqlite3_rollback_hook(sqlite3*, void(*)(void *), void*);
+
+/*
+** CAPI3REF: Data Change Notification Callbacks
+** METHOD: sqlite3
+**
+** ^The sqlite3_update_hook() interface registers a callback function
+** with the [database connection] identified by the first argument
+** to be invoked whenever a row is updated, inserted or deleted in
+** a rowid table.
+** ^Any callback set by a previous call to this function
+** for the same database connection is overridden.
+**
+** ^The second argument is a pointer to the function to invoke when a
+** row is updated, inserted or deleted in a rowid table.
+** ^The first argument to the callback is a copy of the third argument
+** to sqlite3_update_hook().
+** ^The second callback argument is one of [SQLITE_INSERT], [SQLITE_DELETE],
+** or [SQLITE_UPDATE], depending on the operation that caused the callback
+** to be invoked.
+** ^The third and fourth arguments to the callback contain pointers to the
+** database and table name containing the affected row.
+** ^The final callback parameter is the [rowid] of the row.
+** ^In the case of an update, this is the [rowid] after the update takes place.
+**
+** ^(The update hook is not invoked when internal system tables are
+** modified (i.e. sqlite_master and sqlite_sequence).)^
+** ^The update hook is not invoked when [WITHOUT ROWID] tables are modified.
+**
+** ^In the current implementation, the update hook
+** is not invoked when duplication rows are deleted because of an
+** [ON CONFLICT | ON CONFLICT REPLACE] clause.  ^Nor is the update hook
+** invoked when rows are deleted using the [truncate optimization].
+** The exceptions defined in this paragraph might change in a future
+** release of SQLite.
+**
+** The update hook implementation must not do anything that will modify
+** the database connection that invoked the update hook.  Any actions
+** to modify the database connection must be deferred until after the
+** completion of the [sqlite3_step()] call that triggered the update hook.
+** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their
+** database connections for the meaning of "modify" in this paragraph.
+**
+** ^The sqlite3_update_hook(D,C,P) function
+** returns the P argument from the previous call
+** on the same [database connection] D, or NULL for
+** the first call on D.
+**
+** See also the [sqlite3_commit_hook()] and [sqlite3_rollback_hook()]
+** interfaces.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_update_hook(
+  sqlite3*, 
+  void(*)(void *,int ,char const *,char const *,sqlite3_int64),
+  void*
+);
+
+/*
+** CAPI3REF: Enable Or Disable Shared Pager Cache
+**
+** ^(This routine enables or disables the sharing of the database cache
+** and schema data structures between [database connection | connections]
+** to the same database. Sharing is enabled if the argument is true
+** and disabled if the argument is false.)^
+**
+** ^Cache sharing is enabled and disabled for an entire process.
+** This is a change as of SQLite version 3.5.0. In prior versions of SQLite,
+** sharing was enabled or disabled for each thread separately.
+**
+** ^(The cache sharing mode set by this interface effects all subsequent
+** calls to [sqlite3_open()], [sqlite3_open_v2()], and [sqlite3_open16()].
+** Existing database connections continue use the sharing mode
+** that was in effect at the time they were opened.)^
+**
+** ^(This routine returns [SQLITE_OK] if shared cache was enabled or disabled
+** successfully.  An [error code] is returned otherwise.)^
+**
+** ^Shared cache is disabled by default. But this might change in
+** future releases of SQLite.  Applications that care about shared
+** cache setting should set it explicitly.
+**
+** Note: This method is disabled on MacOS X 10.7 and iOS version 5.0
+** and will always return SQLITE_MISUSE. On those systems, 
+** shared cache mode should be enabled per-database connection via 
+** [sqlite3_open_v2()] with [SQLITE_OPEN_SHAREDCACHE].
+**
+** This interface is threadsafe on processors where writing a
+** 32-bit integer is atomic.
+**
+** See Also:  [SQLite Shared-Cache Mode]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_enable_shared_cache(int);
+
+/*
+** CAPI3REF: Attempt To Free Heap Memory
+**
+** ^The sqlite3_release_memory() interface attempts to free N bytes
+** of heap memory by deallocating non-essential memory allocations
+** held by the database library.   Memory used to cache database
+** pages to improve performance is an example of non-essential memory.
+** ^sqlite3_release_memory() returns the number of bytes actually freed,
+** which might be more or less than the amount requested.
+** ^The sqlite3_release_memory() routine is a no-op returning zero
+** if SQLite is not compiled with [SQLITE_ENABLE_MEMORY_MANAGEMENT].
+**
+** See also: [sqlite3_db_release_memory()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_release_memory(int);
+
+/*
+** CAPI3REF: Free Memory Used By A Database Connection
+** METHOD: sqlite3
+**
+** ^The sqlite3_db_release_memory(D) interface attempts to free as much heap
+** memory as possible from database connection D. Unlike the
+** [sqlite3_release_memory()] interface, this interface is in effect even
+** when the [SQLITE_ENABLE_MEMORY_MANAGEMENT] compile-time option is
+** omitted.
+**
+** See also: [sqlite3_release_memory()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_release_memory(sqlite3*);
+
+/*
+** CAPI3REF: Impose A Limit On Heap Size
+**
+** ^The sqlite3_soft_heap_limit64() interface sets and/or queries the
+** soft limit on the amount of heap memory that may be allocated by SQLite.
+** ^SQLite strives to keep heap memory utilization below the soft heap
+** limit by reducing the number of pages held in the page cache
+** as heap memory usages approaches the limit.
+** ^The soft heap limit is "soft" because even though SQLite strives to stay
+** below the limit, it will exceed the limit rather than generate
+** an [SQLITE_NOMEM] error.  In other words, the soft heap limit 
+** is advisory only.
+**
+** ^The return value from sqlite3_soft_heap_limit64() is the size of
+** the soft heap limit prior to the call, or negative in the case of an
+** error.  ^If the argument N is negative
+** then no change is made to the soft heap limit.  Hence, the current
+** size of the soft heap limit can be determined by invoking
+** sqlite3_soft_heap_limit64() with a negative argument.
+**
+** ^If the argument N is zero then the soft heap limit is disabled.
+**
+** ^(The soft heap limit is not enforced in the current implementation
+** if one or more of following conditions are true:
+**
+** <ul>
+** <li> The soft heap limit is set to zero.
+** <li> Memory accounting is disabled using a combination of the
+**      [sqlite3_config]([SQLITE_CONFIG_MEMSTATUS],...) start-time option and
+**      the [SQLITE_DEFAULT_MEMSTATUS] compile-time option.
+** <li> An alternative page cache implementation is specified using
+**      [sqlite3_config]([SQLITE_CONFIG_PCACHE2],...).
+** <li> The page cache allocates from its own memory pool supplied
+**      by [sqlite3_config]([SQLITE_CONFIG_PAGECACHE],...) rather than
+**      from the heap.
+** </ul>)^
+**
+** Beginning with SQLite version 3.7.3, the soft heap limit is enforced
+** regardless of whether or not the [SQLITE_ENABLE_MEMORY_MANAGEMENT]
+** compile-time option is invoked.  With [SQLITE_ENABLE_MEMORY_MANAGEMENT],
+** the soft heap limit is enforced on every memory allocation.  Without
+** [SQLITE_ENABLE_MEMORY_MANAGEMENT], the soft heap limit is only enforced
+** when memory is allocated by the page cache.  Testing suggests that because
+** the page cache is the predominate memory user in SQLite, most
+** applications will achieve adequate soft heap limit enforcement without
+** the use of [SQLITE_ENABLE_MEMORY_MANAGEMENT].
+**
+** The circumstances under which SQLite will enforce the soft heap limit may
+** changes in future releases of SQLite.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_soft_heap_limit64(sqlite3_int64 N);
+
+/*
+** CAPI3REF: Deprecated Soft Heap Limit Interface
+** DEPRECATED
+**
+** This is a deprecated version of the [sqlite3_soft_heap_limit64()]
+** interface.  This routine is provided for historical compatibility
+** only.  All new applications should use the
+** [sqlite3_soft_heap_limit64()] interface rather than this one.
+*/
+SQLITE_API SQLITE_DEPRECATED void SQLITE_STDCALL sqlite3_soft_heap_limit(int N);
+
+
+/*
+** CAPI3REF: Extract Metadata About A Column Of A Table
+** METHOD: sqlite3
+**
+** ^(The sqlite3_table_column_metadata(X,D,T,C,....) routine returns
+** information about column C of table T in database D
+** on [database connection] X.)^  ^The sqlite3_table_column_metadata()
+** interface returns SQLITE_OK and fills in the non-NULL pointers in
+** the final five arguments with appropriate values if the specified
+** column exists.  ^The sqlite3_table_column_metadata() interface returns
+** SQLITE_ERROR and if the specified column does not exist.
+** ^If the column-name parameter to sqlite3_table_column_metadata() is a
+** NULL pointer, then this routine simply checks for the existance of the
+** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
+** does not.
+**
+** ^The column is identified by the second, third and fourth parameters to
+** this function. ^(The second parameter is either the name of the database
+** (i.e. "main", "temp", or an attached database) containing the specified
+** table or NULL.)^ ^If it is NULL, then all attached databases are searched
+** for the table using the same algorithm used by the database engine to
+** resolve unqualified table references.
+**
+** ^The third and fourth parameters to this function are the table and column
+** name of the desired column, respectively.
+**
+** ^Metadata is returned by writing to the memory locations passed as the 5th
+** and subsequent parameters to this function. ^Any of these arguments may be
+** NULL, in which case the corresponding element of metadata is omitted.
+**
+** ^(<blockquote>
+** <table border="1">
+** <tr><th> Parameter <th> Output<br>Type <th>  Description
+**
+** <tr><td> 5th <td> const char* <td> Data type
+** <tr><td> 6th <td> const char* <td> Name of default collation sequence
+** <tr><td> 7th <td> int         <td> True if column has a NOT NULL constraint
+** <tr><td> 8th <td> int         <td> True if column is part of the PRIMARY KEY
+** <tr><td> 9th <td> int         <td> True if column is [AUTOINCREMENT]
+** </table>
+** </blockquote>)^
+**
+** ^The memory pointed to by the character pointers returned for the
+** declaration type and collation sequence is valid until the next
+** call to any SQLite API function.
+**
+** ^If the specified table is actually a view, an [error code] is returned.
+**
+** ^If the specified column is "rowid", "oid" or "_rowid_" and the table 
+** is not a [WITHOUT ROWID] table and an
+** [INTEGER PRIMARY KEY] column has been explicitly declared, then the output
+** parameters are set for the explicitly declared column. ^(If there is no
+** [INTEGER PRIMARY KEY] column, then the outputs
+** for the [rowid] are set as follows:
+**
+** <pre>
+**     data type: "INTEGER"
+**     collation sequence: "BINARY"
+**     not null: 0
+**     primary key: 1
+**     auto increment: 0
+** </pre>)^
+**
+** ^This function causes all database schemas to be read from disk and
+** parsed, if that has not already been done, and returns an error if
+** any errors are encountered while loading the schema.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_table_column_metadata(
+  sqlite3 *db,                /* Connection handle */
+  const char *zDbName,        /* Database name or NULL */
+  const char *zTableName,     /* Table name */
+  const char *zColumnName,    /* Column name */
+  char const **pzDataType,    /* OUTPUT: Declared data type */
+  char const **pzCollSeq,     /* OUTPUT: Collation sequence name */
+  int *pNotNull,              /* OUTPUT: True if NOT NULL constraint exists */
+  int *pPrimaryKey,           /* OUTPUT: True if column part of PK */
+  int *pAutoinc               /* OUTPUT: True if column is auto-increment */
+);
+
+/*
+** CAPI3REF: Load An Extension
+** METHOD: sqlite3
+**
+** ^This interface loads an SQLite extension library from the named file.
+**
+** ^The sqlite3_load_extension() interface attempts to load an
+** [SQLite extension] library contained in the file zFile.  If
+** the file cannot be loaded directly, attempts are made to load
+** with various operating-system specific extensions added.
+** So for example, if "samplelib" cannot be loaded, then names like
+** "samplelib.so" or "samplelib.dylib" or "samplelib.dll" might
+** be tried also.
+**
+** ^The entry point is zProc.
+** ^(zProc may be 0, in which case SQLite will try to come up with an
+** entry point name on its own.  It first tries "sqlite3_extension_init".
+** If that does not work, it constructs a name "sqlite3_X_init" where the
+** X is consists of the lower-case equivalent of all ASCII alphabetic
+** characters in the filename from the last "/" to the first following
+** "." and omitting any initial "lib".)^
+** ^The sqlite3_load_extension() interface returns
+** [SQLITE_OK] on success and [SQLITE_ERROR] if something goes wrong.
+** ^If an error occurs and pzErrMsg is not 0, then the
+** [sqlite3_load_extension()] interface shall attempt to
+** fill *pzErrMsg with error message text stored in memory
+** obtained from [sqlite3_malloc()]. The calling function
+** should free this memory by calling [sqlite3_free()].
+**
+** ^Extension loading must be enabled using
+** [sqlite3_enable_load_extension()] prior to calling this API,
+** otherwise an error will be returned.
+**
+** See also the [load_extension() SQL function].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_load_extension(
+  sqlite3 *db,          /* Load the extension into this database connection */
+  const char *zFile,    /* Name of the shared library containing extension */
+  const char *zProc,    /* Entry point.  Derived from zFile if 0 */
+  char **pzErrMsg       /* Put error message here if not 0 */
+);
+
+/*
+** CAPI3REF: Enable Or Disable Extension Loading
+** METHOD: sqlite3
+**
+** ^So as not to open security holes in older applications that are
+** unprepared to deal with [extension loading], and as a means of disabling
+** [extension loading] while evaluating user-entered SQL, the following API
+** is provided to turn the [sqlite3_load_extension()] mechanism on and off.
+**
+** ^Extension loading is off by default.
+** ^Call the sqlite3_enable_load_extension() routine with onoff==1
+** to turn extension loading on and call it with onoff==0 to turn
+** it back off again.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_enable_load_extension(sqlite3 *db, int onoff);
+
+/*
+** CAPI3REF: Automatically Load Statically Linked Extensions
+**
+** ^This interface causes the xEntryPoint() function to be invoked for
+** each new [database connection] that is created.  The idea here is that
+** xEntryPoint() is the entry point for a statically linked [SQLite extension]
+** that is to be automatically loaded into all new database connections.
+**
+** ^(Even though the function prototype shows that xEntryPoint() takes
+** no arguments and returns void, SQLite invokes xEntryPoint() with three
+** arguments and expects and integer result as if the signature of the
+** entry point where as follows:
+**
+** <blockquote><pre>
+** &nbsp;  int xEntryPoint(
+** &nbsp;    sqlite3 *db,
+** &nbsp;    const char **pzErrMsg,
+** &nbsp;    const struct sqlite3_api_routines *pThunk
+** &nbsp;  );
+** </pre></blockquote>)^
+**
+** If the xEntryPoint routine encounters an error, it should make *pzErrMsg
+** point to an appropriate error message (obtained from [sqlite3_mprintf()])
+** and return an appropriate [error code].  ^SQLite ensures that *pzErrMsg
+** is NULL before calling the xEntryPoint().  ^SQLite will invoke
+** [sqlite3_free()] on *pzErrMsg after xEntryPoint() returns.  ^If any
+** xEntryPoint() returns an error, the [sqlite3_open()], [sqlite3_open16()],
+** or [sqlite3_open_v2()] call that provoked the xEntryPoint() will fail.
+**
+** ^Calling sqlite3_auto_extension(X) with an entry point X that is already
+** on the list of automatic extensions is a harmless no-op. ^No entry point
+** will be called more than once for each database connection that is opened.
+**
+** See also: [sqlite3_reset_auto_extension()]
+** and [sqlite3_cancel_auto_extension()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_auto_extension(void (*xEntryPoint)(void));
+
+/*
+** CAPI3REF: Cancel Automatic Extension Loading
+**
+** ^The [sqlite3_cancel_auto_extension(X)] interface unregisters the
+** initialization routine X that was registered using a prior call to
+** [sqlite3_auto_extension(X)].  ^The [sqlite3_cancel_auto_extension(X)]
+** routine returns 1 if initialization routine X was successfully 
+** unregistered and it returns 0 if X was not on the list of initialization
+** routines.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_cancel_auto_extension(void (*xEntryPoint)(void));
+
+/*
+** CAPI3REF: Reset Automatic Extension Loading
+**
+** ^This interface disables all automatic extensions previously
+** registered using [sqlite3_auto_extension()].
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_reset_auto_extension(void);
+
+/*
+** The interface to the virtual-table mechanism is currently considered
+** to be experimental.  The interface might change in incompatible ways.
+** If this is a problem for you, do not use the interface at this time.
+**
+** When the virtual-table mechanism stabilizes, we will declare the
+** interface fixed, support it indefinitely, and remove this comment.
+*/
+
+/*
+** Structures used by the virtual table interface
+*/
+typedef struct sqlite3_vtab sqlite3_vtab;
+typedef struct sqlite3_index_info sqlite3_index_info;
+typedef struct sqlite3_vtab_cursor sqlite3_vtab_cursor;
+typedef struct sqlite3_module sqlite3_module;
+
+/*
+** CAPI3REF: Virtual Table Object
+** KEYWORDS: sqlite3_module {virtual table module}
+**
+** This structure, sometimes called a "virtual table module", 
+** defines the implementation of a [virtual tables].  
+** This structure consists mostly of methods for the module.
+**
+** ^A virtual table module is created by filling in a persistent
+** instance of this structure and passing a pointer to that instance
+** to [sqlite3_create_module()] or [sqlite3_create_module_v2()].
+** ^The registration remains valid until it is replaced by a different
+** module or until the [database connection] closes.  The content
+** of this structure must not change while it is registered with
+** any database connection.
+*/
+struct sqlite3_module {
+  int iVersion;
+  int (*xCreate)(sqlite3*, void *pAux,
+               int argc, const char *const*argv,
+               sqlite3_vtab **ppVTab, char**);
+  int (*xConnect)(sqlite3*, void *pAux,
+               int argc, const char *const*argv,
+               sqlite3_vtab **ppVTab, char**);
+  int (*xBestIndex)(sqlite3_vtab *pVTab, sqlite3_index_info*);
+  int (*xDisconnect)(sqlite3_vtab *pVTab);
+  int (*xDestroy)(sqlite3_vtab *pVTab);
+  int (*xOpen)(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor);
+  int (*xClose)(sqlite3_vtab_cursor*);
+  int (*xFilter)(sqlite3_vtab_cursor*, int idxNum, const char *idxStr,
+                int argc, sqlite3_value **argv);
+  int (*xNext)(sqlite3_vtab_cursor*);
+  int (*xEof)(sqlite3_vtab_cursor*);
+  int (*xColumn)(sqlite3_vtab_cursor*, sqlite3_context*, int);
+  int (*xRowid)(sqlite3_vtab_cursor*, sqlite3_int64 *pRowid);
+  int (*xUpdate)(sqlite3_vtab *, int, sqlite3_value **, sqlite3_int64 *);
+  int (*xBegin)(sqlite3_vtab *pVTab);
+  int (*xSync)(sqlite3_vtab *pVTab);
+  int (*xCommit)(sqlite3_vtab *pVTab);
+  int (*xRollback)(sqlite3_vtab *pVTab);
+  int (*xFindFunction)(sqlite3_vtab *pVtab, int nArg, const char *zName,
+                       void (**pxFunc)(sqlite3_context*,int,sqlite3_value**),
+                       void **ppArg);
+  int (*xRename)(sqlite3_vtab *pVtab, const char *zNew);
+  /* The methods above are in version 1 of the sqlite_module object. Those 
+  ** below are for version 2 and greater. */
+  int (*xSavepoint)(sqlite3_vtab *pVTab, int);
+  int (*xRelease)(sqlite3_vtab *pVTab, int);
+  int (*xRollbackTo)(sqlite3_vtab *pVTab, int);
+};
+
+/*
+** CAPI3REF: Virtual Table Indexing Information
+** KEYWORDS: sqlite3_index_info
+**
+** The sqlite3_index_info structure and its substructures is used as part
+** of the [virtual table] interface to
+** pass information into and receive the reply from the [xBestIndex]
+** method of a [virtual table module].  The fields under **Inputs** are the
+** inputs to xBestIndex and are read-only.  xBestIndex inserts its
+** results into the **Outputs** fields.
+**
+** ^(The aConstraint[] array records WHERE clause constraints of the form:
+**
+** <blockquote>column OP expr</blockquote>
+**
+** where OP is =, &lt;, &lt;=, &gt;, or &gt;=.)^  ^(The particular operator is
+** stored in aConstraint[].op using one of the
+** [SQLITE_INDEX_CONSTRAINT_EQ | SQLITE_INDEX_CONSTRAINT_ values].)^
+** ^(The index of the column is stored in
+** aConstraint[].iColumn.)^  ^(aConstraint[].usable is TRUE if the
+** expr on the right-hand side can be evaluated (and thus the constraint
+** is usable) and false if it cannot.)^
+**
+** ^The optimizer automatically inverts terms of the form "expr OP column"
+** and makes other simplifications to the WHERE clause in an attempt to
+** get as many WHERE clause terms into the form shown above as possible.
+** ^The aConstraint[] array only reports WHERE clause terms that are
+** relevant to the particular virtual table being queried.
+**
+** ^Information about the ORDER BY clause is stored in aOrderBy[].
+** ^Each term of aOrderBy records a column of the ORDER BY clause.
+**
+** The colUsed field indicates which columns of the virtual table may be
+** required by the current scan. Virtual table columns are numbered from
+** zero in the order in which they appear within the CREATE TABLE statement
+** passed to sqlite3_declare_vtab(). For the first 63 columns (columns 0-62),
+** the corresponding bit is set within the colUsed mask if the column may be
+** required by SQLite. If the table has at least 64 columns and any column
+** to the right of the first 63 is required, then bit 63 of colUsed is also
+** set. In other words, column iCol may be required if the expression
+** (colUsed & ((sqlite3_uint64)1 << (iCol>=63 ? 63 : iCol))) evaluates to 
+** non-zero.
+**
+** The [xBestIndex] method must fill aConstraintUsage[] with information
+** about what parameters to pass to xFilter.  ^If argvIndex>0 then
+** the right-hand side of the corresponding aConstraint[] is evaluated
+** and becomes the argvIndex-th entry in argv.  ^(If aConstraintUsage[].omit
+** is true, then the constraint is assumed to be fully handled by the
+** virtual table and is not checked again by SQLite.)^
+**
+** ^The idxNum and idxPtr values are recorded and passed into the
+** [xFilter] method.
+** ^[sqlite3_free()] is used to free idxPtr if and only if
+** needToFreeIdxPtr is true.
+**
+** ^The orderByConsumed means that output from [xFilter]/[xNext] will occur in
+** the correct order to satisfy the ORDER BY clause so that no separate
+** sorting step is required.
+**
+** ^The estimatedCost value is an estimate of the cost of a particular
+** strategy. A cost of N indicates that the cost of the strategy is similar
+** to a linear scan of an SQLite table with N rows. A cost of log(N) 
+** indicates that the expense of the operation is similar to that of a
+** binary search on a unique indexed field of an SQLite table with N rows.
+**
+** ^The estimatedRows value is an estimate of the number of rows that
+** will be returned by the strategy.
+**
+** The xBestIndex method may optionally populate the idxFlags field with a 
+** mask of SQLITE_INDEX_SCAN_* flags. Currently there is only one such flag -
+** SQLITE_INDEX_SCAN_UNIQUE. If the xBestIndex method sets this flag, SQLite
+** assumes that the strategy may visit at most one row. 
+**
+** Additionally, if xBestIndex sets the SQLITE_INDEX_SCAN_UNIQUE flag, then
+** SQLite also assumes that if a call to the xUpdate() method is made as
+** part of the same statement to delete or update a virtual table row and the
+** implementation returns SQLITE_CONSTRAINT, then there is no need to rollback
+** any database changes. In other words, if the xUpdate() returns
+** SQLITE_CONSTRAINT, the database contents must be exactly as they were
+** before xUpdate was called. By contrast, if SQLITE_INDEX_SCAN_UNIQUE is not
+** set and xUpdate returns SQLITE_CONSTRAINT, any database changes made by
+** the xUpdate method are automatically rolled back by SQLite.
+**
+** IMPORTANT: The estimatedRows field was added to the sqlite3_index_info
+** structure for SQLite version 3.8.2. If a virtual table extension is
+** used with an SQLite version earlier than 3.8.2, the results of attempting 
+** to read or write the estimatedRows field are undefined (but are likely 
+** to included crashing the application). The estimatedRows field should
+** therefore only be used if [sqlite3_libversion_number()] returns a
+** value greater than or equal to 3008002. Similarly, the idxFlags field
+** was added for version 3.9.0. It may therefore only be used if
+** sqlite3_libversion_number() returns a value greater than or equal to
+** 3009000.
+*/
+struct sqlite3_index_info {
+  /* Inputs */
+  int nConstraint;           /* Number of entries in aConstraint */
+  struct sqlite3_index_constraint {
+     int iColumn;              /* Column on left-hand side of constraint */
+     unsigned char op;         /* Constraint operator */
+     unsigned char usable;     /* True if this constraint is usable */
+     int iTermOffset;          /* Used internally - xBestIndex should ignore */
+  } *aConstraint;            /* Table of WHERE clause constraints */
+  int nOrderBy;              /* Number of terms in the ORDER BY clause */
+  struct sqlite3_index_orderby {
+     int iColumn;              /* Column number */
+     unsigned char desc;       /* True for DESC.  False for ASC. */
+  } *aOrderBy;               /* The ORDER BY clause */
+  /* Outputs */
+  struct sqlite3_index_constraint_usage {
+    int argvIndex;           /* if >0, constraint is part of argv to xFilter */
+    unsigned char omit;      /* Do not code a test for this constraint */
+  } *aConstraintUsage;
+  int idxNum;                /* Number used to identify the index */
+  char *idxStr;              /* String, possibly obtained from sqlite3_malloc */
+  int needToFreeIdxStr;      /* Free idxStr using sqlite3_free() if true */
+  int orderByConsumed;       /* True if output is already ordered */
+  double estimatedCost;           /* Estimated cost of using this index */
+  /* Fields below are only available in SQLite 3.8.2 and later */
+  sqlite3_int64 estimatedRows;    /* Estimated number of rows returned */
+  /* Fields below are only available in SQLite 3.9.0 and later */
+  int idxFlags;              /* Mask of SQLITE_INDEX_SCAN_* flags */
+  /* Fields below are only available in SQLite 3.10.0 and later */
+  sqlite3_uint64 colUsed;    /* Input: Mask of columns used by statement */
+};
+
+/*
+** CAPI3REF: Virtual Table Scan Flags
+*/
+#define SQLITE_INDEX_SCAN_UNIQUE      1     /* Scan visits at most 1 row */
+
+/*
+** CAPI3REF: Virtual Table Constraint Operator Codes
+**
+** These macros defined the allowed values for the
+** [sqlite3_index_info].aConstraint[].op field.  Each value represents
+** an operator that is part of a constraint term in the wHERE clause of
+** a query that uses a [virtual table].
+*/
+#define SQLITE_INDEX_CONSTRAINT_EQ      2
+#define SQLITE_INDEX_CONSTRAINT_GT      4
+#define SQLITE_INDEX_CONSTRAINT_LE      8
+#define SQLITE_INDEX_CONSTRAINT_LT     16
+#define SQLITE_INDEX_CONSTRAINT_GE     32
+#define SQLITE_INDEX_CONSTRAINT_MATCH  64
+#define SQLITE_INDEX_CONSTRAINT_LIKE   65
+#define SQLITE_INDEX_CONSTRAINT_GLOB   66
+#define SQLITE_INDEX_CONSTRAINT_REGEXP 67
+
+/*
+** CAPI3REF: Register A Virtual Table Implementation
+** METHOD: sqlite3
+**
+** ^These routines are used to register a new [virtual table module] name.
+** ^Module names must be registered before
+** creating a new [virtual table] using the module and before using a
+** preexisting [virtual table] for the module.
+**
+** ^The module name is registered on the [database connection] specified
+** by the first parameter.  ^The name of the module is given by the 
+** second parameter.  ^The third parameter is a pointer to
+** the implementation of the [virtual table module].   ^The fourth
+** parameter is an arbitrary client data pointer that is passed through
+** into the [xCreate] and [xConnect] methods of the virtual table module
+** when a new virtual table is be being created or reinitialized.
+**
+** ^The sqlite3_create_module_v2() interface has a fifth parameter which
+** is a pointer to a destructor for the pClientData.  ^SQLite will
+** invoke the destructor function (if it is not NULL) when SQLite
+** no longer needs the pClientData pointer.  ^The destructor will also
+** be invoked if the call to sqlite3_create_module_v2() fails.
+** ^The sqlite3_create_module()
+** interface is equivalent to sqlite3_create_module_v2() with a NULL
+** destructor.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_module(
+  sqlite3 *db,               /* SQLite connection to register module with */
+  const char *zName,         /* Name of the module */
+  const sqlite3_module *p,   /* Methods for the module */
+  void *pClientData          /* Client data for xCreate/xConnect */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_module_v2(
+  sqlite3 *db,               /* SQLite connection to register module with */
+  const char *zName,         /* Name of the module */
+  const sqlite3_module *p,   /* Methods for the module */
+  void *pClientData,         /* Client data for xCreate/xConnect */
+  void(*xDestroy)(void*)     /* Module destructor function */
+);
+
+/*
+** CAPI3REF: Virtual Table Instance Object
+** KEYWORDS: sqlite3_vtab
+**
+** Every [virtual table module] implementation uses a subclass
+** of this object to describe a particular instance
+** of the [virtual table].  Each subclass will
+** be tailored to the specific needs of the module implementation.
+** The purpose of this superclass is to define certain fields that are
+** common to all module implementations.
+**
+** ^Virtual tables methods can set an error message by assigning a
+** string obtained from [sqlite3_mprintf()] to zErrMsg.  The method should
+** take care that any prior string is freed by a call to [sqlite3_free()]
+** prior to assigning a new string to zErrMsg.  ^After the error message
+** is delivered up to the client application, the string will be automatically
+** freed by sqlite3_free() and the zErrMsg field will be zeroed.
+*/
+struct sqlite3_vtab {
+  const sqlite3_module *pModule;  /* The module for this virtual table */
+  int nRef;                       /* Number of open cursors */
+  char *zErrMsg;                  /* Error message from sqlite3_mprintf() */
+  /* Virtual table implementations will typically add additional fields */
+};
+
+/*
+** CAPI3REF: Virtual Table Cursor Object
+** KEYWORDS: sqlite3_vtab_cursor {virtual table cursor}
+**
+** Every [virtual table module] implementation uses a subclass of the
+** following structure to describe cursors that point into the
+** [virtual table] and are used
+** to loop through the virtual table.  Cursors are created using the
+** [sqlite3_module.xOpen | xOpen] method of the module and are destroyed
+** by the [sqlite3_module.xClose | xClose] method.  Cursors are used
+** by the [xFilter], [xNext], [xEof], [xColumn], and [xRowid] methods
+** of the module.  Each module implementation will define
+** the content of a cursor structure to suit its own needs.
+**
+** This superclass exists in order to define fields of the cursor that
+** are common to all implementations.
+*/
+struct sqlite3_vtab_cursor {
+  sqlite3_vtab *pVtab;      /* Virtual table of this cursor */
+  /* Virtual table implementations will typically add additional fields */
+};
+
+/*
+** CAPI3REF: Declare The Schema Of A Virtual Table
+**
+** ^The [xCreate] and [xConnect] methods of a
+** [virtual table module] call this interface
+** to declare the format (the names and datatypes of the columns) of
+** the virtual tables they implement.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_declare_vtab(sqlite3*, const char *zSQL);
+
+/*
+** CAPI3REF: Overload A Function For A Virtual Table
+** METHOD: sqlite3
+**
+** ^(Virtual tables can provide alternative implementations of functions
+** using the [xFindFunction] method of the [virtual table module].  
+** But global versions of those functions
+** must exist in order to be overloaded.)^
+**
+** ^(This API makes sure a global version of a function with a particular
+** name and number of parameters exists.  If no such function exists
+** before this API is called, a new function is created.)^  ^The implementation
+** of the new function always causes an exception to be thrown.  So
+** the new function is not good for anything by itself.  Its only
+** purpose is to be a placeholder function that can be overloaded
+** by a [virtual table].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_overload_function(sqlite3*, const char *zFuncName, int nArg);
+
+/*
+** The interface to the virtual-table mechanism defined above (back up
+** to a comment remarkably similar to this one) is currently considered
+** to be experimental.  The interface might change in incompatible ways.
+** If this is a problem for you, do not use the interface at this time.
+**
+** When the virtual-table mechanism stabilizes, we will declare the
+** interface fixed, support it indefinitely, and remove this comment.
+*/
+
+/*
+** CAPI3REF: A Handle To An Open BLOB
+** KEYWORDS: {BLOB handle} {BLOB handles}
+**
+** An instance of this object represents an open BLOB on which
+** [sqlite3_blob_open | incremental BLOB I/O] can be performed.
+** ^Objects of this type are created by [sqlite3_blob_open()]
+** and destroyed by [sqlite3_blob_close()].
+** ^The [sqlite3_blob_read()] and [sqlite3_blob_write()] interfaces
+** can be used to read or write small subsections of the BLOB.
+** ^The [sqlite3_blob_bytes()] interface returns the size of the BLOB in bytes.
+*/
+typedef struct sqlite3_blob sqlite3_blob;
+
+/*
+** CAPI3REF: Open A BLOB For Incremental I/O
+** METHOD: sqlite3
+** CONSTRUCTOR: sqlite3_blob
+**
+** ^(This interfaces opens a [BLOB handle | handle] to the BLOB located
+** in row iRow, column zColumn, table zTable in database zDb;
+** in other words, the same BLOB that would be selected by:
+**
+** <pre>
+**     SELECT zColumn FROM zDb.zTable WHERE [rowid] = iRow;
+** </pre>)^
+**
+** ^(Parameter zDb is not the filename that contains the database, but 
+** rather the symbolic name of the database. For attached databases, this is
+** the name that appears after the AS keyword in the [ATTACH] statement.
+** For the main database file, the database name is "main". For TEMP
+** tables, the database name is "temp".)^
+**
+** ^If the flags parameter is non-zero, then the BLOB is opened for read
+** and write access. ^If the flags parameter is zero, the BLOB is opened for
+** read-only access.
+**
+** ^(On success, [SQLITE_OK] is returned and the new [BLOB handle] is stored
+** in *ppBlob. Otherwise an [error code] is returned and, unless the error
+** code is SQLITE_MISUSE, *ppBlob is set to NULL.)^ ^This means that, provided
+** the API is not misused, it is always safe to call [sqlite3_blob_close()] 
+** on *ppBlob after this function it returns.
+**
+** This function fails with SQLITE_ERROR if any of the following are true:
+** <ul>
+**   <li> ^(Database zDb does not exist)^, 
+**   <li> ^(Table zTable does not exist within database zDb)^, 
+**   <li> ^(Table zTable is a WITHOUT ROWID table)^, 
+**   <li> ^(Column zColumn does not exist)^,
+**   <li> ^(Row iRow is not present in the table)^,
+**   <li> ^(The specified column of row iRow contains a value that is not
+**         a TEXT or BLOB value)^,
+**   <li> ^(Column zColumn is part of an index, PRIMARY KEY or UNIQUE 
+**         constraint and the blob is being opened for read/write access)^,
+**   <li> ^([foreign key constraints | Foreign key constraints] are enabled, 
+**         column zColumn is part of a [child key] definition and the blob is
+**         being opened for read/write access)^.
+** </ul>
+**
+** ^Unless it returns SQLITE_MISUSE, this function sets the 
+** [database connection] error code and message accessible via 
+** [sqlite3_errcode()] and [sqlite3_errmsg()] and related functions. 
+**
+**
+** ^(If the row that a BLOB handle points to is modified by an
+** [UPDATE], [DELETE], or by [ON CONFLICT] side-effects
+** then the BLOB handle is marked as "expired".
+** This is true if any column of the row is changed, even a column
+** other than the one the BLOB handle is open on.)^
+** ^Calls to [sqlite3_blob_read()] and [sqlite3_blob_write()] for
+** an expired BLOB handle fail with a return code of [SQLITE_ABORT].
+** ^(Changes written into a BLOB prior to the BLOB expiring are not
+** rolled back by the expiration of the BLOB.  Such changes will eventually
+** commit if the transaction continues to completion.)^
+**
+** ^Use the [sqlite3_blob_bytes()] interface to determine the size of
+** the opened blob.  ^The size of a blob may not be changed by this
+** interface.  Use the [UPDATE] SQL command to change the size of a
+** blob.
+**
+** ^The [sqlite3_bind_zeroblob()] and [sqlite3_result_zeroblob()] interfaces
+** and the built-in [zeroblob] SQL function may be used to create a 
+** zero-filled blob to read or write using the incremental-blob interface.
+**
+** To avoid a resource leak, every open [BLOB handle] should eventually
+** be released by a call to [sqlite3_blob_close()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_open(
+  sqlite3*,
+  const char *zDb,
+  const char *zTable,
+  const char *zColumn,
+  sqlite3_int64 iRow,
+  int flags,
+  sqlite3_blob **ppBlob
+);
+
+/*
+** CAPI3REF: Move a BLOB Handle to a New Row
+** METHOD: sqlite3_blob
+**
+** ^This function is used to move an existing blob handle so that it points
+** to a different row of the same database table. ^The new row is identified
+** by the rowid value passed as the second argument. Only the row can be
+** changed. ^The database, table and column on which the blob handle is open
+** remain the same. Moving an existing blob handle to a new row can be
+** faster than closing the existing handle and opening a new one.
+**
+** ^(The new row must meet the same criteria as for [sqlite3_blob_open()] -
+** it must exist and there must be either a blob or text value stored in
+** the nominated column.)^ ^If the new row is not present in the table, or if
+** it does not contain a blob or text value, or if another error occurs, an
+** SQLite error code is returned and the blob handle is considered aborted.
+** ^All subsequent calls to [sqlite3_blob_read()], [sqlite3_blob_write()] or
+** [sqlite3_blob_reopen()] on an aborted blob handle immediately return
+** SQLITE_ABORT. ^Calling [sqlite3_blob_bytes()] on an aborted blob handle
+** always returns zero.
+**
+** ^This function sets the database handle error code and message.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_reopen(sqlite3_blob *, sqlite3_int64);
+
+/*
+** CAPI3REF: Close A BLOB Handle
+** DESTRUCTOR: sqlite3_blob
+**
+** ^This function closes an open [BLOB handle]. ^(The BLOB handle is closed
+** unconditionally.  Even if this routine returns an error code, the 
+** handle is still closed.)^
+**
+** ^If the blob handle being closed was opened for read-write access, and if
+** the database is in auto-commit mode and there are no other open read-write
+** blob handles or active write statements, the current transaction is
+** committed. ^If an error occurs while committing the transaction, an error
+** code is returned and the transaction rolled back.
+**
+** Calling this function with an argument that is not a NULL pointer or an
+** open blob handle results in undefined behaviour. ^Calling this routine 
+** with a null pointer (such as would be returned by a failed call to 
+** [sqlite3_blob_open()]) is a harmless no-op. ^Otherwise, if this function
+** is passed a valid open blob handle, the values returned by the 
+** sqlite3_errcode() and sqlite3_errmsg() functions are set before returning.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_close(sqlite3_blob *);
+
+/*
+** CAPI3REF: Return The Size Of An Open BLOB
+** METHOD: sqlite3_blob
+**
+** ^Returns the size in bytes of the BLOB accessible via the 
+** successfully opened [BLOB handle] in its only argument.  ^The
+** incremental blob I/O routines can only read or overwriting existing
+** blob content; they cannot change the size of a blob.
+**
+** This routine only works on a [BLOB handle] which has been created
+** by a prior successful call to [sqlite3_blob_open()] and which has not
+** been closed by [sqlite3_blob_close()].  Passing any other pointer in
+** to this routine results in undefined and probably undesirable behavior.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_bytes(sqlite3_blob *);
+
+/*
+** CAPI3REF: Read Data From A BLOB Incrementally
+** METHOD: sqlite3_blob
+**
+** ^(This function is used to read data from an open [BLOB handle] into a
+** caller-supplied buffer. N bytes of data are copied into buffer Z
+** from the open BLOB, starting at offset iOffset.)^
+**
+** ^If offset iOffset is less than N bytes from the end of the BLOB,
+** [SQLITE_ERROR] is returned and no data is read.  ^If N or iOffset is
+** less than zero, [SQLITE_ERROR] is returned and no data is read.
+** ^The size of the blob (and hence the maximum value of N+iOffset)
+** can be determined using the [sqlite3_blob_bytes()] interface.
+**
+** ^An attempt to read from an expired [BLOB handle] fails with an
+** error code of [SQLITE_ABORT].
+**
+** ^(On success, sqlite3_blob_read() returns SQLITE_OK.
+** Otherwise, an [error code] or an [extended error code] is returned.)^
+**
+** This routine only works on a [BLOB handle] which has been created
+** by a prior successful call to [sqlite3_blob_open()] and which has not
+** been closed by [sqlite3_blob_close()].  Passing any other pointer in
+** to this routine results in undefined and probably undesirable behavior.
+**
+** See also: [sqlite3_blob_write()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_read(sqlite3_blob *, void *Z, int N, int iOffset);
+
+/*
+** CAPI3REF: Write Data Into A BLOB Incrementally
+** METHOD: sqlite3_blob
+**
+** ^(This function is used to write data into an open [BLOB handle] from a
+** caller-supplied buffer. N bytes of data are copied from the buffer Z
+** into the open BLOB, starting at offset iOffset.)^
+**
+** ^(On success, sqlite3_blob_write() returns SQLITE_OK.
+** Otherwise, an  [error code] or an [extended error code] is returned.)^
+** ^Unless SQLITE_MISUSE is returned, this function sets the 
+** [database connection] error code and message accessible via 
+** [sqlite3_errcode()] and [sqlite3_errmsg()] and related functions. 
+**
+** ^If the [BLOB handle] passed as the first argument was not opened for
+** writing (the flags parameter to [sqlite3_blob_open()] was zero),
+** this function returns [SQLITE_READONLY].
+**
+** This function may only modify the contents of the BLOB; it is
+** not possible to increase the size of a BLOB using this API.
+** ^If offset iOffset is less than N bytes from the end of the BLOB,
+** [SQLITE_ERROR] is returned and no data is written. The size of the 
+** BLOB (and hence the maximum value of N+iOffset) can be determined 
+** using the [sqlite3_blob_bytes()] interface. ^If N or iOffset are less 
+** than zero [SQLITE_ERROR] is returned and no data is written.
+**
+** ^An attempt to write to an expired [BLOB handle] fails with an
+** error code of [SQLITE_ABORT].  ^Writes to the BLOB that occurred
+** before the [BLOB handle] expired are not rolled back by the
+** expiration of the handle, though of course those changes might
+** have been overwritten by the statement that expired the BLOB handle
+** or by other independent statements.
+**
+** This routine only works on a [BLOB handle] which has been created
+** by a prior successful call to [sqlite3_blob_open()] and which has not
+** been closed by [sqlite3_blob_close()].  Passing any other pointer in
+** to this routine results in undefined and probably undesirable behavior.
+**
+** See also: [sqlite3_blob_read()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_write(sqlite3_blob *, const void *z, int n, int iOffset);
+
+/*
+** CAPI3REF: Virtual File System Objects
+**
+** A virtual filesystem (VFS) is an [sqlite3_vfs] object
+** that SQLite uses to interact
+** with the underlying operating system.  Most SQLite builds come with a
+** single default VFS that is appropriate for the host computer.
+** New VFSes can be registered and existing VFSes can be unregistered.
+** The following interfaces are provided.
+**
+** ^The sqlite3_vfs_find() interface returns a pointer to a VFS given its name.
+** ^Names are case sensitive.
+** ^Names are zero-terminated UTF-8 strings.
+** ^If there is no match, a NULL pointer is returned.
+** ^If zVfsName is NULL then the default VFS is returned.
+**
+** ^New VFSes are registered with sqlite3_vfs_register().
+** ^Each new VFS becomes the default VFS if the makeDflt flag is set.
+** ^The same VFS can be registered multiple times without injury.
+** ^To make an existing VFS into the default VFS, register it again
+** with the makeDflt flag set.  If two different VFSes with the
+** same name are registered, the behavior is undefined.  If a
+** VFS is registered with a name that is NULL or an empty string,
+** then the behavior is undefined.
+**
+** ^Unregister a VFS with the sqlite3_vfs_unregister() interface.
+** ^(If the default VFS is unregistered, another VFS is chosen as
+** the default.  The choice for the new VFS is arbitrary.)^
+*/
+SQLITE_API sqlite3_vfs *SQLITE_STDCALL sqlite3_vfs_find(const char *zVfsName);
+SQLITE_API int SQLITE_STDCALL sqlite3_vfs_register(sqlite3_vfs*, int makeDflt);
+SQLITE_API int SQLITE_STDCALL sqlite3_vfs_unregister(sqlite3_vfs*);
+
+/*
+** CAPI3REF: Mutexes
+**
+** The SQLite core uses these routines for thread
+** synchronization. Though they are intended for internal
+** use by SQLite, code that links against SQLite is
+** permitted to use any of these routines.
+**
+** The SQLite source code contains multiple implementations
+** of these mutex routines.  An appropriate implementation
+** is selected automatically at compile-time.  The following
+** implementations are available in the SQLite core:
+**
+** <ul>
+** <li>   SQLITE_MUTEX_PTHREADS
+** <li>   SQLITE_MUTEX_W32
+** <li>   SQLITE_MUTEX_NOOP
+** </ul>
+**
+** The SQLITE_MUTEX_NOOP implementation is a set of routines
+** that does no real locking and is appropriate for use in
+** a single-threaded application.  The SQLITE_MUTEX_PTHREADS and
+** SQLITE_MUTEX_W32 implementations are appropriate for use on Unix
+** and Windows.
+**
+** If SQLite is compiled with the SQLITE_MUTEX_APPDEF preprocessor
+** macro defined (with "-DSQLITE_MUTEX_APPDEF=1"), then no mutex
+** implementation is included with the library. In this case the
+** application must supply a custom mutex implementation using the
+** [SQLITE_CONFIG_MUTEX] option of the sqlite3_config() function
+** before calling sqlite3_initialize() or any other public sqlite3_
+** function that calls sqlite3_initialize().
+**
+** ^The sqlite3_mutex_alloc() routine allocates a new
+** mutex and returns a pointer to it. ^The sqlite3_mutex_alloc()
+** routine returns NULL if it is unable to allocate the requested
+** mutex.  The argument to sqlite3_mutex_alloc() must one of these
+** integer constants:
+**
+** <ul>
+** <li>  SQLITE_MUTEX_FAST
+** <li>  SQLITE_MUTEX_RECURSIVE
+** <li>  SQLITE_MUTEX_STATIC_MASTER
+** <li>  SQLITE_MUTEX_STATIC_MEM
+** <li>  SQLITE_MUTEX_STATIC_OPEN
+** <li>  SQLITE_MUTEX_STATIC_PRNG
+** <li>  SQLITE_MUTEX_STATIC_LRU
+** <li>  SQLITE_MUTEX_STATIC_PMEM
+** <li>  SQLITE_MUTEX_STATIC_APP1
+** <li>  SQLITE_MUTEX_STATIC_APP2
+** <li>  SQLITE_MUTEX_STATIC_APP3
+** <li>  SQLITE_MUTEX_STATIC_VFS1
+** <li>  SQLITE_MUTEX_STATIC_VFS2
+** <li>  SQLITE_MUTEX_STATIC_VFS3
+** </ul>
+**
+** ^The first two constants (SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE)
+** cause sqlite3_mutex_alloc() to create
+** a new mutex.  ^The new mutex is recursive when SQLITE_MUTEX_RECURSIVE
+** is used but not necessarily so when SQLITE_MUTEX_FAST is used.
+** The mutex implementation does not need to make a distinction
+** between SQLITE_MUTEX_RECURSIVE and SQLITE_MUTEX_FAST if it does
+** not want to.  SQLite will only request a recursive mutex in
+** cases where it really needs one.  If a faster non-recursive mutex
+** implementation is available on the host platform, the mutex subsystem
+** might return such a mutex in response to SQLITE_MUTEX_FAST.
+**
+** ^The other allowed parameters to sqlite3_mutex_alloc() (anything other
+** than SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE) each return
+** a pointer to a static preexisting mutex.  ^Nine static mutexes are
+** used by the current version of SQLite.  Future versions of SQLite
+** may add additional static mutexes.  Static mutexes are for internal
+** use by SQLite only.  Applications that use SQLite mutexes should
+** use only the dynamic mutexes returned by SQLITE_MUTEX_FAST or
+** SQLITE_MUTEX_RECURSIVE.
+**
+** ^Note that if one of the dynamic mutex parameters (SQLITE_MUTEX_FAST
+** or SQLITE_MUTEX_RECURSIVE) is used then sqlite3_mutex_alloc()
+** returns a different mutex on every call.  ^For the static
+** mutex types, the same mutex is returned on every call that has
+** the same type number.
+**
+** ^The sqlite3_mutex_free() routine deallocates a previously
+** allocated dynamic mutex.  Attempting to deallocate a static
+** mutex results in undefined behavior.
+**
+** ^The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt
+** to enter a mutex.  ^If another thread is already within the mutex,
+** sqlite3_mutex_enter() will block and sqlite3_mutex_try() will return
+** SQLITE_BUSY.  ^The sqlite3_mutex_try() interface returns [SQLITE_OK]
+** upon successful entry.  ^(Mutexes created using
+** SQLITE_MUTEX_RECURSIVE can be entered multiple times by the same thread.
+** In such cases, the
+** mutex must be exited an equal number of times before another thread
+** can enter.)^  If the same thread tries to enter any mutex other
+** than an SQLITE_MUTEX_RECURSIVE more than once, the behavior is undefined.
+**
+** ^(Some systems (for example, Windows 95) do not support the operation
+** implemented by sqlite3_mutex_try().  On those systems, sqlite3_mutex_try()
+** will always return SQLITE_BUSY. The SQLite core only ever uses
+** sqlite3_mutex_try() as an optimization so this is acceptable 
+** behavior.)^
+**
+** ^The sqlite3_mutex_leave() routine exits a mutex that was
+** previously entered by the same thread.   The behavior
+** is undefined if the mutex is not currently entered by the
+** calling thread or is not currently allocated.
+**
+** ^If the argument to sqlite3_mutex_enter(), sqlite3_mutex_try(), or
+** sqlite3_mutex_leave() is a NULL pointer, then all three routines
+** behave as no-ops.
+**
+** See also: [sqlite3_mutex_held()] and [sqlite3_mutex_notheld()].
+*/
+SQLITE_API sqlite3_mutex *SQLITE_STDCALL sqlite3_mutex_alloc(int);
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_free(sqlite3_mutex*);
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_enter(sqlite3_mutex*);
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_try(sqlite3_mutex*);
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_leave(sqlite3_mutex*);
+
+/*
+** CAPI3REF: Mutex Methods Object
+**
+** An instance of this structure defines the low-level routines
+** used to allocate and use mutexes.
+**
+** Usually, the default mutex implementations provided by SQLite are
+** sufficient, however the application has the option of substituting a custom
+** implementation for specialized deployments or systems for which SQLite
+** does not provide a suitable implementation. In this case, the application
+** creates and populates an instance of this structure to pass
+** to sqlite3_config() along with the [SQLITE_CONFIG_MUTEX] option.
+** Additionally, an instance of this structure can be used as an
+** output variable when querying the system for the current mutex
+** implementation, using the [SQLITE_CONFIG_GETMUTEX] option.
+**
+** ^The xMutexInit method defined by this structure is invoked as
+** part of system initialization by the sqlite3_initialize() function.
+** ^The xMutexInit routine is called by SQLite exactly once for each
+** effective call to [sqlite3_initialize()].
+**
+** ^The xMutexEnd method defined by this structure is invoked as
+** part of system shutdown by the sqlite3_shutdown() function. The
+** implementation of this method is expected to release all outstanding
+** resources obtained by the mutex methods implementation, especially
+** those obtained by the xMutexInit method.  ^The xMutexEnd()
+** interface is invoked exactly once for each call to [sqlite3_shutdown()].
+**
+** ^(The remaining seven methods defined by this structure (xMutexAlloc,
+** xMutexFree, xMutexEnter, xMutexTry, xMutexLeave, xMutexHeld and
+** xMutexNotheld) implement the following interfaces (respectively):
+**
+** <ul>
+**   <li>  [sqlite3_mutex_alloc()] </li>
+**   <li>  [sqlite3_mutex_free()] </li>
+**   <li>  [sqlite3_mutex_enter()] </li>
+**   <li>  [sqlite3_mutex_try()] </li>
+**   <li>  [sqlite3_mutex_leave()] </li>
+**   <li>  [sqlite3_mutex_held()] </li>
+**   <li>  [sqlite3_mutex_notheld()] </li>
+** </ul>)^
+**
+** The only difference is that the public sqlite3_XXX functions enumerated
+** above silently ignore any invocations that pass a NULL pointer instead
+** of a valid mutex handle. The implementations of the methods defined
+** by this structure are not required to handle this case, the results
+** of passing a NULL pointer instead of a valid mutex handle are undefined
+** (i.e. it is acceptable to provide an implementation that segfaults if
+** it is passed a NULL pointer).
+**
+** The xMutexInit() method must be threadsafe.  It must be harmless to
+** invoke xMutexInit() multiple times within the same process and without
+** intervening calls to xMutexEnd().  Second and subsequent calls to
+** xMutexInit() must be no-ops.
+**
+** xMutexInit() must not use SQLite memory allocation ([sqlite3_malloc()]
+** and its associates).  Similarly, xMutexAlloc() must not use SQLite memory
+** allocation for a static mutex.  ^However xMutexAlloc() may use SQLite
+** memory allocation for a fast or recursive mutex.
+**
+** ^SQLite will invoke the xMutexEnd() method when [sqlite3_shutdown()] is
+** called, but only if the prior call to xMutexInit returned SQLITE_OK.
+** If xMutexInit fails in any way, it is expected to clean up after itself
+** prior to returning.
+*/
+typedef struct sqlite3_mutex_methods sqlite3_mutex_methods;
+struct sqlite3_mutex_methods {
+  int (*xMutexInit)(void);
+  int (*xMutexEnd)(void);
+  sqlite3_mutex *(*xMutexAlloc)(int);
+  void (*xMutexFree)(sqlite3_mutex *);
+  void (*xMutexEnter)(sqlite3_mutex *);
+  int (*xMutexTry)(sqlite3_mutex *);
+  void (*xMutexLeave)(sqlite3_mutex *);
+  int (*xMutexHeld)(sqlite3_mutex *);
+  int (*xMutexNotheld)(sqlite3_mutex *);
+};
+
+/*
+** CAPI3REF: Mutex Verification Routines
+**
+** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routines
+** are intended for use inside assert() statements.  The SQLite core
+** never uses these routines except inside an assert() and applications
+** are advised to follow the lead of the core.  The SQLite core only
+** provides implementations for these routines when it is compiled
+** with the SQLITE_DEBUG flag.  External mutex implementations
+** are only required to provide these routines if SQLITE_DEBUG is
+** defined and if NDEBUG is not defined.
+**
+** These routines should return true if the mutex in their argument
+** is held or not held, respectively, by the calling thread.
+**
+** The implementation is not required to provide versions of these
+** routines that actually work. If the implementation does not provide working
+** versions of these routines, it should at least provide stubs that always
+** return true so that one does not get spurious assertion failures.
+**
+** If the argument to sqlite3_mutex_held() is a NULL pointer then
+** the routine should return 1.   This seems counter-intuitive since
+** clearly the mutex cannot be held if it does not exist.  But
+** the reason the mutex does not exist is because the build is not
+** using mutexes.  And we do not want the assert() containing the
+** call to sqlite3_mutex_held() to fail, so a non-zero return is
+** the appropriate thing to do.  The sqlite3_mutex_notheld()
+** interface should also return 1 when given a NULL pointer.
+*/
+#ifndef NDEBUG
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_held(sqlite3_mutex*);
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_notheld(sqlite3_mutex*);
+#endif
+
+/*
+** CAPI3REF: Mutex Types
+**
+** The [sqlite3_mutex_alloc()] interface takes a single argument
+** which is one of these integer constants.
+**
+** The set of static mutexes may change from one SQLite release to the
+** next.  Applications that override the built-in mutex logic must be
+** prepared to accommodate additional static mutexes.
+*/
+#define SQLITE_MUTEX_FAST             0
+#define SQLITE_MUTEX_RECURSIVE        1
+#define SQLITE_MUTEX_STATIC_MASTER    2
+#define SQLITE_MUTEX_STATIC_MEM       3  /* sqlite3_malloc() */
+#define SQLITE_MUTEX_STATIC_MEM2      4  /* NOT USED */
+#define SQLITE_MUTEX_STATIC_OPEN      4  /* sqlite3BtreeOpen() */
+#define SQLITE_MUTEX_STATIC_PRNG      5  /* sqlite3_random() */
+#define SQLITE_MUTEX_STATIC_LRU       6  /* lru page list */
+#define SQLITE_MUTEX_STATIC_LRU2      7  /* NOT USED */
+#define SQLITE_MUTEX_STATIC_PMEM      7  /* sqlite3PageMalloc() */
+#define SQLITE_MUTEX_STATIC_APP1      8  /* For use by application */
+#define SQLITE_MUTEX_STATIC_APP2      9  /* For use by application */
+#define SQLITE_MUTEX_STATIC_APP3     10  /* For use by application */
+#define SQLITE_MUTEX_STATIC_VFS1     11  /* For use by built-in VFS */
+#define SQLITE_MUTEX_STATIC_VFS2     12  /* For use by extension VFS */
+#define SQLITE_MUTEX_STATIC_VFS3     13  /* For use by application VFS */
+
+/*
+** CAPI3REF: Retrieve the mutex for a database connection
+** METHOD: sqlite3
+**
+** ^This interface returns a pointer the [sqlite3_mutex] object that 
+** serializes access to the [database connection] given in the argument
+** when the [threading mode] is Serialized.
+** ^If the [threading mode] is Single-thread or Multi-thread then this
+** routine returns a NULL pointer.
+*/
+SQLITE_API sqlite3_mutex *SQLITE_STDCALL sqlite3_db_mutex(sqlite3*);
+
+/*
+** CAPI3REF: Low-Level Control Of Database Files
+** METHOD: sqlite3
+**
+** ^The [sqlite3_file_control()] interface makes a direct call to the
+** xFileControl method for the [sqlite3_io_methods] object associated
+** with a particular database identified by the second argument. ^The
+** name of the database is "main" for the main database or "temp" for the
+** TEMP database, or the name that appears after the AS keyword for
+** databases that are added using the [ATTACH] SQL command.
+** ^A NULL pointer can be used in place of "main" to refer to the
+** main database file.
+** ^The third and fourth parameters to this routine
+** are passed directly through to the second and third parameters of
+** the xFileControl method.  ^The return value of the xFileControl
+** method becomes the return value of this routine.
+**
+** ^The SQLITE_FCNTL_FILE_POINTER value for the op parameter causes
+** a pointer to the underlying [sqlite3_file] object to be written into
+** the space pointed to by the 4th parameter.  ^The SQLITE_FCNTL_FILE_POINTER
+** case is a short-circuit path which does not actually invoke the
+** underlying sqlite3_io_methods.xFileControl method.
+**
+** ^If the second parameter (zDbName) does not match the name of any
+** open database file, then SQLITE_ERROR is returned.  ^This error
+** code is not remembered and will not be recalled by [sqlite3_errcode()]
+** or [sqlite3_errmsg()].  The underlying xFileControl method might
+** also return SQLITE_ERROR.  There is no way to distinguish between
+** an incorrect zDbName and an SQLITE_ERROR return from the underlying
+** xFileControl method.
+**
+** See also: [SQLITE_FCNTL_LOCKSTATE]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_file_control(sqlite3*, const char *zDbName, int op, void*);
+
+/*
+** CAPI3REF: Testing Interface
+**
+** ^The sqlite3_test_control() interface is used to read out internal
+** state of SQLite and to inject faults into SQLite for testing
+** purposes.  ^The first parameter is an operation code that determines
+** the number, meaning, and operation of all subsequent parameters.
+**
+** This interface is not for use by applications.  It exists solely
+** for verifying the correct operation of the SQLite library.  Depending
+** on how the SQLite library is compiled, this interface might not exist.
+**
+** The details of the operation codes, their meanings, the parameters
+** they take, and what they do are all subject to change without notice.
+** Unlike most of the SQLite API, this function is not guaranteed to
+** operate consistently from one release to the next.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_test_control(int op, ...);
+
+/*
+** CAPI3REF: Testing Interface Operation Codes
+**
+** These constants are the valid operation code parameters used
+** as the first argument to [sqlite3_test_control()].
+**
+** These parameters and their meanings are subject to change
+** without notice.  These values are for testing purposes only.
+** Applications should not use any of these parameters or the
+** [sqlite3_test_control()] interface.
+*/
+#define SQLITE_TESTCTRL_FIRST                    5
+#define SQLITE_TESTCTRL_PRNG_SAVE                5
+#define SQLITE_TESTCTRL_PRNG_RESTORE             6
+#define SQLITE_TESTCTRL_PRNG_RESET               7
+#define SQLITE_TESTCTRL_BITVEC_TEST              8
+#define SQLITE_TESTCTRL_FAULT_INSTALL            9
+#define SQLITE_TESTCTRL_BENIGN_MALLOC_HOOKS     10
+#define SQLITE_TESTCTRL_PENDING_BYTE            11
+#define SQLITE_TESTCTRL_ASSERT                  12
+#define SQLITE_TESTCTRL_ALWAYS                  13
+#define SQLITE_TESTCTRL_RESERVE                 14
+#define SQLITE_TESTCTRL_OPTIMIZATIONS           15
+#define SQLITE_TESTCTRL_ISKEYWORD               16
+#define SQLITE_TESTCTRL_SCRATCHMALLOC           17
+#define SQLITE_TESTCTRL_LOCALTIME_FAULT         18
+#define SQLITE_TESTCTRL_EXPLAIN_STMT            19  /* NOT USED */
+#define SQLITE_TESTCTRL_NEVER_CORRUPT           20
+#define SQLITE_TESTCTRL_VDBE_COVERAGE           21
+#define SQLITE_TESTCTRL_BYTEORDER               22
+#define SQLITE_TESTCTRL_ISINIT                  23
+#define SQLITE_TESTCTRL_SORTER_MMAP             24
+#define SQLITE_TESTCTRL_IMPOSTER                25
+#define SQLITE_TESTCTRL_LAST                    25
+
+/*
+** CAPI3REF: SQLite Runtime Status
+**
+** ^These interfaces are used to retrieve runtime status information
+** about the performance of SQLite, and optionally to reset various
+** highwater marks.  ^The first argument is an integer code for
+** the specific parameter to measure.  ^(Recognized integer codes
+** are of the form [status parameters | SQLITE_STATUS_...].)^
+** ^The current value of the parameter is returned into *pCurrent.
+** ^The highest recorded value is returned in *pHighwater.  ^If the
+** resetFlag is true, then the highest record value is reset after
+** *pHighwater is written.  ^(Some parameters do not record the highest
+** value.  For those parameters
+** nothing is written into *pHighwater and the resetFlag is ignored.)^
+** ^(Other parameters record only the highwater mark and not the current
+** value.  For these latter parameters nothing is written into *pCurrent.)^
+**
+** ^The sqlite3_status() and sqlite3_status64() routines return
+** SQLITE_OK on success and a non-zero [error code] on failure.
+**
+** If either the current value or the highwater mark is too large to
+** be represented by a 32-bit integer, then the values returned by
+** sqlite3_status() are undefined.
+**
+** See also: [sqlite3_db_status()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_status(int op, int *pCurrent, int *pHighwater, int resetFlag);
+SQLITE_API int SQLITE_STDCALL sqlite3_status64(
+  int op,
+  sqlite3_int64 *pCurrent,
+  sqlite3_int64 *pHighwater,
+  int resetFlag
+);
+
+
+/*
+** CAPI3REF: Status Parameters
+** KEYWORDS: {status parameters}
+**
+** These integer constants designate various run-time status parameters
+** that can be returned by [sqlite3_status()].
+**
+** <dl>
+** [[SQLITE_STATUS_MEMORY_USED]] ^(<dt>SQLITE_STATUS_MEMORY_USED</dt>
+** <dd>This parameter is the current amount of memory checked out
+** using [sqlite3_malloc()], either directly or indirectly.  The
+** figure includes calls made to [sqlite3_malloc()] by the application
+** and internal memory usage by the SQLite library.  Scratch memory
+** controlled by [SQLITE_CONFIG_SCRATCH] and auxiliary page-cache
+** memory controlled by [SQLITE_CONFIG_PAGECACHE] is not included in
+** this parameter.  The amount returned is the sum of the allocation
+** sizes as reported by the xSize method in [sqlite3_mem_methods].</dd>)^
+**
+** [[SQLITE_STATUS_MALLOC_SIZE]] ^(<dt>SQLITE_STATUS_MALLOC_SIZE</dt>
+** <dd>This parameter records the largest memory allocation request
+** handed to [sqlite3_malloc()] or [sqlite3_realloc()] (or their
+** internal equivalents).  Only the value returned in the
+** *pHighwater parameter to [sqlite3_status()] is of interest.  
+** The value written into the *pCurrent parameter is undefined.</dd>)^
+**
+** [[SQLITE_STATUS_MALLOC_COUNT]] ^(<dt>SQLITE_STATUS_MALLOC_COUNT</dt>
+** <dd>This parameter records the number of separate memory allocations
+** currently checked out.</dd>)^
+**
+** [[SQLITE_STATUS_PAGECACHE_USED]] ^(<dt>SQLITE_STATUS_PAGECACHE_USED</dt>
+** <dd>This parameter returns the number of pages used out of the
+** [pagecache memory allocator] that was configured using 
+** [SQLITE_CONFIG_PAGECACHE].  The
+** value returned is in pages, not in bytes.</dd>)^
+**
+** [[SQLITE_STATUS_PAGECACHE_OVERFLOW]] 
+** ^(<dt>SQLITE_STATUS_PAGECACHE_OVERFLOW</dt>
+** <dd>This parameter returns the number of bytes of page cache
+** allocation which could not be satisfied by the [SQLITE_CONFIG_PAGECACHE]
+** buffer and where forced to overflow to [sqlite3_malloc()].  The
+** returned value includes allocations that overflowed because they
+** where too large (they were larger than the "sz" parameter to
+** [SQLITE_CONFIG_PAGECACHE]) and allocations that overflowed because
+** no space was left in the page cache.</dd>)^
+**
+** [[SQLITE_STATUS_PAGECACHE_SIZE]] ^(<dt>SQLITE_STATUS_PAGECACHE_SIZE</dt>
+** <dd>This parameter records the largest memory allocation request
+** handed to [pagecache memory allocator].  Only the value returned in the
+** *pHighwater parameter to [sqlite3_status()] is of interest.  
+** The value written into the *pCurrent parameter is undefined.</dd>)^
+**
+** [[SQLITE_STATUS_SCRATCH_USED]] ^(<dt>SQLITE_STATUS_SCRATCH_USED</dt>
+** <dd>This parameter returns the number of allocations used out of the
+** [scratch memory allocator] configured using
+** [SQLITE_CONFIG_SCRATCH].  The value returned is in allocations, not
+** in bytes.  Since a single thread may only have one scratch allocation
+** outstanding at time, this parameter also reports the number of threads
+** using scratch memory at the same time.</dd>)^
+**
+** [[SQLITE_STATUS_SCRATCH_OVERFLOW]] ^(<dt>SQLITE_STATUS_SCRATCH_OVERFLOW</dt>
+** <dd>This parameter returns the number of bytes of scratch memory
+** allocation which could not be satisfied by the [SQLITE_CONFIG_SCRATCH]
+** buffer and where forced to overflow to [sqlite3_malloc()].  The values
+** returned include overflows because the requested allocation was too
+** larger (that is, because the requested allocation was larger than the
+** "sz" parameter to [SQLITE_CONFIG_SCRATCH]) and because no scratch buffer
+** slots were available.
+** </dd>)^
+**
+** [[SQLITE_STATUS_SCRATCH_SIZE]] ^(<dt>SQLITE_STATUS_SCRATCH_SIZE</dt>
+** <dd>This parameter records the largest memory allocation request
+** handed to [scratch memory allocator].  Only the value returned in the
+** *pHighwater parameter to [sqlite3_status()] is of interest.  
+** The value written into the *pCurrent parameter is undefined.</dd>)^
+**
+** [[SQLITE_STATUS_PARSER_STACK]] ^(<dt>SQLITE_STATUS_PARSER_STACK</dt>
+** <dd>The *pHighwater parameter records the deepest parser stack. 
+** The *pCurrent value is undefined.  The *pHighwater value is only
+** meaningful if SQLite is compiled with [YYTRACKMAXSTACKDEPTH].</dd>)^
+** </dl>
+**
+** New status parameters may be added from time to time.
+*/
+#define SQLITE_STATUS_MEMORY_USED          0
+#define SQLITE_STATUS_PAGECACHE_USED       1
+#define SQLITE_STATUS_PAGECACHE_OVERFLOW   2
+#define SQLITE_STATUS_SCRATCH_USED         3
+#define SQLITE_STATUS_SCRATCH_OVERFLOW     4
+#define SQLITE_STATUS_MALLOC_SIZE          5
+#define SQLITE_STATUS_PARSER_STACK         6
+#define SQLITE_STATUS_PAGECACHE_SIZE       7
+#define SQLITE_STATUS_SCRATCH_SIZE         8
+#define SQLITE_STATUS_MALLOC_COUNT         9
+
+/*
+** CAPI3REF: Database Connection Status
+** METHOD: sqlite3
+**
+** ^This interface is used to retrieve runtime status information 
+** about a single [database connection].  ^The first argument is the
+** database connection object to be interrogated.  ^The second argument
+** is an integer constant, taken from the set of
+** [SQLITE_DBSTATUS options], that
+** determines the parameter to interrogate.  The set of 
+** [SQLITE_DBSTATUS options] is likely
+** to grow in future releases of SQLite.
+**
+** ^The current value of the requested parameter is written into *pCur
+** and the highest instantaneous value is written into *pHiwtr.  ^If
+** the resetFlg is true, then the highest instantaneous value is
+** reset back down to the current value.
+**
+** ^The sqlite3_db_status() routine returns SQLITE_OK on success and a
+** non-zero [error code] on failure.
+**
+** See also: [sqlite3_status()] and [sqlite3_stmt_status()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_status(sqlite3*, int op, int *pCur, int *pHiwtr, int resetFlg);
+
+/*
+** CAPI3REF: Status Parameters for database connections
+** KEYWORDS: {SQLITE_DBSTATUS options}
+**
+** These constants are the available integer "verbs" that can be passed as
+** the second argument to the [sqlite3_db_status()] interface.
+**
+** New verbs may be added in future releases of SQLite. Existing verbs
+** might be discontinued. Applications should check the return code from
+** [sqlite3_db_status()] to make sure that the call worked.
+** The [sqlite3_db_status()] interface will return a non-zero error code
+** if a discontinued or unsupported verb is invoked.
+**
+** <dl>
+** [[SQLITE_DBSTATUS_LOOKASIDE_USED]] ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_USED</dt>
+** <dd>This parameter returns the number of lookaside memory slots currently
+** checked out.</dd>)^
+**
+** [[SQLITE_DBSTATUS_LOOKASIDE_HIT]] ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_HIT</dt>
+** <dd>This parameter returns the number malloc attempts that were 
+** satisfied using lookaside memory. Only the high-water value is meaningful;
+** the current value is always zero.)^
+**
+** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE]]
+** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE</dt>
+** <dd>This parameter returns the number malloc attempts that might have
+** been satisfied using lookaside memory but failed due to the amount of
+** memory requested being larger than the lookaside slot size.
+** Only the high-water value is meaningful;
+** the current value is always zero.)^
+**
+** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL]]
+** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL</dt>
+** <dd>This parameter returns the number malloc attempts that might have
+** been satisfied using lookaside memory but failed due to all lookaside
+** memory already being in use.
+** Only the high-water value is meaningful;
+** the current value is always zero.)^
+**
+** [[SQLITE_DBSTATUS_CACHE_USED]] ^(<dt>SQLITE_DBSTATUS_CACHE_USED</dt>
+** <dd>This parameter returns the approximate number of bytes of heap
+** memory used by all pager caches associated with the database connection.)^
+** ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_USED is always 0.
+**
+** [[SQLITE_DBSTATUS_SCHEMA_USED]] ^(<dt>SQLITE_DBSTATUS_SCHEMA_USED</dt>
+** <dd>This parameter returns the approximate number of bytes of heap
+** memory used to store the schema for all databases associated
+** with the connection - main, temp, and any [ATTACH]-ed databases.)^ 
+** ^The full amount of memory used by the schemas is reported, even if the
+** schema memory is shared with other database connections due to
+** [shared cache mode] being enabled.
+** ^The highwater mark associated with SQLITE_DBSTATUS_SCHEMA_USED is always 0.
+**
+** [[SQLITE_DBSTATUS_STMT_USED]] ^(<dt>SQLITE_DBSTATUS_STMT_USED</dt>
+** <dd>This parameter returns the approximate number of bytes of heap
+** and lookaside memory used by all prepared statements associated with
+** the database connection.)^
+** ^The highwater mark associated with SQLITE_DBSTATUS_STMT_USED is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_CACHE_HIT]] ^(<dt>SQLITE_DBSTATUS_CACHE_HIT</dt>
+** <dd>This parameter returns the number of pager cache hits that have
+** occurred.)^ ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_HIT 
+** is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_CACHE_MISS]] ^(<dt>SQLITE_DBSTATUS_CACHE_MISS</dt>
+** <dd>This parameter returns the number of pager cache misses that have
+** occurred.)^ ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_MISS 
+** is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_CACHE_WRITE]] ^(<dt>SQLITE_DBSTATUS_CACHE_WRITE</dt>
+** <dd>This parameter returns the number of dirty cache entries that have
+** been written to disk. Specifically, the number of pages written to the
+** wal file in wal mode databases, or the number of pages written to the
+** database file in rollback mode databases. Any pages written as part of
+** transaction rollback or database recovery operations are not included.
+** If an IO or other error occurs while writing a page to disk, the effect
+** on subsequent SQLITE_DBSTATUS_CACHE_WRITE requests is undefined.)^ ^The
+** highwater mark associated with SQLITE_DBSTATUS_CACHE_WRITE is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_DEFERRED_FKS]] ^(<dt>SQLITE_DBSTATUS_DEFERRED_FKS</dt>
+** <dd>This parameter returns zero for the current value if and only if
+** all foreign key constraints (deferred or immediate) have been
+** resolved.)^  ^The highwater mark is always 0.
+** </dd>
+** </dl>
+*/
+#define SQLITE_DBSTATUS_LOOKASIDE_USED       0
+#define SQLITE_DBSTATUS_CACHE_USED           1
+#define SQLITE_DBSTATUS_SCHEMA_USED          2
+#define SQLITE_DBSTATUS_STMT_USED            3
+#define SQLITE_DBSTATUS_LOOKASIDE_HIT        4
+#define SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE  5
+#define SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL  6
+#define SQLITE_DBSTATUS_CACHE_HIT            7
+#define SQLITE_DBSTATUS_CACHE_MISS           8
+#define SQLITE_DBSTATUS_CACHE_WRITE          9
+#define SQLITE_DBSTATUS_DEFERRED_FKS        10
+#define SQLITE_DBSTATUS_MAX                 10   /* Largest defined DBSTATUS */
+
+
+/*
+** CAPI3REF: Prepared Statement Status
+** METHOD: sqlite3_stmt
+**
+** ^(Each prepared statement maintains various
+** [SQLITE_STMTSTATUS counters] that measure the number
+** of times it has performed specific operations.)^  These counters can
+** be used to monitor the performance characteristics of the prepared
+** statements.  For example, if the number of table steps greatly exceeds
+** the number of table searches or result rows, that would tend to indicate
+** that the prepared statement is using a full table scan rather than
+** an index.  
+**
+** ^(This interface is used to retrieve and reset counter values from
+** a [prepared statement].  The first argument is the prepared statement
+** object to be interrogated.  The second argument
+** is an integer code for a specific [SQLITE_STMTSTATUS counter]
+** to be interrogated.)^
+** ^The current value of the requested counter is returned.
+** ^If the resetFlg is true, then the counter is reset to zero after this
+** interface call returns.
+**
+** See also: [sqlite3_status()] and [sqlite3_db_status()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_status(sqlite3_stmt*, int op,int resetFlg);
+
+/*
+** CAPI3REF: Status Parameters for prepared statements
+** KEYWORDS: {SQLITE_STMTSTATUS counter} {SQLITE_STMTSTATUS counters}
+**
+** These preprocessor macros define integer codes that name counter
+** values associated with the [sqlite3_stmt_status()] interface.
+** The meanings of the various counters are as follows:
+**
+** <dl>
+** [[SQLITE_STMTSTATUS_FULLSCAN_STEP]] <dt>SQLITE_STMTSTATUS_FULLSCAN_STEP</dt>
+** <dd>^This is the number of times that SQLite has stepped forward in
+** a table as part of a full table scan.  Large numbers for this counter
+** may indicate opportunities for performance improvement through 
+** careful use of indices.</dd>
+**
+** [[SQLITE_STMTSTATUS_SORT]] <dt>SQLITE_STMTSTATUS_SORT</dt>
+** <dd>^This is the number of sort operations that have occurred.
+** A non-zero value in this counter may indicate an opportunity to
+** improvement performance through careful use of indices.</dd>
+**
+** [[SQLITE_STMTSTATUS_AUTOINDEX]] <dt>SQLITE_STMTSTATUS_AUTOINDEX</dt>
+** <dd>^This is the number of rows inserted into transient indices that
+** were created automatically in order to help joins run faster.
+** A non-zero value in this counter may indicate an opportunity to
+** improvement performance by adding permanent indices that do not
+** need to be reinitialized each time the statement is run.</dd>
+**
+** [[SQLITE_STMTSTATUS_VM_STEP]] <dt>SQLITE_STMTSTATUS_VM_STEP</dt>
+** <dd>^This is the number of virtual machine operations executed
+** by the prepared statement if that number is less than or equal
+** to 2147483647.  The number of virtual machine operations can be 
+** used as a proxy for the total work done by the prepared statement.
+** If the number of virtual machine operations exceeds 2147483647
+** then the value returned by this statement status code is undefined.
+** </dd>
+** </dl>
+*/
+#define SQLITE_STMTSTATUS_FULLSCAN_STEP     1
+#define SQLITE_STMTSTATUS_SORT              2
+#define SQLITE_STMTSTATUS_AUTOINDEX         3
+#define SQLITE_STMTSTATUS_VM_STEP           4
+
+/*
+** CAPI3REF: Custom Page Cache Object
+**
+** The sqlite3_pcache type is opaque.  It is implemented by
+** the pluggable module.  The SQLite core has no knowledge of
+** its size or internal structure and never deals with the
+** sqlite3_pcache object except by holding and passing pointers
+** to the object.
+**
+** See [sqlite3_pcache_methods2] for additional information.
+*/
+typedef struct sqlite3_pcache sqlite3_pcache;
+
+/*
+** CAPI3REF: Custom Page Cache Object
+**
+** The sqlite3_pcache_page object represents a single page in the
+** page cache.  The page cache will allocate instances of this
+** object.  Various methods of the page cache use pointers to instances
+** of this object as parameters or as their return value.
+**
+** See [sqlite3_pcache_methods2] for additional information.
+*/
+typedef struct sqlite3_pcache_page sqlite3_pcache_page;
+struct sqlite3_pcache_page {
+  void *pBuf;        /* The content of the page */
+  void *pExtra;      /* Extra information associated with the page */
+};
+
+/*
+** CAPI3REF: Application Defined Page Cache.
+** KEYWORDS: {page cache}
+**
+** ^(The [sqlite3_config]([SQLITE_CONFIG_PCACHE2], ...) interface can
+** register an alternative page cache implementation by passing in an 
+** instance of the sqlite3_pcache_methods2 structure.)^
+** In many applications, most of the heap memory allocated by 
+** SQLite is used for the page cache.
+** By implementing a 
+** custom page cache using this API, an application can better control
+** the amount of memory consumed by SQLite, the way in which 
+** that memory is allocated and released, and the policies used to 
+** determine exactly which parts of a database file are cached and for 
+** how long.
+**
+** The alternative page cache mechanism is an
+** extreme measure that is only needed by the most demanding applications.
+** The built-in page cache is recommended for most uses.
+**
+** ^(The contents of the sqlite3_pcache_methods2 structure are copied to an
+** internal buffer by SQLite within the call to [sqlite3_config].  Hence
+** the application may discard the parameter after the call to
+** [sqlite3_config()] returns.)^
+**
+** [[the xInit() page cache method]]
+** ^(The xInit() method is called once for each effective 
+** call to [sqlite3_initialize()])^
+** (usually only once during the lifetime of the process). ^(The xInit()
+** method is passed a copy of the sqlite3_pcache_methods2.pArg value.)^
+** The intent of the xInit() method is to set up global data structures 
+** required by the custom page cache implementation. 
+** ^(If the xInit() method is NULL, then the 
+** built-in default page cache is used instead of the application defined
+** page cache.)^
+**
+** [[the xShutdown() page cache method]]
+** ^The xShutdown() method is called by [sqlite3_shutdown()].
+** It can be used to clean up 
+** any outstanding resources before process shutdown, if required.
+** ^The xShutdown() method may be NULL.
+**
+** ^SQLite automatically serializes calls to the xInit method,
+** so the xInit method need not be threadsafe.  ^The
+** xShutdown method is only called from [sqlite3_shutdown()] so it does
+** not need to be threadsafe either.  All other methods must be threadsafe
+** in multithreaded applications.
+**
+** ^SQLite will never invoke xInit() more than once without an intervening
+** call to xShutdown().
+**
+** [[the xCreate() page cache methods]]
+** ^SQLite invokes the xCreate() method to construct a new cache instance.
+** SQLite will typically create one cache instance for each open database file,
+** though this is not guaranteed. ^The
+** first parameter, szPage, is the size in bytes of the pages that must
+** be allocated by the cache.  ^szPage will always a power of two.  ^The
+** second parameter szExtra is a number of bytes of extra storage 
+** associated with each page cache entry.  ^The szExtra parameter will
+** a number less than 250.  SQLite will use the
+** extra szExtra bytes on each page to store metadata about the underlying
+** database page on disk.  The value passed into szExtra depends
+** on the SQLite version, the target platform, and how SQLite was compiled.
+** ^The third argument to xCreate(), bPurgeable, is true if the cache being
+** created will be used to cache database pages of a file stored on disk, or
+** false if it is used for an in-memory database. The cache implementation
+** does not have to do anything special based with the value of bPurgeable;
+** it is purely advisory.  ^On a cache where bPurgeable is false, SQLite will
+** never invoke xUnpin() except to deliberately delete a page.
+** ^In other words, calls to xUnpin() on a cache with bPurgeable set to
+** false will always have the "discard" flag set to true.  
+** ^Hence, a cache created with bPurgeable false will
+** never contain any unpinned pages.
+**
+** [[the xCachesize() page cache method]]
+** ^(The xCachesize() method may be called at any time by SQLite to set the
+** suggested maximum cache-size (number of pages stored by) the cache
+** instance passed as the first argument. This is the value configured using
+** the SQLite "[PRAGMA cache_size]" command.)^  As with the bPurgeable
+** parameter, the implementation is not required to do anything with this
+** value; it is advisory only.
+**
+** [[the xPagecount() page cache methods]]
+** The xPagecount() method must return the number of pages currently
+** stored in the cache, both pinned and unpinned.
+** 
+** [[the xFetch() page cache methods]]
+** The xFetch() method locates a page in the cache and returns a pointer to 
+** an sqlite3_pcache_page object associated with that page, or a NULL pointer.
+** The pBuf element of the returned sqlite3_pcache_page object will be a
+** pointer to a buffer of szPage bytes used to store the content of a 
+** single database page.  The pExtra element of sqlite3_pcache_page will be
+** a pointer to the szExtra bytes of extra storage that SQLite has requested
+** for each entry in the page cache.
+**
+** The page to be fetched is determined by the key. ^The minimum key value
+** is 1.  After it has been retrieved using xFetch, the page is considered
+** to be "pinned".
+**
+** If the requested page is already in the page cache, then the page cache
+** implementation must return a pointer to the page buffer with its content
+** intact.  If the requested page is not already in the cache, then the
+** cache implementation should use the value of the createFlag
+** parameter to help it determined what action to take:
+**
+** <table border=1 width=85% align=center>
+** <tr><th> createFlag <th> Behavior when page is not already in cache
+** <tr><td> 0 <td> Do not allocate a new page.  Return NULL.
+** <tr><td> 1 <td> Allocate a new page if it easy and convenient to do so.
+**                 Otherwise return NULL.
+** <tr><td> 2 <td> Make every effort to allocate a new page.  Only return
+**                 NULL if allocating a new page is effectively impossible.
+** </table>
+**
+** ^(SQLite will normally invoke xFetch() with a createFlag of 0 or 1.  SQLite
+** will only use a createFlag of 2 after a prior call with a createFlag of 1
+** failed.)^  In between the to xFetch() calls, SQLite may
+** attempt to unpin one or more cache pages by spilling the content of
+** pinned pages to disk and synching the operating system disk cache.
+**
+** [[the xUnpin() page cache method]]
+** ^xUnpin() is called by SQLite with a pointer to a currently pinned page
+** as its second argument.  If the third parameter, discard, is non-zero,
+** then the page must be evicted from the cache.
+** ^If the discard parameter is
+** zero, then the page may be discarded or retained at the discretion of
+** page cache implementation. ^The page cache implementation
+** may choose to evict unpinned pages at any time.
+**
+** The cache must not perform any reference counting. A single 
+** call to xUnpin() unpins the page regardless of the number of prior calls 
+** to xFetch().
+**
+** [[the xRekey() page cache methods]]
+** The xRekey() method is used to change the key value associated with the
+** page passed as the second argument. If the cache
+** previously contains an entry associated with newKey, it must be
+** discarded. ^Any prior cache entry associated with newKey is guaranteed not
+** to be pinned.
+**
+** When SQLite calls the xTruncate() method, the cache must discard all
+** existing cache entries with page numbers (keys) greater than or equal
+** to the value of the iLimit parameter passed to xTruncate(). If any
+** of these pages are pinned, they are implicitly unpinned, meaning that
+** they can be safely discarded.
+**
+** [[the xDestroy() page cache method]]
+** ^The xDestroy() method is used to delete a cache allocated by xCreate().
+** All resources associated with the specified cache should be freed. ^After
+** calling the xDestroy() method, SQLite considers the [sqlite3_pcache*]
+** handle invalid, and will not use it with any other sqlite3_pcache_methods2
+** functions.
+**
+** [[the xShrink() page cache method]]
+** ^SQLite invokes the xShrink() method when it wants the page cache to
+** free up as much of heap memory as possible.  The page cache implementation
+** is not obligated to free any memory, but well-behaved implementations should
+** do their best.
+*/
+typedef struct sqlite3_pcache_methods2 sqlite3_pcache_methods2;
+struct sqlite3_pcache_methods2 {
+  int iVersion;
+  void *pArg;
+  int (*xInit)(void*);
+  void (*xShutdown)(void*);
+  sqlite3_pcache *(*xCreate)(int szPage, int szExtra, int bPurgeable);
+  void (*xCachesize)(sqlite3_pcache*, int nCachesize);
+  int (*xPagecount)(sqlite3_pcache*);
+  sqlite3_pcache_page *(*xFetch)(sqlite3_pcache*, unsigned key, int createFlag);
+  void (*xUnpin)(sqlite3_pcache*, sqlite3_pcache_page*, int discard);
+  void (*xRekey)(sqlite3_pcache*, sqlite3_pcache_page*, 
+      unsigned oldKey, unsigned newKey);
+  void (*xTruncate)(sqlite3_pcache*, unsigned iLimit);
+  void (*xDestroy)(sqlite3_pcache*);
+  void (*xShrink)(sqlite3_pcache*);
+};
+
+/*
+** This is the obsolete pcache_methods object that has now been replaced
+** by sqlite3_pcache_methods2.  This object is not used by SQLite.  It is
+** retained in the header file for backwards compatibility only.
+*/
+typedef struct sqlite3_pcache_methods sqlite3_pcache_methods;
+struct sqlite3_pcache_methods {
+  void *pArg;
+  int (*xInit)(void*);
+  void (*xShutdown)(void*);
+  sqlite3_pcache *(*xCreate)(int szPage, int bPurgeable);
+  void (*xCachesize)(sqlite3_pcache*, int nCachesize);
+  int (*xPagecount)(sqlite3_pcache*);
+  void *(*xFetch)(sqlite3_pcache*, unsigned key, int createFlag);
+  void (*xUnpin)(sqlite3_pcache*, void*, int discard);
+  void (*xRekey)(sqlite3_pcache*, void*, unsigned oldKey, unsigned newKey);
+  void (*xTruncate)(sqlite3_pcache*, unsigned iLimit);
+  void (*xDestroy)(sqlite3_pcache*);
+};
+
+
+/*
+** CAPI3REF: Online Backup Object
+**
+** The sqlite3_backup object records state information about an ongoing
+** online backup operation.  ^The sqlite3_backup object is created by
+** a call to [sqlite3_backup_init()] and is destroyed by a call to
+** [sqlite3_backup_finish()].
+**
+** See Also: [Using the SQLite Online Backup API]
+*/
+typedef struct sqlite3_backup sqlite3_backup;
+
+/*
+** CAPI3REF: Online Backup API.
+**
+** The backup API copies the content of one database into another.
+** It is useful either for creating backups of databases or
+** for copying in-memory databases to or from persistent files. 
+**
+** See Also: [Using the SQLite Online Backup API]
+**
+** ^SQLite holds a write transaction open on the destination database file
+** for the duration of the backup operation.
+** ^The source database is read-locked only while it is being read;
+** it is not locked continuously for the entire backup operation.
+** ^Thus, the backup may be performed on a live source database without
+** preventing other database connections from
+** reading or writing to the source database while the backup is underway.
+** 
+** ^(To perform a backup operation: 
+**   <ol>
+**     <li><b>sqlite3_backup_init()</b> is called once to initialize the
+**         backup, 
+**     <li><b>sqlite3_backup_step()</b> is called one or more times to transfer 
+**         the data between the two databases, and finally
+**     <li><b>sqlite3_backup_finish()</b> is called to release all resources 
+**         associated with the backup operation. 
+**   </ol>)^
+** There should be exactly one call to sqlite3_backup_finish() for each
+** successful call to sqlite3_backup_init().
+**
+** [[sqlite3_backup_init()]] <b>sqlite3_backup_init()</b>
+**
+** ^The D and N arguments to sqlite3_backup_init(D,N,S,M) are the 
+** [database connection] associated with the destination database 
+** and the database name, respectively.
+** ^The database name is "main" for the main database, "temp" for the
+** temporary database, or the name specified after the AS keyword in
+** an [ATTACH] statement for an attached database.
+** ^The S and M arguments passed to 
+** sqlite3_backup_init(D,N,S,M) identify the [database connection]
+** and database name of the source database, respectively.
+** ^The source and destination [database connections] (parameters S and D)
+** must be different or else sqlite3_backup_init(D,N,S,M) will fail with
+** an error.
+**
+** ^A call to sqlite3_backup_init() will fail, returning SQLITE_ERROR, if 
+** there is already a read or read-write transaction open on the 
+** destination database.
+**
+** ^If an error occurs within sqlite3_backup_init(D,N,S,M), then NULL is
+** returned and an error code and error message are stored in the
+** destination [database connection] D.
+** ^The error code and message for the failed call to sqlite3_backup_init()
+** can be retrieved using the [sqlite3_errcode()], [sqlite3_errmsg()], and/or
+** [sqlite3_errmsg16()] functions.
+** ^A successful call to sqlite3_backup_init() returns a pointer to an
+** [sqlite3_backup] object.
+** ^The [sqlite3_backup] object may be used with the sqlite3_backup_step() and
+** sqlite3_backup_finish() functions to perform the specified backup 
+** operation.
+**
+** [[sqlite3_backup_step()]] <b>sqlite3_backup_step()</b>
+**
+** ^Function sqlite3_backup_step(B,N) will copy up to N pages between 
+** the source and destination databases specified by [sqlite3_backup] object B.
+** ^If N is negative, all remaining source pages are copied. 
+** ^If sqlite3_backup_step(B,N) successfully copies N pages and there
+** are still more pages to be copied, then the function returns [SQLITE_OK].
+** ^If sqlite3_backup_step(B,N) successfully finishes copying all pages
+** from source to destination, then it returns [SQLITE_DONE].
+** ^If an error occurs while running sqlite3_backup_step(B,N),
+** then an [error code] is returned. ^As well as [SQLITE_OK] and
+** [SQLITE_DONE], a call to sqlite3_backup_step() may return [SQLITE_READONLY],
+** [SQLITE_NOMEM], [SQLITE_BUSY], [SQLITE_LOCKED], or an
+** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX] extended error code.
+**
+** ^(The sqlite3_backup_step() might return [SQLITE_READONLY] if
+** <ol>
+** <li> the destination database was opened read-only, or
+** <li> the destination database is using write-ahead-log journaling
+** and the destination and source page sizes differ, or
+** <li> the destination database is an in-memory database and the
+** destination and source page sizes differ.
+** </ol>)^
+**
+** ^If sqlite3_backup_step() cannot obtain a required file-system lock, then
+** the [sqlite3_busy_handler | busy-handler function]
+** is invoked (if one is specified). ^If the 
+** busy-handler returns non-zero before the lock is available, then 
+** [SQLITE_BUSY] is returned to the caller. ^In this case the call to
+** sqlite3_backup_step() can be retried later. ^If the source
+** [database connection]
+** is being used to write to the source database when sqlite3_backup_step()
+** is called, then [SQLITE_LOCKED] is returned immediately. ^Again, in this
+** case the call to sqlite3_backup_step() can be retried later on. ^(If
+** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX], [SQLITE_NOMEM], or
+** [SQLITE_READONLY] is returned, then 
+** there is no point in retrying the call to sqlite3_backup_step(). These 
+** errors are considered fatal.)^  The application must accept 
+** that the backup operation has failed and pass the backup operation handle 
+** to the sqlite3_backup_finish() to release associated resources.
+**
+** ^The first call to sqlite3_backup_step() obtains an exclusive lock
+** on the destination file. ^The exclusive lock is not released until either 
+** sqlite3_backup_finish() is called or the backup operation is complete 
+** and sqlite3_backup_step() returns [SQLITE_DONE].  ^Every call to
+** sqlite3_backup_step() obtains a [shared lock] on the source database that
+** lasts for the duration of the sqlite3_backup_step() call.
+** ^Because the source database is not locked between calls to
+** sqlite3_backup_step(), the source database may be modified mid-way
+** through the backup process.  ^If the source database is modified by an
+** external process or via a database connection other than the one being
+** used by the backup operation, then the backup will be automatically
+** restarted by the next call to sqlite3_backup_step(). ^If the source 
+** database is modified by the using the same database connection as is used
+** by the backup operation, then the backup database is automatically
+** updated at the same time.
+**
+** [[sqlite3_backup_finish()]] <b>sqlite3_backup_finish()</b>
+**
+** When sqlite3_backup_step() has returned [SQLITE_DONE], or when the 
+** application wishes to abandon the backup operation, the application
+** should destroy the [sqlite3_backup] by passing it to sqlite3_backup_finish().
+** ^The sqlite3_backup_finish() interfaces releases all
+** resources associated with the [sqlite3_backup] object. 
+** ^If sqlite3_backup_step() has not yet returned [SQLITE_DONE], then any
+** active write-transaction on the destination database is rolled back.
+** The [sqlite3_backup] object is invalid
+** and may not be used following a call to sqlite3_backup_finish().
+**
+** ^The value returned by sqlite3_backup_finish is [SQLITE_OK] if no
+** sqlite3_backup_step() errors occurred, regardless or whether or not
+** sqlite3_backup_step() completed.
+** ^If an out-of-memory condition or IO error occurred during any prior
+** sqlite3_backup_step() call on the same [sqlite3_backup] object, then
+** sqlite3_backup_finish() returns the corresponding [error code].
+**
+** ^A return of [SQLITE_BUSY] or [SQLITE_LOCKED] from sqlite3_backup_step()
+** is not a permanent error and does not affect the return value of
+** sqlite3_backup_finish().
+**
+** [[sqlite3_backup_remaining()]] [[sqlite3_backup_pagecount()]]
+** <b>sqlite3_backup_remaining() and sqlite3_backup_pagecount()</b>
+**
+** ^The sqlite3_backup_remaining() routine returns the number of pages still
+** to be backed up at the conclusion of the most recent sqlite3_backup_step().
+** ^The sqlite3_backup_pagecount() routine returns the total number of pages
+** in the source database at the conclusion of the most recent
+** sqlite3_backup_step().
+** ^(The values returned by these functions are only updated by
+** sqlite3_backup_step(). If the source database is modified in a way that
+** changes the size of the source database or the number of pages remaining,
+** those changes are not reflected in the output of sqlite3_backup_pagecount()
+** and sqlite3_backup_remaining() until after the next
+** sqlite3_backup_step().)^
+**
+** <b>Concurrent Usage of Database Handles</b>
+**
+** ^The source [database connection] may be used by the application for other
+** purposes while a backup operation is underway or being initialized.
+** ^If SQLite is compiled and configured to support threadsafe database
+** connections, then the source database connection may be used concurrently
+** from within other threads.
+**
+** However, the application must guarantee that the destination 
+** [database connection] is not passed to any other API (by any thread) after 
+** sqlite3_backup_init() is called and before the corresponding call to
+** sqlite3_backup_finish().  SQLite does not currently check to see
+** if the application incorrectly accesses the destination [database connection]
+** and so no error code is reported, but the operations may malfunction
+** nevertheless.  Use of the destination database connection while a
+** backup is in progress might also also cause a mutex deadlock.
+**
+** If running in [shared cache mode], the application must
+** guarantee that the shared cache used by the destination database
+** is not accessed while the backup is running. In practice this means
+** that the application must guarantee that the disk file being 
+** backed up to is not accessed by any connection within the process,
+** not just the specific connection that was passed to sqlite3_backup_init().
+**
+** The [sqlite3_backup] object itself is partially threadsafe. Multiple 
+** threads may safely make multiple concurrent calls to sqlite3_backup_step().
+** However, the sqlite3_backup_remaining() and sqlite3_backup_pagecount()
+** APIs are not strictly speaking threadsafe. If they are invoked at the
+** same time as another thread is invoking sqlite3_backup_step() it is
+** possible that they return invalid values.
+*/
+SQLITE_API sqlite3_backup *SQLITE_STDCALL sqlite3_backup_init(
+  sqlite3 *pDest,                        /* Destination database handle */
+  const char *zDestName,                 /* Destination database name */
+  sqlite3 *pSource,                      /* Source database handle */
+  const char *zSourceName                /* Source database name */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_step(sqlite3_backup *p, int nPage);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_finish(sqlite3_backup *p);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_remaining(sqlite3_backup *p);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_pagecount(sqlite3_backup *p);
+
+/*
+** CAPI3REF: Unlock Notification
+** METHOD: sqlite3
+**
+** ^When running in shared-cache mode, a database operation may fail with
+** an [SQLITE_LOCKED] error if the required locks on the shared-cache or
+** individual tables within the shared-cache cannot be obtained. See
+** [SQLite Shared-Cache Mode] for a description of shared-cache locking. 
+** ^This API may be used to register a callback that SQLite will invoke 
+** when the connection currently holding the required lock relinquishes it.
+** ^This API is only available if the library was compiled with the
+** [SQLITE_ENABLE_UNLOCK_NOTIFY] C-preprocessor symbol defined.
+**
+** See Also: [Using the SQLite Unlock Notification Feature].
+**
+** ^Shared-cache locks are released when a database connection concludes
+** its current transaction, either by committing it or rolling it back. 
+**
+** ^When a connection (known as the blocked connection) fails to obtain a
+** shared-cache lock and SQLITE_LOCKED is returned to the caller, the
+** identity of the database connection (the blocking connection) that
+** has locked the required resource is stored internally. ^After an 
+** application receives an SQLITE_LOCKED error, it may call the
+** sqlite3_unlock_notify() method with the blocked connection handle as 
+** the first argument to register for a callback that will be invoked
+** when the blocking connections current transaction is concluded. ^The
+** callback is invoked from within the [sqlite3_step] or [sqlite3_close]
+** call that concludes the blocking connections transaction.
+**
+** ^(If sqlite3_unlock_notify() is called in a multi-threaded application,
+** there is a chance that the blocking connection will have already
+** concluded its transaction by the time sqlite3_unlock_notify() is invoked.
+** If this happens, then the specified callback is invoked immediately,
+** from within the call to sqlite3_unlock_notify().)^
+**
+** ^If the blocked connection is attempting to obtain a write-lock on a
+** shared-cache table, and more than one other connection currently holds
+** a read-lock on the same table, then SQLite arbitrarily selects one of 
+** the other connections to use as the blocking connection.
+**
+** ^(There may be at most one unlock-notify callback registered by a 
+** blocked connection. If sqlite3_unlock_notify() is called when the
+** blocked connection already has a registered unlock-notify callback,
+** then the new callback replaces the old.)^ ^If sqlite3_unlock_notify() is
+** called with a NULL pointer as its second argument, then any existing
+** unlock-notify callback is canceled. ^The blocked connections 
+** unlock-notify callback may also be canceled by closing the blocked
+** connection using [sqlite3_close()].
+**
+** The unlock-notify callback is not reentrant. If an application invokes
+** any sqlite3_xxx API functions from within an unlock-notify callback, a
+** crash or deadlock may be the result.
+**
+** ^Unless deadlock is detected (see below), sqlite3_unlock_notify() always
+** returns SQLITE_OK.
+**
+** <b>Callback Invocation Details</b>
+**
+** When an unlock-notify callback is registered, the application provides a 
+** single void* pointer that is passed to the callback when it is invoked.
+** However, the signature of the callback function allows SQLite to pass
+** it an array of void* context pointers. The first argument passed to
+** an unlock-notify callback is a pointer to an array of void* pointers,
+** and the second is the number of entries in the array.
+**
+** When a blocking connections transaction is concluded, there may be
+** more than one blocked connection that has registered for an unlock-notify
+** callback. ^If two or more such blocked connections have specified the
+** same callback function, then instead of invoking the callback function
+** multiple times, it is invoked once with the set of void* context pointers
+** specified by the blocked connections bundled together into an array.
+** This gives the application an opportunity to prioritize any actions 
+** related to the set of unblocked database connections.
+**
+** <b>Deadlock Detection</b>
+**
+** Assuming that after registering for an unlock-notify callback a 
+** database waits for the callback to be issued before taking any further
+** action (a reasonable assumption), then using this API may cause the
+** application to deadlock. For example, if connection X is waiting for
+** connection Y's transaction to be concluded, and similarly connection
+** Y is waiting on connection X's transaction, then neither connection
+** will proceed and the system may remain deadlocked indefinitely.
+**
+** To avoid this scenario, the sqlite3_unlock_notify() performs deadlock
+** detection. ^If a given call to sqlite3_unlock_notify() would put the
+** system in a deadlocked state, then SQLITE_LOCKED is returned and no
+** unlock-notify callback is registered. The system is said to be in
+** a deadlocked state if connection A has registered for an unlock-notify
+** callback on the conclusion of connection B's transaction, and connection
+** B has itself registered for an unlock-notify callback when connection
+** A's transaction is concluded. ^Indirect deadlock is also detected, so
+** the system is also considered to be deadlocked if connection B has
+** registered for an unlock-notify callback on the conclusion of connection
+** C's transaction, where connection C is waiting on connection A. ^Any
+** number of levels of indirection are allowed.
+**
+** <b>The "DROP TABLE" Exception</b>
+**
+** When a call to [sqlite3_step()] returns SQLITE_LOCKED, it is almost 
+** always appropriate to call sqlite3_unlock_notify(). There is however,
+** one exception. When executing a "DROP TABLE" or "DROP INDEX" statement,
+** SQLite checks if there are any currently executing SELECT statements
+** that belong to the same connection. If there are, SQLITE_LOCKED is
+** returned. In this case there is no "blocking connection", so invoking
+** sqlite3_unlock_notify() results in the unlock-notify callback being
+** invoked immediately. If the application then re-attempts the "DROP TABLE"
+** or "DROP INDEX" query, an infinite loop might be the result.
+**
+** One way around this problem is to check the extended error code returned
+** by an sqlite3_step() call. ^(If there is a blocking connection, then the
+** extended error code is set to SQLITE_LOCKED_SHAREDCACHE. Otherwise, in
+** the special "DROP TABLE/INDEX" case, the extended error code is just 
+** SQLITE_LOCKED.)^
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_unlock_notify(
+  sqlite3 *pBlocked,                          /* Waiting connection */
+  void (*xNotify)(void **apArg, int nArg),    /* Callback function to invoke */
+  void *pNotifyArg                            /* Argument to pass to xNotify */
+);
+
+
+/*
+** CAPI3REF: String Comparison
+**
+** ^The [sqlite3_stricmp()] and [sqlite3_strnicmp()] APIs allow applications
+** and extensions to compare the contents of two buffers containing UTF-8
+** strings in a case-independent fashion, using the same definition of "case
+** independence" that SQLite uses internally when comparing identifiers.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stricmp(const char *, const char *);
+SQLITE_API int SQLITE_STDCALL sqlite3_strnicmp(const char *, const char *, int);
+
+/*
+** CAPI3REF: String Globbing
+*
+** ^The [sqlite3_strglob(P,X)] interface returns zero if and only if
+** string X matches the [GLOB] pattern P.
+** ^The definition of [GLOB] pattern matching used in
+** [sqlite3_strglob(P,X)] is the same as for the "X GLOB P" operator in the
+** SQL dialect understood by SQLite.  ^The [sqlite3_strglob(P,X)] function
+** is case sensitive.
+**
+** Note that this routine returns zero on a match and non-zero if the strings
+** do not match, the same as [sqlite3_stricmp()] and [sqlite3_strnicmp()].
+**
+** See also: [sqlite3_strlike()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_strglob(const char *zGlob, const char *zStr);
+
+/*
+** CAPI3REF: String LIKE Matching
+*
+** ^The [sqlite3_strlike(P,X,E)] interface returns zero if and only if
+** string X matches the [LIKE] pattern P with escape character E.
+** ^The definition of [LIKE] pattern matching used in
+** [sqlite3_strlike(P,X,E)] is the same as for the "X LIKE P ESCAPE E"
+** operator in the SQL dialect understood by SQLite.  ^For "X LIKE P" without
+** the ESCAPE clause, set the E parameter of [sqlite3_strlike(P,X,E)] to 0.
+** ^As with the LIKE operator, the [sqlite3_strlike(P,X,E)] function is case
+** insensitive - equivalent upper and lower case ASCII characters match
+** one another.
+**
+** ^The [sqlite3_strlike(P,X,E)] function matches Unicode characters, though
+** only ASCII characters are case folded.
+**
+** Note that this routine returns zero on a match and non-zero if the strings
+** do not match, the same as [sqlite3_stricmp()] and [sqlite3_strnicmp()].
+**
+** See also: [sqlite3_strglob()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_strlike(const char *zGlob, const char *zStr, unsigned int cEsc);
+
+/*
+** CAPI3REF: Error Logging Interface
+**
+** ^The [sqlite3_log()] interface writes a message into the [error log]
+** established by the [SQLITE_CONFIG_LOG] option to [sqlite3_config()].
+** ^If logging is enabled, the zFormat string and subsequent arguments are
+** used with [sqlite3_snprintf()] to generate the final output string.
+**
+** The sqlite3_log() interface is intended for use by extensions such as
+** virtual tables, collating functions, and SQL functions.  While there is
+** nothing to prevent an application from calling sqlite3_log(), doing so
+** is considered bad form.
+**
+** The zFormat string must not be NULL.
+**
+** To avoid deadlocks and other threading problems, the sqlite3_log() routine
+** will not use dynamically allocated memory.  The log message is stored in
+** a fixed-length buffer on the stack.  If the log message is longer than
+** a few hundred characters, it will be truncated to the length of the
+** buffer.
+*/
+SQLITE_API void SQLITE_CDECL sqlite3_log(int iErrCode, const char *zFormat, ...);
+
+/*
+** CAPI3REF: Write-Ahead Log Commit Hook
+** METHOD: sqlite3
+**
+** ^The [sqlite3_wal_hook()] function is used to register a callback that
+** is invoked each time data is committed to a database in wal mode.
+**
+** ^(The callback is invoked by SQLite after the commit has taken place and 
+** the associated write-lock on the database released)^, so the implementation 
+** may read, write or [checkpoint] the database as required.
+**
+** ^The first parameter passed to the callback function when it is invoked
+** is a copy of the third parameter passed to sqlite3_wal_hook() when
+** registering the callback. ^The second is a copy of the database handle.
+** ^The third parameter is the name of the database that was written to -
+** either "main" or the name of an [ATTACH]-ed database. ^The fourth parameter
+** is the number of pages currently in the write-ahead log file,
+** including those that were just committed.
+**
+** The callback function should normally return [SQLITE_OK].  ^If an error
+** code is returned, that error will propagate back up through the
+** SQLite code base to cause the statement that provoked the callback
+** to report an error, though the commit will have still occurred. If the
+** callback returns [SQLITE_ROW] or [SQLITE_DONE], or if it returns a value
+** that does not correspond to any valid SQLite error code, the results
+** are undefined.
+**
+** A single database handle may have at most a single write-ahead log callback 
+** registered at one time. ^Calling [sqlite3_wal_hook()] replaces any
+** previously registered write-ahead log callback. ^Note that the
+** [sqlite3_wal_autocheckpoint()] interface and the
+** [wal_autocheckpoint pragma] both invoke [sqlite3_wal_hook()] and will
+** those overwrite any prior [sqlite3_wal_hook()] settings.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_wal_hook(
+  sqlite3*, 
+  int(*)(void *,sqlite3*,const char*,int),
+  void*
+);
+
+/*
+** CAPI3REF: Configure an auto-checkpoint
+** METHOD: sqlite3
+**
+** ^The [sqlite3_wal_autocheckpoint(D,N)] is a wrapper around
+** [sqlite3_wal_hook()] that causes any database on [database connection] D
+** to automatically [checkpoint]
+** after committing a transaction if there are N or
+** more frames in the [write-ahead log] file.  ^Passing zero or 
+** a negative value as the nFrame parameter disables automatic
+** checkpoints entirely.
+**
+** ^The callback registered by this function replaces any existing callback
+** registered using [sqlite3_wal_hook()].  ^Likewise, registering a callback
+** using [sqlite3_wal_hook()] disables the automatic checkpoint mechanism
+** configured by this function.
+**
+** ^The [wal_autocheckpoint pragma] can be used to invoke this interface
+** from SQL.
+**
+** ^Checkpoints initiated by this mechanism are
+** [sqlite3_wal_checkpoint_v2|PASSIVE].
+**
+** ^Every new [database connection] defaults to having the auto-checkpoint
+** enabled with a threshold of 1000 or [SQLITE_DEFAULT_WAL_AUTOCHECKPOINT]
+** pages.  The use of this interface
+** is only necessary if the default setting is found to be suboptimal
+** for a particular application.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_autocheckpoint(sqlite3 *db, int N);
+
+/*
+** CAPI3REF: Checkpoint a database
+** METHOD: sqlite3
+**
+** ^(The sqlite3_wal_checkpoint(D,X) is equivalent to
+** [sqlite3_wal_checkpoint_v2](D,X,[SQLITE_CHECKPOINT_PASSIVE],0,0).)^
+**
+** In brief, sqlite3_wal_checkpoint(D,X) causes the content in the 
+** [write-ahead log] for database X on [database connection] D to be
+** transferred into the database file and for the write-ahead log to
+** be reset.  See the [checkpointing] documentation for addition
+** information.
+**
+** This interface used to be the only way to cause a checkpoint to
+** occur.  But then the newer and more powerful [sqlite3_wal_checkpoint_v2()]
+** interface was added.  This interface is retained for backwards
+** compatibility and as a convenience for applications that need to manually
+** start a callback but which do not need the full power (and corresponding
+** complication) of [sqlite3_wal_checkpoint_v2()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_checkpoint(sqlite3 *db, const char *zDb);
+
+/*
+** CAPI3REF: Checkpoint a database
+** METHOD: sqlite3
+**
+** ^(The sqlite3_wal_checkpoint_v2(D,X,M,L,C) interface runs a checkpoint
+** operation on database X of [database connection] D in mode M.  Status
+** information is written back into integers pointed to by L and C.)^
+** ^(The M parameter must be a valid [checkpoint mode]:)^
+**
+** <dl>
+** <dt>SQLITE_CHECKPOINT_PASSIVE<dd>
+**   ^Checkpoint as many frames as possible without waiting for any database 
+**   readers or writers to finish, then sync the database file if all frames 
+**   in the log were checkpointed. ^The [busy-handler callback]
+**   is never invoked in the SQLITE_CHECKPOINT_PASSIVE mode.  
+**   ^On the other hand, passive mode might leave the checkpoint unfinished
+**   if there are concurrent readers or writers.
+**
+** <dt>SQLITE_CHECKPOINT_FULL<dd>
+**   ^This mode blocks (it invokes the
+**   [sqlite3_busy_handler|busy-handler callback]) until there is no
+**   database writer and all readers are reading from the most recent database
+**   snapshot. ^It then checkpoints all frames in the log file and syncs the
+**   database file. ^This mode blocks new database writers while it is pending,
+**   but new database readers are allowed to continue unimpeded.
+**
+** <dt>SQLITE_CHECKPOINT_RESTART<dd>
+**   ^This mode works the same way as SQLITE_CHECKPOINT_FULL with the addition
+**   that after checkpointing the log file it blocks (calls the 
+**   [busy-handler callback])
+**   until all readers are reading from the database file only. ^This ensures 
+**   that the next writer will restart the log file from the beginning.
+**   ^Like SQLITE_CHECKPOINT_FULL, this mode blocks new
+**   database writer attempts while it is pending, but does not impede readers.
+**
+** <dt>SQLITE_CHECKPOINT_TRUNCATE<dd>
+**   ^This mode works the same way as SQLITE_CHECKPOINT_RESTART with the
+**   addition that it also truncates the log file to zero bytes just prior
+**   to a successful return.
+** </dl>
+**
+** ^If pnLog is not NULL, then *pnLog is set to the total number of frames in
+** the log file or to -1 if the checkpoint could not run because
+** of an error or because the database is not in [WAL mode]. ^If pnCkpt is not
+** NULL,then *pnCkpt is set to the total number of checkpointed frames in the
+** log file (including any that were already checkpointed before the function
+** was called) or to -1 if the checkpoint could not run due to an error or
+** because the database is not in WAL mode. ^Note that upon successful
+** completion of an SQLITE_CHECKPOINT_TRUNCATE, the log file will have been
+** truncated to zero bytes and so both *pnLog and *pnCkpt will be set to zero.
+**
+** ^All calls obtain an exclusive "checkpoint" lock on the database file. ^If
+** any other process is running a checkpoint operation at the same time, the 
+** lock cannot be obtained and SQLITE_BUSY is returned. ^Even if there is a 
+** busy-handler configured, it will not be invoked in this case.
+**
+** ^The SQLITE_CHECKPOINT_FULL, RESTART and TRUNCATE modes also obtain the 
+** exclusive "writer" lock on the database file. ^If the writer lock cannot be
+** obtained immediately, and a busy-handler is configured, it is invoked and
+** the writer lock retried until either the busy-handler returns 0 or the lock
+** is successfully obtained. ^The busy-handler is also invoked while waiting for
+** database readers as described above. ^If the busy-handler returns 0 before
+** the writer lock is obtained or while waiting for database readers, the
+** checkpoint operation proceeds from that point in the same way as 
+** SQLITE_CHECKPOINT_PASSIVE - checkpointing as many frames as possible 
+** without blocking any further. ^SQLITE_BUSY is returned in this case.
+**
+** ^If parameter zDb is NULL or points to a zero length string, then the
+** specified operation is attempted on all WAL databases [attached] to 
+** [database connection] db.  In this case the
+** values written to output parameters *pnLog and *pnCkpt are undefined. ^If 
+** an SQLITE_BUSY error is encountered when processing one or more of the 
+** attached WAL databases, the operation is still attempted on any remaining 
+** attached databases and SQLITE_BUSY is returned at the end. ^If any other 
+** error occurs while processing an attached database, processing is abandoned 
+** and the error code is returned to the caller immediately. ^If no error 
+** (SQLITE_BUSY or otherwise) is encountered while processing the attached 
+** databases, SQLITE_OK is returned.
+**
+** ^If database zDb is the name of an attached database that is not in WAL
+** mode, SQLITE_OK is returned and both *pnLog and *pnCkpt set to -1. ^If
+** zDb is not NULL (or a zero length string) and is not the name of any
+** attached database, SQLITE_ERROR is returned to the caller.
+**
+** ^Unless it returns SQLITE_MISUSE,
+** the sqlite3_wal_checkpoint_v2() interface
+** sets the error information that is queried by
+** [sqlite3_errcode()] and [sqlite3_errmsg()].
+**
+** ^The [PRAGMA wal_checkpoint] command can be used to invoke this interface
+** from SQL.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_checkpoint_v2(
+  sqlite3 *db,                    /* Database handle */
+  const char *zDb,                /* Name of attached database (or NULL) */
+  int eMode,                      /* SQLITE_CHECKPOINT_* value */
+  int *pnLog,                     /* OUT: Size of WAL log in frames */
+  int *pnCkpt                     /* OUT: Total number of frames checkpointed */
+);
+
+/*
+** CAPI3REF: Checkpoint Mode Values
+** KEYWORDS: {checkpoint mode}
+**
+** These constants define all valid values for the "checkpoint mode" passed
+** as the third parameter to the [sqlite3_wal_checkpoint_v2()] interface.
+** See the [sqlite3_wal_checkpoint_v2()] documentation for details on the
+** meaning of each of these checkpoint modes.
+*/
+#define SQLITE_CHECKPOINT_PASSIVE  0  /* Do as much as possible w/o blocking */
+#define SQLITE_CHECKPOINT_FULL     1  /* Wait for writers, then checkpoint */
+#define SQLITE_CHECKPOINT_RESTART  2  /* Like FULL but wait for for readers */
+#define SQLITE_CHECKPOINT_TRUNCATE 3  /* Like RESTART but also truncate WAL */
+
+/*
+** CAPI3REF: Virtual Table Interface Configuration
+**
+** This function may be called by either the [xConnect] or [xCreate] method
+** of a [virtual table] implementation to configure
+** various facets of the virtual table interface.
+**
+** If this interface is invoked outside the context of an xConnect or
+** xCreate virtual table method then the behavior is undefined.
+**
+** At present, there is only one option that may be configured using
+** this function. (See [SQLITE_VTAB_CONSTRAINT_SUPPORT].)  Further options
+** may be added in the future.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_vtab_config(sqlite3*, int op, ...);
+
+/*
+** CAPI3REF: Virtual Table Configuration Options
+**
+** These macros define the various options to the
+** [sqlite3_vtab_config()] interface that [virtual table] implementations
+** can use to customize and optimize their behavior.
+**
+** <dl>
+** <dt>SQLITE_VTAB_CONSTRAINT_SUPPORT
+** <dd>Calls of the form
+** [sqlite3_vtab_config](db,SQLITE_VTAB_CONSTRAINT_SUPPORT,X) are supported,
+** where X is an integer.  If X is zero, then the [virtual table] whose
+** [xCreate] or [xConnect] method invoked [sqlite3_vtab_config()] does not
+** support constraints.  In this configuration (which is the default) if
+** a call to the [xUpdate] method returns [SQLITE_CONSTRAINT], then the entire
+** statement is rolled back as if [ON CONFLICT | OR ABORT] had been
+** specified as part of the users SQL statement, regardless of the actual
+** ON CONFLICT mode specified.
+**
+** If X is non-zero, then the virtual table implementation guarantees
+** that if [xUpdate] returns [SQLITE_CONSTRAINT], it will do so before
+** any modifications to internal or persistent data structures have been made.
+** If the [ON CONFLICT] mode is ABORT, FAIL, IGNORE or ROLLBACK, SQLite 
+** is able to roll back a statement or database transaction, and abandon
+** or continue processing the current SQL statement as appropriate. 
+** If the ON CONFLICT mode is REPLACE and the [xUpdate] method returns
+** [SQLITE_CONSTRAINT], SQLite handles this as if the ON CONFLICT mode
+** had been ABORT.
+**
+** Virtual table implementations that are required to handle OR REPLACE
+** must do so within the [xUpdate] method. If a call to the 
+** [sqlite3_vtab_on_conflict()] function indicates that the current ON 
+** CONFLICT policy is REPLACE, the virtual table implementation should 
+** silently replace the appropriate rows within the xUpdate callback and
+** return SQLITE_OK. Or, if this is not possible, it may return
+** SQLITE_CONSTRAINT, in which case SQLite falls back to OR ABORT 
+** constraint handling.
+** </dl>
+*/
+#define SQLITE_VTAB_CONSTRAINT_SUPPORT 1
+
+/*
+** CAPI3REF: Determine The Virtual Table Conflict Policy
+**
+** This function may only be called from within a call to the [xUpdate] method
+** of a [virtual table] implementation for an INSERT or UPDATE operation. ^The
+** value returned is one of [SQLITE_ROLLBACK], [SQLITE_IGNORE], [SQLITE_FAIL],
+** [SQLITE_ABORT], or [SQLITE_REPLACE], according to the [ON CONFLICT] mode
+** of the SQL statement that triggered the call to the [xUpdate] method of the
+** [virtual table].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_vtab_on_conflict(sqlite3 *);
+
+/*
+** CAPI3REF: Conflict resolution modes
+** KEYWORDS: {conflict resolution mode}
+**
+** These constants are returned by [sqlite3_vtab_on_conflict()] to
+** inform a [virtual table] implementation what the [ON CONFLICT] mode
+** is for the SQL statement being evaluated.
+**
+** Note that the [SQLITE_IGNORE] constant is also used as a potential
+** return value from the [sqlite3_set_authorizer()] callback and that
+** [SQLITE_ABORT] is also a [result code].
+*/
+#define SQLITE_ROLLBACK 1
+/* #define SQLITE_IGNORE 2 // Also used by sqlite3_authorizer() callback */
+#define SQLITE_FAIL     3
+/* #define SQLITE_ABORT 4  // Also an error code */
+#define SQLITE_REPLACE  5
+
+/*
+** CAPI3REF: Prepared Statement Scan Status Opcodes
+** KEYWORDS: {scanstatus options}
+**
+** The following constants can be used for the T parameter to the
+** [sqlite3_stmt_scanstatus(S,X,T,V)] interface.  Each constant designates a
+** different metric for sqlite3_stmt_scanstatus() to return.
+**
+** When the value returned to V is a string, space to hold that string is
+** managed by the prepared statement S and will be automatically freed when
+** S is finalized.
+**
+** <dl>
+** [[SQLITE_SCANSTAT_NLOOP]] <dt>SQLITE_SCANSTAT_NLOOP</dt>
+** <dd>^The [sqlite3_int64] variable pointed to by the T parameter will be
+** set to the total number of times that the X-th loop has run.</dd>
+**
+** [[SQLITE_SCANSTAT_NVISIT]] <dt>SQLITE_SCANSTAT_NVISIT</dt>
+** <dd>^The [sqlite3_int64] variable pointed to by the T parameter will be set
+** to the total number of rows examined by all iterations of the X-th loop.</dd>
+**
+** [[SQLITE_SCANSTAT_EST]] <dt>SQLITE_SCANSTAT_EST</dt>
+** <dd>^The "double" variable pointed to by the T parameter will be set to the
+** query planner's estimate for the average number of rows output from each
+** iteration of the X-th loop.  If the query planner's estimates was accurate,
+** then this value will approximate the quotient NVISIT/NLOOP and the
+** product of this value for all prior loops with the same SELECTID will
+** be the NLOOP value for the current loop.
+**
+** [[SQLITE_SCANSTAT_NAME]] <dt>SQLITE_SCANSTAT_NAME</dt>
+** <dd>^The "const char *" variable pointed to by the T parameter will be set
+** to a zero-terminated UTF-8 string containing the name of the index or table
+** used for the X-th loop.
+**
+** [[SQLITE_SCANSTAT_EXPLAIN]] <dt>SQLITE_SCANSTAT_EXPLAIN</dt>
+** <dd>^The "const char *" variable pointed to by the T parameter will be set
+** to a zero-terminated UTF-8 string containing the [EXPLAIN QUERY PLAN]
+** description for the X-th loop.
+**
+** [[SQLITE_SCANSTAT_SELECTID]] <dt>SQLITE_SCANSTAT_SELECT</dt>
+** <dd>^The "int" variable pointed to by the T parameter will be set to the
+** "select-id" for the X-th loop.  The select-id identifies which query or
+** subquery the loop is part of.  The main query has a select-id of zero.
+** The select-id is the same value as is output in the first column
+** of an [EXPLAIN QUERY PLAN] query.
+** </dl>
+*/
+#define SQLITE_SCANSTAT_NLOOP    0
+#define SQLITE_SCANSTAT_NVISIT   1
+#define SQLITE_SCANSTAT_EST      2
+#define SQLITE_SCANSTAT_NAME     3
+#define SQLITE_SCANSTAT_EXPLAIN  4
+#define SQLITE_SCANSTAT_SELECTID 5
+
+/*
+** CAPI3REF: Prepared Statement Scan Status
+** METHOD: sqlite3_stmt
+**
+** This interface returns information about the predicted and measured
+** performance for pStmt.  Advanced applications can use this
+** interface to compare the predicted and the measured performance and
+** issue warnings and/or rerun [ANALYZE] if discrepancies are found.
+**
+** Since this interface is expected to be rarely used, it is only
+** available if SQLite is compiled using the [SQLITE_ENABLE_STMT_SCANSTATUS]
+** compile-time option.
+**
+** The "iScanStatusOp" parameter determines which status information to return.
+** The "iScanStatusOp" must be one of the [scanstatus options] or the behavior
+** of this interface is undefined.
+** ^The requested measurement is written into a variable pointed to by
+** the "pOut" parameter.
+** Parameter "idx" identifies the specific loop to retrieve statistics for.
+** Loops are numbered starting from zero. ^If idx is out of range - less than
+** zero or greater than or equal to the total number of loops used to implement
+** the statement - a non-zero value is returned and the variable that pOut
+** points to is unchanged.
+**
+** ^Statistics might not be available for all loops in all statements. ^In cases
+** where there exist loops with no available statistics, this function behaves
+** as if the loop did not exist - it returns non-zero and leave the variable
+** that pOut points to unchanged.
+**
+** See also: [sqlite3_stmt_scanstatus_reset()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_scanstatus(
+  sqlite3_stmt *pStmt,      /* Prepared statement for which info desired */
+  int idx,                  /* Index of loop to report on */
+  int iScanStatusOp,        /* Information desired.  SQLITE_SCANSTAT_* */
+  void *pOut                /* Result written here */
+);     
+
+/*
+** CAPI3REF: Zero Scan-Status Counters
+** METHOD: sqlite3_stmt
+**
+** ^Zero all [sqlite3_stmt_scanstatus()] related event counters.
+**
+** This API is only available if the library is built with pre-processor
+** symbol [SQLITE_ENABLE_STMT_SCANSTATUS] defined.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_stmt_scanstatus_reset(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Flush caches to disk mid-transaction
+**
+** ^If a write-transaction is open on [database connection] D when the
+** [sqlite3_db_cacheflush(D)] interface invoked, any dirty
+** pages in the pager-cache that are not currently in use are written out 
+** to disk. A dirty page may be in use if a database cursor created by an
+** active SQL statement is reading from it, or if it is page 1 of a database
+** file (page 1 is always "in use").  ^The [sqlite3_db_cacheflush(D)]
+** interface flushes caches for all schemas - "main", "temp", and
+** any [attached] databases.
+**
+** ^If this function needs to obtain extra database locks before dirty pages 
+** can be flushed to disk, it does so. ^If those locks cannot be obtained 
+** immediately and there is a busy-handler callback configured, it is invoked
+** in the usual manner. ^If the required lock still cannot be obtained, then
+** the database is skipped and an attempt made to flush any dirty pages
+** belonging to the next (if any) database. ^If any databases are skipped
+** because locks cannot be obtained, but no other error occurs, this
+** function returns SQLITE_BUSY.
+**
+** ^If any other error occurs while flushing dirty pages to disk (for
+** example an IO error or out-of-memory condition), then processing is
+** abandoned and an SQLite [error code] is returned to the caller immediately.
+**
+** ^Otherwise, if no error occurs, [sqlite3_db_cacheflush()] returns SQLITE_OK.
+**
+** ^This function does not set the database handle error code or message
+** returned by the [sqlite3_errcode()] and [sqlite3_errmsg()] functions.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_cacheflush(sqlite3*);
+
+/*
+** CAPI3REF: Database Snapshot
+** KEYWORDS: {snapshot}
+** EXPERIMENTAL
+**
+** An instance of the snapshot object records the state of a [WAL mode]
+** database for some specific point in history.
+**
+** In [WAL mode], multiple [database connections] that are open on the
+** same database file can each be reading a different historical version
+** of the database file.  When a [database connection] begins a read
+** transaction, that connection sees an unchanging copy of the database
+** as it existed for the point in time when the transaction first started.
+** Subsequent changes to the database from other connections are not seen
+** by the reader until a new read transaction is started.
+**
+** The sqlite3_snapshot object records state information about an historical
+** version of the database file so that it is possible to later open a new read
+** transaction that sees that historical version of the database rather than
+** the most recent version.
+**
+** The constructor for this object is [sqlite3_snapshot_get()].  The
+** [sqlite3_snapshot_open()] method causes a fresh read transaction to refer
+** to an historical snapshot (if possible).  The destructor for 
+** sqlite3_snapshot objects is [sqlite3_snapshot_free()].
+*/
+typedef struct sqlite3_snapshot sqlite3_snapshot;
+
+/*
+** CAPI3REF: Record A Database Snapshot
+** EXPERIMENTAL
+**
+** ^The [sqlite3_snapshot_get(D,S,P)] interface attempts to make a
+** new [sqlite3_snapshot] object that records the current state of
+** schema S in database connection D.  ^On success, the
+** [sqlite3_snapshot_get(D,S,P)] interface writes a pointer to the newly
+** created [sqlite3_snapshot] object into *P and returns SQLITE_OK.
+** ^If schema S of [database connection] D is not a [WAL mode] database
+** that is in a read transaction, then [sqlite3_snapshot_get(D,S,P)]
+** leaves the *P value unchanged and returns an appropriate [error code].
+**
+** The [sqlite3_snapshot] object returned from a successful call to
+** [sqlite3_snapshot_get()] must be freed using [sqlite3_snapshot_free()]
+** to avoid a memory leak.
+**
+** The [sqlite3_snapshot_get()] interface is only available when the
+** SQLITE_ENABLE_SNAPSHOT compile-time option is used.
+*/
+SQLITE_API SQLITE_EXPERIMENTAL int SQLITE_STDCALL sqlite3_snapshot_get(
+  sqlite3 *db,
+  const char *zSchema,
+  sqlite3_snapshot **ppSnapshot
+);
+
+/*
+** CAPI3REF: Start a read transaction on an historical snapshot
+** EXPERIMENTAL
+**
+** ^The [sqlite3_snapshot_open(D,S,P)] interface attempts to move the
+** read transaction that is currently open on schema S of
+** [database connection] D so that it refers to historical [snapshot] P.
+** ^The [sqlite3_snapshot_open()] interface returns SQLITE_OK on success
+** or an appropriate [error code] if it fails.
+**
+** ^In order to succeed, a call to [sqlite3_snapshot_open(D,S,P)] must be
+** the first operation, apart from other sqlite3_snapshot_open() calls,
+** following the [BEGIN] that starts a new read transaction.
+** ^A [snapshot] will fail to open if it has been overwritten by a 
+** [checkpoint].  
+**
+** The [sqlite3_snapshot_open()] interface is only available when the
+** SQLITE_ENABLE_SNAPSHOT compile-time option is used.
+*/
+SQLITE_API SQLITE_EXPERIMENTAL int SQLITE_STDCALL sqlite3_snapshot_open(
+  sqlite3 *db,
+  const char *zSchema,
+  sqlite3_snapshot *pSnapshot
+);
+
+/*
+** CAPI3REF: Destroy a snapshot
+** EXPERIMENTAL
+**
+** ^The [sqlite3_snapshot_free(P)] interface destroys [sqlite3_snapshot] P.
+** The application must eventually free every [sqlite3_snapshot] object
+** using this routine to avoid a memory leak.
+**
+** The [sqlite3_snapshot_free()] interface is only available when the
+** SQLITE_ENABLE_SNAPSHOT compile-time option is used.
+*/
+SQLITE_API SQLITE_EXPERIMENTAL void SQLITE_STDCALL sqlite3_snapshot_free(sqlite3_snapshot*);
+
+/*
+** Undo the hack that converts floating point types to integer for
+** builds on processors without floating point support.
+*/
+#ifdef SQLITE_OMIT_FLOATING_POINT
+# undef double
+#endif
+
+#if 0
+}  /* End of the 'extern "C"' block */
+#endif
+#endif /* _SQLITE3_H_ */
+
+/*
+** 2010 August 30
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+*/
+
+#ifndef _SQLITE3RTREE_H_
+#define _SQLITE3RTREE_H_
+
+
+#if 0
+extern "C" {
+#endif
+
+typedef struct sqlite3_rtree_geometry sqlite3_rtree_geometry;
+typedef struct sqlite3_rtree_query_info sqlite3_rtree_query_info;
+
+/* The double-precision datatype used by RTree depends on the
+** SQLITE_RTREE_INT_ONLY compile-time option.
+*/
+#ifdef SQLITE_RTREE_INT_ONLY
+  typedef sqlite3_int64 sqlite3_rtree_dbl;
+#else
+  typedef double sqlite3_rtree_dbl;
+#endif
+
+/*
+** Register a geometry callback named zGeom that can be used as part of an
+** R-Tree geometry query as follows:
+**
+**   SELECT ... FROM <rtree> WHERE <rtree col> MATCH $zGeom(... params ...)
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rtree_geometry_callback(
+  sqlite3 *db,
+  const char *zGeom,
+  int (*xGeom)(sqlite3_rtree_geometry*, int, sqlite3_rtree_dbl*,int*),
+  void *pContext
+);
+
+
+/*
+** A pointer to a structure of the following type is passed as the first
+** argument to callbacks registered using rtree_geometry_callback().
+*/
+struct sqlite3_rtree_geometry {
+  void *pContext;                 /* Copy of pContext passed to s_r_g_c() */
+  int nParam;                     /* Size of array aParam[] */
+  sqlite3_rtree_dbl *aParam;      /* Parameters passed to SQL geom function */
+  void *pUser;                    /* Callback implementation user data */
+  void (*xDelUser)(void *);       /* Called by SQLite to clean up pUser */
+};
+
+/*
+** Register a 2nd-generation geometry callback named zScore that can be 
+** used as part of an R-Tree geometry query as follows:
+**
+**   SELECT ... FROM <rtree> WHERE <rtree col> MATCH $zQueryFunc(... params ...)
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rtree_query_callback(
+  sqlite3 *db,
+  const char *zQueryFunc,
+  int (*xQueryFunc)(sqlite3_rtree_query_info*),
+  void *pContext,
+  void (*xDestructor)(void*)
+);
+
+
+/*
+** A pointer to a structure of the following type is passed as the 
+** argument to scored geometry callback registered using
+** sqlite3_rtree_query_callback().
+**
+** Note that the first 5 fields of this structure are identical to
+** sqlite3_rtree_geometry.  This structure is a subclass of
+** sqlite3_rtree_geometry.
+*/
+struct sqlite3_rtree_query_info {
+  void *pContext;                   /* pContext from when function registered */
+  int nParam;                       /* Number of function parameters */
+  sqlite3_rtree_dbl *aParam;        /* value of function parameters */
+  void *pUser;                      /* callback can use this, if desired */
+  void (*xDelUser)(void*);          /* function to free pUser */
+  sqlite3_rtree_dbl *aCoord;        /* Coordinates of node or entry to check */
+  unsigned int *anQueue;            /* Number of pending entries in the queue */
+  int nCoord;                       /* Number of coordinates */
+  int iLevel;                       /* Level of current node or entry */
+  int mxLevel;                      /* The largest iLevel value in the tree */
+  sqlite3_int64 iRowid;             /* Rowid for current entry */
+  sqlite3_rtree_dbl rParentScore;   /* Score of parent node */
+  int eParentWithin;                /* Visibility of parent node */
+  int eWithin;                      /* OUT: Visiblity */
+  sqlite3_rtree_dbl rScore;         /* OUT: Write the score here */
+  /* The following fields are only available in 3.8.11 and later */
+  sqlite3_value **apSqlParam;       /* Original SQL values of parameters */
+};
+
+/*
+** Allowed values for sqlite3_rtree_query.eWithin and .eParentWithin.
+*/
+#define NOT_WITHIN       0   /* Object completely outside of query region */
+#define PARTLY_WITHIN    1   /* Object partially overlaps query region */
+#define FULLY_WITHIN     2   /* Object fully contained within query region */
+
+
+#if 0
+}  /* end of the 'extern "C"' block */
+#endif
+
+#endif  /* ifndef _SQLITE3RTREE_H_ */
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** Interfaces to extend FTS5. Using the interfaces defined in this file, 
+** FTS5 may be extended with:
+**
+**     * custom tokenizers, and
+**     * custom auxiliary functions.
+*/
+
+
+#ifndef _FTS5_H
+#define _FTS5_H
+
+
+#if 0
+extern "C" {
+#endif
+
+/*************************************************************************
+** CUSTOM AUXILIARY FUNCTIONS
+**
+** Virtual table implementations may overload SQL functions by implementing
+** the sqlite3_module.xFindFunction() method.
+*/
+
+typedef struct Fts5ExtensionApi Fts5ExtensionApi;
+typedef struct Fts5Context Fts5Context;
+typedef struct Fts5PhraseIter Fts5PhraseIter;
+
+typedef void (*fts5_extension_function)(
+  const Fts5ExtensionApi *pApi,   /* API offered by current FTS version */
+  Fts5Context *pFts,              /* First arg to pass to pApi functions */
+  sqlite3_context *pCtx,          /* Context for returning result/error */
+  int nVal,                       /* Number of values in apVal[] array */
+  sqlite3_value **apVal           /* Array of trailing arguments */
+);
+
+struct Fts5PhraseIter {
+  const unsigned char *a;
+  const unsigned char *b;
+};
+
+/*
+** EXTENSION API FUNCTIONS
+**
+** xUserData(pFts):
+**   Return a copy of the context pointer the extension function was 
+**   registered with.
+**
+** xColumnTotalSize(pFts, iCol, pnToken):
+**   If parameter iCol is less than zero, set output variable *pnToken
+**   to the total number of tokens in the FTS5 table. Or, if iCol is
+**   non-negative but less than the number of columns in the table, return
+**   the total number of tokens in column iCol, considering all rows in 
+**   the FTS5 table.
+**
+**   If parameter iCol is greater than or equal to the number of columns
+**   in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g.
+**   an OOM condition or IO error), an appropriate SQLite error code is 
+**   returned.
+**
+** xColumnCount(pFts):
+**   Return the number of columns in the table.
+**
+** xColumnSize(pFts, iCol, pnToken):
+**   If parameter iCol is less than zero, set output variable *pnToken
+**   to the total number of tokens in the current row. Or, if iCol is
+**   non-negative but less than the number of columns in the table, set
+**   *pnToken to the number of tokens in column iCol of the current row.
+**
+**   If parameter iCol is greater than or equal to the number of columns
+**   in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g.
+**   an OOM condition or IO error), an appropriate SQLite error code is 
+**   returned.
+**
+** xColumnText:
+**   This function attempts to retrieve the text of column iCol of the
+**   current document. If successful, (*pz) is set to point to a buffer
+**   containing the text in utf-8 encoding, (*pn) is set to the size in bytes
+**   (not characters) of the buffer and SQLITE_OK is returned. Otherwise,
+**   if an error occurs, an SQLite error code is returned and the final values
+**   of (*pz) and (*pn) are undefined.
+**
+** xPhraseCount:
+**   Returns the number of phrases in the current query expression.
+**
+** xPhraseSize:
+**   Returns the number of tokens in phrase iPhrase of the query. Phrases
+**   are numbered starting from zero.
+**
+** xInstCount:
+**   Set *pnInst to the total number of occurrences of all phrases within
+**   the query within the current row. Return SQLITE_OK if successful, or
+**   an error code (i.e. SQLITE_NOMEM) if an error occurs.
+**
+** xInst:
+**   Query for the details of phrase match iIdx within the current row.
+**   Phrase matches are numbered starting from zero, so the iIdx argument
+**   should be greater than or equal to zero and smaller than the value
+**   output by xInstCount().
+**
+**   Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) 
+**   if an error occurs.
+**
+** xRowid:
+**   Returns the rowid of the current row.
+**
+** xTokenize:
+**   Tokenize text using the tokenizer belonging to the FTS5 table.
+**
+** xQueryPhrase(pFts5, iPhrase, pUserData, xCallback):
+**   This API function is used to query the FTS table for phrase iPhrase
+**   of the current query. Specifically, a query equivalent to:
+**
+**       ... FROM ftstable WHERE ftstable MATCH $p ORDER BY rowid
+**
+**   with $p set to a phrase equivalent to the phrase iPhrase of the
+**   current query is executed. For each row visited, the callback function
+**   passed as the fourth argument is invoked. The context and API objects 
+**   passed to the callback function may be used to access the properties of
+**   each matched row. Invoking Api.xUserData() returns a copy of the pointer
+**   passed as the third argument to pUserData.
+**
+**   If the callback function returns any value other than SQLITE_OK, the
+**   query is abandoned and the xQueryPhrase function returns immediately.
+**   If the returned value is SQLITE_DONE, xQueryPhrase returns SQLITE_OK.
+**   Otherwise, the error code is propagated upwards.
+**
+**   If the query runs to completion without incident, SQLITE_OK is returned.
+**   Or, if some error occurs before the query completes or is aborted by
+**   the callback, an SQLite error code is returned.
+**
+**
+** xSetAuxdata(pFts5, pAux, xDelete)
+**
+**   Save the pointer passed as the second argument as the extension functions 
+**   "auxiliary data". The pointer may then be retrieved by the current or any
+**   future invocation of the same fts5 extension function made as part of
+**   of the same MATCH query using the xGetAuxdata() API.
+**
+**   Each extension function is allocated a single auxiliary data slot for
+**   each FTS query (MATCH expression). If the extension function is invoked 
+**   more than once for a single FTS query, then all invocations share a 
+**   single auxiliary data context.
+**
+**   If there is already an auxiliary data pointer when this function is
+**   invoked, then it is replaced by the new pointer. If an xDelete callback
+**   was specified along with the original pointer, it is invoked at this
+**   point.
+**
+**   The xDelete callback, if one is specified, is also invoked on the
+**   auxiliary data pointer after the FTS5 query has finished.
+**
+**   If an error (e.g. an OOM condition) occurs within this function, an
+**   the auxiliary data is set to NULL and an error code returned. If the
+**   xDelete parameter was not NULL, it is invoked on the auxiliary data
+**   pointer before returning.
+**
+**
+** xGetAuxdata(pFts5, bClear)
+**
+**   Returns the current auxiliary data pointer for the fts5 extension 
+**   function. See the xSetAuxdata() method for details.
+**
+**   If the bClear argument is non-zero, then the auxiliary data is cleared
+**   (set to NULL) before this function returns. In this case the xDelete,
+**   if any, is not invoked.
+**
+**
+** xRowCount(pFts5, pnRow)
+**
+**   This function is used to retrieve the total number of rows in the table.
+**   In other words, the same value that would be returned by:
+**
+**        SELECT count(*) FROM ftstable;
+**
+** xPhraseFirst()
+**   This function is used, along with type Fts5PhraseIter and the xPhraseNext
+**   method, to iterate through all instances of a single query phrase within
+**   the current row. This is the same information as is accessible via the
+**   xInstCount/xInst APIs. While the xInstCount/xInst APIs are more convenient
+**   to use, this API may be faster under some circumstances. To iterate 
+**   through instances of phrase iPhrase, use the following code:
+**
+**       Fts5PhraseIter iter;
+**       int iCol, iOff;
+**       for(pApi->xPhraseFirst(pFts, iPhrase, &iter, &iCol, &iOff);
+**           iOff>=0;
+**           pApi->xPhraseNext(pFts, &iter, &iCol, &iOff)
+**       ){
+**         // An instance of phrase iPhrase at offset iOff of column iCol
+**       }
+**
+**   The Fts5PhraseIter structure is defined above. Applications should not
+**   modify this structure directly - it should only be used as shown above
+**   with the xPhraseFirst() and xPhraseNext() API methods.
+**
+** xPhraseNext()
+**   See xPhraseFirst above.
+*/
+struct Fts5ExtensionApi {
+  int iVersion;                   /* Currently always set to 1 */
+
+  void *(*xUserData)(Fts5Context*);
+
+  int (*xColumnCount)(Fts5Context*);
+  int (*xRowCount)(Fts5Context*, sqlite3_int64 *pnRow);
+  int (*xColumnTotalSize)(Fts5Context*, int iCol, sqlite3_int64 *pnToken);
+
+  int (*xTokenize)(Fts5Context*, 
+    const char *pText, int nText, /* Text to tokenize */
+    void *pCtx,                   /* Context passed to xToken() */
+    int (*xToken)(void*, int, const char*, int, int, int)       /* Callback */
+  );
+
+  int (*xPhraseCount)(Fts5Context*);
+  int (*xPhraseSize)(Fts5Context*, int iPhrase);
+
+  int (*xInstCount)(Fts5Context*, int *pnInst);
+  int (*xInst)(Fts5Context*, int iIdx, int *piPhrase, int *piCol, int *piOff);
+
+  sqlite3_int64 (*xRowid)(Fts5Context*);
+  int (*xColumnText)(Fts5Context*, int iCol, const char **pz, int *pn);
+  int (*xColumnSize)(Fts5Context*, int iCol, int *pnToken);
+
+  int (*xQueryPhrase)(Fts5Context*, int iPhrase, void *pUserData,
+    int(*)(const Fts5ExtensionApi*,Fts5Context*,void*)
+  );
+  int (*xSetAuxdata)(Fts5Context*, void *pAux, void(*xDelete)(void*));
+  void *(*xGetAuxdata)(Fts5Context*, int bClear);
+
+  void (*xPhraseFirst)(Fts5Context*, int iPhrase, Fts5PhraseIter*, int*, int*);
+  void (*xPhraseNext)(Fts5Context*, Fts5PhraseIter*, int *piCol, int *piOff);
+};
+
+/* 
+** CUSTOM AUXILIARY FUNCTIONS
+*************************************************************************/
+
+/*************************************************************************
+** CUSTOM TOKENIZERS
+**
+** Applications may also register custom tokenizer types. A tokenizer 
+** is registered by providing fts5 with a populated instance of the 
+** following structure. All structure methods must be defined, setting
+** any member of the fts5_tokenizer struct to NULL leads to undefined
+** behaviour. The structure methods are expected to function as follows:
+**
+** xCreate:
+**   This function is used to allocate and inititalize a tokenizer instance.
+**   A tokenizer instance is required to actually tokenize text.
+**
+**   The first argument passed to this function is a copy of the (void*)
+**   pointer provided by the application when the fts5_tokenizer object
+**   was registered with FTS5 (the third argument to xCreateTokenizer()). 
+**   The second and third arguments are an array of nul-terminated strings
+**   containing the tokenizer arguments, if any, specified following the
+**   tokenizer name as part of the CREATE VIRTUAL TABLE statement used
+**   to create the FTS5 table.
+**
+**   The final argument is an output variable. If successful, (*ppOut) 
+**   should be set to point to the new tokenizer handle and SQLITE_OK
+**   returned. If an error occurs, some value other than SQLITE_OK should
+**   be returned. In this case, fts5 assumes that the final value of *ppOut 
+**   is undefined.
+**
+** xDelete:
+**   This function is invoked to delete a tokenizer handle previously
+**   allocated using xCreate(). Fts5 guarantees that this function will
+**   be invoked exactly once for each successful call to xCreate().
+**
+** xTokenize:
+**   This function is expected to tokenize the nText byte string indicated 
+**   by argument pText. pText may or may not be nul-terminated. The first
+**   argument passed to this function is a pointer to an Fts5Tokenizer object
+**   returned by an earlier call to xCreate().
+**
+**   The second argument indicates the reason that FTS5 is requesting
+**   tokenization of the supplied text. This is always one of the following
+**   four values:
+**
+**   <ul><li> <b>FTS5_TOKENIZE_DOCUMENT</b> - A document is being inserted into
+**            or removed from the FTS table. The tokenizer is being invoked to
+**            determine the set of tokens to add to (or delete from) the
+**            FTS index.
+**
+**       <li> <b>FTS5_TOKENIZE_QUERY</b> - A MATCH query is being executed 
+**            against the FTS index. The tokenizer is being called to tokenize 
+**            a bareword or quoted string specified as part of the query.
+**
+**       <li> <b>(FTS5_TOKENIZE_QUERY | FTS5_TOKENIZE_PREFIX)</b> - Same as
+**            FTS5_TOKENIZE_QUERY, except that the bareword or quoted string is
+**            followed by a "*" character, indicating that the last token
+**            returned by the tokenizer will be treated as a token prefix.
+**
+**       <li> <b>FTS5_TOKENIZE_AUX</b> - The tokenizer is being invoked to 
+**            satisfy an fts5_api.xTokenize() request made by an auxiliary
+**            function. Or an fts5_api.xColumnSize() request made by the same
+**            on a columnsize=0 database.  
+**   </ul>
+**
+**   For each token in the input string, the supplied callback xToken() must
+**   be invoked. The first argument to it should be a copy of the pointer
+**   passed as the second argument to xTokenize(). The third and fourth
+**   arguments are a pointer to a buffer containing the token text, and the
+**   size of the token in bytes. The 4th and 5th arguments are the byte offsets
+**   of the first byte of and first byte immediately following the text from
+**   which the token is derived within the input.
+**
+**   The second argument passed to the xToken() callback ("tflags") should
+**   normally be set to 0. The exception is if the tokenizer supports 
+**   synonyms. In this case see the discussion below for details.
+**
+**   FTS5 assumes the xToken() callback is invoked for each token in the 
+**   order that they occur within the input text.
+**
+**   If an xToken() callback returns any value other than SQLITE_OK, then
+**   the tokenization should be abandoned and the xTokenize() method should
+**   immediately return a copy of the xToken() return value. Or, if the
+**   input buffer is exhausted, xTokenize() should return SQLITE_OK. Finally,
+**   if an error occurs with the xTokenize() implementation itself, it
+**   may abandon the tokenization and return any error code other than
+**   SQLITE_OK or SQLITE_DONE.
+**
+** SYNONYM SUPPORT
+**
+**   Custom tokenizers may also support synonyms. Consider a case in which a
+**   user wishes to query for a phrase such as "first place". Using the 
+**   built-in tokenizers, the FTS5 query 'first + place' will match instances
+**   of "first place" within the document set, but not alternative forms
+**   such as "1st place". In some applications, it would be better to match
+**   all instances of "first place" or "1st place" regardless of which form
+**   the user specified in the MATCH query text.
+**
+**   There are several ways to approach this in FTS5:
+**
+**   <ol><li> By mapping all synonyms to a single token. In this case, the 
+**            In the above example, this means that the tokenizer returns the
+**            same token for inputs "first" and "1st". Say that token is in
+**            fact "first", so that when the user inserts the document "I won
+**            1st place" entries are added to the index for tokens "i", "won",
+**            "first" and "place". If the user then queries for '1st + place',
+**            the tokenizer substitutes "first" for "1st" and the query works
+**            as expected.
+**
+**       <li> By adding multiple synonyms for a single term to the FTS index.
+**            In this case, when tokenizing query text, the tokenizer may 
+**            provide multiple synonyms for a single term within the document.
+**            FTS5 then queries the index for each synonym individually. For
+**            example, faced with the query:
+**
+**   <codeblock>
+**     ... MATCH 'first place'</codeblock>
+**
+**            the tokenizer offers both "1st" and "first" as synonyms for the
+**            first token in the MATCH query and FTS5 effectively runs a query 
+**            similar to:
+**
+**   <codeblock>
+**     ... MATCH '(first OR 1st) place'</codeblock>
+**
+**            except that, for the purposes of auxiliary functions, the query
+**            still appears to contain just two phrases - "(first OR 1st)" 
+**            being treated as a single phrase.
+**
+**       <li> By adding multiple synonyms for a single term to the FTS index.
+**            Using this method, when tokenizing document text, the tokenizer
+**            provides multiple synonyms for each token. So that when a 
+**            document such as "I won first place" is tokenized, entries are
+**            added to the FTS index for "i", "won", "first", "1st" and
+**            "place".
+**
+**            This way, even if the tokenizer does not provide synonyms
+**            when tokenizing query text (it should not - to do would be
+**            inefficient), it doesn't matter if the user queries for 
+**            'first + place' or '1st + place', as there are entires in the
+**            FTS index corresponding to both forms of the first token.
+**   </ol>
+**
+**   Whether it is parsing document or query text, any call to xToken that
+**   specifies a <i>tflags</i> argument with the FTS5_TOKEN_COLOCATED bit
+**   is considered to supply a synonym for the previous token. For example,
+**   when parsing the document "I won first place", a tokenizer that supports
+**   synonyms would call xToken() 5 times, as follows:
+**
+**   <codeblock>
+**       xToken(pCtx, 0, "i",                      1,  0,  1);
+**       xToken(pCtx, 0, "won",                    3,  2,  5);
+**       xToken(pCtx, 0, "first",                  5,  6, 11);
+**       xToken(pCtx, FTS5_TOKEN_COLOCATED, "1st", 3,  6, 11);
+**       xToken(pCtx, 0, "place",                  5, 12, 17);
+**</codeblock>
+**
+**   It is an error to specify the FTS5_TOKEN_COLOCATED flag the first time
+**   xToken() is called. Multiple synonyms may be specified for a single token
+**   by making multiple calls to xToken(FTS5_TOKEN_COLOCATED) in sequence. 
+**   There is no limit to the number of synonyms that may be provided for a
+**   single token.
+**
+**   In many cases, method (1) above is the best approach. It does not add 
+**   extra data to the FTS index or require FTS5 to query for multiple terms,
+**   so it is efficient in terms of disk space and query speed. However, it
+**   does not support prefix queries very well. If, as suggested above, the
+**   token "first" is subsituted for "1st" by the tokenizer, then the query:
+**
+**   <codeblock>
+**     ... MATCH '1s*'</codeblock>
+**
+**   will not match documents that contain the token "1st" (as the tokenizer
+**   will probably not map "1s" to any prefix of "first").
+**
+**   For full prefix support, method (3) may be preferred. In this case, 
+**   because the index contains entries for both "first" and "1st", prefix
+**   queries such as 'fi*' or '1s*' will match correctly. However, because
+**   extra entries are added to the FTS index, this method uses more space
+**   within the database.
+**
+**   Method (2) offers a midpoint between (1) and (3). Using this method,
+**   a query such as '1s*' will match documents that contain the literal 
+**   token "1st", but not "first" (assuming the tokenizer is not able to
+**   provide synonyms for prefixes). However, a non-prefix query like '1st'
+**   will match against "1st" and "first". This method does not require
+**   extra disk space, as no extra entries are added to the FTS index. 
+**   On the other hand, it may require more CPU cycles to run MATCH queries,
+**   as separate queries of the FTS index are required for each synonym.
+**
+**   When using methods (2) or (3), it is important that the tokenizer only
+**   provide synonyms when tokenizing document text (method (2)) or query
+**   text (method (3)), not both. Doing so will not cause any errors, but is
+**   inefficient.
+*/
+typedef struct Fts5Tokenizer Fts5Tokenizer;
+typedef struct fts5_tokenizer fts5_tokenizer;
+struct fts5_tokenizer {
+  int (*xCreate)(void*, const char **azArg, int nArg, Fts5Tokenizer **ppOut);
+  void (*xDelete)(Fts5Tokenizer*);
+  int (*xTokenize)(Fts5Tokenizer*, 
+      void *pCtx,
+      int flags,            /* Mask of FTS5_TOKENIZE_* flags */
+      const char *pText, int nText, 
+      int (*xToken)(
+        void *pCtx,         /* Copy of 2nd argument to xTokenize() */
+        int tflags,         /* Mask of FTS5_TOKEN_* flags */
+        const char *pToken, /* Pointer to buffer containing token */
+        int nToken,         /* Size of token in bytes */
+        int iStart,         /* Byte offset of token within input text */
+        int iEnd            /* Byte offset of end of token within input text */
+      )
+  );
+};
+
+/* Flags that may be passed as the third argument to xTokenize() */
+#define FTS5_TOKENIZE_QUERY     0x0001
+#define FTS5_TOKENIZE_PREFIX    0x0002
+#define FTS5_TOKENIZE_DOCUMENT  0x0004
+#define FTS5_TOKENIZE_AUX       0x0008
+
+/* Flags that may be passed by the tokenizer implementation back to FTS5
+** as the third argument to the supplied xToken callback. */
+#define FTS5_TOKEN_COLOCATED    0x0001      /* Same position as prev. token */
+
+/*
+** END OF CUSTOM TOKENIZERS
+*************************************************************************/
+
+/*************************************************************************
+** FTS5 EXTENSION REGISTRATION API
+*/
+typedef struct fts5_api fts5_api;
+struct fts5_api {
+  int iVersion;                   /* Currently always set to 2 */
+
+  /* Create a new tokenizer */
+  int (*xCreateTokenizer)(
+    fts5_api *pApi,
+    const char *zName,
+    void *pContext,
+    fts5_tokenizer *pTokenizer,
+    void (*xDestroy)(void*)
+  );
+
+  /* Find an existing tokenizer */
+  int (*xFindTokenizer)(
+    fts5_api *pApi,
+    const char *zName,
+    void **ppContext,
+    fts5_tokenizer *pTokenizer
+  );
+
+  /* Create a new auxiliary function */
+  int (*xCreateFunction)(
+    fts5_api *pApi,
+    const char *zName,
+    void *pContext,
+    fts5_extension_function xFunction,
+    void (*xDestroy)(void*)
+  );
+};
+
+/*
+** END OF REGISTRATION API
+*************************************************************************/
+
+#if 0
+}  /* end of the 'extern "C"' block */
+#endif
+
+#endif /* _FTS5_H */
+
+
+
+/************** End of sqlite3.h *********************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+
+/*
+** Include the configuration header output by 'configure' if we're using the
+** autoconf-based build
+*/
+#ifdef _HAVE_SQLITE_CONFIG_H
+#include "config.h"
+#endif
+
+/************** Include sqliteLimit.h in the middle of sqliteInt.h ***********/
+/************** Begin file sqliteLimit.h *************************************/
+/*
+** 2007 May 7
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** 
+** This file defines various limits of what SQLite can process.
+*/
+
+/*
+** The maximum length of a TEXT or BLOB in bytes.   This also
+** limits the size of a row in a table or index.
+**
+** The hard limit is the ability of a 32-bit signed integer
+** to count the size: 2^31-1 or 2147483647.
+*/
+#ifndef SQLITE_MAX_LENGTH
+# define SQLITE_MAX_LENGTH 1000000000
+#endif
+
+/*
+** This is the maximum number of
+**
+**    * Columns in a table
+**    * Columns in an index
+**    * Columns in a view
+**    * Terms in the SET clause of an UPDATE statement
+**    * Terms in the result set of a SELECT statement
+**    * Terms in the GROUP BY or ORDER BY clauses of a SELECT statement.
+**    * Terms in the VALUES clause of an INSERT statement
+**
+** The hard upper limit here is 32676.  Most database people will
+** tell you that in a well-normalized database, you usually should
+** not have more than a dozen or so columns in any table.  And if
+** that is the case, there is no point in having more than a few
+** dozen values in any of the other situations described above.
+*/
+#ifndef SQLITE_MAX_COLUMN
+# define SQLITE_MAX_COLUMN 2000
+#endif
+
+/*
+** The maximum length of a single SQL statement in bytes.
+**
+** It used to be the case that setting this value to zero would
+** turn the limit off.  That is no longer true.  It is not possible
+** to turn this limit off.
+*/
+#ifndef SQLITE_MAX_SQL_LENGTH
+# define SQLITE_MAX_SQL_LENGTH 1000000000
+#endif
+
+/*
+** The maximum depth of an expression tree. This is limited to 
+** some extent by SQLITE_MAX_SQL_LENGTH. But sometime you might 
+** want to place more severe limits on the complexity of an 
+** expression.
+**
+** A value of 0 used to mean that the limit was not enforced.
+** But that is no longer true.  The limit is now strictly enforced
+** at all times.
+*/
+#ifndef SQLITE_MAX_EXPR_DEPTH
+# define SQLITE_MAX_EXPR_DEPTH 1000
+#endif
+
+/*
+** The maximum number of terms in a compound SELECT statement.
+** The code generator for compound SELECT statements does one
+** level of recursion for each term.  A stack overflow can result
+** if the number of terms is too large.  In practice, most SQL
+** never has more than 3 or 4 terms.  Use a value of 0 to disable
+** any limit on the number of terms in a compount SELECT.
+*/
+#ifndef SQLITE_MAX_COMPOUND_SELECT
+# define SQLITE_MAX_COMPOUND_SELECT 500
+#endif
+
+/*
+** The maximum number of opcodes in a VDBE program.
+** Not currently enforced.
+*/
+#ifndef SQLITE_MAX_VDBE_OP
+# define SQLITE_MAX_VDBE_OP 25000
+#endif
+
+/*
+** The maximum number of arguments to an SQL function.
+*/
+#ifndef SQLITE_MAX_FUNCTION_ARG
+# define SQLITE_MAX_FUNCTION_ARG 127
+#endif
+
+/*
+** The suggested maximum number of in-memory pages to use for
+** the main database table and for temporary tables.
+**
+** IMPLEMENTATION-OF: R-31093-59126 The default suggested cache size
+** is 2000 pages.
+** IMPLEMENTATION-OF: R-48205-43578 The default suggested cache size can be
+** altered using the SQLITE_DEFAULT_CACHE_SIZE compile-time options.
+*/
+#ifndef SQLITE_DEFAULT_CACHE_SIZE
+# define SQLITE_DEFAULT_CACHE_SIZE  2000
+#endif
+
+/*
+** The default number of frames to accumulate in the log file before
+** checkpointing the database in WAL mode.
+*/
+#ifndef SQLITE_DEFAULT_WAL_AUTOCHECKPOINT
+# define SQLITE_DEFAULT_WAL_AUTOCHECKPOINT  1000
+#endif
+
+/*
+** The maximum number of attached databases.  This must be between 0
+** and 62.  The upper bound on 62 is because a 64-bit integer bitmap
+** is used internally to track attached databases.
+*/
+#ifndef SQLITE_MAX_ATTACHED
+# define SQLITE_MAX_ATTACHED 10
+#endif
+
+
+/*
+** The maximum value of a ?nnn wildcard that the parser will accept.
+*/
+#ifndef SQLITE_MAX_VARIABLE_NUMBER
+# define SQLITE_MAX_VARIABLE_NUMBER 999
+#endif
+
+/* Maximum page size.  The upper bound on this value is 65536.  This a limit
+** imposed by the use of 16-bit offsets within each page.
+**
+** Earlier versions of SQLite allowed the user to change this value at
+** compile time. This is no longer permitted, on the grounds that it creates
+** a library that is technically incompatible with an SQLite library 
+** compiled with a different limit. If a process operating on a database 
+** with a page-size of 65536 bytes crashes, then an instance of SQLite 
+** compiled with the default page-size limit will not be able to rollback 
+** the aborted transaction. This could lead to database corruption.
+*/
+#ifdef SQLITE_MAX_PAGE_SIZE
+# undef SQLITE_MAX_PAGE_SIZE
+#endif
+#define SQLITE_MAX_PAGE_SIZE 65536
+
+
+/*
+** The default size of a database page.
+*/
+#ifndef SQLITE_DEFAULT_PAGE_SIZE
+# define SQLITE_DEFAULT_PAGE_SIZE 1024
+#endif
+#if SQLITE_DEFAULT_PAGE_SIZE>SQLITE_MAX_PAGE_SIZE
+# undef SQLITE_DEFAULT_PAGE_SIZE
+# define SQLITE_DEFAULT_PAGE_SIZE SQLITE_MAX_PAGE_SIZE
+#endif
+
+/*
+** Ordinarily, if no value is explicitly provided, SQLite creates databases
+** with page size SQLITE_DEFAULT_PAGE_SIZE. However, based on certain
+** device characteristics (sector-size and atomic write() support),
+** SQLite may choose a larger value. This constant is the maximum value
+** SQLite will choose on its own.
+*/
+#ifndef SQLITE_MAX_DEFAULT_PAGE_SIZE
+# define SQLITE_MAX_DEFAULT_PAGE_SIZE 8192
+#endif
+#if SQLITE_MAX_DEFAULT_PAGE_SIZE>SQLITE_MAX_PAGE_SIZE
+# undef SQLITE_MAX_DEFAULT_PAGE_SIZE
+# define SQLITE_MAX_DEFAULT_PAGE_SIZE SQLITE_MAX_PAGE_SIZE
+#endif
+
+
+/*
+** Maximum number of pages in one database file.
+**
+** This is really just the default value for the max_page_count pragma.
+** This value can be lowered (or raised) at run-time using that the
+** max_page_count macro.
+*/
+#ifndef SQLITE_MAX_PAGE_COUNT
+# define SQLITE_MAX_PAGE_COUNT 1073741823
+#endif
+
+/*
+** Maximum length (in bytes) of the pattern in a LIKE or GLOB
+** operator.
+*/
+#ifndef SQLITE_MAX_LIKE_PATTERN_LENGTH
+# define SQLITE_MAX_LIKE_PATTERN_LENGTH 50000
+#endif
+
+/*
+** Maximum depth of recursion for triggers.
+**
+** A value of 1 means that a trigger program will not be able to itself
+** fire any triggers. A value of 0 means that no trigger programs at all 
+** may be executed.
+*/
+#ifndef SQLITE_MAX_TRIGGER_DEPTH
+# define SQLITE_MAX_TRIGGER_DEPTH 1000
+#endif
+
+/************** End of sqliteLimit.h *****************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+
+/* Disable nuisance warnings on Borland compilers */
+#if defined(__BORLANDC__)
+#pragma warn -rch /* unreachable code */
+#pragma warn -ccc /* Condition is always true or false */
+#pragma warn -aus /* Assigned value is never used */
+#pragma warn -csu /* Comparing signed and unsigned */
+#pragma warn -spa /* Suspicious pointer arithmetic */
+#endif
+
+/*
+** Include standard header files as necessary
+*/
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+
+/*
+** The following macros are used to cast pointers to integers and
+** integers to pointers.  The way you do this varies from one compiler
+** to the next, so we have developed the following set of #if statements
+** to generate appropriate macros for a wide range of compilers.
+**
+** The correct "ANSI" way to do this is to use the intptr_t type. 
+** Unfortunately, that typedef is not available on all compilers, or
+** if it is available, it requires an #include of specific headers
+** that vary from one machine to the next.
+**
+** Ticket #3860:  The llvm-gcc-4.2 compiler from Apple chokes on
+** the ((void*)&((char*)0)[X]) construct.  But MSVC chokes on ((void*)(X)).
+** So we have to define the macros in different ways depending on the
+** compiler.
+*/
+#if defined(__PTRDIFF_TYPE__)  /* This case should work for GCC */
+# define SQLITE_INT_TO_PTR(X)  ((void*)(__PTRDIFF_TYPE__)(X))
+# define SQLITE_PTR_TO_INT(X)  ((int)(__PTRDIFF_TYPE__)(X))
+#elif !defined(__GNUC__)       /* Works for compilers other than LLVM */
+# define SQLITE_INT_TO_PTR(X)  ((void*)&((char*)0)[X])
+# define SQLITE_PTR_TO_INT(X)  ((int)(((char*)X)-(char*)0))
+#elif defined(HAVE_STDINT_H)   /* Use this case if we have ANSI headers */
+# define SQLITE_INT_TO_PTR(X)  ((void*)(intptr_t)(X))
+# define SQLITE_PTR_TO_INT(X)  ((int)(intptr_t)(X))
+#else                          /* Generates a warning - but it always works */
+# define SQLITE_INT_TO_PTR(X)  ((void*)(X))
+# define SQLITE_PTR_TO_INT(X)  ((int)(X))
+#endif
+
+/*
+** The SQLITE_WITHIN(P,S,E) macro checks to see if pointer P points to
+** something between S (inclusive) and E (exclusive).
+**
+** In other words, S is a buffer and E is a pointer to the first byte after
+** the end of buffer S.  This macro returns true if P points to something
+** contained within the buffer S.
+*/
+#if defined(HAVE_STDINT_H)
+# define SQLITE_WITHIN(P,S,E) \
+    ((uintptr_t)(P)>=(uintptr_t)(S) && (uintptr_t)(P)<(uintptr_t)(E))
+#else
+# define SQLITE_WITHIN(P,S,E) ((P)>=(S) && (P)<(E))
+#endif
+
+/*
+** A macro to hint to the compiler that a function should not be
+** inlined.
+*/
+#if defined(__GNUC__)
+#  define SQLITE_NOINLINE  __attribute__((noinline))
+#elif defined(_MSC_VER) && _MSC_VER>=1310
+#  define SQLITE_NOINLINE  __declspec(noinline)
+#else
+#  define SQLITE_NOINLINE
+#endif
+
+/*
+** Make sure that the compiler intrinsics we desire are enabled when
+** compiling with an appropriate version of MSVC unless prevented by
+** the SQLITE_DISABLE_INTRINSIC define.
+*/
+#if !defined(SQLITE_DISABLE_INTRINSIC)
+#  if defined(_MSC_VER) && _MSC_VER>=1300
+#    if !defined(_WIN32_WCE)
+#      include <intrin.h>
+#      pragma intrinsic(_byteswap_ushort)
+#      pragma intrinsic(_byteswap_ulong)
+#      pragma intrinsic(_ReadWriteBarrier)
+#    else
+#      include <cmnintrin.h>
+#    endif
+#  endif
+#endif
+
+/*
+** The SQLITE_THREADSAFE macro must be defined as 0, 1, or 2.
+** 0 means mutexes are permanently disable and the library is never
+** threadsafe.  1 means the library is serialized which is the highest
+** level of threadsafety.  2 means the library is multithreaded - multiple
+** threads can use SQLite as long as no two threads try to use the same
+** database connection at the same time.
+**
+** Older versions of SQLite used an optional THREADSAFE macro.
+** We support that for legacy.
+*/
+#if !defined(SQLITE_THREADSAFE)
+# if defined(THREADSAFE)
+#   define SQLITE_THREADSAFE THREADSAFE
+# else
+#   define SQLITE_THREADSAFE 1 /* IMP: R-07272-22309 */
+# endif
+#endif
+
+/*
+** Powersafe overwrite is on by default.  But can be turned off using
+** the -DSQLITE_POWERSAFE_OVERWRITE=0 command-line option.
+*/
+#ifndef SQLITE_POWERSAFE_OVERWRITE
+# define SQLITE_POWERSAFE_OVERWRITE 1
+#endif
+
+/*
+** EVIDENCE-OF: R-25715-37072 Memory allocation statistics are enabled by
+** default unless SQLite is compiled with SQLITE_DEFAULT_MEMSTATUS=0 in
+** which case memory allocation statistics are disabled by default.
+*/
+#if !defined(SQLITE_DEFAULT_MEMSTATUS)
+# define SQLITE_DEFAULT_MEMSTATUS 1
+#endif
+
+/*
+** Exactly one of the following macros must be defined in order to
+** specify which memory allocation subsystem to use.
+**
+**     SQLITE_SYSTEM_MALLOC          // Use normal system malloc()
+**     SQLITE_WIN32_MALLOC           // Use Win32 native heap API
+**     SQLITE_ZERO_MALLOC            // Use a stub allocator that always fails
+**     SQLITE_MEMDEBUG               // Debugging version of system malloc()
+**
+** On Windows, if the SQLITE_WIN32_MALLOC_VALIDATE macro is defined and the
+** assert() macro is enabled, each call into the Win32 native heap subsystem
+** will cause HeapValidate to be called.  If heap validation should fail, an
+** assertion will be triggered.
+**
+** If none of the above are defined, then set SQLITE_SYSTEM_MALLOC as
+** the default.
+*/
+#if defined(SQLITE_SYSTEM_MALLOC) \
+  + defined(SQLITE_WIN32_MALLOC) \
+  + defined(SQLITE_ZERO_MALLOC) \
+  + defined(SQLITE_MEMDEBUG)>1
+# error "Two or more of the following compile-time configuration options\
+ are defined but at most one is allowed:\
+ SQLITE_SYSTEM_MALLOC, SQLITE_WIN32_MALLOC, SQLITE_MEMDEBUG,\
+ SQLITE_ZERO_MALLOC"
+#endif
+#if defined(SQLITE_SYSTEM_MALLOC) \
+  + defined(SQLITE_WIN32_MALLOC) \
+  + defined(SQLITE_ZERO_MALLOC) \
+  + defined(SQLITE_MEMDEBUG)==0
+# define SQLITE_SYSTEM_MALLOC 1
+#endif
+
+/*
+** If SQLITE_MALLOC_SOFT_LIMIT is not zero, then try to keep the
+** sizes of memory allocations below this value where possible.
+*/
+#if !defined(SQLITE_MALLOC_SOFT_LIMIT)
+# define SQLITE_MALLOC_SOFT_LIMIT 1024
+#endif
+
+/*
+** We need to define _XOPEN_SOURCE as follows in order to enable
+** recursive mutexes on most Unix systems and fchmod() on OpenBSD.
+** But _XOPEN_SOURCE define causes problems for Mac OS X, so omit
+** it.
+*/
+#if !defined(_XOPEN_SOURCE) && !defined(__DARWIN__) && !defined(__APPLE__)
+#  define _XOPEN_SOURCE 600
+#endif
+
+/*
+** NDEBUG and SQLITE_DEBUG are opposites.  It should always be true that
+** defined(NDEBUG)==!defined(SQLITE_DEBUG).  If this is not currently true,
+** make it true by defining or undefining NDEBUG.
+**
+** Setting NDEBUG makes the code smaller and faster by disabling the
+** assert() statements in the code.  So we want the default action
+** to be for NDEBUG to be set and NDEBUG to be undefined only if SQLITE_DEBUG
+** is set.  Thus NDEBUG becomes an opt-in rather than an opt-out
+** feature.
+*/
+#if !defined(NDEBUG) && !defined(SQLITE_DEBUG) 
+# define NDEBUG 1
+#endif
+#if defined(NDEBUG) && defined(SQLITE_DEBUG)
+# undef NDEBUG
+#endif
+
+/*
+** Enable SQLITE_ENABLE_EXPLAIN_COMMENTS if SQLITE_DEBUG is turned on.
+*/
+#if !defined(SQLITE_ENABLE_EXPLAIN_COMMENTS) && defined(SQLITE_DEBUG)
+# define SQLITE_ENABLE_EXPLAIN_COMMENTS 1
+#endif
+
+/*
+** The testcase() macro is used to aid in coverage testing.  When 
+** doing coverage testing, the condition inside the argument to
+** testcase() must be evaluated both true and false in order to
+** get full branch coverage.  The testcase() macro is inserted
+** to help ensure adequate test coverage in places where simple
+** condition/decision coverage is inadequate.  For example, testcase()
+** can be used to make sure boundary values are tested.  For
+** bitmask tests, testcase() can be used to make sure each bit
+** is significant and used at least once.  On switch statements
+** where multiple cases go to the same block of code, testcase()
+** can insure that all cases are evaluated.
+**
+*/
+#ifdef SQLITE_COVERAGE_TEST
+SQLITE_PRIVATE   void sqlite3Coverage(int);
+# define testcase(X)  if( X ){ sqlite3Coverage(__LINE__); }
+#else
+# define testcase(X)
+#endif
+
+/*
+** The TESTONLY macro is used to enclose variable declarations or
+** other bits of code that are needed to support the arguments
+** within testcase() and assert() macros.
+*/
+#if !defined(NDEBUG) || defined(SQLITE_COVERAGE_TEST)
+# define TESTONLY(X)  X
+#else
+# define TESTONLY(X)
+#endif
+
+/*
+** Sometimes we need a small amount of code such as a variable initialization
+** to setup for a later assert() statement.  We do not want this code to
+** appear when assert() is disabled.  The following macro is therefore
+** used to contain that setup code.  The "VVA" acronym stands for
+** "Verification, Validation, and Accreditation".  In other words, the
+** code within VVA_ONLY() will only run during verification processes.
+*/
+#ifndef NDEBUG
+# define VVA_ONLY(X)  X
+#else
+# define VVA_ONLY(X)
+#endif
+
+/*
+** The ALWAYS and NEVER macros surround boolean expressions which 
+** are intended to always be true or false, respectively.  Such
+** expressions could be omitted from the code completely.  But they
+** are included in a few cases in order to enhance the resilience
+** of SQLite to unexpected behavior - to make the code "self-healing"
+** or "ductile" rather than being "brittle" and crashing at the first
+** hint of unplanned behavior.
+**
+** In other words, ALWAYS and NEVER are added for defensive code.
+**
+** When doing coverage testing ALWAYS and NEVER are hard-coded to
+** be true and false so that the unreachable code they specify will
+** not be counted as untested code.
+*/
+#if defined(SQLITE_COVERAGE_TEST)
+# define ALWAYS(X)      (1)
+# define NEVER(X)       (0)
+#elif !defined(NDEBUG)
+# define ALWAYS(X)      ((X)?1:(assert(0),0))
+# define NEVER(X)       ((X)?(assert(0),1):0)
+#else
+# define ALWAYS(X)      (X)
+# define NEVER(X)       (X)
+#endif
+
+/*
+** Declarations used for tracing the operating system interfaces.
+*/
+#if defined(SQLITE_FORCE_OS_TRACE) || defined(SQLITE_TEST) || \
+    (defined(SQLITE_DEBUG) && SQLITE_OS_WIN)
+  extern int sqlite3OSTrace;
+# define OSTRACE(X)          if( sqlite3OSTrace ) sqlite3DebugPrintf X
+# define SQLITE_HAVE_OS_TRACE
+#else
+# define OSTRACE(X)
+# undef  SQLITE_HAVE_OS_TRACE
+#endif
+
+/*
+** Is the sqlite3ErrName() function needed in the build?  Currently,
+** it is needed by "mutex_w32.c" (when debugging), "os_win.c" (when
+** OSTRACE is enabled), and by several "test*.c" files (which are
+** compiled using SQLITE_TEST).
+*/
+#if defined(SQLITE_HAVE_OS_TRACE) || defined(SQLITE_TEST) || \
+    (defined(SQLITE_DEBUG) && SQLITE_OS_WIN)
+# define SQLITE_NEED_ERR_NAME
+#else
+# undef  SQLITE_NEED_ERR_NAME
+#endif
+
+/*
+** Return true (non-zero) if the input is an integer that is too large
+** to fit in 32-bits.  This macro is used inside of various testcase()
+** macros to verify that we have tested SQLite for large-file support.
+*/
+#define IS_BIG_INT(X)  (((X)&~(i64)0xffffffff)!=0)
+
+/*
+** The macro unlikely() is a hint that surrounds a boolean
+** expression that is usually false.  Macro likely() surrounds
+** a boolean expression that is usually true.  These hints could,
+** in theory, be used by the compiler to generate better code, but
+** currently they are just comments for human readers.
+*/
+#define likely(X)    (X)
+#define unlikely(X)  (X)
+
+/************** Include hash.h in the middle of sqliteInt.h ******************/
+/************** Begin file hash.h ********************************************/
+/*
+** 2001 September 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This is the header file for the generic hash-table implementation
+** used in SQLite.
+*/
+#ifndef _SQLITE_HASH_H_
+#define _SQLITE_HASH_H_
+
+/* Forward declarations of structures. */
+typedef struct Hash Hash;
+typedef struct HashElem HashElem;
+
+/* A complete hash table is an instance of the following structure.
+** The internals of this structure are intended to be opaque -- client
+** code should not attempt to access or modify the fields of this structure
+** directly.  Change this structure only by using the routines below.
+** However, some of the "procedures" and "functions" for modifying and
+** accessing this structure are really macros, so we can't really make
+** this structure opaque.
+**
+** All elements of the hash table are on a single doubly-linked list.
+** Hash.first points to the head of this list.
+**
+** There are Hash.htsize buckets.  Each bucket points to a spot in
+** the global doubly-linked list.  The contents of the bucket are the
+** element pointed to plus the next _ht.count-1 elements in the list.
+**
+** Hash.htsize and Hash.ht may be zero.  In that case lookup is done
+** by a linear search of the global list.  For small tables, the 
+** Hash.ht table is never allocated because if there are few elements
+** in the table, it is faster to do a linear search than to manage
+** the hash table.
+*/
+struct Hash {
+  unsigned int htsize;      /* Number of buckets in the hash table */
+  unsigned int count;       /* Number of entries in this table */
+  HashElem *first;          /* The first element of the array */
+  struct _ht {              /* the hash table */
+    int count;                 /* Number of entries with this hash */
+    HashElem *chain;           /* Pointer to first entry with this hash */
+  } *ht;
+};
+
+/* Each element in the hash table is an instance of the following 
+** structure.  All elements are stored on a single doubly-linked list.
+**
+** Again, this structure is intended to be opaque, but it can't really
+** be opaque because it is used by macros.
+*/
+struct HashElem {
+  HashElem *next, *prev;       /* Next and previous elements in the table */
+  void *data;                  /* Data associated with this element */
+  const char *pKey;            /* Key associated with this element */
+};
+
+/*
+** Access routines.  To delete, insert a NULL pointer.
+*/
+SQLITE_PRIVATE void sqlite3HashInit(Hash*);
+SQLITE_PRIVATE void *sqlite3HashInsert(Hash*, const char *pKey, void *pData);
+SQLITE_PRIVATE void *sqlite3HashFind(const Hash*, const char *pKey);
+SQLITE_PRIVATE void sqlite3HashClear(Hash*);
+
+/*
+** Macros for looping over all elements of a hash table.  The idiom is
+** like this:
+**
+**   Hash h;
+**   HashElem *p;
+**   ...
+**   for(p=sqliteHashFirst(&h); p; p=sqliteHashNext(p)){
+**     SomeStructure *pData = sqliteHashData(p);
+**     // do something with pData
+**   }
+*/
+#define sqliteHashFirst(H)  ((H)->first)
+#define sqliteHashNext(E)   ((E)->next)
+#define sqliteHashData(E)   ((E)->data)
+/* #define sqliteHashKey(E)    ((E)->pKey) // NOT USED */
+/* #define sqliteHashKeysize(E) ((E)->nKey)  // NOT USED */
+
+/*
+** Number of entries in a hash table
+*/
+/* #define sqliteHashCount(H)  ((H)->count) // NOT USED */
+
+#endif /* _SQLITE_HASH_H_ */
+
+/************** End of hash.h ************************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+/************** Include parse.h in the middle of sqliteInt.h *****************/
+/************** Begin file parse.h *******************************************/
+#define TK_SEMI                             1
+#define TK_EXPLAIN                          2
+#define TK_QUERY                            3
+#define TK_PLAN                             4
+#define TK_BEGIN                            5
+#define TK_TRANSACTION                      6
+#define TK_DEFERRED                         7
+#define TK_IMMEDIATE                        8
+#define TK_EXCLUSIVE                        9
+#define TK_COMMIT                          10
+#define TK_END                             11
+#define TK_ROLLBACK                        12
+#define TK_SAVEPOINT                       13
+#define TK_RELEASE                         14
+#define TK_TO                              15
+#define TK_TABLE                           16
+#define TK_CREATE                          17
+#define TK_IF                              18
+#define TK_NOT                             19
+#define TK_EXISTS                          20
+#define TK_TEMP                            21
+#define TK_LP                              22
+#define TK_RP                              23
+#define TK_AS                              24
+#define TK_WITHOUT                         25
+#define TK_COMMA                           26
+#define TK_ID                              27
+#define TK_INDEXED                         28
+#define TK_ABORT                           29
+#define TK_ACTION                          30
+#define TK_AFTER                           31
+#define TK_ANALYZE                         32
+#define TK_ASC                             33
+#define TK_ATTACH                          34
+#define TK_BEFORE                          35
+#define TK_BY                              36
+#define TK_CASCADE                         37
+#define TK_CAST                            38
+#define TK_COLUMNKW                        39
+#define TK_CONFLICT                        40
+#define TK_DATABASE                        41
+#define TK_DESC                            42
+#define TK_DETACH                          43
+#define TK_EACH                            44
+#define TK_FAIL                            45
+#define TK_FOR                             46
+#define TK_IGNORE                          47
+#define TK_INITIALLY                       48
+#define TK_INSTEAD                         49
+#define TK_LIKE_KW                         50
+#define TK_MATCH                           51
+#define TK_NO                              52
+#define TK_KEY                             53
+#define TK_OF                              54
+#define TK_OFFSET                          55
+#define TK_PRAGMA                          56
+#define TK_RAISE                           57
+#define TK_RECURSIVE                       58
+#define TK_REPLACE                         59
+#define TK_RESTRICT                        60
+#define TK_ROW                             61
+#define TK_TRIGGER                         62
+#define TK_VACUUM                          63
+#define TK_VIEW                            64
+#define TK_VIRTUAL                         65
+#define TK_WITH                            66
+#define TK_REINDEX                         67
+#define TK_RENAME                          68
+#define TK_CTIME_KW                        69
+#define TK_ANY                             70
+#define TK_OR                              71
+#define TK_AND                             72
+#define TK_IS                              73
+#define TK_BETWEEN                         74
+#define TK_IN                              75
+#define TK_ISNULL                          76
+#define TK_NOTNULL                         77
+#define TK_NE                              78
+#define TK_EQ                              79
+#define TK_GT                              80
+#define TK_LE                              81
+#define TK_LT                              82
+#define TK_GE                              83
+#define TK_ESCAPE                          84
+#define TK_BITAND                          85
+#define TK_BITOR                           86
+#define TK_LSHIFT                          87
+#define TK_RSHIFT                          88
+#define TK_PLUS                            89
+#define TK_MINUS                           90
+#define TK_STAR                            91
+#define TK_SLASH                           92
+#define TK_REM                             93
+#define TK_CONCAT                          94
+#define TK_COLLATE                         95
+#define TK_BITNOT                          96
+#define TK_STRING                          97
+#define TK_JOIN_KW                         98
+#define TK_CONSTRAINT                      99
+#define TK_DEFAULT                        100
+#define TK_NULL                           101
+#define TK_PRIMARY                        102
+#define TK_UNIQUE                         103
+#define TK_CHECK                          104
+#define TK_REFERENCES                     105
+#define TK_AUTOINCR                       106
+#define TK_ON                             107
+#define TK_INSERT                         108
+#define TK_DELETE                         109
+#define TK_UPDATE                         110
+#define TK_SET                            111
+#define TK_DEFERRABLE                     112
+#define TK_FOREIGN                        113
+#define TK_DROP                           114
+#define TK_UNION                          115
+#define TK_ALL                            116
+#define TK_EXCEPT                         117
+#define TK_INTERSECT                      118
+#define TK_SELECT                         119
+#define TK_VALUES                         120
+#define TK_DISTINCT                       121
+#define TK_DOT                            122
+#define TK_FROM                           123
+#define TK_JOIN                           124
+#define TK_USING                          125
+#define TK_ORDER                          126
+#define TK_GROUP                          127
+#define TK_HAVING                         128
+#define TK_LIMIT                          129
+#define TK_WHERE                          130
+#define TK_INTO                           131
+#define TK_INTEGER                        132
+#define TK_FLOAT                          133
+#define TK_BLOB                           134
+#define TK_VARIABLE                       135
+#define TK_CASE                           136
+#define TK_WHEN                           137
+#define TK_THEN                           138
+#define TK_ELSE                           139
+#define TK_INDEX                          140
+#define TK_ALTER                          141
+#define TK_ADD                            142
+#define TK_TO_TEXT                        143
+#define TK_TO_BLOB                        144
+#define TK_TO_NUMERIC                     145
+#define TK_TO_INT                         146
+#define TK_TO_REAL                        147
+#define TK_ISNOT                          148
+#define TK_END_OF_FILE                    149
+#define TK_UNCLOSED_STRING                150
+#define TK_FUNCTION                       151
+#define TK_COLUMN                         152
+#define TK_AGG_FUNCTION                   153
+#define TK_AGG_COLUMN                     154
+#define TK_UMINUS                         155
+#define TK_UPLUS                          156
+#define TK_REGISTER                       157
+#define TK_ASTERISK                       158
+#define TK_SPACE                          159
+#define TK_ILLEGAL                        160
+
+/* The token codes above must all fit in 8 bits */
+#define TKFLG_MASK           0xff  
+
+/* Flags that can be added to a token code when it is not
+** being stored in a u8: */
+#define TKFLG_DONTFOLD       0x100  /* Omit constant folding optimizations */
+
+/************** End of parse.h ***********************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <stddef.h>
+
+/*
+** If compiling for a processor that lacks floating point support,
+** substitute integer for floating-point
+*/
+#ifdef SQLITE_OMIT_FLOATING_POINT
+# define double sqlite_int64
+# define float sqlite_int64
+# define LONGDOUBLE_TYPE sqlite_int64
+# ifndef SQLITE_BIG_DBL
+#   define SQLITE_BIG_DBL (((sqlite3_int64)1)<<50)
+# endif
+# define SQLITE_OMIT_DATETIME_FUNCS 1
+# define SQLITE_OMIT_TRACE 1
+# undef SQLITE_MIXED_ENDIAN_64BIT_FLOAT
+# undef SQLITE_HAVE_ISNAN
+#endif
+#ifndef SQLITE_BIG_DBL
+# define SQLITE_BIG_DBL (1e99)
+#endif
+
+/*
+** OMIT_TEMPDB is set to 1 if SQLITE_OMIT_TEMPDB is defined, or 0
+** afterward. Having this macro allows us to cause the C compiler 
+** to omit code used by TEMP tables without messy #ifndef statements.
+*/
+#ifdef SQLITE_OMIT_TEMPDB
+#define OMIT_TEMPDB 1
+#else
+#define OMIT_TEMPDB 0
+#endif
+
+/*
+** The "file format" number is an integer that is incremented whenever
+** the VDBE-level file format changes.  The following macros define the
+** the default file format for new databases and the maximum file format
+** that the library can read.
+*/
+#define SQLITE_MAX_FILE_FORMAT 4
+#ifndef SQLITE_DEFAULT_FILE_FORMAT
+# define SQLITE_DEFAULT_FILE_FORMAT 4
+#endif
+
+/*
+** Determine whether triggers are recursive by default.  This can be
+** changed at run-time using a pragma.
+*/
+#ifndef SQLITE_DEFAULT_RECURSIVE_TRIGGERS
+# define SQLITE_DEFAULT_RECURSIVE_TRIGGERS 0
+#endif
+
+/*
+** Provide a default value for SQLITE_TEMP_STORE in case it is not specified
+** on the command-line
+*/
+#ifndef SQLITE_TEMP_STORE
+# define SQLITE_TEMP_STORE 1
+# define SQLITE_TEMP_STORE_xc 1  /* Exclude from ctime.c */
+#endif
+
+/*
+** If no value has been provided for SQLITE_MAX_WORKER_THREADS, or if
+** SQLITE_TEMP_STORE is set to 3 (never use temporary files), set it 
+** to zero.
+*/
+#if SQLITE_TEMP_STORE==3 || SQLITE_THREADSAFE==0
+# undef SQLITE_MAX_WORKER_THREADS
+# define SQLITE_MAX_WORKER_THREADS 0
+#endif
+#ifndef SQLITE_MAX_WORKER_THREADS
+# define SQLITE_MAX_WORKER_THREADS 8
+#endif
+#ifndef SQLITE_DEFAULT_WORKER_THREADS
+# define SQLITE_DEFAULT_WORKER_THREADS 0
+#endif
+#if SQLITE_DEFAULT_WORKER_THREADS>SQLITE_MAX_WORKER_THREADS
+# undef SQLITE_MAX_WORKER_THREADS
+# define SQLITE_MAX_WORKER_THREADS SQLITE_DEFAULT_WORKER_THREADS
+#endif
+
+/*
+** The default initial allocation for the pagecache when using separate
+** pagecaches for each database connection.  A positive number is the
+** number of pages.  A negative number N translations means that a buffer
+** of -1024*N bytes is allocated and used for as many pages as it will hold.
+*/
+#ifndef SQLITE_DEFAULT_PCACHE_INITSZ
+# define SQLITE_DEFAULT_PCACHE_INITSZ 100
+#endif
+
+/*
+** GCC does not define the offsetof() macro so we'll have to do it
+** ourselves.
+*/
+#ifndef offsetof
+#define offsetof(STRUCTURE,FIELD) ((int)((char*)&((STRUCTURE*)0)->FIELD))
+#endif
+
+/*
+** Macros to compute minimum and maximum of two numbers.
+*/
+#define MIN(A,B) ((A)<(B)?(A):(B))
+#define MAX(A,B) ((A)>(B)?(A):(B))
+
+/*
+** Swap two objects of type TYPE.
+*/
+#define SWAP(TYPE,A,B) {TYPE t=A; A=B; B=t;}
+
+/*
+** Check to see if this machine uses EBCDIC.  (Yes, believe it or
+** not, there are still machines out there that use EBCDIC.)
+*/
+#if 'A' == '\301'
+# define SQLITE_EBCDIC 1
+#else
+# define SQLITE_ASCII 1
+#endif
+
+/*
+** Integers of known sizes.  These typedefs might change for architectures
+** where the sizes very.  Preprocessor macros are available so that the
+** types can be conveniently redefined at compile-type.  Like this:
+**
+**         cc '-DUINTPTR_TYPE=long long int' ...
+*/
+#ifndef UINT32_TYPE
+# ifdef HAVE_UINT32_T
+#  define UINT32_TYPE uint32_t
+# else
+#  define UINT32_TYPE unsigned int
+# endif
+#endif
+#ifndef UINT16_TYPE
+# ifdef HAVE_UINT16_T
+#  define UINT16_TYPE uint16_t
+# else
+#  define UINT16_TYPE unsigned short int
+# endif
+#endif
+#ifndef INT16_TYPE
+# ifdef HAVE_INT16_T
+#  define INT16_TYPE int16_t
+# else
+#  define INT16_TYPE short int
+# endif
+#endif
+#ifndef UINT8_TYPE
+# ifdef HAVE_UINT8_T
+#  define UINT8_TYPE uint8_t
+# else
+#  define UINT8_TYPE unsigned char
+# endif
+#endif
+#ifndef INT8_TYPE
+# ifdef HAVE_INT8_T
+#  define INT8_TYPE int8_t
+# else
+#  define INT8_TYPE signed char
+# endif
+#endif
+#ifndef LONGDOUBLE_TYPE
+# define LONGDOUBLE_TYPE long double
+#endif
+typedef sqlite_int64 i64;          /* 8-byte signed integer */
+typedef sqlite_uint64 u64;         /* 8-byte unsigned integer */
+typedef UINT32_TYPE u32;           /* 4-byte unsigned integer */
+typedef UINT16_TYPE u16;           /* 2-byte unsigned integer */
+typedef INT16_TYPE i16;            /* 2-byte signed integer */
+typedef UINT8_TYPE u8;             /* 1-byte unsigned integer */
+typedef INT8_TYPE i8;              /* 1-byte signed integer */
+
+/*
+** SQLITE_MAX_U32 is a u64 constant that is the maximum u64 value
+** that can be stored in a u32 without loss of data.  The value
+** is 0x00000000ffffffff.  But because of quirks of some compilers, we
+** have to specify the value in the less intuitive manner shown:
+*/
+#define SQLITE_MAX_U32  ((((u64)1)<<32)-1)
+
+/*
+** The datatype used to store estimates of the number of rows in a
+** table or index.  This is an unsigned integer type.  For 99.9% of
+** the world, a 32-bit integer is sufficient.  But a 64-bit integer
+** can be used at compile-time if desired.
+*/
+#ifdef SQLITE_64BIT_STATS
+ typedef u64 tRowcnt;    /* 64-bit only if requested at compile-time */
+#else
+ typedef u32 tRowcnt;    /* 32-bit is the default */
+#endif
+
+/*
+** Estimated quantities used for query planning are stored as 16-bit
+** logarithms.  For quantity X, the value stored is 10*log2(X).  This
+** gives a possible range of values of approximately 1.0e986 to 1e-986.
+** But the allowed values are "grainy".  Not every value is representable.
+** For example, quantities 16 and 17 are both represented by a LogEst
+** of 40.  However, since LogEst quantities are suppose to be estimates,
+** not exact values, this imprecision is not a problem.
+**
+** "LogEst" is short for "Logarithmic Estimate".
+**
+** Examples:
+**      1 -> 0              20 -> 43          10000 -> 132
+**      2 -> 10             25 -> 46          25000 -> 146
+**      3 -> 16            100 -> 66        1000000 -> 199
+**      4 -> 20           1000 -> 99        1048576 -> 200
+**     10 -> 33           1024 -> 100    4294967296 -> 320
+**
+** The LogEst can be negative to indicate fractional values. 
+** Examples:
+**
+**    0.5 -> -10           0.1 -> -33        0.0625 -> -40
+*/
+typedef INT16_TYPE LogEst;
+
+/*
+** Set the SQLITE_PTRSIZE macro to the number of bytes in a pointer
+*/
+#ifndef SQLITE_PTRSIZE
+# if defined(__SIZEOF_POINTER__)
+#   define SQLITE_PTRSIZE __SIZEOF_POINTER__
+# elif defined(i386)     || defined(__i386__)   || defined(_M_IX86) ||    \
+       defined(_M_ARM)   || defined(__arm__)    || defined(__x86)
+#   define SQLITE_PTRSIZE 4
+# else
+#   define SQLITE_PTRSIZE 8
+# endif
+#endif
+
+/*
+** Macros to determine whether the machine is big or little endian,
+** and whether or not that determination is run-time or compile-time.
+**
+** For best performance, an attempt is made to guess at the byte-order
+** using C-preprocessor macros.  If that is unsuccessful, or if
+** -DSQLITE_RUNTIME_BYTEORDER=1 is set, then byte-order is determined
+** at run-time.
+*/
+#if (defined(i386)     || defined(__i386__)   || defined(_M_IX86) ||    \
+     defined(__x86_64) || defined(__x86_64__) || defined(_M_X64)  ||    \
+     defined(_M_AMD64) || defined(_M_ARM)     || defined(__x86)   ||    \
+     defined(__arm__)) && !defined(SQLITE_RUNTIME_BYTEORDER)
+# define SQLITE_BYTEORDER    1234
+# define SQLITE_BIGENDIAN    0
+# define SQLITE_LITTLEENDIAN 1
+# define SQLITE_UTF16NATIVE  SQLITE_UTF16LE
+#endif
+#if (defined(sparc)    || defined(__ppc__))  \
+    && !defined(SQLITE_RUNTIME_BYTEORDER)
+# define SQLITE_BYTEORDER    4321
+# define SQLITE_BIGENDIAN    1
+# define SQLITE_LITTLEENDIAN 0
+# define SQLITE_UTF16NATIVE  SQLITE_UTF16BE
+#endif
+#if !defined(SQLITE_BYTEORDER)
+# ifdef SQLITE_AMALGAMATION
+  const int sqlite3one = 1;
+# else
+  extern const int sqlite3one;
+# endif
+# define SQLITE_BYTEORDER    0     /* 0 means "unknown at compile-time" */
+# define SQLITE_BIGENDIAN    (*(char *)(&sqlite3one)==0)
+# define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1)
+# define SQLITE_UTF16NATIVE  (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE)
+#endif
+
+/*
+** Constants for the largest and smallest possible 64-bit signed integers.
+** These macros are designed to work correctly on both 32-bit and 64-bit
+** compilers.
+*/
+#define LARGEST_INT64  (0xffffffff|(((i64)0x7fffffff)<<32))
+#define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64)
+
+/* 
+** Round up a number to the next larger multiple of 8.  This is used
+** to force 8-byte alignment on 64-bit architectures.
+*/
+#define ROUND8(x)     (((x)+7)&~7)
+
+/*
+** Round down to the nearest multiple of 8
+*/
+#define ROUNDDOWN8(x) ((x)&~7)
+
+/*
+** Assert that the pointer X is aligned to an 8-byte boundary.  This
+** macro is used only within assert() to verify that the code gets
+** all alignment restrictions correct.
+**
+** Except, if SQLITE_4_BYTE_ALIGNED_MALLOC is defined, then the
+** underlying malloc() implementation might return us 4-byte aligned
+** pointers.  In that case, only verify 4-byte alignment.
+*/
+#ifdef SQLITE_4_BYTE_ALIGNED_MALLOC
+# define EIGHT_BYTE_ALIGNMENT(X)   ((((char*)(X) - (char*)0)&3)==0)
+#else
+# define EIGHT_BYTE_ALIGNMENT(X)   ((((char*)(X) - (char*)0)&7)==0)
+#endif
+
+/*
+** Disable MMAP on platforms where it is known to not work
+*/
+#if defined(__OpenBSD__) || defined(__QNXNTO__)
+# undef SQLITE_MAX_MMAP_SIZE
+# define SQLITE_MAX_MMAP_SIZE 0
+#endif
+
+/*
+** Default maximum size of memory used by memory-mapped I/O in the VFS
+*/
+#ifdef __APPLE__
+# include <TargetConditionals.h>
+# if TARGET_OS_IPHONE
+#   undef SQLITE_MAX_MMAP_SIZE
+#   define SQLITE_MAX_MMAP_SIZE 0
+# endif
+#endif
+#ifndef SQLITE_MAX_MMAP_SIZE
+# if defined(__linux__) \
+  || defined(_WIN32) \
+  || (defined(__APPLE__) && defined(__MACH__)) \
+  || defined(__sun) \
+  || defined(__FreeBSD__) \
+  || defined(__DragonFly__)
+#   define SQLITE_MAX_MMAP_SIZE 0x7fff0000  /* 2147418112 */
+# else
+#   define SQLITE_MAX_MMAP_SIZE 0
+# endif
+# define SQLITE_MAX_MMAP_SIZE_xc 1 /* exclude from ctime.c */
+#endif
+
+/*
+** The default MMAP_SIZE is zero on all platforms.  Or, even if a larger
+** default MMAP_SIZE is specified at compile-time, make sure that it does
+** not exceed the maximum mmap size.
+*/
+#ifndef SQLITE_DEFAULT_MMAP_SIZE
+# define SQLITE_DEFAULT_MMAP_SIZE 0
+# define SQLITE_DEFAULT_MMAP_SIZE_xc 1  /* Exclude from ctime.c */
+#endif
+#if SQLITE_DEFAULT_MMAP_SIZE>SQLITE_MAX_MMAP_SIZE
+# undef SQLITE_DEFAULT_MMAP_SIZE
+# define SQLITE_DEFAULT_MMAP_SIZE SQLITE_MAX_MMAP_SIZE
+#endif
+
+/*
+** Only one of SQLITE_ENABLE_STAT3 or SQLITE_ENABLE_STAT4 can be defined.
+** Priority is given to SQLITE_ENABLE_STAT4.  If either are defined, also
+** define SQLITE_ENABLE_STAT3_OR_STAT4
+*/
+#ifdef SQLITE_ENABLE_STAT4
+# undef SQLITE_ENABLE_STAT3
+# define SQLITE_ENABLE_STAT3_OR_STAT4 1
+#elif SQLITE_ENABLE_STAT3
+# define SQLITE_ENABLE_STAT3_OR_STAT4 1
+#elif SQLITE_ENABLE_STAT3_OR_STAT4
+# undef SQLITE_ENABLE_STAT3_OR_STAT4
+#endif
+
+/*
+** SELECTTRACE_ENABLED will be either 1 or 0 depending on whether or not
+** the Select query generator tracing logic is turned on.
+*/
+#if defined(SQLITE_DEBUG) || defined(SQLITE_ENABLE_SELECTTRACE)
+# define SELECTTRACE_ENABLED 1
+#else
+# define SELECTTRACE_ENABLED 0
+#endif
+
+/*
+** An instance of the following structure is used to store the busy-handler
+** callback for a given sqlite handle. 
+**
+** The sqlite.busyHandler member of the sqlite struct contains the busy
+** callback for the database handle. Each pager opened via the sqlite
+** handle is passed a pointer to sqlite.busyHandler. The busy-handler
+** callback is currently invoked only from within pager.c.
+*/
+typedef struct BusyHandler BusyHandler;
+struct BusyHandler {
+  int (*xFunc)(void *,int);  /* The busy callback */
+  void *pArg;                /* First arg to busy callback */
+  int nBusy;                 /* Incremented with each busy call */
+};
+
+/*
+** Name of the master database table.  The master database table
+** is a special table that holds the names and attributes of all
+** user tables and indices.
+*/
+#define MASTER_NAME       "sqlite_master"
+#define TEMP_MASTER_NAME  "sqlite_temp_master"
+
+/*
+** The root-page of the master database table.
+*/
+#define MASTER_ROOT       1
+
+/*
+** The name of the schema table.
+*/
+#define SCHEMA_TABLE(x)  ((!OMIT_TEMPDB)&&(x==1)?TEMP_MASTER_NAME:MASTER_NAME)
+
+/*
+** A convenience macro that returns the number of elements in
+** an array.
+*/
+#define ArraySize(X)    ((int)(sizeof(X)/sizeof(X[0])))
+
+/*
+** Determine if the argument is a power of two
+*/
+#define IsPowerOfTwo(X) (((X)&((X)-1))==0)
+
+/*
+** The following value as a destructor means to use sqlite3DbFree().
+** The sqlite3DbFree() routine requires two parameters instead of the 
+** one parameter that destructors normally want.  So we have to introduce 
+** this magic value that the code knows to handle differently.  Any 
+** pointer will work here as long as it is distinct from SQLITE_STATIC
+** and SQLITE_TRANSIENT.
+*/
+#define SQLITE_DYNAMIC   ((sqlite3_destructor_type)sqlite3MallocSize)
+
+/*
+** When SQLITE_OMIT_WSD is defined, it means that the target platform does
+** not support Writable Static Data (WSD) such as global and static variables.
+** All variables must either be on the stack or dynamically allocated from
+** the heap.  When WSD is unsupported, the variable declarations scattered
+** throughout the SQLite code must become constants instead.  The SQLITE_WSD
+** macro is used for this purpose.  And instead of referencing the variable
+** directly, we use its constant as a key to lookup the run-time allocated
+** buffer that holds real variable.  The constant is also the initializer
+** for the run-time allocated buffer.
+**
+** In the usual case where WSD is supported, the SQLITE_WSD and GLOBAL
+** macros become no-ops and have zero performance impact.
+*/
+#ifdef SQLITE_OMIT_WSD
+  #define SQLITE_WSD const
+  #define GLOBAL(t,v) (*(t*)sqlite3_wsd_find((void*)&(v), sizeof(v)))
+  #define sqlite3GlobalConfig GLOBAL(struct Sqlite3Config, sqlite3Config)
+SQLITE_API int SQLITE_STDCALL sqlite3_wsd_init(int N, int J);
+SQLITE_API void *SQLITE_STDCALL sqlite3_wsd_find(void *K, int L);
+#else
+  #define SQLITE_WSD 
+  #define GLOBAL(t,v) v
+  #define sqlite3GlobalConfig sqlite3Config
+#endif
+
+/*
+** The following macros are used to suppress compiler warnings and to
+** make it clear to human readers when a function parameter is deliberately 
+** left unused within the body of a function. This usually happens when
+** a function is called via a function pointer. For example the 
+** implementation of an SQL aggregate step callback may not use the
+** parameter indicating the number of arguments passed to the aggregate,
+** if it knows that this is enforced elsewhere.
+**
+** When a function parameter is not used at all within the body of a function,
+** it is generally named "NotUsed" or "NotUsed2" to make things even clearer.
+** However, these macros may also be used to suppress warnings related to
+** parameters that may or may not be used depending on compilation options.
+** For example those parameters only used in assert() statements. In these
+** cases the parameters are named as per the usual conventions.
+*/
+#define UNUSED_PARAMETER(x) (void)(x)
+#define UNUSED_PARAMETER2(x,y) UNUSED_PARAMETER(x),UNUSED_PARAMETER(y)
+
+/*
+** Forward references to structures
+*/
+typedef struct AggInfo AggInfo;
+typedef struct AuthContext AuthContext;
+typedef struct AutoincInfo AutoincInfo;
+typedef struct Bitvec Bitvec;
+typedef struct CollSeq CollSeq;
+typedef struct Column Column;
+typedef struct Db Db;
+typedef struct Schema Schema;
+typedef struct Expr Expr;
+typedef struct ExprList ExprList;
+typedef struct ExprSpan ExprSpan;
+typedef struct FKey FKey;
+typedef struct FuncDestructor FuncDestructor;
+typedef struct FuncDef FuncDef;
+typedef struct FuncDefHash FuncDefHash;
+typedef struct IdList IdList;
+typedef struct Index Index;
+typedef struct IndexSample IndexSample;
+typedef struct KeyClass KeyClass;
+typedef struct KeyInfo KeyInfo;
+typedef struct Lookaside Lookaside;
+typedef struct LookasideSlot LookasideSlot;
+typedef struct Module Module;
+typedef struct NameContext NameContext;
+typedef struct Parse Parse;
+typedef struct PrintfArguments PrintfArguments;
+typedef struct RowSet RowSet;
+typedef struct Savepoint Savepoint;
+typedef struct Select Select;
+typedef struct SQLiteThread SQLiteThread;
+typedef struct SelectDest SelectDest;
+typedef struct SrcList SrcList;
+typedef struct StrAccum StrAccum;
+typedef struct Table Table;
+typedef struct TableLock TableLock;
+typedef struct Token Token;
+typedef struct TreeView TreeView;
+typedef struct Trigger Trigger;
+typedef struct TriggerPrg TriggerPrg;
+typedef struct TriggerStep TriggerStep;
+typedef struct UnpackedRecord UnpackedRecord;
+typedef struct VTable VTable;
+typedef struct VtabCtx VtabCtx;
+typedef struct Walker Walker;
+typedef struct WhereInfo WhereInfo;
+typedef struct With With;
+
+/*
+** Defer sourcing vdbe.h and btree.h until after the "u8" and 
+** "BusyHandler" typedefs. vdbe.h also requires a few of the opaque
+** pointer types (i.e. FuncDef) defined above.
+*/
+/************** Include btree.h in the middle of sqliteInt.h *****************/
+/************** Begin file btree.h *******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This header file defines the interface that the sqlite B-Tree file
+** subsystem.  See comments in the source code for a detailed description
+** of what each interface routine does.
+*/
+#ifndef _BTREE_H_
+#define _BTREE_H_
+
+/* TODO: This definition is just included so other modules compile. It
+** needs to be revisited.
+*/
+#define SQLITE_N_BTREE_META 16
+
+/*
+** If defined as non-zero, auto-vacuum is enabled by default. Otherwise
+** it must be turned on for each database using "PRAGMA auto_vacuum = 1".
+*/
+#ifndef SQLITE_DEFAULT_AUTOVACUUM
+  #define SQLITE_DEFAULT_AUTOVACUUM 0
+#endif
+
+#define BTREE_AUTOVACUUM_NONE 0        /* Do not do auto-vacuum */
+#define BTREE_AUTOVACUUM_FULL 1        /* Do full auto-vacuum */
+#define BTREE_AUTOVACUUM_INCR 2        /* Incremental vacuum */
+
+/*
+** Forward declarations of structure
+*/
+typedef struct Btree Btree;
+typedef struct BtCursor BtCursor;
+typedef struct BtShared BtShared;
+
+
+SQLITE_PRIVATE int sqlite3BtreeOpen(
+  sqlite3_vfs *pVfs,       /* VFS to use with this b-tree */
+  const char *zFilename,   /* Name of database file to open */
+  sqlite3 *db,             /* Associated database connection */
+  Btree **ppBtree,         /* Return open Btree* here */
+  int flags,               /* Flags */
+  int vfsFlags             /* Flags passed through to VFS open */
+);
+
+/* The flags parameter to sqlite3BtreeOpen can be the bitwise or of the
+** following values.
+**
+** NOTE:  These values must match the corresponding PAGER_ values in
+** pager.h.
+*/
+#define BTREE_OMIT_JOURNAL  1  /* Do not create or use a rollback journal */
+#define BTREE_MEMORY        2  /* This is an in-memory DB */
+#define BTREE_SINGLE        4  /* The file contains at most 1 b-tree */
+#define BTREE_UNORDERED     8  /* Use of a hash implementation is OK */
+
+SQLITE_PRIVATE int sqlite3BtreeClose(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeSetCacheSize(Btree*,int);
+SQLITE_PRIVATE int sqlite3BtreeSetSpillSize(Btree*,int);
+#if SQLITE_MAX_MMAP_SIZE>0
+SQLITE_PRIVATE   int sqlite3BtreeSetMmapLimit(Btree*,sqlite3_int64);
+#endif
+SQLITE_PRIVATE int sqlite3BtreeSetPagerFlags(Btree*,unsigned);
+SQLITE_PRIVATE int sqlite3BtreeSyncDisabled(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeSetPageSize(Btree *p, int nPagesize, int nReserve, int eFix);
+SQLITE_PRIVATE int sqlite3BtreeGetPageSize(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeMaxPageCount(Btree*,int);
+SQLITE_PRIVATE u32 sqlite3BtreeLastPage(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeSecureDelete(Btree*,int);
+SQLITE_PRIVATE int sqlite3BtreeGetOptimalReserve(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeGetReserveNoMutex(Btree *p);
+SQLITE_PRIVATE int sqlite3BtreeSetAutoVacuum(Btree *, int);
+SQLITE_PRIVATE int sqlite3BtreeGetAutoVacuum(Btree *);
+SQLITE_PRIVATE int sqlite3BtreeBeginTrans(Btree*,int);
+SQLITE_PRIVATE int sqlite3BtreeCommitPhaseOne(Btree*, const char *zMaster);
+SQLITE_PRIVATE int sqlite3BtreeCommitPhaseTwo(Btree*, int);
+SQLITE_PRIVATE int sqlite3BtreeCommit(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeRollback(Btree*,int,int);
+SQLITE_PRIVATE int sqlite3BtreeBeginStmt(Btree*,int);
+SQLITE_PRIVATE int sqlite3BtreeCreateTable(Btree*, int*, int flags);
+SQLITE_PRIVATE int sqlite3BtreeIsInTrans(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeIsInReadTrans(Btree*);
+SQLITE_PRIVATE int sqlite3BtreeIsInBackup(Btree*);
+SQLITE_PRIVATE void *sqlite3BtreeSchema(Btree *, int, void(*)(void *));
+SQLITE_PRIVATE int sqlite3BtreeSchemaLocked(Btree *pBtree);
+SQLITE_PRIVATE int sqlite3BtreeLockTable(Btree *pBtree, int iTab, u8 isWriteLock);
+SQLITE_PRIVATE int sqlite3BtreeSavepoint(Btree *, int, int);
+
+SQLITE_PRIVATE const char *sqlite3BtreeGetFilename(Btree *);
+SQLITE_PRIVATE const char *sqlite3BtreeGetJournalname(Btree *);
+SQLITE_PRIVATE int sqlite3BtreeCopyFile(Btree *, Btree *);
+
+SQLITE_PRIVATE int sqlite3BtreeIncrVacuum(Btree *);
+
+/* The flags parameter to sqlite3BtreeCreateTable can be the bitwise OR
+** of the flags shown below.
+**
+** Every SQLite table must have either BTREE_INTKEY or BTREE_BLOBKEY set.
+** With BTREE_INTKEY, the table key is a 64-bit integer and arbitrary data
+** is stored in the leaves.  (BTREE_INTKEY is used for SQL tables.)  With
+** BTREE_BLOBKEY, the key is an arbitrary BLOB and no content is stored
+** anywhere - the key is the content.  (BTREE_BLOBKEY is used for SQL
+** indices.)
+*/
+#define BTREE_INTKEY     1    /* Table has only 64-bit signed integer keys */
+#define BTREE_BLOBKEY    2    /* Table has keys only - no data */
+
+SQLITE_PRIVATE int sqlite3BtreeDropTable(Btree*, int, int*);
+SQLITE_PRIVATE int sqlite3BtreeClearTable(Btree*, int, int*);
+SQLITE_PRIVATE int sqlite3BtreeClearTableOfCursor(BtCursor*);
+SQLITE_PRIVATE int sqlite3BtreeTripAllCursors(Btree*, int, int);
+
+SQLITE_PRIVATE void sqlite3BtreeGetMeta(Btree *pBtree, int idx, u32 *pValue);
+SQLITE_PRIVATE int sqlite3BtreeUpdateMeta(Btree*, int idx, u32 value);
+
+SQLITE_PRIVATE int sqlite3BtreeNewDb(Btree *p);
+
+/*
+** The second parameter to sqlite3BtreeGetMeta or sqlite3BtreeUpdateMeta
+** should be one of the following values. The integer values are assigned 
+** to constants so that the offset of the corresponding field in an
+** SQLite database header may be found using the following formula:
+**
+**   offset = 36 + (idx * 4)
+**
+** For example, the free-page-count field is located at byte offset 36 of
+** the database file header. The incr-vacuum-flag field is located at
+** byte offset 64 (== 36+4*7).
+**
+** The BTREE_DATA_VERSION value is not really a value stored in the header.
+** It is a read-only number computed by the pager.  But we merge it with
+** the header value access routines since its access pattern is the same.
+** Call it a "virtual meta value".
+*/
+#define BTREE_FREE_PAGE_COUNT     0
+#define BTREE_SCHEMA_VERSION      1
+#define BTREE_FILE_FORMAT         2
+#define BTREE_DEFAULT_CACHE_SIZE  3
+#define BTREE_LARGEST_ROOT_PAGE   4
+#define BTREE_TEXT_ENCODING       5
+#define BTREE_USER_VERSION        6
+#define BTREE_INCR_VACUUM         7
+#define BTREE_APPLICATION_ID      8
+#define BTREE_DATA_VERSION        15  /* A virtual meta-value */
+
+/*
+** Kinds of hints that can be passed into the sqlite3BtreeCursorHint()
+** interface.
+**
+** BTREE_HINT_RANGE  (arguments: Expr*, Mem*)
+**
+**     The first argument is an Expr* (which is guaranteed to be constant for
+**     the lifetime of the cursor) that defines constraints on which rows
+**     might be fetched with this cursor.  The Expr* tree may contain
+**     TK_REGISTER nodes that refer to values stored in the array of registers
+**     passed as the second parameter.  In other words, if Expr.op==TK_REGISTER
+**     then the value of the node is the value in Mem[pExpr.iTable].  Any
+**     TK_COLUMN node in the expression tree refers to the Expr.iColumn-th
+**     column of the b-tree of the cursor.  The Expr tree will not contain
+**     any function calls nor subqueries nor references to b-trees other than
+**     the cursor being hinted.
+**
+**     The design of the _RANGE hint is aid b-tree implementations that try
+**     to prefetch content from remote machines - to provide those
+**     implementations with limits on what needs to be prefetched and thereby
+**     reduce network bandwidth.
+**
+** Note that BTREE_HINT_FLAGS with BTREE_BULKLOAD is the only hint used by
+** standard SQLite.  The other hints are provided for extentions that use
+** the SQLite parser and code generator but substitute their own storage
+** engine.
+*/
+#define BTREE_HINT_RANGE 0       /* Range constraints on queries */
+
+/*
+** Values that may be OR'd together to form the argument to the
+** BTREE_HINT_FLAGS hint for sqlite3BtreeCursorHint():
+**
+** The BTREE_BULKLOAD flag is set on index cursors when the index is going
+** to be filled with content that is already in sorted order.
+**
+** The BTREE_SEEK_EQ flag is set on cursors that will get OP_SeekGE or
+** OP_SeekLE opcodes for a range search, but where the range of entries
+** selected will all have the same key.  In other words, the cursor will
+** be used only for equality key searches.
+**
+*/
+#define BTREE_BULKLOAD 0x00000001  /* Used to full index in sorted order */
+#define BTREE_SEEK_EQ  0x00000002  /* EQ seeks only - no range seeks */
+
+/* 
+** Flags passed as the third argument to sqlite3BtreeCursor().
+**
+** For read-only cursors the wrFlag argument is always zero. For read-write
+** cursors it may be set to either (BTREE_WRCSR|BTREE_FORDELETE) or
+** (BTREE_WRCSR). If the BTREE_FORDELETE flag is set, then the cursor will
+** only be used by SQLite for the following:
+**
+**   * to seek to and delete specific entries, and/or
+**
+**   * to read values that will be used to create keys that other
+**     BTREE_FORDELETE cursors will seek to and delete.
+*/
+#define BTREE_WRCSR     0x00000004     /* read-write cursor */
+#define BTREE_FORDELETE 0x00000008     /* Cursor is for seek/delete only */
+
+SQLITE_PRIVATE int sqlite3BtreeCursor(
+  Btree*,                              /* BTree containing table to open */
+  int iTable,                          /* Index of root page */
+  int wrFlag,                          /* 1 for writing.  0 for read-only */
+  struct KeyInfo*,                     /* First argument to compare function */
+  BtCursor *pCursor                    /* Space to write cursor structure */
+);
+SQLITE_PRIVATE int sqlite3BtreeCursorSize(void);
+SQLITE_PRIVATE void sqlite3BtreeCursorZero(BtCursor*);
+SQLITE_PRIVATE void sqlite3BtreeCursorHintFlags(BtCursor*, unsigned);
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+SQLITE_PRIVATE void sqlite3BtreeCursorHint(BtCursor*, int, ...);
+#endif
+
+SQLITE_PRIVATE int sqlite3BtreeCloseCursor(BtCursor*);
+SQLITE_PRIVATE int sqlite3BtreeMovetoUnpacked(
+  BtCursor*,
+  UnpackedRecord *pUnKey,
+  i64 intKey,
+  int bias,
+  int *pRes
+);
+SQLITE_PRIVATE int sqlite3BtreeCursorHasMoved(BtCursor*);
+SQLITE_PRIVATE int sqlite3BtreeCursorRestore(BtCursor*, int*);
+SQLITE_PRIVATE int sqlite3BtreeDelete(BtCursor*, int);
+SQLITE_PRIVATE int sqlite3BtreeInsert(BtCursor*, const void *pKey, i64 nKey,
+                                  const void *pData, int nData,
+                                  int nZero, int bias, int seekResult);
+SQLITE_PRIVATE int sqlite3BtreeFirst(BtCursor*, int *pRes);
+SQLITE_PRIVATE int sqlite3BtreeLast(BtCursor*, int *pRes);
+SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor*, int *pRes);
+SQLITE_PRIVATE int sqlite3BtreeEof(BtCursor*);
+SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor*, int *pRes);
+SQLITE_PRIVATE int sqlite3BtreeKeySize(BtCursor*, i64 *pSize);
+SQLITE_PRIVATE int sqlite3BtreeKey(BtCursor*, u32 offset, u32 amt, void*);
+SQLITE_PRIVATE const void *sqlite3BtreeKeyFetch(BtCursor*, u32 *pAmt);
+SQLITE_PRIVATE const void *sqlite3BtreeDataFetch(BtCursor*, u32 *pAmt);
+SQLITE_PRIVATE int sqlite3BtreeDataSize(BtCursor*, u32 *pSize);
+SQLITE_PRIVATE int sqlite3BtreeData(BtCursor*, u32 offset, u32 amt, void*);
+
+SQLITE_PRIVATE char *sqlite3BtreeIntegrityCheck(Btree*, int *aRoot, int nRoot, int, int*);
+SQLITE_PRIVATE struct Pager *sqlite3BtreePager(Btree*);
+
+SQLITE_PRIVATE int sqlite3BtreePutData(BtCursor*, u32 offset, u32 amt, void*);
+SQLITE_PRIVATE void sqlite3BtreeIncrblobCursor(BtCursor *);
+SQLITE_PRIVATE void sqlite3BtreeClearCursor(BtCursor *);
+SQLITE_PRIVATE int sqlite3BtreeSetVersion(Btree *pBt, int iVersion);
+SQLITE_PRIVATE int sqlite3BtreeCursorHasHint(BtCursor*, unsigned int mask);
+SQLITE_PRIVATE int sqlite3BtreeIsReadonly(Btree *pBt);
+SQLITE_PRIVATE int sqlite3HeaderSizeBtree(void);
+
+#ifndef NDEBUG
+SQLITE_PRIVATE int sqlite3BtreeCursorIsValid(BtCursor*);
+#endif
+
+#ifndef SQLITE_OMIT_BTREECOUNT
+SQLITE_PRIVATE int sqlite3BtreeCount(BtCursor *, i64 *);
+#endif
+
+#ifdef SQLITE_TEST
+SQLITE_PRIVATE int sqlite3BtreeCursorInfo(BtCursor*, int*, int);
+SQLITE_PRIVATE void sqlite3BtreeCursorList(Btree*);
+#endif
+
+#ifndef SQLITE_OMIT_WAL
+SQLITE_PRIVATE   int sqlite3BtreeCheckpoint(Btree*, int, int *, int *);
+#endif
+
+/*
+** If we are not using shared cache, then there is no need to
+** use mutexes to access the BtShared structures.  So make the
+** Enter and Leave procedures no-ops.
+*/
+#ifndef SQLITE_OMIT_SHARED_CACHE
+SQLITE_PRIVATE   void sqlite3BtreeEnter(Btree*);
+SQLITE_PRIVATE   void sqlite3BtreeEnterAll(sqlite3*);
+#else
+# define sqlite3BtreeEnter(X) 
+# define sqlite3BtreeEnterAll(X)
+#endif
+
+#if !defined(SQLITE_OMIT_SHARED_CACHE) && SQLITE_THREADSAFE
+SQLITE_PRIVATE   int sqlite3BtreeSharable(Btree*);
+SQLITE_PRIVATE   void sqlite3BtreeLeave(Btree*);
+SQLITE_PRIVATE   void sqlite3BtreeEnterCursor(BtCursor*);
+SQLITE_PRIVATE   void sqlite3BtreeLeaveCursor(BtCursor*);
+SQLITE_PRIVATE   void sqlite3BtreeLeaveAll(sqlite3*);
+#ifndef NDEBUG
+  /* These routines are used inside assert() statements only. */
+SQLITE_PRIVATE   int sqlite3BtreeHoldsMutex(Btree*);
+SQLITE_PRIVATE   int sqlite3BtreeHoldsAllMutexes(sqlite3*);
+SQLITE_PRIVATE   int sqlite3SchemaMutexHeld(sqlite3*,int,Schema*);
+#endif
+#else
+
+# define sqlite3BtreeSharable(X) 0
+# define sqlite3BtreeLeave(X)
+# define sqlite3BtreeEnterCursor(X)
+# define sqlite3BtreeLeaveCursor(X)
+# define sqlite3BtreeLeaveAll(X)
+
+# define sqlite3BtreeHoldsMutex(X) 1
+# define sqlite3BtreeHoldsAllMutexes(X) 1
+# define sqlite3SchemaMutexHeld(X,Y,Z) 1
+#endif
+
+
+#endif /* _BTREE_H_ */
+
+/************** End of btree.h ***********************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+/************** Include vdbe.h in the middle of sqliteInt.h ******************/
+/************** Begin file vdbe.h ********************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Header file for the Virtual DataBase Engine (VDBE)
+**
+** This header defines the interface to the virtual database engine
+** or VDBE.  The VDBE implements an abstract machine that runs a
+** simple program to access and modify the underlying database.
+*/
+#ifndef _SQLITE_VDBE_H_
+#define _SQLITE_VDBE_H_
+/* #include <stdio.h> */
+
+/*
+** A single VDBE is an opaque structure named "Vdbe".  Only routines
+** in the source file sqliteVdbe.c are allowed to see the insides
+** of this structure.
+*/
+typedef struct Vdbe Vdbe;
+
+/*
+** The names of the following types declared in vdbeInt.h are required
+** for the VdbeOp definition.
+*/
+typedef struct Mem Mem;
+typedef struct SubProgram SubProgram;
+
+/*
+** A single instruction of the virtual machine has an opcode
+** and as many as three operands.  The instruction is recorded
+** as an instance of the following structure:
+*/
+struct VdbeOp {
+  u8 opcode;          /* What operation to perform */
+  signed char p4type; /* One of the P4_xxx constants for p4 */
+  u8 opflags;         /* Mask of the OPFLG_* flags in opcodes.h */
+  u8 p5;              /* Fifth parameter is an unsigned character */
+  int p1;             /* First operand */
+  int p2;             /* Second parameter (often the jump destination) */
+  int p3;             /* The third parameter */
+  union p4union {     /* fourth parameter */
+    int i;                 /* Integer value if p4type==P4_INT32 */
+    void *p;               /* Generic pointer */
+    char *z;               /* Pointer to data for string (char array) types */
+    i64 *pI64;             /* Used when p4type is P4_INT64 */
+    double *pReal;         /* Used when p4type is P4_REAL */
+    FuncDef *pFunc;        /* Used when p4type is P4_FUNCDEF */
+    sqlite3_context *pCtx; /* Used when p4type is P4_FUNCCTX */
+    CollSeq *pColl;        /* Used when p4type is P4_COLLSEQ */
+    Mem *pMem;             /* Used when p4type is P4_MEM */
+    VTable *pVtab;         /* Used when p4type is P4_VTAB */
+    KeyInfo *pKeyInfo;     /* Used when p4type is P4_KEYINFO */
+    int *ai;               /* Used when p4type is P4_INTARRAY */
+    SubProgram *pProgram;  /* Used when p4type is P4_SUBPROGRAM */
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+    Expr *pExpr;           /* Used when p4type is P4_EXPR */
+#endif
+    int (*xAdvance)(BtCursor *, int *);
+  } p4;
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+  char *zComment;          /* Comment to improve readability */
+#endif
+#ifdef VDBE_PROFILE
+  u32 cnt;                 /* Number of times this instruction was executed */
+  u64 cycles;              /* Total time spent executing this instruction */
+#endif
+#ifdef SQLITE_VDBE_COVERAGE
+  int iSrcLine;            /* Source-code line that generated this opcode */
+#endif
+};
+typedef struct VdbeOp VdbeOp;
+
+
+/*
+** A sub-routine used to implement a trigger program.
+*/
+struct SubProgram {
+  VdbeOp *aOp;                  /* Array of opcodes for sub-program */
+  int nOp;                      /* Elements in aOp[] */
+  int nMem;                     /* Number of memory cells required */
+  int nCsr;                     /* Number of cursors required */
+  int nOnce;                    /* Number of OP_Once instructions */
+  void *token;                  /* id that may be used to recursive triggers */
+  SubProgram *pNext;            /* Next sub-program already visited */
+};
+
+/*
+** A smaller version of VdbeOp used for the VdbeAddOpList() function because
+** it takes up less space.
+*/
+struct VdbeOpList {
+  u8 opcode;          /* What operation to perform */
+  signed char p1;     /* First operand */
+  signed char p2;     /* Second parameter (often the jump destination) */
+  signed char p3;     /* Third parameter */
+};
+typedef struct VdbeOpList VdbeOpList;
+
+/*
+** Allowed values of VdbeOp.p4type
+*/
+#define P4_NOTUSED    0   /* The P4 parameter is not used */
+#define P4_DYNAMIC  (-1)  /* Pointer to a string obtained from sqliteMalloc() */
+#define P4_STATIC   (-2)  /* Pointer to a static string */
+#define P4_COLLSEQ  (-4)  /* P4 is a pointer to a CollSeq structure */
+#define P4_FUNCDEF  (-5)  /* P4 is a pointer to a FuncDef structure */
+#define P4_KEYINFO  (-6)  /* P4 is a pointer to a KeyInfo structure */
+#define P4_EXPR     (-7)  /* P4 is a pointer to an Expr tree */
+#define P4_MEM      (-8)  /* P4 is a pointer to a Mem*    structure */
+#define P4_TRANSIENT  0   /* P4 is a pointer to a transient string */
+#define P4_VTAB     (-10) /* P4 is a pointer to an sqlite3_vtab structure */
+#define P4_MPRINTF  (-11) /* P4 is a string obtained from sqlite3_mprintf() */
+#define P4_REAL     (-12) /* P4 is a 64-bit floating point value */
+#define P4_INT64    (-13) /* P4 is a 64-bit signed integer */
+#define P4_INT32    (-14) /* P4 is a 32-bit signed integer */
+#define P4_INTARRAY (-15) /* P4 is a vector of 32-bit integers */
+#define P4_SUBPROGRAM  (-18) /* P4 is a pointer to a SubProgram structure */
+#define P4_ADVANCE  (-19) /* P4 is a pointer to BtreeNext() or BtreePrev() */
+#define P4_FUNCCTX  (-20) /* P4 is a pointer to an sqlite3_context object */
+
+/* Error message codes for OP_Halt */
+#define P5_ConstraintNotNull 1
+#define P5_ConstraintUnique  2
+#define P5_ConstraintCheck   3
+#define P5_ConstraintFK      4
+
+/*
+** The Vdbe.aColName array contains 5n Mem structures, where n is the 
+** number of columns of data returned by the statement.
+*/
+#define COLNAME_NAME     0
+#define COLNAME_DECLTYPE 1
+#define COLNAME_DATABASE 2
+#define COLNAME_TABLE    3
+#define COLNAME_COLUMN   4
+#ifdef SQLITE_ENABLE_COLUMN_METADATA
+# define COLNAME_N        5      /* Number of COLNAME_xxx symbols */
+#else
+# ifdef SQLITE_OMIT_DECLTYPE
+#   define COLNAME_N      1      /* Store only the name */
+# else
+#   define COLNAME_N      2      /* Store the name and decltype */
+# endif
+#endif
+
+/*
+** The following macro converts a relative address in the p2 field
+** of a VdbeOp structure into a negative number so that 
+** sqlite3VdbeAddOpList() knows that the address is relative.  Calling
+** the macro again restores the address.
+*/
+#define ADDR(X)  (-1-(X))
+
+/*
+** The makefile scans the vdbe.c source file and creates the "opcodes.h"
+** header file that defines a number for each opcode used by the VDBE.
+*/
+/************** Include opcodes.h in the middle of vdbe.h ********************/
+/************** Begin file opcodes.h *****************************************/
+/* Automatically generated.  Do not edit */
+/* See the tool/mkopcodeh.tcl script for details */
+#define OP_Savepoint       1
+#define OP_AutoCommit      2
+#define OP_Transaction     3
+#define OP_SorterNext      4
+#define OP_PrevIfOpen      5
+#define OP_NextIfOpen      6
+#define OP_Prev            7
+#define OP_Next            8
+#define OP_Checkpoint      9
+#define OP_JournalMode    10
+#define OP_Vacuum         11
+#define OP_VFilter        12 /* synopsis: iplan=r[P3] zplan='P4'           */
+#define OP_VUpdate        13 /* synopsis: data=r[P3@P2]                    */
+#define OP_Goto           14
+#define OP_Gosub          15
+#define OP_Return         16
+#define OP_InitCoroutine  17
+#define OP_EndCoroutine   18
+#define OP_Not            19 /* same as TK_NOT, synopsis: r[P2]= !r[P1]    */
+#define OP_Yield          20
+#define OP_HaltIfNull     21 /* synopsis: if r[P3]=null halt               */
+#define OP_Halt           22
+#define OP_Integer        23 /* synopsis: r[P2]=P1                         */
+#define OP_Int64          24 /* synopsis: r[P2]=P4                         */
+#define OP_String         25 /* synopsis: r[P2]='P4' (len=P1)              */
+#define OP_Null           26 /* synopsis: r[P2..P3]=NULL                   */
+#define OP_SoftNull       27 /* synopsis: r[P1]=NULL                       */
+#define OP_Blob           28 /* synopsis: r[P2]=P4 (len=P1)                */
+#define OP_Variable       29 /* synopsis: r[P2]=parameter(P1,P4)           */
+#define OP_Move           30 /* synopsis: r[P2@P3]=r[P1@P3]                */
+#define OP_Copy           31 /* synopsis: r[P2@P3+1]=r[P1@P3+1]            */
+#define OP_SCopy          32 /* synopsis: r[P2]=r[P1]                      */
+#define OP_IntCopy        33 /* synopsis: r[P2]=r[P1]                      */
+#define OP_ResultRow      34 /* synopsis: output=r[P1@P2]                  */
+#define OP_CollSeq        35
+#define OP_Function0      36 /* synopsis: r[P3]=func(r[P2@P5])             */
+#define OP_Function       37 /* synopsis: r[P3]=func(r[P2@P5])             */
+#define OP_AddImm         38 /* synopsis: r[P1]=r[P1]+P2                   */
+#define OP_MustBeInt      39
+#define OP_RealAffinity   40
+#define OP_Cast           41 /* synopsis: affinity(r[P1])                  */
+#define OP_Permutation    42
+#define OP_Compare        43 /* synopsis: r[P1@P3] <-> r[P2@P3]            */
+#define OP_Jump           44
+#define OP_Once           45
+#define OP_If             46
+#define OP_IfNot          47
+#define OP_Column         48 /* synopsis: r[P3]=PX                         */
+#define OP_Affinity       49 /* synopsis: affinity(r[P1@P2])               */
+#define OP_MakeRecord     50 /* synopsis: r[P3]=mkrec(r[P1@P2])            */
+#define OP_Count          51 /* synopsis: r[P2]=count()                    */
+#define OP_ReadCookie     52
+#define OP_SetCookie      53
+#define OP_ReopenIdx      54 /* synopsis: root=P2 iDb=P3                   */
+#define OP_OpenRead       55 /* synopsis: root=P2 iDb=P3                   */
+#define OP_OpenWrite      56 /* synopsis: root=P2 iDb=P3                   */
+#define OP_OpenAutoindex  57 /* synopsis: nColumn=P2                       */
+#define OP_OpenEphemeral  58 /* synopsis: nColumn=P2                       */
+#define OP_SorterOpen     59
+#define OP_SequenceTest   60 /* synopsis: if( cursor[P1].ctr++ ) pc = P2   */
+#define OP_OpenPseudo     61 /* synopsis: P3 columns in r[P2]              */
+#define OP_Close          62
+#define OP_ColumnsUsed    63
+#define OP_SeekLT         64 /* synopsis: key=r[P3@P4]                     */
+#define OP_SeekLE         65 /* synopsis: key=r[P3@P4]                     */
+#define OP_SeekGE         66 /* synopsis: key=r[P3@P4]                     */
+#define OP_SeekGT         67 /* synopsis: key=r[P3@P4]                     */
+#define OP_Seek           68 /* synopsis: intkey=r[P2]                     */
+#define OP_NoConflict     69 /* synopsis: key=r[P3@P4]                     */
+#define OP_NotFound       70 /* synopsis: key=r[P3@P4]                     */
+#define OP_Or             71 /* same as TK_OR, synopsis: r[P3]=(r[P1] || r[P2]) */
+#define OP_And            72 /* same as TK_AND, synopsis: r[P3]=(r[P1] && r[P2]) */
+#define OP_Found          73 /* synopsis: key=r[P3@P4]                     */
+#define OP_NotExists      74 /* synopsis: intkey=r[P3]                     */
+#define OP_Sequence       75 /* synopsis: r[P2]=cursor[P1].ctr++           */
+#define OP_IsNull         76 /* same as TK_ISNULL, synopsis: if r[P1]==NULL goto P2 */
+#define OP_NotNull        77 /* same as TK_NOTNULL, synopsis: if r[P1]!=NULL goto P2 */
+#define OP_Ne             78 /* same as TK_NE, synopsis: if r[P1]!=r[P3] goto P2 */
+#define OP_Eq             79 /* same as TK_EQ, synopsis: if r[P1]==r[P3] goto P2 */
+#define OP_Gt             80 /* same as TK_GT, synopsis: if r[P1]>r[P3] goto P2 */
+#define OP_Le             81 /* same as TK_LE, synopsis: if r[P1]<=r[P3] goto P2 */
+#define OP_Lt             82 /* same as TK_LT, synopsis: if r[P1]<r[P3] goto P2 */
+#define OP_Ge             83 /* same as TK_GE, synopsis: if r[P1]>=r[P3] goto P2 */
+#define OP_NewRowid       84 /* synopsis: r[P2]=rowid                      */
+#define OP_BitAnd         85 /* same as TK_BITAND, synopsis: r[P3]=r[P1]&r[P2] */
+#define OP_BitOr          86 /* same as TK_BITOR, synopsis: r[P3]=r[P1]|r[P2] */
+#define OP_ShiftLeft      87 /* same as TK_LSHIFT, synopsis: r[P3]=r[P2]<<r[P1] */
+#define OP_ShiftRight     88 /* same as TK_RSHIFT, synopsis: r[P3]=r[P2]>>r[P1] */
+#define OP_Add            89 /* same as TK_PLUS, synopsis: r[P3]=r[P1]+r[P2] */
+#define OP_Subtract       90 /* same as TK_MINUS, synopsis: r[P3]=r[P2]-r[P1] */
+#define OP_Multiply       91 /* same as TK_STAR, synopsis: r[P3]=r[P1]*r[P2] */
+#define OP_Divide         92 /* same as TK_SLASH, synopsis: r[P3]=r[P2]/r[P1] */
+#define OP_Remainder      93 /* same as TK_REM, synopsis: r[P3]=r[P2]%r[P1] */
+#define OP_Concat         94 /* same as TK_CONCAT, synopsis: r[P3]=r[P2]+r[P1] */
+#define OP_Insert         95 /* synopsis: intkey=r[P3] data=r[P2]          */
+#define OP_BitNot         96 /* same as TK_BITNOT, synopsis: r[P1]= ~r[P1] */
+#define OP_String8        97 /* same as TK_STRING, synopsis: r[P2]='P4'    */
+#define OP_InsertInt      98 /* synopsis: intkey=P3 data=r[P2]             */
+#define OP_Delete         99
+#define OP_ResetCount    100
+#define OP_SorterCompare 101 /* synopsis: if key(P1)!=trim(r[P3],P4) goto P2 */
+#define OP_SorterData    102 /* synopsis: r[P2]=data                       */
+#define OP_RowKey        103 /* synopsis: r[P2]=key                        */
+#define OP_RowData       104 /* synopsis: r[P2]=data                       */
+#define OP_Rowid         105 /* synopsis: r[P2]=rowid                      */
+#define OP_NullRow       106
+#define OP_Last          107
+#define OP_SorterSort    108
+#define OP_Sort          109
+#define OP_Rewind        110
+#define OP_SorterInsert  111
+#define OP_IdxInsert     112 /* synopsis: key=r[P2]                        */
+#define OP_IdxDelete     113 /* synopsis: key=r[P2@P3]                     */
+#define OP_IdxRowid      114 /* synopsis: r[P2]=rowid                      */
+#define OP_IdxLE         115 /* synopsis: key=r[P3@P4]                     */
+#define OP_IdxGT         116 /* synopsis: key=r[P3@P4]                     */
+#define OP_IdxLT         117 /* synopsis: key=r[P3@P4]                     */
+#define OP_IdxGE         118 /* synopsis: key=r[P3@P4]                     */
+#define OP_Destroy       119
+#define OP_Clear         120
+#define OP_ResetSorter   121
+#define OP_CreateIndex   122 /* synopsis: r[P2]=root iDb=P1                */
+#define OP_CreateTable   123 /* synopsis: r[P2]=root iDb=P1                */
+#define OP_ParseSchema   124
+#define OP_LoadAnalysis  125
+#define OP_DropTable     126
+#define OP_DropIndex     127
+#define OP_DropTrigger   128
+#define OP_IntegrityCk   129
+#define OP_RowSetAdd     130 /* synopsis: rowset(P1)=r[P2]                 */
+#define OP_RowSetRead    131 /* synopsis: r[P3]=rowset(P1)                 */
+#define OP_RowSetTest    132 /* synopsis: if r[P3] in rowset(P1) goto P2   */
+#define OP_Real          133 /* same as TK_FLOAT, synopsis: r[P2]=P4       */
+#define OP_Program       134
+#define OP_Param         135
+#define OP_FkCounter     136 /* synopsis: fkctr[P1]+=P2                    */
+#define OP_FkIfZero      137 /* synopsis: if fkctr[P1]==0 goto P2          */
+#define OP_MemMax        138 /* synopsis: r[P1]=max(r[P1],r[P2])           */
+#define OP_IfPos         139 /* synopsis: if r[P1]>0 then r[P1]-=P3, goto P2 */
+#define OP_SetIfNotPos   140 /* synopsis: if r[P1]<=0 then r[P2]=P3        */
+#define OP_IfNotZero     141 /* synopsis: if r[P1]!=0 then r[P1]-=P3, goto P2 */
+#define OP_DecrJumpZero  142 /* synopsis: if (--r[P1])==0 goto P2          */
+#define OP_JumpZeroIncr  143 /* synopsis: if (r[P1]++)==0 ) goto P2        */
+#define OP_AggStep0      144 /* synopsis: accum=r[P3] step(r[P2@P5])       */
+#define OP_AggStep       145 /* synopsis: accum=r[P3] step(r[P2@P5])       */
+#define OP_AggFinal      146 /* synopsis: accum=r[P1] N=P2                 */
+#define OP_IncrVacuum    147
+#define OP_Expire        148
+#define OP_TableLock     149 /* synopsis: iDb=P1 root=P2 write=P3          */
+#define OP_VBegin        150
+#define OP_VCreate       151
+#define OP_VDestroy      152
+#define OP_VOpen         153
+#define OP_VColumn       154 /* synopsis: r[P3]=vcolumn(P2)                */
+#define OP_VNext         155
+#define OP_VRename       156
+#define OP_Pagecount     157
+#define OP_MaxPgcnt      158
+#define OP_Init          159 /* synopsis: Start at P2                      */
+#define OP_CursorHint    160
+#define OP_Noop          161
+#define OP_Explain       162
+
+/* Properties such as "out2" or "jump" that are specified in
+** comments following the "case" for each opcode in the vdbe.c
+** are encoded into bitvectors as follows:
+*/
+#define OPFLG_JUMP            0x0001  /* jump:  P2 holds jmp target */
+#define OPFLG_IN1             0x0002  /* in1:   P1 is an input */
+#define OPFLG_IN2             0x0004  /* in2:   P2 is an input */
+#define OPFLG_IN3             0x0008  /* in3:   P3 is an input */
+#define OPFLG_OUT2            0x0010  /* out2:  P2 is an output */
+#define OPFLG_OUT3            0x0020  /* out3:  P3 is an output */
+#define OPFLG_INITIALIZER {\
+/*   0 */ 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01,\
+/*   8 */ 0x01, 0x00, 0x10, 0x00, 0x01, 0x00, 0x01, 0x01,\
+/*  16 */ 0x02, 0x01, 0x02, 0x12, 0x03, 0x08, 0x00, 0x10,\
+/*  24 */ 0x10, 0x10, 0x10, 0x00, 0x10, 0x10, 0x00, 0x00,\
+/*  32 */ 0x10, 0x10, 0x00, 0x00, 0x00, 0x00, 0x02, 0x03,\
+/*  40 */ 0x02, 0x02, 0x00, 0x00, 0x01, 0x01, 0x03, 0x03,\
+/*  48 */ 0x00, 0x00, 0x00, 0x10, 0x10, 0x08, 0x00, 0x00,\
+/*  56 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\
+/*  64 */ 0x09, 0x09, 0x09, 0x09, 0x04, 0x09, 0x09, 0x26,\
+/*  72 */ 0x26, 0x09, 0x09, 0x10, 0x03, 0x03, 0x0b, 0x0b,\
+/*  80 */ 0x0b, 0x0b, 0x0b, 0x0b, 0x10, 0x26, 0x26, 0x26,\
+/*  88 */ 0x26, 0x26, 0x26, 0x26, 0x26, 0x26, 0x26, 0x00,\
+/*  96 */ 0x12, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\
+/* 104 */ 0x00, 0x10, 0x00, 0x01, 0x01, 0x01, 0x01, 0x04,\
+/* 112 */ 0x04, 0x00, 0x10, 0x01, 0x01, 0x01, 0x01, 0x10,\
+/* 120 */ 0x00, 0x00, 0x10, 0x10, 0x00, 0x00, 0x00, 0x00,\
+/* 128 */ 0x00, 0x00, 0x06, 0x23, 0x0b, 0x10, 0x01, 0x10,\
+/* 136 */ 0x00, 0x01, 0x04, 0x03, 0x06, 0x03, 0x03, 0x03,\
+/* 144 */ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,\
+/* 152 */ 0x00, 0x00, 0x00, 0x01, 0x00, 0x10, 0x10, 0x01,\
+/* 160 */ 0x00, 0x00, 0x00,}
+
+/************** End of opcodes.h *********************************************/
+/************** Continuing where we left off in vdbe.h ***********************/
+
+/*
+** Prototypes for the VDBE interface.  See comments on the implementation
+** for a description of what each of these routines does.
+*/
+SQLITE_PRIVATE Vdbe *sqlite3VdbeCreate(Parse*);
+SQLITE_PRIVATE int sqlite3VdbeAddOp0(Vdbe*,int);
+SQLITE_PRIVATE int sqlite3VdbeAddOp1(Vdbe*,int,int);
+SQLITE_PRIVATE int sqlite3VdbeAddOp2(Vdbe*,int,int,int);
+SQLITE_PRIVATE int sqlite3VdbeGoto(Vdbe*,int);
+SQLITE_PRIVATE int sqlite3VdbeLoadString(Vdbe*,int,const char*);
+SQLITE_PRIVATE void sqlite3VdbeMultiLoad(Vdbe*,int,const char*,...);
+SQLITE_PRIVATE int sqlite3VdbeAddOp3(Vdbe*,int,int,int,int);
+SQLITE_PRIVATE int sqlite3VdbeAddOp4(Vdbe*,int,int,int,int,const char *zP4,int);
+SQLITE_PRIVATE int sqlite3VdbeAddOp4Dup8(Vdbe*,int,int,int,int,const u8*,int);
+SQLITE_PRIVATE int sqlite3VdbeAddOp4Int(Vdbe*,int,int,int,int,int);
+SQLITE_PRIVATE int sqlite3VdbeAddOpList(Vdbe*, int nOp, VdbeOpList const *aOp, int iLineno);
+SQLITE_PRIVATE void sqlite3VdbeAddParseSchemaOp(Vdbe*,int,char*);
+SQLITE_PRIVATE void sqlite3VdbeChangeOpcode(Vdbe*, u32 addr, u8);
+SQLITE_PRIVATE void sqlite3VdbeChangeP1(Vdbe*, u32 addr, int P1);
+SQLITE_PRIVATE void sqlite3VdbeChangeP2(Vdbe*, u32 addr, int P2);
+SQLITE_PRIVATE void sqlite3VdbeChangeP3(Vdbe*, u32 addr, int P3);
+SQLITE_PRIVATE void sqlite3VdbeChangeP5(Vdbe*, u8 P5);
+SQLITE_PRIVATE void sqlite3VdbeJumpHere(Vdbe*, int addr);
+SQLITE_PRIVATE void sqlite3VdbeChangeToNoop(Vdbe*, int addr);
+SQLITE_PRIVATE int sqlite3VdbeDeletePriorOpcode(Vdbe*, u8 op);
+SQLITE_PRIVATE void sqlite3VdbeChangeP4(Vdbe*, int addr, const char *zP4, int N);
+SQLITE_PRIVATE void sqlite3VdbeSetP4KeyInfo(Parse*, Index*);
+SQLITE_PRIVATE void sqlite3VdbeUsesBtree(Vdbe*, int);
+SQLITE_PRIVATE VdbeOp *sqlite3VdbeGetOp(Vdbe*, int);
+SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeRunOnlyOnce(Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeDelete(Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeClearObject(sqlite3*,Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeMakeReady(Vdbe*,Parse*);
+SQLITE_PRIVATE int sqlite3VdbeFinalize(Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeResolveLabel(Vdbe*, int);
+SQLITE_PRIVATE int sqlite3VdbeCurrentAddr(Vdbe*);
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE   int sqlite3VdbeAssertMayAbort(Vdbe *, int);
+#endif
+SQLITE_PRIVATE void sqlite3VdbeResetStepResult(Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeRewind(Vdbe*);
+SQLITE_PRIVATE int sqlite3VdbeReset(Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe*,int);
+SQLITE_PRIVATE int sqlite3VdbeSetColName(Vdbe*, int, int, const char *, void(*)(void*));
+SQLITE_PRIVATE void sqlite3VdbeCountChanges(Vdbe*);
+SQLITE_PRIVATE sqlite3 *sqlite3VdbeDb(Vdbe*);
+SQLITE_PRIVATE void sqlite3VdbeSetSql(Vdbe*, const char *z, int n, int);
+SQLITE_PRIVATE void sqlite3VdbeSwap(Vdbe*,Vdbe*);
+SQLITE_PRIVATE VdbeOp *sqlite3VdbeTakeOpArray(Vdbe*, int*, int*);
+SQLITE_PRIVATE sqlite3_value *sqlite3VdbeGetBoundValue(Vdbe*, int, u8);
+SQLITE_PRIVATE void sqlite3VdbeSetVarmask(Vdbe*, int);
+#ifndef SQLITE_OMIT_TRACE
+SQLITE_PRIVATE   char *sqlite3VdbeExpandSql(Vdbe*, const char*);
+#endif
+SQLITE_PRIVATE int sqlite3MemCompare(const Mem*, const Mem*, const CollSeq*);
+
+SQLITE_PRIVATE void sqlite3VdbeRecordUnpack(KeyInfo*,int,const void*,UnpackedRecord*);
+SQLITE_PRIVATE int sqlite3VdbeRecordCompare(int,const void*,UnpackedRecord*);
+SQLITE_PRIVATE int sqlite3VdbeRecordCompareWithSkip(int, const void *, UnpackedRecord *, int);
+SQLITE_PRIVATE UnpackedRecord *sqlite3VdbeAllocUnpackedRecord(KeyInfo *, char *, int, char **);
+
+typedef int (*RecordCompare)(int,const void*,UnpackedRecord*);
+SQLITE_PRIVATE RecordCompare sqlite3VdbeFindCompare(UnpackedRecord*);
+
+#ifndef SQLITE_OMIT_TRIGGER
+SQLITE_PRIVATE void sqlite3VdbeLinkSubProgram(Vdbe *, SubProgram *);
+#endif
+
+/* Use SQLITE_ENABLE_COMMENTS to enable generation of extra comments on
+** each VDBE opcode.
+**
+** Use the SQLITE_ENABLE_MODULE_COMMENTS macro to see some extra no-op
+** comments in VDBE programs that show key decision points in the code
+** generator.
+*/
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+SQLITE_PRIVATE   void sqlite3VdbeComment(Vdbe*, const char*, ...);
+# define VdbeComment(X)  sqlite3VdbeComment X
+SQLITE_PRIVATE   void sqlite3VdbeNoopComment(Vdbe*, const char*, ...);
+# define VdbeNoopComment(X)  sqlite3VdbeNoopComment X
+# ifdef SQLITE_ENABLE_MODULE_COMMENTS
+#   define VdbeModuleComment(X)  sqlite3VdbeNoopComment X
+# else
+#   define VdbeModuleComment(X)
+# endif
+#else
+# define VdbeComment(X)
+# define VdbeNoopComment(X)
+# define VdbeModuleComment(X)
+#endif
+
+/*
+** The VdbeCoverage macros are used to set a coverage testing point
+** for VDBE branch instructions.  The coverage testing points are line
+** numbers in the sqlite3.c source file.  VDBE branch coverage testing
+** only works with an amalagmation build.  That's ok since a VDBE branch
+** coverage build designed for testing the test suite only.  No application
+** should ever ship with VDBE branch coverage measuring turned on.
+**
+**    VdbeCoverage(v)                  // Mark the previously coded instruction
+**                                     // as a branch
+**
+**    VdbeCoverageIf(v, conditional)   // Mark previous if conditional true
+**
+**    VdbeCoverageAlwaysTaken(v)       // Previous branch is always taken
+**
+**    VdbeCoverageNeverTaken(v)        // Previous branch is never taken
+**
+** Every VDBE branch operation must be tagged with one of the macros above.
+** If not, then when "make test" is run with -DSQLITE_VDBE_COVERAGE and
+** -DSQLITE_DEBUG then an ALWAYS() will fail in the vdbeTakeBranch()
+** routine in vdbe.c, alerting the developer to the missed tag.
+*/
+#ifdef SQLITE_VDBE_COVERAGE
+SQLITE_PRIVATE   void sqlite3VdbeSetLineNumber(Vdbe*,int);
+# define VdbeCoverage(v) sqlite3VdbeSetLineNumber(v,__LINE__)
+# define VdbeCoverageIf(v,x) if(x)sqlite3VdbeSetLineNumber(v,__LINE__)
+# define VdbeCoverageAlwaysTaken(v) sqlite3VdbeSetLineNumber(v,2);
+# define VdbeCoverageNeverTaken(v) sqlite3VdbeSetLineNumber(v,1);
+# define VDBE_OFFSET_LINENO(x) (__LINE__+x)
+#else
+# define VdbeCoverage(v)
+# define VdbeCoverageIf(v,x)
+# define VdbeCoverageAlwaysTaken(v)
+# define VdbeCoverageNeverTaken(v)
+# define VDBE_OFFSET_LINENO(x) 0
+#endif
+
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+SQLITE_PRIVATE void sqlite3VdbeScanStatus(Vdbe*, int, int, int, LogEst, const char*);
+#else
+# define sqlite3VdbeScanStatus(a,b,c,d,e)
+#endif
+
+#endif
+
+/************** End of vdbe.h ************************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+/************** Include pager.h in the middle of sqliteInt.h *****************/
+/************** Begin file pager.h *******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This header file defines the interface that the sqlite page cache
+** subsystem.  The page cache subsystem reads and writes a file a page
+** at a time and provides a journal for rollback.
+*/
+
+#ifndef _PAGER_H_
+#define _PAGER_H_
+
+/*
+** Default maximum size for persistent journal files. A negative 
+** value means no limit. This value may be overridden using the 
+** sqlite3PagerJournalSizeLimit() API. See also "PRAGMA journal_size_limit".
+*/
+#ifndef SQLITE_DEFAULT_JOURNAL_SIZE_LIMIT
+  #define SQLITE_DEFAULT_JOURNAL_SIZE_LIMIT -1
+#endif
+
+/*
+** The type used to represent a page number.  The first page in a file
+** is called page 1.  0 is used to represent "not a page".
+*/
+typedef u32 Pgno;
+
+/*
+** Each open file is managed by a separate instance of the "Pager" structure.
+*/
+typedef struct Pager Pager;
+
+/*
+** Handle type for pages.
+*/
+typedef struct PgHdr DbPage;
+
+/*
+** Page number PAGER_MJ_PGNO is never used in an SQLite database (it is
+** reserved for working around a windows/posix incompatibility). It is
+** used in the journal to signify that the remainder of the journal file 
+** is devoted to storing a master journal name - there are no more pages to
+** roll back. See comments for function writeMasterJournal() in pager.c 
+** for details.
+*/
+#define PAGER_MJ_PGNO(x) ((Pgno)((PENDING_BYTE/((x)->pageSize))+1))
+
+/*
+** Allowed values for the flags parameter to sqlite3PagerOpen().
+**
+** NOTE: These values must match the corresponding BTREE_ values in btree.h.
+*/
+#define PAGER_OMIT_JOURNAL  0x0001    /* Do not use a rollback journal */
+#define PAGER_MEMORY        0x0002    /* In-memory database */
+
+/*
+** Valid values for the second argument to sqlite3PagerLockingMode().
+*/
+#define PAGER_LOCKINGMODE_QUERY      -1
+#define PAGER_LOCKINGMODE_NORMAL      0
+#define PAGER_LOCKINGMODE_EXCLUSIVE   1
+
+/*
+** Numeric constants that encode the journalmode.  
+*/
+#define PAGER_JOURNALMODE_QUERY     (-1)  /* Query the value of journalmode */
+#define PAGER_JOURNALMODE_DELETE      0   /* Commit by deleting journal file */
+#define PAGER_JOURNALMODE_PERSIST     1   /* Commit by zeroing journal header */
+#define PAGER_JOURNALMODE_OFF         2   /* Journal omitted.  */
+#define PAGER_JOURNALMODE_TRUNCATE    3   /* Commit by truncating journal */
+#define PAGER_JOURNALMODE_MEMORY      4   /* In-memory journal file */
+#define PAGER_JOURNALMODE_WAL         5   /* Use write-ahead logging */
+
+/*
+** Flags that make up the mask passed to sqlite3PagerGet().
+*/
+#define PAGER_GET_NOCONTENT     0x01  /* Do not load data from disk */
+#define PAGER_GET_READONLY      0x02  /* Read-only page is acceptable */
+
+/*
+** Flags for sqlite3PagerSetFlags()
+*/
+#define PAGER_SYNCHRONOUS_OFF       0x01  /* PRAGMA synchronous=OFF */
+#define PAGER_SYNCHRONOUS_NORMAL    0x02  /* PRAGMA synchronous=NORMAL */
+#define PAGER_SYNCHRONOUS_FULL      0x03  /* PRAGMA synchronous=FULL */
+#define PAGER_SYNCHRONOUS_MASK      0x03  /* Mask for three values above */
+#define PAGER_FULLFSYNC             0x04  /* PRAGMA fullfsync=ON */
+#define PAGER_CKPT_FULLFSYNC        0x08  /* PRAGMA checkpoint_fullfsync=ON */
+#define PAGER_CACHESPILL            0x10  /* PRAGMA cache_spill=ON */
+#define PAGER_FLAGS_MASK            0x1c  /* All above except SYNCHRONOUS */
+
+/*
+** The remainder of this file contains the declarations of the functions
+** that make up the Pager sub-system API. See source code comments for 
+** a detailed description of each routine.
+*/
+
+/* Open and close a Pager connection. */ 
+SQLITE_PRIVATE int sqlite3PagerOpen(
+  sqlite3_vfs*,
+  Pager **ppPager,
+  const char*,
+  int,
+  int,
+  int,
+  void(*)(DbPage*)
+);
+SQLITE_PRIVATE int sqlite3PagerClose(Pager *pPager);
+SQLITE_PRIVATE int sqlite3PagerReadFileheader(Pager*, int, unsigned char*);
+
+/* Functions used to configure a Pager object. */
+SQLITE_PRIVATE void sqlite3PagerSetBusyhandler(Pager*, int(*)(void *), void *);
+SQLITE_PRIVATE int sqlite3PagerSetPagesize(Pager*, u32*, int);
+#ifdef SQLITE_HAS_CODEC
+SQLITE_PRIVATE void sqlite3PagerAlignReserve(Pager*,Pager*);
+#endif
+SQLITE_PRIVATE int sqlite3PagerMaxPageCount(Pager*, int);
+SQLITE_PRIVATE void sqlite3PagerSetCachesize(Pager*, int);
+SQLITE_PRIVATE int sqlite3PagerSetSpillsize(Pager*, int);
+SQLITE_PRIVATE void sqlite3PagerSetMmapLimit(Pager *, sqlite3_int64);
+SQLITE_PRIVATE void sqlite3PagerShrink(Pager*);
+SQLITE_PRIVATE void sqlite3PagerSetFlags(Pager*,unsigned);
+SQLITE_PRIVATE int sqlite3PagerLockingMode(Pager *, int);
+SQLITE_PRIVATE int sqlite3PagerSetJournalMode(Pager *, int);
+SQLITE_PRIVATE int sqlite3PagerGetJournalMode(Pager*);
+SQLITE_PRIVATE int sqlite3PagerOkToChangeJournalMode(Pager*);
+SQLITE_PRIVATE i64 sqlite3PagerJournalSizeLimit(Pager *, i64);
+SQLITE_PRIVATE sqlite3_backup **sqlite3PagerBackupPtr(Pager*);
+SQLITE_PRIVATE int sqlite3PagerFlush(Pager*);
+
+/* Functions used to obtain and release page references. */ 
+SQLITE_PRIVATE int sqlite3PagerGet(Pager *pPager, Pgno pgno, DbPage **ppPage, int clrFlag);
+SQLITE_PRIVATE DbPage *sqlite3PagerLookup(Pager *pPager, Pgno pgno);
+SQLITE_PRIVATE void sqlite3PagerRef(DbPage*);
+SQLITE_PRIVATE void sqlite3PagerUnref(DbPage*);
+SQLITE_PRIVATE void sqlite3PagerUnrefNotNull(DbPage*);
+
+/* Operations on page references. */
+SQLITE_PRIVATE int sqlite3PagerWrite(DbPage*);
+SQLITE_PRIVATE void sqlite3PagerDontWrite(DbPage*);
+SQLITE_PRIVATE int sqlite3PagerMovepage(Pager*,DbPage*,Pgno,int);
+SQLITE_PRIVATE int sqlite3PagerPageRefcount(DbPage*);
+SQLITE_PRIVATE void *sqlite3PagerGetData(DbPage *); 
+SQLITE_PRIVATE void *sqlite3PagerGetExtra(DbPage *); 
+
+/* Functions used to manage pager transactions and savepoints. */
+SQLITE_PRIVATE void sqlite3PagerPagecount(Pager*, int*);
+SQLITE_PRIVATE int sqlite3PagerBegin(Pager*, int exFlag, int);
+SQLITE_PRIVATE int sqlite3PagerCommitPhaseOne(Pager*,const char *zMaster, int);
+SQLITE_PRIVATE int sqlite3PagerExclusiveLock(Pager*);
+SQLITE_PRIVATE int sqlite3PagerSync(Pager *pPager, const char *zMaster);
+SQLITE_PRIVATE int sqlite3PagerCommitPhaseTwo(Pager*);
+SQLITE_PRIVATE int sqlite3PagerRollback(Pager*);
+SQLITE_PRIVATE int sqlite3PagerOpenSavepoint(Pager *pPager, int n);
+SQLITE_PRIVATE int sqlite3PagerSavepoint(Pager *pPager, int op, int iSavepoint);
+SQLITE_PRIVATE int sqlite3PagerSharedLock(Pager *pPager);
+
+#ifndef SQLITE_OMIT_WAL
+SQLITE_PRIVATE   int sqlite3PagerCheckpoint(Pager *pPager, int, int*, int*);
+SQLITE_PRIVATE   int sqlite3PagerWalSupported(Pager *pPager);
+SQLITE_PRIVATE   int sqlite3PagerWalCallback(Pager *pPager);
+SQLITE_PRIVATE   int sqlite3PagerOpenWal(Pager *pPager, int *pisOpen);
+SQLITE_PRIVATE   int sqlite3PagerCloseWal(Pager *pPager);
+# ifdef SQLITE_ENABLE_SNAPSHOT
+SQLITE_PRIVATE   int sqlite3PagerSnapshotGet(Pager *pPager, sqlite3_snapshot **ppSnapshot);
+SQLITE_PRIVATE   int sqlite3PagerSnapshotOpen(Pager *pPager, sqlite3_snapshot *pSnapshot);
+# endif
+#endif
+
+#ifdef SQLITE_ENABLE_ZIPVFS
+SQLITE_PRIVATE   int sqlite3PagerWalFramesize(Pager *pPager);
+#endif
+
+/* Functions used to query pager state and configuration. */
+SQLITE_PRIVATE u8 sqlite3PagerIsreadonly(Pager*);
+SQLITE_PRIVATE u32 sqlite3PagerDataVersion(Pager*);
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE   int sqlite3PagerRefcount(Pager*);
+#endif
+SQLITE_PRIVATE int sqlite3PagerMemUsed(Pager*);
+SQLITE_PRIVATE const char *sqlite3PagerFilename(Pager*, int);
+SQLITE_PRIVATE sqlite3_vfs *sqlite3PagerVfs(Pager*);
+SQLITE_PRIVATE sqlite3_file *sqlite3PagerFile(Pager*);
+SQLITE_PRIVATE sqlite3_file *sqlite3PagerJrnlFile(Pager*);
+SQLITE_PRIVATE const char *sqlite3PagerJournalname(Pager*);
+SQLITE_PRIVATE int sqlite3PagerNosync(Pager*);
+SQLITE_PRIVATE void *sqlite3PagerTempSpace(Pager*);
+SQLITE_PRIVATE int sqlite3PagerIsMemdb(Pager*);
+SQLITE_PRIVATE void sqlite3PagerCacheStat(Pager *, int, int, int *);
+SQLITE_PRIVATE void sqlite3PagerClearCache(Pager *);
+SQLITE_PRIVATE int sqlite3SectorSize(sqlite3_file *);
+
+/* Functions used to truncate the database file. */
+SQLITE_PRIVATE void sqlite3PagerTruncateImage(Pager*,Pgno);
+
+SQLITE_PRIVATE void sqlite3PagerRekey(DbPage*, Pgno, u16);
+
+#if defined(SQLITE_HAS_CODEC) && !defined(SQLITE_OMIT_WAL)
+SQLITE_PRIVATE void *sqlite3PagerCodec(DbPage *);
+#endif
+
+/* Functions to support testing and debugging. */
+#if !defined(NDEBUG) || defined(SQLITE_TEST)
+SQLITE_PRIVATE   Pgno sqlite3PagerPagenumber(DbPage*);
+SQLITE_PRIVATE   int sqlite3PagerIswriteable(DbPage*);
+#endif
+#ifdef SQLITE_TEST
+SQLITE_PRIVATE   int *sqlite3PagerStats(Pager*);
+SQLITE_PRIVATE   void sqlite3PagerRefdump(Pager*);
+  void disable_simulated_io_errors(void);
+  void enable_simulated_io_errors(void);
+#else
+# define disable_simulated_io_errors()
+# define enable_simulated_io_errors()
+#endif
+
+#endif /* _PAGER_H_ */
+
+/************** End of pager.h ***********************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+/************** Include pcache.h in the middle of sqliteInt.h ****************/
+/************** Begin file pcache.h ******************************************/
+/*
+** 2008 August 05
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This header file defines the interface that the sqlite page cache
+** subsystem. 
+*/
+
+#ifndef _PCACHE_H_
+
+typedef struct PgHdr PgHdr;
+typedef struct PCache PCache;
+
+/*
+** Every page in the cache is controlled by an instance of the following
+** structure.
+*/
+struct PgHdr {
+  sqlite3_pcache_page *pPage;    /* Pcache object page handle */
+  void *pData;                   /* Page data */
+  void *pExtra;                  /* Extra content */
+  PgHdr *pDirty;                 /* Transient list of dirty pages */
+  Pager *pPager;                 /* The pager this page is part of */
+  Pgno pgno;                     /* Page number for this page */
+#ifdef SQLITE_CHECK_PAGES
+  u32 pageHash;                  /* Hash of page content */
+#endif
+  u16 flags;                     /* PGHDR flags defined below */
+
+  /**********************************************************************
+  ** Elements above are public.  All that follows is private to pcache.c
+  ** and should not be accessed by other modules.
+  */
+  i16 nRef;                      /* Number of users of this page */
+  PCache *pCache;                /* Cache that owns this page */
+
+  PgHdr *pDirtyNext;             /* Next element in list of dirty pages */
+  PgHdr *pDirtyPrev;             /* Previous element in list of dirty pages */
+};
+
+/* Bit values for PgHdr.flags */
+#define PGHDR_CLEAN           0x001  /* Page not on the PCache.pDirty list */
+#define PGHDR_DIRTY           0x002  /* Page is on the PCache.pDirty list */
+#define PGHDR_WRITEABLE       0x004  /* Journaled and ready to modify */
+#define PGHDR_NEED_SYNC       0x008  /* Fsync the rollback journal before
+                                     ** writing this page to the database */
+#define PGHDR_NEED_READ       0x010  /* Content is unread */
+#define PGHDR_DONT_WRITE      0x020  /* Do not write content to disk */
+#define PGHDR_MMAP            0x040  /* This is an mmap page object */
+
+/* Initialize and shutdown the page cache subsystem */
+SQLITE_PRIVATE int sqlite3PcacheInitialize(void);
+SQLITE_PRIVATE void sqlite3PcacheShutdown(void);
+
+/* Page cache buffer management:
+** These routines implement SQLITE_CONFIG_PAGECACHE.
+*/
+SQLITE_PRIVATE void sqlite3PCacheBufferSetup(void *, int sz, int n);
+
+/* Create a new pager cache.
+** Under memory stress, invoke xStress to try to make pages clean.
+** Only clean and unpinned pages can be reclaimed.
+*/
+SQLITE_PRIVATE int sqlite3PcacheOpen(
+  int szPage,                    /* Size of every page */
+  int szExtra,                   /* Extra space associated with each page */
+  int bPurgeable,                /* True if pages are on backing store */
+  int (*xStress)(void*, PgHdr*), /* Call to try to make pages clean */
+  void *pStress,                 /* Argument to xStress */
+  PCache *pToInit                /* Preallocated space for the PCache */
+);
+
+/* Modify the page-size after the cache has been created. */
+SQLITE_PRIVATE int sqlite3PcacheSetPageSize(PCache *, int);
+
+/* Return the size in bytes of a PCache object.  Used to preallocate
+** storage space.
+*/
+SQLITE_PRIVATE int sqlite3PcacheSize(void);
+
+/* One release per successful fetch.  Page is pinned until released.
+** Reference counted. 
+*/
+SQLITE_PRIVATE sqlite3_pcache_page *sqlite3PcacheFetch(PCache*, Pgno, int createFlag);
+SQLITE_PRIVATE int sqlite3PcacheFetchStress(PCache*, Pgno, sqlite3_pcache_page**);
+SQLITE_PRIVATE PgHdr *sqlite3PcacheFetchFinish(PCache*, Pgno, sqlite3_pcache_page *pPage);
+SQLITE_PRIVATE void sqlite3PcacheRelease(PgHdr*);
+
+SQLITE_PRIVATE void sqlite3PcacheDrop(PgHdr*);         /* Remove page from cache */
+SQLITE_PRIVATE void sqlite3PcacheMakeDirty(PgHdr*);    /* Make sure page is marked dirty */
+SQLITE_PRIVATE void sqlite3PcacheMakeClean(PgHdr*);    /* Mark a single page as clean */
+SQLITE_PRIVATE void sqlite3PcacheCleanAll(PCache*);    /* Mark all dirty list pages as clean */
+
+/* Change a page number.  Used by incr-vacuum. */
+SQLITE_PRIVATE void sqlite3PcacheMove(PgHdr*, Pgno);
+
+/* Remove all pages with pgno>x.  Reset the cache if x==0 */
+SQLITE_PRIVATE void sqlite3PcacheTruncate(PCache*, Pgno x);
+
+/* Get a list of all dirty pages in the cache, sorted by page number */
+SQLITE_PRIVATE PgHdr *sqlite3PcacheDirtyList(PCache*);
+
+/* Reset and close the cache object */
+SQLITE_PRIVATE void sqlite3PcacheClose(PCache*);
+
+/* Clear flags from pages of the page cache */
+SQLITE_PRIVATE void sqlite3PcacheClearSyncFlags(PCache *);
+
+/* Discard the contents of the cache */
+SQLITE_PRIVATE void sqlite3PcacheClear(PCache*);
+
+/* Return the total number of outstanding page references */
+SQLITE_PRIVATE int sqlite3PcacheRefCount(PCache*);
+
+/* Increment the reference count of an existing page */
+SQLITE_PRIVATE void sqlite3PcacheRef(PgHdr*);
+
+SQLITE_PRIVATE int sqlite3PcachePageRefcount(PgHdr*);
+
+/* Return the total number of pages stored in the cache */
+SQLITE_PRIVATE int sqlite3PcachePagecount(PCache*);
+
+#if defined(SQLITE_CHECK_PAGES) || defined(SQLITE_DEBUG)
+/* Iterate through all dirty pages currently stored in the cache. This
+** interface is only available if SQLITE_CHECK_PAGES is defined when the 
+** library is built.
+*/
+SQLITE_PRIVATE void sqlite3PcacheIterateDirty(PCache *pCache, void (*xIter)(PgHdr *));
+#endif
+
+/* Set and get the suggested cache-size for the specified pager-cache.
+**
+** If no global maximum is configured, then the system attempts to limit
+** the total number of pages cached by purgeable pager-caches to the sum
+** of the suggested cache-sizes.
+*/
+SQLITE_PRIVATE void sqlite3PcacheSetCachesize(PCache *, int);
+#ifdef SQLITE_TEST
+SQLITE_PRIVATE int sqlite3PcacheGetCachesize(PCache *);
+#endif
+
+/* Set or get the suggested spill-size for the specified pager-cache.
+**
+** The spill-size is the minimum number of pages in cache before the cache
+** will attempt to spill dirty pages by calling xStress.
+*/
+SQLITE_PRIVATE int sqlite3PcacheSetSpillsize(PCache *, int);
+
+/* Free up as much memory as possible from the page cache */
+SQLITE_PRIVATE void sqlite3PcacheShrink(PCache*);
+
+#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
+/* Try to return memory used by the pcache module to the main memory heap */
+SQLITE_PRIVATE int sqlite3PcacheReleaseMemory(int);
+#endif
+
+#ifdef SQLITE_TEST
+SQLITE_PRIVATE void sqlite3PcacheStats(int*,int*,int*,int*);
+#endif
+
+SQLITE_PRIVATE void sqlite3PCacheSetDefault(void);
+
+/* Return the header size */
+SQLITE_PRIVATE int sqlite3HeaderSizePcache(void);
+SQLITE_PRIVATE int sqlite3HeaderSizePcache1(void);
+
+#endif /* _PCACHE_H_ */
+
+/************** End of pcache.h **********************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+
+/************** Include os.h in the middle of sqliteInt.h ********************/
+/************** Begin file os.h **********************************************/
+/*
+** 2001 September 16
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This header file (together with is companion C source-code file
+** "os.c") attempt to abstract the underlying operating system so that
+** the SQLite library will work on both POSIX and windows systems.
+**
+** This header file is #include-ed by sqliteInt.h and thus ends up
+** being included by every source file.
+*/
+#ifndef _SQLITE_OS_H_
+#define _SQLITE_OS_H_
+
+/*
+** Attempt to automatically detect the operating system and setup the
+** necessary pre-processor macros for it.
+*/
+/************** Include os_setup.h in the middle of os.h *********************/
+/************** Begin file os_setup.h ****************************************/
+/*
+** 2013 November 25
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains pre-processor directives related to operating system
+** detection and/or setup.
+*/
+#ifndef _OS_SETUP_H_
+#define _OS_SETUP_H_
+
+/*
+** Figure out if we are dealing with Unix, Windows, or some other operating
+** system.
+**
+** After the following block of preprocess macros, all of SQLITE_OS_UNIX,
+** SQLITE_OS_WIN, and SQLITE_OS_OTHER will defined to either 1 or 0.  One of
+** the three will be 1.  The other two will be 0.
+*/
+#if defined(SQLITE_OS_OTHER)
+#  if SQLITE_OS_OTHER==1
+#    undef SQLITE_OS_UNIX
+#    define SQLITE_OS_UNIX 0
+#    undef SQLITE_OS_WIN
+#    define SQLITE_OS_WIN 0
+#  else
+#    undef SQLITE_OS_OTHER
+#  endif
+#endif
+#if !defined(SQLITE_OS_UNIX) && !defined(SQLITE_OS_OTHER)
+#  define SQLITE_OS_OTHER 0
+#  ifndef SQLITE_OS_WIN
+#    if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \
+        defined(__MINGW32__) || defined(__BORLANDC__)
+#      define SQLITE_OS_WIN 1
+#      define SQLITE_OS_UNIX 0
+#    else
+#      define SQLITE_OS_WIN 0
+#      define SQLITE_OS_UNIX 1
+#    endif
+#  else
+#    define SQLITE_OS_UNIX 0
+#  endif
+#else
+#  ifndef SQLITE_OS_WIN
+#    define SQLITE_OS_WIN 0
+#  endif
+#endif
+
+#endif /* _OS_SETUP_H_ */
+
+/************** End of os_setup.h ********************************************/
+/************** Continuing where we left off in os.h *************************/
+
+/* If the SET_FULLSYNC macro is not defined above, then make it
+** a no-op
+*/
+#ifndef SET_FULLSYNC
+# define SET_FULLSYNC(x,y)
+#endif
+
+/*
+** The default size of a disk sector
+*/
+#ifndef SQLITE_DEFAULT_SECTOR_SIZE
+# define SQLITE_DEFAULT_SECTOR_SIZE 4096
+#endif
+
+/*
+** Temporary files are named starting with this prefix followed by 16 random
+** alphanumeric characters, and no file extension. They are stored in the
+** OS's standard temporary file directory, and are deleted prior to exit.
+** If sqlite is being embedded in another program, you may wish to change the
+** prefix to reflect your program's name, so that if your program exits
+** prematurely, old temporary files can be easily identified. This can be done
+** using -DSQLITE_TEMP_FILE_PREFIX=myprefix_ on the compiler command line.
+**
+** 2006-10-31:  The default prefix used to be "sqlite_".  But then
+** Mcafee started using SQLite in their anti-virus product and it
+** started putting files with the "sqlite" name in the c:/temp folder.
+** This annoyed many windows users.  Those users would then do a 
+** Google search for "sqlite", find the telephone numbers of the
+** developers and call to wake them up at night and complain.
+** For this reason, the default name prefix is changed to be "sqlite" 
+** spelled backwards.  So the temp files are still identified, but
+** anybody smart enough to figure out the code is also likely smart
+** enough to know that calling the developer will not help get rid
+** of the file.
+*/
+#ifndef SQLITE_TEMP_FILE_PREFIX
+# define SQLITE_TEMP_FILE_PREFIX "etilqs_"
+#endif
+
+/*
+** The following values may be passed as the second argument to
+** sqlite3OsLock(). The various locks exhibit the following semantics:
+**
+** SHARED:    Any number of processes may hold a SHARED lock simultaneously.
+** RESERVED:  A single process may hold a RESERVED lock on a file at
+**            any time. Other processes may hold and obtain new SHARED locks.
+** PENDING:   A single process may hold a PENDING lock on a file at
+**            any one time. Existing SHARED locks may persist, but no new
+**            SHARED locks may be obtained by other processes.
+** EXCLUSIVE: An EXCLUSIVE lock precludes all other locks.
+**
+** PENDING_LOCK may not be passed directly to sqlite3OsLock(). Instead, a
+** process that requests an EXCLUSIVE lock may actually obtain a PENDING
+** lock. This can be upgraded to an EXCLUSIVE lock by a subsequent call to
+** sqlite3OsLock().
+*/
+#define NO_LOCK         0
+#define SHARED_LOCK     1
+#define RESERVED_LOCK   2
+#define PENDING_LOCK    3
+#define EXCLUSIVE_LOCK  4
+
+/*
+** File Locking Notes:  (Mostly about windows but also some info for Unix)
+**
+** We cannot use LockFileEx() or UnlockFileEx() on Win95/98/ME because
+** those functions are not available.  So we use only LockFile() and
+** UnlockFile().
+**
+** LockFile() prevents not just writing but also reading by other processes.
+** A SHARED_LOCK is obtained by locking a single randomly-chosen 
+** byte out of a specific range of bytes. The lock byte is obtained at 
+** random so two separate readers can probably access the file at the 
+** same time, unless they are unlucky and choose the same lock byte.
+** An EXCLUSIVE_LOCK is obtained by locking all bytes in the range.
+** There can only be one writer.  A RESERVED_LOCK is obtained by locking
+** a single byte of the file that is designated as the reserved lock byte.
+** A PENDING_LOCK is obtained by locking a designated byte different from
+** the RESERVED_LOCK byte.
+**
+** On WinNT/2K/XP systems, LockFileEx() and UnlockFileEx() are available,
+** which means we can use reader/writer locks.  When reader/writer locks
+** are used, the lock is placed on the same range of bytes that is used
+** for probabilistic locking in Win95/98/ME.  Hence, the locking scheme
+** will support two or more Win95 readers or two or more WinNT readers.
+** But a single Win95 reader will lock out all WinNT readers and a single
+** WinNT reader will lock out all other Win95 readers.
+**
+** The following #defines specify the range of bytes used for locking.
+** SHARED_SIZE is the number of bytes available in the pool from which
+** a random byte is selected for a shared lock.  The pool of bytes for
+** shared locks begins at SHARED_FIRST. 
+**
+** The same locking strategy and
+** byte ranges are used for Unix.  This leaves open the possibility of having
+** clients on win95, winNT, and unix all talking to the same shared file
+** and all locking correctly.  To do so would require that samba (or whatever
+** tool is being used for file sharing) implements locks correctly between
+** windows and unix.  I'm guessing that isn't likely to happen, but by
+** using the same locking range we are at least open to the possibility.
+**
+** Locking in windows is manditory.  For this reason, we cannot store
+** actual data in the bytes used for locking.  The pager never allocates
+** the pages involved in locking therefore.  SHARED_SIZE is selected so
+** that all locks will fit on a single page even at the minimum page size.
+** PENDING_BYTE defines the beginning of the locks.  By default PENDING_BYTE
+** is set high so that we don't have to allocate an unused page except
+** for very large databases.  But one should test the page skipping logic 
+** by setting PENDING_BYTE low and running the entire regression suite.
+**
+** Changing the value of PENDING_BYTE results in a subtly incompatible
+** file format.  Depending on how it is changed, you might not notice
+** the incompatibility right away, even running a full regression test.
+** The default location of PENDING_BYTE is the first byte past the
+** 1GB boundary.
+**
+*/
+#ifdef SQLITE_OMIT_WSD
+# define PENDING_BYTE     (0x40000000)
+#else
+# define PENDING_BYTE      sqlite3PendingByte
+#endif
+#define RESERVED_BYTE     (PENDING_BYTE+1)
+#define SHARED_FIRST      (PENDING_BYTE+2)
+#define SHARED_SIZE       510
+
+/*
+** Wrapper around OS specific sqlite3_os_init() function.
+*/
+SQLITE_PRIVATE int sqlite3OsInit(void);
+
+/* 
+** Functions for accessing sqlite3_file methods 
+*/
+SQLITE_PRIVATE int sqlite3OsClose(sqlite3_file*);
+SQLITE_PRIVATE int sqlite3OsRead(sqlite3_file*, void*, int amt, i64 offset);
+SQLITE_PRIVATE int sqlite3OsWrite(sqlite3_file*, const void*, int amt, i64 offset);
+SQLITE_PRIVATE int sqlite3OsTruncate(sqlite3_file*, i64 size);
+SQLITE_PRIVATE int sqlite3OsSync(sqlite3_file*, int);
+SQLITE_PRIVATE int sqlite3OsFileSize(sqlite3_file*, i64 *pSize);
+SQLITE_PRIVATE int sqlite3OsLock(sqlite3_file*, int);
+SQLITE_PRIVATE int sqlite3OsUnlock(sqlite3_file*, int);
+SQLITE_PRIVATE int sqlite3OsCheckReservedLock(sqlite3_file *id, int *pResOut);
+SQLITE_PRIVATE int sqlite3OsFileControl(sqlite3_file*,int,void*);
+SQLITE_PRIVATE void sqlite3OsFileControlHint(sqlite3_file*,int,void*);
+#define SQLITE_FCNTL_DB_UNCHANGED 0xca093fa0
+SQLITE_PRIVATE int sqlite3OsSectorSize(sqlite3_file *id);
+SQLITE_PRIVATE int sqlite3OsDeviceCharacteristics(sqlite3_file *id);
+SQLITE_PRIVATE int sqlite3OsShmMap(sqlite3_file *,int,int,int,void volatile **);
+SQLITE_PRIVATE int sqlite3OsShmLock(sqlite3_file *id, int, int, int);
+SQLITE_PRIVATE void sqlite3OsShmBarrier(sqlite3_file *id);
+SQLITE_PRIVATE int sqlite3OsShmUnmap(sqlite3_file *id, int);
+SQLITE_PRIVATE int sqlite3OsFetch(sqlite3_file *id, i64, int, void **);
+SQLITE_PRIVATE int sqlite3OsUnfetch(sqlite3_file *, i64, void *);
+
+
+/* 
+** Functions for accessing sqlite3_vfs methods 
+*/
+SQLITE_PRIVATE int sqlite3OsOpen(sqlite3_vfs *, const char *, sqlite3_file*, int, int *);
+SQLITE_PRIVATE int sqlite3OsDelete(sqlite3_vfs *, const char *, int);
+SQLITE_PRIVATE int sqlite3OsAccess(sqlite3_vfs *, const char *, int, int *pResOut);
+SQLITE_PRIVATE int sqlite3OsFullPathname(sqlite3_vfs *, const char *, int, char *);
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+SQLITE_PRIVATE void *sqlite3OsDlOpen(sqlite3_vfs *, const char *);
+SQLITE_PRIVATE void sqlite3OsDlError(sqlite3_vfs *, int, char *);
+SQLITE_PRIVATE void (*sqlite3OsDlSym(sqlite3_vfs *, void *, const char *))(void);
+SQLITE_PRIVATE void sqlite3OsDlClose(sqlite3_vfs *, void *);
+#endif /* SQLITE_OMIT_LOAD_EXTENSION */
+SQLITE_PRIVATE int sqlite3OsRandomness(sqlite3_vfs *, int, char *);
+SQLITE_PRIVATE int sqlite3OsSleep(sqlite3_vfs *, int);
+SQLITE_PRIVATE int sqlite3OsCurrentTimeInt64(sqlite3_vfs *, sqlite3_int64*);
+
+/*
+** Convenience functions for opening and closing files using 
+** sqlite3_malloc() to obtain space for the file-handle structure.
+*/
+SQLITE_PRIVATE int sqlite3OsOpenMalloc(sqlite3_vfs *, const char *, sqlite3_file **, int,int*);
+SQLITE_PRIVATE int sqlite3OsCloseFree(sqlite3_file *);
+
+#endif /* _SQLITE_OS_H_ */
+
+/************** End of os.h **************************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+/************** Include mutex.h in the middle of sqliteInt.h *****************/
+/************** Begin file mutex.h *******************************************/
+/*
+** 2007 August 28
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains the common header for all mutex implementations.
+** The sqliteInt.h header #includes this file so that it is available
+** to all source files.  We break it out in an effort to keep the code
+** better organized.
+**
+** NOTE:  source files should *not* #include this header file directly.
+** Source files should #include the sqliteInt.h file and let that file
+** include this one indirectly.
+*/
+
+
+/*
+** Figure out what version of the code to use.  The choices are
+**
+**   SQLITE_MUTEX_OMIT         No mutex logic.  Not even stubs.  The
+**                             mutexes implementation cannot be overridden
+**                             at start-time.
+**
+**   SQLITE_MUTEX_NOOP         For single-threaded applications.  No
+**                             mutual exclusion is provided.  But this
+**                             implementation can be overridden at
+**                             start-time.
+**
+**   SQLITE_MUTEX_PTHREADS     For multi-threaded applications on Unix.
+**
+**   SQLITE_MUTEX_W32          For multi-threaded applications on Win32.
+*/
+#if !SQLITE_THREADSAFE
+# define SQLITE_MUTEX_OMIT
+#endif
+#if SQLITE_THREADSAFE && !defined(SQLITE_MUTEX_NOOP)
+#  if SQLITE_OS_UNIX
+#    define SQLITE_MUTEX_PTHREADS
+#  elif SQLITE_OS_WIN
+#    define SQLITE_MUTEX_W32
+#  else
+#    define SQLITE_MUTEX_NOOP
+#  endif
+#endif
+
+#ifdef SQLITE_MUTEX_OMIT
+/*
+** If this is a no-op implementation, implement everything as macros.
+*/
+#define sqlite3_mutex_alloc(X)    ((sqlite3_mutex*)8)
+#define sqlite3_mutex_free(X)
+#define sqlite3_mutex_enter(X)    
+#define sqlite3_mutex_try(X)      SQLITE_OK
+#define sqlite3_mutex_leave(X)    
+#define sqlite3_mutex_held(X)     ((void)(X),1)
+#define sqlite3_mutex_notheld(X)  ((void)(X),1)
+#define sqlite3MutexAlloc(X)      ((sqlite3_mutex*)8)
+#define sqlite3MutexInit()        SQLITE_OK
+#define sqlite3MutexEnd()
+#define MUTEX_LOGIC(X)
+#else
+#define MUTEX_LOGIC(X)            X
+#endif /* defined(SQLITE_MUTEX_OMIT) */
+
+/************** End of mutex.h ***********************************************/
+/************** Continuing where we left off in sqliteInt.h ******************/
+
+
+/*
+** Each database file to be accessed by the system is an instance
+** of the following structure.  There are normally two of these structures
+** in the sqlite.aDb[] array.  aDb[0] is the main database file and
+** aDb[1] is the database file used to hold temporary tables.  Additional
+** databases may be attached.
+*/
+struct Db {
+  char *zName;         /* Name of this database */
+  Btree *pBt;          /* The B*Tree structure for this database file */
+  u8 safety_level;     /* How aggressive at syncing data to disk */
+  Schema *pSchema;     /* Pointer to database schema (possibly shared) */
+};
+
+/*
+** An instance of the following structure stores a database schema.
+**
+** Most Schema objects are associated with a Btree.  The exception is
+** the Schema for the TEMP databaes (sqlite3.aDb[1]) which is free-standing.
+** In shared cache mode, a single Schema object can be shared by multiple
+** Btrees that refer to the same underlying BtShared object.
+** 
+** Schema objects are automatically deallocated when the last Btree that
+** references them is destroyed.   The TEMP Schema is manually freed by
+** sqlite3_close().
+*
+** A thread must be holding a mutex on the corresponding Btree in order
+** to access Schema content.  This implies that the thread must also be
+** holding a mutex on the sqlite3 connection pointer that owns the Btree.
+** For a TEMP Schema, only the connection mutex is required.
+*/
+struct Schema {
+  int schema_cookie;   /* Database schema version number for this file */
+  int iGeneration;     /* Generation counter.  Incremented with each change */
+  Hash tblHash;        /* All tables indexed by name */
+  Hash idxHash;        /* All (named) indices indexed by name */
+  Hash trigHash;       /* All triggers indexed by name */
+  Hash fkeyHash;       /* All foreign keys by referenced table name */
+  Table *pSeqTab;      /* The sqlite_sequence table used by AUTOINCREMENT */
+  u8 file_format;      /* Schema format version for this file */
+  u8 enc;              /* Text encoding used by this database */
+  u16 schemaFlags;     /* Flags associated with this schema */
+  int cache_size;      /* Number of pages to use in the cache */
+};
+
+/*
+** These macros can be used to test, set, or clear bits in the 
+** Db.pSchema->flags field.
+*/
+#define DbHasProperty(D,I,P)     (((D)->aDb[I].pSchema->schemaFlags&(P))==(P))
+#define DbHasAnyProperty(D,I,P)  (((D)->aDb[I].pSchema->schemaFlags&(P))!=0)
+#define DbSetProperty(D,I,P)     (D)->aDb[I].pSchema->schemaFlags|=(P)
+#define DbClearProperty(D,I,P)   (D)->aDb[I].pSchema->schemaFlags&=~(P)
+
+/*
+** Allowed values for the DB.pSchema->flags field.
+**
+** The DB_SchemaLoaded flag is set after the database schema has been
+** read into internal hash tables.
+**
+** DB_UnresetViews means that one or more views have column names that
+** have been filled out.  If the schema changes, these column names might
+** changes and so the view will need to be reset.
+*/
+#define DB_SchemaLoaded    0x0001  /* The schema has been loaded */
+#define DB_UnresetViews    0x0002  /* Some views have defined column names */
+#define DB_Empty           0x0004  /* The file is empty (length 0 bytes) */
+
+/*
+** The number of different kinds of things that can be limited
+** using the sqlite3_limit() interface.
+*/
+#define SQLITE_N_LIMIT (SQLITE_LIMIT_WORKER_THREADS+1)
+
+/*
+** Lookaside malloc is a set of fixed-size buffers that can be used
+** to satisfy small transient memory allocation requests for objects
+** associated with a particular database connection.  The use of
+** lookaside malloc provides a significant performance enhancement
+** (approx 10%) by avoiding numerous malloc/free requests while parsing
+** SQL statements.
+**
+** The Lookaside structure holds configuration information about the
+** lookaside malloc subsystem.  Each available memory allocation in
+** the lookaside subsystem is stored on a linked list of LookasideSlot
+** objects.
+**
+** Lookaside allocations are only allowed for objects that are associated
+** with a particular database connection.  Hence, schema information cannot
+** be stored in lookaside because in shared cache mode the schema information
+** is shared by multiple database connections.  Therefore, while parsing
+** schema information, the Lookaside.bEnabled flag is cleared so that
+** lookaside allocations are not used to construct the schema objects.
+*/
+struct Lookaside {
+  u16 sz;                 /* Size of each buffer in bytes */
+  u8 bEnabled;            /* False to disable new lookaside allocations */
+  u8 bMalloced;           /* True if pStart obtained from sqlite3_malloc() */
+  int nOut;               /* Number of buffers currently checked out */
+  int mxOut;              /* Highwater mark for nOut */
+  int anStat[3];          /* 0: hits.  1: size misses.  2: full misses */
+  LookasideSlot *pFree;   /* List of available buffers */
+  void *pStart;           /* First byte of available memory space */
+  void *pEnd;             /* First byte past end of available space */
+};
+struct LookasideSlot {
+  LookasideSlot *pNext;    /* Next buffer in the list of free buffers */
+};
+
+/*
+** A hash table for function definitions.
+**
+** Hash each FuncDef structure into one of the FuncDefHash.a[] slots.
+** Collisions are on the FuncDef.pHash chain.
+*/
+struct FuncDefHash {
+  FuncDef *a[23];       /* Hash table for functions */
+};
+
+#ifdef SQLITE_USER_AUTHENTICATION
+/*
+** Information held in the "sqlite3" database connection object and used
+** to manage user authentication.
+*/
+typedef struct sqlite3_userauth sqlite3_userauth;
+struct sqlite3_userauth {
+  u8 authLevel;                 /* Current authentication level */
+  int nAuthPW;                  /* Size of the zAuthPW in bytes */
+  char *zAuthPW;                /* Password used to authenticate */
+  char *zAuthUser;              /* User name used to authenticate */
+};
+
+/* Allowed values for sqlite3_userauth.authLevel */
+#define UAUTH_Unknown     0     /* Authentication not yet checked */
+#define UAUTH_Fail        1     /* User authentication failed */
+#define UAUTH_User        2     /* Authenticated as a normal user */
+#define UAUTH_Admin       3     /* Authenticated as an administrator */
+
+/* Functions used only by user authorization logic */
+SQLITE_PRIVATE int sqlite3UserAuthTable(const char*);
+SQLITE_PRIVATE int sqlite3UserAuthCheckLogin(sqlite3*,const char*,u8*);
+SQLITE_PRIVATE void sqlite3UserAuthInit(sqlite3*);
+SQLITE_PRIVATE void sqlite3CryptFunc(sqlite3_context*,int,sqlite3_value**);
+
+#endif /* SQLITE_USER_AUTHENTICATION */
+
+/*
+** typedef for the authorization callback function.
+*/
+#ifdef SQLITE_USER_AUTHENTICATION
+  typedef int (*sqlite3_xauth)(void*,int,const char*,const char*,const char*,
+                               const char*, const char*);
+#else
+  typedef int (*sqlite3_xauth)(void*,int,const char*,const char*,const char*,
+                               const char*);
+#endif
+
+
+/*
+** Each database connection is an instance of the following structure.
+*/
+struct sqlite3 {
+  sqlite3_vfs *pVfs;            /* OS Interface */
+  struct Vdbe *pVdbe;           /* List of active virtual machines */
+  CollSeq *pDfltColl;           /* The default collating sequence (BINARY) */
+  sqlite3_mutex *mutex;         /* Connection mutex */
+  Db *aDb;                      /* All backends */
+  int nDb;                      /* Number of backends currently in use */
+  int flags;                    /* Miscellaneous flags. See below */
+  i64 lastRowid;                /* ROWID of most recent insert (see above) */
+  i64 szMmap;                   /* Default mmap_size setting */
+  unsigned int openFlags;       /* Flags passed to sqlite3_vfs.xOpen() */
+  int errCode;                  /* Most recent error code (SQLITE_*) */
+  int errMask;                  /* & result codes with this before returning */
+  u16 dbOptFlags;               /* Flags to enable/disable optimizations */
+  u8 enc;                       /* Text encoding */
+  u8 autoCommit;                /* The auto-commit flag. */
+  u8 temp_store;                /* 1: file 2: memory 0: default */
+  u8 mallocFailed;              /* True if we have seen a malloc failure */
+  u8 dfltLockMode;              /* Default locking-mode for attached dbs */
+  signed char nextAutovac;      /* Autovac setting after VACUUM if >=0 */
+  u8 suppressErr;               /* Do not issue error messages if true */
+  u8 vtabOnConflict;            /* Value to return for s3_vtab_on_conflict() */
+  u8 isTransactionSavepoint;    /* True if the outermost savepoint is a TS */
+  int nextPagesize;             /* Pagesize after VACUUM if >0 */
+  u32 magic;                    /* Magic number for detect library misuse */
+  int nChange;                  /* Value returned by sqlite3_changes() */
+  int nTotalChange;             /* Value returned by sqlite3_total_changes() */
+  int aLimit[SQLITE_N_LIMIT];   /* Limits */
+  int nMaxSorterMmap;           /* Maximum size of regions mapped by sorter */
+  struct sqlite3InitInfo {      /* Information used during initialization */
+    int newTnum;                /* Rootpage of table being initialized */
+    u8 iDb;                     /* Which db file is being initialized */
+    u8 busy;                    /* TRUE if currently initializing */
+    u8 orphanTrigger;           /* Last statement is orphaned TEMP trigger */
+    u8 imposterTable;           /* Building an imposter table */
+  } init;
+  int nVdbeActive;              /* Number of VDBEs currently running */
+  int nVdbeRead;                /* Number of active VDBEs that read or write */
+  int nVdbeWrite;               /* Number of active VDBEs that read and write */
+  int nVdbeExec;                /* Number of nested calls to VdbeExec() */
+  int nVDestroy;                /* Number of active OP_VDestroy operations */
+  int nExtension;               /* Number of loaded extensions */
+  void **aExtension;            /* Array of shared library handles */
+  void (*xTrace)(void*,const char*);        /* Trace function */
+  void *pTraceArg;                          /* Argument to the trace function */
+  void (*xProfile)(void*,const char*,u64);  /* Profiling function */
+  void *pProfileArg;                        /* Argument to profile function */
+  void *pCommitArg;                 /* Argument to xCommitCallback() */   
+  int (*xCommitCallback)(void*);    /* Invoked at every commit. */
+  void *pRollbackArg;               /* Argument to xRollbackCallback() */   
+  void (*xRollbackCallback)(void*); /* Invoked at every commit. */
+  void *pUpdateArg;
+  void (*xUpdateCallback)(void*,int, const char*,const char*,sqlite_int64);
+#ifndef SQLITE_OMIT_WAL
+  int (*xWalCallback)(void *, sqlite3 *, const char *, int);
+  void *pWalArg;
+#endif
+  void(*xCollNeeded)(void*,sqlite3*,int eTextRep,const char*);
+  void(*xCollNeeded16)(void*,sqlite3*,int eTextRep,const void*);
+  void *pCollNeededArg;
+  sqlite3_value *pErr;          /* Most recent error message */
+  union {
+    volatile int isInterrupted; /* True if sqlite3_interrupt has been called */
+    double notUsed1;            /* Spacer */
+  } u1;
+  Lookaside lookaside;          /* Lookaside malloc configuration */
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  sqlite3_xauth xAuth;          /* Access authorization function */
+  void *pAuthArg;               /* 1st argument to the access auth function */
+#endif
+#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
+  int (*xProgress)(void *);     /* The progress callback */
+  void *pProgressArg;           /* Argument to the progress callback */
+  unsigned nProgressOps;        /* Number of opcodes for progress callback */
+#endif
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  int nVTrans;                  /* Allocated size of aVTrans */
+  Hash aModule;                 /* populated by sqlite3_create_module() */
+  VtabCtx *pVtabCtx;            /* Context for active vtab connect/create */
+  VTable **aVTrans;             /* Virtual tables with open transactions */
+  VTable *pDisconnect;    /* Disconnect these in next sqlite3_prepare() */
+#endif
+  FuncDefHash aFunc;            /* Hash table of connection functions */
+  Hash aCollSeq;                /* All collating sequences */
+  BusyHandler busyHandler;      /* Busy callback */
+  Db aDbStatic[2];              /* Static space for the 2 default backends */
+  Savepoint *pSavepoint;        /* List of active savepoints */
+  int busyTimeout;              /* Busy handler timeout, in msec */
+  int nSavepoint;               /* Number of non-transaction savepoints */
+  int nStatement;               /* Number of nested statement-transactions  */
+  i64 nDeferredCons;            /* Net deferred constraints this transaction. */
+  i64 nDeferredImmCons;         /* Net deferred immediate constraints */
+  int *pnBytesFreed;            /* If not NULL, increment this in DbFree() */
+#ifdef SQLITE_ENABLE_UNLOCK_NOTIFY
+  /* The following variables are all protected by the STATIC_MASTER 
+  ** mutex, not by sqlite3.mutex. They are used by code in notify.c. 
+  **
+  ** When X.pUnlockConnection==Y, that means that X is waiting for Y to
+  ** unlock so that it can proceed.
+  **
+  ** When X.pBlockingConnection==Y, that means that something that X tried
+  ** tried to do recently failed with an SQLITE_LOCKED error due to locks
+  ** held by Y.
+  */
+  sqlite3 *pBlockingConnection; /* Connection that caused SQLITE_LOCKED */
+  sqlite3 *pUnlockConnection;           /* Connection to watch for unlock */
+  void *pUnlockArg;                     /* Argument to xUnlockNotify */
+  void (*xUnlockNotify)(void **, int);  /* Unlock notify callback */
+  sqlite3 *pNextBlocked;        /* Next in list of all blocked connections */
+#endif
+#ifdef SQLITE_USER_AUTHENTICATION
+  sqlite3_userauth auth;        /* User authentication information */
+#endif
+};
+
+/*
+** A macro to discover the encoding of a database.
+*/
+#define SCHEMA_ENC(db) ((db)->aDb[0].pSchema->enc)
+#define ENC(db)        ((db)->enc)
+
+/*
+** Possible values for the sqlite3.flags.
+*/
+#define SQLITE_VdbeTrace      0x00000001  /* True to trace VDBE execution */
+#define SQLITE_InternChanges  0x00000002  /* Uncommitted Hash table changes */
+#define SQLITE_FullFSync      0x00000004  /* Use full fsync on the backend */
+#define SQLITE_CkptFullFSync  0x00000008  /* Use full fsync for checkpoint */
+#define SQLITE_CacheSpill     0x00000010  /* OK to spill pager cache */
+#define SQLITE_FullColNames   0x00000020  /* Show full column names on SELECT */
+#define SQLITE_ShortColNames  0x00000040  /* Show short columns names */
+#define SQLITE_CountRows      0x00000080  /* Count rows changed by INSERT, */
+                                          /*   DELETE, or UPDATE and return */
+                                          /*   the count using a callback. */
+#define SQLITE_NullCallback   0x00000100  /* Invoke the callback once if the */
+                                          /*   result set is empty */
+#define SQLITE_SqlTrace       0x00000200  /* Debug print SQL as it executes */
+#define SQLITE_VdbeListing    0x00000400  /* Debug listings of VDBE programs */
+#define SQLITE_WriteSchema    0x00000800  /* OK to update SQLITE_MASTER */
+#define SQLITE_VdbeAddopTrace 0x00001000  /* Trace sqlite3VdbeAddOp() calls */
+#define SQLITE_IgnoreChecks   0x00002000  /* Do not enforce check constraints */
+#define SQLITE_ReadUncommitted 0x0004000  /* For shared-cache mode */
+#define SQLITE_LegacyFileFmt  0x00008000  /* Create new databases in format 1 */
+#define SQLITE_RecoveryMode   0x00010000  /* Ignore schema errors */
+#define SQLITE_ReverseOrder   0x00020000  /* Reverse unordered SELECTs */
+#define SQLITE_RecTriggers    0x00040000  /* Enable recursive triggers */
+#define SQLITE_ForeignKeys    0x00080000  /* Enforce foreign key constraints  */
+#define SQLITE_AutoIndex      0x00100000  /* Enable automatic indexes */
+#define SQLITE_PreferBuiltin  0x00200000  /* Preference to built-in funcs */
+#define SQLITE_LoadExtension  0x00400000  /* Enable load_extension */
+#define SQLITE_EnableTrigger  0x00800000  /* True to enable triggers */
+#define SQLITE_DeferFKs       0x01000000  /* Defer all FK constraints */
+#define SQLITE_QueryOnly      0x02000000  /* Disable database changes */
+#define SQLITE_VdbeEQP        0x04000000  /* Debug EXPLAIN QUERY PLAN */
+#define SQLITE_Vacuum         0x08000000  /* Currently in a VACUUM */
+#define SQLITE_CellSizeCk     0x10000000  /* Check btree cell sizes on load */
+
+
+/*
+** Bits of the sqlite3.dbOptFlags field that are used by the
+** sqlite3_test_control(SQLITE_TESTCTRL_OPTIMIZATIONS,...) interface to
+** selectively disable various optimizations.
+*/
+#define SQLITE_QueryFlattener 0x0001   /* Query flattening */
+#define SQLITE_ColumnCache    0x0002   /* Column cache */
+#define SQLITE_GroupByOrder   0x0004   /* GROUPBY cover of ORDERBY */
+#define SQLITE_FactorOutConst 0x0008   /* Constant factoring */
+/*                not used    0x0010   // Was: SQLITE_IdxRealAsInt */
+#define SQLITE_DistinctOpt    0x0020   /* DISTINCT using indexes */
+#define SQLITE_CoverIdxScan   0x0040   /* Covering index scans */
+#define SQLITE_OrderByIdxJoin 0x0080   /* ORDER BY of joins via index */
+#define SQLITE_SubqCoroutine  0x0100   /* Evaluate subqueries as coroutines */
+#define SQLITE_Transitive     0x0200   /* Transitive constraints */
+#define SQLITE_OmitNoopJoin   0x0400   /* Omit unused tables in joins */
+#define SQLITE_Stat34         0x0800   /* Use STAT3 or STAT4 data */
+#define SQLITE_CursorHints    0x2000   /* Add OP_CursorHint opcodes */
+#define SQLITE_AllOpts        0xffff   /* All optimizations */
+
+/*
+** Macros for testing whether or not optimizations are enabled or disabled.
+*/
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+#define OptimizationDisabled(db, mask)  (((db)->dbOptFlags&(mask))!=0)
+#define OptimizationEnabled(db, mask)   (((db)->dbOptFlags&(mask))==0)
+#else
+#define OptimizationDisabled(db, mask)  0
+#define OptimizationEnabled(db, mask)   1
+#endif
+
+/*
+** Return true if it OK to factor constant expressions into the initialization
+** code. The argument is a Parse object for the code generator.
+*/
+#define ConstFactorOk(P) ((P)->okConstFactor)
+
+/*
+** Possible values for the sqlite.magic field.
+** The numbers are obtained at random and have no special meaning, other
+** than being distinct from one another.
+*/
+#define SQLITE_MAGIC_OPEN     0xa029a697  /* Database is open */
+#define SQLITE_MAGIC_CLOSED   0x9f3c2d33  /* Database is closed */
+#define SQLITE_MAGIC_SICK     0x4b771290  /* Error and awaiting close */
+#define SQLITE_MAGIC_BUSY     0xf03b7906  /* Database currently in use */
+#define SQLITE_MAGIC_ERROR    0xb5357930  /* An SQLITE_MISUSE error occurred */
+#define SQLITE_MAGIC_ZOMBIE   0x64cffc7f  /* Close with last statement close */
+
+/*
+** Each SQL function is defined by an instance of the following
+** structure.  A pointer to this structure is stored in the sqlite.aFunc
+** hash table.  When multiple functions have the same name, the hash table
+** points to a linked list of these structures.
+*/
+struct FuncDef {
+  i16 nArg;            /* Number of arguments.  -1 means unlimited */
+  u16 funcFlags;       /* Some combination of SQLITE_FUNC_* */
+  void *pUserData;     /* User data parameter */
+  FuncDef *pNext;      /* Next function with same name */
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**); /* Regular function */
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**); /* Aggregate step */
+  void (*xFinalize)(sqlite3_context*);                /* Aggregate finalizer */
+  char *zName;         /* SQL name of the function. */
+  FuncDef *pHash;      /* Next with a different name but the same hash */
+  FuncDestructor *pDestructor;   /* Reference counted destructor function */
+};
+
+/*
+** This structure encapsulates a user-function destructor callback (as
+** configured using create_function_v2()) and a reference counter. When
+** create_function_v2() is called to create a function with a destructor,
+** a single object of this type is allocated. FuncDestructor.nRef is set to 
+** the number of FuncDef objects created (either 1 or 3, depending on whether
+** or not the specified encoding is SQLITE_ANY). The FuncDef.pDestructor
+** member of each of the new FuncDef objects is set to point to the allocated
+** FuncDestructor.
+**
+** Thereafter, when one of the FuncDef objects is deleted, the reference
+** count on this object is decremented. When it reaches 0, the destructor
+** is invoked and the FuncDestructor structure freed.
+*/
+struct FuncDestructor {
+  int nRef;
+  void (*xDestroy)(void *);
+  void *pUserData;
+};
+
+/*
+** Possible values for FuncDef.flags.  Note that the _LENGTH and _TYPEOF
+** values must correspond to OPFLAG_LENGTHARG and OPFLAG_TYPEOFARG.  And
+** SQLITE_FUNC_CONSTANT must be the same as SQLITE_DETERMINISTIC.  There
+** are assert() statements in the code to verify this.
+*/
+#define SQLITE_FUNC_ENCMASK  0x0003 /* SQLITE_UTF8, SQLITE_UTF16BE or UTF16LE */
+#define SQLITE_FUNC_LIKE     0x0004 /* Candidate for the LIKE optimization */
+#define SQLITE_FUNC_CASE     0x0008 /* Case-sensitive LIKE-type function */
+#define SQLITE_FUNC_EPHEM    0x0010 /* Ephemeral.  Delete with VDBE */
+#define SQLITE_FUNC_NEEDCOLL 0x0020 /* sqlite3GetFuncCollSeq() might be called*/
+#define SQLITE_FUNC_LENGTH   0x0040 /* Built-in length() function */
+#define SQLITE_FUNC_TYPEOF   0x0080 /* Built-in typeof() function */
+#define SQLITE_FUNC_COUNT    0x0100 /* Built-in count(*) aggregate */
+#define SQLITE_FUNC_COALESCE 0x0200 /* Built-in coalesce() or ifnull() */
+#define SQLITE_FUNC_UNLIKELY 0x0400 /* Built-in unlikely() function */
+#define SQLITE_FUNC_CONSTANT 0x0800 /* Constant inputs give a constant output */
+#define SQLITE_FUNC_MINMAX   0x1000 /* True for min() and max() aggregates */
+#define SQLITE_FUNC_SLOCHNG  0x2000 /* "Slow Change". Value constant during a
+                                    ** single query - might change over time */
+
+/*
+** The following three macros, FUNCTION(), LIKEFUNC() and AGGREGATE() are
+** used to create the initializers for the FuncDef structures.
+**
+**   FUNCTION(zName, nArg, iArg, bNC, xFunc)
+**     Used to create a scalar function definition of a function zName 
+**     implemented by C function xFunc that accepts nArg arguments. The
+**     value passed as iArg is cast to a (void*) and made available
+**     as the user-data (sqlite3_user_data()) for the function. If 
+**     argument bNC is true, then the SQLITE_FUNC_NEEDCOLL flag is set.
+**
+**   VFUNCTION(zName, nArg, iArg, bNC, xFunc)
+**     Like FUNCTION except it omits the SQLITE_FUNC_CONSTANT flag.
+**
+**   DFUNCTION(zName, nArg, iArg, bNC, xFunc)
+**     Like FUNCTION except it omits the SQLITE_FUNC_CONSTANT flag and
+**     adds the SQLITE_FUNC_SLOCHNG flag.  Used for date & time functions
+**     and functions like sqlite_version() that can change, but not during
+**     a single query.
+**
+**   AGGREGATE(zName, nArg, iArg, bNC, xStep, xFinal)
+**     Used to create an aggregate function definition implemented by
+**     the C functions xStep and xFinal. The first four parameters
+**     are interpreted in the same way as the first 4 parameters to
+**     FUNCTION().
+**
+**   LIKEFUNC(zName, nArg, pArg, flags)
+**     Used to create a scalar function definition of a function zName 
+**     that accepts nArg arguments and is implemented by a call to C 
+**     function likeFunc. Argument pArg is cast to a (void *) and made
+**     available as the function user-data (sqlite3_user_data()). The
+**     FuncDef.flags variable is set to the value passed as the flags
+**     parameter.
+*/
+#define FUNCTION(zName, nArg, iArg, bNC, xFunc) \
+  {nArg, SQLITE_FUNC_CONSTANT|SQLITE_UTF8|(bNC*SQLITE_FUNC_NEEDCOLL), \
+   SQLITE_INT_TO_PTR(iArg), 0, xFunc, 0, 0, #zName, 0, 0}
+#define VFUNCTION(zName, nArg, iArg, bNC, xFunc) \
+  {nArg, SQLITE_UTF8|(bNC*SQLITE_FUNC_NEEDCOLL), \
+   SQLITE_INT_TO_PTR(iArg), 0, xFunc, 0, 0, #zName, 0, 0}
+#define DFUNCTION(zName, nArg, iArg, bNC, xFunc) \
+  {nArg, SQLITE_FUNC_SLOCHNG|SQLITE_UTF8|(bNC*SQLITE_FUNC_NEEDCOLL), \
+   SQLITE_INT_TO_PTR(iArg), 0, xFunc, 0, 0, #zName, 0, 0}
+#define FUNCTION2(zName, nArg, iArg, bNC, xFunc, extraFlags) \
+  {nArg,SQLITE_FUNC_CONSTANT|SQLITE_UTF8|(bNC*SQLITE_FUNC_NEEDCOLL)|extraFlags,\
+   SQLITE_INT_TO_PTR(iArg), 0, xFunc, 0, 0, #zName, 0, 0}
+#define STR_FUNCTION(zName, nArg, pArg, bNC, xFunc) \
+  {nArg, SQLITE_FUNC_SLOCHNG|SQLITE_UTF8|(bNC*SQLITE_FUNC_NEEDCOLL), \
+   pArg, 0, xFunc, 0, 0, #zName, 0, 0}
+#define LIKEFUNC(zName, nArg, arg, flags) \
+  {nArg, SQLITE_FUNC_CONSTANT|SQLITE_UTF8|flags, \
+   (void *)arg, 0, likeFunc, 0, 0, #zName, 0, 0}
+#define AGGREGATE(zName, nArg, arg, nc, xStep, xFinal) \
+  {nArg, SQLITE_UTF8|(nc*SQLITE_FUNC_NEEDCOLL), \
+   SQLITE_INT_TO_PTR(arg), 0, 0, xStep,xFinal,#zName,0,0}
+#define AGGREGATE2(zName, nArg, arg, nc, xStep, xFinal, extraFlags) \
+  {nArg, SQLITE_UTF8|(nc*SQLITE_FUNC_NEEDCOLL)|extraFlags, \
+   SQLITE_INT_TO_PTR(arg), 0, 0, xStep,xFinal,#zName,0,0}
+
+/*
+** All current savepoints are stored in a linked list starting at
+** sqlite3.pSavepoint. The first element in the list is the most recently
+** opened savepoint. Savepoints are added to the list by the vdbe
+** OP_Savepoint instruction.
+*/
+struct Savepoint {
+  char *zName;                        /* Savepoint name (nul-terminated) */
+  i64 nDeferredCons;                  /* Number of deferred fk violations */
+  i64 nDeferredImmCons;               /* Number of deferred imm fk. */
+  Savepoint *pNext;                   /* Parent savepoint (if any) */
+};
+
+/*
+** The following are used as the second parameter to sqlite3Savepoint(),
+** and as the P1 argument to the OP_Savepoint instruction.
+*/
+#define SAVEPOINT_BEGIN      0
+#define SAVEPOINT_RELEASE    1
+#define SAVEPOINT_ROLLBACK   2
+
+
+/*
+** Each SQLite module (virtual table definition) is defined by an
+** instance of the following structure, stored in the sqlite3.aModule
+** hash table.
+*/
+struct Module {
+  const sqlite3_module *pModule;       /* Callback pointers */
+  const char *zName;                   /* Name passed to create_module() */
+  void *pAux;                          /* pAux passed to create_module() */
+  void (*xDestroy)(void *);            /* Module destructor function */
+  Table *pEpoTab;                      /* Eponymous table for this module */
+};
+
+/*
+** information about each column of an SQL table is held in an instance
+** of this structure.
+*/
+struct Column {
+  char *zName;     /* Name of this column */
+  Expr *pDflt;     /* Default value of this column */
+  char *zDflt;     /* Original text of the default value */
+  char *zType;     /* Data type for this column */
+  char *zColl;     /* Collating sequence.  If NULL, use the default */
+  u8 notNull;      /* An OE_ code for handling a NOT NULL constraint */
+  char affinity;   /* One of the SQLITE_AFF_... values */
+  u8 szEst;        /* Estimated size of value in this column. sizeof(INT)==1 */
+  u8 colFlags;     /* Boolean properties.  See COLFLAG_ defines below */
+};
+
+/* Allowed values for Column.colFlags:
+*/
+#define COLFLAG_PRIMKEY  0x0001    /* Column is part of the primary key */
+#define COLFLAG_HIDDEN   0x0002    /* A hidden column in a virtual table */
+
+/*
+** A "Collating Sequence" is defined by an instance of the following
+** structure. Conceptually, a collating sequence consists of a name and
+** a comparison routine that defines the order of that sequence.
+**
+** If CollSeq.xCmp is NULL, it means that the
+** collating sequence is undefined.  Indices built on an undefined
+** collating sequence may not be read or written.
+*/
+struct CollSeq {
+  char *zName;          /* Name of the collating sequence, UTF-8 encoded */
+  u8 enc;               /* Text encoding handled by xCmp() */
+  void *pUser;          /* First argument to xCmp() */
+  int (*xCmp)(void*,int, const void*, int, const void*);
+  void (*xDel)(void*);  /* Destructor for pUser */
+};
+
+/*
+** A sort order can be either ASC or DESC.
+*/
+#define SQLITE_SO_ASC       0  /* Sort in ascending order */
+#define SQLITE_SO_DESC      1  /* Sort in ascending order */
+#define SQLITE_SO_UNDEFINED -1 /* No sort order specified */
+
+/*
+** Column affinity types.
+**
+** These used to have mnemonic name like 'i' for SQLITE_AFF_INTEGER and
+** 't' for SQLITE_AFF_TEXT.  But we can save a little space and improve
+** the speed a little by numbering the values consecutively.  
+**
+** But rather than start with 0 or 1, we begin with 'A'.  That way,
+** when multiple affinity types are concatenated into a string and
+** used as the P4 operand, they will be more readable.
+**
+** Note also that the numeric types are grouped together so that testing
+** for a numeric type is a single comparison.  And the BLOB type is first.
+*/
+#define SQLITE_AFF_BLOB     'A'
+#define SQLITE_AFF_TEXT     'B'
+#define SQLITE_AFF_NUMERIC  'C'
+#define SQLITE_AFF_INTEGER  'D'
+#define SQLITE_AFF_REAL     'E'
+
+#define sqlite3IsNumericAffinity(X)  ((X)>=SQLITE_AFF_NUMERIC)
+
+/*
+** The SQLITE_AFF_MASK values masks off the significant bits of an
+** affinity value. 
+*/
+#define SQLITE_AFF_MASK     0x47
+
+/*
+** Additional bit values that can be ORed with an affinity without
+** changing the affinity.
+**
+** The SQLITE_NOTNULL flag is a combination of NULLEQ and JUMPIFNULL.
+** It causes an assert() to fire if either operand to a comparison
+** operator is NULL.  It is added to certain comparison operators to
+** prove that the operands are always NOT NULL.
+*/
+#define SQLITE_JUMPIFNULL   0x10  /* jumps if either operand is NULL */
+#define SQLITE_STOREP2      0x20  /* Store result in reg[P2] rather than jump */
+#define SQLITE_NULLEQ       0x80  /* NULL=NULL */
+#define SQLITE_NOTNULL      0x90  /* Assert that operands are never NULL */
+
+/*
+** An object of this type is created for each virtual table present in
+** the database schema. 
+**
+** If the database schema is shared, then there is one instance of this
+** structure for each database connection (sqlite3*) that uses the shared
+** schema. This is because each database connection requires its own unique
+** instance of the sqlite3_vtab* handle used to access the virtual table 
+** implementation. sqlite3_vtab* handles can not be shared between 
+** database connections, even when the rest of the in-memory database 
+** schema is shared, as the implementation often stores the database
+** connection handle passed to it via the xConnect() or xCreate() method
+** during initialization internally. This database connection handle may
+** then be used by the virtual table implementation to access real tables 
+** within the database. So that they appear as part of the callers 
+** transaction, these accesses need to be made via the same database 
+** connection as that used to execute SQL operations on the virtual table.
+**
+** All VTable objects that correspond to a single table in a shared
+** database schema are initially stored in a linked-list pointed to by
+** the Table.pVTable member variable of the corresponding Table object.
+** When an sqlite3_prepare() operation is required to access the virtual
+** table, it searches the list for the VTable that corresponds to the
+** database connection doing the preparing so as to use the correct
+** sqlite3_vtab* handle in the compiled query.
+**
+** When an in-memory Table object is deleted (for example when the
+** schema is being reloaded for some reason), the VTable objects are not 
+** deleted and the sqlite3_vtab* handles are not xDisconnect()ed 
+** immediately. Instead, they are moved from the Table.pVTable list to
+** another linked list headed by the sqlite3.pDisconnect member of the
+** corresponding sqlite3 structure. They are then deleted/xDisconnected 
+** next time a statement is prepared using said sqlite3*. This is done
+** to avoid deadlock issues involving multiple sqlite3.mutex mutexes.
+** Refer to comments above function sqlite3VtabUnlockList() for an
+** explanation as to why it is safe to add an entry to an sqlite3.pDisconnect
+** list without holding the corresponding sqlite3.mutex mutex.
+**
+** The memory for objects of this type is always allocated by 
+** sqlite3DbMalloc(), using the connection handle stored in VTable.db as 
+** the first argument.
+*/
+struct VTable {
+  sqlite3 *db;              /* Database connection associated with this table */
+  Module *pMod;             /* Pointer to module implementation */
+  sqlite3_vtab *pVtab;      /* Pointer to vtab instance */
+  int nRef;                 /* Number of pointers to this structure */
+  u8 bConstraint;           /* True if constraints are supported */
+  int iSavepoint;           /* Depth of the SAVEPOINT stack */
+  VTable *pNext;            /* Next in linked list (see above) */
+};
+
+/*
+** The schema for each SQL table and view is represented in memory
+** by an instance of the following structure.
+*/
+struct Table {
+  char *zName;         /* Name of the table or view */
+  Column *aCol;        /* Information about each column */
+  Index *pIndex;       /* List of SQL indexes on this table. */
+  Select *pSelect;     /* NULL for tables.  Points to definition if a view. */
+  FKey *pFKey;         /* Linked list of all foreign keys in this table */
+  char *zColAff;       /* String defining the affinity of each column */
+  ExprList *pCheck;    /* All CHECK constraints */
+                       /*   ... also used as column name list in a VIEW */
+  int tnum;            /* Root BTree page for this table */
+  i16 iPKey;           /* If not negative, use aCol[iPKey] as the rowid */
+  i16 nCol;            /* Number of columns in this table */
+  u16 nRef;            /* Number of pointers to this Table */
+  LogEst nRowLogEst;   /* Estimated rows in table - from sqlite_stat1 table */
+  LogEst szTabRow;     /* Estimated size of each table row in bytes */
+#ifdef SQLITE_ENABLE_COSTMULT
+  LogEst costMult;     /* Cost multiplier for using this table */
+#endif
+  u8 tabFlags;         /* Mask of TF_* values */
+  u8 keyConf;          /* What to do in case of uniqueness conflict on iPKey */
+#ifndef SQLITE_OMIT_ALTERTABLE
+  int addColOffset;    /* Offset in CREATE TABLE stmt to add a new column */
+#endif
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  int nModuleArg;      /* Number of arguments to the module */
+  char **azModuleArg;  /* 0: module 1: schema 2: vtab name 3...: args */
+  VTable *pVTable;     /* List of VTable objects. */
+#endif
+  Trigger *pTrigger;   /* List of triggers stored in pSchema */
+  Schema *pSchema;     /* Schema that contains this table */
+  Table *pNextZombie;  /* Next on the Parse.pZombieTab list */
+};
+
+/*
+** Allowed values for Table.tabFlags.
+**
+** TF_OOOHidden applies to tables or view that have hidden columns that are
+** followed by non-hidden columns.  Example:  "CREATE VIRTUAL TABLE x USING
+** vtab1(a HIDDEN, b);".  Since "b" is a non-hidden column but "a" is hidden,
+** the TF_OOOHidden attribute would apply in this case.  Such tables require
+** special handling during INSERT processing.
+*/
+#define TF_Readonly        0x01    /* Read-only system table */
+#define TF_Ephemeral       0x02    /* An ephemeral table */
+#define TF_HasPrimaryKey   0x04    /* Table has a primary key */
+#define TF_Autoincrement   0x08    /* Integer primary key is autoincrement */
+#define TF_Virtual         0x10    /* Is a virtual table */
+#define TF_WithoutRowid    0x20    /* No rowid.  PRIMARY KEY is the key */
+#define TF_NoVisibleRowid  0x40    /* No user-visible "rowid" column */
+#define TF_OOOHidden       0x80    /* Out-of-Order hidden columns */
+
+
+/*
+** Test to see whether or not a table is a virtual table.  This is
+** done as a macro so that it will be optimized out when virtual
+** table support is omitted from the build.
+*/
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+#  define IsVirtual(X)      (((X)->tabFlags & TF_Virtual)!=0)
+#else
+#  define IsVirtual(X)      0
+#endif
+
+/*
+** Macros to determine if a column is hidden.  IsOrdinaryHiddenColumn()
+** only works for non-virtual tables (ordinary tables and views) and is
+** always false unless SQLITE_ENABLE_HIDDEN_COLUMNS is defined.  The
+** IsHiddenColumn() macro is general purpose.
+*/
+#if defined(SQLITE_ENABLE_HIDDEN_COLUMNS)
+#  define IsHiddenColumn(X)         (((X)->colFlags & COLFLAG_HIDDEN)!=0)
+#  define IsOrdinaryHiddenColumn(X) (((X)->colFlags & COLFLAG_HIDDEN)!=0)
+#elif !defined(SQLITE_OMIT_VIRTUALTABLE)
+#  define IsHiddenColumn(X)         (((X)->colFlags & COLFLAG_HIDDEN)!=0)
+#  define IsOrdinaryHiddenColumn(X) 0
+#else
+#  define IsHiddenColumn(X)         0
+#  define IsOrdinaryHiddenColumn(X) 0
+#endif
+
+
+/* Does the table have a rowid */
+#define HasRowid(X)     (((X)->tabFlags & TF_WithoutRowid)==0)
+#define VisibleRowid(X) (((X)->tabFlags & TF_NoVisibleRowid)==0)
+
+/*
+** Each foreign key constraint is an instance of the following structure.
+**
+** A foreign key is associated with two tables.  The "from" table is
+** the table that contains the REFERENCES clause that creates the foreign
+** key.  The "to" table is the table that is named in the REFERENCES clause.
+** Consider this example:
+**
+**     CREATE TABLE ex1(
+**       a INTEGER PRIMARY KEY,
+**       b INTEGER CONSTRAINT fk1 REFERENCES ex2(x)
+**     );
+**
+** For foreign key "fk1", the from-table is "ex1" and the to-table is "ex2".
+** Equivalent names:
+**
+**     from-table == child-table
+**       to-table == parent-table
+**
+** Each REFERENCES clause generates an instance of the following structure
+** which is attached to the from-table.  The to-table need not exist when
+** the from-table is created.  The existence of the to-table is not checked.
+**
+** The list of all parents for child Table X is held at X.pFKey.
+**
+** A list of all children for a table named Z (which might not even exist)
+** is held in Schema.fkeyHash with a hash key of Z.
+*/
+struct FKey {
+  Table *pFrom;     /* Table containing the REFERENCES clause (aka: Child) */
+  FKey *pNextFrom;  /* Next FKey with the same in pFrom. Next parent of pFrom */
+  char *zTo;        /* Name of table that the key points to (aka: Parent) */
+  FKey *pNextTo;    /* Next with the same zTo. Next child of zTo. */
+  FKey *pPrevTo;    /* Previous with the same zTo */
+  int nCol;         /* Number of columns in this key */
+  /* EV: R-30323-21917 */
+  u8 isDeferred;       /* True if constraint checking is deferred till COMMIT */
+  u8 aAction[2];        /* ON DELETE and ON UPDATE actions, respectively */
+  Trigger *apTrigger[2];/* Triggers for aAction[] actions */
+  struct sColMap {      /* Mapping of columns in pFrom to columns in zTo */
+    int iFrom;            /* Index of column in pFrom */
+    char *zCol;           /* Name of column in zTo.  If NULL use PRIMARY KEY */
+  } aCol[1];            /* One entry for each of nCol columns */
+};
+
+/*
+** SQLite supports many different ways to resolve a constraint
+** error.  ROLLBACK processing means that a constraint violation
+** causes the operation in process to fail and for the current transaction
+** to be rolled back.  ABORT processing means the operation in process
+** fails and any prior changes from that one operation are backed out,
+** but the transaction is not rolled back.  FAIL processing means that
+** the operation in progress stops and returns an error code.  But prior
+** changes due to the same operation are not backed out and no rollback
+** occurs.  IGNORE means that the particular row that caused the constraint
+** error is not inserted or updated.  Processing continues and no error
+** is returned.  REPLACE means that preexisting database rows that caused
+** a UNIQUE constraint violation are removed so that the new insert or
+** update can proceed.  Processing continues and no error is reported.
+**
+** RESTRICT, SETNULL, and CASCADE actions apply only to foreign keys.
+** RESTRICT is the same as ABORT for IMMEDIATE foreign keys and the
+** same as ROLLBACK for DEFERRED keys.  SETNULL means that the foreign
+** key is set to NULL.  CASCADE means that a DELETE or UPDATE of the
+** referenced table row is propagated into the row that holds the
+** foreign key.
+** 
+** The following symbolic values are used to record which type
+** of action to take.
+*/
+#define OE_None     0   /* There is no constraint to check */
+#define OE_Rollback 1   /* Fail the operation and rollback the transaction */
+#define OE_Abort    2   /* Back out changes but do no rollback transaction */
+#define OE_Fail     3   /* Stop the operation but leave all prior changes */
+#define OE_Ignore   4   /* Ignore the error. Do not do the INSERT or UPDATE */
+#define OE_Replace  5   /* Delete existing record, then do INSERT or UPDATE */
+
+#define OE_Restrict 6   /* OE_Abort for IMMEDIATE, OE_Rollback for DEFERRED */
+#define OE_SetNull  7   /* Set the foreign key value to NULL */
+#define OE_SetDflt  8   /* Set the foreign key value to its default */
+#define OE_Cascade  9   /* Cascade the changes */
+
+#define OE_Default  10  /* Do whatever the default action is */
+
+
+/*
+** An instance of the following structure is passed as the first
+** argument to sqlite3VdbeKeyCompare and is used to control the 
+** comparison of the two index keys.
+**
+** Note that aSortOrder[] and aColl[] have nField+1 slots.  There
+** are nField slots for the columns of an index then one extra slot
+** for the rowid at the end.
+*/
+struct KeyInfo {
+  u32 nRef;           /* Number of references to this KeyInfo object */
+  u8 enc;             /* Text encoding - one of the SQLITE_UTF* values */
+  u16 nField;         /* Number of key columns in the index */
+  u16 nXField;        /* Number of columns beyond the key columns */
+  sqlite3 *db;        /* The database connection */
+  u8 *aSortOrder;     /* Sort order for each column. */
+  CollSeq *aColl[1];  /* Collating sequence for each term of the key */
+};
+
+/*
+** This object holds a record which has been parsed out into individual
+** fields, for the purposes of doing a comparison.
+**
+** A record is an object that contains one or more fields of data.
+** Records are used to store the content of a table row and to store
+** the key of an index.  A blob encoding of a record is created by
+** the OP_MakeRecord opcode of the VDBE and is disassembled by the
+** OP_Column opcode.
+**
+** An instance of this object serves as a "key" for doing a search on
+** an index b+tree. The goal of the search is to find the entry that
+** is closed to the key described by this object.  This object might hold
+** just a prefix of the key.  The number of fields is given by
+** pKeyInfo->nField.
+**
+** The r1 and r2 fields are the values to return if this key is less than
+** or greater than a key in the btree, respectively.  These are normally
+** -1 and +1 respectively, but might be inverted to +1 and -1 if the b-tree
+** is in DESC order.
+**
+** The key comparison functions actually return default_rc when they find
+** an equals comparison.  default_rc can be -1, 0, or +1.  If there are
+** multiple entries in the b-tree with the same key (when only looking
+** at the first pKeyInfo->nFields,) then default_rc can be set to -1 to 
+** cause the search to find the last match, or +1 to cause the search to
+** find the first match.
+**
+** The key comparison functions will set eqSeen to true if they ever
+** get and equal results when comparing this structure to a b-tree record.
+** When default_rc!=0, the search might end up on the record immediately
+** before the first match or immediately after the last match.  The
+** eqSeen field will indicate whether or not an exact match exists in the
+** b-tree.
+*/
+struct UnpackedRecord {
+  KeyInfo *pKeyInfo;  /* Collation and sort-order information */
+  Mem *aMem;          /* Values */
+  u16 nField;         /* Number of entries in apMem[] */
+  i8 default_rc;      /* Comparison result if keys are equal */
+  u8 errCode;         /* Error detected by xRecordCompare (CORRUPT or NOMEM) */
+  i8 r1;              /* Value to return if (lhs > rhs) */
+  i8 r2;              /* Value to return if (rhs < lhs) */
+  u8 eqSeen;          /* True if an equality comparison has been seen */
+};
+
+
+/*
+** Each SQL index is represented in memory by an
+** instance of the following structure.
+**
+** The columns of the table that are to be indexed are described
+** by the aiColumn[] field of this structure.  For example, suppose
+** we have the following table and index:
+**
+**     CREATE TABLE Ex1(c1 int, c2 int, c3 text);
+**     CREATE INDEX Ex2 ON Ex1(c3,c1);
+**
+** In the Table structure describing Ex1, nCol==3 because there are
+** three columns in the table.  In the Index structure describing
+** Ex2, nColumn==2 since 2 of the 3 columns of Ex1 are indexed.
+** The value of aiColumn is {2, 0}.  aiColumn[0]==2 because the 
+** first column to be indexed (c3) has an index of 2 in Ex1.aCol[].
+** The second column to be indexed (c1) has an index of 0 in
+** Ex1.aCol[], hence Ex2.aiColumn[1]==0.
+**
+** The Index.onError field determines whether or not the indexed columns
+** must be unique and what to do if they are not.  When Index.onError=OE_None,
+** it means this is not a unique index.  Otherwise it is a unique index
+** and the value of Index.onError indicate the which conflict resolution 
+** algorithm to employ whenever an attempt is made to insert a non-unique
+** element.
+**
+** While parsing a CREATE TABLE or CREATE INDEX statement in order to
+** generate VDBE code (as opposed to parsing one read from an sqlite_master
+** table as part of parsing an existing database schema), transient instances
+** of this structure may be created. In this case the Index.tnum variable is
+** used to store the address of a VDBE instruction, not a database page
+** number (it cannot - the database page is not allocated until the VDBE
+** program is executed). See convertToWithoutRowidTable() for details.
+*/
+struct Index {
+  char *zName;             /* Name of this index */
+  i16 *aiColumn;           /* Which columns are used by this index.  1st is 0 */
+  LogEst *aiRowLogEst;     /* From ANALYZE: Est. rows selected by each column */
+  Table *pTable;           /* The SQL table being indexed */
+  char *zColAff;           /* String defining the affinity of each column */
+  Index *pNext;            /* The next index associated with the same table */
+  Schema *pSchema;         /* Schema containing this index */
+  u8 *aSortOrder;          /* for each column: True==DESC, False==ASC */
+  const char **azColl;     /* Array of collation sequence names for index */
+  Expr *pPartIdxWhere;     /* WHERE clause for partial indices */
+  ExprList *aColExpr;      /* Column expressions */
+  int tnum;                /* DB Page containing root of this index */
+  LogEst szIdxRow;         /* Estimated average row size in bytes */
+  u16 nKeyCol;             /* Number of columns forming the key */
+  u16 nColumn;             /* Number of columns stored in the index */
+  u8 onError;              /* OE_Abort, OE_Ignore, OE_Replace, or OE_None */
+  unsigned idxType:2;      /* 1==UNIQUE, 2==PRIMARY KEY, 0==CREATE INDEX */
+  unsigned bUnordered:1;   /* Use this index for == or IN queries only */
+  unsigned uniqNotNull:1;  /* True if UNIQUE and NOT NULL for all columns */
+  unsigned isResized:1;    /* True if resizeIndexObject() has been called */
+  unsigned isCovering:1;   /* True if this is a covering index */
+  unsigned noSkipScan:1;   /* Do not try to use skip-scan if true */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  int nSample;             /* Number of elements in aSample[] */
+  int nSampleCol;          /* Size of IndexSample.anEq[] and so on */
+  tRowcnt *aAvgEq;         /* Average nEq values for keys not in aSample */
+  IndexSample *aSample;    /* Samples of the left-most key */
+  tRowcnt *aiRowEst;       /* Non-logarithmic stat1 data for this index */
+  tRowcnt nRowEst0;        /* Non-logarithmic number of rows in the index */
+#endif
+};
+
+/*
+** Allowed values for Index.idxType
+*/
+#define SQLITE_IDXTYPE_APPDEF      0   /* Created using CREATE INDEX */
+#define SQLITE_IDXTYPE_UNIQUE      1   /* Implements a UNIQUE constraint */
+#define SQLITE_IDXTYPE_PRIMARYKEY  2   /* Is the PRIMARY KEY for the table */
+
+/* Return true if index X is a PRIMARY KEY index */
+#define IsPrimaryKeyIndex(X)  ((X)->idxType==SQLITE_IDXTYPE_PRIMARYKEY)
+
+/* Return true if index X is a UNIQUE index */
+#define IsUniqueIndex(X)      ((X)->onError!=OE_None)
+
+/* The Index.aiColumn[] values are normally positive integer.  But
+** there are some negative values that have special meaning:
+*/
+#define XN_ROWID     (-1)     /* Indexed column is the rowid */
+#define XN_EXPR      (-2)     /* Indexed column is an expression */
+
+/*
+** Each sample stored in the sqlite_stat3 table is represented in memory 
+** using a structure of this type.  See documentation at the top of the
+** analyze.c source file for additional information.
+*/
+struct IndexSample {
+  void *p;          /* Pointer to sampled record */
+  int n;            /* Size of record in bytes */
+  tRowcnt *anEq;    /* Est. number of rows where the key equals this sample */
+  tRowcnt *anLt;    /* Est. number of rows where key is less than this sample */
+  tRowcnt *anDLt;   /* Est. number of distinct keys less than this sample */
+};
+
+/*
+** Each token coming out of the lexer is an instance of
+** this structure.  Tokens are also used as part of an expression.
+**
+** Note if Token.z==0 then Token.dyn and Token.n are undefined and
+** may contain random values.  Do not make any assumptions about Token.dyn
+** and Token.n when Token.z==0.
+*/
+struct Token {
+  const char *z;     /* Text of the token.  Not NULL-terminated! */
+  unsigned int n;    /* Number of characters in this token */
+};
+
+/*
+** An instance of this structure contains information needed to generate
+** code for a SELECT that contains aggregate functions.
+**
+** If Expr.op==TK_AGG_COLUMN or TK_AGG_FUNCTION then Expr.pAggInfo is a
+** pointer to this structure.  The Expr.iColumn field is the index in
+** AggInfo.aCol[] or AggInfo.aFunc[] of information needed to generate
+** code for that node.
+**
+** AggInfo.pGroupBy and AggInfo.aFunc.pExpr point to fields within the
+** original Select structure that describes the SELECT statement.  These
+** fields do not need to be freed when deallocating the AggInfo structure.
+*/
+struct AggInfo {
+  u8 directMode;          /* Direct rendering mode means take data directly
+                          ** from source tables rather than from accumulators */
+  u8 useSortingIdx;       /* In direct mode, reference the sorting index rather
+                          ** than the source table */
+  int sortingIdx;         /* Cursor number of the sorting index */
+  int sortingIdxPTab;     /* Cursor number of pseudo-table */
+  int nSortingColumn;     /* Number of columns in the sorting index */
+  int mnReg, mxReg;       /* Range of registers allocated for aCol and aFunc */
+  ExprList *pGroupBy;     /* The group by clause */
+  struct AggInfo_col {    /* For each column used in source tables */
+    Table *pTab;             /* Source table */
+    int iTable;              /* Cursor number of the source table */
+    int iColumn;             /* Column number within the source table */
+    int iSorterColumn;       /* Column number in the sorting index */
+    int iMem;                /* Memory location that acts as accumulator */
+    Expr *pExpr;             /* The original expression */
+  } *aCol;
+  int nColumn;            /* Number of used entries in aCol[] */
+  int nAccumulator;       /* Number of columns that show through to the output.
+                          ** Additional columns are used only as parameters to
+                          ** aggregate functions */
+  struct AggInfo_func {   /* For each aggregate function */
+    Expr *pExpr;             /* Expression encoding the function */
+    FuncDef *pFunc;          /* The aggregate function implementation */
+    int iMem;                /* Memory location that acts as accumulator */
+    int iDistinct;           /* Ephemeral table used to enforce DISTINCT */
+  } *aFunc;
+  int nFunc;              /* Number of entries in aFunc[] */
+};
+
+/*
+** The datatype ynVar is a signed integer, either 16-bit or 32-bit.
+** Usually it is 16-bits.  But if SQLITE_MAX_VARIABLE_NUMBER is greater
+** than 32767 we have to make it 32-bit.  16-bit is preferred because
+** it uses less memory in the Expr object, which is a big memory user
+** in systems with lots of prepared statements.  And few applications
+** need more than about 10 or 20 variables.  But some extreme users want
+** to have prepared statements with over 32767 variables, and for them
+** the option is available (at compile-time).
+*/
+#if SQLITE_MAX_VARIABLE_NUMBER<=32767
+typedef i16 ynVar;
+#else
+typedef int ynVar;
+#endif
+
+/*
+** Each node of an expression in the parse tree is an instance
+** of this structure.
+**
+** Expr.op is the opcode. The integer parser token codes are reused
+** as opcodes here. For example, the parser defines TK_GE to be an integer
+** code representing the ">=" operator. This same integer code is reused
+** to represent the greater-than-or-equal-to operator in the expression
+** tree.
+**
+** If the expression is an SQL literal (TK_INTEGER, TK_FLOAT, TK_BLOB, 
+** or TK_STRING), then Expr.token contains the text of the SQL literal. If
+** the expression is a variable (TK_VARIABLE), then Expr.token contains the 
+** variable name. Finally, if the expression is an SQL function (TK_FUNCTION),
+** then Expr.token contains the name of the function.
+**
+** Expr.pRight and Expr.pLeft are the left and right subexpressions of a
+** binary operator. Either or both may be NULL.
+**
+** Expr.x.pList is a list of arguments if the expression is an SQL function,
+** a CASE expression or an IN expression of the form "<lhs> IN (<y>, <z>...)".
+** Expr.x.pSelect is used if the expression is a sub-select or an expression of
+** the form "<lhs> IN (SELECT ...)". If the EP_xIsSelect bit is set in the
+** Expr.flags mask, then Expr.x.pSelect is valid. Otherwise, Expr.x.pList is 
+** valid.
+**
+** An expression of the form ID or ID.ID refers to a column in a table.
+** For such expressions, Expr.op is set to TK_COLUMN and Expr.iTable is
+** the integer cursor number of a VDBE cursor pointing to that table and
+** Expr.iColumn is the column number for the specific column.  If the
+** expression is used as a result in an aggregate SELECT, then the
+** value is also stored in the Expr.iAgg column in the aggregate so that
+** it can be accessed after all aggregates are computed.
+**
+** If the expression is an unbound variable marker (a question mark 
+** character '?' in the original SQL) then the Expr.iTable holds the index 
+** number for that variable.
+**
+** If the expression is a subquery then Expr.iColumn holds an integer
+** register number containing the result of the subquery.  If the
+** subquery gives a constant result, then iTable is -1.  If the subquery
+** gives a different answer at different times during statement processing
+** then iTable is the address of a subroutine that computes the subquery.
+**
+** If the Expr is of type OP_Column, and the table it is selecting from
+** is a disk table or the "old.*" pseudo-table, then pTab points to the
+** corresponding table definition.
+**
+** ALLOCATION NOTES:
+**
+** Expr objects can use a lot of memory space in database schema.  To
+** help reduce memory requirements, sometimes an Expr object will be
+** truncated.  And to reduce the number of memory allocations, sometimes
+** two or more Expr objects will be stored in a single memory allocation,
+** together with Expr.zToken strings.
+**
+** If the EP_Reduced and EP_TokenOnly flags are set when
+** an Expr object is truncated.  When EP_Reduced is set, then all
+** the child Expr objects in the Expr.pLeft and Expr.pRight subtrees
+** are contained within the same memory allocation.  Note, however, that
+** the subtrees in Expr.x.pList or Expr.x.pSelect are always separately
+** allocated, regardless of whether or not EP_Reduced is set.
+*/
+struct Expr {
+  u8 op;                 /* Operation performed by this node */
+  char affinity;         /* The affinity of the column or 0 if not a column */
+  u32 flags;             /* Various flags.  EP_* See below */
+  union {
+    char *zToken;          /* Token value. Zero terminated and dequoted */
+    int iValue;            /* Non-negative integer value if EP_IntValue */
+  } u;
+
+  /* If the EP_TokenOnly flag is set in the Expr.flags mask, then no
+  ** space is allocated for the fields below this point. An attempt to
+  ** access them will result in a segfault or malfunction. 
+  *********************************************************************/
+
+  Expr *pLeft;           /* Left subnode */
+  Expr *pRight;          /* Right subnode */
+  union {
+    ExprList *pList;     /* op = IN, EXISTS, SELECT, CASE, FUNCTION, BETWEEN */
+    Select *pSelect;     /* EP_xIsSelect and op = IN, EXISTS, SELECT */
+  } x;
+
+  /* If the EP_Reduced flag is set in the Expr.flags mask, then no
+  ** space is allocated for the fields below this point. An attempt to
+  ** access them will result in a segfault or malfunction.
+  *********************************************************************/
+
+#if SQLITE_MAX_EXPR_DEPTH>0
+  int nHeight;           /* Height of the tree headed by this node */
+#endif
+  int iTable;            /* TK_COLUMN: cursor number of table holding column
+                         ** TK_REGISTER: register number
+                         ** TK_TRIGGER: 1 -> new, 0 -> old
+                         ** EP_Unlikely:  134217728 times likelihood */
+  ynVar iColumn;         /* TK_COLUMN: column index.  -1 for rowid.
+                         ** TK_VARIABLE: variable number (always >= 1). */
+  i16 iAgg;              /* Which entry in pAggInfo->aCol[] or ->aFunc[] */
+  i16 iRightJoinTable;   /* If EP_FromJoin, the right table of the join */
+  u8 op2;                /* TK_REGISTER: original value of Expr.op
+                         ** TK_COLUMN: the value of p5 for OP_Column
+                         ** TK_AGG_FUNCTION: nesting depth */
+  AggInfo *pAggInfo;     /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
+  Table *pTab;           /* Table for TK_COLUMN expressions. */
+};
+
+/*
+** The following are the meanings of bits in the Expr.flags field.
+*/
+#define EP_FromJoin  0x000001 /* Originates in ON/USING clause of outer join */
+#define EP_Agg       0x000002 /* Contains one or more aggregate functions */
+#define EP_Resolved  0x000004 /* IDs have been resolved to COLUMNs */
+#define EP_Error     0x000008 /* Expression contains one or more errors */
+#define EP_Distinct  0x000010 /* Aggregate function with DISTINCT keyword */
+#define EP_VarSelect 0x000020 /* pSelect is correlated, not constant */
+#define EP_DblQuoted 0x000040 /* token.z was originally in "..." */
+#define EP_InfixFunc 0x000080 /* True for an infix function: LIKE, GLOB, etc */
+#define EP_Collate   0x000100 /* Tree contains a TK_COLLATE operator */
+#define EP_Generic   0x000200 /* Ignore COLLATE or affinity on this tree */
+#define EP_IntValue  0x000400 /* Integer value contained in u.iValue */
+#define EP_xIsSelect 0x000800 /* x.pSelect is valid (otherwise x.pList is) */
+#define EP_Skip      0x001000 /* COLLATE, AS, or UNLIKELY */
+#define EP_Reduced   0x002000 /* Expr struct EXPR_REDUCEDSIZE bytes only */
+#define EP_TokenOnly 0x004000 /* Expr struct EXPR_TOKENONLYSIZE bytes only */
+#define EP_Static    0x008000 /* Held in memory not obtained from malloc() */
+#define EP_MemToken  0x010000 /* Need to sqlite3DbFree() Expr.zToken */
+#define EP_NoReduce  0x020000 /* Cannot EXPRDUP_REDUCE this Expr */
+#define EP_Unlikely  0x040000 /* unlikely() or likelihood() function */
+#define EP_ConstFunc 0x080000 /* A SQLITE_FUNC_CONSTANT or _SLOCHNG function */
+#define EP_CanBeNull 0x100000 /* Can be null despite NOT NULL constraint */
+#define EP_Subquery  0x200000 /* Tree contains a TK_SELECT operator */
+#define EP_Alias     0x400000 /* Is an alias for a result set column */
+
+/*
+** Combinations of two or more EP_* flags
+*/
+#define EP_Propagate (EP_Collate|EP_Subquery) /* Propagate these bits up tree */
+
+/*
+** These macros can be used to test, set, or clear bits in the 
+** Expr.flags field.
+*/
+#define ExprHasProperty(E,P)     (((E)->flags&(P))!=0)
+#define ExprHasAllProperty(E,P)  (((E)->flags&(P))==(P))
+#define ExprSetProperty(E,P)     (E)->flags|=(P)
+#define ExprClearProperty(E,P)   (E)->flags&=~(P)
+
+/* The ExprSetVVAProperty() macro is used for Verification, Validation,
+** and Accreditation only.  It works like ExprSetProperty() during VVA
+** processes but is a no-op for delivery.
+*/
+#ifdef SQLITE_DEBUG
+# define ExprSetVVAProperty(E,P)  (E)->flags|=(P)
+#else
+# define ExprSetVVAProperty(E,P)
+#endif
+
+/*
+** Macros to determine the number of bytes required by a normal Expr 
+** struct, an Expr struct with the EP_Reduced flag set in Expr.flags 
+** and an Expr struct with the EP_TokenOnly flag set.
+*/
+#define EXPR_FULLSIZE           sizeof(Expr)           /* Full size */
+#define EXPR_REDUCEDSIZE        offsetof(Expr,iTable)  /* Common features */
+#define EXPR_TOKENONLYSIZE      offsetof(Expr,pLeft)   /* Fewer features */
+
+/*
+** Flags passed to the sqlite3ExprDup() function. See the header comment 
+** above sqlite3ExprDup() for details.
+*/
+#define EXPRDUP_REDUCE         0x0001  /* Used reduced-size Expr nodes */
+
+/*
+** A list of expressions.  Each expression may optionally have a
+** name.  An expr/name combination can be used in several ways, such
+** as the list of "expr AS ID" fields following a "SELECT" or in the
+** list of "ID = expr" items in an UPDATE.  A list of expressions can
+** also be used as the argument to a function, in which case the a.zName
+** field is not used.
+**
+** By default the Expr.zSpan field holds a human-readable description of
+** the expression that is used in the generation of error messages and
+** column labels.  In this case, Expr.zSpan is typically the text of a
+** column expression as it exists in a SELECT statement.  However, if
+** the bSpanIsTab flag is set, then zSpan is overloaded to mean the name
+** of the result column in the form: DATABASE.TABLE.COLUMN.  This later
+** form is used for name resolution with nested FROM clauses.
+*/
+struct ExprList {
+  int nExpr;             /* Number of expressions on the list */
+  struct ExprList_item { /* For each expression in the list */
+    Expr *pExpr;            /* The list of expressions */
+    char *zName;            /* Token associated with this expression */
+    char *zSpan;            /* Original text of the expression */
+    u8 sortOrder;           /* 1 for DESC or 0 for ASC */
+    unsigned done :1;       /* A flag to indicate when processing is finished */
+    unsigned bSpanIsTab :1; /* zSpan holds DB.TABLE.COLUMN */
+    unsigned reusable :1;   /* Constant expression is reusable */
+    union {
+      struct {
+        u16 iOrderByCol;      /* For ORDER BY, column number in result set */
+        u16 iAlias;           /* Index into Parse.aAlias[] for zName */
+      } x;
+      int iConstExprReg;      /* Register in which Expr value is cached */
+    } u;
+  } *a;                  /* Alloc a power of two greater or equal to nExpr */
+};
+
+/*
+** An instance of this structure is used by the parser to record both
+** the parse tree for an expression and the span of input text for an
+** expression.
+*/
+struct ExprSpan {
+  Expr *pExpr;          /* The expression parse tree */
+  const char *zStart;   /* First character of input text */
+  const char *zEnd;     /* One character past the end of input text */
+};
+
+/*
+** An instance of this structure can hold a simple list of identifiers,
+** such as the list "a,b,c" in the following statements:
+**
+**      INSERT INTO t(a,b,c) VALUES ...;
+**      CREATE INDEX idx ON t(a,b,c);
+**      CREATE TRIGGER trig BEFORE UPDATE ON t(a,b,c) ...;
+**
+** The IdList.a.idx field is used when the IdList represents the list of
+** column names after a table name in an INSERT statement.  In the statement
+**
+**     INSERT INTO t(a,b,c) ...
+**
+** If "a" is the k-th column of table "t", then IdList.a[0].idx==k.
+*/
+struct IdList {
+  struct IdList_item {
+    char *zName;      /* Name of the identifier */
+    int idx;          /* Index in some Table.aCol[] of a column named zName */
+  } *a;
+  int nId;         /* Number of identifiers on the list */
+};
+
+/*
+** The bitmask datatype defined below is used for various optimizations.
+**
+** Changing this from a 64-bit to a 32-bit type limits the number of
+** tables in a join to 32 instead of 64.  But it also reduces the size
+** of the library by 738 bytes on ix86.
+*/
+typedef u64 Bitmask;
+
+/*
+** The number of bits in a Bitmask.  "BMS" means "BitMask Size".
+*/
+#define BMS  ((int)(sizeof(Bitmask)*8))
+
+/*
+** A bit in a Bitmask
+*/
+#define MASKBIT(n)   (((Bitmask)1)<<(n))
+#define MASKBIT32(n) (((unsigned int)1)<<(n))
+
+/*
+** The following structure describes the FROM clause of a SELECT statement.
+** Each table or subquery in the FROM clause is a separate element of
+** the SrcList.a[] array.
+**
+** With the addition of multiple database support, the following structure
+** can also be used to describe a particular table such as the table that
+** is modified by an INSERT, DELETE, or UPDATE statement.  In standard SQL,
+** such a table must be a simple name: ID.  But in SQLite, the table can
+** now be identified by a database name, a dot, then the table name: ID.ID.
+**
+** The jointype starts out showing the join type between the current table
+** and the next table on the list.  The parser builds the list this way.
+** But sqlite3SrcListShiftJoinType() later shifts the jointypes so that each
+** jointype expresses the join between the table and the previous table.
+**
+** In the colUsed field, the high-order bit (bit 63) is set if the table
+** contains more than 63 columns and the 64-th or later column is used.
+*/
+struct SrcList {
+  int nSrc;        /* Number of tables or subqueries in the FROM clause */
+  u32 nAlloc;      /* Number of entries allocated in a[] below */
+  struct SrcList_item {
+    Schema *pSchema;  /* Schema to which this item is fixed */
+    char *zDatabase;  /* Name of database holding this table */
+    char *zName;      /* Name of the table */
+    char *zAlias;     /* The "B" part of a "A AS B" phrase.  zName is the "A" */
+    Table *pTab;      /* An SQL table corresponding to zName */
+    Select *pSelect;  /* A SELECT statement used in place of a table name */
+    int addrFillSub;  /* Address of subroutine to manifest a subquery */
+    int regReturn;    /* Register holding return address of addrFillSub */
+    int regResult;    /* Registers holding results of a co-routine */
+    struct {
+      u8 jointype;      /* Type of join between this able and the previous */
+      unsigned notIndexed :1;    /* True if there is a NOT INDEXED clause */
+      unsigned isIndexedBy :1;   /* True if there is an INDEXED BY clause */
+      unsigned isTabFunc :1;     /* True if table-valued-function syntax */
+      unsigned isCorrelated :1;  /* True if sub-query is correlated */
+      unsigned viaCoroutine :1;  /* Implemented as a co-routine */
+      unsigned isRecursive :1;   /* True for recursive reference in WITH */
+    } fg;
+#ifndef SQLITE_OMIT_EXPLAIN
+    u8 iSelectId;     /* If pSelect!=0, the id of the sub-select in EQP */
+#endif
+    int iCursor;      /* The VDBE cursor number used to access this table */
+    Expr *pOn;        /* The ON clause of a join */
+    IdList *pUsing;   /* The USING clause of a join */
+    Bitmask colUsed;  /* Bit N (1<<N) set if column N of pTab is used */
+    union {
+      char *zIndexedBy;    /* Identifier from "INDEXED BY <zIndex>" clause */
+      ExprList *pFuncArg;  /* Arguments to table-valued-function */
+    } u1;
+    Index *pIBIndex;  /* Index structure corresponding to u1.zIndexedBy */
+  } a[1];             /* One entry for each identifier on the list */
+};
+
+/*
+** Permitted values of the SrcList.a.jointype field
+*/
+#define JT_INNER     0x0001    /* Any kind of inner or cross join */
+#define JT_CROSS     0x0002    /* Explicit use of the CROSS keyword */
+#define JT_NATURAL   0x0004    /* True for a "natural" join */
+#define JT_LEFT      0x0008    /* Left outer join */
+#define JT_RIGHT     0x0010    /* Right outer join */
+#define JT_OUTER     0x0020    /* The "OUTER" keyword is present */
+#define JT_ERROR     0x0040    /* unknown or unsupported join type */
+
+
+/*
+** Flags appropriate for the wctrlFlags parameter of sqlite3WhereBegin()
+** and the WhereInfo.wctrlFlags member.
+*/
+#define WHERE_ORDERBY_NORMAL   0x0000 /* No-op */
+#define WHERE_ORDERBY_MIN      0x0001 /* ORDER BY processing for min() func */
+#define WHERE_ORDERBY_MAX      0x0002 /* ORDER BY processing for max() func */
+#define WHERE_ONEPASS_DESIRED  0x0004 /* Want to do one-pass UPDATE/DELETE */
+#define WHERE_DUPLICATES_OK    0x0008 /* Ok to return a row more than once */
+#define WHERE_OMIT_OPEN_CLOSE  0x0010 /* Table cursors are already open */
+#define WHERE_FORCE_TABLE      0x0020 /* Do not use an index-only search */
+#define WHERE_ONETABLE_ONLY    0x0040 /* Only code the 1st table in pTabList */
+#define WHERE_NO_AUTOINDEX     0x0080 /* Disallow automatic indexes */
+#define WHERE_GROUPBY          0x0100 /* pOrderBy is really a GROUP BY */
+#define WHERE_DISTINCTBY       0x0200 /* pOrderby is really a DISTINCT clause */
+#define WHERE_WANT_DISTINCT    0x0400 /* All output needs to be distinct */
+#define WHERE_SORTBYGROUP      0x0800 /* Support sqlite3WhereIsSorted() */
+#define WHERE_REOPEN_IDX       0x1000 /* Try to use OP_ReopenIdx */
+#define WHERE_ONEPASS_MULTIROW 0x2000 /* ONEPASS is ok with multiple rows */
+
+/* Allowed return values from sqlite3WhereIsDistinct()
+*/
+#define WHERE_DISTINCT_NOOP      0  /* DISTINCT keyword not used */
+#define WHERE_DISTINCT_UNIQUE    1  /* No duplicates */
+#define WHERE_DISTINCT_ORDERED   2  /* All duplicates are adjacent */
+#define WHERE_DISTINCT_UNORDERED 3  /* Duplicates are scattered */
+
+/*
+** A NameContext defines a context in which to resolve table and column
+** names.  The context consists of a list of tables (the pSrcList) field and
+** a list of named expression (pEList).  The named expression list may
+** be NULL.  The pSrc corresponds to the FROM clause of a SELECT or
+** to the table being operated on by INSERT, UPDATE, or DELETE.  The
+** pEList corresponds to the result set of a SELECT and is NULL for
+** other statements.
+**
+** NameContexts can be nested.  When resolving names, the inner-most 
+** context is searched first.  If no match is found, the next outer
+** context is checked.  If there is still no match, the next context
+** is checked.  This process continues until either a match is found
+** or all contexts are check.  When a match is found, the nRef member of
+** the context containing the match is incremented. 
+**
+** Each subquery gets a new NameContext.  The pNext field points to the
+** NameContext in the parent query.  Thus the process of scanning the
+** NameContext list corresponds to searching through successively outer
+** subqueries looking for a match.
+*/
+struct NameContext {
+  Parse *pParse;       /* The parser */
+  SrcList *pSrcList;   /* One or more tables used to resolve names */
+  ExprList *pEList;    /* Optional list of result-set columns */
+  AggInfo *pAggInfo;   /* Information about aggregates at this level */
+  NameContext *pNext;  /* Next outer name context.  NULL for outermost */
+  int nRef;            /* Number of names resolved by this context */
+  int nErr;            /* Number of errors encountered while resolving names */
+  u16 ncFlags;         /* Zero or more NC_* flags defined below */
+};
+
+/*
+** Allowed values for the NameContext, ncFlags field.
+**
+** Note:  NC_MinMaxAgg must have the same value as SF_MinMaxAgg and
+** SQLITE_FUNC_MINMAX.
+** 
+*/
+#define NC_AllowAgg  0x0001  /* Aggregate functions are allowed here */
+#define NC_HasAgg    0x0002  /* One or more aggregate functions seen */
+#define NC_IsCheck   0x0004  /* True if resolving names in a CHECK constraint */
+#define NC_InAggFunc 0x0008  /* True if analyzing arguments to an agg func */
+#define NC_PartIdx   0x0010  /* True if resolving a partial index WHERE */
+#define NC_IdxExpr   0x0020  /* True if resolving columns of CREATE INDEX */
+#define NC_MinMaxAgg 0x1000  /* min/max aggregates seen.  See note above */
+
+/*
+** An instance of the following structure contains all information
+** needed to generate code for a single SELECT statement.
+**
+** nLimit is set to -1 if there is no LIMIT clause.  nOffset is set to 0.
+** If there is a LIMIT clause, the parser sets nLimit to the value of the
+** limit and nOffset to the value of the offset (or 0 if there is not
+** offset).  But later on, nLimit and nOffset become the memory locations
+** in the VDBE that record the limit and offset counters.
+**
+** addrOpenEphm[] entries contain the address of OP_OpenEphemeral opcodes.
+** These addresses must be stored so that we can go back and fill in
+** the P4_KEYINFO and P2 parameters later.  Neither the KeyInfo nor
+** the number of columns in P2 can be computed at the same time
+** as the OP_OpenEphm instruction is coded because not
+** enough information about the compound query is known at that point.
+** The KeyInfo for addrOpenTran[0] and [1] contains collating sequences
+** for the result set.  The KeyInfo for addrOpenEphm[2] contains collating
+** sequences for the ORDER BY clause.
+*/
+struct Select {
+  ExprList *pEList;      /* The fields of the result */
+  u8 op;                 /* One of: TK_UNION TK_ALL TK_INTERSECT TK_EXCEPT */
+  u16 selFlags;          /* Various SF_* values */
+  int iLimit, iOffset;   /* Memory registers holding LIMIT & OFFSET counters */
+#if SELECTTRACE_ENABLED
+  char zSelName[12];     /* Symbolic name of this SELECT use for debugging */
+#endif
+  int addrOpenEphm[2];   /* OP_OpenEphem opcodes related to this select */
+  u64 nSelectRow;        /* Estimated number of result rows */
+  SrcList *pSrc;         /* The FROM clause */
+  Expr *pWhere;          /* The WHERE clause */
+  ExprList *pGroupBy;    /* The GROUP BY clause */
+  Expr *pHaving;         /* The HAVING clause */
+  ExprList *pOrderBy;    /* The ORDER BY clause */
+  Select *pPrior;        /* Prior select in a compound select statement */
+  Select *pNext;         /* Next select to the left in a compound */
+  Expr *pLimit;          /* LIMIT expression. NULL means not used. */
+  Expr *pOffset;         /* OFFSET expression. NULL means not used. */
+  With *pWith;           /* WITH clause attached to this select. Or NULL. */
+};
+
+/*
+** Allowed values for Select.selFlags.  The "SF" prefix stands for
+** "Select Flag".
+*/
+#define SF_Distinct        0x0001  /* Output should be DISTINCT */
+#define SF_All             0x0002  /* Includes the ALL keyword */
+#define SF_Resolved        0x0004  /* Identifiers have been resolved */
+#define SF_Aggregate       0x0008  /* Contains aggregate functions */
+#define SF_UsesEphemeral   0x0010  /* Uses the OpenEphemeral opcode */
+#define SF_Expanded        0x0020  /* sqlite3SelectExpand() called on this */
+#define SF_HasTypeInfo     0x0040  /* FROM subqueries have Table metadata */
+#define SF_Compound        0x0080  /* Part of a compound query */
+#define SF_Values          0x0100  /* Synthesized from VALUES clause */
+#define SF_MultiValue      0x0200  /* Single VALUES term with multiple rows */
+#define SF_NestedFrom      0x0400  /* Part of a parenthesized FROM clause */
+#define SF_MaybeConvert    0x0800  /* Need convertCompoundSelectToSubquery() */
+#define SF_MinMaxAgg       0x1000  /* Aggregate containing min() or max() */
+#define SF_Recursive       0x2000  /* The recursive part of a recursive CTE */
+#define SF_Converted       0x4000  /* By convertCompoundSelectToSubquery() */
+#define SF_IncludeHidden   0x8000  /* Include hidden columns in output */
+
+
+/*
+** The results of a SELECT can be distributed in several ways, as defined
+** by one of the following macros.  The "SRT" prefix means "SELECT Result
+** Type".
+**
+**     SRT_Union       Store results as a key in a temporary index 
+**                     identified by pDest->iSDParm.
+**
+**     SRT_Except      Remove results from the temporary index pDest->iSDParm.
+**
+**     SRT_Exists      Store a 1 in memory cell pDest->iSDParm if the result
+**                     set is not empty.
+**
+**     SRT_Discard     Throw the results away.  This is used by SELECT
+**                     statements within triggers whose only purpose is
+**                     the side-effects of functions.
+**
+** All of the above are free to ignore their ORDER BY clause. Those that
+** follow must honor the ORDER BY clause.
+**
+**     SRT_Output      Generate a row of output (using the OP_ResultRow
+**                     opcode) for each row in the result set.
+**
+**     SRT_Mem         Only valid if the result is a single column.
+**                     Store the first column of the first result row
+**                     in register pDest->iSDParm then abandon the rest
+**                     of the query.  This destination implies "LIMIT 1".
+**
+**     SRT_Set         The result must be a single column.  Store each
+**                     row of result as the key in table pDest->iSDParm. 
+**                     Apply the affinity pDest->affSdst before storing
+**                     results.  Used to implement "IN (SELECT ...)".
+**
+**     SRT_EphemTab    Create an temporary table pDest->iSDParm and store
+**                     the result there. The cursor is left open after
+**                     returning.  This is like SRT_Table except that
+**                     this destination uses OP_OpenEphemeral to create
+**                     the table first.
+**
+**     SRT_Coroutine   Generate a co-routine that returns a new row of
+**                     results each time it is invoked.  The entry point
+**                     of the co-routine is stored in register pDest->iSDParm
+**                     and the result row is stored in pDest->nDest registers
+**                     starting with pDest->iSdst.
+**
+**     SRT_Table       Store results in temporary table pDest->iSDParm.
+**     SRT_Fifo        This is like SRT_EphemTab except that the table
+**                     is assumed to already be open.  SRT_Fifo has
+**                     the additional property of being able to ignore
+**                     the ORDER BY clause.
+**
+**     SRT_DistFifo    Store results in a temporary table pDest->iSDParm.
+**                     But also use temporary table pDest->iSDParm+1 as
+**                     a record of all prior results and ignore any duplicate
+**                     rows.  Name means:  "Distinct Fifo".
+**
+**     SRT_Queue       Store results in priority queue pDest->iSDParm (really
+**                     an index).  Append a sequence number so that all entries
+**                     are distinct.
+**
+**     SRT_DistQueue   Store results in priority queue pDest->iSDParm only if
+**                     the same record has never been stored before.  The
+**                     index at pDest->iSDParm+1 hold all prior stores.
+*/
+#define SRT_Union        1  /* Store result as keys in an index */
+#define SRT_Except       2  /* Remove result from a UNION index */
+#define SRT_Exists       3  /* Store 1 if the result is not empty */
+#define SRT_Discard      4  /* Do not save the results anywhere */
+#define SRT_Fifo         5  /* Store result as data with an automatic rowid */
+#define SRT_DistFifo     6  /* Like SRT_Fifo, but unique results only */
+#define SRT_Queue        7  /* Store result in an queue */
+#define SRT_DistQueue    8  /* Like SRT_Queue, but unique results only */
+
+/* The ORDER BY clause is ignored for all of the above */
+#define IgnorableOrderby(X) ((X->eDest)<=SRT_DistQueue)
+
+#define SRT_Output       9  /* Output each row of result */
+#define SRT_Mem         10  /* Store result in a memory cell */
+#define SRT_Set         11  /* Store results as keys in an index */
+#define SRT_EphemTab    12  /* Create transient tab and store like SRT_Table */
+#define SRT_Coroutine   13  /* Generate a single row of result */
+#define SRT_Table       14  /* Store result as data with an automatic rowid */
+
+/*
+** An instance of this object describes where to put of the results of
+** a SELECT statement.
+*/
+struct SelectDest {
+  u8 eDest;            /* How to dispose of the results.  On of SRT_* above. */
+  char affSdst;        /* Affinity used when eDest==SRT_Set */
+  int iSDParm;         /* A parameter used by the eDest disposal method */
+  int iSdst;           /* Base register where results are written */
+  int nSdst;           /* Number of registers allocated */
+  ExprList *pOrderBy;  /* Key columns for SRT_Queue and SRT_DistQueue */
+};
+
+/*
+** During code generation of statements that do inserts into AUTOINCREMENT 
+** tables, the following information is attached to the Table.u.autoInc.p
+** pointer of each autoincrement table to record some side information that
+** the code generator needs.  We have to keep per-table autoincrement
+** information in case inserts are down within triggers.  Triggers do not
+** normally coordinate their activities, but we do need to coordinate the
+** loading and saving of autoincrement information.
+*/
+struct AutoincInfo {
+  AutoincInfo *pNext;   /* Next info block in a list of them all */
+  Table *pTab;          /* Table this info block refers to */
+  int iDb;              /* Index in sqlite3.aDb[] of database holding pTab */
+  int regCtr;           /* Memory register holding the rowid counter */
+};
+
+/*
+** Size of the column cache
+*/
+#ifndef SQLITE_N_COLCACHE
+# define SQLITE_N_COLCACHE 10
+#endif
+
+/*
+** At least one instance of the following structure is created for each 
+** trigger that may be fired while parsing an INSERT, UPDATE or DELETE
+** statement. All such objects are stored in the linked list headed at
+** Parse.pTriggerPrg and deleted once statement compilation has been
+** completed.
+**
+** A Vdbe sub-program that implements the body and WHEN clause of trigger
+** TriggerPrg.pTrigger, assuming a default ON CONFLICT clause of
+** TriggerPrg.orconf, is stored in the TriggerPrg.pProgram variable.
+** The Parse.pTriggerPrg list never contains two entries with the same
+** values for both pTrigger and orconf.
+**
+** The TriggerPrg.aColmask[0] variable is set to a mask of old.* columns
+** accessed (or set to 0 for triggers fired as a result of INSERT 
+** statements). Similarly, the TriggerPrg.aColmask[1] variable is set to
+** a mask of new.* columns used by the program.
+*/
+struct TriggerPrg {
+  Trigger *pTrigger;      /* Trigger this program was coded from */
+  TriggerPrg *pNext;      /* Next entry in Parse.pTriggerPrg list */
+  SubProgram *pProgram;   /* Program implementing pTrigger/orconf */
+  int orconf;             /* Default ON CONFLICT policy */
+  u32 aColmask[2];        /* Masks of old.*, new.* columns accessed */
+};
+
+/*
+** The yDbMask datatype for the bitmask of all attached databases.
+*/
+#if SQLITE_MAX_ATTACHED>30
+  typedef unsigned char yDbMask[(SQLITE_MAX_ATTACHED+9)/8];
+# define DbMaskTest(M,I)    (((M)[(I)/8]&(1<<((I)&7)))!=0)
+# define DbMaskZero(M)      memset((M),0,sizeof(M))
+# define DbMaskSet(M,I)     (M)[(I)/8]|=(1<<((I)&7))
+# define DbMaskAllZero(M)   sqlite3DbMaskAllZero(M)
+# define DbMaskNonZero(M)   (sqlite3DbMaskAllZero(M)==0)
+#else
+  typedef unsigned int yDbMask;
+# define DbMaskTest(M,I)    (((M)&(((yDbMask)1)<<(I)))!=0)
+# define DbMaskZero(M)      (M)=0
+# define DbMaskSet(M,I)     (M)|=(((yDbMask)1)<<(I))
+# define DbMaskAllZero(M)   (M)==0
+# define DbMaskNonZero(M)   (M)!=0
+#endif
+
+/*
+** An SQL parser context.  A copy of this structure is passed through
+** the parser and down into all the parser action routine in order to
+** carry around information that is global to the entire parse.
+**
+** The structure is divided into two parts.  When the parser and code
+** generate call themselves recursively, the first part of the structure
+** is constant but the second part is reset at the beginning and end of
+** each recursion.
+**
+** The nTableLock and aTableLock variables are only used if the shared-cache 
+** feature is enabled (if sqlite3Tsd()->useSharedData is true). They are
+** used to store the set of table-locks required by the statement being
+** compiled. Function sqlite3TableLock() is used to add entries to the
+** list.
+*/
+struct Parse {
+  sqlite3 *db;         /* The main database structure */
+  char *zErrMsg;       /* An error message */
+  Vdbe *pVdbe;         /* An engine for executing database bytecode */
+  int rc;              /* Return code from execution */
+  u8 colNamesSet;      /* TRUE after OP_ColumnName has been issued to pVdbe */
+  u8 checkSchema;      /* Causes schema cookie check after an error */
+  u8 nested;           /* Number of nested calls to the parser/code generator */
+  u8 nTempReg;         /* Number of temporary registers in aTempReg[] */
+  u8 isMultiWrite;     /* True if statement may modify/insert multiple rows */
+  u8 mayAbort;         /* True if statement may throw an ABORT exception */
+  u8 hasCompound;      /* Need to invoke convertCompoundSelectToSubquery() */
+  u8 okConstFactor;    /* OK to factor out constants */
+  int aTempReg[8];     /* Holding area for temporary registers */
+  int nRangeReg;       /* Size of the temporary register block */
+  int iRangeReg;       /* First register in temporary register block */
+  int nErr;            /* Number of errors seen */
+  int nTab;            /* Number of previously allocated VDBE cursors */
+  int nMem;            /* Number of memory cells used so far */
+  int nSet;            /* Number of sets used so far */
+  int nOnce;           /* Number of OP_Once instructions so far */
+  int nOpAlloc;        /* Number of slots allocated for Vdbe.aOp[] */
+  int szOpAlloc;       /* Bytes of memory space allocated for Vdbe.aOp[] */
+  int iFixedOp;        /* Never back out opcodes iFixedOp-1 or earlier */
+  int ckBase;          /* Base register of data during check constraints */
+  int iSelfTab;        /* Table of an index whose exprs are being coded */
+  int iCacheLevel;     /* ColCache valid when aColCache[].iLevel<=iCacheLevel */
+  int iCacheCnt;       /* Counter used to generate aColCache[].lru values */
+  int nLabel;          /* Number of labels used */
+  int *aLabel;         /* Space to hold the labels */
+  struct yColCache {
+    int iTable;           /* Table cursor number */
+    i16 iColumn;          /* Table column number */
+    u8 tempReg;           /* iReg is a temp register that needs to be freed */
+    int iLevel;           /* Nesting level */
+    int iReg;             /* Reg with value of this column. 0 means none. */
+    int lru;              /* Least recently used entry has the smallest value */
+  } aColCache[SQLITE_N_COLCACHE];  /* One for each column cache entry */
+  ExprList *pConstExpr;/* Constant expressions */
+  Token constraintName;/* Name of the constraint currently being parsed */
+  yDbMask writeMask;   /* Start a write transaction on these databases */
+  yDbMask cookieMask;  /* Bitmask of schema verified databases */
+  int cookieValue[SQLITE_MAX_ATTACHED+2];  /* Values of cookies to verify */
+  int regRowid;        /* Register holding rowid of CREATE TABLE entry */
+  int regRoot;         /* Register holding root page number for new objects */
+  int nMaxArg;         /* Max args passed to user function by sub-program */
+#if SELECTTRACE_ENABLED
+  int nSelect;         /* Number of SELECT statements seen */
+  int nSelectIndent;   /* How far to indent SELECTTRACE() output */
+#endif
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  int nTableLock;        /* Number of locks in aTableLock */
+  TableLock *aTableLock; /* Required table locks for shared-cache mode */
+#endif
+  AutoincInfo *pAinc;  /* Information about AUTOINCREMENT counters */
+
+  /* Information used while coding trigger programs. */
+  Parse *pToplevel;    /* Parse structure for main program (or NULL) */
+  Table *pTriggerTab;  /* Table triggers are being coded for */
+  int addrCrTab;       /* Address of OP_CreateTable opcode on CREATE TABLE */
+  u32 nQueryLoop;      /* Est number of iterations of a query (10*log2(N)) */
+  u32 oldmask;         /* Mask of old.* columns referenced */
+  u32 newmask;         /* Mask of new.* columns referenced */
+  u8 eTriggerOp;       /* TK_UPDATE, TK_INSERT or TK_DELETE */
+  u8 eOrconf;          /* Default ON CONFLICT policy for trigger steps */
+  u8 disableTriggers;  /* True to disable triggers */
+
+  /************************************************************************
+  ** Above is constant between recursions.  Below is reset before and after
+  ** each recursion.  The boundary between these two regions is determined
+  ** using offsetof(Parse,nVar) so the nVar field must be the first field
+  ** in the recursive region.
+  ************************************************************************/
+
+  int nVar;                 /* Number of '?' variables seen in the SQL so far */
+  int nzVar;                /* Number of available slots in azVar[] */
+  u8 iPkSortOrder;          /* ASC or DESC for INTEGER PRIMARY KEY */
+  u8 explain;               /* True if the EXPLAIN flag is found on the query */
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  u8 declareVtab;           /* True if inside sqlite3_declare_vtab() */
+  int nVtabLock;            /* Number of virtual tables to lock */
+#endif
+  int nAlias;               /* Number of aliased result set columns */
+  int nHeight;              /* Expression tree height of current sub-select */
+#ifndef SQLITE_OMIT_EXPLAIN
+  int iSelectId;            /* ID of current select for EXPLAIN output */
+  int iNextSelectId;        /* Next available select ID for EXPLAIN output */
+#endif
+  char **azVar;             /* Pointers to names of parameters */
+  Vdbe *pReprepare;         /* VM being reprepared (sqlite3Reprepare()) */
+  const char *zTail;        /* All SQL text past the last semicolon parsed */
+  Table *pNewTable;         /* A table being constructed by CREATE TABLE */
+  Trigger *pNewTrigger;     /* Trigger under construct by a CREATE TRIGGER */
+  const char *zAuthContext; /* The 6th parameter to db->xAuth callbacks */
+  Token sNameToken;         /* Token with unqualified schema object name */
+  Token sLastToken;         /* The last token parsed */
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  Token sArg;               /* Complete text of a module argument */
+  Table **apVtabLock;       /* Pointer to virtual tables needing locking */
+#endif
+  Table *pZombieTab;        /* List of Table objects to delete after code gen */
+  TriggerPrg *pTriggerPrg;  /* Linked list of coded triggers */
+  With *pWith;              /* Current WITH clause, or NULL */
+  With *pWithToFree;        /* Free this WITH object at the end of the parse */
+};
+
+/*
+** Return true if currently inside an sqlite3_declare_vtab() call.
+*/
+#ifdef SQLITE_OMIT_VIRTUALTABLE
+  #define IN_DECLARE_VTAB 0
+#else
+  #define IN_DECLARE_VTAB (pParse->declareVtab)
+#endif
+
+/*
+** An instance of the following structure can be declared on a stack and used
+** to save the Parse.zAuthContext value so that it can be restored later.
+*/
+struct AuthContext {
+  const char *zAuthContext;   /* Put saved Parse.zAuthContext here */
+  Parse *pParse;              /* The Parse structure */
+};
+
+/*
+** Bitfield flags for P5 value in various opcodes.
+*/
+#define OPFLAG_NCHANGE       0x01    /* Set to update db->nChange */
+#define OPFLAG_EPHEM         0x01    /* OP_Column: Ephemeral output is ok */
+#define OPFLAG_LASTROWID     0x02    /* Set to update db->lastRowid */
+#define OPFLAG_ISUPDATE      0x04    /* This OP_Insert is an sql UPDATE */
+#define OPFLAG_APPEND        0x08    /* This is likely to be an append */
+#define OPFLAG_USESEEKRESULT 0x10    /* Try to avoid a seek in BtreeInsert() */
+#define OPFLAG_LENGTHARG     0x40    /* OP_Column only used for length() */
+#define OPFLAG_TYPEOFARG     0x80    /* OP_Column only used for typeof() */
+#define OPFLAG_BULKCSR       0x01    /* OP_Open** used to open bulk cursor */
+#define OPFLAG_SEEKEQ        0x02    /* OP_Open** cursor uses EQ seek only */
+#define OPFLAG_FORDELETE     0x08    /* OP_Open is opening for-delete csr */
+#define OPFLAG_P2ISREG       0x10    /* P2 to OP_Open** is a register number */
+#define OPFLAG_PERMUTE       0x01    /* OP_Compare: use the permutation */
+
+/*
+ * Each trigger present in the database schema is stored as an instance of
+ * struct Trigger. 
+ *
+ * Pointers to instances of struct Trigger are stored in two ways.
+ * 1. In the "trigHash" hash table (part of the sqlite3* that represents the 
+ *    database). This allows Trigger structures to be retrieved by name.
+ * 2. All triggers associated with a single table form a linked list, using the
+ *    pNext member of struct Trigger. A pointer to the first element of the
+ *    linked list is stored as the "pTrigger" member of the associated
+ *    struct Table.
+ *
+ * The "step_list" member points to the first element of a linked list
+ * containing the SQL statements specified as the trigger program.
+ */
+struct Trigger {
+  char *zName;            /* The name of the trigger                        */
+  char *table;            /* The table or view to which the trigger applies */
+  u8 op;                  /* One of TK_DELETE, TK_UPDATE, TK_INSERT         */
+  u8 tr_tm;               /* One of TRIGGER_BEFORE, TRIGGER_AFTER */
+  Expr *pWhen;            /* The WHEN clause of the expression (may be NULL) */
+  IdList *pColumns;       /* If this is an UPDATE OF <column-list> trigger,
+                             the <column-list> is stored here */
+  Schema *pSchema;        /* Schema containing the trigger */
+  Schema *pTabSchema;     /* Schema containing the table */
+  TriggerStep *step_list; /* Link list of trigger program steps             */
+  Trigger *pNext;         /* Next trigger associated with the table */
+};
+
+/*
+** A trigger is either a BEFORE or an AFTER trigger.  The following constants
+** determine which. 
+**
+** If there are multiple triggers, you might of some BEFORE and some AFTER.
+** In that cases, the constants below can be ORed together.
+*/
+#define TRIGGER_BEFORE  1
+#define TRIGGER_AFTER   2
+
+/*
+ * An instance of struct TriggerStep is used to store a single SQL statement
+ * that is a part of a trigger-program. 
+ *
+ * Instances of struct TriggerStep are stored in a singly linked list (linked
+ * using the "pNext" member) referenced by the "step_list" member of the 
+ * associated struct Trigger instance. The first element of the linked list is
+ * the first step of the trigger-program.
+ * 
+ * The "op" member indicates whether this is a "DELETE", "INSERT", "UPDATE" or
+ * "SELECT" statement. The meanings of the other members is determined by the 
+ * value of "op" as follows:
+ *
+ * (op == TK_INSERT)
+ * orconf    -> stores the ON CONFLICT algorithm
+ * pSelect   -> If this is an INSERT INTO ... SELECT ... statement, then
+ *              this stores a pointer to the SELECT statement. Otherwise NULL.
+ * zTarget   -> Dequoted name of the table to insert into.
+ * pExprList -> If this is an INSERT INTO ... VALUES ... statement, then
+ *              this stores values to be inserted. Otherwise NULL.
+ * pIdList   -> If this is an INSERT INTO ... (<column-names>) VALUES ... 
+ *              statement, then this stores the column-names to be
+ *              inserted into.
+ *
+ * (op == TK_DELETE)
+ * zTarget   -> Dequoted name of the table to delete from.
+ * pWhere    -> The WHERE clause of the DELETE statement if one is specified.
+ *              Otherwise NULL.
+ * 
+ * (op == TK_UPDATE)
+ * zTarget   -> Dequoted name of the table to update.
+ * pWhere    -> The WHERE clause of the UPDATE statement if one is specified.
+ *              Otherwise NULL.
+ * pExprList -> A list of the columns to update and the expressions to update
+ *              them to. See sqlite3Update() documentation of "pChanges"
+ *              argument.
+ * 
+ */
+struct TriggerStep {
+  u8 op;               /* One of TK_DELETE, TK_UPDATE, TK_INSERT, TK_SELECT */
+  u8 orconf;           /* OE_Rollback etc. */
+  Trigger *pTrig;      /* The trigger that this step is a part of */
+  Select *pSelect;     /* SELECT statement or RHS of INSERT INTO SELECT ... */
+  char *zTarget;       /* Target table for DELETE, UPDATE, INSERT */
+  Expr *pWhere;        /* The WHERE clause for DELETE or UPDATE steps */
+  ExprList *pExprList; /* SET clause for UPDATE. */
+  IdList *pIdList;     /* Column names for INSERT */
+  TriggerStep *pNext;  /* Next in the link-list */
+  TriggerStep *pLast;  /* Last element in link-list. Valid for 1st elem only */
+};
+
+/*
+** The following structure contains information used by the sqliteFix...
+** routines as they walk the parse tree to make database references
+** explicit.  
+*/
+typedef struct DbFixer DbFixer;
+struct DbFixer {
+  Parse *pParse;      /* The parsing context.  Error messages written here */
+  Schema *pSchema;    /* Fix items to this schema */
+  int bVarOnly;       /* Check for variable references only */
+  const char *zDb;    /* Make sure all objects are contained in this database */
+  const char *zType;  /* Type of the container - used for error messages */
+  const Token *pName; /* Name of the container - used for error messages */
+};
+
+/*
+** An objected used to accumulate the text of a string where we
+** do not necessarily know how big the string will be in the end.
+*/
+struct StrAccum {
+  sqlite3 *db;         /* Optional database for lookaside.  Can be NULL */
+  char *zBase;         /* A base allocation.  Not from malloc. */
+  char *zText;         /* The string collected so far */
+  u32  nChar;          /* Length of the string so far */
+  u32  nAlloc;         /* Amount of space allocated in zText */
+  u32  mxAlloc;        /* Maximum allowed allocation.  0 for no malloc usage */
+  u8   accError;       /* STRACCUM_NOMEM or STRACCUM_TOOBIG */
+  u8   bMalloced;      /* zText points to allocated space */
+};
+#define STRACCUM_NOMEM   1
+#define STRACCUM_TOOBIG  2
+
+/*
+** A pointer to this structure is used to communicate information
+** from sqlite3Init and OP_ParseSchema into the sqlite3InitCallback.
+*/
+typedef struct {
+  sqlite3 *db;        /* The database being initialized */
+  char **pzErrMsg;    /* Error message stored here */
+  int iDb;            /* 0 for main database.  1 for TEMP, 2.. for ATTACHed */
+  int rc;             /* Result code stored here */
+} InitData;
+
+/*
+** Structure containing global configuration data for the SQLite library.
+**
+** This structure also contains some state information.
+*/
+struct Sqlite3Config {
+  int bMemstat;                     /* True to enable memory status */
+  int bCoreMutex;                   /* True to enable core mutexing */
+  int bFullMutex;                   /* True to enable full mutexing */
+  int bOpenUri;                     /* True to interpret filenames as URIs */
+  int bUseCis;                      /* Use covering indices for full-scans */
+  int mxStrlen;                     /* Maximum string length */
+  int neverCorrupt;                 /* Database is always well-formed */
+  int szLookaside;                  /* Default lookaside buffer size */
+  int nLookaside;                   /* Default lookaside buffer count */
+  sqlite3_mem_methods m;            /* Low-level memory allocation interface */
+  sqlite3_mutex_methods mutex;      /* Low-level mutex interface */
+  sqlite3_pcache_methods2 pcache2;  /* Low-level page-cache interface */
+  void *pHeap;                      /* Heap storage space */
+  int nHeap;                        /* Size of pHeap[] */
+  int mnReq, mxReq;                 /* Min and max heap requests sizes */
+  sqlite3_int64 szMmap;             /* mmap() space per open file */
+  sqlite3_int64 mxMmap;             /* Maximum value for szMmap */
+  void *pScratch;                   /* Scratch memory */
+  int szScratch;                    /* Size of each scratch buffer */
+  int nScratch;                     /* Number of scratch buffers */
+  void *pPage;                      /* Page cache memory */
+  int szPage;                       /* Size of each page in pPage[] */
+  int nPage;                        /* Number of pages in pPage[] */
+  int mxParserStack;                /* maximum depth of the parser stack */
+  int sharedCacheEnabled;           /* true if shared-cache mode enabled */
+  u32 szPma;                        /* Maximum Sorter PMA size */
+  /* The above might be initialized to non-zero.  The following need to always
+  ** initially be zero, however. */
+  int isInit;                       /* True after initialization has finished */
+  int inProgress;                   /* True while initialization in progress */
+  int isMutexInit;                  /* True after mutexes are initialized */
+  int isMallocInit;                 /* True after malloc is initialized */
+  int isPCacheInit;                 /* True after malloc is initialized */
+  int nRefInitMutex;                /* Number of users of pInitMutex */
+  sqlite3_mutex *pInitMutex;        /* Mutex used by sqlite3_initialize() */
+  void (*xLog)(void*,int,const char*); /* Function for logging */
+  void *pLogArg;                       /* First argument to xLog() */
+#ifdef SQLITE_ENABLE_SQLLOG
+  void(*xSqllog)(void*,sqlite3*,const char*, int);
+  void *pSqllogArg;
+#endif
+#ifdef SQLITE_VDBE_COVERAGE
+  /* The following callback (if not NULL) is invoked on every VDBE branch
+  ** operation.  Set the callback using SQLITE_TESTCTRL_VDBE_COVERAGE.
+  */
+  void (*xVdbeBranch)(void*,int iSrcLine,u8 eThis,u8 eMx);  /* Callback */
+  void *pVdbeBranchArg;                                     /* 1st argument */
+#endif
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+  int (*xTestCallback)(int);        /* Invoked by sqlite3FaultSim() */
+#endif
+  int bLocaltimeFault;              /* True to fail localtime() calls */
+};
+
+/*
+** This macro is used inside of assert() statements to indicate that
+** the assert is only valid on a well-formed database.  Instead of:
+**
+**     assert( X );
+**
+** One writes:
+**
+**     assert( X || CORRUPT_DB );
+**
+** CORRUPT_DB is true during normal operation.  CORRUPT_DB does not indicate
+** that the database is definitely corrupt, only that it might be corrupt.
+** For most test cases, CORRUPT_DB is set to false using a special
+** sqlite3_test_control().  This enables assert() statements to prove
+** things that are always true for well-formed databases.
+*/
+#define CORRUPT_DB  (sqlite3Config.neverCorrupt==0)
+
+/*
+** Context pointer passed down through the tree-walk.
+*/
+struct Walker {
+  int (*xExprCallback)(Walker*, Expr*);     /* Callback for expressions */
+  int (*xSelectCallback)(Walker*,Select*);  /* Callback for SELECTs */
+  void (*xSelectCallback2)(Walker*,Select*);/* Second callback for SELECTs */
+  Parse *pParse;                            /* Parser context.  */
+  int walkerDepth;                          /* Number of subqueries */
+  u8 eCode;                                 /* A small processing code */
+  union {                                   /* Extra data for callback */
+    NameContext *pNC;                          /* Naming context */
+    int n;                                     /* A counter */
+    int iCur;                                  /* A cursor number */
+    SrcList *pSrcList;                         /* FROM clause */
+    struct SrcCount *pSrcCount;                /* Counting column references */
+    struct CCurHint *pCCurHint;                /* Used by codeCursorHint() */
+  } u;
+};
+
+/* Forward declarations */
+SQLITE_PRIVATE int sqlite3WalkExpr(Walker*, Expr*);
+SQLITE_PRIVATE int sqlite3WalkExprList(Walker*, ExprList*);
+SQLITE_PRIVATE int sqlite3WalkSelect(Walker*, Select*);
+SQLITE_PRIVATE int sqlite3WalkSelectExpr(Walker*, Select*);
+SQLITE_PRIVATE int sqlite3WalkSelectFrom(Walker*, Select*);
+SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker*, Expr*);
+
+/*
+** Return code from the parse-tree walking primitives and their
+** callbacks.
+*/
+#define WRC_Continue    0   /* Continue down into children */
+#define WRC_Prune       1   /* Omit children but continue walking siblings */
+#define WRC_Abort       2   /* Abandon the tree walk */
+
+/*
+** An instance of this structure represents a set of one or more CTEs
+** (common table expressions) created by a single WITH clause.
+*/
+struct With {
+  int nCte;                       /* Number of CTEs in the WITH clause */
+  With *pOuter;                   /* Containing WITH clause, or NULL */
+  struct Cte {                    /* For each CTE in the WITH clause.... */
+    char *zName;                    /* Name of this CTE */
+    ExprList *pCols;                /* List of explicit column names, or NULL */
+    Select *pSelect;                /* The definition of this CTE */
+    const char *zCteErr;            /* Error message for circular references */
+  } a[1];
+};
+
+#ifdef SQLITE_DEBUG
+/*
+** An instance of the TreeView object is used for printing the content of
+** data structures on sqlite3DebugPrintf() using a tree-like view.
+*/
+struct TreeView {
+  int iLevel;             /* Which level of the tree we are on */
+  u8  bLine[100];         /* Draw vertical in column i if bLine[i] is true */
+};
+#endif /* SQLITE_DEBUG */
+
+/*
+** Assuming zIn points to the first byte of a UTF-8 character,
+** advance zIn to point to the first byte of the next UTF-8 character.
+*/
+#define SQLITE_SKIP_UTF8(zIn) {                        \
+  if( (*(zIn++))>=0xc0 ){                              \
+    while( (*zIn & 0xc0)==0x80 ){ zIn++; }             \
+  }                                                    \
+}
+
+/*
+** The SQLITE_*_BKPT macros are substitutes for the error codes with
+** the same name but without the _BKPT suffix.  These macros invoke
+** routines that report the line-number on which the error originated
+** using sqlite3_log().  The routines also provide a convenient place
+** to set a debugger breakpoint.
+*/
+SQLITE_PRIVATE int sqlite3CorruptError(int);
+SQLITE_PRIVATE int sqlite3MisuseError(int);
+SQLITE_PRIVATE int sqlite3CantopenError(int);
+#define SQLITE_CORRUPT_BKPT sqlite3CorruptError(__LINE__)
+#define SQLITE_MISUSE_BKPT sqlite3MisuseError(__LINE__)
+#define SQLITE_CANTOPEN_BKPT sqlite3CantopenError(__LINE__)
+
+
+/*
+** FTS4 is really an extension for FTS3.  It is enabled using the
+** SQLITE_ENABLE_FTS3 macro.  But to avoid confusion we also call
+** the SQLITE_ENABLE_FTS4 macro to serve as an alias for SQLITE_ENABLE_FTS3.
+*/
+#if defined(SQLITE_ENABLE_FTS4) && !defined(SQLITE_ENABLE_FTS3)
+# define SQLITE_ENABLE_FTS3 1
+#endif
+
+/*
+** The ctype.h header is needed for non-ASCII systems.  It is also
+** needed by FTS3 when FTS3 is included in the amalgamation.
+*/
+#if !defined(SQLITE_ASCII) || \
+    (defined(SQLITE_ENABLE_FTS3) && defined(SQLITE_AMALGAMATION))
+# include <ctype.h>
+#endif
+
+/*
+** The following macros mimic the standard library functions toupper(),
+** isspace(), isalnum(), isdigit() and isxdigit(), respectively. The
+** sqlite versions only work for ASCII characters, regardless of locale.
+*/
+#ifdef SQLITE_ASCII
+# define sqlite3Toupper(x)  ((x)&~(sqlite3CtypeMap[(unsigned char)(x)]&0x20))
+# define sqlite3Isspace(x)   (sqlite3CtypeMap[(unsigned char)(x)]&0x01)
+# define sqlite3Isalnum(x)   (sqlite3CtypeMap[(unsigned char)(x)]&0x06)
+# define sqlite3Isalpha(x)   (sqlite3CtypeMap[(unsigned char)(x)]&0x02)
+# define sqlite3Isdigit(x)   (sqlite3CtypeMap[(unsigned char)(x)]&0x04)
+# define sqlite3Isxdigit(x)  (sqlite3CtypeMap[(unsigned char)(x)]&0x08)
+# define sqlite3Tolower(x)   (sqlite3UpperToLower[(unsigned char)(x)])
+#else
+# define sqlite3Toupper(x)   toupper((unsigned char)(x))
+# define sqlite3Isspace(x)   isspace((unsigned char)(x))
+# define sqlite3Isalnum(x)   isalnum((unsigned char)(x))
+# define sqlite3Isalpha(x)   isalpha((unsigned char)(x))
+# define sqlite3Isdigit(x)   isdigit((unsigned char)(x))
+# define sqlite3Isxdigit(x)  isxdigit((unsigned char)(x))
+# define sqlite3Tolower(x)   tolower((unsigned char)(x))
+#endif
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+SQLITE_PRIVATE int sqlite3IsIdChar(u8);
+#endif
+
+/*
+** Internal function prototypes
+*/
+#define sqlite3StrICmp sqlite3_stricmp
+SQLITE_PRIVATE int sqlite3Strlen30(const char*);
+#define sqlite3StrNICmp sqlite3_strnicmp
+
+SQLITE_PRIVATE int sqlite3MallocInit(void);
+SQLITE_PRIVATE void sqlite3MallocEnd(void);
+SQLITE_PRIVATE void *sqlite3Malloc(u64);
+SQLITE_PRIVATE void *sqlite3MallocZero(u64);
+SQLITE_PRIVATE void *sqlite3DbMallocZero(sqlite3*, u64);
+SQLITE_PRIVATE void *sqlite3DbMallocRaw(sqlite3*, u64);
+SQLITE_PRIVATE char *sqlite3DbStrDup(sqlite3*,const char*);
+SQLITE_PRIVATE char *sqlite3DbStrNDup(sqlite3*,const char*, u64);
+SQLITE_PRIVATE void *sqlite3Realloc(void*, u64);
+SQLITE_PRIVATE void *sqlite3DbReallocOrFree(sqlite3 *, void *, u64);
+SQLITE_PRIVATE void *sqlite3DbRealloc(sqlite3 *, void *, u64);
+SQLITE_PRIVATE void sqlite3DbFree(sqlite3*, void*);
+SQLITE_PRIVATE int sqlite3MallocSize(void*);
+SQLITE_PRIVATE int sqlite3DbMallocSize(sqlite3*, void*);
+SQLITE_PRIVATE void *sqlite3ScratchMalloc(int);
+SQLITE_PRIVATE void sqlite3ScratchFree(void*);
+SQLITE_PRIVATE void *sqlite3PageMalloc(int);
+SQLITE_PRIVATE void sqlite3PageFree(void*);
+SQLITE_PRIVATE void sqlite3MemSetDefault(void);
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+SQLITE_PRIVATE void sqlite3BenignMallocHooks(void (*)(void), void (*)(void));
+#endif
+SQLITE_PRIVATE int sqlite3HeapNearlyFull(void);
+
+/*
+** On systems with ample stack space and that support alloca(), make
+** use of alloca() to obtain space for large automatic objects.  By default,
+** obtain space from malloc().
+**
+** The alloca() routine never returns NULL.  This will cause code paths
+** that deal with sqlite3StackAlloc() failures to be unreachable.
+*/
+#ifdef SQLITE_USE_ALLOCA
+# define sqlite3StackAllocRaw(D,N)   alloca(N)
+# define sqlite3StackAllocZero(D,N)  memset(alloca(N), 0, N)
+# define sqlite3StackFree(D,P)       
+#else
+# define sqlite3StackAllocRaw(D,N)   sqlite3DbMallocRaw(D,N)
+# define sqlite3StackAllocZero(D,N)  sqlite3DbMallocZero(D,N)
+# define sqlite3StackFree(D,P)       sqlite3DbFree(D,P)
+#endif
+
+#ifdef SQLITE_ENABLE_MEMSYS3
+SQLITE_PRIVATE const sqlite3_mem_methods *sqlite3MemGetMemsys3(void);
+#endif
+#ifdef SQLITE_ENABLE_MEMSYS5
+SQLITE_PRIVATE const sqlite3_mem_methods *sqlite3MemGetMemsys5(void);
+#endif
+
+
+#ifndef SQLITE_MUTEX_OMIT
+SQLITE_PRIVATE   sqlite3_mutex_methods const *sqlite3DefaultMutex(void);
+SQLITE_PRIVATE   sqlite3_mutex_methods const *sqlite3NoopMutex(void);
+SQLITE_PRIVATE   sqlite3_mutex *sqlite3MutexAlloc(int);
+SQLITE_PRIVATE   int sqlite3MutexInit(void);
+SQLITE_PRIVATE   int sqlite3MutexEnd(void);
+#endif
+#if !defined(SQLITE_MUTEX_OMIT) && !defined(SQLITE_MUTEX_NOOP)
+SQLITE_PRIVATE   void sqlite3MemoryBarrier(void);
+#else
+# define sqlite3MemoryBarrier()
+#endif
+
+SQLITE_PRIVATE sqlite3_int64 sqlite3StatusValue(int);
+SQLITE_PRIVATE void sqlite3StatusUp(int, int);
+SQLITE_PRIVATE void sqlite3StatusDown(int, int);
+SQLITE_PRIVATE void sqlite3StatusHighwater(int, int);
+
+/* Access to mutexes used by sqlite3_status() */
+SQLITE_PRIVATE sqlite3_mutex *sqlite3Pcache1Mutex(void);
+SQLITE_PRIVATE sqlite3_mutex *sqlite3MallocMutex(void);
+
+#ifndef SQLITE_OMIT_FLOATING_POINT
+SQLITE_PRIVATE   int sqlite3IsNaN(double);
+#else
+# define sqlite3IsNaN(X)  0
+#endif
+
+/*
+** An instance of the following structure holds information about SQL
+** functions arguments that are the parameters to the printf() function.
+*/
+struct PrintfArguments {
+  int nArg;                /* Total number of arguments */
+  int nUsed;               /* Number of arguments used so far */
+  sqlite3_value **apArg;   /* The argument values */
+};
+
+#define SQLITE_PRINTF_INTERNAL 0x01
+#define SQLITE_PRINTF_SQLFUNC  0x02
+SQLITE_PRIVATE void sqlite3VXPrintf(StrAccum*, u32, const char*, va_list);
+SQLITE_PRIVATE void sqlite3XPrintf(StrAccum*, u32, const char*, ...);
+SQLITE_PRIVATE char *sqlite3MPrintf(sqlite3*,const char*, ...);
+SQLITE_PRIVATE char *sqlite3VMPrintf(sqlite3*,const char*, va_list);
+#if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
+SQLITE_PRIVATE   void sqlite3DebugPrintf(const char*, ...);
+#endif
+#if defined(SQLITE_TEST)
+SQLITE_PRIVATE   void *sqlite3TestTextToPtr(const char*);
+#endif
+
+#if defined(SQLITE_DEBUG)
+SQLITE_PRIVATE   void sqlite3TreeViewExpr(TreeView*, const Expr*, u8);
+SQLITE_PRIVATE   void sqlite3TreeViewExprList(TreeView*, const ExprList*, u8, const char*);
+SQLITE_PRIVATE   void sqlite3TreeViewSelect(TreeView*, const Select*, u8);
+SQLITE_PRIVATE   void sqlite3TreeViewWith(TreeView*, const With*, u8);
+#endif
+
+
+SQLITE_PRIVATE void sqlite3SetString(char **, sqlite3*, const char*);
+SQLITE_PRIVATE void sqlite3ErrorMsg(Parse*, const char*, ...);
+SQLITE_PRIVATE int sqlite3Dequote(char*);
+SQLITE_PRIVATE int sqlite3KeywordCode(const unsigned char*, int);
+SQLITE_PRIVATE int sqlite3RunParser(Parse*, const char*, char **);
+SQLITE_PRIVATE void sqlite3FinishCoding(Parse*);
+SQLITE_PRIVATE int sqlite3GetTempReg(Parse*);
+SQLITE_PRIVATE void sqlite3ReleaseTempReg(Parse*,int);
+SQLITE_PRIVATE int sqlite3GetTempRange(Parse*,int);
+SQLITE_PRIVATE void sqlite3ReleaseTempRange(Parse*,int,int);
+SQLITE_PRIVATE void sqlite3ClearTempRegCache(Parse*);
+SQLITE_PRIVATE Expr *sqlite3ExprAlloc(sqlite3*,int,const Token*,int);
+SQLITE_PRIVATE Expr *sqlite3Expr(sqlite3*,int,const char*);
+SQLITE_PRIVATE void sqlite3ExprAttachSubtrees(sqlite3*,Expr*,Expr*,Expr*);
+SQLITE_PRIVATE Expr *sqlite3PExpr(Parse*, int, Expr*, Expr*, const Token*);
+SQLITE_PRIVATE Expr *sqlite3ExprAnd(sqlite3*,Expr*, Expr*);
+SQLITE_PRIVATE Expr *sqlite3ExprFunction(Parse*,ExprList*, Token*);
+SQLITE_PRIVATE void sqlite3ExprAssignVarNumber(Parse*, Expr*);
+SQLITE_PRIVATE void sqlite3ExprDelete(sqlite3*, Expr*);
+SQLITE_PRIVATE ExprList *sqlite3ExprListAppend(Parse*,ExprList*,Expr*);
+SQLITE_PRIVATE void sqlite3ExprListSetSortOrder(ExprList*,int);
+SQLITE_PRIVATE void sqlite3ExprListSetName(Parse*,ExprList*,Token*,int);
+SQLITE_PRIVATE void sqlite3ExprListSetSpan(Parse*,ExprList*,ExprSpan*);
+SQLITE_PRIVATE void sqlite3ExprListDelete(sqlite3*, ExprList*);
+SQLITE_PRIVATE u32 sqlite3ExprListFlags(const ExprList*);
+SQLITE_PRIVATE int sqlite3Init(sqlite3*, char**);
+SQLITE_PRIVATE int sqlite3InitCallback(void*, int, char**, char**);
+SQLITE_PRIVATE void sqlite3Pragma(Parse*,Token*,Token*,Token*,int);
+SQLITE_PRIVATE void sqlite3ResetAllSchemasOfConnection(sqlite3*);
+SQLITE_PRIVATE void sqlite3ResetOneSchema(sqlite3*,int);
+SQLITE_PRIVATE void sqlite3CollapseDatabaseArray(sqlite3*);
+SQLITE_PRIVATE void sqlite3BeginParse(Parse*,int);
+SQLITE_PRIVATE void sqlite3CommitInternalChanges(sqlite3*);
+SQLITE_PRIVATE void sqlite3DeleteColumnNames(sqlite3*,Table*);
+SQLITE_PRIVATE int sqlite3ColumnsFromExprList(Parse*,ExprList*,i16*,Column**);
+SQLITE_PRIVATE Table *sqlite3ResultSetOfSelect(Parse*,Select*);
+SQLITE_PRIVATE void sqlite3OpenMasterTable(Parse *, int);
+SQLITE_PRIVATE Index *sqlite3PrimaryKeyIndex(Table*);
+SQLITE_PRIVATE i16 sqlite3ColumnOfIndex(Index*, i16);
+SQLITE_PRIVATE void sqlite3StartTable(Parse*,Token*,Token*,int,int,int,int);
+#if SQLITE_ENABLE_HIDDEN_COLUMNS
+SQLITE_PRIVATE   void sqlite3ColumnPropertiesFromName(Table*, Column*);
+#else
+# define sqlite3ColumnPropertiesFromName(T,C) /* no-op */
+#endif
+SQLITE_PRIVATE void sqlite3AddColumn(Parse*,Token*);
+SQLITE_PRIVATE void sqlite3AddNotNull(Parse*, int);
+SQLITE_PRIVATE void sqlite3AddPrimaryKey(Parse*, ExprList*, int, int, int);
+SQLITE_PRIVATE void sqlite3AddCheckConstraint(Parse*, Expr*);
+SQLITE_PRIVATE void sqlite3AddColumnType(Parse*,Token*);
+SQLITE_PRIVATE void sqlite3AddDefaultValue(Parse*,ExprSpan*);
+SQLITE_PRIVATE void sqlite3AddCollateType(Parse*, Token*);
+SQLITE_PRIVATE void sqlite3EndTable(Parse*,Token*,Token*,u8,Select*);
+SQLITE_PRIVATE int sqlite3ParseUri(const char*,const char*,unsigned int*,
+                    sqlite3_vfs**,char**,char **);
+SQLITE_PRIVATE Btree *sqlite3DbNameToBtree(sqlite3*,const char*);
+SQLITE_PRIVATE int sqlite3CodeOnce(Parse *);
+
+#ifdef SQLITE_OMIT_BUILTIN_TEST
+# define sqlite3FaultSim(X) SQLITE_OK
+#else
+SQLITE_PRIVATE   int sqlite3FaultSim(int);
+#endif
+
+SQLITE_PRIVATE Bitvec *sqlite3BitvecCreate(u32);
+SQLITE_PRIVATE int sqlite3BitvecTest(Bitvec*, u32);
+SQLITE_PRIVATE int sqlite3BitvecTestNotNull(Bitvec*, u32);
+SQLITE_PRIVATE int sqlite3BitvecSet(Bitvec*, u32);
+SQLITE_PRIVATE void sqlite3BitvecClear(Bitvec*, u32, void*);
+SQLITE_PRIVATE void sqlite3BitvecDestroy(Bitvec*);
+SQLITE_PRIVATE u32 sqlite3BitvecSize(Bitvec*);
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+SQLITE_PRIVATE int sqlite3BitvecBuiltinTest(int,int*);
+#endif
+
+SQLITE_PRIVATE RowSet *sqlite3RowSetInit(sqlite3*, void*, unsigned int);
+SQLITE_PRIVATE void sqlite3RowSetClear(RowSet*);
+SQLITE_PRIVATE void sqlite3RowSetInsert(RowSet*, i64);
+SQLITE_PRIVATE int sqlite3RowSetTest(RowSet*, int iBatch, i64);
+SQLITE_PRIVATE int sqlite3RowSetNext(RowSet*, i64*);
+
+SQLITE_PRIVATE void sqlite3CreateView(Parse*,Token*,Token*,Token*,ExprList*,Select*,int,int);
+
+#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_VIRTUALTABLE)
+SQLITE_PRIVATE   int sqlite3ViewGetColumnNames(Parse*,Table*);
+#else
+# define sqlite3ViewGetColumnNames(A,B) 0
+#endif
+
+#if SQLITE_MAX_ATTACHED>30
+SQLITE_PRIVATE   int sqlite3DbMaskAllZero(yDbMask);
+#endif
+SQLITE_PRIVATE void sqlite3DropTable(Parse*, SrcList*, int, int);
+SQLITE_PRIVATE void sqlite3CodeDropTable(Parse*, Table*, int, int);
+SQLITE_PRIVATE void sqlite3DeleteTable(sqlite3*, Table*);
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+SQLITE_PRIVATE   void sqlite3AutoincrementBegin(Parse *pParse);
+SQLITE_PRIVATE   void sqlite3AutoincrementEnd(Parse *pParse);
+#else
+# define sqlite3AutoincrementBegin(X)
+# define sqlite3AutoincrementEnd(X)
+#endif
+SQLITE_PRIVATE void sqlite3Insert(Parse*, SrcList*, Select*, IdList*, int);
+SQLITE_PRIVATE void *sqlite3ArrayAllocate(sqlite3*,void*,int,int*,int*);
+SQLITE_PRIVATE IdList *sqlite3IdListAppend(sqlite3*, IdList*, Token*);
+SQLITE_PRIVATE int sqlite3IdListIndex(IdList*,const char*);
+SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(sqlite3*, SrcList*, int, int);
+SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(sqlite3*, SrcList*, Token*, Token*);
+SQLITE_PRIVATE SrcList *sqlite3SrcListAppendFromTerm(Parse*, SrcList*, Token*, Token*,
+                                      Token*, Select*, Expr*, IdList*);
+SQLITE_PRIVATE void sqlite3SrcListIndexedBy(Parse *, SrcList *, Token *);
+SQLITE_PRIVATE void sqlite3SrcListFuncArgs(Parse*, SrcList*, ExprList*);
+SQLITE_PRIVATE int sqlite3IndexedByLookup(Parse *, struct SrcList_item *);
+SQLITE_PRIVATE void sqlite3SrcListShiftJoinType(SrcList*);
+SQLITE_PRIVATE void sqlite3SrcListAssignCursors(Parse*, SrcList*);
+SQLITE_PRIVATE void sqlite3IdListDelete(sqlite3*, IdList*);
+SQLITE_PRIVATE void sqlite3SrcListDelete(sqlite3*, SrcList*);
+SQLITE_PRIVATE Index *sqlite3AllocateIndexObject(sqlite3*,i16,int,char**);
+SQLITE_PRIVATE Index *sqlite3CreateIndex(Parse*,Token*,Token*,SrcList*,ExprList*,int,Token*,
+                          Expr*, int, int);
+SQLITE_PRIVATE void sqlite3DropIndex(Parse*, SrcList*, int);
+SQLITE_PRIVATE int sqlite3Select(Parse*, Select*, SelectDest*);
+SQLITE_PRIVATE Select *sqlite3SelectNew(Parse*,ExprList*,SrcList*,Expr*,ExprList*,
+                         Expr*,ExprList*,u16,Expr*,Expr*);
+SQLITE_PRIVATE void sqlite3SelectDelete(sqlite3*, Select*);
+SQLITE_PRIVATE Table *sqlite3SrcListLookup(Parse*, SrcList*);
+SQLITE_PRIVATE int sqlite3IsReadOnly(Parse*, Table*, int);
+SQLITE_PRIVATE void sqlite3OpenTable(Parse*, int iCur, int iDb, Table*, int);
+#if defined(SQLITE_ENABLE_UPDATE_DELETE_LIMIT) && !defined(SQLITE_OMIT_SUBQUERY)
+SQLITE_PRIVATE Expr *sqlite3LimitWhere(Parse*,SrcList*,Expr*,ExprList*,Expr*,Expr*,char*);
+#endif
+SQLITE_PRIVATE void sqlite3DeleteFrom(Parse*, SrcList*, Expr*);
+SQLITE_PRIVATE void sqlite3Update(Parse*, SrcList*, ExprList*, Expr*, int);
+SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(Parse*,SrcList*,Expr*,ExprList*,ExprList*,u16,int);
+SQLITE_PRIVATE void sqlite3WhereEnd(WhereInfo*);
+SQLITE_PRIVATE u64 sqlite3WhereOutputRowCount(WhereInfo*);
+SQLITE_PRIVATE int sqlite3WhereIsDistinct(WhereInfo*);
+SQLITE_PRIVATE int sqlite3WhereIsOrdered(WhereInfo*);
+SQLITE_PRIVATE int sqlite3WhereIsSorted(WhereInfo*);
+SQLITE_PRIVATE int sqlite3WhereContinueLabel(WhereInfo*);
+SQLITE_PRIVATE int sqlite3WhereBreakLabel(WhereInfo*);
+SQLITE_PRIVATE int sqlite3WhereOkOnePass(WhereInfo*, int*);
+#define ONEPASS_OFF      0        /* Use of ONEPASS not allowed */
+#define ONEPASS_SINGLE   1        /* ONEPASS valid for a single row update */
+#define ONEPASS_MULTI    2        /* ONEPASS is valid for multiple rows */
+SQLITE_PRIVATE void sqlite3ExprCodeLoadIndexColumn(Parse*, Index*, int, int, int);
+SQLITE_PRIVATE int sqlite3ExprCodeGetColumn(Parse*, Table*, int, int, int, u8);
+SQLITE_PRIVATE void sqlite3ExprCodeGetColumnToReg(Parse*, Table*, int, int, int);
+SQLITE_PRIVATE void sqlite3ExprCodeGetColumnOfTable(Vdbe*, Table*, int, int, int);
+SQLITE_PRIVATE void sqlite3ExprCodeMove(Parse*, int, int, int);
+SQLITE_PRIVATE void sqlite3ExprCacheStore(Parse*, int, int, int);
+SQLITE_PRIVATE void sqlite3ExprCachePush(Parse*);
+SQLITE_PRIVATE void sqlite3ExprCachePop(Parse*);
+SQLITE_PRIVATE void sqlite3ExprCacheRemove(Parse*, int, int);
+SQLITE_PRIVATE void sqlite3ExprCacheClear(Parse*);
+SQLITE_PRIVATE void sqlite3ExprCacheAffinityChange(Parse*, int, int);
+SQLITE_PRIVATE void sqlite3ExprCode(Parse*, Expr*, int);
+SQLITE_PRIVATE void sqlite3ExprCodeCopy(Parse*, Expr*, int);
+SQLITE_PRIVATE void sqlite3ExprCodeFactorable(Parse*, Expr*, int);
+SQLITE_PRIVATE void sqlite3ExprCodeAtInit(Parse*, Expr*, int, u8);
+SQLITE_PRIVATE int sqlite3ExprCodeTemp(Parse*, Expr*, int*);
+SQLITE_PRIVATE int sqlite3ExprCodeTarget(Parse*, Expr*, int);
+SQLITE_PRIVATE void sqlite3ExprCodeAndCache(Parse*, Expr*, int);
+SQLITE_PRIVATE int sqlite3ExprCodeExprList(Parse*, ExprList*, int, int, u8);
+#define SQLITE_ECEL_DUP      0x01  /* Deep, not shallow copies */
+#define SQLITE_ECEL_FACTOR   0x02  /* Factor out constant terms */
+#define SQLITE_ECEL_REF      0x04  /* Use ExprList.u.x.iOrderByCol */
+SQLITE_PRIVATE void sqlite3ExprIfTrue(Parse*, Expr*, int, int);
+SQLITE_PRIVATE void sqlite3ExprIfFalse(Parse*, Expr*, int, int);
+SQLITE_PRIVATE void sqlite3ExprIfFalseDup(Parse*, Expr*, int, int);
+SQLITE_PRIVATE Table *sqlite3FindTable(sqlite3*,const char*, const char*);
+SQLITE_PRIVATE Table *sqlite3LocateTable(Parse*,int isView,const char*, const char*);
+SQLITE_PRIVATE Table *sqlite3LocateTableItem(Parse*,int isView,struct SrcList_item *);
+SQLITE_PRIVATE Index *sqlite3FindIndex(sqlite3*,const char*, const char*);
+SQLITE_PRIVATE void sqlite3UnlinkAndDeleteTable(sqlite3*,int,const char*);
+SQLITE_PRIVATE void sqlite3UnlinkAndDeleteIndex(sqlite3*,int,const char*);
+SQLITE_PRIVATE void sqlite3Vacuum(Parse*);
+SQLITE_PRIVATE int sqlite3RunVacuum(char**, sqlite3*);
+SQLITE_PRIVATE char *sqlite3NameFromToken(sqlite3*, Token*);
+SQLITE_PRIVATE int sqlite3ExprCompare(Expr*, Expr*, int);
+SQLITE_PRIVATE int sqlite3ExprListCompare(ExprList*, ExprList*, int);
+SQLITE_PRIVATE int sqlite3ExprImpliesExpr(Expr*, Expr*, int);
+SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext*, Expr*);
+SQLITE_PRIVATE void sqlite3ExprAnalyzeAggList(NameContext*,ExprList*);
+SQLITE_PRIVATE int sqlite3FunctionUsesThisSrc(Expr*, SrcList*);
+SQLITE_PRIVATE Vdbe *sqlite3GetVdbe(Parse*);
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+SQLITE_PRIVATE void sqlite3PrngSaveState(void);
+SQLITE_PRIVATE void sqlite3PrngRestoreState(void);
+#endif
+SQLITE_PRIVATE void sqlite3RollbackAll(sqlite3*,int);
+SQLITE_PRIVATE void sqlite3CodeVerifySchema(Parse*, int);
+SQLITE_PRIVATE void sqlite3CodeVerifyNamedSchema(Parse*, const char *zDb);
+SQLITE_PRIVATE void sqlite3BeginTransaction(Parse*, int);
+SQLITE_PRIVATE void sqlite3CommitTransaction(Parse*);
+SQLITE_PRIVATE void sqlite3RollbackTransaction(Parse*);
+SQLITE_PRIVATE void sqlite3Savepoint(Parse*, int, Token*);
+SQLITE_PRIVATE void sqlite3CloseSavepoints(sqlite3 *);
+SQLITE_PRIVATE void sqlite3LeaveMutexAndCloseZombie(sqlite3*);
+SQLITE_PRIVATE int sqlite3ExprIsConstant(Expr*);
+SQLITE_PRIVATE int sqlite3ExprIsConstantNotJoin(Expr*);
+SQLITE_PRIVATE int sqlite3ExprIsConstantOrFunction(Expr*, u8);
+SQLITE_PRIVATE int sqlite3ExprIsTableConstant(Expr*,int);
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+SQLITE_PRIVATE int sqlite3ExprContainsSubquery(Expr*);
+#endif
+SQLITE_PRIVATE int sqlite3ExprIsInteger(Expr*, int*);
+SQLITE_PRIVATE int sqlite3ExprCanBeNull(const Expr*);
+SQLITE_PRIVATE int sqlite3ExprNeedsNoAffinityChange(const Expr*, char);
+SQLITE_PRIVATE int sqlite3IsRowid(const char*);
+SQLITE_PRIVATE void sqlite3GenerateRowDelete(
+    Parse*,Table*,Trigger*,int,int,int,i16,u8,u8,u8,int);
+SQLITE_PRIVATE void sqlite3GenerateRowIndexDelete(Parse*, Table*, int, int, int*, int);
+SQLITE_PRIVATE int sqlite3GenerateIndexKey(Parse*, Index*, int, int, int, int*,Index*,int);
+SQLITE_PRIVATE void sqlite3ResolvePartIdxLabel(Parse*,int);
+SQLITE_PRIVATE void sqlite3GenerateConstraintChecks(Parse*,Table*,int*,int,int,int,int,
+                                     u8,u8,int,int*);
+SQLITE_PRIVATE void sqlite3CompleteInsertion(Parse*,Table*,int,int,int,int*,int,int,int);
+SQLITE_PRIVATE int sqlite3OpenTableAndIndices(Parse*, Table*, int, u8, int, u8*, int*, int*);
+SQLITE_PRIVATE void sqlite3BeginWriteOperation(Parse*, int, int);
+SQLITE_PRIVATE void sqlite3MultiWrite(Parse*);
+SQLITE_PRIVATE void sqlite3MayAbort(Parse*);
+SQLITE_PRIVATE void sqlite3HaltConstraint(Parse*, int, int, char*, i8, u8);
+SQLITE_PRIVATE void sqlite3UniqueConstraint(Parse*, int, Index*);
+SQLITE_PRIVATE void sqlite3RowidConstraint(Parse*, int, Table*);
+SQLITE_PRIVATE Expr *sqlite3ExprDup(sqlite3*,Expr*,int);
+SQLITE_PRIVATE ExprList *sqlite3ExprListDup(sqlite3*,ExprList*,int);
+SQLITE_PRIVATE SrcList *sqlite3SrcListDup(sqlite3*,SrcList*,int);
+SQLITE_PRIVATE IdList *sqlite3IdListDup(sqlite3*,IdList*);
+SQLITE_PRIVATE Select *sqlite3SelectDup(sqlite3*,Select*,int);
+#if SELECTTRACE_ENABLED
+SQLITE_PRIVATE void sqlite3SelectSetName(Select*,const char*);
+#else
+# define sqlite3SelectSetName(A,B)
+#endif
+SQLITE_PRIVATE void sqlite3FuncDefInsert(FuncDefHash*, FuncDef*);
+SQLITE_PRIVATE FuncDef *sqlite3FindFunction(sqlite3*,const char*,int,int,u8,u8);
+SQLITE_PRIVATE void sqlite3RegisterBuiltinFunctions(sqlite3*);
+SQLITE_PRIVATE void sqlite3RegisterDateTimeFunctions(void);
+SQLITE_PRIVATE void sqlite3RegisterGlobalFunctions(void);
+SQLITE_PRIVATE int sqlite3SafetyCheckOk(sqlite3*);
+SQLITE_PRIVATE int sqlite3SafetyCheckSickOrOk(sqlite3*);
+SQLITE_PRIVATE void sqlite3ChangeCookie(Parse*, int);
+
+#if !defined(SQLITE_OMIT_VIEW) && !defined(SQLITE_OMIT_TRIGGER)
+SQLITE_PRIVATE void sqlite3MaterializeView(Parse*, Table*, Expr*, int);
+#endif
+
+#ifndef SQLITE_OMIT_TRIGGER
+SQLITE_PRIVATE   void sqlite3BeginTrigger(Parse*, Token*,Token*,int,int,IdList*,SrcList*,
+                           Expr*,int, int);
+SQLITE_PRIVATE   void sqlite3FinishTrigger(Parse*, TriggerStep*, Token*);
+SQLITE_PRIVATE   void sqlite3DropTrigger(Parse*, SrcList*, int);
+SQLITE_PRIVATE   void sqlite3DropTriggerPtr(Parse*, Trigger*);
+SQLITE_PRIVATE   Trigger *sqlite3TriggersExist(Parse *, Table*, int, ExprList*, int *pMask);
+SQLITE_PRIVATE   Trigger *sqlite3TriggerList(Parse *, Table *);
+SQLITE_PRIVATE   void sqlite3CodeRowTrigger(Parse*, Trigger *, int, ExprList*, int, Table *,
+                            int, int, int);
+SQLITE_PRIVATE   void sqlite3CodeRowTriggerDirect(Parse *, Trigger *, Table *, int, int, int);
+  void sqliteViewTriggers(Parse*, Table*, Expr*, int, ExprList*);
+SQLITE_PRIVATE   void sqlite3DeleteTriggerStep(sqlite3*, TriggerStep*);
+SQLITE_PRIVATE   TriggerStep *sqlite3TriggerSelectStep(sqlite3*,Select*);
+SQLITE_PRIVATE   TriggerStep *sqlite3TriggerInsertStep(sqlite3*,Token*, IdList*,
+                                        Select*,u8);
+SQLITE_PRIVATE   TriggerStep *sqlite3TriggerUpdateStep(sqlite3*,Token*,ExprList*, Expr*, u8);
+SQLITE_PRIVATE   TriggerStep *sqlite3TriggerDeleteStep(sqlite3*,Token*, Expr*);
+SQLITE_PRIVATE   void sqlite3DeleteTrigger(sqlite3*, Trigger*);
+SQLITE_PRIVATE   void sqlite3UnlinkAndDeleteTrigger(sqlite3*,int,const char*);
+SQLITE_PRIVATE   u32 sqlite3TriggerColmask(Parse*,Trigger*,ExprList*,int,int,Table*,int);
+# define sqlite3ParseToplevel(p) ((p)->pToplevel ? (p)->pToplevel : (p))
+# define sqlite3IsToplevel(p) ((p)->pToplevel==0)
+#else
+# define sqlite3TriggersExist(B,C,D,E,F) 0
+# define sqlite3DeleteTrigger(A,B)
+# define sqlite3DropTriggerPtr(A,B)
+# define sqlite3UnlinkAndDeleteTrigger(A,B,C)
+# define sqlite3CodeRowTrigger(A,B,C,D,E,F,G,H,I)
+# define sqlite3CodeRowTriggerDirect(A,B,C,D,E,F)
+# define sqlite3TriggerList(X, Y) 0
+# define sqlite3ParseToplevel(p) p
+# define sqlite3IsToplevel(p) 1
+# define sqlite3TriggerColmask(A,B,C,D,E,F,G) 0
+#endif
+
+SQLITE_PRIVATE int sqlite3JoinType(Parse*, Token*, Token*, Token*);
+SQLITE_PRIVATE void sqlite3CreateForeignKey(Parse*, ExprList*, Token*, ExprList*, int);
+SQLITE_PRIVATE void sqlite3DeferForeignKey(Parse*, int);
+#ifndef SQLITE_OMIT_AUTHORIZATION
+SQLITE_PRIVATE   void sqlite3AuthRead(Parse*,Expr*,Schema*,SrcList*);
+SQLITE_PRIVATE   int sqlite3AuthCheck(Parse*,int, const char*, const char*, const char*);
+SQLITE_PRIVATE   void sqlite3AuthContextPush(Parse*, AuthContext*, const char*);
+SQLITE_PRIVATE   void sqlite3AuthContextPop(AuthContext*);
+SQLITE_PRIVATE   int sqlite3AuthReadCol(Parse*, const char *, const char *, int);
+#else
+# define sqlite3AuthRead(a,b,c,d)
+# define sqlite3AuthCheck(a,b,c,d,e)    SQLITE_OK
+# define sqlite3AuthContextPush(a,b,c)
+# define sqlite3AuthContextPop(a)  ((void)(a))
+#endif
+SQLITE_PRIVATE void sqlite3Attach(Parse*, Expr*, Expr*, Expr*);
+SQLITE_PRIVATE void sqlite3Detach(Parse*, Expr*);
+SQLITE_PRIVATE void sqlite3FixInit(DbFixer*, Parse*, int, const char*, const Token*);
+SQLITE_PRIVATE int sqlite3FixSrcList(DbFixer*, SrcList*);
+SQLITE_PRIVATE int sqlite3FixSelect(DbFixer*, Select*);
+SQLITE_PRIVATE int sqlite3FixExpr(DbFixer*, Expr*);
+SQLITE_PRIVATE int sqlite3FixExprList(DbFixer*, ExprList*);
+SQLITE_PRIVATE int sqlite3FixTriggerStep(DbFixer*, TriggerStep*);
+SQLITE_PRIVATE int sqlite3AtoF(const char *z, double*, int, u8);
+SQLITE_PRIVATE int sqlite3GetInt32(const char *, int*);
+SQLITE_PRIVATE int sqlite3Atoi(const char*);
+SQLITE_PRIVATE int sqlite3Utf16ByteLen(const void *pData, int nChar);
+SQLITE_PRIVATE int sqlite3Utf8CharLen(const char *pData, int nByte);
+SQLITE_PRIVATE u32 sqlite3Utf8Read(const u8**);
+SQLITE_PRIVATE LogEst sqlite3LogEst(u64);
+SQLITE_PRIVATE LogEst sqlite3LogEstAdd(LogEst,LogEst);
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+SQLITE_PRIVATE LogEst sqlite3LogEstFromDouble(double);
+#endif
+SQLITE_PRIVATE u64 sqlite3LogEstToInt(LogEst);
+
+/*
+** Routines to read and write variable-length integers.  These used to
+** be defined locally, but now we use the varint routines in the util.c
+** file.
+*/
+SQLITE_PRIVATE int sqlite3PutVarint(unsigned char*, u64);
+SQLITE_PRIVATE u8 sqlite3GetVarint(const unsigned char *, u64 *);
+SQLITE_PRIVATE u8 sqlite3GetVarint32(const unsigned char *, u32 *);
+SQLITE_PRIVATE int sqlite3VarintLen(u64 v);
+
+/*
+** The common case is for a varint to be a single byte.  They following
+** macros handle the common case without a procedure call, but then call
+** the procedure for larger varints.
+*/
+#define getVarint32(A,B)  \
+  (u8)((*(A)<(u8)0x80)?((B)=(u32)*(A)),1:sqlite3GetVarint32((A),(u32 *)&(B)))
+#define putVarint32(A,B)  \
+  (u8)(((u32)(B)<(u32)0x80)?(*(A)=(unsigned char)(B)),1:\
+  sqlite3PutVarint((A),(B)))
+#define getVarint    sqlite3GetVarint
+#define putVarint    sqlite3PutVarint
+
+
+SQLITE_PRIVATE const char *sqlite3IndexAffinityStr(sqlite3*, Index*);
+SQLITE_PRIVATE void sqlite3TableAffinity(Vdbe*, Table*, int);
+SQLITE_PRIVATE char sqlite3CompareAffinity(Expr *pExpr, char aff2);
+SQLITE_PRIVATE int sqlite3IndexAffinityOk(Expr *pExpr, char idx_affinity);
+SQLITE_PRIVATE char sqlite3ExprAffinity(Expr *pExpr);
+SQLITE_PRIVATE int sqlite3Atoi64(const char*, i64*, int, u8);
+SQLITE_PRIVATE int sqlite3DecOrHexToI64(const char*, i64*);
+SQLITE_PRIVATE void sqlite3ErrorWithMsg(sqlite3*, int, const char*,...);
+SQLITE_PRIVATE void sqlite3Error(sqlite3*,int);
+SQLITE_PRIVATE void *sqlite3HexToBlob(sqlite3*, const char *z, int n);
+SQLITE_PRIVATE u8 sqlite3HexToInt(int h);
+SQLITE_PRIVATE int sqlite3TwoPartName(Parse *, Token *, Token *, Token **);
+
+#if defined(SQLITE_NEED_ERR_NAME)
+SQLITE_PRIVATE const char *sqlite3ErrName(int);
+#endif
+
+SQLITE_PRIVATE const char *sqlite3ErrStr(int);
+SQLITE_PRIVATE int sqlite3ReadSchema(Parse *pParse);
+SQLITE_PRIVATE CollSeq *sqlite3FindCollSeq(sqlite3*,u8 enc, const char*,int);
+SQLITE_PRIVATE CollSeq *sqlite3LocateCollSeq(Parse *pParse, const char*zName);
+SQLITE_PRIVATE CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr);
+SQLITE_PRIVATE Expr *sqlite3ExprAddCollateToken(Parse *pParse, Expr*, const Token*, int);
+SQLITE_PRIVATE Expr *sqlite3ExprAddCollateString(Parse*,Expr*,const char*);
+SQLITE_PRIVATE Expr *sqlite3ExprSkipCollate(Expr*);
+SQLITE_PRIVATE int sqlite3CheckCollSeq(Parse *, CollSeq *);
+SQLITE_PRIVATE int sqlite3CheckObjectName(Parse *, const char *);
+SQLITE_PRIVATE void sqlite3VdbeSetChanges(sqlite3 *, int);
+SQLITE_PRIVATE int sqlite3AddInt64(i64*,i64);
+SQLITE_PRIVATE int sqlite3SubInt64(i64*,i64);
+SQLITE_PRIVATE int sqlite3MulInt64(i64*,i64);
+SQLITE_PRIVATE int sqlite3AbsInt32(int);
+#ifdef SQLITE_ENABLE_8_3_NAMES
+SQLITE_PRIVATE void sqlite3FileSuffix3(const char*, char*);
+#else
+# define sqlite3FileSuffix3(X,Y)
+#endif
+SQLITE_PRIVATE u8 sqlite3GetBoolean(const char *z,u8);
+
+SQLITE_PRIVATE const void *sqlite3ValueText(sqlite3_value*, u8);
+SQLITE_PRIVATE int sqlite3ValueBytes(sqlite3_value*, u8);
+SQLITE_PRIVATE void sqlite3ValueSetStr(sqlite3_value*, int, const void *,u8, 
+                        void(*)(void*));
+SQLITE_PRIVATE void sqlite3ValueSetNull(sqlite3_value*);
+SQLITE_PRIVATE void sqlite3ValueFree(sqlite3_value*);
+SQLITE_PRIVATE sqlite3_value *sqlite3ValueNew(sqlite3 *);
+SQLITE_PRIVATE char *sqlite3Utf16to8(sqlite3 *, const void*, int, u8);
+SQLITE_PRIVATE int sqlite3ValueFromExpr(sqlite3 *, Expr *, u8, u8, sqlite3_value **);
+SQLITE_PRIVATE void sqlite3ValueApplyAffinity(sqlite3_value *, u8, u8);
+#ifndef SQLITE_AMALGAMATION
+SQLITE_PRIVATE const unsigned char sqlite3OpcodeProperty[];
+SQLITE_PRIVATE const char sqlite3StrBINARY[];
+SQLITE_PRIVATE const unsigned char sqlite3UpperToLower[];
+SQLITE_PRIVATE const unsigned char sqlite3CtypeMap[];
+SQLITE_PRIVATE const Token sqlite3IntTokens[];
+SQLITE_PRIVATE SQLITE_WSD struct Sqlite3Config sqlite3Config;
+SQLITE_PRIVATE SQLITE_WSD FuncDefHash sqlite3GlobalFunctions;
+#ifndef SQLITE_OMIT_WSD
+SQLITE_PRIVATE int sqlite3PendingByte;
+#endif
+#endif
+SQLITE_PRIVATE void sqlite3RootPageMoved(sqlite3*, int, int, int);
+SQLITE_PRIVATE void sqlite3Reindex(Parse*, Token*, Token*);
+SQLITE_PRIVATE void sqlite3AlterFunctions(void);
+SQLITE_PRIVATE void sqlite3AlterRenameTable(Parse*, SrcList*, Token*);
+SQLITE_PRIVATE int sqlite3GetToken(const unsigned char *, int *);
+SQLITE_PRIVATE void sqlite3NestedParse(Parse*, const char*, ...);
+SQLITE_PRIVATE void sqlite3ExpirePreparedStatements(sqlite3*);
+SQLITE_PRIVATE int sqlite3CodeSubselect(Parse *, Expr *, int, int);
+SQLITE_PRIVATE void sqlite3SelectPrep(Parse*, Select*, NameContext*);
+SQLITE_PRIVATE void sqlite3SelectWrongNumTermsError(Parse *pParse, Select *p);
+SQLITE_PRIVATE int sqlite3MatchSpanName(const char*, const char*, const char*, const char*);
+SQLITE_PRIVATE int sqlite3ResolveExprNames(NameContext*, Expr*);
+SQLITE_PRIVATE int sqlite3ResolveExprListNames(NameContext*, ExprList*);
+SQLITE_PRIVATE void sqlite3ResolveSelectNames(Parse*, Select*, NameContext*);
+SQLITE_PRIVATE void sqlite3ResolveSelfReference(Parse*,Table*,int,Expr*,ExprList*);
+SQLITE_PRIVATE int sqlite3ResolveOrderGroupBy(Parse*, Select*, ExprList*, const char*);
+SQLITE_PRIVATE void sqlite3ColumnDefault(Vdbe *, Table *, int, int);
+SQLITE_PRIVATE void sqlite3AlterFinishAddColumn(Parse *, Token *);
+SQLITE_PRIVATE void sqlite3AlterBeginAddColumn(Parse *, SrcList *);
+SQLITE_PRIVATE CollSeq *sqlite3GetCollSeq(Parse*, u8, CollSeq *, const char*);
+SQLITE_PRIVATE char sqlite3AffinityType(const char*, u8*);
+SQLITE_PRIVATE void sqlite3Analyze(Parse*, Token*, Token*);
+SQLITE_PRIVATE int sqlite3InvokeBusyHandler(BusyHandler*);
+SQLITE_PRIVATE int sqlite3FindDb(sqlite3*, Token*);
+SQLITE_PRIVATE int sqlite3FindDbName(sqlite3 *, const char *);
+SQLITE_PRIVATE int sqlite3AnalysisLoad(sqlite3*,int iDB);
+SQLITE_PRIVATE void sqlite3DeleteIndexSamples(sqlite3*,Index*);
+SQLITE_PRIVATE void sqlite3DefaultRowEst(Index*);
+SQLITE_PRIVATE void sqlite3RegisterLikeFunctions(sqlite3*, int);
+SQLITE_PRIVATE int sqlite3IsLikeFunction(sqlite3*,Expr*,int*,char*);
+SQLITE_PRIVATE void sqlite3MinimumFileFormat(Parse*, int, int);
+SQLITE_PRIVATE void sqlite3SchemaClear(void *);
+SQLITE_PRIVATE Schema *sqlite3SchemaGet(sqlite3 *, Btree *);
+SQLITE_PRIVATE int sqlite3SchemaToIndex(sqlite3 *db, Schema *);
+SQLITE_PRIVATE KeyInfo *sqlite3KeyInfoAlloc(sqlite3*,int,int);
+SQLITE_PRIVATE void sqlite3KeyInfoUnref(KeyInfo*);
+SQLITE_PRIVATE KeyInfo *sqlite3KeyInfoRef(KeyInfo*);
+SQLITE_PRIVATE KeyInfo *sqlite3KeyInfoOfIndex(Parse*, Index*);
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE int sqlite3KeyInfoIsWriteable(KeyInfo*);
+#endif
+SQLITE_PRIVATE int sqlite3CreateFunc(sqlite3 *, const char *, int, int, void *, 
+  void (*)(sqlite3_context*,int,sqlite3_value **),
+  void (*)(sqlite3_context*,int,sqlite3_value **), void (*)(sqlite3_context*),
+  FuncDestructor *pDestructor
+);
+SQLITE_PRIVATE int sqlite3ApiExit(sqlite3 *db, int);
+SQLITE_PRIVATE int sqlite3OpenTempDatabase(Parse *);
+
+SQLITE_PRIVATE void sqlite3StrAccumInit(StrAccum*, sqlite3*, char*, int, int);
+SQLITE_PRIVATE void sqlite3StrAccumAppend(StrAccum*,const char*,int);
+SQLITE_PRIVATE void sqlite3StrAccumAppendAll(StrAccum*,const char*);
+SQLITE_PRIVATE void sqlite3AppendChar(StrAccum*,int,char);
+SQLITE_PRIVATE char *sqlite3StrAccumFinish(StrAccum*);
+SQLITE_PRIVATE void sqlite3StrAccumReset(StrAccum*);
+SQLITE_PRIVATE void sqlite3SelectDestInit(SelectDest*,int,int);
+SQLITE_PRIVATE Expr *sqlite3CreateColumnExpr(sqlite3 *, SrcList *, int, int);
+
+SQLITE_PRIVATE void sqlite3BackupRestart(sqlite3_backup *);
+SQLITE_PRIVATE void sqlite3BackupUpdate(sqlite3_backup *, Pgno, const u8 *);
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+SQLITE_PRIVATE void sqlite3AnalyzeFunctions(void);
+SQLITE_PRIVATE int sqlite3Stat4ProbeSetValue(Parse*,Index*,UnpackedRecord**,Expr*,u8,int,int*);
+SQLITE_PRIVATE int sqlite3Stat4ValueFromExpr(Parse*, Expr*, u8, sqlite3_value**);
+SQLITE_PRIVATE void sqlite3Stat4ProbeFree(UnpackedRecord*);
+SQLITE_PRIVATE int sqlite3Stat4Column(sqlite3*, const void*, int, int, sqlite3_value**);
+#endif
+
+/*
+** The interface to the LEMON-generated parser
+*/
+SQLITE_PRIVATE void *sqlite3ParserAlloc(void*(*)(u64));
+SQLITE_PRIVATE void sqlite3ParserFree(void*, void(*)(void*));
+SQLITE_PRIVATE void sqlite3Parser(void*, int, Token, Parse*);
+#ifdef YYTRACKMAXSTACKDEPTH
+SQLITE_PRIVATE   int sqlite3ParserStackPeak(void*);
+#endif
+
+SQLITE_PRIVATE void sqlite3AutoLoadExtensions(sqlite3*);
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+SQLITE_PRIVATE   void sqlite3CloseExtensions(sqlite3*);
+#else
+# define sqlite3CloseExtensions(X)
+#endif
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+SQLITE_PRIVATE   void sqlite3TableLock(Parse *, int, int, u8, const char *);
+#else
+  #define sqlite3TableLock(v,w,x,y,z)
+#endif
+
+#ifdef SQLITE_TEST
+SQLITE_PRIVATE   int sqlite3Utf8To8(unsigned char*);
+#endif
+
+#ifdef SQLITE_OMIT_VIRTUALTABLE
+#  define sqlite3VtabClear(Y)
+#  define sqlite3VtabSync(X,Y) SQLITE_OK
+#  define sqlite3VtabRollback(X)
+#  define sqlite3VtabCommit(X)
+#  define sqlite3VtabInSync(db) 0
+#  define sqlite3VtabLock(X) 
+#  define sqlite3VtabUnlock(X)
+#  define sqlite3VtabUnlockList(X)
+#  define sqlite3VtabSavepoint(X, Y, Z) SQLITE_OK
+#  define sqlite3GetVTable(X,Y)  ((VTable*)0)
+#else
+SQLITE_PRIVATE    void sqlite3VtabClear(sqlite3 *db, Table*);
+SQLITE_PRIVATE    void sqlite3VtabDisconnect(sqlite3 *db, Table *p);
+SQLITE_PRIVATE    int sqlite3VtabSync(sqlite3 *db, Vdbe*);
+SQLITE_PRIVATE    int sqlite3VtabRollback(sqlite3 *db);
+SQLITE_PRIVATE    int sqlite3VtabCommit(sqlite3 *db);
+SQLITE_PRIVATE    void sqlite3VtabLock(VTable *);
+SQLITE_PRIVATE    void sqlite3VtabUnlock(VTable *);
+SQLITE_PRIVATE    void sqlite3VtabUnlockList(sqlite3*);
+SQLITE_PRIVATE    int sqlite3VtabSavepoint(sqlite3 *, int, int);
+SQLITE_PRIVATE    void sqlite3VtabImportErrmsg(Vdbe*, sqlite3_vtab*);
+SQLITE_PRIVATE    VTable *sqlite3GetVTable(sqlite3*, Table*);
+#  define sqlite3VtabInSync(db) ((db)->nVTrans>0 && (db)->aVTrans==0)
+#endif
+SQLITE_PRIVATE int sqlite3VtabEponymousTableInit(Parse*,Module*);
+SQLITE_PRIVATE void sqlite3VtabEponymousTableClear(sqlite3*,Module*);
+SQLITE_PRIVATE void sqlite3VtabMakeWritable(Parse*,Table*);
+SQLITE_PRIVATE void sqlite3VtabBeginParse(Parse*, Token*, Token*, Token*, int);
+SQLITE_PRIVATE void sqlite3VtabFinishParse(Parse*, Token*);
+SQLITE_PRIVATE void sqlite3VtabArgInit(Parse*);
+SQLITE_PRIVATE void sqlite3VtabArgExtend(Parse*, Token*);
+SQLITE_PRIVATE int sqlite3VtabCallCreate(sqlite3*, int, const char *, char **);
+SQLITE_PRIVATE int sqlite3VtabCallConnect(Parse*, Table*);
+SQLITE_PRIVATE int sqlite3VtabCallDestroy(sqlite3*, int, const char *);
+SQLITE_PRIVATE int sqlite3VtabBegin(sqlite3 *, VTable *);
+SQLITE_PRIVATE FuncDef *sqlite3VtabOverloadFunction(sqlite3 *,FuncDef*, int nArg, Expr*);
+SQLITE_PRIVATE void sqlite3InvalidFunction(sqlite3_context*,int,sqlite3_value**);
+SQLITE_PRIVATE sqlite3_int64 sqlite3StmtCurrentTime(sqlite3_context*);
+SQLITE_PRIVATE int sqlite3VdbeParameterIndex(Vdbe*, const char*, int);
+SQLITE_PRIVATE int sqlite3TransferBindings(sqlite3_stmt *, sqlite3_stmt *);
+SQLITE_PRIVATE void sqlite3ParserReset(Parse*);
+SQLITE_PRIVATE int sqlite3Reprepare(Vdbe*);
+SQLITE_PRIVATE void sqlite3ExprListCheckLength(Parse*, ExprList*, const char*);
+SQLITE_PRIVATE CollSeq *sqlite3BinaryCompareCollSeq(Parse *, Expr *, Expr *);
+SQLITE_PRIVATE int sqlite3TempInMemory(const sqlite3*);
+SQLITE_PRIVATE const char *sqlite3JournalModename(int);
+#ifndef SQLITE_OMIT_WAL
+SQLITE_PRIVATE   int sqlite3Checkpoint(sqlite3*, int, int, int*, int*);
+SQLITE_PRIVATE   int sqlite3WalDefaultHook(void*,sqlite3*,const char*,int);
+#endif
+#ifndef SQLITE_OMIT_CTE
+SQLITE_PRIVATE   With *sqlite3WithAdd(Parse*,With*,Token*,ExprList*,Select*);
+SQLITE_PRIVATE   void sqlite3WithDelete(sqlite3*,With*);
+SQLITE_PRIVATE   void sqlite3WithPush(Parse*, With*, u8);
+#else
+#define sqlite3WithPush(x,y,z)
+#define sqlite3WithDelete(x,y)
+#endif
+
+/* Declarations for functions in fkey.c. All of these are replaced by
+** no-op macros if OMIT_FOREIGN_KEY is defined. In this case no foreign
+** key functionality is available. If OMIT_TRIGGER is defined but
+** OMIT_FOREIGN_KEY is not, only some of the functions are no-oped. In
+** this case foreign keys are parsed, but no other functionality is 
+** provided (enforcement of FK constraints requires the triggers sub-system).
+*/
+#if !defined(SQLITE_OMIT_FOREIGN_KEY) && !defined(SQLITE_OMIT_TRIGGER)
+SQLITE_PRIVATE   void sqlite3FkCheck(Parse*, Table*, int, int, int*, int);
+SQLITE_PRIVATE   void sqlite3FkDropTable(Parse*, SrcList *, Table*);
+SQLITE_PRIVATE   void sqlite3FkActions(Parse*, Table*, ExprList*, int, int*, int);
+SQLITE_PRIVATE   int sqlite3FkRequired(Parse*, Table*, int*, int);
+SQLITE_PRIVATE   u32 sqlite3FkOldmask(Parse*, Table*);
+SQLITE_PRIVATE   FKey *sqlite3FkReferences(Table *);
+#else
+  #define sqlite3FkActions(a,b,c,d,e,f)
+  #define sqlite3FkCheck(a,b,c,d,e,f)
+  #define sqlite3FkDropTable(a,b,c)
+  #define sqlite3FkOldmask(a,b)         0
+  #define sqlite3FkRequired(a,b,c,d)    0
+#endif
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+SQLITE_PRIVATE   void sqlite3FkDelete(sqlite3 *, Table*);
+SQLITE_PRIVATE   int sqlite3FkLocateIndex(Parse*,Table*,FKey*,Index**,int**);
+#else
+  #define sqlite3FkDelete(a,b)
+  #define sqlite3FkLocateIndex(a,b,c,d,e)
+#endif
+
+
+/*
+** Available fault injectors.  Should be numbered beginning with 0.
+*/
+#define SQLITE_FAULTINJECTOR_MALLOC     0
+#define SQLITE_FAULTINJECTOR_COUNT      1
+
+/*
+** The interface to the code in fault.c used for identifying "benign"
+** malloc failures. This is only present if SQLITE_OMIT_BUILTIN_TEST
+** is not defined.
+*/
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+SQLITE_PRIVATE   void sqlite3BeginBenignMalloc(void);
+SQLITE_PRIVATE   void sqlite3EndBenignMalloc(void);
+#else
+  #define sqlite3BeginBenignMalloc()
+  #define sqlite3EndBenignMalloc()
+#endif
+
+/*
+** Allowed return values from sqlite3FindInIndex()
+*/
+#define IN_INDEX_ROWID        1   /* Search the rowid of the table */
+#define IN_INDEX_EPH          2   /* Search an ephemeral b-tree */
+#define IN_INDEX_INDEX_ASC    3   /* Existing index ASCENDING */
+#define IN_INDEX_INDEX_DESC   4   /* Existing index DESCENDING */
+#define IN_INDEX_NOOP         5   /* No table available. Use comparisons */
+/*
+** Allowed flags for the 3rd parameter to sqlite3FindInIndex().
+*/
+#define IN_INDEX_NOOP_OK     0x0001  /* OK to return IN_INDEX_NOOP */
+#define IN_INDEX_MEMBERSHIP  0x0002  /* IN operator used for membership test */
+#define IN_INDEX_LOOP        0x0004  /* IN operator used as a loop */
+SQLITE_PRIVATE int sqlite3FindInIndex(Parse *, Expr *, u32, int*);
+
+#ifdef SQLITE_ENABLE_ATOMIC_WRITE
+SQLITE_PRIVATE   int sqlite3JournalOpen(sqlite3_vfs *, const char *, sqlite3_file *, int, int);
+SQLITE_PRIVATE   int sqlite3JournalSize(sqlite3_vfs *);
+SQLITE_PRIVATE   int sqlite3JournalCreate(sqlite3_file *);
+SQLITE_PRIVATE   int sqlite3JournalExists(sqlite3_file *p);
+#else
+  #define sqlite3JournalSize(pVfs) ((pVfs)->szOsFile)
+  #define sqlite3JournalExists(p) 1
+#endif
+
+SQLITE_PRIVATE void sqlite3MemJournalOpen(sqlite3_file *);
+SQLITE_PRIVATE int sqlite3MemJournalSize(void);
+SQLITE_PRIVATE int sqlite3IsMemJournal(sqlite3_file *);
+
+SQLITE_PRIVATE void sqlite3ExprSetHeightAndFlags(Parse *pParse, Expr *p);
+#if SQLITE_MAX_EXPR_DEPTH>0
+SQLITE_PRIVATE   int sqlite3SelectExprHeight(Select *);
+SQLITE_PRIVATE   int sqlite3ExprCheckHeight(Parse*, int);
+#else
+  #define sqlite3SelectExprHeight(x) 0
+  #define sqlite3ExprCheckHeight(x,y)
+#endif
+
+SQLITE_PRIVATE u32 sqlite3Get4byte(const u8*);
+SQLITE_PRIVATE void sqlite3Put4byte(u8*, u32);
+
+#ifdef SQLITE_ENABLE_UNLOCK_NOTIFY
+SQLITE_PRIVATE   void sqlite3ConnectionBlocked(sqlite3 *, sqlite3 *);
+SQLITE_PRIVATE   void sqlite3ConnectionUnlocked(sqlite3 *db);
+SQLITE_PRIVATE   void sqlite3ConnectionClosed(sqlite3 *db);
+#else
+  #define sqlite3ConnectionBlocked(x,y)
+  #define sqlite3ConnectionUnlocked(x)
+  #define sqlite3ConnectionClosed(x)
+#endif
+
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE   void sqlite3ParserTrace(FILE*, char *);
+#endif
+
+/*
+** If the SQLITE_ENABLE IOTRACE exists then the global variable
+** sqlite3IoTrace is a pointer to a printf-like routine used to
+** print I/O tracing messages. 
+*/
+#ifdef SQLITE_ENABLE_IOTRACE
+# define IOTRACE(A)  if( sqlite3IoTrace ){ sqlite3IoTrace A; }
+SQLITE_PRIVATE   void sqlite3VdbeIOTraceSql(Vdbe*);
+SQLITE_API SQLITE_EXTERN void (SQLITE_CDECL *sqlite3IoTrace)(const char*,...);
+#else
+# define IOTRACE(A)
+# define sqlite3VdbeIOTraceSql(X)
+#endif
+
+/*
+** These routines are available for the mem2.c debugging memory allocator
+** only.  They are used to verify that different "types" of memory
+** allocations are properly tracked by the system.
+**
+** sqlite3MemdebugSetType() sets the "type" of an allocation to one of
+** the MEMTYPE_* macros defined below.  The type must be a bitmask with
+** a single bit set.
+**
+** sqlite3MemdebugHasType() returns true if any of the bits in its second
+** argument match the type set by the previous sqlite3MemdebugSetType().
+** sqlite3MemdebugHasType() is intended for use inside assert() statements.
+**
+** sqlite3MemdebugNoType() returns true if none of the bits in its second
+** argument match the type set by the previous sqlite3MemdebugSetType().
+**
+** Perhaps the most important point is the difference between MEMTYPE_HEAP
+** and MEMTYPE_LOOKASIDE.  If an allocation is MEMTYPE_LOOKASIDE, that means
+** it might have been allocated by lookaside, except the allocation was
+** too large or lookaside was already full.  It is important to verify
+** that allocations that might have been satisfied by lookaside are not
+** passed back to non-lookaside free() routines.  Asserts such as the
+** example above are placed on the non-lookaside free() routines to verify
+** this constraint. 
+**
+** All of this is no-op for a production build.  It only comes into
+** play when the SQLITE_MEMDEBUG compile-time option is used.
+*/
+#ifdef SQLITE_MEMDEBUG
+SQLITE_PRIVATE   void sqlite3MemdebugSetType(void*,u8);
+SQLITE_PRIVATE   int sqlite3MemdebugHasType(void*,u8);
+SQLITE_PRIVATE   int sqlite3MemdebugNoType(void*,u8);
+#else
+# define sqlite3MemdebugSetType(X,Y)  /* no-op */
+# define sqlite3MemdebugHasType(X,Y)  1
+# define sqlite3MemdebugNoType(X,Y)   1
+#endif
+#define MEMTYPE_HEAP       0x01  /* General heap allocations */
+#define MEMTYPE_LOOKASIDE  0x02  /* Heap that might have been lookaside */
+#define MEMTYPE_SCRATCH    0x04  /* Scratch allocations */
+#define MEMTYPE_PCACHE     0x08  /* Page cache allocations */
+
+/*
+** Threading interface
+*/
+#if SQLITE_MAX_WORKER_THREADS>0
+SQLITE_PRIVATE int sqlite3ThreadCreate(SQLiteThread**,void*(*)(void*),void*);
+SQLITE_PRIVATE int sqlite3ThreadJoin(SQLiteThread*, void**);
+#endif
+
+#if defined(SQLITE_ENABLE_DBSTAT_VTAB) || defined(SQLITE_TEST)
+SQLITE_PRIVATE int sqlite3DbstatRegister(sqlite3*);
+#endif
+
+#endif /* _SQLITEINT_H_ */
+
+/************** End of sqliteInt.h *******************************************/
+/************** Begin file global.c ******************************************/
+/*
+** 2008 June 13
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains definitions of global variables and constants.
+*/
+/* #include "sqliteInt.h" */
+
+/* An array to map all upper-case characters into their corresponding
+** lower-case character. 
+**
+** SQLite only considers US-ASCII (or EBCDIC) characters.  We do not
+** handle case conversions for the UTF character set since the tables
+** involved are nearly as big or bigger than SQLite itself.
+*/
+SQLITE_PRIVATE const unsigned char sqlite3UpperToLower[] = {
+#ifdef SQLITE_ASCII
+      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15, 16, 17,
+     18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35,
+     36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
+     54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 97, 98, 99,100,101,102,103,
+    104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,
+    122, 91, 92, 93, 94, 95, 96, 97, 98, 99,100,101,102,103,104,105,106,107,
+    108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,
+    126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,
+    144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,
+    162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,
+    180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,
+    198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,
+    216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,
+    234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,
+    252,253,254,255
+#endif
+#ifdef SQLITE_EBCDIC
+      0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15, /* 0x */
+     16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, /* 1x */
+     32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, /* 2x */
+     48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, /* 3x */
+     64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, /* 4x */
+     80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, /* 5x */
+     96, 97, 98, 99,100,101,102,103,104,105,106,107,108,109,110,111, /* 6x */
+    112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127, /* 7x */
+    128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143, /* 8x */
+    144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159, /* 9x */
+    160,161,162,163,164,165,166,167,168,169,170,171,140,141,142,175, /* Ax */
+    176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191, /* Bx */
+    192,129,130,131,132,133,134,135,136,137,202,203,204,205,206,207, /* Cx */
+    208,145,146,147,148,149,150,151,152,153,218,219,220,221,222,223, /* Dx */
+    224,225,162,163,164,165,166,167,168,169,234,235,236,237,238,239, /* Ex */
+    240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255, /* Fx */
+#endif
+};
+
+/*
+** The following 256 byte lookup table is used to support SQLites built-in
+** equivalents to the following standard library functions:
+**
+**   isspace()                        0x01
+**   isalpha()                        0x02
+**   isdigit()                        0x04
+**   isalnum()                        0x06
+**   isxdigit()                       0x08
+**   toupper()                        0x20
+**   SQLite identifier character      0x40
+**
+** Bit 0x20 is set if the mapped character requires translation to upper
+** case. i.e. if the character is a lower-case ASCII character.
+** If x is a lower-case ASCII character, then its upper-case equivalent
+** is (x - 0x20). Therefore toupper() can be implemented as:
+**
+**   (x & ~(map[x]&0x20))
+**
+** Standard function tolower() is implemented using the sqlite3UpperToLower[]
+** array. tolower() is used more often than toupper() by SQLite.
+**
+** Bit 0x40 is set if the character non-alphanumeric and can be used in an 
+** SQLite identifier.  Identifiers are alphanumerics, "_", "$", and any
+** non-ASCII UTF character. Hence the test for whether or not a character is
+** part of an identifier is 0x46.
+**
+** SQLite's versions are identical to the standard versions assuming a
+** locale of "C". They are implemented as macros in sqliteInt.h.
+*/
+#ifdef SQLITE_ASCII
+SQLITE_PRIVATE const unsigned char sqlite3CtypeMap[256] = {
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /* 00..07    ........ */
+  0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00,  /* 08..0f    ........ */
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /* 10..17    ........ */
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /* 18..1f    ........ */
+  0x01, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,  /* 20..27     !"#$%&' */
+  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /* 28..2f    ()*+,-./ */
+  0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,  /* 30..37    01234567 */
+  0x0c, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  /* 38..3f    89:;<=>? */
+
+  0x00, 0x0a, 0x0a, 0x0a, 0x0a, 0x0a, 0x0a, 0x02,  /* 40..47    @ABCDEFG */
+  0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,  /* 48..4f    HIJKLMNO */
+  0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,  /* 50..57    PQRSTUVW */
+  0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x40,  /* 58..5f    XYZ[\]^_ */
+  0x00, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x2a, 0x22,  /* 60..67    `abcdefg */
+  0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,  /* 68..6f    hijklmno */
+  0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,  /* 70..77    pqrstuvw */
+  0x22, 0x22, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00,  /* 78..7f    xyz{|}~. */
+
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* 80..87    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* 88..8f    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* 90..97    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* 98..9f    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* a0..a7    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* a8..af    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* b0..b7    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* b8..bf    ........ */
+
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* c0..c7    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* c8..cf    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* d0..d7    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* d8..df    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* e0..e7    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* e8..ef    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,  /* f0..f7    ........ */
+  0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40   /* f8..ff    ........ */
+};
+#endif
+
+/* EVIDENCE-OF: R-02982-34736 In order to maintain full backwards
+** compatibility for legacy applications, the URI filename capability is
+** disabled by default.
+**
+** EVIDENCE-OF: R-38799-08373 URI filenames can be enabled or disabled
+** using the SQLITE_USE_URI=1 or SQLITE_USE_URI=0 compile-time options.
+**
+** EVIDENCE-OF: R-43642-56306 By default, URI handling is globally
+** disabled. The default value may be changed by compiling with the
+** SQLITE_USE_URI symbol defined.
+*/
+#ifndef SQLITE_USE_URI
+# define  SQLITE_USE_URI 0
+#endif
+
+/* EVIDENCE-OF: R-38720-18127 The default setting is determined by the
+** SQLITE_ALLOW_COVERING_INDEX_SCAN compile-time option, or is "on" if
+** that compile-time option is omitted.
+*/
+#ifndef SQLITE_ALLOW_COVERING_INDEX_SCAN
+# define SQLITE_ALLOW_COVERING_INDEX_SCAN 1
+#endif
+
+/* The minimum PMA size is set to this value multiplied by the database
+** page size in bytes.
+*/
+#ifndef SQLITE_SORTER_PMASZ
+# define SQLITE_SORTER_PMASZ 250
+#endif
+
+/*
+** The following singleton contains the global configuration for
+** the SQLite library.
+*/
+SQLITE_PRIVATE SQLITE_WSD struct Sqlite3Config sqlite3Config = {
+   SQLITE_DEFAULT_MEMSTATUS,  /* bMemstat */
+   1,                         /* bCoreMutex */
+   SQLITE_THREADSAFE==1,      /* bFullMutex */
+   SQLITE_USE_URI,            /* bOpenUri */
+   SQLITE_ALLOW_COVERING_INDEX_SCAN,   /* bUseCis */
+   0x7ffffffe,                /* mxStrlen */
+   0,                         /* neverCorrupt */
+   128,                       /* szLookaside */
+   500,                       /* nLookaside */
+   {0,0,0,0,0,0,0,0},         /* m */
+   {0,0,0,0,0,0,0,0,0},       /* mutex */
+   {0,0,0,0,0,0,0,0,0,0,0,0,0},/* pcache2 */
+   (void*)0,                  /* pHeap */
+   0,                         /* nHeap */
+   0, 0,                      /* mnHeap, mxHeap */
+   SQLITE_DEFAULT_MMAP_SIZE,  /* szMmap */
+   SQLITE_MAX_MMAP_SIZE,      /* mxMmap */
+   (void*)0,                  /* pScratch */
+   0,                         /* szScratch */
+   0,                         /* nScratch */
+   (void*)0,                  /* pPage */
+   0,                         /* szPage */
+   SQLITE_DEFAULT_PCACHE_INITSZ, /* nPage */
+   0,                         /* mxParserStack */
+   0,                         /* sharedCacheEnabled */
+   SQLITE_SORTER_PMASZ,       /* szPma */
+   /* All the rest should always be initialized to zero */
+   0,                         /* isInit */
+   0,                         /* inProgress */
+   0,                         /* isMutexInit */
+   0,                         /* isMallocInit */
+   0,                         /* isPCacheInit */
+   0,                         /* nRefInitMutex */
+   0,                         /* pInitMutex */
+   0,                         /* xLog */
+   0,                         /* pLogArg */
+#ifdef SQLITE_ENABLE_SQLLOG
+   0,                         /* xSqllog */
+   0,                         /* pSqllogArg */
+#endif
+#ifdef SQLITE_VDBE_COVERAGE
+   0,                         /* xVdbeBranch */
+   0,                         /* pVbeBranchArg */
+#endif
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+   0,                         /* xTestCallback */
+#endif
+   0                          /* bLocaltimeFault */
+};
+
+/*
+** Hash table for global functions - functions common to all
+** database connections.  After initialization, this table is
+** read-only.
+*/
+SQLITE_PRIVATE SQLITE_WSD FuncDefHash sqlite3GlobalFunctions;
+
+/*
+** Constant tokens for values 0 and 1.
+*/
+SQLITE_PRIVATE const Token sqlite3IntTokens[] = {
+   { "0", 1 },
+   { "1", 1 }
+};
+
+
+/*
+** The value of the "pending" byte must be 0x40000000 (1 byte past the
+** 1-gibabyte boundary) in a compatible database.  SQLite never uses
+** the database page that contains the pending byte.  It never attempts
+** to read or write that page.  The pending byte page is set assign
+** for use by the VFS layers as space for managing file locks.
+**
+** During testing, it is often desirable to move the pending byte to
+** a different position in the file.  This allows code that has to
+** deal with the pending byte to run on files that are much smaller
+** than 1 GiB.  The sqlite3_test_control() interface can be used to
+** move the pending byte.
+**
+** IMPORTANT:  Changing the pending byte to any value other than
+** 0x40000000 results in an incompatible database file format!
+** Changing the pending byte during operation will result in undefined
+** and incorrect behavior.
+*/
+#ifndef SQLITE_OMIT_WSD
+SQLITE_PRIVATE int sqlite3PendingByte = 0x40000000;
+#endif
+
+/* #include "opcodes.h" */
+/*
+** Properties of opcodes.  The OPFLG_INITIALIZER macro is
+** created by mkopcodeh.awk during compilation.  Data is obtained
+** from the comments following the "case OP_xxxx:" statements in
+** the vdbe.c file.  
+*/
+SQLITE_PRIVATE const unsigned char sqlite3OpcodeProperty[] = OPFLG_INITIALIZER;
+
+/*
+** Name of the default collating sequence
+*/
+SQLITE_PRIVATE const char sqlite3StrBINARY[] = "BINARY";
+
+/************** End of global.c **********************************************/
+/************** Begin file ctime.c *******************************************/
+/*
+** 2010 February 23
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file implements routines used to report what compile-time options
+** SQLite was built with.
+*/
+
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+
+/* #include "sqliteInt.h" */
+
+/*
+** An array of names of all compile-time options.  This array should 
+** be sorted A-Z.
+**
+** This array looks large, but in a typical installation actually uses
+** only a handful of compile-time options, so most times this array is usually
+** rather short and uses little memory space.
+*/
+static const char * const azCompileOpt[] = {
+
+/* These macros are provided to "stringify" the value of the define
+** for those options in which the value is meaningful. */
+#define CTIMEOPT_VAL_(opt) #opt
+#define CTIMEOPT_VAL(opt) CTIMEOPT_VAL_(opt)
+
+#if SQLITE_32BIT_ROWID
+  "32BIT_ROWID",
+#endif
+#if SQLITE_4_BYTE_ALIGNED_MALLOC
+  "4_BYTE_ALIGNED_MALLOC",
+#endif
+#if SQLITE_CASE_SENSITIVE_LIKE
+  "CASE_SENSITIVE_LIKE",
+#endif
+#if SQLITE_CHECK_PAGES
+  "CHECK_PAGES",
+#endif
+#if SQLITE_COVERAGE_TEST
+  "COVERAGE_TEST",
+#endif
+#if SQLITE_DEBUG
+  "DEBUG",
+#endif
+#if SQLITE_DEFAULT_LOCKING_MODE
+  "DEFAULT_LOCKING_MODE=" CTIMEOPT_VAL(SQLITE_DEFAULT_LOCKING_MODE),
+#endif
+#if defined(SQLITE_DEFAULT_MMAP_SIZE) && !defined(SQLITE_DEFAULT_MMAP_SIZE_xc)
+  "DEFAULT_MMAP_SIZE=" CTIMEOPT_VAL(SQLITE_DEFAULT_MMAP_SIZE),
+#endif
+#if SQLITE_DISABLE_DIRSYNC
+  "DISABLE_DIRSYNC",
+#endif
+#if SQLITE_DISABLE_LFS
+  "DISABLE_LFS",
+#endif
+#if SQLITE_ENABLE_8_3_NAMES
+  "ENABLE_8_3_NAMES",
+#endif
+#if SQLITE_ENABLE_API_ARMOR
+  "ENABLE_API_ARMOR",
+#endif
+#if SQLITE_ENABLE_ATOMIC_WRITE
+  "ENABLE_ATOMIC_WRITE",
+#endif
+#if SQLITE_ENABLE_CEROD
+  "ENABLE_CEROD",
+#endif
+#if SQLITE_ENABLE_COLUMN_METADATA
+  "ENABLE_COLUMN_METADATA",
+#endif
+#if SQLITE_ENABLE_DBSTAT_VTAB
+  "ENABLE_DBSTAT_VTAB",
+#endif
+#if SQLITE_ENABLE_EXPENSIVE_ASSERT
+  "ENABLE_EXPENSIVE_ASSERT",
+#endif
+#if SQLITE_ENABLE_FTS1
+  "ENABLE_FTS1",
+#endif
+#if SQLITE_ENABLE_FTS2
+  "ENABLE_FTS2",
+#endif
+#if SQLITE_ENABLE_FTS3
+  "ENABLE_FTS3",
+#endif
+#if SQLITE_ENABLE_FTS3_PARENTHESIS
+  "ENABLE_FTS3_PARENTHESIS",
+#endif
+#if SQLITE_ENABLE_FTS4
+  "ENABLE_FTS4",
+#endif
+#if SQLITE_ENABLE_FTS5
+  "ENABLE_FTS5",
+#endif
+#if SQLITE_ENABLE_ICU
+  "ENABLE_ICU",
+#endif
+#if SQLITE_ENABLE_IOTRACE
+  "ENABLE_IOTRACE",
+#endif
+#if SQLITE_ENABLE_JSON1
+  "ENABLE_JSON1",
+#endif
+#if SQLITE_ENABLE_LOAD_EXTENSION
+  "ENABLE_LOAD_EXTENSION",
+#endif
+#if SQLITE_ENABLE_LOCKING_STYLE
+  "ENABLE_LOCKING_STYLE=" CTIMEOPT_VAL(SQLITE_ENABLE_LOCKING_STYLE),
+#endif
+#if SQLITE_ENABLE_MEMORY_MANAGEMENT
+  "ENABLE_MEMORY_MANAGEMENT",
+#endif
+#if SQLITE_ENABLE_MEMSYS3
+  "ENABLE_MEMSYS3",
+#endif
+#if SQLITE_ENABLE_MEMSYS5
+  "ENABLE_MEMSYS5",
+#endif
+#if SQLITE_ENABLE_OVERSIZE_CELL_CHECK
+  "ENABLE_OVERSIZE_CELL_CHECK",
+#endif
+#if SQLITE_ENABLE_RTREE
+  "ENABLE_RTREE",
+#endif
+#if defined(SQLITE_ENABLE_STAT4)
+  "ENABLE_STAT4",
+#elif defined(SQLITE_ENABLE_STAT3)
+  "ENABLE_STAT3",
+#endif
+#if SQLITE_ENABLE_UNLOCK_NOTIFY
+  "ENABLE_UNLOCK_NOTIFY",
+#endif
+#if SQLITE_ENABLE_UPDATE_DELETE_LIMIT
+  "ENABLE_UPDATE_DELETE_LIMIT",
+#endif
+#if SQLITE_HAS_CODEC
+  "HAS_CODEC",
+#endif
+#if HAVE_ISNAN || SQLITE_HAVE_ISNAN
+  "HAVE_ISNAN",
+#endif
+#if SQLITE_HOMEGROWN_RECURSIVE_MUTEX
+  "HOMEGROWN_RECURSIVE_MUTEX",
+#endif
+#if SQLITE_IGNORE_AFP_LOCK_ERRORS
+  "IGNORE_AFP_LOCK_ERRORS",
+#endif
+#if SQLITE_IGNORE_FLOCK_LOCK_ERRORS
+  "IGNORE_FLOCK_LOCK_ERRORS",
+#endif
+#ifdef SQLITE_INT64_TYPE
+  "INT64_TYPE",
+#endif
+#ifdef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+  "LIKE_DOESNT_MATCH_BLOBS",
+#endif
+#if SQLITE_LOCK_TRACE
+  "LOCK_TRACE",
+#endif
+#if defined(SQLITE_MAX_MMAP_SIZE) && !defined(SQLITE_MAX_MMAP_SIZE_xc)
+  "MAX_MMAP_SIZE=" CTIMEOPT_VAL(SQLITE_MAX_MMAP_SIZE),
+#endif
+#ifdef SQLITE_MAX_SCHEMA_RETRY
+  "MAX_SCHEMA_RETRY=" CTIMEOPT_VAL(SQLITE_MAX_SCHEMA_RETRY),
+#endif
+#if SQLITE_MEMDEBUG
+  "MEMDEBUG",
+#endif
+#if SQLITE_MIXED_ENDIAN_64BIT_FLOAT
+  "MIXED_ENDIAN_64BIT_FLOAT",
+#endif
+#if SQLITE_NO_SYNC
+  "NO_SYNC",
+#endif
+#if SQLITE_OMIT_ALTERTABLE
+  "OMIT_ALTERTABLE",
+#endif
+#if SQLITE_OMIT_ANALYZE
+  "OMIT_ANALYZE",
+#endif
+#if SQLITE_OMIT_ATTACH
+  "OMIT_ATTACH",
+#endif
+#if SQLITE_OMIT_AUTHORIZATION
+  "OMIT_AUTHORIZATION",
+#endif
+#if SQLITE_OMIT_AUTOINCREMENT
+  "OMIT_AUTOINCREMENT",
+#endif
+#if SQLITE_OMIT_AUTOINIT
+  "OMIT_AUTOINIT",
+#endif
+#if SQLITE_OMIT_AUTOMATIC_INDEX
+  "OMIT_AUTOMATIC_INDEX",
+#endif
+#if SQLITE_OMIT_AUTORESET
+  "OMIT_AUTORESET",
+#endif
+#if SQLITE_OMIT_AUTOVACUUM
+  "OMIT_AUTOVACUUM",
+#endif
+#if SQLITE_OMIT_BETWEEN_OPTIMIZATION
+  "OMIT_BETWEEN_OPTIMIZATION",
+#endif
+#if SQLITE_OMIT_BLOB_LITERAL
+  "OMIT_BLOB_LITERAL",
+#endif
+#if SQLITE_OMIT_BTREECOUNT
+  "OMIT_BTREECOUNT",
+#endif
+#if SQLITE_OMIT_BUILTIN_TEST
+  "OMIT_BUILTIN_TEST",
+#endif
+#if SQLITE_OMIT_CAST
+  "OMIT_CAST",
+#endif
+#if SQLITE_OMIT_CHECK
+  "OMIT_CHECK",
+#endif
+#if SQLITE_OMIT_COMPLETE
+  "OMIT_COMPLETE",
+#endif
+#if SQLITE_OMIT_COMPOUND_SELECT
+  "OMIT_COMPOUND_SELECT",
+#endif
+#if SQLITE_OMIT_CTE
+  "OMIT_CTE",
+#endif
+#if SQLITE_OMIT_DATETIME_FUNCS
+  "OMIT_DATETIME_FUNCS",
+#endif
+#if SQLITE_OMIT_DECLTYPE
+  "OMIT_DECLTYPE",
+#endif
+#if SQLITE_OMIT_DEPRECATED
+  "OMIT_DEPRECATED",
+#endif
+#if SQLITE_OMIT_DISKIO
+  "OMIT_DISKIO",
+#endif
+#if SQLITE_OMIT_EXPLAIN
+  "OMIT_EXPLAIN",
+#endif
+#if SQLITE_OMIT_FLAG_PRAGMAS
+  "OMIT_FLAG_PRAGMAS",
+#endif
+#if SQLITE_OMIT_FLOATING_POINT
+  "OMIT_FLOATING_POINT",
+#endif
+#if SQLITE_OMIT_FOREIGN_KEY
+  "OMIT_FOREIGN_KEY",
+#endif
+#if SQLITE_OMIT_GET_TABLE
+  "OMIT_GET_TABLE",
+#endif
+#if SQLITE_OMIT_INCRBLOB
+  "OMIT_INCRBLOB",
+#endif
+#if SQLITE_OMIT_INTEGRITY_CHECK
+  "OMIT_INTEGRITY_CHECK",
+#endif
+#if SQLITE_OMIT_LIKE_OPTIMIZATION
+  "OMIT_LIKE_OPTIMIZATION",
+#endif
+#if SQLITE_OMIT_LOAD_EXTENSION
+  "OMIT_LOAD_EXTENSION",
+#endif
+#if SQLITE_OMIT_LOCALTIME
+  "OMIT_LOCALTIME",
+#endif
+#if SQLITE_OMIT_LOOKASIDE
+  "OMIT_LOOKASIDE",
+#endif
+#if SQLITE_OMIT_MEMORYDB
+  "OMIT_MEMORYDB",
+#endif
+#if SQLITE_OMIT_OR_OPTIMIZATION
+  "OMIT_OR_OPTIMIZATION",
+#endif
+#if SQLITE_OMIT_PAGER_PRAGMAS
+  "OMIT_PAGER_PRAGMAS",
+#endif
+#if SQLITE_OMIT_PRAGMA
+  "OMIT_PRAGMA",
+#endif
+#if SQLITE_OMIT_PROGRESS_CALLBACK
+  "OMIT_PROGRESS_CALLBACK",
+#endif
+#if SQLITE_OMIT_QUICKBALANCE
+  "OMIT_QUICKBALANCE",
+#endif
+#if SQLITE_OMIT_REINDEX
+  "OMIT_REINDEX",
+#endif
+#if SQLITE_OMIT_SCHEMA_PRAGMAS
+  "OMIT_SCHEMA_PRAGMAS",
+#endif
+#if SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS
+  "OMIT_SCHEMA_VERSION_PRAGMAS",
+#endif
+#if SQLITE_OMIT_SHARED_CACHE
+  "OMIT_SHARED_CACHE",
+#endif
+#if SQLITE_OMIT_SUBQUERY
+  "OMIT_SUBQUERY",
+#endif
+#if SQLITE_OMIT_TCL_VARIABLE
+  "OMIT_TCL_VARIABLE",
+#endif
+#if SQLITE_OMIT_TEMPDB
+  "OMIT_TEMPDB",
+#endif
+#if SQLITE_OMIT_TRACE
+  "OMIT_TRACE",
+#endif
+#if SQLITE_OMIT_TRIGGER
+  "OMIT_TRIGGER",
+#endif
+#if SQLITE_OMIT_TRUNCATE_OPTIMIZATION
+  "OMIT_TRUNCATE_OPTIMIZATION",
+#endif
+#if SQLITE_OMIT_UTF16
+  "OMIT_UTF16",
+#endif
+#if SQLITE_OMIT_VACUUM
+  "OMIT_VACUUM",
+#endif
+#if SQLITE_OMIT_VIEW
+  "OMIT_VIEW",
+#endif
+#if SQLITE_OMIT_VIRTUALTABLE
+  "OMIT_VIRTUALTABLE",
+#endif
+#if SQLITE_OMIT_WAL
+  "OMIT_WAL",
+#endif
+#if SQLITE_OMIT_WSD
+  "OMIT_WSD",
+#endif
+#if SQLITE_OMIT_XFER_OPT
+  "OMIT_XFER_OPT",
+#endif
+#if SQLITE_PERFORMANCE_TRACE
+  "PERFORMANCE_TRACE",
+#endif
+#if SQLITE_PROXY_DEBUG
+  "PROXY_DEBUG",
+#endif
+#if SQLITE_RTREE_INT_ONLY
+  "RTREE_INT_ONLY",
+#endif
+#if SQLITE_SECURE_DELETE
+  "SECURE_DELETE",
+#endif
+#if SQLITE_SMALL_STACK
+  "SMALL_STACK",
+#endif
+#if SQLITE_SOUNDEX
+  "SOUNDEX",
+#endif
+#if SQLITE_SYSTEM_MALLOC
+  "SYSTEM_MALLOC",
+#endif
+#if SQLITE_TCL
+  "TCL",
+#endif
+#if defined(SQLITE_TEMP_STORE) && !defined(SQLITE_TEMP_STORE_xc)
+  "TEMP_STORE=" CTIMEOPT_VAL(SQLITE_TEMP_STORE),
+#endif
+#if SQLITE_TEST
+  "TEST",
+#endif
+#if defined(SQLITE_THREADSAFE)
+  "THREADSAFE=" CTIMEOPT_VAL(SQLITE_THREADSAFE),
+#endif
+#if SQLITE_USE_ALLOCA
+  "USE_ALLOCA",
+#endif
+#if SQLITE_USER_AUTHENTICATION
+  "USER_AUTHENTICATION",
+#endif
+#if SQLITE_WIN32_MALLOC
+  "WIN32_MALLOC",
+#endif
+#if SQLITE_ZERO_MALLOC
+  "ZERO_MALLOC"
+#endif
+};
+
+/*
+** Given the name of a compile-time option, return true if that option
+** was used and false if not.
+**
+** The name can optionally begin with "SQLITE_" but the "SQLITE_" prefix
+** is not required for a match.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_compileoption_used(const char *zOptName){
+  int i, n;
+
+#if SQLITE_ENABLE_API_ARMOR
+  if( zOptName==0 ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  if( sqlite3StrNICmp(zOptName, "SQLITE_", 7)==0 ) zOptName += 7;
+  n = sqlite3Strlen30(zOptName);
+
+  /* Since ArraySize(azCompileOpt) is normally in single digits, a
+  ** linear search is adequate.  No need for a binary search. */
+  for(i=0; i<ArraySize(azCompileOpt); i++){
+    if( sqlite3StrNICmp(zOptName, azCompileOpt[i], n)==0
+     && sqlite3IsIdChar((unsigned char)azCompileOpt[i][n])==0
+    ){
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** Return the N-th compile-time option string.  If N is out of range,
+** return a NULL pointer.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_compileoption_get(int N){
+  if( N>=0 && N<ArraySize(azCompileOpt) ){
+    return azCompileOpt[N];
+  }
+  return 0;
+}
+
+#endif /* SQLITE_OMIT_COMPILEOPTION_DIAGS */
+
+/************** End of ctime.c ***********************************************/
+/************** Begin file status.c ******************************************/
+/*
+** 2008 June 18
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This module implements the sqlite3_status() interface and related
+** functionality.
+*/
+/* #include "sqliteInt.h" */
+/************** Include vdbeInt.h in the middle of status.c ******************/
+/************** Begin file vdbeInt.h *****************************************/
+/*
+** 2003 September 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This is the header file for information that is private to the
+** VDBE.  This information used to all be at the top of the single
+** source code file "vdbe.c".  When that file became too big (over
+** 6000 lines long) it was split up into several smaller files and
+** this header information was factored out.
+*/
+#ifndef _VDBEINT_H_
+#define _VDBEINT_H_
+
+/*
+** The maximum number of times that a statement will try to reparse
+** itself before giving up and returning SQLITE_SCHEMA.
+*/
+#ifndef SQLITE_MAX_SCHEMA_RETRY
+# define SQLITE_MAX_SCHEMA_RETRY 50
+#endif
+
+/*
+** VDBE_DISPLAY_P4 is true or false depending on whether or not the
+** "explain" P4 display logic is enabled.
+*/
+#if !defined(SQLITE_OMIT_EXPLAIN) || !defined(NDEBUG) \
+     || defined(VDBE_PROFILE) || defined(SQLITE_DEBUG)
+# define VDBE_DISPLAY_P4 1
+#else
+# define VDBE_DISPLAY_P4 0
+#endif
+
+/*
+** SQL is translated into a sequence of instructions to be
+** executed by a virtual machine.  Each instruction is an instance
+** of the following structure.
+*/
+typedef struct VdbeOp Op;
+
+/*
+** Boolean values
+*/
+typedef unsigned Bool;
+
+/* Opaque type used by code in vdbesort.c */
+typedef struct VdbeSorter VdbeSorter;
+
+/* Opaque type used by the explainer */
+typedef struct Explain Explain;
+
+/* Elements of the linked list at Vdbe.pAuxData */
+typedef struct AuxData AuxData;
+
+/* Types of VDBE cursors */
+#define CURTYPE_BTREE       0
+#define CURTYPE_SORTER      1
+#define CURTYPE_VTAB        2
+#define CURTYPE_PSEUDO      3
+
+/*
+** A VdbeCursor is an superclass (a wrapper) for various cursor objects:
+**
+**      * A b-tree cursor
+**          -  In the main database or in an ephemeral database
+**          -  On either an index or a table
+**      * A sorter
+**      * A virtual table
+**      * A one-row "pseudotable" stored in a single register
+*/
+struct VdbeCursor {
+  u8 eCurType;          /* One of the CURTYPE_* values above */
+  i8 iDb;               /* Index of cursor database in db->aDb[] (or -1) */
+  u8 nullRow;           /* True if pointing to a row with no data */
+  u8 deferredMoveto;    /* A call to sqlite3BtreeMoveto() is needed */
+  u8 isTable;           /* True for rowid tables.  False for indexes */
+#ifdef SQLITE_DEBUG
+  u8 seekOp;            /* Most recent seek operation on this cursor */
+#endif
+  Bool isEphemeral:1;   /* True for an ephemeral table */
+  Bool useRandomRowid:1;/* Generate new record numbers semi-randomly */
+  Bool isOrdered:1;     /* True if the underlying table is BTREE_UNORDERED */
+  Pgno pgnoRoot;        /* Root page of the open btree cursor */
+  i16 nField;           /* Number of fields in the header */
+  u16 nHdrParsed;       /* Number of header fields parsed so far */
+  union {
+    BtCursor *pCursor;          /* CURTYPE_BTREE.  Btree cursor */
+    sqlite3_vtab_cursor *pVCur; /* CURTYPE_VTAB.   Vtab cursor */
+    int pseudoTableReg;         /* CURTYPE_PSEUDO. Reg holding content. */
+    VdbeSorter *pSorter;        /* CURTYPE_SORTER. Sorter object */
+  } uc;
+  Btree *pBt;           /* Separate file holding temporary table */
+  KeyInfo *pKeyInfo;    /* Info about index keys needed by index cursors */
+  int seekResult;       /* Result of previous sqlite3BtreeMoveto() */
+  i64 seqCount;         /* Sequence counter */
+  i64 movetoTarget;     /* Argument to the deferred sqlite3BtreeMoveto() */
+#ifdef SQLITE_ENABLE_COLUMN_USED_MASK
+  u64 maskUsed;         /* Mask of columns used by this cursor */
+#endif
+
+  /* Cached information about the header for the data record that the
+  ** cursor is currently pointing to.  Only valid if cacheStatus matches
+  ** Vdbe.cacheCtr.  Vdbe.cacheCtr will never take on the value of
+  ** CACHE_STALE and so setting cacheStatus=CACHE_STALE guarantees that
+  ** the cache is out of date.
+  **
+  ** aRow might point to (ephemeral) data for the current row, or it might
+  ** be NULL.
+  */
+  u32 cacheStatus;      /* Cache is valid if this matches Vdbe.cacheCtr */
+  u32 payloadSize;      /* Total number of bytes in the record */
+  u32 szRow;            /* Byte available in aRow */
+  u32 iHdrOffset;       /* Offset to next unparsed byte of the header */
+  const u8 *aRow;       /* Data for the current row, if all on one page */
+  u32 *aOffset;         /* Pointer to aType[nField] */
+  u32 aType[1];         /* Type values for all entries in the record */
+  /* 2*nField extra array elements allocated for aType[], beyond the one
+  ** static element declared in the structure.  nField total array slots for
+  ** aType[] and nField+1 array slots for aOffset[] */
+};
+typedef struct VdbeCursor VdbeCursor;
+
+/*
+** When a sub-program is executed (OP_Program), a structure of this type
+** is allocated to store the current value of the program counter, as
+** well as the current memory cell array and various other frame specific
+** values stored in the Vdbe struct. When the sub-program is finished, 
+** these values are copied back to the Vdbe from the VdbeFrame structure,
+** restoring the state of the VM to as it was before the sub-program
+** began executing.
+**
+** The memory for a VdbeFrame object is allocated and managed by a memory
+** cell in the parent (calling) frame. When the memory cell is deleted or
+** overwritten, the VdbeFrame object is not freed immediately. Instead, it
+** is linked into the Vdbe.pDelFrame list. The contents of the Vdbe.pDelFrame
+** list is deleted when the VM is reset in VdbeHalt(). The reason for doing
+** this instead of deleting the VdbeFrame immediately is to avoid recursive
+** calls to sqlite3VdbeMemRelease() when the memory cells belonging to the
+** child frame are released.
+**
+** The currently executing frame is stored in Vdbe.pFrame. Vdbe.pFrame is
+** set to NULL if the currently executing frame is the main program.
+*/
+typedef struct VdbeFrame VdbeFrame;
+struct VdbeFrame {
+  Vdbe *v;                /* VM this frame belongs to */
+  VdbeFrame *pParent;     /* Parent of this frame, or NULL if parent is main */
+  Op *aOp;                /* Program instructions for parent frame */
+  i64 *anExec;            /* Event counters from parent frame */
+  Mem *aMem;              /* Array of memory cells for parent frame */
+  u8 *aOnceFlag;          /* Array of OP_Once flags for parent frame */
+  VdbeCursor **apCsr;     /* Array of Vdbe cursors for parent frame */
+  void *token;            /* Copy of SubProgram.token */
+  i64 lastRowid;          /* Last insert rowid (sqlite3.lastRowid) */
+  int nCursor;            /* Number of entries in apCsr */
+  int pc;                 /* Program Counter in parent (calling) frame */
+  int nOp;                /* Size of aOp array */
+  int nMem;               /* Number of entries in aMem */
+  int nOnceFlag;          /* Number of entries in aOnceFlag */
+  int nChildMem;          /* Number of memory cells for child frame */
+  int nChildCsr;          /* Number of cursors for child frame */
+  int nChange;            /* Statement changes (Vdbe.nChange)     */
+  int nDbChange;          /* Value of db->nChange */
+};
+
+#define VdbeFrameMem(p) ((Mem *)&((u8 *)p)[ROUND8(sizeof(VdbeFrame))])
+
+/*
+** A value for VdbeCursor.cacheValid that means the cache is always invalid.
+*/
+#define CACHE_STALE 0
+
+/*
+** Internally, the vdbe manipulates nearly all SQL values as Mem
+** structures. Each Mem struct may cache multiple representations (string,
+** integer etc.) of the same value.
+*/
+struct Mem {
+  union MemValue {
+    double r;           /* Real value used when MEM_Real is set in flags */
+    i64 i;              /* Integer value used when MEM_Int is set in flags */
+    int nZero;          /* Used when bit MEM_Zero is set in flags */
+    FuncDef *pDef;      /* Used only when flags==MEM_Agg */
+    RowSet *pRowSet;    /* Used only when flags==MEM_RowSet */
+    VdbeFrame *pFrame;  /* Used when flags==MEM_Frame */
+  } u;
+  u16 flags;          /* Some combination of MEM_Null, MEM_Str, MEM_Dyn, etc. */
+  u8  enc;            /* SQLITE_UTF8, SQLITE_UTF16BE, SQLITE_UTF16LE */
+  u8  eSubtype;       /* Subtype for this value */
+  int n;              /* Number of characters in string value, excluding '\0' */
+  char *z;            /* String or BLOB value */
+  /* ShallowCopy only needs to copy the information above */
+  char *zMalloc;      /* Space to hold MEM_Str or MEM_Blob if szMalloc>0 */
+  int szMalloc;       /* Size of the zMalloc allocation */
+  u32 uTemp;          /* Transient storage for serial_type in OP_MakeRecord */
+  sqlite3 *db;        /* The associated database connection */
+  void (*xDel)(void*);/* Destructor for Mem.z - only valid if MEM_Dyn */
+#ifdef SQLITE_DEBUG
+  Mem *pScopyFrom;    /* This Mem is a shallow copy of pScopyFrom */
+  void *pFiller;      /* So that sizeof(Mem) is a multiple of 8 */
+#endif
+};
+
+/*
+** Size of struct Mem not including the Mem.zMalloc member or anything that
+** follows.
+*/
+#define MEMCELLSIZE offsetof(Mem,zMalloc)
+
+/* One or more of the following flags are set to indicate the validOK
+** representations of the value stored in the Mem struct.
+**
+** If the MEM_Null flag is set, then the value is an SQL NULL value.
+** No other flags may be set in this case.
+**
+** If the MEM_Str flag is set then Mem.z points at a string representation.
+** Usually this is encoded in the same unicode encoding as the main
+** database (see below for exceptions). If the MEM_Term flag is also
+** set, then the string is nul terminated. The MEM_Int and MEM_Real 
+** flags may coexist with the MEM_Str flag.
+*/
+#define MEM_Null      0x0001   /* Value is NULL */
+#define MEM_Str       0x0002   /* Value is a string */
+#define MEM_Int       0x0004   /* Value is an integer */
+#define MEM_Real      0x0008   /* Value is a real number */
+#define MEM_Blob      0x0010   /* Value is a BLOB */
+#define MEM_AffMask   0x001f   /* Mask of affinity bits */
+#define MEM_RowSet    0x0020   /* Value is a RowSet object */
+#define MEM_Frame     0x0040   /* Value is a VdbeFrame object */
+#define MEM_Undefined 0x0080   /* Value is undefined */
+#define MEM_Cleared   0x0100   /* NULL set by OP_Null, not from data */
+#define MEM_TypeMask  0x01ff   /* Mask of type bits */
+
+
+/* Whenever Mem contains a valid string or blob representation, one of
+** the following flags must be set to determine the memory management
+** policy for Mem.z.  The MEM_Term flag tells us whether or not the
+** string is \000 or \u0000 terminated
+*/
+#define MEM_Term      0x0200   /* String rep is nul terminated */
+#define MEM_Dyn       0x0400   /* Need to call Mem.xDel() on Mem.z */
+#define MEM_Static    0x0800   /* Mem.z points to a static string */
+#define MEM_Ephem     0x1000   /* Mem.z points to an ephemeral string */
+#define MEM_Agg       0x2000   /* Mem.z points to an agg function context */
+#define MEM_Zero      0x4000   /* Mem.i contains count of 0s appended to blob */
+#ifdef SQLITE_OMIT_INCRBLOB
+  #undef MEM_Zero
+  #define MEM_Zero 0x0000
+#endif
+
+/*
+** Clear any existing type flags from a Mem and replace them with f
+*/
+#define MemSetTypeFlag(p, f) \
+   ((p)->flags = ((p)->flags&~(MEM_TypeMask|MEM_Zero))|f)
+
+/*
+** Return true if a memory cell is not marked as invalid.  This macro
+** is for use inside assert() statements only.
+*/
+#ifdef SQLITE_DEBUG
+#define memIsValid(M)  ((M)->flags & MEM_Undefined)==0
+#endif
+
+/*
+** Each auxiliary data pointer stored by a user defined function 
+** implementation calling sqlite3_set_auxdata() is stored in an instance
+** of this structure. All such structures associated with a single VM
+** are stored in a linked list headed at Vdbe.pAuxData. All are destroyed
+** when the VM is halted (if not before).
+*/
+struct AuxData {
+  int iOp;                        /* Instruction number of OP_Function opcode */
+  int iArg;                       /* Index of function argument. */
+  void *pAux;                     /* Aux data pointer */
+  void (*xDelete)(void *);        /* Destructor for the aux data */
+  AuxData *pNext;                 /* Next element in list */
+};
+
+/*
+** The "context" argument for an installable function.  A pointer to an
+** instance of this structure is the first argument to the routines used
+** implement the SQL functions.
+**
+** There is a typedef for this structure in sqlite.h.  So all routines,
+** even the public interface to SQLite, can use a pointer to this structure.
+** But this file is the only place where the internal details of this
+** structure are known.
+**
+** This structure is defined inside of vdbeInt.h because it uses substructures
+** (Mem) which are only defined there.
+*/
+struct sqlite3_context {
+  Mem *pOut;              /* The return value is stored here */
+  FuncDef *pFunc;         /* Pointer to function information */
+  Mem *pMem;              /* Memory cell used to store aggregate context */
+  Vdbe *pVdbe;            /* The VM that owns this context */
+  int iOp;                /* Instruction number of OP_Function */
+  int isError;            /* Error code returned by the function. */
+  u8 skipFlag;            /* Skip accumulator loading if true */
+  u8 fErrorOrAux;         /* isError!=0 or pVdbe->pAuxData modified */
+  u8 argc;                /* Number of arguments */
+  sqlite3_value *argv[1]; /* Argument set */
+};
+
+/*
+** An Explain object accumulates indented output which is helpful
+** in describing recursive data structures.
+*/
+struct Explain {
+  Vdbe *pVdbe;       /* Attach the explanation to this Vdbe */
+  StrAccum str;      /* The string being accumulated */
+  int nIndent;       /* Number of elements in aIndent */
+  u16 aIndent[100];  /* Levels of indentation */
+  char zBase[100];   /* Initial space */
+};
+
+/* A bitfield type for use inside of structures.  Always follow with :N where
+** N is the number of bits.
+*/
+typedef unsigned bft;  /* Bit Field Type */
+
+typedef struct ScanStatus ScanStatus;
+struct ScanStatus {
+  int addrExplain;                /* OP_Explain for loop */
+  int addrLoop;                   /* Address of "loops" counter */
+  int addrVisit;                  /* Address of "rows visited" counter */
+  int iSelectID;                  /* The "Select-ID" for this loop */
+  LogEst nEst;                    /* Estimated output rows per loop */
+  char *zName;                    /* Name of table or index */
+};
+
+/*
+** An instance of the virtual machine.  This structure contains the complete
+** state of the virtual machine.
+**
+** The "sqlite3_stmt" structure pointer that is returned by sqlite3_prepare()
+** is really a pointer to an instance of this structure.
+*/
+struct Vdbe {
+  sqlite3 *db;            /* The database connection that owns this statement */
+  Op *aOp;                /* Space to hold the virtual machine's program */
+  Mem *aMem;              /* The memory locations */
+  Mem **apArg;            /* Arguments to currently executing user function */
+  Mem *aColName;          /* Column names to return */
+  Mem *pResultSet;        /* Pointer to an array of results */
+  Parse *pParse;          /* Parsing context used to create this Vdbe */
+  int nMem;               /* Number of memory locations currently allocated */
+  int nOp;                /* Number of instructions in the program */
+  int nCursor;            /* Number of slots in apCsr[] */
+  u32 magic;              /* Magic number for sanity checking */
+  char *zErrMsg;          /* Error message written here */
+  Vdbe *pPrev,*pNext;     /* Linked list of VDBEs with the same Vdbe.db */
+  VdbeCursor **apCsr;     /* One element of this array for each open cursor */
+  Mem *aVar;              /* Values for the OP_Variable opcode. */
+  char **azVar;           /* Name of variables */
+  ynVar nVar;             /* Number of entries in aVar[] */
+  ynVar nzVar;            /* Number of entries in azVar[] */
+  u32 cacheCtr;           /* VdbeCursor row cache generation counter */
+  int pc;                 /* The program counter */
+  int rc;                 /* Value to return */
+#ifdef SQLITE_DEBUG
+  int rcApp;              /* errcode set by sqlite3_result_error_code() */
+#endif
+  u16 nResColumn;         /* Number of columns in one row of the result set */
+  u8 errorAction;         /* Recovery action to do in case of an error */
+  u8 minWriteFileFormat;  /* Minimum file format for writable database files */
+  bft explain:2;          /* True if EXPLAIN present on SQL command */
+  bft changeCntOn:1;      /* True to update the change-counter */
+  bft expired:1;          /* True if the VM needs to be recompiled */
+  bft runOnlyOnce:1;      /* Automatically expire on reset */
+  bft usesStmtJournal:1;  /* True if uses a statement journal */
+  bft readOnly:1;         /* True for statements that do not write */
+  bft bIsReader:1;        /* True for statements that read */
+  bft isPrepareV2:1;      /* True if prepared with prepare_v2() */
+  bft doingRerun:1;       /* True if rerunning after an auto-reprepare */
+  int nChange;            /* Number of db changes made since last reset */
+  yDbMask btreeMask;      /* Bitmask of db->aDb[] entries referenced */
+  yDbMask lockMask;       /* Subset of btreeMask that requires a lock */
+  int iStatement;         /* Statement number (or 0 if has not opened stmt) */
+  u32 aCounter[5];        /* Counters used by sqlite3_stmt_status() */
+#ifndef SQLITE_OMIT_TRACE
+  i64 startTime;          /* Time when query started - used for profiling */
+#endif
+  i64 iCurrentTime;       /* Value of julianday('now') for this statement */
+  i64 nFkConstraint;      /* Number of imm. FK constraints this VM */
+  i64 nStmtDefCons;       /* Number of def. constraints when stmt started */
+  i64 nStmtDefImmCons;    /* Number of def. imm constraints when stmt started */
+  char *zSql;             /* Text of the SQL statement that generated this */
+  void *pFree;            /* Free this when deleting the vdbe */
+  VdbeFrame *pFrame;      /* Parent frame */
+  VdbeFrame *pDelFrame;   /* List of frame objects to free on VM reset */
+  int nFrame;             /* Number of frames in pFrame list */
+  u32 expmask;            /* Binding to these vars invalidates VM */
+  SubProgram *pProgram;   /* Linked list of all sub-programs used by VM */
+  int nOnceFlag;          /* Size of array aOnceFlag[] */
+  u8 *aOnceFlag;          /* Flags for OP_Once */
+  AuxData *pAuxData;      /* Linked list of auxdata allocations */
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+  i64 *anExec;            /* Number of times each op has been executed */
+  int nScan;              /* Entries in aScan[] */
+  ScanStatus *aScan;      /* Scan definitions for sqlite3_stmt_scanstatus() */
+#endif
+};
+
+/*
+** The following are allowed values for Vdbe.magic
+*/
+#define VDBE_MAGIC_INIT     0x26bceaa5    /* Building a VDBE program */
+#define VDBE_MAGIC_RUN      0xbdf20da3    /* VDBE is ready to execute */
+#define VDBE_MAGIC_HALT     0x519c2973    /* VDBE has completed execution */
+#define VDBE_MAGIC_DEAD     0xb606c3c8    /* The VDBE has been deallocated */
+
+/*
+** Function prototypes
+*/
+SQLITE_PRIVATE void sqlite3VdbeError(Vdbe*, const char *, ...);
+SQLITE_PRIVATE void sqlite3VdbeFreeCursor(Vdbe *, VdbeCursor*);
+void sqliteVdbePopStack(Vdbe*,int);
+SQLITE_PRIVATE int sqlite3VdbeCursorMoveto(VdbeCursor*);
+SQLITE_PRIVATE int sqlite3VdbeCursorRestore(VdbeCursor*);
+#if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
+SQLITE_PRIVATE void sqlite3VdbePrintOp(FILE*, int, Op*);
+#endif
+SQLITE_PRIVATE u32 sqlite3VdbeSerialTypeLen(u32);
+SQLITE_PRIVATE u8 sqlite3VdbeOneByteSerialTypeLen(u8);
+SQLITE_PRIVATE u32 sqlite3VdbeSerialType(Mem*, int, u32*);
+SQLITE_PRIVATE u32 sqlite3VdbeSerialPut(unsigned char*, Mem*, u32);
+SQLITE_PRIVATE u32 sqlite3VdbeSerialGet(const unsigned char*, u32, Mem*);
+SQLITE_PRIVATE void sqlite3VdbeDeleteAuxData(Vdbe*, int, int);
+
+int sqlite2BtreeKeyCompare(BtCursor *, const void *, int, int, int *);
+SQLITE_PRIVATE int sqlite3VdbeIdxKeyCompare(sqlite3*,VdbeCursor*,UnpackedRecord*,int*);
+SQLITE_PRIVATE int sqlite3VdbeIdxRowid(sqlite3*, BtCursor*, i64*);
+SQLITE_PRIVATE int sqlite3VdbeExec(Vdbe*);
+SQLITE_PRIVATE int sqlite3VdbeList(Vdbe*);
+SQLITE_PRIVATE int sqlite3VdbeHalt(Vdbe*);
+SQLITE_PRIVATE int sqlite3VdbeChangeEncoding(Mem *, int);
+SQLITE_PRIVATE int sqlite3VdbeMemTooBig(Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemCopy(Mem*, const Mem*);
+SQLITE_PRIVATE void sqlite3VdbeMemShallowCopy(Mem*, const Mem*, int);
+SQLITE_PRIVATE void sqlite3VdbeMemMove(Mem*, Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemNulTerminate(Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemSetStr(Mem*, const char*, int, u8, void(*)(void*));
+SQLITE_PRIVATE void sqlite3VdbeMemSetInt64(Mem*, i64);
+#ifdef SQLITE_OMIT_FLOATING_POINT
+# define sqlite3VdbeMemSetDouble sqlite3VdbeMemSetInt64
+#else
+SQLITE_PRIVATE   void sqlite3VdbeMemSetDouble(Mem*, double);
+#endif
+SQLITE_PRIVATE void sqlite3VdbeMemInit(Mem*,sqlite3*,u16);
+SQLITE_PRIVATE void sqlite3VdbeMemSetNull(Mem*);
+SQLITE_PRIVATE void sqlite3VdbeMemSetZeroBlob(Mem*,int);
+SQLITE_PRIVATE void sqlite3VdbeMemSetRowSet(Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemMakeWriteable(Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemStringify(Mem*, u8, u8);
+SQLITE_PRIVATE i64 sqlite3VdbeIntValue(Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemIntegerify(Mem*);
+SQLITE_PRIVATE double sqlite3VdbeRealValue(Mem*);
+SQLITE_PRIVATE void sqlite3VdbeIntegerAffinity(Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemRealify(Mem*);
+SQLITE_PRIVATE int sqlite3VdbeMemNumerify(Mem*);
+SQLITE_PRIVATE void sqlite3VdbeMemCast(Mem*,u8,u8);
+SQLITE_PRIVATE int sqlite3VdbeMemFromBtree(BtCursor*,u32,u32,int,Mem*);
+SQLITE_PRIVATE void sqlite3VdbeMemRelease(Mem *p);
+#define VdbeMemDynamic(X)  \
+  (((X)->flags&(MEM_Agg|MEM_Dyn|MEM_RowSet|MEM_Frame))!=0)
+SQLITE_PRIVATE int sqlite3VdbeMemFinalize(Mem*, FuncDef*);
+SQLITE_PRIVATE const char *sqlite3OpcodeName(int);
+SQLITE_PRIVATE int sqlite3VdbeMemGrow(Mem *pMem, int n, int preserve);
+SQLITE_PRIVATE int sqlite3VdbeMemClearAndResize(Mem *pMem, int n);
+SQLITE_PRIVATE int sqlite3VdbeCloseStatement(Vdbe *, int);
+SQLITE_PRIVATE void sqlite3VdbeFrameDelete(VdbeFrame*);
+SQLITE_PRIVATE int sqlite3VdbeFrameRestore(VdbeFrame *);
+SQLITE_PRIVATE int sqlite3VdbeTransferError(Vdbe *p);
+
+SQLITE_PRIVATE int sqlite3VdbeSorterInit(sqlite3 *, int, VdbeCursor *);
+SQLITE_PRIVATE void sqlite3VdbeSorterReset(sqlite3 *, VdbeSorter *);
+SQLITE_PRIVATE void sqlite3VdbeSorterClose(sqlite3 *, VdbeCursor *);
+SQLITE_PRIVATE int sqlite3VdbeSorterRowkey(const VdbeCursor *, Mem *);
+SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 *, const VdbeCursor *, int *);
+SQLITE_PRIVATE int sqlite3VdbeSorterRewind(const VdbeCursor *, int *);
+SQLITE_PRIVATE int sqlite3VdbeSorterWrite(const VdbeCursor *, Mem *);
+SQLITE_PRIVATE int sqlite3VdbeSorterCompare(const VdbeCursor *, Mem *, int, int *);
+
+#if !defined(SQLITE_OMIT_SHARED_CACHE) && SQLITE_THREADSAFE>0
+SQLITE_PRIVATE   void sqlite3VdbeEnter(Vdbe*);
+SQLITE_PRIVATE   void sqlite3VdbeLeave(Vdbe*);
+#else
+# define sqlite3VdbeEnter(X)
+# define sqlite3VdbeLeave(X)
+#endif
+
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE void sqlite3VdbeMemAboutToChange(Vdbe*,Mem*);
+SQLITE_PRIVATE int sqlite3VdbeCheckMemInvariants(Mem*);
+#endif
+
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+SQLITE_PRIVATE int sqlite3VdbeCheckFk(Vdbe *, int);
+#else
+# define sqlite3VdbeCheckFk(p,i) 0
+#endif
+
+SQLITE_PRIVATE int sqlite3VdbeMemTranslate(Mem*, u8);
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE   void sqlite3VdbePrintSql(Vdbe*);
+SQLITE_PRIVATE   void sqlite3VdbeMemPrettyPrint(Mem *pMem, char *zBuf);
+#endif
+SQLITE_PRIVATE int sqlite3VdbeMemHandleBom(Mem *pMem);
+
+#ifndef SQLITE_OMIT_INCRBLOB
+SQLITE_PRIVATE   int sqlite3VdbeMemExpandBlob(Mem *);
+  #define ExpandBlob(P) (((P)->flags&MEM_Zero)?sqlite3VdbeMemExpandBlob(P):0)
+#else
+  #define sqlite3VdbeMemExpandBlob(x) SQLITE_OK
+  #define ExpandBlob(P) SQLITE_OK
+#endif
+
+#endif /* !defined(_VDBEINT_H_) */
+
+/************** End of vdbeInt.h *********************************************/
+/************** Continuing where we left off in status.c *********************/
+
+/*
+** Variables in which to record status information.
+*/
+#if SQLITE_PTRSIZE>4
+typedef sqlite3_int64 sqlite3StatValueType;
+#else
+typedef u32 sqlite3StatValueType;
+#endif
+typedef struct sqlite3StatType sqlite3StatType;
+static SQLITE_WSD struct sqlite3StatType {
+  sqlite3StatValueType nowValue[10];  /* Current value */
+  sqlite3StatValueType mxValue[10];   /* Maximum value */
+} sqlite3Stat = { {0,}, {0,} };
+
+/*
+** Elements of sqlite3Stat[] are protected by either the memory allocator
+** mutex, or by the pcache1 mutex.  The following array determines which.
+*/
+static const char statMutex[] = {
+  0,  /* SQLITE_STATUS_MEMORY_USED */
+  1,  /* SQLITE_STATUS_PAGECACHE_USED */
+  1,  /* SQLITE_STATUS_PAGECACHE_OVERFLOW */
+  0,  /* SQLITE_STATUS_SCRATCH_USED */
+  0,  /* SQLITE_STATUS_SCRATCH_OVERFLOW */
+  0,  /* SQLITE_STATUS_MALLOC_SIZE */
+  0,  /* SQLITE_STATUS_PARSER_STACK */
+  1,  /* SQLITE_STATUS_PAGECACHE_SIZE */
+  0,  /* SQLITE_STATUS_SCRATCH_SIZE */
+  0,  /* SQLITE_STATUS_MALLOC_COUNT */
+};
+
+
+/* The "wsdStat" macro will resolve to the status information
+** state vector.  If writable static data is unsupported on the target,
+** we have to locate the state vector at run-time.  In the more common
+** case where writable static data is supported, wsdStat can refer directly
+** to the "sqlite3Stat" state vector declared above.
+*/
+#ifdef SQLITE_OMIT_WSD
+# define wsdStatInit  sqlite3StatType *x = &GLOBAL(sqlite3StatType,sqlite3Stat)
+# define wsdStat x[0]
+#else
+# define wsdStatInit
+# define wsdStat sqlite3Stat
+#endif
+
+/*
+** Return the current value of a status parameter.  The caller must
+** be holding the appropriate mutex.
+*/
+SQLITE_PRIVATE sqlite3_int64 sqlite3StatusValue(int op){
+  wsdStatInit;
+  assert( op>=0 && op<ArraySize(wsdStat.nowValue) );
+  assert( op>=0 && op<ArraySize(statMutex) );
+  assert( sqlite3_mutex_held(statMutex[op] ? sqlite3Pcache1Mutex()
+                                           : sqlite3MallocMutex()) );
+  return wsdStat.nowValue[op];
+}
+
+/*
+** Add N to the value of a status record.  The caller must hold the
+** appropriate mutex.  (Locking is checked by assert()).
+**
+** The StatusUp() routine can accept positive or negative values for N.
+** The value of N is added to the current status value and the high-water
+** mark is adjusted if necessary.
+**
+** The StatusDown() routine lowers the current value by N.  The highwater
+** mark is unchanged.  N must be non-negative for StatusDown().
+*/
+SQLITE_PRIVATE void sqlite3StatusUp(int op, int N){
+  wsdStatInit;
+  assert( op>=0 && op<ArraySize(wsdStat.nowValue) );
+  assert( op>=0 && op<ArraySize(statMutex) );
+  assert( sqlite3_mutex_held(statMutex[op] ? sqlite3Pcache1Mutex()
+                                           : sqlite3MallocMutex()) );
+  wsdStat.nowValue[op] += N;
+  if( wsdStat.nowValue[op]>wsdStat.mxValue[op] ){
+    wsdStat.mxValue[op] = wsdStat.nowValue[op];
+  }
+}
+SQLITE_PRIVATE void sqlite3StatusDown(int op, int N){
+  wsdStatInit;
+  assert( N>=0 );
+  assert( op>=0 && op<ArraySize(statMutex) );
+  assert( sqlite3_mutex_held(statMutex[op] ? sqlite3Pcache1Mutex()
+                                           : sqlite3MallocMutex()) );
+  assert( op>=0 && op<ArraySize(wsdStat.nowValue) );
+  wsdStat.nowValue[op] -= N;
+}
+
+/*
+** Adjust the highwater mark if necessary.
+** The caller must hold the appropriate mutex.
+*/
+SQLITE_PRIVATE void sqlite3StatusHighwater(int op, int X){
+  sqlite3StatValueType newValue;
+  wsdStatInit;
+  assert( X>=0 );
+  newValue = (sqlite3StatValueType)X;
+  assert( op>=0 && op<ArraySize(wsdStat.nowValue) );
+  assert( op>=0 && op<ArraySize(statMutex) );
+  assert( sqlite3_mutex_held(statMutex[op] ? sqlite3Pcache1Mutex()
+                                           : sqlite3MallocMutex()) );
+  assert( op==SQLITE_STATUS_MALLOC_SIZE
+          || op==SQLITE_STATUS_PAGECACHE_SIZE
+          || op==SQLITE_STATUS_SCRATCH_SIZE
+          || op==SQLITE_STATUS_PARSER_STACK );
+  if( newValue>wsdStat.mxValue[op] ){
+    wsdStat.mxValue[op] = newValue;
+  }
+}
+
+/*
+** Query status information.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_status64(
+  int op,
+  sqlite3_int64 *pCurrent,
+  sqlite3_int64 *pHighwater,
+  int resetFlag
+){
+  sqlite3_mutex *pMutex;
+  wsdStatInit;
+  if( op<0 || op>=ArraySize(wsdStat.nowValue) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( pCurrent==0 || pHighwater==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  pMutex = statMutex[op] ? sqlite3Pcache1Mutex() : sqlite3MallocMutex();
+  sqlite3_mutex_enter(pMutex);
+  *pCurrent = wsdStat.nowValue[op];
+  *pHighwater = wsdStat.mxValue[op];
+  if( resetFlag ){
+    wsdStat.mxValue[op] = wsdStat.nowValue[op];
+  }
+  sqlite3_mutex_leave(pMutex);
+  (void)pMutex;  /* Prevent warning when SQLITE_THREADSAFE=0 */
+  return SQLITE_OK;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_status(int op, int *pCurrent, int *pHighwater, int resetFlag){
+  sqlite3_int64 iCur, iHwtr;
+  int rc;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( pCurrent==0 || pHighwater==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  rc = sqlite3_status64(op, &iCur, &iHwtr, resetFlag);
+  if( rc==0 ){
+    *pCurrent = (int)iCur;
+    *pHighwater = (int)iHwtr;
+  }
+  return rc;
+}
+
+/*
+** Query status information for a single database connection
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_status(
+  sqlite3 *db,          /* The database connection whose status is desired */
+  int op,               /* Status verb */
+  int *pCurrent,        /* Write current value here */
+  int *pHighwater,      /* Write high-water mark here */
+  int resetFlag         /* Reset high-water mark if true */
+){
+  int rc = SQLITE_OK;   /* Return code */
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || pCurrent==0|| pHighwater==0 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  switch( op ){
+    case SQLITE_DBSTATUS_LOOKASIDE_USED: {
+      *pCurrent = db->lookaside.nOut;
+      *pHighwater = db->lookaside.mxOut;
+      if( resetFlag ){
+        db->lookaside.mxOut = db->lookaside.nOut;
+      }
+      break;
+    }
+
+    case SQLITE_DBSTATUS_LOOKASIDE_HIT:
+    case SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE:
+    case SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL: {
+      testcase( op==SQLITE_DBSTATUS_LOOKASIDE_HIT );
+      testcase( op==SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE );
+      testcase( op==SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL );
+      assert( (op-SQLITE_DBSTATUS_LOOKASIDE_HIT)>=0 );
+      assert( (op-SQLITE_DBSTATUS_LOOKASIDE_HIT)<3 );
+      *pCurrent = 0;
+      *pHighwater = db->lookaside.anStat[op - SQLITE_DBSTATUS_LOOKASIDE_HIT];
+      if( resetFlag ){
+        db->lookaside.anStat[op - SQLITE_DBSTATUS_LOOKASIDE_HIT] = 0;
+      }
+      break;
+    }
+
+    /* 
+    ** Return an approximation for the amount of memory currently used
+    ** by all pagers associated with the given database connection.  The
+    ** highwater mark is meaningless and is returned as zero.
+    */
+    case SQLITE_DBSTATUS_CACHE_USED: {
+      int totalUsed = 0;
+      int i;
+      sqlite3BtreeEnterAll(db);
+      for(i=0; i<db->nDb; i++){
+        Btree *pBt = db->aDb[i].pBt;
+        if( pBt ){
+          Pager *pPager = sqlite3BtreePager(pBt);
+          totalUsed += sqlite3PagerMemUsed(pPager);
+        }
+      }
+      sqlite3BtreeLeaveAll(db);
+      *pCurrent = totalUsed;
+      *pHighwater = 0;
+      break;
+    }
+
+    /*
+    ** *pCurrent gets an accurate estimate of the amount of memory used
+    ** to store the schema for all databases (main, temp, and any ATTACHed
+    ** databases.  *pHighwater is set to zero.
+    */
+    case SQLITE_DBSTATUS_SCHEMA_USED: {
+      int i;                      /* Used to iterate through schemas */
+      int nByte = 0;              /* Used to accumulate return value */
+
+      sqlite3BtreeEnterAll(db);
+      db->pnBytesFreed = &nByte;
+      for(i=0; i<db->nDb; i++){
+        Schema *pSchema = db->aDb[i].pSchema;
+        if( ALWAYS(pSchema!=0) ){
+          HashElem *p;
+
+          nByte += sqlite3GlobalConfig.m.xRoundup(sizeof(HashElem)) * (
+              pSchema->tblHash.count 
+            + pSchema->trigHash.count
+            + pSchema->idxHash.count
+            + pSchema->fkeyHash.count
+          );
+          nByte += sqlite3_msize(pSchema->tblHash.ht);
+          nByte += sqlite3_msize(pSchema->trigHash.ht);
+          nByte += sqlite3_msize(pSchema->idxHash.ht);
+          nByte += sqlite3_msize(pSchema->fkeyHash.ht);
+
+          for(p=sqliteHashFirst(&pSchema->trigHash); p; p=sqliteHashNext(p)){
+            sqlite3DeleteTrigger(db, (Trigger*)sqliteHashData(p));
+          }
+          for(p=sqliteHashFirst(&pSchema->tblHash); p; p=sqliteHashNext(p)){
+            sqlite3DeleteTable(db, (Table *)sqliteHashData(p));
+          }
+        }
+      }
+      db->pnBytesFreed = 0;
+      sqlite3BtreeLeaveAll(db);
+
+      *pHighwater = 0;
+      *pCurrent = nByte;
+      break;
+    }
+
+    /*
+    ** *pCurrent gets an accurate estimate of the amount of memory used
+    ** to store all prepared statements.
+    ** *pHighwater is set to zero.
+    */
+    case SQLITE_DBSTATUS_STMT_USED: {
+      struct Vdbe *pVdbe;         /* Used to iterate through VMs */
+      int nByte = 0;              /* Used to accumulate return value */
+
+      db->pnBytesFreed = &nByte;
+      for(pVdbe=db->pVdbe; pVdbe; pVdbe=pVdbe->pNext){
+        sqlite3VdbeClearObject(db, pVdbe);
+        sqlite3DbFree(db, pVdbe);
+      }
+      db->pnBytesFreed = 0;
+
+      *pHighwater = 0;  /* IMP: R-64479-57858 */
+      *pCurrent = nByte;
+
+      break;
+    }
+
+    /*
+    ** Set *pCurrent to the total cache hits or misses encountered by all
+    ** pagers the database handle is connected to. *pHighwater is always set 
+    ** to zero.
+    */
+    case SQLITE_DBSTATUS_CACHE_HIT:
+    case SQLITE_DBSTATUS_CACHE_MISS:
+    case SQLITE_DBSTATUS_CACHE_WRITE:{
+      int i;
+      int nRet = 0;
+      assert( SQLITE_DBSTATUS_CACHE_MISS==SQLITE_DBSTATUS_CACHE_HIT+1 );
+      assert( SQLITE_DBSTATUS_CACHE_WRITE==SQLITE_DBSTATUS_CACHE_HIT+2 );
+
+      for(i=0; i<db->nDb; i++){
+        if( db->aDb[i].pBt ){
+          Pager *pPager = sqlite3BtreePager(db->aDb[i].pBt);
+          sqlite3PagerCacheStat(pPager, op, resetFlag, &nRet);
+        }
+      }
+      *pHighwater = 0; /* IMP: R-42420-56072 */
+                       /* IMP: R-54100-20147 */
+                       /* IMP: R-29431-39229 */
+      *pCurrent = nRet;
+      break;
+    }
+
+    /* Set *pCurrent to non-zero if there are unresolved deferred foreign
+    ** key constraints.  Set *pCurrent to zero if all foreign key constraints
+    ** have been satisfied.  The *pHighwater is always set to zero.
+    */
+    case SQLITE_DBSTATUS_DEFERRED_FKS: {
+      *pHighwater = 0;  /* IMP: R-11967-56545 */
+      *pCurrent = db->nDeferredImmCons>0 || db->nDeferredCons>0;
+      break;
+    }
+
+    default: {
+      rc = SQLITE_ERROR;
+    }
+  }
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/************** End of status.c **********************************************/
+/************** Begin file date.c ********************************************/
+/*
+** 2003 October 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C functions that implement date and time
+** functions for SQLite.  
+**
+** There is only one exported symbol in this file - the function
+** sqlite3RegisterDateTimeFunctions() found at the bottom of the file.
+** All other code has file scope.
+**
+** SQLite processes all times and dates as julian day numbers.  The
+** dates and times are stored as the number of days since noon
+** in Greenwich on November 24, 4714 B.C. according to the Gregorian
+** calendar system. 
+**
+** 1970-01-01 00:00:00 is JD 2440587.5
+** 2000-01-01 00:00:00 is JD 2451544.5
+**
+** This implementation requires years to be expressed as a 4-digit number
+** which means that only dates between 0000-01-01 and 9999-12-31 can
+** be represented, even though julian day numbers allow a much wider
+** range of dates.
+**
+** The Gregorian calendar system is used for all dates and times,
+** even those that predate the Gregorian calendar.  Historians usually
+** use the julian calendar for dates prior to 1582-10-15 and for some
+** dates afterwards, depending on locale.  Beware of this difference.
+**
+** The conversion algorithms are implemented based on descriptions
+** in the following text:
+**
+**      Jean Meeus
+**      Astronomical Algorithms, 2nd Edition, 1998
+**      ISBM 0-943396-61-1
+**      Willmann-Bell, Inc
+**      Richmond, Virginia (USA)
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdlib.h> */
+/* #include <assert.h> */
+#include <time.h>
+
+#ifndef SQLITE_OMIT_DATETIME_FUNCS
+
+
+/*
+** A structure for holding a single date and time.
+*/
+typedef struct DateTime DateTime;
+struct DateTime {
+  sqlite3_int64 iJD; /* The julian day number times 86400000 */
+  int Y, M, D;       /* Year, month, and day */
+  int h, m;          /* Hour and minutes */
+  int tz;            /* Timezone offset in minutes */
+  double s;          /* Seconds */
+  char validYMD;     /* True (1) if Y,M,D are valid */
+  char validHMS;     /* True (1) if h,m,s are valid */
+  char validJD;      /* True (1) if iJD is valid */
+  char validTZ;      /* True (1) if tz is valid */
+  char tzSet;        /* Timezone was set explicitly */
+};
+
+
+/*
+** Convert zDate into one or more integers.  Additional arguments
+** come in groups of 5 as follows:
+**
+**       N       number of digits in the integer
+**       min     minimum allowed value of the integer
+**       max     maximum allowed value of the integer
+**       nextC   first character after the integer
+**       pVal    where to write the integers value.
+**
+** Conversions continue until one with nextC==0 is encountered.
+** The function returns the number of successful conversions.
+*/
+static int getDigits(const char *zDate, ...){
+  va_list ap;
+  int val;
+  int N;
+  int min;
+  int max;
+  int nextC;
+  int *pVal;
+  int cnt = 0;
+  va_start(ap, zDate);
+  do{
+    N = va_arg(ap, int);
+    min = va_arg(ap, int);
+    max = va_arg(ap, int);
+    nextC = va_arg(ap, int);
+    pVal = va_arg(ap, int*);
+    val = 0;
+    while( N-- ){
+      if( !sqlite3Isdigit(*zDate) ){
+        goto end_getDigits;
+      }
+      val = val*10 + *zDate - '0';
+      zDate++;
+    }
+    if( val<min || val>max || (nextC!=0 && nextC!=*zDate) ){
+      goto end_getDigits;
+    }
+    *pVal = val;
+    zDate++;
+    cnt++;
+  }while( nextC );
+end_getDigits:
+  va_end(ap);
+  return cnt;
+}
+
+/*
+** Parse a timezone extension on the end of a date-time.
+** The extension is of the form:
+**
+**        (+/-)HH:MM
+**
+** Or the "zulu" notation:
+**
+**        Z
+**
+** If the parse is successful, write the number of minutes
+** of change in p->tz and return 0.  If a parser error occurs,
+** return non-zero.
+**
+** A missing specifier is not considered an error.
+*/
+static int parseTimezone(const char *zDate, DateTime *p){
+  int sgn = 0;
+  int nHr, nMn;
+  int c;
+  while( sqlite3Isspace(*zDate) ){ zDate++; }
+  p->tz = 0;
+  c = *zDate;
+  if( c=='-' ){
+    sgn = -1;
+  }else if( c=='+' ){
+    sgn = +1;
+  }else if( c=='Z' || c=='z' ){
+    zDate++;
+    goto zulu_time;
+  }else{
+    return c!=0;
+  }
+  zDate++;
+  if( getDigits(zDate, 2, 0, 14, ':', &nHr, 2, 0, 59, 0, &nMn)!=2 ){
+    return 1;
+  }
+  zDate += 5;
+  p->tz = sgn*(nMn + nHr*60);
+zulu_time:
+  while( sqlite3Isspace(*zDate) ){ zDate++; }
+  p->tzSet = 1;
+  return *zDate!=0;
+}
+
+/*
+** Parse times of the form HH:MM or HH:MM:SS or HH:MM:SS.FFFF.
+** The HH, MM, and SS must each be exactly 2 digits.  The
+** fractional seconds FFFF can be one or more digits.
+**
+** Return 1 if there is a parsing error and 0 on success.
+*/
+static int parseHhMmSs(const char *zDate, DateTime *p){
+  int h, m, s;
+  double ms = 0.0;
+  if( getDigits(zDate, 2, 0, 24, ':', &h, 2, 0, 59, 0, &m)!=2 ){
+    return 1;
+  }
+  zDate += 5;
+  if( *zDate==':' ){
+    zDate++;
+    if( getDigits(zDate, 2, 0, 59, 0, &s)!=1 ){
+      return 1;
+    }
+    zDate += 2;
+    if( *zDate=='.' && sqlite3Isdigit(zDate[1]) ){
+      double rScale = 1.0;
+      zDate++;
+      while( sqlite3Isdigit(*zDate) ){
+        ms = ms*10.0 + *zDate - '0';
+        rScale *= 10.0;
+        zDate++;
+      }
+      ms /= rScale;
+    }
+  }else{
+    s = 0;
+  }
+  p->validJD = 0;
+  p->validHMS = 1;
+  p->h = h;
+  p->m = m;
+  p->s = s + ms;
+  if( parseTimezone(zDate, p) ) return 1;
+  p->validTZ = (p->tz!=0)?1:0;
+  return 0;
+}
+
+/*
+** Convert from YYYY-MM-DD HH:MM:SS to julian day.  We always assume
+** that the YYYY-MM-DD is according to the Gregorian calendar.
+**
+** Reference:  Meeus page 61
+*/
+static void computeJD(DateTime *p){
+  int Y, M, D, A, B, X1, X2;
+
+  if( p->validJD ) return;
+  if( p->validYMD ){
+    Y = p->Y;
+    M = p->M;
+    D = p->D;
+  }else{
+    Y = 2000;  /* If no YMD specified, assume 2000-Jan-01 */
+    M = 1;
+    D = 1;
+  }
+  if( M<=2 ){
+    Y--;
+    M += 12;
+  }
+  A = Y/100;
+  B = 2 - A + (A/4);
+  X1 = 36525*(Y+4716)/100;
+  X2 = 306001*(M+1)/10000;
+  p->iJD = (sqlite3_int64)((X1 + X2 + D + B - 1524.5 ) * 86400000);
+  p->validJD = 1;
+  if( p->validHMS ){
+    p->iJD += p->h*3600000 + p->m*60000 + (sqlite3_int64)(p->s*1000);
+    if( p->validTZ ){
+      p->iJD -= p->tz*60000;
+      p->validYMD = 0;
+      p->validHMS = 0;
+      p->validTZ = 0;
+    }
+  }
+}
+
+/*
+** Parse dates of the form
+**
+**     YYYY-MM-DD HH:MM:SS.FFF
+**     YYYY-MM-DD HH:MM:SS
+**     YYYY-MM-DD HH:MM
+**     YYYY-MM-DD
+**
+** Write the result into the DateTime structure and return 0
+** on success and 1 if the input string is not a well-formed
+** date.
+*/
+static int parseYyyyMmDd(const char *zDate, DateTime *p){
+  int Y, M, D, neg;
+
+  if( zDate[0]=='-' ){
+    zDate++;
+    neg = 1;
+  }else{
+    neg = 0;
+  }
+  if( getDigits(zDate,4,0,9999,'-',&Y,2,1,12,'-',&M,2,1,31,0,&D)!=3 ){
+    return 1;
+  }
+  zDate += 10;
+  while( sqlite3Isspace(*zDate) || 'T'==*(u8*)zDate ){ zDate++; }
+  if( parseHhMmSs(zDate, p)==0 ){
+    /* We got the time */
+  }else if( *zDate==0 ){
+    p->validHMS = 0;
+  }else{
+    return 1;
+  }
+  p->validJD = 0;
+  p->validYMD = 1;
+  p->Y = neg ? -Y : Y;
+  p->M = M;
+  p->D = D;
+  if( p->validTZ ){
+    computeJD(p);
+  }
+  return 0;
+}
+
+/*
+** Set the time to the current time reported by the VFS.
+**
+** Return the number of errors.
+*/
+static int setDateTimeToCurrent(sqlite3_context *context, DateTime *p){
+  p->iJD = sqlite3StmtCurrentTime(context);
+  if( p->iJD>0 ){
+    p->validJD = 1;
+    return 0;
+  }else{
+    return 1;
+  }
+}
+
+/*
+** Attempt to parse the given string into a julian day number.  Return
+** the number of errors.
+**
+** The following are acceptable forms for the input string:
+**
+**      YYYY-MM-DD HH:MM:SS.FFF  +/-HH:MM
+**      DDDD.DD 
+**      now
+**
+** In the first form, the +/-HH:MM is always optional.  The fractional
+** seconds extension (the ".FFF") is optional.  The seconds portion
+** (":SS.FFF") is option.  The year and date can be omitted as long
+** as there is a time string.  The time string can be omitted as long
+** as there is a year and date.
+*/
+static int parseDateOrTime(
+  sqlite3_context *context, 
+  const char *zDate, 
+  DateTime *p
+){
+  double r;
+  if( parseYyyyMmDd(zDate,p)==0 ){
+    return 0;
+  }else if( parseHhMmSs(zDate, p)==0 ){
+    return 0;
+  }else if( sqlite3StrICmp(zDate,"now")==0){
+    return setDateTimeToCurrent(context, p);
+  }else if( sqlite3AtoF(zDate, &r, sqlite3Strlen30(zDate), SQLITE_UTF8) ){
+    p->iJD = (sqlite3_int64)(r*86400000.0 + 0.5);
+    p->validJD = 1;
+    return 0;
+  }
+  return 1;
+}
+
+/*
+** Compute the Year, Month, and Day from the julian day number.
+*/
+static void computeYMD(DateTime *p){
+  int Z, A, B, C, D, E, X1;
+  if( p->validYMD ) return;
+  if( !p->validJD ){
+    p->Y = 2000;
+    p->M = 1;
+    p->D = 1;
+  }else{
+    Z = (int)((p->iJD + 43200000)/86400000);
+    A = (int)((Z - 1867216.25)/36524.25);
+    A = Z + 1 + A - (A/4);
+    B = A + 1524;
+    C = (int)((B - 122.1)/365.25);
+    D = (36525*(C&32767))/100;
+    E = (int)((B-D)/30.6001);
+    X1 = (int)(30.6001*E);
+    p->D = B - D - X1;
+    p->M = E<14 ? E-1 : E-13;
+    p->Y = p->M>2 ? C - 4716 : C - 4715;
+  }
+  p->validYMD = 1;
+}
+
+/*
+** Compute the Hour, Minute, and Seconds from the julian day number.
+*/
+static void computeHMS(DateTime *p){
+  int s;
+  if( p->validHMS ) return;
+  computeJD(p);
+  s = (int)((p->iJD + 43200000) % 86400000);
+  p->s = s/1000.0;
+  s = (int)p->s;
+  p->s -= s;
+  p->h = s/3600;
+  s -= p->h*3600;
+  p->m = s/60;
+  p->s += s - p->m*60;
+  p->validHMS = 1;
+}
+
+/*
+** Compute both YMD and HMS
+*/
+static void computeYMD_HMS(DateTime *p){
+  computeYMD(p);
+  computeHMS(p);
+}
+
+/*
+** Clear the YMD and HMS and the TZ
+*/
+static void clearYMD_HMS_TZ(DateTime *p){
+  p->validYMD = 0;
+  p->validHMS = 0;
+  p->validTZ = 0;
+}
+
+/*
+** On recent Windows platforms, the localtime_s() function is available
+** as part of the "Secure CRT". It is essentially equivalent to 
+** localtime_r() available under most POSIX platforms, except that the 
+** order of the parameters is reversed.
+**
+** See http://msdn.microsoft.com/en-us/library/a442x3ye(VS.80).aspx.
+**
+** If the user has not indicated to use localtime_r() or localtime_s()
+** already, check for an MSVC build environment that provides 
+** localtime_s().
+*/
+#if !HAVE_LOCALTIME_R && !HAVE_LOCALTIME_S \
+    && defined(_MSC_VER) && defined(_CRT_INSECURE_DEPRECATE)
+#undef  HAVE_LOCALTIME_S
+#define HAVE_LOCALTIME_S 1
+#endif
+
+#ifndef SQLITE_OMIT_LOCALTIME
+/*
+** The following routine implements the rough equivalent of localtime_r()
+** using whatever operating-system specific localtime facility that
+** is available.  This routine returns 0 on success and
+** non-zero on any kind of error.
+**
+** If the sqlite3GlobalConfig.bLocaltimeFault variable is true then this
+** routine will always fail.
+**
+** EVIDENCE-OF: R-62172-00036 In this implementation, the standard C
+** library function localtime_r() is used to assist in the calculation of
+** local time.
+*/
+static int osLocaltime(time_t *t, struct tm *pTm){
+  int rc;
+#if !HAVE_LOCALTIME_R && !HAVE_LOCALTIME_S
+  struct tm *pX;
+#if SQLITE_THREADSAFE>0
+  sqlite3_mutex *mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+#endif
+  sqlite3_mutex_enter(mutex);
+  pX = localtime(t);
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+  if( sqlite3GlobalConfig.bLocaltimeFault ) pX = 0;
+#endif
+  if( pX ) *pTm = *pX;
+  sqlite3_mutex_leave(mutex);
+  rc = pX==0;
+#else
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+  if( sqlite3GlobalConfig.bLocaltimeFault ) return 1;
+#endif
+#if HAVE_LOCALTIME_R
+  rc = localtime_r(t, pTm)==0;
+#else
+  rc = localtime_s(pTm, t);
+#endif /* HAVE_LOCALTIME_R */
+#endif /* HAVE_LOCALTIME_R || HAVE_LOCALTIME_S */
+  return rc;
+}
+#endif /* SQLITE_OMIT_LOCALTIME */
+
+
+#ifndef SQLITE_OMIT_LOCALTIME
+/*
+** Compute the difference (in milliseconds) between localtime and UTC
+** (a.k.a. GMT) for the time value p where p is in UTC. If no error occurs,
+** return this value and set *pRc to SQLITE_OK. 
+**
+** Or, if an error does occur, set *pRc to SQLITE_ERROR. The returned value
+** is undefined in this case.
+*/
+static sqlite3_int64 localtimeOffset(
+  DateTime *p,                    /* Date at which to calculate offset */
+  sqlite3_context *pCtx,          /* Write error here if one occurs */
+  int *pRc                        /* OUT: Error code. SQLITE_OK or ERROR */
+){
+  DateTime x, y;
+  time_t t;
+  struct tm sLocal;
+
+  /* Initialize the contents of sLocal to avoid a compiler warning. */
+  memset(&sLocal, 0, sizeof(sLocal));
+
+  x = *p;
+  computeYMD_HMS(&x);
+  if( x.Y<1971 || x.Y>=2038 ){
+    /* EVIDENCE-OF: R-55269-29598 The localtime_r() C function normally only
+    ** works for years between 1970 and 2037. For dates outside this range,
+    ** SQLite attempts to map the year into an equivalent year within this
+    ** range, do the calculation, then map the year back.
+    */
+    x.Y = 2000;
+    x.M = 1;
+    x.D = 1;
+    x.h = 0;
+    x.m = 0;
+    x.s = 0.0;
+  } else {
+    int s = (int)(x.s + 0.5);
+    x.s = s;
+  }
+  x.tz = 0;
+  x.validJD = 0;
+  computeJD(&x);
+  t = (time_t)(x.iJD/1000 - 21086676*(i64)10000);
+  if( osLocaltime(&t, &sLocal) ){
+    sqlite3_result_error(pCtx, "local time unavailable", -1);
+    *pRc = SQLITE_ERROR;
+    return 0;
+  }
+  y.Y = sLocal.tm_year + 1900;
+  y.M = sLocal.tm_mon + 1;
+  y.D = sLocal.tm_mday;
+  y.h = sLocal.tm_hour;
+  y.m = sLocal.tm_min;
+  y.s = sLocal.tm_sec;
+  y.validYMD = 1;
+  y.validHMS = 1;
+  y.validJD = 0;
+  y.validTZ = 0;
+  computeJD(&y);
+  *pRc = SQLITE_OK;
+  return y.iJD - x.iJD;
+}
+#endif /* SQLITE_OMIT_LOCALTIME */
+
+/*
+** Process a modifier to a date-time stamp.  The modifiers are
+** as follows:
+**
+**     NNN days
+**     NNN hours
+**     NNN minutes
+**     NNN.NNNN seconds
+**     NNN months
+**     NNN years
+**     start of month
+**     start of year
+**     start of week
+**     start of day
+**     weekday N
+**     unixepoch
+**     localtime
+**     utc
+**
+** Return 0 on success and 1 if there is any kind of error. If the error
+** is in a system call (i.e. localtime()), then an error message is written
+** to context pCtx. If the error is an unrecognized modifier, no error is
+** written to pCtx.
+*/
+static int parseModifier(sqlite3_context *pCtx, const char *zMod, DateTime *p){
+  int rc = 1;
+  int n;
+  double r;
+  char *z, zBuf[30];
+  z = zBuf;
+  for(n=0; n<ArraySize(zBuf)-1 && zMod[n]; n++){
+    z[n] = (char)sqlite3UpperToLower[(u8)zMod[n]];
+  }
+  z[n] = 0;
+  switch( z[0] ){
+#ifndef SQLITE_OMIT_LOCALTIME
+    case 'l': {
+      /*    localtime
+      **
+      ** Assuming the current time value is UTC (a.k.a. GMT), shift it to
+      ** show local time.
+      */
+      if( strcmp(z, "localtime")==0 ){
+        computeJD(p);
+        p->iJD += localtimeOffset(p, pCtx, &rc);
+        clearYMD_HMS_TZ(p);
+      }
+      break;
+    }
+#endif
+    case 'u': {
+      /*
+      **    unixepoch
+      **
+      ** Treat the current value of p->iJD as the number of
+      ** seconds since 1970.  Convert to a real julian day number.
+      */
+      if( strcmp(z, "unixepoch")==0 && p->validJD ){
+        p->iJD = (p->iJD + 43200)/86400 + 21086676*(i64)10000000;
+        clearYMD_HMS_TZ(p);
+        rc = 0;
+      }
+#ifndef SQLITE_OMIT_LOCALTIME
+      else if( strcmp(z, "utc")==0 ){
+        if( p->tzSet==0 ){
+          sqlite3_int64 c1;
+          computeJD(p);
+          c1 = localtimeOffset(p, pCtx, &rc);
+          if( rc==SQLITE_OK ){
+            p->iJD -= c1;
+            clearYMD_HMS_TZ(p);
+            p->iJD += c1 - localtimeOffset(p, pCtx, &rc);
+          }
+          p->tzSet = 1;
+        }else{
+          rc = SQLITE_OK;
+        }
+      }
+#endif
+      break;
+    }
+    case 'w': {
+      /*
+      **    weekday N
+      **
+      ** Move the date to the same time on the next occurrence of
+      ** weekday N where 0==Sunday, 1==Monday, and so forth.  If the
+      ** date is already on the appropriate weekday, this is a no-op.
+      */
+      if( strncmp(z, "weekday ", 8)==0
+               && sqlite3AtoF(&z[8], &r, sqlite3Strlen30(&z[8]), SQLITE_UTF8)
+               && (n=(int)r)==r && n>=0 && r<7 ){
+        sqlite3_int64 Z;
+        computeYMD_HMS(p);
+        p->validTZ = 0;
+        p->validJD = 0;
+        computeJD(p);
+        Z = ((p->iJD + 129600000)/86400000) % 7;
+        if( Z>n ) Z -= 7;
+        p->iJD += (n - Z)*86400000;
+        clearYMD_HMS_TZ(p);
+        rc = 0;
+      }
+      break;
+    }
+    case 's': {
+      /*
+      **    start of TTTTT
+      **
+      ** Move the date backwards to the beginning of the current day,
+      ** or month or year.
+      */
+      if( strncmp(z, "start of ", 9)!=0 ) break;
+      z += 9;
+      computeYMD(p);
+      p->validHMS = 1;
+      p->h = p->m = 0;
+      p->s = 0.0;
+      p->validTZ = 0;
+      p->validJD = 0;
+      if( strcmp(z,"month")==0 ){
+        p->D = 1;
+        rc = 0;
+      }else if( strcmp(z,"year")==0 ){
+        computeYMD(p);
+        p->M = 1;
+        p->D = 1;
+        rc = 0;
+      }else if( strcmp(z,"day")==0 ){
+        rc = 0;
+      }
+      break;
+    }
+    case '+':
+    case '-':
+    case '0':
+    case '1':
+    case '2':
+    case '3':
+    case '4':
+    case '5':
+    case '6':
+    case '7':
+    case '8':
+    case '9': {
+      double rRounder;
+      for(n=1; z[n] && z[n]!=':' && !sqlite3Isspace(z[n]); n++){}
+      if( !sqlite3AtoF(z, &r, n, SQLITE_UTF8) ){
+        rc = 1;
+        break;
+      }
+      if( z[n]==':' ){
+        /* A modifier of the form (+|-)HH:MM:SS.FFF adds (or subtracts) the
+        ** specified number of hours, minutes, seconds, and fractional seconds
+        ** to the time.  The ".FFF" may be omitted.  The ":SS.FFF" may be
+        ** omitted.
+        */
+        const char *z2 = z;
+        DateTime tx;
+        sqlite3_int64 day;
+        if( !sqlite3Isdigit(*z2) ) z2++;
+        memset(&tx, 0, sizeof(tx));
+        if( parseHhMmSs(z2, &tx) ) break;
+        computeJD(&tx);
+        tx.iJD -= 43200000;
+        day = tx.iJD/86400000;
+        tx.iJD -= day*86400000;
+        if( z[0]=='-' ) tx.iJD = -tx.iJD;
+        computeJD(p);
+        clearYMD_HMS_TZ(p);
+        p->iJD += tx.iJD;
+        rc = 0;
+        break;
+      }
+      z += n;
+      while( sqlite3Isspace(*z) ) z++;
+      n = sqlite3Strlen30(z);
+      if( n>10 || n<3 ) break;
+      if( z[n-1]=='s' ){ z[n-1] = 0; n--; }
+      computeJD(p);
+      rc = 0;
+      rRounder = r<0 ? -0.5 : +0.5;
+      if( n==3 && strcmp(z,"day")==0 ){
+        p->iJD += (sqlite3_int64)(r*86400000.0 + rRounder);
+      }else if( n==4 && strcmp(z,"hour")==0 ){
+        p->iJD += (sqlite3_int64)(r*(86400000.0/24.0) + rRounder);
+      }else if( n==6 && strcmp(z,"minute")==0 ){
+        p->iJD += (sqlite3_int64)(r*(86400000.0/(24.0*60.0)) + rRounder);
+      }else if( n==6 && strcmp(z,"second")==0 ){
+        p->iJD += (sqlite3_int64)(r*(86400000.0/(24.0*60.0*60.0)) + rRounder);
+      }else if( n==5 && strcmp(z,"month")==0 ){
+        int x, y;
+        computeYMD_HMS(p);
+        p->M += (int)r;
+        x = p->M>0 ? (p->M-1)/12 : (p->M-12)/12;
+        p->Y += x;
+        p->M -= x*12;
+        p->validJD = 0;
+        computeJD(p);
+        y = (int)r;
+        if( y!=r ){
+          p->iJD += (sqlite3_int64)((r - y)*30.0*86400000.0 + rRounder);
+        }
+      }else if( n==4 && strcmp(z,"year")==0 ){
+        int y = (int)r;
+        computeYMD_HMS(p);
+        p->Y += y;
+        p->validJD = 0;
+        computeJD(p);
+        if( y!=r ){
+          p->iJD += (sqlite3_int64)((r - y)*365.0*86400000.0 + rRounder);
+        }
+      }else{
+        rc = 1;
+      }
+      clearYMD_HMS_TZ(p);
+      break;
+    }
+    default: {
+      break;
+    }
+  }
+  return rc;
+}
+
+/*
+** Process time function arguments.  argv[0] is a date-time stamp.
+** argv[1] and following are modifiers.  Parse them all and write
+** the resulting time into the DateTime structure p.  Return 0
+** on success and 1 if there are any errors.
+**
+** If there are zero parameters (if even argv[0] is undefined)
+** then assume a default value of "now" for argv[0].
+*/
+static int isDate(
+  sqlite3_context *context, 
+  int argc, 
+  sqlite3_value **argv, 
+  DateTime *p
+){
+  int i;
+  const unsigned char *z;
+  int eType;
+  memset(p, 0, sizeof(*p));
+  if( argc==0 ){
+    return setDateTimeToCurrent(context, p);
+  }
+  if( (eType = sqlite3_value_type(argv[0]))==SQLITE_FLOAT
+                   || eType==SQLITE_INTEGER ){
+    p->iJD = (sqlite3_int64)(sqlite3_value_double(argv[0])*86400000.0 + 0.5);
+    p->validJD = 1;
+  }else{
+    z = sqlite3_value_text(argv[0]);
+    if( !z || parseDateOrTime(context, (char*)z, p) ){
+      return 1;
+    }
+  }
+  for(i=1; i<argc; i++){
+    z = sqlite3_value_text(argv[i]);
+    if( z==0 || parseModifier(context, (char*)z, p) ) return 1;
+  }
+  return 0;
+}
+
+
+/*
+** The following routines implement the various date and time functions
+** of SQLite.
+*/
+
+/*
+**    julianday( TIMESTRING, MOD, MOD, ...)
+**
+** Return the julian day number of the date specified in the arguments
+*/
+static void juliandayFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  DateTime x;
+  if( isDate(context, argc, argv, &x)==0 ){
+    computeJD(&x);
+    sqlite3_result_double(context, x.iJD/86400000.0);
+  }
+}
+
+/*
+**    datetime( TIMESTRING, MOD, MOD, ...)
+**
+** Return YYYY-MM-DD HH:MM:SS
+*/
+static void datetimeFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  DateTime x;
+  if( isDate(context, argc, argv, &x)==0 ){
+    char zBuf[100];
+    computeYMD_HMS(&x);
+    sqlite3_snprintf(sizeof(zBuf), zBuf, "%04d-%02d-%02d %02d:%02d:%02d",
+                     x.Y, x.M, x.D, x.h, x.m, (int)(x.s));
+    sqlite3_result_text(context, zBuf, -1, SQLITE_TRANSIENT);
+  }
+}
+
+/*
+**    time( TIMESTRING, MOD, MOD, ...)
+**
+** Return HH:MM:SS
+*/
+static void timeFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  DateTime x;
+  if( isDate(context, argc, argv, &x)==0 ){
+    char zBuf[100];
+    computeHMS(&x);
+    sqlite3_snprintf(sizeof(zBuf), zBuf, "%02d:%02d:%02d", x.h, x.m, (int)x.s);
+    sqlite3_result_text(context, zBuf, -1, SQLITE_TRANSIENT);
+  }
+}
+
+/*
+**    date( TIMESTRING, MOD, MOD, ...)
+**
+** Return YYYY-MM-DD
+*/
+static void dateFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  DateTime x;
+  if( isDate(context, argc, argv, &x)==0 ){
+    char zBuf[100];
+    computeYMD(&x);
+    sqlite3_snprintf(sizeof(zBuf), zBuf, "%04d-%02d-%02d", x.Y, x.M, x.D);
+    sqlite3_result_text(context, zBuf, -1, SQLITE_TRANSIENT);
+  }
+}
+
+/*
+**    strftime( FORMAT, TIMESTRING, MOD, MOD, ...)
+**
+** Return a string described by FORMAT.  Conversions as follows:
+**
+**   %d  day of month
+**   %f  ** fractional seconds  SS.SSS
+**   %H  hour 00-24
+**   %j  day of year 000-366
+**   %J  ** julian day number
+**   %m  month 01-12
+**   %M  minute 00-59
+**   %s  seconds since 1970-01-01
+**   %S  seconds 00-59
+**   %w  day of week 0-6  sunday==0
+**   %W  week of year 00-53
+**   %Y  year 0000-9999
+**   %%  %
+*/
+static void strftimeFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  DateTime x;
+  u64 n;
+  size_t i,j;
+  char *z;
+  sqlite3 *db;
+  const char *zFmt;
+  char zBuf[100];
+  if( argc==0 ) return;
+  zFmt = (const char*)sqlite3_value_text(argv[0]);
+  if( zFmt==0 || isDate(context, argc-1, argv+1, &x) ) return;
+  db = sqlite3_context_db_handle(context);
+  for(i=0, n=1; zFmt[i]; i++, n++){
+    if( zFmt[i]=='%' ){
+      switch( zFmt[i+1] ){
+        case 'd':
+        case 'H':
+        case 'm':
+        case 'M':
+        case 'S':
+        case 'W':
+          n++;
+          /* fall thru */
+        case 'w':
+        case '%':
+          break;
+        case 'f':
+          n += 8;
+          break;
+        case 'j':
+          n += 3;
+          break;
+        case 'Y':
+          n += 8;
+          break;
+        case 's':
+        case 'J':
+          n += 50;
+          break;
+        default:
+          return;  /* ERROR.  return a NULL */
+      }
+      i++;
+    }
+  }
+  testcase( n==sizeof(zBuf)-1 );
+  testcase( n==sizeof(zBuf) );
+  testcase( n==(u64)db->aLimit[SQLITE_LIMIT_LENGTH]+1 );
+  testcase( n==(u64)db->aLimit[SQLITE_LIMIT_LENGTH] );
+  if( n<sizeof(zBuf) ){
+    z = zBuf;
+  }else if( n>(u64)db->aLimit[SQLITE_LIMIT_LENGTH] ){
+    sqlite3_result_error_toobig(context);
+    return;
+  }else{
+    z = sqlite3DbMallocRaw(db, (int)n);
+    if( z==0 ){
+      sqlite3_result_error_nomem(context);
+      return;
+    }
+  }
+  computeJD(&x);
+  computeYMD_HMS(&x);
+  for(i=j=0; zFmt[i]; i++){
+    if( zFmt[i]!='%' ){
+      z[j++] = zFmt[i];
+    }else{
+      i++;
+      switch( zFmt[i] ){
+        case 'd':  sqlite3_snprintf(3, &z[j],"%02d",x.D); j+=2; break;
+        case 'f': {
+          double s = x.s;
+          if( s>59.999 ) s = 59.999;
+          sqlite3_snprintf(7, &z[j],"%06.3f", s);
+          j += sqlite3Strlen30(&z[j]);
+          break;
+        }
+        case 'H':  sqlite3_snprintf(3, &z[j],"%02d",x.h); j+=2; break;
+        case 'W': /* Fall thru */
+        case 'j': {
+          int nDay;             /* Number of days since 1st day of year */
+          DateTime y = x;
+          y.validJD = 0;
+          y.M = 1;
+          y.D = 1;
+          computeJD(&y);
+          nDay = (int)((x.iJD-y.iJD+43200000)/86400000);
+          if( zFmt[i]=='W' ){
+            int wd;   /* 0=Monday, 1=Tuesday, ... 6=Sunday */
+            wd = (int)(((x.iJD+43200000)/86400000)%7);
+            sqlite3_snprintf(3, &z[j],"%02d",(nDay+7-wd)/7);
+            j += 2;
+          }else{
+            sqlite3_snprintf(4, &z[j],"%03d",nDay+1);
+            j += 3;
+          }
+          break;
+        }
+        case 'J': {
+          sqlite3_snprintf(20, &z[j],"%.16g",x.iJD/86400000.0);
+          j+=sqlite3Strlen30(&z[j]);
+          break;
+        }
+        case 'm':  sqlite3_snprintf(3, &z[j],"%02d",x.M); j+=2; break;
+        case 'M':  sqlite3_snprintf(3, &z[j],"%02d",x.m); j+=2; break;
+        case 's': {
+          sqlite3_snprintf(30,&z[j],"%lld",
+                           (i64)(x.iJD/1000 - 21086676*(i64)10000));
+          j += sqlite3Strlen30(&z[j]);
+          break;
+        }
+        case 'S':  sqlite3_snprintf(3,&z[j],"%02d",(int)x.s); j+=2; break;
+        case 'w': {
+          z[j++] = (char)(((x.iJD+129600000)/86400000) % 7) + '0';
+          break;
+        }
+        case 'Y': {
+          sqlite3_snprintf(5,&z[j],"%04d",x.Y); j+=sqlite3Strlen30(&z[j]);
+          break;
+        }
+        default:   z[j++] = '%'; break;
+      }
+    }
+  }
+  z[j] = 0;
+  sqlite3_result_text(context, z, -1,
+                      z==zBuf ? SQLITE_TRANSIENT : SQLITE_DYNAMIC);
+}
+
+/*
+** current_time()
+**
+** This function returns the same value as time('now').
+*/
+static void ctimeFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  timeFunc(context, 0, 0);
+}
+
+/*
+** current_date()
+**
+** This function returns the same value as date('now').
+*/
+static void cdateFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  dateFunc(context, 0, 0);
+}
+
+/*
+** current_timestamp()
+**
+** This function returns the same value as datetime('now').
+*/
+static void ctimestampFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  datetimeFunc(context, 0, 0);
+}
+#endif /* !defined(SQLITE_OMIT_DATETIME_FUNCS) */
+
+#ifdef SQLITE_OMIT_DATETIME_FUNCS
+/*
+** If the library is compiled to omit the full-scale date and time
+** handling (to get a smaller binary), the following minimal version
+** of the functions current_time(), current_date() and current_timestamp()
+** are included instead. This is to support column declarations that
+** include "DEFAULT CURRENT_TIME" etc.
+**
+** This function uses the C-library functions time(), gmtime()
+** and strftime(). The format string to pass to strftime() is supplied
+** as the user-data for the function.
+*/
+static void currentTimeFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  time_t t;
+  char *zFormat = (char *)sqlite3_user_data(context);
+  sqlite3 *db;
+  sqlite3_int64 iT;
+  struct tm *pTm;
+  struct tm sNow;
+  char zBuf[20];
+
+  UNUSED_PARAMETER(argc);
+  UNUSED_PARAMETER(argv);
+
+  iT = sqlite3StmtCurrentTime(context);
+  if( iT<=0 ) return;
+  t = iT/1000 - 10000*(sqlite3_int64)21086676;
+#if HAVE_GMTIME_R
+  pTm = gmtime_r(&t, &sNow);
+#else
+  sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
+  pTm = gmtime(&t);
+  if( pTm ) memcpy(&sNow, pTm, sizeof(sNow));
+  sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
+#endif
+  if( pTm ){
+    strftime(zBuf, 20, zFormat, &sNow);
+    sqlite3_result_text(context, zBuf, -1, SQLITE_TRANSIENT);
+  }
+}
+#endif
+
+/*
+** This function registered all of the above C functions as SQL
+** functions.  This should be the only routine in this file with
+** external linkage.
+*/
+SQLITE_PRIVATE void sqlite3RegisterDateTimeFunctions(void){
+  static SQLITE_WSD FuncDef aDateTimeFuncs[] = {
+#ifndef SQLITE_OMIT_DATETIME_FUNCS
+    DFUNCTION(julianday,        -1, 0, 0, juliandayFunc ),
+    DFUNCTION(date,             -1, 0, 0, dateFunc      ),
+    DFUNCTION(time,             -1, 0, 0, timeFunc      ),
+    DFUNCTION(datetime,         -1, 0, 0, datetimeFunc  ),
+    DFUNCTION(strftime,         -1, 0, 0, strftimeFunc  ),
+    DFUNCTION(current_time,      0, 0, 0, ctimeFunc     ),
+    DFUNCTION(current_timestamp, 0, 0, 0, ctimestampFunc),
+    DFUNCTION(current_date,      0, 0, 0, cdateFunc     ),
+#else
+    STR_FUNCTION(current_time,      0, "%H:%M:%S",          0, currentTimeFunc),
+    STR_FUNCTION(current_date,      0, "%Y-%m-%d",          0, currentTimeFunc),
+    STR_FUNCTION(current_timestamp, 0, "%Y-%m-%d %H:%M:%S", 0, currentTimeFunc),
+#endif
+  };
+  int i;
+  FuncDefHash *pHash = &GLOBAL(FuncDefHash, sqlite3GlobalFunctions);
+  FuncDef *aFunc = (FuncDef*)&GLOBAL(FuncDef, aDateTimeFuncs);
+
+  for(i=0; i<ArraySize(aDateTimeFuncs); i++){
+    sqlite3FuncDefInsert(pHash, &aFunc[i]);
+  }
+}
+
+/************** End of date.c ************************************************/
+/************** Begin file os.c **********************************************/
+/*
+** 2005 November 29
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains OS interface code that is common to all
+** architectures.
+*/
+#define _SQLITE_OS_C_ 1
+/* #include "sqliteInt.h" */
+#undef _SQLITE_OS_C_
+
+/*
+** The default SQLite sqlite3_vfs implementations do not allocate
+** memory (actually, os_unix.c allocates a small amount of memory
+** from within OsOpen()), but some third-party implementations may.
+** So we test the effects of a malloc() failing and the sqlite3OsXXX()
+** function returning SQLITE_IOERR_NOMEM using the DO_OS_MALLOC_TEST macro.
+**
+** The following functions are instrumented for malloc() failure 
+** testing:
+**
+**     sqlite3OsRead()
+**     sqlite3OsWrite()
+**     sqlite3OsSync()
+**     sqlite3OsFileSize()
+**     sqlite3OsLock()
+**     sqlite3OsCheckReservedLock()
+**     sqlite3OsFileControl()
+**     sqlite3OsShmMap()
+**     sqlite3OsOpen()
+**     sqlite3OsDelete()
+**     sqlite3OsAccess()
+**     sqlite3OsFullPathname()
+**
+*/
+#if defined(SQLITE_TEST)
+SQLITE_API int sqlite3_memdebug_vfs_oom_test = 1;
+  #define DO_OS_MALLOC_TEST(x)                                       \
+  if (sqlite3_memdebug_vfs_oom_test && (!x || !sqlite3IsMemJournal(x))) {  \
+    void *pTstAlloc = sqlite3Malloc(10);                             \
+    if (!pTstAlloc) return SQLITE_IOERR_NOMEM;                       \
+    sqlite3_free(pTstAlloc);                                         \
+  }
+#else
+  #define DO_OS_MALLOC_TEST(x)
+#endif
+
+/*
+** The following routines are convenience wrappers around methods
+** of the sqlite3_file object.  This is mostly just syntactic sugar. All
+** of this would be completely automatic if SQLite were coded using
+** C++ instead of plain old C.
+*/
+SQLITE_PRIVATE int sqlite3OsClose(sqlite3_file *pId){
+  int rc = SQLITE_OK;
+  if( pId->pMethods ){
+    rc = pId->pMethods->xClose(pId);
+    pId->pMethods = 0;
+  }
+  return rc;
+}
+SQLITE_PRIVATE int sqlite3OsRead(sqlite3_file *id, void *pBuf, int amt, i64 offset){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xRead(id, pBuf, amt, offset);
+}
+SQLITE_PRIVATE int sqlite3OsWrite(sqlite3_file *id, const void *pBuf, int amt, i64 offset){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xWrite(id, pBuf, amt, offset);
+}
+SQLITE_PRIVATE int sqlite3OsTruncate(sqlite3_file *id, i64 size){
+  return id->pMethods->xTruncate(id, size);
+}
+SQLITE_PRIVATE int sqlite3OsSync(sqlite3_file *id, int flags){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xSync(id, flags);
+}
+SQLITE_PRIVATE int sqlite3OsFileSize(sqlite3_file *id, i64 *pSize){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xFileSize(id, pSize);
+}
+SQLITE_PRIVATE int sqlite3OsLock(sqlite3_file *id, int lockType){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xLock(id, lockType);
+}
+SQLITE_PRIVATE int sqlite3OsUnlock(sqlite3_file *id, int lockType){
+  return id->pMethods->xUnlock(id, lockType);
+}
+SQLITE_PRIVATE int sqlite3OsCheckReservedLock(sqlite3_file *id, int *pResOut){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xCheckReservedLock(id, pResOut);
+}
+
+/*
+** Use sqlite3OsFileControl() when we are doing something that might fail
+** and we need to know about the failures.  Use sqlite3OsFileControlHint()
+** when simply tossing information over the wall to the VFS and we do not
+** really care if the VFS receives and understands the information since it
+** is only a hint and can be safely ignored.  The sqlite3OsFileControlHint()
+** routine has no return value since the return value would be meaningless.
+*/
+SQLITE_PRIVATE int sqlite3OsFileControl(sqlite3_file *id, int op, void *pArg){
+#ifdef SQLITE_TEST
+  if( op!=SQLITE_FCNTL_COMMIT_PHASETWO ){
+    /* Faults are not injected into COMMIT_PHASETWO because, assuming SQLite
+    ** is using a regular VFS, it is called after the corresponding 
+    ** transaction has been committed. Injecting a fault at this point 
+    ** confuses the test scripts - the COMMIT comand returns SQLITE_NOMEM
+    ** but the transaction is committed anyway.
+    **
+    ** The core must call OsFileControl() though, not OsFileControlHint(),
+    ** as if a custom VFS (e.g. zipvfs) returns an error here, it probably
+    ** means the commit really has failed and an error should be returned
+    ** to the user.  */
+    DO_OS_MALLOC_TEST(id);
+  }
+#endif
+  return id->pMethods->xFileControl(id, op, pArg);
+}
+SQLITE_PRIVATE void sqlite3OsFileControlHint(sqlite3_file *id, int op, void *pArg){
+  (void)id->pMethods->xFileControl(id, op, pArg);
+}
+
+SQLITE_PRIVATE int sqlite3OsSectorSize(sqlite3_file *id){
+  int (*xSectorSize)(sqlite3_file*) = id->pMethods->xSectorSize;
+  return (xSectorSize ? xSectorSize(id) : SQLITE_DEFAULT_SECTOR_SIZE);
+}
+SQLITE_PRIVATE int sqlite3OsDeviceCharacteristics(sqlite3_file *id){
+  return id->pMethods->xDeviceCharacteristics(id);
+}
+SQLITE_PRIVATE int sqlite3OsShmLock(sqlite3_file *id, int offset, int n, int flags){
+  return id->pMethods->xShmLock(id, offset, n, flags);
+}
+SQLITE_PRIVATE void sqlite3OsShmBarrier(sqlite3_file *id){
+  id->pMethods->xShmBarrier(id);
+}
+SQLITE_PRIVATE int sqlite3OsShmUnmap(sqlite3_file *id, int deleteFlag){
+  return id->pMethods->xShmUnmap(id, deleteFlag);
+}
+SQLITE_PRIVATE int sqlite3OsShmMap(
+  sqlite3_file *id,               /* Database file handle */
+  int iPage,
+  int pgsz,
+  int bExtend,                    /* True to extend file if necessary */
+  void volatile **pp              /* OUT: Pointer to mapping */
+){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xShmMap(id, iPage, pgsz, bExtend, pp);
+}
+
+#if SQLITE_MAX_MMAP_SIZE>0
+/* The real implementation of xFetch and xUnfetch */
+SQLITE_PRIVATE int sqlite3OsFetch(sqlite3_file *id, i64 iOff, int iAmt, void **pp){
+  DO_OS_MALLOC_TEST(id);
+  return id->pMethods->xFetch(id, iOff, iAmt, pp);
+}
+SQLITE_PRIVATE int sqlite3OsUnfetch(sqlite3_file *id, i64 iOff, void *p){
+  return id->pMethods->xUnfetch(id, iOff, p);
+}
+#else
+/* No-op stubs to use when memory-mapped I/O is disabled */
+SQLITE_PRIVATE int sqlite3OsFetch(sqlite3_file *id, i64 iOff, int iAmt, void **pp){
+  *pp = 0;
+  return SQLITE_OK;
+}
+SQLITE_PRIVATE int sqlite3OsUnfetch(sqlite3_file *id, i64 iOff, void *p){
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** The next group of routines are convenience wrappers around the
+** VFS methods.
+*/
+SQLITE_PRIVATE int sqlite3OsOpen(
+  sqlite3_vfs *pVfs, 
+  const char *zPath, 
+  sqlite3_file *pFile, 
+  int flags, 
+  int *pFlagsOut
+){
+  int rc;
+  DO_OS_MALLOC_TEST(0);
+  /* 0x87f7f is a mask of SQLITE_OPEN_ flags that are valid to be passed
+  ** down into the VFS layer.  Some SQLITE_OPEN_ flags (for example,
+  ** SQLITE_OPEN_FULLMUTEX or SQLITE_OPEN_SHAREDCACHE) are blocked before
+  ** reaching the VFS. */
+  rc = pVfs->xOpen(pVfs, zPath, pFile, flags & 0x87f7f, pFlagsOut);
+  assert( rc==SQLITE_OK || pFile->pMethods==0 );
+  return rc;
+}
+SQLITE_PRIVATE int sqlite3OsDelete(sqlite3_vfs *pVfs, const char *zPath, int dirSync){
+  DO_OS_MALLOC_TEST(0);
+  assert( dirSync==0 || dirSync==1 );
+  return pVfs->xDelete(pVfs, zPath, dirSync);
+}
+SQLITE_PRIVATE int sqlite3OsAccess(
+  sqlite3_vfs *pVfs, 
+  const char *zPath, 
+  int flags, 
+  int *pResOut
+){
+  DO_OS_MALLOC_TEST(0);
+  return pVfs->xAccess(pVfs, zPath, flags, pResOut);
+}
+SQLITE_PRIVATE int sqlite3OsFullPathname(
+  sqlite3_vfs *pVfs, 
+  const char *zPath, 
+  int nPathOut, 
+  char *zPathOut
+){
+  DO_OS_MALLOC_TEST(0);
+  zPathOut[0] = 0;
+  return pVfs->xFullPathname(pVfs, zPath, nPathOut, zPathOut);
+}
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+SQLITE_PRIVATE void *sqlite3OsDlOpen(sqlite3_vfs *pVfs, const char *zPath){
+  return pVfs->xDlOpen(pVfs, zPath);
+}
+SQLITE_PRIVATE void sqlite3OsDlError(sqlite3_vfs *pVfs, int nByte, char *zBufOut){
+  pVfs->xDlError(pVfs, nByte, zBufOut);
+}
+SQLITE_PRIVATE void (*sqlite3OsDlSym(sqlite3_vfs *pVfs, void *pHdle, const char *zSym))(void){
+  return pVfs->xDlSym(pVfs, pHdle, zSym);
+}
+SQLITE_PRIVATE void sqlite3OsDlClose(sqlite3_vfs *pVfs, void *pHandle){
+  pVfs->xDlClose(pVfs, pHandle);
+}
+#endif /* SQLITE_OMIT_LOAD_EXTENSION */
+SQLITE_PRIVATE int sqlite3OsRandomness(sqlite3_vfs *pVfs, int nByte, char *zBufOut){
+  return pVfs->xRandomness(pVfs, nByte, zBufOut);
+}
+SQLITE_PRIVATE int sqlite3OsSleep(sqlite3_vfs *pVfs, int nMicro){
+  return pVfs->xSleep(pVfs, nMicro);
+}
+SQLITE_PRIVATE int sqlite3OsCurrentTimeInt64(sqlite3_vfs *pVfs, sqlite3_int64 *pTimeOut){
+  int rc;
+  /* IMPLEMENTATION-OF: R-49045-42493 SQLite will use the xCurrentTimeInt64()
+  ** method to get the current date and time if that method is available
+  ** (if iVersion is 2 or greater and the function pointer is not NULL) and
+  ** will fall back to xCurrentTime() if xCurrentTimeInt64() is
+  ** unavailable.
+  */
+  if( pVfs->iVersion>=2 && pVfs->xCurrentTimeInt64 ){
+    rc = pVfs->xCurrentTimeInt64(pVfs, pTimeOut);
+  }else{
+    double r;
+    rc = pVfs->xCurrentTime(pVfs, &r);
+    *pTimeOut = (sqlite3_int64)(r*86400000.0);
+  }
+  return rc;
+}
+
+SQLITE_PRIVATE int sqlite3OsOpenMalloc(
+  sqlite3_vfs *pVfs, 
+  const char *zFile, 
+  sqlite3_file **ppFile, 
+  int flags,
+  int *pOutFlags
+){
+  int rc = SQLITE_NOMEM;
+  sqlite3_file *pFile;
+  pFile = (sqlite3_file *)sqlite3MallocZero(pVfs->szOsFile);
+  if( pFile ){
+    rc = sqlite3OsOpen(pVfs, zFile, pFile, flags, pOutFlags);
+    if( rc!=SQLITE_OK ){
+      sqlite3_free(pFile);
+    }else{
+      *ppFile = pFile;
+    }
+  }
+  return rc;
+}
+SQLITE_PRIVATE int sqlite3OsCloseFree(sqlite3_file *pFile){
+  int rc = SQLITE_OK;
+  assert( pFile );
+  rc = sqlite3OsClose(pFile);
+  sqlite3_free(pFile);
+  return rc;
+}
+
+/*
+** This function is a wrapper around the OS specific implementation of
+** sqlite3_os_init(). The purpose of the wrapper is to provide the
+** ability to simulate a malloc failure, so that the handling of an
+** error in sqlite3_os_init() by the upper layers can be tested.
+*/
+SQLITE_PRIVATE int sqlite3OsInit(void){
+  void *p = sqlite3_malloc(10);
+  if( p==0 ) return SQLITE_NOMEM;
+  sqlite3_free(p);
+  return sqlite3_os_init();
+}
+
+/*
+** The list of all registered VFS implementations.
+*/
+static sqlite3_vfs * SQLITE_WSD vfsList = 0;
+#define vfsList GLOBAL(sqlite3_vfs *, vfsList)
+
+/*
+** Locate a VFS by name.  If no name is given, simply return the
+** first VFS on the list.
+*/
+SQLITE_API sqlite3_vfs *SQLITE_STDCALL sqlite3_vfs_find(const char *zVfs){
+  sqlite3_vfs *pVfs = 0;
+#if SQLITE_THREADSAFE
+  sqlite3_mutex *mutex;
+#endif
+#ifndef SQLITE_OMIT_AUTOINIT
+  int rc = sqlite3_initialize();
+  if( rc ) return 0;
+#endif
+#if SQLITE_THREADSAFE
+  mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+#endif
+  sqlite3_mutex_enter(mutex);
+  for(pVfs = vfsList; pVfs; pVfs=pVfs->pNext){
+    if( zVfs==0 ) break;
+    if( strcmp(zVfs, pVfs->zName)==0 ) break;
+  }
+  sqlite3_mutex_leave(mutex);
+  return pVfs;
+}
+
+/*
+** Unlink a VFS from the linked list
+*/
+static void vfsUnlink(sqlite3_vfs *pVfs){
+  assert( sqlite3_mutex_held(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER)) );
+  if( pVfs==0 ){
+    /* No-op */
+  }else if( vfsList==pVfs ){
+    vfsList = pVfs->pNext;
+  }else if( vfsList ){
+    sqlite3_vfs *p = vfsList;
+    while( p->pNext && p->pNext!=pVfs ){
+      p = p->pNext;
+    }
+    if( p->pNext==pVfs ){
+      p->pNext = pVfs->pNext;
+    }
+  }
+}
+
+/*
+** Register a VFS with the system.  It is harmless to register the same
+** VFS multiple times.  The new VFS becomes the default if makeDflt is
+** true.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_vfs_register(sqlite3_vfs *pVfs, int makeDflt){
+  MUTEX_LOGIC(sqlite3_mutex *mutex;)
+#ifndef SQLITE_OMIT_AUTOINIT
+  int rc = sqlite3_initialize();
+  if( rc ) return rc;
+#endif
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( pVfs==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+
+  MUTEX_LOGIC( mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER); )
+  sqlite3_mutex_enter(mutex);
+  vfsUnlink(pVfs);
+  if( makeDflt || vfsList==0 ){
+    pVfs->pNext = vfsList;
+    vfsList = pVfs;
+  }else{
+    pVfs->pNext = vfsList->pNext;
+    vfsList->pNext = pVfs;
+  }
+  assert(vfsList);
+  sqlite3_mutex_leave(mutex);
+  return SQLITE_OK;
+}
+
+/*
+** Unregister a VFS so that it is no longer accessible.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_vfs_unregister(sqlite3_vfs *pVfs){
+#if SQLITE_THREADSAFE
+  sqlite3_mutex *mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+#endif
+  sqlite3_mutex_enter(mutex);
+  vfsUnlink(pVfs);
+  sqlite3_mutex_leave(mutex);
+  return SQLITE_OK;
+}
+
+/************** End of os.c **************************************************/
+/************** Begin file fault.c *******************************************/
+/*
+** 2008 Jan 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains code to support the concept of "benign" 
+** malloc failures (when the xMalloc() or xRealloc() method of the
+** sqlite3_mem_methods structure fails to allocate a block of memory
+** and returns 0). 
+**
+** Most malloc failures are non-benign. After they occur, SQLite
+** abandons the current operation and returns an error code (usually
+** SQLITE_NOMEM) to the user. However, sometimes a fault is not necessarily
+** fatal. For example, if a malloc fails while resizing a hash table, this 
+** is completely recoverable simply by not carrying out the resize. The 
+** hash table will continue to function normally.  So a malloc failure 
+** during a hash table resize is a benign fault.
+*/
+
+/* #include "sqliteInt.h" */
+
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+
+/*
+** Global variables.
+*/
+typedef struct BenignMallocHooks BenignMallocHooks;
+static SQLITE_WSD struct BenignMallocHooks {
+  void (*xBenignBegin)(void);
+  void (*xBenignEnd)(void);
+} sqlite3Hooks = { 0, 0 };
+
+/* The "wsdHooks" macro will resolve to the appropriate BenignMallocHooks
+** structure.  If writable static data is unsupported on the target,
+** we have to locate the state vector at run-time.  In the more common
+** case where writable static data is supported, wsdHooks can refer directly
+** to the "sqlite3Hooks" state vector declared above.
+*/
+#ifdef SQLITE_OMIT_WSD
+# define wsdHooksInit \
+  BenignMallocHooks *x = &GLOBAL(BenignMallocHooks,sqlite3Hooks)
+# define wsdHooks x[0]
+#else
+# define wsdHooksInit
+# define wsdHooks sqlite3Hooks
+#endif
+
+
+/*
+** Register hooks to call when sqlite3BeginBenignMalloc() and
+** sqlite3EndBenignMalloc() are called, respectively.
+*/
+SQLITE_PRIVATE void sqlite3BenignMallocHooks(
+  void (*xBenignBegin)(void),
+  void (*xBenignEnd)(void)
+){
+  wsdHooksInit;
+  wsdHooks.xBenignBegin = xBenignBegin;
+  wsdHooks.xBenignEnd = xBenignEnd;
+}
+
+/*
+** This (sqlite3EndBenignMalloc()) is called by SQLite code to indicate that
+** subsequent malloc failures are benign. A call to sqlite3EndBenignMalloc()
+** indicates that subsequent malloc failures are non-benign.
+*/
+SQLITE_PRIVATE void sqlite3BeginBenignMalloc(void){
+  wsdHooksInit;
+  if( wsdHooks.xBenignBegin ){
+    wsdHooks.xBenignBegin();
+  }
+}
+SQLITE_PRIVATE void sqlite3EndBenignMalloc(void){
+  wsdHooksInit;
+  if( wsdHooks.xBenignEnd ){
+    wsdHooks.xBenignEnd();
+  }
+}
+
+#endif   /* #ifndef SQLITE_OMIT_BUILTIN_TEST */
+
+/************** End of fault.c ***********************************************/
+/************** Begin file mem0.c ********************************************/
+/*
+** 2008 October 28
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains a no-op memory allocation drivers for use when
+** SQLITE_ZERO_MALLOC is defined.  The allocation drivers implemented
+** here always fail.  SQLite will not operate with these drivers.  These
+** are merely placeholders.  Real drivers must be substituted using
+** sqlite3_config() before SQLite will operate.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** This version of the memory allocator is the default.  It is
+** used when no other memory allocator is specified using compile-time
+** macros.
+*/
+#ifdef SQLITE_ZERO_MALLOC
+
+/*
+** No-op versions of all memory allocation routines
+*/
+static void *sqlite3MemMalloc(int nByte){ return 0; }
+static void sqlite3MemFree(void *pPrior){ return; }
+static void *sqlite3MemRealloc(void *pPrior, int nByte){ return 0; }
+static int sqlite3MemSize(void *pPrior){ return 0; }
+static int sqlite3MemRoundup(int n){ return n; }
+static int sqlite3MemInit(void *NotUsed){ return SQLITE_OK; }
+static void sqlite3MemShutdown(void *NotUsed){ return; }
+
+/*
+** This routine is the only routine in this file with external linkage.
+**
+** Populate the low-level memory allocation function pointers in
+** sqlite3GlobalConfig.m with pointers to the routines in this file.
+*/
+SQLITE_PRIVATE void sqlite3MemSetDefault(void){
+  static const sqlite3_mem_methods defaultMethods = {
+     sqlite3MemMalloc,
+     sqlite3MemFree,
+     sqlite3MemRealloc,
+     sqlite3MemSize,
+     sqlite3MemRoundup,
+     sqlite3MemInit,
+     sqlite3MemShutdown,
+     0
+  };
+  sqlite3_config(SQLITE_CONFIG_MALLOC, &defaultMethods);
+}
+
+#endif /* SQLITE_ZERO_MALLOC */
+
+/************** End of mem0.c ************************************************/
+/************** Begin file mem1.c ********************************************/
+/*
+** 2007 August 14
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains low-level memory allocation drivers for when
+** SQLite will use the standard C-library malloc/realloc/free interface
+** to obtain the memory it needs.
+**
+** This file contains implementations of the low-level memory allocation
+** routines specified in the sqlite3_mem_methods object.  The content of
+** this file is only used if SQLITE_SYSTEM_MALLOC is defined.  The
+** SQLITE_SYSTEM_MALLOC macro is defined automatically if neither the
+** SQLITE_MEMDEBUG nor the SQLITE_WIN32_MALLOC macros are defined.  The
+** default configuration is to use memory allocation routines in this
+** file.
+**
+** C-preprocessor macro summary:
+**
+**    HAVE_MALLOC_USABLE_SIZE     The configure script sets this symbol if
+**                                the malloc_usable_size() interface exists
+**                                on the target platform.  Or, this symbol
+**                                can be set manually, if desired.
+**                                If an equivalent interface exists by
+**                                a different name, using a separate -D
+**                                option to rename it.
+**
+**    SQLITE_WITHOUT_ZONEMALLOC   Some older macs lack support for the zone
+**                                memory allocator.  Set this symbol to enable
+**                                building on older macs.
+**
+**    SQLITE_WITHOUT_MSIZE        Set this symbol to disable the use of
+**                                _msize() on windows systems.  This might
+**                                be necessary when compiling for Delphi,
+**                                for example.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** This version of the memory allocator is the default.  It is
+** used when no other memory allocator is specified using compile-time
+** macros.
+*/
+#ifdef SQLITE_SYSTEM_MALLOC
+#if defined(__APPLE__) && !defined(SQLITE_WITHOUT_ZONEMALLOC)
+
+/*
+** Use the zone allocator available on apple products unless the
+** SQLITE_WITHOUT_ZONEMALLOC symbol is defined.
+*/
+#include <sys/sysctl.h>
+#include <malloc/malloc.h>
+#include <libkern/OSAtomic.h>
+static malloc_zone_t* _sqliteZone_;
+#define SQLITE_MALLOC(x) malloc_zone_malloc(_sqliteZone_, (x))
+#define SQLITE_FREE(x) malloc_zone_free(_sqliteZone_, (x));
+#define SQLITE_REALLOC(x,y) malloc_zone_realloc(_sqliteZone_, (x), (y))
+#define SQLITE_MALLOCSIZE(x) \
+        (_sqliteZone_ ? _sqliteZone_->size(_sqliteZone_,x) : malloc_size(x))
+
+#else /* if not __APPLE__ */
+
+/*
+** Use standard C library malloc and free on non-Apple systems.  
+** Also used by Apple systems if SQLITE_WITHOUT_ZONEMALLOC is defined.
+*/
+#define SQLITE_MALLOC(x)             malloc(x)
+#define SQLITE_FREE(x)               free(x)
+#define SQLITE_REALLOC(x,y)          realloc((x),(y))
+
+/*
+** The malloc.h header file is needed for malloc_usable_size() function
+** on some systems (e.g. Linux).
+*/
+#if HAVE_MALLOC_H && HAVE_MALLOC_USABLE_SIZE
+#  define SQLITE_USE_MALLOC_H 1
+#  define SQLITE_USE_MALLOC_USABLE_SIZE 1
+/*
+** The MSVCRT has malloc_usable_size(), but it is called _msize().  The
+** use of _msize() is automatic, but can be disabled by compiling with
+** -DSQLITE_WITHOUT_MSIZE.  Using the _msize() function also requires
+** the malloc.h header file.
+*/
+#elif defined(_MSC_VER) && !defined(SQLITE_WITHOUT_MSIZE)
+#  define SQLITE_USE_MALLOC_H
+#  define SQLITE_USE_MSIZE
+#endif
+
+/*
+** Include the malloc.h header file, if necessary.  Also set define macro
+** SQLITE_MALLOCSIZE to the appropriate function name, which is _msize()
+** for MSVC and malloc_usable_size() for most other systems (e.g. Linux).
+** The memory size function can always be overridden manually by defining
+** the macro SQLITE_MALLOCSIZE to the desired function name.
+*/
+#if defined(SQLITE_USE_MALLOC_H)
+#  include <malloc.h>
+#  if defined(SQLITE_USE_MALLOC_USABLE_SIZE)
+#    if !defined(SQLITE_MALLOCSIZE)
+#      define SQLITE_MALLOCSIZE(x)   malloc_usable_size(x)
+#    endif
+#  elif defined(SQLITE_USE_MSIZE)
+#    if !defined(SQLITE_MALLOCSIZE)
+#      define SQLITE_MALLOCSIZE      _msize
+#    endif
+#  endif
+#endif /* defined(SQLITE_USE_MALLOC_H) */
+
+#endif /* __APPLE__ or not __APPLE__ */
+
+/*
+** Like malloc(), but remember the size of the allocation
+** so that we can find it later using sqlite3MemSize().
+**
+** For this low-level routine, we are guaranteed that nByte>0 because
+** cases of nByte<=0 will be intercepted and dealt with by higher level
+** routines.
+*/
+static void *sqlite3MemMalloc(int nByte){
+#ifdef SQLITE_MALLOCSIZE
+  void *p = SQLITE_MALLOC( nByte );
+  if( p==0 ){
+    testcase( sqlite3GlobalConfig.xLog!=0 );
+    sqlite3_log(SQLITE_NOMEM, "failed to allocate %u bytes of memory", nByte);
+  }
+  return p;
+#else
+  sqlite3_int64 *p;
+  assert( nByte>0 );
+  nByte = ROUND8(nByte);
+  p = SQLITE_MALLOC( nByte+8 );
+  if( p ){
+    p[0] = nByte;
+    p++;
+  }else{
+    testcase( sqlite3GlobalConfig.xLog!=0 );
+    sqlite3_log(SQLITE_NOMEM, "failed to allocate %u bytes of memory", nByte);
+  }
+  return (void *)p;
+#endif
+}
+
+/*
+** Like free() but works for allocations obtained from sqlite3MemMalloc()
+** or sqlite3MemRealloc().
+**
+** For this low-level routine, we already know that pPrior!=0 since
+** cases where pPrior==0 will have been intecepted and dealt with
+** by higher-level routines.
+*/
+static void sqlite3MemFree(void *pPrior){
+#ifdef SQLITE_MALLOCSIZE
+  SQLITE_FREE(pPrior);
+#else
+  sqlite3_int64 *p = (sqlite3_int64*)pPrior;
+  assert( pPrior!=0 );
+  p--;
+  SQLITE_FREE(p);
+#endif
+}
+
+/*
+** Report the allocated size of a prior return from xMalloc()
+** or xRealloc().
+*/
+static int sqlite3MemSize(void *pPrior){
+#ifdef SQLITE_MALLOCSIZE
+  assert( pPrior!=0 );
+  return (int)SQLITE_MALLOCSIZE(pPrior);
+#else
+  sqlite3_int64 *p;
+  assert( pPrior!=0 );
+  p = (sqlite3_int64*)pPrior;
+  p--;
+  return (int)p[0];
+#endif
+}
+
+/*
+** Like realloc().  Resize an allocation previously obtained from
+** sqlite3MemMalloc().
+**
+** For this low-level interface, we know that pPrior!=0.  Cases where
+** pPrior==0 while have been intercepted by higher-level routine and
+** redirected to xMalloc.  Similarly, we know that nByte>0 because
+** cases where nByte<=0 will have been intercepted by higher-level
+** routines and redirected to xFree.
+*/
+static void *sqlite3MemRealloc(void *pPrior, int nByte){
+#ifdef SQLITE_MALLOCSIZE
+  void *p = SQLITE_REALLOC(pPrior, nByte);
+  if( p==0 ){
+    testcase( sqlite3GlobalConfig.xLog!=0 );
+    sqlite3_log(SQLITE_NOMEM,
+      "failed memory resize %u to %u bytes",
+      SQLITE_MALLOCSIZE(pPrior), nByte);
+  }
+  return p;
+#else
+  sqlite3_int64 *p = (sqlite3_int64*)pPrior;
+  assert( pPrior!=0 && nByte>0 );
+  assert( nByte==ROUND8(nByte) ); /* EV: R-46199-30249 */
+  p--;
+  p = SQLITE_REALLOC(p, nByte+8 );
+  if( p ){
+    p[0] = nByte;
+    p++;
+  }else{
+    testcase( sqlite3GlobalConfig.xLog!=0 );
+    sqlite3_log(SQLITE_NOMEM,
+      "failed memory resize %u to %u bytes",
+      sqlite3MemSize(pPrior), nByte);
+  }
+  return (void*)p;
+#endif
+}
+
+/*
+** Round up a request size to the next valid allocation size.
+*/
+static int sqlite3MemRoundup(int n){
+  return ROUND8(n);
+}
+
+/*
+** Initialize this module.
+*/
+static int sqlite3MemInit(void *NotUsed){
+#if defined(__APPLE__) && !defined(SQLITE_WITHOUT_ZONEMALLOC)
+  int cpuCount;
+  size_t len;
+  if( _sqliteZone_ ){
+    return SQLITE_OK;
+  }
+  len = sizeof(cpuCount);
+  /* One usually wants to use hw.acctivecpu for MT decisions, but not here */
+  sysctlbyname("hw.ncpu", &cpuCount, &len, NULL, 0);
+  if( cpuCount>1 ){
+    /* defer MT decisions to system malloc */
+    _sqliteZone_ = malloc_default_zone();
+  }else{
+    /* only 1 core, use our own zone to contention over global locks, 
+    ** e.g. we have our own dedicated locks */
+    bool success;
+    malloc_zone_t* newzone = malloc_create_zone(4096, 0);
+    malloc_set_zone_name(newzone, "Sqlite_Heap");
+    do{
+      success = OSAtomicCompareAndSwapPtrBarrier(NULL, newzone, 
+                                 (void * volatile *)&_sqliteZone_);
+    }while(!_sqliteZone_);
+    if( !success ){
+      /* somebody registered a zone first */
+      malloc_destroy_zone(newzone);
+    }
+  }
+#endif
+  UNUSED_PARAMETER(NotUsed);
+  return SQLITE_OK;
+}
+
+/*
+** Deinitialize this module.
+*/
+static void sqlite3MemShutdown(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  return;
+}
+
+/*
+** This routine is the only routine in this file with external linkage.
+**
+** Populate the low-level memory allocation function pointers in
+** sqlite3GlobalConfig.m with pointers to the routines in this file.
+*/
+SQLITE_PRIVATE void sqlite3MemSetDefault(void){
+  static const sqlite3_mem_methods defaultMethods = {
+     sqlite3MemMalloc,
+     sqlite3MemFree,
+     sqlite3MemRealloc,
+     sqlite3MemSize,
+     sqlite3MemRoundup,
+     sqlite3MemInit,
+     sqlite3MemShutdown,
+     0
+  };
+  sqlite3_config(SQLITE_CONFIG_MALLOC, &defaultMethods);
+}
+
+#endif /* SQLITE_SYSTEM_MALLOC */
+
+/************** End of mem1.c ************************************************/
+/************** Begin file mem2.c ********************************************/
+/*
+** 2007 August 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains low-level memory allocation drivers for when
+** SQLite will use the standard C-library malloc/realloc/free interface
+** to obtain the memory it needs while adding lots of additional debugging
+** information to each allocation in order to help detect and fix memory
+** leaks and memory usage errors.
+**
+** This file contains implementations of the low-level memory allocation
+** routines specified in the sqlite3_mem_methods object.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** This version of the memory allocator is used only if the
+** SQLITE_MEMDEBUG macro is defined
+*/
+#ifdef SQLITE_MEMDEBUG
+
+/*
+** The backtrace functionality is only available with GLIBC
+*/
+#ifdef __GLIBC__
+  extern int backtrace(void**,int);
+  extern void backtrace_symbols_fd(void*const*,int,int);
+#else
+# define backtrace(A,B) 1
+# define backtrace_symbols_fd(A,B,C)
+#endif
+/* #include <stdio.h> */
+
+/*
+** Each memory allocation looks like this:
+**
+**  ------------------------------------------------------------------------
+**  | Title |  backtrace pointers |  MemBlockHdr |  allocation |  EndGuard |
+**  ------------------------------------------------------------------------
+**
+** The application code sees only a pointer to the allocation.  We have
+** to back up from the allocation pointer to find the MemBlockHdr.  The
+** MemBlockHdr tells us the size of the allocation and the number of
+** backtrace pointers.  There is also a guard word at the end of the
+** MemBlockHdr.
+*/
+struct MemBlockHdr {
+  i64 iSize;                          /* Size of this allocation */
+  struct MemBlockHdr *pNext, *pPrev;  /* Linked list of all unfreed memory */
+  char nBacktrace;                    /* Number of backtraces on this alloc */
+  char nBacktraceSlots;               /* Available backtrace slots */
+  u8 nTitle;                          /* Bytes of title; includes '\0' */
+  u8 eType;                           /* Allocation type code */
+  int iForeGuard;                     /* Guard word for sanity */
+};
+
+/*
+** Guard words
+*/
+#define FOREGUARD 0x80F5E153
+#define REARGUARD 0xE4676B53
+
+/*
+** Number of malloc size increments to track.
+*/
+#define NCSIZE  1000
+
+/*
+** All of the static variables used by this module are collected
+** into a single structure named "mem".  This is to keep the
+** static variables organized and to reduce namespace pollution
+** when this module is combined with other in the amalgamation.
+*/
+static struct {
+  
+  /*
+  ** Mutex to control access to the memory allocation subsystem.
+  */
+  sqlite3_mutex *mutex;
+
+  /*
+  ** Head and tail of a linked list of all outstanding allocations
+  */
+  struct MemBlockHdr *pFirst;
+  struct MemBlockHdr *pLast;
+  
+  /*
+  ** The number of levels of backtrace to save in new allocations.
+  */
+  int nBacktrace;
+  void (*xBacktrace)(int, int, void **);
+
+  /*
+  ** Title text to insert in front of each block
+  */
+  int nTitle;        /* Bytes of zTitle to save.  Includes '\0' and padding */
+  char zTitle[100];  /* The title text */
+
+  /* 
+  ** sqlite3MallocDisallow() increments the following counter.
+  ** sqlite3MallocAllow() decrements it.
+  */
+  int disallow; /* Do not allow memory allocation */
+
+  /*
+  ** Gather statistics on the sizes of memory allocations.
+  ** nAlloc[i] is the number of allocation attempts of i*8
+  ** bytes.  i==NCSIZE is the number of allocation attempts for
+  ** sizes more than NCSIZE*8 bytes.
+  */
+  int nAlloc[NCSIZE];      /* Total number of allocations */
+  int nCurrent[NCSIZE];    /* Current number of allocations */
+  int mxCurrent[NCSIZE];   /* Highwater mark for nCurrent */
+
+} mem;
+
+
+/*
+** Adjust memory usage statistics
+*/
+static void adjustStats(int iSize, int increment){
+  int i = ROUND8(iSize)/8;
+  if( i>NCSIZE-1 ){
+    i = NCSIZE - 1;
+  }
+  if( increment>0 ){
+    mem.nAlloc[i]++;
+    mem.nCurrent[i]++;
+    if( mem.nCurrent[i]>mem.mxCurrent[i] ){
+      mem.mxCurrent[i] = mem.nCurrent[i];
+    }
+  }else{
+    mem.nCurrent[i]--;
+    assert( mem.nCurrent[i]>=0 );
+  }
+}
+
+/*
+** Given an allocation, find the MemBlockHdr for that allocation.
+**
+** This routine checks the guards at either end of the allocation and
+** if they are incorrect it asserts.
+*/
+static struct MemBlockHdr *sqlite3MemsysGetHeader(void *pAllocation){
+  struct MemBlockHdr *p;
+  int *pInt;
+  u8 *pU8;
+  int nReserve;
+
+  p = (struct MemBlockHdr*)pAllocation;
+  p--;
+  assert( p->iForeGuard==(int)FOREGUARD );
+  nReserve = ROUND8(p->iSize);
+  pInt = (int*)pAllocation;
+  pU8 = (u8*)pAllocation;
+  assert( pInt[nReserve/sizeof(int)]==(int)REARGUARD );
+  /* This checks any of the "extra" bytes allocated due
+  ** to rounding up to an 8 byte boundary to ensure 
+  ** they haven't been overwritten.
+  */
+  while( nReserve-- > p->iSize ) assert( pU8[nReserve]==0x65 );
+  return p;
+}
+
+/*
+** Return the number of bytes currently allocated at address p.
+*/
+static int sqlite3MemSize(void *p){
+  struct MemBlockHdr *pHdr;
+  if( !p ){
+    return 0;
+  }
+  pHdr = sqlite3MemsysGetHeader(p);
+  return (int)pHdr->iSize;
+}
+
+/*
+** Initialize the memory allocation subsystem.
+*/
+static int sqlite3MemInit(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  assert( (sizeof(struct MemBlockHdr)&7) == 0 );
+  if( !sqlite3GlobalConfig.bMemstat ){
+    /* If memory status is enabled, then the malloc.c wrapper will already
+    ** hold the STATIC_MEM mutex when the routines here are invoked. */
+    mem.mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MEM);
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Deinitialize the memory allocation subsystem.
+*/
+static void sqlite3MemShutdown(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  mem.mutex = 0;
+}
+
+/*
+** Round up a request size to the next valid allocation size.
+*/
+static int sqlite3MemRoundup(int n){
+  return ROUND8(n);
+}
+
+/*
+** Fill a buffer with pseudo-random bytes.  This is used to preset
+** the content of a new memory allocation to unpredictable values and
+** to clear the content of a freed allocation to unpredictable values.
+*/
+static void randomFill(char *pBuf, int nByte){
+  unsigned int x, y, r;
+  x = SQLITE_PTR_TO_INT(pBuf);
+  y = nByte | 1;
+  while( nByte >= 4 ){
+    x = (x>>1) ^ (-(int)(x&1) & 0xd0000001);
+    y = y*1103515245 + 12345;
+    r = x ^ y;
+    *(int*)pBuf = r;
+    pBuf += 4;
+    nByte -= 4;
+  }
+  while( nByte-- > 0 ){
+    x = (x>>1) ^ (-(int)(x&1) & 0xd0000001);
+    y = y*1103515245 + 12345;
+    r = x ^ y;
+    *(pBuf++) = r & 0xff;
+  }
+}
+
+/*
+** Allocate nByte bytes of memory.
+*/
+static void *sqlite3MemMalloc(int nByte){
+  struct MemBlockHdr *pHdr;
+  void **pBt;
+  char *z;
+  int *pInt;
+  void *p = 0;
+  int totalSize;
+  int nReserve;
+  sqlite3_mutex_enter(mem.mutex);
+  assert( mem.disallow==0 );
+  nReserve = ROUND8(nByte);
+  totalSize = nReserve + sizeof(*pHdr) + sizeof(int) +
+               mem.nBacktrace*sizeof(void*) + mem.nTitle;
+  p = malloc(totalSize);
+  if( p ){
+    z = p;
+    pBt = (void**)&z[mem.nTitle];
+    pHdr = (struct MemBlockHdr*)&pBt[mem.nBacktrace];
+    pHdr->pNext = 0;
+    pHdr->pPrev = mem.pLast;
+    if( mem.pLast ){
+      mem.pLast->pNext = pHdr;
+    }else{
+      mem.pFirst = pHdr;
+    }
+    mem.pLast = pHdr;
+    pHdr->iForeGuard = FOREGUARD;
+    pHdr->eType = MEMTYPE_HEAP;
+    pHdr->nBacktraceSlots = mem.nBacktrace;
+    pHdr->nTitle = mem.nTitle;
+    if( mem.nBacktrace ){
+      void *aAddr[40];
+      pHdr->nBacktrace = backtrace(aAddr, mem.nBacktrace+1)-1;
+      memcpy(pBt, &aAddr[1], pHdr->nBacktrace*sizeof(void*));
+      assert(pBt[0]);
+      if( mem.xBacktrace ){
+        mem.xBacktrace(nByte, pHdr->nBacktrace-1, &aAddr[1]);
+      }
+    }else{
+      pHdr->nBacktrace = 0;
+    }
+    if( mem.nTitle ){
+      memcpy(z, mem.zTitle, mem.nTitle);
+    }
+    pHdr->iSize = nByte;
+    adjustStats(nByte, +1);
+    pInt = (int*)&pHdr[1];
+    pInt[nReserve/sizeof(int)] = REARGUARD;
+    randomFill((char*)pInt, nByte);
+    memset(((char*)pInt)+nByte, 0x65, nReserve-nByte);
+    p = (void*)pInt;
+  }
+  sqlite3_mutex_leave(mem.mutex);
+  return p; 
+}
+
+/*
+** Free memory.
+*/
+static void sqlite3MemFree(void *pPrior){
+  struct MemBlockHdr *pHdr;
+  void **pBt;
+  char *z;
+  assert( sqlite3GlobalConfig.bMemstat || sqlite3GlobalConfig.bCoreMutex==0 
+       || mem.mutex!=0 );
+  pHdr = sqlite3MemsysGetHeader(pPrior);
+  pBt = (void**)pHdr;
+  pBt -= pHdr->nBacktraceSlots;
+  sqlite3_mutex_enter(mem.mutex);
+  if( pHdr->pPrev ){
+    assert( pHdr->pPrev->pNext==pHdr );
+    pHdr->pPrev->pNext = pHdr->pNext;
+  }else{
+    assert( mem.pFirst==pHdr );
+    mem.pFirst = pHdr->pNext;
+  }
+  if( pHdr->pNext ){
+    assert( pHdr->pNext->pPrev==pHdr );
+    pHdr->pNext->pPrev = pHdr->pPrev;
+  }else{
+    assert( mem.pLast==pHdr );
+    mem.pLast = pHdr->pPrev;
+  }
+  z = (char*)pBt;
+  z -= pHdr->nTitle;
+  adjustStats((int)pHdr->iSize, -1);
+  randomFill(z, sizeof(void*)*pHdr->nBacktraceSlots + sizeof(*pHdr) +
+                (int)pHdr->iSize + sizeof(int) + pHdr->nTitle);
+  free(z);
+  sqlite3_mutex_leave(mem.mutex);  
+}
+
+/*
+** Change the size of an existing memory allocation.
+**
+** For this debugging implementation, we *always* make a copy of the
+** allocation into a new place in memory.  In this way, if the 
+** higher level code is using pointer to the old allocation, it is 
+** much more likely to break and we are much more liking to find
+** the error.
+*/
+static void *sqlite3MemRealloc(void *pPrior, int nByte){
+  struct MemBlockHdr *pOldHdr;
+  void *pNew;
+  assert( mem.disallow==0 );
+  assert( (nByte & 7)==0 );     /* EV: R-46199-30249 */
+  pOldHdr = sqlite3MemsysGetHeader(pPrior);
+  pNew = sqlite3MemMalloc(nByte);
+  if( pNew ){
+    memcpy(pNew, pPrior, (int)(nByte<pOldHdr->iSize ? nByte : pOldHdr->iSize));
+    if( nByte>pOldHdr->iSize ){
+      randomFill(&((char*)pNew)[pOldHdr->iSize], nByte - (int)pOldHdr->iSize);
+    }
+    sqlite3MemFree(pPrior);
+  }
+  return pNew;
+}
+
+/*
+** Populate the low-level memory allocation function pointers in
+** sqlite3GlobalConfig.m with pointers to the routines in this file.
+*/
+SQLITE_PRIVATE void sqlite3MemSetDefault(void){
+  static const sqlite3_mem_methods defaultMethods = {
+     sqlite3MemMalloc,
+     sqlite3MemFree,
+     sqlite3MemRealloc,
+     sqlite3MemSize,
+     sqlite3MemRoundup,
+     sqlite3MemInit,
+     sqlite3MemShutdown,
+     0
+  };
+  sqlite3_config(SQLITE_CONFIG_MALLOC, &defaultMethods);
+}
+
+/*
+** Set the "type" of an allocation.
+*/
+SQLITE_PRIVATE void sqlite3MemdebugSetType(void *p, u8 eType){
+  if( p && sqlite3GlobalConfig.m.xMalloc==sqlite3MemMalloc ){
+    struct MemBlockHdr *pHdr;
+    pHdr = sqlite3MemsysGetHeader(p);
+    assert( pHdr->iForeGuard==FOREGUARD );
+    pHdr->eType = eType;
+  }
+}
+
+/*
+** Return TRUE if the mask of type in eType matches the type of the
+** allocation p.  Also return true if p==NULL.
+**
+** This routine is designed for use within an assert() statement, to
+** verify the type of an allocation.  For example:
+**
+**     assert( sqlite3MemdebugHasType(p, MEMTYPE_HEAP) );
+*/
+SQLITE_PRIVATE int sqlite3MemdebugHasType(void *p, u8 eType){
+  int rc = 1;
+  if( p && sqlite3GlobalConfig.m.xMalloc==sqlite3MemMalloc ){
+    struct MemBlockHdr *pHdr;
+    pHdr = sqlite3MemsysGetHeader(p);
+    assert( pHdr->iForeGuard==FOREGUARD );         /* Allocation is valid */
+    if( (pHdr->eType&eType)==0 ){
+      rc = 0;
+    }
+  }
+  return rc;
+}
+
+/*
+** Return TRUE if the mask of type in eType matches no bits of the type of the
+** allocation p.  Also return true if p==NULL.
+**
+** This routine is designed for use within an assert() statement, to
+** verify the type of an allocation.  For example:
+**
+**     assert( sqlite3MemdebugNoType(p, MEMTYPE_LOOKASIDE) );
+*/
+SQLITE_PRIVATE int sqlite3MemdebugNoType(void *p, u8 eType){
+  int rc = 1;
+  if( p && sqlite3GlobalConfig.m.xMalloc==sqlite3MemMalloc ){
+    struct MemBlockHdr *pHdr;
+    pHdr = sqlite3MemsysGetHeader(p);
+    assert( pHdr->iForeGuard==FOREGUARD );         /* Allocation is valid */
+    if( (pHdr->eType&eType)!=0 ){
+      rc = 0;
+    }
+  }
+  return rc;
+}
+
+/*
+** Set the number of backtrace levels kept for each allocation.
+** A value of zero turns off backtracing.  The number is always rounded
+** up to a multiple of 2.
+*/
+SQLITE_PRIVATE void sqlite3MemdebugBacktrace(int depth){
+  if( depth<0 ){ depth = 0; }
+  if( depth>20 ){ depth = 20; }
+  depth = (depth+1)&0xfe;
+  mem.nBacktrace = depth;
+}
+
+SQLITE_PRIVATE void sqlite3MemdebugBacktraceCallback(void (*xBacktrace)(int, int, void **)){
+  mem.xBacktrace = xBacktrace;
+}
+
+/*
+** Set the title string for subsequent allocations.
+*/
+SQLITE_PRIVATE void sqlite3MemdebugSettitle(const char *zTitle){
+  unsigned int n = sqlite3Strlen30(zTitle) + 1;
+  sqlite3_mutex_enter(mem.mutex);
+  if( n>=sizeof(mem.zTitle) ) n = sizeof(mem.zTitle)-1;
+  memcpy(mem.zTitle, zTitle, n);
+  mem.zTitle[n] = 0;
+  mem.nTitle = ROUND8(n);
+  sqlite3_mutex_leave(mem.mutex);
+}
+
+SQLITE_PRIVATE void sqlite3MemdebugSync(){
+  struct MemBlockHdr *pHdr;
+  for(pHdr=mem.pFirst; pHdr; pHdr=pHdr->pNext){
+    void **pBt = (void**)pHdr;
+    pBt -= pHdr->nBacktraceSlots;
+    mem.xBacktrace((int)pHdr->iSize, pHdr->nBacktrace-1, &pBt[1]);
+  }
+}
+
+/*
+** Open the file indicated and write a log of all unfreed memory 
+** allocations into that log.
+*/
+SQLITE_PRIVATE void sqlite3MemdebugDump(const char *zFilename){
+  FILE *out;
+  struct MemBlockHdr *pHdr;
+  void **pBt;
+  int i;
+  out = fopen(zFilename, "w");
+  if( out==0 ){
+    fprintf(stderr, "** Unable to output memory debug output log: %s **\n",
+                    zFilename);
+    return;
+  }
+  for(pHdr=mem.pFirst; pHdr; pHdr=pHdr->pNext){
+    char *z = (char*)pHdr;
+    z -= pHdr->nBacktraceSlots*sizeof(void*) + pHdr->nTitle;
+    fprintf(out, "**** %lld bytes at %p from %s ****\n", 
+            pHdr->iSize, &pHdr[1], pHdr->nTitle ? z : "???");
+    if( pHdr->nBacktrace ){
+      fflush(out);
+      pBt = (void**)pHdr;
+      pBt -= pHdr->nBacktraceSlots;
+      backtrace_symbols_fd(pBt, pHdr->nBacktrace, fileno(out));
+      fprintf(out, "\n");
+    }
+  }
+  fprintf(out, "COUNTS:\n");
+  for(i=0; i<NCSIZE-1; i++){
+    if( mem.nAlloc[i] ){
+      fprintf(out, "   %5d: %10d %10d %10d\n", 
+            i*8, mem.nAlloc[i], mem.nCurrent[i], mem.mxCurrent[i]);
+    }
+  }
+  if( mem.nAlloc[NCSIZE-1] ){
+    fprintf(out, "   %5d: %10d %10d %10d\n",
+             NCSIZE*8-8, mem.nAlloc[NCSIZE-1],
+             mem.nCurrent[NCSIZE-1], mem.mxCurrent[NCSIZE-1]);
+  }
+  fclose(out);
+}
+
+/*
+** Return the number of times sqlite3MemMalloc() has been called.
+*/
+SQLITE_PRIVATE int sqlite3MemdebugMallocCount(){
+  int i;
+  int nTotal = 0;
+  for(i=0; i<NCSIZE; i++){
+    nTotal += mem.nAlloc[i];
+  }
+  return nTotal;
+}
+
+
+#endif /* SQLITE_MEMDEBUG */
+
+/************** End of mem2.c ************************************************/
+/************** Begin file mem3.c ********************************************/
+/*
+** 2007 October 14
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C functions that implement a memory
+** allocation subsystem for use by SQLite. 
+**
+** This version of the memory allocation subsystem omits all
+** use of malloc(). The SQLite user supplies a block of memory
+** before calling sqlite3_initialize() from which allocations
+** are made and returned by the xMalloc() and xRealloc() 
+** implementations. Once sqlite3_initialize() has been called,
+** the amount of memory available to SQLite is fixed and cannot
+** be changed.
+**
+** This version of the memory allocation subsystem is included
+** in the build only if SQLITE_ENABLE_MEMSYS3 is defined.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** This version of the memory allocator is only built into the library
+** SQLITE_ENABLE_MEMSYS3 is defined. Defining this symbol does not
+** mean that the library will use a memory-pool by default, just that
+** it is available. The mempool allocator is activated by calling
+** sqlite3_config().
+*/
+#ifdef SQLITE_ENABLE_MEMSYS3
+
+/*
+** Maximum size (in Mem3Blocks) of a "small" chunk.
+*/
+#define MX_SMALL 10
+
+
+/*
+** Number of freelist hash slots
+*/
+#define N_HASH  61
+
+/*
+** A memory allocation (also called a "chunk") consists of two or 
+** more blocks where each block is 8 bytes.  The first 8 bytes are 
+** a header that is not returned to the user.
+**
+** A chunk is two or more blocks that is either checked out or
+** free.  The first block has format u.hdr.  u.hdr.size4x is 4 times the
+** size of the allocation in blocks if the allocation is free.
+** The u.hdr.size4x&1 bit is true if the chunk is checked out and
+** false if the chunk is on the freelist.  The u.hdr.size4x&2 bit
+** is true if the previous chunk is checked out and false if the
+** previous chunk is free.  The u.hdr.prevSize field is the size of
+** the previous chunk in blocks if the previous chunk is on the
+** freelist. If the previous chunk is checked out, then
+** u.hdr.prevSize can be part of the data for that chunk and should
+** not be read or written.
+**
+** We often identify a chunk by its index in mem3.aPool[].  When
+** this is done, the chunk index refers to the second block of
+** the chunk.  In this way, the first chunk has an index of 1.
+** A chunk index of 0 means "no such chunk" and is the equivalent
+** of a NULL pointer.
+**
+** The second block of free chunks is of the form u.list.  The
+** two fields form a double-linked list of chunks of related sizes.
+** Pointers to the head of the list are stored in mem3.aiSmall[] 
+** for smaller chunks and mem3.aiHash[] for larger chunks.
+**
+** The second block of a chunk is user data if the chunk is checked 
+** out.  If a chunk is checked out, the user data may extend into
+** the u.hdr.prevSize value of the following chunk.
+*/
+typedef struct Mem3Block Mem3Block;
+struct Mem3Block {
+  union {
+    struct {
+      u32 prevSize;   /* Size of previous chunk in Mem3Block elements */
+      u32 size4x;     /* 4x the size of current chunk in Mem3Block elements */
+    } hdr;
+    struct {
+      u32 next;       /* Index in mem3.aPool[] of next free chunk */
+      u32 prev;       /* Index in mem3.aPool[] of previous free chunk */
+    } list;
+  } u;
+};
+
+/*
+** All of the static variables used by this module are collected
+** into a single structure named "mem3".  This is to keep the
+** static variables organized and to reduce namespace pollution
+** when this module is combined with other in the amalgamation.
+*/
+static SQLITE_WSD struct Mem3Global {
+  /*
+  ** Memory available for allocation. nPool is the size of the array
+  ** (in Mem3Blocks) pointed to by aPool less 2.
+  */
+  u32 nPool;
+  Mem3Block *aPool;
+
+  /*
+  ** True if we are evaluating an out-of-memory callback.
+  */
+  int alarmBusy;
+  
+  /*
+  ** Mutex to control access to the memory allocation subsystem.
+  */
+  sqlite3_mutex *mutex;
+  
+  /*
+  ** The minimum amount of free space that we have seen.
+  */
+  u32 mnMaster;
+
+  /*
+  ** iMaster is the index of the master chunk.  Most new allocations
+  ** occur off of this chunk.  szMaster is the size (in Mem3Blocks)
+  ** of the current master.  iMaster is 0 if there is not master chunk.
+  ** The master chunk is not in either the aiHash[] or aiSmall[].
+  */
+  u32 iMaster;
+  u32 szMaster;
+
+  /*
+  ** Array of lists of free blocks according to the block size 
+  ** for smaller chunks, or a hash on the block size for larger
+  ** chunks.
+  */
+  u32 aiSmall[MX_SMALL-1];   /* For sizes 2 through MX_SMALL, inclusive */
+  u32 aiHash[N_HASH];        /* For sizes MX_SMALL+1 and larger */
+} mem3 = { 97535575 };
+
+#define mem3 GLOBAL(struct Mem3Global, mem3)
+
+/*
+** Unlink the chunk at mem3.aPool[i] from list it is currently
+** on.  *pRoot is the list that i is a member of.
+*/
+static void memsys3UnlinkFromList(u32 i, u32 *pRoot){
+  u32 next = mem3.aPool[i].u.list.next;
+  u32 prev = mem3.aPool[i].u.list.prev;
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  if( prev==0 ){
+    *pRoot = next;
+  }else{
+    mem3.aPool[prev].u.list.next = next;
+  }
+  if( next ){
+    mem3.aPool[next].u.list.prev = prev;
+  }
+  mem3.aPool[i].u.list.next = 0;
+  mem3.aPool[i].u.list.prev = 0;
+}
+
+/*
+** Unlink the chunk at index i from 
+** whatever list is currently a member of.
+*/
+static void memsys3Unlink(u32 i){
+  u32 size, hash;
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  assert( (mem3.aPool[i-1].u.hdr.size4x & 1)==0 );
+  assert( i>=1 );
+  size = mem3.aPool[i-1].u.hdr.size4x/4;
+  assert( size==mem3.aPool[i+size-1].u.hdr.prevSize );
+  assert( size>=2 );
+  if( size <= MX_SMALL ){
+    memsys3UnlinkFromList(i, &mem3.aiSmall[size-2]);
+  }else{
+    hash = size % N_HASH;
+    memsys3UnlinkFromList(i, &mem3.aiHash[hash]);
+  }
+}
+
+/*
+** Link the chunk at mem3.aPool[i] so that is on the list rooted
+** at *pRoot.
+*/
+static void memsys3LinkIntoList(u32 i, u32 *pRoot){
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  mem3.aPool[i].u.list.next = *pRoot;
+  mem3.aPool[i].u.list.prev = 0;
+  if( *pRoot ){
+    mem3.aPool[*pRoot].u.list.prev = i;
+  }
+  *pRoot = i;
+}
+
+/*
+** Link the chunk at index i into either the appropriate
+** small chunk list, or into the large chunk hash table.
+*/
+static void memsys3Link(u32 i){
+  u32 size, hash;
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  assert( i>=1 );
+  assert( (mem3.aPool[i-1].u.hdr.size4x & 1)==0 );
+  size = mem3.aPool[i-1].u.hdr.size4x/4;
+  assert( size==mem3.aPool[i+size-1].u.hdr.prevSize );
+  assert( size>=2 );
+  if( size <= MX_SMALL ){
+    memsys3LinkIntoList(i, &mem3.aiSmall[size-2]);
+  }else{
+    hash = size % N_HASH;
+    memsys3LinkIntoList(i, &mem3.aiHash[hash]);
+  }
+}
+
+/*
+** If the STATIC_MEM mutex is not already held, obtain it now. The mutex
+** will already be held (obtained by code in malloc.c) if
+** sqlite3GlobalConfig.bMemStat is true.
+*/
+static void memsys3Enter(void){
+  if( sqlite3GlobalConfig.bMemstat==0 && mem3.mutex==0 ){
+    mem3.mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MEM);
+  }
+  sqlite3_mutex_enter(mem3.mutex);
+}
+static void memsys3Leave(void){
+  sqlite3_mutex_leave(mem3.mutex);
+}
+
+/*
+** Called when we are unable to satisfy an allocation of nBytes.
+*/
+static void memsys3OutOfMemory(int nByte){
+  if( !mem3.alarmBusy ){
+    mem3.alarmBusy = 1;
+    assert( sqlite3_mutex_held(mem3.mutex) );
+    sqlite3_mutex_leave(mem3.mutex);
+    sqlite3_release_memory(nByte);
+    sqlite3_mutex_enter(mem3.mutex);
+    mem3.alarmBusy = 0;
+  }
+}
+
+
+/*
+** Chunk i is a free chunk that has been unlinked.  Adjust its 
+** size parameters for check-out and return a pointer to the 
+** user portion of the chunk.
+*/
+static void *memsys3Checkout(u32 i, u32 nBlock){
+  u32 x;
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  assert( i>=1 );
+  assert( mem3.aPool[i-1].u.hdr.size4x/4==nBlock );
+  assert( mem3.aPool[i+nBlock-1].u.hdr.prevSize==nBlock );
+  x = mem3.aPool[i-1].u.hdr.size4x;
+  mem3.aPool[i-1].u.hdr.size4x = nBlock*4 | 1 | (x&2);
+  mem3.aPool[i+nBlock-1].u.hdr.prevSize = nBlock;
+  mem3.aPool[i+nBlock-1].u.hdr.size4x |= 2;
+  return &mem3.aPool[i];
+}
+
+/*
+** Carve a piece off of the end of the mem3.iMaster free chunk.
+** Return a pointer to the new allocation.  Or, if the master chunk
+** is not large enough, return 0.
+*/
+static void *memsys3FromMaster(u32 nBlock){
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  assert( mem3.szMaster>=nBlock );
+  if( nBlock>=mem3.szMaster-1 ){
+    /* Use the entire master */
+    void *p = memsys3Checkout(mem3.iMaster, mem3.szMaster);
+    mem3.iMaster = 0;
+    mem3.szMaster = 0;
+    mem3.mnMaster = 0;
+    return p;
+  }else{
+    /* Split the master block.  Return the tail. */
+    u32 newi, x;
+    newi = mem3.iMaster + mem3.szMaster - nBlock;
+    assert( newi > mem3.iMaster+1 );
+    mem3.aPool[mem3.iMaster+mem3.szMaster-1].u.hdr.prevSize = nBlock;
+    mem3.aPool[mem3.iMaster+mem3.szMaster-1].u.hdr.size4x |= 2;
+    mem3.aPool[newi-1].u.hdr.size4x = nBlock*4 + 1;
+    mem3.szMaster -= nBlock;
+    mem3.aPool[newi-1].u.hdr.prevSize = mem3.szMaster;
+    x = mem3.aPool[mem3.iMaster-1].u.hdr.size4x & 2;
+    mem3.aPool[mem3.iMaster-1].u.hdr.size4x = mem3.szMaster*4 | x;
+    if( mem3.szMaster < mem3.mnMaster ){
+      mem3.mnMaster = mem3.szMaster;
+    }
+    return (void*)&mem3.aPool[newi];
+  }
+}
+
+/*
+** *pRoot is the head of a list of free chunks of the same size
+** or same size hash.  In other words, *pRoot is an entry in either
+** mem3.aiSmall[] or mem3.aiHash[].  
+**
+** This routine examines all entries on the given list and tries
+** to coalesce each entries with adjacent free chunks.  
+**
+** If it sees a chunk that is larger than mem3.iMaster, it replaces 
+** the current mem3.iMaster with the new larger chunk.  In order for
+** this mem3.iMaster replacement to work, the master chunk must be
+** linked into the hash tables.  That is not the normal state of
+** affairs, of course.  The calling routine must link the master
+** chunk before invoking this routine, then must unlink the (possibly
+** changed) master chunk once this routine has finished.
+*/
+static void memsys3Merge(u32 *pRoot){
+  u32 iNext, prev, size, i, x;
+
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  for(i=*pRoot; i>0; i=iNext){
+    iNext = mem3.aPool[i].u.list.next;
+    size = mem3.aPool[i-1].u.hdr.size4x;
+    assert( (size&1)==0 );
+    if( (size&2)==0 ){
+      memsys3UnlinkFromList(i, pRoot);
+      assert( i > mem3.aPool[i-1].u.hdr.prevSize );
+      prev = i - mem3.aPool[i-1].u.hdr.prevSize;
+      if( prev==iNext ){
+        iNext = mem3.aPool[prev].u.list.next;
+      }
+      memsys3Unlink(prev);
+      size = i + size/4 - prev;
+      x = mem3.aPool[prev-1].u.hdr.size4x & 2;
+      mem3.aPool[prev-1].u.hdr.size4x = size*4 | x;
+      mem3.aPool[prev+size-1].u.hdr.prevSize = size;
+      memsys3Link(prev);
+      i = prev;
+    }else{
+      size /= 4;
+    }
+    if( size>mem3.szMaster ){
+      mem3.iMaster = i;
+      mem3.szMaster = size;
+    }
+  }
+}
+
+/*
+** Return a block of memory of at least nBytes in size.
+** Return NULL if unable.
+**
+** This function assumes that the necessary mutexes, if any, are
+** already held by the caller. Hence "Unsafe".
+*/
+static void *memsys3MallocUnsafe(int nByte){
+  u32 i;
+  u32 nBlock;
+  u32 toFree;
+
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  assert( sizeof(Mem3Block)==8 );
+  if( nByte<=12 ){
+    nBlock = 2;
+  }else{
+    nBlock = (nByte + 11)/8;
+  }
+  assert( nBlock>=2 );
+
+  /* STEP 1:
+  ** Look for an entry of the correct size in either the small
+  ** chunk table or in the large chunk hash table.  This is
+  ** successful most of the time (about 9 times out of 10).
+  */
+  if( nBlock <= MX_SMALL ){
+    i = mem3.aiSmall[nBlock-2];
+    if( i>0 ){
+      memsys3UnlinkFromList(i, &mem3.aiSmall[nBlock-2]);
+      return memsys3Checkout(i, nBlock);
+    }
+  }else{
+    int hash = nBlock % N_HASH;
+    for(i=mem3.aiHash[hash]; i>0; i=mem3.aPool[i].u.list.next){
+      if( mem3.aPool[i-1].u.hdr.size4x/4==nBlock ){
+        memsys3UnlinkFromList(i, &mem3.aiHash[hash]);
+        return memsys3Checkout(i, nBlock);
+      }
+    }
+  }
+
+  /* STEP 2:
+  ** Try to satisfy the allocation by carving a piece off of the end
+  ** of the master chunk.  This step usually works if step 1 fails.
+  */
+  if( mem3.szMaster>=nBlock ){
+    return memsys3FromMaster(nBlock);
+  }
+
+
+  /* STEP 3:  
+  ** Loop through the entire memory pool.  Coalesce adjacent free
+  ** chunks.  Recompute the master chunk as the largest free chunk.
+  ** Then try again to satisfy the allocation by carving a piece off
+  ** of the end of the master chunk.  This step happens very
+  ** rarely (we hope!)
+  */
+  for(toFree=nBlock*16; toFree<(mem3.nPool*16); toFree *= 2){
+    memsys3OutOfMemory(toFree);
+    if( mem3.iMaster ){
+      memsys3Link(mem3.iMaster);
+      mem3.iMaster = 0;
+      mem3.szMaster = 0;
+    }
+    for(i=0; i<N_HASH; i++){
+      memsys3Merge(&mem3.aiHash[i]);
+    }
+    for(i=0; i<MX_SMALL-1; i++){
+      memsys3Merge(&mem3.aiSmall[i]);
+    }
+    if( mem3.szMaster ){
+      memsys3Unlink(mem3.iMaster);
+      if( mem3.szMaster>=nBlock ){
+        return memsys3FromMaster(nBlock);
+      }
+    }
+  }
+
+  /* If none of the above worked, then we fail. */
+  return 0;
+}
+
+/*
+** Free an outstanding memory allocation.
+**
+** This function assumes that the necessary mutexes, if any, are
+** already held by the caller. Hence "Unsafe".
+*/
+static void memsys3FreeUnsafe(void *pOld){
+  Mem3Block *p = (Mem3Block*)pOld;
+  int i;
+  u32 size, x;
+  assert( sqlite3_mutex_held(mem3.mutex) );
+  assert( p>mem3.aPool && p<&mem3.aPool[mem3.nPool] );
+  i = p - mem3.aPool;
+  assert( (mem3.aPool[i-1].u.hdr.size4x&1)==1 );
+  size = mem3.aPool[i-1].u.hdr.size4x/4;
+  assert( i+size<=mem3.nPool+1 );
+  mem3.aPool[i-1].u.hdr.size4x &= ~1;
+  mem3.aPool[i+size-1].u.hdr.prevSize = size;
+  mem3.aPool[i+size-1].u.hdr.size4x &= ~2;
+  memsys3Link(i);
+
+  /* Try to expand the master using the newly freed chunk */
+  if( mem3.iMaster ){
+    while( (mem3.aPool[mem3.iMaster-1].u.hdr.size4x&2)==0 ){
+      size = mem3.aPool[mem3.iMaster-1].u.hdr.prevSize;
+      mem3.iMaster -= size;
+      mem3.szMaster += size;
+      memsys3Unlink(mem3.iMaster);
+      x = mem3.aPool[mem3.iMaster-1].u.hdr.size4x & 2;
+      mem3.aPool[mem3.iMaster-1].u.hdr.size4x = mem3.szMaster*4 | x;
+      mem3.aPool[mem3.iMaster+mem3.szMaster-1].u.hdr.prevSize = mem3.szMaster;
+    }
+    x = mem3.aPool[mem3.iMaster-1].u.hdr.size4x & 2;
+    while( (mem3.aPool[mem3.iMaster+mem3.szMaster-1].u.hdr.size4x&1)==0 ){
+      memsys3Unlink(mem3.iMaster+mem3.szMaster);
+      mem3.szMaster += mem3.aPool[mem3.iMaster+mem3.szMaster-1].u.hdr.size4x/4;
+      mem3.aPool[mem3.iMaster-1].u.hdr.size4x = mem3.szMaster*4 | x;
+      mem3.aPool[mem3.iMaster+mem3.szMaster-1].u.hdr.prevSize = mem3.szMaster;
+    }
+  }
+}
+
+/*
+** Return the size of an outstanding allocation, in bytes.  The
+** size returned omits the 8-byte header overhead.  This only
+** works for chunks that are currently checked out.
+*/
+static int memsys3Size(void *p){
+  Mem3Block *pBlock;
+  assert( p!=0 );
+  pBlock = (Mem3Block*)p;
+  assert( (pBlock[-1].u.hdr.size4x&1)!=0 );
+  return (pBlock[-1].u.hdr.size4x&~3)*2 - 4;
+}
+
+/*
+** Round up a request size to the next valid allocation size.
+*/
+static int memsys3Roundup(int n){
+  if( n<=12 ){
+    return 12;
+  }else{
+    return ((n+11)&~7) - 4;
+  }
+}
+
+/*
+** Allocate nBytes of memory.
+*/
+static void *memsys3Malloc(int nBytes){
+  sqlite3_int64 *p;
+  assert( nBytes>0 );          /* malloc.c filters out 0 byte requests */
+  memsys3Enter();
+  p = memsys3MallocUnsafe(nBytes);
+  memsys3Leave();
+  return (void*)p; 
+}
+
+/*
+** Free memory.
+*/
+static void memsys3Free(void *pPrior){
+  assert( pPrior );
+  memsys3Enter();
+  memsys3FreeUnsafe(pPrior);
+  memsys3Leave();
+}
+
+/*
+** Change the size of an existing memory allocation
+*/
+static void *memsys3Realloc(void *pPrior, int nBytes){
+  int nOld;
+  void *p;
+  if( pPrior==0 ){
+    return sqlite3_malloc(nBytes);
+  }
+  if( nBytes<=0 ){
+    sqlite3_free(pPrior);
+    return 0;
+  }
+  nOld = memsys3Size(pPrior);
+  if( nBytes<=nOld && nBytes>=nOld-128 ){
+    return pPrior;
+  }
+  memsys3Enter();
+  p = memsys3MallocUnsafe(nBytes);
+  if( p ){
+    if( nOld<nBytes ){
+      memcpy(p, pPrior, nOld);
+    }else{
+      memcpy(p, pPrior, nBytes);
+    }
+    memsys3FreeUnsafe(pPrior);
+  }
+  memsys3Leave();
+  return p;
+}
+
+/*
+** Initialize this module.
+*/
+static int memsys3Init(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  if( !sqlite3GlobalConfig.pHeap ){
+    return SQLITE_ERROR;
+  }
+
+  /* Store a pointer to the memory block in global structure mem3. */
+  assert( sizeof(Mem3Block)==8 );
+  mem3.aPool = (Mem3Block *)sqlite3GlobalConfig.pHeap;
+  mem3.nPool = (sqlite3GlobalConfig.nHeap / sizeof(Mem3Block)) - 2;
+
+  /* Initialize the master block. */
+  mem3.szMaster = mem3.nPool;
+  mem3.mnMaster = mem3.szMaster;
+  mem3.iMaster = 1;
+  mem3.aPool[0].u.hdr.size4x = (mem3.szMaster<<2) + 2;
+  mem3.aPool[mem3.nPool].u.hdr.prevSize = mem3.nPool;
+  mem3.aPool[mem3.nPool].u.hdr.size4x = 1;
+
+  return SQLITE_OK;
+}
+
+/*
+** Deinitialize this module.
+*/
+static void memsys3Shutdown(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  mem3.mutex = 0;
+  return;
+}
+
+
+
+/*
+** Open the file indicated and write a log of all unfreed memory 
+** allocations into that log.
+*/
+SQLITE_PRIVATE void sqlite3Memsys3Dump(const char *zFilename){
+#ifdef SQLITE_DEBUG
+  FILE *out;
+  u32 i, j;
+  u32 size;
+  if( zFilename==0 || zFilename[0]==0 ){
+    out = stdout;
+  }else{
+    out = fopen(zFilename, "w");
+    if( out==0 ){
+      fprintf(stderr, "** Unable to output memory debug output log: %s **\n",
+                      zFilename);
+      return;
+    }
+  }
+  memsys3Enter();
+  fprintf(out, "CHUNKS:\n");
+  for(i=1; i<=mem3.nPool; i+=size/4){
+    size = mem3.aPool[i-1].u.hdr.size4x;
+    if( size/4<=1 ){
+      fprintf(out, "%p size error\n", &mem3.aPool[i]);
+      assert( 0 );
+      break;
+    }
+    if( (size&1)==0 && mem3.aPool[i+size/4-1].u.hdr.prevSize!=size/4 ){
+      fprintf(out, "%p tail size does not match\n", &mem3.aPool[i]);
+      assert( 0 );
+      break;
+    }
+    if( ((mem3.aPool[i+size/4-1].u.hdr.size4x&2)>>1)!=(size&1) ){
+      fprintf(out, "%p tail checkout bit is incorrect\n", &mem3.aPool[i]);
+      assert( 0 );
+      break;
+    }
+    if( size&1 ){
+      fprintf(out, "%p %6d bytes checked out\n", &mem3.aPool[i], (size/4)*8-8);
+    }else{
+      fprintf(out, "%p %6d bytes free%s\n", &mem3.aPool[i], (size/4)*8-8,
+                  i==mem3.iMaster ? " **master**" : "");
+    }
+  }
+  for(i=0; i<MX_SMALL-1; i++){
+    if( mem3.aiSmall[i]==0 ) continue;
+    fprintf(out, "small(%2d):", i);
+    for(j = mem3.aiSmall[i]; j>0; j=mem3.aPool[j].u.list.next){
+      fprintf(out, " %p(%d)", &mem3.aPool[j],
+              (mem3.aPool[j-1].u.hdr.size4x/4)*8-8);
+    }
+    fprintf(out, "\n"); 
+  }
+  for(i=0; i<N_HASH; i++){
+    if( mem3.aiHash[i]==0 ) continue;
+    fprintf(out, "hash(%2d):", i);
+    for(j = mem3.aiHash[i]; j>0; j=mem3.aPool[j].u.list.next){
+      fprintf(out, " %p(%d)", &mem3.aPool[j],
+              (mem3.aPool[j-1].u.hdr.size4x/4)*8-8);
+    }
+    fprintf(out, "\n"); 
+  }
+  fprintf(out, "master=%d\n", mem3.iMaster);
+  fprintf(out, "nowUsed=%d\n", mem3.nPool*8 - mem3.szMaster*8);
+  fprintf(out, "mxUsed=%d\n", mem3.nPool*8 - mem3.mnMaster*8);
+  sqlite3_mutex_leave(mem3.mutex);
+  if( out==stdout ){
+    fflush(stdout);
+  }else{
+    fclose(out);
+  }
+#else
+  UNUSED_PARAMETER(zFilename);
+#endif
+}
+
+/*
+** This routine is the only routine in this file with external 
+** linkage.
+**
+** Populate the low-level memory allocation function pointers in
+** sqlite3GlobalConfig.m with pointers to the routines in this file. The
+** arguments specify the block of memory to manage.
+**
+** This routine is only called by sqlite3_config(), and therefore
+** is not required to be threadsafe (it is not).
+*/
+SQLITE_PRIVATE const sqlite3_mem_methods *sqlite3MemGetMemsys3(void){
+  static const sqlite3_mem_methods mempoolMethods = {
+     memsys3Malloc,
+     memsys3Free,
+     memsys3Realloc,
+     memsys3Size,
+     memsys3Roundup,
+     memsys3Init,
+     memsys3Shutdown,
+     0
+  };
+  return &mempoolMethods;
+}
+
+#endif /* SQLITE_ENABLE_MEMSYS3 */
+
+/************** End of mem3.c ************************************************/
+/************** Begin file mem5.c ********************************************/
+/*
+** 2007 October 14
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C functions that implement a memory
+** allocation subsystem for use by SQLite. 
+**
+** This version of the memory allocation subsystem omits all
+** use of malloc(). The application gives SQLite a block of memory
+** before calling sqlite3_initialize() from which allocations
+** are made and returned by the xMalloc() and xRealloc() 
+** implementations. Once sqlite3_initialize() has been called,
+** the amount of memory available to SQLite is fixed and cannot
+** be changed.
+**
+** This version of the memory allocation subsystem is included
+** in the build only if SQLITE_ENABLE_MEMSYS5 is defined.
+**
+** This memory allocator uses the following algorithm:
+**
+**   1.  All memory allocation sizes are rounded up to a power of 2.
+**
+**   2.  If two adjacent free blocks are the halves of a larger block,
+**       then the two blocks are coalesced into the single larger block.
+**
+**   3.  New memory is allocated from the first available free block.
+**
+** This algorithm is described in: J. M. Robson. "Bounds for Some Functions
+** Concerning Dynamic Storage Allocation". Journal of the Association for
+** Computing Machinery, Volume 21, Number 8, July 1974, pages 491-499.
+** 
+** Let n be the size of the largest allocation divided by the minimum
+** allocation size (after rounding all sizes up to a power of 2.)  Let M
+** be the maximum amount of memory ever outstanding at one time.  Let
+** N be the total amount of memory available for allocation.  Robson
+** proved that this memory allocator will never breakdown due to 
+** fragmentation as long as the following constraint holds:
+**
+**      N >=  M*(1 + log2(n)/2) - n + 1
+**
+** The sqlite3_status() logic tracks the maximum values of n and M so
+** that an application can, at any time, verify this constraint.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** This version of the memory allocator is used only when 
+** SQLITE_ENABLE_MEMSYS5 is defined.
+*/
+#ifdef SQLITE_ENABLE_MEMSYS5
+
+/*
+** A minimum allocation is an instance of the following structure.
+** Larger allocations are an array of these structures where the
+** size of the array is a power of 2.
+**
+** The size of this object must be a power of two.  That fact is
+** verified in memsys5Init().
+*/
+typedef struct Mem5Link Mem5Link;
+struct Mem5Link {
+  int next;       /* Index of next free chunk */
+  int prev;       /* Index of previous free chunk */
+};
+
+/*
+** Maximum size of any allocation is ((1<<LOGMAX)*mem5.szAtom). Since
+** mem5.szAtom is always at least 8 and 32-bit integers are used,
+** it is not actually possible to reach this limit.
+*/
+#define LOGMAX 30
+
+/*
+** Masks used for mem5.aCtrl[] elements.
+*/
+#define CTRL_LOGSIZE  0x1f    /* Log2 Size of this block */
+#define CTRL_FREE     0x20    /* True if not checked out */
+
+/*
+** All of the static variables used by this module are collected
+** into a single structure named "mem5".  This is to keep the
+** static variables organized and to reduce namespace pollution
+** when this module is combined with other in the amalgamation.
+*/
+static SQLITE_WSD struct Mem5Global {
+  /*
+  ** Memory available for allocation
+  */
+  int szAtom;      /* Smallest possible allocation in bytes */
+  int nBlock;      /* Number of szAtom sized blocks in zPool */
+  u8 *zPool;       /* Memory available to be allocated */
+  
+  /*
+  ** Mutex to control access to the memory allocation subsystem.
+  */
+  sqlite3_mutex *mutex;
+
+  /*
+  ** Performance statistics
+  */
+  u64 nAlloc;         /* Total number of calls to malloc */
+  u64 totalAlloc;     /* Total of all malloc calls - includes internal frag */
+  u64 totalExcess;    /* Total internal fragmentation */
+  u32 currentOut;     /* Current checkout, including internal fragmentation */
+  u32 currentCount;   /* Current number of distinct checkouts */
+  u32 maxOut;         /* Maximum instantaneous currentOut */
+  u32 maxCount;       /* Maximum instantaneous currentCount */
+  u32 maxRequest;     /* Largest allocation (exclusive of internal frag) */
+  
+  /*
+  ** Lists of free blocks.  aiFreelist[0] is a list of free blocks of
+  ** size mem5.szAtom.  aiFreelist[1] holds blocks of size szAtom*2.
+  ** aiFreelist[2] holds free blocks of size szAtom*4.  And so forth.
+  */
+  int aiFreelist[LOGMAX+1];
+
+  /*
+  ** Space for tracking which blocks are checked out and the size
+  ** of each block.  One byte per block.
+  */
+  u8 *aCtrl;
+
+} mem5;
+
+/*
+** Access the static variable through a macro for SQLITE_OMIT_WSD.
+*/
+#define mem5 GLOBAL(struct Mem5Global, mem5)
+
+/*
+** Assuming mem5.zPool is divided up into an array of Mem5Link
+** structures, return a pointer to the idx-th such link.
+*/
+#define MEM5LINK(idx) ((Mem5Link *)(&mem5.zPool[(idx)*mem5.szAtom]))
+
+/*
+** Unlink the chunk at mem5.aPool[i] from list it is currently
+** on.  It should be found on mem5.aiFreelist[iLogsize].
+*/
+static void memsys5Unlink(int i, int iLogsize){
+  int next, prev;
+  assert( i>=0 && i<mem5.nBlock );
+  assert( iLogsize>=0 && iLogsize<=LOGMAX );
+  assert( (mem5.aCtrl[i] & CTRL_LOGSIZE)==iLogsize );
+
+  next = MEM5LINK(i)->next;
+  prev = MEM5LINK(i)->prev;
+  if( prev<0 ){
+    mem5.aiFreelist[iLogsize] = next;
+  }else{
+    MEM5LINK(prev)->next = next;
+  }
+  if( next>=0 ){
+    MEM5LINK(next)->prev = prev;
+  }
+}
+
+/*
+** Link the chunk at mem5.aPool[i] so that is on the iLogsize
+** free list.
+*/
+static void memsys5Link(int i, int iLogsize){
+  int x;
+  assert( sqlite3_mutex_held(mem5.mutex) );
+  assert( i>=0 && i<mem5.nBlock );
+  assert( iLogsize>=0 && iLogsize<=LOGMAX );
+  assert( (mem5.aCtrl[i] & CTRL_LOGSIZE)==iLogsize );
+
+  x = MEM5LINK(i)->next = mem5.aiFreelist[iLogsize];
+  MEM5LINK(i)->prev = -1;
+  if( x>=0 ){
+    assert( x<mem5.nBlock );
+    MEM5LINK(x)->prev = i;
+  }
+  mem5.aiFreelist[iLogsize] = i;
+}
+
+/*
+** Obtain or release the mutex needed to access global data structures.
+*/
+static void memsys5Enter(void){
+  sqlite3_mutex_enter(mem5.mutex);
+}
+static void memsys5Leave(void){
+  sqlite3_mutex_leave(mem5.mutex);
+}
+
+/*
+** Return the size of an outstanding allocation, in bytes.
+** This only works for chunks that are currently checked out.
+*/
+static int memsys5Size(void *p){
+  int iSize, i;
+  assert( p!=0 );
+  i = (int)(((u8 *)p-mem5.zPool)/mem5.szAtom);
+  assert( i>=0 && i<mem5.nBlock );
+  iSize = mem5.szAtom * (1 << (mem5.aCtrl[i]&CTRL_LOGSIZE));
+  return iSize;
+}
+
+/*
+** Return a block of memory of at least nBytes in size.
+** Return NULL if unable.  Return NULL if nBytes==0.
+**
+** The caller guarantees that nByte is positive.
+**
+** The caller has obtained a mutex prior to invoking this
+** routine so there is never any chance that two or more
+** threads can be in this routine at the same time.
+*/
+static void *memsys5MallocUnsafe(int nByte){
+  int i;           /* Index of a mem5.aPool[] slot */
+  int iBin;        /* Index into mem5.aiFreelist[] */
+  int iFullSz;     /* Size of allocation rounded up to power of 2 */
+  int iLogsize;    /* Log2 of iFullSz/POW2_MIN */
+
+  /* nByte must be a positive */
+  assert( nByte>0 );
+
+  /* Keep track of the maximum allocation request.  Even unfulfilled
+  ** requests are counted */
+  if( (u32)nByte>mem5.maxRequest ){
+    /* Abort if the requested allocation size is larger than the largest
+    ** power of two that we can represent using 32-bit signed integers. */
+    if( nByte > 0x40000000 ) return 0;
+    mem5.maxRequest = nByte;
+  }
+
+  /* Round nByte up to the next valid power of two */
+  for(iFullSz=mem5.szAtom,iLogsize=0; iFullSz<nByte; iFullSz*=2,iLogsize++){}
+
+  /* Make sure mem5.aiFreelist[iLogsize] contains at least one free
+  ** block.  If not, then split a block of the next larger power of
+  ** two in order to create a new free block of size iLogsize.
+  */
+  for(iBin=iLogsize; iBin<=LOGMAX && mem5.aiFreelist[iBin]<0; iBin++){}
+  if( iBin>LOGMAX ){
+    testcase( sqlite3GlobalConfig.xLog!=0 );
+    sqlite3_log(SQLITE_NOMEM, "failed to allocate %u bytes", nByte);
+    return 0;
+  }
+  i = mem5.aiFreelist[iBin];
+  memsys5Unlink(i, iBin);
+  while( iBin>iLogsize ){
+    int newSize;
+
+    iBin--;
+    newSize = 1 << iBin;
+    mem5.aCtrl[i+newSize] = CTRL_FREE | iBin;
+    memsys5Link(i+newSize, iBin);
+  }
+  mem5.aCtrl[i] = iLogsize;
+
+  /* Update allocator performance statistics. */
+  mem5.nAlloc++;
+  mem5.totalAlloc += iFullSz;
+  mem5.totalExcess += iFullSz - nByte;
+  mem5.currentCount++;
+  mem5.currentOut += iFullSz;
+  if( mem5.maxCount<mem5.currentCount ) mem5.maxCount = mem5.currentCount;
+  if( mem5.maxOut<mem5.currentOut ) mem5.maxOut = mem5.currentOut;
+
+#ifdef SQLITE_DEBUG
+  /* Make sure the allocated memory does not assume that it is set to zero
+  ** or retains a value from a previous allocation */
+  memset(&mem5.zPool[i*mem5.szAtom], 0xAA, iFullSz);
+#endif
+
+  /* Return a pointer to the allocated memory. */
+  return (void*)&mem5.zPool[i*mem5.szAtom];
+}
+
+/*
+** Free an outstanding memory allocation.
+*/
+static void memsys5FreeUnsafe(void *pOld){
+  u32 size, iLogsize;
+  int iBlock;
+
+  /* Set iBlock to the index of the block pointed to by pOld in 
+  ** the array of mem5.szAtom byte blocks pointed to by mem5.zPool.
+  */
+  iBlock = (int)(((u8 *)pOld-mem5.zPool)/mem5.szAtom);
+
+  /* Check that the pointer pOld points to a valid, non-free block. */
+  assert( iBlock>=0 && iBlock<mem5.nBlock );
+  assert( ((u8 *)pOld-mem5.zPool)%mem5.szAtom==0 );
+  assert( (mem5.aCtrl[iBlock] & CTRL_FREE)==0 );
+
+  iLogsize = mem5.aCtrl[iBlock] & CTRL_LOGSIZE;
+  size = 1<<iLogsize;
+  assert( iBlock+size-1<(u32)mem5.nBlock );
+
+  mem5.aCtrl[iBlock] |= CTRL_FREE;
+  mem5.aCtrl[iBlock+size-1] |= CTRL_FREE;
+  assert( mem5.currentCount>0 );
+  assert( mem5.currentOut>=(size*mem5.szAtom) );
+  mem5.currentCount--;
+  mem5.currentOut -= size*mem5.szAtom;
+  assert( mem5.currentOut>0 || mem5.currentCount==0 );
+  assert( mem5.currentCount>0 || mem5.currentOut==0 );
+
+  mem5.aCtrl[iBlock] = CTRL_FREE | iLogsize;
+  while( ALWAYS(iLogsize<LOGMAX) ){
+    int iBuddy;
+    if( (iBlock>>iLogsize) & 1 ){
+      iBuddy = iBlock - size;
+    }else{
+      iBuddy = iBlock + size;
+    }
+    assert( iBuddy>=0 );
+    if( (iBuddy+(1<<iLogsize))>mem5.nBlock ) break;
+    if( mem5.aCtrl[iBuddy]!=(CTRL_FREE | iLogsize) ) break;
+    memsys5Unlink(iBuddy, iLogsize);
+    iLogsize++;
+    if( iBuddy<iBlock ){
+      mem5.aCtrl[iBuddy] = CTRL_FREE | iLogsize;
+      mem5.aCtrl[iBlock] = 0;
+      iBlock = iBuddy;
+    }else{
+      mem5.aCtrl[iBlock] = CTRL_FREE | iLogsize;
+      mem5.aCtrl[iBuddy] = 0;
+    }
+    size *= 2;
+  }
+
+#ifdef SQLITE_DEBUG
+  /* Overwrite freed memory with the 0x55 bit pattern to verify that it is
+  ** not used after being freed */
+  memset(&mem5.zPool[iBlock*mem5.szAtom], 0x55, size);
+#endif
+
+  memsys5Link(iBlock, iLogsize);
+}
+
+/*
+** Allocate nBytes of memory.
+*/
+static void *memsys5Malloc(int nBytes){
+  sqlite3_int64 *p = 0;
+  if( nBytes>0 ){
+    memsys5Enter();
+    p = memsys5MallocUnsafe(nBytes);
+    memsys5Leave();
+  }
+  return (void*)p; 
+}
+
+/*
+** Free memory.
+**
+** The outer layer memory allocator prevents this routine from
+** being called with pPrior==0.
+*/
+static void memsys5Free(void *pPrior){
+  assert( pPrior!=0 );
+  memsys5Enter();
+  memsys5FreeUnsafe(pPrior);
+  memsys5Leave();  
+}
+
+/*
+** Change the size of an existing memory allocation.
+**
+** The outer layer memory allocator prevents this routine from
+** being called with pPrior==0.  
+**
+** nBytes is always a value obtained from a prior call to
+** memsys5Round().  Hence nBytes is always a non-negative power
+** of two.  If nBytes==0 that means that an oversize allocation
+** (an allocation larger than 0x40000000) was requested and this
+** routine should return 0 without freeing pPrior.
+*/
+static void *memsys5Realloc(void *pPrior, int nBytes){
+  int nOld;
+  void *p;
+  assert( pPrior!=0 );
+  assert( (nBytes&(nBytes-1))==0 );  /* EV: R-46199-30249 */
+  assert( nBytes>=0 );
+  if( nBytes==0 ){
+    return 0;
+  }
+  nOld = memsys5Size(pPrior);
+  if( nBytes<=nOld ){
+    return pPrior;
+  }
+  p = memsys5Malloc(nBytes);
+  if( p ){
+    memcpy(p, pPrior, nOld);
+    memsys5Free(pPrior);
+  }
+  return p;
+}
+
+/*
+** Round up a request size to the next valid allocation size.  If
+** the allocation is too large to be handled by this allocation system,
+** return 0.
+**
+** All allocations must be a power of two and must be expressed by a
+** 32-bit signed integer.  Hence the largest allocation is 0x40000000
+** or 1073741824 bytes.
+*/
+static int memsys5Roundup(int n){
+  int iFullSz;
+  if( n > 0x40000000 ) return 0;
+  for(iFullSz=mem5.szAtom; iFullSz<n; iFullSz *= 2);
+  return iFullSz;
+}
+
+/*
+** Return the ceiling of the logarithm base 2 of iValue.
+**
+** Examples:   memsys5Log(1) -> 0
+**             memsys5Log(2) -> 1
+**             memsys5Log(4) -> 2
+**             memsys5Log(5) -> 3
+**             memsys5Log(8) -> 3
+**             memsys5Log(9) -> 4
+*/
+static int memsys5Log(int iValue){
+  int iLog;
+  for(iLog=0; (iLog<(int)((sizeof(int)*8)-1)) && (1<<iLog)<iValue; iLog++);
+  return iLog;
+}
+
+/*
+** Initialize the memory allocator.
+**
+** This routine is not threadsafe.  The caller must be holding a mutex
+** to prevent multiple threads from entering at the same time.
+*/
+static int memsys5Init(void *NotUsed){
+  int ii;            /* Loop counter */
+  int nByte;         /* Number of bytes of memory available to this allocator */
+  u8 *zByte;         /* Memory usable by this allocator */
+  int nMinLog;       /* Log base 2 of minimum allocation size in bytes */
+  int iOffset;       /* An offset into mem5.aCtrl[] */
+
+  UNUSED_PARAMETER(NotUsed);
+
+  /* For the purposes of this routine, disable the mutex */
+  mem5.mutex = 0;
+
+  /* The size of a Mem5Link object must be a power of two.  Verify that
+  ** this is case.
+  */
+  assert( (sizeof(Mem5Link)&(sizeof(Mem5Link)-1))==0 );
+
+  nByte = sqlite3GlobalConfig.nHeap;
+  zByte = (u8*)sqlite3GlobalConfig.pHeap;
+  assert( zByte!=0 );  /* sqlite3_config() does not allow otherwise */
+
+  /* boundaries on sqlite3GlobalConfig.mnReq are enforced in sqlite3_config() */
+  nMinLog = memsys5Log(sqlite3GlobalConfig.mnReq);
+  mem5.szAtom = (1<<nMinLog);
+  while( (int)sizeof(Mem5Link)>mem5.szAtom ){
+    mem5.szAtom = mem5.szAtom << 1;
+  }
+
+  mem5.nBlock = (nByte / (mem5.szAtom+sizeof(u8)));
+  mem5.zPool = zByte;
+  mem5.aCtrl = (u8 *)&mem5.zPool[mem5.nBlock*mem5.szAtom];
+
+  for(ii=0; ii<=LOGMAX; ii++){
+    mem5.aiFreelist[ii] = -1;
+  }
+
+  iOffset = 0;
+  for(ii=LOGMAX; ii>=0; ii--){
+    int nAlloc = (1<<ii);
+    if( (iOffset+nAlloc)<=mem5.nBlock ){
+      mem5.aCtrl[iOffset] = ii | CTRL_FREE;
+      memsys5Link(iOffset, ii);
+      iOffset += nAlloc;
+    }
+    assert((iOffset+nAlloc)>mem5.nBlock);
+  }
+
+  /* If a mutex is required for normal operation, allocate one */
+  if( sqlite3GlobalConfig.bMemstat==0 ){
+    mem5.mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MEM);
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Deinitialize this module.
+*/
+static void memsys5Shutdown(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  mem5.mutex = 0;
+  return;
+}
+
+#ifdef SQLITE_TEST
+/*
+** Open the file indicated and write a log of all unfreed memory 
+** allocations into that log.
+*/
+SQLITE_PRIVATE void sqlite3Memsys5Dump(const char *zFilename){
+  FILE *out;
+  int i, j, n;
+  int nMinLog;
+
+  if( zFilename==0 || zFilename[0]==0 ){
+    out = stdout;
+  }else{
+    out = fopen(zFilename, "w");
+    if( out==0 ){
+      fprintf(stderr, "** Unable to output memory debug output log: %s **\n",
+                      zFilename);
+      return;
+    }
+  }
+  memsys5Enter();
+  nMinLog = memsys5Log(mem5.szAtom);
+  for(i=0; i<=LOGMAX && i+nMinLog<32; i++){
+    for(n=0, j=mem5.aiFreelist[i]; j>=0; j = MEM5LINK(j)->next, n++){}
+    fprintf(out, "freelist items of size %d: %d\n", mem5.szAtom << i, n);
+  }
+  fprintf(out, "mem5.nAlloc       = %llu\n", mem5.nAlloc);
+  fprintf(out, "mem5.totalAlloc   = %llu\n", mem5.totalAlloc);
+  fprintf(out, "mem5.totalExcess  = %llu\n", mem5.totalExcess);
+  fprintf(out, "mem5.currentOut   = %u\n", mem5.currentOut);
+  fprintf(out, "mem5.currentCount = %u\n", mem5.currentCount);
+  fprintf(out, "mem5.maxOut       = %u\n", mem5.maxOut);
+  fprintf(out, "mem5.maxCount     = %u\n", mem5.maxCount);
+  fprintf(out, "mem5.maxRequest   = %u\n", mem5.maxRequest);
+  memsys5Leave();
+  if( out==stdout ){
+    fflush(stdout);
+  }else{
+    fclose(out);
+  }
+}
+#endif
+
+/*
+** This routine is the only routine in this file with external 
+** linkage. It returns a pointer to a static sqlite3_mem_methods
+** struct populated with the memsys5 methods.
+*/
+SQLITE_PRIVATE const sqlite3_mem_methods *sqlite3MemGetMemsys5(void){
+  static const sqlite3_mem_methods memsys5Methods = {
+     memsys5Malloc,
+     memsys5Free,
+     memsys5Realloc,
+     memsys5Size,
+     memsys5Roundup,
+     memsys5Init,
+     memsys5Shutdown,
+     0
+  };
+  return &memsys5Methods;
+}
+
+#endif /* SQLITE_ENABLE_MEMSYS5 */
+
+/************** End of mem5.c ************************************************/
+/************** Begin file mutex.c *******************************************/
+/*
+** 2007 August 14
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C functions that implement mutexes.
+**
+** This file contains code that is common across all mutex implementations.
+*/
+/* #include "sqliteInt.h" */
+
+#if defined(SQLITE_DEBUG) && !defined(SQLITE_MUTEX_OMIT)
+/*
+** For debugging purposes, record when the mutex subsystem is initialized
+** and uninitialized so that we can assert() if there is an attempt to
+** allocate a mutex while the system is uninitialized.
+*/
+static SQLITE_WSD int mutexIsInit = 0;
+#endif /* SQLITE_DEBUG && !defined(SQLITE_MUTEX_OMIT) */
+
+
+#ifndef SQLITE_MUTEX_OMIT
+/*
+** Initialize the mutex system.
+*/
+SQLITE_PRIVATE int sqlite3MutexInit(void){ 
+  int rc = SQLITE_OK;
+  if( !sqlite3GlobalConfig.mutex.xMutexAlloc ){
+    /* If the xMutexAlloc method has not been set, then the user did not
+    ** install a mutex implementation via sqlite3_config() prior to 
+    ** sqlite3_initialize() being called. This block copies pointers to
+    ** the default implementation into the sqlite3GlobalConfig structure.
+    */
+    sqlite3_mutex_methods const *pFrom;
+    sqlite3_mutex_methods *pTo = &sqlite3GlobalConfig.mutex;
+
+    if( sqlite3GlobalConfig.bCoreMutex ){
+      pFrom = sqlite3DefaultMutex();
+    }else{
+      pFrom = sqlite3NoopMutex();
+    }
+    pTo->xMutexInit = pFrom->xMutexInit;
+    pTo->xMutexEnd = pFrom->xMutexEnd;
+    pTo->xMutexFree = pFrom->xMutexFree;
+    pTo->xMutexEnter = pFrom->xMutexEnter;
+    pTo->xMutexTry = pFrom->xMutexTry;
+    pTo->xMutexLeave = pFrom->xMutexLeave;
+    pTo->xMutexHeld = pFrom->xMutexHeld;
+    pTo->xMutexNotheld = pFrom->xMutexNotheld;
+    sqlite3MemoryBarrier();
+    pTo->xMutexAlloc = pFrom->xMutexAlloc;
+  }
+  assert( sqlite3GlobalConfig.mutex.xMutexInit );
+  rc = sqlite3GlobalConfig.mutex.xMutexInit();
+
+#ifdef SQLITE_DEBUG
+  GLOBAL(int, mutexIsInit) = 1;
+#endif
+
+  return rc;
+}
+
+/*
+** Shutdown the mutex system. This call frees resources allocated by
+** sqlite3MutexInit().
+*/
+SQLITE_PRIVATE int sqlite3MutexEnd(void){
+  int rc = SQLITE_OK;
+  if( sqlite3GlobalConfig.mutex.xMutexEnd ){
+    rc = sqlite3GlobalConfig.mutex.xMutexEnd();
+  }
+
+#ifdef SQLITE_DEBUG
+  GLOBAL(int, mutexIsInit) = 0;
+#endif
+
+  return rc;
+}
+
+/*
+** Retrieve a pointer to a static mutex or allocate a new dynamic one.
+*/
+SQLITE_API sqlite3_mutex *SQLITE_STDCALL sqlite3_mutex_alloc(int id){
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( id<=SQLITE_MUTEX_RECURSIVE && sqlite3_initialize() ) return 0;
+  if( id>SQLITE_MUTEX_RECURSIVE && sqlite3MutexInit() ) return 0;
+#endif
+  assert( sqlite3GlobalConfig.mutex.xMutexAlloc );
+  return sqlite3GlobalConfig.mutex.xMutexAlloc(id);
+}
+
+SQLITE_PRIVATE sqlite3_mutex *sqlite3MutexAlloc(int id){
+  if( !sqlite3GlobalConfig.bCoreMutex ){
+    return 0;
+  }
+  assert( GLOBAL(int, mutexIsInit) );
+  assert( sqlite3GlobalConfig.mutex.xMutexAlloc );
+  return sqlite3GlobalConfig.mutex.xMutexAlloc(id);
+}
+
+/*
+** Free a dynamic mutex.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_free(sqlite3_mutex *p){
+  if( p ){
+    assert( sqlite3GlobalConfig.mutex.xMutexFree );
+    sqlite3GlobalConfig.mutex.xMutexFree(p);
+  }
+}
+
+/*
+** Obtain the mutex p. If some other thread already has the mutex, block
+** until it can be obtained.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_enter(sqlite3_mutex *p){
+  if( p ){
+    assert( sqlite3GlobalConfig.mutex.xMutexEnter );
+    sqlite3GlobalConfig.mutex.xMutexEnter(p);
+  }
+}
+
+/*
+** Obtain the mutex p. If successful, return SQLITE_OK. Otherwise, if another
+** thread holds the mutex and it cannot be obtained, return SQLITE_BUSY.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_try(sqlite3_mutex *p){
+  int rc = SQLITE_OK;
+  if( p ){
+    assert( sqlite3GlobalConfig.mutex.xMutexTry );
+    return sqlite3GlobalConfig.mutex.xMutexTry(p);
+  }
+  return rc;
+}
+
+/*
+** The sqlite3_mutex_leave() routine exits a mutex that was previously
+** entered by the same thread.  The behavior is undefined if the mutex 
+** is not currently entered. If a NULL pointer is passed as an argument
+** this function is a no-op.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_leave(sqlite3_mutex *p){
+  if( p ){
+    assert( sqlite3GlobalConfig.mutex.xMutexLeave );
+    sqlite3GlobalConfig.mutex.xMutexLeave(p);
+  }
+}
+
+#ifndef NDEBUG
+/*
+** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routine are
+** intended for use inside assert() statements.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_held(sqlite3_mutex *p){
+  assert( p==0 || sqlite3GlobalConfig.mutex.xMutexHeld );
+  return p==0 || sqlite3GlobalConfig.mutex.xMutexHeld(p);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_notheld(sqlite3_mutex *p){
+  assert( p==0 || sqlite3GlobalConfig.mutex.xMutexNotheld );
+  return p==0 || sqlite3GlobalConfig.mutex.xMutexNotheld(p);
+}
+#endif
+
+#endif /* !defined(SQLITE_MUTEX_OMIT) */
+
+/************** End of mutex.c ***********************************************/
+/************** Begin file mutex_noop.c **************************************/
+/*
+** 2008 October 07
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C functions that implement mutexes.
+**
+** This implementation in this file does not provide any mutual
+** exclusion and is thus suitable for use only in applications
+** that use SQLite in a single thread.  The routines defined
+** here are place-holders.  Applications can substitute working
+** mutex routines at start-time using the
+**
+**     sqlite3_config(SQLITE_CONFIG_MUTEX,...)
+**
+** interface.
+**
+** If compiled with SQLITE_DEBUG, then additional logic is inserted
+** that does error checking on mutexes to make sure they are being
+** called correctly.
+*/
+/* #include "sqliteInt.h" */
+
+#ifndef SQLITE_MUTEX_OMIT
+
+#ifndef SQLITE_DEBUG
+/*
+** Stub routines for all mutex methods.
+**
+** This routines provide no mutual exclusion or error checking.
+*/
+static int noopMutexInit(void){ return SQLITE_OK; }
+static int noopMutexEnd(void){ return SQLITE_OK; }
+static sqlite3_mutex *noopMutexAlloc(int id){ 
+  UNUSED_PARAMETER(id);
+  return (sqlite3_mutex*)8; 
+}
+static void noopMutexFree(sqlite3_mutex *p){ UNUSED_PARAMETER(p); return; }
+static void noopMutexEnter(sqlite3_mutex *p){ UNUSED_PARAMETER(p); return; }
+static int noopMutexTry(sqlite3_mutex *p){
+  UNUSED_PARAMETER(p);
+  return SQLITE_OK;
+}
+static void noopMutexLeave(sqlite3_mutex *p){ UNUSED_PARAMETER(p); return; }
+
+SQLITE_PRIVATE sqlite3_mutex_methods const *sqlite3NoopMutex(void){
+  static const sqlite3_mutex_methods sMutex = {
+    noopMutexInit,
+    noopMutexEnd,
+    noopMutexAlloc,
+    noopMutexFree,
+    noopMutexEnter,
+    noopMutexTry,
+    noopMutexLeave,
+
+    0,
+    0,
+  };
+
+  return &sMutex;
+}
+#endif /* !SQLITE_DEBUG */
+
+#ifdef SQLITE_DEBUG
+/*
+** In this implementation, error checking is provided for testing
+** and debugging purposes.  The mutexes still do not provide any
+** mutual exclusion.
+*/
+
+/*
+** The mutex object
+*/
+typedef struct sqlite3_debug_mutex {
+  int id;     /* The mutex type */
+  int cnt;    /* Number of entries without a matching leave */
+} sqlite3_debug_mutex;
+
+/*
+** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routine are
+** intended for use inside assert() statements.
+*/
+static int debugMutexHeld(sqlite3_mutex *pX){
+  sqlite3_debug_mutex *p = (sqlite3_debug_mutex*)pX;
+  return p==0 || p->cnt>0;
+}
+static int debugMutexNotheld(sqlite3_mutex *pX){
+  sqlite3_debug_mutex *p = (sqlite3_debug_mutex*)pX;
+  return p==0 || p->cnt==0;
+}
+
+/*
+** Initialize and deinitialize the mutex subsystem.
+*/
+static int debugMutexInit(void){ return SQLITE_OK; }
+static int debugMutexEnd(void){ return SQLITE_OK; }
+
+/*
+** The sqlite3_mutex_alloc() routine allocates a new
+** mutex and returns a pointer to it.  If it returns NULL
+** that means that a mutex could not be allocated. 
+*/
+static sqlite3_mutex *debugMutexAlloc(int id){
+  static sqlite3_debug_mutex aStatic[SQLITE_MUTEX_STATIC_VFS3 - 1];
+  sqlite3_debug_mutex *pNew = 0;
+  switch( id ){
+    case SQLITE_MUTEX_FAST:
+    case SQLITE_MUTEX_RECURSIVE: {
+      pNew = sqlite3Malloc(sizeof(*pNew));
+      if( pNew ){
+        pNew->id = id;
+        pNew->cnt = 0;
+      }
+      break;
+    }
+    default: {
+#ifdef SQLITE_ENABLE_API_ARMOR
+      if( id-2<0 || id-2>=ArraySize(aStatic) ){
+        (void)SQLITE_MISUSE_BKPT;
+        return 0;
+      }
+#endif
+      pNew = &aStatic[id-2];
+      pNew->id = id;
+      break;
+    }
+  }
+  return (sqlite3_mutex*)pNew;
+}
+
+/*
+** This routine deallocates a previously allocated mutex.
+*/
+static void debugMutexFree(sqlite3_mutex *pX){
+  sqlite3_debug_mutex *p = (sqlite3_debug_mutex*)pX;
+  assert( p->cnt==0 );
+  if( p->id==SQLITE_MUTEX_RECURSIVE || p->id==SQLITE_MUTEX_FAST ){
+    sqlite3_free(p);
+  }else{
+#ifdef SQLITE_ENABLE_API_ARMOR
+    (void)SQLITE_MISUSE_BKPT;
+#endif
+  }
+}
+
+/*
+** The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt
+** to enter a mutex.  If another thread is already within the mutex,
+** sqlite3_mutex_enter() will block and sqlite3_mutex_try() will return
+** SQLITE_BUSY.  The sqlite3_mutex_try() interface returns SQLITE_OK
+** upon successful entry.  Mutexes created using SQLITE_MUTEX_RECURSIVE can
+** be entered multiple times by the same thread.  In such cases the,
+** mutex must be exited an equal number of times before another thread
+** can enter.  If the same thread tries to enter any other kind of mutex
+** more than once, the behavior is undefined.
+*/
+static void debugMutexEnter(sqlite3_mutex *pX){
+  sqlite3_debug_mutex *p = (sqlite3_debug_mutex*)pX;
+  assert( p->id==SQLITE_MUTEX_RECURSIVE || debugMutexNotheld(pX) );
+  p->cnt++;
+}
+static int debugMutexTry(sqlite3_mutex *pX){
+  sqlite3_debug_mutex *p = (sqlite3_debug_mutex*)pX;
+  assert( p->id==SQLITE_MUTEX_RECURSIVE || debugMutexNotheld(pX) );
+  p->cnt++;
+  return SQLITE_OK;
+}
+
+/*
+** The sqlite3_mutex_leave() routine exits a mutex that was
+** previously entered by the same thread.  The behavior
+** is undefined if the mutex is not currently entered or
+** is not currently allocated.  SQLite will never do either.
+*/
+static void debugMutexLeave(sqlite3_mutex *pX){
+  sqlite3_debug_mutex *p = (sqlite3_debug_mutex*)pX;
+  assert( debugMutexHeld(pX) );
+  p->cnt--;
+  assert( p->id==SQLITE_MUTEX_RECURSIVE || debugMutexNotheld(pX) );
+}
+
+SQLITE_PRIVATE sqlite3_mutex_methods const *sqlite3NoopMutex(void){
+  static const sqlite3_mutex_methods sMutex = {
+    debugMutexInit,
+    debugMutexEnd,
+    debugMutexAlloc,
+    debugMutexFree,
+    debugMutexEnter,
+    debugMutexTry,
+    debugMutexLeave,
+
+    debugMutexHeld,
+    debugMutexNotheld
+  };
+
+  return &sMutex;
+}
+#endif /* SQLITE_DEBUG */
+
+/*
+** If compiled with SQLITE_MUTEX_NOOP, then the no-op mutex implementation
+** is used regardless of the run-time threadsafety setting.
+*/
+#ifdef SQLITE_MUTEX_NOOP
+SQLITE_PRIVATE sqlite3_mutex_methods const *sqlite3DefaultMutex(void){
+  return sqlite3NoopMutex();
+}
+#endif /* defined(SQLITE_MUTEX_NOOP) */
+#endif /* !defined(SQLITE_MUTEX_OMIT) */
+
+/************** End of mutex_noop.c ******************************************/
+/************** Begin file mutex_unix.c **************************************/
+/*
+** 2007 August 28
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C functions that implement mutexes for pthreads
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** The code in this file is only used if we are compiling threadsafe
+** under unix with pthreads.
+**
+** Note that this implementation requires a version of pthreads that
+** supports recursive mutexes.
+*/
+#ifdef SQLITE_MUTEX_PTHREADS
+
+#include <pthread.h>
+
+/*
+** The sqlite3_mutex.id, sqlite3_mutex.nRef, and sqlite3_mutex.owner fields
+** are necessary under two condidtions:  (1) Debug builds and (2) using
+** home-grown mutexes.  Encapsulate these conditions into a single #define.
+*/
+#if defined(SQLITE_DEBUG) || defined(SQLITE_HOMEGROWN_RECURSIVE_MUTEX)
+# define SQLITE_MUTEX_NREF 1
+#else
+# define SQLITE_MUTEX_NREF 0
+#endif
+
+/*
+** Each recursive mutex is an instance of the following structure.
+*/
+struct sqlite3_mutex {
+  pthread_mutex_t mutex;     /* Mutex controlling the lock */
+#if SQLITE_MUTEX_NREF || defined(SQLITE_ENABLE_API_ARMOR)
+  int id;                    /* Mutex type */
+#endif
+#if SQLITE_MUTEX_NREF
+  volatile int nRef;         /* Number of entrances */
+  volatile pthread_t owner;  /* Thread that is within this mutex */
+  int trace;                 /* True to trace changes */
+#endif
+};
+#if SQLITE_MUTEX_NREF
+#define SQLITE3_MUTEX_INITIALIZER {PTHREAD_MUTEX_INITIALIZER,0,0,(pthread_t)0,0}
+#elif defined(SQLITE_ENABLE_API_ARMOR)
+#define SQLITE3_MUTEX_INITIALIZER { PTHREAD_MUTEX_INITIALIZER, 0 }
+#else
+#define SQLITE3_MUTEX_INITIALIZER { PTHREAD_MUTEX_INITIALIZER }
+#endif
+
+/*
+** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routine are
+** intended for use only inside assert() statements.  On some platforms,
+** there might be race conditions that can cause these routines to
+** deliver incorrect results.  In particular, if pthread_equal() is
+** not an atomic operation, then these routines might delivery
+** incorrect results.  On most platforms, pthread_equal() is a 
+** comparison of two integers and is therefore atomic.  But we are
+** told that HPUX is not such a platform.  If so, then these routines
+** will not always work correctly on HPUX.
+**
+** On those platforms where pthread_equal() is not atomic, SQLite
+** should be compiled without -DSQLITE_DEBUG and with -DNDEBUG to
+** make sure no assert() statements are evaluated and hence these
+** routines are never called.
+*/
+#if !defined(NDEBUG) || defined(SQLITE_DEBUG)
+static int pthreadMutexHeld(sqlite3_mutex *p){
+  return (p->nRef!=0 && pthread_equal(p->owner, pthread_self()));
+}
+static int pthreadMutexNotheld(sqlite3_mutex *p){
+  return p->nRef==0 || pthread_equal(p->owner, pthread_self())==0;
+}
+#endif
+
+/*
+** Try to provide a memory barrier operation, needed for initialization
+** and also for the implementation of xShmBarrier in the VFS in cases
+** where SQLite is compiled without mutexes.
+*/
+SQLITE_PRIVATE void sqlite3MemoryBarrier(void){
+#if defined(SQLITE_MEMORY_BARRIER)
+  SQLITE_MEMORY_BARRIER;
+#elif defined(__GNUC__) && GCC_VERSION>=4001000
+  __sync_synchronize();
+#endif
+}
+
+/*
+** Initialize and deinitialize the mutex subsystem.
+*/
+static int pthreadMutexInit(void){ return SQLITE_OK; }
+static int pthreadMutexEnd(void){ return SQLITE_OK; }
+
+/*
+** The sqlite3_mutex_alloc() routine allocates a new
+** mutex and returns a pointer to it.  If it returns NULL
+** that means that a mutex could not be allocated.  SQLite
+** will unwind its stack and return an error.  The argument
+** to sqlite3_mutex_alloc() is one of these integer constants:
+**
+** <ul>
+** <li>  SQLITE_MUTEX_FAST
+** <li>  SQLITE_MUTEX_RECURSIVE
+** <li>  SQLITE_MUTEX_STATIC_MASTER
+** <li>  SQLITE_MUTEX_STATIC_MEM
+** <li>  SQLITE_MUTEX_STATIC_OPEN
+** <li>  SQLITE_MUTEX_STATIC_PRNG
+** <li>  SQLITE_MUTEX_STATIC_LRU
+** <li>  SQLITE_MUTEX_STATIC_PMEM
+** <li>  SQLITE_MUTEX_STATIC_APP1
+** <li>  SQLITE_MUTEX_STATIC_APP2
+** <li>  SQLITE_MUTEX_STATIC_APP3
+** <li>  SQLITE_MUTEX_STATIC_VFS1
+** <li>  SQLITE_MUTEX_STATIC_VFS2
+** <li>  SQLITE_MUTEX_STATIC_VFS3
+** </ul>
+**
+** The first two constants cause sqlite3_mutex_alloc() to create
+** a new mutex.  The new mutex is recursive when SQLITE_MUTEX_RECURSIVE
+** is used but not necessarily so when SQLITE_MUTEX_FAST is used.
+** The mutex implementation does not need to make a distinction
+** between SQLITE_MUTEX_RECURSIVE and SQLITE_MUTEX_FAST if it does
+** not want to.  But SQLite will only request a recursive mutex in
+** cases where it really needs one.  If a faster non-recursive mutex
+** implementation is available on the host platform, the mutex subsystem
+** might return such a mutex in response to SQLITE_MUTEX_FAST.
+**
+** The other allowed parameters to sqlite3_mutex_alloc() each return
+** a pointer to a static preexisting mutex.  Six static mutexes are
+** used by the current version of SQLite.  Future versions of SQLite
+** may add additional static mutexes.  Static mutexes are for internal
+** use by SQLite only.  Applications that use SQLite mutexes should
+** use only the dynamic mutexes returned by SQLITE_MUTEX_FAST or
+** SQLITE_MUTEX_RECURSIVE.
+**
+** Note that if one of the dynamic mutex parameters (SQLITE_MUTEX_FAST
+** or SQLITE_MUTEX_RECURSIVE) is used then sqlite3_mutex_alloc()
+** returns a different mutex on every call.  But for the static 
+** mutex types, the same mutex is returned on every call that has
+** the same type number.
+*/
+static sqlite3_mutex *pthreadMutexAlloc(int iType){
+  static sqlite3_mutex staticMutexes[] = {
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER,
+    SQLITE3_MUTEX_INITIALIZER
+  };
+  sqlite3_mutex *p;
+  switch( iType ){
+    case SQLITE_MUTEX_RECURSIVE: {
+      p = sqlite3MallocZero( sizeof(*p) );
+      if( p ){
+#ifdef SQLITE_HOMEGROWN_RECURSIVE_MUTEX
+        /* If recursive mutexes are not available, we will have to
+        ** build our own.  See below. */
+        pthread_mutex_init(&p->mutex, 0);
+#else
+        /* Use a recursive mutex if it is available */
+        pthread_mutexattr_t recursiveAttr;
+        pthread_mutexattr_init(&recursiveAttr);
+        pthread_mutexattr_settype(&recursiveAttr, PTHREAD_MUTEX_RECURSIVE);
+        pthread_mutex_init(&p->mutex, &recursiveAttr);
+        pthread_mutexattr_destroy(&recursiveAttr);
+#endif
+      }
+      break;
+    }
+    case SQLITE_MUTEX_FAST: {
+      p = sqlite3MallocZero( sizeof(*p) );
+      if( p ){
+        pthread_mutex_init(&p->mutex, 0);
+      }
+      break;
+    }
+    default: {
+#ifdef SQLITE_ENABLE_API_ARMOR
+      if( iType-2<0 || iType-2>=ArraySize(staticMutexes) ){
+        (void)SQLITE_MISUSE_BKPT;
+        return 0;
+      }
+#endif
+      p = &staticMutexes[iType-2];
+      break;
+    }
+  }
+#if SQLITE_MUTEX_NREF || defined(SQLITE_ENABLE_API_ARMOR)
+  if( p ) p->id = iType;
+#endif
+  return p;
+}
+
+
+/*
+** This routine deallocates a previously
+** allocated mutex.  SQLite is careful to deallocate every
+** mutex that it allocates.
+*/
+static void pthreadMutexFree(sqlite3_mutex *p){
+  assert( p->nRef==0 );
+#if SQLITE_ENABLE_API_ARMOR
+  if( p->id==SQLITE_MUTEX_FAST || p->id==SQLITE_MUTEX_RECURSIVE )
+#endif
+  {
+    pthread_mutex_destroy(&p->mutex);
+    sqlite3_free(p);
+  }
+#ifdef SQLITE_ENABLE_API_ARMOR
+  else{
+    (void)SQLITE_MISUSE_BKPT;
+  }
+#endif
+}
+
+/*
+** The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt
+** to enter a mutex.  If another thread is already within the mutex,
+** sqlite3_mutex_enter() will block and sqlite3_mutex_try() will return
+** SQLITE_BUSY.  The sqlite3_mutex_try() interface returns SQLITE_OK
+** upon successful entry.  Mutexes created using SQLITE_MUTEX_RECURSIVE can
+** be entered multiple times by the same thread.  In such cases the,
+** mutex must be exited an equal number of times before another thread
+** can enter.  If the same thread tries to enter any other kind of mutex
+** more than once, the behavior is undefined.
+*/
+static void pthreadMutexEnter(sqlite3_mutex *p){
+  assert( p->id==SQLITE_MUTEX_RECURSIVE || pthreadMutexNotheld(p) );
+
+#ifdef SQLITE_HOMEGROWN_RECURSIVE_MUTEX
+  /* If recursive mutexes are not available, then we have to grow
+  ** our own.  This implementation assumes that pthread_equal()
+  ** is atomic - that it cannot be deceived into thinking self
+  ** and p->owner are equal if p->owner changes between two values
+  ** that are not equal to self while the comparison is taking place.
+  ** This implementation also assumes a coherent cache - that 
+  ** separate processes cannot read different values from the same
+  ** address at the same time.  If either of these two conditions
+  ** are not met, then the mutexes will fail and problems will result.
+  */
+  {
+    pthread_t self = pthread_self();
+    if( p->nRef>0 && pthread_equal(p->owner, self) ){
+      p->nRef++;
+    }else{
+      pthread_mutex_lock(&p->mutex);
+      assert( p->nRef==0 );
+      p->owner = self;
+      p->nRef = 1;
+    }
+  }
+#else
+  /* Use the built-in recursive mutexes if they are available.
+  */
+  pthread_mutex_lock(&p->mutex);
+#if SQLITE_MUTEX_NREF
+  assert( p->nRef>0 || p->owner==0 );
+  p->owner = pthread_self();
+  p->nRef++;
+#endif
+#endif
+
+#ifdef SQLITE_DEBUG
+  if( p->trace ){
+    printf("enter mutex %p (%d) with nRef=%d\n", p, p->trace, p->nRef);
+  }
+#endif
+}
+static int pthreadMutexTry(sqlite3_mutex *p){
+  int rc;
+  assert( p->id==SQLITE_MUTEX_RECURSIVE || pthreadMutexNotheld(p) );
+
+#ifdef SQLITE_HOMEGROWN_RECURSIVE_MUTEX
+  /* If recursive mutexes are not available, then we have to grow
+  ** our own.  This implementation assumes that pthread_equal()
+  ** is atomic - that it cannot be deceived into thinking self
+  ** and p->owner are equal if p->owner changes between two values
+  ** that are not equal to self while the comparison is taking place.
+  ** This implementation also assumes a coherent cache - that 
+  ** separate processes cannot read different values from the same
+  ** address at the same time.  If either of these two conditions
+  ** are not met, then the mutexes will fail and problems will result.
+  */
+  {
+    pthread_t self = pthread_self();
+    if( p->nRef>0 && pthread_equal(p->owner, self) ){
+      p->nRef++;
+      rc = SQLITE_OK;
+    }else if( pthread_mutex_trylock(&p->mutex)==0 ){
+      assert( p->nRef==0 );
+      p->owner = self;
+      p->nRef = 1;
+      rc = SQLITE_OK;
+    }else{
+      rc = SQLITE_BUSY;
+    }
+  }
+#else
+  /* Use the built-in recursive mutexes if they are available.
+  */
+  if( pthread_mutex_trylock(&p->mutex)==0 ){
+#if SQLITE_MUTEX_NREF
+    p->owner = pthread_self();
+    p->nRef++;
+#endif
+    rc = SQLITE_OK;
+  }else{
+    rc = SQLITE_BUSY;
+  }
+#endif
+
+#ifdef SQLITE_DEBUG
+  if( rc==SQLITE_OK && p->trace ){
+    printf("enter mutex %p (%d) with nRef=%d\n", p, p->trace, p->nRef);
+  }
+#endif
+  return rc;
+}
+
+/*
+** The sqlite3_mutex_leave() routine exits a mutex that was
+** previously entered by the same thread.  The behavior
+** is undefined if the mutex is not currently entered or
+** is not currently allocated.  SQLite will never do either.
+*/
+static void pthreadMutexLeave(sqlite3_mutex *p){
+  assert( pthreadMutexHeld(p) );
+#if SQLITE_MUTEX_NREF
+  p->nRef--;
+  if( p->nRef==0 ) p->owner = 0;
+#endif
+  assert( p->nRef==0 || p->id==SQLITE_MUTEX_RECURSIVE );
+
+#ifdef SQLITE_HOMEGROWN_RECURSIVE_MUTEX
+  if( p->nRef==0 ){
+    pthread_mutex_unlock(&p->mutex);
+  }
+#else
+  pthread_mutex_unlock(&p->mutex);
+#endif
+
+#ifdef SQLITE_DEBUG
+  if( p->trace ){
+    printf("leave mutex %p (%d) with nRef=%d\n", p, p->trace, p->nRef);
+  }
+#endif
+}
+
+SQLITE_PRIVATE sqlite3_mutex_methods const *sqlite3DefaultMutex(void){
+  static const sqlite3_mutex_methods sMutex = {
+    pthreadMutexInit,
+    pthreadMutexEnd,
+    pthreadMutexAlloc,
+    pthreadMutexFree,
+    pthreadMutexEnter,
+    pthreadMutexTry,
+    pthreadMutexLeave,
+#ifdef SQLITE_DEBUG
+    pthreadMutexHeld,
+    pthreadMutexNotheld
+#else
+    0,
+    0
+#endif
+  };
+
+  return &sMutex;
+}
+
+#endif /* SQLITE_MUTEX_PTHREADS */
+
+/************** End of mutex_unix.c ******************************************/
+/************** Begin file mutex_w32.c ***************************************/
+/*
+** 2007 August 14
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C functions that implement mutexes for Win32.
+*/
+/* #include "sqliteInt.h" */
+
+#if SQLITE_OS_WIN
+/*
+** Include code that is common to all os_*.c files
+*/
+/************** Include os_common.h in the middle of mutex_w32.c *************/
+/************** Begin file os_common.h ***************************************/
+/*
+** 2004 May 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains macros and a little bit of code that is common to
+** all of the platform-specific files (os_*.c) and is #included into those
+** files.
+**
+** This file should be #included by the os_*.c files only.  It is not a
+** general purpose header file.
+*/
+#ifndef _OS_COMMON_H_
+#define _OS_COMMON_H_
+
+/*
+** At least two bugs have slipped in because we changed the MEMORY_DEBUG
+** macro to SQLITE_DEBUG and some older makefiles have not yet made the
+** switch.  The following code should catch this problem at compile-time.
+*/
+#ifdef MEMORY_DEBUG
+# error "The MEMORY_DEBUG macro is obsolete.  Use SQLITE_DEBUG instead."
+#endif
+
+/*
+** Macros for performance tracing.  Normally turned off.  Only works
+** on i486 hardware.
+*/
+#ifdef SQLITE_PERFORMANCE_TRACE
+
+/* 
+** hwtime.h contains inline assembler code for implementing 
+** high-performance timing routines.
+*/
+/************** Include hwtime.h in the middle of os_common.h ****************/
+/************** Begin file hwtime.h ******************************************/
+/*
+** 2008 May 27
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains inline asm code for retrieving "high-performance"
+** counters for x86 class CPUs.
+*/
+#ifndef _HWTIME_H_
+#define _HWTIME_H_
+
+/*
+** The following routine only works on pentium-class (or newer) processors.
+** It uses the RDTSC opcode to read the cycle count value out of the
+** processor and returns that value.  This can be used for high-res
+** profiling.
+*/
+#if (defined(__GNUC__) || defined(_MSC_VER)) && \
+      (defined(i386) || defined(__i386__) || defined(_M_IX86))
+
+  #if defined(__GNUC__)
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+     unsigned int lo, hi;
+     __asm__ __volatile__ ("rdtsc" : "=a" (lo), "=d" (hi));
+     return (sqlite_uint64)hi << 32 | lo;
+  }
+
+  #elif defined(_MSC_VER)
+
+  __declspec(naked) __inline sqlite_uint64 __cdecl sqlite3Hwtime(void){
+     __asm {
+        rdtsc
+        ret       ; return value at EDX:EAX
+     }
+  }
+
+  #endif
+
+#elif (defined(__GNUC__) && defined(__x86_64__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long val;
+      __asm__ __volatile__ ("rdtsc" : "=A" (val));
+      return val;
+  }
+ 
+#elif (defined(__GNUC__) && defined(__ppc__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long long retval;
+      unsigned long junk;
+      __asm__ __volatile__ ("\n\
+          1:      mftbu   %1\n\
+                  mftb    %L0\n\
+                  mftbu   %0\n\
+                  cmpw    %0,%1\n\
+                  bne     1b"
+                  : "=r" (retval), "=r" (junk));
+      return retval;
+  }
+
+#else
+
+  #error Need implementation of sqlite3Hwtime() for your platform.
+
+  /*
+  ** To compile without implementing sqlite3Hwtime() for your platform,
+  ** you can remove the above #error and use the following
+  ** stub function.  You will lose timing support for many
+  ** of the debugging and testing utilities, but it should at
+  ** least compile and run.
+  */
+SQLITE_PRIVATE   sqlite_uint64 sqlite3Hwtime(void){ return ((sqlite_uint64)0); }
+
+#endif
+
+#endif /* !defined(_HWTIME_H_) */
+
+/************** End of hwtime.h **********************************************/
+/************** Continuing where we left off in os_common.h ******************/
+
+static sqlite_uint64 g_start;
+static sqlite_uint64 g_elapsed;
+#define TIMER_START       g_start=sqlite3Hwtime()
+#define TIMER_END         g_elapsed=sqlite3Hwtime()-g_start
+#define TIMER_ELAPSED     g_elapsed
+#else
+#define TIMER_START
+#define TIMER_END
+#define TIMER_ELAPSED     ((sqlite_uint64)0)
+#endif
+
+/*
+** If we compile with the SQLITE_TEST macro set, then the following block
+** of code will give us the ability to simulate a disk I/O error.  This
+** is used for testing the I/O recovery logic.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_io_error_hit = 0;            /* Total number of I/O Errors */
+SQLITE_API int sqlite3_io_error_hardhit = 0;        /* Number of non-benign errors */
+SQLITE_API int sqlite3_io_error_pending = 0;        /* Count down to first I/O error */
+SQLITE_API int sqlite3_io_error_persist = 0;        /* True if I/O errors persist */
+SQLITE_API int sqlite3_io_error_benign = 0;         /* True if errors are benign */
+SQLITE_API int sqlite3_diskfull_pending = 0;
+SQLITE_API int sqlite3_diskfull = 0;
+#define SimulateIOErrorBenign(X) sqlite3_io_error_benign=(X)
+#define SimulateIOError(CODE)  \
+  if( (sqlite3_io_error_persist && sqlite3_io_error_hit) \
+       || sqlite3_io_error_pending-- == 1 )  \
+              { local_ioerr(); CODE; }
+static void local_ioerr(){
+  IOTRACE(("IOERR\n"));
+  sqlite3_io_error_hit++;
+  if( !sqlite3_io_error_benign ) sqlite3_io_error_hardhit++;
+}
+#define SimulateDiskfullError(CODE) \
+   if( sqlite3_diskfull_pending ){ \
+     if( sqlite3_diskfull_pending == 1 ){ \
+       local_ioerr(); \
+       sqlite3_diskfull = 1; \
+       sqlite3_io_error_hit = 1; \
+       CODE; \
+     }else{ \
+       sqlite3_diskfull_pending--; \
+     } \
+   }
+#else
+#define SimulateIOErrorBenign(X)
+#define SimulateIOError(A)
+#define SimulateDiskfullError(A)
+#endif
+
+/*
+** When testing, keep a count of the number of open files.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_open_file_count = 0;
+#define OpenCounter(X)  sqlite3_open_file_count+=(X)
+#else
+#define OpenCounter(X)
+#endif
+
+#endif /* !defined(_OS_COMMON_H_) */
+
+/************** End of os_common.h *******************************************/
+/************** Continuing where we left off in mutex_w32.c ******************/
+
+/*
+** Include the header file for the Windows VFS.
+*/
+/************** Include os_win.h in the middle of mutex_w32.c ****************/
+/************** Begin file os_win.h ******************************************/
+/*
+** 2013 November 25
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains code that is specific to Windows.
+*/
+#ifndef _OS_WIN_H_
+#define _OS_WIN_H_
+
+/*
+** Include the primary Windows SDK header file.
+*/
+#include "windows.h"
+
+#ifdef __CYGWIN__
+# include <sys/cygwin.h>
+# include <errno.h> /* amalgamator: dontcache */
+#endif
+
+/*
+** Determine if we are dealing with Windows NT.
+**
+** We ought to be able to determine if we are compiling for Windows 9x or
+** Windows NT using the _WIN32_WINNT macro as follows:
+**
+** #if defined(_WIN32_WINNT)
+** # define SQLITE_OS_WINNT 1
+** #else
+** # define SQLITE_OS_WINNT 0
+** #endif
+**
+** However, Visual Studio 2005 does not set _WIN32_WINNT by default, as
+** it ought to, so the above test does not work.  We'll just assume that
+** everything is Windows NT unless the programmer explicitly says otherwise
+** by setting SQLITE_OS_WINNT to 0.
+*/
+#if SQLITE_OS_WIN && !defined(SQLITE_OS_WINNT)
+# define SQLITE_OS_WINNT 1
+#endif
+
+/*
+** Determine if we are dealing with Windows CE - which has a much reduced
+** API.
+*/
+#if defined(_WIN32_WCE)
+# define SQLITE_OS_WINCE 1
+#else
+# define SQLITE_OS_WINCE 0
+#endif
+
+/*
+** Determine if we are dealing with WinRT, which provides only a subset of
+** the full Win32 API.
+*/
+#if !defined(SQLITE_OS_WINRT)
+# define SQLITE_OS_WINRT 0
+#endif
+
+/*
+** For WinCE, some API function parameters do not appear to be declared as
+** volatile.
+*/
+#if SQLITE_OS_WINCE
+# define SQLITE_WIN32_VOLATILE
+#else
+# define SQLITE_WIN32_VOLATILE volatile
+#endif
+
+/*
+** For some Windows sub-platforms, the _beginthreadex() / _endthreadex()
+** functions are not available (e.g. those not using MSVC, Cygwin, etc).
+*/
+#if SQLITE_OS_WIN && !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && \
+    SQLITE_THREADSAFE>0 && !defined(__CYGWIN__)
+# define SQLITE_OS_WIN_THREADS 1
+#else
+# define SQLITE_OS_WIN_THREADS 0
+#endif
+
+#endif /* _OS_WIN_H_ */
+
+/************** End of os_win.h **********************************************/
+/************** Continuing where we left off in mutex_w32.c ******************/
+#endif
+
+/*
+** The code in this file is only used if we are compiling multithreaded
+** on a Win32 system.
+*/
+#ifdef SQLITE_MUTEX_W32
+
+/*
+** Each recursive mutex is an instance of the following structure.
+*/
+struct sqlite3_mutex {
+  CRITICAL_SECTION mutex;    /* Mutex controlling the lock */
+  int id;                    /* Mutex type */
+#ifdef SQLITE_DEBUG
+  volatile int nRef;         /* Number of enterances */
+  volatile DWORD owner;      /* Thread holding this mutex */
+  volatile int trace;        /* True to trace changes */
+#endif
+};
+
+/*
+** These are the initializer values used when declaring a "static" mutex
+** on Win32.  It should be noted that all mutexes require initialization
+** on the Win32 platform.
+*/
+#define SQLITE_W32_MUTEX_INITIALIZER { 0 }
+
+#ifdef SQLITE_DEBUG
+#define SQLITE3_MUTEX_INITIALIZER { SQLITE_W32_MUTEX_INITIALIZER, 0, \
+                                    0L, (DWORD)0, 0 }
+#else
+#define SQLITE3_MUTEX_INITIALIZER { SQLITE_W32_MUTEX_INITIALIZER, 0 }
+#endif
+
+#ifdef SQLITE_DEBUG
+/*
+** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routine are
+** intended for use only inside assert() statements.
+*/
+static int winMutexHeld(sqlite3_mutex *p){
+  return p->nRef!=0 && p->owner==GetCurrentThreadId();
+}
+
+static int winMutexNotheld2(sqlite3_mutex *p, DWORD tid){
+  return p->nRef==0 || p->owner!=tid;
+}
+
+static int winMutexNotheld(sqlite3_mutex *p){
+  DWORD tid = GetCurrentThreadId();
+  return winMutexNotheld2(p, tid);
+}
+#endif
+
+/*
+** Try to provide a memory barrier operation, needed for initialization
+** and also for the xShmBarrier method of the VFS in cases when SQLite is
+** compiled without mutexes (SQLITE_THREADSAFE=0).
+*/
+SQLITE_PRIVATE void sqlite3MemoryBarrier(void){
+#if defined(SQLITE_MEMORY_BARRIER)
+  SQLITE_MEMORY_BARRIER;
+#elif defined(__GNUC__)
+  __sync_synchronize();
+#elif !defined(SQLITE_DISABLE_INTRINSIC) && \
+      defined(_MSC_VER) && _MSC_VER>=1300
+  _ReadWriteBarrier();
+#elif defined(MemoryBarrier)
+  MemoryBarrier();
+#endif
+}
+
+/*
+** Initialize and deinitialize the mutex subsystem.
+*/
+static sqlite3_mutex winMutex_staticMutexes[] = {
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER,
+  SQLITE3_MUTEX_INITIALIZER
+};
+
+static int winMutex_isInit = 0;
+static int winMutex_isNt = -1; /* <0 means "need to query" */
+
+/* As the winMutexInit() and winMutexEnd() functions are called as part
+** of the sqlite3_initialize() and sqlite3_shutdown() processing, the
+** "interlocked" magic used here is probably not strictly necessary.
+*/
+static LONG SQLITE_WIN32_VOLATILE winMutex_lock = 0;
+
+SQLITE_API int SQLITE_STDCALL sqlite3_win32_is_nt(void); /* os_win.c */
+SQLITE_API void SQLITE_STDCALL sqlite3_win32_sleep(DWORD milliseconds); /* os_win.c */
+
+static int winMutexInit(void){
+  /* The first to increment to 1 does actual initialization */
+  if( InterlockedCompareExchange(&winMutex_lock, 1, 0)==0 ){
+    int i;
+    for(i=0; i<ArraySize(winMutex_staticMutexes); i++){
+#if SQLITE_OS_WINRT
+      InitializeCriticalSectionEx(&winMutex_staticMutexes[i].mutex, 0, 0);
+#else
+      InitializeCriticalSection(&winMutex_staticMutexes[i].mutex);
+#endif
+    }
+    winMutex_isInit = 1;
+  }else{
+    /* Another thread is (in the process of) initializing the static
+    ** mutexes */
+    while( !winMutex_isInit ){
+      sqlite3_win32_sleep(1);
+    }
+  }
+  return SQLITE_OK;
+}
+
+static int winMutexEnd(void){
+  /* The first to decrement to 0 does actual shutdown
+  ** (which should be the last to shutdown.) */
+  if( InterlockedCompareExchange(&winMutex_lock, 0, 1)==1 ){
+    if( winMutex_isInit==1 ){
+      int i;
+      for(i=0; i<ArraySize(winMutex_staticMutexes); i++){
+        DeleteCriticalSection(&winMutex_staticMutexes[i].mutex);
+      }
+      winMutex_isInit = 0;
+    }
+  }
+  return SQLITE_OK;
+}
+
+/*
+** The sqlite3_mutex_alloc() routine allocates a new
+** mutex and returns a pointer to it.  If it returns NULL
+** that means that a mutex could not be allocated.  SQLite
+** will unwind its stack and return an error.  The argument
+** to sqlite3_mutex_alloc() is one of these integer constants:
+**
+** <ul>
+** <li>  SQLITE_MUTEX_FAST
+** <li>  SQLITE_MUTEX_RECURSIVE
+** <li>  SQLITE_MUTEX_STATIC_MASTER
+** <li>  SQLITE_MUTEX_STATIC_MEM
+** <li>  SQLITE_MUTEX_STATIC_OPEN
+** <li>  SQLITE_MUTEX_STATIC_PRNG
+** <li>  SQLITE_MUTEX_STATIC_LRU
+** <li>  SQLITE_MUTEX_STATIC_PMEM
+** <li>  SQLITE_MUTEX_STATIC_APP1
+** <li>  SQLITE_MUTEX_STATIC_APP2
+** <li>  SQLITE_MUTEX_STATIC_APP3
+** <li>  SQLITE_MUTEX_STATIC_VFS1
+** <li>  SQLITE_MUTEX_STATIC_VFS2
+** <li>  SQLITE_MUTEX_STATIC_VFS3
+** </ul>
+**
+** The first two constants cause sqlite3_mutex_alloc() to create
+** a new mutex.  The new mutex is recursive when SQLITE_MUTEX_RECURSIVE
+** is used but not necessarily so when SQLITE_MUTEX_FAST is used.
+** The mutex implementation does not need to make a distinction
+** between SQLITE_MUTEX_RECURSIVE and SQLITE_MUTEX_FAST if it does
+** not want to.  But SQLite will only request a recursive mutex in
+** cases where it really needs one.  If a faster non-recursive mutex
+** implementation is available on the host platform, the mutex subsystem
+** might return such a mutex in response to SQLITE_MUTEX_FAST.
+**
+** The other allowed parameters to sqlite3_mutex_alloc() each return
+** a pointer to a static preexisting mutex.  Six static mutexes are
+** used by the current version of SQLite.  Future versions of SQLite
+** may add additional static mutexes.  Static mutexes are for internal
+** use by SQLite only.  Applications that use SQLite mutexes should
+** use only the dynamic mutexes returned by SQLITE_MUTEX_FAST or
+** SQLITE_MUTEX_RECURSIVE.
+**
+** Note that if one of the dynamic mutex parameters (SQLITE_MUTEX_FAST
+** or SQLITE_MUTEX_RECURSIVE) is used then sqlite3_mutex_alloc()
+** returns a different mutex on every call.  But for the static
+** mutex types, the same mutex is returned on every call that has
+** the same type number.
+*/
+static sqlite3_mutex *winMutexAlloc(int iType){
+  sqlite3_mutex *p;
+
+  switch( iType ){
+    case SQLITE_MUTEX_FAST:
+    case SQLITE_MUTEX_RECURSIVE: {
+      p = sqlite3MallocZero( sizeof(*p) );
+      if( p ){
+        p->id = iType;
+#ifdef SQLITE_DEBUG
+#ifdef SQLITE_WIN32_MUTEX_TRACE_DYNAMIC
+        p->trace = 1;
+#endif
+#endif
+#if SQLITE_OS_WINRT
+        InitializeCriticalSectionEx(&p->mutex, 0, 0);
+#else
+        InitializeCriticalSection(&p->mutex);
+#endif
+      }
+      break;
+    }
+    default: {
+#ifdef SQLITE_ENABLE_API_ARMOR
+      if( iType-2<0 || iType-2>=ArraySize(winMutex_staticMutexes) ){
+        (void)SQLITE_MISUSE_BKPT;
+        return 0;
+      }
+#endif
+      p = &winMutex_staticMutexes[iType-2];
+      p->id = iType;
+#ifdef SQLITE_DEBUG
+#ifdef SQLITE_WIN32_MUTEX_TRACE_STATIC
+      p->trace = 1;
+#endif
+#endif
+      break;
+    }
+  }
+  return p;
+}
+
+
+/*
+** This routine deallocates a previously
+** allocated mutex.  SQLite is careful to deallocate every
+** mutex that it allocates.
+*/
+static void winMutexFree(sqlite3_mutex *p){
+  assert( p );
+  assert( p->nRef==0 && p->owner==0 );
+  if( p->id==SQLITE_MUTEX_FAST || p->id==SQLITE_MUTEX_RECURSIVE ){
+    DeleteCriticalSection(&p->mutex);
+    sqlite3_free(p);
+  }else{
+#ifdef SQLITE_ENABLE_API_ARMOR
+    (void)SQLITE_MISUSE_BKPT;
+#endif
+  }
+}
+
+/*
+** The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt
+** to enter a mutex.  If another thread is already within the mutex,
+** sqlite3_mutex_enter() will block and sqlite3_mutex_try() will return
+** SQLITE_BUSY.  The sqlite3_mutex_try() interface returns SQLITE_OK
+** upon successful entry.  Mutexes created using SQLITE_MUTEX_RECURSIVE can
+** be entered multiple times by the same thread.  In such cases the,
+** mutex must be exited an equal number of times before another thread
+** can enter.  If the same thread tries to enter any other kind of mutex
+** more than once, the behavior is undefined.
+*/
+static void winMutexEnter(sqlite3_mutex *p){
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
+  DWORD tid = GetCurrentThreadId();
+#endif
+#ifdef SQLITE_DEBUG
+  assert( p );
+  assert( p->id==SQLITE_MUTEX_RECURSIVE || winMutexNotheld2(p, tid) );
+#else
+  assert( p );
+#endif
+  assert( winMutex_isInit==1 );
+  EnterCriticalSection(&p->mutex);
+#ifdef SQLITE_DEBUG
+  assert( p->nRef>0 || p->owner==0 );
+  p->owner = tid;
+  p->nRef++;
+  if( p->trace ){
+    OSTRACE(("ENTER-MUTEX tid=%lu, mutex=%p (%d), nRef=%d\n",
+             tid, p, p->trace, p->nRef));
+  }
+#endif
+}
+
+static int winMutexTry(sqlite3_mutex *p){
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
+  DWORD tid = GetCurrentThreadId();
+#endif
+  int rc = SQLITE_BUSY;
+  assert( p );
+  assert( p->id==SQLITE_MUTEX_RECURSIVE || winMutexNotheld2(p, tid) );
+  /*
+  ** The sqlite3_mutex_try() routine is very rarely used, and when it
+  ** is used it is merely an optimization.  So it is OK for it to always
+  ** fail.
+  **
+  ** The TryEnterCriticalSection() interface is only available on WinNT.
+  ** And some windows compilers complain if you try to use it without
+  ** first doing some #defines that prevent SQLite from building on Win98.
+  ** For that reason, we will omit this optimization for now.  See
+  ** ticket #2685.
+  */
+#if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0400
+  assert( winMutex_isInit==1 );
+  assert( winMutex_isNt>=-1 && winMutex_isNt<=1 );
+  if( winMutex_isNt<0 ){
+    winMutex_isNt = sqlite3_win32_is_nt();
+  }
+  assert( winMutex_isNt==0 || winMutex_isNt==1 );
+  if( winMutex_isNt && TryEnterCriticalSection(&p->mutex) ){
+#ifdef SQLITE_DEBUG
+    p->owner = tid;
+    p->nRef++;
+#endif
+    rc = SQLITE_OK;
+  }
+#else
+  UNUSED_PARAMETER(p);
+#endif
+#ifdef SQLITE_DEBUG
+  if( p->trace ){
+    OSTRACE(("TRY-MUTEX tid=%lu, mutex=%p (%d), owner=%lu, nRef=%d, rc=%s\n",
+             tid, p, p->trace, p->owner, p->nRef, sqlite3ErrName(rc)));
+  }
+#endif
+  return rc;
+}
+
+/*
+** The sqlite3_mutex_leave() routine exits a mutex that was
+** previously entered by the same thread.  The behavior
+** is undefined if the mutex is not currently entered or
+** is not currently allocated.  SQLite will never do either.
+*/
+static void winMutexLeave(sqlite3_mutex *p){
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
+  DWORD tid = GetCurrentThreadId();
+#endif
+  assert( p );
+#ifdef SQLITE_DEBUG
+  assert( p->nRef>0 );
+  assert( p->owner==tid );
+  p->nRef--;
+  if( p->nRef==0 ) p->owner = 0;
+  assert( p->nRef==0 || p->id==SQLITE_MUTEX_RECURSIVE );
+#endif
+  assert( winMutex_isInit==1 );
+  LeaveCriticalSection(&p->mutex);
+#ifdef SQLITE_DEBUG
+  if( p->trace ){
+    OSTRACE(("LEAVE-MUTEX tid=%lu, mutex=%p (%d), nRef=%d\n",
+             tid, p, p->trace, p->nRef));
+  }
+#endif
+}
+
+SQLITE_PRIVATE sqlite3_mutex_methods const *sqlite3DefaultMutex(void){
+  static const sqlite3_mutex_methods sMutex = {
+    winMutexInit,
+    winMutexEnd,
+    winMutexAlloc,
+    winMutexFree,
+    winMutexEnter,
+    winMutexTry,
+    winMutexLeave,
+#ifdef SQLITE_DEBUG
+    winMutexHeld,
+    winMutexNotheld
+#else
+    0,
+    0
+#endif
+  };
+  return &sMutex;
+}
+
+#endif /* SQLITE_MUTEX_W32 */
+
+/************** End of mutex_w32.c *******************************************/
+/************** Begin file malloc.c ******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** Memory allocation functions used throughout sqlite.
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdarg.h> */
+
+/*
+** Attempt to release up to n bytes of non-essential memory currently
+** held by SQLite. An example of non-essential memory is memory used to
+** cache database pages that are not currently in use.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_release_memory(int n){
+#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
+  return sqlite3PcacheReleaseMemory(n);
+#else
+  /* IMPLEMENTATION-OF: R-34391-24921 The sqlite3_release_memory() routine
+  ** is a no-op returning zero if SQLite is not compiled with
+  ** SQLITE_ENABLE_MEMORY_MANAGEMENT. */
+  UNUSED_PARAMETER(n);
+  return 0;
+#endif
+}
+
+/*
+** An instance of the following object records the location of
+** each unused scratch buffer.
+*/
+typedef struct ScratchFreeslot {
+  struct ScratchFreeslot *pNext;   /* Next unused scratch buffer */
+} ScratchFreeslot;
+
+/*
+** State information local to the memory allocation subsystem.
+*/
+static SQLITE_WSD struct Mem0Global {
+  sqlite3_mutex *mutex;         /* Mutex to serialize access */
+  sqlite3_int64 alarmThreshold; /* The soft heap limit */
+
+  /*
+  ** Pointers to the end of sqlite3GlobalConfig.pScratch memory
+  ** (so that a range test can be used to determine if an allocation
+  ** being freed came from pScratch) and a pointer to the list of
+  ** unused scratch allocations.
+  */
+  void *pScratchEnd;
+  ScratchFreeslot *pScratchFree;
+  u32 nScratchFree;
+
+  /*
+  ** True if heap is nearly "full" where "full" is defined by the
+  ** sqlite3_soft_heap_limit() setting.
+  */
+  int nearlyFull;
+} mem0 = { 0, 0, 0, 0, 0, 0 };
+
+#define mem0 GLOBAL(struct Mem0Global, mem0)
+
+/*
+** Return the memory allocator mutex. sqlite3_status() needs it.
+*/
+SQLITE_PRIVATE sqlite3_mutex *sqlite3MallocMutex(void){
+  return mem0.mutex;
+}
+
+#ifndef SQLITE_OMIT_DEPRECATED
+/*
+** Deprecated external interface.  It used to set an alarm callback
+** that was invoked when memory usage grew too large.  Now it is a
+** no-op.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_memory_alarm(
+  void(*xCallback)(void *pArg, sqlite3_int64 used,int N),
+  void *pArg,
+  sqlite3_int64 iThreshold
+){
+  (void)xCallback;
+  (void)pArg;
+  (void)iThreshold;
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** Set the soft heap-size limit for the library. Passing a zero or 
+** negative value indicates no limit.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_soft_heap_limit64(sqlite3_int64 n){
+  sqlite3_int64 priorLimit;
+  sqlite3_int64 excess;
+  sqlite3_int64 nUsed;
+#ifndef SQLITE_OMIT_AUTOINIT
+  int rc = sqlite3_initialize();
+  if( rc ) return -1;
+#endif
+  sqlite3_mutex_enter(mem0.mutex);
+  priorLimit = mem0.alarmThreshold;
+  if( n<0 ){
+    sqlite3_mutex_leave(mem0.mutex);
+    return priorLimit;
+  }
+  mem0.alarmThreshold = n;
+  nUsed = sqlite3StatusValue(SQLITE_STATUS_MEMORY_USED);
+  mem0.nearlyFull = (n>0 && n<=nUsed);
+  sqlite3_mutex_leave(mem0.mutex);
+  excess = sqlite3_memory_used() - n;
+  if( excess>0 ) sqlite3_release_memory((int)(excess & 0x7fffffff));
+  return priorLimit;
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_soft_heap_limit(int n){
+  if( n<0 ) n = 0;
+  sqlite3_soft_heap_limit64(n);
+}
+
+/*
+** Initialize the memory allocation subsystem.
+*/
+SQLITE_PRIVATE int sqlite3MallocInit(void){
+  int rc;
+  if( sqlite3GlobalConfig.m.xMalloc==0 ){
+    sqlite3MemSetDefault();
+  }
+  memset(&mem0, 0, sizeof(mem0));
+  mem0.mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MEM);
+  if( sqlite3GlobalConfig.pScratch && sqlite3GlobalConfig.szScratch>=100
+      && sqlite3GlobalConfig.nScratch>0 ){
+    int i, n, sz;
+    ScratchFreeslot *pSlot;
+    sz = ROUNDDOWN8(sqlite3GlobalConfig.szScratch);
+    sqlite3GlobalConfig.szScratch = sz;
+    pSlot = (ScratchFreeslot*)sqlite3GlobalConfig.pScratch;
+    n = sqlite3GlobalConfig.nScratch;
+    mem0.pScratchFree = pSlot;
+    mem0.nScratchFree = n;
+    for(i=0; i<n-1; i++){
+      pSlot->pNext = (ScratchFreeslot*)(sz+(char*)pSlot);
+      pSlot = pSlot->pNext;
+    }
+    pSlot->pNext = 0;
+    mem0.pScratchEnd = (void*)&pSlot[1];
+  }else{
+    mem0.pScratchEnd = 0;
+    sqlite3GlobalConfig.pScratch = 0;
+    sqlite3GlobalConfig.szScratch = 0;
+    sqlite3GlobalConfig.nScratch = 0;
+  }
+  if( sqlite3GlobalConfig.pPage==0 || sqlite3GlobalConfig.szPage<512
+      || sqlite3GlobalConfig.nPage<=0 ){
+    sqlite3GlobalConfig.pPage = 0;
+    sqlite3GlobalConfig.szPage = 0;
+  }
+  rc = sqlite3GlobalConfig.m.xInit(sqlite3GlobalConfig.m.pAppData);
+  if( rc!=SQLITE_OK ) memset(&mem0, 0, sizeof(mem0));
+  return rc;
+}
+
+/*
+** Return true if the heap is currently under memory pressure - in other
+** words if the amount of heap used is close to the limit set by
+** sqlite3_soft_heap_limit().
+*/
+SQLITE_PRIVATE int sqlite3HeapNearlyFull(void){
+  return mem0.nearlyFull;
+}
+
+/*
+** Deinitialize the memory allocation subsystem.
+*/
+SQLITE_PRIVATE void sqlite3MallocEnd(void){
+  if( sqlite3GlobalConfig.m.xShutdown ){
+    sqlite3GlobalConfig.m.xShutdown(sqlite3GlobalConfig.m.pAppData);
+  }
+  memset(&mem0, 0, sizeof(mem0));
+}
+
+/*
+** Return the amount of memory currently checked out.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_memory_used(void){
+  sqlite3_int64 res, mx;
+  sqlite3_status64(SQLITE_STATUS_MEMORY_USED, &res, &mx, 0);
+  return res;
+}
+
+/*
+** Return the maximum amount of memory that has ever been
+** checked out since either the beginning of this process
+** or since the most recent reset.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_memory_highwater(int resetFlag){
+  sqlite3_int64 res, mx;
+  sqlite3_status64(SQLITE_STATUS_MEMORY_USED, &res, &mx, resetFlag);
+  return mx;
+}
+
+/*
+** Trigger the alarm 
+*/
+static void sqlite3MallocAlarm(int nByte){
+  if( mem0.alarmThreshold<=0 ) return;
+  sqlite3_mutex_leave(mem0.mutex);
+  sqlite3_release_memory(nByte);
+  sqlite3_mutex_enter(mem0.mutex);
+}
+
+/*
+** Do a memory allocation with statistics and alarms.  Assume the
+** lock is already held.
+*/
+static int mallocWithAlarm(int n, void **pp){
+  int nFull;
+  void *p;
+  assert( sqlite3_mutex_held(mem0.mutex) );
+  nFull = sqlite3GlobalConfig.m.xRoundup(n);
+  sqlite3StatusHighwater(SQLITE_STATUS_MALLOC_SIZE, n);
+  if( mem0.alarmThreshold>0 ){
+    sqlite3_int64 nUsed = sqlite3StatusValue(SQLITE_STATUS_MEMORY_USED);
+    if( nUsed >= mem0.alarmThreshold - nFull ){
+      mem0.nearlyFull = 1;
+      sqlite3MallocAlarm(nFull);
+    }else{
+      mem0.nearlyFull = 0;
+    }
+  }
+  p = sqlite3GlobalConfig.m.xMalloc(nFull);
+#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
+  if( p==0 && mem0.alarmThreshold>0 ){
+    sqlite3MallocAlarm(nFull);
+    p = sqlite3GlobalConfig.m.xMalloc(nFull);
+  }
+#endif
+  if( p ){
+    nFull = sqlite3MallocSize(p);
+    sqlite3StatusUp(SQLITE_STATUS_MEMORY_USED, nFull);
+    sqlite3StatusUp(SQLITE_STATUS_MALLOC_COUNT, 1);
+  }
+  *pp = p;
+  return nFull;
+}
+
+/*
+** Allocate memory.  This routine is like sqlite3_malloc() except that it
+** assumes the memory subsystem has already been initialized.
+*/
+SQLITE_PRIVATE void *sqlite3Malloc(u64 n){
+  void *p;
+  if( n==0 || n>=0x7fffff00 ){
+    /* A memory allocation of a number of bytes which is near the maximum
+    ** signed integer value might cause an integer overflow inside of the
+    ** xMalloc().  Hence we limit the maximum size to 0x7fffff00, giving
+    ** 255 bytes of overhead.  SQLite itself will never use anything near
+    ** this amount.  The only way to reach the limit is with sqlite3_malloc() */
+    p = 0;
+  }else if( sqlite3GlobalConfig.bMemstat ){
+    sqlite3_mutex_enter(mem0.mutex);
+    mallocWithAlarm((int)n, &p);
+    sqlite3_mutex_leave(mem0.mutex);
+  }else{
+    p = sqlite3GlobalConfig.m.xMalloc((int)n);
+  }
+  assert( EIGHT_BYTE_ALIGNMENT(p) );  /* IMP: R-11148-40995 */
+  return p;
+}
+
+/*
+** This version of the memory allocation is for use by the application.
+** First make sure the memory subsystem is initialized, then do the
+** allocation.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_malloc(int n){
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize() ) return 0;
+#endif
+  return n<=0 ? 0 : sqlite3Malloc(n);
+}
+SQLITE_API void *SQLITE_STDCALL sqlite3_malloc64(sqlite3_uint64 n){
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize() ) return 0;
+#endif
+  return sqlite3Malloc(n);
+}
+
+/*
+** Each thread may only have a single outstanding allocation from
+** xScratchMalloc().  We verify this constraint in the single-threaded
+** case by setting scratchAllocOut to 1 when an allocation
+** is outstanding clearing it when the allocation is freed.
+*/
+#if SQLITE_THREADSAFE==0 && !defined(NDEBUG)
+static int scratchAllocOut = 0;
+#endif
+
+
+/*
+** Allocate memory that is to be used and released right away.
+** This routine is similar to alloca() in that it is not intended
+** for situations where the memory might be held long-term.  This
+** routine is intended to get memory to old large transient data
+** structures that would not normally fit on the stack of an
+** embedded processor.
+*/
+SQLITE_PRIVATE void *sqlite3ScratchMalloc(int n){
+  void *p;
+  assert( n>0 );
+
+  sqlite3_mutex_enter(mem0.mutex);
+  sqlite3StatusHighwater(SQLITE_STATUS_SCRATCH_SIZE, n);
+  if( mem0.nScratchFree && sqlite3GlobalConfig.szScratch>=n ){
+    p = mem0.pScratchFree;
+    mem0.pScratchFree = mem0.pScratchFree->pNext;
+    mem0.nScratchFree--;
+    sqlite3StatusUp(SQLITE_STATUS_SCRATCH_USED, 1);
+    sqlite3_mutex_leave(mem0.mutex);
+  }else{
+    sqlite3_mutex_leave(mem0.mutex);
+    p = sqlite3Malloc(n);
+    if( sqlite3GlobalConfig.bMemstat && p ){
+      sqlite3_mutex_enter(mem0.mutex);
+      sqlite3StatusUp(SQLITE_STATUS_SCRATCH_OVERFLOW, sqlite3MallocSize(p));
+      sqlite3_mutex_leave(mem0.mutex);
+    }
+    sqlite3MemdebugSetType(p, MEMTYPE_SCRATCH);
+  }
+  assert( sqlite3_mutex_notheld(mem0.mutex) );
+
+
+#if SQLITE_THREADSAFE==0 && !defined(NDEBUG)
+  /* EVIDENCE-OF: R-12970-05880 SQLite will not use more than one scratch
+  ** buffers per thread.
+  **
+  ** This can only be checked in single-threaded mode.
+  */
+  assert( scratchAllocOut==0 );
+  if( p ) scratchAllocOut++;
+#endif
+
+  return p;
+}
+SQLITE_PRIVATE void sqlite3ScratchFree(void *p){
+  if( p ){
+
+#if SQLITE_THREADSAFE==0 && !defined(NDEBUG)
+    /* Verify that no more than two scratch allocation per thread
+    ** is outstanding at one time.  (This is only checked in the
+    ** single-threaded case since checking in the multi-threaded case
+    ** would be much more complicated.) */
+    assert( scratchAllocOut>=1 && scratchAllocOut<=2 );
+    scratchAllocOut--;
+#endif
+
+    if( SQLITE_WITHIN(p, sqlite3GlobalConfig.pScratch, mem0.pScratchEnd) ){
+      /* Release memory from the SQLITE_CONFIG_SCRATCH allocation */
+      ScratchFreeslot *pSlot;
+      pSlot = (ScratchFreeslot*)p;
+      sqlite3_mutex_enter(mem0.mutex);
+      pSlot->pNext = mem0.pScratchFree;
+      mem0.pScratchFree = pSlot;
+      mem0.nScratchFree++;
+      assert( mem0.nScratchFree <= (u32)sqlite3GlobalConfig.nScratch );
+      sqlite3StatusDown(SQLITE_STATUS_SCRATCH_USED, 1);
+      sqlite3_mutex_leave(mem0.mutex);
+    }else{
+      /* Release memory back to the heap */
+      assert( sqlite3MemdebugHasType(p, MEMTYPE_SCRATCH) );
+      assert( sqlite3MemdebugNoType(p, (u8)~MEMTYPE_SCRATCH) );
+      sqlite3MemdebugSetType(p, MEMTYPE_HEAP);
+      if( sqlite3GlobalConfig.bMemstat ){
+        int iSize = sqlite3MallocSize(p);
+        sqlite3_mutex_enter(mem0.mutex);
+        sqlite3StatusDown(SQLITE_STATUS_SCRATCH_OVERFLOW, iSize);
+        sqlite3StatusDown(SQLITE_STATUS_MEMORY_USED, iSize);
+        sqlite3StatusDown(SQLITE_STATUS_MALLOC_COUNT, 1);
+        sqlite3GlobalConfig.m.xFree(p);
+        sqlite3_mutex_leave(mem0.mutex);
+      }else{
+        sqlite3GlobalConfig.m.xFree(p);
+      }
+    }
+  }
+}
+
+/*
+** TRUE if p is a lookaside memory allocation from db
+*/
+#ifndef SQLITE_OMIT_LOOKASIDE
+static int isLookaside(sqlite3 *db, void *p){
+  return SQLITE_WITHIN(p, db->lookaside.pStart, db->lookaside.pEnd);
+}
+#else
+#define isLookaside(A,B) 0
+#endif
+
+/*
+** Return the size of a memory allocation previously obtained from
+** sqlite3Malloc() or sqlite3_malloc().
+*/
+SQLITE_PRIVATE int sqlite3MallocSize(void *p){
+  assert( sqlite3MemdebugHasType(p, MEMTYPE_HEAP) );
+  return sqlite3GlobalConfig.m.xSize(p);
+}
+SQLITE_PRIVATE int sqlite3DbMallocSize(sqlite3 *db, void *p){
+  assert( p!=0 );
+  if( db==0 || !isLookaside(db,p) ){
+#if SQLITE_DEBUG
+    if( db==0 ){
+      assert( sqlite3MemdebugNoType(p, (u8)~MEMTYPE_HEAP) );
+      assert( sqlite3MemdebugHasType(p, MEMTYPE_HEAP) );
+    }else{
+      assert( sqlite3MemdebugHasType(p, (MEMTYPE_LOOKASIDE|MEMTYPE_HEAP)) );
+      assert( sqlite3MemdebugNoType(p, (u8)~(MEMTYPE_LOOKASIDE|MEMTYPE_HEAP)) );
+    }
+#endif
+    return sqlite3GlobalConfig.m.xSize(p);
+  }else{
+    assert( sqlite3_mutex_held(db->mutex) );
+    return db->lookaside.sz;
+  }
+}
+SQLITE_API sqlite3_uint64 SQLITE_STDCALL sqlite3_msize(void *p){
+  assert( sqlite3MemdebugNoType(p, (u8)~MEMTYPE_HEAP) );
+  assert( sqlite3MemdebugHasType(p, MEMTYPE_HEAP) );
+  return p ? sqlite3GlobalConfig.m.xSize(p) : 0;
+}
+
+/*
+** Free memory previously obtained from sqlite3Malloc().
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_free(void *p){
+  if( p==0 ) return;  /* IMP: R-49053-54554 */
+  assert( sqlite3MemdebugHasType(p, MEMTYPE_HEAP) );
+  assert( sqlite3MemdebugNoType(p, (u8)~MEMTYPE_HEAP) );
+  if( sqlite3GlobalConfig.bMemstat ){
+    sqlite3_mutex_enter(mem0.mutex);
+    sqlite3StatusDown(SQLITE_STATUS_MEMORY_USED, sqlite3MallocSize(p));
+    sqlite3StatusDown(SQLITE_STATUS_MALLOC_COUNT, 1);
+    sqlite3GlobalConfig.m.xFree(p);
+    sqlite3_mutex_leave(mem0.mutex);
+  }else{
+    sqlite3GlobalConfig.m.xFree(p);
+  }
+}
+
+/*
+** Add the size of memory allocation "p" to the count in
+** *db->pnBytesFreed.
+*/
+static SQLITE_NOINLINE void measureAllocationSize(sqlite3 *db, void *p){
+  *db->pnBytesFreed += sqlite3DbMallocSize(db,p);
+}
+
+/*
+** Free memory that might be associated with a particular database
+** connection.
+*/
+SQLITE_PRIVATE void sqlite3DbFree(sqlite3 *db, void *p){
+  assert( db==0 || sqlite3_mutex_held(db->mutex) );
+  if( p==0 ) return;
+  if( db ){
+    if( db->pnBytesFreed ){
+      measureAllocationSize(db, p);
+      return;
+    }
+    if( isLookaside(db, p) ){
+      LookasideSlot *pBuf = (LookasideSlot*)p;
+#if SQLITE_DEBUG
+      /* Trash all content in the buffer being freed */
+      memset(p, 0xaa, db->lookaside.sz);
+#endif
+      pBuf->pNext = db->lookaside.pFree;
+      db->lookaside.pFree = pBuf;
+      db->lookaside.nOut--;
+      return;
+    }
+  }
+  assert( sqlite3MemdebugHasType(p, (MEMTYPE_LOOKASIDE|MEMTYPE_HEAP)) );
+  assert( sqlite3MemdebugNoType(p, (u8)~(MEMTYPE_LOOKASIDE|MEMTYPE_HEAP)) );
+  assert( db!=0 || sqlite3MemdebugNoType(p, MEMTYPE_LOOKASIDE) );
+  sqlite3MemdebugSetType(p, MEMTYPE_HEAP);
+  sqlite3_free(p);
+}
+
+/*
+** Change the size of an existing memory allocation
+*/
+SQLITE_PRIVATE void *sqlite3Realloc(void *pOld, u64 nBytes){
+  int nOld, nNew, nDiff;
+  void *pNew;
+  assert( sqlite3MemdebugHasType(pOld, MEMTYPE_HEAP) );
+  assert( sqlite3MemdebugNoType(pOld, (u8)~MEMTYPE_HEAP) );
+  if( pOld==0 ){
+    return sqlite3Malloc(nBytes); /* IMP: R-04300-56712 */
+  }
+  if( nBytes==0 ){
+    sqlite3_free(pOld); /* IMP: R-26507-47431 */
+    return 0;
+  }
+  if( nBytes>=0x7fffff00 ){
+    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
+    return 0;
+  }
+  nOld = sqlite3MallocSize(pOld);
+  /* IMPLEMENTATION-OF: R-46199-30249 SQLite guarantees that the second
+  ** argument to xRealloc is always a value returned by a prior call to
+  ** xRoundup. */
+  nNew = sqlite3GlobalConfig.m.xRoundup((int)nBytes);
+  if( nOld==nNew ){
+    pNew = pOld;
+  }else if( sqlite3GlobalConfig.bMemstat ){
+    sqlite3_mutex_enter(mem0.mutex);
+    sqlite3StatusHighwater(SQLITE_STATUS_MALLOC_SIZE, (int)nBytes);
+    nDiff = nNew - nOld;
+    if( sqlite3StatusValue(SQLITE_STATUS_MEMORY_USED) >= 
+          mem0.alarmThreshold-nDiff ){
+      sqlite3MallocAlarm(nDiff);
+    }
+    pNew = sqlite3GlobalConfig.m.xRealloc(pOld, nNew);
+    if( pNew==0 && mem0.alarmThreshold>0 ){
+      sqlite3MallocAlarm((int)nBytes);
+      pNew = sqlite3GlobalConfig.m.xRealloc(pOld, nNew);
+    }
+    if( pNew ){
+      nNew = sqlite3MallocSize(pNew);
+      sqlite3StatusUp(SQLITE_STATUS_MEMORY_USED, nNew-nOld);
+    }
+    sqlite3_mutex_leave(mem0.mutex);
+  }else{
+    pNew = sqlite3GlobalConfig.m.xRealloc(pOld, nNew);
+  }
+  assert( EIGHT_BYTE_ALIGNMENT(pNew) ); /* IMP: R-11148-40995 */
+  return pNew;
+}
+
+/*
+** The public interface to sqlite3Realloc.  Make sure that the memory
+** subsystem is initialized prior to invoking sqliteRealloc.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_realloc(void *pOld, int n){
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize() ) return 0;
+#endif
+  if( n<0 ) n = 0;  /* IMP: R-26507-47431 */
+  return sqlite3Realloc(pOld, n);
+}
+SQLITE_API void *SQLITE_STDCALL sqlite3_realloc64(void *pOld, sqlite3_uint64 n){
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize() ) return 0;
+#endif
+  return sqlite3Realloc(pOld, n);
+}
+
+
+/*
+** Allocate and zero memory.
+*/ 
+SQLITE_PRIVATE void *sqlite3MallocZero(u64 n){
+  void *p = sqlite3Malloc(n);
+  if( p ){
+    memset(p, 0, (size_t)n);
+  }
+  return p;
+}
+
+/*
+** Allocate and zero memory.  If the allocation fails, make
+** the mallocFailed flag in the connection pointer.
+*/
+SQLITE_PRIVATE void *sqlite3DbMallocZero(sqlite3 *db, u64 n){
+  void *p = sqlite3DbMallocRaw(db, n);
+  if( p ){
+    memset(p, 0, (size_t)n);
+  }
+  return p;
+}
+
+/*
+** Allocate and zero memory.  If the allocation fails, make
+** the mallocFailed flag in the connection pointer.
+**
+** If db!=0 and db->mallocFailed is true (indicating a prior malloc
+** failure on the same database connection) then always return 0.
+** Hence for a particular database connection, once malloc starts
+** failing, it fails consistently until mallocFailed is reset.
+** This is an important assumption.  There are many places in the
+** code that do things like this:
+**
+**         int *a = (int*)sqlite3DbMallocRaw(db, 100);
+**         int *b = (int*)sqlite3DbMallocRaw(db, 200);
+**         if( b ) a[10] = 9;
+**
+** In other words, if a subsequent malloc (ex: "b") worked, it is assumed
+** that all prior mallocs (ex: "a") worked too.
+*/
+SQLITE_PRIVATE void *sqlite3DbMallocRaw(sqlite3 *db, u64 n){
+  void *p;
+  assert( db==0 || sqlite3_mutex_held(db->mutex) );
+  assert( db==0 || db->pnBytesFreed==0 );
+#ifndef SQLITE_OMIT_LOOKASIDE
+  if( db ){
+    LookasideSlot *pBuf;
+    if( db->mallocFailed ){
+      return 0;
+    }
+    if( db->lookaside.bEnabled ){
+      if( n>db->lookaside.sz ){
+        db->lookaside.anStat[1]++;
+      }else if( (pBuf = db->lookaside.pFree)==0 ){
+        db->lookaside.anStat[2]++;
+      }else{
+        db->lookaside.pFree = pBuf->pNext;
+        db->lookaside.nOut++;
+        db->lookaside.anStat[0]++;
+        if( db->lookaside.nOut>db->lookaside.mxOut ){
+          db->lookaside.mxOut = db->lookaside.nOut;
+        }
+        return (void*)pBuf;
+      }
+    }
+  }
+#else
+  if( db && db->mallocFailed ){
+    return 0;
+  }
+#endif
+  p = sqlite3Malloc(n);
+  if( !p && db ){
+    db->mallocFailed = 1;
+  }
+  sqlite3MemdebugSetType(p, 
+         (db && db->lookaside.bEnabled) ? MEMTYPE_LOOKASIDE : MEMTYPE_HEAP);
+  return p;
+}
+
+/*
+** Resize the block of memory pointed to by p to n bytes. If the
+** resize fails, set the mallocFailed flag in the connection object.
+*/
+SQLITE_PRIVATE void *sqlite3DbRealloc(sqlite3 *db, void *p, u64 n){
+  void *pNew = 0;
+  assert( db!=0 );
+  assert( sqlite3_mutex_held(db->mutex) );
+  if( db->mallocFailed==0 ){
+    if( p==0 ){
+      return sqlite3DbMallocRaw(db, n);
+    }
+    if( isLookaside(db, p) ){
+      if( n<=db->lookaside.sz ){
+        return p;
+      }
+      pNew = sqlite3DbMallocRaw(db, n);
+      if( pNew ){
+        memcpy(pNew, p, db->lookaside.sz);
+        sqlite3DbFree(db, p);
+      }
+    }else{
+      assert( sqlite3MemdebugHasType(p, (MEMTYPE_LOOKASIDE|MEMTYPE_HEAP)) );
+      assert( sqlite3MemdebugNoType(p, (u8)~(MEMTYPE_LOOKASIDE|MEMTYPE_HEAP)) );
+      sqlite3MemdebugSetType(p, MEMTYPE_HEAP);
+      pNew = sqlite3_realloc64(p, n);
+      if( !pNew ){
+        db->mallocFailed = 1;
+      }
+      sqlite3MemdebugSetType(pNew,
+            (db->lookaside.bEnabled ? MEMTYPE_LOOKASIDE : MEMTYPE_HEAP));
+    }
+  }
+  return pNew;
+}
+
+/*
+** Attempt to reallocate p.  If the reallocation fails, then free p
+** and set the mallocFailed flag in the database connection.
+*/
+SQLITE_PRIVATE void *sqlite3DbReallocOrFree(sqlite3 *db, void *p, u64 n){
+  void *pNew;
+  pNew = sqlite3DbRealloc(db, p, n);
+  if( !pNew ){
+    sqlite3DbFree(db, p);
+  }
+  return pNew;
+}
+
+/*
+** Make a copy of a string in memory obtained from sqliteMalloc(). These 
+** functions call sqlite3MallocRaw() directly instead of sqliteMalloc(). This
+** is because when memory debugging is turned on, these two functions are 
+** called via macros that record the current file and line number in the
+** ThreadData structure.
+*/
+SQLITE_PRIVATE char *sqlite3DbStrDup(sqlite3 *db, const char *z){
+  char *zNew;
+  size_t n;
+  if( z==0 ){
+    return 0;
+  }
+  n = sqlite3Strlen30(z) + 1;
+  assert( (n&0x7fffffff)==n );
+  zNew = sqlite3DbMallocRaw(db, (int)n);
+  if( zNew ){
+    memcpy(zNew, z, n);
+  }
+  return zNew;
+}
+SQLITE_PRIVATE char *sqlite3DbStrNDup(sqlite3 *db, const char *z, u64 n){
+  char *zNew;
+  if( z==0 ){
+    return 0;
+  }
+  assert( (n&0x7fffffff)==n );
+  zNew = sqlite3DbMallocRaw(db, n+1);
+  if( zNew ){
+    memcpy(zNew, z, (size_t)n);
+    zNew[n] = 0;
+  }
+  return zNew;
+}
+
+/*
+** Free any prior content in *pz and replace it with a copy of zNew.
+*/
+SQLITE_PRIVATE void sqlite3SetString(char **pz, sqlite3 *db, const char *zNew){
+  sqlite3DbFree(db, *pz);
+  *pz = sqlite3DbStrDup(db, zNew);
+}
+
+/*
+** Take actions at the end of an API call to indicate an OOM error
+*/
+static SQLITE_NOINLINE int apiOomError(sqlite3 *db){
+  db->mallocFailed = 0;
+  sqlite3Error(db, SQLITE_NOMEM);
+  return SQLITE_NOMEM;
+}
+
+/*
+** This function must be called before exiting any API function (i.e. 
+** returning control to the user) that has called sqlite3_malloc or
+** sqlite3_realloc.
+**
+** The returned value is normally a copy of the second argument to this
+** function. However, if a malloc() failure has occurred since the previous
+** invocation SQLITE_NOMEM is returned instead. 
+**
+** If an OOM as occurred, then the connection error-code (the value
+** returned by sqlite3_errcode()) is set to SQLITE_NOMEM.
+*/
+SQLITE_PRIVATE int sqlite3ApiExit(sqlite3* db, int rc){
+  /* If the db handle must hold the connection handle mutex here.
+  ** Otherwise the read (and possible write) of db->mallocFailed 
+  ** is unsafe, as is the call to sqlite3Error().
+  */
+  assert( db!=0 );
+  assert( sqlite3_mutex_held(db->mutex) );
+  if( db->mallocFailed || rc==SQLITE_IOERR_NOMEM ){
+    return apiOomError(db);
+  }
+  return rc & db->errMask;
+}
+
+/************** End of malloc.c **********************************************/
+/************** Begin file printf.c ******************************************/
+/*
+** The "printf" code that follows dates from the 1980's.  It is in
+** the public domain. 
+**
+**************************************************************************
+**
+** This file contains code for a set of "printf"-like routines.  These
+** routines format strings much like the printf() from the standard C
+** library, though the implementation here has enhancements to support
+** SQLite.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** Conversion types fall into various categories as defined by the
+** following enumeration.
+*/
+#define etRADIX       1 /* Integer types.  %d, %x, %o, and so forth */
+#define etFLOAT       2 /* Floating point.  %f */
+#define etEXP         3 /* Exponentional notation. %e and %E */
+#define etGENERIC     4 /* Floating or exponential, depending on exponent. %g */
+#define etSIZE        5 /* Return number of characters processed so far. %n */
+#define etSTRING      6 /* Strings. %s */
+#define etDYNSTRING   7 /* Dynamically allocated strings. %z */
+#define etPERCENT     8 /* Percent symbol. %% */
+#define etCHARX       9 /* Characters. %c */
+/* The rest are extensions, not normally found in printf() */
+#define etSQLESCAPE  10 /* Strings with '\'' doubled.  %q */
+#define etSQLESCAPE2 11 /* Strings with '\'' doubled and enclosed in '',
+                          NULL pointers replaced by SQL NULL.  %Q */
+#define etTOKEN      12 /* a pointer to a Token structure */
+#define etSRCLIST    13 /* a pointer to a SrcList */
+#define etPOINTER    14 /* The %p conversion */
+#define etSQLESCAPE3 15 /* %w -> Strings with '\"' doubled */
+#define etORDINAL    16 /* %r -> 1st, 2nd, 3rd, 4th, etc.  English only */
+
+#define etINVALID     0 /* Any unrecognized conversion type */
+
+
+/*
+** An "etByte" is an 8-bit unsigned value.
+*/
+typedef unsigned char etByte;
+
+/*
+** Each builtin conversion character (ex: the 'd' in "%d") is described
+** by an instance of the following structure
+*/
+typedef struct et_info {   /* Information about each format field */
+  char fmttype;            /* The format field code letter */
+  etByte base;             /* The base for radix conversion */
+  etByte flags;            /* One or more of FLAG_ constants below */
+  etByte type;             /* Conversion paradigm */
+  etByte charset;          /* Offset into aDigits[] of the digits string */
+  etByte prefix;           /* Offset into aPrefix[] of the prefix string */
+} et_info;
+
+/*
+** Allowed values for et_info.flags
+*/
+#define FLAG_SIGNED  1     /* True if the value to convert is signed */
+#define FLAG_INTERN  2     /* True if for internal use only */
+#define FLAG_STRING  4     /* Allow infinity precision */
+
+
+/*
+** The following table is searched linearly, so it is good to put the
+** most frequently used conversion types first.
+*/
+static const char aDigits[] = "0123456789ABCDEF0123456789abcdef";
+static const char aPrefix[] = "-x0\000X0";
+static const et_info fmtinfo[] = {
+  {  'd', 10, 1, etRADIX,      0,  0 },
+  {  's',  0, 4, etSTRING,     0,  0 },
+  {  'g',  0, 1, etGENERIC,    30, 0 },
+  {  'z',  0, 4, etDYNSTRING,  0,  0 },
+  {  'q',  0, 4, etSQLESCAPE,  0,  0 },
+  {  'Q',  0, 4, etSQLESCAPE2, 0,  0 },
+  {  'w',  0, 4, etSQLESCAPE3, 0,  0 },
+  {  'c',  0, 0, etCHARX,      0,  0 },
+  {  'o',  8, 0, etRADIX,      0,  2 },
+  {  'u', 10, 0, etRADIX,      0,  0 },
+  {  'x', 16, 0, etRADIX,      16, 1 },
+  {  'X', 16, 0, etRADIX,      0,  4 },
+#ifndef SQLITE_OMIT_FLOATING_POINT
+  {  'f',  0, 1, etFLOAT,      0,  0 },
+  {  'e',  0, 1, etEXP,        30, 0 },
+  {  'E',  0, 1, etEXP,        14, 0 },
+  {  'G',  0, 1, etGENERIC,    14, 0 },
+#endif
+  {  'i', 10, 1, etRADIX,      0,  0 },
+  {  'n',  0, 0, etSIZE,       0,  0 },
+  {  '%',  0, 0, etPERCENT,    0,  0 },
+  {  'p', 16, 0, etPOINTER,    0,  1 },
+
+/* All the rest have the FLAG_INTERN bit set and are thus for internal
+** use only */
+  {  'T',  0, 2, etTOKEN,      0,  0 },
+  {  'S',  0, 2, etSRCLIST,    0,  0 },
+  {  'r', 10, 3, etORDINAL,    0,  0 },
+};
+
+/*
+** If SQLITE_OMIT_FLOATING_POINT is defined, then none of the floating point
+** conversions will work.
+*/
+#ifndef SQLITE_OMIT_FLOATING_POINT
+/*
+** "*val" is a double such that 0.1 <= *val < 10.0
+** Return the ascii code for the leading digit of *val, then
+** multiply "*val" by 10.0 to renormalize.
+**
+** Example:
+**     input:     *val = 3.14159
+**     output:    *val = 1.4159    function return = '3'
+**
+** The counter *cnt is incremented each time.  After counter exceeds
+** 16 (the number of significant digits in a 64-bit float) '0' is
+** always returned.
+*/
+static char et_getdigit(LONGDOUBLE_TYPE *val, int *cnt){
+  int digit;
+  LONGDOUBLE_TYPE d;
+  if( (*cnt)<=0 ) return '0';
+  (*cnt)--;
+  digit = (int)*val;
+  d = digit;
+  digit += '0';
+  *val = (*val - d)*10.0;
+  return (char)digit;
+}
+#endif /* SQLITE_OMIT_FLOATING_POINT */
+
+/*
+** Set the StrAccum object to an error mode.
+*/
+static void setStrAccumError(StrAccum *p, u8 eError){
+  assert( eError==STRACCUM_NOMEM || eError==STRACCUM_TOOBIG );
+  p->accError = eError;
+  p->nAlloc = 0;
+}
+
+/*
+** Extra argument values from a PrintfArguments object
+*/
+static sqlite3_int64 getIntArg(PrintfArguments *p){
+  if( p->nArg<=p->nUsed ) return 0;
+  return sqlite3_value_int64(p->apArg[p->nUsed++]);
+}
+static double getDoubleArg(PrintfArguments *p){
+  if( p->nArg<=p->nUsed ) return 0.0;
+  return sqlite3_value_double(p->apArg[p->nUsed++]);
+}
+static char *getTextArg(PrintfArguments *p){
+  if( p->nArg<=p->nUsed ) return 0;
+  return (char*)sqlite3_value_text(p->apArg[p->nUsed++]);
+}
+
+
+/*
+** On machines with a small stack size, you can redefine the
+** SQLITE_PRINT_BUF_SIZE to be something smaller, if desired.
+*/
+#ifndef SQLITE_PRINT_BUF_SIZE
+# define SQLITE_PRINT_BUF_SIZE 70
+#endif
+#define etBUFSIZE SQLITE_PRINT_BUF_SIZE  /* Size of the output buffer */
+
+/*
+** Render a string given by "fmt" into the StrAccum object.
+*/
+SQLITE_PRIVATE void sqlite3VXPrintf(
+  StrAccum *pAccum,          /* Accumulate results here */
+  u32 bFlags,                /* SQLITE_PRINTF_* flags */
+  const char *fmt,           /* Format string */
+  va_list ap                 /* arguments */
+){
+  int c;                     /* Next character in the format string */
+  char *bufpt;               /* Pointer to the conversion buffer */
+  int precision;             /* Precision of the current field */
+  int length;                /* Length of the field */
+  int idx;                   /* A general purpose loop counter */
+  int width;                 /* Width of the current field */
+  etByte flag_leftjustify;   /* True if "-" flag is present */
+  etByte flag_plussign;      /* True if "+" flag is present */
+  etByte flag_blanksign;     /* True if " " flag is present */
+  etByte flag_alternateform; /* True if "#" flag is present */
+  etByte flag_altform2;      /* True if "!" flag is present */
+  etByte flag_zeropad;       /* True if field width constant starts with zero */
+  etByte flag_long;          /* True if "l" flag is present */
+  etByte flag_longlong;      /* True if the "ll" flag is present */
+  etByte done;               /* Loop termination flag */
+  etByte xtype = 0;          /* Conversion paradigm */
+  u8 bArgList;               /* True for SQLITE_PRINTF_SQLFUNC */
+  u8 useIntern;              /* Ok to use internal conversions (ex: %T) */
+  char prefix;               /* Prefix character.  "+" or "-" or " " or '\0'. */
+  sqlite_uint64 longvalue;   /* Value for integer types */
+  LONGDOUBLE_TYPE realvalue; /* Value for real types */
+  const et_info *infop;      /* Pointer to the appropriate info structure */
+  char *zOut;                /* Rendering buffer */
+  int nOut;                  /* Size of the rendering buffer */
+  char *zExtra = 0;          /* Malloced memory used by some conversion */
+#ifndef SQLITE_OMIT_FLOATING_POINT
+  int  exp, e2;              /* exponent of real numbers */
+  int nsd;                   /* Number of significant digits returned */
+  double rounder;            /* Used for rounding floating point values */
+  etByte flag_dp;            /* True if decimal point should be shown */
+  etByte flag_rtz;           /* True if trailing zeros should be removed */
+#endif
+  PrintfArguments *pArgList = 0; /* Arguments for SQLITE_PRINTF_SQLFUNC */
+  char buf[etBUFSIZE];       /* Conversion buffer */
+
+  bufpt = 0;
+  if( bFlags ){
+    if( (bArgList = (bFlags & SQLITE_PRINTF_SQLFUNC))!=0 ){
+      pArgList = va_arg(ap, PrintfArguments*);
+    }
+    useIntern = bFlags & SQLITE_PRINTF_INTERNAL;
+  }else{
+    bArgList = useIntern = 0;
+  }
+  for(; (c=(*fmt))!=0; ++fmt){
+    if( c!='%' ){
+      bufpt = (char *)fmt;
+#if HAVE_STRCHRNUL
+      fmt = strchrnul(fmt, '%');
+#else
+      do{ fmt++; }while( *fmt && *fmt != '%' );
+#endif
+      sqlite3StrAccumAppend(pAccum, bufpt, (int)(fmt - bufpt));
+      if( *fmt==0 ) break;
+    }
+    if( (c=(*++fmt))==0 ){
+      sqlite3StrAccumAppend(pAccum, "%", 1);
+      break;
+    }
+    /* Find out what flags are present */
+    flag_leftjustify = flag_plussign = flag_blanksign = 
+     flag_alternateform = flag_altform2 = flag_zeropad = 0;
+    done = 0;
+    do{
+      switch( c ){
+        case '-':   flag_leftjustify = 1;     break;
+        case '+':   flag_plussign = 1;        break;
+        case ' ':   flag_blanksign = 1;       break;
+        case '#':   flag_alternateform = 1;   break;
+        case '!':   flag_altform2 = 1;        break;
+        case '0':   flag_zeropad = 1;         break;
+        default:    done = 1;                 break;
+      }
+    }while( !done && (c=(*++fmt))!=0 );
+    /* Get the field width */
+    if( c=='*' ){
+      if( bArgList ){
+        width = (int)getIntArg(pArgList);
+      }else{
+        width = va_arg(ap,int);
+      }
+      if( width<0 ){
+        flag_leftjustify = 1;
+        width = width >= -2147483647 ? -width : 0;
+      }
+      c = *++fmt;
+    }else{
+      unsigned wx = 0;
+      while( c>='0' && c<='9' ){
+        wx = wx*10 + c - '0';
+        c = *++fmt;
+      }
+      testcase( wx>0x7fffffff );
+      width = wx & 0x7fffffff;
+    }
+    assert( width>=0 );
+#ifdef SQLITE_PRINTF_PRECISION_LIMIT
+    if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
+      width = SQLITE_PRINTF_PRECISION_LIMIT;
+    }
+#endif
+
+    /* Get the precision */
+    if( c=='.' ){
+      c = *++fmt;
+      if( c=='*' ){
+        if( bArgList ){
+          precision = (int)getIntArg(pArgList);
+        }else{
+          precision = va_arg(ap,int);
+        }
+        c = *++fmt;
+        if( precision<0 ){
+          precision = precision >= -2147483647 ? -precision : -1;
+        }
+      }else{
+        unsigned px = 0;
+        while( c>='0' && c<='9' ){
+          px = px*10 + c - '0';
+          c = *++fmt;
+        }
+        testcase( px>0x7fffffff );
+        precision = px & 0x7fffffff;
+      }
+    }else{
+      precision = -1;
+    }
+    assert( precision>=(-1) );
+#ifdef SQLITE_PRINTF_PRECISION_LIMIT
+    if( precision>SQLITE_PRINTF_PRECISION_LIMIT ){
+      precision = SQLITE_PRINTF_PRECISION_LIMIT;
+    }
+#endif
+
+
+    /* Get the conversion type modifier */
+    if( c=='l' ){
+      flag_long = 1;
+      c = *++fmt;
+      if( c=='l' ){
+        flag_longlong = 1;
+        c = *++fmt;
+      }else{
+        flag_longlong = 0;
+      }
+    }else{
+      flag_long = flag_longlong = 0;
+    }
+    /* Fetch the info entry for the field */
+    infop = &fmtinfo[0];
+    xtype = etINVALID;
+    for(idx=0; idx<ArraySize(fmtinfo); idx++){
+      if( c==fmtinfo[idx].fmttype ){
+        infop = &fmtinfo[idx];
+        if( useIntern || (infop->flags & FLAG_INTERN)==0 ){
+          xtype = infop->type;
+        }else{
+          return;
+        }
+        break;
+      }
+    }
+
+    /*
+    ** At this point, variables are initialized as follows:
+    **
+    **   flag_alternateform          TRUE if a '#' is present.
+    **   flag_altform2               TRUE if a '!' is present.
+    **   flag_plussign               TRUE if a '+' is present.
+    **   flag_leftjustify            TRUE if a '-' is present or if the
+    **                               field width was negative.
+    **   flag_zeropad                TRUE if the width began with 0.
+    **   flag_long                   TRUE if the letter 'l' (ell) prefixed
+    **                               the conversion character.
+    **   flag_longlong               TRUE if the letter 'll' (ell ell) prefixed
+    **                               the conversion character.
+    **   flag_blanksign              TRUE if a ' ' is present.
+    **   width                       The specified field width.  This is
+    **                               always non-negative.  Zero is the default.
+    **   precision                   The specified precision.  The default
+    **                               is -1.
+    **   xtype                       The class of the conversion.
+    **   infop                       Pointer to the appropriate info struct.
+    */
+    switch( xtype ){
+      case etPOINTER:
+        flag_longlong = sizeof(char*)==sizeof(i64);
+        flag_long = sizeof(char*)==sizeof(long int);
+        /* Fall through into the next case */
+      case etORDINAL:
+      case etRADIX:
+        if( infop->flags & FLAG_SIGNED ){
+          i64 v;
+          if( bArgList ){
+            v = getIntArg(pArgList);
+          }else if( flag_longlong ){
+            v = va_arg(ap,i64);
+          }else if( flag_long ){
+            v = va_arg(ap,long int);
+          }else{
+            v = va_arg(ap,int);
+          }
+          if( v<0 ){
+            if( v==SMALLEST_INT64 ){
+              longvalue = ((u64)1)<<63;
+            }else{
+              longvalue = -v;
+            }
+            prefix = '-';
+          }else{
+            longvalue = v;
+            if( flag_plussign )        prefix = '+';
+            else if( flag_blanksign )  prefix = ' ';
+            else                       prefix = 0;
+          }
+        }else{
+          if( bArgList ){
+            longvalue = (u64)getIntArg(pArgList);
+          }else if( flag_longlong ){
+            longvalue = va_arg(ap,u64);
+          }else if( flag_long ){
+            longvalue = va_arg(ap,unsigned long int);
+          }else{
+            longvalue = va_arg(ap,unsigned int);
+          }
+          prefix = 0;
+        }
+        if( longvalue==0 ) flag_alternateform = 0;
+        if( flag_zeropad && precision<width-(prefix!=0) ){
+          precision = width-(prefix!=0);
+        }
+        if( precision<etBUFSIZE-10 ){
+          nOut = etBUFSIZE;
+          zOut = buf;
+        }else{
+          nOut = precision + 10;
+          zOut = zExtra = sqlite3Malloc( nOut );
+          if( zOut==0 ){
+            setStrAccumError(pAccum, STRACCUM_NOMEM);
+            return;
+          }
+        }
+        bufpt = &zOut[nOut-1];
+        if( xtype==etORDINAL ){
+          static const char zOrd[] = "thstndrd";
+          int x = (int)(longvalue % 10);
+          if( x>=4 || (longvalue/10)%10==1 ){
+            x = 0;
+          }
+          *(--bufpt) = zOrd[x*2+1];
+          *(--bufpt) = zOrd[x*2];
+        }
+        {
+          const char *cset = &aDigits[infop->charset];
+          u8 base = infop->base;
+          do{                                           /* Convert to ascii */
+            *(--bufpt) = cset[longvalue%base];
+            longvalue = longvalue/base;
+          }while( longvalue>0 );
+        }
+        length = (int)(&zOut[nOut-1]-bufpt);
+        for(idx=precision-length; idx>0; idx--){
+          *(--bufpt) = '0';                             /* Zero pad */
+        }
+        if( prefix ) *(--bufpt) = prefix;               /* Add sign */
+        if( flag_alternateform && infop->prefix ){      /* Add "0" or "0x" */
+          const char *pre;
+          char x;
+          pre = &aPrefix[infop->prefix];
+          for(; (x=(*pre))!=0; pre++) *(--bufpt) = x;
+        }
+        length = (int)(&zOut[nOut-1]-bufpt);
+        break;
+      case etFLOAT:
+      case etEXP:
+      case etGENERIC:
+        if( bArgList ){
+          realvalue = getDoubleArg(pArgList);
+        }else{
+          realvalue = va_arg(ap,double);
+        }
+#ifdef SQLITE_OMIT_FLOATING_POINT
+        length = 0;
+#else
+        if( precision<0 ) precision = 6;         /* Set default precision */
+        if( realvalue<0.0 ){
+          realvalue = -realvalue;
+          prefix = '-';
+        }else{
+          if( flag_plussign )          prefix = '+';
+          else if( flag_blanksign )    prefix = ' ';
+          else                         prefix = 0;
+        }
+        if( xtype==etGENERIC && precision>0 ) precision--;
+        testcase( precision>0xfff );
+        for(idx=precision&0xfff, rounder=0.5; idx>0; idx--, rounder*=0.1){}
+        if( xtype==etFLOAT ) realvalue += rounder;
+        /* Normalize realvalue to within 10.0 > realvalue >= 1.0 */
+        exp = 0;
+        if( sqlite3IsNaN((double)realvalue) ){
+          bufpt = "NaN";
+          length = 3;
+          break;
+        }
+        if( realvalue>0.0 ){
+          LONGDOUBLE_TYPE scale = 1.0;
+          while( realvalue>=1e100*scale && exp<=350 ){ scale *= 1e100;exp+=100;}
+          while( realvalue>=1e10*scale && exp<=350 ){ scale *= 1e10; exp+=10; }
+          while( realvalue>=10.0*scale && exp<=350 ){ scale *= 10.0; exp++; }
+          realvalue /= scale;
+          while( realvalue<1e-8 ){ realvalue *= 1e8; exp-=8; }
+          while( realvalue<1.0 ){ realvalue *= 10.0; exp--; }
+          if( exp>350 ){
+            bufpt = buf;
+            buf[0] = prefix;
+            memcpy(buf+(prefix!=0),"Inf",4);
+            length = 3+(prefix!=0);
+            break;
+          }
+        }
+        bufpt = buf;
+        /*
+        ** If the field type is etGENERIC, then convert to either etEXP
+        ** or etFLOAT, as appropriate.
+        */
+        if( xtype!=etFLOAT ){
+          realvalue += rounder;
+          if( realvalue>=10.0 ){ realvalue *= 0.1; exp++; }
+        }
+        if( xtype==etGENERIC ){
+          flag_rtz = !flag_alternateform;
+          if( exp<-4 || exp>precision ){
+            xtype = etEXP;
+          }else{
+            precision = precision - exp;
+            xtype = etFLOAT;
+          }
+        }else{
+          flag_rtz = flag_altform2;
+        }
+        if( xtype==etEXP ){
+          e2 = 0;
+        }else{
+          e2 = exp;
+        }
+        if( MAX(e2,0)+(i64)precision+(i64)width > etBUFSIZE - 15 ){
+          bufpt = zExtra 
+              = sqlite3Malloc( MAX(e2,0)+(i64)precision+(i64)width+15 );
+          if( bufpt==0 ){
+            setStrAccumError(pAccum, STRACCUM_NOMEM);
+            return;
+          }
+        }
+        zOut = bufpt;
+        nsd = 16 + flag_altform2*10;
+        flag_dp = (precision>0 ?1:0) | flag_alternateform | flag_altform2;
+        /* The sign in front of the number */
+        if( prefix ){
+          *(bufpt++) = prefix;
+        }
+        /* Digits prior to the decimal point */
+        if( e2<0 ){
+          *(bufpt++) = '0';
+        }else{
+          for(; e2>=0; e2--){
+            *(bufpt++) = et_getdigit(&realvalue,&nsd);
+          }
+        }
+        /* The decimal point */
+        if( flag_dp ){
+          *(bufpt++) = '.';
+        }
+        /* "0" digits after the decimal point but before the first
+        ** significant digit of the number */
+        for(e2++; e2<0; precision--, e2++){
+          assert( precision>0 );
+          *(bufpt++) = '0';
+        }
+        /* Significant digits after the decimal point */
+        while( (precision--)>0 ){
+          *(bufpt++) = et_getdigit(&realvalue,&nsd);
+        }
+        /* Remove trailing zeros and the "." if no digits follow the "." */
+        if( flag_rtz && flag_dp ){
+          while( bufpt[-1]=='0' ) *(--bufpt) = 0;
+          assert( bufpt>zOut );
+          if( bufpt[-1]=='.' ){
+            if( flag_altform2 ){
+              *(bufpt++) = '0';
+            }else{
+              *(--bufpt) = 0;
+            }
+          }
+        }
+        /* Add the "eNNN" suffix */
+        if( xtype==etEXP ){
+          *(bufpt++) = aDigits[infop->charset];
+          if( exp<0 ){
+            *(bufpt++) = '-'; exp = -exp;
+          }else{
+            *(bufpt++) = '+';
+          }
+          if( exp>=100 ){
+            *(bufpt++) = (char)((exp/100)+'0');        /* 100's digit */
+            exp %= 100;
+          }
+          *(bufpt++) = (char)(exp/10+'0');             /* 10's digit */
+          *(bufpt++) = (char)(exp%10+'0');             /* 1's digit */
+        }
+        *bufpt = 0;
+
+        /* The converted number is in buf[] and zero terminated. Output it.
+        ** Note that the number is in the usual order, not reversed as with
+        ** integer conversions. */
+        length = (int)(bufpt-zOut);
+        bufpt = zOut;
+
+        /* Special case:  Add leading zeros if the flag_zeropad flag is
+        ** set and we are not left justified */
+        if( flag_zeropad && !flag_leftjustify && length < width){
+          int i;
+          int nPad = width - length;
+          for(i=width; i>=nPad; i--){
+            bufpt[i] = bufpt[i-nPad];
+          }
+          i = prefix!=0;
+          while( nPad-- ) bufpt[i++] = '0';
+          length = width;
+        }
+#endif /* !defined(SQLITE_OMIT_FLOATING_POINT) */
+        break;
+      case etSIZE:
+        if( !bArgList ){
+          *(va_arg(ap,int*)) = pAccum->nChar;
+        }
+        length = width = 0;
+        break;
+      case etPERCENT:
+        buf[0] = '%';
+        bufpt = buf;
+        length = 1;
+        break;
+      case etCHARX:
+        if( bArgList ){
+          bufpt = getTextArg(pArgList);
+          c = bufpt ? bufpt[0] : 0;
+        }else{
+          c = va_arg(ap,int);
+        }
+        if( precision>1 ){
+          width -= precision-1;
+          if( width>1 && !flag_leftjustify ){
+            sqlite3AppendChar(pAccum, width-1, ' ');
+            width = 0;
+          }
+          sqlite3AppendChar(pAccum, precision-1, c);
+        }
+        length = 1;
+        buf[0] = c;
+        bufpt = buf;
+        break;
+      case etSTRING:
+      case etDYNSTRING:
+        if( bArgList ){
+          bufpt = getTextArg(pArgList);
+          xtype = etSTRING;
+        }else{
+          bufpt = va_arg(ap,char*);
+        }
+        if( bufpt==0 ){
+          bufpt = "";
+        }else if( xtype==etDYNSTRING ){
+          zExtra = bufpt;
+        }
+        if( precision>=0 ){
+          for(length=0; length<precision && bufpt[length]; length++){}
+        }else{
+          length = sqlite3Strlen30(bufpt);
+        }
+        break;
+      case etSQLESCAPE:           /* Escape ' characters */
+      case etSQLESCAPE2:          /* Escape ' and enclose in '...' */
+      case etSQLESCAPE3: {        /* Escape " characters */
+        int i, j, k, n, isnull;
+        int needQuote;
+        char ch;
+        char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
+        char *escarg;
+
+        if( bArgList ){
+          escarg = getTextArg(pArgList);
+        }else{
+          escarg = va_arg(ap,char*);
+        }
+        isnull = escarg==0;
+        if( isnull ) escarg = (xtype==etSQLESCAPE2 ? "NULL" : "(NULL)");
+        k = precision;
+        for(i=n=0; k!=0 && (ch=escarg[i])!=0; i++, k--){
+          if( ch==q )  n++;
+        }
+        needQuote = !isnull && xtype==etSQLESCAPE2;
+        n += i + 3;
+        if( n>etBUFSIZE ){
+          bufpt = zExtra = sqlite3Malloc( n );
+          if( bufpt==0 ){
+            setStrAccumError(pAccum, STRACCUM_NOMEM);
+            return;
+          }
+        }else{
+          bufpt = buf;
+        }
+        j = 0;
+        if( needQuote ) bufpt[j++] = q;
+        k = i;
+        for(i=0; i<k; i++){
+          bufpt[j++] = ch = escarg[i];
+          if( ch==q ) bufpt[j++] = ch;
+        }
+        if( needQuote ) bufpt[j++] = q;
+        bufpt[j] = 0;
+        length = j;
+        /* The precision in %q and %Q means how many input characters to
+        ** consume, not the length of the output...
+        ** if( precision>=0 && precision<length ) length = precision; */
+        break;
+      }
+      case etTOKEN: {
+        Token *pToken = va_arg(ap, Token*);
+        assert( bArgList==0 );
+        if( pToken && pToken->n ){
+          sqlite3StrAccumAppend(pAccum, (const char*)pToken->z, pToken->n);
+        }
+        length = width = 0;
+        break;
+      }
+      case etSRCLIST: {
+        SrcList *pSrc = va_arg(ap, SrcList*);
+        int k = va_arg(ap, int);
+        struct SrcList_item *pItem = &pSrc->a[k];
+        assert( bArgList==0 );
+        assert( k>=0 && k<pSrc->nSrc );
+        if( pItem->zDatabase ){
+          sqlite3StrAccumAppendAll(pAccum, pItem->zDatabase);
+          sqlite3StrAccumAppend(pAccum, ".", 1);
+        }
+        sqlite3StrAccumAppendAll(pAccum, pItem->zName);
+        length = width = 0;
+        break;
+      }
+      default: {
+        assert( xtype==etINVALID );
+        return;
+      }
+    }/* End switch over the format type */
+    /*
+    ** The text of the conversion is pointed to by "bufpt" and is
+    ** "length" characters long.  The field width is "width".  Do
+    ** the output.
+    */
+    width -= length;
+    if( width>0 && !flag_leftjustify ) sqlite3AppendChar(pAccum, width, ' ');
+    sqlite3StrAccumAppend(pAccum, bufpt, length);
+    if( width>0 && flag_leftjustify ) sqlite3AppendChar(pAccum, width, ' ');
+
+    if( zExtra ){
+      sqlite3DbFree(pAccum->db, zExtra);
+      zExtra = 0;
+    }
+  }/* End for loop over the format string */
+} /* End of function */
+
+/*
+** Enlarge the memory allocation on a StrAccum object so that it is
+** able to accept at least N more bytes of text.
+**
+** Return the number of bytes of text that StrAccum is able to accept
+** after the attempted enlargement.  The value returned might be zero.
+*/
+static int sqlite3StrAccumEnlarge(StrAccum *p, int N){
+  char *zNew;
+  assert( p->nChar+(i64)N >= p->nAlloc ); /* Only called if really needed */
+  if( p->accError ){
+    testcase(p->accError==STRACCUM_TOOBIG);
+    testcase(p->accError==STRACCUM_NOMEM);
+    return 0;
+  }
+  if( p->mxAlloc==0 ){
+    N = p->nAlloc - p->nChar - 1;
+    setStrAccumError(p, STRACCUM_TOOBIG);
+    return N;
+  }else{
+    char *zOld = p->bMalloced ? p->zText : 0;
+    i64 szNew = p->nChar;
+    assert( (p->zText==0 || p->zText==p->zBase)==(p->bMalloced==0) );
+    szNew += N + 1;
+    if( szNew+p->nChar<=p->mxAlloc ){
+      /* Force exponential buffer size growth as long as it does not overflow,
+      ** to avoid having to call this routine too often */
+      szNew += p->nChar;
+    }
+    if( szNew > p->mxAlloc ){
+      sqlite3StrAccumReset(p);
+      setStrAccumError(p, STRACCUM_TOOBIG);
+      return 0;
+    }else{
+      p->nAlloc = (int)szNew;
+    }
+    if( p->db ){
+      zNew = sqlite3DbRealloc(p->db, zOld, p->nAlloc);
+    }else{
+      zNew = sqlite3_realloc64(zOld, p->nAlloc);
+    }
+    if( zNew ){
+      assert( p->zText!=0 || p->nChar==0 );
+      if( !p->bMalloced && p->nChar>0 ) memcpy(zNew, p->zText, p->nChar);
+      p->zText = zNew;
+      p->nAlloc = sqlite3DbMallocSize(p->db, zNew);
+      p->bMalloced = 1;
+    }else{
+      sqlite3StrAccumReset(p);
+      setStrAccumError(p, STRACCUM_NOMEM);
+      return 0;
+    }
+  }
+  return N;
+}
+
+/*
+** Append N copies of character c to the given string buffer.
+*/
+SQLITE_PRIVATE void sqlite3AppendChar(StrAccum *p, int N, char c){
+  testcase( p->nChar + (i64)N > 0x7fffffff );
+  if( p->nChar+(i64)N >= p->nAlloc && (N = sqlite3StrAccumEnlarge(p, N))<=0 ){
+    return;
+  }
+  assert( (p->zText==p->zBase)==(p->bMalloced==0) );
+  while( (N--)>0 ) p->zText[p->nChar++] = c;
+}
+
+/*
+** The StrAccum "p" is not large enough to accept N new bytes of z[].
+** So enlarge if first, then do the append.
+**
+** This is a helper routine to sqlite3StrAccumAppend() that does special-case
+** work (enlarging the buffer) using tail recursion, so that the
+** sqlite3StrAccumAppend() routine can use fast calling semantics.
+*/
+static void SQLITE_NOINLINE enlargeAndAppend(StrAccum *p, const char *z, int N){
+  N = sqlite3StrAccumEnlarge(p, N);
+  if( N>0 ){
+    memcpy(&p->zText[p->nChar], z, N);
+    p->nChar += N;
+  }
+  assert( (p->zText==0 || p->zText==p->zBase)==(p->bMalloced==0) );
+}
+
+/*
+** Append N bytes of text from z to the StrAccum object.  Increase the
+** size of the memory allocation for StrAccum if necessary.
+*/
+SQLITE_PRIVATE void sqlite3StrAccumAppend(StrAccum *p, const char *z, int N){
+  assert( z!=0 || N==0 );
+  assert( p->zText!=0 || p->nChar==0 || p->accError );
+  assert( N>=0 );
+  assert( p->accError==0 || p->nAlloc==0 );
+  if( p->nChar+N >= p->nAlloc ){
+    enlargeAndAppend(p,z,N);
+  }else{
+    assert( p->zText );
+    p->nChar += N;
+    memcpy(&p->zText[p->nChar-N], z, N);
+  }
+}
+
+/*
+** Append the complete text of zero-terminated string z[] to the p string.
+*/
+SQLITE_PRIVATE void sqlite3StrAccumAppendAll(StrAccum *p, const char *z){
+  sqlite3StrAccumAppend(p, z, sqlite3Strlen30(z));
+}
+
+
+/*
+** Finish off a string by making sure it is zero-terminated.
+** Return a pointer to the resulting string.  Return a NULL
+** pointer if any kind of error was encountered.
+*/
+SQLITE_PRIVATE char *sqlite3StrAccumFinish(StrAccum *p){
+  if( p->zText ){
+    assert( (p->zText==p->zBase)==(p->bMalloced==0) );
+    p->zText[p->nChar] = 0;
+    if( p->mxAlloc>0 && p->bMalloced==0 ){
+      p->zText = sqlite3DbMallocRaw(p->db, p->nChar+1 );
+      if( p->zText ){
+        memcpy(p->zText, p->zBase, p->nChar+1);
+        p->bMalloced = 1;
+      }else{
+        setStrAccumError(p, STRACCUM_NOMEM);
+      }
+    }
+  }
+  return p->zText;
+}
+
+/*
+** Reset an StrAccum string.  Reclaim all malloced memory.
+*/
+SQLITE_PRIVATE void sqlite3StrAccumReset(StrAccum *p){
+  assert( (p->zText==0 || p->zText==p->zBase)==(p->bMalloced==0) );
+  if( p->bMalloced ){
+    sqlite3DbFree(p->db, p->zText);
+    p->bMalloced = 0;
+  }
+  p->zText = 0;
+}
+
+/*
+** Initialize a string accumulator.
+**
+** p:     The accumulator to be initialized.
+** db:    Pointer to a database connection.  May be NULL.  Lookaside
+**        memory is used if not NULL. db->mallocFailed is set appropriately
+**        when not NULL.
+** zBase: An initial buffer.  May be NULL in which case the initial buffer
+**        is malloced.
+** n:     Size of zBase in bytes.  If total space requirements never exceed
+**        n then no memory allocations ever occur.
+** mx:    Maximum number of bytes to accumulate.  If mx==0 then no memory
+**        allocations will ever occur.
+*/
+SQLITE_PRIVATE void sqlite3StrAccumInit(StrAccum *p, sqlite3 *db, char *zBase, int n, int mx){
+  p->zText = p->zBase = zBase;
+  p->db = db;
+  p->nChar = 0;
+  p->nAlloc = n;
+  p->mxAlloc = mx;
+  p->accError = 0;
+  p->bMalloced = 0;
+}
+
+/*
+** Print into memory obtained from sqliteMalloc().  Use the internal
+** %-conversion extensions.
+*/
+SQLITE_PRIVATE char *sqlite3VMPrintf(sqlite3 *db, const char *zFormat, va_list ap){
+  char *z;
+  char zBase[SQLITE_PRINT_BUF_SIZE];
+  StrAccum acc;
+  assert( db!=0 );
+  sqlite3StrAccumInit(&acc, db, zBase, sizeof(zBase),
+                      db->aLimit[SQLITE_LIMIT_LENGTH]);
+  sqlite3VXPrintf(&acc, SQLITE_PRINTF_INTERNAL, zFormat, ap);
+  z = sqlite3StrAccumFinish(&acc);
+  if( acc.accError==STRACCUM_NOMEM ){
+    db->mallocFailed = 1;
+  }
+  return z;
+}
+
+/*
+** Print into memory obtained from sqliteMalloc().  Use the internal
+** %-conversion extensions.
+*/
+SQLITE_PRIVATE char *sqlite3MPrintf(sqlite3 *db, const char *zFormat, ...){
+  va_list ap;
+  char *z;
+  va_start(ap, zFormat);
+  z = sqlite3VMPrintf(db, zFormat, ap);
+  va_end(ap);
+  return z;
+}
+
+/*
+** Print into memory obtained from sqlite3_malloc().  Omit the internal
+** %-conversion extensions.
+*/
+SQLITE_API char *SQLITE_STDCALL sqlite3_vmprintf(const char *zFormat, va_list ap){
+  char *z;
+  char zBase[SQLITE_PRINT_BUF_SIZE];
+  StrAccum acc;
+
+#ifdef SQLITE_ENABLE_API_ARMOR  
+  if( zFormat==0 ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize() ) return 0;
+#endif
+  sqlite3StrAccumInit(&acc, 0, zBase, sizeof(zBase), SQLITE_MAX_LENGTH);
+  sqlite3VXPrintf(&acc, 0, zFormat, ap);
+  z = sqlite3StrAccumFinish(&acc);
+  return z;
+}
+
+/*
+** Print into memory obtained from sqlite3_malloc()().  Omit the internal
+** %-conversion extensions.
+*/
+SQLITE_API char *SQLITE_CDECL sqlite3_mprintf(const char *zFormat, ...){
+  va_list ap;
+  char *z;
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize() ) return 0;
+#endif
+  va_start(ap, zFormat);
+  z = sqlite3_vmprintf(zFormat, ap);
+  va_end(ap);
+  return z;
+}
+
+/*
+** sqlite3_snprintf() works like snprintf() except that it ignores the
+** current locale settings.  This is important for SQLite because we
+** are not able to use a "," as the decimal point in place of "." as
+** specified by some locales.
+**
+** Oops:  The first two arguments of sqlite3_snprintf() are backwards
+** from the snprintf() standard.  Unfortunately, it is too late to change
+** this without breaking compatibility, so we just have to live with the
+** mistake.
+**
+** sqlite3_vsnprintf() is the varargs version.
+*/
+SQLITE_API char *SQLITE_STDCALL sqlite3_vsnprintf(int n, char *zBuf, const char *zFormat, va_list ap){
+  StrAccum acc;
+  if( n<=0 ) return zBuf;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( zBuf==0 || zFormat==0 ) {
+    (void)SQLITE_MISUSE_BKPT;
+    if( zBuf ) zBuf[0] = 0;
+    return zBuf;
+  }
+#endif
+  sqlite3StrAccumInit(&acc, 0, zBuf, n, 0);
+  sqlite3VXPrintf(&acc, 0, zFormat, ap);
+  return sqlite3StrAccumFinish(&acc);
+}
+SQLITE_API char *SQLITE_CDECL sqlite3_snprintf(int n, char *zBuf, const char *zFormat, ...){
+  char *z;
+  va_list ap;
+  va_start(ap,zFormat);
+  z = sqlite3_vsnprintf(n, zBuf, zFormat, ap);
+  va_end(ap);
+  return z;
+}
+
+/*
+** This is the routine that actually formats the sqlite3_log() message.
+** We house it in a separate routine from sqlite3_log() to avoid using
+** stack space on small-stack systems when logging is disabled.
+**
+** sqlite3_log() must render into a static buffer.  It cannot dynamically
+** allocate memory because it might be called while the memory allocator
+** mutex is held.
+**
+** sqlite3VXPrintf() might ask for *temporary* memory allocations for
+** certain format characters (%q) or for very large precisions or widths.
+** Care must be taken that any sqlite3_log() calls that occur while the
+** memory mutex is held do not use these mechanisms.
+*/
+static void renderLogMsg(int iErrCode, const char *zFormat, va_list ap){
+  StrAccum acc;                          /* String accumulator */
+  char zMsg[SQLITE_PRINT_BUF_SIZE*3];    /* Complete log message */
+
+  sqlite3StrAccumInit(&acc, 0, zMsg, sizeof(zMsg), 0);
+  sqlite3VXPrintf(&acc, 0, zFormat, ap);
+  sqlite3GlobalConfig.xLog(sqlite3GlobalConfig.pLogArg, iErrCode,
+                           sqlite3StrAccumFinish(&acc));
+}
+
+/*
+** Format and write a message to the log if logging is enabled.
+*/
+SQLITE_API void SQLITE_CDECL sqlite3_log(int iErrCode, const char *zFormat, ...){
+  va_list ap;                             /* Vararg list */
+  if( sqlite3GlobalConfig.xLog ){
+    va_start(ap, zFormat);
+    renderLogMsg(iErrCode, zFormat, ap);
+    va_end(ap);
+  }
+}
+
+#if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
+/*
+** A version of printf() that understands %lld.  Used for debugging.
+** The printf() built into some versions of windows does not understand %lld
+** and segfaults if you give it a long long int.
+*/
+SQLITE_PRIVATE void sqlite3DebugPrintf(const char *zFormat, ...){
+  va_list ap;
+  StrAccum acc;
+  char zBuf[500];
+  sqlite3StrAccumInit(&acc, 0, zBuf, sizeof(zBuf), 0);
+  va_start(ap,zFormat);
+  sqlite3VXPrintf(&acc, 0, zFormat, ap);
+  va_end(ap);
+  sqlite3StrAccumFinish(&acc);
+  fprintf(stdout,"%s", zBuf);
+  fflush(stdout);
+}
+#endif
+
+
+/*
+** variable-argument wrapper around sqlite3VXPrintf().  The bFlags argument
+** can contain the bit SQLITE_PRINTF_INTERNAL enable internal formats.
+*/
+SQLITE_PRIVATE void sqlite3XPrintf(StrAccum *p, u32 bFlags, const char *zFormat, ...){
+  va_list ap;
+  va_start(ap,zFormat);
+  sqlite3VXPrintf(p, bFlags, zFormat, ap);
+  va_end(ap);
+}
+
+/************** End of printf.c **********************************************/
+/************** Begin file treeview.c ****************************************/
+/*
+** 2015-06-08
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains C code to implement the TreeView debugging routines.
+** These routines print a parse tree to standard output for debugging and
+** analysis. 
+**
+** The interfaces in this file is only available when compiling
+** with SQLITE_DEBUG.
+*/
+/* #include "sqliteInt.h" */
+#ifdef SQLITE_DEBUG
+
+/*
+** Add a new subitem to the tree.  The moreToFollow flag indicates that this
+** is not the last item in the tree.
+*/
+static TreeView *sqlite3TreeViewPush(TreeView *p, u8 moreToFollow){
+  if( p==0 ){
+    p = sqlite3_malloc64( sizeof(*p) );
+    if( p==0 ) return 0;
+    memset(p, 0, sizeof(*p));
+  }else{
+    p->iLevel++;
+  }
+  assert( moreToFollow==0 || moreToFollow==1 );
+  if( p->iLevel<sizeof(p->bLine) ) p->bLine[p->iLevel] = moreToFollow;
+  return p;
+}
+
+/*
+** Finished with one layer of the tree
+*/
+static void sqlite3TreeViewPop(TreeView *p){
+  if( p==0 ) return;
+  p->iLevel--;
+  if( p->iLevel<0 ) sqlite3_free(p);
+}
+
+/*
+** Generate a single line of output for the tree, with a prefix that contains
+** all the appropriate tree lines
+*/
+static void sqlite3TreeViewLine(TreeView *p, const char *zFormat, ...){
+  va_list ap;
+  int i;
+  StrAccum acc;
+  char zBuf[500];
+  sqlite3StrAccumInit(&acc, 0, zBuf, sizeof(zBuf), 0);
+  if( p ){
+    for(i=0; i<p->iLevel && i<sizeof(p->bLine)-1; i++){
+      sqlite3StrAccumAppend(&acc, p->bLine[i] ? "|   " : "    ", 4);
+    }
+    sqlite3StrAccumAppend(&acc, p->bLine[i] ? "|-- " : "'-- ", 4);
+  }
+  va_start(ap, zFormat);
+  sqlite3VXPrintf(&acc, 0, zFormat, ap);
+  va_end(ap);
+  if( zBuf[acc.nChar-1]!='\n' ) sqlite3StrAccumAppend(&acc, "\n", 1);
+  sqlite3StrAccumFinish(&acc);
+  fprintf(stdout,"%s", zBuf);
+  fflush(stdout);
+}
+
+/*
+** Shorthand for starting a new tree item that consists of a single label
+*/
+static void sqlite3TreeViewItem(TreeView *p, const char *zLabel,u8 moreFollows){
+  p = sqlite3TreeViewPush(p, moreFollows);
+  sqlite3TreeViewLine(p, "%s", zLabel);
+}
+
+/*
+** Generate a human-readable description of a WITH clause.
+*/
+SQLITE_PRIVATE void sqlite3TreeViewWith(TreeView *pView, const With *pWith, u8 moreToFollow){
+  int i;
+  if( pWith==0 ) return;
+  if( pWith->nCte==0 ) return;
+  if( pWith->pOuter ){
+    sqlite3TreeViewLine(pView, "WITH (0x%p, pOuter=0x%p)",pWith,pWith->pOuter);
+  }else{
+    sqlite3TreeViewLine(pView, "WITH (0x%p)", pWith);
+  }
+  if( pWith->nCte>0 ){
+    pView = sqlite3TreeViewPush(pView, 1);
+    for(i=0; i<pWith->nCte; i++){
+      StrAccum x;
+      char zLine[1000];
+      const struct Cte *pCte = &pWith->a[i];
+      sqlite3StrAccumInit(&x, 0, zLine, sizeof(zLine), 0);
+      sqlite3XPrintf(&x, 0, "%s", pCte->zName);
+      if( pCte->pCols && pCte->pCols->nExpr>0 ){
+        char cSep = '(';
+        int j;
+        for(j=0; j<pCte->pCols->nExpr; j++){
+          sqlite3XPrintf(&x, 0, "%c%s", cSep, pCte->pCols->a[j].zName);
+          cSep = ',';
+        }
+        sqlite3XPrintf(&x, 0, ")");
+      }
+      sqlite3XPrintf(&x, 0, " AS");
+      sqlite3StrAccumFinish(&x);
+      sqlite3TreeViewItem(pView, zLine, i<pWith->nCte-1);
+      sqlite3TreeViewSelect(pView, pCte->pSelect, 0);
+      sqlite3TreeViewPop(pView);
+    }
+    sqlite3TreeViewPop(pView);
+  }
+}
+
+
+/*
+** Generate a human-readable description of a the Select object.
+*/
+SQLITE_PRIVATE void sqlite3TreeViewSelect(TreeView *pView, const Select *p, u8 moreToFollow){
+  int n = 0;
+  int cnt = 0;
+  pView = sqlite3TreeViewPush(pView, moreToFollow);
+  if( p->pWith ){
+    sqlite3TreeViewWith(pView, p->pWith, 1);
+    cnt = 1;
+    sqlite3TreeViewPush(pView, 1);
+  }
+  do{
+    sqlite3TreeViewLine(pView, "SELECT%s%s (0x%p) selFlags=0x%x",
+      ((p->selFlags & SF_Distinct) ? " DISTINCT" : ""),
+      ((p->selFlags & SF_Aggregate) ? " agg_flag" : ""), p, p->selFlags
+    );
+    if( cnt++ ) sqlite3TreeViewPop(pView);
+    if( p->pPrior ){
+      n = 1000;
+    }else{
+      n = 0;
+      if( p->pSrc && p->pSrc->nSrc ) n++;
+      if( p->pWhere ) n++;
+      if( p->pGroupBy ) n++;
+      if( p->pHaving ) n++;
+      if( p->pOrderBy ) n++;
+      if( p->pLimit ) n++;
+      if( p->pOffset ) n++;
+    }
+    sqlite3TreeViewExprList(pView, p->pEList, (n--)>0, "result-set");
+    if( p->pSrc && p->pSrc->nSrc ){
+      int i;
+      pView = sqlite3TreeViewPush(pView, (n--)>0);
+      sqlite3TreeViewLine(pView, "FROM");
+      for(i=0; i<p->pSrc->nSrc; i++){
+        struct SrcList_item *pItem = &p->pSrc->a[i];
+        StrAccum x;
+        char zLine[100];
+        sqlite3StrAccumInit(&x, 0, zLine, sizeof(zLine), 0);
+        sqlite3XPrintf(&x, 0, "{%d,*}", pItem->iCursor);
+        if( pItem->zDatabase ){
+          sqlite3XPrintf(&x, 0, " %s.%s", pItem->zDatabase, pItem->zName);
+        }else if( pItem->zName ){
+          sqlite3XPrintf(&x, 0, " %s", pItem->zName);
+        }
+        if( pItem->pTab ){
+          sqlite3XPrintf(&x, 0, " tabname=%Q", pItem->pTab->zName);
+        }
+        if( pItem->zAlias ){
+          sqlite3XPrintf(&x, 0, " (AS %s)", pItem->zAlias);
+        }
+        if( pItem->fg.jointype & JT_LEFT ){
+          sqlite3XPrintf(&x, 0, " LEFT-JOIN");
+        }
+        sqlite3StrAccumFinish(&x);
+        sqlite3TreeViewItem(pView, zLine, i<p->pSrc->nSrc-1); 
+        if( pItem->pSelect ){
+          sqlite3TreeViewSelect(pView, pItem->pSelect, 0);
+        }
+        if( pItem->fg.isTabFunc ){
+          sqlite3TreeViewExprList(pView, pItem->u1.pFuncArg, 0, "func-args:");
+        }
+        sqlite3TreeViewPop(pView);
+      }
+      sqlite3TreeViewPop(pView);
+    }
+    if( p->pWhere ){
+      sqlite3TreeViewItem(pView, "WHERE", (n--)>0);
+      sqlite3TreeViewExpr(pView, p->pWhere, 0);
+      sqlite3TreeViewPop(pView);
+    }
+    if( p->pGroupBy ){
+      sqlite3TreeViewExprList(pView, p->pGroupBy, (n--)>0, "GROUPBY");
+    }
+    if( p->pHaving ){
+      sqlite3TreeViewItem(pView, "HAVING", (n--)>0);
+      sqlite3TreeViewExpr(pView, p->pHaving, 0);
+      sqlite3TreeViewPop(pView);
+    }
+    if( p->pOrderBy ){
+      sqlite3TreeViewExprList(pView, p->pOrderBy, (n--)>0, "ORDERBY");
+    }
+    if( p->pLimit ){
+      sqlite3TreeViewItem(pView, "LIMIT", (n--)>0);
+      sqlite3TreeViewExpr(pView, p->pLimit, 0);
+      sqlite3TreeViewPop(pView);
+    }
+    if( p->pOffset ){
+      sqlite3TreeViewItem(pView, "OFFSET", (n--)>0);
+      sqlite3TreeViewExpr(pView, p->pOffset, 0);
+      sqlite3TreeViewPop(pView);
+    }
+    if( p->pPrior ){
+      const char *zOp = "UNION";
+      switch( p->op ){
+        case TK_ALL:         zOp = "UNION ALL";  break;
+        case TK_INTERSECT:   zOp = "INTERSECT";  break;
+        case TK_EXCEPT:      zOp = "EXCEPT";     break;
+      }
+      sqlite3TreeViewItem(pView, zOp, 1);
+    }
+    p = p->pPrior;
+  }while( p!=0 );
+  sqlite3TreeViewPop(pView);
+}
+
+/*
+** Generate a human-readable explanation of an expression tree.
+*/
+SQLITE_PRIVATE void sqlite3TreeViewExpr(TreeView *pView, const Expr *pExpr, u8 moreToFollow){
+  const char *zBinOp = 0;   /* Binary operator */
+  const char *zUniOp = 0;   /* Unary operator */
+  char zFlgs[30];
+  pView = sqlite3TreeViewPush(pView, moreToFollow);
+  if( pExpr==0 ){
+    sqlite3TreeViewLine(pView, "nil");
+    sqlite3TreeViewPop(pView);
+    return;
+  }
+  if( pExpr->flags ){
+    sqlite3_snprintf(sizeof(zFlgs),zFlgs,"  flags=0x%x",pExpr->flags);
+  }else{
+    zFlgs[0] = 0;
+  }
+  switch( pExpr->op ){
+    case TK_AGG_COLUMN: {
+      sqlite3TreeViewLine(pView, "AGG{%d:%d}%s",
+            pExpr->iTable, pExpr->iColumn, zFlgs);
+      break;
+    }
+    case TK_COLUMN: {
+      if( pExpr->iTable<0 ){
+        /* This only happens when coding check constraints */
+        sqlite3TreeViewLine(pView, "COLUMN(%d)%s", pExpr->iColumn, zFlgs);
+      }else{
+        sqlite3TreeViewLine(pView, "{%d:%d}%s",
+                             pExpr->iTable, pExpr->iColumn, zFlgs);
+      }
+      break;
+    }
+    case TK_INTEGER: {
+      if( pExpr->flags & EP_IntValue ){
+        sqlite3TreeViewLine(pView, "%d", pExpr->u.iValue);
+      }else{
+        sqlite3TreeViewLine(pView, "%s", pExpr->u.zToken);
+      }
+      break;
+    }
+#ifndef SQLITE_OMIT_FLOATING_POINT
+    case TK_FLOAT: {
+      sqlite3TreeViewLine(pView,"%s", pExpr->u.zToken);
+      break;
+    }
+#endif
+    case TK_STRING: {
+      sqlite3TreeViewLine(pView,"%Q", pExpr->u.zToken);
+      break;
+    }
+    case TK_NULL: {
+      sqlite3TreeViewLine(pView,"NULL");
+      break;
+    }
+#ifndef SQLITE_OMIT_BLOB_LITERAL
+    case TK_BLOB: {
+      sqlite3TreeViewLine(pView,"%s", pExpr->u.zToken);
+      break;
+    }
+#endif
+    case TK_VARIABLE: {
+      sqlite3TreeViewLine(pView,"VARIABLE(%s,%d)",
+                          pExpr->u.zToken, pExpr->iColumn);
+      break;
+    }
+    case TK_REGISTER: {
+      sqlite3TreeViewLine(pView,"REGISTER(%d)", pExpr->iTable);
+      break;
+    }
+    case TK_ID: {
+      sqlite3TreeViewLine(pView,"ID \"%w\"", pExpr->u.zToken);
+      break;
+    }
+#ifndef SQLITE_OMIT_CAST
+    case TK_CAST: {
+      /* Expressions of the form:   CAST(pLeft AS token) */
+      sqlite3TreeViewLine(pView,"CAST %Q", pExpr->u.zToken);
+      sqlite3TreeViewExpr(pView, pExpr->pLeft, 0);
+      break;
+    }
+#endif /* SQLITE_OMIT_CAST */
+    case TK_LT:      zBinOp = "LT";     break;
+    case TK_LE:      zBinOp = "LE";     break;
+    case TK_GT:      zBinOp = "GT";     break;
+    case TK_GE:      zBinOp = "GE";     break;
+    case TK_NE:      zBinOp = "NE";     break;
+    case TK_EQ:      zBinOp = "EQ";     break;
+    case TK_IS:      zBinOp = "IS";     break;
+    case TK_ISNOT:   zBinOp = "ISNOT";  break;
+    case TK_AND:     zBinOp = "AND";    break;
+    case TK_OR:      zBinOp = "OR";     break;
+    case TK_PLUS:    zBinOp = "ADD";    break;
+    case TK_STAR:    zBinOp = "MUL";    break;
+    case TK_MINUS:   zBinOp = "SUB";    break;
+    case TK_REM:     zBinOp = "REM";    break;
+    case TK_BITAND:  zBinOp = "BITAND"; break;
+    case TK_BITOR:   zBinOp = "BITOR";  break;
+    case TK_SLASH:   zBinOp = "DIV";    break;
+    case TK_LSHIFT:  zBinOp = "LSHIFT"; break;
+    case TK_RSHIFT:  zBinOp = "RSHIFT"; break;
+    case TK_CONCAT:  zBinOp = "CONCAT"; break;
+    case TK_DOT:     zBinOp = "DOT";    break;
+
+    case TK_UMINUS:  zUniOp = "UMINUS"; break;
+    case TK_UPLUS:   zUniOp = "UPLUS";  break;
+    case TK_BITNOT:  zUniOp = "BITNOT"; break;
+    case TK_NOT:     zUniOp = "NOT";    break;
+    case TK_ISNULL:  zUniOp = "ISNULL"; break;
+    case TK_NOTNULL: zUniOp = "NOTNULL"; break;
+
+    case TK_COLLATE: {
+      sqlite3TreeViewLine(pView, "COLLATE %Q", pExpr->u.zToken);
+      sqlite3TreeViewExpr(pView, pExpr->pLeft, 0);
+      break;
+    }
+
+    case TK_AGG_FUNCTION:
+    case TK_FUNCTION: {
+      ExprList *pFarg;       /* List of function arguments */
+      if( ExprHasProperty(pExpr, EP_TokenOnly) ){
+        pFarg = 0;
+      }else{
+        pFarg = pExpr->x.pList;
+      }
+      if( pExpr->op==TK_AGG_FUNCTION ){
+        sqlite3TreeViewLine(pView, "AGG_FUNCTION%d %Q",
+                             pExpr->op2, pExpr->u.zToken);
+      }else{
+        sqlite3TreeViewLine(pView, "FUNCTION %Q", pExpr->u.zToken);
+      }
+      if( pFarg ){
+        sqlite3TreeViewExprList(pView, pFarg, 0, 0);
+      }
+      break;
+    }
+#ifndef SQLITE_OMIT_SUBQUERY
+    case TK_EXISTS: {
+      sqlite3TreeViewLine(pView, "EXISTS-expr");
+      sqlite3TreeViewSelect(pView, pExpr->x.pSelect, 0);
+      break;
+    }
+    case TK_SELECT: {
+      sqlite3TreeViewLine(pView, "SELECT-expr");
+      sqlite3TreeViewSelect(pView, pExpr->x.pSelect, 0);
+      break;
+    }
+    case TK_IN: {
+      sqlite3TreeViewLine(pView, "IN");
+      sqlite3TreeViewExpr(pView, pExpr->pLeft, 1);
+      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+        sqlite3TreeViewSelect(pView, pExpr->x.pSelect, 0);
+      }else{
+        sqlite3TreeViewExprList(pView, pExpr->x.pList, 0, 0);
+      }
+      break;
+    }
+#endif /* SQLITE_OMIT_SUBQUERY */
+
+    /*
+    **    x BETWEEN y AND z
+    **
+    ** This is equivalent to
+    **
+    **    x>=y AND x<=z
+    **
+    ** X is stored in pExpr->pLeft.
+    ** Y is stored in pExpr->pList->a[0].pExpr.
+    ** Z is stored in pExpr->pList->a[1].pExpr.
+    */
+    case TK_BETWEEN: {
+      Expr *pX = pExpr->pLeft;
+      Expr *pY = pExpr->x.pList->a[0].pExpr;
+      Expr *pZ = pExpr->x.pList->a[1].pExpr;
+      sqlite3TreeViewLine(pView, "BETWEEN");
+      sqlite3TreeViewExpr(pView, pX, 1);
+      sqlite3TreeViewExpr(pView, pY, 1);
+      sqlite3TreeViewExpr(pView, pZ, 0);
+      break;
+    }
+    case TK_TRIGGER: {
+      /* If the opcode is TK_TRIGGER, then the expression is a reference
+      ** to a column in the new.* or old.* pseudo-tables available to
+      ** trigger programs. In this case Expr.iTable is set to 1 for the
+      ** new.* pseudo-table, or 0 for the old.* pseudo-table. Expr.iColumn
+      ** is set to the column of the pseudo-table to read, or to -1 to
+      ** read the rowid field.
+      */
+      sqlite3TreeViewLine(pView, "%s(%d)", 
+          pExpr->iTable ? "NEW" : "OLD", pExpr->iColumn);
+      break;
+    }
+    case TK_CASE: {
+      sqlite3TreeViewLine(pView, "CASE");
+      sqlite3TreeViewExpr(pView, pExpr->pLeft, 1);
+      sqlite3TreeViewExprList(pView, pExpr->x.pList, 0, 0);
+      break;
+    }
+#ifndef SQLITE_OMIT_TRIGGER
+    case TK_RAISE: {
+      const char *zType = "unk";
+      switch( pExpr->affinity ){
+        case OE_Rollback:   zType = "rollback";  break;
+        case OE_Abort:      zType = "abort";     break;
+        case OE_Fail:       zType = "fail";      break;
+        case OE_Ignore:     zType = "ignore";    break;
+      }
+      sqlite3TreeViewLine(pView, "RAISE %s(%Q)", zType, pExpr->u.zToken);
+      break;
+    }
+#endif
+    default: {
+      sqlite3TreeViewLine(pView, "op=%d", pExpr->op);
+      break;
+    }
+  }
+  if( zBinOp ){
+    sqlite3TreeViewLine(pView, "%s%s", zBinOp, zFlgs);
+    sqlite3TreeViewExpr(pView, pExpr->pLeft, 1);
+    sqlite3TreeViewExpr(pView, pExpr->pRight, 0);
+  }else if( zUniOp ){
+    sqlite3TreeViewLine(pView, "%s%s", zUniOp, zFlgs);
+    sqlite3TreeViewExpr(pView, pExpr->pLeft, 0);
+  }
+  sqlite3TreeViewPop(pView);
+}
+
+/*
+** Generate a human-readable explanation of an expression list.
+*/
+SQLITE_PRIVATE void sqlite3TreeViewExprList(
+  TreeView *pView,
+  const ExprList *pList,
+  u8 moreToFollow,
+  const char *zLabel
+){
+  int i;
+  pView = sqlite3TreeViewPush(pView, moreToFollow);
+  if( zLabel==0 || zLabel[0]==0 ) zLabel = "LIST";
+  if( pList==0 ){
+    sqlite3TreeViewLine(pView, "%s (empty)", zLabel);
+  }else{
+    sqlite3TreeViewLine(pView, "%s", zLabel);
+    for(i=0; i<pList->nExpr; i++){
+      int j = pList->a[i].u.x.iOrderByCol;
+      if( j ){
+        sqlite3TreeViewPush(pView, 0);
+        sqlite3TreeViewLine(pView, "iOrderByCol=%d", j);
+      }
+      sqlite3TreeViewExpr(pView, pList->a[i].pExpr, i<pList->nExpr-1);
+      if( j ) sqlite3TreeViewPop(pView);
+    }
+  }
+  sqlite3TreeViewPop(pView);
+}
+
+#endif /* SQLITE_DEBUG */
+
+/************** End of treeview.c ********************************************/
+/************** Begin file random.c ******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code to implement a pseudo-random number
+** generator (PRNG) for SQLite.
+**
+** Random numbers are used by some of the database backends in order
+** to generate random integer keys for tables or random filenames.
+*/
+/* #include "sqliteInt.h" */
+
+
+/* All threads share a single random number generator.
+** This structure is the current state of the generator.
+*/
+static SQLITE_WSD struct sqlite3PrngType {
+  unsigned char isInit;          /* True if initialized */
+  unsigned char i, j;            /* State variables */
+  unsigned char s[256];          /* State variables */
+} sqlite3Prng;
+
+/*
+** Return N random bytes.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_randomness(int N, void *pBuf){
+  unsigned char t;
+  unsigned char *zBuf = pBuf;
+
+  /* The "wsdPrng" macro will resolve to the pseudo-random number generator
+  ** state vector.  If writable static data is unsupported on the target,
+  ** we have to locate the state vector at run-time.  In the more common
+  ** case where writable static data is supported, wsdPrng can refer directly
+  ** to the "sqlite3Prng" state vector declared above.
+  */
+#ifdef SQLITE_OMIT_WSD
+  struct sqlite3PrngType *p = &GLOBAL(struct sqlite3PrngType, sqlite3Prng);
+# define wsdPrng p[0]
+#else
+# define wsdPrng sqlite3Prng
+#endif
+
+#if SQLITE_THREADSAFE
+  sqlite3_mutex *mutex;
+#endif
+
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize() ) return;
+#endif
+
+#if SQLITE_THREADSAFE
+  mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_PRNG);
+#endif
+
+  sqlite3_mutex_enter(mutex);
+  if( N<=0 || pBuf==0 ){
+    wsdPrng.isInit = 0;
+    sqlite3_mutex_leave(mutex);
+    return;
+  }
+
+  /* Initialize the state of the random number generator once,
+  ** the first time this routine is called.  The seed value does
+  ** not need to contain a lot of randomness since we are not
+  ** trying to do secure encryption or anything like that...
+  **
+  ** Nothing in this file or anywhere else in SQLite does any kind of
+  ** encryption.  The RC4 algorithm is being used as a PRNG (pseudo-random
+  ** number generator) not as an encryption device.
+  */
+  if( !wsdPrng.isInit ){
+    int i;
+    char k[256];
+    wsdPrng.j = 0;
+    wsdPrng.i = 0;
+    sqlite3OsRandomness(sqlite3_vfs_find(0), 256, k);
+    for(i=0; i<256; i++){
+      wsdPrng.s[i] = (u8)i;
+    }
+    for(i=0; i<256; i++){
+      wsdPrng.j += wsdPrng.s[i] + k[i];
+      t = wsdPrng.s[wsdPrng.j];
+      wsdPrng.s[wsdPrng.j] = wsdPrng.s[i];
+      wsdPrng.s[i] = t;
+    }
+    wsdPrng.isInit = 1;
+  }
+
+  assert( N>0 );
+  do{
+    wsdPrng.i++;
+    t = wsdPrng.s[wsdPrng.i];
+    wsdPrng.j += t;
+    wsdPrng.s[wsdPrng.i] = wsdPrng.s[wsdPrng.j];
+    wsdPrng.s[wsdPrng.j] = t;
+    t += wsdPrng.s[wsdPrng.i];
+    *(zBuf++) = wsdPrng.s[t];
+  }while( --N );
+  sqlite3_mutex_leave(mutex);
+}
+
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+/*
+** For testing purposes, we sometimes want to preserve the state of
+** PRNG and restore the PRNG to its saved state at a later time, or
+** to reset the PRNG to its initial state.  These routines accomplish
+** those tasks.
+**
+** The sqlite3_test_control() interface calls these routines to
+** control the PRNG.
+*/
+static SQLITE_WSD struct sqlite3PrngType sqlite3SavedPrng;
+SQLITE_PRIVATE void sqlite3PrngSaveState(void){
+  memcpy(
+    &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
+    &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
+    sizeof(sqlite3Prng)
+  );
+}
+SQLITE_PRIVATE void sqlite3PrngRestoreState(void){
+  memcpy(
+    &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
+    &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
+    sizeof(sqlite3Prng)
+  );
+}
+#endif /* SQLITE_OMIT_BUILTIN_TEST */
+
+/************** End of random.c **********************************************/
+/************** Begin file threads.c *****************************************/
+/*
+** 2012 July 21
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file presents a simple cross-platform threading interface for
+** use internally by SQLite.
+**
+** A "thread" can be created using sqlite3ThreadCreate().  This thread
+** runs independently of its creator until it is joined using
+** sqlite3ThreadJoin(), at which point it terminates.
+**
+** Threads do not have to be real.  It could be that the work of the
+** "thread" is done by the main thread at either the sqlite3ThreadCreate()
+** or sqlite3ThreadJoin() call.  This is, in fact, what happens in
+** single threaded systems.  Nothing in SQLite requires multiple threads.
+** This interface exists so that applications that want to take advantage
+** of multiple cores can do so, while also allowing applications to stay
+** single-threaded if desired.
+*/
+/* #include "sqliteInt.h" */
+#if SQLITE_OS_WIN
+/* #  include "os_win.h" */
+#endif
+
+#if SQLITE_MAX_WORKER_THREADS>0
+
+/********************************* Unix Pthreads ****************************/
+#if SQLITE_OS_UNIX && defined(SQLITE_MUTEX_PTHREADS) && SQLITE_THREADSAFE>0
+
+#define SQLITE_THREADS_IMPLEMENTED 1  /* Prevent the single-thread code below */
+/* #include <pthread.h> */
+
+/* A running thread */
+struct SQLiteThread {
+  pthread_t tid;                 /* Thread ID */
+  int done;                      /* Set to true when thread finishes */
+  void *pOut;                    /* Result returned by the thread */
+  void *(*xTask)(void*);         /* The thread routine */
+  void *pIn;                     /* Argument to the thread */
+};
+
+/* Create a new thread */
+SQLITE_PRIVATE int sqlite3ThreadCreate(
+  SQLiteThread **ppThread,  /* OUT: Write the thread object here */
+  void *(*xTask)(void*),    /* Routine to run in a separate thread */
+  void *pIn                 /* Argument passed into xTask() */
+){
+  SQLiteThread *p;
+  int rc;
+
+  assert( ppThread!=0 );
+  assert( xTask!=0 );
+  /* This routine is never used in single-threaded mode */
+  assert( sqlite3GlobalConfig.bCoreMutex!=0 );
+
+  *ppThread = 0;
+  p = sqlite3Malloc(sizeof(*p));
+  if( p==0 ) return SQLITE_NOMEM;
+  memset(p, 0, sizeof(*p));
+  p->xTask = xTask;
+  p->pIn = pIn;
+  /* If the SQLITE_TESTCTRL_FAULT_INSTALL callback is registered to a 
+  ** function that returns SQLITE_ERROR when passed the argument 200, that
+  ** forces worker threads to run sequentially and deterministically 
+  ** for testing purposes. */
+  if( sqlite3FaultSim(200) ){
+    rc = 1;
+  }else{    
+    rc = pthread_create(&p->tid, 0, xTask, pIn);
+  }
+  if( rc ){
+    p->done = 1;
+    p->pOut = xTask(pIn);
+  }
+  *ppThread = p;
+  return SQLITE_OK;
+}
+
+/* Get the results of the thread */
+SQLITE_PRIVATE int sqlite3ThreadJoin(SQLiteThread *p, void **ppOut){
+  int rc;
+
+  assert( ppOut!=0 );
+  if( NEVER(p==0) ) return SQLITE_NOMEM;
+  if( p->done ){
+    *ppOut = p->pOut;
+    rc = SQLITE_OK;
+  }else{
+    rc = pthread_join(p->tid, ppOut) ? SQLITE_ERROR : SQLITE_OK;
+  }
+  sqlite3_free(p);
+  return rc;
+}
+
+#endif /* SQLITE_OS_UNIX && defined(SQLITE_MUTEX_PTHREADS) */
+/******************************** End Unix Pthreads *************************/
+
+
+/********************************* Win32 Threads ****************************/
+#if SQLITE_OS_WIN_THREADS
+
+#define SQLITE_THREADS_IMPLEMENTED 1  /* Prevent the single-thread code below */
+#include <process.h>
+
+/* A running thread */
+struct SQLiteThread {
+  void *tid;               /* The thread handle */
+  unsigned id;             /* The thread identifier */
+  void *(*xTask)(void*);   /* The routine to run as a thread */
+  void *pIn;               /* Argument to xTask */
+  void *pResult;           /* Result of xTask */
+};
+
+/* Thread procedure Win32 compatibility shim */
+static unsigned __stdcall sqlite3ThreadProc(
+  void *pArg  /* IN: Pointer to the SQLiteThread structure */
+){
+  SQLiteThread *p = (SQLiteThread *)pArg;
+
+  assert( p!=0 );
+#if 0
+  /*
+  ** This assert appears to trigger spuriously on certain
+  ** versions of Windows, possibly due to _beginthreadex()
+  ** and/or CreateThread() not fully setting their thread
+  ** ID parameter before starting the thread.
+  */
+  assert( p->id==GetCurrentThreadId() );
+#endif
+  assert( p->xTask!=0 );
+  p->pResult = p->xTask(p->pIn);
+
+  _endthreadex(0);
+  return 0; /* NOT REACHED */
+}
+
+/* Create a new thread */
+SQLITE_PRIVATE int sqlite3ThreadCreate(
+  SQLiteThread **ppThread,  /* OUT: Write the thread object here */
+  void *(*xTask)(void*),    /* Routine to run in a separate thread */
+  void *pIn                 /* Argument passed into xTask() */
+){
+  SQLiteThread *p;
+
+  assert( ppThread!=0 );
+  assert( xTask!=0 );
+  *ppThread = 0;
+  p = sqlite3Malloc(sizeof(*p));
+  if( p==0 ) return SQLITE_NOMEM;
+  /* If the SQLITE_TESTCTRL_FAULT_INSTALL callback is registered to a 
+  ** function that returns SQLITE_ERROR when passed the argument 200, that
+  ** forces worker threads to run sequentially and deterministically 
+  ** (via the sqlite3FaultSim() term of the conditional) for testing
+  ** purposes. */
+  if( sqlite3GlobalConfig.bCoreMutex==0 || sqlite3FaultSim(200) ){
+    memset(p, 0, sizeof(*p));
+  }else{
+    p->xTask = xTask;
+    p->pIn = pIn;
+    p->tid = (void*)_beginthreadex(0, 0, sqlite3ThreadProc, p, 0, &p->id);
+    if( p->tid==0 ){
+      memset(p, 0, sizeof(*p));
+    }
+  }
+  if( p->xTask==0 ){
+    p->id = GetCurrentThreadId();
+    p->pResult = xTask(pIn);
+  }
+  *ppThread = p;
+  return SQLITE_OK;
+}
+
+SQLITE_PRIVATE DWORD sqlite3Win32Wait(HANDLE hObject); /* os_win.c */
+
+/* Get the results of the thread */
+SQLITE_PRIVATE int sqlite3ThreadJoin(SQLiteThread *p, void **ppOut){
+  DWORD rc;
+  BOOL bRc;
+
+  assert( ppOut!=0 );
+  if( NEVER(p==0) ) return SQLITE_NOMEM;
+  if( p->xTask==0 ){
+    /* assert( p->id==GetCurrentThreadId() ); */
+    rc = WAIT_OBJECT_0;
+    assert( p->tid==0 );
+  }else{
+    assert( p->id!=0 && p->id!=GetCurrentThreadId() );
+    rc = sqlite3Win32Wait((HANDLE)p->tid);
+    assert( rc!=WAIT_IO_COMPLETION );
+    bRc = CloseHandle((HANDLE)p->tid);
+    assert( bRc );
+  }
+  if( rc==WAIT_OBJECT_0 ) *ppOut = p->pResult;
+  sqlite3_free(p);
+  return (rc==WAIT_OBJECT_0) ? SQLITE_OK : SQLITE_ERROR;
+}
+
+#endif /* SQLITE_OS_WIN_THREADS */
+/******************************** End Win32 Threads *************************/
+
+
+/********************************* Single-Threaded **************************/
+#ifndef SQLITE_THREADS_IMPLEMENTED
+/*
+** This implementation does not actually create a new thread.  It does the
+** work of the thread in the main thread, when either the thread is created
+** or when it is joined
+*/
+
+/* A running thread */
+struct SQLiteThread {
+  void *(*xTask)(void*);   /* The routine to run as a thread */
+  void *pIn;               /* Argument to xTask */
+  void *pResult;           /* Result of xTask */
+};
+
+/* Create a new thread */
+SQLITE_PRIVATE int sqlite3ThreadCreate(
+  SQLiteThread **ppThread,  /* OUT: Write the thread object here */
+  void *(*xTask)(void*),    /* Routine to run in a separate thread */
+  void *pIn                 /* Argument passed into xTask() */
+){
+  SQLiteThread *p;
+
+  assert( ppThread!=0 );
+  assert( xTask!=0 );
+  *ppThread = 0;
+  p = sqlite3Malloc(sizeof(*p));
+  if( p==0 ) return SQLITE_NOMEM;
+  if( (SQLITE_PTR_TO_INT(p)/17)&1 ){
+    p->xTask = xTask;
+    p->pIn = pIn;
+  }else{
+    p->xTask = 0;
+    p->pResult = xTask(pIn);
+  }
+  *ppThread = p;
+  return SQLITE_OK;
+}
+
+/* Get the results of the thread */
+SQLITE_PRIVATE int sqlite3ThreadJoin(SQLiteThread *p, void **ppOut){
+
+  assert( ppOut!=0 );
+  if( NEVER(p==0) ) return SQLITE_NOMEM;
+  if( p->xTask ){
+    *ppOut = p->xTask(p->pIn);
+  }else{
+    *ppOut = p->pResult;
+  }
+  sqlite3_free(p);
+
+#if defined(SQLITE_TEST)
+  {
+    void *pTstAlloc = sqlite3Malloc(10);
+    if (!pTstAlloc) return SQLITE_NOMEM;
+    sqlite3_free(pTstAlloc);
+  }
+#endif
+
+  return SQLITE_OK;
+}
+
+#endif /* !defined(SQLITE_THREADS_IMPLEMENTED) */
+/****************************** End Single-Threaded *************************/
+#endif /* SQLITE_MAX_WORKER_THREADS>0 */
+
+/************** End of threads.c *********************************************/
+/************** Begin file utf.c *********************************************/
+/*
+** 2004 April 13
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains routines used to translate between UTF-8, 
+** UTF-16, UTF-16BE, and UTF-16LE.
+**
+** Notes on UTF-8:
+**
+**   Byte-0    Byte-1    Byte-2    Byte-3    Value
+**  0xxxxxxx                                 00000000 00000000 0xxxxxxx
+**  110yyyyy  10xxxxxx                       00000000 00000yyy yyxxxxxx
+**  1110zzzz  10yyyyyy  10xxxxxx             00000000 zzzzyyyy yyxxxxxx
+**  11110uuu  10uuzzzz  10yyyyyy  10xxxxxx   000uuuuu zzzzyyyy yyxxxxxx
+**
+**
+** Notes on UTF-16:  (with wwww+1==uuuuu)
+**
+**      Word-0               Word-1          Value
+**  110110ww wwzzzzyy   110111yy yyxxxxxx    000uuuuu zzzzyyyy yyxxxxxx
+**  zzzzyyyy yyxxxxxx                        00000000 zzzzyyyy yyxxxxxx
+**
+**
+** BOM or Byte Order Mark:
+**     0xff 0xfe   little-endian utf-16 follows
+**     0xfe 0xff   big-endian utf-16 follows
+**
+*/
+/* #include "sqliteInt.h" */
+/* #include <assert.h> */
+/* #include "vdbeInt.h" */
+
+#if !defined(SQLITE_AMALGAMATION) && SQLITE_BYTEORDER==0
+/*
+** The following constant value is used by the SQLITE_BIGENDIAN and
+** SQLITE_LITTLEENDIAN macros.
+*/
+SQLITE_PRIVATE const int sqlite3one = 1;
+#endif /* SQLITE_AMALGAMATION && SQLITE_BYTEORDER==0 */
+
+/*
+** This lookup table is used to help decode the first byte of
+** a multi-byte UTF8 character.
+*/
+static const unsigned char sqlite3Utf8Trans1[] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x00, 0x01, 0x02, 0x03, 0x00, 0x01, 0x00, 0x00,
+};
+
+
+#define WRITE_UTF8(zOut, c) {                          \
+  if( c<0x00080 ){                                     \
+    *zOut++ = (u8)(c&0xFF);                            \
+  }                                                    \
+  else if( c<0x00800 ){                                \
+    *zOut++ = 0xC0 + (u8)((c>>6)&0x1F);                \
+    *zOut++ = 0x80 + (u8)(c & 0x3F);                   \
+  }                                                    \
+  else if( c<0x10000 ){                                \
+    *zOut++ = 0xE0 + (u8)((c>>12)&0x0F);               \
+    *zOut++ = 0x80 + (u8)((c>>6) & 0x3F);              \
+    *zOut++ = 0x80 + (u8)(c & 0x3F);                   \
+  }else{                                               \
+    *zOut++ = 0xF0 + (u8)((c>>18) & 0x07);             \
+    *zOut++ = 0x80 + (u8)((c>>12) & 0x3F);             \
+    *zOut++ = 0x80 + (u8)((c>>6) & 0x3F);              \
+    *zOut++ = 0x80 + (u8)(c & 0x3F);                   \
+  }                                                    \
+}
+
+#define WRITE_UTF16LE(zOut, c) {                                    \
+  if( c<=0xFFFF ){                                                  \
+    *zOut++ = (u8)(c&0x00FF);                                       \
+    *zOut++ = (u8)((c>>8)&0x00FF);                                  \
+  }else{                                                            \
+    *zOut++ = (u8)(((c>>10)&0x003F) + (((c-0x10000)>>10)&0x00C0));  \
+    *zOut++ = (u8)(0x00D8 + (((c-0x10000)>>18)&0x03));              \
+    *zOut++ = (u8)(c&0x00FF);                                       \
+    *zOut++ = (u8)(0x00DC + ((c>>8)&0x03));                         \
+  }                                                                 \
+}
+
+#define WRITE_UTF16BE(zOut, c) {                                    \
+  if( c<=0xFFFF ){                                                  \
+    *zOut++ = (u8)((c>>8)&0x00FF);                                  \
+    *zOut++ = (u8)(c&0x00FF);                                       \
+  }else{                                                            \
+    *zOut++ = (u8)(0x00D8 + (((c-0x10000)>>18)&0x03));              \
+    *zOut++ = (u8)(((c>>10)&0x003F) + (((c-0x10000)>>10)&0x00C0));  \
+    *zOut++ = (u8)(0x00DC + ((c>>8)&0x03));                         \
+    *zOut++ = (u8)(c&0x00FF);                                       \
+  }                                                                 \
+}
+
+#define READ_UTF16LE(zIn, TERM, c){                                   \
+  c = (*zIn++);                                                       \
+  c += ((*zIn++)<<8);                                                 \
+  if( c>=0xD800 && c<0xE000 && TERM ){                                \
+    int c2 = (*zIn++);                                                \
+    c2 += ((*zIn++)<<8);                                              \
+    c = (c2&0x03FF) + ((c&0x003F)<<10) + (((c&0x03C0)+0x0040)<<10);   \
+  }                                                                   \
+}
+
+#define READ_UTF16BE(zIn, TERM, c){                                   \
+  c = ((*zIn++)<<8);                                                  \
+  c += (*zIn++);                                                      \
+  if( c>=0xD800 && c<0xE000 && TERM ){                                \
+    int c2 = ((*zIn++)<<8);                                           \
+    c2 += (*zIn++);                                                   \
+    c = (c2&0x03FF) + ((c&0x003F)<<10) + (((c&0x03C0)+0x0040)<<10);   \
+  }                                                                   \
+}
+
+/*
+** Translate a single UTF-8 character.  Return the unicode value.
+**
+** During translation, assume that the byte that zTerm points
+** is a 0x00.
+**
+** Write a pointer to the next unread byte back into *pzNext.
+**
+** Notes On Invalid UTF-8:
+**
+**  *  This routine never allows a 7-bit character (0x00 through 0x7f) to
+**     be encoded as a multi-byte character.  Any multi-byte character that
+**     attempts to encode a value between 0x00 and 0x7f is rendered as 0xfffd.
+**
+**  *  This routine never allows a UTF16 surrogate value to be encoded.
+**     If a multi-byte character attempts to encode a value between
+**     0xd800 and 0xe000 then it is rendered as 0xfffd.
+**
+**  *  Bytes in the range of 0x80 through 0xbf which occur as the first
+**     byte of a character are interpreted as single-byte characters
+**     and rendered as themselves even though they are technically
+**     invalid characters.
+**
+**  *  This routine accepts over-length UTF8 encodings
+**     for unicode values 0x80 and greater.  It does not change over-length
+**     encodings to 0xfffd as some systems recommend.
+*/
+#define READ_UTF8(zIn, zTerm, c)                           \
+  c = *(zIn++);                                            \
+  if( c>=0xc0 ){                                           \
+    c = sqlite3Utf8Trans1[c-0xc0];                         \
+    while( zIn!=zTerm && (*zIn & 0xc0)==0x80 ){            \
+      c = (c<<6) + (0x3f & *(zIn++));                      \
+    }                                                      \
+    if( c<0x80                                             \
+        || (c&0xFFFFF800)==0xD800                          \
+        || (c&0xFFFFFFFE)==0xFFFE ){  c = 0xFFFD; }        \
+  }
+SQLITE_PRIVATE u32 sqlite3Utf8Read(
+  const unsigned char **pz    /* Pointer to string from which to read char */
+){
+  unsigned int c;
+
+  /* Same as READ_UTF8() above but without the zTerm parameter.
+  ** For this routine, we assume the UTF8 string is always zero-terminated.
+  */
+  c = *((*pz)++);
+  if( c>=0xc0 ){
+    c = sqlite3Utf8Trans1[c-0xc0];
+    while( (*(*pz) & 0xc0)==0x80 ){
+      c = (c<<6) + (0x3f & *((*pz)++));
+    }
+    if( c<0x80
+        || (c&0xFFFFF800)==0xD800
+        || (c&0xFFFFFFFE)==0xFFFE ){  c = 0xFFFD; }
+  }
+  return c;
+}
+
+
+
+
+/*
+** If the TRANSLATE_TRACE macro is defined, the value of each Mem is
+** printed on stderr on the way into and out of sqlite3VdbeMemTranslate().
+*/ 
+/* #define TRANSLATE_TRACE 1 */
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** This routine transforms the internal text encoding used by pMem to
+** desiredEnc. It is an error if the string is already of the desired
+** encoding, or if *pMem does not contain a string value.
+*/
+SQLITE_PRIVATE SQLITE_NOINLINE int sqlite3VdbeMemTranslate(Mem *pMem, u8 desiredEnc){
+  int len;                    /* Maximum length of output string in bytes */
+  unsigned char *zOut;                  /* Output buffer */
+  unsigned char *zIn;                   /* Input iterator */
+  unsigned char *zTerm;                 /* End of input */
+  unsigned char *z;                     /* Output iterator */
+  unsigned int c;
+
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( pMem->flags&MEM_Str );
+  assert( pMem->enc!=desiredEnc );
+  assert( pMem->enc!=0 );
+  assert( pMem->n>=0 );
+
+#if defined(TRANSLATE_TRACE) && defined(SQLITE_DEBUG)
+  {
+    char zBuf[100];
+    sqlite3VdbeMemPrettyPrint(pMem, zBuf);
+    fprintf(stderr, "INPUT:  %s\n", zBuf);
+  }
+#endif
+
+  /* If the translation is between UTF-16 little and big endian, then 
+  ** all that is required is to swap the byte order. This case is handled
+  ** differently from the others.
+  */
+  if( pMem->enc!=SQLITE_UTF8 && desiredEnc!=SQLITE_UTF8 ){
+    u8 temp;
+    int rc;
+    rc = sqlite3VdbeMemMakeWriteable(pMem);
+    if( rc!=SQLITE_OK ){
+      assert( rc==SQLITE_NOMEM );
+      return SQLITE_NOMEM;
+    }
+    zIn = (u8*)pMem->z;
+    zTerm = &zIn[pMem->n&~1];
+    while( zIn<zTerm ){
+      temp = *zIn;
+      *zIn = *(zIn+1);
+      zIn++;
+      *zIn++ = temp;
+    }
+    pMem->enc = desiredEnc;
+    goto translate_out;
+  }
+
+  /* Set len to the maximum number of bytes required in the output buffer. */
+  if( desiredEnc==SQLITE_UTF8 ){
+    /* When converting from UTF-16, the maximum growth results from
+    ** translating a 2-byte character to a 4-byte UTF-8 character.
+    ** A single byte is required for the output string
+    ** nul-terminator.
+    */
+    pMem->n &= ~1;
+    len = pMem->n * 2 + 1;
+  }else{
+    /* When converting from UTF-8 to UTF-16 the maximum growth is caused
+    ** when a 1-byte UTF-8 character is translated into a 2-byte UTF-16
+    ** character. Two bytes are required in the output buffer for the
+    ** nul-terminator.
+    */
+    len = pMem->n * 2 + 2;
+  }
+
+  /* Set zIn to point at the start of the input buffer and zTerm to point 1
+  ** byte past the end.
+  **
+  ** Variable zOut is set to point at the output buffer, space obtained
+  ** from sqlite3_malloc().
+  */
+  zIn = (u8*)pMem->z;
+  zTerm = &zIn[pMem->n];
+  zOut = sqlite3DbMallocRaw(pMem->db, len);
+  if( !zOut ){
+    return SQLITE_NOMEM;
+  }
+  z = zOut;
+
+  if( pMem->enc==SQLITE_UTF8 ){
+    if( desiredEnc==SQLITE_UTF16LE ){
+      /* UTF-8 -> UTF-16 Little-endian */
+      while( zIn<zTerm ){
+        READ_UTF8(zIn, zTerm, c);
+        WRITE_UTF16LE(z, c);
+      }
+    }else{
+      assert( desiredEnc==SQLITE_UTF16BE );
+      /* UTF-8 -> UTF-16 Big-endian */
+      while( zIn<zTerm ){
+        READ_UTF8(zIn, zTerm, c);
+        WRITE_UTF16BE(z, c);
+      }
+    }
+    pMem->n = (int)(z - zOut);
+    *z++ = 0;
+  }else{
+    assert( desiredEnc==SQLITE_UTF8 );
+    if( pMem->enc==SQLITE_UTF16LE ){
+      /* UTF-16 Little-endian -> UTF-8 */
+      while( zIn<zTerm ){
+        READ_UTF16LE(zIn, zIn<zTerm, c); 
+        WRITE_UTF8(z, c);
+      }
+    }else{
+      /* UTF-16 Big-endian -> UTF-8 */
+      while( zIn<zTerm ){
+        READ_UTF16BE(zIn, zIn<zTerm, c); 
+        WRITE_UTF8(z, c);
+      }
+    }
+    pMem->n = (int)(z - zOut);
+  }
+  *z = 0;
+  assert( (pMem->n+(desiredEnc==SQLITE_UTF8?1:2))<=len );
+
+  c = pMem->flags;
+  sqlite3VdbeMemRelease(pMem);
+  pMem->flags = MEM_Str|MEM_Term|(c&MEM_AffMask);
+  pMem->enc = desiredEnc;
+  pMem->z = (char*)zOut;
+  pMem->zMalloc = pMem->z;
+  pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->z);
+
+translate_out:
+#if defined(TRANSLATE_TRACE) && defined(SQLITE_DEBUG)
+  {
+    char zBuf[100];
+    sqlite3VdbeMemPrettyPrint(pMem, zBuf);
+    fprintf(stderr, "OUTPUT: %s\n", zBuf);
+  }
+#endif
+  return SQLITE_OK;
+}
+
+/*
+** This routine checks for a byte-order mark at the beginning of the 
+** UTF-16 string stored in *pMem. If one is present, it is removed and
+** the encoding of the Mem adjusted. This routine does not do any
+** byte-swapping, it just sets Mem.enc appropriately.
+**
+** The allocation (static, dynamic etc.) and encoding of the Mem may be
+** changed by this function.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemHandleBom(Mem *pMem){
+  int rc = SQLITE_OK;
+  u8 bom = 0;
+
+  assert( pMem->n>=0 );
+  if( pMem->n>1 ){
+    u8 b1 = *(u8 *)pMem->z;
+    u8 b2 = *(((u8 *)pMem->z) + 1);
+    if( b1==0xFE && b2==0xFF ){
+      bom = SQLITE_UTF16BE;
+    }
+    if( b1==0xFF && b2==0xFE ){
+      bom = SQLITE_UTF16LE;
+    }
+  }
+  
+  if( bom ){
+    rc = sqlite3VdbeMemMakeWriteable(pMem);
+    if( rc==SQLITE_OK ){
+      pMem->n -= 2;
+      memmove(pMem->z, &pMem->z[2], pMem->n);
+      pMem->z[pMem->n] = '\0';
+      pMem->z[pMem->n+1] = '\0';
+      pMem->flags |= MEM_Term;
+      pMem->enc = bom;
+    }
+  }
+  return rc;
+}
+#endif /* SQLITE_OMIT_UTF16 */
+
+/*
+** pZ is a UTF-8 encoded unicode string. If nByte is less than zero,
+** return the number of unicode characters in pZ up to (but not including)
+** the first 0x00 byte. If nByte is not less than zero, return the
+** number of unicode characters in the first nByte of pZ (or up to 
+** the first 0x00, whichever comes first).
+*/
+SQLITE_PRIVATE int sqlite3Utf8CharLen(const char *zIn, int nByte){
+  int r = 0;
+  const u8 *z = (const u8*)zIn;
+  const u8 *zTerm;
+  if( nByte>=0 ){
+    zTerm = &z[nByte];
+  }else{
+    zTerm = (const u8*)(-1);
+  }
+  assert( z<=zTerm );
+  while( *z!=0 && z<zTerm ){
+    SQLITE_SKIP_UTF8(z);
+    r++;
+  }
+  return r;
+}
+
+/* This test function is not currently used by the automated test-suite. 
+** Hence it is only available in debug builds.
+*/
+#if defined(SQLITE_TEST) && defined(SQLITE_DEBUG)
+/*
+** Translate UTF-8 to UTF-8.
+**
+** This has the effect of making sure that the string is well-formed
+** UTF-8.  Miscoded characters are removed.
+**
+** The translation is done in-place and aborted if the output
+** overruns the input.
+*/
+SQLITE_PRIVATE int sqlite3Utf8To8(unsigned char *zIn){
+  unsigned char *zOut = zIn;
+  unsigned char *zStart = zIn;
+  u32 c;
+
+  while( zIn[0] && zOut<=zIn ){
+    c = sqlite3Utf8Read((const u8**)&zIn);
+    if( c!=0xfffd ){
+      WRITE_UTF8(zOut, c);
+    }
+  }
+  *zOut = 0;
+  return (int)(zOut - zStart);
+}
+#endif
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** Convert a UTF-16 string in the native encoding into a UTF-8 string.
+** Memory to hold the UTF-8 string is obtained from sqlite3_malloc and must
+** be freed by the calling function.
+**
+** NULL is returned if there is an allocation error.
+*/
+SQLITE_PRIVATE char *sqlite3Utf16to8(sqlite3 *db, const void *z, int nByte, u8 enc){
+  Mem m;
+  memset(&m, 0, sizeof(m));
+  m.db = db;
+  sqlite3VdbeMemSetStr(&m, z, nByte, enc, SQLITE_STATIC);
+  sqlite3VdbeChangeEncoding(&m, SQLITE_UTF8);
+  if( db->mallocFailed ){
+    sqlite3VdbeMemRelease(&m);
+    m.z = 0;
+  }
+  assert( (m.flags & MEM_Term)!=0 || db->mallocFailed );
+  assert( (m.flags & MEM_Str)!=0 || db->mallocFailed );
+  assert( m.z || db->mallocFailed );
+  return m.z;
+}
+
+/*
+** zIn is a UTF-16 encoded unicode string at least nChar characters long.
+** Return the number of bytes in the first nChar unicode characters
+** in pZ.  nChar must be non-negative.
+*/
+SQLITE_PRIVATE int sqlite3Utf16ByteLen(const void *zIn, int nChar){
+  int c;
+  unsigned char const *z = zIn;
+  int n = 0;
+  
+  if( SQLITE_UTF16NATIVE==SQLITE_UTF16BE ){
+    while( n<nChar ){
+      READ_UTF16BE(z, 1, c);
+      n++;
+    }
+  }else{
+    while( n<nChar ){
+      READ_UTF16LE(z, 1, c);
+      n++;
+    }
+  }
+  return (int)(z-(unsigned char const *)zIn);
+}
+
+#if defined(SQLITE_TEST)
+/*
+** This routine is called from the TCL test function "translate_selftest".
+** It checks that the primitives for serializing and deserializing
+** characters in each encoding are inverses of each other.
+*/
+SQLITE_PRIVATE void sqlite3UtfSelfTest(void){
+  unsigned int i, t;
+  unsigned char zBuf[20];
+  unsigned char *z;
+  int n;
+  unsigned int c;
+
+  for(i=0; i<0x00110000; i++){
+    z = zBuf;
+    WRITE_UTF8(z, i);
+    n = (int)(z-zBuf);
+    assert( n>0 && n<=4 );
+    z[0] = 0;
+    z = zBuf;
+    c = sqlite3Utf8Read((const u8**)&z);
+    t = i;
+    if( i>=0xD800 && i<=0xDFFF ) t = 0xFFFD;
+    if( (i&0xFFFFFFFE)==0xFFFE ) t = 0xFFFD;
+    assert( c==t );
+    assert( (z-zBuf)==n );
+  }
+  for(i=0; i<0x00110000; i++){
+    if( i>=0xD800 && i<0xE000 ) continue;
+    z = zBuf;
+    WRITE_UTF16LE(z, i);
+    n = (int)(z-zBuf);
+    assert( n>0 && n<=4 );
+    z[0] = 0;
+    z = zBuf;
+    READ_UTF16LE(z, 1, c);
+    assert( c==i );
+    assert( (z-zBuf)==n );
+  }
+  for(i=0; i<0x00110000; i++){
+    if( i>=0xD800 && i<0xE000 ) continue;
+    z = zBuf;
+    WRITE_UTF16BE(z, i);
+    n = (int)(z-zBuf);
+    assert( n>0 && n<=4 );
+    z[0] = 0;
+    z = zBuf;
+    READ_UTF16BE(z, 1, c);
+    assert( c==i );
+    assert( (z-zBuf)==n );
+  }
+}
+#endif /* SQLITE_TEST */
+#endif /* SQLITE_OMIT_UTF16 */
+
+/************** End of utf.c *************************************************/
+/************** Begin file util.c ********************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Utility functions used throughout sqlite.
+**
+** This file contains functions for allocating memory, comparing
+** strings, and stuff like that.
+**
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdarg.h> */
+#if HAVE_ISNAN || SQLITE_HAVE_ISNAN
+# include <math.h>
+#endif
+
+/*
+** Routine needed to support the testcase() macro.
+*/
+#ifdef SQLITE_COVERAGE_TEST
+SQLITE_PRIVATE void sqlite3Coverage(int x){
+  static unsigned dummy = 0;
+  dummy += (unsigned)x;
+}
+#endif
+
+/*
+** Give a callback to the test harness that can be used to simulate faults
+** in places where it is difficult or expensive to do so purely by means
+** of inputs.
+**
+** The intent of the integer argument is to let the fault simulator know
+** which of multiple sqlite3FaultSim() calls has been hit.
+**
+** Return whatever integer value the test callback returns, or return
+** SQLITE_OK if no test callback is installed.
+*/
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+SQLITE_PRIVATE int sqlite3FaultSim(int iTest){
+  int (*xCallback)(int) = sqlite3GlobalConfig.xTestCallback;
+  return xCallback ? xCallback(iTest) : SQLITE_OK;
+}
+#endif
+
+#ifndef SQLITE_OMIT_FLOATING_POINT
+/*
+** Return true if the floating point value is Not a Number (NaN).
+**
+** Use the math library isnan() function if compiled with SQLITE_HAVE_ISNAN.
+** Otherwise, we have our own implementation that works on most systems.
+*/
+SQLITE_PRIVATE int sqlite3IsNaN(double x){
+  int rc;   /* The value return */
+#if !SQLITE_HAVE_ISNAN && !HAVE_ISNAN
+  /*
+  ** Systems that support the isnan() library function should probably
+  ** make use of it by compiling with -DSQLITE_HAVE_ISNAN.  But we have
+  ** found that many systems do not have a working isnan() function so
+  ** this implementation is provided as an alternative.
+  **
+  ** This NaN test sometimes fails if compiled on GCC with -ffast-math.
+  ** On the other hand, the use of -ffast-math comes with the following
+  ** warning:
+  **
+  **      This option [-ffast-math] should never be turned on by any
+  **      -O option since it can result in incorrect output for programs
+  **      which depend on an exact implementation of IEEE or ISO 
+  **      rules/specifications for math functions.
+  **
+  ** Under MSVC, this NaN test may fail if compiled with a floating-
+  ** point precision mode other than /fp:precise.  From the MSDN 
+  ** documentation:
+  **
+  **      The compiler [with /fp:precise] will properly handle comparisons 
+  **      involving NaN. For example, x != x evaluates to true if x is NaN 
+  **      ...
+  */
+#ifdef __FAST_MATH__
+# error SQLite will not work correctly with the -ffast-math option of GCC.
+#endif
+  volatile double y = x;
+  volatile double z = y;
+  rc = (y!=z);
+#else  /* if HAVE_ISNAN */
+  rc = isnan(x);
+#endif /* HAVE_ISNAN */
+  testcase( rc );
+  return rc;
+}
+#endif /* SQLITE_OMIT_FLOATING_POINT */
+
+/*
+** Compute a string length that is limited to what can be stored in
+** lower 30 bits of a 32-bit signed integer.
+**
+** The value returned will never be negative.  Nor will it ever be greater
+** than the actual length of the string.  For very long strings (greater
+** than 1GiB) the value returned might be less than the true string length.
+*/
+SQLITE_PRIVATE int sqlite3Strlen30(const char *z){
+  if( z==0 ) return 0;
+  return 0x3fffffff & (int)strlen(z);
+}
+
+/*
+** Set the current error code to err_code and clear any prior error message.
+*/
+SQLITE_PRIVATE void sqlite3Error(sqlite3 *db, int err_code){
+  assert( db!=0 );
+  db->errCode = err_code;
+  if( db->pErr ) sqlite3ValueSetNull(db->pErr);
+}
+
+/*
+** Set the most recent error code and error string for the sqlite
+** handle "db". The error code is set to "err_code".
+**
+** If it is not NULL, string zFormat specifies the format of the
+** error string in the style of the printf functions: The following
+** format characters are allowed:
+**
+**      %s      Insert a string
+**      %z      A string that should be freed after use
+**      %d      Insert an integer
+**      %T      Insert a token
+**      %S      Insert the first element of a SrcList
+**
+** zFormat and any string tokens that follow it are assumed to be
+** encoded in UTF-8.
+**
+** To clear the most recent error for sqlite handle "db", sqlite3Error
+** should be called with err_code set to SQLITE_OK and zFormat set
+** to NULL.
+*/
+SQLITE_PRIVATE void sqlite3ErrorWithMsg(sqlite3 *db, int err_code, const char *zFormat, ...){
+  assert( db!=0 );
+  db->errCode = err_code;
+  if( zFormat==0 ){
+    sqlite3Error(db, err_code);
+  }else if( db->pErr || (db->pErr = sqlite3ValueNew(db))!=0 ){
+    char *z;
+    va_list ap;
+    va_start(ap, zFormat);
+    z = sqlite3VMPrintf(db, zFormat, ap);
+    va_end(ap);
+    sqlite3ValueSetStr(db->pErr, -1, z, SQLITE_UTF8, SQLITE_DYNAMIC);
+  }
+}
+
+/*
+** Add an error message to pParse->zErrMsg and increment pParse->nErr.
+** The following formatting characters are allowed:
+**
+**      %s      Insert a string
+**      %z      A string that should be freed after use
+**      %d      Insert an integer
+**      %T      Insert a token
+**      %S      Insert the first element of a SrcList
+**
+** This function should be used to report any error that occurs while
+** compiling an SQL statement (i.e. within sqlite3_prepare()). The
+** last thing the sqlite3_prepare() function does is copy the error
+** stored by this function into the database handle using sqlite3Error().
+** Functions sqlite3Error() or sqlite3ErrorWithMsg() should be used
+** during statement execution (sqlite3_step() etc.).
+*/
+SQLITE_PRIVATE void sqlite3ErrorMsg(Parse *pParse, const char *zFormat, ...){
+  char *zMsg;
+  va_list ap;
+  sqlite3 *db = pParse->db;
+  va_start(ap, zFormat);
+  zMsg = sqlite3VMPrintf(db, zFormat, ap);
+  va_end(ap);
+  if( db->suppressErr ){
+    sqlite3DbFree(db, zMsg);
+  }else{
+    pParse->nErr++;
+    sqlite3DbFree(db, pParse->zErrMsg);
+    pParse->zErrMsg = zMsg;
+    pParse->rc = SQLITE_ERROR;
+  }
+}
+
+/*
+** Convert an SQL-style quoted string into a normal string by removing
+** the quote characters.  The conversion is done in-place.  If the
+** input does not begin with a quote character, then this routine
+** is a no-op.
+**
+** The input string must be zero-terminated.  A new zero-terminator
+** is added to the dequoted string.
+**
+** The return value is -1 if no dequoting occurs or the length of the
+** dequoted string, exclusive of the zero terminator, if dequoting does
+** occur.
+**
+** 2002-Feb-14: This routine is extended to remove MS-Access style
+** brackets from around identifiers.  For example:  "[a-b-c]" becomes
+** "a-b-c".
+*/
+SQLITE_PRIVATE int sqlite3Dequote(char *z){
+  char quote;
+  int i, j;
+  if( z==0 ) return -1;
+  quote = z[0];
+  switch( quote ){
+    case '\'':  break;
+    case '"':   break;
+    case '`':   break;                /* For MySQL compatibility */
+    case '[':   quote = ']';  break;  /* For MS SqlServer compatibility */
+    default:    return -1;
+  }
+  for(i=1, j=0;; i++){
+    assert( z[i] );
+    if( z[i]==quote ){
+      if( z[i+1]==quote ){
+        z[j++] = quote;
+        i++;
+      }else{
+        break;
+      }
+    }else{
+      z[j++] = z[i];
+    }
+  }
+  z[j] = 0;
+  return j;
+}
+
+/* Convenient short-hand */
+#define UpperToLower sqlite3UpperToLower
+
+/*
+** Some systems have stricmp().  Others have strcasecmp().  Because
+** there is no consistency, we will define our own.
+**
+** IMPLEMENTATION-OF: R-30243-02494 The sqlite3_stricmp() and
+** sqlite3_strnicmp() APIs allow applications and extensions to compare
+** the contents of two buffers containing UTF-8 strings in a
+** case-independent fashion, using the same definition of "case
+** independence" that SQLite uses internally when comparing identifiers.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stricmp(const char *zLeft, const char *zRight){
+  register unsigned char *a, *b;
+  if( zLeft==0 ){
+    return zRight ? -1 : 0;
+  }else if( zRight==0 ){
+    return 1;
+  }
+  a = (unsigned char *)zLeft;
+  b = (unsigned char *)zRight;
+  while( *a!=0 && UpperToLower[*a]==UpperToLower[*b]){ a++; b++; }
+  return UpperToLower[*a] - UpperToLower[*b];
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_strnicmp(const char *zLeft, const char *zRight, int N){
+  register unsigned char *a, *b;
+  if( zLeft==0 ){
+    return zRight ? -1 : 0;
+  }else if( zRight==0 ){
+    return 1;
+  }
+  a = (unsigned char *)zLeft;
+  b = (unsigned char *)zRight;
+  while( N-- > 0 && *a!=0 && UpperToLower[*a]==UpperToLower[*b]){ a++; b++; }
+  return N<0 ? 0 : UpperToLower[*a] - UpperToLower[*b];
+}
+
+/*
+** The string z[] is an text representation of a real number.
+** Convert this string to a double and write it into *pResult.
+**
+** The string z[] is length bytes in length (bytes, not characters) and
+** uses the encoding enc.  The string is not necessarily zero-terminated.
+**
+** Return TRUE if the result is a valid real number (or integer) and FALSE
+** if the string is empty or contains extraneous text.  Valid numbers
+** are in one of these formats:
+**
+**    [+-]digits[E[+-]digits]
+**    [+-]digits.[digits][E[+-]digits]
+**    [+-].digits[E[+-]digits]
+**
+** Leading and trailing whitespace is ignored for the purpose of determining
+** validity.
+**
+** If some prefix of the input string is a valid number, this routine
+** returns FALSE but it still converts the prefix and writes the result
+** into *pResult.
+*/
+SQLITE_PRIVATE int sqlite3AtoF(const char *z, double *pResult, int length, u8 enc){
+#ifndef SQLITE_OMIT_FLOATING_POINT
+  int incr;
+  const char *zEnd = z + length;
+  /* sign * significand * (10 ^ (esign * exponent)) */
+  int sign = 1;    /* sign of significand */
+  i64 s = 0;       /* significand */
+  int d = 0;       /* adjust exponent for shifting decimal point */
+  int esign = 1;   /* sign of exponent */
+  int e = 0;       /* exponent */
+  int eValid = 1;  /* True exponent is either not used or is well-formed */
+  double result;
+  int nDigits = 0;
+  int nonNum = 0;
+
+  assert( enc==SQLITE_UTF8 || enc==SQLITE_UTF16LE || enc==SQLITE_UTF16BE );
+  *pResult = 0.0;   /* Default return value, in case of an error */
+
+  if( enc==SQLITE_UTF8 ){
+    incr = 1;
+  }else{
+    int i;
+    incr = 2;
+    assert( SQLITE_UTF16LE==2 && SQLITE_UTF16BE==3 );
+    for(i=3-enc; i<length && z[i]==0; i+=2){}
+    nonNum = i<length;
+    zEnd = z+i+enc-3;
+    z += (enc&1);
+  }
+
+  /* skip leading spaces */
+  while( z<zEnd && sqlite3Isspace(*z) ) z+=incr;
+  if( z>=zEnd ) return 0;
+
+  /* get sign of significand */
+  if( *z=='-' ){
+    sign = -1;
+    z+=incr;
+  }else if( *z=='+' ){
+    z+=incr;
+  }
+
+  /* skip leading zeroes */
+  while( z<zEnd && z[0]=='0' ) z+=incr, nDigits++;
+
+  /* copy max significant digits to significand */
+  while( z<zEnd && sqlite3Isdigit(*z) && s<((LARGEST_INT64-9)/10) ){
+    s = s*10 + (*z - '0');
+    z+=incr, nDigits++;
+  }
+
+  /* skip non-significant significand digits
+  ** (increase exponent by d to shift decimal left) */
+  while( z<zEnd && sqlite3Isdigit(*z) ) z+=incr, nDigits++, d++;
+  if( z>=zEnd ) goto do_atof_calc;
+
+  /* if decimal point is present */
+  if( *z=='.' ){
+    z+=incr;
+    /* copy digits from after decimal to significand
+    ** (decrease exponent by d to shift decimal right) */
+    while( z<zEnd && sqlite3Isdigit(*z) && s<((LARGEST_INT64-9)/10) ){
+      s = s*10 + (*z - '0');
+      z+=incr, nDigits++, d--;
+    }
+    /* skip non-significant digits */
+    while( z<zEnd && sqlite3Isdigit(*z) ) z+=incr, nDigits++;
+  }
+  if( z>=zEnd ) goto do_atof_calc;
+
+  /* if exponent is present */
+  if( *z=='e' || *z=='E' ){
+    z+=incr;
+    eValid = 0;
+    if( z>=zEnd ) goto do_atof_calc;
+    /* get sign of exponent */
+    if( *z=='-' ){
+      esign = -1;
+      z+=incr;
+    }else if( *z=='+' ){
+      z+=incr;
+    }
+    /* copy digits to exponent */
+    while( z<zEnd && sqlite3Isdigit(*z) ){
+      e = e<10000 ? (e*10 + (*z - '0')) : 10000;
+      z+=incr;
+      eValid = 1;
+    }
+  }
+
+  /* skip trailing spaces */
+  if( nDigits && eValid ){
+    while( z<zEnd && sqlite3Isspace(*z) ) z+=incr;
+  }
+
+do_atof_calc:
+  /* adjust exponent by d, and update sign */
+  e = (e*esign) + d;
+  if( e<0 ) {
+    esign = -1;
+    e *= -1;
+  } else {
+    esign = 1;
+  }
+
+  /* if 0 significand */
+  if( !s ) {
+    /* In the IEEE 754 standard, zero is signed.
+    ** Add the sign if we've seen at least one digit */
+    result = (sign<0 && nDigits) ? -(double)0 : (double)0;
+  } else {
+    /* attempt to reduce exponent */
+    if( esign>0 ){
+      while( s<(LARGEST_INT64/10) && e>0 ) e--,s*=10;
+    }else{
+      while( !(s%10) && e>0 ) e--,s/=10;
+    }
+
+    /* adjust the sign of significand */
+    s = sign<0 ? -s : s;
+
+    /* if exponent, scale significand as appropriate
+    ** and store in result. */
+    if( e ){
+      LONGDOUBLE_TYPE scale = 1.0;
+      /* attempt to handle extremely small/large numbers better */
+      if( e>307 && e<342 ){
+        while( e%308 ) { scale *= 1.0e+1; e -= 1; }
+        if( esign<0 ){
+          result = s / scale;
+          result /= 1.0e+308;
+        }else{
+          result = s * scale;
+          result *= 1.0e+308;
+        }
+      }else if( e>=342 ){
+        if( esign<0 ){
+          result = 0.0*s;
+        }else{
+          result = 1e308*1e308*s;  /* Infinity */
+        }
+      }else{
+        /* 1.0e+22 is the largest power of 10 than can be 
+        ** represented exactly. */
+        while( e%22 ) { scale *= 1.0e+1; e -= 1; }
+        while( e>0 ) { scale *= 1.0e+22; e -= 22; }
+        if( esign<0 ){
+          result = s / scale;
+        }else{
+          result = s * scale;
+        }
+      }
+    } else {
+      result = (double)s;
+    }
+  }
+
+  /* store the result */
+  *pResult = result;
+
+  /* return true if number and no extra non-whitespace chracters after */
+  return z>=zEnd && nDigits>0 && eValid && nonNum==0;
+#else
+  return !sqlite3Atoi64(z, pResult, length, enc);
+#endif /* SQLITE_OMIT_FLOATING_POINT */
+}
+
+/*
+** Compare the 19-character string zNum against the text representation
+** value 2^63:  9223372036854775808.  Return negative, zero, or positive
+** if zNum is less than, equal to, or greater than the string.
+** Note that zNum must contain exactly 19 characters.
+**
+** Unlike memcmp() this routine is guaranteed to return the difference
+** in the values of the last digit if the only difference is in the
+** last digit.  So, for example,
+**
+**      compare2pow63("9223372036854775800", 1)
+**
+** will return -8.
+*/
+static int compare2pow63(const char *zNum, int incr){
+  int c = 0;
+  int i;
+                    /* 012345678901234567 */
+  const char *pow63 = "922337203685477580";
+  for(i=0; c==0 && i<18; i++){
+    c = (zNum[i*incr]-pow63[i])*10;
+  }
+  if( c==0 ){
+    c = zNum[18*incr] - '8';
+    testcase( c==(-1) );
+    testcase( c==0 );
+    testcase( c==(+1) );
+  }
+  return c;
+}
+
+/*
+** Convert zNum to a 64-bit signed integer.  zNum must be decimal. This
+** routine does *not* accept hexadecimal notation.
+**
+** If the zNum value is representable as a 64-bit twos-complement 
+** integer, then write that value into *pNum and return 0.
+**
+** If zNum is exactly 9223372036854775808, return 2.  This special
+** case is broken out because while 9223372036854775808 cannot be a 
+** signed 64-bit integer, its negative -9223372036854775808 can be.
+**
+** If zNum is too big for a 64-bit integer and is not
+** 9223372036854775808  or if zNum contains any non-numeric text,
+** then return 1.
+**
+** length is the number of bytes in the string (bytes, not characters).
+** The string is not necessarily zero-terminated.  The encoding is
+** given by enc.
+*/
+SQLITE_PRIVATE int sqlite3Atoi64(const char *zNum, i64 *pNum, int length, u8 enc){
+  int incr;
+  u64 u = 0;
+  int neg = 0; /* assume positive */
+  int i;
+  int c = 0;
+  int nonNum = 0;
+  const char *zStart;
+  const char *zEnd = zNum + length;
+  assert( enc==SQLITE_UTF8 || enc==SQLITE_UTF16LE || enc==SQLITE_UTF16BE );
+  if( enc==SQLITE_UTF8 ){
+    incr = 1;
+  }else{
+    incr = 2;
+    assert( SQLITE_UTF16LE==2 && SQLITE_UTF16BE==3 );
+    for(i=3-enc; i<length && zNum[i]==0; i+=2){}
+    nonNum = i<length;
+    zEnd = zNum+i+enc-3;
+    zNum += (enc&1);
+  }
+  while( zNum<zEnd && sqlite3Isspace(*zNum) ) zNum+=incr;
+  if( zNum<zEnd ){
+    if( *zNum=='-' ){
+      neg = 1;
+      zNum+=incr;
+    }else if( *zNum=='+' ){
+      zNum+=incr;
+    }
+  }
+  zStart = zNum;
+  while( zNum<zEnd && zNum[0]=='0' ){ zNum+=incr; } /* Skip leading zeros. */
+  for(i=0; &zNum[i]<zEnd && (c=zNum[i])>='0' && c<='9'; i+=incr){
+    u = u*10 + c - '0';
+  }
+  if( u>LARGEST_INT64 ){
+    *pNum = neg ? SMALLEST_INT64 : LARGEST_INT64;
+  }else if( neg ){
+    *pNum = -(i64)u;
+  }else{
+    *pNum = (i64)u;
+  }
+  testcase( i==18 );
+  testcase( i==19 );
+  testcase( i==20 );
+  if( (c!=0 && &zNum[i]<zEnd) || (i==0 && zStart==zNum)
+       || i>19*incr || nonNum ){
+    /* zNum is empty or contains non-numeric text or is longer
+    ** than 19 digits (thus guaranteeing that it is too large) */
+    return 1;
+  }else if( i<19*incr ){
+    /* Less than 19 digits, so we know that it fits in 64 bits */
+    assert( u<=LARGEST_INT64 );
+    return 0;
+  }else{
+    /* zNum is a 19-digit numbers.  Compare it against 9223372036854775808. */
+    c = compare2pow63(zNum, incr);
+    if( c<0 ){
+      /* zNum is less than 9223372036854775808 so it fits */
+      assert( u<=LARGEST_INT64 );
+      return 0;
+    }else if( c>0 ){
+      /* zNum is greater than 9223372036854775808 so it overflows */
+      return 1;
+    }else{
+      /* zNum is exactly 9223372036854775808.  Fits if negative.  The
+      ** special case 2 overflow if positive */
+      assert( u-1==LARGEST_INT64 );
+      return neg ? 0 : 2;
+    }
+  }
+}
+
+/*
+** Transform a UTF-8 integer literal, in either decimal or hexadecimal,
+** into a 64-bit signed integer.  This routine accepts hexadecimal literals,
+** whereas sqlite3Atoi64() does not.
+**
+** Returns:
+**
+**     0    Successful transformation.  Fits in a 64-bit signed integer.
+**     1    Integer too large for a 64-bit signed integer or is malformed
+**     2    Special case of 9223372036854775808
+*/
+SQLITE_PRIVATE int sqlite3DecOrHexToI64(const char *z, i64 *pOut){
+#ifndef SQLITE_OMIT_HEX_INTEGER
+  if( z[0]=='0'
+   && (z[1]=='x' || z[1]=='X')
+   && sqlite3Isxdigit(z[2])
+  ){
+    u64 u = 0;
+    int i, k;
+    for(i=2; z[i]=='0'; i++){}
+    for(k=i; sqlite3Isxdigit(z[k]); k++){
+      u = u*16 + sqlite3HexToInt(z[k]);
+    }
+    memcpy(pOut, &u, 8);
+    return (z[k]==0 && k-i<=16) ? 0 : 1;
+  }else
+#endif /* SQLITE_OMIT_HEX_INTEGER */
+  {
+    return sqlite3Atoi64(z, pOut, sqlite3Strlen30(z), SQLITE_UTF8);
+  }
+}
+
+/*
+** If zNum represents an integer that will fit in 32-bits, then set
+** *pValue to that integer and return true.  Otherwise return false.
+**
+** This routine accepts both decimal and hexadecimal notation for integers.
+**
+** Any non-numeric characters that following zNum are ignored.
+** This is different from sqlite3Atoi64() which requires the
+** input number to be zero-terminated.
+*/
+SQLITE_PRIVATE int sqlite3GetInt32(const char *zNum, int *pValue){
+  sqlite_int64 v = 0;
+  int i, c;
+  int neg = 0;
+  if( zNum[0]=='-' ){
+    neg = 1;
+    zNum++;
+  }else if( zNum[0]=='+' ){
+    zNum++;
+  }
+#ifndef SQLITE_OMIT_HEX_INTEGER
+  else if( zNum[0]=='0'
+        && (zNum[1]=='x' || zNum[1]=='X')
+        && sqlite3Isxdigit(zNum[2])
+  ){
+    u32 u = 0;
+    zNum += 2;
+    while( zNum[0]=='0' ) zNum++;
+    for(i=0; sqlite3Isxdigit(zNum[i]) && i<8; i++){
+      u = u*16 + sqlite3HexToInt(zNum[i]);
+    }
+    if( (u&0x80000000)==0 && sqlite3Isxdigit(zNum[i])==0 ){
+      memcpy(pValue, &u, 4);
+      return 1;
+    }else{
+      return 0;
+    }
+  }
+#endif
+  while( zNum[0]=='0' ) zNum++;
+  for(i=0; i<11 && (c = zNum[i] - '0')>=0 && c<=9; i++){
+    v = v*10 + c;
+  }
+
+  /* The longest decimal representation of a 32 bit integer is 10 digits:
+  **
+  **             1234567890
+  **     2^31 -> 2147483648
+  */
+  testcase( i==10 );
+  if( i>10 ){
+    return 0;
+  }
+  testcase( v-neg==2147483647 );
+  if( v-neg>2147483647 ){
+    return 0;
+  }
+  if( neg ){
+    v = -v;
+  }
+  *pValue = (int)v;
+  return 1;
+}
+
+/*
+** Return a 32-bit integer value extracted from a string.  If the
+** string is not an integer, just return 0.
+*/
+SQLITE_PRIVATE int sqlite3Atoi(const char *z){
+  int x = 0;
+  if( z ) sqlite3GetInt32(z, &x);
+  return x;
+}
+
+/*
+** The variable-length integer encoding is as follows:
+**
+** KEY:
+**         A = 0xxxxxxx    7 bits of data and one flag bit
+**         B = 1xxxxxxx    7 bits of data and one flag bit
+**         C = xxxxxxxx    8 bits of data
+**
+**  7 bits - A
+** 14 bits - BA
+** 21 bits - BBA
+** 28 bits - BBBA
+** 35 bits - BBBBA
+** 42 bits - BBBBBA
+** 49 bits - BBBBBBA
+** 56 bits - BBBBBBBA
+** 64 bits - BBBBBBBBC
+*/
+
+/*
+** Write a 64-bit variable-length integer to memory starting at p[0].
+** The length of data write will be between 1 and 9 bytes.  The number
+** of bytes written is returned.
+**
+** A variable-length integer consists of the lower 7 bits of each byte
+** for all bytes that have the 8th bit set and one byte with the 8th
+** bit clear.  Except, if we get to the 9th byte, it stores the full
+** 8 bits and is the last byte.
+*/
+static int SQLITE_NOINLINE putVarint64(unsigned char *p, u64 v){
+  int i, j, n;
+  u8 buf[10];
+  if( v & (((u64)0xff000000)<<32) ){
+    p[8] = (u8)v;
+    v >>= 8;
+    for(i=7; i>=0; i--){
+      p[i] = (u8)((v & 0x7f) | 0x80);
+      v >>= 7;
+    }
+    return 9;
+  }    
+  n = 0;
+  do{
+    buf[n++] = (u8)((v & 0x7f) | 0x80);
+    v >>= 7;
+  }while( v!=0 );
+  buf[0] &= 0x7f;
+  assert( n<=9 );
+  for(i=0, j=n-1; j>=0; j--, i++){
+    p[i] = buf[j];
+  }
+  return n;
+}
+SQLITE_PRIVATE int sqlite3PutVarint(unsigned char *p, u64 v){
+  if( v<=0x7f ){
+    p[0] = v&0x7f;
+    return 1;
+  }
+  if( v<=0x3fff ){
+    p[0] = ((v>>7)&0x7f)|0x80;
+    p[1] = v&0x7f;
+    return 2;
+  }
+  return putVarint64(p,v);
+}
+
+/*
+** Bitmasks used by sqlite3GetVarint().  These precomputed constants
+** are defined here rather than simply putting the constant expressions
+** inline in order to work around bugs in the RVT compiler.
+**
+** SLOT_2_0     A mask for  (0x7f<<14) | 0x7f
+**
+** SLOT_4_2_0   A mask for  (0x7f<<28) | SLOT_2_0
+*/
+#define SLOT_2_0     0x001fc07f
+#define SLOT_4_2_0   0xf01fc07f
+
+
+/*
+** Read a 64-bit variable-length integer from memory starting at p[0].
+** Return the number of bytes read.  The value is stored in *v.
+*/
+SQLITE_PRIVATE u8 sqlite3GetVarint(const unsigned char *p, u64 *v){
+  u32 a,b,s;
+
+  a = *p;
+  /* a: p0 (unmasked) */
+  if (!(a&0x80))
+  {
+    *v = a;
+    return 1;
+  }
+
+  p++;
+  b = *p;
+  /* b: p1 (unmasked) */
+  if (!(b&0x80))
+  {
+    a &= 0x7f;
+    a = a<<7;
+    a |= b;
+    *v = a;
+    return 2;
+  }
+
+  /* Verify that constants are precomputed correctly */
+  assert( SLOT_2_0 == ((0x7f<<14) | (0x7f)) );
+  assert( SLOT_4_2_0 == ((0xfU<<28) | (0x7f<<14) | (0x7f)) );
+
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p0<<14 | p2 (unmasked) */
+  if (!(a&0x80))
+  {
+    a &= SLOT_2_0;
+    b &= 0x7f;
+    b = b<<7;
+    a |= b;
+    *v = a;
+    return 3;
+  }
+
+  /* CSE1 from below */
+  a &= SLOT_2_0;
+  p++;
+  b = b<<14;
+  b |= *p;
+  /* b: p1<<14 | p3 (unmasked) */
+  if (!(b&0x80))
+  {
+    b &= SLOT_2_0;
+    /* moved CSE1 up */
+    /* a &= (0x7f<<14)|(0x7f); */
+    a = a<<7;
+    a |= b;
+    *v = a;
+    return 4;
+  }
+
+  /* a: p0<<14 | p2 (masked) */
+  /* b: p1<<14 | p3 (unmasked) */
+  /* 1:save off p0<<21 | p1<<14 | p2<<7 | p3 (masked) */
+  /* moved CSE1 up */
+  /* a &= (0x7f<<14)|(0x7f); */
+  b &= SLOT_2_0;
+  s = a;
+  /* s: p0<<14 | p2 (masked) */
+
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p0<<28 | p2<<14 | p4 (unmasked) */
+  if (!(a&0x80))
+  {
+    /* we can skip these cause they were (effectively) done above
+    ** while calculating s */
+    /* a &= (0x7f<<28)|(0x7f<<14)|(0x7f); */
+    /* b &= (0x7f<<14)|(0x7f); */
+    b = b<<7;
+    a |= b;
+    s = s>>18;
+    *v = ((u64)s)<<32 | a;
+    return 5;
+  }
+
+  /* 2:save off p0<<21 | p1<<14 | p2<<7 | p3 (masked) */
+  s = s<<7;
+  s |= b;
+  /* s: p0<<21 | p1<<14 | p2<<7 | p3 (masked) */
+
+  p++;
+  b = b<<14;
+  b |= *p;
+  /* b: p1<<28 | p3<<14 | p5 (unmasked) */
+  if (!(b&0x80))
+  {
+    /* we can skip this cause it was (effectively) done above in calc'ing s */
+    /* b &= (0x7f<<28)|(0x7f<<14)|(0x7f); */
+    a &= SLOT_2_0;
+    a = a<<7;
+    a |= b;
+    s = s>>18;
+    *v = ((u64)s)<<32 | a;
+    return 6;
+  }
+
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p2<<28 | p4<<14 | p6 (unmasked) */
+  if (!(a&0x80))
+  {
+    a &= SLOT_4_2_0;
+    b &= SLOT_2_0;
+    b = b<<7;
+    a |= b;
+    s = s>>11;
+    *v = ((u64)s)<<32 | a;
+    return 7;
+  }
+
+  /* CSE2 from below */
+  a &= SLOT_2_0;
+  p++;
+  b = b<<14;
+  b |= *p;
+  /* b: p3<<28 | p5<<14 | p7 (unmasked) */
+  if (!(b&0x80))
+  {
+    b &= SLOT_4_2_0;
+    /* moved CSE2 up */
+    /* a &= (0x7f<<14)|(0x7f); */
+    a = a<<7;
+    a |= b;
+    s = s>>4;
+    *v = ((u64)s)<<32 | a;
+    return 8;
+  }
+
+  p++;
+  a = a<<15;
+  a |= *p;
+  /* a: p4<<29 | p6<<15 | p8 (unmasked) */
+
+  /* moved CSE2 up */
+  /* a &= (0x7f<<29)|(0x7f<<15)|(0xff); */
+  b &= SLOT_2_0;
+  b = b<<8;
+  a |= b;
+
+  s = s<<4;
+  b = p[-4];
+  b &= 0x7f;
+  b = b>>3;
+  s |= b;
+
+  *v = ((u64)s)<<32 | a;
+
+  return 9;
+}
+
+/*
+** Read a 32-bit variable-length integer from memory starting at p[0].
+** Return the number of bytes read.  The value is stored in *v.
+**
+** If the varint stored in p[0] is larger than can fit in a 32-bit unsigned
+** integer, then set *v to 0xffffffff.
+**
+** A MACRO version, getVarint32, is provided which inlines the 
+** single-byte case.  All code should use the MACRO version as 
+** this function assumes the single-byte case has already been handled.
+*/
+SQLITE_PRIVATE u8 sqlite3GetVarint32(const unsigned char *p, u32 *v){
+  u32 a,b;
+
+  /* The 1-byte case.  Overwhelmingly the most common.  Handled inline
+  ** by the getVarin32() macro */
+  a = *p;
+  /* a: p0 (unmasked) */
+#ifndef getVarint32
+  if (!(a&0x80))
+  {
+    /* Values between 0 and 127 */
+    *v = a;
+    return 1;
+  }
+#endif
+
+  /* The 2-byte case */
+  p++;
+  b = *p;
+  /* b: p1 (unmasked) */
+  if (!(b&0x80))
+  {
+    /* Values between 128 and 16383 */
+    a &= 0x7f;
+    a = a<<7;
+    *v = a | b;
+    return 2;
+  }
+
+  /* The 3-byte case */
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p0<<14 | p2 (unmasked) */
+  if (!(a&0x80))
+  {
+    /* Values between 16384 and 2097151 */
+    a &= (0x7f<<14)|(0x7f);
+    b &= 0x7f;
+    b = b<<7;
+    *v = a | b;
+    return 3;
+  }
+
+  /* A 32-bit varint is used to store size information in btrees.
+  ** Objects are rarely larger than 2MiB limit of a 3-byte varint.
+  ** A 3-byte varint is sufficient, for example, to record the size
+  ** of a 1048569-byte BLOB or string.
+  **
+  ** We only unroll the first 1-, 2-, and 3- byte cases.  The very
+  ** rare larger cases can be handled by the slower 64-bit varint
+  ** routine.
+  */
+#if 1
+  {
+    u64 v64;
+    u8 n;
+
+    p -= 2;
+    n = sqlite3GetVarint(p, &v64);
+    assert( n>3 && n<=9 );
+    if( (v64 & SQLITE_MAX_U32)!=v64 ){
+      *v = 0xffffffff;
+    }else{
+      *v = (u32)v64;
+    }
+    return n;
+  }
+
+#else
+  /* For following code (kept for historical record only) shows an
+  ** unrolling for the 3- and 4-byte varint cases.  This code is
+  ** slightly faster, but it is also larger and much harder to test.
+  */
+  p++;
+  b = b<<14;
+  b |= *p;
+  /* b: p1<<14 | p3 (unmasked) */
+  if (!(b&0x80))
+  {
+    /* Values between 2097152 and 268435455 */
+    b &= (0x7f<<14)|(0x7f);
+    a &= (0x7f<<14)|(0x7f);
+    a = a<<7;
+    *v = a | b;
+    return 4;
+  }
+
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p0<<28 | p2<<14 | p4 (unmasked) */
+  if (!(a&0x80))
+  {
+    /* Values  between 268435456 and 34359738367 */
+    a &= SLOT_4_2_0;
+    b &= SLOT_4_2_0;
+    b = b<<7;
+    *v = a | b;
+    return 5;
+  }
+
+  /* We can only reach this point when reading a corrupt database
+  ** file.  In that case we are not in any hurry.  Use the (relatively
+  ** slow) general-purpose sqlite3GetVarint() routine to extract the
+  ** value. */
+  {
+    u64 v64;
+    u8 n;
+
+    p -= 4;
+    n = sqlite3GetVarint(p, &v64);
+    assert( n>5 && n<=9 );
+    *v = (u32)v64;
+    return n;
+  }
+#endif
+}
+
+/*
+** Return the number of bytes that will be needed to store the given
+** 64-bit integer.
+*/
+SQLITE_PRIVATE int sqlite3VarintLen(u64 v){
+  int i;
+  for(i=1; (v >>= 7)!=0; i++){ assert( i<9 ); }
+  return i;
+}
+
+
+/*
+** Read or write a four-byte big-endian integer value.
+*/
+SQLITE_PRIVATE u32 sqlite3Get4byte(const u8 *p){
+#if SQLITE_BYTEORDER==4321
+  u32 x;
+  memcpy(&x,p,4);
+  return x;
+#elif SQLITE_BYTEORDER==1234 && !defined(SQLITE_DISABLE_INTRINSIC) \
+    && defined(__GNUC__) && GCC_VERSION>=4003000
+  u32 x;
+  memcpy(&x,p,4);
+  return __builtin_bswap32(x);
+#elif SQLITE_BYTEORDER==1234 && !defined(SQLITE_DISABLE_INTRINSIC) \
+    && defined(_MSC_VER) && _MSC_VER>=1300
+  u32 x;
+  memcpy(&x,p,4);
+  return _byteswap_ulong(x);
+#else
+  testcase( p[0]&0x80 );
+  return ((unsigned)p[0]<<24) | (p[1]<<16) | (p[2]<<8) | p[3];
+#endif
+}
+SQLITE_PRIVATE void sqlite3Put4byte(unsigned char *p, u32 v){
+#if SQLITE_BYTEORDER==4321
+  memcpy(p,&v,4);
+#elif SQLITE_BYTEORDER==1234 && defined(__GNUC__) && GCC_VERSION>=4003000
+  u32 x = __builtin_bswap32(v);
+  memcpy(p,&x,4);
+#elif SQLITE_BYTEORDER==1234 && defined(_MSC_VER) && _MSC_VER>=1300
+  u32 x = _byteswap_ulong(v);
+  memcpy(p,&x,4);
+#else
+  p[0] = (u8)(v>>24);
+  p[1] = (u8)(v>>16);
+  p[2] = (u8)(v>>8);
+  p[3] = (u8)v;
+#endif
+}
+
+
+
+/*
+** Translate a single byte of Hex into an integer.
+** This routine only works if h really is a valid hexadecimal
+** character:  0..9a..fA..F
+*/
+SQLITE_PRIVATE u8 sqlite3HexToInt(int h){
+  assert( (h>='0' && h<='9') ||  (h>='a' && h<='f') ||  (h>='A' && h<='F') );
+#ifdef SQLITE_ASCII
+  h += 9*(1&(h>>6));
+#endif
+#ifdef SQLITE_EBCDIC
+  h += 9*(1&~(h>>4));
+#endif
+  return (u8)(h & 0xf);
+}
+
+#if !defined(SQLITE_OMIT_BLOB_LITERAL) || defined(SQLITE_HAS_CODEC)
+/*
+** Convert a BLOB literal of the form "x'hhhhhh'" into its binary
+** value.  Return a pointer to its binary value.  Space to hold the
+** binary value has been obtained from malloc and must be freed by
+** the calling routine.
+*/
+SQLITE_PRIVATE void *sqlite3HexToBlob(sqlite3 *db, const char *z, int n){
+  char *zBlob;
+  int i;
+
+  zBlob = (char *)sqlite3DbMallocRaw(db, n/2 + 1);
+  n--;
+  if( zBlob ){
+    for(i=0; i<n; i+=2){
+      zBlob[i/2] = (sqlite3HexToInt(z[i])<<4) | sqlite3HexToInt(z[i+1]);
+    }
+    zBlob[i/2] = 0;
+  }
+  return zBlob;
+}
+#endif /* !SQLITE_OMIT_BLOB_LITERAL || SQLITE_HAS_CODEC */
+
+/*
+** Log an error that is an API call on a connection pointer that should
+** not have been used.  The "type" of connection pointer is given as the
+** argument.  The zType is a word like "NULL" or "closed" or "invalid".
+*/
+static void logBadConnection(const char *zType){
+  sqlite3_log(SQLITE_MISUSE, 
+     "API call with %s database connection pointer",
+     zType
+  );
+}
+
+/*
+** Check to make sure we have a valid db pointer.  This test is not
+** foolproof but it does provide some measure of protection against
+** misuse of the interface such as passing in db pointers that are
+** NULL or which have been previously closed.  If this routine returns
+** 1 it means that the db pointer is valid and 0 if it should not be
+** dereferenced for any reason.  The calling function should invoke
+** SQLITE_MISUSE immediately.
+**
+** sqlite3SafetyCheckOk() requires that the db pointer be valid for
+** use.  sqlite3SafetyCheckSickOrOk() allows a db pointer that failed to
+** open properly and is not fit for general use but which can be
+** used as an argument to sqlite3_errmsg() or sqlite3_close().
+*/
+SQLITE_PRIVATE int sqlite3SafetyCheckOk(sqlite3 *db){
+  u32 magic;
+  if( db==0 ){
+    logBadConnection("NULL");
+    return 0;
+  }
+  magic = db->magic;
+  if( magic!=SQLITE_MAGIC_OPEN ){
+    if( sqlite3SafetyCheckSickOrOk(db) ){
+      testcase( sqlite3GlobalConfig.xLog!=0 );
+      logBadConnection("unopened");
+    }
+    return 0;
+  }else{
+    return 1;
+  }
+}
+SQLITE_PRIVATE int sqlite3SafetyCheckSickOrOk(sqlite3 *db){
+  u32 magic;
+  magic = db->magic;
+  if( magic!=SQLITE_MAGIC_SICK &&
+      magic!=SQLITE_MAGIC_OPEN &&
+      magic!=SQLITE_MAGIC_BUSY ){
+    testcase( sqlite3GlobalConfig.xLog!=0 );
+    logBadConnection("invalid");
+    return 0;
+  }else{
+    return 1;
+  }
+}
+
+/*
+** Attempt to add, substract, or multiply the 64-bit signed value iB against
+** the other 64-bit signed integer at *pA and store the result in *pA.
+** Return 0 on success.  Or if the operation would have resulted in an
+** overflow, leave *pA unchanged and return 1.
+*/
+SQLITE_PRIVATE int sqlite3AddInt64(i64 *pA, i64 iB){
+  i64 iA = *pA;
+  testcase( iA==0 ); testcase( iA==1 );
+  testcase( iB==-1 ); testcase( iB==0 );
+  if( iB>=0 ){
+    testcase( iA>0 && LARGEST_INT64 - iA == iB );
+    testcase( iA>0 && LARGEST_INT64 - iA == iB - 1 );
+    if( iA>0 && LARGEST_INT64 - iA < iB ) return 1;
+  }else{
+    testcase( iA<0 && -(iA + LARGEST_INT64) == iB + 1 );
+    testcase( iA<0 && -(iA + LARGEST_INT64) == iB + 2 );
+    if( iA<0 && -(iA + LARGEST_INT64) > iB + 1 ) return 1;
+  }
+  *pA += iB;
+  return 0; 
+}
+SQLITE_PRIVATE int sqlite3SubInt64(i64 *pA, i64 iB){
+  testcase( iB==SMALLEST_INT64+1 );
+  if( iB==SMALLEST_INT64 ){
+    testcase( (*pA)==(-1) ); testcase( (*pA)==0 );
+    if( (*pA)>=0 ) return 1;
+    *pA -= iB;
+    return 0;
+  }else{
+    return sqlite3AddInt64(pA, -iB);
+  }
+}
+#define TWOPOWER32 (((i64)1)<<32)
+#define TWOPOWER31 (((i64)1)<<31)
+SQLITE_PRIVATE int sqlite3MulInt64(i64 *pA, i64 iB){
+  i64 iA = *pA;
+  i64 iA1, iA0, iB1, iB0, r;
+
+  iA1 = iA/TWOPOWER32;
+  iA0 = iA % TWOPOWER32;
+  iB1 = iB/TWOPOWER32;
+  iB0 = iB % TWOPOWER32;
+  if( iA1==0 ){
+    if( iB1==0 ){
+      *pA *= iB;
+      return 0;
+    }
+    r = iA0*iB1;
+  }else if( iB1==0 ){
+    r = iA1*iB0;
+  }else{
+    /* If both iA1 and iB1 are non-zero, overflow will result */
+    return 1;
+  }
+  testcase( r==(-TWOPOWER31)-1 );
+  testcase( r==(-TWOPOWER31) );
+  testcase( r==TWOPOWER31 );
+  testcase( r==TWOPOWER31-1 );
+  if( r<(-TWOPOWER31) || r>=TWOPOWER31 ) return 1;
+  r *= TWOPOWER32;
+  if( sqlite3AddInt64(&r, iA0*iB0) ) return 1;
+  *pA = r;
+  return 0;
+}
+
+/*
+** Compute the absolute value of a 32-bit signed integer, of possible.  Or 
+** if the integer has a value of -2147483648, return +2147483647
+*/
+SQLITE_PRIVATE int sqlite3AbsInt32(int x){
+  if( x>=0 ) return x;
+  if( x==(int)0x80000000 ) return 0x7fffffff;
+  return -x;
+}
+
+#ifdef SQLITE_ENABLE_8_3_NAMES
+/*
+** If SQLITE_ENABLE_8_3_NAMES is set at compile-time and if the database
+** filename in zBaseFilename is a URI with the "8_3_names=1" parameter and
+** if filename in z[] has a suffix (a.k.a. "extension") that is longer than
+** three characters, then shorten the suffix on z[] to be the last three
+** characters of the original suffix.
+**
+** If SQLITE_ENABLE_8_3_NAMES is set to 2 at compile-time, then always
+** do the suffix shortening regardless of URI parameter.
+**
+** Examples:
+**
+**     test.db-journal    =>   test.nal
+**     test.db-wal        =>   test.wal
+**     test.db-shm        =>   test.shm
+**     test.db-mj7f3319fa =>   test.9fa
+*/
+SQLITE_PRIVATE void sqlite3FileSuffix3(const char *zBaseFilename, char *z){
+#if SQLITE_ENABLE_8_3_NAMES<2
+  if( sqlite3_uri_boolean(zBaseFilename, "8_3_names", 0) )
+#endif
+  {
+    int i, sz;
+    sz = sqlite3Strlen30(z);
+    for(i=sz-1; i>0 && z[i]!='/' && z[i]!='.'; i--){}
+    if( z[i]=='.' && ALWAYS(sz>i+4) ) memmove(&z[i+1], &z[sz-3], 4);
+  }
+}
+#endif
+
+/* 
+** Find (an approximate) sum of two LogEst values.  This computation is
+** not a simple "+" operator because LogEst is stored as a logarithmic
+** value.
+** 
+*/
+SQLITE_PRIVATE LogEst sqlite3LogEstAdd(LogEst a, LogEst b){
+  static const unsigned char x[] = {
+     10, 10,                         /* 0,1 */
+      9, 9,                          /* 2,3 */
+      8, 8,                          /* 4,5 */
+      7, 7, 7,                       /* 6,7,8 */
+      6, 6, 6,                       /* 9,10,11 */
+      5, 5, 5,                       /* 12-14 */
+      4, 4, 4, 4,                    /* 15-18 */
+      3, 3, 3, 3, 3, 3,              /* 19-24 */
+      2, 2, 2, 2, 2, 2, 2,           /* 25-31 */
+  };
+  if( a>=b ){
+    if( a>b+49 ) return a;
+    if( a>b+31 ) return a+1;
+    return a+x[a-b];
+  }else{
+    if( b>a+49 ) return b;
+    if( b>a+31 ) return b+1;
+    return b+x[b-a];
+  }
+}
+
+/*
+** Convert an integer into a LogEst.  In other words, compute an
+** approximation for 10*log2(x).
+*/
+SQLITE_PRIVATE LogEst sqlite3LogEst(u64 x){
+  static LogEst a[] = { 0, 2, 3, 5, 6, 7, 8, 9 };
+  LogEst y = 40;
+  if( x<8 ){
+    if( x<2 ) return 0;
+    while( x<8 ){  y -= 10; x <<= 1; }
+  }else{
+    while( x>255 ){ y += 40; x >>= 4; }
+    while( x>15 ){  y += 10; x >>= 1; }
+  }
+  return a[x&7] + y - 10;
+}
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/*
+** Convert a double into a LogEst
+** In other words, compute an approximation for 10*log2(x).
+*/
+SQLITE_PRIVATE LogEst sqlite3LogEstFromDouble(double x){
+  u64 a;
+  LogEst e;
+  assert( sizeof(x)==8 && sizeof(a)==8 );
+  if( x<=1 ) return 0;
+  if( x<=2000000000 ) return sqlite3LogEst((u64)x);
+  memcpy(&a, &x, 8);
+  e = (a>>52) - 1022;
+  return e*10;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/*
+** Convert a LogEst into an integer.
+*/
+SQLITE_PRIVATE u64 sqlite3LogEstToInt(LogEst x){
+  u64 n;
+  if( x<10 ) return 1;
+  n = x%10;
+  x /= 10;
+  if( n>=5 ) n -= 2;
+  else if( n>=1 ) n -= 1;
+  if( x>=3 ){
+    return x>60 ? (u64)LARGEST_INT64 : (n+8)<<(x-3);
+  }
+  return (n+8)>>(3-x);
+}
+
+/************** End of util.c ************************************************/
+/************** Begin file hash.c ********************************************/
+/*
+** 2001 September 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This is the implementation of generic hash-tables
+** used in SQLite.
+*/
+/* #include "sqliteInt.h" */
+/* #include <assert.h> */
+
+/* Turn bulk memory into a hash table object by initializing the
+** fields of the Hash structure.
+**
+** "pNew" is a pointer to the hash table that is to be initialized.
+*/
+SQLITE_PRIVATE void sqlite3HashInit(Hash *pNew){
+  assert( pNew!=0 );
+  pNew->first = 0;
+  pNew->count = 0;
+  pNew->htsize = 0;
+  pNew->ht = 0;
+}
+
+/* Remove all entries from a hash table.  Reclaim all memory.
+** Call this routine to delete a hash table or to reset a hash table
+** to the empty state.
+*/
+SQLITE_PRIVATE void sqlite3HashClear(Hash *pH){
+  HashElem *elem;         /* For looping over all elements of the table */
+
+  assert( pH!=0 );
+  elem = pH->first;
+  pH->first = 0;
+  sqlite3_free(pH->ht);
+  pH->ht = 0;
+  pH->htsize = 0;
+  while( elem ){
+    HashElem *next_elem = elem->next;
+    sqlite3_free(elem);
+    elem = next_elem;
+  }
+  pH->count = 0;
+}
+
+/*
+** The hashing function.
+*/
+static unsigned int strHash(const char *z){
+  unsigned int h = 0;
+  unsigned char c;
+  while( (c = (unsigned char)*z++)!=0 ){
+    h = (h<<3) ^ h ^ sqlite3UpperToLower[c];
+  }
+  return h;
+}
+
+
+/* Link pNew element into the hash table pH.  If pEntry!=0 then also
+** insert pNew into the pEntry hash bucket.
+*/
+static void insertElement(
+  Hash *pH,              /* The complete hash table */
+  struct _ht *pEntry,    /* The entry into which pNew is inserted */
+  HashElem *pNew         /* The element to be inserted */
+){
+  HashElem *pHead;       /* First element already in pEntry */
+  if( pEntry ){
+    pHead = pEntry->count ? pEntry->chain : 0;
+    pEntry->count++;
+    pEntry->chain = pNew;
+  }else{
+    pHead = 0;
+  }
+  if( pHead ){
+    pNew->next = pHead;
+    pNew->prev = pHead->prev;
+    if( pHead->prev ){ pHead->prev->next = pNew; }
+    else             { pH->first = pNew; }
+    pHead->prev = pNew;
+  }else{
+    pNew->next = pH->first;
+    if( pH->first ){ pH->first->prev = pNew; }
+    pNew->prev = 0;
+    pH->first = pNew;
+  }
+}
+
+
+/* Resize the hash table so that it cantains "new_size" buckets.
+**
+** The hash table might fail to resize if sqlite3_malloc() fails or
+** if the new size is the same as the prior size.
+** Return TRUE if the resize occurs and false if not.
+*/
+static int rehash(Hash *pH, unsigned int new_size){
+  struct _ht *new_ht;            /* The new hash table */
+  HashElem *elem, *next_elem;    /* For looping over existing elements */
+
+#if SQLITE_MALLOC_SOFT_LIMIT>0
+  if( new_size*sizeof(struct _ht)>SQLITE_MALLOC_SOFT_LIMIT ){
+    new_size = SQLITE_MALLOC_SOFT_LIMIT/sizeof(struct _ht);
+  }
+  if( new_size==pH->htsize ) return 0;
+#endif
+
+  /* The inability to allocates space for a larger hash table is
+  ** a performance hit but it is not a fatal error.  So mark the
+  ** allocation as a benign. Use sqlite3Malloc()/memset(0) instead of 
+  ** sqlite3MallocZero() to make the allocation, as sqlite3MallocZero()
+  ** only zeroes the requested number of bytes whereas this module will
+  ** use the actual amount of space allocated for the hash table (which
+  ** may be larger than the requested amount).
+  */
+  sqlite3BeginBenignMalloc();
+  new_ht = (struct _ht *)sqlite3Malloc( new_size*sizeof(struct _ht) );
+  sqlite3EndBenignMalloc();
+
+  if( new_ht==0 ) return 0;
+  sqlite3_free(pH->ht);
+  pH->ht = new_ht;
+  pH->htsize = new_size = sqlite3MallocSize(new_ht)/sizeof(struct _ht);
+  memset(new_ht, 0, new_size*sizeof(struct _ht));
+  for(elem=pH->first, pH->first=0; elem; elem = next_elem){
+    unsigned int h = strHash(elem->pKey) % new_size;
+    next_elem = elem->next;
+    insertElement(pH, &new_ht[h], elem);
+  }
+  return 1;
+}
+
+/* This function (for internal use only) locates an element in an
+** hash table that matches the given key.  The hash for this key is
+** also computed and returned in the *pH parameter.
+*/
+static HashElem *findElementWithHash(
+  const Hash *pH,     /* The pH to be searched */
+  const char *pKey,   /* The key we are searching for */
+  unsigned int *pHash /* Write the hash value here */
+){
+  HashElem *elem;                /* Used to loop thru the element list */
+  int count;                     /* Number of elements left to test */
+  unsigned int h;                /* The computed hash */
+
+  if( pH->ht ){
+    struct _ht *pEntry;
+    h = strHash(pKey) % pH->htsize;
+    pEntry = &pH->ht[h];
+    elem = pEntry->chain;
+    count = pEntry->count;
+  }else{
+    h = 0;
+    elem = pH->first;
+    count = pH->count;
+  }
+  *pHash = h;
+  while( count-- ){
+    assert( elem!=0 );
+    if( sqlite3StrICmp(elem->pKey,pKey)==0 ){ 
+      return elem;
+    }
+    elem = elem->next;
+  }
+  return 0;
+}
+
+/* Remove a single entry from the hash table given a pointer to that
+** element and a hash on the element's key.
+*/
+static void removeElementGivenHash(
+  Hash *pH,         /* The pH containing "elem" */
+  HashElem* elem,   /* The element to be removed from the pH */
+  unsigned int h    /* Hash value for the element */
+){
+  struct _ht *pEntry;
+  if( elem->prev ){
+    elem->prev->next = elem->next; 
+  }else{
+    pH->first = elem->next;
+  }
+  if( elem->next ){
+    elem->next->prev = elem->prev;
+  }
+  if( pH->ht ){
+    pEntry = &pH->ht[h];
+    if( pEntry->chain==elem ){
+      pEntry->chain = elem->next;
+    }
+    pEntry->count--;
+    assert( pEntry->count>=0 );
+  }
+  sqlite3_free( elem );
+  pH->count--;
+  if( pH->count==0 ){
+    assert( pH->first==0 );
+    assert( pH->count==0 );
+    sqlite3HashClear(pH);
+  }
+}
+
+/* Attempt to locate an element of the hash table pH with a key
+** that matches pKey.  Return the data for this element if it is
+** found, or NULL if there is no match.
+*/
+SQLITE_PRIVATE void *sqlite3HashFind(const Hash *pH, const char *pKey){
+  HashElem *elem;    /* The element that matches key */
+  unsigned int h;    /* A hash on key */
+
+  assert( pH!=0 );
+  assert( pKey!=0 );
+  elem = findElementWithHash(pH, pKey, &h);
+  return elem ? elem->data : 0;
+}
+
+/* Insert an element into the hash table pH.  The key is pKey
+** and the data is "data".
+**
+** If no element exists with a matching key, then a new
+** element is created and NULL is returned.
+**
+** If another element already exists with the same key, then the
+** new data replaces the old data and the old data is returned.
+** The key is not copied in this instance.  If a malloc fails, then
+** the new data is returned and the hash table is unchanged.
+**
+** If the "data" parameter to this function is NULL, then the
+** element corresponding to "key" is removed from the hash table.
+*/
+SQLITE_PRIVATE void *sqlite3HashInsert(Hash *pH, const char *pKey, void *data){
+  unsigned int h;       /* the hash of the key modulo hash table size */
+  HashElem *elem;       /* Used to loop thru the element list */
+  HashElem *new_elem;   /* New element added to the pH */
+
+  assert( pH!=0 );
+  assert( pKey!=0 );
+  elem = findElementWithHash(pH,pKey,&h);
+  if( elem ){
+    void *old_data = elem->data;
+    if( data==0 ){
+      removeElementGivenHash(pH,elem,h);
+    }else{
+      elem->data = data;
+      elem->pKey = pKey;
+    }
+    return old_data;
+  }
+  if( data==0 ) return 0;
+  new_elem = (HashElem*)sqlite3Malloc( sizeof(HashElem) );
+  if( new_elem==0 ) return data;
+  new_elem->pKey = pKey;
+  new_elem->data = data;
+  pH->count++;
+  if( pH->count>=10 && pH->count > 2*pH->htsize ){
+    if( rehash(pH, pH->count*2) ){
+      assert( pH->htsize>0 );
+      h = strHash(pKey) % pH->htsize;
+    }
+  }
+  insertElement(pH, pH->ht ? &pH->ht[h] : 0, new_elem);
+  return 0;
+}
+
+/************** End of hash.c ************************************************/
+/************** Begin file opcodes.c *****************************************/
+/* Automatically generated.  Do not edit */
+/* See the tool/mkopcodec.tcl script for details. */
+#if !defined(SQLITE_OMIT_EXPLAIN) \
+ || defined(VDBE_PROFILE) \
+ || defined(SQLITE_DEBUG)
+#if defined(SQLITE_ENABLE_EXPLAIN_COMMENTS) || defined(SQLITE_DEBUG)
+# define OpHelp(X) "\0" X
+#else
+# define OpHelp(X)
+#endif
+SQLITE_PRIVATE const char *sqlite3OpcodeName(int i){
+ static const char *const azName[] = { "?",
+    /*   1 */ "Savepoint"        OpHelp(""),
+    /*   2 */ "AutoCommit"       OpHelp(""),
+    /*   3 */ "Transaction"      OpHelp(""),
+    /*   4 */ "SorterNext"       OpHelp(""),
+    /*   5 */ "PrevIfOpen"       OpHelp(""),
+    /*   6 */ "NextIfOpen"       OpHelp(""),
+    /*   7 */ "Prev"             OpHelp(""),
+    /*   8 */ "Next"             OpHelp(""),
+    /*   9 */ "Checkpoint"       OpHelp(""),
+    /*  10 */ "JournalMode"      OpHelp(""),
+    /*  11 */ "Vacuum"           OpHelp(""),
+    /*  12 */ "VFilter"          OpHelp("iplan=r[P3] zplan='P4'"),
+    /*  13 */ "VUpdate"          OpHelp("data=r[P3@P2]"),
+    /*  14 */ "Goto"             OpHelp(""),
+    /*  15 */ "Gosub"            OpHelp(""),
+    /*  16 */ "Return"           OpHelp(""),
+    /*  17 */ "InitCoroutine"    OpHelp(""),
+    /*  18 */ "EndCoroutine"     OpHelp(""),
+    /*  19 */ "Not"              OpHelp("r[P2]= !r[P1]"),
+    /*  20 */ "Yield"            OpHelp(""),
+    /*  21 */ "HaltIfNull"       OpHelp("if r[P3]=null halt"),
+    /*  22 */ "Halt"             OpHelp(""),
+    /*  23 */ "Integer"          OpHelp("r[P2]=P1"),
+    /*  24 */ "Int64"            OpHelp("r[P2]=P4"),
+    /*  25 */ "String"           OpHelp("r[P2]='P4' (len=P1)"),
+    /*  26 */ "Null"             OpHelp("r[P2..P3]=NULL"),
+    /*  27 */ "SoftNull"         OpHelp("r[P1]=NULL"),
+    /*  28 */ "Blob"             OpHelp("r[P2]=P4 (len=P1)"),
+    /*  29 */ "Variable"         OpHelp("r[P2]=parameter(P1,P4)"),
+    /*  30 */ "Move"             OpHelp("r[P2@P3]=r[P1@P3]"),
+    /*  31 */ "Copy"             OpHelp("r[P2@P3+1]=r[P1@P3+1]"),
+    /*  32 */ "SCopy"            OpHelp("r[P2]=r[P1]"),
+    /*  33 */ "IntCopy"          OpHelp("r[P2]=r[P1]"),
+    /*  34 */ "ResultRow"        OpHelp("output=r[P1@P2]"),
+    /*  35 */ "CollSeq"          OpHelp(""),
+    /*  36 */ "Function0"        OpHelp("r[P3]=func(r[P2@P5])"),
+    /*  37 */ "Function"         OpHelp("r[P3]=func(r[P2@P5])"),
+    /*  38 */ "AddImm"           OpHelp("r[P1]=r[P1]+P2"),
+    /*  39 */ "MustBeInt"        OpHelp(""),
+    /*  40 */ "RealAffinity"     OpHelp(""),
+    /*  41 */ "Cast"             OpHelp("affinity(r[P1])"),
+    /*  42 */ "Permutation"      OpHelp(""),
+    /*  43 */ "Compare"          OpHelp("r[P1@P3] <-> r[P2@P3]"),
+    /*  44 */ "Jump"             OpHelp(""),
+    /*  45 */ "Once"             OpHelp(""),
+    /*  46 */ "If"               OpHelp(""),
+    /*  47 */ "IfNot"            OpHelp(""),
+    /*  48 */ "Column"           OpHelp("r[P3]=PX"),
+    /*  49 */ "Affinity"         OpHelp("affinity(r[P1@P2])"),
+    /*  50 */ "MakeRecord"       OpHelp("r[P3]=mkrec(r[P1@P2])"),
+    /*  51 */ "Count"            OpHelp("r[P2]=count()"),
+    /*  52 */ "ReadCookie"       OpHelp(""),
+    /*  53 */ "SetCookie"        OpHelp(""),
+    /*  54 */ "ReopenIdx"        OpHelp("root=P2 iDb=P3"),
+    /*  55 */ "OpenRead"         OpHelp("root=P2 iDb=P3"),
+    /*  56 */ "OpenWrite"        OpHelp("root=P2 iDb=P3"),
+    /*  57 */ "OpenAutoindex"    OpHelp("nColumn=P2"),
+    /*  58 */ "OpenEphemeral"    OpHelp("nColumn=P2"),
+    /*  59 */ "SorterOpen"       OpHelp(""),
+    /*  60 */ "SequenceTest"     OpHelp("if( cursor[P1].ctr++ ) pc = P2"),
+    /*  61 */ "OpenPseudo"       OpHelp("P3 columns in r[P2]"),
+    /*  62 */ "Close"            OpHelp(""),
+    /*  63 */ "ColumnsUsed"      OpHelp(""),
+    /*  64 */ "SeekLT"           OpHelp("key=r[P3@P4]"),
+    /*  65 */ "SeekLE"           OpHelp("key=r[P3@P4]"),
+    /*  66 */ "SeekGE"           OpHelp("key=r[P3@P4]"),
+    /*  67 */ "SeekGT"           OpHelp("key=r[P3@P4]"),
+    /*  68 */ "Seek"             OpHelp("intkey=r[P2]"),
+    /*  69 */ "NoConflict"       OpHelp("key=r[P3@P4]"),
+    /*  70 */ "NotFound"         OpHelp("key=r[P3@P4]"),
+    /*  71 */ "Or"               OpHelp("r[P3]=(r[P1] || r[P2])"),
+    /*  72 */ "And"              OpHelp("r[P3]=(r[P1] && r[P2])"),
+    /*  73 */ "Found"            OpHelp("key=r[P3@P4]"),
+    /*  74 */ "NotExists"        OpHelp("intkey=r[P3]"),
+    /*  75 */ "Sequence"         OpHelp("r[P2]=cursor[P1].ctr++"),
+    /*  76 */ "IsNull"           OpHelp("if r[P1]==NULL goto P2"),
+    /*  77 */ "NotNull"          OpHelp("if r[P1]!=NULL goto P2"),
+    /*  78 */ "Ne"               OpHelp("if r[P1]!=r[P3] goto P2"),
+    /*  79 */ "Eq"               OpHelp("if r[P1]==r[P3] goto P2"),
+    /*  80 */ "Gt"               OpHelp("if r[P1]>r[P3] goto P2"),
+    /*  81 */ "Le"               OpHelp("if r[P1]<=r[P3] goto P2"),
+    /*  82 */ "Lt"               OpHelp("if r[P1]<r[P3] goto P2"),
+    /*  83 */ "Ge"               OpHelp("if r[P1]>=r[P3] goto P2"),
+    /*  84 */ "NewRowid"         OpHelp("r[P2]=rowid"),
+    /*  85 */ "BitAnd"           OpHelp("r[P3]=r[P1]&r[P2]"),
+    /*  86 */ "BitOr"            OpHelp("r[P3]=r[P1]|r[P2]"),
+    /*  87 */ "ShiftLeft"        OpHelp("r[P3]=r[P2]<<r[P1]"),
+    /*  88 */ "ShiftRight"       OpHelp("r[P3]=r[P2]>>r[P1]"),
+    /*  89 */ "Add"              OpHelp("r[P3]=r[P1]+r[P2]"),
+    /*  90 */ "Subtract"         OpHelp("r[P3]=r[P2]-r[P1]"),
+    /*  91 */ "Multiply"         OpHelp("r[P3]=r[P1]*r[P2]"),
+    /*  92 */ "Divide"           OpHelp("r[P3]=r[P2]/r[P1]"),
+    /*  93 */ "Remainder"        OpHelp("r[P3]=r[P2]%r[P1]"),
+    /*  94 */ "Concat"           OpHelp("r[P3]=r[P2]+r[P1]"),
+    /*  95 */ "Insert"           OpHelp("intkey=r[P3] data=r[P2]"),
+    /*  96 */ "BitNot"           OpHelp("r[P1]= ~r[P1]"),
+    /*  97 */ "String8"          OpHelp("r[P2]='P4'"),
+    /*  98 */ "InsertInt"        OpHelp("intkey=P3 data=r[P2]"),
+    /*  99 */ "Delete"           OpHelp(""),
+    /* 100 */ "ResetCount"       OpHelp(""),
+    /* 101 */ "SorterCompare"    OpHelp("if key(P1)!=trim(r[P3],P4) goto P2"),
+    /* 102 */ "SorterData"       OpHelp("r[P2]=data"),
+    /* 103 */ "RowKey"           OpHelp("r[P2]=key"),
+    /* 104 */ "RowData"          OpHelp("r[P2]=data"),
+    /* 105 */ "Rowid"            OpHelp("r[P2]=rowid"),
+    /* 106 */ "NullRow"          OpHelp(""),
+    /* 107 */ "Last"             OpHelp(""),
+    /* 108 */ "SorterSort"       OpHelp(""),
+    /* 109 */ "Sort"             OpHelp(""),
+    /* 110 */ "Rewind"           OpHelp(""),
+    /* 111 */ "SorterInsert"     OpHelp(""),
+    /* 112 */ "IdxInsert"        OpHelp("key=r[P2]"),
+    /* 113 */ "IdxDelete"        OpHelp("key=r[P2@P3]"),
+    /* 114 */ "IdxRowid"         OpHelp("r[P2]=rowid"),
+    /* 115 */ "IdxLE"            OpHelp("key=r[P3@P4]"),
+    /* 116 */ "IdxGT"            OpHelp("key=r[P3@P4]"),
+    /* 117 */ "IdxLT"            OpHelp("key=r[P3@P4]"),
+    /* 118 */ "IdxGE"            OpHelp("key=r[P3@P4]"),
+    /* 119 */ "Destroy"          OpHelp(""),
+    /* 120 */ "Clear"            OpHelp(""),
+    /* 121 */ "ResetSorter"      OpHelp(""),
+    /* 122 */ "CreateIndex"      OpHelp("r[P2]=root iDb=P1"),
+    /* 123 */ "CreateTable"      OpHelp("r[P2]=root iDb=P1"),
+    /* 124 */ "ParseSchema"      OpHelp(""),
+    /* 125 */ "LoadAnalysis"     OpHelp(""),
+    /* 126 */ "DropTable"        OpHelp(""),
+    /* 127 */ "DropIndex"        OpHelp(""),
+    /* 128 */ "DropTrigger"      OpHelp(""),
+    /* 129 */ "IntegrityCk"      OpHelp(""),
+    /* 130 */ "RowSetAdd"        OpHelp("rowset(P1)=r[P2]"),
+    /* 131 */ "RowSetRead"       OpHelp("r[P3]=rowset(P1)"),
+    /* 132 */ "RowSetTest"       OpHelp("if r[P3] in rowset(P1) goto P2"),
+    /* 133 */ "Real"             OpHelp("r[P2]=P4"),
+    /* 134 */ "Program"          OpHelp(""),
+    /* 135 */ "Param"            OpHelp(""),
+    /* 136 */ "FkCounter"        OpHelp("fkctr[P1]+=P2"),
+    /* 137 */ "FkIfZero"         OpHelp("if fkctr[P1]==0 goto P2"),
+    /* 138 */ "MemMax"           OpHelp("r[P1]=max(r[P1],r[P2])"),
+    /* 139 */ "IfPos"            OpHelp("if r[P1]>0 then r[P1]-=P3, goto P2"),
+    /* 140 */ "SetIfNotPos"      OpHelp("if r[P1]<=0 then r[P2]=P3"),
+    /* 141 */ "IfNotZero"        OpHelp("if r[P1]!=0 then r[P1]-=P3, goto P2"),
+    /* 142 */ "DecrJumpZero"     OpHelp("if (--r[P1])==0 goto P2"),
+    /* 143 */ "JumpZeroIncr"     OpHelp("if (r[P1]++)==0 ) goto P2"),
+    /* 144 */ "AggStep0"         OpHelp("accum=r[P3] step(r[P2@P5])"),
+    /* 145 */ "AggStep"          OpHelp("accum=r[P3] step(r[P2@P5])"),
+    /* 146 */ "AggFinal"         OpHelp("accum=r[P1] N=P2"),
+    /* 147 */ "IncrVacuum"       OpHelp(""),
+    /* 148 */ "Expire"           OpHelp(""),
+    /* 149 */ "TableLock"        OpHelp("iDb=P1 root=P2 write=P3"),
+    /* 150 */ "VBegin"           OpHelp(""),
+    /* 151 */ "VCreate"          OpHelp(""),
+    /* 152 */ "VDestroy"         OpHelp(""),
+    /* 153 */ "VOpen"            OpHelp(""),
+    /* 154 */ "VColumn"          OpHelp("r[P3]=vcolumn(P2)"),
+    /* 155 */ "VNext"            OpHelp(""),
+    /* 156 */ "VRename"          OpHelp(""),
+    /* 157 */ "Pagecount"        OpHelp(""),
+    /* 158 */ "MaxPgcnt"         OpHelp(""),
+    /* 159 */ "Init"             OpHelp("Start at P2"),
+    /* 160 */ "CursorHint"       OpHelp(""),
+    /* 161 */ "Noop"             OpHelp(""),
+    /* 162 */ "Explain"          OpHelp(""),
+  };
+  return azName[i];
+}
+#endif
+
+/************** End of opcodes.c *********************************************/
+/************** Begin file os_unix.c *****************************************/
+/*
+** 2004 May 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains the VFS implementation for unix-like operating systems
+** include Linux, MacOSX, *BSD, QNX, VxWorks, AIX, HPUX, and others.
+**
+** There are actually several different VFS implementations in this file.
+** The differences are in the way that file locking is done.  The default
+** implementation uses Posix Advisory Locks.  Alternative implementations
+** use flock(), dot-files, various proprietary locking schemas, or simply
+** skip locking all together.
+**
+** This source file is organized into divisions where the logic for various
+** subfunctions is contained within the appropriate division.  PLEASE
+** KEEP THE STRUCTURE OF THIS FILE INTACT.  New code should be placed
+** in the correct division and should be clearly labeled.
+**
+** The layout of divisions is as follows:
+**
+**   *  General-purpose declarations and utility functions.
+**   *  Unique file ID logic used by VxWorks.
+**   *  Various locking primitive implementations (all except proxy locking):
+**      + for Posix Advisory Locks
+**      + for no-op locks
+**      + for dot-file locks
+**      + for flock() locking
+**      + for named semaphore locks (VxWorks only)
+**      + for AFP filesystem locks (MacOSX only)
+**   *  sqlite3_file methods not associated with locking.
+**   *  Definitions of sqlite3_io_methods objects for all locking
+**      methods plus "finder" functions for each locking method.
+**   *  sqlite3_vfs method implementations.
+**   *  Locking primitives for the proxy uber-locking-method. (MacOSX only)
+**   *  Definitions of sqlite3_vfs objects for all locking methods
+**      plus implementations of sqlite3_os_init() and sqlite3_os_end().
+*/
+/* #include "sqliteInt.h" */
+#if SQLITE_OS_UNIX              /* This file is used on unix only */
+
+/*
+** There are various methods for file locking used for concurrency
+** control:
+**
+**   1. POSIX locking (the default),
+**   2. No locking,
+**   3. Dot-file locking,
+**   4. flock() locking,
+**   5. AFP locking (OSX only),
+**   6. Named POSIX semaphores (VXWorks only),
+**   7. proxy locking. (OSX only)
+**
+** Styles 4, 5, and 7 are only available of SQLITE_ENABLE_LOCKING_STYLE
+** is defined to 1.  The SQLITE_ENABLE_LOCKING_STYLE also enables automatic
+** selection of the appropriate locking style based on the filesystem
+** where the database is located.  
+*/
+#if !defined(SQLITE_ENABLE_LOCKING_STYLE)
+#  if defined(__APPLE__)
+#    define SQLITE_ENABLE_LOCKING_STYLE 1
+#  else
+#    define SQLITE_ENABLE_LOCKING_STYLE 0
+#  endif
+#endif
+
+/*
+** standard include files.
+*/
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+/* #include <time.h> */
+#include <sys/time.h>
+#include <errno.h>
+#if !defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0
+# include <sys/mman.h>
+#endif
+
+#if SQLITE_ENABLE_LOCKING_STYLE
+# include <sys/ioctl.h>
+# include <sys/file.h>
+# include <sys/param.h>
+#endif /* SQLITE_ENABLE_LOCKING_STYLE */
+
+#if defined(__APPLE__) && ((__MAC_OS_X_VERSION_MIN_REQUIRED > 1050) || \
+                           (__IPHONE_OS_VERSION_MIN_REQUIRED > 2000))
+#  if (!defined(TARGET_OS_EMBEDDED) || (TARGET_OS_EMBEDDED==0)) \
+       && (!defined(TARGET_IPHONE_SIMULATOR) || (TARGET_IPHONE_SIMULATOR==0))
+#    define HAVE_GETHOSTUUID 1
+#  else
+#    warning "gethostuuid() is disabled."
+#  endif
+#endif
+
+
+#if OS_VXWORKS
+/* # include <sys/ioctl.h> */
+# include <semaphore.h>
+# include <limits.h>
+#endif /* OS_VXWORKS */
+
+#if defined(__APPLE__) || SQLITE_ENABLE_LOCKING_STYLE
+# include <sys/mount.h>
+#endif
+
+#ifdef HAVE_UTIME
+# include <utime.h>
+#endif
+
+/*
+** Allowed values of unixFile.fsFlags
+*/
+#define SQLITE_FSFLAGS_IS_MSDOS     0x1
+
+/*
+** If we are to be thread-safe, include the pthreads header and define
+** the SQLITE_UNIX_THREADS macro.
+*/
+#if SQLITE_THREADSAFE
+/* # include <pthread.h> */
+# define SQLITE_UNIX_THREADS 1
+#endif
+
+/*
+** Default permissions when creating a new file
+*/
+#ifndef SQLITE_DEFAULT_FILE_PERMISSIONS
+# define SQLITE_DEFAULT_FILE_PERMISSIONS 0644
+#endif
+
+/*
+** Default permissions when creating auto proxy dir
+*/
+#ifndef SQLITE_DEFAULT_PROXYDIR_PERMISSIONS
+# define SQLITE_DEFAULT_PROXYDIR_PERMISSIONS 0755
+#endif
+
+/*
+** Maximum supported path-length.
+*/
+#define MAX_PATHNAME 512
+
+/* Always cast the getpid() return type for compatibility with
+** kernel modules in VxWorks. */
+#define osGetpid(X) (pid_t)getpid()
+
+/*
+** Only set the lastErrno if the error code is a real error and not 
+** a normal expected return code of SQLITE_BUSY or SQLITE_OK
+*/
+#define IS_LOCK_ERROR(x)  ((x != SQLITE_OK) && (x != SQLITE_BUSY))
+
+/* Forward references */
+typedef struct unixShm unixShm;               /* Connection shared memory */
+typedef struct unixShmNode unixShmNode;       /* Shared memory instance */
+typedef struct unixInodeInfo unixInodeInfo;   /* An i-node */
+typedef struct UnixUnusedFd UnixUnusedFd;     /* An unused file descriptor */
+
+/*
+** Sometimes, after a file handle is closed by SQLite, the file descriptor
+** cannot be closed immediately. In these cases, instances of the following
+** structure are used to store the file descriptor while waiting for an
+** opportunity to either close or reuse it.
+*/
+struct UnixUnusedFd {
+  int fd;                   /* File descriptor to close */
+  int flags;                /* Flags this file descriptor was opened with */
+  UnixUnusedFd *pNext;      /* Next unused file descriptor on same file */
+};
+
+/*
+** The unixFile structure is subclass of sqlite3_file specific to the unix
+** VFS implementations.
+*/
+typedef struct unixFile unixFile;
+struct unixFile {
+  sqlite3_io_methods const *pMethod;  /* Always the first entry */
+  sqlite3_vfs *pVfs;                  /* The VFS that created this unixFile */
+  unixInodeInfo *pInode;              /* Info about locks on this inode */
+  int h;                              /* The file descriptor */
+  unsigned char eFileLock;            /* The type of lock held on this fd */
+  unsigned short int ctrlFlags;       /* Behavioral bits.  UNIXFILE_* flags */
+  int lastErrno;                      /* The unix errno from last I/O error */
+  void *lockingContext;               /* Locking style specific state */
+  UnixUnusedFd *pUnused;              /* Pre-allocated UnixUnusedFd */
+  const char *zPath;                  /* Name of the file */
+  unixShm *pShm;                      /* Shared memory segment information */
+  int szChunk;                        /* Configured by FCNTL_CHUNK_SIZE */
+#if SQLITE_MAX_MMAP_SIZE>0
+  int nFetchOut;                      /* Number of outstanding xFetch refs */
+  sqlite3_int64 mmapSize;             /* Usable size of mapping at pMapRegion */
+  sqlite3_int64 mmapSizeActual;       /* Actual size of mapping at pMapRegion */
+  sqlite3_int64 mmapSizeMax;          /* Configured FCNTL_MMAP_SIZE value */
+  void *pMapRegion;                   /* Memory mapped region */
+#endif
+#ifdef __QNXNTO__
+  int sectorSize;                     /* Device sector size */
+  int deviceCharacteristics;          /* Precomputed device characteristics */
+#endif
+#if SQLITE_ENABLE_LOCKING_STYLE
+  int openFlags;                      /* The flags specified at open() */
+#endif
+#if SQLITE_ENABLE_LOCKING_STYLE || defined(__APPLE__)
+  unsigned fsFlags;                   /* cached details from statfs() */
+#endif
+#if OS_VXWORKS
+  struct vxworksFileId *pId;          /* Unique file ID */
+#endif
+#ifdef SQLITE_DEBUG
+  /* The next group of variables are used to track whether or not the
+  ** transaction counter in bytes 24-27 of database files are updated
+  ** whenever any part of the database changes.  An assertion fault will
+  ** occur if a file is updated without also updating the transaction
+  ** counter.  This test is made to avoid new problems similar to the
+  ** one described by ticket #3584. 
+  */
+  unsigned char transCntrChng;   /* True if the transaction counter changed */
+  unsigned char dbUpdate;        /* True if any part of database file changed */
+  unsigned char inNormalWrite;   /* True if in a normal write operation */
+
+#endif
+
+#ifdef SQLITE_TEST
+  /* In test mode, increase the size of this structure a bit so that 
+  ** it is larger than the struct CrashFile defined in test6.c.
+  */
+  char aPadding[32];
+#endif
+};
+
+/* This variable holds the process id (pid) from when the xRandomness()
+** method was called.  If xOpen() is called from a different process id,
+** indicating that a fork() has occurred, the PRNG will be reset.
+*/
+static pid_t randomnessPid = 0;
+
+/*
+** Allowed values for the unixFile.ctrlFlags bitmask:
+*/
+#define UNIXFILE_EXCL        0x01     /* Connections from one process only */
+#define UNIXFILE_RDONLY      0x02     /* Connection is read only */
+#define UNIXFILE_PERSIST_WAL 0x04     /* Persistent WAL mode */
+#ifndef SQLITE_DISABLE_DIRSYNC
+# define UNIXFILE_DIRSYNC    0x08     /* Directory sync needed */
+#else
+# define UNIXFILE_DIRSYNC    0x00
+#endif
+#define UNIXFILE_PSOW        0x10     /* SQLITE_IOCAP_POWERSAFE_OVERWRITE */
+#define UNIXFILE_DELETE      0x20     /* Delete on close */
+#define UNIXFILE_URI         0x40     /* Filename might have query parameters */
+#define UNIXFILE_NOLOCK      0x80     /* Do no file locking */
+
+/*
+** Include code that is common to all os_*.c files
+*/
+/************** Include os_common.h in the middle of os_unix.c ***************/
+/************** Begin file os_common.h ***************************************/
+/*
+** 2004 May 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains macros and a little bit of code that is common to
+** all of the platform-specific files (os_*.c) and is #included into those
+** files.
+**
+** This file should be #included by the os_*.c files only.  It is not a
+** general purpose header file.
+*/
+#ifndef _OS_COMMON_H_
+#define _OS_COMMON_H_
+
+/*
+** At least two bugs have slipped in because we changed the MEMORY_DEBUG
+** macro to SQLITE_DEBUG and some older makefiles have not yet made the
+** switch.  The following code should catch this problem at compile-time.
+*/
+#ifdef MEMORY_DEBUG
+# error "The MEMORY_DEBUG macro is obsolete.  Use SQLITE_DEBUG instead."
+#endif
+
+/*
+** Macros for performance tracing.  Normally turned off.  Only works
+** on i486 hardware.
+*/
+#ifdef SQLITE_PERFORMANCE_TRACE
+
+/* 
+** hwtime.h contains inline assembler code for implementing 
+** high-performance timing routines.
+*/
+/************** Include hwtime.h in the middle of os_common.h ****************/
+/************** Begin file hwtime.h ******************************************/
+/*
+** 2008 May 27
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains inline asm code for retrieving "high-performance"
+** counters for x86 class CPUs.
+*/
+#ifndef _HWTIME_H_
+#define _HWTIME_H_
+
+/*
+** The following routine only works on pentium-class (or newer) processors.
+** It uses the RDTSC opcode to read the cycle count value out of the
+** processor and returns that value.  This can be used for high-res
+** profiling.
+*/
+#if (defined(__GNUC__) || defined(_MSC_VER)) && \
+      (defined(i386) || defined(__i386__) || defined(_M_IX86))
+
+  #if defined(__GNUC__)
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+     unsigned int lo, hi;
+     __asm__ __volatile__ ("rdtsc" : "=a" (lo), "=d" (hi));
+     return (sqlite_uint64)hi << 32 | lo;
+  }
+
+  #elif defined(_MSC_VER)
+
+  __declspec(naked) __inline sqlite_uint64 __cdecl sqlite3Hwtime(void){
+     __asm {
+        rdtsc
+        ret       ; return value at EDX:EAX
+     }
+  }
+
+  #endif
+
+#elif (defined(__GNUC__) && defined(__x86_64__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long val;
+      __asm__ __volatile__ ("rdtsc" : "=A" (val));
+      return val;
+  }
+ 
+#elif (defined(__GNUC__) && defined(__ppc__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long long retval;
+      unsigned long junk;
+      __asm__ __volatile__ ("\n\
+          1:      mftbu   %1\n\
+                  mftb    %L0\n\
+                  mftbu   %0\n\
+                  cmpw    %0,%1\n\
+                  bne     1b"
+                  : "=r" (retval), "=r" (junk));
+      return retval;
+  }
+
+#else
+
+  #error Need implementation of sqlite3Hwtime() for your platform.
+
+  /*
+  ** To compile without implementing sqlite3Hwtime() for your platform,
+  ** you can remove the above #error and use the following
+  ** stub function.  You will lose timing support for many
+  ** of the debugging and testing utilities, but it should at
+  ** least compile and run.
+  */
+SQLITE_PRIVATE   sqlite_uint64 sqlite3Hwtime(void){ return ((sqlite_uint64)0); }
+
+#endif
+
+#endif /* !defined(_HWTIME_H_) */
+
+/************** End of hwtime.h **********************************************/
+/************** Continuing where we left off in os_common.h ******************/
+
+static sqlite_uint64 g_start;
+static sqlite_uint64 g_elapsed;
+#define TIMER_START       g_start=sqlite3Hwtime()
+#define TIMER_END         g_elapsed=sqlite3Hwtime()-g_start
+#define TIMER_ELAPSED     g_elapsed
+#else
+#define TIMER_START
+#define TIMER_END
+#define TIMER_ELAPSED     ((sqlite_uint64)0)
+#endif
+
+/*
+** If we compile with the SQLITE_TEST macro set, then the following block
+** of code will give us the ability to simulate a disk I/O error.  This
+** is used for testing the I/O recovery logic.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_io_error_hit = 0;            /* Total number of I/O Errors */
+SQLITE_API int sqlite3_io_error_hardhit = 0;        /* Number of non-benign errors */
+SQLITE_API int sqlite3_io_error_pending = 0;        /* Count down to first I/O error */
+SQLITE_API int sqlite3_io_error_persist = 0;        /* True if I/O errors persist */
+SQLITE_API int sqlite3_io_error_benign = 0;         /* True if errors are benign */
+SQLITE_API int sqlite3_diskfull_pending = 0;
+SQLITE_API int sqlite3_diskfull = 0;
+#define SimulateIOErrorBenign(X) sqlite3_io_error_benign=(X)
+#define SimulateIOError(CODE)  \
+  if( (sqlite3_io_error_persist && sqlite3_io_error_hit) \
+       || sqlite3_io_error_pending-- == 1 )  \
+              { local_ioerr(); CODE; }
+static void local_ioerr(){
+  IOTRACE(("IOERR\n"));
+  sqlite3_io_error_hit++;
+  if( !sqlite3_io_error_benign ) sqlite3_io_error_hardhit++;
+}
+#define SimulateDiskfullError(CODE) \
+   if( sqlite3_diskfull_pending ){ \
+     if( sqlite3_diskfull_pending == 1 ){ \
+       local_ioerr(); \
+       sqlite3_diskfull = 1; \
+       sqlite3_io_error_hit = 1; \
+       CODE; \
+     }else{ \
+       sqlite3_diskfull_pending--; \
+     } \
+   }
+#else
+#define SimulateIOErrorBenign(X)
+#define SimulateIOError(A)
+#define SimulateDiskfullError(A)
+#endif
+
+/*
+** When testing, keep a count of the number of open files.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_open_file_count = 0;
+#define OpenCounter(X)  sqlite3_open_file_count+=(X)
+#else
+#define OpenCounter(X)
+#endif
+
+#endif /* !defined(_OS_COMMON_H_) */
+
+/************** End of os_common.h *******************************************/
+/************** Continuing where we left off in os_unix.c ********************/
+
+/*
+** Define various macros that are missing from some systems.
+*/
+#ifndef O_LARGEFILE
+# define O_LARGEFILE 0
+#endif
+#ifdef SQLITE_DISABLE_LFS
+# undef O_LARGEFILE
+# define O_LARGEFILE 0
+#endif
+#ifndef O_NOFOLLOW
+# define O_NOFOLLOW 0
+#endif
+#ifndef O_BINARY
+# define O_BINARY 0
+#endif
+
+/*
+** The threadid macro resolves to the thread-id or to 0.  Used for
+** testing and debugging only.
+*/
+#if SQLITE_THREADSAFE
+#define threadid pthread_self()
+#else
+#define threadid 0
+#endif
+
+/*
+** HAVE_MREMAP defaults to true on Linux and false everywhere else.
+*/
+#if !defined(HAVE_MREMAP)
+# if defined(__linux__) && defined(_GNU_SOURCE)
+#  define HAVE_MREMAP 1
+# else
+#  define HAVE_MREMAP 0
+# endif
+#endif
+
+/*
+** Explicitly call the 64-bit version of lseek() on Android. Otherwise, lseek()
+** is the 32-bit version, even if _FILE_OFFSET_BITS=64 is defined.
+*/
+#ifdef __ANDROID__
+# define lseek lseek64
+#endif
+
+/*
+** Different Unix systems declare open() in different ways.  Same use
+** open(const char*,int,mode_t).  Others use open(const char*,int,...).
+** The difference is important when using a pointer to the function.
+**
+** The safest way to deal with the problem is to always use this wrapper
+** which always has the same well-defined interface.
+*/
+static int posixOpen(const char *zFile, int flags, int mode){
+  return open(zFile, flags, mode);
+}
+
+/* Forward reference */
+static int openDirectory(const char*, int*);
+static int unixGetpagesize(void);
+
+/*
+** Many system calls are accessed through pointer-to-functions so that
+** they may be overridden at runtime to facilitate fault injection during
+** testing and sandboxing.  The following array holds the names and pointers
+** to all overrideable system calls.
+*/
+static struct unix_syscall {
+  const char *zName;            /* Name of the system call */
+  sqlite3_syscall_ptr pCurrent; /* Current value of the system call */
+  sqlite3_syscall_ptr pDefault; /* Default value */
+} aSyscall[] = {
+  { "open",         (sqlite3_syscall_ptr)posixOpen,  0  },
+#define osOpen      ((int(*)(const char*,int,int))aSyscall[0].pCurrent)
+
+  { "close",        (sqlite3_syscall_ptr)close,      0  },
+#define osClose     ((int(*)(int))aSyscall[1].pCurrent)
+
+  { "access",       (sqlite3_syscall_ptr)access,     0  },
+#define osAccess    ((int(*)(const char*,int))aSyscall[2].pCurrent)
+
+  { "getcwd",       (sqlite3_syscall_ptr)getcwd,     0  },
+#define osGetcwd    ((char*(*)(char*,size_t))aSyscall[3].pCurrent)
+
+  { "stat",         (sqlite3_syscall_ptr)stat,       0  },
+#define osStat      ((int(*)(const char*,struct stat*))aSyscall[4].pCurrent)
+
+/*
+** The DJGPP compiler environment looks mostly like Unix, but it
+** lacks the fcntl() system call.  So redefine fcntl() to be something
+** that always succeeds.  This means that locking does not occur under
+** DJGPP.  But it is DOS - what did you expect?
+*/
+#ifdef __DJGPP__
+  { "fstat",        0,                 0  },
+#define osFstat(a,b,c)    0
+#else     
+  { "fstat",        (sqlite3_syscall_ptr)fstat,      0  },
+#define osFstat     ((int(*)(int,struct stat*))aSyscall[5].pCurrent)
+#endif
+
+  { "ftruncate",    (sqlite3_syscall_ptr)ftruncate,  0  },
+#define osFtruncate ((int(*)(int,off_t))aSyscall[6].pCurrent)
+
+  { "fcntl",        (sqlite3_syscall_ptr)fcntl,      0  },
+#define osFcntl     ((int(*)(int,int,...))aSyscall[7].pCurrent)
+
+  { "read",         (sqlite3_syscall_ptr)read,       0  },
+#define osRead      ((ssize_t(*)(int,void*,size_t))aSyscall[8].pCurrent)
+
+#if defined(USE_PREAD) || SQLITE_ENABLE_LOCKING_STYLE
+  { "pread",        (sqlite3_syscall_ptr)pread,      0  },
+#else
+  { "pread",        (sqlite3_syscall_ptr)0,          0  },
+#endif
+#define osPread     ((ssize_t(*)(int,void*,size_t,off_t))aSyscall[9].pCurrent)
+
+#if defined(USE_PREAD64)
+  { "pread64",      (sqlite3_syscall_ptr)pread64,    0  },
+#else
+  { "pread64",      (sqlite3_syscall_ptr)0,          0  },
+#endif
+#define osPread64   ((ssize_t(*)(int,void*,size_t,off_t))aSyscall[10].pCurrent)
+
+  { "write",        (sqlite3_syscall_ptr)write,      0  },
+#define osWrite     ((ssize_t(*)(int,const void*,size_t))aSyscall[11].pCurrent)
+
+#if defined(USE_PREAD) || SQLITE_ENABLE_LOCKING_STYLE
+  { "pwrite",       (sqlite3_syscall_ptr)pwrite,     0  },
+#else
+  { "pwrite",       (sqlite3_syscall_ptr)0,          0  },
+#endif
+#define osPwrite    ((ssize_t(*)(int,const void*,size_t,off_t))\
+                    aSyscall[12].pCurrent)
+
+#if defined(USE_PREAD64)
+  { "pwrite64",     (sqlite3_syscall_ptr)pwrite64,   0  },
+#else
+  { "pwrite64",     (sqlite3_syscall_ptr)0,          0  },
+#endif
+#define osPwrite64  ((ssize_t(*)(int,const void*,size_t,off_t))\
+                    aSyscall[13].pCurrent)
+
+  { "fchmod",       (sqlite3_syscall_ptr)fchmod,          0  },
+#define osFchmod    ((int(*)(int,mode_t))aSyscall[14].pCurrent)
+
+#if defined(HAVE_POSIX_FALLOCATE) && HAVE_POSIX_FALLOCATE
+  { "fallocate",    (sqlite3_syscall_ptr)posix_fallocate,  0 },
+#else
+  { "fallocate",    (sqlite3_syscall_ptr)0,                0 },
+#endif
+#define osFallocate ((int(*)(int,off_t,off_t))aSyscall[15].pCurrent)
+
+  { "unlink",       (sqlite3_syscall_ptr)unlink,           0 },
+#define osUnlink    ((int(*)(const char*))aSyscall[16].pCurrent)
+
+  { "openDirectory",    (sqlite3_syscall_ptr)openDirectory,      0 },
+#define osOpenDirectory ((int(*)(const char*,int*))aSyscall[17].pCurrent)
+
+  { "mkdir",        (sqlite3_syscall_ptr)mkdir,           0 },
+#define osMkdir     ((int(*)(const char*,mode_t))aSyscall[18].pCurrent)
+
+  { "rmdir",        (sqlite3_syscall_ptr)rmdir,           0 },
+#define osRmdir     ((int(*)(const char*))aSyscall[19].pCurrent)
+
+  { "fchown",       (sqlite3_syscall_ptr)fchown,          0 },
+#define osFchown    ((int(*)(int,uid_t,gid_t))aSyscall[20].pCurrent)
+
+  { "geteuid",      (sqlite3_syscall_ptr)geteuid,         0 },
+#define osGeteuid   ((uid_t(*)(void))aSyscall[21].pCurrent)
+
+#if !defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0
+  { "mmap",       (sqlite3_syscall_ptr)mmap,     0 },
+#define osMmap ((void*(*)(void*,size_t,int,int,int,off_t))aSyscall[22].pCurrent)
+
+  { "munmap",       (sqlite3_syscall_ptr)munmap,          0 },
+#define osMunmap ((void*(*)(void*,size_t))aSyscall[23].pCurrent)
+
+#if HAVE_MREMAP
+  { "mremap",       (sqlite3_syscall_ptr)mremap,          0 },
+#else
+  { "mremap",       (sqlite3_syscall_ptr)0,               0 },
+#endif
+#define osMremap ((void*(*)(void*,size_t,size_t,int,...))aSyscall[24].pCurrent)
+
+  { "getpagesize",  (sqlite3_syscall_ptr)unixGetpagesize, 0 },
+#define osGetpagesize ((int(*)(void))aSyscall[25].pCurrent)
+
+  { "readlink",     (sqlite3_syscall_ptr)readlink,        0 },
+#define osReadlink ((ssize_t(*)(const char*,char*,size_t))aSyscall[26].pCurrent)
+
+#endif
+
+}; /* End of the overrideable system calls */
+
+
+/*
+** On some systems, calls to fchown() will trigger a message in a security
+** log if they come from non-root processes.  So avoid calling fchown() if
+** we are not running as root.
+*/
+static int robustFchown(int fd, uid_t uid, gid_t gid){
+#if OS_VXWORKS
+  return 0;
+#else
+  return osGeteuid() ? 0 : osFchown(fd,uid,gid);
+#endif
+}
+
+/*
+** This is the xSetSystemCall() method of sqlite3_vfs for all of the
+** "unix" VFSes.  Return SQLITE_OK opon successfully updating the
+** system call pointer, or SQLITE_NOTFOUND if there is no configurable
+** system call named zName.
+*/
+static int unixSetSystemCall(
+  sqlite3_vfs *pNotUsed,        /* The VFS pointer.  Not used */
+  const char *zName,            /* Name of system call to override */
+  sqlite3_syscall_ptr pNewFunc  /* Pointer to new system call value */
+){
+  unsigned int i;
+  int rc = SQLITE_NOTFOUND;
+
+  UNUSED_PARAMETER(pNotUsed);
+  if( zName==0 ){
+    /* If no zName is given, restore all system calls to their default
+    ** settings and return NULL
+    */
+    rc = SQLITE_OK;
+    for(i=0; i<sizeof(aSyscall)/sizeof(aSyscall[0]); i++){
+      if( aSyscall[i].pDefault ){
+        aSyscall[i].pCurrent = aSyscall[i].pDefault;
+      }
+    }
+  }else{
+    /* If zName is specified, operate on only the one system call
+    ** specified.
+    */
+    for(i=0; i<sizeof(aSyscall)/sizeof(aSyscall[0]); i++){
+      if( strcmp(zName, aSyscall[i].zName)==0 ){
+        if( aSyscall[i].pDefault==0 ){
+          aSyscall[i].pDefault = aSyscall[i].pCurrent;
+        }
+        rc = SQLITE_OK;
+        if( pNewFunc==0 ) pNewFunc = aSyscall[i].pDefault;
+        aSyscall[i].pCurrent = pNewFunc;
+        break;
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Return the value of a system call.  Return NULL if zName is not a
+** recognized system call name.  NULL is also returned if the system call
+** is currently undefined.
+*/
+static sqlite3_syscall_ptr unixGetSystemCall(
+  sqlite3_vfs *pNotUsed,
+  const char *zName
+){
+  unsigned int i;
+
+  UNUSED_PARAMETER(pNotUsed);
+  for(i=0; i<sizeof(aSyscall)/sizeof(aSyscall[0]); i++){
+    if( strcmp(zName, aSyscall[i].zName)==0 ) return aSyscall[i].pCurrent;
+  }
+  return 0;
+}
+
+/*
+** Return the name of the first system call after zName.  If zName==NULL
+** then return the name of the first system call.  Return NULL if zName
+** is the last system call or if zName is not the name of a valid
+** system call.
+*/
+static const char *unixNextSystemCall(sqlite3_vfs *p, const char *zName){
+  int i = -1;
+
+  UNUSED_PARAMETER(p);
+  if( zName ){
+    for(i=0; i<ArraySize(aSyscall)-1; i++){
+      if( strcmp(zName, aSyscall[i].zName)==0 ) break;
+    }
+  }
+  for(i++; i<ArraySize(aSyscall); i++){
+    if( aSyscall[i].pCurrent!=0 ) return aSyscall[i].zName;
+  }
+  return 0;
+}
+
+/*
+** Do not accept any file descriptor less than this value, in order to avoid
+** opening database file using file descriptors that are commonly used for 
+** standard input, output, and error.
+*/
+#ifndef SQLITE_MINIMUM_FILE_DESCRIPTOR
+# define SQLITE_MINIMUM_FILE_DESCRIPTOR 3
+#endif
+
+/*
+** Invoke open().  Do so multiple times, until it either succeeds or
+** fails for some reason other than EINTR.
+**
+** If the file creation mode "m" is 0 then set it to the default for
+** SQLite.  The default is SQLITE_DEFAULT_FILE_PERMISSIONS (normally
+** 0644) as modified by the system umask.  If m is not 0, then
+** make the file creation mode be exactly m ignoring the umask.
+**
+** The m parameter will be non-zero only when creating -wal, -journal,
+** and -shm files.  We want those files to have *exactly* the same
+** permissions as their original database, unadulterated by the umask.
+** In that way, if a database file is -rw-rw-rw or -rw-rw-r-, and a
+** transaction crashes and leaves behind hot journals, then any
+** process that is able to write to the database will also be able to
+** recover the hot journals.
+*/
+static int robust_open(const char *z, int f, mode_t m){
+  int fd;
+  mode_t m2 = m ? m : SQLITE_DEFAULT_FILE_PERMISSIONS;
+  while(1){
+#if defined(O_CLOEXEC)
+    fd = osOpen(z,f|O_CLOEXEC,m2);
+#else
+    fd = osOpen(z,f,m2);
+#endif
+    if( fd<0 ){
+      if( errno==EINTR ) continue;
+      break;
+    }
+    if( fd>=SQLITE_MINIMUM_FILE_DESCRIPTOR ) break;
+    osClose(fd);
+    sqlite3_log(SQLITE_WARNING, 
+                "attempt to open \"%s\" as file descriptor %d", z, fd);
+    fd = -1;
+    if( osOpen("/dev/null", f, m)<0 ) break;
+  }
+  if( fd>=0 ){
+    if( m!=0 ){
+      struct stat statbuf;
+      if( osFstat(fd, &statbuf)==0 
+       && statbuf.st_size==0
+       && (statbuf.st_mode&0777)!=m 
+      ){
+        osFchmod(fd, m);
+      }
+    }
+#if defined(FD_CLOEXEC) && (!defined(O_CLOEXEC) || O_CLOEXEC==0)
+    osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC);
+#endif
+  }
+  return fd;
+}
+
+/*
+** Helper functions to obtain and relinquish the global mutex. The
+** global mutex is used to protect the unixInodeInfo and
+** vxworksFileId objects used by this file, all of which may be 
+** shared by multiple threads.
+**
+** Function unixMutexHeld() is used to assert() that the global mutex 
+** is held when required. This function is only used as part of assert() 
+** statements. e.g.
+**
+**   unixEnterMutex()
+**     assert( unixMutexHeld() );
+**   unixEnterLeave()
+*/
+static void unixEnterMutex(void){
+  sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_VFS1));
+}
+static void unixLeaveMutex(void){
+  sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_VFS1));
+}
+#ifdef SQLITE_DEBUG
+static int unixMutexHeld(void) {
+  return sqlite3_mutex_held(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_VFS1));
+}
+#endif
+
+
+#ifdef SQLITE_HAVE_OS_TRACE
+/*
+** Helper function for printing out trace information from debugging
+** binaries. This returns the string representation of the supplied
+** integer lock-type.
+*/
+static const char *azFileLock(int eFileLock){
+  switch( eFileLock ){
+    case NO_LOCK: return "NONE";
+    case SHARED_LOCK: return "SHARED";
+    case RESERVED_LOCK: return "RESERVED";
+    case PENDING_LOCK: return "PENDING";
+    case EXCLUSIVE_LOCK: return "EXCLUSIVE";
+  }
+  return "ERROR";
+}
+#endif
+
+#ifdef SQLITE_LOCK_TRACE
+/*
+** Print out information about all locking operations.
+**
+** This routine is used for troubleshooting locks on multithreaded
+** platforms.  Enable by compiling with the -DSQLITE_LOCK_TRACE
+** command-line option on the compiler.  This code is normally
+** turned off.
+*/
+static int lockTrace(int fd, int op, struct flock *p){
+  char *zOpName, *zType;
+  int s;
+  int savedErrno;
+  if( op==F_GETLK ){
+    zOpName = "GETLK";
+  }else if( op==F_SETLK ){
+    zOpName = "SETLK";
+  }else{
+    s = osFcntl(fd, op, p);
+    sqlite3DebugPrintf("fcntl unknown %d %d %d\n", fd, op, s);
+    return s;
+  }
+  if( p->l_type==F_RDLCK ){
+    zType = "RDLCK";
+  }else if( p->l_type==F_WRLCK ){
+    zType = "WRLCK";
+  }else if( p->l_type==F_UNLCK ){
+    zType = "UNLCK";
+  }else{
+    assert( 0 );
+  }
+  assert( p->l_whence==SEEK_SET );
+  s = osFcntl(fd, op, p);
+  savedErrno = errno;
+  sqlite3DebugPrintf("fcntl %d %d %s %s %d %d %d %d\n",
+     threadid, fd, zOpName, zType, (int)p->l_start, (int)p->l_len,
+     (int)p->l_pid, s);
+  if( s==(-1) && op==F_SETLK && (p->l_type==F_RDLCK || p->l_type==F_WRLCK) ){
+    struct flock l2;
+    l2 = *p;
+    osFcntl(fd, F_GETLK, &l2);
+    if( l2.l_type==F_RDLCK ){
+      zType = "RDLCK";
+    }else if( l2.l_type==F_WRLCK ){
+      zType = "WRLCK";
+    }else if( l2.l_type==F_UNLCK ){
+      zType = "UNLCK";
+    }else{
+      assert( 0 );
+    }
+    sqlite3DebugPrintf("fcntl-failure-reason: %s %d %d %d\n",
+       zType, (int)l2.l_start, (int)l2.l_len, (int)l2.l_pid);
+  }
+  errno = savedErrno;
+  return s;
+}
+#undef osFcntl
+#define osFcntl lockTrace
+#endif /* SQLITE_LOCK_TRACE */
+
+/*
+** Retry ftruncate() calls that fail due to EINTR
+**
+** All calls to ftruncate() within this file should be made through
+** this wrapper.  On the Android platform, bypassing the logic below
+** could lead to a corrupt database.
+*/
+static int robust_ftruncate(int h, sqlite3_int64 sz){
+  int rc;
+#ifdef __ANDROID__
+  /* On Android, ftruncate() always uses 32-bit offsets, even if 
+  ** _FILE_OFFSET_BITS=64 is defined. This means it is unsafe to attempt to
+  ** truncate a file to any size larger than 2GiB. Silently ignore any
+  ** such attempts.  */
+  if( sz>(sqlite3_int64)0x7FFFFFFF ){
+    rc = SQLITE_OK;
+  }else
+#endif
+  do{ rc = osFtruncate(h,sz); }while( rc<0 && errno==EINTR );
+  return rc;
+}
+
+/*
+** This routine translates a standard POSIX errno code into something
+** useful to the clients of the sqlite3 functions.  Specifically, it is
+** intended to translate a variety of "try again" errors into SQLITE_BUSY
+** and a variety of "please close the file descriptor NOW" errors into 
+** SQLITE_IOERR
+** 
+** Errors during initialization of locks, or file system support for locks,
+** should handle ENOLCK, ENOTSUP, EOPNOTSUPP separately.
+*/
+static int sqliteErrorFromPosixError(int posixError, int sqliteIOErr) {
+  assert( (sqliteIOErr == SQLITE_IOERR_LOCK) || 
+          (sqliteIOErr == SQLITE_IOERR_UNLOCK) || 
+          (sqliteIOErr == SQLITE_IOERR_RDLOCK) ||
+          (sqliteIOErr == SQLITE_IOERR_CHECKRESERVEDLOCK) );
+  switch (posixError) {
+  case EACCES: 
+  case EAGAIN:
+  case ETIMEDOUT:
+  case EBUSY:
+  case EINTR:
+  case ENOLCK:  
+    /* random NFS retry error, unless during file system support 
+     * introspection, in which it actually means what it says */
+    return SQLITE_BUSY;
+    
+  case EPERM: 
+    return SQLITE_PERM;
+    
+  default: 
+    return sqliteIOErr;
+  }
+}
+
+
+/******************************************************************************
+****************** Begin Unique File ID Utility Used By VxWorks ***************
+**
+** On most versions of unix, we can get a unique ID for a file by concatenating
+** the device number and the inode number.  But this does not work on VxWorks.
+** On VxWorks, a unique file id must be based on the canonical filename.
+**
+** A pointer to an instance of the following structure can be used as a
+** unique file ID in VxWorks.  Each instance of this structure contains
+** a copy of the canonical filename.  There is also a reference count.  
+** The structure is reclaimed when the number of pointers to it drops to
+** zero.
+**
+** There are never very many files open at one time and lookups are not
+** a performance-critical path, so it is sufficient to put these
+** structures on a linked list.
+*/
+struct vxworksFileId {
+  struct vxworksFileId *pNext;  /* Next in a list of them all */
+  int nRef;                     /* Number of references to this one */
+  int nName;                    /* Length of the zCanonicalName[] string */
+  char *zCanonicalName;         /* Canonical filename */
+};
+
+#if OS_VXWORKS
+/* 
+** All unique filenames are held on a linked list headed by this
+** variable:
+*/
+static struct vxworksFileId *vxworksFileList = 0;
+
+/*
+** Simplify a filename into its canonical form
+** by making the following changes:
+**
+**  * removing any trailing and duplicate /
+**  * convert /./ into just /
+**  * convert /A/../ where A is any simple name into just /
+**
+** Changes are made in-place.  Return the new name length.
+**
+** The original filename is in z[0..n-1].  Return the number of
+** characters in the simplified name.
+*/
+static int vxworksSimplifyName(char *z, int n){
+  int i, j;
+  while( n>1 && z[n-1]=='/' ){ n--; }
+  for(i=j=0; i<n; i++){
+    if( z[i]=='/' ){
+      if( z[i+1]=='/' ) continue;
+      if( z[i+1]=='.' && i+2<n && z[i+2]=='/' ){
+        i += 1;
+        continue;
+      }
+      if( z[i+1]=='.' && i+3<n && z[i+2]=='.' && z[i+3]=='/' ){
+        while( j>0 && z[j-1]!='/' ){ j--; }
+        if( j>0 ){ j--; }
+        i += 2;
+        continue;
+      }
+    }
+    z[j++] = z[i];
+  }
+  z[j] = 0;
+  return j;
+}
+
+/*
+** Find a unique file ID for the given absolute pathname.  Return
+** a pointer to the vxworksFileId object.  This pointer is the unique
+** file ID.
+**
+** The nRef field of the vxworksFileId object is incremented before
+** the object is returned.  A new vxworksFileId object is created
+** and added to the global list if necessary.
+**
+** If a memory allocation error occurs, return NULL.
+*/
+static struct vxworksFileId *vxworksFindFileId(const char *zAbsoluteName){
+  struct vxworksFileId *pNew;         /* search key and new file ID */
+  struct vxworksFileId *pCandidate;   /* For looping over existing file IDs */
+  int n;                              /* Length of zAbsoluteName string */
+
+  assert( zAbsoluteName[0]=='/' );
+  n = (int)strlen(zAbsoluteName);
+  pNew = sqlite3_malloc64( sizeof(*pNew) + (n+1) );
+  if( pNew==0 ) return 0;
+  pNew->zCanonicalName = (char*)&pNew[1];
+  memcpy(pNew->zCanonicalName, zAbsoluteName, n+1);
+  n = vxworksSimplifyName(pNew->zCanonicalName, n);
+
+  /* Search for an existing entry that matching the canonical name.
+  ** If found, increment the reference count and return a pointer to
+  ** the existing file ID.
+  */
+  unixEnterMutex();
+  for(pCandidate=vxworksFileList; pCandidate; pCandidate=pCandidate->pNext){
+    if( pCandidate->nName==n 
+     && memcmp(pCandidate->zCanonicalName, pNew->zCanonicalName, n)==0
+    ){
+       sqlite3_free(pNew);
+       pCandidate->nRef++;
+       unixLeaveMutex();
+       return pCandidate;
+    }
+  }
+
+  /* No match was found.  We will make a new file ID */
+  pNew->nRef = 1;
+  pNew->nName = n;
+  pNew->pNext = vxworksFileList;
+  vxworksFileList = pNew;
+  unixLeaveMutex();
+  return pNew;
+}
+
+/*
+** Decrement the reference count on a vxworksFileId object.  Free
+** the object when the reference count reaches zero.
+*/
+static void vxworksReleaseFileId(struct vxworksFileId *pId){
+  unixEnterMutex();
+  assert( pId->nRef>0 );
+  pId->nRef--;
+  if( pId->nRef==0 ){
+    struct vxworksFileId **pp;
+    for(pp=&vxworksFileList; *pp && *pp!=pId; pp = &((*pp)->pNext)){}
+    assert( *pp==pId );
+    *pp = pId->pNext;
+    sqlite3_free(pId);
+  }
+  unixLeaveMutex();
+}
+#endif /* OS_VXWORKS */
+/*************** End of Unique File ID Utility Used By VxWorks ****************
+******************************************************************************/
+
+
+/******************************************************************************
+*************************** Posix Advisory Locking ****************************
+**
+** POSIX advisory locks are broken by design.  ANSI STD 1003.1 (1996)
+** section 6.5.2.2 lines 483 through 490 specify that when a process
+** sets or clears a lock, that operation overrides any prior locks set
+** by the same process.  It does not explicitly say so, but this implies
+** that it overrides locks set by the same process using a different
+** file descriptor.  Consider this test case:
+**
+**       int fd1 = open("./file1", O_RDWR|O_CREAT, 0644);
+**       int fd2 = open("./file2", O_RDWR|O_CREAT, 0644);
+**
+** Suppose ./file1 and ./file2 are really the same file (because
+** one is a hard or symbolic link to the other) then if you set
+** an exclusive lock on fd1, then try to get an exclusive lock
+** on fd2, it works.  I would have expected the second lock to
+** fail since there was already a lock on the file due to fd1.
+** But not so.  Since both locks came from the same process, the
+** second overrides the first, even though they were on different
+** file descriptors opened on different file names.
+**
+** This means that we cannot use POSIX locks to synchronize file access
+** among competing threads of the same process.  POSIX locks will work fine
+** to synchronize access for threads in separate processes, but not
+** threads within the same process.
+**
+** To work around the problem, SQLite has to manage file locks internally
+** on its own.  Whenever a new database is opened, we have to find the
+** specific inode of the database file (the inode is determined by the
+** st_dev and st_ino fields of the stat structure that fstat() fills in)
+** and check for locks already existing on that inode.  When locks are
+** created or removed, we have to look at our own internal record of the
+** locks to see if another thread has previously set a lock on that same
+** inode.
+**
+** (Aside: The use of inode numbers as unique IDs does not work on VxWorks.
+** For VxWorks, we have to use the alternative unique ID system based on
+** canonical filename and implemented in the previous division.)
+**
+** The sqlite3_file structure for POSIX is no longer just an integer file
+** descriptor.  It is now a structure that holds the integer file
+** descriptor and a pointer to a structure that describes the internal
+** locks on the corresponding inode.  There is one locking structure
+** per inode, so if the same inode is opened twice, both unixFile structures
+** point to the same locking structure.  The locking structure keeps
+** a reference count (so we will know when to delete it) and a "cnt"
+** field that tells us its internal lock status.  cnt==0 means the
+** file is unlocked.  cnt==-1 means the file has an exclusive lock.
+** cnt>0 means there are cnt shared locks on the file.
+**
+** Any attempt to lock or unlock a file first checks the locking
+** structure.  The fcntl() system call is only invoked to set a 
+** POSIX lock if the internal lock structure transitions between
+** a locked and an unlocked state.
+**
+** But wait:  there are yet more problems with POSIX advisory locks.
+**
+** If you close a file descriptor that points to a file that has locks,
+** all locks on that file that are owned by the current process are
+** released.  To work around this problem, each unixInodeInfo object
+** maintains a count of the number of pending locks on tha inode.
+** When an attempt is made to close an unixFile, if there are
+** other unixFile open on the same inode that are holding locks, the call
+** to close() the file descriptor is deferred until all of the locks clear.
+** The unixInodeInfo structure keeps a list of file descriptors that need to
+** be closed and that list is walked (and cleared) when the last lock
+** clears.
+**
+** Yet another problem:  LinuxThreads do not play well with posix locks.
+**
+** Many older versions of linux use the LinuxThreads library which is
+** not posix compliant.  Under LinuxThreads, a lock created by thread
+** A cannot be modified or overridden by a different thread B.
+** Only thread A can modify the lock.  Locking behavior is correct
+** if the appliation uses the newer Native Posix Thread Library (NPTL)
+** on linux - with NPTL a lock created by thread A can override locks
+** in thread B.  But there is no way to know at compile-time which
+** threading library is being used.  So there is no way to know at
+** compile-time whether or not thread A can override locks on thread B.
+** One has to do a run-time check to discover the behavior of the
+** current process.
+**
+** SQLite used to support LinuxThreads.  But support for LinuxThreads
+** was dropped beginning with version 3.7.0.  SQLite will still work with
+** LinuxThreads provided that (1) there is no more than one connection 
+** per database file in the same process and (2) database connections
+** do not move across threads.
+*/
+
+/*
+** An instance of the following structure serves as the key used
+** to locate a particular unixInodeInfo object.
+*/
+struct unixFileId {
+  dev_t dev;                  /* Device number */
+#if OS_VXWORKS
+  struct vxworksFileId *pId;  /* Unique file ID for vxworks. */
+#else
+  ino_t ino;                  /* Inode number */
+#endif
+};
+
+/*
+** An instance of the following structure is allocated for each open
+** inode.  Or, on LinuxThreads, there is one of these structures for
+** each inode opened by each thread.
+**
+** A single inode can have multiple file descriptors, so each unixFile
+** structure contains a pointer to an instance of this object and this
+** object keeps a count of the number of unixFile pointing to it.
+*/
+struct unixInodeInfo {
+  struct unixFileId fileId;       /* The lookup key */
+  int nShared;                    /* Number of SHARED locks held */
+  unsigned char eFileLock;        /* One of SHARED_LOCK, RESERVED_LOCK etc. */
+  unsigned char bProcessLock;     /* An exclusive process lock is held */
+  int nRef;                       /* Number of pointers to this structure */
+  unixShmNode *pShmNode;          /* Shared memory associated with this inode */
+  int nLock;                      /* Number of outstanding file locks */
+  UnixUnusedFd *pUnused;          /* Unused file descriptors to close */
+  unixInodeInfo *pNext;           /* List of all unixInodeInfo objects */
+  unixInodeInfo *pPrev;           /*    .... doubly linked */
+#if SQLITE_ENABLE_LOCKING_STYLE
+  unsigned long long sharedByte;  /* for AFP simulated shared lock */
+#endif
+#if OS_VXWORKS
+  sem_t *pSem;                    /* Named POSIX semaphore */
+  char aSemName[MAX_PATHNAME+2];  /* Name of that semaphore */
+#endif
+};
+
+/*
+** A lists of all unixInodeInfo objects.
+*/
+static unixInodeInfo *inodeList = 0;
+
+/*
+**
+** This function - unixLogErrorAtLine(), is only ever called via the macro
+** unixLogError().
+**
+** It is invoked after an error occurs in an OS function and errno has been
+** set. It logs a message using sqlite3_log() containing the current value of
+** errno and, if possible, the human-readable equivalent from strerror() or
+** strerror_r().
+**
+** The first argument passed to the macro should be the error code that
+** will be returned to SQLite (e.g. SQLITE_IOERR_DELETE, SQLITE_CANTOPEN). 
+** The two subsequent arguments should be the name of the OS function that
+** failed (e.g. "unlink", "open") and the associated file-system path,
+** if any.
+*/
+#define unixLogError(a,b,c)     unixLogErrorAtLine(a,b,c,__LINE__)
+static int unixLogErrorAtLine(
+  int errcode,                    /* SQLite error code */
+  const char *zFunc,              /* Name of OS function that failed */
+  const char *zPath,              /* File path associated with error */
+  int iLine                       /* Source line number where error occurred */
+){
+  char *zErr;                     /* Message from strerror() or equivalent */
+  int iErrno = errno;             /* Saved syscall error number */
+
+  /* If this is not a threadsafe build (SQLITE_THREADSAFE==0), then use
+  ** the strerror() function to obtain the human-readable error message
+  ** equivalent to errno. Otherwise, use strerror_r().
+  */ 
+#if SQLITE_THREADSAFE && defined(HAVE_STRERROR_R)
+  char aErr[80];
+  memset(aErr, 0, sizeof(aErr));
+  zErr = aErr;
+
+  /* If STRERROR_R_CHAR_P (set by autoconf scripts) or __USE_GNU is defined,
+  ** assume that the system provides the GNU version of strerror_r() that
+  ** returns a pointer to a buffer containing the error message. That pointer 
+  ** may point to aErr[], or it may point to some static storage somewhere. 
+  ** Otherwise, assume that the system provides the POSIX version of 
+  ** strerror_r(), which always writes an error message into aErr[].
+  **
+  ** If the code incorrectly assumes that it is the POSIX version that is
+  ** available, the error message will often be an empty string. Not a
+  ** huge problem. Incorrectly concluding that the GNU version is available 
+  ** could lead to a segfault though.
+  */
+#if defined(STRERROR_R_CHAR_P) || defined(__USE_GNU)
+  zErr = 
+# endif
+  strerror_r(iErrno, aErr, sizeof(aErr)-1);
+
+#elif SQLITE_THREADSAFE
+  /* This is a threadsafe build, but strerror_r() is not available. */
+  zErr = "";
+#else
+  /* Non-threadsafe build, use strerror(). */
+  zErr = strerror(iErrno);
+#endif
+
+  if( zPath==0 ) zPath = "";
+  sqlite3_log(errcode,
+      "os_unix.c:%d: (%d) %s(%s) - %s",
+      iLine, iErrno, zFunc, zPath, zErr
+  );
+
+  return errcode;
+}
+
+/*
+** Close a file descriptor.
+**
+** We assume that close() almost always works, since it is only in a
+** very sick application or on a very sick platform that it might fail.
+** If it does fail, simply leak the file descriptor, but do log the
+** error.
+**
+** Note that it is not safe to retry close() after EINTR since the
+** file descriptor might have already been reused by another thread.
+** So we don't even try to recover from an EINTR.  Just log the error
+** and move on.
+*/
+static void robust_close(unixFile *pFile, int h, int lineno){
+  if( osClose(h) ){
+    unixLogErrorAtLine(SQLITE_IOERR_CLOSE, "close",
+                       pFile ? pFile->zPath : 0, lineno);
+  }
+}
+
+/*
+** Set the pFile->lastErrno.  Do this in a subroutine as that provides
+** a convenient place to set a breakpoint.
+*/
+static void storeLastErrno(unixFile *pFile, int error){
+  pFile->lastErrno = error;
+}
+
+/*
+** Close all file descriptors accumuated in the unixInodeInfo->pUnused list.
+*/ 
+static void closePendingFds(unixFile *pFile){
+  unixInodeInfo *pInode = pFile->pInode;
+  UnixUnusedFd *p;
+  UnixUnusedFd *pNext;
+  for(p=pInode->pUnused; p; p=pNext){
+    pNext = p->pNext;
+    robust_close(pFile, p->fd, __LINE__);
+    sqlite3_free(p);
+  }
+  pInode->pUnused = 0;
+}
+
+/*
+** Release a unixInodeInfo structure previously allocated by findInodeInfo().
+**
+** The mutex entered using the unixEnterMutex() function must be held
+** when this function is called.
+*/
+static void releaseInodeInfo(unixFile *pFile){
+  unixInodeInfo *pInode = pFile->pInode;
+  assert( unixMutexHeld() );
+  if( ALWAYS(pInode) ){
+    pInode->nRef--;
+    if( pInode->nRef==0 ){
+      assert( pInode->pShmNode==0 );
+      closePendingFds(pFile);
+      if( pInode->pPrev ){
+        assert( pInode->pPrev->pNext==pInode );
+        pInode->pPrev->pNext = pInode->pNext;
+      }else{
+        assert( inodeList==pInode );
+        inodeList = pInode->pNext;
+      }
+      if( pInode->pNext ){
+        assert( pInode->pNext->pPrev==pInode );
+        pInode->pNext->pPrev = pInode->pPrev;
+      }
+      sqlite3_free(pInode);
+    }
+  }
+}
+
+/*
+** Given a file descriptor, locate the unixInodeInfo object that
+** describes that file descriptor.  Create a new one if necessary.  The
+** return value might be uninitialized if an error occurs.
+**
+** The mutex entered using the unixEnterMutex() function must be held
+** when this function is called.
+**
+** Return an appropriate error code.
+*/
+static int findInodeInfo(
+  unixFile *pFile,               /* Unix file with file desc used in the key */
+  unixInodeInfo **ppInode        /* Return the unixInodeInfo object here */
+){
+  int rc;                        /* System call return code */
+  int fd;                        /* The file descriptor for pFile */
+  struct unixFileId fileId;      /* Lookup key for the unixInodeInfo */
+  struct stat statbuf;           /* Low-level file information */
+  unixInodeInfo *pInode = 0;     /* Candidate unixInodeInfo object */
+
+  assert( unixMutexHeld() );
+
+  /* Get low-level information about the file that we can used to
+  ** create a unique name for the file.
+  */
+  fd = pFile->h;
+  rc = osFstat(fd, &statbuf);
+  if( rc!=0 ){
+    storeLastErrno(pFile, errno);
+#if defined(EOVERFLOW) && defined(SQLITE_DISABLE_LFS)
+    if( pFile->lastErrno==EOVERFLOW ) return SQLITE_NOLFS;
+#endif
+    return SQLITE_IOERR;
+  }
+
+#ifdef __APPLE__
+  /* On OS X on an msdos filesystem, the inode number is reported
+  ** incorrectly for zero-size files.  See ticket #3260.  To work
+  ** around this problem (we consider it a bug in OS X, not SQLite)
+  ** we always increase the file size to 1 by writing a single byte
+  ** prior to accessing the inode number.  The one byte written is
+  ** an ASCII 'S' character which also happens to be the first byte
+  ** in the header of every SQLite database.  In this way, if there
+  ** is a race condition such that another thread has already populated
+  ** the first page of the database, no damage is done.
+  */
+  if( statbuf.st_size==0 && (pFile->fsFlags & SQLITE_FSFLAGS_IS_MSDOS)!=0 ){
+    do{ rc = osWrite(fd, "S", 1); }while( rc<0 && errno==EINTR );
+    if( rc!=1 ){
+      storeLastErrno(pFile, errno);
+      return SQLITE_IOERR;
+    }
+    rc = osFstat(fd, &statbuf);
+    if( rc!=0 ){
+      storeLastErrno(pFile, errno);
+      return SQLITE_IOERR;
+    }
+  }
+#endif
+
+  memset(&fileId, 0, sizeof(fileId));
+  fileId.dev = statbuf.st_dev;
+#if OS_VXWORKS
+  fileId.pId = pFile->pId;
+#else
+  fileId.ino = statbuf.st_ino;
+#endif
+  pInode = inodeList;
+  while( pInode && memcmp(&fileId, &pInode->fileId, sizeof(fileId)) ){
+    pInode = pInode->pNext;
+  }
+  if( pInode==0 ){
+    pInode = sqlite3_malloc64( sizeof(*pInode) );
+    if( pInode==0 ){
+      return SQLITE_NOMEM;
+    }
+    memset(pInode, 0, sizeof(*pInode));
+    memcpy(&pInode->fileId, &fileId, sizeof(fileId));
+    pInode->nRef = 1;
+    pInode->pNext = inodeList;
+    pInode->pPrev = 0;
+    if( inodeList ) inodeList->pPrev = pInode;
+    inodeList = pInode;
+  }else{
+    pInode->nRef++;
+  }
+  *ppInode = pInode;
+  return SQLITE_OK;
+}
+
+/*
+** Return TRUE if pFile has been renamed or unlinked since it was first opened.
+*/
+static int fileHasMoved(unixFile *pFile){
+#if OS_VXWORKS
+  return pFile->pInode!=0 && pFile->pId!=pFile->pInode->fileId.pId;
+#else
+  struct stat buf;
+  return pFile->pInode!=0 &&
+      (osStat(pFile->zPath, &buf)!=0 || buf.st_ino!=pFile->pInode->fileId.ino);
+#endif
+}
+
+
+/*
+** Check a unixFile that is a database.  Verify the following:
+**
+** (1) There is exactly one hard link on the file
+** (2) The file is not a symbolic link
+** (3) The file has not been renamed or unlinked
+**
+** Issue sqlite3_log(SQLITE_WARNING,...) messages if anything is not right.
+*/
+static void verifyDbFile(unixFile *pFile){
+  struct stat buf;
+  int rc;
+  rc = osFstat(pFile->h, &buf);
+  if( rc!=0 ){
+    sqlite3_log(SQLITE_WARNING, "cannot fstat db file %s", pFile->zPath);
+    return;
+  }
+  if( buf.st_nlink==0 && (pFile->ctrlFlags & UNIXFILE_DELETE)==0 ){
+    sqlite3_log(SQLITE_WARNING, "file unlinked while open: %s", pFile->zPath);
+    return;
+  }
+  if( buf.st_nlink>1 ){
+    sqlite3_log(SQLITE_WARNING, "multiple links to file: %s", pFile->zPath);
+    return;
+  }
+  if( fileHasMoved(pFile) ){
+    sqlite3_log(SQLITE_WARNING, "file renamed while open: %s", pFile->zPath);
+    return;
+  }
+}
+
+
+/*
+** This routine checks if there is a RESERVED lock held on the specified
+** file by this or any other process. If such a lock is held, set *pResOut
+** to a non-zero value otherwise *pResOut is set to zero.  The return value
+** is set to SQLITE_OK unless an I/O error occurs during lock checking.
+*/
+static int unixCheckReservedLock(sqlite3_file *id, int *pResOut){
+  int rc = SQLITE_OK;
+  int reserved = 0;
+  unixFile *pFile = (unixFile*)id;
+
+  SimulateIOError( return SQLITE_IOERR_CHECKRESERVEDLOCK; );
+
+  assert( pFile );
+  assert( pFile->eFileLock<=SHARED_LOCK );
+  unixEnterMutex(); /* Because pFile->pInode is shared across threads */
+
+  /* Check if a thread in this process holds such a lock */
+  if( pFile->pInode->eFileLock>SHARED_LOCK ){
+    reserved = 1;
+  }
+
+  /* Otherwise see if some other process holds it.
+  */
+#ifndef __DJGPP__
+  if( !reserved && !pFile->pInode->bProcessLock ){
+    struct flock lock;
+    lock.l_whence = SEEK_SET;
+    lock.l_start = RESERVED_BYTE;
+    lock.l_len = 1;
+    lock.l_type = F_WRLCK;
+    if( osFcntl(pFile->h, F_GETLK, &lock) ){
+      rc = SQLITE_IOERR_CHECKRESERVEDLOCK;
+      storeLastErrno(pFile, errno);
+    } else if( lock.l_type!=F_UNLCK ){
+      reserved = 1;
+    }
+  }
+#endif
+  
+  unixLeaveMutex();
+  OSTRACE(("TEST WR-LOCK %d %d %d (unix)\n", pFile->h, rc, reserved));
+
+  *pResOut = reserved;
+  return rc;
+}
+
+/*
+** Attempt to set a system-lock on the file pFile.  The lock is 
+** described by pLock.
+**
+** If the pFile was opened read/write from unix-excl, then the only lock
+** ever obtained is an exclusive lock, and it is obtained exactly once
+** the first time any lock is attempted.  All subsequent system locking
+** operations become no-ops.  Locking operations still happen internally,
+** in order to coordinate access between separate database connections
+** within this process, but all of that is handled in memory and the
+** operating system does not participate.
+**
+** This function is a pass-through to fcntl(F_SETLK) if pFile is using
+** any VFS other than "unix-excl" or if pFile is opened on "unix-excl"
+** and is read-only.
+**
+** Zero is returned if the call completes successfully, or -1 if a call
+** to fcntl() fails. In this case, errno is set appropriately (by fcntl()).
+*/
+static int unixFileLock(unixFile *pFile, struct flock *pLock){
+  int rc;
+  unixInodeInfo *pInode = pFile->pInode;
+  assert( unixMutexHeld() );
+  assert( pInode!=0 );
+  if( (pFile->ctrlFlags & (UNIXFILE_EXCL|UNIXFILE_RDONLY))==UNIXFILE_EXCL ){
+    if( pInode->bProcessLock==0 ){
+      struct flock lock;
+      assert( pInode->nLock==0 );
+      lock.l_whence = SEEK_SET;
+      lock.l_start = SHARED_FIRST;
+      lock.l_len = SHARED_SIZE;
+      lock.l_type = F_WRLCK;
+      rc = osFcntl(pFile->h, F_SETLK, &lock);
+      if( rc<0 ) return rc;
+      pInode->bProcessLock = 1;
+      pInode->nLock++;
+    }else{
+      rc = 0;
+    }
+  }else{
+    rc = osFcntl(pFile->h, F_SETLK, pLock);
+  }
+  return rc;
+}
+
+/*
+** Lock the file with the lock specified by parameter eFileLock - one
+** of the following:
+**
+**     (1) SHARED_LOCK
+**     (2) RESERVED_LOCK
+**     (3) PENDING_LOCK
+**     (4) EXCLUSIVE_LOCK
+**
+** Sometimes when requesting one lock state, additional lock states
+** are inserted in between.  The locking might fail on one of the later
+** transitions leaving the lock state different from what it started but
+** still short of its goal.  The following chart shows the allowed
+** transitions and the inserted intermediate states:
+**
+**    UNLOCKED -> SHARED
+**    SHARED -> RESERVED
+**    SHARED -> (PENDING) -> EXCLUSIVE
+**    RESERVED -> (PENDING) -> EXCLUSIVE
+**    PENDING -> EXCLUSIVE
+**
+** This routine will only increase a lock.  Use the sqlite3OsUnlock()
+** routine to lower a locking level.
+*/
+static int unixLock(sqlite3_file *id, int eFileLock){
+  /* The following describes the implementation of the various locks and
+  ** lock transitions in terms of the POSIX advisory shared and exclusive
+  ** lock primitives (called read-locks and write-locks below, to avoid
+  ** confusion with SQLite lock names). The algorithms are complicated
+  ** slightly in order to be compatible with windows systems simultaneously
+  ** accessing the same database file, in case that is ever required.
+  **
+  ** Symbols defined in os.h indentify the 'pending byte' and the 'reserved
+  ** byte', each single bytes at well known offsets, and the 'shared byte
+  ** range', a range of 510 bytes at a well known offset.
+  **
+  ** To obtain a SHARED lock, a read-lock is obtained on the 'pending
+  ** byte'.  If this is successful, a random byte from the 'shared byte
+  ** range' is read-locked and the lock on the 'pending byte' released.
+  **
+  ** A process may only obtain a RESERVED lock after it has a SHARED lock.
+  ** A RESERVED lock is implemented by grabbing a write-lock on the
+  ** 'reserved byte'. 
+  **
+  ** A process may only obtain a PENDING lock after it has obtained a
+  ** SHARED lock. A PENDING lock is implemented by obtaining a write-lock
+  ** on the 'pending byte'. This ensures that no new SHARED locks can be
+  ** obtained, but existing SHARED locks are allowed to persist. A process
+  ** does not have to obtain a RESERVED lock on the way to a PENDING lock.
+  ** This property is used by the algorithm for rolling back a journal file
+  ** after a crash.
+  **
+  ** An EXCLUSIVE lock, obtained after a PENDING lock is held, is
+  ** implemented by obtaining a write-lock on the entire 'shared byte
+  ** range'. Since all other locks require a read-lock on one of the bytes
+  ** within this range, this ensures that no other locks are held on the
+  ** database. 
+  **
+  ** The reason a single byte cannot be used instead of the 'shared byte
+  ** range' is that some versions of windows do not support read-locks. By
+  ** locking a random byte from a range, concurrent SHARED locks may exist
+  ** even if the locking primitive used is always a write-lock.
+  */
+  int rc = SQLITE_OK;
+  unixFile *pFile = (unixFile*)id;
+  unixInodeInfo *pInode;
+  struct flock lock;
+  int tErrno = 0;
+
+  assert( pFile );
+  OSTRACE(("LOCK    %d %s was %s(%s,%d) pid=%d (unix)\n", pFile->h,
+      azFileLock(eFileLock), azFileLock(pFile->eFileLock),
+      azFileLock(pFile->pInode->eFileLock), pFile->pInode->nShared,
+      osGetpid(0)));
+
+  /* If there is already a lock of this type or more restrictive on the
+  ** unixFile, do nothing. Don't use the end_lock: exit path, as
+  ** unixEnterMutex() hasn't been called yet.
+  */
+  if( pFile->eFileLock>=eFileLock ){
+    OSTRACE(("LOCK    %d %s ok (already held) (unix)\n", pFile->h,
+            azFileLock(eFileLock)));
+    return SQLITE_OK;
+  }
+
+  /* Make sure the locking sequence is correct.
+  **  (1) We never move from unlocked to anything higher than shared lock.
+  **  (2) SQLite never explicitly requests a pendig lock.
+  **  (3) A shared lock is always held when a reserve lock is requested.
+  */
+  assert( pFile->eFileLock!=NO_LOCK || eFileLock==SHARED_LOCK );
+  assert( eFileLock!=PENDING_LOCK );
+  assert( eFileLock!=RESERVED_LOCK || pFile->eFileLock==SHARED_LOCK );
+
+  /* This mutex is needed because pFile->pInode is shared across threads
+  */
+  unixEnterMutex();
+  pInode = pFile->pInode;
+
+  /* If some thread using this PID has a lock via a different unixFile*
+  ** handle that precludes the requested lock, return BUSY.
+  */
+  if( (pFile->eFileLock!=pInode->eFileLock && 
+          (pInode->eFileLock>=PENDING_LOCK || eFileLock>SHARED_LOCK))
+  ){
+    rc = SQLITE_BUSY;
+    goto end_lock;
+  }
+
+  /* If a SHARED lock is requested, and some thread using this PID already
+  ** has a SHARED or RESERVED lock, then increment reference counts and
+  ** return SQLITE_OK.
+  */
+  if( eFileLock==SHARED_LOCK && 
+      (pInode->eFileLock==SHARED_LOCK || pInode->eFileLock==RESERVED_LOCK) ){
+    assert( eFileLock==SHARED_LOCK );
+    assert( pFile->eFileLock==0 );
+    assert( pInode->nShared>0 );
+    pFile->eFileLock = SHARED_LOCK;
+    pInode->nShared++;
+    pInode->nLock++;
+    goto end_lock;
+  }
+
+
+  /* A PENDING lock is needed before acquiring a SHARED lock and before
+  ** acquiring an EXCLUSIVE lock.  For the SHARED lock, the PENDING will
+  ** be released.
+  */
+  lock.l_len = 1L;
+  lock.l_whence = SEEK_SET;
+  if( eFileLock==SHARED_LOCK 
+      || (eFileLock==EXCLUSIVE_LOCK && pFile->eFileLock<PENDING_LOCK)
+  ){
+    lock.l_type = (eFileLock==SHARED_LOCK?F_RDLCK:F_WRLCK);
+    lock.l_start = PENDING_BYTE;
+    if( unixFileLock(pFile, &lock) ){
+      tErrno = errno;
+      rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_LOCK);
+      if( rc!=SQLITE_BUSY ){
+        storeLastErrno(pFile, tErrno);
+      }
+      goto end_lock;
+    }
+  }
+
+
+  /* If control gets to this point, then actually go ahead and make
+  ** operating system calls for the specified lock.
+  */
+  if( eFileLock==SHARED_LOCK ){
+    assert( pInode->nShared==0 );
+    assert( pInode->eFileLock==0 );
+    assert( rc==SQLITE_OK );
+
+    /* Now get the read-lock */
+    lock.l_start = SHARED_FIRST;
+    lock.l_len = SHARED_SIZE;
+    if( unixFileLock(pFile, &lock) ){
+      tErrno = errno;
+      rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_LOCK);
+    }
+
+    /* Drop the temporary PENDING lock */
+    lock.l_start = PENDING_BYTE;
+    lock.l_len = 1L;
+    lock.l_type = F_UNLCK;
+    if( unixFileLock(pFile, &lock) && rc==SQLITE_OK ){
+      /* This could happen with a network mount */
+      tErrno = errno;
+      rc = SQLITE_IOERR_UNLOCK; 
+    }
+
+    if( rc ){
+      if( rc!=SQLITE_BUSY ){
+        storeLastErrno(pFile, tErrno);
+      }
+      goto end_lock;
+    }else{
+      pFile->eFileLock = SHARED_LOCK;
+      pInode->nLock++;
+      pInode->nShared = 1;
+    }
+  }else if( eFileLock==EXCLUSIVE_LOCK && pInode->nShared>1 ){
+    /* We are trying for an exclusive lock but another thread in this
+    ** same process is still holding a shared lock. */
+    rc = SQLITE_BUSY;
+  }else{
+    /* The request was for a RESERVED or EXCLUSIVE lock.  It is
+    ** assumed that there is a SHARED or greater lock on the file
+    ** already.
+    */
+    assert( 0!=pFile->eFileLock );
+    lock.l_type = F_WRLCK;
+
+    assert( eFileLock==RESERVED_LOCK || eFileLock==EXCLUSIVE_LOCK );
+    if( eFileLock==RESERVED_LOCK ){
+      lock.l_start = RESERVED_BYTE;
+      lock.l_len = 1L;
+    }else{
+      lock.l_start = SHARED_FIRST;
+      lock.l_len = SHARED_SIZE;
+    }
+
+    if( unixFileLock(pFile, &lock) ){
+      tErrno = errno;
+      rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_LOCK);
+      if( rc!=SQLITE_BUSY ){
+        storeLastErrno(pFile, tErrno);
+      }
+    }
+  }
+  
+
+#ifdef SQLITE_DEBUG
+  /* Set up the transaction-counter change checking flags when
+  ** transitioning from a SHARED to a RESERVED lock.  The change
+  ** from SHARED to RESERVED marks the beginning of a normal
+  ** write operation (not a hot journal rollback).
+  */
+  if( rc==SQLITE_OK
+   && pFile->eFileLock<=SHARED_LOCK
+   && eFileLock==RESERVED_LOCK
+  ){
+    pFile->transCntrChng = 0;
+    pFile->dbUpdate = 0;
+    pFile->inNormalWrite = 1;
+  }
+#endif
+
+
+  if( rc==SQLITE_OK ){
+    pFile->eFileLock = eFileLock;
+    pInode->eFileLock = eFileLock;
+  }else if( eFileLock==EXCLUSIVE_LOCK ){
+    pFile->eFileLock = PENDING_LOCK;
+    pInode->eFileLock = PENDING_LOCK;
+  }
+
+end_lock:
+  unixLeaveMutex();
+  OSTRACE(("LOCK    %d %s %s (unix)\n", pFile->h, azFileLock(eFileLock), 
+      rc==SQLITE_OK ? "ok" : "failed"));
+  return rc;
+}
+
+/*
+** Add the file descriptor used by file handle pFile to the corresponding
+** pUnused list.
+*/
+static void setPendingFd(unixFile *pFile){
+  unixInodeInfo *pInode = pFile->pInode;
+  UnixUnusedFd *p = pFile->pUnused;
+  p->pNext = pInode->pUnused;
+  pInode->pUnused = p;
+  pFile->h = -1;
+  pFile->pUnused = 0;
+}
+
+/*
+** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+** 
+** If handleNFSUnlock is true, then on downgrading an EXCLUSIVE_LOCK to SHARED
+** the byte range is divided into 2 parts and the first part is unlocked then
+** set to a read lock, then the other part is simply unlocked.  This works 
+** around a bug in BSD NFS lockd (also seen on MacOSX 10.3+) that fails to 
+** remove the write lock on a region when a read lock is set.
+*/
+static int posixUnlock(sqlite3_file *id, int eFileLock, int handleNFSUnlock){
+  unixFile *pFile = (unixFile*)id;
+  unixInodeInfo *pInode;
+  struct flock lock;
+  int rc = SQLITE_OK;
+
+  assert( pFile );
+  OSTRACE(("UNLOCK  %d %d was %d(%d,%d) pid=%d (unix)\n", pFile->h, eFileLock,
+      pFile->eFileLock, pFile->pInode->eFileLock, pFile->pInode->nShared,
+      osGetpid(0)));
+
+  assert( eFileLock<=SHARED_LOCK );
+  if( pFile->eFileLock<=eFileLock ){
+    return SQLITE_OK;
+  }
+  unixEnterMutex();
+  pInode = pFile->pInode;
+  assert( pInode->nShared!=0 );
+  if( pFile->eFileLock>SHARED_LOCK ){
+    assert( pInode->eFileLock==pFile->eFileLock );
+
+#ifdef SQLITE_DEBUG
+    /* When reducing a lock such that other processes can start
+    ** reading the database file again, make sure that the
+    ** transaction counter was updated if any part of the database
+    ** file changed.  If the transaction counter is not updated,
+    ** other connections to the same file might not realize that
+    ** the file has changed and hence might not know to flush their
+    ** cache.  The use of a stale cache can lead to database corruption.
+    */
+    pFile->inNormalWrite = 0;
+#endif
+
+    /* downgrading to a shared lock on NFS involves clearing the write lock
+    ** before establishing the readlock - to avoid a race condition we downgrade
+    ** the lock in 2 blocks, so that part of the range will be covered by a 
+    ** write lock until the rest is covered by a read lock:
+    **  1:   [WWWWW]
+    **  2:   [....W]
+    **  3:   [RRRRW]
+    **  4:   [RRRR.]
+    */
+    if( eFileLock==SHARED_LOCK ){
+#if !defined(__APPLE__) || !SQLITE_ENABLE_LOCKING_STYLE
+      (void)handleNFSUnlock;
+      assert( handleNFSUnlock==0 );
+#endif
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+      if( handleNFSUnlock ){
+        int tErrno;               /* Error code from system call errors */
+        off_t divSize = SHARED_SIZE - 1;
+        
+        lock.l_type = F_UNLCK;
+        lock.l_whence = SEEK_SET;
+        lock.l_start = SHARED_FIRST;
+        lock.l_len = divSize;
+        if( unixFileLock(pFile, &lock)==(-1) ){
+          tErrno = errno;
+          rc = SQLITE_IOERR_UNLOCK;
+          storeLastErrno(pFile, tErrno);
+          goto end_unlock;
+        }
+        lock.l_type = F_RDLCK;
+        lock.l_whence = SEEK_SET;
+        lock.l_start = SHARED_FIRST;
+        lock.l_len = divSize;
+        if( unixFileLock(pFile, &lock)==(-1) ){
+          tErrno = errno;
+          rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_RDLOCK);
+          if( IS_LOCK_ERROR(rc) ){
+            storeLastErrno(pFile, tErrno);
+          }
+          goto end_unlock;
+        }
+        lock.l_type = F_UNLCK;
+        lock.l_whence = SEEK_SET;
+        lock.l_start = SHARED_FIRST+divSize;
+        lock.l_len = SHARED_SIZE-divSize;
+        if( unixFileLock(pFile, &lock)==(-1) ){
+          tErrno = errno;
+          rc = SQLITE_IOERR_UNLOCK;
+          storeLastErrno(pFile, tErrno);
+          goto end_unlock;
+        }
+      }else
+#endif /* defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE */
+      {
+        lock.l_type = F_RDLCK;
+        lock.l_whence = SEEK_SET;
+        lock.l_start = SHARED_FIRST;
+        lock.l_len = SHARED_SIZE;
+        if( unixFileLock(pFile, &lock) ){
+          /* In theory, the call to unixFileLock() cannot fail because another
+          ** process is holding an incompatible lock. If it does, this 
+          ** indicates that the other process is not following the locking
+          ** protocol. If this happens, return SQLITE_IOERR_RDLOCK. Returning
+          ** SQLITE_BUSY would confuse the upper layer (in practice it causes 
+          ** an assert to fail). */ 
+          rc = SQLITE_IOERR_RDLOCK;
+          storeLastErrno(pFile, errno);
+          goto end_unlock;
+        }
+      }
+    }
+    lock.l_type = F_UNLCK;
+    lock.l_whence = SEEK_SET;
+    lock.l_start = PENDING_BYTE;
+    lock.l_len = 2L;  assert( PENDING_BYTE+1==RESERVED_BYTE );
+    if( unixFileLock(pFile, &lock)==0 ){
+      pInode->eFileLock = SHARED_LOCK;
+    }else{
+      rc = SQLITE_IOERR_UNLOCK;
+      storeLastErrno(pFile, errno);
+      goto end_unlock;
+    }
+  }
+  if( eFileLock==NO_LOCK ){
+    /* Decrement the shared lock counter.  Release the lock using an
+    ** OS call only when all threads in this same process have released
+    ** the lock.
+    */
+    pInode->nShared--;
+    if( pInode->nShared==0 ){
+      lock.l_type = F_UNLCK;
+      lock.l_whence = SEEK_SET;
+      lock.l_start = lock.l_len = 0L;
+      if( unixFileLock(pFile, &lock)==0 ){
+        pInode->eFileLock = NO_LOCK;
+      }else{
+        rc = SQLITE_IOERR_UNLOCK;
+        storeLastErrno(pFile, errno);
+        pInode->eFileLock = NO_LOCK;
+        pFile->eFileLock = NO_LOCK;
+      }
+    }
+
+    /* Decrement the count of locks against this same file.  When the
+    ** count reaches zero, close any other file descriptors whose close
+    ** was deferred because of outstanding locks.
+    */
+    pInode->nLock--;
+    assert( pInode->nLock>=0 );
+    if( pInode->nLock==0 ){
+      closePendingFds(pFile);
+    }
+  }
+
+end_unlock:
+  unixLeaveMutex();
+  if( rc==SQLITE_OK ) pFile->eFileLock = eFileLock;
+  return rc;
+}
+
+/*
+** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+*/
+static int unixUnlock(sqlite3_file *id, int eFileLock){
+#if SQLITE_MAX_MMAP_SIZE>0
+  assert( eFileLock==SHARED_LOCK || ((unixFile *)id)->nFetchOut==0 );
+#endif
+  return posixUnlock(id, eFileLock, 0);
+}
+
+#if SQLITE_MAX_MMAP_SIZE>0
+static int unixMapfile(unixFile *pFd, i64 nByte);
+static void unixUnmapfile(unixFile *pFd);
+#endif
+
+/*
+** This function performs the parts of the "close file" operation 
+** common to all locking schemes. It closes the directory and file
+** handles, if they are valid, and sets all fields of the unixFile
+** structure to 0.
+**
+** It is *not* necessary to hold the mutex when this routine is called,
+** even on VxWorks.  A mutex will be acquired on VxWorks by the
+** vxworksReleaseFileId() routine.
+*/
+static int closeUnixFile(sqlite3_file *id){
+  unixFile *pFile = (unixFile*)id;
+#if SQLITE_MAX_MMAP_SIZE>0
+  unixUnmapfile(pFile);
+#endif
+  if( pFile->h>=0 ){
+    robust_close(pFile, pFile->h, __LINE__);
+    pFile->h = -1;
+  }
+#if OS_VXWORKS
+  if( pFile->pId ){
+    if( pFile->ctrlFlags & UNIXFILE_DELETE ){
+      osUnlink(pFile->pId->zCanonicalName);
+    }
+    vxworksReleaseFileId(pFile->pId);
+    pFile->pId = 0;
+  }
+#endif
+#ifdef SQLITE_UNLINK_AFTER_CLOSE
+  if( pFile->ctrlFlags & UNIXFILE_DELETE ){
+    osUnlink(pFile->zPath);
+    sqlite3_free(*(char**)&pFile->zPath);
+    pFile->zPath = 0;
+  }
+#endif
+  OSTRACE(("CLOSE   %-3d\n", pFile->h));
+  OpenCounter(-1);
+  sqlite3_free(pFile->pUnused);
+  memset(pFile, 0, sizeof(unixFile));
+  return SQLITE_OK;
+}
+
+/*
+** Close a file.
+*/
+static int unixClose(sqlite3_file *id){
+  int rc = SQLITE_OK;
+  unixFile *pFile = (unixFile *)id;
+  verifyDbFile(pFile);
+  unixUnlock(id, NO_LOCK);
+  unixEnterMutex();
+
+  /* unixFile.pInode is always valid here. Otherwise, a different close
+  ** routine (e.g. nolockClose()) would be called instead.
+  */
+  assert( pFile->pInode->nLock>0 || pFile->pInode->bProcessLock==0 );
+  if( ALWAYS(pFile->pInode) && pFile->pInode->nLock ){
+    /* If there are outstanding locks, do not actually close the file just
+    ** yet because that would clear those locks.  Instead, add the file
+    ** descriptor to pInode->pUnused list.  It will be automatically closed 
+    ** when the last lock is cleared.
+    */
+    setPendingFd(pFile);
+  }
+  releaseInodeInfo(pFile);
+  rc = closeUnixFile(id);
+  unixLeaveMutex();
+  return rc;
+}
+
+/************** End of the posix advisory lock implementation *****************
+******************************************************************************/
+
+/******************************************************************************
+****************************** No-op Locking **********************************
+**
+** Of the various locking implementations available, this is by far the
+** simplest:  locking is ignored.  No attempt is made to lock the database
+** file for reading or writing.
+**
+** This locking mode is appropriate for use on read-only databases
+** (ex: databases that are burned into CD-ROM, for example.)  It can
+** also be used if the application employs some external mechanism to
+** prevent simultaneous access of the same database by two or more
+** database connections.  But there is a serious risk of database
+** corruption if this locking mode is used in situations where multiple
+** database connections are accessing the same database file at the same
+** time and one or more of those connections are writing.
+*/
+
+static int nolockCheckReservedLock(sqlite3_file *NotUsed, int *pResOut){
+  UNUSED_PARAMETER(NotUsed);
+  *pResOut = 0;
+  return SQLITE_OK;
+}
+static int nolockLock(sqlite3_file *NotUsed, int NotUsed2){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  return SQLITE_OK;
+}
+static int nolockUnlock(sqlite3_file *NotUsed, int NotUsed2){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  return SQLITE_OK;
+}
+
+/*
+** Close the file.
+*/
+static int nolockClose(sqlite3_file *id) {
+  return closeUnixFile(id);
+}
+
+/******************* End of the no-op lock implementation *********************
+******************************************************************************/
+
+/******************************************************************************
+************************* Begin dot-file Locking ******************************
+**
+** The dotfile locking implementation uses the existence of separate lock
+** files (really a directory) to control access to the database.  This works
+** on just about every filesystem imaginable.  But there are serious downsides:
+**
+**    (1)  There is zero concurrency.  A single reader blocks all other
+**         connections from reading or writing the database.
+**
+**    (2)  An application crash or power loss can leave stale lock files
+**         sitting around that need to be cleared manually.
+**
+** Nevertheless, a dotlock is an appropriate locking mode for use if no
+** other locking strategy is available.
+**
+** Dotfile locking works by creating a subdirectory in the same directory as
+** the database and with the same name but with a ".lock" extension added.
+** The existence of a lock directory implies an EXCLUSIVE lock.  All other
+** lock types (SHARED, RESERVED, PENDING) are mapped into EXCLUSIVE.
+*/
+
+/*
+** The file suffix added to the data base filename in order to create the
+** lock directory.
+*/
+#define DOTLOCK_SUFFIX ".lock"
+
+/*
+** This routine checks if there is a RESERVED lock held on the specified
+** file by this or any other process. If such a lock is held, set *pResOut
+** to a non-zero value otherwise *pResOut is set to zero.  The return value
+** is set to SQLITE_OK unless an I/O error occurs during lock checking.
+**
+** In dotfile locking, either a lock exists or it does not.  So in this
+** variation of CheckReservedLock(), *pResOut is set to true if any lock
+** is held on the file and false if the file is unlocked.
+*/
+static int dotlockCheckReservedLock(sqlite3_file *id, int *pResOut) {
+  int rc = SQLITE_OK;
+  int reserved = 0;
+  unixFile *pFile = (unixFile*)id;
+
+  SimulateIOError( return SQLITE_IOERR_CHECKRESERVEDLOCK; );
+  
+  assert( pFile );
+  reserved = osAccess((const char*)pFile->lockingContext, 0)==0;
+  OSTRACE(("TEST WR-LOCK %d %d %d (dotlock)\n", pFile->h, rc, reserved));
+  *pResOut = reserved;
+  return rc;
+}
+
+/*
+** Lock the file with the lock specified by parameter eFileLock - one
+** of the following:
+**
+**     (1) SHARED_LOCK
+**     (2) RESERVED_LOCK
+**     (3) PENDING_LOCK
+**     (4) EXCLUSIVE_LOCK
+**
+** Sometimes when requesting one lock state, additional lock states
+** are inserted in between.  The locking might fail on one of the later
+** transitions leaving the lock state different from what it started but
+** still short of its goal.  The following chart shows the allowed
+** transitions and the inserted intermediate states:
+**
+**    UNLOCKED -> SHARED
+**    SHARED -> RESERVED
+**    SHARED -> (PENDING) -> EXCLUSIVE
+**    RESERVED -> (PENDING) -> EXCLUSIVE
+**    PENDING -> EXCLUSIVE
+**
+** This routine will only increase a lock.  Use the sqlite3OsUnlock()
+** routine to lower a locking level.
+**
+** With dotfile locking, we really only support state (4): EXCLUSIVE.
+** But we track the other locking levels internally.
+*/
+static int dotlockLock(sqlite3_file *id, int eFileLock) {
+  unixFile *pFile = (unixFile*)id;
+  char *zLockFile = (char *)pFile->lockingContext;
+  int rc = SQLITE_OK;
+
+
+  /* If we have any lock, then the lock file already exists.  All we have
+  ** to do is adjust our internal record of the lock level.
+  */
+  if( pFile->eFileLock > NO_LOCK ){
+    pFile->eFileLock = eFileLock;
+    /* Always update the timestamp on the old file */
+#ifdef HAVE_UTIME
+    utime(zLockFile, NULL);
+#else
+    utimes(zLockFile, NULL);
+#endif
+    return SQLITE_OK;
+  }
+  
+  /* grab an exclusive lock */
+  rc = osMkdir(zLockFile, 0777);
+  if( rc<0 ){
+    /* failed to open/create the lock directory */
+    int tErrno = errno;
+    if( EEXIST == tErrno ){
+      rc = SQLITE_BUSY;
+    } else {
+      rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_LOCK);
+      if( rc!=SQLITE_BUSY ){
+        storeLastErrno(pFile, tErrno);
+      }
+    }
+    return rc;
+  } 
+  
+  /* got it, set the type and return ok */
+  pFile->eFileLock = eFileLock;
+  return rc;
+}
+
+/*
+** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+**
+** When the locking level reaches NO_LOCK, delete the lock file.
+*/
+static int dotlockUnlock(sqlite3_file *id, int eFileLock) {
+  unixFile *pFile = (unixFile*)id;
+  char *zLockFile = (char *)pFile->lockingContext;
+  int rc;
+
+  assert( pFile );
+  OSTRACE(("UNLOCK  %d %d was %d pid=%d (dotlock)\n", pFile->h, eFileLock,
+           pFile->eFileLock, osGetpid(0)));
+  assert( eFileLock<=SHARED_LOCK );
+  
+  /* no-op if possible */
+  if( pFile->eFileLock==eFileLock ){
+    return SQLITE_OK;
+  }
+
+  /* To downgrade to shared, simply update our internal notion of the
+  ** lock state.  No need to mess with the file on disk.
+  */
+  if( eFileLock==SHARED_LOCK ){
+    pFile->eFileLock = SHARED_LOCK;
+    return SQLITE_OK;
+  }
+  
+  /* To fully unlock the database, delete the lock file */
+  assert( eFileLock==NO_LOCK );
+  rc = osRmdir(zLockFile);
+  if( rc<0 ){
+    int tErrno = errno;
+    if( tErrno==ENOENT ){
+      rc = SQLITE_OK;
+    }else{
+      rc = SQLITE_IOERR_UNLOCK;
+      storeLastErrno(pFile, tErrno);
+    }
+    return rc; 
+  }
+  pFile->eFileLock = NO_LOCK;
+  return SQLITE_OK;
+}
+
+/*
+** Close a file.  Make sure the lock has been released before closing.
+*/
+static int dotlockClose(sqlite3_file *id) {
+  unixFile *pFile = (unixFile*)id;
+  assert( id!=0 );
+  dotlockUnlock(id, NO_LOCK);
+  sqlite3_free(pFile->lockingContext);
+  return closeUnixFile(id);
+}
+/****************** End of the dot-file lock implementation *******************
+******************************************************************************/
+
+/******************************************************************************
+************************** Begin flock Locking ********************************
+**
+** Use the flock() system call to do file locking.
+**
+** flock() locking is like dot-file locking in that the various
+** fine-grain locking levels supported by SQLite are collapsed into
+** a single exclusive lock.  In other words, SHARED, RESERVED, and
+** PENDING locks are the same thing as an EXCLUSIVE lock.  SQLite
+** still works when you do this, but concurrency is reduced since
+** only a single process can be reading the database at a time.
+**
+** Omit this section if SQLITE_ENABLE_LOCKING_STYLE is turned off
+*/
+#if SQLITE_ENABLE_LOCKING_STYLE
+
+/*
+** Retry flock() calls that fail with EINTR
+*/
+#ifdef EINTR
+static int robust_flock(int fd, int op){
+  int rc;
+  do{ rc = flock(fd,op); }while( rc<0 && errno==EINTR );
+  return rc;
+}
+#else
+# define robust_flock(a,b) flock(a,b)
+#endif
+     
+
+/*
+** This routine checks if there is a RESERVED lock held on the specified
+** file by this or any other process. If such a lock is held, set *pResOut
+** to a non-zero value otherwise *pResOut is set to zero.  The return value
+** is set to SQLITE_OK unless an I/O error occurs during lock checking.
+*/
+static int flockCheckReservedLock(sqlite3_file *id, int *pResOut){
+  int rc = SQLITE_OK;
+  int reserved = 0;
+  unixFile *pFile = (unixFile*)id;
+  
+  SimulateIOError( return SQLITE_IOERR_CHECKRESERVEDLOCK; );
+  
+  assert( pFile );
+  
+  /* Check if a thread in this process holds such a lock */
+  if( pFile->eFileLock>SHARED_LOCK ){
+    reserved = 1;
+  }
+  
+  /* Otherwise see if some other process holds it. */
+  if( !reserved ){
+    /* attempt to get the lock */
+    int lrc = robust_flock(pFile->h, LOCK_EX | LOCK_NB);
+    if( !lrc ){
+      /* got the lock, unlock it */
+      lrc = robust_flock(pFile->h, LOCK_UN);
+      if ( lrc ) {
+        int tErrno = errno;
+        /* unlock failed with an error */
+        lrc = SQLITE_IOERR_UNLOCK; 
+        storeLastErrno(pFile, tErrno);
+        rc = lrc;
+      }
+    } else {
+      int tErrno = errno;
+      reserved = 1;
+      /* someone else might have it reserved */
+      lrc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_LOCK); 
+      if( IS_LOCK_ERROR(lrc) ){
+        storeLastErrno(pFile, tErrno);
+        rc = lrc;
+      }
+    }
+  }
+  OSTRACE(("TEST WR-LOCK %d %d %d (flock)\n", pFile->h, rc, reserved));
+
+#ifdef SQLITE_IGNORE_FLOCK_LOCK_ERRORS
+  if( (rc & SQLITE_IOERR) == SQLITE_IOERR ){
+    rc = SQLITE_OK;
+    reserved=1;
+  }
+#endif /* SQLITE_IGNORE_FLOCK_LOCK_ERRORS */
+  *pResOut = reserved;
+  return rc;
+}
+
+/*
+** Lock the file with the lock specified by parameter eFileLock - one
+** of the following:
+**
+**     (1) SHARED_LOCK
+**     (2) RESERVED_LOCK
+**     (3) PENDING_LOCK
+**     (4) EXCLUSIVE_LOCK
+**
+** Sometimes when requesting one lock state, additional lock states
+** are inserted in between.  The locking might fail on one of the later
+** transitions leaving the lock state different from what it started but
+** still short of its goal.  The following chart shows the allowed
+** transitions and the inserted intermediate states:
+**
+**    UNLOCKED -> SHARED
+**    SHARED -> RESERVED
+**    SHARED -> (PENDING) -> EXCLUSIVE
+**    RESERVED -> (PENDING) -> EXCLUSIVE
+**    PENDING -> EXCLUSIVE
+**
+** flock() only really support EXCLUSIVE locks.  We track intermediate
+** lock states in the sqlite3_file structure, but all locks SHARED or
+** above are really EXCLUSIVE locks and exclude all other processes from
+** access the file.
+**
+** This routine will only increase a lock.  Use the sqlite3OsUnlock()
+** routine to lower a locking level.
+*/
+static int flockLock(sqlite3_file *id, int eFileLock) {
+  int rc = SQLITE_OK;
+  unixFile *pFile = (unixFile*)id;
+
+  assert( pFile );
+
+  /* if we already have a lock, it is exclusive.  
+  ** Just adjust level and punt on outta here. */
+  if (pFile->eFileLock > NO_LOCK) {
+    pFile->eFileLock = eFileLock;
+    return SQLITE_OK;
+  }
+  
+  /* grab an exclusive lock */
+  
+  if (robust_flock(pFile->h, LOCK_EX | LOCK_NB)) {
+    int tErrno = errno;
+    /* didn't get, must be busy */
+    rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_LOCK);
+    if( IS_LOCK_ERROR(rc) ){
+      storeLastErrno(pFile, tErrno);
+    }
+  } else {
+    /* got it, set the type and return ok */
+    pFile->eFileLock = eFileLock;
+  }
+  OSTRACE(("LOCK    %d %s %s (flock)\n", pFile->h, azFileLock(eFileLock), 
+           rc==SQLITE_OK ? "ok" : "failed"));
+#ifdef SQLITE_IGNORE_FLOCK_LOCK_ERRORS
+  if( (rc & SQLITE_IOERR) == SQLITE_IOERR ){
+    rc = SQLITE_BUSY;
+  }
+#endif /* SQLITE_IGNORE_FLOCK_LOCK_ERRORS */
+  return rc;
+}
+
+
+/*
+** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+*/
+static int flockUnlock(sqlite3_file *id, int eFileLock) {
+  unixFile *pFile = (unixFile*)id;
+  
+  assert( pFile );
+  OSTRACE(("UNLOCK  %d %d was %d pid=%d (flock)\n", pFile->h, eFileLock,
+           pFile->eFileLock, osGetpid(0)));
+  assert( eFileLock<=SHARED_LOCK );
+  
+  /* no-op if possible */
+  if( pFile->eFileLock==eFileLock ){
+    return SQLITE_OK;
+  }
+  
+  /* shared can just be set because we always have an exclusive */
+  if (eFileLock==SHARED_LOCK) {
+    pFile->eFileLock = eFileLock;
+    return SQLITE_OK;
+  }
+  
+  /* no, really, unlock. */
+  if( robust_flock(pFile->h, LOCK_UN) ){
+#ifdef SQLITE_IGNORE_FLOCK_LOCK_ERRORS
+    return SQLITE_OK;
+#endif /* SQLITE_IGNORE_FLOCK_LOCK_ERRORS */
+    return SQLITE_IOERR_UNLOCK;
+  }else{
+    pFile->eFileLock = NO_LOCK;
+    return SQLITE_OK;
+  }
+}
+
+/*
+** Close a file.
+*/
+static int flockClose(sqlite3_file *id) {
+  assert( id!=0 );
+  flockUnlock(id, NO_LOCK);
+  return closeUnixFile(id);
+}
+
+#endif /* SQLITE_ENABLE_LOCKING_STYLE && !OS_VXWORK */
+
+/******************* End of the flock lock implementation *********************
+******************************************************************************/
+
+/******************************************************************************
+************************ Begin Named Semaphore Locking ************************
+**
+** Named semaphore locking is only supported on VxWorks.
+**
+** Semaphore locking is like dot-lock and flock in that it really only
+** supports EXCLUSIVE locking.  Only a single process can read or write
+** the database file at a time.  This reduces potential concurrency, but
+** makes the lock implementation much easier.
+*/
+#if OS_VXWORKS
+
+/*
+** This routine checks if there is a RESERVED lock held on the specified
+** file by this or any other process. If such a lock is held, set *pResOut
+** to a non-zero value otherwise *pResOut is set to zero.  The return value
+** is set to SQLITE_OK unless an I/O error occurs during lock checking.
+*/
+static int semXCheckReservedLock(sqlite3_file *id, int *pResOut) {
+  int rc = SQLITE_OK;
+  int reserved = 0;
+  unixFile *pFile = (unixFile*)id;
+
+  SimulateIOError( return SQLITE_IOERR_CHECKRESERVEDLOCK; );
+  
+  assert( pFile );
+
+  /* Check if a thread in this process holds such a lock */
+  if( pFile->eFileLock>SHARED_LOCK ){
+    reserved = 1;
+  }
+  
+  /* Otherwise see if some other process holds it. */
+  if( !reserved ){
+    sem_t *pSem = pFile->pInode->pSem;
+
+    if( sem_trywait(pSem)==-1 ){
+      int tErrno = errno;
+      if( EAGAIN != tErrno ){
+        rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_CHECKRESERVEDLOCK);
+        storeLastErrno(pFile, tErrno);
+      } else {
+        /* someone else has the lock when we are in NO_LOCK */
+        reserved = (pFile->eFileLock < SHARED_LOCK);
+      }
+    }else{
+      /* we could have it if we want it */
+      sem_post(pSem);
+    }
+  }
+  OSTRACE(("TEST WR-LOCK %d %d %d (sem)\n", pFile->h, rc, reserved));
+
+  *pResOut = reserved;
+  return rc;
+}
+
+/*
+** Lock the file with the lock specified by parameter eFileLock - one
+** of the following:
+**
+**     (1) SHARED_LOCK
+**     (2) RESERVED_LOCK
+**     (3) PENDING_LOCK
+**     (4) EXCLUSIVE_LOCK
+**
+** Sometimes when requesting one lock state, additional lock states
+** are inserted in between.  The locking might fail on one of the later
+** transitions leaving the lock state different from what it started but
+** still short of its goal.  The following chart shows the allowed
+** transitions and the inserted intermediate states:
+**
+**    UNLOCKED -> SHARED
+**    SHARED -> RESERVED
+**    SHARED -> (PENDING) -> EXCLUSIVE
+**    RESERVED -> (PENDING) -> EXCLUSIVE
+**    PENDING -> EXCLUSIVE
+**
+** Semaphore locks only really support EXCLUSIVE locks.  We track intermediate
+** lock states in the sqlite3_file structure, but all locks SHARED or
+** above are really EXCLUSIVE locks and exclude all other processes from
+** access the file.
+**
+** This routine will only increase a lock.  Use the sqlite3OsUnlock()
+** routine to lower a locking level.
+*/
+static int semXLock(sqlite3_file *id, int eFileLock) {
+  unixFile *pFile = (unixFile*)id;
+  sem_t *pSem = pFile->pInode->pSem;
+  int rc = SQLITE_OK;
+
+  /* if we already have a lock, it is exclusive.  
+  ** Just adjust level and punt on outta here. */
+  if (pFile->eFileLock > NO_LOCK) {
+    pFile->eFileLock = eFileLock;
+    rc = SQLITE_OK;
+    goto sem_end_lock;
+  }
+  
+  /* lock semaphore now but bail out when already locked. */
+  if( sem_trywait(pSem)==-1 ){
+    rc = SQLITE_BUSY;
+    goto sem_end_lock;
+  }
+
+  /* got it, set the type and return ok */
+  pFile->eFileLock = eFileLock;
+
+ sem_end_lock:
+  return rc;
+}
+
+/*
+** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+*/
+static int semXUnlock(sqlite3_file *id, int eFileLock) {
+  unixFile *pFile = (unixFile*)id;
+  sem_t *pSem = pFile->pInode->pSem;
+
+  assert( pFile );
+  assert( pSem );
+  OSTRACE(("UNLOCK  %d %d was %d pid=%d (sem)\n", pFile->h, eFileLock,
+           pFile->eFileLock, osGetpid(0)));
+  assert( eFileLock<=SHARED_LOCK );
+  
+  /* no-op if possible */
+  if( pFile->eFileLock==eFileLock ){
+    return SQLITE_OK;
+  }
+  
+  /* shared can just be set because we always have an exclusive */
+  if (eFileLock==SHARED_LOCK) {
+    pFile->eFileLock = eFileLock;
+    return SQLITE_OK;
+  }
+  
+  /* no, really unlock. */
+  if ( sem_post(pSem)==-1 ) {
+    int rc, tErrno = errno;
+    rc = sqliteErrorFromPosixError(tErrno, SQLITE_IOERR_UNLOCK);
+    if( IS_LOCK_ERROR(rc) ){
+      storeLastErrno(pFile, tErrno);
+    }
+    return rc; 
+  }
+  pFile->eFileLock = NO_LOCK;
+  return SQLITE_OK;
+}
+
+/*
+ ** Close a file.
+ */
+static int semXClose(sqlite3_file *id) {
+  if( id ){
+    unixFile *pFile = (unixFile*)id;
+    semXUnlock(id, NO_LOCK);
+    assert( pFile );
+    unixEnterMutex();
+    releaseInodeInfo(pFile);
+    unixLeaveMutex();
+    closeUnixFile(id);
+  }
+  return SQLITE_OK;
+}
+
+#endif /* OS_VXWORKS */
+/*
+** Named semaphore locking is only available on VxWorks.
+**
+*************** End of the named semaphore lock implementation ****************
+******************************************************************************/
+
+
+/******************************************************************************
+*************************** Begin AFP Locking *********************************
+**
+** AFP is the Apple Filing Protocol.  AFP is a network filesystem found
+** on Apple Macintosh computers - both OS9 and OSX.
+**
+** Third-party implementations of AFP are available.  But this code here
+** only works on OSX.
+*/
+
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+/*
+** The afpLockingContext structure contains all afp lock specific state
+*/
+typedef struct afpLockingContext afpLockingContext;
+struct afpLockingContext {
+  int reserved;
+  const char *dbPath;             /* Name of the open file */
+};
+
+struct ByteRangeLockPB2
+{
+  unsigned long long offset;        /* offset to first byte to lock */
+  unsigned long long length;        /* nbr of bytes to lock */
+  unsigned long long retRangeStart; /* nbr of 1st byte locked if successful */
+  unsigned char unLockFlag;         /* 1 = unlock, 0 = lock */
+  unsigned char startEndFlag;       /* 1=rel to end of fork, 0=rel to start */
+  int fd;                           /* file desc to assoc this lock with */
+};
+
+#define afpfsByteRangeLock2FSCTL        _IOWR('z', 23, struct ByteRangeLockPB2)
+
+/*
+** This is a utility for setting or clearing a bit-range lock on an
+** AFP filesystem.
+** 
+** Return SQLITE_OK on success, SQLITE_BUSY on failure.
+*/
+static int afpSetLock(
+  const char *path,              /* Name of the file to be locked or unlocked */
+  unixFile *pFile,               /* Open file descriptor on path */
+  unsigned long long offset,     /* First byte to be locked */
+  unsigned long long length,     /* Number of bytes to lock */
+  int setLockFlag                /* True to set lock.  False to clear lock */
+){
+  struct ByteRangeLockPB2 pb;
+  int err;
+  
+  pb.unLockFlag = setLockFlag ? 0 : 1;
+  pb.startEndFlag = 0;
+  pb.offset = offset;
+  pb.length = length; 
+  pb.fd = pFile->h;
+  
+  OSTRACE(("AFPSETLOCK [%s] for %d%s in range %llx:%llx\n", 
+    (setLockFlag?"ON":"OFF"), pFile->h, (pb.fd==-1?"[testval-1]":""),
+    offset, length));
+  err = fsctl(path, afpfsByteRangeLock2FSCTL, &pb, 0);
+  if ( err==-1 ) {
+    int rc;
+    int tErrno = errno;
+    OSTRACE(("AFPSETLOCK failed to fsctl() '%s' %d %s\n",
+             path, tErrno, strerror(tErrno)));
+#ifdef SQLITE_IGNORE_AFP_LOCK_ERRORS
+    rc = SQLITE_BUSY;
+#else
+    rc = sqliteErrorFromPosixError(tErrno,
+                    setLockFlag ? SQLITE_IOERR_LOCK : SQLITE_IOERR_UNLOCK);
+#endif /* SQLITE_IGNORE_AFP_LOCK_ERRORS */
+    if( IS_LOCK_ERROR(rc) ){
+      storeLastErrno(pFile, tErrno);
+    }
+    return rc;
+  } else {
+    return SQLITE_OK;
+  }
+}
+
+/*
+** This routine checks if there is a RESERVED lock held on the specified
+** file by this or any other process. If such a lock is held, set *pResOut
+** to a non-zero value otherwise *pResOut is set to zero.  The return value
+** is set to SQLITE_OK unless an I/O error occurs during lock checking.
+*/
+static int afpCheckReservedLock(sqlite3_file *id, int *pResOut){
+  int rc = SQLITE_OK;
+  int reserved = 0;
+  unixFile *pFile = (unixFile*)id;
+  afpLockingContext *context;
+  
+  SimulateIOError( return SQLITE_IOERR_CHECKRESERVEDLOCK; );
+  
+  assert( pFile );
+  context = (afpLockingContext *) pFile->lockingContext;
+  if( context->reserved ){
+    *pResOut = 1;
+    return SQLITE_OK;
+  }
+  unixEnterMutex(); /* Because pFile->pInode is shared across threads */
+  
+  /* Check if a thread in this process holds such a lock */
+  if( pFile->pInode->eFileLock>SHARED_LOCK ){
+    reserved = 1;
+  }
+  
+  /* Otherwise see if some other process holds it.
+   */
+  if( !reserved ){
+    /* lock the RESERVED byte */
+    int lrc = afpSetLock(context->dbPath, pFile, RESERVED_BYTE, 1,1);  
+    if( SQLITE_OK==lrc ){
+      /* if we succeeded in taking the reserved lock, unlock it to restore
+      ** the original state */
+      lrc = afpSetLock(context->dbPath, pFile, RESERVED_BYTE, 1, 0);
+    } else {
+      /* if we failed to get the lock then someone else must have it */
+      reserved = 1;
+    }
+    if( IS_LOCK_ERROR(lrc) ){
+      rc=lrc;
+    }
+  }
+  
+  unixLeaveMutex();
+  OSTRACE(("TEST WR-LOCK %d %d %d (afp)\n", pFile->h, rc, reserved));
+  
+  *pResOut = reserved;
+  return rc;
+}
+
+/*
+** Lock the file with the lock specified by parameter eFileLock - one
+** of the following:
+**
+**     (1) SHARED_LOCK
+**     (2) RESERVED_LOCK
+**     (3) PENDING_LOCK
+**     (4) EXCLUSIVE_LOCK
+**
+** Sometimes when requesting one lock state, additional lock states
+** are inserted in between.  The locking might fail on one of the later
+** transitions leaving the lock state different from what it started but
+** still short of its goal.  The following chart shows the allowed
+** transitions and the inserted intermediate states:
+**
+**    UNLOCKED -> SHARED
+**    SHARED -> RESERVED
+**    SHARED -> (PENDING) -> EXCLUSIVE
+**    RESERVED -> (PENDING) -> EXCLUSIVE
+**    PENDING -> EXCLUSIVE
+**
+** This routine will only increase a lock.  Use the sqlite3OsUnlock()
+** routine to lower a locking level.
+*/
+static int afpLock(sqlite3_file *id, int eFileLock){
+  int rc = SQLITE_OK;
+  unixFile *pFile = (unixFile*)id;
+  unixInodeInfo *pInode = pFile->pInode;
+  afpLockingContext *context = (afpLockingContext *) pFile->lockingContext;
+  
+  assert( pFile );
+  OSTRACE(("LOCK    %d %s was %s(%s,%d) pid=%d (afp)\n", pFile->h,
+           azFileLock(eFileLock), azFileLock(pFile->eFileLock),
+           azFileLock(pInode->eFileLock), pInode->nShared , osGetpid(0)));
+
+  /* If there is already a lock of this type or more restrictive on the
+  ** unixFile, do nothing. Don't use the afp_end_lock: exit path, as
+  ** unixEnterMutex() hasn't been called yet.
+  */
+  if( pFile->eFileLock>=eFileLock ){
+    OSTRACE(("LOCK    %d %s ok (already held) (afp)\n", pFile->h,
+           azFileLock(eFileLock)));
+    return SQLITE_OK;
+  }
+
+  /* Make sure the locking sequence is correct
+  **  (1) We never move from unlocked to anything higher than shared lock.
+  **  (2) SQLite never explicitly requests a pendig lock.
+  **  (3) A shared lock is always held when a reserve lock is requested.
+  */
+  assert( pFile->eFileLock!=NO_LOCK || eFileLock==SHARED_LOCK );
+  assert( eFileLock!=PENDING_LOCK );
+  assert( eFileLock!=RESERVED_LOCK || pFile->eFileLock==SHARED_LOCK );
+  
+  /* This mutex is needed because pFile->pInode is shared across threads
+  */
+  unixEnterMutex();
+  pInode = pFile->pInode;
+
+  /* If some thread using this PID has a lock via a different unixFile*
+  ** handle that precludes the requested lock, return BUSY.
+  */
+  if( (pFile->eFileLock!=pInode->eFileLock && 
+       (pInode->eFileLock>=PENDING_LOCK || eFileLock>SHARED_LOCK))
+     ){
+    rc = SQLITE_BUSY;
+    goto afp_end_lock;
+  }
+  
+  /* If a SHARED lock is requested, and some thread using this PID already
+  ** has a SHARED or RESERVED lock, then increment reference counts and
+  ** return SQLITE_OK.
+  */
+  if( eFileLock==SHARED_LOCK && 
+     (pInode->eFileLock==SHARED_LOCK || pInode->eFileLock==RESERVED_LOCK) ){
+    assert( eFileLock==SHARED_LOCK );
+    assert( pFile->eFileLock==0 );
+    assert( pInode->nShared>0 );
+    pFile->eFileLock = SHARED_LOCK;
+    pInode->nShared++;
+    pInode->nLock++;
+    goto afp_end_lock;
+  }
+    
+  /* A PENDING lock is needed before acquiring a SHARED lock and before
+  ** acquiring an EXCLUSIVE lock.  For the SHARED lock, the PENDING will
+  ** be released.
+  */
+  if( eFileLock==SHARED_LOCK 
+      || (eFileLock==EXCLUSIVE_LOCK && pFile->eFileLock<PENDING_LOCK)
+  ){
+    int failed;
+    failed = afpSetLock(context->dbPath, pFile, PENDING_BYTE, 1, 1);
+    if (failed) {
+      rc = failed;
+      goto afp_end_lock;
+    }
+  }
+  
+  /* If control gets to this point, then actually go ahead and make
+  ** operating system calls for the specified lock.
+  */
+  if( eFileLock==SHARED_LOCK ){
+    int lrc1, lrc2, lrc1Errno = 0;
+    long lk, mask;
+    
+    assert( pInode->nShared==0 );
+    assert( pInode->eFileLock==0 );
+        
+    mask = (sizeof(long)==8) ? LARGEST_INT64 : 0x7fffffff;
+    /* Now get the read-lock SHARED_LOCK */
+    /* note that the quality of the randomness doesn't matter that much */
+    lk = random(); 
+    pInode->sharedByte = (lk & mask)%(SHARED_SIZE - 1);
+    lrc1 = afpSetLock(context->dbPath, pFile, 
+          SHARED_FIRST+pInode->sharedByte, 1, 1);
+    if( IS_LOCK_ERROR(lrc1) ){
+      lrc1Errno = pFile->lastErrno;
+    }
+    /* Drop the temporary PENDING lock */
+    lrc2 = afpSetLock(context->dbPath, pFile, PENDING_BYTE, 1, 0);
+    
+    if( IS_LOCK_ERROR(lrc1) ) {
+      storeLastErrno(pFile, lrc1Errno);
+      rc = lrc1;
+      goto afp_end_lock;
+    } else if( IS_LOCK_ERROR(lrc2) ){
+      rc = lrc2;
+      goto afp_end_lock;
+    } else if( lrc1 != SQLITE_OK ) {
+      rc = lrc1;
+    } else {
+      pFile->eFileLock = SHARED_LOCK;
+      pInode->nLock++;
+      pInode->nShared = 1;
+    }
+  }else if( eFileLock==EXCLUSIVE_LOCK && pInode->nShared>1 ){
+    /* We are trying for an exclusive lock but another thread in this
+     ** same process is still holding a shared lock. */
+    rc = SQLITE_BUSY;
+  }else{
+    /* The request was for a RESERVED or EXCLUSIVE lock.  It is
+    ** assumed that there is a SHARED or greater lock on the file
+    ** already.
+    */
+    int failed = 0;
+    assert( 0!=pFile->eFileLock );
+    if (eFileLock >= RESERVED_LOCK && pFile->eFileLock < RESERVED_LOCK) {
+        /* Acquire a RESERVED lock */
+        failed = afpSetLock(context->dbPath, pFile, RESERVED_BYTE, 1,1);
+      if( !failed ){
+        context->reserved = 1;
+      }
+    }
+    if (!failed && eFileLock == EXCLUSIVE_LOCK) {
+      /* Acquire an EXCLUSIVE lock */
+        
+      /* Remove the shared lock before trying the range.  we'll need to 
+      ** reestablish the shared lock if we can't get the  afpUnlock
+      */
+      if( !(failed = afpSetLock(context->dbPath, pFile, SHARED_FIRST +
+                         pInode->sharedByte, 1, 0)) ){
+        int failed2 = SQLITE_OK;
+        /* now attemmpt to get the exclusive lock range */
+        failed = afpSetLock(context->dbPath, pFile, SHARED_FIRST, 
+                               SHARED_SIZE, 1);
+        if( failed && (failed2 = afpSetLock(context->dbPath, pFile, 
+                       SHARED_FIRST + pInode->sharedByte, 1, 1)) ){
+          /* Can't reestablish the shared lock.  Sqlite can't deal, this is
+          ** a critical I/O error
+          */
+          rc = ((failed & SQLITE_IOERR) == SQLITE_IOERR) ? failed2 : 
+               SQLITE_IOERR_LOCK;
+          goto afp_end_lock;
+        } 
+      }else{
+        rc = failed; 
+      }
+    }
+    if( failed ){
+      rc = failed;
+    }
+  }
+  
+  if( rc==SQLITE_OK ){
+    pFile->eFileLock = eFileLock;
+    pInode->eFileLock = eFileLock;
+  }else if( eFileLock==EXCLUSIVE_LOCK ){
+    pFile->eFileLock = PENDING_LOCK;
+    pInode->eFileLock = PENDING_LOCK;
+  }
+  
+afp_end_lock:
+  unixLeaveMutex();
+  OSTRACE(("LOCK    %d %s %s (afp)\n", pFile->h, azFileLock(eFileLock), 
+         rc==SQLITE_OK ? "ok" : "failed"));
+  return rc;
+}
+
+/*
+** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+*/
+static int afpUnlock(sqlite3_file *id, int eFileLock) {
+  int rc = SQLITE_OK;
+  unixFile *pFile = (unixFile*)id;
+  unixInodeInfo *pInode;
+  afpLockingContext *context = (afpLockingContext *) pFile->lockingContext;
+  int skipShared = 0;
+#ifdef SQLITE_TEST
+  int h = pFile->h;
+#endif
+
+  assert( pFile );
+  OSTRACE(("UNLOCK  %d %d was %d(%d,%d) pid=%d (afp)\n", pFile->h, eFileLock,
+           pFile->eFileLock, pFile->pInode->eFileLock, pFile->pInode->nShared,
+           osGetpid(0)));
+
+  assert( eFileLock<=SHARED_LOCK );
+  if( pFile->eFileLock<=eFileLock ){
+    return SQLITE_OK;
+  }
+  unixEnterMutex();
+  pInode = pFile->pInode;
+  assert( pInode->nShared!=0 );
+  if( pFile->eFileLock>SHARED_LOCK ){
+    assert( pInode->eFileLock==pFile->eFileLock );
+    SimulateIOErrorBenign(1);
+    SimulateIOError( h=(-1) )
+    SimulateIOErrorBenign(0);
+    
+#ifdef SQLITE_DEBUG
+    /* When reducing a lock such that other processes can start
+    ** reading the database file again, make sure that the
+    ** transaction counter was updated if any part of the database
+    ** file changed.  If the transaction counter is not updated,
+    ** other connections to the same file might not realize that
+    ** the file has changed and hence might not know to flush their
+    ** cache.  The use of a stale cache can lead to database corruption.
+    */
+    assert( pFile->inNormalWrite==0
+           || pFile->dbUpdate==0
+           || pFile->transCntrChng==1 );
+    pFile->inNormalWrite = 0;
+#endif
+    
+    if( pFile->eFileLock==EXCLUSIVE_LOCK ){
+      rc = afpSetLock(context->dbPath, pFile, SHARED_FIRST, SHARED_SIZE, 0);
+      if( rc==SQLITE_OK && (eFileLock==SHARED_LOCK || pInode->nShared>1) ){
+        /* only re-establish the shared lock if necessary */
+        int sharedLockByte = SHARED_FIRST+pInode->sharedByte;
+        rc = afpSetLock(context->dbPath, pFile, sharedLockByte, 1, 1);
+      } else {
+        skipShared = 1;
+      }
+    }
+    if( rc==SQLITE_OK && pFile->eFileLock>=PENDING_LOCK ){
+      rc = afpSetLock(context->dbPath, pFile, PENDING_BYTE, 1, 0);
+    } 
+    if( rc==SQLITE_OK && pFile->eFileLock>=RESERVED_LOCK && context->reserved ){
+      rc = afpSetLock(context->dbPath, pFile, RESERVED_BYTE, 1, 0);
+      if( !rc ){ 
+        context->reserved = 0; 
+      }
+    }
+    if( rc==SQLITE_OK && (eFileLock==SHARED_LOCK || pInode->nShared>1)){
+      pInode->eFileLock = SHARED_LOCK;
+    }
+  }
+  if( rc==SQLITE_OK && eFileLock==NO_LOCK ){
+
+    /* Decrement the shared lock counter.  Release the lock using an
+    ** OS call only when all threads in this same process have released
+    ** the lock.
+    */
+    unsigned long long sharedLockByte = SHARED_FIRST+pInode->sharedByte;
+    pInode->nShared--;
+    if( pInode->nShared==0 ){
+      SimulateIOErrorBenign(1);
+      SimulateIOError( h=(-1) )
+      SimulateIOErrorBenign(0);
+      if( !skipShared ){
+        rc = afpSetLock(context->dbPath, pFile, sharedLockByte, 1, 0);
+      }
+      if( !rc ){
+        pInode->eFileLock = NO_LOCK;
+        pFile->eFileLock = NO_LOCK;
+      }
+    }
+    if( rc==SQLITE_OK ){
+      pInode->nLock--;
+      assert( pInode->nLock>=0 );
+      if( pInode->nLock==0 ){
+        closePendingFds(pFile);
+      }
+    }
+  }
+  
+  unixLeaveMutex();
+  if( rc==SQLITE_OK ) pFile->eFileLock = eFileLock;
+  return rc;
+}
+
+/*
+** Close a file & cleanup AFP specific locking context 
+*/
+static int afpClose(sqlite3_file *id) {
+  int rc = SQLITE_OK;
+  unixFile *pFile = (unixFile*)id;
+  assert( id!=0 );
+  afpUnlock(id, NO_LOCK);
+  unixEnterMutex();
+  if( pFile->pInode && pFile->pInode->nLock ){
+    /* If there are outstanding locks, do not actually close the file just
+    ** yet because that would clear those locks.  Instead, add the file
+    ** descriptor to pInode->aPending.  It will be automatically closed when
+    ** the last lock is cleared.
+    */
+    setPendingFd(pFile);
+  }
+  releaseInodeInfo(pFile);
+  sqlite3_free(pFile->lockingContext);
+  rc = closeUnixFile(id);
+  unixLeaveMutex();
+  return rc;
+}
+
+#endif /* defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE */
+/*
+** The code above is the AFP lock implementation.  The code is specific
+** to MacOSX and does not work on other unix platforms.  No alternative
+** is available.  If you don't compile for a mac, then the "unix-afp"
+** VFS is not available.
+**
+********************* End of the AFP lock implementation **********************
+******************************************************************************/
+
+/******************************************************************************
+*************************** Begin NFS Locking ********************************/
+
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+/*
+ ** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+ ** must be either NO_LOCK or SHARED_LOCK.
+ **
+ ** If the locking level of the file descriptor is already at or below
+ ** the requested locking level, this routine is a no-op.
+ */
+static int nfsUnlock(sqlite3_file *id, int eFileLock){
+  return posixUnlock(id, eFileLock, 1);
+}
+
+#endif /* defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE */
+/*
+** The code above is the NFS lock implementation.  The code is specific
+** to MacOSX and does not work on other unix platforms.  No alternative
+** is available.  
+**
+********************* End of the NFS lock implementation **********************
+******************************************************************************/
+
+/******************************************************************************
+**************** Non-locking sqlite3_file methods *****************************
+**
+** The next division contains implementations for all methods of the 
+** sqlite3_file object other than the locking methods.  The locking
+** methods were defined in divisions above (one locking method per
+** division).  Those methods that are common to all locking modes
+** are gather together into this division.
+*/
+
+/*
+** Seek to the offset passed as the second argument, then read cnt 
+** bytes into pBuf. Return the number of bytes actually read.
+**
+** NB:  If you define USE_PREAD or USE_PREAD64, then it might also
+** be necessary to define _XOPEN_SOURCE to be 500.  This varies from
+** one system to another.  Since SQLite does not define USE_PREAD
+** in any form by default, we will not attempt to define _XOPEN_SOURCE.
+** See tickets #2741 and #2681.
+**
+** To avoid stomping the errno value on a failed read the lastErrno value
+** is set before returning.
+*/
+static int seekAndRead(unixFile *id, sqlite3_int64 offset, void *pBuf, int cnt){
+  int got;
+  int prior = 0;
+#if (!defined(USE_PREAD) && !defined(USE_PREAD64))
+  i64 newOffset;
+#endif
+  TIMER_START;
+  assert( cnt==(cnt&0x1ffff) );
+  assert( id->h>2 );
+  do{
+#if defined(USE_PREAD)
+    got = osPread(id->h, pBuf, cnt, offset);
+    SimulateIOError( got = -1 );
+#elif defined(USE_PREAD64)
+    got = osPread64(id->h, pBuf, cnt, offset);
+    SimulateIOError( got = -1 );
+#else
+    newOffset = lseek(id->h, offset, SEEK_SET);
+    SimulateIOError( newOffset = -1 );
+    if( newOffset<0 ){
+      storeLastErrno((unixFile*)id, errno);
+      return -1;
+    }
+    got = osRead(id->h, pBuf, cnt);
+#endif
+    if( got==cnt ) break;
+    if( got<0 ){
+      if( errno==EINTR ){ got = 1; continue; }
+      prior = 0;
+      storeLastErrno((unixFile*)id,  errno);
+      break;
+    }else if( got>0 ){
+      cnt -= got;
+      offset += got;
+      prior += got;
+      pBuf = (void*)(got + (char*)pBuf);
+    }
+  }while( got>0 );
+  TIMER_END;
+  OSTRACE(("READ    %-3d %5d %7lld %llu\n",
+            id->h, got+prior, offset-prior, TIMER_ELAPSED));
+  return got+prior;
+}
+
+/*
+** Read data from a file into a buffer.  Return SQLITE_OK if all
+** bytes were read successfully and SQLITE_IOERR if anything goes
+** wrong.
+*/
+static int unixRead(
+  sqlite3_file *id, 
+  void *pBuf, 
+  int amt,
+  sqlite3_int64 offset
+){
+  unixFile *pFile = (unixFile *)id;
+  int got;
+  assert( id );
+  assert( offset>=0 );
+  assert( amt>0 );
+
+  /* If this is a database file (not a journal, master-journal or temp
+  ** file), the bytes in the locking range should never be read or written. */
+#if 0
+  assert( pFile->pUnused==0
+       || offset>=PENDING_BYTE+512
+       || offset+amt<=PENDING_BYTE 
+  );
+#endif
+
+#if SQLITE_MAX_MMAP_SIZE>0
+  /* Deal with as much of this read request as possible by transfering
+  ** data from the memory mapping using memcpy().  */
+  if( offset<pFile->mmapSize ){
+    if( offset+amt <= pFile->mmapSize ){
+      memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], amt);
+      return SQLITE_OK;
+    }else{
+      int nCopy = pFile->mmapSize - offset;
+      memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], nCopy);
+      pBuf = &((u8 *)pBuf)[nCopy];
+      amt -= nCopy;
+      offset += nCopy;
+    }
+  }
+#endif
+
+  got = seekAndRead(pFile, offset, pBuf, amt);
+  if( got==amt ){
+    return SQLITE_OK;
+  }else if( got<0 ){
+    /* lastErrno set by seekAndRead */
+    return SQLITE_IOERR_READ;
+  }else{
+    storeLastErrno(pFile, 0);   /* not a system error */
+    /* Unread parts of the buffer must be zero-filled */
+    memset(&((char*)pBuf)[got], 0, amt-got);
+    return SQLITE_IOERR_SHORT_READ;
+  }
+}
+
+/*
+** Attempt to seek the file-descriptor passed as the first argument to
+** absolute offset iOff, then attempt to write nBuf bytes of data from
+** pBuf to it. If an error occurs, return -1 and set *piErrno. Otherwise, 
+** return the actual number of bytes written (which may be less than
+** nBuf).
+*/
+static int seekAndWriteFd(
+  int fd,                         /* File descriptor to write to */
+  i64 iOff,                       /* File offset to begin writing at */
+  const void *pBuf,               /* Copy data from this buffer to the file */
+  int nBuf,                       /* Size of buffer pBuf in bytes */
+  int *piErrno                    /* OUT: Error number if error occurs */
+){
+  int rc = 0;                     /* Value returned by system call */
+
+  assert( nBuf==(nBuf&0x1ffff) );
+  assert( fd>2 );
+  assert( piErrno!=0 );
+  nBuf &= 0x1ffff;
+  TIMER_START;
+
+#if defined(USE_PREAD)
+  do{ rc = (int)osPwrite(fd, pBuf, nBuf, iOff); }while( rc<0 && errno==EINTR );
+#elif defined(USE_PREAD64)
+  do{ rc = (int)osPwrite64(fd, pBuf, nBuf, iOff);}while( rc<0 && errno==EINTR);
+#else
+  do{
+    i64 iSeek = lseek(fd, iOff, SEEK_SET);
+    SimulateIOError( iSeek = -1 );
+    if( iSeek<0 ){
+      rc = -1;
+      break;
+    }
+    rc = osWrite(fd, pBuf, nBuf);
+  }while( rc<0 && errno==EINTR );
+#endif
+
+  TIMER_END;
+  OSTRACE(("WRITE   %-3d %5d %7lld %llu\n", fd, rc, iOff, TIMER_ELAPSED));
+
+  if( rc<0 ) *piErrno = errno;
+  return rc;
+}
+
+
+/*
+** Seek to the offset in id->offset then read cnt bytes into pBuf.
+** Return the number of bytes actually read.  Update the offset.
+**
+** To avoid stomping the errno value on a failed write the lastErrno value
+** is set before returning.
+*/
+static int seekAndWrite(unixFile *id, i64 offset, const void *pBuf, int cnt){
+  return seekAndWriteFd(id->h, offset, pBuf, cnt, &id->lastErrno);
+}
+
+
+/*
+** Write data from a buffer into a file.  Return SQLITE_OK on success
+** or some other error code on failure.
+*/
+static int unixWrite(
+  sqlite3_file *id, 
+  const void *pBuf, 
+  int amt,
+  sqlite3_int64 offset 
+){
+  unixFile *pFile = (unixFile*)id;
+  int wrote = 0;
+  assert( id );
+  assert( amt>0 );
+
+  /* If this is a database file (not a journal, master-journal or temp
+  ** file), the bytes in the locking range should never be read or written. */
+#if 0
+  assert( pFile->pUnused==0
+       || offset>=PENDING_BYTE+512
+       || offset+amt<=PENDING_BYTE 
+  );
+#endif
+
+#ifdef SQLITE_DEBUG
+  /* If we are doing a normal write to a database file (as opposed to
+  ** doing a hot-journal rollback or a write to some file other than a
+  ** normal database file) then record the fact that the database
+  ** has changed.  If the transaction counter is modified, record that
+  ** fact too.
+  */
+  if( pFile->inNormalWrite ){
+    pFile->dbUpdate = 1;  /* The database has been modified */
+    if( offset<=24 && offset+amt>=27 ){
+      int rc;
+      char oldCntr[4];
+      SimulateIOErrorBenign(1);
+      rc = seekAndRead(pFile, 24, oldCntr, 4);
+      SimulateIOErrorBenign(0);
+      if( rc!=4 || memcmp(oldCntr, &((char*)pBuf)[24-offset], 4)!=0 ){
+        pFile->transCntrChng = 1;  /* The transaction counter has changed */
+      }
+    }
+  }
+#endif
+
+#if defined(SQLITE_MMAP_READWRITE) && SQLITE_MAX_MMAP_SIZE>0
+  /* Deal with as much of this write request as possible by transfering
+  ** data from the memory mapping using memcpy().  */
+  if( offset<pFile->mmapSize ){
+    if( offset+amt <= pFile->mmapSize ){
+      memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, amt);
+      return SQLITE_OK;
+    }else{
+      int nCopy = pFile->mmapSize - offset;
+      memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, nCopy);
+      pBuf = &((u8 *)pBuf)[nCopy];
+      amt -= nCopy;
+      offset += nCopy;
+    }
+  }
+#endif
+ 
+  while( (wrote = seekAndWrite(pFile, offset, pBuf, amt))<amt && wrote>0 ){
+    amt -= wrote;
+    offset += wrote;
+    pBuf = &((char*)pBuf)[wrote];
+  }
+  SimulateIOError(( wrote=(-1), amt=1 ));
+  SimulateDiskfullError(( wrote=0, amt=1 ));
+
+  if( amt>wrote ){
+    if( wrote<0 && pFile->lastErrno!=ENOSPC ){
+      /* lastErrno set by seekAndWrite */
+      return SQLITE_IOERR_WRITE;
+    }else{
+      storeLastErrno(pFile, 0); /* not a system error */
+      return SQLITE_FULL;
+    }
+  }
+
+  return SQLITE_OK;
+}
+
+#ifdef SQLITE_TEST
+/*
+** Count the number of fullsyncs and normal syncs.  This is used to test
+** that syncs and fullsyncs are occurring at the right times.
+*/
+SQLITE_API int sqlite3_sync_count = 0;
+SQLITE_API int sqlite3_fullsync_count = 0;
+#endif
+
+/*
+** We do not trust systems to provide a working fdatasync().  Some do.
+** Others do no.  To be safe, we will stick with the (slightly slower)
+** fsync(). If you know that your system does support fdatasync() correctly,
+** then simply compile with -Dfdatasync=fdatasync or -DHAVE_FDATASYNC
+*/
+#if !defined(fdatasync) && !HAVE_FDATASYNC
+# define fdatasync fsync
+#endif
+
+/*
+** Define HAVE_FULLFSYNC to 0 or 1 depending on whether or not
+** the F_FULLFSYNC macro is defined.  F_FULLFSYNC is currently
+** only available on Mac OS X.  But that could change.
+*/
+#ifdef F_FULLFSYNC
+# define HAVE_FULLFSYNC 1
+#else
+# define HAVE_FULLFSYNC 0
+#endif
+
+
+/*
+** The fsync() system call does not work as advertised on many
+** unix systems.  The following procedure is an attempt to make
+** it work better.
+**
+** The SQLITE_NO_SYNC macro disables all fsync()s.  This is useful
+** for testing when we want to run through the test suite quickly.
+** You are strongly advised *not* to deploy with SQLITE_NO_SYNC
+** enabled, however, since with SQLITE_NO_SYNC enabled, an OS crash
+** or power failure will likely corrupt the database file.
+**
+** SQLite sets the dataOnly flag if the size of the file is unchanged.
+** The idea behind dataOnly is that it should only write the file content
+** to disk, not the inode.  We only set dataOnly if the file size is 
+** unchanged since the file size is part of the inode.  However, 
+** Ted Ts'o tells us that fdatasync() will also write the inode if the
+** file size has changed.  The only real difference between fdatasync()
+** and fsync(), Ted tells us, is that fdatasync() will not flush the
+** inode if the mtime or owner or other inode attributes have changed.
+** We only care about the file size, not the other file attributes, so
+** as far as SQLite is concerned, an fdatasync() is always adequate.
+** So, we always use fdatasync() if it is available, regardless of
+** the value of the dataOnly flag.
+*/
+static int full_fsync(int fd, int fullSync, int dataOnly){
+  int rc;
+
+  /* The following "ifdef/elif/else/" block has the same structure as
+  ** the one below. It is replicated here solely to avoid cluttering 
+  ** up the real code with the UNUSED_PARAMETER() macros.
+  */
+#ifdef SQLITE_NO_SYNC
+  UNUSED_PARAMETER(fd);
+  UNUSED_PARAMETER(fullSync);
+  UNUSED_PARAMETER(dataOnly);
+#elif HAVE_FULLFSYNC
+  UNUSED_PARAMETER(dataOnly);
+#else
+  UNUSED_PARAMETER(fullSync);
+  UNUSED_PARAMETER(dataOnly);
+#endif
+
+  /* Record the number of times that we do a normal fsync() and 
+  ** FULLSYNC.  This is used during testing to verify that this procedure
+  ** gets called with the correct arguments.
+  */
+#ifdef SQLITE_TEST
+  if( fullSync ) sqlite3_fullsync_count++;
+  sqlite3_sync_count++;
+#endif
+
+  /* If we compiled with the SQLITE_NO_SYNC flag, then syncing is a
+  ** no-op.  But go ahead and call fstat() to validate the file
+  ** descriptor as we need a method to provoke a failure during
+  ** coverate testing.
+  */
+#ifdef SQLITE_NO_SYNC
+  {
+    struct stat buf;
+    rc = osFstat(fd, &buf);
+  }
+#elif HAVE_FULLFSYNC
+  if( fullSync ){
+    rc = osFcntl(fd, F_FULLFSYNC, 0);
+  }else{
+    rc = 1;
+  }
+  /* If the FULLFSYNC failed, fall back to attempting an fsync().
+  ** It shouldn't be possible for fullfsync to fail on the local 
+  ** file system (on OSX), so failure indicates that FULLFSYNC
+  ** isn't supported for this file system. So, attempt an fsync 
+  ** and (for now) ignore the overhead of a superfluous fcntl call.  
+  ** It'd be better to detect fullfsync support once and avoid 
+  ** the fcntl call every time sync is called.
+  */
+  if( rc ) rc = fsync(fd);
+
+#elif defined(__APPLE__)
+  /* fdatasync() on HFS+ doesn't yet flush the file size if it changed correctly
+  ** so currently we default to the macro that redefines fdatasync to fsync
+  */
+  rc = fsync(fd);
+#else 
+  rc = fdatasync(fd);
+#if OS_VXWORKS
+  if( rc==-1 && errno==ENOTSUP ){
+    rc = fsync(fd);
+  }
+#endif /* OS_VXWORKS */
+#endif /* ifdef SQLITE_NO_SYNC elif HAVE_FULLFSYNC */
+
+  if( OS_VXWORKS && rc!= -1 ){
+    rc = 0;
+  }
+  return rc;
+}
+
+/*
+** Open a file descriptor to the directory containing file zFilename.
+** If successful, *pFd is set to the opened file descriptor and
+** SQLITE_OK is returned. If an error occurs, either SQLITE_NOMEM
+** or SQLITE_CANTOPEN is returned and *pFd is set to an undefined
+** value.
+**
+** The directory file descriptor is used for only one thing - to
+** fsync() a directory to make sure file creation and deletion events
+** are flushed to disk.  Such fsyncs are not needed on newer
+** journaling filesystems, but are required on older filesystems.
+**
+** This routine can be overridden using the xSetSysCall interface.
+** The ability to override this routine was added in support of the
+** chromium sandbox.  Opening a directory is a security risk (we are
+** told) so making it overrideable allows the chromium sandbox to
+** replace this routine with a harmless no-op.  To make this routine
+** a no-op, replace it with a stub that returns SQLITE_OK but leaves
+** *pFd set to a negative number.
+**
+** If SQLITE_OK is returned, the caller is responsible for closing
+** the file descriptor *pFd using close().
+*/
+static int openDirectory(const char *zFilename, int *pFd){
+  int ii;
+  int fd = -1;
+  char zDirname[MAX_PATHNAME+1];
+
+  sqlite3_snprintf(MAX_PATHNAME, zDirname, "%s", zFilename);
+  for(ii=(int)strlen(zDirname); ii>0 && zDirname[ii]!='/'; ii--);
+  if( ii>0 ){
+    zDirname[ii] = '\0';
+  }else{
+    if( zDirname[0]!='/' ) zDirname[0] = '.';
+    zDirname[1] = 0;
+  }
+  fd = robust_open(zDirname, O_RDONLY|O_BINARY, 0);
+  if( fd>=0 ){
+    OSTRACE(("OPENDIR %-3d %s\n", fd, zDirname));
+  }
+  *pFd = fd;
+  if( fd>=0 ) return SQLITE_OK;
+  return unixLogError(SQLITE_CANTOPEN_BKPT, "openDirectory", zDirname);
+}
+
+/*
+** Make sure all writes to a particular file are committed to disk.
+**
+** If dataOnly==0 then both the file itself and its metadata (file
+** size, access time, etc) are synced.  If dataOnly!=0 then only the
+** file data is synced.
+**
+** Under Unix, also make sure that the directory entry for the file
+** has been created by fsync-ing the directory that contains the file.
+** If we do not do this and we encounter a power failure, the directory
+** entry for the journal might not exist after we reboot.  The next
+** SQLite to access the file will not know that the journal exists (because
+** the directory entry for the journal was never created) and the transaction
+** will not roll back - possibly leading to database corruption.
+*/
+static int unixSync(sqlite3_file *id, int flags){
+  int rc;
+  unixFile *pFile = (unixFile*)id;
+
+  int isDataOnly = (flags&SQLITE_SYNC_DATAONLY);
+  int isFullsync = (flags&0x0F)==SQLITE_SYNC_FULL;
+
+  /* Check that one of SQLITE_SYNC_NORMAL or FULL was passed */
+  assert((flags&0x0F)==SQLITE_SYNC_NORMAL
+      || (flags&0x0F)==SQLITE_SYNC_FULL
+  );
+
+  /* Unix cannot, but some systems may return SQLITE_FULL from here. This
+  ** line is to test that doing so does not cause any problems.
+  */
+  SimulateDiskfullError( return SQLITE_FULL );
+
+  assert( pFile );
+  OSTRACE(("SYNC    %-3d\n", pFile->h));
+  rc = full_fsync(pFile->h, isFullsync, isDataOnly);
+  SimulateIOError( rc=1 );
+  if( rc ){
+    storeLastErrno(pFile, errno);
+    return unixLogError(SQLITE_IOERR_FSYNC, "full_fsync", pFile->zPath);
+  }
+
+  /* Also fsync the directory containing the file if the DIRSYNC flag
+  ** is set.  This is a one-time occurrence.  Many systems (examples: AIX)
+  ** are unable to fsync a directory, so ignore errors on the fsync.
+  */
+  if( pFile->ctrlFlags & UNIXFILE_DIRSYNC ){
+    int dirfd;
+    OSTRACE(("DIRSYNC %s (have_fullfsync=%d fullsync=%d)\n", pFile->zPath,
+            HAVE_FULLFSYNC, isFullsync));
+    rc = osOpenDirectory(pFile->zPath, &dirfd);
+    if( rc==SQLITE_OK ){
+      full_fsync(dirfd, 0, 0);
+      robust_close(pFile, dirfd, __LINE__);
+    }else{
+      assert( rc==SQLITE_CANTOPEN );
+      rc = SQLITE_OK;
+    }
+    pFile->ctrlFlags &= ~UNIXFILE_DIRSYNC;
+  }
+  return rc;
+}
+
+/*
+** Truncate an open file to a specified size
+*/
+static int unixTruncate(sqlite3_file *id, i64 nByte){
+  unixFile *pFile = (unixFile *)id;
+  int rc;
+  assert( pFile );
+  SimulateIOError( return SQLITE_IOERR_TRUNCATE );
+
+  /* If the user has configured a chunk-size for this file, truncate the
+  ** file so that it consists of an integer number of chunks (i.e. the
+  ** actual file size after the operation may be larger than the requested
+  ** size).
+  */
+  if( pFile->szChunk>0 ){
+    nByte = ((nByte + pFile->szChunk - 1)/pFile->szChunk) * pFile->szChunk;
+  }
+
+  rc = robust_ftruncate(pFile->h, nByte);
+  if( rc ){
+    storeLastErrno(pFile, errno);
+    return unixLogError(SQLITE_IOERR_TRUNCATE, "ftruncate", pFile->zPath);
+  }else{
+#ifdef SQLITE_DEBUG
+    /* If we are doing a normal write to a database file (as opposed to
+    ** doing a hot-journal rollback or a write to some file other than a
+    ** normal database file) and we truncate the file to zero length,
+    ** that effectively updates the change counter.  This might happen
+    ** when restoring a database using the backup API from a zero-length
+    ** source.
+    */
+    if( pFile->inNormalWrite && nByte==0 ){
+      pFile->transCntrChng = 1;
+    }
+#endif
+
+#if SQLITE_MAX_MMAP_SIZE>0
+    /* If the file was just truncated to a size smaller than the currently
+    ** mapped region, reduce the effective mapping size as well. SQLite will
+    ** use read() and write() to access data beyond this point from now on.  
+    */
+    if( nByte<pFile->mmapSize ){
+      pFile->mmapSize = nByte;
+    }
+#endif
+
+    return SQLITE_OK;
+  }
+}
+
+/*
+** Determine the current size of a file in bytes
+*/
+static int unixFileSize(sqlite3_file *id, i64 *pSize){
+  int rc;
+  struct stat buf;
+  assert( id );
+  rc = osFstat(((unixFile*)id)->h, &buf);
+  SimulateIOError( rc=1 );
+  if( rc!=0 ){
+    storeLastErrno((unixFile*)id, errno);
+    return SQLITE_IOERR_FSTAT;
+  }
+  *pSize = buf.st_size;
+
+  /* When opening a zero-size database, the findInodeInfo() procedure
+  ** writes a single byte into that file in order to work around a bug
+  ** in the OS-X msdos filesystem.  In order to avoid problems with upper
+  ** layers, we need to report this file size as zero even though it is
+  ** really 1.   Ticket #3260.
+  */
+  if( *pSize==1 ) *pSize = 0;
+
+
+  return SQLITE_OK;
+}
+
+#if SQLITE_ENABLE_LOCKING_STYLE && defined(__APPLE__)
+/*
+** Handler for proxy-locking file-control verbs.  Defined below in the
+** proxying locking division.
+*/
+static int proxyFileControl(sqlite3_file*,int,void*);
+#endif
+
+/* 
+** This function is called to handle the SQLITE_FCNTL_SIZE_HINT 
+** file-control operation.  Enlarge the database to nBytes in size
+** (rounded up to the next chunk-size).  If the database is already
+** nBytes or larger, this routine is a no-op.
+*/
+static int fcntlSizeHint(unixFile *pFile, i64 nByte){
+  if( pFile->szChunk>0 ){
+    i64 nSize;                    /* Required file size */
+    struct stat buf;              /* Used to hold return values of fstat() */
+   
+    if( osFstat(pFile->h, &buf) ){
+      return SQLITE_IOERR_FSTAT;
+    }
+
+    nSize = ((nByte+pFile->szChunk-1) / pFile->szChunk) * pFile->szChunk;
+    if( nSize>(i64)buf.st_size ){
+
+#if defined(HAVE_POSIX_FALLOCATE) && HAVE_POSIX_FALLOCATE
+      /* The code below is handling the return value of osFallocate() 
+      ** correctly. posix_fallocate() is defined to "returns zero on success, 
+      ** or an error number on  failure". See the manpage for details. */
+      int err;
+      do{
+        err = osFallocate(pFile->h, buf.st_size, nSize-buf.st_size);
+      }while( err==EINTR );
+      if( err ) return SQLITE_IOERR_WRITE;
+#else
+      /* If the OS does not have posix_fallocate(), fake it. Write a 
+      ** single byte to the last byte in each block that falls entirely
+      ** within the extended region. Then, if required, a single byte
+      ** at offset (nSize-1), to set the size of the file correctly.
+      ** This is a similar technique to that used by glibc on systems
+      ** that do not have a real fallocate() call.
+      */
+      int nBlk = buf.st_blksize;  /* File-system block size */
+      int nWrite = 0;             /* Number of bytes written by seekAndWrite */
+      i64 iWrite;                 /* Next offset to write to */
+
+      iWrite = (buf.st_size/nBlk)*nBlk + nBlk - 1;
+      assert( iWrite>=buf.st_size );
+      assert( ((iWrite+1)%nBlk)==0 );
+      for(/*no-op*/; iWrite<nSize+nBlk-1; iWrite+=nBlk ){
+        if( iWrite>=nSize ) iWrite = nSize - 1;
+        nWrite = seekAndWrite(pFile, iWrite, "", 1);
+        if( nWrite!=1 ) return SQLITE_IOERR_WRITE;
+      }
+#endif
+    }
+  }
+
+#if SQLITE_MAX_MMAP_SIZE>0
+  if( pFile->mmapSizeMax>0 && nByte>pFile->mmapSize ){
+    int rc;
+    if( pFile->szChunk<=0 ){
+      if( robust_ftruncate(pFile->h, nByte) ){
+        storeLastErrno(pFile, errno);
+        return unixLogError(SQLITE_IOERR_TRUNCATE, "ftruncate", pFile->zPath);
+      }
+    }
+
+    rc = unixMapfile(pFile, nByte);
+    return rc;
+  }
+#endif
+
+  return SQLITE_OK;
+}
+
+/*
+** If *pArg is initially negative then this is a query.  Set *pArg to
+** 1 or 0 depending on whether or not bit mask of pFile->ctrlFlags is set.
+**
+** If *pArg is 0 or 1, then clear or set the mask bit of pFile->ctrlFlags.
+*/
+static void unixModeBit(unixFile *pFile, unsigned char mask, int *pArg){
+  if( *pArg<0 ){
+    *pArg = (pFile->ctrlFlags & mask)!=0;
+  }else if( (*pArg)==0 ){
+    pFile->ctrlFlags &= ~mask;
+  }else{
+    pFile->ctrlFlags |= mask;
+  }
+}
+
+/* Forward declaration */
+static int unixGetTempname(int nBuf, char *zBuf);
+
+/*
+** Information and control of an open file handle.
+*/
+static int unixFileControl(sqlite3_file *id, int op, void *pArg){
+  unixFile *pFile = (unixFile*)id;
+  switch( op ){
+    case SQLITE_FCNTL_LOCKSTATE: {
+      *(int*)pArg = pFile->eFileLock;
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_LAST_ERRNO: {
+      *(int*)pArg = pFile->lastErrno;
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_CHUNK_SIZE: {
+      pFile->szChunk = *(int *)pArg;
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_SIZE_HINT: {
+      int rc;
+      SimulateIOErrorBenign(1);
+      rc = fcntlSizeHint(pFile, *(i64 *)pArg);
+      SimulateIOErrorBenign(0);
+      return rc;
+    }
+    case SQLITE_FCNTL_PERSIST_WAL: {
+      unixModeBit(pFile, UNIXFILE_PERSIST_WAL, (int*)pArg);
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_POWERSAFE_OVERWRITE: {
+      unixModeBit(pFile, UNIXFILE_PSOW, (int*)pArg);
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_VFSNAME: {
+      *(char**)pArg = sqlite3_mprintf("%s", pFile->pVfs->zName);
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_TEMPFILENAME: {
+      char *zTFile = sqlite3_malloc64( pFile->pVfs->mxPathname );
+      if( zTFile ){
+        unixGetTempname(pFile->pVfs->mxPathname, zTFile);
+        *(char**)pArg = zTFile;
+      }
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_HAS_MOVED: {
+      *(int*)pArg = fileHasMoved(pFile);
+      return SQLITE_OK;
+    }
+#if SQLITE_MAX_MMAP_SIZE>0
+    case SQLITE_FCNTL_MMAP_SIZE: {
+      i64 newLimit = *(i64*)pArg;
+      int rc = SQLITE_OK;
+      if( newLimit>sqlite3GlobalConfig.mxMmap ){
+        newLimit = sqlite3GlobalConfig.mxMmap;
+      }
+      *(i64*)pArg = pFile->mmapSizeMax;
+      if( newLimit>=0 && newLimit!=pFile->mmapSizeMax && pFile->nFetchOut==0 ){
+        pFile->mmapSizeMax = newLimit;
+        if( pFile->mmapSize>0 ){
+          unixUnmapfile(pFile);
+          rc = unixMapfile(pFile, -1);
+        }
+      }
+      return rc;
+    }
+#endif
+#ifdef SQLITE_DEBUG
+    /* The pager calls this method to signal that it has done
+    ** a rollback and that the database is therefore unchanged and
+    ** it hence it is OK for the transaction change counter to be
+    ** unchanged.
+    */
+    case SQLITE_FCNTL_DB_UNCHANGED: {
+      ((unixFile*)id)->dbUpdate = 0;
+      return SQLITE_OK;
+    }
+#endif
+#if SQLITE_ENABLE_LOCKING_STYLE && defined(__APPLE__)
+    case SQLITE_FCNTL_SET_LOCKPROXYFILE:
+    case SQLITE_FCNTL_GET_LOCKPROXYFILE: {
+      return proxyFileControl(id,op,pArg);
+    }
+#endif /* SQLITE_ENABLE_LOCKING_STYLE && defined(__APPLE__) */
+  }
+  return SQLITE_NOTFOUND;
+}
+
+/*
+** Return the sector size in bytes of the underlying block device for
+** the specified file. This is almost always 512 bytes, but may be
+** larger for some devices.
+**
+** SQLite code assumes this function cannot fail. It also assumes that
+** if two files are created in the same file-system directory (i.e.
+** a database and its journal file) that the sector size will be the
+** same for both.
+*/
+#ifndef __QNXNTO__ 
+static int unixSectorSize(sqlite3_file *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  return SQLITE_DEFAULT_SECTOR_SIZE;
+}
+#endif
+
+/*
+** The following version of unixSectorSize() is optimized for QNX.
+*/
+#ifdef __QNXNTO__
+#include <sys/dcmd_blk.h>
+#include <sys/statvfs.h>
+static int unixSectorSize(sqlite3_file *id){
+  unixFile *pFile = (unixFile*)id;
+  if( pFile->sectorSize == 0 ){
+    struct statvfs fsInfo;
+       
+    /* Set defaults for non-supported filesystems */
+    pFile->sectorSize = SQLITE_DEFAULT_SECTOR_SIZE;
+    pFile->deviceCharacteristics = 0;
+    if( fstatvfs(pFile->h, &fsInfo) == -1 ) {
+      return pFile->sectorSize;
+    }
+
+    if( !strcmp(fsInfo.f_basetype, "tmp") ) {
+      pFile->sectorSize = fsInfo.f_bsize;
+      pFile->deviceCharacteristics =
+        SQLITE_IOCAP_ATOMIC4K |       /* All ram filesystem writes are atomic */
+        SQLITE_IOCAP_SAFE_APPEND |    /* growing the file does not occur until
+                                      ** the write succeeds */
+        SQLITE_IOCAP_SEQUENTIAL |     /* The ram filesystem has no write behind
+                                      ** so it is ordered */
+        0;
+    }else if( strstr(fsInfo.f_basetype, "etfs") ){
+      pFile->sectorSize = fsInfo.f_bsize;
+      pFile->deviceCharacteristics =
+        /* etfs cluster size writes are atomic */
+        (pFile->sectorSize / 512 * SQLITE_IOCAP_ATOMIC512) |
+        SQLITE_IOCAP_SAFE_APPEND |    /* growing the file does not occur until
+                                      ** the write succeeds */
+        SQLITE_IOCAP_SEQUENTIAL |     /* The ram filesystem has no write behind
+                                      ** so it is ordered */
+        0;
+    }else if( !strcmp(fsInfo.f_basetype, "qnx6") ){
+      pFile->sectorSize = fsInfo.f_bsize;
+      pFile->deviceCharacteristics =
+        SQLITE_IOCAP_ATOMIC |         /* All filesystem writes are atomic */
+        SQLITE_IOCAP_SAFE_APPEND |    /* growing the file does not occur until
+                                      ** the write succeeds */
+        SQLITE_IOCAP_SEQUENTIAL |     /* The ram filesystem has no write behind
+                                      ** so it is ordered */
+        0;
+    }else if( !strcmp(fsInfo.f_basetype, "qnx4") ){
+      pFile->sectorSize = fsInfo.f_bsize;
+      pFile->deviceCharacteristics =
+        /* full bitset of atomics from max sector size and smaller */
+        ((pFile->sectorSize / 512 * SQLITE_IOCAP_ATOMIC512) << 1) - 2 |
+        SQLITE_IOCAP_SEQUENTIAL |     /* The ram filesystem has no write behind
+                                      ** so it is ordered */
+        0;
+    }else if( strstr(fsInfo.f_basetype, "dos") ){
+      pFile->sectorSize = fsInfo.f_bsize;
+      pFile->deviceCharacteristics =
+        /* full bitset of atomics from max sector size and smaller */
+        ((pFile->sectorSize / 512 * SQLITE_IOCAP_ATOMIC512) << 1) - 2 |
+        SQLITE_IOCAP_SEQUENTIAL |     /* The ram filesystem has no write behind
+                                      ** so it is ordered */
+        0;
+    }else{
+      pFile->deviceCharacteristics =
+        SQLITE_IOCAP_ATOMIC512 |      /* blocks are atomic */
+        SQLITE_IOCAP_SAFE_APPEND |    /* growing the file does not occur until
+                                      ** the write succeeds */
+        0;
+    }
+  }
+  /* Last chance verification.  If the sector size isn't a multiple of 512
+  ** then it isn't valid.*/
+  if( pFile->sectorSize % 512 != 0 ){
+    pFile->deviceCharacteristics = 0;
+    pFile->sectorSize = SQLITE_DEFAULT_SECTOR_SIZE;
+  }
+  return pFile->sectorSize;
+}
+#endif /* __QNXNTO__ */
+
+/*
+** Return the device characteristics for the file.
+**
+** This VFS is set up to return SQLITE_IOCAP_POWERSAFE_OVERWRITE by default.
+** However, that choice is controversial since technically the underlying
+** file system does not always provide powersafe overwrites.  (In other
+** words, after a power-loss event, parts of the file that were never
+** written might end up being altered.)  However, non-PSOW behavior is very,
+** very rare.  And asserting PSOW makes a large reduction in the amount
+** of required I/O for journaling, since a lot of padding is eliminated.
+**  Hence, while POWERSAFE_OVERWRITE is on by default, there is a file-control
+** available to turn it off and URI query parameter available to turn it off.
+*/
+static int unixDeviceCharacteristics(sqlite3_file *id){
+  unixFile *p = (unixFile*)id;
+  int rc = 0;
+#ifdef __QNXNTO__
+  if( p->sectorSize==0 ) unixSectorSize(id);
+  rc = p->deviceCharacteristics;
+#endif
+  if( p->ctrlFlags & UNIXFILE_PSOW ){
+    rc |= SQLITE_IOCAP_POWERSAFE_OVERWRITE;
+  }
+  return rc;
+}
+
+#if !defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0
+
+/*
+** Return the system page size.
+**
+** This function should not be called directly by other code in this file. 
+** Instead, it should be called via macro osGetpagesize().
+*/
+static int unixGetpagesize(void){
+#if OS_VXWORKS
+  return 1024;
+#elif defined(_BSD_SOURCE)
+  return getpagesize();
+#else
+  return (int)sysconf(_SC_PAGESIZE);
+#endif
+}
+
+#endif /* !defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0 */
+
+#ifndef SQLITE_OMIT_WAL
+
+/*
+** Object used to represent an shared memory buffer.  
+**
+** When multiple threads all reference the same wal-index, each thread
+** has its own unixShm object, but they all point to a single instance
+** of this unixShmNode object.  In other words, each wal-index is opened
+** only once per process.
+**
+** Each unixShmNode object is connected to a single unixInodeInfo object.
+** We could coalesce this object into unixInodeInfo, but that would mean
+** every open file that does not use shared memory (in other words, most
+** open files) would have to carry around this extra information.  So
+** the unixInodeInfo object contains a pointer to this unixShmNode object
+** and the unixShmNode object is created only when needed.
+**
+** unixMutexHeld() must be true when creating or destroying
+** this object or while reading or writing the following fields:
+**
+**      nRef
+**
+** The following fields are read-only after the object is created:
+** 
+**      fid
+**      zFilename
+**
+** Either unixShmNode.mutex must be held or unixShmNode.nRef==0 and
+** unixMutexHeld() is true when reading or writing any other field
+** in this structure.
+*/
+struct unixShmNode {
+  unixInodeInfo *pInode;     /* unixInodeInfo that owns this SHM node */
+  sqlite3_mutex *mutex;      /* Mutex to access this object */
+  char *zFilename;           /* Name of the mmapped file */
+  int h;                     /* Open file descriptor */
+  int szRegion;              /* Size of shared-memory regions */
+  u16 nRegion;               /* Size of array apRegion */
+  u8 isReadonly;             /* True if read-only */
+  char **apRegion;           /* Array of mapped shared-memory regions */
+  int nRef;                  /* Number of unixShm objects pointing to this */
+  unixShm *pFirst;           /* All unixShm objects pointing to this */
+#ifdef SQLITE_DEBUG
+  u8 exclMask;               /* Mask of exclusive locks held */
+  u8 sharedMask;             /* Mask of shared locks held */
+  u8 nextShmId;              /* Next available unixShm.id value */
+#endif
+};
+
+/*
+** Structure used internally by this VFS to record the state of an
+** open shared memory connection.
+**
+** The following fields are initialized when this object is created and
+** are read-only thereafter:
+**
+**    unixShm.pFile
+**    unixShm.id
+**
+** All other fields are read/write.  The unixShm.pFile->mutex must be held
+** while accessing any read/write fields.
+*/
+struct unixShm {
+  unixShmNode *pShmNode;     /* The underlying unixShmNode object */
+  unixShm *pNext;            /* Next unixShm with the same unixShmNode */
+  u8 hasMutex;               /* True if holding the unixShmNode mutex */
+  u8 id;                     /* Id of this connection within its unixShmNode */
+  u16 sharedMask;            /* Mask of shared locks held */
+  u16 exclMask;              /* Mask of exclusive locks held */
+};
+
+/*
+** Constants used for locking
+*/
+#define UNIX_SHM_BASE   ((22+SQLITE_SHM_NLOCK)*4)         /* first lock byte */
+#define UNIX_SHM_DMS    (UNIX_SHM_BASE+SQLITE_SHM_NLOCK)  /* deadman switch */
+
+/*
+** Apply posix advisory locks for all bytes from ofst through ofst+n-1.
+**
+** Locks block if the mask is exactly UNIX_SHM_C and are non-blocking
+** otherwise.
+*/
+static int unixShmSystemLock(
+  unixFile *pFile,       /* Open connection to the WAL file */
+  int lockType,          /* F_UNLCK, F_RDLCK, or F_WRLCK */
+  int ofst,              /* First byte of the locking range */
+  int n                  /* Number of bytes to lock */
+){
+  unixShmNode *pShmNode; /* Apply locks to this open shared-memory segment */
+  struct flock f;        /* The posix advisory locking structure */
+  int rc = SQLITE_OK;    /* Result code form fcntl() */
+
+  /* Access to the unixShmNode object is serialized by the caller */
+  pShmNode = pFile->pInode->pShmNode;
+  assert( sqlite3_mutex_held(pShmNode->mutex) || pShmNode->nRef==0 );
+
+  /* Shared locks never span more than one byte */
+  assert( n==1 || lockType!=F_RDLCK );
+
+  /* Locks are within range */
+  assert( n>=1 && n<=SQLITE_SHM_NLOCK );
+
+  if( pShmNode->h>=0 ){
+    /* Initialize the locking parameters */
+    memset(&f, 0, sizeof(f));
+    f.l_type = lockType;
+    f.l_whence = SEEK_SET;
+    f.l_start = ofst;
+    f.l_len = n;
+
+    rc = osFcntl(pShmNode->h, F_SETLK, &f);
+    rc = (rc!=(-1)) ? SQLITE_OK : SQLITE_BUSY;
+  }
+
+  /* Update the global lock state and do debug tracing */
+#ifdef SQLITE_DEBUG
+  { u16 mask;
+  OSTRACE(("SHM-LOCK "));
+  mask = ofst>31 ? 0xffff : (1<<(ofst+n)) - (1<<ofst);
+  if( rc==SQLITE_OK ){
+    if( lockType==F_UNLCK ){
+      OSTRACE(("unlock %d ok", ofst));
+      pShmNode->exclMask &= ~mask;
+      pShmNode->sharedMask &= ~mask;
+    }else if( lockType==F_RDLCK ){
+      OSTRACE(("read-lock %d ok", ofst));
+      pShmNode->exclMask &= ~mask;
+      pShmNode->sharedMask |= mask;
+    }else{
+      assert( lockType==F_WRLCK );
+      OSTRACE(("write-lock %d ok", ofst));
+      pShmNode->exclMask |= mask;
+      pShmNode->sharedMask &= ~mask;
+    }
+  }else{
+    if( lockType==F_UNLCK ){
+      OSTRACE(("unlock %d failed", ofst));
+    }else if( lockType==F_RDLCK ){
+      OSTRACE(("read-lock failed"));
+    }else{
+      assert( lockType==F_WRLCK );
+      OSTRACE(("write-lock %d failed", ofst));
+    }
+  }
+  OSTRACE((" - afterwards %03x,%03x\n",
+           pShmNode->sharedMask, pShmNode->exclMask));
+  }
+#endif
+
+  return rc;        
+}
+
+/*
+** Return the minimum number of 32KB shm regions that should be mapped at
+** a time, assuming that each mapping must be an integer multiple of the
+** current system page-size.
+**
+** Usually, this is 1. The exception seems to be systems that are configured
+** to use 64KB pages - in this case each mapping must cover at least two
+** shm regions.
+*/
+static int unixShmRegionPerMap(void){
+  int shmsz = 32*1024;            /* SHM region size */
+  int pgsz = osGetpagesize();   /* System page size */
+  assert( ((pgsz-1)&pgsz)==0 );   /* Page size must be a power of 2 */
+  if( pgsz<shmsz ) return 1;
+  return pgsz/shmsz;
+}
+
+/*
+** Purge the unixShmNodeList list of all entries with unixShmNode.nRef==0.
+**
+** This is not a VFS shared-memory method; it is a utility function called
+** by VFS shared-memory methods.
+*/
+static void unixShmPurge(unixFile *pFd){
+  unixShmNode *p = pFd->pInode->pShmNode;
+  assert( unixMutexHeld() );
+  if( p && ALWAYS(p->nRef==0) ){
+    int nShmPerMap = unixShmRegionPerMap();
+    int i;
+    assert( p->pInode==pFd->pInode );
+    sqlite3_mutex_free(p->mutex);
+    for(i=0; i<p->nRegion; i+=nShmPerMap){
+      if( p->h>=0 ){
+        osMunmap(p->apRegion[i], p->szRegion);
+      }else{
+        sqlite3_free(p->apRegion[i]);
+      }
+    }
+    sqlite3_free(p->apRegion);
+    if( p->h>=0 ){
+      robust_close(pFd, p->h, __LINE__);
+      p->h = -1;
+    }
+    p->pInode->pShmNode = 0;
+    sqlite3_free(p);
+  }
+}
+
+/*
+** Open a shared-memory area associated with open database file pDbFd.  
+** This particular implementation uses mmapped files.
+**
+** The file used to implement shared-memory is in the same directory
+** as the open database file and has the same name as the open database
+** file with the "-shm" suffix added.  For example, if the database file
+** is "/home/user1/config.db" then the file that is created and mmapped
+** for shared memory will be called "/home/user1/config.db-shm".  
+**
+** Another approach to is to use files in /dev/shm or /dev/tmp or an
+** some other tmpfs mount. But if a file in a different directory
+** from the database file is used, then differing access permissions
+** or a chroot() might cause two different processes on the same
+** database to end up using different files for shared memory - 
+** meaning that their memory would not really be shared - resulting
+** in database corruption.  Nevertheless, this tmpfs file usage
+** can be enabled at compile-time using -DSQLITE_SHM_DIRECTORY="/dev/shm"
+** or the equivalent.  The use of the SQLITE_SHM_DIRECTORY compile-time
+** option results in an incompatible build of SQLite;  builds of SQLite
+** that with differing SQLITE_SHM_DIRECTORY settings attempt to use the
+** same database file at the same time, database corruption will likely
+** result. The SQLITE_SHM_DIRECTORY compile-time option is considered
+** "unsupported" and may go away in a future SQLite release.
+**
+** When opening a new shared-memory file, if no other instances of that
+** file are currently open, in this process or in other processes, then
+** the file must be truncated to zero length or have its header cleared.
+**
+** If the original database file (pDbFd) is using the "unix-excl" VFS
+** that means that an exclusive lock is held on the database file and
+** that no other processes are able to read or write the database.  In
+** that case, we do not really need shared memory.  No shared memory
+** file is created.  The shared memory will be simulated with heap memory.
+*/
+static int unixOpenSharedMemory(unixFile *pDbFd){
+  struct unixShm *p = 0;          /* The connection to be opened */
+  struct unixShmNode *pShmNode;   /* The underlying mmapped file */
+  int rc;                         /* Result code */
+  unixInodeInfo *pInode;          /* The inode of fd */
+  char *zShmFilename;             /* Name of the file used for SHM */
+  int nShmFilename;               /* Size of the SHM filename in bytes */
+
+  /* Allocate space for the new unixShm object. */
+  p = sqlite3_malloc64( sizeof(*p) );
+  if( p==0 ) return SQLITE_NOMEM;
+  memset(p, 0, sizeof(*p));
+  assert( pDbFd->pShm==0 );
+
+  /* Check to see if a unixShmNode object already exists. Reuse an existing
+  ** one if present. Create a new one if necessary.
+  */
+  unixEnterMutex();
+  pInode = pDbFd->pInode;
+  pShmNode = pInode->pShmNode;
+  if( pShmNode==0 ){
+    struct stat sStat;                 /* fstat() info for database file */
+#ifndef SQLITE_SHM_DIRECTORY
+    const char *zBasePath = pDbFd->zPath;
+#endif
+
+    /* Call fstat() to figure out the permissions on the database file. If
+    ** a new *-shm file is created, an attempt will be made to create it
+    ** with the same permissions.
+    */
+    if( osFstat(pDbFd->h, &sStat) ){
+      rc = SQLITE_IOERR_FSTAT;
+      goto shm_open_err;
+    }
+
+#ifdef SQLITE_SHM_DIRECTORY
+    nShmFilename = sizeof(SQLITE_SHM_DIRECTORY) + 31;
+#else
+    nShmFilename = 6 + (int)strlen(zBasePath);
+#endif
+    pShmNode = sqlite3_malloc64( sizeof(*pShmNode) + nShmFilename );
+    if( pShmNode==0 ){
+      rc = SQLITE_NOMEM;
+      goto shm_open_err;
+    }
+    memset(pShmNode, 0, sizeof(*pShmNode)+nShmFilename);
+    zShmFilename = pShmNode->zFilename = (char*)&pShmNode[1];
+#ifdef SQLITE_SHM_DIRECTORY
+    sqlite3_snprintf(nShmFilename, zShmFilename, 
+                     SQLITE_SHM_DIRECTORY "/sqlite-shm-%x-%x",
+                     (u32)sStat.st_ino, (u32)sStat.st_dev);
+#else
+    sqlite3_snprintf(nShmFilename, zShmFilename, "%s-shm", zBasePath);
+    sqlite3FileSuffix3(pDbFd->zPath, zShmFilename);
+#endif
+    pShmNode->h = -1;
+    pDbFd->pInode->pShmNode = pShmNode;
+    pShmNode->pInode = pDbFd->pInode;
+    pShmNode->mutex = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
+    if( pShmNode->mutex==0 ){
+      rc = SQLITE_NOMEM;
+      goto shm_open_err;
+    }
+
+    if( pInode->bProcessLock==0 ){
+      int openFlags = O_RDWR | O_CREAT;
+      if( sqlite3_uri_boolean(pDbFd->zPath, "readonly_shm", 0) ){
+        openFlags = O_RDONLY;
+        pShmNode->isReadonly = 1;
+      }
+      pShmNode->h = robust_open(zShmFilename, openFlags, (sStat.st_mode&0777));
+      if( pShmNode->h<0 ){
+        rc = unixLogError(SQLITE_CANTOPEN_BKPT, "open", zShmFilename);
+        goto shm_open_err;
+      }
+
+      /* If this process is running as root, make sure that the SHM file
+      ** is owned by the same user that owns the original database.  Otherwise,
+      ** the original owner will not be able to connect.
+      */
+      robustFchown(pShmNode->h, sStat.st_uid, sStat.st_gid);
+  
+      /* Check to see if another process is holding the dead-man switch.
+      ** If not, truncate the file to zero length. 
+      */
+      rc = SQLITE_OK;
+      if( unixShmSystemLock(pDbFd, F_WRLCK, UNIX_SHM_DMS, 1)==SQLITE_OK ){
+        if( robust_ftruncate(pShmNode->h, 0) ){
+          rc = unixLogError(SQLITE_IOERR_SHMOPEN, "ftruncate", zShmFilename);
+        }
+      }
+      if( rc==SQLITE_OK ){
+        rc = unixShmSystemLock(pDbFd, F_RDLCK, UNIX_SHM_DMS, 1);
+      }
+      if( rc ) goto shm_open_err;
+    }
+  }
+
+  /* Make the new connection a child of the unixShmNode */
+  p->pShmNode = pShmNode;
+#ifdef SQLITE_DEBUG
+  p->id = pShmNode->nextShmId++;
+#endif
+  pShmNode->nRef++;
+  pDbFd->pShm = p;
+  unixLeaveMutex();
+
+  /* The reference count on pShmNode has already been incremented under
+  ** the cover of the unixEnterMutex() mutex and the pointer from the
+  ** new (struct unixShm) object to the pShmNode has been set. All that is
+  ** left to do is to link the new object into the linked list starting
+  ** at pShmNode->pFirst. This must be done while holding the pShmNode->mutex 
+  ** mutex.
+  */
+  sqlite3_mutex_enter(pShmNode->mutex);
+  p->pNext = pShmNode->pFirst;
+  pShmNode->pFirst = p;
+  sqlite3_mutex_leave(pShmNode->mutex);
+  return SQLITE_OK;
+
+  /* Jump here on any error */
+shm_open_err:
+  unixShmPurge(pDbFd);       /* This call frees pShmNode if required */
+  sqlite3_free(p);
+  unixLeaveMutex();
+  return rc;
+}
+
+/*
+** This function is called to obtain a pointer to region iRegion of the 
+** shared-memory associated with the database file fd. Shared-memory regions 
+** are numbered starting from zero. Each shared-memory region is szRegion 
+** bytes in size.
+**
+** If an error occurs, an error code is returned and *pp is set to NULL.
+**
+** Otherwise, if the bExtend parameter is 0 and the requested shared-memory
+** region has not been allocated (by any client, including one running in a
+** separate process), then *pp is set to NULL and SQLITE_OK returned. If 
+** bExtend is non-zero and the requested shared-memory region has not yet 
+** been allocated, it is allocated by this function.
+**
+** If the shared-memory region has already been allocated or is allocated by
+** this call as described above, then it is mapped into this processes 
+** address space (if it is not already), *pp is set to point to the mapped 
+** memory and SQLITE_OK returned.
+*/
+static int unixShmMap(
+  sqlite3_file *fd,               /* Handle open on database file */
+  int iRegion,                    /* Region to retrieve */
+  int szRegion,                   /* Size of regions */
+  int bExtend,                    /* True to extend file if necessary */
+  void volatile **pp              /* OUT: Mapped memory */
+){
+  unixFile *pDbFd = (unixFile*)fd;
+  unixShm *p;
+  unixShmNode *pShmNode;
+  int rc = SQLITE_OK;
+  int nShmPerMap = unixShmRegionPerMap();
+  int nReqRegion;
+
+  /* If the shared-memory file has not yet been opened, open it now. */
+  if( pDbFd->pShm==0 ){
+    rc = unixOpenSharedMemory(pDbFd);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+
+  p = pDbFd->pShm;
+  pShmNode = p->pShmNode;
+  sqlite3_mutex_enter(pShmNode->mutex);
+  assert( szRegion==pShmNode->szRegion || pShmNode->nRegion==0 );
+  assert( pShmNode->pInode==pDbFd->pInode );
+  assert( pShmNode->h>=0 || pDbFd->pInode->bProcessLock==1 );
+  assert( pShmNode->h<0 || pDbFd->pInode->bProcessLock==0 );
+
+  /* Minimum number of regions required to be mapped. */
+  nReqRegion = ((iRegion+nShmPerMap) / nShmPerMap) * nShmPerMap;
+
+  if( pShmNode->nRegion<nReqRegion ){
+    char **apNew;                      /* New apRegion[] array */
+    int nByte = nReqRegion*szRegion;   /* Minimum required file size */
+    struct stat sStat;                 /* Used by fstat() */
+
+    pShmNode->szRegion = szRegion;
+
+    if( pShmNode->h>=0 ){
+      /* The requested region is not mapped into this processes address space.
+      ** Check to see if it has been allocated (i.e. if the wal-index file is
+      ** large enough to contain the requested region).
+      */
+      if( osFstat(pShmNode->h, &sStat) ){
+        rc = SQLITE_IOERR_SHMSIZE;
+        goto shmpage_out;
+      }
+  
+      if( sStat.st_size<nByte ){
+        /* The requested memory region does not exist. If bExtend is set to
+        ** false, exit early. *pp will be set to NULL and SQLITE_OK returned.
+        */
+        if( !bExtend ){
+          goto shmpage_out;
+        }
+
+        /* Alternatively, if bExtend is true, extend the file. Do this by
+        ** writing a single byte to the end of each (OS) page being
+        ** allocated or extended. Technically, we need only write to the
+        ** last page in order to extend the file. But writing to all new
+        ** pages forces the OS to allocate them immediately, which reduces
+        ** the chances of SIGBUS while accessing the mapped region later on.
+        */
+        else{
+          static const int pgsz = 4096;
+          int iPg;
+
+          /* Write to the last byte of each newly allocated or extended page */
+          assert( (nByte % pgsz)==0 );
+          for(iPg=(sStat.st_size/pgsz); iPg<(nByte/pgsz); iPg++){
+            int x = 0;
+            if( seekAndWriteFd(pShmNode->h, iPg*pgsz + pgsz-1, "", 1, &x)!=1 ){
+              const char *zFile = pShmNode->zFilename;
+              rc = unixLogError(SQLITE_IOERR_SHMSIZE, "write", zFile);
+              goto shmpage_out;
+            }
+          }
+        }
+      }
+    }
+
+    /* Map the requested memory region into this processes address space. */
+    apNew = (char **)sqlite3_realloc(
+        pShmNode->apRegion, nReqRegion*sizeof(char *)
+    );
+    if( !apNew ){
+      rc = SQLITE_IOERR_NOMEM;
+      goto shmpage_out;
+    }
+    pShmNode->apRegion = apNew;
+    while( pShmNode->nRegion<nReqRegion ){
+      int nMap = szRegion*nShmPerMap;
+      int i;
+      void *pMem;
+      if( pShmNode->h>=0 ){
+        pMem = osMmap(0, nMap,
+            pShmNode->isReadonly ? PROT_READ : PROT_READ|PROT_WRITE, 
+            MAP_SHARED, pShmNode->h, szRegion*(i64)pShmNode->nRegion
+        );
+        if( pMem==MAP_FAILED ){
+          rc = unixLogError(SQLITE_IOERR_SHMMAP, "mmap", pShmNode->zFilename);
+          goto shmpage_out;
+        }
+      }else{
+        pMem = sqlite3_malloc64(szRegion);
+        if( pMem==0 ){
+          rc = SQLITE_NOMEM;
+          goto shmpage_out;
+        }
+        memset(pMem, 0, szRegion);
+      }
+
+      for(i=0; i<nShmPerMap; i++){
+        pShmNode->apRegion[pShmNode->nRegion+i] = &((char*)pMem)[szRegion*i];
+      }
+      pShmNode->nRegion += nShmPerMap;
+    }
+  }
+
+shmpage_out:
+  if( pShmNode->nRegion>iRegion ){
+    *pp = pShmNode->apRegion[iRegion];
+  }else{
+    *pp = 0;
+  }
+  if( pShmNode->isReadonly && rc==SQLITE_OK ) rc = SQLITE_READONLY;
+  sqlite3_mutex_leave(pShmNode->mutex);
+  return rc;
+}
+
+/*
+** Change the lock state for a shared-memory segment.
+**
+** Note that the relationship between SHAREd and EXCLUSIVE locks is a little
+** different here than in posix.  In xShmLock(), one can go from unlocked
+** to shared and back or from unlocked to exclusive and back.  But one may
+** not go from shared to exclusive or from exclusive to shared.
+*/
+static int unixShmLock(
+  sqlite3_file *fd,          /* Database file holding the shared memory */
+  int ofst,                  /* First lock to acquire or release */
+  int n,                     /* Number of locks to acquire or release */
+  int flags                  /* What to do with the lock */
+){
+  unixFile *pDbFd = (unixFile*)fd;      /* Connection holding shared memory */
+  unixShm *p = pDbFd->pShm;             /* The shared memory being locked */
+  unixShm *pX;                          /* For looping over all siblings */
+  unixShmNode *pShmNode = p->pShmNode;  /* The underlying file iNode */
+  int rc = SQLITE_OK;                   /* Result code */
+  u16 mask;                             /* Mask of locks to take or release */
+
+  assert( pShmNode==pDbFd->pInode->pShmNode );
+  assert( pShmNode->pInode==pDbFd->pInode );
+  assert( ofst>=0 && ofst+n<=SQLITE_SHM_NLOCK );
+  assert( n>=1 );
+  assert( flags==(SQLITE_SHM_LOCK | SQLITE_SHM_SHARED)
+       || flags==(SQLITE_SHM_LOCK | SQLITE_SHM_EXCLUSIVE)
+       || flags==(SQLITE_SHM_UNLOCK | SQLITE_SHM_SHARED)
+       || flags==(SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE) );
+  assert( n==1 || (flags & SQLITE_SHM_EXCLUSIVE)!=0 );
+  assert( pShmNode->h>=0 || pDbFd->pInode->bProcessLock==1 );
+  assert( pShmNode->h<0 || pDbFd->pInode->bProcessLock==0 );
+
+  mask = (1<<(ofst+n)) - (1<<ofst);
+  assert( n>1 || mask==(1<<ofst) );
+  sqlite3_mutex_enter(pShmNode->mutex);
+  if( flags & SQLITE_SHM_UNLOCK ){
+    u16 allMask = 0; /* Mask of locks held by siblings */
+
+    /* See if any siblings hold this same lock */
+    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
+      if( pX==p ) continue;
+      assert( (pX->exclMask & (p->exclMask|p->sharedMask))==0 );
+      allMask |= pX->sharedMask;
+    }
+
+    /* Unlock the system-level locks */
+    if( (mask & allMask)==0 ){
+      rc = unixShmSystemLock(pDbFd, F_UNLCK, ofst+UNIX_SHM_BASE, n);
+    }else{
+      rc = SQLITE_OK;
+    }
+
+    /* Undo the local locks */
+    if( rc==SQLITE_OK ){
+      p->exclMask &= ~mask;
+      p->sharedMask &= ~mask;
+    } 
+  }else if( flags & SQLITE_SHM_SHARED ){
+    u16 allShared = 0;  /* Union of locks held by connections other than "p" */
+
+    /* Find out which shared locks are already held by sibling connections.
+    ** If any sibling already holds an exclusive lock, go ahead and return
+    ** SQLITE_BUSY.
+    */
+    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
+      if( (pX->exclMask & mask)!=0 ){
+        rc = SQLITE_BUSY;
+        break;
+      }
+      allShared |= pX->sharedMask;
+    }
+
+    /* Get shared locks at the system level, if necessary */
+    if( rc==SQLITE_OK ){
+      if( (allShared & mask)==0 ){
+        rc = unixShmSystemLock(pDbFd, F_RDLCK, ofst+UNIX_SHM_BASE, n);
+      }else{
+        rc = SQLITE_OK;
+      }
+    }
+
+    /* Get the local shared locks */
+    if( rc==SQLITE_OK ){
+      p->sharedMask |= mask;
+    }
+  }else{
+    /* Make sure no sibling connections hold locks that will block this
+    ** lock.  If any do, return SQLITE_BUSY right away.
+    */
+    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
+      if( (pX->exclMask & mask)!=0 || (pX->sharedMask & mask)!=0 ){
+        rc = SQLITE_BUSY;
+        break;
+      }
+    }
+  
+    /* Get the exclusive locks at the system level.  Then if successful
+    ** also mark the local connection as being locked.
+    */
+    if( rc==SQLITE_OK ){
+      rc = unixShmSystemLock(pDbFd, F_WRLCK, ofst+UNIX_SHM_BASE, n);
+      if( rc==SQLITE_OK ){
+        assert( (p->sharedMask & mask)==0 );
+        p->exclMask |= mask;
+      }
+    }
+  }
+  sqlite3_mutex_leave(pShmNode->mutex);
+  OSTRACE(("SHM-LOCK shmid-%d, pid-%d got %03x,%03x\n",
+           p->id, osGetpid(0), p->sharedMask, p->exclMask));
+  return rc;
+}
+
+/*
+** Implement a memory barrier or memory fence on shared memory.  
+**
+** All loads and stores begun before the barrier must complete before
+** any load or store begun after the barrier.
+*/
+static void unixShmBarrier(
+  sqlite3_file *fd                /* Database file holding the shared memory */
+){
+  UNUSED_PARAMETER(fd);
+  sqlite3MemoryBarrier();         /* compiler-defined memory barrier */
+  unixEnterMutex();               /* Also mutex, for redundancy */
+  unixLeaveMutex();
+}
+
+/*
+** Close a connection to shared-memory.  Delete the underlying 
+** storage if deleteFlag is true.
+**
+** If there is no shared memory associated with the connection then this
+** routine is a harmless no-op.
+*/
+static int unixShmUnmap(
+  sqlite3_file *fd,               /* The underlying database file */
+  int deleteFlag                  /* Delete shared-memory if true */
+){
+  unixShm *p;                     /* The connection to be closed */
+  unixShmNode *pShmNode;          /* The underlying shared-memory file */
+  unixShm **pp;                   /* For looping over sibling connections */
+  unixFile *pDbFd;                /* The underlying database file */
+
+  pDbFd = (unixFile*)fd;
+  p = pDbFd->pShm;
+  if( p==0 ) return SQLITE_OK;
+  pShmNode = p->pShmNode;
+
+  assert( pShmNode==pDbFd->pInode->pShmNode );
+  assert( pShmNode->pInode==pDbFd->pInode );
+
+  /* Remove connection p from the set of connections associated
+  ** with pShmNode */
+  sqlite3_mutex_enter(pShmNode->mutex);
+  for(pp=&pShmNode->pFirst; (*pp)!=p; pp = &(*pp)->pNext){}
+  *pp = p->pNext;
+
+  /* Free the connection p */
+  sqlite3_free(p);
+  pDbFd->pShm = 0;
+  sqlite3_mutex_leave(pShmNode->mutex);
+
+  /* If pShmNode->nRef has reached 0, then close the underlying
+  ** shared-memory file, too */
+  unixEnterMutex();
+  assert( pShmNode->nRef>0 );
+  pShmNode->nRef--;
+  if( pShmNode->nRef==0 ){
+    if( deleteFlag && pShmNode->h>=0 ){
+      osUnlink(pShmNode->zFilename);
+    }
+    unixShmPurge(pDbFd);
+  }
+  unixLeaveMutex();
+
+  return SQLITE_OK;
+}
+
+
+#else
+# define unixShmMap     0
+# define unixShmLock    0
+# define unixShmBarrier 0
+# define unixShmUnmap   0
+#endif /* #ifndef SQLITE_OMIT_WAL */
+
+#if SQLITE_MAX_MMAP_SIZE>0
+/*
+** If it is currently memory mapped, unmap file pFd.
+*/
+static void unixUnmapfile(unixFile *pFd){
+  assert( pFd->nFetchOut==0 );
+  if( pFd->pMapRegion ){
+    osMunmap(pFd->pMapRegion, pFd->mmapSizeActual);
+    pFd->pMapRegion = 0;
+    pFd->mmapSize = 0;
+    pFd->mmapSizeActual = 0;
+  }
+}
+
+/*
+** Attempt to set the size of the memory mapping maintained by file 
+** descriptor pFd to nNew bytes. Any existing mapping is discarded.
+**
+** If successful, this function sets the following variables:
+**
+**       unixFile.pMapRegion
+**       unixFile.mmapSize
+**       unixFile.mmapSizeActual
+**
+** If unsuccessful, an error message is logged via sqlite3_log() and
+** the three variables above are zeroed. In this case SQLite should
+** continue accessing the database using the xRead() and xWrite()
+** methods.
+*/
+static void unixRemapfile(
+  unixFile *pFd,                  /* File descriptor object */
+  i64 nNew                        /* Required mapping size */
+){
+  const char *zErr = "mmap";
+  int h = pFd->h;                      /* File descriptor open on db file */
+  u8 *pOrig = (u8 *)pFd->pMapRegion;   /* Pointer to current file mapping */
+  i64 nOrig = pFd->mmapSizeActual;     /* Size of pOrig region in bytes */
+  u8 *pNew = 0;                        /* Location of new mapping */
+  int flags = PROT_READ;               /* Flags to pass to mmap() */
+
+  assert( pFd->nFetchOut==0 );
+  assert( nNew>pFd->mmapSize );
+  assert( nNew<=pFd->mmapSizeMax );
+  assert( nNew>0 );
+  assert( pFd->mmapSizeActual>=pFd->mmapSize );
+  assert( MAP_FAILED!=0 );
+
+#ifdef SQLITE_MMAP_READWRITE
+  if( (pFd->ctrlFlags & UNIXFILE_RDONLY)==0 ) flags |= PROT_WRITE;
+#endif
+
+  if( pOrig ){
+#if HAVE_MREMAP
+    i64 nReuse = pFd->mmapSize;
+#else
+    const int szSyspage = osGetpagesize();
+    i64 nReuse = (pFd->mmapSize & ~(szSyspage-1));
+#endif
+    u8 *pReq = &pOrig[nReuse];
+
+    /* Unmap any pages of the existing mapping that cannot be reused. */
+    if( nReuse!=nOrig ){
+      osMunmap(pReq, nOrig-nReuse);
+    }
+
+#if HAVE_MREMAP
+    pNew = osMremap(pOrig, nReuse, nNew, MREMAP_MAYMOVE);
+    zErr = "mremap";
+#else
+    pNew = osMmap(pReq, nNew-nReuse, flags, MAP_SHARED, h, nReuse);
+    if( pNew!=MAP_FAILED ){
+      if( pNew!=pReq ){
+        osMunmap(pNew, nNew - nReuse);
+        pNew = 0;
+      }else{
+        pNew = pOrig;
+      }
+    }
+#endif
+
+    /* The attempt to extend the existing mapping failed. Free it. */
+    if( pNew==MAP_FAILED || pNew==0 ){
+      osMunmap(pOrig, nReuse);
+    }
+  }
+
+  /* If pNew is still NULL, try to create an entirely new mapping. */
+  if( pNew==0 ){
+    pNew = osMmap(0, nNew, flags, MAP_SHARED, h, 0);
+  }
+
+  if( pNew==MAP_FAILED ){
+    pNew = 0;
+    nNew = 0;
+    unixLogError(SQLITE_OK, zErr, pFd->zPath);
+
+    /* If the mmap() above failed, assume that all subsequent mmap() calls
+    ** will probably fail too. Fall back to using xRead/xWrite exclusively
+    ** in this case.  */
+    pFd->mmapSizeMax = 0;
+  }
+  pFd->pMapRegion = (void *)pNew;
+  pFd->mmapSize = pFd->mmapSizeActual = nNew;
+}
+
+/*
+** Memory map or remap the file opened by file-descriptor pFd (if the file
+** is already mapped, the existing mapping is replaced by the new). Or, if 
+** there already exists a mapping for this file, and there are still 
+** outstanding xFetch() references to it, this function is a no-op.
+**
+** If parameter nByte is non-negative, then it is the requested size of 
+** the mapping to create. Otherwise, if nByte is less than zero, then the 
+** requested size is the size of the file on disk. The actual size of the
+** created mapping is either the requested size or the value configured 
+** using SQLITE_FCNTL_MMAP_LIMIT, whichever is smaller.
+**
+** SQLITE_OK is returned if no error occurs (even if the mapping is not
+** recreated as a result of outstanding references) or an SQLite error
+** code otherwise.
+*/
+static int unixMapfile(unixFile *pFd, i64 nMap){
+  assert( nMap>=0 || pFd->nFetchOut==0 );
+  assert( nMap>0 || (pFd->mmapSize==0 && pFd->pMapRegion==0) );
+  if( pFd->nFetchOut>0 ) return SQLITE_OK;
+
+  if( nMap<0 ){
+    struct stat statbuf;          /* Low-level file information */
+    if( osFstat(pFd->h, &statbuf) ){
+      return SQLITE_IOERR_FSTAT;
+    }
+    nMap = statbuf.st_size;
+  }
+  if( nMap>pFd->mmapSizeMax ){
+    nMap = pFd->mmapSizeMax;
+  }
+
+  assert( nMap>0 || (pFd->mmapSize==0 && pFd->pMapRegion==0) );
+  if( nMap!=pFd->mmapSize ){
+    unixRemapfile(pFd, nMap);
+  }
+
+  return SQLITE_OK;
+}
+#endif /* SQLITE_MAX_MMAP_SIZE>0 */
+
+/*
+** If possible, return a pointer to a mapping of file fd starting at offset
+** iOff. The mapping must be valid for at least nAmt bytes.
+**
+** If such a pointer can be obtained, store it in *pp and return SQLITE_OK.
+** Or, if one cannot but no error occurs, set *pp to 0 and return SQLITE_OK.
+** Finally, if an error does occur, return an SQLite error code. The final
+** value of *pp is undefined in this case.
+**
+** If this function does return a pointer, the caller must eventually 
+** release the reference by calling unixUnfetch().
+*/
+static int unixFetch(sqlite3_file *fd, i64 iOff, int nAmt, void **pp){
+#if SQLITE_MAX_MMAP_SIZE>0
+  unixFile *pFd = (unixFile *)fd;   /* The underlying database file */
+#endif
+  *pp = 0;
+
+#if SQLITE_MAX_MMAP_SIZE>0
+  if( pFd->mmapSizeMax>0 ){
+    if( pFd->pMapRegion==0 ){
+      int rc = unixMapfile(pFd, -1);
+      if( rc!=SQLITE_OK ) return rc;
+    }
+    if( pFd->mmapSize >= iOff+nAmt ){
+      *pp = &((u8 *)pFd->pMapRegion)[iOff];
+      pFd->nFetchOut++;
+    }
+  }
+#endif
+  return SQLITE_OK;
+}
+
+/*
+** If the third argument is non-NULL, then this function releases a 
+** reference obtained by an earlier call to unixFetch(). The second
+** argument passed to this function must be the same as the corresponding
+** argument that was passed to the unixFetch() invocation. 
+**
+** Or, if the third argument is NULL, then this function is being called 
+** to inform the VFS layer that, according to POSIX, any existing mapping 
+** may now be invalid and should be unmapped.
+*/
+static int unixUnfetch(sqlite3_file *fd, i64 iOff, void *p){
+#if SQLITE_MAX_MMAP_SIZE>0
+  unixFile *pFd = (unixFile *)fd;   /* The underlying database file */
+  UNUSED_PARAMETER(iOff);
+
+  /* If p==0 (unmap the entire file) then there must be no outstanding 
+  ** xFetch references. Or, if p!=0 (meaning it is an xFetch reference),
+  ** then there must be at least one outstanding.  */
+  assert( (p==0)==(pFd->nFetchOut==0) );
+
+  /* If p!=0, it must match the iOff value. */
+  assert( p==0 || p==&((u8 *)pFd->pMapRegion)[iOff] );
+
+  if( p ){
+    pFd->nFetchOut--;
+  }else{
+    unixUnmapfile(pFd);
+  }
+
+  assert( pFd->nFetchOut>=0 );
+#else
+  UNUSED_PARAMETER(fd);
+  UNUSED_PARAMETER(p);
+  UNUSED_PARAMETER(iOff);
+#endif
+  return SQLITE_OK;
+}
+
+/*
+** Here ends the implementation of all sqlite3_file methods.
+**
+********************** End sqlite3_file Methods *******************************
+******************************************************************************/
+
+/*
+** This division contains definitions of sqlite3_io_methods objects that
+** implement various file locking strategies.  It also contains definitions
+** of "finder" functions.  A finder-function is used to locate the appropriate
+** sqlite3_io_methods object for a particular database file.  The pAppData
+** field of the sqlite3_vfs VFS objects are initialized to be pointers to
+** the correct finder-function for that VFS.
+**
+** Most finder functions return a pointer to a fixed sqlite3_io_methods
+** object.  The only interesting finder-function is autolockIoFinder, which
+** looks at the filesystem type and tries to guess the best locking
+** strategy from that.
+**
+** For finder-function F, two objects are created:
+**
+**    (1) The real finder-function named "FImpt()".
+**
+**    (2) A constant pointer to this function named just "F".
+**
+**
+** A pointer to the F pointer is used as the pAppData value for VFS
+** objects.  We have to do this instead of letting pAppData point
+** directly at the finder-function since C90 rules prevent a void*
+** from be cast into a function pointer.
+**
+**
+** Each instance of this macro generates two objects:
+**
+**   *  A constant sqlite3_io_methods object call METHOD that has locking
+**      methods CLOSE, LOCK, UNLOCK, CKRESLOCK.
+**
+**   *  An I/O method finder function called FINDER that returns a pointer
+**      to the METHOD object in the previous bullet.
+*/
+#define IOMETHODS(FINDER,METHOD,VERSION,CLOSE,LOCK,UNLOCK,CKLOCK,SHMMAP)     \
+static const sqlite3_io_methods METHOD = {                                   \
+   VERSION,                    /* iVersion */                                \
+   CLOSE,                      /* xClose */                                  \
+   unixRead,                   /* xRead */                                   \
+   unixWrite,                  /* xWrite */                                  \
+   unixTruncate,               /* xTruncate */                               \
+   unixSync,                   /* xSync */                                   \
+   unixFileSize,               /* xFileSize */                               \
+   LOCK,                       /* xLock */                                   \
+   UNLOCK,                     /* xUnlock */                                 \
+   CKLOCK,                     /* xCheckReservedLock */                      \
+   unixFileControl,            /* xFileControl */                            \
+   unixSectorSize,             /* xSectorSize */                             \
+   unixDeviceCharacteristics,  /* xDeviceCapabilities */                     \
+   SHMMAP,                     /* xShmMap */                                 \
+   unixShmLock,                /* xShmLock */                                \
+   unixShmBarrier,             /* xShmBarrier */                             \
+   unixShmUnmap,               /* xShmUnmap */                               \
+   unixFetch,                  /* xFetch */                                  \
+   unixUnfetch,                /* xUnfetch */                                \
+};                                                                           \
+static const sqlite3_io_methods *FINDER##Impl(const char *z, unixFile *p){   \
+  UNUSED_PARAMETER(z); UNUSED_PARAMETER(p);                                  \
+  return &METHOD;                                                            \
+}                                                                            \
+static const sqlite3_io_methods *(*const FINDER)(const char*,unixFile *p)    \
+    = FINDER##Impl;
+
+/*
+** Here are all of the sqlite3_io_methods objects for each of the
+** locking strategies.  Functions that return pointers to these methods
+** are also created.
+*/
+IOMETHODS(
+  posixIoFinder,            /* Finder function name */
+  posixIoMethods,           /* sqlite3_io_methods object name */
+  3,                        /* shared memory and mmap are enabled */
+  unixClose,                /* xClose method */
+  unixLock,                 /* xLock method */
+  unixUnlock,               /* xUnlock method */
+  unixCheckReservedLock,    /* xCheckReservedLock method */
+  unixShmMap                /* xShmMap method */
+)
+IOMETHODS(
+  nolockIoFinder,           /* Finder function name */
+  nolockIoMethods,          /* sqlite3_io_methods object name */
+  3,                        /* shared memory is disabled */
+  nolockClose,              /* xClose method */
+  nolockLock,               /* xLock method */
+  nolockUnlock,             /* xUnlock method */
+  nolockCheckReservedLock,  /* xCheckReservedLock method */
+  0                         /* xShmMap method */
+)
+IOMETHODS(
+  dotlockIoFinder,          /* Finder function name */
+  dotlockIoMethods,         /* sqlite3_io_methods object name */
+  1,                        /* shared memory is disabled */
+  dotlockClose,             /* xClose method */
+  dotlockLock,              /* xLock method */
+  dotlockUnlock,            /* xUnlock method */
+  dotlockCheckReservedLock, /* xCheckReservedLock method */
+  0                         /* xShmMap method */
+)
+
+#if SQLITE_ENABLE_LOCKING_STYLE
+IOMETHODS(
+  flockIoFinder,            /* Finder function name */
+  flockIoMethods,           /* sqlite3_io_methods object name */
+  1,                        /* shared memory is disabled */
+  flockClose,               /* xClose method */
+  flockLock,                /* xLock method */
+  flockUnlock,              /* xUnlock method */
+  flockCheckReservedLock,   /* xCheckReservedLock method */
+  0                         /* xShmMap method */
+)
+#endif
+
+#if OS_VXWORKS
+IOMETHODS(
+  semIoFinder,              /* Finder function name */
+  semIoMethods,             /* sqlite3_io_methods object name */
+  1,                        /* shared memory is disabled */
+  semXClose,                /* xClose method */
+  semXLock,                 /* xLock method */
+  semXUnlock,               /* xUnlock method */
+  semXCheckReservedLock,    /* xCheckReservedLock method */
+  0                         /* xShmMap method */
+)
+#endif
+
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+IOMETHODS(
+  afpIoFinder,              /* Finder function name */
+  afpIoMethods,             /* sqlite3_io_methods object name */
+  1,                        /* shared memory is disabled */
+  afpClose,                 /* xClose method */
+  afpLock,                  /* xLock method */
+  afpUnlock,                /* xUnlock method */
+  afpCheckReservedLock,     /* xCheckReservedLock method */
+  0                         /* xShmMap method */
+)
+#endif
+
+/*
+** The proxy locking method is a "super-method" in the sense that it
+** opens secondary file descriptors for the conch and lock files and
+** it uses proxy, dot-file, AFP, and flock() locking methods on those
+** secondary files.  For this reason, the division that implements
+** proxy locking is located much further down in the file.  But we need
+** to go ahead and define the sqlite3_io_methods and finder function
+** for proxy locking here.  So we forward declare the I/O methods.
+*/
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+static int proxyClose(sqlite3_file*);
+static int proxyLock(sqlite3_file*, int);
+static int proxyUnlock(sqlite3_file*, int);
+static int proxyCheckReservedLock(sqlite3_file*, int*);
+IOMETHODS(
+  proxyIoFinder,            /* Finder function name */
+  proxyIoMethods,           /* sqlite3_io_methods object name */
+  1,                        /* shared memory is disabled */
+  proxyClose,               /* xClose method */
+  proxyLock,                /* xLock method */
+  proxyUnlock,              /* xUnlock method */
+  proxyCheckReservedLock,   /* xCheckReservedLock method */
+  0                         /* xShmMap method */
+)
+#endif
+
+/* nfs lockd on OSX 10.3+ doesn't clear write locks when a read lock is set */
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+IOMETHODS(
+  nfsIoFinder,               /* Finder function name */
+  nfsIoMethods,              /* sqlite3_io_methods object name */
+  1,                         /* shared memory is disabled */
+  unixClose,                 /* xClose method */
+  unixLock,                  /* xLock method */
+  nfsUnlock,                 /* xUnlock method */
+  unixCheckReservedLock,     /* xCheckReservedLock method */
+  0                          /* xShmMap method */
+)
+#endif
+
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+/* 
+** This "finder" function attempts to determine the best locking strategy 
+** for the database file "filePath".  It then returns the sqlite3_io_methods
+** object that implements that strategy.
+**
+** This is for MacOSX only.
+*/
+static const sqlite3_io_methods *autolockIoFinderImpl(
+  const char *filePath,    /* name of the database file */
+  unixFile *pNew           /* open file object for the database file */
+){
+  static const struct Mapping {
+    const char *zFilesystem;              /* Filesystem type name */
+    const sqlite3_io_methods *pMethods;   /* Appropriate locking method */
+  } aMap[] = {
+    { "hfs",    &posixIoMethods },
+    { "ufs",    &posixIoMethods },
+    { "afpfs",  &afpIoMethods },
+    { "smbfs",  &afpIoMethods },
+    { "webdav", &nolockIoMethods },
+    { 0, 0 }
+  };
+  int i;
+  struct statfs fsInfo;
+  struct flock lockInfo;
+
+  if( !filePath ){
+    /* If filePath==NULL that means we are dealing with a transient file
+    ** that does not need to be locked. */
+    return &nolockIoMethods;
+  }
+  if( statfs(filePath, &fsInfo) != -1 ){
+    if( fsInfo.f_flags & MNT_RDONLY ){
+      return &nolockIoMethods;
+    }
+    for(i=0; aMap[i].zFilesystem; i++){
+      if( strcmp(fsInfo.f_fstypename, aMap[i].zFilesystem)==0 ){
+        return aMap[i].pMethods;
+      }
+    }
+  }
+
+  /* Default case. Handles, amongst others, "nfs".
+  ** Test byte-range lock using fcntl(). If the call succeeds, 
+  ** assume that the file-system supports POSIX style locks. 
+  */
+  lockInfo.l_len = 1;
+  lockInfo.l_start = 0;
+  lockInfo.l_whence = SEEK_SET;
+  lockInfo.l_type = F_RDLCK;
+  if( osFcntl(pNew->h, F_GETLK, &lockInfo)!=-1 ) {
+    if( strcmp(fsInfo.f_fstypename, "nfs")==0 ){
+      return &nfsIoMethods;
+    } else {
+      return &posixIoMethods;
+    }
+  }else{
+    return &dotlockIoMethods;
+  }
+}
+static const sqlite3_io_methods 
+  *(*const autolockIoFinder)(const char*,unixFile*) = autolockIoFinderImpl;
+
+#endif /* defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE */
+
+#if OS_VXWORKS
+/*
+** This "finder" function for VxWorks checks to see if posix advisory
+** locking works.  If it does, then that is what is used.  If it does not
+** work, then fallback to named semaphore locking.
+*/
+static const sqlite3_io_methods *vxworksIoFinderImpl(
+  const char *filePath,    /* name of the database file */
+  unixFile *pNew           /* the open file object */
+){
+  struct flock lockInfo;
+
+  if( !filePath ){
+    /* If filePath==NULL that means we are dealing with a transient file
+    ** that does not need to be locked. */
+    return &nolockIoMethods;
+  }
+
+  /* Test if fcntl() is supported and use POSIX style locks.
+  ** Otherwise fall back to the named semaphore method.
+  */
+  lockInfo.l_len = 1;
+  lockInfo.l_start = 0;
+  lockInfo.l_whence = SEEK_SET;
+  lockInfo.l_type = F_RDLCK;
+  if( osFcntl(pNew->h, F_GETLK, &lockInfo)!=-1 ) {
+    return &posixIoMethods;
+  }else{
+    return &semIoMethods;
+  }
+}
+static const sqlite3_io_methods 
+  *(*const vxworksIoFinder)(const char*,unixFile*) = vxworksIoFinderImpl;
+
+#endif /* OS_VXWORKS */
+
+/*
+** An abstract type for a pointer to an IO method finder function:
+*/
+typedef const sqlite3_io_methods *(*finder_type)(const char*,unixFile*);
+
+
+/****************************************************************************
+**************************** sqlite3_vfs methods ****************************
+**
+** This division contains the implementation of methods on the
+** sqlite3_vfs object.
+*/
+
+/*
+** Initialize the contents of the unixFile structure pointed to by pId.
+*/
+static int fillInUnixFile(
+  sqlite3_vfs *pVfs,      /* Pointer to vfs object */
+  int h,                  /* Open file descriptor of file being opened */
+  sqlite3_file *pId,      /* Write to the unixFile structure here */
+  const char *zFilename,  /* Name of the file being opened */
+  int ctrlFlags           /* Zero or more UNIXFILE_* values */
+){
+  const sqlite3_io_methods *pLockingStyle;
+  unixFile *pNew = (unixFile *)pId;
+  int rc = SQLITE_OK;
+
+  assert( pNew->pInode==NULL );
+
+  /* Usually the path zFilename should not be a relative pathname. The
+  ** exception is when opening the proxy "conch" file in builds that
+  ** include the special Apple locking styles.
+  */
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+  assert( zFilename==0 || zFilename[0]=='/' 
+    || pVfs->pAppData==(void*)&autolockIoFinder );
+#else
+  assert( zFilename==0 || zFilename[0]=='/' );
+#endif
+
+  /* No locking occurs in temporary files */
+  assert( zFilename!=0 || (ctrlFlags & UNIXFILE_NOLOCK)!=0 );
+
+  OSTRACE(("OPEN    %-3d %s\n", h, zFilename));
+  pNew->h = h;
+  pNew->pVfs = pVfs;
+  pNew->zPath = zFilename;
+  pNew->ctrlFlags = (u8)ctrlFlags;
+#if SQLITE_MAX_MMAP_SIZE>0
+  pNew->mmapSizeMax = sqlite3GlobalConfig.szMmap;
+#endif
+  if( sqlite3_uri_boolean(((ctrlFlags & UNIXFILE_URI) ? zFilename : 0),
+                           "psow", SQLITE_POWERSAFE_OVERWRITE) ){
+    pNew->ctrlFlags |= UNIXFILE_PSOW;
+  }
+  if( strcmp(pVfs->zName,"unix-excl")==0 ){
+    pNew->ctrlFlags |= UNIXFILE_EXCL;
+  }
+
+#if OS_VXWORKS
+  pNew->pId = vxworksFindFileId(zFilename);
+  if( pNew->pId==0 ){
+    ctrlFlags |= UNIXFILE_NOLOCK;
+    rc = SQLITE_NOMEM;
+  }
+#endif
+
+  if( ctrlFlags & UNIXFILE_NOLOCK ){
+    pLockingStyle = &nolockIoMethods;
+  }else{
+    pLockingStyle = (**(finder_type*)pVfs->pAppData)(zFilename, pNew);
+#if SQLITE_ENABLE_LOCKING_STYLE
+    /* Cache zFilename in the locking context (AFP and dotlock override) for
+    ** proxyLock activation is possible (remote proxy is based on db name)
+    ** zFilename remains valid until file is closed, to support */
+    pNew->lockingContext = (void*)zFilename;
+#endif
+  }
+
+  if( pLockingStyle == &posixIoMethods
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+    || pLockingStyle == &nfsIoMethods
+#endif
+  ){
+    unixEnterMutex();
+    rc = findInodeInfo(pNew, &pNew->pInode);
+    if( rc!=SQLITE_OK ){
+      /* If an error occurred in findInodeInfo(), close the file descriptor
+      ** immediately, before releasing the mutex. findInodeInfo() may fail
+      ** in two scenarios:
+      **
+      **   (a) A call to fstat() failed.
+      **   (b) A malloc failed.
+      **
+      ** Scenario (b) may only occur if the process is holding no other
+      ** file descriptors open on the same file. If there were other file
+      ** descriptors on this file, then no malloc would be required by
+      ** findInodeInfo(). If this is the case, it is quite safe to close
+      ** handle h - as it is guaranteed that no posix locks will be released
+      ** by doing so.
+      **
+      ** If scenario (a) caused the error then things are not so safe. The
+      ** implicit assumption here is that if fstat() fails, things are in
+      ** such bad shape that dropping a lock or two doesn't matter much.
+      */
+      robust_close(pNew, h, __LINE__);
+      h = -1;
+    }
+    unixLeaveMutex();
+  }
+
+#if SQLITE_ENABLE_LOCKING_STYLE && defined(__APPLE__)
+  else if( pLockingStyle == &afpIoMethods ){
+    /* AFP locking uses the file path so it needs to be included in
+    ** the afpLockingContext.
+    */
+    afpLockingContext *pCtx;
+    pNew->lockingContext = pCtx = sqlite3_malloc64( sizeof(*pCtx) );
+    if( pCtx==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      /* NB: zFilename exists and remains valid until the file is closed
+      ** according to requirement F11141.  So we do not need to make a
+      ** copy of the filename. */
+      pCtx->dbPath = zFilename;
+      pCtx->reserved = 0;
+      srandomdev();
+      unixEnterMutex();
+      rc = findInodeInfo(pNew, &pNew->pInode);
+      if( rc!=SQLITE_OK ){
+        sqlite3_free(pNew->lockingContext);
+        robust_close(pNew, h, __LINE__);
+        h = -1;
+      }
+      unixLeaveMutex();        
+    }
+  }
+#endif
+
+  else if( pLockingStyle == &dotlockIoMethods ){
+    /* Dotfile locking uses the file path so it needs to be included in
+    ** the dotlockLockingContext 
+    */
+    char *zLockFile;
+    int nFilename;
+    assert( zFilename!=0 );
+    nFilename = (int)strlen(zFilename) + 6;
+    zLockFile = (char *)sqlite3_malloc64(nFilename);
+    if( zLockFile==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      sqlite3_snprintf(nFilename, zLockFile, "%s" DOTLOCK_SUFFIX, zFilename);
+    }
+    pNew->lockingContext = zLockFile;
+  }
+
+#if OS_VXWORKS
+  else if( pLockingStyle == &semIoMethods ){
+    /* Named semaphore locking uses the file path so it needs to be
+    ** included in the semLockingContext
+    */
+    unixEnterMutex();
+    rc = findInodeInfo(pNew, &pNew->pInode);
+    if( (rc==SQLITE_OK) && (pNew->pInode->pSem==NULL) ){
+      char *zSemName = pNew->pInode->aSemName;
+      int n;
+      sqlite3_snprintf(MAX_PATHNAME, zSemName, "/%s.sem",
+                       pNew->pId->zCanonicalName);
+      for( n=1; zSemName[n]; n++ )
+        if( zSemName[n]=='/' ) zSemName[n] = '_';
+      pNew->pInode->pSem = sem_open(zSemName, O_CREAT, 0666, 1);
+      if( pNew->pInode->pSem == SEM_FAILED ){
+        rc = SQLITE_NOMEM;
+        pNew->pInode->aSemName[0] = '\0';
+      }
+    }
+    unixLeaveMutex();
+  }
+#endif
+  
+  storeLastErrno(pNew, 0);
+#if OS_VXWORKS
+  if( rc!=SQLITE_OK ){
+    if( h>=0 ) robust_close(pNew, h, __LINE__);
+    h = -1;
+    osUnlink(zFilename);
+    pNew->ctrlFlags |= UNIXFILE_DELETE;
+  }
+#endif
+  if( rc!=SQLITE_OK ){
+    if( h>=0 ) robust_close(pNew, h, __LINE__);
+  }else{
+    pNew->pMethod = pLockingStyle;
+    OpenCounter(+1);
+    verifyDbFile(pNew);
+  }
+  return rc;
+}
+
+/*
+** Return the name of a directory in which to put temporary files.
+** If no suitable temporary file directory can be found, return NULL.
+*/
+static const char *unixTempFileDir(void){
+  static const char *azDirs[] = {
+     0,
+     0,
+     "/var/tmp",
+     "/usr/tmp",
+     "/tmp",
+     "."
+  };
+  unsigned int i;
+  struct stat buf;
+  const char *zDir = sqlite3_temp_directory;
+
+  if( !azDirs[0] ) azDirs[0] = getenv("SQLITE_TMPDIR");
+  if( !azDirs[1] ) azDirs[1] = getenv("TMPDIR");
+  for(i=0; i<sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){
+    if( zDir==0 ) continue;
+    if( osStat(zDir, &buf) ) continue;
+    if( !S_ISDIR(buf.st_mode) ) continue;
+    if( osAccess(zDir, 07) ) continue;
+    break;
+  }
+  return zDir;
+}
+
+/*
+** Create a temporary file name in zBuf.  zBuf must be allocated
+** by the calling process and must be big enough to hold at least
+** pVfs->mxPathname bytes.
+*/
+static int unixGetTempname(int nBuf, char *zBuf){
+  const char *zDir;
+  int iLimit = 0;
+
+  /* It's odd to simulate an io-error here, but really this is just
+  ** using the io-error infrastructure to test that SQLite handles this
+  ** function failing. 
+  */
+  SimulateIOError( return SQLITE_IOERR );
+
+  zDir = unixTempFileDir();
+  do{
+    u64 r;
+    sqlite3_randomness(sizeof(r), &r);
+    assert( nBuf>2 );
+    zBuf[nBuf-2] = 0;
+    sqlite3_snprintf(nBuf, zBuf, "%s/"SQLITE_TEMP_FILE_PREFIX"%llx%c",
+                     zDir, r, 0);
+    if( zBuf[nBuf-2]!=0 || (iLimit++)>10 ) return SQLITE_ERROR;
+  }while( osAccess(zBuf,0)==0 );
+  return SQLITE_OK;
+}
+
+#if SQLITE_ENABLE_LOCKING_STYLE && defined(__APPLE__)
+/*
+** Routine to transform a unixFile into a proxy-locking unixFile.
+** Implementation in the proxy-lock division, but used by unixOpen()
+** if SQLITE_PREFER_PROXY_LOCKING is defined.
+*/
+static int proxyTransformUnixFile(unixFile*, const char*);
+#endif
+
+/*
+** Search for an unused file descriptor that was opened on the database 
+** file (not a journal or master-journal file) identified by pathname
+** zPath with SQLITE_OPEN_XXX flags matching those passed as the second
+** argument to this function.
+**
+** Such a file descriptor may exist if a database connection was closed
+** but the associated file descriptor could not be closed because some
+** other file descriptor open on the same file is holding a file-lock.
+** Refer to comments in the unixClose() function and the lengthy comment
+** describing "Posix Advisory Locking" at the start of this file for 
+** further details. Also, ticket #4018.
+**
+** If a suitable file descriptor is found, then it is returned. If no
+** such file descriptor is located, -1 is returned.
+*/
+static UnixUnusedFd *findReusableFd(const char *zPath, int flags){
+  UnixUnusedFd *pUnused = 0;
+
+  /* Do not search for an unused file descriptor on vxworks. Not because
+  ** vxworks would not benefit from the change (it might, we're not sure),
+  ** but because no way to test it is currently available. It is better 
+  ** not to risk breaking vxworks support for the sake of such an obscure 
+  ** feature.  */
+#if !OS_VXWORKS
+  struct stat sStat;                   /* Results of stat() call */
+
+  /* A stat() call may fail for various reasons. If this happens, it is
+  ** almost certain that an open() call on the same path will also fail.
+  ** For this reason, if an error occurs in the stat() call here, it is
+  ** ignored and -1 is returned. The caller will try to open a new file
+  ** descriptor on the same path, fail, and return an error to SQLite.
+  **
+  ** Even if a subsequent open() call does succeed, the consequences of
+  ** not searching for a reusable file descriptor are not dire.  */
+  if( 0==osStat(zPath, &sStat) ){
+    unixInodeInfo *pInode;
+
+    unixEnterMutex();
+    pInode = inodeList;
+    while( pInode && (pInode->fileId.dev!=sStat.st_dev
+                     || pInode->fileId.ino!=sStat.st_ino) ){
+       pInode = pInode->pNext;
+    }
+    if( pInode ){
+      UnixUnusedFd **pp;
+      for(pp=&pInode->pUnused; *pp && (*pp)->flags!=flags; pp=&((*pp)->pNext));
+      pUnused = *pp;
+      if( pUnused ){
+        *pp = pUnused->pNext;
+      }
+    }
+    unixLeaveMutex();
+  }
+#endif    /* if !OS_VXWORKS */
+  return pUnused;
+}
+
+/*
+** This function is called by unixOpen() to determine the unix permissions
+** to create new files with. If no error occurs, then SQLITE_OK is returned
+** and a value suitable for passing as the third argument to open(2) is
+** written to *pMode. If an IO error occurs, an SQLite error code is 
+** returned and the value of *pMode is not modified.
+**
+** In most cases, this routine sets *pMode to 0, which will become
+** an indication to robust_open() to create the file using
+** SQLITE_DEFAULT_FILE_PERMISSIONS adjusted by the umask.
+** But if the file being opened is a WAL or regular journal file, then 
+** this function queries the file-system for the permissions on the 
+** corresponding database file and sets *pMode to this value. Whenever 
+** possible, WAL and journal files are created using the same permissions 
+** as the associated database file.
+**
+** If the SQLITE_ENABLE_8_3_NAMES option is enabled, then the
+** original filename is unavailable.  But 8_3_NAMES is only used for
+** FAT filesystems and permissions do not matter there, so just use
+** the default permissions.
+*/
+static int findCreateFileMode(
+  const char *zPath,              /* Path of file (possibly) being created */
+  int flags,                      /* Flags passed as 4th argument to xOpen() */
+  mode_t *pMode,                  /* OUT: Permissions to open file with */
+  uid_t *pUid,                    /* OUT: uid to set on the file */
+  gid_t *pGid                     /* OUT: gid to set on the file */
+){
+  int rc = SQLITE_OK;             /* Return Code */
+  *pMode = 0;
+  *pUid = 0;
+  *pGid = 0;
+  if( flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL) ){
+    char zDb[MAX_PATHNAME+1];     /* Database file path */
+    int nDb;                      /* Number of valid bytes in zDb */
+    struct stat sStat;            /* Output of stat() on database file */
+
+    /* zPath is a path to a WAL or journal file. The following block derives
+    ** the path to the associated database file from zPath. This block handles
+    ** the following naming conventions:
+    **
+    **   "<path to db>-journal"
+    **   "<path to db>-wal"
+    **   "<path to db>-journalNN"
+    **   "<path to db>-walNN"
+    **
+    ** where NN is a decimal number. The NN naming schemes are 
+    ** used by the test_multiplex.c module.
+    */
+    nDb = sqlite3Strlen30(zPath) - 1; 
+    while( zPath[nDb]!='-' ){
+#ifndef SQLITE_ENABLE_8_3_NAMES
+      /* In the normal case (8+3 filenames disabled) the journal filename
+      ** is guaranteed to contain a '-' character. */
+      assert( nDb>0 );
+      assert( sqlite3Isalnum(zPath[nDb]) );
+#else
+      /* If 8+3 names are possible, then the journal file might not contain
+      ** a '-' character.  So check for that case and return early. */
+      if( nDb==0 || zPath[nDb]=='.' ) return SQLITE_OK;
+#endif
+      nDb--;
+    }
+    memcpy(zDb, zPath, nDb);
+    zDb[nDb] = '\0';
+
+    if( 0==osStat(zDb, &sStat) ){
+      *pMode = sStat.st_mode & 0777;
+      *pUid = sStat.st_uid;
+      *pGid = sStat.st_gid;
+    }else{
+      rc = SQLITE_IOERR_FSTAT;
+    }
+  }else if( flags & SQLITE_OPEN_DELETEONCLOSE ){
+    *pMode = 0600;
+  }
+  return rc;
+}
+
+/*
+** Open the file zPath.
+** 
+** Previously, the SQLite OS layer used three functions in place of this
+** one:
+**
+**     sqlite3OsOpenReadWrite();
+**     sqlite3OsOpenReadOnly();
+**     sqlite3OsOpenExclusive();
+**
+** These calls correspond to the following combinations of flags:
+**
+**     ReadWrite() ->     (READWRITE | CREATE)
+**     ReadOnly()  ->     (READONLY) 
+**     OpenExclusive() -> (READWRITE | CREATE | EXCLUSIVE)
+**
+** The old OpenExclusive() accepted a boolean argument - "delFlag". If
+** true, the file was configured to be automatically deleted when the
+** file handle closed. To achieve the same effect using this new 
+** interface, add the DELETEONCLOSE flag to those specified above for 
+** OpenExclusive().
+*/
+static int unixOpen(
+  sqlite3_vfs *pVfs,           /* The VFS for which this is the xOpen method */
+  const char *zPath,           /* Pathname of file to be opened */
+  sqlite3_file *pFile,         /* The file descriptor to be filled in */
+  int flags,                   /* Input flags to control the opening */
+  int *pOutFlags               /* Output flags returned to SQLite core */
+){
+  unixFile *p = (unixFile *)pFile;
+  int fd = -1;                   /* File descriptor returned by open() */
+  int openFlags = 0;             /* Flags to pass to open() */
+  int eType = flags&0xFFFFFF00;  /* Type of file to open */
+  int noLock;                    /* True to omit locking primitives */
+  int rc = SQLITE_OK;            /* Function Return Code */
+  int ctrlFlags = 0;             /* UNIXFILE_* flags */
+
+  int isExclusive  = (flags & SQLITE_OPEN_EXCLUSIVE);
+  int isDelete     = (flags & SQLITE_OPEN_DELETEONCLOSE);
+  int isCreate     = (flags & SQLITE_OPEN_CREATE);
+  int isReadonly   = (flags & SQLITE_OPEN_READONLY);
+  int isReadWrite  = (flags & SQLITE_OPEN_READWRITE);
+#if SQLITE_ENABLE_LOCKING_STYLE
+  int isAutoProxy  = (flags & SQLITE_OPEN_AUTOPROXY);
+#endif
+#if defined(__APPLE__) || SQLITE_ENABLE_LOCKING_STYLE
+  struct statfs fsInfo;
+#endif
+
+  /* If creating a master or main-file journal, this function will open
+  ** a file-descriptor on the directory too. The first time unixSync()
+  ** is called the directory file descriptor will be fsync()ed and close()d.
+  */
+  int syncDir = (isCreate && (
+        eType==SQLITE_OPEN_MASTER_JOURNAL 
+     || eType==SQLITE_OPEN_MAIN_JOURNAL 
+     || eType==SQLITE_OPEN_WAL
+  ));
+
+  /* If argument zPath is a NULL pointer, this function is required to open
+  ** a temporary file. Use this buffer to store the file name in.
+  */
+  char zTmpname[MAX_PATHNAME+2];
+  const char *zName = zPath;
+
+  /* Check the following statements are true: 
+  **
+  **   (a) Exactly one of the READWRITE and READONLY flags must be set, and 
+  **   (b) if CREATE is set, then READWRITE must also be set, and
+  **   (c) if EXCLUSIVE is set, then CREATE must also be set.
+  **   (d) if DELETEONCLOSE is set, then CREATE must also be set.
+  */
+  assert((isReadonly==0 || isReadWrite==0) && (isReadWrite || isReadonly));
+  assert(isCreate==0 || isReadWrite);
+  assert(isExclusive==0 || isCreate);
+  assert(isDelete==0 || isCreate);
+
+  /* The main DB, main journal, WAL file and master journal are never 
+  ** automatically deleted. Nor are they ever temporary files.  */
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_MAIN_DB );
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_MAIN_JOURNAL );
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_MASTER_JOURNAL );
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_WAL );
+
+  /* Assert that the upper layer has set one of the "file-type" flags. */
+  assert( eType==SQLITE_OPEN_MAIN_DB      || eType==SQLITE_OPEN_TEMP_DB 
+       || eType==SQLITE_OPEN_MAIN_JOURNAL || eType==SQLITE_OPEN_TEMP_JOURNAL 
+       || eType==SQLITE_OPEN_SUBJOURNAL   || eType==SQLITE_OPEN_MASTER_JOURNAL 
+       || eType==SQLITE_OPEN_TRANSIENT_DB || eType==SQLITE_OPEN_WAL
+  );
+
+  /* Detect a pid change and reset the PRNG.  There is a race condition
+  ** here such that two or more threads all trying to open databases at
+  ** the same instant might all reset the PRNG.  But multiple resets
+  ** are harmless.
+  */
+  if( randomnessPid!=osGetpid(0) ){
+    randomnessPid = osGetpid(0);
+    sqlite3_randomness(0,0);
+  }
+
+  memset(p, 0, sizeof(unixFile));
+
+  if( eType==SQLITE_OPEN_MAIN_DB ){
+    UnixUnusedFd *pUnused;
+    pUnused = findReusableFd(zName, flags);
+    if( pUnused ){
+      fd = pUnused->fd;
+    }else{
+      pUnused = sqlite3_malloc64(sizeof(*pUnused));
+      if( !pUnused ){
+        return SQLITE_NOMEM;
+      }
+    }
+    p->pUnused = pUnused;
+
+    /* Database filenames are double-zero terminated if they are not
+    ** URIs with parameters.  Hence, they can always be passed into
+    ** sqlite3_uri_parameter(). */
+    assert( (flags & SQLITE_OPEN_URI) || zName[strlen(zName)+1]==0 );
+
+  }else if( !zName ){
+    /* If zName is NULL, the upper layer is requesting a temp file. */
+    assert(isDelete && !syncDir);
+    rc = unixGetTempname(pVfs->mxPathname, zTmpname);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    zName = zTmpname;
+
+    /* Generated temporary filenames are always double-zero terminated
+    ** for use by sqlite3_uri_parameter(). */
+    assert( zName[strlen(zName)+1]==0 );
+  }
+
+  /* Determine the value of the flags parameter passed to POSIX function
+  ** open(). These must be calculated even if open() is not called, as
+  ** they may be stored as part of the file handle and used by the 
+  ** 'conch file' locking functions later on.  */
+  if( isReadonly )  openFlags |= O_RDONLY;
+  if( isReadWrite ) openFlags |= O_RDWR;
+  if( isCreate )    openFlags |= O_CREAT;
+  if( isExclusive ) openFlags |= (O_EXCL|O_NOFOLLOW);
+  openFlags |= (O_LARGEFILE|O_BINARY);
+
+  if( fd<0 ){
+    mode_t openMode;              /* Permissions to create file with */
+    uid_t uid;                    /* Userid for the file */
+    gid_t gid;                    /* Groupid for the file */
+    rc = findCreateFileMode(zName, flags, &openMode, &uid, &gid);
+    if( rc!=SQLITE_OK ){
+      assert( !p->pUnused );
+      assert( eType==SQLITE_OPEN_WAL || eType==SQLITE_OPEN_MAIN_JOURNAL );
+      return rc;
+    }
+    fd = robust_open(zName, openFlags, openMode);
+    OSTRACE(("OPENX   %-3d %s 0%o\n", fd, zName, openFlags));
+    assert( !isExclusive || (openFlags & O_CREAT)!=0 );
+    if( fd<0 && errno!=EISDIR && isReadWrite ){
+      /* Failed to open the file for read/write access. Try read-only. */
+      flags &= ~(SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE);
+      openFlags &= ~(O_RDWR|O_CREAT);
+      flags |= SQLITE_OPEN_READONLY;
+      openFlags |= O_RDONLY;
+      isReadonly = 1;
+      fd = robust_open(zName, openFlags, openMode);
+    }
+    if( fd<0 ){
+      rc = unixLogError(SQLITE_CANTOPEN_BKPT, "open", zName);
+      goto open_finished;
+    }
+
+    /* If this process is running as root and if creating a new rollback
+    ** journal or WAL file, set the ownership of the journal or WAL to be
+    ** the same as the original database.
+    */
+    if( flags & (SQLITE_OPEN_WAL|SQLITE_OPEN_MAIN_JOURNAL) ){
+      robustFchown(fd, uid, gid);
+    }
+  }
+  assert( fd>=0 );
+  if( pOutFlags ){
+    *pOutFlags = flags;
+  }
+
+  if( p->pUnused ){
+    p->pUnused->fd = fd;
+    p->pUnused->flags = flags;
+  }
+
+  if( isDelete ){
+#if OS_VXWORKS
+    zPath = zName;
+#elif defined(SQLITE_UNLINK_AFTER_CLOSE)
+    zPath = sqlite3_mprintf("%s", zName);
+    if( zPath==0 ){
+      robust_close(p, fd, __LINE__);
+      return SQLITE_NOMEM;
+    }
+#else
+    osUnlink(zName);
+#endif
+  }
+#if SQLITE_ENABLE_LOCKING_STYLE
+  else{
+    p->openFlags = openFlags;
+  }
+#endif
+
+  noLock = eType!=SQLITE_OPEN_MAIN_DB;
+
+  
+#if defined(__APPLE__) || SQLITE_ENABLE_LOCKING_STYLE
+  if( fstatfs(fd, &fsInfo) == -1 ){
+    storeLastErrno(p, errno);
+    robust_close(p, fd, __LINE__);
+    return SQLITE_IOERR_ACCESS;
+  }
+  if (0 == strncmp("msdos", fsInfo.f_fstypename, 5)) {
+    ((unixFile*)pFile)->fsFlags |= SQLITE_FSFLAGS_IS_MSDOS;
+  }
+  if (0 == strncmp("exfat", fsInfo.f_fstypename, 5)) {
+    ((unixFile*)pFile)->fsFlags |= SQLITE_FSFLAGS_IS_MSDOS;
+  }
+#endif
+
+  /* Set up appropriate ctrlFlags */
+  if( isDelete )                ctrlFlags |= UNIXFILE_DELETE;
+  if( isReadonly )              ctrlFlags |= UNIXFILE_RDONLY;
+  if( noLock )                  ctrlFlags |= UNIXFILE_NOLOCK;
+  if( syncDir )                 ctrlFlags |= UNIXFILE_DIRSYNC;
+  if( flags & SQLITE_OPEN_URI ) ctrlFlags |= UNIXFILE_URI;
+
+#if SQLITE_ENABLE_LOCKING_STYLE
+#if SQLITE_PREFER_PROXY_LOCKING
+  isAutoProxy = 1;
+#endif
+  if( isAutoProxy && (zPath!=NULL) && (!noLock) && pVfs->xOpen ){
+    char *envforce = getenv("SQLITE_FORCE_PROXY_LOCKING");
+    int useProxy = 0;
+
+    /* SQLITE_FORCE_PROXY_LOCKING==1 means force always use proxy, 0 means 
+    ** never use proxy, NULL means use proxy for non-local files only.  */
+    if( envforce!=NULL ){
+      useProxy = atoi(envforce)>0;
+    }else{
+      useProxy = !(fsInfo.f_flags&MNT_LOCAL);
+    }
+    if( useProxy ){
+      rc = fillInUnixFile(pVfs, fd, pFile, zPath, ctrlFlags);
+      if( rc==SQLITE_OK ){
+        rc = proxyTransformUnixFile((unixFile*)pFile, ":auto:");
+        if( rc!=SQLITE_OK ){
+          /* Use unixClose to clean up the resources added in fillInUnixFile 
+          ** and clear all the structure's references.  Specifically, 
+          ** pFile->pMethods will be NULL so sqlite3OsClose will be a no-op 
+          */
+          unixClose(pFile);
+          return rc;
+        }
+      }
+      goto open_finished;
+    }
+  }
+#endif
+  
+  rc = fillInUnixFile(pVfs, fd, pFile, zPath, ctrlFlags);
+
+open_finished:
+  if( rc!=SQLITE_OK ){
+    sqlite3_free(p->pUnused);
+  }
+  return rc;
+}
+
+
+/*
+** Delete the file at zPath. If the dirSync argument is true, fsync()
+** the directory after deleting the file.
+*/
+static int unixDelete(
+  sqlite3_vfs *NotUsed,     /* VFS containing this as the xDelete method */
+  const char *zPath,        /* Name of file to be deleted */
+  int dirSync               /* If true, fsync() directory after deleting file */
+){
+  int rc = SQLITE_OK;
+  UNUSED_PARAMETER(NotUsed);
+  SimulateIOError(return SQLITE_IOERR_DELETE);
+  if( osUnlink(zPath)==(-1) ){
+    if( errno==ENOENT
+#if OS_VXWORKS
+        || osAccess(zPath,0)!=0
+#endif
+    ){
+      rc = SQLITE_IOERR_DELETE_NOENT;
+    }else{
+      rc = unixLogError(SQLITE_IOERR_DELETE, "unlink", zPath);
+    }
+    return rc;
+  }
+#ifndef SQLITE_DISABLE_DIRSYNC
+  if( (dirSync & 1)!=0 ){
+    int fd;
+    rc = osOpenDirectory(zPath, &fd);
+    if( rc==SQLITE_OK ){
+#if OS_VXWORKS
+      if( fsync(fd)==-1 )
+#else
+      if( fsync(fd) )
+#endif
+      {
+        rc = unixLogError(SQLITE_IOERR_DIR_FSYNC, "fsync", zPath);
+      }
+      robust_close(0, fd, __LINE__);
+    }else{
+      assert( rc==SQLITE_CANTOPEN );
+      rc = SQLITE_OK;
+    }
+  }
+#endif
+  return rc;
+}
+
+/*
+** Test the existence of or access permissions of file zPath. The
+** test performed depends on the value of flags:
+**
+**     SQLITE_ACCESS_EXISTS: Return 1 if the file exists
+**     SQLITE_ACCESS_READWRITE: Return 1 if the file is read and writable.
+**     SQLITE_ACCESS_READONLY: Return 1 if the file is readable.
+**
+** Otherwise return 0.
+*/
+static int unixAccess(
+  sqlite3_vfs *NotUsed,   /* The VFS containing this xAccess method */
+  const char *zPath,      /* Path of the file to examine */
+  int flags,              /* What do we want to learn about the zPath file? */
+  int *pResOut            /* Write result boolean here */
+){
+  UNUSED_PARAMETER(NotUsed);
+  SimulateIOError( return SQLITE_IOERR_ACCESS; );
+  assert( pResOut!=0 );
+
+  /* The spec says there are three possible values for flags.  But only
+  ** two of them are actually used */
+  assert( flags==SQLITE_ACCESS_EXISTS || flags==SQLITE_ACCESS_READWRITE );
+
+  if( flags==SQLITE_ACCESS_EXISTS ){
+    struct stat buf;
+    *pResOut = (0==osStat(zPath, &buf) && buf.st_size>0);
+  }else{
+    *pResOut = osAccess(zPath, W_OK|R_OK)==0;
+  }
+  return SQLITE_OK;
+}
+
+
+/*
+** Turn a relative pathname into a full pathname. The relative path
+** is stored as a nul-terminated string in the buffer pointed to by
+** zPath. 
+**
+** zOut points to a buffer of at least sqlite3_vfs.mxPathname bytes 
+** (in this case, MAX_PATHNAME bytes). The full-path is written to
+** this buffer before returning.
+*/
+static int unixFullPathname(
+  sqlite3_vfs *pVfs,            /* Pointer to vfs object */
+  const char *zPath,            /* Possibly relative input path */
+  int nOut,                     /* Size of output buffer in bytes */
+  char *zOut                    /* Output buffer */
+){
+  int nByte;
+
+  /* It's odd to simulate an io-error here, but really this is just
+  ** using the io-error infrastructure to test that SQLite handles this
+  ** function failing. This function could fail if, for example, the
+  ** current working directory has been unlinked.
+  */
+  SimulateIOError( return SQLITE_ERROR );
+
+  assert( pVfs->mxPathname==MAX_PATHNAME );
+  UNUSED_PARAMETER(pVfs);
+
+  /* Attempt to resolve the path as if it were a symbolic link. If it is
+  ** a symbolic link, the resolved path is stored in buffer zOut[]. Or, if
+  ** the identified file is not a symbolic link or does not exist, then
+  ** zPath is copied directly into zOut. Either way, nByte is left set to
+  ** the size of the string copied into zOut[] in bytes.  */
+  nByte = osReadlink(zPath, zOut, nOut-1);
+  if( nByte<0 ){
+    if( errno!=EINVAL && errno!=ENOENT ){
+      return unixLogError(SQLITE_CANTOPEN_BKPT, "readlink", zPath);
+    }
+    sqlite3_snprintf(nOut, zOut, "%s", zPath);
+    nByte = sqlite3Strlen30(zOut);
+  }else{
+    zOut[nByte] = '\0';
+  }
+
+  /* If buffer zOut[] now contains an absolute path there is nothing more
+  ** to do. If it contains a relative path, do the following:
+  **
+  **   * move the relative path string so that it is at the end of th
+  **     zOut[] buffer.
+  **   * Call getcwd() to read the path of the current working directory 
+  **     into the start of the zOut[] buffer.
+  **   * Append a '/' character to the cwd string and move the 
+  **     relative path back within the buffer so that it immediately 
+  **     follows the '/'.
+  **
+  ** This code is written so that if the combination of the CWD and relative
+  ** path are larger than the allocated size of zOut[] the CWD is silently
+  ** truncated to make it fit. This is Ok, as SQLite refuses to open any
+  ** file for which this function returns a full path larger than (nOut-8)
+  ** bytes in size.  */
+  testcase( nByte==nOut-5 );
+  testcase( nByte==nOut-4 );
+  if( zOut[0]!='/' && nByte<nOut-4 ){
+    int nCwd;
+    int nRem = nOut-nByte-1;
+    memmove(&zOut[nRem], zOut, nByte+1);
+    zOut[nRem-1] = '\0';
+    if( osGetcwd(zOut, nRem-1)==0 ){
+      return unixLogError(SQLITE_CANTOPEN_BKPT, "getcwd", zPath);
+    }
+    nCwd = sqlite3Strlen30(zOut);
+    assert( nCwd<=nRem-1 );
+    zOut[nCwd] = '/';
+    memmove(&zOut[nCwd+1], &zOut[nRem], nByte+1);
+  }
+
+  return SQLITE_OK;
+}
+
+
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+/*
+** Interfaces for opening a shared library, finding entry points
+** within the shared library, and closing the shared library.
+*/
+#include <dlfcn.h>
+static void *unixDlOpen(sqlite3_vfs *NotUsed, const char *zFilename){
+  UNUSED_PARAMETER(NotUsed);
+  return dlopen(zFilename, RTLD_NOW | RTLD_GLOBAL);
+}
+
+/*
+** SQLite calls this function immediately after a call to unixDlSym() or
+** unixDlOpen() fails (returns a null pointer). If a more detailed error
+** message is available, it is written to zBufOut. If no error message
+** is available, zBufOut is left unmodified and SQLite uses a default
+** error message.
+*/
+static void unixDlError(sqlite3_vfs *NotUsed, int nBuf, char *zBufOut){
+  const char *zErr;
+  UNUSED_PARAMETER(NotUsed);
+  unixEnterMutex();
+  zErr = dlerror();
+  if( zErr ){
+    sqlite3_snprintf(nBuf, zBufOut, "%s", zErr);
+  }
+  unixLeaveMutex();
+}
+static void (*unixDlSym(sqlite3_vfs *NotUsed, void *p, const char*zSym))(void){
+  /* 
+  ** GCC with -pedantic-errors says that C90 does not allow a void* to be
+  ** cast into a pointer to a function.  And yet the library dlsym() routine
+  ** returns a void* which is really a pointer to a function.  So how do we
+  ** use dlsym() with -pedantic-errors?
+  **
+  ** Variable x below is defined to be a pointer to a function taking
+  ** parameters void* and const char* and returning a pointer to a function.
+  ** We initialize x by assigning it a pointer to the dlsym() function.
+  ** (That assignment requires a cast.)  Then we call the function that
+  ** x points to.  
+  **
+  ** This work-around is unlikely to work correctly on any system where
+  ** you really cannot cast a function pointer into void*.  But then, on the
+  ** other hand, dlsym() will not work on such a system either, so we have
+  ** not really lost anything.
+  */
+  void (*(*x)(void*,const char*))(void);
+  UNUSED_PARAMETER(NotUsed);
+  x = (void(*(*)(void*,const char*))(void))dlsym;
+  return (*x)(p, zSym);
+}
+static void unixDlClose(sqlite3_vfs *NotUsed, void *pHandle){
+  UNUSED_PARAMETER(NotUsed);
+  dlclose(pHandle);
+}
+#else /* if SQLITE_OMIT_LOAD_EXTENSION is defined: */
+  #define unixDlOpen  0
+  #define unixDlError 0
+  #define unixDlSym   0
+  #define unixDlClose 0
+#endif
+
+/*
+** Write nBuf bytes of random data to the supplied buffer zBuf.
+*/
+static int unixRandomness(sqlite3_vfs *NotUsed, int nBuf, char *zBuf){
+  UNUSED_PARAMETER(NotUsed);
+  assert((size_t)nBuf>=(sizeof(time_t)+sizeof(int)));
+
+  /* We have to initialize zBuf to prevent valgrind from reporting
+  ** errors.  The reports issued by valgrind are incorrect - we would
+  ** prefer that the randomness be increased by making use of the
+  ** uninitialized space in zBuf - but valgrind errors tend to worry
+  ** some users.  Rather than argue, it seems easier just to initialize
+  ** the whole array and silence valgrind, even if that means less randomness
+  ** in the random seed.
+  **
+  ** When testing, initializing zBuf[] to zero is all we do.  That means
+  ** that we always use the same random number sequence.  This makes the
+  ** tests repeatable.
+  */
+  memset(zBuf, 0, nBuf);
+  randomnessPid = osGetpid(0);  
+#if !defined(SQLITE_TEST) && !defined(SQLITE_OMIT_RANDOMNESS)
+  {
+    int fd, got;
+    fd = robust_open("/dev/urandom", O_RDONLY, 0);
+    if( fd<0 ){
+      time_t t;
+      time(&t);
+      memcpy(zBuf, &t, sizeof(t));
+      memcpy(&zBuf[sizeof(t)], &randomnessPid, sizeof(randomnessPid));
+      assert( sizeof(t)+sizeof(randomnessPid)<=(size_t)nBuf );
+      nBuf = sizeof(t) + sizeof(randomnessPid);
+    }else{
+      do{ got = osRead(fd, zBuf, nBuf); }while( got<0 && errno==EINTR );
+      robust_close(0, fd, __LINE__);
+    }
+  }
+#endif
+  return nBuf;
+}
+
+
+/*
+** Sleep for a little while.  Return the amount of time slept.
+** The argument is the number of microseconds we want to sleep.
+** The return value is the number of microseconds of sleep actually
+** requested from the underlying operating system, a number which
+** might be greater than or equal to the argument, but not less
+** than the argument.
+*/
+static int unixSleep(sqlite3_vfs *NotUsed, int microseconds){
+#if OS_VXWORKS
+  struct timespec sp;
+
+  sp.tv_sec = microseconds / 1000000;
+  sp.tv_nsec = (microseconds % 1000000) * 1000;
+  nanosleep(&sp, NULL);
+  UNUSED_PARAMETER(NotUsed);
+  return microseconds;
+#elif defined(HAVE_USLEEP) && HAVE_USLEEP
+  usleep(microseconds);
+  UNUSED_PARAMETER(NotUsed);
+  return microseconds;
+#else
+  int seconds = (microseconds+999999)/1000000;
+  sleep(seconds);
+  UNUSED_PARAMETER(NotUsed);
+  return seconds*1000000;
+#endif
+}
+
+/*
+** The following variable, if set to a non-zero value, is interpreted as
+** the number of seconds since 1970 and is used to set the result of
+** sqlite3OsCurrentTime() during testing.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_current_time = 0;  /* Fake system time in seconds since 1970. */
+#endif
+
+/*
+** Find the current time (in Universal Coordinated Time).  Write into *piNow
+** the current time and date as a Julian Day number times 86_400_000.  In
+** other words, write into *piNow the number of milliseconds since the Julian
+** epoch of noon in Greenwich on November 24, 4714 B.C according to the
+** proleptic Gregorian calendar.
+**
+** On success, return SQLITE_OK.  Return SQLITE_ERROR if the time and date 
+** cannot be found.
+*/
+static int unixCurrentTimeInt64(sqlite3_vfs *NotUsed, sqlite3_int64 *piNow){
+  static const sqlite3_int64 unixEpoch = 24405875*(sqlite3_int64)8640000;
+  int rc = SQLITE_OK;
+#if defined(NO_GETTOD)
+  time_t t;
+  time(&t);
+  *piNow = ((sqlite3_int64)t)*1000 + unixEpoch;
+#elif OS_VXWORKS
+  struct timespec sNow;
+  clock_gettime(CLOCK_REALTIME, &sNow);
+  *piNow = unixEpoch + 1000*(sqlite3_int64)sNow.tv_sec + sNow.tv_nsec/1000000;
+#else
+  struct timeval sNow;
+  (void)gettimeofday(&sNow, 0);  /* Cannot fail given valid arguments */
+  *piNow = unixEpoch + 1000*(sqlite3_int64)sNow.tv_sec + sNow.tv_usec/1000;
+#endif
+
+#ifdef SQLITE_TEST
+  if( sqlite3_current_time ){
+    *piNow = 1000*(sqlite3_int64)sqlite3_current_time + unixEpoch;
+  }
+#endif
+  UNUSED_PARAMETER(NotUsed);
+  return rc;
+}
+
+#if 0 /* Not used */
+/*
+** Find the current time (in Universal Coordinated Time).  Write the
+** current time and date as a Julian Day number into *prNow and
+** return 0.  Return 1 if the time and date cannot be found.
+*/
+static int unixCurrentTime(sqlite3_vfs *NotUsed, double *prNow){
+  sqlite3_int64 i = 0;
+  int rc;
+  UNUSED_PARAMETER(NotUsed);
+  rc = unixCurrentTimeInt64(0, &i);
+  *prNow = i/86400000.0;
+  return rc;
+}
+#else
+# define unixCurrentTime 0
+#endif
+
+#if 0  /* Not used */
+/*
+** We added the xGetLastError() method with the intention of providing
+** better low-level error messages when operating-system problems come up
+** during SQLite operation.  But so far, none of that has been implemented
+** in the core.  So this routine is never called.  For now, it is merely
+** a place-holder.
+*/
+static int unixGetLastError(sqlite3_vfs *NotUsed, int NotUsed2, char *NotUsed3){
+  UNUSED_PARAMETER(NotUsed);
+  UNUSED_PARAMETER(NotUsed2);
+  UNUSED_PARAMETER(NotUsed3);
+  return 0;
+}
+#else
+# define unixGetLastError 0
+#endif
+
+
+/*
+************************ End of sqlite3_vfs methods ***************************
+******************************************************************************/
+
+/******************************************************************************
+************************** Begin Proxy Locking ********************************
+**
+** Proxy locking is a "uber-locking-method" in this sense:  It uses the
+** other locking methods on secondary lock files.  Proxy locking is a
+** meta-layer over top of the primitive locking implemented above.  For
+** this reason, the division that implements of proxy locking is deferred
+** until late in the file (here) after all of the other I/O methods have
+** been defined - so that the primitive locking methods are available
+** as services to help with the implementation of proxy locking.
+**
+****
+**
+** The default locking schemes in SQLite use byte-range locks on the
+** database file to coordinate safe, concurrent access by multiple readers
+** and writers [http://sqlite.org/lockingv3.html].  The five file locking
+** states (UNLOCKED, PENDING, SHARED, RESERVED, EXCLUSIVE) are implemented
+** as POSIX read & write locks over fixed set of locations (via fsctl),
+** on AFP and SMB only exclusive byte-range locks are available via fsctl
+** with _IOWR('z', 23, struct ByteRangeLockPB2) to track the same 5 states.
+** To simulate a F_RDLCK on the shared range, on AFP a randomly selected
+** address in the shared range is taken for a SHARED lock, the entire
+** shared range is taken for an EXCLUSIVE lock):
+**
+**      PENDING_BYTE        0x40000000
+**      RESERVED_BYTE       0x40000001
+**      SHARED_RANGE        0x40000002 -> 0x40000200
+**
+** This works well on the local file system, but shows a nearly 100x
+** slowdown in read performance on AFP because the AFP client disables
+** the read cache when byte-range locks are present.  Enabling the read
+** cache exposes a cache coherency problem that is present on all OS X
+** supported network file systems.  NFS and AFP both observe the
+** close-to-open semantics for ensuring cache coherency
+** [http://nfs.sourceforge.net/#faq_a8], which does not effectively
+** address the requirements for concurrent database access by multiple
+** readers and writers
+** [http://www.nabble.com/SQLite-on-NFS-cache-coherency-td15655701.html].
+**
+** To address the performance and cache coherency issues, proxy file locking
+** changes the way database access is controlled by limiting access to a
+** single host at a time and moving file locks off of the database file
+** and onto a proxy file on the local file system.  
+**
+**
+** Using proxy locks
+** -----------------
+**
+** C APIs
+**
+**  sqlite3_file_control(db, dbname, SQLITE_FCNTL_SET_LOCKPROXYFILE,
+**                       <proxy_path> | ":auto:");
+**  sqlite3_file_control(db, dbname, SQLITE_FCNTL_GET_LOCKPROXYFILE,
+**                       &<proxy_path>);
+**
+**
+** SQL pragmas
+**
+**  PRAGMA [database.]lock_proxy_file=<proxy_path> | :auto:
+**  PRAGMA [database.]lock_proxy_file
+**
+** Specifying ":auto:" means that if there is a conch file with a matching
+** host ID in it, the proxy path in the conch file will be used, otherwise
+** a proxy path based on the user's temp dir
+** (via confstr(_CS_DARWIN_USER_TEMP_DIR,...)) will be used and the
+** actual proxy file name is generated from the name and path of the
+** database file.  For example:
+**
+**       For database path "/Users/me/foo.db" 
+**       The lock path will be "<tmpdir>/sqliteplocks/_Users_me_foo.db:auto:")
+**
+** Once a lock proxy is configured for a database connection, it can not
+** be removed, however it may be switched to a different proxy path via
+** the above APIs (assuming the conch file is not being held by another
+** connection or process). 
+**
+**
+** How proxy locking works
+** -----------------------
+**
+** Proxy file locking relies primarily on two new supporting files: 
+**
+**   *  conch file to limit access to the database file to a single host
+**      at a time
+**
+**   *  proxy file to act as a proxy for the advisory locks normally
+**      taken on the database
+**
+** The conch file - to use a proxy file, sqlite must first "hold the conch"
+** by taking an sqlite-style shared lock on the conch file, reading the
+** contents and comparing the host's unique host ID (see below) and lock
+** proxy path against the values stored in the conch.  The conch file is
+** stored in the same directory as the database file and the file name
+** is patterned after the database file name as ".<databasename>-conch".
+** If the conch file does not exist, or its contents do not match the
+** host ID and/or proxy path, then the lock is escalated to an exclusive
+** lock and the conch file contents is updated with the host ID and proxy
+** path and the lock is downgraded to a shared lock again.  If the conch
+** is held by another process (with a shared lock), the exclusive lock
+** will fail and SQLITE_BUSY is returned.
+**
+** The proxy file - a single-byte file used for all advisory file locks
+** normally taken on the database file.   This allows for safe sharing
+** of the database file for multiple readers and writers on the same
+** host (the conch ensures that they all use the same local lock file).
+**
+** Requesting the lock proxy does not immediately take the conch, it is
+** only taken when the first request to lock database file is made.  
+** This matches the semantics of the traditional locking behavior, where
+** opening a connection to a database file does not take a lock on it.
+** The shared lock and an open file descriptor are maintained until 
+** the connection to the database is closed. 
+**
+** The proxy file and the lock file are never deleted so they only need
+** to be created the first time they are used.
+**
+** Configuration options
+** ---------------------
+**
+**  SQLITE_PREFER_PROXY_LOCKING
+**
+**       Database files accessed on non-local file systems are
+**       automatically configured for proxy locking, lock files are
+**       named automatically using the same logic as
+**       PRAGMA lock_proxy_file=":auto:"
+**    
+**  SQLITE_PROXY_DEBUG
+**
+**       Enables the logging of error messages during host id file
+**       retrieval and creation
+**
+**  LOCKPROXYDIR
+**
+**       Overrides the default directory used for lock proxy files that
+**       are named automatically via the ":auto:" setting
+**
+**  SQLITE_DEFAULT_PROXYDIR_PERMISSIONS
+**
+**       Permissions to use when creating a directory for storing the
+**       lock proxy files, only used when LOCKPROXYDIR is not set.
+**    
+**    
+** As mentioned above, when compiled with SQLITE_PREFER_PROXY_LOCKING,
+** setting the environment variable SQLITE_FORCE_PROXY_LOCKING to 1 will
+** force proxy locking to be used for every database file opened, and 0
+** will force automatic proxy locking to be disabled for all database
+** files (explicitly calling the SQLITE_FCNTL_SET_LOCKPROXYFILE pragma or
+** sqlite_file_control API is not affected by SQLITE_FORCE_PROXY_LOCKING).
+*/
+
+/*
+** Proxy locking is only available on MacOSX 
+*/
+#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE
+
+/*
+** The proxyLockingContext has the path and file structures for the remote 
+** and local proxy files in it
+*/
+typedef struct proxyLockingContext proxyLockingContext;
+struct proxyLockingContext {
+  unixFile *conchFile;         /* Open conch file */
+  char *conchFilePath;         /* Name of the conch file */
+  unixFile *lockProxy;         /* Open proxy lock file */
+  char *lockProxyPath;         /* Name of the proxy lock file */
+  char *dbPath;                /* Name of the open file */
+  int conchHeld;               /* 1 if the conch is held, -1 if lockless */
+  int nFails;                  /* Number of conch taking failures */
+  void *oldLockingContext;     /* Original lockingcontext to restore on close */
+  sqlite3_io_methods const *pOldMethod;     /* Original I/O methods for close */
+};
+
+/* 
+** The proxy lock file path for the database at dbPath is written into lPath, 
+** which must point to valid, writable memory large enough for a maxLen length
+** file path. 
+*/
+static int proxyGetLockPath(const char *dbPath, char *lPath, size_t maxLen){
+  int len;
+  int dbLen;
+  int i;
+
+#ifdef LOCKPROXYDIR
+  len = strlcpy(lPath, LOCKPROXYDIR, maxLen);
+#else
+# ifdef _CS_DARWIN_USER_TEMP_DIR
+  {
+    if( !confstr(_CS_DARWIN_USER_TEMP_DIR, lPath, maxLen) ){
+      OSTRACE(("GETLOCKPATH  failed %s errno=%d pid=%d\n",
+               lPath, errno, osGetpid(0)));
+      return SQLITE_IOERR_LOCK;
+    }
+    len = strlcat(lPath, "sqliteplocks", maxLen);    
+  }
+# else
+  len = strlcpy(lPath, "/tmp/", maxLen);
+# endif
+#endif
+
+  if( lPath[len-1]!='/' ){
+    len = strlcat(lPath, "/", maxLen);
+  }
+  
+  /* transform the db path to a unique cache name */
+  dbLen = (int)strlen(dbPath);
+  for( i=0; i<dbLen && (i+len+7)<(int)maxLen; i++){
+    char c = dbPath[i];
+    lPath[i+len] = (c=='/')?'_':c;
+  }
+  lPath[i+len]='\0';
+  strlcat(lPath, ":auto:", maxLen);
+  OSTRACE(("GETLOCKPATH  proxy lock path=%s pid=%d\n", lPath, osGetpid(0)));
+  return SQLITE_OK;
+}
+
+/* 
+ ** Creates the lock file and any missing directories in lockPath
+ */
+static int proxyCreateLockPath(const char *lockPath){
+  int i, len;
+  char buf[MAXPATHLEN];
+  int start = 0;
+  
+  assert(lockPath!=NULL);
+  /* try to create all the intermediate directories */
+  len = (int)strlen(lockPath);
+  buf[0] = lockPath[0];
+  for( i=1; i<len; i++ ){
+    if( lockPath[i] == '/' && (i - start > 0) ){
+      /* only mkdir if leaf dir != "." or "/" or ".." */
+      if( i-start>2 || (i-start==1 && buf[start] != '.' && buf[start] != '/') 
+         || (i-start==2 && buf[start] != '.' && buf[start+1] != '.') ){
+        buf[i]='\0';
+        if( osMkdir(buf, SQLITE_DEFAULT_PROXYDIR_PERMISSIONS) ){
+          int err=errno;
+          if( err!=EEXIST ) {
+            OSTRACE(("CREATELOCKPATH  FAILED creating %s, "
+                     "'%s' proxy lock path=%s pid=%d\n",
+                     buf, strerror(err), lockPath, osGetpid(0)));
+            return err;
+          }
+        }
+      }
+      start=i+1;
+    }
+    buf[i] = lockPath[i];
+  }
+  OSTRACE(("CREATELOCKPATH  proxy lock path=%s pid=%d\n",lockPath,osGetpid(0)));
+  return 0;
+}
+
+/*
+** Create a new VFS file descriptor (stored in memory obtained from
+** sqlite3_malloc) and open the file named "path" in the file descriptor.
+**
+** The caller is responsible not only for closing the file descriptor
+** but also for freeing the memory associated with the file descriptor.
+*/
+static int proxyCreateUnixFile(
+    const char *path,        /* path for the new unixFile */
+    unixFile **ppFile,       /* unixFile created and returned by ref */
+    int islockfile           /* if non zero missing dirs will be created */
+) {
+  int fd = -1;
+  unixFile *pNew;
+  int rc = SQLITE_OK;
+  int openFlags = O_RDWR | O_CREAT;
+  sqlite3_vfs dummyVfs;
+  int terrno = 0;
+  UnixUnusedFd *pUnused = NULL;
+
+  /* 1. first try to open/create the file
+  ** 2. if that fails, and this is a lock file (not-conch), try creating
+  ** the parent directories and then try again.
+  ** 3. if that fails, try to open the file read-only
+  ** otherwise return BUSY (if lock file) or CANTOPEN for the conch file
+  */
+  pUnused = findReusableFd(path, openFlags);
+  if( pUnused ){
+    fd = pUnused->fd;
+  }else{
+    pUnused = sqlite3_malloc64(sizeof(*pUnused));
+    if( !pUnused ){
+      return SQLITE_NOMEM;
+    }
+  }
+  if( fd<0 ){
+    fd = robust_open(path, openFlags, 0);
+    terrno = errno;
+    if( fd<0 && errno==ENOENT && islockfile ){
+      if( proxyCreateLockPath(path) == SQLITE_OK ){
+        fd = robust_open(path, openFlags, 0);
+      }
+    }
+  }
+  if( fd<0 ){
+    openFlags = O_RDONLY;
+    fd = robust_open(path, openFlags, 0);
+    terrno = errno;
+  }
+  if( fd<0 ){
+    if( islockfile ){
+      return SQLITE_BUSY;
+    }
+    switch (terrno) {
+      case EACCES:
+        return SQLITE_PERM;
+      case EIO: 
+        return SQLITE_IOERR_LOCK; /* even though it is the conch */
+      default:
+        return SQLITE_CANTOPEN_BKPT;
+    }
+  }
+  
+  pNew = (unixFile *)sqlite3_malloc64(sizeof(*pNew));
+  if( pNew==NULL ){
+    rc = SQLITE_NOMEM;
+    goto end_create_proxy;
+  }
+  memset(pNew, 0, sizeof(unixFile));
+  pNew->openFlags = openFlags;
+  memset(&dummyVfs, 0, sizeof(dummyVfs));
+  dummyVfs.pAppData = (void*)&autolockIoFinder;
+  dummyVfs.zName = "dummy";
+  pUnused->fd = fd;
+  pUnused->flags = openFlags;
+  pNew->pUnused = pUnused;
+  
+  rc = fillInUnixFile(&dummyVfs, fd, (sqlite3_file*)pNew, path, 0);
+  if( rc==SQLITE_OK ){
+    *ppFile = pNew;
+    return SQLITE_OK;
+  }
+end_create_proxy:    
+  robust_close(pNew, fd, __LINE__);
+  sqlite3_free(pNew);
+  sqlite3_free(pUnused);
+  return rc;
+}
+
+#ifdef SQLITE_TEST
+/* simulate multiple hosts by creating unique hostid file paths */
+SQLITE_API int sqlite3_hostid_num = 0;
+#endif
+
+#define PROXY_HOSTIDLEN    16  /* conch file host id length */
+
+#ifdef HAVE_GETHOSTUUID
+/* Not always defined in the headers as it ought to be */
+extern int gethostuuid(uuid_t id, const struct timespec *wait);
+#endif
+
+/* get the host ID via gethostuuid(), pHostID must point to PROXY_HOSTIDLEN 
+** bytes of writable memory.
+*/
+static int proxyGetHostID(unsigned char *pHostID, int *pError){
+  assert(PROXY_HOSTIDLEN == sizeof(uuid_t));
+  memset(pHostID, 0, PROXY_HOSTIDLEN);
+#ifdef HAVE_GETHOSTUUID
+  {
+    struct timespec timeout = {1, 0}; /* 1 sec timeout */
+    if( gethostuuid(pHostID, &timeout) ){
+      int err = errno;
+      if( pError ){
+        *pError = err;
+      }
+      return SQLITE_IOERR;
+    }
+  }
+#else
+  UNUSED_PARAMETER(pError);
+#endif
+#ifdef SQLITE_TEST
+  /* simulate multiple hosts by creating unique hostid file paths */
+  if( sqlite3_hostid_num != 0){
+    pHostID[0] = (char)(pHostID[0] + (char)(sqlite3_hostid_num & 0xFF));
+  }
+#endif
+  
+  return SQLITE_OK;
+}
+
+/* The conch file contains the header, host id and lock file path
+ */
+#define PROXY_CONCHVERSION 2   /* 1-byte header, 16-byte host id, path */
+#define PROXY_HEADERLEN    1   /* conch file header length */
+#define PROXY_PATHINDEX    (PROXY_HEADERLEN+PROXY_HOSTIDLEN)
+#define PROXY_MAXCONCHLEN  (PROXY_HEADERLEN+PROXY_HOSTIDLEN+MAXPATHLEN)
+
+/* 
+** Takes an open conch file, copies the contents to a new path and then moves 
+** it back.  The newly created file's file descriptor is assigned to the
+** conch file structure and finally the original conch file descriptor is 
+** closed.  Returns zero if successful.
+*/
+static int proxyBreakConchLock(unixFile *pFile, uuid_t myHostID){
+  proxyLockingContext *pCtx = (proxyLockingContext *)pFile->lockingContext; 
+  unixFile *conchFile = pCtx->conchFile;
+  char tPath[MAXPATHLEN];
+  char buf[PROXY_MAXCONCHLEN];
+  char *cPath = pCtx->conchFilePath;
+  size_t readLen = 0;
+  size_t pathLen = 0;
+  char errmsg[64] = "";
+  int fd = -1;
+  int rc = -1;
+  UNUSED_PARAMETER(myHostID);
+
+  /* create a new path by replace the trailing '-conch' with '-break' */
+  pathLen = strlcpy(tPath, cPath, MAXPATHLEN);
+  if( pathLen>MAXPATHLEN || pathLen<6 || 
+     (strlcpy(&tPath[pathLen-5], "break", 6) != 5) ){
+    sqlite3_snprintf(sizeof(errmsg),errmsg,"path error (len %d)",(int)pathLen);
+    goto end_breaklock;
+  }
+  /* read the conch content */
+  readLen = osPread(conchFile->h, buf, PROXY_MAXCONCHLEN, 0);
+  if( readLen<PROXY_PATHINDEX ){
+    sqlite3_snprintf(sizeof(errmsg),errmsg,"read error (len %d)",(int)readLen);
+    goto end_breaklock;
+  }
+  /* write it out to the temporary break file */
+  fd = robust_open(tPath, (O_RDWR|O_CREAT|O_EXCL), 0);
+  if( fd<0 ){
+    sqlite3_snprintf(sizeof(errmsg), errmsg, "create failed (%d)", errno);
+    goto end_breaklock;
+  }
+  if( osPwrite(fd, buf, readLen, 0) != (ssize_t)readLen ){
+    sqlite3_snprintf(sizeof(errmsg), errmsg, "write failed (%d)", errno);
+    goto end_breaklock;
+  }
+  if( rename(tPath, cPath) ){
+    sqlite3_snprintf(sizeof(errmsg), errmsg, "rename failed (%d)", errno);
+    goto end_breaklock;
+  }
+  rc = 0;
+  fprintf(stderr, "broke stale lock on %s\n", cPath);
+  robust_close(pFile, conchFile->h, __LINE__);
+  conchFile->h = fd;
+  conchFile->openFlags = O_RDWR | O_CREAT;
+
+end_breaklock:
+  if( rc ){
+    if( fd>=0 ){
+      osUnlink(tPath);
+      robust_close(pFile, fd, __LINE__);
+    }
+    fprintf(stderr, "failed to break stale lock on %s, %s\n", cPath, errmsg);
+  }
+  return rc;
+}
+
+/* Take the requested lock on the conch file and break a stale lock if the 
+** host id matches.
+*/
+static int proxyConchLock(unixFile *pFile, uuid_t myHostID, int lockType){
+  proxyLockingContext *pCtx = (proxyLockingContext *)pFile->lockingContext; 
+  unixFile *conchFile = pCtx->conchFile;
+  int rc = SQLITE_OK;
+  int nTries = 0;
+  struct timespec conchModTime;
+  
+  memset(&conchModTime, 0, sizeof(conchModTime));
+  do {
+    rc = conchFile->pMethod->xLock((sqlite3_file*)conchFile, lockType);
+    nTries ++;
+    if( rc==SQLITE_BUSY ){
+      /* If the lock failed (busy):
+       * 1st try: get the mod time of the conch, wait 0.5s and try again. 
+       * 2nd try: fail if the mod time changed or host id is different, wait 
+       *           10 sec and try again
+       * 3rd try: break the lock unless the mod time has changed.
+       */
+      struct stat buf;
+      if( osFstat(conchFile->h, &buf) ){
+        storeLastErrno(pFile, errno);
+        return SQLITE_IOERR_LOCK;
+      }
+      
+      if( nTries==1 ){
+        conchModTime = buf.st_mtimespec;
+        usleep(500000); /* wait 0.5 sec and try the lock again*/
+        continue;  
+      }
+
+      assert( nTries>1 );
+      if( conchModTime.tv_sec != buf.st_mtimespec.tv_sec || 
+         conchModTime.tv_nsec != buf.st_mtimespec.tv_nsec ){
+        return SQLITE_BUSY;
+      }
+      
+      if( nTries==2 ){  
+        char tBuf[PROXY_MAXCONCHLEN];
+        int len = osPread(conchFile->h, tBuf, PROXY_MAXCONCHLEN, 0);
+        if( len<0 ){
+          storeLastErrno(pFile, errno);
+          return SQLITE_IOERR_LOCK;
+        }
+        if( len>PROXY_PATHINDEX && tBuf[0]==(char)PROXY_CONCHVERSION){
+          /* don't break the lock if the host id doesn't match */
+          if( 0!=memcmp(&tBuf[PROXY_HEADERLEN], myHostID, PROXY_HOSTIDLEN) ){
+            return SQLITE_BUSY;
+          }
+        }else{
+          /* don't break the lock on short read or a version mismatch */
+          return SQLITE_BUSY;
+        }
+        usleep(10000000); /* wait 10 sec and try the lock again */
+        continue; 
+      }
+      
+      assert( nTries==3 );
+      if( 0==proxyBreakConchLock(pFile, myHostID) ){
+        rc = SQLITE_OK;
+        if( lockType==EXCLUSIVE_LOCK ){
+          rc = conchFile->pMethod->xLock((sqlite3_file*)conchFile, SHARED_LOCK);
+        }
+        if( !rc ){
+          rc = conchFile->pMethod->xLock((sqlite3_file*)conchFile, lockType);
+        }
+      }
+    }
+  } while( rc==SQLITE_BUSY && nTries<3 );
+  
+  return rc;
+}
+
+/* Takes the conch by taking a shared lock and read the contents conch, if 
+** lockPath is non-NULL, the host ID and lock file path must match.  A NULL 
+** lockPath means that the lockPath in the conch file will be used if the 
+** host IDs match, or a new lock path will be generated automatically 
+** and written to the conch file.
+*/
+static int proxyTakeConch(unixFile *pFile){
+  proxyLockingContext *pCtx = (proxyLockingContext *)pFile->lockingContext; 
+  
+  if( pCtx->conchHeld!=0 ){
+    return SQLITE_OK;
+  }else{
+    unixFile *conchFile = pCtx->conchFile;
+    uuid_t myHostID;
+    int pError = 0;
+    char readBuf[PROXY_MAXCONCHLEN];
+    char lockPath[MAXPATHLEN];
+    char *tempLockPath = NULL;
+    int rc = SQLITE_OK;
+    int createConch = 0;
+    int hostIdMatch = 0;
+    int readLen = 0;
+    int tryOldLockPath = 0;
+    int forceNewLockPath = 0;
+    
+    OSTRACE(("TAKECONCH  %d for %s pid=%d\n", conchFile->h,
+             (pCtx->lockProxyPath ? pCtx->lockProxyPath : ":auto:"),
+             osGetpid(0)));
+
+    rc = proxyGetHostID(myHostID, &pError);
+    if( (rc&0xff)==SQLITE_IOERR ){
+      storeLastErrno(pFile, pError);
+      goto end_takeconch;
+    }
+    rc = proxyConchLock(pFile, myHostID, SHARED_LOCK);
+    if( rc!=SQLITE_OK ){
+      goto end_takeconch;
+    }
+    /* read the existing conch file */
+    readLen = seekAndRead((unixFile*)conchFile, 0, readBuf, PROXY_MAXCONCHLEN);
+    if( readLen<0 ){
+      /* I/O error: lastErrno set by seekAndRead */
+      storeLastErrno(pFile, conchFile->lastErrno);
+      rc = SQLITE_IOERR_READ;
+      goto end_takeconch;
+    }else if( readLen<=(PROXY_HEADERLEN+PROXY_HOSTIDLEN) || 
+             readBuf[0]!=(char)PROXY_CONCHVERSION ){
+      /* a short read or version format mismatch means we need to create a new 
+      ** conch file. 
+      */
+      createConch = 1;
+    }
+    /* if the host id matches and the lock path already exists in the conch
+    ** we'll try to use the path there, if we can't open that path, we'll 
+    ** retry with a new auto-generated path 
+    */
+    do { /* in case we need to try again for an :auto: named lock file */
+
+      if( !createConch && !forceNewLockPath ){
+        hostIdMatch = !memcmp(&readBuf[PROXY_HEADERLEN], myHostID, 
+                                  PROXY_HOSTIDLEN);
+        /* if the conch has data compare the contents */
+        if( !pCtx->lockProxyPath ){
+          /* for auto-named local lock file, just check the host ID and we'll
+           ** use the local lock file path that's already in there
+           */
+          if( hostIdMatch ){
+            size_t pathLen = (readLen - PROXY_PATHINDEX);
+            
+            if( pathLen>=MAXPATHLEN ){
+              pathLen=MAXPATHLEN-1;
+            }
+            memcpy(lockPath, &readBuf[PROXY_PATHINDEX], pathLen);
+            lockPath[pathLen] = 0;
+            tempLockPath = lockPath;
+            tryOldLockPath = 1;
+            /* create a copy of the lock path if the conch is taken */
+            goto end_takeconch;
+          }
+        }else if( hostIdMatch
+               && !strncmp(pCtx->lockProxyPath, &readBuf[PROXY_PATHINDEX],
+                           readLen-PROXY_PATHINDEX)
+        ){
+          /* conch host and lock path match */
+          goto end_takeconch; 
+        }
+      }
+      
+      /* if the conch isn't writable and doesn't match, we can't take it */
+      if( (conchFile->openFlags&O_RDWR) == 0 ){
+        rc = SQLITE_BUSY;
+        goto end_takeconch;
+      }
+      
+      /* either the conch didn't match or we need to create a new one */
+      if( !pCtx->lockProxyPath ){
+        proxyGetLockPath(pCtx->dbPath, lockPath, MAXPATHLEN);
+        tempLockPath = lockPath;
+        /* create a copy of the lock path _only_ if the conch is taken */
+      }
+      
+      /* update conch with host and path (this will fail if other process
+      ** has a shared lock already), if the host id matches, use the big
+      ** stick.
+      */
+      futimes(conchFile->h, NULL);
+      if( hostIdMatch && !createConch ){
+        if( conchFile->pInode && conchFile->pInode->nShared>1 ){
+          /* We are trying for an exclusive lock but another thread in this
+           ** same process is still holding a shared lock. */
+          rc = SQLITE_BUSY;
+        } else {          
+          rc = proxyConchLock(pFile, myHostID, EXCLUSIVE_LOCK);
+        }
+      }else{
+        rc = proxyConchLock(pFile, myHostID, EXCLUSIVE_LOCK);
+      }
+      if( rc==SQLITE_OK ){
+        char writeBuffer[PROXY_MAXCONCHLEN];
+        int writeSize = 0;
+        
+        writeBuffer[0] = (char)PROXY_CONCHVERSION;
+        memcpy(&writeBuffer[PROXY_HEADERLEN], myHostID, PROXY_HOSTIDLEN);
+        if( pCtx->lockProxyPath!=NULL ){
+          strlcpy(&writeBuffer[PROXY_PATHINDEX], pCtx->lockProxyPath,
+                  MAXPATHLEN);
+        }else{
+          strlcpy(&writeBuffer[PROXY_PATHINDEX], tempLockPath, MAXPATHLEN);
+        }
+        writeSize = PROXY_PATHINDEX + strlen(&writeBuffer[PROXY_PATHINDEX]);
+        robust_ftruncate(conchFile->h, writeSize);
+        rc = unixWrite((sqlite3_file *)conchFile, writeBuffer, writeSize, 0);
+        fsync(conchFile->h);
+        /* If we created a new conch file (not just updated the contents of a 
+         ** valid conch file), try to match the permissions of the database 
+         */
+        if( rc==SQLITE_OK && createConch ){
+          struct stat buf;
+          int err = osFstat(pFile->h, &buf);
+          if( err==0 ){
+            mode_t cmode = buf.st_mode&(S_IRUSR|S_IWUSR | S_IRGRP|S_IWGRP |
+                                        S_IROTH|S_IWOTH);
+            /* try to match the database file R/W permissions, ignore failure */
+#ifndef SQLITE_PROXY_DEBUG
+            osFchmod(conchFile->h, cmode);
+#else
+            do{
+              rc = osFchmod(conchFile->h, cmode);
+            }while( rc==(-1) && errno==EINTR );
+            if( rc!=0 ){
+              int code = errno;
+              fprintf(stderr, "fchmod %o FAILED with %d %s\n",
+                      cmode, code, strerror(code));
+            } else {
+              fprintf(stderr, "fchmod %o SUCCEDED\n",cmode);
+            }
+          }else{
+            int code = errno;
+            fprintf(stderr, "STAT FAILED[%d] with %d %s\n", 
+                    err, code, strerror(code));
+#endif
+          }
+        }
+      }
+      conchFile->pMethod->xUnlock((sqlite3_file*)conchFile, SHARED_LOCK);
+      
+    end_takeconch:
+      OSTRACE(("TRANSPROXY: CLOSE  %d\n", pFile->h));
+      if( rc==SQLITE_OK && pFile->openFlags ){
+        int fd;
+        if( pFile->h>=0 ){
+          robust_close(pFile, pFile->h, __LINE__);
+        }
+        pFile->h = -1;
+        fd = robust_open(pCtx->dbPath, pFile->openFlags, 0);
+        OSTRACE(("TRANSPROXY: OPEN  %d\n", fd));
+        if( fd>=0 ){
+          pFile->h = fd;
+        }else{
+          rc=SQLITE_CANTOPEN_BKPT; /* SQLITE_BUSY? proxyTakeConch called
+           during locking */
+        }
+      }
+      if( rc==SQLITE_OK && !pCtx->lockProxy ){
+        char *path = tempLockPath ? tempLockPath : pCtx->lockProxyPath;
+        rc = proxyCreateUnixFile(path, &pCtx->lockProxy, 1);
+        if( rc!=SQLITE_OK && rc!=SQLITE_NOMEM && tryOldLockPath ){
+          /* we couldn't create the proxy lock file with the old lock file path
+           ** so try again via auto-naming 
+           */
+          forceNewLockPath = 1;
+          tryOldLockPath = 0;
+          continue; /* go back to the do {} while start point, try again */
+        }
+      }
+      if( rc==SQLITE_OK ){
+        /* Need to make a copy of path if we extracted the value
+         ** from the conch file or the path was allocated on the stack
+         */
+        if( tempLockPath ){
+          pCtx->lockProxyPath = sqlite3DbStrDup(0, tempLockPath);
+          if( !pCtx->lockProxyPath ){
+            rc = SQLITE_NOMEM;
+          }
+        }
+      }
+      if( rc==SQLITE_OK ){
+        pCtx->conchHeld = 1;
+        
+        if( pCtx->lockProxy->pMethod == &afpIoMethods ){
+          afpLockingContext *afpCtx;
+          afpCtx = (afpLockingContext *)pCtx->lockProxy->lockingContext;
+          afpCtx->dbPath = pCtx->lockProxyPath;
+        }
+      } else {
+        conchFile->pMethod->xUnlock((sqlite3_file*)conchFile, NO_LOCK);
+      }
+      OSTRACE(("TAKECONCH  %d %s\n", conchFile->h,
+               rc==SQLITE_OK?"ok":"failed"));
+      return rc;
+    } while (1); /* in case we need to retry the :auto: lock file - 
+                 ** we should never get here except via the 'continue' call. */
+  }
+}
+
+/*
+** If pFile holds a lock on a conch file, then release that lock.
+*/
+static int proxyReleaseConch(unixFile *pFile){
+  int rc = SQLITE_OK;         /* Subroutine return code */
+  proxyLockingContext *pCtx;  /* The locking context for the proxy lock */
+  unixFile *conchFile;        /* Name of the conch file */
+
+  pCtx = (proxyLockingContext *)pFile->lockingContext;
+  conchFile = pCtx->conchFile;
+  OSTRACE(("RELEASECONCH  %d for %s pid=%d\n", conchFile->h,
+           (pCtx->lockProxyPath ? pCtx->lockProxyPath : ":auto:"), 
+           osGetpid(0)));
+  if( pCtx->conchHeld>0 ){
+    rc = conchFile->pMethod->xUnlock((sqlite3_file*)conchFile, NO_LOCK);
+  }
+  pCtx->conchHeld = 0;
+  OSTRACE(("RELEASECONCH  %d %s\n", conchFile->h,
+           (rc==SQLITE_OK ? "ok" : "failed")));
+  return rc;
+}
+
+/*
+** Given the name of a database file, compute the name of its conch file.
+** Store the conch filename in memory obtained from sqlite3_malloc64().
+** Make *pConchPath point to the new name.  Return SQLITE_OK on success
+** or SQLITE_NOMEM if unable to obtain memory.
+**
+** The caller is responsible for ensuring that the allocated memory
+** space is eventually freed.
+**
+** *pConchPath is set to NULL if a memory allocation error occurs.
+*/
+static int proxyCreateConchPathname(char *dbPath, char **pConchPath){
+  int i;                        /* Loop counter */
+  int len = (int)strlen(dbPath); /* Length of database filename - dbPath */
+  char *conchPath;              /* buffer in which to construct conch name */
+
+  /* Allocate space for the conch filename and initialize the name to
+  ** the name of the original database file. */  
+  *pConchPath = conchPath = (char *)sqlite3_malloc64(len + 8);
+  if( conchPath==0 ){
+    return SQLITE_NOMEM;
+  }
+  memcpy(conchPath, dbPath, len+1);
+  
+  /* now insert a "." before the last / character */
+  for( i=(len-1); i>=0; i-- ){
+    if( conchPath[i]=='/' ){
+      i++;
+      break;
+    }
+  }
+  conchPath[i]='.';
+  while ( i<len ){
+    conchPath[i+1]=dbPath[i];
+    i++;
+  }
+
+  /* append the "-conch" suffix to the file */
+  memcpy(&conchPath[i+1], "-conch", 7);
+  assert( (int)strlen(conchPath) == len+7 );
+
+  return SQLITE_OK;
+}
+
+
+/* Takes a fully configured proxy locking-style unix file and switches
+** the local lock file path 
+*/
+static int switchLockProxyPath(unixFile *pFile, const char *path) {
+  proxyLockingContext *pCtx = (proxyLockingContext*)pFile->lockingContext;
+  char *oldPath = pCtx->lockProxyPath;
+  int rc = SQLITE_OK;
+
+  if( pFile->eFileLock!=NO_LOCK ){
+    return SQLITE_BUSY;
+  }  
+
+  /* nothing to do if the path is NULL, :auto: or matches the existing path */
+  if( !path || path[0]=='\0' || !strcmp(path, ":auto:") ||
+    (oldPath && !strncmp(oldPath, path, MAXPATHLEN)) ){
+    return SQLITE_OK;
+  }else{
+    unixFile *lockProxy = pCtx->lockProxy;
+    pCtx->lockProxy=NULL;
+    pCtx->conchHeld = 0;
+    if( lockProxy!=NULL ){
+      rc=lockProxy->pMethod->xClose((sqlite3_file *)lockProxy);
+      if( rc ) return rc;
+      sqlite3_free(lockProxy);
+    }
+    sqlite3_free(oldPath);
+    pCtx->lockProxyPath = sqlite3DbStrDup(0, path);
+  }
+  
+  return rc;
+}
+
+/*
+** pFile is a file that has been opened by a prior xOpen call.  dbPath
+** is a string buffer at least MAXPATHLEN+1 characters in size.
+**
+** This routine find the filename associated with pFile and writes it
+** int dbPath.
+*/
+static int proxyGetDbPathForUnixFile(unixFile *pFile, char *dbPath){
+#if defined(__APPLE__)
+  if( pFile->pMethod == &afpIoMethods ){
+    /* afp style keeps a reference to the db path in the filePath field 
+    ** of the struct */
+    assert( (int)strlen((char*)pFile->lockingContext)<=MAXPATHLEN );
+    strlcpy(dbPath, ((afpLockingContext *)pFile->lockingContext)->dbPath,
+            MAXPATHLEN);
+  } else
+#endif
+  if( pFile->pMethod == &dotlockIoMethods ){
+    /* dot lock style uses the locking context to store the dot lock
+    ** file path */
+    int len = strlen((char *)pFile->lockingContext) - strlen(DOTLOCK_SUFFIX);
+    memcpy(dbPath, (char *)pFile->lockingContext, len + 1);
+  }else{
+    /* all other styles use the locking context to store the db file path */
+    assert( strlen((char*)pFile->lockingContext)<=MAXPATHLEN );
+    strlcpy(dbPath, (char *)pFile->lockingContext, MAXPATHLEN);
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Takes an already filled in unix file and alters it so all file locking 
+** will be performed on the local proxy lock file.  The following fields
+** are preserved in the locking context so that they can be restored and 
+** the unix structure properly cleaned up at close time:
+**  ->lockingContext
+**  ->pMethod
+*/
+static int proxyTransformUnixFile(unixFile *pFile, const char *path) {
+  proxyLockingContext *pCtx;
+  char dbPath[MAXPATHLEN+1];       /* Name of the database file */
+  char *lockPath=NULL;
+  int rc = SQLITE_OK;
+  
+  if( pFile->eFileLock!=NO_LOCK ){
+    return SQLITE_BUSY;
+  }
+  proxyGetDbPathForUnixFile(pFile, dbPath);
+  if( !path || path[0]=='\0' || !strcmp(path, ":auto:") ){
+    lockPath=NULL;
+  }else{
+    lockPath=(char *)path;
+  }
+  
+  OSTRACE(("TRANSPROXY  %d for %s pid=%d\n", pFile->h,
+           (lockPath ? lockPath : ":auto:"), osGetpid(0)));
+
+  pCtx = sqlite3_malloc64( sizeof(*pCtx) );
+  if( pCtx==0 ){
+    return SQLITE_NOMEM;
+  }
+  memset(pCtx, 0, sizeof(*pCtx));
+
+  rc = proxyCreateConchPathname(dbPath, &pCtx->conchFilePath);
+  if( rc==SQLITE_OK ){
+    rc = proxyCreateUnixFile(pCtx->conchFilePath, &pCtx->conchFile, 0);
+    if( rc==SQLITE_CANTOPEN && ((pFile->openFlags&O_RDWR) == 0) ){
+      /* if (a) the open flags are not O_RDWR, (b) the conch isn't there, and
+      ** (c) the file system is read-only, then enable no-locking access.
+      ** Ugh, since O_RDONLY==0x0000 we test for !O_RDWR since unixOpen asserts
+      ** that openFlags will have only one of O_RDONLY or O_RDWR.
+      */
+      struct statfs fsInfo;
+      struct stat conchInfo;
+      int goLockless = 0;
+
+      if( osStat(pCtx->conchFilePath, &conchInfo) == -1 ) {
+        int err = errno;
+        if( (err==ENOENT) && (statfs(dbPath, &fsInfo) != -1) ){
+          goLockless = (fsInfo.f_flags&MNT_RDONLY) == MNT_RDONLY;
+        }
+      }
+      if( goLockless ){
+        pCtx->conchHeld = -1; /* read only FS/ lockless */
+        rc = SQLITE_OK;
+      }
+    }
+  }  
+  if( rc==SQLITE_OK && lockPath ){
+    pCtx->lockProxyPath = sqlite3DbStrDup(0, lockPath);
+  }
+
+  if( rc==SQLITE_OK ){
+    pCtx->dbPath = sqlite3DbStrDup(0, dbPath);
+    if( pCtx->dbPath==NULL ){
+      rc = SQLITE_NOMEM;
+    }
+  }
+  if( rc==SQLITE_OK ){
+    /* all memory is allocated, proxys are created and assigned, 
+    ** switch the locking context and pMethod then return.
+    */
+    pCtx->oldLockingContext = pFile->lockingContext;
+    pFile->lockingContext = pCtx;
+    pCtx->pOldMethod = pFile->pMethod;
+    pFile->pMethod = &proxyIoMethods;
+  }else{
+    if( pCtx->conchFile ){ 
+      pCtx->conchFile->pMethod->xClose((sqlite3_file *)pCtx->conchFile);
+      sqlite3_free(pCtx->conchFile);
+    }
+    sqlite3DbFree(0, pCtx->lockProxyPath);
+    sqlite3_free(pCtx->conchFilePath); 
+    sqlite3_free(pCtx);
+  }
+  OSTRACE(("TRANSPROXY  %d %s\n", pFile->h,
+           (rc==SQLITE_OK ? "ok" : "failed")));
+  return rc;
+}
+
+
+/*
+** This routine handles sqlite3_file_control() calls that are specific
+** to proxy locking.
+*/
+static int proxyFileControl(sqlite3_file *id, int op, void *pArg){
+  switch( op ){
+    case SQLITE_FCNTL_GET_LOCKPROXYFILE: {
+      unixFile *pFile = (unixFile*)id;
+      if( pFile->pMethod == &proxyIoMethods ){
+        proxyLockingContext *pCtx = (proxyLockingContext*)pFile->lockingContext;
+        proxyTakeConch(pFile);
+        if( pCtx->lockProxyPath ){
+          *(const char **)pArg = pCtx->lockProxyPath;
+        }else{
+          *(const char **)pArg = ":auto: (not held)";
+        }
+      } else {
+        *(const char **)pArg = NULL;
+      }
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_SET_LOCKPROXYFILE: {
+      unixFile *pFile = (unixFile*)id;
+      int rc = SQLITE_OK;
+      int isProxyStyle = (pFile->pMethod == &proxyIoMethods);
+      if( pArg==NULL || (const char *)pArg==0 ){
+        if( isProxyStyle ){
+          /* turn off proxy locking - not supported.  If support is added for
+          ** switching proxy locking mode off then it will need to fail if
+          ** the journal mode is WAL mode. 
+          */
+          rc = SQLITE_ERROR /*SQLITE_PROTOCOL? SQLITE_MISUSE?*/;
+        }else{
+          /* turn off proxy locking - already off - NOOP */
+          rc = SQLITE_OK;
+        }
+      }else{
+        const char *proxyPath = (const char *)pArg;
+        if( isProxyStyle ){
+          proxyLockingContext *pCtx = 
+            (proxyLockingContext*)pFile->lockingContext;
+          if( !strcmp(pArg, ":auto:") 
+           || (pCtx->lockProxyPath &&
+               !strncmp(pCtx->lockProxyPath, proxyPath, MAXPATHLEN))
+          ){
+            rc = SQLITE_OK;
+          }else{
+            rc = switchLockProxyPath(pFile, proxyPath);
+          }
+        }else{
+          /* turn on proxy file locking */
+          rc = proxyTransformUnixFile(pFile, proxyPath);
+        }
+      }
+      return rc;
+    }
+    default: {
+      assert( 0 );  /* The call assures that only valid opcodes are sent */
+    }
+  }
+  /*NOTREACHED*/
+  return SQLITE_ERROR;
+}
+
+/*
+** Within this division (the proxying locking implementation) the procedures
+** above this point are all utilities.  The lock-related methods of the
+** proxy-locking sqlite3_io_method object follow.
+*/
+
+
+/*
+** This routine checks if there is a RESERVED lock held on the specified
+** file by this or any other process. If such a lock is held, set *pResOut
+** to a non-zero value otherwise *pResOut is set to zero.  The return value
+** is set to SQLITE_OK unless an I/O error occurs during lock checking.
+*/
+static int proxyCheckReservedLock(sqlite3_file *id, int *pResOut) {
+  unixFile *pFile = (unixFile*)id;
+  int rc = proxyTakeConch(pFile);
+  if( rc==SQLITE_OK ){
+    proxyLockingContext *pCtx = (proxyLockingContext *)pFile->lockingContext;
+    if( pCtx->conchHeld>0 ){
+      unixFile *proxy = pCtx->lockProxy;
+      return proxy->pMethod->xCheckReservedLock((sqlite3_file*)proxy, pResOut);
+    }else{ /* conchHeld < 0 is lockless */
+      pResOut=0;
+    }
+  }
+  return rc;
+}
+
+/*
+** Lock the file with the lock specified by parameter eFileLock - one
+** of the following:
+**
+**     (1) SHARED_LOCK
+**     (2) RESERVED_LOCK
+**     (3) PENDING_LOCK
+**     (4) EXCLUSIVE_LOCK
+**
+** Sometimes when requesting one lock state, additional lock states
+** are inserted in between.  The locking might fail on one of the later
+** transitions leaving the lock state different from what it started but
+** still short of its goal.  The following chart shows the allowed
+** transitions and the inserted intermediate states:
+**
+**    UNLOCKED -> SHARED
+**    SHARED -> RESERVED
+**    SHARED -> (PENDING) -> EXCLUSIVE
+**    RESERVED -> (PENDING) -> EXCLUSIVE
+**    PENDING -> EXCLUSIVE
+**
+** This routine will only increase a lock.  Use the sqlite3OsUnlock()
+** routine to lower a locking level.
+*/
+static int proxyLock(sqlite3_file *id, int eFileLock) {
+  unixFile *pFile = (unixFile*)id;
+  int rc = proxyTakeConch(pFile);
+  if( rc==SQLITE_OK ){
+    proxyLockingContext *pCtx = (proxyLockingContext *)pFile->lockingContext;
+    if( pCtx->conchHeld>0 ){
+      unixFile *proxy = pCtx->lockProxy;
+      rc = proxy->pMethod->xLock((sqlite3_file*)proxy, eFileLock);
+      pFile->eFileLock = proxy->eFileLock;
+    }else{
+      /* conchHeld < 0 is lockless */
+    }
+  }
+  return rc;
+}
+
+
+/*
+** Lower the locking level on file descriptor pFile to eFileLock.  eFileLock
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+*/
+static int proxyUnlock(sqlite3_file *id, int eFileLock) {
+  unixFile *pFile = (unixFile*)id;
+  int rc = proxyTakeConch(pFile);
+  if( rc==SQLITE_OK ){
+    proxyLockingContext *pCtx = (proxyLockingContext *)pFile->lockingContext;
+    if( pCtx->conchHeld>0 ){
+      unixFile *proxy = pCtx->lockProxy;
+      rc = proxy->pMethod->xUnlock((sqlite3_file*)proxy, eFileLock);
+      pFile->eFileLock = proxy->eFileLock;
+    }else{
+      /* conchHeld < 0 is lockless */
+    }
+  }
+  return rc;
+}
+
+/*
+** Close a file that uses proxy locks.
+*/
+static int proxyClose(sqlite3_file *id) {
+  if( ALWAYS(id) ){
+    unixFile *pFile = (unixFile*)id;
+    proxyLockingContext *pCtx = (proxyLockingContext *)pFile->lockingContext;
+    unixFile *lockProxy = pCtx->lockProxy;
+    unixFile *conchFile = pCtx->conchFile;
+    int rc = SQLITE_OK;
+    
+    if( lockProxy ){
+      rc = lockProxy->pMethod->xUnlock((sqlite3_file*)lockProxy, NO_LOCK);
+      if( rc ) return rc;
+      rc = lockProxy->pMethod->xClose((sqlite3_file*)lockProxy);
+      if( rc ) return rc;
+      sqlite3_free(lockProxy);
+      pCtx->lockProxy = 0;
+    }
+    if( conchFile ){
+      if( pCtx->conchHeld ){
+        rc = proxyReleaseConch(pFile);
+        if( rc ) return rc;
+      }
+      rc = conchFile->pMethod->xClose((sqlite3_file*)conchFile);
+      if( rc ) return rc;
+      sqlite3_free(conchFile);
+    }
+    sqlite3DbFree(0, pCtx->lockProxyPath);
+    sqlite3_free(pCtx->conchFilePath);
+    sqlite3DbFree(0, pCtx->dbPath);
+    /* restore the original locking context and pMethod then close it */
+    pFile->lockingContext = pCtx->oldLockingContext;
+    pFile->pMethod = pCtx->pOldMethod;
+    sqlite3_free(pCtx);
+    return pFile->pMethod->xClose(id);
+  }
+  return SQLITE_OK;
+}
+
+
+
+#endif /* defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE */
+/*
+** The proxy locking style is intended for use with AFP filesystems.
+** And since AFP is only supported on MacOSX, the proxy locking is also
+** restricted to MacOSX.
+** 
+**
+******************* End of the proxy lock implementation **********************
+******************************************************************************/
+
+/*
+** Initialize the operating system interface.
+**
+** This routine registers all VFS implementations for unix-like operating
+** systems.  This routine, and the sqlite3_os_end() routine that follows,
+** should be the only routines in this file that are visible from other
+** files.
+**
+** This routine is called once during SQLite initialization and by a
+** single thread.  The memory allocation and mutex subsystems have not
+** necessarily been initialized when this routine is called, and so they
+** should not be used.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_os_init(void){ 
+  /* 
+  ** The following macro defines an initializer for an sqlite3_vfs object.
+  ** The name of the VFS is NAME.  The pAppData is a pointer to a pointer
+  ** to the "finder" function.  (pAppData is a pointer to a pointer because
+  ** silly C90 rules prohibit a void* from being cast to a function pointer
+  ** and so we have to go through the intermediate pointer to avoid problems
+  ** when compiling with -pedantic-errors on GCC.)
+  **
+  ** The FINDER parameter to this macro is the name of the pointer to the
+  ** finder-function.  The finder-function returns a pointer to the
+  ** sqlite_io_methods object that implements the desired locking
+  ** behaviors.  See the division above that contains the IOMETHODS
+  ** macro for addition information on finder-functions.
+  **
+  ** Most finders simply return a pointer to a fixed sqlite3_io_methods
+  ** object.  But the "autolockIoFinder" available on MacOSX does a little
+  ** more than that; it looks at the filesystem type that hosts the 
+  ** database file and tries to choose an locking method appropriate for
+  ** that filesystem time.
+  */
+  #define UNIXVFS(VFSNAME, FINDER) {                        \
+    3,                    /* iVersion */                    \
+    sizeof(unixFile),     /* szOsFile */                    \
+    MAX_PATHNAME,         /* mxPathname */                  \
+    0,                    /* pNext */                       \
+    VFSNAME,              /* zName */                       \
+    (void*)&FINDER,       /* pAppData */                    \
+    unixOpen,             /* xOpen */                       \
+    unixDelete,           /* xDelete */                     \
+    unixAccess,           /* xAccess */                     \
+    unixFullPathname,     /* xFullPathname */               \
+    unixDlOpen,           /* xDlOpen */                     \
+    unixDlError,          /* xDlError */                    \
+    unixDlSym,            /* xDlSym */                      \
+    unixDlClose,          /* xDlClose */                    \
+    unixRandomness,       /* xRandomness */                 \
+    unixSleep,            /* xSleep */                      \
+    unixCurrentTime,      /* xCurrentTime */                \
+    unixGetLastError,     /* xGetLastError */               \
+    unixCurrentTimeInt64, /* xCurrentTimeInt64 */           \
+    unixSetSystemCall,    /* xSetSystemCall */              \
+    unixGetSystemCall,    /* xGetSystemCall */              \
+    unixNextSystemCall,   /* xNextSystemCall */             \
+  }
+
+  /*
+  ** All default VFSes for unix are contained in the following array.
+  **
+  ** Note that the sqlite3_vfs.pNext field of the VFS object is modified
+  ** by the SQLite core when the VFS is registered.  So the following
+  ** array cannot be const.
+  */
+  static sqlite3_vfs aVfs[] = {
+#if SQLITE_ENABLE_LOCKING_STYLE && defined(__APPLE__)
+    UNIXVFS("unix",          autolockIoFinder ),
+#elif OS_VXWORKS
+    UNIXVFS("unix",          vxworksIoFinder ),
+#else
+    UNIXVFS("unix",          posixIoFinder ),
+#endif
+    UNIXVFS("unix-none",     nolockIoFinder ),
+    UNIXVFS("unix-dotfile",  dotlockIoFinder ),
+    UNIXVFS("unix-excl",     posixIoFinder ),
+#if OS_VXWORKS
+    UNIXVFS("unix-namedsem", semIoFinder ),
+#endif
+#if SQLITE_ENABLE_LOCKING_STYLE || OS_VXWORKS
+    UNIXVFS("unix-posix",    posixIoFinder ),
+#endif
+#if SQLITE_ENABLE_LOCKING_STYLE
+    UNIXVFS("unix-flock",    flockIoFinder ),
+#endif
+#if SQLITE_ENABLE_LOCKING_STYLE && defined(__APPLE__)
+    UNIXVFS("unix-afp",      afpIoFinder ),
+    UNIXVFS("unix-nfs",      nfsIoFinder ),
+    UNIXVFS("unix-proxy",    proxyIoFinder ),
+#endif
+  };
+  unsigned int i;          /* Loop counter */
+
+  /* Double-check that the aSyscall[] array has been constructed
+  ** correctly.  See ticket [bb3a86e890c8e96ab] */
+  assert( ArraySize(aSyscall)==27 );
+
+  /* Register all VFSes defined in the aVfs[] array */
+  for(i=0; i<(sizeof(aVfs)/sizeof(sqlite3_vfs)); i++){
+    sqlite3_vfs_register(&aVfs[i], i==0);
+  }
+  return SQLITE_OK; 
+}
+
+/*
+** Shutdown the operating system interface.
+**
+** Some operating systems might need to do some cleanup in this routine,
+** to release dynamically allocated objects.  But not on unix.
+** This routine is a no-op for unix.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_os_end(void){ 
+  return SQLITE_OK; 
+}
+ 
+#endif /* SQLITE_OS_UNIX */
+
+/************** End of os_unix.c *********************************************/
+/************** Begin file os_win.c ******************************************/
+/*
+** 2004 May 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains code that is specific to Windows.
+*/
+/* #include "sqliteInt.h" */
+#if SQLITE_OS_WIN               /* This file is used for Windows only */
+
+/*
+** Include code that is common to all os_*.c files
+*/
+/************** Include os_common.h in the middle of os_win.c ****************/
+/************** Begin file os_common.h ***************************************/
+/*
+** 2004 May 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains macros and a little bit of code that is common to
+** all of the platform-specific files (os_*.c) and is #included into those
+** files.
+**
+** This file should be #included by the os_*.c files only.  It is not a
+** general purpose header file.
+*/
+#ifndef _OS_COMMON_H_
+#define _OS_COMMON_H_
+
+/*
+** At least two bugs have slipped in because we changed the MEMORY_DEBUG
+** macro to SQLITE_DEBUG and some older makefiles have not yet made the
+** switch.  The following code should catch this problem at compile-time.
+*/
+#ifdef MEMORY_DEBUG
+# error "The MEMORY_DEBUG macro is obsolete.  Use SQLITE_DEBUG instead."
+#endif
+
+/*
+** Macros for performance tracing.  Normally turned off.  Only works
+** on i486 hardware.
+*/
+#ifdef SQLITE_PERFORMANCE_TRACE
+
+/* 
+** hwtime.h contains inline assembler code for implementing 
+** high-performance timing routines.
+*/
+/************** Include hwtime.h in the middle of os_common.h ****************/
+/************** Begin file hwtime.h ******************************************/
+/*
+** 2008 May 27
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains inline asm code for retrieving "high-performance"
+** counters for x86 class CPUs.
+*/
+#ifndef _HWTIME_H_
+#define _HWTIME_H_
+
+/*
+** The following routine only works on pentium-class (or newer) processors.
+** It uses the RDTSC opcode to read the cycle count value out of the
+** processor and returns that value.  This can be used for high-res
+** profiling.
+*/
+#if (defined(__GNUC__) || defined(_MSC_VER)) && \
+      (defined(i386) || defined(__i386__) || defined(_M_IX86))
+
+  #if defined(__GNUC__)
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+     unsigned int lo, hi;
+     __asm__ __volatile__ ("rdtsc" : "=a" (lo), "=d" (hi));
+     return (sqlite_uint64)hi << 32 | lo;
+  }
+
+  #elif defined(_MSC_VER)
+
+  __declspec(naked) __inline sqlite_uint64 __cdecl sqlite3Hwtime(void){
+     __asm {
+        rdtsc
+        ret       ; return value at EDX:EAX
+     }
+  }
+
+  #endif
+
+#elif (defined(__GNUC__) && defined(__x86_64__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long val;
+      __asm__ __volatile__ ("rdtsc" : "=A" (val));
+      return val;
+  }
+ 
+#elif (defined(__GNUC__) && defined(__ppc__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long long retval;
+      unsigned long junk;
+      __asm__ __volatile__ ("\n\
+          1:      mftbu   %1\n\
+                  mftb    %L0\n\
+                  mftbu   %0\n\
+                  cmpw    %0,%1\n\
+                  bne     1b"
+                  : "=r" (retval), "=r" (junk));
+      return retval;
+  }
+
+#else
+
+  #error Need implementation of sqlite3Hwtime() for your platform.
+
+  /*
+  ** To compile without implementing sqlite3Hwtime() for your platform,
+  ** you can remove the above #error and use the following
+  ** stub function.  You will lose timing support for many
+  ** of the debugging and testing utilities, but it should at
+  ** least compile and run.
+  */
+SQLITE_PRIVATE   sqlite_uint64 sqlite3Hwtime(void){ return ((sqlite_uint64)0); }
+
+#endif
+
+#endif /* !defined(_HWTIME_H_) */
+
+/************** End of hwtime.h **********************************************/
+/************** Continuing where we left off in os_common.h ******************/
+
+static sqlite_uint64 g_start;
+static sqlite_uint64 g_elapsed;
+#define TIMER_START       g_start=sqlite3Hwtime()
+#define TIMER_END         g_elapsed=sqlite3Hwtime()-g_start
+#define TIMER_ELAPSED     g_elapsed
+#else
+#define TIMER_START
+#define TIMER_END
+#define TIMER_ELAPSED     ((sqlite_uint64)0)
+#endif
+
+/*
+** If we compile with the SQLITE_TEST macro set, then the following block
+** of code will give us the ability to simulate a disk I/O error.  This
+** is used for testing the I/O recovery logic.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_io_error_hit = 0;            /* Total number of I/O Errors */
+SQLITE_API int sqlite3_io_error_hardhit = 0;        /* Number of non-benign errors */
+SQLITE_API int sqlite3_io_error_pending = 0;        /* Count down to first I/O error */
+SQLITE_API int sqlite3_io_error_persist = 0;        /* True if I/O errors persist */
+SQLITE_API int sqlite3_io_error_benign = 0;         /* True if errors are benign */
+SQLITE_API int sqlite3_diskfull_pending = 0;
+SQLITE_API int sqlite3_diskfull = 0;
+#define SimulateIOErrorBenign(X) sqlite3_io_error_benign=(X)
+#define SimulateIOError(CODE)  \
+  if( (sqlite3_io_error_persist && sqlite3_io_error_hit) \
+       || sqlite3_io_error_pending-- == 1 )  \
+              { local_ioerr(); CODE; }
+static void local_ioerr(){
+  IOTRACE(("IOERR\n"));
+  sqlite3_io_error_hit++;
+  if( !sqlite3_io_error_benign ) sqlite3_io_error_hardhit++;
+}
+#define SimulateDiskfullError(CODE) \
+   if( sqlite3_diskfull_pending ){ \
+     if( sqlite3_diskfull_pending == 1 ){ \
+       local_ioerr(); \
+       sqlite3_diskfull = 1; \
+       sqlite3_io_error_hit = 1; \
+       CODE; \
+     }else{ \
+       sqlite3_diskfull_pending--; \
+     } \
+   }
+#else
+#define SimulateIOErrorBenign(X)
+#define SimulateIOError(A)
+#define SimulateDiskfullError(A)
+#endif
+
+/*
+** When testing, keep a count of the number of open files.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_open_file_count = 0;
+#define OpenCounter(X)  sqlite3_open_file_count+=(X)
+#else
+#define OpenCounter(X)
+#endif
+
+#endif /* !defined(_OS_COMMON_H_) */
+
+/************** End of os_common.h *******************************************/
+/************** Continuing where we left off in os_win.c *********************/
+
+/*
+** Include the header file for the Windows VFS.
+*/
+/* #include "os_win.h" */
+
+/*
+** Compiling and using WAL mode requires several APIs that are only
+** available in Windows platforms based on the NT kernel.
+*/
+#if !SQLITE_OS_WINNT && !defined(SQLITE_OMIT_WAL)
+#  error "WAL mode requires support from the Windows NT kernel, compile\
+ with SQLITE_OMIT_WAL."
+#endif
+
+#if !SQLITE_OS_WINNT && SQLITE_MAX_MMAP_SIZE>0
+#  error "Memory mapped files require support from the Windows NT kernel,\
+ compile with SQLITE_MAX_MMAP_SIZE=0."
+#endif
+
+/*
+** Are most of the Win32 ANSI APIs available (i.e. with certain exceptions
+** based on the sub-platform)?
+*/
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && !defined(SQLITE_WIN32_NO_ANSI)
+#  define SQLITE_WIN32_HAS_ANSI
+#endif
+
+/*
+** Are most of the Win32 Unicode APIs available (i.e. with certain exceptions
+** based on the sub-platform)?
+*/
+#if (SQLITE_OS_WINCE || SQLITE_OS_WINNT || SQLITE_OS_WINRT) && \
+    !defined(SQLITE_WIN32_NO_WIDE)
+#  define SQLITE_WIN32_HAS_WIDE
+#endif
+
+/*
+** Make sure at least one set of Win32 APIs is available.
+*/
+#if !defined(SQLITE_WIN32_HAS_ANSI) && !defined(SQLITE_WIN32_HAS_WIDE)
+#  error "At least one of SQLITE_WIN32_HAS_ANSI and SQLITE_WIN32_HAS_WIDE\
+ must be defined."
+#endif
+
+/*
+** Define the required Windows SDK version constants if they are not
+** already available.
+*/
+#ifndef NTDDI_WIN8
+#  define NTDDI_WIN8                        0x06020000
+#endif
+
+#ifndef NTDDI_WINBLUE
+#  define NTDDI_WINBLUE                     0x06030000
+#endif
+
+/*
+** Check to see if the GetVersionEx[AW] functions are deprecated on the
+** target system.  GetVersionEx was first deprecated in Win8.1.
+*/
+#ifndef SQLITE_WIN32_GETVERSIONEX
+#  if defined(NTDDI_VERSION) && NTDDI_VERSION >= NTDDI_WINBLUE
+#    define SQLITE_WIN32_GETVERSIONEX   0   /* GetVersionEx() is deprecated */
+#  else
+#    define SQLITE_WIN32_GETVERSIONEX   1   /* GetVersionEx() is current */
+#  endif
+#endif
+
+/*
+** This constant should already be defined (in the "WinDef.h" SDK file).
+*/
+#ifndef MAX_PATH
+#  define MAX_PATH                      (260)
+#endif
+
+/*
+** Maximum pathname length (in chars) for Win32.  This should normally be
+** MAX_PATH.
+*/
+#ifndef SQLITE_WIN32_MAX_PATH_CHARS
+#  define SQLITE_WIN32_MAX_PATH_CHARS   (MAX_PATH)
+#endif
+
+/*
+** This constant should already be defined (in the "WinNT.h" SDK file).
+*/
+#ifndef UNICODE_STRING_MAX_CHARS
+#  define UNICODE_STRING_MAX_CHARS      (32767)
+#endif
+
+/*
+** Maximum pathname length (in chars) for WinNT.  This should normally be
+** UNICODE_STRING_MAX_CHARS.
+*/
+#ifndef SQLITE_WINNT_MAX_PATH_CHARS
+#  define SQLITE_WINNT_MAX_PATH_CHARS   (UNICODE_STRING_MAX_CHARS)
+#endif
+
+/*
+** Maximum pathname length (in bytes) for Win32.  The MAX_PATH macro is in
+** characters, so we allocate 4 bytes per character assuming worst-case of
+** 4-bytes-per-character for UTF8.
+*/
+#ifndef SQLITE_WIN32_MAX_PATH_BYTES
+#  define SQLITE_WIN32_MAX_PATH_BYTES   (SQLITE_WIN32_MAX_PATH_CHARS*4)
+#endif
+
+/*
+** Maximum pathname length (in bytes) for WinNT.  This should normally be
+** UNICODE_STRING_MAX_CHARS * sizeof(WCHAR).
+*/
+#ifndef SQLITE_WINNT_MAX_PATH_BYTES
+#  define SQLITE_WINNT_MAX_PATH_BYTES   \
+                            (sizeof(WCHAR) * SQLITE_WINNT_MAX_PATH_CHARS)
+#endif
+
+/*
+** Maximum error message length (in chars) for WinRT.
+*/
+#ifndef SQLITE_WIN32_MAX_ERRMSG_CHARS
+#  define SQLITE_WIN32_MAX_ERRMSG_CHARS (1024)
+#endif
+
+/*
+** Returns non-zero if the character should be treated as a directory
+** separator.
+*/
+#ifndef winIsDirSep
+#  define winIsDirSep(a)                (((a) == '/') || ((a) == '\\'))
+#endif
+
+/*
+** This macro is used when a local variable is set to a value that is
+** [sometimes] not used by the code (e.g. via conditional compilation).
+*/
+#ifndef UNUSED_VARIABLE_VALUE
+#  define UNUSED_VARIABLE_VALUE(x)      (void)(x)
+#endif
+
+/*
+** Returns the character that should be used as the directory separator.
+*/
+#ifndef winGetDirSep
+#  define winGetDirSep()                '\\'
+#endif
+
+/*
+** Do we need to manually define the Win32 file mapping APIs for use with WAL
+** mode or memory mapped files (e.g. these APIs are available in the Windows
+** CE SDK; however, they are not present in the header file)?
+*/
+#if SQLITE_WIN32_FILEMAPPING_API && \
+        (!defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0)
+/*
+** Two of the file mapping APIs are different under WinRT.  Figure out which
+** set we need.
+*/
+#if SQLITE_OS_WINRT
+WINBASEAPI HANDLE WINAPI CreateFileMappingFromApp(HANDLE, \
+        LPSECURITY_ATTRIBUTES, ULONG, ULONG64, LPCWSTR);
+
+WINBASEAPI LPVOID WINAPI MapViewOfFileFromApp(HANDLE, ULONG, ULONG64, SIZE_T);
+#else
+#if defined(SQLITE_WIN32_HAS_ANSI)
+WINBASEAPI HANDLE WINAPI CreateFileMappingA(HANDLE, LPSECURITY_ATTRIBUTES, \
+        DWORD, DWORD, DWORD, LPCSTR);
+#endif /* defined(SQLITE_WIN32_HAS_ANSI) */
+
+#if defined(SQLITE_WIN32_HAS_WIDE)
+WINBASEAPI HANDLE WINAPI CreateFileMappingW(HANDLE, LPSECURITY_ATTRIBUTES, \
+        DWORD, DWORD, DWORD, LPCWSTR);
+#endif /* defined(SQLITE_WIN32_HAS_WIDE) */
+
+WINBASEAPI LPVOID WINAPI MapViewOfFile(HANDLE, DWORD, DWORD, DWORD, SIZE_T);
+#endif /* SQLITE_OS_WINRT */
+
+/*
+** These file mapping APIs are common to both Win32 and WinRT.
+*/
+
+WINBASEAPI BOOL WINAPI FlushViewOfFile(LPCVOID, SIZE_T);
+WINBASEAPI BOOL WINAPI UnmapViewOfFile(LPCVOID);
+#endif /* SQLITE_WIN32_FILEMAPPING_API */
+
+/*
+** Some Microsoft compilers lack this definition.
+*/
+#ifndef INVALID_FILE_ATTRIBUTES
+# define INVALID_FILE_ATTRIBUTES ((DWORD)-1)
+#endif
+
+#ifndef FILE_FLAG_MASK
+# define FILE_FLAG_MASK          (0xFF3C0000)
+#endif
+
+#ifndef FILE_ATTRIBUTE_MASK
+# define FILE_ATTRIBUTE_MASK     (0x0003FFF7)
+#endif
+
+#ifndef SQLITE_OMIT_WAL
+/* Forward references to structures used for WAL */
+typedef struct winShm winShm;           /* A connection to shared-memory */
+typedef struct winShmNode winShmNode;   /* A region of shared-memory */
+#endif
+
+/*
+** WinCE lacks native support for file locking so we have to fake it
+** with some code of our own.
+*/
+#if SQLITE_OS_WINCE
+typedef struct winceLock {
+  int nReaders;       /* Number of reader locks obtained */
+  BOOL bPending;      /* Indicates a pending lock has been obtained */
+  BOOL bReserved;     /* Indicates a reserved lock has been obtained */
+  BOOL bExclusive;    /* Indicates an exclusive lock has been obtained */
+} winceLock;
+#endif
+
+/*
+** The winFile structure is a subclass of sqlite3_file* specific to the win32
+** portability layer.
+*/
+typedef struct winFile winFile;
+struct winFile {
+  const sqlite3_io_methods *pMethod; /*** Must be first ***/
+  sqlite3_vfs *pVfs;      /* The VFS used to open this file */
+  HANDLE h;               /* Handle for accessing the file */
+  u8 locktype;            /* Type of lock currently held on this file */
+  short sharedLockByte;   /* Randomly chosen byte used as a shared lock */
+  u8 ctrlFlags;           /* Flags.  See WINFILE_* below */
+  DWORD lastErrno;        /* The Windows errno from the last I/O error */
+#ifndef SQLITE_OMIT_WAL
+  winShm *pShm;           /* Instance of shared memory on this file */
+#endif
+  const char *zPath;      /* Full pathname of this file */
+  int szChunk;            /* Chunk size configured by FCNTL_CHUNK_SIZE */
+#if SQLITE_OS_WINCE
+  LPWSTR zDeleteOnClose;  /* Name of file to delete when closing */
+  HANDLE hMutex;          /* Mutex used to control access to shared lock */
+  HANDLE hShared;         /* Shared memory segment used for locking */
+  winceLock local;        /* Locks obtained by this instance of winFile */
+  winceLock *shared;      /* Global shared lock memory for the file  */
+#endif
+#if SQLITE_MAX_MMAP_SIZE>0
+  int nFetchOut;                /* Number of outstanding xFetch references */
+  HANDLE hMap;                  /* Handle for accessing memory mapping */
+  void *pMapRegion;             /* Area memory mapped */
+  sqlite3_int64 mmapSize;       /* Usable size of mapped region */
+  sqlite3_int64 mmapSizeActual; /* Actual size of mapped region */
+  sqlite3_int64 mmapSizeMax;    /* Configured FCNTL_MMAP_SIZE value */
+#endif
+};
+
+/*
+** Allowed values for winFile.ctrlFlags
+*/
+#define WINFILE_RDONLY          0x02   /* Connection is read only */
+#define WINFILE_PERSIST_WAL     0x04   /* Persistent WAL mode */
+#define WINFILE_PSOW            0x10   /* SQLITE_IOCAP_POWERSAFE_OVERWRITE */
+
+/*
+ * The size of the buffer used by sqlite3_win32_write_debug().
+ */
+#ifndef SQLITE_WIN32_DBG_BUF_SIZE
+#  define SQLITE_WIN32_DBG_BUF_SIZE   ((int)(4096-sizeof(DWORD)))
+#endif
+
+/*
+ * The value used with sqlite3_win32_set_directory() to specify that
+ * the data directory should be changed.
+ */
+#ifndef SQLITE_WIN32_DATA_DIRECTORY_TYPE
+#  define SQLITE_WIN32_DATA_DIRECTORY_TYPE (1)
+#endif
+
+/*
+ * The value used with sqlite3_win32_set_directory() to specify that
+ * the temporary directory should be changed.
+ */
+#ifndef SQLITE_WIN32_TEMP_DIRECTORY_TYPE
+#  define SQLITE_WIN32_TEMP_DIRECTORY_TYPE (2)
+#endif
+
+/*
+ * If compiled with SQLITE_WIN32_MALLOC on Windows, we will use the
+ * various Win32 API heap functions instead of our own.
+ */
+#ifdef SQLITE_WIN32_MALLOC
+
+/*
+ * If this is non-zero, an isolated heap will be created by the native Win32
+ * allocator subsystem; otherwise, the default process heap will be used.  This
+ * setting has no effect when compiling for WinRT.  By default, this is enabled
+ * and an isolated heap will be created to store all allocated data.
+ *
+ ******************************************************************************
+ * WARNING: It is important to note that when this setting is non-zero and the
+ *          winMemShutdown function is called (e.g. by the sqlite3_shutdown
+ *          function), all data that was allocated using the isolated heap will
+ *          be freed immediately and any attempt to access any of that freed
+ *          data will almost certainly result in an immediate access violation.
+ ******************************************************************************
+ */
+#ifndef SQLITE_WIN32_HEAP_CREATE
+#  define SQLITE_WIN32_HEAP_CREATE    (TRUE)
+#endif
+
+/*
+ * The initial size of the Win32-specific heap.  This value may be zero.
+ */
+#ifndef SQLITE_WIN32_HEAP_INIT_SIZE
+#  define SQLITE_WIN32_HEAP_INIT_SIZE ((SQLITE_DEFAULT_CACHE_SIZE) * \
+                                       (SQLITE_DEFAULT_PAGE_SIZE) + 4194304)
+#endif
+
+/*
+ * The maximum size of the Win32-specific heap.  This value may be zero.
+ */
+#ifndef SQLITE_WIN32_HEAP_MAX_SIZE
+#  define SQLITE_WIN32_HEAP_MAX_SIZE  (0)
+#endif
+
+/*
+ * The extra flags to use in calls to the Win32 heap APIs.  This value may be
+ * zero for the default behavior.
+ */
+#ifndef SQLITE_WIN32_HEAP_FLAGS
+#  define SQLITE_WIN32_HEAP_FLAGS     (0)
+#endif
+
+
+/*
+** The winMemData structure stores information required by the Win32-specific
+** sqlite3_mem_methods implementation.
+*/
+typedef struct winMemData winMemData;
+struct winMemData {
+#ifndef NDEBUG
+  u32 magic1;   /* Magic number to detect structure corruption. */
+#endif
+  HANDLE hHeap; /* The handle to our heap. */
+  BOOL bOwned;  /* Do we own the heap (i.e. destroy it on shutdown)? */
+#ifndef NDEBUG
+  u32 magic2;   /* Magic number to detect structure corruption. */
+#endif
+};
+
+#ifndef NDEBUG
+#define WINMEM_MAGIC1     0x42b2830b
+#define WINMEM_MAGIC2     0xbd4d7cf4
+#endif
+
+static struct winMemData win_mem_data = {
+#ifndef NDEBUG
+  WINMEM_MAGIC1,
+#endif
+  NULL, FALSE
+#ifndef NDEBUG
+  ,WINMEM_MAGIC2
+#endif
+};
+
+#ifndef NDEBUG
+#define winMemAssertMagic1() assert( win_mem_data.magic1==WINMEM_MAGIC1 )
+#define winMemAssertMagic2() assert( win_mem_data.magic2==WINMEM_MAGIC2 )
+#define winMemAssertMagic()  winMemAssertMagic1(); winMemAssertMagic2();
+#else
+#define winMemAssertMagic()
+#endif
+
+#define winMemGetDataPtr()  &win_mem_data
+#define winMemGetHeap()     win_mem_data.hHeap
+#define winMemGetOwned()    win_mem_data.bOwned
+
+static void *winMemMalloc(int nBytes);
+static void winMemFree(void *pPrior);
+static void *winMemRealloc(void *pPrior, int nBytes);
+static int winMemSize(void *p);
+static int winMemRoundup(int n);
+static int winMemInit(void *pAppData);
+static void winMemShutdown(void *pAppData);
+
+SQLITE_PRIVATE const sqlite3_mem_methods *sqlite3MemGetWin32(void);
+#endif /* SQLITE_WIN32_MALLOC */
+
+/*
+** The following variable is (normally) set once and never changes
+** thereafter.  It records whether the operating system is Win9x
+** or WinNT.
+**
+** 0:   Operating system unknown.
+** 1:   Operating system is Win9x.
+** 2:   Operating system is WinNT.
+**
+** In order to facilitate testing on a WinNT system, the test fixture
+** can manually set this value to 1 to emulate Win98 behavior.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API LONG SQLITE_WIN32_VOLATILE sqlite3_os_type = 0;
+#else
+static LONG SQLITE_WIN32_VOLATILE sqlite3_os_type = 0;
+#endif
+
+#ifndef SYSCALL
+#  define SYSCALL sqlite3_syscall_ptr
+#endif
+
+/*
+** This function is not available on Windows CE or WinRT.
+ */
+
+#if SQLITE_OS_WINCE || SQLITE_OS_WINRT
+#  define osAreFileApisANSI()       1
+#endif
+
+/*
+** Many system calls are accessed through pointer-to-functions so that
+** they may be overridden at runtime to facilitate fault injection during
+** testing and sandboxing.  The following array holds the names and pointers
+** to all overrideable system calls.
+*/
+static struct win_syscall {
+  const char *zName;            /* Name of the system call */
+  sqlite3_syscall_ptr pCurrent; /* Current value of the system call */
+  sqlite3_syscall_ptr pDefault; /* Default value */
+} aSyscall[] = {
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
+  { "AreFileApisANSI",         (SYSCALL)AreFileApisANSI,         0 },
+#else
+  { "AreFileApisANSI",         (SYSCALL)0,                       0 },
+#endif
+
+#ifndef osAreFileApisANSI
+#define osAreFileApisANSI ((BOOL(WINAPI*)(VOID))aSyscall[0].pCurrent)
+#endif
+
+#if SQLITE_OS_WINCE && defined(SQLITE_WIN32_HAS_WIDE)
+  { "CharLowerW",              (SYSCALL)CharLowerW,              0 },
+#else
+  { "CharLowerW",              (SYSCALL)0,                       0 },
+#endif
+
+#define osCharLowerW ((LPWSTR(WINAPI*)(LPWSTR))aSyscall[1].pCurrent)
+
+#if SQLITE_OS_WINCE && defined(SQLITE_WIN32_HAS_WIDE)
+  { "CharUpperW",              (SYSCALL)CharUpperW,              0 },
+#else
+  { "CharUpperW",              (SYSCALL)0,                       0 },
+#endif
+
+#define osCharUpperW ((LPWSTR(WINAPI*)(LPWSTR))aSyscall[2].pCurrent)
+
+  { "CloseHandle",             (SYSCALL)CloseHandle,             0 },
+
+#define osCloseHandle ((BOOL(WINAPI*)(HANDLE))aSyscall[3].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI)
+  { "CreateFileA",             (SYSCALL)CreateFileA,             0 },
+#else
+  { "CreateFileA",             (SYSCALL)0,                       0 },
+#endif
+
+#define osCreateFileA ((HANDLE(WINAPI*)(LPCSTR,DWORD,DWORD, \
+        LPSECURITY_ATTRIBUTES,DWORD,DWORD,HANDLE))aSyscall[4].pCurrent)
+
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE)
+  { "CreateFileW",             (SYSCALL)CreateFileW,             0 },
+#else
+  { "CreateFileW",             (SYSCALL)0,                       0 },
+#endif
+
+#define osCreateFileW ((HANDLE(WINAPI*)(LPCWSTR,DWORD,DWORD, \
+        LPSECURITY_ATTRIBUTES,DWORD,DWORD,HANDLE))aSyscall[5].pCurrent)
+
+#if (!SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_ANSI) && \
+        (!defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0))
+  { "CreateFileMappingA",      (SYSCALL)CreateFileMappingA,      0 },
+#else
+  { "CreateFileMappingA",      (SYSCALL)0,                       0 },
+#endif
+
+#define osCreateFileMappingA ((HANDLE(WINAPI*)(HANDLE,LPSECURITY_ATTRIBUTES, \
+        DWORD,DWORD,DWORD,LPCSTR))aSyscall[6].pCurrent)
+
+#if SQLITE_OS_WINCE || (!SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE) && \
+        (!defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0))
+  { "CreateFileMappingW",      (SYSCALL)CreateFileMappingW,      0 },
+#else
+  { "CreateFileMappingW",      (SYSCALL)0,                       0 },
+#endif
+
+#define osCreateFileMappingW ((HANDLE(WINAPI*)(HANDLE,LPSECURITY_ATTRIBUTES, \
+        DWORD,DWORD,DWORD,LPCWSTR))aSyscall[7].pCurrent)
+
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE)
+  { "CreateMutexW",            (SYSCALL)CreateMutexW,            0 },
+#else
+  { "CreateMutexW",            (SYSCALL)0,                       0 },
+#endif
+
+#define osCreateMutexW ((HANDLE(WINAPI*)(LPSECURITY_ATTRIBUTES,BOOL, \
+        LPCWSTR))aSyscall[8].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI)
+  { "DeleteFileA",             (SYSCALL)DeleteFileA,             0 },
+#else
+  { "DeleteFileA",             (SYSCALL)0,                       0 },
+#endif
+
+#define osDeleteFileA ((BOOL(WINAPI*)(LPCSTR))aSyscall[9].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_WIDE)
+  { "DeleteFileW",             (SYSCALL)DeleteFileW,             0 },
+#else
+  { "DeleteFileW",             (SYSCALL)0,                       0 },
+#endif
+
+#define osDeleteFileW ((BOOL(WINAPI*)(LPCWSTR))aSyscall[10].pCurrent)
+
+#if SQLITE_OS_WINCE
+  { "FileTimeToLocalFileTime", (SYSCALL)FileTimeToLocalFileTime, 0 },
+#else
+  { "FileTimeToLocalFileTime", (SYSCALL)0,                       0 },
+#endif
+
+#define osFileTimeToLocalFileTime ((BOOL(WINAPI*)(CONST FILETIME*, \
+        LPFILETIME))aSyscall[11].pCurrent)
+
+#if SQLITE_OS_WINCE
+  { "FileTimeToSystemTime",    (SYSCALL)FileTimeToSystemTime,    0 },
+#else
+  { "FileTimeToSystemTime",    (SYSCALL)0,                       0 },
+#endif
+
+#define osFileTimeToSystemTime ((BOOL(WINAPI*)(CONST FILETIME*, \
+        LPSYSTEMTIME))aSyscall[12].pCurrent)
+
+  { "FlushFileBuffers",        (SYSCALL)FlushFileBuffers,        0 },
+
+#define osFlushFileBuffers ((BOOL(WINAPI*)(HANDLE))aSyscall[13].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI)
+  { "FormatMessageA",          (SYSCALL)FormatMessageA,          0 },
+#else
+  { "FormatMessageA",          (SYSCALL)0,                       0 },
+#endif
+
+#define osFormatMessageA ((DWORD(WINAPI*)(DWORD,LPCVOID,DWORD,DWORD,LPSTR, \
+        DWORD,va_list*))aSyscall[14].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_WIDE)
+  { "FormatMessageW",          (SYSCALL)FormatMessageW,          0 },
+#else
+  { "FormatMessageW",          (SYSCALL)0,                       0 },
+#endif
+
+#define osFormatMessageW ((DWORD(WINAPI*)(DWORD,LPCVOID,DWORD,DWORD,LPWSTR, \
+        DWORD,va_list*))aSyscall[15].pCurrent)
+
+#if !defined(SQLITE_OMIT_LOAD_EXTENSION)
+  { "FreeLibrary",             (SYSCALL)FreeLibrary,             0 },
+#else
+  { "FreeLibrary",             (SYSCALL)0,                       0 },
+#endif
+
+#define osFreeLibrary ((BOOL(WINAPI*)(HMODULE))aSyscall[16].pCurrent)
+
+  { "GetCurrentProcessId",     (SYSCALL)GetCurrentProcessId,     0 },
+
+#define osGetCurrentProcessId ((DWORD(WINAPI*)(VOID))aSyscall[17].pCurrent)
+
+#if !SQLITE_OS_WINCE && defined(SQLITE_WIN32_HAS_ANSI)
+  { "GetDiskFreeSpaceA",       (SYSCALL)GetDiskFreeSpaceA,       0 },
+#else
+  { "GetDiskFreeSpaceA",       (SYSCALL)0,                       0 },
+#endif
+
+#define osGetDiskFreeSpaceA ((BOOL(WINAPI*)(LPCSTR,LPDWORD,LPDWORD,LPDWORD, \
+        LPDWORD))aSyscall[18].pCurrent)
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE)
+  { "GetDiskFreeSpaceW",       (SYSCALL)GetDiskFreeSpaceW,       0 },
+#else
+  { "GetDiskFreeSpaceW",       (SYSCALL)0,                       0 },
+#endif
+
+#define osGetDiskFreeSpaceW ((BOOL(WINAPI*)(LPCWSTR,LPDWORD,LPDWORD,LPDWORD, \
+        LPDWORD))aSyscall[19].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI)
+  { "GetFileAttributesA",      (SYSCALL)GetFileAttributesA,      0 },
+#else
+  { "GetFileAttributesA",      (SYSCALL)0,                       0 },
+#endif
+
+#define osGetFileAttributesA ((DWORD(WINAPI*)(LPCSTR))aSyscall[20].pCurrent)
+
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE)
+  { "GetFileAttributesW",      (SYSCALL)GetFileAttributesW,      0 },
+#else
+  { "GetFileAttributesW",      (SYSCALL)0,                       0 },
+#endif
+
+#define osGetFileAttributesW ((DWORD(WINAPI*)(LPCWSTR))aSyscall[21].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_WIDE)
+  { "GetFileAttributesExW",    (SYSCALL)GetFileAttributesExW,    0 },
+#else
+  { "GetFileAttributesExW",    (SYSCALL)0,                       0 },
+#endif
+
+#define osGetFileAttributesExW ((BOOL(WINAPI*)(LPCWSTR,GET_FILEEX_INFO_LEVELS, \
+        LPVOID))aSyscall[22].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "GetFileSize",             (SYSCALL)GetFileSize,             0 },
+#else
+  { "GetFileSize",             (SYSCALL)0,                       0 },
+#endif
+
+#define osGetFileSize ((DWORD(WINAPI*)(HANDLE,LPDWORD))aSyscall[23].pCurrent)
+
+#if !SQLITE_OS_WINCE && defined(SQLITE_WIN32_HAS_ANSI)
+  { "GetFullPathNameA",        (SYSCALL)GetFullPathNameA,        0 },
+#else
+  { "GetFullPathNameA",        (SYSCALL)0,                       0 },
+#endif
+
+#define osGetFullPathNameA ((DWORD(WINAPI*)(LPCSTR,DWORD,LPSTR, \
+        LPSTR*))aSyscall[24].pCurrent)
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE)
+  { "GetFullPathNameW",        (SYSCALL)GetFullPathNameW,        0 },
+#else
+  { "GetFullPathNameW",        (SYSCALL)0,                       0 },
+#endif
+
+#define osGetFullPathNameW ((DWORD(WINAPI*)(LPCWSTR,DWORD,LPWSTR, \
+        LPWSTR*))aSyscall[25].pCurrent)
+
+  { "GetLastError",            (SYSCALL)GetLastError,            0 },
+
+#define osGetLastError ((DWORD(WINAPI*)(VOID))aSyscall[26].pCurrent)
+
+#if !defined(SQLITE_OMIT_LOAD_EXTENSION)
+#if SQLITE_OS_WINCE
+  /* The GetProcAddressA() routine is only available on Windows CE. */
+  { "GetProcAddressA",         (SYSCALL)GetProcAddressA,         0 },
+#else
+  /* All other Windows platforms expect GetProcAddress() to take
+  ** an ANSI string regardless of the _UNICODE setting */
+  { "GetProcAddressA",         (SYSCALL)GetProcAddress,          0 },
+#endif
+#else
+  { "GetProcAddressA",         (SYSCALL)0,                       0 },
+#endif
+
+#define osGetProcAddressA ((FARPROC(WINAPI*)(HMODULE, \
+        LPCSTR))aSyscall[27].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "GetSystemInfo",           (SYSCALL)GetSystemInfo,           0 },
+#else
+  { "GetSystemInfo",           (SYSCALL)0,                       0 },
+#endif
+
+#define osGetSystemInfo ((VOID(WINAPI*)(LPSYSTEM_INFO))aSyscall[28].pCurrent)
+
+  { "GetSystemTime",           (SYSCALL)GetSystemTime,           0 },
+
+#define osGetSystemTime ((VOID(WINAPI*)(LPSYSTEMTIME))aSyscall[29].pCurrent)
+
+#if !SQLITE_OS_WINCE
+  { "GetSystemTimeAsFileTime", (SYSCALL)GetSystemTimeAsFileTime, 0 },
+#else
+  { "GetSystemTimeAsFileTime", (SYSCALL)0,                       0 },
+#endif
+
+#define osGetSystemTimeAsFileTime ((VOID(WINAPI*)( \
+        LPFILETIME))aSyscall[30].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI)
+  { "GetTempPathA",            (SYSCALL)GetTempPathA,            0 },
+#else
+  { "GetTempPathA",            (SYSCALL)0,                       0 },
+#endif
+
+#define osGetTempPathA ((DWORD(WINAPI*)(DWORD,LPSTR))aSyscall[31].pCurrent)
+
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE)
+  { "GetTempPathW",            (SYSCALL)GetTempPathW,            0 },
+#else
+  { "GetTempPathW",            (SYSCALL)0,                       0 },
+#endif
+
+#define osGetTempPathW ((DWORD(WINAPI*)(DWORD,LPWSTR))aSyscall[32].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "GetTickCount",            (SYSCALL)GetTickCount,            0 },
+#else
+  { "GetTickCount",            (SYSCALL)0,                       0 },
+#endif
+
+#define osGetTickCount ((DWORD(WINAPI*)(VOID))aSyscall[33].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI) && defined(SQLITE_WIN32_GETVERSIONEX) && \
+        SQLITE_WIN32_GETVERSIONEX
+  { "GetVersionExA",           (SYSCALL)GetVersionExA,           0 },
+#else
+  { "GetVersionExA",           (SYSCALL)0,                       0 },
+#endif
+
+#define osGetVersionExA ((BOOL(WINAPI*)( \
+        LPOSVERSIONINFOA))aSyscall[34].pCurrent)
+
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE) && \
+        defined(SQLITE_WIN32_GETVERSIONEX) && SQLITE_WIN32_GETVERSIONEX
+  { "GetVersionExW",           (SYSCALL)GetVersionExW,           0 },
+#else
+  { "GetVersionExW",           (SYSCALL)0,                       0 },
+#endif
+
+#define osGetVersionExW ((BOOL(WINAPI*)( \
+        LPOSVERSIONINFOW))aSyscall[35].pCurrent)
+
+  { "HeapAlloc",               (SYSCALL)HeapAlloc,               0 },
+
+#define osHeapAlloc ((LPVOID(WINAPI*)(HANDLE,DWORD, \
+        SIZE_T))aSyscall[36].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "HeapCreate",              (SYSCALL)HeapCreate,              0 },
+#else
+  { "HeapCreate",              (SYSCALL)0,                       0 },
+#endif
+
+#define osHeapCreate ((HANDLE(WINAPI*)(DWORD,SIZE_T, \
+        SIZE_T))aSyscall[37].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "HeapDestroy",             (SYSCALL)HeapDestroy,             0 },
+#else
+  { "HeapDestroy",             (SYSCALL)0,                       0 },
+#endif
+
+#define osHeapDestroy ((BOOL(WINAPI*)(HANDLE))aSyscall[38].pCurrent)
+
+  { "HeapFree",                (SYSCALL)HeapFree,                0 },
+
+#define osHeapFree ((BOOL(WINAPI*)(HANDLE,DWORD,LPVOID))aSyscall[39].pCurrent)
+
+  { "HeapReAlloc",             (SYSCALL)HeapReAlloc,             0 },
+
+#define osHeapReAlloc ((LPVOID(WINAPI*)(HANDLE,DWORD,LPVOID, \
+        SIZE_T))aSyscall[40].pCurrent)
+
+  { "HeapSize",                (SYSCALL)HeapSize,                0 },
+
+#define osHeapSize ((SIZE_T(WINAPI*)(HANDLE,DWORD, \
+        LPCVOID))aSyscall[41].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "HeapValidate",            (SYSCALL)HeapValidate,            0 },
+#else
+  { "HeapValidate",            (SYSCALL)0,                       0 },
+#endif
+
+#define osHeapValidate ((BOOL(WINAPI*)(HANDLE,DWORD, \
+        LPCVOID))aSyscall[42].pCurrent)
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
+  { "HeapCompact",             (SYSCALL)HeapCompact,             0 },
+#else
+  { "HeapCompact",             (SYSCALL)0,                       0 },
+#endif
+
+#define osHeapCompact ((UINT(WINAPI*)(HANDLE,DWORD))aSyscall[43].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI) && !defined(SQLITE_OMIT_LOAD_EXTENSION)
+  { "LoadLibraryA",            (SYSCALL)LoadLibraryA,            0 },
+#else
+  { "LoadLibraryA",            (SYSCALL)0,                       0 },
+#endif
+
+#define osLoadLibraryA ((HMODULE(WINAPI*)(LPCSTR))aSyscall[44].pCurrent)
+
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_HAS_WIDE) && \
+        !defined(SQLITE_OMIT_LOAD_EXTENSION)
+  { "LoadLibraryW",            (SYSCALL)LoadLibraryW,            0 },
+#else
+  { "LoadLibraryW",            (SYSCALL)0,                       0 },
+#endif
+
+#define osLoadLibraryW ((HMODULE(WINAPI*)(LPCWSTR))aSyscall[45].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "LocalFree",               (SYSCALL)LocalFree,               0 },
+#else
+  { "LocalFree",               (SYSCALL)0,                       0 },
+#endif
+
+#define osLocalFree ((HLOCAL(WINAPI*)(HLOCAL))aSyscall[46].pCurrent)
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
+  { "LockFile",                (SYSCALL)LockFile,                0 },
+#else
+  { "LockFile",                (SYSCALL)0,                       0 },
+#endif
+
+#ifndef osLockFile
+#define osLockFile ((BOOL(WINAPI*)(HANDLE,DWORD,DWORD,DWORD, \
+        DWORD))aSyscall[47].pCurrent)
+#endif
+
+#if !SQLITE_OS_WINCE
+  { "LockFileEx",              (SYSCALL)LockFileEx,              0 },
+#else
+  { "LockFileEx",              (SYSCALL)0,                       0 },
+#endif
+
+#ifndef osLockFileEx
+#define osLockFileEx ((BOOL(WINAPI*)(HANDLE,DWORD,DWORD,DWORD,DWORD, \
+        LPOVERLAPPED))aSyscall[48].pCurrent)
+#endif
+
+#if SQLITE_OS_WINCE || (!SQLITE_OS_WINRT && \
+        (!defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0))
+  { "MapViewOfFile",           (SYSCALL)MapViewOfFile,           0 },
+#else
+  { "MapViewOfFile",           (SYSCALL)0,                       0 },
+#endif
+
+#define osMapViewOfFile ((LPVOID(WINAPI*)(HANDLE,DWORD,DWORD,DWORD, \
+        SIZE_T))aSyscall[49].pCurrent)
+
+  { "MultiByteToWideChar",     (SYSCALL)MultiByteToWideChar,     0 },
+
+#define osMultiByteToWideChar ((int(WINAPI*)(UINT,DWORD,LPCSTR,int,LPWSTR, \
+        int))aSyscall[50].pCurrent)
+
+  { "QueryPerformanceCounter", (SYSCALL)QueryPerformanceCounter, 0 },
+
+#define osQueryPerformanceCounter ((BOOL(WINAPI*)( \
+        LARGE_INTEGER*))aSyscall[51].pCurrent)
+
+  { "ReadFile",                (SYSCALL)ReadFile,                0 },
+
+#define osReadFile ((BOOL(WINAPI*)(HANDLE,LPVOID,DWORD,LPDWORD, \
+        LPOVERLAPPED))aSyscall[52].pCurrent)
+
+  { "SetEndOfFile",            (SYSCALL)SetEndOfFile,            0 },
+
+#define osSetEndOfFile ((BOOL(WINAPI*)(HANDLE))aSyscall[53].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "SetFilePointer",          (SYSCALL)SetFilePointer,          0 },
+#else
+  { "SetFilePointer",          (SYSCALL)0,                       0 },
+#endif
+
+#define osSetFilePointer ((DWORD(WINAPI*)(HANDLE,LONG,PLONG, \
+        DWORD))aSyscall[54].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "Sleep",                   (SYSCALL)Sleep,                   0 },
+#else
+  { "Sleep",                   (SYSCALL)0,                       0 },
+#endif
+
+#define osSleep ((VOID(WINAPI*)(DWORD))aSyscall[55].pCurrent)
+
+  { "SystemTimeToFileTime",    (SYSCALL)SystemTimeToFileTime,    0 },
+
+#define osSystemTimeToFileTime ((BOOL(WINAPI*)(CONST SYSTEMTIME*, \
+        LPFILETIME))aSyscall[56].pCurrent)
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
+  { "UnlockFile",              (SYSCALL)UnlockFile,              0 },
+#else
+  { "UnlockFile",              (SYSCALL)0,                       0 },
+#endif
+
+#ifndef osUnlockFile
+#define osUnlockFile ((BOOL(WINAPI*)(HANDLE,DWORD,DWORD,DWORD, \
+        DWORD))aSyscall[57].pCurrent)
+#endif
+
+#if !SQLITE_OS_WINCE
+  { "UnlockFileEx",            (SYSCALL)UnlockFileEx,            0 },
+#else
+  { "UnlockFileEx",            (SYSCALL)0,                       0 },
+#endif
+
+#define osUnlockFileEx ((BOOL(WINAPI*)(HANDLE,DWORD,DWORD,DWORD, \
+        LPOVERLAPPED))aSyscall[58].pCurrent)
+
+#if SQLITE_OS_WINCE || !defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0
+  { "UnmapViewOfFile",         (SYSCALL)UnmapViewOfFile,         0 },
+#else
+  { "UnmapViewOfFile",         (SYSCALL)0,                       0 },
+#endif
+
+#define osUnmapViewOfFile ((BOOL(WINAPI*)(LPCVOID))aSyscall[59].pCurrent)
+
+  { "WideCharToMultiByte",     (SYSCALL)WideCharToMultiByte,     0 },
+
+#define osWideCharToMultiByte ((int(WINAPI*)(UINT,DWORD,LPCWSTR,int,LPSTR,int, \
+        LPCSTR,LPBOOL))aSyscall[60].pCurrent)
+
+  { "WriteFile",               (SYSCALL)WriteFile,               0 },
+
+#define osWriteFile ((BOOL(WINAPI*)(HANDLE,LPCVOID,DWORD,LPDWORD, \
+        LPOVERLAPPED))aSyscall[61].pCurrent)
+
+#if SQLITE_OS_WINRT
+  { "CreateEventExW",          (SYSCALL)CreateEventExW,          0 },
+#else
+  { "CreateEventExW",          (SYSCALL)0,                       0 },
+#endif
+
+#define osCreateEventExW ((HANDLE(WINAPI*)(LPSECURITY_ATTRIBUTES,LPCWSTR, \
+        DWORD,DWORD))aSyscall[62].pCurrent)
+
+#if !SQLITE_OS_WINRT
+  { "WaitForSingleObject",     (SYSCALL)WaitForSingleObject,     0 },
+#else
+  { "WaitForSingleObject",     (SYSCALL)0,                       0 },
+#endif
+
+#define osWaitForSingleObject ((DWORD(WINAPI*)(HANDLE, \
+        DWORD))aSyscall[63].pCurrent)
+
+#if !SQLITE_OS_WINCE
+  { "WaitForSingleObjectEx",   (SYSCALL)WaitForSingleObjectEx,   0 },
+#else
+  { "WaitForSingleObjectEx",   (SYSCALL)0,                       0 },
+#endif
+
+#define osWaitForSingleObjectEx ((DWORD(WINAPI*)(HANDLE,DWORD, \
+        BOOL))aSyscall[64].pCurrent)
+
+#if SQLITE_OS_WINRT
+  { "SetFilePointerEx",        (SYSCALL)SetFilePointerEx,        0 },
+#else
+  { "SetFilePointerEx",        (SYSCALL)0,                       0 },
+#endif
+
+#define osSetFilePointerEx ((BOOL(WINAPI*)(HANDLE,LARGE_INTEGER, \
+        PLARGE_INTEGER,DWORD))aSyscall[65].pCurrent)
+
+#if SQLITE_OS_WINRT
+  { "GetFileInformationByHandleEx", (SYSCALL)GetFileInformationByHandleEx, 0 },
+#else
+  { "GetFileInformationByHandleEx", (SYSCALL)0,                  0 },
+#endif
+
+#define osGetFileInformationByHandleEx ((BOOL(WINAPI*)(HANDLE, \
+        FILE_INFO_BY_HANDLE_CLASS,LPVOID,DWORD))aSyscall[66].pCurrent)
+
+#if SQLITE_OS_WINRT && (!defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0)
+  { "MapViewOfFileFromApp",    (SYSCALL)MapViewOfFileFromApp,    0 },
+#else
+  { "MapViewOfFileFromApp",    (SYSCALL)0,                       0 },
+#endif
+
+#define osMapViewOfFileFromApp ((LPVOID(WINAPI*)(HANDLE,ULONG,ULONG64, \
+        SIZE_T))aSyscall[67].pCurrent)
+
+#if SQLITE_OS_WINRT
+  { "CreateFile2",             (SYSCALL)CreateFile2,             0 },
+#else
+  { "CreateFile2",             (SYSCALL)0,                       0 },
+#endif
+
+#define osCreateFile2 ((HANDLE(WINAPI*)(LPCWSTR,DWORD,DWORD,DWORD, \
+        LPCREATEFILE2_EXTENDED_PARAMETERS))aSyscall[68].pCurrent)
+
+#if SQLITE_OS_WINRT && !defined(SQLITE_OMIT_LOAD_EXTENSION)
+  { "LoadPackagedLibrary",     (SYSCALL)LoadPackagedLibrary,     0 },
+#else
+  { "LoadPackagedLibrary",     (SYSCALL)0,                       0 },
+#endif
+
+#define osLoadPackagedLibrary ((HMODULE(WINAPI*)(LPCWSTR, \
+        DWORD))aSyscall[69].pCurrent)
+
+#if SQLITE_OS_WINRT
+  { "GetTickCount64",          (SYSCALL)GetTickCount64,          0 },
+#else
+  { "GetTickCount64",          (SYSCALL)0,                       0 },
+#endif
+
+#define osGetTickCount64 ((ULONGLONG(WINAPI*)(VOID))aSyscall[70].pCurrent)
+
+#if SQLITE_OS_WINRT
+  { "GetNativeSystemInfo",     (SYSCALL)GetNativeSystemInfo,     0 },
+#else
+  { "GetNativeSystemInfo",     (SYSCALL)0,                       0 },
+#endif
+
+#define osGetNativeSystemInfo ((VOID(WINAPI*)( \
+        LPSYSTEM_INFO))aSyscall[71].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_ANSI)
+  { "OutputDebugStringA",      (SYSCALL)OutputDebugStringA,      0 },
+#else
+  { "OutputDebugStringA",      (SYSCALL)0,                       0 },
+#endif
+
+#define osOutputDebugStringA ((VOID(WINAPI*)(LPCSTR))aSyscall[72].pCurrent)
+
+#if defined(SQLITE_WIN32_HAS_WIDE)
+  { "OutputDebugStringW",      (SYSCALL)OutputDebugStringW,      0 },
+#else
+  { "OutputDebugStringW",      (SYSCALL)0,                       0 },
+#endif
+
+#define osOutputDebugStringW ((VOID(WINAPI*)(LPCWSTR))aSyscall[73].pCurrent)
+
+  { "GetProcessHeap",          (SYSCALL)GetProcessHeap,          0 },
+
+#define osGetProcessHeap ((HANDLE(WINAPI*)(VOID))aSyscall[74].pCurrent)
+
+#if SQLITE_OS_WINRT && (!defined(SQLITE_OMIT_WAL) || SQLITE_MAX_MMAP_SIZE>0)
+  { "CreateFileMappingFromApp", (SYSCALL)CreateFileMappingFromApp, 0 },
+#else
+  { "CreateFileMappingFromApp", (SYSCALL)0,                      0 },
+#endif
+
+#define osCreateFileMappingFromApp ((HANDLE(WINAPI*)(HANDLE, \
+        LPSECURITY_ATTRIBUTES,ULONG,ULONG64,LPCWSTR))aSyscall[75].pCurrent)
+
+/*
+** NOTE: On some sub-platforms, the InterlockedCompareExchange "function"
+**       is really just a macro that uses a compiler intrinsic (e.g. x64).
+**       So do not try to make this is into a redefinable interface.
+*/
+#if defined(InterlockedCompareExchange)
+  { "InterlockedCompareExchange", (SYSCALL)0,                    0 },
+
+#define osInterlockedCompareExchange InterlockedCompareExchange
+#else
+  { "InterlockedCompareExchange", (SYSCALL)InterlockedCompareExchange, 0 },
+
+#define osInterlockedCompareExchange ((LONG(WINAPI*)(LONG \
+        SQLITE_WIN32_VOLATILE*, LONG,LONG))aSyscall[76].pCurrent)
+#endif /* defined(InterlockedCompareExchange) */
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && SQLITE_WIN32_USE_UUID
+  { "UuidCreate",               (SYSCALL)UuidCreate,             0 },
+#else
+  { "UuidCreate",               (SYSCALL)0,                      0 },
+#endif
+
+#define osUuidCreate ((RPC_STATUS(RPC_ENTRY*)(UUID*))aSyscall[77].pCurrent)
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && SQLITE_WIN32_USE_UUID
+  { "UuidCreateSequential",     (SYSCALL)UuidCreateSequential,   0 },
+#else
+  { "UuidCreateSequential",     (SYSCALL)0,                      0 },
+#endif
+
+#define osUuidCreateSequential \
+        ((RPC_STATUS(RPC_ENTRY*)(UUID*))aSyscall[78].pCurrent)
+
+#if !defined(SQLITE_NO_SYNC) && SQLITE_MAX_MMAP_SIZE>0
+  { "FlushViewOfFile",          (SYSCALL)FlushViewOfFile,        0 },
+#else
+  { "FlushViewOfFile",          (SYSCALL)0,                      0 },
+#endif
+
+#define osFlushViewOfFile \
+        ((BOOL(WINAPI*)(LPCVOID,SIZE_T))aSyscall[79].pCurrent)
+
+}; /* End of the overrideable system calls */
+
+/*
+** This is the xSetSystemCall() method of sqlite3_vfs for all of the
+** "win32" VFSes.  Return SQLITE_OK opon successfully updating the
+** system call pointer, or SQLITE_NOTFOUND if there is no configurable
+** system call named zName.
+*/
+static int winSetSystemCall(
+  sqlite3_vfs *pNotUsed,        /* The VFS pointer.  Not used */
+  const char *zName,            /* Name of system call to override */
+  sqlite3_syscall_ptr pNewFunc  /* Pointer to new system call value */
+){
+  unsigned int i;
+  int rc = SQLITE_NOTFOUND;
+
+  UNUSED_PARAMETER(pNotUsed);
+  if( zName==0 ){
+    /* If no zName is given, restore all system calls to their default
+    ** settings and return NULL
+    */
+    rc = SQLITE_OK;
+    for(i=0; i<sizeof(aSyscall)/sizeof(aSyscall[0]); i++){
+      if( aSyscall[i].pDefault ){
+        aSyscall[i].pCurrent = aSyscall[i].pDefault;
+      }
+    }
+  }else{
+    /* If zName is specified, operate on only the one system call
+    ** specified.
+    */
+    for(i=0; i<sizeof(aSyscall)/sizeof(aSyscall[0]); i++){
+      if( strcmp(zName, aSyscall[i].zName)==0 ){
+        if( aSyscall[i].pDefault==0 ){
+          aSyscall[i].pDefault = aSyscall[i].pCurrent;
+        }
+        rc = SQLITE_OK;
+        if( pNewFunc==0 ) pNewFunc = aSyscall[i].pDefault;
+        aSyscall[i].pCurrent = pNewFunc;
+        break;
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Return the value of a system call.  Return NULL if zName is not a
+** recognized system call name.  NULL is also returned if the system call
+** is currently undefined.
+*/
+static sqlite3_syscall_ptr winGetSystemCall(
+  sqlite3_vfs *pNotUsed,
+  const char *zName
+){
+  unsigned int i;
+
+  UNUSED_PARAMETER(pNotUsed);
+  for(i=0; i<sizeof(aSyscall)/sizeof(aSyscall[0]); i++){
+    if( strcmp(zName, aSyscall[i].zName)==0 ) return aSyscall[i].pCurrent;
+  }
+  return 0;
+}
+
+/*
+** Return the name of the first system call after zName.  If zName==NULL
+** then return the name of the first system call.  Return NULL if zName
+** is the last system call or if zName is not the name of a valid
+** system call.
+*/
+static const char *winNextSystemCall(sqlite3_vfs *p, const char *zName){
+  int i = -1;
+
+  UNUSED_PARAMETER(p);
+  if( zName ){
+    for(i=0; i<ArraySize(aSyscall)-1; i++){
+      if( strcmp(zName, aSyscall[i].zName)==0 ) break;
+    }
+  }
+  for(i++; i<ArraySize(aSyscall); i++){
+    if( aSyscall[i].pCurrent!=0 ) return aSyscall[i].zName;
+  }
+  return 0;
+}
+
+#ifdef SQLITE_WIN32_MALLOC
+/*
+** If a Win32 native heap has been configured, this function will attempt to
+** compact it.  Upon success, SQLITE_OK will be returned.  Upon failure, one
+** of SQLITE_NOMEM, SQLITE_ERROR, or SQLITE_NOTFOUND will be returned.  The
+** "pnLargest" argument, if non-zero, will be used to return the size of the
+** largest committed free block in the heap, in bytes.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_win32_compact_heap(LPUINT pnLargest){
+  int rc = SQLITE_OK;
+  UINT nLargest = 0;
+  HANDLE hHeap;
+
+  winMemAssertMagic();
+  hHeap = winMemGetHeap();
+  assert( hHeap!=0 );
+  assert( hHeap!=INVALID_HANDLE_VALUE );
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_MALLOC_VALIDATE)
+  assert( osHeapValidate(hHeap, SQLITE_WIN32_HEAP_FLAGS, NULL) );
+#endif
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
+  if( (nLargest=osHeapCompact(hHeap, SQLITE_WIN32_HEAP_FLAGS))==0 ){
+    DWORD lastErrno = osGetLastError();
+    if( lastErrno==NO_ERROR ){
+      sqlite3_log(SQLITE_NOMEM, "failed to HeapCompact (no space), heap=%p",
+                  (void*)hHeap);
+      rc = SQLITE_NOMEM;
+    }else{
+      sqlite3_log(SQLITE_ERROR, "failed to HeapCompact (%lu), heap=%p",
+                  osGetLastError(), (void*)hHeap);
+      rc = SQLITE_ERROR;
+    }
+  }
+#else
+  sqlite3_log(SQLITE_NOTFOUND, "failed to HeapCompact, heap=%p",
+              (void*)hHeap);
+  rc = SQLITE_NOTFOUND;
+#endif
+  if( pnLargest ) *pnLargest = nLargest;
+  return rc;
+}
+
+/*
+** If a Win32 native heap has been configured, this function will attempt to
+** destroy and recreate it.  If the Win32 native heap is not isolated and/or
+** the sqlite3_memory_used() function does not return zero, SQLITE_BUSY will
+** be returned and no changes will be made to the Win32 native heap.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_win32_reset_heap(){
+  int rc;
+  MUTEX_LOGIC( sqlite3_mutex *pMaster; ) /* The main static mutex */
+  MUTEX_LOGIC( sqlite3_mutex *pMem; )    /* The memsys static mutex */
+  MUTEX_LOGIC( pMaster = sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER); )
+  MUTEX_LOGIC( pMem = sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MEM); )
+  sqlite3_mutex_enter(pMaster);
+  sqlite3_mutex_enter(pMem);
+  winMemAssertMagic();
+  if( winMemGetHeap()!=NULL && winMemGetOwned() && sqlite3_memory_used()==0 ){
+    /*
+    ** At this point, there should be no outstanding memory allocations on
+    ** the heap.  Also, since both the master and memsys locks are currently
+    ** being held by us, no other function (i.e. from another thread) should
+    ** be able to even access the heap.  Attempt to destroy and recreate our
+    ** isolated Win32 native heap now.
+    */
+    assert( winMemGetHeap()!=NULL );
+    assert( winMemGetOwned() );
+    assert( sqlite3_memory_used()==0 );
+    winMemShutdown(winMemGetDataPtr());
+    assert( winMemGetHeap()==NULL );
+    assert( !winMemGetOwned() );
+    assert( sqlite3_memory_used()==0 );
+    rc = winMemInit(winMemGetDataPtr());
+    assert( rc!=SQLITE_OK || winMemGetHeap()!=NULL );
+    assert( rc!=SQLITE_OK || winMemGetOwned() );
+    assert( rc!=SQLITE_OK || sqlite3_memory_used()==0 );
+  }else{
+    /*
+    ** The Win32 native heap cannot be modified because it may be in use.
+    */
+    rc = SQLITE_BUSY;
+  }
+  sqlite3_mutex_leave(pMem);
+  sqlite3_mutex_leave(pMaster);
+  return rc;
+}
+#endif /* SQLITE_WIN32_MALLOC */
+
+/*
+** This function outputs the specified (ANSI) string to the Win32 debugger
+** (if available).
+*/
+
+SQLITE_API void SQLITE_STDCALL sqlite3_win32_write_debug(const char *zBuf, int nBuf){
+  char zDbgBuf[SQLITE_WIN32_DBG_BUF_SIZE];
+  int nMin = MIN(nBuf, (SQLITE_WIN32_DBG_BUF_SIZE - 1)); /* may be negative. */
+  if( nMin<-1 ) nMin = -1; /* all negative values become -1. */
+  assert( nMin==-1 || nMin==0 || nMin<SQLITE_WIN32_DBG_BUF_SIZE );
+#if defined(SQLITE_WIN32_HAS_ANSI)
+  if( nMin>0 ){
+    memset(zDbgBuf, 0, SQLITE_WIN32_DBG_BUF_SIZE);
+    memcpy(zDbgBuf, zBuf, nMin);
+    osOutputDebugStringA(zDbgBuf);
+  }else{
+    osOutputDebugStringA(zBuf);
+  }
+#elif defined(SQLITE_WIN32_HAS_WIDE)
+  memset(zDbgBuf, 0, SQLITE_WIN32_DBG_BUF_SIZE);
+  if ( osMultiByteToWideChar(
+          osAreFileApisANSI() ? CP_ACP : CP_OEMCP, 0, zBuf,
+          nMin, (LPWSTR)zDbgBuf, SQLITE_WIN32_DBG_BUF_SIZE/sizeof(WCHAR))<=0 ){
+    return;
+  }
+  osOutputDebugStringW((LPCWSTR)zDbgBuf);
+#else
+  if( nMin>0 ){
+    memset(zDbgBuf, 0, SQLITE_WIN32_DBG_BUF_SIZE);
+    memcpy(zDbgBuf, zBuf, nMin);
+    fprintf(stderr, "%s", zDbgBuf);
+  }else{
+    fprintf(stderr, "%s", zBuf);
+  }
+#endif
+}
+
+/*
+** The following routine suspends the current thread for at least ms
+** milliseconds.  This is equivalent to the Win32 Sleep() interface.
+*/
+#if SQLITE_OS_WINRT
+static HANDLE sleepObj = NULL;
+#endif
+
+SQLITE_API void SQLITE_STDCALL sqlite3_win32_sleep(DWORD milliseconds){
+#if SQLITE_OS_WINRT
+  if ( sleepObj==NULL ){
+    sleepObj = osCreateEventExW(NULL, NULL, CREATE_EVENT_MANUAL_RESET,
+                                SYNCHRONIZE);
+  }
+  assert( sleepObj!=NULL );
+  osWaitForSingleObjectEx(sleepObj, milliseconds, FALSE);
+#else
+  osSleep(milliseconds);
+#endif
+}
+
+#if SQLITE_MAX_WORKER_THREADS>0 && !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && \
+        SQLITE_THREADSAFE>0
+SQLITE_PRIVATE DWORD sqlite3Win32Wait(HANDLE hObject){
+  DWORD rc;
+  while( (rc = osWaitForSingleObjectEx(hObject, INFINITE,
+                                       TRUE))==WAIT_IO_COMPLETION ){}
+  return rc;
+}
+#endif
+
+/*
+** Return true (non-zero) if we are running under WinNT, Win2K, WinXP,
+** or WinCE.  Return false (zero) for Win95, Win98, or WinME.
+**
+** Here is an interesting observation:  Win95, Win98, and WinME lack
+** the LockFileEx() API.  But we can still statically link against that
+** API as long as we don't call it when running Win95/98/ME.  A call to
+** this routine is used to determine if the host is Win95/98/ME or
+** WinNT/2K/XP so that we will know whether or not we can safely call
+** the LockFileEx() API.
+*/
+
+#if !defined(SQLITE_WIN32_GETVERSIONEX) || !SQLITE_WIN32_GETVERSIONEX
+# define osIsNT()  (1)
+#elif SQLITE_OS_WINCE || SQLITE_OS_WINRT || !defined(SQLITE_WIN32_HAS_ANSI)
+# define osIsNT()  (1)
+#elif !defined(SQLITE_WIN32_HAS_WIDE)
+# define osIsNT()  (0)
+#else
+# define osIsNT()  ((sqlite3_os_type==2) || sqlite3_win32_is_nt())
+#endif
+
+/*
+** This function determines if the machine is running a version of Windows
+** based on the NT kernel.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_win32_is_nt(void){
+#if SQLITE_OS_WINRT
+  /*
+  ** NOTE: The WinRT sub-platform is always assumed to be based on the NT
+  **       kernel.
+  */
+  return 1;
+#elif defined(SQLITE_WIN32_GETVERSIONEX) && SQLITE_WIN32_GETVERSIONEX
+  if( osInterlockedCompareExchange(&sqlite3_os_type, 0, 0)==0 ){
+#if defined(SQLITE_WIN32_HAS_ANSI)
+    OSVERSIONINFOA sInfo;
+    sInfo.dwOSVersionInfoSize = sizeof(sInfo);
+    osGetVersionExA(&sInfo);
+    osInterlockedCompareExchange(&sqlite3_os_type,
+        (sInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) ? 2 : 1, 0);
+#elif defined(SQLITE_WIN32_HAS_WIDE)
+    OSVERSIONINFOW sInfo;
+    sInfo.dwOSVersionInfoSize = sizeof(sInfo);
+    osGetVersionExW(&sInfo);
+    osInterlockedCompareExchange(&sqlite3_os_type,
+        (sInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) ? 2 : 1, 0);
+#endif
+  }
+  return osInterlockedCompareExchange(&sqlite3_os_type, 2, 2)==2;
+#elif SQLITE_TEST
+  return osInterlockedCompareExchange(&sqlite3_os_type, 2, 2)==2;
+#else
+  /*
+  ** NOTE: All sub-platforms where the GetVersionEx[AW] functions are
+  **       deprecated are always assumed to be based on the NT kernel.
+  */
+  return 1;
+#endif
+}
+
+#ifdef SQLITE_WIN32_MALLOC
+/*
+** Allocate nBytes of memory.
+*/
+static void *winMemMalloc(int nBytes){
+  HANDLE hHeap;
+  void *p;
+
+  winMemAssertMagic();
+  hHeap = winMemGetHeap();
+  assert( hHeap!=0 );
+  assert( hHeap!=INVALID_HANDLE_VALUE );
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_MALLOC_VALIDATE)
+  assert( osHeapValidate(hHeap, SQLITE_WIN32_HEAP_FLAGS, NULL) );
+#endif
+  assert( nBytes>=0 );
+  p = osHeapAlloc(hHeap, SQLITE_WIN32_HEAP_FLAGS, (SIZE_T)nBytes);
+  if( !p ){
+    sqlite3_log(SQLITE_NOMEM, "failed to HeapAlloc %u bytes (%lu), heap=%p",
+                nBytes, osGetLastError(), (void*)hHeap);
+  }
+  return p;
+}
+
+/*
+** Free memory.
+*/
+static void winMemFree(void *pPrior){
+  HANDLE hHeap;
+
+  winMemAssertMagic();
+  hHeap = winMemGetHeap();
+  assert( hHeap!=0 );
+  assert( hHeap!=INVALID_HANDLE_VALUE );
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_MALLOC_VALIDATE)
+  assert( osHeapValidate(hHeap, SQLITE_WIN32_HEAP_FLAGS, pPrior) );
+#endif
+  if( !pPrior ) return; /* Passing NULL to HeapFree is undefined. */
+  if( !osHeapFree(hHeap, SQLITE_WIN32_HEAP_FLAGS, pPrior) ){
+    sqlite3_log(SQLITE_NOMEM, "failed to HeapFree block %p (%lu), heap=%p",
+                pPrior, osGetLastError(), (void*)hHeap);
+  }
+}
+
+/*
+** Change the size of an existing memory allocation
+*/
+static void *winMemRealloc(void *pPrior, int nBytes){
+  HANDLE hHeap;
+  void *p;
+
+  winMemAssertMagic();
+  hHeap = winMemGetHeap();
+  assert( hHeap!=0 );
+  assert( hHeap!=INVALID_HANDLE_VALUE );
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_MALLOC_VALIDATE)
+  assert( osHeapValidate(hHeap, SQLITE_WIN32_HEAP_FLAGS, pPrior) );
+#endif
+  assert( nBytes>=0 );
+  if( !pPrior ){
+    p = osHeapAlloc(hHeap, SQLITE_WIN32_HEAP_FLAGS, (SIZE_T)nBytes);
+  }else{
+    p = osHeapReAlloc(hHeap, SQLITE_WIN32_HEAP_FLAGS, pPrior, (SIZE_T)nBytes);
+  }
+  if( !p ){
+    sqlite3_log(SQLITE_NOMEM, "failed to %s %u bytes (%lu), heap=%p",
+                pPrior ? "HeapReAlloc" : "HeapAlloc", nBytes, osGetLastError(),
+                (void*)hHeap);
+  }
+  return p;
+}
+
+/*
+** Return the size of an outstanding allocation, in bytes.
+*/
+static int winMemSize(void *p){
+  HANDLE hHeap;
+  SIZE_T n;
+
+  winMemAssertMagic();
+  hHeap = winMemGetHeap();
+  assert( hHeap!=0 );
+  assert( hHeap!=INVALID_HANDLE_VALUE );
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_MALLOC_VALIDATE)
+  assert( osHeapValidate(hHeap, SQLITE_WIN32_HEAP_FLAGS, p) );
+#endif
+  if( !p ) return 0;
+  n = osHeapSize(hHeap, SQLITE_WIN32_HEAP_FLAGS, p);
+  if( n==(SIZE_T)-1 ){
+    sqlite3_log(SQLITE_NOMEM, "failed to HeapSize block %p (%lu), heap=%p",
+                p, osGetLastError(), (void*)hHeap);
+    return 0;
+  }
+  return (int)n;
+}
+
+/*
+** Round up a request size to the next valid allocation size.
+*/
+static int winMemRoundup(int n){
+  return n;
+}
+
+/*
+** Initialize this module.
+*/
+static int winMemInit(void *pAppData){
+  winMemData *pWinMemData = (winMemData *)pAppData;
+
+  if( !pWinMemData ) return SQLITE_ERROR;
+  assert( pWinMemData->magic1==WINMEM_MAGIC1 );
+  assert( pWinMemData->magic2==WINMEM_MAGIC2 );
+
+#if !SQLITE_OS_WINRT && SQLITE_WIN32_HEAP_CREATE
+  if( !pWinMemData->hHeap ){
+    DWORD dwInitialSize = SQLITE_WIN32_HEAP_INIT_SIZE;
+    DWORD dwMaximumSize = (DWORD)sqlite3GlobalConfig.nHeap;
+    if( dwMaximumSize==0 ){
+      dwMaximumSize = SQLITE_WIN32_HEAP_MAX_SIZE;
+    }else if( dwInitialSize>dwMaximumSize ){
+      dwInitialSize = dwMaximumSize;
+    }
+    pWinMemData->hHeap = osHeapCreate(SQLITE_WIN32_HEAP_FLAGS,
+                                      dwInitialSize, dwMaximumSize);
+    if( !pWinMemData->hHeap ){
+      sqlite3_log(SQLITE_NOMEM,
+          "failed to HeapCreate (%lu), flags=%u, initSize=%lu, maxSize=%lu",
+          osGetLastError(), SQLITE_WIN32_HEAP_FLAGS, dwInitialSize,
+          dwMaximumSize);
+      return SQLITE_NOMEM;
+    }
+    pWinMemData->bOwned = TRUE;
+    assert( pWinMemData->bOwned );
+  }
+#else
+  pWinMemData->hHeap = osGetProcessHeap();
+  if( !pWinMemData->hHeap ){
+    sqlite3_log(SQLITE_NOMEM,
+        "failed to GetProcessHeap (%lu)", osGetLastError());
+    return SQLITE_NOMEM;
+  }
+  pWinMemData->bOwned = FALSE;
+  assert( !pWinMemData->bOwned );
+#endif
+  assert( pWinMemData->hHeap!=0 );
+  assert( pWinMemData->hHeap!=INVALID_HANDLE_VALUE );
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_MALLOC_VALIDATE)
+  assert( osHeapValidate(pWinMemData->hHeap, SQLITE_WIN32_HEAP_FLAGS, NULL) );
+#endif
+  return SQLITE_OK;
+}
+
+/*
+** Deinitialize this module.
+*/
+static void winMemShutdown(void *pAppData){
+  winMemData *pWinMemData = (winMemData *)pAppData;
+
+  if( !pWinMemData ) return;
+  assert( pWinMemData->magic1==WINMEM_MAGIC1 );
+  assert( pWinMemData->magic2==WINMEM_MAGIC2 );
+
+  if( pWinMemData->hHeap ){
+    assert( pWinMemData->hHeap!=INVALID_HANDLE_VALUE );
+#if !SQLITE_OS_WINRT && defined(SQLITE_WIN32_MALLOC_VALIDATE)
+    assert( osHeapValidate(pWinMemData->hHeap, SQLITE_WIN32_HEAP_FLAGS, NULL) );
+#endif
+    if( pWinMemData->bOwned ){
+      if( !osHeapDestroy(pWinMemData->hHeap) ){
+        sqlite3_log(SQLITE_NOMEM, "failed to HeapDestroy (%lu), heap=%p",
+                    osGetLastError(), (void*)pWinMemData->hHeap);
+      }
+      pWinMemData->bOwned = FALSE;
+    }
+    pWinMemData->hHeap = NULL;
+  }
+}
+
+/*
+** Populate the low-level memory allocation function pointers in
+** sqlite3GlobalConfig.m with pointers to the routines in this file. The
+** arguments specify the block of memory to manage.
+**
+** This routine is only called by sqlite3_config(), and therefore
+** is not required to be threadsafe (it is not).
+*/
+SQLITE_PRIVATE const sqlite3_mem_methods *sqlite3MemGetWin32(void){
+  static const sqlite3_mem_methods winMemMethods = {
+    winMemMalloc,
+    winMemFree,
+    winMemRealloc,
+    winMemSize,
+    winMemRoundup,
+    winMemInit,
+    winMemShutdown,
+    &win_mem_data
+  };
+  return &winMemMethods;
+}
+
+SQLITE_PRIVATE void sqlite3MemSetDefault(void){
+  sqlite3_config(SQLITE_CONFIG_MALLOC, sqlite3MemGetWin32());
+}
+#endif /* SQLITE_WIN32_MALLOC */
+
+/*
+** Convert a UTF-8 string to Microsoft Unicode (UTF-16?).
+**
+** Space to hold the returned string is obtained from malloc.
+*/
+static LPWSTR winUtf8ToUnicode(const char *zFilename){
+  int nChar;
+  LPWSTR zWideFilename;
+
+  nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0);
+  if( nChar==0 ){
+    return 0;
+  }
+  zWideFilename = sqlite3MallocZero( nChar*sizeof(zWideFilename[0]) );
+  if( zWideFilename==0 ){
+    return 0;
+  }
+  nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1, zWideFilename,
+                                nChar);
+  if( nChar==0 ){
+    sqlite3_free(zWideFilename);
+    zWideFilename = 0;
+  }
+  return zWideFilename;
+}
+
+/*
+** Convert Microsoft Unicode to UTF-8.  Space to hold the returned string is
+** obtained from sqlite3_malloc().
+*/
+static char *winUnicodeToUtf8(LPCWSTR zWideFilename){
+  int nByte;
+  char *zFilename;
+
+  nByte = osWideCharToMultiByte(CP_UTF8, 0, zWideFilename, -1, 0, 0, 0, 0);
+  if( nByte == 0 ){
+    return 0;
+  }
+  zFilename = sqlite3MallocZero( nByte );
+  if( zFilename==0 ){
+    return 0;
+  }
+  nByte = osWideCharToMultiByte(CP_UTF8, 0, zWideFilename, -1, zFilename, nByte,
+                                0, 0);
+  if( nByte == 0 ){
+    sqlite3_free(zFilename);
+    zFilename = 0;
+  }
+  return zFilename;
+}
+
+/*
+** Convert an ANSI string to Microsoft Unicode, based on the
+** current codepage settings for file apis.
+**
+** Space to hold the returned string is obtained
+** from sqlite3_malloc.
+*/
+static LPWSTR winMbcsToUnicode(const char *zFilename){
+  int nByte;
+  LPWSTR zMbcsFilename;
+  int codepage = osAreFileApisANSI() ? CP_ACP : CP_OEMCP;
+
+  nByte = osMultiByteToWideChar(codepage, 0, zFilename, -1, NULL,
+                                0)*sizeof(WCHAR);
+  if( nByte==0 ){
+    return 0;
+  }
+  zMbcsFilename = sqlite3MallocZero( nByte*sizeof(zMbcsFilename[0]) );
+  if( zMbcsFilename==0 ){
+    return 0;
+  }
+  nByte = osMultiByteToWideChar(codepage, 0, zFilename, -1, zMbcsFilename,
+                                nByte);
+  if( nByte==0 ){
+    sqlite3_free(zMbcsFilename);
+    zMbcsFilename = 0;
+  }
+  return zMbcsFilename;
+}
+
+/*
+** Convert Microsoft Unicode to multi-byte character string, based on the
+** user's ANSI codepage.
+**
+** Space to hold the returned string is obtained from
+** sqlite3_malloc().
+*/
+static char *winUnicodeToMbcs(LPCWSTR zWideFilename){
+  int nByte;
+  char *zFilename;
+  int codepage = osAreFileApisANSI() ? CP_ACP : CP_OEMCP;
+
+  nByte = osWideCharToMultiByte(codepage, 0, zWideFilename, -1, 0, 0, 0, 0);
+  if( nByte == 0 ){
+    return 0;
+  }
+  zFilename = sqlite3MallocZero( nByte );
+  if( zFilename==0 ){
+    return 0;
+  }
+  nByte = osWideCharToMultiByte(codepage, 0, zWideFilename, -1, zFilename,
+                                nByte, 0, 0);
+  if( nByte == 0 ){
+    sqlite3_free(zFilename);
+    zFilename = 0;
+  }
+  return zFilename;
+}
+
+/*
+** Convert multibyte character string to UTF-8.  Space to hold the
+** returned string is obtained from sqlite3_malloc().
+*/
+SQLITE_API char *SQLITE_STDCALL sqlite3_win32_mbcs_to_utf8(const char *zFilename){
+  char *zFilenameUtf8;
+  LPWSTR zTmpWide;
+
+  zTmpWide = winMbcsToUnicode(zFilename);
+  if( zTmpWide==0 ){
+    return 0;
+  }
+  zFilenameUtf8 = winUnicodeToUtf8(zTmpWide);
+  sqlite3_free(zTmpWide);
+  return zFilenameUtf8;
+}
+
+/*
+** Convert UTF-8 to multibyte character string.  Space to hold the
+** returned string is obtained from sqlite3_malloc().
+*/
+SQLITE_API char *SQLITE_STDCALL sqlite3_win32_utf8_to_mbcs(const char *zFilename){
+  char *zFilenameMbcs;
+  LPWSTR zTmpWide;
+
+  zTmpWide = winUtf8ToUnicode(zFilename);
+  if( zTmpWide==0 ){
+    return 0;
+  }
+  zFilenameMbcs = winUnicodeToMbcs(zTmpWide);
+  sqlite3_free(zTmpWide);
+  return zFilenameMbcs;
+}
+
+/*
+** This function sets the data directory or the temporary directory based on
+** the provided arguments.  The type argument must be 1 in order to set the
+** data directory or 2 in order to set the temporary directory.  The zValue
+** argument is the name of the directory to use.  The return value will be
+** SQLITE_OK if successful.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_win32_set_directory(DWORD type, LPCWSTR zValue){
+  char **ppDirectory = 0;
+#ifndef SQLITE_OMIT_AUTOINIT
+  int rc = sqlite3_initialize();
+  if( rc ) return rc;
+#endif
+  if( type==SQLITE_WIN32_DATA_DIRECTORY_TYPE ){
+    ppDirectory = &sqlite3_data_directory;
+  }else if( type==SQLITE_WIN32_TEMP_DIRECTORY_TYPE ){
+    ppDirectory = &sqlite3_temp_directory;
+  }
+  assert( !ppDirectory || type==SQLITE_WIN32_DATA_DIRECTORY_TYPE
+          || type==SQLITE_WIN32_TEMP_DIRECTORY_TYPE
+  );
+  assert( !ppDirectory || sqlite3MemdebugHasType(*ppDirectory, MEMTYPE_HEAP) );
+  if( ppDirectory ){
+    char *zValueUtf8 = 0;
+    if( zValue && zValue[0] ){
+      zValueUtf8 = winUnicodeToUtf8(zValue);
+      if ( zValueUtf8==0 ){
+        return SQLITE_NOMEM;
+      }
+    }
+    sqlite3_free(*ppDirectory);
+    *ppDirectory = zValueUtf8;
+    return SQLITE_OK;
+  }
+  return SQLITE_ERROR;
+}
+
+/*
+** The return value of winGetLastErrorMsg
+** is zero if the error message fits in the buffer, or non-zero
+** otherwise (if the message was truncated).
+*/
+static int winGetLastErrorMsg(DWORD lastErrno, int nBuf, char *zBuf){
+  /* FormatMessage returns 0 on failure.  Otherwise it
+  ** returns the number of TCHARs written to the output
+  ** buffer, excluding the terminating null char.
+  */
+  DWORD dwLen = 0;
+  char *zOut = 0;
+
+  if( osIsNT() ){
+#if SQLITE_OS_WINRT
+    WCHAR zTempWide[SQLITE_WIN32_MAX_ERRMSG_CHARS+1];
+    dwLen = osFormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM |
+                             FORMAT_MESSAGE_IGNORE_INSERTS,
+                             NULL,
+                             lastErrno,
+                             0,
+                             zTempWide,
+                             SQLITE_WIN32_MAX_ERRMSG_CHARS,
+                             0);
+#else
+    LPWSTR zTempWide = NULL;
+    dwLen = osFormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER |
+                             FORMAT_MESSAGE_FROM_SYSTEM |
+                             FORMAT_MESSAGE_IGNORE_INSERTS,
+                             NULL,
+                             lastErrno,
+                             0,
+                             (LPWSTR) &zTempWide,
+                             0,
+                             0);
+#endif
+    if( dwLen > 0 ){
+      /* allocate a buffer and convert to UTF8 */
+      sqlite3BeginBenignMalloc();
+      zOut = winUnicodeToUtf8(zTempWide);
+      sqlite3EndBenignMalloc();
+#if !SQLITE_OS_WINRT
+      /* free the system buffer allocated by FormatMessage */
+      osLocalFree(zTempWide);
+#endif
+    }
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    char *zTemp = NULL;
+    dwLen = osFormatMessageA(FORMAT_MESSAGE_ALLOCATE_BUFFER |
+                             FORMAT_MESSAGE_FROM_SYSTEM |
+                             FORMAT_MESSAGE_IGNORE_INSERTS,
+                             NULL,
+                             lastErrno,
+                             0,
+                             (LPSTR) &zTemp,
+                             0,
+                             0);
+    if( dwLen > 0 ){
+      /* allocate a buffer and convert to UTF8 */
+      sqlite3BeginBenignMalloc();
+      zOut = sqlite3_win32_mbcs_to_utf8(zTemp);
+      sqlite3EndBenignMalloc();
+      /* free the system buffer allocated by FormatMessage */
+      osLocalFree(zTemp);
+    }
+  }
+#endif
+  if( 0 == dwLen ){
+    sqlite3_snprintf(nBuf, zBuf, "OsError 0x%lx (%lu)", lastErrno, lastErrno);
+  }else{
+    /* copy a maximum of nBuf chars to output buffer */
+    sqlite3_snprintf(nBuf, zBuf, "%s", zOut);
+    /* free the UTF8 buffer */
+    sqlite3_free(zOut);
+  }
+  return 0;
+}
+
+/*
+**
+** This function - winLogErrorAtLine() - is only ever called via the macro
+** winLogError().
+**
+** This routine is invoked after an error occurs in an OS function.
+** It logs a message using sqlite3_log() containing the current value of
+** error code and, if possible, the human-readable equivalent from
+** FormatMessage.
+**
+** The first argument passed to the macro should be the error code that
+** will be returned to SQLite (e.g. SQLITE_IOERR_DELETE, SQLITE_CANTOPEN).
+** The two subsequent arguments should be the name of the OS function that
+** failed and the associated file-system path, if any.
+*/
+#define winLogError(a,b,c,d)   winLogErrorAtLine(a,b,c,d,__LINE__)
+static int winLogErrorAtLine(
+  int errcode,                    /* SQLite error code */
+  DWORD lastErrno,                /* Win32 last error */
+  const char *zFunc,              /* Name of OS function that failed */
+  const char *zPath,              /* File path associated with error */
+  int iLine                       /* Source line number where error occurred */
+){
+  char zMsg[500];                 /* Human readable error text */
+  int i;                          /* Loop counter */
+
+  zMsg[0] = 0;
+  winGetLastErrorMsg(lastErrno, sizeof(zMsg), zMsg);
+  assert( errcode!=SQLITE_OK );
+  if( zPath==0 ) zPath = "";
+  for(i=0; zMsg[i] && zMsg[i]!='\r' && zMsg[i]!='\n'; i++){}
+  zMsg[i] = 0;
+  sqlite3_log(errcode,
+      "os_win.c:%d: (%lu) %s(%s) - %s",
+      iLine, lastErrno, zFunc, zPath, zMsg
+  );
+
+  return errcode;
+}
+
+/*
+** The number of times that a ReadFile(), WriteFile(), and DeleteFile()
+** will be retried following a locking error - probably caused by
+** antivirus software.  Also the initial delay before the first retry.
+** The delay increases linearly with each retry.
+*/
+#ifndef SQLITE_WIN32_IOERR_RETRY
+# define SQLITE_WIN32_IOERR_RETRY 10
+#endif
+#ifndef SQLITE_WIN32_IOERR_RETRY_DELAY
+# define SQLITE_WIN32_IOERR_RETRY_DELAY 25
+#endif
+static int winIoerrRetry = SQLITE_WIN32_IOERR_RETRY;
+static int winIoerrRetryDelay = SQLITE_WIN32_IOERR_RETRY_DELAY;
+
+/*
+** The "winIoerrCanRetry1" macro is used to determine if a particular I/O
+** error code obtained via GetLastError() is eligible to be retried.  It
+** must accept the error code DWORD as its only argument and should return
+** non-zero if the error code is transient in nature and the operation
+** responsible for generating the original error might succeed upon being
+** retried.  The argument to this macro should be a variable.
+**
+** Additionally, a macro named "winIoerrCanRetry2" may be defined.  If it
+** is defined, it will be consulted only when the macro "winIoerrCanRetry1"
+** returns zero.  The "winIoerrCanRetry2" macro is completely optional and
+** may be used to include additional error codes in the set that should
+** result in the failing I/O operation being retried by the caller.  If
+** defined, the "winIoerrCanRetry2" macro must exhibit external semantics
+** identical to those of the "winIoerrCanRetry1" macro.
+*/
+#if !defined(winIoerrCanRetry1)
+#define winIoerrCanRetry1(a) (((a)==ERROR_ACCESS_DENIED)        || \
+                              ((a)==ERROR_SHARING_VIOLATION)    || \
+                              ((a)==ERROR_LOCK_VIOLATION)       || \
+                              ((a)==ERROR_DEV_NOT_EXIST)        || \
+                              ((a)==ERROR_NETNAME_DELETED)      || \
+                              ((a)==ERROR_SEM_TIMEOUT)          || \
+                              ((a)==ERROR_NETWORK_UNREACHABLE))
+#endif
+
+/*
+** If a ReadFile() or WriteFile() error occurs, invoke this routine
+** to see if it should be retried.  Return TRUE to retry.  Return FALSE
+** to give up with an error.
+*/
+static int winRetryIoerr(int *pnRetry, DWORD *pError){
+  DWORD e = osGetLastError();
+  if( *pnRetry>=winIoerrRetry ){
+    if( pError ){
+      *pError = e;
+    }
+    return 0;
+  }
+  if( winIoerrCanRetry1(e) ){
+    sqlite3_win32_sleep(winIoerrRetryDelay*(1+*pnRetry));
+    ++*pnRetry;
+    return 1;
+  }
+#if defined(winIoerrCanRetry2)
+  else if( winIoerrCanRetry2(e) ){
+    sqlite3_win32_sleep(winIoerrRetryDelay*(1+*pnRetry));
+    ++*pnRetry;
+    return 1;
+  }
+#endif
+  if( pError ){
+    *pError = e;
+  }
+  return 0;
+}
+
+/*
+** Log a I/O error retry episode.
+*/
+static void winLogIoerr(int nRetry, int lineno){
+  if( nRetry ){
+    sqlite3_log(SQLITE_NOTICE,
+      "delayed %dms for lock/sharing conflict at line %d",
+      winIoerrRetryDelay*nRetry*(nRetry+1)/2, lineno
+    );
+  }
+}
+
+#if SQLITE_OS_WINCE
+/*************************************************************************
+** This section contains code for WinCE only.
+*/
+#if !defined(SQLITE_MSVC_LOCALTIME_API) || !SQLITE_MSVC_LOCALTIME_API
+/*
+** The MSVC CRT on Windows CE may not have a localtime() function.  So
+** create a substitute.
+*/
+/* #include <time.h> */
+struct tm *__cdecl localtime(const time_t *t)
+{
+  static struct tm y;
+  FILETIME uTm, lTm;
+  SYSTEMTIME pTm;
+  sqlite3_int64 t64;
+  t64 = *t;
+  t64 = (t64 + 11644473600)*10000000;
+  uTm.dwLowDateTime = (DWORD)(t64 & 0xFFFFFFFF);
+  uTm.dwHighDateTime= (DWORD)(t64 >> 32);
+  osFileTimeToLocalFileTime(&uTm,&lTm);
+  osFileTimeToSystemTime(&lTm,&pTm);
+  y.tm_year = pTm.wYear - 1900;
+  y.tm_mon = pTm.wMonth - 1;
+  y.tm_wday = pTm.wDayOfWeek;
+  y.tm_mday = pTm.wDay;
+  y.tm_hour = pTm.wHour;
+  y.tm_min = pTm.wMinute;
+  y.tm_sec = pTm.wSecond;
+  return &y;
+}
+#endif
+
+#define HANDLE_TO_WINFILE(a) (winFile*)&((char*)a)[-(int)offsetof(winFile,h)]
+
+/*
+** Acquire a lock on the handle h
+*/
+static void winceMutexAcquire(HANDLE h){
+   DWORD dwErr;
+   do {
+     dwErr = osWaitForSingleObject(h, INFINITE);
+   } while (dwErr != WAIT_OBJECT_0 && dwErr != WAIT_ABANDONED);
+}
+/*
+** Release a lock acquired by winceMutexAcquire()
+*/
+#define winceMutexRelease(h) ReleaseMutex(h)
+
+/*
+** Create the mutex and shared memory used for locking in the file
+** descriptor pFile
+*/
+static int winceCreateLock(const char *zFilename, winFile *pFile){
+  LPWSTR zTok;
+  LPWSTR zName;
+  DWORD lastErrno;
+  BOOL bLogged = FALSE;
+  BOOL bInit = TRUE;
+
+  zName = winUtf8ToUnicode(zFilename);
+  if( zName==0 ){
+    /* out of memory */
+    return SQLITE_IOERR_NOMEM;
+  }
+
+  /* Initialize the local lockdata */
+  memset(&pFile->local, 0, sizeof(pFile->local));
+
+  /* Replace the backslashes from the filename and lowercase it
+  ** to derive a mutex name. */
+  zTok = osCharLowerW(zName);
+  for (;*zTok;zTok++){
+    if (*zTok == '\\') *zTok = '_';
+  }
+
+  /* Create/open the named mutex */
+  pFile->hMutex = osCreateMutexW(NULL, FALSE, zName);
+  if (!pFile->hMutex){
+    pFile->lastErrno = osGetLastError();
+    sqlite3_free(zName);
+    return winLogError(SQLITE_IOERR, pFile->lastErrno,
+                       "winceCreateLock1", zFilename);
+  }
+
+  /* Acquire the mutex before continuing */
+  winceMutexAcquire(pFile->hMutex);
+
+  /* Since the names of named mutexes, semaphores, file mappings etc are
+  ** case-sensitive, take advantage of that by uppercasing the mutex name
+  ** and using that as the shared filemapping name.
+  */
+  osCharUpperW(zName);
+  pFile->hShared = osCreateFileMappingW(INVALID_HANDLE_VALUE, NULL,
+                                        PAGE_READWRITE, 0, sizeof(winceLock),
+                                        zName);
+
+  /* Set a flag that indicates we're the first to create the memory so it
+  ** must be zero-initialized */
+  lastErrno = osGetLastError();
+  if (lastErrno == ERROR_ALREADY_EXISTS){
+    bInit = FALSE;
+  }
+
+  sqlite3_free(zName);
+
+  /* If we succeeded in making the shared memory handle, map it. */
+  if( pFile->hShared ){
+    pFile->shared = (winceLock*)osMapViewOfFile(pFile->hShared,
+             FILE_MAP_READ|FILE_MAP_WRITE, 0, 0, sizeof(winceLock));
+    /* If mapping failed, close the shared memory handle and erase it */
+    if( !pFile->shared ){
+      pFile->lastErrno = osGetLastError();
+      winLogError(SQLITE_IOERR, pFile->lastErrno,
+                  "winceCreateLock2", zFilename);
+      bLogged = TRUE;
+      osCloseHandle(pFile->hShared);
+      pFile->hShared = NULL;
+    }
+  }
+
+  /* If shared memory could not be created, then close the mutex and fail */
+  if( pFile->hShared==NULL ){
+    if( !bLogged ){
+      pFile->lastErrno = lastErrno;
+      winLogError(SQLITE_IOERR, pFile->lastErrno,
+                  "winceCreateLock3", zFilename);
+      bLogged = TRUE;
+    }
+    winceMutexRelease(pFile->hMutex);
+    osCloseHandle(pFile->hMutex);
+    pFile->hMutex = NULL;
+    return SQLITE_IOERR;
+  }
+
+  /* Initialize the shared memory if we're supposed to */
+  if( bInit ){
+    memset(pFile->shared, 0, sizeof(winceLock));
+  }
+
+  winceMutexRelease(pFile->hMutex);
+  return SQLITE_OK;
+}
+
+/*
+** Destroy the part of winFile that deals with wince locks
+*/
+static void winceDestroyLock(winFile *pFile){
+  if (pFile->hMutex){
+    /* Acquire the mutex */
+    winceMutexAcquire(pFile->hMutex);
+
+    /* The following blocks should probably assert in debug mode, but they
+       are to cleanup in case any locks remained open */
+    if (pFile->local.nReaders){
+      pFile->shared->nReaders --;
+    }
+    if (pFile->local.bReserved){
+      pFile->shared->bReserved = FALSE;
+    }
+    if (pFile->local.bPending){
+      pFile->shared->bPending = FALSE;
+    }
+    if (pFile->local.bExclusive){
+      pFile->shared->bExclusive = FALSE;
+    }
+
+    /* De-reference and close our copy of the shared memory handle */
+    osUnmapViewOfFile(pFile->shared);
+    osCloseHandle(pFile->hShared);
+
+    /* Done with the mutex */
+    winceMutexRelease(pFile->hMutex);
+    osCloseHandle(pFile->hMutex);
+    pFile->hMutex = NULL;
+  }
+}
+
+/*
+** An implementation of the LockFile() API of Windows for CE
+*/
+static BOOL winceLockFile(
+  LPHANDLE phFile,
+  DWORD dwFileOffsetLow,
+  DWORD dwFileOffsetHigh,
+  DWORD nNumberOfBytesToLockLow,
+  DWORD nNumberOfBytesToLockHigh
+){
+  winFile *pFile = HANDLE_TO_WINFILE(phFile);
+  BOOL bReturn = FALSE;
+
+  UNUSED_PARAMETER(dwFileOffsetHigh);
+  UNUSED_PARAMETER(nNumberOfBytesToLockHigh);
+
+  if (!pFile->hMutex) return TRUE;
+  winceMutexAcquire(pFile->hMutex);
+
+  /* Wanting an exclusive lock? */
+  if (dwFileOffsetLow == (DWORD)SHARED_FIRST
+       && nNumberOfBytesToLockLow == (DWORD)SHARED_SIZE){
+    if (pFile->shared->nReaders == 0 && pFile->shared->bExclusive == 0){
+       pFile->shared->bExclusive = TRUE;
+       pFile->local.bExclusive = TRUE;
+       bReturn = TRUE;
+    }
+  }
+
+  /* Want a read-only lock? */
+  else if (dwFileOffsetLow == (DWORD)SHARED_FIRST &&
+           nNumberOfBytesToLockLow == 1){
+    if (pFile->shared->bExclusive == 0){
+      pFile->local.nReaders ++;
+      if (pFile->local.nReaders == 1){
+        pFile->shared->nReaders ++;
+      }
+      bReturn = TRUE;
+    }
+  }
+
+  /* Want a pending lock? */
+  else if (dwFileOffsetLow == (DWORD)PENDING_BYTE
+           && nNumberOfBytesToLockLow == 1){
+    /* If no pending lock has been acquired, then acquire it */
+    if (pFile->shared->bPending == 0) {
+      pFile->shared->bPending = TRUE;
+      pFile->local.bPending = TRUE;
+      bReturn = TRUE;
+    }
+  }
+
+  /* Want a reserved lock? */
+  else if (dwFileOffsetLow == (DWORD)RESERVED_BYTE
+           && nNumberOfBytesToLockLow == 1){
+    if (pFile->shared->bReserved == 0) {
+      pFile->shared->bReserved = TRUE;
+      pFile->local.bReserved = TRUE;
+      bReturn = TRUE;
+    }
+  }
+
+  winceMutexRelease(pFile->hMutex);
+  return bReturn;
+}
+
+/*
+** An implementation of the UnlockFile API of Windows for CE
+*/
+static BOOL winceUnlockFile(
+  LPHANDLE phFile,
+  DWORD dwFileOffsetLow,
+  DWORD dwFileOffsetHigh,
+  DWORD nNumberOfBytesToUnlockLow,
+  DWORD nNumberOfBytesToUnlockHigh
+){
+  winFile *pFile = HANDLE_TO_WINFILE(phFile);
+  BOOL bReturn = FALSE;
+
+  UNUSED_PARAMETER(dwFileOffsetHigh);
+  UNUSED_PARAMETER(nNumberOfBytesToUnlockHigh);
+
+  if (!pFile->hMutex) return TRUE;
+  winceMutexAcquire(pFile->hMutex);
+
+  /* Releasing a reader lock or an exclusive lock */
+  if (dwFileOffsetLow == (DWORD)SHARED_FIRST){
+    /* Did we have an exclusive lock? */
+    if (pFile->local.bExclusive){
+      assert(nNumberOfBytesToUnlockLow == (DWORD)SHARED_SIZE);
+      pFile->local.bExclusive = FALSE;
+      pFile->shared->bExclusive = FALSE;
+      bReturn = TRUE;
+    }
+
+    /* Did we just have a reader lock? */
+    else if (pFile->local.nReaders){
+      assert(nNumberOfBytesToUnlockLow == (DWORD)SHARED_SIZE
+             || nNumberOfBytesToUnlockLow == 1);
+      pFile->local.nReaders --;
+      if (pFile->local.nReaders == 0)
+      {
+        pFile->shared->nReaders --;
+      }
+      bReturn = TRUE;
+    }
+  }
+
+  /* Releasing a pending lock */
+  else if (dwFileOffsetLow == (DWORD)PENDING_BYTE
+           && nNumberOfBytesToUnlockLow == 1){
+    if (pFile->local.bPending){
+      pFile->local.bPending = FALSE;
+      pFile->shared->bPending = FALSE;
+      bReturn = TRUE;
+    }
+  }
+  /* Releasing a reserved lock */
+  else if (dwFileOffsetLow == (DWORD)RESERVED_BYTE
+           && nNumberOfBytesToUnlockLow == 1){
+    if (pFile->local.bReserved) {
+      pFile->local.bReserved = FALSE;
+      pFile->shared->bReserved = FALSE;
+      bReturn = TRUE;
+    }
+  }
+
+  winceMutexRelease(pFile->hMutex);
+  return bReturn;
+}
+/*
+** End of the special code for wince
+*****************************************************************************/
+#endif /* SQLITE_OS_WINCE */
+
+/*
+** Lock a file region.
+*/
+static BOOL winLockFile(
+  LPHANDLE phFile,
+  DWORD flags,
+  DWORD offsetLow,
+  DWORD offsetHigh,
+  DWORD numBytesLow,
+  DWORD numBytesHigh
+){
+#if SQLITE_OS_WINCE
+  /*
+  ** NOTE: Windows CE is handled differently here due its lack of the Win32
+  **       API LockFile.
+  */
+  return winceLockFile(phFile, offsetLow, offsetHigh,
+                       numBytesLow, numBytesHigh);
+#else
+  if( osIsNT() ){
+    OVERLAPPED ovlp;
+    memset(&ovlp, 0, sizeof(OVERLAPPED));
+    ovlp.Offset = offsetLow;
+    ovlp.OffsetHigh = offsetHigh;
+    return osLockFileEx(*phFile, flags, 0, numBytesLow, numBytesHigh, &ovlp);
+  }else{
+    return osLockFile(*phFile, offsetLow, offsetHigh, numBytesLow,
+                      numBytesHigh);
+  }
+#endif
+}
+
+/*
+** Unlock a file region.
+ */
+static BOOL winUnlockFile(
+  LPHANDLE phFile,
+  DWORD offsetLow,
+  DWORD offsetHigh,
+  DWORD numBytesLow,
+  DWORD numBytesHigh
+){
+#if SQLITE_OS_WINCE
+  /*
+  ** NOTE: Windows CE is handled differently here due its lack of the Win32
+  **       API UnlockFile.
+  */
+  return winceUnlockFile(phFile, offsetLow, offsetHigh,
+                         numBytesLow, numBytesHigh);
+#else
+  if( osIsNT() ){
+    OVERLAPPED ovlp;
+    memset(&ovlp, 0, sizeof(OVERLAPPED));
+    ovlp.Offset = offsetLow;
+    ovlp.OffsetHigh = offsetHigh;
+    return osUnlockFileEx(*phFile, 0, numBytesLow, numBytesHigh, &ovlp);
+  }else{
+    return osUnlockFile(*phFile, offsetLow, offsetHigh, numBytesLow,
+                        numBytesHigh);
+  }
+#endif
+}
+
+/*****************************************************************************
+** The next group of routines implement the I/O methods specified
+** by the sqlite3_io_methods object.
+******************************************************************************/
+
+/*
+** Some Microsoft compilers lack this definition.
+*/
+#ifndef INVALID_SET_FILE_POINTER
+# define INVALID_SET_FILE_POINTER ((DWORD)-1)
+#endif
+
+/*
+** Move the current position of the file handle passed as the first
+** argument to offset iOffset within the file. If successful, return 0.
+** Otherwise, set pFile->lastErrno and return non-zero.
+*/
+static int winSeekFile(winFile *pFile, sqlite3_int64 iOffset){
+#if !SQLITE_OS_WINRT
+  LONG upperBits;                 /* Most sig. 32 bits of new offset */
+  LONG lowerBits;                 /* Least sig. 32 bits of new offset */
+  DWORD dwRet;                    /* Value returned by SetFilePointer() */
+  DWORD lastErrno;                /* Value returned by GetLastError() */
+
+  OSTRACE(("SEEK file=%p, offset=%lld\n", pFile->h, iOffset));
+
+  upperBits = (LONG)((iOffset>>32) & 0x7fffffff);
+  lowerBits = (LONG)(iOffset & 0xffffffff);
+
+  /* API oddity: If successful, SetFilePointer() returns a dword
+  ** containing the lower 32-bits of the new file-offset. Or, if it fails,
+  ** it returns INVALID_SET_FILE_POINTER. However according to MSDN,
+  ** INVALID_SET_FILE_POINTER may also be a valid new offset. So to determine
+  ** whether an error has actually occurred, it is also necessary to call
+  ** GetLastError().
+  */
+  dwRet = osSetFilePointer(pFile->h, lowerBits, &upperBits, FILE_BEGIN);
+
+  if( (dwRet==INVALID_SET_FILE_POINTER
+      && ((lastErrno = osGetLastError())!=NO_ERROR)) ){
+    pFile->lastErrno = lastErrno;
+    winLogError(SQLITE_IOERR_SEEK, pFile->lastErrno,
+                "winSeekFile", pFile->zPath);
+    OSTRACE(("SEEK file=%p, rc=SQLITE_IOERR_SEEK\n", pFile->h));
+    return 1;
+  }
+
+  OSTRACE(("SEEK file=%p, rc=SQLITE_OK\n", pFile->h));
+  return 0;
+#else
+  /*
+  ** Same as above, except that this implementation works for WinRT.
+  */
+
+  LARGE_INTEGER x;                /* The new offset */
+  BOOL bRet;                      /* Value returned by SetFilePointerEx() */
+
+  x.QuadPart = iOffset;
+  bRet = osSetFilePointerEx(pFile->h, x, 0, FILE_BEGIN);
+
+  if(!bRet){
+    pFile->lastErrno = osGetLastError();
+    winLogError(SQLITE_IOERR_SEEK, pFile->lastErrno,
+                "winSeekFile", pFile->zPath);
+    OSTRACE(("SEEK file=%p, rc=SQLITE_IOERR_SEEK\n", pFile->h));
+    return 1;
+  }
+
+  OSTRACE(("SEEK file=%p, rc=SQLITE_OK\n", pFile->h));
+  return 0;
+#endif
+}
+
+#if SQLITE_MAX_MMAP_SIZE>0
+/* Forward references to VFS helper methods used for memory mapped files */
+static int winMapfile(winFile*, sqlite3_int64);
+static int winUnmapfile(winFile*);
+#endif
+
+/*
+** Close a file.
+**
+** It is reported that an attempt to close a handle might sometimes
+** fail.  This is a very unreasonable result, but Windows is notorious
+** for being unreasonable so I do not doubt that it might happen.  If
+** the close fails, we pause for 100 milliseconds and try again.  As
+** many as MX_CLOSE_ATTEMPT attempts to close the handle are made before
+** giving up and returning an error.
+*/
+#define MX_CLOSE_ATTEMPT 3
+static int winClose(sqlite3_file *id){
+  int rc, cnt = 0;
+  winFile *pFile = (winFile*)id;
+
+  assert( id!=0 );
+#ifndef SQLITE_OMIT_WAL
+  assert( pFile->pShm==0 );
+#endif
+  assert( pFile->h!=NULL && pFile->h!=INVALID_HANDLE_VALUE );
+  OSTRACE(("CLOSE pid=%lu, pFile=%p, file=%p\n",
+           osGetCurrentProcessId(), pFile, pFile->h));
+
+#if SQLITE_MAX_MMAP_SIZE>0
+  winUnmapfile(pFile);
+#endif
+
+  do{
+    rc = osCloseHandle(pFile->h);
+    /* SimulateIOError( rc=0; cnt=MX_CLOSE_ATTEMPT; ); */
+  }while( rc==0 && ++cnt < MX_CLOSE_ATTEMPT && (sqlite3_win32_sleep(100), 1) );
+#if SQLITE_OS_WINCE
+#define WINCE_DELETION_ATTEMPTS 3
+  winceDestroyLock(pFile);
+  if( pFile->zDeleteOnClose ){
+    int cnt = 0;
+    while(
+           osDeleteFileW(pFile->zDeleteOnClose)==0
+        && osGetFileAttributesW(pFile->zDeleteOnClose)!=0xffffffff
+        && cnt++ < WINCE_DELETION_ATTEMPTS
+    ){
+       sqlite3_win32_sleep(100);  /* Wait a little before trying again */
+    }
+    sqlite3_free(pFile->zDeleteOnClose);
+  }
+#endif
+  if( rc ){
+    pFile->h = NULL;
+  }
+  OpenCounter(-1);
+  OSTRACE(("CLOSE pid=%lu, pFile=%p, file=%p, rc=%s\n",
+           osGetCurrentProcessId(), pFile, pFile->h, rc ? "ok" : "failed"));
+  return rc ? SQLITE_OK
+            : winLogError(SQLITE_IOERR_CLOSE, osGetLastError(),
+                          "winClose", pFile->zPath);
+}
+
+/*
+** Read data from a file into a buffer.  Return SQLITE_OK if all
+** bytes were read successfully and SQLITE_IOERR if anything goes
+** wrong.
+*/
+static int winRead(
+  sqlite3_file *id,          /* File to read from */
+  void *pBuf,                /* Write content into this buffer */
+  int amt,                   /* Number of bytes to read */
+  sqlite3_int64 offset       /* Begin reading at this offset */
+){
+#if !SQLITE_OS_WINCE && !defined(SQLITE_WIN32_NO_OVERLAPPED)
+  OVERLAPPED overlapped;          /* The offset for ReadFile. */
+#endif
+  winFile *pFile = (winFile*)id;  /* file handle */
+  DWORD nRead;                    /* Number of bytes actually read from file */
+  int nRetry = 0;                 /* Number of retrys */
+
+  assert( id!=0 );
+  assert( amt>0 );
+  assert( offset>=0 );
+  SimulateIOError(return SQLITE_IOERR_READ);
+  OSTRACE(("READ pid=%lu, pFile=%p, file=%p, buffer=%p, amount=%d, "
+           "offset=%lld, lock=%d\n", osGetCurrentProcessId(), pFile,
+           pFile->h, pBuf, amt, offset, pFile->locktype));
+
+#if SQLITE_MAX_MMAP_SIZE>0
+  /* Deal with as much of this read request as possible by transfering
+  ** data from the memory mapping using memcpy().  */
+  if( offset<pFile->mmapSize ){
+    if( offset+amt <= pFile->mmapSize ){
+      memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], amt);
+      OSTRACE(("READ-MMAP pid=%lu, pFile=%p, file=%p, rc=SQLITE_OK\n",
+               osGetCurrentProcessId(), pFile, pFile->h));
+      return SQLITE_OK;
+    }else{
+      int nCopy = (int)(pFile->mmapSize - offset);
+      memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], nCopy);
+      pBuf = &((u8 *)pBuf)[nCopy];
+      amt -= nCopy;
+      offset += nCopy;
+    }
+  }
+#endif
+
+#if SQLITE_OS_WINCE || defined(SQLITE_WIN32_NO_OVERLAPPED)
+  if( winSeekFile(pFile, offset) ){
+    OSTRACE(("READ pid=%lu, pFile=%p, file=%p, rc=SQLITE_FULL\n",
+             osGetCurrentProcessId(), pFile, pFile->h));
+    return SQLITE_FULL;
+  }
+  while( !osReadFile(pFile->h, pBuf, amt, &nRead, 0) ){
+#else
+  memset(&overlapped, 0, sizeof(OVERLAPPED));
+  overlapped.Offset = (LONG)(offset & 0xffffffff);
+  overlapped.OffsetHigh = (LONG)((offset>>32) & 0x7fffffff);
+  while( !osReadFile(pFile->h, pBuf, amt, &nRead, &overlapped) &&
+         osGetLastError()!=ERROR_HANDLE_EOF ){
+#endif
+    DWORD lastErrno;
+    if( winRetryIoerr(&nRetry, &lastErrno) ) continue;
+    pFile->lastErrno = lastErrno;
+    OSTRACE(("READ pid=%lu, pFile=%p, file=%p, rc=SQLITE_IOERR_READ\n",
+             osGetCurrentProcessId(), pFile, pFile->h));
+    return winLogError(SQLITE_IOERR_READ, pFile->lastErrno,
+                       "winRead", pFile->zPath);
+  }
+  winLogIoerr(nRetry, __LINE__);
+  if( nRead<(DWORD)amt ){
+    /* Unread parts of the buffer must be zero-filled */
+    memset(&((char*)pBuf)[nRead], 0, amt-nRead);
+    OSTRACE(("READ pid=%lu, pFile=%p, file=%p, rc=SQLITE_IOERR_SHORT_READ\n",
+             osGetCurrentProcessId(), pFile, pFile->h));
+    return SQLITE_IOERR_SHORT_READ;
+  }
+
+  OSTRACE(("READ pid=%lu, pFile=%p, file=%p, rc=SQLITE_OK\n",
+           osGetCurrentProcessId(), pFile, pFile->h));
+  return SQLITE_OK;
+}
+
+/*
+** Write data from a buffer into a file.  Return SQLITE_OK on success
+** or some other error code on failure.
+*/
+static int winWrite(
+  sqlite3_file *id,               /* File to write into */
+  const void *pBuf,               /* The bytes to be written */
+  int amt,                        /* Number of bytes to write */
+  sqlite3_int64 offset            /* Offset into the file to begin writing at */
+){
+  int rc = 0;                     /* True if error has occurred, else false */
+  winFile *pFile = (winFile*)id;  /* File handle */
+  int nRetry = 0;                 /* Number of retries */
+
+  assert( amt>0 );
+  assert( pFile );
+  SimulateIOError(return SQLITE_IOERR_WRITE);
+  SimulateDiskfullError(return SQLITE_FULL);
+
+  OSTRACE(("WRITE pid=%lu, pFile=%p, file=%p, buffer=%p, amount=%d, "
+           "offset=%lld, lock=%d\n", osGetCurrentProcessId(), pFile,
+           pFile->h, pBuf, amt, offset, pFile->locktype));
+
+#if defined(SQLITE_MMAP_READWRITE) && SQLITE_MAX_MMAP_SIZE>0
+  /* Deal with as much of this write request as possible by transfering
+  ** data from the memory mapping using memcpy().  */
+  if( offset<pFile->mmapSize ){
+    if( offset+amt <= pFile->mmapSize ){
+      memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, amt);
+      OSTRACE(("WRITE-MMAP pid=%lu, pFile=%p, file=%p, rc=SQLITE_OK\n",
+               osGetCurrentProcessId(), pFile, pFile->h));
+      return SQLITE_OK;
+    }else{
+      int nCopy = (int)(pFile->mmapSize - offset);
+      memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, nCopy);
+      pBuf = &((u8 *)pBuf)[nCopy];
+      amt -= nCopy;
+      offset += nCopy;
+    }
+  }
+#endif
+
+#if SQLITE_OS_WINCE || defined(SQLITE_WIN32_NO_OVERLAPPED)
+  rc = winSeekFile(pFile, offset);
+  if( rc==0 ){
+#else
+  {
+#endif
+#if !SQLITE_OS_WINCE && !defined(SQLITE_WIN32_NO_OVERLAPPED)
+    OVERLAPPED overlapped;        /* The offset for WriteFile. */
+#endif
+    u8 *aRem = (u8 *)pBuf;        /* Data yet to be written */
+    int nRem = amt;               /* Number of bytes yet to be written */
+    DWORD nWrite;                 /* Bytes written by each WriteFile() call */
+    DWORD lastErrno = NO_ERROR;   /* Value returned by GetLastError() */
+
+#if !SQLITE_OS_WINCE && !defined(SQLITE_WIN32_NO_OVERLAPPED)
+    memset(&overlapped, 0, sizeof(OVERLAPPED));
+    overlapped.Offset = (LONG)(offset & 0xffffffff);
+    overlapped.OffsetHigh = (LONG)((offset>>32) & 0x7fffffff);
+#endif
+
+    while( nRem>0 ){
+#if SQLITE_OS_WINCE || defined(SQLITE_WIN32_NO_OVERLAPPED)
+      if( !osWriteFile(pFile->h, aRem, nRem, &nWrite, 0) ){
+#else
+      if( !osWriteFile(pFile->h, aRem, nRem, &nWrite, &overlapped) ){
+#endif
+        if( winRetryIoerr(&nRetry, &lastErrno) ) continue;
+        break;
+      }
+      assert( nWrite==0 || nWrite<=(DWORD)nRem );
+      if( nWrite==0 || nWrite>(DWORD)nRem ){
+        lastErrno = osGetLastError();
+        break;
+      }
+#if !SQLITE_OS_WINCE && !defined(SQLITE_WIN32_NO_OVERLAPPED)
+      offset += nWrite;
+      overlapped.Offset = (LONG)(offset & 0xffffffff);
+      overlapped.OffsetHigh = (LONG)((offset>>32) & 0x7fffffff);
+#endif
+      aRem += nWrite;
+      nRem -= nWrite;
+    }
+    if( nRem>0 ){
+      pFile->lastErrno = lastErrno;
+      rc = 1;
+    }
+  }
+
+  if( rc ){
+    if(   ( pFile->lastErrno==ERROR_HANDLE_DISK_FULL )
+       || ( pFile->lastErrno==ERROR_DISK_FULL )){
+      OSTRACE(("WRITE pid=%lu, pFile=%p, file=%p, rc=SQLITE_FULL\n",
+               osGetCurrentProcessId(), pFile, pFile->h));
+      return winLogError(SQLITE_FULL, pFile->lastErrno,
+                         "winWrite1", pFile->zPath);
+    }
+    OSTRACE(("WRITE pid=%lu, pFile=%p, file=%p, rc=SQLITE_IOERR_WRITE\n",
+             osGetCurrentProcessId(), pFile, pFile->h));
+    return winLogError(SQLITE_IOERR_WRITE, pFile->lastErrno,
+                       "winWrite2", pFile->zPath);
+  }else{
+    winLogIoerr(nRetry, __LINE__);
+  }
+  OSTRACE(("WRITE pid=%lu, pFile=%p, file=%p, rc=SQLITE_OK\n",
+           osGetCurrentProcessId(), pFile, pFile->h));
+  return SQLITE_OK;
+}
+
+/*
+** Truncate an open file to a specified size
+*/
+static int winTruncate(sqlite3_file *id, sqlite3_int64 nByte){
+  winFile *pFile = (winFile*)id;  /* File handle object */
+  int rc = SQLITE_OK;             /* Return code for this function */
+  DWORD lastErrno;
+
+  assert( pFile );
+  SimulateIOError(return SQLITE_IOERR_TRUNCATE);
+  OSTRACE(("TRUNCATE pid=%lu, pFile=%p, file=%p, size=%lld, lock=%d\n",
+           osGetCurrentProcessId(), pFile, pFile->h, nByte, pFile->locktype));
+
+  /* If the user has configured a chunk-size for this file, truncate the
+  ** file so that it consists of an integer number of chunks (i.e. the
+  ** actual file size after the operation may be larger than the requested
+  ** size).
+  */
+  if( pFile->szChunk>0 ){
+    nByte = ((nByte + pFile->szChunk - 1)/pFile->szChunk) * pFile->szChunk;
+  }
+
+  /* SetEndOfFile() returns non-zero when successful, or zero when it fails. */
+  if( winSeekFile(pFile, nByte) ){
+    rc = winLogError(SQLITE_IOERR_TRUNCATE, pFile->lastErrno,
+                     "winTruncate1", pFile->zPath);
+  }else if( 0==osSetEndOfFile(pFile->h) &&
+            ((lastErrno = osGetLastError())!=ERROR_USER_MAPPED_FILE) ){
+    pFile->lastErrno = lastErrno;
+    rc = winLogError(SQLITE_IOERR_TRUNCATE, pFile->lastErrno,
+                     "winTruncate2", pFile->zPath);
+  }
+
+#if SQLITE_MAX_MMAP_SIZE>0
+  /* If the file was truncated to a size smaller than the currently
+  ** mapped region, reduce the effective mapping size as well. SQLite will
+  ** use read() and write() to access data beyond this point from now on.
+  */
+  if( pFile->pMapRegion && nByte<pFile->mmapSize ){
+    pFile->mmapSize = nByte;
+  }
+#endif
+
+  OSTRACE(("TRUNCATE pid=%lu, pFile=%p, file=%p, rc=%s\n",
+           osGetCurrentProcessId(), pFile, pFile->h, sqlite3ErrName(rc)));
+  return rc;
+}
+
+#ifdef SQLITE_TEST
+/*
+** Count the number of fullsyncs and normal syncs.  This is used to test
+** that syncs and fullsyncs are occuring at the right times.
+*/
+SQLITE_API int sqlite3_sync_count = 0;
+SQLITE_API int sqlite3_fullsync_count = 0;
+#endif
+
+/*
+** Make sure all writes to a particular file are committed to disk.
+*/
+static int winSync(sqlite3_file *id, int flags){
+#ifndef SQLITE_NO_SYNC
+  /*
+  ** Used only when SQLITE_NO_SYNC is not defined.
+   */
+  BOOL rc;
+#endif
+#if !defined(NDEBUG) || !defined(SQLITE_NO_SYNC) || \
+    defined(SQLITE_HAVE_OS_TRACE)
+  /*
+  ** Used when SQLITE_NO_SYNC is not defined and by the assert() and/or
+  ** OSTRACE() macros.
+   */
+  winFile *pFile = (winFile*)id;
+#else
+  UNUSED_PARAMETER(id);
+#endif
+
+  assert( pFile );
+  /* Check that one of SQLITE_SYNC_NORMAL or FULL was passed */
+  assert((flags&0x0F)==SQLITE_SYNC_NORMAL
+      || (flags&0x0F)==SQLITE_SYNC_FULL
+  );
+
+  /* Unix cannot, but some systems may return SQLITE_FULL from here. This
+  ** line is to test that doing so does not cause any problems.
+  */
+  SimulateDiskfullError( return SQLITE_FULL );
+
+  OSTRACE(("SYNC pid=%lu, pFile=%p, file=%p, flags=%x, lock=%d\n",
+           osGetCurrentProcessId(), pFile, pFile->h, flags,
+           pFile->locktype));
+
+#ifndef SQLITE_TEST
+  UNUSED_PARAMETER(flags);
+#else
+  if( (flags&0x0F)==SQLITE_SYNC_FULL ){
+    sqlite3_fullsync_count++;
+  }
+  sqlite3_sync_count++;
+#endif
+
+  /* If we compiled with the SQLITE_NO_SYNC flag, then syncing is a
+  ** no-op
+  */
+#ifdef SQLITE_NO_SYNC
+  OSTRACE(("SYNC-NOP pid=%lu, pFile=%p, file=%p, rc=SQLITE_OK\n",
+           osGetCurrentProcessId(), pFile, pFile->h));
+  return SQLITE_OK;
+#else
+#if SQLITE_MAX_MMAP_SIZE>0
+  if( pFile->pMapRegion ){
+    if( osFlushViewOfFile(pFile->pMapRegion, 0) ){
+      OSTRACE(("SYNC-MMAP pid=%lu, pFile=%p, pMapRegion=%p, "
+               "rc=SQLITE_OK\n", osGetCurrentProcessId(),
+               pFile, pFile->pMapRegion));
+    }else{
+      pFile->lastErrno = osGetLastError();
+      OSTRACE(("SYNC-MMAP pid=%lu, pFile=%p, pMapRegion=%p, "
+               "rc=SQLITE_IOERR_MMAP\n", osGetCurrentProcessId(),
+               pFile, pFile->pMapRegion));
+      return winLogError(SQLITE_IOERR_MMAP, pFile->lastErrno,
+                         "winSync1", pFile->zPath);
+    }
+  }
+#endif
+  rc = osFlushFileBuffers(pFile->h);
+  SimulateIOError( rc=FALSE );
+  if( rc ){
+    OSTRACE(("SYNC pid=%lu, pFile=%p, file=%p, rc=SQLITE_OK\n",
+             osGetCurrentProcessId(), pFile, pFile->h));
+    return SQLITE_OK;
+  }else{
+    pFile->lastErrno = osGetLastError();
+    OSTRACE(("SYNC pid=%lu, pFile=%p, file=%p, rc=SQLITE_IOERR_FSYNC\n",
+             osGetCurrentProcessId(), pFile, pFile->h));
+    return winLogError(SQLITE_IOERR_FSYNC, pFile->lastErrno,
+                       "winSync2", pFile->zPath);
+  }
+#endif
+}
+
+/*
+** Determine the current size of a file in bytes
+*/
+static int winFileSize(sqlite3_file *id, sqlite3_int64 *pSize){
+  winFile *pFile = (winFile*)id;
+  int rc = SQLITE_OK;
+
+  assert( id!=0 );
+  assert( pSize!=0 );
+  SimulateIOError(return SQLITE_IOERR_FSTAT);
+  OSTRACE(("SIZE file=%p, pSize=%p\n", pFile->h, pSize));
+
+#if SQLITE_OS_WINRT
+  {
+    FILE_STANDARD_INFO info;
+    if( osGetFileInformationByHandleEx(pFile->h, FileStandardInfo,
+                                     &info, sizeof(info)) ){
+      *pSize = info.EndOfFile.QuadPart;
+    }else{
+      pFile->lastErrno = osGetLastError();
+      rc = winLogError(SQLITE_IOERR_FSTAT, pFile->lastErrno,
+                       "winFileSize", pFile->zPath);
+    }
+  }
+#else
+  {
+    DWORD upperBits;
+    DWORD lowerBits;
+    DWORD lastErrno;
+
+    lowerBits = osGetFileSize(pFile->h, &upperBits);
+    *pSize = (((sqlite3_int64)upperBits)<<32) + lowerBits;
+    if(   (lowerBits == INVALID_FILE_SIZE)
+       && ((lastErrno = osGetLastError())!=NO_ERROR) ){
+      pFile->lastErrno = lastErrno;
+      rc = winLogError(SQLITE_IOERR_FSTAT, pFile->lastErrno,
+                       "winFileSize", pFile->zPath);
+    }
+  }
+#endif
+  OSTRACE(("SIZE file=%p, pSize=%p, *pSize=%lld, rc=%s\n",
+           pFile->h, pSize, *pSize, sqlite3ErrName(rc)));
+  return rc;
+}
+
+/*
+** LOCKFILE_FAIL_IMMEDIATELY is undefined on some Windows systems.
+*/
+#ifndef LOCKFILE_FAIL_IMMEDIATELY
+# define LOCKFILE_FAIL_IMMEDIATELY 1
+#endif
+
+#ifndef LOCKFILE_EXCLUSIVE_LOCK
+# define LOCKFILE_EXCLUSIVE_LOCK 2
+#endif
+
+/*
+** Historically, SQLite has used both the LockFile and LockFileEx functions.
+** When the LockFile function was used, it was always expected to fail
+** immediately if the lock could not be obtained.  Also, it always expected to
+** obtain an exclusive lock.  These flags are used with the LockFileEx function
+** and reflect those expectations; therefore, they should not be changed.
+*/
+#ifndef SQLITE_LOCKFILE_FLAGS
+# define SQLITE_LOCKFILE_FLAGS   (LOCKFILE_FAIL_IMMEDIATELY | \
+                                  LOCKFILE_EXCLUSIVE_LOCK)
+#endif
+
+/*
+** Currently, SQLite never calls the LockFileEx function without wanting the
+** call to fail immediately if the lock cannot be obtained.
+*/
+#ifndef SQLITE_LOCKFILEEX_FLAGS
+# define SQLITE_LOCKFILEEX_FLAGS (LOCKFILE_FAIL_IMMEDIATELY)
+#endif
+
+/*
+** Acquire a reader lock.
+** Different API routines are called depending on whether or not this
+** is Win9x or WinNT.
+*/
+static int winGetReadLock(winFile *pFile){
+  int res;
+  OSTRACE(("READ-LOCK file=%p, lock=%d\n", pFile->h, pFile->locktype));
+  if( osIsNT() ){
+#if SQLITE_OS_WINCE
+    /*
+    ** NOTE: Windows CE is handled differently here due its lack of the Win32
+    **       API LockFileEx.
+    */
+    res = winceLockFile(&pFile->h, SHARED_FIRST, 0, 1, 0);
+#else
+    res = winLockFile(&pFile->h, SQLITE_LOCKFILEEX_FLAGS, SHARED_FIRST, 0,
+                      SHARED_SIZE, 0);
+#endif
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    int lk;
+    sqlite3_randomness(sizeof(lk), &lk);
+    pFile->sharedLockByte = (short)((lk & 0x7fffffff)%(SHARED_SIZE - 1));
+    res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS,
+                      SHARED_FIRST+pFile->sharedLockByte, 0, 1, 0);
+  }
+#endif
+  if( res == 0 ){
+    pFile->lastErrno = osGetLastError();
+    /* No need to log a failure to lock */
+  }
+  OSTRACE(("READ-LOCK file=%p, result=%d\n", pFile->h, res));
+  return res;
+}
+
+/*
+** Undo a readlock
+*/
+static int winUnlockReadLock(winFile *pFile){
+  int res;
+  DWORD lastErrno;
+  OSTRACE(("READ-UNLOCK file=%p, lock=%d\n", pFile->h, pFile->locktype));
+  if( osIsNT() ){
+    res = winUnlockFile(&pFile->h, SHARED_FIRST, 0, SHARED_SIZE, 0);
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    res = winUnlockFile(&pFile->h, SHARED_FIRST+pFile->sharedLockByte, 0, 1, 0);
+  }
+#endif
+  if( res==0 && ((lastErrno = osGetLastError())!=ERROR_NOT_LOCKED) ){
+    pFile->lastErrno = lastErrno;
+    winLogError(SQLITE_IOERR_UNLOCK, pFile->lastErrno,
+                "winUnlockReadLock", pFile->zPath);
+  }
+  OSTRACE(("READ-UNLOCK file=%p, result=%d\n", pFile->h, res));
+  return res;
+}
+
+/*
+** Lock the file with the lock specified by parameter locktype - one
+** of the following:
+**
+**     (1) SHARED_LOCK
+**     (2) RESERVED_LOCK
+**     (3) PENDING_LOCK
+**     (4) EXCLUSIVE_LOCK
+**
+** Sometimes when requesting one lock state, additional lock states
+** are inserted in between.  The locking might fail on one of the later
+** transitions leaving the lock state different from what it started but
+** still short of its goal.  The following chart shows the allowed
+** transitions and the inserted intermediate states:
+**
+**    UNLOCKED -> SHARED
+**    SHARED -> RESERVED
+**    SHARED -> (PENDING) -> EXCLUSIVE
+**    RESERVED -> (PENDING) -> EXCLUSIVE
+**    PENDING -> EXCLUSIVE
+**
+** This routine will only increase a lock.  The winUnlock() routine
+** erases all locks at once and returns us immediately to locking level 0.
+** It is not possible to lower the locking level one step at a time.  You
+** must go straight to locking level 0.
+*/
+static int winLock(sqlite3_file *id, int locktype){
+  int rc = SQLITE_OK;    /* Return code from subroutines */
+  int res = 1;           /* Result of a Windows lock call */
+  int newLocktype;       /* Set pFile->locktype to this value before exiting */
+  int gotPendingLock = 0;/* True if we acquired a PENDING lock this time */
+  winFile *pFile = (winFile*)id;
+  DWORD lastErrno = NO_ERROR;
+
+  assert( id!=0 );
+  OSTRACE(("LOCK file=%p, oldLock=%d(%d), newLock=%d\n",
+           pFile->h, pFile->locktype, pFile->sharedLockByte, locktype));
+
+  /* If there is already a lock of this type or more restrictive on the
+  ** OsFile, do nothing. Don't use the end_lock: exit path, as
+  ** sqlite3OsEnterMutex() hasn't been called yet.
+  */
+  if( pFile->locktype>=locktype ){
+    OSTRACE(("LOCK-HELD file=%p, rc=SQLITE_OK\n", pFile->h));
+    return SQLITE_OK;
+  }
+
+  /* Do not allow any kind of write-lock on a read-only database
+  */
+  if( (pFile->ctrlFlags & WINFILE_RDONLY)!=0 && locktype>=RESERVED_LOCK ){
+    return SQLITE_IOERR_LOCK;
+  }
+
+  /* Make sure the locking sequence is correct
+  */
+  assert( pFile->locktype!=NO_LOCK || locktype==SHARED_LOCK );
+  assert( locktype!=PENDING_LOCK );
+  assert( locktype!=RESERVED_LOCK || pFile->locktype==SHARED_LOCK );
+
+  /* Lock the PENDING_LOCK byte if we need to acquire a PENDING lock or
+  ** a SHARED lock.  If we are acquiring a SHARED lock, the acquisition of
+  ** the PENDING_LOCK byte is temporary.
+  */
+  newLocktype = pFile->locktype;
+  if(   (pFile->locktype==NO_LOCK)
+     || (   (locktype==EXCLUSIVE_LOCK)
+         && (pFile->locktype==RESERVED_LOCK))
+  ){
+    int cnt = 3;
+    while( cnt-->0 && (res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS,
+                                         PENDING_BYTE, 0, 1, 0))==0 ){
+      /* Try 3 times to get the pending lock.  This is needed to work
+      ** around problems caused by indexing and/or anti-virus software on
+      ** Windows systems.
+      ** If you are using this code as a model for alternative VFSes, do not
+      ** copy this retry logic.  It is a hack intended for Windows only.
+      */
+      lastErrno = osGetLastError();
+      OSTRACE(("LOCK-PENDING-FAIL file=%p, count=%d, result=%d\n",
+               pFile->h, cnt, res));
+      if( lastErrno==ERROR_INVALID_HANDLE ){
+        pFile->lastErrno = lastErrno;
+        rc = SQLITE_IOERR_LOCK;
+        OSTRACE(("LOCK-FAIL file=%p, count=%d, rc=%s\n",
+                 pFile->h, cnt, sqlite3ErrName(rc)));
+        return rc;
+      }
+      if( cnt ) sqlite3_win32_sleep(1);
+    }
+    gotPendingLock = res;
+    if( !res ){
+      lastErrno = osGetLastError();
+    }
+  }
+
+  /* Acquire a shared lock
+  */
+  if( locktype==SHARED_LOCK && res ){
+    assert( pFile->locktype==NO_LOCK );
+    res = winGetReadLock(pFile);
+    if( res ){
+      newLocktype = SHARED_LOCK;
+    }else{
+      lastErrno = osGetLastError();
+    }
+  }
+
+  /* Acquire a RESERVED lock
+  */
+  if( locktype==RESERVED_LOCK && res ){
+    assert( pFile->locktype==SHARED_LOCK );
+    res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS, RESERVED_BYTE, 0, 1, 0);
+    if( res ){
+      newLocktype = RESERVED_LOCK;
+    }else{
+      lastErrno = osGetLastError();
+    }
+  }
+
+  /* Acquire a PENDING lock
+  */
+  if( locktype==EXCLUSIVE_LOCK && res ){
+    newLocktype = PENDING_LOCK;
+    gotPendingLock = 0;
+  }
+
+  /* Acquire an EXCLUSIVE lock
+  */
+  if( locktype==EXCLUSIVE_LOCK && res ){
+    assert( pFile->locktype>=SHARED_LOCK );
+    res = winUnlockReadLock(pFile);
+    res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS, SHARED_FIRST, 0,
+                      SHARED_SIZE, 0);
+    if( res ){
+      newLocktype = EXCLUSIVE_LOCK;
+    }else{
+      lastErrno = osGetLastError();
+      winGetReadLock(pFile);
+    }
+  }
+
+  /* If we are holding a PENDING lock that ought to be released, then
+  ** release it now.
+  */
+  if( gotPendingLock && locktype==SHARED_LOCK ){
+    winUnlockFile(&pFile->h, PENDING_BYTE, 0, 1, 0);
+  }
+
+  /* Update the state of the lock has held in the file descriptor then
+  ** return the appropriate result code.
+  */
+  if( res ){
+    rc = SQLITE_OK;
+  }else{
+    pFile->lastErrno = lastErrno;
+    rc = SQLITE_BUSY;
+    OSTRACE(("LOCK-FAIL file=%p, wanted=%d, got=%d\n",
+             pFile->h, locktype, newLocktype));
+  }
+  pFile->locktype = (u8)newLocktype;
+  OSTRACE(("LOCK file=%p, lock=%d, rc=%s\n",
+           pFile->h, pFile->locktype, sqlite3ErrName(rc)));
+  return rc;
+}
+
+/*
+** This routine checks if there is a RESERVED lock held on the specified
+** file by this or any other process. If such a lock is held, return
+** non-zero, otherwise zero.
+*/
+static int winCheckReservedLock(sqlite3_file *id, int *pResOut){
+  int res;
+  winFile *pFile = (winFile*)id;
+
+  SimulateIOError( return SQLITE_IOERR_CHECKRESERVEDLOCK; );
+  OSTRACE(("TEST-WR-LOCK file=%p, pResOut=%p\n", pFile->h, pResOut));
+
+  assert( id!=0 );
+  if( pFile->locktype>=RESERVED_LOCK ){
+    res = 1;
+    OSTRACE(("TEST-WR-LOCK file=%p, result=%d (local)\n", pFile->h, res));
+  }else{
+    res = winLockFile(&pFile->h, SQLITE_LOCKFILEEX_FLAGS,RESERVED_BYTE,0,1,0);
+    if( res ){
+      winUnlockFile(&pFile->h, RESERVED_BYTE, 0, 1, 0);
+    }
+    res = !res;
+    OSTRACE(("TEST-WR-LOCK file=%p, result=%d (remote)\n", pFile->h, res));
+  }
+  *pResOut = res;
+  OSTRACE(("TEST-WR-LOCK file=%p, pResOut=%p, *pResOut=%d, rc=SQLITE_OK\n",
+           pFile->h, pResOut, *pResOut));
+  return SQLITE_OK;
+}
+
+/*
+** Lower the locking level on file descriptor id to locktype.  locktype
+** must be either NO_LOCK or SHARED_LOCK.
+**
+** If the locking level of the file descriptor is already at or below
+** the requested locking level, this routine is a no-op.
+**
+** It is not possible for this routine to fail if the second argument
+** is NO_LOCK.  If the second argument is SHARED_LOCK then this routine
+** might return SQLITE_IOERR;
+*/
+static int winUnlock(sqlite3_file *id, int locktype){
+  int type;
+  winFile *pFile = (winFile*)id;
+  int rc = SQLITE_OK;
+  assert( pFile!=0 );
+  assert( locktype<=SHARED_LOCK );
+  OSTRACE(("UNLOCK file=%p, oldLock=%d(%d), newLock=%d\n",
+           pFile->h, pFile->locktype, pFile->sharedLockByte, locktype));
+  type = pFile->locktype;
+  if( type>=EXCLUSIVE_LOCK ){
+    winUnlockFile(&pFile->h, SHARED_FIRST, 0, SHARED_SIZE, 0);
+    if( locktype==SHARED_LOCK && !winGetReadLock(pFile) ){
+      /* This should never happen.  We should always be able to
+      ** reacquire the read lock */
+      rc = winLogError(SQLITE_IOERR_UNLOCK, osGetLastError(),
+                       "winUnlock", pFile->zPath);
+    }
+  }
+  if( type>=RESERVED_LOCK ){
+    winUnlockFile(&pFile->h, RESERVED_BYTE, 0, 1, 0);
+  }
+  if( locktype==NO_LOCK && type>=SHARED_LOCK ){
+    winUnlockReadLock(pFile);
+  }
+  if( type>=PENDING_LOCK ){
+    winUnlockFile(&pFile->h, PENDING_BYTE, 0, 1, 0);
+  }
+  pFile->locktype = (u8)locktype;
+  OSTRACE(("UNLOCK file=%p, lock=%d, rc=%s\n",
+           pFile->h, pFile->locktype, sqlite3ErrName(rc)));
+  return rc;
+}
+
+/*
+** If *pArg is initially negative then this is a query.  Set *pArg to
+** 1 or 0 depending on whether or not bit mask of pFile->ctrlFlags is set.
+**
+** If *pArg is 0 or 1, then clear or set the mask bit of pFile->ctrlFlags.
+*/
+static void winModeBit(winFile *pFile, unsigned char mask, int *pArg){
+  if( *pArg<0 ){
+    *pArg = (pFile->ctrlFlags & mask)!=0;
+  }else if( (*pArg)==0 ){
+    pFile->ctrlFlags &= ~mask;
+  }else{
+    pFile->ctrlFlags |= mask;
+  }
+}
+
+/* Forward references to VFS helper methods used for temporary files */
+static int winGetTempname(sqlite3_vfs *, char **);
+static int winIsDir(const void *);
+static BOOL winIsDriveLetterAndColon(const char *);
+
+/*
+** Control and query of the open file handle.
+*/
+static int winFileControl(sqlite3_file *id, int op, void *pArg){
+  winFile *pFile = (winFile*)id;
+  OSTRACE(("FCNTL file=%p, op=%d, pArg=%p\n", pFile->h, op, pArg));
+  switch( op ){
+    case SQLITE_FCNTL_LOCKSTATE: {
+      *(int*)pArg = pFile->locktype;
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+    case SQLITE_LAST_ERRNO: {
+      *(int*)pArg = (int)pFile->lastErrno;
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_CHUNK_SIZE: {
+      pFile->szChunk = *(int *)pArg;
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_SIZE_HINT: {
+      if( pFile->szChunk>0 ){
+        sqlite3_int64 oldSz;
+        int rc = winFileSize(id, &oldSz);
+        if( rc==SQLITE_OK ){
+          sqlite3_int64 newSz = *(sqlite3_int64*)pArg;
+          if( newSz>oldSz ){
+            SimulateIOErrorBenign(1);
+            rc = winTruncate(id, newSz);
+            SimulateIOErrorBenign(0);
+          }
+        }
+        OSTRACE(("FCNTL file=%p, rc=%s\n", pFile->h, sqlite3ErrName(rc)));
+        return rc;
+      }
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_PERSIST_WAL: {
+      winModeBit(pFile, WINFILE_PERSIST_WAL, (int*)pArg);
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_POWERSAFE_OVERWRITE: {
+      winModeBit(pFile, WINFILE_PSOW, (int*)pArg);
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_VFSNAME: {
+      *(char**)pArg = sqlite3_mprintf("%s", pFile->pVfs->zName);
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+    case SQLITE_FCNTL_WIN32_AV_RETRY: {
+      int *a = (int*)pArg;
+      if( a[0]>0 ){
+        winIoerrRetry = a[0];
+      }else{
+        a[0] = winIoerrRetry;
+      }
+      if( a[1]>0 ){
+        winIoerrRetryDelay = a[1];
+      }else{
+        a[1] = winIoerrRetryDelay;
+      }
+      OSTRACE(("FCNTL file=%p, rc=SQLITE_OK\n", pFile->h));
+      return SQLITE_OK;
+    }
+#ifdef SQLITE_TEST
+    case SQLITE_FCNTL_WIN32_SET_HANDLE: {
+      LPHANDLE phFile = (LPHANDLE)pArg;
+      HANDLE hOldFile = pFile->h;
+      pFile->h = *phFile;
+      *phFile = hOldFile;
+      OSTRACE(("FCNTL oldFile=%p, newFile=%p, rc=SQLITE_OK\n",
+               hOldFile, pFile->h));
+      return SQLITE_OK;
+    }
+#endif
+    case SQLITE_FCNTL_TEMPFILENAME: {
+      char *zTFile = 0;
+      int rc = winGetTempname(pFile->pVfs, &zTFile);
+      if( rc==SQLITE_OK ){
+        *(char**)pArg = zTFile;
+      }
+      OSTRACE(("FCNTL file=%p, rc=%s\n", pFile->h, sqlite3ErrName(rc)));
+      return rc;
+    }
+#if SQLITE_MAX_MMAP_SIZE>0
+    case SQLITE_FCNTL_MMAP_SIZE: {
+      i64 newLimit = *(i64*)pArg;
+      int rc = SQLITE_OK;
+      if( newLimit>sqlite3GlobalConfig.mxMmap ){
+        newLimit = sqlite3GlobalConfig.mxMmap;
+      }
+      *(i64*)pArg = pFile->mmapSizeMax;
+      if( newLimit>=0 && newLimit!=pFile->mmapSizeMax && pFile->nFetchOut==0 ){
+        pFile->mmapSizeMax = newLimit;
+        if( pFile->mmapSize>0 ){
+          winUnmapfile(pFile);
+          rc = winMapfile(pFile, -1);
+        }
+      }
+      OSTRACE(("FCNTL file=%p, rc=%s\n", pFile->h, sqlite3ErrName(rc)));
+      return rc;
+    }
+#endif
+  }
+  OSTRACE(("FCNTL file=%p, rc=SQLITE_NOTFOUND\n", pFile->h));
+  return SQLITE_NOTFOUND;
+}
+
+/*
+** Return the sector size in bytes of the underlying block device for
+** the specified file. This is almost always 512 bytes, but may be
+** larger for some devices.
+**
+** SQLite code assumes this function cannot fail. It also assumes that
+** if two files are created in the same file-system directory (i.e.
+** a database and its journal file) that the sector size will be the
+** same for both.
+*/
+static int winSectorSize(sqlite3_file *id){
+  (void)id;
+  return SQLITE_DEFAULT_SECTOR_SIZE;
+}
+
+/*
+** Return a vector of device characteristics.
+*/
+static int winDeviceCharacteristics(sqlite3_file *id){
+  winFile *p = (winFile*)id;
+  return SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN |
+         ((p->ctrlFlags & WINFILE_PSOW)?SQLITE_IOCAP_POWERSAFE_OVERWRITE:0);
+}
+
+/*
+** Windows will only let you create file view mappings
+** on allocation size granularity boundaries.
+** During sqlite3_os_init() we do a GetSystemInfo()
+** to get the granularity size.
+*/
+static SYSTEM_INFO winSysInfo;
+
+#ifndef SQLITE_OMIT_WAL
+
+/*
+** Helper functions to obtain and relinquish the global mutex. The
+** global mutex is used to protect the winLockInfo objects used by
+** this file, all of which may be shared by multiple threads.
+**
+** Function winShmMutexHeld() is used to assert() that the global mutex
+** is held when required. This function is only used as part of assert()
+** statements. e.g.
+**
+**   winShmEnterMutex()
+**     assert( winShmMutexHeld() );
+**   winShmLeaveMutex()
+*/
+static void winShmEnterMutex(void){
+  sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_VFS1));
+}
+static void winShmLeaveMutex(void){
+  sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_VFS1));
+}
+#ifndef NDEBUG
+static int winShmMutexHeld(void) {
+  return sqlite3_mutex_held(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_VFS1));
+}
+#endif
+
+/*
+** Object used to represent a single file opened and mmapped to provide
+** shared memory.  When multiple threads all reference the same
+** log-summary, each thread has its own winFile object, but they all
+** point to a single instance of this object.  In other words, each
+** log-summary is opened only once per process.
+**
+** winShmMutexHeld() must be true when creating or destroying
+** this object or while reading or writing the following fields:
+**
+**      nRef
+**      pNext
+**
+** The following fields are read-only after the object is created:
+**
+**      fid
+**      zFilename
+**
+** Either winShmNode.mutex must be held or winShmNode.nRef==0 and
+** winShmMutexHeld() is true when reading or writing any other field
+** in this structure.
+**
+*/
+struct winShmNode {
+  sqlite3_mutex *mutex;      /* Mutex to access this object */
+  char *zFilename;           /* Name of the file */
+  winFile hFile;             /* File handle from winOpen */
+
+  int szRegion;              /* Size of shared-memory regions */
+  int nRegion;               /* Size of array apRegion */
+  struct ShmRegion {
+    HANDLE hMap;             /* File handle from CreateFileMapping */
+    void *pMap;
+  } *aRegion;
+  DWORD lastErrno;           /* The Windows errno from the last I/O error */
+
+  int nRef;                  /* Number of winShm objects pointing to this */
+  winShm *pFirst;            /* All winShm objects pointing to this */
+  winShmNode *pNext;         /* Next in list of all winShmNode objects */
+#if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
+  u8 nextShmId;              /* Next available winShm.id value */
+#endif
+};
+
+/*
+** A global array of all winShmNode objects.
+**
+** The winShmMutexHeld() must be true while reading or writing this list.
+*/
+static winShmNode *winShmNodeList = 0;
+
+/*
+** Structure used internally by this VFS to record the state of an
+** open shared memory connection.
+**
+** The following fields are initialized when this object is created and
+** are read-only thereafter:
+**
+**    winShm.pShmNode
+**    winShm.id
+**
+** All other fields are read/write.  The winShm.pShmNode->mutex must be held
+** while accessing any read/write fields.
+*/
+struct winShm {
+  winShmNode *pShmNode;      /* The underlying winShmNode object */
+  winShm *pNext;             /* Next winShm with the same winShmNode */
+  u8 hasMutex;               /* True if holding the winShmNode mutex */
+  u16 sharedMask;            /* Mask of shared locks held */
+  u16 exclMask;              /* Mask of exclusive locks held */
+#if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
+  u8 id;                     /* Id of this connection with its winShmNode */
+#endif
+};
+
+/*
+** Constants used for locking
+*/
+#define WIN_SHM_BASE   ((22+SQLITE_SHM_NLOCK)*4)        /* first lock byte */
+#define WIN_SHM_DMS    (WIN_SHM_BASE+SQLITE_SHM_NLOCK)  /* deadman switch */
+
+/*
+** Apply advisory locks for all n bytes beginning at ofst.
+*/
+#define _SHM_UNLCK  1
+#define _SHM_RDLCK  2
+#define _SHM_WRLCK  3
+static int winShmSystemLock(
+  winShmNode *pFile,    /* Apply locks to this open shared-memory segment */
+  int lockType,         /* _SHM_UNLCK, _SHM_RDLCK, or _SHM_WRLCK */
+  int ofst,             /* Offset to first byte to be locked/unlocked */
+  int nByte             /* Number of bytes to lock or unlock */
+){
+  int rc = 0;           /* Result code form Lock/UnlockFileEx() */
+
+  /* Access to the winShmNode object is serialized by the caller */
+  assert( sqlite3_mutex_held(pFile->mutex) || pFile->nRef==0 );
+
+  OSTRACE(("SHM-LOCK file=%p, lock=%d, offset=%d, size=%d\n",
+           pFile->hFile.h, lockType, ofst, nByte));
+
+  /* Release/Acquire the system-level lock */
+  if( lockType==_SHM_UNLCK ){
+    rc = winUnlockFile(&pFile->hFile.h, ofst, 0, nByte, 0);
+  }else{
+    /* Initialize the locking parameters */
+    DWORD dwFlags = LOCKFILE_FAIL_IMMEDIATELY;
+    if( lockType == _SHM_WRLCK ) dwFlags |= LOCKFILE_EXCLUSIVE_LOCK;
+    rc = winLockFile(&pFile->hFile.h, dwFlags, ofst, 0, nByte, 0);
+  }
+
+  if( rc!= 0 ){
+    rc = SQLITE_OK;
+  }else{
+    pFile->lastErrno =  osGetLastError();
+    rc = SQLITE_BUSY;
+  }
+
+  OSTRACE(("SHM-LOCK file=%p, func=%s, errno=%lu, rc=%s\n",
+           pFile->hFile.h, (lockType == _SHM_UNLCK) ? "winUnlockFile" :
+           "winLockFile", pFile->lastErrno, sqlite3ErrName(rc)));
+
+  return rc;
+}
+
+/* Forward references to VFS methods */
+static int winOpen(sqlite3_vfs*,const char*,sqlite3_file*,int,int*);
+static int winDelete(sqlite3_vfs *,const char*,int);
+
+/*
+** Purge the winShmNodeList list of all entries with winShmNode.nRef==0.
+**
+** This is not a VFS shared-memory method; it is a utility function called
+** by VFS shared-memory methods.
+*/
+static void winShmPurge(sqlite3_vfs *pVfs, int deleteFlag){
+  winShmNode **pp;
+  winShmNode *p;
+  assert( winShmMutexHeld() );
+  OSTRACE(("SHM-PURGE pid=%lu, deleteFlag=%d\n",
+           osGetCurrentProcessId(), deleteFlag));
+  pp = &winShmNodeList;
+  while( (p = *pp)!=0 ){
+    if( p->nRef==0 ){
+      int i;
+      if( p->mutex ){ sqlite3_mutex_free(p->mutex); }
+      for(i=0; i<p->nRegion; i++){
+        BOOL bRc = osUnmapViewOfFile(p->aRegion[i].pMap);
+        OSTRACE(("SHM-PURGE-UNMAP pid=%lu, region=%d, rc=%s\n",
+                 osGetCurrentProcessId(), i, bRc ? "ok" : "failed"));
+        UNUSED_VARIABLE_VALUE(bRc);
+        bRc = osCloseHandle(p->aRegion[i].hMap);
+        OSTRACE(("SHM-PURGE-CLOSE pid=%lu, region=%d, rc=%s\n",
+                 osGetCurrentProcessId(), i, bRc ? "ok" : "failed"));
+        UNUSED_VARIABLE_VALUE(bRc);
+      }
+      if( p->hFile.h!=NULL && p->hFile.h!=INVALID_HANDLE_VALUE ){
+        SimulateIOErrorBenign(1);
+        winClose((sqlite3_file *)&p->hFile);
+        SimulateIOErrorBenign(0);
+      }
+      if( deleteFlag ){
+        SimulateIOErrorBenign(1);
+        sqlite3BeginBenignMalloc();
+        winDelete(pVfs, p->zFilename, 0);
+        sqlite3EndBenignMalloc();
+        SimulateIOErrorBenign(0);
+      }
+      *pp = p->pNext;
+      sqlite3_free(p->aRegion);
+      sqlite3_free(p);
+    }else{
+      pp = &p->pNext;
+    }
+  }
+}
+
+/*
+** Open the shared-memory area associated with database file pDbFd.
+**
+** When opening a new shared-memory file, if no other instances of that
+** file are currently open, in this process or in other processes, then
+** the file must be truncated to zero length or have its header cleared.
+*/
+static int winOpenSharedMemory(winFile *pDbFd){
+  struct winShm *p;                  /* The connection to be opened */
+  struct winShmNode *pShmNode = 0;   /* The underlying mmapped file */
+  int rc;                            /* Result code */
+  struct winShmNode *pNew;           /* Newly allocated winShmNode */
+  int nName;                         /* Size of zName in bytes */
+
+  assert( pDbFd->pShm==0 );    /* Not previously opened */
+
+  /* Allocate space for the new sqlite3_shm object.  Also speculatively
+  ** allocate space for a new winShmNode and filename.
+  */
+  p = sqlite3MallocZero( sizeof(*p) );
+  if( p==0 ) return SQLITE_IOERR_NOMEM;
+  nName = sqlite3Strlen30(pDbFd->zPath);
+  pNew = sqlite3MallocZero( sizeof(*pShmNode) + nName + 17 );
+  if( pNew==0 ){
+    sqlite3_free(p);
+    return SQLITE_IOERR_NOMEM;
+  }
+  pNew->zFilename = (char*)&pNew[1];
+  sqlite3_snprintf(nName+15, pNew->zFilename, "%s-shm", pDbFd->zPath);
+  sqlite3FileSuffix3(pDbFd->zPath, pNew->zFilename);
+
+  /* Look to see if there is an existing winShmNode that can be used.
+  ** If no matching winShmNode currently exists, create a new one.
+  */
+  winShmEnterMutex();
+  for(pShmNode = winShmNodeList; pShmNode; pShmNode=pShmNode->pNext){
+    /* TBD need to come up with better match here.  Perhaps
+    ** use FILE_ID_BOTH_DIR_INFO Structure.
+    */
+    if( sqlite3StrICmp(pShmNode->zFilename, pNew->zFilename)==0 ) break;
+  }
+  if( pShmNode ){
+    sqlite3_free(pNew);
+  }else{
+    pShmNode = pNew;
+    pNew = 0;
+    ((winFile*)(&pShmNode->hFile))->h = INVALID_HANDLE_VALUE;
+    pShmNode->pNext = winShmNodeList;
+    winShmNodeList = pShmNode;
+
+    pShmNode->mutex = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
+    if( pShmNode->mutex==0 ){
+      rc = SQLITE_IOERR_NOMEM;
+      goto shm_open_err;
+    }
+
+    rc = winOpen(pDbFd->pVfs,
+                 pShmNode->zFilename,             /* Name of the file (UTF-8) */
+                 (sqlite3_file*)&pShmNode->hFile,  /* File handle here */
+                 SQLITE_OPEN_WAL | SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE,
+                 0);
+    if( SQLITE_OK!=rc ){
+      goto shm_open_err;
+    }
+
+    /* Check to see if another process is holding the dead-man switch.
+    ** If not, truncate the file to zero length.
+    */
+    if( winShmSystemLock(pShmNode, _SHM_WRLCK, WIN_SHM_DMS, 1)==SQLITE_OK ){
+      rc = winTruncate((sqlite3_file *)&pShmNode->hFile, 0);
+      if( rc!=SQLITE_OK ){
+        rc = winLogError(SQLITE_IOERR_SHMOPEN, osGetLastError(),
+                         "winOpenShm", pDbFd->zPath);
+      }
+    }
+    if( rc==SQLITE_OK ){
+      winShmSystemLock(pShmNode, _SHM_UNLCK, WIN_SHM_DMS, 1);
+      rc = winShmSystemLock(pShmNode, _SHM_RDLCK, WIN_SHM_DMS, 1);
+    }
+    if( rc ) goto shm_open_err;
+  }
+
+  /* Make the new connection a child of the winShmNode */
+  p->pShmNode = pShmNode;
+#if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
+  p->id = pShmNode->nextShmId++;
+#endif
+  pShmNode->nRef++;
+  pDbFd->pShm = p;
+  winShmLeaveMutex();
+
+  /* The reference count on pShmNode has already been incremented under
+  ** the cover of the winShmEnterMutex() mutex and the pointer from the
+  ** new (struct winShm) object to the pShmNode has been set. All that is
+  ** left to do is to link the new object into the linked list starting
+  ** at pShmNode->pFirst. This must be done while holding the pShmNode->mutex
+  ** mutex.
+  */
+  sqlite3_mutex_enter(pShmNode->mutex);
+  p->pNext = pShmNode->pFirst;
+  pShmNode->pFirst = p;
+  sqlite3_mutex_leave(pShmNode->mutex);
+  return SQLITE_OK;
+
+  /* Jump here on any error */
+shm_open_err:
+  winShmSystemLock(pShmNode, _SHM_UNLCK, WIN_SHM_DMS, 1);
+  winShmPurge(pDbFd->pVfs, 0);      /* This call frees pShmNode if required */
+  sqlite3_free(p);
+  sqlite3_free(pNew);
+  winShmLeaveMutex();
+  return rc;
+}
+
+/*
+** Close a connection to shared-memory.  Delete the underlying
+** storage if deleteFlag is true.
+*/
+static int winShmUnmap(
+  sqlite3_file *fd,          /* Database holding shared memory */
+  int deleteFlag             /* Delete after closing if true */
+){
+  winFile *pDbFd;       /* Database holding shared-memory */
+  winShm *p;            /* The connection to be closed */
+  winShmNode *pShmNode; /* The underlying shared-memory file */
+  winShm **pp;          /* For looping over sibling connections */
+
+  pDbFd = (winFile*)fd;
+  p = pDbFd->pShm;
+  if( p==0 ) return SQLITE_OK;
+  pShmNode = p->pShmNode;
+
+  /* Remove connection p from the set of connections associated
+  ** with pShmNode */
+  sqlite3_mutex_enter(pShmNode->mutex);
+  for(pp=&pShmNode->pFirst; (*pp)!=p; pp = &(*pp)->pNext){}
+  *pp = p->pNext;
+
+  /* Free the connection p */
+  sqlite3_free(p);
+  pDbFd->pShm = 0;
+  sqlite3_mutex_leave(pShmNode->mutex);
+
+  /* If pShmNode->nRef has reached 0, then close the underlying
+  ** shared-memory file, too */
+  winShmEnterMutex();
+  assert( pShmNode->nRef>0 );
+  pShmNode->nRef--;
+  if( pShmNode->nRef==0 ){
+    winShmPurge(pDbFd->pVfs, deleteFlag);
+  }
+  winShmLeaveMutex();
+
+  return SQLITE_OK;
+}
+
+/*
+** Change the lock state for a shared-memory segment.
+*/
+static int winShmLock(
+  sqlite3_file *fd,          /* Database file holding the shared memory */
+  int ofst,                  /* First lock to acquire or release */
+  int n,                     /* Number of locks to acquire or release */
+  int flags                  /* What to do with the lock */
+){
+  winFile *pDbFd = (winFile*)fd;        /* Connection holding shared memory */
+  winShm *p = pDbFd->pShm;              /* The shared memory being locked */
+  winShm *pX;                           /* For looping over all siblings */
+  winShmNode *pShmNode = p->pShmNode;
+  int rc = SQLITE_OK;                   /* Result code */
+  u16 mask;                             /* Mask of locks to take or release */
+
+  assert( ofst>=0 && ofst+n<=SQLITE_SHM_NLOCK );
+  assert( n>=1 );
+  assert( flags==(SQLITE_SHM_LOCK | SQLITE_SHM_SHARED)
+       || flags==(SQLITE_SHM_LOCK | SQLITE_SHM_EXCLUSIVE)
+       || flags==(SQLITE_SHM_UNLOCK | SQLITE_SHM_SHARED)
+       || flags==(SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE) );
+  assert( n==1 || (flags & SQLITE_SHM_EXCLUSIVE)!=0 );
+
+  mask = (u16)((1U<<(ofst+n)) - (1U<<ofst));
+  assert( n>1 || mask==(1<<ofst) );
+  sqlite3_mutex_enter(pShmNode->mutex);
+  if( flags & SQLITE_SHM_UNLOCK ){
+    u16 allMask = 0; /* Mask of locks held by siblings */
+
+    /* See if any siblings hold this same lock */
+    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
+      if( pX==p ) continue;
+      assert( (pX->exclMask & (p->exclMask|p->sharedMask))==0 );
+      allMask |= pX->sharedMask;
+    }
+
+    /* Unlock the system-level locks */
+    if( (mask & allMask)==0 ){
+      rc = winShmSystemLock(pShmNode, _SHM_UNLCK, ofst+WIN_SHM_BASE, n);
+    }else{
+      rc = SQLITE_OK;
+    }
+
+    /* Undo the local locks */
+    if( rc==SQLITE_OK ){
+      p->exclMask &= ~mask;
+      p->sharedMask &= ~mask;
+    }
+  }else if( flags & SQLITE_SHM_SHARED ){
+    u16 allShared = 0;  /* Union of locks held by connections other than "p" */
+
+    /* Find out which shared locks are already held by sibling connections.
+    ** If any sibling already holds an exclusive lock, go ahead and return
+    ** SQLITE_BUSY.
+    */
+    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
+      if( (pX->exclMask & mask)!=0 ){
+        rc = SQLITE_BUSY;
+        break;
+      }
+      allShared |= pX->sharedMask;
+    }
+
+    /* Get shared locks at the system level, if necessary */
+    if( rc==SQLITE_OK ){
+      if( (allShared & mask)==0 ){
+        rc = winShmSystemLock(pShmNode, _SHM_RDLCK, ofst+WIN_SHM_BASE, n);
+      }else{
+        rc = SQLITE_OK;
+      }
+    }
+
+    /* Get the local shared locks */
+    if( rc==SQLITE_OK ){
+      p->sharedMask |= mask;
+    }
+  }else{
+    /* Make sure no sibling connections hold locks that will block this
+    ** lock.  If any do, return SQLITE_BUSY right away.
+    */
+    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
+      if( (pX->exclMask & mask)!=0 || (pX->sharedMask & mask)!=0 ){
+        rc = SQLITE_BUSY;
+        break;
+      }
+    }
+
+    /* Get the exclusive locks at the system level.  Then if successful
+    ** also mark the local connection as being locked.
+    */
+    if( rc==SQLITE_OK ){
+      rc = winShmSystemLock(pShmNode, _SHM_WRLCK, ofst+WIN_SHM_BASE, n);
+      if( rc==SQLITE_OK ){
+        assert( (p->sharedMask & mask)==0 );
+        p->exclMask |= mask;
+      }
+    }
+  }
+  sqlite3_mutex_leave(pShmNode->mutex);
+  OSTRACE(("SHM-LOCK pid=%lu, id=%d, sharedMask=%03x, exclMask=%03x, rc=%s\n",
+           osGetCurrentProcessId(), p->id, p->sharedMask, p->exclMask,
+           sqlite3ErrName(rc)));
+  return rc;
+}
+
+/*
+** Implement a memory barrier or memory fence on shared memory.
+**
+** All loads and stores begun before the barrier must complete before
+** any load or store begun after the barrier.
+*/
+static void winShmBarrier(
+  sqlite3_file *fd          /* Database holding the shared memory */
+){
+  UNUSED_PARAMETER(fd);
+  sqlite3MemoryBarrier();   /* compiler-defined memory barrier */
+  winShmEnterMutex();       /* Also mutex, for redundancy */
+  winShmLeaveMutex();
+}
+
+/*
+** This function is called to obtain a pointer to region iRegion of the
+** shared-memory associated with the database file fd. Shared-memory regions
+** are numbered starting from zero. Each shared-memory region is szRegion
+** bytes in size.
+**
+** If an error occurs, an error code is returned and *pp is set to NULL.
+**
+** Otherwise, if the isWrite parameter is 0 and the requested shared-memory
+** region has not been allocated (by any client, including one running in a
+** separate process), then *pp is set to NULL and SQLITE_OK returned. If
+** isWrite is non-zero and the requested shared-memory region has not yet
+** been allocated, it is allocated by this function.
+**
+** If the shared-memory region has already been allocated or is allocated by
+** this call as described above, then it is mapped into this processes
+** address space (if it is not already), *pp is set to point to the mapped
+** memory and SQLITE_OK returned.
+*/
+static int winShmMap(
+  sqlite3_file *fd,               /* Handle open on database file */
+  int iRegion,                    /* Region to retrieve */
+  int szRegion,                   /* Size of regions */
+  int isWrite,                    /* True to extend file if necessary */
+  void volatile **pp              /* OUT: Mapped memory */
+){
+  winFile *pDbFd = (winFile*)fd;
+  winShm *pShm = pDbFd->pShm;
+  winShmNode *pShmNode;
+  int rc = SQLITE_OK;
+
+  if( !pShm ){
+    rc = winOpenSharedMemory(pDbFd);
+    if( rc!=SQLITE_OK ) return rc;
+    pShm = pDbFd->pShm;
+  }
+  pShmNode = pShm->pShmNode;
+
+  sqlite3_mutex_enter(pShmNode->mutex);
+  assert( szRegion==pShmNode->szRegion || pShmNode->nRegion==0 );
+
+  if( pShmNode->nRegion<=iRegion ){
+    struct ShmRegion *apNew;           /* New aRegion[] array */
+    int nByte = (iRegion+1)*szRegion;  /* Minimum required file size */
+    sqlite3_int64 sz;                  /* Current size of wal-index file */
+
+    pShmNode->szRegion = szRegion;
+
+    /* The requested region is not mapped into this processes address space.
+    ** Check to see if it has been allocated (i.e. if the wal-index file is
+    ** large enough to contain the requested region).
+    */
+    rc = winFileSize((sqlite3_file *)&pShmNode->hFile, &sz);
+    if( rc!=SQLITE_OK ){
+      rc = winLogError(SQLITE_IOERR_SHMSIZE, osGetLastError(),
+                       "winShmMap1", pDbFd->zPath);
+      goto shmpage_out;
+    }
+
+    if( sz<nByte ){
+      /* The requested memory region does not exist. If isWrite is set to
+      ** zero, exit early. *pp will be set to NULL and SQLITE_OK returned.
+      **
+      ** Alternatively, if isWrite is non-zero, use ftruncate() to allocate
+      ** the requested memory region.
+      */
+      if( !isWrite ) goto shmpage_out;
+      rc = winTruncate((sqlite3_file *)&pShmNode->hFile, nByte);
+      if( rc!=SQLITE_OK ){
+        rc = winLogError(SQLITE_IOERR_SHMSIZE, osGetLastError(),
+                         "winShmMap2", pDbFd->zPath);
+        goto shmpage_out;
+      }
+    }
+
+    /* Map the requested memory region into this processes address space. */
+    apNew = (struct ShmRegion *)sqlite3_realloc64(
+        pShmNode->aRegion, (iRegion+1)*sizeof(apNew[0])
+    );
+    if( !apNew ){
+      rc = SQLITE_IOERR_NOMEM;
+      goto shmpage_out;
+    }
+    pShmNode->aRegion = apNew;
+
+    while( pShmNode->nRegion<=iRegion ){
+      HANDLE hMap = NULL;         /* file-mapping handle */
+      void *pMap = 0;             /* Mapped memory region */
+
+#if SQLITE_OS_WINRT
+      hMap = osCreateFileMappingFromApp(pShmNode->hFile.h,
+          NULL, PAGE_READWRITE, nByte, NULL
+      );
+#elif defined(SQLITE_WIN32_HAS_WIDE)
+      hMap = osCreateFileMappingW(pShmNode->hFile.h,
+          NULL, PAGE_READWRITE, 0, nByte, NULL
+      );
+#elif defined(SQLITE_WIN32_HAS_ANSI)
+      hMap = osCreateFileMappingA(pShmNode->hFile.h,
+          NULL, PAGE_READWRITE, 0, nByte, NULL
+      );
+#endif
+      OSTRACE(("SHM-MAP-CREATE pid=%lu, region=%d, size=%d, rc=%s\n",
+               osGetCurrentProcessId(), pShmNode->nRegion, nByte,
+               hMap ? "ok" : "failed"));
+      if( hMap ){
+        int iOffset = pShmNode->nRegion*szRegion;
+        int iOffsetShift = iOffset % winSysInfo.dwAllocationGranularity;
+#if SQLITE_OS_WINRT
+        pMap = osMapViewOfFileFromApp(hMap, FILE_MAP_WRITE | FILE_MAP_READ,
+            iOffset - iOffsetShift, szRegion + iOffsetShift
+        );
+#else
+        pMap = osMapViewOfFile(hMap, FILE_MAP_WRITE | FILE_MAP_READ,
+            0, iOffset - iOffsetShift, szRegion + iOffsetShift
+        );
+#endif
+        OSTRACE(("SHM-MAP-MAP pid=%lu, region=%d, offset=%d, size=%d, rc=%s\n",
+                 osGetCurrentProcessId(), pShmNode->nRegion, iOffset,
+                 szRegion, pMap ? "ok" : "failed"));
+      }
+      if( !pMap ){
+        pShmNode->lastErrno = osGetLastError();
+        rc = winLogError(SQLITE_IOERR_SHMMAP, pShmNode->lastErrno,
+                         "winShmMap3", pDbFd->zPath);
+        if( hMap ) osCloseHandle(hMap);
+        goto shmpage_out;
+      }
+
+      pShmNode->aRegion[pShmNode->nRegion].pMap = pMap;
+      pShmNode->aRegion[pShmNode->nRegion].hMap = hMap;
+      pShmNode->nRegion++;
+    }
+  }
+
+shmpage_out:
+  if( pShmNode->nRegion>iRegion ){
+    int iOffset = iRegion*szRegion;
+    int iOffsetShift = iOffset % winSysInfo.dwAllocationGranularity;
+    char *p = (char *)pShmNode->aRegion[iRegion].pMap;
+    *pp = (void *)&p[iOffsetShift];
+  }else{
+    *pp = 0;
+  }
+  sqlite3_mutex_leave(pShmNode->mutex);
+  return rc;
+}
+
+#else
+# define winShmMap     0
+# define winShmLock    0
+# define winShmBarrier 0
+# define winShmUnmap   0
+#endif /* #ifndef SQLITE_OMIT_WAL */
+
+/*
+** Cleans up the mapped region of the specified file, if any.
+*/
+#if SQLITE_MAX_MMAP_SIZE>0
+static int winUnmapfile(winFile *pFile){
+  assert( pFile!=0 );
+  OSTRACE(("UNMAP-FILE pid=%lu, pFile=%p, hMap=%p, pMapRegion=%p, "
+           "mmapSize=%lld, mmapSizeActual=%lld, mmapSizeMax=%lld\n",
+           osGetCurrentProcessId(), pFile, pFile->hMap, pFile->pMapRegion,
+           pFile->mmapSize, pFile->mmapSizeActual, pFile->mmapSizeMax));
+  if( pFile->pMapRegion ){
+    if( !osUnmapViewOfFile(pFile->pMapRegion) ){
+      pFile->lastErrno = osGetLastError();
+      OSTRACE(("UNMAP-FILE pid=%lu, pFile=%p, pMapRegion=%p, "
+               "rc=SQLITE_IOERR_MMAP\n", osGetCurrentProcessId(), pFile,
+               pFile->pMapRegion));
+      return winLogError(SQLITE_IOERR_MMAP, pFile->lastErrno,
+                         "winUnmapfile1", pFile->zPath);
+    }
+    pFile->pMapRegion = 0;
+    pFile->mmapSize = 0;
+    pFile->mmapSizeActual = 0;
+  }
+  if( pFile->hMap!=NULL ){
+    if( !osCloseHandle(pFile->hMap) ){
+      pFile->lastErrno = osGetLastError();
+      OSTRACE(("UNMAP-FILE pid=%lu, pFile=%p, hMap=%p, rc=SQLITE_IOERR_MMAP\n",
+               osGetCurrentProcessId(), pFile, pFile->hMap));
+      return winLogError(SQLITE_IOERR_MMAP, pFile->lastErrno,
+                         "winUnmapfile2", pFile->zPath);
+    }
+    pFile->hMap = NULL;
+  }
+  OSTRACE(("UNMAP-FILE pid=%lu, pFile=%p, rc=SQLITE_OK\n",
+           osGetCurrentProcessId(), pFile));
+  return SQLITE_OK;
+}
+
+/*
+** Memory map or remap the file opened by file-descriptor pFd (if the file
+** is already mapped, the existing mapping is replaced by the new). Or, if
+** there already exists a mapping for this file, and there are still
+** outstanding xFetch() references to it, this function is a no-op.
+**
+** If parameter nByte is non-negative, then it is the requested size of
+** the mapping to create. Otherwise, if nByte is less than zero, then the
+** requested size is the size of the file on disk. The actual size of the
+** created mapping is either the requested size or the value configured
+** using SQLITE_FCNTL_MMAP_SIZE, whichever is smaller.
+**
+** SQLITE_OK is returned if no error occurs (even if the mapping is not
+** recreated as a result of outstanding references) or an SQLite error
+** code otherwise.
+*/
+static int winMapfile(winFile *pFd, sqlite3_int64 nByte){
+  sqlite3_int64 nMap = nByte;
+  int rc;
+
+  assert( nMap>=0 || pFd->nFetchOut==0 );
+  OSTRACE(("MAP-FILE pid=%lu, pFile=%p, size=%lld\n",
+           osGetCurrentProcessId(), pFd, nByte));
+
+  if( pFd->nFetchOut>0 ) return SQLITE_OK;
+
+  if( nMap<0 ){
+    rc = winFileSize((sqlite3_file*)pFd, &nMap);
+    if( rc ){
+      OSTRACE(("MAP-FILE pid=%lu, pFile=%p, rc=SQLITE_IOERR_FSTAT\n",
+               osGetCurrentProcessId(), pFd));
+      return SQLITE_IOERR_FSTAT;
+    }
+  }
+  if( nMap>pFd->mmapSizeMax ){
+    nMap = pFd->mmapSizeMax;
+  }
+  nMap &= ~(sqlite3_int64)(winSysInfo.dwPageSize - 1);
+
+  if( nMap==0 && pFd->mmapSize>0 ){
+    winUnmapfile(pFd);
+  }
+  if( nMap!=pFd->mmapSize ){
+    void *pNew = 0;
+    DWORD protect = PAGE_READONLY;
+    DWORD flags = FILE_MAP_READ;
+
+    winUnmapfile(pFd);
+#ifdef SQLITE_MMAP_READWRITE
+    if( (pFd->ctrlFlags & WINFILE_RDONLY)==0 ){
+      protect = PAGE_READWRITE;
+      flags |= FILE_MAP_WRITE;
+    }
+#endif
+#if SQLITE_OS_WINRT
+    pFd->hMap = osCreateFileMappingFromApp(pFd->h, NULL, protect, nMap, NULL);
+#elif defined(SQLITE_WIN32_HAS_WIDE)
+    pFd->hMap = osCreateFileMappingW(pFd->h, NULL, protect,
+                                (DWORD)((nMap>>32) & 0xffffffff),
+                                (DWORD)(nMap & 0xffffffff), NULL);
+#elif defined(SQLITE_WIN32_HAS_ANSI)
+    pFd->hMap = osCreateFileMappingA(pFd->h, NULL, protect,
+                                (DWORD)((nMap>>32) & 0xffffffff),
+                                (DWORD)(nMap & 0xffffffff), NULL);
+#endif
+    if( pFd->hMap==NULL ){
+      pFd->lastErrno = osGetLastError();
+      rc = winLogError(SQLITE_IOERR_MMAP, pFd->lastErrno,
+                       "winMapfile1", pFd->zPath);
+      /* Log the error, but continue normal operation using xRead/xWrite */
+      OSTRACE(("MAP-FILE-CREATE pid=%lu, pFile=%p, rc=%s\n",
+               osGetCurrentProcessId(), pFd, sqlite3ErrName(rc)));
+      return SQLITE_OK;
+    }
+    assert( (nMap % winSysInfo.dwPageSize)==0 );
+    assert( sizeof(SIZE_T)==sizeof(sqlite3_int64) || nMap<=0xffffffff );
+#if SQLITE_OS_WINRT
+    pNew = osMapViewOfFileFromApp(pFd->hMap, flags, 0, (SIZE_T)nMap);
+#else
+    pNew = osMapViewOfFile(pFd->hMap, flags, 0, 0, (SIZE_T)nMap);
+#endif
+    if( pNew==NULL ){
+      osCloseHandle(pFd->hMap);
+      pFd->hMap = NULL;
+      pFd->lastErrno = osGetLastError();
+      rc = winLogError(SQLITE_IOERR_MMAP, pFd->lastErrno,
+                       "winMapfile2", pFd->zPath);
+      /* Log the error, but continue normal operation using xRead/xWrite */
+      OSTRACE(("MAP-FILE-MAP pid=%lu, pFile=%p, rc=%s\n",
+               osGetCurrentProcessId(), pFd, sqlite3ErrName(rc)));
+      return SQLITE_OK;
+    }
+    pFd->pMapRegion = pNew;
+    pFd->mmapSize = nMap;
+    pFd->mmapSizeActual = nMap;
+  }
+
+  OSTRACE(("MAP-FILE pid=%lu, pFile=%p, rc=SQLITE_OK\n",
+           osGetCurrentProcessId(), pFd));
+  return SQLITE_OK;
+}
+#endif /* SQLITE_MAX_MMAP_SIZE>0 */
+
+/*
+** If possible, return a pointer to a mapping of file fd starting at offset
+** iOff. The mapping must be valid for at least nAmt bytes.
+**
+** If such a pointer can be obtained, store it in *pp and return SQLITE_OK.
+** Or, if one cannot but no error occurs, set *pp to 0 and return SQLITE_OK.
+** Finally, if an error does occur, return an SQLite error code. The final
+** value of *pp is undefined in this case.
+**
+** If this function does return a pointer, the caller must eventually
+** release the reference by calling winUnfetch().
+*/
+static int winFetch(sqlite3_file *fd, i64 iOff, int nAmt, void **pp){
+#if SQLITE_MAX_MMAP_SIZE>0
+  winFile *pFd = (winFile*)fd;   /* The underlying database file */
+#endif
+  *pp = 0;
+
+  OSTRACE(("FETCH pid=%lu, pFile=%p, offset=%lld, amount=%d, pp=%p\n",
+           osGetCurrentProcessId(), fd, iOff, nAmt, pp));
+
+#if SQLITE_MAX_MMAP_SIZE>0
+  if( pFd->mmapSizeMax>0 ){
+    if( pFd->pMapRegion==0 ){
+      int rc = winMapfile(pFd, -1);
+      if( rc!=SQLITE_OK ){
+        OSTRACE(("FETCH pid=%lu, pFile=%p, rc=%s\n",
+                 osGetCurrentProcessId(), pFd, sqlite3ErrName(rc)));
+        return rc;
+      }
+    }
+    if( pFd->mmapSize >= iOff+nAmt ){
+      *pp = &((u8 *)pFd->pMapRegion)[iOff];
+      pFd->nFetchOut++;
+    }
+  }
+#endif
+
+  OSTRACE(("FETCH pid=%lu, pFile=%p, pp=%p, *pp=%p, rc=SQLITE_OK\n",
+           osGetCurrentProcessId(), fd, pp, *pp));
+  return SQLITE_OK;
+}
+
+/*
+** If the third argument is non-NULL, then this function releases a
+** reference obtained by an earlier call to winFetch(). The second
+** argument passed to this function must be the same as the corresponding
+** argument that was passed to the winFetch() invocation.
+**
+** Or, if the third argument is NULL, then this function is being called
+** to inform the VFS layer that, according to POSIX, any existing mapping
+** may now be invalid and should be unmapped.
+*/
+static int winUnfetch(sqlite3_file *fd, i64 iOff, void *p){
+#if SQLITE_MAX_MMAP_SIZE>0
+  winFile *pFd = (winFile*)fd;   /* The underlying database file */
+
+  /* If p==0 (unmap the entire file) then there must be no outstanding
+  ** xFetch references. Or, if p!=0 (meaning it is an xFetch reference),
+  ** then there must be at least one outstanding.  */
+  assert( (p==0)==(pFd->nFetchOut==0) );
+
+  /* If p!=0, it must match the iOff value. */
+  assert( p==0 || p==&((u8 *)pFd->pMapRegion)[iOff] );
+
+  OSTRACE(("UNFETCH pid=%lu, pFile=%p, offset=%lld, p=%p\n",
+           osGetCurrentProcessId(), pFd, iOff, p));
+
+  if( p ){
+    pFd->nFetchOut--;
+  }else{
+    /* FIXME:  If Windows truly always prevents truncating or deleting a
+    ** file while a mapping is held, then the following winUnmapfile() call
+    ** is unnecessary can be omitted - potentially improving
+    ** performance.  */
+    winUnmapfile(pFd);
+  }
+
+  assert( pFd->nFetchOut>=0 );
+#endif
+
+  OSTRACE(("UNFETCH pid=%lu, pFile=%p, rc=SQLITE_OK\n",
+           osGetCurrentProcessId(), fd));
+  return SQLITE_OK;
+}
+
+/*
+** Here ends the implementation of all sqlite3_file methods.
+**
+********************** End sqlite3_file Methods *******************************
+******************************************************************************/
+
+/*
+** This vector defines all the methods that can operate on an
+** sqlite3_file for win32.
+*/
+static const sqlite3_io_methods winIoMethod = {
+  3,                              /* iVersion */
+  winClose,                       /* xClose */
+  winRead,                        /* xRead */
+  winWrite,                       /* xWrite */
+  winTruncate,                    /* xTruncate */
+  winSync,                        /* xSync */
+  winFileSize,                    /* xFileSize */
+  winLock,                        /* xLock */
+  winUnlock,                      /* xUnlock */
+  winCheckReservedLock,           /* xCheckReservedLock */
+  winFileControl,                 /* xFileControl */
+  winSectorSize,                  /* xSectorSize */
+  winDeviceCharacteristics,       /* xDeviceCharacteristics */
+  winShmMap,                      /* xShmMap */
+  winShmLock,                     /* xShmLock */
+  winShmBarrier,                  /* xShmBarrier */
+  winShmUnmap,                    /* xShmUnmap */
+  winFetch,                       /* xFetch */
+  winUnfetch                      /* xUnfetch */
+};
+
+/****************************************************************************
+**************************** sqlite3_vfs methods ****************************
+**
+** This division contains the implementation of methods on the
+** sqlite3_vfs object.
+*/
+
+#if defined(__CYGWIN__)
+/*
+** Convert a filename from whatever the underlying operating system
+** supports for filenames into UTF-8.  Space to hold the result is
+** obtained from malloc and must be freed by the calling function.
+*/
+static char *winConvertToUtf8Filename(const void *zFilename){
+  char *zConverted = 0;
+  if( osIsNT() ){
+    zConverted = winUnicodeToUtf8(zFilename);
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    zConverted = sqlite3_win32_mbcs_to_utf8(zFilename);
+  }
+#endif
+  /* caller will handle out of memory */
+  return zConverted;
+}
+#endif
+
+/*
+** Convert a UTF-8 filename into whatever form the underlying
+** operating system wants filenames in.  Space to hold the result
+** is obtained from malloc and must be freed by the calling
+** function.
+*/
+static void *winConvertFromUtf8Filename(const char *zFilename){
+  void *zConverted = 0;
+  if( osIsNT() ){
+    zConverted = winUtf8ToUnicode(zFilename);
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    zConverted = sqlite3_win32_utf8_to_mbcs(zFilename);
+  }
+#endif
+  /* caller will handle out of memory */
+  return zConverted;
+}
+
+/*
+** This function returns non-zero if the specified UTF-8 string buffer
+** ends with a directory separator character or one was successfully
+** added to it.
+*/
+static int winMakeEndInDirSep(int nBuf, char *zBuf){
+  if( zBuf ){
+    int nLen = sqlite3Strlen30(zBuf);
+    if( nLen>0 ){
+      if( winIsDirSep(zBuf[nLen-1]) ){
+        return 1;
+      }else if( nLen+1<nBuf ){
+        zBuf[nLen] = winGetDirSep();
+        zBuf[nLen+1] = '\0';
+        return 1;
+      }
+    }
+  }
+  return 0;
+}
+
+/*
+** Create a temporary file name and store the resulting pointer into pzBuf.
+** The pointer returned in pzBuf must be freed via sqlite3_free().
+*/
+static int winGetTempname(sqlite3_vfs *pVfs, char **pzBuf){
+  static char zChars[] =
+    "abcdefghijklmnopqrstuvwxyz"
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "0123456789";
+  size_t i, j;
+  int nPre = sqlite3Strlen30(SQLITE_TEMP_FILE_PREFIX);
+  int nMax, nBuf, nDir, nLen;
+  char *zBuf;
+
+  /* It's odd to simulate an io-error here, but really this is just
+  ** using the io-error infrastructure to test that SQLite handles this
+  ** function failing.
+  */
+  SimulateIOError( return SQLITE_IOERR );
+
+  /* Allocate a temporary buffer to store the fully qualified file
+  ** name for the temporary file.  If this fails, we cannot continue.
+  */
+  nMax = pVfs->mxPathname; nBuf = nMax + 2;
+  zBuf = sqlite3MallocZero( nBuf );
+  if( !zBuf ){
+    OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+    return SQLITE_IOERR_NOMEM;
+  }
+
+  /* Figure out the effective temporary directory.  First, check if one
+  ** has been explicitly set by the application; otherwise, use the one
+  ** configured by the operating system.
+  */
+  nDir = nMax - (nPre + 15);
+  assert( nDir>0 );
+  if( sqlite3_temp_directory ){
+    int nDirLen = sqlite3Strlen30(sqlite3_temp_directory);
+    if( nDirLen>0 ){
+      if( !winIsDirSep(sqlite3_temp_directory[nDirLen-1]) ){
+        nDirLen++;
+      }
+      if( nDirLen>nDir ){
+        sqlite3_free(zBuf);
+        OSTRACE(("TEMP-FILENAME rc=SQLITE_ERROR\n"));
+        return winLogError(SQLITE_ERROR, 0, "winGetTempname1", 0);
+      }
+      sqlite3_snprintf(nMax, zBuf, "%s", sqlite3_temp_directory);
+    }
+  }
+#if defined(__CYGWIN__)
+  else{
+    static const char *azDirs[] = {
+       0, /* getenv("SQLITE_TMPDIR") */
+       0, /* getenv("TMPDIR") */
+       0, /* getenv("TMP") */
+       0, /* getenv("TEMP") */
+       0, /* getenv("USERPROFILE") */
+       "/var/tmp",
+       "/usr/tmp",
+       "/tmp",
+       ".",
+       0        /* List terminator */
+    };
+    unsigned int i;
+    const char *zDir = 0;
+
+    if( !azDirs[0] ) azDirs[0] = getenv("SQLITE_TMPDIR");
+    if( !azDirs[1] ) azDirs[1] = getenv("TMPDIR");
+    if( !azDirs[2] ) azDirs[2] = getenv("TMP");
+    if( !azDirs[3] ) azDirs[3] = getenv("TEMP");
+    if( !azDirs[4] ) azDirs[4] = getenv("USERPROFILE");
+    for(i=0; i<sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){
+      void *zConverted;
+      if( zDir==0 ) continue;
+      /* If the path starts with a drive letter followed by the colon
+      ** character, assume it is already a native Win32 path; otherwise,
+      ** it must be converted to a native Win32 path via the Cygwin API
+      ** prior to using it.
+      */
+      if( winIsDriveLetterAndColon(zDir) ){
+        zConverted = winConvertFromUtf8Filename(zDir);
+        if( !zConverted ){
+          sqlite3_free(zBuf);
+          OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+          return SQLITE_IOERR_NOMEM;
+        }
+        if( winIsDir(zConverted) ){
+          sqlite3_snprintf(nMax, zBuf, "%s", zDir);
+          sqlite3_free(zConverted);
+          break;
+        }
+        sqlite3_free(zConverted);
+      }else{
+        zConverted = sqlite3MallocZero( nMax+1 );
+        if( !zConverted ){
+          sqlite3_free(zBuf);
+          OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+          return SQLITE_IOERR_NOMEM;
+        }
+        if( cygwin_conv_path(
+                osIsNT() ? CCP_POSIX_TO_WIN_W : CCP_POSIX_TO_WIN_A, zDir,
+                zConverted, nMax+1)<0 ){
+          sqlite3_free(zConverted);
+          sqlite3_free(zBuf);
+          OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_CONVPATH\n"));
+          return winLogError(SQLITE_IOERR_CONVPATH, (DWORD)errno,
+                             "winGetTempname2", zDir);
+        }
+        if( winIsDir(zConverted) ){
+          /* At this point, we know the candidate directory exists and should
+          ** be used.  However, we may need to convert the string containing
+          ** its name into UTF-8 (i.e. if it is UTF-16 right now).
+          */
+          char *zUtf8 = winConvertToUtf8Filename(zConverted);
+          if( !zUtf8 ){
+            sqlite3_free(zConverted);
+            sqlite3_free(zBuf);
+            OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+            return SQLITE_IOERR_NOMEM;
+          }
+          sqlite3_snprintf(nMax, zBuf, "%s", zUtf8);
+          sqlite3_free(zUtf8);
+          sqlite3_free(zConverted);
+          break;
+        }
+        sqlite3_free(zConverted);
+      }
+    }
+  }
+#elif !SQLITE_OS_WINRT && !defined(__CYGWIN__)
+  else if( osIsNT() ){
+    char *zMulti;
+    LPWSTR zWidePath = sqlite3MallocZero( nMax*sizeof(WCHAR) );
+    if( !zWidePath ){
+      sqlite3_free(zBuf);
+      OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+      return SQLITE_IOERR_NOMEM;
+    }
+    if( osGetTempPathW(nMax, zWidePath)==0 ){
+      sqlite3_free(zWidePath);
+      sqlite3_free(zBuf);
+      OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_GETTEMPPATH\n"));
+      return winLogError(SQLITE_IOERR_GETTEMPPATH, osGetLastError(),
+                         "winGetTempname2", 0);
+    }
+    zMulti = winUnicodeToUtf8(zWidePath);
+    if( zMulti ){
+      sqlite3_snprintf(nMax, zBuf, "%s", zMulti);
+      sqlite3_free(zMulti);
+      sqlite3_free(zWidePath);
+    }else{
+      sqlite3_free(zWidePath);
+      sqlite3_free(zBuf);
+      OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+      return SQLITE_IOERR_NOMEM;
+    }
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    char *zUtf8;
+    char *zMbcsPath = sqlite3MallocZero( nMax );
+    if( !zMbcsPath ){
+      sqlite3_free(zBuf);
+      OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+      return SQLITE_IOERR_NOMEM;
+    }
+    if( osGetTempPathA(nMax, zMbcsPath)==0 ){
+      sqlite3_free(zBuf);
+      OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_GETTEMPPATH\n"));
+      return winLogError(SQLITE_IOERR_GETTEMPPATH, osGetLastError(),
+                         "winGetTempname3", 0);
+    }
+    zUtf8 = sqlite3_win32_mbcs_to_utf8(zMbcsPath);
+    if( zUtf8 ){
+      sqlite3_snprintf(nMax, zBuf, "%s", zUtf8);
+      sqlite3_free(zUtf8);
+    }else{
+      sqlite3_free(zBuf);
+      OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
+      return SQLITE_IOERR_NOMEM;
+    }
+  }
+#endif /* SQLITE_WIN32_HAS_ANSI */
+#endif /* !SQLITE_OS_WINRT */
+
+  /*
+  ** Check to make sure the temporary directory ends with an appropriate
+  ** separator.  If it does not and there is not enough space left to add
+  ** one, fail.
+  */
+  if( !winMakeEndInDirSep(nDir+1, zBuf) ){
+    sqlite3_free(zBuf);
+    OSTRACE(("TEMP-FILENAME rc=SQLITE_ERROR\n"));
+    return winLogError(SQLITE_ERROR, 0, "winGetTempname4", 0);
+  }
+
+  /*
+  ** Check that the output buffer is large enough for the temporary file
+  ** name in the following format:
+  **
+  **   "<temporary_directory>/etilqs_XXXXXXXXXXXXXXX\0\0"
+  **
+  ** If not, return SQLITE_ERROR.  The number 17 is used here in order to
+  ** account for the space used by the 15 character random suffix and the
+  ** two trailing NUL characters.  The final directory separator character
+  ** has already added if it was not already present.
+  */
+  nLen = sqlite3Strlen30(zBuf);
+  if( (nLen + nPre + 17) > nBuf ){
+    sqlite3_free(zBuf);
+    OSTRACE(("TEMP-FILENAME rc=SQLITE_ERROR\n"));
+    return winLogError(SQLITE_ERROR, 0, "winGetTempname5", 0);
+  }
+
+  sqlite3_snprintf(nBuf-16-nLen, zBuf+nLen, SQLITE_TEMP_FILE_PREFIX);
+
+  j = sqlite3Strlen30(zBuf);
+  sqlite3_randomness(15, &zBuf[j]);
+  for(i=0; i<15; i++, j++){
+    zBuf[j] = (char)zChars[ ((unsigned char)zBuf[j])%(sizeof(zChars)-1) ];
+  }
+  zBuf[j] = 0;
+  zBuf[j+1] = 0;
+  *pzBuf = zBuf;
+
+  OSTRACE(("TEMP-FILENAME name=%s, rc=SQLITE_OK\n", zBuf));
+  return SQLITE_OK;
+}
+
+/*
+** Return TRUE if the named file is really a directory.  Return false if
+** it is something other than a directory, or if there is any kind of memory
+** allocation failure.
+*/
+static int winIsDir(const void *zConverted){
+  DWORD attr;
+  int rc = 0;
+  DWORD lastErrno;
+
+  if( osIsNT() ){
+    int cnt = 0;
+    WIN32_FILE_ATTRIBUTE_DATA sAttrData;
+    memset(&sAttrData, 0, sizeof(sAttrData));
+    while( !(rc = osGetFileAttributesExW((LPCWSTR)zConverted,
+                             GetFileExInfoStandard,
+                             &sAttrData)) && winRetryIoerr(&cnt, &lastErrno) ){}
+    if( !rc ){
+      return 0; /* Invalid name? */
+    }
+    attr = sAttrData.dwFileAttributes;
+#if SQLITE_OS_WINCE==0
+  }else{
+    attr = osGetFileAttributesA((char*)zConverted);
+#endif
+  }
+  return (attr!=INVALID_FILE_ATTRIBUTES) && (attr&FILE_ATTRIBUTE_DIRECTORY);
+}
+
+/*
+** Open a file.
+*/
+static int winOpen(
+  sqlite3_vfs *pVfs,        /* Used to get maximum path name length */
+  const char *zName,        /* Name of the file (UTF-8) */
+  sqlite3_file *id,         /* Write the SQLite file handle here */
+  int flags,                /* Open mode flags */
+  int *pOutFlags            /* Status return flags */
+){
+  HANDLE h;
+  DWORD lastErrno = 0;
+  DWORD dwDesiredAccess;
+  DWORD dwShareMode;
+  DWORD dwCreationDisposition;
+  DWORD dwFlagsAndAttributes = 0;
+#if SQLITE_OS_WINCE
+  int isTemp = 0;
+#endif
+  winFile *pFile = (winFile*)id;
+  void *zConverted;              /* Filename in OS encoding */
+  const char *zUtf8Name = zName; /* Filename in UTF-8 encoding */
+  int cnt = 0;
+
+  /* If argument zPath is a NULL pointer, this function is required to open
+  ** a temporary file. Use this buffer to store the file name in.
+  */
+  char *zTmpname = 0; /* For temporary filename, if necessary. */
+
+  int rc = SQLITE_OK;            /* Function Return Code */
+#if !defined(NDEBUG) || SQLITE_OS_WINCE
+  int eType = flags&0xFFFFFF00;  /* Type of file to open */
+#endif
+
+  int isExclusive  = (flags & SQLITE_OPEN_EXCLUSIVE);
+  int isDelete     = (flags & SQLITE_OPEN_DELETEONCLOSE);
+  int isCreate     = (flags & SQLITE_OPEN_CREATE);
+  int isReadonly   = (flags & SQLITE_OPEN_READONLY);
+  int isReadWrite  = (flags & SQLITE_OPEN_READWRITE);
+
+#ifndef NDEBUG
+  int isOpenJournal = (isCreate && (
+        eType==SQLITE_OPEN_MASTER_JOURNAL
+     || eType==SQLITE_OPEN_MAIN_JOURNAL
+     || eType==SQLITE_OPEN_WAL
+  ));
+#endif
+
+  OSTRACE(("OPEN name=%s, pFile=%p, flags=%x, pOutFlags=%p\n",
+           zUtf8Name, id, flags, pOutFlags));
+
+  /* Check the following statements are true:
+  **
+  **   (a) Exactly one of the READWRITE and READONLY flags must be set, and
+  **   (b) if CREATE is set, then READWRITE must also be set, and
+  **   (c) if EXCLUSIVE is set, then CREATE must also be set.
+  **   (d) if DELETEONCLOSE is set, then CREATE must also be set.
+  */
+  assert((isReadonly==0 || isReadWrite==0) && (isReadWrite || isReadonly));
+  assert(isCreate==0 || isReadWrite);
+  assert(isExclusive==0 || isCreate);
+  assert(isDelete==0 || isCreate);
+
+  /* The main DB, main journal, WAL file and master journal are never
+  ** automatically deleted. Nor are they ever temporary files.  */
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_MAIN_DB );
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_MAIN_JOURNAL );
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_MASTER_JOURNAL );
+  assert( (!isDelete && zName) || eType!=SQLITE_OPEN_WAL );
+
+  /* Assert that the upper layer has set one of the "file-type" flags. */
+  assert( eType==SQLITE_OPEN_MAIN_DB      || eType==SQLITE_OPEN_TEMP_DB
+       || eType==SQLITE_OPEN_MAIN_JOURNAL || eType==SQLITE_OPEN_TEMP_JOURNAL
+       || eType==SQLITE_OPEN_SUBJOURNAL   || eType==SQLITE_OPEN_MASTER_JOURNAL
+       || eType==SQLITE_OPEN_TRANSIENT_DB || eType==SQLITE_OPEN_WAL
+  );
+
+  assert( pFile!=0 );
+  memset(pFile, 0, sizeof(winFile));
+  pFile->h = INVALID_HANDLE_VALUE;
+
+#if SQLITE_OS_WINRT
+  if( !zUtf8Name && !sqlite3_temp_directory ){
+    sqlite3_log(SQLITE_ERROR,
+        "sqlite3_temp_directory variable should be set for WinRT");
+  }
+#endif
+
+  /* If the second argument to this function is NULL, generate a
+  ** temporary file name to use
+  */
+  if( !zUtf8Name ){
+    assert( isDelete && !isOpenJournal );
+    rc = winGetTempname(pVfs, &zTmpname);
+    if( rc!=SQLITE_OK ){
+      OSTRACE(("OPEN name=%s, rc=%s", zUtf8Name, sqlite3ErrName(rc)));
+      return rc;
+    }
+    zUtf8Name = zTmpname;
+  }
+
+  /* Database filenames are double-zero terminated if they are not
+  ** URIs with parameters.  Hence, they can always be passed into
+  ** sqlite3_uri_parameter().
+  */
+  assert( (eType!=SQLITE_OPEN_MAIN_DB) || (flags & SQLITE_OPEN_URI) ||
+       zUtf8Name[sqlite3Strlen30(zUtf8Name)+1]==0 );
+
+  /* Convert the filename to the system encoding. */
+  zConverted = winConvertFromUtf8Filename(zUtf8Name);
+  if( zConverted==0 ){
+    sqlite3_free(zTmpname);
+    OSTRACE(("OPEN name=%s, rc=SQLITE_IOERR_NOMEM", zUtf8Name));
+    return SQLITE_IOERR_NOMEM;
+  }
+
+  if( winIsDir(zConverted) ){
+    sqlite3_free(zConverted);
+    sqlite3_free(zTmpname);
+    OSTRACE(("OPEN name=%s, rc=SQLITE_CANTOPEN_ISDIR", zUtf8Name));
+    return SQLITE_CANTOPEN_ISDIR;
+  }
+
+  if( isReadWrite ){
+    dwDesiredAccess = GENERIC_READ | GENERIC_WRITE;
+  }else{
+    dwDesiredAccess = GENERIC_READ;
+  }
+
+  /* SQLITE_OPEN_EXCLUSIVE is used to make sure that a new file is
+  ** created. SQLite doesn't use it to indicate "exclusive access"
+  ** as it is usually understood.
+  */
+  if( isExclusive ){
+    /* Creates a new file, only if it does not already exist. */
+    /* If the file exists, it fails. */
+    dwCreationDisposition = CREATE_NEW;
+  }else if( isCreate ){
+    /* Open existing file, or create if it doesn't exist */
+    dwCreationDisposition = OPEN_ALWAYS;
+  }else{
+    /* Opens a file, only if it exists. */
+    dwCreationDisposition = OPEN_EXISTING;
+  }
+
+  dwShareMode = FILE_SHARE_READ | FILE_SHARE_WRITE;
+
+  if( isDelete ){
+#if SQLITE_OS_WINCE
+    dwFlagsAndAttributes = FILE_ATTRIBUTE_HIDDEN;
+    isTemp = 1;
+#else
+    dwFlagsAndAttributes = FILE_ATTRIBUTE_TEMPORARY
+                               | FILE_ATTRIBUTE_HIDDEN
+                               | FILE_FLAG_DELETE_ON_CLOSE;
+#endif
+  }else{
+    dwFlagsAndAttributes = FILE_ATTRIBUTE_NORMAL;
+  }
+  /* Reports from the internet are that performance is always
+  ** better if FILE_FLAG_RANDOM_ACCESS is used.  Ticket #2699. */
+#if SQLITE_OS_WINCE
+  dwFlagsAndAttributes |= FILE_FLAG_RANDOM_ACCESS;
+#endif
+
+  if( osIsNT() ){
+#if SQLITE_OS_WINRT
+    CREATEFILE2_EXTENDED_PARAMETERS extendedParameters;
+    extendedParameters.dwSize = sizeof(CREATEFILE2_EXTENDED_PARAMETERS);
+    extendedParameters.dwFileAttributes =
+            dwFlagsAndAttributes & FILE_ATTRIBUTE_MASK;
+    extendedParameters.dwFileFlags = dwFlagsAndAttributes & FILE_FLAG_MASK;
+    extendedParameters.dwSecurityQosFlags = SECURITY_ANONYMOUS;
+    extendedParameters.lpSecurityAttributes = NULL;
+    extendedParameters.hTemplateFile = NULL;
+    while( (h = osCreateFile2((LPCWSTR)zConverted,
+                              dwDesiredAccess,
+                              dwShareMode,
+                              dwCreationDisposition,
+                              &extendedParameters))==INVALID_HANDLE_VALUE &&
+                              winRetryIoerr(&cnt, &lastErrno) ){
+               /* Noop */
+    }
+#else
+    while( (h = osCreateFileW((LPCWSTR)zConverted,
+                              dwDesiredAccess,
+                              dwShareMode, NULL,
+                              dwCreationDisposition,
+                              dwFlagsAndAttributes,
+                              NULL))==INVALID_HANDLE_VALUE &&
+                              winRetryIoerr(&cnt, &lastErrno) ){
+               /* Noop */
+    }
+#endif
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    while( (h = osCreateFileA((LPCSTR)zConverted,
+                              dwDesiredAccess,
+                              dwShareMode, NULL,
+                              dwCreationDisposition,
+                              dwFlagsAndAttributes,
+                              NULL))==INVALID_HANDLE_VALUE &&
+                              winRetryIoerr(&cnt, &lastErrno) ){
+               /* Noop */
+    }
+  }
+#endif
+  winLogIoerr(cnt, __LINE__);
+
+  OSTRACE(("OPEN file=%p, name=%s, access=%lx, rc=%s\n", h, zUtf8Name,
+           dwDesiredAccess, (h==INVALID_HANDLE_VALUE) ? "failed" : "ok"));
+
+  if( h==INVALID_HANDLE_VALUE ){
+    pFile->lastErrno = lastErrno;
+    winLogError(SQLITE_CANTOPEN, pFile->lastErrno, "winOpen", zUtf8Name);
+    sqlite3_free(zConverted);
+    sqlite3_free(zTmpname);
+    if( isReadWrite && !isExclusive ){
+      return winOpen(pVfs, zName, id,
+         ((flags|SQLITE_OPEN_READONLY) &
+                     ~(SQLITE_OPEN_CREATE|SQLITE_OPEN_READWRITE)),
+         pOutFlags);
+    }else{
+      return SQLITE_CANTOPEN_BKPT;
+    }
+  }
+
+  if( pOutFlags ){
+    if( isReadWrite ){
+      *pOutFlags = SQLITE_OPEN_READWRITE;
+    }else{
+      *pOutFlags = SQLITE_OPEN_READONLY;
+    }
+  }
+
+  OSTRACE(("OPEN file=%p, name=%s, access=%lx, pOutFlags=%p, *pOutFlags=%d, "
+           "rc=%s\n", h, zUtf8Name, dwDesiredAccess, pOutFlags, pOutFlags ?
+           *pOutFlags : 0, (h==INVALID_HANDLE_VALUE) ? "failed" : "ok"));
+
+#if SQLITE_OS_WINCE
+  if( isReadWrite && eType==SQLITE_OPEN_MAIN_DB
+       && (rc = winceCreateLock(zName, pFile))!=SQLITE_OK
+  ){
+    osCloseHandle(h);
+    sqlite3_free(zConverted);
+    sqlite3_free(zTmpname);
+    OSTRACE(("OPEN-CE-LOCK name=%s, rc=%s\n", zName, sqlite3ErrName(rc)));
+    return rc;
+  }
+  if( isTemp ){
+    pFile->zDeleteOnClose = zConverted;
+  }else
+#endif
+  {
+    sqlite3_free(zConverted);
+  }
+
+  sqlite3_free(zTmpname);
+  pFile->pMethod = &winIoMethod;
+  pFile->pVfs = pVfs;
+  pFile->h = h;
+  if( isReadonly ){
+    pFile->ctrlFlags |= WINFILE_RDONLY;
+  }
+  if( sqlite3_uri_boolean(zName, "psow", SQLITE_POWERSAFE_OVERWRITE) ){
+    pFile->ctrlFlags |= WINFILE_PSOW;
+  }
+  pFile->lastErrno = NO_ERROR;
+  pFile->zPath = zName;
+#if SQLITE_MAX_MMAP_SIZE>0
+  pFile->hMap = NULL;
+  pFile->pMapRegion = 0;
+  pFile->mmapSize = 0;
+  pFile->mmapSizeActual = 0;
+  pFile->mmapSizeMax = sqlite3GlobalConfig.szMmap;
+#endif
+
+  OpenCounter(+1);
+  return rc;
+}
+
+/*
+** Delete the named file.
+**
+** Note that Windows does not allow a file to be deleted if some other
+** process has it open.  Sometimes a virus scanner or indexing program
+** will open a journal file shortly after it is created in order to do
+** whatever it does.  While this other process is holding the
+** file open, we will be unable to delete it.  To work around this
+** problem, we delay 100 milliseconds and try to delete again.  Up
+** to MX_DELETION_ATTEMPTs deletion attempts are run before giving
+** up and returning an error.
+*/
+static int winDelete(
+  sqlite3_vfs *pVfs,          /* Not used on win32 */
+  const char *zFilename,      /* Name of file to delete */
+  int syncDir                 /* Not used on win32 */
+){
+  int cnt = 0;
+  int rc;
+  DWORD attr;
+  DWORD lastErrno = 0;
+  void *zConverted;
+  UNUSED_PARAMETER(pVfs);
+  UNUSED_PARAMETER(syncDir);
+
+  SimulateIOError(return SQLITE_IOERR_DELETE);
+  OSTRACE(("DELETE name=%s, syncDir=%d\n", zFilename, syncDir));
+
+  zConverted = winConvertFromUtf8Filename(zFilename);
+  if( zConverted==0 ){
+    OSTRACE(("DELETE name=%s, rc=SQLITE_IOERR_NOMEM\n", zFilename));
+    return SQLITE_IOERR_NOMEM;
+  }
+  if( osIsNT() ){
+    do {
+#if SQLITE_OS_WINRT
+      WIN32_FILE_ATTRIBUTE_DATA sAttrData;
+      memset(&sAttrData, 0, sizeof(sAttrData));
+      if ( osGetFileAttributesExW(zConverted, GetFileExInfoStandard,
+                                  &sAttrData) ){
+        attr = sAttrData.dwFileAttributes;
+      }else{
+        lastErrno = osGetLastError();
+        if( lastErrno==ERROR_FILE_NOT_FOUND
+         || lastErrno==ERROR_PATH_NOT_FOUND ){
+          rc = SQLITE_IOERR_DELETE_NOENT; /* Already gone? */
+        }else{
+          rc = SQLITE_ERROR;
+        }
+        break;
+      }
+#else
+      attr = osGetFileAttributesW(zConverted);
+#endif
+      if ( attr==INVALID_FILE_ATTRIBUTES ){
+        lastErrno = osGetLastError();
+        if( lastErrno==ERROR_FILE_NOT_FOUND
+         || lastErrno==ERROR_PATH_NOT_FOUND ){
+          rc = SQLITE_IOERR_DELETE_NOENT; /* Already gone? */
+        }else{
+          rc = SQLITE_ERROR;
+        }
+        break;
+      }
+      if ( attr&FILE_ATTRIBUTE_DIRECTORY ){
+        rc = SQLITE_ERROR; /* Files only. */
+        break;
+      }
+      if ( osDeleteFileW(zConverted) ){
+        rc = SQLITE_OK; /* Deleted OK. */
+        break;
+      }
+      if ( !winRetryIoerr(&cnt, &lastErrno) ){
+        rc = SQLITE_ERROR; /* No more retries. */
+        break;
+      }
+    } while(1);
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    do {
+      attr = osGetFileAttributesA(zConverted);
+      if ( attr==INVALID_FILE_ATTRIBUTES ){
+        lastErrno = osGetLastError();
+        if( lastErrno==ERROR_FILE_NOT_FOUND
+         || lastErrno==ERROR_PATH_NOT_FOUND ){
+          rc = SQLITE_IOERR_DELETE_NOENT; /* Already gone? */
+        }else{
+          rc = SQLITE_ERROR;
+        }
+        break;
+      }
+      if ( attr&FILE_ATTRIBUTE_DIRECTORY ){
+        rc = SQLITE_ERROR; /* Files only. */
+        break;
+      }
+      if ( osDeleteFileA(zConverted) ){
+        rc = SQLITE_OK; /* Deleted OK. */
+        break;
+      }
+      if ( !winRetryIoerr(&cnt, &lastErrno) ){
+        rc = SQLITE_ERROR; /* No more retries. */
+        break;
+      }
+    } while(1);
+  }
+#endif
+  if( rc && rc!=SQLITE_IOERR_DELETE_NOENT ){
+    rc = winLogError(SQLITE_IOERR_DELETE, lastErrno, "winDelete", zFilename);
+  }else{
+    winLogIoerr(cnt, __LINE__);
+  }
+  sqlite3_free(zConverted);
+  OSTRACE(("DELETE name=%s, rc=%s\n", zFilename, sqlite3ErrName(rc)));
+  return rc;
+}
+
+/*
+** Check the existence and status of a file.
+*/
+static int winAccess(
+  sqlite3_vfs *pVfs,         /* Not used on win32 */
+  const char *zFilename,     /* Name of file to check */
+  int flags,                 /* Type of test to make on this file */
+  int *pResOut               /* OUT: Result */
+){
+  DWORD attr;
+  int rc = 0;
+  DWORD lastErrno = 0;
+  void *zConverted;
+  UNUSED_PARAMETER(pVfs);
+
+  SimulateIOError( return SQLITE_IOERR_ACCESS; );
+  OSTRACE(("ACCESS name=%s, flags=%x, pResOut=%p\n",
+           zFilename, flags, pResOut));
+
+  zConverted = winConvertFromUtf8Filename(zFilename);
+  if( zConverted==0 ){
+    OSTRACE(("ACCESS name=%s, rc=SQLITE_IOERR_NOMEM\n", zFilename));
+    return SQLITE_IOERR_NOMEM;
+  }
+  if( osIsNT() ){
+    int cnt = 0;
+    WIN32_FILE_ATTRIBUTE_DATA sAttrData;
+    memset(&sAttrData, 0, sizeof(sAttrData));
+    while( !(rc = osGetFileAttributesExW((LPCWSTR)zConverted,
+                             GetFileExInfoStandard,
+                             &sAttrData)) && winRetryIoerr(&cnt, &lastErrno) ){}
+    if( rc ){
+      /* For an SQLITE_ACCESS_EXISTS query, treat a zero-length file
+      ** as if it does not exist.
+      */
+      if(    flags==SQLITE_ACCESS_EXISTS
+          && sAttrData.nFileSizeHigh==0
+          && sAttrData.nFileSizeLow==0 ){
+        attr = INVALID_FILE_ATTRIBUTES;
+      }else{
+        attr = sAttrData.dwFileAttributes;
+      }
+    }else{
+      winLogIoerr(cnt, __LINE__);
+      if( lastErrno!=ERROR_FILE_NOT_FOUND && lastErrno!=ERROR_PATH_NOT_FOUND ){
+        sqlite3_free(zConverted);
+        return winLogError(SQLITE_IOERR_ACCESS, lastErrno, "winAccess",
+                           zFilename);
+      }else{
+        attr = INVALID_FILE_ATTRIBUTES;
+      }
+    }
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    attr = osGetFileAttributesA((char*)zConverted);
+  }
+#endif
+  sqlite3_free(zConverted);
+  switch( flags ){
+    case SQLITE_ACCESS_READ:
+    case SQLITE_ACCESS_EXISTS:
+      rc = attr!=INVALID_FILE_ATTRIBUTES;
+      break;
+    case SQLITE_ACCESS_READWRITE:
+      rc = attr!=INVALID_FILE_ATTRIBUTES &&
+             (attr & FILE_ATTRIBUTE_READONLY)==0;
+      break;
+    default:
+      assert(!"Invalid flags argument");
+  }
+  *pResOut = rc;
+  OSTRACE(("ACCESS name=%s, pResOut=%p, *pResOut=%d, rc=SQLITE_OK\n",
+           zFilename, pResOut, *pResOut));
+  return SQLITE_OK;
+}
+
+/*
+** Returns non-zero if the specified path name starts with a drive letter
+** followed by a colon character.
+*/
+static BOOL winIsDriveLetterAndColon(
+  const char *zPathname
+){
+  return ( sqlite3Isalpha(zPathname[0]) && zPathname[1]==':' );
+}
+
+/*
+** Returns non-zero if the specified path name should be used verbatim.  If
+** non-zero is returned from this function, the calling function must simply
+** use the provided path name verbatim -OR- resolve it into a full path name
+** using the GetFullPathName Win32 API function (if available).
+*/
+static BOOL winIsVerbatimPathname(
+  const char *zPathname
+){
+  /*
+  ** If the path name starts with a forward slash or a backslash, it is either
+  ** a legal UNC name, a volume relative path, or an absolute path name in the
+  ** "Unix" format on Windows.  There is no easy way to differentiate between
+  ** the final two cases; therefore, we return the safer return value of TRUE
+  ** so that callers of this function will simply use it verbatim.
+  */
+  if ( winIsDirSep(zPathname[0]) ){
+    return TRUE;
+  }
+
+  /*
+  ** If the path name starts with a letter and a colon it is either a volume
+  ** relative path or an absolute path.  Callers of this function must not
+  ** attempt to treat it as a relative path name (i.e. they should simply use
+  ** it verbatim).
+  */
+  if ( winIsDriveLetterAndColon(zPathname) ){
+    return TRUE;
+  }
+
+  /*
+  ** If we get to this point, the path name should almost certainly be a purely
+  ** relative one (i.e. not a UNC name, not absolute, and not volume relative).
+  */
+  return FALSE;
+}
+
+/*
+** Turn a relative pathname into a full pathname.  Write the full
+** pathname into zOut[].  zOut[] will be at least pVfs->mxPathname
+** bytes in size.
+*/
+static int winFullPathname(
+  sqlite3_vfs *pVfs,            /* Pointer to vfs object */
+  const char *zRelative,        /* Possibly relative input path */
+  int nFull,                    /* Size of output buffer in bytes */
+  char *zFull                   /* Output buffer */
+){
+
+#if defined(__CYGWIN__)
+  SimulateIOError( return SQLITE_ERROR );
+  UNUSED_PARAMETER(nFull);
+  assert( nFull>=pVfs->mxPathname );
+  if ( sqlite3_data_directory && !winIsVerbatimPathname(zRelative) ){
+    /*
+    ** NOTE: We are dealing with a relative path name and the data
+    **       directory has been set.  Therefore, use it as the basis
+    **       for converting the relative path name to an absolute
+    **       one by prepending the data directory and a slash.
+    */
+    char *zOut = sqlite3MallocZero( pVfs->mxPathname+1 );
+    if( !zOut ){
+      return SQLITE_IOERR_NOMEM;
+    }
+    if( cygwin_conv_path(
+            (osIsNT() ? CCP_POSIX_TO_WIN_W : CCP_POSIX_TO_WIN_A) |
+            CCP_RELATIVE, zRelative, zOut, pVfs->mxPathname+1)<0 ){
+      sqlite3_free(zOut);
+      return winLogError(SQLITE_CANTOPEN_CONVPATH, (DWORD)errno,
+                         "winFullPathname1", zRelative);
+    }else{
+      char *zUtf8 = winConvertToUtf8Filename(zOut);
+      if( !zUtf8 ){
+        sqlite3_free(zOut);
+        return SQLITE_IOERR_NOMEM;
+      }
+      sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s%c%s",
+                       sqlite3_data_directory, winGetDirSep(), zUtf8);
+      sqlite3_free(zUtf8);
+      sqlite3_free(zOut);
+    }
+  }else{
+    char *zOut = sqlite3MallocZero( pVfs->mxPathname+1 );
+    if( !zOut ){
+      return SQLITE_IOERR_NOMEM;
+    }
+    if( cygwin_conv_path(
+            (osIsNT() ? CCP_POSIX_TO_WIN_W : CCP_POSIX_TO_WIN_A),
+            zRelative, zOut, pVfs->mxPathname+1)<0 ){
+      sqlite3_free(zOut);
+      return winLogError(SQLITE_CANTOPEN_CONVPATH, (DWORD)errno,
+                         "winFullPathname2", zRelative);
+    }else{
+      char *zUtf8 = winConvertToUtf8Filename(zOut);
+      if( !zUtf8 ){
+        sqlite3_free(zOut);
+        return SQLITE_IOERR_NOMEM;
+      }
+      sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zUtf8);
+      sqlite3_free(zUtf8);
+      sqlite3_free(zOut);
+    }
+  }
+  return SQLITE_OK;
+#endif
+
+#if (SQLITE_OS_WINCE || SQLITE_OS_WINRT) && !defined(__CYGWIN__)
+  SimulateIOError( return SQLITE_ERROR );
+  /* WinCE has no concept of a relative pathname, or so I am told. */
+  /* WinRT has no way to convert a relative path to an absolute one. */
+  if ( sqlite3_data_directory && !winIsVerbatimPathname(zRelative) ){
+    /*
+    ** NOTE: We are dealing with a relative path name and the data
+    **       directory has been set.  Therefore, use it as the basis
+    **       for converting the relative path name to an absolute
+    **       one by prepending the data directory and a backslash.
+    */
+    sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s%c%s",
+                     sqlite3_data_directory, winGetDirSep(), zRelative);
+  }else{
+    sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zRelative);
+  }
+  return SQLITE_OK;
+#endif
+
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && !defined(__CYGWIN__)
+  DWORD nByte;
+  void *zConverted;
+  char *zOut;
+
+  /* If this path name begins with "/X:", where "X" is any alphabetic
+  ** character, discard the initial "/" from the pathname.
+  */
+  if( zRelative[0]=='/' && winIsDriveLetterAndColon(zRelative+1) ){
+    zRelative++;
+  }
+
+  /* It's odd to simulate an io-error here, but really this is just
+  ** using the io-error infrastructure to test that SQLite handles this
+  ** function failing. This function could fail if, for example, the
+  ** current working directory has been unlinked.
+  */
+  SimulateIOError( return SQLITE_ERROR );
+  if ( sqlite3_data_directory && !winIsVerbatimPathname(zRelative) ){
+    /*
+    ** NOTE: We are dealing with a relative path name and the data
+    **       directory has been set.  Therefore, use it as the basis
+    **       for converting the relative path name to an absolute
+    **       one by prepending the data directory and a backslash.
+    */
+    sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s%c%s",
+                     sqlite3_data_directory, winGetDirSep(), zRelative);
+    return SQLITE_OK;
+  }
+  zConverted = winConvertFromUtf8Filename(zRelative);
+  if( zConverted==0 ){
+    return SQLITE_IOERR_NOMEM;
+  }
+  if( osIsNT() ){
+    LPWSTR zTemp;
+    nByte = osGetFullPathNameW((LPCWSTR)zConverted, 0, 0, 0);
+    if( nByte==0 ){
+      sqlite3_free(zConverted);
+      return winLogError(SQLITE_CANTOPEN_FULLPATH, osGetLastError(),
+                         "winFullPathname1", zRelative);
+    }
+    nByte += 3;
+    zTemp = sqlite3MallocZero( nByte*sizeof(zTemp[0]) );
+    if( zTemp==0 ){
+      sqlite3_free(zConverted);
+      return SQLITE_IOERR_NOMEM;
+    }
+    nByte = osGetFullPathNameW((LPCWSTR)zConverted, nByte, zTemp, 0);
+    if( nByte==0 ){
+      sqlite3_free(zConverted);
+      sqlite3_free(zTemp);
+      return winLogError(SQLITE_CANTOPEN_FULLPATH, osGetLastError(),
+                         "winFullPathname2", zRelative);
+    }
+    sqlite3_free(zConverted);
+    zOut = winUnicodeToUtf8(zTemp);
+    sqlite3_free(zTemp);
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    char *zTemp;
+    nByte = osGetFullPathNameA((char*)zConverted, 0, 0, 0);
+    if( nByte==0 ){
+      sqlite3_free(zConverted);
+      return winLogError(SQLITE_CANTOPEN_FULLPATH, osGetLastError(),
+                         "winFullPathname3", zRelative);
+    }
+    nByte += 3;
+    zTemp = sqlite3MallocZero( nByte*sizeof(zTemp[0]) );
+    if( zTemp==0 ){
+      sqlite3_free(zConverted);
+      return SQLITE_IOERR_NOMEM;
+    }
+    nByte = osGetFullPathNameA((char*)zConverted, nByte, zTemp, 0);
+    if( nByte==0 ){
+      sqlite3_free(zConverted);
+      sqlite3_free(zTemp);
+      return winLogError(SQLITE_CANTOPEN_FULLPATH, osGetLastError(),
+                         "winFullPathname4", zRelative);
+    }
+    sqlite3_free(zConverted);
+    zOut = sqlite3_win32_mbcs_to_utf8(zTemp);
+    sqlite3_free(zTemp);
+  }
+#endif
+  if( zOut ){
+    sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zOut);
+    sqlite3_free(zOut);
+    return SQLITE_OK;
+  }else{
+    return SQLITE_IOERR_NOMEM;
+  }
+#endif
+}
+
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+/*
+** Interfaces for opening a shared library, finding entry points
+** within the shared library, and closing the shared library.
+*/
+static void *winDlOpen(sqlite3_vfs *pVfs, const char *zFilename){
+  HANDLE h;
+#if defined(__CYGWIN__)
+  int nFull = pVfs->mxPathname+1;
+  char *zFull = sqlite3MallocZero( nFull );
+  void *zConverted = 0;
+  if( zFull==0 ){
+    OSTRACE(("DLOPEN name=%s, handle=%p\n", zFilename, (void*)0));
+    return 0;
+  }
+  if( winFullPathname(pVfs, zFilename, nFull, zFull)!=SQLITE_OK ){
+    sqlite3_free(zFull);
+    OSTRACE(("DLOPEN name=%s, handle=%p\n", zFilename, (void*)0));
+    return 0;
+  }
+  zConverted = winConvertFromUtf8Filename(zFull);
+  sqlite3_free(zFull);
+#else
+  void *zConverted = winConvertFromUtf8Filename(zFilename);
+  UNUSED_PARAMETER(pVfs);
+#endif
+  if( zConverted==0 ){
+    OSTRACE(("DLOPEN name=%s, handle=%p\n", zFilename, (void*)0));
+    return 0;
+  }
+  if( osIsNT() ){
+#if SQLITE_OS_WINRT
+    h = osLoadPackagedLibrary((LPCWSTR)zConverted, 0);
+#else
+    h = osLoadLibraryW((LPCWSTR)zConverted);
+#endif
+  }
+#ifdef SQLITE_WIN32_HAS_ANSI
+  else{
+    h = osLoadLibraryA((char*)zConverted);
+  }
+#endif
+  OSTRACE(("DLOPEN name=%s, handle=%p\n", zFilename, (void*)h));
+  sqlite3_free(zConverted);
+  return (void*)h;
+}
+static void winDlError(sqlite3_vfs *pVfs, int nBuf, char *zBufOut){
+  UNUSED_PARAMETER(pVfs);
+  winGetLastErrorMsg(osGetLastError(), nBuf, zBufOut);
+}
+static void (*winDlSym(sqlite3_vfs *pVfs,void *pH,const char *zSym))(void){
+  FARPROC proc;
+  UNUSED_PARAMETER(pVfs);
+  proc = osGetProcAddressA((HANDLE)pH, zSym);
+  OSTRACE(("DLSYM handle=%p, symbol=%s, address=%p\n",
+           (void*)pH, zSym, (void*)proc));
+  return (void(*)(void))proc;
+}
+static void winDlClose(sqlite3_vfs *pVfs, void *pHandle){
+  UNUSED_PARAMETER(pVfs);
+  osFreeLibrary((HANDLE)pHandle);
+  OSTRACE(("DLCLOSE handle=%p\n", (void*)pHandle));
+}
+#else /* if SQLITE_OMIT_LOAD_EXTENSION is defined: */
+  #define winDlOpen  0
+  #define winDlError 0
+  #define winDlSym   0
+  #define winDlClose 0
+#endif
+
+
+/*
+** Write up to nBuf bytes of randomness into zBuf.
+*/
+static int winRandomness(sqlite3_vfs *pVfs, int nBuf, char *zBuf){
+  int n = 0;
+  UNUSED_PARAMETER(pVfs);
+#if defined(SQLITE_TEST) || defined(SQLITE_OMIT_RANDOMNESS)
+  n = nBuf;
+  memset(zBuf, 0, nBuf);
+#else
+  if( sizeof(SYSTEMTIME)<=nBuf-n ){
+    SYSTEMTIME x;
+    osGetSystemTime(&x);
+    memcpy(&zBuf[n], &x, sizeof(x));
+    n += sizeof(x);
+  }
+  if( sizeof(DWORD)<=nBuf-n ){
+    DWORD pid = osGetCurrentProcessId();
+    memcpy(&zBuf[n], &pid, sizeof(pid));
+    n += sizeof(pid);
+  }
+#if SQLITE_OS_WINRT
+  if( sizeof(ULONGLONG)<=nBuf-n ){
+    ULONGLONG cnt = osGetTickCount64();
+    memcpy(&zBuf[n], &cnt, sizeof(cnt));
+    n += sizeof(cnt);
+  }
+#else
+  if( sizeof(DWORD)<=nBuf-n ){
+    DWORD cnt = osGetTickCount();
+    memcpy(&zBuf[n], &cnt, sizeof(cnt));
+    n += sizeof(cnt);
+  }
+#endif
+  if( sizeof(LARGE_INTEGER)<=nBuf-n ){
+    LARGE_INTEGER i;
+    osQueryPerformanceCounter(&i);
+    memcpy(&zBuf[n], &i, sizeof(i));
+    n += sizeof(i);
+  }
+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && SQLITE_WIN32_USE_UUID
+  if( sizeof(UUID)<=nBuf-n ){
+    UUID id;
+    memset(&id, 0, sizeof(UUID));
+    osUuidCreate(&id);
+    memcpy(&zBuf[n], &id, sizeof(UUID));
+    n += sizeof(UUID);
+  }
+  if( sizeof(UUID)<=nBuf-n ){
+    UUID id;
+    memset(&id, 0, sizeof(UUID));
+    osUuidCreateSequential(&id);
+    memcpy(&zBuf[n], &id, sizeof(UUID));
+    n += sizeof(UUID);
+  }
+#endif
+#endif /* defined(SQLITE_TEST) || defined(SQLITE_ZERO_PRNG_SEED) */
+  return n;
+}
+
+
+/*
+** Sleep for a little while.  Return the amount of time slept.
+*/
+static int winSleep(sqlite3_vfs *pVfs, int microsec){
+  sqlite3_win32_sleep((microsec+999)/1000);
+  UNUSED_PARAMETER(pVfs);
+  return ((microsec+999)/1000)*1000;
+}
+
+/*
+** The following variable, if set to a non-zero value, is interpreted as
+** the number of seconds since 1970 and is used to set the result of
+** sqlite3OsCurrentTime() during testing.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_current_time = 0;  /* Fake system time in seconds since 1970. */
+#endif
+
+/*
+** Find the current time (in Universal Coordinated Time).  Write into *piNow
+** the current time and date as a Julian Day number times 86_400_000.  In
+** other words, write into *piNow the number of milliseconds since the Julian
+** epoch of noon in Greenwich on November 24, 4714 B.C according to the
+** proleptic Gregorian calendar.
+**
+** On success, return SQLITE_OK.  Return SQLITE_ERROR if the time and date
+** cannot be found.
+*/
+static int winCurrentTimeInt64(sqlite3_vfs *pVfs, sqlite3_int64 *piNow){
+  /* FILETIME structure is a 64-bit value representing the number of
+     100-nanosecond intervals since January 1, 1601 (= JD 2305813.5).
+  */
+  FILETIME ft;
+  static const sqlite3_int64 winFiletimeEpoch = 23058135*(sqlite3_int64)8640000;
+#ifdef SQLITE_TEST
+  static const sqlite3_int64 unixEpoch = 24405875*(sqlite3_int64)8640000;
+#endif
+  /* 2^32 - to avoid use of LL and warnings in gcc */
+  static const sqlite3_int64 max32BitValue =
+      (sqlite3_int64)2000000000 + (sqlite3_int64)2000000000 +
+      (sqlite3_int64)294967296;
+
+#if SQLITE_OS_WINCE
+  SYSTEMTIME time;
+  osGetSystemTime(&time);
+  /* if SystemTimeToFileTime() fails, it returns zero. */
+  if (!osSystemTimeToFileTime(&time,&ft)){
+    return SQLITE_ERROR;
+  }
+#else
+  osGetSystemTimeAsFileTime( &ft );
+#endif
+
+  *piNow = winFiletimeEpoch +
+            ((((sqlite3_int64)ft.dwHighDateTime)*max32BitValue) +
+               (sqlite3_int64)ft.dwLowDateTime)/(sqlite3_int64)10000;
+
+#ifdef SQLITE_TEST
+  if( sqlite3_current_time ){
+    *piNow = 1000*(sqlite3_int64)sqlite3_current_time + unixEpoch;
+  }
+#endif
+  UNUSED_PARAMETER(pVfs);
+  return SQLITE_OK;
+}
+
+/*
+** Find the current time (in Universal Coordinated Time).  Write the
+** current time and date as a Julian Day number into *prNow and
+** return 0.  Return 1 if the time and date cannot be found.
+*/
+static int winCurrentTime(sqlite3_vfs *pVfs, double *prNow){
+  int rc;
+  sqlite3_int64 i;
+  rc = winCurrentTimeInt64(pVfs, &i);
+  if( !rc ){
+    *prNow = i/86400000.0;
+  }
+  return rc;
+}
+
+/*
+** The idea is that this function works like a combination of
+** GetLastError() and FormatMessage() on Windows (or errno and
+** strerror_r() on Unix). After an error is returned by an OS
+** function, SQLite calls this function with zBuf pointing to
+** a buffer of nBuf bytes. The OS layer should populate the
+** buffer with a nul-terminated UTF-8 encoded error message
+** describing the last IO error to have occurred within the calling
+** thread.
+**
+** If the error message is too large for the supplied buffer,
+** it should be truncated. The return value of xGetLastError
+** is zero if the error message fits in the buffer, or non-zero
+** otherwise (if the message was truncated). If non-zero is returned,
+** then it is not necessary to include the nul-terminator character
+** in the output buffer.
+**
+** Not supplying an error message will have no adverse effect
+** on SQLite. It is fine to have an implementation that never
+** returns an error message:
+**
+**   int xGetLastError(sqlite3_vfs *pVfs, int nBuf, char *zBuf){
+**     assert(zBuf[0]=='\0');
+**     return 0;
+**   }
+**
+** However if an error message is supplied, it will be incorporated
+** by sqlite into the error message available to the user using
+** sqlite3_errmsg(), possibly making IO errors easier to debug.
+*/
+static int winGetLastError(sqlite3_vfs *pVfs, int nBuf, char *zBuf){
+  UNUSED_PARAMETER(pVfs);
+  return winGetLastErrorMsg(osGetLastError(), nBuf, zBuf);
+}
+
+/*
+** Initialize and deinitialize the operating system interface.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_os_init(void){
+  static sqlite3_vfs winVfs = {
+    3,                   /* iVersion */
+    sizeof(winFile),     /* szOsFile */
+    SQLITE_WIN32_MAX_PATH_BYTES, /* mxPathname */
+    0,                   /* pNext */
+    "win32",             /* zName */
+    0,                   /* pAppData */
+    winOpen,             /* xOpen */
+    winDelete,           /* xDelete */
+    winAccess,           /* xAccess */
+    winFullPathname,     /* xFullPathname */
+    winDlOpen,           /* xDlOpen */
+    winDlError,          /* xDlError */
+    winDlSym,            /* xDlSym */
+    winDlClose,          /* xDlClose */
+    winRandomness,       /* xRandomness */
+    winSleep,            /* xSleep */
+    winCurrentTime,      /* xCurrentTime */
+    winGetLastError,     /* xGetLastError */
+    winCurrentTimeInt64, /* xCurrentTimeInt64 */
+    winSetSystemCall,    /* xSetSystemCall */
+    winGetSystemCall,    /* xGetSystemCall */
+    winNextSystemCall,   /* xNextSystemCall */
+  };
+#if defined(SQLITE_WIN32_HAS_WIDE)
+  static sqlite3_vfs winLongPathVfs = {
+    3,                   /* iVersion */
+    sizeof(winFile),     /* szOsFile */
+    SQLITE_WINNT_MAX_PATH_BYTES, /* mxPathname */
+    0,                   /* pNext */
+    "win32-longpath",    /* zName */
+    0,                   /* pAppData */
+    winOpen,             /* xOpen */
+    winDelete,           /* xDelete */
+    winAccess,           /* xAccess */
+    winFullPathname,     /* xFullPathname */
+    winDlOpen,           /* xDlOpen */
+    winDlError,          /* xDlError */
+    winDlSym,            /* xDlSym */
+    winDlClose,          /* xDlClose */
+    winRandomness,       /* xRandomness */
+    winSleep,            /* xSleep */
+    winCurrentTime,      /* xCurrentTime */
+    winGetLastError,     /* xGetLastError */
+    winCurrentTimeInt64, /* xCurrentTimeInt64 */
+    winSetSystemCall,    /* xSetSystemCall */
+    winGetSystemCall,    /* xGetSystemCall */
+    winNextSystemCall,   /* xNextSystemCall */
+  };
+#endif
+
+  /* Double-check that the aSyscall[] array has been constructed
+  ** correctly.  See ticket [bb3a86e890c8e96ab] */
+  assert( ArraySize(aSyscall)==80 );
+
+  /* get memory map allocation granularity */
+  memset(&winSysInfo, 0, sizeof(SYSTEM_INFO));
+#if SQLITE_OS_WINRT
+  osGetNativeSystemInfo(&winSysInfo);
+#else
+  osGetSystemInfo(&winSysInfo);
+#endif
+  assert( winSysInfo.dwAllocationGranularity>0 );
+  assert( winSysInfo.dwPageSize>0 );
+
+  sqlite3_vfs_register(&winVfs, 1);
+
+#if defined(SQLITE_WIN32_HAS_WIDE)
+  sqlite3_vfs_register(&winLongPathVfs, 0);
+#endif
+
+  return SQLITE_OK;
+}
+
+SQLITE_API int SQLITE_STDCALL sqlite3_os_end(void){
+#if SQLITE_OS_WINRT
+  if( sleepObj!=NULL ){
+    osCloseHandle(sleepObj);
+    sleepObj = NULL;
+  }
+#endif
+  return SQLITE_OK;
+}
+
+#endif /* SQLITE_OS_WIN */
+
+/************** End of os_win.c **********************************************/
+/************** Begin file bitvec.c ******************************************/
+/*
+** 2008 February 16
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file implements an object that represents a fixed-length
+** bitmap.  Bits are numbered starting with 1.
+**
+** A bitmap is used to record which pages of a database file have been
+** journalled during a transaction, or which pages have the "dont-write"
+** property.  Usually only a few pages are meet either condition.
+** So the bitmap is usually sparse and has low cardinality.
+** But sometimes (for example when during a DROP of a large table) most
+** or all of the pages in a database can get journalled.  In those cases, 
+** the bitmap becomes dense with high cardinality.  The algorithm needs 
+** to handle both cases well.
+**
+** The size of the bitmap is fixed when the object is created.
+**
+** All bits are clear when the bitmap is created.  Individual bits
+** may be set or cleared one at a time.
+**
+** Test operations are about 100 times more common that set operations.
+** Clear operations are exceedingly rare.  There are usually between
+** 5 and 500 set operations per Bitvec object, though the number of sets can
+** sometimes grow into tens of thousands or larger.  The size of the
+** Bitvec object is the number of pages in the database file at the
+** start of a transaction, and is thus usually less than a few thousand,
+** but can be as large as 2 billion for a really big database.
+*/
+/* #include "sqliteInt.h" */
+
+/* Size of the Bitvec structure in bytes. */
+#define BITVEC_SZ        512
+
+/* Round the union size down to the nearest pointer boundary, since that's how 
+** it will be aligned within the Bitvec struct. */
+#define BITVEC_USIZE \
+    (((BITVEC_SZ-(3*sizeof(u32)))/sizeof(Bitvec*))*sizeof(Bitvec*))
+
+/* Type of the array "element" for the bitmap representation. 
+** Should be a power of 2, and ideally, evenly divide into BITVEC_USIZE. 
+** Setting this to the "natural word" size of your CPU may improve
+** performance. */
+#define BITVEC_TELEM     u8
+/* Size, in bits, of the bitmap element. */
+#define BITVEC_SZELEM    8
+/* Number of elements in a bitmap array. */
+#define BITVEC_NELEM     (BITVEC_USIZE/sizeof(BITVEC_TELEM))
+/* Number of bits in the bitmap array. */
+#define BITVEC_NBIT      (BITVEC_NELEM*BITVEC_SZELEM)
+
+/* Number of u32 values in hash table. */
+#define BITVEC_NINT      (BITVEC_USIZE/sizeof(u32))
+/* Maximum number of entries in hash table before 
+** sub-dividing and re-hashing. */
+#define BITVEC_MXHASH    (BITVEC_NINT/2)
+/* Hashing function for the aHash representation.
+** Empirical testing showed that the *37 multiplier 
+** (an arbitrary prime)in the hash function provided 
+** no fewer collisions than the no-op *1. */
+#define BITVEC_HASH(X)   (((X)*1)%BITVEC_NINT)
+
+#define BITVEC_NPTR      (BITVEC_USIZE/sizeof(Bitvec *))
+
+
+/*
+** A bitmap is an instance of the following structure.
+**
+** This bitmap records the existence of zero or more bits
+** with values between 1 and iSize, inclusive.
+**
+** There are three possible representations of the bitmap.
+** If iSize<=BITVEC_NBIT, then Bitvec.u.aBitmap[] is a straight
+** bitmap.  The least significant bit is bit 1.
+**
+** If iSize>BITVEC_NBIT and iDivisor==0 then Bitvec.u.aHash[] is
+** a hash table that will hold up to BITVEC_MXHASH distinct values.
+**
+** Otherwise, the value i is redirected into one of BITVEC_NPTR
+** sub-bitmaps pointed to by Bitvec.u.apSub[].  Each subbitmap
+** handles up to iDivisor separate values of i.  apSub[0] holds
+** values between 1 and iDivisor.  apSub[1] holds values between
+** iDivisor+1 and 2*iDivisor.  apSub[N] holds values between
+** N*iDivisor+1 and (N+1)*iDivisor.  Each subbitmap is normalized
+** to hold deal with values between 1 and iDivisor.
+*/
+struct Bitvec {
+  u32 iSize;      /* Maximum bit index.  Max iSize is 4,294,967,296. */
+  u32 nSet;       /* Number of bits that are set - only valid for aHash
+                  ** element.  Max is BITVEC_NINT.  For BITVEC_SZ of 512,
+                  ** this would be 125. */
+  u32 iDivisor;   /* Number of bits handled by each apSub[] entry. */
+                  /* Should >=0 for apSub element. */
+                  /* Max iDivisor is max(u32) / BITVEC_NPTR + 1.  */
+                  /* For a BITVEC_SZ of 512, this would be 34,359,739. */
+  union {
+    BITVEC_TELEM aBitmap[BITVEC_NELEM];    /* Bitmap representation */
+    u32 aHash[BITVEC_NINT];      /* Hash table representation */
+    Bitvec *apSub[BITVEC_NPTR];  /* Recursive representation */
+  } u;
+};
+
+/*
+** Create a new bitmap object able to handle bits between 0 and iSize,
+** inclusive.  Return a pointer to the new object.  Return NULL if 
+** malloc fails.
+*/
+SQLITE_PRIVATE Bitvec *sqlite3BitvecCreate(u32 iSize){
+  Bitvec *p;
+  assert( sizeof(*p)==BITVEC_SZ );
+  p = sqlite3MallocZero( sizeof(*p) );
+  if( p ){
+    p->iSize = iSize;
+  }
+  return p;
+}
+
+/*
+** Check to see if the i-th bit is set.  Return true or false.
+** If p is NULL (if the bitmap has not been created) or if
+** i is out of range, then return false.
+*/
+SQLITE_PRIVATE int sqlite3BitvecTestNotNull(Bitvec *p, u32 i){
+  assert( p!=0 );
+  i--;
+  if( i>=p->iSize ) return 0;
+  while( p->iDivisor ){
+    u32 bin = i/p->iDivisor;
+    i = i%p->iDivisor;
+    p = p->u.apSub[bin];
+    if (!p) {
+      return 0;
+    }
+  }
+  if( p->iSize<=BITVEC_NBIT ){
+    return (p->u.aBitmap[i/BITVEC_SZELEM] & (1<<(i&(BITVEC_SZELEM-1))))!=0;
+  } else{
+    u32 h = BITVEC_HASH(i++);
+    while( p->u.aHash[h] ){
+      if( p->u.aHash[h]==i ) return 1;
+      h = (h+1) % BITVEC_NINT;
+    }
+    return 0;
+  }
+}
+SQLITE_PRIVATE int sqlite3BitvecTest(Bitvec *p, u32 i){
+  return p!=0 && sqlite3BitvecTestNotNull(p,i);
+}
+
+/*
+** Set the i-th bit.  Return 0 on success and an error code if
+** anything goes wrong.
+**
+** This routine might cause sub-bitmaps to be allocated.  Failing
+** to get the memory needed to hold the sub-bitmap is the only
+** that can go wrong with an insert, assuming p and i are valid.
+**
+** The calling function must ensure that p is a valid Bitvec object
+** and that the value for "i" is within range of the Bitvec object.
+** Otherwise the behavior is undefined.
+*/
+SQLITE_PRIVATE int sqlite3BitvecSet(Bitvec *p, u32 i){
+  u32 h;
+  if( p==0 ) return SQLITE_OK;
+  assert( i>0 );
+  assert( i<=p->iSize );
+  i--;
+  while((p->iSize > BITVEC_NBIT) && p->iDivisor) {
+    u32 bin = i/p->iDivisor;
+    i = i%p->iDivisor;
+    if( p->u.apSub[bin]==0 ){
+      p->u.apSub[bin] = sqlite3BitvecCreate( p->iDivisor );
+      if( p->u.apSub[bin]==0 ) return SQLITE_NOMEM;
+    }
+    p = p->u.apSub[bin];
+  }
+  if( p->iSize<=BITVEC_NBIT ){
+    p->u.aBitmap[i/BITVEC_SZELEM] |= 1 << (i&(BITVEC_SZELEM-1));
+    return SQLITE_OK;
+  }
+  h = BITVEC_HASH(i++);
+  /* if there wasn't a hash collision, and this doesn't */
+  /* completely fill the hash, then just add it without */
+  /* worring about sub-dividing and re-hashing. */
+  if( !p->u.aHash[h] ){
+    if (p->nSet<(BITVEC_NINT-1)) {
+      goto bitvec_set_end;
+    } else {
+      goto bitvec_set_rehash;
+    }
+  }
+  /* there was a collision, check to see if it's already */
+  /* in hash, if not, try to find a spot for it */
+  do {
+    if( p->u.aHash[h]==i ) return SQLITE_OK;
+    h++;
+    if( h>=BITVEC_NINT ) h = 0;
+  } while( p->u.aHash[h] );
+  /* we didn't find it in the hash.  h points to the first */
+  /* available free spot. check to see if this is going to */
+  /* make our hash too "full".  */
+bitvec_set_rehash:
+  if( p->nSet>=BITVEC_MXHASH ){
+    unsigned int j;
+    int rc;
+    u32 *aiValues = sqlite3StackAllocRaw(0, sizeof(p->u.aHash));
+    if( aiValues==0 ){
+      return SQLITE_NOMEM;
+    }else{
+      memcpy(aiValues, p->u.aHash, sizeof(p->u.aHash));
+      memset(p->u.apSub, 0, sizeof(p->u.apSub));
+      p->iDivisor = (p->iSize + BITVEC_NPTR - 1)/BITVEC_NPTR;
+      rc = sqlite3BitvecSet(p, i);
+      for(j=0; j<BITVEC_NINT; j++){
+        if( aiValues[j] ) rc |= sqlite3BitvecSet(p, aiValues[j]);
+      }
+      sqlite3StackFree(0, aiValues);
+      return rc;
+    }
+  }
+bitvec_set_end:
+  p->nSet++;
+  p->u.aHash[h] = i;
+  return SQLITE_OK;
+}
+
+/*
+** Clear the i-th bit.
+**
+** pBuf must be a pointer to at least BITVEC_SZ bytes of temporary storage
+** that BitvecClear can use to rebuilt its hash table.
+*/
+SQLITE_PRIVATE void sqlite3BitvecClear(Bitvec *p, u32 i, void *pBuf){
+  if( p==0 ) return;
+  assert( i>0 );
+  i--;
+  while( p->iDivisor ){
+    u32 bin = i/p->iDivisor;
+    i = i%p->iDivisor;
+    p = p->u.apSub[bin];
+    if (!p) {
+      return;
+    }
+  }
+  if( p->iSize<=BITVEC_NBIT ){
+    p->u.aBitmap[i/BITVEC_SZELEM] &= ~(1 << (i&(BITVEC_SZELEM-1)));
+  }else{
+    unsigned int j;
+    u32 *aiValues = pBuf;
+    memcpy(aiValues, p->u.aHash, sizeof(p->u.aHash));
+    memset(p->u.aHash, 0, sizeof(p->u.aHash));
+    p->nSet = 0;
+    for(j=0; j<BITVEC_NINT; j++){
+      if( aiValues[j] && aiValues[j]!=(i+1) ){
+        u32 h = BITVEC_HASH(aiValues[j]-1);
+        p->nSet++;
+        while( p->u.aHash[h] ){
+          h++;
+          if( h>=BITVEC_NINT ) h = 0;
+        }
+        p->u.aHash[h] = aiValues[j];
+      }
+    }
+  }
+}
+
+/*
+** Destroy a bitmap object.  Reclaim all memory used.
+*/
+SQLITE_PRIVATE void sqlite3BitvecDestroy(Bitvec *p){
+  if( p==0 ) return;
+  if( p->iDivisor ){
+    unsigned int i;
+    for(i=0; i<BITVEC_NPTR; i++){
+      sqlite3BitvecDestroy(p->u.apSub[i]);
+    }
+  }
+  sqlite3_free(p);
+}
+
+/*
+** Return the value of the iSize parameter specified when Bitvec *p
+** was created.
+*/
+SQLITE_PRIVATE u32 sqlite3BitvecSize(Bitvec *p){
+  return p->iSize;
+}
+
+#ifndef SQLITE_OMIT_BUILTIN_TEST
+/*
+** Let V[] be an array of unsigned characters sufficient to hold
+** up to N bits.  Let I be an integer between 0 and N.  0<=I<N.
+** Then the following macros can be used to set, clear, or test
+** individual bits within V.
+*/
+#define SETBIT(V,I)      V[I>>3] |= (1<<(I&7))
+#define CLEARBIT(V,I)    V[I>>3] &= ~(1<<(I&7))
+#define TESTBIT(V,I)     (V[I>>3]&(1<<(I&7)))!=0
+
+/*
+** This routine runs an extensive test of the Bitvec code.
+**
+** The input is an array of integers that acts as a program
+** to test the Bitvec.  The integers are opcodes followed
+** by 0, 1, or 3 operands, depending on the opcode.  Another
+** opcode follows immediately after the last operand.
+**
+** There are 6 opcodes numbered from 0 through 5.  0 is the
+** "halt" opcode and causes the test to end.
+**
+**    0          Halt and return the number of errors
+**    1 N S X    Set N bits beginning with S and incrementing by X
+**    2 N S X    Clear N bits beginning with S and incrementing by X
+**    3 N        Set N randomly chosen bits
+**    4 N        Clear N randomly chosen bits
+**    5 N S X    Set N bits from S increment X in array only, not in bitvec
+**
+** The opcodes 1 through 4 perform set and clear operations are performed
+** on both a Bitvec object and on a linear array of bits obtained from malloc.
+** Opcode 5 works on the linear array only, not on the Bitvec.
+** Opcode 5 is used to deliberately induce a fault in order to
+** confirm that error detection works.
+**
+** At the conclusion of the test the linear array is compared
+** against the Bitvec object.  If there are any differences,
+** an error is returned.  If they are the same, zero is returned.
+**
+** If a memory allocation error occurs, return -1.
+*/
+SQLITE_PRIVATE int sqlite3BitvecBuiltinTest(int sz, int *aOp){
+  Bitvec *pBitvec = 0;
+  unsigned char *pV = 0;
+  int rc = -1;
+  int i, nx, pc, op;
+  void *pTmpSpace;
+
+  /* Allocate the Bitvec to be tested and a linear array of
+  ** bits to act as the reference */
+  pBitvec = sqlite3BitvecCreate( sz );
+  pV = sqlite3MallocZero( (sz+7)/8 + 1 );
+  pTmpSpace = sqlite3_malloc64(BITVEC_SZ);
+  if( pBitvec==0 || pV==0 || pTmpSpace==0  ) goto bitvec_end;
+
+  /* NULL pBitvec tests */
+  sqlite3BitvecSet(0, 1);
+  sqlite3BitvecClear(0, 1, pTmpSpace);
+
+  /* Run the program */
+  pc = 0;
+  while( (op = aOp[pc])!=0 ){
+    switch( op ){
+      case 1:
+      case 2:
+      case 5: {
+        nx = 4;
+        i = aOp[pc+2] - 1;
+        aOp[pc+2] += aOp[pc+3];
+        break;
+      }
+      case 3:
+      case 4: 
+      default: {
+        nx = 2;
+        sqlite3_randomness(sizeof(i), &i);
+        break;
+      }
+    }
+    if( (--aOp[pc+1]) > 0 ) nx = 0;
+    pc += nx;
+    i = (i & 0x7fffffff)%sz;
+    if( (op & 1)!=0 ){
+      SETBIT(pV, (i+1));
+      if( op!=5 ){
+        if( sqlite3BitvecSet(pBitvec, i+1) ) goto bitvec_end;
+      }
+    }else{
+      CLEARBIT(pV, (i+1));
+      sqlite3BitvecClear(pBitvec, i+1, pTmpSpace);
+    }
+  }
+
+  /* Test to make sure the linear array exactly matches the
+  ** Bitvec object.  Start with the assumption that they do
+  ** match (rc==0).  Change rc to non-zero if a discrepancy
+  ** is found.
+  */
+  rc = sqlite3BitvecTest(0,0) + sqlite3BitvecTest(pBitvec, sz+1)
+          + sqlite3BitvecTest(pBitvec, 0)
+          + (sqlite3BitvecSize(pBitvec) - sz);
+  for(i=1; i<=sz; i++){
+    if(  (TESTBIT(pV,i))!=sqlite3BitvecTest(pBitvec,i) ){
+      rc = i;
+      break;
+    }
+  }
+
+  /* Free allocated structure */
+bitvec_end:
+  sqlite3_free(pTmpSpace);
+  sqlite3_free(pV);
+  sqlite3BitvecDestroy(pBitvec);
+  return rc;
+}
+#endif /* SQLITE_OMIT_BUILTIN_TEST */
+
+/************** End of bitvec.c **********************************************/
+/************** Begin file pcache.c ******************************************/
+/*
+** 2008 August 05
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file implements that page cache.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** A complete page cache is an instance of this structure.
+*/
+struct PCache {
+  PgHdr *pDirty, *pDirtyTail;         /* List of dirty pages in LRU order */
+  PgHdr *pSynced;                     /* Last synced page in dirty page list */
+  int nRefSum;                        /* Sum of ref counts over all pages */
+  int szCache;                        /* Configured cache size */
+  int szSpill;                        /* Size before spilling occurs */
+  int szPage;                         /* Size of every page in this cache */
+  int szExtra;                        /* Size of extra space for each page */
+  u8 bPurgeable;                      /* True if pages are on backing store */
+  u8 eCreate;                         /* eCreate value for for xFetch() */
+  int (*xStress)(void*,PgHdr*);       /* Call to try make a page clean */
+  void *pStress;                      /* Argument to xStress */
+  sqlite3_pcache *pCache;             /* Pluggable cache module */
+};
+
+/********************************** Linked List Management ********************/
+
+/* Allowed values for second argument to pcacheManageDirtyList() */
+#define PCACHE_DIRTYLIST_REMOVE   1    /* Remove pPage from dirty list */
+#define PCACHE_DIRTYLIST_ADD      2    /* Add pPage to the dirty list */
+#define PCACHE_DIRTYLIST_FRONT    3    /* Move pPage to the front of the list */
+
+/*
+** Manage pPage's participation on the dirty list.  Bits of the addRemove
+** argument determines what operation to do.  The 0x01 bit means first
+** remove pPage from the dirty list.  The 0x02 means add pPage back to
+** the dirty list.  Doing both moves pPage to the front of the dirty list.
+*/
+static void pcacheManageDirtyList(PgHdr *pPage, u8 addRemove){
+  PCache *p = pPage->pCache;
+
+  if( addRemove & PCACHE_DIRTYLIST_REMOVE ){
+    assert( pPage->pDirtyNext || pPage==p->pDirtyTail );
+    assert( pPage->pDirtyPrev || pPage==p->pDirty );
+  
+    /* Update the PCache1.pSynced variable if necessary. */
+    if( p->pSynced==pPage ){
+      PgHdr *pSynced = pPage->pDirtyPrev;
+      while( pSynced && (pSynced->flags&PGHDR_NEED_SYNC) ){
+        pSynced = pSynced->pDirtyPrev;
+      }
+      p->pSynced = pSynced;
+    }
+  
+    if( pPage->pDirtyNext ){
+      pPage->pDirtyNext->pDirtyPrev = pPage->pDirtyPrev;
+    }else{
+      assert( pPage==p->pDirtyTail );
+      p->pDirtyTail = pPage->pDirtyPrev;
+    }
+    if( pPage->pDirtyPrev ){
+      pPage->pDirtyPrev->pDirtyNext = pPage->pDirtyNext;
+    }else{
+      assert( pPage==p->pDirty );
+      p->pDirty = pPage->pDirtyNext;
+      if( p->pDirty==0 && p->bPurgeable ){
+        assert( p->eCreate==1 );
+        p->eCreate = 2;
+      }
+    }
+    pPage->pDirtyNext = 0;
+    pPage->pDirtyPrev = 0;
+  }
+  if( addRemove & PCACHE_DIRTYLIST_ADD ){
+    assert( pPage->pDirtyNext==0 && pPage->pDirtyPrev==0 && p->pDirty!=pPage );
+  
+    pPage->pDirtyNext = p->pDirty;
+    if( pPage->pDirtyNext ){
+      assert( pPage->pDirtyNext->pDirtyPrev==0 );
+      pPage->pDirtyNext->pDirtyPrev = pPage;
+    }else{
+      p->pDirtyTail = pPage;
+      if( p->bPurgeable ){
+        assert( p->eCreate==2 );
+        p->eCreate = 1;
+      }
+    }
+    p->pDirty = pPage;
+    if( !p->pSynced && 0==(pPage->flags&PGHDR_NEED_SYNC) ){
+      p->pSynced = pPage;
+    }
+  }
+}
+
+/*
+** Wrapper around the pluggable caches xUnpin method. If the cache is
+** being used for an in-memory database, this function is a no-op.
+*/
+static void pcacheUnpin(PgHdr *p){
+  if( p->pCache->bPurgeable ){
+    sqlite3GlobalConfig.pcache2.xUnpin(p->pCache->pCache, p->pPage, 0);
+  }
+}
+
+/*
+** Compute the number of pages of cache requested.   p->szCache is the
+** cache size requested by the "PRAGMA cache_size" statement.
+*/
+static int numberOfCachePages(PCache *p){
+  if( p->szCache>=0 ){
+    /* IMPLEMENTATION-OF: R-42059-47211 If the argument N is positive then the
+    ** suggested cache size is set to N. */
+    return p->szCache;
+  }else{
+    /* IMPLEMENTATION-OF: R-61436-13639 If the argument N is negative, then
+    ** the number of cache pages is adjusted to use approximately abs(N*1024)
+    ** bytes of memory. */
+    return (int)((-1024*(i64)p->szCache)/(p->szPage+p->szExtra));
+  }
+}
+
+/*************************************************** General Interfaces ******
+**
+** Initialize and shutdown the page cache subsystem. Neither of these 
+** functions are threadsafe.
+*/
+SQLITE_PRIVATE int sqlite3PcacheInitialize(void){
+  if( sqlite3GlobalConfig.pcache2.xInit==0 ){
+    /* IMPLEMENTATION-OF: R-26801-64137 If the xInit() method is NULL, then the
+    ** built-in default page cache is used instead of the application defined
+    ** page cache. */
+    sqlite3PCacheSetDefault();
+  }
+  return sqlite3GlobalConfig.pcache2.xInit(sqlite3GlobalConfig.pcache2.pArg);
+}
+SQLITE_PRIVATE void sqlite3PcacheShutdown(void){
+  if( sqlite3GlobalConfig.pcache2.xShutdown ){
+    /* IMPLEMENTATION-OF: R-26000-56589 The xShutdown() method may be NULL. */
+    sqlite3GlobalConfig.pcache2.xShutdown(sqlite3GlobalConfig.pcache2.pArg);
+  }
+}
+
+/*
+** Return the size in bytes of a PCache object.
+*/
+SQLITE_PRIVATE int sqlite3PcacheSize(void){ return sizeof(PCache); }
+
+/*
+** Create a new PCache object. Storage space to hold the object
+** has already been allocated and is passed in as the p pointer. 
+** The caller discovers how much space needs to be allocated by 
+** calling sqlite3PcacheSize().
+*/
+SQLITE_PRIVATE int sqlite3PcacheOpen(
+  int szPage,                  /* Size of every page */
+  int szExtra,                 /* Extra space associated with each page */
+  int bPurgeable,              /* True if pages are on backing store */
+  int (*xStress)(void*,PgHdr*),/* Call to try to make pages clean */
+  void *pStress,               /* Argument to xStress */
+  PCache *p                    /* Preallocated space for the PCache */
+){
+  memset(p, 0, sizeof(PCache));
+  p->szPage = 1;
+  p->szExtra = szExtra;
+  p->bPurgeable = bPurgeable;
+  p->eCreate = 2;
+  p->xStress = xStress;
+  p->pStress = pStress;
+  p->szCache = 100;
+  p->szSpill = 1;
+  return sqlite3PcacheSetPageSize(p, szPage);
+}
+
+/*
+** Change the page size for PCache object. The caller must ensure that there
+** are no outstanding page references when this function is called.
+*/
+SQLITE_PRIVATE int sqlite3PcacheSetPageSize(PCache *pCache, int szPage){
+  assert( pCache->nRefSum==0 && pCache->pDirty==0 );
+  if( pCache->szPage ){
+    sqlite3_pcache *pNew;
+    pNew = sqlite3GlobalConfig.pcache2.xCreate(
+                szPage, pCache->szExtra + ROUND8(sizeof(PgHdr)),
+                pCache->bPurgeable
+    );
+    if( pNew==0 ) return SQLITE_NOMEM;
+    sqlite3GlobalConfig.pcache2.xCachesize(pNew, numberOfCachePages(pCache));
+    if( pCache->pCache ){
+      sqlite3GlobalConfig.pcache2.xDestroy(pCache->pCache);
+    }
+    pCache->pCache = pNew;
+    pCache->szPage = szPage;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Try to obtain a page from the cache.
+**
+** This routine returns a pointer to an sqlite3_pcache_page object if
+** such an object is already in cache, or if a new one is created.
+** This routine returns a NULL pointer if the object was not in cache
+** and could not be created.
+**
+** The createFlags should be 0 to check for existing pages and should
+** be 3 (not 1, but 3) to try to create a new page.
+**
+** If the createFlag is 0, then NULL is always returned if the page
+** is not already in the cache.  If createFlag is 1, then a new page
+** is created only if that can be done without spilling dirty pages
+** and without exceeding the cache size limit.
+**
+** The caller needs to invoke sqlite3PcacheFetchFinish() to properly
+** initialize the sqlite3_pcache_page object and convert it into a
+** PgHdr object.  The sqlite3PcacheFetch() and sqlite3PcacheFetchFinish()
+** routines are split this way for performance reasons. When separated
+** they can both (usually) operate without having to push values to
+** the stack on entry and pop them back off on exit, which saves a
+** lot of pushing and popping.
+*/
+SQLITE_PRIVATE sqlite3_pcache_page *sqlite3PcacheFetch(
+  PCache *pCache,       /* Obtain the page from this cache */
+  Pgno pgno,            /* Page number to obtain */
+  int createFlag        /* If true, create page if it does not exist already */
+){
+  int eCreate;
+
+  assert( pCache!=0 );
+  assert( pCache->pCache!=0 );
+  assert( createFlag==3 || createFlag==0 );
+  assert( pgno>0 );
+
+  /* eCreate defines what to do if the page does not exist.
+  **    0     Do not allocate a new page.  (createFlag==0)
+  **    1     Allocate a new page if doing so is inexpensive.
+  **          (createFlag==1 AND bPurgeable AND pDirty)
+  **    2     Allocate a new page even it doing so is difficult.
+  **          (createFlag==1 AND !(bPurgeable AND pDirty)
+  */
+  eCreate = createFlag & pCache->eCreate;
+  assert( eCreate==0 || eCreate==1 || eCreate==2 );
+  assert( createFlag==0 || pCache->eCreate==eCreate );
+  assert( createFlag==0 || eCreate==1+(!pCache->bPurgeable||!pCache->pDirty) );
+  return sqlite3GlobalConfig.pcache2.xFetch(pCache->pCache, pgno, eCreate);
+}
+
+/*
+** If the sqlite3PcacheFetch() routine is unable to allocate a new
+** page because new clean pages are available for reuse and the cache
+** size limit has been reached, then this routine can be invoked to 
+** try harder to allocate a page.  This routine might invoke the stress
+** callback to spill dirty pages to the journal.  It will then try to
+** allocate the new page and will only fail to allocate a new page on
+** an OOM error.
+**
+** This routine should be invoked only after sqlite3PcacheFetch() fails.
+*/
+SQLITE_PRIVATE int sqlite3PcacheFetchStress(
+  PCache *pCache,                 /* Obtain the page from this cache */
+  Pgno pgno,                      /* Page number to obtain */
+  sqlite3_pcache_page **ppPage    /* Write result here */
+){
+  PgHdr *pPg;
+  if( pCache->eCreate==2 ) return 0;
+
+  if( sqlite3PcachePagecount(pCache)>pCache->szSpill ){
+    /* Find a dirty page to write-out and recycle. First try to find a 
+    ** page that does not require a journal-sync (one with PGHDR_NEED_SYNC
+    ** cleared), but if that is not possible settle for any other 
+    ** unreferenced dirty page.
+    */
+    for(pPg=pCache->pSynced; 
+        pPg && (pPg->nRef || (pPg->flags&PGHDR_NEED_SYNC)); 
+        pPg=pPg->pDirtyPrev
+    );
+    pCache->pSynced = pPg;
+    if( !pPg ){
+      for(pPg=pCache->pDirtyTail; pPg && pPg->nRef; pPg=pPg->pDirtyPrev);
+    }
+    if( pPg ){
+      int rc;
+#ifdef SQLITE_LOG_CACHE_SPILL
+      sqlite3_log(SQLITE_FULL, 
+                  "spill page %d making room for %d - cache used: %d/%d",
+                  pPg->pgno, pgno,
+                  sqlite3GlobalConfig.pcache.xPagecount(pCache->pCache),
+                numberOfCachePages(pCache));
+#endif
+      rc = pCache->xStress(pCache->pStress, pPg);
+      if( rc!=SQLITE_OK && rc!=SQLITE_BUSY ){
+        return rc;
+      }
+    }
+  }
+  *ppPage = sqlite3GlobalConfig.pcache2.xFetch(pCache->pCache, pgno, 2);
+  return *ppPage==0 ? SQLITE_NOMEM : SQLITE_OK;
+}
+
+/*
+** This is a helper routine for sqlite3PcacheFetchFinish()
+**
+** In the uncommon case where the page being fetched has not been
+** initialized, this routine is invoked to do the initialization.
+** This routine is broken out into a separate function since it
+** requires extra stack manipulation that can be avoided in the common
+** case.
+*/
+static SQLITE_NOINLINE PgHdr *pcacheFetchFinishWithInit(
+  PCache *pCache,             /* Obtain the page from this cache */
+  Pgno pgno,                  /* Page number obtained */
+  sqlite3_pcache_page *pPage  /* Page obtained by prior PcacheFetch() call */
+){
+  PgHdr *pPgHdr;
+  assert( pPage!=0 );
+  pPgHdr = (PgHdr*)pPage->pExtra;
+  assert( pPgHdr->pPage==0 );
+  memset(pPgHdr, 0, sizeof(PgHdr));
+  pPgHdr->pPage = pPage;
+  pPgHdr->pData = pPage->pBuf;
+  pPgHdr->pExtra = (void *)&pPgHdr[1];
+  memset(pPgHdr->pExtra, 0, pCache->szExtra);
+  pPgHdr->pCache = pCache;
+  pPgHdr->pgno = pgno;
+  pPgHdr->flags = PGHDR_CLEAN;
+  return sqlite3PcacheFetchFinish(pCache,pgno,pPage);
+}
+
+/*
+** This routine converts the sqlite3_pcache_page object returned by
+** sqlite3PcacheFetch() into an initialized PgHdr object.  This routine
+** must be called after sqlite3PcacheFetch() in order to get a usable
+** result.
+*/
+SQLITE_PRIVATE PgHdr *sqlite3PcacheFetchFinish(
+  PCache *pCache,             /* Obtain the page from this cache */
+  Pgno pgno,                  /* Page number obtained */
+  sqlite3_pcache_page *pPage  /* Page obtained by prior PcacheFetch() call */
+){
+  PgHdr *pPgHdr;
+
+  assert( pPage!=0 );
+  pPgHdr = (PgHdr *)pPage->pExtra;
+
+  if( !pPgHdr->pPage ){
+    return pcacheFetchFinishWithInit(pCache, pgno, pPage);
+  }
+  pCache->nRefSum++;
+  pPgHdr->nRef++;
+  return pPgHdr;
+}
+
+/*
+** Decrement the reference count on a page. If the page is clean and the
+** reference count drops to 0, then it is made eligible for recycling.
+*/
+SQLITE_PRIVATE void SQLITE_NOINLINE sqlite3PcacheRelease(PgHdr *p){
+  assert( p->nRef>0 );
+  p->pCache->nRefSum--;
+  if( (--p->nRef)==0 ){
+    if( p->flags&PGHDR_CLEAN ){
+      pcacheUnpin(p);
+    }else if( p->pDirtyPrev!=0 ){
+      /* Move the page to the head of the dirty list. */
+      pcacheManageDirtyList(p, PCACHE_DIRTYLIST_FRONT);
+    }
+  }
+}
+
+/*
+** Increase the reference count of a supplied page by 1.
+*/
+SQLITE_PRIVATE void sqlite3PcacheRef(PgHdr *p){
+  assert(p->nRef>0);
+  p->nRef++;
+  p->pCache->nRefSum++;
+}
+
+/*
+** Drop a page from the cache. There must be exactly one reference to the
+** page. This function deletes that reference, so after it returns the
+** page pointed to by p is invalid.
+*/
+SQLITE_PRIVATE void sqlite3PcacheDrop(PgHdr *p){
+  assert( p->nRef==1 );
+  if( p->flags&PGHDR_DIRTY ){
+    pcacheManageDirtyList(p, PCACHE_DIRTYLIST_REMOVE);
+  }
+  p->pCache->nRefSum--;
+  sqlite3GlobalConfig.pcache2.xUnpin(p->pCache->pCache, p->pPage, 1);
+}
+
+/*
+** Make sure the page is marked as dirty. If it isn't dirty already,
+** make it so.
+*/
+SQLITE_PRIVATE void sqlite3PcacheMakeDirty(PgHdr *p){
+  assert( p->nRef>0 );
+  if( p->flags & (PGHDR_CLEAN|PGHDR_DONT_WRITE) ){
+    p->flags &= ~PGHDR_DONT_WRITE;
+    if( p->flags & PGHDR_CLEAN ){
+      p->flags ^= (PGHDR_DIRTY|PGHDR_CLEAN);
+      assert( (p->flags & (PGHDR_DIRTY|PGHDR_CLEAN))==PGHDR_DIRTY );
+      pcacheManageDirtyList(p, PCACHE_DIRTYLIST_ADD);
+    }
+  }
+}
+
+/*
+** Make sure the page is marked as clean. If it isn't clean already,
+** make it so.
+*/
+SQLITE_PRIVATE void sqlite3PcacheMakeClean(PgHdr *p){
+  if( (p->flags & PGHDR_DIRTY) ){
+    assert( (p->flags & PGHDR_CLEAN)==0 );
+    pcacheManageDirtyList(p, PCACHE_DIRTYLIST_REMOVE);
+    p->flags &= ~(PGHDR_DIRTY|PGHDR_NEED_SYNC|PGHDR_WRITEABLE);
+    p->flags |= PGHDR_CLEAN;
+    if( p->nRef==0 ){
+      pcacheUnpin(p);
+    }
+  }
+}
+
+/*
+** Make every page in the cache clean.
+*/
+SQLITE_PRIVATE void sqlite3PcacheCleanAll(PCache *pCache){
+  PgHdr *p;
+  while( (p = pCache->pDirty)!=0 ){
+    sqlite3PcacheMakeClean(p);
+  }
+}
+
+/*
+** Clear the PGHDR_NEED_SYNC flag from all dirty pages.
+*/
+SQLITE_PRIVATE void sqlite3PcacheClearSyncFlags(PCache *pCache){
+  PgHdr *p;
+  for(p=pCache->pDirty; p; p=p->pDirtyNext){
+    p->flags &= ~PGHDR_NEED_SYNC;
+  }
+  pCache->pSynced = pCache->pDirtyTail;
+}
+
+/*
+** Change the page number of page p to newPgno. 
+*/
+SQLITE_PRIVATE void sqlite3PcacheMove(PgHdr *p, Pgno newPgno){
+  PCache *pCache = p->pCache;
+  assert( p->nRef>0 );
+  assert( newPgno>0 );
+  sqlite3GlobalConfig.pcache2.xRekey(pCache->pCache, p->pPage, p->pgno,newPgno);
+  p->pgno = newPgno;
+  if( (p->flags&PGHDR_DIRTY) && (p->flags&PGHDR_NEED_SYNC) ){
+    pcacheManageDirtyList(p, PCACHE_DIRTYLIST_FRONT);
+  }
+}
+
+/*
+** Drop every cache entry whose page number is greater than "pgno". The
+** caller must ensure that there are no outstanding references to any pages
+** other than page 1 with a page number greater than pgno.
+**
+** If there is a reference to page 1 and the pgno parameter passed to this
+** function is 0, then the data area associated with page 1 is zeroed, but
+** the page object is not dropped.
+*/
+SQLITE_PRIVATE void sqlite3PcacheTruncate(PCache *pCache, Pgno pgno){
+  if( pCache->pCache ){
+    PgHdr *p;
+    PgHdr *pNext;
+    for(p=pCache->pDirty; p; p=pNext){
+      pNext = p->pDirtyNext;
+      /* This routine never gets call with a positive pgno except right
+      ** after sqlite3PcacheCleanAll().  So if there are dirty pages,
+      ** it must be that pgno==0.
+      */
+      assert( p->pgno>0 );
+      if( ALWAYS(p->pgno>pgno) ){
+        assert( p->flags&PGHDR_DIRTY );
+        sqlite3PcacheMakeClean(p);
+      }
+    }
+    if( pgno==0 && pCache->nRefSum ){
+      sqlite3_pcache_page *pPage1;
+      pPage1 = sqlite3GlobalConfig.pcache2.xFetch(pCache->pCache,1,0);
+      if( ALWAYS(pPage1) ){  /* Page 1 is always available in cache, because
+                             ** pCache->nRefSum>0 */
+        memset(pPage1->pBuf, 0, pCache->szPage);
+        pgno = 1;
+      }
+    }
+    sqlite3GlobalConfig.pcache2.xTruncate(pCache->pCache, pgno+1);
+  }
+}
+
+/*
+** Close a cache.
+*/
+SQLITE_PRIVATE void sqlite3PcacheClose(PCache *pCache){
+  assert( pCache->pCache!=0 );
+  sqlite3GlobalConfig.pcache2.xDestroy(pCache->pCache);
+}
+
+/* 
+** Discard the contents of the cache.
+*/
+SQLITE_PRIVATE void sqlite3PcacheClear(PCache *pCache){
+  sqlite3PcacheTruncate(pCache, 0);
+}
+
+/*
+** Merge two lists of pages connected by pDirty and in pgno order.
+** Do not both fixing the pDirtyPrev pointers.
+*/
+static PgHdr *pcacheMergeDirtyList(PgHdr *pA, PgHdr *pB){
+  PgHdr result, *pTail;
+  pTail = &result;
+  while( pA && pB ){
+    if( pA->pgno<pB->pgno ){
+      pTail->pDirty = pA;
+      pTail = pA;
+      pA = pA->pDirty;
+    }else{
+      pTail->pDirty = pB;
+      pTail = pB;
+      pB = pB->pDirty;
+    }
+  }
+  if( pA ){
+    pTail->pDirty = pA;
+  }else if( pB ){
+    pTail->pDirty = pB;
+  }else{
+    pTail->pDirty = 0;
+  }
+  return result.pDirty;
+}
+
+/*
+** Sort the list of pages in accending order by pgno.  Pages are
+** connected by pDirty pointers.  The pDirtyPrev pointers are
+** corrupted by this sort.
+**
+** Since there cannot be more than 2^31 distinct pages in a database,
+** there cannot be more than 31 buckets required by the merge sorter.
+** One extra bucket is added to catch overflow in case something
+** ever changes to make the previous sentence incorrect.
+*/
+#define N_SORT_BUCKET  32
+static PgHdr *pcacheSortDirtyList(PgHdr *pIn){
+  PgHdr *a[N_SORT_BUCKET], *p;
+  int i;
+  memset(a, 0, sizeof(a));
+  while( pIn ){
+    p = pIn;
+    pIn = p->pDirty;
+    p->pDirty = 0;
+    for(i=0; ALWAYS(i<N_SORT_BUCKET-1); i++){
+      if( a[i]==0 ){
+        a[i] = p;
+        break;
+      }else{
+        p = pcacheMergeDirtyList(a[i], p);
+        a[i] = 0;
+      }
+    }
+    if( NEVER(i==N_SORT_BUCKET-1) ){
+      /* To get here, there need to be 2^(N_SORT_BUCKET) elements in
+      ** the input list.  But that is impossible.
+      */
+      a[i] = pcacheMergeDirtyList(a[i], p);
+    }
+  }
+  p = a[0];
+  for(i=1; i<N_SORT_BUCKET; i++){
+    p = pcacheMergeDirtyList(p, a[i]);
+  }
+  return p;
+}
+
+/*
+** Return a list of all dirty pages in the cache, sorted by page number.
+*/
+SQLITE_PRIVATE PgHdr *sqlite3PcacheDirtyList(PCache *pCache){
+  PgHdr *p;
+  for(p=pCache->pDirty; p; p=p->pDirtyNext){
+    p->pDirty = p->pDirtyNext;
+  }
+  return pcacheSortDirtyList(pCache->pDirty);
+}
+
+/* 
+** Return the total number of references to all pages held by the cache.
+**
+** This is not the total number of pages referenced, but the sum of the
+** reference count for all pages.
+*/
+SQLITE_PRIVATE int sqlite3PcacheRefCount(PCache *pCache){
+  return pCache->nRefSum;
+}
+
+/*
+** Return the number of references to the page supplied as an argument.
+*/
+SQLITE_PRIVATE int sqlite3PcachePageRefcount(PgHdr *p){
+  return p->nRef;
+}
+
+/* 
+** Return the total number of pages in the cache.
+*/
+SQLITE_PRIVATE int sqlite3PcachePagecount(PCache *pCache){
+  assert( pCache->pCache!=0 );
+  return sqlite3GlobalConfig.pcache2.xPagecount(pCache->pCache);
+}
+
+#ifdef SQLITE_TEST
+/*
+** Get the suggested cache-size value.
+*/
+SQLITE_PRIVATE int sqlite3PcacheGetCachesize(PCache *pCache){
+  return numberOfCachePages(pCache);
+}
+#endif
+
+/*
+** Set the suggested cache-size value.
+*/
+SQLITE_PRIVATE void sqlite3PcacheSetCachesize(PCache *pCache, int mxPage){
+  assert( pCache->pCache!=0 );
+  pCache->szCache = mxPage;
+  sqlite3GlobalConfig.pcache2.xCachesize(pCache->pCache,
+                                         numberOfCachePages(pCache));
+}
+
+/*
+** Set the suggested cache-spill value.  Make no changes if if the
+** argument is zero.  Return the effective cache-spill size, which will
+** be the larger of the szSpill and szCache.
+*/
+SQLITE_PRIVATE int sqlite3PcacheSetSpillsize(PCache *p, int mxPage){
+  int res;
+  assert( p->pCache!=0 );
+  if( mxPage ){
+    if( mxPage<0 ){
+      mxPage = (int)((-1024*(i64)mxPage)/(p->szPage+p->szExtra));
+    }
+    p->szSpill = mxPage;
+  }
+  res = numberOfCachePages(p);
+  if( res<p->szSpill ) res = p->szSpill; 
+  return res;
+}
+
+/*
+** Free up as much memory as possible from the page cache.
+*/
+SQLITE_PRIVATE void sqlite3PcacheShrink(PCache *pCache){
+  assert( pCache->pCache!=0 );
+  sqlite3GlobalConfig.pcache2.xShrink(pCache->pCache);
+}
+
+/*
+** Return the size of the header added by this middleware layer
+** in the page-cache hierarchy.
+*/
+SQLITE_PRIVATE int sqlite3HeaderSizePcache(void){ return ROUND8(sizeof(PgHdr)); }
+
+
+#if defined(SQLITE_CHECK_PAGES) || defined(SQLITE_DEBUG)
+/*
+** For all dirty pages currently in the cache, invoke the specified
+** callback. This is only used if the SQLITE_CHECK_PAGES macro is
+** defined.
+*/
+SQLITE_PRIVATE void sqlite3PcacheIterateDirty(PCache *pCache, void (*xIter)(PgHdr *)){
+  PgHdr *pDirty;
+  for(pDirty=pCache->pDirty; pDirty; pDirty=pDirty->pDirtyNext){
+    xIter(pDirty);
+  }
+}
+#endif
+
+/************** End of pcache.c **********************************************/
+/************** Begin file pcache1.c *****************************************/
+/*
+** 2008 November 05
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file implements the default page cache implementation (the
+** sqlite3_pcache interface). It also contains part of the implementation
+** of the SQLITE_CONFIG_PAGECACHE and sqlite3_release_memory() features.
+** If the default page cache implementation is overridden, then neither of
+** these two features are available.
+**
+** A Page cache line looks like this:
+**
+**  -------------------------------------------------------------
+**  |  database page content   |  PgHdr1  |  MemPage  |  PgHdr  |
+**  -------------------------------------------------------------
+**
+** The database page content is up front (so that buffer overreads tend to
+** flow harmlessly into the PgHdr1, MemPage, and PgHdr extensions).   MemPage
+** is the extension added by the btree.c module containing information such
+** as the database page number and how that database page is used.  PgHdr
+** is added by the pcache.c layer and contains information used to keep track
+** of which pages are "dirty".  PgHdr1 is an extension added by this
+** module (pcache1.c).  The PgHdr1 header is a subclass of sqlite3_pcache_page.
+** PgHdr1 contains information needed to look up a page by its page number.
+** The superclass sqlite3_pcache_page.pBuf points to the start of the
+** database page content and sqlite3_pcache_page.pExtra points to PgHdr.
+**
+** The size of the extension (MemPage+PgHdr+PgHdr1) can be determined at
+** runtime using sqlite3_config(SQLITE_CONFIG_PCACHE_HDRSZ, &size).  The
+** sizes of the extensions sum to 272 bytes on x64 for 3.8.10, but this
+** size can vary according to architecture, compile-time options, and
+** SQLite library version number.
+**
+** If SQLITE_PCACHE_SEPARATE_HEADER is defined, then the extension is obtained
+** using a separate memory allocation from the database page content.  This
+** seeks to overcome the "clownshoe" problem (also called "internal
+** fragmentation" in academic literature) of allocating a few bytes more
+** than a power of two with the memory allocator rounding up to the next
+** power of two, and leaving the rounded-up space unused.
+**
+** This module tracks pointers to PgHdr1 objects.  Only pcache.c communicates
+** with this module.  Information is passed back and forth as PgHdr1 pointers.
+**
+** The pcache.c and pager.c modules deal pointers to PgHdr objects.
+** The btree.c module deals with pointers to MemPage objects.
+**
+** SOURCE OF PAGE CACHE MEMORY:
+**
+** Memory for a page might come from any of three sources:
+**
+**    (1)  The general-purpose memory allocator - sqlite3Malloc()
+**    (2)  Global page-cache memory provided using sqlite3_config() with
+**         SQLITE_CONFIG_PAGECACHE.
+**    (3)  PCache-local bulk allocation.
+**
+** The third case is a chunk of heap memory (defaulting to 100 pages worth)
+** that is allocated when the page cache is created.  The size of the local
+** bulk allocation can be adjusted using 
+**
+**     sqlite3_config(SQLITE_CONFIG_PAGECACHE, (void*)0, 0, N).
+**
+** If N is positive, then N pages worth of memory are allocated using a single
+** sqlite3Malloc() call and that memory is used for the first N pages allocated.
+** Or if N is negative, then -1024*N bytes of memory are allocated and used
+** for as many pages as can be accomodated.
+**
+** Only one of (2) or (3) can be used.  Once the memory available to (2) or
+** (3) is exhausted, subsequent allocations fail over to the general-purpose
+** memory allocator (1).
+**
+** Earlier versions of SQLite used only methods (1) and (2).  But experiments
+** show that method (3) with N==100 provides about a 5% performance boost for
+** common workloads.
+*/
+/* #include "sqliteInt.h" */
+
+typedef struct PCache1 PCache1;
+typedef struct PgHdr1 PgHdr1;
+typedef struct PgFreeslot PgFreeslot;
+typedef struct PGroup PGroup;
+
+/*
+** Each cache entry is represented by an instance of the following 
+** structure. Unless SQLITE_PCACHE_SEPARATE_HEADER is defined, a buffer of
+** PgHdr1.pCache->szPage bytes is allocated directly before this structure 
+** in memory.
+*/
+struct PgHdr1 {
+  sqlite3_pcache_page page;      /* Base class. Must be first. pBuf & pExtra */
+  unsigned int iKey;             /* Key value (page number) */
+  u8 isPinned;                   /* Page in use, not on the LRU list */
+  u8 isBulkLocal;                /* This page from bulk local storage */
+  u8 isAnchor;                   /* This is the PGroup.lru element */
+  PgHdr1 *pNext;                 /* Next in hash table chain */
+  PCache1 *pCache;               /* Cache that currently owns this page */
+  PgHdr1 *pLruNext;              /* Next in LRU list of unpinned pages */
+  PgHdr1 *pLruPrev;              /* Previous in LRU list of unpinned pages */
+};
+
+/* Each page cache (or PCache) belongs to a PGroup.  A PGroup is a set 
+** of one or more PCaches that are able to recycle each other's unpinned
+** pages when they are under memory pressure.  A PGroup is an instance of
+** the following object.
+**
+** This page cache implementation works in one of two modes:
+**
+**   (1)  Every PCache is the sole member of its own PGroup.  There is
+**        one PGroup per PCache.
+**
+**   (2)  There is a single global PGroup that all PCaches are a member
+**        of.
+**
+** Mode 1 uses more memory (since PCache instances are not able to rob
+** unused pages from other PCaches) but it also operates without a mutex,
+** and is therefore often faster.  Mode 2 requires a mutex in order to be
+** threadsafe, but recycles pages more efficiently.
+**
+** For mode (1), PGroup.mutex is NULL.  For mode (2) there is only a single
+** PGroup which is the pcache1.grp global variable and its mutex is
+** SQLITE_MUTEX_STATIC_LRU.
+*/
+struct PGroup {
+  sqlite3_mutex *mutex;          /* MUTEX_STATIC_LRU or NULL */
+  unsigned int nMaxPage;         /* Sum of nMax for purgeable caches */
+  unsigned int nMinPage;         /* Sum of nMin for purgeable caches */
+  unsigned int mxPinned;         /* nMaxpage + 10 - nMinPage */
+  unsigned int nCurrentPage;     /* Number of purgeable pages allocated */
+  PgHdr1 lru;                    /* The beginning and end of the LRU list */
+};
+
+/* Each page cache is an instance of the following object.  Every
+** open database file (including each in-memory database and each
+** temporary or transient database) has a single page cache which
+** is an instance of this object.
+**
+** Pointers to structures of this type are cast and returned as 
+** opaque sqlite3_pcache* handles.
+*/
+struct PCache1 {
+  /* Cache configuration parameters. Page size (szPage) and the purgeable
+  ** flag (bPurgeable) are set when the cache is created. nMax may be 
+  ** modified at any time by a call to the pcache1Cachesize() method.
+  ** The PGroup mutex must be held when accessing nMax.
+  */
+  PGroup *pGroup;                     /* PGroup this cache belongs to */
+  int szPage;                         /* Size of database content section */
+  int szExtra;                        /* sizeof(MemPage)+sizeof(PgHdr) */
+  int szAlloc;                        /* Total size of one pcache line */
+  int bPurgeable;                     /* True if cache is purgeable */
+  unsigned int nMin;                  /* Minimum number of pages reserved */
+  unsigned int nMax;                  /* Configured "cache_size" value */
+  unsigned int n90pct;                /* nMax*9/10 */
+  unsigned int iMaxKey;               /* Largest key seen since xTruncate() */
+
+  /* Hash table of all pages. The following variables may only be accessed
+  ** when the accessor is holding the PGroup mutex.
+  */
+  unsigned int nRecyclable;           /* Number of pages in the LRU list */
+  unsigned int nPage;                 /* Total number of pages in apHash */
+  unsigned int nHash;                 /* Number of slots in apHash[] */
+  PgHdr1 **apHash;                    /* Hash table for fast lookup by key */
+  PgHdr1 *pFree;                      /* List of unused pcache-local pages */
+  void *pBulk;                        /* Bulk memory used by pcache-local */
+};
+
+/*
+** Free slots in the allocator used to divide up the global page cache
+** buffer provided using the SQLITE_CONFIG_PAGECACHE mechanism.
+*/
+struct PgFreeslot {
+  PgFreeslot *pNext;  /* Next free slot */
+};
+
+/*
+** Global data used by this cache.
+*/
+static SQLITE_WSD struct PCacheGlobal {
+  PGroup grp;                    /* The global PGroup for mode (2) */
+
+  /* Variables related to SQLITE_CONFIG_PAGECACHE settings.  The
+  ** szSlot, nSlot, pStart, pEnd, nReserve, and isInit values are all
+  ** fixed at sqlite3_initialize() time and do not require mutex protection.
+  ** The nFreeSlot and pFree values do require mutex protection.
+  */
+  int isInit;                    /* True if initialized */
+  int separateCache;             /* Use a new PGroup for each PCache */
+  int nInitPage;                 /* Initial bulk allocation size */   
+  int szSlot;                    /* Size of each free slot */
+  int nSlot;                     /* The number of pcache slots */
+  int nReserve;                  /* Try to keep nFreeSlot above this */
+  void *pStart, *pEnd;           /* Bounds of global page cache memory */
+  /* Above requires no mutex.  Use mutex below for variable that follow. */
+  sqlite3_mutex *mutex;          /* Mutex for accessing the following: */
+  PgFreeslot *pFree;             /* Free page blocks */
+  int nFreeSlot;                 /* Number of unused pcache slots */
+  /* The following value requires a mutex to change.  We skip the mutex on
+  ** reading because (1) most platforms read a 32-bit integer atomically and
+  ** (2) even if an incorrect value is read, no great harm is done since this
+  ** is really just an optimization. */
+  int bUnderPressure;            /* True if low on PAGECACHE memory */
+} pcache1_g;
+
+/*
+** All code in this file should access the global structure above via the
+** alias "pcache1". This ensures that the WSD emulation is used when
+** compiling for systems that do not support real WSD.
+*/
+#define pcache1 (GLOBAL(struct PCacheGlobal, pcache1_g))
+
+/*
+** Macros to enter and leave the PCache LRU mutex.
+*/
+#if !defined(SQLITE_ENABLE_MEMORY_MANAGEMENT) || SQLITE_THREADSAFE==0
+# define pcache1EnterMutex(X)  assert((X)->mutex==0)
+# define pcache1LeaveMutex(X)  assert((X)->mutex==0)
+# define PCACHE1_MIGHT_USE_GROUP_MUTEX 0
+#else
+# define pcache1EnterMutex(X) sqlite3_mutex_enter((X)->mutex)
+# define pcache1LeaveMutex(X) sqlite3_mutex_leave((X)->mutex)
+# define PCACHE1_MIGHT_USE_GROUP_MUTEX 1
+#endif
+
+/******************************************************************************/
+/******** Page Allocation/SQLITE_CONFIG_PCACHE Related Functions **************/
+
+
+/*
+** This function is called during initialization if a static buffer is 
+** supplied to use for the page-cache by passing the SQLITE_CONFIG_PAGECACHE
+** verb to sqlite3_config(). Parameter pBuf points to an allocation large
+** enough to contain 'n' buffers of 'sz' bytes each.
+**
+** This routine is called from sqlite3_initialize() and so it is guaranteed
+** to be serialized already.  There is no need for further mutexing.
+*/
+SQLITE_PRIVATE void sqlite3PCacheBufferSetup(void *pBuf, int sz, int n){
+  if( pcache1.isInit ){
+    PgFreeslot *p;
+    if( pBuf==0 ) sz = n = 0;
+    sz = ROUNDDOWN8(sz);
+    pcache1.szSlot = sz;
+    pcache1.nSlot = pcache1.nFreeSlot = n;
+    pcache1.nReserve = n>90 ? 10 : (n/10 + 1);
+    pcache1.pStart = pBuf;
+    pcache1.pFree = 0;
+    pcache1.bUnderPressure = 0;
+    while( n-- ){
+      p = (PgFreeslot*)pBuf;
+      p->pNext = pcache1.pFree;
+      pcache1.pFree = p;
+      pBuf = (void*)&((char*)pBuf)[sz];
+    }
+    pcache1.pEnd = pBuf;
+  }
+}
+
+/*
+** Try to initialize the pCache->pFree and pCache->pBulk fields.  Return
+** true if pCache->pFree ends up containing one or more free pages.
+*/
+static int pcache1InitBulk(PCache1 *pCache){
+  i64 szBulk;
+  char *zBulk;
+  if( pcache1.nInitPage==0 ) return 0;
+  /* Do not bother with a bulk allocation if the cache size very small */
+  if( pCache->nMax<3 ) return 0;
+  sqlite3BeginBenignMalloc();
+  if( pcache1.nInitPage>0 ){
+    szBulk = pCache->szAlloc * (i64)pcache1.nInitPage;
+  }else{
+    szBulk = -1024 * (i64)pcache1.nInitPage;
+  }
+  if( szBulk > pCache->szAlloc*(i64)pCache->nMax ){
+    szBulk = pCache->szAlloc*pCache->nMax;
+  }
+  zBulk = pCache->pBulk = sqlite3Malloc( szBulk );
+  sqlite3EndBenignMalloc();
+  if( zBulk ){
+    int nBulk = sqlite3MallocSize(zBulk)/pCache->szAlloc;
+    int i;
+    for(i=0; i<nBulk; i++){
+      PgHdr1 *pX = (PgHdr1*)&zBulk[pCache->szPage];
+      pX->page.pBuf = zBulk;
+      pX->page.pExtra = &pX[1];
+      pX->isBulkLocal = 1;
+      pX->isAnchor = 0;
+      pX->pNext = pCache->pFree;
+      pCache->pFree = pX;
+      zBulk += pCache->szAlloc;
+    }
+  }
+  return pCache->pFree!=0;
+}
+
+/*
+** Malloc function used within this file to allocate space from the buffer
+** configured using sqlite3_config(SQLITE_CONFIG_PAGECACHE) option. If no 
+** such buffer exists or there is no space left in it, this function falls 
+** back to sqlite3Malloc().
+**
+** Multiple threads can run this routine at the same time.  Global variables
+** in pcache1 need to be protected via mutex.
+*/
+static void *pcache1Alloc(int nByte){
+  void *p = 0;
+  assert( sqlite3_mutex_notheld(pcache1.grp.mutex) );
+  if( nByte<=pcache1.szSlot ){
+    sqlite3_mutex_enter(pcache1.mutex);
+    p = (PgHdr1 *)pcache1.pFree;
+    if( p ){
+      pcache1.pFree = pcache1.pFree->pNext;
+      pcache1.nFreeSlot--;
+      pcache1.bUnderPressure = pcache1.nFreeSlot<pcache1.nReserve;
+      assert( pcache1.nFreeSlot>=0 );
+      sqlite3StatusHighwater(SQLITE_STATUS_PAGECACHE_SIZE, nByte);
+      sqlite3StatusUp(SQLITE_STATUS_PAGECACHE_USED, 1);
+    }
+    sqlite3_mutex_leave(pcache1.mutex);
+  }
+  if( p==0 ){
+    /* Memory is not available in the SQLITE_CONFIG_PAGECACHE pool.  Get
+    ** it from sqlite3Malloc instead.
+    */
+    p = sqlite3Malloc(nByte);
+#ifndef SQLITE_DISABLE_PAGECACHE_OVERFLOW_STATS
+    if( p ){
+      int sz = sqlite3MallocSize(p);
+      sqlite3_mutex_enter(pcache1.mutex);
+      sqlite3StatusHighwater(SQLITE_STATUS_PAGECACHE_SIZE, nByte);
+      sqlite3StatusUp(SQLITE_STATUS_PAGECACHE_OVERFLOW, sz);
+      sqlite3_mutex_leave(pcache1.mutex);
+    }
+#endif
+    sqlite3MemdebugSetType(p, MEMTYPE_PCACHE);
+  }
+  return p;
+}
+
+/*
+** Free an allocated buffer obtained from pcache1Alloc().
+*/
+static void pcache1Free(void *p){
+  int nFreed = 0;
+  if( p==0 ) return;
+  if( SQLITE_WITHIN(p, pcache1.pStart, pcache1.pEnd) ){
+    PgFreeslot *pSlot;
+    sqlite3_mutex_enter(pcache1.mutex);
+    sqlite3StatusDown(SQLITE_STATUS_PAGECACHE_USED, 1);
+    pSlot = (PgFreeslot*)p;
+    pSlot->pNext = pcache1.pFree;
+    pcache1.pFree = pSlot;
+    pcache1.nFreeSlot++;
+    pcache1.bUnderPressure = pcache1.nFreeSlot<pcache1.nReserve;
+    assert( pcache1.nFreeSlot<=pcache1.nSlot );
+    sqlite3_mutex_leave(pcache1.mutex);
+  }else{
+    assert( sqlite3MemdebugHasType(p, MEMTYPE_PCACHE) );
+    sqlite3MemdebugSetType(p, MEMTYPE_HEAP);
+#ifndef SQLITE_DISABLE_PAGECACHE_OVERFLOW_STATS
+    nFreed = sqlite3MallocSize(p);
+    sqlite3_mutex_enter(pcache1.mutex);
+    sqlite3StatusDown(SQLITE_STATUS_PAGECACHE_OVERFLOW, nFreed);
+    sqlite3_mutex_leave(pcache1.mutex);
+#endif
+    sqlite3_free(p);
+  }
+}
+
+#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
+/*
+** Return the size of a pcache allocation
+*/
+static int pcache1MemSize(void *p){
+  if( p>=pcache1.pStart && p<pcache1.pEnd ){
+    return pcache1.szSlot;
+  }else{
+    int iSize;
+    assert( sqlite3MemdebugHasType(p, MEMTYPE_PCACHE) );
+    sqlite3MemdebugSetType(p, MEMTYPE_HEAP);
+    iSize = sqlite3MallocSize(p);
+    sqlite3MemdebugSetType(p, MEMTYPE_PCACHE);
+    return iSize;
+  }
+}
+#endif /* SQLITE_ENABLE_MEMORY_MANAGEMENT */
+
+/*
+** Allocate a new page object initially associated with cache pCache.
+*/
+static PgHdr1 *pcache1AllocPage(PCache1 *pCache, int benignMalloc){
+  PgHdr1 *p = 0;
+  void *pPg;
+
+  assert( sqlite3_mutex_held(pCache->pGroup->mutex) );
+  if( pCache->pFree || (pCache->nPage==0 && pcache1InitBulk(pCache)) ){
+    p = pCache->pFree;
+    pCache->pFree = p->pNext;
+    p->pNext = 0;
+  }else{
+#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
+    /* The group mutex must be released before pcache1Alloc() is called. This
+    ** is because it might call sqlite3_release_memory(), which assumes that 
+    ** this mutex is not held. */
+    assert( pcache1.separateCache==0 );
+    assert( pCache->pGroup==&pcache1.grp );
+    pcache1LeaveMutex(pCache->pGroup);
+#endif
+    if( benignMalloc ){ sqlite3BeginBenignMalloc(); }
+#ifdef SQLITE_PCACHE_SEPARATE_HEADER
+    pPg = pcache1Alloc(pCache->szPage);
+    p = sqlite3Malloc(sizeof(PgHdr1) + pCache->szExtra);
+    if( !pPg || !p ){
+      pcache1Free(pPg);
+      sqlite3_free(p);
+      pPg = 0;
+    }
+#else
+    pPg = pcache1Alloc(pCache->szAlloc);
+    p = (PgHdr1 *)&((u8 *)pPg)[pCache->szPage];
+#endif
+    if( benignMalloc ){ sqlite3EndBenignMalloc(); }
+#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
+    pcache1EnterMutex(pCache->pGroup);
+#endif
+    if( pPg==0 ) return 0;
+    p->page.pBuf = pPg;
+    p->page.pExtra = &p[1];
+    p->isBulkLocal = 0;
+    p->isAnchor = 0;
+  }
+  if( pCache->bPurgeable ){
+    pCache->pGroup->nCurrentPage++;
+  }
+  return p;
+}
+
+/*
+** Free a page object allocated by pcache1AllocPage().
+*/
+static void pcache1FreePage(PgHdr1 *p){
+  PCache1 *pCache;
+  assert( p!=0 );
+  pCache = p->pCache;
+  assert( sqlite3_mutex_held(p->pCache->pGroup->mutex) );
+  if( p->isBulkLocal ){
+    p->pNext = pCache->pFree;
+    pCache->pFree = p;
+  }else{
+    pcache1Free(p->page.pBuf);
+#ifdef SQLITE_PCACHE_SEPARATE_HEADER
+    sqlite3_free(p);
+#endif
+  }
+  if( pCache->bPurgeable ){
+    pCache->pGroup->nCurrentPage--;
+  }
+}
+
+/*
+** Malloc function used by SQLite to obtain space from the buffer configured
+** using sqlite3_config(SQLITE_CONFIG_PAGECACHE) option. If no such buffer
+** exists, this function falls back to sqlite3Malloc().
+*/
+SQLITE_PRIVATE void *sqlite3PageMalloc(int sz){
+  return pcache1Alloc(sz);
+}
+
+/*
+** Free an allocated buffer obtained from sqlite3PageMalloc().
+*/
+SQLITE_PRIVATE void sqlite3PageFree(void *p){
+  pcache1Free(p);
+}
+
+
+/*
+** Return true if it desirable to avoid allocating a new page cache
+** entry.
+**
+** If memory was allocated specifically to the page cache using
+** SQLITE_CONFIG_PAGECACHE but that memory has all been used, then
+** it is desirable to avoid allocating a new page cache entry because
+** presumably SQLITE_CONFIG_PAGECACHE was suppose to be sufficient
+** for all page cache needs and we should not need to spill the
+** allocation onto the heap.
+**
+** Or, the heap is used for all page cache memory but the heap is
+** under memory pressure, then again it is desirable to avoid
+** allocating a new page cache entry in order to avoid stressing
+** the heap even further.
+*/
+static int pcache1UnderMemoryPressure(PCache1 *pCache){
+  if( pcache1.nSlot && (pCache->szPage+pCache->szExtra)<=pcache1.szSlot ){
+    return pcache1.bUnderPressure;
+  }else{
+    return sqlite3HeapNearlyFull();
+  }
+}
+
+/******************************************************************************/
+/******** General Implementation Functions ************************************/
+
+/*
+** This function is used to resize the hash table used by the cache passed
+** as the first argument.
+**
+** The PCache mutex must be held when this function is called.
+*/
+static void pcache1ResizeHash(PCache1 *p){
+  PgHdr1 **apNew;
+  unsigned int nNew;
+  unsigned int i;
+
+  assert( sqlite3_mutex_held(p->pGroup->mutex) );
+
+  nNew = p->nHash*2;
+  if( nNew<256 ){
+    nNew = 256;
+  }
+
+  pcache1LeaveMutex(p->pGroup);
+  if( p->nHash ){ sqlite3BeginBenignMalloc(); }
+  apNew = (PgHdr1 **)sqlite3MallocZero(sizeof(PgHdr1 *)*nNew);
+  if( p->nHash ){ sqlite3EndBenignMalloc(); }
+  pcache1EnterMutex(p->pGroup);
+  if( apNew ){
+    for(i=0; i<p->nHash; i++){
+      PgHdr1 *pPage;
+      PgHdr1 *pNext = p->apHash[i];
+      while( (pPage = pNext)!=0 ){
+        unsigned int h = pPage->iKey % nNew;
+        pNext = pPage->pNext;
+        pPage->pNext = apNew[h];
+        apNew[h] = pPage;
+      }
+    }
+    sqlite3_free(p->apHash);
+    p->apHash = apNew;
+    p->nHash = nNew;
+  }
+}
+
+/*
+** This function is used internally to remove the page pPage from the 
+** PGroup LRU list, if is part of it. If pPage is not part of the PGroup
+** LRU list, then this function is a no-op.
+**
+** The PGroup mutex must be held when this function is called.
+*/
+static PgHdr1 *pcache1PinPage(PgHdr1 *pPage){
+  PCache1 *pCache;
+
+  assert( pPage!=0 );
+  assert( pPage->isPinned==0 );
+  pCache = pPage->pCache;
+  assert( pPage->pLruNext );
+  assert( pPage->pLruPrev );
+  assert( sqlite3_mutex_held(pCache->pGroup->mutex) );
+  pPage->pLruPrev->pLruNext = pPage->pLruNext;
+  pPage->pLruNext->pLruPrev = pPage->pLruPrev;
+  pPage->pLruNext = 0;
+  pPage->pLruPrev = 0;
+  pPage->isPinned = 1;
+  assert( pPage->isAnchor==0 );
+  assert( pCache->pGroup->lru.isAnchor==1 );
+  pCache->nRecyclable--;
+  return pPage;
+}
+
+
+/*
+** Remove the page supplied as an argument from the hash table 
+** (PCache1.apHash structure) that it is currently stored in.
+** Also free the page if freePage is true.
+**
+** The PGroup mutex must be held when this function is called.
+*/
+static void pcache1RemoveFromHash(PgHdr1 *pPage, int freeFlag){
+  unsigned int h;
+  PCache1 *pCache = pPage->pCache;
+  PgHdr1 **pp;
+
+  assert( sqlite3_mutex_held(pCache->pGroup->mutex) );
+  h = pPage->iKey % pCache->nHash;
+  for(pp=&pCache->apHash[h]; (*pp)!=pPage; pp=&(*pp)->pNext);
+  *pp = (*pp)->pNext;
+
+  pCache->nPage--;
+  if( freeFlag ) pcache1FreePage(pPage);
+}
+
+/*
+** If there are currently more than nMaxPage pages allocated, try
+** to recycle pages to reduce the number allocated to nMaxPage.
+*/
+static void pcache1EnforceMaxPage(PCache1 *pCache){
+  PGroup *pGroup = pCache->pGroup;
+  PgHdr1 *p;
+  assert( sqlite3_mutex_held(pGroup->mutex) );
+  while( pGroup->nCurrentPage>pGroup->nMaxPage
+      && (p=pGroup->lru.pLruPrev)->isAnchor==0
+  ){
+    assert( p->pCache->pGroup==pGroup );
+    assert( p->isPinned==0 );
+    pcache1PinPage(p);
+    pcache1RemoveFromHash(p, 1);
+  }
+  if( pCache->nPage==0 && pCache->pBulk ){
+    sqlite3_free(pCache->pBulk);
+    pCache->pBulk = pCache->pFree = 0;
+  }
+}
+
+/*
+** Discard all pages from cache pCache with a page number (key value) 
+** greater than or equal to iLimit. Any pinned pages that meet this 
+** criteria are unpinned before they are discarded.
+**
+** The PCache mutex must be held when this function is called.
+*/
+static void pcache1TruncateUnsafe(
+  PCache1 *pCache,             /* The cache to truncate */
+  unsigned int iLimit          /* Drop pages with this pgno or larger */
+){
+  TESTONLY( unsigned int nPage = 0; )  /* To assert pCache->nPage is correct */
+  unsigned int h;
+  assert( sqlite3_mutex_held(pCache->pGroup->mutex) );
+  for(h=0; h<pCache->nHash; h++){
+    PgHdr1 **pp = &pCache->apHash[h]; 
+    PgHdr1 *pPage;
+    while( (pPage = *pp)!=0 ){
+      if( pPage->iKey>=iLimit ){
+        pCache->nPage--;
+        *pp = pPage->pNext;
+        if( !pPage->isPinned ) pcache1PinPage(pPage);
+        pcache1FreePage(pPage);
+      }else{
+        pp = &pPage->pNext;
+        TESTONLY( nPage++; )
+      }
+    }
+  }
+  assert( pCache->nPage==nPage );
+}
+
+/******************************************************************************/
+/******** sqlite3_pcache Methods **********************************************/
+
+/*
+** Implementation of the sqlite3_pcache.xInit method.
+*/
+static int pcache1Init(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  assert( pcache1.isInit==0 );
+  memset(&pcache1, 0, sizeof(pcache1));
+
+
+  /*
+  ** The pcache1.separateCache variable is true if each PCache has its own
+  ** private PGroup (mode-1).  pcache1.separateCache is false if the single
+  ** PGroup in pcache1.grp is used for all page caches (mode-2).
+  **
+  **   *  Always use a unified cache (mode-2) if ENABLE_MEMORY_MANAGEMENT
+  **
+  **   *  Use a unified cache in single-threaded applications that have
+  **      configured a start-time buffer for use as page-cache memory using
+  **      sqlite3_config(SQLITE_CONFIG_PAGECACHE, pBuf, sz, N) with non-NULL 
+  **      pBuf argument.
+  **
+  **   *  Otherwise use separate caches (mode-1)
+  */
+#if defined(SQLITE_ENABLE_MEMORY_MANAGEMENT)
+  pcache1.separateCache = 0;
+#elif SQLITE_THREADSAFE
+  pcache1.separateCache = sqlite3GlobalConfig.pPage==0
+                          || sqlite3GlobalConfig.bCoreMutex>0;
+#else
+  pcache1.separateCache = sqlite3GlobalConfig.pPage==0;
+#endif
+
+#if SQLITE_THREADSAFE
+  if( sqlite3GlobalConfig.bCoreMutex ){
+    pcache1.grp.mutex = sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_LRU);
+    pcache1.mutex = sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_PMEM);
+  }
+#endif
+  if( pcache1.separateCache
+   && sqlite3GlobalConfig.nPage!=0
+   && sqlite3GlobalConfig.pPage==0
+  ){
+    pcache1.nInitPage = sqlite3GlobalConfig.nPage;
+  }else{
+    pcache1.nInitPage = 0;
+  }
+  pcache1.grp.mxPinned = 10;
+  pcache1.isInit = 1;
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of the sqlite3_pcache.xShutdown method.
+** Note that the static mutex allocated in xInit does 
+** not need to be freed.
+*/
+static void pcache1Shutdown(void *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  assert( pcache1.isInit!=0 );
+  memset(&pcache1, 0, sizeof(pcache1));
+}
+
+/* forward declaration */
+static void pcache1Destroy(sqlite3_pcache *p);
+
+/*
+** Implementation of the sqlite3_pcache.xCreate method.
+**
+** Allocate a new cache.
+*/
+static sqlite3_pcache *pcache1Create(int szPage, int szExtra, int bPurgeable){
+  PCache1 *pCache;      /* The newly created page cache */
+  PGroup *pGroup;       /* The group the new page cache will belong to */
+  int sz;               /* Bytes of memory required to allocate the new cache */
+
+  assert( (szPage & (szPage-1))==0 && szPage>=512 && szPage<=65536 );
+  assert( szExtra < 300 );
+
+  sz = sizeof(PCache1) + sizeof(PGroup)*pcache1.separateCache;
+  pCache = (PCache1 *)sqlite3MallocZero(sz);
+  if( pCache ){
+    if( pcache1.separateCache ){
+      pGroup = (PGroup*)&pCache[1];
+      pGroup->mxPinned = 10;
+    }else{
+      pGroup = &pcache1.grp;
+    }
+    if( pGroup->lru.isAnchor==0 ){
+      pGroup->lru.isAnchor = 1;
+      pGroup->lru.pLruPrev = pGroup->lru.pLruNext = &pGroup->lru;
+    }
+    pCache->pGroup = pGroup;
+    pCache->szPage = szPage;
+    pCache->szExtra = szExtra;
+    pCache->szAlloc = szPage + szExtra + ROUND8(sizeof(PgHdr1));
+    pCache->bPurgeable = (bPurgeable ? 1 : 0);
+    pcache1EnterMutex(pGroup);
+    pcache1ResizeHash(pCache);
+    if( bPurgeable ){
+      pCache->nMin = 10;
+      pGroup->nMinPage += pCache->nMin;
+      pGroup->mxPinned = pGroup->nMaxPage + 10 - pGroup->nMinPage;
+    }
+    pcache1LeaveMutex(pGroup);
+    if( pCache->nHash==0 ){
+      pcache1Destroy((sqlite3_pcache*)pCache);
+      pCache = 0;
+    }
+  }
+  return (sqlite3_pcache *)pCache;
+}
+
+/*
+** Implementation of the sqlite3_pcache.xCachesize method. 
+**
+** Configure the cache_size limit for a cache.
+*/
+static void pcache1Cachesize(sqlite3_pcache *p, int nMax){
+  PCache1 *pCache = (PCache1 *)p;
+  if( pCache->bPurgeable ){
+    PGroup *pGroup = pCache->pGroup;
+    pcache1EnterMutex(pGroup);
+    pGroup->nMaxPage += (nMax - pCache->nMax);
+    pGroup->mxPinned = pGroup->nMaxPage + 10 - pGroup->nMinPage;
+    pCache->nMax = nMax;
+    pCache->n90pct = pCache->nMax*9/10;
+    pcache1EnforceMaxPage(pCache);
+    pcache1LeaveMutex(pGroup);
+  }
+}
+
+/*
+** Implementation of the sqlite3_pcache.xShrink method. 
+**
+** Free up as much memory as possible.
+*/
+static void pcache1Shrink(sqlite3_pcache *p){
+  PCache1 *pCache = (PCache1*)p;
+  if( pCache->bPurgeable ){
+    PGroup *pGroup = pCache->pGroup;
+    int savedMaxPage;
+    pcache1EnterMutex(pGroup);
+    savedMaxPage = pGroup->nMaxPage;
+    pGroup->nMaxPage = 0;
+    pcache1EnforceMaxPage(pCache);
+    pGroup->nMaxPage = savedMaxPage;
+    pcache1LeaveMutex(pGroup);
+  }
+}
+
+/*
+** Implementation of the sqlite3_pcache.xPagecount method. 
+*/
+static int pcache1Pagecount(sqlite3_pcache *p){
+  int n;
+  PCache1 *pCache = (PCache1*)p;
+  pcache1EnterMutex(pCache->pGroup);
+  n = pCache->nPage;
+  pcache1LeaveMutex(pCache->pGroup);
+  return n;
+}
+
+
+/*
+** Implement steps 3, 4, and 5 of the pcache1Fetch() algorithm described
+** in the header of the pcache1Fetch() procedure.
+**
+** This steps are broken out into a separate procedure because they are
+** usually not needed, and by avoiding the stack initialization required
+** for these steps, the main pcache1Fetch() procedure can run faster.
+*/
+static SQLITE_NOINLINE PgHdr1 *pcache1FetchStage2(
+  PCache1 *pCache, 
+  unsigned int iKey, 
+  int createFlag
+){
+  unsigned int nPinned;
+  PGroup *pGroup = pCache->pGroup;
+  PgHdr1 *pPage = 0;
+
+  /* Step 3: Abort if createFlag is 1 but the cache is nearly full */
+  assert( pCache->nPage >= pCache->nRecyclable );
+  nPinned = pCache->nPage - pCache->nRecyclable;
+  assert( pGroup->mxPinned == pGroup->nMaxPage + 10 - pGroup->nMinPage );
+  assert( pCache->n90pct == pCache->nMax*9/10 );
+  if( createFlag==1 && (
+        nPinned>=pGroup->mxPinned
+     || nPinned>=pCache->n90pct
+     || (pcache1UnderMemoryPressure(pCache) && pCache->nRecyclable<nPinned)
+  )){
+    return 0;
+  }
+
+  if( pCache->nPage>=pCache->nHash ) pcache1ResizeHash(pCache);
+  assert( pCache->nHash>0 && pCache->apHash );
+
+  /* Step 4. Try to recycle a page. */
+  if( pCache->bPurgeable
+   && !pGroup->lru.pLruPrev->isAnchor
+   && ((pCache->nPage+1>=pCache->nMax) || pcache1UnderMemoryPressure(pCache))
+  ){
+    PCache1 *pOther;
+    pPage = pGroup->lru.pLruPrev;
+    assert( pPage->isPinned==0 );
+    pcache1RemoveFromHash(pPage, 0);
+    pcache1PinPage(pPage);
+    pOther = pPage->pCache;
+    if( pOther->szAlloc != pCache->szAlloc ){
+      pcache1FreePage(pPage);
+      pPage = 0;
+    }else{
+      pGroup->nCurrentPage -= (pOther->bPurgeable - pCache->bPurgeable);
+    }
+  }
+
+  /* Step 5. If a usable page buffer has still not been found, 
+  ** attempt to allocate a new one. 
+  */
+  if( !pPage ){
+    pPage = pcache1AllocPage(pCache, createFlag==1);
+  }
+
+  if( pPage ){
+    unsigned int h = iKey % pCache->nHash;
+    pCache->nPage++;
+    pPage->iKey = iKey;
+    pPage->pNext = pCache->apHash[h];
+    pPage->pCache = pCache;
+    pPage->pLruPrev = 0;
+    pPage->pLruNext = 0;
+    pPage->isPinned = 1;
+    *(void **)pPage->page.pExtra = 0;
+    pCache->apHash[h] = pPage;
+    if( iKey>pCache->iMaxKey ){
+      pCache->iMaxKey = iKey;
+    }
+  }
+  return pPage;
+}
+
+/*
+** Implementation of the sqlite3_pcache.xFetch method. 
+**
+** Fetch a page by key value.
+**
+** Whether or not a new page may be allocated by this function depends on
+** the value of the createFlag argument.  0 means do not allocate a new
+** page.  1 means allocate a new page if space is easily available.  2 
+** means to try really hard to allocate a new page.
+**
+** For a non-purgeable cache (a cache used as the storage for an in-memory
+** database) there is really no difference between createFlag 1 and 2.  So
+** the calling function (pcache.c) will never have a createFlag of 1 on
+** a non-purgeable cache.
+**
+** There are three different approaches to obtaining space for a page,
+** depending on the value of parameter createFlag (which may be 0, 1 or 2).
+**
+**   1. Regardless of the value of createFlag, the cache is searched for a 
+**      copy of the requested page. If one is found, it is returned.
+**
+**   2. If createFlag==0 and the page is not already in the cache, NULL is
+**      returned.
+**
+**   3. If createFlag is 1, and the page is not already in the cache, then
+**      return NULL (do not allocate a new page) if any of the following
+**      conditions are true:
+**
+**       (a) the number of pages pinned by the cache is greater than
+**           PCache1.nMax, or
+**
+**       (b) the number of pages pinned by the cache is greater than
+**           the sum of nMax for all purgeable caches, less the sum of 
+**           nMin for all other purgeable caches, or
+**
+**   4. If none of the first three conditions apply and the cache is marked
+**      as purgeable, and if one of the following is true:
+**
+**       (a) The number of pages allocated for the cache is already 
+**           PCache1.nMax, or
+**
+**       (b) The number of pages allocated for all purgeable caches is
+**           already equal to or greater than the sum of nMax for all
+**           purgeable caches,
+**
+**       (c) The system is under memory pressure and wants to avoid
+**           unnecessary pages cache entry allocations
+**
+**      then attempt to recycle a page from the LRU list. If it is the right
+**      size, return the recycled buffer. Otherwise, free the buffer and
+**      proceed to step 5. 
+**
+**   5. Otherwise, allocate and return a new page buffer.
+**
+** There are two versions of this routine.  pcache1FetchWithMutex() is
+** the general case.  pcache1FetchNoMutex() is a faster implementation for
+** the common case where pGroup->mutex is NULL.  The pcache1Fetch() wrapper
+** invokes the appropriate routine.
+*/
+static PgHdr1 *pcache1FetchNoMutex(
+  sqlite3_pcache *p, 
+  unsigned int iKey, 
+  int createFlag
+){
+  PCache1 *pCache = (PCache1 *)p;
+  PgHdr1 *pPage = 0;
+
+  /* Step 1: Search the hash table for an existing entry. */
+  pPage = pCache->apHash[iKey % pCache->nHash];
+  while( pPage && pPage->iKey!=iKey ){ pPage = pPage->pNext; }
+
+  /* Step 2: If the page was found in the hash table, then return it.
+  ** If the page was not in the hash table and createFlag is 0, abort.
+  ** Otherwise (page not in hash and createFlag!=0) continue with
+  ** subsequent steps to try to create the page. */
+  if( pPage ){
+    if( !pPage->isPinned ){
+      return pcache1PinPage(pPage);
+    }else{
+      return pPage;
+    }
+  }else if( createFlag ){
+    /* Steps 3, 4, and 5 implemented by this subroutine */
+    return pcache1FetchStage2(pCache, iKey, createFlag);
+  }else{
+    return 0;
+  }
+}
+#if PCACHE1_MIGHT_USE_GROUP_MUTEX
+static PgHdr1 *pcache1FetchWithMutex(
+  sqlite3_pcache *p, 
+  unsigned int iKey, 
+  int createFlag
+){
+  PCache1 *pCache = (PCache1 *)p;
+  PgHdr1 *pPage;
+
+  pcache1EnterMutex(pCache->pGroup);
+  pPage = pcache1FetchNoMutex(p, iKey, createFlag);
+  assert( pPage==0 || pCache->iMaxKey>=iKey );
+  pcache1LeaveMutex(pCache->pGroup);
+  return pPage;
+}
+#endif
+static sqlite3_pcache_page *pcache1Fetch(
+  sqlite3_pcache *p, 
+  unsigned int iKey, 
+  int createFlag
+){
+#if PCACHE1_MIGHT_USE_GROUP_MUTEX || defined(SQLITE_DEBUG)
+  PCache1 *pCache = (PCache1 *)p;
+#endif
+
+  assert( offsetof(PgHdr1,page)==0 );
+  assert( pCache->bPurgeable || createFlag!=1 );
+  assert( pCache->bPurgeable || pCache->nMin==0 );
+  assert( pCache->bPurgeable==0 || pCache->nMin==10 );
+  assert( pCache->nMin==0 || pCache->bPurgeable );
+  assert( pCache->nHash>0 );
+#if PCACHE1_MIGHT_USE_GROUP_MUTEX
+  if( pCache->pGroup->mutex ){
+    return (sqlite3_pcache_page*)pcache1FetchWithMutex(p, iKey, createFlag);
+  }else
+#endif
+  {
+    return (sqlite3_pcache_page*)pcache1FetchNoMutex(p, iKey, createFlag);
+  }
+}
+
+
+/*
+** Implementation of the sqlite3_pcache.xUnpin method.
+**
+** Mark a page as unpinned (eligible for asynchronous recycling).
+*/
+static void pcache1Unpin(
+  sqlite3_pcache *p, 
+  sqlite3_pcache_page *pPg, 
+  int reuseUnlikely
+){
+  PCache1 *pCache = (PCache1 *)p;
+  PgHdr1 *pPage = (PgHdr1 *)pPg;
+  PGroup *pGroup = pCache->pGroup;
+ 
+  assert( pPage->pCache==pCache );
+  pcache1EnterMutex(pGroup);
+
+  /* It is an error to call this function if the page is already 
+  ** part of the PGroup LRU list.
+  */
+  assert( pPage->pLruPrev==0 && pPage->pLruNext==0 );
+  assert( pPage->isPinned==1 );
+
+  if( reuseUnlikely || pGroup->nCurrentPage>pGroup->nMaxPage ){
+    pcache1RemoveFromHash(pPage, 1);
+  }else{
+    /* Add the page to the PGroup LRU list. */
+    PgHdr1 **ppFirst = &pGroup->lru.pLruNext;
+    pPage->pLruPrev = &pGroup->lru;
+    (pPage->pLruNext = *ppFirst)->pLruPrev = pPage;
+    *ppFirst = pPage;
+    pCache->nRecyclable++;
+    pPage->isPinned = 0;
+  }
+
+  pcache1LeaveMutex(pCache->pGroup);
+}
+
+/*
+** Implementation of the sqlite3_pcache.xRekey method. 
+*/
+static void pcache1Rekey(
+  sqlite3_pcache *p,
+  sqlite3_pcache_page *pPg,
+  unsigned int iOld,
+  unsigned int iNew
+){
+  PCache1 *pCache = (PCache1 *)p;
+  PgHdr1 *pPage = (PgHdr1 *)pPg;
+  PgHdr1 **pp;
+  unsigned int h; 
+  assert( pPage->iKey==iOld );
+  assert( pPage->pCache==pCache );
+
+  pcache1EnterMutex(pCache->pGroup);
+
+  h = iOld%pCache->nHash;
+  pp = &pCache->apHash[h];
+  while( (*pp)!=pPage ){
+    pp = &(*pp)->pNext;
+  }
+  *pp = pPage->pNext;
+
+  h = iNew%pCache->nHash;
+  pPage->iKey = iNew;
+  pPage->pNext = pCache->apHash[h];
+  pCache->apHash[h] = pPage;
+  if( iNew>pCache->iMaxKey ){
+    pCache->iMaxKey = iNew;
+  }
+
+  pcache1LeaveMutex(pCache->pGroup);
+}
+
+/*
+** Implementation of the sqlite3_pcache.xTruncate method. 
+**
+** Discard all unpinned pages in the cache with a page number equal to
+** or greater than parameter iLimit. Any pinned pages with a page number
+** equal to or greater than iLimit are implicitly unpinned.
+*/
+static void pcache1Truncate(sqlite3_pcache *p, unsigned int iLimit){
+  PCache1 *pCache = (PCache1 *)p;
+  pcache1EnterMutex(pCache->pGroup);
+  if( iLimit<=pCache->iMaxKey ){
+    pcache1TruncateUnsafe(pCache, iLimit);
+    pCache->iMaxKey = iLimit-1;
+  }
+  pcache1LeaveMutex(pCache->pGroup);
+}
+
+/*
+** Implementation of the sqlite3_pcache.xDestroy method. 
+**
+** Destroy a cache allocated using pcache1Create().
+*/
+static void pcache1Destroy(sqlite3_pcache *p){
+  PCache1 *pCache = (PCache1 *)p;
+  PGroup *pGroup = pCache->pGroup;
+  assert( pCache->bPurgeable || (pCache->nMax==0 && pCache->nMin==0) );
+  pcache1EnterMutex(pGroup);
+  pcache1TruncateUnsafe(pCache, 0);
+  assert( pGroup->nMaxPage >= pCache->nMax );
+  pGroup->nMaxPage -= pCache->nMax;
+  assert( pGroup->nMinPage >= pCache->nMin );
+  pGroup->nMinPage -= pCache->nMin;
+  pGroup->mxPinned = pGroup->nMaxPage + 10 - pGroup->nMinPage;
+  pcache1EnforceMaxPage(pCache);
+  pcache1LeaveMutex(pGroup);
+  sqlite3_free(pCache->pBulk);
+  sqlite3_free(pCache->apHash);
+  sqlite3_free(pCache);
+}
+
+/*
+** This function is called during initialization (sqlite3_initialize()) to
+** install the default pluggable cache module, assuming the user has not
+** already provided an alternative.
+*/
+SQLITE_PRIVATE void sqlite3PCacheSetDefault(void){
+  static const sqlite3_pcache_methods2 defaultMethods = {
+    1,                       /* iVersion */
+    0,                       /* pArg */
+    pcache1Init,             /* xInit */
+    pcache1Shutdown,         /* xShutdown */
+    pcache1Create,           /* xCreate */
+    pcache1Cachesize,        /* xCachesize */
+    pcache1Pagecount,        /* xPagecount */
+    pcache1Fetch,            /* xFetch */
+    pcache1Unpin,            /* xUnpin */
+    pcache1Rekey,            /* xRekey */
+    pcache1Truncate,         /* xTruncate */
+    pcache1Destroy,          /* xDestroy */
+    pcache1Shrink            /* xShrink */
+  };
+  sqlite3_config(SQLITE_CONFIG_PCACHE2, &defaultMethods);
+}
+
+/*
+** Return the size of the header on each page of this PCACHE implementation.
+*/
+SQLITE_PRIVATE int sqlite3HeaderSizePcache1(void){ return ROUND8(sizeof(PgHdr1)); }
+
+/*
+** Return the global mutex used by this PCACHE implementation.  The
+** sqlite3_status() routine needs access to this mutex.
+*/
+SQLITE_PRIVATE sqlite3_mutex *sqlite3Pcache1Mutex(void){
+  return pcache1.mutex;
+}
+
+#ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
+/*
+** This function is called to free superfluous dynamically allocated memory
+** held by the pager system. Memory in use by any SQLite pager allocated
+** by the current thread may be sqlite3_free()ed.
+**
+** nReq is the number of bytes of memory required. Once this much has
+** been released, the function returns. The return value is the total number 
+** of bytes of memory released.
+*/
+SQLITE_PRIVATE int sqlite3PcacheReleaseMemory(int nReq){
+  int nFree = 0;
+  assert( sqlite3_mutex_notheld(pcache1.grp.mutex) );
+  assert( sqlite3_mutex_notheld(pcache1.mutex) );
+  if( sqlite3GlobalConfig.nPage==0 ){
+    PgHdr1 *p;
+    pcache1EnterMutex(&pcache1.grp);
+    while( (nReq<0 || nFree<nReq)
+       &&  (p=pcache1.grp.lru.pLruPrev)!=0
+       &&  p->isAnchor==0
+    ){
+      nFree += pcache1MemSize(p->page.pBuf);
+#ifdef SQLITE_PCACHE_SEPARATE_HEADER
+      nFree += sqlite3MemSize(p);
+#endif
+      assert( p->isPinned==0 );
+      pcache1PinPage(p);
+      pcache1RemoveFromHash(p, 1);
+    }
+    pcache1LeaveMutex(&pcache1.grp);
+  }
+  return nFree;
+}
+#endif /* SQLITE_ENABLE_MEMORY_MANAGEMENT */
+
+#ifdef SQLITE_TEST
+/*
+** This function is used by test procedures to inspect the internal state
+** of the global cache.
+*/
+SQLITE_PRIVATE void sqlite3PcacheStats(
+  int *pnCurrent,      /* OUT: Total number of pages cached */
+  int *pnMax,          /* OUT: Global maximum cache size */
+  int *pnMin,          /* OUT: Sum of PCache1.nMin for purgeable caches */
+  int *pnRecyclable    /* OUT: Total number of pages available for recycling */
+){
+  PgHdr1 *p;
+  int nRecyclable = 0;
+  for(p=pcache1.grp.lru.pLruNext; p && !p->isAnchor; p=p->pLruNext){
+    assert( p->isPinned==0 );
+    nRecyclable++;
+  }
+  *pnCurrent = pcache1.grp.nCurrentPage;
+  *pnMax = (int)pcache1.grp.nMaxPage;
+  *pnMin = (int)pcache1.grp.nMinPage;
+  *pnRecyclable = nRecyclable;
+}
+#endif
+
+/************** End of pcache1.c *********************************************/
+/************** Begin file rowset.c ******************************************/
+/*
+** 2008 December 3
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This module implements an object we call a "RowSet".
+**
+** The RowSet object is a collection of rowids.  Rowids
+** are inserted into the RowSet in an arbitrary order.  Inserts
+** can be intermixed with tests to see if a given rowid has been
+** previously inserted into the RowSet.
+**
+** After all inserts are finished, it is possible to extract the
+** elements of the RowSet in sorted order.  Once this extraction
+** process has started, no new elements may be inserted.
+**
+** Hence, the primitive operations for a RowSet are:
+**
+**    CREATE
+**    INSERT
+**    TEST
+**    SMALLEST
+**    DESTROY
+**
+** The CREATE and DESTROY primitives are the constructor and destructor,
+** obviously.  The INSERT primitive adds a new element to the RowSet.
+** TEST checks to see if an element is already in the RowSet.  SMALLEST
+** extracts the least value from the RowSet.
+**
+** The INSERT primitive might allocate additional memory.  Memory is
+** allocated in chunks so most INSERTs do no allocation.  There is an 
+** upper bound on the size of allocated memory.  No memory is freed
+** until DESTROY.
+**
+** The TEST primitive includes a "batch" number.  The TEST primitive
+** will only see elements that were inserted before the last change
+** in the batch number.  In other words, if an INSERT occurs between
+** two TESTs where the TESTs have the same batch nubmer, then the
+** value added by the INSERT will not be visible to the second TEST.
+** The initial batch number is zero, so if the very first TEST contains
+** a non-zero batch number, it will see all prior INSERTs.
+**
+** No INSERTs may occurs after a SMALLEST.  An assertion will fail if
+** that is attempted.
+**
+** The cost of an INSERT is roughly constant.  (Sometimes new memory
+** has to be allocated on an INSERT.)  The cost of a TEST with a new
+** batch number is O(NlogN) where N is the number of elements in the RowSet.
+** The cost of a TEST using the same batch number is O(logN).  The cost
+** of the first SMALLEST is O(NlogN).  Second and subsequent SMALLEST
+** primitives are constant time.  The cost of DESTROY is O(N).
+**
+** There is an added cost of O(N) when switching between TEST and
+** SMALLEST primitives.
+*/
+/* #include "sqliteInt.h" */
+
+
+/*
+** Target size for allocation chunks.
+*/
+#define ROWSET_ALLOCATION_SIZE 1024
+
+/*
+** The number of rowset entries per allocation chunk.
+*/
+#define ROWSET_ENTRY_PER_CHUNK  \
+                       ((ROWSET_ALLOCATION_SIZE-8)/sizeof(struct RowSetEntry))
+
+/*
+** Each entry in a RowSet is an instance of the following object.
+**
+** This same object is reused to store a linked list of trees of RowSetEntry
+** objects.  In that alternative use, pRight points to the next entry
+** in the list, pLeft points to the tree, and v is unused.  The
+** RowSet.pForest value points to the head of this forest list.
+*/
+struct RowSetEntry {            
+  i64 v;                        /* ROWID value for this entry */
+  struct RowSetEntry *pRight;   /* Right subtree (larger entries) or list */
+  struct RowSetEntry *pLeft;    /* Left subtree (smaller entries) */
+};
+
+/*
+** RowSetEntry objects are allocated in large chunks (instances of the
+** following structure) to reduce memory allocation overhead.  The
+** chunks are kept on a linked list so that they can be deallocated
+** when the RowSet is destroyed.
+*/
+struct RowSetChunk {
+  struct RowSetChunk *pNextChunk;        /* Next chunk on list of them all */
+  struct RowSetEntry aEntry[ROWSET_ENTRY_PER_CHUNK]; /* Allocated entries */
+};
+
+/*
+** A RowSet in an instance of the following structure.
+**
+** A typedef of this structure if found in sqliteInt.h.
+*/
+struct RowSet {
+  struct RowSetChunk *pChunk;    /* List of all chunk allocations */
+  sqlite3 *db;                   /* The database connection */
+  struct RowSetEntry *pEntry;    /* List of entries using pRight */
+  struct RowSetEntry *pLast;     /* Last entry on the pEntry list */
+  struct RowSetEntry *pFresh;    /* Source of new entry objects */
+  struct RowSetEntry *pForest;   /* List of binary trees of entries */
+  u16 nFresh;                    /* Number of objects on pFresh */
+  u16 rsFlags;                   /* Various flags */
+  int iBatch;                    /* Current insert batch */
+};
+
+/*
+** Allowed values for RowSet.rsFlags
+*/
+#define ROWSET_SORTED  0x01   /* True if RowSet.pEntry is sorted */
+#define ROWSET_NEXT    0x02   /* True if sqlite3RowSetNext() has been called */
+
+/*
+** Turn bulk memory into a RowSet object.  N bytes of memory
+** are available at pSpace.  The db pointer is used as a memory context
+** for any subsequent allocations that need to occur.
+** Return a pointer to the new RowSet object.
+**
+** It must be the case that N is sufficient to make a Rowset.  If not
+** an assertion fault occurs.
+** 
+** If N is larger than the minimum, use the surplus as an initial
+** allocation of entries available to be filled.
+*/
+SQLITE_PRIVATE RowSet *sqlite3RowSetInit(sqlite3 *db, void *pSpace, unsigned int N){
+  RowSet *p;
+  assert( N >= ROUND8(sizeof(*p)) );
+  p = pSpace;
+  p->pChunk = 0;
+  p->db = db;
+  p->pEntry = 0;
+  p->pLast = 0;
+  p->pForest = 0;
+  p->pFresh = (struct RowSetEntry*)(ROUND8(sizeof(*p)) + (char*)p);
+  p->nFresh = (u16)((N - ROUND8(sizeof(*p)))/sizeof(struct RowSetEntry));
+  p->rsFlags = ROWSET_SORTED;
+  p->iBatch = 0;
+  return p;
+}
+
+/*
+** Deallocate all chunks from a RowSet.  This frees all memory that
+** the RowSet has allocated over its lifetime.  This routine is
+** the destructor for the RowSet.
+*/
+SQLITE_PRIVATE void sqlite3RowSetClear(RowSet *p){
+  struct RowSetChunk *pChunk, *pNextChunk;
+  for(pChunk=p->pChunk; pChunk; pChunk = pNextChunk){
+    pNextChunk = pChunk->pNextChunk;
+    sqlite3DbFree(p->db, pChunk);
+  }
+  p->pChunk = 0;
+  p->nFresh = 0;
+  p->pEntry = 0;
+  p->pLast = 0;
+  p->pForest = 0;
+  p->rsFlags = ROWSET_SORTED;
+}
+
+/*
+** Allocate a new RowSetEntry object that is associated with the
+** given RowSet.  Return a pointer to the new and completely uninitialized
+** objected.
+**
+** In an OOM situation, the RowSet.db->mallocFailed flag is set and this
+** routine returns NULL.
+*/
+static struct RowSetEntry *rowSetEntryAlloc(RowSet *p){
+  assert( p!=0 );
+  if( p->nFresh==0 ){
+    struct RowSetChunk *pNew;
+    pNew = sqlite3DbMallocRaw(p->db, sizeof(*pNew));
+    if( pNew==0 ){
+      return 0;
+    }
+    pNew->pNextChunk = p->pChunk;
+    p->pChunk = pNew;
+    p->pFresh = pNew->aEntry;
+    p->nFresh = ROWSET_ENTRY_PER_CHUNK;
+  }
+  p->nFresh--;
+  return p->pFresh++;
+}
+
+/*
+** Insert a new value into a RowSet.
+**
+** The mallocFailed flag of the database connection is set if a
+** memory allocation fails.
+*/
+SQLITE_PRIVATE void sqlite3RowSetInsert(RowSet *p, i64 rowid){
+  struct RowSetEntry *pEntry;  /* The new entry */
+  struct RowSetEntry *pLast;   /* The last prior entry */
+
+  /* This routine is never called after sqlite3RowSetNext() */
+  assert( p!=0 && (p->rsFlags & ROWSET_NEXT)==0 );
+
+  pEntry = rowSetEntryAlloc(p);
+  if( pEntry==0 ) return;
+  pEntry->v = rowid;
+  pEntry->pRight = 0;
+  pLast = p->pLast;
+  if( pLast ){
+    if( (p->rsFlags & ROWSET_SORTED)!=0 && rowid<=pLast->v ){
+      p->rsFlags &= ~ROWSET_SORTED;
+    }
+    pLast->pRight = pEntry;
+  }else{
+    p->pEntry = pEntry;
+  }
+  p->pLast = pEntry;
+}
+
+/*
+** Merge two lists of RowSetEntry objects.  Remove duplicates.
+**
+** The input lists are connected via pRight pointers and are 
+** assumed to each already be in sorted order.
+*/
+static struct RowSetEntry *rowSetEntryMerge(
+  struct RowSetEntry *pA,    /* First sorted list to be merged */
+  struct RowSetEntry *pB     /* Second sorted list to be merged */
+){
+  struct RowSetEntry head;
+  struct RowSetEntry *pTail;
+
+  pTail = &head;
+  while( pA && pB ){
+    assert( pA->pRight==0 || pA->v<=pA->pRight->v );
+    assert( pB->pRight==0 || pB->v<=pB->pRight->v );
+    if( pA->v<pB->v ){
+      pTail->pRight = pA;
+      pA = pA->pRight;
+      pTail = pTail->pRight;
+    }else if( pB->v<pA->v ){
+      pTail->pRight = pB;
+      pB = pB->pRight;
+      pTail = pTail->pRight;
+    }else{
+      pA = pA->pRight;
+    }
+  }
+  if( pA ){
+    assert( pA->pRight==0 || pA->v<=pA->pRight->v );
+    pTail->pRight = pA;
+  }else{
+    assert( pB==0 || pB->pRight==0 || pB->v<=pB->pRight->v );
+    pTail->pRight = pB;
+  }
+  return head.pRight;
+}
+
+/*
+** Sort all elements on the list of RowSetEntry objects into order of
+** increasing v.
+*/ 
+static struct RowSetEntry *rowSetEntrySort(struct RowSetEntry *pIn){
+  unsigned int i;
+  struct RowSetEntry *pNext, *aBucket[40];
+
+  memset(aBucket, 0, sizeof(aBucket));
+  while( pIn ){
+    pNext = pIn->pRight;
+    pIn->pRight = 0;
+    for(i=0; aBucket[i]; i++){
+      pIn = rowSetEntryMerge(aBucket[i], pIn);
+      aBucket[i] = 0;
+    }
+    aBucket[i] = pIn;
+    pIn = pNext;
+  }
+  pIn = 0;
+  for(i=0; i<sizeof(aBucket)/sizeof(aBucket[0]); i++){
+    pIn = rowSetEntryMerge(pIn, aBucket[i]);
+  }
+  return pIn;
+}
+
+
+/*
+** The input, pIn, is a binary tree (or subtree) of RowSetEntry objects.
+** Convert this tree into a linked list connected by the pRight pointers
+** and return pointers to the first and last elements of the new list.
+*/
+static void rowSetTreeToList(
+  struct RowSetEntry *pIn,         /* Root of the input tree */
+  struct RowSetEntry **ppFirst,    /* Write head of the output list here */
+  struct RowSetEntry **ppLast      /* Write tail of the output list here */
+){
+  assert( pIn!=0 );
+  if( pIn->pLeft ){
+    struct RowSetEntry *p;
+    rowSetTreeToList(pIn->pLeft, ppFirst, &p);
+    p->pRight = pIn;
+  }else{
+    *ppFirst = pIn;
+  }
+  if( pIn->pRight ){
+    rowSetTreeToList(pIn->pRight, &pIn->pRight, ppLast);
+  }else{
+    *ppLast = pIn;
+  }
+  assert( (*ppLast)->pRight==0 );
+}
+
+
+/*
+** Convert a sorted list of elements (connected by pRight) into a binary
+** tree with depth of iDepth.  A depth of 1 means the tree contains a single
+** node taken from the head of *ppList.  A depth of 2 means a tree with
+** three nodes.  And so forth.
+**
+** Use as many entries from the input list as required and update the
+** *ppList to point to the unused elements of the list.  If the input
+** list contains too few elements, then construct an incomplete tree
+** and leave *ppList set to NULL.
+**
+** Return a pointer to the root of the constructed binary tree.
+*/
+static struct RowSetEntry *rowSetNDeepTree(
+  struct RowSetEntry **ppList,
+  int iDepth
+){
+  struct RowSetEntry *p;         /* Root of the new tree */
+  struct RowSetEntry *pLeft;     /* Left subtree */
+  if( *ppList==0 ){
+    return 0;
+  }
+  if( iDepth==1 ){
+    p = *ppList;
+    *ppList = p->pRight;
+    p->pLeft = p->pRight = 0;
+    return p;
+  }
+  pLeft = rowSetNDeepTree(ppList, iDepth-1);
+  p = *ppList;
+  if( p==0 ){
+    return pLeft;
+  }
+  p->pLeft = pLeft;
+  *ppList = p->pRight;
+  p->pRight = rowSetNDeepTree(ppList, iDepth-1);
+  return p;
+}
+
+/*
+** Convert a sorted list of elements into a binary tree. Make the tree
+** as deep as it needs to be in order to contain the entire list.
+*/
+static struct RowSetEntry *rowSetListToTree(struct RowSetEntry *pList){
+  int iDepth;           /* Depth of the tree so far */
+  struct RowSetEntry *p;       /* Current tree root */
+  struct RowSetEntry *pLeft;   /* Left subtree */
+
+  assert( pList!=0 );
+  p = pList;
+  pList = p->pRight;
+  p->pLeft = p->pRight = 0;
+  for(iDepth=1; pList; iDepth++){
+    pLeft = p;
+    p = pList;
+    pList = p->pRight;
+    p->pLeft = pLeft;
+    p->pRight = rowSetNDeepTree(&pList, iDepth);
+  }
+  return p;
+}
+
+/*
+** Take all the entries on p->pEntry and on the trees in p->pForest and
+** sort them all together into one big ordered list on p->pEntry.
+**
+** This routine should only be called once in the life of a RowSet.
+*/
+static void rowSetToList(RowSet *p){
+
+  /* This routine is called only once */
+  assert( p!=0 && (p->rsFlags & ROWSET_NEXT)==0 );
+
+  if( (p->rsFlags & ROWSET_SORTED)==0 ){
+    p->pEntry = rowSetEntrySort(p->pEntry);
+  }
+
+  /* While this module could theoretically support it, sqlite3RowSetNext()
+  ** is never called after sqlite3RowSetText() for the same RowSet.  So
+  ** there is never a forest to deal with.  Should this change, simply
+  ** remove the assert() and the #if 0. */
+  assert( p->pForest==0 );
+#if 0
+  while( p->pForest ){
+    struct RowSetEntry *pTree = p->pForest->pLeft;
+    if( pTree ){
+      struct RowSetEntry *pHead, *pTail;
+      rowSetTreeToList(pTree, &pHead, &pTail);
+      p->pEntry = rowSetEntryMerge(p->pEntry, pHead);
+    }
+    p->pForest = p->pForest->pRight;
+  }
+#endif
+  p->rsFlags |= ROWSET_NEXT;  /* Verify this routine is never called again */
+}
+
+/*
+** Extract the smallest element from the RowSet.
+** Write the element into *pRowid.  Return 1 on success.  Return
+** 0 if the RowSet is already empty.
+**
+** After this routine has been called, the sqlite3RowSetInsert()
+** routine may not be called again.  
+*/
+SQLITE_PRIVATE int sqlite3RowSetNext(RowSet *p, i64 *pRowid){
+  assert( p!=0 );
+
+  /* Merge the forest into a single sorted list on first call */
+  if( (p->rsFlags & ROWSET_NEXT)==0 ) rowSetToList(p);
+
+  /* Return the next entry on the list */
+  if( p->pEntry ){
+    *pRowid = p->pEntry->v;
+    p->pEntry = p->pEntry->pRight;
+    if( p->pEntry==0 ){
+      sqlite3RowSetClear(p);
+    }
+    return 1;
+  }else{
+    return 0;
+  }
+}
+
+/*
+** Check to see if element iRowid was inserted into the rowset as
+** part of any insert batch prior to iBatch.  Return 1 or 0.
+**
+** If this is the first test of a new batch and if there exist entries
+** on pRowSet->pEntry, then sort those entries into the forest at
+** pRowSet->pForest so that they can be tested.
+*/
+SQLITE_PRIVATE int sqlite3RowSetTest(RowSet *pRowSet, int iBatch, sqlite3_int64 iRowid){
+  struct RowSetEntry *p, *pTree;
+
+  /* This routine is never called after sqlite3RowSetNext() */
+  assert( pRowSet!=0 && (pRowSet->rsFlags & ROWSET_NEXT)==0 );
+
+  /* Sort entries into the forest on the first test of a new batch 
+  */
+  if( iBatch!=pRowSet->iBatch ){
+    p = pRowSet->pEntry;
+    if( p ){
+      struct RowSetEntry **ppPrevTree = &pRowSet->pForest;
+      if( (pRowSet->rsFlags & ROWSET_SORTED)==0 ){
+        p = rowSetEntrySort(p);
+      }
+      for(pTree = pRowSet->pForest; pTree; pTree=pTree->pRight){
+        ppPrevTree = &pTree->pRight;
+        if( pTree->pLeft==0 ){
+          pTree->pLeft = rowSetListToTree(p);
+          break;
+        }else{
+          struct RowSetEntry *pAux, *pTail;
+          rowSetTreeToList(pTree->pLeft, &pAux, &pTail);
+          pTree->pLeft = 0;
+          p = rowSetEntryMerge(pAux, p);
+        }
+      }
+      if( pTree==0 ){
+        *ppPrevTree = pTree = rowSetEntryAlloc(pRowSet);
+        if( pTree ){
+          pTree->v = 0;
+          pTree->pRight = 0;
+          pTree->pLeft = rowSetListToTree(p);
+        }
+      }
+      pRowSet->pEntry = 0;
+      pRowSet->pLast = 0;
+      pRowSet->rsFlags |= ROWSET_SORTED;
+    }
+    pRowSet->iBatch = iBatch;
+  }
+
+  /* Test to see if the iRowid value appears anywhere in the forest.
+  ** Return 1 if it does and 0 if not.
+  */
+  for(pTree = pRowSet->pForest; pTree; pTree=pTree->pRight){
+    p = pTree->pLeft;
+    while( p ){
+      if( p->v<iRowid ){
+        p = p->pRight;
+      }else if( p->v>iRowid ){
+        p = p->pLeft;
+      }else{
+        return 1;
+      }
+    }
+  }
+  return 0;
+}
+
+/************** End of rowset.c **********************************************/
+/************** Begin file pager.c *******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This is the implementation of the page cache subsystem or "pager".
+** 
+** The pager is used to access a database disk file.  It implements
+** atomic commit and rollback through the use of a journal file that
+** is separate from the database file.  The pager also implements file
+** locking to prevent two processes from writing the same database
+** file simultaneously, or one process from reading the database while
+** another is writing.
+*/
+#ifndef SQLITE_OMIT_DISKIO
+/* #include "sqliteInt.h" */
+/************** Include wal.h in the middle of pager.c ***********************/
+/************** Begin file wal.h *********************************************/
+/*
+** 2010 February 1
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This header file defines the interface to the write-ahead logging 
+** system. Refer to the comments below and the header comment attached to 
+** the implementation of each function in log.c for further details.
+*/
+
+#ifndef _WAL_H_
+#define _WAL_H_
+
+/* #include "sqliteInt.h" */
+
+/* Additional values that can be added to the sync_flags argument of
+** sqlite3WalFrames():
+*/
+#define WAL_SYNC_TRANSACTIONS  0x20   /* Sync at the end of each transaction */
+#define SQLITE_SYNC_MASK       0x13   /* Mask off the SQLITE_SYNC_* values */
+
+#ifdef SQLITE_OMIT_WAL
+# define sqlite3WalOpen(x,y,z)                   0
+# define sqlite3WalLimit(x,y)
+# define sqlite3WalClose(w,x,y,z)                0
+# define sqlite3WalBeginReadTransaction(y,z)     0
+# define sqlite3WalEndReadTransaction(z)
+# define sqlite3WalDbsize(y)                     0
+# define sqlite3WalBeginWriteTransaction(y)      0
+# define sqlite3WalEndWriteTransaction(x)        0
+# define sqlite3WalUndo(x,y,z)                   0
+# define sqlite3WalSavepoint(y,z)
+# define sqlite3WalSavepointUndo(y,z)            0
+# define sqlite3WalFrames(u,v,w,x,y,z)           0
+# define sqlite3WalCheckpoint(r,s,t,u,v,w,x,y,z) 0
+# define sqlite3WalCallback(z)                   0
+# define sqlite3WalExclusiveMode(y,z)            0
+# define sqlite3WalHeapMemory(z)                 0
+# define sqlite3WalFramesize(z)                  0
+# define sqlite3WalFindFrame(x,y,z)              0
+# define sqlite3WalFile(x)                       0
+#else
+
+#define WAL_SAVEPOINT_NDATA 4
+
+/* Connection to a write-ahead log (WAL) file. 
+** There is one object of this type for each pager. 
+*/
+typedef struct Wal Wal;
+
+/* Open and close a connection to a write-ahead log. */
+SQLITE_PRIVATE int sqlite3WalOpen(sqlite3_vfs*, sqlite3_file*, const char *, int, i64, Wal**);
+SQLITE_PRIVATE int sqlite3WalClose(Wal *pWal, int sync_flags, int, u8 *);
+
+/* Set the limiting size of a WAL file. */
+SQLITE_PRIVATE void sqlite3WalLimit(Wal*, i64);
+
+/* Used by readers to open (lock) and close (unlock) a snapshot.  A 
+** snapshot is like a read-transaction.  It is the state of the database
+** at an instant in time.  sqlite3WalOpenSnapshot gets a read lock and
+** preserves the current state even if the other threads or processes
+** write to or checkpoint the WAL.  sqlite3WalCloseSnapshot() closes the
+** transaction and releases the lock.
+*/
+SQLITE_PRIVATE int sqlite3WalBeginReadTransaction(Wal *pWal, int *);
+SQLITE_PRIVATE void sqlite3WalEndReadTransaction(Wal *pWal);
+
+/* Read a page from the write-ahead log, if it is present. */
+SQLITE_PRIVATE int sqlite3WalFindFrame(Wal *, Pgno, u32 *);
+SQLITE_PRIVATE int sqlite3WalReadFrame(Wal *, u32, int, u8 *);
+
+/* If the WAL is not empty, return the size of the database. */
+SQLITE_PRIVATE Pgno sqlite3WalDbsize(Wal *pWal);
+
+/* Obtain or release the WRITER lock. */
+SQLITE_PRIVATE int sqlite3WalBeginWriteTransaction(Wal *pWal);
+SQLITE_PRIVATE int sqlite3WalEndWriteTransaction(Wal *pWal);
+
+/* Undo any frames written (but not committed) to the log */
+SQLITE_PRIVATE int sqlite3WalUndo(Wal *pWal, int (*xUndo)(void *, Pgno), void *pUndoCtx);
+
+/* Return an integer that records the current (uncommitted) write
+** position in the WAL */
+SQLITE_PRIVATE void sqlite3WalSavepoint(Wal *pWal, u32 *aWalData);
+
+/* Move the write position of the WAL back to iFrame.  Called in
+** response to a ROLLBACK TO command. */
+SQLITE_PRIVATE int sqlite3WalSavepointUndo(Wal *pWal, u32 *aWalData);
+
+/* Write a frame or frames to the log. */
+SQLITE_PRIVATE int sqlite3WalFrames(Wal *pWal, int, PgHdr *, Pgno, int, int);
+
+/* Copy pages from the log to the database file */ 
+SQLITE_PRIVATE int sqlite3WalCheckpoint(
+  Wal *pWal,                      /* Write-ahead log connection */
+  int eMode,                      /* One of PASSIVE, FULL and RESTART */
+  int (*xBusy)(void*),            /* Function to call when busy */
+  void *pBusyArg,                 /* Context argument for xBusyHandler */
+  int sync_flags,                 /* Flags to sync db file with (or 0) */
+  int nBuf,                       /* Size of buffer nBuf */
+  u8 *zBuf,                       /* Temporary buffer to use */
+  int *pnLog,                     /* OUT: Number of frames in WAL */
+  int *pnCkpt                     /* OUT: Number of backfilled frames in WAL */
+);
+
+/* Return the value to pass to a sqlite3_wal_hook callback, the
+** number of frames in the WAL at the point of the last commit since
+** sqlite3WalCallback() was called.  If no commits have occurred since
+** the last call, then return 0.
+*/
+SQLITE_PRIVATE int sqlite3WalCallback(Wal *pWal);
+
+/* Tell the wal layer that an EXCLUSIVE lock has been obtained (or released)
+** by the pager layer on the database file.
+*/
+SQLITE_PRIVATE int sqlite3WalExclusiveMode(Wal *pWal, int op);
+
+/* Return true if the argument is non-NULL and the WAL module is using
+** heap-memory for the wal-index. Otherwise, if the argument is NULL or the
+** WAL module is using shared-memory, return false. 
+*/
+SQLITE_PRIVATE int sqlite3WalHeapMemory(Wal *pWal);
+
+#ifdef SQLITE_ENABLE_SNAPSHOT
+SQLITE_PRIVATE int sqlite3WalSnapshotGet(Wal *pWal, sqlite3_snapshot **ppSnapshot);
+SQLITE_PRIVATE void sqlite3WalSnapshotOpen(Wal *pWal, sqlite3_snapshot *pSnapshot);
+#endif
+
+#ifdef SQLITE_ENABLE_ZIPVFS
+/* If the WAL file is not empty, return the number of bytes of content
+** stored in each frame (i.e. the db page-size when the WAL was created).
+*/
+SQLITE_PRIVATE int sqlite3WalFramesize(Wal *pWal);
+#endif
+
+/* Return the sqlite3_file object for the WAL file */
+SQLITE_PRIVATE sqlite3_file *sqlite3WalFile(Wal *pWal);
+
+#endif /* ifndef SQLITE_OMIT_WAL */
+#endif /* _WAL_H_ */
+
+/************** End of wal.h *************************************************/
+/************** Continuing where we left off in pager.c **********************/
+
+
+/******************* NOTES ON THE DESIGN OF THE PAGER ************************
+**
+** This comment block describes invariants that hold when using a rollback
+** journal.  These invariants do not apply for journal_mode=WAL,
+** journal_mode=MEMORY, or journal_mode=OFF.
+**
+** Within this comment block, a page is deemed to have been synced
+** automatically as soon as it is written when PRAGMA synchronous=OFF.
+** Otherwise, the page is not synced until the xSync method of the VFS
+** is called successfully on the file containing the page.
+**
+** Definition:  A page of the database file is said to be "overwriteable" if
+** one or more of the following are true about the page:
+** 
+**     (a)  The original content of the page as it was at the beginning of
+**          the transaction has been written into the rollback journal and
+**          synced.
+** 
+**     (b)  The page was a freelist leaf page at the start of the transaction.
+** 
+**     (c)  The page number is greater than the largest page that existed in
+**          the database file at the start of the transaction.
+** 
+** (1) A page of the database file is never overwritten unless one of the
+**     following are true:
+** 
+**     (a) The page and all other pages on the same sector are overwriteable.
+** 
+**     (b) The atomic page write optimization is enabled, and the entire
+**         transaction other than the update of the transaction sequence
+**         number consists of a single page change.
+** 
+** (2) The content of a page written into the rollback journal exactly matches
+**     both the content in the database when the rollback journal was written
+**     and the content in the database at the beginning of the current
+**     transaction.
+** 
+** (3) Writes to the database file are an integer multiple of the page size
+**     in length and are aligned on a page boundary.
+** 
+** (4) Reads from the database file are either aligned on a page boundary and
+**     an integer multiple of the page size in length or are taken from the
+**     first 100 bytes of the database file.
+** 
+** (5) All writes to the database file are synced prior to the rollback journal
+**     being deleted, truncated, or zeroed.
+** 
+** (6) If a master journal file is used, then all writes to the database file
+**     are synced prior to the master journal being deleted.
+** 
+** Definition: Two databases (or the same database at two points it time)
+** are said to be "logically equivalent" if they give the same answer to
+** all queries.  Note in particular the content of freelist leaf
+** pages can be changed arbitrarily without affecting the logical equivalence
+** of the database.
+** 
+** (7) At any time, if any subset, including the empty set and the total set,
+**     of the unsynced changes to a rollback journal are removed and the 
+**     journal is rolled back, the resulting database file will be logically
+**     equivalent to the database file at the beginning of the transaction.
+** 
+** (8) When a transaction is rolled back, the xTruncate method of the VFS
+**     is called to restore the database file to the same size it was at
+**     the beginning of the transaction.  (In some VFSes, the xTruncate
+**     method is a no-op, but that does not change the fact the SQLite will
+**     invoke it.)
+** 
+** (9) Whenever the database file is modified, at least one bit in the range
+**     of bytes from 24 through 39 inclusive will be changed prior to releasing
+**     the EXCLUSIVE lock, thus signaling other connections on the same
+**     database to flush their caches.
+**
+** (10) The pattern of bits in bytes 24 through 39 shall not repeat in less
+**      than one billion transactions.
+**
+** (11) A database file is well-formed at the beginning and at the conclusion
+**      of every transaction.
+**
+** (12) An EXCLUSIVE lock is held on the database file when writing to
+**      the database file.
+**
+** (13) A SHARED lock is held on the database file while reading any
+**      content out of the database file.
+**
+******************************************************************************/
+
+/*
+** Macros for troubleshooting.  Normally turned off
+*/
+#if 0
+int sqlite3PagerTrace=1;  /* True to enable tracing */
+#define sqlite3DebugPrintf printf
+#define PAGERTRACE(X)     if( sqlite3PagerTrace ){ sqlite3DebugPrintf X; }
+#else
+#define PAGERTRACE(X)
+#endif
+
+/*
+** The following two macros are used within the PAGERTRACE() macros above
+** to print out file-descriptors. 
+**
+** PAGERID() takes a pointer to a Pager struct as its argument. The
+** associated file-descriptor is returned. FILEHANDLEID() takes an sqlite3_file
+** struct as its argument.
+*/
+#define PAGERID(p) ((int)(p->fd))
+#define FILEHANDLEID(fd) ((int)fd)
+
+/*
+** The Pager.eState variable stores the current 'state' of a pager. A
+** pager may be in any one of the seven states shown in the following
+** state diagram.
+**
+**                            OPEN <------+------+
+**                              |         |      |
+**                              V         |      |
+**               +---------> READER-------+      |
+**               |              |                |
+**               |              V                |
+**               |<-------WRITER_LOCKED------> ERROR
+**               |              |                ^  
+**               |              V                |
+**               |<------WRITER_CACHEMOD-------->|
+**               |              |                |
+**               |              V                |
+**               |<-------WRITER_DBMOD---------->|
+**               |              |                |
+**               |              V                |
+**               +<------WRITER_FINISHED-------->+
+**
+**
+** List of state transitions and the C [function] that performs each:
+** 
+**   OPEN              -> READER              [sqlite3PagerSharedLock]
+**   READER            -> OPEN                [pager_unlock]
+**
+**   READER            -> WRITER_LOCKED       [sqlite3PagerBegin]
+**   WRITER_LOCKED     -> WRITER_CACHEMOD     [pager_open_journal]
+**   WRITER_CACHEMOD   -> WRITER_DBMOD        [syncJournal]
+**   WRITER_DBMOD      -> WRITER_FINISHED     [sqlite3PagerCommitPhaseOne]
+**   WRITER_***        -> READER              [pager_end_transaction]
+**
+**   WRITER_***        -> ERROR               [pager_error]
+**   ERROR             -> OPEN                [pager_unlock]
+** 
+**
+**  OPEN:
+**
+**    The pager starts up in this state. Nothing is guaranteed in this
+**    state - the file may or may not be locked and the database size is
+**    unknown. The database may not be read or written.
+**
+**    * No read or write transaction is active.
+**    * Any lock, or no lock at all, may be held on the database file.
+**    * The dbSize, dbOrigSize and dbFileSize variables may not be trusted.
+**
+**  READER:
+**
+**    In this state all the requirements for reading the database in 
+**    rollback (non-WAL) mode are met. Unless the pager is (or recently
+**    was) in exclusive-locking mode, a user-level read transaction is 
+**    open. The database size is known in this state.
+**
+**    A connection running with locking_mode=normal enters this state when
+**    it opens a read-transaction on the database and returns to state
+**    OPEN after the read-transaction is completed. However a connection
+**    running in locking_mode=exclusive (including temp databases) remains in
+**    this state even after the read-transaction is closed. The only way
+**    a locking_mode=exclusive connection can transition from READER to OPEN
+**    is via the ERROR state (see below).
+** 
+**    * A read transaction may be active (but a write-transaction cannot).
+**    * A SHARED or greater lock is held on the database file.
+**    * The dbSize variable may be trusted (even if a user-level read 
+**      transaction is not active). The dbOrigSize and dbFileSize variables
+**      may not be trusted at this point.
+**    * If the database is a WAL database, then the WAL connection is open.
+**    * Even if a read-transaction is not open, it is guaranteed that 
+**      there is no hot-journal in the file-system.
+**
+**  WRITER_LOCKED:
+**
+**    The pager moves to this state from READER when a write-transaction
+**    is first opened on the database. In WRITER_LOCKED state, all locks 
+**    required to start a write-transaction are held, but no actual 
+**    modifications to the cache or database have taken place.
+**
+**    In rollback mode, a RESERVED or (if the transaction was opened with 
+**    BEGIN EXCLUSIVE) EXCLUSIVE lock is obtained on the database file when
+**    moving to this state, but the journal file is not written to or opened 
+**    to in this state. If the transaction is committed or rolled back while 
+**    in WRITER_LOCKED state, all that is required is to unlock the database 
+**    file.
+**
+**    IN WAL mode, WalBeginWriteTransaction() is called to lock the log file.
+**    If the connection is running with locking_mode=exclusive, an attempt
+**    is made to obtain an EXCLUSIVE lock on the database file.
+**
+**    * A write transaction is active.
+**    * If the connection is open in rollback-mode, a RESERVED or greater 
+**      lock is held on the database file.
+**    * If the connection is open in WAL-mode, a WAL write transaction
+**      is open (i.e. sqlite3WalBeginWriteTransaction() has been successfully
+**      called).
+**    * The dbSize, dbOrigSize and dbFileSize variables are all valid.
+**    * The contents of the pager cache have not been modified.
+**    * The journal file may or may not be open.
+**    * Nothing (not even the first header) has been written to the journal.
+**
+**  WRITER_CACHEMOD:
+**
+**    A pager moves from WRITER_LOCKED state to this state when a page is
+**    first modified by the upper layer. In rollback mode the journal file
+**    is opened (if it is not already open) and a header written to the
+**    start of it. The database file on disk has not been modified.
+**
+**    * A write transaction is active.
+**    * A RESERVED or greater lock is held on the database file.
+**    * The journal file is open and the first header has been written 
+**      to it, but the header has not been synced to disk.
+**    * The contents of the page cache have been modified.
+**
+**  WRITER_DBMOD:
+**
+**    The pager transitions from WRITER_CACHEMOD into WRITER_DBMOD state
+**    when it modifies the contents of the database file. WAL connections
+**    never enter this state (since they do not modify the database file,
+**    just the log file).
+**
+**    * A write transaction is active.
+**    * An EXCLUSIVE or greater lock is held on the database file.
+**    * The journal file is open and the first header has been written 
+**      and synced to disk.
+**    * The contents of the page cache have been modified (and possibly
+**      written to disk).
+**
+**  WRITER_FINISHED:
+**
+**    It is not possible for a WAL connection to enter this state.
+**
+**    A rollback-mode pager changes to WRITER_FINISHED state from WRITER_DBMOD
+**    state after the entire transaction has been successfully written into the
+**    database file. In this state the transaction may be committed simply
+**    by finalizing the journal file. Once in WRITER_FINISHED state, it is 
+**    not possible to modify the database further. At this point, the upper 
+**    layer must either commit or rollback the transaction.
+**
+**    * A write transaction is active.
+**    * An EXCLUSIVE or greater lock is held on the database file.
+**    * All writing and syncing of journal and database data has finished.
+**      If no error occurred, all that remains is to finalize the journal to
+**      commit the transaction. If an error did occur, the caller will need
+**      to rollback the transaction. 
+**
+**  ERROR:
+**
+**    The ERROR state is entered when an IO or disk-full error (including
+**    SQLITE_IOERR_NOMEM) occurs at a point in the code that makes it 
+**    difficult to be sure that the in-memory pager state (cache contents, 
+**    db size etc.) are consistent with the contents of the file-system.
+**
+**    Temporary pager files may enter the ERROR state, but in-memory pagers
+**    cannot.
+**
+**    For example, if an IO error occurs while performing a rollback, 
+**    the contents of the page-cache may be left in an inconsistent state.
+**    At this point it would be dangerous to change back to READER state
+**    (as usually happens after a rollback). Any subsequent readers might
+**    report database corruption (due to the inconsistent cache), and if
+**    they upgrade to writers, they may inadvertently corrupt the database
+**    file. To avoid this hazard, the pager switches into the ERROR state
+**    instead of READER following such an error.
+**
+**    Once it has entered the ERROR state, any attempt to use the pager
+**    to read or write data returns an error. Eventually, once all 
+**    outstanding transactions have been abandoned, the pager is able to
+**    transition back to OPEN state, discarding the contents of the 
+**    page-cache and any other in-memory state at the same time. Everything
+**    is reloaded from disk (and, if necessary, hot-journal rollback peformed)
+**    when a read-transaction is next opened on the pager (transitioning
+**    the pager into READER state). At that point the system has recovered 
+**    from the error.
+**
+**    Specifically, the pager jumps into the ERROR state if:
+**
+**      1. An error occurs while attempting a rollback. This happens in
+**         function sqlite3PagerRollback().
+**
+**      2. An error occurs while attempting to finalize a journal file
+**         following a commit in function sqlite3PagerCommitPhaseTwo().
+**
+**      3. An error occurs while attempting to write to the journal or
+**         database file in function pagerStress() in order to free up
+**         memory.
+**
+**    In other cases, the error is returned to the b-tree layer. The b-tree
+**    layer then attempts a rollback operation. If the error condition 
+**    persists, the pager enters the ERROR state via condition (1) above.
+**
+**    Condition (3) is necessary because it can be triggered by a read-only
+**    statement executed within a transaction. In this case, if the error
+**    code were simply returned to the user, the b-tree layer would not
+**    automatically attempt a rollback, as it assumes that an error in a
+**    read-only statement cannot leave the pager in an internally inconsistent 
+**    state.
+**
+**    * The Pager.errCode variable is set to something other than SQLITE_OK.
+**    * There are one or more outstanding references to pages (after the
+**      last reference is dropped the pager should move back to OPEN state).
+**    * The pager is not an in-memory pager.
+**    
+**
+** Notes:
+**
+**   * A pager is never in WRITER_DBMOD or WRITER_FINISHED state if the
+**     connection is open in WAL mode. A WAL connection is always in one
+**     of the first four states.
+**
+**   * Normally, a connection open in exclusive mode is never in PAGER_OPEN
+**     state. There are two exceptions: immediately after exclusive-mode has
+**     been turned on (and before any read or write transactions are 
+**     executed), and when the pager is leaving the "error state".
+**
+**   * See also: assert_pager_state().
+*/
+#define PAGER_OPEN                  0
+#define PAGER_READER                1
+#define PAGER_WRITER_LOCKED         2
+#define PAGER_WRITER_CACHEMOD       3
+#define PAGER_WRITER_DBMOD          4
+#define PAGER_WRITER_FINISHED       5
+#define PAGER_ERROR                 6
+
+/*
+** The Pager.eLock variable is almost always set to one of the 
+** following locking-states, according to the lock currently held on
+** the database file: NO_LOCK, SHARED_LOCK, RESERVED_LOCK or EXCLUSIVE_LOCK.
+** This variable is kept up to date as locks are taken and released by
+** the pagerLockDb() and pagerUnlockDb() wrappers.
+**
+** If the VFS xLock() or xUnlock() returns an error other than SQLITE_BUSY
+** (i.e. one of the SQLITE_IOERR subtypes), it is not clear whether or not
+** the operation was successful. In these circumstances pagerLockDb() and
+** pagerUnlockDb() take a conservative approach - eLock is always updated
+** when unlocking the file, and only updated when locking the file if the
+** VFS call is successful. This way, the Pager.eLock variable may be set
+** to a less exclusive (lower) value than the lock that is actually held
+** at the system level, but it is never set to a more exclusive value.
+**
+** This is usually safe. If an xUnlock fails or appears to fail, there may 
+** be a few redundant xLock() calls or a lock may be held for longer than
+** required, but nothing really goes wrong.
+**
+** The exception is when the database file is unlocked as the pager moves
+** from ERROR to OPEN state. At this point there may be a hot-journal file 
+** in the file-system that needs to be rolled back (as part of an OPEN->SHARED
+** transition, by the same pager or any other). If the call to xUnlock()
+** fails at this point and the pager is left holding an EXCLUSIVE lock, this
+** can confuse the call to xCheckReservedLock() call made later as part
+** of hot-journal detection.
+**
+** xCheckReservedLock() is defined as returning true "if there is a RESERVED 
+** lock held by this process or any others". So xCheckReservedLock may 
+** return true because the caller itself is holding an EXCLUSIVE lock (but
+** doesn't know it because of a previous error in xUnlock). If this happens
+** a hot-journal may be mistaken for a journal being created by an active
+** transaction in another process, causing SQLite to read from the database
+** without rolling it back.
+**
+** To work around this, if a call to xUnlock() fails when unlocking the
+** database in the ERROR state, Pager.eLock is set to UNKNOWN_LOCK. It
+** is only changed back to a real locking state after a successful call
+** to xLock(EXCLUSIVE). Also, the code to do the OPEN->SHARED state transition
+** omits the check for a hot-journal if Pager.eLock is set to UNKNOWN_LOCK 
+** lock. Instead, it assumes a hot-journal exists and obtains an EXCLUSIVE
+** lock on the database file before attempting to roll it back. See function
+** PagerSharedLock() for more detail.
+**
+** Pager.eLock may only be set to UNKNOWN_LOCK when the pager is in 
+** PAGER_OPEN state.
+*/
+#define UNKNOWN_LOCK                (EXCLUSIVE_LOCK+1)
+
+/*
+** A macro used for invoking the codec if there is one
+*/
+#ifdef SQLITE_HAS_CODEC
+# define CODEC1(P,D,N,X,E) \
+    if( P->xCodec && P->xCodec(P->pCodec,D,N,X)==0 ){ E; }
+# define CODEC2(P,D,N,X,E,O) \
+    if( P->xCodec==0 ){ O=(char*)D; }else \
+    if( (O=(char*)(P->xCodec(P->pCodec,D,N,X)))==0 ){ E; }
+#else
+# define CODEC1(P,D,N,X,E)   /* NO-OP */
+# define CODEC2(P,D,N,X,E,O) O=(char*)D
+#endif
+
+/*
+** The maximum allowed sector size. 64KiB. If the xSectorsize() method 
+** returns a value larger than this, then MAX_SECTOR_SIZE is used instead.
+** This could conceivably cause corruption following a power failure on
+** such a system. This is currently an undocumented limit.
+*/
+#define MAX_SECTOR_SIZE 0x10000
+
+/*
+** An instance of the following structure is allocated for each active
+** savepoint and statement transaction in the system. All such structures
+** are stored in the Pager.aSavepoint[] array, which is allocated and
+** resized using sqlite3Realloc().
+**
+** When a savepoint is created, the PagerSavepoint.iHdrOffset field is
+** set to 0. If a journal-header is written into the main journal while
+** the savepoint is active, then iHdrOffset is set to the byte offset 
+** immediately following the last journal record written into the main
+** journal before the journal-header. This is required during savepoint
+** rollback (see pagerPlaybackSavepoint()).
+*/
+typedef struct PagerSavepoint PagerSavepoint;
+struct PagerSavepoint {
+  i64 iOffset;                 /* Starting offset in main journal */
+  i64 iHdrOffset;              /* See above */
+  Bitvec *pInSavepoint;        /* Set of pages in this savepoint */
+  Pgno nOrig;                  /* Original number of pages in file */
+  Pgno iSubRec;                /* Index of first record in sub-journal */
+#ifndef SQLITE_OMIT_WAL
+  u32 aWalData[WAL_SAVEPOINT_NDATA];        /* WAL savepoint context */
+#endif
+};
+
+/*
+** Bits of the Pager.doNotSpill flag.  See further description below.
+*/
+#define SPILLFLAG_OFF         0x01 /* Never spill cache.  Set via pragma */
+#define SPILLFLAG_ROLLBACK    0x02 /* Current rolling back, so do not spill */
+#define SPILLFLAG_NOSYNC      0x04 /* Spill is ok, but do not sync */
+
+/*
+** An open page cache is an instance of struct Pager. A description of
+** some of the more important member variables follows:
+**
+** eState
+**
+**   The current 'state' of the pager object. See the comment and state
+**   diagram above for a description of the pager state.
+**
+** eLock
+**
+**   For a real on-disk database, the current lock held on the database file -
+**   NO_LOCK, SHARED_LOCK, RESERVED_LOCK or EXCLUSIVE_LOCK.
+**
+**   For a temporary or in-memory database (neither of which require any
+**   locks), this variable is always set to EXCLUSIVE_LOCK. Since such
+**   databases always have Pager.exclusiveMode==1, this tricks the pager
+**   logic into thinking that it already has all the locks it will ever
+**   need (and no reason to release them).
+**
+**   In some (obscure) circumstances, this variable may also be set to
+**   UNKNOWN_LOCK. See the comment above the #define of UNKNOWN_LOCK for
+**   details.
+**
+** changeCountDone
+**
+**   This boolean variable is used to make sure that the change-counter 
+**   (the 4-byte header field at byte offset 24 of the database file) is 
+**   not updated more often than necessary. 
+**
+**   It is set to true when the change-counter field is updated, which 
+**   can only happen if an exclusive lock is held on the database file.
+**   It is cleared (set to false) whenever an exclusive lock is 
+**   relinquished on the database file. Each time a transaction is committed,
+**   The changeCountDone flag is inspected. If it is true, the work of
+**   updating the change-counter is omitted for the current transaction.
+**
+**   This mechanism means that when running in exclusive mode, a connection 
+**   need only update the change-counter once, for the first transaction
+**   committed.
+**
+** setMaster
+**
+**   When PagerCommitPhaseOne() is called to commit a transaction, it may
+**   (or may not) specify a master-journal name to be written into the 
+**   journal file before it is synced to disk.
+**
+**   Whether or not a journal file contains a master-journal pointer affects 
+**   the way in which the journal file is finalized after the transaction is 
+**   committed or rolled back when running in "journal_mode=PERSIST" mode.
+**   If a journal file does not contain a master-journal pointer, it is
+**   finalized by overwriting the first journal header with zeroes. If
+**   it does contain a master-journal pointer the journal file is finalized 
+**   by truncating it to zero bytes, just as if the connection were 
+**   running in "journal_mode=truncate" mode.
+**
+**   Journal files that contain master journal pointers cannot be finalized
+**   simply by overwriting the first journal-header with zeroes, as the
+**   master journal pointer could interfere with hot-journal rollback of any
+**   subsequently interrupted transaction that reuses the journal file.
+**
+**   The flag is cleared as soon as the journal file is finalized (either
+**   by PagerCommitPhaseTwo or PagerRollback). If an IO error prevents the
+**   journal file from being successfully finalized, the setMaster flag
+**   is cleared anyway (and the pager will move to ERROR state).
+**
+** doNotSpill
+**
+**   This variables control the behavior of cache-spills  (calls made by
+**   the pcache module to the pagerStress() routine to write cached data
+**   to the file-system in order to free up memory).
+**
+**   When bits SPILLFLAG_OFF or SPILLFLAG_ROLLBACK of doNotSpill are set,
+**   writing to the database from pagerStress() is disabled altogether.
+**   The SPILLFLAG_ROLLBACK case is done in a very obscure case that
+**   comes up during savepoint rollback that requires the pcache module
+**   to allocate a new page to prevent the journal file from being written
+**   while it is being traversed by code in pager_playback().  The SPILLFLAG_OFF
+**   case is a user preference.
+** 
+**   If the SPILLFLAG_NOSYNC bit is set, writing to the database from
+**   pagerStress() is permitted, but syncing the journal file is not.
+**   This flag is set by sqlite3PagerWrite() when the file-system sector-size
+**   is larger than the database page-size in order to prevent a journal sync
+**   from happening in between the journalling of two pages on the same sector. 
+**
+** subjInMemory
+**
+**   This is a boolean variable. If true, then any required sub-journal
+**   is opened as an in-memory journal file. If false, then in-memory
+**   sub-journals are only used for in-memory pager files.
+**
+**   This variable is updated by the upper layer each time a new 
+**   write-transaction is opened.
+**
+** dbSize, dbOrigSize, dbFileSize
+**
+**   Variable dbSize is set to the number of pages in the database file.
+**   It is valid in PAGER_READER and higher states (all states except for
+**   OPEN and ERROR). 
+**
+**   dbSize is set based on the size of the database file, which may be 
+**   larger than the size of the database (the value stored at offset
+**   28 of the database header by the btree). If the size of the file
+**   is not an integer multiple of the page-size, the value stored in
+**   dbSize is rounded down (i.e. a 5KB file with 2K page-size has dbSize==2).
+**   Except, any file that is greater than 0 bytes in size is considered
+**   to have at least one page. (i.e. a 1KB file with 2K page-size leads
+**   to dbSize==1).
+**
+**   During a write-transaction, if pages with page-numbers greater than
+**   dbSize are modified in the cache, dbSize is updated accordingly.
+**   Similarly, if the database is truncated using PagerTruncateImage(), 
+**   dbSize is updated.
+**
+**   Variables dbOrigSize and dbFileSize are valid in states 
+**   PAGER_WRITER_LOCKED and higher. dbOrigSize is a copy of the dbSize
+**   variable at the start of the transaction. It is used during rollback,
+**   and to determine whether or not pages need to be journalled before
+**   being modified.
+**
+**   Throughout a write-transaction, dbFileSize contains the size of
+**   the file on disk in pages. It is set to a copy of dbSize when the
+**   write-transaction is first opened, and updated when VFS calls are made
+**   to write or truncate the database file on disk. 
+**
+**   The only reason the dbFileSize variable is required is to suppress 
+**   unnecessary calls to xTruncate() after committing a transaction. If, 
+**   when a transaction is committed, the dbFileSize variable indicates 
+**   that the database file is larger than the database image (Pager.dbSize), 
+**   pager_truncate() is called. The pager_truncate() call uses xFilesize()
+**   to measure the database file on disk, and then truncates it if required.
+**   dbFileSize is not used when rolling back a transaction. In this case
+**   pager_truncate() is called unconditionally (which means there may be
+**   a call to xFilesize() that is not strictly required). In either case,
+**   pager_truncate() may cause the file to become smaller or larger.
+**
+** dbHintSize
+**
+**   The dbHintSize variable is used to limit the number of calls made to
+**   the VFS xFileControl(FCNTL_SIZE_HINT) method. 
+**
+**   dbHintSize is set to a copy of the dbSize variable when a
+**   write-transaction is opened (at the same time as dbFileSize and
+**   dbOrigSize). If the xFileControl(FCNTL_SIZE_HINT) method is called,
+**   dbHintSize is increased to the number of pages that correspond to the
+**   size-hint passed to the method call. See pager_write_pagelist() for 
+**   details.
+**
+** errCode
+**
+**   The Pager.errCode variable is only ever used in PAGER_ERROR state. It
+**   is set to zero in all other states. In PAGER_ERROR state, Pager.errCode 
+**   is always set to SQLITE_FULL, SQLITE_IOERR or one of the SQLITE_IOERR_XXX 
+**   sub-codes.
+*/
+struct Pager {
+  sqlite3_vfs *pVfs;          /* OS functions to use for IO */
+  u8 exclusiveMode;           /* Boolean. True if locking_mode==EXCLUSIVE */
+  u8 journalMode;             /* One of the PAGER_JOURNALMODE_* values */
+  u8 useJournal;              /* Use a rollback journal on this file */
+  u8 noSync;                  /* Do not sync the journal if true */
+  u8 fullSync;                /* Do extra syncs of the journal for robustness */
+  u8 ckptSyncFlags;           /* SYNC_NORMAL or SYNC_FULL for checkpoint */
+  u8 walSyncFlags;            /* SYNC_NORMAL or SYNC_FULL for wal writes */
+  u8 syncFlags;               /* SYNC_NORMAL or SYNC_FULL otherwise */
+  u8 tempFile;                /* zFilename is a temporary or immutable file */
+  u8 noLock;                  /* Do not lock (except in WAL mode) */
+  u8 readOnly;                /* True for a read-only database */
+  u8 memDb;                   /* True to inhibit all file I/O */
+
+  /**************************************************************************
+  ** The following block contains those class members that change during
+  ** routine operation.  Class members not in this block are either fixed
+  ** when the pager is first created or else only change when there is a
+  ** significant mode change (such as changing the page_size, locking_mode,
+  ** or the journal_mode).  From another view, these class members describe
+  ** the "state" of the pager, while other class members describe the
+  ** "configuration" of the pager.
+  */
+  u8 eState;                  /* Pager state (OPEN, READER, WRITER_LOCKED..) */
+  u8 eLock;                   /* Current lock held on database file */
+  u8 changeCountDone;         /* Set after incrementing the change-counter */
+  u8 setMaster;               /* True if a m-j name has been written to jrnl */
+  u8 doNotSpill;              /* Do not spill the cache when non-zero */
+  u8 subjInMemory;            /* True to use in-memory sub-journals */
+  u8 bUseFetch;               /* True to use xFetch() */
+  u8 hasHeldSharedLock;       /* True if a shared lock has ever been held */
+  Pgno dbSize;                /* Number of pages in the database */
+  Pgno dbOrigSize;            /* dbSize before the current transaction */
+  Pgno dbFileSize;            /* Number of pages in the database file */
+  Pgno dbHintSize;            /* Value passed to FCNTL_SIZE_HINT call */
+  int errCode;                /* One of several kinds of errors */
+  int nRec;                   /* Pages journalled since last j-header written */
+  u32 cksumInit;              /* Quasi-random value added to every checksum */
+  u32 nSubRec;                /* Number of records written to sub-journal */
+  Bitvec *pInJournal;         /* One bit for each page in the database file */
+  sqlite3_file *fd;           /* File descriptor for database */
+  sqlite3_file *jfd;          /* File descriptor for main journal */
+  sqlite3_file *sjfd;         /* File descriptor for sub-journal */
+  i64 journalOff;             /* Current write offset in the journal file */
+  i64 journalHdr;             /* Byte offset to previous journal header */
+  sqlite3_backup *pBackup;    /* Pointer to list of ongoing backup processes */
+  PagerSavepoint *aSavepoint; /* Array of active savepoints */
+  int nSavepoint;             /* Number of elements in aSavepoint[] */
+  u32 iDataVersion;           /* Changes whenever database content changes */
+  char dbFileVers[16];        /* Changes whenever database file changes */
+
+  int nMmapOut;               /* Number of mmap pages currently outstanding */
+  sqlite3_int64 szMmap;       /* Desired maximum mmap size */
+  PgHdr *pMmapFreelist;       /* List of free mmap page headers (pDirty) */
+  /*
+  ** End of the routinely-changing class members
+  ***************************************************************************/
+
+  u16 nExtra;                 /* Add this many bytes to each in-memory page */
+  i16 nReserve;               /* Number of unused bytes at end of each page */
+  u32 vfsFlags;               /* Flags for sqlite3_vfs.xOpen() */
+  u32 sectorSize;             /* Assumed sector size during rollback */
+  int pageSize;               /* Number of bytes in a page */
+  Pgno mxPgno;                /* Maximum allowed size of the database */
+  i64 journalSizeLimit;       /* Size limit for persistent journal files */
+  char *zFilename;            /* Name of the database file */
+  char *zJournal;             /* Name of the journal file */
+  int (*xBusyHandler)(void*); /* Function to call when busy */
+  void *pBusyHandlerArg;      /* Context argument for xBusyHandler */
+  int aStat[3];               /* Total cache hits, misses and writes */
+#ifdef SQLITE_TEST
+  int nRead;                  /* Database pages read */
+#endif
+  void (*xReiniter)(DbPage*); /* Call this routine when reloading pages */
+#ifdef SQLITE_HAS_CODEC
+  void *(*xCodec)(void*,void*,Pgno,int); /* Routine for en/decoding data */
+  void (*xCodecSizeChng)(void*,int,int); /* Notify of page size changes */
+  void (*xCodecFree)(void*);             /* Destructor for the codec */
+  void *pCodec;               /* First argument to xCodec... methods */
+#endif
+  char *pTmpSpace;            /* Pager.pageSize bytes of space for tmp use */
+  PCache *pPCache;            /* Pointer to page cache object */
+#ifndef SQLITE_OMIT_WAL
+  Wal *pWal;                  /* Write-ahead log used by "journal_mode=wal" */
+  char *zWal;                 /* File name for write-ahead log */
+#endif
+};
+
+/*
+** Indexes for use with Pager.aStat[]. The Pager.aStat[] array contains
+** the values accessed by passing SQLITE_DBSTATUS_CACHE_HIT, CACHE_MISS 
+** or CACHE_WRITE to sqlite3_db_status().
+*/
+#define PAGER_STAT_HIT   0
+#define PAGER_STAT_MISS  1
+#define PAGER_STAT_WRITE 2
+
+/*
+** The following global variables hold counters used for
+** testing purposes only.  These variables do not exist in
+** a non-testing build.  These variables are not thread-safe.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_pager_readdb_count = 0;    /* Number of full pages read from DB */
+SQLITE_API int sqlite3_pager_writedb_count = 0;   /* Number of full pages written to DB */
+SQLITE_API int sqlite3_pager_writej_count = 0;    /* Number of pages written to journal */
+# define PAGER_INCR(v)  v++
+#else
+# define PAGER_INCR(v)
+#endif
+
+
+
+/*
+** Journal files begin with the following magic string.  The data
+** was obtained from /dev/random.  It is used only as a sanity check.
+**
+** Since version 2.8.0, the journal format contains additional sanity
+** checking information.  If the power fails while the journal is being
+** written, semi-random garbage data might appear in the journal
+** file after power is restored.  If an attempt is then made
+** to roll the journal back, the database could be corrupted.  The additional
+** sanity checking data is an attempt to discover the garbage in the
+** journal and ignore it.
+**
+** The sanity checking information for the new journal format consists
+** of a 32-bit checksum on each page of data.  The checksum covers both
+** the page number and the pPager->pageSize bytes of data for the page.
+** This cksum is initialized to a 32-bit random value that appears in the
+** journal file right after the header.  The random initializer is important,
+** because garbage data that appears at the end of a journal is likely
+** data that was once in other files that have now been deleted.  If the
+** garbage data came from an obsolete journal file, the checksums might
+** be correct.  But by initializing the checksum to random value which
+** is different for every journal, we minimize that risk.
+*/
+static const unsigned char aJournalMagic[] = {
+  0xd9, 0xd5, 0x05, 0xf9, 0x20, 0xa1, 0x63, 0xd7,
+};
+
+/*
+** The size of the of each page record in the journal is given by
+** the following macro.
+*/
+#define JOURNAL_PG_SZ(pPager)  ((pPager->pageSize) + 8)
+
+/*
+** The journal header size for this pager. This is usually the same 
+** size as a single disk sector. See also setSectorSize().
+*/
+#define JOURNAL_HDR_SZ(pPager) (pPager->sectorSize)
+
+/*
+** The macro MEMDB is true if we are dealing with an in-memory database.
+** We do this as a macro so that if the SQLITE_OMIT_MEMORYDB macro is set,
+** the value of MEMDB will be a constant and the compiler will optimize
+** out code that would never execute.
+*/
+#ifdef SQLITE_OMIT_MEMORYDB
+# define MEMDB 0
+#else
+# define MEMDB pPager->memDb
+#endif
+
+/*
+** The macro USEFETCH is true if we are allowed to use the xFetch and xUnfetch
+** interfaces to access the database using memory-mapped I/O.
+*/
+#if SQLITE_MAX_MMAP_SIZE>0
+# define USEFETCH(x) ((x)->bUseFetch)
+#else
+# define USEFETCH(x) 0
+#endif
+
+/*
+** The maximum legal page number is (2^31 - 1).
+*/
+#define PAGER_MAX_PGNO 2147483647
+
+/*
+** The argument to this macro is a file descriptor (type sqlite3_file*).
+** Return 0 if it is not open, or non-zero (but not 1) if it is.
+**
+** This is so that expressions can be written as:
+**
+**   if( isOpen(pPager->jfd) ){ ...
+**
+** instead of
+**
+**   if( pPager->jfd->pMethods ){ ...
+*/
+#define isOpen(pFd) ((pFd)->pMethods!=0)
+
+/*
+** Return true if this pager uses a write-ahead log instead of the usual
+** rollback journal. Otherwise false.
+*/
+#ifndef SQLITE_OMIT_WAL
+static int pagerUseWal(Pager *pPager){
+  return (pPager->pWal!=0);
+}
+#else
+# define pagerUseWal(x) 0
+# define pagerRollbackWal(x) 0
+# define pagerWalFrames(v,w,x,y) 0
+# define pagerOpenWalIfPresent(z) SQLITE_OK
+# define pagerBeginReadTransaction(z) SQLITE_OK
+#endif
+
+#ifndef NDEBUG 
+/*
+** Usage:
+**
+**   assert( assert_pager_state(pPager) );
+**
+** This function runs many asserts to try to find inconsistencies in
+** the internal state of the Pager object.
+*/
+static int assert_pager_state(Pager *p){
+  Pager *pPager = p;
+
+  /* State must be valid. */
+  assert( p->eState==PAGER_OPEN
+       || p->eState==PAGER_READER
+       || p->eState==PAGER_WRITER_LOCKED
+       || p->eState==PAGER_WRITER_CACHEMOD
+       || p->eState==PAGER_WRITER_DBMOD
+       || p->eState==PAGER_WRITER_FINISHED
+       || p->eState==PAGER_ERROR
+  );
+
+  /* Regardless of the current state, a temp-file connection always behaves
+  ** as if it has an exclusive lock on the database file. It never updates
+  ** the change-counter field, so the changeCountDone flag is always set.
+  */
+  assert( p->tempFile==0 || p->eLock==EXCLUSIVE_LOCK );
+  assert( p->tempFile==0 || pPager->changeCountDone );
+
+  /* If the useJournal flag is clear, the journal-mode must be "OFF". 
+  ** And if the journal-mode is "OFF", the journal file must not be open.
+  */
+  assert( p->journalMode==PAGER_JOURNALMODE_OFF || p->useJournal );
+  assert( p->journalMode!=PAGER_JOURNALMODE_OFF || !isOpen(p->jfd) );
+
+  /* Check that MEMDB implies noSync. And an in-memory journal. Since 
+  ** this means an in-memory pager performs no IO at all, it cannot encounter 
+  ** either SQLITE_IOERR or SQLITE_FULL during rollback or while finalizing 
+  ** a journal file. (although the in-memory journal implementation may 
+  ** return SQLITE_IOERR_NOMEM while the journal file is being written). It 
+  ** is therefore not possible for an in-memory pager to enter the ERROR 
+  ** state.
+  */
+  if( MEMDB ){
+    assert( p->noSync );
+    assert( p->journalMode==PAGER_JOURNALMODE_OFF 
+         || p->journalMode==PAGER_JOURNALMODE_MEMORY 
+    );
+    assert( p->eState!=PAGER_ERROR && p->eState!=PAGER_OPEN );
+    assert( pagerUseWal(p)==0 );
+  }
+
+  /* If changeCountDone is set, a RESERVED lock or greater must be held
+  ** on the file.
+  */
+  assert( pPager->changeCountDone==0 || pPager->eLock>=RESERVED_LOCK );
+  assert( p->eLock!=PENDING_LOCK );
+
+  switch( p->eState ){
+    case PAGER_OPEN:
+      assert( !MEMDB );
+      assert( pPager->errCode==SQLITE_OK );
+      assert( sqlite3PcacheRefCount(pPager->pPCache)==0 || pPager->tempFile );
+      break;
+
+    case PAGER_READER:
+      assert( pPager->errCode==SQLITE_OK );
+      assert( p->eLock!=UNKNOWN_LOCK );
+      assert( p->eLock>=SHARED_LOCK );
+      break;
+
+    case PAGER_WRITER_LOCKED:
+      assert( p->eLock!=UNKNOWN_LOCK );
+      assert( pPager->errCode==SQLITE_OK );
+      if( !pagerUseWal(pPager) ){
+        assert( p->eLock>=RESERVED_LOCK );
+      }
+      assert( pPager->dbSize==pPager->dbOrigSize );
+      assert( pPager->dbOrigSize==pPager->dbFileSize );
+      assert( pPager->dbOrigSize==pPager->dbHintSize );
+      assert( pPager->setMaster==0 );
+      break;
+
+    case PAGER_WRITER_CACHEMOD:
+      assert( p->eLock!=UNKNOWN_LOCK );
+      assert( pPager->errCode==SQLITE_OK );
+      if( !pagerUseWal(pPager) ){
+        /* It is possible that if journal_mode=wal here that neither the
+        ** journal file nor the WAL file are open. This happens during
+        ** a rollback transaction that switches from journal_mode=off
+        ** to journal_mode=wal.
+        */
+        assert( p->eLock>=RESERVED_LOCK );
+        assert( isOpen(p->jfd) 
+             || p->journalMode==PAGER_JOURNALMODE_OFF 
+             || p->journalMode==PAGER_JOURNALMODE_WAL 
+        );
+      }
+      assert( pPager->dbOrigSize==pPager->dbFileSize );
+      assert( pPager->dbOrigSize==pPager->dbHintSize );
+      break;
+
+    case PAGER_WRITER_DBMOD:
+      assert( p->eLock==EXCLUSIVE_LOCK );
+      assert( pPager->errCode==SQLITE_OK );
+      assert( !pagerUseWal(pPager) );
+      assert( p->eLock>=EXCLUSIVE_LOCK );
+      assert( isOpen(p->jfd) 
+           || p->journalMode==PAGER_JOURNALMODE_OFF 
+           || p->journalMode==PAGER_JOURNALMODE_WAL 
+      );
+      assert( pPager->dbOrigSize<=pPager->dbHintSize );
+      break;
+
+    case PAGER_WRITER_FINISHED:
+      assert( p->eLock==EXCLUSIVE_LOCK );
+      assert( pPager->errCode==SQLITE_OK );
+      assert( !pagerUseWal(pPager) );
+      assert( isOpen(p->jfd) 
+           || p->journalMode==PAGER_JOURNALMODE_OFF 
+           || p->journalMode==PAGER_JOURNALMODE_WAL 
+      );
+      break;
+
+    case PAGER_ERROR:
+      /* There must be at least one outstanding reference to the pager if
+      ** in ERROR state. Otherwise the pager should have already dropped
+      ** back to OPEN state.
+      */
+      assert( pPager->errCode!=SQLITE_OK );
+      assert( sqlite3PcacheRefCount(pPager->pPCache)>0 );
+      break;
+  }
+
+  return 1;
+}
+#endif /* ifndef NDEBUG */
+
+#ifdef SQLITE_DEBUG 
+/*
+** Return a pointer to a human readable string in a static buffer
+** containing the state of the Pager object passed as an argument. This
+** is intended to be used within debuggers. For example, as an alternative
+** to "print *pPager" in gdb:
+**
+** (gdb) printf "%s", print_pager_state(pPager)
+*/
+static char *print_pager_state(Pager *p){
+  static char zRet[1024];
+
+  sqlite3_snprintf(1024, zRet,
+      "Filename:      %s\n"
+      "State:         %s errCode=%d\n"
+      "Lock:          %s\n"
+      "Locking mode:  locking_mode=%s\n"
+      "Journal mode:  journal_mode=%s\n"
+      "Backing store: tempFile=%d memDb=%d useJournal=%d\n"
+      "Journal:       journalOff=%lld journalHdr=%lld\n"
+      "Size:          dbsize=%d dbOrigSize=%d dbFileSize=%d\n"
+      , p->zFilename
+      , p->eState==PAGER_OPEN            ? "OPEN" :
+        p->eState==PAGER_READER          ? "READER" :
+        p->eState==PAGER_WRITER_LOCKED   ? "WRITER_LOCKED" :
+        p->eState==PAGER_WRITER_CACHEMOD ? "WRITER_CACHEMOD" :
+        p->eState==PAGER_WRITER_DBMOD    ? "WRITER_DBMOD" :
+        p->eState==PAGER_WRITER_FINISHED ? "WRITER_FINISHED" :
+        p->eState==PAGER_ERROR           ? "ERROR" : "?error?"
+      , (int)p->errCode
+      , p->eLock==NO_LOCK         ? "NO_LOCK" :
+        p->eLock==RESERVED_LOCK   ? "RESERVED" :
+        p->eLock==EXCLUSIVE_LOCK  ? "EXCLUSIVE" :
+        p->eLock==SHARED_LOCK     ? "SHARED" :
+        p->eLock==UNKNOWN_LOCK    ? "UNKNOWN" : "?error?"
+      , p->exclusiveMode ? "exclusive" : "normal"
+      , p->journalMode==PAGER_JOURNALMODE_MEMORY   ? "memory" :
+        p->journalMode==PAGER_JOURNALMODE_OFF      ? "off" :
+        p->journalMode==PAGER_JOURNALMODE_DELETE   ? "delete" :
+        p->journalMode==PAGER_JOURNALMODE_PERSIST  ? "persist" :
+        p->journalMode==PAGER_JOURNALMODE_TRUNCATE ? "truncate" :
+        p->journalMode==PAGER_JOURNALMODE_WAL      ? "wal" : "?error?"
+      , (int)p->tempFile, (int)p->memDb, (int)p->useJournal
+      , p->journalOff, p->journalHdr
+      , (int)p->dbSize, (int)p->dbOrigSize, (int)p->dbFileSize
+  );
+
+  return zRet;
+}
+#endif
+
+/*
+** Return true if it is necessary to write page *pPg into the sub-journal.
+** A page needs to be written into the sub-journal if there exists one
+** or more open savepoints for which:
+**
+**   * The page-number is less than or equal to PagerSavepoint.nOrig, and
+**   * The bit corresponding to the page-number is not set in
+**     PagerSavepoint.pInSavepoint.
+*/
+static int subjRequiresPage(PgHdr *pPg){
+  Pager *pPager = pPg->pPager;
+  PagerSavepoint *p;
+  Pgno pgno = pPg->pgno;
+  int i;
+  for(i=0; i<pPager->nSavepoint; i++){
+    p = &pPager->aSavepoint[i];
+    if( p->nOrig>=pgno && 0==sqlite3BitvecTestNotNull(p->pInSavepoint, pgno) ){
+      return 1;
+    }
+  }
+  return 0;
+}
+
+#ifdef SQLITE_DEBUG
+/*
+** Return true if the page is already in the journal file.
+*/
+static int pageInJournal(Pager *pPager, PgHdr *pPg){
+  return sqlite3BitvecTest(pPager->pInJournal, pPg->pgno);
+}
+#endif
+
+/*
+** Read a 32-bit integer from the given file descriptor.  Store the integer
+** that is read in *pRes.  Return SQLITE_OK if everything worked, or an
+** error code is something goes wrong.
+**
+** All values are stored on disk as big-endian.
+*/
+static int read32bits(sqlite3_file *fd, i64 offset, u32 *pRes){
+  unsigned char ac[4];
+  int rc = sqlite3OsRead(fd, ac, sizeof(ac), offset);
+  if( rc==SQLITE_OK ){
+    *pRes = sqlite3Get4byte(ac);
+  }
+  return rc;
+}
+
+/*
+** Write a 32-bit integer into a string buffer in big-endian byte order.
+*/
+#define put32bits(A,B)  sqlite3Put4byte((u8*)A,B)
+
+
+/*
+** Write a 32-bit integer into the given file descriptor.  Return SQLITE_OK
+** on success or an error code is something goes wrong.
+*/
+static int write32bits(sqlite3_file *fd, i64 offset, u32 val){
+  char ac[4];
+  put32bits(ac, val);
+  return sqlite3OsWrite(fd, ac, 4, offset);
+}
+
+/*
+** Unlock the database file to level eLock, which must be either NO_LOCK
+** or SHARED_LOCK. Regardless of whether or not the call to xUnlock()
+** succeeds, set the Pager.eLock variable to match the (attempted) new lock.
+**
+** Except, if Pager.eLock is set to UNKNOWN_LOCK when this function is
+** called, do not modify it. See the comment above the #define of 
+** UNKNOWN_LOCK for an explanation of this.
+*/
+static int pagerUnlockDb(Pager *pPager, int eLock){
+  int rc = SQLITE_OK;
+
+  assert( !pPager->exclusiveMode || pPager->eLock==eLock );
+  assert( eLock==NO_LOCK || eLock==SHARED_LOCK );
+  assert( eLock!=NO_LOCK || pagerUseWal(pPager)==0 );
+  if( isOpen(pPager->fd) ){
+    assert( pPager->eLock>=eLock );
+    rc = pPager->noLock ? SQLITE_OK : sqlite3OsUnlock(pPager->fd, eLock);
+    if( pPager->eLock!=UNKNOWN_LOCK ){
+      pPager->eLock = (u8)eLock;
+    }
+    IOTRACE(("UNLOCK %p %d\n", pPager, eLock))
+  }
+  return rc;
+}
+
+/*
+** Lock the database file to level eLock, which must be either SHARED_LOCK,
+** RESERVED_LOCK or EXCLUSIVE_LOCK. If the caller is successful, set the
+** Pager.eLock variable to the new locking state. 
+**
+** Except, if Pager.eLock is set to UNKNOWN_LOCK when this function is 
+** called, do not modify it unless the new locking state is EXCLUSIVE_LOCK. 
+** See the comment above the #define of UNKNOWN_LOCK for an explanation 
+** of this.
+*/
+static int pagerLockDb(Pager *pPager, int eLock){
+  int rc = SQLITE_OK;
+
+  assert( eLock==SHARED_LOCK || eLock==RESERVED_LOCK || eLock==EXCLUSIVE_LOCK );
+  if( pPager->eLock<eLock || pPager->eLock==UNKNOWN_LOCK ){
+    rc = pPager->noLock ? SQLITE_OK : sqlite3OsLock(pPager->fd, eLock);
+    if( rc==SQLITE_OK && (pPager->eLock!=UNKNOWN_LOCK||eLock==EXCLUSIVE_LOCK) ){
+      pPager->eLock = (u8)eLock;
+      IOTRACE(("LOCK %p %d\n", pPager, eLock))
+    }
+  }
+  return rc;
+}
+
+/*
+** This function determines whether or not the atomic-write optimization
+** can be used with this pager. The optimization can be used if:
+**
+**  (a) the value returned by OsDeviceCharacteristics() indicates that
+**      a database page may be written atomically, and
+**  (b) the value returned by OsSectorSize() is less than or equal
+**      to the page size.
+**
+** The optimization is also always enabled for temporary files. It is
+** an error to call this function if pPager is opened on an in-memory
+** database.
+**
+** If the optimization cannot be used, 0 is returned. If it can be used,
+** then the value returned is the size of the journal file when it
+** contains rollback data for exactly one page.
+*/
+#ifdef SQLITE_ENABLE_ATOMIC_WRITE
+static int jrnlBufferSize(Pager *pPager){
+  assert( !MEMDB );
+  if( !pPager->tempFile ){
+    int dc;                           /* Device characteristics */
+    int nSector;                      /* Sector size */
+    int szPage;                       /* Page size */
+
+    assert( isOpen(pPager->fd) );
+    dc = sqlite3OsDeviceCharacteristics(pPager->fd);
+    nSector = pPager->sectorSize;
+    szPage = pPager->pageSize;
+
+    assert(SQLITE_IOCAP_ATOMIC512==(512>>8));
+    assert(SQLITE_IOCAP_ATOMIC64K==(65536>>8));
+    if( 0==(dc&(SQLITE_IOCAP_ATOMIC|(szPage>>8)) || nSector>szPage) ){
+      return 0;
+    }
+  }
+
+  return JOURNAL_HDR_SZ(pPager) + JOURNAL_PG_SZ(pPager);
+}
+#endif
+
+/*
+** If SQLITE_CHECK_PAGES is defined then we do some sanity checking
+** on the cache using a hash function.  This is used for testing
+** and debugging only.
+*/
+#ifdef SQLITE_CHECK_PAGES
+/*
+** Return a 32-bit hash of the page data for pPage.
+*/
+static u32 pager_datahash(int nByte, unsigned char *pData){
+  u32 hash = 0;
+  int i;
+  for(i=0; i<nByte; i++){
+    hash = (hash*1039) + pData[i];
+  }
+  return hash;
+}
+static u32 pager_pagehash(PgHdr *pPage){
+  return pager_datahash(pPage->pPager->pageSize, (unsigned char *)pPage->pData);
+}
+static void pager_set_pagehash(PgHdr *pPage){
+  pPage->pageHash = pager_pagehash(pPage);
+}
+
+/*
+** The CHECK_PAGE macro takes a PgHdr* as an argument. If SQLITE_CHECK_PAGES
+** is defined, and NDEBUG is not defined, an assert() statement checks
+** that the page is either dirty or still matches the calculated page-hash.
+*/
+#define CHECK_PAGE(x) checkPage(x)
+static void checkPage(PgHdr *pPg){
+  Pager *pPager = pPg->pPager;
+  assert( pPager->eState!=PAGER_ERROR );
+  assert( (pPg->flags&PGHDR_DIRTY) || pPg->pageHash==pager_pagehash(pPg) );
+}
+
+#else
+#define pager_datahash(X,Y)  0
+#define pager_pagehash(X)  0
+#define pager_set_pagehash(X)
+#define CHECK_PAGE(x)
+#endif  /* SQLITE_CHECK_PAGES */
+
+/*
+** When this is called the journal file for pager pPager must be open.
+** This function attempts to read a master journal file name from the 
+** end of the file and, if successful, copies it into memory supplied 
+** by the caller. See comments above writeMasterJournal() for the format
+** used to store a master journal file name at the end of a journal file.
+**
+** zMaster must point to a buffer of at least nMaster bytes allocated by
+** the caller. This should be sqlite3_vfs.mxPathname+1 (to ensure there is
+** enough space to write the master journal name). If the master journal
+** name in the journal is longer than nMaster bytes (including a
+** nul-terminator), then this is handled as if no master journal name
+** were present in the journal.
+**
+** If a master journal file name is present at the end of the journal
+** file, then it is copied into the buffer pointed to by zMaster. A
+** nul-terminator byte is appended to the buffer following the master
+** journal file name.
+**
+** If it is determined that no master journal file name is present 
+** zMaster[0] is set to 0 and SQLITE_OK returned.
+**
+** If an error occurs while reading from the journal file, an SQLite
+** error code is returned.
+*/
+static int readMasterJournal(sqlite3_file *pJrnl, char *zMaster, u32 nMaster){
+  int rc;                    /* Return code */
+  u32 len;                   /* Length in bytes of master journal name */
+  i64 szJ;                   /* Total size in bytes of journal file pJrnl */
+  u32 cksum;                 /* MJ checksum value read from journal */
+  u32 u;                     /* Unsigned loop counter */
+  unsigned char aMagic[8];   /* A buffer to hold the magic header */
+  zMaster[0] = '\0';
+
+  if( SQLITE_OK!=(rc = sqlite3OsFileSize(pJrnl, &szJ))
+   || szJ<16
+   || SQLITE_OK!=(rc = read32bits(pJrnl, szJ-16, &len))
+   || len>=nMaster 
+   || len==0 
+   || SQLITE_OK!=(rc = read32bits(pJrnl, szJ-12, &cksum))
+   || SQLITE_OK!=(rc = sqlite3OsRead(pJrnl, aMagic, 8, szJ-8))
+   || memcmp(aMagic, aJournalMagic, 8)
+   || SQLITE_OK!=(rc = sqlite3OsRead(pJrnl, zMaster, len, szJ-16-len))
+  ){
+    return rc;
+  }
+
+  /* See if the checksum matches the master journal name */
+  for(u=0; u<len; u++){
+    cksum -= zMaster[u];
+  }
+  if( cksum ){
+    /* If the checksum doesn't add up, then one or more of the disk sectors
+    ** containing the master journal filename is corrupted. This means
+    ** definitely roll back, so just return SQLITE_OK and report a (nul)
+    ** master-journal filename.
+    */
+    len = 0;
+  }
+  zMaster[len] = '\0';
+   
+  return SQLITE_OK;
+}
+
+/*
+** Return the offset of the sector boundary at or immediately 
+** following the value in pPager->journalOff, assuming a sector 
+** size of pPager->sectorSize bytes.
+**
+** i.e for a sector size of 512:
+**
+**   Pager.journalOff          Return value
+**   ---------------------------------------
+**   0                         0
+**   512                       512
+**   100                       512
+**   2000                      2048
+** 
+*/
+static i64 journalHdrOffset(Pager *pPager){
+  i64 offset = 0;
+  i64 c = pPager->journalOff;
+  if( c ){
+    offset = ((c-1)/JOURNAL_HDR_SZ(pPager) + 1) * JOURNAL_HDR_SZ(pPager);
+  }
+  assert( offset%JOURNAL_HDR_SZ(pPager)==0 );
+  assert( offset>=c );
+  assert( (offset-c)<JOURNAL_HDR_SZ(pPager) );
+  return offset;
+}
+
+/*
+** The journal file must be open when this function is called.
+**
+** This function is a no-op if the journal file has not been written to
+** within the current transaction (i.e. if Pager.journalOff==0).
+**
+** If doTruncate is non-zero or the Pager.journalSizeLimit variable is
+** set to 0, then truncate the journal file to zero bytes in size. Otherwise,
+** zero the 28-byte header at the start of the journal file. In either case, 
+** if the pager is not in no-sync mode, sync the journal file immediately 
+** after writing or truncating it.
+**
+** If Pager.journalSizeLimit is set to a positive, non-zero value, and
+** following the truncation or zeroing described above the size of the 
+** journal file in bytes is larger than this value, then truncate the
+** journal file to Pager.journalSizeLimit bytes. The journal file does
+** not need to be synced following this operation.
+**
+** If an IO error occurs, abandon processing and return the IO error code.
+** Otherwise, return SQLITE_OK.
+*/
+static int zeroJournalHdr(Pager *pPager, int doTruncate){
+  int rc = SQLITE_OK;                               /* Return code */
+  assert( isOpen(pPager->jfd) );
+  if( pPager->journalOff ){
+    const i64 iLimit = pPager->journalSizeLimit;    /* Local cache of jsl */
+
+    IOTRACE(("JZEROHDR %p\n", pPager))
+    if( doTruncate || iLimit==0 ){
+      rc = sqlite3OsTruncate(pPager->jfd, 0);
+    }else{
+      static const char zeroHdr[28] = {0};
+      rc = sqlite3OsWrite(pPager->jfd, zeroHdr, sizeof(zeroHdr), 0);
+    }
+    if( rc==SQLITE_OK && !pPager->noSync ){
+      rc = sqlite3OsSync(pPager->jfd, SQLITE_SYNC_DATAONLY|pPager->syncFlags);
+    }
+
+    /* At this point the transaction is committed but the write lock 
+    ** is still held on the file. If there is a size limit configured for 
+    ** the persistent journal and the journal file currently consumes more
+    ** space than that limit allows for, truncate it now. There is no need
+    ** to sync the file following this operation.
+    */
+    if( rc==SQLITE_OK && iLimit>0 ){
+      i64 sz;
+      rc = sqlite3OsFileSize(pPager->jfd, &sz);
+      if( rc==SQLITE_OK && sz>iLimit ){
+        rc = sqlite3OsTruncate(pPager->jfd, iLimit);
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** The journal file must be open when this routine is called. A journal
+** header (JOURNAL_HDR_SZ bytes) is written into the journal file at the
+** current location.
+**
+** The format for the journal header is as follows:
+** - 8 bytes: Magic identifying journal format.
+** - 4 bytes: Number of records in journal, or -1 no-sync mode is on.
+** - 4 bytes: Random number used for page hash.
+** - 4 bytes: Initial database page count.
+** - 4 bytes: Sector size used by the process that wrote this journal.
+** - 4 bytes: Database page size.
+** 
+** Followed by (JOURNAL_HDR_SZ - 28) bytes of unused space.
+*/
+static int writeJournalHdr(Pager *pPager){
+  int rc = SQLITE_OK;                 /* Return code */
+  char *zHeader = pPager->pTmpSpace;  /* Temporary space used to build header */
+  u32 nHeader = (u32)pPager->pageSize;/* Size of buffer pointed to by zHeader */
+  u32 nWrite;                         /* Bytes of header sector written */
+  int ii;                             /* Loop counter */
+
+  assert( isOpen(pPager->jfd) );      /* Journal file must be open. */
+
+  if( nHeader>JOURNAL_HDR_SZ(pPager) ){
+    nHeader = JOURNAL_HDR_SZ(pPager);
+  }
+
+  /* If there are active savepoints and any of them were created 
+  ** since the most recent journal header was written, update the 
+  ** PagerSavepoint.iHdrOffset fields now.
+  */
+  for(ii=0; ii<pPager->nSavepoint; ii++){
+    if( pPager->aSavepoint[ii].iHdrOffset==0 ){
+      pPager->aSavepoint[ii].iHdrOffset = pPager->journalOff;
+    }
+  }
+
+  pPager->journalHdr = pPager->journalOff = journalHdrOffset(pPager);
+
+  /* 
+  ** Write the nRec Field - the number of page records that follow this
+  ** journal header. Normally, zero is written to this value at this time.
+  ** After the records are added to the journal (and the journal synced, 
+  ** if in full-sync mode), the zero is overwritten with the true number
+  ** of records (see syncJournal()).
+  **
+  ** A faster alternative is to write 0xFFFFFFFF to the nRec field. When
+  ** reading the journal this value tells SQLite to assume that the
+  ** rest of the journal file contains valid page records. This assumption
+  ** is dangerous, as if a failure occurred whilst writing to the journal
+  ** file it may contain some garbage data. There are two scenarios
+  ** where this risk can be ignored:
+  **
+  **   * When the pager is in no-sync mode. Corruption can follow a
+  **     power failure in this case anyway.
+  **
+  **   * When the SQLITE_IOCAP_SAFE_APPEND flag is set. This guarantees
+  **     that garbage data is never appended to the journal file.
+  */
+  assert( isOpen(pPager->fd) || pPager->noSync );
+  if( pPager->noSync || (pPager->journalMode==PAGER_JOURNALMODE_MEMORY)
+   || (sqlite3OsDeviceCharacteristics(pPager->fd)&SQLITE_IOCAP_SAFE_APPEND) 
+  ){
+    memcpy(zHeader, aJournalMagic, sizeof(aJournalMagic));
+    put32bits(&zHeader[sizeof(aJournalMagic)], 0xffffffff);
+  }else{
+    memset(zHeader, 0, sizeof(aJournalMagic)+4);
+  }
+
+  /* The random check-hash initializer */ 
+  sqlite3_randomness(sizeof(pPager->cksumInit), &pPager->cksumInit);
+  put32bits(&zHeader[sizeof(aJournalMagic)+4], pPager->cksumInit);
+  /* The initial database size */
+  put32bits(&zHeader[sizeof(aJournalMagic)+8], pPager->dbOrigSize);
+  /* The assumed sector size for this process */
+  put32bits(&zHeader[sizeof(aJournalMagic)+12], pPager->sectorSize);
+
+  /* The page size */
+  put32bits(&zHeader[sizeof(aJournalMagic)+16], pPager->pageSize);
+
+  /* Initializing the tail of the buffer is not necessary.  Everything
+  ** works find if the following memset() is omitted.  But initializing
+  ** the memory prevents valgrind from complaining, so we are willing to
+  ** take the performance hit.
+  */
+  memset(&zHeader[sizeof(aJournalMagic)+20], 0,
+         nHeader-(sizeof(aJournalMagic)+20));
+
+  /* In theory, it is only necessary to write the 28 bytes that the 
+  ** journal header consumes to the journal file here. Then increment the 
+  ** Pager.journalOff variable by JOURNAL_HDR_SZ so that the next 
+  ** record is written to the following sector (leaving a gap in the file
+  ** that will be implicitly filled in by the OS).
+  **
+  ** However it has been discovered that on some systems this pattern can 
+  ** be significantly slower than contiguously writing data to the file,
+  ** even if that means explicitly writing data to the block of 
+  ** (JOURNAL_HDR_SZ - 28) bytes that will not be used. So that is what
+  ** is done. 
+  **
+  ** The loop is required here in case the sector-size is larger than the 
+  ** database page size. Since the zHeader buffer is only Pager.pageSize
+  ** bytes in size, more than one call to sqlite3OsWrite() may be required
+  ** to populate the entire journal header sector.
+  */ 
+  for(nWrite=0; rc==SQLITE_OK&&nWrite<JOURNAL_HDR_SZ(pPager); nWrite+=nHeader){
+    IOTRACE(("JHDR %p %lld %d\n", pPager, pPager->journalHdr, nHeader))
+    rc = sqlite3OsWrite(pPager->jfd, zHeader, nHeader, pPager->journalOff);
+    assert( pPager->journalHdr <= pPager->journalOff );
+    pPager->journalOff += nHeader;
+  }
+
+  return rc;
+}
+
+/*
+** The journal file must be open when this is called. A journal header file
+** (JOURNAL_HDR_SZ bytes) is read from the current location in the journal
+** file. The current location in the journal file is given by
+** pPager->journalOff. See comments above function writeJournalHdr() for
+** a description of the journal header format.
+**
+** If the header is read successfully, *pNRec is set to the number of
+** page records following this header and *pDbSize is set to the size of the
+** database before the transaction began, in pages. Also, pPager->cksumInit
+** is set to the value read from the journal header. SQLITE_OK is returned
+** in this case.
+**
+** If the journal header file appears to be corrupted, SQLITE_DONE is
+** returned and *pNRec and *PDbSize are undefined.  If JOURNAL_HDR_SZ bytes
+** cannot be read from the journal file an error code is returned.
+*/
+static int readJournalHdr(
+  Pager *pPager,               /* Pager object */
+  int isHot,
+  i64 journalSize,             /* Size of the open journal file in bytes */
+  u32 *pNRec,                  /* OUT: Value read from the nRec field */
+  u32 *pDbSize                 /* OUT: Value of original database size field */
+){
+  int rc;                      /* Return code */
+  unsigned char aMagic[8];     /* A buffer to hold the magic header */
+  i64 iHdrOff;                 /* Offset of journal header being read */
+
+  assert( isOpen(pPager->jfd) );      /* Journal file must be open. */
+
+  /* Advance Pager.journalOff to the start of the next sector. If the
+  ** journal file is too small for there to be a header stored at this
+  ** point, return SQLITE_DONE.
+  */
+  pPager->journalOff = journalHdrOffset(pPager);
+  if( pPager->journalOff+JOURNAL_HDR_SZ(pPager) > journalSize ){
+    return SQLITE_DONE;
+  }
+  iHdrOff = pPager->journalOff;
+
+  /* Read in the first 8 bytes of the journal header. If they do not match
+  ** the  magic string found at the start of each journal header, return
+  ** SQLITE_DONE. If an IO error occurs, return an error code. Otherwise,
+  ** proceed.
+  */
+  if( isHot || iHdrOff!=pPager->journalHdr ){
+    rc = sqlite3OsRead(pPager->jfd, aMagic, sizeof(aMagic), iHdrOff);
+    if( rc ){
+      return rc;
+    }
+    if( memcmp(aMagic, aJournalMagic, sizeof(aMagic))!=0 ){
+      return SQLITE_DONE;
+    }
+  }
+
+  /* Read the first three 32-bit fields of the journal header: The nRec
+  ** field, the checksum-initializer and the database size at the start
+  ** of the transaction. Return an error code if anything goes wrong.
+  */
+  if( SQLITE_OK!=(rc = read32bits(pPager->jfd, iHdrOff+8, pNRec))
+   || SQLITE_OK!=(rc = read32bits(pPager->jfd, iHdrOff+12, &pPager->cksumInit))
+   || SQLITE_OK!=(rc = read32bits(pPager->jfd, iHdrOff+16, pDbSize))
+  ){
+    return rc;
+  }
+
+  if( pPager->journalOff==0 ){
+    u32 iPageSize;               /* Page-size field of journal header */
+    u32 iSectorSize;             /* Sector-size field of journal header */
+
+    /* Read the page-size and sector-size journal header fields. */
+    if( SQLITE_OK!=(rc = read32bits(pPager->jfd, iHdrOff+20, &iSectorSize))
+     || SQLITE_OK!=(rc = read32bits(pPager->jfd, iHdrOff+24, &iPageSize))
+    ){
+      return rc;
+    }
+
+    /* Versions of SQLite prior to 3.5.8 set the page-size field of the
+    ** journal header to zero. In this case, assume that the Pager.pageSize
+    ** variable is already set to the correct page size.
+    */
+    if( iPageSize==0 ){
+      iPageSize = pPager->pageSize;
+    }
+
+    /* Check that the values read from the page-size and sector-size fields
+    ** are within range. To be 'in range', both values need to be a power
+    ** of two greater than or equal to 512 or 32, and not greater than their 
+    ** respective compile time maximum limits.
+    */
+    if( iPageSize<512                  || iSectorSize<32
+     || iPageSize>SQLITE_MAX_PAGE_SIZE || iSectorSize>MAX_SECTOR_SIZE
+     || ((iPageSize-1)&iPageSize)!=0   || ((iSectorSize-1)&iSectorSize)!=0 
+    ){
+      /* If the either the page-size or sector-size in the journal-header is 
+      ** invalid, then the process that wrote the journal-header must have 
+      ** crashed before the header was synced. In this case stop reading 
+      ** the journal file here.
+      */
+      return SQLITE_DONE;
+    }
+
+    /* Update the page-size to match the value read from the journal. 
+    ** Use a testcase() macro to make sure that malloc failure within 
+    ** PagerSetPagesize() is tested.
+    */
+    rc = sqlite3PagerSetPagesize(pPager, &iPageSize, -1);
+    testcase( rc!=SQLITE_OK );
+
+    /* Update the assumed sector-size to match the value used by 
+    ** the process that created this journal. If this journal was
+    ** created by a process other than this one, then this routine
+    ** is being called from within pager_playback(). The local value
+    ** of Pager.sectorSize is restored at the end of that routine.
+    */
+    pPager->sectorSize = iSectorSize;
+  }
+
+  pPager->journalOff += JOURNAL_HDR_SZ(pPager);
+  return rc;
+}
+
+
+/*
+** Write the supplied master journal name into the journal file for pager
+** pPager at the current location. The master journal name must be the last
+** thing written to a journal file. If the pager is in full-sync mode, the
+** journal file descriptor is advanced to the next sector boundary before
+** anything is written. The format is:
+**
+**   + 4 bytes: PAGER_MJ_PGNO.
+**   + N bytes: Master journal filename in utf-8.
+**   + 4 bytes: N (length of master journal name in bytes, no nul-terminator).
+**   + 4 bytes: Master journal name checksum.
+**   + 8 bytes: aJournalMagic[].
+**
+** The master journal page checksum is the sum of the bytes in the master
+** journal name, where each byte is interpreted as a signed 8-bit integer.
+**
+** If zMaster is a NULL pointer (occurs for a single database transaction), 
+** this call is a no-op.
+*/
+static int writeMasterJournal(Pager *pPager, const char *zMaster){
+  int rc;                          /* Return code */
+  int nMaster;                     /* Length of string zMaster */
+  i64 iHdrOff;                     /* Offset of header in journal file */
+  i64 jrnlSize;                    /* Size of journal file on disk */
+  u32 cksum = 0;                   /* Checksum of string zMaster */
+
+  assert( pPager->setMaster==0 );
+  assert( !pagerUseWal(pPager) );
+
+  if( !zMaster 
+   || pPager->journalMode==PAGER_JOURNALMODE_MEMORY 
+   || !isOpen(pPager->jfd)
+  ){
+    return SQLITE_OK;
+  }
+  pPager->setMaster = 1;
+  assert( pPager->journalHdr <= pPager->journalOff );
+
+  /* Calculate the length in bytes and the checksum of zMaster */
+  for(nMaster=0; zMaster[nMaster]; nMaster++){
+    cksum += zMaster[nMaster];
+  }
+
+  /* If in full-sync mode, advance to the next disk sector before writing
+  ** the master journal name. This is in case the previous page written to
+  ** the journal has already been synced.
+  */
+  if( pPager->fullSync ){
+    pPager->journalOff = journalHdrOffset(pPager);
+  }
+  iHdrOff = pPager->journalOff;
+
+  /* Write the master journal data to the end of the journal file. If
+  ** an error occurs, return the error code to the caller.
+  */
+  if( (0 != (rc = write32bits(pPager->jfd, iHdrOff, PAGER_MJ_PGNO(pPager))))
+   || (0 != (rc = sqlite3OsWrite(pPager->jfd, zMaster, nMaster, iHdrOff+4)))
+   || (0 != (rc = write32bits(pPager->jfd, iHdrOff+4+nMaster, nMaster)))
+   || (0 != (rc = write32bits(pPager->jfd, iHdrOff+4+nMaster+4, cksum)))
+   || (0 != (rc = sqlite3OsWrite(pPager->jfd, aJournalMagic, 8,
+                                 iHdrOff+4+nMaster+8)))
+  ){
+    return rc;
+  }
+  pPager->journalOff += (nMaster+20);
+
+  /* If the pager is in peristent-journal mode, then the physical 
+  ** journal-file may extend past the end of the master-journal name
+  ** and 8 bytes of magic data just written to the file. This is 
+  ** dangerous because the code to rollback a hot-journal file
+  ** will not be able to find the master-journal name to determine 
+  ** whether or not the journal is hot. 
+  **
+  ** Easiest thing to do in this scenario is to truncate the journal 
+  ** file to the required size.
+  */ 
+  if( SQLITE_OK==(rc = sqlite3OsFileSize(pPager->jfd, &jrnlSize))
+   && jrnlSize>pPager->journalOff
+  ){
+    rc = sqlite3OsTruncate(pPager->jfd, pPager->journalOff);
+  }
+  return rc;
+}
+
+/*
+** Discard the entire contents of the in-memory page-cache.
+*/
+static void pager_reset(Pager *pPager){
+  pPager->iDataVersion++;
+  sqlite3BackupRestart(pPager->pBackup);
+  sqlite3PcacheClear(pPager->pPCache);
+}
+
+/*
+** Return the pPager->iDataVersion value
+*/
+SQLITE_PRIVATE u32 sqlite3PagerDataVersion(Pager *pPager){
+  assert( pPager->eState>PAGER_OPEN );
+  return pPager->iDataVersion;
+}
+
+/*
+** Free all structures in the Pager.aSavepoint[] array and set both
+** Pager.aSavepoint and Pager.nSavepoint to zero. Close the sub-journal
+** if it is open and the pager is not in exclusive mode.
+*/
+static void releaseAllSavepoints(Pager *pPager){
+  int ii;               /* Iterator for looping through Pager.aSavepoint */
+  for(ii=0; ii<pPager->nSavepoint; ii++){
+    sqlite3BitvecDestroy(pPager->aSavepoint[ii].pInSavepoint);
+  }
+  if( !pPager->exclusiveMode || sqlite3IsMemJournal(pPager->sjfd) ){
+    sqlite3OsClose(pPager->sjfd);
+  }
+  sqlite3_free(pPager->aSavepoint);
+  pPager->aSavepoint = 0;
+  pPager->nSavepoint = 0;
+  pPager->nSubRec = 0;
+}
+
+/*
+** Set the bit number pgno in the PagerSavepoint.pInSavepoint 
+** bitvecs of all open savepoints. Return SQLITE_OK if successful
+** or SQLITE_NOMEM if a malloc failure occurs.
+*/
+static int addToSavepointBitvecs(Pager *pPager, Pgno pgno){
+  int ii;                   /* Loop counter */
+  int rc = SQLITE_OK;       /* Result code */
+
+  for(ii=0; ii<pPager->nSavepoint; ii++){
+    PagerSavepoint *p = &pPager->aSavepoint[ii];
+    if( pgno<=p->nOrig ){
+      rc |= sqlite3BitvecSet(p->pInSavepoint, pgno);
+      testcase( rc==SQLITE_NOMEM );
+      assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
+    }
+  }
+  return rc;
+}
+
+/*
+** This function is a no-op if the pager is in exclusive mode and not
+** in the ERROR state. Otherwise, it switches the pager to PAGER_OPEN
+** state.
+**
+** If the pager is not in exclusive-access mode, the database file is
+** completely unlocked. If the file is unlocked and the file-system does
+** not exhibit the UNDELETABLE_WHEN_OPEN property, the journal file is
+** closed (if it is open).
+**
+** If the pager is in ERROR state when this function is called, the 
+** contents of the pager cache are discarded before switching back to 
+** the OPEN state. Regardless of whether the pager is in exclusive-mode
+** or not, any journal file left in the file-system will be treated
+** as a hot-journal and rolled back the next time a read-transaction
+** is opened (by this or by any other connection).
+*/
+static void pager_unlock(Pager *pPager){
+
+  assert( pPager->eState==PAGER_READER 
+       || pPager->eState==PAGER_OPEN 
+       || pPager->eState==PAGER_ERROR 
+  );
+
+  sqlite3BitvecDestroy(pPager->pInJournal);
+  pPager->pInJournal = 0;
+  releaseAllSavepoints(pPager);
+
+  if( pagerUseWal(pPager) ){
+    assert( !isOpen(pPager->jfd) );
+    sqlite3WalEndReadTransaction(pPager->pWal);
+    pPager->eState = PAGER_OPEN;
+  }else if( !pPager->exclusiveMode ){
+    int rc;                       /* Error code returned by pagerUnlockDb() */
+    int iDc = isOpen(pPager->fd)?sqlite3OsDeviceCharacteristics(pPager->fd):0;
+
+    /* If the operating system support deletion of open files, then
+    ** close the journal file when dropping the database lock.  Otherwise
+    ** another connection with journal_mode=delete might delete the file
+    ** out from under us.
+    */
+    assert( (PAGER_JOURNALMODE_MEMORY   & 5)!=1 );
+    assert( (PAGER_JOURNALMODE_OFF      & 5)!=1 );
+    assert( (PAGER_JOURNALMODE_WAL      & 5)!=1 );
+    assert( (PAGER_JOURNALMODE_DELETE   & 5)!=1 );
+    assert( (PAGER_JOURNALMODE_TRUNCATE & 5)==1 );
+    assert( (PAGER_JOURNALMODE_PERSIST  & 5)==1 );
+    if( 0==(iDc & SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN)
+     || 1!=(pPager->journalMode & 5)
+    ){
+      sqlite3OsClose(pPager->jfd);
+    }
+
+    /* If the pager is in the ERROR state and the call to unlock the database
+    ** file fails, set the current lock to UNKNOWN_LOCK. See the comment
+    ** above the #define for UNKNOWN_LOCK for an explanation of why this
+    ** is necessary.
+    */
+    rc = pagerUnlockDb(pPager, NO_LOCK);
+    if( rc!=SQLITE_OK && pPager->eState==PAGER_ERROR ){
+      pPager->eLock = UNKNOWN_LOCK;
+    }
+
+    /* The pager state may be changed from PAGER_ERROR to PAGER_OPEN here
+    ** without clearing the error code. This is intentional - the error
+    ** code is cleared and the cache reset in the block below.
+    */
+    assert( pPager->errCode || pPager->eState!=PAGER_ERROR );
+    pPager->changeCountDone = 0;
+    pPager->eState = PAGER_OPEN;
+  }
+
+  /* If Pager.errCode is set, the contents of the pager cache cannot be
+  ** trusted. Now that there are no outstanding references to the pager,
+  ** it can safely move back to PAGER_OPEN state. This happens in both
+  ** normal and exclusive-locking mode.
+  */
+  if( pPager->errCode ){
+    assert( !MEMDB );
+    pager_reset(pPager);
+    pPager->changeCountDone = pPager->tempFile;
+    pPager->eState = PAGER_OPEN;
+    pPager->errCode = SQLITE_OK;
+    if( USEFETCH(pPager) ) sqlite3OsUnfetch(pPager->fd, 0, 0);
+  }
+
+  pPager->journalOff = 0;
+  pPager->journalHdr = 0;
+  pPager->setMaster = 0;
+}
+
+/*
+** This function is called whenever an IOERR or FULL error that requires
+** the pager to transition into the ERROR state may ahve occurred.
+** The first argument is a pointer to the pager structure, the second 
+** the error-code about to be returned by a pager API function. The 
+** value returned is a copy of the second argument to this function. 
+**
+** If the second argument is SQLITE_FULL, SQLITE_IOERR or one of the
+** IOERR sub-codes, the pager enters the ERROR state and the error code
+** is stored in Pager.errCode. While the pager remains in the ERROR state,
+** all major API calls on the Pager will immediately return Pager.errCode.
+**
+** The ERROR state indicates that the contents of the pager-cache 
+** cannot be trusted. This state can be cleared by completely discarding 
+** the contents of the pager-cache. If a transaction was active when
+** the persistent error occurred, then the rollback journal may need
+** to be replayed to restore the contents of the database file (as if
+** it were a hot-journal).
+*/
+static int pager_error(Pager *pPager, int rc){
+  int rc2 = rc & 0xff;
+  assert( rc==SQLITE_OK || !MEMDB );
+  assert(
+       pPager->errCode==SQLITE_FULL ||
+       pPager->errCode==SQLITE_OK ||
+       (pPager->errCode & 0xff)==SQLITE_IOERR
+  );
+  if( rc2==SQLITE_FULL || rc2==SQLITE_IOERR ){
+    pPager->errCode = rc;
+    pPager->eState = PAGER_ERROR;
+  }
+  return rc;
+}
+
+static int pager_truncate(Pager *pPager, Pgno nPage);
+
+/*
+** This routine ends a transaction. A transaction is usually ended by 
+** either a COMMIT or a ROLLBACK operation. This routine may be called 
+** after rollback of a hot-journal, or if an error occurs while opening
+** the journal file or writing the very first journal-header of a
+** database transaction.
+** 
+** This routine is never called in PAGER_ERROR state. If it is called
+** in PAGER_NONE or PAGER_SHARED state and the lock held is less
+** exclusive than a RESERVED lock, it is a no-op.
+**
+** Otherwise, any active savepoints are released.
+**
+** If the journal file is open, then it is "finalized". Once a journal 
+** file has been finalized it is not possible to use it to roll back a 
+** transaction. Nor will it be considered to be a hot-journal by this
+** or any other database connection. Exactly how a journal is finalized
+** depends on whether or not the pager is running in exclusive mode and
+** the current journal-mode (Pager.journalMode value), as follows:
+**
+**   journalMode==MEMORY
+**     Journal file descriptor is simply closed. This destroys an 
+**     in-memory journal.
+**
+**   journalMode==TRUNCATE
+**     Journal file is truncated to zero bytes in size.
+**
+**   journalMode==PERSIST
+**     The first 28 bytes of the journal file are zeroed. This invalidates
+**     the first journal header in the file, and hence the entire journal
+**     file. An invalid journal file cannot be rolled back.
+**
+**   journalMode==DELETE
+**     The journal file is closed and deleted using sqlite3OsDelete().
+**
+**     If the pager is running in exclusive mode, this method of finalizing
+**     the journal file is never used. Instead, if the journalMode is
+**     DELETE and the pager is in exclusive mode, the method described under
+**     journalMode==PERSIST is used instead.
+**
+** After the journal is finalized, the pager moves to PAGER_READER state.
+** If running in non-exclusive rollback mode, the lock on the file is 
+** downgraded to a SHARED_LOCK.
+**
+** SQLITE_OK is returned if no error occurs. If an error occurs during
+** any of the IO operations to finalize the journal file or unlock the
+** database then the IO error code is returned to the user. If the 
+** operation to finalize the journal file fails, then the code still
+** tries to unlock the database file if not in exclusive mode. If the
+** unlock operation fails as well, then the first error code related
+** to the first error encountered (the journal finalization one) is
+** returned.
+*/
+static int pager_end_transaction(Pager *pPager, int hasMaster, int bCommit){
+  int rc = SQLITE_OK;      /* Error code from journal finalization operation */
+  int rc2 = SQLITE_OK;     /* Error code from db file unlock operation */
+
+  /* Do nothing if the pager does not have an open write transaction
+  ** or at least a RESERVED lock. This function may be called when there
+  ** is no write-transaction active but a RESERVED or greater lock is
+  ** held under two circumstances:
+  **
+  **   1. After a successful hot-journal rollback, it is called with
+  **      eState==PAGER_NONE and eLock==EXCLUSIVE_LOCK.
+  **
+  **   2. If a connection with locking_mode=exclusive holding an EXCLUSIVE 
+  **      lock switches back to locking_mode=normal and then executes a
+  **      read-transaction, this function is called with eState==PAGER_READER 
+  **      and eLock==EXCLUSIVE_LOCK when the read-transaction is closed.
+  */
+  assert( assert_pager_state(pPager) );
+  assert( pPager->eState!=PAGER_ERROR );
+  if( pPager->eState<PAGER_WRITER_LOCKED && pPager->eLock<RESERVED_LOCK ){
+    return SQLITE_OK;
+  }
+
+  releaseAllSavepoints(pPager);
+  assert( isOpen(pPager->jfd) || pPager->pInJournal==0 );
+  if( isOpen(pPager->jfd) ){
+    assert( !pagerUseWal(pPager) );
+
+    /* Finalize the journal file. */
+    if( sqlite3IsMemJournal(pPager->jfd) ){
+      assert( pPager->journalMode==PAGER_JOURNALMODE_MEMORY );
+      sqlite3OsClose(pPager->jfd);
+    }else if( pPager->journalMode==PAGER_JOURNALMODE_TRUNCATE ){
+      if( pPager->journalOff==0 ){
+        rc = SQLITE_OK;
+      }else{
+        rc = sqlite3OsTruncate(pPager->jfd, 0);
+        if( rc==SQLITE_OK && pPager->fullSync ){
+          /* Make sure the new file size is written into the inode right away.
+          ** Otherwise the journal might resurrect following a power loss and
+          ** cause the last transaction to roll back.  See
+          ** https://bugzilla.mozilla.org/show_bug.cgi?id=1072773
+          */
+          rc = sqlite3OsSync(pPager->jfd, pPager->syncFlags);
+        }
+      }
+      pPager->journalOff = 0;
+    }else if( pPager->journalMode==PAGER_JOURNALMODE_PERSIST
+      || (pPager->exclusiveMode && pPager->journalMode!=PAGER_JOURNALMODE_WAL)
+    ){
+      rc = zeroJournalHdr(pPager, hasMaster);
+      pPager->journalOff = 0;
+    }else{
+      /* This branch may be executed with Pager.journalMode==MEMORY if
+      ** a hot-journal was just rolled back. In this case the journal
+      ** file should be closed and deleted. If this connection writes to
+      ** the database file, it will do so using an in-memory journal. 
+      */
+      int bDelete = (!pPager->tempFile && sqlite3JournalExists(pPager->jfd));
+      assert( pPager->journalMode==PAGER_JOURNALMODE_DELETE 
+           || pPager->journalMode==PAGER_JOURNALMODE_MEMORY 
+           || pPager->journalMode==PAGER_JOURNALMODE_WAL 
+      );
+      sqlite3OsClose(pPager->jfd);
+      if( bDelete ){
+        rc = sqlite3OsDelete(pPager->pVfs, pPager->zJournal, 0);
+      }
+    }
+  }
+
+#ifdef SQLITE_CHECK_PAGES
+  sqlite3PcacheIterateDirty(pPager->pPCache, pager_set_pagehash);
+  if( pPager->dbSize==0 && sqlite3PcacheRefCount(pPager->pPCache)>0 ){
+    PgHdr *p = sqlite3PagerLookup(pPager, 1);
+    if( p ){
+      p->pageHash = 0;
+      sqlite3PagerUnrefNotNull(p);
+    }
+  }
+#endif
+
+  sqlite3BitvecDestroy(pPager->pInJournal);
+  pPager->pInJournal = 0;
+  pPager->nRec = 0;
+  sqlite3PcacheCleanAll(pPager->pPCache);
+  sqlite3PcacheTruncate(pPager->pPCache, pPager->dbSize);
+
+  if( pagerUseWal(pPager) ){
+    /* Drop the WAL write-lock, if any. Also, if the connection was in 
+    ** locking_mode=exclusive mode but is no longer, drop the EXCLUSIVE 
+    ** lock held on the database file.
+    */
+    rc2 = sqlite3WalEndWriteTransaction(pPager->pWal);
+    assert( rc2==SQLITE_OK );
+  }else if( rc==SQLITE_OK && bCommit && pPager->dbFileSize>pPager->dbSize ){
+    /* This branch is taken when committing a transaction in rollback-journal
+    ** mode if the database file on disk is larger than the database image.
+    ** At this point the journal has been finalized and the transaction 
+    ** successfully committed, but the EXCLUSIVE lock is still held on the
+    ** file. So it is safe to truncate the database file to its minimum
+    ** required size.  */
+    assert( pPager->eLock==EXCLUSIVE_LOCK );
+    rc = pager_truncate(pPager, pPager->dbSize);
+  }
+
+  if( rc==SQLITE_OK && bCommit && isOpen(pPager->fd) ){
+    rc = sqlite3OsFileControl(pPager->fd, SQLITE_FCNTL_COMMIT_PHASETWO, 0);
+    if( rc==SQLITE_NOTFOUND ) rc = SQLITE_OK;
+  }
+
+  if( !pPager->exclusiveMode 
+   && (!pagerUseWal(pPager) || sqlite3WalExclusiveMode(pPager->pWal, 0))
+  ){
+    rc2 = pagerUnlockDb(pPager, SHARED_LOCK);
+    pPager->changeCountDone = 0;
+  }
+  pPager->eState = PAGER_READER;
+  pPager->setMaster = 0;
+
+  return (rc==SQLITE_OK?rc2:rc);
+}
+
+/*
+** Execute a rollback if a transaction is active and unlock the 
+** database file. 
+**
+** If the pager has already entered the ERROR state, do not attempt 
+** the rollback at this time. Instead, pager_unlock() is called. The
+** call to pager_unlock() will discard all in-memory pages, unlock
+** the database file and move the pager back to OPEN state. If this 
+** means that there is a hot-journal left in the file-system, the next 
+** connection to obtain a shared lock on the pager (which may be this one) 
+** will roll it back.
+**
+** If the pager has not already entered the ERROR state, but an IO or
+** malloc error occurs during a rollback, then this will itself cause 
+** the pager to enter the ERROR state. Which will be cleared by the
+** call to pager_unlock(), as described above.
+*/
+static void pagerUnlockAndRollback(Pager *pPager){
+  if( pPager->eState!=PAGER_ERROR && pPager->eState!=PAGER_OPEN ){
+    assert( assert_pager_state(pPager) );
+    if( pPager->eState>=PAGER_WRITER_LOCKED ){
+      sqlite3BeginBenignMalloc();
+      sqlite3PagerRollback(pPager);
+      sqlite3EndBenignMalloc();
+    }else if( !pPager->exclusiveMode ){
+      assert( pPager->eState==PAGER_READER );
+      pager_end_transaction(pPager, 0, 0);
+    }
+  }
+  pager_unlock(pPager);
+}
+
+/*
+** Parameter aData must point to a buffer of pPager->pageSize bytes
+** of data. Compute and return a checksum based ont the contents of the 
+** page of data and the current value of pPager->cksumInit.
+**
+** This is not a real checksum. It is really just the sum of the 
+** random initial value (pPager->cksumInit) and every 200th byte
+** of the page data, starting with byte offset (pPager->pageSize%200).
+** Each byte is interpreted as an 8-bit unsigned integer.
+**
+** Changing the formula used to compute this checksum results in an
+** incompatible journal file format.
+**
+** If journal corruption occurs due to a power failure, the most likely 
+** scenario is that one end or the other of the record will be changed. 
+** It is much less likely that the two ends of the journal record will be
+** correct and the middle be corrupt.  Thus, this "checksum" scheme,
+** though fast and simple, catches the mostly likely kind of corruption.
+*/
+static u32 pager_cksum(Pager *pPager, const u8 *aData){
+  u32 cksum = pPager->cksumInit;         /* Checksum value to return */
+  int i = pPager->pageSize-200;          /* Loop counter */
+  while( i>0 ){
+    cksum += aData[i];
+    i -= 200;
+  }
+  return cksum;
+}
+
+/*
+** Report the current page size and number of reserved bytes back
+** to the codec.
+*/
+#ifdef SQLITE_HAS_CODEC
+static void pagerReportSize(Pager *pPager){
+  if( pPager->xCodecSizeChng ){
+    pPager->xCodecSizeChng(pPager->pCodec, pPager->pageSize,
+                           (int)pPager->nReserve);
+  }
+}
+#else
+# define pagerReportSize(X)     /* No-op if we do not support a codec */
+#endif
+
+#ifdef SQLITE_HAS_CODEC
+/*
+** Make sure the number of reserved bits is the same in the destination
+** pager as it is in the source.  This comes up when a VACUUM changes the
+** number of reserved bits to the "optimal" amount.
+*/
+SQLITE_PRIVATE void sqlite3PagerAlignReserve(Pager *pDest, Pager *pSrc){
+  if( pDest->nReserve!=pSrc->nReserve ){
+    pDest->nReserve = pSrc->nReserve;
+    pagerReportSize(pDest);
+  }
+}
+#endif
+
+/*
+** Read a single page from either the journal file (if isMainJrnl==1) or
+** from the sub-journal (if isMainJrnl==0) and playback that page.
+** The page begins at offset *pOffset into the file. The *pOffset
+** value is increased to the start of the next page in the journal.
+**
+** The main rollback journal uses checksums - the statement journal does 
+** not.
+**
+** If the page number of the page record read from the (sub-)journal file
+** is greater than the current value of Pager.dbSize, then playback is
+** skipped and SQLITE_OK is returned.
+**
+** If pDone is not NULL, then it is a record of pages that have already
+** been played back.  If the page at *pOffset has already been played back
+** (if the corresponding pDone bit is set) then skip the playback.
+** Make sure the pDone bit corresponding to the *pOffset page is set
+** prior to returning.
+**
+** If the page record is successfully read from the (sub-)journal file
+** and played back, then SQLITE_OK is returned. If an IO error occurs
+** while reading the record from the (sub-)journal file or while writing
+** to the database file, then the IO error code is returned. If data
+** is successfully read from the (sub-)journal file but appears to be
+** corrupted, SQLITE_DONE is returned. Data is considered corrupted in
+** two circumstances:
+** 
+**   * If the record page-number is illegal (0 or PAGER_MJ_PGNO), or
+**   * If the record is being rolled back from the main journal file
+**     and the checksum field does not match the record content.
+**
+** Neither of these two scenarios are possible during a savepoint rollback.
+**
+** If this is a savepoint rollback, then memory may have to be dynamically
+** allocated by this function. If this is the case and an allocation fails,
+** SQLITE_NOMEM is returned.
+*/
+static int pager_playback_one_page(
+  Pager *pPager,                /* The pager being played back */
+  i64 *pOffset,                 /* Offset of record to playback */
+  Bitvec *pDone,                /* Bitvec of pages already played back */
+  int isMainJrnl,               /* 1 -> main journal. 0 -> sub-journal. */
+  int isSavepnt                 /* True for a savepoint rollback */
+){
+  int rc;
+  PgHdr *pPg;                   /* An existing page in the cache */
+  Pgno pgno;                    /* The page number of a page in journal */
+  u32 cksum;                    /* Checksum used for sanity checking */
+  char *aData;                  /* Temporary storage for the page */
+  sqlite3_file *jfd;            /* The file descriptor for the journal file */
+  int isSynced;                 /* True if journal page is synced */
+
+  assert( (isMainJrnl&~1)==0 );      /* isMainJrnl is 0 or 1 */
+  assert( (isSavepnt&~1)==0 );       /* isSavepnt is 0 or 1 */
+  assert( isMainJrnl || pDone );     /* pDone always used on sub-journals */
+  assert( isSavepnt || pDone==0 );   /* pDone never used on non-savepoint */
+
+  aData = pPager->pTmpSpace;
+  assert( aData );         /* Temp storage must have already been allocated */
+  assert( pagerUseWal(pPager)==0 || (!isMainJrnl && isSavepnt) );
+
+  /* Either the state is greater than PAGER_WRITER_CACHEMOD (a transaction 
+  ** or savepoint rollback done at the request of the caller) or this is
+  ** a hot-journal rollback. If it is a hot-journal rollback, the pager
+  ** is in state OPEN and holds an EXCLUSIVE lock. Hot-journal rollback
+  ** only reads from the main journal, not the sub-journal.
+  */
+  assert( pPager->eState>=PAGER_WRITER_CACHEMOD
+       || (pPager->eState==PAGER_OPEN && pPager->eLock==EXCLUSIVE_LOCK)
+  );
+  assert( pPager->eState>=PAGER_WRITER_CACHEMOD || isMainJrnl );
+
+  /* Read the page number and page data from the journal or sub-journal
+  ** file. Return an error code to the caller if an IO error occurs.
+  */
+  jfd = isMainJrnl ? pPager->jfd : pPager->sjfd;
+  rc = read32bits(jfd, *pOffset, &pgno);
+  if( rc!=SQLITE_OK ) return rc;
+  rc = sqlite3OsRead(jfd, (u8*)aData, pPager->pageSize, (*pOffset)+4);
+  if( rc!=SQLITE_OK ) return rc;
+  *pOffset += pPager->pageSize + 4 + isMainJrnl*4;
+
+  /* Sanity checking on the page.  This is more important that I originally
+  ** thought.  If a power failure occurs while the journal is being written,
+  ** it could cause invalid data to be written into the journal.  We need to
+  ** detect this invalid data (with high probability) and ignore it.
+  */
+  if( pgno==0 || pgno==PAGER_MJ_PGNO(pPager) ){
+    assert( !isSavepnt );
+    return SQLITE_DONE;
+  }
+  if( pgno>(Pgno)pPager->dbSize || sqlite3BitvecTest(pDone, pgno) ){
+    return SQLITE_OK;
+  }
+  if( isMainJrnl ){
+    rc = read32bits(jfd, (*pOffset)-4, &cksum);
+    if( rc ) return rc;
+    if( !isSavepnt && pager_cksum(pPager, (u8*)aData)!=cksum ){
+      return SQLITE_DONE;
+    }
+  }
+
+  /* If this page has already been played back before during the current
+  ** rollback, then don't bother to play it back again.
+  */
+  if( pDone && (rc = sqlite3BitvecSet(pDone, pgno))!=SQLITE_OK ){
+    return rc;
+  }
+
+  /* When playing back page 1, restore the nReserve setting
+  */
+  if( pgno==1 && pPager->nReserve!=((u8*)aData)[20] ){
+    pPager->nReserve = ((u8*)aData)[20];
+    pagerReportSize(pPager);
+  }
+
+  /* If the pager is in CACHEMOD state, then there must be a copy of this
+  ** page in the pager cache. In this case just update the pager cache,
+  ** not the database file. The page is left marked dirty in this case.
+  **
+  ** An exception to the above rule: If the database is in no-sync mode
+  ** and a page is moved during an incremental vacuum then the page may
+  ** not be in the pager cache. Later: if a malloc() or IO error occurs
+  ** during a Movepage() call, then the page may not be in the cache
+  ** either. So the condition described in the above paragraph is not
+  ** assert()able.
+  **
+  ** If in WRITER_DBMOD, WRITER_FINISHED or OPEN state, then we update the
+  ** pager cache if it exists and the main file. The page is then marked 
+  ** not dirty. Since this code is only executed in PAGER_OPEN state for
+  ** a hot-journal rollback, it is guaranteed that the page-cache is empty
+  ** if the pager is in OPEN state.
+  **
+  ** Ticket #1171:  The statement journal might contain page content that is
+  ** different from the page content at the start of the transaction.
+  ** This occurs when a page is changed prior to the start of a statement
+  ** then changed again within the statement.  When rolling back such a
+  ** statement we must not write to the original database unless we know
+  ** for certain that original page contents are synced into the main rollback
+  ** journal.  Otherwise, a power loss might leave modified data in the
+  ** database file without an entry in the rollback journal that can
+  ** restore the database to its original form.  Two conditions must be
+  ** met before writing to the database files. (1) the database must be
+  ** locked.  (2) we know that the original page content is fully synced
+  ** in the main journal either because the page is not in cache or else
+  ** the page is marked as needSync==0.
+  **
+  ** 2008-04-14:  When attempting to vacuum a corrupt database file, it
+  ** is possible to fail a statement on a database that does not yet exist.
+  ** Do not attempt to write if database file has never been opened.
+  */
+  if( pagerUseWal(pPager) ){
+    pPg = 0;
+  }else{
+    pPg = sqlite3PagerLookup(pPager, pgno);
+  }
+  assert( pPg || !MEMDB );
+  assert( pPager->eState!=PAGER_OPEN || pPg==0 );
+  PAGERTRACE(("PLAYBACK %d page %d hash(%08x) %s\n",
+           PAGERID(pPager), pgno, pager_datahash(pPager->pageSize, (u8*)aData),
+           (isMainJrnl?"main-journal":"sub-journal")
+  ));
+  if( isMainJrnl ){
+    isSynced = pPager->noSync || (*pOffset <= pPager->journalHdr);
+  }else{
+    isSynced = (pPg==0 || 0==(pPg->flags & PGHDR_NEED_SYNC));
+  }
+  if( isOpen(pPager->fd)
+   && (pPager->eState>=PAGER_WRITER_DBMOD || pPager->eState==PAGER_OPEN)
+   && isSynced
+  ){
+    i64 ofst = (pgno-1)*(i64)pPager->pageSize;
+    testcase( !isSavepnt && pPg!=0 && (pPg->flags&PGHDR_NEED_SYNC)!=0 );
+    assert( !pagerUseWal(pPager) );
+    rc = sqlite3OsWrite(pPager->fd, (u8 *)aData, pPager->pageSize, ofst);
+    if( pgno>pPager->dbFileSize ){
+      pPager->dbFileSize = pgno;
+    }
+    if( pPager->pBackup ){
+      CODEC1(pPager, aData, pgno, 3, rc=SQLITE_NOMEM);
+      sqlite3BackupUpdate(pPager->pBackup, pgno, (u8*)aData);
+      CODEC2(pPager, aData, pgno, 7, rc=SQLITE_NOMEM, aData);
+    }
+  }else if( !isMainJrnl && pPg==0 ){
+    /* If this is a rollback of a savepoint and data was not written to
+    ** the database and the page is not in-memory, there is a potential
+    ** problem. When the page is next fetched by the b-tree layer, it 
+    ** will be read from the database file, which may or may not be 
+    ** current. 
+    **
+    ** There are a couple of different ways this can happen. All are quite
+    ** obscure. When running in synchronous mode, this can only happen 
+    ** if the page is on the free-list at the start of the transaction, then
+    ** populated, then moved using sqlite3PagerMovepage().
+    **
+    ** The solution is to add an in-memory page to the cache containing
+    ** the data just read from the sub-journal. Mark the page as dirty 
+    ** and if the pager requires a journal-sync, then mark the page as 
+    ** requiring a journal-sync before it is written.
+    */
+    assert( isSavepnt );
+    assert( (pPager->doNotSpill & SPILLFLAG_ROLLBACK)==0 );
+    pPager->doNotSpill |= SPILLFLAG_ROLLBACK;
+    rc = sqlite3PagerGet(pPager, pgno, &pPg, 1);
+    assert( (pPager->doNotSpill & SPILLFLAG_ROLLBACK)!=0 );
+    pPager->doNotSpill &= ~SPILLFLAG_ROLLBACK;
+    if( rc!=SQLITE_OK ) return rc;
+    pPg->flags &= ~PGHDR_NEED_READ;
+    sqlite3PcacheMakeDirty(pPg);
+  }
+  if( pPg ){
+    /* No page should ever be explicitly rolled back that is in use, except
+    ** for page 1 which is held in use in order to keep the lock on the
+    ** database active. However such a page may be rolled back as a result
+    ** of an internal error resulting in an automatic call to
+    ** sqlite3PagerRollback().
+    */
+    void *pData;
+    pData = pPg->pData;
+    memcpy(pData, (u8*)aData, pPager->pageSize);
+    pPager->xReiniter(pPg);
+    if( isMainJrnl && (!isSavepnt || *pOffset<=pPager->journalHdr) ){
+      /* If the contents of this page were just restored from the main 
+      ** journal file, then its content must be as they were when the 
+      ** transaction was first opened. In this case we can mark the page
+      ** as clean, since there will be no need to write it out to the
+      ** database.
+      **
+      ** There is one exception to this rule. If the page is being rolled
+      ** back as part of a savepoint (or statement) rollback from an 
+      ** unsynced portion of the main journal file, then it is not safe
+      ** to mark the page as clean. This is because marking the page as
+      ** clean will clear the PGHDR_NEED_SYNC flag. Since the page is
+      ** already in the journal file (recorded in Pager.pInJournal) and
+      ** the PGHDR_NEED_SYNC flag is cleared, if the page is written to
+      ** again within this transaction, it will be marked as dirty but
+      ** the PGHDR_NEED_SYNC flag will not be set. It could then potentially
+      ** be written out into the database file before its journal file
+      ** segment is synced. If a crash occurs during or following this,
+      ** database corruption may ensue.
+      */
+      assert( !pagerUseWal(pPager) );
+      sqlite3PcacheMakeClean(pPg);
+    }
+    pager_set_pagehash(pPg);
+
+    /* If this was page 1, then restore the value of Pager.dbFileVers.
+    ** Do this before any decoding. */
+    if( pgno==1 ){
+      memcpy(&pPager->dbFileVers, &((u8*)pData)[24],sizeof(pPager->dbFileVers));
+    }
+
+    /* Decode the page just read from disk */
+    CODEC1(pPager, pData, pPg->pgno, 3, rc=SQLITE_NOMEM);
+    sqlite3PcacheRelease(pPg);
+  }
+  return rc;
+}
+
+/*
+** Parameter zMaster is the name of a master journal file. A single journal
+** file that referred to the master journal file has just been rolled back.
+** This routine checks if it is possible to delete the master journal file,
+** and does so if it is.
+**
+** Argument zMaster may point to Pager.pTmpSpace. So that buffer is not 
+** available for use within this function.
+**
+** When a master journal file is created, it is populated with the names 
+** of all of its child journals, one after another, formatted as utf-8 
+** encoded text. The end of each child journal file is marked with a 
+** nul-terminator byte (0x00). i.e. the entire contents of a master journal
+** file for a transaction involving two databases might be:
+**
+**   "/home/bill/a.db-journal\x00/home/bill/b.db-journal\x00"
+**
+** A master journal file may only be deleted once all of its child 
+** journals have been rolled back.
+**
+** This function reads the contents of the master-journal file into 
+** memory and loops through each of the child journal names. For
+** each child journal, it checks if:
+**
+**   * if the child journal exists, and if so
+**   * if the child journal contains a reference to master journal 
+**     file zMaster
+**
+** If a child journal can be found that matches both of the criteria
+** above, this function returns without doing anything. Otherwise, if
+** no such child journal can be found, file zMaster is deleted from
+** the file-system using sqlite3OsDelete().
+**
+** If an IO error within this function, an error code is returned. This
+** function allocates memory by calling sqlite3Malloc(). If an allocation
+** fails, SQLITE_NOMEM is returned. Otherwise, if no IO or malloc errors 
+** occur, SQLITE_OK is returned.
+**
+** TODO: This function allocates a single block of memory to load
+** the entire contents of the master journal file. This could be
+** a couple of kilobytes or so - potentially larger than the page 
+** size.
+*/
+static int pager_delmaster(Pager *pPager, const char *zMaster){
+  sqlite3_vfs *pVfs = pPager->pVfs;
+  int rc;                   /* Return code */
+  sqlite3_file *pMaster;    /* Malloc'd master-journal file descriptor */
+  sqlite3_file *pJournal;   /* Malloc'd child-journal file descriptor */
+  char *zMasterJournal = 0; /* Contents of master journal file */
+  i64 nMasterJournal;       /* Size of master journal file */
+  char *zJournal;           /* Pointer to one journal within MJ file */
+  char *zMasterPtr;         /* Space to hold MJ filename from a journal file */
+  int nMasterPtr;           /* Amount of space allocated to zMasterPtr[] */
+
+  /* Allocate space for both the pJournal and pMaster file descriptors.
+  ** If successful, open the master journal file for reading.
+  */
+  pMaster = (sqlite3_file *)sqlite3MallocZero(pVfs->szOsFile * 2);
+  pJournal = (sqlite3_file *)(((u8 *)pMaster) + pVfs->szOsFile);
+  if( !pMaster ){
+    rc = SQLITE_NOMEM;
+  }else{
+    const int flags = (SQLITE_OPEN_READONLY|SQLITE_OPEN_MASTER_JOURNAL);
+    rc = sqlite3OsOpen(pVfs, zMaster, pMaster, flags, 0);
+  }
+  if( rc!=SQLITE_OK ) goto delmaster_out;
+
+  /* Load the entire master journal file into space obtained from
+  ** sqlite3_malloc() and pointed to by zMasterJournal.   Also obtain
+  ** sufficient space (in zMasterPtr) to hold the names of master
+  ** journal files extracted from regular rollback-journals.
+  */
+  rc = sqlite3OsFileSize(pMaster, &nMasterJournal);
+  if( rc!=SQLITE_OK ) goto delmaster_out;
+  nMasterPtr = pVfs->mxPathname+1;
+  zMasterJournal = sqlite3Malloc(nMasterJournal + nMasterPtr + 1);
+  if( !zMasterJournal ){
+    rc = SQLITE_NOMEM;
+    goto delmaster_out;
+  }
+  zMasterPtr = &zMasterJournal[nMasterJournal+1];
+  rc = sqlite3OsRead(pMaster, zMasterJournal, (int)nMasterJournal, 0);
+  if( rc!=SQLITE_OK ) goto delmaster_out;
+  zMasterJournal[nMasterJournal] = 0;
+
+  zJournal = zMasterJournal;
+  while( (zJournal-zMasterJournal)<nMasterJournal ){
+    int exists;
+    rc = sqlite3OsAccess(pVfs, zJournal, SQLITE_ACCESS_EXISTS, &exists);
+    if( rc!=SQLITE_OK ){
+      goto delmaster_out;
+    }
+    if( exists ){
+      /* One of the journals pointed to by the master journal exists.
+      ** Open it and check if it points at the master journal. If
+      ** so, return without deleting the master journal file.
+      */
+      int c;
+      int flags = (SQLITE_OPEN_READONLY|SQLITE_OPEN_MAIN_JOURNAL);
+      rc = sqlite3OsOpen(pVfs, zJournal, pJournal, flags, 0);
+      if( rc!=SQLITE_OK ){
+        goto delmaster_out;
+      }
+
+      rc = readMasterJournal(pJournal, zMasterPtr, nMasterPtr);
+      sqlite3OsClose(pJournal);
+      if( rc!=SQLITE_OK ){
+        goto delmaster_out;
+      }
+
+      c = zMasterPtr[0]!=0 && strcmp(zMasterPtr, zMaster)==0;
+      if( c ){
+        /* We have a match. Do not delete the master journal file. */
+        goto delmaster_out;
+      }
+    }
+    zJournal += (sqlite3Strlen30(zJournal)+1);
+  }
+ 
+  sqlite3OsClose(pMaster);
+  rc = sqlite3OsDelete(pVfs, zMaster, 0);
+
+delmaster_out:
+  sqlite3_free(zMasterJournal);
+  if( pMaster ){
+    sqlite3OsClose(pMaster);
+    assert( !isOpen(pJournal) );
+    sqlite3_free(pMaster);
+  }
+  return rc;
+}
+
+
+/*
+** This function is used to change the actual size of the database 
+** file in the file-system. This only happens when committing a transaction,
+** or rolling back a transaction (including rolling back a hot-journal).
+**
+** If the main database file is not open, or the pager is not in either
+** DBMOD or OPEN state, this function is a no-op. Otherwise, the size 
+** of the file is changed to nPage pages (nPage*pPager->pageSize bytes). 
+** If the file on disk is currently larger than nPage pages, then use the VFS
+** xTruncate() method to truncate it.
+**
+** Or, it might be the case that the file on disk is smaller than 
+** nPage pages. Some operating system implementations can get confused if 
+** you try to truncate a file to some size that is larger than it 
+** currently is, so detect this case and write a single zero byte to 
+** the end of the new file instead.
+**
+** If successful, return SQLITE_OK. If an IO error occurs while modifying
+** the database file, return the error code to the caller.
+*/
+static int pager_truncate(Pager *pPager, Pgno nPage){
+  int rc = SQLITE_OK;
+  assert( pPager->eState!=PAGER_ERROR );
+  assert( pPager->eState!=PAGER_READER );
+  
+  if( isOpen(pPager->fd) 
+   && (pPager->eState>=PAGER_WRITER_DBMOD || pPager->eState==PAGER_OPEN) 
+  ){
+    i64 currentSize, newSize;
+    int szPage = pPager->pageSize;
+    assert( pPager->eLock==EXCLUSIVE_LOCK );
+    /* TODO: Is it safe to use Pager.dbFileSize here? */
+    rc = sqlite3OsFileSize(pPager->fd, &currentSize);
+    newSize = szPage*(i64)nPage;
+    if( rc==SQLITE_OK && currentSize!=newSize ){
+      if( currentSize>newSize ){
+        rc = sqlite3OsTruncate(pPager->fd, newSize);
+      }else if( (currentSize+szPage)<=newSize ){
+        char *pTmp = pPager->pTmpSpace;
+        memset(pTmp, 0, szPage);
+        testcase( (newSize-szPage) == currentSize );
+        testcase( (newSize-szPage) >  currentSize );
+        rc = sqlite3OsWrite(pPager->fd, pTmp, szPage, newSize-szPage);
+      }
+      if( rc==SQLITE_OK ){
+        pPager->dbFileSize = nPage;
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Return a sanitized version of the sector-size of OS file pFile. The
+** return value is guaranteed to lie between 32 and MAX_SECTOR_SIZE.
+*/
+SQLITE_PRIVATE int sqlite3SectorSize(sqlite3_file *pFile){
+  int iRet = sqlite3OsSectorSize(pFile);
+  if( iRet<32 ){
+    iRet = 512;
+  }else if( iRet>MAX_SECTOR_SIZE ){
+    assert( MAX_SECTOR_SIZE>=512 );
+    iRet = MAX_SECTOR_SIZE;
+  }
+  return iRet;
+}
+
+/*
+** Set the value of the Pager.sectorSize variable for the given
+** pager based on the value returned by the xSectorSize method
+** of the open database file. The sector size will be used 
+** to determine the size and alignment of journal header and 
+** master journal pointers within created journal files.
+**
+** For temporary files the effective sector size is always 512 bytes.
+**
+** Otherwise, for non-temporary files, the effective sector size is
+** the value returned by the xSectorSize() method rounded up to 32 if
+** it is less than 32, or rounded down to MAX_SECTOR_SIZE if it
+** is greater than MAX_SECTOR_SIZE.
+**
+** If the file has the SQLITE_IOCAP_POWERSAFE_OVERWRITE property, then set
+** the effective sector size to its minimum value (512).  The purpose of
+** pPager->sectorSize is to define the "blast radius" of bytes that
+** might change if a crash occurs while writing to a single byte in
+** that range.  But with POWERSAFE_OVERWRITE, the blast radius is zero
+** (that is what POWERSAFE_OVERWRITE means), so we minimize the sector
+** size.  For backwards compatibility of the rollback journal file format,
+** we cannot reduce the effective sector size below 512.
+*/
+static void setSectorSize(Pager *pPager){
+  assert( isOpen(pPager->fd) || pPager->tempFile );
+
+  if( pPager->tempFile
+   || (sqlite3OsDeviceCharacteristics(pPager->fd) & 
+              SQLITE_IOCAP_POWERSAFE_OVERWRITE)!=0
+  ){
+    /* Sector size doesn't matter for temporary files. Also, the file
+    ** may not have been opened yet, in which case the OsSectorSize()
+    ** call will segfault. */
+    pPager->sectorSize = 512;
+  }else{
+    pPager->sectorSize = sqlite3SectorSize(pPager->fd);
+  }
+}
+
+/*
+** Playback the journal and thus restore the database file to
+** the state it was in before we started making changes.  
+**
+** The journal file format is as follows: 
+**
+**  (1)  8 byte prefix.  A copy of aJournalMagic[].
+**  (2)  4 byte big-endian integer which is the number of valid page records
+**       in the journal.  If this value is 0xffffffff, then compute the
+**       number of page records from the journal size.
+**  (3)  4 byte big-endian integer which is the initial value for the 
+**       sanity checksum.
+**  (4)  4 byte integer which is the number of pages to truncate the
+**       database to during a rollback.
+**  (5)  4 byte big-endian integer which is the sector size.  The header
+**       is this many bytes in size.
+**  (6)  4 byte big-endian integer which is the page size.
+**  (7)  zero padding out to the next sector size.
+**  (8)  Zero or more pages instances, each as follows:
+**        +  4 byte page number.
+**        +  pPager->pageSize bytes of data.
+**        +  4 byte checksum
+**
+** When we speak of the journal header, we mean the first 7 items above.
+** Each entry in the journal is an instance of the 8th item.
+**
+** Call the value from the second bullet "nRec".  nRec is the number of
+** valid page entries in the journal.  In most cases, you can compute the
+** value of nRec from the size of the journal file.  But if a power
+** failure occurred while the journal was being written, it could be the
+** case that the size of the journal file had already been increased but
+** the extra entries had not yet made it safely to disk.  In such a case,
+** the value of nRec computed from the file size would be too large.  For
+** that reason, we always use the nRec value in the header.
+**
+** If the nRec value is 0xffffffff it means that nRec should be computed
+** from the file size.  This value is used when the user selects the
+** no-sync option for the journal.  A power failure could lead to corruption
+** in this case.  But for things like temporary table (which will be
+** deleted when the power is restored) we don't care.  
+**
+** If the file opened as the journal file is not a well-formed
+** journal file then all pages up to the first corrupted page are rolled
+** back (or no pages if the journal header is corrupted). The journal file
+** is then deleted and SQLITE_OK returned, just as if no corruption had
+** been encountered.
+**
+** If an I/O or malloc() error occurs, the journal-file is not deleted
+** and an error code is returned.
+**
+** The isHot parameter indicates that we are trying to rollback a journal
+** that might be a hot journal.  Or, it could be that the journal is 
+** preserved because of JOURNALMODE_PERSIST or JOURNALMODE_TRUNCATE.
+** If the journal really is hot, reset the pager cache prior rolling
+** back any content.  If the journal is merely persistent, no reset is
+** needed.
+*/
+static int pager_playback(Pager *pPager, int isHot){
+  sqlite3_vfs *pVfs = pPager->pVfs;
+  i64 szJ;                 /* Size of the journal file in bytes */
+  u32 nRec;                /* Number of Records in the journal */
+  u32 u;                   /* Unsigned loop counter */
+  Pgno mxPg = 0;           /* Size of the original file in pages */
+  int rc;                  /* Result code of a subroutine */
+  int res = 1;             /* Value returned by sqlite3OsAccess() */
+  char *zMaster = 0;       /* Name of master journal file if any */
+  int needPagerReset;      /* True to reset page prior to first page rollback */
+  int nPlayback = 0;       /* Total number of pages restored from journal */
+
+  /* Figure out how many records are in the journal.  Abort early if
+  ** the journal is empty.
+  */
+  assert( isOpen(pPager->jfd) );
+  rc = sqlite3OsFileSize(pPager->jfd, &szJ);
+  if( rc!=SQLITE_OK ){
+    goto end_playback;
+  }
+
+  /* Read the master journal name from the journal, if it is present.
+  ** If a master journal file name is specified, but the file is not
+  ** present on disk, then the journal is not hot and does not need to be
+  ** played back.
+  **
+  ** TODO: Technically the following is an error because it assumes that
+  ** buffer Pager.pTmpSpace is (mxPathname+1) bytes or larger. i.e. that
+  ** (pPager->pageSize >= pPager->pVfs->mxPathname+1). Using os_unix.c,
+  **  mxPathname is 512, which is the same as the minimum allowable value
+  ** for pageSize.
+  */
+  zMaster = pPager->pTmpSpace;
+  rc = readMasterJournal(pPager->jfd, zMaster, pPager->pVfs->mxPathname+1);
+  if( rc==SQLITE_OK && zMaster[0] ){
+    rc = sqlite3OsAccess(pVfs, zMaster, SQLITE_ACCESS_EXISTS, &res);
+  }
+  zMaster = 0;
+  if( rc!=SQLITE_OK || !res ){
+    goto end_playback;
+  }
+  pPager->journalOff = 0;
+  needPagerReset = isHot;
+
+  /* This loop terminates either when a readJournalHdr() or 
+  ** pager_playback_one_page() call returns SQLITE_DONE or an IO error 
+  ** occurs. 
+  */
+  while( 1 ){
+    /* Read the next journal header from the journal file.  If there are
+    ** not enough bytes left in the journal file for a complete header, or
+    ** it is corrupted, then a process must have failed while writing it.
+    ** This indicates nothing more needs to be rolled back.
+    */
+    rc = readJournalHdr(pPager, isHot, szJ, &nRec, &mxPg);
+    if( rc!=SQLITE_OK ){ 
+      if( rc==SQLITE_DONE ){
+        rc = SQLITE_OK;
+      }
+      goto end_playback;
+    }
+
+    /* If nRec is 0xffffffff, then this journal was created by a process
+    ** working in no-sync mode. This means that the rest of the journal
+    ** file consists of pages, there are no more journal headers. Compute
+    ** the value of nRec based on this assumption.
+    */
+    if( nRec==0xffffffff ){
+      assert( pPager->journalOff==JOURNAL_HDR_SZ(pPager) );
+      nRec = (int)((szJ - JOURNAL_HDR_SZ(pPager))/JOURNAL_PG_SZ(pPager));
+    }
+
+    /* If nRec is 0 and this rollback is of a transaction created by this
+    ** process and if this is the final header in the journal, then it means
+    ** that this part of the journal was being filled but has not yet been
+    ** synced to disk.  Compute the number of pages based on the remaining
+    ** size of the file.
+    **
+    ** The third term of the test was added to fix ticket #2565.
+    ** When rolling back a hot journal, nRec==0 always means that the next
+    ** chunk of the journal contains zero pages to be rolled back.  But
+    ** when doing a ROLLBACK and the nRec==0 chunk is the last chunk in
+    ** the journal, it means that the journal might contain additional
+    ** pages that need to be rolled back and that the number of pages 
+    ** should be computed based on the journal file size.
+    */
+    if( nRec==0 && !isHot &&
+        pPager->journalHdr+JOURNAL_HDR_SZ(pPager)==pPager->journalOff ){
+      nRec = (int)((szJ - pPager->journalOff) / JOURNAL_PG_SZ(pPager));
+    }
+
+    /* If this is the first header read from the journal, truncate the
+    ** database file back to its original size.
+    */
+    if( pPager->journalOff==JOURNAL_HDR_SZ(pPager) ){
+      rc = pager_truncate(pPager, mxPg);
+      if( rc!=SQLITE_OK ){
+        goto end_playback;
+      }
+      pPager->dbSize = mxPg;
+    }
+
+    /* Copy original pages out of the journal and back into the 
+    ** database file and/or page cache.
+    */
+    for(u=0; u<nRec; u++){
+      if( needPagerReset ){
+        pager_reset(pPager);
+        needPagerReset = 0;
+      }
+      rc = pager_playback_one_page(pPager,&pPager->journalOff,0,1,0);
+      if( rc==SQLITE_OK ){
+        nPlayback++;
+      }else{
+        if( rc==SQLITE_DONE ){
+          pPager->journalOff = szJ;
+          break;
+        }else if( rc==SQLITE_IOERR_SHORT_READ ){
+          /* If the journal has been truncated, simply stop reading and
+          ** processing the journal. This might happen if the journal was
+          ** not completely written and synced prior to a crash.  In that
+          ** case, the database should have never been written in the
+          ** first place so it is OK to simply abandon the rollback. */
+          rc = SQLITE_OK;
+          goto end_playback;
+        }else{
+          /* If we are unable to rollback, quit and return the error
+          ** code.  This will cause the pager to enter the error state
+          ** so that no further harm will be done.  Perhaps the next
+          ** process to come along will be able to rollback the database.
+          */
+          goto end_playback;
+        }
+      }
+    }
+  }
+  /*NOTREACHED*/
+  assert( 0 );
+
+end_playback:
+  /* Following a rollback, the database file should be back in its original
+  ** state prior to the start of the transaction, so invoke the
+  ** SQLITE_FCNTL_DB_UNCHANGED file-control method to disable the
+  ** assertion that the transaction counter was modified.
+  */
+#ifdef SQLITE_DEBUG
+  if( pPager->fd->pMethods ){
+    sqlite3OsFileControlHint(pPager->fd,SQLITE_FCNTL_DB_UNCHANGED,0);
+  }
+#endif
+
+  /* If this playback is happening automatically as a result of an IO or 
+  ** malloc error that occurred after the change-counter was updated but 
+  ** before the transaction was committed, then the change-counter 
+  ** modification may just have been reverted. If this happens in exclusive 
+  ** mode, then subsequent transactions performed by the connection will not
+  ** update the change-counter at all. This may lead to cache inconsistency
+  ** problems for other processes at some point in the future. So, just
+  ** in case this has happened, clear the changeCountDone flag now.
+  */
+  pPager->changeCountDone = pPager->tempFile;
+
+  if( rc==SQLITE_OK ){
+    zMaster = pPager->pTmpSpace;
+    rc = readMasterJournal(pPager->jfd, zMaster, pPager->pVfs->mxPathname+1);
+    testcase( rc!=SQLITE_OK );
+  }
+  if( rc==SQLITE_OK
+   && (pPager->eState>=PAGER_WRITER_DBMOD || pPager->eState==PAGER_OPEN)
+  ){
+    rc = sqlite3PagerSync(pPager, 0);
+  }
+  if( rc==SQLITE_OK ){
+    rc = pager_end_transaction(pPager, zMaster[0]!='\0', 0);
+    testcase( rc!=SQLITE_OK );
+  }
+  if( rc==SQLITE_OK && zMaster[0] && res ){
+    /* If there was a master journal and this routine will return success,
+    ** see if it is possible to delete the master journal.
+    */
+    rc = pager_delmaster(pPager, zMaster);
+    testcase( rc!=SQLITE_OK );
+  }
+  if( isHot && nPlayback ){
+    sqlite3_log(SQLITE_NOTICE_RECOVER_ROLLBACK, "recovered %d pages from %s",
+                nPlayback, pPager->zJournal);
+  }
+
+  /* The Pager.sectorSize variable may have been updated while rolling
+  ** back a journal created by a process with a different sector size
+  ** value. Reset it to the correct value for this process.
+  */
+  setSectorSize(pPager);
+  return rc;
+}
+
+
+/*
+** Read the content for page pPg out of the database file and into 
+** pPg->pData. A shared lock or greater must be held on the database
+** file before this function is called.
+**
+** If page 1 is read, then the value of Pager.dbFileVers[] is set to
+** the value read from the database file.
+**
+** If an IO error occurs, then the IO error is returned to the caller.
+** Otherwise, SQLITE_OK is returned.
+*/
+static int readDbPage(PgHdr *pPg, u32 iFrame){
+  Pager *pPager = pPg->pPager; /* Pager object associated with page pPg */
+  Pgno pgno = pPg->pgno;       /* Page number to read */
+  int rc = SQLITE_OK;          /* Return code */
+  int pgsz = pPager->pageSize; /* Number of bytes to read */
+
+  assert( pPager->eState>=PAGER_READER && !MEMDB );
+  assert( isOpen(pPager->fd) );
+
+#ifndef SQLITE_OMIT_WAL
+  if( iFrame ){
+    /* Try to pull the page from the write-ahead log. */
+    rc = sqlite3WalReadFrame(pPager->pWal, iFrame, pgsz, pPg->pData);
+  }else
+#endif
+  {
+    i64 iOffset = (pgno-1)*(i64)pPager->pageSize;
+    rc = sqlite3OsRead(pPager->fd, pPg->pData, pgsz, iOffset);
+    if( rc==SQLITE_IOERR_SHORT_READ ){
+      rc = SQLITE_OK;
+    }
+  }
+
+  if( pgno==1 ){
+    if( rc ){
+      /* If the read is unsuccessful, set the dbFileVers[] to something
+      ** that will never be a valid file version.  dbFileVers[] is a copy
+      ** of bytes 24..39 of the database.  Bytes 28..31 should always be
+      ** zero or the size of the database in page. Bytes 32..35 and 35..39
+      ** should be page numbers which are never 0xffffffff.  So filling
+      ** pPager->dbFileVers[] with all 0xff bytes should suffice.
+      **
+      ** For an encrypted database, the situation is more complex:  bytes
+      ** 24..39 of the database are white noise.  But the probability of
+      ** white noise equaling 16 bytes of 0xff is vanishingly small so
+      ** we should still be ok.
+      */
+      memset(pPager->dbFileVers, 0xff, sizeof(pPager->dbFileVers));
+    }else{
+      u8 *dbFileVers = &((u8*)pPg->pData)[24];
+      memcpy(&pPager->dbFileVers, dbFileVers, sizeof(pPager->dbFileVers));
+    }
+  }
+  CODEC1(pPager, pPg->pData, pgno, 3, rc = SQLITE_NOMEM);
+
+  PAGER_INCR(sqlite3_pager_readdb_count);
+  PAGER_INCR(pPager->nRead);
+  IOTRACE(("PGIN %p %d\n", pPager, pgno));
+  PAGERTRACE(("FETCH %d page %d hash(%08x)\n",
+               PAGERID(pPager), pgno, pager_pagehash(pPg)));
+
+  return rc;
+}
+
+/*
+** Update the value of the change-counter at offsets 24 and 92 in
+** the header and the sqlite version number at offset 96.
+**
+** This is an unconditional update.  See also the pager_incr_changecounter()
+** routine which only updates the change-counter if the update is actually
+** needed, as determined by the pPager->changeCountDone state variable.
+*/
+static void pager_write_changecounter(PgHdr *pPg){
+  u32 change_counter;
+
+  /* Increment the value just read and write it back to byte 24. */
+  change_counter = sqlite3Get4byte((u8*)pPg->pPager->dbFileVers)+1;
+  put32bits(((char*)pPg->pData)+24, change_counter);
+
+  /* Also store the SQLite version number in bytes 96..99 and in
+  ** bytes 92..95 store the change counter for which the version number
+  ** is valid. */
+  put32bits(((char*)pPg->pData)+92, change_counter);
+  put32bits(((char*)pPg->pData)+96, SQLITE_VERSION_NUMBER);
+}
+
+#ifndef SQLITE_OMIT_WAL
+/*
+** This function is invoked once for each page that has already been 
+** written into the log file when a WAL transaction is rolled back.
+** Parameter iPg is the page number of said page. The pCtx argument 
+** is actually a pointer to the Pager structure.
+**
+** If page iPg is present in the cache, and has no outstanding references,
+** it is discarded. Otherwise, if there are one or more outstanding
+** references, the page content is reloaded from the database. If the
+** attempt to reload content from the database is required and fails, 
+** return an SQLite error code. Otherwise, SQLITE_OK.
+*/
+static int pagerUndoCallback(void *pCtx, Pgno iPg){
+  int rc = SQLITE_OK;
+  Pager *pPager = (Pager *)pCtx;
+  PgHdr *pPg;
+
+  assert( pagerUseWal(pPager) );
+  pPg = sqlite3PagerLookup(pPager, iPg);
+  if( pPg ){
+    if( sqlite3PcachePageRefcount(pPg)==1 ){
+      sqlite3PcacheDrop(pPg);
+    }else{
+      u32 iFrame = 0;
+      rc = sqlite3WalFindFrame(pPager->pWal, pPg->pgno, &iFrame);
+      if( rc==SQLITE_OK ){
+        rc = readDbPage(pPg, iFrame);
+      }
+      if( rc==SQLITE_OK ){
+        pPager->xReiniter(pPg);
+      }
+      sqlite3PagerUnrefNotNull(pPg);
+    }
+  }
+
+  /* Normally, if a transaction is rolled back, any backup processes are
+  ** updated as data is copied out of the rollback journal and into the
+  ** database. This is not generally possible with a WAL database, as
+  ** rollback involves simply truncating the log file. Therefore, if one
+  ** or more frames have already been written to the log (and therefore 
+  ** also copied into the backup databases) as part of this transaction,
+  ** the backups must be restarted.
+  */
+  sqlite3BackupRestart(pPager->pBackup);
+
+  return rc;
+}
+
+/*
+** This function is called to rollback a transaction on a WAL database.
+*/
+static int pagerRollbackWal(Pager *pPager){
+  int rc;                         /* Return Code */
+  PgHdr *pList;                   /* List of dirty pages to revert */
+
+  /* For all pages in the cache that are currently dirty or have already
+  ** been written (but not committed) to the log file, do one of the 
+  ** following:
+  **
+  **   + Discard the cached page (if refcount==0), or
+  **   + Reload page content from the database (if refcount>0).
+  */
+  pPager->dbSize = pPager->dbOrigSize;
+  rc = sqlite3WalUndo(pPager->pWal, pagerUndoCallback, (void *)pPager);
+  pList = sqlite3PcacheDirtyList(pPager->pPCache);
+  while( pList && rc==SQLITE_OK ){
+    PgHdr *pNext = pList->pDirty;
+    rc = pagerUndoCallback((void *)pPager, pList->pgno);
+    pList = pNext;
+  }
+
+  return rc;
+}
+
+/*
+** This function is a wrapper around sqlite3WalFrames(). As well as logging
+** the contents of the list of pages headed by pList (connected by pDirty),
+** this function notifies any active backup processes that the pages have
+** changed. 
+**
+** The list of pages passed into this routine is always sorted by page number.
+** Hence, if page 1 appears anywhere on the list, it will be the first page.
+*/ 
+static int pagerWalFrames(
+  Pager *pPager,                  /* Pager object */
+  PgHdr *pList,                   /* List of frames to log */
+  Pgno nTruncate,                 /* Database size after this commit */
+  int isCommit                    /* True if this is a commit */
+){
+  int rc;                         /* Return code */
+  int nList;                      /* Number of pages in pList */
+  PgHdr *p;                       /* For looping over pages */
+
+  assert( pPager->pWal );
+  assert( pList );
+#ifdef SQLITE_DEBUG
+  /* Verify that the page list is in accending order */
+  for(p=pList; p && p->pDirty; p=p->pDirty){
+    assert( p->pgno < p->pDirty->pgno );
+  }
+#endif
+
+  assert( pList->pDirty==0 || isCommit );
+  if( isCommit ){
+    /* If a WAL transaction is being committed, there is no point in writing
+    ** any pages with page numbers greater than nTruncate into the WAL file.
+    ** They will never be read by any client. So remove them from the pDirty
+    ** list here. */
+    PgHdr **ppNext = &pList;
+    nList = 0;
+    for(p=pList; (*ppNext = p)!=0; p=p->pDirty){
+      if( p->pgno<=nTruncate ){
+        ppNext = &p->pDirty;
+        nList++;
+      }
+    }
+    assert( pList );
+  }else{
+    nList = 1;
+  }
+  pPager->aStat[PAGER_STAT_WRITE] += nList;
+
+  if( pList->pgno==1 ) pager_write_changecounter(pList);
+  rc = sqlite3WalFrames(pPager->pWal, 
+      pPager->pageSize, pList, nTruncate, isCommit, pPager->walSyncFlags
+  );
+  if( rc==SQLITE_OK && pPager->pBackup ){
+    for(p=pList; p; p=p->pDirty){
+      sqlite3BackupUpdate(pPager->pBackup, p->pgno, (u8 *)p->pData);
+    }
+  }
+
+#ifdef SQLITE_CHECK_PAGES
+  pList = sqlite3PcacheDirtyList(pPager->pPCache);
+  for(p=pList; p; p=p->pDirty){
+    pager_set_pagehash(p);
+  }
+#endif
+
+  return rc;
+}
+
+/*
+** Begin a read transaction on the WAL.
+**
+** This routine used to be called "pagerOpenSnapshot()" because it essentially
+** makes a snapshot of the database at the current point in time and preserves
+** that snapshot for use by the reader in spite of concurrently changes by
+** other writers or checkpointers.
+*/
+static int pagerBeginReadTransaction(Pager *pPager){
+  int rc;                         /* Return code */
+  int changed = 0;                /* True if cache must be reset */
+
+  assert( pagerUseWal(pPager) );
+  assert( pPager->eState==PAGER_OPEN || pPager->eState==PAGER_READER );
+
+  /* sqlite3WalEndReadTransaction() was not called for the previous
+  ** transaction in locking_mode=EXCLUSIVE.  So call it now.  If we
+  ** are in locking_mode=NORMAL and EndRead() was previously called,
+  ** the duplicate call is harmless.
+  */
+  sqlite3WalEndReadTransaction(pPager->pWal);
+
+  rc = sqlite3WalBeginReadTransaction(pPager->pWal, &changed);
+  if( rc!=SQLITE_OK || changed ){
+    pager_reset(pPager);
+    if( USEFETCH(pPager) ) sqlite3OsUnfetch(pPager->fd, 0, 0);
+  }
+
+  return rc;
+}
+#endif
+
+/*
+** This function is called as part of the transition from PAGER_OPEN
+** to PAGER_READER state to determine the size of the database file
+** in pages (assuming the page size currently stored in Pager.pageSize).
+**
+** If no error occurs, SQLITE_OK is returned and the size of the database
+** in pages is stored in *pnPage. Otherwise, an error code (perhaps
+** SQLITE_IOERR_FSTAT) is returned and *pnPage is left unmodified.
+*/
+static int pagerPagecount(Pager *pPager, Pgno *pnPage){
+  Pgno nPage;                     /* Value to return via *pnPage */
+
+  /* Query the WAL sub-system for the database size. The WalDbsize()
+  ** function returns zero if the WAL is not open (i.e. Pager.pWal==0), or
+  ** if the database size is not available. The database size is not
+  ** available from the WAL sub-system if the log file is empty or
+  ** contains no valid committed transactions.
+  */
+  assert( pPager->eState==PAGER_OPEN );
+  assert( pPager->eLock>=SHARED_LOCK );
+  nPage = sqlite3WalDbsize(pPager->pWal);
+
+  /* If the number of pages in the database is not available from the
+  ** WAL sub-system, determine the page counte based on the size of
+  ** the database file.  If the size of the database file is not an
+  ** integer multiple of the page-size, round up the result.
+  */
+  if( nPage==0 ){
+    i64 n = 0;                    /* Size of db file in bytes */
+    assert( isOpen(pPager->fd) || pPager->tempFile );
+    if( isOpen(pPager->fd) ){
+      int rc = sqlite3OsFileSize(pPager->fd, &n);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+    }
+    nPage = (Pgno)((n+pPager->pageSize-1) / pPager->pageSize);
+  }
+
+  /* If the current number of pages in the file is greater than the
+  ** configured maximum pager number, increase the allowed limit so
+  ** that the file can be read.
+  */
+  if( nPage>pPager->mxPgno ){
+    pPager->mxPgno = (Pgno)nPage;
+  }
+
+  *pnPage = nPage;
+  return SQLITE_OK;
+}
+
+#ifndef SQLITE_OMIT_WAL
+/*
+** Check if the *-wal file that corresponds to the database opened by pPager
+** exists if the database is not empy, or verify that the *-wal file does
+** not exist (by deleting it) if the database file is empty.
+**
+** If the database is not empty and the *-wal file exists, open the pager
+** in WAL mode.  If the database is empty or if no *-wal file exists and
+** if no error occurs, make sure Pager.journalMode is not set to
+** PAGER_JOURNALMODE_WAL.
+**
+** Return SQLITE_OK or an error code.
+**
+** The caller must hold a SHARED lock on the database file to call this
+** function. Because an EXCLUSIVE lock on the db file is required to delete 
+** a WAL on a none-empty database, this ensures there is no race condition 
+** between the xAccess() below and an xDelete() being executed by some 
+** other connection.
+*/
+static int pagerOpenWalIfPresent(Pager *pPager){
+  int rc = SQLITE_OK;
+  assert( pPager->eState==PAGER_OPEN );
+  assert( pPager->eLock>=SHARED_LOCK );
+
+  if( !pPager->tempFile ){
+    int isWal;                    /* True if WAL file exists */
+    Pgno nPage;                   /* Size of the database file */
+
+    rc = pagerPagecount(pPager, &nPage);
+    if( rc ) return rc;
+    if( nPage==0 ){
+      rc = sqlite3OsDelete(pPager->pVfs, pPager->zWal, 0);
+      if( rc==SQLITE_IOERR_DELETE_NOENT ) rc = SQLITE_OK;
+      isWal = 0;
+    }else{
+      rc = sqlite3OsAccess(
+          pPager->pVfs, pPager->zWal, SQLITE_ACCESS_EXISTS, &isWal
+      );
+    }
+    if( rc==SQLITE_OK ){
+      if( isWal ){
+        testcase( sqlite3PcachePagecount(pPager->pPCache)==0 );
+        rc = sqlite3PagerOpenWal(pPager, 0);
+      }else if( pPager->journalMode==PAGER_JOURNALMODE_WAL ){
+        pPager->journalMode = PAGER_JOURNALMODE_DELETE;
+      }
+    }
+  }
+  return rc;
+}
+#endif
+
+/*
+** Playback savepoint pSavepoint. Or, if pSavepoint==NULL, then playback
+** the entire master journal file. The case pSavepoint==NULL occurs when 
+** a ROLLBACK TO command is invoked on a SAVEPOINT that is a transaction 
+** savepoint.
+**
+** When pSavepoint is not NULL (meaning a non-transaction savepoint is 
+** being rolled back), then the rollback consists of up to three stages,
+** performed in the order specified:
+**
+**   * Pages are played back from the main journal starting at byte
+**     offset PagerSavepoint.iOffset and continuing to 
+**     PagerSavepoint.iHdrOffset, or to the end of the main journal
+**     file if PagerSavepoint.iHdrOffset is zero.
+**
+**   * If PagerSavepoint.iHdrOffset is not zero, then pages are played
+**     back starting from the journal header immediately following 
+**     PagerSavepoint.iHdrOffset to the end of the main journal file.
+**
+**   * Pages are then played back from the sub-journal file, starting
+**     with the PagerSavepoint.iSubRec and continuing to the end of
+**     the journal file.
+**
+** Throughout the rollback process, each time a page is rolled back, the
+** corresponding bit is set in a bitvec structure (variable pDone in the
+** implementation below). This is used to ensure that a page is only
+** rolled back the first time it is encountered in either journal.
+**
+** If pSavepoint is NULL, then pages are only played back from the main
+** journal file. There is no need for a bitvec in this case.
+**
+** In either case, before playback commences the Pager.dbSize variable
+** is reset to the value that it held at the start of the savepoint 
+** (or transaction). No page with a page-number greater than this value
+** is played back. If one is encountered it is simply skipped.
+*/
+static int pagerPlaybackSavepoint(Pager *pPager, PagerSavepoint *pSavepoint){
+  i64 szJ;                 /* Effective size of the main journal */
+  i64 iHdrOff;             /* End of first segment of main-journal records */
+  int rc = SQLITE_OK;      /* Return code */
+  Bitvec *pDone = 0;       /* Bitvec to ensure pages played back only once */
+
+  assert( pPager->eState!=PAGER_ERROR );
+  assert( pPager->eState>=PAGER_WRITER_LOCKED );
+
+  /* Allocate a bitvec to use to store the set of pages rolled back */
+  if( pSavepoint ){
+    pDone = sqlite3BitvecCreate(pSavepoint->nOrig);
+    if( !pDone ){
+      return SQLITE_NOMEM;
+    }
+  }
+
+  /* Set the database size back to the value it was before the savepoint 
+  ** being reverted was opened.
+  */
+  pPager->dbSize = pSavepoint ? pSavepoint->nOrig : pPager->dbOrigSize;
+  pPager->changeCountDone = pPager->tempFile;
+
+  if( !pSavepoint && pagerUseWal(pPager) ){
+    return pagerRollbackWal(pPager);
+  }
+
+  /* Use pPager->journalOff as the effective size of the main rollback
+  ** journal.  The actual file might be larger than this in
+  ** PAGER_JOURNALMODE_TRUNCATE or PAGER_JOURNALMODE_PERSIST.  But anything
+  ** past pPager->journalOff is off-limits to us.
+  */
+  szJ = pPager->journalOff;
+  assert( pagerUseWal(pPager)==0 || szJ==0 );
+
+  /* Begin by rolling back records from the main journal starting at
+  ** PagerSavepoint.iOffset and continuing to the next journal header.
+  ** There might be records in the main journal that have a page number
+  ** greater than the current database size (pPager->dbSize) but those
+  ** will be skipped automatically.  Pages are added to pDone as they
+  ** are played back.
+  */
+  if( pSavepoint && !pagerUseWal(pPager) ){
+    iHdrOff = pSavepoint->iHdrOffset ? pSavepoint->iHdrOffset : szJ;
+    pPager->journalOff = pSavepoint->iOffset;
+    while( rc==SQLITE_OK && pPager->journalOff<iHdrOff ){
+      rc = pager_playback_one_page(pPager, &pPager->journalOff, pDone, 1, 1);
+    }
+    assert( rc!=SQLITE_DONE );
+  }else{
+    pPager->journalOff = 0;
+  }
+
+  /* Continue rolling back records out of the main journal starting at
+  ** the first journal header seen and continuing until the effective end
+  ** of the main journal file.  Continue to skip out-of-range pages and
+  ** continue adding pages rolled back to pDone.
+  */
+  while( rc==SQLITE_OK && pPager->journalOff<szJ ){
+    u32 ii;            /* Loop counter */
+    u32 nJRec = 0;     /* Number of Journal Records */
+    u32 dummy;
+    rc = readJournalHdr(pPager, 0, szJ, &nJRec, &dummy);
+    assert( rc!=SQLITE_DONE );
+
+    /*
+    ** The "pPager->journalHdr+JOURNAL_HDR_SZ(pPager)==pPager->journalOff"
+    ** test is related to ticket #2565.  See the discussion in the
+    ** pager_playback() function for additional information.
+    */
+    if( nJRec==0 
+     && pPager->journalHdr+JOURNAL_HDR_SZ(pPager)==pPager->journalOff
+    ){
+      nJRec = (u32)((szJ - pPager->journalOff)/JOURNAL_PG_SZ(pPager));
+    }
+    for(ii=0; rc==SQLITE_OK && ii<nJRec && pPager->journalOff<szJ; ii++){
+      rc = pager_playback_one_page(pPager, &pPager->journalOff, pDone, 1, 1);
+    }
+    assert( rc!=SQLITE_DONE );
+  }
+  assert( rc!=SQLITE_OK || pPager->journalOff>=szJ );
+
+  /* Finally,  rollback pages from the sub-journal.  Page that were
+  ** previously rolled back out of the main journal (and are hence in pDone)
+  ** will be skipped.  Out-of-range pages are also skipped.
+  */
+  if( pSavepoint ){
+    u32 ii;            /* Loop counter */
+    i64 offset = (i64)pSavepoint->iSubRec*(4+pPager->pageSize);
+
+    if( pagerUseWal(pPager) ){
+      rc = sqlite3WalSavepointUndo(pPager->pWal, pSavepoint->aWalData);
+    }
+    for(ii=pSavepoint->iSubRec; rc==SQLITE_OK && ii<pPager->nSubRec; ii++){
+      assert( offset==(i64)ii*(4+pPager->pageSize) );
+      rc = pager_playback_one_page(pPager, &offset, pDone, 0, 1);
+    }
+    assert( rc!=SQLITE_DONE );
+  }
+
+  sqlite3BitvecDestroy(pDone);
+  if( rc==SQLITE_OK ){
+    pPager->journalOff = szJ;
+  }
+
+  return rc;
+}
+
+/*
+** Change the maximum number of in-memory pages that are allowed
+** before attempting to recycle clean and unused pages.
+*/
+SQLITE_PRIVATE void sqlite3PagerSetCachesize(Pager *pPager, int mxPage){
+  sqlite3PcacheSetCachesize(pPager->pPCache, mxPage);
+}
+
+/*
+** Change the maximum number of in-memory pages that are allowed
+** before attempting to spill pages to journal.
+*/
+SQLITE_PRIVATE int sqlite3PagerSetSpillsize(Pager *pPager, int mxPage){
+  return sqlite3PcacheSetSpillsize(pPager->pPCache, mxPage);
+}
+
+/*
+** Invoke SQLITE_FCNTL_MMAP_SIZE based on the current value of szMmap.
+*/
+static void pagerFixMaplimit(Pager *pPager){
+#if SQLITE_MAX_MMAP_SIZE>0
+  sqlite3_file *fd = pPager->fd;
+  if( isOpen(fd) && fd->pMethods->iVersion>=3 ){
+    sqlite3_int64 sz;
+    sz = pPager->szMmap;
+    pPager->bUseFetch = (sz>0);
+    sqlite3OsFileControlHint(pPager->fd, SQLITE_FCNTL_MMAP_SIZE, &sz);
+  }
+#endif
+}
+
+/*
+** Change the maximum size of any memory mapping made of the database file.
+*/
+SQLITE_PRIVATE void sqlite3PagerSetMmapLimit(Pager *pPager, sqlite3_int64 szMmap){
+  pPager->szMmap = szMmap;
+  pagerFixMaplimit(pPager);
+}
+
+/*
+** Free as much memory as possible from the pager.
+*/
+SQLITE_PRIVATE void sqlite3PagerShrink(Pager *pPager){
+  sqlite3PcacheShrink(pPager->pPCache);
+}
+
+/*
+** Adjust settings of the pager to those specified in the pgFlags parameter.
+**
+** The "level" in pgFlags & PAGER_SYNCHRONOUS_MASK sets the robustness
+** of the database to damage due to OS crashes or power failures by
+** changing the number of syncs()s when writing the journals.
+** There are three levels:
+**
+**    OFF       sqlite3OsSync() is never called.  This is the default
+**              for temporary and transient files.
+**
+**    NORMAL    The journal is synced once before writes begin on the
+**              database.  This is normally adequate protection, but
+**              it is theoretically possible, though very unlikely,
+**              that an inopertune power failure could leave the journal
+**              in a state which would cause damage to the database
+**              when it is rolled back.
+**
+**    FULL      The journal is synced twice before writes begin on the
+**              database (with some additional information - the nRec field
+**              of the journal header - being written in between the two
+**              syncs).  If we assume that writing a
+**              single disk sector is atomic, then this mode provides
+**              assurance that the journal will not be corrupted to the
+**              point of causing damage to the database during rollback.
+**
+** The above is for a rollback-journal mode.  For WAL mode, OFF continues
+** to mean that no syncs ever occur.  NORMAL means that the WAL is synced
+** prior to the start of checkpoint and that the database file is synced
+** at the conclusion of the checkpoint if the entire content of the WAL
+** was written back into the database.  But no sync operations occur for
+** an ordinary commit in NORMAL mode with WAL.  FULL means that the WAL
+** file is synced following each commit operation, in addition to the
+** syncs associated with NORMAL.
+**
+** Do not confuse synchronous=FULL with SQLITE_SYNC_FULL.  The
+** SQLITE_SYNC_FULL macro means to use the MacOSX-style full-fsync
+** using fcntl(F_FULLFSYNC).  SQLITE_SYNC_NORMAL means to do an
+** ordinary fsync() call.  There is no difference between SQLITE_SYNC_FULL
+** and SQLITE_SYNC_NORMAL on platforms other than MacOSX.  But the
+** synchronous=FULL versus synchronous=NORMAL setting determines when
+** the xSync primitive is called and is relevant to all platforms.
+**
+** Numeric values associated with these states are OFF==1, NORMAL=2,
+** and FULL=3.
+*/
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+SQLITE_PRIVATE void sqlite3PagerSetFlags(
+  Pager *pPager,        /* The pager to set safety level for */
+  unsigned pgFlags      /* Various flags */
+){
+  unsigned level = pgFlags & PAGER_SYNCHRONOUS_MASK;
+  assert( level>=1 && level<=3 );
+  pPager->noSync =  (level==1 || pPager->tempFile) ?1:0;
+  pPager->fullSync = (level==3 && !pPager->tempFile) ?1:0;
+  if( pPager->noSync ){
+    pPager->syncFlags = 0;
+    pPager->ckptSyncFlags = 0;
+  }else if( pgFlags & PAGER_FULLFSYNC ){
+    pPager->syncFlags = SQLITE_SYNC_FULL;
+    pPager->ckptSyncFlags = SQLITE_SYNC_FULL;
+  }else if( pgFlags & PAGER_CKPT_FULLFSYNC ){
+    pPager->syncFlags = SQLITE_SYNC_NORMAL;
+    pPager->ckptSyncFlags = SQLITE_SYNC_FULL;
+  }else{
+    pPager->syncFlags = SQLITE_SYNC_NORMAL;
+    pPager->ckptSyncFlags = SQLITE_SYNC_NORMAL;
+  }
+  pPager->walSyncFlags = pPager->syncFlags;
+  if( pPager->fullSync ){
+    pPager->walSyncFlags |= WAL_SYNC_TRANSACTIONS;
+  }
+  if( pgFlags & PAGER_CACHESPILL ){
+    pPager->doNotSpill &= ~SPILLFLAG_OFF;
+  }else{
+    pPager->doNotSpill |= SPILLFLAG_OFF;
+  }
+}
+#endif
+
+/*
+** The following global variable is incremented whenever the library
+** attempts to open a temporary file.  This information is used for
+** testing and analysis only.  
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_opentemp_count = 0;
+#endif
+
+/*
+** Open a temporary file.
+**
+** Write the file descriptor into *pFile. Return SQLITE_OK on success 
+** or some other error code if we fail. The OS will automatically 
+** delete the temporary file when it is closed.
+**
+** The flags passed to the VFS layer xOpen() call are those specified
+** by parameter vfsFlags ORed with the following:
+**
+**     SQLITE_OPEN_READWRITE
+**     SQLITE_OPEN_CREATE
+**     SQLITE_OPEN_EXCLUSIVE
+**     SQLITE_OPEN_DELETEONCLOSE
+*/
+static int pagerOpentemp(
+  Pager *pPager,        /* The pager object */
+  sqlite3_file *pFile,  /* Write the file descriptor here */
+  int vfsFlags          /* Flags passed through to the VFS */
+){
+  int rc;               /* Return code */
+
+#ifdef SQLITE_TEST
+  sqlite3_opentemp_count++;  /* Used for testing and analysis only */
+#endif
+
+  vfsFlags |=  SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE |
+            SQLITE_OPEN_EXCLUSIVE | SQLITE_OPEN_DELETEONCLOSE;
+  rc = sqlite3OsOpen(pPager->pVfs, 0, pFile, vfsFlags, 0);
+  assert( rc!=SQLITE_OK || isOpen(pFile) );
+  return rc;
+}
+
+/*
+** Set the busy handler function.
+**
+** The pager invokes the busy-handler if sqlite3OsLock() returns 
+** SQLITE_BUSY when trying to upgrade from no-lock to a SHARED lock,
+** or when trying to upgrade from a RESERVED lock to an EXCLUSIVE 
+** lock. It does *not* invoke the busy handler when upgrading from
+** SHARED to RESERVED, or when upgrading from SHARED to EXCLUSIVE
+** (which occurs during hot-journal rollback). Summary:
+**
+**   Transition                        | Invokes xBusyHandler
+**   --------------------------------------------------------
+**   NO_LOCK       -> SHARED_LOCK      | Yes
+**   SHARED_LOCK   -> RESERVED_LOCK    | No
+**   SHARED_LOCK   -> EXCLUSIVE_LOCK   | No
+**   RESERVED_LOCK -> EXCLUSIVE_LOCK   | Yes
+**
+** If the busy-handler callback returns non-zero, the lock is 
+** retried. If it returns zero, then the SQLITE_BUSY error is
+** returned to the caller of the pager API function.
+*/
+SQLITE_PRIVATE void sqlite3PagerSetBusyhandler(
+  Pager *pPager,                       /* Pager object */
+  int (*xBusyHandler)(void *),         /* Pointer to busy-handler function */
+  void *pBusyHandlerArg                /* Argument to pass to xBusyHandler */
+){
+  pPager->xBusyHandler = xBusyHandler;
+  pPager->pBusyHandlerArg = pBusyHandlerArg;
+
+  if( isOpen(pPager->fd) ){
+    void **ap = (void **)&pPager->xBusyHandler;
+    assert( ((int(*)(void *))(ap[0]))==xBusyHandler );
+    assert( ap[1]==pBusyHandlerArg );
+    sqlite3OsFileControlHint(pPager->fd, SQLITE_FCNTL_BUSYHANDLER, (void *)ap);
+  }
+}
+
+/*
+** Change the page size used by the Pager object. The new page size 
+** is passed in *pPageSize.
+**
+** If the pager is in the error state when this function is called, it
+** is a no-op. The value returned is the error state error code (i.e. 
+** one of SQLITE_IOERR, an SQLITE_IOERR_xxx sub-code or SQLITE_FULL).
+**
+** Otherwise, if all of the following are true:
+**
+**   * the new page size (value of *pPageSize) is valid (a power 
+**     of two between 512 and SQLITE_MAX_PAGE_SIZE, inclusive), and
+**
+**   * there are no outstanding page references, and
+**
+**   * the database is either not an in-memory database or it is
+**     an in-memory database that currently consists of zero pages.
+**
+** then the pager object page size is set to *pPageSize.
+**
+** If the page size is changed, then this function uses sqlite3PagerMalloc() 
+** to obtain a new Pager.pTmpSpace buffer. If this allocation attempt 
+** fails, SQLITE_NOMEM is returned and the page size remains unchanged. 
+** In all other cases, SQLITE_OK is returned.
+**
+** If the page size is not changed, either because one of the enumerated
+** conditions above is not true, the pager was in error state when this
+** function was called, or because the memory allocation attempt failed, 
+** then *pPageSize is set to the old, retained page size before returning.
+*/
+SQLITE_PRIVATE int sqlite3PagerSetPagesize(Pager *pPager, u32 *pPageSize, int nReserve){
+  int rc = SQLITE_OK;
+
+  /* It is not possible to do a full assert_pager_state() here, as this
+  ** function may be called from within PagerOpen(), before the state
+  ** of the Pager object is internally consistent.
+  **
+  ** At one point this function returned an error if the pager was in 
+  ** PAGER_ERROR state. But since PAGER_ERROR state guarantees that
+  ** there is at least one outstanding page reference, this function
+  ** is a no-op for that case anyhow.
+  */
+
+  u32 pageSize = *pPageSize;
+  assert( pageSize==0 || (pageSize>=512 && pageSize<=SQLITE_MAX_PAGE_SIZE) );
+  if( (pPager->memDb==0 || pPager->dbSize==0)
+   && sqlite3PcacheRefCount(pPager->pPCache)==0 
+   && pageSize && pageSize!=(u32)pPager->pageSize 
+  ){
+    char *pNew = NULL;             /* New temp space */
+    i64 nByte = 0;
+
+    if( pPager->eState>PAGER_OPEN && isOpen(pPager->fd) ){
+      rc = sqlite3OsFileSize(pPager->fd, &nByte);
+    }
+    if( rc==SQLITE_OK ){
+      pNew = (char *)sqlite3PageMalloc(pageSize);
+      if( !pNew ) rc = SQLITE_NOMEM;
+    }
+
+    if( rc==SQLITE_OK ){
+      pager_reset(pPager);
+      rc = sqlite3PcacheSetPageSize(pPager->pPCache, pageSize);
+    }
+    if( rc==SQLITE_OK ){
+      sqlite3PageFree(pPager->pTmpSpace);
+      pPager->pTmpSpace = pNew;
+      pPager->dbSize = (Pgno)((nByte+pageSize-1)/pageSize);
+      pPager->pageSize = pageSize;
+    }else{
+      sqlite3PageFree(pNew);
+    }
+  }
+
+  *pPageSize = pPager->pageSize;
+  if( rc==SQLITE_OK ){
+    if( nReserve<0 ) nReserve = pPager->nReserve;
+    assert( nReserve>=0 && nReserve<1000 );
+    pPager->nReserve = (i16)nReserve;
+    pagerReportSize(pPager);
+    pagerFixMaplimit(pPager);
+  }
+  return rc;
+}
+
+/*
+** Return a pointer to the "temporary page" buffer held internally
+** by the pager.  This is a buffer that is big enough to hold the
+** entire content of a database page.  This buffer is used internally
+** during rollback and will be overwritten whenever a rollback
+** occurs.  But other modules are free to use it too, as long as
+** no rollbacks are happening.
+*/
+SQLITE_PRIVATE void *sqlite3PagerTempSpace(Pager *pPager){
+  return pPager->pTmpSpace;
+}
+
+/*
+** Attempt to set the maximum database page count if mxPage is positive. 
+** Make no changes if mxPage is zero or negative.  And never reduce the
+** maximum page count below the current size of the database.
+**
+** Regardless of mxPage, return the current maximum page count.
+*/
+SQLITE_PRIVATE int sqlite3PagerMaxPageCount(Pager *pPager, int mxPage){
+  if( mxPage>0 ){
+    pPager->mxPgno = mxPage;
+  }
+  assert( pPager->eState!=PAGER_OPEN );      /* Called only by OP_MaxPgcnt */
+  assert( pPager->mxPgno>=pPager->dbSize );  /* OP_MaxPgcnt enforces this */
+  return pPager->mxPgno;
+}
+
+/*
+** The following set of routines are used to disable the simulated
+** I/O error mechanism.  These routines are used to avoid simulated
+** errors in places where we do not care about errors.
+**
+** Unless -DSQLITE_TEST=1 is used, these routines are all no-ops
+** and generate no code.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API extern int sqlite3_io_error_pending;
+SQLITE_API extern int sqlite3_io_error_hit;
+static int saved_cnt;
+void disable_simulated_io_errors(void){
+  saved_cnt = sqlite3_io_error_pending;
+  sqlite3_io_error_pending = -1;
+}
+void enable_simulated_io_errors(void){
+  sqlite3_io_error_pending = saved_cnt;
+}
+#else
+# define disable_simulated_io_errors()
+# define enable_simulated_io_errors()
+#endif
+
+/*
+** Read the first N bytes from the beginning of the file into memory
+** that pDest points to. 
+**
+** If the pager was opened on a transient file (zFilename==""), or
+** opened on a file less than N bytes in size, the output buffer is
+** zeroed and SQLITE_OK returned. The rationale for this is that this 
+** function is used to read database headers, and a new transient or
+** zero sized database has a header than consists entirely of zeroes.
+**
+** If any IO error apart from SQLITE_IOERR_SHORT_READ is encountered,
+** the error code is returned to the caller and the contents of the
+** output buffer undefined.
+*/
+SQLITE_PRIVATE int sqlite3PagerReadFileheader(Pager *pPager, int N, unsigned char *pDest){
+  int rc = SQLITE_OK;
+  memset(pDest, 0, N);
+  assert( isOpen(pPager->fd) || pPager->tempFile );
+
+  /* This routine is only called by btree immediately after creating
+  ** the Pager object.  There has not been an opportunity to transition
+  ** to WAL mode yet.
+  */
+  assert( !pagerUseWal(pPager) );
+
+  if( isOpen(pPager->fd) ){
+    IOTRACE(("DBHDR %p 0 %d\n", pPager, N))
+    rc = sqlite3OsRead(pPager->fd, pDest, N, 0);
+    if( rc==SQLITE_IOERR_SHORT_READ ){
+      rc = SQLITE_OK;
+    }
+  }
+  return rc;
+}
+
+/*
+** This function may only be called when a read-transaction is open on
+** the pager. It returns the total number of pages in the database.
+**
+** However, if the file is between 1 and <page-size> bytes in size, then 
+** this is considered a 1 page file.
+*/
+SQLITE_PRIVATE void sqlite3PagerPagecount(Pager *pPager, int *pnPage){
+  assert( pPager->eState>=PAGER_READER );
+  assert( pPager->eState!=PAGER_WRITER_FINISHED );
+  *pnPage = (int)pPager->dbSize;
+}
+
+
+/*
+** Try to obtain a lock of type locktype on the database file. If
+** a similar or greater lock is already held, this function is a no-op
+** (returning SQLITE_OK immediately).
+**
+** Otherwise, attempt to obtain the lock using sqlite3OsLock(). Invoke 
+** the busy callback if the lock is currently not available. Repeat 
+** until the busy callback returns false or until the attempt to 
+** obtain the lock succeeds.
+**
+** Return SQLITE_OK on success and an error code if we cannot obtain
+** the lock. If the lock is obtained successfully, set the Pager.state 
+** variable to locktype before returning.
+*/
+static int pager_wait_on_lock(Pager *pPager, int locktype){
+  int rc;                              /* Return code */
+
+  /* Check that this is either a no-op (because the requested lock is 
+  ** already held), or one of the transitions that the busy-handler
+  ** may be invoked during, according to the comment above
+  ** sqlite3PagerSetBusyhandler().
+  */
+  assert( (pPager->eLock>=locktype)
+       || (pPager->eLock==NO_LOCK && locktype==SHARED_LOCK)
+       || (pPager->eLock==RESERVED_LOCK && locktype==EXCLUSIVE_LOCK)
+  );
+
+  do {
+    rc = pagerLockDb(pPager, locktype);
+  }while( rc==SQLITE_BUSY && pPager->xBusyHandler(pPager->pBusyHandlerArg) );
+  return rc;
+}
+
+/*
+** Function assertTruncateConstraint(pPager) checks that one of the 
+** following is true for all dirty pages currently in the page-cache:
+**
+**   a) The page number is less than or equal to the size of the 
+**      current database image, in pages, OR
+**
+**   b) if the page content were written at this time, it would not
+**      be necessary to write the current content out to the sub-journal
+**      (as determined by function subjRequiresPage()).
+**
+** If the condition asserted by this function were not true, and the
+** dirty page were to be discarded from the cache via the pagerStress()
+** routine, pagerStress() would not write the current page content to
+** the database file. If a savepoint transaction were rolled back after
+** this happened, the correct behavior would be to restore the current
+** content of the page. However, since this content is not present in either
+** the database file or the portion of the rollback journal and 
+** sub-journal rolled back the content could not be restored and the
+** database image would become corrupt. It is therefore fortunate that 
+** this circumstance cannot arise.
+*/
+#if defined(SQLITE_DEBUG)
+static void assertTruncateConstraintCb(PgHdr *pPg){
+  assert( pPg->flags&PGHDR_DIRTY );
+  assert( !subjRequiresPage(pPg) || pPg->pgno<=pPg->pPager->dbSize );
+}
+static void assertTruncateConstraint(Pager *pPager){
+  sqlite3PcacheIterateDirty(pPager->pPCache, assertTruncateConstraintCb);
+}
+#else
+# define assertTruncateConstraint(pPager)
+#endif
+
+/*
+** Truncate the in-memory database file image to nPage pages. This 
+** function does not actually modify the database file on disk. It 
+** just sets the internal state of the pager object so that the 
+** truncation will be done when the current transaction is committed.
+**
+** This function is only called right before committing a transaction.
+** Once this function has been called, the transaction must either be
+** rolled back or committed. It is not safe to call this function and
+** then continue writing to the database.
+*/
+SQLITE_PRIVATE void sqlite3PagerTruncateImage(Pager *pPager, Pgno nPage){
+  assert( pPager->dbSize>=nPage );
+  assert( pPager->eState>=PAGER_WRITER_CACHEMOD );
+  pPager->dbSize = nPage;
+
+  /* At one point the code here called assertTruncateConstraint() to
+  ** ensure that all pages being truncated away by this operation are,
+  ** if one or more savepoints are open, present in the savepoint 
+  ** journal so that they can be restored if the savepoint is rolled
+  ** back. This is no longer necessary as this function is now only
+  ** called right before committing a transaction. So although the 
+  ** Pager object may still have open savepoints (Pager.nSavepoint!=0), 
+  ** they cannot be rolled back. So the assertTruncateConstraint() call
+  ** is no longer correct. */
+}
+
+
+/*
+** This function is called before attempting a hot-journal rollback. It
+** syncs the journal file to disk, then sets pPager->journalHdr to the
+** size of the journal file so that the pager_playback() routine knows
+** that the entire journal file has been synced.
+**
+** Syncing a hot-journal to disk before attempting to roll it back ensures 
+** that if a power-failure occurs during the rollback, the process that
+** attempts rollback following system recovery sees the same journal
+** content as this process.
+**
+** If everything goes as planned, SQLITE_OK is returned. Otherwise, 
+** an SQLite error code.
+*/
+static int pagerSyncHotJournal(Pager *pPager){
+  int rc = SQLITE_OK;
+  if( !pPager->noSync ){
+    rc = sqlite3OsSync(pPager->jfd, SQLITE_SYNC_NORMAL);
+  }
+  if( rc==SQLITE_OK ){
+    rc = sqlite3OsFileSize(pPager->jfd, &pPager->journalHdr);
+  }
+  return rc;
+}
+
+/*
+** Obtain a reference to a memory mapped page object for page number pgno. 
+** The new object will use the pointer pData, obtained from xFetch().
+** If successful, set *ppPage to point to the new page reference
+** and return SQLITE_OK. Otherwise, return an SQLite error code and set
+** *ppPage to zero.
+**
+** Page references obtained by calling this function should be released
+** by calling pagerReleaseMapPage().
+*/
+static int pagerAcquireMapPage(
+  Pager *pPager,                  /* Pager object */
+  Pgno pgno,                      /* Page number */
+  void *pData,                    /* xFetch()'d data for this page */
+  PgHdr **ppPage                  /* OUT: Acquired page object */
+){
+  PgHdr *p;                       /* Memory mapped page to return */
+  
+  if( pPager->pMmapFreelist ){
+    *ppPage = p = pPager->pMmapFreelist;
+    pPager->pMmapFreelist = p->pDirty;
+    p->pDirty = 0;
+    memset(p->pExtra, 0, pPager->nExtra);
+  }else{
+    *ppPage = p = (PgHdr *)sqlite3MallocZero(sizeof(PgHdr) + pPager->nExtra);
+    if( p==0 ){
+      sqlite3OsUnfetch(pPager->fd, (i64)(pgno-1) * pPager->pageSize, pData);
+      return SQLITE_NOMEM;
+    }
+    p->pExtra = (void *)&p[1];
+    p->flags = PGHDR_MMAP;
+    p->nRef = 1;
+    p->pPager = pPager;
+  }
+
+  assert( p->pExtra==(void *)&p[1] );
+  assert( p->pPage==0 );
+  assert( p->flags==PGHDR_MMAP );
+  assert( p->pPager==pPager );
+  assert( p->nRef==1 );
+
+  p->pgno = pgno;
+  p->pData = pData;
+  pPager->nMmapOut++;
+
+  return SQLITE_OK;
+}
+
+/*
+** Release a reference to page pPg. pPg must have been returned by an 
+** earlier call to pagerAcquireMapPage().
+*/
+static void pagerReleaseMapPage(PgHdr *pPg){
+  Pager *pPager = pPg->pPager;
+  pPager->nMmapOut--;
+  pPg->pDirty = pPager->pMmapFreelist;
+  pPager->pMmapFreelist = pPg;
+
+  assert( pPager->fd->pMethods->iVersion>=3 );
+  sqlite3OsUnfetch(pPager->fd, (i64)(pPg->pgno-1)*pPager->pageSize, pPg->pData);
+}
+
+/*
+** Free all PgHdr objects stored in the Pager.pMmapFreelist list.
+*/
+static void pagerFreeMapHdrs(Pager *pPager){
+  PgHdr *p;
+  PgHdr *pNext;
+  for(p=pPager->pMmapFreelist; p; p=pNext){
+    pNext = p->pDirty;
+    sqlite3_free(p);
+  }
+}
+
+
+/*
+** Shutdown the page cache.  Free all memory and close all files.
+**
+** If a transaction was in progress when this routine is called, that
+** transaction is rolled back.  All outstanding pages are invalidated
+** and their memory is freed.  Any attempt to use a page associated
+** with this page cache after this function returns will likely
+** result in a coredump.
+**
+** This function always succeeds. If a transaction is active an attempt
+** is made to roll it back. If an error occurs during the rollback 
+** a hot journal may be left in the filesystem but no error is returned
+** to the caller.
+*/
+SQLITE_PRIVATE int sqlite3PagerClose(Pager *pPager){
+  u8 *pTmp = (u8 *)pPager->pTmpSpace;
+
+  assert( assert_pager_state(pPager) );
+  disable_simulated_io_errors();
+  sqlite3BeginBenignMalloc();
+  pagerFreeMapHdrs(pPager);
+  /* pPager->errCode = 0; */
+  pPager->exclusiveMode = 0;
+#ifndef SQLITE_OMIT_WAL
+  sqlite3WalClose(pPager->pWal, pPager->ckptSyncFlags, pPager->pageSize, pTmp);
+  pPager->pWal = 0;
+#endif
+  pager_reset(pPager);
+  if( MEMDB ){
+    pager_unlock(pPager);
+  }else{
+    /* If it is open, sync the journal file before calling UnlockAndRollback.
+    ** If this is not done, then an unsynced portion of the open journal 
+    ** file may be played back into the database. If a power failure occurs 
+    ** while this is happening, the database could become corrupt.
+    **
+    ** If an error occurs while trying to sync the journal, shift the pager
+    ** into the ERROR state. This causes UnlockAndRollback to unlock the
+    ** database and close the journal file without attempting to roll it
+    ** back or finalize it. The next database user will have to do hot-journal
+    ** rollback before accessing the database file.
+    */
+    if( isOpen(pPager->jfd) ){
+      pager_error(pPager, pagerSyncHotJournal(pPager));
+    }
+    pagerUnlockAndRollback(pPager);
+  }
+  sqlite3EndBenignMalloc();
+  enable_simulated_io_errors();
+  PAGERTRACE(("CLOSE %d\n", PAGERID(pPager)));
+  IOTRACE(("CLOSE %p\n", pPager))
+  sqlite3OsClose(pPager->jfd);
+  sqlite3OsClose(pPager->fd);
+  sqlite3PageFree(pTmp);
+  sqlite3PcacheClose(pPager->pPCache);
+
+#ifdef SQLITE_HAS_CODEC
+  if( pPager->xCodecFree ) pPager->xCodecFree(pPager->pCodec);
+#endif
+
+  assert( !pPager->aSavepoint && !pPager->pInJournal );
+  assert( !isOpen(pPager->jfd) && !isOpen(pPager->sjfd) );
+
+  sqlite3_free(pPager);
+  return SQLITE_OK;
+}
+
+#if !defined(NDEBUG) || defined(SQLITE_TEST)
+/*
+** Return the page number for page pPg.
+*/
+SQLITE_PRIVATE Pgno sqlite3PagerPagenumber(DbPage *pPg){
+  return pPg->pgno;
+}
+#endif
+
+/*
+** Increment the reference count for page pPg.
+*/
+SQLITE_PRIVATE void sqlite3PagerRef(DbPage *pPg){
+  sqlite3PcacheRef(pPg);
+}
+
+/*
+** Sync the journal. In other words, make sure all the pages that have
+** been written to the journal have actually reached the surface of the
+** disk and can be restored in the event of a hot-journal rollback.
+**
+** If the Pager.noSync flag is set, then this function is a no-op.
+** Otherwise, the actions required depend on the journal-mode and the 
+** device characteristics of the file-system, as follows:
+**
+**   * If the journal file is an in-memory journal file, no action need
+**     be taken.
+**
+**   * Otherwise, if the device does not support the SAFE_APPEND property,
+**     then the nRec field of the most recently written journal header
+**     is updated to contain the number of journal records that have
+**     been written following it. If the pager is operating in full-sync
+**     mode, then the journal file is synced before this field is updated.
+**
+**   * If the device does not support the SEQUENTIAL property, then 
+**     journal file is synced.
+**
+** Or, in pseudo-code:
+**
+**   if( NOT <in-memory journal> ){
+**     if( NOT SAFE_APPEND ){
+**       if( <full-sync mode> ) xSync(<journal file>);
+**       <update nRec field>
+**     } 
+**     if( NOT SEQUENTIAL ) xSync(<journal file>);
+**   }
+**
+** If successful, this routine clears the PGHDR_NEED_SYNC flag of every 
+** page currently held in memory before returning SQLITE_OK. If an IO
+** error is encountered, then the IO error code is returned to the caller.
+*/
+static int syncJournal(Pager *pPager, int newHdr){
+  int rc;                         /* Return code */
+
+  assert( pPager->eState==PAGER_WRITER_CACHEMOD
+       || pPager->eState==PAGER_WRITER_DBMOD
+  );
+  assert( assert_pager_state(pPager) );
+  assert( !pagerUseWal(pPager) );
+
+  rc = sqlite3PagerExclusiveLock(pPager);
+  if( rc!=SQLITE_OK ) return rc;
+
+  if( !pPager->noSync ){
+    assert( !pPager->tempFile );
+    if( isOpen(pPager->jfd) && pPager->journalMode!=PAGER_JOURNALMODE_MEMORY ){
+      const int iDc = sqlite3OsDeviceCharacteristics(pPager->fd);
+      assert( isOpen(pPager->jfd) );
+
+      if( 0==(iDc&SQLITE_IOCAP_SAFE_APPEND) ){
+        /* This block deals with an obscure problem. If the last connection
+        ** that wrote to this database was operating in persistent-journal
+        ** mode, then the journal file may at this point actually be larger
+        ** than Pager.journalOff bytes. If the next thing in the journal
+        ** file happens to be a journal-header (written as part of the
+        ** previous connection's transaction), and a crash or power-failure 
+        ** occurs after nRec is updated but before this connection writes 
+        ** anything else to the journal file (or commits/rolls back its 
+        ** transaction), then SQLite may become confused when doing the 
+        ** hot-journal rollback following recovery. It may roll back all
+        ** of this connections data, then proceed to rolling back the old,
+        ** out-of-date data that follows it. Database corruption.
+        **
+        ** To work around this, if the journal file does appear to contain
+        ** a valid header following Pager.journalOff, then write a 0x00
+        ** byte to the start of it to prevent it from being recognized.
+        **
+        ** Variable iNextHdrOffset is set to the offset at which this
+        ** problematic header will occur, if it exists. aMagic is used 
+        ** as a temporary buffer to inspect the first couple of bytes of
+        ** the potential journal header.
+        */
+        i64 iNextHdrOffset;
+        u8 aMagic[8];
+        u8 zHeader[sizeof(aJournalMagic)+4];
+
+        memcpy(zHeader, aJournalMagic, sizeof(aJournalMagic));
+        put32bits(&zHeader[sizeof(aJournalMagic)], pPager->nRec);
+
+        iNextHdrOffset = journalHdrOffset(pPager);
+        rc = sqlite3OsRead(pPager->jfd, aMagic, 8, iNextHdrOffset);
+        if( rc==SQLITE_OK && 0==memcmp(aMagic, aJournalMagic, 8) ){
+          static const u8 zerobyte = 0;
+          rc = sqlite3OsWrite(pPager->jfd, &zerobyte, 1, iNextHdrOffset);
+        }
+        if( rc!=SQLITE_OK && rc!=SQLITE_IOERR_SHORT_READ ){
+          return rc;
+        }
+
+        /* Write the nRec value into the journal file header. If in
+        ** full-synchronous mode, sync the journal first. This ensures that
+        ** all data has really hit the disk before nRec is updated to mark
+        ** it as a candidate for rollback.
+        **
+        ** This is not required if the persistent media supports the
+        ** SAFE_APPEND property. Because in this case it is not possible 
+        ** for garbage data to be appended to the file, the nRec field
+        ** is populated with 0xFFFFFFFF when the journal header is written
+        ** and never needs to be updated.
+        */
+        if( pPager->fullSync && 0==(iDc&SQLITE_IOCAP_SEQUENTIAL) ){
+          PAGERTRACE(("SYNC journal of %d\n", PAGERID(pPager)));
+          IOTRACE(("JSYNC %p\n", pPager))
+          rc = sqlite3OsSync(pPager->jfd, pPager->syncFlags);
+          if( rc!=SQLITE_OK ) return rc;
+        }
+        IOTRACE(("JHDR %p %lld\n", pPager, pPager->journalHdr));
+        rc = sqlite3OsWrite(
+            pPager->jfd, zHeader, sizeof(zHeader), pPager->journalHdr
+        );
+        if( rc!=SQLITE_OK ) return rc;
+      }
+      if( 0==(iDc&SQLITE_IOCAP_SEQUENTIAL) ){
+        PAGERTRACE(("SYNC journal of %d\n", PAGERID(pPager)));
+        IOTRACE(("JSYNC %p\n", pPager))
+        rc = sqlite3OsSync(pPager->jfd, pPager->syncFlags| 
+          (pPager->syncFlags==SQLITE_SYNC_FULL?SQLITE_SYNC_DATAONLY:0)
+        );
+        if( rc!=SQLITE_OK ) return rc;
+      }
+
+      pPager->journalHdr = pPager->journalOff;
+      if( newHdr && 0==(iDc&SQLITE_IOCAP_SAFE_APPEND) ){
+        pPager->nRec = 0;
+        rc = writeJournalHdr(pPager);
+        if( rc!=SQLITE_OK ) return rc;
+      }
+    }else{
+      pPager->journalHdr = pPager->journalOff;
+    }
+  }
+
+  /* Unless the pager is in noSync mode, the journal file was just 
+  ** successfully synced. Either way, clear the PGHDR_NEED_SYNC flag on 
+  ** all pages.
+  */
+  sqlite3PcacheClearSyncFlags(pPager->pPCache);
+  pPager->eState = PAGER_WRITER_DBMOD;
+  assert( assert_pager_state(pPager) );
+  return SQLITE_OK;
+}
+
+/*
+** The argument is the first in a linked list of dirty pages connected
+** by the PgHdr.pDirty pointer. This function writes each one of the
+** in-memory pages in the list to the database file. The argument may
+** be NULL, representing an empty list. In this case this function is
+** a no-op.
+**
+** The pager must hold at least a RESERVED lock when this function
+** is called. Before writing anything to the database file, this lock
+** is upgraded to an EXCLUSIVE lock. If the lock cannot be obtained,
+** SQLITE_BUSY is returned and no data is written to the database file.
+** 
+** If the pager is a temp-file pager and the actual file-system file
+** is not yet open, it is created and opened before any data is 
+** written out.
+**
+** Once the lock has been upgraded and, if necessary, the file opened,
+** the pages are written out to the database file in list order. Writing
+** a page is skipped if it meets either of the following criteria:
+**
+**   * The page number is greater than Pager.dbSize, or
+**   * The PGHDR_DONT_WRITE flag is set on the page.
+**
+** If writing out a page causes the database file to grow, Pager.dbFileSize
+** is updated accordingly. If page 1 is written out, then the value cached
+** in Pager.dbFileVers[] is updated to match the new value stored in
+** the database file.
+**
+** If everything is successful, SQLITE_OK is returned. If an IO error 
+** occurs, an IO error code is returned. Or, if the EXCLUSIVE lock cannot
+** be obtained, SQLITE_BUSY is returned.
+*/
+static int pager_write_pagelist(Pager *pPager, PgHdr *pList){
+  int rc = SQLITE_OK;                  /* Return code */
+
+  /* This function is only called for rollback pagers in WRITER_DBMOD state. */
+  assert( !pagerUseWal(pPager) );
+  assert( pPager->eState==PAGER_WRITER_DBMOD );
+  assert( pPager->eLock==EXCLUSIVE_LOCK );
+
+  /* If the file is a temp-file has not yet been opened, open it now. It
+  ** is not possible for rc to be other than SQLITE_OK if this branch
+  ** is taken, as pager_wait_on_lock() is a no-op for temp-files.
+  */
+  if( !isOpen(pPager->fd) ){
+    assert( pPager->tempFile && rc==SQLITE_OK );
+    rc = pagerOpentemp(pPager, pPager->fd, pPager->vfsFlags);
+  }
+
+  /* Before the first write, give the VFS a hint of what the final
+  ** file size will be.
+  */
+  assert( rc!=SQLITE_OK || isOpen(pPager->fd) );
+  if( rc==SQLITE_OK 
+   && pPager->dbHintSize<pPager->dbSize
+   && (pList->pDirty || pList->pgno>pPager->dbHintSize)
+  ){
+    sqlite3_int64 szFile = pPager->pageSize * (sqlite3_int64)pPager->dbSize;
+    sqlite3OsFileControlHint(pPager->fd, SQLITE_FCNTL_SIZE_HINT, &szFile);
+    pPager->dbHintSize = pPager->dbSize;
+  }
+
+  while( rc==SQLITE_OK && pList ){
+    Pgno pgno = pList->pgno;
+
+    /* If there are dirty pages in the page cache with page numbers greater
+    ** than Pager.dbSize, this means sqlite3PagerTruncateImage() was called to
+    ** make the file smaller (presumably by auto-vacuum code). Do not write
+    ** any such pages to the file.
+    **
+    ** Also, do not write out any page that has the PGHDR_DONT_WRITE flag
+    ** set (set by sqlite3PagerDontWrite()).
+    */
+    if( pgno<=pPager->dbSize && 0==(pList->flags&PGHDR_DONT_WRITE) ){
+      i64 offset = (pgno-1)*(i64)pPager->pageSize;   /* Offset to write */
+      char *pData;                                   /* Data to write */    
+
+      assert( (pList->flags&PGHDR_NEED_SYNC)==0 );
+      if( pList->pgno==1 ) pager_write_changecounter(pList);
+
+      /* Encode the database */
+      CODEC2(pPager, pList->pData, pgno, 6, return SQLITE_NOMEM, pData);
+
+      /* Write out the page data. */
+      rc = sqlite3OsWrite(pPager->fd, pData, pPager->pageSize, offset);
+
+      /* If page 1 was just written, update Pager.dbFileVers to match
+      ** the value now stored in the database file. If writing this 
+      ** page caused the database file to grow, update dbFileSize. 
+      */
+      if( pgno==1 ){
+        memcpy(&pPager->dbFileVers, &pData[24], sizeof(pPager->dbFileVers));
+      }
+      if( pgno>pPager->dbFileSize ){
+        pPager->dbFileSize = pgno;
+      }
+      pPager->aStat[PAGER_STAT_WRITE]++;
+
+      /* Update any backup objects copying the contents of this pager. */
+      sqlite3BackupUpdate(pPager->pBackup, pgno, (u8*)pList->pData);
+
+      PAGERTRACE(("STORE %d page %d hash(%08x)\n",
+                   PAGERID(pPager), pgno, pager_pagehash(pList)));
+      IOTRACE(("PGOUT %p %d\n", pPager, pgno));
+      PAGER_INCR(sqlite3_pager_writedb_count);
+    }else{
+      PAGERTRACE(("NOSTORE %d page %d\n", PAGERID(pPager), pgno));
+    }
+    pager_set_pagehash(pList);
+    pList = pList->pDirty;
+  }
+
+  return rc;
+}
+
+/*
+** Ensure that the sub-journal file is open. If it is already open, this 
+** function is a no-op.
+**
+** SQLITE_OK is returned if everything goes according to plan. An 
+** SQLITE_IOERR_XXX error code is returned if a call to sqlite3OsOpen() 
+** fails.
+*/
+static int openSubJournal(Pager *pPager){
+  int rc = SQLITE_OK;
+  if( !isOpen(pPager->sjfd) ){
+    if( pPager->journalMode==PAGER_JOURNALMODE_MEMORY || pPager->subjInMemory ){
+      sqlite3MemJournalOpen(pPager->sjfd);
+    }else{
+      rc = pagerOpentemp(pPager, pPager->sjfd, SQLITE_OPEN_SUBJOURNAL);
+    }
+  }
+  return rc;
+}
+
+/*
+** Append a record of the current state of page pPg to the sub-journal. 
+**
+** If successful, set the bit corresponding to pPg->pgno in the bitvecs
+** for all open savepoints before returning.
+**
+** This function returns SQLITE_OK if everything is successful, an IO
+** error code if the attempt to write to the sub-journal fails, or 
+** SQLITE_NOMEM if a malloc fails while setting a bit in a savepoint
+** bitvec.
+*/
+static int subjournalPage(PgHdr *pPg){
+  int rc = SQLITE_OK;
+  Pager *pPager = pPg->pPager;
+  if( pPager->journalMode!=PAGER_JOURNALMODE_OFF ){
+
+    /* Open the sub-journal, if it has not already been opened */
+    assert( pPager->useJournal );
+    assert( isOpen(pPager->jfd) || pagerUseWal(pPager) );
+    assert( isOpen(pPager->sjfd) || pPager->nSubRec==0 );
+    assert( pagerUseWal(pPager) 
+         || pageInJournal(pPager, pPg) 
+         || pPg->pgno>pPager->dbOrigSize 
+    );
+    rc = openSubJournal(pPager);
+
+    /* If the sub-journal was opened successfully (or was already open),
+    ** write the journal record into the file.  */
+    if( rc==SQLITE_OK ){
+      void *pData = pPg->pData;
+      i64 offset = (i64)pPager->nSubRec*(4+pPager->pageSize);
+      char *pData2;
+  
+      CODEC2(pPager, pData, pPg->pgno, 7, return SQLITE_NOMEM, pData2);
+      PAGERTRACE(("STMT-JOURNAL %d page %d\n", PAGERID(pPager), pPg->pgno));
+      rc = write32bits(pPager->sjfd, offset, pPg->pgno);
+      if( rc==SQLITE_OK ){
+        rc = sqlite3OsWrite(pPager->sjfd, pData2, pPager->pageSize, offset+4);
+      }
+    }
+  }
+  if( rc==SQLITE_OK ){
+    pPager->nSubRec++;
+    assert( pPager->nSavepoint>0 );
+    rc = addToSavepointBitvecs(pPager, pPg->pgno);
+  }
+  return rc;
+}
+static int subjournalPageIfRequired(PgHdr *pPg){
+  if( subjRequiresPage(pPg) ){
+    return subjournalPage(pPg);
+  }else{
+    return SQLITE_OK;
+  }
+}
+
+/*
+** This function is called by the pcache layer when it has reached some
+** soft memory limit. The first argument is a pointer to a Pager object
+** (cast as a void*). The pager is always 'purgeable' (not an in-memory
+** database). The second argument is a reference to a page that is 
+** currently dirty but has no outstanding references. The page
+** is always associated with the Pager object passed as the first 
+** argument.
+**
+** The job of this function is to make pPg clean by writing its contents
+** out to the database file, if possible. This may involve syncing the
+** journal file. 
+**
+** If successful, sqlite3PcacheMakeClean() is called on the page and
+** SQLITE_OK returned. If an IO error occurs while trying to make the
+** page clean, the IO error code is returned. If the page cannot be
+** made clean for some other reason, but no error occurs, then SQLITE_OK
+** is returned by sqlite3PcacheMakeClean() is not called.
+*/
+static int pagerStress(void *p, PgHdr *pPg){
+  Pager *pPager = (Pager *)p;
+  int rc = SQLITE_OK;
+
+  assert( pPg->pPager==pPager );
+  assert( pPg->flags&PGHDR_DIRTY );
+
+  /* The doNotSpill NOSYNC bit is set during times when doing a sync of
+  ** journal (and adding a new header) is not allowed.  This occurs
+  ** during calls to sqlite3PagerWrite() while trying to journal multiple
+  ** pages belonging to the same sector.
+  **
+  ** The doNotSpill ROLLBACK and OFF bits inhibits all cache spilling
+  ** regardless of whether or not a sync is required.  This is set during
+  ** a rollback or by user request, respectively.
+  **
+  ** Spilling is also prohibited when in an error state since that could
+  ** lead to database corruption.   In the current implementation it 
+  ** is impossible for sqlite3PcacheFetch() to be called with createFlag==3
+  ** while in the error state, hence it is impossible for this routine to
+  ** be called in the error state.  Nevertheless, we include a NEVER()
+  ** test for the error state as a safeguard against future changes.
+  */
+  if( NEVER(pPager->errCode) ) return SQLITE_OK;
+  testcase( pPager->doNotSpill & SPILLFLAG_ROLLBACK );
+  testcase( pPager->doNotSpill & SPILLFLAG_OFF );
+  testcase( pPager->doNotSpill & SPILLFLAG_NOSYNC );
+  if( pPager->doNotSpill
+   && ((pPager->doNotSpill & (SPILLFLAG_ROLLBACK|SPILLFLAG_OFF))!=0
+      || (pPg->flags & PGHDR_NEED_SYNC)!=0)
+  ){
+    return SQLITE_OK;
+  }
+
+  pPg->pDirty = 0;
+  if( pagerUseWal(pPager) ){
+    /* Write a single frame for this page to the log. */
+    rc = subjournalPageIfRequired(pPg); 
+    if( rc==SQLITE_OK ){
+      rc = pagerWalFrames(pPager, pPg, 0, 0);
+    }
+  }else{
+  
+    /* Sync the journal file if required. */
+    if( pPg->flags&PGHDR_NEED_SYNC 
+     || pPager->eState==PAGER_WRITER_CACHEMOD
+    ){
+      rc = syncJournal(pPager, 1);
+    }
+  
+    /* Write the contents of the page out to the database file. */
+    if( rc==SQLITE_OK ){
+      assert( (pPg->flags&PGHDR_NEED_SYNC)==0 );
+      rc = pager_write_pagelist(pPager, pPg);
+    }
+  }
+
+  /* Mark the page as clean. */
+  if( rc==SQLITE_OK ){
+    PAGERTRACE(("STRESS %d page %d\n", PAGERID(pPager), pPg->pgno));
+    sqlite3PcacheMakeClean(pPg);
+  }
+
+  return pager_error(pPager, rc); 
+}
+
+/*
+** Flush all unreferenced dirty pages to disk.
+*/
+SQLITE_PRIVATE int sqlite3PagerFlush(Pager *pPager){
+  int rc = pPager->errCode;
+  if( !MEMDB ){
+    PgHdr *pList = sqlite3PcacheDirtyList(pPager->pPCache);
+    assert( assert_pager_state(pPager) );
+    while( rc==SQLITE_OK && pList ){
+      PgHdr *pNext = pList->pDirty;
+      if( pList->nRef==0 ){
+        rc = pagerStress((void*)pPager, pList);
+      }
+      pList = pNext;
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Allocate and initialize a new Pager object and put a pointer to it
+** in *ppPager. The pager should eventually be freed by passing it
+** to sqlite3PagerClose().
+**
+** The zFilename argument is the path to the database file to open.
+** If zFilename is NULL then a randomly-named temporary file is created
+** and used as the file to be cached. Temporary files are be deleted
+** automatically when they are closed. If zFilename is ":memory:" then 
+** all information is held in cache. It is never written to disk. 
+** This can be used to implement an in-memory database.
+**
+** The nExtra parameter specifies the number of bytes of space allocated
+** along with each page reference. This space is available to the user
+** via the sqlite3PagerGetExtra() API.
+**
+** The flags argument is used to specify properties that affect the
+** operation of the pager. It should be passed some bitwise combination
+** of the PAGER_* flags.
+**
+** The vfsFlags parameter is a bitmask to pass to the flags parameter
+** of the xOpen() method of the supplied VFS when opening files. 
+**
+** If the pager object is allocated and the specified file opened 
+** successfully, SQLITE_OK is returned and *ppPager set to point to
+** the new pager object. If an error occurs, *ppPager is set to NULL
+** and error code returned. This function may return SQLITE_NOMEM
+** (sqlite3Malloc() is used to allocate memory), SQLITE_CANTOPEN or 
+** various SQLITE_IO_XXX errors.
+*/
+SQLITE_PRIVATE int sqlite3PagerOpen(
+  sqlite3_vfs *pVfs,       /* The virtual file system to use */
+  Pager **ppPager,         /* OUT: Return the Pager structure here */
+  const char *zFilename,   /* Name of the database file to open */
+  int nExtra,              /* Extra bytes append to each in-memory page */
+  int flags,               /* flags controlling this file */
+  int vfsFlags,            /* flags passed through to sqlite3_vfs.xOpen() */
+  void (*xReinit)(DbPage*) /* Function to reinitialize pages */
+){
+  u8 *pPtr;
+  Pager *pPager = 0;       /* Pager object to allocate and return */
+  int rc = SQLITE_OK;      /* Return code */
+  int tempFile = 0;        /* True for temp files (incl. in-memory files) */
+  int memDb = 0;           /* True if this is an in-memory file */
+  int readOnly = 0;        /* True if this is a read-only file */
+  int journalFileSize;     /* Bytes to allocate for each journal fd */
+  char *zPathname = 0;     /* Full path to database file */
+  int nPathname = 0;       /* Number of bytes in zPathname */
+  int useJournal = (flags & PAGER_OMIT_JOURNAL)==0; /* False to omit journal */
+  int pcacheSize = sqlite3PcacheSize();       /* Bytes to allocate for PCache */
+  u32 szPageDflt = SQLITE_DEFAULT_PAGE_SIZE;  /* Default page size */
+  const char *zUri = 0;    /* URI args to copy */
+  int nUri = 0;            /* Number of bytes of URI args at *zUri */
+
+  /* Figure out how much space is required for each journal file-handle
+  ** (there are two of them, the main journal and the sub-journal). This
+  ** is the maximum space required for an in-memory journal file handle 
+  ** and a regular journal file-handle. Note that a "regular journal-handle"
+  ** may be a wrapper capable of caching the first portion of the journal
+  ** file in memory to implement the atomic-write optimization (see 
+  ** source file journal.c).
+  */
+  if( sqlite3JournalSize(pVfs)>sqlite3MemJournalSize() ){
+    journalFileSize = ROUND8(sqlite3JournalSize(pVfs));
+  }else{
+    journalFileSize = ROUND8(sqlite3MemJournalSize());
+  }
+
+  /* Set the output variable to NULL in case an error occurs. */
+  *ppPager = 0;
+
+#ifndef SQLITE_OMIT_MEMORYDB
+  if( flags & PAGER_MEMORY ){
+    memDb = 1;
+    if( zFilename && zFilename[0] ){
+      zPathname = sqlite3DbStrDup(0, zFilename);
+      if( zPathname==0  ) return SQLITE_NOMEM;
+      nPathname = sqlite3Strlen30(zPathname);
+      zFilename = 0;
+    }
+  }
+#endif
+
+  /* Compute and store the full pathname in an allocated buffer pointed
+  ** to by zPathname, length nPathname. Or, if this is a temporary file,
+  ** leave both nPathname and zPathname set to 0.
+  */
+  if( zFilename && zFilename[0] ){
+    const char *z;
+    nPathname = pVfs->mxPathname+1;
+    zPathname = sqlite3DbMallocRaw(0, nPathname*2);
+    if( zPathname==0 ){
+      return SQLITE_NOMEM;
+    }
+    zPathname[0] = 0; /* Make sure initialized even if FullPathname() fails */
+    rc = sqlite3OsFullPathname(pVfs, zFilename, nPathname, zPathname);
+    nPathname = sqlite3Strlen30(zPathname);
+    z = zUri = &zFilename[sqlite3Strlen30(zFilename)+1];
+    while( *z ){
+      z += sqlite3Strlen30(z)+1;
+      z += sqlite3Strlen30(z)+1;
+    }
+    nUri = (int)(&z[1] - zUri);
+    assert( nUri>=0 );
+    if( rc==SQLITE_OK && nPathname+8>pVfs->mxPathname ){
+      /* This branch is taken when the journal path required by
+      ** the database being opened will be more than pVfs->mxPathname
+      ** bytes in length. This means the database cannot be opened,
+      ** as it will not be possible to open the journal file or even
+      ** check for a hot-journal before reading.
+      */
+      rc = SQLITE_CANTOPEN_BKPT;
+    }
+    if( rc!=SQLITE_OK ){
+      sqlite3DbFree(0, zPathname);
+      return rc;
+    }
+  }
+
+  /* Allocate memory for the Pager structure, PCache object, the
+  ** three file descriptors, the database file name and the journal 
+  ** file name. The layout in memory is as follows:
+  **
+  **     Pager object                    (sizeof(Pager) bytes)
+  **     PCache object                   (sqlite3PcacheSize() bytes)
+  **     Database file handle            (pVfs->szOsFile bytes)
+  **     Sub-journal file handle         (journalFileSize bytes)
+  **     Main journal file handle        (journalFileSize bytes)
+  **     Database file name              (nPathname+1 bytes)
+  **     Journal file name               (nPathname+8+1 bytes)
+  */
+  pPtr = (u8 *)sqlite3MallocZero(
+    ROUND8(sizeof(*pPager)) +      /* Pager structure */
+    ROUND8(pcacheSize) +           /* PCache object */
+    ROUND8(pVfs->szOsFile) +       /* The main db file */
+    journalFileSize * 2 +          /* The two journal files */ 
+    nPathname + 1 + nUri +         /* zFilename */
+    nPathname + 8 + 2              /* zJournal */
+#ifndef SQLITE_OMIT_WAL
+    + nPathname + 4 + 2            /* zWal */
+#endif
+  );
+  assert( EIGHT_BYTE_ALIGNMENT(SQLITE_INT_TO_PTR(journalFileSize)) );
+  if( !pPtr ){
+    sqlite3DbFree(0, zPathname);
+    return SQLITE_NOMEM;
+  }
+  pPager =              (Pager*)(pPtr);
+  pPager->pPCache =    (PCache*)(pPtr += ROUND8(sizeof(*pPager)));
+  pPager->fd =   (sqlite3_file*)(pPtr += ROUND8(pcacheSize));
+  pPager->sjfd = (sqlite3_file*)(pPtr += ROUND8(pVfs->szOsFile));
+  pPager->jfd =  (sqlite3_file*)(pPtr += journalFileSize);
+  pPager->zFilename =    (char*)(pPtr += journalFileSize);
+  assert( EIGHT_BYTE_ALIGNMENT(pPager->jfd) );
+
+  /* Fill in the Pager.zFilename and Pager.zJournal buffers, if required. */
+  if( zPathname ){
+    assert( nPathname>0 );
+    pPager->zJournal =   (char*)(pPtr += nPathname + 1 + nUri);
+    memcpy(pPager->zFilename, zPathname, nPathname);
+    if( nUri ) memcpy(&pPager->zFilename[nPathname+1], zUri, nUri);
+    memcpy(pPager->zJournal, zPathname, nPathname);
+    memcpy(&pPager->zJournal[nPathname], "-journal\000", 8+2);
+    sqlite3FileSuffix3(pPager->zFilename, pPager->zJournal);
+#ifndef SQLITE_OMIT_WAL
+    pPager->zWal = &pPager->zJournal[nPathname+8+1];
+    memcpy(pPager->zWal, zPathname, nPathname);
+    memcpy(&pPager->zWal[nPathname], "-wal\000", 4+1);
+    sqlite3FileSuffix3(pPager->zFilename, pPager->zWal);
+#endif
+    sqlite3DbFree(0, zPathname);
+  }
+  pPager->pVfs = pVfs;
+  pPager->vfsFlags = vfsFlags;
+
+  /* Open the pager file.
+  */
+  if( zFilename && zFilename[0] ){
+    int fout = 0;                    /* VFS flags returned by xOpen() */
+    rc = sqlite3OsOpen(pVfs, pPager->zFilename, pPager->fd, vfsFlags, &fout);
+    assert( !memDb );
+    readOnly = (fout&SQLITE_OPEN_READONLY);
+
+    /* If the file was successfully opened for read/write access,
+    ** choose a default page size in case we have to create the
+    ** database file. The default page size is the maximum of:
+    **
+    **    + SQLITE_DEFAULT_PAGE_SIZE,
+    **    + The value returned by sqlite3OsSectorSize()
+    **    + The largest page size that can be written atomically.
+    */
+    if( rc==SQLITE_OK ){
+      int iDc = sqlite3OsDeviceCharacteristics(pPager->fd);
+      if( !readOnly ){
+        setSectorSize(pPager);
+        assert(SQLITE_DEFAULT_PAGE_SIZE<=SQLITE_MAX_DEFAULT_PAGE_SIZE);
+        if( szPageDflt<pPager->sectorSize ){
+          if( pPager->sectorSize>SQLITE_MAX_DEFAULT_PAGE_SIZE ){
+            szPageDflt = SQLITE_MAX_DEFAULT_PAGE_SIZE;
+          }else{
+            szPageDflt = (u32)pPager->sectorSize;
+          }
+        }
+#ifdef SQLITE_ENABLE_ATOMIC_WRITE
+        {
+          int ii;
+          assert(SQLITE_IOCAP_ATOMIC512==(512>>8));
+          assert(SQLITE_IOCAP_ATOMIC64K==(65536>>8));
+          assert(SQLITE_MAX_DEFAULT_PAGE_SIZE<=65536);
+          for(ii=szPageDflt; ii<=SQLITE_MAX_DEFAULT_PAGE_SIZE; ii=ii*2){
+            if( iDc&(SQLITE_IOCAP_ATOMIC|(ii>>8)) ){
+              szPageDflt = ii;
+            }
+          }
+        }
+#endif
+      }
+      pPager->noLock = sqlite3_uri_boolean(zFilename, "nolock", 0);
+      if( (iDc & SQLITE_IOCAP_IMMUTABLE)!=0
+       || sqlite3_uri_boolean(zFilename, "immutable", 0) ){
+          vfsFlags |= SQLITE_OPEN_READONLY;
+          goto act_like_temp_file;
+      }
+    }
+  }else{
+    /* If a temporary file is requested, it is not opened immediately.
+    ** In this case we accept the default page size and delay actually
+    ** opening the file until the first call to OsWrite().
+    **
+    ** This branch is also run for an in-memory database. An in-memory
+    ** database is the same as a temp-file that is never written out to
+    ** disk and uses an in-memory rollback journal.
+    **
+    ** This branch also runs for files marked as immutable.
+    */ 
+act_like_temp_file:
+    tempFile = 1;
+    pPager->eState = PAGER_READER;     /* Pretend we already have a lock */
+    pPager->eLock = EXCLUSIVE_LOCK;    /* Pretend we are in EXCLUSIVE mode */
+    pPager->noLock = 1;                /* Do no locking */
+    readOnly = (vfsFlags&SQLITE_OPEN_READONLY);
+  }
+
+  /* The following call to PagerSetPagesize() serves to set the value of 
+  ** Pager.pageSize and to allocate the Pager.pTmpSpace buffer.
+  */
+  if( rc==SQLITE_OK ){
+    assert( pPager->memDb==0 );
+    rc = sqlite3PagerSetPagesize(pPager, &szPageDflt, -1);
+    testcase( rc!=SQLITE_OK );
+  }
+
+  /* Initialize the PCache object. */
+  if( rc==SQLITE_OK ){
+    assert( nExtra<1000 );
+    nExtra = ROUND8(nExtra);
+    rc = sqlite3PcacheOpen(szPageDflt, nExtra, !memDb,
+                       !memDb?pagerStress:0, (void *)pPager, pPager->pPCache);
+  }
+
+  /* If an error occurred above, free the  Pager structure and close the file.
+  */
+  if( rc!=SQLITE_OK ){
+    sqlite3OsClose(pPager->fd);
+    sqlite3PageFree(pPager->pTmpSpace);
+    sqlite3_free(pPager);
+    return rc;
+  }
+
+  PAGERTRACE(("OPEN %d %s\n", FILEHANDLEID(pPager->fd), pPager->zFilename));
+  IOTRACE(("OPEN %p %s\n", pPager, pPager->zFilename))
+
+  pPager->useJournal = (u8)useJournal;
+  /* pPager->stmtOpen = 0; */
+  /* pPager->stmtInUse = 0; */
+  /* pPager->nRef = 0; */
+  /* pPager->stmtSize = 0; */
+  /* pPager->stmtJSize = 0; */
+  /* pPager->nPage = 0; */
+  pPager->mxPgno = SQLITE_MAX_PAGE_COUNT;
+  /* pPager->state = PAGER_UNLOCK; */
+  /* pPager->errMask = 0; */
+  pPager->tempFile = (u8)tempFile;
+  assert( tempFile==PAGER_LOCKINGMODE_NORMAL 
+          || tempFile==PAGER_LOCKINGMODE_EXCLUSIVE );
+  assert( PAGER_LOCKINGMODE_EXCLUSIVE==1 );
+  pPager->exclusiveMode = (u8)tempFile; 
+  pPager->changeCountDone = pPager->tempFile;
+  pPager->memDb = (u8)memDb;
+  pPager->readOnly = (u8)readOnly;
+  assert( useJournal || pPager->tempFile );
+  pPager->noSync = pPager->tempFile;
+  if( pPager->noSync ){
+    assert( pPager->fullSync==0 );
+    assert( pPager->syncFlags==0 );
+    assert( pPager->walSyncFlags==0 );
+    assert( pPager->ckptSyncFlags==0 );
+  }else{
+    pPager->fullSync = 1;
+    pPager->syncFlags = SQLITE_SYNC_NORMAL;
+    pPager->walSyncFlags = SQLITE_SYNC_NORMAL | WAL_SYNC_TRANSACTIONS;
+    pPager->ckptSyncFlags = SQLITE_SYNC_NORMAL;
+  }
+  /* pPager->pFirst = 0; */
+  /* pPager->pFirstSynced = 0; */
+  /* pPager->pLast = 0; */
+  pPager->nExtra = (u16)nExtra;
+  pPager->journalSizeLimit = SQLITE_DEFAULT_JOURNAL_SIZE_LIMIT;
+  assert( isOpen(pPager->fd) || tempFile );
+  setSectorSize(pPager);
+  if( !useJournal ){
+    pPager->journalMode = PAGER_JOURNALMODE_OFF;
+  }else if( memDb ){
+    pPager->journalMode = PAGER_JOURNALMODE_MEMORY;
+  }
+  /* pPager->xBusyHandler = 0; */
+  /* pPager->pBusyHandlerArg = 0; */
+  pPager->xReiniter = xReinit;
+  /* memset(pPager->aHash, 0, sizeof(pPager->aHash)); */
+  /* pPager->szMmap = SQLITE_DEFAULT_MMAP_SIZE // will be set by btree.c */
+
+  *ppPager = pPager;
+  return SQLITE_OK;
+}
+
+
+/* Verify that the database file has not be deleted or renamed out from
+** under the pager.  Return SQLITE_OK if the database is still were it ought
+** to be on disk.  Return non-zero (SQLITE_READONLY_DBMOVED or some other error
+** code from sqlite3OsAccess()) if the database has gone missing.
+*/
+static int databaseIsUnmoved(Pager *pPager){
+  int bHasMoved = 0;
+  int rc;
+
+  if( pPager->tempFile ) return SQLITE_OK;
+  if( pPager->dbSize==0 ) return SQLITE_OK;
+  assert( pPager->zFilename && pPager->zFilename[0] );
+  rc = sqlite3OsFileControl(pPager->fd, SQLITE_FCNTL_HAS_MOVED, &bHasMoved);
+  if( rc==SQLITE_NOTFOUND ){
+    /* If the HAS_MOVED file-control is unimplemented, assume that the file
+    ** has not been moved.  That is the historical behavior of SQLite: prior to
+    ** version 3.8.3, it never checked */
+    rc = SQLITE_OK;
+  }else if( rc==SQLITE_OK && bHasMoved ){
+    rc = SQLITE_READONLY_DBMOVED;
+  }
+  return rc;
+}
+
+
+/*
+** This function is called after transitioning from PAGER_UNLOCK to
+** PAGER_SHARED state. It tests if there is a hot journal present in
+** the file-system for the given pager. A hot journal is one that 
+** needs to be played back. According to this function, a hot-journal
+** file exists if the following criteria are met:
+**
+**   * The journal file exists in the file system, and
+**   * No process holds a RESERVED or greater lock on the database file, and
+**   * The database file itself is greater than 0 bytes in size, and
+**   * The first byte of the journal file exists and is not 0x00.
+**
+** If the current size of the database file is 0 but a journal file
+** exists, that is probably an old journal left over from a prior
+** database with the same name. In this case the journal file is
+** just deleted using OsDelete, *pExists is set to 0 and SQLITE_OK
+** is returned.
+**
+** This routine does not check if there is a master journal filename
+** at the end of the file. If there is, and that master journal file
+** does not exist, then the journal file is not really hot. In this
+** case this routine will return a false-positive. The pager_playback()
+** routine will discover that the journal file is not really hot and 
+** will not roll it back. 
+**
+** If a hot-journal file is found to exist, *pExists is set to 1 and 
+** SQLITE_OK returned. If no hot-journal file is present, *pExists is
+** set to 0 and SQLITE_OK returned. If an IO error occurs while trying
+** to determine whether or not a hot-journal file exists, the IO error
+** code is returned and the value of *pExists is undefined.
+*/
+static int hasHotJournal(Pager *pPager, int *pExists){
+  sqlite3_vfs * const pVfs = pPager->pVfs;
+  int rc = SQLITE_OK;           /* Return code */
+  int exists = 1;               /* True if a journal file is present */
+  int jrnlOpen = !!isOpen(pPager->jfd);
+
+  assert( pPager->useJournal );
+  assert( isOpen(pPager->fd) );
+  assert( pPager->eState==PAGER_OPEN );
+
+  assert( jrnlOpen==0 || ( sqlite3OsDeviceCharacteristics(pPager->jfd) &
+    SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN
+  ));
+
+  *pExists = 0;
+  if( !jrnlOpen ){
+    rc = sqlite3OsAccess(pVfs, pPager->zJournal, SQLITE_ACCESS_EXISTS, &exists);
+  }
+  if( rc==SQLITE_OK && exists ){
+    int locked = 0;             /* True if some process holds a RESERVED lock */
+
+    /* Race condition here:  Another process might have been holding the
+    ** the RESERVED lock and have a journal open at the sqlite3OsAccess() 
+    ** call above, but then delete the journal and drop the lock before
+    ** we get to the following sqlite3OsCheckReservedLock() call.  If that
+    ** is the case, this routine might think there is a hot journal when
+    ** in fact there is none.  This results in a false-positive which will
+    ** be dealt with by the playback routine.  Ticket #3883.
+    */
+    rc = sqlite3OsCheckReservedLock(pPager->fd, &locked);
+    if( rc==SQLITE_OK && !locked ){
+      Pgno nPage;                 /* Number of pages in database file */
+
+      rc = pagerPagecount(pPager, &nPage);
+      if( rc==SQLITE_OK ){
+        /* If the database is zero pages in size, that means that either (1) the
+        ** journal is a remnant from a prior database with the same name where
+        ** the database file but not the journal was deleted, or (2) the initial
+        ** transaction that populates a new database is being rolled back.
+        ** In either case, the journal file can be deleted.  However, take care
+        ** not to delete the journal file if it is already open due to
+        ** journal_mode=PERSIST.
+        */
+        if( nPage==0 && !jrnlOpen ){
+          sqlite3BeginBenignMalloc();
+          if( pagerLockDb(pPager, RESERVED_LOCK)==SQLITE_OK ){
+            sqlite3OsDelete(pVfs, pPager->zJournal, 0);
+            if( !pPager->exclusiveMode ) pagerUnlockDb(pPager, SHARED_LOCK);
+          }
+          sqlite3EndBenignMalloc();
+        }else{
+          /* The journal file exists and no other connection has a reserved
+          ** or greater lock on the database file. Now check that there is
+          ** at least one non-zero bytes at the start of the journal file.
+          ** If there is, then we consider this journal to be hot. If not, 
+          ** it can be ignored.
+          */
+          if( !jrnlOpen ){
+            int f = SQLITE_OPEN_READONLY|SQLITE_OPEN_MAIN_JOURNAL;
+            rc = sqlite3OsOpen(pVfs, pPager->zJournal, pPager->jfd, f, &f);
+          }
+          if( rc==SQLITE_OK ){
+            u8 first = 0;
+            rc = sqlite3OsRead(pPager->jfd, (void *)&first, 1, 0);
+            if( rc==SQLITE_IOERR_SHORT_READ ){
+              rc = SQLITE_OK;
+            }
+            if( !jrnlOpen ){
+              sqlite3OsClose(pPager->jfd);
+            }
+            *pExists = (first!=0);
+          }else if( rc==SQLITE_CANTOPEN ){
+            /* If we cannot open the rollback journal file in order to see if
+            ** it has a zero header, that might be due to an I/O error, or
+            ** it might be due to the race condition described above and in
+            ** ticket #3883.  Either way, assume that the journal is hot.
+            ** This might be a false positive.  But if it is, then the
+            ** automatic journal playback and recovery mechanism will deal
+            ** with it under an EXCLUSIVE lock where we do not need to
+            ** worry so much with race conditions.
+            */
+            *pExists = 1;
+            rc = SQLITE_OK;
+          }
+        }
+      }
+    }
+  }
+
+  return rc;
+}
+
+/*
+** This function is called to obtain a shared lock on the database file.
+** It is illegal to call sqlite3PagerGet() until after this function
+** has been successfully called. If a shared-lock is already held when
+** this function is called, it is a no-op.
+**
+** The following operations are also performed by this function.
+**
+**   1) If the pager is currently in PAGER_OPEN state (no lock held
+**      on the database file), then an attempt is made to obtain a
+**      SHARED lock on the database file. Immediately after obtaining
+**      the SHARED lock, the file-system is checked for a hot-journal,
+**      which is played back if present. Following any hot-journal 
+**      rollback, the contents of the cache are validated by checking
+**      the 'change-counter' field of the database file header and
+**      discarded if they are found to be invalid.
+**
+**   2) If the pager is running in exclusive-mode, and there are currently
+**      no outstanding references to any pages, and is in the error state,
+**      then an attempt is made to clear the error state by discarding
+**      the contents of the page cache and rolling back any open journal
+**      file.
+**
+** If everything is successful, SQLITE_OK is returned. If an IO error 
+** occurs while locking the database, checking for a hot-journal file or 
+** rolling back a journal file, the IO error code is returned.
+*/
+SQLITE_PRIVATE int sqlite3PagerSharedLock(Pager *pPager){
+  int rc = SQLITE_OK;                /* Return code */
+
+  /* This routine is only called from b-tree and only when there are no
+  ** outstanding pages. This implies that the pager state should either
+  ** be OPEN or READER. READER is only possible if the pager is or was in 
+  ** exclusive access mode.
+  */
+  assert( sqlite3PcacheRefCount(pPager->pPCache)==0 );
+  assert( assert_pager_state(pPager) );
+  assert( pPager->eState==PAGER_OPEN || pPager->eState==PAGER_READER );
+  if( NEVER(MEMDB && pPager->errCode) ){ return pPager->errCode; }
+
+  if( !pagerUseWal(pPager) && pPager->eState==PAGER_OPEN ){
+    int bHotJournal = 1;          /* True if there exists a hot journal-file */
+
+    assert( !MEMDB );
+
+    rc = pager_wait_on_lock(pPager, SHARED_LOCK);
+    if( rc!=SQLITE_OK ){
+      assert( pPager->eLock==NO_LOCK || pPager->eLock==UNKNOWN_LOCK );
+      goto failed;
+    }
+
+    /* If a journal file exists, and there is no RESERVED lock on the
+    ** database file, then it either needs to be played back or deleted.
+    */
+    if( pPager->eLock<=SHARED_LOCK ){
+      rc = hasHotJournal(pPager, &bHotJournal);
+    }
+    if( rc!=SQLITE_OK ){
+      goto failed;
+    }
+    if( bHotJournal ){
+      if( pPager->readOnly ){
+        rc = SQLITE_READONLY_ROLLBACK;
+        goto failed;
+      }
+
+      /* Get an EXCLUSIVE lock on the database file. At this point it is
+      ** important that a RESERVED lock is not obtained on the way to the
+      ** EXCLUSIVE lock. If it were, another process might open the
+      ** database file, detect the RESERVED lock, and conclude that the
+      ** database is safe to read while this process is still rolling the 
+      ** hot-journal back.
+      ** 
+      ** Because the intermediate RESERVED lock is not requested, any
+      ** other process attempting to access the database file will get to 
+      ** this point in the code and fail to obtain its own EXCLUSIVE lock 
+      ** on the database file.
+      **
+      ** Unless the pager is in locking_mode=exclusive mode, the lock is
+      ** downgraded to SHARED_LOCK before this function returns.
+      */
+      rc = pagerLockDb(pPager, EXCLUSIVE_LOCK);
+      if( rc!=SQLITE_OK ){
+        goto failed;
+      }
+ 
+      /* If it is not already open and the file exists on disk, open the 
+      ** journal for read/write access. Write access is required because 
+      ** in exclusive-access mode the file descriptor will be kept open 
+      ** and possibly used for a transaction later on. Also, write-access 
+      ** is usually required to finalize the journal in journal_mode=persist 
+      ** mode (and also for journal_mode=truncate on some systems).
+      **
+      ** If the journal does not exist, it usually means that some 
+      ** other connection managed to get in and roll it back before 
+      ** this connection obtained the exclusive lock above. Or, it 
+      ** may mean that the pager was in the error-state when this
+      ** function was called and the journal file does not exist.
+      */
+      if( !isOpen(pPager->jfd) ){
+        sqlite3_vfs * const pVfs = pPager->pVfs;
+        int bExists;              /* True if journal file exists */
+        rc = sqlite3OsAccess(
+            pVfs, pPager->zJournal, SQLITE_ACCESS_EXISTS, &bExists);
+        if( rc==SQLITE_OK && bExists ){
+          int fout = 0;
+          int f = SQLITE_OPEN_READWRITE|SQLITE_OPEN_MAIN_JOURNAL;
+          assert( !pPager->tempFile );
+          rc = sqlite3OsOpen(pVfs, pPager->zJournal, pPager->jfd, f, &fout);
+          assert( rc!=SQLITE_OK || isOpen(pPager->jfd) );
+          if( rc==SQLITE_OK && fout&SQLITE_OPEN_READONLY ){
+            rc = SQLITE_CANTOPEN_BKPT;
+            sqlite3OsClose(pPager->jfd);
+          }
+        }
+      }
+ 
+      /* Playback and delete the journal.  Drop the database write
+      ** lock and reacquire the read lock. Purge the cache before
+      ** playing back the hot-journal so that we don't end up with
+      ** an inconsistent cache.  Sync the hot journal before playing
+      ** it back since the process that crashed and left the hot journal
+      ** probably did not sync it and we are required to always sync
+      ** the journal before playing it back.
+      */
+      if( isOpen(pPager->jfd) ){
+        assert( rc==SQLITE_OK );
+        rc = pagerSyncHotJournal(pPager);
+        if( rc==SQLITE_OK ){
+          rc = pager_playback(pPager, 1);
+          pPager->eState = PAGER_OPEN;
+        }
+      }else if( !pPager->exclusiveMode ){
+        pagerUnlockDb(pPager, SHARED_LOCK);
+      }
+
+      if( rc!=SQLITE_OK ){
+        /* This branch is taken if an error occurs while trying to open
+        ** or roll back a hot-journal while holding an EXCLUSIVE lock. The
+        ** pager_unlock() routine will be called before returning to unlock
+        ** the file. If the unlock attempt fails, then Pager.eLock must be
+        ** set to UNKNOWN_LOCK (see the comment above the #define for 
+        ** UNKNOWN_LOCK above for an explanation). 
+        **
+        ** In order to get pager_unlock() to do this, set Pager.eState to
+        ** PAGER_ERROR now. This is not actually counted as a transition
+        ** to ERROR state in the state diagram at the top of this file,
+        ** since we know that the same call to pager_unlock() will very
+        ** shortly transition the pager object to the OPEN state. Calling
+        ** assert_pager_state() would fail now, as it should not be possible
+        ** to be in ERROR state when there are zero outstanding page 
+        ** references.
+        */
+        pager_error(pPager, rc);
+        goto failed;
+      }
+
+      assert( pPager->eState==PAGER_OPEN );
+      assert( (pPager->eLock==SHARED_LOCK)
+           || (pPager->exclusiveMode && pPager->eLock>SHARED_LOCK)
+      );
+    }
+
+    if( !pPager->tempFile && pPager->hasHeldSharedLock ){
+      /* The shared-lock has just been acquired then check to
+      ** see if the database has been modified.  If the database has changed,
+      ** flush the cache.  The hasHeldSharedLock flag prevents this from
+      ** occurring on the very first access to a file, in order to save a
+      ** single unnecessary sqlite3OsRead() call at the start-up.
+      **
+      ** Database changes are detected by looking at 15 bytes beginning
+      ** at offset 24 into the file.  The first 4 of these 16 bytes are
+      ** a 32-bit counter that is incremented with each change.  The
+      ** other bytes change randomly with each file change when
+      ** a codec is in use.
+      ** 
+      ** There is a vanishingly small chance that a change will not be 
+      ** detected.  The chance of an undetected change is so small that
+      ** it can be neglected.
+      */
+      Pgno nPage = 0;
+      char dbFileVers[sizeof(pPager->dbFileVers)];
+
+      rc = pagerPagecount(pPager, &nPage);
+      if( rc ) goto failed;
+
+      if( nPage>0 ){
+        IOTRACE(("CKVERS %p %d\n", pPager, sizeof(dbFileVers)));
+        rc = sqlite3OsRead(pPager->fd, &dbFileVers, sizeof(dbFileVers), 24);
+        if( rc!=SQLITE_OK && rc!=SQLITE_IOERR_SHORT_READ ){
+          goto failed;
+        }
+      }else{
+        memset(dbFileVers, 0, sizeof(dbFileVers));
+      }
+
+      if( memcmp(pPager->dbFileVers, dbFileVers, sizeof(dbFileVers))!=0 ){
+        pager_reset(pPager);
+
+        /* Unmap the database file. It is possible that external processes
+        ** may have truncated the database file and then extended it back
+        ** to its original size while this process was not holding a lock.
+        ** In this case there may exist a Pager.pMap mapping that appears
+        ** to be the right size but is not actually valid. Avoid this
+        ** possibility by unmapping the db here. */
+        if( USEFETCH(pPager) ){
+          sqlite3OsUnfetch(pPager->fd, 0, 0);
+        }
+      }
+    }
+
+    /* If there is a WAL file in the file-system, open this database in WAL
+    ** mode. Otherwise, the following function call is a no-op.
+    */
+    rc = pagerOpenWalIfPresent(pPager);
+#ifndef SQLITE_OMIT_WAL
+    assert( pPager->pWal==0 || rc==SQLITE_OK );
+#endif
+  }
+
+  if( pagerUseWal(pPager) ){
+    assert( rc==SQLITE_OK );
+    rc = pagerBeginReadTransaction(pPager);
+  }
+
+  if( pPager->eState==PAGER_OPEN && rc==SQLITE_OK ){
+    rc = pagerPagecount(pPager, &pPager->dbSize);
+  }
+
+ failed:
+  if( rc!=SQLITE_OK ){
+    assert( !MEMDB );
+    pager_unlock(pPager);
+    assert( pPager->eState==PAGER_OPEN );
+  }else{
+    pPager->eState = PAGER_READER;
+    pPager->hasHeldSharedLock = 1;
+  }
+  return rc;
+}
+
+/*
+** If the reference count has reached zero, rollback any active
+** transaction and unlock the pager.
+**
+** Except, in locking_mode=EXCLUSIVE when there is nothing to in
+** the rollback journal, the unlock is not performed and there is
+** nothing to rollback, so this routine is a no-op.
+*/ 
+static void pagerUnlockIfUnused(Pager *pPager){
+  if( pPager->nMmapOut==0 && (sqlite3PcacheRefCount(pPager->pPCache)==0) ){
+    pagerUnlockAndRollback(pPager);
+  }
+}
+
+/*
+** Acquire a reference to page number pgno in pager pPager (a page
+** reference has type DbPage*). If the requested reference is 
+** successfully obtained, it is copied to *ppPage and SQLITE_OK returned.
+**
+** If the requested page is already in the cache, it is returned. 
+** Otherwise, a new page object is allocated and populated with data
+** read from the database file. In some cases, the pcache module may
+** choose not to allocate a new page object and may reuse an existing
+** object with no outstanding references.
+**
+** The extra data appended to a page is always initialized to zeros the 
+** first time a page is loaded into memory. If the page requested is 
+** already in the cache when this function is called, then the extra
+** data is left as it was when the page object was last used.
+**
+** If the database image is smaller than the requested page or if a 
+** non-zero value is passed as the noContent parameter and the 
+** requested page is not already stored in the cache, then no 
+** actual disk read occurs. In this case the memory image of the 
+** page is initialized to all zeros. 
+**
+** If noContent is true, it means that we do not care about the contents
+** of the page. This occurs in two scenarios:
+**
+**   a) When reading a free-list leaf page from the database, and
+**
+**   b) When a savepoint is being rolled back and we need to load
+**      a new page into the cache to be filled with the data read
+**      from the savepoint journal.
+**
+** If noContent is true, then the data returned is zeroed instead of
+** being read from the database. Additionally, the bits corresponding
+** to pgno in Pager.pInJournal (bitvec of pages already written to the
+** journal file) and the PagerSavepoint.pInSavepoint bitvecs of any open
+** savepoints are set. This means if the page is made writable at any
+** point in the future, using a call to sqlite3PagerWrite(), its contents
+** will not be journaled. This saves IO.
+**
+** The acquisition might fail for several reasons.  In all cases,
+** an appropriate error code is returned and *ppPage is set to NULL.
+**
+** See also sqlite3PagerLookup().  Both this routine and Lookup() attempt
+** to find a page in the in-memory cache first.  If the page is not already
+** in memory, this routine goes to disk to read it in whereas Lookup()
+** just returns 0.  This routine acquires a read-lock the first time it
+** has to go to disk, and could also playback an old journal if necessary.
+** Since Lookup() never goes to disk, it never has to deal with locks
+** or journal files.
+*/
+SQLITE_PRIVATE int sqlite3PagerGet(
+  Pager *pPager,      /* The pager open on the database file */
+  Pgno pgno,          /* Page number to fetch */
+  DbPage **ppPage,    /* Write a pointer to the page here */
+  int flags           /* PAGER_GET_XXX flags */
+){
+  int rc = SQLITE_OK;
+  PgHdr *pPg = 0;
+  u32 iFrame = 0;                 /* Frame to read from WAL file */
+  const int noContent = (flags & PAGER_GET_NOCONTENT);
+
+  /* It is acceptable to use a read-only (mmap) page for any page except
+  ** page 1 if there is no write-transaction open or the ACQUIRE_READONLY
+  ** flag was specified by the caller. And so long as the db is not a 
+  ** temporary or in-memory database.  */
+  const int bMmapOk = (pgno>1 && USEFETCH(pPager)
+   && (pPager->eState==PAGER_READER || (flags & PAGER_GET_READONLY))
+#ifdef SQLITE_HAS_CODEC
+   && pPager->xCodec==0
+#endif
+  );
+
+  /* Optimization note:  Adding the "pgno<=1" term before "pgno==0" here
+  ** allows the compiler optimizer to reuse the results of the "pgno>1"
+  ** test in the previous statement, and avoid testing pgno==0 in the
+  ** common case where pgno is large. */
+  if( pgno<=1 && pgno==0 ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+  assert( pPager->eState>=PAGER_READER );
+  assert( assert_pager_state(pPager) );
+  assert( noContent==0 || bMmapOk==0 );
+
+  assert( pPager->hasHeldSharedLock==1 );
+
+  /* If the pager is in the error state, return an error immediately. 
+  ** Otherwise, request the page from the PCache layer. */
+  if( pPager->errCode!=SQLITE_OK ){
+    rc = pPager->errCode;
+  }else{
+    if( bMmapOk && pagerUseWal(pPager) ){
+      rc = sqlite3WalFindFrame(pPager->pWal, pgno, &iFrame);
+      if( rc!=SQLITE_OK ) goto pager_acquire_err;
+    }
+
+    if( bMmapOk && iFrame==0 ){
+      void *pData = 0;
+
+      rc = sqlite3OsFetch(pPager->fd, 
+          (i64)(pgno-1) * pPager->pageSize, pPager->pageSize, &pData
+      );
+
+      if( rc==SQLITE_OK && pData ){
+        if( pPager->eState>PAGER_READER ){
+          pPg = sqlite3PagerLookup(pPager, pgno);
+        }
+        if( pPg==0 ){
+          rc = pagerAcquireMapPage(pPager, pgno, pData, &pPg);
+        }else{
+          sqlite3OsUnfetch(pPager->fd, (i64)(pgno-1)*pPager->pageSize, pData);
+        }
+        if( pPg ){
+          assert( rc==SQLITE_OK );
+          *ppPage = pPg;
+          return SQLITE_OK;
+        }
+      }
+      if( rc!=SQLITE_OK ){
+        goto pager_acquire_err;
+      }
+    }
+
+    {
+      sqlite3_pcache_page *pBase;
+      pBase = sqlite3PcacheFetch(pPager->pPCache, pgno, 3);
+      if( pBase==0 ){
+        rc = sqlite3PcacheFetchStress(pPager->pPCache, pgno, &pBase);
+        if( rc!=SQLITE_OK ) goto pager_acquire_err;
+        if( pBase==0 ){
+          pPg = *ppPage = 0;
+          rc = SQLITE_NOMEM;
+          goto pager_acquire_err;
+        }
+      }
+      pPg = *ppPage = sqlite3PcacheFetchFinish(pPager->pPCache, pgno, pBase);
+      assert( pPg!=0 );
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    /* Either the call to sqlite3PcacheFetch() returned an error or the
+    ** pager was already in the error-state when this function was called.
+    ** Set pPg to 0 and jump to the exception handler.  */
+    pPg = 0;
+    goto pager_acquire_err;
+  }
+  assert( pPg==(*ppPage) );
+  assert( pPg->pgno==pgno );
+  assert( pPg->pPager==pPager || pPg->pPager==0 );
+
+  if( pPg->pPager && !noContent ){
+    /* In this case the pcache already contains an initialized copy of
+    ** the page. Return without further ado.  */
+    assert( pgno<=PAGER_MAX_PGNO && pgno!=PAGER_MJ_PGNO(pPager) );
+    pPager->aStat[PAGER_STAT_HIT]++;
+    return SQLITE_OK;
+
+  }else{
+    /* The pager cache has created a new page. Its content needs to 
+    ** be initialized.  */
+
+    pPg->pPager = pPager;
+
+    /* The maximum page number is 2^31. Return SQLITE_CORRUPT if a page
+    ** number greater than this, or the unused locking-page, is requested. */
+    if( pgno>PAGER_MAX_PGNO || pgno==PAGER_MJ_PGNO(pPager) ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto pager_acquire_err;
+    }
+
+    if( MEMDB || pPager->dbSize<pgno || noContent || !isOpen(pPager->fd) ){
+      if( pgno>pPager->mxPgno ){
+        rc = SQLITE_FULL;
+        goto pager_acquire_err;
+      }
+      if( noContent ){
+        /* Failure to set the bits in the InJournal bit-vectors is benign.
+        ** It merely means that we might do some extra work to journal a 
+        ** page that does not need to be journaled.  Nevertheless, be sure 
+        ** to test the case where a malloc error occurs while trying to set 
+        ** a bit in a bit vector.
+        */
+        sqlite3BeginBenignMalloc();
+        if( pgno<=pPager->dbOrigSize ){
+          TESTONLY( rc = ) sqlite3BitvecSet(pPager->pInJournal, pgno);
+          testcase( rc==SQLITE_NOMEM );
+        }
+        TESTONLY( rc = ) addToSavepointBitvecs(pPager, pgno);
+        testcase( rc==SQLITE_NOMEM );
+        sqlite3EndBenignMalloc();
+      }
+      memset(pPg->pData, 0, pPager->pageSize);
+      IOTRACE(("ZERO %p %d\n", pPager, pgno));
+    }else{
+      if( pagerUseWal(pPager) && bMmapOk==0 ){
+        rc = sqlite3WalFindFrame(pPager->pWal, pgno, &iFrame);
+        if( rc!=SQLITE_OK ) goto pager_acquire_err;
+      }
+      assert( pPg->pPager==pPager );
+      pPager->aStat[PAGER_STAT_MISS]++;
+      rc = readDbPage(pPg, iFrame);
+      if( rc!=SQLITE_OK ){
+        goto pager_acquire_err;
+      }
+    }
+    pager_set_pagehash(pPg);
+  }
+
+  return SQLITE_OK;
+
+pager_acquire_err:
+  assert( rc!=SQLITE_OK );
+  if( pPg ){
+    sqlite3PcacheDrop(pPg);
+  }
+  pagerUnlockIfUnused(pPager);
+
+  *ppPage = 0;
+  return rc;
+}
+
+/*
+** Acquire a page if it is already in the in-memory cache.  Do
+** not read the page from disk.  Return a pointer to the page,
+** or 0 if the page is not in cache. 
+**
+** See also sqlite3PagerGet().  The difference between this routine
+** and sqlite3PagerGet() is that _get() will go to the disk and read
+** in the page if the page is not already in cache.  This routine
+** returns NULL if the page is not in cache or if a disk I/O error 
+** has ever happened.
+*/
+SQLITE_PRIVATE DbPage *sqlite3PagerLookup(Pager *pPager, Pgno pgno){
+  sqlite3_pcache_page *pPage;
+  assert( pPager!=0 );
+  assert( pgno!=0 );
+  assert( pPager->pPCache!=0 );
+  pPage = sqlite3PcacheFetch(pPager->pPCache, pgno, 0);
+  assert( pPage==0 || pPager->hasHeldSharedLock );
+  if( pPage==0 ) return 0;
+  return sqlite3PcacheFetchFinish(pPager->pPCache, pgno, pPage);
+}
+
+/*
+** Release a page reference.
+**
+** If the number of references to the page drop to zero, then the
+** page is added to the LRU list.  When all references to all pages
+** are released, a rollback occurs and the lock on the database is
+** removed.
+*/
+SQLITE_PRIVATE void sqlite3PagerUnrefNotNull(DbPage *pPg){
+  Pager *pPager;
+  assert( pPg!=0 );
+  pPager = pPg->pPager;
+  if( pPg->flags & PGHDR_MMAP ){
+    pagerReleaseMapPage(pPg);
+  }else{
+    sqlite3PcacheRelease(pPg);
+  }
+  pagerUnlockIfUnused(pPager);
+}
+SQLITE_PRIVATE void sqlite3PagerUnref(DbPage *pPg){
+  if( pPg ) sqlite3PagerUnrefNotNull(pPg);
+}
+
+/*
+** This function is called at the start of every write transaction.
+** There must already be a RESERVED or EXCLUSIVE lock on the database 
+** file when this routine is called.
+**
+** Open the journal file for pager pPager and write a journal header
+** to the start of it. If there are active savepoints, open the sub-journal
+** as well. This function is only used when the journal file is being 
+** opened to write a rollback log for a transaction. It is not used 
+** when opening a hot journal file to roll it back.
+**
+** If the journal file is already open (as it may be in exclusive mode),
+** then this function just writes a journal header to the start of the
+** already open file. 
+**
+** Whether or not the journal file is opened by this function, the
+** Pager.pInJournal bitvec structure is allocated.
+**
+** Return SQLITE_OK if everything is successful. Otherwise, return 
+** SQLITE_NOMEM if the attempt to allocate Pager.pInJournal fails, or 
+** an IO error code if opening or writing the journal file fails.
+*/
+static int pager_open_journal(Pager *pPager){
+  int rc = SQLITE_OK;                        /* Return code */
+  sqlite3_vfs * const pVfs = pPager->pVfs;   /* Local cache of vfs pointer */
+
+  assert( pPager->eState==PAGER_WRITER_LOCKED );
+  assert( assert_pager_state(pPager) );
+  assert( pPager->pInJournal==0 );
+  
+  /* If already in the error state, this function is a no-op.  But on
+  ** the other hand, this routine is never called if we are already in
+  ** an error state. */
+  if( NEVER(pPager->errCode) ) return pPager->errCode;
+
+  if( !pagerUseWal(pPager) && pPager->journalMode!=PAGER_JOURNALMODE_OFF ){
+    pPager->pInJournal = sqlite3BitvecCreate(pPager->dbSize);
+    if( pPager->pInJournal==0 ){
+      return SQLITE_NOMEM;
+    }
+  
+    /* Open the journal file if it is not already open. */
+    if( !isOpen(pPager->jfd) ){
+      if( pPager->journalMode==PAGER_JOURNALMODE_MEMORY ){
+        sqlite3MemJournalOpen(pPager->jfd);
+      }else{
+        const int flags =                   /* VFS flags to open journal file */
+          SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|
+          (pPager->tempFile ? 
+            (SQLITE_OPEN_DELETEONCLOSE|SQLITE_OPEN_TEMP_JOURNAL):
+            (SQLITE_OPEN_MAIN_JOURNAL)
+          );
+
+        /* Verify that the database still has the same name as it did when
+        ** it was originally opened. */
+        rc = databaseIsUnmoved(pPager);
+        if( rc==SQLITE_OK ){
+#ifdef SQLITE_ENABLE_ATOMIC_WRITE
+          rc = sqlite3JournalOpen(
+              pVfs, pPager->zJournal, pPager->jfd, flags, jrnlBufferSize(pPager)
+          );
+#else
+          rc = sqlite3OsOpen(pVfs, pPager->zJournal, pPager->jfd, flags, 0);
+#endif
+        }
+      }
+      assert( rc!=SQLITE_OK || isOpen(pPager->jfd) );
+    }
+  
+  
+    /* Write the first journal header to the journal file and open 
+    ** the sub-journal if necessary.
+    */
+    if( rc==SQLITE_OK ){
+      /* TODO: Check if all of these are really required. */
+      pPager->nRec = 0;
+      pPager->journalOff = 0;
+      pPager->setMaster = 0;
+      pPager->journalHdr = 0;
+      rc = writeJournalHdr(pPager);
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    sqlite3BitvecDestroy(pPager->pInJournal);
+    pPager->pInJournal = 0;
+  }else{
+    assert( pPager->eState==PAGER_WRITER_LOCKED );
+    pPager->eState = PAGER_WRITER_CACHEMOD;
+  }
+
+  return rc;
+}
+
+/*
+** Begin a write-transaction on the specified pager object. If a 
+** write-transaction has already been opened, this function is a no-op.
+**
+** If the exFlag argument is false, then acquire at least a RESERVED
+** lock on the database file. If exFlag is true, then acquire at least
+** an EXCLUSIVE lock. If such a lock is already held, no locking 
+** functions need be called.
+**
+** If the subjInMemory argument is non-zero, then any sub-journal opened
+** within this transaction will be opened as an in-memory file. This
+** has no effect if the sub-journal is already opened (as it may be when
+** running in exclusive mode) or if the transaction does not require a
+** sub-journal. If the subjInMemory argument is zero, then any required
+** sub-journal is implemented in-memory if pPager is an in-memory database, 
+** or using a temporary file otherwise.
+*/
+SQLITE_PRIVATE int sqlite3PagerBegin(Pager *pPager, int exFlag, int subjInMemory){
+  int rc = SQLITE_OK;
+
+  if( pPager->errCode ) return pPager->errCode;
+  assert( pPager->eState>=PAGER_READER && pPager->eState<PAGER_ERROR );
+  pPager->subjInMemory = (u8)subjInMemory;
+
+  if( ALWAYS(pPager->eState==PAGER_READER) ){
+    assert( pPager->pInJournal==0 );
+
+    if( pagerUseWal(pPager) ){
+      /* If the pager is configured to use locking_mode=exclusive, and an
+      ** exclusive lock on the database is not already held, obtain it now.
+      */
+      if( pPager->exclusiveMode && sqlite3WalExclusiveMode(pPager->pWal, -1) ){
+        rc = pagerLockDb(pPager, EXCLUSIVE_LOCK);
+        if( rc!=SQLITE_OK ){
+          return rc;
+        }
+        (void)sqlite3WalExclusiveMode(pPager->pWal, 1);
+      }
+
+      /* Grab the write lock on the log file. If successful, upgrade to
+      ** PAGER_RESERVED state. Otherwise, return an error code to the caller.
+      ** The busy-handler is not invoked if another connection already
+      ** holds the write-lock. If possible, the upper layer will call it.
+      */
+      rc = sqlite3WalBeginWriteTransaction(pPager->pWal);
+    }else{
+      /* Obtain a RESERVED lock on the database file. If the exFlag parameter
+      ** is true, then immediately upgrade this to an EXCLUSIVE lock. The
+      ** busy-handler callback can be used when upgrading to the EXCLUSIVE
+      ** lock, but not when obtaining the RESERVED lock.
+      */
+      rc = pagerLockDb(pPager, RESERVED_LOCK);
+      if( rc==SQLITE_OK && exFlag ){
+        rc = pager_wait_on_lock(pPager, EXCLUSIVE_LOCK);
+      }
+    }
+
+    if( rc==SQLITE_OK ){
+      /* Change to WRITER_LOCKED state.
+      **
+      ** WAL mode sets Pager.eState to PAGER_WRITER_LOCKED or CACHEMOD
+      ** when it has an open transaction, but never to DBMOD or FINISHED.
+      ** This is because in those states the code to roll back savepoint 
+      ** transactions may copy data from the sub-journal into the database 
+      ** file as well as into the page cache. Which would be incorrect in 
+      ** WAL mode.
+      */
+      pPager->eState = PAGER_WRITER_LOCKED;
+      pPager->dbHintSize = pPager->dbSize;
+      pPager->dbFileSize = pPager->dbSize;
+      pPager->dbOrigSize = pPager->dbSize;
+      pPager->journalOff = 0;
+    }
+
+    assert( rc==SQLITE_OK || pPager->eState==PAGER_READER );
+    assert( rc!=SQLITE_OK || pPager->eState==PAGER_WRITER_LOCKED );
+    assert( assert_pager_state(pPager) );
+  }
+
+  PAGERTRACE(("TRANSACTION %d\n", PAGERID(pPager)));
+  return rc;
+}
+
+/*
+** Write page pPg onto the end of the rollback journal.
+*/
+static SQLITE_NOINLINE int pagerAddPageToRollbackJournal(PgHdr *pPg){
+  Pager *pPager = pPg->pPager;
+  int rc;
+  u32 cksum;
+  char *pData2;
+  i64 iOff = pPager->journalOff;
+
+  /* We should never write to the journal file the page that
+  ** contains the database locks.  The following assert verifies
+  ** that we do not. */
+  assert( pPg->pgno!=PAGER_MJ_PGNO(pPager) );
+
+  assert( pPager->journalHdr<=pPager->journalOff );
+  CODEC2(pPager, pPg->pData, pPg->pgno, 7, return SQLITE_NOMEM, pData2);
+  cksum = pager_cksum(pPager, (u8*)pData2);
+
+  /* Even if an IO or diskfull error occurs while journalling the
+  ** page in the block above, set the need-sync flag for the page.
+  ** Otherwise, when the transaction is rolled back, the logic in
+  ** playback_one_page() will think that the page needs to be restored
+  ** in the database file. And if an IO error occurs while doing so,
+  ** then corruption may follow.
+  */
+  pPg->flags |= PGHDR_NEED_SYNC;
+
+  rc = write32bits(pPager->jfd, iOff, pPg->pgno);
+  if( rc!=SQLITE_OK ) return rc;
+  rc = sqlite3OsWrite(pPager->jfd, pData2, pPager->pageSize, iOff+4);
+  if( rc!=SQLITE_OK ) return rc;
+  rc = write32bits(pPager->jfd, iOff+pPager->pageSize+4, cksum);
+  if( rc!=SQLITE_OK ) return rc;
+
+  IOTRACE(("JOUT %p %d %lld %d\n", pPager, pPg->pgno, 
+           pPager->journalOff, pPager->pageSize));
+  PAGER_INCR(sqlite3_pager_writej_count);
+  PAGERTRACE(("JOURNAL %d page %d needSync=%d hash(%08x)\n",
+       PAGERID(pPager), pPg->pgno, 
+       ((pPg->flags&PGHDR_NEED_SYNC)?1:0), pager_pagehash(pPg)));
+
+  pPager->journalOff += 8 + pPager->pageSize;
+  pPager->nRec++;
+  assert( pPager->pInJournal!=0 );
+  rc = sqlite3BitvecSet(pPager->pInJournal, pPg->pgno);
+  testcase( rc==SQLITE_NOMEM );
+  assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
+  rc |= addToSavepointBitvecs(pPager, pPg->pgno);
+  assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
+  return rc;
+}
+
+/*
+** Mark a single data page as writeable. The page is written into the 
+** main journal or sub-journal as required. If the page is written into
+** one of the journals, the corresponding bit is set in the 
+** Pager.pInJournal bitvec and the PagerSavepoint.pInSavepoint bitvecs
+** of any open savepoints as appropriate.
+*/
+static int pager_write(PgHdr *pPg){
+  Pager *pPager = pPg->pPager;
+  int rc = SQLITE_OK;
+
+  /* This routine is not called unless a write-transaction has already 
+  ** been started. The journal file may or may not be open at this point.
+  ** It is never called in the ERROR state.
+  */
+  assert( pPager->eState==PAGER_WRITER_LOCKED
+       || pPager->eState==PAGER_WRITER_CACHEMOD
+       || pPager->eState==PAGER_WRITER_DBMOD
+  );
+  assert( assert_pager_state(pPager) );
+  assert( pPager->errCode==0 );
+  assert( pPager->readOnly==0 );
+  CHECK_PAGE(pPg);
+
+  /* The journal file needs to be opened. Higher level routines have already
+  ** obtained the necessary locks to begin the write-transaction, but the
+  ** rollback journal might not yet be open. Open it now if this is the case.
+  **
+  ** This is done before calling sqlite3PcacheMakeDirty() on the page. 
+  ** Otherwise, if it were done after calling sqlite3PcacheMakeDirty(), then
+  ** an error might occur and the pager would end up in WRITER_LOCKED state
+  ** with pages marked as dirty in the cache.
+  */
+  if( pPager->eState==PAGER_WRITER_LOCKED ){
+    rc = pager_open_journal(pPager);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+  assert( pPager->eState>=PAGER_WRITER_CACHEMOD );
+  assert( assert_pager_state(pPager) );
+
+  /* Mark the page that is about to be modified as dirty. */
+  sqlite3PcacheMakeDirty(pPg);
+
+  /* If a rollback journal is in use, them make sure the page that is about
+  ** to change is in the rollback journal, or if the page is a new page off
+  ** then end of the file, make sure it is marked as PGHDR_NEED_SYNC.
+  */
+  assert( (pPager->pInJournal!=0) == isOpen(pPager->jfd) );
+  if( pPager->pInJournal!=0
+   && sqlite3BitvecTestNotNull(pPager->pInJournal, pPg->pgno)==0
+  ){
+    assert( pagerUseWal(pPager)==0 );
+    if( pPg->pgno<=pPager->dbOrigSize ){
+      rc = pagerAddPageToRollbackJournal(pPg);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+    }else{
+      if( pPager->eState!=PAGER_WRITER_DBMOD ){
+        pPg->flags |= PGHDR_NEED_SYNC;
+      }
+      PAGERTRACE(("APPEND %d page %d needSync=%d\n",
+              PAGERID(pPager), pPg->pgno,
+             ((pPg->flags&PGHDR_NEED_SYNC)?1:0)));
+    }
+  }
+
+  /* The PGHDR_DIRTY bit is set above when the page was added to the dirty-list
+  ** and before writing the page into the rollback journal.  Wait until now,
+  ** after the page has been successfully journalled, before setting the
+  ** PGHDR_WRITEABLE bit that indicates that the page can be safely modified.
+  */
+  pPg->flags |= PGHDR_WRITEABLE;
+  
+  /* If the statement journal is open and the page is not in it,
+  ** then write the page into the statement journal.
+  */
+  if( pPager->nSavepoint>0 ){
+    rc = subjournalPageIfRequired(pPg);
+  }
+
+  /* Update the database size and return. */
+  if( pPager->dbSize<pPg->pgno ){
+    pPager->dbSize = pPg->pgno;
+  }
+  return rc;
+}
+
+/*
+** This is a variant of sqlite3PagerWrite() that runs when the sector size
+** is larger than the page size.  SQLite makes the (reasonable) assumption that
+** all bytes of a sector are written together by hardware.  Hence, all bytes of
+** a sector need to be journalled in case of a power loss in the middle of
+** a write.
+**
+** Usually, the sector size is less than or equal to the page size, in which
+** case pages can be individually written.  This routine only runs in the
+** exceptional case where the page size is smaller than the sector size.
+*/
+static SQLITE_NOINLINE int pagerWriteLargeSector(PgHdr *pPg){
+  int rc = SQLITE_OK;          /* Return code */
+  Pgno nPageCount;             /* Total number of pages in database file */
+  Pgno pg1;                    /* First page of the sector pPg is located on. */
+  int nPage = 0;               /* Number of pages starting at pg1 to journal */
+  int ii;                      /* Loop counter */
+  int needSync = 0;            /* True if any page has PGHDR_NEED_SYNC */
+  Pager *pPager = pPg->pPager; /* The pager that owns pPg */
+  Pgno nPagePerSector = (pPager->sectorSize/pPager->pageSize);
+
+  /* Set the doNotSpill NOSYNC bit to 1. This is because we cannot allow
+  ** a journal header to be written between the pages journaled by
+  ** this function.
+  */
+  assert( !MEMDB );
+  assert( (pPager->doNotSpill & SPILLFLAG_NOSYNC)==0 );
+  pPager->doNotSpill |= SPILLFLAG_NOSYNC;
+
+  /* This trick assumes that both the page-size and sector-size are
+  ** an integer power of 2. It sets variable pg1 to the identifier
+  ** of the first page of the sector pPg is located on.
+  */
+  pg1 = ((pPg->pgno-1) & ~(nPagePerSector-1)) + 1;
+
+  nPageCount = pPager->dbSize;
+  if( pPg->pgno>nPageCount ){
+    nPage = (pPg->pgno - pg1)+1;
+  }else if( (pg1+nPagePerSector-1)>nPageCount ){
+    nPage = nPageCount+1-pg1;
+  }else{
+    nPage = nPagePerSector;
+  }
+  assert(nPage>0);
+  assert(pg1<=pPg->pgno);
+  assert((pg1+nPage)>pPg->pgno);
+
+  for(ii=0; ii<nPage && rc==SQLITE_OK; ii++){
+    Pgno pg = pg1+ii;
+    PgHdr *pPage;
+    if( pg==pPg->pgno || !sqlite3BitvecTest(pPager->pInJournal, pg) ){
+      if( pg!=PAGER_MJ_PGNO(pPager) ){
+        rc = sqlite3PagerGet(pPager, pg, &pPage, 0);
+        if( rc==SQLITE_OK ){
+          rc = pager_write(pPage);
+          if( pPage->flags&PGHDR_NEED_SYNC ){
+            needSync = 1;
+          }
+          sqlite3PagerUnrefNotNull(pPage);
+        }
+      }
+    }else if( (pPage = sqlite3PagerLookup(pPager, pg))!=0 ){
+      if( pPage->flags&PGHDR_NEED_SYNC ){
+        needSync = 1;
+      }
+      sqlite3PagerUnrefNotNull(pPage);
+    }
+  }
+
+  /* If the PGHDR_NEED_SYNC flag is set for any of the nPage pages 
+  ** starting at pg1, then it needs to be set for all of them. Because
+  ** writing to any of these nPage pages may damage the others, the
+  ** journal file must contain sync()ed copies of all of them
+  ** before any of them can be written out to the database file.
+  */
+  if( rc==SQLITE_OK && needSync ){
+    assert( !MEMDB );
+    for(ii=0; ii<nPage; ii++){
+      PgHdr *pPage = sqlite3PagerLookup(pPager, pg1+ii);
+      if( pPage ){
+        pPage->flags |= PGHDR_NEED_SYNC;
+        sqlite3PagerUnrefNotNull(pPage);
+      }
+    }
+  }
+
+  assert( (pPager->doNotSpill & SPILLFLAG_NOSYNC)!=0 );
+  pPager->doNotSpill &= ~SPILLFLAG_NOSYNC;
+  return rc;
+}
+
+/*
+** Mark a data page as writeable. This routine must be called before 
+** making changes to a page. The caller must check the return value 
+** of this function and be careful not to change any page data unless 
+** this routine returns SQLITE_OK.
+**
+** The difference between this function and pager_write() is that this
+** function also deals with the special case where 2 or more pages
+** fit on a single disk sector. In this case all co-resident pages
+** must have been written to the journal file before returning.
+**
+** If an error occurs, SQLITE_NOMEM or an IO error code is returned
+** as appropriate. Otherwise, SQLITE_OK.
+*/
+SQLITE_PRIVATE int sqlite3PagerWrite(PgHdr *pPg){
+  Pager *pPager = pPg->pPager;
+  assert( (pPg->flags & PGHDR_MMAP)==0 );
+  assert( pPager->eState>=PAGER_WRITER_LOCKED );
+  assert( assert_pager_state(pPager) );
+  if( pPager->errCode ){
+    return pPager->errCode;
+  }else if( (pPg->flags & PGHDR_WRITEABLE)!=0 && pPager->dbSize>=pPg->pgno ){
+    if( pPager->nSavepoint ) return subjournalPageIfRequired(pPg);
+    return SQLITE_OK;
+  }else if( pPager->sectorSize > (u32)pPager->pageSize ){
+    return pagerWriteLargeSector(pPg);
+  }else{
+    return pager_write(pPg);
+  }
+}
+
+/*
+** Return TRUE if the page given in the argument was previously passed
+** to sqlite3PagerWrite().  In other words, return TRUE if it is ok
+** to change the content of the page.
+*/
+#ifndef NDEBUG
+SQLITE_PRIVATE int sqlite3PagerIswriteable(DbPage *pPg){
+  return pPg->flags & PGHDR_WRITEABLE;
+}
+#endif
+
+/*
+** A call to this routine tells the pager that it is not necessary to
+** write the information on page pPg back to the disk, even though
+** that page might be marked as dirty.  This happens, for example, when
+** the page has been added as a leaf of the freelist and so its
+** content no longer matters.
+**
+** The overlying software layer calls this routine when all of the data
+** on the given page is unused. The pager marks the page as clean so
+** that it does not get written to disk.
+**
+** Tests show that this optimization can quadruple the speed of large 
+** DELETE operations.
+*/
+SQLITE_PRIVATE void sqlite3PagerDontWrite(PgHdr *pPg){
+  Pager *pPager = pPg->pPager;
+  if( (pPg->flags&PGHDR_DIRTY) && pPager->nSavepoint==0 ){
+    PAGERTRACE(("DONT_WRITE page %d of %d\n", pPg->pgno, PAGERID(pPager)));
+    IOTRACE(("CLEAN %p %d\n", pPager, pPg->pgno))
+    pPg->flags |= PGHDR_DONT_WRITE;
+    pPg->flags &= ~PGHDR_WRITEABLE;
+    pager_set_pagehash(pPg);
+  }
+}
+
+/*
+** This routine is called to increment the value of the database file 
+** change-counter, stored as a 4-byte big-endian integer starting at 
+** byte offset 24 of the pager file.  The secondary change counter at
+** 92 is also updated, as is the SQLite version number at offset 96.
+**
+** But this only happens if the pPager->changeCountDone flag is false.
+** To avoid excess churning of page 1, the update only happens once.
+** See also the pager_write_changecounter() routine that does an 
+** unconditional update of the change counters.
+**
+** If the isDirectMode flag is zero, then this is done by calling 
+** sqlite3PagerWrite() on page 1, then modifying the contents of the
+** page data. In this case the file will be updated when the current
+** transaction is committed.
+**
+** The isDirectMode flag may only be non-zero if the library was compiled
+** with the SQLITE_ENABLE_ATOMIC_WRITE macro defined. In this case,
+** if isDirect is non-zero, then the database file is updated directly
+** by writing an updated version of page 1 using a call to the 
+** sqlite3OsWrite() function.
+*/
+static int pager_incr_changecounter(Pager *pPager, int isDirectMode){
+  int rc = SQLITE_OK;
+
+  assert( pPager->eState==PAGER_WRITER_CACHEMOD
+       || pPager->eState==PAGER_WRITER_DBMOD
+  );
+  assert( assert_pager_state(pPager) );
+
+  /* Declare and initialize constant integer 'isDirect'. If the
+  ** atomic-write optimization is enabled in this build, then isDirect
+  ** is initialized to the value passed as the isDirectMode parameter
+  ** to this function. Otherwise, it is always set to zero.
+  **
+  ** The idea is that if the atomic-write optimization is not
+  ** enabled at compile time, the compiler can omit the tests of
+  ** 'isDirect' below, as well as the block enclosed in the
+  ** "if( isDirect )" condition.
+  */
+#ifndef SQLITE_ENABLE_ATOMIC_WRITE
+# define DIRECT_MODE 0
+  assert( isDirectMode==0 );
+  UNUSED_PARAMETER(isDirectMode);
+#else
+# define DIRECT_MODE isDirectMode
+#endif
+
+  if( !pPager->changeCountDone && ALWAYS(pPager->dbSize>0) ){
+    PgHdr *pPgHdr;                /* Reference to page 1 */
+
+    assert( !pPager->tempFile && isOpen(pPager->fd) );
+
+    /* Open page 1 of the file for writing. */
+    rc = sqlite3PagerGet(pPager, 1, &pPgHdr, 0);
+    assert( pPgHdr==0 || rc==SQLITE_OK );
+
+    /* If page one was fetched successfully, and this function is not
+    ** operating in direct-mode, make page 1 writable.  When not in 
+    ** direct mode, page 1 is always held in cache and hence the PagerGet()
+    ** above is always successful - hence the ALWAYS on rc==SQLITE_OK.
+    */
+    if( !DIRECT_MODE && ALWAYS(rc==SQLITE_OK) ){
+      rc = sqlite3PagerWrite(pPgHdr);
+    }
+
+    if( rc==SQLITE_OK ){
+      /* Actually do the update of the change counter */
+      pager_write_changecounter(pPgHdr);
+
+      /* If running in direct mode, write the contents of page 1 to the file. */
+      if( DIRECT_MODE ){
+        const void *zBuf;
+        assert( pPager->dbFileSize>0 );
+        CODEC2(pPager, pPgHdr->pData, 1, 6, rc=SQLITE_NOMEM, zBuf);
+        if( rc==SQLITE_OK ){
+          rc = sqlite3OsWrite(pPager->fd, zBuf, pPager->pageSize, 0);
+          pPager->aStat[PAGER_STAT_WRITE]++;
+        }
+        if( rc==SQLITE_OK ){
+          /* Update the pager's copy of the change-counter. Otherwise, the
+          ** next time a read transaction is opened the cache will be
+          ** flushed (as the change-counter values will not match).  */
+          const void *pCopy = (const void *)&((const char *)zBuf)[24];
+          memcpy(&pPager->dbFileVers, pCopy, sizeof(pPager->dbFileVers));
+          pPager->changeCountDone = 1;
+        }
+      }else{
+        pPager->changeCountDone = 1;
+      }
+    }
+
+    /* Release the page reference. */
+    sqlite3PagerUnref(pPgHdr);
+  }
+  return rc;
+}
+
+/*
+** Sync the database file to disk. This is a no-op for in-memory databases
+** or pages with the Pager.noSync flag set.
+**
+** If successful, or if called on a pager for which it is a no-op, this
+** function returns SQLITE_OK. Otherwise, an IO error code is returned.
+*/
+SQLITE_PRIVATE int sqlite3PagerSync(Pager *pPager, const char *zMaster){
+  int rc = SQLITE_OK;
+
+  if( isOpen(pPager->fd) ){
+    void *pArg = (void*)zMaster;
+    rc = sqlite3OsFileControl(pPager->fd, SQLITE_FCNTL_SYNC, pArg);
+    if( rc==SQLITE_NOTFOUND ) rc = SQLITE_OK;
+  }
+  if( rc==SQLITE_OK && !pPager->noSync ){
+    assert( !MEMDB );
+    rc = sqlite3OsSync(pPager->fd, pPager->syncFlags);
+  }
+  return rc;
+}
+
+/*
+** This function may only be called while a write-transaction is active in
+** rollback. If the connection is in WAL mode, this call is a no-op. 
+** Otherwise, if the connection does not already have an EXCLUSIVE lock on 
+** the database file, an attempt is made to obtain one.
+**
+** If the EXCLUSIVE lock is already held or the attempt to obtain it is
+** successful, or the connection is in WAL mode, SQLITE_OK is returned.
+** Otherwise, either SQLITE_BUSY or an SQLITE_IOERR_XXX error code is 
+** returned.
+*/
+SQLITE_PRIVATE int sqlite3PagerExclusiveLock(Pager *pPager){
+  int rc = pPager->errCode;
+  assert( assert_pager_state(pPager) );
+  if( rc==SQLITE_OK ){
+    assert( pPager->eState==PAGER_WRITER_CACHEMOD 
+         || pPager->eState==PAGER_WRITER_DBMOD 
+         || pPager->eState==PAGER_WRITER_LOCKED 
+    );
+    assert( assert_pager_state(pPager) );
+    if( 0==pagerUseWal(pPager) ){
+      rc = pager_wait_on_lock(pPager, EXCLUSIVE_LOCK);
+    }
+  }
+  return rc;
+}
+
+/*
+** Sync the database file for the pager pPager. zMaster points to the name
+** of a master journal file that should be written into the individual
+** journal file. zMaster may be NULL, which is interpreted as no master
+** journal (a single database transaction).
+**
+** This routine ensures that:
+**
+**   * The database file change-counter is updated,
+**   * the journal is synced (unless the atomic-write optimization is used),
+**   * all dirty pages are written to the database file, 
+**   * the database file is truncated (if required), and
+**   * the database file synced. 
+**
+** The only thing that remains to commit the transaction is to finalize 
+** (delete, truncate or zero the first part of) the journal file (or 
+** delete the master journal file if specified).
+**
+** Note that if zMaster==NULL, this does not overwrite a previous value
+** passed to an sqlite3PagerCommitPhaseOne() call.
+**
+** If the final parameter - noSync - is true, then the database file itself
+** is not synced. The caller must call sqlite3PagerSync() directly to
+** sync the database file before calling CommitPhaseTwo() to delete the
+** journal file in this case.
+*/
+SQLITE_PRIVATE int sqlite3PagerCommitPhaseOne(
+  Pager *pPager,                  /* Pager object */
+  const char *zMaster,            /* If not NULL, the master journal name */
+  int noSync                      /* True to omit the xSync on the db file */
+){
+  int rc = SQLITE_OK;             /* Return code */
+
+  assert( pPager->eState==PAGER_WRITER_LOCKED
+       || pPager->eState==PAGER_WRITER_CACHEMOD
+       || pPager->eState==PAGER_WRITER_DBMOD
+       || pPager->eState==PAGER_ERROR
+  );
+  assert( assert_pager_state(pPager) );
+
+  /* If a prior error occurred, report that error again. */
+  if( NEVER(pPager->errCode) ) return pPager->errCode;
+
+  PAGERTRACE(("DATABASE SYNC: File=%s zMaster=%s nSize=%d\n", 
+      pPager->zFilename, zMaster, pPager->dbSize));
+
+  /* If no database changes have been made, return early. */
+  if( pPager->eState<PAGER_WRITER_CACHEMOD ) return SQLITE_OK;
+
+  if( MEMDB ){
+    /* If this is an in-memory db, or no pages have been written to, or this
+    ** function has already been called, it is mostly a no-op.  However, any
+    ** backup in progress needs to be restarted.
+    */
+    sqlite3BackupRestart(pPager->pBackup);
+  }else{
+    if( pagerUseWal(pPager) ){
+      PgHdr *pList = sqlite3PcacheDirtyList(pPager->pPCache);
+      PgHdr *pPageOne = 0;
+      if( pList==0 ){
+        /* Must have at least one page for the WAL commit flag.
+        ** Ticket [2d1a5c67dfc2363e44f29d9bbd57f] 2011-05-18 */
+        rc = sqlite3PagerGet(pPager, 1, &pPageOne, 0);
+        pList = pPageOne;
+        pList->pDirty = 0;
+      }
+      assert( rc==SQLITE_OK );
+      if( ALWAYS(pList) ){
+        rc = pagerWalFrames(pPager, pList, pPager->dbSize, 1);
+      }
+      sqlite3PagerUnref(pPageOne);
+      if( rc==SQLITE_OK ){
+        sqlite3PcacheCleanAll(pPager->pPCache);
+      }
+    }else{
+      /* The following block updates the change-counter. Exactly how it
+      ** does this depends on whether or not the atomic-update optimization
+      ** was enabled at compile time, and if this transaction meets the 
+      ** runtime criteria to use the operation: 
+      **
+      **    * The file-system supports the atomic-write property for
+      **      blocks of size page-size, and 
+      **    * This commit is not part of a multi-file transaction, and
+      **    * Exactly one page has been modified and store in the journal file.
+      **
+      ** If the optimization was not enabled at compile time, then the
+      ** pager_incr_changecounter() function is called to update the change
+      ** counter in 'indirect-mode'. If the optimization is compiled in but
+      ** is not applicable to this transaction, call sqlite3JournalCreate()
+      ** to make sure the journal file has actually been created, then call
+      ** pager_incr_changecounter() to update the change-counter in indirect
+      ** mode. 
+      **
+      ** Otherwise, if the optimization is both enabled and applicable,
+      ** then call pager_incr_changecounter() to update the change-counter
+      ** in 'direct' mode. In this case the journal file will never be
+      ** created for this transaction.
+      */
+  #ifdef SQLITE_ENABLE_ATOMIC_WRITE
+      PgHdr *pPg;
+      assert( isOpen(pPager->jfd) 
+           || pPager->journalMode==PAGER_JOURNALMODE_OFF 
+           || pPager->journalMode==PAGER_JOURNALMODE_WAL 
+      );
+      if( !zMaster && isOpen(pPager->jfd) 
+       && pPager->journalOff==jrnlBufferSize(pPager) 
+       && pPager->dbSize>=pPager->dbOrigSize
+       && (0==(pPg = sqlite3PcacheDirtyList(pPager->pPCache)) || 0==pPg->pDirty)
+      ){
+        /* Update the db file change counter via the direct-write method. The 
+        ** following call will modify the in-memory representation of page 1 
+        ** to include the updated change counter and then write page 1 
+        ** directly to the database file. Because of the atomic-write 
+        ** property of the host file-system, this is safe.
+        */
+        rc = pager_incr_changecounter(pPager, 1);
+      }else{
+        rc = sqlite3JournalCreate(pPager->jfd);
+        if( rc==SQLITE_OK ){
+          rc = pager_incr_changecounter(pPager, 0);
+        }
+      }
+  #else
+      rc = pager_incr_changecounter(pPager, 0);
+  #endif
+      if( rc!=SQLITE_OK ) goto commit_phase_one_exit;
+  
+      /* Write the master journal name into the journal file. If a master 
+      ** journal file name has already been written to the journal file, 
+      ** or if zMaster is NULL (no master journal), then this call is a no-op.
+      */
+      rc = writeMasterJournal(pPager, zMaster);
+      if( rc!=SQLITE_OK ) goto commit_phase_one_exit;
+  
+      /* Sync the journal file and write all dirty pages to the database.
+      ** If the atomic-update optimization is being used, this sync will not 
+      ** create the journal file or perform any real IO.
+      **
+      ** Because the change-counter page was just modified, unless the
+      ** atomic-update optimization is used it is almost certain that the
+      ** journal requires a sync here. However, in locking_mode=exclusive
+      ** on a system under memory pressure it is just possible that this is 
+      ** not the case. In this case it is likely enough that the redundant
+      ** xSync() call will be changed to a no-op by the OS anyhow. 
+      */
+      rc = syncJournal(pPager, 0);
+      if( rc!=SQLITE_OK ) goto commit_phase_one_exit;
+  
+      rc = pager_write_pagelist(pPager,sqlite3PcacheDirtyList(pPager->pPCache));
+      if( rc!=SQLITE_OK ){
+        assert( rc!=SQLITE_IOERR_BLOCKED );
+        goto commit_phase_one_exit;
+      }
+      sqlite3PcacheCleanAll(pPager->pPCache);
+
+      /* If the file on disk is smaller than the database image, use 
+      ** pager_truncate to grow the file here. This can happen if the database
+      ** image was extended as part of the current transaction and then the
+      ** last page in the db image moved to the free-list. In this case the
+      ** last page is never written out to disk, leaving the database file
+      ** undersized. Fix this now if it is the case.  */
+      if( pPager->dbSize>pPager->dbFileSize ){
+        Pgno nNew = pPager->dbSize - (pPager->dbSize==PAGER_MJ_PGNO(pPager));
+        assert( pPager->eState==PAGER_WRITER_DBMOD );
+        rc = pager_truncate(pPager, nNew);
+        if( rc!=SQLITE_OK ) goto commit_phase_one_exit;
+      }
+  
+      /* Finally, sync the database file. */
+      if( !noSync ){
+        rc = sqlite3PagerSync(pPager, zMaster);
+      }
+      IOTRACE(("DBSYNC %p\n", pPager))
+    }
+  }
+
+commit_phase_one_exit:
+  if( rc==SQLITE_OK && !pagerUseWal(pPager) ){
+    pPager->eState = PAGER_WRITER_FINISHED;
+  }
+  return rc;
+}
+
+
+/*
+** When this function is called, the database file has been completely
+** updated to reflect the changes made by the current transaction and
+** synced to disk. The journal file still exists in the file-system 
+** though, and if a failure occurs at this point it will eventually
+** be used as a hot-journal and the current transaction rolled back.
+**
+** This function finalizes the journal file, either by deleting, 
+** truncating or partially zeroing it, so that it cannot be used 
+** for hot-journal rollback. Once this is done the transaction is
+** irrevocably committed.
+**
+** If an error occurs, an IO error code is returned and the pager
+** moves into the error state. Otherwise, SQLITE_OK is returned.
+*/
+SQLITE_PRIVATE int sqlite3PagerCommitPhaseTwo(Pager *pPager){
+  int rc = SQLITE_OK;                  /* Return code */
+
+  /* This routine should not be called if a prior error has occurred.
+  ** But if (due to a coding error elsewhere in the system) it does get
+  ** called, just return the same error code without doing anything. */
+  if( NEVER(pPager->errCode) ) return pPager->errCode;
+
+  assert( pPager->eState==PAGER_WRITER_LOCKED
+       || pPager->eState==PAGER_WRITER_FINISHED
+       || (pagerUseWal(pPager) && pPager->eState==PAGER_WRITER_CACHEMOD)
+  );
+  assert( assert_pager_state(pPager) );
+
+  /* An optimization. If the database was not actually modified during
+  ** this transaction, the pager is running in exclusive-mode and is
+  ** using persistent journals, then this function is a no-op.
+  **
+  ** The start of the journal file currently contains a single journal 
+  ** header with the nRec field set to 0. If such a journal is used as
+  ** a hot-journal during hot-journal rollback, 0 changes will be made
+  ** to the database file. So there is no need to zero the journal 
+  ** header. Since the pager is in exclusive mode, there is no need
+  ** to drop any locks either.
+  */
+  if( pPager->eState==PAGER_WRITER_LOCKED 
+   && pPager->exclusiveMode 
+   && pPager->journalMode==PAGER_JOURNALMODE_PERSIST
+  ){
+    assert( pPager->journalOff==JOURNAL_HDR_SZ(pPager) || !pPager->journalOff );
+    pPager->eState = PAGER_READER;
+    return SQLITE_OK;
+  }
+
+  PAGERTRACE(("COMMIT %d\n", PAGERID(pPager)));
+  pPager->iDataVersion++;
+  rc = pager_end_transaction(pPager, pPager->setMaster, 1);
+  return pager_error(pPager, rc);
+}
+
+/*
+** If a write transaction is open, then all changes made within the 
+** transaction are reverted and the current write-transaction is closed.
+** The pager falls back to PAGER_READER state if successful, or PAGER_ERROR
+** state if an error occurs.
+**
+** If the pager is already in PAGER_ERROR state when this function is called,
+** it returns Pager.errCode immediately. No work is performed in this case.
+**
+** Otherwise, in rollback mode, this function performs two functions:
+**
+**   1) It rolls back the journal file, restoring all database file and 
+**      in-memory cache pages to the state they were in when the transaction
+**      was opened, and
+**
+**   2) It finalizes the journal file, so that it is not used for hot
+**      rollback at any point in the future.
+**
+** Finalization of the journal file (task 2) is only performed if the 
+** rollback is successful.
+**
+** In WAL mode, all cache-entries containing data modified within the
+** current transaction are either expelled from the cache or reverted to
+** their pre-transaction state by re-reading data from the database or
+** WAL files. The WAL transaction is then closed.
+*/
+SQLITE_PRIVATE int sqlite3PagerRollback(Pager *pPager){
+  int rc = SQLITE_OK;                  /* Return code */
+  PAGERTRACE(("ROLLBACK %d\n", PAGERID(pPager)));
+
+  /* PagerRollback() is a no-op if called in READER or OPEN state. If
+  ** the pager is already in the ERROR state, the rollback is not 
+  ** attempted here. Instead, the error code is returned to the caller.
+  */
+  assert( assert_pager_state(pPager) );
+  if( pPager->eState==PAGER_ERROR ) return pPager->errCode;
+  if( pPager->eState<=PAGER_READER ) return SQLITE_OK;
+
+  if( pagerUseWal(pPager) ){
+    int rc2;
+    rc = sqlite3PagerSavepoint(pPager, SAVEPOINT_ROLLBACK, -1);
+    rc2 = pager_end_transaction(pPager, pPager->setMaster, 0);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }else if( !isOpen(pPager->jfd) || pPager->eState==PAGER_WRITER_LOCKED ){
+    int eState = pPager->eState;
+    rc = pager_end_transaction(pPager, 0, 0);
+    if( !MEMDB && eState>PAGER_WRITER_LOCKED ){
+      /* This can happen using journal_mode=off. Move the pager to the error 
+      ** state to indicate that the contents of the cache may not be trusted.
+      ** Any active readers will get SQLITE_ABORT.
+      */
+      pPager->errCode = SQLITE_ABORT;
+      pPager->eState = PAGER_ERROR;
+      return rc;
+    }
+  }else{
+    rc = pager_playback(pPager, 0);
+  }
+
+  assert( pPager->eState==PAGER_READER || rc!=SQLITE_OK );
+  assert( rc==SQLITE_OK || rc==SQLITE_FULL || rc==SQLITE_CORRUPT
+          || rc==SQLITE_NOMEM || (rc&0xFF)==SQLITE_IOERR 
+          || rc==SQLITE_CANTOPEN
+  );
+
+  /* If an error occurs during a ROLLBACK, we can no longer trust the pager
+  ** cache. So call pager_error() on the way out to make any error persistent.
+  */
+  return pager_error(pPager, rc);
+}
+
+/*
+** Return TRUE if the database file is opened read-only.  Return FALSE
+** if the database is (in theory) writable.
+*/
+SQLITE_PRIVATE u8 sqlite3PagerIsreadonly(Pager *pPager){
+  return pPager->readOnly;
+}
+
+#ifdef SQLITE_DEBUG
+/*
+** Return the sum of the reference counts for all pages held by pPager.
+*/
+SQLITE_PRIVATE int sqlite3PagerRefcount(Pager *pPager){
+  return sqlite3PcacheRefCount(pPager->pPCache);
+}
+#endif
+
+/*
+** Return the approximate number of bytes of memory currently
+** used by the pager and its associated cache.
+*/
+SQLITE_PRIVATE int sqlite3PagerMemUsed(Pager *pPager){
+  int perPageSize = pPager->pageSize + pPager->nExtra + sizeof(PgHdr)
+                                     + 5*sizeof(void*);
+  return perPageSize*sqlite3PcachePagecount(pPager->pPCache)
+           + sqlite3MallocSize(pPager)
+           + pPager->pageSize;
+}
+
+/*
+** Return the number of references to the specified page.
+*/
+SQLITE_PRIVATE int sqlite3PagerPageRefcount(DbPage *pPage){
+  return sqlite3PcachePageRefcount(pPage);
+}
+
+#ifdef SQLITE_TEST
+/*
+** This routine is used for testing and analysis only.
+*/
+SQLITE_PRIVATE int *sqlite3PagerStats(Pager *pPager){
+  static int a[11];
+  a[0] = sqlite3PcacheRefCount(pPager->pPCache);
+  a[1] = sqlite3PcachePagecount(pPager->pPCache);
+  a[2] = sqlite3PcacheGetCachesize(pPager->pPCache);
+  a[3] = pPager->eState==PAGER_OPEN ? -1 : (int) pPager->dbSize;
+  a[4] = pPager->eState;
+  a[5] = pPager->errCode;
+  a[6] = pPager->aStat[PAGER_STAT_HIT];
+  a[7] = pPager->aStat[PAGER_STAT_MISS];
+  a[8] = 0;  /* Used to be pPager->nOvfl */
+  a[9] = pPager->nRead;
+  a[10] = pPager->aStat[PAGER_STAT_WRITE];
+  return a;
+}
+#endif
+
+/*
+** Parameter eStat must be either SQLITE_DBSTATUS_CACHE_HIT or
+** SQLITE_DBSTATUS_CACHE_MISS. Before returning, *pnVal is incremented by the
+** current cache hit or miss count, according to the value of eStat. If the 
+** reset parameter is non-zero, the cache hit or miss count is zeroed before 
+** returning.
+*/
+SQLITE_PRIVATE void sqlite3PagerCacheStat(Pager *pPager, int eStat, int reset, int *pnVal){
+
+  assert( eStat==SQLITE_DBSTATUS_CACHE_HIT
+       || eStat==SQLITE_DBSTATUS_CACHE_MISS
+       || eStat==SQLITE_DBSTATUS_CACHE_WRITE
+  );
+
+  assert( SQLITE_DBSTATUS_CACHE_HIT+1==SQLITE_DBSTATUS_CACHE_MISS );
+  assert( SQLITE_DBSTATUS_CACHE_HIT+2==SQLITE_DBSTATUS_CACHE_WRITE );
+  assert( PAGER_STAT_HIT==0 && PAGER_STAT_MISS==1 && PAGER_STAT_WRITE==2 );
+
+  *pnVal += pPager->aStat[eStat - SQLITE_DBSTATUS_CACHE_HIT];
+  if( reset ){
+    pPager->aStat[eStat - SQLITE_DBSTATUS_CACHE_HIT] = 0;
+  }
+}
+
+/*
+** Return true if this is an in-memory pager.
+*/
+SQLITE_PRIVATE int sqlite3PagerIsMemdb(Pager *pPager){
+  return MEMDB;
+}
+
+/*
+** Check that there are at least nSavepoint savepoints open. If there are
+** currently less than nSavepoints open, then open one or more savepoints
+** to make up the difference. If the number of savepoints is already
+** equal to nSavepoint, then this function is a no-op.
+**
+** If a memory allocation fails, SQLITE_NOMEM is returned. If an error 
+** occurs while opening the sub-journal file, then an IO error code is
+** returned. Otherwise, SQLITE_OK.
+*/
+static SQLITE_NOINLINE int pagerOpenSavepoint(Pager *pPager, int nSavepoint){
+  int rc = SQLITE_OK;                       /* Return code */
+  int nCurrent = pPager->nSavepoint;        /* Current number of savepoints */
+  int ii;                                   /* Iterator variable */
+  PagerSavepoint *aNew;                     /* New Pager.aSavepoint array */
+
+  assert( pPager->eState>=PAGER_WRITER_LOCKED );
+  assert( assert_pager_state(pPager) );
+  assert( nSavepoint>nCurrent && pPager->useJournal );
+
+  /* Grow the Pager.aSavepoint array using realloc(). Return SQLITE_NOMEM
+  ** if the allocation fails. Otherwise, zero the new portion in case a 
+  ** malloc failure occurs while populating it in the for(...) loop below.
+  */
+  aNew = (PagerSavepoint *)sqlite3Realloc(
+      pPager->aSavepoint, sizeof(PagerSavepoint)*nSavepoint
+  );
+  if( !aNew ){
+    return SQLITE_NOMEM;
+  }
+  memset(&aNew[nCurrent], 0, (nSavepoint-nCurrent) * sizeof(PagerSavepoint));
+  pPager->aSavepoint = aNew;
+
+  /* Populate the PagerSavepoint structures just allocated. */
+  for(ii=nCurrent; ii<nSavepoint; ii++){
+    aNew[ii].nOrig = pPager->dbSize;
+    if( isOpen(pPager->jfd) && pPager->journalOff>0 ){
+      aNew[ii].iOffset = pPager->journalOff;
+    }else{
+      aNew[ii].iOffset = JOURNAL_HDR_SZ(pPager);
+    }
+    aNew[ii].iSubRec = pPager->nSubRec;
+    aNew[ii].pInSavepoint = sqlite3BitvecCreate(pPager->dbSize);
+    if( !aNew[ii].pInSavepoint ){
+      return SQLITE_NOMEM;
+    }
+    if( pagerUseWal(pPager) ){
+      sqlite3WalSavepoint(pPager->pWal, aNew[ii].aWalData);
+    }
+    pPager->nSavepoint = ii+1;
+  }
+  assert( pPager->nSavepoint==nSavepoint );
+  assertTruncateConstraint(pPager);
+  return rc;
+}
+SQLITE_PRIVATE int sqlite3PagerOpenSavepoint(Pager *pPager, int nSavepoint){
+  assert( pPager->eState>=PAGER_WRITER_LOCKED );
+  assert( assert_pager_state(pPager) );
+
+  if( nSavepoint>pPager->nSavepoint && pPager->useJournal ){
+    return pagerOpenSavepoint(pPager, nSavepoint);
+  }else{
+    return SQLITE_OK;
+  }
+}
+
+
+/*
+** This function is called to rollback or release (commit) a savepoint.
+** The savepoint to release or rollback need not be the most recently 
+** created savepoint.
+**
+** Parameter op is always either SAVEPOINT_ROLLBACK or SAVEPOINT_RELEASE.
+** If it is SAVEPOINT_RELEASE, then release and destroy the savepoint with
+** index iSavepoint. If it is SAVEPOINT_ROLLBACK, then rollback all changes
+** that have occurred since the specified savepoint was created.
+**
+** The savepoint to rollback or release is identified by parameter 
+** iSavepoint. A value of 0 means to operate on the outermost savepoint
+** (the first created). A value of (Pager.nSavepoint-1) means operate
+** on the most recently created savepoint. If iSavepoint is greater than
+** (Pager.nSavepoint-1), then this function is a no-op.
+**
+** If a negative value is passed to this function, then the current
+** transaction is rolled back. This is different to calling 
+** sqlite3PagerRollback() because this function does not terminate
+** the transaction or unlock the database, it just restores the 
+** contents of the database to its original state. 
+**
+** In any case, all savepoints with an index greater than iSavepoint 
+** are destroyed. If this is a release operation (op==SAVEPOINT_RELEASE),
+** then savepoint iSavepoint is also destroyed.
+**
+** This function may return SQLITE_NOMEM if a memory allocation fails,
+** or an IO error code if an IO error occurs while rolling back a 
+** savepoint. If no errors occur, SQLITE_OK is returned.
+*/ 
+SQLITE_PRIVATE int sqlite3PagerSavepoint(Pager *pPager, int op, int iSavepoint){
+  int rc = pPager->errCode;       /* Return code */
+
+  assert( op==SAVEPOINT_RELEASE || op==SAVEPOINT_ROLLBACK );
+  assert( iSavepoint>=0 || op==SAVEPOINT_ROLLBACK );
+
+  if( rc==SQLITE_OK && iSavepoint<pPager->nSavepoint ){
+    int ii;            /* Iterator variable */
+    int nNew;          /* Number of remaining savepoints after this op. */
+
+    /* Figure out how many savepoints will still be active after this
+    ** operation. Store this value in nNew. Then free resources associated 
+    ** with any savepoints that are destroyed by this operation.
+    */
+    nNew = iSavepoint + (( op==SAVEPOINT_RELEASE ) ? 0 : 1);
+    for(ii=nNew; ii<pPager->nSavepoint; ii++){
+      sqlite3BitvecDestroy(pPager->aSavepoint[ii].pInSavepoint);
+    }
+    pPager->nSavepoint = nNew;
+
+    /* If this is a release of the outermost savepoint, truncate 
+    ** the sub-journal to zero bytes in size. */
+    if( op==SAVEPOINT_RELEASE ){
+      if( nNew==0 && isOpen(pPager->sjfd) ){
+        /* Only truncate if it is an in-memory sub-journal. */
+        if( sqlite3IsMemJournal(pPager->sjfd) ){
+          rc = sqlite3OsTruncate(pPager->sjfd, 0);
+          assert( rc==SQLITE_OK );
+        }
+        pPager->nSubRec = 0;
+      }
+    }
+    /* Else this is a rollback operation, playback the specified savepoint.
+    ** If this is a temp-file, it is possible that the journal file has
+    ** not yet been opened. In this case there have been no changes to
+    ** the database file, so the playback operation can be skipped.
+    */
+    else if( pagerUseWal(pPager) || isOpen(pPager->jfd) ){
+      PagerSavepoint *pSavepoint = (nNew==0)?0:&pPager->aSavepoint[nNew-1];
+      rc = pagerPlaybackSavepoint(pPager, pSavepoint);
+      assert(rc!=SQLITE_DONE);
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Return the full pathname of the database file.
+**
+** Except, if the pager is in-memory only, then return an empty string if
+** nullIfMemDb is true.  This routine is called with nullIfMemDb==1 when
+** used to report the filename to the user, for compatibility with legacy
+** behavior.  But when the Btree needs to know the filename for matching to
+** shared cache, it uses nullIfMemDb==0 so that in-memory databases can
+** participate in shared-cache.
+*/
+SQLITE_PRIVATE const char *sqlite3PagerFilename(Pager *pPager, int nullIfMemDb){
+  return (nullIfMemDb && pPager->memDb) ? "" : pPager->zFilename;
+}
+
+/*
+** Return the VFS structure for the pager.
+*/
+SQLITE_PRIVATE sqlite3_vfs *sqlite3PagerVfs(Pager *pPager){
+  return pPager->pVfs;
+}
+
+/*
+** Return the file handle for the database file associated
+** with the pager.  This might return NULL if the file has
+** not yet been opened.
+*/
+SQLITE_PRIVATE sqlite3_file *sqlite3PagerFile(Pager *pPager){
+  return pPager->fd;
+}
+
+/*
+** Return the file handle for the journal file (if it exists).
+** This will be either the rollback journal or the WAL file.
+*/
+SQLITE_PRIVATE sqlite3_file *sqlite3PagerJrnlFile(Pager *pPager){
+#if SQLITE_OMIT_WAL
+  return pPager->jfd;
+#else
+  return pPager->pWal ? sqlite3WalFile(pPager->pWal) : pPager->jfd;
+#endif
+}
+
+/*
+** Return the full pathname of the journal file.
+*/
+SQLITE_PRIVATE const char *sqlite3PagerJournalname(Pager *pPager){
+  return pPager->zJournal;
+}
+
+/*
+** Return true if fsync() calls are disabled for this pager.  Return FALSE
+** if fsync()s are executed normally.
+*/
+SQLITE_PRIVATE int sqlite3PagerNosync(Pager *pPager){
+  return pPager->noSync;
+}
+
+#ifdef SQLITE_HAS_CODEC
+/*
+** Set or retrieve the codec for this pager
+*/
+SQLITE_PRIVATE void sqlite3PagerSetCodec(
+  Pager *pPager,
+  void *(*xCodec)(void*,void*,Pgno,int),
+  void (*xCodecSizeChng)(void*,int,int),
+  void (*xCodecFree)(void*),
+  void *pCodec
+){
+  if( pPager->xCodecFree ) pPager->xCodecFree(pPager->pCodec);
+  pPager->xCodec = pPager->memDb ? 0 : xCodec;
+  pPager->xCodecSizeChng = xCodecSizeChng;
+  pPager->xCodecFree = xCodecFree;
+  pPager->pCodec = pCodec;
+  pagerReportSize(pPager);
+}
+SQLITE_PRIVATE void *sqlite3PagerGetCodec(Pager *pPager){
+  return pPager->pCodec;
+}
+
+/*
+** This function is called by the wal module when writing page content
+** into the log file.
+**
+** This function returns a pointer to a buffer containing the encrypted
+** page content. If a malloc fails, this function may return NULL.
+*/
+SQLITE_PRIVATE void *sqlite3PagerCodec(PgHdr *pPg){
+  void *aData = 0;
+  CODEC2(pPg->pPager, pPg->pData, pPg->pgno, 6, return 0, aData);
+  return aData;
+}
+
+/*
+** Return the current pager state
+*/
+SQLITE_PRIVATE int sqlite3PagerState(Pager *pPager){
+  return pPager->eState;
+}
+#endif /* SQLITE_HAS_CODEC */
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+/*
+** Move the page pPg to location pgno in the file.
+**
+** There must be no references to the page previously located at
+** pgno (which we call pPgOld) though that page is allowed to be
+** in cache.  If the page previously located at pgno is not already
+** in the rollback journal, it is not put there by by this routine.
+**
+** References to the page pPg remain valid. Updating any
+** meta-data associated with pPg (i.e. data stored in the nExtra bytes
+** allocated along with the page) is the responsibility of the caller.
+**
+** A transaction must be active when this routine is called. It used to be
+** required that a statement transaction was not active, but this restriction
+** has been removed (CREATE INDEX needs to move a page when a statement
+** transaction is active).
+**
+** If the fourth argument, isCommit, is non-zero, then this page is being
+** moved as part of a database reorganization just before the transaction 
+** is being committed. In this case, it is guaranteed that the database page 
+** pPg refers to will not be written to again within this transaction.
+**
+** This function may return SQLITE_NOMEM or an IO error code if an error
+** occurs. Otherwise, it returns SQLITE_OK.
+*/
+SQLITE_PRIVATE int sqlite3PagerMovepage(Pager *pPager, DbPage *pPg, Pgno pgno, int isCommit){
+  PgHdr *pPgOld;               /* The page being overwritten. */
+  Pgno needSyncPgno = 0;       /* Old value of pPg->pgno, if sync is required */
+  int rc;                      /* Return code */
+  Pgno origPgno;               /* The original page number */
+
+  assert( pPg->nRef>0 );
+  assert( pPager->eState==PAGER_WRITER_CACHEMOD
+       || pPager->eState==PAGER_WRITER_DBMOD
+  );
+  assert( assert_pager_state(pPager) );
+
+  /* In order to be able to rollback, an in-memory database must journal
+  ** the page we are moving from.
+  */
+  if( MEMDB ){
+    rc = sqlite3PagerWrite(pPg);
+    if( rc ) return rc;
+  }
+
+  /* If the page being moved is dirty and has not been saved by the latest
+  ** savepoint, then save the current contents of the page into the 
+  ** sub-journal now. This is required to handle the following scenario:
+  **
+  **   BEGIN;
+  **     <journal page X, then modify it in memory>
+  **     SAVEPOINT one;
+  **       <Move page X to location Y>
+  **     ROLLBACK TO one;
+  **
+  ** If page X were not written to the sub-journal here, it would not
+  ** be possible to restore its contents when the "ROLLBACK TO one"
+  ** statement were is processed.
+  **
+  ** subjournalPage() may need to allocate space to store pPg->pgno into
+  ** one or more savepoint bitvecs. This is the reason this function
+  ** may return SQLITE_NOMEM.
+  */
+  if( (pPg->flags & PGHDR_DIRTY)!=0
+   && SQLITE_OK!=(rc = subjournalPageIfRequired(pPg))
+  ){
+    return rc;
+  }
+
+  PAGERTRACE(("MOVE %d page %d (needSync=%d) moves to %d\n", 
+      PAGERID(pPager), pPg->pgno, (pPg->flags&PGHDR_NEED_SYNC)?1:0, pgno));
+  IOTRACE(("MOVE %p %d %d\n", pPager, pPg->pgno, pgno))
+
+  /* If the journal needs to be sync()ed before page pPg->pgno can
+  ** be written to, store pPg->pgno in local variable needSyncPgno.
+  **
+  ** If the isCommit flag is set, there is no need to remember that
+  ** the journal needs to be sync()ed before database page pPg->pgno 
+  ** can be written to. The caller has already promised not to write to it.
+  */
+  if( (pPg->flags&PGHDR_NEED_SYNC) && !isCommit ){
+    needSyncPgno = pPg->pgno;
+    assert( pPager->journalMode==PAGER_JOURNALMODE_OFF ||
+            pageInJournal(pPager, pPg) || pPg->pgno>pPager->dbOrigSize );
+    assert( pPg->flags&PGHDR_DIRTY );
+  }
+
+  /* If the cache contains a page with page-number pgno, remove it
+  ** from its hash chain. Also, if the PGHDR_NEED_SYNC flag was set for 
+  ** page pgno before the 'move' operation, it needs to be retained 
+  ** for the page moved there.
+  */
+  pPg->flags &= ~PGHDR_NEED_SYNC;
+  pPgOld = sqlite3PagerLookup(pPager, pgno);
+  assert( !pPgOld || pPgOld->nRef==1 );
+  if( pPgOld ){
+    pPg->flags |= (pPgOld->flags&PGHDR_NEED_SYNC);
+    if( MEMDB ){
+      /* Do not discard pages from an in-memory database since we might
+      ** need to rollback later.  Just move the page out of the way. */
+      sqlite3PcacheMove(pPgOld, pPager->dbSize+1);
+    }else{
+      sqlite3PcacheDrop(pPgOld);
+    }
+  }
+
+  origPgno = pPg->pgno;
+  sqlite3PcacheMove(pPg, pgno);
+  sqlite3PcacheMakeDirty(pPg);
+
+  /* For an in-memory database, make sure the original page continues
+  ** to exist, in case the transaction needs to roll back.  Use pPgOld
+  ** as the original page since it has already been allocated.
+  */
+  if( MEMDB ){
+    assert( pPgOld );
+    sqlite3PcacheMove(pPgOld, origPgno);
+    sqlite3PagerUnrefNotNull(pPgOld);
+  }
+
+  if( needSyncPgno ){
+    /* If needSyncPgno is non-zero, then the journal file needs to be 
+    ** sync()ed before any data is written to database file page needSyncPgno.
+    ** Currently, no such page exists in the page-cache and the 
+    ** "is journaled" bitvec flag has been set. This needs to be remedied by
+    ** loading the page into the pager-cache and setting the PGHDR_NEED_SYNC
+    ** flag.
+    **
+    ** If the attempt to load the page into the page-cache fails, (due
+    ** to a malloc() or IO failure), clear the bit in the pInJournal[]
+    ** array. Otherwise, if the page is loaded and written again in
+    ** this transaction, it may be written to the database file before
+    ** it is synced into the journal file. This way, it may end up in
+    ** the journal file twice, but that is not a problem.
+    */
+    PgHdr *pPgHdr;
+    rc = sqlite3PagerGet(pPager, needSyncPgno, &pPgHdr, 0);
+    if( rc!=SQLITE_OK ){
+      if( needSyncPgno<=pPager->dbOrigSize ){
+        assert( pPager->pTmpSpace!=0 );
+        sqlite3BitvecClear(pPager->pInJournal, needSyncPgno, pPager->pTmpSpace);
+      }
+      return rc;
+    }
+    pPgHdr->flags |= PGHDR_NEED_SYNC;
+    sqlite3PcacheMakeDirty(pPgHdr);
+    sqlite3PagerUnrefNotNull(pPgHdr);
+  }
+
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** The page handle passed as the first argument refers to a dirty page 
+** with a page number other than iNew. This function changes the page's 
+** page number to iNew and sets the value of the PgHdr.flags field to 
+** the value passed as the third parameter.
+*/
+SQLITE_PRIVATE void sqlite3PagerRekey(DbPage *pPg, Pgno iNew, u16 flags){
+  assert( pPg->pgno!=iNew );
+  pPg->flags = flags;
+  sqlite3PcacheMove(pPg, iNew);
+}
+
+/*
+** Return a pointer to the data for the specified page.
+*/
+SQLITE_PRIVATE void *sqlite3PagerGetData(DbPage *pPg){
+  assert( pPg->nRef>0 || pPg->pPager->memDb );
+  return pPg->pData;
+}
+
+/*
+** Return a pointer to the Pager.nExtra bytes of "extra" space 
+** allocated along with the specified page.
+*/
+SQLITE_PRIVATE void *sqlite3PagerGetExtra(DbPage *pPg){
+  return pPg->pExtra;
+}
+
+/*
+** Get/set the locking-mode for this pager. Parameter eMode must be one
+** of PAGER_LOCKINGMODE_QUERY, PAGER_LOCKINGMODE_NORMAL or 
+** PAGER_LOCKINGMODE_EXCLUSIVE. If the parameter is not _QUERY, then
+** the locking-mode is set to the value specified.
+**
+** The returned value is either PAGER_LOCKINGMODE_NORMAL or
+** PAGER_LOCKINGMODE_EXCLUSIVE, indicating the current (possibly updated)
+** locking-mode.
+*/
+SQLITE_PRIVATE int sqlite3PagerLockingMode(Pager *pPager, int eMode){
+  assert( eMode==PAGER_LOCKINGMODE_QUERY
+            || eMode==PAGER_LOCKINGMODE_NORMAL
+            || eMode==PAGER_LOCKINGMODE_EXCLUSIVE );
+  assert( PAGER_LOCKINGMODE_QUERY<0 );
+  assert( PAGER_LOCKINGMODE_NORMAL>=0 && PAGER_LOCKINGMODE_EXCLUSIVE>=0 );
+  assert( pPager->exclusiveMode || 0==sqlite3WalHeapMemory(pPager->pWal) );
+  if( eMode>=0 && !pPager->tempFile && !sqlite3WalHeapMemory(pPager->pWal) ){
+    pPager->exclusiveMode = (u8)eMode;
+  }
+  return (int)pPager->exclusiveMode;
+}
+
+/*
+** Set the journal-mode for this pager. Parameter eMode must be one of:
+**
+**    PAGER_JOURNALMODE_DELETE
+**    PAGER_JOURNALMODE_TRUNCATE
+**    PAGER_JOURNALMODE_PERSIST
+**    PAGER_JOURNALMODE_OFF
+**    PAGER_JOURNALMODE_MEMORY
+**    PAGER_JOURNALMODE_WAL
+**
+** The journalmode is set to the value specified if the change is allowed.
+** The change may be disallowed for the following reasons:
+**
+**   *  An in-memory database can only have its journal_mode set to _OFF
+**      or _MEMORY.
+**
+**   *  Temporary databases cannot have _WAL journalmode.
+**
+** The returned indicate the current (possibly updated) journal-mode.
+*/
+SQLITE_PRIVATE int sqlite3PagerSetJournalMode(Pager *pPager, int eMode){
+  u8 eOld = pPager->journalMode;    /* Prior journalmode */
+
+#ifdef SQLITE_DEBUG
+  /* The print_pager_state() routine is intended to be used by the debugger
+  ** only.  We invoke it once here to suppress a compiler warning. */
+  print_pager_state(pPager);
+#endif
+
+
+  /* The eMode parameter is always valid */
+  assert(      eMode==PAGER_JOURNALMODE_DELETE
+            || eMode==PAGER_JOURNALMODE_TRUNCATE
+            || eMode==PAGER_JOURNALMODE_PERSIST
+            || eMode==PAGER_JOURNALMODE_OFF 
+            || eMode==PAGER_JOURNALMODE_WAL 
+            || eMode==PAGER_JOURNALMODE_MEMORY );
+
+  /* This routine is only called from the OP_JournalMode opcode, and
+  ** the logic there will never allow a temporary file to be changed
+  ** to WAL mode.
+  */
+  assert( pPager->tempFile==0 || eMode!=PAGER_JOURNALMODE_WAL );
+
+  /* Do allow the journalmode of an in-memory database to be set to
+  ** anything other than MEMORY or OFF
+  */
+  if( MEMDB ){
+    assert( eOld==PAGER_JOURNALMODE_MEMORY || eOld==PAGER_JOURNALMODE_OFF );
+    if( eMode!=PAGER_JOURNALMODE_MEMORY && eMode!=PAGER_JOURNALMODE_OFF ){
+      eMode = eOld;
+    }
+  }
+
+  if( eMode!=eOld ){
+
+    /* Change the journal mode. */
+    assert( pPager->eState!=PAGER_ERROR );
+    pPager->journalMode = (u8)eMode;
+
+    /* When transistioning from TRUNCATE or PERSIST to any other journal
+    ** mode except WAL, unless the pager is in locking_mode=exclusive mode,
+    ** delete the journal file.
+    */
+    assert( (PAGER_JOURNALMODE_TRUNCATE & 5)==1 );
+    assert( (PAGER_JOURNALMODE_PERSIST & 5)==1 );
+    assert( (PAGER_JOURNALMODE_DELETE & 5)==0 );
+    assert( (PAGER_JOURNALMODE_MEMORY & 5)==4 );
+    assert( (PAGER_JOURNALMODE_OFF & 5)==0 );
+    assert( (PAGER_JOURNALMODE_WAL & 5)==5 );
+
+    assert( isOpen(pPager->fd) || pPager->exclusiveMode );
+    if( !pPager->exclusiveMode && (eOld & 5)==1 && (eMode & 1)==0 ){
+
+      /* In this case we would like to delete the journal file. If it is
+      ** not possible, then that is not a problem. Deleting the journal file
+      ** here is an optimization only.
+      **
+      ** Before deleting the journal file, obtain a RESERVED lock on the
+      ** database file. This ensures that the journal file is not deleted
+      ** while it is in use by some other client.
+      */
+      sqlite3OsClose(pPager->jfd);
+      if( pPager->eLock>=RESERVED_LOCK ){
+        sqlite3OsDelete(pPager->pVfs, pPager->zJournal, 0);
+      }else{
+        int rc = SQLITE_OK;
+        int state = pPager->eState;
+        assert( state==PAGER_OPEN || state==PAGER_READER );
+        if( state==PAGER_OPEN ){
+          rc = sqlite3PagerSharedLock(pPager);
+        }
+        if( pPager->eState==PAGER_READER ){
+          assert( rc==SQLITE_OK );
+          rc = pagerLockDb(pPager, RESERVED_LOCK);
+        }
+        if( rc==SQLITE_OK ){
+          sqlite3OsDelete(pPager->pVfs, pPager->zJournal, 0);
+        }
+        if( rc==SQLITE_OK && state==PAGER_READER ){
+          pagerUnlockDb(pPager, SHARED_LOCK);
+        }else if( state==PAGER_OPEN ){
+          pager_unlock(pPager);
+        }
+        assert( state==pPager->eState );
+      }
+    }else if( eMode==PAGER_JOURNALMODE_OFF ){
+      sqlite3OsClose(pPager->jfd);
+    }
+  }
+
+  /* Return the new journal mode */
+  return (int)pPager->journalMode;
+}
+
+/*
+** Return the current journal mode.
+*/
+SQLITE_PRIVATE int sqlite3PagerGetJournalMode(Pager *pPager){
+  return (int)pPager->journalMode;
+}
+
+/*
+** Return TRUE if the pager is in a state where it is OK to change the
+** journalmode.  Journalmode changes can only happen when the database
+** is unmodified.
+*/
+SQLITE_PRIVATE int sqlite3PagerOkToChangeJournalMode(Pager *pPager){
+  assert( assert_pager_state(pPager) );
+  if( pPager->eState>=PAGER_WRITER_CACHEMOD ) return 0;
+  if( NEVER(isOpen(pPager->jfd) && pPager->journalOff>0) ) return 0;
+  return 1;
+}
+
+/*
+** Get/set the size-limit used for persistent journal files.
+**
+** Setting the size limit to -1 means no limit is enforced.
+** An attempt to set a limit smaller than -1 is a no-op.
+*/
+SQLITE_PRIVATE i64 sqlite3PagerJournalSizeLimit(Pager *pPager, i64 iLimit){
+  if( iLimit>=-1 ){
+    pPager->journalSizeLimit = iLimit;
+    sqlite3WalLimit(pPager->pWal, iLimit);
+  }
+  return pPager->journalSizeLimit;
+}
+
+/*
+** Return a pointer to the pPager->pBackup variable. The backup module
+** in backup.c maintains the content of this variable. This module
+** uses it opaquely as an argument to sqlite3BackupRestart() and
+** sqlite3BackupUpdate() only.
+*/
+SQLITE_PRIVATE sqlite3_backup **sqlite3PagerBackupPtr(Pager *pPager){
+  return &pPager->pBackup;
+}
+
+#ifndef SQLITE_OMIT_VACUUM
+/*
+** Unless this is an in-memory or temporary database, clear the pager cache.
+*/
+SQLITE_PRIVATE void sqlite3PagerClearCache(Pager *pPager){
+  if( !MEMDB && pPager->tempFile==0 ) pager_reset(pPager);
+}
+#endif
+
+#ifndef SQLITE_OMIT_WAL
+/*
+** This function is called when the user invokes "PRAGMA wal_checkpoint",
+** "PRAGMA wal_blocking_checkpoint" or calls the sqlite3_wal_checkpoint()
+** or wal_blocking_checkpoint() API functions.
+**
+** Parameter eMode is one of SQLITE_CHECKPOINT_PASSIVE, FULL or RESTART.
+*/
+SQLITE_PRIVATE int sqlite3PagerCheckpoint(Pager *pPager, int eMode, int *pnLog, int *pnCkpt){
+  int rc = SQLITE_OK;
+  if( pPager->pWal ){
+    rc = sqlite3WalCheckpoint(pPager->pWal, eMode,
+        (eMode==SQLITE_CHECKPOINT_PASSIVE ? 0 : pPager->xBusyHandler),
+        pPager->pBusyHandlerArg,
+        pPager->ckptSyncFlags, pPager->pageSize, (u8 *)pPager->pTmpSpace,
+        pnLog, pnCkpt
+    );
+  }
+  return rc;
+}
+
+SQLITE_PRIVATE int sqlite3PagerWalCallback(Pager *pPager){
+  return sqlite3WalCallback(pPager->pWal);
+}
+
+/*
+** Return true if the underlying VFS for the given pager supports the
+** primitives necessary for write-ahead logging.
+*/
+SQLITE_PRIVATE int sqlite3PagerWalSupported(Pager *pPager){
+  const sqlite3_io_methods *pMethods = pPager->fd->pMethods;
+  return pPager->exclusiveMode || (pMethods->iVersion>=2 && pMethods->xShmMap);
+}
+
+/*
+** Attempt to take an exclusive lock on the database file. If a PENDING lock
+** is obtained instead, immediately release it.
+*/
+static int pagerExclusiveLock(Pager *pPager){
+  int rc;                         /* Return code */
+
+  assert( pPager->eLock==SHARED_LOCK || pPager->eLock==EXCLUSIVE_LOCK );
+  rc = pagerLockDb(pPager, EXCLUSIVE_LOCK);
+  if( rc!=SQLITE_OK ){
+    /* If the attempt to grab the exclusive lock failed, release the 
+    ** pending lock that may have been obtained instead.  */
+    pagerUnlockDb(pPager, SHARED_LOCK);
+  }
+
+  return rc;
+}
+
+/*
+** Call sqlite3WalOpen() to open the WAL handle. If the pager is in 
+** exclusive-locking mode when this function is called, take an EXCLUSIVE
+** lock on the database file and use heap-memory to store the wal-index
+** in. Otherwise, use the normal shared-memory.
+*/
+static int pagerOpenWal(Pager *pPager){
+  int rc = SQLITE_OK;
+
+  assert( pPager->pWal==0 && pPager->tempFile==0 );
+  assert( pPager->eLock==SHARED_LOCK || pPager->eLock==EXCLUSIVE_LOCK );
+
+  /* If the pager is already in exclusive-mode, the WAL module will use 
+  ** heap-memory for the wal-index instead of the VFS shared-memory 
+  ** implementation. Take the exclusive lock now, before opening the WAL
+  ** file, to make sure this is safe.
+  */
+  if( pPager->exclusiveMode ){
+    rc = pagerExclusiveLock(pPager);
+  }
+
+  /* Open the connection to the log file. If this operation fails, 
+  ** (e.g. due to malloc() failure), return an error code.
+  */
+  if( rc==SQLITE_OK ){
+    rc = sqlite3WalOpen(pPager->pVfs,
+        pPager->fd, pPager->zWal, pPager->exclusiveMode,
+        pPager->journalSizeLimit, &pPager->pWal
+    );
+  }
+  pagerFixMaplimit(pPager);
+
+  return rc;
+}
+
+
+/*
+** The caller must be holding a SHARED lock on the database file to call
+** this function.
+**
+** If the pager passed as the first argument is open on a real database
+** file (not a temp file or an in-memory database), and the WAL file
+** is not already open, make an attempt to open it now. If successful,
+** return SQLITE_OK. If an error occurs or the VFS used by the pager does 
+** not support the xShmXXX() methods, return an error code. *pbOpen is
+** not modified in either case.
+**
+** If the pager is open on a temp-file (or in-memory database), or if
+** the WAL file is already open, set *pbOpen to 1 and return SQLITE_OK
+** without doing anything.
+*/
+SQLITE_PRIVATE int sqlite3PagerOpenWal(
+  Pager *pPager,                  /* Pager object */
+  int *pbOpen                     /* OUT: Set to true if call is a no-op */
+){
+  int rc = SQLITE_OK;             /* Return code */
+
+  assert( assert_pager_state(pPager) );
+  assert( pPager->eState==PAGER_OPEN   || pbOpen );
+  assert( pPager->eState==PAGER_READER || !pbOpen );
+  assert( pbOpen==0 || *pbOpen==0 );
+  assert( pbOpen!=0 || (!pPager->tempFile && !pPager->pWal) );
+
+  if( !pPager->tempFile && !pPager->pWal ){
+    if( !sqlite3PagerWalSupported(pPager) ) return SQLITE_CANTOPEN;
+
+    /* Close any rollback journal previously open */
+    sqlite3OsClose(pPager->jfd);
+
+    rc = pagerOpenWal(pPager);
+    if( rc==SQLITE_OK ){
+      pPager->journalMode = PAGER_JOURNALMODE_WAL;
+      pPager->eState = PAGER_OPEN;
+    }
+  }else{
+    *pbOpen = 1;
+  }
+
+  return rc;
+}
+
+/*
+** This function is called to close the connection to the log file prior
+** to switching from WAL to rollback mode.
+**
+** Before closing the log file, this function attempts to take an 
+** EXCLUSIVE lock on the database file. If this cannot be obtained, an
+** error (SQLITE_BUSY) is returned and the log connection is not closed.
+** If successful, the EXCLUSIVE lock is not released before returning.
+*/
+SQLITE_PRIVATE int sqlite3PagerCloseWal(Pager *pPager){
+  int rc = SQLITE_OK;
+
+  assert( pPager->journalMode==PAGER_JOURNALMODE_WAL );
+
+  /* If the log file is not already open, but does exist in the file-system,
+  ** it may need to be checkpointed before the connection can switch to
+  ** rollback mode. Open it now so this can happen.
+  */
+  if( !pPager->pWal ){
+    int logexists = 0;
+    rc = pagerLockDb(pPager, SHARED_LOCK);
+    if( rc==SQLITE_OK ){
+      rc = sqlite3OsAccess(
+          pPager->pVfs, pPager->zWal, SQLITE_ACCESS_EXISTS, &logexists
+      );
+    }
+    if( rc==SQLITE_OK && logexists ){
+      rc = pagerOpenWal(pPager);
+    }
+  }
+    
+  /* Checkpoint and close the log. Because an EXCLUSIVE lock is held on
+  ** the database file, the log and log-summary files will be deleted.
+  */
+  if( rc==SQLITE_OK && pPager->pWal ){
+    rc = pagerExclusiveLock(pPager);
+    if( rc==SQLITE_OK ){
+      rc = sqlite3WalClose(pPager->pWal, pPager->ckptSyncFlags,
+                           pPager->pageSize, (u8*)pPager->pTmpSpace);
+      pPager->pWal = 0;
+      pagerFixMaplimit(pPager);
+    }
+  }
+  return rc;
+}
+
+#ifdef SQLITE_ENABLE_SNAPSHOT
+/*
+** If this is a WAL database, obtain a snapshot handle for the snapshot
+** currently open. Otherwise, return an error.
+*/
+SQLITE_PRIVATE int sqlite3PagerSnapshotGet(Pager *pPager, sqlite3_snapshot **ppSnapshot){
+  int rc = SQLITE_ERROR;
+  if( pPager->pWal ){
+    rc = sqlite3WalSnapshotGet(pPager->pWal, ppSnapshot);
+  }
+  return rc;
+}
+
+/*
+** If this is a WAL database, store a pointer to pSnapshot. Next time a
+** read transaction is opened, attempt to read from the snapshot it 
+** identifies. If this is not a WAL database, return an error.
+*/
+SQLITE_PRIVATE int sqlite3PagerSnapshotOpen(Pager *pPager, sqlite3_snapshot *pSnapshot){
+  int rc = SQLITE_OK;
+  if( pPager->pWal ){
+    sqlite3WalSnapshotOpen(pPager->pWal, pSnapshot);
+  }else{
+    rc = SQLITE_ERROR;
+  }
+  return rc;
+}
+#endif /* SQLITE_ENABLE_SNAPSHOT */
+#endif /* !SQLITE_OMIT_WAL */
+
+#ifdef SQLITE_ENABLE_ZIPVFS
+/*
+** A read-lock must be held on the pager when this function is called. If
+** the pager is in WAL mode and the WAL file currently contains one or more
+** frames, return the size in bytes of the page images stored within the
+** WAL frames. Otherwise, if this is not a WAL database or the WAL file
+** is empty, return 0.
+*/
+SQLITE_PRIVATE int sqlite3PagerWalFramesize(Pager *pPager){
+  assert( pPager->eState>=PAGER_READER );
+  return sqlite3WalFramesize(pPager->pWal);
+}
+#endif
+
+
+#endif /* SQLITE_OMIT_DISKIO */
+
+/************** End of pager.c ***********************************************/
+/************** Begin file wal.c *********************************************/
+/*
+** 2010 February 1
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains the implementation of a write-ahead log (WAL) used in 
+** "journal_mode=WAL" mode.
+**
+** WRITE-AHEAD LOG (WAL) FILE FORMAT
+**
+** A WAL file consists of a header followed by zero or more "frames".
+** Each frame records the revised content of a single page from the
+** database file.  All changes to the database are recorded by writing
+** frames into the WAL.  Transactions commit when a frame is written that
+** contains a commit marker.  A single WAL can and usually does record 
+** multiple transactions.  Periodically, the content of the WAL is
+** transferred back into the database file in an operation called a
+** "checkpoint".
+**
+** A single WAL file can be used multiple times.  In other words, the
+** WAL can fill up with frames and then be checkpointed and then new
+** frames can overwrite the old ones.  A WAL always grows from beginning
+** toward the end.  Checksums and counters attached to each frame are
+** used to determine which frames within the WAL are valid and which
+** are leftovers from prior checkpoints.
+**
+** The WAL header is 32 bytes in size and consists of the following eight
+** big-endian 32-bit unsigned integer values:
+**
+**     0: Magic number.  0x377f0682 or 0x377f0683
+**     4: File format version.  Currently 3007000
+**     8: Database page size.  Example: 1024
+**    12: Checkpoint sequence number
+**    16: Salt-1, random integer incremented with each checkpoint
+**    20: Salt-2, a different random integer changing with each ckpt
+**    24: Checksum-1 (first part of checksum for first 24 bytes of header).
+**    28: Checksum-2 (second part of checksum for first 24 bytes of header).
+**
+** Immediately following the wal-header are zero or more frames. Each
+** frame consists of a 24-byte frame-header followed by a <page-size> bytes
+** of page data. The frame-header is six big-endian 32-bit unsigned 
+** integer values, as follows:
+**
+**     0: Page number.
+**     4: For commit records, the size of the database image in pages 
+**        after the commit. For all other records, zero.
+**     8: Salt-1 (copied from the header)
+**    12: Salt-2 (copied from the header)
+**    16: Checksum-1.
+**    20: Checksum-2.
+**
+** A frame is considered valid if and only if the following conditions are
+** true:
+**
+**    (1) The salt-1 and salt-2 values in the frame-header match
+**        salt values in the wal-header
+**
+**    (2) The checksum values in the final 8 bytes of the frame-header
+**        exactly match the checksum computed consecutively on the
+**        WAL header and the first 8 bytes and the content of all frames
+**        up to and including the current frame.
+**
+** The checksum is computed using 32-bit big-endian integers if the
+** magic number in the first 4 bytes of the WAL is 0x377f0683 and it
+** is computed using little-endian if the magic number is 0x377f0682.
+** The checksum values are always stored in the frame header in a
+** big-endian format regardless of which byte order is used to compute
+** the checksum.  The checksum is computed by interpreting the input as
+** an even number of unsigned 32-bit integers: x[0] through x[N].  The
+** algorithm used for the checksum is as follows:
+** 
+**   for i from 0 to n-1 step 2:
+**     s0 += x[i] + s1;
+**     s1 += x[i+1] + s0;
+**   endfor
+**
+** Note that s0 and s1 are both weighted checksums using fibonacci weights
+** in reverse order (the largest fibonacci weight occurs on the first element
+** of the sequence being summed.)  The s1 value spans all 32-bit 
+** terms of the sequence whereas s0 omits the final term.
+**
+** On a checkpoint, the WAL is first VFS.xSync-ed, then valid content of the
+** WAL is transferred into the database, then the database is VFS.xSync-ed.
+** The VFS.xSync operations serve as write barriers - all writes launched
+** before the xSync must complete before any write that launches after the
+** xSync begins.
+**
+** After each checkpoint, the salt-1 value is incremented and the salt-2
+** value is randomized.  This prevents old and new frames in the WAL from
+** being considered valid at the same time and being checkpointing together
+** following a crash.
+**
+** READER ALGORITHM
+**
+** To read a page from the database (call it page number P), a reader
+** first checks the WAL to see if it contains page P.  If so, then the
+** last valid instance of page P that is a followed by a commit frame
+** or is a commit frame itself becomes the value read.  If the WAL
+** contains no copies of page P that are valid and which are a commit
+** frame or are followed by a commit frame, then page P is read from
+** the database file.
+**
+** To start a read transaction, the reader records the index of the last
+** valid frame in the WAL.  The reader uses this recorded "mxFrame" value
+** for all subsequent read operations.  New transactions can be appended
+** to the WAL, but as long as the reader uses its original mxFrame value
+** and ignores the newly appended content, it will see a consistent snapshot
+** of the database from a single point in time.  This technique allows
+** multiple concurrent readers to view different versions of the database
+** content simultaneously.
+**
+** The reader algorithm in the previous paragraphs works correctly, but 
+** because frames for page P can appear anywhere within the WAL, the
+** reader has to scan the entire WAL looking for page P frames.  If the
+** WAL is large (multiple megabytes is typical) that scan can be slow,
+** and read performance suffers.  To overcome this problem, a separate
+** data structure called the wal-index is maintained to expedite the
+** search for frames of a particular page.
+** 
+** WAL-INDEX FORMAT
+**
+** Conceptually, the wal-index is shared memory, though VFS implementations
+** might choose to implement the wal-index using a mmapped file.  Because
+** the wal-index is shared memory, SQLite does not support journal_mode=WAL 
+** on a network filesystem.  All users of the database must be able to
+** share memory.
+**
+** The wal-index is transient.  After a crash, the wal-index can (and should
+** be) reconstructed from the original WAL file.  In fact, the VFS is required
+** to either truncate or zero the header of the wal-index when the last
+** connection to it closes.  Because the wal-index is transient, it can
+** use an architecture-specific format; it does not have to be cross-platform.
+** Hence, unlike the database and WAL file formats which store all values
+** as big endian, the wal-index can store multi-byte values in the native
+** byte order of the host computer.
+**
+** The purpose of the wal-index is to answer this question quickly:  Given
+** a page number P and a maximum frame index M, return the index of the 
+** last frame in the wal before frame M for page P in the WAL, or return
+** NULL if there are no frames for page P in the WAL prior to M.
+**
+** The wal-index consists of a header region, followed by an one or
+** more index blocks.  
+**
+** The wal-index header contains the total number of frames within the WAL
+** in the mxFrame field.
+**
+** Each index block except for the first contains information on 
+** HASHTABLE_NPAGE frames. The first index block contains information on
+** HASHTABLE_NPAGE_ONE frames. The values of HASHTABLE_NPAGE_ONE and 
+** HASHTABLE_NPAGE are selected so that together the wal-index header and
+** first index block are the same size as all other index blocks in the
+** wal-index.
+**
+** Each index block contains two sections, a page-mapping that contains the
+** database page number associated with each wal frame, and a hash-table 
+** that allows readers to query an index block for a specific page number.
+** The page-mapping is an array of HASHTABLE_NPAGE (or HASHTABLE_NPAGE_ONE
+** for the first index block) 32-bit page numbers. The first entry in the 
+** first index-block contains the database page number corresponding to the
+** first frame in the WAL file. The first entry in the second index block
+** in the WAL file corresponds to the (HASHTABLE_NPAGE_ONE+1)th frame in
+** the log, and so on.
+**
+** The last index block in a wal-index usually contains less than the full
+** complement of HASHTABLE_NPAGE (or HASHTABLE_NPAGE_ONE) page-numbers,
+** depending on the contents of the WAL file. This does not change the
+** allocated size of the page-mapping array - the page-mapping array merely
+** contains unused entries.
+**
+** Even without using the hash table, the last frame for page P
+** can be found by scanning the page-mapping sections of each index block
+** starting with the last index block and moving toward the first, and
+** within each index block, starting at the end and moving toward the
+** beginning.  The first entry that equals P corresponds to the frame
+** holding the content for that page.
+**
+** The hash table consists of HASHTABLE_NSLOT 16-bit unsigned integers.
+** HASHTABLE_NSLOT = 2*HASHTABLE_NPAGE, and there is one entry in the
+** hash table for each page number in the mapping section, so the hash 
+** table is never more than half full.  The expected number of collisions 
+** prior to finding a match is 1.  Each entry of the hash table is an
+** 1-based index of an entry in the mapping section of the same
+** index block.   Let K be the 1-based index of the largest entry in
+** the mapping section.  (For index blocks other than the last, K will
+** always be exactly HASHTABLE_NPAGE (4096) and for the last index block
+** K will be (mxFrame%HASHTABLE_NPAGE).)  Unused slots of the hash table
+** contain a value of 0.
+**
+** To look for page P in the hash table, first compute a hash iKey on
+** P as follows:
+**
+**      iKey = (P * 383) % HASHTABLE_NSLOT
+**
+** Then start scanning entries of the hash table, starting with iKey
+** (wrapping around to the beginning when the end of the hash table is
+** reached) until an unused hash slot is found. Let the first unused slot
+** be at index iUnused.  (iUnused might be less than iKey if there was
+** wrap-around.) Because the hash table is never more than half full,
+** the search is guaranteed to eventually hit an unused entry.  Let 
+** iMax be the value between iKey and iUnused, closest to iUnused,
+** where aHash[iMax]==P.  If there is no iMax entry (if there exists
+** no hash slot such that aHash[i]==p) then page P is not in the
+** current index block.  Otherwise the iMax-th mapping entry of the
+** current index block corresponds to the last entry that references 
+** page P.
+**
+** A hash search begins with the last index block and moves toward the
+** first index block, looking for entries corresponding to page P.  On
+** average, only two or three slots in each index block need to be
+** examined in order to either find the last entry for page P, or to
+** establish that no such entry exists in the block.  Each index block
+** holds over 4000 entries.  So two or three index blocks are sufficient
+** to cover a typical 10 megabyte WAL file, assuming 1K pages.  8 or 10
+** comparisons (on average) suffice to either locate a frame in the
+** WAL or to establish that the frame does not exist in the WAL.  This
+** is much faster than scanning the entire 10MB WAL.
+**
+** Note that entries are added in order of increasing K.  Hence, one
+** reader might be using some value K0 and a second reader that started
+** at a later time (after additional transactions were added to the WAL
+** and to the wal-index) might be using a different value K1, where K1>K0.
+** Both readers can use the same hash table and mapping section to get
+** the correct result.  There may be entries in the hash table with
+** K>K0 but to the first reader, those entries will appear to be unused
+** slots in the hash table and so the first reader will get an answer as
+** if no values greater than K0 had ever been inserted into the hash table
+** in the first place - which is what reader one wants.  Meanwhile, the
+** second reader using K1 will see additional values that were inserted
+** later, which is exactly what reader two wants.  
+**
+** When a rollback occurs, the value of K is decreased. Hash table entries
+** that correspond to frames greater than the new K value are removed
+** from the hash table at this point.
+*/
+#ifndef SQLITE_OMIT_WAL
+
+/* #include "wal.h" */
+
+/*
+** Trace output macros
+*/
+#if defined(SQLITE_TEST) && defined(SQLITE_DEBUG)
+SQLITE_PRIVATE int sqlite3WalTrace = 0;
+# define WALTRACE(X)  if(sqlite3WalTrace) sqlite3DebugPrintf X
+#else
+# define WALTRACE(X)
+#endif
+
+/*
+** The maximum (and only) versions of the wal and wal-index formats
+** that may be interpreted by this version of SQLite.
+**
+** If a client begins recovering a WAL file and finds that (a) the checksum
+** values in the wal-header are correct and (b) the version field is not
+** WAL_MAX_VERSION, recovery fails and SQLite returns SQLITE_CANTOPEN.
+**
+** Similarly, if a client successfully reads a wal-index header (i.e. the 
+** checksum test is successful) and finds that the version field is not
+** WALINDEX_MAX_VERSION, then no read-transaction is opened and SQLite
+** returns SQLITE_CANTOPEN.
+*/
+#define WAL_MAX_VERSION      3007000
+#define WALINDEX_MAX_VERSION 3007000
+
+/*
+** Indices of various locking bytes.   WAL_NREADER is the number
+** of available reader locks and should be at least 3.  The default
+** is SQLITE_SHM_NLOCK==8 and  WAL_NREADER==5.
+*/
+#define WAL_WRITE_LOCK         0
+#define WAL_ALL_BUT_WRITE      1
+#define WAL_CKPT_LOCK          1
+#define WAL_RECOVER_LOCK       2
+#define WAL_READ_LOCK(I)       (3+(I))
+#define WAL_NREADER            (SQLITE_SHM_NLOCK-3)
+
+
+/* Object declarations */
+typedef struct WalIndexHdr WalIndexHdr;
+typedef struct WalIterator WalIterator;
+typedef struct WalCkptInfo WalCkptInfo;
+
+
+/*
+** The following object holds a copy of the wal-index header content.
+**
+** The actual header in the wal-index consists of two copies of this
+** object followed by one instance of the WalCkptInfo object.
+** For all versions of SQLite through 3.10.0 and probably beyond,
+** the locking bytes (WalCkptInfo.aLock) start at offset 120 and
+** the total header size is 136 bytes.
+**
+** The szPage value can be any power of 2 between 512 and 32768, inclusive.
+** Or it can be 1 to represent a 65536-byte page.  The latter case was
+** added in 3.7.1 when support for 64K pages was added.  
+*/
+struct WalIndexHdr {
+  u32 iVersion;                   /* Wal-index version */
+  u32 unused;                     /* Unused (padding) field */
+  u32 iChange;                    /* Counter incremented each transaction */
+  u8 isInit;                      /* 1 when initialized */
+  u8 bigEndCksum;                 /* True if checksums in WAL are big-endian */
+  u16 szPage;                     /* Database page size in bytes. 1==64K */
+  u32 mxFrame;                    /* Index of last valid frame in the WAL */
+  u32 nPage;                      /* Size of database in pages */
+  u32 aFrameCksum[2];             /* Checksum of last frame in log */
+  u32 aSalt[2];                   /* Two salt values copied from WAL header */
+  u32 aCksum[2];                  /* Checksum over all prior fields */
+};
+
+/*
+** A copy of the following object occurs in the wal-index immediately
+** following the second copy of the WalIndexHdr.  This object stores
+** information used by checkpoint.
+**
+** nBackfill is the number of frames in the WAL that have been written
+** back into the database. (We call the act of moving content from WAL to
+** database "backfilling".)  The nBackfill number is never greater than
+** WalIndexHdr.mxFrame.  nBackfill can only be increased by threads
+** holding the WAL_CKPT_LOCK lock (which includes a recovery thread).
+** However, a WAL_WRITE_LOCK thread can move the value of nBackfill from
+** mxFrame back to zero when the WAL is reset.
+**
+** nBackfillAttempted is the largest value of nBackfill that a checkpoint
+** has attempted to achieve.  Normally nBackfill==nBackfillAtempted, however
+** the nBackfillAttempted is set before any backfilling is done and the
+** nBackfill is only set after all backfilling completes.  So if a checkpoint
+** crashes, nBackfillAttempted might be larger than nBackfill.  The
+** WalIndexHdr.mxFrame must never be less than nBackfillAttempted.
+**
+** The aLock[] field is a set of bytes used for locking.  These bytes should
+** never be read or written.
+**
+** There is one entry in aReadMark[] for each reader lock.  If a reader
+** holds read-lock K, then the value in aReadMark[K] is no greater than
+** the mxFrame for that reader.  The value READMARK_NOT_USED (0xffffffff)
+** for any aReadMark[] means that entry is unused.  aReadMark[0] is 
+** a special case; its value is never used and it exists as a place-holder
+** to avoid having to offset aReadMark[] indexs by one.  Readers holding
+** WAL_READ_LOCK(0) always ignore the entire WAL and read all content
+** directly from the database.
+**
+** The value of aReadMark[K] may only be changed by a thread that
+** is holding an exclusive lock on WAL_READ_LOCK(K).  Thus, the value of
+** aReadMark[K] cannot changed while there is a reader is using that mark
+** since the reader will be holding a shared lock on WAL_READ_LOCK(K).
+**
+** The checkpointer may only transfer frames from WAL to database where
+** the frame numbers are less than or equal to every aReadMark[] that is
+** in use (that is, every aReadMark[j] for which there is a corresponding
+** WAL_READ_LOCK(j)).  New readers (usually) pick the aReadMark[] with the
+** largest value and will increase an unused aReadMark[] to mxFrame if there
+** is not already an aReadMark[] equal to mxFrame.  The exception to the
+** previous sentence is when nBackfill equals mxFrame (meaning that everything
+** in the WAL has been backfilled into the database) then new readers
+** will choose aReadMark[0] which has value 0 and hence such reader will
+** get all their all content directly from the database file and ignore 
+** the WAL.
+**
+** Writers normally append new frames to the end of the WAL.  However,
+** if nBackfill equals mxFrame (meaning that all WAL content has been
+** written back into the database) and if no readers are using the WAL
+** (in other words, if there are no WAL_READ_LOCK(i) where i>0) then
+** the writer will first "reset" the WAL back to the beginning and start
+** writing new content beginning at frame 1.
+**
+** We assume that 32-bit loads are atomic and so no locks are needed in
+** order to read from any aReadMark[] entries.
+*/
+struct WalCkptInfo {
+  u32 nBackfill;                  /* Number of WAL frames backfilled into DB */
+  u32 aReadMark[WAL_NREADER];     /* Reader marks */
+  u8 aLock[SQLITE_SHM_NLOCK];     /* Reserved space for locks */
+  u32 nBackfillAttempted;         /* WAL frames perhaps written, or maybe not */
+  u32 notUsed0;                   /* Available for future enhancements */
+};
+#define READMARK_NOT_USED  0xffffffff
+
+
+/* A block of WALINDEX_LOCK_RESERVED bytes beginning at
+** WALINDEX_LOCK_OFFSET is reserved for locks. Since some systems
+** only support mandatory file-locks, we do not read or write data
+** from the region of the file on which locks are applied.
+*/
+#define WALINDEX_LOCK_OFFSET (sizeof(WalIndexHdr)*2+offsetof(WalCkptInfo,aLock))
+#define WALINDEX_HDR_SIZE    (sizeof(WalIndexHdr)*2+sizeof(WalCkptInfo))
+
+/* Size of header before each frame in wal */
+#define WAL_FRAME_HDRSIZE 24
+
+/* Size of write ahead log header, including checksum. */
+/* #define WAL_HDRSIZE 24 */
+#define WAL_HDRSIZE 32
+
+/* WAL magic value. Either this value, or the same value with the least
+** significant bit also set (WAL_MAGIC | 0x00000001) is stored in 32-bit
+** big-endian format in the first 4 bytes of a WAL file.
+**
+** If the LSB is set, then the checksums for each frame within the WAL
+** file are calculated by treating all data as an array of 32-bit 
+** big-endian words. Otherwise, they are calculated by interpreting 
+** all data as 32-bit little-endian words.
+*/
+#define WAL_MAGIC 0x377f0682
+
+/*
+** Return the offset of frame iFrame in the write-ahead log file, 
+** assuming a database page size of szPage bytes. The offset returned
+** is to the start of the write-ahead log frame-header.
+*/
+#define walFrameOffset(iFrame, szPage) (                               \
+  WAL_HDRSIZE + ((iFrame)-1)*(i64)((szPage)+WAL_FRAME_HDRSIZE)         \
+)
+
+/*
+** An open write-ahead log file is represented by an instance of the
+** following object.
+*/
+struct Wal {
+  sqlite3_vfs *pVfs;         /* The VFS used to create pDbFd */
+  sqlite3_file *pDbFd;       /* File handle for the database file */
+  sqlite3_file *pWalFd;      /* File handle for WAL file */
+  u32 iCallback;             /* Value to pass to log callback (or 0) */
+  i64 mxWalSize;             /* Truncate WAL to this size upon reset */
+  int nWiData;               /* Size of array apWiData */
+  int szFirstBlock;          /* Size of first block written to WAL file */
+  volatile u32 **apWiData;   /* Pointer to wal-index content in memory */
+  u32 szPage;                /* Database page size */
+  i16 readLock;              /* Which read lock is being held.  -1 for none */
+  u8 syncFlags;              /* Flags to use to sync header writes */
+  u8 exclusiveMode;          /* Non-zero if connection is in exclusive mode */
+  u8 writeLock;              /* True if in a write transaction */
+  u8 ckptLock;               /* True if holding a checkpoint lock */
+  u8 readOnly;               /* WAL_RDWR, WAL_RDONLY, or WAL_SHM_RDONLY */
+  u8 truncateOnCommit;       /* True to truncate WAL file on commit */
+  u8 syncHeader;             /* Fsync the WAL header if true */
+  u8 padToSectorBoundary;    /* Pad transactions out to the next sector */
+  WalIndexHdr hdr;           /* Wal-index header for current transaction */
+  u32 minFrame;              /* Ignore wal frames before this one */
+  const char *zWalName;      /* Name of WAL file */
+  u32 nCkpt;                 /* Checkpoint sequence counter in the wal-header */
+#ifdef SQLITE_DEBUG
+  u8 lockError;              /* True if a locking error has occurred */
+#endif
+#ifdef SQLITE_ENABLE_SNAPSHOT
+  WalIndexHdr *pSnapshot;    /* Start transaction here if not NULL */
+#endif
+};
+
+/*
+** Candidate values for Wal.exclusiveMode.
+*/
+#define WAL_NORMAL_MODE     0
+#define WAL_EXCLUSIVE_MODE  1     
+#define WAL_HEAPMEMORY_MODE 2
+
+/*
+** Possible values for WAL.readOnly
+*/
+#define WAL_RDWR        0    /* Normal read/write connection */
+#define WAL_RDONLY      1    /* The WAL file is readonly */
+#define WAL_SHM_RDONLY  2    /* The SHM file is readonly */
+
+/*
+** Each page of the wal-index mapping contains a hash-table made up of
+** an array of HASHTABLE_NSLOT elements of the following type.
+*/
+typedef u16 ht_slot;
+
+/*
+** This structure is used to implement an iterator that loops through
+** all frames in the WAL in database page order. Where two or more frames
+** correspond to the same database page, the iterator visits only the 
+** frame most recently written to the WAL (in other words, the frame with
+** the largest index).
+**
+** The internals of this structure are only accessed by:
+**
+**   walIteratorInit() - Create a new iterator,
+**   walIteratorNext() - Step an iterator,
+**   walIteratorFree() - Free an iterator.
+**
+** This functionality is used by the checkpoint code (see walCheckpoint()).
+*/
+struct WalIterator {
+  int iPrior;                     /* Last result returned from the iterator */
+  int nSegment;                   /* Number of entries in aSegment[] */
+  struct WalSegment {
+    int iNext;                    /* Next slot in aIndex[] not yet returned */
+    ht_slot *aIndex;              /* i0, i1, i2... such that aPgno[iN] ascend */
+    u32 *aPgno;                   /* Array of page numbers. */
+    int nEntry;                   /* Nr. of entries in aPgno[] and aIndex[] */
+    int iZero;                    /* Frame number associated with aPgno[0] */
+  } aSegment[1];                  /* One for every 32KB page in the wal-index */
+};
+
+/*
+** Define the parameters of the hash tables in the wal-index file. There
+** is a hash-table following every HASHTABLE_NPAGE page numbers in the
+** wal-index.
+**
+** Changing any of these constants will alter the wal-index format and
+** create incompatibilities.
+*/
+#define HASHTABLE_NPAGE      4096                 /* Must be power of 2 */
+#define HASHTABLE_HASH_1     383                  /* Should be prime */
+#define HASHTABLE_NSLOT      (HASHTABLE_NPAGE*2)  /* Must be a power of 2 */
+
+/* 
+** The block of page numbers associated with the first hash-table in a
+** wal-index is smaller than usual. This is so that there is a complete
+** hash-table on each aligned 32KB page of the wal-index.
+*/
+#define HASHTABLE_NPAGE_ONE  (HASHTABLE_NPAGE - (WALINDEX_HDR_SIZE/sizeof(u32)))
+
+/* The wal-index is divided into pages of WALINDEX_PGSZ bytes each. */
+#define WALINDEX_PGSZ   (                                         \
+    sizeof(ht_slot)*HASHTABLE_NSLOT + HASHTABLE_NPAGE*sizeof(u32) \
+)
+
+/*
+** Obtain a pointer to the iPage'th page of the wal-index. The wal-index
+** is broken into pages of WALINDEX_PGSZ bytes. Wal-index pages are
+** numbered from zero.
+**
+** If this call is successful, *ppPage is set to point to the wal-index
+** page and SQLITE_OK is returned. If an error (an OOM or VFS error) occurs,
+** then an SQLite error code is returned and *ppPage is set to 0.
+*/
+static int walIndexPage(Wal *pWal, int iPage, volatile u32 **ppPage){
+  int rc = SQLITE_OK;
+
+  /* Enlarge the pWal->apWiData[] array if required */
+  if( pWal->nWiData<=iPage ){
+    int nByte = sizeof(u32*)*(iPage+1);
+    volatile u32 **apNew;
+    apNew = (volatile u32 **)sqlite3_realloc64((void *)pWal->apWiData, nByte);
+    if( !apNew ){
+      *ppPage = 0;
+      return SQLITE_NOMEM;
+    }
+    memset((void*)&apNew[pWal->nWiData], 0,
+           sizeof(u32*)*(iPage+1-pWal->nWiData));
+    pWal->apWiData = apNew;
+    pWal->nWiData = iPage+1;
+  }
+
+  /* Request a pointer to the required page from the VFS */
+  if( pWal->apWiData[iPage]==0 ){
+    if( pWal->exclusiveMode==WAL_HEAPMEMORY_MODE ){
+      pWal->apWiData[iPage] = (u32 volatile *)sqlite3MallocZero(WALINDEX_PGSZ);
+      if( !pWal->apWiData[iPage] ) rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3OsShmMap(pWal->pDbFd, iPage, WALINDEX_PGSZ, 
+          pWal->writeLock, (void volatile **)&pWal->apWiData[iPage]
+      );
+      if( rc==SQLITE_READONLY ){
+        pWal->readOnly |= WAL_SHM_RDONLY;
+        rc = SQLITE_OK;
+      }
+    }
+  }
+
+  *ppPage = pWal->apWiData[iPage];
+  assert( iPage==0 || *ppPage || rc!=SQLITE_OK );
+  return rc;
+}
+
+/*
+** Return a pointer to the WalCkptInfo structure in the wal-index.
+*/
+static volatile WalCkptInfo *walCkptInfo(Wal *pWal){
+  assert( pWal->nWiData>0 && pWal->apWiData[0] );
+  return (volatile WalCkptInfo*)&(pWal->apWiData[0][sizeof(WalIndexHdr)/2]);
+}
+
+/*
+** Return a pointer to the WalIndexHdr structure in the wal-index.
+*/
+static volatile WalIndexHdr *walIndexHdr(Wal *pWal){
+  assert( pWal->nWiData>0 && pWal->apWiData[0] );
+  return (volatile WalIndexHdr*)pWal->apWiData[0];
+}
+
+/*
+** The argument to this macro must be of type u32. On a little-endian
+** architecture, it returns the u32 value that results from interpreting
+** the 4 bytes as a big-endian value. On a big-endian architecture, it
+** returns the value that would be produced by interpreting the 4 bytes
+** of the input value as a little-endian integer.
+*/
+#define BYTESWAP32(x) ( \
+    (((x)&0x000000FF)<<24) + (((x)&0x0000FF00)<<8)  \
+  + (((x)&0x00FF0000)>>8)  + (((x)&0xFF000000)>>24) \
+)
+
+/*
+** Generate or extend an 8 byte checksum based on the data in 
+** array aByte[] and the initial values of aIn[0] and aIn[1] (or
+** initial values of 0 and 0 if aIn==NULL).
+**
+** The checksum is written back into aOut[] before returning.
+**
+** nByte must be a positive multiple of 8.
+*/
+static void walChecksumBytes(
+  int nativeCksum, /* True for native byte-order, false for non-native */
+  u8 *a,           /* Content to be checksummed */
+  int nByte,       /* Bytes of content in a[].  Must be a multiple of 8. */
+  const u32 *aIn,  /* Initial checksum value input */
+  u32 *aOut        /* OUT: Final checksum value output */
+){
+  u32 s1, s2;
+  u32 *aData = (u32 *)a;
+  u32 *aEnd = (u32 *)&a[nByte];
+
+  if( aIn ){
+    s1 = aIn[0];
+    s2 = aIn[1];
+  }else{
+    s1 = s2 = 0;
+  }
+
+  assert( nByte>=8 );
+  assert( (nByte&0x00000007)==0 );
+
+  if( nativeCksum ){
+    do {
+      s1 += *aData++ + s2;
+      s2 += *aData++ + s1;
+    }while( aData<aEnd );
+  }else{
+    do {
+      s1 += BYTESWAP32(aData[0]) + s2;
+      s2 += BYTESWAP32(aData[1]) + s1;
+      aData += 2;
+    }while( aData<aEnd );
+  }
+
+  aOut[0] = s1;
+  aOut[1] = s2;
+}
+
+static void walShmBarrier(Wal *pWal){
+  if( pWal->exclusiveMode!=WAL_HEAPMEMORY_MODE ){
+    sqlite3OsShmBarrier(pWal->pDbFd);
+  }
+}
+
+/*
+** Write the header information in pWal->hdr into the wal-index.
+**
+** The checksum on pWal->hdr is updated before it is written.
+*/
+static void walIndexWriteHdr(Wal *pWal){
+  volatile WalIndexHdr *aHdr = walIndexHdr(pWal);
+  const int nCksum = offsetof(WalIndexHdr, aCksum);
+
+  assert( pWal->writeLock );
+  pWal->hdr.isInit = 1;
+  pWal->hdr.iVersion = WALINDEX_MAX_VERSION;
+  walChecksumBytes(1, (u8*)&pWal->hdr, nCksum, 0, pWal->hdr.aCksum);
+  memcpy((void*)&aHdr[1], (const void*)&pWal->hdr, sizeof(WalIndexHdr));
+  walShmBarrier(pWal);
+  memcpy((void*)&aHdr[0], (const void*)&pWal->hdr, sizeof(WalIndexHdr));
+}
+
+/*
+** This function encodes a single frame header and writes it to a buffer
+** supplied by the caller. A frame-header is made up of a series of 
+** 4-byte big-endian integers, as follows:
+**
+**     0: Page number.
+**     4: For commit records, the size of the database image in pages 
+**        after the commit. For all other records, zero.
+**     8: Salt-1 (copied from the wal-header)
+**    12: Salt-2 (copied from the wal-header)
+**    16: Checksum-1.
+**    20: Checksum-2.
+*/
+static void walEncodeFrame(
+  Wal *pWal,                      /* The write-ahead log */
+  u32 iPage,                      /* Database page number for frame */
+  u32 nTruncate,                  /* New db size (or 0 for non-commit frames) */
+  u8 *aData,                      /* Pointer to page data */
+  u8 *aFrame                      /* OUT: Write encoded frame here */
+){
+  int nativeCksum;                /* True for native byte-order checksums */
+  u32 *aCksum = pWal->hdr.aFrameCksum;
+  assert( WAL_FRAME_HDRSIZE==24 );
+  sqlite3Put4byte(&aFrame[0], iPage);
+  sqlite3Put4byte(&aFrame[4], nTruncate);
+  memcpy(&aFrame[8], pWal->hdr.aSalt, 8);
+
+  nativeCksum = (pWal->hdr.bigEndCksum==SQLITE_BIGENDIAN);
+  walChecksumBytes(nativeCksum, aFrame, 8, aCksum, aCksum);
+  walChecksumBytes(nativeCksum, aData, pWal->szPage, aCksum, aCksum);
+
+  sqlite3Put4byte(&aFrame[16], aCksum[0]);
+  sqlite3Put4byte(&aFrame[20], aCksum[1]);
+}
+
+/*
+** Check to see if the frame with header in aFrame[] and content
+** in aData[] is valid.  If it is a valid frame, fill *piPage and
+** *pnTruncate and return true.  Return if the frame is not valid.
+*/
+static int walDecodeFrame(
+  Wal *pWal,                      /* The write-ahead log */
+  u32 *piPage,                    /* OUT: Database page number for frame */
+  u32 *pnTruncate,                /* OUT: New db size (or 0 if not commit) */
+  u8 *aData,                      /* Pointer to page data (for checksum) */
+  u8 *aFrame                      /* Frame data */
+){
+  int nativeCksum;                /* True for native byte-order checksums */
+  u32 *aCksum = pWal->hdr.aFrameCksum;
+  u32 pgno;                       /* Page number of the frame */
+  assert( WAL_FRAME_HDRSIZE==24 );
+
+  /* A frame is only valid if the salt values in the frame-header
+  ** match the salt values in the wal-header. 
+  */
+  if( memcmp(&pWal->hdr.aSalt, &aFrame[8], 8)!=0 ){
+    return 0;
+  }
+
+  /* A frame is only valid if the page number is creater than zero.
+  */
+  pgno = sqlite3Get4byte(&aFrame[0]);
+  if( pgno==0 ){
+    return 0;
+  }
+
+  /* A frame is only valid if a checksum of the WAL header,
+  ** all prior frams, the first 16 bytes of this frame-header, 
+  ** and the frame-data matches the checksum in the last 8 
+  ** bytes of this frame-header.
+  */
+  nativeCksum = (pWal->hdr.bigEndCksum==SQLITE_BIGENDIAN);
+  walChecksumBytes(nativeCksum, aFrame, 8, aCksum, aCksum);
+  walChecksumBytes(nativeCksum, aData, pWal->szPage, aCksum, aCksum);
+  if( aCksum[0]!=sqlite3Get4byte(&aFrame[16]) 
+   || aCksum[1]!=sqlite3Get4byte(&aFrame[20]) 
+  ){
+    /* Checksum failed. */
+    return 0;
+  }
+
+  /* If we reach this point, the frame is valid.  Return the page number
+  ** and the new database size.
+  */
+  *piPage = pgno;
+  *pnTruncate = sqlite3Get4byte(&aFrame[4]);
+  return 1;
+}
+
+
+#if defined(SQLITE_TEST) && defined(SQLITE_DEBUG)
+/*
+** Names of locks.  This routine is used to provide debugging output and is not
+** a part of an ordinary build.
+*/
+static const char *walLockName(int lockIdx){
+  if( lockIdx==WAL_WRITE_LOCK ){
+    return "WRITE-LOCK";
+  }else if( lockIdx==WAL_CKPT_LOCK ){
+    return "CKPT-LOCK";
+  }else if( lockIdx==WAL_RECOVER_LOCK ){
+    return "RECOVER-LOCK";
+  }else{
+    static char zName[15];
+    sqlite3_snprintf(sizeof(zName), zName, "READ-LOCK[%d]",
+                     lockIdx-WAL_READ_LOCK(0));
+    return zName;
+  }
+}
+#endif /*defined(SQLITE_TEST) || defined(SQLITE_DEBUG) */
+    
+
+/*
+** Set or release locks on the WAL.  Locks are either shared or exclusive.
+** A lock cannot be moved directly between shared and exclusive - it must go
+** through the unlocked state first.
+**
+** In locking_mode=EXCLUSIVE, all of these routines become no-ops.
+*/
+static int walLockShared(Wal *pWal, int lockIdx){
+  int rc;
+  if( pWal->exclusiveMode ) return SQLITE_OK;
+  rc = sqlite3OsShmLock(pWal->pDbFd, lockIdx, 1,
+                        SQLITE_SHM_LOCK | SQLITE_SHM_SHARED);
+  WALTRACE(("WAL%p: acquire SHARED-%s %s\n", pWal,
+            walLockName(lockIdx), rc ? "failed" : "ok"));
+  VVA_ONLY( pWal->lockError = (u8)(rc!=SQLITE_OK && rc!=SQLITE_BUSY); )
+  return rc;
+}
+static void walUnlockShared(Wal *pWal, int lockIdx){
+  if( pWal->exclusiveMode ) return;
+  (void)sqlite3OsShmLock(pWal->pDbFd, lockIdx, 1,
+                         SQLITE_SHM_UNLOCK | SQLITE_SHM_SHARED);
+  WALTRACE(("WAL%p: release SHARED-%s\n", pWal, walLockName(lockIdx)));
+}
+static int walLockExclusive(Wal *pWal, int lockIdx, int n){
+  int rc;
+  if( pWal->exclusiveMode ) return SQLITE_OK;
+  rc = sqlite3OsShmLock(pWal->pDbFd, lockIdx, n,
+                        SQLITE_SHM_LOCK | SQLITE_SHM_EXCLUSIVE);
+  WALTRACE(("WAL%p: acquire EXCLUSIVE-%s cnt=%d %s\n", pWal,
+            walLockName(lockIdx), n, rc ? "failed" : "ok"));
+  VVA_ONLY( pWal->lockError = (u8)(rc!=SQLITE_OK && rc!=SQLITE_BUSY); )
+  return rc;
+}
+static void walUnlockExclusive(Wal *pWal, int lockIdx, int n){
+  if( pWal->exclusiveMode ) return;
+  (void)sqlite3OsShmLock(pWal->pDbFd, lockIdx, n,
+                         SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE);
+  WALTRACE(("WAL%p: release EXCLUSIVE-%s cnt=%d\n", pWal,
+             walLockName(lockIdx), n));
+}
+
+/*
+** Compute a hash on a page number.  The resulting hash value must land
+** between 0 and (HASHTABLE_NSLOT-1).  The walHashNext() function advances
+** the hash to the next value in the event of a collision.
+*/
+static int walHash(u32 iPage){
+  assert( iPage>0 );
+  assert( (HASHTABLE_NSLOT & (HASHTABLE_NSLOT-1))==0 );
+  return (iPage*HASHTABLE_HASH_1) & (HASHTABLE_NSLOT-1);
+}
+static int walNextHash(int iPriorHash){
+  return (iPriorHash+1)&(HASHTABLE_NSLOT-1);
+}
+
+/* 
+** Return pointers to the hash table and page number array stored on
+** page iHash of the wal-index. The wal-index is broken into 32KB pages
+** numbered starting from 0.
+**
+** Set output variable *paHash to point to the start of the hash table
+** in the wal-index file. Set *piZero to one less than the frame 
+** number of the first frame indexed by this hash table. If a
+** slot in the hash table is set to N, it refers to frame number 
+** (*piZero+N) in the log.
+**
+** Finally, set *paPgno so that *paPgno[1] is the page number of the
+** first frame indexed by the hash table, frame (*piZero+1).
+*/
+static int walHashGet(
+  Wal *pWal,                      /* WAL handle */
+  int iHash,                      /* Find the iHash'th table */
+  volatile ht_slot **paHash,      /* OUT: Pointer to hash index */
+  volatile u32 **paPgno,          /* OUT: Pointer to page number array */
+  u32 *piZero                     /* OUT: Frame associated with *paPgno[0] */
+){
+  int rc;                         /* Return code */
+  volatile u32 *aPgno;
+
+  rc = walIndexPage(pWal, iHash, &aPgno);
+  assert( rc==SQLITE_OK || iHash>0 );
+
+  if( rc==SQLITE_OK ){
+    u32 iZero;
+    volatile ht_slot *aHash;
+
+    aHash = (volatile ht_slot *)&aPgno[HASHTABLE_NPAGE];
+    if( iHash==0 ){
+      aPgno = &aPgno[WALINDEX_HDR_SIZE/sizeof(u32)];
+      iZero = 0;
+    }else{
+      iZero = HASHTABLE_NPAGE_ONE + (iHash-1)*HASHTABLE_NPAGE;
+    }
+  
+    *paPgno = &aPgno[-1];
+    *paHash = aHash;
+    *piZero = iZero;
+  }
+  return rc;
+}
+
+/*
+** Return the number of the wal-index page that contains the hash-table
+** and page-number array that contain entries corresponding to WAL frame
+** iFrame. The wal-index is broken up into 32KB pages. Wal-index pages 
+** are numbered starting from 0.
+*/
+static int walFramePage(u32 iFrame){
+  int iHash = (iFrame+HASHTABLE_NPAGE-HASHTABLE_NPAGE_ONE-1) / HASHTABLE_NPAGE;
+  assert( (iHash==0 || iFrame>HASHTABLE_NPAGE_ONE)
+       && (iHash>=1 || iFrame<=HASHTABLE_NPAGE_ONE)
+       && (iHash<=1 || iFrame>(HASHTABLE_NPAGE_ONE+HASHTABLE_NPAGE))
+       && (iHash>=2 || iFrame<=HASHTABLE_NPAGE_ONE+HASHTABLE_NPAGE)
+       && (iHash<=2 || iFrame>(HASHTABLE_NPAGE_ONE+2*HASHTABLE_NPAGE))
+  );
+  return iHash;
+}
+
+/*
+** Return the page number associated with frame iFrame in this WAL.
+*/
+static u32 walFramePgno(Wal *pWal, u32 iFrame){
+  int iHash = walFramePage(iFrame);
+  if( iHash==0 ){
+    return pWal->apWiData[0][WALINDEX_HDR_SIZE/sizeof(u32) + iFrame - 1];
+  }
+  return pWal->apWiData[iHash][(iFrame-1-HASHTABLE_NPAGE_ONE)%HASHTABLE_NPAGE];
+}
+
+/*
+** Remove entries from the hash table that point to WAL slots greater
+** than pWal->hdr.mxFrame.
+**
+** This function is called whenever pWal->hdr.mxFrame is decreased due
+** to a rollback or savepoint.
+**
+** At most only the hash table containing pWal->hdr.mxFrame needs to be
+** updated.  Any later hash tables will be automatically cleared when
+** pWal->hdr.mxFrame advances to the point where those hash tables are
+** actually needed.
+*/
+static void walCleanupHash(Wal *pWal){
+  volatile ht_slot *aHash = 0;    /* Pointer to hash table to clear */
+  volatile u32 *aPgno = 0;        /* Page number array for hash table */
+  u32 iZero = 0;                  /* frame == (aHash[x]+iZero) */
+  int iLimit = 0;                 /* Zero values greater than this */
+  int nByte;                      /* Number of bytes to zero in aPgno[] */
+  int i;                          /* Used to iterate through aHash[] */
+
+  assert( pWal->writeLock );
+  testcase( pWal->hdr.mxFrame==HASHTABLE_NPAGE_ONE-1 );
+  testcase( pWal->hdr.mxFrame==HASHTABLE_NPAGE_ONE );
+  testcase( pWal->hdr.mxFrame==HASHTABLE_NPAGE_ONE+1 );
+
+  if( pWal->hdr.mxFrame==0 ) return;
+
+  /* Obtain pointers to the hash-table and page-number array containing 
+  ** the entry that corresponds to frame pWal->hdr.mxFrame. It is guaranteed
+  ** that the page said hash-table and array reside on is already mapped.
+  */
+  assert( pWal->nWiData>walFramePage(pWal->hdr.mxFrame) );
+  assert( pWal->apWiData[walFramePage(pWal->hdr.mxFrame)] );
+  walHashGet(pWal, walFramePage(pWal->hdr.mxFrame), &aHash, &aPgno, &iZero);
+
+  /* Zero all hash-table entries that correspond to frame numbers greater
+  ** than pWal->hdr.mxFrame.
+  */
+  iLimit = pWal->hdr.mxFrame - iZero;
+  assert( iLimit>0 );
+  for(i=0; i<HASHTABLE_NSLOT; i++){
+    if( aHash[i]>iLimit ){
+      aHash[i] = 0;
+    }
+  }
+  
+  /* Zero the entries in the aPgno array that correspond to frames with
+  ** frame numbers greater than pWal->hdr.mxFrame. 
+  */
+  nByte = (int)((char *)aHash - (char *)&aPgno[iLimit+1]);
+  memset((void *)&aPgno[iLimit+1], 0, nByte);
+
+#ifdef SQLITE_ENABLE_EXPENSIVE_ASSERT
+  /* Verify that the every entry in the mapping region is still reachable
+  ** via the hash table even after the cleanup.
+  */
+  if( iLimit ){
+    int j;           /* Loop counter */
+    int iKey;        /* Hash key */
+    for(j=1; j<=iLimit; j++){
+      for(iKey=walHash(aPgno[j]); aHash[iKey]; iKey=walNextHash(iKey)){
+        if( aHash[iKey]==j ) break;
+      }
+      assert( aHash[iKey]==j );
+    }
+  }
+#endif /* SQLITE_ENABLE_EXPENSIVE_ASSERT */
+}
+
+
+/*
+** Set an entry in the wal-index that will map database page number
+** pPage into WAL frame iFrame.
+*/
+static int walIndexAppend(Wal *pWal, u32 iFrame, u32 iPage){
+  int rc;                         /* Return code */
+  u32 iZero = 0;                  /* One less than frame number of aPgno[1] */
+  volatile u32 *aPgno = 0;        /* Page number array */
+  volatile ht_slot *aHash = 0;    /* Hash table */
+
+  rc = walHashGet(pWal, walFramePage(iFrame), &aHash, &aPgno, &iZero);
+
+  /* Assuming the wal-index file was successfully mapped, populate the
+  ** page number array and hash table entry.
+  */
+  if( rc==SQLITE_OK ){
+    int iKey;                     /* Hash table key */
+    int idx;                      /* Value to write to hash-table slot */
+    int nCollide;                 /* Number of hash collisions */
+
+    idx = iFrame - iZero;
+    assert( idx <= HASHTABLE_NSLOT/2 + 1 );
+    
+    /* If this is the first entry to be added to this hash-table, zero the
+    ** entire hash table and aPgno[] array before proceeding. 
+    */
+    if( idx==1 ){
+      int nByte = (int)((u8 *)&aHash[HASHTABLE_NSLOT] - (u8 *)&aPgno[1]);
+      memset((void*)&aPgno[1], 0, nByte);
+    }
+
+    /* If the entry in aPgno[] is already set, then the previous writer
+    ** must have exited unexpectedly in the middle of a transaction (after
+    ** writing one or more dirty pages to the WAL to free up memory). 
+    ** Remove the remnants of that writers uncommitted transaction from 
+    ** the hash-table before writing any new entries.
+    */
+    if( aPgno[idx] ){
+      walCleanupHash(pWal);
+      assert( !aPgno[idx] );
+    }
+
+    /* Write the aPgno[] array entry and the hash-table slot. */
+    nCollide = idx;
+    for(iKey=walHash(iPage); aHash[iKey]; iKey=walNextHash(iKey)){
+      if( (nCollide--)==0 ) return SQLITE_CORRUPT_BKPT;
+    }
+    aPgno[idx] = iPage;
+    aHash[iKey] = (ht_slot)idx;
+
+#ifdef SQLITE_ENABLE_EXPENSIVE_ASSERT
+    /* Verify that the number of entries in the hash table exactly equals
+    ** the number of entries in the mapping region.
+    */
+    {
+      int i;           /* Loop counter */
+      int nEntry = 0;  /* Number of entries in the hash table */
+      for(i=0; i<HASHTABLE_NSLOT; i++){ if( aHash[i] ) nEntry++; }
+      assert( nEntry==idx );
+    }
+
+    /* Verify that the every entry in the mapping region is reachable
+    ** via the hash table.  This turns out to be a really, really expensive
+    ** thing to check, so only do this occasionally - not on every
+    ** iteration.
+    */
+    if( (idx&0x3ff)==0 ){
+      int i;           /* Loop counter */
+      for(i=1; i<=idx; i++){
+        for(iKey=walHash(aPgno[i]); aHash[iKey]; iKey=walNextHash(iKey)){
+          if( aHash[iKey]==i ) break;
+        }
+        assert( aHash[iKey]==i );
+      }
+    }
+#endif /* SQLITE_ENABLE_EXPENSIVE_ASSERT */
+  }
+
+
+  return rc;
+}
+
+
+/*
+** Recover the wal-index by reading the write-ahead log file. 
+**
+** This routine first tries to establish an exclusive lock on the
+** wal-index to prevent other threads/processes from doing anything
+** with the WAL or wal-index while recovery is running.  The
+** WAL_RECOVER_LOCK is also held so that other threads will know
+** that this thread is running recovery.  If unable to establish
+** the necessary locks, this routine returns SQLITE_BUSY.
+*/
+static int walIndexRecover(Wal *pWal){
+  int rc;                         /* Return Code */
+  i64 nSize;                      /* Size of log file */
+  u32 aFrameCksum[2] = {0, 0};
+  int iLock;                      /* Lock offset to lock for checkpoint */
+  int nLock;                      /* Number of locks to hold */
+
+  /* Obtain an exclusive lock on all byte in the locking range not already
+  ** locked by the caller. The caller is guaranteed to have locked the
+  ** WAL_WRITE_LOCK byte, and may have also locked the WAL_CKPT_LOCK byte.
+  ** If successful, the same bytes that are locked here are unlocked before
+  ** this function returns.
+  */
+  assert( pWal->ckptLock==1 || pWal->ckptLock==0 );
+  assert( WAL_ALL_BUT_WRITE==WAL_WRITE_LOCK+1 );
+  assert( WAL_CKPT_LOCK==WAL_ALL_BUT_WRITE );
+  assert( pWal->writeLock );
+  iLock = WAL_ALL_BUT_WRITE + pWal->ckptLock;
+  nLock = SQLITE_SHM_NLOCK - iLock;
+  rc = walLockExclusive(pWal, iLock, nLock);
+  if( rc ){
+    return rc;
+  }
+  WALTRACE(("WAL%p: recovery begin...\n", pWal));
+
+  memset(&pWal->hdr, 0, sizeof(WalIndexHdr));
+
+  rc = sqlite3OsFileSize(pWal->pWalFd, &nSize);
+  if( rc!=SQLITE_OK ){
+    goto recovery_error;
+  }
+
+  if( nSize>WAL_HDRSIZE ){
+    u8 aBuf[WAL_HDRSIZE];         /* Buffer to load WAL header into */
+    u8 *aFrame = 0;               /* Malloc'd buffer to load entire frame */
+    int szFrame;                  /* Number of bytes in buffer aFrame[] */
+    u8 *aData;                    /* Pointer to data part of aFrame buffer */
+    int iFrame;                   /* Index of last frame read */
+    i64 iOffset;                  /* Next offset to read from log file */
+    int szPage;                   /* Page size according to the log */
+    u32 magic;                    /* Magic value read from WAL header */
+    u32 version;                  /* Magic value read from WAL header */
+    int isValid;                  /* True if this frame is valid */
+
+    /* Read in the WAL header. */
+    rc = sqlite3OsRead(pWal->pWalFd, aBuf, WAL_HDRSIZE, 0);
+    if( rc!=SQLITE_OK ){
+      goto recovery_error;
+    }
+
+    /* If the database page size is not a power of two, or is greater than
+    ** SQLITE_MAX_PAGE_SIZE, conclude that the WAL file contains no valid 
+    ** data. Similarly, if the 'magic' value is invalid, ignore the whole
+    ** WAL file.
+    */
+    magic = sqlite3Get4byte(&aBuf[0]);
+    szPage = sqlite3Get4byte(&aBuf[8]);
+    if( (magic&0xFFFFFFFE)!=WAL_MAGIC 
+     || szPage&(szPage-1) 
+     || szPage>SQLITE_MAX_PAGE_SIZE 
+     || szPage<512 
+    ){
+      goto finished;
+    }
+    pWal->hdr.bigEndCksum = (u8)(magic&0x00000001);
+    pWal->szPage = szPage;
+    pWal->nCkpt = sqlite3Get4byte(&aBuf[12]);
+    memcpy(&pWal->hdr.aSalt, &aBuf[16], 8);
+
+    /* Verify that the WAL header checksum is correct */
+    walChecksumBytes(pWal->hdr.bigEndCksum==SQLITE_BIGENDIAN, 
+        aBuf, WAL_HDRSIZE-2*4, 0, pWal->hdr.aFrameCksum
+    );
+    if( pWal->hdr.aFrameCksum[0]!=sqlite3Get4byte(&aBuf[24])
+     || pWal->hdr.aFrameCksum[1]!=sqlite3Get4byte(&aBuf[28])
+    ){
+      goto finished;
+    }
+
+    /* Verify that the version number on the WAL format is one that
+    ** are able to understand */
+    version = sqlite3Get4byte(&aBuf[4]);
+    if( version!=WAL_MAX_VERSION ){
+      rc = SQLITE_CANTOPEN_BKPT;
+      goto finished;
+    }
+
+    /* Malloc a buffer to read frames into. */
+    szFrame = szPage + WAL_FRAME_HDRSIZE;
+    aFrame = (u8 *)sqlite3_malloc64(szFrame);
+    if( !aFrame ){
+      rc = SQLITE_NOMEM;
+      goto recovery_error;
+    }
+    aData = &aFrame[WAL_FRAME_HDRSIZE];
+
+    /* Read all frames from the log file. */
+    iFrame = 0;
+    for(iOffset=WAL_HDRSIZE; (iOffset+szFrame)<=nSize; iOffset+=szFrame){
+      u32 pgno;                   /* Database page number for frame */
+      u32 nTruncate;              /* dbsize field from frame header */
+
+      /* Read and decode the next log frame. */
+      iFrame++;
+      rc = sqlite3OsRead(pWal->pWalFd, aFrame, szFrame, iOffset);
+      if( rc!=SQLITE_OK ) break;
+      isValid = walDecodeFrame(pWal, &pgno, &nTruncate, aData, aFrame);
+      if( !isValid ) break;
+      rc = walIndexAppend(pWal, iFrame, pgno);
+      if( rc!=SQLITE_OK ) break;
+
+      /* If nTruncate is non-zero, this is a commit record. */
+      if( nTruncate ){
+        pWal->hdr.mxFrame = iFrame;
+        pWal->hdr.nPage = nTruncate;
+        pWal->hdr.szPage = (u16)((szPage&0xff00) | (szPage>>16));
+        testcase( szPage<=32768 );
+        testcase( szPage>=65536 );
+        aFrameCksum[0] = pWal->hdr.aFrameCksum[0];
+        aFrameCksum[1] = pWal->hdr.aFrameCksum[1];
+      }
+    }
+
+    sqlite3_free(aFrame);
+  }
+
+finished:
+  if( rc==SQLITE_OK ){
+    volatile WalCkptInfo *pInfo;
+    int i;
+    pWal->hdr.aFrameCksum[0] = aFrameCksum[0];
+    pWal->hdr.aFrameCksum[1] = aFrameCksum[1];
+    walIndexWriteHdr(pWal);
+
+    /* Reset the checkpoint-header. This is safe because this thread is 
+    ** currently holding locks that exclude all other readers, writers and
+    ** checkpointers.
+    */
+    pInfo = walCkptInfo(pWal);
+    pInfo->nBackfill = 0;
+    pInfo->nBackfillAttempted = pWal->hdr.mxFrame;
+    pInfo->aReadMark[0] = 0;
+    for(i=1; i<WAL_NREADER; i++) pInfo->aReadMark[i] = READMARK_NOT_USED;
+    if( pWal->hdr.mxFrame ) pInfo->aReadMark[1] = pWal->hdr.mxFrame;
+
+    /* If more than one frame was recovered from the log file, report an
+    ** event via sqlite3_log(). This is to help with identifying performance
+    ** problems caused by applications routinely shutting down without
+    ** checkpointing the log file.
+    */
+    if( pWal->hdr.nPage ){
+      sqlite3_log(SQLITE_NOTICE_RECOVER_WAL,
+          "recovered %d frames from WAL file %s",
+          pWal->hdr.mxFrame, pWal->zWalName
+      );
+    }
+  }
+
+recovery_error:
+  WALTRACE(("WAL%p: recovery %s\n", pWal, rc ? "failed" : "ok"));
+  walUnlockExclusive(pWal, iLock, nLock);
+  return rc;
+}
+
+/*
+** Close an open wal-index.
+*/
+static void walIndexClose(Wal *pWal, int isDelete){
+  if( pWal->exclusiveMode==WAL_HEAPMEMORY_MODE ){
+    int i;
+    for(i=0; i<pWal->nWiData; i++){
+      sqlite3_free((void *)pWal->apWiData[i]);
+      pWal->apWiData[i] = 0;
+    }
+  }else{
+    sqlite3OsShmUnmap(pWal->pDbFd, isDelete);
+  }
+}
+
+/* 
+** Open a connection to the WAL file zWalName. The database file must 
+** already be opened on connection pDbFd. The buffer that zWalName points
+** to must remain valid for the lifetime of the returned Wal* handle.
+**
+** A SHARED lock should be held on the database file when this function
+** is called. The purpose of this SHARED lock is to prevent any other
+** client from unlinking the WAL or wal-index file. If another process
+** were to do this just after this client opened one of these files, the
+** system would be badly broken.
+**
+** If the log file is successfully opened, SQLITE_OK is returned and 
+** *ppWal is set to point to a new WAL handle. If an error occurs,
+** an SQLite error code is returned and *ppWal is left unmodified.
+*/
+SQLITE_PRIVATE int sqlite3WalOpen(
+  sqlite3_vfs *pVfs,              /* vfs module to open wal and wal-index */
+  sqlite3_file *pDbFd,            /* The open database file */
+  const char *zWalName,           /* Name of the WAL file */
+  int bNoShm,                     /* True to run in heap-memory mode */
+  i64 mxWalSize,                  /* Truncate WAL to this size on reset */
+  Wal **ppWal                     /* OUT: Allocated Wal handle */
+){
+  int rc;                         /* Return Code */
+  Wal *pRet;                      /* Object to allocate and return */
+  int flags;                      /* Flags passed to OsOpen() */
+
+  assert( zWalName && zWalName[0] );
+  assert( pDbFd );
+
+  /* In the amalgamation, the os_unix.c and os_win.c source files come before
+  ** this source file.  Verify that the #defines of the locking byte offsets
+  ** in os_unix.c and os_win.c agree with the WALINDEX_LOCK_OFFSET value.
+  ** For that matter, if the lock offset ever changes from its initial design
+  ** value of 120, we need to know that so there is an assert() to check it.
+  */
+  assert( 120==WALINDEX_LOCK_OFFSET );
+  assert( 136==WALINDEX_HDR_SIZE );
+#ifdef WIN_SHM_BASE
+  assert( WIN_SHM_BASE==WALINDEX_LOCK_OFFSET );
+#endif
+#ifdef UNIX_SHM_BASE
+  assert( UNIX_SHM_BASE==WALINDEX_LOCK_OFFSET );
+#endif
+
+
+  /* Allocate an instance of struct Wal to return. */
+  *ppWal = 0;
+  pRet = (Wal*)sqlite3MallocZero(sizeof(Wal) + pVfs->szOsFile);
+  if( !pRet ){
+    return SQLITE_NOMEM;
+  }
+
+  pRet->pVfs = pVfs;
+  pRet->pWalFd = (sqlite3_file *)&pRet[1];
+  pRet->pDbFd = pDbFd;
+  pRet->readLock = -1;
+  pRet->mxWalSize = mxWalSize;
+  pRet->zWalName = zWalName;
+  pRet->syncHeader = 1;
+  pRet->padToSectorBoundary = 1;
+  pRet->exclusiveMode = (bNoShm ? WAL_HEAPMEMORY_MODE: WAL_NORMAL_MODE);
+
+  /* Open file handle on the write-ahead log file. */
+  flags = (SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_WAL);
+  rc = sqlite3OsOpen(pVfs, zWalName, pRet->pWalFd, flags, &flags);
+  if( rc==SQLITE_OK && flags&SQLITE_OPEN_READONLY ){
+    pRet->readOnly = WAL_RDONLY;
+  }
+
+  if( rc!=SQLITE_OK ){
+    walIndexClose(pRet, 0);
+    sqlite3OsClose(pRet->pWalFd);
+    sqlite3_free(pRet);
+  }else{
+    int iDC = sqlite3OsDeviceCharacteristics(pDbFd);
+    if( iDC & SQLITE_IOCAP_SEQUENTIAL ){ pRet->syncHeader = 0; }
+    if( iDC & SQLITE_IOCAP_POWERSAFE_OVERWRITE ){
+      pRet->padToSectorBoundary = 0;
+    }
+    *ppWal = pRet;
+    WALTRACE(("WAL%d: opened\n", pRet));
+  }
+  return rc;
+}
+
+/*
+** Change the size to which the WAL file is trucated on each reset.
+*/
+SQLITE_PRIVATE void sqlite3WalLimit(Wal *pWal, i64 iLimit){
+  if( pWal ) pWal->mxWalSize = iLimit;
+}
+
+/*
+** Find the smallest page number out of all pages held in the WAL that
+** has not been returned by any prior invocation of this method on the
+** same WalIterator object.   Write into *piFrame the frame index where
+** that page was last written into the WAL.  Write into *piPage the page
+** number.
+**
+** Return 0 on success.  If there are no pages in the WAL with a page
+** number larger than *piPage, then return 1.
+*/
+static int walIteratorNext(
+  WalIterator *p,               /* Iterator */
+  u32 *piPage,                  /* OUT: The page number of the next page */
+  u32 *piFrame                  /* OUT: Wal frame index of next page */
+){
+  u32 iMin;                     /* Result pgno must be greater than iMin */
+  u32 iRet = 0xFFFFFFFF;        /* 0xffffffff is never a valid page number */
+  int i;                        /* For looping through segments */
+
+  iMin = p->iPrior;
+  assert( iMin<0xffffffff );
+  for(i=p->nSegment-1; i>=0; i--){
+    struct WalSegment *pSegment = &p->aSegment[i];
+    while( pSegment->iNext<pSegment->nEntry ){
+      u32 iPg = pSegment->aPgno[pSegment->aIndex[pSegment->iNext]];
+      if( iPg>iMin ){
+        if( iPg<iRet ){
+          iRet = iPg;
+          *piFrame = pSegment->iZero + pSegment->aIndex[pSegment->iNext];
+        }
+        break;
+      }
+      pSegment->iNext++;
+    }
+  }
+
+  *piPage = p->iPrior = iRet;
+  return (iRet==0xFFFFFFFF);
+}
+
+/*
+** This function merges two sorted lists into a single sorted list.
+**
+** aLeft[] and aRight[] are arrays of indices.  The sort key is
+** aContent[aLeft[]] and aContent[aRight[]].  Upon entry, the following
+** is guaranteed for all J<K:
+**
+**        aContent[aLeft[J]] < aContent[aLeft[K]]
+**        aContent[aRight[J]] < aContent[aRight[K]]
+**
+** This routine overwrites aRight[] with a new (probably longer) sequence
+** of indices such that the aRight[] contains every index that appears in
+** either aLeft[] or the old aRight[] and such that the second condition
+** above is still met.
+**
+** The aContent[aLeft[X]] values will be unique for all X.  And the
+** aContent[aRight[X]] values will be unique too.  But there might be
+** one or more combinations of X and Y such that
+**
+**      aLeft[X]!=aRight[Y]  &&  aContent[aLeft[X]] == aContent[aRight[Y]]
+**
+** When that happens, omit the aLeft[X] and use the aRight[Y] index.
+*/
+static void walMerge(
+  const u32 *aContent,            /* Pages in wal - keys for the sort */
+  ht_slot *aLeft,                 /* IN: Left hand input list */
+  int nLeft,                      /* IN: Elements in array *paLeft */
+  ht_slot **paRight,              /* IN/OUT: Right hand input list */
+  int *pnRight,                   /* IN/OUT: Elements in *paRight */
+  ht_slot *aTmp                   /* Temporary buffer */
+){
+  int iLeft = 0;                  /* Current index in aLeft */
+  int iRight = 0;                 /* Current index in aRight */
+  int iOut = 0;                   /* Current index in output buffer */
+  int nRight = *pnRight;
+  ht_slot *aRight = *paRight;
+
+  assert( nLeft>0 && nRight>0 );
+  while( iRight<nRight || iLeft<nLeft ){
+    ht_slot logpage;
+    Pgno dbpage;
+
+    if( (iLeft<nLeft) 
+     && (iRight>=nRight || aContent[aLeft[iLeft]]<aContent[aRight[iRight]])
+    ){
+      logpage = aLeft[iLeft++];
+    }else{
+      logpage = aRight[iRight++];
+    }
+    dbpage = aContent[logpage];
+
+    aTmp[iOut++] = logpage;
+    if( iLeft<nLeft && aContent[aLeft[iLeft]]==dbpage ) iLeft++;
+
+    assert( iLeft>=nLeft || aContent[aLeft[iLeft]]>dbpage );
+    assert( iRight>=nRight || aContent[aRight[iRight]]>dbpage );
+  }
+
+  *paRight = aLeft;
+  *pnRight = iOut;
+  memcpy(aLeft, aTmp, sizeof(aTmp[0])*iOut);
+}
+
+/*
+** Sort the elements in list aList using aContent[] as the sort key.
+** Remove elements with duplicate keys, preferring to keep the
+** larger aList[] values.
+**
+** The aList[] entries are indices into aContent[].  The values in
+** aList[] are to be sorted so that for all J<K:
+**
+**      aContent[aList[J]] < aContent[aList[K]]
+**
+** For any X and Y such that
+**
+**      aContent[aList[X]] == aContent[aList[Y]]
+**
+** Keep the larger of the two values aList[X] and aList[Y] and discard
+** the smaller.
+*/
+static void walMergesort(
+  const u32 *aContent,            /* Pages in wal */
+  ht_slot *aBuffer,               /* Buffer of at least *pnList items to use */
+  ht_slot *aList,                 /* IN/OUT: List to sort */
+  int *pnList                     /* IN/OUT: Number of elements in aList[] */
+){
+  struct Sublist {
+    int nList;                    /* Number of elements in aList */
+    ht_slot *aList;               /* Pointer to sub-list content */
+  };
+
+  const int nList = *pnList;      /* Size of input list */
+  int nMerge = 0;                 /* Number of elements in list aMerge */
+  ht_slot *aMerge = 0;            /* List to be merged */
+  int iList;                      /* Index into input list */
+  u32 iSub = 0;                   /* Index into aSub array */
+  struct Sublist aSub[13];        /* Array of sub-lists */
+
+  memset(aSub, 0, sizeof(aSub));
+  assert( nList<=HASHTABLE_NPAGE && nList>0 );
+  assert( HASHTABLE_NPAGE==(1<<(ArraySize(aSub)-1)) );
+
+  for(iList=0; iList<nList; iList++){
+    nMerge = 1;
+    aMerge = &aList[iList];
+    for(iSub=0; iList & (1<<iSub); iSub++){
+      struct Sublist *p;
+      assert( iSub<ArraySize(aSub) );
+      p = &aSub[iSub];
+      assert( p->aList && p->nList<=(1<<iSub) );
+      assert( p->aList==&aList[iList&~((2<<iSub)-1)] );
+      walMerge(aContent, p->aList, p->nList, &aMerge, &nMerge, aBuffer);
+    }
+    aSub[iSub].aList = aMerge;
+    aSub[iSub].nList = nMerge;
+  }
+
+  for(iSub++; iSub<ArraySize(aSub); iSub++){
+    if( nList & (1<<iSub) ){
+      struct Sublist *p;
+      assert( iSub<ArraySize(aSub) );
+      p = &aSub[iSub];
+      assert( p->nList<=(1<<iSub) );
+      assert( p->aList==&aList[nList&~((2<<iSub)-1)] );
+      walMerge(aContent, p->aList, p->nList, &aMerge, &nMerge, aBuffer);
+    }
+  }
+  assert( aMerge==aList );
+  *pnList = nMerge;
+
+#ifdef SQLITE_DEBUG
+  {
+    int i;
+    for(i=1; i<*pnList; i++){
+      assert( aContent[aList[i]] > aContent[aList[i-1]] );
+    }
+  }
+#endif
+}
+
+/* 
+** Free an iterator allocated by walIteratorInit().
+*/
+static void walIteratorFree(WalIterator *p){
+  sqlite3_free(p);
+}
+
+/*
+** Construct a WalInterator object that can be used to loop over all 
+** pages in the WAL in ascending order. The caller must hold the checkpoint
+** lock.
+**
+** On success, make *pp point to the newly allocated WalInterator object
+** return SQLITE_OK. Otherwise, return an error code. If this routine
+** returns an error, the value of *pp is undefined.
+**
+** The calling routine should invoke walIteratorFree() to destroy the
+** WalIterator object when it has finished with it.
+*/
+static int walIteratorInit(Wal *pWal, WalIterator **pp){
+  WalIterator *p;                 /* Return value */
+  int nSegment;                   /* Number of segments to merge */
+  u32 iLast;                      /* Last frame in log */
+  int nByte;                      /* Number of bytes to allocate */
+  int i;                          /* Iterator variable */
+  ht_slot *aTmp;                  /* Temp space used by merge-sort */
+  int rc = SQLITE_OK;             /* Return Code */
+
+  /* This routine only runs while holding the checkpoint lock. And
+  ** it only runs if there is actually content in the log (mxFrame>0).
+  */
+  assert( pWal->ckptLock && pWal->hdr.mxFrame>0 );
+  iLast = pWal->hdr.mxFrame;
+
+  /* Allocate space for the WalIterator object. */
+  nSegment = walFramePage(iLast) + 1;
+  nByte = sizeof(WalIterator) 
+        + (nSegment-1)*sizeof(struct WalSegment)
+        + iLast*sizeof(ht_slot);
+  p = (WalIterator *)sqlite3_malloc64(nByte);
+  if( !p ){
+    return SQLITE_NOMEM;
+  }
+  memset(p, 0, nByte);
+  p->nSegment = nSegment;
+
+  /* Allocate temporary space used by the merge-sort routine. This block
+  ** of memory will be freed before this function returns.
+  */
+  aTmp = (ht_slot *)sqlite3_malloc64(
+      sizeof(ht_slot) * (iLast>HASHTABLE_NPAGE?HASHTABLE_NPAGE:iLast)
+  );
+  if( !aTmp ){
+    rc = SQLITE_NOMEM;
+  }
+
+  for(i=0; rc==SQLITE_OK && i<nSegment; i++){
+    volatile ht_slot *aHash;
+    u32 iZero;
+    volatile u32 *aPgno;
+
+    rc = walHashGet(pWal, i, &aHash, &aPgno, &iZero);
+    if( rc==SQLITE_OK ){
+      int j;                      /* Counter variable */
+      int nEntry;                 /* Number of entries in this segment */
+      ht_slot *aIndex;            /* Sorted index for this segment */
+
+      aPgno++;
+      if( (i+1)==nSegment ){
+        nEntry = (int)(iLast - iZero);
+      }else{
+        nEntry = (int)((u32*)aHash - (u32*)aPgno);
+      }
+      aIndex = &((ht_slot *)&p->aSegment[p->nSegment])[iZero];
+      iZero++;
+  
+      for(j=0; j<nEntry; j++){
+        aIndex[j] = (ht_slot)j;
+      }
+      walMergesort((u32 *)aPgno, aTmp, aIndex, &nEntry);
+      p->aSegment[i].iZero = iZero;
+      p->aSegment[i].nEntry = nEntry;
+      p->aSegment[i].aIndex = aIndex;
+      p->aSegment[i].aPgno = (u32 *)aPgno;
+    }
+  }
+  sqlite3_free(aTmp);
+
+  if( rc!=SQLITE_OK ){
+    walIteratorFree(p);
+  }
+  *pp = p;
+  return rc;
+}
+
+/*
+** Attempt to obtain the exclusive WAL lock defined by parameters lockIdx and
+** n. If the attempt fails and parameter xBusy is not NULL, then it is a
+** busy-handler function. Invoke it and retry the lock until either the
+** lock is successfully obtained or the busy-handler returns 0.
+*/
+static int walBusyLock(
+  Wal *pWal,                      /* WAL connection */
+  int (*xBusy)(void*),            /* Function to call when busy */
+  void *pBusyArg,                 /* Context argument for xBusyHandler */
+  int lockIdx,                    /* Offset of first byte to lock */
+  int n                           /* Number of bytes to lock */
+){
+  int rc;
+  do {
+    rc = walLockExclusive(pWal, lockIdx, n);
+  }while( xBusy && rc==SQLITE_BUSY && xBusy(pBusyArg) );
+  return rc;
+}
+
+/*
+** The cache of the wal-index header must be valid to call this function.
+** Return the page-size in bytes used by the database.
+*/
+static int walPagesize(Wal *pWal){
+  return (pWal->hdr.szPage&0xfe00) + ((pWal->hdr.szPage&0x0001)<<16);
+}
+
+/*
+** The following is guaranteed when this function is called:
+**
+**   a) the WRITER lock is held,
+**   b) the entire log file has been checkpointed, and
+**   c) any existing readers are reading exclusively from the database
+**      file - there are no readers that may attempt to read a frame from
+**      the log file.
+**
+** This function updates the shared-memory structures so that the next
+** client to write to the database (which may be this one) does so by
+** writing frames into the start of the log file.
+**
+** The value of parameter salt1 is used as the aSalt[1] value in the 
+** new wal-index header. It should be passed a pseudo-random value (i.e. 
+** one obtained from sqlite3_randomness()).
+*/
+static void walRestartHdr(Wal *pWal, u32 salt1){
+  volatile WalCkptInfo *pInfo = walCkptInfo(pWal);
+  int i;                          /* Loop counter */
+  u32 *aSalt = pWal->hdr.aSalt;   /* Big-endian salt values */
+  pWal->nCkpt++;
+  pWal->hdr.mxFrame = 0;
+  sqlite3Put4byte((u8*)&aSalt[0], 1 + sqlite3Get4byte((u8*)&aSalt[0]));
+  memcpy(&pWal->hdr.aSalt[1], &salt1, 4);
+  walIndexWriteHdr(pWal);
+  pInfo->nBackfill = 0;
+  pInfo->nBackfillAttempted = 0;
+  pInfo->aReadMark[1] = 0;
+  for(i=2; i<WAL_NREADER; i++) pInfo->aReadMark[i] = READMARK_NOT_USED;
+  assert( pInfo->aReadMark[0]==0 );
+}
+
+/*
+** Copy as much content as we can from the WAL back into the database file
+** in response to an sqlite3_wal_checkpoint() request or the equivalent.
+**
+** The amount of information copies from WAL to database might be limited
+** by active readers.  This routine will never overwrite a database page
+** that a concurrent reader might be using.
+**
+** All I/O barrier operations (a.k.a fsyncs) occur in this routine when
+** SQLite is in WAL-mode in synchronous=NORMAL.  That means that if 
+** checkpoints are always run by a background thread or background 
+** process, foreground threads will never block on a lengthy fsync call.
+**
+** Fsync is called on the WAL before writing content out of the WAL and
+** into the database.  This ensures that if the new content is persistent
+** in the WAL and can be recovered following a power-loss or hard reset.
+**
+** Fsync is also called on the database file if (and only if) the entire
+** WAL content is copied into the database file.  This second fsync makes
+** it safe to delete the WAL since the new content will persist in the
+** database file.
+**
+** This routine uses and updates the nBackfill field of the wal-index header.
+** This is the only routine that will increase the value of nBackfill.  
+** (A WAL reset or recovery will revert nBackfill to zero, but not increase
+** its value.)
+**
+** The caller must be holding sufficient locks to ensure that no other
+** checkpoint is running (in any other thread or process) at the same
+** time.
+*/
+static int walCheckpoint(
+  Wal *pWal,                      /* Wal connection */
+  int eMode,                      /* One of PASSIVE, FULL or RESTART */
+  int (*xBusy)(void*),            /* Function to call when busy */
+  void *pBusyArg,                 /* Context argument for xBusyHandler */
+  int sync_flags,                 /* Flags for OsSync() (or 0) */
+  u8 *zBuf                        /* Temporary buffer to use */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  int szPage;                     /* Database page-size */
+  WalIterator *pIter = 0;         /* Wal iterator context */
+  u32 iDbpage = 0;                /* Next database page to write */
+  u32 iFrame = 0;                 /* Wal frame containing data for iDbpage */
+  u32 mxSafeFrame;                /* Max frame that can be backfilled */
+  u32 mxPage;                     /* Max database page to write */
+  int i;                          /* Loop counter */
+  volatile WalCkptInfo *pInfo;    /* The checkpoint status information */
+
+  szPage = walPagesize(pWal);
+  testcase( szPage<=32768 );
+  testcase( szPage>=65536 );
+  pInfo = walCkptInfo(pWal);
+  if( pInfo->nBackfill<pWal->hdr.mxFrame ){
+
+    /* Allocate the iterator */
+    rc = walIteratorInit(pWal, &pIter);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    assert( pIter );
+
+    /* EVIDENCE-OF: R-62920-47450 The busy-handler callback is never invoked
+    ** in the SQLITE_CHECKPOINT_PASSIVE mode. */
+    assert( eMode!=SQLITE_CHECKPOINT_PASSIVE || xBusy==0 );
+
+    /* Compute in mxSafeFrame the index of the last frame of the WAL that is
+    ** safe to write into the database.  Frames beyond mxSafeFrame might
+    ** overwrite database pages that are in use by active readers and thus
+    ** cannot be backfilled from the WAL.
+    */
+    mxSafeFrame = pWal->hdr.mxFrame;
+    mxPage = pWal->hdr.nPage;
+    for(i=1; i<WAL_NREADER; i++){
+      /* Thread-sanitizer reports that the following is an unsafe read,
+      ** as some other thread may be in the process of updating the value
+      ** of the aReadMark[] slot. The assumption here is that if that is
+      ** happening, the other client may only be increasing the value,
+      ** not decreasing it. So assuming either that either the "old" or
+      ** "new" version of the value is read, and not some arbitrary value
+      ** that would never be written by a real client, things are still 
+      ** safe.  */
+      u32 y = pInfo->aReadMark[i];
+      if( mxSafeFrame>y ){
+        assert( y<=pWal->hdr.mxFrame );
+        rc = walBusyLock(pWal, xBusy, pBusyArg, WAL_READ_LOCK(i), 1);
+        if( rc==SQLITE_OK ){
+          pInfo->aReadMark[i] = (i==1 ? mxSafeFrame : READMARK_NOT_USED);
+          walUnlockExclusive(pWal, WAL_READ_LOCK(i), 1);
+        }else if( rc==SQLITE_BUSY ){
+          mxSafeFrame = y;
+          xBusy = 0;
+        }else{
+          goto walcheckpoint_out;
+        }
+      }
+    }
+
+    if( pInfo->nBackfill<mxSafeFrame
+     && (rc = walBusyLock(pWal, xBusy, pBusyArg, WAL_READ_LOCK(0),1))==SQLITE_OK
+    ){
+      i64 nSize;                    /* Current size of database file */
+      u32 nBackfill = pInfo->nBackfill;
+
+      pInfo->nBackfillAttempted = mxSafeFrame;
+
+      /* Sync the WAL to disk */
+      if( sync_flags ){
+        rc = sqlite3OsSync(pWal->pWalFd, sync_flags);
+      }
+
+      /* If the database may grow as a result of this checkpoint, hint
+      ** about the eventual size of the db file to the VFS layer.
+      */
+      if( rc==SQLITE_OK ){
+        i64 nReq = ((i64)mxPage * szPage);
+        rc = sqlite3OsFileSize(pWal->pDbFd, &nSize);
+        if( rc==SQLITE_OK && nSize<nReq ){
+          sqlite3OsFileControlHint(pWal->pDbFd, SQLITE_FCNTL_SIZE_HINT, &nReq);
+        }
+      }
+
+
+      /* Iterate through the contents of the WAL, copying data to the db file */
+      while( rc==SQLITE_OK && 0==walIteratorNext(pIter, &iDbpage, &iFrame) ){
+        i64 iOffset;
+        assert( walFramePgno(pWal, iFrame)==iDbpage );
+        if( iFrame<=nBackfill || iFrame>mxSafeFrame || iDbpage>mxPage ){
+          continue;
+        }
+        iOffset = walFrameOffset(iFrame, szPage) + WAL_FRAME_HDRSIZE;
+        /* testcase( IS_BIG_INT(iOffset) ); // requires a 4GiB WAL file */
+        rc = sqlite3OsRead(pWal->pWalFd, zBuf, szPage, iOffset);
+        if( rc!=SQLITE_OK ) break;
+        iOffset = (iDbpage-1)*(i64)szPage;
+        testcase( IS_BIG_INT(iOffset) );
+        rc = sqlite3OsWrite(pWal->pDbFd, zBuf, szPage, iOffset);
+        if( rc!=SQLITE_OK ) break;
+      }
+
+      /* If work was actually accomplished... */
+      if( rc==SQLITE_OK ){
+        if( mxSafeFrame==walIndexHdr(pWal)->mxFrame ){
+          i64 szDb = pWal->hdr.nPage*(i64)szPage;
+          testcase( IS_BIG_INT(szDb) );
+          rc = sqlite3OsTruncate(pWal->pDbFd, szDb);
+          if( rc==SQLITE_OK && sync_flags ){
+            rc = sqlite3OsSync(pWal->pDbFd, sync_flags);
+          }
+        }
+        if( rc==SQLITE_OK ){
+          pInfo->nBackfill = mxSafeFrame;
+        }
+      }
+
+      /* Release the reader lock held while backfilling */
+      walUnlockExclusive(pWal, WAL_READ_LOCK(0), 1);
+    }
+
+    if( rc==SQLITE_BUSY ){
+      /* Reset the return code so as not to report a checkpoint failure
+      ** just because there are active readers.  */
+      rc = SQLITE_OK;
+    }
+  }
+
+  /* If this is an SQLITE_CHECKPOINT_RESTART or TRUNCATE operation, and the
+  ** entire wal file has been copied into the database file, then block 
+  ** until all readers have finished using the wal file. This ensures that 
+  ** the next process to write to the database restarts the wal file.
+  */
+  if( rc==SQLITE_OK && eMode!=SQLITE_CHECKPOINT_PASSIVE ){
+    assert( pWal->writeLock );
+    if( pInfo->nBackfill<pWal->hdr.mxFrame ){
+      rc = SQLITE_BUSY;
+    }else if( eMode>=SQLITE_CHECKPOINT_RESTART ){
+      u32 salt1;
+      sqlite3_randomness(4, &salt1);
+      assert( pInfo->nBackfill==pWal->hdr.mxFrame );
+      rc = walBusyLock(pWal, xBusy, pBusyArg, WAL_READ_LOCK(1), WAL_NREADER-1);
+      if( rc==SQLITE_OK ){
+        if( eMode==SQLITE_CHECKPOINT_TRUNCATE ){
+          /* IMPLEMENTATION-OF: R-44699-57140 This mode works the same way as
+          ** SQLITE_CHECKPOINT_RESTART with the addition that it also
+          ** truncates the log file to zero bytes just prior to a
+          ** successful return.
+          **
+          ** In theory, it might be safe to do this without updating the
+          ** wal-index header in shared memory, as all subsequent reader or
+          ** writer clients should see that the entire log file has been
+          ** checkpointed and behave accordingly. This seems unsafe though,
+          ** as it would leave the system in a state where the contents of
+          ** the wal-index header do not match the contents of the 
+          ** file-system. To avoid this, update the wal-index header to
+          ** indicate that the log file contains zero valid frames.  */
+          walRestartHdr(pWal, salt1);
+          rc = sqlite3OsTruncate(pWal->pWalFd, 0);
+        }
+        walUnlockExclusive(pWal, WAL_READ_LOCK(1), WAL_NREADER-1);
+      }
+    }
+  }
+
+ walcheckpoint_out:
+  walIteratorFree(pIter);
+  return rc;
+}
+
+/*
+** If the WAL file is currently larger than nMax bytes in size, truncate
+** it to exactly nMax bytes. If an error occurs while doing so, ignore it.
+*/
+static void walLimitSize(Wal *pWal, i64 nMax){
+  i64 sz;
+  int rx;
+  sqlite3BeginBenignMalloc();
+  rx = sqlite3OsFileSize(pWal->pWalFd, &sz);
+  if( rx==SQLITE_OK && (sz > nMax ) ){
+    rx = sqlite3OsTruncate(pWal->pWalFd, nMax);
+  }
+  sqlite3EndBenignMalloc();
+  if( rx ){
+    sqlite3_log(rx, "cannot limit WAL size: %s", pWal->zWalName);
+  }
+}
+
+/*
+** Close a connection to a log file.
+*/
+SQLITE_PRIVATE int sqlite3WalClose(
+  Wal *pWal,                      /* Wal to close */
+  int sync_flags,                 /* Flags to pass to OsSync() (or 0) */
+  int nBuf,
+  u8 *zBuf                        /* Buffer of at least nBuf bytes */
+){
+  int rc = SQLITE_OK;
+  if( pWal ){
+    int isDelete = 0;             /* True to unlink wal and wal-index files */
+
+    /* If an EXCLUSIVE lock can be obtained on the database file (using the
+    ** ordinary, rollback-mode locking methods, this guarantees that the
+    ** connection associated with this log file is the only connection to
+    ** the database. In this case checkpoint the database and unlink both
+    ** the wal and wal-index files.
+    **
+    ** The EXCLUSIVE lock is not released before returning.
+    */
+    rc = sqlite3OsLock(pWal->pDbFd, SQLITE_LOCK_EXCLUSIVE);
+    if( rc==SQLITE_OK ){
+      if( pWal->exclusiveMode==WAL_NORMAL_MODE ){
+        pWal->exclusiveMode = WAL_EXCLUSIVE_MODE;
+      }
+      rc = sqlite3WalCheckpoint(
+          pWal, SQLITE_CHECKPOINT_PASSIVE, 0, 0, sync_flags, nBuf, zBuf, 0, 0
+      );
+      if( rc==SQLITE_OK ){
+        int bPersist = -1;
+        sqlite3OsFileControlHint(
+            pWal->pDbFd, SQLITE_FCNTL_PERSIST_WAL, &bPersist
+        );
+        if( bPersist!=1 ){
+          /* Try to delete the WAL file if the checkpoint completed and
+          ** fsyned (rc==SQLITE_OK) and if we are not in persistent-wal
+          ** mode (!bPersist) */
+          isDelete = 1;
+        }else if( pWal->mxWalSize>=0 ){
+          /* Try to truncate the WAL file to zero bytes if the checkpoint
+          ** completed and fsynced (rc==SQLITE_OK) and we are in persistent
+          ** WAL mode (bPersist) and if the PRAGMA journal_size_limit is a
+          ** non-negative value (pWal->mxWalSize>=0).  Note that we truncate
+          ** to zero bytes as truncating to the journal_size_limit might
+          ** leave a corrupt WAL file on disk. */
+          walLimitSize(pWal, 0);
+        }
+      }
+    }
+
+    walIndexClose(pWal, isDelete);
+    sqlite3OsClose(pWal->pWalFd);
+    if( isDelete ){
+      sqlite3BeginBenignMalloc();
+      sqlite3OsDelete(pWal->pVfs, pWal->zWalName, 0);
+      sqlite3EndBenignMalloc();
+    }
+    WALTRACE(("WAL%p: closed\n", pWal));
+    sqlite3_free((void *)pWal->apWiData);
+    sqlite3_free(pWal);
+  }
+  return rc;
+}
+
+/*
+** Try to read the wal-index header.  Return 0 on success and 1 if
+** there is a problem.
+**
+** The wal-index is in shared memory.  Another thread or process might
+** be writing the header at the same time this procedure is trying to
+** read it, which might result in inconsistency.  A dirty read is detected
+** by verifying that both copies of the header are the same and also by
+** a checksum on the header.
+**
+** If and only if the read is consistent and the header is different from
+** pWal->hdr, then pWal->hdr is updated to the content of the new header
+** and *pChanged is set to 1.
+**
+** If the checksum cannot be verified return non-zero. If the header
+** is read successfully and the checksum verified, return zero.
+*/
+static int walIndexTryHdr(Wal *pWal, int *pChanged){
+  u32 aCksum[2];                  /* Checksum on the header content */
+  WalIndexHdr h1, h2;             /* Two copies of the header content */
+  WalIndexHdr volatile *aHdr;     /* Header in shared memory */
+
+  /* The first page of the wal-index must be mapped at this point. */
+  assert( pWal->nWiData>0 && pWal->apWiData[0] );
+
+  /* Read the header. This might happen concurrently with a write to the
+  ** same area of shared memory on a different CPU in a SMP,
+  ** meaning it is possible that an inconsistent snapshot is read
+  ** from the file. If this happens, return non-zero.
+  **
+  ** There are two copies of the header at the beginning of the wal-index.
+  ** When reading, read [0] first then [1].  Writes are in the reverse order.
+  ** Memory barriers are used to prevent the compiler or the hardware from
+  ** reordering the reads and writes.
+  */
+  aHdr = walIndexHdr(pWal);
+  memcpy(&h1, (void *)&aHdr[0], sizeof(h1));
+  walShmBarrier(pWal);
+  memcpy(&h2, (void *)&aHdr[1], sizeof(h2));
+
+  if( memcmp(&h1, &h2, sizeof(h1))!=0 ){
+    return 1;   /* Dirty read */
+  }  
+  if( h1.isInit==0 ){
+    return 1;   /* Malformed header - probably all zeros */
+  }
+  walChecksumBytes(1, (u8*)&h1, sizeof(h1)-sizeof(h1.aCksum), 0, aCksum);
+  if( aCksum[0]!=h1.aCksum[0] || aCksum[1]!=h1.aCksum[1] ){
+    return 1;   /* Checksum does not match */
+  }
+
+  if( memcmp(&pWal->hdr, &h1, sizeof(WalIndexHdr)) ){
+    *pChanged = 1;
+    memcpy(&pWal->hdr, &h1, sizeof(WalIndexHdr));
+    pWal->szPage = (pWal->hdr.szPage&0xfe00) + ((pWal->hdr.szPage&0x0001)<<16);
+    testcase( pWal->szPage<=32768 );
+    testcase( pWal->szPage>=65536 );
+  }
+
+  /* The header was successfully read. Return zero. */
+  return 0;
+}
+
+/*
+** Read the wal-index header from the wal-index and into pWal->hdr.
+** If the wal-header appears to be corrupt, try to reconstruct the
+** wal-index from the WAL before returning.
+**
+** Set *pChanged to 1 if the wal-index header value in pWal->hdr is
+** changed by this operation.  If pWal->hdr is unchanged, set *pChanged
+** to 0.
+**
+** If the wal-index header is successfully read, return SQLITE_OK. 
+** Otherwise an SQLite error code.
+*/
+static int walIndexReadHdr(Wal *pWal, int *pChanged){
+  int rc;                         /* Return code */
+  int badHdr;                     /* True if a header read failed */
+  volatile u32 *page0;            /* Chunk of wal-index containing header */
+
+  /* Ensure that page 0 of the wal-index (the page that contains the 
+  ** wal-index header) is mapped. Return early if an error occurs here.
+  */
+  assert( pChanged );
+  rc = walIndexPage(pWal, 0, &page0);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  };
+  assert( page0 || pWal->writeLock==0 );
+
+  /* If the first page of the wal-index has been mapped, try to read the
+  ** wal-index header immediately, without holding any lock. This usually
+  ** works, but may fail if the wal-index header is corrupt or currently 
+  ** being modified by another thread or process.
+  */
+  badHdr = (page0 ? walIndexTryHdr(pWal, pChanged) : 1);
+
+  /* If the first attempt failed, it might have been due to a race
+  ** with a writer.  So get a WRITE lock and try again.
+  */
+  assert( badHdr==0 || pWal->writeLock==0 );
+  if( badHdr ){
+    if( pWal->readOnly & WAL_SHM_RDONLY ){
+      if( SQLITE_OK==(rc = walLockShared(pWal, WAL_WRITE_LOCK)) ){
+        walUnlockShared(pWal, WAL_WRITE_LOCK);
+        rc = SQLITE_READONLY_RECOVERY;
+      }
+    }else if( SQLITE_OK==(rc = walLockExclusive(pWal, WAL_WRITE_LOCK, 1)) ){
+      pWal->writeLock = 1;
+      if( SQLITE_OK==(rc = walIndexPage(pWal, 0, &page0)) ){
+        badHdr = walIndexTryHdr(pWal, pChanged);
+        if( badHdr ){
+          /* If the wal-index header is still malformed even while holding
+          ** a WRITE lock, it can only mean that the header is corrupted and
+          ** needs to be reconstructed.  So run recovery to do exactly that.
+          */
+          rc = walIndexRecover(pWal);
+          *pChanged = 1;
+        }
+      }
+      pWal->writeLock = 0;
+      walUnlockExclusive(pWal, WAL_WRITE_LOCK, 1);
+    }
+  }
+
+  /* If the header is read successfully, check the version number to make
+  ** sure the wal-index was not constructed with some future format that
+  ** this version of SQLite cannot understand.
+  */
+  if( badHdr==0 && pWal->hdr.iVersion!=WALINDEX_MAX_VERSION ){
+    rc = SQLITE_CANTOPEN_BKPT;
+  }
+
+  return rc;
+}
+
+/*
+** This is the value that walTryBeginRead returns when it needs to
+** be retried.
+*/
+#define WAL_RETRY  (-1)
+
+/*
+** Attempt to start a read transaction.  This might fail due to a race or
+** other transient condition.  When that happens, it returns WAL_RETRY to
+** indicate to the caller that it is safe to retry immediately.
+**
+** On success return SQLITE_OK.  On a permanent failure (such an
+** I/O error or an SQLITE_BUSY because another process is running
+** recovery) return a positive error code.
+**
+** The useWal parameter is true to force the use of the WAL and disable
+** the case where the WAL is bypassed because it has been completely
+** checkpointed.  If useWal==0 then this routine calls walIndexReadHdr() 
+** to make a copy of the wal-index header into pWal->hdr.  If the 
+** wal-index header has changed, *pChanged is set to 1 (as an indication 
+** to the caller that the local paget cache is obsolete and needs to be 
+** flushed.)  When useWal==1, the wal-index header is assumed to already
+** be loaded and the pChanged parameter is unused.
+**
+** The caller must set the cnt parameter to the number of prior calls to
+** this routine during the current read attempt that returned WAL_RETRY.
+** This routine will start taking more aggressive measures to clear the
+** race conditions after multiple WAL_RETRY returns, and after an excessive
+** number of errors will ultimately return SQLITE_PROTOCOL.  The
+** SQLITE_PROTOCOL return indicates that some other process has gone rogue
+** and is not honoring the locking protocol.  There is a vanishingly small
+** chance that SQLITE_PROTOCOL could be returned because of a run of really
+** bad luck when there is lots of contention for the wal-index, but that
+** possibility is so small that it can be safely neglected, we believe.
+**
+** On success, this routine obtains a read lock on 
+** WAL_READ_LOCK(pWal->readLock).  The pWal->readLock integer is
+** in the range 0 <= pWal->readLock < WAL_NREADER.  If pWal->readLock==(-1)
+** that means the Wal does not hold any read lock.  The reader must not
+** access any database page that is modified by a WAL frame up to and
+** including frame number aReadMark[pWal->readLock].  The reader will
+** use WAL frames up to and including pWal->hdr.mxFrame if pWal->readLock>0
+** Or if pWal->readLock==0, then the reader will ignore the WAL
+** completely and get all content directly from the database file.
+** If the useWal parameter is 1 then the WAL will never be ignored and
+** this routine will always set pWal->readLock>0 on success.
+** When the read transaction is completed, the caller must release the
+** lock on WAL_READ_LOCK(pWal->readLock) and set pWal->readLock to -1.
+**
+** This routine uses the nBackfill and aReadMark[] fields of the header
+** to select a particular WAL_READ_LOCK() that strives to let the
+** checkpoint process do as much work as possible.  This routine might
+** update values of the aReadMark[] array in the header, but if it does
+** so it takes care to hold an exclusive lock on the corresponding
+** WAL_READ_LOCK() while changing values.
+*/
+static int walTryBeginRead(Wal *pWal, int *pChanged, int useWal, int cnt){
+  volatile WalCkptInfo *pInfo;    /* Checkpoint information in wal-index */
+  u32 mxReadMark;                 /* Largest aReadMark[] value */
+  int mxI;                        /* Index of largest aReadMark[] value */
+  int i;                          /* Loop counter */
+  int rc = SQLITE_OK;             /* Return code  */
+  u32 mxFrame;                    /* Wal frame to lock to */
+
+  assert( pWal->readLock<0 );     /* Not currently locked */
+
+  /* Take steps to avoid spinning forever if there is a protocol error.
+  **
+  ** Circumstances that cause a RETRY should only last for the briefest
+  ** instances of time.  No I/O or other system calls are done while the
+  ** locks are held, so the locks should not be held for very long. But 
+  ** if we are unlucky, another process that is holding a lock might get
+  ** paged out or take a page-fault that is time-consuming to resolve, 
+  ** during the few nanoseconds that it is holding the lock.  In that case,
+  ** it might take longer than normal for the lock to free.
+  **
+  ** After 5 RETRYs, we begin calling sqlite3OsSleep().  The first few
+  ** calls to sqlite3OsSleep() have a delay of 1 microsecond.  Really this
+  ** is more of a scheduler yield than an actual delay.  But on the 10th
+  ** an subsequent retries, the delays start becoming longer and longer, 
+  ** so that on the 100th (and last) RETRY we delay for 323 milliseconds.
+  ** The total delay time before giving up is less than 10 seconds.
+  */
+  if( cnt>5 ){
+    int nDelay = 1;                      /* Pause time in microseconds */
+    if( cnt>100 ){
+      VVA_ONLY( pWal->lockError = 1; )
+      return SQLITE_PROTOCOL;
+    }
+    if( cnt>=10 ) nDelay = (cnt-9)*(cnt-9)*39;
+    sqlite3OsSleep(pWal->pVfs, nDelay);
+  }
+
+  if( !useWal ){
+    rc = walIndexReadHdr(pWal, pChanged);
+    if( rc==SQLITE_BUSY ){
+      /* If there is not a recovery running in another thread or process
+      ** then convert BUSY errors to WAL_RETRY.  If recovery is known to
+      ** be running, convert BUSY to BUSY_RECOVERY.  There is a race here
+      ** which might cause WAL_RETRY to be returned even if BUSY_RECOVERY
+      ** would be technically correct.  But the race is benign since with
+      ** WAL_RETRY this routine will be called again and will probably be
+      ** right on the second iteration.
+      */
+      if( pWal->apWiData[0]==0 ){
+        /* This branch is taken when the xShmMap() method returns SQLITE_BUSY.
+        ** We assume this is a transient condition, so return WAL_RETRY. The
+        ** xShmMap() implementation used by the default unix and win32 VFS 
+        ** modules may return SQLITE_BUSY due to a race condition in the 
+        ** code that determines whether or not the shared-memory region 
+        ** must be zeroed before the requested page is returned.
+        */
+        rc = WAL_RETRY;
+      }else if( SQLITE_OK==(rc = walLockShared(pWal, WAL_RECOVER_LOCK)) ){
+        walUnlockShared(pWal, WAL_RECOVER_LOCK);
+        rc = WAL_RETRY;
+      }else if( rc==SQLITE_BUSY ){
+        rc = SQLITE_BUSY_RECOVERY;
+      }
+    }
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+  }
+
+  pInfo = walCkptInfo(pWal);
+  if( !useWal && pInfo->nBackfill==pWal->hdr.mxFrame 
+#ifdef SQLITE_ENABLE_SNAPSHOT
+   && (pWal->pSnapshot==0 || pWal->hdr.mxFrame==0
+     || 0==memcmp(&pWal->hdr, pWal->pSnapshot, sizeof(WalIndexHdr)))
+#endif
+  ){
+    /* The WAL has been completely backfilled (or it is empty).
+    ** and can be safely ignored.
+    */
+    rc = walLockShared(pWal, WAL_READ_LOCK(0));
+    walShmBarrier(pWal);
+    if( rc==SQLITE_OK ){
+      if( memcmp((void *)walIndexHdr(pWal), &pWal->hdr, sizeof(WalIndexHdr)) ){
+        /* It is not safe to allow the reader to continue here if frames
+        ** may have been appended to the log before READ_LOCK(0) was obtained.
+        ** When holding READ_LOCK(0), the reader ignores the entire log file,
+        ** which implies that the database file contains a trustworthy
+        ** snapshot. Since holding READ_LOCK(0) prevents a checkpoint from
+        ** happening, this is usually correct.
+        **
+        ** However, if frames have been appended to the log (or if the log 
+        ** is wrapped and written for that matter) before the READ_LOCK(0)
+        ** is obtained, that is not necessarily true. A checkpointer may
+        ** have started to backfill the appended frames but crashed before
+        ** it finished. Leaving a corrupt image in the database file.
+        */
+        walUnlockShared(pWal, WAL_READ_LOCK(0));
+        return WAL_RETRY;
+      }
+      pWal->readLock = 0;
+      return SQLITE_OK;
+    }else if( rc!=SQLITE_BUSY ){
+      return rc;
+    }
+  }
+
+  /* If we get this far, it means that the reader will want to use
+  ** the WAL to get at content from recent commits.  The job now is
+  ** to select one of the aReadMark[] entries that is closest to
+  ** but not exceeding pWal->hdr.mxFrame and lock that entry.
+  */
+  mxReadMark = 0;
+  mxI = 0;
+  mxFrame = pWal->hdr.mxFrame;
+#ifdef SQLITE_ENABLE_SNAPSHOT
+  if( pWal->pSnapshot && pWal->pSnapshot->mxFrame<mxFrame ){
+    mxFrame = pWal->pSnapshot->mxFrame;
+  }
+#endif
+  for(i=1; i<WAL_NREADER; i++){
+    u32 thisMark = pInfo->aReadMark[i];
+    if( mxReadMark<=thisMark && thisMark<=mxFrame ){
+      assert( thisMark!=READMARK_NOT_USED );
+      mxReadMark = thisMark;
+      mxI = i;
+    }
+  }
+  if( (pWal->readOnly & WAL_SHM_RDONLY)==0
+   && (mxReadMark<mxFrame || mxI==0)
+  ){
+    for(i=1; i<WAL_NREADER; i++){
+      rc = walLockExclusive(pWal, WAL_READ_LOCK(i), 1);
+      if( rc==SQLITE_OK ){
+        mxReadMark = pInfo->aReadMark[i] = mxFrame;
+        mxI = i;
+        walUnlockExclusive(pWal, WAL_READ_LOCK(i), 1);
+        break;
+      }else if( rc!=SQLITE_BUSY ){
+        return rc;
+      }
+    }
+  }
+  if( mxI==0 ){
+    assert( rc==SQLITE_BUSY || (pWal->readOnly & WAL_SHM_RDONLY)!=0 );
+    return rc==SQLITE_BUSY ? WAL_RETRY : SQLITE_READONLY_CANTLOCK;
+  }
+
+  rc = walLockShared(pWal, WAL_READ_LOCK(mxI));
+  if( rc ){
+    return rc==SQLITE_BUSY ? WAL_RETRY : rc;
+  }
+  /* Now that the read-lock has been obtained, check that neither the
+  ** value in the aReadMark[] array or the contents of the wal-index
+  ** header have changed.
+  **
+  ** It is necessary to check that the wal-index header did not change
+  ** between the time it was read and when the shared-lock was obtained
+  ** on WAL_READ_LOCK(mxI) was obtained to account for the possibility
+  ** that the log file may have been wrapped by a writer, or that frames
+  ** that occur later in the log than pWal->hdr.mxFrame may have been
+  ** copied into the database by a checkpointer. If either of these things
+  ** happened, then reading the database with the current value of
+  ** pWal->hdr.mxFrame risks reading a corrupted snapshot. So, retry
+  ** instead.
+  **
+  ** Before checking that the live wal-index header has not changed
+  ** since it was read, set Wal.minFrame to the first frame in the wal
+  ** file that has not yet been checkpointed. This client will not need
+  ** to read any frames earlier than minFrame from the wal file - they
+  ** can be safely read directly from the database file.
+  **
+  ** Because a ShmBarrier() call is made between taking the copy of 
+  ** nBackfill and checking that the wal-header in shared-memory still
+  ** matches the one cached in pWal->hdr, it is guaranteed that the 
+  ** checkpointer that set nBackfill was not working with a wal-index
+  ** header newer than that cached in pWal->hdr. If it were, that could
+  ** cause a problem. The checkpointer could omit to checkpoint
+  ** a version of page X that lies before pWal->minFrame (call that version
+  ** A) on the basis that there is a newer version (version B) of the same
+  ** page later in the wal file. But if version B happens to like past
+  ** frame pWal->hdr.mxFrame - then the client would incorrectly assume
+  ** that it can read version A from the database file. However, since
+  ** we can guarantee that the checkpointer that set nBackfill could not
+  ** see any pages past pWal->hdr.mxFrame, this problem does not come up.
+  */
+  pWal->minFrame = pInfo->nBackfill+1;
+  walShmBarrier(pWal);
+  if( pInfo->aReadMark[mxI]!=mxReadMark
+   || memcmp((void *)walIndexHdr(pWal), &pWal->hdr, sizeof(WalIndexHdr))
+  ){
+    walUnlockShared(pWal, WAL_READ_LOCK(mxI));
+    return WAL_RETRY;
+  }else{
+    assert( mxReadMark<=pWal->hdr.mxFrame );
+    pWal->readLock = (i16)mxI;
+  }
+  return rc;
+}
+
+/*
+** Begin a read transaction on the database.
+**
+** This routine used to be called sqlite3OpenSnapshot() and with good reason:
+** it takes a snapshot of the state of the WAL and wal-index for the current
+** instant in time.  The current thread will continue to use this snapshot.
+** Other threads might append new content to the WAL and wal-index but
+** that extra content is ignored by the current thread.
+**
+** If the database contents have changes since the previous read
+** transaction, then *pChanged is set to 1 before returning.  The
+** Pager layer will use this to know that is cache is stale and
+** needs to be flushed.
+*/
+SQLITE_PRIVATE int sqlite3WalBeginReadTransaction(Wal *pWal, int *pChanged){
+  int rc;                         /* Return code */
+  int cnt = 0;                    /* Number of TryBeginRead attempts */
+
+#ifdef SQLITE_ENABLE_SNAPSHOT
+  int bChanged = 0;
+  WalIndexHdr *pSnapshot = pWal->pSnapshot;
+  if( pSnapshot && memcmp(pSnapshot, &pWal->hdr, sizeof(WalIndexHdr))!=0 ){
+    bChanged = 1;
+  }
+#endif
+
+  do{
+    rc = walTryBeginRead(pWal, pChanged, 0, ++cnt);
+  }while( rc==WAL_RETRY );
+  testcase( (rc&0xff)==SQLITE_BUSY );
+  testcase( (rc&0xff)==SQLITE_IOERR );
+  testcase( rc==SQLITE_PROTOCOL );
+  testcase( rc==SQLITE_OK );
+
+#ifdef SQLITE_ENABLE_SNAPSHOT
+  if( rc==SQLITE_OK ){
+    if( pSnapshot && memcmp(pSnapshot, &pWal->hdr, sizeof(WalIndexHdr))!=0 ){
+      /* At this point the client has a lock on an aReadMark[] slot holding
+      ** a value equal to or smaller than pSnapshot->mxFrame, but pWal->hdr
+      ** is populated with the wal-index header corresponding to the head
+      ** of the wal file. Verify that pSnapshot is still valid before
+      ** continuing.  Reasons why pSnapshot might no longer be valid:
+      **
+      **    (1)  The WAL file has been reset since the snapshot was taken.
+      **         In this case, the salt will have changed.
+      **
+      **    (2)  A checkpoint as been attempted that wrote frames past
+      **         pSnapshot->mxFrame into the database file.  Note that the
+      **         checkpoint need not have completed for this to cause problems.
+      */
+      volatile WalCkptInfo *pInfo = walCkptInfo(pWal);
+
+      assert( pWal->readLock>0 || pWal->hdr.mxFrame==0 );
+      assert( pInfo->aReadMark[pWal->readLock]<=pSnapshot->mxFrame );
+
+      /* It is possible that there is a checkpointer thread running 
+      ** concurrent with this code. If this is the case, it may be that the
+      ** checkpointer has already determined that it will checkpoint 
+      ** snapshot X, where X is later in the wal file than pSnapshot, but 
+      ** has not yet set the pInfo->nBackfillAttempted variable to indicate 
+      ** its intent. To avoid the race condition this leads to, ensure that
+      ** there is no checkpointer process by taking a shared CKPT lock 
+      ** before checking pInfo->nBackfillAttempted.  */
+      rc = walLockShared(pWal, WAL_CKPT_LOCK);
+
+      if( rc==SQLITE_OK ){
+        /* Check that the wal file has not been wrapped. Assuming that it has
+        ** not, also check that no checkpointer has attempted to checkpoint any
+        ** frames beyond pSnapshot->mxFrame. If either of these conditions are
+        ** true, return SQLITE_BUSY_SNAPSHOT. Otherwise, overwrite pWal->hdr
+        ** with *pSnapshot and set *pChanged as appropriate for opening the
+        ** snapshot.  */
+        if( !memcmp(pSnapshot->aSalt, pWal->hdr.aSalt, sizeof(pWal->hdr.aSalt))
+         && pSnapshot->mxFrame>=pInfo->nBackfillAttempted
+        ){
+          assert( pWal->readLock>0 );
+          memcpy(&pWal->hdr, pSnapshot, sizeof(WalIndexHdr));
+          *pChanged = bChanged;
+        }else{
+          rc = SQLITE_BUSY_SNAPSHOT;
+        }
+
+        /* Release the shared CKPT lock obtained above. */
+        walUnlockShared(pWal, WAL_CKPT_LOCK);
+      }
+
+
+      if( rc!=SQLITE_OK ){
+        sqlite3WalEndReadTransaction(pWal);
+      }
+    }
+  }
+#endif
+  return rc;
+}
+
+/*
+** Finish with a read transaction.  All this does is release the
+** read-lock.
+*/
+SQLITE_PRIVATE void sqlite3WalEndReadTransaction(Wal *pWal){
+  sqlite3WalEndWriteTransaction(pWal);
+  if( pWal->readLock>=0 ){
+    walUnlockShared(pWal, WAL_READ_LOCK(pWal->readLock));
+    pWal->readLock = -1;
+  }
+}
+
+/*
+** Search the wal file for page pgno. If found, set *piRead to the frame that
+** contains the page. Otherwise, if pgno is not in the wal file, set *piRead
+** to zero.
+**
+** Return SQLITE_OK if successful, or an error code if an error occurs. If an
+** error does occur, the final value of *piRead is undefined.
+*/
+SQLITE_PRIVATE int sqlite3WalFindFrame(
+  Wal *pWal,                      /* WAL handle */
+  Pgno pgno,                      /* Database page number to read data for */
+  u32 *piRead                     /* OUT: Frame number (or zero) */
+){
+  u32 iRead = 0;                  /* If !=0, WAL frame to return data from */
+  u32 iLast = pWal->hdr.mxFrame;  /* Last page in WAL for this reader */
+  int iHash;                      /* Used to loop through N hash tables */
+  int iMinHash;
+
+  /* This routine is only be called from within a read transaction. */
+  assert( pWal->readLock>=0 || pWal->lockError );
+
+  /* If the "last page" field of the wal-index header snapshot is 0, then
+  ** no data will be read from the wal under any circumstances. Return early
+  ** in this case as an optimization.  Likewise, if pWal->readLock==0, 
+  ** then the WAL is ignored by the reader so return early, as if the 
+  ** WAL were empty.
+  */
+  if( iLast==0 || pWal->readLock==0 ){
+    *piRead = 0;
+    return SQLITE_OK;
+  }
+
+  /* Search the hash table or tables for an entry matching page number
+  ** pgno. Each iteration of the following for() loop searches one
+  ** hash table (each hash table indexes up to HASHTABLE_NPAGE frames).
+  **
+  ** This code might run concurrently to the code in walIndexAppend()
+  ** that adds entries to the wal-index (and possibly to this hash 
+  ** table). This means the value just read from the hash 
+  ** slot (aHash[iKey]) may have been added before or after the 
+  ** current read transaction was opened. Values added after the
+  ** read transaction was opened may have been written incorrectly -
+  ** i.e. these slots may contain garbage data. However, we assume
+  ** that any slots written before the current read transaction was
+  ** opened remain unmodified.
+  **
+  ** For the reasons above, the if(...) condition featured in the inner
+  ** loop of the following block is more stringent that would be required 
+  ** if we had exclusive access to the hash-table:
+  **
+  **   (aPgno[iFrame]==pgno): 
+  **     This condition filters out normal hash-table collisions.
+  **
+  **   (iFrame<=iLast): 
+  **     This condition filters out entries that were added to the hash
+  **     table after the current read-transaction had started.
+  */
+  iMinHash = walFramePage(pWal->minFrame);
+  for(iHash=walFramePage(iLast); iHash>=iMinHash && iRead==0; iHash--){
+    volatile ht_slot *aHash;      /* Pointer to hash table */
+    volatile u32 *aPgno;          /* Pointer to array of page numbers */
+    u32 iZero;                    /* Frame number corresponding to aPgno[0] */
+    int iKey;                     /* Hash slot index */
+    int nCollide;                 /* Number of hash collisions remaining */
+    int rc;                       /* Error code */
+
+    rc = walHashGet(pWal, iHash, &aHash, &aPgno, &iZero);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    nCollide = HASHTABLE_NSLOT;
+    for(iKey=walHash(pgno); aHash[iKey]; iKey=walNextHash(iKey)){
+      u32 iFrame = aHash[iKey] + iZero;
+      if( iFrame<=iLast && iFrame>=pWal->minFrame && aPgno[aHash[iKey]]==pgno ){
+        assert( iFrame>iRead || CORRUPT_DB );
+        iRead = iFrame;
+      }
+      if( (nCollide--)==0 ){
+        return SQLITE_CORRUPT_BKPT;
+      }
+    }
+  }
+
+#ifdef SQLITE_ENABLE_EXPENSIVE_ASSERT
+  /* If expensive assert() statements are available, do a linear search
+  ** of the wal-index file content. Make sure the results agree with the
+  ** result obtained using the hash indexes above.  */
+  {
+    u32 iRead2 = 0;
+    u32 iTest;
+    assert( pWal->minFrame>0 );
+    for(iTest=iLast; iTest>=pWal->minFrame; iTest--){
+      if( walFramePgno(pWal, iTest)==pgno ){
+        iRead2 = iTest;
+        break;
+      }
+    }
+    assert( iRead==iRead2 );
+  }
+#endif
+
+  *piRead = iRead;
+  return SQLITE_OK;
+}
+
+/*
+** Read the contents of frame iRead from the wal file into buffer pOut
+** (which is nOut bytes in size). Return SQLITE_OK if successful, or an
+** error code otherwise.
+*/
+SQLITE_PRIVATE int sqlite3WalReadFrame(
+  Wal *pWal,                      /* WAL handle */
+  u32 iRead,                      /* Frame to read */
+  int nOut,                       /* Size of buffer pOut in bytes */
+  u8 *pOut                        /* Buffer to write page data to */
+){
+  int sz;
+  i64 iOffset;
+  sz = pWal->hdr.szPage;
+  sz = (sz&0xfe00) + ((sz&0x0001)<<16);
+  testcase( sz<=32768 );
+  testcase( sz>=65536 );
+  iOffset = walFrameOffset(iRead, sz) + WAL_FRAME_HDRSIZE;
+  /* testcase( IS_BIG_INT(iOffset) ); // requires a 4GiB WAL */
+  return sqlite3OsRead(pWal->pWalFd, pOut, (nOut>sz ? sz : nOut), iOffset);
+}
+
+/* 
+** Return the size of the database in pages (or zero, if unknown).
+*/
+SQLITE_PRIVATE Pgno sqlite3WalDbsize(Wal *pWal){
+  if( pWal && ALWAYS(pWal->readLock>=0) ){
+    return pWal->hdr.nPage;
+  }
+  return 0;
+}
+
+
+/* 
+** This function starts a write transaction on the WAL.
+**
+** A read transaction must have already been started by a prior call
+** to sqlite3WalBeginReadTransaction().
+**
+** If another thread or process has written into the database since
+** the read transaction was started, then it is not possible for this
+** thread to write as doing so would cause a fork.  So this routine
+** returns SQLITE_BUSY in that case and no write transaction is started.
+**
+** There can only be a single writer active at a time.
+*/
+SQLITE_PRIVATE int sqlite3WalBeginWriteTransaction(Wal *pWal){
+  int rc;
+
+  /* Cannot start a write transaction without first holding a read
+  ** transaction. */
+  assert( pWal->readLock>=0 );
+
+  if( pWal->readOnly ){
+    return SQLITE_READONLY;
+  }
+
+  /* Only one writer allowed at a time.  Get the write lock.  Return
+  ** SQLITE_BUSY if unable.
+  */
+  rc = walLockExclusive(pWal, WAL_WRITE_LOCK, 1);
+  if( rc ){
+    return rc;
+  }
+  pWal->writeLock = 1;
+
+  /* If another connection has written to the database file since the
+  ** time the read transaction on this connection was started, then
+  ** the write is disallowed.
+  */
+  if( memcmp(&pWal->hdr, (void *)walIndexHdr(pWal), sizeof(WalIndexHdr))!=0 ){
+    walUnlockExclusive(pWal, WAL_WRITE_LOCK, 1);
+    pWal->writeLock = 0;
+    rc = SQLITE_BUSY_SNAPSHOT;
+  }
+
+  return rc;
+}
+
+/*
+** End a write transaction.  The commit has already been done.  This
+** routine merely releases the lock.
+*/
+SQLITE_PRIVATE int sqlite3WalEndWriteTransaction(Wal *pWal){
+  if( pWal->writeLock ){
+    walUnlockExclusive(pWal, WAL_WRITE_LOCK, 1);
+    pWal->writeLock = 0;
+    pWal->truncateOnCommit = 0;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** If any data has been written (but not committed) to the log file, this
+** function moves the write-pointer back to the start of the transaction.
+**
+** Additionally, the callback function is invoked for each frame written
+** to the WAL since the start of the transaction. If the callback returns
+** other than SQLITE_OK, it is not invoked again and the error code is
+** returned to the caller.
+**
+** Otherwise, if the callback function does not return an error, this
+** function returns SQLITE_OK.
+*/
+SQLITE_PRIVATE int sqlite3WalUndo(Wal *pWal, int (*xUndo)(void *, Pgno), void *pUndoCtx){
+  int rc = SQLITE_OK;
+  if( ALWAYS(pWal->writeLock) ){
+    Pgno iMax = pWal->hdr.mxFrame;
+    Pgno iFrame;
+  
+    /* Restore the clients cache of the wal-index header to the state it
+    ** was in before the client began writing to the database. 
+    */
+    memcpy(&pWal->hdr, (void *)walIndexHdr(pWal), sizeof(WalIndexHdr));
+
+    for(iFrame=pWal->hdr.mxFrame+1; 
+        ALWAYS(rc==SQLITE_OK) && iFrame<=iMax; 
+        iFrame++
+    ){
+      /* This call cannot fail. Unless the page for which the page number
+      ** is passed as the second argument is (a) in the cache and 
+      ** (b) has an outstanding reference, then xUndo is either a no-op
+      ** (if (a) is false) or simply expels the page from the cache (if (b)
+      ** is false).
+      **
+      ** If the upper layer is doing a rollback, it is guaranteed that there
+      ** are no outstanding references to any page other than page 1. And
+      ** page 1 is never written to the log until the transaction is
+      ** committed. As a result, the call to xUndo may not fail.
+      */
+      assert( walFramePgno(pWal, iFrame)!=1 );
+      rc = xUndo(pUndoCtx, walFramePgno(pWal, iFrame));
+    }
+    if( iMax!=pWal->hdr.mxFrame ) walCleanupHash(pWal);
+  }
+  return rc;
+}
+
+/* 
+** Argument aWalData must point to an array of WAL_SAVEPOINT_NDATA u32 
+** values. This function populates the array with values required to 
+** "rollback" the write position of the WAL handle back to the current 
+** point in the event of a savepoint rollback (via WalSavepointUndo()).
+*/
+SQLITE_PRIVATE void sqlite3WalSavepoint(Wal *pWal, u32 *aWalData){
+  assert( pWal->writeLock );
+  aWalData[0] = pWal->hdr.mxFrame;
+  aWalData[1] = pWal->hdr.aFrameCksum[0];
+  aWalData[2] = pWal->hdr.aFrameCksum[1];
+  aWalData[3] = pWal->nCkpt;
+}
+
+/* 
+** Move the write position of the WAL back to the point identified by
+** the values in the aWalData[] array. aWalData must point to an array
+** of WAL_SAVEPOINT_NDATA u32 values that has been previously populated
+** by a call to WalSavepoint().
+*/
+SQLITE_PRIVATE int sqlite3WalSavepointUndo(Wal *pWal, u32 *aWalData){
+  int rc = SQLITE_OK;
+
+  assert( pWal->writeLock );
+  assert( aWalData[3]!=pWal->nCkpt || aWalData[0]<=pWal->hdr.mxFrame );
+
+  if( aWalData[3]!=pWal->nCkpt ){
+    /* This savepoint was opened immediately after the write-transaction
+    ** was started. Right after that, the writer decided to wrap around
+    ** to the start of the log. Update the savepoint values to match.
+    */
+    aWalData[0] = 0;
+    aWalData[3] = pWal->nCkpt;
+  }
+
+  if( aWalData[0]<pWal->hdr.mxFrame ){
+    pWal->hdr.mxFrame = aWalData[0];
+    pWal->hdr.aFrameCksum[0] = aWalData[1];
+    pWal->hdr.aFrameCksum[1] = aWalData[2];
+    walCleanupHash(pWal);
+  }
+
+  return rc;
+}
+
+/*
+** This function is called just before writing a set of frames to the log
+** file (see sqlite3WalFrames()). It checks to see if, instead of appending
+** to the current log file, it is possible to overwrite the start of the
+** existing log file with the new frames (i.e. "reset" the log). If so,
+** it sets pWal->hdr.mxFrame to 0. Otherwise, pWal->hdr.mxFrame is left
+** unchanged.
+**
+** SQLITE_OK is returned if no error is encountered (regardless of whether
+** or not pWal->hdr.mxFrame is modified). An SQLite error code is returned
+** if an error occurs.
+*/
+static int walRestartLog(Wal *pWal){
+  int rc = SQLITE_OK;
+  int cnt;
+
+  if( pWal->readLock==0 ){
+    volatile WalCkptInfo *pInfo = walCkptInfo(pWal);
+    assert( pInfo->nBackfill==pWal->hdr.mxFrame );
+    if( pInfo->nBackfill>0 ){
+      u32 salt1;
+      sqlite3_randomness(4, &salt1);
+      rc = walLockExclusive(pWal, WAL_READ_LOCK(1), WAL_NREADER-1);
+      if( rc==SQLITE_OK ){
+        /* If all readers are using WAL_READ_LOCK(0) (in other words if no
+        ** readers are currently using the WAL), then the transactions
+        ** frames will overwrite the start of the existing log. Update the
+        ** wal-index header to reflect this.
+        **
+        ** In theory it would be Ok to update the cache of the header only
+        ** at this point. But updating the actual wal-index header is also
+        ** safe and means there is no special case for sqlite3WalUndo()
+        ** to handle if this transaction is rolled back.  */
+        walRestartHdr(pWal, salt1);
+        walUnlockExclusive(pWal, WAL_READ_LOCK(1), WAL_NREADER-1);
+      }else if( rc!=SQLITE_BUSY ){
+        return rc;
+      }
+    }
+    walUnlockShared(pWal, WAL_READ_LOCK(0));
+    pWal->readLock = -1;
+    cnt = 0;
+    do{
+      int notUsed;
+      rc = walTryBeginRead(pWal, &notUsed, 1, ++cnt);
+    }while( rc==WAL_RETRY );
+    assert( (rc&0xff)!=SQLITE_BUSY ); /* BUSY not possible when useWal==1 */
+    testcase( (rc&0xff)==SQLITE_IOERR );
+    testcase( rc==SQLITE_PROTOCOL );
+    testcase( rc==SQLITE_OK );
+  }
+  return rc;
+}
+
+/*
+** Information about the current state of the WAL file and where
+** the next fsync should occur - passed from sqlite3WalFrames() into
+** walWriteToLog().
+*/
+typedef struct WalWriter {
+  Wal *pWal;                   /* The complete WAL information */
+  sqlite3_file *pFd;           /* The WAL file to which we write */
+  sqlite3_int64 iSyncPoint;    /* Fsync at this offset */
+  int syncFlags;               /* Flags for the fsync */
+  int szPage;                  /* Size of one page */
+} WalWriter;
+
+/*
+** Write iAmt bytes of content into the WAL file beginning at iOffset.
+** Do a sync when crossing the p->iSyncPoint boundary.
+**
+** In other words, if iSyncPoint is in between iOffset and iOffset+iAmt,
+** first write the part before iSyncPoint, then sync, then write the
+** rest.
+*/
+static int walWriteToLog(
+  WalWriter *p,              /* WAL to write to */
+  void *pContent,            /* Content to be written */
+  int iAmt,                  /* Number of bytes to write */
+  sqlite3_int64 iOffset      /* Start writing at this offset */
+){
+  int rc;
+  if( iOffset<p->iSyncPoint && iOffset+iAmt>=p->iSyncPoint ){
+    int iFirstAmt = (int)(p->iSyncPoint - iOffset);
+    rc = sqlite3OsWrite(p->pFd, pContent, iFirstAmt, iOffset);
+    if( rc ) return rc;
+    iOffset += iFirstAmt;
+    iAmt -= iFirstAmt;
+    pContent = (void*)(iFirstAmt + (char*)pContent);
+    assert( p->syncFlags & (SQLITE_SYNC_NORMAL|SQLITE_SYNC_FULL) );
+    rc = sqlite3OsSync(p->pFd, p->syncFlags & SQLITE_SYNC_MASK);
+    if( iAmt==0 || rc ) return rc;
+  }
+  rc = sqlite3OsWrite(p->pFd, pContent, iAmt, iOffset);
+  return rc;
+}
+
+/*
+** Write out a single frame of the WAL
+*/
+static int walWriteOneFrame(
+  WalWriter *p,               /* Where to write the frame */
+  PgHdr *pPage,               /* The page of the frame to be written */
+  int nTruncate,              /* The commit flag.  Usually 0.  >0 for commit */
+  sqlite3_int64 iOffset       /* Byte offset at which to write */
+){
+  int rc;                         /* Result code from subfunctions */
+  void *pData;                    /* Data actually written */
+  u8 aFrame[WAL_FRAME_HDRSIZE];   /* Buffer to assemble frame-header in */
+#if defined(SQLITE_HAS_CODEC)
+  if( (pData = sqlite3PagerCodec(pPage))==0 ) return SQLITE_NOMEM;
+#else
+  pData = pPage->pData;
+#endif
+  walEncodeFrame(p->pWal, pPage->pgno, nTruncate, pData, aFrame);
+  rc = walWriteToLog(p, aFrame, sizeof(aFrame), iOffset);
+  if( rc ) return rc;
+  /* Write the page data */
+  rc = walWriteToLog(p, pData, p->szPage, iOffset+sizeof(aFrame));
+  return rc;
+}
+
+/* 
+** Write a set of frames to the log. The caller must hold the write-lock
+** on the log file (obtained using sqlite3WalBeginWriteTransaction()).
+*/
+SQLITE_PRIVATE int sqlite3WalFrames(
+  Wal *pWal,                      /* Wal handle to write to */
+  int szPage,                     /* Database page-size in bytes */
+  PgHdr *pList,                   /* List of dirty pages to write */
+  Pgno nTruncate,                 /* Database size after this commit */
+  int isCommit,                   /* True if this is a commit */
+  int sync_flags                  /* Flags to pass to OsSync() (or 0) */
+){
+  int rc;                         /* Used to catch return codes */
+  u32 iFrame;                     /* Next frame address */
+  PgHdr *p;                       /* Iterator to run through pList with. */
+  PgHdr *pLast = 0;               /* Last frame in list */
+  int nExtra = 0;                 /* Number of extra copies of last page */
+  int szFrame;                    /* The size of a single frame */
+  i64 iOffset;                    /* Next byte to write in WAL file */
+  WalWriter w;                    /* The writer */
+
+  assert( pList );
+  assert( pWal->writeLock );
+
+  /* If this frame set completes a transaction, then nTruncate>0.  If
+  ** nTruncate==0 then this frame set does not complete the transaction. */
+  assert( (isCommit!=0)==(nTruncate!=0) );
+
+#if defined(SQLITE_TEST) && defined(SQLITE_DEBUG)
+  { int cnt; for(cnt=0, p=pList; p; p=p->pDirty, cnt++){}
+    WALTRACE(("WAL%p: frame write begin. %d frames. mxFrame=%d. %s\n",
+              pWal, cnt, pWal->hdr.mxFrame, isCommit ? "Commit" : "Spill"));
+  }
+#endif
+
+  /* See if it is possible to write these frames into the start of the
+  ** log file, instead of appending to it at pWal->hdr.mxFrame.
+  */
+  if( SQLITE_OK!=(rc = walRestartLog(pWal)) ){
+    return rc;
+  }
+
+  /* If this is the first frame written into the log, write the WAL
+  ** header to the start of the WAL file. See comments at the top of
+  ** this source file for a description of the WAL header format.
+  */
+  iFrame = pWal->hdr.mxFrame;
+  if( iFrame==0 ){
+    u8 aWalHdr[WAL_HDRSIZE];      /* Buffer to assemble wal-header in */
+    u32 aCksum[2];                /* Checksum for wal-header */
+
+    sqlite3Put4byte(&aWalHdr[0], (WAL_MAGIC | SQLITE_BIGENDIAN));
+    sqlite3Put4byte(&aWalHdr[4], WAL_MAX_VERSION);
+    sqlite3Put4byte(&aWalHdr[8], szPage);
+    sqlite3Put4byte(&aWalHdr[12], pWal->nCkpt);
+    if( pWal->nCkpt==0 ) sqlite3_randomness(8, pWal->hdr.aSalt);
+    memcpy(&aWalHdr[16], pWal->hdr.aSalt, 8);
+    walChecksumBytes(1, aWalHdr, WAL_HDRSIZE-2*4, 0, aCksum);
+    sqlite3Put4byte(&aWalHdr[24], aCksum[0]);
+    sqlite3Put4byte(&aWalHdr[28], aCksum[1]);
+    
+    pWal->szPage = szPage;
+    pWal->hdr.bigEndCksum = SQLITE_BIGENDIAN;
+    pWal->hdr.aFrameCksum[0] = aCksum[0];
+    pWal->hdr.aFrameCksum[1] = aCksum[1];
+    pWal->truncateOnCommit = 1;
+
+    rc = sqlite3OsWrite(pWal->pWalFd, aWalHdr, sizeof(aWalHdr), 0);
+    WALTRACE(("WAL%p: wal-header write %s\n", pWal, rc ? "failed" : "ok"));
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+
+    /* Sync the header (unless SQLITE_IOCAP_SEQUENTIAL is true or unless
+    ** all syncing is turned off by PRAGMA synchronous=OFF).  Otherwise
+    ** an out-of-order write following a WAL restart could result in
+    ** database corruption.  See the ticket:
+    **
+    **     http://localhost:591/sqlite/info/ff5be73dee
+    */
+    if( pWal->syncHeader && sync_flags ){
+      rc = sqlite3OsSync(pWal->pWalFd, sync_flags & SQLITE_SYNC_MASK);
+      if( rc ) return rc;
+    }
+  }
+  assert( (int)pWal->szPage==szPage );
+
+  /* Setup information needed to write frames into the WAL */
+  w.pWal = pWal;
+  w.pFd = pWal->pWalFd;
+  w.iSyncPoint = 0;
+  w.syncFlags = sync_flags;
+  w.szPage = szPage;
+  iOffset = walFrameOffset(iFrame+1, szPage);
+  szFrame = szPage + WAL_FRAME_HDRSIZE;
+
+  /* Write all frames into the log file exactly once */
+  for(p=pList; p; p=p->pDirty){
+    int nDbSize;   /* 0 normally.  Positive == commit flag */
+    iFrame++;
+    assert( iOffset==walFrameOffset(iFrame, szPage) );
+    nDbSize = (isCommit && p->pDirty==0) ? nTruncate : 0;
+    rc = walWriteOneFrame(&w, p, nDbSize, iOffset);
+    if( rc ) return rc;
+    pLast = p;
+    iOffset += szFrame;
+  }
+
+  /* If this is the end of a transaction, then we might need to pad
+  ** the transaction and/or sync the WAL file.
+  **
+  ** Padding and syncing only occur if this set of frames complete a
+  ** transaction and if PRAGMA synchronous=FULL.  If synchronous==NORMAL
+  ** or synchronous==OFF, then no padding or syncing are needed.
+  **
+  ** If SQLITE_IOCAP_POWERSAFE_OVERWRITE is defined, then padding is not
+  ** needed and only the sync is done.  If padding is needed, then the
+  ** final frame is repeated (with its commit mark) until the next sector
+  ** boundary is crossed.  Only the part of the WAL prior to the last
+  ** sector boundary is synced; the part of the last frame that extends
+  ** past the sector boundary is written after the sync.
+  */
+  if( isCommit && (sync_flags & WAL_SYNC_TRANSACTIONS)!=0 ){
+    if( pWal->padToSectorBoundary ){
+      int sectorSize = sqlite3SectorSize(pWal->pWalFd);
+      w.iSyncPoint = ((iOffset+sectorSize-1)/sectorSize)*sectorSize;
+      while( iOffset<w.iSyncPoint ){
+        rc = walWriteOneFrame(&w, pLast, nTruncate, iOffset);
+        if( rc ) return rc;
+        iOffset += szFrame;
+        nExtra++;
+      }
+    }else{
+      rc = sqlite3OsSync(w.pFd, sync_flags & SQLITE_SYNC_MASK);
+    }
+  }
+
+  /* If this frame set completes the first transaction in the WAL and
+  ** if PRAGMA journal_size_limit is set, then truncate the WAL to the
+  ** journal size limit, if possible.
+  */
+  if( isCommit && pWal->truncateOnCommit && pWal->mxWalSize>=0 ){
+    i64 sz = pWal->mxWalSize;
+    if( walFrameOffset(iFrame+nExtra+1, szPage)>pWal->mxWalSize ){
+      sz = walFrameOffset(iFrame+nExtra+1, szPage);
+    }
+    walLimitSize(pWal, sz);
+    pWal->truncateOnCommit = 0;
+  }
+
+  /* Append data to the wal-index. It is not necessary to lock the 
+  ** wal-index to do this as the SQLITE_SHM_WRITE lock held on the wal-index
+  ** guarantees that there are no other writers, and no data that may
+  ** be in use by existing readers is being overwritten.
+  */
+  iFrame = pWal->hdr.mxFrame;
+  for(p=pList; p && rc==SQLITE_OK; p=p->pDirty){
+    iFrame++;
+    rc = walIndexAppend(pWal, iFrame, p->pgno);
+  }
+  while( rc==SQLITE_OK && nExtra>0 ){
+    iFrame++;
+    nExtra--;
+    rc = walIndexAppend(pWal, iFrame, pLast->pgno);
+  }
+
+  if( rc==SQLITE_OK ){
+    /* Update the private copy of the header. */
+    pWal->hdr.szPage = (u16)((szPage&0xff00) | (szPage>>16));
+    testcase( szPage<=32768 );
+    testcase( szPage>=65536 );
+    pWal->hdr.mxFrame = iFrame;
+    if( isCommit ){
+      pWal->hdr.iChange++;
+      pWal->hdr.nPage = nTruncate;
+    }
+    /* If this is a commit, update the wal-index header too. */
+    if( isCommit ){
+      walIndexWriteHdr(pWal);
+      pWal->iCallback = iFrame;
+    }
+  }
+
+  WALTRACE(("WAL%p: frame write %s\n", pWal, rc ? "failed" : "ok"));
+  return rc;
+}
+
+/* 
+** This routine is called to implement sqlite3_wal_checkpoint() and
+** related interfaces.
+**
+** Obtain a CHECKPOINT lock and then backfill as much information as
+** we can from WAL into the database.
+**
+** If parameter xBusy is not NULL, it is a pointer to a busy-handler
+** callback. In this case this function runs a blocking checkpoint.
+*/
+SQLITE_PRIVATE int sqlite3WalCheckpoint(
+  Wal *pWal,                      /* Wal connection */
+  int eMode,                      /* PASSIVE, FULL, RESTART, or TRUNCATE */
+  int (*xBusy)(void*),            /* Function to call when busy */
+  void *pBusyArg,                 /* Context argument for xBusyHandler */
+  int sync_flags,                 /* Flags to sync db file with (or 0) */
+  int nBuf,                       /* Size of temporary buffer */
+  u8 *zBuf,                       /* Temporary buffer to use */
+  int *pnLog,                     /* OUT: Number of frames in WAL */
+  int *pnCkpt                     /* OUT: Number of backfilled frames in WAL */
+){
+  int rc;                         /* Return code */
+  int isChanged = 0;              /* True if a new wal-index header is loaded */
+  int eMode2 = eMode;             /* Mode to pass to walCheckpoint() */
+  int (*xBusy2)(void*) = xBusy;   /* Busy handler for eMode2 */
+
+  assert( pWal->ckptLock==0 );
+  assert( pWal->writeLock==0 );
+
+  /* EVIDENCE-OF: R-62920-47450 The busy-handler callback is never invoked
+  ** in the SQLITE_CHECKPOINT_PASSIVE mode. */
+  assert( eMode!=SQLITE_CHECKPOINT_PASSIVE || xBusy==0 );
+
+  if( pWal->readOnly ) return SQLITE_READONLY;
+  WALTRACE(("WAL%p: checkpoint begins\n", pWal));
+
+  /* IMPLEMENTATION-OF: R-62028-47212 All calls obtain an exclusive 
+  ** "checkpoint" lock on the database file. */
+  rc = walLockExclusive(pWal, WAL_CKPT_LOCK, 1);
+  if( rc ){
+    /* EVIDENCE-OF: R-10421-19736 If any other process is running a
+    ** checkpoint operation at the same time, the lock cannot be obtained and
+    ** SQLITE_BUSY is returned.
+    ** EVIDENCE-OF: R-53820-33897 Even if there is a busy-handler configured,
+    ** it will not be invoked in this case.
+    */
+    testcase( rc==SQLITE_BUSY );
+    testcase( xBusy!=0 );
+    return rc;
+  }
+  pWal->ckptLock = 1;
+
+  /* IMPLEMENTATION-OF: R-59782-36818 The SQLITE_CHECKPOINT_FULL, RESTART and
+  ** TRUNCATE modes also obtain the exclusive "writer" lock on the database
+  ** file.
+  **
+  ** EVIDENCE-OF: R-60642-04082 If the writer lock cannot be obtained
+  ** immediately, and a busy-handler is configured, it is invoked and the
+  ** writer lock retried until either the busy-handler returns 0 or the
+  ** lock is successfully obtained.
+  */
+  if( eMode!=SQLITE_CHECKPOINT_PASSIVE ){
+    rc = walBusyLock(pWal, xBusy, pBusyArg, WAL_WRITE_LOCK, 1);
+    if( rc==SQLITE_OK ){
+      pWal->writeLock = 1;
+    }else if( rc==SQLITE_BUSY ){
+      eMode2 = SQLITE_CHECKPOINT_PASSIVE;
+      xBusy2 = 0;
+      rc = SQLITE_OK;
+    }
+  }
+
+  /* Read the wal-index header. */
+  if( rc==SQLITE_OK ){
+    rc = walIndexReadHdr(pWal, &isChanged);
+    if( isChanged && pWal->pDbFd->pMethods->iVersion>=3 ){
+      sqlite3OsUnfetch(pWal->pDbFd, 0, 0);
+    }
+  }
+
+  /* Copy data from the log to the database file. */
+  if( rc==SQLITE_OK ){
+    if( pWal->hdr.mxFrame && walPagesize(pWal)!=nBuf ){
+      rc = SQLITE_CORRUPT_BKPT;
+    }else{
+      rc = walCheckpoint(pWal, eMode2, xBusy2, pBusyArg, sync_flags, zBuf);
+    }
+
+    /* If no error occurred, set the output variables. */
+    if( rc==SQLITE_OK || rc==SQLITE_BUSY ){
+      if( pnLog ) *pnLog = (int)pWal->hdr.mxFrame;
+      if( pnCkpt ) *pnCkpt = (int)(walCkptInfo(pWal)->nBackfill);
+    }
+  }
+
+  if( isChanged ){
+    /* If a new wal-index header was loaded before the checkpoint was 
+    ** performed, then the pager-cache associated with pWal is now
+    ** out of date. So zero the cached wal-index header to ensure that
+    ** next time the pager opens a snapshot on this database it knows that
+    ** the cache needs to be reset.
+    */
+    memset(&pWal->hdr, 0, sizeof(WalIndexHdr));
+  }
+
+  /* Release the locks. */
+  sqlite3WalEndWriteTransaction(pWal);
+  walUnlockExclusive(pWal, WAL_CKPT_LOCK, 1);
+  pWal->ckptLock = 0;
+  WALTRACE(("WAL%p: checkpoint %s\n", pWal, rc ? "failed" : "ok"));
+  return (rc==SQLITE_OK && eMode!=eMode2 ? SQLITE_BUSY : rc);
+}
+
+/* Return the value to pass to a sqlite3_wal_hook callback, the
+** number of frames in the WAL at the point of the last commit since
+** sqlite3WalCallback() was called.  If no commits have occurred since
+** the last call, then return 0.
+*/
+SQLITE_PRIVATE int sqlite3WalCallback(Wal *pWal){
+  u32 ret = 0;
+  if( pWal ){
+    ret = pWal->iCallback;
+    pWal->iCallback = 0;
+  }
+  return (int)ret;
+}
+
+/*
+** This function is called to change the WAL subsystem into or out
+** of locking_mode=EXCLUSIVE.
+**
+** If op is zero, then attempt to change from locking_mode=EXCLUSIVE
+** into locking_mode=NORMAL.  This means that we must acquire a lock
+** on the pWal->readLock byte.  If the WAL is already in locking_mode=NORMAL
+** or if the acquisition of the lock fails, then return 0.  If the
+** transition out of exclusive-mode is successful, return 1.  This
+** operation must occur while the pager is still holding the exclusive
+** lock on the main database file.
+**
+** If op is one, then change from locking_mode=NORMAL into 
+** locking_mode=EXCLUSIVE.  This means that the pWal->readLock must
+** be released.  Return 1 if the transition is made and 0 if the
+** WAL is already in exclusive-locking mode - meaning that this
+** routine is a no-op.  The pager must already hold the exclusive lock
+** on the main database file before invoking this operation.
+**
+** If op is negative, then do a dry-run of the op==1 case but do
+** not actually change anything. The pager uses this to see if it
+** should acquire the database exclusive lock prior to invoking
+** the op==1 case.
+*/
+SQLITE_PRIVATE int sqlite3WalExclusiveMode(Wal *pWal, int op){
+  int rc;
+  assert( pWal->writeLock==0 );
+  assert( pWal->exclusiveMode!=WAL_HEAPMEMORY_MODE || op==-1 );
+
+  /* pWal->readLock is usually set, but might be -1 if there was a 
+  ** prior error while attempting to acquire are read-lock. This cannot 
+  ** happen if the connection is actually in exclusive mode (as no xShmLock
+  ** locks are taken in this case). Nor should the pager attempt to
+  ** upgrade to exclusive-mode following such an error.
+  */
+  assert( pWal->readLock>=0 || pWal->lockError );
+  assert( pWal->readLock>=0 || (op<=0 && pWal->exclusiveMode==0) );
+
+  if( op==0 ){
+    if( pWal->exclusiveMode ){
+      pWal->exclusiveMode = 0;
+      if( walLockShared(pWal, WAL_READ_LOCK(pWal->readLock))!=SQLITE_OK ){
+        pWal->exclusiveMode = 1;
+      }
+      rc = pWal->exclusiveMode==0;
+    }else{
+      /* Already in locking_mode=NORMAL */
+      rc = 0;
+    }
+  }else if( op>0 ){
+    assert( pWal->exclusiveMode==0 );
+    assert( pWal->readLock>=0 );
+    walUnlockShared(pWal, WAL_READ_LOCK(pWal->readLock));
+    pWal->exclusiveMode = 1;
+    rc = 1;
+  }else{
+    rc = pWal->exclusiveMode==0;
+  }
+  return rc;
+}
+
+/* 
+** Return true if the argument is non-NULL and the WAL module is using
+** heap-memory for the wal-index. Otherwise, if the argument is NULL or the
+** WAL module is using shared-memory, return false. 
+*/
+SQLITE_PRIVATE int sqlite3WalHeapMemory(Wal *pWal){
+  return (pWal && pWal->exclusiveMode==WAL_HEAPMEMORY_MODE );
+}
+
+#ifdef SQLITE_ENABLE_SNAPSHOT
+/* Create a snapshot object.  The content of a snapshot is opaque to
+** every other subsystem, so the WAL module can put whatever it needs
+** in the object.
+*/
+SQLITE_PRIVATE int sqlite3WalSnapshotGet(Wal *pWal, sqlite3_snapshot **ppSnapshot){
+  int rc = SQLITE_OK;
+  WalIndexHdr *pRet;
+
+  assert( pWal->readLock>=0 && pWal->writeLock==0 );
+
+  pRet = (WalIndexHdr*)sqlite3_malloc(sizeof(WalIndexHdr));
+  if( pRet==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    memcpy(pRet, &pWal->hdr, sizeof(WalIndexHdr));
+    *ppSnapshot = (sqlite3_snapshot*)pRet;
+  }
+
+  return rc;
+}
+
+/* Try to open on pSnapshot when the next read-transaction starts
+*/
+SQLITE_PRIVATE void sqlite3WalSnapshotOpen(Wal *pWal, sqlite3_snapshot *pSnapshot){
+  pWal->pSnapshot = (WalIndexHdr*)pSnapshot;
+}
+#endif /* SQLITE_ENABLE_SNAPSHOT */
+
+#ifdef SQLITE_ENABLE_ZIPVFS
+/*
+** If the argument is not NULL, it points to a Wal object that holds a
+** read-lock. This function returns the database page-size if it is known,
+** or zero if it is not (or if pWal is NULL).
+*/
+SQLITE_PRIVATE int sqlite3WalFramesize(Wal *pWal){
+  assert( pWal==0 || pWal->readLock>=0 );
+  return (pWal ? pWal->szPage : 0);
+}
+#endif
+
+/* Return the sqlite3_file object for the WAL file
+*/
+SQLITE_PRIVATE sqlite3_file *sqlite3WalFile(Wal *pWal){
+  return pWal->pWalFd;
+}
+
+#endif /* #ifndef SQLITE_OMIT_WAL */
+
+/************** End of wal.c *************************************************/
+/************** Begin file btmutex.c *****************************************/
+/*
+** 2007 August 27
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains code used to implement mutexes on Btree objects.
+** This code really belongs in btree.c.  But btree.c is getting too
+** big and we want to break it down some.  This packaged seemed like
+** a good breakout.
+*/
+/************** Include btreeInt.h in the middle of btmutex.c ****************/
+/************** Begin file btreeInt.h ****************************************/
+/*
+** 2004 April 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file implements an external (disk-based) database using BTrees.
+** For a detailed discussion of BTrees, refer to
+**
+**     Donald E. Knuth, THE ART OF COMPUTER PROGRAMMING, Volume 3:
+**     "Sorting And Searching", pages 473-480. Addison-Wesley
+**     Publishing Company, Reading, Massachusetts.
+**
+** The basic idea is that each page of the file contains N database
+** entries and N+1 pointers to subpages.
+**
+**   ----------------------------------------------------------------
+**   |  Ptr(0) | Key(0) | Ptr(1) | Key(1) | ... | Key(N-1) | Ptr(N) |
+**   ----------------------------------------------------------------
+**
+** All of the keys on the page that Ptr(0) points to have values less
+** than Key(0).  All of the keys on page Ptr(1) and its subpages have
+** values greater than Key(0) and less than Key(1).  All of the keys
+** on Ptr(N) and its subpages have values greater than Key(N-1).  And
+** so forth.
+**
+** Finding a particular key requires reading O(log(M)) pages from the 
+** disk where M is the number of entries in the tree.
+**
+** In this implementation, a single file can hold one or more separate 
+** BTrees.  Each BTree is identified by the index of its root page.  The
+** key and data for any entry are combined to form the "payload".  A
+** fixed amount of payload can be carried directly on the database
+** page.  If the payload is larger than the preset amount then surplus
+** bytes are stored on overflow pages.  The payload for an entry
+** and the preceding pointer are combined to form a "Cell".  Each 
+** page has a small header which contains the Ptr(N) pointer and other
+** information such as the size of key and data.
+**
+** FORMAT DETAILS
+**
+** The file is divided into pages.  The first page is called page 1,
+** the second is page 2, and so forth.  A page number of zero indicates
+** "no such page".  The page size can be any power of 2 between 512 and 65536.
+** Each page can be either a btree page, a freelist page, an overflow
+** page, or a pointer-map page.
+**
+** The first page is always a btree page.  The first 100 bytes of the first
+** page contain a special header (the "file header") that describes the file.
+** The format of the file header is as follows:
+**
+**   OFFSET   SIZE    DESCRIPTION
+**      0      16     Header string: "SQLite format 3\000"
+**     16       2     Page size in bytes.  (1 means 65536)
+**     18       1     File format write version
+**     19       1     File format read version
+**     20       1     Bytes of unused space at the end of each page
+**     21       1     Max embedded payload fraction (must be 64)
+**     22       1     Min embedded payload fraction (must be 32)
+**     23       1     Min leaf payload fraction (must be 32)
+**     24       4     File change counter
+**     28       4     Reserved for future use
+**     32       4     First freelist page
+**     36       4     Number of freelist pages in the file
+**     40      60     15 4-byte meta values passed to higher layers
+**
+**     40       4     Schema cookie
+**     44       4     File format of schema layer
+**     48       4     Size of page cache
+**     52       4     Largest root-page (auto/incr_vacuum)
+**     56       4     1=UTF-8 2=UTF16le 3=UTF16be
+**     60       4     User version
+**     64       4     Incremental vacuum mode
+**     68       4     Application-ID
+**     72      20     unused
+**     92       4     The version-valid-for number
+**     96       4     SQLITE_VERSION_NUMBER
+**
+** All of the integer values are big-endian (most significant byte first).
+**
+** The file change counter is incremented when the database is changed
+** This counter allows other processes to know when the file has changed
+** and thus when they need to flush their cache.
+**
+** The max embedded payload fraction is the amount of the total usable
+** space in a page that can be consumed by a single cell for standard
+** B-tree (non-LEAFDATA) tables.  A value of 255 means 100%.  The default
+** is to limit the maximum cell size so that at least 4 cells will fit
+** on one page.  Thus the default max embedded payload fraction is 64.
+**
+** If the payload for a cell is larger than the max payload, then extra
+** payload is spilled to overflow pages.  Once an overflow page is allocated,
+** as many bytes as possible are moved into the overflow pages without letting
+** the cell size drop below the min embedded payload fraction.
+**
+** The min leaf payload fraction is like the min embedded payload fraction
+** except that it applies to leaf nodes in a LEAFDATA tree.  The maximum
+** payload fraction for a LEAFDATA tree is always 100% (or 255) and it
+** not specified in the header.
+**
+** Each btree pages is divided into three sections:  The header, the
+** cell pointer array, and the cell content area.  Page 1 also has a 100-byte
+** file header that occurs before the page header.
+**
+**      |----------------|
+**      | file header    |   100 bytes.  Page 1 only.
+**      |----------------|
+**      | page header    |   8 bytes for leaves.  12 bytes for interior nodes
+**      |----------------|
+**      | cell pointer   |   |  2 bytes per cell.  Sorted order.
+**      | array          |   |  Grows downward
+**      |                |   v
+**      |----------------|
+**      | unallocated    |
+**      | space          |
+**      |----------------|   ^  Grows upwards
+**      | cell content   |   |  Arbitrary order interspersed with freeblocks.
+**      | area           |   |  and free space fragments.
+**      |----------------|
+**
+** The page headers looks like this:
+**
+**   OFFSET   SIZE     DESCRIPTION
+**      0       1      Flags. 1: intkey, 2: zerodata, 4: leafdata, 8: leaf
+**      1       2      byte offset to the first freeblock
+**      3       2      number of cells on this page
+**      5       2      first byte of the cell content area
+**      7       1      number of fragmented free bytes
+**      8       4      Right child (the Ptr(N) value).  Omitted on leaves.
+**
+** The flags define the format of this btree page.  The leaf flag means that
+** this page has no children.  The zerodata flag means that this page carries
+** only keys and no data.  The intkey flag means that the key is an integer
+** which is stored in the key size entry of the cell header rather than in
+** the payload area.
+**
+** The cell pointer array begins on the first byte after the page header.
+** The cell pointer array contains zero or more 2-byte numbers which are
+** offsets from the beginning of the page to the cell content in the cell
+** content area.  The cell pointers occur in sorted order.  The system strives
+** to keep free space after the last cell pointer so that new cells can
+** be easily added without having to defragment the page.
+**
+** Cell content is stored at the very end of the page and grows toward the
+** beginning of the page.
+**
+** Unused space within the cell content area is collected into a linked list of
+** freeblocks.  Each freeblock is at least 4 bytes in size.  The byte offset
+** to the first freeblock is given in the header.  Freeblocks occur in
+** increasing order.  Because a freeblock must be at least 4 bytes in size,
+** any group of 3 or fewer unused bytes in the cell content area cannot
+** exist on the freeblock chain.  A group of 3 or fewer free bytes is called
+** a fragment.  The total number of bytes in all fragments is recorded.
+** in the page header at offset 7.
+**
+**    SIZE    DESCRIPTION
+**      2     Byte offset of the next freeblock
+**      2     Bytes in this freeblock
+**
+** Cells are of variable length.  Cells are stored in the cell content area at
+** the end of the page.  Pointers to the cells are in the cell pointer array
+** that immediately follows the page header.  Cells is not necessarily
+** contiguous or in order, but cell pointers are contiguous and in order.
+**
+** Cell content makes use of variable length integers.  A variable
+** length integer is 1 to 9 bytes where the lower 7 bits of each 
+** byte are used.  The integer consists of all bytes that have bit 8 set and
+** the first byte with bit 8 clear.  The most significant byte of the integer
+** appears first.  A variable-length integer may not be more than 9 bytes long.
+** As a special case, all 8 bytes of the 9th byte are used as data.  This
+** allows a 64-bit integer to be encoded in 9 bytes.
+**
+**    0x00                      becomes  0x00000000
+**    0x7f                      becomes  0x0000007f
+**    0x81 0x00                 becomes  0x00000080
+**    0x82 0x00                 becomes  0x00000100
+**    0x80 0x7f                 becomes  0x0000007f
+**    0x8a 0x91 0xd1 0xac 0x78  becomes  0x12345678
+**    0x81 0x81 0x81 0x81 0x01  becomes  0x10204081
+**
+** Variable length integers are used for rowids and to hold the number of
+** bytes of key and data in a btree cell.
+**
+** The content of a cell looks like this:
+**
+**    SIZE    DESCRIPTION
+**      4     Page number of the left child. Omitted if leaf flag is set.
+**     var    Number of bytes of data. Omitted if the zerodata flag is set.
+**     var    Number of bytes of key. Or the key itself if intkey flag is set.
+**      *     Payload
+**      4     First page of the overflow chain.  Omitted if no overflow
+**
+** Overflow pages form a linked list.  Each page except the last is completely
+** filled with data (pagesize - 4 bytes).  The last page can have as little
+** as 1 byte of data.
+**
+**    SIZE    DESCRIPTION
+**      4     Page number of next overflow page
+**      *     Data
+**
+** Freelist pages come in two subtypes: trunk pages and leaf pages.  The
+** file header points to the first in a linked list of trunk page.  Each trunk
+** page points to multiple leaf pages.  The content of a leaf page is
+** unspecified.  A trunk page looks like this:
+**
+**    SIZE    DESCRIPTION
+**      4     Page number of next trunk page
+**      4     Number of leaf pointers on this page
+**      *     zero or more pages numbers of leaves
+*/
+/* #include "sqliteInt.h" */
+
+
+/* The following value is the maximum cell size assuming a maximum page
+** size give above.
+*/
+#define MX_CELL_SIZE(pBt)  ((int)(pBt->pageSize-8))
+
+/* The maximum number of cells on a single page of the database.  This
+** assumes a minimum cell size of 6 bytes  (4 bytes for the cell itself
+** plus 2 bytes for the index to the cell in the page header).  Such
+** small cells will be rare, but they are possible.
+*/
+#define MX_CELL(pBt) ((pBt->pageSize-8)/6)
+
+/* Forward declarations */
+typedef struct MemPage MemPage;
+typedef struct BtLock BtLock;
+typedef struct CellInfo CellInfo;
+
+/*
+** This is a magic string that appears at the beginning of every
+** SQLite database in order to identify the file as a real database.
+**
+** You can change this value at compile-time by specifying a
+** -DSQLITE_FILE_HEADER="..." on the compiler command-line.  The
+** header must be exactly 16 bytes including the zero-terminator so
+** the string itself should be 15 characters long.  If you change
+** the header, then your custom library will not be able to read 
+** databases generated by the standard tools and the standard tools
+** will not be able to read databases created by your custom library.
+*/
+#ifndef SQLITE_FILE_HEADER /* 123456789 123456 */
+#  define SQLITE_FILE_HEADER "SQLite format 3"
+#endif
+
+/*
+** Page type flags.  An ORed combination of these flags appear as the
+** first byte of on-disk image of every BTree page.
+*/
+#define PTF_INTKEY    0x01
+#define PTF_ZERODATA  0x02
+#define PTF_LEAFDATA  0x04
+#define PTF_LEAF      0x08
+
+/*
+** As each page of the file is loaded into memory, an instance of the following
+** structure is appended and initialized to zero.  This structure stores
+** information about the page that is decoded from the raw file page.
+**
+** The pParent field points back to the parent page.  This allows us to
+** walk up the BTree from any leaf to the root.  Care must be taken to
+** unref() the parent page pointer when this page is no longer referenced.
+** The pageDestructor() routine handles that chore.
+**
+** Access to all fields of this structure is controlled by the mutex
+** stored in MemPage.pBt->mutex.
+*/
+struct MemPage {
+  u8 isInit;           /* True if previously initialized. MUST BE FIRST! */
+  u8 nOverflow;        /* Number of overflow cell bodies in aCell[] */
+  u8 intKey;           /* True if table b-trees.  False for index b-trees */
+  u8 intKeyLeaf;       /* True if the leaf of an intKey table */
+  u8 noPayload;        /* True if internal intKey page (thus w/o data) */
+  u8 leaf;             /* True if a leaf page */
+  u8 hdrOffset;        /* 100 for page 1.  0 otherwise */
+  u8 childPtrSize;     /* 0 if leaf==1.  4 if leaf==0 */
+  u8 max1bytePayload;  /* min(maxLocal,127) */
+  u8 bBusy;            /* Prevent endless loops on corrupt database files */
+  u16 maxLocal;        /* Copy of BtShared.maxLocal or BtShared.maxLeaf */
+  u16 minLocal;        /* Copy of BtShared.minLocal or BtShared.minLeaf */
+  u16 cellOffset;      /* Index in aData of first cell pointer */
+  u16 nFree;           /* Number of free bytes on the page */
+  u16 nCell;           /* Number of cells on this page, local and ovfl */
+  u16 maskPage;        /* Mask for page offset */
+  u16 aiOvfl[5];       /* Insert the i-th overflow cell before the aiOvfl-th
+                       ** non-overflow cell */
+  u8 *apOvfl[5];       /* Pointers to the body of overflow cells */
+  BtShared *pBt;       /* Pointer to BtShared that this page is part of */
+  u8 *aData;           /* Pointer to disk image of the page data */
+  u8 *aDataEnd;        /* One byte past the end of usable data */
+  u8 *aCellIdx;        /* The cell index area */
+  u8 *aDataOfst;       /* Same as aData for leaves.  aData+4 for interior */
+  DbPage *pDbPage;     /* Pager page handle */
+  u16 (*xCellSize)(MemPage*,u8*);             /* cellSizePtr method */
+  void (*xParseCell)(MemPage*,u8*,CellInfo*); /* btreeParseCell method */
+  Pgno pgno;           /* Page number for this page */
+};
+
+/*
+** The in-memory image of a disk page has the auxiliary information appended
+** to the end.  EXTRA_SIZE is the number of bytes of space needed to hold
+** that extra information.
+*/
+#define EXTRA_SIZE sizeof(MemPage)
+
+/*
+** A linked list of the following structures is stored at BtShared.pLock.
+** Locks are added (or upgraded from READ_LOCK to WRITE_LOCK) when a cursor 
+** is opened on the table with root page BtShared.iTable. Locks are removed
+** from this list when a transaction is committed or rolled back, or when
+** a btree handle is closed.
+*/
+struct BtLock {
+  Btree *pBtree;        /* Btree handle holding this lock */
+  Pgno iTable;          /* Root page of table */
+  u8 eLock;             /* READ_LOCK or WRITE_LOCK */
+  BtLock *pNext;        /* Next in BtShared.pLock list */
+};
+
+/* Candidate values for BtLock.eLock */
+#define READ_LOCK     1
+#define WRITE_LOCK    2
+
+/* A Btree handle
+**
+** A database connection contains a pointer to an instance of
+** this object for every database file that it has open.  This structure
+** is opaque to the database connection.  The database connection cannot
+** see the internals of this structure and only deals with pointers to
+** this structure.
+**
+** For some database files, the same underlying database cache might be 
+** shared between multiple connections.  In that case, each connection
+** has it own instance of this object.  But each instance of this object
+** points to the same BtShared object.  The database cache and the
+** schema associated with the database file are all contained within
+** the BtShared object.
+**
+** All fields in this structure are accessed under sqlite3.mutex.
+** The pBt pointer itself may not be changed while there exists cursors 
+** in the referenced BtShared that point back to this Btree since those
+** cursors have to go through this Btree to find their BtShared and
+** they often do so without holding sqlite3.mutex.
+*/
+struct Btree {
+  sqlite3 *db;       /* The database connection holding this btree */
+  BtShared *pBt;     /* Sharable content of this btree */
+  u8 inTrans;        /* TRANS_NONE, TRANS_READ or TRANS_WRITE */
+  u8 sharable;       /* True if we can share pBt with another db */
+  u8 locked;         /* True if db currently has pBt locked */
+  u8 hasIncrblobCur; /* True if there are one or more Incrblob cursors */
+  int wantToLock;    /* Number of nested calls to sqlite3BtreeEnter() */
+  int nBackup;       /* Number of backup operations reading this btree */
+  u32 iDataVersion;  /* Combines with pBt->pPager->iDataVersion */
+  Btree *pNext;      /* List of other sharable Btrees from the same db */
+  Btree *pPrev;      /* Back pointer of the same list */
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  BtLock lock;       /* Object used to lock page 1 */
+#endif
+};
+
+/*
+** Btree.inTrans may take one of the following values.
+**
+** If the shared-data extension is enabled, there may be multiple users
+** of the Btree structure. At most one of these may open a write transaction,
+** but any number may have active read transactions.
+*/
+#define TRANS_NONE  0
+#define TRANS_READ  1
+#define TRANS_WRITE 2
+
+/*
+** An instance of this object represents a single database file.
+** 
+** A single database file can be in use at the same time by two
+** or more database connections.  When two or more connections are
+** sharing the same database file, each connection has it own
+** private Btree object for the file and each of those Btrees points
+** to this one BtShared object.  BtShared.nRef is the number of
+** connections currently sharing this database file.
+**
+** Fields in this structure are accessed under the BtShared.mutex
+** mutex, except for nRef and pNext which are accessed under the
+** global SQLITE_MUTEX_STATIC_MASTER mutex.  The pPager field
+** may not be modified once it is initially set as long as nRef>0.
+** The pSchema field may be set once under BtShared.mutex and
+** thereafter is unchanged as long as nRef>0.
+**
+** isPending:
+**
+**   If a BtShared client fails to obtain a write-lock on a database
+**   table (because there exists one or more read-locks on the table),
+**   the shared-cache enters 'pending-lock' state and isPending is
+**   set to true.
+**
+**   The shared-cache leaves the 'pending lock' state when either of
+**   the following occur:
+**
+**     1) The current writer (BtShared.pWriter) concludes its transaction, OR
+**     2) The number of locks held by other connections drops to zero.
+**
+**   while in the 'pending-lock' state, no connection may start a new
+**   transaction.
+**
+**   This feature is included to help prevent writer-starvation.
+*/
+struct BtShared {
+  Pager *pPager;        /* The page cache */
+  sqlite3 *db;          /* Database connection currently using this Btree */
+  BtCursor *pCursor;    /* A list of all open cursors */
+  MemPage *pPage1;      /* First page of the database */
+  u8 openFlags;         /* Flags to sqlite3BtreeOpen() */
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  u8 autoVacuum;        /* True if auto-vacuum is enabled */
+  u8 incrVacuum;        /* True if incr-vacuum is enabled */
+  u8 bDoTruncate;       /* True to truncate db on commit */
+#endif
+  u8 inTransaction;     /* Transaction state */
+  u8 max1bytePayload;   /* Maximum first byte of cell for a 1-byte payload */
+#ifdef SQLITE_HAS_CODEC
+  u8 optimalReserve;    /* Desired amount of reserved space per page */
+#endif
+  u16 btsFlags;         /* Boolean parameters.  See BTS_* macros below */
+  u16 maxLocal;         /* Maximum local payload in non-LEAFDATA tables */
+  u16 minLocal;         /* Minimum local payload in non-LEAFDATA tables */
+  u16 maxLeaf;          /* Maximum local payload in a LEAFDATA table */
+  u16 minLeaf;          /* Minimum local payload in a LEAFDATA table */
+  u32 pageSize;         /* Total number of bytes on a page */
+  u32 usableSize;       /* Number of usable bytes on each page */
+  int nTransaction;     /* Number of open transactions (read + write) */
+  u32 nPage;            /* Number of pages in the database */
+  void *pSchema;        /* Pointer to space allocated by sqlite3BtreeSchema() */
+  void (*xFreeSchema)(void*);  /* Destructor for BtShared.pSchema */
+  sqlite3_mutex *mutex; /* Non-recursive mutex required to access this object */
+  Bitvec *pHasContent;  /* Set of pages moved to free-list this transaction */
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  int nRef;             /* Number of references to this structure */
+  BtShared *pNext;      /* Next on a list of sharable BtShared structs */
+  BtLock *pLock;        /* List of locks held on this shared-btree struct */
+  Btree *pWriter;       /* Btree with currently open write transaction */
+#endif
+  u8 *pTmpSpace;        /* Temp space sufficient to hold a single cell */
+};
+
+/*
+** Allowed values for BtShared.btsFlags
+*/
+#define BTS_READ_ONLY        0x0001   /* Underlying file is readonly */
+#define BTS_PAGESIZE_FIXED   0x0002   /* Page size can no longer be changed */
+#define BTS_SECURE_DELETE    0x0004   /* PRAGMA secure_delete is enabled */
+#define BTS_INITIALLY_EMPTY  0x0008   /* Database was empty at trans start */
+#define BTS_NO_WAL           0x0010   /* Do not open write-ahead-log files */
+#define BTS_EXCLUSIVE        0x0020   /* pWriter has an exclusive lock */
+#define BTS_PENDING          0x0040   /* Waiting for read-locks to clear */
+
+/*
+** An instance of the following structure is used to hold information
+** about a cell.  The parseCellPtr() function fills in this structure
+** based on information extract from the raw disk page.
+*/
+struct CellInfo {
+  i64 nKey;      /* The key for INTKEY tables, or nPayload otherwise */
+  u8 *pPayload;  /* Pointer to the start of payload */
+  u32 nPayload;  /* Bytes of payload */
+  u16 nLocal;    /* Amount of payload held locally, not on overflow */
+  u16 nSize;     /* Size of the cell content on the main b-tree page */
+};
+
+/*
+** Maximum depth of an SQLite B-Tree structure. Any B-Tree deeper than
+** this will be declared corrupt. This value is calculated based on a
+** maximum database size of 2^31 pages a minimum fanout of 2 for a
+** root-node and 3 for all other internal nodes.
+**
+** If a tree that appears to be taller than this is encountered, it is
+** assumed that the database is corrupt.
+*/
+#define BTCURSOR_MAX_DEPTH 20
+
+/*
+** A cursor is a pointer to a particular entry within a particular
+** b-tree within a database file.
+**
+** The entry is identified by its MemPage and the index in
+** MemPage.aCell[] of the entry.
+**
+** A single database file can be shared by two more database connections,
+** but cursors cannot be shared.  Each cursor is associated with a
+** particular database connection identified BtCursor.pBtree.db.
+**
+** Fields in this structure are accessed under the BtShared.mutex
+** found at self->pBt->mutex. 
+**
+** skipNext meaning:
+**    eState==SKIPNEXT && skipNext>0:  Next sqlite3BtreeNext() is no-op.
+**    eState==SKIPNEXT && skipNext<0:  Next sqlite3BtreePrevious() is no-op.
+**    eState==FAULT:                   Cursor fault with skipNext as error code.
+*/
+struct BtCursor {
+  Btree *pBtree;            /* The Btree to which this cursor belongs */
+  BtShared *pBt;            /* The BtShared this cursor points to */
+  BtCursor *pNext;          /* Forms a linked list of all cursors */
+  Pgno *aOverflow;          /* Cache of overflow page locations */
+  CellInfo info;            /* A parse of the cell we are pointing at */
+  i64 nKey;                 /* Size of pKey, or last integer key */
+  void *pKey;               /* Saved key that was cursor last known position */
+  Pgno pgnoRoot;            /* The root page of this tree */
+  int nOvflAlloc;           /* Allocated size of aOverflow[] array */
+  int skipNext;    /* Prev() is noop if negative. Next() is noop if positive.
+                   ** Error code if eState==CURSOR_FAULT */
+  u8 curFlags;              /* zero or more BTCF_* flags defined below */
+  u8 curPagerFlags;         /* Flags to send to sqlite3PagerGet() */
+  u8 eState;                /* One of the CURSOR_XXX constants (see below) */
+  u8 hints;                 /* As configured by CursorSetHints() */
+  /* All fields above are zeroed when the cursor is allocated.  See
+  ** sqlite3BtreeCursorZero().  Fields that follow must be manually
+  ** initialized. */
+  i8 iPage;                 /* Index of current page in apPage */
+  u8 curIntKey;             /* Value of apPage[0]->intKey */
+  struct KeyInfo *pKeyInfo; /* Argument passed to comparison function */
+  void *padding1;           /* Make object size a multiple of 16 */
+  u16 aiIdx[BTCURSOR_MAX_DEPTH];        /* Current index in apPage[i] */
+  MemPage *apPage[BTCURSOR_MAX_DEPTH];  /* Pages from root to current page */
+};
+
+/*
+** Legal values for BtCursor.curFlags
+*/
+#define BTCF_WriteFlag    0x01   /* True if a write cursor */
+#define BTCF_ValidNKey    0x02   /* True if info.nKey is valid */
+#define BTCF_ValidOvfl    0x04   /* True if aOverflow is valid */
+#define BTCF_AtLast       0x08   /* Cursor is pointing ot the last entry */
+#define BTCF_Incrblob     0x10   /* True if an incremental I/O handle */
+#define BTCF_Multiple     0x20   /* Maybe another cursor on the same btree */
+
+/*
+** Potential values for BtCursor.eState.
+**
+** CURSOR_INVALID:
+**   Cursor does not point to a valid entry. This can happen (for example) 
+**   because the table is empty or because BtreeCursorFirst() has not been
+**   called.
+**
+** CURSOR_VALID:
+**   Cursor points to a valid entry. getPayload() etc. may be called.
+**
+** CURSOR_SKIPNEXT:
+**   Cursor is valid except that the Cursor.skipNext field is non-zero
+**   indicating that the next sqlite3BtreeNext() or sqlite3BtreePrevious()
+**   operation should be a no-op.
+**
+** CURSOR_REQUIRESEEK:
+**   The table that this cursor was opened on still exists, but has been 
+**   modified since the cursor was last used. The cursor position is saved
+**   in variables BtCursor.pKey and BtCursor.nKey. When a cursor is in 
+**   this state, restoreCursorPosition() can be called to attempt to
+**   seek the cursor to the saved position.
+**
+** CURSOR_FAULT:
+**   An unrecoverable error (an I/O error or a malloc failure) has occurred
+**   on a different connection that shares the BtShared cache with this
+**   cursor.  The error has left the cache in an inconsistent state.
+**   Do nothing else with this cursor.  Any attempt to use the cursor
+**   should return the error code stored in BtCursor.skipNext
+*/
+#define CURSOR_INVALID           0
+#define CURSOR_VALID             1
+#define CURSOR_SKIPNEXT          2
+#define CURSOR_REQUIRESEEK       3
+#define CURSOR_FAULT             4
+
+/* 
+** The database page the PENDING_BYTE occupies. This page is never used.
+*/
+# define PENDING_BYTE_PAGE(pBt) PAGER_MJ_PGNO(pBt)
+
+/*
+** These macros define the location of the pointer-map entry for a 
+** database page. The first argument to each is the number of usable
+** bytes on each page of the database (often 1024). The second is the
+** page number to look up in the pointer map.
+**
+** PTRMAP_PAGENO returns the database page number of the pointer-map
+** page that stores the required pointer. PTRMAP_PTROFFSET returns
+** the offset of the requested map entry.
+**
+** If the pgno argument passed to PTRMAP_PAGENO is a pointer-map page,
+** then pgno is returned. So (pgno==PTRMAP_PAGENO(pgsz, pgno)) can be
+** used to test if pgno is a pointer-map page. PTRMAP_ISPAGE implements
+** this test.
+*/
+#define PTRMAP_PAGENO(pBt, pgno) ptrmapPageno(pBt, pgno)
+#define PTRMAP_PTROFFSET(pgptrmap, pgno) (5*(pgno-pgptrmap-1))
+#define PTRMAP_ISPAGE(pBt, pgno) (PTRMAP_PAGENO((pBt),(pgno))==(pgno))
+
+/*
+** The pointer map is a lookup table that identifies the parent page for
+** each child page in the database file.  The parent page is the page that
+** contains a pointer to the child.  Every page in the database contains
+** 0 or 1 parent pages.  (In this context 'database page' refers
+** to any page that is not part of the pointer map itself.)  Each pointer map
+** entry consists of a single byte 'type' and a 4 byte parent page number.
+** The PTRMAP_XXX identifiers below are the valid types.
+**
+** The purpose of the pointer map is to facility moving pages from one
+** position in the file to another as part of autovacuum.  When a page
+** is moved, the pointer in its parent must be updated to point to the
+** new location.  The pointer map is used to locate the parent page quickly.
+**
+** PTRMAP_ROOTPAGE: The database page is a root-page. The page-number is not
+**                  used in this case.
+**
+** PTRMAP_FREEPAGE: The database page is an unused (free) page. The page-number 
+**                  is not used in this case.
+**
+** PTRMAP_OVERFLOW1: The database page is the first page in a list of 
+**                   overflow pages. The page number identifies the page that
+**                   contains the cell with a pointer to this overflow page.
+**
+** PTRMAP_OVERFLOW2: The database page is the second or later page in a list of
+**                   overflow pages. The page-number identifies the previous
+**                   page in the overflow page list.
+**
+** PTRMAP_BTREE: The database page is a non-root btree page. The page number
+**               identifies the parent page in the btree.
+*/
+#define PTRMAP_ROOTPAGE 1
+#define PTRMAP_FREEPAGE 2
+#define PTRMAP_OVERFLOW1 3
+#define PTRMAP_OVERFLOW2 4
+#define PTRMAP_BTREE 5
+
+/* A bunch of assert() statements to check the transaction state variables
+** of handle p (type Btree*) are internally consistent.
+*/
+#define btreeIntegrity(p) \
+  assert( p->pBt->inTransaction!=TRANS_NONE || p->pBt->nTransaction==0 ); \
+  assert( p->pBt->inTransaction>=p->inTrans ); 
+
+
+/*
+** The ISAUTOVACUUM macro is used within balance_nonroot() to determine
+** if the database supports auto-vacuum or not. Because it is used
+** within an expression that is an argument to another macro 
+** (sqliteMallocRaw), it is not possible to use conditional compilation.
+** So, this macro is defined instead.
+*/
+#ifndef SQLITE_OMIT_AUTOVACUUM
+#define ISAUTOVACUUM (pBt->autoVacuum)
+#else
+#define ISAUTOVACUUM 0
+#endif
+
+
+/*
+** This structure is passed around through all the sanity checking routines
+** in order to keep track of some global state information.
+**
+** The aRef[] array is allocated so that there is 1 bit for each page in
+** the database. As the integrity-check proceeds, for each page used in
+** the database the corresponding bit is set. This allows integrity-check to 
+** detect pages that are used twice and orphaned pages (both of which 
+** indicate corruption).
+*/
+typedef struct IntegrityCk IntegrityCk;
+struct IntegrityCk {
+  BtShared *pBt;    /* The tree being checked out */
+  Pager *pPager;    /* The associated pager.  Also accessible by pBt->pPager */
+  u8 *aPgRef;       /* 1 bit per page in the db (see above) */
+  Pgno nPage;       /* Number of pages in the database */
+  int mxErr;        /* Stop accumulating errors when this reaches zero */
+  int nErr;         /* Number of messages written to zErrMsg so far */
+  int mallocFailed; /* A memory allocation error has occurred */
+  const char *zPfx; /* Error message prefix */
+  int v1, v2;       /* Values for up to two %d fields in zPfx */
+  StrAccum errMsg;  /* Accumulate the error message text here */
+  u32 *heap;        /* Min-heap used for analyzing cell coverage */
+};
+
+/*
+** Routines to read or write a two- and four-byte big-endian integer values.
+*/
+#define get2byte(x)   ((x)[0]<<8 | (x)[1])
+#define put2byte(p,v) ((p)[0] = (u8)((v)>>8), (p)[1] = (u8)(v))
+#define get4byte sqlite3Get4byte
+#define put4byte sqlite3Put4byte
+
+/*
+** get2byteAligned(), unlike get2byte(), requires that its argument point to a
+** two-byte aligned address.  get2bytea() is only used for accessing the
+** cell addresses in a btree header.
+*/
+#if SQLITE_BYTEORDER==4321
+# define get2byteAligned(x)  (*(u16*)(x))
+#elif SQLITE_BYTEORDER==1234 && !defined(SQLITE_DISABLE_INTRINSIC) \
+    && GCC_VERSION>=4008000
+# define get2byteAligned(x)  __builtin_bswap16(*(u16*)(x))
+#elif SQLITE_BYTEORDER==1234 && !defined(SQLITE_DISABLE_INTRINSIC) \
+    && defined(_MSC_VER) && _MSC_VER>=1300
+# define get2byteAligned(x)  _byteswap_ushort(*(u16*)(x))
+#else
+# define get2byteAligned(x)  ((x)[0]<<8 | (x)[1])
+#endif
+
+/************** End of btreeInt.h ********************************************/
+/************** Continuing where we left off in btmutex.c ********************/
+#ifndef SQLITE_OMIT_SHARED_CACHE
+#if SQLITE_THREADSAFE
+
+/*
+** Obtain the BtShared mutex associated with B-Tree handle p. Also,
+** set BtShared.db to the database handle associated with p and the
+** p->locked boolean to true.
+*/
+static void lockBtreeMutex(Btree *p){
+  assert( p->locked==0 );
+  assert( sqlite3_mutex_notheld(p->pBt->mutex) );
+  assert( sqlite3_mutex_held(p->db->mutex) );
+
+  sqlite3_mutex_enter(p->pBt->mutex);
+  p->pBt->db = p->db;
+  p->locked = 1;
+}
+
+/*
+** Release the BtShared mutex associated with B-Tree handle p and
+** clear the p->locked boolean.
+*/
+static void SQLITE_NOINLINE unlockBtreeMutex(Btree *p){
+  BtShared *pBt = p->pBt;
+  assert( p->locked==1 );
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  assert( p->db==pBt->db );
+
+  sqlite3_mutex_leave(pBt->mutex);
+  p->locked = 0;
+}
+
+/* Forward reference */
+static void SQLITE_NOINLINE btreeLockCarefully(Btree *p);
+
+/*
+** Enter a mutex on the given BTree object.
+**
+** If the object is not sharable, then no mutex is ever required
+** and this routine is a no-op.  The underlying mutex is non-recursive.
+** But we keep a reference count in Btree.wantToLock so the behavior
+** of this interface is recursive.
+**
+** To avoid deadlocks, multiple Btrees are locked in the same order
+** by all database connections.  The p->pNext is a list of other
+** Btrees belonging to the same database connection as the p Btree
+** which need to be locked after p.  If we cannot get a lock on
+** p, then first unlock all of the others on p->pNext, then wait
+** for the lock to become available on p, then relock all of the
+** subsequent Btrees that desire a lock.
+*/
+SQLITE_PRIVATE void sqlite3BtreeEnter(Btree *p){
+  /* Some basic sanity checking on the Btree.  The list of Btrees
+  ** connected by pNext and pPrev should be in sorted order by
+  ** Btree.pBt value. All elements of the list should belong to
+  ** the same connection. Only shared Btrees are on the list. */
+  assert( p->pNext==0 || p->pNext->pBt>p->pBt );
+  assert( p->pPrev==0 || p->pPrev->pBt<p->pBt );
+  assert( p->pNext==0 || p->pNext->db==p->db );
+  assert( p->pPrev==0 || p->pPrev->db==p->db );
+  assert( p->sharable || (p->pNext==0 && p->pPrev==0) );
+
+  /* Check for locking consistency */
+  assert( !p->locked || p->wantToLock>0 );
+  assert( p->sharable || p->wantToLock==0 );
+
+  /* We should already hold a lock on the database connection */
+  assert( sqlite3_mutex_held(p->db->mutex) );
+
+  /* Unless the database is sharable and unlocked, then BtShared.db
+  ** should already be set correctly. */
+  assert( (p->locked==0 && p->sharable) || p->pBt->db==p->db );
+
+  if( !p->sharable ) return;
+  p->wantToLock++;
+  if( p->locked ) return;
+  btreeLockCarefully(p);
+}
+
+/* This is a helper function for sqlite3BtreeLock(). By moving
+** complex, but seldom used logic, out of sqlite3BtreeLock() and
+** into this routine, we avoid unnecessary stack pointer changes
+** and thus help the sqlite3BtreeLock() routine to run much faster
+** in the common case.
+*/
+static void SQLITE_NOINLINE btreeLockCarefully(Btree *p){
+  Btree *pLater;
+
+  /* In most cases, we should be able to acquire the lock we
+  ** want without having to go through the ascending lock
+  ** procedure that follows.  Just be sure not to block.
+  */
+  if( sqlite3_mutex_try(p->pBt->mutex)==SQLITE_OK ){
+    p->pBt->db = p->db;
+    p->locked = 1;
+    return;
+  }
+
+  /* To avoid deadlock, first release all locks with a larger
+  ** BtShared address.  Then acquire our lock.  Then reacquire
+  ** the other BtShared locks that we used to hold in ascending
+  ** order.
+  */
+  for(pLater=p->pNext; pLater; pLater=pLater->pNext){
+    assert( pLater->sharable );
+    assert( pLater->pNext==0 || pLater->pNext->pBt>pLater->pBt );
+    assert( !pLater->locked || pLater->wantToLock>0 );
+    if( pLater->locked ){
+      unlockBtreeMutex(pLater);
+    }
+  }
+  lockBtreeMutex(p);
+  for(pLater=p->pNext; pLater; pLater=pLater->pNext){
+    if( pLater->wantToLock ){
+      lockBtreeMutex(pLater);
+    }
+  }
+}
+
+
+/*
+** Exit the recursive mutex on a Btree.
+*/
+SQLITE_PRIVATE void sqlite3BtreeLeave(Btree *p){
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  if( p->sharable ){
+    assert( p->wantToLock>0 );
+    p->wantToLock--;
+    if( p->wantToLock==0 ){
+      unlockBtreeMutex(p);
+    }
+  }
+}
+
+#ifndef NDEBUG
+/*
+** Return true if the BtShared mutex is held on the btree, or if the
+** B-Tree is not marked as sharable.
+**
+** This routine is used only from within assert() statements.
+*/
+SQLITE_PRIVATE int sqlite3BtreeHoldsMutex(Btree *p){
+  assert( p->sharable==0 || p->locked==0 || p->wantToLock>0 );
+  assert( p->sharable==0 || p->locked==0 || p->db==p->pBt->db );
+  assert( p->sharable==0 || p->locked==0 || sqlite3_mutex_held(p->pBt->mutex) );
+  assert( p->sharable==0 || p->locked==0 || sqlite3_mutex_held(p->db->mutex) );
+
+  return (p->sharable==0 || p->locked);
+}
+#endif
+
+
+#ifndef SQLITE_OMIT_INCRBLOB
+/*
+** Enter and leave a mutex on a Btree given a cursor owned by that
+** Btree.  These entry points are used by incremental I/O and can be
+** omitted if that module is not used.
+*/
+SQLITE_PRIVATE void sqlite3BtreeEnterCursor(BtCursor *pCur){
+  sqlite3BtreeEnter(pCur->pBtree);
+}
+SQLITE_PRIVATE void sqlite3BtreeLeaveCursor(BtCursor *pCur){
+  sqlite3BtreeLeave(pCur->pBtree);
+}
+#endif /* SQLITE_OMIT_INCRBLOB */
+
+
+/*
+** Enter the mutex on every Btree associated with a database
+** connection.  This is needed (for example) prior to parsing
+** a statement since we will be comparing table and column names
+** against all schemas and we do not want those schemas being
+** reset out from under us.
+**
+** There is a corresponding leave-all procedures.
+**
+** Enter the mutexes in accending order by BtShared pointer address
+** to avoid the possibility of deadlock when two threads with
+** two or more btrees in common both try to lock all their btrees
+** at the same instant.
+*/
+SQLITE_PRIVATE void sqlite3BtreeEnterAll(sqlite3 *db){
+  int i;
+  Btree *p;
+  assert( sqlite3_mutex_held(db->mutex) );
+  for(i=0; i<db->nDb; i++){
+    p = db->aDb[i].pBt;
+    if( p ) sqlite3BtreeEnter(p);
+  }
+}
+SQLITE_PRIVATE void sqlite3BtreeLeaveAll(sqlite3 *db){
+  int i;
+  Btree *p;
+  assert( sqlite3_mutex_held(db->mutex) );
+  for(i=0; i<db->nDb; i++){
+    p = db->aDb[i].pBt;
+    if( p ) sqlite3BtreeLeave(p);
+  }
+}
+
+/*
+** Return true if a particular Btree requires a lock.  Return FALSE if
+** no lock is ever required since it is not sharable.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSharable(Btree *p){
+  return p->sharable;
+}
+
+#ifndef NDEBUG
+/*
+** Return true if the current thread holds the database connection
+** mutex and all required BtShared mutexes.
+**
+** This routine is used inside assert() statements only.
+*/
+SQLITE_PRIVATE int sqlite3BtreeHoldsAllMutexes(sqlite3 *db){
+  int i;
+  if( !sqlite3_mutex_held(db->mutex) ){
+    return 0;
+  }
+  for(i=0; i<db->nDb; i++){
+    Btree *p;
+    p = db->aDb[i].pBt;
+    if( p && p->sharable &&
+         (p->wantToLock==0 || !sqlite3_mutex_held(p->pBt->mutex)) ){
+      return 0;
+    }
+  }
+  return 1;
+}
+#endif /* NDEBUG */
+
+#ifndef NDEBUG
+/*
+** Return true if the correct mutexes are held for accessing the
+** db->aDb[iDb].pSchema structure.  The mutexes required for schema
+** access are:
+**
+**   (1) The mutex on db
+**   (2) if iDb!=1, then the mutex on db->aDb[iDb].pBt.
+**
+** If pSchema is not NULL, then iDb is computed from pSchema and
+** db using sqlite3SchemaToIndex().
+*/
+SQLITE_PRIVATE int sqlite3SchemaMutexHeld(sqlite3 *db, int iDb, Schema *pSchema){
+  Btree *p;
+  assert( db!=0 );
+  if( pSchema ) iDb = sqlite3SchemaToIndex(db, pSchema);
+  assert( iDb>=0 && iDb<db->nDb );
+  if( !sqlite3_mutex_held(db->mutex) ) return 0;
+  if( iDb==1 ) return 1;
+  p = db->aDb[iDb].pBt;
+  assert( p!=0 );
+  return p->sharable==0 || p->locked==1;
+}
+#endif /* NDEBUG */
+
+#else /* SQLITE_THREADSAFE>0 above.  SQLITE_THREADSAFE==0 below */
+/*
+** The following are special cases for mutex enter routines for use
+** in single threaded applications that use shared cache.  Except for
+** these two routines, all mutex operations are no-ops in that case and
+** are null #defines in btree.h.
+**
+** If shared cache is disabled, then all btree mutex routines, including
+** the ones below, are no-ops and are null #defines in btree.h.
+*/
+
+SQLITE_PRIVATE void sqlite3BtreeEnter(Btree *p){
+  p->pBt->db = p->db;
+}
+SQLITE_PRIVATE void sqlite3BtreeEnterAll(sqlite3 *db){
+  int i;
+  for(i=0; i<db->nDb; i++){
+    Btree *p = db->aDb[i].pBt;
+    if( p ){
+      p->pBt->db = p->db;
+    }
+  }
+}
+#endif /* if SQLITE_THREADSAFE */
+#endif /* ifndef SQLITE_OMIT_SHARED_CACHE */
+
+/************** End of btmutex.c *********************************************/
+/************** Begin file btree.c *******************************************/
+/*
+** 2004 April 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file implements an external (disk-based) database using BTrees.
+** See the header comment on "btreeInt.h" for additional information.
+** Including a description of file format and an overview of operation.
+*/
+/* #include "btreeInt.h" */
+
+/*
+** The header string that appears at the beginning of every
+** SQLite database.
+*/
+static const char zMagicHeader[] = SQLITE_FILE_HEADER;
+
+/*
+** Set this global variable to 1 to enable tracing using the TRACE
+** macro.
+*/
+#if 0
+int sqlite3BtreeTrace=1;  /* True to enable tracing */
+# define TRACE(X)  if(sqlite3BtreeTrace){printf X;fflush(stdout);}
+#else
+# define TRACE(X)
+#endif
+
+/*
+** Extract a 2-byte big-endian integer from an array of unsigned bytes.
+** But if the value is zero, make it 65536.
+**
+** This routine is used to extract the "offset to cell content area" value
+** from the header of a btree page.  If the page size is 65536 and the page
+** is empty, the offset should be 65536, but the 2-byte value stores zero.
+** This routine makes the necessary adjustment to 65536.
+*/
+#define get2byteNotZero(X)  (((((int)get2byte(X))-1)&0xffff)+1)
+
+/*
+** Values passed as the 5th argument to allocateBtreePage()
+*/
+#define BTALLOC_ANY   0           /* Allocate any page */
+#define BTALLOC_EXACT 1           /* Allocate exact page if possible */
+#define BTALLOC_LE    2           /* Allocate any page <= the parameter */
+
+/*
+** Macro IfNotOmitAV(x) returns (x) if SQLITE_OMIT_AUTOVACUUM is not 
+** defined, or 0 if it is. For example:
+**
+**   bIncrVacuum = IfNotOmitAV(pBtShared->incrVacuum);
+*/
+#ifndef SQLITE_OMIT_AUTOVACUUM
+#define IfNotOmitAV(expr) (expr)
+#else
+#define IfNotOmitAV(expr) 0
+#endif
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+/*
+** A list of BtShared objects that are eligible for participation
+** in shared cache.  This variable has file scope during normal builds,
+** but the test harness needs to access it so we make it global for 
+** test builds.
+**
+** Access to this variable is protected by SQLITE_MUTEX_STATIC_MASTER.
+*/
+#ifdef SQLITE_TEST
+SQLITE_PRIVATE BtShared *SQLITE_WSD sqlite3SharedCacheList = 0;
+#else
+static BtShared *SQLITE_WSD sqlite3SharedCacheList = 0;
+#endif
+#endif /* SQLITE_OMIT_SHARED_CACHE */
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+/*
+** Enable or disable the shared pager and schema features.
+**
+** This routine has no effect on existing database connections.
+** The shared cache setting effects only future calls to
+** sqlite3_open(), sqlite3_open16(), or sqlite3_open_v2().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_enable_shared_cache(int enable){
+  sqlite3GlobalConfig.sharedCacheEnabled = enable;
+  return SQLITE_OK;
+}
+#endif
+
+
+
+#ifdef SQLITE_OMIT_SHARED_CACHE
+  /*
+  ** The functions querySharedCacheTableLock(), setSharedCacheTableLock(),
+  ** and clearAllSharedCacheTableLocks()
+  ** manipulate entries in the BtShared.pLock linked list used to store
+  ** shared-cache table level locks. If the library is compiled with the
+  ** shared-cache feature disabled, then there is only ever one user
+  ** of each BtShared structure and so this locking is not necessary. 
+  ** So define the lock related functions as no-ops.
+  */
+  #define querySharedCacheTableLock(a,b,c) SQLITE_OK
+  #define setSharedCacheTableLock(a,b,c) SQLITE_OK
+  #define clearAllSharedCacheTableLocks(a)
+  #define downgradeAllSharedCacheTableLocks(a)
+  #define hasSharedCacheTableLock(a,b,c,d) 1
+  #define hasReadConflicts(a, b) 0
+#endif
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+
+#ifdef SQLITE_DEBUG
+/*
+**** This function is only used as part of an assert() statement. ***
+**
+** Check to see if pBtree holds the required locks to read or write to the 
+** table with root page iRoot.   Return 1 if it does and 0 if not.
+**
+** For example, when writing to a table with root-page iRoot via 
+** Btree connection pBtree:
+**
+**    assert( hasSharedCacheTableLock(pBtree, iRoot, 0, WRITE_LOCK) );
+**
+** When writing to an index that resides in a sharable database, the 
+** caller should have first obtained a lock specifying the root page of
+** the corresponding table. This makes things a bit more complicated,
+** as this module treats each table as a separate structure. To determine
+** the table corresponding to the index being written, this
+** function has to search through the database schema.
+**
+** Instead of a lock on the table/index rooted at page iRoot, the caller may
+** hold a write-lock on the schema table (root page 1). This is also
+** acceptable.
+*/
+static int hasSharedCacheTableLock(
+  Btree *pBtree,         /* Handle that must hold lock */
+  Pgno iRoot,            /* Root page of b-tree */
+  int isIndex,           /* True if iRoot is the root of an index b-tree */
+  int eLockType          /* Required lock type (READ_LOCK or WRITE_LOCK) */
+){
+  Schema *pSchema = (Schema *)pBtree->pBt->pSchema;
+  Pgno iTab = 0;
+  BtLock *pLock;
+
+  /* If this database is not shareable, or if the client is reading
+  ** and has the read-uncommitted flag set, then no lock is required. 
+  ** Return true immediately.
+  */
+  if( (pBtree->sharable==0)
+   || (eLockType==READ_LOCK && (pBtree->db->flags & SQLITE_ReadUncommitted))
+  ){
+    return 1;
+  }
+
+  /* If the client is reading  or writing an index and the schema is
+  ** not loaded, then it is too difficult to actually check to see if
+  ** the correct locks are held.  So do not bother - just return true.
+  ** This case does not come up very often anyhow.
+  */
+  if( isIndex && (!pSchema || (pSchema->schemaFlags&DB_SchemaLoaded)==0) ){
+    return 1;
+  }
+
+  /* Figure out the root-page that the lock should be held on. For table
+  ** b-trees, this is just the root page of the b-tree being read or
+  ** written. For index b-trees, it is the root page of the associated
+  ** table.  */
+  if( isIndex ){
+    HashElem *p;
+    for(p=sqliteHashFirst(&pSchema->idxHash); p; p=sqliteHashNext(p)){
+      Index *pIdx = (Index *)sqliteHashData(p);
+      if( pIdx->tnum==(int)iRoot ){
+        if( iTab ){
+          /* Two or more indexes share the same root page.  There must
+          ** be imposter tables.  So just return true.  The assert is not
+          ** useful in that case. */
+          return 1;
+        }
+        iTab = pIdx->pTable->tnum;
+      }
+    }
+  }else{
+    iTab = iRoot;
+  }
+
+  /* Search for the required lock. Either a write-lock on root-page iTab, a 
+  ** write-lock on the schema table, or (if the client is reading) a
+  ** read-lock on iTab will suffice. Return 1 if any of these are found.  */
+  for(pLock=pBtree->pBt->pLock; pLock; pLock=pLock->pNext){
+    if( pLock->pBtree==pBtree 
+     && (pLock->iTable==iTab || (pLock->eLock==WRITE_LOCK && pLock->iTable==1))
+     && pLock->eLock>=eLockType 
+    ){
+      return 1;
+    }
+  }
+
+  /* Failed to find the required lock. */
+  return 0;
+}
+#endif /* SQLITE_DEBUG */
+
+#ifdef SQLITE_DEBUG
+/*
+**** This function may be used as part of assert() statements only. ****
+**
+** Return true if it would be illegal for pBtree to write into the
+** table or index rooted at iRoot because other shared connections are
+** simultaneously reading that same table or index.
+**
+** It is illegal for pBtree to write if some other Btree object that
+** shares the same BtShared object is currently reading or writing
+** the iRoot table.  Except, if the other Btree object has the
+** read-uncommitted flag set, then it is OK for the other object to
+** have a read cursor.
+**
+** For example, before writing to any part of the table or index
+** rooted at page iRoot, one should call:
+**
+**    assert( !hasReadConflicts(pBtree, iRoot) );
+*/
+static int hasReadConflicts(Btree *pBtree, Pgno iRoot){
+  BtCursor *p;
+  for(p=pBtree->pBt->pCursor; p; p=p->pNext){
+    if( p->pgnoRoot==iRoot 
+     && p->pBtree!=pBtree
+     && 0==(p->pBtree->db->flags & SQLITE_ReadUncommitted)
+    ){
+      return 1;
+    }
+  }
+  return 0;
+}
+#endif    /* #ifdef SQLITE_DEBUG */
+
+/*
+** Query to see if Btree handle p may obtain a lock of type eLock 
+** (READ_LOCK or WRITE_LOCK) on the table with root-page iTab. Return
+** SQLITE_OK if the lock may be obtained (by calling
+** setSharedCacheTableLock()), or SQLITE_LOCKED if not.
+*/
+static int querySharedCacheTableLock(Btree *p, Pgno iTab, u8 eLock){
+  BtShared *pBt = p->pBt;
+  BtLock *pIter;
+
+  assert( sqlite3BtreeHoldsMutex(p) );
+  assert( eLock==READ_LOCK || eLock==WRITE_LOCK );
+  assert( p->db!=0 );
+  assert( !(p->db->flags&SQLITE_ReadUncommitted)||eLock==WRITE_LOCK||iTab==1 );
+  
+  /* If requesting a write-lock, then the Btree must have an open write
+  ** transaction on this file. And, obviously, for this to be so there 
+  ** must be an open write transaction on the file itself.
+  */
+  assert( eLock==READ_LOCK || (p==pBt->pWriter && p->inTrans==TRANS_WRITE) );
+  assert( eLock==READ_LOCK || pBt->inTransaction==TRANS_WRITE );
+  
+  /* This routine is a no-op if the shared-cache is not enabled */
+  if( !p->sharable ){
+    return SQLITE_OK;
+  }
+
+  /* If some other connection is holding an exclusive lock, the
+  ** requested lock may not be obtained.
+  */
+  if( pBt->pWriter!=p && (pBt->btsFlags & BTS_EXCLUSIVE)!=0 ){
+    sqlite3ConnectionBlocked(p->db, pBt->pWriter->db);
+    return SQLITE_LOCKED_SHAREDCACHE;
+  }
+
+  for(pIter=pBt->pLock; pIter; pIter=pIter->pNext){
+    /* The condition (pIter->eLock!=eLock) in the following if(...) 
+    ** statement is a simplification of:
+    **
+    **   (eLock==WRITE_LOCK || pIter->eLock==WRITE_LOCK)
+    **
+    ** since we know that if eLock==WRITE_LOCK, then no other connection
+    ** may hold a WRITE_LOCK on any table in this file (since there can
+    ** only be a single writer).
+    */
+    assert( pIter->eLock==READ_LOCK || pIter->eLock==WRITE_LOCK );
+    assert( eLock==READ_LOCK || pIter->pBtree==p || pIter->eLock==READ_LOCK);
+    if( pIter->pBtree!=p && pIter->iTable==iTab && pIter->eLock!=eLock ){
+      sqlite3ConnectionBlocked(p->db, pIter->pBtree->db);
+      if( eLock==WRITE_LOCK ){
+        assert( p==pBt->pWriter );
+        pBt->btsFlags |= BTS_PENDING;
+      }
+      return SQLITE_LOCKED_SHAREDCACHE;
+    }
+  }
+  return SQLITE_OK;
+}
+#endif /* !SQLITE_OMIT_SHARED_CACHE */
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+/*
+** Add a lock on the table with root-page iTable to the shared-btree used
+** by Btree handle p. Parameter eLock must be either READ_LOCK or 
+** WRITE_LOCK.
+**
+** This function assumes the following:
+**
+**   (a) The specified Btree object p is connected to a sharable
+**       database (one with the BtShared.sharable flag set), and
+**
+**   (b) No other Btree objects hold a lock that conflicts
+**       with the requested lock (i.e. querySharedCacheTableLock() has
+**       already been called and returned SQLITE_OK).
+**
+** SQLITE_OK is returned if the lock is added successfully. SQLITE_NOMEM 
+** is returned if a malloc attempt fails.
+*/
+static int setSharedCacheTableLock(Btree *p, Pgno iTable, u8 eLock){
+  BtShared *pBt = p->pBt;
+  BtLock *pLock = 0;
+  BtLock *pIter;
+
+  assert( sqlite3BtreeHoldsMutex(p) );
+  assert( eLock==READ_LOCK || eLock==WRITE_LOCK );
+  assert( p->db!=0 );
+
+  /* A connection with the read-uncommitted flag set will never try to
+  ** obtain a read-lock using this function. The only read-lock obtained
+  ** by a connection in read-uncommitted mode is on the sqlite_master 
+  ** table, and that lock is obtained in BtreeBeginTrans().  */
+  assert( 0==(p->db->flags&SQLITE_ReadUncommitted) || eLock==WRITE_LOCK );
+
+  /* This function should only be called on a sharable b-tree after it 
+  ** has been determined that no other b-tree holds a conflicting lock.  */
+  assert( p->sharable );
+  assert( SQLITE_OK==querySharedCacheTableLock(p, iTable, eLock) );
+
+  /* First search the list for an existing lock on this table. */
+  for(pIter=pBt->pLock; pIter; pIter=pIter->pNext){
+    if( pIter->iTable==iTable && pIter->pBtree==p ){
+      pLock = pIter;
+      break;
+    }
+  }
+
+  /* If the above search did not find a BtLock struct associating Btree p
+  ** with table iTable, allocate one and link it into the list.
+  */
+  if( !pLock ){
+    pLock = (BtLock *)sqlite3MallocZero(sizeof(BtLock));
+    if( !pLock ){
+      return SQLITE_NOMEM;
+    }
+    pLock->iTable = iTable;
+    pLock->pBtree = p;
+    pLock->pNext = pBt->pLock;
+    pBt->pLock = pLock;
+  }
+
+  /* Set the BtLock.eLock variable to the maximum of the current lock
+  ** and the requested lock. This means if a write-lock was already held
+  ** and a read-lock requested, we don't incorrectly downgrade the lock.
+  */
+  assert( WRITE_LOCK>READ_LOCK );
+  if( eLock>pLock->eLock ){
+    pLock->eLock = eLock;
+  }
+
+  return SQLITE_OK;
+}
+#endif /* !SQLITE_OMIT_SHARED_CACHE */
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+/*
+** Release all the table locks (locks obtained via calls to
+** the setSharedCacheTableLock() procedure) held by Btree object p.
+**
+** This function assumes that Btree p has an open read or write 
+** transaction. If it does not, then the BTS_PENDING flag
+** may be incorrectly cleared.
+*/
+static void clearAllSharedCacheTableLocks(Btree *p){
+  BtShared *pBt = p->pBt;
+  BtLock **ppIter = &pBt->pLock;
+
+  assert( sqlite3BtreeHoldsMutex(p) );
+  assert( p->sharable || 0==*ppIter );
+  assert( p->inTrans>0 );
+
+  while( *ppIter ){
+    BtLock *pLock = *ppIter;
+    assert( (pBt->btsFlags & BTS_EXCLUSIVE)==0 || pBt->pWriter==pLock->pBtree );
+    assert( pLock->pBtree->inTrans>=pLock->eLock );
+    if( pLock->pBtree==p ){
+      *ppIter = pLock->pNext;
+      assert( pLock->iTable!=1 || pLock==&p->lock );
+      if( pLock->iTable!=1 ){
+        sqlite3_free(pLock);
+      }
+    }else{
+      ppIter = &pLock->pNext;
+    }
+  }
+
+  assert( (pBt->btsFlags & BTS_PENDING)==0 || pBt->pWriter );
+  if( pBt->pWriter==p ){
+    pBt->pWriter = 0;
+    pBt->btsFlags &= ~(BTS_EXCLUSIVE|BTS_PENDING);
+  }else if( pBt->nTransaction==2 ){
+    /* This function is called when Btree p is concluding its 
+    ** transaction. If there currently exists a writer, and p is not
+    ** that writer, then the number of locks held by connections other
+    ** than the writer must be about to drop to zero. In this case
+    ** set the BTS_PENDING flag to 0.
+    **
+    ** If there is not currently a writer, then BTS_PENDING must
+    ** be zero already. So this next line is harmless in that case.
+    */
+    pBt->btsFlags &= ~BTS_PENDING;
+  }
+}
+
+/*
+** This function changes all write-locks held by Btree p into read-locks.
+*/
+static void downgradeAllSharedCacheTableLocks(Btree *p){
+  BtShared *pBt = p->pBt;
+  if( pBt->pWriter==p ){
+    BtLock *pLock;
+    pBt->pWriter = 0;
+    pBt->btsFlags &= ~(BTS_EXCLUSIVE|BTS_PENDING);
+    for(pLock=pBt->pLock; pLock; pLock=pLock->pNext){
+      assert( pLock->eLock==READ_LOCK || pLock->pBtree==p );
+      pLock->eLock = READ_LOCK;
+    }
+  }
+}
+
+#endif /* SQLITE_OMIT_SHARED_CACHE */
+
+static void releasePage(MemPage *pPage);  /* Forward reference */
+
+/*
+***** This routine is used inside of assert() only ****
+**
+** Verify that the cursor holds the mutex on its BtShared
+*/
+#ifdef SQLITE_DEBUG
+static int cursorHoldsMutex(BtCursor *p){
+  return sqlite3_mutex_held(p->pBt->mutex);
+}
+#endif
+
+/*
+** Invalidate the overflow cache of the cursor passed as the first argument.
+** on the shared btree structure pBt.
+*/
+#define invalidateOverflowCache(pCur) (pCur->curFlags &= ~BTCF_ValidOvfl)
+
+/*
+** Invalidate the overflow page-list cache for all cursors opened
+** on the shared btree structure pBt.
+*/
+static void invalidateAllOverflowCache(BtShared *pBt){
+  BtCursor *p;
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  for(p=pBt->pCursor; p; p=p->pNext){
+    invalidateOverflowCache(p);
+  }
+}
+
+#ifndef SQLITE_OMIT_INCRBLOB
+/*
+** This function is called before modifying the contents of a table
+** to invalidate any incrblob cursors that are open on the
+** row or one of the rows being modified.
+**
+** If argument isClearTable is true, then the entire contents of the
+** table is about to be deleted. In this case invalidate all incrblob
+** cursors open on any row within the table with root-page pgnoRoot.
+**
+** Otherwise, if argument isClearTable is false, then the row with
+** rowid iRow is being replaced or deleted. In this case invalidate
+** only those incrblob cursors open on that specific row.
+*/
+static void invalidateIncrblobCursors(
+  Btree *pBtree,          /* The database file to check */
+  i64 iRow,               /* The rowid that might be changing */
+  int isClearTable        /* True if all rows are being deleted */
+){
+  BtCursor *p;
+  if( pBtree->hasIncrblobCur==0 ) return;
+  assert( sqlite3BtreeHoldsMutex(pBtree) );
+  pBtree->hasIncrblobCur = 0;
+  for(p=pBtree->pBt->pCursor; p; p=p->pNext){
+    if( (p->curFlags & BTCF_Incrblob)!=0 ){
+      pBtree->hasIncrblobCur = 1;
+      if( isClearTable || p->info.nKey==iRow ){
+        p->eState = CURSOR_INVALID;
+      }
+    }
+  }
+}
+
+#else
+  /* Stub function when INCRBLOB is omitted */
+  #define invalidateIncrblobCursors(x,y,z)
+#endif /* SQLITE_OMIT_INCRBLOB */
+
+/*
+** Set bit pgno of the BtShared.pHasContent bitvec. This is called 
+** when a page that previously contained data becomes a free-list leaf 
+** page.
+**
+** The BtShared.pHasContent bitvec exists to work around an obscure
+** bug caused by the interaction of two useful IO optimizations surrounding
+** free-list leaf pages:
+**
+**   1) When all data is deleted from a page and the page becomes
+**      a free-list leaf page, the page is not written to the database
+**      (as free-list leaf pages contain no meaningful data). Sometimes
+**      such a page is not even journalled (as it will not be modified,
+**      why bother journalling it?).
+**
+**   2) When a free-list leaf page is reused, its content is not read
+**      from the database or written to the journal file (why should it
+**      be, if it is not at all meaningful?).
+**
+** By themselves, these optimizations work fine and provide a handy
+** performance boost to bulk delete or insert operations. However, if
+** a page is moved to the free-list and then reused within the same
+** transaction, a problem comes up. If the page is not journalled when
+** it is moved to the free-list and it is also not journalled when it
+** is extracted from the free-list and reused, then the original data
+** may be lost. In the event of a rollback, it may not be possible
+** to restore the database to its original configuration.
+**
+** The solution is the BtShared.pHasContent bitvec. Whenever a page is 
+** moved to become a free-list leaf page, the corresponding bit is
+** set in the bitvec. Whenever a leaf page is extracted from the free-list,
+** optimization 2 above is omitted if the corresponding bit is already
+** set in BtShared.pHasContent. The contents of the bitvec are cleared
+** at the end of every transaction.
+*/
+static int btreeSetHasContent(BtShared *pBt, Pgno pgno){
+  int rc = SQLITE_OK;
+  if( !pBt->pHasContent ){
+    assert( pgno<=pBt->nPage );
+    pBt->pHasContent = sqlite3BitvecCreate(pBt->nPage);
+    if( !pBt->pHasContent ){
+      rc = SQLITE_NOMEM;
+    }
+  }
+  if( rc==SQLITE_OK && pgno<=sqlite3BitvecSize(pBt->pHasContent) ){
+    rc = sqlite3BitvecSet(pBt->pHasContent, pgno);
+  }
+  return rc;
+}
+
+/*
+** Query the BtShared.pHasContent vector.
+**
+** This function is called when a free-list leaf page is removed from the
+** free-list for reuse. It returns false if it is safe to retrieve the
+** page from the pager layer with the 'no-content' flag set. True otherwise.
+*/
+static int btreeGetHasContent(BtShared *pBt, Pgno pgno){
+  Bitvec *p = pBt->pHasContent;
+  return (p && (pgno>sqlite3BitvecSize(p) || sqlite3BitvecTest(p, pgno)));
+}
+
+/*
+** Clear (destroy) the BtShared.pHasContent bitvec. This should be
+** invoked at the conclusion of each write-transaction.
+*/
+static void btreeClearHasContent(BtShared *pBt){
+  sqlite3BitvecDestroy(pBt->pHasContent);
+  pBt->pHasContent = 0;
+}
+
+/*
+** Release all of the apPage[] pages for a cursor.
+*/
+static void btreeReleaseAllCursorPages(BtCursor *pCur){
+  int i;
+  for(i=0; i<=pCur->iPage; i++){
+    releasePage(pCur->apPage[i]);
+    pCur->apPage[i] = 0;
+  }
+  pCur->iPage = -1;
+}
+
+/*
+** The cursor passed as the only argument must point to a valid entry
+** when this function is called (i.e. have eState==CURSOR_VALID). This
+** function saves the current cursor key in variables pCur->nKey and
+** pCur->pKey. SQLITE_OK is returned if successful or an SQLite error 
+** code otherwise.
+**
+** If the cursor is open on an intkey table, then the integer key
+** (the rowid) is stored in pCur->nKey and pCur->pKey is left set to
+** NULL. If the cursor is open on a non-intkey table, then pCur->pKey is 
+** set to point to a malloced buffer pCur->nKey bytes in size containing 
+** the key.
+*/
+static int saveCursorKey(BtCursor *pCur){
+  int rc;
+  assert( CURSOR_VALID==pCur->eState );
+  assert( 0==pCur->pKey );
+  assert( cursorHoldsMutex(pCur) );
+
+  rc = sqlite3BtreeKeySize(pCur, &pCur->nKey);
+  assert( rc==SQLITE_OK );  /* KeySize() cannot fail */
+
+  /* If this is an intKey table, then the above call to BtreeKeySize()
+  ** stores the integer key in pCur->nKey. In this case this value is
+  ** all that is required. Otherwise, if pCur is not open on an intKey
+  ** table, then malloc space for and store the pCur->nKey bytes of key 
+  ** data.  */
+  if( 0==pCur->curIntKey ){
+    void *pKey = sqlite3Malloc( pCur->nKey );
+    if( pKey ){
+      rc = sqlite3BtreeKey(pCur, 0, (int)pCur->nKey, pKey);
+      if( rc==SQLITE_OK ){
+        pCur->pKey = pKey;
+      }else{
+        sqlite3_free(pKey);
+      }
+    }else{
+      rc = SQLITE_NOMEM;
+    }
+  }
+  assert( !pCur->curIntKey || !pCur->pKey );
+  return rc;
+}
+
+/*
+** Save the current cursor position in the variables BtCursor.nKey 
+** and BtCursor.pKey. The cursor's state is set to CURSOR_REQUIRESEEK.
+**
+** The caller must ensure that the cursor is valid (has eState==CURSOR_VALID)
+** prior to calling this routine.  
+*/
+static int saveCursorPosition(BtCursor *pCur){
+  int rc;
+
+  assert( CURSOR_VALID==pCur->eState || CURSOR_SKIPNEXT==pCur->eState );
+  assert( 0==pCur->pKey );
+  assert( cursorHoldsMutex(pCur) );
+
+  if( pCur->eState==CURSOR_SKIPNEXT ){
+    pCur->eState = CURSOR_VALID;
+  }else{
+    pCur->skipNext = 0;
+  }
+
+  rc = saveCursorKey(pCur);
+  if( rc==SQLITE_OK ){
+    btreeReleaseAllCursorPages(pCur);
+    pCur->eState = CURSOR_REQUIRESEEK;
+  }
+
+  pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl|BTCF_AtLast);
+  return rc;
+}
+
+/* Forward reference */
+static int SQLITE_NOINLINE saveCursorsOnList(BtCursor*,Pgno,BtCursor*);
+
+/*
+** Save the positions of all cursors (except pExcept) that are open on
+** the table with root-page iRoot.  "Saving the cursor position" means that
+** the location in the btree is remembered in such a way that it can be
+** moved back to the same spot after the btree has been modified.  This
+** routine is called just before cursor pExcept is used to modify the
+** table, for example in BtreeDelete() or BtreeInsert().
+**
+** If there are two or more cursors on the same btree, then all such 
+** cursors should have their BTCF_Multiple flag set.  The btreeCursor()
+** routine enforces that rule.  This routine only needs to be called in
+** the uncommon case when pExpect has the BTCF_Multiple flag set.
+**
+** If pExpect!=NULL and if no other cursors are found on the same root-page,
+** then the BTCF_Multiple flag on pExpect is cleared, to avoid another
+** pointless call to this routine.
+**
+** Implementation note:  This routine merely checks to see if any cursors
+** need to be saved.  It calls out to saveCursorsOnList() in the (unusual)
+** event that cursors are in need to being saved.
+*/
+static int saveAllCursors(BtShared *pBt, Pgno iRoot, BtCursor *pExcept){
+  BtCursor *p;
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( pExcept==0 || pExcept->pBt==pBt );
+  for(p=pBt->pCursor; p; p=p->pNext){
+    if( p!=pExcept && (0==iRoot || p->pgnoRoot==iRoot) ) break;
+  }
+  if( p ) return saveCursorsOnList(p, iRoot, pExcept);
+  if( pExcept ) pExcept->curFlags &= ~BTCF_Multiple;
+  return SQLITE_OK;
+}
+
+/* This helper routine to saveAllCursors does the actual work of saving
+** the cursors if and when a cursor is found that actually requires saving.
+** The common case is that no cursors need to be saved, so this routine is
+** broken out from its caller to avoid unnecessary stack pointer movement.
+*/
+static int SQLITE_NOINLINE saveCursorsOnList(
+  BtCursor *p,         /* The first cursor that needs saving */
+  Pgno iRoot,          /* Only save cursor with this iRoot. Save all if zero */
+  BtCursor *pExcept    /* Do not save this cursor */
+){
+  do{
+    if( p!=pExcept && (0==iRoot || p->pgnoRoot==iRoot) ){
+      if( p->eState==CURSOR_VALID || p->eState==CURSOR_SKIPNEXT ){
+        int rc = saveCursorPosition(p);
+        if( SQLITE_OK!=rc ){
+          return rc;
+        }
+      }else{
+        testcase( p->iPage>0 );
+        btreeReleaseAllCursorPages(p);
+      }
+    }
+    p = p->pNext;
+  }while( p );
+  return SQLITE_OK;
+}
+
+/*
+** Clear the current cursor position.
+*/
+SQLITE_PRIVATE void sqlite3BtreeClearCursor(BtCursor *pCur){
+  assert( cursorHoldsMutex(pCur) );
+  sqlite3_free(pCur->pKey);
+  pCur->pKey = 0;
+  pCur->eState = CURSOR_INVALID;
+}
+
+/*
+** In this version of BtreeMoveto, pKey is a packed index record
+** such as is generated by the OP_MakeRecord opcode.  Unpack the
+** record and then call BtreeMovetoUnpacked() to do the work.
+*/
+static int btreeMoveto(
+  BtCursor *pCur,     /* Cursor open on the btree to be searched */
+  const void *pKey,   /* Packed key if the btree is an index */
+  i64 nKey,           /* Integer key for tables.  Size of pKey for indices */
+  int bias,           /* Bias search to the high end */
+  int *pRes           /* Write search results here */
+){
+  int rc;                    /* Status code */
+  UnpackedRecord *pIdxKey;   /* Unpacked index key */
+  char aSpace[200];          /* Temp space for pIdxKey - to avoid a malloc */
+  char *pFree = 0;
+
+  if( pKey ){
+    assert( nKey==(i64)(int)nKey );
+    pIdxKey = sqlite3VdbeAllocUnpackedRecord(
+        pCur->pKeyInfo, aSpace, sizeof(aSpace), &pFree
+    );
+    if( pIdxKey==0 ) return SQLITE_NOMEM;
+    sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
+    if( pIdxKey->nField==0 ){
+      sqlite3DbFree(pCur->pKeyInfo->db, pFree);
+      return SQLITE_CORRUPT_BKPT;
+    }
+  }else{
+    pIdxKey = 0;
+  }
+  rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);
+  if( pFree ){
+    sqlite3DbFree(pCur->pKeyInfo->db, pFree);
+  }
+  return rc;
+}
+
+/*
+** Restore the cursor to the position it was in (or as close to as possible)
+** when saveCursorPosition() was called. Note that this call deletes the 
+** saved position info stored by saveCursorPosition(), so there can be
+** at most one effective restoreCursorPosition() call after each 
+** saveCursorPosition().
+*/
+static int btreeRestoreCursorPosition(BtCursor *pCur){
+  int rc;
+  int skipNext;
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState>=CURSOR_REQUIRESEEK );
+  if( pCur->eState==CURSOR_FAULT ){
+    return pCur->skipNext;
+  }
+  pCur->eState = CURSOR_INVALID;
+  rc = btreeMoveto(pCur, pCur->pKey, pCur->nKey, 0, &skipNext);
+  if( rc==SQLITE_OK ){
+    sqlite3_free(pCur->pKey);
+    pCur->pKey = 0;
+    assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_INVALID );
+    pCur->skipNext |= skipNext;
+    if( pCur->skipNext && pCur->eState==CURSOR_VALID ){
+      pCur->eState = CURSOR_SKIPNEXT;
+    }
+  }
+  return rc;
+}
+
+#define restoreCursorPosition(p) \
+  (p->eState>=CURSOR_REQUIRESEEK ? \
+         btreeRestoreCursorPosition(p) : \
+         SQLITE_OK)
+
+/*
+** Determine whether or not a cursor has moved from the position where
+** it was last placed, or has been invalidated for any other reason.
+** Cursors can move when the row they are pointing at is deleted out
+** from under them, for example.  Cursor might also move if a btree
+** is rebalanced.
+**
+** Calling this routine with a NULL cursor pointer returns false.
+**
+** Use the separate sqlite3BtreeCursorRestore() routine to restore a cursor
+** back to where it ought to be if this routine returns true.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCursorHasMoved(BtCursor *pCur){
+  return pCur->eState!=CURSOR_VALID;
+}
+
+/*
+** This routine restores a cursor back to its original position after it
+** has been moved by some outside activity (such as a btree rebalance or
+** a row having been deleted out from under the cursor).  
+**
+** On success, the *pDifferentRow parameter is false if the cursor is left
+** pointing at exactly the same row.  *pDifferntRow is the row the cursor
+** was pointing to has been deleted, forcing the cursor to point to some
+** nearby row.
+**
+** This routine should only be called for a cursor that just returned
+** TRUE from sqlite3BtreeCursorHasMoved().
+*/
+SQLITE_PRIVATE int sqlite3BtreeCursorRestore(BtCursor *pCur, int *pDifferentRow){
+  int rc;
+
+  assert( pCur!=0 );
+  assert( pCur->eState!=CURSOR_VALID );
+  rc = restoreCursorPosition(pCur);
+  if( rc ){
+    *pDifferentRow = 1;
+    return rc;
+  }
+  if( pCur->eState!=CURSOR_VALID ){
+    *pDifferentRow = 1;
+  }else{
+    assert( pCur->skipNext==0 );
+    *pDifferentRow = 0;
+  }
+  return SQLITE_OK;
+}
+
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+/*
+** Provide hints to the cursor.  The particular hint given (and the type
+** and number of the varargs parameters) is determined by the eHintType
+** parameter.  See the definitions of the BTREE_HINT_* macros for details.
+*/
+SQLITE_PRIVATE void sqlite3BtreeCursorHint(BtCursor *pCur, int eHintType, ...){
+  /* Used only by system that substitute their own storage engine */
+}
+#endif
+
+/*
+** Provide flag hints to the cursor.
+*/
+SQLITE_PRIVATE void sqlite3BtreeCursorHintFlags(BtCursor *pCur, unsigned x){
+  assert( x==BTREE_SEEK_EQ || x==BTREE_BULKLOAD || x==0 );
+  pCur->hints = x;
+}
+
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+/*
+** Given a page number of a regular database page, return the page
+** number for the pointer-map page that contains the entry for the
+** input page number.
+**
+** Return 0 (not a valid page) for pgno==1 since there is
+** no pointer map associated with page 1.  The integrity_check logic
+** requires that ptrmapPageno(*,1)!=1.
+*/
+static Pgno ptrmapPageno(BtShared *pBt, Pgno pgno){
+  int nPagesPerMapPage;
+  Pgno iPtrMap, ret;
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  if( pgno<2 ) return 0;
+  nPagesPerMapPage = (pBt->usableSize/5)+1;
+  iPtrMap = (pgno-2)/nPagesPerMapPage;
+  ret = (iPtrMap*nPagesPerMapPage) + 2; 
+  if( ret==PENDING_BYTE_PAGE(pBt) ){
+    ret++;
+  }
+  return ret;
+}
+
+/*
+** Write an entry into the pointer map.
+**
+** This routine updates the pointer map entry for page number 'key'
+** so that it maps to type 'eType' and parent page number 'pgno'.
+**
+** If *pRC is initially non-zero (non-SQLITE_OK) then this routine is
+** a no-op.  If an error occurs, the appropriate error code is written
+** into *pRC.
+*/
+static void ptrmapPut(BtShared *pBt, Pgno key, u8 eType, Pgno parent, int *pRC){
+  DbPage *pDbPage;  /* The pointer map page */
+  u8 *pPtrmap;      /* The pointer map data */
+  Pgno iPtrmap;     /* The pointer map page number */
+  int offset;       /* Offset in pointer map page */
+  int rc;           /* Return code from subfunctions */
+
+  if( *pRC ) return;
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  /* The master-journal page number must never be used as a pointer map page */
+  assert( 0==PTRMAP_ISPAGE(pBt, PENDING_BYTE_PAGE(pBt)) );
+
+  assert( pBt->autoVacuum );
+  if( key==0 ){
+    *pRC = SQLITE_CORRUPT_BKPT;
+    return;
+  }
+  iPtrmap = PTRMAP_PAGENO(pBt, key);
+  rc = sqlite3PagerGet(pBt->pPager, iPtrmap, &pDbPage, 0);
+  if( rc!=SQLITE_OK ){
+    *pRC = rc;
+    return;
+  }
+  offset = PTRMAP_PTROFFSET(iPtrmap, key);
+  if( offset<0 ){
+    *pRC = SQLITE_CORRUPT_BKPT;
+    goto ptrmap_exit;
+  }
+  assert( offset <= (int)pBt->usableSize-5 );
+  pPtrmap = (u8 *)sqlite3PagerGetData(pDbPage);
+
+  if( eType!=pPtrmap[offset] || get4byte(&pPtrmap[offset+1])!=parent ){
+    TRACE(("PTRMAP_UPDATE: %d->(%d,%d)\n", key, eType, parent));
+    *pRC= rc = sqlite3PagerWrite(pDbPage);
+    if( rc==SQLITE_OK ){
+      pPtrmap[offset] = eType;
+      put4byte(&pPtrmap[offset+1], parent);
+    }
+  }
+
+ptrmap_exit:
+  sqlite3PagerUnref(pDbPage);
+}
+
+/*
+** Read an entry from the pointer map.
+**
+** This routine retrieves the pointer map entry for page 'key', writing
+** the type and parent page number to *pEType and *pPgno respectively.
+** An error code is returned if something goes wrong, otherwise SQLITE_OK.
+*/
+static int ptrmapGet(BtShared *pBt, Pgno key, u8 *pEType, Pgno *pPgno){
+  DbPage *pDbPage;   /* The pointer map page */
+  int iPtrmap;       /* Pointer map page index */
+  u8 *pPtrmap;       /* Pointer map page data */
+  int offset;        /* Offset of entry in pointer map */
+  int rc;
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+
+  iPtrmap = PTRMAP_PAGENO(pBt, key);
+  rc = sqlite3PagerGet(pBt->pPager, iPtrmap, &pDbPage, 0);
+  if( rc!=0 ){
+    return rc;
+  }
+  pPtrmap = (u8 *)sqlite3PagerGetData(pDbPage);
+
+  offset = PTRMAP_PTROFFSET(iPtrmap, key);
+  if( offset<0 ){
+    sqlite3PagerUnref(pDbPage);
+    return SQLITE_CORRUPT_BKPT;
+  }
+  assert( offset <= (int)pBt->usableSize-5 );
+  assert( pEType!=0 );
+  *pEType = pPtrmap[offset];
+  if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);
+
+  sqlite3PagerUnref(pDbPage);
+  if( *pEType<1 || *pEType>5 ) return SQLITE_CORRUPT_BKPT;
+  return SQLITE_OK;
+}
+
+#else /* if defined SQLITE_OMIT_AUTOVACUUM */
+  #define ptrmapPut(w,x,y,z,rc)
+  #define ptrmapGet(w,x,y,z) SQLITE_OK
+  #define ptrmapPutOvflPtr(x, y, rc)
+#endif
+
+/*
+** Given a btree page and a cell index (0 means the first cell on
+** the page, 1 means the second cell, and so forth) return a pointer
+** to the cell content.
+**
+** findCellPastPtr() does the same except it skips past the initial
+** 4-byte child pointer found on interior pages, if there is one.
+**
+** This routine works only for pages that do not contain overflow cells.
+*/
+#define findCell(P,I) \
+  ((P)->aData + ((P)->maskPage & get2byteAligned(&(P)->aCellIdx[2*(I)])))
+#define findCellPastPtr(P,I) \
+  ((P)->aDataOfst + ((P)->maskPage & get2byteAligned(&(P)->aCellIdx[2*(I)])))
+
+
+/*
+** This is common tail processing for btreeParseCellPtr() and
+** btreeParseCellPtrIndex() for the case when the cell does not fit entirely
+** on a single B-tree page.  Make necessary adjustments to the CellInfo
+** structure.
+*/
+static SQLITE_NOINLINE void btreeParseCellAdjustSizeForOverflow(
+  MemPage *pPage,         /* Page containing the cell */
+  u8 *pCell,              /* Pointer to the cell text. */
+  CellInfo *pInfo         /* Fill in this structure */
+){
+  /* If the payload will not fit completely on the local page, we have
+  ** to decide how much to store locally and how much to spill onto
+  ** overflow pages.  The strategy is to minimize the amount of unused
+  ** space on overflow pages while keeping the amount of local storage
+  ** in between minLocal and maxLocal.
+  **
+  ** Warning:  changing the way overflow payload is distributed in any
+  ** way will result in an incompatible file format.
+  */
+  int minLocal;  /* Minimum amount of payload held locally */
+  int maxLocal;  /* Maximum amount of payload held locally */
+  int surplus;   /* Overflow payload available for local storage */
+
+  minLocal = pPage->minLocal;
+  maxLocal = pPage->maxLocal;
+  surplus = minLocal + (pInfo->nPayload - minLocal)%(pPage->pBt->usableSize-4);
+  testcase( surplus==maxLocal );
+  testcase( surplus==maxLocal+1 );
+  if( surplus <= maxLocal ){
+    pInfo->nLocal = (u16)surplus;
+  }else{
+    pInfo->nLocal = (u16)minLocal;
+  }
+  pInfo->nSize = (u16)(&pInfo->pPayload[pInfo->nLocal] - pCell) + 4;
+}
+
+/*
+** The following routines are implementations of the MemPage.xParseCell()
+** method.
+**
+** Parse a cell content block and fill in the CellInfo structure.
+**
+** btreeParseCellPtr()        =>   table btree leaf nodes
+** btreeParseCellNoPayload()  =>   table btree internal nodes
+** btreeParseCellPtrIndex()   =>   index btree nodes
+**
+** There is also a wrapper function btreeParseCell() that works for
+** all MemPage types and that references the cell by index rather than
+** by pointer.
+*/
+static void btreeParseCellPtrNoPayload(
+  MemPage *pPage,         /* Page containing the cell */
+  u8 *pCell,              /* Pointer to the cell text. */
+  CellInfo *pInfo         /* Fill in this structure */
+){
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( pPage->leaf==0 );
+  assert( pPage->noPayload );
+  assert( pPage->childPtrSize==4 );
+#ifndef SQLITE_DEBUG
+  UNUSED_PARAMETER(pPage);
+#endif
+  pInfo->nSize = 4 + getVarint(&pCell[4], (u64*)&pInfo->nKey);
+  pInfo->nPayload = 0;
+  pInfo->nLocal = 0;
+  pInfo->pPayload = 0;
+  return;
+}
+static void btreeParseCellPtr(
+  MemPage *pPage,         /* Page containing the cell */
+  u8 *pCell,              /* Pointer to the cell text. */
+  CellInfo *pInfo         /* Fill in this structure */
+){
+  u8 *pIter;              /* For scanning through pCell */
+  u32 nPayload;           /* Number of bytes of cell payload */
+  u64 iKey;               /* Extracted Key value */
+
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( pPage->leaf==0 || pPage->leaf==1 );
+  assert( pPage->intKeyLeaf || pPage->noPayload );
+  assert( pPage->noPayload==0 );
+  assert( pPage->intKeyLeaf );
+  assert( pPage->childPtrSize==0 );
+  pIter = pCell;
+
+  /* The next block of code is equivalent to:
+  **
+  **     pIter += getVarint32(pIter, nPayload);
+  **
+  ** The code is inlined to avoid a function call.
+  */
+  nPayload = *pIter;
+  if( nPayload>=0x80 ){
+    u8 *pEnd = &pIter[8];
+    nPayload &= 0x7f;
+    do{
+      nPayload = (nPayload<<7) | (*++pIter & 0x7f);
+    }while( (*pIter)>=0x80 && pIter<pEnd );
+  }
+  pIter++;
+
+  /* The next block of code is equivalent to:
+  **
+  **     pIter += getVarint(pIter, (u64*)&pInfo->nKey);
+  **
+  ** The code is inlined to avoid a function call.
+  */
+  iKey = *pIter;
+  if( iKey>=0x80 ){
+    u8 *pEnd = &pIter[7];
+    iKey &= 0x7f;
+    while(1){
+      iKey = (iKey<<7) | (*++pIter & 0x7f);
+      if( (*pIter)<0x80 ) break;
+      if( pIter>=pEnd ){
+        iKey = (iKey<<8) | *++pIter;
+        break;
+      }
+    }
+  }
+  pIter++;
+
+  pInfo->nKey = *(i64*)&iKey;
+  pInfo->nPayload = nPayload;
+  pInfo->pPayload = pIter;
+  testcase( nPayload==pPage->maxLocal );
+  testcase( nPayload==pPage->maxLocal+1 );
+  if( nPayload<=pPage->maxLocal ){
+    /* This is the (easy) common case where the entire payload fits
+    ** on the local page.  No overflow is required.
+    */
+    pInfo->nSize = nPayload + (u16)(pIter - pCell);
+    if( pInfo->nSize<4 ) pInfo->nSize = 4;
+    pInfo->nLocal = (u16)nPayload;
+  }else{
+    btreeParseCellAdjustSizeForOverflow(pPage, pCell, pInfo);
+  }
+}
+static void btreeParseCellPtrIndex(
+  MemPage *pPage,         /* Page containing the cell */
+  u8 *pCell,              /* Pointer to the cell text. */
+  CellInfo *pInfo         /* Fill in this structure */
+){
+  u8 *pIter;              /* For scanning through pCell */
+  u32 nPayload;           /* Number of bytes of cell payload */
+
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( pPage->leaf==0 || pPage->leaf==1 );
+  assert( pPage->intKeyLeaf==0 );
+  assert( pPage->noPayload==0 );
+  pIter = pCell + pPage->childPtrSize;
+  nPayload = *pIter;
+  if( nPayload>=0x80 ){
+    u8 *pEnd = &pIter[8];
+    nPayload &= 0x7f;
+    do{
+      nPayload = (nPayload<<7) | (*++pIter & 0x7f);
+    }while( *(pIter)>=0x80 && pIter<pEnd );
+  }
+  pIter++;
+  pInfo->nKey = nPayload;
+  pInfo->nPayload = nPayload;
+  pInfo->pPayload = pIter;
+  testcase( nPayload==pPage->maxLocal );
+  testcase( nPayload==pPage->maxLocal+1 );
+  if( nPayload<=pPage->maxLocal ){
+    /* This is the (easy) common case where the entire payload fits
+    ** on the local page.  No overflow is required.
+    */
+    pInfo->nSize = nPayload + (u16)(pIter - pCell);
+    if( pInfo->nSize<4 ) pInfo->nSize = 4;
+    pInfo->nLocal = (u16)nPayload;
+  }else{
+    btreeParseCellAdjustSizeForOverflow(pPage, pCell, pInfo);
+  }
+}
+static void btreeParseCell(
+  MemPage *pPage,         /* Page containing the cell */
+  int iCell,              /* The cell index.  First cell is 0 */
+  CellInfo *pInfo         /* Fill in this structure */
+){
+  pPage->xParseCell(pPage, findCell(pPage, iCell), pInfo);
+}
+
+/*
+** The following routines are implementations of the MemPage.xCellSize
+** method.
+**
+** Compute the total number of bytes that a Cell needs in the cell
+** data area of the btree-page.  The return number includes the cell
+** data header and the local payload, but not any overflow page or
+** the space used by the cell pointer.
+**
+** cellSizePtrNoPayload()    =>   table internal nodes
+** cellSizePtr()             =>   all index nodes & table leaf nodes
+*/
+static u16 cellSizePtr(MemPage *pPage, u8 *pCell){
+  u8 *pIter = pCell + pPage->childPtrSize; /* For looping over bytes of pCell */
+  u8 *pEnd;                                /* End mark for a varint */
+  u32 nSize;                               /* Size value to return */
+
+#ifdef SQLITE_DEBUG
+  /* The value returned by this function should always be the same as
+  ** the (CellInfo.nSize) value found by doing a full parse of the
+  ** cell. If SQLITE_DEBUG is defined, an assert() at the bottom of
+  ** this function verifies that this invariant is not violated. */
+  CellInfo debuginfo;
+  pPage->xParseCell(pPage, pCell, &debuginfo);
+#endif
+
+  assert( pPage->noPayload==0 );
+  nSize = *pIter;
+  if( nSize>=0x80 ){
+    pEnd = &pIter[8];
+    nSize &= 0x7f;
+    do{
+      nSize = (nSize<<7) | (*++pIter & 0x7f);
+    }while( *(pIter)>=0x80 && pIter<pEnd );
+  }
+  pIter++;
+  if( pPage->intKey ){
+    /* pIter now points at the 64-bit integer key value, a variable length 
+    ** integer. The following block moves pIter to point at the first byte
+    ** past the end of the key value. */
+    pEnd = &pIter[9];
+    while( (*pIter++)&0x80 && pIter<pEnd );
+  }
+  testcase( nSize==pPage->maxLocal );
+  testcase( nSize==pPage->maxLocal+1 );
+  if( nSize<=pPage->maxLocal ){
+    nSize += (u32)(pIter - pCell);
+    if( nSize<4 ) nSize = 4;
+  }else{
+    int minLocal = pPage->minLocal;
+    nSize = minLocal + (nSize - minLocal) % (pPage->pBt->usableSize - 4);
+    testcase( nSize==pPage->maxLocal );
+    testcase( nSize==pPage->maxLocal+1 );
+    if( nSize>pPage->maxLocal ){
+      nSize = minLocal;
+    }
+    nSize += 4 + (u16)(pIter - pCell);
+  }
+  assert( nSize==debuginfo.nSize || CORRUPT_DB );
+  return (u16)nSize;
+}
+static u16 cellSizePtrNoPayload(MemPage *pPage, u8 *pCell){
+  u8 *pIter = pCell + 4; /* For looping over bytes of pCell */
+  u8 *pEnd;              /* End mark for a varint */
+
+#ifdef SQLITE_DEBUG
+  /* The value returned by this function should always be the same as
+  ** the (CellInfo.nSize) value found by doing a full parse of the
+  ** cell. If SQLITE_DEBUG is defined, an assert() at the bottom of
+  ** this function verifies that this invariant is not violated. */
+  CellInfo debuginfo;
+  pPage->xParseCell(pPage, pCell, &debuginfo);
+#else
+  UNUSED_PARAMETER(pPage);
+#endif
+
+  assert( pPage->childPtrSize==4 );
+  pEnd = pIter + 9;
+  while( (*pIter++)&0x80 && pIter<pEnd );
+  assert( debuginfo.nSize==(u16)(pIter - pCell) || CORRUPT_DB );
+  return (u16)(pIter - pCell);
+}
+
+
+#ifdef SQLITE_DEBUG
+/* This variation on cellSizePtr() is used inside of assert() statements
+** only. */
+static u16 cellSize(MemPage *pPage, int iCell){
+  return pPage->xCellSize(pPage, findCell(pPage, iCell));
+}
+#endif
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+/*
+** If the cell pCell, part of page pPage contains a pointer
+** to an overflow page, insert an entry into the pointer-map
+** for the overflow page.
+*/
+static void ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell, int *pRC){
+  CellInfo info;
+  if( *pRC ) return;
+  assert( pCell!=0 );
+  pPage->xParseCell(pPage, pCell, &info);
+  if( info.nLocal<info.nPayload ){
+    Pgno ovfl = get4byte(&pCell[info.nSize-4]);
+    ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC);
+  }
+}
+#endif
+
+
+/*
+** Defragment the page given.  All Cells are moved to the
+** end of the page and all free space is collected into one
+** big FreeBlk that occurs in between the header and cell
+** pointer array and the cell content area.
+**
+** EVIDENCE-OF: R-44582-60138 SQLite may from time to time reorganize a
+** b-tree page so that there are no freeblocks or fragment bytes, all
+** unused bytes are contained in the unallocated space region, and all
+** cells are packed tightly at the end of the page.
+*/
+static int defragmentPage(MemPage *pPage){
+  int i;                     /* Loop counter */
+  int pc;                    /* Address of the i-th cell */
+  int hdr;                   /* Offset to the page header */
+  int size;                  /* Size of a cell */
+  int usableSize;            /* Number of usable bytes on a page */
+  int cellOffset;            /* Offset to the cell pointer array */
+  int cbrk;                  /* Offset to the cell content area */
+  int nCell;                 /* Number of cells on the page */
+  unsigned char *data;       /* The page data */
+  unsigned char *temp;       /* Temp area for cell content */
+  unsigned char *src;        /* Source of content */
+  int iCellFirst;            /* First allowable cell index */
+  int iCellLast;             /* Last possible cell index */
+
+
+  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+  assert( pPage->pBt!=0 );
+  assert( pPage->pBt->usableSize <= SQLITE_MAX_PAGE_SIZE );
+  assert( pPage->nOverflow==0 );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  temp = 0;
+  src = data = pPage->aData;
+  hdr = pPage->hdrOffset;
+  cellOffset = pPage->cellOffset;
+  nCell = pPage->nCell;
+  assert( nCell==get2byte(&data[hdr+3]) );
+  usableSize = pPage->pBt->usableSize;
+  cbrk = usableSize;
+  iCellFirst = cellOffset + 2*nCell;
+  iCellLast = usableSize - 4;
+  for(i=0; i<nCell; i++){
+    u8 *pAddr;     /* The i-th cell pointer */
+    pAddr = &data[cellOffset + i*2];
+    pc = get2byte(pAddr);
+    testcase( pc==iCellFirst );
+    testcase( pc==iCellLast );
+    /* These conditions have already been verified in btreeInitPage()
+    ** if PRAGMA cell_size_check=ON.
+    */
+    if( pc<iCellFirst || pc>iCellLast ){
+      return SQLITE_CORRUPT_BKPT;
+    }
+    assert( pc>=iCellFirst && pc<=iCellLast );
+    size = pPage->xCellSize(pPage, &src[pc]);
+    cbrk -= size;
+    if( cbrk<iCellFirst || pc+size>usableSize ){
+      return SQLITE_CORRUPT_BKPT;
+    }
+    assert( cbrk+size<=usableSize && cbrk>=iCellFirst );
+    testcase( cbrk+size==usableSize );
+    testcase( pc+size==usableSize );
+    put2byte(pAddr, cbrk);
+    if( temp==0 ){
+      int x;
+      if( cbrk==pc ) continue;
+      temp = sqlite3PagerTempSpace(pPage->pBt->pPager);
+      x = get2byte(&data[hdr+5]);
+      memcpy(&temp[x], &data[x], (cbrk+size) - x);
+      src = temp;
+    }
+    memcpy(&data[cbrk], &src[pc], size);
+  }
+  assert( cbrk>=iCellFirst );
+  put2byte(&data[hdr+5], cbrk);
+  data[hdr+1] = 0;
+  data[hdr+2] = 0;
+  data[hdr+7] = 0;
+  memset(&data[iCellFirst], 0, cbrk-iCellFirst);
+  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+  if( cbrk-iCellFirst!=pPage->nFree ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Search the free-list on page pPg for space to store a cell nByte bytes in
+** size. If one can be found, return a pointer to the space and remove it
+** from the free-list.
+**
+** If no suitable space can be found on the free-list, return NULL.
+**
+** This function may detect corruption within pPg.  If corruption is
+** detected then *pRc is set to SQLITE_CORRUPT and NULL is returned.
+**
+** Slots on the free list that are between 1 and 3 bytes larger than nByte
+** will be ignored if adding the extra space to the fragmentation count
+** causes the fragmentation count to exceed 60.
+*/
+static u8 *pageFindSlot(MemPage *pPg, int nByte, int *pRc){
+  const int hdr = pPg->hdrOffset;
+  u8 * const aData = pPg->aData;
+  int iAddr = hdr + 1;
+  int pc = get2byte(&aData[iAddr]);
+  int x;
+  int usableSize = pPg->pBt->usableSize;
+
+  assert( pc>0 );
+  do{
+    int size;            /* Size of the free slot */
+    /* EVIDENCE-OF: R-06866-39125 Freeblocks are always connected in order of
+    ** increasing offset. */
+    if( pc>usableSize-4 || pc<iAddr+4 ){
+      *pRc = SQLITE_CORRUPT_BKPT;
+      return 0;
+    }
+    /* EVIDENCE-OF: R-22710-53328 The third and fourth bytes of each
+    ** freeblock form a big-endian integer which is the size of the freeblock
+    ** in bytes, including the 4-byte header. */
+    size = get2byte(&aData[pc+2]);
+    if( (x = size - nByte)>=0 ){
+      testcase( x==4 );
+      testcase( x==3 );
+      if( pc < pPg->cellOffset+2*pPg->nCell || size+pc > usableSize ){
+        *pRc = SQLITE_CORRUPT_BKPT;
+        return 0;
+      }else if( x<4 ){
+        /* EVIDENCE-OF: R-11498-58022 In a well-formed b-tree page, the total
+        ** number of bytes in fragments may not exceed 60. */
+        if( aData[hdr+7]>57 ) return 0;
+
+        /* Remove the slot from the free-list. Update the number of
+        ** fragmented bytes within the page. */
+        memcpy(&aData[iAddr], &aData[pc], 2);
+        aData[hdr+7] += (u8)x;
+      }else{
+        /* The slot remains on the free-list. Reduce its size to account
+         ** for the portion used by the new allocation. */
+        put2byte(&aData[pc+2], x);
+      }
+      return &aData[pc + x];
+    }
+    iAddr = pc;
+    pc = get2byte(&aData[pc]);
+  }while( pc );
+
+  return 0;
+}
+
+/*
+** Allocate nByte bytes of space from within the B-Tree page passed
+** as the first argument. Write into *pIdx the index into pPage->aData[]
+** of the first byte of allocated space. Return either SQLITE_OK or
+** an error code (usually SQLITE_CORRUPT).
+**
+** The caller guarantees that there is sufficient space to make the
+** allocation.  This routine might need to defragment in order to bring
+** all the space together, however.  This routine will avoid using
+** the first two bytes past the cell pointer area since presumably this
+** allocation is being made in order to insert a new cell, so we will
+** also end up needing a new cell pointer.
+*/
+static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){
+  const int hdr = pPage->hdrOffset;    /* Local cache of pPage->hdrOffset */
+  u8 * const data = pPage->aData;      /* Local cache of pPage->aData */
+  int top;                             /* First byte of cell content area */
+  int rc = SQLITE_OK;                  /* Integer return code */
+  int gap;        /* First byte of gap between cell pointers and cell content */
+  
+  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+  assert( pPage->pBt );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( nByte>=0 );  /* Minimum cell size is 4 */
+  assert( pPage->nFree>=nByte );
+  assert( pPage->nOverflow==0 );
+  assert( nByte < (int)(pPage->pBt->usableSize-8) );
+
+  assert( pPage->cellOffset == hdr + 12 - 4*pPage->leaf );
+  gap = pPage->cellOffset + 2*pPage->nCell;
+  assert( gap<=65536 );
+  /* EVIDENCE-OF: R-29356-02391 If the database uses a 65536-byte page size
+  ** and the reserved space is zero (the usual value for reserved space)
+  ** then the cell content offset of an empty page wants to be 65536.
+  ** However, that integer is too large to be stored in a 2-byte unsigned
+  ** integer, so a value of 0 is used in its place. */
+  top = get2byte(&data[hdr+5]);
+  assert( top<=(int)pPage->pBt->usableSize ); /* Prevent by getAndInitPage() */
+  if( gap>top ){
+    if( top==0 && pPage->pBt->usableSize==65536 ){
+      top = 65536;
+    }else{
+      return SQLITE_CORRUPT_BKPT;
+    }
+  }
+
+  /* If there is enough space between gap and top for one more cell pointer
+  ** array entry offset, and if the freelist is not empty, then search the
+  ** freelist looking for a free slot big enough to satisfy the request.
+  */
+  testcase( gap+2==top );
+  testcase( gap+1==top );
+  testcase( gap==top );
+  if( (data[hdr+2] || data[hdr+1]) && gap+2<=top ){
+    u8 *pSpace = pageFindSlot(pPage, nByte, &rc);
+    if( pSpace ){
+      assert( pSpace>=data && (pSpace - data)<65536 );
+      *pIdx = (int)(pSpace - data);
+      return SQLITE_OK;
+    }else if( rc ){
+      return rc;
+    }
+  }
+
+  /* The request could not be fulfilled using a freelist slot.  Check
+  ** to see if defragmentation is necessary.
+  */
+  testcase( gap+2+nByte==top );
+  if( gap+2+nByte>top ){
+    assert( pPage->nCell>0 || CORRUPT_DB );
+    rc = defragmentPage(pPage);
+    if( rc ) return rc;
+    top = get2byteNotZero(&data[hdr+5]);
+    assert( gap+nByte<=top );
+  }
+
+
+  /* Allocate memory from the gap in between the cell pointer array
+  ** and the cell content area.  The btreeInitPage() call has already
+  ** validated the freelist.  Given that the freelist is valid, there
+  ** is no way that the allocation can extend off the end of the page.
+  ** The assert() below verifies the previous sentence.
+  */
+  top -= nByte;
+  put2byte(&data[hdr+5], top);
+  assert( top+nByte <= (int)pPage->pBt->usableSize );
+  *pIdx = top;
+  return SQLITE_OK;
+}
+
+/*
+** Return a section of the pPage->aData to the freelist.
+** The first byte of the new free block is pPage->aData[iStart]
+** and the size of the block is iSize bytes.
+**
+** Adjacent freeblocks are coalesced.
+**
+** Note that even though the freeblock list was checked by btreeInitPage(),
+** that routine will not detect overlap between cells or freeblocks.  Nor
+** does it detect cells or freeblocks that encrouch into the reserved bytes
+** at the end of the page.  So do additional corruption checks inside this
+** routine and return SQLITE_CORRUPT if any problems are found.
+*/
+static int freeSpace(MemPage *pPage, u16 iStart, u16 iSize){
+  u16 iPtr;                             /* Address of ptr to next freeblock */
+  u16 iFreeBlk;                         /* Address of the next freeblock */
+  u8 hdr;                               /* Page header size.  0 or 100 */
+  u8 nFrag = 0;                         /* Reduction in fragmentation */
+  u16 iOrigSize = iSize;                /* Original value of iSize */
+  u32 iLast = pPage->pBt->usableSize-4; /* Largest possible freeblock offset */
+  u32 iEnd = iStart + iSize;            /* First byte past the iStart buffer */
+  unsigned char *data = pPage->aData;   /* Page content */
+
+  assert( pPage->pBt!=0 );
+  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+  assert( CORRUPT_DB || iStart>=pPage->hdrOffset+6+pPage->childPtrSize );
+  assert( CORRUPT_DB || iEnd <= pPage->pBt->usableSize );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( iSize>=4 );   /* Minimum cell size is 4 */
+  assert( iStart<=iLast );
+
+  /* Overwrite deleted information with zeros when the secure_delete
+  ** option is enabled */
+  if( pPage->pBt->btsFlags & BTS_SECURE_DELETE ){
+    memset(&data[iStart], 0, iSize);
+  }
+
+  /* The list of freeblocks must be in ascending order.  Find the 
+  ** spot on the list where iStart should be inserted.
+  */
+  hdr = pPage->hdrOffset;
+  iPtr = hdr + 1;
+  if( data[iPtr+1]==0 && data[iPtr]==0 ){
+    iFreeBlk = 0;  /* Shortcut for the case when the freelist is empty */
+  }else{
+    while( (iFreeBlk = get2byte(&data[iPtr]))>0 && iFreeBlk<iStart ){
+      if( iFreeBlk<iPtr+4 ) return SQLITE_CORRUPT_BKPT;
+      iPtr = iFreeBlk;
+    }
+    if( iFreeBlk>iLast ) return SQLITE_CORRUPT_BKPT;
+    assert( iFreeBlk>iPtr || iFreeBlk==0 );
+  
+    /* At this point:
+    **    iFreeBlk:   First freeblock after iStart, or zero if none
+    **    iPtr:       The address of a pointer to iFreeBlk
+    **
+    ** Check to see if iFreeBlk should be coalesced onto the end of iStart.
+    */
+    if( iFreeBlk && iEnd+3>=iFreeBlk ){
+      nFrag = iFreeBlk - iEnd;
+      if( iEnd>iFreeBlk ) return SQLITE_CORRUPT_BKPT;
+      iEnd = iFreeBlk + get2byte(&data[iFreeBlk+2]);
+      if( iEnd > pPage->pBt->usableSize ) return SQLITE_CORRUPT_BKPT;
+      iSize = iEnd - iStart;
+      iFreeBlk = get2byte(&data[iFreeBlk]);
+    }
+  
+    /* If iPtr is another freeblock (that is, if iPtr is not the freelist
+    ** pointer in the page header) then check to see if iStart should be
+    ** coalesced onto the end of iPtr.
+    */
+    if( iPtr>hdr+1 ){
+      int iPtrEnd = iPtr + get2byte(&data[iPtr+2]);
+      if( iPtrEnd+3>=iStart ){
+        if( iPtrEnd>iStart ) return SQLITE_CORRUPT_BKPT;
+        nFrag += iStart - iPtrEnd;
+        iSize = iEnd - iPtr;
+        iStart = iPtr;
+      }
+    }
+    if( nFrag>data[hdr+7] ) return SQLITE_CORRUPT_BKPT;
+    data[hdr+7] -= nFrag;
+  }
+  if( iStart==get2byte(&data[hdr+5]) ){
+    /* The new freeblock is at the beginning of the cell content area,
+    ** so just extend the cell content area rather than create another
+    ** freelist entry */
+    if( iPtr!=hdr+1 ) return SQLITE_CORRUPT_BKPT;
+    put2byte(&data[hdr+1], iFreeBlk);
+    put2byte(&data[hdr+5], iEnd);
+  }else{
+    /* Insert the new freeblock into the freelist */
+    put2byte(&data[iPtr], iStart);
+    put2byte(&data[iStart], iFreeBlk);
+    put2byte(&data[iStart+2], iSize);
+  }
+  pPage->nFree += iOrigSize;
+  return SQLITE_OK;
+}
+
+/*
+** Decode the flags byte (the first byte of the header) for a page
+** and initialize fields of the MemPage structure accordingly.
+**
+** Only the following combinations are supported.  Anything different
+** indicates a corrupt database files:
+**
+**         PTF_ZERODATA
+**         PTF_ZERODATA | PTF_LEAF
+**         PTF_LEAFDATA | PTF_INTKEY
+**         PTF_LEAFDATA | PTF_INTKEY | PTF_LEAF
+*/
+static int decodeFlags(MemPage *pPage, int flagByte){
+  BtShared *pBt;     /* A copy of pPage->pBt */
+
+  assert( pPage->hdrOffset==(pPage->pgno==1 ? 100 : 0) );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  pPage->leaf = (u8)(flagByte>>3);  assert( PTF_LEAF == 1<<3 );
+  flagByte &= ~PTF_LEAF;
+  pPage->childPtrSize = 4-4*pPage->leaf;
+  pPage->xCellSize = cellSizePtr;
+  pBt = pPage->pBt;
+  if( flagByte==(PTF_LEAFDATA | PTF_INTKEY) ){
+    /* EVIDENCE-OF: R-03640-13415 A value of 5 means the page is an interior
+    ** table b-tree page. */
+    assert( (PTF_LEAFDATA|PTF_INTKEY)==5 );
+    /* EVIDENCE-OF: R-20501-61796 A value of 13 means the page is a leaf
+    ** table b-tree page. */
+    assert( (PTF_LEAFDATA|PTF_INTKEY|PTF_LEAF)==13 );
+    pPage->intKey = 1;
+    if( pPage->leaf ){
+      pPage->intKeyLeaf = 1;
+      pPage->noPayload = 0;
+      pPage->xParseCell = btreeParseCellPtr;
+    }else{
+      pPage->intKeyLeaf = 0;
+      pPage->noPayload = 1;
+      pPage->xCellSize = cellSizePtrNoPayload;
+      pPage->xParseCell = btreeParseCellPtrNoPayload;
+    }
+    pPage->maxLocal = pBt->maxLeaf;
+    pPage->minLocal = pBt->minLeaf;
+  }else if( flagByte==PTF_ZERODATA ){
+    /* EVIDENCE-OF: R-27225-53936 A value of 2 means the page is an interior
+    ** index b-tree page. */
+    assert( (PTF_ZERODATA)==2 );
+    /* EVIDENCE-OF: R-16571-11615 A value of 10 means the page is a leaf
+    ** index b-tree page. */
+    assert( (PTF_ZERODATA|PTF_LEAF)==10 );
+    pPage->intKey = 0;
+    pPage->intKeyLeaf = 0;
+    pPage->noPayload = 0;
+    pPage->xParseCell = btreeParseCellPtrIndex;
+    pPage->maxLocal = pBt->maxLocal;
+    pPage->minLocal = pBt->minLocal;
+  }else{
+    /* EVIDENCE-OF: R-47608-56469 Any other value for the b-tree page type is
+    ** an error. */
+    return SQLITE_CORRUPT_BKPT;
+  }
+  pPage->max1bytePayload = pBt->max1bytePayload;
+  return SQLITE_OK;
+}
+
+/*
+** Initialize the auxiliary information for a disk block.
+**
+** Return SQLITE_OK on success.  If we see that the page does
+** not contain a well-formed database page, then return 
+** SQLITE_CORRUPT.  Note that a return of SQLITE_OK does not
+** guarantee that the page is well-formed.  It only shows that
+** we failed to detect any corruption.
+*/
+static int btreeInitPage(MemPage *pPage){
+
+  assert( pPage->pBt!=0 );
+  assert( pPage->pBt->db!=0 );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( pPage->pgno==sqlite3PagerPagenumber(pPage->pDbPage) );
+  assert( pPage == sqlite3PagerGetExtra(pPage->pDbPage) );
+  assert( pPage->aData == sqlite3PagerGetData(pPage->pDbPage) );
+
+  if( !pPage->isInit ){
+    u16 pc;            /* Address of a freeblock within pPage->aData[] */
+    u8 hdr;            /* Offset to beginning of page header */
+    u8 *data;          /* Equal to pPage->aData */
+    BtShared *pBt;        /* The main btree structure */
+    int usableSize;    /* Amount of usable space on each page */
+    u16 cellOffset;    /* Offset from start of page to first cell pointer */
+    int nFree;         /* Number of unused bytes on the page */
+    int top;           /* First byte of the cell content area */
+    int iCellFirst;    /* First allowable cell or freeblock offset */
+    int iCellLast;     /* Last possible cell or freeblock offset */
+
+    pBt = pPage->pBt;
+
+    hdr = pPage->hdrOffset;
+    data = pPage->aData;
+    /* EVIDENCE-OF: R-28594-02890 The one-byte flag at offset 0 indicating
+    ** the b-tree page type. */
+    if( decodeFlags(pPage, data[hdr]) ) return SQLITE_CORRUPT_BKPT;
+    assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
+    pPage->maskPage = (u16)(pBt->pageSize - 1);
+    pPage->nOverflow = 0;
+    usableSize = pBt->usableSize;
+    pPage->cellOffset = cellOffset = hdr + 8 + pPage->childPtrSize;
+    pPage->aDataEnd = &data[usableSize];
+    pPage->aCellIdx = &data[cellOffset];
+    pPage->aDataOfst = &data[pPage->childPtrSize];
+    /* EVIDENCE-OF: R-58015-48175 The two-byte integer at offset 5 designates
+    ** the start of the cell content area. A zero value for this integer is
+    ** interpreted as 65536. */
+    top = get2byteNotZero(&data[hdr+5]);
+    /* EVIDENCE-OF: R-37002-32774 The two-byte integer at offset 3 gives the
+    ** number of cells on the page. */
+    pPage->nCell = get2byte(&data[hdr+3]);
+    if( pPage->nCell>MX_CELL(pBt) ){
+      /* To many cells for a single page.  The page must be corrupt */
+      return SQLITE_CORRUPT_BKPT;
+    }
+    testcase( pPage->nCell==MX_CELL(pBt) );
+    /* EVIDENCE-OF: R-24089-57979 If a page contains no cells (which is only
+    ** possible for a root page of a table that contains no rows) then the
+    ** offset to the cell content area will equal the page size minus the
+    ** bytes of reserved space. */
+    assert( pPage->nCell>0 || top==usableSize || CORRUPT_DB );
+
+    /* A malformed database page might cause us to read past the end
+    ** of page when parsing a cell.  
+    **
+    ** The following block of code checks early to see if a cell extends
+    ** past the end of a page boundary and causes SQLITE_CORRUPT to be 
+    ** returned if it does.
+    */
+    iCellFirst = cellOffset + 2*pPage->nCell;
+    iCellLast = usableSize - 4;
+    if( pBt->db->flags & SQLITE_CellSizeCk ){
+      int i;            /* Index into the cell pointer array */
+      int sz;           /* Size of a cell */
+
+      if( !pPage->leaf ) iCellLast--;
+      for(i=0; i<pPage->nCell; i++){
+        pc = get2byteAligned(&data[cellOffset+i*2]);
+        testcase( pc==iCellFirst );
+        testcase( pc==iCellLast );
+        if( pc<iCellFirst || pc>iCellLast ){
+          return SQLITE_CORRUPT_BKPT;
+        }
+        sz = pPage->xCellSize(pPage, &data[pc]);
+        testcase( pc+sz==usableSize );
+        if( pc+sz>usableSize ){
+          return SQLITE_CORRUPT_BKPT;
+        }
+      }
+      if( !pPage->leaf ) iCellLast++;
+    }  
+
+    /* Compute the total free space on the page
+    ** EVIDENCE-OF: R-23588-34450 The two-byte integer at offset 1 gives the
+    ** start of the first freeblock on the page, or is zero if there are no
+    ** freeblocks. */
+    pc = get2byte(&data[hdr+1]);
+    nFree = data[hdr+7] + top;  /* Init nFree to non-freeblock free space */
+    while( pc>0 ){
+      u16 next, size;
+      if( pc<iCellFirst || pc>iCellLast ){
+        /* EVIDENCE-OF: R-55530-52930 In a well-formed b-tree page, there will
+        ** always be at least one cell before the first freeblock.
+        **
+        ** Or, the freeblock is off the end of the page
+        */
+        return SQLITE_CORRUPT_BKPT; 
+      }
+      next = get2byte(&data[pc]);
+      size = get2byte(&data[pc+2]);
+      if( (next>0 && next<=pc+size+3) || pc+size>usableSize ){
+        /* Free blocks must be in ascending order. And the last byte of
+        ** the free-block must lie on the database page.  */
+        return SQLITE_CORRUPT_BKPT; 
+      }
+      nFree = nFree + size;
+      pc = next;
+    }
+
+    /* At this point, nFree contains the sum of the offset to the start
+    ** of the cell-content area plus the number of free bytes within
+    ** the cell-content area. If this is greater than the usable-size
+    ** of the page, then the page must be corrupted. This check also
+    ** serves to verify that the offset to the start of the cell-content
+    ** area, according to the page header, lies within the page.
+    */
+    if( nFree>usableSize ){
+      return SQLITE_CORRUPT_BKPT; 
+    }
+    pPage->nFree = (u16)(nFree - iCellFirst);
+    pPage->isInit = 1;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Set up a raw page so that it looks like a database page holding
+** no entries.
+*/
+static void zeroPage(MemPage *pPage, int flags){
+  unsigned char *data = pPage->aData;
+  BtShared *pBt = pPage->pBt;
+  u8 hdr = pPage->hdrOffset;
+  u16 first;
+
+  assert( sqlite3PagerPagenumber(pPage->pDbPage)==pPage->pgno );
+  assert( sqlite3PagerGetExtra(pPage->pDbPage) == (void*)pPage );
+  assert( sqlite3PagerGetData(pPage->pDbPage) == data );
+  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  if( pBt->btsFlags & BTS_SECURE_DELETE ){
+    memset(&data[hdr], 0, pBt->usableSize - hdr);
+  }
+  data[hdr] = (char)flags;
+  first = hdr + ((flags&PTF_LEAF)==0 ? 12 : 8);
+  memset(&data[hdr+1], 0, 4);
+  data[hdr+7] = 0;
+  put2byte(&data[hdr+5], pBt->usableSize);
+  pPage->nFree = (u16)(pBt->usableSize - first);
+  decodeFlags(pPage, flags);
+  pPage->cellOffset = first;
+  pPage->aDataEnd = &data[pBt->usableSize];
+  pPage->aCellIdx = &data[first];
+  pPage->aDataOfst = &data[pPage->childPtrSize];
+  pPage->nOverflow = 0;
+  assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
+  pPage->maskPage = (u16)(pBt->pageSize - 1);
+  pPage->nCell = 0;
+  pPage->isInit = 1;
+}
+
+
+/*
+** Convert a DbPage obtained from the pager into a MemPage used by
+** the btree layer.
+*/
+static MemPage *btreePageFromDbPage(DbPage *pDbPage, Pgno pgno, BtShared *pBt){
+  MemPage *pPage = (MemPage*)sqlite3PagerGetExtra(pDbPage);
+  if( pgno!=pPage->pgno ){
+    pPage->aData = sqlite3PagerGetData(pDbPage);
+    pPage->pDbPage = pDbPage;
+    pPage->pBt = pBt;
+    pPage->pgno = pgno;
+    pPage->hdrOffset = pgno==1 ? 100 : 0;
+  }
+  assert( pPage->aData==sqlite3PagerGetData(pDbPage) );
+  return pPage; 
+}
+
+/*
+** Get a page from the pager.  Initialize the MemPage.pBt and
+** MemPage.aData elements if needed.  See also: btreeGetUnusedPage().
+**
+** If the PAGER_GET_NOCONTENT flag is set, it means that we do not care
+** about the content of the page at this time.  So do not go to the disk
+** to fetch the content.  Just fill in the content with zeros for now.
+** If in the future we call sqlite3PagerWrite() on this page, that
+** means we have started to be concerned about content and the disk
+** read should occur at that point.
+*/
+static int btreeGetPage(
+  BtShared *pBt,       /* The btree */
+  Pgno pgno,           /* Number of the page to fetch */
+  MemPage **ppPage,    /* Return the page in this parameter */
+  int flags            /* PAGER_GET_NOCONTENT or PAGER_GET_READONLY */
+){
+  int rc;
+  DbPage *pDbPage;
+
+  assert( flags==0 || flags==PAGER_GET_NOCONTENT || flags==PAGER_GET_READONLY );
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  rc = sqlite3PagerGet(pBt->pPager, pgno, (DbPage**)&pDbPage, flags);
+  if( rc ) return rc;
+  *ppPage = btreePageFromDbPage(pDbPage, pgno, pBt);
+  return SQLITE_OK;
+}
+
+/*
+** Retrieve a page from the pager cache. If the requested page is not
+** already in the pager cache return NULL. Initialize the MemPage.pBt and
+** MemPage.aData elements if needed.
+*/
+static MemPage *btreePageLookup(BtShared *pBt, Pgno pgno){
+  DbPage *pDbPage;
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  pDbPage = sqlite3PagerLookup(pBt->pPager, pgno);
+  if( pDbPage ){
+    return btreePageFromDbPage(pDbPage, pgno, pBt);
+  }
+  return 0;
+}
+
+/*
+** Return the size of the database file in pages. If there is any kind of
+** error, return ((unsigned int)-1).
+*/
+static Pgno btreePagecount(BtShared *pBt){
+  return pBt->nPage;
+}
+SQLITE_PRIVATE u32 sqlite3BtreeLastPage(Btree *p){
+  assert( sqlite3BtreeHoldsMutex(p) );
+  assert( ((p->pBt->nPage)&0x8000000)==0 );
+  return btreePagecount(p->pBt);
+}
+
+/*
+** Get a page from the pager and initialize it.
+**
+** If pCur!=0 then the page is being fetched as part of a moveToChild()
+** call.  Do additional sanity checking on the page in this case.
+** And if the fetch fails, this routine must decrement pCur->iPage.
+**
+** The page is fetched as read-write unless pCur is not NULL and is
+** a read-only cursor.
+**
+** If an error occurs, then *ppPage is undefined. It
+** may remain unchanged, or it may be set to an invalid value.
+*/
+static int getAndInitPage(
+  BtShared *pBt,                  /* The database file */
+  Pgno pgno,                      /* Number of the page to get */
+  MemPage **ppPage,               /* Write the page pointer here */
+  BtCursor *pCur,                 /* Cursor to receive the page, or NULL */
+  int bReadOnly                   /* True for a read-only page */
+){
+  int rc;
+  DbPage *pDbPage;
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( pCur==0 || ppPage==&pCur->apPage[pCur->iPage] );
+  assert( pCur==0 || bReadOnly==pCur->curPagerFlags );
+  assert( pCur==0 || pCur->iPage>0 );
+
+  if( pgno>btreePagecount(pBt) ){
+    rc = SQLITE_CORRUPT_BKPT;
+    goto getAndInitPage_error;
+  }
+  rc = sqlite3PagerGet(pBt->pPager, pgno, (DbPage**)&pDbPage, bReadOnly);
+  if( rc ){
+    goto getAndInitPage_error;
+  }
+  *ppPage = (MemPage*)sqlite3PagerGetExtra(pDbPage);
+  if( (*ppPage)->isInit==0 ){
+    btreePageFromDbPage(pDbPage, pgno, pBt);
+    rc = btreeInitPage(*ppPage);
+    if( rc!=SQLITE_OK ){
+      releasePage(*ppPage);
+      goto getAndInitPage_error;
+    }
+  }
+  assert( (*ppPage)->pgno==pgno );
+  assert( (*ppPage)->aData==sqlite3PagerGetData(pDbPage) );
+
+  /* If obtaining a child page for a cursor, we must verify that the page is
+  ** compatible with the root page. */
+  if( pCur && ((*ppPage)->nCell<1 || (*ppPage)->intKey!=pCur->curIntKey) ){
+    rc = SQLITE_CORRUPT_BKPT;
+    releasePage(*ppPage);
+    goto getAndInitPage_error;
+  }
+  return SQLITE_OK;
+
+getAndInitPage_error:
+  if( pCur ) pCur->iPage--;
+  testcase( pgno==0 );
+  assert( pgno!=0 || rc==SQLITE_CORRUPT );
+  return rc;
+}
+
+/*
+** Release a MemPage.  This should be called once for each prior
+** call to btreeGetPage.
+*/
+static void releasePageNotNull(MemPage *pPage){
+  assert( pPage->aData );
+  assert( pPage->pBt );
+  assert( pPage->pDbPage!=0 );
+  assert( sqlite3PagerGetExtra(pPage->pDbPage) == (void*)pPage );
+  assert( sqlite3PagerGetData(pPage->pDbPage)==pPage->aData );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  sqlite3PagerUnrefNotNull(pPage->pDbPage);
+}
+static void releasePage(MemPage *pPage){
+  if( pPage ) releasePageNotNull(pPage);
+}
+
+/*
+** Get an unused page.
+**
+** This works just like btreeGetPage() with the addition:
+**
+**   *  If the page is already in use for some other purpose, immediately
+**      release it and return an SQLITE_CURRUPT error.
+**   *  Make sure the isInit flag is clear
+*/
+static int btreeGetUnusedPage(
+  BtShared *pBt,       /* The btree */
+  Pgno pgno,           /* Number of the page to fetch */
+  MemPage **ppPage,    /* Return the page in this parameter */
+  int flags            /* PAGER_GET_NOCONTENT or PAGER_GET_READONLY */
+){
+  int rc = btreeGetPage(pBt, pgno, ppPage, flags);
+  if( rc==SQLITE_OK ){
+    if( sqlite3PagerPageRefcount((*ppPage)->pDbPage)>1 ){
+      releasePage(*ppPage);
+      *ppPage = 0;
+      return SQLITE_CORRUPT_BKPT;
+    }
+    (*ppPage)->isInit = 0;
+  }else{
+    *ppPage = 0;
+  }
+  return rc;
+}
+
+
+/*
+** During a rollback, when the pager reloads information into the cache
+** so that the cache is restored to its original state at the start of
+** the transaction, for each page restored this routine is called.
+**
+** This routine needs to reset the extra data section at the end of the
+** page to agree with the restored data.
+*/
+static void pageReinit(DbPage *pData){
+  MemPage *pPage;
+  pPage = (MemPage *)sqlite3PagerGetExtra(pData);
+  assert( sqlite3PagerPageRefcount(pData)>0 );
+  if( pPage->isInit ){
+    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+    pPage->isInit = 0;
+    if( sqlite3PagerPageRefcount(pData)>1 ){
+      /* pPage might not be a btree page;  it might be an overflow page
+      ** or ptrmap page or a free page.  In those cases, the following
+      ** call to btreeInitPage() will likely return SQLITE_CORRUPT.
+      ** But no harm is done by this.  And it is very important that
+      ** btreeInitPage() be called on every btree page so we make
+      ** the call for every page that comes in for re-initing. */
+      btreeInitPage(pPage);
+    }
+  }
+}
+
+/*
+** Invoke the busy handler for a btree.
+*/
+static int btreeInvokeBusyHandler(void *pArg){
+  BtShared *pBt = (BtShared*)pArg;
+  assert( pBt->db );
+  assert( sqlite3_mutex_held(pBt->db->mutex) );
+  return sqlite3InvokeBusyHandler(&pBt->db->busyHandler);
+}
+
+/*
+** Open a database file.
+** 
+** zFilename is the name of the database file.  If zFilename is NULL
+** then an ephemeral database is created.  The ephemeral database might
+** be exclusively in memory, or it might use a disk-based memory cache.
+** Either way, the ephemeral database will be automatically deleted 
+** when sqlite3BtreeClose() is called.
+**
+** If zFilename is ":memory:" then an in-memory database is created
+** that is automatically destroyed when it is closed.
+**
+** The "flags" parameter is a bitmask that might contain bits like
+** BTREE_OMIT_JOURNAL and/or BTREE_MEMORY.
+**
+** If the database is already opened in the same database connection
+** and we are in shared cache mode, then the open will fail with an
+** SQLITE_CONSTRAINT error.  We cannot allow two or more BtShared
+** objects in the same database connection since doing so will lead
+** to problems with locking.
+*/
+SQLITE_PRIVATE int sqlite3BtreeOpen(
+  sqlite3_vfs *pVfs,      /* VFS to use for this b-tree */
+  const char *zFilename,  /* Name of the file containing the BTree database */
+  sqlite3 *db,            /* Associated database handle */
+  Btree **ppBtree,        /* Pointer to new Btree object written here */
+  int flags,              /* Options */
+  int vfsFlags            /* Flags passed through to sqlite3_vfs.xOpen() */
+){
+  BtShared *pBt = 0;             /* Shared part of btree structure */
+  Btree *p;                      /* Handle to return */
+  sqlite3_mutex *mutexOpen = 0;  /* Prevents a race condition. Ticket #3537 */
+  int rc = SQLITE_OK;            /* Result code from this function */
+  u8 nReserve;                   /* Byte of unused space on each page */
+  unsigned char zDbHeader[100];  /* Database header content */
+
+  /* True if opening an ephemeral, temporary database */
+  const int isTempDb = zFilename==0 || zFilename[0]==0;
+
+  /* Set the variable isMemdb to true for an in-memory database, or 
+  ** false for a file-based database.
+  */
+#ifdef SQLITE_OMIT_MEMORYDB
+  const int isMemdb = 0;
+#else
+  const int isMemdb = (zFilename && strcmp(zFilename, ":memory:")==0)
+                       || (isTempDb && sqlite3TempInMemory(db))
+                       || (vfsFlags & SQLITE_OPEN_MEMORY)!=0;
+#endif
+
+  assert( db!=0 );
+  assert( pVfs!=0 );
+  assert( sqlite3_mutex_held(db->mutex) );
+  assert( (flags&0xff)==flags );   /* flags fit in 8 bits */
+
+  /* Only a BTREE_SINGLE database can be BTREE_UNORDERED */
+  assert( (flags & BTREE_UNORDERED)==0 || (flags & BTREE_SINGLE)!=0 );
+
+  /* A BTREE_SINGLE database is always a temporary and/or ephemeral */
+  assert( (flags & BTREE_SINGLE)==0 || isTempDb );
+
+  if( isMemdb ){
+    flags |= BTREE_MEMORY;
+  }
+  if( (vfsFlags & SQLITE_OPEN_MAIN_DB)!=0 && (isMemdb || isTempDb) ){
+    vfsFlags = (vfsFlags & ~SQLITE_OPEN_MAIN_DB) | SQLITE_OPEN_TEMP_DB;
+  }
+  p = sqlite3MallocZero(sizeof(Btree));
+  if( !p ){
+    return SQLITE_NOMEM;
+  }
+  p->inTrans = TRANS_NONE;
+  p->db = db;
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  p->lock.pBtree = p;
+  p->lock.iTable = 1;
+#endif
+
+#if !defined(SQLITE_OMIT_SHARED_CACHE) && !defined(SQLITE_OMIT_DISKIO)
+  /*
+  ** If this Btree is a candidate for shared cache, try to find an
+  ** existing BtShared object that we can share with
+  */
+  if( isTempDb==0 && (isMemdb==0 || (vfsFlags&SQLITE_OPEN_URI)!=0) ){
+    if( vfsFlags & SQLITE_OPEN_SHAREDCACHE ){
+      int nFilename = sqlite3Strlen30(zFilename)+1;
+      int nFullPathname = pVfs->mxPathname+1;
+      char *zFullPathname = sqlite3Malloc(MAX(nFullPathname,nFilename));
+      MUTEX_LOGIC( sqlite3_mutex *mutexShared; )
+
+      p->sharable = 1;
+      if( !zFullPathname ){
+        sqlite3_free(p);
+        return SQLITE_NOMEM;
+      }
+      if( isMemdb ){
+        memcpy(zFullPathname, zFilename, nFilename);
+      }else{
+        rc = sqlite3OsFullPathname(pVfs, zFilename,
+                                   nFullPathname, zFullPathname);
+        if( rc ){
+          sqlite3_free(zFullPathname);
+          sqlite3_free(p);
+          return rc;
+        }
+      }
+#if SQLITE_THREADSAFE
+      mutexOpen = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_OPEN);
+      sqlite3_mutex_enter(mutexOpen);
+      mutexShared = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+      sqlite3_mutex_enter(mutexShared);
+#endif
+      for(pBt=GLOBAL(BtShared*,sqlite3SharedCacheList); pBt; pBt=pBt->pNext){
+        assert( pBt->nRef>0 );
+        if( 0==strcmp(zFullPathname, sqlite3PagerFilename(pBt->pPager, 0))
+                 && sqlite3PagerVfs(pBt->pPager)==pVfs ){
+          int iDb;
+          for(iDb=db->nDb-1; iDb>=0; iDb--){
+            Btree *pExisting = db->aDb[iDb].pBt;
+            if( pExisting && pExisting->pBt==pBt ){
+              sqlite3_mutex_leave(mutexShared);
+              sqlite3_mutex_leave(mutexOpen);
+              sqlite3_free(zFullPathname);
+              sqlite3_free(p);
+              return SQLITE_CONSTRAINT;
+            }
+          }
+          p->pBt = pBt;
+          pBt->nRef++;
+          break;
+        }
+      }
+      sqlite3_mutex_leave(mutexShared);
+      sqlite3_free(zFullPathname);
+    }
+#ifdef SQLITE_DEBUG
+    else{
+      /* In debug mode, we mark all persistent databases as sharable
+      ** even when they are not.  This exercises the locking code and
+      ** gives more opportunity for asserts(sqlite3_mutex_held())
+      ** statements to find locking problems.
+      */
+      p->sharable = 1;
+    }
+#endif
+  }
+#endif
+  if( pBt==0 ){
+    /*
+    ** The following asserts make sure that structures used by the btree are
+    ** the right size.  This is to guard against size changes that result
+    ** when compiling on a different architecture.
+    */
+    assert( sizeof(i64)==8 );
+    assert( sizeof(u64)==8 );
+    assert( sizeof(u32)==4 );
+    assert( sizeof(u16)==2 );
+    assert( sizeof(Pgno)==4 );
+  
+    pBt = sqlite3MallocZero( sizeof(*pBt) );
+    if( pBt==0 ){
+      rc = SQLITE_NOMEM;
+      goto btree_open_out;
+    }
+    rc = sqlite3PagerOpen(pVfs, &pBt->pPager, zFilename,
+                          EXTRA_SIZE, flags, vfsFlags, pageReinit);
+    if( rc==SQLITE_OK ){
+      sqlite3PagerSetMmapLimit(pBt->pPager, db->szMmap);
+      rc = sqlite3PagerReadFileheader(pBt->pPager,sizeof(zDbHeader),zDbHeader);
+    }
+    if( rc!=SQLITE_OK ){
+      goto btree_open_out;
+    }
+    pBt->openFlags = (u8)flags;
+    pBt->db = db;
+    sqlite3PagerSetBusyhandler(pBt->pPager, btreeInvokeBusyHandler, pBt);
+    p->pBt = pBt;
+  
+    pBt->pCursor = 0;
+    pBt->pPage1 = 0;
+    if( sqlite3PagerIsreadonly(pBt->pPager) ) pBt->btsFlags |= BTS_READ_ONLY;
+#ifdef SQLITE_SECURE_DELETE
+    pBt->btsFlags |= BTS_SECURE_DELETE;
+#endif
+    /* EVIDENCE-OF: R-51873-39618 The page size for a database file is
+    ** determined by the 2-byte integer located at an offset of 16 bytes from
+    ** the beginning of the database file. */
+    pBt->pageSize = (zDbHeader[16]<<8) | (zDbHeader[17]<<16);
+    if( pBt->pageSize<512 || pBt->pageSize>SQLITE_MAX_PAGE_SIZE
+         || ((pBt->pageSize-1)&pBt->pageSize)!=0 ){
+      pBt->pageSize = 0;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      /* If the magic name ":memory:" will create an in-memory database, then
+      ** leave the autoVacuum mode at 0 (do not auto-vacuum), even if
+      ** SQLITE_DEFAULT_AUTOVACUUM is true. On the other hand, if
+      ** SQLITE_OMIT_MEMORYDB has been defined, then ":memory:" is just a
+      ** regular file-name. In this case the auto-vacuum applies as per normal.
+      */
+      if( zFilename && !isMemdb ){
+        pBt->autoVacuum = (SQLITE_DEFAULT_AUTOVACUUM ? 1 : 0);
+        pBt->incrVacuum = (SQLITE_DEFAULT_AUTOVACUUM==2 ? 1 : 0);
+      }
+#endif
+      nReserve = 0;
+    }else{
+      /* EVIDENCE-OF: R-37497-42412 The size of the reserved region is
+      ** determined by the one-byte unsigned integer found at an offset of 20
+      ** into the database file header. */
+      nReserve = zDbHeader[20];
+      pBt->btsFlags |= BTS_PAGESIZE_FIXED;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      pBt->autoVacuum = (get4byte(&zDbHeader[36 + 4*4])?1:0);
+      pBt->incrVacuum = (get4byte(&zDbHeader[36 + 7*4])?1:0);
+#endif
+    }
+    rc = sqlite3PagerSetPagesize(pBt->pPager, &pBt->pageSize, nReserve);
+    if( rc ) goto btree_open_out;
+    pBt->usableSize = pBt->pageSize - nReserve;
+    assert( (pBt->pageSize & 7)==0 );  /* 8-byte alignment of pageSize */
+   
+#if !defined(SQLITE_OMIT_SHARED_CACHE) && !defined(SQLITE_OMIT_DISKIO)
+    /* Add the new BtShared object to the linked list sharable BtShareds.
+    */
+    if( p->sharable ){
+      MUTEX_LOGIC( sqlite3_mutex *mutexShared; )
+      pBt->nRef = 1;
+      MUTEX_LOGIC( mutexShared = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);)
+      if( SQLITE_THREADSAFE && sqlite3GlobalConfig.bCoreMutex ){
+        pBt->mutex = sqlite3MutexAlloc(SQLITE_MUTEX_FAST);
+        if( pBt->mutex==0 ){
+          rc = SQLITE_NOMEM;
+          db->mallocFailed = 0;
+          goto btree_open_out;
+        }
+      }
+      sqlite3_mutex_enter(mutexShared);
+      pBt->pNext = GLOBAL(BtShared*,sqlite3SharedCacheList);
+      GLOBAL(BtShared*,sqlite3SharedCacheList) = pBt;
+      sqlite3_mutex_leave(mutexShared);
+    }
+#endif
+  }
+
+#if !defined(SQLITE_OMIT_SHARED_CACHE) && !defined(SQLITE_OMIT_DISKIO)
+  /* If the new Btree uses a sharable pBtShared, then link the new
+  ** Btree into the list of all sharable Btrees for the same connection.
+  ** The list is kept in ascending order by pBt address.
+  */
+  if( p->sharable ){
+    int i;
+    Btree *pSib;
+    for(i=0; i<db->nDb; i++){
+      if( (pSib = db->aDb[i].pBt)!=0 && pSib->sharable ){
+        while( pSib->pPrev ){ pSib = pSib->pPrev; }
+        if( p->pBt<pSib->pBt ){
+          p->pNext = pSib;
+          p->pPrev = 0;
+          pSib->pPrev = p;
+        }else{
+          while( pSib->pNext && pSib->pNext->pBt<p->pBt ){
+            pSib = pSib->pNext;
+          }
+          p->pNext = pSib->pNext;
+          p->pPrev = pSib;
+          if( p->pNext ){
+            p->pNext->pPrev = p;
+          }
+          pSib->pNext = p;
+        }
+        break;
+      }
+    }
+  }
+#endif
+  *ppBtree = p;
+
+btree_open_out:
+  if( rc!=SQLITE_OK ){
+    if( pBt && pBt->pPager ){
+      sqlite3PagerClose(pBt->pPager);
+    }
+    sqlite3_free(pBt);
+    sqlite3_free(p);
+    *ppBtree = 0;
+  }else{
+    /* If the B-Tree was successfully opened, set the pager-cache size to the
+    ** default value. Except, when opening on an existing shared pager-cache,
+    ** do not change the pager-cache size.
+    */
+    if( sqlite3BtreeSchema(p, 0, 0)==0 ){
+      sqlite3PagerSetCachesize(p->pBt->pPager, SQLITE_DEFAULT_CACHE_SIZE);
+    }
+  }
+  if( mutexOpen ){
+    assert( sqlite3_mutex_held(mutexOpen) );
+    sqlite3_mutex_leave(mutexOpen);
+  }
+  return rc;
+}
+
+/*
+** Decrement the BtShared.nRef counter.  When it reaches zero,
+** remove the BtShared structure from the sharing list.  Return
+** true if the BtShared.nRef counter reaches zero and return
+** false if it is still positive.
+*/
+static int removeFromSharingList(BtShared *pBt){
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  MUTEX_LOGIC( sqlite3_mutex *pMaster; )
+  BtShared *pList;
+  int removed = 0;
+
+  assert( sqlite3_mutex_notheld(pBt->mutex) );
+  MUTEX_LOGIC( pMaster = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER); )
+  sqlite3_mutex_enter(pMaster);
+  pBt->nRef--;
+  if( pBt->nRef<=0 ){
+    if( GLOBAL(BtShared*,sqlite3SharedCacheList)==pBt ){
+      GLOBAL(BtShared*,sqlite3SharedCacheList) = pBt->pNext;
+    }else{
+      pList = GLOBAL(BtShared*,sqlite3SharedCacheList);
+      while( ALWAYS(pList) && pList->pNext!=pBt ){
+        pList=pList->pNext;
+      }
+      if( ALWAYS(pList) ){
+        pList->pNext = pBt->pNext;
+      }
+    }
+    if( SQLITE_THREADSAFE ){
+      sqlite3_mutex_free(pBt->mutex);
+    }
+    removed = 1;
+  }
+  sqlite3_mutex_leave(pMaster);
+  return removed;
+#else
+  return 1;
+#endif
+}
+
+/*
+** Make sure pBt->pTmpSpace points to an allocation of 
+** MX_CELL_SIZE(pBt) bytes with a 4-byte prefix for a left-child
+** pointer.
+*/
+static void allocateTempSpace(BtShared *pBt){
+  if( !pBt->pTmpSpace ){
+    pBt->pTmpSpace = sqlite3PageMalloc( pBt->pageSize );
+
+    /* One of the uses of pBt->pTmpSpace is to format cells before
+    ** inserting them into a leaf page (function fillInCell()). If
+    ** a cell is less than 4 bytes in size, it is rounded up to 4 bytes
+    ** by the various routines that manipulate binary cells. Which
+    ** can mean that fillInCell() only initializes the first 2 or 3
+    ** bytes of pTmpSpace, but that the first 4 bytes are copied from
+    ** it into a database page. This is not actually a problem, but it
+    ** does cause a valgrind error when the 1 or 2 bytes of unitialized 
+    ** data is passed to system call write(). So to avoid this error,
+    ** zero the first 4 bytes of temp space here.
+    **
+    ** Also:  Provide four bytes of initialized space before the
+    ** beginning of pTmpSpace as an area available to prepend the
+    ** left-child pointer to the beginning of a cell.
+    */
+    if( pBt->pTmpSpace ){
+      memset(pBt->pTmpSpace, 0, 8);
+      pBt->pTmpSpace += 4;
+    }
+  }
+}
+
+/*
+** Free the pBt->pTmpSpace allocation
+*/
+static void freeTempSpace(BtShared *pBt){
+  if( pBt->pTmpSpace ){
+    pBt->pTmpSpace -= 4;
+    sqlite3PageFree(pBt->pTmpSpace);
+    pBt->pTmpSpace = 0;
+  }
+}
+
+/*
+** Close an open database and invalidate all cursors.
+*/
+SQLITE_PRIVATE int sqlite3BtreeClose(Btree *p){
+  BtShared *pBt = p->pBt;
+  BtCursor *pCur;
+
+  /* Close all cursors opened via this handle.  */
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  sqlite3BtreeEnter(p);
+  pCur = pBt->pCursor;
+  while( pCur ){
+    BtCursor *pTmp = pCur;
+    pCur = pCur->pNext;
+    if( pTmp->pBtree==p ){
+      sqlite3BtreeCloseCursor(pTmp);
+    }
+  }
+
+  /* Rollback any active transaction and free the handle structure.
+  ** The call to sqlite3BtreeRollback() drops any table-locks held by
+  ** this handle.
+  */
+  sqlite3BtreeRollback(p, SQLITE_OK, 0);
+  sqlite3BtreeLeave(p);
+
+  /* If there are still other outstanding references to the shared-btree
+  ** structure, return now. The remainder of this procedure cleans 
+  ** up the shared-btree.
+  */
+  assert( p->wantToLock==0 && p->locked==0 );
+  if( !p->sharable || removeFromSharingList(pBt) ){
+    /* The pBt is no longer on the sharing list, so we can access
+    ** it without having to hold the mutex.
+    **
+    ** Clean out and delete the BtShared object.
+    */
+    assert( !pBt->pCursor );
+    sqlite3PagerClose(pBt->pPager);
+    if( pBt->xFreeSchema && pBt->pSchema ){
+      pBt->xFreeSchema(pBt->pSchema);
+    }
+    sqlite3DbFree(0, pBt->pSchema);
+    freeTempSpace(pBt);
+    sqlite3_free(pBt);
+  }
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  assert( p->wantToLock==0 );
+  assert( p->locked==0 );
+  if( p->pPrev ) p->pPrev->pNext = p->pNext;
+  if( p->pNext ) p->pNext->pPrev = p->pPrev;
+#endif
+
+  sqlite3_free(p);
+  return SQLITE_OK;
+}
+
+/*
+** Change the "soft" limit on the number of pages in the cache.
+** Unused and unmodified pages will be recycled when the number of
+** pages in the cache exceeds this soft limit.  But the size of the
+** cache is allowed to grow larger than this limit if it contains
+** dirty pages or pages still in active use.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSetCacheSize(Btree *p, int mxPage){
+  BtShared *pBt = p->pBt;
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  sqlite3BtreeEnter(p);
+  sqlite3PagerSetCachesize(pBt->pPager, mxPage);
+  sqlite3BtreeLeave(p);
+  return SQLITE_OK;
+}
+
+/*
+** Change the "spill" limit on the number of pages in the cache.
+** If the number of pages exceeds this limit during a write transaction,
+** the pager might attempt to "spill" pages to the journal early in
+** order to free up memory.
+**
+** The value returned is the current spill size.  If zero is passed
+** as an argument, no changes are made to the spill size setting, so
+** using mxPage of 0 is a way to query the current spill size.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSetSpillSize(Btree *p, int mxPage){
+  BtShared *pBt = p->pBt;
+  int res;
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  sqlite3BtreeEnter(p);
+  res = sqlite3PagerSetSpillsize(pBt->pPager, mxPage);
+  sqlite3BtreeLeave(p);
+  return res;
+}
+
+#if SQLITE_MAX_MMAP_SIZE>0
+/*
+** Change the limit on the amount of the database file that may be
+** memory mapped.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSetMmapLimit(Btree *p, sqlite3_int64 szMmap){
+  BtShared *pBt = p->pBt;
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  sqlite3BtreeEnter(p);
+  sqlite3PagerSetMmapLimit(pBt->pPager, szMmap);
+  sqlite3BtreeLeave(p);
+  return SQLITE_OK;
+}
+#endif /* SQLITE_MAX_MMAP_SIZE>0 */
+
+/*
+** Change the way data is synced to disk in order to increase or decrease
+** how well the database resists damage due to OS crashes and power
+** failures.  Level 1 is the same as asynchronous (no syncs() occur and
+** there is a high probability of damage)  Level 2 is the default.  There
+** is a very low but non-zero probability of damage.  Level 3 reduces the
+** probability of damage to near zero but with a write performance reduction.
+*/
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+SQLITE_PRIVATE int sqlite3BtreeSetPagerFlags(
+  Btree *p,              /* The btree to set the safety level on */
+  unsigned pgFlags       /* Various PAGER_* flags */
+){
+  BtShared *pBt = p->pBt;
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  sqlite3BtreeEnter(p);
+  sqlite3PagerSetFlags(pBt->pPager, pgFlags);
+  sqlite3BtreeLeave(p);
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** Return TRUE if the given btree is set to safety level 1.  In other
+** words, return TRUE if no sync() occurs on the disk files.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSyncDisabled(Btree *p){
+  BtShared *pBt = p->pBt;
+  int rc;
+  assert( sqlite3_mutex_held(p->db->mutex) );  
+  sqlite3BtreeEnter(p);
+  assert( pBt && pBt->pPager );
+  rc = sqlite3PagerNosync(pBt->pPager);
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** Change the default pages size and the number of reserved bytes per page.
+** Or, if the page size has already been fixed, return SQLITE_READONLY 
+** without changing anything.
+**
+** The page size must be a power of 2 between 512 and 65536.  If the page
+** size supplied does not meet this constraint then the page size is not
+** changed.
+**
+** Page sizes are constrained to be a power of two so that the region
+** of the database file used for locking (beginning at PENDING_BYTE,
+** the first byte past the 1GB boundary, 0x40000000) needs to occur
+** at the beginning of a page.
+**
+** If parameter nReserve is less than zero, then the number of reserved
+** bytes per page is left unchanged.
+**
+** If the iFix!=0 then the BTS_PAGESIZE_FIXED flag is set so that the page size
+** and autovacuum mode can no longer be changed.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSetPageSize(Btree *p, int pageSize, int nReserve, int iFix){
+  int rc = SQLITE_OK;
+  BtShared *pBt = p->pBt;
+  assert( nReserve>=-1 && nReserve<=255 );
+  sqlite3BtreeEnter(p);
+#if SQLITE_HAS_CODEC
+  if( nReserve>pBt->optimalReserve ) pBt->optimalReserve = (u8)nReserve;
+#endif
+  if( pBt->btsFlags & BTS_PAGESIZE_FIXED ){
+    sqlite3BtreeLeave(p);
+    return SQLITE_READONLY;
+  }
+  if( nReserve<0 ){
+    nReserve = pBt->pageSize - pBt->usableSize;
+  }
+  assert( nReserve>=0 && nReserve<=255 );
+  if( pageSize>=512 && pageSize<=SQLITE_MAX_PAGE_SIZE &&
+        ((pageSize-1)&pageSize)==0 ){
+    assert( (pageSize & 7)==0 );
+    assert( !pBt->pCursor );
+    pBt->pageSize = (u32)pageSize;
+    freeTempSpace(pBt);
+  }
+  rc = sqlite3PagerSetPagesize(pBt->pPager, &pBt->pageSize, nReserve);
+  pBt->usableSize = pBt->pageSize - (u16)nReserve;
+  if( iFix ) pBt->btsFlags |= BTS_PAGESIZE_FIXED;
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** Return the currently defined page size
+*/
+SQLITE_PRIVATE int sqlite3BtreeGetPageSize(Btree *p){
+  return p->pBt->pageSize;
+}
+
+/*
+** This function is similar to sqlite3BtreeGetReserve(), except that it
+** may only be called if it is guaranteed that the b-tree mutex is already
+** held.
+**
+** This is useful in one special case in the backup API code where it is
+** known that the shared b-tree mutex is held, but the mutex on the 
+** database handle that owns *p is not. In this case if sqlite3BtreeEnter()
+** were to be called, it might collide with some other operation on the
+** database handle that owns *p, causing undefined behavior.
+*/
+SQLITE_PRIVATE int sqlite3BtreeGetReserveNoMutex(Btree *p){
+  int n;
+  assert( sqlite3_mutex_held(p->pBt->mutex) );
+  n = p->pBt->pageSize - p->pBt->usableSize;
+  return n;
+}
+
+/*
+** Return the number of bytes of space at the end of every page that
+** are intentually left unused.  This is the "reserved" space that is
+** sometimes used by extensions.
+**
+** If SQLITE_HAS_MUTEX is defined then the number returned is the
+** greater of the current reserved space and the maximum requested
+** reserve space.
+*/
+SQLITE_PRIVATE int sqlite3BtreeGetOptimalReserve(Btree *p){
+  int n;
+  sqlite3BtreeEnter(p);
+  n = sqlite3BtreeGetReserveNoMutex(p);
+#ifdef SQLITE_HAS_CODEC
+  if( n<p->pBt->optimalReserve ) n = p->pBt->optimalReserve;
+#endif
+  sqlite3BtreeLeave(p);
+  return n;
+}
+
+
+/*
+** Set the maximum page count for a database if mxPage is positive.
+** No changes are made if mxPage is 0 or negative.
+** Regardless of the value of mxPage, return the maximum page count.
+*/
+SQLITE_PRIVATE int sqlite3BtreeMaxPageCount(Btree *p, int mxPage){
+  int n;
+  sqlite3BtreeEnter(p);
+  n = sqlite3PagerMaxPageCount(p->pBt->pPager, mxPage);
+  sqlite3BtreeLeave(p);
+  return n;
+}
+
+/*
+** Set the BTS_SECURE_DELETE flag if newFlag is 0 or 1.  If newFlag is -1,
+** then make no changes.  Always return the value of the BTS_SECURE_DELETE
+** setting after the change.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSecureDelete(Btree *p, int newFlag){
+  int b;
+  if( p==0 ) return 0;
+  sqlite3BtreeEnter(p);
+  if( newFlag>=0 ){
+    p->pBt->btsFlags &= ~BTS_SECURE_DELETE;
+    if( newFlag ) p->pBt->btsFlags |= BTS_SECURE_DELETE;
+  } 
+  b = (p->pBt->btsFlags & BTS_SECURE_DELETE)!=0;
+  sqlite3BtreeLeave(p);
+  return b;
+}
+
+/*
+** Change the 'auto-vacuum' property of the database. If the 'autoVacuum'
+** parameter is non-zero, then auto-vacuum mode is enabled. If zero, it
+** is disabled. The default value for the auto-vacuum property is 
+** determined by the SQLITE_DEFAULT_AUTOVACUUM macro.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSetAutoVacuum(Btree *p, int autoVacuum){
+#ifdef SQLITE_OMIT_AUTOVACUUM
+  return SQLITE_READONLY;
+#else
+  BtShared *pBt = p->pBt;
+  int rc = SQLITE_OK;
+  u8 av = (u8)autoVacuum;
+
+  sqlite3BtreeEnter(p);
+  if( (pBt->btsFlags & BTS_PAGESIZE_FIXED)!=0 && (av ?1:0)!=pBt->autoVacuum ){
+    rc = SQLITE_READONLY;
+  }else{
+    pBt->autoVacuum = av ?1:0;
+    pBt->incrVacuum = av==2 ?1:0;
+  }
+  sqlite3BtreeLeave(p);
+  return rc;
+#endif
+}
+
+/*
+** Return the value of the 'auto-vacuum' property. If auto-vacuum is 
+** enabled 1 is returned. Otherwise 0.
+*/
+SQLITE_PRIVATE int sqlite3BtreeGetAutoVacuum(Btree *p){
+#ifdef SQLITE_OMIT_AUTOVACUUM
+  return BTREE_AUTOVACUUM_NONE;
+#else
+  int rc;
+  sqlite3BtreeEnter(p);
+  rc = (
+    (!p->pBt->autoVacuum)?BTREE_AUTOVACUUM_NONE:
+    (!p->pBt->incrVacuum)?BTREE_AUTOVACUUM_FULL:
+    BTREE_AUTOVACUUM_INCR
+  );
+  sqlite3BtreeLeave(p);
+  return rc;
+#endif
+}
+
+
+/*
+** Get a reference to pPage1 of the database file.  This will
+** also acquire a readlock on that file.
+**
+** SQLITE_OK is returned on success.  If the file is not a
+** well-formed database file, then SQLITE_CORRUPT is returned.
+** SQLITE_BUSY is returned if the database is locked.  SQLITE_NOMEM
+** is returned if we run out of memory. 
+*/
+static int lockBtree(BtShared *pBt){
+  int rc;              /* Result code from subfunctions */
+  MemPage *pPage1;     /* Page 1 of the database file */
+  int nPage;           /* Number of pages in the database */
+  int nPageFile = 0;   /* Number of pages in the database file */
+  int nPageHeader;     /* Number of pages in the database according to hdr */
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( pBt->pPage1==0 );
+  rc = sqlite3PagerSharedLock(pBt->pPager);
+  if( rc!=SQLITE_OK ) return rc;
+  rc = btreeGetPage(pBt, 1, &pPage1, 0);
+  if( rc!=SQLITE_OK ) return rc;
+
+  /* Do some checking to help insure the file we opened really is
+  ** a valid database file. 
+  */
+  nPage = nPageHeader = get4byte(28+(u8*)pPage1->aData);
+  sqlite3PagerPagecount(pBt->pPager, &nPageFile);
+  if( nPage==0 || memcmp(24+(u8*)pPage1->aData, 92+(u8*)pPage1->aData,4)!=0 ){
+    nPage = nPageFile;
+  }
+  if( nPage>0 ){
+    u32 pageSize;
+    u32 usableSize;
+    u8 *page1 = pPage1->aData;
+    rc = SQLITE_NOTADB;
+    /* EVIDENCE-OF: R-43737-39999 Every valid SQLite database file begins
+    ** with the following 16 bytes (in hex): 53 51 4c 69 74 65 20 66 6f 72 6d
+    ** 61 74 20 33 00. */
+    if( memcmp(page1, zMagicHeader, 16)!=0 ){
+      goto page1_init_failed;
+    }
+
+#ifdef SQLITE_OMIT_WAL
+    if( page1[18]>1 ){
+      pBt->btsFlags |= BTS_READ_ONLY;
+    }
+    if( page1[19]>1 ){
+      goto page1_init_failed;
+    }
+#else
+    if( page1[18]>2 ){
+      pBt->btsFlags |= BTS_READ_ONLY;
+    }
+    if( page1[19]>2 ){
+      goto page1_init_failed;
+    }
+
+    /* If the write version is set to 2, this database should be accessed
+    ** in WAL mode. If the log is not already open, open it now. Then 
+    ** return SQLITE_OK and return without populating BtShared.pPage1.
+    ** The caller detects this and calls this function again. This is
+    ** required as the version of page 1 currently in the page1 buffer
+    ** may not be the latest version - there may be a newer one in the log
+    ** file.
+    */
+    if( page1[19]==2 && (pBt->btsFlags & BTS_NO_WAL)==0 ){
+      int isOpen = 0;
+      rc = sqlite3PagerOpenWal(pBt->pPager, &isOpen);
+      if( rc!=SQLITE_OK ){
+        goto page1_init_failed;
+      }else if( isOpen==0 ){
+        releasePage(pPage1);
+        return SQLITE_OK;
+      }
+      rc = SQLITE_NOTADB;
+    }
+#endif
+
+    /* EVIDENCE-OF: R-15465-20813 The maximum and minimum embedded payload
+    ** fractions and the leaf payload fraction values must be 64, 32, and 32.
+    **
+    ** The original design allowed these amounts to vary, but as of
+    ** version 3.6.0, we require them to be fixed.
+    */
+    if( memcmp(&page1[21], "\100\040\040",3)!=0 ){
+      goto page1_init_failed;
+    }
+    /* EVIDENCE-OF: R-51873-39618 The page size for a database file is
+    ** determined by the 2-byte integer located at an offset of 16 bytes from
+    ** the beginning of the database file. */
+    pageSize = (page1[16]<<8) | (page1[17]<<16);
+    /* EVIDENCE-OF: R-25008-21688 The size of a page is a power of two
+    ** between 512 and 65536 inclusive. */
+    if( ((pageSize-1)&pageSize)!=0
+     || pageSize>SQLITE_MAX_PAGE_SIZE 
+     || pageSize<=256 
+    ){
+      goto page1_init_failed;
+    }
+    assert( (pageSize & 7)==0 );
+    /* EVIDENCE-OF: R-59310-51205 The "reserved space" size in the 1-byte
+    ** integer at offset 20 is the number of bytes of space at the end of
+    ** each page to reserve for extensions. 
+    **
+    ** EVIDENCE-OF: R-37497-42412 The size of the reserved region is
+    ** determined by the one-byte unsigned integer found at an offset of 20
+    ** into the database file header. */
+    usableSize = pageSize - page1[20];
+    if( (u32)pageSize!=pBt->pageSize ){
+      /* After reading the first page of the database assuming a page size
+      ** of BtShared.pageSize, we have discovered that the page-size is
+      ** actually pageSize. Unlock the database, leave pBt->pPage1 at
+      ** zero and return SQLITE_OK. The caller will call this function
+      ** again with the correct page-size.
+      */
+      releasePage(pPage1);
+      pBt->usableSize = usableSize;
+      pBt->pageSize = pageSize;
+      freeTempSpace(pBt);
+      rc = sqlite3PagerSetPagesize(pBt->pPager, &pBt->pageSize,
+                                   pageSize-usableSize);
+      return rc;
+    }
+    if( (pBt->db->flags & SQLITE_RecoveryMode)==0 && nPage>nPageFile ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto page1_init_failed;
+    }
+    /* EVIDENCE-OF: R-28312-64704 However, the usable size is not allowed to
+    ** be less than 480. In other words, if the page size is 512, then the
+    ** reserved space size cannot exceed 32. */
+    if( usableSize<480 ){
+      goto page1_init_failed;
+    }
+    pBt->pageSize = pageSize;
+    pBt->usableSize = usableSize;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    pBt->autoVacuum = (get4byte(&page1[36 + 4*4])?1:0);
+    pBt->incrVacuum = (get4byte(&page1[36 + 7*4])?1:0);
+#endif
+  }
+
+  /* maxLocal is the maximum amount of payload to store locally for
+  ** a cell.  Make sure it is small enough so that at least minFanout
+  ** cells can will fit on one page.  We assume a 10-byte page header.
+  ** Besides the payload, the cell must store:
+  **     2-byte pointer to the cell
+  **     4-byte child pointer
+  **     9-byte nKey value
+  **     4-byte nData value
+  **     4-byte overflow page pointer
+  ** So a cell consists of a 2-byte pointer, a header which is as much as
+  ** 17 bytes long, 0 to N bytes of payload, and an optional 4 byte overflow
+  ** page pointer.
+  */
+  pBt->maxLocal = (u16)((pBt->usableSize-12)*64/255 - 23);
+  pBt->minLocal = (u16)((pBt->usableSize-12)*32/255 - 23);
+  pBt->maxLeaf = (u16)(pBt->usableSize - 35);
+  pBt->minLeaf = (u16)((pBt->usableSize-12)*32/255 - 23);
+  if( pBt->maxLocal>127 ){
+    pBt->max1bytePayload = 127;
+  }else{
+    pBt->max1bytePayload = (u8)pBt->maxLocal;
+  }
+  assert( pBt->maxLeaf + 23 <= MX_CELL_SIZE(pBt) );
+  pBt->pPage1 = pPage1;
+  pBt->nPage = nPage;
+  return SQLITE_OK;
+
+page1_init_failed:
+  releasePage(pPage1);
+  pBt->pPage1 = 0;
+  return rc;
+}
+
+#ifndef NDEBUG
+/*
+** Return the number of cursors open on pBt. This is for use
+** in assert() expressions, so it is only compiled if NDEBUG is not
+** defined.
+**
+** Only write cursors are counted if wrOnly is true.  If wrOnly is
+** false then all cursors are counted.
+**
+** For the purposes of this routine, a cursor is any cursor that
+** is capable of reading or writing to the database.  Cursors that
+** have been tripped into the CURSOR_FAULT state are not counted.
+*/
+static int countValidCursors(BtShared *pBt, int wrOnly){
+  BtCursor *pCur;
+  int r = 0;
+  for(pCur=pBt->pCursor; pCur; pCur=pCur->pNext){
+    if( (wrOnly==0 || (pCur->curFlags & BTCF_WriteFlag)!=0)
+     && pCur->eState!=CURSOR_FAULT ) r++; 
+  }
+  return r;
+}
+#endif
+
+/*
+** If there are no outstanding cursors and we are not in the middle
+** of a transaction but there is a read lock on the database, then
+** this routine unrefs the first page of the database file which 
+** has the effect of releasing the read lock.
+**
+** If there is a transaction in progress, this routine is a no-op.
+*/
+static void unlockBtreeIfUnused(BtShared *pBt){
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( countValidCursors(pBt,0)==0 || pBt->inTransaction>TRANS_NONE );
+  if( pBt->inTransaction==TRANS_NONE && pBt->pPage1!=0 ){
+    MemPage *pPage1 = pBt->pPage1;
+    assert( pPage1->aData );
+    assert( sqlite3PagerRefcount(pBt->pPager)==1 );
+    pBt->pPage1 = 0;
+    releasePageNotNull(pPage1);
+  }
+}
+
+/*
+** If pBt points to an empty file then convert that empty file
+** into a new empty database by initializing the first page of
+** the database.
+*/
+static int newDatabase(BtShared *pBt){
+  MemPage *pP1;
+  unsigned char *data;
+  int rc;
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  if( pBt->nPage>0 ){
+    return SQLITE_OK;
+  }
+  pP1 = pBt->pPage1;
+  assert( pP1!=0 );
+  data = pP1->aData;
+  rc = sqlite3PagerWrite(pP1->pDbPage);
+  if( rc ) return rc;
+  memcpy(data, zMagicHeader, sizeof(zMagicHeader));
+  assert( sizeof(zMagicHeader)==16 );
+  data[16] = (u8)((pBt->pageSize>>8)&0xff);
+  data[17] = (u8)((pBt->pageSize>>16)&0xff);
+  data[18] = 1;
+  data[19] = 1;
+  assert( pBt->usableSize<=pBt->pageSize && pBt->usableSize+255>=pBt->pageSize);
+  data[20] = (u8)(pBt->pageSize - pBt->usableSize);
+  data[21] = 64;
+  data[22] = 32;
+  data[23] = 32;
+  memset(&data[24], 0, 100-24);
+  zeroPage(pP1, PTF_INTKEY|PTF_LEAF|PTF_LEAFDATA );
+  pBt->btsFlags |= BTS_PAGESIZE_FIXED;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  assert( pBt->autoVacuum==1 || pBt->autoVacuum==0 );
+  assert( pBt->incrVacuum==1 || pBt->incrVacuum==0 );
+  put4byte(&data[36 + 4*4], pBt->autoVacuum);
+  put4byte(&data[36 + 7*4], pBt->incrVacuum);
+#endif
+  pBt->nPage = 1;
+  data[31] = 1;
+  return SQLITE_OK;
+}
+
+/*
+** Initialize the first page of the database file (creating a database
+** consisting of a single page and no schema objects). Return SQLITE_OK
+** if successful, or an SQLite error code otherwise.
+*/
+SQLITE_PRIVATE int sqlite3BtreeNewDb(Btree *p){
+  int rc;
+  sqlite3BtreeEnter(p);
+  p->pBt->nPage = 0;
+  rc = newDatabase(p->pBt);
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** Attempt to start a new transaction. A write-transaction
+** is started if the second argument is nonzero, otherwise a read-
+** transaction.  If the second argument is 2 or more and exclusive
+** transaction is started, meaning that no other process is allowed
+** to access the database.  A preexisting transaction may not be
+** upgraded to exclusive by calling this routine a second time - the
+** exclusivity flag only works for a new transaction.
+**
+** A write-transaction must be started before attempting any 
+** changes to the database.  None of the following routines 
+** will work unless a transaction is started first:
+**
+**      sqlite3BtreeCreateTable()
+**      sqlite3BtreeCreateIndex()
+**      sqlite3BtreeClearTable()
+**      sqlite3BtreeDropTable()
+**      sqlite3BtreeInsert()
+**      sqlite3BtreeDelete()
+**      sqlite3BtreeUpdateMeta()
+**
+** If an initial attempt to acquire the lock fails because of lock contention
+** and the database was previously unlocked, then invoke the busy handler
+** if there is one.  But if there was previously a read-lock, do not
+** invoke the busy handler - just return SQLITE_BUSY.  SQLITE_BUSY is 
+** returned when there is already a read-lock in order to avoid a deadlock.
+**
+** Suppose there are two processes A and B.  A has a read lock and B has
+** a reserved lock.  B tries to promote to exclusive but is blocked because
+** of A's read lock.  A tries to promote to reserved but is blocked by B.
+** One or the other of the two processes must give way or there can be
+** no progress.  By returning SQLITE_BUSY and not invoking the busy callback
+** when A already has a read lock, we encourage A to give up and let B
+** proceed.
+*/
+SQLITE_PRIVATE int sqlite3BtreeBeginTrans(Btree *p, int wrflag){
+  sqlite3 *pBlock = 0;
+  BtShared *pBt = p->pBt;
+  int rc = SQLITE_OK;
+
+  sqlite3BtreeEnter(p);
+  btreeIntegrity(p);
+
+  /* If the btree is already in a write-transaction, or it
+  ** is already in a read-transaction and a read-transaction
+  ** is requested, this is a no-op.
+  */
+  if( p->inTrans==TRANS_WRITE || (p->inTrans==TRANS_READ && !wrflag) ){
+    goto trans_begun;
+  }
+  assert( pBt->inTransaction==TRANS_WRITE || IfNotOmitAV(pBt->bDoTruncate)==0 );
+
+  /* Write transactions are not possible on a read-only database */
+  if( (pBt->btsFlags & BTS_READ_ONLY)!=0 && wrflag ){
+    rc = SQLITE_READONLY;
+    goto trans_begun;
+  }
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  /* If another database handle has already opened a write transaction 
+  ** on this shared-btree structure and a second write transaction is
+  ** requested, return SQLITE_LOCKED.
+  */
+  if( (wrflag && pBt->inTransaction==TRANS_WRITE)
+   || (pBt->btsFlags & BTS_PENDING)!=0
+  ){
+    pBlock = pBt->pWriter->db;
+  }else if( wrflag>1 ){
+    BtLock *pIter;
+    for(pIter=pBt->pLock; pIter; pIter=pIter->pNext){
+      if( pIter->pBtree!=p ){
+        pBlock = pIter->pBtree->db;
+        break;
+      }
+    }
+  }
+  if( pBlock ){
+    sqlite3ConnectionBlocked(p->db, pBlock);
+    rc = SQLITE_LOCKED_SHAREDCACHE;
+    goto trans_begun;
+  }
+#endif
+
+  /* Any read-only or read-write transaction implies a read-lock on 
+  ** page 1. So if some other shared-cache client already has a write-lock 
+  ** on page 1, the transaction cannot be opened. */
+  rc = querySharedCacheTableLock(p, MASTER_ROOT, READ_LOCK);
+  if( SQLITE_OK!=rc ) goto trans_begun;
+
+  pBt->btsFlags &= ~BTS_INITIALLY_EMPTY;
+  if( pBt->nPage==0 ) pBt->btsFlags |= BTS_INITIALLY_EMPTY;
+  do {
+    /* Call lockBtree() until either pBt->pPage1 is populated or
+    ** lockBtree() returns something other than SQLITE_OK. lockBtree()
+    ** may return SQLITE_OK but leave pBt->pPage1 set to 0 if after
+    ** reading page 1 it discovers that the page-size of the database 
+    ** file is not pBt->pageSize. In this case lockBtree() will update
+    ** pBt->pageSize to the page-size of the file on disk.
+    */
+    while( pBt->pPage1==0 && SQLITE_OK==(rc = lockBtree(pBt)) );
+
+    if( rc==SQLITE_OK && wrflag ){
+      if( (pBt->btsFlags & BTS_READ_ONLY)!=0 ){
+        rc = SQLITE_READONLY;
+      }else{
+        rc = sqlite3PagerBegin(pBt->pPager,wrflag>1,sqlite3TempInMemory(p->db));
+        if( rc==SQLITE_OK ){
+          rc = newDatabase(pBt);
+        }
+      }
+    }
+  
+    if( rc!=SQLITE_OK ){
+      unlockBtreeIfUnused(pBt);
+    }
+  }while( (rc&0xFF)==SQLITE_BUSY && pBt->inTransaction==TRANS_NONE &&
+          btreeInvokeBusyHandler(pBt) );
+
+  if( rc==SQLITE_OK ){
+    if( p->inTrans==TRANS_NONE ){
+      pBt->nTransaction++;
+#ifndef SQLITE_OMIT_SHARED_CACHE
+      if( p->sharable ){
+        assert( p->lock.pBtree==p && p->lock.iTable==1 );
+        p->lock.eLock = READ_LOCK;
+        p->lock.pNext = pBt->pLock;
+        pBt->pLock = &p->lock;
+      }
+#endif
+    }
+    p->inTrans = (wrflag?TRANS_WRITE:TRANS_READ);
+    if( p->inTrans>pBt->inTransaction ){
+      pBt->inTransaction = p->inTrans;
+    }
+    if( wrflag ){
+      MemPage *pPage1 = pBt->pPage1;
+#ifndef SQLITE_OMIT_SHARED_CACHE
+      assert( !pBt->pWriter );
+      pBt->pWriter = p;
+      pBt->btsFlags &= ~BTS_EXCLUSIVE;
+      if( wrflag>1 ) pBt->btsFlags |= BTS_EXCLUSIVE;
+#endif
+
+      /* If the db-size header field is incorrect (as it may be if an old
+      ** client has been writing the database file), update it now. Doing
+      ** this sooner rather than later means the database size can safely 
+      ** re-read the database size from page 1 if a savepoint or transaction
+      ** rollback occurs within the transaction.
+      */
+      if( pBt->nPage!=get4byte(&pPage1->aData[28]) ){
+        rc = sqlite3PagerWrite(pPage1->pDbPage);
+        if( rc==SQLITE_OK ){
+          put4byte(&pPage1->aData[28], pBt->nPage);
+        }
+      }
+    }
+  }
+
+
+trans_begun:
+  if( rc==SQLITE_OK && wrflag ){
+    /* This call makes sure that the pager has the correct number of
+    ** open savepoints. If the second parameter is greater than 0 and
+    ** the sub-journal is not already open, then it will be opened here.
+    */
+    rc = sqlite3PagerOpenSavepoint(pBt->pPager, p->db->nSavepoint);
+  }
+
+  btreeIntegrity(p);
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+
+/*
+** Set the pointer-map entries for all children of page pPage. Also, if
+** pPage contains cells that point to overflow pages, set the pointer
+** map entries for the overflow pages as well.
+*/
+static int setChildPtrmaps(MemPage *pPage){
+  int i;                             /* Counter variable */
+  int nCell;                         /* Number of cells in page pPage */
+  int rc;                            /* Return code */
+  BtShared *pBt = pPage->pBt;
+  u8 isInitOrig = pPage->isInit;
+  Pgno pgno = pPage->pgno;
+
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  rc = btreeInitPage(pPage);
+  if( rc!=SQLITE_OK ){
+    goto set_child_ptrmaps_out;
+  }
+  nCell = pPage->nCell;
+
+  for(i=0; i<nCell; i++){
+    u8 *pCell = findCell(pPage, i);
+
+    ptrmapPutOvflPtr(pPage, pCell, &rc);
+
+    if( !pPage->leaf ){
+      Pgno childPgno = get4byte(pCell);
+      ptrmapPut(pBt, childPgno, PTRMAP_BTREE, pgno, &rc);
+    }
+  }
+
+  if( !pPage->leaf ){
+    Pgno childPgno = get4byte(&pPage->aData[pPage->hdrOffset+8]);
+    ptrmapPut(pBt, childPgno, PTRMAP_BTREE, pgno, &rc);
+  }
+
+set_child_ptrmaps_out:
+  pPage->isInit = isInitOrig;
+  return rc;
+}
+
+/*
+** Somewhere on pPage is a pointer to page iFrom.  Modify this pointer so
+** that it points to iTo. Parameter eType describes the type of pointer to
+** be modified, as  follows:
+**
+** PTRMAP_BTREE:     pPage is a btree-page. The pointer points at a child 
+**                   page of pPage.
+**
+** PTRMAP_OVERFLOW1: pPage is a btree-page. The pointer points at an overflow
+**                   page pointed to by one of the cells on pPage.
+**
+** PTRMAP_OVERFLOW2: pPage is an overflow-page. The pointer points at the next
+**                   overflow page in the list.
+*/
+static int modifyPagePointer(MemPage *pPage, Pgno iFrom, Pgno iTo, u8 eType){
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+  if( eType==PTRMAP_OVERFLOW2 ){
+    /* The pointer is always the first 4 bytes of the page in this case.  */
+    if( get4byte(pPage->aData)!=iFrom ){
+      return SQLITE_CORRUPT_BKPT;
+    }
+    put4byte(pPage->aData, iTo);
+  }else{
+    u8 isInitOrig = pPage->isInit;
+    int i;
+    int nCell;
+    int rc;
+
+    rc = btreeInitPage(pPage);
+    if( rc ) return rc;
+    nCell = pPage->nCell;
+
+    for(i=0; i<nCell; i++){
+      u8 *pCell = findCell(pPage, i);
+      if( eType==PTRMAP_OVERFLOW1 ){
+        CellInfo info;
+        pPage->xParseCell(pPage, pCell, &info);
+        if( info.nLocal<info.nPayload
+         && pCell+info.nSize-1<=pPage->aData+pPage->maskPage
+         && iFrom==get4byte(pCell+info.nSize-4)
+        ){
+          put4byte(pCell+info.nSize-4, iTo);
+          break;
+        }
+      }else{
+        if( get4byte(pCell)==iFrom ){
+          put4byte(pCell, iTo);
+          break;
+        }
+      }
+    }
+  
+    if( i==nCell ){
+      if( eType!=PTRMAP_BTREE || 
+          get4byte(&pPage->aData[pPage->hdrOffset+8])!=iFrom ){
+        return SQLITE_CORRUPT_BKPT;
+      }
+      put4byte(&pPage->aData[pPage->hdrOffset+8], iTo);
+    }
+
+    pPage->isInit = isInitOrig;
+  }
+  return SQLITE_OK;
+}
+
+
+/*
+** Move the open database page pDbPage to location iFreePage in the 
+** database. The pDbPage reference remains valid.
+**
+** The isCommit flag indicates that there is no need to remember that
+** the journal needs to be sync()ed before database page pDbPage->pgno 
+** can be written to. The caller has already promised not to write to that
+** page.
+*/
+static int relocatePage(
+  BtShared *pBt,           /* Btree */
+  MemPage *pDbPage,        /* Open page to move */
+  u8 eType,                /* Pointer map 'type' entry for pDbPage */
+  Pgno iPtrPage,           /* Pointer map 'page-no' entry for pDbPage */
+  Pgno iFreePage,          /* The location to move pDbPage to */
+  int isCommit             /* isCommit flag passed to sqlite3PagerMovepage */
+){
+  MemPage *pPtrPage;   /* The page that contains a pointer to pDbPage */
+  Pgno iDbPage = pDbPage->pgno;
+  Pager *pPager = pBt->pPager;
+  int rc;
+
+  assert( eType==PTRMAP_OVERFLOW2 || eType==PTRMAP_OVERFLOW1 || 
+      eType==PTRMAP_BTREE || eType==PTRMAP_ROOTPAGE );
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( pDbPage->pBt==pBt );
+
+  /* Move page iDbPage from its current location to page number iFreePage */
+  TRACE(("AUTOVACUUM: Moving %d to free page %d (ptr page %d type %d)\n", 
+      iDbPage, iFreePage, iPtrPage, eType));
+  rc = sqlite3PagerMovepage(pPager, pDbPage->pDbPage, iFreePage, isCommit);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+  pDbPage->pgno = iFreePage;
+
+  /* If pDbPage was a btree-page, then it may have child pages and/or cells
+  ** that point to overflow pages. The pointer map entries for all these
+  ** pages need to be changed.
+  **
+  ** If pDbPage is an overflow page, then the first 4 bytes may store a
+  ** pointer to a subsequent overflow page. If this is the case, then
+  ** the pointer map needs to be updated for the subsequent overflow page.
+  */
+  if( eType==PTRMAP_BTREE || eType==PTRMAP_ROOTPAGE ){
+    rc = setChildPtrmaps(pDbPage);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+  }else{
+    Pgno nextOvfl = get4byte(pDbPage->aData);
+    if( nextOvfl!=0 ){
+      ptrmapPut(pBt, nextOvfl, PTRMAP_OVERFLOW2, iFreePage, &rc);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+    }
+  }
+
+  /* Fix the database pointer on page iPtrPage that pointed at iDbPage so
+  ** that it points at iFreePage. Also fix the pointer map entry for
+  ** iPtrPage.
+  */
+  if( eType!=PTRMAP_ROOTPAGE ){
+    rc = btreeGetPage(pBt, iPtrPage, &pPtrPage, 0);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    rc = sqlite3PagerWrite(pPtrPage->pDbPage);
+    if( rc!=SQLITE_OK ){
+      releasePage(pPtrPage);
+      return rc;
+    }
+    rc = modifyPagePointer(pPtrPage, iDbPage, iFreePage, eType);
+    releasePage(pPtrPage);
+    if( rc==SQLITE_OK ){
+      ptrmapPut(pBt, iFreePage, eType, iPtrPage, &rc);
+    }
+  }
+  return rc;
+}
+
+/* Forward declaration required by incrVacuumStep(). */
+static int allocateBtreePage(BtShared *, MemPage **, Pgno *, Pgno, u8);
+
+/*
+** Perform a single step of an incremental-vacuum. If successful, return
+** SQLITE_OK. If there is no work to do (and therefore no point in 
+** calling this function again), return SQLITE_DONE. Or, if an error 
+** occurs, return some other error code.
+**
+** More specifically, this function attempts to re-organize the database so 
+** that the last page of the file currently in use is no longer in use.
+**
+** Parameter nFin is the number of pages that this database would contain
+** were this function called until it returns SQLITE_DONE.
+**
+** If the bCommit parameter is non-zero, this function assumes that the 
+** caller will keep calling incrVacuumStep() until it returns SQLITE_DONE 
+** or an error. bCommit is passed true for an auto-vacuum-on-commit 
+** operation, or false for an incremental vacuum.
+*/
+static int incrVacuumStep(BtShared *pBt, Pgno nFin, Pgno iLastPg, int bCommit){
+  Pgno nFreeList;           /* Number of pages still on the free-list */
+  int rc;
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( iLastPg>nFin );
+
+  if( !PTRMAP_ISPAGE(pBt, iLastPg) && iLastPg!=PENDING_BYTE_PAGE(pBt) ){
+    u8 eType;
+    Pgno iPtrPage;
+
+    nFreeList = get4byte(&pBt->pPage1->aData[36]);
+    if( nFreeList==0 ){
+      return SQLITE_DONE;
+    }
+
+    rc = ptrmapGet(pBt, iLastPg, &eType, &iPtrPage);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    if( eType==PTRMAP_ROOTPAGE ){
+      return SQLITE_CORRUPT_BKPT;
+    }
+
+    if( eType==PTRMAP_FREEPAGE ){
+      if( bCommit==0 ){
+        /* Remove the page from the files free-list. This is not required
+        ** if bCommit is non-zero. In that case, the free-list will be
+        ** truncated to zero after this function returns, so it doesn't 
+        ** matter if it still contains some garbage entries.
+        */
+        Pgno iFreePg;
+        MemPage *pFreePg;
+        rc = allocateBtreePage(pBt, &pFreePg, &iFreePg, iLastPg, BTALLOC_EXACT);
+        if( rc!=SQLITE_OK ){
+          return rc;
+        }
+        assert( iFreePg==iLastPg );
+        releasePage(pFreePg);
+      }
+    } else {
+      Pgno iFreePg;             /* Index of free page to move pLastPg to */
+      MemPage *pLastPg;
+      u8 eMode = BTALLOC_ANY;   /* Mode parameter for allocateBtreePage() */
+      Pgno iNear = 0;           /* nearby parameter for allocateBtreePage() */
+
+      rc = btreeGetPage(pBt, iLastPg, &pLastPg, 0);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+
+      /* If bCommit is zero, this loop runs exactly once and page pLastPg
+      ** is swapped with the first free page pulled off the free list.
+      **
+      ** On the other hand, if bCommit is greater than zero, then keep
+      ** looping until a free-page located within the first nFin pages
+      ** of the file is found.
+      */
+      if( bCommit==0 ){
+        eMode = BTALLOC_LE;
+        iNear = nFin;
+      }
+      do {
+        MemPage *pFreePg;
+        rc = allocateBtreePage(pBt, &pFreePg, &iFreePg, iNear, eMode);
+        if( rc!=SQLITE_OK ){
+          releasePage(pLastPg);
+          return rc;
+        }
+        releasePage(pFreePg);
+      }while( bCommit && iFreePg>nFin );
+      assert( iFreePg<iLastPg );
+      
+      rc = relocatePage(pBt, pLastPg, eType, iPtrPage, iFreePg, bCommit);
+      releasePage(pLastPg);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+    }
+  }
+
+  if( bCommit==0 ){
+    do {
+      iLastPg--;
+    }while( iLastPg==PENDING_BYTE_PAGE(pBt) || PTRMAP_ISPAGE(pBt, iLastPg) );
+    pBt->bDoTruncate = 1;
+    pBt->nPage = iLastPg;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** The database opened by the first argument is an auto-vacuum database
+** nOrig pages in size containing nFree free pages. Return the expected 
+** size of the database in pages following an auto-vacuum operation.
+*/
+static Pgno finalDbSize(BtShared *pBt, Pgno nOrig, Pgno nFree){
+  int nEntry;                     /* Number of entries on one ptrmap page */
+  Pgno nPtrmap;                   /* Number of PtrMap pages to be freed */
+  Pgno nFin;                      /* Return value */
+
+  nEntry = pBt->usableSize/5;
+  nPtrmap = (nFree-nOrig+PTRMAP_PAGENO(pBt, nOrig)+nEntry)/nEntry;
+  nFin = nOrig - nFree - nPtrmap;
+  if( nOrig>PENDING_BYTE_PAGE(pBt) && nFin<PENDING_BYTE_PAGE(pBt) ){
+    nFin--;
+  }
+  while( PTRMAP_ISPAGE(pBt, nFin) || nFin==PENDING_BYTE_PAGE(pBt) ){
+    nFin--;
+  }
+
+  return nFin;
+}
+
+/*
+** A write-transaction must be opened before calling this function.
+** It performs a single unit of work towards an incremental vacuum.
+**
+** If the incremental vacuum is finished after this function has run,
+** SQLITE_DONE is returned. If it is not finished, but no error occurred,
+** SQLITE_OK is returned. Otherwise an SQLite error code. 
+*/
+SQLITE_PRIVATE int sqlite3BtreeIncrVacuum(Btree *p){
+  int rc;
+  BtShared *pBt = p->pBt;
+
+  sqlite3BtreeEnter(p);
+  assert( pBt->inTransaction==TRANS_WRITE && p->inTrans==TRANS_WRITE );
+  if( !pBt->autoVacuum ){
+    rc = SQLITE_DONE;
+  }else{
+    Pgno nOrig = btreePagecount(pBt);
+    Pgno nFree = get4byte(&pBt->pPage1->aData[36]);
+    Pgno nFin = finalDbSize(pBt, nOrig, nFree);
+
+    if( nOrig<nFin ){
+      rc = SQLITE_CORRUPT_BKPT;
+    }else if( nFree>0 ){
+      rc = saveAllCursors(pBt, 0, 0);
+      if( rc==SQLITE_OK ){
+        invalidateAllOverflowCache(pBt);
+        rc = incrVacuumStep(pBt, nFin, nOrig, 0);
+      }
+      if( rc==SQLITE_OK ){
+        rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
+        put4byte(&pBt->pPage1->aData[28], pBt->nPage);
+      }
+    }else{
+      rc = SQLITE_DONE;
+    }
+  }
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** This routine is called prior to sqlite3PagerCommit when a transaction
+** is committed for an auto-vacuum database.
+**
+** If SQLITE_OK is returned, then *pnTrunc is set to the number of pages
+** the database file should be truncated to during the commit process. 
+** i.e. the database has been reorganized so that only the first *pnTrunc
+** pages are in use.
+*/
+static int autoVacuumCommit(BtShared *pBt){
+  int rc = SQLITE_OK;
+  Pager *pPager = pBt->pPager;
+  VVA_ONLY( int nRef = sqlite3PagerRefcount(pPager); )
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  invalidateAllOverflowCache(pBt);
+  assert(pBt->autoVacuum);
+  if( !pBt->incrVacuum ){
+    Pgno nFin;         /* Number of pages in database after autovacuuming */
+    Pgno nFree;        /* Number of pages on the freelist initially */
+    Pgno iFree;        /* The next page to be freed */
+    Pgno nOrig;        /* Database size before freeing */
+
+    nOrig = btreePagecount(pBt);
+    if( PTRMAP_ISPAGE(pBt, nOrig) || nOrig==PENDING_BYTE_PAGE(pBt) ){
+      /* It is not possible to create a database for which the final page
+      ** is either a pointer-map page or the pending-byte page. If one
+      ** is encountered, this indicates corruption.
+      */
+      return SQLITE_CORRUPT_BKPT;
+    }
+
+    nFree = get4byte(&pBt->pPage1->aData[36]);
+    nFin = finalDbSize(pBt, nOrig, nFree);
+    if( nFin>nOrig ) return SQLITE_CORRUPT_BKPT;
+    if( nFin<nOrig ){
+      rc = saveAllCursors(pBt, 0, 0);
+    }
+    for(iFree=nOrig; iFree>nFin && rc==SQLITE_OK; iFree--){
+      rc = incrVacuumStep(pBt, nFin, iFree, 1);
+    }
+    if( (rc==SQLITE_DONE || rc==SQLITE_OK) && nFree>0 ){
+      rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
+      put4byte(&pBt->pPage1->aData[32], 0);
+      put4byte(&pBt->pPage1->aData[36], 0);
+      put4byte(&pBt->pPage1->aData[28], nFin);
+      pBt->bDoTruncate = 1;
+      pBt->nPage = nFin;
+    }
+    if( rc!=SQLITE_OK ){
+      sqlite3PagerRollback(pPager);
+    }
+  }
+
+  assert( nRef>=sqlite3PagerRefcount(pPager) );
+  return rc;
+}
+
+#else /* ifndef SQLITE_OMIT_AUTOVACUUM */
+# define setChildPtrmaps(x) SQLITE_OK
+#endif
+
+/*
+** This routine does the first phase of a two-phase commit.  This routine
+** causes a rollback journal to be created (if it does not already exist)
+** and populated with enough information so that if a power loss occurs
+** the database can be restored to its original state by playing back
+** the journal.  Then the contents of the journal are flushed out to
+** the disk.  After the journal is safely on oxide, the changes to the
+** database are written into the database file and flushed to oxide.
+** At the end of this call, the rollback journal still exists on the
+** disk and we are still holding all locks, so the transaction has not
+** committed.  See sqlite3BtreeCommitPhaseTwo() for the second phase of the
+** commit process.
+**
+** This call is a no-op if no write-transaction is currently active on pBt.
+**
+** Otherwise, sync the database file for the btree pBt. zMaster points to
+** the name of a master journal file that should be written into the
+** individual journal file, or is NULL, indicating no master journal file 
+** (single database transaction).
+**
+** When this is called, the master journal should already have been
+** created, populated with this journal pointer and synced to disk.
+**
+** Once this is routine has returned, the only thing required to commit
+** the write-transaction for this database file is to delete the journal.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCommitPhaseOne(Btree *p, const char *zMaster){
+  int rc = SQLITE_OK;
+  if( p->inTrans==TRANS_WRITE ){
+    BtShared *pBt = p->pBt;
+    sqlite3BtreeEnter(p);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( pBt->autoVacuum ){
+      rc = autoVacuumCommit(pBt);
+      if( rc!=SQLITE_OK ){
+        sqlite3BtreeLeave(p);
+        return rc;
+      }
+    }
+    if( pBt->bDoTruncate ){
+      sqlite3PagerTruncateImage(pBt->pPager, pBt->nPage);
+    }
+#endif
+    rc = sqlite3PagerCommitPhaseOne(pBt->pPager, zMaster, 0);
+    sqlite3BtreeLeave(p);
+  }
+  return rc;
+}
+
+/*
+** This function is called from both BtreeCommitPhaseTwo() and BtreeRollback()
+** at the conclusion of a transaction.
+*/
+static void btreeEndTransaction(Btree *p){
+  BtShared *pBt = p->pBt;
+  sqlite3 *db = p->db;
+  assert( sqlite3BtreeHoldsMutex(p) );
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  pBt->bDoTruncate = 0;
+#endif
+  if( p->inTrans>TRANS_NONE && db->nVdbeRead>1 ){
+    /* If there are other active statements that belong to this database
+    ** handle, downgrade to a read-only transaction. The other statements
+    ** may still be reading from the database.  */
+    downgradeAllSharedCacheTableLocks(p);
+    p->inTrans = TRANS_READ;
+  }else{
+    /* If the handle had any kind of transaction open, decrement the 
+    ** transaction count of the shared btree. If the transaction count 
+    ** reaches 0, set the shared state to TRANS_NONE. The unlockBtreeIfUnused()
+    ** call below will unlock the pager.  */
+    if( p->inTrans!=TRANS_NONE ){
+      clearAllSharedCacheTableLocks(p);
+      pBt->nTransaction--;
+      if( 0==pBt->nTransaction ){
+        pBt->inTransaction = TRANS_NONE;
+      }
+    }
+
+    /* Set the current transaction state to TRANS_NONE and unlock the 
+    ** pager if this call closed the only read or write transaction.  */
+    p->inTrans = TRANS_NONE;
+    unlockBtreeIfUnused(pBt);
+  }
+
+  btreeIntegrity(p);
+}
+
+/*
+** Commit the transaction currently in progress.
+**
+** This routine implements the second phase of a 2-phase commit.  The
+** sqlite3BtreeCommitPhaseOne() routine does the first phase and should
+** be invoked prior to calling this routine.  The sqlite3BtreeCommitPhaseOne()
+** routine did all the work of writing information out to disk and flushing the
+** contents so that they are written onto the disk platter.  All this
+** routine has to do is delete or truncate or zero the header in the
+** the rollback journal (which causes the transaction to commit) and
+** drop locks.
+**
+** Normally, if an error occurs while the pager layer is attempting to 
+** finalize the underlying journal file, this function returns an error and
+** the upper layer will attempt a rollback. However, if the second argument
+** is non-zero then this b-tree transaction is part of a multi-file 
+** transaction. In this case, the transaction has already been committed 
+** (by deleting a master journal file) and the caller will ignore this 
+** functions return code. So, even if an error occurs in the pager layer,
+** reset the b-tree objects internal state to indicate that the write
+** transaction has been closed. This is quite safe, as the pager will have
+** transitioned to the error state.
+**
+** This will release the write lock on the database file.  If there
+** are no active cursors, it also releases the read lock.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCommitPhaseTwo(Btree *p, int bCleanup){
+
+  if( p->inTrans==TRANS_NONE ) return SQLITE_OK;
+  sqlite3BtreeEnter(p);
+  btreeIntegrity(p);
+
+  /* If the handle has a write-transaction open, commit the shared-btrees 
+  ** transaction and set the shared state to TRANS_READ.
+  */
+  if( p->inTrans==TRANS_WRITE ){
+    int rc;
+    BtShared *pBt = p->pBt;
+    assert( pBt->inTransaction==TRANS_WRITE );
+    assert( pBt->nTransaction>0 );
+    rc = sqlite3PagerCommitPhaseTwo(pBt->pPager);
+    if( rc!=SQLITE_OK && bCleanup==0 ){
+      sqlite3BtreeLeave(p);
+      return rc;
+    }
+    p->iDataVersion--;  /* Compensate for pPager->iDataVersion++; */
+    pBt->inTransaction = TRANS_READ;
+    btreeClearHasContent(pBt);
+  }
+
+  btreeEndTransaction(p);
+  sqlite3BtreeLeave(p);
+  return SQLITE_OK;
+}
+
+/*
+** Do both phases of a commit.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCommit(Btree *p){
+  int rc;
+  sqlite3BtreeEnter(p);
+  rc = sqlite3BtreeCommitPhaseOne(p, 0);
+  if( rc==SQLITE_OK ){
+    rc = sqlite3BtreeCommitPhaseTwo(p, 0);
+  }
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** This routine sets the state to CURSOR_FAULT and the error
+** code to errCode for every cursor on any BtShared that pBtree
+** references.  Or if the writeOnly flag is set to 1, then only
+** trip write cursors and leave read cursors unchanged.
+**
+** Every cursor is a candidate to be tripped, including cursors
+** that belong to other database connections that happen to be
+** sharing the cache with pBtree.
+**
+** This routine gets called when a rollback occurs. If the writeOnly
+** flag is true, then only write-cursors need be tripped - read-only
+** cursors save their current positions so that they may continue 
+** following the rollback. Or, if writeOnly is false, all cursors are 
+** tripped. In general, writeOnly is false if the transaction being
+** rolled back modified the database schema. In this case b-tree root
+** pages may be moved or deleted from the database altogether, making
+** it unsafe for read cursors to continue.
+**
+** If the writeOnly flag is true and an error is encountered while 
+** saving the current position of a read-only cursor, all cursors, 
+** including all read-cursors are tripped.
+**
+** SQLITE_OK is returned if successful, or if an error occurs while
+** saving a cursor position, an SQLite error code.
+*/
+SQLITE_PRIVATE int sqlite3BtreeTripAllCursors(Btree *pBtree, int errCode, int writeOnly){
+  BtCursor *p;
+  int rc = SQLITE_OK;
+
+  assert( (writeOnly==0 || writeOnly==1) && BTCF_WriteFlag==1 );
+  if( pBtree ){
+    sqlite3BtreeEnter(pBtree);
+    for(p=pBtree->pBt->pCursor; p; p=p->pNext){
+      int i;
+      if( writeOnly && (p->curFlags & BTCF_WriteFlag)==0 ){
+        if( p->eState==CURSOR_VALID || p->eState==CURSOR_SKIPNEXT ){
+          rc = saveCursorPosition(p);
+          if( rc!=SQLITE_OK ){
+            (void)sqlite3BtreeTripAllCursors(pBtree, rc, 0);
+            break;
+          }
+        }
+      }else{
+        sqlite3BtreeClearCursor(p);
+        p->eState = CURSOR_FAULT;
+        p->skipNext = errCode;
+      }
+      for(i=0; i<=p->iPage; i++){
+        releasePage(p->apPage[i]);
+        p->apPage[i] = 0;
+      }
+    }
+    sqlite3BtreeLeave(pBtree);
+  }
+  return rc;
+}
+
+/*
+** Rollback the transaction in progress.
+**
+** If tripCode is not SQLITE_OK then cursors will be invalidated (tripped).
+** Only write cursors are tripped if writeOnly is true but all cursors are
+** tripped if writeOnly is false.  Any attempt to use
+** a tripped cursor will result in an error.
+**
+** This will release the write lock on the database file.  If there
+** are no active cursors, it also releases the read lock.
+*/
+SQLITE_PRIVATE int sqlite3BtreeRollback(Btree *p, int tripCode, int writeOnly){
+  int rc;
+  BtShared *pBt = p->pBt;
+  MemPage *pPage1;
+
+  assert( writeOnly==1 || writeOnly==0 );
+  assert( tripCode==SQLITE_ABORT_ROLLBACK || tripCode==SQLITE_OK );
+  sqlite3BtreeEnter(p);
+  if( tripCode==SQLITE_OK ){
+    rc = tripCode = saveAllCursors(pBt, 0, 0);
+    if( rc ) writeOnly = 0;
+  }else{
+    rc = SQLITE_OK;
+  }
+  if( tripCode ){
+    int rc2 = sqlite3BtreeTripAllCursors(p, tripCode, writeOnly);
+    assert( rc==SQLITE_OK || (writeOnly==0 && rc2==SQLITE_OK) );
+    if( rc2!=SQLITE_OK ) rc = rc2;
+  }
+  btreeIntegrity(p);
+
+  if( p->inTrans==TRANS_WRITE ){
+    int rc2;
+
+    assert( TRANS_WRITE==pBt->inTransaction );
+    rc2 = sqlite3PagerRollback(pBt->pPager);
+    if( rc2!=SQLITE_OK ){
+      rc = rc2;
+    }
+
+    /* The rollback may have destroyed the pPage1->aData value.  So
+    ** call btreeGetPage() on page 1 again to make
+    ** sure pPage1->aData is set correctly. */
+    if( btreeGetPage(pBt, 1, &pPage1, 0)==SQLITE_OK ){
+      int nPage = get4byte(28+(u8*)pPage1->aData);
+      testcase( nPage==0 );
+      if( nPage==0 ) sqlite3PagerPagecount(pBt->pPager, &nPage);
+      testcase( pBt->nPage!=nPage );
+      pBt->nPage = nPage;
+      releasePage(pPage1);
+    }
+    assert( countValidCursors(pBt, 1)==0 );
+    pBt->inTransaction = TRANS_READ;
+    btreeClearHasContent(pBt);
+  }
+
+  btreeEndTransaction(p);
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** Start a statement subtransaction. The subtransaction can be rolled
+** back independently of the main transaction. You must start a transaction 
+** before starting a subtransaction. The subtransaction is ended automatically 
+** if the main transaction commits or rolls back.
+**
+** Statement subtransactions are used around individual SQL statements
+** that are contained within a BEGIN...COMMIT block.  If a constraint
+** error occurs within the statement, the effect of that one statement
+** can be rolled back without having to rollback the entire transaction.
+**
+** A statement sub-transaction is implemented as an anonymous savepoint. The
+** value passed as the second parameter is the total number of savepoints,
+** including the new anonymous savepoint, open on the B-Tree. i.e. if there
+** are no active savepoints and no other statement-transactions open,
+** iStatement is 1. This anonymous savepoint can be released or rolled back
+** using the sqlite3BtreeSavepoint() function.
+*/
+SQLITE_PRIVATE int sqlite3BtreeBeginStmt(Btree *p, int iStatement){
+  int rc;
+  BtShared *pBt = p->pBt;
+  sqlite3BtreeEnter(p);
+  assert( p->inTrans==TRANS_WRITE );
+  assert( (pBt->btsFlags & BTS_READ_ONLY)==0 );
+  assert( iStatement>0 );
+  assert( iStatement>p->db->nSavepoint );
+  assert( pBt->inTransaction==TRANS_WRITE );
+  /* At the pager level, a statement transaction is a savepoint with
+  ** an index greater than all savepoints created explicitly using
+  ** SQL statements. It is illegal to open, release or rollback any
+  ** such savepoints while the statement transaction savepoint is active.
+  */
+  rc = sqlite3PagerOpenSavepoint(pBt->pPager, iStatement);
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** The second argument to this function, op, is always SAVEPOINT_ROLLBACK
+** or SAVEPOINT_RELEASE. This function either releases or rolls back the
+** savepoint identified by parameter iSavepoint, depending on the value 
+** of op.
+**
+** Normally, iSavepoint is greater than or equal to zero. However, if op is
+** SAVEPOINT_ROLLBACK, then iSavepoint may also be -1. In this case the 
+** contents of the entire transaction are rolled back. This is different
+** from a normal transaction rollback, as no locks are released and the
+** transaction remains open.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSavepoint(Btree *p, int op, int iSavepoint){
+  int rc = SQLITE_OK;
+  if( p && p->inTrans==TRANS_WRITE ){
+    BtShared *pBt = p->pBt;
+    assert( op==SAVEPOINT_RELEASE || op==SAVEPOINT_ROLLBACK );
+    assert( iSavepoint>=0 || (iSavepoint==-1 && op==SAVEPOINT_ROLLBACK) );
+    sqlite3BtreeEnter(p);
+    rc = sqlite3PagerSavepoint(pBt->pPager, op, iSavepoint);
+    if( rc==SQLITE_OK ){
+      if( iSavepoint<0 && (pBt->btsFlags & BTS_INITIALLY_EMPTY)!=0 ){
+        pBt->nPage = 0;
+      }
+      rc = newDatabase(pBt);
+      pBt->nPage = get4byte(28 + pBt->pPage1->aData);
+
+      /* The database size was written into the offset 28 of the header
+      ** when the transaction started, so we know that the value at offset
+      ** 28 is nonzero. */
+      assert( pBt->nPage>0 );
+    }
+    sqlite3BtreeLeave(p);
+  }
+  return rc;
+}
+
+/*
+** Create a new cursor for the BTree whose root is on the page
+** iTable. If a read-only cursor is requested, it is assumed that
+** the caller already has at least a read-only transaction open
+** on the database already. If a write-cursor is requested, then
+** the caller is assumed to have an open write transaction.
+**
+** If wrFlag==0, then the cursor can only be used for reading.
+** If wrFlag==1, then the cursor can be used for reading or for
+** writing if other conditions for writing are also met.  These
+** are the conditions that must be met in order for writing to
+** be allowed:
+**
+** 1:  The cursor must have been opened with wrFlag==1
+**
+** 2:  Other database connections that share the same pager cache
+**     but which are not in the READ_UNCOMMITTED state may not have
+**     cursors open with wrFlag==0 on the same table.  Otherwise
+**     the changes made by this write cursor would be visible to
+**     the read cursors in the other database connection.
+**
+** 3:  The database must be writable (not on read-only media)
+**
+** 4:  There must be an active transaction.
+**
+** No checking is done to make sure that page iTable really is the
+** root page of a b-tree.  If it is not, then the cursor acquired
+** will not work correctly.
+**
+** It is assumed that the sqlite3BtreeCursorZero() has been called
+** on pCur to initialize the memory space prior to invoking this routine.
+*/
+static int btreeCursor(
+  Btree *p,                              /* The btree */
+  int iTable,                            /* Root page of table to open */
+  int wrFlag,                            /* 1 to write. 0 read-only */
+  struct KeyInfo *pKeyInfo,              /* First arg to comparison function */
+  BtCursor *pCur                         /* Space for new cursor */
+){
+  BtShared *pBt = p->pBt;                /* Shared b-tree handle */
+  BtCursor *pX;                          /* Looping over other all cursors */
+
+  assert( sqlite3BtreeHoldsMutex(p) );
+  assert( wrFlag==0 
+       || wrFlag==BTREE_WRCSR 
+       || wrFlag==(BTREE_WRCSR|BTREE_FORDELETE) 
+  );
+
+  /* The following assert statements verify that if this is a sharable 
+  ** b-tree database, the connection is holding the required table locks, 
+  ** and that no other connection has any open cursor that conflicts with 
+  ** this lock.  */
+  assert( hasSharedCacheTableLock(p, iTable, pKeyInfo!=0, (wrFlag?2:1)) );
+  assert( wrFlag==0 || !hasReadConflicts(p, iTable) );
+
+  /* Assert that the caller has opened the required transaction. */
+  assert( p->inTrans>TRANS_NONE );
+  assert( wrFlag==0 || p->inTrans==TRANS_WRITE );
+  assert( pBt->pPage1 && pBt->pPage1->aData );
+  assert( wrFlag==0 || (pBt->btsFlags & BTS_READ_ONLY)==0 );
+
+  if( wrFlag ){
+    allocateTempSpace(pBt);
+    if( pBt->pTmpSpace==0 ) return SQLITE_NOMEM;
+  }
+  if( iTable==1 && btreePagecount(pBt)==0 ){
+    assert( wrFlag==0 );
+    iTable = 0;
+  }
+
+  /* Now that no other errors can occur, finish filling in the BtCursor
+  ** variables and link the cursor into the BtShared list.  */
+  pCur->pgnoRoot = (Pgno)iTable;
+  pCur->iPage = -1;
+  pCur->pKeyInfo = pKeyInfo;
+  pCur->pBtree = p;
+  pCur->pBt = pBt;
+  pCur->curFlags = wrFlag ? BTCF_WriteFlag : 0;
+  pCur->curPagerFlags = wrFlag ? 0 : PAGER_GET_READONLY;
+  /* If there are two or more cursors on the same btree, then all such
+  ** cursors *must* have the BTCF_Multiple flag set. */
+  for(pX=pBt->pCursor; pX; pX=pX->pNext){
+    if( pX->pgnoRoot==(Pgno)iTable ){
+      pX->curFlags |= BTCF_Multiple;
+      pCur->curFlags |= BTCF_Multiple;
+    }
+  }
+  pCur->pNext = pBt->pCursor;
+  pBt->pCursor = pCur;
+  pCur->eState = CURSOR_INVALID;
+  return SQLITE_OK;
+}
+SQLITE_PRIVATE int sqlite3BtreeCursor(
+  Btree *p,                                   /* The btree */
+  int iTable,                                 /* Root page of table to open */
+  int wrFlag,                                 /* 1 to write. 0 read-only */
+  struct KeyInfo *pKeyInfo,                   /* First arg to xCompare() */
+  BtCursor *pCur                              /* Write new cursor here */
+){
+  int rc;
+  if( iTable<1 ){
+    rc = SQLITE_CORRUPT_BKPT;
+  }else{
+    sqlite3BtreeEnter(p);
+    rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
+    sqlite3BtreeLeave(p);
+  }
+  return rc;
+}
+
+/*
+** Return the size of a BtCursor object in bytes.
+**
+** This interfaces is needed so that users of cursors can preallocate
+** sufficient storage to hold a cursor.  The BtCursor object is opaque
+** to users so they cannot do the sizeof() themselves - they must call
+** this routine.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCursorSize(void){
+  return ROUND8(sizeof(BtCursor));
+}
+
+/*
+** Initialize memory that will be converted into a BtCursor object.
+**
+** The simple approach here would be to memset() the entire object
+** to zero.  But it turns out that the apPage[] and aiIdx[] arrays
+** do not need to be zeroed and they are large, so we can save a lot
+** of run-time by skipping the initialization of those elements.
+*/
+SQLITE_PRIVATE void sqlite3BtreeCursorZero(BtCursor *p){
+  memset(p, 0, offsetof(BtCursor, iPage));
+}
+
+/*
+** Close a cursor.  The read lock on the database file is released
+** when the last cursor is closed.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCloseCursor(BtCursor *pCur){
+  Btree *pBtree = pCur->pBtree;
+  if( pBtree ){
+    int i;
+    BtShared *pBt = pCur->pBt;
+    sqlite3BtreeEnter(pBtree);
+    sqlite3BtreeClearCursor(pCur);
+    assert( pBt->pCursor!=0 );
+    if( pBt->pCursor==pCur ){
+      pBt->pCursor = pCur->pNext;
+    }else{
+      BtCursor *pPrev = pBt->pCursor;
+      do{
+        if( pPrev->pNext==pCur ){
+          pPrev->pNext = pCur->pNext;
+          break;
+        }
+        pPrev = pPrev->pNext;
+      }while( ALWAYS(pPrev) );
+    }
+    for(i=0; i<=pCur->iPage; i++){
+      releasePage(pCur->apPage[i]);
+    }
+    unlockBtreeIfUnused(pBt);
+    sqlite3_free(pCur->aOverflow);
+    /* sqlite3_free(pCur); */
+    sqlite3BtreeLeave(pBtree);
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Make sure the BtCursor* given in the argument has a valid
+** BtCursor.info structure.  If it is not already valid, call
+** btreeParseCell() to fill it in.
+**
+** BtCursor.info is a cache of the information in the current cell.
+** Using this cache reduces the number of calls to btreeParseCell().
+*/
+#ifndef NDEBUG
+  static void assertCellInfo(BtCursor *pCur){
+    CellInfo info;
+    int iPage = pCur->iPage;
+    memset(&info, 0, sizeof(info));
+    btreeParseCell(pCur->apPage[iPage], pCur->aiIdx[iPage], &info);
+    assert( CORRUPT_DB || memcmp(&info, &pCur->info, sizeof(info))==0 );
+  }
+#else
+  #define assertCellInfo(x)
+#endif
+static SQLITE_NOINLINE void getCellInfo(BtCursor *pCur){
+  if( pCur->info.nSize==0 ){
+    int iPage = pCur->iPage;
+    pCur->curFlags |= BTCF_ValidNKey;
+    btreeParseCell(pCur->apPage[iPage],pCur->aiIdx[iPage],&pCur->info);
+  }else{
+    assertCellInfo(pCur);
+  }
+}
+
+#ifndef NDEBUG  /* The next routine used only within assert() statements */
+/*
+** Return true if the given BtCursor is valid.  A valid cursor is one
+** that is currently pointing to a row in a (non-empty) table.
+** This is a verification routine is used only within assert() statements.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCursorIsValid(BtCursor *pCur){
+  return pCur && pCur->eState==CURSOR_VALID;
+}
+#endif /* NDEBUG */
+
+/*
+** Set *pSize to the size of the buffer needed to hold the value of
+** the key for the current entry.  If the cursor is not pointing
+** to a valid entry, *pSize is set to 0. 
+**
+** For a table with the INTKEY flag set, this routine returns the key
+** itself, not the number of bytes in the key.
+**
+** The caller must position the cursor prior to invoking this routine.
+** 
+** This routine cannot fail.  It always returns SQLITE_OK.  
+*/
+SQLITE_PRIVATE int sqlite3BtreeKeySize(BtCursor *pCur, i64 *pSize){
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState==CURSOR_VALID );
+  getCellInfo(pCur);
+  *pSize = pCur->info.nKey;
+  return SQLITE_OK;
+}
+
+/*
+** Set *pSize to the number of bytes of data in the entry the
+** cursor currently points to.
+**
+** The caller must guarantee that the cursor is pointing to a non-NULL
+** valid entry.  In other words, the calling procedure must guarantee
+** that the cursor has Cursor.eState==CURSOR_VALID.
+**
+** Failure is not possible.  This function always returns SQLITE_OK.
+** It might just as well be a procedure (returning void) but we continue
+** to return an integer result code for historical reasons.
+*/
+SQLITE_PRIVATE int sqlite3BtreeDataSize(BtCursor *pCur, u32 *pSize){
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState==CURSOR_VALID );
+  assert( pCur->iPage>=0 );
+  assert( pCur->iPage<BTCURSOR_MAX_DEPTH );
+  assert( pCur->apPage[pCur->iPage]->intKeyLeaf==1 );
+  getCellInfo(pCur);
+  *pSize = pCur->info.nPayload;
+  return SQLITE_OK;
+}
+
+/*
+** Given the page number of an overflow page in the database (parameter
+** ovfl), this function finds the page number of the next page in the 
+** linked list of overflow pages. If possible, it uses the auto-vacuum
+** pointer-map data instead of reading the content of page ovfl to do so. 
+**
+** If an error occurs an SQLite error code is returned. Otherwise:
+**
+** The page number of the next overflow page in the linked list is 
+** written to *pPgnoNext. If page ovfl is the last page in its linked 
+** list, *pPgnoNext is set to zero. 
+**
+** If ppPage is not NULL, and a reference to the MemPage object corresponding
+** to page number pOvfl was obtained, then *ppPage is set to point to that
+** reference. It is the responsibility of the caller to call releasePage()
+** on *ppPage to free the reference. In no reference was obtained (because
+** the pointer-map was used to obtain the value for *pPgnoNext), then
+** *ppPage is set to zero.
+*/
+static int getOverflowPage(
+  BtShared *pBt,               /* The database file */
+  Pgno ovfl,                   /* Current overflow page number */
+  MemPage **ppPage,            /* OUT: MemPage handle (may be NULL) */
+  Pgno *pPgnoNext              /* OUT: Next overflow page number */
+){
+  Pgno next = 0;
+  MemPage *pPage = 0;
+  int rc = SQLITE_OK;
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert(pPgnoNext);
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  /* Try to find the next page in the overflow list using the
+  ** autovacuum pointer-map pages. Guess that the next page in 
+  ** the overflow list is page number (ovfl+1). If that guess turns 
+  ** out to be wrong, fall back to loading the data of page 
+  ** number ovfl to determine the next page number.
+  */
+  if( pBt->autoVacuum ){
+    Pgno pgno;
+    Pgno iGuess = ovfl+1;
+    u8 eType;
+
+    while( PTRMAP_ISPAGE(pBt, iGuess) || iGuess==PENDING_BYTE_PAGE(pBt) ){
+      iGuess++;
+    }
+
+    if( iGuess<=btreePagecount(pBt) ){
+      rc = ptrmapGet(pBt, iGuess, &eType, &pgno);
+      if( rc==SQLITE_OK && eType==PTRMAP_OVERFLOW2 && pgno==ovfl ){
+        next = iGuess;
+        rc = SQLITE_DONE;
+      }
+    }
+  }
+#endif
+
+  assert( next==0 || rc==SQLITE_DONE );
+  if( rc==SQLITE_OK ){
+    rc = btreeGetPage(pBt, ovfl, &pPage, (ppPage==0) ? PAGER_GET_READONLY : 0);
+    assert( rc==SQLITE_OK || pPage==0 );
+    if( rc==SQLITE_OK ){
+      next = get4byte(pPage->aData);
+    }
+  }
+
+  *pPgnoNext = next;
+  if( ppPage ){
+    *ppPage = pPage;
+  }else{
+    releasePage(pPage);
+  }
+  return (rc==SQLITE_DONE ? SQLITE_OK : rc);
+}
+
+/*
+** Copy data from a buffer to a page, or from a page to a buffer.
+**
+** pPayload is a pointer to data stored on database page pDbPage.
+** If argument eOp is false, then nByte bytes of data are copied
+** from pPayload to the buffer pointed at by pBuf. If eOp is true,
+** then sqlite3PagerWrite() is called on pDbPage and nByte bytes
+** of data are copied from the buffer pBuf to pPayload.
+**
+** SQLITE_OK is returned on success, otherwise an error code.
+*/
+static int copyPayload(
+  void *pPayload,           /* Pointer to page data */
+  void *pBuf,               /* Pointer to buffer */
+  int nByte,                /* Number of bytes to copy */
+  int eOp,                  /* 0 -> copy from page, 1 -> copy to page */
+  DbPage *pDbPage           /* Page containing pPayload */
+){
+  if( eOp ){
+    /* Copy data from buffer to page (a write operation) */
+    int rc = sqlite3PagerWrite(pDbPage);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    memcpy(pPayload, pBuf, nByte);
+  }else{
+    /* Copy data from page to buffer (a read operation) */
+    memcpy(pBuf, pPayload, nByte);
+  }
+  return SQLITE_OK;
+}
+
+/*
+** This function is used to read or overwrite payload information
+** for the entry that the pCur cursor is pointing to. The eOp
+** argument is interpreted as follows:
+**
+**   0: The operation is a read. Populate the overflow cache.
+**   1: The operation is a write. Populate the overflow cache.
+**   2: The operation is a read. Do not populate the overflow cache.
+**
+** A total of "amt" bytes are read or written beginning at "offset".
+** Data is read to or from the buffer pBuf.
+**
+** The content being read or written might appear on the main page
+** or be scattered out on multiple overflow pages.
+**
+** If the current cursor entry uses one or more overflow pages and the
+** eOp argument is not 2, this function may allocate space for and lazily 
+** populates the overflow page-list cache array (BtCursor.aOverflow). 
+** Subsequent calls use this cache to make seeking to the supplied offset 
+** more efficient.
+**
+** Once an overflow page-list cache has been allocated, it may be
+** invalidated if some other cursor writes to the same table, or if
+** the cursor is moved to a different row. Additionally, in auto-vacuum
+** mode, the following events may invalidate an overflow page-list cache.
+**
+**   * An incremental vacuum,
+**   * A commit in auto_vacuum="full" mode,
+**   * Creating a table (may require moving an overflow page).
+*/
+static int accessPayload(
+  BtCursor *pCur,      /* Cursor pointing to entry to read from */
+  u32 offset,          /* Begin reading this far into payload */
+  u32 amt,             /* Read this many bytes */
+  unsigned char *pBuf, /* Write the bytes into this buffer */ 
+  int eOp              /* zero to read. non-zero to write. */
+){
+  unsigned char *aPayload;
+  int rc = SQLITE_OK;
+  int iIdx = 0;
+  MemPage *pPage = pCur->apPage[pCur->iPage]; /* Btree page of current entry */
+  BtShared *pBt = pCur->pBt;                  /* Btree this cursor belongs to */
+#ifdef SQLITE_DIRECT_OVERFLOW_READ
+  unsigned char * const pBufStart = pBuf;
+  int bEnd;                                 /* True if reading to end of data */
+#endif
+
+  assert( pPage );
+  assert( pCur->eState==CURSOR_VALID );
+  assert( pCur->aiIdx[pCur->iPage]<pPage->nCell );
+  assert( cursorHoldsMutex(pCur) );
+  assert( eOp!=2 || offset==0 );    /* Always start from beginning for eOp==2 */
+
+  getCellInfo(pCur);
+  aPayload = pCur->info.pPayload;
+#ifdef SQLITE_DIRECT_OVERFLOW_READ
+  bEnd = offset+amt==pCur->info.nPayload;
+#endif
+  assert( offset+amt <= pCur->info.nPayload );
+
+  if( &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize] ){
+    /* Trying to read or write past the end of the data is an error */
+    return SQLITE_CORRUPT_BKPT;
+  }
+
+  /* Check if data must be read/written to/from the btree page itself. */
+  if( offset<pCur->info.nLocal ){
+    int a = amt;
+    if( a+offset>pCur->info.nLocal ){
+      a = pCur->info.nLocal - offset;
+    }
+    rc = copyPayload(&aPayload[offset], pBuf, a, (eOp & 0x01), pPage->pDbPage);
+    offset = 0;
+    pBuf += a;
+    amt -= a;
+  }else{
+    offset -= pCur->info.nLocal;
+  }
+
+
+  if( rc==SQLITE_OK && amt>0 ){
+    const u32 ovflSize = pBt->usableSize - 4;  /* Bytes content per ovfl page */
+    Pgno nextPage;
+
+    nextPage = get4byte(&aPayload[pCur->info.nLocal]);
+
+    /* If the BtCursor.aOverflow[] has not been allocated, allocate it now.
+    ** Except, do not allocate aOverflow[] for eOp==2.
+    **
+    ** The aOverflow[] array is sized at one entry for each overflow page
+    ** in the overflow chain. The page number of the first overflow page is
+    ** stored in aOverflow[0], etc. A value of 0 in the aOverflow[] array
+    ** means "not yet known" (the cache is lazily populated).
+    */
+    if( eOp!=2 && (pCur->curFlags & BTCF_ValidOvfl)==0 ){
+      int nOvfl = (pCur->info.nPayload-pCur->info.nLocal+ovflSize-1)/ovflSize;
+      if( nOvfl>pCur->nOvflAlloc ){
+        Pgno *aNew = (Pgno*)sqlite3Realloc(
+            pCur->aOverflow, nOvfl*2*sizeof(Pgno)
+        );
+        if( aNew==0 ){
+          rc = SQLITE_NOMEM;
+        }else{
+          pCur->nOvflAlloc = nOvfl*2;
+          pCur->aOverflow = aNew;
+        }
+      }
+      if( rc==SQLITE_OK ){
+        memset(pCur->aOverflow, 0, nOvfl*sizeof(Pgno));
+        pCur->curFlags |= BTCF_ValidOvfl;
+      }
+    }
+
+    /* If the overflow page-list cache has been allocated and the
+    ** entry for the first required overflow page is valid, skip
+    ** directly to it.
+    */
+    if( (pCur->curFlags & BTCF_ValidOvfl)!=0
+     && pCur->aOverflow[offset/ovflSize]
+    ){
+      iIdx = (offset/ovflSize);
+      nextPage = pCur->aOverflow[iIdx];
+      offset = (offset%ovflSize);
+    }
+
+    for( ; rc==SQLITE_OK && amt>0 && nextPage; iIdx++){
+
+      /* If required, populate the overflow page-list cache. */
+      if( (pCur->curFlags & BTCF_ValidOvfl)!=0 ){
+        assert( pCur->aOverflow[iIdx]==0
+                || pCur->aOverflow[iIdx]==nextPage
+                || CORRUPT_DB );
+        pCur->aOverflow[iIdx] = nextPage;
+      }
+
+      if( offset>=ovflSize ){
+        /* The only reason to read this page is to obtain the page
+        ** number for the next page in the overflow chain. The page
+        ** data is not required. So first try to lookup the overflow
+        ** page-list cache, if any, then fall back to the getOverflowPage()
+        ** function.
+        **
+        ** Note that the aOverflow[] array must be allocated because eOp!=2
+        ** here.  If eOp==2, then offset==0 and this branch is never taken.
+        */
+        assert( eOp!=2 );
+        assert( pCur->curFlags & BTCF_ValidOvfl );
+        assert( pCur->pBtree->db==pBt->db );
+        if( pCur->aOverflow[iIdx+1] ){
+          nextPage = pCur->aOverflow[iIdx+1];
+        }else{
+          rc = getOverflowPage(pBt, nextPage, 0, &nextPage);
+        }
+        offset -= ovflSize;
+      }else{
+        /* Need to read this page properly. It contains some of the
+        ** range of data that is being read (eOp==0) or written (eOp!=0).
+        */
+#ifdef SQLITE_DIRECT_OVERFLOW_READ
+        sqlite3_file *fd;
+#endif
+        int a = amt;
+        if( a + offset > ovflSize ){
+          a = ovflSize - offset;
+        }
+
+#ifdef SQLITE_DIRECT_OVERFLOW_READ
+        /* If all the following are true:
+        **
+        **   1) this is a read operation, and 
+        **   2) data is required from the start of this overflow page, and
+        **   3) the database is file-backed, and
+        **   4) there is no open write-transaction, and
+        **   5) the database is not a WAL database,
+        **   6) all data from the page is being read.
+        **   7) at least 4 bytes have already been read into the output buffer 
+        **
+        ** then data can be read directly from the database file into the
+        ** output buffer, bypassing the page-cache altogether. This speeds
+        ** up loading large records that span many overflow pages.
+        */
+        if( (eOp&0x01)==0                                      /* (1) */
+         && offset==0                                          /* (2) */
+         && (bEnd || a==ovflSize)                              /* (6) */
+         && pBt->inTransaction==TRANS_READ                     /* (4) */
+         && (fd = sqlite3PagerFile(pBt->pPager))->pMethods     /* (3) */
+         && pBt->pPage1->aData[19]==0x01                       /* (5) */
+         && &pBuf[-4]>=pBufStart                               /* (7) */
+        ){
+          u8 aSave[4];
+          u8 *aWrite = &pBuf[-4];
+          assert( aWrite>=pBufStart );                         /* hence (7) */
+          memcpy(aSave, aWrite, 4);
+          rc = sqlite3OsRead(fd, aWrite, a+4, (i64)pBt->pageSize*(nextPage-1));
+          nextPage = get4byte(aWrite);
+          memcpy(aWrite, aSave, 4);
+        }else
+#endif
+
+        {
+          DbPage *pDbPage;
+          rc = sqlite3PagerGet(pBt->pPager, nextPage, &pDbPage,
+              ((eOp&0x01)==0 ? PAGER_GET_READONLY : 0)
+          );
+          if( rc==SQLITE_OK ){
+            aPayload = sqlite3PagerGetData(pDbPage);
+            nextPage = get4byte(aPayload);
+            rc = copyPayload(&aPayload[offset+4], pBuf, a, (eOp&0x01), pDbPage);
+            sqlite3PagerUnref(pDbPage);
+            offset = 0;
+          }
+        }
+        amt -= a;
+        pBuf += a;
+      }
+    }
+  }
+
+  if( rc==SQLITE_OK && amt>0 ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+  return rc;
+}
+
+/*
+** Read part of the key associated with cursor pCur.  Exactly
+** "amt" bytes will be transferred into pBuf[].  The transfer
+** begins at "offset".
+**
+** The caller must ensure that pCur is pointing to a valid row
+** in the table.
+**
+** Return SQLITE_OK on success or an error code if anything goes
+** wrong.  An error is returned if "offset+amt" is larger than
+** the available payload.
+*/
+SQLITE_PRIVATE int sqlite3BtreeKey(BtCursor *pCur, u32 offset, u32 amt, void *pBuf){
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState==CURSOR_VALID );
+  assert( pCur->iPage>=0 && pCur->apPage[pCur->iPage] );
+  assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell );
+  return accessPayload(pCur, offset, amt, (unsigned char*)pBuf, 0);
+}
+
+/*
+** Read part of the data associated with cursor pCur.  Exactly
+** "amt" bytes will be transfered into pBuf[].  The transfer
+** begins at "offset".
+**
+** Return SQLITE_OK on success or an error code if anything goes
+** wrong.  An error is returned if "offset+amt" is larger than
+** the available payload.
+*/
+SQLITE_PRIVATE int sqlite3BtreeData(BtCursor *pCur, u32 offset, u32 amt, void *pBuf){
+  int rc;
+
+#ifndef SQLITE_OMIT_INCRBLOB
+  if ( pCur->eState==CURSOR_INVALID ){
+    return SQLITE_ABORT;
+  }
+#endif
+
+  assert( cursorHoldsMutex(pCur) );
+  rc = restoreCursorPosition(pCur);
+  if( rc==SQLITE_OK ){
+    assert( pCur->eState==CURSOR_VALID );
+    assert( pCur->iPage>=0 && pCur->apPage[pCur->iPage] );
+    assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell );
+    rc = accessPayload(pCur, offset, amt, pBuf, 0);
+  }
+  return rc;
+}
+
+/*
+** Return a pointer to payload information from the entry that the 
+** pCur cursor is pointing to.  The pointer is to the beginning of
+** the key if index btrees (pPage->intKey==0) and is the data for
+** table btrees (pPage->intKey==1). The number of bytes of available
+** key/data is written into *pAmt.  If *pAmt==0, then the value
+** returned will not be a valid pointer.
+**
+** This routine is an optimization.  It is common for the entire key
+** and data to fit on the local page and for there to be no overflow
+** pages.  When that is so, this routine can be used to access the
+** key and data without making a copy.  If the key and/or data spills
+** onto overflow pages, then accessPayload() must be used to reassemble
+** the key/data and copy it into a preallocated buffer.
+**
+** The pointer returned by this routine looks directly into the cached
+** page of the database.  The data might change or move the next time
+** any btree routine is called.
+*/
+static const void *fetchPayload(
+  BtCursor *pCur,      /* Cursor pointing to entry to read from */
+  u32 *pAmt            /* Write the number of available bytes here */
+){
+  u32 amt;
+  assert( pCur!=0 && pCur->iPage>=0 && pCur->apPage[pCur->iPage]);
+  assert( pCur->eState==CURSOR_VALID );
+  assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) );
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell );
+  assert( pCur->info.nSize>0 );
+  assert( pCur->info.pPayload>pCur->apPage[pCur->iPage]->aData || CORRUPT_DB );
+  assert( pCur->info.pPayload<pCur->apPage[pCur->iPage]->aDataEnd ||CORRUPT_DB);
+  amt = (int)(pCur->apPage[pCur->iPage]->aDataEnd - pCur->info.pPayload);
+  if( pCur->info.nLocal<amt ) amt = pCur->info.nLocal;
+  *pAmt = amt;
+  return (void*)pCur->info.pPayload;
+}
+
+
+/*
+** For the entry that cursor pCur is point to, return as
+** many bytes of the key or data as are available on the local
+** b-tree page.  Write the number of available bytes into *pAmt.
+**
+** The pointer returned is ephemeral.  The key/data may move
+** or be destroyed on the next call to any Btree routine,
+** including calls from other threads against the same cache.
+** Hence, a mutex on the BtShared should be held prior to calling
+** this routine.
+**
+** These routines is used to get quick access to key and data
+** in the common case where no overflow pages are used.
+*/
+SQLITE_PRIVATE const void *sqlite3BtreeKeyFetch(BtCursor *pCur, u32 *pAmt){
+  return fetchPayload(pCur, pAmt);
+}
+SQLITE_PRIVATE const void *sqlite3BtreeDataFetch(BtCursor *pCur, u32 *pAmt){
+  return fetchPayload(pCur, pAmt);
+}
+
+
+/*
+** Move the cursor down to a new child page.  The newPgno argument is the
+** page number of the child page to move to.
+**
+** This function returns SQLITE_CORRUPT if the page-header flags field of
+** the new child page does not match the flags field of the parent (i.e.
+** if an intkey page appears to be the parent of a non-intkey page, or
+** vice-versa).
+*/
+static int moveToChild(BtCursor *pCur, u32 newPgno){
+  BtShared *pBt = pCur->pBt;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState==CURSOR_VALID );
+  assert( pCur->iPage<BTCURSOR_MAX_DEPTH );
+  assert( pCur->iPage>=0 );
+  if( pCur->iPage>=(BTCURSOR_MAX_DEPTH-1) ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+  pCur->info.nSize = 0;
+  pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
+  pCur->iPage++;
+  pCur->aiIdx[pCur->iPage] = 0;
+  return getAndInitPage(pBt, newPgno, &pCur->apPage[pCur->iPage],
+                        pCur, pCur->curPagerFlags);
+}
+
+#if SQLITE_DEBUG
+/*
+** Page pParent is an internal (non-leaf) tree page. This function 
+** asserts that page number iChild is the left-child if the iIdx'th
+** cell in page pParent. Or, if iIdx is equal to the total number of
+** cells in pParent, that page number iChild is the right-child of
+** the page.
+*/
+static void assertParentIndex(MemPage *pParent, int iIdx, Pgno iChild){
+  if( CORRUPT_DB ) return;  /* The conditions tested below might not be true
+                            ** in a corrupt database */
+  assert( iIdx<=pParent->nCell );
+  if( iIdx==pParent->nCell ){
+    assert( get4byte(&pParent->aData[pParent->hdrOffset+8])==iChild );
+  }else{
+    assert( get4byte(findCell(pParent, iIdx))==iChild );
+  }
+}
+#else
+#  define assertParentIndex(x,y,z) 
+#endif
+
+/*
+** Move the cursor up to the parent page.
+**
+** pCur->idx is set to the cell index that contains the pointer
+** to the page we are coming from.  If we are coming from the
+** right-most child page then pCur->idx is set to one more than
+** the largest cell index.
+*/
+static void moveToParent(BtCursor *pCur){
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState==CURSOR_VALID );
+  assert( pCur->iPage>0 );
+  assert( pCur->apPage[pCur->iPage] );
+  assertParentIndex(
+    pCur->apPage[pCur->iPage-1], 
+    pCur->aiIdx[pCur->iPage-1], 
+    pCur->apPage[pCur->iPage]->pgno
+  );
+  testcase( pCur->aiIdx[pCur->iPage-1] > pCur->apPage[pCur->iPage-1]->nCell );
+  pCur->info.nSize = 0;
+  pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
+  releasePageNotNull(pCur->apPage[pCur->iPage--]);
+}
+
+/*
+** Move the cursor to point to the root page of its b-tree structure.
+**
+** If the table has a virtual root page, then the cursor is moved to point
+** to the virtual root page instead of the actual root page. A table has a
+** virtual root page when the actual root page contains no cells and a 
+** single child page. This can only happen with the table rooted at page 1.
+**
+** If the b-tree structure is empty, the cursor state is set to 
+** CURSOR_INVALID. Otherwise, the cursor is set to point to the first
+** cell located on the root (or virtual root) page and the cursor state
+** is set to CURSOR_VALID.
+**
+** If this function returns successfully, it may be assumed that the
+** page-header flags indicate that the [virtual] root-page is the expected 
+** kind of b-tree page (i.e. if when opening the cursor the caller did not
+** specify a KeyInfo structure the flags byte is set to 0x05 or 0x0D,
+** indicating a table b-tree, or if the caller did specify a KeyInfo 
+** structure the flags byte is set to 0x02 or 0x0A, indicating an index
+** b-tree).
+*/
+static int moveToRoot(BtCursor *pCur){
+  MemPage *pRoot;
+  int rc = SQLITE_OK;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( CURSOR_INVALID < CURSOR_REQUIRESEEK );
+  assert( CURSOR_VALID   < CURSOR_REQUIRESEEK );
+  assert( CURSOR_FAULT   > CURSOR_REQUIRESEEK );
+  if( pCur->eState>=CURSOR_REQUIRESEEK ){
+    if( pCur->eState==CURSOR_FAULT ){
+      assert( pCur->skipNext!=SQLITE_OK );
+      return pCur->skipNext;
+    }
+    sqlite3BtreeClearCursor(pCur);
+  }
+
+  if( pCur->iPage>=0 ){
+    while( pCur->iPage ){
+      assert( pCur->apPage[pCur->iPage]!=0 );
+      releasePageNotNull(pCur->apPage[pCur->iPage--]);
+    }
+  }else if( pCur->pgnoRoot==0 ){
+    pCur->eState = CURSOR_INVALID;
+    return SQLITE_OK;
+  }else{
+    assert( pCur->iPage==(-1) );
+    rc = getAndInitPage(pCur->pBtree->pBt, pCur->pgnoRoot, &pCur->apPage[0],
+                        0, pCur->curPagerFlags);
+    if( rc!=SQLITE_OK ){
+      pCur->eState = CURSOR_INVALID;
+      return rc;
+    }
+    pCur->iPage = 0;
+    pCur->curIntKey = pCur->apPage[0]->intKey;
+  }
+  pRoot = pCur->apPage[0];
+  assert( pRoot->pgno==pCur->pgnoRoot );
+
+  /* If pCur->pKeyInfo is not NULL, then the caller that opened this cursor
+  ** expected to open it on an index b-tree. Otherwise, if pKeyInfo is
+  ** NULL, the caller expects a table b-tree. If this is not the case,
+  ** return an SQLITE_CORRUPT error. 
+  **
+  ** Earlier versions of SQLite assumed that this test could not fail
+  ** if the root page was already loaded when this function was called (i.e.
+  ** if pCur->iPage>=0). But this is not so if the database is corrupted 
+  ** in such a way that page pRoot is linked into a second b-tree table 
+  ** (or the freelist).  */
+  assert( pRoot->intKey==1 || pRoot->intKey==0 );
+  if( pRoot->isInit==0 || (pCur->pKeyInfo==0)!=pRoot->intKey ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+
+  pCur->aiIdx[0] = 0;
+  pCur->info.nSize = 0;
+  pCur->curFlags &= ~(BTCF_AtLast|BTCF_ValidNKey|BTCF_ValidOvfl);
+
+  if( pRoot->nCell>0 ){
+    pCur->eState = CURSOR_VALID;
+  }else if( !pRoot->leaf ){
+    Pgno subpage;
+    if( pRoot->pgno!=1 ) return SQLITE_CORRUPT_BKPT;
+    subpage = get4byte(&pRoot->aData[pRoot->hdrOffset+8]);
+    pCur->eState = CURSOR_VALID;
+    rc = moveToChild(pCur, subpage);
+  }else{
+    pCur->eState = CURSOR_INVALID;
+  }
+  return rc;
+}
+
+/*
+** Move the cursor down to the left-most leaf entry beneath the
+** entry to which it is currently pointing.
+**
+** The left-most leaf is the one with the smallest key - the first
+** in ascending order.
+*/
+static int moveToLeftmost(BtCursor *pCur){
+  Pgno pgno;
+  int rc = SQLITE_OK;
+  MemPage *pPage;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState==CURSOR_VALID );
+  while( rc==SQLITE_OK && !(pPage = pCur->apPage[pCur->iPage])->leaf ){
+    assert( pCur->aiIdx[pCur->iPage]<pPage->nCell );
+    pgno = get4byte(findCell(pPage, pCur->aiIdx[pCur->iPage]));
+    rc = moveToChild(pCur, pgno);
+  }
+  return rc;
+}
+
+/*
+** Move the cursor down to the right-most leaf entry beneath the
+** page to which it is currently pointing.  Notice the difference
+** between moveToLeftmost() and moveToRightmost().  moveToLeftmost()
+** finds the left-most entry beneath the *entry* whereas moveToRightmost()
+** finds the right-most entry beneath the *page*.
+**
+** The right-most entry is the one with the largest key - the last
+** key in ascending order.
+*/
+static int moveToRightmost(BtCursor *pCur){
+  Pgno pgno;
+  int rc = SQLITE_OK;
+  MemPage *pPage = 0;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->eState==CURSOR_VALID );
+  while( !(pPage = pCur->apPage[pCur->iPage])->leaf ){
+    pgno = get4byte(&pPage->aData[pPage->hdrOffset+8]);
+    pCur->aiIdx[pCur->iPage] = pPage->nCell;
+    rc = moveToChild(pCur, pgno);
+    if( rc ) return rc;
+  }
+  pCur->aiIdx[pCur->iPage] = pPage->nCell-1;
+  assert( pCur->info.nSize==0 );
+  assert( (pCur->curFlags & BTCF_ValidNKey)==0 );
+  return SQLITE_OK;
+}
+
+/* Move the cursor to the first entry in the table.  Return SQLITE_OK
+** on success.  Set *pRes to 0 if the cursor actually points to something
+** or set *pRes to 1 if the table is empty.
+*/
+SQLITE_PRIVATE int sqlite3BtreeFirst(BtCursor *pCur, int *pRes){
+  int rc;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) );
+  rc = moveToRoot(pCur);
+  if( rc==SQLITE_OK ){
+    if( pCur->eState==CURSOR_INVALID ){
+      assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 );
+      *pRes = 1;
+    }else{
+      assert( pCur->apPage[pCur->iPage]->nCell>0 );
+      *pRes = 0;
+      rc = moveToLeftmost(pCur);
+    }
+  }
+  return rc;
+}
+
+/* Move the cursor to the last entry in the table.  Return SQLITE_OK
+** on success.  Set *pRes to 0 if the cursor actually points to something
+** or set *pRes to 1 if the table is empty.
+*/
+SQLITE_PRIVATE int sqlite3BtreeLast(BtCursor *pCur, int *pRes){
+  int rc;
+ 
+  assert( cursorHoldsMutex(pCur) );
+  assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) );
+
+  /* If the cursor already points to the last entry, this is a no-op. */
+  if( CURSOR_VALID==pCur->eState && (pCur->curFlags & BTCF_AtLast)!=0 ){
+#ifdef SQLITE_DEBUG
+    /* This block serves to assert() that the cursor really does point 
+    ** to the last entry in the b-tree. */
+    int ii;
+    for(ii=0; ii<pCur->iPage; ii++){
+      assert( pCur->aiIdx[ii]==pCur->apPage[ii]->nCell );
+    }
+    assert( pCur->aiIdx[pCur->iPage]==pCur->apPage[pCur->iPage]->nCell-1 );
+    assert( pCur->apPage[pCur->iPage]->leaf );
+#endif
+    return SQLITE_OK;
+  }
+
+  rc = moveToRoot(pCur);
+  if( rc==SQLITE_OK ){
+    if( CURSOR_INVALID==pCur->eState ){
+      assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 );
+      *pRes = 1;
+    }else{
+      assert( pCur->eState==CURSOR_VALID );
+      *pRes = 0;
+      rc = moveToRightmost(pCur);
+      if( rc==SQLITE_OK ){
+        pCur->curFlags |= BTCF_AtLast;
+      }else{
+        pCur->curFlags &= ~BTCF_AtLast;
+      }
+   
+    }
+  }
+  return rc;
+}
+
+/* Move the cursor so that it points to an entry near the key 
+** specified by pIdxKey or intKey.   Return a success code.
+**
+** For INTKEY tables, the intKey parameter is used.  pIdxKey 
+** must be NULL.  For index tables, pIdxKey is used and intKey
+** is ignored.
+**
+** If an exact match is not found, then the cursor is always
+** left pointing at a leaf page which would hold the entry if it
+** were present.  The cursor might point to an entry that comes
+** before or after the key.
+**
+** An integer is written into *pRes which is the result of
+** comparing the key with the entry to which the cursor is 
+** pointing.  The meaning of the integer written into
+** *pRes is as follows:
+**
+**     *pRes<0      The cursor is left pointing at an entry that
+**                  is smaller than intKey/pIdxKey or if the table is empty
+**                  and the cursor is therefore left point to nothing.
+**
+**     *pRes==0     The cursor is left pointing at an entry that
+**                  exactly matches intKey/pIdxKey.
+**
+**     *pRes>0      The cursor is left pointing at an entry that
+**                  is larger than intKey/pIdxKey.
+**
+** For index tables, the pIdxKey->eqSeen field is set to 1 if there
+** exists an entry in the table that exactly matches pIdxKey.  
+*/
+SQLITE_PRIVATE int sqlite3BtreeMovetoUnpacked(
+  BtCursor *pCur,          /* The cursor to be moved */
+  UnpackedRecord *pIdxKey, /* Unpacked index key */
+  i64 intKey,              /* The table key */
+  int biasRight,           /* If true, bias the search to the high end */
+  int *pRes                /* Write search results here */
+){
+  int rc;
+  RecordCompare xRecordCompare;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) );
+  assert( pRes );
+  assert( (pIdxKey==0)==(pCur->pKeyInfo==0) );
+
+  /* If the cursor is already positioned at the point we are trying
+  ** to move to, then just return without doing any work */
+  if( pCur->eState==CURSOR_VALID && (pCur->curFlags & BTCF_ValidNKey)!=0
+   && pCur->curIntKey 
+  ){
+    if( pCur->info.nKey==intKey ){
+      *pRes = 0;
+      return SQLITE_OK;
+    }
+    if( (pCur->curFlags & BTCF_AtLast)!=0 && pCur->info.nKey<intKey ){
+      *pRes = -1;
+      return SQLITE_OK;
+    }
+  }
+
+  if( pIdxKey ){
+    xRecordCompare = sqlite3VdbeFindCompare(pIdxKey);
+    pIdxKey->errCode = 0;
+    assert( pIdxKey->default_rc==1 
+         || pIdxKey->default_rc==0 
+         || pIdxKey->default_rc==-1
+    );
+  }else{
+    xRecordCompare = 0; /* All keys are integers */
+  }
+
+  rc = moveToRoot(pCur);
+  if( rc ){
+    return rc;
+  }
+  assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage] );
+  assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->isInit );
+  assert( pCur->eState==CURSOR_INVALID || pCur->apPage[pCur->iPage]->nCell>0 );
+  if( pCur->eState==CURSOR_INVALID ){
+    *pRes = -1;
+    assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 );
+    return SQLITE_OK;
+  }
+  assert( pCur->apPage[0]->intKey==pCur->curIntKey );
+  assert( pCur->curIntKey || pIdxKey );
+  for(;;){
+    int lwr, upr, idx, c;
+    Pgno chldPg;
+    MemPage *pPage = pCur->apPage[pCur->iPage];
+    u8 *pCell;                          /* Pointer to current cell in pPage */
+
+    /* pPage->nCell must be greater than zero. If this is the root-page
+    ** the cursor would have been INVALID above and this for(;;) loop
+    ** not run. If this is not the root-page, then the moveToChild() routine
+    ** would have already detected db corruption. Similarly, pPage must
+    ** be the right kind (index or table) of b-tree page. Otherwise
+    ** a moveToChild() or moveToRoot() call would have detected corruption.  */
+    assert( pPage->nCell>0 );
+    assert( pPage->intKey==(pIdxKey==0) );
+    lwr = 0;
+    upr = pPage->nCell-1;
+    assert( biasRight==0 || biasRight==1 );
+    idx = upr>>(1-biasRight); /* idx = biasRight ? upr : (lwr+upr)/2; */
+    pCur->aiIdx[pCur->iPage] = (u16)idx;
+    if( xRecordCompare==0 ){
+      for(;;){
+        i64 nCellKey;
+        pCell = findCellPastPtr(pPage, idx);
+        if( pPage->intKeyLeaf ){
+          while( 0x80 <= *(pCell++) ){
+            if( pCell>=pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT;
+          }
+        }
+        getVarint(pCell, (u64*)&nCellKey);
+        if( nCellKey<intKey ){
+          lwr = idx+1;
+          if( lwr>upr ){ c = -1; break; }
+        }else if( nCellKey>intKey ){
+          upr = idx-1;
+          if( lwr>upr ){ c = +1; break; }
+        }else{
+          assert( nCellKey==intKey );
+          pCur->curFlags |= BTCF_ValidNKey;
+          pCur->info.nKey = nCellKey;
+          pCur->aiIdx[pCur->iPage] = (u16)idx;
+          if( !pPage->leaf ){
+            lwr = idx;
+            goto moveto_next_layer;
+          }else{
+            *pRes = 0;
+            rc = SQLITE_OK;
+            goto moveto_finish;
+          }
+        }
+        assert( lwr+upr>=0 );
+        idx = (lwr+upr)>>1;  /* idx = (lwr+upr)/2; */
+      }
+    }else{
+      for(;;){
+        int nCell;  /* Size of the pCell cell in bytes */
+        pCell = findCellPastPtr(pPage, idx);
+
+        /* The maximum supported page-size is 65536 bytes. This means that
+        ** the maximum number of record bytes stored on an index B-Tree
+        ** page is less than 16384 bytes and may be stored as a 2-byte
+        ** varint. This information is used to attempt to avoid parsing 
+        ** the entire cell by checking for the cases where the record is 
+        ** stored entirely within the b-tree page by inspecting the first 
+        ** 2 bytes of the cell.
+        */
+        nCell = pCell[0];
+        if( nCell<=pPage->max1bytePayload ){
+          /* This branch runs if the record-size field of the cell is a
+          ** single byte varint and the record fits entirely on the main
+          ** b-tree page.  */
+          testcase( pCell+nCell+1==pPage->aDataEnd );
+          c = xRecordCompare(nCell, (void*)&pCell[1], pIdxKey);
+        }else if( !(pCell[1] & 0x80) 
+          && (nCell = ((nCell&0x7f)<<7) + pCell[1])<=pPage->maxLocal
+        ){
+          /* The record-size field is a 2 byte varint and the record 
+          ** fits entirely on the main b-tree page.  */
+          testcase( pCell+nCell+2==pPage->aDataEnd );
+          c = xRecordCompare(nCell, (void*)&pCell[2], pIdxKey);
+        }else{
+          /* The record flows over onto one or more overflow pages. In
+          ** this case the whole cell needs to be parsed, a buffer allocated
+          ** and accessPayload() used to retrieve the record into the
+          ** buffer before VdbeRecordCompare() can be called. 
+          **
+          ** If the record is corrupt, the xRecordCompare routine may read
+          ** up to two varints past the end of the buffer. An extra 18 
+          ** bytes of padding is allocated at the end of the buffer in
+          ** case this happens.  */
+          void *pCellKey;
+          u8 * const pCellBody = pCell - pPage->childPtrSize;
+          pPage->xParseCell(pPage, pCellBody, &pCur->info);
+          nCell = (int)pCur->info.nKey;
+          testcase( nCell<0 );   /* True if key size is 2^32 or more */
+          testcase( nCell==0 );  /* Invalid key size:  0x80 0x80 0x00 */
+          testcase( nCell==1 );  /* Invalid key size:  0x80 0x80 0x01 */
+          testcase( nCell==2 );  /* Minimum legal index key size */
+          if( nCell<2 ){
+            rc = SQLITE_CORRUPT_BKPT;
+            goto moveto_finish;
+          }
+          pCellKey = sqlite3Malloc( nCell+18 );
+          if( pCellKey==0 ){
+            rc = SQLITE_NOMEM;
+            goto moveto_finish;
+          }
+          pCur->aiIdx[pCur->iPage] = (u16)idx;
+          rc = accessPayload(pCur, 0, nCell, (unsigned char*)pCellKey, 2);
+          if( rc ){
+            sqlite3_free(pCellKey);
+            goto moveto_finish;
+          }
+          c = xRecordCompare(nCell, pCellKey, pIdxKey);
+          sqlite3_free(pCellKey);
+        }
+        assert( 
+            (pIdxKey->errCode!=SQLITE_CORRUPT || c==0)
+         && (pIdxKey->errCode!=SQLITE_NOMEM || pCur->pBtree->db->mallocFailed)
+        );
+        if( c<0 ){
+          lwr = idx+1;
+        }else if( c>0 ){
+          upr = idx-1;
+        }else{
+          assert( c==0 );
+          *pRes = 0;
+          rc = SQLITE_OK;
+          pCur->aiIdx[pCur->iPage] = (u16)idx;
+          if( pIdxKey->errCode ) rc = SQLITE_CORRUPT;
+          goto moveto_finish;
+        }
+        if( lwr>upr ) break;
+        assert( lwr+upr>=0 );
+        idx = (lwr+upr)>>1;  /* idx = (lwr+upr)/2 */
+      }
+    }
+    assert( lwr==upr+1 || (pPage->intKey && !pPage->leaf) );
+    assert( pPage->isInit );
+    if( pPage->leaf ){
+      assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell );
+      pCur->aiIdx[pCur->iPage] = (u16)idx;
+      *pRes = c;
+      rc = SQLITE_OK;
+      goto moveto_finish;
+    }
+moveto_next_layer:
+    if( lwr>=pPage->nCell ){
+      chldPg = get4byte(&pPage->aData[pPage->hdrOffset+8]);
+    }else{
+      chldPg = get4byte(findCell(pPage, lwr));
+    }
+    pCur->aiIdx[pCur->iPage] = (u16)lwr;
+    rc = moveToChild(pCur, chldPg);
+    if( rc ) break;
+  }
+moveto_finish:
+  pCur->info.nSize = 0;
+  pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
+  return rc;
+}
+
+
+/*
+** Return TRUE if the cursor is not pointing at an entry of the table.
+**
+** TRUE will be returned after a call to sqlite3BtreeNext() moves
+** past the last entry in the table or sqlite3BtreePrev() moves past
+** the first entry.  TRUE is also returned if the table is empty.
+*/
+SQLITE_PRIVATE int sqlite3BtreeEof(BtCursor *pCur){
+  /* TODO: What if the cursor is in CURSOR_REQUIRESEEK but all table entries
+  ** have been deleted? This API will need to change to return an error code
+  ** as well as the boolean result value.
+  */
+  return (CURSOR_VALID!=pCur->eState);
+}
+
+/*
+** Advance the cursor to the next entry in the database.  If
+** successful then set *pRes=0.  If the cursor
+** was already pointing to the last entry in the database before
+** this routine was called, then set *pRes=1.
+**
+** The main entry point is sqlite3BtreeNext().  That routine is optimized
+** for the common case of merely incrementing the cell counter BtCursor.aiIdx
+** to the next cell on the current page.  The (slower) btreeNext() helper
+** routine is called when it is necessary to move to a different page or
+** to restore the cursor.
+**
+** The calling function will set *pRes to 0 or 1.  The initial *pRes value
+** will be 1 if the cursor being stepped corresponds to an SQL index and
+** if this routine could have been skipped if that SQL index had been
+** a unique index.  Otherwise the caller will have set *pRes to zero.
+** Zero is the common case. The btree implementation is free to use the
+** initial *pRes value as a hint to improve performance, but the current
+** SQLite btree implementation does not. (Note that the comdb2 btree
+** implementation does use this hint, however.)
+*/
+static SQLITE_NOINLINE int btreeNext(BtCursor *pCur, int *pRes){
+  int rc;
+  int idx;
+  MemPage *pPage;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
+  assert( *pRes==0 );
+  if( pCur->eState!=CURSOR_VALID ){
+    assert( (pCur->curFlags & BTCF_ValidOvfl)==0 );
+    rc = restoreCursorPosition(pCur);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    if( CURSOR_INVALID==pCur->eState ){
+      *pRes = 1;
+      return SQLITE_OK;
+    }
+    if( pCur->skipNext ){
+      assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_SKIPNEXT );
+      pCur->eState = CURSOR_VALID;
+      if( pCur->skipNext>0 ){
+        pCur->skipNext = 0;
+        return SQLITE_OK;
+      }
+      pCur->skipNext = 0;
+    }
+  }
+
+  pPage = pCur->apPage[pCur->iPage];
+  idx = ++pCur->aiIdx[pCur->iPage];
+  assert( pPage->isInit );
+
+  /* If the database file is corrupt, it is possible for the value of idx 
+  ** to be invalid here. This can only occur if a second cursor modifies
+  ** the page while cursor pCur is holding a reference to it. Which can
+  ** only happen if the database is corrupt in such a way as to link the
+  ** page into more than one b-tree structure. */
+  testcase( idx>pPage->nCell );
+
+  if( idx>=pPage->nCell ){
+    if( !pPage->leaf ){
+      rc = moveToChild(pCur, get4byte(&pPage->aData[pPage->hdrOffset+8]));
+      if( rc ) return rc;
+      return moveToLeftmost(pCur);
+    }
+    do{
+      if( pCur->iPage==0 ){
+        *pRes = 1;
+        pCur->eState = CURSOR_INVALID;
+        return SQLITE_OK;
+      }
+      moveToParent(pCur);
+      pPage = pCur->apPage[pCur->iPage];
+    }while( pCur->aiIdx[pCur->iPage]>=pPage->nCell );
+    if( pPage->intKey ){
+      return sqlite3BtreeNext(pCur, pRes);
+    }else{
+      return SQLITE_OK;
+    }
+  }
+  if( pPage->leaf ){
+    return SQLITE_OK;
+  }else{
+    return moveToLeftmost(pCur);
+  }
+}
+SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor *pCur, int *pRes){
+  MemPage *pPage;
+  assert( cursorHoldsMutex(pCur) );
+  assert( pRes!=0 );
+  assert( *pRes==0 || *pRes==1 );
+  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
+  pCur->info.nSize = 0;
+  pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
+  *pRes = 0;
+  if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur, pRes);
+  pPage = pCur->apPage[pCur->iPage];
+  if( (++pCur->aiIdx[pCur->iPage])>=pPage->nCell ){
+    pCur->aiIdx[pCur->iPage]--;
+    return btreeNext(pCur, pRes);
+  }
+  if( pPage->leaf ){
+    return SQLITE_OK;
+  }else{
+    return moveToLeftmost(pCur);
+  }
+}
+
+/*
+** Step the cursor to the back to the previous entry in the database.  If
+** successful then set *pRes=0.  If the cursor
+** was already pointing to the first entry in the database before
+** this routine was called, then set *pRes=1.
+**
+** The main entry point is sqlite3BtreePrevious().  That routine is optimized
+** for the common case of merely decrementing the cell counter BtCursor.aiIdx
+** to the previous cell on the current page.  The (slower) btreePrevious()
+** helper routine is called when it is necessary to move to a different page
+** or to restore the cursor.
+**
+** The calling function will set *pRes to 0 or 1.  The initial *pRes value
+** will be 1 if the cursor being stepped corresponds to an SQL index and
+** if this routine could have been skipped if that SQL index had been
+** a unique index.  Otherwise the caller will have set *pRes to zero.
+** Zero is the common case. The btree implementation is free to use the
+** initial *pRes value as a hint to improve performance, but the current
+** SQLite btree implementation does not. (Note that the comdb2 btree
+** implementation does use this hint, however.)
+*/
+static SQLITE_NOINLINE int btreePrevious(BtCursor *pCur, int *pRes){
+  int rc;
+  MemPage *pPage;
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( pRes!=0 );
+  assert( *pRes==0 );
+  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
+  assert( (pCur->curFlags & (BTCF_AtLast|BTCF_ValidOvfl|BTCF_ValidNKey))==0 );
+  assert( pCur->info.nSize==0 );
+  if( pCur->eState!=CURSOR_VALID ){
+    rc = restoreCursorPosition(pCur);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    if( CURSOR_INVALID==pCur->eState ){
+      *pRes = 1;
+      return SQLITE_OK;
+    }
+    if( pCur->skipNext ){
+      assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_SKIPNEXT );
+      pCur->eState = CURSOR_VALID;
+      if( pCur->skipNext<0 ){
+        pCur->skipNext = 0;
+        return SQLITE_OK;
+      }
+      pCur->skipNext = 0;
+    }
+  }
+
+  pPage = pCur->apPage[pCur->iPage];
+  assert( pPage->isInit );
+  if( !pPage->leaf ){
+    int idx = pCur->aiIdx[pCur->iPage];
+    rc = moveToChild(pCur, get4byte(findCell(pPage, idx)));
+    if( rc ) return rc;
+    rc = moveToRightmost(pCur);
+  }else{
+    while( pCur->aiIdx[pCur->iPage]==0 ){
+      if( pCur->iPage==0 ){
+        pCur->eState = CURSOR_INVALID;
+        *pRes = 1;
+        return SQLITE_OK;
+      }
+      moveToParent(pCur);
+    }
+    assert( pCur->info.nSize==0 );
+    assert( (pCur->curFlags & (BTCF_ValidNKey|BTCF_ValidOvfl))==0 );
+
+    pCur->aiIdx[pCur->iPage]--;
+    pPage = pCur->apPage[pCur->iPage];
+    if( pPage->intKey && !pPage->leaf ){
+      rc = sqlite3BtreePrevious(pCur, pRes);
+    }else{
+      rc = SQLITE_OK;
+    }
+  }
+  return rc;
+}
+SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor *pCur, int *pRes){
+  assert( cursorHoldsMutex(pCur) );
+  assert( pRes!=0 );
+  assert( *pRes==0 || *pRes==1 );
+  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
+  *pRes = 0;
+  pCur->curFlags &= ~(BTCF_AtLast|BTCF_ValidOvfl|BTCF_ValidNKey);
+  pCur->info.nSize = 0;
+  if( pCur->eState!=CURSOR_VALID
+   || pCur->aiIdx[pCur->iPage]==0
+   || pCur->apPage[pCur->iPage]->leaf==0
+  ){
+    return btreePrevious(pCur, pRes);
+  }
+  pCur->aiIdx[pCur->iPage]--;
+  return SQLITE_OK;
+}
+
+/*
+** Allocate a new page from the database file.
+**
+** The new page is marked as dirty.  (In other words, sqlite3PagerWrite()
+** has already been called on the new page.)  The new page has also
+** been referenced and the calling routine is responsible for calling
+** sqlite3PagerUnref() on the new page when it is done.
+**
+** SQLITE_OK is returned on success.  Any other return value indicates
+** an error.  *ppPage is set to NULL in the event of an error.
+**
+** If the "nearby" parameter is not 0, then an effort is made to 
+** locate a page close to the page number "nearby".  This can be used in an
+** attempt to keep related pages close to each other in the database file,
+** which in turn can make database access faster.
+**
+** If the eMode parameter is BTALLOC_EXACT and the nearby page exists
+** anywhere on the free-list, then it is guaranteed to be returned.  If
+** eMode is BTALLOC_LT then the page returned will be less than or equal
+** to nearby if any such page exists.  If eMode is BTALLOC_ANY then there
+** are no restrictions on which page is returned.
+*/
+static int allocateBtreePage(
+  BtShared *pBt,         /* The btree */
+  MemPage **ppPage,      /* Store pointer to the allocated page here */
+  Pgno *pPgno,           /* Store the page number here */
+  Pgno nearby,           /* Search for a page near this one */
+  u8 eMode               /* BTALLOC_EXACT, BTALLOC_LT, or BTALLOC_ANY */
+){
+  MemPage *pPage1;
+  int rc;
+  u32 n;     /* Number of pages on the freelist */
+  u32 k;     /* Number of leaves on the trunk of the freelist */
+  MemPage *pTrunk = 0;
+  MemPage *pPrevTrunk = 0;
+  Pgno mxPage;     /* Total size of the database file */
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( eMode==BTALLOC_ANY || (nearby>0 && IfNotOmitAV(pBt->autoVacuum)) );
+  pPage1 = pBt->pPage1;
+  mxPage = btreePagecount(pBt);
+  /* EVIDENCE-OF: R-05119-02637 The 4-byte big-endian integer at offset 36
+  ** stores stores the total number of pages on the freelist. */
+  n = get4byte(&pPage1->aData[36]);
+  testcase( n==mxPage-1 );
+  if( n>=mxPage ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+  if( n>0 ){
+    /* There are pages on the freelist.  Reuse one of those pages. */
+    Pgno iTrunk;
+    u8 searchList = 0; /* If the free-list must be searched for 'nearby' */
+    u32 nSearch = 0;   /* Count of the number of search attempts */
+    
+    /* If eMode==BTALLOC_EXACT and a query of the pointer-map
+    ** shows that the page 'nearby' is somewhere on the free-list, then
+    ** the entire-list will be searched for that page.
+    */
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( eMode==BTALLOC_EXACT ){
+      if( nearby<=mxPage ){
+        u8 eType;
+        assert( nearby>0 );
+        assert( pBt->autoVacuum );
+        rc = ptrmapGet(pBt, nearby, &eType, 0);
+        if( rc ) return rc;
+        if( eType==PTRMAP_FREEPAGE ){
+          searchList = 1;
+        }
+      }
+    }else if( eMode==BTALLOC_LE ){
+      searchList = 1;
+    }
+#endif
+
+    /* Decrement the free-list count by 1. Set iTrunk to the index of the
+    ** first free-list trunk page. iPrevTrunk is initially 1.
+    */
+    rc = sqlite3PagerWrite(pPage1->pDbPage);
+    if( rc ) return rc;
+    put4byte(&pPage1->aData[36], n-1);
+
+    /* The code within this loop is run only once if the 'searchList' variable
+    ** is not true. Otherwise, it runs once for each trunk-page on the
+    ** free-list until the page 'nearby' is located (eMode==BTALLOC_EXACT)
+    ** or until a page less than 'nearby' is located (eMode==BTALLOC_LT)
+    */
+    do {
+      pPrevTrunk = pTrunk;
+      if( pPrevTrunk ){
+        /* EVIDENCE-OF: R-01506-11053 The first integer on a freelist trunk page
+        ** is the page number of the next freelist trunk page in the list or
+        ** zero if this is the last freelist trunk page. */
+        iTrunk = get4byte(&pPrevTrunk->aData[0]);
+      }else{
+        /* EVIDENCE-OF: R-59841-13798 The 4-byte big-endian integer at offset 32
+        ** stores the page number of the first page of the freelist, or zero if
+        ** the freelist is empty. */
+        iTrunk = get4byte(&pPage1->aData[32]);
+      }
+      testcase( iTrunk==mxPage );
+      if( iTrunk>mxPage || nSearch++ > n ){
+        rc = SQLITE_CORRUPT_BKPT;
+      }else{
+        rc = btreeGetUnusedPage(pBt, iTrunk, &pTrunk, 0);
+      }
+      if( rc ){
+        pTrunk = 0;
+        goto end_allocate_page;
+      }
+      assert( pTrunk!=0 );
+      assert( pTrunk->aData!=0 );
+      /* EVIDENCE-OF: R-13523-04394 The second integer on a freelist trunk page
+      ** is the number of leaf page pointers to follow. */
+      k = get4byte(&pTrunk->aData[4]);
+      if( k==0 && !searchList ){
+        /* The trunk has no leaves and the list is not being searched. 
+        ** So extract the trunk page itself and use it as the newly 
+        ** allocated page */
+        assert( pPrevTrunk==0 );
+        rc = sqlite3PagerWrite(pTrunk->pDbPage);
+        if( rc ){
+          goto end_allocate_page;
+        }
+        *pPgno = iTrunk;
+        memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4);
+        *ppPage = pTrunk;
+        pTrunk = 0;
+        TRACE(("ALLOCATE: %d trunk - %d free pages left\n", *pPgno, n-1));
+      }else if( k>(u32)(pBt->usableSize/4 - 2) ){
+        /* Value of k is out of range.  Database corruption */
+        rc = SQLITE_CORRUPT_BKPT;
+        goto end_allocate_page;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      }else if( searchList 
+            && (nearby==iTrunk || (iTrunk<nearby && eMode==BTALLOC_LE)) 
+      ){
+        /* The list is being searched and this trunk page is the page
+        ** to allocate, regardless of whether it has leaves.
+        */
+        *pPgno = iTrunk;
+        *ppPage = pTrunk;
+        searchList = 0;
+        rc = sqlite3PagerWrite(pTrunk->pDbPage);
+        if( rc ){
+          goto end_allocate_page;
+        }
+        if( k==0 ){
+          if( !pPrevTrunk ){
+            memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4);
+          }else{
+            rc = sqlite3PagerWrite(pPrevTrunk->pDbPage);
+            if( rc!=SQLITE_OK ){
+              goto end_allocate_page;
+            }
+            memcpy(&pPrevTrunk->aData[0], &pTrunk->aData[0], 4);
+          }
+        }else{
+          /* The trunk page is required by the caller but it contains 
+          ** pointers to free-list leaves. The first leaf becomes a trunk
+          ** page in this case.
+          */
+          MemPage *pNewTrunk;
+          Pgno iNewTrunk = get4byte(&pTrunk->aData[8]);
+          if( iNewTrunk>mxPage ){ 
+            rc = SQLITE_CORRUPT_BKPT;
+            goto end_allocate_page;
+          }
+          testcase( iNewTrunk==mxPage );
+          rc = btreeGetUnusedPage(pBt, iNewTrunk, &pNewTrunk, 0);
+          if( rc!=SQLITE_OK ){
+            goto end_allocate_page;
+          }
+          rc = sqlite3PagerWrite(pNewTrunk->pDbPage);
+          if( rc!=SQLITE_OK ){
+            releasePage(pNewTrunk);
+            goto end_allocate_page;
+          }
+          memcpy(&pNewTrunk->aData[0], &pTrunk->aData[0], 4);
+          put4byte(&pNewTrunk->aData[4], k-1);
+          memcpy(&pNewTrunk->aData[8], &pTrunk->aData[12], (k-1)*4);
+          releasePage(pNewTrunk);
+          if( !pPrevTrunk ){
+            assert( sqlite3PagerIswriteable(pPage1->pDbPage) );
+            put4byte(&pPage1->aData[32], iNewTrunk);
+          }else{
+            rc = sqlite3PagerWrite(pPrevTrunk->pDbPage);
+            if( rc ){
+              goto end_allocate_page;
+            }
+            put4byte(&pPrevTrunk->aData[0], iNewTrunk);
+          }
+        }
+        pTrunk = 0;
+        TRACE(("ALLOCATE: %d trunk - %d free pages left\n", *pPgno, n-1));
+#endif
+      }else if( k>0 ){
+        /* Extract a leaf from the trunk */
+        u32 closest;
+        Pgno iPage;
+        unsigned char *aData = pTrunk->aData;
+        if( nearby>0 ){
+          u32 i;
+          closest = 0;
+          if( eMode==BTALLOC_LE ){
+            for(i=0; i<k; i++){
+              iPage = get4byte(&aData[8+i*4]);
+              if( iPage<=nearby ){
+                closest = i;
+                break;
+              }
+            }
+          }else{
+            int dist;
+            dist = sqlite3AbsInt32(get4byte(&aData[8]) - nearby);
+            for(i=1; i<k; i++){
+              int d2 = sqlite3AbsInt32(get4byte(&aData[8+i*4]) - nearby);
+              if( d2<dist ){
+                closest = i;
+                dist = d2;
+              }
+            }
+          }
+        }else{
+          closest = 0;
+        }
+
+        iPage = get4byte(&aData[8+closest*4]);
+        testcase( iPage==mxPage );
+        if( iPage>mxPage ){
+          rc = SQLITE_CORRUPT_BKPT;
+          goto end_allocate_page;
+        }
+        testcase( iPage==mxPage );
+        if( !searchList 
+         || (iPage==nearby || (iPage<nearby && eMode==BTALLOC_LE)) 
+        ){
+          int noContent;
+          *pPgno = iPage;
+          TRACE(("ALLOCATE: %d was leaf %d of %d on trunk %d"
+                 ": %d more free pages\n",
+                 *pPgno, closest+1, k, pTrunk->pgno, n-1));
+          rc = sqlite3PagerWrite(pTrunk->pDbPage);
+          if( rc ) goto end_allocate_page;
+          if( closest<k-1 ){
+            memcpy(&aData[8+closest*4], &aData[4+k*4], 4);
+          }
+          put4byte(&aData[4], k-1);
+          noContent = !btreeGetHasContent(pBt, *pPgno)? PAGER_GET_NOCONTENT : 0;
+          rc = btreeGetUnusedPage(pBt, *pPgno, ppPage, noContent);
+          if( rc==SQLITE_OK ){
+            rc = sqlite3PagerWrite((*ppPage)->pDbPage);
+            if( rc!=SQLITE_OK ){
+              releasePage(*ppPage);
+              *ppPage = 0;
+            }
+          }
+          searchList = 0;
+        }
+      }
+      releasePage(pPrevTrunk);
+      pPrevTrunk = 0;
+    }while( searchList );
+  }else{
+    /* There are no pages on the freelist, so append a new page to the
+    ** database image.
+    **
+    ** Normally, new pages allocated by this block can be requested from the
+    ** pager layer with the 'no-content' flag set. This prevents the pager
+    ** from trying to read the pages content from disk. However, if the
+    ** current transaction has already run one or more incremental-vacuum
+    ** steps, then the page we are about to allocate may contain content
+    ** that is required in the event of a rollback. In this case, do
+    ** not set the no-content flag. This causes the pager to load and journal
+    ** the current page content before overwriting it.
+    **
+    ** Note that the pager will not actually attempt to load or journal 
+    ** content for any page that really does lie past the end of the database
+    ** file on disk. So the effects of disabling the no-content optimization
+    ** here are confined to those pages that lie between the end of the
+    ** database image and the end of the database file.
+    */
+    int bNoContent = (0==IfNotOmitAV(pBt->bDoTruncate))? PAGER_GET_NOCONTENT:0;
+
+    rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
+    if( rc ) return rc;
+    pBt->nPage++;
+    if( pBt->nPage==PENDING_BYTE_PAGE(pBt) ) pBt->nPage++;
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( pBt->autoVacuum && PTRMAP_ISPAGE(pBt, pBt->nPage) ){
+      /* If *pPgno refers to a pointer-map page, allocate two new pages
+      ** at the end of the file instead of one. The first allocated page
+      ** becomes a new pointer-map page, the second is used by the caller.
+      */
+      MemPage *pPg = 0;
+      TRACE(("ALLOCATE: %d from end of file (pointer-map page)\n", pBt->nPage));
+      assert( pBt->nPage!=PENDING_BYTE_PAGE(pBt) );
+      rc = btreeGetUnusedPage(pBt, pBt->nPage, &pPg, bNoContent);
+      if( rc==SQLITE_OK ){
+        rc = sqlite3PagerWrite(pPg->pDbPage);
+        releasePage(pPg);
+      }
+      if( rc ) return rc;
+      pBt->nPage++;
+      if( pBt->nPage==PENDING_BYTE_PAGE(pBt) ){ pBt->nPage++; }
+    }
+#endif
+    put4byte(28 + (u8*)pBt->pPage1->aData, pBt->nPage);
+    *pPgno = pBt->nPage;
+
+    assert( *pPgno!=PENDING_BYTE_PAGE(pBt) );
+    rc = btreeGetUnusedPage(pBt, *pPgno, ppPage, bNoContent);
+    if( rc ) return rc;
+    rc = sqlite3PagerWrite((*ppPage)->pDbPage);
+    if( rc!=SQLITE_OK ){
+      releasePage(*ppPage);
+      *ppPage = 0;
+    }
+    TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
+  }
+
+  assert( *pPgno!=PENDING_BYTE_PAGE(pBt) );
+
+end_allocate_page:
+  releasePage(pTrunk);
+  releasePage(pPrevTrunk);
+  assert( rc!=SQLITE_OK || sqlite3PagerPageRefcount((*ppPage)->pDbPage)<=1 );
+  assert( rc!=SQLITE_OK || (*ppPage)->isInit==0 );
+  return rc;
+}
+
+/*
+** This function is used to add page iPage to the database file free-list. 
+** It is assumed that the page is not already a part of the free-list.
+**
+** The value passed as the second argument to this function is optional.
+** If the caller happens to have a pointer to the MemPage object 
+** corresponding to page iPage handy, it may pass it as the second value. 
+** Otherwise, it may pass NULL.
+**
+** If a pointer to a MemPage object is passed as the second argument,
+** its reference count is not altered by this function.
+*/
+static int freePage2(BtShared *pBt, MemPage *pMemPage, Pgno iPage){
+  MemPage *pTrunk = 0;                /* Free-list trunk page */
+  Pgno iTrunk = 0;                    /* Page number of free-list trunk page */ 
+  MemPage *pPage1 = pBt->pPage1;      /* Local reference to page 1 */
+  MemPage *pPage;                     /* Page being freed. May be NULL. */
+  int rc;                             /* Return Code */
+  int nFree;                          /* Initial number of pages on free-list */
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( CORRUPT_DB || iPage>1 );
+  assert( !pMemPage || pMemPage->pgno==iPage );
+
+  if( iPage<2 ) return SQLITE_CORRUPT_BKPT;
+  if( pMemPage ){
+    pPage = pMemPage;
+    sqlite3PagerRef(pPage->pDbPage);
+  }else{
+    pPage = btreePageLookup(pBt, iPage);
+  }
+
+  /* Increment the free page count on pPage1 */
+  rc = sqlite3PagerWrite(pPage1->pDbPage);
+  if( rc ) goto freepage_out;
+  nFree = get4byte(&pPage1->aData[36]);
+  put4byte(&pPage1->aData[36], nFree+1);
+
+  if( pBt->btsFlags & BTS_SECURE_DELETE ){
+    /* If the secure_delete option is enabled, then
+    ** always fully overwrite deleted information with zeros.
+    */
+    if( (!pPage && ((rc = btreeGetPage(pBt, iPage, &pPage, 0))!=0) )
+     ||            ((rc = sqlite3PagerWrite(pPage->pDbPage))!=0)
+    ){
+      goto freepage_out;
+    }
+    memset(pPage->aData, 0, pPage->pBt->pageSize);
+  }
+
+  /* If the database supports auto-vacuum, write an entry in the pointer-map
+  ** to indicate that the page is free.
+  */
+  if( ISAUTOVACUUM ){
+    ptrmapPut(pBt, iPage, PTRMAP_FREEPAGE, 0, &rc);
+    if( rc ) goto freepage_out;
+  }
+
+  /* Now manipulate the actual database free-list structure. There are two
+  ** possibilities. If the free-list is currently empty, or if the first
+  ** trunk page in the free-list is full, then this page will become a
+  ** new free-list trunk page. Otherwise, it will become a leaf of the
+  ** first trunk page in the current free-list. This block tests if it
+  ** is possible to add the page as a new free-list leaf.
+  */
+  if( nFree!=0 ){
+    u32 nLeaf;                /* Initial number of leaf cells on trunk page */
+
+    iTrunk = get4byte(&pPage1->aData[32]);
+    rc = btreeGetPage(pBt, iTrunk, &pTrunk, 0);
+    if( rc!=SQLITE_OK ){
+      goto freepage_out;
+    }
+
+    nLeaf = get4byte(&pTrunk->aData[4]);
+    assert( pBt->usableSize>32 );
+    if( nLeaf > (u32)pBt->usableSize/4 - 2 ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto freepage_out;
+    }
+    if( nLeaf < (u32)pBt->usableSize/4 - 8 ){
+      /* In this case there is room on the trunk page to insert the page
+      ** being freed as a new leaf.
+      **
+      ** Note that the trunk page is not really full until it contains
+      ** usableSize/4 - 2 entries, not usableSize/4 - 8 entries as we have
+      ** coded.  But due to a coding error in versions of SQLite prior to
+      ** 3.6.0, databases with freelist trunk pages holding more than
+      ** usableSize/4 - 8 entries will be reported as corrupt.  In order
+      ** to maintain backwards compatibility with older versions of SQLite,
+      ** we will continue to restrict the number of entries to usableSize/4 - 8
+      ** for now.  At some point in the future (once everyone has upgraded
+      ** to 3.6.0 or later) we should consider fixing the conditional above
+      ** to read "usableSize/4-2" instead of "usableSize/4-8".
+      **
+      ** EVIDENCE-OF: R-19920-11576 However, newer versions of SQLite still
+      ** avoid using the last six entries in the freelist trunk page array in
+      ** order that database files created by newer versions of SQLite can be
+      ** read by older versions of SQLite.
+      */
+      rc = sqlite3PagerWrite(pTrunk->pDbPage);
+      if( rc==SQLITE_OK ){
+        put4byte(&pTrunk->aData[4], nLeaf+1);
+        put4byte(&pTrunk->aData[8+nLeaf*4], iPage);
+        if( pPage && (pBt->btsFlags & BTS_SECURE_DELETE)==0 ){
+          sqlite3PagerDontWrite(pPage->pDbPage);
+        }
+        rc = btreeSetHasContent(pBt, iPage);
+      }
+      TRACE(("FREE-PAGE: %d leaf on trunk page %d\n",pPage->pgno,pTrunk->pgno));
+      goto freepage_out;
+    }
+  }
+
+  /* If control flows to this point, then it was not possible to add the
+  ** the page being freed as a leaf page of the first trunk in the free-list.
+  ** Possibly because the free-list is empty, or possibly because the 
+  ** first trunk in the free-list is full. Either way, the page being freed
+  ** will become the new first trunk page in the free-list.
+  */
+  if( pPage==0 && SQLITE_OK!=(rc = btreeGetPage(pBt, iPage, &pPage, 0)) ){
+    goto freepage_out;
+  }
+  rc = sqlite3PagerWrite(pPage->pDbPage);
+  if( rc!=SQLITE_OK ){
+    goto freepage_out;
+  }
+  put4byte(pPage->aData, iTrunk);
+  put4byte(&pPage->aData[4], 0);
+  put4byte(&pPage1->aData[32], iPage);
+  TRACE(("FREE-PAGE: %d new trunk page replacing %d\n", pPage->pgno, iTrunk));
+
+freepage_out:
+  if( pPage ){
+    pPage->isInit = 0;
+  }
+  releasePage(pPage);
+  releasePage(pTrunk);
+  return rc;
+}
+static void freePage(MemPage *pPage, int *pRC){
+  if( (*pRC)==SQLITE_OK ){
+    *pRC = freePage2(pPage->pBt, pPage, pPage->pgno);
+  }
+}
+
+/*
+** Free any overflow pages associated with the given Cell.  Write the
+** local Cell size (the number of bytes on the original page, omitting
+** overflow) into *pnSize.
+*/
+static int clearCell(
+  MemPage *pPage,          /* The page that contains the Cell */
+  unsigned char *pCell,    /* First byte of the Cell */
+  u16 *pnSize              /* Write the size of the Cell here */
+){
+  BtShared *pBt = pPage->pBt;
+  CellInfo info;
+  Pgno ovflPgno;
+  int rc;
+  int nOvfl;
+  u32 ovflPageSize;
+
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  pPage->xParseCell(pPage, pCell, &info);
+  *pnSize = info.nSize;
+  if( info.nLocal==info.nPayload ){
+    return SQLITE_OK;  /* No overflow pages. Return without doing anything */
+  }
+  if( pCell+info.nSize-1 > pPage->aData+pPage->maskPage ){
+    return SQLITE_CORRUPT_BKPT;  /* Cell extends past end of page */
+  }
+  ovflPgno = get4byte(pCell + info.nSize - 4);
+  assert( pBt->usableSize > 4 );
+  ovflPageSize = pBt->usableSize - 4;
+  nOvfl = (info.nPayload - info.nLocal + ovflPageSize - 1)/ovflPageSize;
+  assert( nOvfl>0 || 
+    (CORRUPT_DB && (info.nPayload + ovflPageSize)<ovflPageSize)
+  );
+  while( nOvfl-- ){
+    Pgno iNext = 0;
+    MemPage *pOvfl = 0;
+    if( ovflPgno<2 || ovflPgno>btreePagecount(pBt) ){
+      /* 0 is not a legal page number and page 1 cannot be an 
+      ** overflow page. Therefore if ovflPgno<2 or past the end of the 
+      ** file the database must be corrupt. */
+      return SQLITE_CORRUPT_BKPT;
+    }
+    if( nOvfl ){
+      rc = getOverflowPage(pBt, ovflPgno, &pOvfl, &iNext);
+      if( rc ) return rc;
+    }
+
+    if( ( pOvfl || ((pOvfl = btreePageLookup(pBt, ovflPgno))!=0) )
+     && sqlite3PagerPageRefcount(pOvfl->pDbPage)!=1
+    ){
+      /* There is no reason any cursor should have an outstanding reference 
+      ** to an overflow page belonging to a cell that is being deleted/updated.
+      ** So if there exists more than one reference to this page, then it 
+      ** must not really be an overflow page and the database must be corrupt. 
+      ** It is helpful to detect this before calling freePage2(), as 
+      ** freePage2() may zero the page contents if secure-delete mode is
+      ** enabled. If this 'overflow' page happens to be a page that the
+      ** caller is iterating through or using in some other way, this
+      ** can be problematic.
+      */
+      rc = SQLITE_CORRUPT_BKPT;
+    }else{
+      rc = freePage2(pBt, pOvfl, ovflPgno);
+    }
+
+    if( pOvfl ){
+      sqlite3PagerUnref(pOvfl->pDbPage);
+    }
+    if( rc ) return rc;
+    ovflPgno = iNext;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Create the byte sequence used to represent a cell on page pPage
+** and write that byte sequence into pCell[].  Overflow pages are
+** allocated and filled in as necessary.  The calling procedure
+** is responsible for making sure sufficient space has been allocated
+** for pCell[].
+**
+** Note that pCell does not necessary need to point to the pPage->aData
+** area.  pCell might point to some temporary storage.  The cell will
+** be constructed in this temporary area then copied into pPage->aData
+** later.
+*/
+static int fillInCell(
+  MemPage *pPage,                /* The page that contains the cell */
+  unsigned char *pCell,          /* Complete text of the cell */
+  const void *pKey, i64 nKey,    /* The key */
+  const void *pData,int nData,   /* The data */
+  int nZero,                     /* Extra zero bytes to append to pData */
+  int *pnSize                    /* Write cell size here */
+){
+  int nPayload;
+  const u8 *pSrc;
+  int nSrc, n, rc;
+  int spaceLeft;
+  MemPage *pOvfl = 0;
+  MemPage *pToRelease = 0;
+  unsigned char *pPrior;
+  unsigned char *pPayload;
+  BtShared *pBt = pPage->pBt;
+  Pgno pgnoOvfl = 0;
+  int nHeader;
+
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+
+  /* pPage is not necessarily writeable since pCell might be auxiliary
+  ** buffer space that is separate from the pPage buffer area */
+  assert( pCell<pPage->aData || pCell>=&pPage->aData[pBt->pageSize]
+            || sqlite3PagerIswriteable(pPage->pDbPage) );
+
+  /* Fill in the header. */
+  nHeader = pPage->childPtrSize;
+  nPayload = nData + nZero;
+  if( pPage->intKeyLeaf ){
+    nHeader += putVarint32(&pCell[nHeader], nPayload);
+  }else{
+    assert( nData==0 );
+    assert( nZero==0 );
+  }
+  nHeader += putVarint(&pCell[nHeader], *(u64*)&nKey);
+  
+  /* Fill in the payload size */
+  if( pPage->intKey ){
+    pSrc = pData;
+    nSrc = nData;
+    nData = 0;
+  }else{ 
+    assert( nKey<=0x7fffffff && pKey!=0 );
+    nPayload = (int)nKey;
+    pSrc = pKey;
+    nSrc = (int)nKey;
+  }
+  if( nPayload<=pPage->maxLocal ){
+    n = nHeader + nPayload;
+    testcase( n==3 );
+    testcase( n==4 );
+    if( n<4 ) n = 4;
+    *pnSize = n;
+    spaceLeft = nPayload;
+    pPrior = pCell;
+  }else{
+    int mn = pPage->minLocal;
+    n = mn + (nPayload - mn) % (pPage->pBt->usableSize - 4);
+    testcase( n==pPage->maxLocal );
+    testcase( n==pPage->maxLocal+1 );
+    if( n > pPage->maxLocal ) n = mn;
+    spaceLeft = n;
+    *pnSize = n + nHeader + 4;
+    pPrior = &pCell[nHeader+n];
+  }
+  pPayload = &pCell[nHeader];
+
+  /* At this point variables should be set as follows:
+  **
+  **   nPayload           Total payload size in bytes
+  **   pPayload           Begin writing payload here
+  **   spaceLeft          Space available at pPayload.  If nPayload>spaceLeft,
+  **                      that means content must spill into overflow pages.
+  **   *pnSize            Size of the local cell (not counting overflow pages)
+  **   pPrior             Where to write the pgno of the first overflow page
+  **
+  ** Use a call to btreeParseCellPtr() to verify that the values above
+  ** were computed correctly.
+  */
+#if SQLITE_DEBUG
+  {
+    CellInfo info;
+    pPage->xParseCell(pPage, pCell, &info);
+    assert( nHeader=(int)(info.pPayload - pCell) );
+    assert( info.nKey==nKey );
+    assert( *pnSize == info.nSize );
+    assert( spaceLeft == info.nLocal );
+  }
+#endif
+
+  /* Write the payload into the local Cell and any extra into overflow pages */
+  while( nPayload>0 ){
+    if( spaceLeft==0 ){
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      Pgno pgnoPtrmap = pgnoOvfl; /* Overflow page pointer-map entry page */
+      if( pBt->autoVacuum ){
+        do{
+          pgnoOvfl++;
+        } while( 
+          PTRMAP_ISPAGE(pBt, pgnoOvfl) || pgnoOvfl==PENDING_BYTE_PAGE(pBt) 
+        );
+      }
+#endif
+      rc = allocateBtreePage(pBt, &pOvfl, &pgnoOvfl, pgnoOvfl, 0);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      /* If the database supports auto-vacuum, and the second or subsequent
+      ** overflow page is being allocated, add an entry to the pointer-map
+      ** for that page now. 
+      **
+      ** If this is the first overflow page, then write a partial entry 
+      ** to the pointer-map. If we write nothing to this pointer-map slot,
+      ** then the optimistic overflow chain processing in clearCell()
+      ** may misinterpret the uninitialized values and delete the
+      ** wrong pages from the database.
+      */
+      if( pBt->autoVacuum && rc==SQLITE_OK ){
+        u8 eType = (pgnoPtrmap?PTRMAP_OVERFLOW2:PTRMAP_OVERFLOW1);
+        ptrmapPut(pBt, pgnoOvfl, eType, pgnoPtrmap, &rc);
+        if( rc ){
+          releasePage(pOvfl);
+        }
+      }
+#endif
+      if( rc ){
+        releasePage(pToRelease);
+        return rc;
+      }
+
+      /* If pToRelease is not zero than pPrior points into the data area
+      ** of pToRelease.  Make sure pToRelease is still writeable. */
+      assert( pToRelease==0 || sqlite3PagerIswriteable(pToRelease->pDbPage) );
+
+      /* If pPrior is part of the data area of pPage, then make sure pPage
+      ** is still writeable */
+      assert( pPrior<pPage->aData || pPrior>=&pPage->aData[pBt->pageSize]
+            || sqlite3PagerIswriteable(pPage->pDbPage) );
+
+      put4byte(pPrior, pgnoOvfl);
+      releasePage(pToRelease);
+      pToRelease = pOvfl;
+      pPrior = pOvfl->aData;
+      put4byte(pPrior, 0);
+      pPayload = &pOvfl->aData[4];
+      spaceLeft = pBt->usableSize - 4;
+    }
+    n = nPayload;
+    if( n>spaceLeft ) n = spaceLeft;
+
+    /* If pToRelease is not zero than pPayload points into the data area
+    ** of pToRelease.  Make sure pToRelease is still writeable. */
+    assert( pToRelease==0 || sqlite3PagerIswriteable(pToRelease->pDbPage) );
+
+    /* If pPayload is part of the data area of pPage, then make sure pPage
+    ** is still writeable */
+    assert( pPayload<pPage->aData || pPayload>=&pPage->aData[pBt->pageSize]
+            || sqlite3PagerIswriteable(pPage->pDbPage) );
+
+    if( nSrc>0 ){
+      if( n>nSrc ) n = nSrc;
+      assert( pSrc );
+      memcpy(pPayload, pSrc, n);
+    }else{
+      memset(pPayload, 0, n);
+    }
+    nPayload -= n;
+    pPayload += n;
+    pSrc += n;
+    nSrc -= n;
+    spaceLeft -= n;
+    if( nSrc==0 ){
+      nSrc = nData;
+      pSrc = pData;
+    }
+  }
+  releasePage(pToRelease);
+  return SQLITE_OK;
+}
+
+/*
+** Remove the i-th cell from pPage.  This routine effects pPage only.
+** The cell content is not freed or deallocated.  It is assumed that
+** the cell content has been copied someplace else.  This routine just
+** removes the reference to the cell from pPage.
+**
+** "sz" must be the number of bytes in the cell.
+*/
+static void dropCell(MemPage *pPage, int idx, int sz, int *pRC){
+  u32 pc;         /* Offset to cell content of cell being deleted */
+  u8 *data;       /* pPage->aData */
+  u8 *ptr;        /* Used to move bytes around within data[] */
+  int rc;         /* The return code */
+  int hdr;        /* Beginning of the header.  0 most pages.  100 page 1 */
+
+  if( *pRC ) return;
+
+  assert( idx>=0 && idx<pPage->nCell );
+  assert( CORRUPT_DB || sz==cellSize(pPage, idx) );
+  assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  data = pPage->aData;
+  ptr = &pPage->aCellIdx[2*idx];
+  pc = get2byte(ptr);
+  hdr = pPage->hdrOffset;
+  testcase( pc==get2byte(&data[hdr+5]) );
+  testcase( pc+sz==pPage->pBt->usableSize );
+  if( pc < (u32)get2byte(&data[hdr+5]) || pc+sz > pPage->pBt->usableSize ){
+    *pRC = SQLITE_CORRUPT_BKPT;
+    return;
+  }
+  rc = freeSpace(pPage, pc, sz);
+  if( rc ){
+    *pRC = rc;
+    return;
+  }
+  pPage->nCell--;
+  if( pPage->nCell==0 ){
+    memset(&data[hdr+1], 0, 4);
+    data[hdr+7] = 0;
+    put2byte(&data[hdr+5], pPage->pBt->usableSize);
+    pPage->nFree = pPage->pBt->usableSize - pPage->hdrOffset
+                       - pPage->childPtrSize - 8;
+  }else{
+    memmove(ptr, ptr+2, 2*(pPage->nCell - idx));
+    put2byte(&data[hdr+3], pPage->nCell);
+    pPage->nFree += 2;
+  }
+}
+
+/*
+** Insert a new cell on pPage at cell index "i".  pCell points to the
+** content of the cell.
+**
+** If the cell content will fit on the page, then put it there.  If it
+** will not fit, then make a copy of the cell content into pTemp if
+** pTemp is not null.  Regardless of pTemp, allocate a new entry
+** in pPage->apOvfl[] and make it point to the cell content (either
+** in pTemp or the original pCell) and also record its index. 
+** Allocating a new entry in pPage->aCell[] implies that 
+** pPage->nOverflow is incremented.
+*/
+static void insertCell(
+  MemPage *pPage,   /* Page into which we are copying */
+  int i,            /* New cell becomes the i-th cell of the page */
+  u8 *pCell,        /* Content of the new cell */
+  int sz,           /* Bytes of content in pCell */
+  u8 *pTemp,        /* Temp storage space for pCell, if needed */
+  Pgno iChild,      /* If non-zero, replace first 4 bytes with this value */
+  int *pRC          /* Read and write return code from here */
+){
+  int idx = 0;      /* Where to write new cell content in data[] */
+  int j;            /* Loop counter */
+  u8 *data;         /* The content of the whole page */
+  u8 *pIns;         /* The point in pPage->aCellIdx[] where no cell inserted */
+
+  if( *pRC ) return;
+
+  assert( i>=0 && i<=pPage->nCell+pPage->nOverflow );
+  assert( MX_CELL(pPage->pBt)<=10921 );
+  assert( pPage->nCell<=MX_CELL(pPage->pBt) || CORRUPT_DB );
+  assert( pPage->nOverflow<=ArraySize(pPage->apOvfl) );
+  assert( ArraySize(pPage->apOvfl)==ArraySize(pPage->aiOvfl) );
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  /* The cell should normally be sized correctly.  However, when moving a
+  ** malformed cell from a leaf page to an interior page, if the cell size
+  ** wanted to be less than 4 but got rounded up to 4 on the leaf, then size
+  ** might be less than 8 (leaf-size + pointer) on the interior node.  Hence
+  ** the term after the || in the following assert(). */
+  assert( sz==pPage->xCellSize(pPage, pCell) || (sz==8 && iChild>0) );
+  if( pPage->nOverflow || sz+2>pPage->nFree ){
+    if( pTemp ){
+      memcpy(pTemp, pCell, sz);
+      pCell = pTemp;
+    }
+    if( iChild ){
+      put4byte(pCell, iChild);
+    }
+    j = pPage->nOverflow++;
+    assert( j<(int)(sizeof(pPage->apOvfl)/sizeof(pPage->apOvfl[0])) );
+    pPage->apOvfl[j] = pCell;
+    pPage->aiOvfl[j] = (u16)i;
+
+    /* When multiple overflows occur, they are always sequential and in
+    ** sorted order.  This invariants arise because multiple overflows can
+    ** only occur when inserting divider cells into the parent page during
+    ** balancing, and the dividers are adjacent and sorted.
+    */
+    assert( j==0 || pPage->aiOvfl[j-1]<(u16)i ); /* Overflows in sorted order */
+    assert( j==0 || i==pPage->aiOvfl[j-1]+1 );   /* Overflows are sequential */
+  }else{
+    int rc = sqlite3PagerWrite(pPage->pDbPage);
+    if( rc!=SQLITE_OK ){
+      *pRC = rc;
+      return;
+    }
+    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
+    data = pPage->aData;
+    assert( &data[pPage->cellOffset]==pPage->aCellIdx );
+    rc = allocateSpace(pPage, sz, &idx);
+    if( rc ){ *pRC = rc; return; }
+    /* The allocateSpace() routine guarantees the following properties
+    ** if it returns successfully */
+    assert( idx >= 0 );
+    assert( idx >= pPage->cellOffset+2*pPage->nCell+2 || CORRUPT_DB );
+    assert( idx+sz <= (int)pPage->pBt->usableSize );
+    pPage->nFree -= (u16)(2 + sz);
+    memcpy(&data[idx], pCell, sz);
+    if( iChild ){
+      put4byte(&data[idx], iChild);
+    }
+    pIns = pPage->aCellIdx + i*2;
+    memmove(pIns+2, pIns, 2*(pPage->nCell - i));
+    put2byte(pIns, idx);
+    pPage->nCell++;
+    /* increment the cell count */
+    if( (++data[pPage->hdrOffset+4])==0 ) data[pPage->hdrOffset+3]++;
+    assert( get2byte(&data[pPage->hdrOffset+3])==pPage->nCell );
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( pPage->pBt->autoVacuum ){
+      /* The cell may contain a pointer to an overflow page. If so, write
+      ** the entry for the overflow page into the pointer map.
+      */
+      ptrmapPutOvflPtr(pPage, pCell, pRC);
+    }
+#endif
+  }
+}
+
+/*
+** A CellArray object contains a cache of pointers and sizes for a
+** consecutive sequence of cells that might be held multiple pages.
+*/
+typedef struct CellArray CellArray;
+struct CellArray {
+  int nCell;              /* Number of cells in apCell[] */
+  MemPage *pRef;          /* Reference page */
+  u8 **apCell;            /* All cells begin balanced */
+  u16 *szCell;            /* Local size of all cells in apCell[] */
+};
+
+/*
+** Make sure the cell sizes at idx, idx+1, ..., idx+N-1 have been
+** computed.
+*/
+static void populateCellCache(CellArray *p, int idx, int N){
+  assert( idx>=0 && idx+N<=p->nCell );
+  while( N>0 ){
+    assert( p->apCell[idx]!=0 );
+    if( p->szCell[idx]==0 ){
+      p->szCell[idx] = p->pRef->xCellSize(p->pRef, p->apCell[idx]);
+    }else{
+      assert( CORRUPT_DB ||
+              p->szCell[idx]==p->pRef->xCellSize(p->pRef, p->apCell[idx]) );
+    }
+    idx++;
+    N--;
+  }
+}
+
+/*
+** Return the size of the Nth element of the cell array
+*/
+static SQLITE_NOINLINE u16 computeCellSize(CellArray *p, int N){
+  assert( N>=0 && N<p->nCell );
+  assert( p->szCell[N]==0 );
+  p->szCell[N] = p->pRef->xCellSize(p->pRef, p->apCell[N]);
+  return p->szCell[N];
+}
+static u16 cachedCellSize(CellArray *p, int N){
+  assert( N>=0 && N<p->nCell );
+  if( p->szCell[N] ) return p->szCell[N];
+  return computeCellSize(p, N);
+}
+
+/*
+** Array apCell[] contains pointers to nCell b-tree page cells. The 
+** szCell[] array contains the size in bytes of each cell. This function
+** replaces the current contents of page pPg with the contents of the cell
+** array.
+**
+** Some of the cells in apCell[] may currently be stored in pPg. This
+** function works around problems caused by this by making a copy of any 
+** such cells before overwriting the page data.
+**
+** The MemPage.nFree field is invalidated by this function. It is the 
+** responsibility of the caller to set it correctly.
+*/
+static int rebuildPage(
+  MemPage *pPg,                   /* Edit this page */
+  int nCell,                      /* Final number of cells on page */
+  u8 **apCell,                    /* Array of cells */
+  u16 *szCell                     /* Array of cell sizes */
+){
+  const int hdr = pPg->hdrOffset;          /* Offset of header on pPg */
+  u8 * const aData = pPg->aData;           /* Pointer to data for pPg */
+  const int usableSize = pPg->pBt->usableSize;
+  u8 * const pEnd = &aData[usableSize];
+  int i;
+  u8 *pCellptr = pPg->aCellIdx;
+  u8 *pTmp = sqlite3PagerTempSpace(pPg->pBt->pPager);
+  u8 *pData;
+
+  i = get2byte(&aData[hdr+5]);
+  memcpy(&pTmp[i], &aData[i], usableSize - i);
+
+  pData = pEnd;
+  for(i=0; i<nCell; i++){
+    u8 *pCell = apCell[i];
+    if( SQLITE_WITHIN(pCell,aData,pEnd) ){
+      pCell = &pTmp[pCell - aData];
+    }
+    pData -= szCell[i];
+    put2byte(pCellptr, (pData - aData));
+    pCellptr += 2;
+    if( pData < pCellptr ) return SQLITE_CORRUPT_BKPT;
+    memcpy(pData, pCell, szCell[i]);
+    assert( szCell[i]==pPg->xCellSize(pPg, pCell) || CORRUPT_DB );
+    testcase( szCell[i]!=pPg->xCellSize(pPg,pCell) );
+  }
+
+  /* The pPg->nFree field is now set incorrectly. The caller will fix it. */
+  pPg->nCell = nCell;
+  pPg->nOverflow = 0;
+
+  put2byte(&aData[hdr+1], 0);
+  put2byte(&aData[hdr+3], pPg->nCell);
+  put2byte(&aData[hdr+5], pData - aData);
+  aData[hdr+7] = 0x00;
+  return SQLITE_OK;
+}
+
+/*
+** Array apCell[] contains nCell pointers to b-tree cells. Array szCell
+** contains the size in bytes of each such cell. This function attempts to 
+** add the cells stored in the array to page pPg. If it cannot (because 
+** the page needs to be defragmented before the cells will fit), non-zero
+** is returned. Otherwise, if the cells are added successfully, zero is
+** returned.
+**
+** Argument pCellptr points to the first entry in the cell-pointer array
+** (part of page pPg) to populate. After cell apCell[0] is written to the
+** page body, a 16-bit offset is written to pCellptr. And so on, for each
+** cell in the array. It is the responsibility of the caller to ensure
+** that it is safe to overwrite this part of the cell-pointer array.
+**
+** When this function is called, *ppData points to the start of the 
+** content area on page pPg. If the size of the content area is extended,
+** *ppData is updated to point to the new start of the content area
+** before returning.
+**
+** Finally, argument pBegin points to the byte immediately following the
+** end of the space required by this page for the cell-pointer area (for
+** all cells - not just those inserted by the current call). If the content
+** area must be extended to before this point in order to accomodate all
+** cells in apCell[], then the cells do not fit and non-zero is returned.
+*/
+static int pageInsertArray(
+  MemPage *pPg,                   /* Page to add cells to */
+  u8 *pBegin,                     /* End of cell-pointer array */
+  u8 **ppData,                    /* IN/OUT: Page content -area pointer */
+  u8 *pCellptr,                   /* Pointer to cell-pointer area */
+  int iFirst,                     /* Index of first cell to add */
+  int nCell,                      /* Number of cells to add to pPg */
+  CellArray *pCArray              /* Array of cells */
+){
+  int i;
+  u8 *aData = pPg->aData;
+  u8 *pData = *ppData;
+  int iEnd = iFirst + nCell;
+  assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
+  for(i=iFirst; i<iEnd; i++){
+    int sz, rc;
+    u8 *pSlot;
+    sz = cachedCellSize(pCArray, i);
+    if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
+      pData -= sz;
+      if( pData<pBegin ) return 1;
+      pSlot = pData;
+    }
+    /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
+    ** database.  But they might for a corrupt database.  Hence use memmove()
+    ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
+    assert( (pSlot+sz)<=pCArray->apCell[i]
+         || pSlot>=(pCArray->apCell[i]+sz)
+         || CORRUPT_DB );
+    memmove(pSlot, pCArray->apCell[i], sz);
+    put2byte(pCellptr, (pSlot - aData));
+    pCellptr += 2;
+  }
+  *ppData = pData;
+  return 0;
+}
+
+/*
+** Array apCell[] contains nCell pointers to b-tree cells. Array szCell 
+** contains the size in bytes of each such cell. This function adds the
+** space associated with each cell in the array that is currently stored 
+** within the body of pPg to the pPg free-list. The cell-pointers and other
+** fields of the page are not updated.
+**
+** This function returns the total number of cells added to the free-list.
+*/
+static int pageFreeArray(
+  MemPage *pPg,                   /* Page to edit */
+  int iFirst,                     /* First cell to delete */
+  int nCell,                      /* Cells to delete */
+  CellArray *pCArray              /* Array of cells */
+){
+  u8 * const aData = pPg->aData;
+  u8 * const pEnd = &aData[pPg->pBt->usableSize];
+  u8 * const pStart = &aData[pPg->hdrOffset + 8 + pPg->childPtrSize];
+  int nRet = 0;
+  int i;
+  int iEnd = iFirst + nCell;
+  u8 *pFree = 0;
+  int szFree = 0;
+
+  for(i=iFirst; i<iEnd; i++){
+    u8 *pCell = pCArray->apCell[i];
+    if( SQLITE_WITHIN(pCell, pStart, pEnd) ){
+      int sz;
+      /* No need to use cachedCellSize() here.  The sizes of all cells that
+      ** are to be freed have already been computing while deciding which
+      ** cells need freeing */
+      sz = pCArray->szCell[i];  assert( sz>0 );
+      if( pFree!=(pCell + sz) ){
+        if( pFree ){
+          assert( pFree>aData && (pFree - aData)<65536 );
+          freeSpace(pPg, (u16)(pFree - aData), szFree);
+        }
+        pFree = pCell;
+        szFree = sz;
+        if( pFree+sz>pEnd ) return 0;
+      }else{
+        pFree = pCell;
+        szFree += sz;
+      }
+      nRet++;
+    }
+  }
+  if( pFree ){
+    assert( pFree>aData && (pFree - aData)<65536 );
+    freeSpace(pPg, (u16)(pFree - aData), szFree);
+  }
+  return nRet;
+}
+
+/*
+** apCell[] and szCell[] contains pointers to and sizes of all cells in the
+** pages being balanced.  The current page, pPg, has pPg->nCell cells starting
+** with apCell[iOld].  After balancing, this page should hold nNew cells
+** starting at apCell[iNew].
+**
+** This routine makes the necessary adjustments to pPg so that it contains
+** the correct cells after being balanced.
+**
+** The pPg->nFree field is invalid when this function returns. It is the
+** responsibility of the caller to set it correctly.
+*/
+static int editPage(
+  MemPage *pPg,                   /* Edit this page */
+  int iOld,                       /* Index of first cell currently on page */
+  int iNew,                       /* Index of new first cell on page */
+  int nNew,                       /* Final number of cells on page */
+  CellArray *pCArray              /* Array of cells and sizes */
+){
+  u8 * const aData = pPg->aData;
+  const int hdr = pPg->hdrOffset;
+  u8 *pBegin = &pPg->aCellIdx[nNew * 2];
+  int nCell = pPg->nCell;       /* Cells stored on pPg */
+  u8 *pData;
+  u8 *pCellptr;
+  int i;
+  int iOldEnd = iOld + pPg->nCell + pPg->nOverflow;
+  int iNewEnd = iNew + nNew;
+
+#ifdef SQLITE_DEBUG
+  u8 *pTmp = sqlite3PagerTempSpace(pPg->pBt->pPager);
+  memcpy(pTmp, aData, pPg->pBt->usableSize);
+#endif
+
+  /* Remove cells from the start and end of the page */
+  if( iOld<iNew ){
+    int nShift = pageFreeArray(pPg, iOld, iNew-iOld, pCArray);
+    memmove(pPg->aCellIdx, &pPg->aCellIdx[nShift*2], nCell*2);
+    nCell -= nShift;
+  }
+  if( iNewEnd < iOldEnd ){
+    nCell -= pageFreeArray(pPg, iNewEnd, iOldEnd - iNewEnd, pCArray);
+  }
+
+  pData = &aData[get2byteNotZero(&aData[hdr+5])];
+  if( pData<pBegin ) goto editpage_fail;
+
+  /* Add cells to the start of the page */
+  if( iNew<iOld ){
+    int nAdd = MIN(nNew,iOld-iNew);
+    assert( (iOld-iNew)<nNew || nCell==0 || CORRUPT_DB );
+    pCellptr = pPg->aCellIdx;
+    memmove(&pCellptr[nAdd*2], pCellptr, nCell*2);
+    if( pageInsertArray(
+          pPg, pBegin, &pData, pCellptr,
+          iNew, nAdd, pCArray
+    ) ) goto editpage_fail;
+    nCell += nAdd;
+  }
+
+  /* Add any overflow cells */
+  for(i=0; i<pPg->nOverflow; i++){
+    int iCell = (iOld + pPg->aiOvfl[i]) - iNew;
+    if( iCell>=0 && iCell<nNew ){
+      pCellptr = &pPg->aCellIdx[iCell * 2];
+      memmove(&pCellptr[2], pCellptr, (nCell - iCell) * 2);
+      nCell++;
+      if( pageInsertArray(
+            pPg, pBegin, &pData, pCellptr,
+            iCell+iNew, 1, pCArray
+      ) ) goto editpage_fail;
+    }
+  }
+
+  /* Append cells to the end of the page */
+  pCellptr = &pPg->aCellIdx[nCell*2];
+  if( pageInsertArray(
+        pPg, pBegin, &pData, pCellptr,
+        iNew+nCell, nNew-nCell, pCArray
+  ) ) goto editpage_fail;
+
+  pPg->nCell = nNew;
+  pPg->nOverflow = 0;
+
+  put2byte(&aData[hdr+3], pPg->nCell);
+  put2byte(&aData[hdr+5], pData - aData);
+
+#ifdef SQLITE_DEBUG
+  for(i=0; i<nNew && !CORRUPT_DB; i++){
+    u8 *pCell = pCArray->apCell[i+iNew];
+    int iOff = get2byteAligned(&pPg->aCellIdx[i*2]);
+    if( pCell>=aData && pCell<&aData[pPg->pBt->usableSize] ){
+      pCell = &pTmp[pCell - aData];
+    }
+    assert( 0==memcmp(pCell, &aData[iOff],
+            pCArray->pRef->xCellSize(pCArray->pRef, pCArray->apCell[i+iNew])) );
+  }
+#endif
+
+  return SQLITE_OK;
+ editpage_fail:
+  /* Unable to edit this page. Rebuild it from scratch instead. */
+  populateCellCache(pCArray, iNew, nNew);
+  return rebuildPage(pPg, nNew, &pCArray->apCell[iNew], &pCArray->szCell[iNew]);
+}
+
+/*
+** The following parameters determine how many adjacent pages get involved
+** in a balancing operation.  NN is the number of neighbors on either side
+** of the page that participate in the balancing operation.  NB is the
+** total number of pages that participate, including the target page and
+** NN neighbors on either side.
+**
+** The minimum value of NN is 1 (of course).  Increasing NN above 1
+** (to 2 or 3) gives a modest improvement in SELECT and DELETE performance
+** in exchange for a larger degradation in INSERT and UPDATE performance.
+** The value of NN appears to give the best results overall.
+*/
+#define NN 1             /* Number of neighbors on either side of pPage */
+#define NB (NN*2+1)      /* Total pages involved in the balance */
+
+
+#ifndef SQLITE_OMIT_QUICKBALANCE
+/*
+** This version of balance() handles the common special case where
+** a new entry is being inserted on the extreme right-end of the
+** tree, in other words, when the new entry will become the largest
+** entry in the tree.
+**
+** Instead of trying to balance the 3 right-most leaf pages, just add
+** a new page to the right-hand side and put the one new entry in
+** that page.  This leaves the right side of the tree somewhat
+** unbalanced.  But odds are that we will be inserting new entries
+** at the end soon afterwards so the nearly empty page will quickly
+** fill up.  On average.
+**
+** pPage is the leaf page which is the right-most page in the tree.
+** pParent is its parent.  pPage must have a single overflow entry
+** which is also the right-most entry on the page.
+**
+** The pSpace buffer is used to store a temporary copy of the divider
+** cell that will be inserted into pParent. Such a cell consists of a 4
+** byte page number followed by a variable length integer. In other
+** words, at most 13 bytes. Hence the pSpace buffer must be at
+** least 13 bytes in size.
+*/
+static int balance_quick(MemPage *pParent, MemPage *pPage, u8 *pSpace){
+  BtShared *const pBt = pPage->pBt;    /* B-Tree Database */
+  MemPage *pNew;                       /* Newly allocated page */
+  int rc;                              /* Return Code */
+  Pgno pgnoNew;                        /* Page number of pNew */
+
+  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
+  assert( sqlite3PagerIswriteable(pParent->pDbPage) );
+  assert( pPage->nOverflow==1 );
+
+  /* This error condition is now caught prior to reaching this function */
+  if( NEVER(pPage->nCell==0) ) return SQLITE_CORRUPT_BKPT;
+
+  /* Allocate a new page. This page will become the right-sibling of 
+  ** pPage. Make the parent page writable, so that the new divider cell
+  ** may be inserted. If both these operations are successful, proceed.
+  */
+  rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0);
+
+  if( rc==SQLITE_OK ){
+
+    u8 *pOut = &pSpace[4];
+    u8 *pCell = pPage->apOvfl[0];
+    u16 szCell = pPage->xCellSize(pPage, pCell);
+    u8 *pStop;
+
+    assert( sqlite3PagerIswriteable(pNew->pDbPage) );
+    assert( pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
+    zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
+    rc = rebuildPage(pNew, 1, &pCell, &szCell);
+    if( NEVER(rc) ) return rc;
+    pNew->nFree = pBt->usableSize - pNew->cellOffset - 2 - szCell;
+
+    /* If this is an auto-vacuum database, update the pointer map
+    ** with entries for the new page, and any pointer from the 
+    ** cell on the page to an overflow page. If either of these
+    ** operations fails, the return code is set, but the contents
+    ** of the parent page are still manipulated by thh code below.
+    ** That is Ok, at this point the parent page is guaranteed to
+    ** be marked as dirty. Returning an error code will cause a
+    ** rollback, undoing any changes made to the parent page.
+    */
+    if( ISAUTOVACUUM ){
+      ptrmapPut(pBt, pgnoNew, PTRMAP_BTREE, pParent->pgno, &rc);
+      if( szCell>pNew->minLocal ){
+        ptrmapPutOvflPtr(pNew, pCell, &rc);
+      }
+    }
+  
+    /* Create a divider cell to insert into pParent. The divider cell
+    ** consists of a 4-byte page number (the page number of pPage) and
+    ** a variable length key value (which must be the same value as the
+    ** largest key on pPage).
+    **
+    ** To find the largest key value on pPage, first find the right-most 
+    ** cell on pPage. The first two fields of this cell are the 
+    ** record-length (a variable length integer at most 32-bits in size)
+    ** and the key value (a variable length integer, may have any value).
+    ** The first of the while(...) loops below skips over the record-length
+    ** field. The second while(...) loop copies the key value from the
+    ** cell on pPage into the pSpace buffer.
+    */
+    pCell = findCell(pPage, pPage->nCell-1);
+    pStop = &pCell[9];
+    while( (*(pCell++)&0x80) && pCell<pStop );
+    pStop = &pCell[9];
+    while( ((*(pOut++) = *(pCell++))&0x80) && pCell<pStop );
+
+    /* Insert the new divider cell into pParent. */
+    insertCell(pParent, pParent->nCell, pSpace, (int)(pOut-pSpace),
+               0, pPage->pgno, &rc);
+
+    /* Set the right-child pointer of pParent to point to the new page. */
+    put4byte(&pParent->aData[pParent->hdrOffset+8], pgnoNew);
+  
+    /* Release the reference to the new page. */
+    releasePage(pNew);
+  }
+
+  return rc;
+}
+#endif /* SQLITE_OMIT_QUICKBALANCE */
+
+#if 0
+/*
+** This function does not contribute anything to the operation of SQLite.
+** it is sometimes activated temporarily while debugging code responsible 
+** for setting pointer-map entries.
+*/
+static int ptrmapCheckPages(MemPage **apPage, int nPage){
+  int i, j;
+  for(i=0; i<nPage; i++){
+    Pgno n;
+    u8 e;
+    MemPage *pPage = apPage[i];
+    BtShared *pBt = pPage->pBt;
+    assert( pPage->isInit );
+
+    for(j=0; j<pPage->nCell; j++){
+      CellInfo info;
+      u8 *z;
+     
+      z = findCell(pPage, j);
+      pPage->xParseCell(pPage, z, &info);
+      if( info.nLocal<info.nPayload ){
+        Pgno ovfl = get4byte(&z[info.nSize-4]);
+        ptrmapGet(pBt, ovfl, &e, &n);
+        assert( n==pPage->pgno && e==PTRMAP_OVERFLOW1 );
+      }
+      if( !pPage->leaf ){
+        Pgno child = get4byte(z);
+        ptrmapGet(pBt, child, &e, &n);
+        assert( n==pPage->pgno && e==PTRMAP_BTREE );
+      }
+    }
+    if( !pPage->leaf ){
+      Pgno child = get4byte(&pPage->aData[pPage->hdrOffset+8]);
+      ptrmapGet(pBt, child, &e, &n);
+      assert( n==pPage->pgno && e==PTRMAP_BTREE );
+    }
+  }
+  return 1;
+}
+#endif
+
+/*
+** This function is used to copy the contents of the b-tree node stored 
+** on page pFrom to page pTo. If page pFrom was not a leaf page, then
+** the pointer-map entries for each child page are updated so that the
+** parent page stored in the pointer map is page pTo. If pFrom contained
+** any cells with overflow page pointers, then the corresponding pointer
+** map entries are also updated so that the parent page is page pTo.
+**
+** If pFrom is currently carrying any overflow cells (entries in the
+** MemPage.apOvfl[] array), they are not copied to pTo. 
+**
+** Before returning, page pTo is reinitialized using btreeInitPage().
+**
+** The performance of this function is not critical. It is only used by 
+** the balance_shallower() and balance_deeper() procedures, neither of
+** which are called often under normal circumstances.
+*/
+static void copyNodeContent(MemPage *pFrom, MemPage *pTo, int *pRC){
+  if( (*pRC)==SQLITE_OK ){
+    BtShared * const pBt = pFrom->pBt;
+    u8 * const aFrom = pFrom->aData;
+    u8 * const aTo = pTo->aData;
+    int const iFromHdr = pFrom->hdrOffset;
+    int const iToHdr = ((pTo->pgno==1) ? 100 : 0);
+    int rc;
+    int iData;
+  
+  
+    assert( pFrom->isInit );
+    assert( pFrom->nFree>=iToHdr );
+    assert( get2byte(&aFrom[iFromHdr+5]) <= (int)pBt->usableSize );
+  
+    /* Copy the b-tree node content from page pFrom to page pTo. */
+    iData = get2byte(&aFrom[iFromHdr+5]);
+    memcpy(&aTo[iData], &aFrom[iData], pBt->usableSize-iData);
+    memcpy(&aTo[iToHdr], &aFrom[iFromHdr], pFrom->cellOffset + 2*pFrom->nCell);
+  
+    /* Reinitialize page pTo so that the contents of the MemPage structure
+    ** match the new data. The initialization of pTo can actually fail under
+    ** fairly obscure circumstances, even though it is a copy of initialized 
+    ** page pFrom.
+    */
+    pTo->isInit = 0;
+    rc = btreeInitPage(pTo);
+    if( rc!=SQLITE_OK ){
+      *pRC = rc;
+      return;
+    }
+  
+    /* If this is an auto-vacuum database, update the pointer-map entries
+    ** for any b-tree or overflow pages that pTo now contains the pointers to.
+    */
+    if( ISAUTOVACUUM ){
+      *pRC = setChildPtrmaps(pTo);
+    }
+  }
+}
+
+/*
+** This routine redistributes cells on the iParentIdx'th child of pParent
+** (hereafter "the page") and up to 2 siblings so that all pages have about the
+** same amount of free space. Usually a single sibling on either side of the
+** page are used in the balancing, though both siblings might come from one
+** side if the page is the first or last child of its parent. If the page 
+** has fewer than 2 siblings (something which can only happen if the page
+** is a root page or a child of a root page) then all available siblings
+** participate in the balancing.
+**
+** The number of siblings of the page might be increased or decreased by 
+** one or two in an effort to keep pages nearly full but not over full. 
+**
+** Note that when this routine is called, some of the cells on the page
+** might not actually be stored in MemPage.aData[]. This can happen
+** if the page is overfull. This routine ensures that all cells allocated
+** to the page and its siblings fit into MemPage.aData[] before returning.
+**
+** In the course of balancing the page and its siblings, cells may be
+** inserted into or removed from the parent page (pParent). Doing so
+** may cause the parent page to become overfull or underfull. If this
+** happens, it is the responsibility of the caller to invoke the correct
+** balancing routine to fix this problem (see the balance() routine). 
+**
+** If this routine fails for any reason, it might leave the database
+** in a corrupted state. So if this routine fails, the database should
+** be rolled back.
+**
+** The third argument to this function, aOvflSpace, is a pointer to a
+** buffer big enough to hold one page. If while inserting cells into the parent
+** page (pParent) the parent page becomes overfull, this buffer is
+** used to store the parent's overflow cells. Because this function inserts
+** a maximum of four divider cells into the parent page, and the maximum
+** size of a cell stored within an internal node is always less than 1/4
+** of the page-size, the aOvflSpace[] buffer is guaranteed to be large
+** enough for all overflow cells.
+**
+** If aOvflSpace is set to a null pointer, this function returns 
+** SQLITE_NOMEM.
+*/
+static int balance_nonroot(
+  MemPage *pParent,               /* Parent page of siblings being balanced */
+  int iParentIdx,                 /* Index of "the page" in pParent */
+  u8 *aOvflSpace,                 /* page-size bytes of space for parent ovfl */
+  int isRoot,                     /* True if pParent is a root-page */
+  int bBulk                       /* True if this call is part of a bulk load */
+){
+  BtShared *pBt;               /* The whole database */
+  int nMaxCells = 0;           /* Allocated size of apCell, szCell, aFrom. */
+  int nNew = 0;                /* Number of pages in apNew[] */
+  int nOld;                    /* Number of pages in apOld[] */
+  int i, j, k;                 /* Loop counters */
+  int nxDiv;                   /* Next divider slot in pParent->aCell[] */
+  int rc = SQLITE_OK;          /* The return code */
+  u16 leafCorrection;          /* 4 if pPage is a leaf.  0 if not */
+  int leafData;                /* True if pPage is a leaf of a LEAFDATA tree */
+  int usableSpace;             /* Bytes in pPage beyond the header */
+  int pageFlags;               /* Value of pPage->aData[0] */
+  int iSpace1 = 0;             /* First unused byte of aSpace1[] */
+  int iOvflSpace = 0;          /* First unused byte of aOvflSpace[] */
+  int szScratch;               /* Size of scratch memory requested */
+  MemPage *apOld[NB];          /* pPage and up to two siblings */
+  MemPage *apNew[NB+2];        /* pPage and up to NB siblings after balancing */
+  u8 *pRight;                  /* Location in parent of right-sibling pointer */
+  u8 *apDiv[NB-1];             /* Divider cells in pParent */
+  int cntNew[NB+2];            /* Index in b.paCell[] of cell after i-th page */
+  int cntOld[NB+2];            /* Old index in b.apCell[] */
+  int szNew[NB+2];             /* Combined size of cells placed on i-th page */
+  u8 *aSpace1;                 /* Space for copies of dividers cells */
+  Pgno pgno;                   /* Temp var to store a page number in */
+  u8 abDone[NB+2];             /* True after i'th new page is populated */
+  Pgno aPgno[NB+2];            /* Page numbers of new pages before shuffling */
+  Pgno aPgOrder[NB+2];         /* Copy of aPgno[] used for sorting pages */
+  u16 aPgFlags[NB+2];          /* flags field of new pages before shuffling */
+  CellArray b;                  /* Parsed information on cells being balanced */
+
+  memset(abDone, 0, sizeof(abDone));
+  b.nCell = 0;
+  b.apCell = 0;
+  pBt = pParent->pBt;
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  assert( sqlite3PagerIswriteable(pParent->pDbPage) );
+
+#if 0
+  TRACE(("BALANCE: begin page %d child of %d\n", pPage->pgno, pParent->pgno));
+#endif
+
+  /* At this point pParent may have at most one overflow cell. And if
+  ** this overflow cell is present, it must be the cell with 
+  ** index iParentIdx. This scenario comes about when this function
+  ** is called (indirectly) from sqlite3BtreeDelete().
+  */
+  assert( pParent->nOverflow==0 || pParent->nOverflow==1 );
+  assert( pParent->nOverflow==0 || pParent->aiOvfl[0]==iParentIdx );
+
+  if( !aOvflSpace ){
+    return SQLITE_NOMEM;
+  }
+
+  /* Find the sibling pages to balance. Also locate the cells in pParent 
+  ** that divide the siblings. An attempt is made to find NN siblings on 
+  ** either side of pPage. More siblings are taken from one side, however, 
+  ** if there are fewer than NN siblings on the other side. If pParent
+  ** has NB or fewer children then all children of pParent are taken.  
+  **
+  ** This loop also drops the divider cells from the parent page. This
+  ** way, the remainder of the function does not have to deal with any
+  ** overflow cells in the parent page, since if any existed they will
+  ** have already been removed.
+  */
+  i = pParent->nOverflow + pParent->nCell;
+  if( i<2 ){
+    nxDiv = 0;
+  }else{
+    assert( bBulk==0 || bBulk==1 );
+    if( iParentIdx==0 ){                 
+      nxDiv = 0;
+    }else if( iParentIdx==i ){
+      nxDiv = i-2+bBulk;
+    }else{
+      nxDiv = iParentIdx-1;
+    }
+    i = 2-bBulk;
+  }
+  nOld = i+1;
+  if( (i+nxDiv-pParent->nOverflow)==pParent->nCell ){
+    pRight = &pParent->aData[pParent->hdrOffset+8];
+  }else{
+    pRight = findCell(pParent, i+nxDiv-pParent->nOverflow);
+  }
+  pgno = get4byte(pRight);
+  while( 1 ){
+    rc = getAndInitPage(pBt, pgno, &apOld[i], 0, 0);
+    if( rc ){
+      memset(apOld, 0, (i+1)*sizeof(MemPage*));
+      goto balance_cleanup;
+    }
+    nMaxCells += 1+apOld[i]->nCell+apOld[i]->nOverflow;
+    if( (i--)==0 ) break;
+
+    if( i+nxDiv==pParent->aiOvfl[0] && pParent->nOverflow ){
+      apDiv[i] = pParent->apOvfl[0];
+      pgno = get4byte(apDiv[i]);
+      szNew[i] = pParent->xCellSize(pParent, apDiv[i]);
+      pParent->nOverflow = 0;
+    }else{
+      apDiv[i] = findCell(pParent, i+nxDiv-pParent->nOverflow);
+      pgno = get4byte(apDiv[i]);
+      szNew[i] = pParent->xCellSize(pParent, apDiv[i]);
+
+      /* Drop the cell from the parent page. apDiv[i] still points to
+      ** the cell within the parent, even though it has been dropped.
+      ** This is safe because dropping a cell only overwrites the first
+      ** four bytes of it, and this function does not need the first
+      ** four bytes of the divider cell. So the pointer is safe to use
+      ** later on.  
+      **
+      ** But not if we are in secure-delete mode. In secure-delete mode,
+      ** the dropCell() routine will overwrite the entire cell with zeroes.
+      ** In this case, temporarily copy the cell into the aOvflSpace[]
+      ** buffer. It will be copied out again as soon as the aSpace[] buffer
+      ** is allocated.  */
+      if( pBt->btsFlags & BTS_SECURE_DELETE ){
+        int iOff;
+
+        iOff = SQLITE_PTR_TO_INT(apDiv[i]) - SQLITE_PTR_TO_INT(pParent->aData);
+        if( (iOff+szNew[i])>(int)pBt->usableSize ){
+          rc = SQLITE_CORRUPT_BKPT;
+          memset(apOld, 0, (i+1)*sizeof(MemPage*));
+          goto balance_cleanup;
+        }else{
+          memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]);
+          apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData];
+        }
+      }
+      dropCell(pParent, i+nxDiv-pParent->nOverflow, szNew[i], &rc);
+    }
+  }
+
+  /* Make nMaxCells a multiple of 4 in order to preserve 8-byte
+  ** alignment */
+  nMaxCells = (nMaxCells + 3)&~3;
+
+  /*
+  ** Allocate space for memory structures
+  */
+  szScratch =
+       nMaxCells*sizeof(u8*)                       /* b.apCell */
+     + nMaxCells*sizeof(u16)                       /* b.szCell */
+     + pBt->pageSize;                              /* aSpace1 */
+
+  /* EVIDENCE-OF: R-28375-38319 SQLite will never request a scratch buffer
+  ** that is more than 6 times the database page size. */
+  assert( szScratch<=6*(int)pBt->pageSize );
+  b.apCell = sqlite3ScratchMalloc( szScratch ); 
+  if( b.apCell==0 ){
+    rc = SQLITE_NOMEM;
+    goto balance_cleanup;
+  }
+  b.szCell = (u16*)&b.apCell[nMaxCells];
+  aSpace1 = (u8*)&b.szCell[nMaxCells];
+  assert( EIGHT_BYTE_ALIGNMENT(aSpace1) );
+
+  /*
+  ** Load pointers to all cells on sibling pages and the divider cells
+  ** into the local b.apCell[] array.  Make copies of the divider cells
+  ** into space obtained from aSpace1[]. The divider cells have already
+  ** been removed from pParent.
+  **
+  ** If the siblings are on leaf pages, then the child pointers of the
+  ** divider cells are stripped from the cells before they are copied
+  ** into aSpace1[].  In this way, all cells in b.apCell[] are without
+  ** child pointers.  If siblings are not leaves, then all cell in
+  ** b.apCell[] include child pointers.  Either way, all cells in b.apCell[]
+  ** are alike.
+  **
+  ** leafCorrection:  4 if pPage is a leaf.  0 if pPage is not a leaf.
+  **       leafData:  1 if pPage holds key+data and pParent holds only keys.
+  */
+  b.pRef = apOld[0];
+  leafCorrection = b.pRef->leaf*4;
+  leafData = b.pRef->intKeyLeaf;
+  for(i=0; i<nOld; i++){
+    MemPage *pOld = apOld[i];
+    int limit = pOld->nCell;
+    u8 *aData = pOld->aData;
+    u16 maskPage = pOld->maskPage;
+    u8 *piCell = aData + pOld->cellOffset;
+    u8 *piEnd;
+
+    /* Verify that all sibling pages are of the same "type" (table-leaf,
+    ** table-interior, index-leaf, or index-interior).
+    */
+    if( pOld->aData[0]!=apOld[0]->aData[0] ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto balance_cleanup;
+    }
+
+    /* Load b.apCell[] with pointers to all cells in pOld.  If pOld
+    ** constains overflow cells, include them in the b.apCell[] array
+    ** in the correct spot.
+    **
+    ** Note that when there are multiple overflow cells, it is always the
+    ** case that they are sequential and adjacent.  This invariant arises
+    ** because multiple overflows can only occurs when inserting divider
+    ** cells into a parent on a prior balance, and divider cells are always
+    ** adjacent and are inserted in order.  There is an assert() tagged
+    ** with "NOTE 1" in the overflow cell insertion loop to prove this
+    ** invariant.
+    **
+    ** This must be done in advance.  Once the balance starts, the cell
+    ** offset section of the btree page will be overwritten and we will no
+    ** long be able to find the cells if a pointer to each cell is not saved
+    ** first.
+    */
+    memset(&b.szCell[b.nCell], 0, sizeof(b.szCell[0])*limit);
+    if( pOld->nOverflow>0 ){
+      memset(&b.szCell[b.nCell+limit], 0, sizeof(b.szCell[0])*pOld->nOverflow);
+      limit = pOld->aiOvfl[0];
+      for(j=0; j<limit; j++){
+        b.apCell[b.nCell] = aData + (maskPage & get2byteAligned(piCell));
+        piCell += 2;
+        b.nCell++;
+      }
+      for(k=0; k<pOld->nOverflow; k++){
+        assert( k==0 || pOld->aiOvfl[k-1]+1==pOld->aiOvfl[k] );/* NOTE 1 */
+        b.apCell[b.nCell] = pOld->apOvfl[k];
+        b.nCell++;
+      }
+    }
+    piEnd = aData + pOld->cellOffset + 2*pOld->nCell;
+    while( piCell<piEnd ){
+      assert( b.nCell<nMaxCells );
+      b.apCell[b.nCell] = aData + (maskPage & get2byteAligned(piCell));
+      piCell += 2;
+      b.nCell++;
+    }
+
+    cntOld[i] = b.nCell;
+    if( i<nOld-1 && !leafData){
+      u16 sz = (u16)szNew[i];
+      u8 *pTemp;
+      assert( b.nCell<nMaxCells );
+      b.szCell[b.nCell] = sz;
+      pTemp = &aSpace1[iSpace1];
+      iSpace1 += sz;
+      assert( sz<=pBt->maxLocal+23 );
+      assert( iSpace1 <= (int)pBt->pageSize );
+      memcpy(pTemp, apDiv[i], sz);
+      b.apCell[b.nCell] = pTemp+leafCorrection;
+      assert( leafCorrection==0 || leafCorrection==4 );
+      b.szCell[b.nCell] = b.szCell[b.nCell] - leafCorrection;
+      if( !pOld->leaf ){
+        assert( leafCorrection==0 );
+        assert( pOld->hdrOffset==0 );
+        /* The right pointer of the child page pOld becomes the left
+        ** pointer of the divider cell */
+        memcpy(b.apCell[b.nCell], &pOld->aData[8], 4);
+      }else{
+        assert( leafCorrection==4 );
+        while( b.szCell[b.nCell]<4 ){
+          /* Do not allow any cells smaller than 4 bytes. If a smaller cell
+          ** does exist, pad it with 0x00 bytes. */
+          assert( b.szCell[b.nCell]==3 || CORRUPT_DB );
+          assert( b.apCell[b.nCell]==&aSpace1[iSpace1-3] || CORRUPT_DB );
+          aSpace1[iSpace1++] = 0x00;
+          b.szCell[b.nCell]++;
+        }
+      }
+      b.nCell++;
+    }
+  }
+
+  /*
+  ** Figure out the number of pages needed to hold all b.nCell cells.
+  ** Store this number in "k".  Also compute szNew[] which is the total
+  ** size of all cells on the i-th page and cntNew[] which is the index
+  ** in b.apCell[] of the cell that divides page i from page i+1.  
+  ** cntNew[k] should equal b.nCell.
+  **
+  ** Values computed by this block:
+  **
+  **           k: The total number of sibling pages
+  **    szNew[i]: Spaced used on the i-th sibling page.
+  **   cntNew[i]: Index in b.apCell[] and b.szCell[] for the first cell to
+  **              the right of the i-th sibling page.
+  ** usableSpace: Number of bytes of space available on each sibling.
+  ** 
+  */
+  usableSpace = pBt->usableSize - 12 + leafCorrection;
+  for(i=0; i<nOld; i++){
+    MemPage *p = apOld[i];
+    szNew[i] = usableSpace - p->nFree;
+    if( szNew[i]<0 ){ rc = SQLITE_CORRUPT_BKPT; goto balance_cleanup; }
+    for(j=0; j<p->nOverflow; j++){
+      szNew[i] += 2 + p->xCellSize(p, p->apOvfl[j]);
+    }
+    cntNew[i] = cntOld[i];
+  }
+  k = nOld;
+  for(i=0; i<k; i++){
+    int sz;
+    while( szNew[i]>usableSpace ){
+      if( i+1>=k ){
+        k = i+2;
+        if( k>NB+2 ){ rc = SQLITE_CORRUPT_BKPT; goto balance_cleanup; }
+        szNew[k-1] = 0;
+        cntNew[k-1] = b.nCell;
+      }
+      sz = 2 + cachedCellSize(&b, cntNew[i]-1);
+      szNew[i] -= sz;
+      if( !leafData ){
+        if( cntNew[i]<b.nCell ){
+          sz = 2 + cachedCellSize(&b, cntNew[i]);
+        }else{
+          sz = 0;
+        }
+      }
+      szNew[i+1] += sz;
+      cntNew[i]--;
+    }
+    while( cntNew[i]<b.nCell ){
+      sz = 2 + cachedCellSize(&b, cntNew[i]);
+      if( szNew[i]+sz>usableSpace ) break;
+      szNew[i] += sz;
+      cntNew[i]++;
+      if( !leafData ){
+        if( cntNew[i]<b.nCell ){
+          sz = 2 + cachedCellSize(&b, cntNew[i]);
+        }else{
+          sz = 0;
+        }
+      }
+      szNew[i+1] -= sz;
+    }
+    if( cntNew[i]>=b.nCell ){
+      k = i+1;
+    }else if( cntNew[i] <= (i>0 ? cntNew[i-1] : 0) ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto balance_cleanup;
+    }
+  }
+
+  /*
+  ** The packing computed by the previous block is biased toward the siblings
+  ** on the left side (siblings with smaller keys). The left siblings are
+  ** always nearly full, while the right-most sibling might be nearly empty.
+  ** The next block of code attempts to adjust the packing of siblings to
+  ** get a better balance.
+  **
+  ** This adjustment is more than an optimization.  The packing above might
+  ** be so out of balance as to be illegal.  For example, the right-most
+  ** sibling might be completely empty.  This adjustment is not optional.
+  */
+  for(i=k-1; i>0; i--){
+    int szRight = szNew[i];  /* Size of sibling on the right */
+    int szLeft = szNew[i-1]; /* Size of sibling on the left */
+    int r;              /* Index of right-most cell in left sibling */
+    int d;              /* Index of first cell to the left of right sibling */
+
+    r = cntNew[i-1] - 1;
+    d = r + 1 - leafData;
+    (void)cachedCellSize(&b, d);
+    do{
+      assert( d<nMaxCells );
+      assert( r<nMaxCells );
+      (void)cachedCellSize(&b, r);
+      if( szRight!=0
+       && (bBulk || szRight+b.szCell[d]+2 > szLeft-(b.szCell[r]+2)) ){
+        break;
+      }
+      szRight += b.szCell[d] + 2;
+      szLeft -= b.szCell[r] + 2;
+      cntNew[i-1] = r;
+      r--;
+      d--;
+    }while( r>=0 );
+    szNew[i] = szRight;
+    szNew[i-1] = szLeft;
+    if( cntNew[i-1] <= (i>1 ? cntNew[i-2] : 0) ){
+      rc = SQLITE_CORRUPT_BKPT;
+      goto balance_cleanup;
+    }
+  }
+
+  /* Sanity check:  For a non-corrupt database file one of the follwing
+  ** must be true:
+  **    (1) We found one or more cells (cntNew[0])>0), or
+  **    (2) pPage is a virtual root page.  A virtual root page is when
+  **        the real root page is page 1 and we are the only child of
+  **        that page.
+  */
+  assert( cntNew[0]>0 || (pParent->pgno==1 && pParent->nCell==0) || CORRUPT_DB);
+  TRACE(("BALANCE: old: %d(nc=%d) %d(nc=%d) %d(nc=%d)\n",
+    apOld[0]->pgno, apOld[0]->nCell,
+    nOld>=2 ? apOld[1]->pgno : 0, nOld>=2 ? apOld[1]->nCell : 0,
+    nOld>=3 ? apOld[2]->pgno : 0, nOld>=3 ? apOld[2]->nCell : 0
+  ));
+
+  /*
+  ** Allocate k new pages.  Reuse old pages where possible.
+  */
+  pageFlags = apOld[0]->aData[0];
+  for(i=0; i<k; i++){
+    MemPage *pNew;
+    if( i<nOld ){
+      pNew = apNew[i] = apOld[i];
+      apOld[i] = 0;
+      rc = sqlite3PagerWrite(pNew->pDbPage);
+      nNew++;
+      if( rc ) goto balance_cleanup;
+    }else{
+      assert( i>0 );
+      rc = allocateBtreePage(pBt, &pNew, &pgno, (bBulk ? 1 : pgno), 0);
+      if( rc ) goto balance_cleanup;
+      zeroPage(pNew, pageFlags);
+      apNew[i] = pNew;
+      nNew++;
+      cntOld[i] = b.nCell;
+
+      /* Set the pointer-map entry for the new sibling page. */
+      if( ISAUTOVACUUM ){
+        ptrmapPut(pBt, pNew->pgno, PTRMAP_BTREE, pParent->pgno, &rc);
+        if( rc!=SQLITE_OK ){
+          goto balance_cleanup;
+        }
+      }
+    }
+  }
+
+  /*
+  ** Reassign page numbers so that the new pages are in ascending order. 
+  ** This helps to keep entries in the disk file in order so that a scan
+  ** of the table is closer to a linear scan through the file. That in turn 
+  ** helps the operating system to deliver pages from the disk more rapidly.
+  **
+  ** An O(n^2) insertion sort algorithm is used, but since n is never more 
+  ** than (NB+2) (a small constant), that should not be a problem.
+  **
+  ** When NB==3, this one optimization makes the database about 25% faster 
+  ** for large insertions and deletions.
+  */
+  for(i=0; i<nNew; i++){
+    aPgOrder[i] = aPgno[i] = apNew[i]->pgno;
+    aPgFlags[i] = apNew[i]->pDbPage->flags;
+    for(j=0; j<i; j++){
+      if( aPgno[j]==aPgno[i] ){
+        /* This branch is taken if the set of sibling pages somehow contains
+        ** duplicate entries. This can happen if the database is corrupt. 
+        ** It would be simpler to detect this as part of the loop below, but
+        ** we do the detection here in order to avoid populating the pager
+        ** cache with two separate objects associated with the same
+        ** page number.  */
+        assert( CORRUPT_DB );
+        rc = SQLITE_CORRUPT_BKPT;
+        goto balance_cleanup;
+      }
+    }
+  }
+  for(i=0; i<nNew; i++){
+    int iBest = 0;                /* aPgno[] index of page number to use */
+    for(j=1; j<nNew; j++){
+      if( aPgOrder[j]<aPgOrder[iBest] ) iBest = j;
+    }
+    pgno = aPgOrder[iBest];
+    aPgOrder[iBest] = 0xffffffff;
+    if( iBest!=i ){
+      if( iBest>i ){
+        sqlite3PagerRekey(apNew[iBest]->pDbPage, pBt->nPage+iBest+1, 0);
+      }
+      sqlite3PagerRekey(apNew[i]->pDbPage, pgno, aPgFlags[iBest]);
+      apNew[i]->pgno = pgno;
+    }
+  }
+
+  TRACE(("BALANCE: new: %d(%d nc=%d) %d(%d nc=%d) %d(%d nc=%d) "
+         "%d(%d nc=%d) %d(%d nc=%d)\n",
+    apNew[0]->pgno, szNew[0], cntNew[0],
+    nNew>=2 ? apNew[1]->pgno : 0, nNew>=2 ? szNew[1] : 0,
+    nNew>=2 ? cntNew[1] - cntNew[0] - !leafData : 0,
+    nNew>=3 ? apNew[2]->pgno : 0, nNew>=3 ? szNew[2] : 0,
+    nNew>=3 ? cntNew[2] - cntNew[1] - !leafData : 0,
+    nNew>=4 ? apNew[3]->pgno : 0, nNew>=4 ? szNew[3] : 0,
+    nNew>=4 ? cntNew[3] - cntNew[2] - !leafData : 0,
+    nNew>=5 ? apNew[4]->pgno : 0, nNew>=5 ? szNew[4] : 0,
+    nNew>=5 ? cntNew[4] - cntNew[3] - !leafData : 0
+  ));
+
+  assert( sqlite3PagerIswriteable(pParent->pDbPage) );
+  put4byte(pRight, apNew[nNew-1]->pgno);
+
+  /* If the sibling pages are not leaves, ensure that the right-child pointer
+  ** of the right-most new sibling page is set to the value that was 
+  ** originally in the same field of the right-most old sibling page. */
+  if( (pageFlags & PTF_LEAF)==0 && nOld!=nNew ){
+    MemPage *pOld = (nNew>nOld ? apNew : apOld)[nOld-1];
+    memcpy(&apNew[nNew-1]->aData[8], &pOld->aData[8], 4);
+  }
+
+  /* Make any required updates to pointer map entries associated with 
+  ** cells stored on sibling pages following the balance operation. Pointer
+  ** map entries associated with divider cells are set by the insertCell()
+  ** routine. The associated pointer map entries are:
+  **
+  **   a) if the cell contains a reference to an overflow chain, the
+  **      entry associated with the first page in the overflow chain, and
+  **
+  **   b) if the sibling pages are not leaves, the child page associated
+  **      with the cell.
+  **
+  ** If the sibling pages are not leaves, then the pointer map entry 
+  ** associated with the right-child of each sibling may also need to be 
+  ** updated. This happens below, after the sibling pages have been 
+  ** populated, not here.
+  */
+  if( ISAUTOVACUUM ){
+    MemPage *pNew = apNew[0];
+    u8 *aOld = pNew->aData;
+    int cntOldNext = pNew->nCell + pNew->nOverflow;
+    int usableSize = pBt->usableSize;
+    int iNew = 0;
+    int iOld = 0;
+
+    for(i=0; i<b.nCell; i++){
+      u8 *pCell = b.apCell[i];
+      if( i==cntOldNext ){
+        MemPage *pOld = (++iOld)<nNew ? apNew[iOld] : apOld[iOld];
+        cntOldNext += pOld->nCell + pOld->nOverflow + !leafData;
+        aOld = pOld->aData;
+      }
+      if( i==cntNew[iNew] ){
+        pNew = apNew[++iNew];
+        if( !leafData ) continue;
+      }
+
+      /* Cell pCell is destined for new sibling page pNew. Originally, it
+      ** was either part of sibling page iOld (possibly an overflow cell), 
+      ** or else the divider cell to the left of sibling page iOld. So,
+      ** if sibling page iOld had the same page number as pNew, and if
+      ** pCell really was a part of sibling page iOld (not a divider or
+      ** overflow cell), we can skip updating the pointer map entries.  */
+      if( iOld>=nNew
+       || pNew->pgno!=aPgno[iOld]
+       || !SQLITE_WITHIN(pCell,aOld,&aOld[usableSize])
+      ){
+        if( !leafCorrection ){
+          ptrmapPut(pBt, get4byte(pCell), PTRMAP_BTREE, pNew->pgno, &rc);
+        }
+        if( cachedCellSize(&b,i)>pNew->minLocal ){
+          ptrmapPutOvflPtr(pNew, pCell, &rc);
+        }
+        if( rc ) goto balance_cleanup;
+      }
+    }
+  }
+
+  /* Insert new divider cells into pParent. */
+  for(i=0; i<nNew-1; i++){
+    u8 *pCell;
+    u8 *pTemp;
+    int sz;
+    MemPage *pNew = apNew[i];
+    j = cntNew[i];
+
+    assert( j<nMaxCells );
+    assert( b.apCell[j]!=0 );
+    pCell = b.apCell[j];
+    sz = b.szCell[j] + leafCorrection;
+    pTemp = &aOvflSpace[iOvflSpace];
+    if( !pNew->leaf ){
+      memcpy(&pNew->aData[8], pCell, 4);
+    }else if( leafData ){
+      /* If the tree is a leaf-data tree, and the siblings are leaves, 
+      ** then there is no divider cell in b.apCell[]. Instead, the divider 
+      ** cell consists of the integer key for the right-most cell of 
+      ** the sibling-page assembled above only.
+      */
+      CellInfo info;
+      j--;
+      pNew->xParseCell(pNew, b.apCell[j], &info);
+      pCell = pTemp;
+      sz = 4 + putVarint(&pCell[4], info.nKey);
+      pTemp = 0;
+    }else{
+      pCell -= 4;
+      /* Obscure case for non-leaf-data trees: If the cell at pCell was
+      ** previously stored on a leaf node, and its reported size was 4
+      ** bytes, then it may actually be smaller than this 
+      ** (see btreeParseCellPtr(), 4 bytes is the minimum size of
+      ** any cell). But it is important to pass the correct size to 
+      ** insertCell(), so reparse the cell now.
+      **
+      ** Note that this can never happen in an SQLite data file, as all
+      ** cells are at least 4 bytes. It only happens in b-trees used
+      ** to evaluate "IN (SELECT ...)" and similar clauses.
+      */
+      if( b.szCell[j]==4 ){
+        assert(leafCorrection==4);
+        sz = pParent->xCellSize(pParent, pCell);
+      }
+    }
+    iOvflSpace += sz;
+    assert( sz<=pBt->maxLocal+23 );
+    assert( iOvflSpace <= (int)pBt->pageSize );
+    insertCell(pParent, nxDiv+i, pCell, sz, pTemp, pNew->pgno, &rc);
+    if( rc!=SQLITE_OK ) goto balance_cleanup;
+    assert( sqlite3PagerIswriteable(pParent->pDbPage) );
+  }
+
+  /* Now update the actual sibling pages. The order in which they are updated
+  ** is important, as this code needs to avoid disrupting any page from which
+  ** cells may still to be read. In practice, this means:
+  **
+  **  (1) If cells are moving left (from apNew[iPg] to apNew[iPg-1])
+  **      then it is not safe to update page apNew[iPg] until after
+  **      the left-hand sibling apNew[iPg-1] has been updated.
+  **
+  **  (2) If cells are moving right (from apNew[iPg] to apNew[iPg+1])
+  **      then it is not safe to update page apNew[iPg] until after
+  **      the right-hand sibling apNew[iPg+1] has been updated.
+  **
+  ** If neither of the above apply, the page is safe to update.
+  **
+  ** The iPg value in the following loop starts at nNew-1 goes down
+  ** to 0, then back up to nNew-1 again, thus making two passes over
+  ** the pages.  On the initial downward pass, only condition (1) above
+  ** needs to be tested because (2) will always be true from the previous
+  ** step.  On the upward pass, both conditions are always true, so the
+  ** upwards pass simply processes pages that were missed on the downward
+  ** pass.
+  */
+  for(i=1-nNew; i<nNew; i++){
+    int iPg = i<0 ? -i : i;
+    assert( iPg>=0 && iPg<nNew );
+    if( abDone[iPg] ) continue;         /* Skip pages already processed */
+    if( i>=0                            /* On the upwards pass, or... */
+     || cntOld[iPg-1]>=cntNew[iPg-1]    /* Condition (1) is true */
+    ){
+      int iNew;
+      int iOld;
+      int nNewCell;
+
+      /* Verify condition (1):  If cells are moving left, update iPg
+      ** only after iPg-1 has already been updated. */
+      assert( iPg==0 || cntOld[iPg-1]>=cntNew[iPg-1] || abDone[iPg-1] );
+
+      /* Verify condition (2):  If cells are moving right, update iPg
+      ** only after iPg+1 has already been updated. */
+      assert( cntNew[iPg]>=cntOld[iPg] || abDone[iPg+1] );
+
+      if( iPg==0 ){
+        iNew = iOld = 0;
+        nNewCell = cntNew[0];
+      }else{
+        iOld = iPg<nOld ? (cntOld[iPg-1] + !leafData) : b.nCell;
+        iNew = cntNew[iPg-1] + !leafData;
+        nNewCell = cntNew[iPg] - iNew;
+      }
+
+      rc = editPage(apNew[iPg], iOld, iNew, nNewCell, &b);
+      if( rc ) goto balance_cleanup;
+      abDone[iPg]++;
+      apNew[iPg]->nFree = usableSpace-szNew[iPg];
+      assert( apNew[iPg]->nOverflow==0 );
+      assert( apNew[iPg]->nCell==nNewCell );
+    }
+  }
+
+  /* All pages have been processed exactly once */
+  assert( memcmp(abDone, "\01\01\01\01\01", nNew)==0 );
+
+  assert( nOld>0 );
+  assert( nNew>0 );
+
+  if( isRoot && pParent->nCell==0 && pParent->hdrOffset<=apNew[0]->nFree ){
+    /* The root page of the b-tree now contains no cells. The only sibling
+    ** page is the right-child of the parent. Copy the contents of the
+    ** child page into the parent, decreasing the overall height of the
+    ** b-tree structure by one. This is described as the "balance-shallower"
+    ** sub-algorithm in some documentation.
+    **
+    ** If this is an auto-vacuum database, the call to copyNodeContent() 
+    ** sets all pointer-map entries corresponding to database image pages 
+    ** for which the pointer is stored within the content being copied.
+    **
+    ** It is critical that the child page be defragmented before being
+    ** copied into the parent, because if the parent is page 1 then it will
+    ** by smaller than the child due to the database header, and so all the
+    ** free space needs to be up front.
+    */
+    assert( nNew==1 || CORRUPT_DB );
+    rc = defragmentPage(apNew[0]);
+    testcase( rc!=SQLITE_OK );
+    assert( apNew[0]->nFree == 
+        (get2byte(&apNew[0]->aData[5])-apNew[0]->cellOffset-apNew[0]->nCell*2)
+      || rc!=SQLITE_OK
+    );
+    copyNodeContent(apNew[0], pParent, &rc);
+    freePage(apNew[0], &rc);
+  }else if( ISAUTOVACUUM && !leafCorrection ){
+    /* Fix the pointer map entries associated with the right-child of each
+    ** sibling page. All other pointer map entries have already been taken
+    ** care of.  */
+    for(i=0; i<nNew; i++){
+      u32 key = get4byte(&apNew[i]->aData[8]);
+      ptrmapPut(pBt, key, PTRMAP_BTREE, apNew[i]->pgno, &rc);
+    }
+  }
+
+  assert( pParent->isInit );
+  TRACE(("BALANCE: finished: old=%d new=%d cells=%d\n",
+          nOld, nNew, b.nCell));
+
+  /* Free any old pages that were not reused as new pages.
+  */
+  for(i=nNew; i<nOld; i++){
+    freePage(apOld[i], &rc);
+  }
+
+#if 0
+  if( ISAUTOVACUUM && rc==SQLITE_OK && apNew[0]->isInit ){
+    /* The ptrmapCheckPages() contains assert() statements that verify that
+    ** all pointer map pages are set correctly. This is helpful while 
+    ** debugging. This is usually disabled because a corrupt database may
+    ** cause an assert() statement to fail.  */
+    ptrmapCheckPages(apNew, nNew);
+    ptrmapCheckPages(&pParent, 1);
+  }
+#endif
+
+  /*
+  ** Cleanup before returning.
+  */
+balance_cleanup:
+  sqlite3ScratchFree(b.apCell);
+  for(i=0; i<nOld; i++){
+    releasePage(apOld[i]);
+  }
+  for(i=0; i<nNew; i++){
+    releasePage(apNew[i]);
+  }
+
+  return rc;
+}
+
+
+/*
+** This function is called when the root page of a b-tree structure is
+** overfull (has one or more overflow pages).
+**
+** A new child page is allocated and the contents of the current root
+** page, including overflow cells, are copied into the child. The root
+** page is then overwritten to make it an empty page with the right-child 
+** pointer pointing to the new page.
+**
+** Before returning, all pointer-map entries corresponding to pages 
+** that the new child-page now contains pointers to are updated. The
+** entry corresponding to the new right-child pointer of the root
+** page is also updated.
+**
+** If successful, *ppChild is set to contain a reference to the child 
+** page and SQLITE_OK is returned. In this case the caller is required
+** to call releasePage() on *ppChild exactly once. If an error occurs,
+** an error code is returned and *ppChild is set to 0.
+*/
+static int balance_deeper(MemPage *pRoot, MemPage **ppChild){
+  int rc;                        /* Return value from subprocedures */
+  MemPage *pChild = 0;           /* Pointer to a new child page */
+  Pgno pgnoChild = 0;            /* Page number of the new child page */
+  BtShared *pBt = pRoot->pBt;    /* The BTree */
+
+  assert( pRoot->nOverflow>0 );
+  assert( sqlite3_mutex_held(pBt->mutex) );
+
+  /* Make pRoot, the root page of the b-tree, writable. Allocate a new 
+  ** page that will become the new right-child of pPage. Copy the contents
+  ** of the node stored on pRoot into the new child page.
+  */
+  rc = sqlite3PagerWrite(pRoot->pDbPage);
+  if( rc==SQLITE_OK ){
+    rc = allocateBtreePage(pBt,&pChild,&pgnoChild,pRoot->pgno,0);
+    copyNodeContent(pRoot, pChild, &rc);
+    if( ISAUTOVACUUM ){
+      ptrmapPut(pBt, pgnoChild, PTRMAP_BTREE, pRoot->pgno, &rc);
+    }
+  }
+  if( rc ){
+    *ppChild = 0;
+    releasePage(pChild);
+    return rc;
+  }
+  assert( sqlite3PagerIswriteable(pChild->pDbPage) );
+  assert( sqlite3PagerIswriteable(pRoot->pDbPage) );
+  assert( pChild->nCell==pRoot->nCell );
+
+  TRACE(("BALANCE: copy root %d into %d\n", pRoot->pgno, pChild->pgno));
+
+  /* Copy the overflow cells from pRoot to pChild */
+  memcpy(pChild->aiOvfl, pRoot->aiOvfl,
+         pRoot->nOverflow*sizeof(pRoot->aiOvfl[0]));
+  memcpy(pChild->apOvfl, pRoot->apOvfl,
+         pRoot->nOverflow*sizeof(pRoot->apOvfl[0]));
+  pChild->nOverflow = pRoot->nOverflow;
+
+  /* Zero the contents of pRoot. Then install pChild as the right-child. */
+  zeroPage(pRoot, pChild->aData[0] & ~PTF_LEAF);
+  put4byte(&pRoot->aData[pRoot->hdrOffset+8], pgnoChild);
+
+  *ppChild = pChild;
+  return SQLITE_OK;
+}
+
+/*
+** The page that pCur currently points to has just been modified in
+** some way. This function figures out if this modification means the
+** tree needs to be balanced, and if so calls the appropriate balancing 
+** routine. Balancing routines are:
+**
+**   balance_quick()
+**   balance_deeper()
+**   balance_nonroot()
+*/
+static int balance(BtCursor *pCur){
+  int rc = SQLITE_OK;
+  const int nMin = pCur->pBt->usableSize * 2 / 3;
+  u8 aBalanceQuickSpace[13];
+  u8 *pFree = 0;
+
+  TESTONLY( int balance_quick_called = 0 );
+  TESTONLY( int balance_deeper_called = 0 );
+
+  do {
+    int iPage = pCur->iPage;
+    MemPage *pPage = pCur->apPage[iPage];
+
+    if( iPage==0 ){
+      if( pPage->nOverflow ){
+        /* The root page of the b-tree is overfull. In this case call the
+        ** balance_deeper() function to create a new child for the root-page
+        ** and copy the current contents of the root-page to it. The
+        ** next iteration of the do-loop will balance the child page.
+        */ 
+        assert( (balance_deeper_called++)==0 );
+        rc = balance_deeper(pPage, &pCur->apPage[1]);
+        if( rc==SQLITE_OK ){
+          pCur->iPage = 1;
+          pCur->aiIdx[0] = 0;
+          pCur->aiIdx[1] = 0;
+          assert( pCur->apPage[1]->nOverflow );
+        }
+      }else{
+        break;
+      }
+    }else if( pPage->nOverflow==0 && pPage->nFree<=nMin ){
+      break;
+    }else{
+      MemPage * const pParent = pCur->apPage[iPage-1];
+      int const iIdx = pCur->aiIdx[iPage-1];
+
+      rc = sqlite3PagerWrite(pParent->pDbPage);
+      if( rc==SQLITE_OK ){
+#ifndef SQLITE_OMIT_QUICKBALANCE
+        if( pPage->intKeyLeaf
+         && pPage->nOverflow==1
+         && pPage->aiOvfl[0]==pPage->nCell
+         && pParent->pgno!=1
+         && pParent->nCell==iIdx
+        ){
+          /* Call balance_quick() to create a new sibling of pPage on which
+          ** to store the overflow cell. balance_quick() inserts a new cell
+          ** into pParent, which may cause pParent overflow. If this
+          ** happens, the next iteration of the do-loop will balance pParent 
+          ** use either balance_nonroot() or balance_deeper(). Until this
+          ** happens, the overflow cell is stored in the aBalanceQuickSpace[]
+          ** buffer. 
+          **
+          ** The purpose of the following assert() is to check that only a
+          ** single call to balance_quick() is made for each call to this
+          ** function. If this were not verified, a subtle bug involving reuse
+          ** of the aBalanceQuickSpace[] might sneak in.
+          */
+          assert( (balance_quick_called++)==0 );
+          rc = balance_quick(pParent, pPage, aBalanceQuickSpace);
+        }else
+#endif
+        {
+          /* In this case, call balance_nonroot() to redistribute cells
+          ** between pPage and up to 2 of its sibling pages. This involves
+          ** modifying the contents of pParent, which may cause pParent to
+          ** become overfull or underfull. The next iteration of the do-loop
+          ** will balance the parent page to correct this.
+          ** 
+          ** If the parent page becomes overfull, the overflow cell or cells
+          ** are stored in the pSpace buffer allocated immediately below. 
+          ** A subsequent iteration of the do-loop will deal with this by
+          ** calling balance_nonroot() (balance_deeper() may be called first,
+          ** but it doesn't deal with overflow cells - just moves them to a
+          ** different page). Once this subsequent call to balance_nonroot() 
+          ** has completed, it is safe to release the pSpace buffer used by
+          ** the previous call, as the overflow cell data will have been 
+          ** copied either into the body of a database page or into the new
+          ** pSpace buffer passed to the latter call to balance_nonroot().
+          */
+          u8 *pSpace = sqlite3PageMalloc(pCur->pBt->pageSize);
+          rc = balance_nonroot(pParent, iIdx, pSpace, iPage==1,
+                               pCur->hints&BTREE_BULKLOAD);
+          if( pFree ){
+            /* If pFree is not NULL, it points to the pSpace buffer used 
+            ** by a previous call to balance_nonroot(). Its contents are
+            ** now stored either on real database pages or within the 
+            ** new pSpace buffer, so it may be safely freed here. */
+            sqlite3PageFree(pFree);
+          }
+
+          /* The pSpace buffer will be freed after the next call to
+          ** balance_nonroot(), or just before this function returns, whichever
+          ** comes first. */
+          pFree = pSpace;
+        }
+      }
+
+      pPage->nOverflow = 0;
+
+      /* The next iteration of the do-loop balances the parent page. */
+      releasePage(pPage);
+      pCur->iPage--;
+      assert( pCur->iPage>=0 );
+    }
+  }while( rc==SQLITE_OK );
+
+  if( pFree ){
+    sqlite3PageFree(pFree);
+  }
+  return rc;
+}
+
+
+/*
+** Insert a new record into the BTree.  The key is given by (pKey,nKey)
+** and the data is given by (pData,nData).  The cursor is used only to
+** define what table the record should be inserted into.  The cursor
+** is left pointing at a random location.
+**
+** For an INTKEY table, only the nKey value of the key is used.  pKey is
+** ignored.  For a ZERODATA table, the pData and nData are both ignored.
+**
+** If the seekResult parameter is non-zero, then a successful call to
+** MovetoUnpacked() to seek cursor pCur to (pKey, nKey) has already
+** been performed. seekResult is the search result returned (a negative
+** number if pCur points at an entry that is smaller than (pKey, nKey), or
+** a positive value if pCur points at an entry that is larger than 
+** (pKey, nKey)). 
+**
+** If the seekResult parameter is non-zero, then the caller guarantees that
+** cursor pCur is pointing at the existing copy of a row that is to be
+** overwritten.  If the seekResult parameter is 0, then cursor pCur may
+** point to any entry or to no entry at all and so this function has to seek
+** the cursor before the new key can be inserted.
+*/
+SQLITE_PRIVATE int sqlite3BtreeInsert(
+  BtCursor *pCur,                /* Insert data into the table of this cursor */
+  const void *pKey, i64 nKey,    /* The key of the new record */
+  const void *pData, int nData,  /* The data of the new record */
+  int nZero,                     /* Number of extra 0 bytes to append to data */
+  int appendBias,                /* True if this is likely an append */
+  int seekResult                 /* Result of prior MovetoUnpacked() call */
+){
+  int rc;
+  int loc = seekResult;          /* -1: before desired location  +1: after */
+  int szNew = 0;
+  int idx;
+  MemPage *pPage;
+  Btree *p = pCur->pBtree;
+  BtShared *pBt = p->pBt;
+  unsigned char *oldCell;
+  unsigned char *newCell = 0;
+
+  if( pCur->eState==CURSOR_FAULT ){
+    assert( pCur->skipNext!=SQLITE_OK );
+    return pCur->skipNext;
+  }
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( (pCur->curFlags & BTCF_WriteFlag)!=0
+              && pBt->inTransaction==TRANS_WRITE
+              && (pBt->btsFlags & BTS_READ_ONLY)==0 );
+  assert( hasSharedCacheTableLock(p, pCur->pgnoRoot, pCur->pKeyInfo!=0, 2) );
+
+  /* Assert that the caller has been consistent. If this cursor was opened
+  ** expecting an index b-tree, then the caller should be inserting blob
+  ** keys with no associated data. If the cursor was opened expecting an
+  ** intkey table, the caller should be inserting integer keys with a
+  ** blob of associated data.  */
+  assert( (pKey==0)==(pCur->pKeyInfo==0) );
+
+  /* Save the positions of any other cursors open on this table.
+  **
+  ** In some cases, the call to btreeMoveto() below is a no-op. For
+  ** example, when inserting data into a table with auto-generated integer
+  ** keys, the VDBE layer invokes sqlite3BtreeLast() to figure out the 
+  ** integer key to use. It then calls this function to actually insert the 
+  ** data into the intkey B-Tree. In this case btreeMoveto() recognizes
+  ** that the cursor is already where it needs to be and returns without
+  ** doing any work. To avoid thwarting these optimizations, it is important
+  ** not to clear the cursor here.
+  */
+  if( pCur->curFlags & BTCF_Multiple ){
+    rc = saveAllCursors(pBt, pCur->pgnoRoot, pCur);
+    if( rc ) return rc;
+  }
+
+  if( pCur->pKeyInfo==0 ){
+    assert( pKey==0 );
+    /* If this is an insert into a table b-tree, invalidate any incrblob 
+    ** cursors open on the row being replaced */
+    invalidateIncrblobCursors(p, nKey, 0);
+
+    /* If the cursor is currently on the last row and we are appending a
+    ** new row onto the end, set the "loc" to avoid an unnecessary
+    ** btreeMoveto() call */
+    if( (pCur->curFlags&BTCF_ValidNKey)!=0 && nKey>0
+      && pCur->info.nKey==nKey-1 ){
+       loc = -1;
+    }else if( loc==0 ){
+      rc = sqlite3BtreeMovetoUnpacked(pCur, 0, nKey, appendBias, &loc);
+      if( rc ) return rc;
+    }
+  }else if( loc==0 ){
+    rc = btreeMoveto(pCur, pKey, nKey, appendBias, &loc);
+    if( rc ) return rc;
+  }
+  assert( pCur->eState==CURSOR_VALID || (pCur->eState==CURSOR_INVALID && loc) );
+
+  pPage = pCur->apPage[pCur->iPage];
+  assert( pPage->intKey || nKey>=0 );
+  assert( pPage->leaf || !pPage->intKey );
+
+  TRACE(("INSERT: table=%d nkey=%lld ndata=%d page=%d %s\n",
+          pCur->pgnoRoot, nKey, nData, pPage->pgno,
+          loc==0 ? "overwrite" : "new entry"));
+  assert( pPage->isInit );
+  newCell = pBt->pTmpSpace;
+  assert( newCell!=0 );
+  rc = fillInCell(pPage, newCell, pKey, nKey, pData, nData, nZero, &szNew);
+  if( rc ) goto end_insert;
+  assert( szNew==pPage->xCellSize(pPage, newCell) );
+  assert( szNew <= MX_CELL_SIZE(pBt) );
+  idx = pCur->aiIdx[pCur->iPage];
+  if( loc==0 ){
+    u16 szOld;
+    assert( idx<pPage->nCell );
+    rc = sqlite3PagerWrite(pPage->pDbPage);
+    if( rc ){
+      goto end_insert;
+    }
+    oldCell = findCell(pPage, idx);
+    if( !pPage->leaf ){
+      memcpy(newCell, oldCell, 4);
+    }
+    rc = clearCell(pPage, oldCell, &szOld);
+    dropCell(pPage, idx, szOld, &rc);
+    if( rc ) goto end_insert;
+  }else if( loc<0 && pPage->nCell>0 ){
+    assert( pPage->leaf );
+    idx = ++pCur->aiIdx[pCur->iPage];
+  }else{
+    assert( pPage->leaf );
+  }
+  insertCell(pPage, idx, newCell, szNew, 0, 0, &rc);
+  assert( rc!=SQLITE_OK || pPage->nCell>0 || pPage->nOverflow>0 );
+
+  /* If no error has occurred and pPage has an overflow cell, call balance() 
+  ** to redistribute the cells within the tree. Since balance() may move
+  ** the cursor, zero the BtCursor.info.nSize and BTCF_ValidNKey
+  ** variables.
+  **
+  ** Previous versions of SQLite called moveToRoot() to move the cursor
+  ** back to the root page as balance() used to invalidate the contents
+  ** of BtCursor.apPage[] and BtCursor.aiIdx[]. Instead of doing that,
+  ** set the cursor state to "invalid". This makes common insert operations
+  ** slightly faster.
+  **
+  ** There is a subtle but important optimization here too. When inserting
+  ** multiple records into an intkey b-tree using a single cursor (as can
+  ** happen while processing an "INSERT INTO ... SELECT" statement), it
+  ** is advantageous to leave the cursor pointing to the last entry in
+  ** the b-tree if possible. If the cursor is left pointing to the last
+  ** entry in the table, and the next row inserted has an integer key
+  ** larger than the largest existing key, it is possible to insert the
+  ** row without seeking the cursor. This can be a big performance boost.
+  */
+  pCur->info.nSize = 0;
+  if( rc==SQLITE_OK && pPage->nOverflow ){
+    pCur->curFlags &= ~(BTCF_ValidNKey);
+    rc = balance(pCur);
+
+    /* Must make sure nOverflow is reset to zero even if the balance()
+    ** fails. Internal data structure corruption will result otherwise. 
+    ** Also, set the cursor state to invalid. This stops saveCursorPosition()
+    ** from trying to save the current position of the cursor.  */
+    pCur->apPage[pCur->iPage]->nOverflow = 0;
+    pCur->eState = CURSOR_INVALID;
+  }
+  assert( pCur->apPage[pCur->iPage]->nOverflow==0 );
+
+end_insert:
+  return rc;
+}
+
+/*
+** Delete the entry that the cursor is pointing to. 
+**
+** If the second parameter is zero, then the cursor is left pointing at an
+** arbitrary location after the delete. If it is non-zero, then the cursor 
+** is left in a state such that the next call to BtreeNext() or BtreePrev()
+** moves it to the same row as it would if the call to BtreeDelete() had
+** been omitted.
+*/
+SQLITE_PRIVATE int sqlite3BtreeDelete(BtCursor *pCur, int bPreserve){
+  Btree *p = pCur->pBtree;
+  BtShared *pBt = p->pBt;              
+  int rc;                              /* Return code */
+  MemPage *pPage;                      /* Page to delete cell from */
+  unsigned char *pCell;                /* Pointer to cell to delete */
+  int iCellIdx;                        /* Index of cell to delete */
+  int iCellDepth;                      /* Depth of node containing pCell */ 
+  u16 szCell;                          /* Size of the cell being deleted */
+  int bSkipnext = 0;                   /* Leaf cursor in SKIPNEXT state */
+
+  assert( cursorHoldsMutex(pCur) );
+  assert( pBt->inTransaction==TRANS_WRITE );
+  assert( (pBt->btsFlags & BTS_READ_ONLY)==0 );
+  assert( pCur->curFlags & BTCF_WriteFlag );
+  assert( hasSharedCacheTableLock(p, pCur->pgnoRoot, pCur->pKeyInfo!=0, 2) );
+  assert( !hasReadConflicts(p, pCur->pgnoRoot) );
+  assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell );
+  assert( pCur->eState==CURSOR_VALID );
+
+  iCellDepth = pCur->iPage;
+  iCellIdx = pCur->aiIdx[iCellDepth];
+  pPage = pCur->apPage[iCellDepth];
+  pCell = findCell(pPage, iCellIdx);
+
+  /* If the page containing the entry to delete is not a leaf page, move
+  ** the cursor to the largest entry in the tree that is smaller than
+  ** the entry being deleted. This cell will replace the cell being deleted
+  ** from the internal node. The 'previous' entry is used for this instead
+  ** of the 'next' entry, as the previous entry is always a part of the
+  ** sub-tree headed by the child page of the cell being deleted. This makes
+  ** balancing the tree following the delete operation easier.  */
+  if( !pPage->leaf ){
+    int notUsed = 0;
+    rc = sqlite3BtreePrevious(pCur, &notUsed);
+    if( rc ) return rc;
+  }
+
+  /* Save the positions of any other cursors open on this table before
+  ** making any modifications.  */
+  if( pCur->curFlags & BTCF_Multiple ){
+    rc = saveAllCursors(pBt, pCur->pgnoRoot, pCur);
+    if( rc ) return rc;
+  }
+
+  /* If this is a delete operation to remove a row from a table b-tree,
+  ** invalidate any incrblob cursors open on the row being deleted.  */
+  if( pCur->pKeyInfo==0 ){
+    invalidateIncrblobCursors(p, pCur->info.nKey, 0);
+  }
+
+  /* If the bPreserve flag is set to true, then the cursor position must
+  ** be preserved following this delete operation. If the current delete
+  ** will cause a b-tree rebalance, then this is done by saving the cursor
+  ** key and leaving the cursor in CURSOR_REQUIRESEEK state before 
+  ** returning. 
+  **
+  ** Or, if the current delete will not cause a rebalance, then the cursor
+  ** will be left in CURSOR_SKIPNEXT state pointing to the entry immediately
+  ** before or after the deleted entry. In this case set bSkipnext to true.  */
+  if( bPreserve ){
+    if( !pPage->leaf 
+     || (pPage->nFree+cellSizePtr(pPage,pCell)+2)>(int)(pBt->usableSize*2/3)
+    ){
+      /* A b-tree rebalance will be required after deleting this entry.
+      ** Save the cursor key.  */
+      rc = saveCursorKey(pCur);
+      if( rc ) return rc;
+    }else{
+      bSkipnext = 1;
+    }
+  }
+
+  /* Make the page containing the entry to be deleted writable. Then free any
+  ** overflow pages associated with the entry and finally remove the cell
+  ** itself from within the page.  */
+  rc = sqlite3PagerWrite(pPage->pDbPage);
+  if( rc ) return rc;
+  rc = clearCell(pPage, pCell, &szCell);
+  dropCell(pPage, iCellIdx, szCell, &rc);
+  if( rc ) return rc;
+
+  /* If the cell deleted was not located on a leaf page, then the cursor
+  ** is currently pointing to the largest entry in the sub-tree headed
+  ** by the child-page of the cell that was just deleted from an internal
+  ** node. The cell from the leaf node needs to be moved to the internal
+  ** node to replace the deleted cell.  */
+  if( !pPage->leaf ){
+    MemPage *pLeaf = pCur->apPage[pCur->iPage];
+    int nCell;
+    Pgno n = pCur->apPage[iCellDepth+1]->pgno;
+    unsigned char *pTmp;
+
+    pCell = findCell(pLeaf, pLeaf->nCell-1);
+    if( pCell<&pLeaf->aData[4] ) return SQLITE_CORRUPT_BKPT;
+    nCell = pLeaf->xCellSize(pLeaf, pCell);
+    assert( MX_CELL_SIZE(pBt) >= nCell );
+    pTmp = pBt->pTmpSpace;
+    assert( pTmp!=0 );
+    rc = sqlite3PagerWrite(pLeaf->pDbPage);
+    insertCell(pPage, iCellIdx, pCell-4, nCell+4, pTmp, n, &rc);
+    dropCell(pLeaf, pLeaf->nCell-1, nCell, &rc);
+    if( rc ) return rc;
+  }
+
+  /* Balance the tree. If the entry deleted was located on a leaf page,
+  ** then the cursor still points to that page. In this case the first
+  ** call to balance() repairs the tree, and the if(...) condition is
+  ** never true.
+  **
+  ** Otherwise, if the entry deleted was on an internal node page, then
+  ** pCur is pointing to the leaf page from which a cell was removed to
+  ** replace the cell deleted from the internal node. This is slightly
+  ** tricky as the leaf node may be underfull, and the internal node may
+  ** be either under or overfull. In this case run the balancing algorithm
+  ** on the leaf node first. If the balance proceeds far enough up the
+  ** tree that we can be sure that any problem in the internal node has
+  ** been corrected, so be it. Otherwise, after balancing the leaf node,
+  ** walk the cursor up the tree to the internal node and balance it as 
+  ** well.  */
+  rc = balance(pCur);
+  if( rc==SQLITE_OK && pCur->iPage>iCellDepth ){
+    while( pCur->iPage>iCellDepth ){
+      releasePage(pCur->apPage[pCur->iPage--]);
+    }
+    rc = balance(pCur);
+  }
+
+  if( rc==SQLITE_OK ){
+    if( bSkipnext ){
+      assert( bPreserve && (pCur->iPage==iCellDepth || CORRUPT_DB) );
+      assert( pPage==pCur->apPage[pCur->iPage] );
+      assert( (pPage->nCell>0 || CORRUPT_DB) && iCellIdx<=pPage->nCell );
+      pCur->eState = CURSOR_SKIPNEXT;
+      if( iCellIdx>=pPage->nCell ){
+        pCur->skipNext = -1;
+        pCur->aiIdx[iCellDepth] = pPage->nCell-1;
+      }else{
+        pCur->skipNext = 1;
+      }
+    }else{
+      rc = moveToRoot(pCur);
+      if( bPreserve ){
+        pCur->eState = CURSOR_REQUIRESEEK;
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Create a new BTree table.  Write into *piTable the page
+** number for the root page of the new table.
+**
+** The type of type is determined by the flags parameter.  Only the
+** following values of flags are currently in use.  Other values for
+** flags might not work:
+**
+**     BTREE_INTKEY|BTREE_LEAFDATA     Used for SQL tables with rowid keys
+**     BTREE_ZERODATA                  Used for SQL indices
+*/
+static int btreeCreateTable(Btree *p, int *piTable, int createTabFlags){
+  BtShared *pBt = p->pBt;
+  MemPage *pRoot;
+  Pgno pgnoRoot;
+  int rc;
+  int ptfFlags;          /* Page-type flage for the root page of new table */
+
+  assert( sqlite3BtreeHoldsMutex(p) );
+  assert( pBt->inTransaction==TRANS_WRITE );
+  assert( (pBt->btsFlags & BTS_READ_ONLY)==0 );
+
+#ifdef SQLITE_OMIT_AUTOVACUUM
+  rc = allocateBtreePage(pBt, &pRoot, &pgnoRoot, 1, 0);
+  if( rc ){
+    return rc;
+  }
+#else
+  if( pBt->autoVacuum ){
+    Pgno pgnoMove;      /* Move a page here to make room for the root-page */
+    MemPage *pPageMove; /* The page to move to. */
+
+    /* Creating a new table may probably require moving an existing database
+    ** to make room for the new tables root page. In case this page turns
+    ** out to be an overflow page, delete all overflow page-map caches
+    ** held by open cursors.
+    */
+    invalidateAllOverflowCache(pBt);
+
+    /* Read the value of meta[3] from the database to determine where the
+    ** root page of the new table should go. meta[3] is the largest root-page
+    ** created so far, so the new root-page is (meta[3]+1).
+    */
+    sqlite3BtreeGetMeta(p, BTREE_LARGEST_ROOT_PAGE, &pgnoRoot);
+    pgnoRoot++;
+
+    /* The new root-page may not be allocated on a pointer-map page, or the
+    ** PENDING_BYTE page.
+    */
+    while( pgnoRoot==PTRMAP_PAGENO(pBt, pgnoRoot) ||
+        pgnoRoot==PENDING_BYTE_PAGE(pBt) ){
+      pgnoRoot++;
+    }
+    assert( pgnoRoot>=3 || CORRUPT_DB );
+    testcase( pgnoRoot<3 );
+
+    /* Allocate a page. The page that currently resides at pgnoRoot will
+    ** be moved to the allocated page (unless the allocated page happens
+    ** to reside at pgnoRoot).
+    */
+    rc = allocateBtreePage(pBt, &pPageMove, &pgnoMove, pgnoRoot, BTALLOC_EXACT);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+
+    if( pgnoMove!=pgnoRoot ){
+      /* pgnoRoot is the page that will be used for the root-page of
+      ** the new table (assuming an error did not occur). But we were
+      ** allocated pgnoMove. If required (i.e. if it was not allocated
+      ** by extending the file), the current page at position pgnoMove
+      ** is already journaled.
+      */
+      u8 eType = 0;
+      Pgno iPtrPage = 0;
+
+      /* Save the positions of any open cursors. This is required in
+      ** case they are holding a reference to an xFetch reference
+      ** corresponding to page pgnoRoot.  */
+      rc = saveAllCursors(pBt, 0, 0);
+      releasePage(pPageMove);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+
+      /* Move the page currently at pgnoRoot to pgnoMove. */
+      rc = btreeGetPage(pBt, pgnoRoot, &pRoot, 0);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+      rc = ptrmapGet(pBt, pgnoRoot, &eType, &iPtrPage);
+      if( eType==PTRMAP_ROOTPAGE || eType==PTRMAP_FREEPAGE ){
+        rc = SQLITE_CORRUPT_BKPT;
+      }
+      if( rc!=SQLITE_OK ){
+        releasePage(pRoot);
+        return rc;
+      }
+      assert( eType!=PTRMAP_ROOTPAGE );
+      assert( eType!=PTRMAP_FREEPAGE );
+      rc = relocatePage(pBt, pRoot, eType, iPtrPage, pgnoMove, 0);
+      releasePage(pRoot);
+
+      /* Obtain the page at pgnoRoot */
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+      rc = btreeGetPage(pBt, pgnoRoot, &pRoot, 0);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+      rc = sqlite3PagerWrite(pRoot->pDbPage);
+      if( rc!=SQLITE_OK ){
+        releasePage(pRoot);
+        return rc;
+      }
+    }else{
+      pRoot = pPageMove;
+    } 
+
+    /* Update the pointer-map and meta-data with the new root-page number. */
+    ptrmapPut(pBt, pgnoRoot, PTRMAP_ROOTPAGE, 0, &rc);
+    if( rc ){
+      releasePage(pRoot);
+      return rc;
+    }
+
+    /* When the new root page was allocated, page 1 was made writable in
+    ** order either to increase the database filesize, or to decrement the
+    ** freelist count.  Hence, the sqlite3BtreeUpdateMeta() call cannot fail.
+    */
+    assert( sqlite3PagerIswriteable(pBt->pPage1->pDbPage) );
+    rc = sqlite3BtreeUpdateMeta(p, 4, pgnoRoot);
+    if( NEVER(rc) ){
+      releasePage(pRoot);
+      return rc;
+    }
+
+  }else{
+    rc = allocateBtreePage(pBt, &pRoot, &pgnoRoot, 1, 0);
+    if( rc ) return rc;
+  }
+#endif
+  assert( sqlite3PagerIswriteable(pRoot->pDbPage) );
+  if( createTabFlags & BTREE_INTKEY ){
+    ptfFlags = PTF_INTKEY | PTF_LEAFDATA | PTF_LEAF;
+  }else{
+    ptfFlags = PTF_ZERODATA | PTF_LEAF;
+  }
+  zeroPage(pRoot, ptfFlags);
+  sqlite3PagerUnref(pRoot->pDbPage);
+  assert( (pBt->openFlags & BTREE_SINGLE)==0 || pgnoRoot==2 );
+  *piTable = (int)pgnoRoot;
+  return SQLITE_OK;
+}
+SQLITE_PRIVATE int sqlite3BtreeCreateTable(Btree *p, int *piTable, int flags){
+  int rc;
+  sqlite3BtreeEnter(p);
+  rc = btreeCreateTable(p, piTable, flags);
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** Erase the given database page and all its children.  Return
+** the page to the freelist.
+*/
+static int clearDatabasePage(
+  BtShared *pBt,           /* The BTree that contains the table */
+  Pgno pgno,               /* Page number to clear */
+  int freePageFlag,        /* Deallocate page if true */
+  int *pnChange            /* Add number of Cells freed to this counter */
+){
+  MemPage *pPage;
+  int rc;
+  unsigned char *pCell;
+  int i;
+  int hdr;
+  u16 szCell;
+
+  assert( sqlite3_mutex_held(pBt->mutex) );
+  if( pgno>btreePagecount(pBt) ){
+    return SQLITE_CORRUPT_BKPT;
+  }
+  rc = getAndInitPage(pBt, pgno, &pPage, 0, 0);
+  if( rc ) return rc;
+  if( pPage->bBusy ){
+    rc = SQLITE_CORRUPT_BKPT;
+    goto cleardatabasepage_out;
+  }
+  pPage->bBusy = 1;
+  hdr = pPage->hdrOffset;
+  for(i=0; i<pPage->nCell; i++){
+    pCell = findCell(pPage, i);
+    if( !pPage->leaf ){
+      rc = clearDatabasePage(pBt, get4byte(pCell), 1, pnChange);
+      if( rc ) goto cleardatabasepage_out;
+    }
+    rc = clearCell(pPage, pCell, &szCell);
+    if( rc ) goto cleardatabasepage_out;
+  }
+  if( !pPage->leaf ){
+    rc = clearDatabasePage(pBt, get4byte(&pPage->aData[hdr+8]), 1, pnChange);
+    if( rc ) goto cleardatabasepage_out;
+  }else if( pnChange ){
+    assert( pPage->intKey || CORRUPT_DB );
+    testcase( !pPage->intKey );
+    *pnChange += pPage->nCell;
+  }
+  if( freePageFlag ){
+    freePage(pPage, &rc);
+  }else if( (rc = sqlite3PagerWrite(pPage->pDbPage))==0 ){
+    zeroPage(pPage, pPage->aData[hdr] | PTF_LEAF);
+  }
+
+cleardatabasepage_out:
+  pPage->bBusy = 0;
+  releasePage(pPage);
+  return rc;
+}
+
+/*
+** Delete all information from a single table in the database.  iTable is
+** the page number of the root of the table.  After this routine returns,
+** the root page is empty, but still exists.
+**
+** This routine will fail with SQLITE_LOCKED if there are any open
+** read cursors on the table.  Open write cursors are moved to the
+** root of the table.
+**
+** If pnChange is not NULL, then table iTable must be an intkey table. The
+** integer value pointed to by pnChange is incremented by the number of
+** entries in the table.
+*/
+SQLITE_PRIVATE int sqlite3BtreeClearTable(Btree *p, int iTable, int *pnChange){
+  int rc;
+  BtShared *pBt = p->pBt;
+  sqlite3BtreeEnter(p);
+  assert( p->inTrans==TRANS_WRITE );
+
+  rc = saveAllCursors(pBt, (Pgno)iTable, 0);
+
+  if( SQLITE_OK==rc ){
+    /* Invalidate all incrblob cursors open on table iTable (assuming iTable
+    ** is the root of a table b-tree - if it is not, the following call is
+    ** a no-op).  */
+    invalidateIncrblobCursors(p, 0, 1);
+    rc = clearDatabasePage(pBt, (Pgno)iTable, 0, pnChange);
+  }
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+/*
+** Delete all information from the single table that pCur is open on.
+**
+** This routine only work for pCur on an ephemeral table.
+*/
+SQLITE_PRIVATE int sqlite3BtreeClearTableOfCursor(BtCursor *pCur){
+  return sqlite3BtreeClearTable(pCur->pBtree, pCur->pgnoRoot, 0);
+}
+
+/*
+** Erase all information in a table and add the root of the table to
+** the freelist.  Except, the root of the principle table (the one on
+** page 1) is never added to the freelist.
+**
+** This routine will fail with SQLITE_LOCKED if there are any open
+** cursors on the table.
+**
+** If AUTOVACUUM is enabled and the page at iTable is not the last
+** root page in the database file, then the last root page 
+** in the database file is moved into the slot formerly occupied by
+** iTable and that last slot formerly occupied by the last root page
+** is added to the freelist instead of iTable.  In this say, all
+** root pages are kept at the beginning of the database file, which
+** is necessary for AUTOVACUUM to work right.  *piMoved is set to the 
+** page number that used to be the last root page in the file before
+** the move.  If no page gets moved, *piMoved is set to 0.
+** The last root page is recorded in meta[3] and the value of
+** meta[3] is updated by this procedure.
+*/
+static int btreeDropTable(Btree *p, Pgno iTable, int *piMoved){
+  int rc;
+  MemPage *pPage = 0;
+  BtShared *pBt = p->pBt;
+
+  assert( sqlite3BtreeHoldsMutex(p) );
+  assert( p->inTrans==TRANS_WRITE );
+
+  /* It is illegal to drop a table if any cursors are open on the
+  ** database. This is because in auto-vacuum mode the backend may
+  ** need to move another root-page to fill a gap left by the deleted
+  ** root page. If an open cursor was using this page a problem would 
+  ** occur.
+  **
+  ** This error is caught long before control reaches this point.
+  */
+  if( NEVER(pBt->pCursor) ){
+    sqlite3ConnectionBlocked(p->db, pBt->pCursor->pBtree->db);
+    return SQLITE_LOCKED_SHAREDCACHE;
+  }
+
+  rc = btreeGetPage(pBt, (Pgno)iTable, &pPage, 0);
+  if( rc ) return rc;
+  rc = sqlite3BtreeClearTable(p, iTable, 0);
+  if( rc ){
+    releasePage(pPage);
+    return rc;
+  }
+
+  *piMoved = 0;
+
+  if( iTable>1 ){
+#ifdef SQLITE_OMIT_AUTOVACUUM
+    freePage(pPage, &rc);
+    releasePage(pPage);
+#else
+    if( pBt->autoVacuum ){
+      Pgno maxRootPgno;
+      sqlite3BtreeGetMeta(p, BTREE_LARGEST_ROOT_PAGE, &maxRootPgno);
+
+      if( iTable==maxRootPgno ){
+        /* If the table being dropped is the table with the largest root-page
+        ** number in the database, put the root page on the free list. 
+        */
+        freePage(pPage, &rc);
+        releasePage(pPage);
+        if( rc!=SQLITE_OK ){
+          return rc;
+        }
+      }else{
+        /* The table being dropped does not have the largest root-page
+        ** number in the database. So move the page that does into the 
+        ** gap left by the deleted root-page.
+        */
+        MemPage *pMove;
+        releasePage(pPage);
+        rc = btreeGetPage(pBt, maxRootPgno, &pMove, 0);
+        if( rc!=SQLITE_OK ){
+          return rc;
+        }
+        rc = relocatePage(pBt, pMove, PTRMAP_ROOTPAGE, 0, iTable, 0);
+        releasePage(pMove);
+        if( rc!=SQLITE_OK ){
+          return rc;
+        }
+        pMove = 0;
+        rc = btreeGetPage(pBt, maxRootPgno, &pMove, 0);
+        freePage(pMove, &rc);
+        releasePage(pMove);
+        if( rc!=SQLITE_OK ){
+          return rc;
+        }
+        *piMoved = maxRootPgno;
+      }
+
+      /* Set the new 'max-root-page' value in the database header. This
+      ** is the old value less one, less one more if that happens to
+      ** be a root-page number, less one again if that is the
+      ** PENDING_BYTE_PAGE.
+      */
+      maxRootPgno--;
+      while( maxRootPgno==PENDING_BYTE_PAGE(pBt)
+             || PTRMAP_ISPAGE(pBt, maxRootPgno) ){
+        maxRootPgno--;
+      }
+      assert( maxRootPgno!=PENDING_BYTE_PAGE(pBt) );
+
+      rc = sqlite3BtreeUpdateMeta(p, 4, maxRootPgno);
+    }else{
+      freePage(pPage, &rc);
+      releasePage(pPage);
+    }
+#endif
+  }else{
+    /* If sqlite3BtreeDropTable was called on page 1.
+    ** This really never should happen except in a corrupt
+    ** database. 
+    */
+    zeroPage(pPage, PTF_INTKEY|PTF_LEAF );
+    releasePage(pPage);
+  }
+  return rc;  
+}
+SQLITE_PRIVATE int sqlite3BtreeDropTable(Btree *p, int iTable, int *piMoved){
+  int rc;
+  sqlite3BtreeEnter(p);
+  rc = btreeDropTable(p, iTable, piMoved);
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+
+/*
+** This function may only be called if the b-tree connection already
+** has a read or write transaction open on the database.
+**
+** Read the meta-information out of a database file.  Meta[0]
+** is the number of free pages currently in the database.  Meta[1]
+** through meta[15] are available for use by higher layers.  Meta[0]
+** is read-only, the others are read/write.
+** 
+** The schema layer numbers meta values differently.  At the schema
+** layer (and the SetCookie and ReadCookie opcodes) the number of
+** free pages is not visible.  So Cookie[0] is the same as Meta[1].
+**
+** This routine treats Meta[BTREE_DATA_VERSION] as a special case.  Instead
+** of reading the value out of the header, it instead loads the "DataVersion"
+** from the pager.  The BTREE_DATA_VERSION value is not actually stored in the
+** database file.  It is a number computed by the pager.  But its access
+** pattern is the same as header meta values, and so it is convenient to
+** read it from this routine.
+*/
+SQLITE_PRIVATE void sqlite3BtreeGetMeta(Btree *p, int idx, u32 *pMeta){
+  BtShared *pBt = p->pBt;
+
+  sqlite3BtreeEnter(p);
+  assert( p->inTrans>TRANS_NONE );
+  assert( SQLITE_OK==querySharedCacheTableLock(p, MASTER_ROOT, READ_LOCK) );
+  assert( pBt->pPage1 );
+  assert( idx>=0 && idx<=15 );
+
+  if( idx==BTREE_DATA_VERSION ){
+    *pMeta = sqlite3PagerDataVersion(pBt->pPager) + p->iDataVersion;
+  }else{
+    *pMeta = get4byte(&pBt->pPage1->aData[36 + idx*4]);
+  }
+
+  /* If auto-vacuum is disabled in this build and this is an auto-vacuum
+  ** database, mark the database as read-only.  */
+#ifdef SQLITE_OMIT_AUTOVACUUM
+  if( idx==BTREE_LARGEST_ROOT_PAGE && *pMeta>0 ){
+    pBt->btsFlags |= BTS_READ_ONLY;
+  }
+#endif
+
+  sqlite3BtreeLeave(p);
+}
+
+/*
+** Write meta-information back into the database.  Meta[0] is
+** read-only and may not be written.
+*/
+SQLITE_PRIVATE int sqlite3BtreeUpdateMeta(Btree *p, int idx, u32 iMeta){
+  BtShared *pBt = p->pBt;
+  unsigned char *pP1;
+  int rc;
+  assert( idx>=1 && idx<=15 );
+  sqlite3BtreeEnter(p);
+  assert( p->inTrans==TRANS_WRITE );
+  assert( pBt->pPage1!=0 );
+  pP1 = pBt->pPage1->aData;
+  rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
+  if( rc==SQLITE_OK ){
+    put4byte(&pP1[36 + idx*4], iMeta);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( idx==BTREE_INCR_VACUUM ){
+      assert( pBt->autoVacuum || iMeta==0 );
+      assert( iMeta==0 || iMeta==1 );
+      pBt->incrVacuum = (u8)iMeta;
+    }
+#endif
+  }
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+#ifndef SQLITE_OMIT_BTREECOUNT
+/*
+** The first argument, pCur, is a cursor opened on some b-tree. Count the
+** number of entries in the b-tree and write the result to *pnEntry.
+**
+** SQLITE_OK is returned if the operation is successfully executed. 
+** Otherwise, if an error is encountered (i.e. an IO error or database
+** corruption) an SQLite error code is returned.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCount(BtCursor *pCur, i64 *pnEntry){
+  i64 nEntry = 0;                      /* Value to return in *pnEntry */
+  int rc;                              /* Return code */
+
+  if( pCur->pgnoRoot==0 ){
+    *pnEntry = 0;
+    return SQLITE_OK;
+  }
+  rc = moveToRoot(pCur);
+
+  /* Unless an error occurs, the following loop runs one iteration for each
+  ** page in the B-Tree structure (not including overflow pages). 
+  */
+  while( rc==SQLITE_OK ){
+    int iIdx;                          /* Index of child node in parent */
+    MemPage *pPage;                    /* Current page of the b-tree */
+
+    /* If this is a leaf page or the tree is not an int-key tree, then 
+    ** this page contains countable entries. Increment the entry counter
+    ** accordingly.
+    */
+    pPage = pCur->apPage[pCur->iPage];
+    if( pPage->leaf || !pPage->intKey ){
+      nEntry += pPage->nCell;
+    }
+
+    /* pPage is a leaf node. This loop navigates the cursor so that it 
+    ** points to the first interior cell that it points to the parent of
+    ** the next page in the tree that has not yet been visited. The
+    ** pCur->aiIdx[pCur->iPage] value is set to the index of the parent cell
+    ** of the page, or to the number of cells in the page if the next page
+    ** to visit is the right-child of its parent.
+    **
+    ** If all pages in the tree have been visited, return SQLITE_OK to the
+    ** caller.
+    */
+    if( pPage->leaf ){
+      do {
+        if( pCur->iPage==0 ){
+          /* All pages of the b-tree have been visited. Return successfully. */
+          *pnEntry = nEntry;
+          return moveToRoot(pCur);
+        }
+        moveToParent(pCur);
+      }while ( pCur->aiIdx[pCur->iPage]>=pCur->apPage[pCur->iPage]->nCell );
+
+      pCur->aiIdx[pCur->iPage]++;
+      pPage = pCur->apPage[pCur->iPage];
+    }
+
+    /* Descend to the child node of the cell that the cursor currently 
+    ** points at. This is the right-child if (iIdx==pPage->nCell).
+    */
+    iIdx = pCur->aiIdx[pCur->iPage];
+    if( iIdx==pPage->nCell ){
+      rc = moveToChild(pCur, get4byte(&pPage->aData[pPage->hdrOffset+8]));
+    }else{
+      rc = moveToChild(pCur, get4byte(findCell(pPage, iIdx)));
+    }
+  }
+
+  /* An error has occurred. Return an error code. */
+  return rc;
+}
+#endif
+
+/*
+** Return the pager associated with a BTree.  This routine is used for
+** testing and debugging only.
+*/
+SQLITE_PRIVATE Pager *sqlite3BtreePager(Btree *p){
+  return p->pBt->pPager;
+}
+
+#ifndef SQLITE_OMIT_INTEGRITY_CHECK
+/*
+** Append a message to the error message string.
+*/
+static void checkAppendMsg(
+  IntegrityCk *pCheck,
+  const char *zFormat,
+  ...
+){
+  va_list ap;
+  if( !pCheck->mxErr ) return;
+  pCheck->mxErr--;
+  pCheck->nErr++;
+  va_start(ap, zFormat);
+  if( pCheck->errMsg.nChar ){
+    sqlite3StrAccumAppend(&pCheck->errMsg, "\n", 1);
+  }
+  if( pCheck->zPfx ){
+    sqlite3XPrintf(&pCheck->errMsg, 0, pCheck->zPfx, pCheck->v1, pCheck->v2);
+  }
+  sqlite3VXPrintf(&pCheck->errMsg, 1, zFormat, ap);
+  va_end(ap);
+  if( pCheck->errMsg.accError==STRACCUM_NOMEM ){
+    pCheck->mallocFailed = 1;
+  }
+}
+#endif /* SQLITE_OMIT_INTEGRITY_CHECK */
+
+#ifndef SQLITE_OMIT_INTEGRITY_CHECK
+
+/*
+** Return non-zero if the bit in the IntegrityCk.aPgRef[] array that
+** corresponds to page iPg is already set.
+*/
+static int getPageReferenced(IntegrityCk *pCheck, Pgno iPg){
+  assert( iPg<=pCheck->nPage && sizeof(pCheck->aPgRef[0])==1 );
+  return (pCheck->aPgRef[iPg/8] & (1 << (iPg & 0x07)));
+}
+
+/*
+** Set the bit in the IntegrityCk.aPgRef[] array that corresponds to page iPg.
+*/
+static void setPageReferenced(IntegrityCk *pCheck, Pgno iPg){
+  assert( iPg<=pCheck->nPage && sizeof(pCheck->aPgRef[0])==1 );
+  pCheck->aPgRef[iPg/8] |= (1 << (iPg & 0x07));
+}
+
+
+/*
+** Add 1 to the reference count for page iPage.  If this is the second
+** reference to the page, add an error message to pCheck->zErrMsg.
+** Return 1 if there are 2 or more references to the page and 0 if
+** if this is the first reference to the page.
+**
+** Also check that the page number is in bounds.
+*/
+static int checkRef(IntegrityCk *pCheck, Pgno iPage){
+  if( iPage==0 ) return 1;
+  if( iPage>pCheck->nPage ){
+    checkAppendMsg(pCheck, "invalid page number %d", iPage);
+    return 1;
+  }
+  if( getPageReferenced(pCheck, iPage) ){
+    checkAppendMsg(pCheck, "2nd reference to page %d", iPage);
+    return 1;
+  }
+  setPageReferenced(pCheck, iPage);
+  return 0;
+}
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+/*
+** Check that the entry in the pointer-map for page iChild maps to 
+** page iParent, pointer type ptrType. If not, append an error message
+** to pCheck.
+*/
+static void checkPtrmap(
+  IntegrityCk *pCheck,   /* Integrity check context */
+  Pgno iChild,           /* Child page number */
+  u8 eType,              /* Expected pointer map type */
+  Pgno iParent           /* Expected pointer map parent page number */
+){
+  int rc;
+  u8 ePtrmapType;
+  Pgno iPtrmapParent;
+
+  rc = ptrmapGet(pCheck->pBt, iChild, &ePtrmapType, &iPtrmapParent);
+  if( rc!=SQLITE_OK ){
+    if( rc==SQLITE_NOMEM || rc==SQLITE_IOERR_NOMEM ) pCheck->mallocFailed = 1;
+    checkAppendMsg(pCheck, "Failed to read ptrmap key=%d", iChild);
+    return;
+  }
+
+  if( ePtrmapType!=eType || iPtrmapParent!=iParent ){
+    checkAppendMsg(pCheck,
+      "Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)", 
+      iChild, eType, iParent, ePtrmapType, iPtrmapParent);
+  }
+}
+#endif
+
+/*
+** Check the integrity of the freelist or of an overflow page list.
+** Verify that the number of pages on the list is N.
+*/
+static void checkList(
+  IntegrityCk *pCheck,  /* Integrity checking context */
+  int isFreeList,       /* True for a freelist.  False for overflow page list */
+  int iPage,            /* Page number for first page in the list */
+  int N                 /* Expected number of pages in the list */
+){
+  int i;
+  int expected = N;
+  int iFirst = iPage;
+  while( N-- > 0 && pCheck->mxErr ){
+    DbPage *pOvflPage;
+    unsigned char *pOvflData;
+    if( iPage<1 ){
+      checkAppendMsg(pCheck,
+         "%d of %d pages missing from overflow list starting at %d",
+          N+1, expected, iFirst);
+      break;
+    }
+    if( checkRef(pCheck, iPage) ) break;
+    if( sqlite3PagerGet(pCheck->pPager, (Pgno)iPage, &pOvflPage, 0) ){
+      checkAppendMsg(pCheck, "failed to get page %d", iPage);
+      break;
+    }
+    pOvflData = (unsigned char *)sqlite3PagerGetData(pOvflPage);
+    if( isFreeList ){
+      int n = get4byte(&pOvflData[4]);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      if( pCheck->pBt->autoVacuum ){
+        checkPtrmap(pCheck, iPage, PTRMAP_FREEPAGE, 0);
+      }
+#endif
+      if( n>(int)pCheck->pBt->usableSize/4-2 ){
+        checkAppendMsg(pCheck,
+           "freelist leaf count too big on page %d", iPage);
+        N--;
+      }else{
+        for(i=0; i<n; i++){
+          Pgno iFreePage = get4byte(&pOvflData[8+i*4]);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+          if( pCheck->pBt->autoVacuum ){
+            checkPtrmap(pCheck, iFreePage, PTRMAP_FREEPAGE, 0);
+          }
+#endif
+          checkRef(pCheck, iFreePage);
+        }
+        N -= n;
+      }
+    }
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    else{
+      /* If this database supports auto-vacuum and iPage is not the last
+      ** page in this overflow list, check that the pointer-map entry for
+      ** the following page matches iPage.
+      */
+      if( pCheck->pBt->autoVacuum && N>0 ){
+        i = get4byte(pOvflData);
+        checkPtrmap(pCheck, i, PTRMAP_OVERFLOW2, iPage);
+      }
+    }
+#endif
+    iPage = get4byte(pOvflData);
+    sqlite3PagerUnref(pOvflPage);
+
+    if( isFreeList && N<(iPage!=0) ){
+      checkAppendMsg(pCheck, "free-page count in header is too small");
+    }
+  }
+}
+#endif /* SQLITE_OMIT_INTEGRITY_CHECK */
+
+/*
+** An implementation of a min-heap.
+**
+** aHeap[0] is the number of elements on the heap.  aHeap[1] is the
+** root element.  The daughter nodes of aHeap[N] are aHeap[N*2]
+** and aHeap[N*2+1].
+**
+** The heap property is this:  Every node is less than or equal to both
+** of its daughter nodes.  A consequence of the heap property is that the
+** root node aHeap[1] is always the minimum value currently in the heap.
+**
+** The btreeHeapInsert() routine inserts an unsigned 32-bit number onto
+** the heap, preserving the heap property.  The btreeHeapPull() routine
+** removes the root element from the heap (the minimum value in the heap)
+** and then moves other nodes around as necessary to preserve the heap
+** property.
+**
+** This heap is used for cell overlap and coverage testing.  Each u32
+** entry represents the span of a cell or freeblock on a btree page.  
+** The upper 16 bits are the index of the first byte of a range and the
+** lower 16 bits are the index of the last byte of that range.
+*/
+static void btreeHeapInsert(u32 *aHeap, u32 x){
+  u32 j, i = ++aHeap[0];
+  aHeap[i] = x;
+  while( (j = i/2)>0 && aHeap[j]>aHeap[i] ){
+    x = aHeap[j];
+    aHeap[j] = aHeap[i];
+    aHeap[i] = x;
+    i = j;
+  }
+}
+static int btreeHeapPull(u32 *aHeap, u32 *pOut){
+  u32 j, i, x;
+  if( (x = aHeap[0])==0 ) return 0;
+  *pOut = aHeap[1];
+  aHeap[1] = aHeap[x];
+  aHeap[x] = 0xffffffff;
+  aHeap[0]--;
+  i = 1;
+  while( (j = i*2)<=aHeap[0] ){
+    if( aHeap[j]>aHeap[j+1] ) j++;
+    if( aHeap[i]<aHeap[j] ) break;
+    x = aHeap[i];
+    aHeap[i] = aHeap[j];
+    aHeap[j] = x;
+    i = j;
+  }
+  return 1;  
+}
+
+#ifndef SQLITE_OMIT_INTEGRITY_CHECK
+/*
+** Do various sanity checks on a single page of a tree.  Return
+** the tree depth.  Root pages return 0.  Parents of root pages
+** return 1, and so forth.
+** 
+** These checks are done:
+**
+**      1.  Make sure that cells and freeblocks do not overlap
+**          but combine to completely cover the page.
+**      2.  Make sure integer cell keys are in order.
+**      3.  Check the integrity of overflow pages.
+**      4.  Recursively call checkTreePage on all children.
+**      5.  Verify that the depth of all children is the same.
+*/
+static int checkTreePage(
+  IntegrityCk *pCheck,  /* Context for the sanity check */
+  int iPage,            /* Page number of the page to check */
+  i64 *piMinKey,        /* Write minimum integer primary key here */
+  i64 maxKey            /* Error if integer primary key greater than this */
+){
+  MemPage *pPage = 0;      /* The page being analyzed */
+  int i;                   /* Loop counter */
+  int rc;                  /* Result code from subroutine call */
+  int depth = -1, d2;      /* Depth of a subtree */
+  int pgno;                /* Page number */
+  int nFrag;               /* Number of fragmented bytes on the page */
+  int hdr;                 /* Offset to the page header */
+  int cellStart;           /* Offset to the start of the cell pointer array */
+  int nCell;               /* Number of cells */
+  int doCoverageCheck = 1; /* True if cell coverage checking should be done */
+  int keyCanBeEqual = 1;   /* True if IPK can be equal to maxKey
+                           ** False if IPK must be strictly less than maxKey */
+  u8 *data;                /* Page content */
+  u8 *pCell;               /* Cell content */
+  u8 *pCellIdx;            /* Next element of the cell pointer array */
+  BtShared *pBt;           /* The BtShared object that owns pPage */
+  u32 pc;                  /* Address of a cell */
+  u32 usableSize;          /* Usable size of the page */
+  u32 contentOffset;       /* Offset to the start of the cell content area */
+  u32 *heap = 0;           /* Min-heap used for checking cell coverage */
+  u32 x, prev = 0;         /* Next and previous entry on the min-heap */
+  const char *saved_zPfx = pCheck->zPfx;
+  int saved_v1 = pCheck->v1;
+  int saved_v2 = pCheck->v2;
+  u8 savedIsInit = 0;
+
+  /* Check that the page exists
+  */
+  pBt = pCheck->pBt;
+  usableSize = pBt->usableSize;
+  if( iPage==0 ) return 0;
+  if( checkRef(pCheck, iPage) ) return 0;
+  pCheck->zPfx = "Page %d: ";
+  pCheck->v1 = iPage;
+  if( (rc = btreeGetPage(pBt, (Pgno)iPage, &pPage, 0))!=0 ){
+    checkAppendMsg(pCheck,
+       "unable to get the page. error code=%d", rc);
+    goto end_of_check;
+  }
+
+  /* Clear MemPage.isInit to make sure the corruption detection code in
+  ** btreeInitPage() is executed.  */
+  savedIsInit = pPage->isInit;
+  pPage->isInit = 0;
+  if( (rc = btreeInitPage(pPage))!=0 ){
+    assert( rc==SQLITE_CORRUPT );  /* The only possible error from InitPage */
+    checkAppendMsg(pCheck,
+                   "btreeInitPage() returns error code %d", rc);
+    goto end_of_check;
+  }
+  data = pPage->aData;
+  hdr = pPage->hdrOffset;
+
+  /* Set up for cell analysis */
+  pCheck->zPfx = "On tree page %d cell %d: ";
+  contentOffset = get2byteNotZero(&data[hdr+5]);
+  assert( contentOffset<=usableSize );  /* Enforced by btreeInitPage() */
+
+  /* EVIDENCE-OF: R-37002-32774 The two-byte integer at offset 3 gives the
+  ** number of cells on the page. */
+  nCell = get2byte(&data[hdr+3]);
+  assert( pPage->nCell==nCell );
+
+  /* EVIDENCE-OF: R-23882-45353 The cell pointer array of a b-tree page
+  ** immediately follows the b-tree page header. */
+  cellStart = hdr + 12 - 4*pPage->leaf;
+  assert( pPage->aCellIdx==&data[cellStart] );
+  pCellIdx = &data[cellStart + 2*(nCell-1)];
+
+  if( !pPage->leaf ){
+    /* Analyze the right-child page of internal pages */
+    pgno = get4byte(&data[hdr+8]);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( pBt->autoVacuum ){
+      pCheck->zPfx = "On page %d at right child: ";
+      checkPtrmap(pCheck, pgno, PTRMAP_BTREE, iPage);
+    }
+#endif
+    depth = checkTreePage(pCheck, pgno, &maxKey, maxKey);
+    keyCanBeEqual = 0;
+  }else{
+    /* For leaf pages, the coverage check will occur in the same loop
+    ** as the other cell checks, so initialize the heap.  */
+    heap = pCheck->heap;
+    heap[0] = 0;
+  }
+
+  /* EVIDENCE-OF: R-02776-14802 The cell pointer array consists of K 2-byte
+  ** integer offsets to the cell contents. */
+  for(i=nCell-1; i>=0 && pCheck->mxErr; i--){
+    CellInfo info;
+
+    /* Check cell size */
+    pCheck->v2 = i;
+    assert( pCellIdx==&data[cellStart + i*2] );
+    pc = get2byteAligned(pCellIdx);
+    pCellIdx -= 2;
+    if( pc<contentOffset || pc>usableSize-4 ){
+      checkAppendMsg(pCheck, "Offset %d out of range %d..%d",
+                             pc, contentOffset, usableSize-4);
+      doCoverageCheck = 0;
+      continue;
+    }
+    pCell = &data[pc];
+    pPage->xParseCell(pPage, pCell, &info);
+    if( pc+info.nSize>usableSize ){
+      checkAppendMsg(pCheck, "Extends off end of page");
+      doCoverageCheck = 0;
+      continue;
+    }
+
+    /* Check for integer primary key out of range */
+    if( pPage->intKey ){
+      if( keyCanBeEqual ? (info.nKey > maxKey) : (info.nKey >= maxKey) ){
+        checkAppendMsg(pCheck, "Rowid %lld out of order", info.nKey);
+      }
+      maxKey = info.nKey;
+    }
+
+    /* Check the content overflow list */
+    if( info.nPayload>info.nLocal ){
+      int nPage;       /* Number of pages on the overflow chain */
+      Pgno pgnoOvfl;   /* First page of the overflow chain */
+      assert( pc + info.nSize - 4 <= usableSize );
+      nPage = (info.nPayload - info.nLocal + usableSize - 5)/(usableSize - 4);
+      pgnoOvfl = get4byte(&pCell[info.nSize - 4]);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      if( pBt->autoVacuum ){
+        checkPtrmap(pCheck, pgnoOvfl, PTRMAP_OVERFLOW1, iPage);
+      }
+#endif
+      checkList(pCheck, 0, pgnoOvfl, nPage);
+    }
+
+    if( !pPage->leaf ){
+      /* Check sanity of left child page for internal pages */
+      pgno = get4byte(pCell);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+      if( pBt->autoVacuum ){
+        checkPtrmap(pCheck, pgno, PTRMAP_BTREE, iPage);
+      }
+#endif
+      d2 = checkTreePage(pCheck, pgno, &maxKey, maxKey);
+      keyCanBeEqual = 0;
+      if( d2!=depth ){
+        checkAppendMsg(pCheck, "Child page depth differs");
+        depth = d2;
+      }
+    }else{
+      /* Populate the coverage-checking heap for leaf pages */
+      btreeHeapInsert(heap, (pc<<16)|(pc+info.nSize-1));
+    }
+  }
+  *piMinKey = maxKey;
+
+  /* Check for complete coverage of the page
+  */
+  pCheck->zPfx = 0;
+  if( doCoverageCheck && pCheck->mxErr>0 ){
+    /* For leaf pages, the min-heap has already been initialized and the
+    ** cells have already been inserted.  But for internal pages, that has
+    ** not yet been done, so do it now */
+    if( !pPage->leaf ){
+      heap = pCheck->heap;
+      heap[0] = 0;
+      for(i=nCell-1; i>=0; i--){
+        u32 size;
+        pc = get2byteAligned(&data[cellStart+i*2]);
+        size = pPage->xCellSize(pPage, &data[pc]);
+        btreeHeapInsert(heap, (pc<<16)|(pc+size-1));
+      }
+    }
+    /* Add the freeblocks to the min-heap
+    **
+    ** EVIDENCE-OF: R-20690-50594 The second field of the b-tree page header
+    ** is the offset of the first freeblock, or zero if there are no
+    ** freeblocks on the page. 
+    */
+    i = get2byte(&data[hdr+1]);
+    while( i>0 ){
+      int size, j;
+      assert( (u32)i<=usableSize-4 );     /* Enforced by btreeInitPage() */
+      size = get2byte(&data[i+2]);
+      assert( (u32)(i+size)<=usableSize );  /* Enforced by btreeInitPage() */
+      btreeHeapInsert(heap, (((u32)i)<<16)|(i+size-1));
+      /* EVIDENCE-OF: R-58208-19414 The first 2 bytes of a freeblock are a
+      ** big-endian integer which is the offset in the b-tree page of the next
+      ** freeblock in the chain, or zero if the freeblock is the last on the
+      ** chain. */
+      j = get2byte(&data[i]);
+      /* EVIDENCE-OF: R-06866-39125 Freeblocks are always connected in order of
+      ** increasing offset. */
+      assert( j==0 || j>i+size );  /* Enforced by btreeInitPage() */
+      assert( (u32)j<=usableSize-4 );   /* Enforced by btreeInitPage() */
+      i = j;
+    }
+    /* Analyze the min-heap looking for overlap between cells and/or 
+    ** freeblocks, and counting the number of untracked bytes in nFrag.
+    ** 
+    ** Each min-heap entry is of the form:    (start_address<<16)|end_address.
+    ** There is an implied first entry the covers the page header, the cell
+    ** pointer index, and the gap between the cell pointer index and the start
+    ** of cell content.  
+    **
+    ** The loop below pulls entries from the min-heap in order and compares
+    ** the start_address against the previous end_address.  If there is an
+    ** overlap, that means bytes are used multiple times.  If there is a gap,
+    ** that gap is added to the fragmentation count.
+    */
+    nFrag = 0;
+    prev = contentOffset - 1;   /* Implied first min-heap entry */
+    while( btreeHeapPull(heap,&x) ){
+      if( (prev&0xffff)>=(x>>16) ){
+        checkAppendMsg(pCheck,
+          "Multiple uses for byte %u of page %d", x>>16, iPage);
+        break;
+      }else{
+        nFrag += (x>>16) - (prev&0xffff) - 1;
+        prev = x;
+      }
+    }
+    nFrag += usableSize - (prev&0xffff) - 1;
+    /* EVIDENCE-OF: R-43263-13491 The total number of bytes in all fragments
+    ** is stored in the fifth field of the b-tree page header.
+    ** EVIDENCE-OF: R-07161-27322 The one-byte integer at offset 7 gives the
+    ** number of fragmented free bytes within the cell content area.
+    */
+    if( heap[0]==0 && nFrag!=data[hdr+7] ){
+      checkAppendMsg(pCheck,
+          "Fragmentation of %d bytes reported as %d on page %d",
+          nFrag, data[hdr+7], iPage);
+    }
+  }
+
+end_of_check:
+  if( !doCoverageCheck ) pPage->isInit = savedIsInit;
+  releasePage(pPage);
+  pCheck->zPfx = saved_zPfx;
+  pCheck->v1 = saved_v1;
+  pCheck->v2 = saved_v2;
+  return depth+1;
+}
+#endif /* SQLITE_OMIT_INTEGRITY_CHECK */
+
+#ifndef SQLITE_OMIT_INTEGRITY_CHECK
+/*
+** This routine does a complete check of the given BTree file.  aRoot[] is
+** an array of pages numbers were each page number is the root page of
+** a table.  nRoot is the number of entries in aRoot.
+**
+** A read-only or read-write transaction must be opened before calling
+** this function.
+**
+** Write the number of error seen in *pnErr.  Except for some memory
+** allocation errors,  an error message held in memory obtained from
+** malloc is returned if *pnErr is non-zero.  If *pnErr==0 then NULL is
+** returned.  If a memory allocation error occurs, NULL is returned.
+*/
+SQLITE_PRIVATE char *sqlite3BtreeIntegrityCheck(
+  Btree *p,     /* The btree to be checked */
+  int *aRoot,   /* An array of root pages numbers for individual trees */
+  int nRoot,    /* Number of entries in aRoot[] */
+  int mxErr,    /* Stop reporting errors after this many */
+  int *pnErr    /* Write number of errors seen to this variable */
+){
+  Pgno i;
+  IntegrityCk sCheck;
+  BtShared *pBt = p->pBt;
+  int savedDbFlags = pBt->db->flags;
+  char zErr[100];
+  VVA_ONLY( int nRef );
+
+  sqlite3BtreeEnter(p);
+  assert( p->inTrans>TRANS_NONE && pBt->inTransaction>TRANS_NONE );
+  assert( (nRef = sqlite3PagerRefcount(pBt->pPager))>=0 );
+  sCheck.pBt = pBt;
+  sCheck.pPager = pBt->pPager;
+  sCheck.nPage = btreePagecount(sCheck.pBt);
+  sCheck.mxErr = mxErr;
+  sCheck.nErr = 0;
+  sCheck.mallocFailed = 0;
+  sCheck.zPfx = 0;
+  sCheck.v1 = 0;
+  sCheck.v2 = 0;
+  sCheck.aPgRef = 0;
+  sCheck.heap = 0;
+  sqlite3StrAccumInit(&sCheck.errMsg, 0, zErr, sizeof(zErr), SQLITE_MAX_LENGTH);
+  if( sCheck.nPage==0 ){
+    goto integrity_ck_cleanup;
+  }
+
+  sCheck.aPgRef = sqlite3MallocZero((sCheck.nPage / 8)+ 1);
+  if( !sCheck.aPgRef ){
+    sCheck.mallocFailed = 1;
+    goto integrity_ck_cleanup;
+  }
+  sCheck.heap = (u32*)sqlite3PageMalloc( pBt->pageSize );
+  if( sCheck.heap==0 ){
+    sCheck.mallocFailed = 1;
+    goto integrity_ck_cleanup;
+  }
+
+  i = PENDING_BYTE_PAGE(pBt);
+  if( i<=sCheck.nPage ) setPageReferenced(&sCheck, i);
+
+  /* Check the integrity of the freelist
+  */
+  sCheck.zPfx = "Main freelist: ";
+  checkList(&sCheck, 1, get4byte(&pBt->pPage1->aData[32]),
+            get4byte(&pBt->pPage1->aData[36]));
+  sCheck.zPfx = 0;
+
+  /* Check all the tables.
+  */
+  testcase( pBt->db->flags & SQLITE_CellSizeCk );
+  pBt->db->flags &= ~SQLITE_CellSizeCk;
+  for(i=0; (int)i<nRoot && sCheck.mxErr; i++){
+    i64 notUsed;
+    if( aRoot[i]==0 ) continue;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( pBt->autoVacuum && aRoot[i]>1 ){
+      checkPtrmap(&sCheck, aRoot[i], PTRMAP_ROOTPAGE, 0);
+    }
+#endif
+    checkTreePage(&sCheck, aRoot[i], &notUsed, LARGEST_INT64);
+  }
+  pBt->db->flags = savedDbFlags;
+
+  /* Make sure every page in the file is referenced
+  */
+  for(i=1; i<=sCheck.nPage && sCheck.mxErr; i++){
+#ifdef SQLITE_OMIT_AUTOVACUUM
+    if( getPageReferenced(&sCheck, i)==0 ){
+      checkAppendMsg(&sCheck, "Page %d is never used", i);
+    }
+#else
+    /* If the database supports auto-vacuum, make sure no tables contain
+    ** references to pointer-map pages.
+    */
+    if( getPageReferenced(&sCheck, i)==0 && 
+       (PTRMAP_PAGENO(pBt, i)!=i || !pBt->autoVacuum) ){
+      checkAppendMsg(&sCheck, "Page %d is never used", i);
+    }
+    if( getPageReferenced(&sCheck, i)!=0 && 
+       (PTRMAP_PAGENO(pBt, i)==i && pBt->autoVacuum) ){
+      checkAppendMsg(&sCheck, "Pointer map page %d is referenced", i);
+    }
+#endif
+  }
+
+  /* Clean  up and report errors.
+  */
+integrity_ck_cleanup:
+  sqlite3PageFree(sCheck.heap);
+  sqlite3_free(sCheck.aPgRef);
+  if( sCheck.mallocFailed ){
+    sqlite3StrAccumReset(&sCheck.errMsg);
+    sCheck.nErr++;
+  }
+  *pnErr = sCheck.nErr;
+  if( sCheck.nErr==0 ) sqlite3StrAccumReset(&sCheck.errMsg);
+  /* Make sure this analysis did not leave any unref() pages. */
+  assert( nRef==sqlite3PagerRefcount(pBt->pPager) );
+  sqlite3BtreeLeave(p);
+  return sqlite3StrAccumFinish(&sCheck.errMsg);
+}
+#endif /* SQLITE_OMIT_INTEGRITY_CHECK */
+
+/*
+** Return the full pathname of the underlying database file.  Return
+** an empty string if the database is in-memory or a TEMP database.
+**
+** The pager filename is invariant as long as the pager is
+** open so it is safe to access without the BtShared mutex.
+*/
+SQLITE_PRIVATE const char *sqlite3BtreeGetFilename(Btree *p){
+  assert( p->pBt->pPager!=0 );
+  return sqlite3PagerFilename(p->pBt->pPager, 1);
+}
+
+/*
+** Return the pathname of the journal file for this database. The return
+** value of this routine is the same regardless of whether the journal file
+** has been created or not.
+**
+** The pager journal filename is invariant as long as the pager is
+** open so it is safe to access without the BtShared mutex.
+*/
+SQLITE_PRIVATE const char *sqlite3BtreeGetJournalname(Btree *p){
+  assert( p->pBt->pPager!=0 );
+  return sqlite3PagerJournalname(p->pBt->pPager);
+}
+
+/*
+** Return non-zero if a transaction is active.
+*/
+SQLITE_PRIVATE int sqlite3BtreeIsInTrans(Btree *p){
+  assert( p==0 || sqlite3_mutex_held(p->db->mutex) );
+  return (p && (p->inTrans==TRANS_WRITE));
+}
+
+#ifndef SQLITE_OMIT_WAL
+/*
+** Run a checkpoint on the Btree passed as the first argument.
+**
+** Return SQLITE_LOCKED if this or any other connection has an open 
+** transaction on the shared-cache the argument Btree is connected to.
+**
+** Parameter eMode is one of SQLITE_CHECKPOINT_PASSIVE, FULL or RESTART.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCheckpoint(Btree *p, int eMode, int *pnLog, int *pnCkpt){
+  int rc = SQLITE_OK;
+  if( p ){
+    BtShared *pBt = p->pBt;
+    sqlite3BtreeEnter(p);
+    if( pBt->inTransaction!=TRANS_NONE ){
+      rc = SQLITE_LOCKED;
+    }else{
+      rc = sqlite3PagerCheckpoint(pBt->pPager, eMode, pnLog, pnCkpt);
+    }
+    sqlite3BtreeLeave(p);
+  }
+  return rc;
+}
+#endif
+
+/*
+** Return non-zero if a read (or write) transaction is active.
+*/
+SQLITE_PRIVATE int sqlite3BtreeIsInReadTrans(Btree *p){
+  assert( p );
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  return p->inTrans!=TRANS_NONE;
+}
+
+SQLITE_PRIVATE int sqlite3BtreeIsInBackup(Btree *p){
+  assert( p );
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  return p->nBackup!=0;
+}
+
+/*
+** This function returns a pointer to a blob of memory associated with
+** a single shared-btree. The memory is used by client code for its own
+** purposes (for example, to store a high-level schema associated with 
+** the shared-btree). The btree layer manages reference counting issues.
+**
+** The first time this is called on a shared-btree, nBytes bytes of memory
+** are allocated, zeroed, and returned to the caller. For each subsequent 
+** call the nBytes parameter is ignored and a pointer to the same blob
+** of memory returned. 
+**
+** If the nBytes parameter is 0 and the blob of memory has not yet been
+** allocated, a null pointer is returned. If the blob has already been
+** allocated, it is returned as normal.
+**
+** Just before the shared-btree is closed, the function passed as the 
+** xFree argument when the memory allocation was made is invoked on the 
+** blob of allocated memory. The xFree function should not call sqlite3_free()
+** on the memory, the btree layer does that.
+*/
+SQLITE_PRIVATE void *sqlite3BtreeSchema(Btree *p, int nBytes, void(*xFree)(void *)){
+  BtShared *pBt = p->pBt;
+  sqlite3BtreeEnter(p);
+  if( !pBt->pSchema && nBytes ){
+    pBt->pSchema = sqlite3DbMallocZero(0, nBytes);
+    pBt->xFreeSchema = xFree;
+  }
+  sqlite3BtreeLeave(p);
+  return pBt->pSchema;
+}
+
+/*
+** Return SQLITE_LOCKED_SHAREDCACHE if another user of the same shared 
+** btree as the argument handle holds an exclusive lock on the 
+** sqlite_master table. Otherwise SQLITE_OK.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSchemaLocked(Btree *p){
+  int rc;
+  assert( sqlite3_mutex_held(p->db->mutex) );
+  sqlite3BtreeEnter(p);
+  rc = querySharedCacheTableLock(p, MASTER_ROOT, READ_LOCK);
+  assert( rc==SQLITE_OK || rc==SQLITE_LOCKED_SHAREDCACHE );
+  sqlite3BtreeLeave(p);
+  return rc;
+}
+
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+/*
+** Obtain a lock on the table whose root page is iTab.  The
+** lock is a write lock if isWritelock is true or a read lock
+** if it is false.
+*/
+SQLITE_PRIVATE int sqlite3BtreeLockTable(Btree *p, int iTab, u8 isWriteLock){
+  int rc = SQLITE_OK;
+  assert( p->inTrans!=TRANS_NONE );
+  if( p->sharable ){
+    u8 lockType = READ_LOCK + isWriteLock;
+    assert( READ_LOCK+1==WRITE_LOCK );
+    assert( isWriteLock==0 || isWriteLock==1 );
+
+    sqlite3BtreeEnter(p);
+    rc = querySharedCacheTableLock(p, iTab, lockType);
+    if( rc==SQLITE_OK ){
+      rc = setSharedCacheTableLock(p, iTab, lockType);
+    }
+    sqlite3BtreeLeave(p);
+  }
+  return rc;
+}
+#endif
+
+#ifndef SQLITE_OMIT_INCRBLOB
+/*
+** Argument pCsr must be a cursor opened for writing on an 
+** INTKEY table currently pointing at a valid table entry. 
+** This function modifies the data stored as part of that entry.
+**
+** Only the data content may only be modified, it is not possible to 
+** change the length of the data stored. If this function is called with
+** parameters that attempt to write past the end of the existing data,
+** no modifications are made and SQLITE_CORRUPT is returned.
+*/
+SQLITE_PRIVATE int sqlite3BtreePutData(BtCursor *pCsr, u32 offset, u32 amt, void *z){
+  int rc;
+  assert( cursorHoldsMutex(pCsr) );
+  assert( sqlite3_mutex_held(pCsr->pBtree->db->mutex) );
+  assert( pCsr->curFlags & BTCF_Incrblob );
+
+  rc = restoreCursorPosition(pCsr);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+  assert( pCsr->eState!=CURSOR_REQUIRESEEK );
+  if( pCsr->eState!=CURSOR_VALID ){
+    return SQLITE_ABORT;
+  }
+
+  /* Save the positions of all other cursors open on this table. This is
+  ** required in case any of them are holding references to an xFetch
+  ** version of the b-tree page modified by the accessPayload call below.
+  **
+  ** Note that pCsr must be open on a INTKEY table and saveCursorPosition()
+  ** and hence saveAllCursors() cannot fail on a BTREE_INTKEY table, hence
+  ** saveAllCursors can only return SQLITE_OK.
+  */
+  VVA_ONLY(rc =) saveAllCursors(pCsr->pBt, pCsr->pgnoRoot, pCsr);
+  assert( rc==SQLITE_OK );
+
+  /* Check some assumptions: 
+  **   (a) the cursor is open for writing,
+  **   (b) there is a read/write transaction open,
+  **   (c) the connection holds a write-lock on the table (if required),
+  **   (d) there are no conflicting read-locks, and
+  **   (e) the cursor points at a valid row of an intKey table.
+  */
+  if( (pCsr->curFlags & BTCF_WriteFlag)==0 ){
+    return SQLITE_READONLY;
+  }
+  assert( (pCsr->pBt->btsFlags & BTS_READ_ONLY)==0
+              && pCsr->pBt->inTransaction==TRANS_WRITE );
+  assert( hasSharedCacheTableLock(pCsr->pBtree, pCsr->pgnoRoot, 0, 2) );
+  assert( !hasReadConflicts(pCsr->pBtree, pCsr->pgnoRoot) );
+  assert( pCsr->apPage[pCsr->iPage]->intKey );
+
+  return accessPayload(pCsr, offset, amt, (unsigned char *)z, 1);
+}
+
+/* 
+** Mark this cursor as an incremental blob cursor.
+*/
+SQLITE_PRIVATE void sqlite3BtreeIncrblobCursor(BtCursor *pCur){
+  pCur->curFlags |= BTCF_Incrblob;
+  pCur->pBtree->hasIncrblobCur = 1;
+}
+#endif
+
+/*
+** Set both the "read version" (single byte at byte offset 18) and 
+** "write version" (single byte at byte offset 19) fields in the database
+** header to iVersion.
+*/
+SQLITE_PRIVATE int sqlite3BtreeSetVersion(Btree *pBtree, int iVersion){
+  BtShared *pBt = pBtree->pBt;
+  int rc;                         /* Return code */
+ 
+  assert( iVersion==1 || iVersion==2 );
+
+  /* If setting the version fields to 1, do not automatically open the
+  ** WAL connection, even if the version fields are currently set to 2.
+  */
+  pBt->btsFlags &= ~BTS_NO_WAL;
+  if( iVersion==1 ) pBt->btsFlags |= BTS_NO_WAL;
+
+  rc = sqlite3BtreeBeginTrans(pBtree, 0);
+  if( rc==SQLITE_OK ){
+    u8 *aData = pBt->pPage1->aData;
+    if( aData[18]!=(u8)iVersion || aData[19]!=(u8)iVersion ){
+      rc = sqlite3BtreeBeginTrans(pBtree, 2);
+      if( rc==SQLITE_OK ){
+        rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
+        if( rc==SQLITE_OK ){
+          aData[18] = (u8)iVersion;
+          aData[19] = (u8)iVersion;
+        }
+      }
+    }
+  }
+
+  pBt->btsFlags &= ~BTS_NO_WAL;
+  return rc;
+}
+
+/*
+** Return true if the cursor has a hint specified.  This routine is
+** only used from within assert() statements
+*/
+SQLITE_PRIVATE int sqlite3BtreeCursorHasHint(BtCursor *pCsr, unsigned int mask){
+  return (pCsr->hints & mask)!=0;
+}
+
+/*
+** Return true if the given Btree is read-only.
+*/
+SQLITE_PRIVATE int sqlite3BtreeIsReadonly(Btree *p){
+  return (p->pBt->btsFlags & BTS_READ_ONLY)!=0;
+}
+
+/*
+** Return the size of the header added to each page by this module.
+*/
+SQLITE_PRIVATE int sqlite3HeaderSizeBtree(void){ return ROUND8(sizeof(MemPage)); }
+
+/************** End of btree.c ***********************************************/
+/************** Begin file backup.c ******************************************/
+/*
+** 2009 January 28
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the implementation of the sqlite3_backup_XXX() 
+** API functions and the related features.
+*/
+/* #include "sqliteInt.h" */
+/* #include "btreeInt.h" */
+
+/*
+** Structure allocated for each backup operation.
+*/
+struct sqlite3_backup {
+  sqlite3* pDestDb;        /* Destination database handle */
+  Btree *pDest;            /* Destination b-tree file */
+  u32 iDestSchema;         /* Original schema cookie in destination */
+  int bDestLocked;         /* True once a write-transaction is open on pDest */
+
+  Pgno iNext;              /* Page number of the next source page to copy */
+  sqlite3* pSrcDb;         /* Source database handle */
+  Btree *pSrc;             /* Source b-tree file */
+
+  int rc;                  /* Backup process error code */
+
+  /* These two variables are set by every call to backup_step(). They are
+  ** read by calls to backup_remaining() and backup_pagecount().
+  */
+  Pgno nRemaining;         /* Number of pages left to copy */
+  Pgno nPagecount;         /* Total number of pages to copy */
+
+  int isAttached;          /* True once backup has been registered with pager */
+  sqlite3_backup *pNext;   /* Next backup associated with source pager */
+};
+
+/*
+** THREAD SAFETY NOTES:
+**
+**   Once it has been created using backup_init(), a single sqlite3_backup
+**   structure may be accessed via two groups of thread-safe entry points:
+**
+**     * Via the sqlite3_backup_XXX() API function backup_step() and 
+**       backup_finish(). Both these functions obtain the source database
+**       handle mutex and the mutex associated with the source BtShared 
+**       structure, in that order.
+**
+**     * Via the BackupUpdate() and BackupRestart() functions, which are
+**       invoked by the pager layer to report various state changes in
+**       the page cache associated with the source database. The mutex
+**       associated with the source database BtShared structure will always 
+**       be held when either of these functions are invoked.
+**
+**   The other sqlite3_backup_XXX() API functions, backup_remaining() and
+**   backup_pagecount() are not thread-safe functions. If they are called
+**   while some other thread is calling backup_step() or backup_finish(),
+**   the values returned may be invalid. There is no way for a call to
+**   BackupUpdate() or BackupRestart() to interfere with backup_remaining()
+**   or backup_pagecount().
+**
+**   Depending on the SQLite configuration, the database handles and/or
+**   the Btree objects may have their own mutexes that require locking.
+**   Non-sharable Btrees (in-memory databases for example), do not have
+**   associated mutexes.
+*/
+
+/*
+** Return a pointer corresponding to database zDb (i.e. "main", "temp")
+** in connection handle pDb. If such a database cannot be found, return
+** a NULL pointer and write an error message to pErrorDb.
+**
+** If the "temp" database is requested, it may need to be opened by this 
+** function. If an error occurs while doing so, return 0 and write an 
+** error message to pErrorDb.
+*/
+static Btree *findBtree(sqlite3 *pErrorDb, sqlite3 *pDb, const char *zDb){
+  int i = sqlite3FindDbName(pDb, zDb);
+
+  if( i==1 ){
+    Parse *pParse;
+    int rc = 0;
+    pParse = sqlite3StackAllocZero(pErrorDb, sizeof(*pParse));
+    if( pParse==0 ){
+      sqlite3ErrorWithMsg(pErrorDb, SQLITE_NOMEM, "out of memory");
+      rc = SQLITE_NOMEM;
+    }else{
+      pParse->db = pDb;
+      if( sqlite3OpenTempDatabase(pParse) ){
+        sqlite3ErrorWithMsg(pErrorDb, pParse->rc, "%s", pParse->zErrMsg);
+        rc = SQLITE_ERROR;
+      }
+      sqlite3DbFree(pErrorDb, pParse->zErrMsg);
+      sqlite3ParserReset(pParse);
+      sqlite3StackFree(pErrorDb, pParse);
+    }
+    if( rc ){
+      return 0;
+    }
+  }
+
+  if( i<0 ){
+    sqlite3ErrorWithMsg(pErrorDb, SQLITE_ERROR, "unknown database %s", zDb);
+    return 0;
+  }
+
+  return pDb->aDb[i].pBt;
+}
+
+/*
+** Attempt to set the page size of the destination to match the page size
+** of the source.
+*/
+static int setDestPgsz(sqlite3_backup *p){
+  int rc;
+  rc = sqlite3BtreeSetPageSize(p->pDest,sqlite3BtreeGetPageSize(p->pSrc),-1,0);
+  return rc;
+}
+
+/*
+** Check that there is no open read-transaction on the b-tree passed as the
+** second argument. If there is not, return SQLITE_OK. Otherwise, if there
+** is an open read-transaction, return SQLITE_ERROR and leave an error 
+** message in database handle db.
+*/
+static int checkReadTransaction(sqlite3 *db, Btree *p){
+  if( sqlite3BtreeIsInReadTrans(p) ){
+    sqlite3ErrorWithMsg(db, SQLITE_ERROR, "destination database is in use");
+    return SQLITE_ERROR;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Create an sqlite3_backup process to copy the contents of zSrcDb from
+** connection handle pSrcDb to zDestDb in pDestDb. If successful, return
+** a pointer to the new sqlite3_backup object.
+**
+** If an error occurs, NULL is returned and an error code and error message
+** stored in database handle pDestDb.
+*/
+SQLITE_API sqlite3_backup *SQLITE_STDCALL sqlite3_backup_init(
+  sqlite3* pDestDb,                     /* Database to write to */
+  const char *zDestDb,                  /* Name of database within pDestDb */
+  sqlite3* pSrcDb,                      /* Database connection to read from */
+  const char *zSrcDb                    /* Name of database within pSrcDb */
+){
+  sqlite3_backup *p;                    /* Value to return */
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(pSrcDb)||!sqlite3SafetyCheckOk(pDestDb) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+
+  /* Lock the source database handle. The destination database
+  ** handle is not locked in this routine, but it is locked in
+  ** sqlite3_backup_step(). The user is required to ensure that no
+  ** other thread accesses the destination handle for the duration
+  ** of the backup operation.  Any attempt to use the destination
+  ** database connection while a backup is in progress may cause
+  ** a malfunction or a deadlock.
+  */
+  sqlite3_mutex_enter(pSrcDb->mutex);
+  sqlite3_mutex_enter(pDestDb->mutex);
+
+  if( pSrcDb==pDestDb ){
+    sqlite3ErrorWithMsg(
+        pDestDb, SQLITE_ERROR, "source and destination must be distinct"
+    );
+    p = 0;
+  }else {
+    /* Allocate space for a new sqlite3_backup object...
+    ** EVIDENCE-OF: R-64852-21591 The sqlite3_backup object is created by a
+    ** call to sqlite3_backup_init() and is destroyed by a call to
+    ** sqlite3_backup_finish(). */
+    p = (sqlite3_backup *)sqlite3MallocZero(sizeof(sqlite3_backup));
+    if( !p ){
+      sqlite3Error(pDestDb, SQLITE_NOMEM);
+    }
+  }
+
+  /* If the allocation succeeded, populate the new object. */
+  if( p ){
+    p->pSrc = findBtree(pDestDb, pSrcDb, zSrcDb);
+    p->pDest = findBtree(pDestDb, pDestDb, zDestDb);
+    p->pDestDb = pDestDb;
+    p->pSrcDb = pSrcDb;
+    p->iNext = 1;
+    p->isAttached = 0;
+
+    if( 0==p->pSrc || 0==p->pDest 
+     || setDestPgsz(p)==SQLITE_NOMEM 
+     || checkReadTransaction(pDestDb, p->pDest)!=SQLITE_OK 
+     ){
+      /* One (or both) of the named databases did not exist or an OOM
+      ** error was hit. Or there is a transaction open on the destination
+      ** database. The error has already been written into the pDestDb 
+      ** handle. All that is left to do here is free the sqlite3_backup 
+      ** structure.  */
+      sqlite3_free(p);
+      p = 0;
+    }
+  }
+  if( p ){
+    p->pSrc->nBackup++;
+  }
+
+  sqlite3_mutex_leave(pDestDb->mutex);
+  sqlite3_mutex_leave(pSrcDb->mutex);
+  return p;
+}
+
+/*
+** Argument rc is an SQLite error code. Return true if this error is 
+** considered fatal if encountered during a backup operation. All errors
+** are considered fatal except for SQLITE_BUSY and SQLITE_LOCKED.
+*/
+static int isFatalError(int rc){
+  return (rc!=SQLITE_OK && rc!=SQLITE_BUSY && ALWAYS(rc!=SQLITE_LOCKED));
+}
+
+/*
+** Parameter zSrcData points to a buffer containing the data for 
+** page iSrcPg from the source database. Copy this data into the 
+** destination database.
+*/
+static int backupOnePage(
+  sqlite3_backup *p,              /* Backup handle */
+  Pgno iSrcPg,                    /* Source database page to backup */
+  const u8 *zSrcData,             /* Source database page data */
+  int bUpdate                     /* True for an update, false otherwise */
+){
+  Pager * const pDestPager = sqlite3BtreePager(p->pDest);
+  const int nSrcPgsz = sqlite3BtreeGetPageSize(p->pSrc);
+  int nDestPgsz = sqlite3BtreeGetPageSize(p->pDest);
+  const int nCopy = MIN(nSrcPgsz, nDestPgsz);
+  const i64 iEnd = (i64)iSrcPg*(i64)nSrcPgsz;
+#ifdef SQLITE_HAS_CODEC
+  /* Use BtreeGetReserveNoMutex() for the source b-tree, as although it is
+  ** guaranteed that the shared-mutex is held by this thread, handle
+  ** p->pSrc may not actually be the owner.  */
+  int nSrcReserve = sqlite3BtreeGetReserveNoMutex(p->pSrc);
+  int nDestReserve = sqlite3BtreeGetOptimalReserve(p->pDest);
+#endif
+  int rc = SQLITE_OK;
+  i64 iOff;
+
+  assert( sqlite3BtreeGetReserveNoMutex(p->pSrc)>=0 );
+  assert( p->bDestLocked );
+  assert( !isFatalError(p->rc) );
+  assert( iSrcPg!=PENDING_BYTE_PAGE(p->pSrc->pBt) );
+  assert( zSrcData );
+
+  /* Catch the case where the destination is an in-memory database and the
+  ** page sizes of the source and destination differ. 
+  */
+  if( nSrcPgsz!=nDestPgsz && sqlite3PagerIsMemdb(pDestPager) ){
+    rc = SQLITE_READONLY;
+  }
+
+#ifdef SQLITE_HAS_CODEC
+  /* Backup is not possible if the page size of the destination is changing
+  ** and a codec is in use.
+  */
+  if( nSrcPgsz!=nDestPgsz && sqlite3PagerGetCodec(pDestPager)!=0 ){
+    rc = SQLITE_READONLY;
+  }
+
+  /* Backup is not possible if the number of bytes of reserve space differ
+  ** between source and destination.  If there is a difference, try to
+  ** fix the destination to agree with the source.  If that is not possible,
+  ** then the backup cannot proceed.
+  */
+  if( nSrcReserve!=nDestReserve ){
+    u32 newPgsz = nSrcPgsz;
+    rc = sqlite3PagerSetPagesize(pDestPager, &newPgsz, nSrcReserve);
+    if( rc==SQLITE_OK && newPgsz!=nSrcPgsz ) rc = SQLITE_READONLY;
+  }
+#endif
+
+  /* This loop runs once for each destination page spanned by the source 
+  ** page. For each iteration, variable iOff is set to the byte offset
+  ** of the destination page.
+  */
+  for(iOff=iEnd-(i64)nSrcPgsz; rc==SQLITE_OK && iOff<iEnd; iOff+=nDestPgsz){
+    DbPage *pDestPg = 0;
+    Pgno iDest = (Pgno)(iOff/nDestPgsz)+1;
+    if( iDest==PENDING_BYTE_PAGE(p->pDest->pBt) ) continue;
+    if( SQLITE_OK==(rc = sqlite3PagerGet(pDestPager, iDest, &pDestPg, 0))
+     && SQLITE_OK==(rc = sqlite3PagerWrite(pDestPg))
+    ){
+      const u8 *zIn = &zSrcData[iOff%nSrcPgsz];
+      u8 *zDestData = sqlite3PagerGetData(pDestPg);
+      u8 *zOut = &zDestData[iOff%nDestPgsz];
+
+      /* Copy the data from the source page into the destination page.
+      ** Then clear the Btree layer MemPage.isInit flag. Both this module
+      ** and the pager code use this trick (clearing the first byte
+      ** of the page 'extra' space to invalidate the Btree layers
+      ** cached parse of the page). MemPage.isInit is marked 
+      ** "MUST BE FIRST" for this purpose.
+      */
+      memcpy(zOut, zIn, nCopy);
+      ((u8 *)sqlite3PagerGetExtra(pDestPg))[0] = 0;
+      if( iOff==0 && bUpdate==0 ){
+        sqlite3Put4byte(&zOut[28], sqlite3BtreeLastPage(p->pSrc));
+      }
+    }
+    sqlite3PagerUnref(pDestPg);
+  }
+
+  return rc;
+}
+
+/*
+** If pFile is currently larger than iSize bytes, then truncate it to
+** exactly iSize bytes. If pFile is not larger than iSize bytes, then
+** this function is a no-op.
+**
+** Return SQLITE_OK if everything is successful, or an SQLite error 
+** code if an error occurs.
+*/
+static int backupTruncateFile(sqlite3_file *pFile, i64 iSize){
+  i64 iCurrent;
+  int rc = sqlite3OsFileSize(pFile, &iCurrent);
+  if( rc==SQLITE_OK && iCurrent>iSize ){
+    rc = sqlite3OsTruncate(pFile, iSize);
+  }
+  return rc;
+}
+
+/*
+** Register this backup object with the associated source pager for
+** callbacks when pages are changed or the cache invalidated.
+*/
+static void attachBackupObject(sqlite3_backup *p){
+  sqlite3_backup **pp;
+  assert( sqlite3BtreeHoldsMutex(p->pSrc) );
+  pp = sqlite3PagerBackupPtr(sqlite3BtreePager(p->pSrc));
+  p->pNext = *pp;
+  *pp = p;
+  p->isAttached = 1;
+}
+
+/*
+** Copy nPage pages from the source b-tree to the destination.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_step(sqlite3_backup *p, int nPage){
+  int rc;
+  int destMode;       /* Destination journal mode */
+  int pgszSrc = 0;    /* Source page size */
+  int pgszDest = 0;   /* Destination page size */
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( p==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(p->pSrcDb->mutex);
+  sqlite3BtreeEnter(p->pSrc);
+  if( p->pDestDb ){
+    sqlite3_mutex_enter(p->pDestDb->mutex);
+  }
+
+  rc = p->rc;
+  if( !isFatalError(rc) ){
+    Pager * const pSrcPager = sqlite3BtreePager(p->pSrc);     /* Source pager */
+    Pager * const pDestPager = sqlite3BtreePager(p->pDest);   /* Dest pager */
+    int ii;                            /* Iterator variable */
+    int nSrcPage = -1;                 /* Size of source db in pages */
+    int bCloseTrans = 0;               /* True if src db requires unlocking */
+
+    /* If the source pager is currently in a write-transaction, return
+    ** SQLITE_BUSY immediately.
+    */
+    if( p->pDestDb && p->pSrc->pBt->inTransaction==TRANS_WRITE ){
+      rc = SQLITE_BUSY;
+    }else{
+      rc = SQLITE_OK;
+    }
+
+    /* Lock the destination database, if it is not locked already. */
+    if( SQLITE_OK==rc && p->bDestLocked==0
+     && SQLITE_OK==(rc = sqlite3BtreeBeginTrans(p->pDest, 2)) 
+    ){
+      p->bDestLocked = 1;
+      sqlite3BtreeGetMeta(p->pDest, BTREE_SCHEMA_VERSION, &p->iDestSchema);
+    }
+
+    /* If there is no open read-transaction on the source database, open
+    ** one now. If a transaction is opened here, then it will be closed
+    ** before this function exits.
+    */
+    if( rc==SQLITE_OK && 0==sqlite3BtreeIsInReadTrans(p->pSrc) ){
+      rc = sqlite3BtreeBeginTrans(p->pSrc, 0);
+      bCloseTrans = 1;
+    }
+
+    /* Do not allow backup if the destination database is in WAL mode
+    ** and the page sizes are different between source and destination */
+    pgszSrc = sqlite3BtreeGetPageSize(p->pSrc);
+    pgszDest = sqlite3BtreeGetPageSize(p->pDest);
+    destMode = sqlite3PagerGetJournalMode(sqlite3BtreePager(p->pDest));
+    if( SQLITE_OK==rc && destMode==PAGER_JOURNALMODE_WAL && pgszSrc!=pgszDest ){
+      rc = SQLITE_READONLY;
+    }
+  
+    /* Now that there is a read-lock on the source database, query the
+    ** source pager for the number of pages in the database.
+    */
+    nSrcPage = (int)sqlite3BtreeLastPage(p->pSrc);
+    assert( nSrcPage>=0 );
+    for(ii=0; (nPage<0 || ii<nPage) && p->iNext<=(Pgno)nSrcPage && !rc; ii++){
+      const Pgno iSrcPg = p->iNext;                 /* Source page number */
+      if( iSrcPg!=PENDING_BYTE_PAGE(p->pSrc->pBt) ){
+        DbPage *pSrcPg;                             /* Source page object */
+        rc = sqlite3PagerGet(pSrcPager, iSrcPg, &pSrcPg,PAGER_GET_READONLY);
+        if( rc==SQLITE_OK ){
+          rc = backupOnePage(p, iSrcPg, sqlite3PagerGetData(pSrcPg), 0);
+          sqlite3PagerUnref(pSrcPg);
+        }
+      }
+      p->iNext++;
+    }
+    if( rc==SQLITE_OK ){
+      p->nPagecount = nSrcPage;
+      p->nRemaining = nSrcPage+1-p->iNext;
+      if( p->iNext>(Pgno)nSrcPage ){
+        rc = SQLITE_DONE;
+      }else if( !p->isAttached ){
+        attachBackupObject(p);
+      }
+    }
+  
+    /* Update the schema version field in the destination database. This
+    ** is to make sure that the schema-version really does change in
+    ** the case where the source and destination databases have the
+    ** same schema version.
+    */
+    if( rc==SQLITE_DONE ){
+      if( nSrcPage==0 ){
+        rc = sqlite3BtreeNewDb(p->pDest);
+        nSrcPage = 1;
+      }
+      if( rc==SQLITE_OK || rc==SQLITE_DONE ){
+        rc = sqlite3BtreeUpdateMeta(p->pDest,1,p->iDestSchema+1);
+      }
+      if( rc==SQLITE_OK ){
+        if( p->pDestDb ){
+          sqlite3ResetAllSchemasOfConnection(p->pDestDb);
+        }
+        if( destMode==PAGER_JOURNALMODE_WAL ){
+          rc = sqlite3BtreeSetVersion(p->pDest, 2);
+        }
+      }
+      if( rc==SQLITE_OK ){
+        int nDestTruncate;
+        /* Set nDestTruncate to the final number of pages in the destination
+        ** database. The complication here is that the destination page
+        ** size may be different to the source page size. 
+        **
+        ** If the source page size is smaller than the destination page size, 
+        ** round up. In this case the call to sqlite3OsTruncate() below will
+        ** fix the size of the file. However it is important to call
+        ** sqlite3PagerTruncateImage() here so that any pages in the 
+        ** destination file that lie beyond the nDestTruncate page mark are
+        ** journalled by PagerCommitPhaseOne() before they are destroyed
+        ** by the file truncation.
+        */
+        assert( pgszSrc==sqlite3BtreeGetPageSize(p->pSrc) );
+        assert( pgszDest==sqlite3BtreeGetPageSize(p->pDest) );
+        if( pgszSrc<pgszDest ){
+          int ratio = pgszDest/pgszSrc;
+          nDestTruncate = (nSrcPage+ratio-1)/ratio;
+          if( nDestTruncate==(int)PENDING_BYTE_PAGE(p->pDest->pBt) ){
+            nDestTruncate--;
+          }
+        }else{
+          nDestTruncate = nSrcPage * (pgszSrc/pgszDest);
+        }
+        assert( nDestTruncate>0 );
+
+        if( pgszSrc<pgszDest ){
+          /* If the source page-size is smaller than the destination page-size,
+          ** two extra things may need to happen:
+          **
+          **   * The destination may need to be truncated, and
+          **
+          **   * Data stored on the pages immediately following the 
+          **     pending-byte page in the source database may need to be
+          **     copied into the destination database.
+          */
+          const i64 iSize = (i64)pgszSrc * (i64)nSrcPage;
+          sqlite3_file * const pFile = sqlite3PagerFile(pDestPager);
+          Pgno iPg;
+          int nDstPage;
+          i64 iOff;
+          i64 iEnd;
+
+          assert( pFile );
+          assert( nDestTruncate==0 
+              || (i64)nDestTruncate*(i64)pgszDest >= iSize || (
+                nDestTruncate==(int)(PENDING_BYTE_PAGE(p->pDest->pBt)-1)
+             && iSize>=PENDING_BYTE && iSize<=PENDING_BYTE+pgszDest
+          ));
+
+          /* This block ensures that all data required to recreate the original
+          ** database has been stored in the journal for pDestPager and the
+          ** journal synced to disk. So at this point we may safely modify
+          ** the database file in any way, knowing that if a power failure
+          ** occurs, the original database will be reconstructed from the 
+          ** journal file.  */
+          sqlite3PagerPagecount(pDestPager, &nDstPage);
+          for(iPg=nDestTruncate; rc==SQLITE_OK && iPg<=(Pgno)nDstPage; iPg++){
+            if( iPg!=PENDING_BYTE_PAGE(p->pDest->pBt) ){
+              DbPage *pPg;
+              rc = sqlite3PagerGet(pDestPager, iPg, &pPg, 0);
+              if( rc==SQLITE_OK ){
+                rc = sqlite3PagerWrite(pPg);
+                sqlite3PagerUnref(pPg);
+              }
+            }
+          }
+          if( rc==SQLITE_OK ){
+            rc = sqlite3PagerCommitPhaseOne(pDestPager, 0, 1);
+          }
+
+          /* Write the extra pages and truncate the database file as required */
+          iEnd = MIN(PENDING_BYTE + pgszDest, iSize);
+          for(
+            iOff=PENDING_BYTE+pgszSrc; 
+            rc==SQLITE_OK && iOff<iEnd; 
+            iOff+=pgszSrc
+          ){
+            PgHdr *pSrcPg = 0;
+            const Pgno iSrcPg = (Pgno)((iOff/pgszSrc)+1);
+            rc = sqlite3PagerGet(pSrcPager, iSrcPg, &pSrcPg, 0);
+            if( rc==SQLITE_OK ){
+              u8 *zData = sqlite3PagerGetData(pSrcPg);
+              rc = sqlite3OsWrite(pFile, zData, pgszSrc, iOff);
+            }
+            sqlite3PagerUnref(pSrcPg);
+          }
+          if( rc==SQLITE_OK ){
+            rc = backupTruncateFile(pFile, iSize);
+          }
+
+          /* Sync the database file to disk. */
+          if( rc==SQLITE_OK ){
+            rc = sqlite3PagerSync(pDestPager, 0);
+          }
+        }else{
+          sqlite3PagerTruncateImage(pDestPager, nDestTruncate);
+          rc = sqlite3PagerCommitPhaseOne(pDestPager, 0, 0);
+        }
+    
+        /* Finish committing the transaction to the destination database. */
+        if( SQLITE_OK==rc
+         && SQLITE_OK==(rc = sqlite3BtreeCommitPhaseTwo(p->pDest, 0))
+        ){
+          rc = SQLITE_DONE;
+        }
+      }
+    }
+  
+    /* If bCloseTrans is true, then this function opened a read transaction
+    ** on the source database. Close the read transaction here. There is
+    ** no need to check the return values of the btree methods here, as
+    ** "committing" a read-only transaction cannot fail.
+    */
+    if( bCloseTrans ){
+      TESTONLY( int rc2 );
+      TESTONLY( rc2  = ) sqlite3BtreeCommitPhaseOne(p->pSrc, 0);
+      TESTONLY( rc2 |= ) sqlite3BtreeCommitPhaseTwo(p->pSrc, 0);
+      assert( rc2==SQLITE_OK );
+    }
+  
+    if( rc==SQLITE_IOERR_NOMEM ){
+      rc = SQLITE_NOMEM;
+    }
+    p->rc = rc;
+  }
+  if( p->pDestDb ){
+    sqlite3_mutex_leave(p->pDestDb->mutex);
+  }
+  sqlite3BtreeLeave(p->pSrc);
+  sqlite3_mutex_leave(p->pSrcDb->mutex);
+  return rc;
+}
+
+/*
+** Release all resources associated with an sqlite3_backup* handle.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_finish(sqlite3_backup *p){
+  sqlite3_backup **pp;                 /* Ptr to head of pagers backup list */
+  sqlite3 *pSrcDb;                     /* Source database connection */
+  int rc;                              /* Value to return */
+
+  /* Enter the mutexes */
+  if( p==0 ) return SQLITE_OK;
+  pSrcDb = p->pSrcDb;
+  sqlite3_mutex_enter(pSrcDb->mutex);
+  sqlite3BtreeEnter(p->pSrc);
+  if( p->pDestDb ){
+    sqlite3_mutex_enter(p->pDestDb->mutex);
+  }
+
+  /* Detach this backup from the source pager. */
+  if( p->pDestDb ){
+    p->pSrc->nBackup--;
+  }
+  if( p->isAttached ){
+    pp = sqlite3PagerBackupPtr(sqlite3BtreePager(p->pSrc));
+    while( *pp!=p ){
+      pp = &(*pp)->pNext;
+    }
+    *pp = p->pNext;
+  }
+
+  /* If a transaction is still open on the Btree, roll it back. */
+  sqlite3BtreeRollback(p->pDest, SQLITE_OK, 0);
+
+  /* Set the error code of the destination database handle. */
+  rc = (p->rc==SQLITE_DONE) ? SQLITE_OK : p->rc;
+  if( p->pDestDb ){
+    sqlite3Error(p->pDestDb, rc);
+
+    /* Exit the mutexes and free the backup context structure. */
+    sqlite3LeaveMutexAndCloseZombie(p->pDestDb);
+  }
+  sqlite3BtreeLeave(p->pSrc);
+  if( p->pDestDb ){
+    /* EVIDENCE-OF: R-64852-21591 The sqlite3_backup object is created by a
+    ** call to sqlite3_backup_init() and is destroyed by a call to
+    ** sqlite3_backup_finish(). */
+    sqlite3_free(p);
+  }
+  sqlite3LeaveMutexAndCloseZombie(pSrcDb);
+  return rc;
+}
+
+/*
+** Return the number of pages still to be backed up as of the most recent
+** call to sqlite3_backup_step().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_remaining(sqlite3_backup *p){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( p==0 ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  return p->nRemaining;
+}
+
+/*
+** Return the total number of pages in the source database as of the most 
+** recent call to sqlite3_backup_step().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_pagecount(sqlite3_backup *p){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( p==0 ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  return p->nPagecount;
+}
+
+/*
+** This function is called after the contents of page iPage of the
+** source database have been modified. If page iPage has already been 
+** copied into the destination database, then the data written to the
+** destination is now invalidated. The destination copy of iPage needs
+** to be updated with the new data before the backup operation is
+** complete.
+**
+** It is assumed that the mutex associated with the BtShared object
+** corresponding to the source database is held when this function is
+** called.
+*/
+static SQLITE_NOINLINE void backupUpdate(
+  sqlite3_backup *p,
+  Pgno iPage,
+  const u8 *aData
+){
+  assert( p!=0 );
+  do{
+    assert( sqlite3_mutex_held(p->pSrc->pBt->mutex) );
+    if( !isFatalError(p->rc) && iPage<p->iNext ){
+      /* The backup process p has already copied page iPage. But now it
+      ** has been modified by a transaction on the source pager. Copy
+      ** the new data into the backup.
+      */
+      int rc;
+      assert( p->pDestDb );
+      sqlite3_mutex_enter(p->pDestDb->mutex);
+      rc = backupOnePage(p, iPage, aData, 1);
+      sqlite3_mutex_leave(p->pDestDb->mutex);
+      assert( rc!=SQLITE_BUSY && rc!=SQLITE_LOCKED );
+      if( rc!=SQLITE_OK ){
+        p->rc = rc;
+      }
+    }
+  }while( (p = p->pNext)!=0 );
+}
+SQLITE_PRIVATE void sqlite3BackupUpdate(sqlite3_backup *pBackup, Pgno iPage, const u8 *aData){
+  if( pBackup ) backupUpdate(pBackup, iPage, aData);
+}
+
+/*
+** Restart the backup process. This is called when the pager layer
+** detects that the database has been modified by an external database
+** connection. In this case there is no way of knowing which of the
+** pages that have been copied into the destination database are still 
+** valid and which are not, so the entire process needs to be restarted.
+**
+** It is assumed that the mutex associated with the BtShared object
+** corresponding to the source database is held when this function is
+** called.
+*/
+SQLITE_PRIVATE void sqlite3BackupRestart(sqlite3_backup *pBackup){
+  sqlite3_backup *p;                   /* Iterator variable */
+  for(p=pBackup; p; p=p->pNext){
+    assert( sqlite3_mutex_held(p->pSrc->pBt->mutex) );
+    p->iNext = 1;
+  }
+}
+
+#ifndef SQLITE_OMIT_VACUUM
+/*
+** Copy the complete content of pBtFrom into pBtTo.  A transaction
+** must be active for both files.
+**
+** The size of file pTo may be reduced by this operation. If anything 
+** goes wrong, the transaction on pTo is rolled back. If successful, the 
+** transaction is committed before returning.
+*/
+SQLITE_PRIVATE int sqlite3BtreeCopyFile(Btree *pTo, Btree *pFrom){
+  int rc;
+  sqlite3_file *pFd;              /* File descriptor for database pTo */
+  sqlite3_backup b;
+  sqlite3BtreeEnter(pTo);
+  sqlite3BtreeEnter(pFrom);
+
+  assert( sqlite3BtreeIsInTrans(pTo) );
+  pFd = sqlite3PagerFile(sqlite3BtreePager(pTo));
+  if( pFd->pMethods ){
+    i64 nByte = sqlite3BtreeGetPageSize(pFrom)*(i64)sqlite3BtreeLastPage(pFrom);
+    rc = sqlite3OsFileControl(pFd, SQLITE_FCNTL_OVERWRITE, &nByte);
+    if( rc==SQLITE_NOTFOUND ) rc = SQLITE_OK;
+    if( rc ) goto copy_finished;
+  }
+
+  /* Set up an sqlite3_backup object. sqlite3_backup.pDestDb must be set
+  ** to 0. This is used by the implementations of sqlite3_backup_step()
+  ** and sqlite3_backup_finish() to detect that they are being called
+  ** from this function, not directly by the user.
+  */
+  memset(&b, 0, sizeof(b));
+  b.pSrcDb = pFrom->db;
+  b.pSrc = pFrom;
+  b.pDest = pTo;
+  b.iNext = 1;
+
+#ifdef SQLITE_HAS_CODEC
+  sqlite3PagerAlignReserve(sqlite3BtreePager(pTo), sqlite3BtreePager(pFrom));
+#endif
+
+  /* 0x7FFFFFFF is the hard limit for the number of pages in a database
+  ** file. By passing this as the number of pages to copy to
+  ** sqlite3_backup_step(), we can guarantee that the copy finishes 
+  ** within a single call (unless an error occurs). The assert() statement
+  ** checks this assumption - (p->rc) should be set to either SQLITE_DONE 
+  ** or an error code.
+  */
+  sqlite3_backup_step(&b, 0x7FFFFFFF);
+  assert( b.rc!=SQLITE_OK );
+  rc = sqlite3_backup_finish(&b);
+  if( rc==SQLITE_OK ){
+    pTo->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
+  }else{
+    sqlite3PagerClearCache(sqlite3BtreePager(b.pDest));
+  }
+
+  assert( sqlite3BtreeIsInTrans(pTo)==0 );
+copy_finished:
+  sqlite3BtreeLeave(pFrom);
+  sqlite3BtreeLeave(pTo);
+  return rc;
+}
+#endif /* SQLITE_OMIT_VACUUM */
+
+/************** End of backup.c **********************************************/
+/************** Begin file vdbemem.c *****************************************/
+/*
+** 2004 May 26
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains code use to manipulate "Mem" structure.  A "Mem"
+** stores a single value in the VDBE.  Mem is an opaque structure visible
+** only within the VDBE.  Interface routines refer to a Mem using the
+** name sqlite_value
+*/
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+#ifdef SQLITE_DEBUG
+/*
+** Check invariants on a Mem object.
+**
+** This routine is intended for use inside of assert() statements, like
+** this:    assert( sqlite3VdbeCheckMemInvariants(pMem) );
+*/
+SQLITE_PRIVATE int sqlite3VdbeCheckMemInvariants(Mem *p){
+  /* If MEM_Dyn is set then Mem.xDel!=0.  
+  ** Mem.xDel is might not be initialized if MEM_Dyn is clear.
+  */
+  assert( (p->flags & MEM_Dyn)==0 || p->xDel!=0 );
+
+  /* MEM_Dyn may only be set if Mem.szMalloc==0.  In this way we
+  ** ensure that if Mem.szMalloc>0 then it is safe to do
+  ** Mem.z = Mem.zMalloc without having to check Mem.flags&MEM_Dyn.
+  ** That saves a few cycles in inner loops. */
+  assert( (p->flags & MEM_Dyn)==0 || p->szMalloc==0 );
+
+  /* Cannot be both MEM_Int and MEM_Real at the same time */
+  assert( (p->flags & (MEM_Int|MEM_Real))!=(MEM_Int|MEM_Real) );
+
+  /* The szMalloc field holds the correct memory allocation size */
+  assert( p->szMalloc==0
+       || p->szMalloc==sqlite3DbMallocSize(p->db,p->zMalloc) );
+
+  /* If p holds a string or blob, the Mem.z must point to exactly
+  ** one of the following:
+  **
+  **   (1) Memory in Mem.zMalloc and managed by the Mem object
+  **   (2) Memory to be freed using Mem.xDel
+  **   (3) An ephemeral string or blob
+  **   (4) A static string or blob
+  */
+  if( (p->flags & (MEM_Str|MEM_Blob)) && p->n>0 ){
+    assert( 
+      ((p->szMalloc>0 && p->z==p->zMalloc)? 1 : 0) +
+      ((p->flags&MEM_Dyn)!=0 ? 1 : 0) +
+      ((p->flags&MEM_Ephem)!=0 ? 1 : 0) +
+      ((p->flags&MEM_Static)!=0 ? 1 : 0) == 1
+    );
+  }
+  return 1;
+}
+#endif
+
+
+/*
+** If pMem is an object with a valid string representation, this routine
+** ensures the internal encoding for the string representation is
+** 'desiredEnc', one of SQLITE_UTF8, SQLITE_UTF16LE or SQLITE_UTF16BE.
+**
+** If pMem is not a string object, or the encoding of the string
+** representation is already stored using the requested encoding, then this
+** routine is a no-op.
+**
+** SQLITE_OK is returned if the conversion is successful (or not required).
+** SQLITE_NOMEM may be returned if a malloc() fails during conversion
+** between formats.
+*/
+SQLITE_PRIVATE int sqlite3VdbeChangeEncoding(Mem *pMem, int desiredEnc){
+#ifndef SQLITE_OMIT_UTF16
+  int rc;
+#endif
+  assert( (pMem->flags&MEM_RowSet)==0 );
+  assert( desiredEnc==SQLITE_UTF8 || desiredEnc==SQLITE_UTF16LE
+           || desiredEnc==SQLITE_UTF16BE );
+  if( !(pMem->flags&MEM_Str) || pMem->enc==desiredEnc ){
+    return SQLITE_OK;
+  }
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+#ifdef SQLITE_OMIT_UTF16
+  return SQLITE_ERROR;
+#else
+
+  /* MemTranslate() may return SQLITE_OK or SQLITE_NOMEM. If NOMEM is returned,
+  ** then the encoding of the value may not have changed.
+  */
+  rc = sqlite3VdbeMemTranslate(pMem, (u8)desiredEnc);
+  assert(rc==SQLITE_OK    || rc==SQLITE_NOMEM);
+  assert(rc==SQLITE_OK    || pMem->enc!=desiredEnc);
+  assert(rc==SQLITE_NOMEM || pMem->enc==desiredEnc);
+  return rc;
+#endif
+}
+
+/*
+** Make sure pMem->z points to a writable allocation of at least 
+** min(n,32) bytes.
+**
+** If the bPreserve argument is true, then copy of the content of
+** pMem->z into the new allocation.  pMem must be either a string or
+** blob if bPreserve is true.  If bPreserve is false, any prior content
+** in pMem->z is discarded.
+*/
+SQLITE_PRIVATE SQLITE_NOINLINE int sqlite3VdbeMemGrow(Mem *pMem, int n, int bPreserve){
+  assert( sqlite3VdbeCheckMemInvariants(pMem) );
+  assert( (pMem->flags&MEM_RowSet)==0 );
+
+  /* If the bPreserve flag is set to true, then the memory cell must already
+  ** contain a valid string or blob value.  */
+  assert( bPreserve==0 || pMem->flags&(MEM_Blob|MEM_Str) );
+  testcase( bPreserve && pMem->z==0 );
+
+  assert( pMem->szMalloc==0
+       || pMem->szMalloc==sqlite3DbMallocSize(pMem->db, pMem->zMalloc) );
+  if( pMem->szMalloc<n ){
+    if( n<32 ) n = 32;
+    if( bPreserve && pMem->szMalloc>0 && pMem->z==pMem->zMalloc ){
+      pMem->z = pMem->zMalloc = sqlite3DbReallocOrFree(pMem->db, pMem->z, n);
+      bPreserve = 0;
+    }else{
+      if( pMem->szMalloc>0 ) sqlite3DbFree(pMem->db, pMem->zMalloc);
+      pMem->zMalloc = sqlite3DbMallocRaw(pMem->db, n);
+    }
+    if( pMem->zMalloc==0 ){
+      sqlite3VdbeMemSetNull(pMem);
+      pMem->z = 0;
+      pMem->szMalloc = 0;
+      return SQLITE_NOMEM;
+    }else{
+      pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
+    }
+  }
+
+  if( bPreserve && pMem->z && pMem->z!=pMem->zMalloc ){
+    memcpy(pMem->zMalloc, pMem->z, pMem->n);
+  }
+  if( (pMem->flags&MEM_Dyn)!=0 ){
+    assert( pMem->xDel!=0 && pMem->xDel!=SQLITE_DYNAMIC );
+    pMem->xDel((void *)(pMem->z));
+  }
+
+  pMem->z = pMem->zMalloc;
+  pMem->flags &= ~(MEM_Dyn|MEM_Ephem|MEM_Static);
+  return SQLITE_OK;
+}
+
+/*
+** Change the pMem->zMalloc allocation to be at least szNew bytes.
+** If pMem->zMalloc already meets or exceeds the requested size, this
+** routine is a no-op.
+**
+** Any prior string or blob content in the pMem object may be discarded.
+** The pMem->xDel destructor is called, if it exists.  Though MEM_Str
+** and MEM_Blob values may be discarded, MEM_Int, MEM_Real, and MEM_Null
+** values are preserved.
+**
+** Return SQLITE_OK on success or an error code (probably SQLITE_NOMEM)
+** if unable to complete the resizing.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
+  assert( szNew>0 );
+  assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
+  if( pMem->szMalloc<szNew ){
+    return sqlite3VdbeMemGrow(pMem, szNew, 0);
+  }
+  assert( (pMem->flags & MEM_Dyn)==0 );
+  pMem->z = pMem->zMalloc;
+  pMem->flags &= (MEM_Null|MEM_Int|MEM_Real);
+  return SQLITE_OK;
+}
+
+/*
+** Change pMem so that its MEM_Str or MEM_Blob value is stored in
+** MEM.zMalloc, where it can be safely written.
+**
+** Return SQLITE_OK on success or SQLITE_NOMEM if malloc fails.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemMakeWriteable(Mem *pMem){
+  int f;
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( (pMem->flags&MEM_RowSet)==0 );
+  ExpandBlob(pMem);
+  f = pMem->flags;
+  if( (f&(MEM_Str|MEM_Blob)) && (pMem->szMalloc==0 || pMem->z!=pMem->zMalloc) ){
+    if( sqlite3VdbeMemGrow(pMem, pMem->n + 2, 1) ){
+      return SQLITE_NOMEM;
+    }
+    pMem->z[pMem->n] = 0;
+    pMem->z[pMem->n+1] = 0;
+    pMem->flags |= MEM_Term;
+  }
+  pMem->flags &= ~MEM_Ephem;
+#ifdef SQLITE_DEBUG
+  pMem->pScopyFrom = 0;
+#endif
+
+  return SQLITE_OK;
+}
+
+/*
+** If the given Mem* has a zero-filled tail, turn it into an ordinary
+** blob stored in dynamically allocated space.
+*/
+#ifndef SQLITE_OMIT_INCRBLOB
+SQLITE_PRIVATE int sqlite3VdbeMemExpandBlob(Mem *pMem){
+  if( pMem->flags & MEM_Zero ){
+    int nByte;
+    assert( pMem->flags&MEM_Blob );
+    assert( (pMem->flags&MEM_RowSet)==0 );
+    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+
+    /* Set nByte to the number of bytes required to store the expanded blob. */
+    nByte = pMem->n + pMem->u.nZero;
+    if( nByte<=0 ){
+      nByte = 1;
+    }
+    if( sqlite3VdbeMemGrow(pMem, nByte, 1) ){
+      return SQLITE_NOMEM;
+    }
+
+    memset(&pMem->z[pMem->n], 0, pMem->u.nZero);
+    pMem->n += pMem->u.nZero;
+    pMem->flags &= ~(MEM_Zero|MEM_Term);
+  }
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** It is already known that pMem contains an unterminated string.
+** Add the zero terminator.
+*/
+static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){
+  if( sqlite3VdbeMemGrow(pMem, pMem->n+2, 1) ){
+    return SQLITE_NOMEM;
+  }
+  pMem->z[pMem->n] = 0;
+  pMem->z[pMem->n+1] = 0;
+  pMem->flags |= MEM_Term;
+  return SQLITE_OK;
+}
+
+/*
+** Make sure the given Mem is \u0000 terminated.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemNulTerminate(Mem *pMem){
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  testcase( (pMem->flags & (MEM_Term|MEM_Str))==(MEM_Term|MEM_Str) );
+  testcase( (pMem->flags & (MEM_Term|MEM_Str))==0 );
+  if( (pMem->flags & (MEM_Term|MEM_Str))!=MEM_Str ){
+    return SQLITE_OK;   /* Nothing to do */
+  }else{
+    return vdbeMemAddTerminator(pMem);
+  }
+}
+
+/*
+** Add MEM_Str to the set of representations for the given Mem.  Numbers
+** are converted using sqlite3_snprintf().  Converting a BLOB to a string
+** is a no-op.
+**
+** Existing representations MEM_Int and MEM_Real are invalidated if
+** bForce is true but are retained if bForce is false.
+**
+** A MEM_Null value will never be passed to this function. This function is
+** used for converting values to text for returning to the user (i.e. via
+** sqlite3_value_text()), or for ensuring that values to be used as btree
+** keys are strings. In the former case a NULL pointer is returned the
+** user and the latter is an internal programming error.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemStringify(Mem *pMem, u8 enc, u8 bForce){
+  int fg = pMem->flags;
+  const int nByte = 32;
+
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( !(fg&MEM_Zero) );
+  assert( !(fg&(MEM_Str|MEM_Blob)) );
+  assert( fg&(MEM_Int|MEM_Real) );
+  assert( (pMem->flags&MEM_RowSet)==0 );
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
+
+
+  if( sqlite3VdbeMemClearAndResize(pMem, nByte) ){
+    return SQLITE_NOMEM;
+  }
+
+  /* For a Real or Integer, use sqlite3_snprintf() to produce the UTF-8
+  ** string representation of the value. Then, if the required encoding
+  ** is UTF-16le or UTF-16be do a translation.
+  ** 
+  ** FIX ME: It would be better if sqlite3_snprintf() could do UTF-16.
+  */
+  if( fg & MEM_Int ){
+    sqlite3_snprintf(nByte, pMem->z, "%lld", pMem->u.i);
+  }else{
+    assert( fg & MEM_Real );
+    sqlite3_snprintf(nByte, pMem->z, "%!.15g", pMem->u.r);
+  }
+  pMem->n = sqlite3Strlen30(pMem->z);
+  pMem->enc = SQLITE_UTF8;
+  pMem->flags |= MEM_Str|MEM_Term;
+  if( bForce ) pMem->flags &= ~(MEM_Int|MEM_Real);
+  sqlite3VdbeChangeEncoding(pMem, enc);
+  return SQLITE_OK;
+}
+
+/*
+** Memory cell pMem contains the context of an aggregate function.
+** This routine calls the finalize method for that function.  The
+** result of the aggregate is stored back into pMem.
+**
+** Return SQLITE_ERROR if the finalizer reports an error.  SQLITE_OK
+** otherwise.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemFinalize(Mem *pMem, FuncDef *pFunc){
+  int rc = SQLITE_OK;
+  if( ALWAYS(pFunc && pFunc->xFinalize) ){
+    sqlite3_context ctx;
+    Mem t;
+    assert( (pMem->flags & MEM_Null)!=0 || pFunc==pMem->u.pDef );
+    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+    memset(&ctx, 0, sizeof(ctx));
+    memset(&t, 0, sizeof(t));
+    t.flags = MEM_Null;
+    t.db = pMem->db;
+    ctx.pOut = &t;
+    ctx.pMem = pMem;
+    ctx.pFunc = pFunc;
+    pFunc->xFinalize(&ctx); /* IMP: R-24505-23230 */
+    assert( (pMem->flags & MEM_Dyn)==0 );
+    if( pMem->szMalloc>0 ) sqlite3DbFree(pMem->db, pMem->zMalloc);
+    memcpy(pMem, &t, sizeof(t));
+    rc = ctx.isError;
+  }
+  return rc;
+}
+
+/*
+** If the memory cell contains a value that must be freed by
+** invoking the external callback in Mem.xDel, then this routine
+** will free that value.  It also sets Mem.flags to MEM_Null.
+**
+** This is a helper routine for sqlite3VdbeMemSetNull() and
+** for sqlite3VdbeMemRelease().  Use those other routines as the
+** entry point for releasing Mem resources.
+*/
+static SQLITE_NOINLINE void vdbeMemClearExternAndSetNull(Mem *p){
+  assert( p->db==0 || sqlite3_mutex_held(p->db->mutex) );
+  assert( VdbeMemDynamic(p) );
+  if( p->flags&MEM_Agg ){
+    sqlite3VdbeMemFinalize(p, p->u.pDef);
+    assert( (p->flags & MEM_Agg)==0 );
+    testcase( p->flags & MEM_Dyn );
+  }
+  if( p->flags&MEM_Dyn ){
+    assert( (p->flags&MEM_RowSet)==0 );
+    assert( p->xDel!=SQLITE_DYNAMIC && p->xDel!=0 );
+    p->xDel((void *)p->z);
+  }else if( p->flags&MEM_RowSet ){
+    sqlite3RowSetClear(p->u.pRowSet);
+  }else if( p->flags&MEM_Frame ){
+    VdbeFrame *pFrame = p->u.pFrame;
+    pFrame->pParent = pFrame->v->pDelFrame;
+    pFrame->v->pDelFrame = pFrame;
+  }
+  p->flags = MEM_Null;
+}
+
+/*
+** Release memory held by the Mem p, both external memory cleared
+** by p->xDel and memory in p->zMalloc.
+**
+** This is a helper routine invoked by sqlite3VdbeMemRelease() in
+** the unusual case where there really is memory in p that needs
+** to be freed.
+*/
+static SQLITE_NOINLINE void vdbeMemClear(Mem *p){
+  if( VdbeMemDynamic(p) ){
+    vdbeMemClearExternAndSetNull(p);
+  }
+  if( p->szMalloc ){
+    sqlite3DbFree(p->db, p->zMalloc);
+    p->szMalloc = 0;
+  }
+  p->z = 0;
+}
+
+/*
+** Release any memory resources held by the Mem.  Both the memory that is
+** free by Mem.xDel and the Mem.zMalloc allocation are freed.
+**
+** Use this routine prior to clean up prior to abandoning a Mem, or to
+** reset a Mem back to its minimum memory utilization.
+**
+** Use sqlite3VdbeMemSetNull() to release just the Mem.xDel space
+** prior to inserting new content into the Mem.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemRelease(Mem *p){
+  assert( sqlite3VdbeCheckMemInvariants(p) );
+  if( VdbeMemDynamic(p) || p->szMalloc ){
+    vdbeMemClear(p);
+  }
+}
+
+/*
+** Convert a 64-bit IEEE double into a 64-bit signed integer.
+** If the double is out of range of a 64-bit signed integer then
+** return the closest available 64-bit signed integer.
+*/
+static i64 doubleToInt64(double r){
+#ifdef SQLITE_OMIT_FLOATING_POINT
+  /* When floating-point is omitted, double and int64 are the same thing */
+  return r;
+#else
+  /*
+  ** Many compilers we encounter do not define constants for the
+  ** minimum and maximum 64-bit integers, or they define them
+  ** inconsistently.  And many do not understand the "LL" notation.
+  ** So we define our own static constants here using nothing
+  ** larger than a 32-bit integer constant.
+  */
+  static const i64 maxInt = LARGEST_INT64;
+  static const i64 minInt = SMALLEST_INT64;
+
+  if( r<=(double)minInt ){
+    return minInt;
+  }else if( r>=(double)maxInt ){
+    return maxInt;
+  }else{
+    return (i64)r;
+  }
+#endif
+}
+
+/*
+** Return some kind of integer value which is the best we can do
+** at representing the value that *pMem describes as an integer.
+** If pMem is an integer, then the value is exact.  If pMem is
+** a floating-point then the value returned is the integer part.
+** If pMem is a string or blob, then we make an attempt to convert
+** it into an integer and return that.  If pMem represents an
+** an SQL-NULL value, return 0.
+**
+** If pMem represents a string value, its encoding might be changed.
+*/
+SQLITE_PRIVATE i64 sqlite3VdbeIntValue(Mem *pMem){
+  int flags;
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
+  flags = pMem->flags;
+  if( flags & MEM_Int ){
+    return pMem->u.i;
+  }else if( flags & MEM_Real ){
+    return doubleToInt64(pMem->u.r);
+  }else if( flags & (MEM_Str|MEM_Blob) ){
+    i64 value = 0;
+    assert( pMem->z || pMem->n==0 );
+    sqlite3Atoi64(pMem->z, &value, pMem->n, pMem->enc);
+    return value;
+  }else{
+    return 0;
+  }
+}
+
+/*
+** Return the best representation of pMem that we can get into a
+** double.  If pMem is already a double or an integer, return its
+** value.  If it is a string or blob, try to convert it to a double.
+** If it is a NULL, return 0.0.
+*/
+SQLITE_PRIVATE double sqlite3VdbeRealValue(Mem *pMem){
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
+  if( pMem->flags & MEM_Real ){
+    return pMem->u.r;
+  }else if( pMem->flags & MEM_Int ){
+    return (double)pMem->u.i;
+  }else if( pMem->flags & (MEM_Str|MEM_Blob) ){
+    /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
+    double val = (double)0;
+    sqlite3AtoF(pMem->z, &val, pMem->n, pMem->enc);
+    return val;
+  }else{
+    /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
+    return (double)0;
+  }
+}
+
+/*
+** The MEM structure is already a MEM_Real.  Try to also make it a
+** MEM_Int if we can.
+*/
+SQLITE_PRIVATE void sqlite3VdbeIntegerAffinity(Mem *pMem){
+  i64 ix;
+  assert( pMem->flags & MEM_Real );
+  assert( (pMem->flags & MEM_RowSet)==0 );
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
+
+  ix = doubleToInt64(pMem->u.r);
+
+  /* Only mark the value as an integer if
+  **
+  **    (1) the round-trip conversion real->int->real is a no-op, and
+  **    (2) The integer is neither the largest nor the smallest
+  **        possible integer (ticket #3922)
+  **
+  ** The second and third terms in the following conditional enforces
+  ** the second condition under the assumption that addition overflow causes
+  ** values to wrap around.
+  */
+  if( pMem->u.r==ix && ix>SMALLEST_INT64 && ix<LARGEST_INT64 ){
+    pMem->u.i = ix;
+    MemSetTypeFlag(pMem, MEM_Int);
+  }
+}
+
+/*
+** Convert pMem to type integer.  Invalidate any prior representations.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemIntegerify(Mem *pMem){
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( (pMem->flags & MEM_RowSet)==0 );
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
+
+  pMem->u.i = sqlite3VdbeIntValue(pMem);
+  MemSetTypeFlag(pMem, MEM_Int);
+  return SQLITE_OK;
+}
+
+/*
+** Convert pMem so that it is of type MEM_Real.
+** Invalidate any prior representations.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemRealify(Mem *pMem){
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
+
+  pMem->u.r = sqlite3VdbeRealValue(pMem);
+  MemSetTypeFlag(pMem, MEM_Real);
+  return SQLITE_OK;
+}
+
+/*
+** Convert pMem so that it has types MEM_Real or MEM_Int or both.
+** Invalidate any prior representations.
+**
+** Every effort is made to force the conversion, even if the input
+** is a string that does not look completely like a number.  Convert
+** as much of the string as we can and ignore the rest.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemNumerify(Mem *pMem){
+  if( (pMem->flags & (MEM_Int|MEM_Real|MEM_Null))==0 ){
+    assert( (pMem->flags & (MEM_Blob|MEM_Str))!=0 );
+    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+    if( 0==sqlite3Atoi64(pMem->z, &pMem->u.i, pMem->n, pMem->enc) ){
+      MemSetTypeFlag(pMem, MEM_Int);
+    }else{
+      pMem->u.r = sqlite3VdbeRealValue(pMem);
+      MemSetTypeFlag(pMem, MEM_Real);
+      sqlite3VdbeIntegerAffinity(pMem);
+    }
+  }
+  assert( (pMem->flags & (MEM_Int|MEM_Real|MEM_Null))!=0 );
+  pMem->flags &= ~(MEM_Str|MEM_Blob);
+  return SQLITE_OK;
+}
+
+/*
+** Cast the datatype of the value in pMem according to the affinity
+** "aff".  Casting is different from applying affinity in that a cast
+** is forced.  In other words, the value is converted into the desired
+** affinity even if that results in loss of data.  This routine is
+** used (for example) to implement the SQL "cast()" operator.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemCast(Mem *pMem, u8 aff, u8 encoding){
+  if( pMem->flags & MEM_Null ) return;
+  switch( aff ){
+    case SQLITE_AFF_BLOB: {   /* Really a cast to BLOB */
+      if( (pMem->flags & MEM_Blob)==0 ){
+        sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
+        assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
+        MemSetTypeFlag(pMem, MEM_Blob);
+      }else{
+        pMem->flags &= ~(MEM_TypeMask&~MEM_Blob);
+      }
+      break;
+    }
+    case SQLITE_AFF_NUMERIC: {
+      sqlite3VdbeMemNumerify(pMem);
+      break;
+    }
+    case SQLITE_AFF_INTEGER: {
+      sqlite3VdbeMemIntegerify(pMem);
+      break;
+    }
+    case SQLITE_AFF_REAL: {
+      sqlite3VdbeMemRealify(pMem);
+      break;
+    }
+    default: {
+      assert( aff==SQLITE_AFF_TEXT );
+      assert( MEM_Str==(MEM_Blob>>3) );
+      pMem->flags |= (pMem->flags&MEM_Blob)>>3;
+      sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
+      assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
+      pMem->flags &= ~(MEM_Int|MEM_Real|MEM_Blob|MEM_Zero);
+      break;
+    }
+  }
+}
+
+/*
+** Initialize bulk memory to be a consistent Mem object.
+**
+** The minimum amount of initialization feasible is performed.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemInit(Mem *pMem, sqlite3 *db, u16 flags){
+  assert( (flags & ~MEM_TypeMask)==0 );
+  pMem->flags = flags;
+  pMem->db = db;
+  pMem->szMalloc = 0;
+}
+
+
+/*
+** Delete any previous value and set the value stored in *pMem to NULL.
+**
+** This routine calls the Mem.xDel destructor to dispose of values that
+** require the destructor.  But it preserves the Mem.zMalloc memory allocation.
+** To free all resources, use sqlite3VdbeMemRelease(), which both calls this
+** routine to invoke the destructor and deallocates Mem.zMalloc.
+**
+** Use this routine to reset the Mem prior to insert a new value.
+**
+** Use sqlite3VdbeMemRelease() to complete erase the Mem prior to abandoning it.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemSetNull(Mem *pMem){
+  if( VdbeMemDynamic(pMem) ){
+    vdbeMemClearExternAndSetNull(pMem);
+  }else{
+    pMem->flags = MEM_Null;
+  }
+}
+SQLITE_PRIVATE void sqlite3ValueSetNull(sqlite3_value *p){
+  sqlite3VdbeMemSetNull((Mem*)p); 
+}
+
+/*
+** Delete any previous value and set the value to be a BLOB of length
+** n containing all zeros.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemSetZeroBlob(Mem *pMem, int n){
+  sqlite3VdbeMemRelease(pMem);
+  pMem->flags = MEM_Blob|MEM_Zero;
+  pMem->n = 0;
+  if( n<0 ) n = 0;
+  pMem->u.nZero = n;
+  pMem->enc = SQLITE_UTF8;
+  pMem->z = 0;
+}
+
+/*
+** The pMem is known to contain content that needs to be destroyed prior
+** to a value change.  So invoke the destructor, then set the value to
+** a 64-bit integer.
+*/
+static SQLITE_NOINLINE void vdbeReleaseAndSetInt64(Mem *pMem, i64 val){
+  sqlite3VdbeMemSetNull(pMem);
+  pMem->u.i = val;
+  pMem->flags = MEM_Int;
+}
+
+/*
+** Delete any previous value and set the value stored in *pMem to val,
+** manifest type INTEGER.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemSetInt64(Mem *pMem, i64 val){
+  if( VdbeMemDynamic(pMem) ){
+    vdbeReleaseAndSetInt64(pMem, val);
+  }else{
+    pMem->u.i = val;
+    pMem->flags = MEM_Int;
+  }
+}
+
+#ifndef SQLITE_OMIT_FLOATING_POINT
+/*
+** Delete any previous value and set the value stored in *pMem to val,
+** manifest type REAL.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemSetDouble(Mem *pMem, double val){
+  sqlite3VdbeMemSetNull(pMem);
+  if( !sqlite3IsNaN(val) ){
+    pMem->u.r = val;
+    pMem->flags = MEM_Real;
+  }
+}
+#endif
+
+/*
+** Delete any previous value and set the value of pMem to be an
+** empty boolean index.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemSetRowSet(Mem *pMem){
+  sqlite3 *db = pMem->db;
+  assert( db!=0 );
+  assert( (pMem->flags & MEM_RowSet)==0 );
+  sqlite3VdbeMemRelease(pMem);
+  pMem->zMalloc = sqlite3DbMallocRaw(db, 64);
+  if( db->mallocFailed ){
+    pMem->flags = MEM_Null;
+    pMem->szMalloc = 0;
+  }else{
+    assert( pMem->zMalloc );
+    pMem->szMalloc = sqlite3DbMallocSize(db, pMem->zMalloc);
+    pMem->u.pRowSet = sqlite3RowSetInit(db, pMem->zMalloc, pMem->szMalloc);
+    assert( pMem->u.pRowSet!=0 );
+    pMem->flags = MEM_RowSet;
+  }
+}
+
+/*
+** Return true if the Mem object contains a TEXT or BLOB that is
+** too large - whose size exceeds SQLITE_MAX_LENGTH.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemTooBig(Mem *p){
+  assert( p->db!=0 );
+  if( p->flags & (MEM_Str|MEM_Blob) ){
+    int n = p->n;
+    if( p->flags & MEM_Zero ){
+      n += p->u.nZero;
+    }
+    return n>p->db->aLimit[SQLITE_LIMIT_LENGTH];
+  }
+  return 0; 
+}
+
+#ifdef SQLITE_DEBUG
+/*
+** This routine prepares a memory cell for modification by breaking
+** its link to a shallow copy and by marking any current shallow
+** copies of this cell as invalid.
+**
+** This is used for testing and debugging only - to make sure shallow
+** copies are not misused.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemAboutToChange(Vdbe *pVdbe, Mem *pMem){
+  int i;
+  Mem *pX;
+  for(i=1, pX=&pVdbe->aMem[1]; i<=pVdbe->nMem; i++, pX++){
+    if( pX->pScopyFrom==pMem ){
+      pX->flags |= MEM_Undefined;
+      pX->pScopyFrom = 0;
+    }
+  }
+  pMem->pScopyFrom = 0;
+}
+#endif /* SQLITE_DEBUG */
+
+
+/*
+** Make an shallow copy of pFrom into pTo.  Prior contents of
+** pTo are freed.  The pFrom->z field is not duplicated.  If
+** pFrom->z is used, then pTo->z points to the same thing as pFrom->z
+** and flags gets srcType (either MEM_Ephem or MEM_Static).
+*/
+static SQLITE_NOINLINE void vdbeClrCopy(Mem *pTo, const Mem *pFrom, int eType){
+  vdbeMemClearExternAndSetNull(pTo);
+  assert( !VdbeMemDynamic(pTo) );
+  sqlite3VdbeMemShallowCopy(pTo, pFrom, eType);
+}
+SQLITE_PRIVATE void sqlite3VdbeMemShallowCopy(Mem *pTo, const Mem *pFrom, int srcType){
+  assert( (pFrom->flags & MEM_RowSet)==0 );
+  assert( pTo->db==pFrom->db );
+  if( VdbeMemDynamic(pTo) ){ vdbeClrCopy(pTo,pFrom,srcType); return; }
+  memcpy(pTo, pFrom, MEMCELLSIZE);
+  if( (pFrom->flags&MEM_Static)==0 ){
+    pTo->flags &= ~(MEM_Dyn|MEM_Static|MEM_Ephem);
+    assert( srcType==MEM_Ephem || srcType==MEM_Static );
+    pTo->flags |= srcType;
+  }
+}
+
+/*
+** Make a full copy of pFrom into pTo.  Prior contents of pTo are
+** freed before the copy is made.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemCopy(Mem *pTo, const Mem *pFrom){
+  int rc = SQLITE_OK;
+
+  /* The pFrom==0 case in the following assert() is when an sqlite3_value
+  ** from sqlite3_value_dup() is used as the argument
+  ** to sqlite3_result_value(). */
+  assert( pTo->db==pFrom->db || pFrom->db==0 );
+  assert( (pFrom->flags & MEM_RowSet)==0 );
+  if( VdbeMemDynamic(pTo) ) vdbeMemClearExternAndSetNull(pTo);
+  memcpy(pTo, pFrom, MEMCELLSIZE);
+  pTo->flags &= ~MEM_Dyn;
+  if( pTo->flags&(MEM_Str|MEM_Blob) ){
+    if( 0==(pFrom->flags&MEM_Static) ){
+      pTo->flags |= MEM_Ephem;
+      rc = sqlite3VdbeMemMakeWriteable(pTo);
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Transfer the contents of pFrom to pTo. Any existing value in pTo is
+** freed. If pFrom contains ephemeral data, a copy is made.
+**
+** pFrom contains an SQL NULL when this routine returns.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemMove(Mem *pTo, Mem *pFrom){
+  assert( pFrom->db==0 || sqlite3_mutex_held(pFrom->db->mutex) );
+  assert( pTo->db==0 || sqlite3_mutex_held(pTo->db->mutex) );
+  assert( pFrom->db==0 || pTo->db==0 || pFrom->db==pTo->db );
+
+  sqlite3VdbeMemRelease(pTo);
+  memcpy(pTo, pFrom, sizeof(Mem));
+  pFrom->flags = MEM_Null;
+  pFrom->szMalloc = 0;
+}
+
+/*
+** Change the value of a Mem to be a string or a BLOB.
+**
+** The memory management strategy depends on the value of the xDel
+** parameter. If the value passed is SQLITE_TRANSIENT, then the 
+** string is copied into a (possibly existing) buffer managed by the 
+** Mem structure. Otherwise, any existing buffer is freed and the
+** pointer copied.
+**
+** If the string is too large (if it exceeds the SQLITE_LIMIT_LENGTH
+** size limit) then no memory allocation occurs.  If the string can be
+** stored without allocating memory, then it is.  If a memory allocation
+** is required to store the string, then value of pMem is unchanged.  In
+** either case, SQLITE_TOOBIG is returned.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMemSetStr(
+  Mem *pMem,          /* Memory cell to set to string value */
+  const char *z,      /* String pointer */
+  int n,              /* Bytes in string, or negative */
+  u8 enc,             /* Encoding of z.  0 for BLOBs */
+  void (*xDel)(void*) /* Destructor function */
+){
+  int nByte = n;      /* New value for pMem->n */
+  int iLimit;         /* Maximum allowed string or blob size */
+  u16 flags = 0;      /* New value for pMem->flags */
+
+  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
+  assert( (pMem->flags & MEM_RowSet)==0 );
+
+  /* If z is a NULL pointer, set pMem to contain an SQL NULL. */
+  if( !z ){
+    sqlite3VdbeMemSetNull(pMem);
+    return SQLITE_OK;
+  }
+
+  if( pMem->db ){
+    iLimit = pMem->db->aLimit[SQLITE_LIMIT_LENGTH];
+  }else{
+    iLimit = SQLITE_MAX_LENGTH;
+  }
+  flags = (enc==0?MEM_Blob:MEM_Str);
+  if( nByte<0 ){
+    assert( enc!=0 );
+    if( enc==SQLITE_UTF8 ){
+      nByte = sqlite3Strlen30(z);
+      if( nByte>iLimit ) nByte = iLimit+1;
+    }else{
+      for(nByte=0; nByte<=iLimit && (z[nByte] | z[nByte+1]); nByte+=2){}
+    }
+    flags |= MEM_Term;
+  }
+
+  /* The following block sets the new values of Mem.z and Mem.xDel. It
+  ** also sets a flag in local variable "flags" to indicate the memory
+  ** management (one of MEM_Dyn or MEM_Static).
+  */
+  if( xDel==SQLITE_TRANSIENT ){
+    int nAlloc = nByte;
+    if( flags&MEM_Term ){
+      nAlloc += (enc==SQLITE_UTF8?1:2);
+    }
+    if( nByte>iLimit ){
+      return SQLITE_TOOBIG;
+    }
+    testcase( nAlloc==0 );
+    testcase( nAlloc==31 );
+    testcase( nAlloc==32 );
+    if( sqlite3VdbeMemClearAndResize(pMem, MAX(nAlloc,32)) ){
+      return SQLITE_NOMEM;
+    }
+    memcpy(pMem->z, z, nAlloc);
+  }else if( xDel==SQLITE_DYNAMIC ){
+    sqlite3VdbeMemRelease(pMem);
+    pMem->zMalloc = pMem->z = (char *)z;
+    pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
+  }else{
+    sqlite3VdbeMemRelease(pMem);
+    pMem->z = (char *)z;
+    pMem->xDel = xDel;
+    flags |= ((xDel==SQLITE_STATIC)?MEM_Static:MEM_Dyn);
+  }
+
+  pMem->n = nByte;
+  pMem->flags = flags;
+  pMem->enc = (enc==0 ? SQLITE_UTF8 : enc);
+
+#ifndef SQLITE_OMIT_UTF16
+  if( pMem->enc!=SQLITE_UTF8 && sqlite3VdbeMemHandleBom(pMem) ){
+    return SQLITE_NOMEM;
+  }
+#endif
+
+  if( nByte>iLimit ){
+    return SQLITE_TOOBIG;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Move data out of a btree key or data field and into a Mem structure.
+** The data or key is taken from the entry that pCur is currently pointing
+** to.  offset and amt determine what portion of the data or key to retrieve.
+** key is true to get the key or false to get data.  The result is written
+** into the pMem element.
+**
+** The pMem object must have been initialized.  This routine will use
+** pMem->zMalloc to hold the content from the btree, if possible.  New
+** pMem->zMalloc space will be allocated if necessary.  The calling routine
+** is responsible for making sure that the pMem object is eventually
+** destroyed.
+**
+** If this routine fails for any reason (malloc returns NULL or unable
+** to read from the disk) then the pMem is left in an inconsistent state.
+*/
+static SQLITE_NOINLINE int vdbeMemFromBtreeResize(
+  BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
+  u32 offset,       /* Offset from the start of data to return bytes from. */
+  u32 amt,          /* Number of bytes to return. */
+  int key,          /* If true, retrieve from the btree key, not data. */
+  Mem *pMem         /* OUT: Return data in this Mem structure. */
+){
+  int rc;
+  pMem->flags = MEM_Null;
+  if( SQLITE_OK==(rc = sqlite3VdbeMemClearAndResize(pMem, amt+2)) ){
+    if( key ){
+      rc = sqlite3BtreeKey(pCur, offset, amt, pMem->z);
+    }else{
+      rc = sqlite3BtreeData(pCur, offset, amt, pMem->z);
+    }
+    if( rc==SQLITE_OK ){
+      pMem->z[amt] = 0;
+      pMem->z[amt+1] = 0;
+      pMem->flags = MEM_Blob|MEM_Term;
+      pMem->n = (int)amt;
+    }else{
+      sqlite3VdbeMemRelease(pMem);
+    }
+  }
+  return rc;
+}
+SQLITE_PRIVATE int sqlite3VdbeMemFromBtree(
+  BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
+  u32 offset,       /* Offset from the start of data to return bytes from. */
+  u32 amt,          /* Number of bytes to return. */
+  int key,          /* If true, retrieve from the btree key, not data. */
+  Mem *pMem         /* OUT: Return data in this Mem structure. */
+){
+  char *zData;        /* Data from the btree layer */
+  u32 available = 0;  /* Number of bytes available on the local btree page */
+  int rc = SQLITE_OK; /* Return code */
+
+  assert( sqlite3BtreeCursorIsValid(pCur) );
+  assert( !VdbeMemDynamic(pMem) );
+
+  /* Note: the calls to BtreeKeyFetch() and DataFetch() below assert() 
+  ** that both the BtShared and database handle mutexes are held. */
+  assert( (pMem->flags & MEM_RowSet)==0 );
+  if( key ){
+    zData = (char *)sqlite3BtreeKeyFetch(pCur, &available);
+  }else{
+    zData = (char *)sqlite3BtreeDataFetch(pCur, &available);
+  }
+  assert( zData!=0 );
+
+  if( offset+amt<=available ){
+    pMem->z = &zData[offset];
+    pMem->flags = MEM_Blob|MEM_Ephem;
+    pMem->n = (int)amt;
+  }else{
+    rc = vdbeMemFromBtreeResize(pCur, offset, amt, key, pMem);
+  }
+
+  return rc;
+}
+
+/*
+** The pVal argument is known to be a value other than NULL.
+** Convert it into a string with encoding enc and return a pointer
+** to a zero-terminated version of that string.
+*/
+static SQLITE_NOINLINE const void *valueToText(sqlite3_value* pVal, u8 enc){
+  assert( pVal!=0 );
+  assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
+  assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
+  assert( (pVal->flags & MEM_RowSet)==0 );
+  assert( (pVal->flags & (MEM_Null))==0 );
+  if( pVal->flags & (MEM_Blob|MEM_Str) ){
+    pVal->flags |= MEM_Str;
+    if( pVal->flags & MEM_Zero ){
+      sqlite3VdbeMemExpandBlob(pVal);
+    }
+    if( pVal->enc != (enc & ~SQLITE_UTF16_ALIGNED) ){
+      sqlite3VdbeChangeEncoding(pVal, enc & ~SQLITE_UTF16_ALIGNED);
+    }
+    if( (enc & SQLITE_UTF16_ALIGNED)!=0 && 1==(1&SQLITE_PTR_TO_INT(pVal->z)) ){
+      assert( (pVal->flags & (MEM_Ephem|MEM_Static))!=0 );
+      if( sqlite3VdbeMemMakeWriteable(pVal)!=SQLITE_OK ){
+        return 0;
+      }
+    }
+    sqlite3VdbeMemNulTerminate(pVal); /* IMP: R-31275-44060 */
+  }else{
+    sqlite3VdbeMemStringify(pVal, enc, 0);
+    assert( 0==(1&SQLITE_PTR_TO_INT(pVal->z)) );
+  }
+  assert(pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) || pVal->db==0
+              || pVal->db->mallocFailed );
+  if( pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) ){
+    return pVal->z;
+  }else{
+    return 0;
+  }
+}
+
+/* This function is only available internally, it is not part of the
+** external API. It works in a similar way to sqlite3_value_text(),
+** except the data returned is in the encoding specified by the second
+** parameter, which must be one of SQLITE_UTF16BE, SQLITE_UTF16LE or
+** SQLITE_UTF8.
+**
+** (2006-02-16:)  The enc value can be or-ed with SQLITE_UTF16_ALIGNED.
+** If that is the case, then the result must be aligned on an even byte
+** boundary.
+*/
+SQLITE_PRIVATE const void *sqlite3ValueText(sqlite3_value* pVal, u8 enc){
+  if( !pVal ) return 0;
+  assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
+  assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
+  assert( (pVal->flags & MEM_RowSet)==0 );
+  if( (pVal->flags&(MEM_Str|MEM_Term))==(MEM_Str|MEM_Term) && pVal->enc==enc ){
+    return pVal->z;
+  }
+  if( pVal->flags&MEM_Null ){
+    return 0;
+  }
+  return valueToText(pVal, enc);
+}
+
+/*
+** Create a new sqlite3_value object.
+*/
+SQLITE_PRIVATE sqlite3_value *sqlite3ValueNew(sqlite3 *db){
+  Mem *p = sqlite3DbMallocZero(db, sizeof(*p));
+  if( p ){
+    p->flags = MEM_Null;
+    p->db = db;
+  }
+  return p;
+}
+
+/*
+** Context object passed by sqlite3Stat4ProbeSetValue() through to 
+** valueNew(). See comments above valueNew() for details.
+*/
+struct ValueNewStat4Ctx {
+  Parse *pParse;
+  Index *pIdx;
+  UnpackedRecord **ppRec;
+  int iVal;
+};
+
+/*
+** Allocate and return a pointer to a new sqlite3_value object. If
+** the second argument to this function is NULL, the object is allocated
+** by calling sqlite3ValueNew().
+**
+** Otherwise, if the second argument is non-zero, then this function is 
+** being called indirectly by sqlite3Stat4ProbeSetValue(). If it has not
+** already been allocated, allocate the UnpackedRecord structure that 
+** that function will return to its caller here. Then return a pointer to
+** an sqlite3_value within the UnpackedRecord.a[] array.
+*/
+static sqlite3_value *valueNew(sqlite3 *db, struct ValueNewStat4Ctx *p){
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  if( p ){
+    UnpackedRecord *pRec = p->ppRec[0];
+
+    if( pRec==0 ){
+      Index *pIdx = p->pIdx;      /* Index being probed */
+      int nByte;                  /* Bytes of space to allocate */
+      int i;                      /* Counter variable */
+      int nCol = pIdx->nColumn;   /* Number of index columns including rowid */
+  
+      nByte = sizeof(Mem) * nCol + ROUND8(sizeof(UnpackedRecord));
+      pRec = (UnpackedRecord*)sqlite3DbMallocZero(db, nByte);
+      if( pRec ){
+        pRec->pKeyInfo = sqlite3KeyInfoOfIndex(p->pParse, pIdx);
+        if( pRec->pKeyInfo ){
+          assert( pRec->pKeyInfo->nField+pRec->pKeyInfo->nXField==nCol );
+          assert( pRec->pKeyInfo->enc==ENC(db) );
+          pRec->aMem = (Mem *)((u8*)pRec + ROUND8(sizeof(UnpackedRecord)));
+          for(i=0; i<nCol; i++){
+            pRec->aMem[i].flags = MEM_Null;
+            pRec->aMem[i].db = db;
+          }
+        }else{
+          sqlite3DbFree(db, pRec);
+          pRec = 0;
+        }
+      }
+      if( pRec==0 ) return 0;
+      p->ppRec[0] = pRec;
+    }
+  
+    pRec->nField = p->iVal+1;
+    return &pRec->aMem[p->iVal];
+  }
+#else
+  UNUSED_PARAMETER(p);
+#endif /* defined(SQLITE_ENABLE_STAT3_OR_STAT4) */
+  return sqlite3ValueNew(db);
+}
+
+/*
+** The expression object indicated by the second argument is guaranteed
+** to be a scalar SQL function. If
+**
+**   * all function arguments are SQL literals,
+**   * one of the SQLITE_FUNC_CONSTANT or _SLOCHNG function flags is set, and
+**   * the SQLITE_FUNC_NEEDCOLL function flag is not set,
+**
+** then this routine attempts to invoke the SQL function. Assuming no
+** error occurs, output parameter (*ppVal) is set to point to a value 
+** object containing the result before returning SQLITE_OK.
+**
+** Affinity aff is applied to the result of the function before returning.
+** If the result is a text value, the sqlite3_value object uses encoding 
+** enc.
+**
+** If the conditions above are not met, this function returns SQLITE_OK
+** and sets (*ppVal) to NULL. Or, if an error occurs, (*ppVal) is set to
+** NULL and an SQLite error code returned.
+*/
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+static int valueFromFunction(
+  sqlite3 *db,                    /* The database connection */
+  Expr *p,                        /* The expression to evaluate */
+  u8 enc,                         /* Encoding to use */
+  u8 aff,                         /* Affinity to use */
+  sqlite3_value **ppVal,          /* Write the new value here */
+  struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
+){
+  sqlite3_context ctx;            /* Context object for function invocation */
+  sqlite3_value **apVal = 0;      /* Function arguments */
+  int nVal = 0;                   /* Size of apVal[] array */
+  FuncDef *pFunc = 0;             /* Function definition */
+  sqlite3_value *pVal = 0;        /* New value */
+  int rc = SQLITE_OK;             /* Return code */
+  int nName;                      /* Size of function name in bytes */
+  ExprList *pList = 0;            /* Function arguments */
+  int i;                          /* Iterator variable */
+
+  assert( pCtx!=0 );
+  assert( (p->flags & EP_TokenOnly)==0 );
+  pList = p->x.pList;
+  if( pList ) nVal = pList->nExpr;
+  nName = sqlite3Strlen30(p->u.zToken);
+  pFunc = sqlite3FindFunction(db, p->u.zToken, nName, nVal, enc, 0);
+  assert( pFunc );
+  if( (pFunc->funcFlags & (SQLITE_FUNC_CONSTANT|SQLITE_FUNC_SLOCHNG))==0 
+   || (pFunc->funcFlags & SQLITE_FUNC_NEEDCOLL)
+  ){
+    return SQLITE_OK;
+  }
+
+  if( pList ){
+    apVal = (sqlite3_value**)sqlite3DbMallocZero(db, sizeof(apVal[0]) * nVal);
+    if( apVal==0 ){
+      rc = SQLITE_NOMEM;
+      goto value_from_function_out;
+    }
+    for(i=0; i<nVal; i++){
+      rc = sqlite3ValueFromExpr(db, pList->a[i].pExpr, enc, aff, &apVal[i]);
+      if( apVal[i]==0 || rc!=SQLITE_OK ) goto value_from_function_out;
+    }
+  }
+
+  pVal = valueNew(db, pCtx);
+  if( pVal==0 ){
+    rc = SQLITE_NOMEM;
+    goto value_from_function_out;
+  }
+
+  assert( pCtx->pParse->rc==SQLITE_OK );
+  memset(&ctx, 0, sizeof(ctx));
+  ctx.pOut = pVal;
+  ctx.pFunc = pFunc;
+  pFunc->xFunc(&ctx, nVal, apVal);
+  if( ctx.isError ){
+    rc = ctx.isError;
+    sqlite3ErrorMsg(pCtx->pParse, "%s", sqlite3_value_text(pVal));
+  }else{
+    sqlite3ValueApplyAffinity(pVal, aff, SQLITE_UTF8);
+    assert( rc==SQLITE_OK );
+    rc = sqlite3VdbeChangeEncoding(pVal, enc);
+    if( rc==SQLITE_OK && sqlite3VdbeMemTooBig(pVal) ){
+      rc = SQLITE_TOOBIG;
+      pCtx->pParse->nErr++;
+    }
+  }
+  pCtx->pParse->rc = rc;
+
+ value_from_function_out:
+  if( rc!=SQLITE_OK ){
+    pVal = 0;
+  }
+  if( apVal ){
+    for(i=0; i<nVal; i++){
+      sqlite3ValueFree(apVal[i]);
+    }
+    sqlite3DbFree(db, apVal);
+  }
+
+  *ppVal = pVal;
+  return rc;
+}
+#else
+# define valueFromFunction(a,b,c,d,e,f) SQLITE_OK
+#endif /* defined(SQLITE_ENABLE_STAT3_OR_STAT4) */
+
+/*
+** Extract a value from the supplied expression in the manner described
+** above sqlite3ValueFromExpr(). Allocate the sqlite3_value object
+** using valueNew().
+**
+** If pCtx is NULL and an error occurs after the sqlite3_value object
+** has been allocated, it is freed before returning. Or, if pCtx is not
+** NULL, it is assumed that the caller will free any allocated object
+** in all cases.
+*/
+static int valueFromExpr(
+  sqlite3 *db,                    /* The database connection */
+  Expr *pExpr,                    /* The expression to evaluate */
+  u8 enc,                         /* Encoding to use */
+  u8 affinity,                    /* Affinity to use */
+  sqlite3_value **ppVal,          /* Write the new value here */
+  struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
+){
+  int op;
+  char *zVal = 0;
+  sqlite3_value *pVal = 0;
+  int negInt = 1;
+  const char *zNeg = "";
+  int rc = SQLITE_OK;
+
+  if( !pExpr ){
+    *ppVal = 0;
+    return SQLITE_OK;
+  }
+  while( (op = pExpr->op)==TK_UPLUS ) pExpr = pExpr->pLeft;
+  if( NEVER(op==TK_REGISTER) ) op = pExpr->op2;
+
+  /* Compressed expressions only appear when parsing the DEFAULT clause
+  ** on a table column definition, and hence only when pCtx==0.  This
+  ** check ensures that an EP_TokenOnly expression is never passed down
+  ** into valueFromFunction(). */
+  assert( (pExpr->flags & EP_TokenOnly)==0 || pCtx==0 );
+
+  if( op==TK_CAST ){
+    u8 aff = sqlite3AffinityType(pExpr->u.zToken,0);
+    rc = valueFromExpr(db, pExpr->pLeft, enc, aff, ppVal, pCtx);
+    testcase( rc!=SQLITE_OK );
+    if( *ppVal ){
+      sqlite3VdbeMemCast(*ppVal, aff, SQLITE_UTF8);
+      sqlite3ValueApplyAffinity(*ppVal, affinity, SQLITE_UTF8);
+    }
+    return rc;
+  }
+
+  /* Handle negative integers in a single step.  This is needed in the
+  ** case when the value is -9223372036854775808.
+  */
+  if( op==TK_UMINUS
+   && (pExpr->pLeft->op==TK_INTEGER || pExpr->pLeft->op==TK_FLOAT) ){
+    pExpr = pExpr->pLeft;
+    op = pExpr->op;
+    negInt = -1;
+    zNeg = "-";
+  }
+
+  if( op==TK_STRING || op==TK_FLOAT || op==TK_INTEGER ){
+    pVal = valueNew(db, pCtx);
+    if( pVal==0 ) goto no_mem;
+    if( ExprHasProperty(pExpr, EP_IntValue) ){
+      sqlite3VdbeMemSetInt64(pVal, (i64)pExpr->u.iValue*negInt);
+    }else{
+      zVal = sqlite3MPrintf(db, "%s%s", zNeg, pExpr->u.zToken);
+      if( zVal==0 ) goto no_mem;
+      sqlite3ValueSetStr(pVal, -1, zVal, SQLITE_UTF8, SQLITE_DYNAMIC);
+    }
+    if( (op==TK_INTEGER || op==TK_FLOAT ) && affinity==SQLITE_AFF_BLOB ){
+      sqlite3ValueApplyAffinity(pVal, SQLITE_AFF_NUMERIC, SQLITE_UTF8);
+    }else{
+      sqlite3ValueApplyAffinity(pVal, affinity, SQLITE_UTF8);
+    }
+    if( pVal->flags & (MEM_Int|MEM_Real) ) pVal->flags &= ~MEM_Str;
+    if( enc!=SQLITE_UTF8 ){
+      rc = sqlite3VdbeChangeEncoding(pVal, enc);
+    }
+  }else if( op==TK_UMINUS ) {
+    /* This branch happens for multiple negative signs.  Ex: -(-5) */
+    if( SQLITE_OK==sqlite3ValueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal) 
+     && pVal!=0
+    ){
+      sqlite3VdbeMemNumerify(pVal);
+      if( pVal->flags & MEM_Real ){
+        pVal->u.r = -pVal->u.r;
+      }else if( pVal->u.i==SMALLEST_INT64 ){
+        pVal->u.r = -(double)SMALLEST_INT64;
+        MemSetTypeFlag(pVal, MEM_Real);
+      }else{
+        pVal->u.i = -pVal->u.i;
+      }
+      sqlite3ValueApplyAffinity(pVal, affinity, enc);
+    }
+  }else if( op==TK_NULL ){
+    pVal = valueNew(db, pCtx);
+    if( pVal==0 ) goto no_mem;
+  }
+#ifndef SQLITE_OMIT_BLOB_LITERAL
+  else if( op==TK_BLOB ){
+    int nVal;
+    assert( pExpr->u.zToken[0]=='x' || pExpr->u.zToken[0]=='X' );
+    assert( pExpr->u.zToken[1]=='\'' );
+    pVal = valueNew(db, pCtx);
+    if( !pVal ) goto no_mem;
+    zVal = &pExpr->u.zToken[2];
+    nVal = sqlite3Strlen30(zVal)-1;
+    assert( zVal[nVal]=='\'' );
+    sqlite3VdbeMemSetStr(pVal, sqlite3HexToBlob(db, zVal, nVal), nVal/2,
+                         0, SQLITE_DYNAMIC);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  else if( op==TK_FUNCTION && pCtx!=0 ){
+    rc = valueFromFunction(db, pExpr, enc, affinity, &pVal, pCtx);
+  }
+#endif
+
+  *ppVal = pVal;
+  return rc;
+
+no_mem:
+  db->mallocFailed = 1;
+  sqlite3DbFree(db, zVal);
+  assert( *ppVal==0 );
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  if( pCtx==0 ) sqlite3ValueFree(pVal);
+#else
+  assert( pCtx==0 ); sqlite3ValueFree(pVal);
+#endif
+  return SQLITE_NOMEM;
+}
+
+/*
+** Create a new sqlite3_value object, containing the value of pExpr.
+**
+** This only works for very simple expressions that consist of one constant
+** token (i.e. "5", "5.1", "'a string'"). If the expression can
+** be converted directly into a value, then the value is allocated and
+** a pointer written to *ppVal. The caller is responsible for deallocating
+** the value by passing it to sqlite3ValueFree() later on. If the expression
+** cannot be converted to a value, then *ppVal is set to NULL.
+*/
+SQLITE_PRIVATE int sqlite3ValueFromExpr(
+  sqlite3 *db,              /* The database connection */
+  Expr *pExpr,              /* The expression to evaluate */
+  u8 enc,                   /* Encoding to use */
+  u8 affinity,              /* Affinity to use */
+  sqlite3_value **ppVal     /* Write the new value here */
+){
+  return valueFromExpr(db, pExpr, enc, affinity, ppVal, 0);
+}
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/*
+** The implementation of the sqlite_record() function. This function accepts
+** a single argument of any type. The return value is a formatted database 
+** record (a blob) containing the argument value.
+**
+** This is used to convert the value stored in the 'sample' column of the
+** sqlite_stat3 table to the record format SQLite uses internally.
+*/
+static void recordFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const int file_format = 1;
+  u32 iSerial;                    /* Serial type */
+  int nSerial;                    /* Bytes of space for iSerial as varint */
+  u32 nVal;                       /* Bytes of space required for argv[0] */
+  int nRet;
+  sqlite3 *db;
+  u8 *aRet;
+
+  UNUSED_PARAMETER( argc );
+  iSerial = sqlite3VdbeSerialType(argv[0], file_format, &nVal);
+  nSerial = sqlite3VarintLen(iSerial);
+  db = sqlite3_context_db_handle(context);
+
+  nRet = 1 + nSerial + nVal;
+  aRet = sqlite3DbMallocRaw(db, nRet);
+  if( aRet==0 ){
+    sqlite3_result_error_nomem(context);
+  }else{
+    aRet[0] = nSerial+1;
+    putVarint32(&aRet[1], iSerial);
+    sqlite3VdbeSerialPut(&aRet[1+nSerial], argv[0], iSerial);
+    sqlite3_result_blob(context, aRet, nRet, SQLITE_TRANSIENT);
+    sqlite3DbFree(db, aRet);
+  }
+}
+
+/*
+** Register built-in functions used to help read ANALYZE data.
+*/
+SQLITE_PRIVATE void sqlite3AnalyzeFunctions(void){
+  static SQLITE_WSD FuncDef aAnalyzeTableFuncs[] = {
+    FUNCTION(sqlite_record,   1, 0, 0, recordFunc),
+  };
+  int i;
+  FuncDefHash *pHash = &GLOBAL(FuncDefHash, sqlite3GlobalFunctions);
+  FuncDef *aFunc = (FuncDef*)&GLOBAL(FuncDef, aAnalyzeTableFuncs);
+  for(i=0; i<ArraySize(aAnalyzeTableFuncs); i++){
+    sqlite3FuncDefInsert(pHash, &aFunc[i]);
+  }
+}
+
+/*
+** Attempt to extract a value from pExpr and use it to construct *ppVal.
+**
+** If pAlloc is not NULL, then an UnpackedRecord object is created for
+** pAlloc if one does not exist and the new value is added to the
+** UnpackedRecord object.
+**
+** A value is extracted in the following cases:
+**
+**  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
+**
+**  * The expression is a bound variable, and this is a reprepare, or
+**
+**  * The expression is a literal value.
+**
+** On success, *ppVal is made to point to the extracted value.  The caller
+** is responsible for ensuring that the value is eventually freed.
+*/
+static int stat4ValueFromExpr(
+  Parse *pParse,                  /* Parse context */
+  Expr *pExpr,                    /* The expression to extract a value from */
+  u8 affinity,                    /* Affinity to use */
+  struct ValueNewStat4Ctx *pAlloc,/* How to allocate space.  Or NULL */
+  sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
+){
+  int rc = SQLITE_OK;
+  sqlite3_value *pVal = 0;
+  sqlite3 *db = pParse->db;
+
+  /* Skip over any TK_COLLATE nodes */
+  pExpr = sqlite3ExprSkipCollate(pExpr);
+
+  if( !pExpr ){
+    pVal = valueNew(db, pAlloc);
+    if( pVal ){
+      sqlite3VdbeMemSetNull((Mem*)pVal);
+    }
+  }else if( pExpr->op==TK_VARIABLE
+        || NEVER(pExpr->op==TK_REGISTER && pExpr->op2==TK_VARIABLE)
+  ){
+    Vdbe *v;
+    int iBindVar = pExpr->iColumn;
+    sqlite3VdbeSetVarmask(pParse->pVdbe, iBindVar);
+    if( (v = pParse->pReprepare)!=0 ){
+      pVal = valueNew(db, pAlloc);
+      if( pVal ){
+        rc = sqlite3VdbeMemCopy((Mem*)pVal, &v->aVar[iBindVar-1]);
+        if( rc==SQLITE_OK ){
+          sqlite3ValueApplyAffinity(pVal, affinity, ENC(db));
+        }
+        pVal->db = pParse->db;
+      }
+    }
+  }else{
+    rc = valueFromExpr(db, pExpr, ENC(db), affinity, &pVal, pAlloc);
+  }
+
+  assert( pVal==0 || pVal->db==db );
+  *ppVal = pVal;
+  return rc;
+}
+
+/*
+** This function is used to allocate and populate UnpackedRecord 
+** structures intended to be compared against sample index keys stored 
+** in the sqlite_stat4 table.
+**
+** A single call to this function attempts to populates field iVal (leftmost 
+** is 0 etc.) of the unpacked record with a value extracted from expression
+** pExpr. Extraction of values is possible if:
+**
+**  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
+**
+**  * The expression is a bound variable, and this is a reprepare, or
+**
+**  * The sqlite3ValueFromExpr() function is able to extract a value 
+**    from the expression (i.e. the expression is a literal value).
+**
+** If a value can be extracted, the affinity passed as the 5th argument
+** is applied to it before it is copied into the UnpackedRecord. Output
+** parameter *pbOk is set to true if a value is extracted, or false 
+** otherwise.
+**
+** When this function is called, *ppRec must either point to an object
+** allocated by an earlier call to this function, or must be NULL. If it
+** is NULL and a value can be successfully extracted, a new UnpackedRecord
+** is allocated (and *ppRec set to point to it) before returning.
+**
+** Unless an error is encountered, SQLITE_OK is returned. It is not an
+** error if a value cannot be extracted from pExpr. If an error does
+** occur, an SQLite error code is returned.
+*/
+SQLITE_PRIVATE int sqlite3Stat4ProbeSetValue(
+  Parse *pParse,                  /* Parse context */
+  Index *pIdx,                    /* Index being probed */
+  UnpackedRecord **ppRec,         /* IN/OUT: Probe record */
+  Expr *pExpr,                    /* The expression to extract a value from */
+  u8 affinity,                    /* Affinity to use */
+  int iVal,                       /* Array element to populate */
+  int *pbOk                       /* OUT: True if value was extracted */
+){
+  int rc;
+  sqlite3_value *pVal = 0;
+  struct ValueNewStat4Ctx alloc;
+
+  alloc.pParse = pParse;
+  alloc.pIdx = pIdx;
+  alloc.ppRec = ppRec;
+  alloc.iVal = iVal;
+
+  rc = stat4ValueFromExpr(pParse, pExpr, affinity, &alloc, &pVal);
+  assert( pVal==0 || pVal->db==pParse->db );
+  *pbOk = (pVal!=0);
+  return rc;
+}
+
+/*
+** Attempt to extract a value from expression pExpr using the methods
+** as described for sqlite3Stat4ProbeSetValue() above. 
+**
+** If successful, set *ppVal to point to a new value object and return 
+** SQLITE_OK. If no value can be extracted, but no other error occurs
+** (e.g. OOM), return SQLITE_OK and set *ppVal to NULL. Or, if an error
+** does occur, return an SQLite error code. The final value of *ppVal
+** is undefined in this case.
+*/
+SQLITE_PRIVATE int sqlite3Stat4ValueFromExpr(
+  Parse *pParse,                  /* Parse context */
+  Expr *pExpr,                    /* The expression to extract a value from */
+  u8 affinity,                    /* Affinity to use */
+  sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
+){
+  return stat4ValueFromExpr(pParse, pExpr, affinity, 0, ppVal);
+}
+
+/*
+** Extract the iCol-th column from the nRec-byte record in pRec.  Write
+** the column value into *ppVal.  If *ppVal is initially NULL then a new
+** sqlite3_value object is allocated.
+**
+** If *ppVal is initially NULL then the caller is responsible for 
+** ensuring that the value written into *ppVal is eventually freed.
+*/
+SQLITE_PRIVATE int sqlite3Stat4Column(
+  sqlite3 *db,                    /* Database handle */
+  const void *pRec,               /* Pointer to buffer containing record */
+  int nRec,                       /* Size of buffer pRec in bytes */
+  int iCol,                       /* Column to extract */
+  sqlite3_value **ppVal           /* OUT: Extracted value */
+){
+  u32 t;                          /* a column type code */
+  int nHdr;                       /* Size of the header in the record */
+  int iHdr;                       /* Next unread header byte */
+  int iField;                     /* Next unread data byte */
+  int szField;                    /* Size of the current data field */
+  int i;                          /* Column index */
+  u8 *a = (u8*)pRec;              /* Typecast byte array */
+  Mem *pMem = *ppVal;             /* Write result into this Mem object */
+
+  assert( iCol>0 );
+  iHdr = getVarint32(a, nHdr);
+  if( nHdr>nRec || iHdr>=nHdr ) return SQLITE_CORRUPT_BKPT;
+  iField = nHdr;
+  for(i=0; i<=iCol; i++){
+    iHdr += getVarint32(&a[iHdr], t);
+    testcase( iHdr==nHdr );
+    testcase( iHdr==nHdr+1 );
+    if( iHdr>nHdr ) return SQLITE_CORRUPT_BKPT;
+    szField = sqlite3VdbeSerialTypeLen(t);
+    iField += szField;
+  }
+  testcase( iField==nRec );
+  testcase( iField==nRec+1 );
+  if( iField>nRec ) return SQLITE_CORRUPT_BKPT;
+  if( pMem==0 ){
+    pMem = *ppVal = sqlite3ValueNew(db);
+    if( pMem==0 ) return SQLITE_NOMEM;
+  }
+  sqlite3VdbeSerialGet(&a[iField-szField], t, pMem);
+  pMem->enc = ENC(db);
+  return SQLITE_OK;
+}
+
+/*
+** Unless it is NULL, the argument must be an UnpackedRecord object returned
+** by an earlier call to sqlite3Stat4ProbeSetValue(). This call deletes
+** the object.
+*/
+SQLITE_PRIVATE void sqlite3Stat4ProbeFree(UnpackedRecord *pRec){
+  if( pRec ){
+    int i;
+    int nCol = pRec->pKeyInfo->nField+pRec->pKeyInfo->nXField;
+    Mem *aMem = pRec->aMem;
+    sqlite3 *db = aMem[0].db;
+    for(i=0; i<nCol; i++){
+      sqlite3VdbeMemRelease(&aMem[i]);
+    }
+    sqlite3KeyInfoUnref(pRec->pKeyInfo);
+    sqlite3DbFree(db, pRec);
+  }
+}
+#endif /* ifdef SQLITE_ENABLE_STAT4 */
+
+/*
+** Change the string value of an sqlite3_value object
+*/
+SQLITE_PRIVATE void sqlite3ValueSetStr(
+  sqlite3_value *v,     /* Value to be set */
+  int n,                /* Length of string z */
+  const void *z,        /* Text of the new string */
+  u8 enc,               /* Encoding to use */
+  void (*xDel)(void*)   /* Destructor for the string */
+){
+  if( v ) sqlite3VdbeMemSetStr((Mem *)v, z, n, enc, xDel);
+}
+
+/*
+** Free an sqlite3_value object
+*/
+SQLITE_PRIVATE void sqlite3ValueFree(sqlite3_value *v){
+  if( !v ) return;
+  sqlite3VdbeMemRelease((Mem *)v);
+  sqlite3DbFree(((Mem*)v)->db, v);
+}
+
+/*
+** The sqlite3ValueBytes() routine returns the number of bytes in the
+** sqlite3_value object assuming that it uses the encoding "enc".
+** The valueBytes() routine is a helper function.
+*/
+static SQLITE_NOINLINE int valueBytes(sqlite3_value *pVal, u8 enc){
+  return valueToText(pVal, enc)!=0 ? pVal->n : 0;
+}
+SQLITE_PRIVATE int sqlite3ValueBytes(sqlite3_value *pVal, u8 enc){
+  Mem *p = (Mem*)pVal;
+  assert( (p->flags & MEM_Null)==0 || (p->flags & (MEM_Str|MEM_Blob))==0 );
+  if( (p->flags & MEM_Str)!=0 && pVal->enc==enc ){
+    return p->n;
+  }
+  if( (p->flags & MEM_Blob)!=0 ){
+    if( p->flags & MEM_Zero ){
+      return p->n + p->u.nZero;
+    }else{
+      return p->n;
+    }
+  }
+  if( p->flags & MEM_Null ) return 0;
+  return valueBytes(pVal, enc);
+}
+
+/************** End of vdbemem.c *********************************************/
+/************** Begin file vdbeaux.c *****************************************/
+/*
+** 2003 September 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used for creating, destroying, and populating
+** a VDBE (or an "sqlite3_stmt" as it is known to the outside world.) 
+*/
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+/*
+** Create a new virtual database engine.
+*/
+SQLITE_PRIVATE Vdbe *sqlite3VdbeCreate(Parse *pParse){
+  sqlite3 *db = pParse->db;
+  Vdbe *p;
+  p = sqlite3DbMallocZero(db, sizeof(Vdbe) );
+  if( p==0 ) return 0;
+  p->db = db;
+  if( db->pVdbe ){
+    db->pVdbe->pPrev = p;
+  }
+  p->pNext = db->pVdbe;
+  p->pPrev = 0;
+  db->pVdbe = p;
+  p->magic = VDBE_MAGIC_INIT;
+  p->pParse = pParse;
+  assert( pParse->aLabel==0 );
+  assert( pParse->nLabel==0 );
+  assert( pParse->nOpAlloc==0 );
+  assert( pParse->szOpAlloc==0 );
+  return p;
+}
+
+/*
+** Change the error string stored in Vdbe.zErrMsg
+*/
+SQLITE_PRIVATE void sqlite3VdbeError(Vdbe *p, const char *zFormat, ...){
+  va_list ap;
+  sqlite3DbFree(p->db, p->zErrMsg);
+  va_start(ap, zFormat);
+  p->zErrMsg = sqlite3VMPrintf(p->db, zFormat, ap);
+  va_end(ap);
+}
+
+/*
+** Remember the SQL string for a prepared statement.
+*/
+SQLITE_PRIVATE void sqlite3VdbeSetSql(Vdbe *p, const char *z, int n, int isPrepareV2){
+  assert( isPrepareV2==1 || isPrepareV2==0 );
+  if( p==0 ) return;
+#if defined(SQLITE_OMIT_TRACE) && !defined(SQLITE_ENABLE_SQLLOG)
+  if( !isPrepareV2 ) return;
+#endif
+  assert( p->zSql==0 );
+  p->zSql = sqlite3DbStrNDup(p->db, z, n);
+  p->isPrepareV2 = (u8)isPrepareV2;
+}
+
+/*
+** Return the SQL associated with a prepared statement
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_sql(sqlite3_stmt *pStmt){
+  Vdbe *p = (Vdbe *)pStmt;
+  return p ? p->zSql : 0;
+}
+
+/*
+** Swap all content between two VDBE structures.
+*/
+SQLITE_PRIVATE void sqlite3VdbeSwap(Vdbe *pA, Vdbe *pB){
+  Vdbe tmp, *pTmp;
+  char *zTmp;
+  tmp = *pA;
+  *pA = *pB;
+  *pB = tmp;
+  pTmp = pA->pNext;
+  pA->pNext = pB->pNext;
+  pB->pNext = pTmp;
+  pTmp = pA->pPrev;
+  pA->pPrev = pB->pPrev;
+  pB->pPrev = pTmp;
+  zTmp = pA->zSql;
+  pA->zSql = pB->zSql;
+  pB->zSql = zTmp;
+  pB->isPrepareV2 = pA->isPrepareV2;
+}
+
+/*
+** Resize the Vdbe.aOp array so that it is at least nOp elements larger 
+** than its current size. nOp is guaranteed to be less than or equal
+** to 1024/sizeof(Op).
+**
+** If an out-of-memory error occurs while resizing the array, return
+** SQLITE_NOMEM. In this case Vdbe.aOp and Parse.nOpAlloc remain 
+** unchanged (this is so that any opcodes already allocated can be 
+** correctly deallocated along with the rest of the Vdbe).
+*/
+static int growOpArray(Vdbe *v, int nOp){
+  VdbeOp *pNew;
+  Parse *p = v->pParse;
+
+  /* The SQLITE_TEST_REALLOC_STRESS compile-time option is designed to force
+  ** more frequent reallocs and hence provide more opportunities for 
+  ** simulated OOM faults.  SQLITE_TEST_REALLOC_STRESS is generally used
+  ** during testing only.  With SQLITE_TEST_REALLOC_STRESS grow the op array
+  ** by the minimum* amount required until the size reaches 512.  Normal
+  ** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
+  ** size of the op array or add 1KB of space, whichever is smaller. */
+#ifdef SQLITE_TEST_REALLOC_STRESS
+  int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
+#else
+  int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
+  UNUSED_PARAMETER(nOp);
+#endif
+
+  assert( nOp<=(1024/sizeof(Op)) );
+  assert( nNew>=(p->nOpAlloc+nOp) );
+  pNew = sqlite3DbRealloc(p->db, v->aOp, nNew*sizeof(Op));
+  if( pNew ){
+    p->szOpAlloc = sqlite3DbMallocSize(p->db, pNew);
+    p->nOpAlloc = p->szOpAlloc/sizeof(Op);
+    v->aOp = pNew;
+  }
+  return (pNew ? SQLITE_OK : SQLITE_NOMEM);
+}
+
+#ifdef SQLITE_DEBUG
+/* This routine is just a convenient place to set a breakpoint that will
+** fire after each opcode is inserted and displayed using
+** "PRAGMA vdbe_addoptrace=on".
+*/
+static void test_addop_breakpoint(void){
+  static int n = 0;
+  n++;
+}
+#endif
+
+/*
+** Add a new instruction to the list of instructions current in the
+** VDBE.  Return the address of the new instruction.
+**
+** Parameters:
+**
+**    p               Pointer to the VDBE
+**
+**    op              The opcode for this instruction
+**
+**    p1, p2, p3      Operands
+**
+** Use the sqlite3VdbeResolveLabel() function to fix an address and
+** the sqlite3VdbeChangeP4() function to change the value of the P4
+** operand.
+*/
+static SQLITE_NOINLINE int growOp3(Vdbe *p, int op, int p1, int p2, int p3){
+  assert( p->pParse->nOpAlloc<=p->nOp );
+  if( growOpArray(p, 1) ) return 1;
+  assert( p->pParse->nOpAlloc>p->nOp );
+  return sqlite3VdbeAddOp3(p, op, p1, p2, p3);
+}
+SQLITE_PRIVATE int sqlite3VdbeAddOp3(Vdbe *p, int op, int p1, int p2, int p3){
+  int i;
+  VdbeOp *pOp;
+
+  i = p->nOp;
+  assert( p->magic==VDBE_MAGIC_INIT );
+  assert( op>0 && op<0xff );
+  if( p->pParse->nOpAlloc<=i ){
+    return growOp3(p, op, p1, p2, p3);
+  }
+  p->nOp++;
+  pOp = &p->aOp[i];
+  pOp->opcode = (u8)op;
+  pOp->p5 = 0;
+  pOp->p1 = p1;
+  pOp->p2 = p2;
+  pOp->p3 = p3;
+  pOp->p4.p = 0;
+  pOp->p4type = P4_NOTUSED;
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+  pOp->zComment = 0;
+#endif
+#ifdef SQLITE_DEBUG
+  if( p->db->flags & SQLITE_VdbeAddopTrace ){
+    int jj, kk;
+    Parse *pParse = p->pParse;
+    for(jj=kk=0; jj<SQLITE_N_COLCACHE; jj++){
+      struct yColCache *x = pParse->aColCache + jj;
+      if( x->iLevel>pParse->iCacheLevel || x->iReg==0 ) continue;
+      printf(" r[%d]={%d:%d}", x->iReg, x->iTable, x->iColumn);
+      kk++;
+    }
+    if( kk ) printf("\n");
+    sqlite3VdbePrintOp(0, i, &p->aOp[i]);
+    test_addop_breakpoint();
+  }
+#endif
+#ifdef VDBE_PROFILE
+  pOp->cycles = 0;
+  pOp->cnt = 0;
+#endif
+#ifdef SQLITE_VDBE_COVERAGE
+  pOp->iSrcLine = 0;
+#endif
+  return i;
+}
+SQLITE_PRIVATE int sqlite3VdbeAddOp0(Vdbe *p, int op){
+  return sqlite3VdbeAddOp3(p, op, 0, 0, 0);
+}
+SQLITE_PRIVATE int sqlite3VdbeAddOp1(Vdbe *p, int op, int p1){
+  return sqlite3VdbeAddOp3(p, op, p1, 0, 0);
+}
+SQLITE_PRIVATE int sqlite3VdbeAddOp2(Vdbe *p, int op, int p1, int p2){
+  return sqlite3VdbeAddOp3(p, op, p1, p2, 0);
+}
+
+/* Generate code for an unconditional jump to instruction iDest
+*/
+SQLITE_PRIVATE int sqlite3VdbeGoto(Vdbe *p, int iDest){
+  return sqlite3VdbeAddOp3(p, OP_Goto, 0, iDest, 0);
+}
+
+/* Generate code to cause the string zStr to be loaded into
+** register iDest
+*/
+SQLITE_PRIVATE int sqlite3VdbeLoadString(Vdbe *p, int iDest, const char *zStr){
+  return sqlite3VdbeAddOp4(p, OP_String8, 0, iDest, 0, zStr, 0);
+}
+
+/*
+** Generate code that initializes multiple registers to string or integer
+** constants.  The registers begin with iDest and increase consecutively.
+** One register is initialized for each characgter in zTypes[].  For each
+** "s" character in zTypes[], the register is a string if the argument is
+** not NULL, or OP_Null if the value is a null pointer.  For each "i" character
+** in zTypes[], the register is initialized to an integer.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMultiLoad(Vdbe *p, int iDest, const char *zTypes, ...){
+  va_list ap;
+  int i;
+  char c;
+  va_start(ap, zTypes);
+  for(i=0; (c = zTypes[i])!=0; i++){
+    if( c=='s' ){
+      const char *z = va_arg(ap, const char*);
+      int addr = sqlite3VdbeAddOp2(p, z==0 ? OP_Null : OP_String8, 0, iDest++);
+      if( z ) sqlite3VdbeChangeP4(p, addr, z, 0);
+    }else{
+      assert( c=='i' );
+      sqlite3VdbeAddOp2(p, OP_Integer, va_arg(ap, int), iDest++);
+    }
+  }
+  va_end(ap);
+}
+
+/*
+** Add an opcode that includes the p4 value as a pointer.
+*/
+SQLITE_PRIVATE int sqlite3VdbeAddOp4(
+  Vdbe *p,            /* Add the opcode to this VM */
+  int op,             /* The new opcode */
+  int p1,             /* The P1 operand */
+  int p2,             /* The P2 operand */
+  int p3,             /* The P3 operand */
+  const char *zP4,    /* The P4 operand */
+  int p4type          /* P4 operand type */
+){
+  int addr = sqlite3VdbeAddOp3(p, op, p1, p2, p3);
+  sqlite3VdbeChangeP4(p, addr, zP4, p4type);
+  return addr;
+}
+
+/*
+** Add an opcode that includes the p4 value with a P4_INT64 or
+** P4_REAL type.
+*/
+SQLITE_PRIVATE int sqlite3VdbeAddOp4Dup8(
+  Vdbe *p,            /* Add the opcode to this VM */
+  int op,             /* The new opcode */
+  int p1,             /* The P1 operand */
+  int p2,             /* The P2 operand */
+  int p3,             /* The P3 operand */
+  const u8 *zP4,      /* The P4 operand */
+  int p4type          /* P4 operand type */
+){
+  char *p4copy = sqlite3DbMallocRaw(sqlite3VdbeDb(p), 8);
+  if( p4copy ) memcpy(p4copy, zP4, 8);
+  return sqlite3VdbeAddOp4(p, op, p1, p2, p3, p4copy, p4type);
+}
+
+/*
+** Add an OP_ParseSchema opcode.  This routine is broken out from
+** sqlite3VdbeAddOp4() since it needs to also needs to mark all btrees
+** as having been used.
+**
+** The zWhere string must have been obtained from sqlite3_malloc().
+** This routine will take ownership of the allocated memory.
+*/
+SQLITE_PRIVATE void sqlite3VdbeAddParseSchemaOp(Vdbe *p, int iDb, char *zWhere){
+  int j;
+  int addr = sqlite3VdbeAddOp3(p, OP_ParseSchema, iDb, 0, 0);
+  sqlite3VdbeChangeP4(p, addr, zWhere, P4_DYNAMIC);
+  for(j=0; j<p->db->nDb; j++) sqlite3VdbeUsesBtree(p, j);
+}
+
+/*
+** Add an opcode that includes the p4 value as an integer.
+*/
+SQLITE_PRIVATE int sqlite3VdbeAddOp4Int(
+  Vdbe *p,            /* Add the opcode to this VM */
+  int op,             /* The new opcode */
+  int p1,             /* The P1 operand */
+  int p2,             /* The P2 operand */
+  int p3,             /* The P3 operand */
+  int p4              /* The P4 operand as an integer */
+){
+  int addr = sqlite3VdbeAddOp3(p, op, p1, p2, p3);
+  sqlite3VdbeChangeP4(p, addr, SQLITE_INT_TO_PTR(p4), P4_INT32);
+  return addr;
+}
+
+/*
+** Create a new symbolic label for an instruction that has yet to be
+** coded.  The symbolic label is really just a negative number.  The
+** label can be used as the P2 value of an operation.  Later, when
+** the label is resolved to a specific address, the VDBE will scan
+** through its operation list and change all values of P2 which match
+** the label into the resolved address.
+**
+** The VDBE knows that a P2 value is a label because labels are
+** always negative and P2 values are suppose to be non-negative.
+** Hence, a negative P2 value is a label that has yet to be resolved.
+**
+** Zero is returned if a malloc() fails.
+*/
+SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Vdbe *v){
+  Parse *p = v->pParse;
+  int i = p->nLabel++;
+  assert( v->magic==VDBE_MAGIC_INIT );
+  if( (i & (i-1))==0 ){
+    p->aLabel = sqlite3DbReallocOrFree(p->db, p->aLabel, 
+                                       (i*2+1)*sizeof(p->aLabel[0]));
+  }
+  if( p->aLabel ){
+    p->aLabel[i] = -1;
+  }
+  return ADDR(i);
+}
+
+/*
+** Resolve label "x" to be the address of the next instruction to
+** be inserted.  The parameter "x" must have been obtained from
+** a prior call to sqlite3VdbeMakeLabel().
+*/
+SQLITE_PRIVATE void sqlite3VdbeResolveLabel(Vdbe *v, int x){
+  Parse *p = v->pParse;
+  int j = ADDR(x);
+  assert( v->magic==VDBE_MAGIC_INIT );
+  assert( j<p->nLabel );
+  assert( j>=0 );
+  if( p->aLabel ){
+    p->aLabel[j] = v->nOp;
+  }
+  p->iFixedOp = v->nOp - 1;
+}
+
+/*
+** Mark the VDBE as one that can only be run one time.
+*/
+SQLITE_PRIVATE void sqlite3VdbeRunOnlyOnce(Vdbe *p){
+  p->runOnlyOnce = 1;
+}
+
+#ifdef SQLITE_DEBUG /* sqlite3AssertMayAbort() logic */
+
+/*
+** The following type and function are used to iterate through all opcodes
+** in a Vdbe main program and each of the sub-programs (triggers) it may 
+** invoke directly or indirectly. It should be used as follows:
+**
+**   Op *pOp;
+**   VdbeOpIter sIter;
+**
+**   memset(&sIter, 0, sizeof(sIter));
+**   sIter.v = v;                            // v is of type Vdbe* 
+**   while( (pOp = opIterNext(&sIter)) ){
+**     // Do something with pOp
+**   }
+**   sqlite3DbFree(v->db, sIter.apSub);
+** 
+*/
+typedef struct VdbeOpIter VdbeOpIter;
+struct VdbeOpIter {
+  Vdbe *v;                   /* Vdbe to iterate through the opcodes of */
+  SubProgram **apSub;        /* Array of subprograms */
+  int nSub;                  /* Number of entries in apSub */
+  int iAddr;                 /* Address of next instruction to return */
+  int iSub;                  /* 0 = main program, 1 = first sub-program etc. */
+};
+static Op *opIterNext(VdbeOpIter *p){
+  Vdbe *v = p->v;
+  Op *pRet = 0;
+  Op *aOp;
+  int nOp;
+
+  if( p->iSub<=p->nSub ){
+
+    if( p->iSub==0 ){
+      aOp = v->aOp;
+      nOp = v->nOp;
+    }else{
+      aOp = p->apSub[p->iSub-1]->aOp;
+      nOp = p->apSub[p->iSub-1]->nOp;
+    }
+    assert( p->iAddr<nOp );
+
+    pRet = &aOp[p->iAddr];
+    p->iAddr++;
+    if( p->iAddr==nOp ){
+      p->iSub++;
+      p->iAddr = 0;
+    }
+  
+    if( pRet->p4type==P4_SUBPROGRAM ){
+      int nByte = (p->nSub+1)*sizeof(SubProgram*);
+      int j;
+      for(j=0; j<p->nSub; j++){
+        if( p->apSub[j]==pRet->p4.pProgram ) break;
+      }
+      if( j==p->nSub ){
+        p->apSub = sqlite3DbReallocOrFree(v->db, p->apSub, nByte);
+        if( !p->apSub ){
+          pRet = 0;
+        }else{
+          p->apSub[p->nSub++] = pRet->p4.pProgram;
+        }
+      }
+    }
+  }
+
+  return pRet;
+}
+
+/*
+** Check if the program stored in the VM associated with pParse may
+** throw an ABORT exception (causing the statement, but not entire transaction
+** to be rolled back). This condition is true if the main program or any
+** sub-programs contains any of the following:
+**
+**   *  OP_Halt with P1=SQLITE_CONSTRAINT and P2=OE_Abort.
+**   *  OP_HaltIfNull with P1=SQLITE_CONSTRAINT and P2=OE_Abort.
+**   *  OP_Destroy
+**   *  OP_VUpdate
+**   *  OP_VRename
+**   *  OP_FkCounter with P2==0 (immediate foreign key constraint)
+**   *  OP_CreateTable and OP_InitCoroutine (for CREATE TABLE AS SELECT ...)
+**
+** Then check that the value of Parse.mayAbort is true if an
+** ABORT may be thrown, or false otherwise. Return true if it does
+** match, or false otherwise. This function is intended to be used as
+** part of an assert statement in the compiler. Similar to:
+**
+**   assert( sqlite3VdbeAssertMayAbort(pParse->pVdbe, pParse->mayAbort) );
+*/
+SQLITE_PRIVATE int sqlite3VdbeAssertMayAbort(Vdbe *v, int mayAbort){
+  int hasAbort = 0;
+  int hasFkCounter = 0;
+  int hasCreateTable = 0;
+  int hasInitCoroutine = 0;
+  Op *pOp;
+  VdbeOpIter sIter;
+  memset(&sIter, 0, sizeof(sIter));
+  sIter.v = v;
+
+  while( (pOp = opIterNext(&sIter))!=0 ){
+    int opcode = pOp->opcode;
+    if( opcode==OP_Destroy || opcode==OP_VUpdate || opcode==OP_VRename 
+     || ((opcode==OP_Halt || opcode==OP_HaltIfNull) 
+      && ((pOp->p1&0xff)==SQLITE_CONSTRAINT && pOp->p2==OE_Abort))
+    ){
+      hasAbort = 1;
+      break;
+    }
+    if( opcode==OP_CreateTable ) hasCreateTable = 1;
+    if( opcode==OP_InitCoroutine ) hasInitCoroutine = 1;
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+    if( opcode==OP_FkCounter && pOp->p1==0 && pOp->p2==1 ){
+      hasFkCounter = 1;
+    }
+#endif
+  }
+  sqlite3DbFree(v->db, sIter.apSub);
+
+  /* Return true if hasAbort==mayAbort. Or if a malloc failure occurred.
+  ** If malloc failed, then the while() loop above may not have iterated
+  ** through all opcodes and hasAbort may be set incorrectly. Return
+  ** true for this case to prevent the assert() in the callers frame
+  ** from failing.  */
+  return ( v->db->mallocFailed || hasAbort==mayAbort || hasFkCounter
+              || (hasCreateTable && hasInitCoroutine) );
+}
+#endif /* SQLITE_DEBUG - the sqlite3AssertMayAbort() function */
+
+/*
+** This routine is called after all opcodes have been inserted.  It loops
+** through all the opcodes and fixes up some details.
+**
+** (1) For each jump instruction with a negative P2 value (a label)
+**     resolve the P2 value to an actual address.
+**
+** (2) Compute the maximum number of arguments used by any SQL function
+**     and store that value in *pMaxFuncArgs.
+**
+** (3) Update the Vdbe.readOnly and Vdbe.bIsReader flags to accurately
+**     indicate what the prepared statement actually does.
+**
+** (4) Initialize the p4.xAdvance pointer on opcodes that use it.
+**
+** (5) Reclaim the memory allocated for storing labels.
+*/
+static void resolveP2Values(Vdbe *p, int *pMaxFuncArgs){
+  int i;
+  int nMaxArgs = *pMaxFuncArgs;
+  Op *pOp;
+  Parse *pParse = p->pParse;
+  int *aLabel = pParse->aLabel;
+  p->readOnly = 1;
+  p->bIsReader = 0;
+  for(pOp=p->aOp, i=p->nOp-1; i>=0; i--, pOp++){
+    u8 opcode = pOp->opcode;
+
+    /* NOTE: Be sure to update mkopcodeh.awk when adding or removing
+    ** cases from this switch! */
+    switch( opcode ){
+      case OP_Transaction: {
+        if( pOp->p2!=0 ) p->readOnly = 0;
+        /* fall thru */
+      }
+      case OP_AutoCommit:
+      case OP_Savepoint: {
+        p->bIsReader = 1;
+        break;
+      }
+#ifndef SQLITE_OMIT_WAL
+      case OP_Checkpoint:
+#endif
+      case OP_Vacuum:
+      case OP_JournalMode: {
+        p->readOnly = 0;
+        p->bIsReader = 1;
+        break;
+      }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+      case OP_VUpdate: {
+        if( pOp->p2>nMaxArgs ) nMaxArgs = pOp->p2;
+        break;
+      }
+      case OP_VFilter: {
+        int n;
+        assert( p->nOp - i >= 3 );
+        assert( pOp[-1].opcode==OP_Integer );
+        n = pOp[-1].p1;
+        if( n>nMaxArgs ) nMaxArgs = n;
+        break;
+      }
+#endif
+      case OP_Next:
+      case OP_NextIfOpen:
+      case OP_SorterNext: {
+        pOp->p4.xAdvance = sqlite3BtreeNext;
+        pOp->p4type = P4_ADVANCE;
+        break;
+      }
+      case OP_Prev:
+      case OP_PrevIfOpen: {
+        pOp->p4.xAdvance = sqlite3BtreePrevious;
+        pOp->p4type = P4_ADVANCE;
+        break;
+      }
+    }
+
+    pOp->opflags = sqlite3OpcodeProperty[opcode];
+    if( (pOp->opflags & OPFLG_JUMP)!=0 && pOp->p2<0 ){
+      assert( ADDR(pOp->p2)<pParse->nLabel );
+      pOp->p2 = aLabel[ADDR(pOp->p2)];
+    }
+  }
+  sqlite3DbFree(p->db, pParse->aLabel);
+  pParse->aLabel = 0;
+  pParse->nLabel = 0;
+  *pMaxFuncArgs = nMaxArgs;
+  assert( p->bIsReader!=0 || DbMaskAllZero(p->btreeMask) );
+}
+
+/*
+** Return the address of the next instruction to be inserted.
+*/
+SQLITE_PRIVATE int sqlite3VdbeCurrentAddr(Vdbe *p){
+  assert( p->magic==VDBE_MAGIC_INIT );
+  return p->nOp;
+}
+
+/*
+** This function returns a pointer to the array of opcodes associated with
+** the Vdbe passed as the first argument. It is the callers responsibility
+** to arrange for the returned array to be eventually freed using the 
+** vdbeFreeOpArray() function.
+**
+** Before returning, *pnOp is set to the number of entries in the returned
+** array. Also, *pnMaxArg is set to the larger of its current value and 
+** the number of entries in the Vdbe.apArg[] array required to execute the 
+** returned program.
+*/
+SQLITE_PRIVATE VdbeOp *sqlite3VdbeTakeOpArray(Vdbe *p, int *pnOp, int *pnMaxArg){
+  VdbeOp *aOp = p->aOp;
+  assert( aOp && !p->db->mallocFailed );
+
+  /* Check that sqlite3VdbeUsesBtree() was not called on this VM */
+  assert( DbMaskAllZero(p->btreeMask) );
+
+  resolveP2Values(p, pnMaxArg);
+  *pnOp = p->nOp;
+  p->aOp = 0;
+  return aOp;
+}
+
+/*
+** Add a whole list of operations to the operation stack.  Return the
+** address of the first operation added.
+*/
+SQLITE_PRIVATE int sqlite3VdbeAddOpList(Vdbe *p, int nOp, VdbeOpList const *aOp, int iLineno){
+  int addr, i;
+  VdbeOp *pOut;
+  assert( nOp>0 );
+  assert( p->magic==VDBE_MAGIC_INIT );
+  if( p->nOp + nOp > p->pParse->nOpAlloc && growOpArray(p, nOp) ){
+    return 0;
+  }
+  addr = p->nOp;
+  pOut = &p->aOp[addr];
+  for(i=0; i<nOp; i++, aOp++, pOut++){
+    pOut->opcode = aOp->opcode;
+    pOut->p1 = aOp->p1;
+    pOut->p2 = aOp->p2;
+    assert( aOp->p2>=0 );
+    pOut->p3 = aOp->p3;
+    pOut->p4type = P4_NOTUSED;
+    pOut->p4.p = 0;
+    pOut->p5 = 0;
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+    pOut->zComment = 0;
+#endif
+#ifdef SQLITE_VDBE_COVERAGE
+    pOut->iSrcLine = iLineno+i;
+#else
+    (void)iLineno;
+#endif
+#ifdef SQLITE_DEBUG
+    if( p->db->flags & SQLITE_VdbeAddopTrace ){
+      sqlite3VdbePrintOp(0, i+addr, &p->aOp[i+addr]);
+    }
+#endif
+  }
+  p->nOp += nOp;
+  return addr;
+}
+
+#if defined(SQLITE_ENABLE_STMT_SCANSTATUS)
+/*
+** Add an entry to the array of counters managed by sqlite3_stmt_scanstatus().
+*/
+SQLITE_PRIVATE void sqlite3VdbeScanStatus(
+  Vdbe *p,                        /* VM to add scanstatus() to */
+  int addrExplain,                /* Address of OP_Explain (or 0) */
+  int addrLoop,                   /* Address of loop counter */ 
+  int addrVisit,                  /* Address of rows visited counter */
+  LogEst nEst,                    /* Estimated number of output rows */
+  const char *zName               /* Name of table or index being scanned */
+){
+  int nByte = (p->nScan+1) * sizeof(ScanStatus);
+  ScanStatus *aNew;
+  aNew = (ScanStatus*)sqlite3DbRealloc(p->db, p->aScan, nByte);
+  if( aNew ){
+    ScanStatus *pNew = &aNew[p->nScan++];
+    pNew->addrExplain = addrExplain;
+    pNew->addrLoop = addrLoop;
+    pNew->addrVisit = addrVisit;
+    pNew->nEst = nEst;
+    pNew->zName = sqlite3DbStrDup(p->db, zName);
+    p->aScan = aNew;
+  }
+}
+#endif
+
+
+/*
+** Change the value of the opcode, or P1, P2, P3, or P5 operands
+** for a specific instruction.
+*/
+SQLITE_PRIVATE void sqlite3VdbeChangeOpcode(Vdbe *p, u32 addr, u8 iNewOpcode){
+  sqlite3VdbeGetOp(p,addr)->opcode = iNewOpcode;
+}
+SQLITE_PRIVATE void sqlite3VdbeChangeP1(Vdbe *p, u32 addr, int val){
+  sqlite3VdbeGetOp(p,addr)->p1 = val;
+}
+SQLITE_PRIVATE void sqlite3VdbeChangeP2(Vdbe *p, u32 addr, int val){
+  sqlite3VdbeGetOp(p,addr)->p2 = val;
+}
+SQLITE_PRIVATE void sqlite3VdbeChangeP3(Vdbe *p, u32 addr, int val){
+  sqlite3VdbeGetOp(p,addr)->p3 = val;
+}
+SQLITE_PRIVATE void sqlite3VdbeChangeP5(Vdbe *p, u8 p5){
+  sqlite3VdbeGetOp(p,-1)->p5 = p5;
+}
+
+/*
+** Change the P2 operand of instruction addr so that it points to
+** the address of the next instruction to be coded.
+*/
+SQLITE_PRIVATE void sqlite3VdbeJumpHere(Vdbe *p, int addr){
+  p->pParse->iFixedOp = p->nOp - 1;
+  sqlite3VdbeChangeP2(p, addr, p->nOp);
+}
+
+
+/*
+** If the input FuncDef structure is ephemeral, then free it.  If
+** the FuncDef is not ephermal, then do nothing.
+*/
+static void freeEphemeralFunction(sqlite3 *db, FuncDef *pDef){
+  if( ALWAYS(pDef) && (pDef->funcFlags & SQLITE_FUNC_EPHEM)!=0 ){
+    sqlite3DbFree(db, pDef);
+  }
+}
+
+static void vdbeFreeOpArray(sqlite3 *, Op *, int);
+
+/*
+** Delete a P4 value if necessary.
+*/
+static void freeP4(sqlite3 *db, int p4type, void *p4){
+  if( p4 ){
+    assert( db );
+    switch( p4type ){
+      case P4_FUNCCTX: {
+        freeEphemeralFunction(db, ((sqlite3_context*)p4)->pFunc);
+        /* Fall through into the next case */
+      }
+      case P4_REAL:
+      case P4_INT64:
+      case P4_DYNAMIC:
+      case P4_INTARRAY: {
+        sqlite3DbFree(db, p4);
+        break;
+      }
+      case P4_KEYINFO: {
+        if( db->pnBytesFreed==0 ) sqlite3KeyInfoUnref((KeyInfo*)p4);
+        break;
+      }
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+      case P4_EXPR: {
+        sqlite3ExprDelete(db, (Expr*)p4);
+        break;
+      }
+#endif
+      case P4_MPRINTF: {
+        if( db->pnBytesFreed==0 ) sqlite3_free(p4);
+        break;
+      }
+      case P4_FUNCDEF: {
+        freeEphemeralFunction(db, (FuncDef*)p4);
+        break;
+      }
+      case P4_MEM: {
+        if( db->pnBytesFreed==0 ){
+          sqlite3ValueFree((sqlite3_value*)p4);
+        }else{
+          Mem *p = (Mem*)p4;
+          if( p->szMalloc ) sqlite3DbFree(db, p->zMalloc);
+          sqlite3DbFree(db, p);
+        }
+        break;
+      }
+      case P4_VTAB : {
+        if( db->pnBytesFreed==0 ) sqlite3VtabUnlock((VTable *)p4);
+        break;
+      }
+    }
+  }
+}
+
+/*
+** Free the space allocated for aOp and any p4 values allocated for the
+** opcodes contained within. If aOp is not NULL it is assumed to contain 
+** nOp entries. 
+*/
+static void vdbeFreeOpArray(sqlite3 *db, Op *aOp, int nOp){
+  if( aOp ){
+    Op *pOp;
+    for(pOp=aOp; pOp<&aOp[nOp]; pOp++){
+      freeP4(db, pOp->p4type, pOp->p4.p);
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+      sqlite3DbFree(db, pOp->zComment);
+#endif     
+    }
+  }
+  sqlite3DbFree(db, aOp);
+}
+
+/*
+** Link the SubProgram object passed as the second argument into the linked
+** list at Vdbe.pSubProgram. This list is used to delete all sub-program
+** objects when the VM is no longer required.
+*/
+SQLITE_PRIVATE void sqlite3VdbeLinkSubProgram(Vdbe *pVdbe, SubProgram *p){
+  p->pNext = pVdbe->pProgram;
+  pVdbe->pProgram = p;
+}
+
+/*
+** Change the opcode at addr into OP_Noop
+*/
+SQLITE_PRIVATE void sqlite3VdbeChangeToNoop(Vdbe *p, int addr){
+  if( addr<p->nOp ){
+    VdbeOp *pOp = &p->aOp[addr];
+    sqlite3 *db = p->db;
+    freeP4(db, pOp->p4type, pOp->p4.p);
+    memset(pOp, 0, sizeof(pOp[0]));
+    pOp->opcode = OP_Noop;
+  }
+}
+
+/*
+** If the last opcode is "op" and it is not a jump destination,
+** then remove it.  Return true if and only if an opcode was removed.
+*/
+SQLITE_PRIVATE int sqlite3VdbeDeletePriorOpcode(Vdbe *p, u8 op){
+  if( (p->nOp-1)>(p->pParse->iFixedOp) && p->aOp[p->nOp-1].opcode==op ){
+    sqlite3VdbeChangeToNoop(p, p->nOp-1);
+    return 1;
+  }else{
+    return 0;
+  }
+}
+
+/*
+** Change the value of the P4 operand for a specific instruction.
+** This routine is useful when a large program is loaded from a
+** static array using sqlite3VdbeAddOpList but we want to make a
+** few minor changes to the program.
+**
+** If n>=0 then the P4 operand is dynamic, meaning that a copy of
+** the string is made into memory obtained from sqlite3_malloc().
+** A value of n==0 means copy bytes of zP4 up to and including the
+** first null byte.  If n>0 then copy n+1 bytes of zP4.
+** 
+** Other values of n (P4_STATIC, P4_COLLSEQ etc.) indicate that zP4 points
+** to a string or structure that is guaranteed to exist for the lifetime of
+** the Vdbe. In these cases we can just copy the pointer.
+**
+** If addr<0 then change P4 on the most recently inserted instruction.
+*/
+SQLITE_PRIVATE void sqlite3VdbeChangeP4(Vdbe *p, int addr, const char *zP4, int n){
+  Op *pOp;
+  sqlite3 *db;
+  assert( p!=0 );
+  db = p->db;
+  assert( p->magic==VDBE_MAGIC_INIT );
+  if( p->aOp==0 || db->mallocFailed ){
+    if( n!=P4_VTAB ){
+      freeP4(db, n, (void*)*(char**)&zP4);
+    }
+    return;
+  }
+  assert( p->nOp>0 );
+  assert( addr<p->nOp );
+  if( addr<0 ){
+    addr = p->nOp - 1;
+  }
+  pOp = &p->aOp[addr];
+  assert( pOp->p4type==P4_NOTUSED
+       || pOp->p4type==P4_INT32
+       || pOp->p4type==P4_KEYINFO );
+  freeP4(db, pOp->p4type, pOp->p4.p);
+  pOp->p4.p = 0;
+  if( n==P4_INT32 ){
+    /* Note: this cast is safe, because the origin data point was an int
+    ** that was cast to a (const char *). */
+    pOp->p4.i = SQLITE_PTR_TO_INT(zP4);
+    pOp->p4type = P4_INT32;
+  }else if( zP4==0 ){
+    pOp->p4.p = 0;
+    pOp->p4type = P4_NOTUSED;
+  }else if( n==P4_KEYINFO ){
+    pOp->p4.p = (void*)zP4;
+    pOp->p4type = P4_KEYINFO;
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+  }else if( n==P4_EXPR ){
+    /* Responsibility for deleting the Expr tree is handed over to the
+    ** VDBE by this operation.  The caller should have already invoked
+    ** sqlite3ExprDup() or whatever other routine is needed to make a 
+    ** private copy of the tree. */
+    pOp->p4.pExpr = (Expr*)zP4;
+    pOp->p4type = P4_EXPR;
+#endif
+  }else if( n==P4_VTAB ){
+    pOp->p4.p = (void*)zP4;
+    pOp->p4type = P4_VTAB;
+    sqlite3VtabLock((VTable *)zP4);
+    assert( ((VTable *)zP4)->db==p->db );
+  }else if( n<0 ){
+    pOp->p4.p = (void*)zP4;
+    pOp->p4type = (signed char)n;
+  }else{
+    if( n==0 ) n = sqlite3Strlen30(zP4);
+    pOp->p4.z = sqlite3DbStrNDup(p->db, zP4, n);
+    pOp->p4type = P4_DYNAMIC;
+  }
+}
+
+/*
+** Set the P4 on the most recently added opcode to the KeyInfo for the
+** index given.
+*/
+SQLITE_PRIVATE void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
+  Vdbe *v = pParse->pVdbe;
+  assert( v!=0 );
+  assert( pIdx!=0 );
+  sqlite3VdbeChangeP4(v, -1, (char*)sqlite3KeyInfoOfIndex(pParse, pIdx),
+                      P4_KEYINFO);
+}
+
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+/*
+** Change the comment on the most recently coded instruction.  Or
+** insert a No-op and add the comment to that new instruction.  This
+** makes the code easier to read during debugging.  None of this happens
+** in a production build.
+*/
+static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
+  assert( p->nOp>0 || p->aOp==0 );
+  assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
+  if( p->nOp ){
+    assert( p->aOp );
+    sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);
+    p->aOp[p->nOp-1].zComment = sqlite3VMPrintf(p->db, zFormat, ap);
+  }
+}
+SQLITE_PRIVATE void sqlite3VdbeComment(Vdbe *p, const char *zFormat, ...){
+  va_list ap;
+  if( p ){
+    va_start(ap, zFormat);
+    vdbeVComment(p, zFormat, ap);
+    va_end(ap);
+  }
+}
+SQLITE_PRIVATE void sqlite3VdbeNoopComment(Vdbe *p, const char *zFormat, ...){
+  va_list ap;
+  if( p ){
+    sqlite3VdbeAddOp0(p, OP_Noop);
+    va_start(ap, zFormat);
+    vdbeVComment(p, zFormat, ap);
+    va_end(ap);
+  }
+}
+#endif  /* NDEBUG */
+
+#ifdef SQLITE_VDBE_COVERAGE
+/*
+** Set the value if the iSrcLine field for the previously coded instruction.
+*/
+SQLITE_PRIVATE void sqlite3VdbeSetLineNumber(Vdbe *v, int iLine){
+  sqlite3VdbeGetOp(v,-1)->iSrcLine = iLine;
+}
+#endif /* SQLITE_VDBE_COVERAGE */
+
+/*
+** Return the opcode for a given address.  If the address is -1, then
+** return the most recently inserted opcode.
+**
+** If a memory allocation error has occurred prior to the calling of this
+** routine, then a pointer to a dummy VdbeOp will be returned.  That opcode
+** is readable but not writable, though it is cast to a writable value.
+** The return of a dummy opcode allows the call to continue functioning
+** after an OOM fault without having to check to see if the return from 
+** this routine is a valid pointer.  But because the dummy.opcode is 0,
+** dummy will never be written to.  This is verified by code inspection and
+** by running with Valgrind.
+*/
+SQLITE_PRIVATE VdbeOp *sqlite3VdbeGetOp(Vdbe *p, int addr){
+  /* C89 specifies that the constant "dummy" will be initialized to all
+  ** zeros, which is correct.  MSVC generates a warning, nevertheless. */
+  static VdbeOp dummy;  /* Ignore the MSVC warning about no initializer */
+  assert( p->magic==VDBE_MAGIC_INIT );
+  if( addr<0 ){
+    addr = p->nOp - 1;
+  }
+  assert( (addr>=0 && addr<p->nOp) || p->db->mallocFailed );
+  if( p->db->mallocFailed ){
+    return (VdbeOp*)&dummy;
+  }else{
+    return &p->aOp[addr];
+  }
+}
+
+#if defined(SQLITE_ENABLE_EXPLAIN_COMMENTS)
+/*
+** Return an integer value for one of the parameters to the opcode pOp
+** determined by character c.
+*/
+static int translateP(char c, const Op *pOp){
+  if( c=='1' ) return pOp->p1;
+  if( c=='2' ) return pOp->p2;
+  if( c=='3' ) return pOp->p3;
+  if( c=='4' ) return pOp->p4.i;
+  return pOp->p5;
+}
+
+/*
+** Compute a string for the "comment" field of a VDBE opcode listing.
+**
+** The Synopsis: field in comments in the vdbe.c source file gets converted
+** to an extra string that is appended to the sqlite3OpcodeName().  In the
+** absence of other comments, this synopsis becomes the comment on the opcode.
+** Some translation occurs:
+**
+**       "PX"      ->  "r[X]"
+**       "PX@PY"   ->  "r[X..X+Y-1]"  or "r[x]" if y is 0 or 1
+**       "PX@PY+1" ->  "r[X..X+Y]"    or "r[x]" if y is 0
+**       "PY..PY"  ->  "r[X..Y]"      or "r[x]" if y<=x
+*/
+static int displayComment(
+  const Op *pOp,     /* The opcode to be commented */
+  const char *zP4,   /* Previously obtained value for P4 */
+  char *zTemp,       /* Write result here */
+  int nTemp          /* Space available in zTemp[] */
+){
+  const char *zOpName;
+  const char *zSynopsis;
+  int nOpName;
+  int ii, jj;
+  zOpName = sqlite3OpcodeName(pOp->opcode);
+  nOpName = sqlite3Strlen30(zOpName);
+  if( zOpName[nOpName+1] ){
+    int seenCom = 0;
+    char c;
+    zSynopsis = zOpName += nOpName + 1;
+    for(ii=jj=0; jj<nTemp-1 && (c = zSynopsis[ii])!=0; ii++){
+      if( c=='P' ){
+        c = zSynopsis[++ii];
+        if( c=='4' ){
+          sqlite3_snprintf(nTemp-jj, zTemp+jj, "%s", zP4);
+        }else if( c=='X' ){
+          sqlite3_snprintf(nTemp-jj, zTemp+jj, "%s", pOp->zComment);
+          seenCom = 1;
+        }else{
+          int v1 = translateP(c, pOp);
+          int v2;
+          sqlite3_snprintf(nTemp-jj, zTemp+jj, "%d", v1);
+          if( strncmp(zSynopsis+ii+1, "@P", 2)==0 ){
+            ii += 3;
+            jj += sqlite3Strlen30(zTemp+jj);
+            v2 = translateP(zSynopsis[ii], pOp);
+            if( strncmp(zSynopsis+ii+1,"+1",2)==0 ){
+              ii += 2;
+              v2++;
+            }
+            if( v2>1 ){
+              sqlite3_snprintf(nTemp-jj, zTemp+jj, "..%d", v1+v2-1);
+            }
+          }else if( strncmp(zSynopsis+ii+1, "..P3", 4)==0 && pOp->p3==0 ){
+            ii += 4;
+          }
+        }
+        jj += sqlite3Strlen30(zTemp+jj);
+      }else{
+        zTemp[jj++] = c;
+      }
+    }
+    if( !seenCom && jj<nTemp-5 && pOp->zComment ){
+      sqlite3_snprintf(nTemp-jj, zTemp+jj, "; %s", pOp->zComment);
+      jj += sqlite3Strlen30(zTemp+jj);
+    }
+    if( jj<nTemp ) zTemp[jj] = 0;
+  }else if( pOp->zComment ){
+    sqlite3_snprintf(nTemp, zTemp, "%s", pOp->zComment);
+    jj = sqlite3Strlen30(zTemp);
+  }else{
+    zTemp[0] = 0;
+    jj = 0;
+  }
+  return jj;
+}
+#endif /* SQLITE_DEBUG */
+
+#if VDBE_DISPLAY_P4 && defined(SQLITE_ENABLE_CURSOR_HINTS)
+/*
+** Translate the P4.pExpr value for an OP_CursorHint opcode into text
+** that can be displayed in the P4 column of EXPLAIN output.
+*/
+static int displayP4Expr(int nTemp, char *zTemp, Expr *pExpr){
+  const char *zOp = 0;
+  int n;
+  switch( pExpr->op ){
+    case TK_STRING:
+      sqlite3_snprintf(nTemp, zTemp, "%Q", pExpr->u.zToken);
+      break;
+    case TK_INTEGER:
+      sqlite3_snprintf(nTemp, zTemp, "%d", pExpr->u.iValue);
+      break;
+    case TK_NULL:
+      sqlite3_snprintf(nTemp, zTemp, "NULL");
+      break;
+    case TK_REGISTER: {
+      sqlite3_snprintf(nTemp, zTemp, "r[%d]", pExpr->iTable);
+      break;
+    }
+    case TK_COLUMN: {
+      if( pExpr->iColumn<0 ){
+        sqlite3_snprintf(nTemp, zTemp, "rowid");
+      }else{
+        sqlite3_snprintf(nTemp, zTemp, "c%d", (int)pExpr->iColumn);
+      }
+      break;
+    }
+    case TK_LT:      zOp = "LT";      break;
+    case TK_LE:      zOp = "LE";      break;
+    case TK_GT:      zOp = "GT";      break;
+    case TK_GE:      zOp = "GE";      break;
+    case TK_NE:      zOp = "NE";      break;
+    case TK_EQ:      zOp = "EQ";      break;
+    case TK_IS:      zOp = "IS";      break;
+    case TK_ISNOT:   zOp = "ISNOT";   break;
+    case TK_AND:     zOp = "AND";     break;
+    case TK_OR:      zOp = "OR";      break;
+    case TK_PLUS:    zOp = "ADD";     break;
+    case TK_STAR:    zOp = "MUL";     break;
+    case TK_MINUS:   zOp = "SUB";     break;
+    case TK_REM:     zOp = "REM";     break;
+    case TK_BITAND:  zOp = "BITAND";  break;
+    case TK_BITOR:   zOp = "BITOR";   break;
+    case TK_SLASH:   zOp = "DIV";     break;
+    case TK_LSHIFT:  zOp = "LSHIFT";  break;
+    case TK_RSHIFT:  zOp = "RSHIFT";  break;
+    case TK_CONCAT:  zOp = "CONCAT";  break;
+    case TK_UMINUS:  zOp = "MINUS";   break;
+    case TK_UPLUS:   zOp = "PLUS";    break;
+    case TK_BITNOT:  zOp = "BITNOT";  break;
+    case TK_NOT:     zOp = "NOT";     break;
+    case TK_ISNULL:  zOp = "ISNULL";  break;
+    case TK_NOTNULL: zOp = "NOTNULL"; break;
+
+    default:
+      sqlite3_snprintf(nTemp, zTemp, "%s", "expr");
+      break;
+  }
+
+  if( zOp ){
+    sqlite3_snprintf(nTemp, zTemp, "%s(", zOp);
+    n = sqlite3Strlen30(zTemp);
+    n += displayP4Expr(nTemp-n, zTemp+n, pExpr->pLeft);
+    if( n<nTemp-1 && pExpr->pRight ){
+      zTemp[n++] = ',';
+      n += displayP4Expr(nTemp-n, zTemp+n, pExpr->pRight);
+    }
+    sqlite3_snprintf(nTemp-n, zTemp+n, ")");
+  }
+  return sqlite3Strlen30(zTemp);
+}
+#endif /* VDBE_DISPLAY_P4 && defined(SQLITE_ENABLE_CURSOR_HINTS) */
+
+
+#if VDBE_DISPLAY_P4
+/*
+** Compute a string that describes the P4 parameter for an opcode.
+** Use zTemp for any required temporary buffer space.
+*/
+static char *displayP4(Op *pOp, char *zTemp, int nTemp){
+  char *zP4 = zTemp;
+  assert( nTemp>=20 );
+  switch( pOp->p4type ){
+    case P4_KEYINFO: {
+      int i, j;
+      KeyInfo *pKeyInfo = pOp->p4.pKeyInfo;
+      assert( pKeyInfo->aSortOrder!=0 );
+      sqlite3_snprintf(nTemp, zTemp, "k(%d", pKeyInfo->nField);
+      i = sqlite3Strlen30(zTemp);
+      for(j=0; j<pKeyInfo->nField; j++){
+        CollSeq *pColl = pKeyInfo->aColl[j];
+        const char *zColl = pColl ? pColl->zName : "nil";
+        int n = sqlite3Strlen30(zColl);
+        if( n==6 && memcmp(zColl,"BINARY",6)==0 ){
+          zColl = "B";
+          n = 1;
+        }
+        if( i+n>nTemp-7 ){
+          memcpy(&zTemp[i],",...",4);
+          i += 4;
+          break;
+        }
+        zTemp[i++] = ',';
+        if( pKeyInfo->aSortOrder[j] ){
+          zTemp[i++] = '-';
+        }
+        memcpy(&zTemp[i], zColl, n+1);
+        i += n;
+      }
+      zTemp[i++] = ')';
+      zTemp[i] = 0;
+      assert( i<nTemp );
+      break;
+    }
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+    case P4_EXPR: {
+      displayP4Expr(nTemp, zTemp, pOp->p4.pExpr);
+      break;
+    }
+#endif
+    case P4_COLLSEQ: {
+      CollSeq *pColl = pOp->p4.pColl;
+      sqlite3_snprintf(nTemp, zTemp, "(%.20s)", pColl->zName);
+      break;
+    }
+    case P4_FUNCDEF: {
+      FuncDef *pDef = pOp->p4.pFunc;
+      sqlite3_snprintf(nTemp, zTemp, "%s(%d)", pDef->zName, pDef->nArg);
+      break;
+    }
+#ifdef SQLITE_DEBUG
+    case P4_FUNCCTX: {
+      FuncDef *pDef = pOp->p4.pCtx->pFunc;
+      sqlite3_snprintf(nTemp, zTemp, "%s(%d)", pDef->zName, pDef->nArg);
+      break;
+    }
+#endif
+    case P4_INT64: {
+      sqlite3_snprintf(nTemp, zTemp, "%lld", *pOp->p4.pI64);
+      break;
+    }
+    case P4_INT32: {
+      sqlite3_snprintf(nTemp, zTemp, "%d", pOp->p4.i);
+      break;
+    }
+    case P4_REAL: {
+      sqlite3_snprintf(nTemp, zTemp, "%.16g", *pOp->p4.pReal);
+      break;
+    }
+    case P4_MEM: {
+      Mem *pMem = pOp->p4.pMem;
+      if( pMem->flags & MEM_Str ){
+        zP4 = pMem->z;
+      }else if( pMem->flags & MEM_Int ){
+        sqlite3_snprintf(nTemp, zTemp, "%lld", pMem->u.i);
+      }else if( pMem->flags & MEM_Real ){
+        sqlite3_snprintf(nTemp, zTemp, "%.16g", pMem->u.r);
+      }else if( pMem->flags & MEM_Null ){
+        sqlite3_snprintf(nTemp, zTemp, "NULL");
+      }else{
+        assert( pMem->flags & MEM_Blob );
+        zP4 = "(blob)";
+      }
+      break;
+    }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    case P4_VTAB: {
+      sqlite3_vtab *pVtab = pOp->p4.pVtab->pVtab;
+      sqlite3_snprintf(nTemp, zTemp, "vtab:%p", pVtab);
+      break;
+    }
+#endif
+    case P4_INTARRAY: {
+      sqlite3_snprintf(nTemp, zTemp, "intarray");
+      break;
+    }
+    case P4_SUBPROGRAM: {
+      sqlite3_snprintf(nTemp, zTemp, "program");
+      break;
+    }
+    case P4_ADVANCE: {
+      zTemp[0] = 0;
+      break;
+    }
+    default: {
+      zP4 = pOp->p4.z;
+      if( zP4==0 ){
+        zP4 = zTemp;
+        zTemp[0] = 0;
+      }
+    }
+  }
+  assert( zP4!=0 );
+  return zP4;
+}
+#endif /* VDBE_DISPLAY_P4 */
+
+/*
+** Declare to the Vdbe that the BTree object at db->aDb[i] is used.
+**
+** The prepared statements need to know in advance the complete set of
+** attached databases that will be use.  A mask of these databases
+** is maintained in p->btreeMask.  The p->lockMask value is the subset of
+** p->btreeMask of databases that will require a lock.
+*/
+SQLITE_PRIVATE void sqlite3VdbeUsesBtree(Vdbe *p, int i){
+  assert( i>=0 && i<p->db->nDb && i<(int)sizeof(yDbMask)*8 );
+  assert( i<(int)sizeof(p->btreeMask)*8 );
+  DbMaskSet(p->btreeMask, i);
+  if( i!=1 && sqlite3BtreeSharable(p->db->aDb[i].pBt) ){
+    DbMaskSet(p->lockMask, i);
+  }
+}
+
+#if !defined(SQLITE_OMIT_SHARED_CACHE) && SQLITE_THREADSAFE>0
+/*
+** If SQLite is compiled to support shared-cache mode and to be threadsafe,
+** this routine obtains the mutex associated with each BtShared structure
+** that may be accessed by the VM passed as an argument. In doing so it also
+** sets the BtShared.db member of each of the BtShared structures, ensuring
+** that the correct busy-handler callback is invoked if required.
+**
+** If SQLite is not threadsafe but does support shared-cache mode, then
+** sqlite3BtreeEnter() is invoked to set the BtShared.db variables
+** of all of BtShared structures accessible via the database handle 
+** associated with the VM.
+**
+** If SQLite is not threadsafe and does not support shared-cache mode, this
+** function is a no-op.
+**
+** The p->btreeMask field is a bitmask of all btrees that the prepared 
+** statement p will ever use.  Let N be the number of bits in p->btreeMask
+** corresponding to btrees that use shared cache.  Then the runtime of
+** this routine is N*N.  But as N is rarely more than 1, this should not
+** be a problem.
+*/
+SQLITE_PRIVATE void sqlite3VdbeEnter(Vdbe *p){
+  int i;
+  sqlite3 *db;
+  Db *aDb;
+  int nDb;
+  if( DbMaskAllZero(p->lockMask) ) return;  /* The common case */
+  db = p->db;
+  aDb = db->aDb;
+  nDb = db->nDb;
+  for(i=0; i<nDb; i++){
+    if( i!=1 && DbMaskTest(p->lockMask,i) && ALWAYS(aDb[i].pBt!=0) ){
+      sqlite3BtreeEnter(aDb[i].pBt);
+    }
+  }
+}
+#endif
+
+#if !defined(SQLITE_OMIT_SHARED_CACHE) && SQLITE_THREADSAFE>0
+/*
+** Unlock all of the btrees previously locked by a call to sqlite3VdbeEnter().
+*/
+static SQLITE_NOINLINE void vdbeLeave(Vdbe *p){
+  int i;
+  sqlite3 *db;
+  Db *aDb;
+  int nDb;
+  db = p->db;
+  aDb = db->aDb;
+  nDb = db->nDb;
+  for(i=0; i<nDb; i++){
+    if( i!=1 && DbMaskTest(p->lockMask,i) && ALWAYS(aDb[i].pBt!=0) ){
+      sqlite3BtreeLeave(aDb[i].pBt);
+    }
+  }
+}
+SQLITE_PRIVATE void sqlite3VdbeLeave(Vdbe *p){
+  if( DbMaskAllZero(p->lockMask) ) return;  /* The common case */
+  vdbeLeave(p);
+}
+#endif
+
+#if defined(VDBE_PROFILE) || defined(SQLITE_DEBUG)
+/*
+** Print a single opcode.  This routine is used for debugging only.
+*/
+SQLITE_PRIVATE void sqlite3VdbePrintOp(FILE *pOut, int pc, Op *pOp){
+  char *zP4;
+  char zPtr[50];
+  char zCom[100];
+  static const char *zFormat1 = "%4d %-13s %4d %4d %4d %-13s %.2X %s\n";
+  if( pOut==0 ) pOut = stdout;
+  zP4 = displayP4(pOp, zPtr, sizeof(zPtr));
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+  displayComment(pOp, zP4, zCom, sizeof(zCom));
+#else
+  zCom[0] = 0;
+#endif
+  /* NB:  The sqlite3OpcodeName() function is implemented by code created
+  ** by the mkopcodeh.awk and mkopcodec.awk scripts which extract the
+  ** information from the vdbe.c source text */
+  fprintf(pOut, zFormat1, pc, 
+      sqlite3OpcodeName(pOp->opcode), pOp->p1, pOp->p2, pOp->p3, zP4, pOp->p5,
+      zCom
+  );
+  fflush(pOut);
+}
+#endif
+
+/*
+** Release an array of N Mem elements
+*/
+static void releaseMemArray(Mem *p, int N){
+  if( p && N ){
+    Mem *pEnd = &p[N];
+    sqlite3 *db = p->db;
+    u8 malloc_failed = db->mallocFailed;
+    if( db->pnBytesFreed ){
+      do{
+        if( p->szMalloc ) sqlite3DbFree(db, p->zMalloc);
+      }while( (++p)<pEnd );
+      return;
+    }
+    do{
+      assert( (&p[1])==pEnd || p[0].db==p[1].db );
+      assert( sqlite3VdbeCheckMemInvariants(p) );
+
+      /* This block is really an inlined version of sqlite3VdbeMemRelease()
+      ** that takes advantage of the fact that the memory cell value is 
+      ** being set to NULL after releasing any dynamic resources.
+      **
+      ** The justification for duplicating code is that according to 
+      ** callgrind, this causes a certain test case to hit the CPU 4.7 
+      ** percent less (x86 linux, gcc version 4.1.2, -O6) than if 
+      ** sqlite3MemRelease() were called from here. With -O2, this jumps
+      ** to 6.6 percent. The test case is inserting 1000 rows into a table 
+      ** with no indexes using a single prepared INSERT statement, bind() 
+      ** and reset(). Inserts are grouped into a transaction.
+      */
+      testcase( p->flags & MEM_Agg );
+      testcase( p->flags & MEM_Dyn );
+      testcase( p->flags & MEM_Frame );
+      testcase( p->flags & MEM_RowSet );
+      if( p->flags&(MEM_Agg|MEM_Dyn|MEM_Frame|MEM_RowSet) ){
+        sqlite3VdbeMemRelease(p);
+      }else if( p->szMalloc ){
+        sqlite3DbFree(db, p->zMalloc);
+        p->szMalloc = 0;
+      }
+
+      p->flags = MEM_Undefined;
+    }while( (++p)<pEnd );
+    db->mallocFailed = malloc_failed;
+  }
+}
+
+/*
+** Delete a VdbeFrame object and its contents. VdbeFrame objects are
+** allocated by the OP_Program opcode in sqlite3VdbeExec().
+*/
+SQLITE_PRIVATE void sqlite3VdbeFrameDelete(VdbeFrame *p){
+  int i;
+  Mem *aMem = VdbeFrameMem(p);
+  VdbeCursor **apCsr = (VdbeCursor **)&aMem[p->nChildMem];
+  for(i=0; i<p->nChildCsr; i++){
+    sqlite3VdbeFreeCursor(p->v, apCsr[i]);
+  }
+  releaseMemArray(aMem, p->nChildMem);
+  sqlite3DbFree(p->v->db, p);
+}
+
+#ifndef SQLITE_OMIT_EXPLAIN
+/*
+** Give a listing of the program in the virtual machine.
+**
+** The interface is the same as sqlite3VdbeExec().  But instead of
+** running the code, it invokes the callback once for each instruction.
+** This feature is used to implement "EXPLAIN".
+**
+** When p->explain==1, each instruction is listed.  When
+** p->explain==2, only OP_Explain instructions are listed and these
+** are shown in a different format.  p->explain==2 is used to implement
+** EXPLAIN QUERY PLAN.
+**
+** When p->explain==1, first the main program is listed, then each of
+** the trigger subprograms are listed one by one.
+*/
+SQLITE_PRIVATE int sqlite3VdbeList(
+  Vdbe *p                   /* The VDBE */
+){
+  int nRow;                            /* Stop when row count reaches this */
+  int nSub = 0;                        /* Number of sub-vdbes seen so far */
+  SubProgram **apSub = 0;              /* Array of sub-vdbes */
+  Mem *pSub = 0;                       /* Memory cell hold array of subprogs */
+  sqlite3 *db = p->db;                 /* The database connection */
+  int i;                               /* Loop counter */
+  int rc = SQLITE_OK;                  /* Return code */
+  Mem *pMem = &p->aMem[1];             /* First Mem of result set */
+
+  assert( p->explain );
+  assert( p->magic==VDBE_MAGIC_RUN );
+  assert( p->rc==SQLITE_OK || p->rc==SQLITE_BUSY || p->rc==SQLITE_NOMEM );
+
+  /* Even though this opcode does not use dynamic strings for
+  ** the result, result columns may become dynamic if the user calls
+  ** sqlite3_column_text16(), causing a translation to UTF-16 encoding.
+  */
+  releaseMemArray(pMem, 8);
+  p->pResultSet = 0;
+
+  if( p->rc==SQLITE_NOMEM ){
+    /* This happens if a malloc() inside a call to sqlite3_column_text() or
+    ** sqlite3_column_text16() failed.  */
+    db->mallocFailed = 1;
+    return SQLITE_ERROR;
+  }
+
+  /* When the number of output rows reaches nRow, that means the
+  ** listing has finished and sqlite3_step() should return SQLITE_DONE.
+  ** nRow is the sum of the number of rows in the main program, plus
+  ** the sum of the number of rows in all trigger subprograms encountered
+  ** so far.  The nRow value will increase as new trigger subprograms are
+  ** encountered, but p->pc will eventually catch up to nRow.
+  */
+  nRow = p->nOp;
+  if( p->explain==1 ){
+    /* The first 8 memory cells are used for the result set.  So we will
+    ** commandeer the 9th cell to use as storage for an array of pointers
+    ** to trigger subprograms.  The VDBE is guaranteed to have at least 9
+    ** cells.  */
+    assert( p->nMem>9 );
+    pSub = &p->aMem[9];
+    if( pSub->flags&MEM_Blob ){
+      /* On the first call to sqlite3_step(), pSub will hold a NULL.  It is
+      ** initialized to a BLOB by the P4_SUBPROGRAM processing logic below */
+      nSub = pSub->n/sizeof(Vdbe*);
+      apSub = (SubProgram **)pSub->z;
+    }
+    for(i=0; i<nSub; i++){
+      nRow += apSub[i]->nOp;
+    }
+  }
+
+  do{
+    i = p->pc++;
+  }while( i<nRow && p->explain==2 && p->aOp[i].opcode!=OP_Explain );
+  if( i>=nRow ){
+    p->rc = SQLITE_OK;
+    rc = SQLITE_DONE;
+  }else if( db->u1.isInterrupted ){
+    p->rc = SQLITE_INTERRUPT;
+    rc = SQLITE_ERROR;
+    sqlite3VdbeError(p, sqlite3ErrStr(p->rc));
+  }else{
+    char *zP4;
+    Op *pOp;
+    if( i<p->nOp ){
+      /* The output line number is small enough that we are still in the
+      ** main program. */
+      pOp = &p->aOp[i];
+    }else{
+      /* We are currently listing subprograms.  Figure out which one and
+      ** pick up the appropriate opcode. */
+      int j;
+      i -= p->nOp;
+      for(j=0; i>=apSub[j]->nOp; j++){
+        i -= apSub[j]->nOp;
+      }
+      pOp = &apSub[j]->aOp[i];
+    }
+    if( p->explain==1 ){
+      pMem->flags = MEM_Int;
+      pMem->u.i = i;                                /* Program counter */
+      pMem++;
+  
+      pMem->flags = MEM_Static|MEM_Str|MEM_Term;
+      pMem->z = (char*)sqlite3OpcodeName(pOp->opcode); /* Opcode */
+      assert( pMem->z!=0 );
+      pMem->n = sqlite3Strlen30(pMem->z);
+      pMem->enc = SQLITE_UTF8;
+      pMem++;
+
+      /* When an OP_Program opcode is encounter (the only opcode that has
+      ** a P4_SUBPROGRAM argument), expand the size of the array of subprograms
+      ** kept in p->aMem[9].z to hold the new program - assuming this subprogram
+      ** has not already been seen.
+      */
+      if( pOp->p4type==P4_SUBPROGRAM ){
+        int nByte = (nSub+1)*sizeof(SubProgram*);
+        int j;
+        for(j=0; j<nSub; j++){
+          if( apSub[j]==pOp->p4.pProgram ) break;
+        }
+        if( j==nSub && SQLITE_OK==sqlite3VdbeMemGrow(pSub, nByte, nSub!=0) ){
+          apSub = (SubProgram **)pSub->z;
+          apSub[nSub++] = pOp->p4.pProgram;
+          pSub->flags |= MEM_Blob;
+          pSub->n = nSub*sizeof(SubProgram*);
+        }
+      }
+    }
+
+    pMem->flags = MEM_Int;
+    pMem->u.i = pOp->p1;                          /* P1 */
+    pMem++;
+
+    pMem->flags = MEM_Int;
+    pMem->u.i = pOp->p2;                          /* P2 */
+    pMem++;
+
+    pMem->flags = MEM_Int;
+    pMem->u.i = pOp->p3;                          /* P3 */
+    pMem++;
+
+    if( sqlite3VdbeMemClearAndResize(pMem, 100) ){ /* P4 */
+      assert( p->db->mallocFailed );
+      return SQLITE_ERROR;
+    }
+    pMem->flags = MEM_Str|MEM_Term;
+    zP4 = displayP4(pOp, pMem->z, pMem->szMalloc);
+    if( zP4!=pMem->z ){
+      sqlite3VdbeMemSetStr(pMem, zP4, -1, SQLITE_UTF8, 0);
+    }else{
+      assert( pMem->z!=0 );
+      pMem->n = sqlite3Strlen30(pMem->z);
+      pMem->enc = SQLITE_UTF8;
+    }
+    pMem++;
+
+    if( p->explain==1 ){
+      if( sqlite3VdbeMemClearAndResize(pMem, 4) ){
+        assert( p->db->mallocFailed );
+        return SQLITE_ERROR;
+      }
+      pMem->flags = MEM_Str|MEM_Term;
+      pMem->n = 2;
+      sqlite3_snprintf(3, pMem->z, "%.2x", pOp->p5);   /* P5 */
+      pMem->enc = SQLITE_UTF8;
+      pMem++;
+  
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+      if( sqlite3VdbeMemClearAndResize(pMem, 500) ){
+        assert( p->db->mallocFailed );
+        return SQLITE_ERROR;
+      }
+      pMem->flags = MEM_Str|MEM_Term;
+      pMem->n = displayComment(pOp, zP4, pMem->z, 500);
+      pMem->enc = SQLITE_UTF8;
+#else
+      pMem->flags = MEM_Null;                       /* Comment */
+#endif
+    }
+
+    p->nResColumn = 8 - 4*(p->explain-1);
+    p->pResultSet = &p->aMem[1];
+    p->rc = SQLITE_OK;
+    rc = SQLITE_ROW;
+  }
+  return rc;
+}
+#endif /* SQLITE_OMIT_EXPLAIN */
+
+#ifdef SQLITE_DEBUG
+/*
+** Print the SQL that was used to generate a VDBE program.
+*/
+SQLITE_PRIVATE void sqlite3VdbePrintSql(Vdbe *p){
+  const char *z = 0;
+  if( p->zSql ){
+    z = p->zSql;
+  }else if( p->nOp>=1 ){
+    const VdbeOp *pOp = &p->aOp[0];
+    if( pOp->opcode==OP_Init && pOp->p4.z!=0 ){
+      z = pOp->p4.z;
+      while( sqlite3Isspace(*z) ) z++;
+    }
+  }
+  if( z ) printf("SQL: [%s]\n", z);
+}
+#endif
+
+#if !defined(SQLITE_OMIT_TRACE) && defined(SQLITE_ENABLE_IOTRACE)
+/*
+** Print an IOTRACE message showing SQL content.
+*/
+SQLITE_PRIVATE void sqlite3VdbeIOTraceSql(Vdbe *p){
+  int nOp = p->nOp;
+  VdbeOp *pOp;
+  if( sqlite3IoTrace==0 ) return;
+  if( nOp<1 ) return;
+  pOp = &p->aOp[0];
+  if( pOp->opcode==OP_Init && pOp->p4.z!=0 ){
+    int i, j;
+    char z[1000];
+    sqlite3_snprintf(sizeof(z), z, "%s", pOp->p4.z);
+    for(i=0; sqlite3Isspace(z[i]); i++){}
+    for(j=0; z[i]; i++){
+      if( sqlite3Isspace(z[i]) ){
+        if( z[i-1]!=' ' ){
+          z[j++] = ' ';
+        }
+      }else{
+        z[j++] = z[i];
+      }
+    }
+    z[j] = 0;
+    sqlite3IoTrace("SQL %s\n", z);
+  }
+}
+#endif /* !SQLITE_OMIT_TRACE && SQLITE_ENABLE_IOTRACE */
+
+/*
+** Allocate space from a fixed size buffer and return a pointer to
+** that space.  If insufficient space is available, return NULL.
+**
+** The pBuf parameter is the initial value of a pointer which will
+** receive the new memory.  pBuf is normally NULL.  If pBuf is not
+** NULL, it means that memory space has already been allocated and that
+** this routine should not allocate any new memory.  When pBuf is not
+** NULL simply return pBuf.  Only allocate new memory space when pBuf
+** is NULL.
+**
+** nByte is the number of bytes of space needed.
+**
+** pFrom points to *pnFrom bytes of available space.  New space is allocated
+** from the end of the pFrom buffer and *pnFrom is decremented.
+**
+** *pnNeeded is a counter of the number of bytes of space that have failed
+** to allocate.  If there is insufficient space in pFrom to satisfy the
+** request, then increment *pnNeeded by the amount of the request.
+*/
+static void *allocSpace(
+  void *pBuf,          /* Where return pointer will be stored */
+  int nByte,           /* Number of bytes to allocate */
+  u8 *pFrom,           /* Memory available for allocation */
+  int *pnFrom,         /* IN/OUT: Space available at pFrom */
+  int *pnNeeded        /* If allocation cannot be made, increment *pnByte */
+){
+  assert( EIGHT_BYTE_ALIGNMENT(pFrom) );
+  if( pBuf==0 ){
+    nByte = ROUND8(nByte);
+    if( nByte <= *pnFrom ){
+      *pnFrom -= nByte;
+      pBuf = &pFrom[*pnFrom];
+    }else{
+      *pnNeeded += nByte;
+    }
+  }
+  assert( EIGHT_BYTE_ALIGNMENT(pBuf) );
+  return pBuf;
+}
+
+/*
+** Rewind the VDBE back to the beginning in preparation for
+** running it.
+*/
+SQLITE_PRIVATE void sqlite3VdbeRewind(Vdbe *p){
+#if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
+  int i;
+#endif
+  assert( p!=0 );
+  assert( p->magic==VDBE_MAGIC_INIT );
+
+  /* There should be at least one opcode.
+  */
+  assert( p->nOp>0 );
+
+  /* Set the magic to VDBE_MAGIC_RUN sooner rather than later. */
+  p->magic = VDBE_MAGIC_RUN;
+
+#ifdef SQLITE_DEBUG
+  for(i=1; i<p->nMem; i++){
+    assert( p->aMem[i].db==p->db );
+  }
+#endif
+  p->pc = -1;
+  p->rc = SQLITE_OK;
+  p->errorAction = OE_Abort;
+  p->magic = VDBE_MAGIC_RUN;
+  p->nChange = 0;
+  p->cacheCtr = 1;
+  p->minWriteFileFormat = 255;
+  p->iStatement = 0;
+  p->nFkConstraint = 0;
+#ifdef VDBE_PROFILE
+  for(i=0; i<p->nOp; i++){
+    p->aOp[i].cnt = 0;
+    p->aOp[i].cycles = 0;
+  }
+#endif
+}
+
+/*
+** Prepare a virtual machine for execution for the first time after
+** creating the virtual machine.  This involves things such
+** as allocating registers and initializing the program counter.
+** After the VDBE has be prepped, it can be executed by one or more
+** calls to sqlite3VdbeExec().  
+**
+** This function may be called exactly once on each virtual machine.
+** After this routine is called the VM has been "packaged" and is ready
+** to run.  After this routine is called, further calls to 
+** sqlite3VdbeAddOp() functions are prohibited.  This routine disconnects
+** the Vdbe from the Parse object that helped generate it so that the
+** the Vdbe becomes an independent entity and the Parse object can be
+** destroyed.
+**
+** Use the sqlite3VdbeRewind() procedure to restore a virtual machine back
+** to its initial state after it has been run.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMakeReady(
+  Vdbe *p,                       /* The VDBE */
+  Parse *pParse                  /* Parsing context */
+){
+  sqlite3 *db;                   /* The database connection */
+  int nVar;                      /* Number of parameters */
+  int nMem;                      /* Number of VM memory registers */
+  int nCursor;                   /* Number of cursors required */
+  int nArg;                      /* Number of arguments in subprograms */
+  int nOnce;                     /* Number of OP_Once instructions */
+  int n;                         /* Loop counter */
+  int nFree;                     /* Available free space */
+  u8 *zCsr;                      /* Memory available for allocation */
+  int nByte;                     /* How much extra memory is needed */
+
+  assert( p!=0 );
+  assert( p->nOp>0 );
+  assert( pParse!=0 );
+  assert( p->magic==VDBE_MAGIC_INIT );
+  assert( pParse==p->pParse );
+  db = p->db;
+  assert( db->mallocFailed==0 );
+  nVar = pParse->nVar;
+  nMem = pParse->nMem;
+  nCursor = pParse->nTab;
+  nArg = pParse->nMaxArg;
+  nOnce = pParse->nOnce;
+  if( nOnce==0 ) nOnce = 1; /* Ensure at least one byte in p->aOnceFlag[] */
+  
+  /* For each cursor required, also allocate a memory cell. Memory
+  ** cells (nMem+1-nCursor)..nMem, inclusive, will never be used by
+  ** the vdbe program. Instead they are used to allocate space for
+  ** VdbeCursor/BtCursor structures. The blob of memory associated with 
+  ** cursor 0 is stored in memory cell nMem. Memory cell (nMem-1)
+  ** stores the blob of memory associated with cursor 1, etc.
+  **
+  ** See also: allocateCursor().
+  */
+  nMem += nCursor;
+
+  /* zCsr will initially point to nFree bytes of unused space at the
+  ** end of the opcode array, p->aOp.  The computation of nFree is
+  ** conservative - it might be smaller than the true number of free
+  ** bytes, but never larger.  nFree must be a multiple of 8 - it is
+  ** rounded down if is not.
+  */
+  n = ROUND8(sizeof(Op)*p->nOp);              /* Bytes of opcode space used */
+  zCsr = &((u8*)p->aOp)[n];                   /* Unused opcode space */
+  assert( EIGHT_BYTE_ALIGNMENT(zCsr) );
+  nFree = ROUNDDOWN8(pParse->szOpAlloc - n);  /* Bytes of unused space */
+  assert( nFree>=0 );
+  if( nFree>0 ){
+    memset(zCsr, 0, nFree);
+    assert( EIGHT_BYTE_ALIGNMENT(&zCsr[nFree]) );
+  }
+
+  resolveP2Values(p, &nArg);
+  p->usesStmtJournal = (u8)(pParse->isMultiWrite && pParse->mayAbort);
+  if( pParse->explain && nMem<10 ){
+    nMem = 10;
+  }
+  p->expired = 0;
+
+  /* Memory for registers, parameters, cursor, etc, is allocated in two
+  ** passes.  On the first pass, we try to reuse unused space at the 
+  ** end of the opcode array.  If we are unable to satisfy all memory
+  ** requirements by reusing the opcode array tail, then the second
+  ** pass will fill in the rest using a fresh allocation.  
+  **
+  ** This two-pass approach that reuses as much memory as possible from
+  ** the leftover space at the end of the opcode array can significantly
+  ** reduce the amount of memory held by a prepared statement.
+  */
+  do {
+    nByte = 0;
+    p->aMem = allocSpace(p->aMem, nMem*sizeof(Mem), zCsr, &nFree, &nByte);
+    p->aVar = allocSpace(p->aVar, nVar*sizeof(Mem), zCsr, &nFree, &nByte);
+    p->apArg = allocSpace(p->apArg, nArg*sizeof(Mem*), zCsr, &nFree, &nByte);
+    p->azVar = allocSpace(p->azVar, nVar*sizeof(char*), zCsr, &nFree, &nByte);
+    p->apCsr = allocSpace(p->apCsr, nCursor*sizeof(VdbeCursor*),
+                          zCsr, &nFree, &nByte);
+    p->aOnceFlag = allocSpace(p->aOnceFlag, nOnce, zCsr, &nFree, &nByte);
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+    p->anExec = allocSpace(p->anExec, p->nOp*sizeof(i64), zCsr, &nFree, &nByte);
+#endif
+    if( nByte ){
+      p->pFree = sqlite3DbMallocZero(db, nByte);
+    }
+    zCsr = p->pFree;
+    nFree = nByte;
+  }while( nByte && !db->mallocFailed );
+
+  p->nCursor = nCursor;
+  p->nOnceFlag = nOnce;
+  if( p->aVar ){
+    p->nVar = (ynVar)nVar;
+    for(n=0; n<nVar; n++){
+      p->aVar[n].flags = MEM_Null;
+      p->aVar[n].db = db;
+    }
+  }
+  if( p->azVar && pParse->nzVar>0 ){
+    p->nzVar = pParse->nzVar;
+    memcpy(p->azVar, pParse->azVar, p->nzVar*sizeof(p->azVar[0]));
+    memset(pParse->azVar, 0, pParse->nzVar*sizeof(pParse->azVar[0]));
+  }
+  if( p->aMem ){
+    p->aMem--;                      /* aMem[] goes from 1..nMem */
+    p->nMem = nMem;                 /*       not from 0..nMem-1 */
+    for(n=1; n<=nMem; n++){
+      p->aMem[n].flags = MEM_Undefined;
+      p->aMem[n].db = db;
+    }
+  }
+  p->explain = pParse->explain;
+  sqlite3VdbeRewind(p);
+}
+
+/*
+** Close a VDBE cursor and release all the resources that cursor 
+** happens to hold.
+*/
+SQLITE_PRIVATE void sqlite3VdbeFreeCursor(Vdbe *p, VdbeCursor *pCx){
+  if( pCx==0 ){
+    return;
+  }
+  assert( pCx->pBt==0 || pCx->eCurType==CURTYPE_BTREE );
+  switch( pCx->eCurType ){
+    case CURTYPE_SORTER: {
+      sqlite3VdbeSorterClose(p->db, pCx);
+      break;
+    }
+    case CURTYPE_BTREE: {
+      if( pCx->pBt ){
+        sqlite3BtreeClose(pCx->pBt);
+        /* The pCx->pCursor will be close automatically, if it exists, by
+        ** the call above. */
+      }else{
+        assert( pCx->uc.pCursor!=0 );
+        sqlite3BtreeCloseCursor(pCx->uc.pCursor);
+      }
+      break;
+    }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    case CURTYPE_VTAB: {
+      sqlite3_vtab_cursor *pVCur = pCx->uc.pVCur;
+      const sqlite3_module *pModule = pVCur->pVtab->pModule;
+      assert( pVCur->pVtab->nRef>0 );
+      pVCur->pVtab->nRef--;
+      pModule->xClose(pVCur);
+      break;
+    }
+#endif
+  }
+}
+
+/*
+** Close all cursors in the current frame.
+*/
+static void closeCursorsInFrame(Vdbe *p){
+  if( p->apCsr ){
+    int i;
+    for(i=0; i<p->nCursor; i++){
+      VdbeCursor *pC = p->apCsr[i];
+      if( pC ){
+        sqlite3VdbeFreeCursor(p, pC);
+        p->apCsr[i] = 0;
+      }
+    }
+  }
+}
+
+/*
+** Copy the values stored in the VdbeFrame structure to its Vdbe. This
+** is used, for example, when a trigger sub-program is halted to restore
+** control to the main program.
+*/
+SQLITE_PRIVATE int sqlite3VdbeFrameRestore(VdbeFrame *pFrame){
+  Vdbe *v = pFrame->v;
+  closeCursorsInFrame(v);
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+  v->anExec = pFrame->anExec;
+#endif
+  v->aOnceFlag = pFrame->aOnceFlag;
+  v->nOnceFlag = pFrame->nOnceFlag;
+  v->aOp = pFrame->aOp;
+  v->nOp = pFrame->nOp;
+  v->aMem = pFrame->aMem;
+  v->nMem = pFrame->nMem;
+  v->apCsr = pFrame->apCsr;
+  v->nCursor = pFrame->nCursor;
+  v->db->lastRowid = pFrame->lastRowid;
+  v->nChange = pFrame->nChange;
+  v->db->nChange = pFrame->nDbChange;
+  return pFrame->pc;
+}
+
+/*
+** Close all cursors.
+**
+** Also release any dynamic memory held by the VM in the Vdbe.aMem memory 
+** cell array. This is necessary as the memory cell array may contain
+** pointers to VdbeFrame objects, which may in turn contain pointers to
+** open cursors.
+*/
+static void closeAllCursors(Vdbe *p){
+  if( p->pFrame ){
+    VdbeFrame *pFrame;
+    for(pFrame=p->pFrame; pFrame->pParent; pFrame=pFrame->pParent);
+    sqlite3VdbeFrameRestore(pFrame);
+    p->pFrame = 0;
+    p->nFrame = 0;
+  }
+  assert( p->nFrame==0 );
+  closeCursorsInFrame(p);
+  if( p->aMem ){
+    releaseMemArray(&p->aMem[1], p->nMem);
+  }
+  while( p->pDelFrame ){
+    VdbeFrame *pDel = p->pDelFrame;
+    p->pDelFrame = pDel->pParent;
+    sqlite3VdbeFrameDelete(pDel);
+  }
+
+  /* Delete any auxdata allocations made by the VM */
+  if( p->pAuxData ) sqlite3VdbeDeleteAuxData(p, -1, 0);
+  assert( p->pAuxData==0 );
+}
+
+/*
+** Clean up the VM after a single run.
+*/
+static void Cleanup(Vdbe *p){
+  sqlite3 *db = p->db;
+
+#ifdef SQLITE_DEBUG
+  /* Execute assert() statements to ensure that the Vdbe.apCsr[] and 
+  ** Vdbe.aMem[] arrays have already been cleaned up.  */
+  int i;
+  if( p->apCsr ) for(i=0; i<p->nCursor; i++) assert( p->apCsr[i]==0 );
+  if( p->aMem ){
+    for(i=1; i<=p->nMem; i++) assert( p->aMem[i].flags==MEM_Undefined );
+  }
+#endif
+
+  sqlite3DbFree(db, p->zErrMsg);
+  p->zErrMsg = 0;
+  p->pResultSet = 0;
+}
+
+/*
+** Set the number of result columns that will be returned by this SQL
+** statement. This is now set at compile time, rather than during
+** execution of the vdbe program so that sqlite3_column_count() can
+** be called on an SQL statement before sqlite3_step().
+*/
+SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe *p, int nResColumn){
+  Mem *pColName;
+  int n;
+  sqlite3 *db = p->db;
+
+  releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
+  sqlite3DbFree(db, p->aColName);
+  n = nResColumn*COLNAME_N;
+  p->nResColumn = (u16)nResColumn;
+  p->aColName = pColName = (Mem*)sqlite3DbMallocZero(db, sizeof(Mem)*n );
+  if( p->aColName==0 ) return;
+  while( n-- > 0 ){
+    pColName->flags = MEM_Null;
+    pColName->db = p->db;
+    pColName++;
+  }
+}
+
+/*
+** Set the name of the idx'th column to be returned by the SQL statement.
+** zName must be a pointer to a nul terminated string.
+**
+** This call must be made after a call to sqlite3VdbeSetNumCols().
+**
+** The final parameter, xDel, must be one of SQLITE_DYNAMIC, SQLITE_STATIC
+** or SQLITE_TRANSIENT. If it is SQLITE_DYNAMIC, then the buffer pointed
+** to by zName will be freed by sqlite3DbFree() when the vdbe is destroyed.
+*/
+SQLITE_PRIVATE int sqlite3VdbeSetColName(
+  Vdbe *p,                         /* Vdbe being configured */
+  int idx,                         /* Index of column zName applies to */
+  int var,                         /* One of the COLNAME_* constants */
+  const char *zName,               /* Pointer to buffer containing name */
+  void (*xDel)(void*)              /* Memory management strategy for zName */
+){
+  int rc;
+  Mem *pColName;
+  assert( idx<p->nResColumn );
+  assert( var<COLNAME_N );
+  if( p->db->mallocFailed ){
+    assert( !zName || xDel!=SQLITE_DYNAMIC );
+    return SQLITE_NOMEM;
+  }
+  assert( p->aColName!=0 );
+  pColName = &(p->aColName[idx+var*p->nResColumn]);
+  rc = sqlite3VdbeMemSetStr(pColName, zName, -1, SQLITE_UTF8, xDel);
+  assert( rc!=0 || !zName || (pColName->flags&MEM_Term)!=0 );
+  return rc;
+}
+
+/*
+** A read or write transaction may or may not be active on database handle
+** db. If a transaction is active, commit it. If there is a
+** write-transaction spanning more than one database file, this routine
+** takes care of the master journal trickery.
+*/
+static int vdbeCommit(sqlite3 *db, Vdbe *p){
+  int i;
+  int nTrans = 0;  /* Number of databases with an active write-transaction */
+  int rc = SQLITE_OK;
+  int needXcommit = 0;
+
+#ifdef SQLITE_OMIT_VIRTUALTABLE
+  /* With this option, sqlite3VtabSync() is defined to be simply 
+  ** SQLITE_OK so p is not used. 
+  */
+  UNUSED_PARAMETER(p);
+#endif
+
+  /* Before doing anything else, call the xSync() callback for any
+  ** virtual module tables written in this transaction. This has to
+  ** be done before determining whether a master journal file is 
+  ** required, as an xSync() callback may add an attached database
+  ** to the transaction.
+  */
+  rc = sqlite3VtabSync(db, p);
+
+  /* This loop determines (a) if the commit hook should be invoked and
+  ** (b) how many database files have open write transactions, not 
+  ** including the temp database. (b) is important because if more than 
+  ** one database file has an open write transaction, a master journal
+  ** file is required for an atomic commit.
+  */ 
+  for(i=0; rc==SQLITE_OK && i<db->nDb; i++){ 
+    Btree *pBt = db->aDb[i].pBt;
+    if( sqlite3BtreeIsInTrans(pBt) ){
+      needXcommit = 1;
+      if( i!=1 ) nTrans++;
+      sqlite3BtreeEnter(pBt);
+      rc = sqlite3PagerExclusiveLock(sqlite3BtreePager(pBt));
+      sqlite3BtreeLeave(pBt);
+    }
+  }
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  /* If there are any write-transactions at all, invoke the commit hook */
+  if( needXcommit && db->xCommitCallback ){
+    rc = db->xCommitCallback(db->pCommitArg);
+    if( rc ){
+      return SQLITE_CONSTRAINT_COMMITHOOK;
+    }
+  }
+
+  /* The simple case - no more than one database file (not counting the
+  ** TEMP database) has a transaction active.   There is no need for the
+  ** master-journal.
+  **
+  ** If the return value of sqlite3BtreeGetFilename() is a zero length
+  ** string, it means the main database is :memory: or a temp file.  In 
+  ** that case we do not support atomic multi-file commits, so use the 
+  ** simple case then too.
+  */
+  if( 0==sqlite3Strlen30(sqlite3BtreeGetFilename(db->aDb[0].pBt))
+   || nTrans<=1
+  ){
+    for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
+      Btree *pBt = db->aDb[i].pBt;
+      if( pBt ){
+        rc = sqlite3BtreeCommitPhaseOne(pBt, 0);
+      }
+    }
+
+    /* Do the commit only if all databases successfully complete phase 1. 
+    ** If one of the BtreeCommitPhaseOne() calls fails, this indicates an
+    ** IO error while deleting or truncating a journal file. It is unlikely,
+    ** but could happen. In this case abandon processing and return the error.
+    */
+    for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
+      Btree *pBt = db->aDb[i].pBt;
+      if( pBt ){
+        rc = sqlite3BtreeCommitPhaseTwo(pBt, 0);
+      }
+    }
+    if( rc==SQLITE_OK ){
+      sqlite3VtabCommit(db);
+    }
+  }
+
+  /* The complex case - There is a multi-file write-transaction active.
+  ** This requires a master journal file to ensure the transaction is
+  ** committed atomically.
+  */
+#ifndef SQLITE_OMIT_DISKIO
+  else{
+    sqlite3_vfs *pVfs = db->pVfs;
+    int needSync = 0;
+    char *zMaster = 0;   /* File-name for the master journal */
+    char const *zMainFile = sqlite3BtreeGetFilename(db->aDb[0].pBt);
+    sqlite3_file *pMaster = 0;
+    i64 offset = 0;
+    int res;
+    int retryCount = 0;
+    int nMainFile;
+
+    /* Select a master journal file name */
+    nMainFile = sqlite3Strlen30(zMainFile);
+    zMaster = sqlite3MPrintf(db, "%s-mjXXXXXX9XXz", zMainFile);
+    if( zMaster==0 ) return SQLITE_NOMEM;
+    do {
+      u32 iRandom;
+      if( retryCount ){
+        if( retryCount>100 ){
+          sqlite3_log(SQLITE_FULL, "MJ delete: %s", zMaster);
+          sqlite3OsDelete(pVfs, zMaster, 0);
+          break;
+        }else if( retryCount==1 ){
+          sqlite3_log(SQLITE_FULL, "MJ collide: %s", zMaster);
+        }
+      }
+      retryCount++;
+      sqlite3_randomness(sizeof(iRandom), &iRandom);
+      sqlite3_snprintf(13, &zMaster[nMainFile], "-mj%06X9%02X",
+                               (iRandom>>8)&0xffffff, iRandom&0xff);
+      /* The antipenultimate character of the master journal name must
+      ** be "9" to avoid name collisions when using 8+3 filenames. */
+      assert( zMaster[sqlite3Strlen30(zMaster)-3]=='9' );
+      sqlite3FileSuffix3(zMainFile, zMaster);
+      rc = sqlite3OsAccess(pVfs, zMaster, SQLITE_ACCESS_EXISTS, &res);
+    }while( rc==SQLITE_OK && res );
+    if( rc==SQLITE_OK ){
+      /* Open the master journal. */
+      rc = sqlite3OsOpenMalloc(pVfs, zMaster, &pMaster, 
+          SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|
+          SQLITE_OPEN_EXCLUSIVE|SQLITE_OPEN_MASTER_JOURNAL, 0
+      );
+    }
+    if( rc!=SQLITE_OK ){
+      sqlite3DbFree(db, zMaster);
+      return rc;
+    }
+ 
+    /* Write the name of each database file in the transaction into the new
+    ** master journal file. If an error occurs at this point close
+    ** and delete the master journal file. All the individual journal files
+    ** still have 'null' as the master journal pointer, so they will roll
+    ** back independently if a failure occurs.
+    */
+    for(i=0; i<db->nDb; i++){
+      Btree *pBt = db->aDb[i].pBt;
+      if( sqlite3BtreeIsInTrans(pBt) ){
+        char const *zFile = sqlite3BtreeGetJournalname(pBt);
+        if( zFile==0 ){
+          continue;  /* Ignore TEMP and :memory: databases */
+        }
+        assert( zFile[0]!=0 );
+        if( !needSync && !sqlite3BtreeSyncDisabled(pBt) ){
+          needSync = 1;
+        }
+        rc = sqlite3OsWrite(pMaster, zFile, sqlite3Strlen30(zFile)+1, offset);
+        offset += sqlite3Strlen30(zFile)+1;
+        if( rc!=SQLITE_OK ){
+          sqlite3OsCloseFree(pMaster);
+          sqlite3OsDelete(pVfs, zMaster, 0);
+          sqlite3DbFree(db, zMaster);
+          return rc;
+        }
+      }
+    }
+
+    /* Sync the master journal file. If the IOCAP_SEQUENTIAL device
+    ** flag is set this is not required.
+    */
+    if( needSync 
+     && 0==(sqlite3OsDeviceCharacteristics(pMaster)&SQLITE_IOCAP_SEQUENTIAL)
+     && SQLITE_OK!=(rc = sqlite3OsSync(pMaster, SQLITE_SYNC_NORMAL))
+    ){
+      sqlite3OsCloseFree(pMaster);
+      sqlite3OsDelete(pVfs, zMaster, 0);
+      sqlite3DbFree(db, zMaster);
+      return rc;
+    }
+
+    /* Sync all the db files involved in the transaction. The same call
+    ** sets the master journal pointer in each individual journal. If
+    ** an error occurs here, do not delete the master journal file.
+    **
+    ** If the error occurs during the first call to
+    ** sqlite3BtreeCommitPhaseOne(), then there is a chance that the
+    ** master journal file will be orphaned. But we cannot delete it,
+    ** in case the master journal file name was written into the journal
+    ** file before the failure occurred.
+    */
+    for(i=0; rc==SQLITE_OK && i<db->nDb; i++){ 
+      Btree *pBt = db->aDb[i].pBt;
+      if( pBt ){
+        rc = sqlite3BtreeCommitPhaseOne(pBt, zMaster);
+      }
+    }
+    sqlite3OsCloseFree(pMaster);
+    assert( rc!=SQLITE_BUSY );
+    if( rc!=SQLITE_OK ){
+      sqlite3DbFree(db, zMaster);
+      return rc;
+    }
+
+    /* Delete the master journal file. This commits the transaction. After
+    ** doing this the directory is synced again before any individual
+    ** transaction files are deleted.
+    */
+    rc = sqlite3OsDelete(pVfs, zMaster, needSync);
+    sqlite3DbFree(db, zMaster);
+    zMaster = 0;
+    if( rc ){
+      return rc;
+    }
+
+    /* All files and directories have already been synced, so the following
+    ** calls to sqlite3BtreeCommitPhaseTwo() are only closing files and
+    ** deleting or truncating journals. If something goes wrong while
+    ** this is happening we don't really care. The integrity of the
+    ** transaction is already guaranteed, but some stray 'cold' journals
+    ** may be lying around. Returning an error code won't help matters.
+    */
+    disable_simulated_io_errors();
+    sqlite3BeginBenignMalloc();
+    for(i=0; i<db->nDb; i++){ 
+      Btree *pBt = db->aDb[i].pBt;
+      if( pBt ){
+        sqlite3BtreeCommitPhaseTwo(pBt, 1);
+      }
+    }
+    sqlite3EndBenignMalloc();
+    enable_simulated_io_errors();
+
+    sqlite3VtabCommit(db);
+  }
+#endif
+
+  return rc;
+}
+
+/* 
+** This routine checks that the sqlite3.nVdbeActive count variable
+** matches the number of vdbe's in the list sqlite3.pVdbe that are
+** currently active. An assertion fails if the two counts do not match.
+** This is an internal self-check only - it is not an essential processing
+** step.
+**
+** This is a no-op if NDEBUG is defined.
+*/
+#ifndef NDEBUG
+static void checkActiveVdbeCnt(sqlite3 *db){
+  Vdbe *p;
+  int cnt = 0;
+  int nWrite = 0;
+  int nRead = 0;
+  p = db->pVdbe;
+  while( p ){
+    if( sqlite3_stmt_busy((sqlite3_stmt*)p) ){
+      cnt++;
+      if( p->readOnly==0 ) nWrite++;
+      if( p->bIsReader ) nRead++;
+    }
+    p = p->pNext;
+  }
+  assert( cnt==db->nVdbeActive );
+  assert( nWrite==db->nVdbeWrite );
+  assert( nRead==db->nVdbeRead );
+}
+#else
+#define checkActiveVdbeCnt(x)
+#endif
+
+/*
+** If the Vdbe passed as the first argument opened a statement-transaction,
+** close it now. Argument eOp must be either SAVEPOINT_ROLLBACK or
+** SAVEPOINT_RELEASE. If it is SAVEPOINT_ROLLBACK, then the statement
+** transaction is rolled back. If eOp is SAVEPOINT_RELEASE, then the 
+** statement transaction is committed.
+**
+** If an IO error occurs, an SQLITE_IOERR_XXX error code is returned. 
+** Otherwise SQLITE_OK.
+*/
+SQLITE_PRIVATE int sqlite3VdbeCloseStatement(Vdbe *p, int eOp){
+  sqlite3 *const db = p->db;
+  int rc = SQLITE_OK;
+
+  /* If p->iStatement is greater than zero, then this Vdbe opened a 
+  ** statement transaction that should be closed here. The only exception
+  ** is that an IO error may have occurred, causing an emergency rollback.
+  ** In this case (db->nStatement==0), and there is nothing to do.
+  */
+  if( db->nStatement && p->iStatement ){
+    int i;
+    const int iSavepoint = p->iStatement-1;
+
+    assert( eOp==SAVEPOINT_ROLLBACK || eOp==SAVEPOINT_RELEASE);
+    assert( db->nStatement>0 );
+    assert( p->iStatement==(db->nStatement+db->nSavepoint) );
+
+    for(i=0; i<db->nDb; i++){ 
+      int rc2 = SQLITE_OK;
+      Btree *pBt = db->aDb[i].pBt;
+      if( pBt ){
+        if( eOp==SAVEPOINT_ROLLBACK ){
+          rc2 = sqlite3BtreeSavepoint(pBt, SAVEPOINT_ROLLBACK, iSavepoint);
+        }
+        if( rc2==SQLITE_OK ){
+          rc2 = sqlite3BtreeSavepoint(pBt, SAVEPOINT_RELEASE, iSavepoint);
+        }
+        if( rc==SQLITE_OK ){
+          rc = rc2;
+        }
+      }
+    }
+    db->nStatement--;
+    p->iStatement = 0;
+
+    if( rc==SQLITE_OK ){
+      if( eOp==SAVEPOINT_ROLLBACK ){
+        rc = sqlite3VtabSavepoint(db, SAVEPOINT_ROLLBACK, iSavepoint);
+      }
+      if( rc==SQLITE_OK ){
+        rc = sqlite3VtabSavepoint(db, SAVEPOINT_RELEASE, iSavepoint);
+      }
+    }
+
+    /* If the statement transaction is being rolled back, also restore the 
+    ** database handles deferred constraint counter to the value it had when 
+    ** the statement transaction was opened.  */
+    if( eOp==SAVEPOINT_ROLLBACK ){
+      db->nDeferredCons = p->nStmtDefCons;
+      db->nDeferredImmCons = p->nStmtDefImmCons;
+    }
+  }
+  return rc;
+}
+
+/*
+** This function is called when a transaction opened by the database 
+** handle associated with the VM passed as an argument is about to be 
+** committed. If there are outstanding deferred foreign key constraint
+** violations, return SQLITE_ERROR. Otherwise, SQLITE_OK.
+**
+** If there are outstanding FK violations and this function returns 
+** SQLITE_ERROR, set the result of the VM to SQLITE_CONSTRAINT_FOREIGNKEY
+** and write an error message to it. Then return SQLITE_ERROR.
+*/
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+SQLITE_PRIVATE int sqlite3VdbeCheckFk(Vdbe *p, int deferred){
+  sqlite3 *db = p->db;
+  if( (deferred && (db->nDeferredCons+db->nDeferredImmCons)>0) 
+   || (!deferred && p->nFkConstraint>0) 
+  ){
+    p->rc = SQLITE_CONSTRAINT_FOREIGNKEY;
+    p->errorAction = OE_Abort;
+    sqlite3VdbeError(p, "FOREIGN KEY constraint failed");
+    return SQLITE_ERROR;
+  }
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** This routine is called the when a VDBE tries to halt.  If the VDBE
+** has made changes and is in autocommit mode, then commit those
+** changes.  If a rollback is needed, then do the rollback.
+**
+** This routine is the only way to move the state of a VM from
+** SQLITE_MAGIC_RUN to SQLITE_MAGIC_HALT.  It is harmless to
+** call this on a VM that is in the SQLITE_MAGIC_HALT state.
+**
+** Return an error code.  If the commit could not complete because of
+** lock contention, return SQLITE_BUSY.  If SQLITE_BUSY is returned, it
+** means the close did not happen and needs to be repeated.
+*/
+SQLITE_PRIVATE int sqlite3VdbeHalt(Vdbe *p){
+  int rc;                         /* Used to store transient return codes */
+  sqlite3 *db = p->db;
+
+  /* This function contains the logic that determines if a statement or
+  ** transaction will be committed or rolled back as a result of the
+  ** execution of this virtual machine. 
+  **
+  ** If any of the following errors occur:
+  **
+  **     SQLITE_NOMEM
+  **     SQLITE_IOERR
+  **     SQLITE_FULL
+  **     SQLITE_INTERRUPT
+  **
+  ** Then the internal cache might have been left in an inconsistent
+  ** state.  We need to rollback the statement transaction, if there is
+  ** one, or the complete transaction if there is no statement transaction.
+  */
+
+  if( p->db->mallocFailed ){
+    p->rc = SQLITE_NOMEM;
+  }
+  if( p->aOnceFlag ) memset(p->aOnceFlag, 0, p->nOnceFlag);
+  closeAllCursors(p);
+  if( p->magic!=VDBE_MAGIC_RUN ){
+    return SQLITE_OK;
+  }
+  checkActiveVdbeCnt(db);
+
+  /* No commit or rollback needed if the program never started or if the
+  ** SQL statement does not read or write a database file.  */
+  if( p->pc>=0 && p->bIsReader ){
+    int mrc;   /* Primary error code from p->rc */
+    int eStatementOp = 0;
+    int isSpecialError;            /* Set to true if a 'special' error */
+
+    /* Lock all btrees used by the statement */
+    sqlite3VdbeEnter(p);
+
+    /* Check for one of the special errors */
+    mrc = p->rc & 0xff;
+    isSpecialError = mrc==SQLITE_NOMEM || mrc==SQLITE_IOERR
+                     || mrc==SQLITE_INTERRUPT || mrc==SQLITE_FULL;
+    if( isSpecialError ){
+      /* If the query was read-only and the error code is SQLITE_INTERRUPT, 
+      ** no rollback is necessary. Otherwise, at least a savepoint 
+      ** transaction must be rolled back to restore the database to a 
+      ** consistent state.
+      **
+      ** Even if the statement is read-only, it is important to perform
+      ** a statement or transaction rollback operation. If the error 
+      ** occurred while writing to the journal, sub-journal or database
+      ** file as part of an effort to free up cache space (see function
+      ** pagerStress() in pager.c), the rollback is required to restore 
+      ** the pager to a consistent state.
+      */
+      if( !p->readOnly || mrc!=SQLITE_INTERRUPT ){
+        if( (mrc==SQLITE_NOMEM || mrc==SQLITE_FULL) && p->usesStmtJournal ){
+          eStatementOp = SAVEPOINT_ROLLBACK;
+        }else{
+          /* We are forced to roll back the active transaction. Before doing
+          ** so, abort any other statements this handle currently has active.
+          */
+          sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
+          sqlite3CloseSavepoints(db);
+          db->autoCommit = 1;
+          p->nChange = 0;
+        }
+      }
+    }
+
+    /* Check for immediate foreign key violations. */
+    if( p->rc==SQLITE_OK ){
+      sqlite3VdbeCheckFk(p, 0);
+    }
+  
+    /* If the auto-commit flag is set and this is the only active writer 
+    ** VM, then we do either a commit or rollback of the current transaction. 
+    **
+    ** Note: This block also runs if one of the special errors handled 
+    ** above has occurred. 
+    */
+    if( !sqlite3VtabInSync(db) 
+     && db->autoCommit 
+     && db->nVdbeWrite==(p->readOnly==0) 
+    ){
+      if( p->rc==SQLITE_OK || (p->errorAction==OE_Fail && !isSpecialError) ){
+        rc = sqlite3VdbeCheckFk(p, 1);
+        if( rc!=SQLITE_OK ){
+          if( NEVER(p->readOnly) ){
+            sqlite3VdbeLeave(p);
+            return SQLITE_ERROR;
+          }
+          rc = SQLITE_CONSTRAINT_FOREIGNKEY;
+        }else{ 
+          /* The auto-commit flag is true, the vdbe program was successful 
+          ** or hit an 'OR FAIL' constraint and there are no deferred foreign
+          ** key constraints to hold up the transaction. This means a commit 
+          ** is required. */
+          rc = vdbeCommit(db, p);
+        }
+        if( rc==SQLITE_BUSY && p->readOnly ){
+          sqlite3VdbeLeave(p);
+          return SQLITE_BUSY;
+        }else if( rc!=SQLITE_OK ){
+          p->rc = rc;
+          sqlite3RollbackAll(db, SQLITE_OK);
+          p->nChange = 0;
+        }else{
+          db->nDeferredCons = 0;
+          db->nDeferredImmCons = 0;
+          db->flags &= ~SQLITE_DeferFKs;
+          sqlite3CommitInternalChanges(db);
+        }
+      }else{
+        sqlite3RollbackAll(db, SQLITE_OK);
+        p->nChange = 0;
+      }
+      db->nStatement = 0;
+    }else if( eStatementOp==0 ){
+      if( p->rc==SQLITE_OK || p->errorAction==OE_Fail ){
+        eStatementOp = SAVEPOINT_RELEASE;
+      }else if( p->errorAction==OE_Abort ){
+        eStatementOp = SAVEPOINT_ROLLBACK;
+      }else{
+        sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
+        sqlite3CloseSavepoints(db);
+        db->autoCommit = 1;
+        p->nChange = 0;
+      }
+    }
+  
+    /* If eStatementOp is non-zero, then a statement transaction needs to
+    ** be committed or rolled back. Call sqlite3VdbeCloseStatement() to
+    ** do so. If this operation returns an error, and the current statement
+    ** error code is SQLITE_OK or SQLITE_CONSTRAINT, then promote the
+    ** current statement error code.
+    */
+    if( eStatementOp ){
+      rc = sqlite3VdbeCloseStatement(p, eStatementOp);
+      if( rc ){
+        if( p->rc==SQLITE_OK || (p->rc&0xff)==SQLITE_CONSTRAINT ){
+          p->rc = rc;
+          sqlite3DbFree(db, p->zErrMsg);
+          p->zErrMsg = 0;
+        }
+        sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
+        sqlite3CloseSavepoints(db);
+        db->autoCommit = 1;
+        p->nChange = 0;
+      }
+    }
+  
+    /* If this was an INSERT, UPDATE or DELETE and no statement transaction
+    ** has been rolled back, update the database connection change-counter. 
+    */
+    if( p->changeCntOn ){
+      if( eStatementOp!=SAVEPOINT_ROLLBACK ){
+        sqlite3VdbeSetChanges(db, p->nChange);
+      }else{
+        sqlite3VdbeSetChanges(db, 0);
+      }
+      p->nChange = 0;
+    }
+
+    /* Release the locks */
+    sqlite3VdbeLeave(p);
+  }
+
+  /* We have successfully halted and closed the VM.  Record this fact. */
+  if( p->pc>=0 ){
+    db->nVdbeActive--;
+    if( !p->readOnly ) db->nVdbeWrite--;
+    if( p->bIsReader ) db->nVdbeRead--;
+    assert( db->nVdbeActive>=db->nVdbeRead );
+    assert( db->nVdbeRead>=db->nVdbeWrite );
+    assert( db->nVdbeWrite>=0 );
+  }
+  p->magic = VDBE_MAGIC_HALT;
+  checkActiveVdbeCnt(db);
+  if( p->db->mallocFailed ){
+    p->rc = SQLITE_NOMEM;
+  }
+
+  /* If the auto-commit flag is set to true, then any locks that were held
+  ** by connection db have now been released. Call sqlite3ConnectionUnlocked() 
+  ** to invoke any required unlock-notify callbacks.
+  */
+  if( db->autoCommit ){
+    sqlite3ConnectionUnlocked(db);
+  }
+
+  assert( db->nVdbeActive>0 || db->autoCommit==0 || db->nStatement==0 );
+  return (p->rc==SQLITE_BUSY ? SQLITE_BUSY : SQLITE_OK);
+}
+
+
+/*
+** Each VDBE holds the result of the most recent sqlite3_step() call
+** in p->rc.  This routine sets that result back to SQLITE_OK.
+*/
+SQLITE_PRIVATE void sqlite3VdbeResetStepResult(Vdbe *p){
+  p->rc = SQLITE_OK;
+}
+
+/*
+** Copy the error code and error message belonging to the VDBE passed
+** as the first argument to its database handle (so that they will be 
+** returned by calls to sqlite3_errcode() and sqlite3_errmsg()).
+**
+** This function does not clear the VDBE error code or message, just
+** copies them to the database handle.
+*/
+SQLITE_PRIVATE int sqlite3VdbeTransferError(Vdbe *p){
+  sqlite3 *db = p->db;
+  int rc = p->rc;
+  if( p->zErrMsg ){
+    u8 mallocFailed = db->mallocFailed;
+    sqlite3BeginBenignMalloc();
+    if( db->pErr==0 ) db->pErr = sqlite3ValueNew(db);
+    sqlite3ValueSetStr(db->pErr, -1, p->zErrMsg, SQLITE_UTF8, SQLITE_TRANSIENT);
+    sqlite3EndBenignMalloc();
+    db->mallocFailed = mallocFailed;
+    db->errCode = rc;
+  }else{
+    sqlite3Error(db, rc);
+  }
+  return rc;
+}
+
+#ifdef SQLITE_ENABLE_SQLLOG
+/*
+** If an SQLITE_CONFIG_SQLLOG hook is registered and the VM has been run, 
+** invoke it.
+*/
+static void vdbeInvokeSqllog(Vdbe *v){
+  if( sqlite3GlobalConfig.xSqllog && v->rc==SQLITE_OK && v->zSql && v->pc>=0 ){
+    char *zExpanded = sqlite3VdbeExpandSql(v, v->zSql);
+    assert( v->db->init.busy==0 );
+    if( zExpanded ){
+      sqlite3GlobalConfig.xSqllog(
+          sqlite3GlobalConfig.pSqllogArg, v->db, zExpanded, 1
+      );
+      sqlite3DbFree(v->db, zExpanded);
+    }
+  }
+}
+#else
+# define vdbeInvokeSqllog(x)
+#endif
+
+/*
+** Clean up a VDBE after execution but do not delete the VDBE just yet.
+** Write any error messages into *pzErrMsg.  Return the result code.
+**
+** After this routine is run, the VDBE should be ready to be executed
+** again.
+**
+** To look at it another way, this routine resets the state of the
+** virtual machine from VDBE_MAGIC_RUN or VDBE_MAGIC_HALT back to
+** VDBE_MAGIC_INIT.
+*/
+SQLITE_PRIVATE int sqlite3VdbeReset(Vdbe *p){
+  sqlite3 *db;
+  db = p->db;
+
+  /* If the VM did not run to completion or if it encountered an
+  ** error, then it might not have been halted properly.  So halt
+  ** it now.
+  */
+  sqlite3VdbeHalt(p);
+
+  /* If the VDBE has be run even partially, then transfer the error code
+  ** and error message from the VDBE into the main database structure.  But
+  ** if the VDBE has just been set to run but has not actually executed any
+  ** instructions yet, leave the main database error information unchanged.
+  */
+  if( p->pc>=0 ){
+    vdbeInvokeSqllog(p);
+    sqlite3VdbeTransferError(p);
+    sqlite3DbFree(db, p->zErrMsg);
+    p->zErrMsg = 0;
+    if( p->runOnlyOnce ) p->expired = 1;
+  }else if( p->rc && p->expired ){
+    /* The expired flag was set on the VDBE before the first call
+    ** to sqlite3_step(). For consistency (since sqlite3_step() was
+    ** called), set the database error in this case as well.
+    */
+    sqlite3ErrorWithMsg(db, p->rc, p->zErrMsg ? "%s" : 0, p->zErrMsg);
+    sqlite3DbFree(db, p->zErrMsg);
+    p->zErrMsg = 0;
+  }
+
+  /* Reclaim all memory used by the VDBE
+  */
+  Cleanup(p);
+
+  /* Save profiling information from this VDBE run.
+  */
+#ifdef VDBE_PROFILE
+  {
+    FILE *out = fopen("vdbe_profile.out", "a");
+    if( out ){
+      int i;
+      fprintf(out, "---- ");
+      for(i=0; i<p->nOp; i++){
+        fprintf(out, "%02x", p->aOp[i].opcode);
+      }
+      fprintf(out, "\n");
+      if( p->zSql ){
+        char c, pc = 0;
+        fprintf(out, "-- ");
+        for(i=0; (c = p->zSql[i])!=0; i++){
+          if( pc=='\n' ) fprintf(out, "-- ");
+          putc(c, out);
+          pc = c;
+        }
+        if( pc!='\n' ) fprintf(out, "\n");
+      }
+      for(i=0; i<p->nOp; i++){
+        char zHdr[100];
+        sqlite3_snprintf(sizeof(zHdr), zHdr, "%6u %12llu %8llu ",
+           p->aOp[i].cnt,
+           p->aOp[i].cycles,
+           p->aOp[i].cnt>0 ? p->aOp[i].cycles/p->aOp[i].cnt : 0
+        );
+        fprintf(out, "%s", zHdr);
+        sqlite3VdbePrintOp(out, i, &p->aOp[i]);
+      }
+      fclose(out);
+    }
+  }
+#endif
+  p->iCurrentTime = 0;
+  p->magic = VDBE_MAGIC_INIT;
+  return p->rc & db->errMask;
+}
+ 
+/*
+** Clean up and delete a VDBE after execution.  Return an integer which is
+** the result code.  Write any error message text into *pzErrMsg.
+*/
+SQLITE_PRIVATE int sqlite3VdbeFinalize(Vdbe *p){
+  int rc = SQLITE_OK;
+  if( p->magic==VDBE_MAGIC_RUN || p->magic==VDBE_MAGIC_HALT ){
+    rc = sqlite3VdbeReset(p);
+    assert( (rc & p->db->errMask)==rc );
+  }
+  sqlite3VdbeDelete(p);
+  return rc;
+}
+
+/*
+** If parameter iOp is less than zero, then invoke the destructor for
+** all auxiliary data pointers currently cached by the VM passed as
+** the first argument.
+**
+** Or, if iOp is greater than or equal to zero, then the destructor is
+** only invoked for those auxiliary data pointers created by the user 
+** function invoked by the OP_Function opcode at instruction iOp of 
+** VM pVdbe, and only then if:
+**
+**    * the associated function parameter is the 32nd or later (counting
+**      from left to right), or
+**
+**    * the corresponding bit in argument mask is clear (where the first
+**      function parameter corresponds to bit 0 etc.).
+*/
+SQLITE_PRIVATE void sqlite3VdbeDeleteAuxData(Vdbe *pVdbe, int iOp, int mask){
+  AuxData **pp = &pVdbe->pAuxData;
+  while( *pp ){
+    AuxData *pAux = *pp;
+    if( (iOp<0)
+     || (pAux->iOp==iOp && (pAux->iArg>31 || !(mask & MASKBIT32(pAux->iArg))))
+    ){
+      testcase( pAux->iArg==31 );
+      if( pAux->xDelete ){
+        pAux->xDelete(pAux->pAux);
+      }
+      *pp = pAux->pNext;
+      sqlite3DbFree(pVdbe->db, pAux);
+    }else{
+      pp= &pAux->pNext;
+    }
+  }
+}
+
+/*
+** Free all memory associated with the Vdbe passed as the second argument,
+** except for object itself, which is preserved.
+**
+** The difference between this function and sqlite3VdbeDelete() is that
+** VdbeDelete() also unlinks the Vdbe from the list of VMs associated with
+** the database connection and frees the object itself.
+*/
+SQLITE_PRIVATE void sqlite3VdbeClearObject(sqlite3 *db, Vdbe *p){
+  SubProgram *pSub, *pNext;
+  int i;
+  assert( p->db==0 || p->db==db );
+  releaseMemArray(p->aVar, p->nVar);
+  releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
+  for(pSub=p->pProgram; pSub; pSub=pNext){
+    pNext = pSub->pNext;
+    vdbeFreeOpArray(db, pSub->aOp, pSub->nOp);
+    sqlite3DbFree(db, pSub);
+  }
+  for(i=p->nzVar-1; i>=0; i--) sqlite3DbFree(db, p->azVar[i]);
+  vdbeFreeOpArray(db, p->aOp, p->nOp);
+  sqlite3DbFree(db, p->aColName);
+  sqlite3DbFree(db, p->zSql);
+  sqlite3DbFree(db, p->pFree);
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+  for(i=0; i<p->nScan; i++){
+    sqlite3DbFree(db, p->aScan[i].zName);
+  }
+  sqlite3DbFree(db, p->aScan);
+#endif
+}
+
+/*
+** Delete an entire VDBE.
+*/
+SQLITE_PRIVATE void sqlite3VdbeDelete(Vdbe *p){
+  sqlite3 *db;
+
+  if( NEVER(p==0) ) return;
+  db = p->db;
+  assert( sqlite3_mutex_held(db->mutex) );
+  sqlite3VdbeClearObject(db, p);
+  if( p->pPrev ){
+    p->pPrev->pNext = p->pNext;
+  }else{
+    assert( db->pVdbe==p );
+    db->pVdbe = p->pNext;
+  }
+  if( p->pNext ){
+    p->pNext->pPrev = p->pPrev;
+  }
+  p->magic = VDBE_MAGIC_DEAD;
+  p->db = 0;
+  sqlite3DbFree(db, p);
+}
+
+/*
+** The cursor "p" has a pending seek operation that has not yet been
+** carried out.  Seek the cursor now.  If an error occurs, return
+** the appropriate error code.
+*/
+static int SQLITE_NOINLINE handleDeferredMoveto(VdbeCursor *p){
+  int res, rc;
+#ifdef SQLITE_TEST
+  extern int sqlite3_search_count;
+#endif
+  assert( p->deferredMoveto );
+  assert( p->isTable );
+  assert( p->eCurType==CURTYPE_BTREE );
+  rc = sqlite3BtreeMovetoUnpacked(p->uc.pCursor, 0, p->movetoTarget, 0, &res);
+  if( rc ) return rc;
+  if( res!=0 ) return SQLITE_CORRUPT_BKPT;
+#ifdef SQLITE_TEST
+  sqlite3_search_count++;
+#endif
+  p->deferredMoveto = 0;
+  p->cacheStatus = CACHE_STALE;
+  return SQLITE_OK;
+}
+
+/*
+** Something has moved cursor "p" out of place.  Maybe the row it was
+** pointed to was deleted out from under it.  Or maybe the btree was
+** rebalanced.  Whatever the cause, try to restore "p" to the place it
+** is supposed to be pointing.  If the row was deleted out from under the
+** cursor, set the cursor to point to a NULL row.
+*/
+static int SQLITE_NOINLINE handleMovedCursor(VdbeCursor *p){
+  int isDifferentRow, rc;
+  assert( p->eCurType==CURTYPE_BTREE );
+  assert( p->uc.pCursor!=0 );
+  assert( sqlite3BtreeCursorHasMoved(p->uc.pCursor) );
+  rc = sqlite3BtreeCursorRestore(p->uc.pCursor, &isDifferentRow);
+  p->cacheStatus = CACHE_STALE;
+  if( isDifferentRow ) p->nullRow = 1;
+  return rc;
+}
+
+/*
+** Check to ensure that the cursor is valid.  Restore the cursor
+** if need be.  Return any I/O error from the restore operation.
+*/
+SQLITE_PRIVATE int sqlite3VdbeCursorRestore(VdbeCursor *p){
+  assert( p->eCurType==CURTYPE_BTREE );
+  if( sqlite3BtreeCursorHasMoved(p->uc.pCursor) ){
+    return handleMovedCursor(p);
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Make sure the cursor p is ready to read or write the row to which it
+** was last positioned.  Return an error code if an OOM fault or I/O error
+** prevents us from positioning the cursor to its correct position.
+**
+** If a MoveTo operation is pending on the given cursor, then do that
+** MoveTo now.  If no move is pending, check to see if the row has been
+** deleted out from under the cursor and if it has, mark the row as
+** a NULL row.
+**
+** If the cursor is already pointing to the correct row and that row has
+** not been deleted out from under the cursor, then this routine is a no-op.
+*/
+SQLITE_PRIVATE int sqlite3VdbeCursorMoveto(VdbeCursor *p){
+  if( p->eCurType==CURTYPE_BTREE ){
+    if( p->deferredMoveto ){
+      return handleDeferredMoveto(p);
+    }
+    if( sqlite3BtreeCursorHasMoved(p->uc.pCursor) ){
+      return handleMovedCursor(p);
+    }
+  }
+  return SQLITE_OK;
+}
+
+/*
+** The following functions:
+**
+** sqlite3VdbeSerialType()
+** sqlite3VdbeSerialTypeLen()
+** sqlite3VdbeSerialLen()
+** sqlite3VdbeSerialPut()
+** sqlite3VdbeSerialGet()
+**
+** encapsulate the code that serializes values for storage in SQLite
+** data and index records. Each serialized value consists of a
+** 'serial-type' and a blob of data. The serial type is an 8-byte unsigned
+** integer, stored as a varint.
+**
+** In an SQLite index record, the serial type is stored directly before
+** the blob of data that it corresponds to. In a table record, all serial
+** types are stored at the start of the record, and the blobs of data at
+** the end. Hence these functions allow the caller to handle the
+** serial-type and data blob separately.
+**
+** The following table describes the various storage classes for data:
+**
+**   serial type        bytes of data      type
+**   --------------     ---------------    ---------------
+**      0                     0            NULL
+**      1                     1            signed integer
+**      2                     2            signed integer
+**      3                     3            signed integer
+**      4                     4            signed integer
+**      5                     6            signed integer
+**      6                     8            signed integer
+**      7                     8            IEEE float
+**      8                     0            Integer constant 0
+**      9                     0            Integer constant 1
+**     10,11                               reserved for expansion
+**    N>=12 and even       (N-12)/2        BLOB
+**    N>=13 and odd        (N-13)/2        text
+**
+** The 8 and 9 types were added in 3.3.0, file format 4.  Prior versions
+** of SQLite will not understand those serial types.
+*/
+
+/*
+** Return the serial-type for the value stored in pMem.
+*/
+SQLITE_PRIVATE u32 sqlite3VdbeSerialType(Mem *pMem, int file_format, u32 *pLen){
+  int flags = pMem->flags;
+  u32 n;
+
+  assert( pLen!=0 );
+  if( flags&MEM_Null ){
+    *pLen = 0;
+    return 0;
+  }
+  if( flags&MEM_Int ){
+    /* Figure out whether to use 1, 2, 4, 6 or 8 bytes. */
+#   define MAX_6BYTE ((((i64)0x00008000)<<32)-1)
+    i64 i = pMem->u.i;
+    u64 u;
+    if( i<0 ){
+      u = ~i;
+    }else{
+      u = i;
+    }
+    if( u<=127 ){
+      if( (i&1)==i && file_format>=4 ){
+        *pLen = 0;
+        return 8+(u32)u;
+      }else{
+        *pLen = 1;
+        return 1;
+      }
+    }
+    if( u<=32767 ){ *pLen = 2; return 2; }
+    if( u<=8388607 ){ *pLen = 3; return 3; }
+    if( u<=2147483647 ){ *pLen = 4; return 4; }
+    if( u<=MAX_6BYTE ){ *pLen = 6; return 5; }
+    *pLen = 8;
+    return 6;
+  }
+  if( flags&MEM_Real ){
+    *pLen = 8;
+    return 7;
+  }
+  assert( pMem->db->mallocFailed || flags&(MEM_Str|MEM_Blob) );
+  assert( pMem->n>=0 );
+  n = (u32)pMem->n;
+  if( flags & MEM_Zero ){
+    n += pMem->u.nZero;
+  }
+  *pLen = n;
+  return ((n*2) + 12 + ((flags&MEM_Str)!=0));
+}
+
+/*
+** The sizes for serial types less than 128
+*/
+static const u8 sqlite3SmallTypeSizes[] = {
+        /*  0   1   2   3   4   5   6   7   8   9 */   
+/*   0 */   0,  1,  2,  3,  4,  6,  8,  8,  0,  0,
+/*  10 */   0,  0,  0,  0,  1,  1,  2,  2,  3,  3,
+/*  20 */   4,  4,  5,  5,  6,  6,  7,  7,  8,  8,
+/*  30 */   9,  9, 10, 10, 11, 11, 12, 12, 13, 13,
+/*  40 */  14, 14, 15, 15, 16, 16, 17, 17, 18, 18,
+/*  50 */  19, 19, 20, 20, 21, 21, 22, 22, 23, 23,
+/*  60 */  24, 24, 25, 25, 26, 26, 27, 27, 28, 28,
+/*  70 */  29, 29, 30, 30, 31, 31, 32, 32, 33, 33,
+/*  80 */  34, 34, 35, 35, 36, 36, 37, 37, 38, 38,
+/*  90 */  39, 39, 40, 40, 41, 41, 42, 42, 43, 43,
+/* 100 */  44, 44, 45, 45, 46, 46, 47, 47, 48, 48,
+/* 110 */  49, 49, 50, 50, 51, 51, 52, 52, 53, 53,
+/* 120 */  54, 54, 55, 55, 56, 56, 57, 57
+};
+
+/*
+** Return the length of the data corresponding to the supplied serial-type.
+*/
+SQLITE_PRIVATE u32 sqlite3VdbeSerialTypeLen(u32 serial_type){
+  if( serial_type>=128 ){
+    return (serial_type-12)/2;
+  }else{
+    assert( serial_type<12 
+            || sqlite3SmallTypeSizes[serial_type]==(serial_type - 12)/2 );
+    return sqlite3SmallTypeSizes[serial_type];
+  }
+}
+SQLITE_PRIVATE u8 sqlite3VdbeOneByteSerialTypeLen(u8 serial_type){
+  assert( serial_type<128 );
+  return sqlite3SmallTypeSizes[serial_type];  
+}
+
+/*
+** If we are on an architecture with mixed-endian floating 
+** points (ex: ARM7) then swap the lower 4 bytes with the 
+** upper 4 bytes.  Return the result.
+**
+** For most architectures, this is a no-op.
+**
+** (later):  It is reported to me that the mixed-endian problem
+** on ARM7 is an issue with GCC, not with the ARM7 chip.  It seems
+** that early versions of GCC stored the two words of a 64-bit
+** float in the wrong order.  And that error has been propagated
+** ever since.  The blame is not necessarily with GCC, though.
+** GCC might have just copying the problem from a prior compiler.
+** I am also told that newer versions of GCC that follow a different
+** ABI get the byte order right.
+**
+** Developers using SQLite on an ARM7 should compile and run their
+** application using -DSQLITE_DEBUG=1 at least once.  With DEBUG
+** enabled, some asserts below will ensure that the byte order of
+** floating point values is correct.
+**
+** (2007-08-30)  Frank van Vugt has studied this problem closely
+** and has send his findings to the SQLite developers.  Frank
+** writes that some Linux kernels offer floating point hardware
+** emulation that uses only 32-bit mantissas instead of a full 
+** 48-bits as required by the IEEE standard.  (This is the
+** CONFIG_FPE_FASTFPE option.)  On such systems, floating point
+** byte swapping becomes very complicated.  To avoid problems,
+** the necessary byte swapping is carried out using a 64-bit integer
+** rather than a 64-bit float.  Frank assures us that the code here
+** works for him.  We, the developers, have no way to independently
+** verify this, but Frank seems to know what he is talking about
+** so we trust him.
+*/
+#ifdef SQLITE_MIXED_ENDIAN_64BIT_FLOAT
+static u64 floatSwap(u64 in){
+  union {
+    u64 r;
+    u32 i[2];
+  } u;
+  u32 t;
+
+  u.r = in;
+  t = u.i[0];
+  u.i[0] = u.i[1];
+  u.i[1] = t;
+  return u.r;
+}
+# define swapMixedEndianFloat(X)  X = floatSwap(X)
+#else
+# define swapMixedEndianFloat(X)
+#endif
+
+/*
+** Write the serialized data blob for the value stored in pMem into 
+** buf. It is assumed that the caller has allocated sufficient space.
+** Return the number of bytes written.
+**
+** nBuf is the amount of space left in buf[].  The caller is responsible
+** for allocating enough space to buf[] to hold the entire field, exclusive
+** of the pMem->u.nZero bytes for a MEM_Zero value.
+**
+** Return the number of bytes actually written into buf[].  The number
+** of bytes in the zero-filled tail is included in the return value only
+** if those bytes were zeroed in buf[].
+*/ 
+SQLITE_PRIVATE u32 sqlite3VdbeSerialPut(u8 *buf, Mem *pMem, u32 serial_type){
+  u32 len;
+
+  /* Integer and Real */
+  if( serial_type<=7 && serial_type>0 ){
+    u64 v;
+    u32 i;
+    if( serial_type==7 ){
+      assert( sizeof(v)==sizeof(pMem->u.r) );
+      memcpy(&v, &pMem->u.r, sizeof(v));
+      swapMixedEndianFloat(v);
+    }else{
+      v = pMem->u.i;
+    }
+    len = i = sqlite3SmallTypeSizes[serial_type];
+    assert( i>0 );
+    do{
+      buf[--i] = (u8)(v&0xFF);
+      v >>= 8;
+    }while( i );
+    return len;
+  }
+
+  /* String or blob */
+  if( serial_type>=12 ){
+    assert( pMem->n + ((pMem->flags & MEM_Zero)?pMem->u.nZero:0)
+             == (int)sqlite3VdbeSerialTypeLen(serial_type) );
+    len = pMem->n;
+    if( len>0 ) memcpy(buf, pMem->z, len);
+    return len;
+  }
+
+  /* NULL or constants 0 or 1 */
+  return 0;
+}
+
+/* Input "x" is a sequence of unsigned characters that represent a
+** big-endian integer.  Return the equivalent native integer
+*/
+#define ONE_BYTE_INT(x)    ((i8)(x)[0])
+#define TWO_BYTE_INT(x)    (256*(i8)((x)[0])|(x)[1])
+#define THREE_BYTE_INT(x)  (65536*(i8)((x)[0])|((x)[1]<<8)|(x)[2])
+#define FOUR_BYTE_UINT(x)  (((u32)(x)[0]<<24)|((x)[1]<<16)|((x)[2]<<8)|(x)[3])
+#define FOUR_BYTE_INT(x) (16777216*(i8)((x)[0])|((x)[1]<<16)|((x)[2]<<8)|(x)[3])
+
+/*
+** Deserialize the data blob pointed to by buf as serial type serial_type
+** and store the result in pMem.  Return the number of bytes read.
+**
+** This function is implemented as two separate routines for performance.
+** The few cases that require local variables are broken out into a separate
+** routine so that in most cases the overhead of moving the stack pointer
+** is avoided.
+*/ 
+static u32 SQLITE_NOINLINE serialGet(
+  const unsigned char *buf,     /* Buffer to deserialize from */
+  u32 serial_type,              /* Serial type to deserialize */
+  Mem *pMem                     /* Memory cell to write value into */
+){
+  u64 x = FOUR_BYTE_UINT(buf);
+  u32 y = FOUR_BYTE_UINT(buf+4);
+  x = (x<<32) + y;
+  if( serial_type==6 ){
+    /* EVIDENCE-OF: R-29851-52272 Value is a big-endian 64-bit
+    ** twos-complement integer. */
+    pMem->u.i = *(i64*)&x;
+    pMem->flags = MEM_Int;
+    testcase( pMem->u.i<0 );
+  }else{
+    /* EVIDENCE-OF: R-57343-49114 Value is a big-endian IEEE 754-2008 64-bit
+    ** floating point number. */
+#if !defined(NDEBUG) && !defined(SQLITE_OMIT_FLOATING_POINT)
+    /* Verify that integers and floating point values use the same
+    ** byte order.  Or, that if SQLITE_MIXED_ENDIAN_64BIT_FLOAT is
+    ** defined that 64-bit floating point values really are mixed
+    ** endian.
+    */
+    static const u64 t1 = ((u64)0x3ff00000)<<32;
+    static const double r1 = 1.0;
+    u64 t2 = t1;
+    swapMixedEndianFloat(t2);
+    assert( sizeof(r1)==sizeof(t2) && memcmp(&r1, &t2, sizeof(r1))==0 );
+#endif
+    assert( sizeof(x)==8 && sizeof(pMem->u.r)==8 );
+    swapMixedEndianFloat(x);
+    memcpy(&pMem->u.r, &x, sizeof(x));
+    pMem->flags = sqlite3IsNaN(pMem->u.r) ? MEM_Null : MEM_Real;
+  }
+  return 8;
+}
+SQLITE_PRIVATE u32 sqlite3VdbeSerialGet(
+  const unsigned char *buf,     /* Buffer to deserialize from */
+  u32 serial_type,              /* Serial type to deserialize */
+  Mem *pMem                     /* Memory cell to write value into */
+){
+  switch( serial_type ){
+    case 10:   /* Reserved for future use */
+    case 11:   /* Reserved for future use */
+    case 0: {  /* Null */
+      /* EVIDENCE-OF: R-24078-09375 Value is a NULL. */
+      pMem->flags = MEM_Null;
+      break;
+    }
+    case 1: {
+      /* EVIDENCE-OF: R-44885-25196 Value is an 8-bit twos-complement
+      ** integer. */
+      pMem->u.i = ONE_BYTE_INT(buf);
+      pMem->flags = MEM_Int;
+      testcase( pMem->u.i<0 );
+      return 1;
+    }
+    case 2: { /* 2-byte signed integer */
+      /* EVIDENCE-OF: R-49794-35026 Value is a big-endian 16-bit
+      ** twos-complement integer. */
+      pMem->u.i = TWO_BYTE_INT(buf);
+      pMem->flags = MEM_Int;
+      testcase( pMem->u.i<0 );
+      return 2;
+    }
+    case 3: { /* 3-byte signed integer */
+      /* EVIDENCE-OF: R-37839-54301 Value is a big-endian 24-bit
+      ** twos-complement integer. */
+      pMem->u.i = THREE_BYTE_INT(buf);
+      pMem->flags = MEM_Int;
+      testcase( pMem->u.i<0 );
+      return 3;
+    }
+    case 4: { /* 4-byte signed integer */
+      /* EVIDENCE-OF: R-01849-26079 Value is a big-endian 32-bit
+      ** twos-complement integer. */
+      pMem->u.i = FOUR_BYTE_INT(buf);
+#ifdef __HP_cc 
+      /* Work around a sign-extension bug in the HP compiler for HP/UX */
+      if( buf[0]&0x80 ) pMem->u.i |= 0xffffffff80000000LL;
+#endif
+      pMem->flags = MEM_Int;
+      testcase( pMem->u.i<0 );
+      return 4;
+    }
+    case 5: { /* 6-byte signed integer */
+      /* EVIDENCE-OF: R-50385-09674 Value is a big-endian 48-bit
+      ** twos-complement integer. */
+      pMem->u.i = FOUR_BYTE_UINT(buf+2) + (((i64)1)<<32)*TWO_BYTE_INT(buf);
+      pMem->flags = MEM_Int;
+      testcase( pMem->u.i<0 );
+      return 6;
+    }
+    case 6:   /* 8-byte signed integer */
+    case 7: { /* IEEE floating point */
+      /* These use local variables, so do them in a separate routine
+      ** to avoid having to move the frame pointer in the common case */
+      return serialGet(buf,serial_type,pMem);
+    }
+    case 8:    /* Integer 0 */
+    case 9: {  /* Integer 1 */
+      /* EVIDENCE-OF: R-12976-22893 Value is the integer 0. */
+      /* EVIDENCE-OF: R-18143-12121 Value is the integer 1. */
+      pMem->u.i = serial_type-8;
+      pMem->flags = MEM_Int;
+      return 0;
+    }
+    default: {
+      /* EVIDENCE-OF: R-14606-31564 Value is a BLOB that is (N-12)/2 bytes in
+      ** length.
+      ** EVIDENCE-OF: R-28401-00140 Value is a string in the text encoding and
+      ** (N-13)/2 bytes in length. */
+      static const u16 aFlag[] = { MEM_Blob|MEM_Ephem, MEM_Str|MEM_Ephem };
+      pMem->z = (char *)buf;
+      pMem->n = (serial_type-12)/2;
+      pMem->flags = aFlag[serial_type&1];
+      return pMem->n;
+    }
+  }
+  return 0;
+}
+/*
+** This routine is used to allocate sufficient space for an UnpackedRecord
+** structure large enough to be used with sqlite3VdbeRecordUnpack() if
+** the first argument is a pointer to KeyInfo structure pKeyInfo.
+**
+** The space is either allocated using sqlite3DbMallocRaw() or from within
+** the unaligned buffer passed via the second and third arguments (presumably
+** stack space). If the former, then *ppFree is set to a pointer that should
+** be eventually freed by the caller using sqlite3DbFree(). Or, if the 
+** allocation comes from the pSpace/szSpace buffer, *ppFree is set to NULL
+** before returning.
+**
+** If an OOM error occurs, NULL is returned.
+*/
+SQLITE_PRIVATE UnpackedRecord *sqlite3VdbeAllocUnpackedRecord(
+  KeyInfo *pKeyInfo,              /* Description of the record */
+  char *pSpace,                   /* Unaligned space available */
+  int szSpace,                    /* Size of pSpace[] in bytes */
+  char **ppFree                   /* OUT: Caller should free this pointer */
+){
+  UnpackedRecord *p;              /* Unpacked record to return */
+  int nOff;                       /* Increment pSpace by nOff to align it */
+  int nByte;                      /* Number of bytes required for *p */
+
+  /* We want to shift the pointer pSpace up such that it is 8-byte aligned.
+  ** Thus, we need to calculate a value, nOff, between 0 and 7, to shift 
+  ** it by.  If pSpace is already 8-byte aligned, nOff should be zero.
+  */
+  nOff = (8 - (SQLITE_PTR_TO_INT(pSpace) & 7)) & 7;
+  nByte = ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*(pKeyInfo->nField+1);
+  if( nByte>szSpace+nOff ){
+    p = (UnpackedRecord *)sqlite3DbMallocRaw(pKeyInfo->db, nByte);
+    *ppFree = (char *)p;
+    if( !p ) return 0;
+  }else{
+    p = (UnpackedRecord*)&pSpace[nOff];
+    *ppFree = 0;
+  }
+
+  p->aMem = (Mem*)&((char*)p)[ROUND8(sizeof(UnpackedRecord))];
+  assert( pKeyInfo->aSortOrder!=0 );
+  p->pKeyInfo = pKeyInfo;
+  p->nField = pKeyInfo->nField + 1;
+  return p;
+}
+
+/*
+** Given the nKey-byte encoding of a record in pKey[], populate the 
+** UnpackedRecord structure indicated by the fourth argument with the
+** contents of the decoded record.
+*/ 
+SQLITE_PRIVATE void sqlite3VdbeRecordUnpack(
+  KeyInfo *pKeyInfo,     /* Information about the record format */
+  int nKey,              /* Size of the binary record */
+  const void *pKey,      /* The binary record */
+  UnpackedRecord *p      /* Populate this structure before returning. */
+){
+  const unsigned char *aKey = (const unsigned char *)pKey;
+  int d; 
+  u32 idx;                        /* Offset in aKey[] to read from */
+  u16 u;                          /* Unsigned loop counter */
+  u32 szHdr;
+  Mem *pMem = p->aMem;
+
+  p->default_rc = 0;
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
+  idx = getVarint32(aKey, szHdr);
+  d = szHdr;
+  u = 0;
+  while( idx<szHdr && d<=nKey ){
+    u32 serial_type;
+
+    idx += getVarint32(&aKey[idx], serial_type);
+    pMem->enc = pKeyInfo->enc;
+    pMem->db = pKeyInfo->db;
+    /* pMem->flags = 0; // sqlite3VdbeSerialGet() will set this for us */
+    pMem->szMalloc = 0;
+    d += sqlite3VdbeSerialGet(&aKey[d], serial_type, pMem);
+    pMem++;
+    if( (++u)>=p->nField ) break;
+  }
+  assert( u<=pKeyInfo->nField + 1 );
+  p->nField = u;
+}
+
+#if SQLITE_DEBUG
+/*
+** This function compares two index or table record keys in the same way
+** as the sqlite3VdbeRecordCompare() routine. Unlike VdbeRecordCompare(),
+** this function deserializes and compares values using the
+** sqlite3VdbeSerialGet() and sqlite3MemCompare() functions. It is used
+** in assert() statements to ensure that the optimized code in
+** sqlite3VdbeRecordCompare() returns results with these two primitives.
+**
+** Return true if the result of comparison is equivalent to desiredResult.
+** Return false if there is a disagreement.
+*/
+static int vdbeRecordCompareDebug(
+  int nKey1, const void *pKey1, /* Left key */
+  const UnpackedRecord *pPKey2, /* Right key */
+  int desiredResult             /* Correct answer */
+){
+  u32 d1;            /* Offset into aKey[] of next data element */
+  u32 idx1;          /* Offset into aKey[] of next header element */
+  u32 szHdr1;        /* Number of bytes in header */
+  int i = 0;
+  int rc = 0;
+  const unsigned char *aKey1 = (const unsigned char *)pKey1;
+  KeyInfo *pKeyInfo;
+  Mem mem1;
+
+  pKeyInfo = pPKey2->pKeyInfo;
+  if( pKeyInfo->db==0 ) return 1;
+  mem1.enc = pKeyInfo->enc;
+  mem1.db = pKeyInfo->db;
+  /* mem1.flags = 0;  // Will be initialized by sqlite3VdbeSerialGet() */
+  VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
+
+  /* Compilers may complain that mem1.u.i is potentially uninitialized.
+  ** We could initialize it, as shown here, to silence those complaints.
+  ** But in fact, mem1.u.i will never actually be used uninitialized, and doing 
+  ** the unnecessary initialization has a measurable negative performance
+  ** impact, since this routine is a very high runner.  And so, we choose
+  ** to ignore the compiler warnings and leave this variable uninitialized.
+  */
+  /*  mem1.u.i = 0;  // not needed, here to silence compiler warning */
+  
+  idx1 = getVarint32(aKey1, szHdr1);
+  if( szHdr1>98307 ) return SQLITE_CORRUPT;
+  d1 = szHdr1;
+  assert( pKeyInfo->nField+pKeyInfo->nXField>=pPKey2->nField || CORRUPT_DB );
+  assert( pKeyInfo->aSortOrder!=0 );
+  assert( pKeyInfo->nField>0 );
+  assert( idx1<=szHdr1 || CORRUPT_DB );
+  do{
+    u32 serial_type1;
+
+    /* Read the serial types for the next element in each key. */
+    idx1 += getVarint32( aKey1+idx1, serial_type1 );
+
+    /* Verify that there is enough key space remaining to avoid
+    ** a buffer overread.  The "d1+serial_type1+2" subexpression will
+    ** always be greater than or equal to the amount of required key space.
+    ** Use that approximation to avoid the more expensive call to
+    ** sqlite3VdbeSerialTypeLen() in the common case.
+    */
+    if( d1+serial_type1+2>(u32)nKey1
+     && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
+    ){
+      break;
+    }
+
+    /* Extract the values to be compared.
+    */
+    d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
+
+    /* Do the comparison
+    */
+    rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], pKeyInfo->aColl[i]);
+    if( rc!=0 ){
+      assert( mem1.szMalloc==0 );  /* See comment below */
+      if( pKeyInfo->aSortOrder[i] ){
+        rc = -rc;  /* Invert the result for DESC sort order. */
+      }
+      goto debugCompareEnd;
+    }
+    i++;
+  }while( idx1<szHdr1 && i<pPKey2->nField );
+
+  /* No memory allocation is ever used on mem1.  Prove this using
+  ** the following assert().  If the assert() fails, it indicates a
+  ** memory leak and a need to call sqlite3VdbeMemRelease(&mem1).
+  */
+  assert( mem1.szMalloc==0 );
+
+  /* rc==0 here means that one of the keys ran out of fields and
+  ** all the fields up to that point were equal. Return the default_rc
+  ** value.  */
+  rc = pPKey2->default_rc;
+
+debugCompareEnd:
+  if( desiredResult==0 && rc==0 ) return 1;
+  if( desiredResult<0 && rc<0 ) return 1;
+  if( desiredResult>0 && rc>0 ) return 1;
+  if( CORRUPT_DB ) return 1;
+  if( pKeyInfo->db->mallocFailed ) return 1;
+  return 0;
+}
+#endif
+
+#if SQLITE_DEBUG
+/*
+** Count the number of fields (a.k.a. columns) in the record given by
+** pKey,nKey.  The verify that this count is less than or equal to the
+** limit given by pKeyInfo->nField + pKeyInfo->nXField.
+**
+** If this constraint is not satisfied, it means that the high-speed
+** vdbeRecordCompareInt() and vdbeRecordCompareString() routines will
+** not work correctly.  If this assert() ever fires, it probably means
+** that the KeyInfo.nField or KeyInfo.nXField values were computed
+** incorrectly.
+*/
+static void vdbeAssertFieldCountWithinLimits(
+  int nKey, const void *pKey,   /* The record to verify */ 
+  const KeyInfo *pKeyInfo       /* Compare size with this KeyInfo */
+){
+  int nField = 0;
+  u32 szHdr;
+  u32 idx;
+  u32 notUsed;
+  const unsigned char *aKey = (const unsigned char*)pKey;
+
+  if( CORRUPT_DB ) return;
+  idx = getVarint32(aKey, szHdr);
+  assert( nKey>=0 );
+  assert( szHdr<=(u32)nKey );
+  while( idx<szHdr ){
+    idx += getVarint32(aKey+idx, notUsed);
+    nField++;
+  }
+  assert( nField <= pKeyInfo->nField+pKeyInfo->nXField );
+}
+#else
+# define vdbeAssertFieldCountWithinLimits(A,B,C)
+#endif
+
+/*
+** Both *pMem1 and *pMem2 contain string values. Compare the two values
+** using the collation sequence pColl. As usual, return a negative , zero
+** or positive value if *pMem1 is less than, equal to or greater than 
+** *pMem2, respectively. Similar in spirit to "rc = (*pMem1) - (*pMem2);".
+*/
+static int vdbeCompareMemString(
+  const Mem *pMem1,
+  const Mem *pMem2,
+  const CollSeq *pColl,
+  u8 *prcErr                      /* If an OOM occurs, set to SQLITE_NOMEM */
+){
+  if( pMem1->enc==pColl->enc ){
+    /* The strings are already in the correct encoding.  Call the
+     ** comparison function directly */
+    return pColl->xCmp(pColl->pUser,pMem1->n,pMem1->z,pMem2->n,pMem2->z);
+  }else{
+    int rc;
+    const void *v1, *v2;
+    int n1, n2;
+    Mem c1;
+    Mem c2;
+    sqlite3VdbeMemInit(&c1, pMem1->db, MEM_Null);
+    sqlite3VdbeMemInit(&c2, pMem1->db, MEM_Null);
+    sqlite3VdbeMemShallowCopy(&c1, pMem1, MEM_Ephem);
+    sqlite3VdbeMemShallowCopy(&c2, pMem2, MEM_Ephem);
+    v1 = sqlite3ValueText((sqlite3_value*)&c1, pColl->enc);
+    n1 = v1==0 ? 0 : c1.n;
+    v2 = sqlite3ValueText((sqlite3_value*)&c2, pColl->enc);
+    n2 = v2==0 ? 0 : c2.n;
+    rc = pColl->xCmp(pColl->pUser, n1, v1, n2, v2);
+    sqlite3VdbeMemRelease(&c1);
+    sqlite3VdbeMemRelease(&c2);
+    if( (v1==0 || v2==0) && prcErr ) *prcErr = SQLITE_NOMEM;
+    return rc;
+  }
+}
+
+/*
+** Compare two blobs.  Return negative, zero, or positive if the first
+** is less than, equal to, or greater than the second, respectively.
+** If one blob is a prefix of the other, then the shorter is the lessor.
+*/
+static SQLITE_NOINLINE int sqlite3BlobCompare(const Mem *pB1, const Mem *pB2){
+  int c = memcmp(pB1->z, pB2->z, pB1->n>pB2->n ? pB2->n : pB1->n);
+  if( c ) return c;
+  return pB1->n - pB2->n;
+}
+
+/*
+** Do a comparison between a 64-bit signed integer and a 64-bit floating-point
+** number.  Return negative, zero, or positive if the first (i64) is less than,
+** equal to, or greater than the second (double).
+*/
+static int sqlite3IntFloatCompare(i64 i, double r){
+  if( sizeof(LONGDOUBLE_TYPE)>8 ){
+    LONGDOUBLE_TYPE x = (LONGDOUBLE_TYPE)i;
+    if( x<r ) return -1;
+    if( x>r ) return +1;
+    return 0;
+  }else{
+    i64 y;
+    double s;
+    if( r<-9223372036854775808.0 ) return +1;
+    if( r>9223372036854775807.0 ) return -1;
+    y = (i64)r;
+    if( i<y ) return -1;
+    if( i>y ){
+      if( y==SMALLEST_INT64 && r>0.0 ) return -1;
+      return +1;
+    }
+    s = (double)i;
+    if( s<r ) return -1;
+    if( s>r ) return +1;
+    return 0;
+  }
+}
+
+/*
+** Compare the values contained by the two memory cells, returning
+** negative, zero or positive if pMem1 is less than, equal to, or greater
+** than pMem2. Sorting order is NULL's first, followed by numbers (integers
+** and reals) sorted numerically, followed by text ordered by the collating
+** sequence pColl and finally blob's ordered by memcmp().
+**
+** Two NULL values are considered equal by this function.
+*/
+SQLITE_PRIVATE int sqlite3MemCompare(const Mem *pMem1, const Mem *pMem2, const CollSeq *pColl){
+  int f1, f2;
+  int combined_flags;
+
+  f1 = pMem1->flags;
+  f2 = pMem2->flags;
+  combined_flags = f1|f2;
+  assert( (combined_flags & MEM_RowSet)==0 );
+ 
+  /* If one value is NULL, it is less than the other. If both values
+  ** are NULL, return 0.
+  */
+  if( combined_flags&MEM_Null ){
+    return (f2&MEM_Null) - (f1&MEM_Null);
+  }
+
+  /* At least one of the two values is a number
+  */
+  if( combined_flags&(MEM_Int|MEM_Real) ){
+    if( (f1 & f2 & MEM_Int)!=0 ){
+      if( pMem1->u.i < pMem2->u.i ) return -1;
+      if( pMem1->u.i > pMem2->u.i ) return +1;
+      return 0;
+    }
+    if( (f1 & f2 & MEM_Real)!=0 ){
+      if( pMem1->u.r < pMem2->u.r ) return -1;
+      if( pMem1->u.r > pMem2->u.r ) return +1;
+      return 0;
+    }
+    if( (f1&MEM_Int)!=0 ){
+      if( (f2&MEM_Real)!=0 ){
+        return sqlite3IntFloatCompare(pMem1->u.i, pMem2->u.r);
+      }else{
+        return -1;
+      }
+    }
+    if( (f1&MEM_Real)!=0 ){
+      if( (f2&MEM_Int)!=0 ){
+        return -sqlite3IntFloatCompare(pMem2->u.i, pMem1->u.r);
+      }else{
+        return -1;
+      }
+    }
+    return +1;
+  }
+
+  /* If one value is a string and the other is a blob, the string is less.
+  ** If both are strings, compare using the collating functions.
+  */
+  if( combined_flags&MEM_Str ){
+    if( (f1 & MEM_Str)==0 ){
+      return 1;
+    }
+    if( (f2 & MEM_Str)==0 ){
+      return -1;
+    }
+
+    assert( pMem1->enc==pMem2->enc || pMem1->db->mallocFailed );
+    assert( pMem1->enc==SQLITE_UTF8 || 
+            pMem1->enc==SQLITE_UTF16LE || pMem1->enc==SQLITE_UTF16BE );
+
+    /* The collation sequence must be defined at this point, even if
+    ** the user deletes the collation sequence after the vdbe program is
+    ** compiled (this was not always the case).
+    */
+    assert( !pColl || pColl->xCmp );
+
+    if( pColl ){
+      return vdbeCompareMemString(pMem1, pMem2, pColl, 0);
+    }
+    /* If a NULL pointer was passed as the collate function, fall through
+    ** to the blob case and use memcmp().  */
+  }
+ 
+  /* Both values must be blobs.  Compare using memcmp().  */
+  return sqlite3BlobCompare(pMem1, pMem2);
+}
+
+
+/*
+** The first argument passed to this function is a serial-type that
+** corresponds to an integer - all values between 1 and 9 inclusive 
+** except 7. The second points to a buffer containing an integer value
+** serialized according to serial_type. This function deserializes
+** and returns the value.
+*/
+static i64 vdbeRecordDecodeInt(u32 serial_type, const u8 *aKey){
+  u32 y;
+  assert( CORRUPT_DB || (serial_type>=1 && serial_type<=9 && serial_type!=7) );
+  switch( serial_type ){
+    case 0:
+    case 1:
+      testcase( aKey[0]&0x80 );
+      return ONE_BYTE_INT(aKey);
+    case 2:
+      testcase( aKey[0]&0x80 );
+      return TWO_BYTE_INT(aKey);
+    case 3:
+      testcase( aKey[0]&0x80 );
+      return THREE_BYTE_INT(aKey);
+    case 4: {
+      testcase( aKey[0]&0x80 );
+      y = FOUR_BYTE_UINT(aKey);
+      return (i64)*(int*)&y;
+    }
+    case 5: {
+      testcase( aKey[0]&0x80 );
+      return FOUR_BYTE_UINT(aKey+2) + (((i64)1)<<32)*TWO_BYTE_INT(aKey);
+    }
+    case 6: {
+      u64 x = FOUR_BYTE_UINT(aKey);
+      testcase( aKey[0]&0x80 );
+      x = (x<<32) | FOUR_BYTE_UINT(aKey+4);
+      return (i64)*(i64*)&x;
+    }
+  }
+
+  return (serial_type - 8);
+}
+
+/*
+** This function compares the two table rows or index records
+** specified by {nKey1, pKey1} and pPKey2.  It returns a negative, zero
+** or positive integer if key1 is less than, equal to or 
+** greater than key2.  The {nKey1, pKey1} key must be a blob
+** created by the OP_MakeRecord opcode of the VDBE.  The pPKey2
+** key must be a parsed key such as obtained from
+** sqlite3VdbeParseRecord.
+**
+** If argument bSkip is non-zero, it is assumed that the caller has already
+** determined that the first fields of the keys are equal.
+**
+** Key1 and Key2 do not have to contain the same number of fields. If all 
+** fields that appear in both keys are equal, then pPKey2->default_rc is 
+** returned.
+**
+** If database corruption is discovered, set pPKey2->errCode to 
+** SQLITE_CORRUPT and return 0. If an OOM error is encountered, 
+** pPKey2->errCode is set to SQLITE_NOMEM and, if it is not NULL, the
+** malloc-failed flag set on database handle (pPKey2->pKeyInfo->db).
+*/
+SQLITE_PRIVATE int sqlite3VdbeRecordCompareWithSkip(
+  int nKey1, const void *pKey1,   /* Left key */
+  UnpackedRecord *pPKey2,         /* Right key */
+  int bSkip                       /* If true, skip the first field */
+){
+  u32 d1;                         /* Offset into aKey[] of next data element */
+  int i;                          /* Index of next field to compare */
+  u32 szHdr1;                     /* Size of record header in bytes */
+  u32 idx1;                       /* Offset of first type in header */
+  int rc = 0;                     /* Return value */
+  Mem *pRhs = pPKey2->aMem;       /* Next field of pPKey2 to compare */
+  KeyInfo *pKeyInfo = pPKey2->pKeyInfo;
+  const unsigned char *aKey1 = (const unsigned char *)pKey1;
+  Mem mem1;
+
+  /* If bSkip is true, then the caller has already determined that the first
+  ** two elements in the keys are equal. Fix the various stack variables so
+  ** that this routine begins comparing at the second field. */
+  if( bSkip ){
+    u32 s1;
+    idx1 = 1 + getVarint32(&aKey1[1], s1);
+    szHdr1 = aKey1[0];
+    d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
+    i = 1;
+    pRhs++;
+  }else{
+    idx1 = getVarint32(aKey1, szHdr1);
+    d1 = szHdr1;
+    if( d1>(unsigned)nKey1 ){ 
+      pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
+      return 0;  /* Corruption */
+    }
+    i = 0;
+  }
+
+  VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
+  assert( pPKey2->pKeyInfo->nField+pPKey2->pKeyInfo->nXField>=pPKey2->nField 
+       || CORRUPT_DB );
+  assert( pPKey2->pKeyInfo->aSortOrder!=0 );
+  assert( pPKey2->pKeyInfo->nField>0 );
+  assert( idx1<=szHdr1 || CORRUPT_DB );
+  do{
+    u32 serial_type;
+
+    /* RHS is an integer */
+    if( pRhs->flags & MEM_Int ){
+      serial_type = aKey1[idx1];
+      testcase( serial_type==12 );
+      if( serial_type>=10 ){
+        rc = +1;
+      }else if( serial_type==0 ){
+        rc = -1;
+      }else if( serial_type==7 ){
+        sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
+        rc = -sqlite3IntFloatCompare(pRhs->u.i, mem1.u.r);
+      }else{
+        i64 lhs = vdbeRecordDecodeInt(serial_type, &aKey1[d1]);
+        i64 rhs = pRhs->u.i;
+        if( lhs<rhs ){
+          rc = -1;
+        }else if( lhs>rhs ){
+          rc = +1;
+        }
+      }
+    }
+
+    /* RHS is real */
+    else if( pRhs->flags & MEM_Real ){
+      serial_type = aKey1[idx1];
+      if( serial_type>=10 ){
+        /* Serial types 12 or greater are strings and blobs (greater than
+        ** numbers). Types 10 and 11 are currently "reserved for future 
+        ** use", so it doesn't really matter what the results of comparing
+        ** them to numberic values are.  */
+        rc = +1;
+      }else if( serial_type==0 ){
+        rc = -1;
+      }else{
+        sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
+        if( serial_type==7 ){
+          if( mem1.u.r<pRhs->u.r ){
+            rc = -1;
+          }else if( mem1.u.r>pRhs->u.r ){
+            rc = +1;
+          }
+        }else{
+          rc = sqlite3IntFloatCompare(mem1.u.i, pRhs->u.r);
+        }
+      }
+    }
+
+    /* RHS is a string */
+    else if( pRhs->flags & MEM_Str ){
+      getVarint32(&aKey1[idx1], serial_type);
+      testcase( serial_type==12 );
+      if( serial_type<12 ){
+        rc = -1;
+      }else if( !(serial_type & 0x01) ){
+        rc = +1;
+      }else{
+        mem1.n = (serial_type - 12) / 2;
+        testcase( (d1+mem1.n)==(unsigned)nKey1 );
+        testcase( (d1+mem1.n+1)==(unsigned)nKey1 );
+        if( (d1+mem1.n) > (unsigned)nKey1 ){
+          pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
+          return 0;                /* Corruption */
+        }else if( pKeyInfo->aColl[i] ){
+          mem1.enc = pKeyInfo->enc;
+          mem1.db = pKeyInfo->db;
+          mem1.flags = MEM_Str;
+          mem1.z = (char*)&aKey1[d1];
+          rc = vdbeCompareMemString(
+              &mem1, pRhs, pKeyInfo->aColl[i], &pPKey2->errCode
+          );
+        }else{
+          int nCmp = MIN(mem1.n, pRhs->n);
+          rc = memcmp(&aKey1[d1], pRhs->z, nCmp);
+          if( rc==0 ) rc = mem1.n - pRhs->n; 
+        }
+      }
+    }
+
+    /* RHS is a blob */
+    else if( pRhs->flags & MEM_Blob ){
+      getVarint32(&aKey1[idx1], serial_type);
+      testcase( serial_type==12 );
+      if( serial_type<12 || (serial_type & 0x01) ){
+        rc = -1;
+      }else{
+        int nStr = (serial_type - 12) / 2;
+        testcase( (d1+nStr)==(unsigned)nKey1 );
+        testcase( (d1+nStr+1)==(unsigned)nKey1 );
+        if( (d1+nStr) > (unsigned)nKey1 ){
+          pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
+          return 0;                /* Corruption */
+        }else{
+          int nCmp = MIN(nStr, pRhs->n);
+          rc = memcmp(&aKey1[d1], pRhs->z, nCmp);
+          if( rc==0 ) rc = nStr - pRhs->n;
+        }
+      }
+    }
+
+    /* RHS is null */
+    else{
+      serial_type = aKey1[idx1];
+      rc = (serial_type!=0);
+    }
+
+    if( rc!=0 ){
+      if( pKeyInfo->aSortOrder[i] ){
+        rc = -rc;
+      }
+      assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, rc) );
+      assert( mem1.szMalloc==0 );  /* See comment below */
+      return rc;
+    }
+
+    i++;
+    pRhs++;
+    d1 += sqlite3VdbeSerialTypeLen(serial_type);
+    idx1 += sqlite3VarintLen(serial_type);
+  }while( idx1<(unsigned)szHdr1 && i<pPKey2->nField && d1<=(unsigned)nKey1 );
+
+  /* No memory allocation is ever used on mem1.  Prove this using
+  ** the following assert().  If the assert() fails, it indicates a
+  ** memory leak and a need to call sqlite3VdbeMemRelease(&mem1).  */
+  assert( mem1.szMalloc==0 );
+
+  /* rc==0 here means that one or both of the keys ran out of fields and
+  ** all the fields up to that point were equal. Return the default_rc
+  ** value.  */
+  assert( CORRUPT_DB 
+       || vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, pPKey2->default_rc) 
+       || pKeyInfo->db->mallocFailed
+  );
+  pPKey2->eqSeen = 1;
+  return pPKey2->default_rc;
+}
+SQLITE_PRIVATE int sqlite3VdbeRecordCompare(
+  int nKey1, const void *pKey1,   /* Left key */
+  UnpackedRecord *pPKey2          /* Right key */
+){
+  return sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 0);
+}
+
+
+/*
+** This function is an optimized version of sqlite3VdbeRecordCompare() 
+** that (a) the first field of pPKey2 is an integer, and (b) the 
+** size-of-header varint at the start of (pKey1/nKey1) fits in a single
+** byte (i.e. is less than 128).
+**
+** To avoid concerns about buffer overreads, this routine is only used
+** on schemas where the maximum valid header size is 63 bytes or less.
+*/
+static int vdbeRecordCompareInt(
+  int nKey1, const void *pKey1, /* Left key */
+  UnpackedRecord *pPKey2        /* Right key */
+){
+  const u8 *aKey = &((const u8*)pKey1)[*(const u8*)pKey1 & 0x3F];
+  int serial_type = ((const u8*)pKey1)[1];
+  int res;
+  u32 y;
+  u64 x;
+  i64 v = pPKey2->aMem[0].u.i;
+  i64 lhs;
+
+  vdbeAssertFieldCountWithinLimits(nKey1, pKey1, pPKey2->pKeyInfo);
+  assert( (*(u8*)pKey1)<=0x3F || CORRUPT_DB );
+  switch( serial_type ){
+    case 1: { /* 1-byte signed integer */
+      lhs = ONE_BYTE_INT(aKey);
+      testcase( lhs<0 );
+      break;
+    }
+    case 2: { /* 2-byte signed integer */
+      lhs = TWO_BYTE_INT(aKey);
+      testcase( lhs<0 );
+      break;
+    }
+    case 3: { /* 3-byte signed integer */
+      lhs = THREE_BYTE_INT(aKey);
+      testcase( lhs<0 );
+      break;
+    }
+    case 4: { /* 4-byte signed integer */
+      y = FOUR_BYTE_UINT(aKey);
+      lhs = (i64)*(int*)&y;
+      testcase( lhs<0 );
+      break;
+    }
+    case 5: { /* 6-byte signed integer */
+      lhs = FOUR_BYTE_UINT(aKey+2) + (((i64)1)<<32)*TWO_BYTE_INT(aKey);
+      testcase( lhs<0 );
+      break;
+    }
+    case 6: { /* 8-byte signed integer */
+      x = FOUR_BYTE_UINT(aKey);
+      x = (x<<32) | FOUR_BYTE_UINT(aKey+4);
+      lhs = *(i64*)&x;
+      testcase( lhs<0 );
+      break;
+    }
+    case 8: 
+      lhs = 0;
+      break;
+    case 9:
+      lhs = 1;
+      break;
+
+    /* This case could be removed without changing the results of running
+    ** this code. Including it causes gcc to generate a faster switch 
+    ** statement (since the range of switch targets now starts at zero and
+    ** is contiguous) but does not cause any duplicate code to be generated
+    ** (as gcc is clever enough to combine the two like cases). Other 
+    ** compilers might be similar.  */ 
+    case 0: case 7:
+      return sqlite3VdbeRecordCompare(nKey1, pKey1, pPKey2);
+
+    default:
+      return sqlite3VdbeRecordCompare(nKey1, pKey1, pPKey2);
+  }
+
+  if( v>lhs ){
+    res = pPKey2->r1;
+  }else if( v<lhs ){
+    res = pPKey2->r2;
+  }else if( pPKey2->nField>1 ){
+    /* The first fields of the two keys are equal. Compare the trailing 
+    ** fields.  */
+    res = sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 1);
+  }else{
+    /* The first fields of the two keys are equal and there are no trailing
+    ** fields. Return pPKey2->default_rc in this case. */
+    res = pPKey2->default_rc;
+    pPKey2->eqSeen = 1;
+  }
+
+  assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, res) );
+  return res;
+}
+
+/*
+** This function is an optimized version of sqlite3VdbeRecordCompare() 
+** that (a) the first field of pPKey2 is a string, that (b) the first field
+** uses the collation sequence BINARY and (c) that the size-of-header varint 
+** at the start of (pKey1/nKey1) fits in a single byte.
+*/
+static int vdbeRecordCompareString(
+  int nKey1, const void *pKey1, /* Left key */
+  UnpackedRecord *pPKey2        /* Right key */
+){
+  const u8 *aKey1 = (const u8*)pKey1;
+  int serial_type;
+  int res;
+
+  assert( pPKey2->aMem[0].flags & MEM_Str );
+  vdbeAssertFieldCountWithinLimits(nKey1, pKey1, pPKey2->pKeyInfo);
+  getVarint32(&aKey1[1], serial_type);
+  if( serial_type<12 ){
+    res = pPKey2->r1;      /* (pKey1/nKey1) is a number or a null */
+  }else if( !(serial_type & 0x01) ){ 
+    res = pPKey2->r2;      /* (pKey1/nKey1) is a blob */
+  }else{
+    int nCmp;
+    int nStr;
+    int szHdr = aKey1[0];
+
+    nStr = (serial_type-12) / 2;
+    if( (szHdr + nStr) > nKey1 ){
+      pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
+      return 0;    /* Corruption */
+    }
+    nCmp = MIN( pPKey2->aMem[0].n, nStr );
+    res = memcmp(&aKey1[szHdr], pPKey2->aMem[0].z, nCmp);
+
+    if( res==0 ){
+      res = nStr - pPKey2->aMem[0].n;
+      if( res==0 ){
+        if( pPKey2->nField>1 ){
+          res = sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 1);
+        }else{
+          res = pPKey2->default_rc;
+          pPKey2->eqSeen = 1;
+        }
+      }else if( res>0 ){
+        res = pPKey2->r2;
+      }else{
+        res = pPKey2->r1;
+      }
+    }else if( res>0 ){
+      res = pPKey2->r2;
+    }else{
+      res = pPKey2->r1;
+    }
+  }
+
+  assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, res)
+       || CORRUPT_DB
+       || pPKey2->pKeyInfo->db->mallocFailed
+  );
+  return res;
+}
+
+/*
+** Return a pointer to an sqlite3VdbeRecordCompare() compatible function
+** suitable for comparing serialized records to the unpacked record passed
+** as the only argument.
+*/
+SQLITE_PRIVATE RecordCompare sqlite3VdbeFindCompare(UnpackedRecord *p){
+  /* varintRecordCompareInt() and varintRecordCompareString() both assume
+  ** that the size-of-header varint that occurs at the start of each record
+  ** fits in a single byte (i.e. is 127 or less). varintRecordCompareInt()
+  ** also assumes that it is safe to overread a buffer by at least the 
+  ** maximum possible legal header size plus 8 bytes. Because there is
+  ** guaranteed to be at least 74 (but not 136) bytes of padding following each
+  ** buffer passed to varintRecordCompareInt() this makes it convenient to
+  ** limit the size of the header to 64 bytes in cases where the first field
+  ** is an integer.
+  **
+  ** The easiest way to enforce this limit is to consider only records with
+  ** 13 fields or less. If the first field is an integer, the maximum legal
+  ** header size is (12*5 + 1 + 1) bytes.  */
+  if( (p->pKeyInfo->nField + p->pKeyInfo->nXField)<=13 ){
+    int flags = p->aMem[0].flags;
+    if( p->pKeyInfo->aSortOrder[0] ){
+      p->r1 = 1;
+      p->r2 = -1;
+    }else{
+      p->r1 = -1;
+      p->r2 = 1;
+    }
+    if( (flags & MEM_Int) ){
+      return vdbeRecordCompareInt;
+    }
+    testcase( flags & MEM_Real );
+    testcase( flags & MEM_Null );
+    testcase( flags & MEM_Blob );
+    if( (flags & (MEM_Real|MEM_Null|MEM_Blob))==0 && p->pKeyInfo->aColl[0]==0 ){
+      assert( flags & MEM_Str );
+      return vdbeRecordCompareString;
+    }
+  }
+
+  return sqlite3VdbeRecordCompare;
+}
+
+/*
+** pCur points at an index entry created using the OP_MakeRecord opcode.
+** Read the rowid (the last field in the record) and store it in *rowid.
+** Return SQLITE_OK if everything works, or an error code otherwise.
+**
+** pCur might be pointing to text obtained from a corrupt database file.
+** So the content cannot be trusted.  Do appropriate checks on the content.
+*/
+SQLITE_PRIVATE int sqlite3VdbeIdxRowid(sqlite3 *db, BtCursor *pCur, i64 *rowid){
+  i64 nCellKey = 0;
+  int rc;
+  u32 szHdr;        /* Size of the header */
+  u32 typeRowid;    /* Serial type of the rowid */
+  u32 lenRowid;     /* Size of the rowid */
+  Mem m, v;
+
+  /* Get the size of the index entry.  Only indices entries of less
+  ** than 2GiB are support - anything large must be database corruption.
+  ** Any corruption is detected in sqlite3BtreeParseCellPtr(), though, so
+  ** this code can safely assume that nCellKey is 32-bits  
+  */
+  assert( sqlite3BtreeCursorIsValid(pCur) );
+  VVA_ONLY(rc =) sqlite3BtreeKeySize(pCur, &nCellKey);
+  assert( rc==SQLITE_OK );     /* pCur is always valid so KeySize cannot fail */
+  assert( (nCellKey & SQLITE_MAX_U32)==(u64)nCellKey );
+
+  /* Read in the complete content of the index entry */
+  sqlite3VdbeMemInit(&m, db, 0);
+  rc = sqlite3VdbeMemFromBtree(pCur, 0, (u32)nCellKey, 1, &m);
+  if( rc ){
+    return rc;
+  }
+
+  /* The index entry must begin with a header size */
+  (void)getVarint32((u8*)m.z, szHdr);
+  testcase( szHdr==3 );
+  testcase( szHdr==m.n );
+  if( unlikely(szHdr<3 || (int)szHdr>m.n) ){
+    goto idx_rowid_corruption;
+  }
+
+  /* The last field of the index should be an integer - the ROWID.
+  ** Verify that the last entry really is an integer. */
+  (void)getVarint32((u8*)&m.z[szHdr-1], typeRowid);
+  testcase( typeRowid==1 );
+  testcase( typeRowid==2 );
+  testcase( typeRowid==3 );
+  testcase( typeRowid==4 );
+  testcase( typeRowid==5 );
+  testcase( typeRowid==6 );
+  testcase( typeRowid==8 );
+  testcase( typeRowid==9 );
+  if( unlikely(typeRowid<1 || typeRowid>9 || typeRowid==7) ){
+    goto idx_rowid_corruption;
+  }
+  lenRowid = sqlite3SmallTypeSizes[typeRowid];
+  testcase( (u32)m.n==szHdr+lenRowid );
+  if( unlikely((u32)m.n<szHdr+lenRowid) ){
+    goto idx_rowid_corruption;
+  }
+
+  /* Fetch the integer off the end of the index record */
+  sqlite3VdbeSerialGet((u8*)&m.z[m.n-lenRowid], typeRowid, &v);
+  *rowid = v.u.i;
+  sqlite3VdbeMemRelease(&m);
+  return SQLITE_OK;
+
+  /* Jump here if database corruption is detected after m has been
+  ** allocated.  Free the m object and return SQLITE_CORRUPT. */
+idx_rowid_corruption:
+  testcase( m.szMalloc!=0 );
+  sqlite3VdbeMemRelease(&m);
+  return SQLITE_CORRUPT_BKPT;
+}
+
+/*
+** Compare the key of the index entry that cursor pC is pointing to against
+** the key string in pUnpacked.  Write into *pRes a number
+** that is negative, zero, or positive if pC is less than, equal to,
+** or greater than pUnpacked.  Return SQLITE_OK on success.
+**
+** pUnpacked is either created without a rowid or is truncated so that it
+** omits the rowid at the end.  The rowid at the end of the index entry
+** is ignored as well.  Hence, this routine only compares the prefixes 
+** of the keys prior to the final rowid, not the entire key.
+*/
+SQLITE_PRIVATE int sqlite3VdbeIdxKeyCompare(
+  sqlite3 *db,                     /* Database connection */
+  VdbeCursor *pC,                  /* The cursor to compare against */
+  UnpackedRecord *pUnpacked,       /* Unpacked version of key */
+  int *res                         /* Write the comparison result here */
+){
+  i64 nCellKey = 0;
+  int rc;
+  BtCursor *pCur;
+  Mem m;
+
+  assert( pC->eCurType==CURTYPE_BTREE );
+  pCur = pC->uc.pCursor;
+  assert( sqlite3BtreeCursorIsValid(pCur) );
+  VVA_ONLY(rc =) sqlite3BtreeKeySize(pCur, &nCellKey);
+  assert( rc==SQLITE_OK );    /* pCur is always valid so KeySize cannot fail */
+  /* nCellKey will always be between 0 and 0xffffffff because of the way
+  ** that btreeParseCellPtr() and sqlite3GetVarint32() are implemented */
+  if( nCellKey<=0 || nCellKey>0x7fffffff ){
+    *res = 0;
+    return SQLITE_CORRUPT_BKPT;
+  }
+  sqlite3VdbeMemInit(&m, db, 0);
+  rc = sqlite3VdbeMemFromBtree(pCur, 0, (u32)nCellKey, 1, &m);
+  if( rc ){
+    return rc;
+  }
+  *res = sqlite3VdbeRecordCompare(m.n, m.z, pUnpacked);
+  sqlite3VdbeMemRelease(&m);
+  return SQLITE_OK;
+}
+
+/*
+** This routine sets the value to be returned by subsequent calls to
+** sqlite3_changes() on the database handle 'db'. 
+*/
+SQLITE_PRIVATE void sqlite3VdbeSetChanges(sqlite3 *db, int nChange){
+  assert( sqlite3_mutex_held(db->mutex) );
+  db->nChange = nChange;
+  db->nTotalChange += nChange;
+}
+
+/*
+** Set a flag in the vdbe to update the change counter when it is finalised
+** or reset.
+*/
+SQLITE_PRIVATE void sqlite3VdbeCountChanges(Vdbe *v){
+  v->changeCntOn = 1;
+}
+
+/*
+** Mark every prepared statement associated with a database connection
+** as expired.
+**
+** An expired statement means that recompilation of the statement is
+** recommend.  Statements expire when things happen that make their
+** programs obsolete.  Removing user-defined functions or collating
+** sequences, or changing an authorization function are the types of
+** things that make prepared statements obsolete.
+*/
+SQLITE_PRIVATE void sqlite3ExpirePreparedStatements(sqlite3 *db){
+  Vdbe *p;
+  for(p = db->pVdbe; p; p=p->pNext){
+    p->expired = 1;
+  }
+}
+
+/*
+** Return the database associated with the Vdbe.
+*/
+SQLITE_PRIVATE sqlite3 *sqlite3VdbeDb(Vdbe *v){
+  return v->db;
+}
+
+/*
+** Return a pointer to an sqlite3_value structure containing the value bound
+** parameter iVar of VM v. Except, if the value is an SQL NULL, return 
+** 0 instead. Unless it is NULL, apply affinity aff (one of the SQLITE_AFF_*
+** constants) to the value before returning it.
+**
+** The returned value must be freed by the caller using sqlite3ValueFree().
+*/
+SQLITE_PRIVATE sqlite3_value *sqlite3VdbeGetBoundValue(Vdbe *v, int iVar, u8 aff){
+  assert( iVar>0 );
+  if( v ){
+    Mem *pMem = &v->aVar[iVar-1];
+    if( 0==(pMem->flags & MEM_Null) ){
+      sqlite3_value *pRet = sqlite3ValueNew(v->db);
+      if( pRet ){
+        sqlite3VdbeMemCopy((Mem *)pRet, pMem);
+        sqlite3ValueApplyAffinity(pRet, aff, SQLITE_UTF8);
+      }
+      return pRet;
+    }
+  }
+  return 0;
+}
+
+/*
+** Configure SQL variable iVar so that binding a new value to it signals
+** to sqlite3_reoptimize() that re-preparing the statement may result
+** in a better query plan.
+*/
+SQLITE_PRIVATE void sqlite3VdbeSetVarmask(Vdbe *v, int iVar){
+  assert( iVar>0 );
+  if( iVar>32 ){
+    v->expmask = 0xffffffff;
+  }else{
+    v->expmask |= ((u32)1 << (iVar-1));
+  }
+}
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/*
+** Transfer error message text from an sqlite3_vtab.zErrMsg (text stored
+** in memory obtained from sqlite3_malloc) into a Vdbe.zErrMsg (text stored
+** in memory obtained from sqlite3DbMalloc).
+*/
+SQLITE_PRIVATE void sqlite3VtabImportErrmsg(Vdbe *p, sqlite3_vtab *pVtab){
+  sqlite3 *db = p->db;
+  sqlite3DbFree(db, p->zErrMsg);
+  p->zErrMsg = sqlite3DbStrDup(db, pVtab->zErrMsg);
+  sqlite3_free(pVtab->zErrMsg);
+  pVtab->zErrMsg = 0;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/************** End of vdbeaux.c *********************************************/
+/************** Begin file vdbeapi.c *****************************************/
+/*
+** 2004 May 26
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains code use to implement APIs that are part of the
+** VDBE.
+*/
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+#ifndef SQLITE_OMIT_DEPRECATED
+/*
+** Return TRUE (non-zero) of the statement supplied as an argument needs
+** to be recompiled.  A statement needs to be recompiled whenever the
+** execution environment changes in a way that would alter the program
+** that sqlite3_prepare() generates.  For example, if new functions or
+** collating sequences are registered or if an authorizer function is
+** added or changed.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_expired(sqlite3_stmt *pStmt){
+  Vdbe *p = (Vdbe*)pStmt;
+  return p==0 || p->expired;
+}
+#endif
+
+/*
+** Check on a Vdbe to make sure it has not been finalized.  Log
+** an error and return true if it has been finalized (or is otherwise
+** invalid).  Return false if it is ok.
+*/
+static int vdbeSafety(Vdbe *p){
+  if( p->db==0 ){
+    sqlite3_log(SQLITE_MISUSE, "API called with finalized prepared statement");
+    return 1;
+  }else{
+    return 0;
+  }
+}
+static int vdbeSafetyNotNull(Vdbe *p){
+  if( p==0 ){
+    sqlite3_log(SQLITE_MISUSE, "API called with NULL prepared statement");
+    return 1;
+  }else{
+    return vdbeSafety(p);
+  }
+}
+
+#ifndef SQLITE_OMIT_TRACE
+/*
+** Invoke the profile callback.  This routine is only called if we already
+** know that the profile callback is defined and needs to be invoked.
+*/
+static SQLITE_NOINLINE void invokeProfileCallback(sqlite3 *db, Vdbe *p){
+  sqlite3_int64 iNow;
+  assert( p->startTime>0 );
+  assert( db->xProfile!=0 );
+  assert( db->init.busy==0 );
+  assert( p->zSql!=0 );
+  sqlite3OsCurrentTimeInt64(db->pVfs, &iNow);
+  db->xProfile(db->pProfileArg, p->zSql, (iNow - p->startTime)*1000000);
+  p->startTime = 0;
+}
+/*
+** The checkProfileCallback(DB,P) macro checks to see if a profile callback
+** is needed, and it invokes the callback if it is needed.
+*/
+# define checkProfileCallback(DB,P) \
+   if( ((P)->startTime)>0 ){ invokeProfileCallback(DB,P); }
+#else
+# define checkProfileCallback(DB,P)  /*no-op*/
+#endif
+
+/*
+** The following routine destroys a virtual machine that is created by
+** the sqlite3_compile() routine. The integer returned is an SQLITE_
+** success/failure code that describes the result of executing the virtual
+** machine.
+**
+** This routine sets the error code and string returned by
+** sqlite3_errcode(), sqlite3_errmsg() and sqlite3_errmsg16().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_finalize(sqlite3_stmt *pStmt){
+  int rc;
+  if( pStmt==0 ){
+    /* IMPLEMENTATION-OF: R-57228-12904 Invoking sqlite3_finalize() on a NULL
+    ** pointer is a harmless no-op. */
+    rc = SQLITE_OK;
+  }else{
+    Vdbe *v = (Vdbe*)pStmt;
+    sqlite3 *db = v->db;
+    if( vdbeSafety(v) ) return SQLITE_MISUSE_BKPT;
+    sqlite3_mutex_enter(db->mutex);
+    checkProfileCallback(db, v);
+    rc = sqlite3VdbeFinalize(v);
+    rc = sqlite3ApiExit(db, rc);
+    sqlite3LeaveMutexAndCloseZombie(db);
+  }
+  return rc;
+}
+
+/*
+** Terminate the current execution of an SQL statement and reset it
+** back to its starting state so that it can be reused. A success code from
+** the prior execution is returned.
+**
+** This routine sets the error code and string returned by
+** sqlite3_errcode(), sqlite3_errmsg() and sqlite3_errmsg16().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_reset(sqlite3_stmt *pStmt){
+  int rc;
+  if( pStmt==0 ){
+    rc = SQLITE_OK;
+  }else{
+    Vdbe *v = (Vdbe*)pStmt;
+    sqlite3 *db = v->db;
+    sqlite3_mutex_enter(db->mutex);
+    checkProfileCallback(db, v);
+    rc = sqlite3VdbeReset(v);
+    sqlite3VdbeRewind(v);
+    assert( (rc & (db->errMask))==rc );
+    rc = sqlite3ApiExit(db, rc);
+    sqlite3_mutex_leave(db->mutex);
+  }
+  return rc;
+}
+
+/*
+** Set all the parameters in the compiled SQL statement to NULL.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_clear_bindings(sqlite3_stmt *pStmt){
+  int i;
+  int rc = SQLITE_OK;
+  Vdbe *p = (Vdbe*)pStmt;
+#if SQLITE_THREADSAFE
+  sqlite3_mutex *mutex = ((Vdbe*)pStmt)->db->mutex;
+#endif
+  sqlite3_mutex_enter(mutex);
+  for(i=0; i<p->nVar; i++){
+    sqlite3VdbeMemRelease(&p->aVar[i]);
+    p->aVar[i].flags = MEM_Null;
+  }
+  if( p->isPrepareV2 && p->expmask ){
+    p->expired = 1;
+  }
+  sqlite3_mutex_leave(mutex);
+  return rc;
+}
+
+
+/**************************** sqlite3_value_  *******************************
+** The following routines extract information from a Mem or sqlite3_value
+** structure.
+*/
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_blob(sqlite3_value *pVal){
+  Mem *p = (Mem*)pVal;
+  if( p->flags & (MEM_Blob|MEM_Str) ){
+    if( sqlite3VdbeMemExpandBlob(p)!=SQLITE_OK ){
+      assert( p->flags==MEM_Null && p->z==0 );
+      return 0;
+    }
+    p->flags |= MEM_Blob;
+    return p->n ? p->z : 0;
+  }else{
+    return sqlite3_value_text(pVal);
+  }
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_value_bytes(sqlite3_value *pVal){
+  return sqlite3ValueBytes(pVal, SQLITE_UTF8);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_value_bytes16(sqlite3_value *pVal){
+  return sqlite3ValueBytes(pVal, SQLITE_UTF16NATIVE);
+}
+SQLITE_API double SQLITE_STDCALL sqlite3_value_double(sqlite3_value *pVal){
+  return sqlite3VdbeRealValue((Mem*)pVal);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_value_int(sqlite3_value *pVal){
+  return (int)sqlite3VdbeIntValue((Mem*)pVal);
+}
+SQLITE_API sqlite_int64 SQLITE_STDCALL sqlite3_value_int64(sqlite3_value *pVal){
+  return sqlite3VdbeIntValue((Mem*)pVal);
+}
+SQLITE_API unsigned int SQLITE_STDCALL sqlite3_value_subtype(sqlite3_value *pVal){
+  return ((Mem*)pVal)->eSubtype;
+}
+SQLITE_API const unsigned char *SQLITE_STDCALL sqlite3_value_text(sqlite3_value *pVal){
+  return (const unsigned char *)sqlite3ValueText(pVal, SQLITE_UTF8);
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16(sqlite3_value* pVal){
+  return sqlite3ValueText(pVal, SQLITE_UTF16NATIVE);
+}
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16be(sqlite3_value *pVal){
+  return sqlite3ValueText(pVal, SQLITE_UTF16BE);
+}
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16le(sqlite3_value *pVal){
+  return sqlite3ValueText(pVal, SQLITE_UTF16LE);
+}
+#endif /* SQLITE_OMIT_UTF16 */
+/* EVIDENCE-OF: R-12793-43283 Every value in SQLite has one of five
+** fundamental datatypes: 64-bit signed integer 64-bit IEEE floating
+** point number string BLOB NULL
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_value_type(sqlite3_value* pVal){
+  static const u8 aType[] = {
+     SQLITE_BLOB,     /* 0x00 */
+     SQLITE_NULL,     /* 0x01 */
+     SQLITE_TEXT,     /* 0x02 */
+     SQLITE_NULL,     /* 0x03 */
+     SQLITE_INTEGER,  /* 0x04 */
+     SQLITE_NULL,     /* 0x05 */
+     SQLITE_INTEGER,  /* 0x06 */
+     SQLITE_NULL,     /* 0x07 */
+     SQLITE_FLOAT,    /* 0x08 */
+     SQLITE_NULL,     /* 0x09 */
+     SQLITE_FLOAT,    /* 0x0a */
+     SQLITE_NULL,     /* 0x0b */
+     SQLITE_INTEGER,  /* 0x0c */
+     SQLITE_NULL,     /* 0x0d */
+     SQLITE_INTEGER,  /* 0x0e */
+     SQLITE_NULL,     /* 0x0f */
+     SQLITE_BLOB,     /* 0x10 */
+     SQLITE_NULL,     /* 0x11 */
+     SQLITE_TEXT,     /* 0x12 */
+     SQLITE_NULL,     /* 0x13 */
+     SQLITE_INTEGER,  /* 0x14 */
+     SQLITE_NULL,     /* 0x15 */
+     SQLITE_INTEGER,  /* 0x16 */
+     SQLITE_NULL,     /* 0x17 */
+     SQLITE_FLOAT,    /* 0x18 */
+     SQLITE_NULL,     /* 0x19 */
+     SQLITE_FLOAT,    /* 0x1a */
+     SQLITE_NULL,     /* 0x1b */
+     SQLITE_INTEGER,  /* 0x1c */
+     SQLITE_NULL,     /* 0x1d */
+     SQLITE_INTEGER,  /* 0x1e */
+     SQLITE_NULL,     /* 0x1f */
+  };
+  return aType[pVal->flags&MEM_AffMask];
+}
+
+/* Make a copy of an sqlite3_value object
+*/
+SQLITE_API sqlite3_value *SQLITE_STDCALL sqlite3_value_dup(const sqlite3_value *pOrig){
+  sqlite3_value *pNew;
+  if( pOrig==0 ) return 0;
+  pNew = sqlite3_malloc( sizeof(*pNew) );
+  if( pNew==0 ) return 0;
+  memset(pNew, 0, sizeof(*pNew));
+  memcpy(pNew, pOrig, MEMCELLSIZE);
+  pNew->flags &= ~MEM_Dyn;
+  pNew->db = 0;
+  if( pNew->flags&(MEM_Str|MEM_Blob) ){
+    pNew->flags &= ~(MEM_Static|MEM_Dyn);
+    pNew->flags |= MEM_Ephem;
+    if( sqlite3VdbeMemMakeWriteable(pNew)!=SQLITE_OK ){
+      sqlite3ValueFree(pNew);
+      pNew = 0;
+    }
+  }
+  return pNew;
+}
+
+/* Destroy an sqlite3_value object previously obtained from
+** sqlite3_value_dup().
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_value_free(sqlite3_value *pOld){
+  sqlite3ValueFree(pOld);
+}
+  
+
+/**************************** sqlite3_result_  *******************************
+** The following routines are used by user-defined functions to specify
+** the function result.
+**
+** The setStrOrError() function calls sqlite3VdbeMemSetStr() to store the
+** result as a string or blob but if the string or blob is too large, it
+** then sets the error code to SQLITE_TOOBIG
+**
+** The invokeValueDestructor(P,X) routine invokes destructor function X()
+** on value P is not going to be used and need to be destroyed.
+*/
+static void setResultStrOrError(
+  sqlite3_context *pCtx,  /* Function context */
+  const char *z,          /* String pointer */
+  int n,                  /* Bytes in string, or negative */
+  u8 enc,                 /* Encoding of z.  0 for BLOBs */
+  void (*xDel)(void*)     /* Destructor function */
+){
+  if( sqlite3VdbeMemSetStr(pCtx->pOut, z, n, enc, xDel)==SQLITE_TOOBIG ){
+    sqlite3_result_error_toobig(pCtx);
+  }
+}
+static int invokeValueDestructor(
+  const void *p,             /* Value to destroy */
+  void (*xDel)(void*),       /* The destructor */
+  sqlite3_context *pCtx      /* Set a SQLITE_TOOBIG error if no NULL */
+){
+  assert( xDel!=SQLITE_DYNAMIC );
+  if( xDel==0 ){
+    /* noop */
+  }else if( xDel==SQLITE_TRANSIENT ){
+    /* noop */
+  }else{
+    xDel((void*)p);
+  }
+  if( pCtx ) sqlite3_result_error_toobig(pCtx);
+  return SQLITE_TOOBIG;
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_blob(
+  sqlite3_context *pCtx, 
+  const void *z, 
+  int n, 
+  void (*xDel)(void *)
+){
+  assert( n>=0 );
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  setResultStrOrError(pCtx, z, n, 0, xDel);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_blob64(
+  sqlite3_context *pCtx, 
+  const void *z, 
+  sqlite3_uint64 n,
+  void (*xDel)(void *)
+){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  assert( xDel!=SQLITE_DYNAMIC );
+  if( n>0x7fffffff ){
+    (void)invokeValueDestructor(z, xDel, pCtx);
+  }else{
+    setResultStrOrError(pCtx, z, (int)n, 0, xDel);
+  }
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_double(sqlite3_context *pCtx, double rVal){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  sqlite3VdbeMemSetDouble(pCtx->pOut, rVal);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error(sqlite3_context *pCtx, const char *z, int n){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  pCtx->isError = SQLITE_ERROR;
+  pCtx->fErrorOrAux = 1;
+  sqlite3VdbeMemSetStr(pCtx->pOut, z, n, SQLITE_UTF8, SQLITE_TRANSIENT);
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error16(sqlite3_context *pCtx, const void *z, int n){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  pCtx->isError = SQLITE_ERROR;
+  pCtx->fErrorOrAux = 1;
+  sqlite3VdbeMemSetStr(pCtx->pOut, z, n, SQLITE_UTF16NATIVE, SQLITE_TRANSIENT);
+}
+#endif
+SQLITE_API void SQLITE_STDCALL sqlite3_result_int(sqlite3_context *pCtx, int iVal){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  sqlite3VdbeMemSetInt64(pCtx->pOut, (i64)iVal);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_int64(sqlite3_context *pCtx, i64 iVal){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  sqlite3VdbeMemSetInt64(pCtx->pOut, iVal);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_null(sqlite3_context *pCtx){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  sqlite3VdbeMemSetNull(pCtx->pOut);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_subtype(sqlite3_context *pCtx, unsigned int eSubtype){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  pCtx->pOut->eSubtype = eSubtype & 0xff;
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text(
+  sqlite3_context *pCtx, 
+  const char *z, 
+  int n,
+  void (*xDel)(void *)
+){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  setResultStrOrError(pCtx, z, n, SQLITE_UTF8, xDel);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text64(
+  sqlite3_context *pCtx, 
+  const char *z, 
+  sqlite3_uint64 n,
+  void (*xDel)(void *),
+  unsigned char enc
+){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  assert( xDel!=SQLITE_DYNAMIC );
+  if( enc==SQLITE_UTF16 ) enc = SQLITE_UTF16NATIVE;
+  if( n>0x7fffffff ){
+    (void)invokeValueDestructor(z, xDel, pCtx);
+  }else{
+    setResultStrOrError(pCtx, z, (int)n, enc, xDel);
+  }
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16(
+  sqlite3_context *pCtx, 
+  const void *z, 
+  int n, 
+  void (*xDel)(void *)
+){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  setResultStrOrError(pCtx, z, n, SQLITE_UTF16NATIVE, xDel);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16be(
+  sqlite3_context *pCtx, 
+  const void *z, 
+  int n, 
+  void (*xDel)(void *)
+){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  setResultStrOrError(pCtx, z, n, SQLITE_UTF16BE, xDel);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16le(
+  sqlite3_context *pCtx, 
+  const void *z, 
+  int n, 
+  void (*xDel)(void *)
+){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  setResultStrOrError(pCtx, z, n, SQLITE_UTF16LE, xDel);
+}
+#endif /* SQLITE_OMIT_UTF16 */
+SQLITE_API void SQLITE_STDCALL sqlite3_result_value(sqlite3_context *pCtx, sqlite3_value *pValue){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  sqlite3VdbeMemCopy(pCtx->pOut, pValue);
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_zeroblob(sqlite3_context *pCtx, int n){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  sqlite3VdbeMemSetZeroBlob(pCtx->pOut, n);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_result_zeroblob64(sqlite3_context *pCtx, u64 n){
+  Mem *pOut = pCtx->pOut;
+  assert( sqlite3_mutex_held(pOut->db->mutex) );
+  if( n>(u64)pOut->db->aLimit[SQLITE_LIMIT_LENGTH] ){
+    return SQLITE_TOOBIG;
+  }
+  sqlite3VdbeMemSetZeroBlob(pCtx->pOut, (int)n);
+  return SQLITE_OK;
+}
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_code(sqlite3_context *pCtx, int errCode){
+  pCtx->isError = errCode;
+  pCtx->fErrorOrAux = 1;
+#ifdef SQLITE_DEBUG
+  if( pCtx->pVdbe ) pCtx->pVdbe->rcApp = errCode;
+#endif
+  if( pCtx->pOut->flags & MEM_Null ){
+    sqlite3VdbeMemSetStr(pCtx->pOut, sqlite3ErrStr(errCode), -1, 
+                         SQLITE_UTF8, SQLITE_STATIC);
+  }
+}
+
+/* Force an SQLITE_TOOBIG error. */
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_toobig(sqlite3_context *pCtx){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  pCtx->isError = SQLITE_TOOBIG;
+  pCtx->fErrorOrAux = 1;
+  sqlite3VdbeMemSetStr(pCtx->pOut, "string or blob too big", -1, 
+                       SQLITE_UTF8, SQLITE_STATIC);
+}
+
+/* An SQLITE_NOMEM error. */
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_nomem(sqlite3_context *pCtx){
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  sqlite3VdbeMemSetNull(pCtx->pOut);
+  pCtx->isError = SQLITE_NOMEM;
+  pCtx->fErrorOrAux = 1;
+  pCtx->pOut->db->mallocFailed = 1;
+}
+
+/*
+** This function is called after a transaction has been committed. It 
+** invokes callbacks registered with sqlite3_wal_hook() as required.
+*/
+static int doWalCallbacks(sqlite3 *db){
+  int rc = SQLITE_OK;
+#ifndef SQLITE_OMIT_WAL
+  int i;
+  for(i=0; i<db->nDb; i++){
+    Btree *pBt = db->aDb[i].pBt;
+    if( pBt ){
+      int nEntry;
+      sqlite3BtreeEnter(pBt);
+      nEntry = sqlite3PagerWalCallback(sqlite3BtreePager(pBt));
+      sqlite3BtreeLeave(pBt);
+      if( db->xWalCallback && nEntry>0 && rc==SQLITE_OK ){
+        rc = db->xWalCallback(db->pWalArg, db, db->aDb[i].zName, nEntry);
+      }
+    }
+  }
+#endif
+  return rc;
+}
+
+
+/*
+** Execute the statement pStmt, either until a row of data is ready, the
+** statement is completely executed or an error occurs.
+**
+** This routine implements the bulk of the logic behind the sqlite_step()
+** API.  The only thing omitted is the automatic recompile if a 
+** schema change has occurred.  That detail is handled by the
+** outer sqlite3_step() wrapper procedure.
+*/
+static int sqlite3Step(Vdbe *p){
+  sqlite3 *db;
+  int rc;
+
+  assert(p);
+  if( p->magic!=VDBE_MAGIC_RUN ){
+    /* We used to require that sqlite3_reset() be called before retrying
+    ** sqlite3_step() after any error or after SQLITE_DONE.  But beginning
+    ** with version 3.7.0, we changed this so that sqlite3_reset() would
+    ** be called automatically instead of throwing the SQLITE_MISUSE error.
+    ** This "automatic-reset" change is not technically an incompatibility, 
+    ** since any application that receives an SQLITE_MISUSE is broken by
+    ** definition.
+    **
+    ** Nevertheless, some published applications that were originally written
+    ** for version 3.6.23 or earlier do in fact depend on SQLITE_MISUSE 
+    ** returns, and those were broken by the automatic-reset change.  As a
+    ** a work-around, the SQLITE_OMIT_AUTORESET compile-time restores the
+    ** legacy behavior of returning SQLITE_MISUSE for cases where the 
+    ** previous sqlite3_step() returned something other than a SQLITE_LOCKED
+    ** or SQLITE_BUSY error.
+    */
+#ifdef SQLITE_OMIT_AUTORESET
+    if( (rc = p->rc&0xff)==SQLITE_BUSY || rc==SQLITE_LOCKED ){
+      sqlite3_reset((sqlite3_stmt*)p);
+    }else{
+      return SQLITE_MISUSE_BKPT;
+    }
+#else
+    sqlite3_reset((sqlite3_stmt*)p);
+#endif
+  }
+
+  /* Check that malloc() has not failed. If it has, return early. */
+  db = p->db;
+  if( db->mallocFailed ){
+    p->rc = SQLITE_NOMEM;
+    return SQLITE_NOMEM;
+  }
+
+  if( p->pc<=0 && p->expired ){
+    p->rc = SQLITE_SCHEMA;
+    rc = SQLITE_ERROR;
+    goto end_of_step;
+  }
+  if( p->pc<0 ){
+    /* If there are no other statements currently running, then
+    ** reset the interrupt flag.  This prevents a call to sqlite3_interrupt
+    ** from interrupting a statement that has not yet started.
+    */
+    if( db->nVdbeActive==0 ){
+      db->u1.isInterrupted = 0;
+    }
+
+    assert( db->nVdbeWrite>0 || db->autoCommit==0 
+        || (db->nDeferredCons==0 && db->nDeferredImmCons==0)
+    );
+
+#ifndef SQLITE_OMIT_TRACE
+    if( db->xProfile && !db->init.busy && p->zSql ){
+      sqlite3OsCurrentTimeInt64(db->pVfs, &p->startTime);
+    }else{
+      assert( p->startTime==0 );
+    }
+#endif
+
+    db->nVdbeActive++;
+    if( p->readOnly==0 ) db->nVdbeWrite++;
+    if( p->bIsReader ) db->nVdbeRead++;
+    p->pc = 0;
+  }
+#ifdef SQLITE_DEBUG
+  p->rcApp = SQLITE_OK;
+#endif
+#ifndef SQLITE_OMIT_EXPLAIN
+  if( p->explain ){
+    rc = sqlite3VdbeList(p);
+  }else
+#endif /* SQLITE_OMIT_EXPLAIN */
+  {
+    db->nVdbeExec++;
+    rc = sqlite3VdbeExec(p);
+    db->nVdbeExec--;
+  }
+
+#ifndef SQLITE_OMIT_TRACE
+  /* If the statement completed successfully, invoke the profile callback */
+  if( rc!=SQLITE_ROW ) checkProfileCallback(db, p);
+#endif
+
+  if( rc==SQLITE_DONE ){
+    assert( p->rc==SQLITE_OK );
+    p->rc = doWalCallbacks(db);
+    if( p->rc!=SQLITE_OK ){
+      rc = SQLITE_ERROR;
+    }
+  }
+
+  db->errCode = rc;
+  if( SQLITE_NOMEM==sqlite3ApiExit(p->db, p->rc) ){
+    p->rc = SQLITE_NOMEM;
+  }
+end_of_step:
+  /* At this point local variable rc holds the value that should be 
+  ** returned if this statement was compiled using the legacy 
+  ** sqlite3_prepare() interface. According to the docs, this can only
+  ** be one of the values in the first assert() below. Variable p->rc 
+  ** contains the value that would be returned if sqlite3_finalize() 
+  ** were called on statement p.
+  */
+  assert( rc==SQLITE_ROW  || rc==SQLITE_DONE   || rc==SQLITE_ERROR 
+       || (rc&0xff)==SQLITE_BUSY || rc==SQLITE_MISUSE
+  );
+  assert( (p->rc!=SQLITE_ROW && p->rc!=SQLITE_DONE) || p->rc==p->rcApp );
+  if( p->isPrepareV2 && rc!=SQLITE_ROW && rc!=SQLITE_DONE ){
+    /* If this statement was prepared using sqlite3_prepare_v2(), and an
+    ** error has occurred, then return the error code in p->rc to the
+    ** caller. Set the error code in the database handle to the same value.
+    */ 
+    rc = sqlite3VdbeTransferError(p);
+  }
+  return (rc&db->errMask);
+}
+
+/*
+** This is the top-level implementation of sqlite3_step().  Call
+** sqlite3Step() to do most of the work.  If a schema error occurs,
+** call sqlite3Reprepare() and try again.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_step(sqlite3_stmt *pStmt){
+  int rc = SQLITE_OK;      /* Result from sqlite3Step() */
+  int rc2 = SQLITE_OK;     /* Result from sqlite3Reprepare() */
+  Vdbe *v = (Vdbe*)pStmt;  /* the prepared statement */
+  int cnt = 0;             /* Counter to prevent infinite loop of reprepares */
+  sqlite3 *db;             /* The database connection */
+
+  if( vdbeSafetyNotNull(v) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+  db = v->db;
+  sqlite3_mutex_enter(db->mutex);
+  v->doingRerun = 0;
+  while( (rc = sqlite3Step(v))==SQLITE_SCHEMA
+         && cnt++ < SQLITE_MAX_SCHEMA_RETRY ){
+    int savedPc = v->pc;
+    rc2 = rc = sqlite3Reprepare(v);
+    if( rc!=SQLITE_OK) break;
+    sqlite3_reset(pStmt);
+    if( savedPc>=0 ) v->doingRerun = 1;
+    assert( v->expired==0 );
+  }
+  if( rc2!=SQLITE_OK ){
+    /* This case occurs after failing to recompile an sql statement. 
+    ** The error message from the SQL compiler has already been loaded 
+    ** into the database handle. This block copies the error message 
+    ** from the database handle into the statement and sets the statement
+    ** program counter to 0 to ensure that when the statement is 
+    ** finalized or reset the parser error message is available via
+    ** sqlite3_errmsg() and sqlite3_errcode().
+    */
+    const char *zErr = (const char *)sqlite3_value_text(db->pErr); 
+    sqlite3DbFree(db, v->zErrMsg);
+    if( !db->mallocFailed ){
+      v->zErrMsg = sqlite3DbStrDup(db, zErr);
+      v->rc = rc2;
+    } else {
+      v->zErrMsg = 0;
+      v->rc = rc = SQLITE_NOMEM;
+    }
+  }
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+
+/*
+** Extract the user data from a sqlite3_context structure and return a
+** pointer to it.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_user_data(sqlite3_context *p){
+  assert( p && p->pFunc );
+  return p->pFunc->pUserData;
+}
+
+/*
+** Extract the user data from a sqlite3_context structure and return a
+** pointer to it.
+**
+** IMPLEMENTATION-OF: R-46798-50301 The sqlite3_context_db_handle() interface
+** returns a copy of the pointer to the database connection (the 1st
+** parameter) of the sqlite3_create_function() and
+** sqlite3_create_function16() routines that originally registered the
+** application defined function.
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3_context_db_handle(sqlite3_context *p){
+  assert( p && p->pOut );
+  return p->pOut->db;
+}
+
+/*
+** Return the current time for a statement.  If the current time
+** is requested more than once within the same run of a single prepared
+** statement, the exact same time is returned for each invocation regardless
+** of the amount of time that elapses between invocations.  In other words,
+** the time returned is always the time of the first call.
+*/
+SQLITE_PRIVATE sqlite3_int64 sqlite3StmtCurrentTime(sqlite3_context *p){
+  int rc;
+#ifndef SQLITE_ENABLE_STAT3_OR_STAT4
+  sqlite3_int64 *piTime = &p->pVdbe->iCurrentTime;
+  assert( p->pVdbe!=0 );
+#else
+  sqlite3_int64 iTime = 0;
+  sqlite3_int64 *piTime = p->pVdbe!=0 ? &p->pVdbe->iCurrentTime : &iTime;
+#endif
+  if( *piTime==0 ){
+    rc = sqlite3OsCurrentTimeInt64(p->pOut->db->pVfs, piTime);
+    if( rc ) *piTime = 0;
+  }
+  return *piTime;
+}
+
+/*
+** The following is the implementation of an SQL function that always
+** fails with an error message stating that the function is used in the
+** wrong context.  The sqlite3_overload_function() API might construct
+** SQL function that use this routine so that the functions will exist
+** for name resolution but are actually overloaded by the xFindFunction
+** method of virtual tables.
+*/
+SQLITE_PRIVATE void sqlite3InvalidFunction(
+  sqlite3_context *context,  /* The function calling context */
+  int NotUsed,               /* Number of arguments to the function */
+  sqlite3_value **NotUsed2   /* Value of each argument */
+){
+  const char *zName = context->pFunc->zName;
+  char *zErr;
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  zErr = sqlite3_mprintf(
+      "unable to use function %s in the requested context", zName);
+  sqlite3_result_error(context, zErr, -1);
+  sqlite3_free(zErr);
+}
+
+/*
+** Create a new aggregate context for p and return a pointer to
+** its pMem->z element.
+*/
+static SQLITE_NOINLINE void *createAggContext(sqlite3_context *p, int nByte){
+  Mem *pMem = p->pMem;
+  assert( (pMem->flags & MEM_Agg)==0 );
+  if( nByte<=0 ){
+    sqlite3VdbeMemSetNull(pMem);
+    pMem->z = 0;
+  }else{
+    sqlite3VdbeMemClearAndResize(pMem, nByte);
+    pMem->flags = MEM_Agg;
+    pMem->u.pDef = p->pFunc;
+    if( pMem->z ){
+      memset(pMem->z, 0, nByte);
+    }
+  }
+  return (void*)pMem->z;
+}
+
+/*
+** Allocate or return the aggregate context for a user function.  A new
+** context is allocated on the first call.  Subsequent calls return the
+** same context that was returned on prior calls.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_aggregate_context(sqlite3_context *p, int nByte){
+  assert( p && p->pFunc && p->pFunc->xStep );
+  assert( sqlite3_mutex_held(p->pOut->db->mutex) );
+  testcase( nByte<0 );
+  if( (p->pMem->flags & MEM_Agg)==0 ){
+    return createAggContext(p, nByte);
+  }else{
+    return (void*)p->pMem->z;
+  }
+}
+
+/*
+** Return the auxiliary data pointer, if any, for the iArg'th argument to
+** the user-function defined by pCtx.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_get_auxdata(sqlite3_context *pCtx, int iArg){
+  AuxData *pAuxData;
+
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+#if SQLITE_ENABLE_STAT3_OR_STAT4
+  if( pCtx->pVdbe==0 ) return 0;
+#else
+  assert( pCtx->pVdbe!=0 );
+#endif
+  for(pAuxData=pCtx->pVdbe->pAuxData; pAuxData; pAuxData=pAuxData->pNext){
+    if( pAuxData->iOp==pCtx->iOp && pAuxData->iArg==iArg ) break;
+  }
+
+  return (pAuxData ? pAuxData->pAux : 0);
+}
+
+/*
+** Set the auxiliary data pointer and delete function, for the iArg'th
+** argument to the user-function defined by pCtx. Any previous value is
+** deleted by calling the delete function specified when it was set.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_set_auxdata(
+  sqlite3_context *pCtx, 
+  int iArg, 
+  void *pAux, 
+  void (*xDelete)(void*)
+){
+  AuxData *pAuxData;
+  Vdbe *pVdbe = pCtx->pVdbe;
+
+  assert( sqlite3_mutex_held(pCtx->pOut->db->mutex) );
+  if( iArg<0 ) goto failed;
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  if( pVdbe==0 ) goto failed;
+#else
+  assert( pVdbe!=0 );
+#endif
+
+  for(pAuxData=pVdbe->pAuxData; pAuxData; pAuxData=pAuxData->pNext){
+    if( pAuxData->iOp==pCtx->iOp && pAuxData->iArg==iArg ) break;
+  }
+  if( pAuxData==0 ){
+    pAuxData = sqlite3DbMallocZero(pVdbe->db, sizeof(AuxData));
+    if( !pAuxData ) goto failed;
+    pAuxData->iOp = pCtx->iOp;
+    pAuxData->iArg = iArg;
+    pAuxData->pNext = pVdbe->pAuxData;
+    pVdbe->pAuxData = pAuxData;
+    if( pCtx->fErrorOrAux==0 ){
+      pCtx->isError = 0;
+      pCtx->fErrorOrAux = 1;
+    }
+  }else if( pAuxData->xDelete ){
+    pAuxData->xDelete(pAuxData->pAux);
+  }
+
+  pAuxData->pAux = pAux;
+  pAuxData->xDelete = xDelete;
+  return;
+
+failed:
+  if( xDelete ){
+    xDelete(pAux);
+  }
+}
+
+#ifndef SQLITE_OMIT_DEPRECATED
+/*
+** Return the number of times the Step function of an aggregate has been 
+** called.
+**
+** This function is deprecated.  Do not use it for new code.  It is
+** provide only to avoid breaking legacy code.  New aggregate function
+** implementations should keep their own counts within their aggregate
+** context.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_aggregate_count(sqlite3_context *p){
+  assert( p && p->pMem && p->pFunc && p->pFunc->xStep );
+  return p->pMem->n;
+}
+#endif
+
+/*
+** Return the number of columns in the result set for the statement pStmt.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_column_count(sqlite3_stmt *pStmt){
+  Vdbe *pVm = (Vdbe *)pStmt;
+  return pVm ? pVm->nResColumn : 0;
+}
+
+/*
+** Return the number of values available from the current row of the
+** currently executing statement pStmt.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_data_count(sqlite3_stmt *pStmt){
+  Vdbe *pVm = (Vdbe *)pStmt;
+  if( pVm==0 || pVm->pResultSet==0 ) return 0;
+  return pVm->nResColumn;
+}
+
+/*
+** Return a pointer to static memory containing an SQL NULL value.
+*/
+static const Mem *columnNullValue(void){
+  /* Even though the Mem structure contains an element
+  ** of type i64, on certain architectures (x86) with certain compiler
+  ** switches (-Os), gcc may align this Mem object on a 4-byte boundary
+  ** instead of an 8-byte one. This all works fine, except that when
+  ** running with SQLITE_DEBUG defined the SQLite code sometimes assert()s
+  ** that a Mem structure is located on an 8-byte boundary. To prevent
+  ** these assert()s from failing, when building with SQLITE_DEBUG defined
+  ** using gcc, we force nullMem to be 8-byte aligned using the magical
+  ** __attribute__((aligned(8))) macro.  */
+  static const Mem nullMem 
+#if defined(SQLITE_DEBUG) && defined(__GNUC__)
+    __attribute__((aligned(8))) 
+#endif
+    = {
+        /* .u          = */ {0},
+        /* .flags      = */ (u16)MEM_Null,
+        /* .enc        = */ (u8)0,
+        /* .eSubtype   = */ (u8)0,
+        /* .n          = */ (int)0,
+        /* .z          = */ (char*)0,
+        /* .zMalloc    = */ (char*)0,
+        /* .szMalloc   = */ (int)0,
+        /* .uTemp      = */ (u32)0,
+        /* .db         = */ (sqlite3*)0,
+        /* .xDel       = */ (void(*)(void*))0,
+#ifdef SQLITE_DEBUG
+        /* .pScopyFrom = */ (Mem*)0,
+        /* .pFiller    = */ (void*)0,
+#endif
+      };
+  return &nullMem;
+}
+
+/*
+** Check to see if column iCol of the given statement is valid.  If
+** it is, return a pointer to the Mem for the value of that column.
+** If iCol is not valid, return a pointer to a Mem which has a value
+** of NULL.
+*/
+static Mem *columnMem(sqlite3_stmt *pStmt, int i){
+  Vdbe *pVm;
+  Mem *pOut;
+
+  pVm = (Vdbe *)pStmt;
+  if( pVm && pVm->pResultSet!=0 && i<pVm->nResColumn && i>=0 ){
+    sqlite3_mutex_enter(pVm->db->mutex);
+    pOut = &pVm->pResultSet[i];
+  }else{
+    if( pVm && ALWAYS(pVm->db) ){
+      sqlite3_mutex_enter(pVm->db->mutex);
+      sqlite3Error(pVm->db, SQLITE_RANGE);
+    }
+    pOut = (Mem*)columnNullValue();
+  }
+  return pOut;
+}
+
+/*
+** This function is called after invoking an sqlite3_value_XXX function on a 
+** column value (i.e. a value returned by evaluating an SQL expression in the
+** select list of a SELECT statement) that may cause a malloc() failure. If 
+** malloc() has failed, the threads mallocFailed flag is cleared and the result
+** code of statement pStmt set to SQLITE_NOMEM.
+**
+** Specifically, this is called from within:
+**
+**     sqlite3_column_int()
+**     sqlite3_column_int64()
+**     sqlite3_column_text()
+**     sqlite3_column_text16()
+**     sqlite3_column_real()
+**     sqlite3_column_bytes()
+**     sqlite3_column_bytes16()
+**     sqiite3_column_blob()
+*/
+static void columnMallocFailure(sqlite3_stmt *pStmt)
+{
+  /* If malloc() failed during an encoding conversion within an
+  ** sqlite3_column_XXX API, then set the return code of the statement to
+  ** SQLITE_NOMEM. The next call to _step() (if any) will return SQLITE_ERROR
+  ** and _finalize() will return NOMEM.
+  */
+  Vdbe *p = (Vdbe *)pStmt;
+  if( p ){
+    p->rc = sqlite3ApiExit(p->db, p->rc);
+    sqlite3_mutex_leave(p->db->mutex);
+  }
+}
+
+/**************************** sqlite3_column_  *******************************
+** The following routines are used to access elements of the current row
+** in the result set.
+*/
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_blob(sqlite3_stmt *pStmt, int i){
+  const void *val;
+  val = sqlite3_value_blob( columnMem(pStmt,i) );
+  /* Even though there is no encoding conversion, value_blob() might
+  ** need to call malloc() to expand the result of a zeroblob() 
+  ** expression. 
+  */
+  columnMallocFailure(pStmt);
+  return val;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_column_bytes(sqlite3_stmt *pStmt, int i){
+  int val = sqlite3_value_bytes( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return val;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_column_bytes16(sqlite3_stmt *pStmt, int i){
+  int val = sqlite3_value_bytes16( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return val;
+}
+SQLITE_API double SQLITE_STDCALL sqlite3_column_double(sqlite3_stmt *pStmt, int i){
+  double val = sqlite3_value_double( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return val;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_column_int(sqlite3_stmt *pStmt, int i){
+  int val = sqlite3_value_int( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return val;
+}
+SQLITE_API sqlite_int64 SQLITE_STDCALL sqlite3_column_int64(sqlite3_stmt *pStmt, int i){
+  sqlite_int64 val = sqlite3_value_int64( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return val;
+}
+SQLITE_API const unsigned char *SQLITE_STDCALL sqlite3_column_text(sqlite3_stmt *pStmt, int i){
+  const unsigned char *val = sqlite3_value_text( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return val;
+}
+SQLITE_API sqlite3_value *SQLITE_STDCALL sqlite3_column_value(sqlite3_stmt *pStmt, int i){
+  Mem *pOut = columnMem(pStmt, i);
+  if( pOut->flags&MEM_Static ){
+    pOut->flags &= ~MEM_Static;
+    pOut->flags |= MEM_Ephem;
+  }
+  columnMallocFailure(pStmt);
+  return (sqlite3_value *)pOut;
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_text16(sqlite3_stmt *pStmt, int i){
+  const void *val = sqlite3_value_text16( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return val;
+}
+#endif /* SQLITE_OMIT_UTF16 */
+SQLITE_API int SQLITE_STDCALL sqlite3_column_type(sqlite3_stmt *pStmt, int i){
+  int iType = sqlite3_value_type( columnMem(pStmt,i) );
+  columnMallocFailure(pStmt);
+  return iType;
+}
+
+/*
+** Convert the N-th element of pStmt->pColName[] into a string using
+** xFunc() then return that string.  If N is out of range, return 0.
+**
+** There are up to 5 names for each column.  useType determines which
+** name is returned.  Here are the names:
+**
+**    0      The column name as it should be displayed for output
+**    1      The datatype name for the column
+**    2      The name of the database that the column derives from
+**    3      The name of the table that the column derives from
+**    4      The name of the table column that the result column derives from
+**
+** If the result is not a simple column reference (if it is an expression
+** or a constant) then useTypes 2, 3, and 4 return NULL.
+*/
+static const void *columnName(
+  sqlite3_stmt *pStmt,
+  int N,
+  const void *(*xFunc)(Mem*),
+  int useType
+){
+  const void *ret;
+  Vdbe *p;
+  int n;
+  sqlite3 *db;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( pStmt==0 ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  ret = 0;
+  p = (Vdbe *)pStmt;
+  db = p->db;
+  assert( db!=0 );
+  n = sqlite3_column_count(pStmt);
+  if( N<n && N>=0 ){
+    N += useType*n;
+    sqlite3_mutex_enter(db->mutex);
+    assert( db->mallocFailed==0 );
+    ret = xFunc(&p->aColName[N]);
+     /* A malloc may have failed inside of the xFunc() call. If this
+    ** is the case, clear the mallocFailed flag and return NULL.
+    */
+    if( db->mallocFailed ){
+      db->mallocFailed = 0;
+      ret = 0;
+    }
+    sqlite3_mutex_leave(db->mutex);
+  }
+  return ret;
+}
+
+/*
+** Return the name of the Nth column of the result set returned by SQL
+** statement pStmt.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_name(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text, COLNAME_NAME);
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_name16(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text16, COLNAME_NAME);
+}
+#endif
+
+/*
+** Constraint:  If you have ENABLE_COLUMN_METADATA then you must
+** not define OMIT_DECLTYPE.
+*/
+#if defined(SQLITE_OMIT_DECLTYPE) && defined(SQLITE_ENABLE_COLUMN_METADATA)
+# error "Must not define both SQLITE_OMIT_DECLTYPE \
+         and SQLITE_ENABLE_COLUMN_METADATA"
+#endif
+
+#ifndef SQLITE_OMIT_DECLTYPE
+/*
+** Return the column declaration type (if applicable) of the 'i'th column
+** of the result set of SQL statement pStmt.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_decltype(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text, COLNAME_DECLTYPE);
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_decltype16(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text16, COLNAME_DECLTYPE);
+}
+#endif /* SQLITE_OMIT_UTF16 */
+#endif /* SQLITE_OMIT_DECLTYPE */
+
+#ifdef SQLITE_ENABLE_COLUMN_METADATA
+/*
+** Return the name of the database from which a result column derives.
+** NULL is returned if the result column is an expression or constant or
+** anything else which is not an unambiguous reference to a database column.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_database_name(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text, COLNAME_DATABASE);
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_database_name16(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text16, COLNAME_DATABASE);
+}
+#endif /* SQLITE_OMIT_UTF16 */
+
+/*
+** Return the name of the table from which a result column derives.
+** NULL is returned if the result column is an expression or constant or
+** anything else which is not an unambiguous reference to a database column.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_table_name(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text, COLNAME_TABLE);
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_table_name16(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text16, COLNAME_TABLE);
+}
+#endif /* SQLITE_OMIT_UTF16 */
+
+/*
+** Return the name of the table column from which a result column derives.
+** NULL is returned if the result column is an expression or constant or
+** anything else which is not an unambiguous reference to a database column.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_origin_name(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text, COLNAME_COLUMN);
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_origin_name16(sqlite3_stmt *pStmt, int N){
+  return columnName(
+      pStmt, N, (const void*(*)(Mem*))sqlite3_value_text16, COLNAME_COLUMN);
+}
+#endif /* SQLITE_OMIT_UTF16 */
+#endif /* SQLITE_ENABLE_COLUMN_METADATA */
+
+
+/******************************* sqlite3_bind_  ***************************
+** 
+** Routines used to attach values to wildcards in a compiled SQL statement.
+*/
+/*
+** Unbind the value bound to variable i in virtual machine p. This is the 
+** the same as binding a NULL value to the column. If the "i" parameter is
+** out of range, then SQLITE_RANGE is returned. Othewise SQLITE_OK.
+**
+** A successful evaluation of this routine acquires the mutex on p.
+** the mutex is released if any kind of error occurs.
+**
+** The error code stored in database p->db is overwritten with the return
+** value in any case.
+*/
+static int vdbeUnbind(Vdbe *p, int i){
+  Mem *pVar;
+  if( vdbeSafetyNotNull(p) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+  sqlite3_mutex_enter(p->db->mutex);
+  if( p->magic!=VDBE_MAGIC_RUN || p->pc>=0 ){
+    sqlite3Error(p->db, SQLITE_MISUSE);
+    sqlite3_mutex_leave(p->db->mutex);
+    sqlite3_log(SQLITE_MISUSE, 
+        "bind on a busy prepared statement: [%s]", p->zSql);
+    return SQLITE_MISUSE_BKPT;
+  }
+  if( i<1 || i>p->nVar ){
+    sqlite3Error(p->db, SQLITE_RANGE);
+    sqlite3_mutex_leave(p->db->mutex);
+    return SQLITE_RANGE;
+  }
+  i--;
+  pVar = &p->aVar[i];
+  sqlite3VdbeMemRelease(pVar);
+  pVar->flags = MEM_Null;
+  sqlite3Error(p->db, SQLITE_OK);
+
+  /* If the bit corresponding to this variable in Vdbe.expmask is set, then 
+  ** binding a new value to this variable invalidates the current query plan.
+  **
+  ** IMPLEMENTATION-OF: R-48440-37595 If the specific value bound to host
+  ** parameter in the WHERE clause might influence the choice of query plan
+  ** for a statement, then the statement will be automatically recompiled,
+  ** as if there had been a schema change, on the first sqlite3_step() call
+  ** following any change to the bindings of that parameter.
+  */
+  if( p->isPrepareV2 &&
+     ((i<32 && p->expmask & ((u32)1 << i)) || p->expmask==0xffffffff)
+  ){
+    p->expired = 1;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Bind a text or BLOB value.
+*/
+static int bindText(
+  sqlite3_stmt *pStmt,   /* The statement to bind against */
+  int i,                 /* Index of the parameter to bind */
+  const void *zData,     /* Pointer to the data to be bound */
+  int nData,             /* Number of bytes of data to be bound */
+  void (*xDel)(void*),   /* Destructor for the data */
+  u8 encoding            /* Encoding for the data */
+){
+  Vdbe *p = (Vdbe *)pStmt;
+  Mem *pVar;
+  int rc;
+
+  rc = vdbeUnbind(p, i);
+  if( rc==SQLITE_OK ){
+    if( zData!=0 ){
+      pVar = &p->aVar[i-1];
+      rc = sqlite3VdbeMemSetStr(pVar, zData, nData, encoding, xDel);
+      if( rc==SQLITE_OK && encoding!=0 ){
+        rc = sqlite3VdbeChangeEncoding(pVar, ENC(p->db));
+      }
+      sqlite3Error(p->db, rc);
+      rc = sqlite3ApiExit(p->db, rc);
+    }
+    sqlite3_mutex_leave(p->db->mutex);
+  }else if( xDel!=SQLITE_STATIC && xDel!=SQLITE_TRANSIENT ){
+    xDel((void*)zData);
+  }
+  return rc;
+}
+
+
+/*
+** Bind a blob value to an SQL statement variable.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_blob(
+  sqlite3_stmt *pStmt, 
+  int i, 
+  const void *zData, 
+  int nData, 
+  void (*xDel)(void*)
+){
+  return bindText(pStmt, i, zData, nData, xDel, 0);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_blob64(
+  sqlite3_stmt *pStmt, 
+  int i, 
+  const void *zData, 
+  sqlite3_uint64 nData, 
+  void (*xDel)(void*)
+){
+  assert( xDel!=SQLITE_DYNAMIC );
+  if( nData>0x7fffffff ){
+    return invokeValueDestructor(zData, xDel, 0);
+  }else{
+    return bindText(pStmt, i, zData, (int)nData, xDel, 0);
+  }
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_double(sqlite3_stmt *pStmt, int i, double rValue){
+  int rc;
+  Vdbe *p = (Vdbe *)pStmt;
+  rc = vdbeUnbind(p, i);
+  if( rc==SQLITE_OK ){
+    sqlite3VdbeMemSetDouble(&p->aVar[i-1], rValue);
+    sqlite3_mutex_leave(p->db->mutex);
+  }
+  return rc;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_int(sqlite3_stmt *p, int i, int iValue){
+  return sqlite3_bind_int64(p, i, (i64)iValue);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_int64(sqlite3_stmt *pStmt, int i, sqlite_int64 iValue){
+  int rc;
+  Vdbe *p = (Vdbe *)pStmt;
+  rc = vdbeUnbind(p, i);
+  if( rc==SQLITE_OK ){
+    sqlite3VdbeMemSetInt64(&p->aVar[i-1], iValue);
+    sqlite3_mutex_leave(p->db->mutex);
+  }
+  return rc;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_null(sqlite3_stmt *pStmt, int i){
+  int rc;
+  Vdbe *p = (Vdbe*)pStmt;
+  rc = vdbeUnbind(p, i);
+  if( rc==SQLITE_OK ){
+    sqlite3_mutex_leave(p->db->mutex);
+  }
+  return rc;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text( 
+  sqlite3_stmt *pStmt, 
+  int i, 
+  const char *zData, 
+  int nData, 
+  void (*xDel)(void*)
+){
+  return bindText(pStmt, i, zData, nData, xDel, SQLITE_UTF8);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text64( 
+  sqlite3_stmt *pStmt, 
+  int i, 
+  const char *zData, 
+  sqlite3_uint64 nData, 
+  void (*xDel)(void*),
+  unsigned char enc
+){
+  assert( xDel!=SQLITE_DYNAMIC );
+  if( nData>0x7fffffff ){
+    return invokeValueDestructor(zData, xDel, 0);
+  }else{
+    if( enc==SQLITE_UTF16 ) enc = SQLITE_UTF16NATIVE;
+    return bindText(pStmt, i, zData, (int)nData, xDel, enc);
+  }
+}
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text16(
+  sqlite3_stmt *pStmt, 
+  int i, 
+  const void *zData, 
+  int nData, 
+  void (*xDel)(void*)
+){
+  return bindText(pStmt, i, zData, nData, xDel, SQLITE_UTF16NATIVE);
+}
+#endif /* SQLITE_OMIT_UTF16 */
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_value(sqlite3_stmt *pStmt, int i, const sqlite3_value *pValue){
+  int rc;
+  switch( sqlite3_value_type((sqlite3_value*)pValue) ){
+    case SQLITE_INTEGER: {
+      rc = sqlite3_bind_int64(pStmt, i, pValue->u.i);
+      break;
+    }
+    case SQLITE_FLOAT: {
+      rc = sqlite3_bind_double(pStmt, i, pValue->u.r);
+      break;
+    }
+    case SQLITE_BLOB: {
+      if( pValue->flags & MEM_Zero ){
+        rc = sqlite3_bind_zeroblob(pStmt, i, pValue->u.nZero);
+      }else{
+        rc = sqlite3_bind_blob(pStmt, i, pValue->z, pValue->n,SQLITE_TRANSIENT);
+      }
+      break;
+    }
+    case SQLITE_TEXT: {
+      rc = bindText(pStmt,i,  pValue->z, pValue->n, SQLITE_TRANSIENT,
+                              pValue->enc);
+      break;
+    }
+    default: {
+      rc = sqlite3_bind_null(pStmt, i);
+      break;
+    }
+  }
+  return rc;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_zeroblob(sqlite3_stmt *pStmt, int i, int n){
+  int rc;
+  Vdbe *p = (Vdbe *)pStmt;
+  rc = vdbeUnbind(p, i);
+  if( rc==SQLITE_OK ){
+    sqlite3VdbeMemSetZeroBlob(&p->aVar[i-1], n);
+    sqlite3_mutex_leave(p->db->mutex);
+  }
+  return rc;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_zeroblob64(sqlite3_stmt *pStmt, int i, sqlite3_uint64 n){
+  int rc;
+  Vdbe *p = (Vdbe *)pStmt;
+  sqlite3_mutex_enter(p->db->mutex);
+  if( n>(u64)p->db->aLimit[SQLITE_LIMIT_LENGTH] ){
+    rc = SQLITE_TOOBIG;
+  }else{
+    assert( (n & 0x7FFFFFFF)==n );
+    rc = sqlite3_bind_zeroblob(pStmt, i, n);
+  }
+  rc = sqlite3ApiExit(p->db, rc);
+  sqlite3_mutex_leave(p->db->mutex);
+  return rc;
+}
+
+/*
+** Return the number of wildcards that can be potentially bound to.
+** This routine is added to support DBD::SQLite.  
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_parameter_count(sqlite3_stmt *pStmt){
+  Vdbe *p = (Vdbe*)pStmt;
+  return p ? p->nVar : 0;
+}
+
+/*
+** Return the name of a wildcard parameter.  Return NULL if the index
+** is out of range or if the wildcard is unnamed.
+**
+** The result is always UTF-8.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_bind_parameter_name(sqlite3_stmt *pStmt, int i){
+  Vdbe *p = (Vdbe*)pStmt;
+  if( p==0 || i<1 || i>p->nzVar ){
+    return 0;
+  }
+  return p->azVar[i-1];
+}
+
+/*
+** Given a wildcard parameter name, return the index of the variable
+** with that name.  If there is no variable with the given name,
+** return 0.
+*/
+SQLITE_PRIVATE int sqlite3VdbeParameterIndex(Vdbe *p, const char *zName, int nName){
+  int i;
+  if( p==0 ){
+    return 0;
+  }
+  if( zName ){
+    for(i=0; i<p->nzVar; i++){
+      const char *z = p->azVar[i];
+      if( z && strncmp(z,zName,nName)==0 && z[nName]==0 ){
+        return i+1;
+      }
+    }
+  }
+  return 0;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_parameter_index(sqlite3_stmt *pStmt, const char *zName){
+  return sqlite3VdbeParameterIndex((Vdbe*)pStmt, zName, sqlite3Strlen30(zName));
+}
+
+/*
+** Transfer all bindings from the first statement over to the second.
+*/
+SQLITE_PRIVATE int sqlite3TransferBindings(sqlite3_stmt *pFromStmt, sqlite3_stmt *pToStmt){
+  Vdbe *pFrom = (Vdbe*)pFromStmt;
+  Vdbe *pTo = (Vdbe*)pToStmt;
+  int i;
+  assert( pTo->db==pFrom->db );
+  assert( pTo->nVar==pFrom->nVar );
+  sqlite3_mutex_enter(pTo->db->mutex);
+  for(i=0; i<pFrom->nVar; i++){
+    sqlite3VdbeMemMove(&pTo->aVar[i], &pFrom->aVar[i]);
+  }
+  sqlite3_mutex_leave(pTo->db->mutex);
+  return SQLITE_OK;
+}
+
+#ifndef SQLITE_OMIT_DEPRECATED
+/*
+** Deprecated external interface.  Internal/core SQLite code
+** should call sqlite3TransferBindings.
+**
+** It is misuse to call this routine with statements from different
+** database connections.  But as this is a deprecated interface, we
+** will not bother to check for that condition.
+**
+** If the two statements contain a different number of bindings, then
+** an SQLITE_ERROR is returned.  Nothing else can go wrong, so otherwise
+** SQLITE_OK is returned.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_transfer_bindings(sqlite3_stmt *pFromStmt, sqlite3_stmt *pToStmt){
+  Vdbe *pFrom = (Vdbe*)pFromStmt;
+  Vdbe *pTo = (Vdbe*)pToStmt;
+  if( pFrom->nVar!=pTo->nVar ){
+    return SQLITE_ERROR;
+  }
+  if( pTo->isPrepareV2 && pTo->expmask ){
+    pTo->expired = 1;
+  }
+  if( pFrom->isPrepareV2 && pFrom->expmask ){
+    pFrom->expired = 1;
+  }
+  return sqlite3TransferBindings(pFromStmt, pToStmt);
+}
+#endif
+
+/*
+** Return the sqlite3* database handle to which the prepared statement given
+** in the argument belongs.  This is the same database handle that was
+** the first argument to the sqlite3_prepare() that was used to create
+** the statement in the first place.
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3_db_handle(sqlite3_stmt *pStmt){
+  return pStmt ? ((Vdbe*)pStmt)->db : 0;
+}
+
+/*
+** Return true if the prepared statement is guaranteed to not modify the
+** database.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_readonly(sqlite3_stmt *pStmt){
+  return pStmt ? ((Vdbe*)pStmt)->readOnly : 1;
+}
+
+/*
+** Return true if the prepared statement is in need of being reset.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_busy(sqlite3_stmt *pStmt){
+  Vdbe *v = (Vdbe*)pStmt;
+  return v!=0 && v->pc>=0 && v->magic==VDBE_MAGIC_RUN;
+}
+
+/*
+** Return a pointer to the next prepared statement after pStmt associated
+** with database connection pDb.  If pStmt is NULL, return the first
+** prepared statement for the database connection.  Return NULL if there
+** are no more.
+*/
+SQLITE_API sqlite3_stmt *SQLITE_STDCALL sqlite3_next_stmt(sqlite3 *pDb, sqlite3_stmt *pStmt){
+  sqlite3_stmt *pNext;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(pDb) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  sqlite3_mutex_enter(pDb->mutex);
+  if( pStmt==0 ){
+    pNext = (sqlite3_stmt*)pDb->pVdbe;
+  }else{
+    pNext = (sqlite3_stmt*)((Vdbe*)pStmt)->pNext;
+  }
+  sqlite3_mutex_leave(pDb->mutex);
+  return pNext;
+}
+
+/*
+** Return the value of a status counter for a prepared statement
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_status(sqlite3_stmt *pStmt, int op, int resetFlag){
+  Vdbe *pVdbe = (Vdbe*)pStmt;
+  u32 v;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !pStmt ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  v = pVdbe->aCounter[op];
+  if( resetFlag ) pVdbe->aCounter[op] = 0;
+  return (int)v;
+}
+
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+/*
+** Return status data for a single loop within query pStmt.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_scanstatus(
+  sqlite3_stmt *pStmt,            /* Prepared statement being queried */
+  int idx,                        /* Index of loop to report on */
+  int iScanStatusOp,              /* Which metric to return */
+  void *pOut                      /* OUT: Write the answer here */
+){
+  Vdbe *p = (Vdbe*)pStmt;
+  ScanStatus *pScan;
+  if( idx<0 || idx>=p->nScan ) return 1;
+  pScan = &p->aScan[idx];
+  switch( iScanStatusOp ){
+    case SQLITE_SCANSTAT_NLOOP: {
+      *(sqlite3_int64*)pOut = p->anExec[pScan->addrLoop];
+      break;
+    }
+    case SQLITE_SCANSTAT_NVISIT: {
+      *(sqlite3_int64*)pOut = p->anExec[pScan->addrVisit];
+      break;
+    }
+    case SQLITE_SCANSTAT_EST: {
+      double r = 1.0;
+      LogEst x = pScan->nEst;
+      while( x<100 ){
+        x += 10;
+        r *= 0.5;
+      }
+      *(double*)pOut = r*sqlite3LogEstToInt(x);
+      break;
+    }
+    case SQLITE_SCANSTAT_NAME: {
+      *(const char**)pOut = pScan->zName;
+      break;
+    }
+    case SQLITE_SCANSTAT_EXPLAIN: {
+      if( pScan->addrExplain ){
+        *(const char**)pOut = p->aOp[ pScan->addrExplain ].p4.z;
+      }else{
+        *(const char**)pOut = 0;
+      }
+      break;
+    }
+    case SQLITE_SCANSTAT_SELECTID: {
+      if( pScan->addrExplain ){
+        *(int*)pOut = p->aOp[ pScan->addrExplain ].p1;
+      }else{
+        *(int*)pOut = -1;
+      }
+      break;
+    }
+    default: {
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** Zero all counters associated with the sqlite3_stmt_scanstatus() data.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_stmt_scanstatus_reset(sqlite3_stmt *pStmt){
+  Vdbe *p = (Vdbe*)pStmt;
+  memset(p->anExec, 0, p->nOp * sizeof(i64));
+}
+#endif /* SQLITE_ENABLE_STMT_SCANSTATUS */
+
+/************** End of vdbeapi.c *********************************************/
+/************** Begin file vdbetrace.c ***************************************/
+/*
+** 2009 November 25
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains code used to insert the values of host parameters
+** (aka "wildcards") into the SQL text output by sqlite3_trace().
+**
+** The Vdbe parse-tree explainer is also found here.
+*/
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+#ifndef SQLITE_OMIT_TRACE
+
+/*
+** zSql is a zero-terminated string of UTF-8 SQL text.  Return the number of
+** bytes in this text up to but excluding the first character in
+** a host parameter.  If the text contains no host parameters, return
+** the total number of bytes in the text.
+*/
+static int findNextHostParameter(const char *zSql, int *pnToken){
+  int tokenType;
+  int nTotal = 0;
+  int n;
+
+  *pnToken = 0;
+  while( zSql[0] ){
+    n = sqlite3GetToken((u8*)zSql, &tokenType);
+    assert( n>0 && tokenType!=TK_ILLEGAL );
+    if( tokenType==TK_VARIABLE ){
+      *pnToken = n;
+      break;
+    }
+    nTotal += n;
+    zSql += n;
+  }
+  return nTotal;
+}
+
+/*
+** This function returns a pointer to a nul-terminated string in memory
+** obtained from sqlite3DbMalloc(). If sqlite3.nVdbeExec is 1, then the
+** string contains a copy of zRawSql but with host parameters expanded to 
+** their current bindings. Or, if sqlite3.nVdbeExec is greater than 1, 
+** then the returned string holds a copy of zRawSql with "-- " prepended
+** to each line of text.
+**
+** If the SQLITE_TRACE_SIZE_LIMIT macro is defined to an integer, then
+** then long strings and blobs are truncated to that many bytes.  This
+** can be used to prevent unreasonably large trace strings when dealing
+** with large (multi-megabyte) strings and blobs.
+**
+** The calling function is responsible for making sure the memory returned
+** is eventually freed.
+**
+** ALGORITHM:  Scan the input string looking for host parameters in any of
+** these forms:  ?, ?N, $A, @A, :A.  Take care to avoid text within
+** string literals, quoted identifier names, and comments.  For text forms,
+** the host parameter index is found by scanning the prepared
+** statement for the corresponding OP_Variable opcode.  Once the host
+** parameter index is known, locate the value in p->aVar[].  Then render
+** the value as a literal in place of the host parameter name.
+*/
+SQLITE_PRIVATE char *sqlite3VdbeExpandSql(
+  Vdbe *p,                 /* The prepared statement being evaluated */
+  const char *zRawSql      /* Raw text of the SQL statement */
+){
+  sqlite3 *db;             /* The database connection */
+  int idx = 0;             /* Index of a host parameter */
+  int nextIndex = 1;       /* Index of next ? host parameter */
+  int n;                   /* Length of a token prefix */
+  int nToken;              /* Length of the parameter token */
+  int i;                   /* Loop counter */
+  Mem *pVar;               /* Value of a host parameter */
+  StrAccum out;            /* Accumulate the output here */
+  char zBase[100];         /* Initial working space */
+
+  db = p->db;
+  sqlite3StrAccumInit(&out, db, zBase, sizeof(zBase), 
+                      db->aLimit[SQLITE_LIMIT_LENGTH]);
+  if( db->nVdbeExec>1 ){
+    while( *zRawSql ){
+      const char *zStart = zRawSql;
+      while( *(zRawSql++)!='\n' && *zRawSql );
+      sqlite3StrAccumAppend(&out, "-- ", 3);
+      assert( (zRawSql - zStart) > 0 );
+      sqlite3StrAccumAppend(&out, zStart, (int)(zRawSql-zStart));
+    }
+  }else if( p->nVar==0 ){
+    sqlite3StrAccumAppend(&out, zRawSql, sqlite3Strlen30(zRawSql));
+  }else{
+    while( zRawSql[0] ){
+      n = findNextHostParameter(zRawSql, &nToken);
+      assert( n>0 );
+      sqlite3StrAccumAppend(&out, zRawSql, n);
+      zRawSql += n;
+      assert( zRawSql[0] || nToken==0 );
+      if( nToken==0 ) break;
+      if( zRawSql[0]=='?' ){
+        if( nToken>1 ){
+          assert( sqlite3Isdigit(zRawSql[1]) );
+          sqlite3GetInt32(&zRawSql[1], &idx);
+        }else{
+          idx = nextIndex;
+        }
+      }else{
+        assert( zRawSql[0]==':' || zRawSql[0]=='$' ||
+                zRawSql[0]=='@' || zRawSql[0]=='#' );
+        testcase( zRawSql[0]==':' );
+        testcase( zRawSql[0]=='$' );
+        testcase( zRawSql[0]=='@' );
+        testcase( zRawSql[0]=='#' );
+        idx = sqlite3VdbeParameterIndex(p, zRawSql, nToken);
+        assert( idx>0 );
+      }
+      zRawSql += nToken;
+      nextIndex = idx + 1;
+      assert( idx>0 && idx<=p->nVar );
+      pVar = &p->aVar[idx-1];
+      if( pVar->flags & MEM_Null ){
+        sqlite3StrAccumAppend(&out, "NULL", 4);
+      }else if( pVar->flags & MEM_Int ){
+        sqlite3XPrintf(&out, 0, "%lld", pVar->u.i);
+      }else if( pVar->flags & MEM_Real ){
+        sqlite3XPrintf(&out, 0, "%!.15g", pVar->u.r);
+      }else if( pVar->flags & MEM_Str ){
+        int nOut;  /* Number of bytes of the string text to include in output */
+#ifndef SQLITE_OMIT_UTF16
+        u8 enc = ENC(db);
+        Mem utf8;
+        if( enc!=SQLITE_UTF8 ){
+          memset(&utf8, 0, sizeof(utf8));
+          utf8.db = db;
+          sqlite3VdbeMemSetStr(&utf8, pVar->z, pVar->n, enc, SQLITE_STATIC);
+          sqlite3VdbeChangeEncoding(&utf8, SQLITE_UTF8);
+          pVar = &utf8;
+        }
+#endif
+        nOut = pVar->n;
+#ifdef SQLITE_TRACE_SIZE_LIMIT
+        if( nOut>SQLITE_TRACE_SIZE_LIMIT ){
+          nOut = SQLITE_TRACE_SIZE_LIMIT;
+          while( nOut<pVar->n && (pVar->z[nOut]&0xc0)==0x80 ){ nOut++; }
+        }
+#endif    
+        sqlite3XPrintf(&out, 0, "'%.*q'", nOut, pVar->z);
+#ifdef SQLITE_TRACE_SIZE_LIMIT
+        if( nOut<pVar->n ){
+          sqlite3XPrintf(&out, 0, "/*+%d bytes*/", pVar->n-nOut);
+        }
+#endif
+#ifndef SQLITE_OMIT_UTF16
+        if( enc!=SQLITE_UTF8 ) sqlite3VdbeMemRelease(&utf8);
+#endif
+      }else if( pVar->flags & MEM_Zero ){
+        sqlite3XPrintf(&out, 0, "zeroblob(%d)", pVar->u.nZero);
+      }else{
+        int nOut;  /* Number of bytes of the blob to include in output */
+        assert( pVar->flags & MEM_Blob );
+        sqlite3StrAccumAppend(&out, "x'", 2);
+        nOut = pVar->n;
+#ifdef SQLITE_TRACE_SIZE_LIMIT
+        if( nOut>SQLITE_TRACE_SIZE_LIMIT ) nOut = SQLITE_TRACE_SIZE_LIMIT;
+#endif
+        for(i=0; i<nOut; i++){
+          sqlite3XPrintf(&out, 0, "%02x", pVar->z[i]&0xff);
+        }
+        sqlite3StrAccumAppend(&out, "'", 1);
+#ifdef SQLITE_TRACE_SIZE_LIMIT
+        if( nOut<pVar->n ){
+          sqlite3XPrintf(&out, 0, "/*+%d bytes*/", pVar->n-nOut);
+        }
+#endif
+      }
+    }
+  }
+  return sqlite3StrAccumFinish(&out);
+}
+
+#endif /* #ifndef SQLITE_OMIT_TRACE */
+
+/************** End of vdbetrace.c *******************************************/
+/************** Begin file vdbe.c ********************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** The code in this file implements the function that runs the
+** bytecode of a prepared statement.
+**
+** Various scripts scan this source file in order to generate HTML
+** documentation, headers files, or other derived files.  The formatting
+** of the code in this file is, therefore, important.  See other comments
+** in this file for details.  If in doubt, do not deviate from existing
+** commenting and indentation practices when changing or adding code.
+*/
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+/*
+** Invoke this macro on memory cells just prior to changing the
+** value of the cell.  This macro verifies that shallow copies are
+** not misused.  A shallow copy of a string or blob just copies a
+** pointer to the string or blob, not the content.  If the original
+** is changed while the copy is still in use, the string or blob might
+** be changed out from under the copy.  This macro verifies that nothing
+** like that ever happens.
+*/
+#ifdef SQLITE_DEBUG
+# define memAboutToChange(P,M) sqlite3VdbeMemAboutToChange(P,M)
+#else
+# define memAboutToChange(P,M)
+#endif
+
+/*
+** The following global variable is incremented every time a cursor
+** moves, either by the OP_SeekXX, OP_Next, or OP_Prev opcodes.  The test
+** procedures use this information to make sure that indices are
+** working correctly.  This variable has no function other than to
+** help verify the correct operation of the library.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_search_count = 0;
+#endif
+
+/*
+** When this global variable is positive, it gets decremented once before
+** each instruction in the VDBE.  When it reaches zero, the u1.isInterrupted
+** field of the sqlite3 structure is set in order to simulate an interrupt.
+**
+** This facility is used for testing purposes only.  It does not function
+** in an ordinary build.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_interrupt_count = 0;
+#endif
+
+/*
+** The next global variable is incremented each type the OP_Sort opcode
+** is executed.  The test procedures use this information to make sure that
+** sorting is occurring or not occurring at appropriate times.   This variable
+** has no function other than to help verify the correct operation of the
+** library.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_sort_count = 0;
+#endif
+
+/*
+** The next global variable records the size of the largest MEM_Blob
+** or MEM_Str that has been used by a VDBE opcode.  The test procedures
+** use this information to make sure that the zero-blob functionality
+** is working correctly.   This variable has no function other than to
+** help verify the correct operation of the library.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_max_blobsize = 0;
+static void updateMaxBlobsize(Mem *p){
+  if( (p->flags & (MEM_Str|MEM_Blob))!=0 && p->n>sqlite3_max_blobsize ){
+    sqlite3_max_blobsize = p->n;
+  }
+}
+#endif
+
+/*
+** The next global variable is incremented each time the OP_Found opcode
+** is executed. This is used to test whether or not the foreign key
+** operation implemented using OP_FkIsZero is working. This variable
+** has no function other than to help verify the correct operation of the
+** library.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_found_count = 0;
+#endif
+
+/*
+** Test a register to see if it exceeds the current maximum blob size.
+** If it does, record the new maximum blob size.
+*/
+#if defined(SQLITE_TEST) && !defined(SQLITE_OMIT_BUILTIN_TEST)
+# define UPDATE_MAX_BLOBSIZE(P)  updateMaxBlobsize(P)
+#else
+# define UPDATE_MAX_BLOBSIZE(P)
+#endif
+
+/*
+** Invoke the VDBE coverage callback, if that callback is defined.  This
+** feature is used for test suite validation only and does not appear an
+** production builds.
+**
+** M is an integer, 2 or 3, that indices how many different ways the
+** branch can go.  It is usually 2.  "I" is the direction the branch
+** goes.  0 means falls through.  1 means branch is taken.  2 means the
+** second alternative branch is taken.
+**
+** iSrcLine is the source code line (from the __LINE__ macro) that
+** generated the VDBE instruction.  This instrumentation assumes that all
+** source code is in a single file (the amalgamation).  Special values 1
+** and 2 for the iSrcLine parameter mean that this particular branch is
+** always taken or never taken, respectively.
+*/
+#if !defined(SQLITE_VDBE_COVERAGE)
+# define VdbeBranchTaken(I,M)
+#else
+# define VdbeBranchTaken(I,M) vdbeTakeBranch(pOp->iSrcLine,I,M)
+  static void vdbeTakeBranch(int iSrcLine, u8 I, u8 M){
+    if( iSrcLine<=2 && ALWAYS(iSrcLine>0) ){
+      M = iSrcLine;
+      /* Assert the truth of VdbeCoverageAlwaysTaken() and 
+      ** VdbeCoverageNeverTaken() */
+      assert( (M & I)==I );
+    }else{
+      if( sqlite3GlobalConfig.xVdbeBranch==0 ) return;  /*NO_TEST*/
+      sqlite3GlobalConfig.xVdbeBranch(sqlite3GlobalConfig.pVdbeBranchArg,
+                                      iSrcLine,I,M);
+    }
+  }
+#endif
+
+/*
+** Convert the given register into a string if it isn't one
+** already. Return non-zero if a malloc() fails.
+*/
+#define Stringify(P, enc) \
+   if(((P)->flags&(MEM_Str|MEM_Blob))==0 && sqlite3VdbeMemStringify(P,enc,0)) \
+     { goto no_mem; }
+
+/*
+** An ephemeral string value (signified by the MEM_Ephem flag) contains
+** a pointer to a dynamically allocated string where some other entity
+** is responsible for deallocating that string.  Because the register
+** does not control the string, it might be deleted without the register
+** knowing it.
+**
+** This routine converts an ephemeral string into a dynamically allocated
+** string that the register itself controls.  In other words, it
+** converts an MEM_Ephem string into a string with P.z==P.zMalloc.
+*/
+#define Deephemeralize(P) \
+   if( ((P)->flags&MEM_Ephem)!=0 \
+       && sqlite3VdbeMemMakeWriteable(P) ){ goto no_mem;}
+
+/* Return true if the cursor was opened using the OP_OpenSorter opcode. */
+#define isSorter(x) ((x)->eCurType==CURTYPE_SORTER)
+
+/*
+** Allocate VdbeCursor number iCur.  Return a pointer to it.  Return NULL
+** if we run out of memory.
+*/
+static VdbeCursor *allocateCursor(
+  Vdbe *p,              /* The virtual machine */
+  int iCur,             /* Index of the new VdbeCursor */
+  int nField,           /* Number of fields in the table or index */
+  int iDb,              /* Database the cursor belongs to, or -1 */
+  u8 eCurType           /* Type of the new cursor */
+){
+  /* Find the memory cell that will be used to store the blob of memory
+  ** required for this VdbeCursor structure. It is convenient to use a 
+  ** vdbe memory cell to manage the memory allocation required for a
+  ** VdbeCursor structure for the following reasons:
+  **
+  **   * Sometimes cursor numbers are used for a couple of different
+  **     purposes in a vdbe program. The different uses might require
+  **     different sized allocations. Memory cells provide growable
+  **     allocations.
+  **
+  **   * When using ENABLE_MEMORY_MANAGEMENT, memory cell buffers can
+  **     be freed lazily via the sqlite3_release_memory() API. This
+  **     minimizes the number of malloc calls made by the system.
+  **
+  ** Memory cells for cursors are allocated at the top of the address
+  ** space. Memory cell (p->nMem) corresponds to cursor 0. Space for
+  ** cursor 1 is managed by memory cell (p->nMem-1), etc.
+  */
+  Mem *pMem = &p->aMem[p->nMem-iCur];
+
+  int nByte;
+  VdbeCursor *pCx = 0;
+  nByte = 
+      ROUND8(sizeof(VdbeCursor)) + 2*sizeof(u32)*nField + 
+      (eCurType==CURTYPE_BTREE?sqlite3BtreeCursorSize():0);
+
+  assert( iCur<p->nCursor );
+  if( p->apCsr[iCur] ){
+    sqlite3VdbeFreeCursor(p, p->apCsr[iCur]);
+    p->apCsr[iCur] = 0;
+  }
+  if( SQLITE_OK==sqlite3VdbeMemClearAndResize(pMem, nByte) ){
+    p->apCsr[iCur] = pCx = (VdbeCursor*)pMem->z;
+    memset(pCx, 0, sizeof(VdbeCursor));
+    pCx->eCurType = eCurType;
+    pCx->iDb = iDb;
+    pCx->nField = nField;
+    pCx->aOffset = &pCx->aType[nField];
+    if( eCurType==CURTYPE_BTREE ){
+      pCx->uc.pCursor = (BtCursor*)
+          &pMem->z[ROUND8(sizeof(VdbeCursor))+2*sizeof(u32)*nField];
+      sqlite3BtreeCursorZero(pCx->uc.pCursor);
+    }
+  }
+  return pCx;
+}
+
+/*
+** Try to convert a value into a numeric representation if we can
+** do so without loss of information.  In other words, if the string
+** looks like a number, convert it into a number.  If it does not
+** look like a number, leave it alone.
+**
+** If the bTryForInt flag is true, then extra effort is made to give
+** an integer representation.  Strings that look like floating point
+** values but which have no fractional component (example: '48.00')
+** will have a MEM_Int representation when bTryForInt is true.
+**
+** If bTryForInt is false, then if the input string contains a decimal
+** point or exponential notation, the result is only MEM_Real, even
+** if there is an exact integer representation of the quantity.
+*/
+static void applyNumericAffinity(Mem *pRec, int bTryForInt){
+  double rValue;
+  i64 iValue;
+  u8 enc = pRec->enc;
+  assert( (pRec->flags & (MEM_Str|MEM_Int|MEM_Real))==MEM_Str );
+  if( sqlite3AtoF(pRec->z, &rValue, pRec->n, enc)==0 ) return;
+  if( 0==sqlite3Atoi64(pRec->z, &iValue, pRec->n, enc) ){
+    pRec->u.i = iValue;
+    pRec->flags |= MEM_Int;
+  }else{
+    pRec->u.r = rValue;
+    pRec->flags |= MEM_Real;
+    if( bTryForInt ) sqlite3VdbeIntegerAffinity(pRec);
+  }
+}
+
+/*
+** Processing is determine by the affinity parameter:
+**
+** SQLITE_AFF_INTEGER:
+** SQLITE_AFF_REAL:
+** SQLITE_AFF_NUMERIC:
+**    Try to convert pRec to an integer representation or a 
+**    floating-point representation if an integer representation
+**    is not possible.  Note that the integer representation is
+**    always preferred, even if the affinity is REAL, because
+**    an integer representation is more space efficient on disk.
+**
+** SQLITE_AFF_TEXT:
+**    Convert pRec to a text representation.
+**
+** SQLITE_AFF_BLOB:
+**    No-op.  pRec is unchanged.
+*/
+static void applyAffinity(
+  Mem *pRec,          /* The value to apply affinity to */
+  char affinity,      /* The affinity to be applied */
+  u8 enc              /* Use this text encoding */
+){
+  if( affinity>=SQLITE_AFF_NUMERIC ){
+    assert( affinity==SQLITE_AFF_INTEGER || affinity==SQLITE_AFF_REAL
+             || affinity==SQLITE_AFF_NUMERIC );
+    if( (pRec->flags & MEM_Int)==0 ){
+      if( (pRec->flags & MEM_Real)==0 ){
+        if( pRec->flags & MEM_Str ) applyNumericAffinity(pRec,1);
+      }else{
+        sqlite3VdbeIntegerAffinity(pRec);
+      }
+    }
+  }else if( affinity==SQLITE_AFF_TEXT ){
+    /* Only attempt the conversion to TEXT if there is an integer or real
+    ** representation (blob and NULL do not get converted) but no string
+    ** representation.
+    */
+    if( 0==(pRec->flags&MEM_Str) && (pRec->flags&(MEM_Real|MEM_Int)) ){
+      sqlite3VdbeMemStringify(pRec, enc, 1);
+    }
+    pRec->flags &= ~(MEM_Real|MEM_Int);
+  }
+}
+
+/*
+** Try to convert the type of a function argument or a result column
+** into a numeric representation.  Use either INTEGER or REAL whichever
+** is appropriate.  But only do the conversion if it is possible without
+** loss of information and return the revised type of the argument.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_value_numeric_type(sqlite3_value *pVal){
+  int eType = sqlite3_value_type(pVal);
+  if( eType==SQLITE_TEXT ){
+    Mem *pMem = (Mem*)pVal;
+    applyNumericAffinity(pMem, 0);
+    eType = sqlite3_value_type(pVal);
+  }
+  return eType;
+}
+
+/*
+** Exported version of applyAffinity(). This one works on sqlite3_value*, 
+** not the internal Mem* type.
+*/
+SQLITE_PRIVATE void sqlite3ValueApplyAffinity(
+  sqlite3_value *pVal, 
+  u8 affinity, 
+  u8 enc
+){
+  applyAffinity((Mem *)pVal, affinity, enc);
+}
+
+/*
+** pMem currently only holds a string type (or maybe a BLOB that we can
+** interpret as a string if we want to).  Compute its corresponding
+** numeric type, if has one.  Set the pMem->u.r and pMem->u.i fields
+** accordingly.
+*/
+static u16 SQLITE_NOINLINE computeNumericType(Mem *pMem){
+  assert( (pMem->flags & (MEM_Int|MEM_Real))==0 );
+  assert( (pMem->flags & (MEM_Str|MEM_Blob))!=0 );
+  if( sqlite3AtoF(pMem->z, &pMem->u.r, pMem->n, pMem->enc)==0 ){
+    return 0;
+  }
+  if( sqlite3Atoi64(pMem->z, &pMem->u.i, pMem->n, pMem->enc)==SQLITE_OK ){
+    return MEM_Int;
+  }
+  return MEM_Real;
+}
+
+/*
+** Return the numeric type for pMem, either MEM_Int or MEM_Real or both or
+** none.  
+**
+** Unlike applyNumericAffinity(), this routine does not modify pMem->flags.
+** But it does set pMem->u.r and pMem->u.i appropriately.
+*/
+static u16 numericType(Mem *pMem){
+  if( pMem->flags & (MEM_Int|MEM_Real) ){
+    return pMem->flags & (MEM_Int|MEM_Real);
+  }
+  if( pMem->flags & (MEM_Str|MEM_Blob) ){
+    return computeNumericType(pMem);
+  }
+  return 0;
+}
+
+#ifdef SQLITE_DEBUG
+/*
+** Write a nice string representation of the contents of cell pMem
+** into buffer zBuf, length nBuf.
+*/
+SQLITE_PRIVATE void sqlite3VdbeMemPrettyPrint(Mem *pMem, char *zBuf){
+  char *zCsr = zBuf;
+  int f = pMem->flags;
+
+  static const char *const encnames[] = {"(X)", "(8)", "(16LE)", "(16BE)"};
+
+  if( f&MEM_Blob ){
+    int i;
+    char c;
+    if( f & MEM_Dyn ){
+      c = 'z';
+      assert( (f & (MEM_Static|MEM_Ephem))==0 );
+    }else if( f & MEM_Static ){
+      c = 't';
+      assert( (f & (MEM_Dyn|MEM_Ephem))==0 );
+    }else if( f & MEM_Ephem ){
+      c = 'e';
+      assert( (f & (MEM_Static|MEM_Dyn))==0 );
+    }else{
+      c = 's';
+    }
+
+    sqlite3_snprintf(100, zCsr, "%c", c);
+    zCsr += sqlite3Strlen30(zCsr);
+    sqlite3_snprintf(100, zCsr, "%d[", pMem->n);
+    zCsr += sqlite3Strlen30(zCsr);
+    for(i=0; i<16 && i<pMem->n; i++){
+      sqlite3_snprintf(100, zCsr, "%02X", ((int)pMem->z[i] & 0xFF));
+      zCsr += sqlite3Strlen30(zCsr);
+    }
+    for(i=0; i<16 && i<pMem->n; i++){
+      char z = pMem->z[i];
+      if( z<32 || z>126 ) *zCsr++ = '.';
+      else *zCsr++ = z;
+    }
+
+    sqlite3_snprintf(100, zCsr, "]%s", encnames[pMem->enc]);
+    zCsr += sqlite3Strlen30(zCsr);
+    if( f & MEM_Zero ){
+      sqlite3_snprintf(100, zCsr,"+%dz",pMem->u.nZero);
+      zCsr += sqlite3Strlen30(zCsr);
+    }
+    *zCsr = '\0';
+  }else if( f & MEM_Str ){
+    int j, k;
+    zBuf[0] = ' ';
+    if( f & MEM_Dyn ){
+      zBuf[1] = 'z';
+      assert( (f & (MEM_Static|MEM_Ephem))==0 );
+    }else if( f & MEM_Static ){
+      zBuf[1] = 't';
+      assert( (f & (MEM_Dyn|MEM_Ephem))==0 );
+    }else if( f & MEM_Ephem ){
+      zBuf[1] = 'e';
+      assert( (f & (MEM_Static|MEM_Dyn))==0 );
+    }else{
+      zBuf[1] = 's';
+    }
+    k = 2;
+    sqlite3_snprintf(100, &zBuf[k], "%d", pMem->n);
+    k += sqlite3Strlen30(&zBuf[k]);
+    zBuf[k++] = '[';
+    for(j=0; j<15 && j<pMem->n; j++){
+      u8 c = pMem->z[j];
+      if( c>=0x20 && c<0x7f ){
+        zBuf[k++] = c;
+      }else{
+        zBuf[k++] = '.';
+      }
+    }
+    zBuf[k++] = ']';
+    sqlite3_snprintf(100,&zBuf[k], encnames[pMem->enc]);
+    k += sqlite3Strlen30(&zBuf[k]);
+    zBuf[k++] = 0;
+  }
+}
+#endif
+
+#ifdef SQLITE_DEBUG
+/*
+** Print the value of a register for tracing purposes:
+*/
+static void memTracePrint(Mem *p){
+  if( p->flags & MEM_Undefined ){
+    printf(" undefined");
+  }else if( p->flags & MEM_Null ){
+    printf(" NULL");
+  }else if( (p->flags & (MEM_Int|MEM_Str))==(MEM_Int|MEM_Str) ){
+    printf(" si:%lld", p->u.i);
+  }else if( p->flags & MEM_Int ){
+    printf(" i:%lld", p->u.i);
+#ifndef SQLITE_OMIT_FLOATING_POINT
+  }else if( p->flags & MEM_Real ){
+    printf(" r:%g", p->u.r);
+#endif
+  }else if( p->flags & MEM_RowSet ){
+    printf(" (rowset)");
+  }else{
+    char zBuf[200];
+    sqlite3VdbeMemPrettyPrint(p, zBuf);
+    printf(" %s", zBuf);
+  }
+}
+static void registerTrace(int iReg, Mem *p){
+  printf("REG[%d] = ", iReg);
+  memTracePrint(p);
+  printf("\n");
+}
+#endif
+
+#ifdef SQLITE_DEBUG
+#  define REGISTER_TRACE(R,M) if(db->flags&SQLITE_VdbeTrace)registerTrace(R,M)
+#else
+#  define REGISTER_TRACE(R,M)
+#endif
+
+
+#ifdef VDBE_PROFILE
+
+/* 
+** hwtime.h contains inline assembler code for implementing 
+** high-performance timing routines.
+*/
+/************** Include hwtime.h in the middle of vdbe.c *********************/
+/************** Begin file hwtime.h ******************************************/
+/*
+** 2008 May 27
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains inline asm code for retrieving "high-performance"
+** counters for x86 class CPUs.
+*/
+#ifndef _HWTIME_H_
+#define _HWTIME_H_
+
+/*
+** The following routine only works on pentium-class (or newer) processors.
+** It uses the RDTSC opcode to read the cycle count value out of the
+** processor and returns that value.  This can be used for high-res
+** profiling.
+*/
+#if (defined(__GNUC__) || defined(_MSC_VER)) && \
+      (defined(i386) || defined(__i386__) || defined(_M_IX86))
+
+  #if defined(__GNUC__)
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+     unsigned int lo, hi;
+     __asm__ __volatile__ ("rdtsc" : "=a" (lo), "=d" (hi));
+     return (sqlite_uint64)hi << 32 | lo;
+  }
+
+  #elif defined(_MSC_VER)
+
+  __declspec(naked) __inline sqlite_uint64 __cdecl sqlite3Hwtime(void){
+     __asm {
+        rdtsc
+        ret       ; return value at EDX:EAX
+     }
+  }
+
+  #endif
+
+#elif (defined(__GNUC__) && defined(__x86_64__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long val;
+      __asm__ __volatile__ ("rdtsc" : "=A" (val));
+      return val;
+  }
+ 
+#elif (defined(__GNUC__) && defined(__ppc__))
+
+  __inline__ sqlite_uint64 sqlite3Hwtime(void){
+      unsigned long long retval;
+      unsigned long junk;
+      __asm__ __volatile__ ("\n\
+          1:      mftbu   %1\n\
+                  mftb    %L0\n\
+                  mftbu   %0\n\
+                  cmpw    %0,%1\n\
+                  bne     1b"
+                  : "=r" (retval), "=r" (junk));
+      return retval;
+  }
+
+#else
+
+  #error Need implementation of sqlite3Hwtime() for your platform.
+
+  /*
+  ** To compile without implementing sqlite3Hwtime() for your platform,
+  ** you can remove the above #error and use the following
+  ** stub function.  You will lose timing support for many
+  ** of the debugging and testing utilities, but it should at
+  ** least compile and run.
+  */
+SQLITE_PRIVATE   sqlite_uint64 sqlite3Hwtime(void){ return ((sqlite_uint64)0); }
+
+#endif
+
+#endif /* !defined(_HWTIME_H_) */
+
+/************** End of hwtime.h **********************************************/
+/************** Continuing where we left off in vdbe.c ***********************/
+
+#endif
+
+#ifndef NDEBUG
+/*
+** This function is only called from within an assert() expression. It
+** checks that the sqlite3.nTransaction variable is correctly set to
+** the number of non-transaction savepoints currently in the 
+** linked list starting at sqlite3.pSavepoint.
+** 
+** Usage:
+**
+**     assert( checkSavepointCount(db) );
+*/
+static int checkSavepointCount(sqlite3 *db){
+  int n = 0;
+  Savepoint *p;
+  for(p=db->pSavepoint; p; p=p->pNext) n++;
+  assert( n==(db->nSavepoint + db->isTransactionSavepoint) );
+  return 1;
+}
+#endif
+
+/*
+** Return the register of pOp->p2 after first preparing it to be
+** overwritten with an integer value.
+*/
+static SQLITE_NOINLINE Mem *out2PrereleaseWithClear(Mem *pOut){
+  sqlite3VdbeMemSetNull(pOut);
+  pOut->flags = MEM_Int;
+  return pOut;
+}
+static Mem *out2Prerelease(Vdbe *p, VdbeOp *pOp){
+  Mem *pOut;
+  assert( pOp->p2>0 );
+  assert( pOp->p2<=(p->nMem-p->nCursor) );
+  pOut = &p->aMem[pOp->p2];
+  memAboutToChange(p, pOut);
+  if( VdbeMemDynamic(pOut) ){
+    return out2PrereleaseWithClear(pOut);
+  }else{
+    pOut->flags = MEM_Int;
+    return pOut;
+  }
+}
+
+
+/*
+** Execute as much of a VDBE program as we can.
+** This is the core of sqlite3_step().  
+*/
+SQLITE_PRIVATE int sqlite3VdbeExec(
+  Vdbe *p                    /* The VDBE */
+){
+  Op *aOp = p->aOp;          /* Copy of p->aOp */
+  Op *pOp = aOp;             /* Current operation */
+#if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
+  Op *pOrigOp;               /* Value of pOp at the top of the loop */
+#endif
+  int rc = SQLITE_OK;        /* Value to return */
+  sqlite3 *db = p->db;       /* The database */
+  u8 resetSchemaOnFault = 0; /* Reset schema after an error if positive */
+  u8 encoding = ENC(db);     /* The database encoding */
+  int iCompare = 0;          /* Result of last OP_Compare operation */
+  unsigned nVmStep = 0;      /* Number of virtual machine steps */
+#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
+  unsigned nProgressLimit = 0;/* Invoke xProgress() when nVmStep reaches this */
+#endif
+  Mem *aMem = p->aMem;       /* Copy of p->aMem */
+  Mem *pIn1 = 0;             /* 1st input operand */
+  Mem *pIn2 = 0;             /* 2nd input operand */
+  Mem *pIn3 = 0;             /* 3rd input operand */
+  Mem *pOut = 0;             /* Output operand */
+  int *aPermute = 0;         /* Permutation of columns for OP_Compare */
+  i64 lastRowid = db->lastRowid;  /* Saved value of the last insert ROWID */
+#ifdef VDBE_PROFILE
+  u64 start;                 /* CPU clock count at start of opcode */
+#endif
+  /*** INSERT STACK UNION HERE ***/
+
+  assert( p->magic==VDBE_MAGIC_RUN );  /* sqlite3_step() verifies this */
+  sqlite3VdbeEnter(p);
+  if( p->rc==SQLITE_NOMEM ){
+    /* This happens if a malloc() inside a call to sqlite3_column_text() or
+    ** sqlite3_column_text16() failed.  */
+    goto no_mem;
+  }
+  assert( p->rc==SQLITE_OK || (p->rc&0xff)==SQLITE_BUSY );
+  assert( p->bIsReader || p->readOnly!=0 );
+  p->rc = SQLITE_OK;
+  p->iCurrentTime = 0;
+  assert( p->explain==0 );
+  p->pResultSet = 0;
+  db->busyHandler.nBusy = 0;
+  if( db->u1.isInterrupted ) goto abort_due_to_interrupt;
+  sqlite3VdbeIOTraceSql(p);
+#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
+  if( db->xProgress ){
+    u32 iPrior = p->aCounter[SQLITE_STMTSTATUS_VM_STEP];
+    assert( 0 < db->nProgressOps );
+    nProgressLimit = db->nProgressOps - (iPrior % db->nProgressOps);
+  }
+#endif
+#ifdef SQLITE_DEBUG
+  sqlite3BeginBenignMalloc();
+  if( p->pc==0
+   && (p->db->flags & (SQLITE_VdbeListing|SQLITE_VdbeEQP|SQLITE_VdbeTrace))!=0
+  ){
+    int i;
+    int once = 1;
+    sqlite3VdbePrintSql(p);
+    if( p->db->flags & SQLITE_VdbeListing ){
+      printf("VDBE Program Listing:\n");
+      for(i=0; i<p->nOp; i++){
+        sqlite3VdbePrintOp(stdout, i, &aOp[i]);
+      }
+    }
+    if( p->db->flags & SQLITE_VdbeEQP ){
+      for(i=0; i<p->nOp; i++){
+        if( aOp[i].opcode==OP_Explain ){
+          if( once ) printf("VDBE Query Plan:\n");
+          printf("%s\n", aOp[i].p4.z);
+          once = 0;
+        }
+      }
+    }
+    if( p->db->flags & SQLITE_VdbeTrace )  printf("VDBE Trace:\n");
+  }
+  sqlite3EndBenignMalloc();
+#endif
+  for(pOp=&aOp[p->pc]; rc==SQLITE_OK; pOp++){
+    assert( pOp>=aOp && pOp<&aOp[p->nOp]);
+    if( db->mallocFailed ) goto no_mem;
+#ifdef VDBE_PROFILE
+    start = sqlite3Hwtime();
+#endif
+    nVmStep++;
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+    if( p->anExec ) p->anExec[(int)(pOp-aOp)]++;
+#endif
+
+    /* Only allow tracing if SQLITE_DEBUG is defined.
+    */
+#ifdef SQLITE_DEBUG
+    if( db->flags & SQLITE_VdbeTrace ){
+      sqlite3VdbePrintOp(stdout, (int)(pOp - aOp), pOp);
+    }
+#endif
+      
+
+    /* Check to see if we need to simulate an interrupt.  This only happens
+    ** if we have a special test build.
+    */
+#ifdef SQLITE_TEST
+    if( sqlite3_interrupt_count>0 ){
+      sqlite3_interrupt_count--;
+      if( sqlite3_interrupt_count==0 ){
+        sqlite3_interrupt(db);
+      }
+    }
+#endif
+
+    /* Sanity checking on other operands */
+#ifdef SQLITE_DEBUG
+    assert( pOp->opflags==sqlite3OpcodeProperty[pOp->opcode] );
+    if( (pOp->opflags & OPFLG_IN1)!=0 ){
+      assert( pOp->p1>0 );
+      assert( pOp->p1<=(p->nMem-p->nCursor) );
+      assert( memIsValid(&aMem[pOp->p1]) );
+      assert( sqlite3VdbeCheckMemInvariants(&aMem[pOp->p1]) );
+      REGISTER_TRACE(pOp->p1, &aMem[pOp->p1]);
+    }
+    if( (pOp->opflags & OPFLG_IN2)!=0 ){
+      assert( pOp->p2>0 );
+      assert( pOp->p2<=(p->nMem-p->nCursor) );
+      assert( memIsValid(&aMem[pOp->p2]) );
+      assert( sqlite3VdbeCheckMemInvariants(&aMem[pOp->p2]) );
+      REGISTER_TRACE(pOp->p2, &aMem[pOp->p2]);
+    }
+    if( (pOp->opflags & OPFLG_IN3)!=0 ){
+      assert( pOp->p3>0 );
+      assert( pOp->p3<=(p->nMem-p->nCursor) );
+      assert( memIsValid(&aMem[pOp->p3]) );
+      assert( sqlite3VdbeCheckMemInvariants(&aMem[pOp->p3]) );
+      REGISTER_TRACE(pOp->p3, &aMem[pOp->p3]);
+    }
+    if( (pOp->opflags & OPFLG_OUT2)!=0 ){
+      assert( pOp->p2>0 );
+      assert( pOp->p2<=(p->nMem-p->nCursor) );
+      memAboutToChange(p, &aMem[pOp->p2]);
+    }
+    if( (pOp->opflags & OPFLG_OUT3)!=0 ){
+      assert( pOp->p3>0 );
+      assert( pOp->p3<=(p->nMem-p->nCursor) );
+      memAboutToChange(p, &aMem[pOp->p3]);
+    }
+#endif
+#if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
+    pOrigOp = pOp;
+#endif
+  
+    switch( pOp->opcode ){
+
+/*****************************************************************************
+** What follows is a massive switch statement where each case implements a
+** separate instruction in the virtual machine.  If we follow the usual
+** indentation conventions, each case should be indented by 6 spaces.  But
+** that is a lot of wasted space on the left margin.  So the code within
+** the switch statement will break with convention and be flush-left. Another
+** big comment (similar to this one) will mark the point in the code where
+** we transition back to normal indentation.
+**
+** The formatting of each case is important.  The makefile for SQLite
+** generates two C files "opcodes.h" and "opcodes.c" by scanning this
+** file looking for lines that begin with "case OP_".  The opcodes.h files
+** will be filled with #defines that give unique integer values to each
+** opcode and the opcodes.c file is filled with an array of strings where
+** each string is the symbolic name for the corresponding opcode.  If the
+** case statement is followed by a comment of the form "/# same as ... #/"
+** that comment is used to determine the particular value of the opcode.
+**
+** Other keywords in the comment that follows each case are used to
+** construct the OPFLG_INITIALIZER value that initializes opcodeProperty[].
+** Keywords include: in1, in2, in3, out2, out3.  See
+** the mkopcodeh.awk script for additional information.
+**
+** Documentation about VDBE opcodes is generated by scanning this file
+** for lines of that contain "Opcode:".  That line and all subsequent
+** comment lines are used in the generation of the opcode.html documentation
+** file.
+**
+** SUMMARY:
+**
+**     Formatting is important to scripts that scan this file.
+**     Do not deviate from the formatting style currently in use.
+**
+*****************************************************************************/
+
+/* Opcode:  Goto * P2 * * *
+**
+** An unconditional jump to address P2.
+** The next instruction executed will be 
+** the one at index P2 from the beginning of
+** the program.
+**
+** The P1 parameter is not actually used by this opcode.  However, it
+** is sometimes set to 1 instead of 0 as a hint to the command-line shell
+** that this Goto is the bottom of a loop and that the lines from P2 down
+** to the current line should be indented for EXPLAIN output.
+*/
+case OP_Goto: {             /* jump */
+jump_to_p2_and_check_for_interrupt:
+  pOp = &aOp[pOp->p2 - 1];
+
+  /* Opcodes that are used as the bottom of a loop (OP_Next, OP_Prev,
+  ** OP_VNext, OP_RowSetNext, or OP_SorterNext) all jump here upon
+  ** completion.  Check to see if sqlite3_interrupt() has been called
+  ** or if the progress callback needs to be invoked. 
+  **
+  ** This code uses unstructured "goto" statements and does not look clean.
+  ** But that is not due to sloppy coding habits. The code is written this
+  ** way for performance, to avoid having to run the interrupt and progress
+  ** checks on every opcode.  This helps sqlite3_step() to run about 1.5%
+  ** faster according to "valgrind --tool=cachegrind" */
+check_for_interrupt:
+  if( db->u1.isInterrupted ) goto abort_due_to_interrupt;
+#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
+  /* Call the progress callback if it is configured and the required number
+  ** of VDBE ops have been executed (either since this invocation of
+  ** sqlite3VdbeExec() or since last time the progress callback was called).
+  ** If the progress callback returns non-zero, exit the virtual machine with
+  ** a return code SQLITE_ABORT.
+  */
+  if( db->xProgress!=0 && nVmStep>=nProgressLimit ){
+    assert( db->nProgressOps!=0 );
+    nProgressLimit = nVmStep + db->nProgressOps - (nVmStep%db->nProgressOps);
+    if( db->xProgress(db->pProgressArg) ){
+      rc = SQLITE_INTERRUPT;
+      goto vdbe_error_halt;
+    }
+  }
+#endif
+  
+  break;
+}
+
+/* Opcode:  Gosub P1 P2 * * *
+**
+** Write the current address onto register P1
+** and then jump to address P2.
+*/
+case OP_Gosub: {            /* jump */
+  assert( pOp->p1>0 && pOp->p1<=(p->nMem-p->nCursor) );
+  pIn1 = &aMem[pOp->p1];
+  assert( VdbeMemDynamic(pIn1)==0 );
+  memAboutToChange(p, pIn1);
+  pIn1->flags = MEM_Int;
+  pIn1->u.i = (int)(pOp-aOp);
+  REGISTER_TRACE(pOp->p1, pIn1);
+
+  /* Most jump operations do a goto to this spot in order to update
+  ** the pOp pointer. */
+jump_to_p2:
+  pOp = &aOp[pOp->p2 - 1];
+  break;
+}
+
+/* Opcode:  Return P1 * * * *
+**
+** Jump to the next instruction after the address in register P1.  After
+** the jump, register P1 becomes undefined.
+*/
+case OP_Return: {           /* in1 */
+  pIn1 = &aMem[pOp->p1];
+  assert( pIn1->flags==MEM_Int );
+  pOp = &aOp[pIn1->u.i];
+  pIn1->flags = MEM_Undefined;
+  break;
+}
+
+/* Opcode: InitCoroutine P1 P2 P3 * *
+**
+** Set up register P1 so that it will Yield to the coroutine
+** located at address P3.
+**
+** If P2!=0 then the coroutine implementation immediately follows
+** this opcode.  So jump over the coroutine implementation to
+** address P2.
+**
+** See also: EndCoroutine
+*/
+case OP_InitCoroutine: {     /* jump */
+  assert( pOp->p1>0 &&  pOp->p1<=(p->nMem-p->nCursor) );
+  assert( pOp->p2>=0 && pOp->p2<p->nOp );
+  assert( pOp->p3>=0 && pOp->p3<p->nOp );
+  pOut = &aMem[pOp->p1];
+  assert( !VdbeMemDynamic(pOut) );
+  pOut->u.i = pOp->p3 - 1;
+  pOut->flags = MEM_Int;
+  if( pOp->p2 ) goto jump_to_p2;
+  break;
+}
+
+/* Opcode:  EndCoroutine P1 * * * *
+**
+** The instruction at the address in register P1 is a Yield.
+** Jump to the P2 parameter of that Yield.
+** After the jump, register P1 becomes undefined.
+**
+** See also: InitCoroutine
+*/
+case OP_EndCoroutine: {           /* in1 */
+  VdbeOp *pCaller;
+  pIn1 = &aMem[pOp->p1];
+  assert( pIn1->flags==MEM_Int );
+  assert( pIn1->u.i>=0 && pIn1->u.i<p->nOp );
+  pCaller = &aOp[pIn1->u.i];
+  assert( pCaller->opcode==OP_Yield );
+  assert( pCaller->p2>=0 && pCaller->p2<p->nOp );
+  pOp = &aOp[pCaller->p2 - 1];
+  pIn1->flags = MEM_Undefined;
+  break;
+}
+
+/* Opcode:  Yield P1 P2 * * *
+**
+** Swap the program counter with the value in register P1.  This
+** has the effect of yielding to a coroutine.
+**
+** If the coroutine that is launched by this instruction ends with
+** Yield or Return then continue to the next instruction.  But if
+** the coroutine launched by this instruction ends with
+** EndCoroutine, then jump to P2 rather than continuing with the
+** next instruction.
+**
+** See also: InitCoroutine
+*/
+case OP_Yield: {            /* in1, jump */
+  int pcDest;
+  pIn1 = &aMem[pOp->p1];
+  assert( VdbeMemDynamic(pIn1)==0 );
+  pIn1->flags = MEM_Int;
+  pcDest = (int)pIn1->u.i;
+  pIn1->u.i = (int)(pOp - aOp);
+  REGISTER_TRACE(pOp->p1, pIn1);
+  pOp = &aOp[pcDest];
+  break;
+}
+
+/* Opcode:  HaltIfNull  P1 P2 P3 P4 P5
+** Synopsis:  if r[P3]=null halt
+**
+** Check the value in register P3.  If it is NULL then Halt using
+** parameter P1, P2, and P4 as if this were a Halt instruction.  If the
+** value in register P3 is not NULL, then this routine is a no-op.
+** The P5 parameter should be 1.
+*/
+case OP_HaltIfNull: {      /* in3 */
+  pIn3 = &aMem[pOp->p3];
+  if( (pIn3->flags & MEM_Null)==0 ) break;
+  /* Fall through into OP_Halt */
+}
+
+/* Opcode:  Halt P1 P2 * P4 P5
+**
+** Exit immediately.  All open cursors, etc are closed
+** automatically.
+**
+** P1 is the result code returned by sqlite3_exec(), sqlite3_reset(),
+** or sqlite3_finalize().  For a normal halt, this should be SQLITE_OK (0).
+** For errors, it can be some other value.  If P1!=0 then P2 will determine
+** whether or not to rollback the current transaction.  Do not rollback
+** if P2==OE_Fail. Do the rollback if P2==OE_Rollback.  If P2==OE_Abort,
+** then back out all changes that have occurred during this execution of the
+** VDBE, but do not rollback the transaction. 
+**
+** If P4 is not null then it is an error message string.
+**
+** P5 is a value between 0 and 4, inclusive, that modifies the P4 string.
+**
+**    0:  (no change)
+**    1:  NOT NULL contraint failed: P4
+**    2:  UNIQUE constraint failed: P4
+**    3:  CHECK constraint failed: P4
+**    4:  FOREIGN KEY constraint failed: P4
+**
+** If P5 is not zero and P4 is NULL, then everything after the ":" is
+** omitted.
+**
+** There is an implied "Halt 0 0 0" instruction inserted at the very end of
+** every program.  So a jump past the last instruction of the program
+** is the same as executing Halt.
+*/
+case OP_Halt: {
+  const char *zType;
+  const char *zLogFmt;
+  VdbeFrame *pFrame;
+  int pcx;
+
+  pcx = (int)(pOp - aOp);
+  if( pOp->p1==SQLITE_OK && p->pFrame ){
+    /* Halt the sub-program. Return control to the parent frame. */
+    pFrame = p->pFrame;
+    p->pFrame = pFrame->pParent;
+    p->nFrame--;
+    sqlite3VdbeSetChanges(db, p->nChange);
+    pcx = sqlite3VdbeFrameRestore(pFrame);
+    lastRowid = db->lastRowid;
+    if( pOp->p2==OE_Ignore ){
+      /* Instruction pcx is the OP_Program that invoked the sub-program 
+      ** currently being halted. If the p2 instruction of this OP_Halt
+      ** instruction is set to OE_Ignore, then the sub-program is throwing
+      ** an IGNORE exception. In this case jump to the address specified
+      ** as the p2 of the calling OP_Program.  */
+      pcx = p->aOp[pcx].p2-1;
+    }
+    aOp = p->aOp;
+    aMem = p->aMem;
+    pOp = &aOp[pcx];
+    break;
+  }
+  p->rc = pOp->p1;
+  p->errorAction = (u8)pOp->p2;
+  p->pc = pcx;
+  if( p->rc ){
+    if( pOp->p5 ){
+      static const char * const azType[] = { "NOT NULL", "UNIQUE", "CHECK",
+                                             "FOREIGN KEY" };
+      assert( pOp->p5>=1 && pOp->p5<=4 );
+      testcase( pOp->p5==1 );
+      testcase( pOp->p5==2 );
+      testcase( pOp->p5==3 );
+      testcase( pOp->p5==4 );
+      zType = azType[pOp->p5-1];
+    }else{
+      zType = 0;
+    }
+    assert( zType!=0 || pOp->p4.z!=0 );
+    zLogFmt = "abort at %d in [%s]: %s";
+    if( zType && pOp->p4.z ){
+      sqlite3VdbeError(p, "%s constraint failed: %s", zType, pOp->p4.z);
+    }else if( pOp->p4.z ){
+      sqlite3VdbeError(p, "%s", pOp->p4.z);
+    }else{
+      sqlite3VdbeError(p, "%s constraint failed", zType);
+    }
+    sqlite3_log(pOp->p1, zLogFmt, pcx, p->zSql, p->zErrMsg);
+  }
+  rc = sqlite3VdbeHalt(p);
+  assert( rc==SQLITE_BUSY || rc==SQLITE_OK || rc==SQLITE_ERROR );
+  if( rc==SQLITE_BUSY ){
+    p->rc = rc = SQLITE_BUSY;
+  }else{
+    assert( rc==SQLITE_OK || (p->rc&0xff)==SQLITE_CONSTRAINT );
+    assert( rc==SQLITE_OK || db->nDeferredCons>0 || db->nDeferredImmCons>0 );
+    rc = p->rc ? SQLITE_ERROR : SQLITE_DONE;
+  }
+  goto vdbe_return;
+}
+
+/* Opcode: Integer P1 P2 * * *
+** Synopsis: r[P2]=P1
+**
+** The 32-bit integer value P1 is written into register P2.
+*/
+case OP_Integer: {         /* out2 */
+  pOut = out2Prerelease(p, pOp);
+  pOut->u.i = pOp->p1;
+  break;
+}
+
+/* Opcode: Int64 * P2 * P4 *
+** Synopsis: r[P2]=P4
+**
+** P4 is a pointer to a 64-bit integer value.
+** Write that value into register P2.
+*/
+case OP_Int64: {           /* out2 */
+  pOut = out2Prerelease(p, pOp);
+  assert( pOp->p4.pI64!=0 );
+  pOut->u.i = *pOp->p4.pI64;
+  break;
+}
+
+#ifndef SQLITE_OMIT_FLOATING_POINT
+/* Opcode: Real * P2 * P4 *
+** Synopsis: r[P2]=P4
+**
+** P4 is a pointer to a 64-bit floating point value.
+** Write that value into register P2.
+*/
+case OP_Real: {            /* same as TK_FLOAT, out2 */
+  pOut = out2Prerelease(p, pOp);
+  pOut->flags = MEM_Real;
+  assert( !sqlite3IsNaN(*pOp->p4.pReal) );
+  pOut->u.r = *pOp->p4.pReal;
+  break;
+}
+#endif
+
+/* Opcode: String8 * P2 * P4 *
+** Synopsis: r[P2]='P4'
+**
+** P4 points to a nul terminated UTF-8 string. This opcode is transformed 
+** into a String opcode before it is executed for the first time.  During
+** this transformation, the length of string P4 is computed and stored
+** as the P1 parameter.
+*/
+case OP_String8: {         /* same as TK_STRING, out2 */
+  assert( pOp->p4.z!=0 );
+  pOut = out2Prerelease(p, pOp);
+  pOp->opcode = OP_String;
+  pOp->p1 = sqlite3Strlen30(pOp->p4.z);
+
+#ifndef SQLITE_OMIT_UTF16
+  if( encoding!=SQLITE_UTF8 ){
+    rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC);
+    if( rc==SQLITE_TOOBIG ) goto too_big;
+    if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem;
+    assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z );
+    assert( VdbeMemDynamic(pOut)==0 );
+    pOut->szMalloc = 0;
+    pOut->flags |= MEM_Static;
+    if( pOp->p4type==P4_DYNAMIC ){
+      sqlite3DbFree(db, pOp->p4.z);
+    }
+    pOp->p4type = P4_DYNAMIC;
+    pOp->p4.z = pOut->z;
+    pOp->p1 = pOut->n;
+  }
+#endif
+  if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
+    goto too_big;
+  }
+  /* Fall through to the next case, OP_String */
+}
+  
+/* Opcode: String P1 P2 P3 P4 P5
+** Synopsis: r[P2]='P4' (len=P1)
+**
+** The string value P4 of length P1 (bytes) is stored in register P2.
+**
+** If P5!=0 and the content of register P3 is greater than zero, then
+** the datatype of the register P2 is converted to BLOB.  The content is
+** the same sequence of bytes, it is merely interpreted as a BLOB instead
+** of a string, as if it had been CAST.
+*/
+case OP_String: {          /* out2 */
+  assert( pOp->p4.z!=0 );
+  pOut = out2Prerelease(p, pOp);
+  pOut->flags = MEM_Str|MEM_Static|MEM_Term;
+  pOut->z = pOp->p4.z;
+  pOut->n = pOp->p1;
+  pOut->enc = encoding;
+  UPDATE_MAX_BLOBSIZE(pOut);
+#ifndef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+  if( pOp->p5 ){
+    assert( pOp->p3>0 );
+    assert( pOp->p3<=(p->nMem-p->nCursor) );
+    pIn3 = &aMem[pOp->p3];
+    assert( pIn3->flags & MEM_Int );
+    if( pIn3->u.i ) pOut->flags = MEM_Blob|MEM_Static|MEM_Term;
+  }
+#endif
+  break;
+}
+
+/* Opcode: Null P1 P2 P3 * *
+** Synopsis:  r[P2..P3]=NULL
+**
+** Write a NULL into registers P2.  If P3 greater than P2, then also write
+** NULL into register P3 and every register in between P2 and P3.  If P3
+** is less than P2 (typically P3 is zero) then only register P2 is
+** set to NULL.
+**
+** If the P1 value is non-zero, then also set the MEM_Cleared flag so that
+** NULL values will not compare equal even if SQLITE_NULLEQ is set on
+** OP_Ne or OP_Eq.
+*/
+case OP_Null: {           /* out2 */
+  int cnt;
+  u16 nullFlag;
+  pOut = out2Prerelease(p, pOp);
+  cnt = pOp->p3-pOp->p2;
+  assert( pOp->p3<=(p->nMem-p->nCursor) );
+  pOut->flags = nullFlag = pOp->p1 ? (MEM_Null|MEM_Cleared) : MEM_Null;
+  while( cnt>0 ){
+    pOut++;
+    memAboutToChange(p, pOut);
+    sqlite3VdbeMemSetNull(pOut);
+    pOut->flags = nullFlag;
+    cnt--;
+  }
+  break;
+}
+
+/* Opcode: SoftNull P1 * * * *
+** Synopsis:  r[P1]=NULL
+**
+** Set register P1 to have the value NULL as seen by the OP_MakeRecord
+** instruction, but do not free any string or blob memory associated with
+** the register, so that if the value was a string or blob that was
+** previously copied using OP_SCopy, the copies will continue to be valid.
+*/
+case OP_SoftNull: {
+  assert( pOp->p1>0 && pOp->p1<=(p->nMem-p->nCursor) );
+  pOut = &aMem[pOp->p1];
+  pOut->flags = (pOut->flags|MEM_Null)&~MEM_Undefined;
+  break;
+}
+
+/* Opcode: Blob P1 P2 * P4 *
+** Synopsis: r[P2]=P4 (len=P1)
+**
+** P4 points to a blob of data P1 bytes long.  Store this
+** blob in register P2.
+*/
+case OP_Blob: {                /* out2 */
+  assert( pOp->p1 <= SQLITE_MAX_LENGTH );
+  pOut = out2Prerelease(p, pOp);
+  sqlite3VdbeMemSetStr(pOut, pOp->p4.z, pOp->p1, 0, 0);
+  pOut->enc = encoding;
+  UPDATE_MAX_BLOBSIZE(pOut);
+  break;
+}
+
+/* Opcode: Variable P1 P2 * P4 *
+** Synopsis: r[P2]=parameter(P1,P4)
+**
+** Transfer the values of bound parameter P1 into register P2
+**
+** If the parameter is named, then its name appears in P4.
+** The P4 value is used by sqlite3_bind_parameter_name().
+*/
+case OP_Variable: {            /* out2 */
+  Mem *pVar;       /* Value being transferred */
+
+  assert( pOp->p1>0 && pOp->p1<=p->nVar );
+  assert( pOp->p4.z==0 || pOp->p4.z==p->azVar[pOp->p1-1] );
+  pVar = &p->aVar[pOp->p1 - 1];
+  if( sqlite3VdbeMemTooBig(pVar) ){
+    goto too_big;
+  }
+  pOut = out2Prerelease(p, pOp);
+  sqlite3VdbeMemShallowCopy(pOut, pVar, MEM_Static);
+  UPDATE_MAX_BLOBSIZE(pOut);
+  break;
+}
+
+/* Opcode: Move P1 P2 P3 * *
+** Synopsis:  r[P2@P3]=r[P1@P3]
+**
+** Move the P3 values in register P1..P1+P3-1 over into
+** registers P2..P2+P3-1.  Registers P1..P1+P3-1 are
+** left holding a NULL.  It is an error for register ranges
+** P1..P1+P3-1 and P2..P2+P3-1 to overlap.  It is an error
+** for P3 to be less than 1.
+*/
+case OP_Move: {
+  int n;           /* Number of registers left to copy */
+  int p1;          /* Register to copy from */
+  int p2;          /* Register to copy to */
+
+  n = pOp->p3;
+  p1 = pOp->p1;
+  p2 = pOp->p2;
+  assert( n>0 && p1>0 && p2>0 );
+  assert( p1+n<=p2 || p2+n<=p1 );
+
+  pIn1 = &aMem[p1];
+  pOut = &aMem[p2];
+  do{
+    assert( pOut<=&aMem[(p->nMem-p->nCursor)] );
+    assert( pIn1<=&aMem[(p->nMem-p->nCursor)] );
+    assert( memIsValid(pIn1) );
+    memAboutToChange(p, pOut);
+    sqlite3VdbeMemMove(pOut, pIn1);
+#ifdef SQLITE_DEBUG
+    if( pOut->pScopyFrom>=&aMem[p1] && pOut->pScopyFrom<pOut ){
+      pOut->pScopyFrom += pOp->p2 - p1;
+    }
+#endif
+    Deephemeralize(pOut);
+    REGISTER_TRACE(p2++, pOut);
+    pIn1++;
+    pOut++;
+  }while( --n );
+  break;
+}
+
+/* Opcode: Copy P1 P2 P3 * *
+** Synopsis: r[P2@P3+1]=r[P1@P3+1]
+**
+** Make a copy of registers P1..P1+P3 into registers P2..P2+P3.
+**
+** This instruction makes a deep copy of the value.  A duplicate
+** is made of any string or blob constant.  See also OP_SCopy.
+*/
+case OP_Copy: {
+  int n;
+
+  n = pOp->p3;
+  pIn1 = &aMem[pOp->p1];
+  pOut = &aMem[pOp->p2];
+  assert( pOut!=pIn1 );
+  while( 1 ){
+    sqlite3VdbeMemShallowCopy(pOut, pIn1, MEM_Ephem);
+    Deephemeralize(pOut);
+#ifdef SQLITE_DEBUG
+    pOut->pScopyFrom = 0;
+#endif
+    REGISTER_TRACE(pOp->p2+pOp->p3-n, pOut);
+    if( (n--)==0 ) break;
+    pOut++;
+    pIn1++;
+  }
+  break;
+}
+
+/* Opcode: SCopy P1 P2 * * *
+** Synopsis: r[P2]=r[P1]
+**
+** Make a shallow copy of register P1 into register P2.
+**
+** This instruction makes a shallow copy of the value.  If the value
+** is a string or blob, then the copy is only a pointer to the
+** original and hence if the original changes so will the copy.
+** Worse, if the original is deallocated, the copy becomes invalid.
+** Thus the program must guarantee that the original will not change
+** during the lifetime of the copy.  Use OP_Copy to make a complete
+** copy.
+*/
+case OP_SCopy: {            /* out2 */
+  pIn1 = &aMem[pOp->p1];
+  pOut = &aMem[pOp->p2];
+  assert( pOut!=pIn1 );
+  sqlite3VdbeMemShallowCopy(pOut, pIn1, MEM_Ephem);
+#ifdef SQLITE_DEBUG
+  if( pOut->pScopyFrom==0 ) pOut->pScopyFrom = pIn1;
+#endif
+  break;
+}
+
+/* Opcode: IntCopy P1 P2 * * *
+** Synopsis: r[P2]=r[P1]
+**
+** Transfer the integer value held in register P1 into register P2.
+**
+** This is an optimized version of SCopy that works only for integer
+** values.
+*/
+case OP_IntCopy: {            /* out2 */
+  pIn1 = &aMem[pOp->p1];
+  assert( (pIn1->flags & MEM_Int)!=0 );
+  pOut = &aMem[pOp->p2];
+  sqlite3VdbeMemSetInt64(pOut, pIn1->u.i);
+  break;
+}
+
+/* Opcode: ResultRow P1 P2 * * *
+** Synopsis:  output=r[P1@P2]
+**
+** The registers P1 through P1+P2-1 contain a single row of
+** results. This opcode causes the sqlite3_step() call to terminate
+** with an SQLITE_ROW return code and it sets up the sqlite3_stmt
+** structure to provide access to the r(P1)..r(P1+P2-1) values as
+** the result row.
+*/
+case OP_ResultRow: {
+  Mem *pMem;
+  int i;
+  assert( p->nResColumn==pOp->p2 );
+  assert( pOp->p1>0 );
+  assert( pOp->p1+pOp->p2<=(p->nMem-p->nCursor)+1 );
+
+#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
+  /* Run the progress counter just before returning.
+  */
+  if( db->xProgress!=0
+   && nVmStep>=nProgressLimit
+   && db->xProgress(db->pProgressArg)!=0
+  ){
+    rc = SQLITE_INTERRUPT;
+    goto vdbe_error_halt;
+  }
+#endif
+
+  /* If this statement has violated immediate foreign key constraints, do
+  ** not return the number of rows modified. And do not RELEASE the statement
+  ** transaction. It needs to be rolled back.  */
+  if( SQLITE_OK!=(rc = sqlite3VdbeCheckFk(p, 0)) ){
+    assert( db->flags&SQLITE_CountRows );
+    assert( p->usesStmtJournal );
+    break;
+  }
+
+  /* If the SQLITE_CountRows flag is set in sqlite3.flags mask, then 
+  ** DML statements invoke this opcode to return the number of rows 
+  ** modified to the user. This is the only way that a VM that
+  ** opens a statement transaction may invoke this opcode.
+  **
+  ** In case this is such a statement, close any statement transaction
+  ** opened by this VM before returning control to the user. This is to
+  ** ensure that statement-transactions are always nested, not overlapping.
+  ** If the open statement-transaction is not closed here, then the user
+  ** may step another VM that opens its own statement transaction. This
+  ** may lead to overlapping statement transactions.
+  **
+  ** The statement transaction is never a top-level transaction.  Hence
+  ** the RELEASE call below can never fail.
+  */
+  assert( p->iStatement==0 || db->flags&SQLITE_CountRows );
+  rc = sqlite3VdbeCloseStatement(p, SAVEPOINT_RELEASE);
+  if( NEVER(rc!=SQLITE_OK) ){
+    break;
+  }
+
+  /* Invalidate all ephemeral cursor row caches */
+  p->cacheCtr = (p->cacheCtr + 2)|1;
+
+  /* Make sure the results of the current row are \000 terminated
+  ** and have an assigned type.  The results are de-ephemeralized as
+  ** a side effect.
+  */
+  pMem = p->pResultSet = &aMem[pOp->p1];
+  for(i=0; i<pOp->p2; i++){
+    assert( memIsValid(&pMem[i]) );
+    Deephemeralize(&pMem[i]);
+    assert( (pMem[i].flags & MEM_Ephem)==0
+            || (pMem[i].flags & (MEM_Str|MEM_Blob))==0 );
+    sqlite3VdbeMemNulTerminate(&pMem[i]);
+    REGISTER_TRACE(pOp->p1+i, &pMem[i]);
+  }
+  if( db->mallocFailed ) goto no_mem;
+
+  /* Return SQLITE_ROW
+  */
+  p->pc = (int)(pOp - aOp) + 1;
+  rc = SQLITE_ROW;
+  goto vdbe_return;
+}
+
+/* Opcode: Concat P1 P2 P3 * *
+** Synopsis: r[P3]=r[P2]+r[P1]
+**
+** Add the text in register P1 onto the end of the text in
+** register P2 and store the result in register P3.
+** If either the P1 or P2 text are NULL then store NULL in P3.
+**
+**   P3 = P2 || P1
+**
+** It is illegal for P1 and P3 to be the same register. Sometimes,
+** if P3 is the same register as P2, the implementation is able
+** to avoid a memcpy().
+*/
+case OP_Concat: {           /* same as TK_CONCAT, in1, in2, out3 */
+  i64 nByte;
+
+  pIn1 = &aMem[pOp->p1];
+  pIn2 = &aMem[pOp->p2];
+  pOut = &aMem[pOp->p3];
+  assert( pIn1!=pOut );
+  if( (pIn1->flags | pIn2->flags) & MEM_Null ){
+    sqlite3VdbeMemSetNull(pOut);
+    break;
+  }
+  if( ExpandBlob(pIn1) || ExpandBlob(pIn2) ) goto no_mem;
+  Stringify(pIn1, encoding);
+  Stringify(pIn2, encoding);
+  nByte = pIn1->n + pIn2->n;
+  if( nByte>db->aLimit[SQLITE_LIMIT_LENGTH] ){
+    goto too_big;
+  }
+  if( sqlite3VdbeMemGrow(pOut, (int)nByte+2, pOut==pIn2) ){
+    goto no_mem;
+  }
+  MemSetTypeFlag(pOut, MEM_Str);
+  if( pOut!=pIn2 ){
+    memcpy(pOut->z, pIn2->z, pIn2->n);
+  }
+  memcpy(&pOut->z[pIn2->n], pIn1->z, pIn1->n);
+  pOut->z[nByte]=0;
+  pOut->z[nByte+1] = 0;
+  pOut->flags |= MEM_Term;
+  pOut->n = (int)nByte;
+  pOut->enc = encoding;
+  UPDATE_MAX_BLOBSIZE(pOut);
+  break;
+}
+
+/* Opcode: Add P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P1]+r[P2]
+**
+** Add the value in register P1 to the value in register P2
+** and store the result in register P3.
+** If either input is NULL, the result is NULL.
+*/
+/* Opcode: Multiply P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P1]*r[P2]
+**
+**
+** Multiply the value in register P1 by the value in register P2
+** and store the result in register P3.
+** If either input is NULL, the result is NULL.
+*/
+/* Opcode: Subtract P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P2]-r[P1]
+**
+** Subtract the value in register P1 from the value in register P2
+** and store the result in register P3.
+** If either input is NULL, the result is NULL.
+*/
+/* Opcode: Divide P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P2]/r[P1]
+**
+** Divide the value in register P1 by the value in register P2
+** and store the result in register P3 (P3=P2/P1). If the value in 
+** register P1 is zero, then the result is NULL. If either input is 
+** NULL, the result is NULL.
+*/
+/* Opcode: Remainder P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P2]%r[P1]
+**
+** Compute the remainder after integer register P2 is divided by 
+** register P1 and store the result in register P3. 
+** If the value in register P1 is zero the result is NULL.
+** If either operand is NULL, the result is NULL.
+*/
+case OP_Add:                   /* same as TK_PLUS, in1, in2, out3 */
+case OP_Subtract:              /* same as TK_MINUS, in1, in2, out3 */
+case OP_Multiply:              /* same as TK_STAR, in1, in2, out3 */
+case OP_Divide:                /* same as TK_SLASH, in1, in2, out3 */
+case OP_Remainder: {           /* same as TK_REM, in1, in2, out3 */
+  char bIntint;   /* Started out as two integer operands */
+  u16 flags;      /* Combined MEM_* flags from both inputs */
+  u16 type1;      /* Numeric type of left operand */
+  u16 type2;      /* Numeric type of right operand */
+  i64 iA;         /* Integer value of left operand */
+  i64 iB;         /* Integer value of right operand */
+  double rA;      /* Real value of left operand */
+  double rB;      /* Real value of right operand */
+
+  pIn1 = &aMem[pOp->p1];
+  type1 = numericType(pIn1);
+  pIn2 = &aMem[pOp->p2];
+  type2 = numericType(pIn2);
+  pOut = &aMem[pOp->p3];
+  flags = pIn1->flags | pIn2->flags;
+  if( (flags & MEM_Null)!=0 ) goto arithmetic_result_is_null;
+  if( (type1 & type2 & MEM_Int)!=0 ){
+    iA = pIn1->u.i;
+    iB = pIn2->u.i;
+    bIntint = 1;
+    switch( pOp->opcode ){
+      case OP_Add:       if( sqlite3AddInt64(&iB,iA) ) goto fp_math;  break;
+      case OP_Subtract:  if( sqlite3SubInt64(&iB,iA) ) goto fp_math;  break;
+      case OP_Multiply:  if( sqlite3MulInt64(&iB,iA) ) goto fp_math;  break;
+      case OP_Divide: {
+        if( iA==0 ) goto arithmetic_result_is_null;
+        if( iA==-1 && iB==SMALLEST_INT64 ) goto fp_math;
+        iB /= iA;
+        break;
+      }
+      default: {
+        if( iA==0 ) goto arithmetic_result_is_null;
+        if( iA==-1 ) iA = 1;
+        iB %= iA;
+        break;
+      }
+    }
+    pOut->u.i = iB;
+    MemSetTypeFlag(pOut, MEM_Int);
+  }else{
+    bIntint = 0;
+fp_math:
+    rA = sqlite3VdbeRealValue(pIn1);
+    rB = sqlite3VdbeRealValue(pIn2);
+    switch( pOp->opcode ){
+      case OP_Add:         rB += rA;       break;
+      case OP_Subtract:    rB -= rA;       break;
+      case OP_Multiply:    rB *= rA;       break;
+      case OP_Divide: {
+        /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
+        if( rA==(double)0 ) goto arithmetic_result_is_null;
+        rB /= rA;
+        break;
+      }
+      default: {
+        iA = (i64)rA;
+        iB = (i64)rB;
+        if( iA==0 ) goto arithmetic_result_is_null;
+        if( iA==-1 ) iA = 1;
+        rB = (double)(iB % iA);
+        break;
+      }
+    }
+#ifdef SQLITE_OMIT_FLOATING_POINT
+    pOut->u.i = rB;
+    MemSetTypeFlag(pOut, MEM_Int);
+#else
+    if( sqlite3IsNaN(rB) ){
+      goto arithmetic_result_is_null;
+    }
+    pOut->u.r = rB;
+    MemSetTypeFlag(pOut, MEM_Real);
+    if( ((type1|type2)&MEM_Real)==0 && !bIntint ){
+      sqlite3VdbeIntegerAffinity(pOut);
+    }
+#endif
+  }
+  break;
+
+arithmetic_result_is_null:
+  sqlite3VdbeMemSetNull(pOut);
+  break;
+}
+
+/* Opcode: CollSeq P1 * * P4
+**
+** P4 is a pointer to a CollSeq struct. If the next call to a user function
+** or aggregate calls sqlite3GetFuncCollSeq(), this collation sequence will
+** be returned. This is used by the built-in min(), max() and nullif()
+** functions.
+**
+** If P1 is not zero, then it is a register that a subsequent min() or
+** max() aggregate will set to 1 if the current row is not the minimum or
+** maximum.  The P1 register is initialized to 0 by this instruction.
+**
+** The interface used by the implementation of the aforementioned functions
+** to retrieve the collation sequence set by this opcode is not available
+** publicly.  Only built-in functions have access to this feature.
+*/
+case OP_CollSeq: {
+  assert( pOp->p4type==P4_COLLSEQ );
+  if( pOp->p1 ){
+    sqlite3VdbeMemSetInt64(&aMem[pOp->p1], 0);
+  }
+  break;
+}
+
+/* Opcode: Function0 P1 P2 P3 P4 P5
+** Synopsis: r[P3]=func(r[P2@P5])
+**
+** Invoke a user function (P4 is a pointer to a FuncDef object that
+** defines the function) with P5 arguments taken from register P2 and
+** successors.  The result of the function is stored in register P3.
+** Register P3 must not be one of the function inputs.
+**
+** P1 is a 32-bit bitmask indicating whether or not each argument to the 
+** function was determined to be constant at compile time. If the first
+** argument was constant then bit 0 of P1 is set. This is used to determine
+** whether meta data associated with a user function argument using the
+** sqlite3_set_auxdata() API may be safely retained until the next
+** invocation of this opcode.
+**
+** See also: Function, AggStep, AggFinal
+*/
+/* Opcode: Function P1 P2 P3 P4 P5
+** Synopsis: r[P3]=func(r[P2@P5])
+**
+** Invoke a user function (P4 is a pointer to an sqlite3_context object that
+** contains a pointer to the function to be run) with P5 arguments taken
+** from register P2 and successors.  The result of the function is stored
+** in register P3.  Register P3 must not be one of the function inputs.
+**
+** P1 is a 32-bit bitmask indicating whether or not each argument to the 
+** function was determined to be constant at compile time. If the first
+** argument was constant then bit 0 of P1 is set. This is used to determine
+** whether meta data associated with a user function argument using the
+** sqlite3_set_auxdata() API may be safely retained until the next
+** invocation of this opcode.
+**
+** SQL functions are initially coded as OP_Function0 with P4 pointing
+** to a FuncDef object.  But on first evaluation, the P4 operand is
+** automatically converted into an sqlite3_context object and the operation
+** changed to this OP_Function opcode.  In this way, the initialization of
+** the sqlite3_context object occurs only once, rather than once for each
+** evaluation of the function.
+**
+** See also: Function0, AggStep, AggFinal
+*/
+case OP_Function0: {
+  int n;
+  sqlite3_context *pCtx;
+
+  assert( pOp->p4type==P4_FUNCDEF );
+  n = pOp->p5;
+  assert( pOp->p3>0 && pOp->p3<=(p->nMem-p->nCursor) );
+  assert( n==0 || (pOp->p2>0 && pOp->p2+n<=(p->nMem-p->nCursor)+1) );
+  assert( pOp->p3<pOp->p2 || pOp->p3>=pOp->p2+n );
+  pCtx = sqlite3DbMallocRaw(db, sizeof(*pCtx) + (n-1)*sizeof(sqlite3_value*));
+  if( pCtx==0 ) goto no_mem;
+  pCtx->pOut = 0;
+  pCtx->pFunc = pOp->p4.pFunc;
+  pCtx->iOp = (int)(pOp - aOp);
+  pCtx->pVdbe = p;
+  pCtx->argc = n;
+  pOp->p4type = P4_FUNCCTX;
+  pOp->p4.pCtx = pCtx;
+  pOp->opcode = OP_Function;
+  /* Fall through into OP_Function */
+}
+case OP_Function: {
+  int i;
+  sqlite3_context *pCtx;
+
+  assert( pOp->p4type==P4_FUNCCTX );
+  pCtx = pOp->p4.pCtx;
+
+  /* If this function is inside of a trigger, the register array in aMem[]
+  ** might change from one evaluation to the next.  The next block of code
+  ** checks to see if the register array has changed, and if so it
+  ** reinitializes the relavant parts of the sqlite3_context object */
+  pOut = &aMem[pOp->p3];
+  if( pCtx->pOut != pOut ){
+    pCtx->pOut = pOut;
+    for(i=pCtx->argc-1; i>=0; i--) pCtx->argv[i] = &aMem[pOp->p2+i];
+  }
+
+  memAboutToChange(p, pCtx->pOut);
+#ifdef SQLITE_DEBUG
+  for(i=0; i<pCtx->argc; i++){
+    assert( memIsValid(pCtx->argv[i]) );
+    REGISTER_TRACE(pOp->p2+i, pCtx->argv[i]);
+  }
+#endif
+  MemSetTypeFlag(pCtx->pOut, MEM_Null);
+  pCtx->fErrorOrAux = 0;
+  db->lastRowid = lastRowid;
+  (*pCtx->pFunc->xFunc)(pCtx, pCtx->argc, pCtx->argv); /* IMP: R-24505-23230 */
+  lastRowid = db->lastRowid;  /* Remember rowid changes made by xFunc */
+
+  /* If the function returned an error, throw an exception */
+  if( pCtx->fErrorOrAux ){
+    if( pCtx->isError ){
+      sqlite3VdbeError(p, "%s", sqlite3_value_text(pCtx->pOut));
+      rc = pCtx->isError;
+    }
+    sqlite3VdbeDeleteAuxData(p, pCtx->iOp, pOp->p1);
+  }
+
+  /* Copy the result of the function into register P3 */
+  if( pOut->flags & (MEM_Str|MEM_Blob) ){
+    sqlite3VdbeChangeEncoding(pCtx->pOut, encoding);
+    if( sqlite3VdbeMemTooBig(pCtx->pOut) ) goto too_big;
+  }
+
+  REGISTER_TRACE(pOp->p3, pCtx->pOut);
+  UPDATE_MAX_BLOBSIZE(pCtx->pOut);
+  break;
+}
+
+/* Opcode: BitAnd P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P1]&r[P2]
+**
+** Take the bit-wise AND of the values in register P1 and P2 and
+** store the result in register P3.
+** If either input is NULL, the result is NULL.
+*/
+/* Opcode: BitOr P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P1]|r[P2]
+**
+** Take the bit-wise OR of the values in register P1 and P2 and
+** store the result in register P3.
+** If either input is NULL, the result is NULL.
+*/
+/* Opcode: ShiftLeft P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P2]<<r[P1]
+**
+** Shift the integer value in register P2 to the left by the
+** number of bits specified by the integer in register P1.
+** Store the result in register P3.
+** If either input is NULL, the result is NULL.
+*/
+/* Opcode: ShiftRight P1 P2 P3 * *
+** Synopsis:  r[P3]=r[P2]>>r[P1]
+**
+** Shift the integer value in register P2 to the right by the
+** number of bits specified by the integer in register P1.
+** Store the result in register P3.
+** If either input is NULL, the result is NULL.
+*/
+case OP_BitAnd:                 /* same as TK_BITAND, in1, in2, out3 */
+case OP_BitOr:                  /* same as TK_BITOR, in1, in2, out3 */
+case OP_ShiftLeft:              /* same as TK_LSHIFT, in1, in2, out3 */
+case OP_ShiftRight: {           /* same as TK_RSHIFT, in1, in2, out3 */
+  i64 iA;
+  u64 uA;
+  i64 iB;
+  u8 op;
+
+  pIn1 = &aMem[pOp->p1];
+  pIn2 = &aMem[pOp->p2];
+  pOut = &aMem[pOp->p3];
+  if( (pIn1->flags | pIn2->flags) & MEM_Null ){
+    sqlite3VdbeMemSetNull(pOut);
+    break;
+  }
+  iA = sqlite3VdbeIntValue(pIn2);
+  iB = sqlite3VdbeIntValue(pIn1);
+  op = pOp->opcode;
+  if( op==OP_BitAnd ){
+    iA &= iB;
+  }else if( op==OP_BitOr ){
+    iA |= iB;
+  }else if( iB!=0 ){
+    assert( op==OP_ShiftRight || op==OP_ShiftLeft );
+
+    /* If shifting by a negative amount, shift in the other direction */
+    if( iB<0 ){
+      assert( OP_ShiftRight==OP_ShiftLeft+1 );
+      op = 2*OP_ShiftLeft + 1 - op;
+      iB = iB>(-64) ? -iB : 64;
+    }
+
+    if( iB>=64 ){
+      iA = (iA>=0 || op==OP_ShiftLeft) ? 0 : -1;
+    }else{
+      memcpy(&uA, &iA, sizeof(uA));
+      if( op==OP_ShiftLeft ){
+        uA <<= iB;
+      }else{
+        uA >>= iB;
+        /* Sign-extend on a right shift of a negative number */
+        if( iA<0 ) uA |= ((((u64)0xffffffff)<<32)|0xffffffff) << (64-iB);
+      }
+      memcpy(&iA, &uA, sizeof(iA));
+    }
+  }
+  pOut->u.i = iA;
+  MemSetTypeFlag(pOut, MEM_Int);
+  break;
+}
+
+/* Opcode: AddImm  P1 P2 * * *
+** Synopsis:  r[P1]=r[P1]+P2
+** 
+** Add the constant P2 to the value in register P1.
+** The result is always an integer.
+**
+** To force any register to be an integer, just add 0.
+*/
+case OP_AddImm: {            /* in1 */
+  pIn1 = &aMem[pOp->p1];
+  memAboutToChange(p, pIn1);
+  sqlite3VdbeMemIntegerify(pIn1);
+  pIn1->u.i += pOp->p2;
+  break;
+}
+
+/* Opcode: MustBeInt P1 P2 * * *
+** 
+** Force the value in register P1 to be an integer.  If the value
+** in P1 is not an integer and cannot be converted into an integer
+** without data loss, then jump immediately to P2, or if P2==0
+** raise an SQLITE_MISMATCH exception.
+*/
+case OP_MustBeInt: {            /* jump, in1 */
+  pIn1 = &aMem[pOp->p1];
+  if( (pIn1->flags & MEM_Int)==0 ){
+    applyAffinity(pIn1, SQLITE_AFF_NUMERIC, encoding);
+    VdbeBranchTaken((pIn1->flags&MEM_Int)==0, 2);
+    if( (pIn1->flags & MEM_Int)==0 ){
+      if( pOp->p2==0 ){
+        rc = SQLITE_MISMATCH;
+        goto abort_due_to_error;
+      }else{
+        goto jump_to_p2;
+      }
+    }
+  }
+  MemSetTypeFlag(pIn1, MEM_Int);
+  break;
+}
+
+#ifndef SQLITE_OMIT_FLOATING_POINT
+/* Opcode: RealAffinity P1 * * * *
+**
+** If register P1 holds an integer convert it to a real value.
+**
+** This opcode is used when extracting information from a column that
+** has REAL affinity.  Such column values may still be stored as
+** integers, for space efficiency, but after extraction we want them
+** to have only a real value.
+*/
+case OP_RealAffinity: {                  /* in1 */
+  pIn1 = &aMem[pOp->p1];
+  if( pIn1->flags & MEM_Int ){
+    sqlite3VdbeMemRealify(pIn1);
+  }
+  break;
+}
+#endif
+
+#ifndef SQLITE_OMIT_CAST
+/* Opcode: Cast P1 P2 * * *
+** Synopsis: affinity(r[P1])
+**
+** Force the value in register P1 to be the type defined by P2.
+** 
+** <ul>
+** <li value="97"> TEXT
+** <li value="98"> BLOB
+** <li value="99"> NUMERIC
+** <li value="100"> INTEGER
+** <li value="101"> REAL
+** </ul>
+**
+** A NULL value is not changed by this routine.  It remains NULL.
+*/
+case OP_Cast: {                  /* in1 */
+  assert( pOp->p2>=SQLITE_AFF_BLOB && pOp->p2<=SQLITE_AFF_REAL );
+  testcase( pOp->p2==SQLITE_AFF_TEXT );
+  testcase( pOp->p2==SQLITE_AFF_BLOB );
+  testcase( pOp->p2==SQLITE_AFF_NUMERIC );
+  testcase( pOp->p2==SQLITE_AFF_INTEGER );
+  testcase( pOp->p2==SQLITE_AFF_REAL );
+  pIn1 = &aMem[pOp->p1];
+  memAboutToChange(p, pIn1);
+  rc = ExpandBlob(pIn1);
+  sqlite3VdbeMemCast(pIn1, pOp->p2, encoding);
+  UPDATE_MAX_BLOBSIZE(pIn1);
+  break;
+}
+#endif /* SQLITE_OMIT_CAST */
+
+/* Opcode: Lt P1 P2 P3 P4 P5
+** Synopsis: if r[P1]<r[P3] goto P2
+**
+** Compare the values in register P1 and P3.  If reg(P3)<reg(P1) then
+** jump to address P2.  
+**
+** If the SQLITE_JUMPIFNULL bit of P5 is set and either reg(P1) or
+** reg(P3) is NULL then take the jump.  If the SQLITE_JUMPIFNULL 
+** bit is clear then fall through if either operand is NULL.
+**
+** The SQLITE_AFF_MASK portion of P5 must be an affinity character -
+** SQLITE_AFF_TEXT, SQLITE_AFF_INTEGER, and so forth. An attempt is made 
+** to coerce both inputs according to this affinity before the
+** comparison is made. If the SQLITE_AFF_MASK is 0x00, then numeric
+** affinity is used. Note that the affinity conversions are stored
+** back into the input registers P1 and P3.  So this opcode can cause
+** persistent changes to registers P1 and P3.
+**
+** Once any conversions have taken place, and neither value is NULL, 
+** the values are compared. If both values are blobs then memcmp() is
+** used to determine the results of the comparison.  If both values
+** are text, then the appropriate collating function specified in
+** P4 is  used to do the comparison.  If P4 is not specified then
+** memcmp() is used to compare text string.  If both values are
+** numeric, then a numeric comparison is used. If the two values
+** are of different types, then numbers are considered less than
+** strings and strings are considered less than blobs.
+**
+** If the SQLITE_STOREP2 bit of P5 is set, then do not jump.  Instead,
+** store a boolean result (either 0, or 1, or NULL) in register P2.
+**
+** If the SQLITE_NULLEQ bit is set in P5, then NULL values are considered
+** equal to one another, provided that they do not have their MEM_Cleared
+** bit set.
+*/
+/* Opcode: Ne P1 P2 P3 P4 P5
+** Synopsis: if r[P1]!=r[P3] goto P2
+**
+** This works just like the Lt opcode except that the jump is taken if
+** the operands in registers P1 and P3 are not equal.  See the Lt opcode for
+** additional information.
+**
+** If SQLITE_NULLEQ is set in P5 then the result of comparison is always either
+** true or false and is never NULL.  If both operands are NULL then the result
+** of comparison is false.  If either operand is NULL then the result is true.
+** If neither operand is NULL the result is the same as it would be if
+** the SQLITE_NULLEQ flag were omitted from P5.
+*/
+/* Opcode: Eq P1 P2 P3 P4 P5
+** Synopsis: if r[P1]==r[P3] goto P2
+**
+** This works just like the Lt opcode except that the jump is taken if
+** the operands in registers P1 and P3 are equal.
+** See the Lt opcode for additional information.
+**
+** If SQLITE_NULLEQ is set in P5 then the result of comparison is always either
+** true or false and is never NULL.  If both operands are NULL then the result
+** of comparison is true.  If either operand is NULL then the result is false.
+** If neither operand is NULL the result is the same as it would be if
+** the SQLITE_NULLEQ flag were omitted from P5.
+*/
+/* Opcode: Le P1 P2 P3 P4 P5
+** Synopsis: if r[P1]<=r[P3] goto P2
+**
+** This works just like the Lt opcode except that the jump is taken if
+** the content of register P3 is less than or equal to the content of
+** register P1.  See the Lt opcode for additional information.
+*/
+/* Opcode: Gt P1 P2 P3 P4 P5
+** Synopsis: if r[P1]>r[P3] goto P2
+**
+** This works just like the Lt opcode except that the jump is taken if
+** the content of register P3 is greater than the content of
+** register P1.  See the Lt opcode for additional information.
+*/
+/* Opcode: Ge P1 P2 P3 P4 P5
+** Synopsis: if r[P1]>=r[P3] goto P2
+**
+** This works just like the Lt opcode except that the jump is taken if
+** the content of register P3 is greater than or equal to the content of
+** register P1.  See the Lt opcode for additional information.
+*/
+case OP_Eq:               /* same as TK_EQ, jump, in1, in3 */
+case OP_Ne:               /* same as TK_NE, jump, in1, in3 */
+case OP_Lt:               /* same as TK_LT, jump, in1, in3 */
+case OP_Le:               /* same as TK_LE, jump, in1, in3 */
+case OP_Gt:               /* same as TK_GT, jump, in1, in3 */
+case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
+  int res;            /* Result of the comparison of pIn1 against pIn3 */
+  char affinity;      /* Affinity to use for comparison */
+  u16 flags1;         /* Copy of initial value of pIn1->flags */
+  u16 flags3;         /* Copy of initial value of pIn3->flags */
+
+  pIn1 = &aMem[pOp->p1];
+  pIn3 = &aMem[pOp->p3];
+  flags1 = pIn1->flags;
+  flags3 = pIn3->flags;
+  if( (flags1 | flags3)&MEM_Null ){
+    /* One or both operands are NULL */
+    if( pOp->p5 & SQLITE_NULLEQ ){
+      /* If SQLITE_NULLEQ is set (which will only happen if the operator is
+      ** OP_Eq or OP_Ne) then take the jump or not depending on whether
+      ** or not both operands are null.
+      */
+      assert( pOp->opcode==OP_Eq || pOp->opcode==OP_Ne );
+      assert( (flags1 & MEM_Cleared)==0 );
+      assert( (pOp->p5 & SQLITE_JUMPIFNULL)==0 );
+      if( (flags1&MEM_Null)!=0
+       && (flags3&MEM_Null)!=0
+       && (flags3&MEM_Cleared)==0
+      ){
+        res = 0;  /* Results are equal */
+      }else{
+        res = 1;  /* Results are not equal */
+      }
+    }else{
+      /* SQLITE_NULLEQ is clear and at least one operand is NULL,
+      ** then the result is always NULL.
+      ** The jump is taken if the SQLITE_JUMPIFNULL bit is set.
+      */
+      if( pOp->p5 & SQLITE_STOREP2 ){
+        pOut = &aMem[pOp->p2];
+        memAboutToChange(p, pOut);
+        MemSetTypeFlag(pOut, MEM_Null);
+        REGISTER_TRACE(pOp->p2, pOut);
+      }else{
+        VdbeBranchTaken(2,3);
+        if( pOp->p5 & SQLITE_JUMPIFNULL ){
+          goto jump_to_p2;
+        }
+      }
+      break;
+    }
+  }else{
+    /* Neither operand is NULL.  Do a comparison. */
+    affinity = pOp->p5 & SQLITE_AFF_MASK;
+    if( affinity>=SQLITE_AFF_NUMERIC ){
+      if( (flags1 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
+        applyNumericAffinity(pIn1,0);
+      }
+      if( (flags3 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
+        applyNumericAffinity(pIn3,0);
+      }
+    }else if( affinity==SQLITE_AFF_TEXT ){
+      if( (flags1 & MEM_Str)==0 && (flags1 & (MEM_Int|MEM_Real))!=0 ){
+        testcase( pIn1->flags & MEM_Int );
+        testcase( pIn1->flags & MEM_Real );
+        sqlite3VdbeMemStringify(pIn1, encoding, 1);
+        testcase( (flags1&MEM_Dyn) != (pIn1->flags&MEM_Dyn) );
+        flags1 = (pIn1->flags & ~MEM_TypeMask) | (flags1 & MEM_TypeMask);
+      }
+      if( (flags3 & MEM_Str)==0 && (flags3 & (MEM_Int|MEM_Real))!=0 ){
+        testcase( pIn3->flags & MEM_Int );
+        testcase( pIn3->flags & MEM_Real );
+        sqlite3VdbeMemStringify(pIn3, encoding, 1);
+        testcase( (flags3&MEM_Dyn) != (pIn3->flags&MEM_Dyn) );
+        flags3 = (pIn3->flags & ~MEM_TypeMask) | (flags3 & MEM_TypeMask);
+      }
+    }
+    assert( pOp->p4type==P4_COLLSEQ || pOp->p4.pColl==0 );
+    if( flags1 & MEM_Zero ){
+      sqlite3VdbeMemExpandBlob(pIn1);
+      flags1 &= ~MEM_Zero;
+    }
+    if( flags3 & MEM_Zero ){
+      sqlite3VdbeMemExpandBlob(pIn3);
+      flags3 &= ~MEM_Zero;
+    }
+    res = sqlite3MemCompare(pIn3, pIn1, pOp->p4.pColl);
+  }
+  switch( pOp->opcode ){
+    case OP_Eq:    res = res==0;     break;
+    case OP_Ne:    res = res!=0;     break;
+    case OP_Lt:    res = res<0;      break;
+    case OP_Le:    res = res<=0;     break;
+    case OP_Gt:    res = res>0;      break;
+    default:       res = res>=0;     break;
+  }
+
+  /* Undo any changes made by applyAffinity() to the input registers. */
+  assert( (pIn1->flags & MEM_Dyn) == (flags1 & MEM_Dyn) );
+  pIn1->flags = flags1;
+  assert( (pIn3->flags & MEM_Dyn) == (flags3 & MEM_Dyn) );
+  pIn3->flags = flags3;
+
+  if( pOp->p5 & SQLITE_STOREP2 ){
+    pOut = &aMem[pOp->p2];
+    memAboutToChange(p, pOut);
+    MemSetTypeFlag(pOut, MEM_Int);
+    pOut->u.i = res;
+    REGISTER_TRACE(pOp->p2, pOut);
+  }else{
+    VdbeBranchTaken(res!=0, (pOp->p5 & SQLITE_NULLEQ)?2:3);
+    if( res ){
+      goto jump_to_p2;
+    }
+  }
+  break;
+}
+
+/* Opcode: Permutation * * * P4 *
+**
+** Set the permutation used by the OP_Compare operator to be the array
+** of integers in P4.
+**
+** The permutation is only valid until the next OP_Compare that has
+** the OPFLAG_PERMUTE bit set in P5. Typically the OP_Permutation should 
+** occur immediately prior to the OP_Compare.
+*/
+case OP_Permutation: {
+  assert( pOp->p4type==P4_INTARRAY );
+  assert( pOp->p4.ai );
+  aPermute = pOp->p4.ai;
+  break;
+}
+
+/* Opcode: Compare P1 P2 P3 P4 P5
+** Synopsis: r[P1@P3] <-> r[P2@P3]
+**
+** Compare two vectors of registers in reg(P1)..reg(P1+P3-1) (call this
+** vector "A") and in reg(P2)..reg(P2+P3-1) ("B").  Save the result of
+** the comparison for use by the next OP_Jump instruct.
+**
+** If P5 has the OPFLAG_PERMUTE bit set, then the order of comparison is
+** determined by the most recent OP_Permutation operator.  If the
+** OPFLAG_PERMUTE bit is clear, then register are compared in sequential
+** order.
+**
+** P4 is a KeyInfo structure that defines collating sequences and sort
+** orders for the comparison.  The permutation applies to registers
+** only.  The KeyInfo elements are used sequentially.
+**
+** The comparison is a sort comparison, so NULLs compare equal,
+** NULLs are less than numbers, numbers are less than strings,
+** and strings are less than blobs.
+*/
+case OP_Compare: {
+  int n;
+  int i;
+  int p1;
+  int p2;
+  const KeyInfo *pKeyInfo;
+  int idx;
+  CollSeq *pColl;    /* Collating sequence to use on this term */
+  int bRev;          /* True for DESCENDING sort order */
+
+  if( (pOp->p5 & OPFLAG_PERMUTE)==0 ) aPermute = 0;
+  n = pOp->p3;
+  pKeyInfo = pOp->p4.pKeyInfo;
+  assert( n>0 );
+  assert( pKeyInfo!=0 );
+  p1 = pOp->p1;
+  p2 = pOp->p2;
+#if SQLITE_DEBUG
+  if( aPermute ){
+    int k, mx = 0;
+    for(k=0; k<n; k++) if( aPermute[k]>mx ) mx = aPermute[k];
+    assert( p1>0 && p1+mx<=(p->nMem-p->nCursor)+1 );
+    assert( p2>0 && p2+mx<=(p->nMem-p->nCursor)+1 );
+  }else{
+    assert( p1>0 && p1+n<=(p->nMem-p->nCursor)+1 );
+    assert( p2>0 && p2+n<=(p->nMem-p->nCursor)+1 );
+  }
+#endif /* SQLITE_DEBUG */
+  for(i=0; i<n; i++){
+    idx = aPermute ? aPermute[i] : i;
+    assert( memIsValid(&aMem[p1+idx]) );
+    assert( memIsValid(&aMem[p2+idx]) );
+    REGISTER_TRACE(p1+idx, &aMem[p1+idx]);
+    REGISTER_TRACE(p2+idx, &aMem[p2+idx]);
+    assert( i<pKeyInfo->nField );
+    pColl = pKeyInfo->aColl[i];
+    bRev = pKeyInfo->aSortOrder[i];
+    iCompare = sqlite3MemCompare(&aMem[p1+idx], &aMem[p2+idx], pColl);
+    if( iCompare ){
+      if( bRev ) iCompare = -iCompare;
+      break;
+    }
+  }
+  aPermute = 0;
+  break;
+}
+
+/* Opcode: Jump P1 P2 P3 * *
+**
+** Jump to the instruction at address P1, P2, or P3 depending on whether
+** in the most recent OP_Compare instruction the P1 vector was less than
+** equal to, or greater than the P2 vector, respectively.
+*/
+case OP_Jump: {             /* jump */
+  if( iCompare<0 ){
+    VdbeBranchTaken(0,3); pOp = &aOp[pOp->p1 - 1];
+  }else if( iCompare==0 ){
+    VdbeBranchTaken(1,3); pOp = &aOp[pOp->p2 - 1];
+  }else{
+    VdbeBranchTaken(2,3); pOp = &aOp[pOp->p3 - 1];
+  }
+  break;
+}
+
+/* Opcode: And P1 P2 P3 * *
+** Synopsis: r[P3]=(r[P1] && r[P2])
+**
+** Take the logical AND of the values in registers P1 and P2 and
+** write the result into register P3.
+**
+** If either P1 or P2 is 0 (false) then the result is 0 even if
+** the other input is NULL.  A NULL and true or two NULLs give
+** a NULL output.
+*/
+/* Opcode: Or P1 P2 P3 * *
+** Synopsis: r[P3]=(r[P1] || r[P2])
+**
+** Take the logical OR of the values in register P1 and P2 and
+** store the answer in register P3.
+**
+** If either P1 or P2 is nonzero (true) then the result is 1 (true)
+** even if the other input is NULL.  A NULL and false or two NULLs
+** give a NULL output.
+*/
+case OP_And:              /* same as TK_AND, in1, in2, out3 */
+case OP_Or: {             /* same as TK_OR, in1, in2, out3 */
+  int v1;    /* Left operand:  0==FALSE, 1==TRUE, 2==UNKNOWN or NULL */
+  int v2;    /* Right operand: 0==FALSE, 1==TRUE, 2==UNKNOWN or NULL */
+
+  pIn1 = &aMem[pOp->p1];
+  if( pIn1->flags & MEM_Null ){
+    v1 = 2;
+  }else{
+    v1 = sqlite3VdbeIntValue(pIn1)!=0;
+  }
+  pIn2 = &aMem[pOp->p2];
+  if( pIn2->flags & MEM_Null ){
+    v2 = 2;
+  }else{
+    v2 = sqlite3VdbeIntValue(pIn2)!=0;
+  }
+  if( pOp->opcode==OP_And ){
+    static const unsigned char and_logic[] = { 0, 0, 0, 0, 1, 2, 0, 2, 2 };
+    v1 = and_logic[v1*3+v2];
+  }else{
+    static const unsigned char or_logic[] = { 0, 1, 2, 1, 1, 1, 2, 1, 2 };
+    v1 = or_logic[v1*3+v2];
+  }
+  pOut = &aMem[pOp->p3];
+  if( v1==2 ){
+    MemSetTypeFlag(pOut, MEM_Null);
+  }else{
+    pOut->u.i = v1;
+    MemSetTypeFlag(pOut, MEM_Int);
+  }
+  break;
+}
+
+/* Opcode: Not P1 P2 * * *
+** Synopsis: r[P2]= !r[P1]
+**
+** Interpret the value in register P1 as a boolean value.  Store the
+** boolean complement in register P2.  If the value in register P1 is 
+** NULL, then a NULL is stored in P2.
+*/
+case OP_Not: {                /* same as TK_NOT, in1, out2 */
+  pIn1 = &aMem[pOp->p1];
+  pOut = &aMem[pOp->p2];
+  sqlite3VdbeMemSetNull(pOut);
+  if( (pIn1->flags & MEM_Null)==0 ){
+    pOut->flags = MEM_Int;
+    pOut->u.i = !sqlite3VdbeIntValue(pIn1);
+  }
+  break;
+}
+
+/* Opcode: BitNot P1 P2 * * *
+** Synopsis: r[P1]= ~r[P1]
+**
+** Interpret the content of register P1 as an integer.  Store the
+** ones-complement of the P1 value into register P2.  If P1 holds
+** a NULL then store a NULL in P2.
+*/
+case OP_BitNot: {             /* same as TK_BITNOT, in1, out2 */
+  pIn1 = &aMem[pOp->p1];
+  pOut = &aMem[pOp->p2];
+  sqlite3VdbeMemSetNull(pOut);
+  if( (pIn1->flags & MEM_Null)==0 ){
+    pOut->flags = MEM_Int;
+    pOut->u.i = ~sqlite3VdbeIntValue(pIn1);
+  }
+  break;
+}
+
+/* Opcode: Once P1 P2 * * *
+**
+** Check the "once" flag number P1. If it is set, jump to instruction P2. 
+** Otherwise, set the flag and fall through to the next instruction.
+** In other words, this opcode causes all following opcodes up through P2
+** (but not including P2) to run just once and to be skipped on subsequent
+** times through the loop.
+**
+** All "once" flags are initially cleared whenever a prepared statement
+** first begins to run.
+*/
+case OP_Once: {             /* jump */
+  assert( pOp->p1<p->nOnceFlag );
+  VdbeBranchTaken(p->aOnceFlag[pOp->p1]!=0, 2);
+  if( p->aOnceFlag[pOp->p1] ){
+    goto jump_to_p2;
+  }else{
+    p->aOnceFlag[pOp->p1] = 1;
+  }
+  break;
+}
+
+/* Opcode: If P1 P2 P3 * *
+**
+** Jump to P2 if the value in register P1 is true.  The value
+** is considered true if it is numeric and non-zero.  If the value
+** in P1 is NULL then take the jump if and only if P3 is non-zero.
+*/
+/* Opcode: IfNot P1 P2 P3 * *
+**
+** Jump to P2 if the value in register P1 is False.  The value
+** is considered false if it has a numeric value of zero.  If the value
+** in P1 is NULL then take the jump if and only if P3 is non-zero.
+*/
+case OP_If:                 /* jump, in1 */
+case OP_IfNot: {            /* jump, in1 */
+  int c;
+  pIn1 = &aMem[pOp->p1];
+  if( pIn1->flags & MEM_Null ){
+    c = pOp->p3;
+  }else{
+#ifdef SQLITE_OMIT_FLOATING_POINT
+    c = sqlite3VdbeIntValue(pIn1)!=0;
+#else
+    c = sqlite3VdbeRealValue(pIn1)!=0.0;
+#endif
+    if( pOp->opcode==OP_IfNot ) c = !c;
+  }
+  VdbeBranchTaken(c!=0, 2);
+  if( c ){
+    goto jump_to_p2;
+  }
+  break;
+}
+
+/* Opcode: IsNull P1 P2 * * *
+** Synopsis:  if r[P1]==NULL goto P2
+**
+** Jump to P2 if the value in register P1 is NULL.
+*/
+case OP_IsNull: {            /* same as TK_ISNULL, jump, in1 */
+  pIn1 = &aMem[pOp->p1];
+  VdbeBranchTaken( (pIn1->flags & MEM_Null)!=0, 2);
+  if( (pIn1->flags & MEM_Null)!=0 ){
+    goto jump_to_p2;
+  }
+  break;
+}
+
+/* Opcode: NotNull P1 P2 * * *
+** Synopsis: if r[P1]!=NULL goto P2
+**
+** Jump to P2 if the value in register P1 is not NULL.  
+*/
+case OP_NotNull: {            /* same as TK_NOTNULL, jump, in1 */
+  pIn1 = &aMem[pOp->p1];
+  VdbeBranchTaken( (pIn1->flags & MEM_Null)==0, 2);
+  if( (pIn1->flags & MEM_Null)==0 ){
+    goto jump_to_p2;
+  }
+  break;
+}
+
+/* Opcode: Column P1 P2 P3 P4 P5
+** Synopsis:  r[P3]=PX
+**
+** Interpret the data that cursor P1 points to as a structure built using
+** the MakeRecord instruction.  (See the MakeRecord opcode for additional
+** information about the format of the data.)  Extract the P2-th column
+** from this record.  If there are less that (P2+1) 
+** values in the record, extract a NULL.
+**
+** The value extracted is stored in register P3.
+**
+** If the column contains fewer than P2 fields, then extract a NULL.  Or,
+** if the P4 argument is a P4_MEM use the value of the P4 argument as
+** the result.
+**
+** If the OPFLAG_CLEARCACHE bit is set on P5 and P1 is a pseudo-table cursor,
+** then the cache of the cursor is reset prior to extracting the column.
+** The first OP_Column against a pseudo-table after the value of the content
+** register has changed should have this bit set.
+**
+** If the OPFLAG_LENGTHARG and OPFLAG_TYPEOFARG bits are set on P5 when
+** the result is guaranteed to only be used as the argument of a length()
+** or typeof() function, respectively.  The loading of large blobs can be
+** skipped for length() and all content loading can be skipped for typeof().
+*/
+case OP_Column: {
+  i64 payloadSize64; /* Number of bytes in the record */
+  int p2;            /* column number to retrieve */
+  VdbeCursor *pC;    /* The VDBE cursor */
+  BtCursor *pCrsr;   /* The BTree cursor */
+  u32 *aOffset;      /* aOffset[i] is offset to start of data for i-th column */
+  int len;           /* The length of the serialized data for the column */
+  int i;             /* Loop counter */
+  Mem *pDest;        /* Where to write the extracted value */
+  Mem sMem;          /* For storing the record being decoded */
+  const u8 *zData;   /* Part of the record being decoded */
+  const u8 *zHdr;    /* Next unparsed byte of the header */
+  const u8 *zEndHdr; /* Pointer to first byte after the header */
+  u32 offset;        /* Offset into the data */
+  u64 offset64;      /* 64-bit offset */
+  u32 avail;         /* Number of bytes of available data */
+  u32 t;             /* A type code from the record header */
+  u16 fx;            /* pDest->flags value */
+  Mem *pReg;         /* PseudoTable input register */
+
+  p2 = pOp->p2;
+  assert( pOp->p3>0 && pOp->p3<=(p->nMem-p->nCursor) );
+  pDest = &aMem[pOp->p3];
+  memAboutToChange(p, pDest);
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( p2<pC->nField );
+  aOffset = pC->aOffset;
+  assert( pC->eCurType!=CURTYPE_VTAB );
+  assert( pC->eCurType!=CURTYPE_PSEUDO || pC->nullRow );
+  assert( pC->eCurType!=CURTYPE_SORTER );
+  pCrsr = pC->uc.pCursor;
+
+  /* If the cursor cache is stale, bring it up-to-date */
+  rc = sqlite3VdbeCursorMoveto(pC);
+  if( rc ) goto abort_due_to_error;
+  if( pC->cacheStatus!=p->cacheCtr ){
+    if( pC->nullRow ){
+      if( pC->eCurType==CURTYPE_PSEUDO ){
+        assert( pC->uc.pseudoTableReg>0 );
+        pReg = &aMem[pC->uc.pseudoTableReg];
+        assert( pReg->flags & MEM_Blob );
+        assert( memIsValid(pReg) );
+        pC->payloadSize = pC->szRow = avail = pReg->n;
+        pC->aRow = (u8*)pReg->z;
+      }else{
+        sqlite3VdbeMemSetNull(pDest);
+        goto op_column_out;
+      }
+    }else{
+      assert( pC->eCurType==CURTYPE_BTREE );
+      assert( pCrsr );
+      if( pC->isTable==0 ){
+        assert( sqlite3BtreeCursorIsValid(pCrsr) );
+        VVA_ONLY(rc =) sqlite3BtreeKeySize(pCrsr, &payloadSize64);
+        assert( rc==SQLITE_OK ); /* True because of CursorMoveto() call above */
+        /* sqlite3BtreeParseCellPtr() uses getVarint32() to extract the
+        ** payload size, so it is impossible for payloadSize64 to be
+        ** larger than 32 bits. */
+        assert( (payloadSize64 & SQLITE_MAX_U32)==(u64)payloadSize64 );
+        pC->aRow = sqlite3BtreeKeyFetch(pCrsr, &avail);
+        pC->payloadSize = (u32)payloadSize64;
+      }else{
+        assert( sqlite3BtreeCursorIsValid(pCrsr) );
+        VVA_ONLY(rc =) sqlite3BtreeDataSize(pCrsr, &pC->payloadSize);
+        assert( rc==SQLITE_OK );   /* DataSize() cannot fail */
+        pC->aRow = sqlite3BtreeDataFetch(pCrsr, &avail);
+      }
+      assert( avail<=65536 );  /* Maximum page size is 64KiB */
+      if( pC->payloadSize <= (u32)avail ){
+        pC->szRow = pC->payloadSize;
+      }else if( pC->payloadSize > (u32)db->aLimit[SQLITE_LIMIT_LENGTH] ){
+        goto too_big;
+      }else{
+        pC->szRow = avail;
+      }
+    }
+    pC->cacheStatus = p->cacheCtr;
+    pC->iHdrOffset = getVarint32(pC->aRow, offset);
+    pC->nHdrParsed = 0;
+    aOffset[0] = offset;
+
+
+    if( avail<offset ){
+      /* pC->aRow does not have to hold the entire row, but it does at least
+      ** need to cover the header of the record.  If pC->aRow does not contain
+      ** the complete header, then set it to zero, forcing the header to be
+      ** dynamically allocated. */
+      pC->aRow = 0;
+      pC->szRow = 0;
+
+      /* Make sure a corrupt database has not given us an oversize header.
+      ** Do this now to avoid an oversize memory allocation.
+      **
+      ** Type entries can be between 1 and 5 bytes each.  But 4 and 5 byte
+      ** types use so much data space that there can only be 4096 and 32 of
+      ** them, respectively.  So the maximum header length results from a
+      ** 3-byte type for each of the maximum of 32768 columns plus three
+      ** extra bytes for the header length itself.  32768*3 + 3 = 98307.
+      */
+      if( offset > 98307 || offset > pC->payloadSize ){
+        rc = SQLITE_CORRUPT_BKPT;
+        goto op_column_error;
+      }
+    }
+
+    /* The following goto is an optimization.  It can be omitted and
+    ** everything will still work.  But OP_Column is measurably faster
+    ** by skipping the subsequent conditional, which is always true.
+    */
+    assert( pC->nHdrParsed<=p2 );         /* Conditional skipped */
+    goto op_column_read_header;
+  }
+
+  /* Make sure at least the first p2+1 entries of the header have been
+  ** parsed and valid information is in aOffset[] and pC->aType[].
+  */
+  if( pC->nHdrParsed<=p2 ){
+    /* If there is more header available for parsing in the record, try
+    ** to extract additional fields up through the p2+1-th field 
+    */
+    op_column_read_header:
+    if( pC->iHdrOffset<aOffset[0] ){
+      /* Make sure zData points to enough of the record to cover the header. */
+      if( pC->aRow==0 ){
+        memset(&sMem, 0, sizeof(sMem));
+        rc = sqlite3VdbeMemFromBtree(pCrsr, 0, aOffset[0], !pC->isTable, &sMem);
+        if( rc!=SQLITE_OK ) goto op_column_error;
+        zData = (u8*)sMem.z;
+      }else{
+        zData = pC->aRow;
+      }
+  
+      /* Fill in pC->aType[i] and aOffset[i] values through the p2-th field. */
+      i = pC->nHdrParsed;
+      offset64 = aOffset[i];
+      zHdr = zData + pC->iHdrOffset;
+      zEndHdr = zData + aOffset[0];
+      assert( i<=p2 && zHdr<zEndHdr );
+      do{
+        if( (t = zHdr[0])<0x80 ){
+          zHdr++;
+          offset64 += sqlite3VdbeOneByteSerialTypeLen(t);
+        }else{
+          zHdr += sqlite3GetVarint32(zHdr, &t);
+          offset64 += sqlite3VdbeSerialTypeLen(t);
+        }
+        pC->aType[i++] = t;
+        aOffset[i] = (u32)(offset64 & 0xffffffff);
+      }while( i<=p2 && zHdr<zEndHdr );
+      pC->nHdrParsed = i;
+      pC->iHdrOffset = (u32)(zHdr - zData);
+      if( pC->aRow==0 ) sqlite3VdbeMemRelease(&sMem);
+  
+      /* The record is corrupt if any of the following are true:
+      ** (1) the bytes of the header extend past the declared header size
+      ** (2) the entire header was used but not all data was used
+      ** (3) the end of the data extends beyond the end of the record.
+      */
+      if( (zHdr>=zEndHdr && (zHdr>zEndHdr || offset64!=pC->payloadSize))
+       || (offset64 > pC->payloadSize)
+      ){
+        rc = SQLITE_CORRUPT_BKPT;
+        goto op_column_error;
+      }
+    }else{
+      t = 0;
+    }
+
+    /* If after trying to extract new entries from the header, nHdrParsed is
+    ** still not up to p2, that means that the record has fewer than p2
+    ** columns.  So the result will be either the default value or a NULL.
+    */
+    if( pC->nHdrParsed<=p2 ){
+      if( pOp->p4type==P4_MEM ){
+        sqlite3VdbeMemShallowCopy(pDest, pOp->p4.pMem, MEM_Static);
+      }else{
+        sqlite3VdbeMemSetNull(pDest);
+      }
+      goto op_column_out;
+    }
+  }else{
+    t = pC->aType[p2];
+  }
+
+  /* Extract the content for the p2+1-th column.  Control can only
+  ** reach this point if aOffset[p2], aOffset[p2+1], and pC->aType[p2] are
+  ** all valid.
+  */
+  assert( p2<pC->nHdrParsed );
+  assert( rc==SQLITE_OK );
+  assert( sqlite3VdbeCheckMemInvariants(pDest) );
+  if( VdbeMemDynamic(pDest) ) sqlite3VdbeMemSetNull(pDest);
+  assert( t==pC->aType[p2] );
+  if( pC->szRow>=aOffset[p2+1] ){
+    /* This is the common case where the desired content fits on the original
+    ** page - where the content is not on an overflow page */
+    sqlite3VdbeSerialGet(pC->aRow+aOffset[p2], t, pDest);
+  }else{
+    /* This branch happens only when content is on overflow pages */
+    if( ((pOp->p5 & (OPFLAG_LENGTHARG|OPFLAG_TYPEOFARG))!=0
+          && ((t>=12 && (t&1)==0) || (pOp->p5 & OPFLAG_TYPEOFARG)!=0))
+     || (len = sqlite3VdbeSerialTypeLen(t))==0
+    ){
+      /* Content is irrelevant for
+      **    1. the typeof() function,
+      **    2. the length(X) function if X is a blob, and
+      **    3. if the content length is zero.
+      ** So we might as well use bogus content rather than reading
+      ** content from disk.  NULL will work for the value for strings
+      ** and blobs and whatever is in the payloadSize64 variable
+      ** will work for everything else. */
+      sqlite3VdbeSerialGet(t<=13 ? (u8*)&payloadSize64 : 0, t, pDest);
+    }else{
+      rc = sqlite3VdbeMemFromBtree(pCrsr, aOffset[p2], len, !pC->isTable,
+                                   pDest);
+      if( rc!=SQLITE_OK ){
+        goto op_column_error;
+      }
+      sqlite3VdbeSerialGet((const u8*)pDest->z, t, pDest);
+      pDest->flags &= ~MEM_Ephem;
+    }
+  }
+  pDest->enc = encoding;
+
+op_column_out:
+  /* If the column value is an ephemeral string, go ahead and persist
+  ** that string in case the cursor moves before the column value is
+  ** used.  The following code does the equivalent of Deephemeralize()
+  ** but does it faster. */
+  if( (pDest->flags & MEM_Ephem)!=0 && pDest->z ){
+    fx = pDest->flags & (MEM_Str|MEM_Blob);
+    assert( fx!=0 );
+    zData = (const u8*)pDest->z;
+    len = pDest->n;
+    if( sqlite3VdbeMemClearAndResize(pDest, len+2) ) goto no_mem;
+    memcpy(pDest->z, zData, len);
+    pDest->z[len] = 0;
+    pDest->z[len+1] = 0;
+    pDest->flags = fx|MEM_Term;
+  }
+op_column_error:
+  UPDATE_MAX_BLOBSIZE(pDest);
+  REGISTER_TRACE(pOp->p3, pDest);
+  break;
+}
+
+/* Opcode: Affinity P1 P2 * P4 *
+** Synopsis: affinity(r[P1@P2])
+**
+** Apply affinities to a range of P2 registers starting with P1.
+**
+** P4 is a string that is P2 characters long. The nth character of the
+** string indicates the column affinity that should be used for the nth
+** memory cell in the range.
+*/
+case OP_Affinity: {
+  const char *zAffinity;   /* The affinity to be applied */
+  char cAff;               /* A single character of affinity */
+
+  zAffinity = pOp->p4.z;
+  assert( zAffinity!=0 );
+  assert( zAffinity[pOp->p2]==0 );
+  pIn1 = &aMem[pOp->p1];
+  while( (cAff = *(zAffinity++))!=0 ){
+    assert( pIn1 <= &p->aMem[(p->nMem-p->nCursor)] );
+    assert( memIsValid(pIn1) );
+    applyAffinity(pIn1, cAff, encoding);
+    pIn1++;
+  }
+  break;
+}
+
+/* Opcode: MakeRecord P1 P2 P3 P4 *
+** Synopsis: r[P3]=mkrec(r[P1@P2])
+**
+** Convert P2 registers beginning with P1 into the [record format]
+** use as a data record in a database table or as a key
+** in an index.  The OP_Column opcode can decode the record later.
+**
+** P4 may be a string that is P2 characters long.  The nth character of the
+** string indicates the column affinity that should be used for the nth
+** field of the index key.
+**
+** The mapping from character to affinity is given by the SQLITE_AFF_
+** macros defined in sqliteInt.h.
+**
+** If P4 is NULL then all index fields have the affinity BLOB.
+*/
+case OP_MakeRecord: {
+  u8 *zNewRecord;        /* A buffer to hold the data for the new record */
+  Mem *pRec;             /* The new record */
+  u64 nData;             /* Number of bytes of data space */
+  int nHdr;              /* Number of bytes of header space */
+  i64 nByte;             /* Data space required for this record */
+  i64 nZero;             /* Number of zero bytes at the end of the record */
+  int nVarint;           /* Number of bytes in a varint */
+  u32 serial_type;       /* Type field */
+  Mem *pData0;           /* First field to be combined into the record */
+  Mem *pLast;            /* Last field of the record */
+  int nField;            /* Number of fields in the record */
+  char *zAffinity;       /* The affinity string for the record */
+  int file_format;       /* File format to use for encoding */
+  int i;                 /* Space used in zNewRecord[] header */
+  int j;                 /* Space used in zNewRecord[] content */
+  u32 len;               /* Length of a field */
+
+  /* Assuming the record contains N fields, the record format looks
+  ** like this:
+  **
+  ** ------------------------------------------------------------------------
+  ** | hdr-size | type 0 | type 1 | ... | type N-1 | data0 | ... | data N-1 | 
+  ** ------------------------------------------------------------------------
+  **
+  ** Data(0) is taken from register P1.  Data(1) comes from register P1+1
+  ** and so forth.
+  **
+  ** Each type field is a varint representing the serial type of the 
+  ** corresponding data element (see sqlite3VdbeSerialType()). The
+  ** hdr-size field is also a varint which is the offset from the beginning
+  ** of the record to data0.
+  */
+  nData = 0;         /* Number of bytes of data space */
+  nHdr = 0;          /* Number of bytes of header space */
+  nZero = 0;         /* Number of zero bytes at the end of the record */
+  nField = pOp->p1;
+  zAffinity = pOp->p4.z;
+  assert( nField>0 && pOp->p2>0 && pOp->p2+nField<=(p->nMem-p->nCursor)+1 );
+  pData0 = &aMem[nField];
+  nField = pOp->p2;
+  pLast = &pData0[nField-1];
+  file_format = p->minWriteFileFormat;
+
+  /* Identify the output register */
+  assert( pOp->p3<pOp->p1 || pOp->p3>=pOp->p1+pOp->p2 );
+  pOut = &aMem[pOp->p3];
+  memAboutToChange(p, pOut);
+
+  /* Apply the requested affinity to all inputs
+  */
+  assert( pData0<=pLast );
+  if( zAffinity ){
+    pRec = pData0;
+    do{
+      applyAffinity(pRec++, *(zAffinity++), encoding);
+      assert( zAffinity[0]==0 || pRec<=pLast );
+    }while( zAffinity[0] );
+  }
+
+  /* Loop through the elements that will make up the record to figure
+  ** out how much space is required for the new record.
+  */
+  pRec = pLast;
+  do{
+    assert( memIsValid(pRec) );
+    pRec->uTemp = serial_type = sqlite3VdbeSerialType(pRec, file_format, &len);
+    if( pRec->flags & MEM_Zero ){
+      if( nData ){
+        if( sqlite3VdbeMemExpandBlob(pRec) ) goto no_mem;
+      }else{
+        nZero += pRec->u.nZero;
+        len -= pRec->u.nZero;
+      }
+    }
+    nData += len;
+    testcase( serial_type==127 );
+    testcase( serial_type==128 );
+    nHdr += serial_type<=127 ? 1 : sqlite3VarintLen(serial_type);
+  }while( (--pRec)>=pData0 );
+
+  /* EVIDENCE-OF: R-22564-11647 The header begins with a single varint
+  ** which determines the total number of bytes in the header. The varint
+  ** value is the size of the header in bytes including the size varint
+  ** itself. */
+  testcase( nHdr==126 );
+  testcase( nHdr==127 );
+  if( nHdr<=126 ){
+    /* The common case */
+    nHdr += 1;
+  }else{
+    /* Rare case of a really large header */
+    nVarint = sqlite3VarintLen(nHdr);
+    nHdr += nVarint;
+    if( nVarint<sqlite3VarintLen(nHdr) ) nHdr++;
+  }
+  nByte = nHdr+nData;
+  if( nByte+nZero>db->aLimit[SQLITE_LIMIT_LENGTH] ){
+    goto too_big;
+  }
+
+  /* Make sure the output register has a buffer large enough to store 
+  ** the new record. The output register (pOp->p3) is not allowed to
+  ** be one of the input registers (because the following call to
+  ** sqlite3VdbeMemClearAndResize() could clobber the value before it is used).
+  */
+  if( sqlite3VdbeMemClearAndResize(pOut, (int)nByte) ){
+    goto no_mem;
+  }
+  zNewRecord = (u8 *)pOut->z;
+
+  /* Write the record */
+  i = putVarint32(zNewRecord, nHdr);
+  j = nHdr;
+  assert( pData0<=pLast );
+  pRec = pData0;
+  do{
+    serial_type = pRec->uTemp;
+    /* EVIDENCE-OF: R-06529-47362 Following the size varint are one or more
+    ** additional varints, one per column. */
+    i += putVarint32(&zNewRecord[i], serial_type);            /* serial type */
+    /* EVIDENCE-OF: R-64536-51728 The values for each column in the record
+    ** immediately follow the header. */
+    j += sqlite3VdbeSerialPut(&zNewRecord[j], pRec, serial_type); /* content */
+  }while( (++pRec)<=pLast );
+  assert( i==nHdr );
+  assert( j==nByte );
+
+  assert( pOp->p3>0 && pOp->p3<=(p->nMem-p->nCursor) );
+  pOut->n = (int)nByte;
+  pOut->flags = MEM_Blob;
+  if( nZero ){
+    pOut->u.nZero = nZero;
+    pOut->flags |= MEM_Zero;
+  }
+  pOut->enc = SQLITE_UTF8;  /* In case the blob is ever converted to text */
+  REGISTER_TRACE(pOp->p3, pOut);
+  UPDATE_MAX_BLOBSIZE(pOut);
+  break;
+}
+
+/* Opcode: Count P1 P2 * * *
+** Synopsis: r[P2]=count()
+**
+** Store the number of entries (an integer value) in the table or index 
+** opened by cursor P1 in register P2
+*/
+#ifndef SQLITE_OMIT_BTREECOUNT
+case OP_Count: {         /* out2 */
+  i64 nEntry;
+  BtCursor *pCrsr;
+
+  assert( p->apCsr[pOp->p1]->eCurType==CURTYPE_BTREE );
+  pCrsr = p->apCsr[pOp->p1]->uc.pCursor;
+  assert( pCrsr );
+  nEntry = 0;  /* Not needed.  Only used to silence a warning. */
+  rc = sqlite3BtreeCount(pCrsr, &nEntry);
+  pOut = out2Prerelease(p, pOp);
+  pOut->u.i = nEntry;
+  break;
+}
+#endif
+
+/* Opcode: Savepoint P1 * * P4 *
+**
+** Open, release or rollback the savepoint named by parameter P4, depending
+** on the value of P1. To open a new savepoint, P1==0. To release (commit) an
+** existing savepoint, P1==1, or to rollback an existing savepoint P1==2.
+*/
+case OP_Savepoint: {
+  int p1;                         /* Value of P1 operand */
+  char *zName;                    /* Name of savepoint */
+  int nName;
+  Savepoint *pNew;
+  Savepoint *pSavepoint;
+  Savepoint *pTmp;
+  int iSavepoint;
+  int ii;
+
+  p1 = pOp->p1;
+  zName = pOp->p4.z;
+
+  /* Assert that the p1 parameter is valid. Also that if there is no open
+  ** transaction, then there cannot be any savepoints. 
+  */
+  assert( db->pSavepoint==0 || db->autoCommit==0 );
+  assert( p1==SAVEPOINT_BEGIN||p1==SAVEPOINT_RELEASE||p1==SAVEPOINT_ROLLBACK );
+  assert( db->pSavepoint || db->isTransactionSavepoint==0 );
+  assert( checkSavepointCount(db) );
+  assert( p->bIsReader );
+
+  if( p1==SAVEPOINT_BEGIN ){
+    if( db->nVdbeWrite>0 ){
+      /* A new savepoint cannot be created if there are active write 
+      ** statements (i.e. open read/write incremental blob handles).
+      */
+      sqlite3VdbeError(p, "cannot open savepoint - SQL statements in progress");
+      rc = SQLITE_BUSY;
+    }else{
+      nName = sqlite3Strlen30(zName);
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+      /* This call is Ok even if this savepoint is actually a transaction
+      ** savepoint (and therefore should not prompt xSavepoint()) callbacks.
+      ** If this is a transaction savepoint being opened, it is guaranteed
+      ** that the db->aVTrans[] array is empty.  */
+      assert( db->autoCommit==0 || db->nVTrans==0 );
+      rc = sqlite3VtabSavepoint(db, SAVEPOINT_BEGIN,
+                                db->nStatement+db->nSavepoint);
+      if( rc!=SQLITE_OK ) goto abort_due_to_error;
+#endif
+
+      /* Create a new savepoint structure. */
+      pNew = sqlite3DbMallocRaw(db, sizeof(Savepoint)+nName+1);
+      if( pNew ){
+        pNew->zName = (char *)&pNew[1];
+        memcpy(pNew->zName, zName, nName+1);
+    
+        /* If there is no open transaction, then mark this as a special
+        ** "transaction savepoint". */
+        if( db->autoCommit ){
+          db->autoCommit = 0;
+          db->isTransactionSavepoint = 1;
+        }else{
+          db->nSavepoint++;
+        }
+    
+        /* Link the new savepoint into the database handle's list. */
+        pNew->pNext = db->pSavepoint;
+        db->pSavepoint = pNew;
+        pNew->nDeferredCons = db->nDeferredCons;
+        pNew->nDeferredImmCons = db->nDeferredImmCons;
+      }
+    }
+  }else{
+    iSavepoint = 0;
+
+    /* Find the named savepoint. If there is no such savepoint, then an
+    ** an error is returned to the user.  */
+    for(
+      pSavepoint = db->pSavepoint; 
+      pSavepoint && sqlite3StrICmp(pSavepoint->zName, zName);
+      pSavepoint = pSavepoint->pNext
+    ){
+      iSavepoint++;
+    }
+    if( !pSavepoint ){
+      sqlite3VdbeError(p, "no such savepoint: %s", zName);
+      rc = SQLITE_ERROR;
+    }else if( db->nVdbeWrite>0 && p1==SAVEPOINT_RELEASE ){
+      /* It is not possible to release (commit) a savepoint if there are 
+      ** active write statements.
+      */
+      sqlite3VdbeError(p, "cannot release savepoint - "
+                          "SQL statements in progress");
+      rc = SQLITE_BUSY;
+    }else{
+
+      /* Determine whether or not this is a transaction savepoint. If so,
+      ** and this is a RELEASE command, then the current transaction 
+      ** is committed. 
+      */
+      int isTransaction = pSavepoint->pNext==0 && db->isTransactionSavepoint;
+      if( isTransaction && p1==SAVEPOINT_RELEASE ){
+        if( (rc = sqlite3VdbeCheckFk(p, 1))!=SQLITE_OK ){
+          goto vdbe_return;
+        }
+        db->autoCommit = 1;
+        if( sqlite3VdbeHalt(p)==SQLITE_BUSY ){
+          p->pc = (int)(pOp - aOp);
+          db->autoCommit = 0;
+          p->rc = rc = SQLITE_BUSY;
+          goto vdbe_return;
+        }
+        db->isTransactionSavepoint = 0;
+        rc = p->rc;
+      }else{
+        int isSchemaChange;
+        iSavepoint = db->nSavepoint - iSavepoint - 1;
+        if( p1==SAVEPOINT_ROLLBACK ){
+          isSchemaChange = (db->flags & SQLITE_InternChanges)!=0;
+          for(ii=0; ii<db->nDb; ii++){
+            rc = sqlite3BtreeTripAllCursors(db->aDb[ii].pBt,
+                                       SQLITE_ABORT_ROLLBACK,
+                                       isSchemaChange==0);
+            if( rc!=SQLITE_OK ) goto abort_due_to_error;
+          }
+        }else{
+          isSchemaChange = 0;
+        }
+        for(ii=0; ii<db->nDb; ii++){
+          rc = sqlite3BtreeSavepoint(db->aDb[ii].pBt, p1, iSavepoint);
+          if( rc!=SQLITE_OK ){
+            goto abort_due_to_error;
+          }
+        }
+        if( isSchemaChange ){
+          sqlite3ExpirePreparedStatements(db);
+          sqlite3ResetAllSchemasOfConnection(db);
+          db->flags = (db->flags | SQLITE_InternChanges);
+        }
+      }
+  
+      /* Regardless of whether this is a RELEASE or ROLLBACK, destroy all 
+      ** savepoints nested inside of the savepoint being operated on. */
+      while( db->pSavepoint!=pSavepoint ){
+        pTmp = db->pSavepoint;
+        db->pSavepoint = pTmp->pNext;
+        sqlite3DbFree(db, pTmp);
+        db->nSavepoint--;
+      }
+
+      /* If it is a RELEASE, then destroy the savepoint being operated on 
+      ** too. If it is a ROLLBACK TO, then set the number of deferred 
+      ** constraint violations present in the database to the value stored
+      ** when the savepoint was created.  */
+      if( p1==SAVEPOINT_RELEASE ){
+        assert( pSavepoint==db->pSavepoint );
+        db->pSavepoint = pSavepoint->pNext;
+        sqlite3DbFree(db, pSavepoint);
+        if( !isTransaction ){
+          db->nSavepoint--;
+        }
+      }else{
+        db->nDeferredCons = pSavepoint->nDeferredCons;
+        db->nDeferredImmCons = pSavepoint->nDeferredImmCons;
+      }
+
+      if( !isTransaction || p1==SAVEPOINT_ROLLBACK ){
+        rc = sqlite3VtabSavepoint(db, p1, iSavepoint);
+        if( rc!=SQLITE_OK ) goto abort_due_to_error;
+      }
+    }
+  }
+
+  break;
+}
+
+/* Opcode: AutoCommit P1 P2 * * *
+**
+** Set the database auto-commit flag to P1 (1 or 0). If P2 is true, roll
+** back any currently active btree transactions. If there are any active
+** VMs (apart from this one), then a ROLLBACK fails.  A COMMIT fails if
+** there are active writing VMs or active VMs that use shared cache.
+**
+** This instruction causes the VM to halt.
+*/
+case OP_AutoCommit: {
+  int desiredAutoCommit;
+  int iRollback;
+  int turnOnAC;
+
+  desiredAutoCommit = pOp->p1;
+  iRollback = pOp->p2;
+  turnOnAC = desiredAutoCommit && !db->autoCommit;
+  assert( desiredAutoCommit==1 || desiredAutoCommit==0 );
+  assert( desiredAutoCommit==1 || iRollback==0 );
+  assert( db->nVdbeActive>0 );  /* At least this one VM is active */
+  assert( p->bIsReader );
+
+  if( turnOnAC && !iRollback && db->nVdbeWrite>0 ){
+    /* If this instruction implements a COMMIT and other VMs are writing
+    ** return an error indicating that the other VMs must complete first. 
+    */
+    sqlite3VdbeError(p, "cannot commit transaction - "
+                        "SQL statements in progress");
+    rc = SQLITE_BUSY;
+  }else if( desiredAutoCommit!=db->autoCommit ){
+    if( iRollback ){
+      assert( desiredAutoCommit==1 );
+      sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
+      db->autoCommit = 1;
+    }else if( (rc = sqlite3VdbeCheckFk(p, 1))!=SQLITE_OK ){
+      goto vdbe_return;
+    }else{
+      db->autoCommit = (u8)desiredAutoCommit;
+    }
+    if( sqlite3VdbeHalt(p)==SQLITE_BUSY ){
+      p->pc = (int)(pOp - aOp);
+      db->autoCommit = (u8)(1-desiredAutoCommit);
+      p->rc = rc = SQLITE_BUSY;
+      goto vdbe_return;
+    }
+    assert( db->nStatement==0 );
+    sqlite3CloseSavepoints(db);
+    if( p->rc==SQLITE_OK ){
+      rc = SQLITE_DONE;
+    }else{
+      rc = SQLITE_ERROR;
+    }
+    goto vdbe_return;
+  }else{
+    sqlite3VdbeError(p,
+        (!desiredAutoCommit)?"cannot start a transaction within a transaction":(
+        (iRollback)?"cannot rollback - no transaction is active":
+                   "cannot commit - no transaction is active"));
+         
+    rc = SQLITE_ERROR;
+  }
+  break;
+}
+
+/* Opcode: Transaction P1 P2 P3 P4 P5
+**
+** Begin a transaction on database P1 if a transaction is not already
+** active.
+** If P2 is non-zero, then a write-transaction is started, or if a 
+** read-transaction is already active, it is upgraded to a write-transaction.
+** If P2 is zero, then a read-transaction is started.
+**
+** P1 is the index of the database file on which the transaction is
+** started.  Index 0 is the main database file and index 1 is the
+** file used for temporary tables.  Indices of 2 or more are used for
+** attached databases.
+**
+** If a write-transaction is started and the Vdbe.usesStmtJournal flag is
+** true (this flag is set if the Vdbe may modify more than one row and may
+** throw an ABORT exception), a statement transaction may also be opened.
+** More specifically, a statement transaction is opened iff the database
+** connection is currently not in autocommit mode, or if there are other
+** active statements. A statement transaction allows the changes made by this
+** VDBE to be rolled back after an error without having to roll back the
+** entire transaction. If no error is encountered, the statement transaction
+** will automatically commit when the VDBE halts.
+**
+** If P5!=0 then this opcode also checks the schema cookie against P3
+** and the schema generation counter against P4.
+** The cookie changes its value whenever the database schema changes.
+** This operation is used to detect when that the cookie has changed
+** and that the current process needs to reread the schema.  If the schema
+** cookie in P3 differs from the schema cookie in the database header or
+** if the schema generation counter in P4 differs from the current
+** generation counter, then an SQLITE_SCHEMA error is raised and execution
+** halts.  The sqlite3_step() wrapper function might then reprepare the
+** statement and rerun it from the beginning.
+*/
+case OP_Transaction: {
+  Btree *pBt;
+  int iMeta;
+  int iGen;
+
+  assert( p->bIsReader );
+  assert( p->readOnly==0 || pOp->p2==0 );
+  assert( pOp->p1>=0 && pOp->p1<db->nDb );
+  assert( DbMaskTest(p->btreeMask, pOp->p1) );
+  if( pOp->p2 && (db->flags & SQLITE_QueryOnly)!=0 ){
+    rc = SQLITE_READONLY;
+    goto abort_due_to_error;
+  }
+  pBt = db->aDb[pOp->p1].pBt;
+
+  if( pBt ){
+    rc = sqlite3BtreeBeginTrans(pBt, pOp->p2);
+    testcase( rc==SQLITE_BUSY_SNAPSHOT );
+    testcase( rc==SQLITE_BUSY_RECOVERY );
+    if( (rc&0xff)==SQLITE_BUSY ){
+      p->pc = (int)(pOp - aOp);
+      p->rc = rc;
+      goto vdbe_return;
+    }
+    if( rc!=SQLITE_OK ){
+      goto abort_due_to_error;
+    }
+
+    if( pOp->p2 && p->usesStmtJournal 
+     && (db->autoCommit==0 || db->nVdbeRead>1) 
+    ){
+      assert( sqlite3BtreeIsInTrans(pBt) );
+      if( p->iStatement==0 ){
+        assert( db->nStatement>=0 && db->nSavepoint>=0 );
+        db->nStatement++; 
+        p->iStatement = db->nSavepoint + db->nStatement;
+      }
+
+      rc = sqlite3VtabSavepoint(db, SAVEPOINT_BEGIN, p->iStatement-1);
+      if( rc==SQLITE_OK ){
+        rc = sqlite3BtreeBeginStmt(pBt, p->iStatement);
+      }
+
+      /* Store the current value of the database handles deferred constraint
+      ** counter. If the statement transaction needs to be rolled back,
+      ** the value of this counter needs to be restored too.  */
+      p->nStmtDefCons = db->nDeferredCons;
+      p->nStmtDefImmCons = db->nDeferredImmCons;
+    }
+
+    /* Gather the schema version number for checking:
+    ** IMPLEMENTATION-OF: R-32195-19465 The schema version is used by SQLite
+    ** each time a query is executed to ensure that the internal cache of the
+    ** schema used when compiling the SQL query matches the schema of the
+    ** database against which the compiled query is actually executed.
+    */
+    sqlite3BtreeGetMeta(pBt, BTREE_SCHEMA_VERSION, (u32 *)&iMeta);
+    iGen = db->aDb[pOp->p1].pSchema->iGeneration;
+  }else{
+    iGen = iMeta = 0;
+  }
+  assert( pOp->p5==0 || pOp->p4type==P4_INT32 );
+  if( pOp->p5 && (iMeta!=pOp->p3 || iGen!=pOp->p4.i) ){
+    sqlite3DbFree(db, p->zErrMsg);
+    p->zErrMsg = sqlite3DbStrDup(db, "database schema has changed");
+    /* If the schema-cookie from the database file matches the cookie 
+    ** stored with the in-memory representation of the schema, do
+    ** not reload the schema from the database file.
+    **
+    ** If virtual-tables are in use, this is not just an optimization.
+    ** Often, v-tables store their data in other SQLite tables, which
+    ** are queried from within xNext() and other v-table methods using
+    ** prepared queries. If such a query is out-of-date, we do not want to
+    ** discard the database schema, as the user code implementing the
+    ** v-table would have to be ready for the sqlite3_vtab structure itself
+    ** to be invalidated whenever sqlite3_step() is called from within 
+    ** a v-table method.
+    */
+    if( db->aDb[pOp->p1].pSchema->schema_cookie!=iMeta ){
+      sqlite3ResetOneSchema(db, pOp->p1);
+    }
+    p->expired = 1;
+    rc = SQLITE_SCHEMA;
+  }
+  break;
+}
+
+/* Opcode: ReadCookie P1 P2 P3 * *
+**
+** Read cookie number P3 from database P1 and write it into register P2.
+** P3==1 is the schema version.  P3==2 is the database format.
+** P3==3 is the recommended pager cache size, and so forth.  P1==0 is
+** the main database file and P1==1 is the database file used to store
+** temporary tables.
+**
+** There must be a read-lock on the database (either a transaction
+** must be started or there must be an open cursor) before
+** executing this instruction.
+*/
+case OP_ReadCookie: {               /* out2 */
+  int iMeta;
+  int iDb;
+  int iCookie;
+
+  assert( p->bIsReader );
+  iDb = pOp->p1;
+  iCookie = pOp->p3;
+  assert( pOp->p3<SQLITE_N_BTREE_META );
+  assert( iDb>=0 && iDb<db->nDb );
+  assert( db->aDb[iDb].pBt!=0 );
+  assert( DbMaskTest(p->btreeMask, iDb) );
+
+  sqlite3BtreeGetMeta(db->aDb[iDb].pBt, iCookie, (u32 *)&iMeta);
+  pOut = out2Prerelease(p, pOp);
+  pOut->u.i = iMeta;
+  break;
+}
+
+/* Opcode: SetCookie P1 P2 P3 * *
+**
+** Write the content of register P3 (interpreted as an integer)
+** into cookie number P2 of database P1.  P2==1 is the schema version.  
+** P2==2 is the database format. P2==3 is the recommended pager cache 
+** size, and so forth.  P1==0 is the main database file and P1==1 is the 
+** database file used to store temporary tables.
+**
+** A transaction must be started before executing this opcode.
+*/
+case OP_SetCookie: {       /* in3 */
+  Db *pDb;
+  assert( pOp->p2<SQLITE_N_BTREE_META );
+  assert( pOp->p1>=0 && pOp->p1<db->nDb );
+  assert( DbMaskTest(p->btreeMask, pOp->p1) );
+  assert( p->readOnly==0 );
+  pDb = &db->aDb[pOp->p1];
+  assert( pDb->pBt!=0 );
+  assert( sqlite3SchemaMutexHeld(db, pOp->p1, 0) );
+  pIn3 = &aMem[pOp->p3];
+  sqlite3VdbeMemIntegerify(pIn3);
+  /* See note about index shifting on OP_ReadCookie */
+  rc = sqlite3BtreeUpdateMeta(pDb->pBt, pOp->p2, (int)pIn3->u.i);
+  if( pOp->p2==BTREE_SCHEMA_VERSION ){
+    /* When the schema cookie changes, record the new cookie internally */
+    pDb->pSchema->schema_cookie = (int)pIn3->u.i;
+    db->flags |= SQLITE_InternChanges;
+  }else if( pOp->p2==BTREE_FILE_FORMAT ){
+    /* Record changes in the file format */
+    pDb->pSchema->file_format = (u8)pIn3->u.i;
+  }
+  if( pOp->p1==1 ){
+    /* Invalidate all prepared statements whenever the TEMP database
+    ** schema is changed.  Ticket #1644 */
+    sqlite3ExpirePreparedStatements(db);
+    p->expired = 0;
+  }
+  break;
+}
+
+/* Opcode: OpenRead P1 P2 P3 P4 P5
+** Synopsis: root=P2 iDb=P3
+**
+** Open a read-only cursor for the database table whose root page is
+** P2 in a database file.  The database file is determined by P3. 
+** P3==0 means the main database, P3==1 means the database used for 
+** temporary tables, and P3>1 means used the corresponding attached
+** database.  Give the new cursor an identifier of P1.  The P1
+** values need not be contiguous but all P1 values should be small integers.
+** It is an error for P1 to be negative.
+**
+** If P5!=0 then use the content of register P2 as the root page, not
+** the value of P2 itself.
+**
+** There will be a read lock on the database whenever there is an
+** open cursor.  If the database was unlocked prior to this instruction
+** then a read lock is acquired as part of this instruction.  A read
+** lock allows other processes to read the database but prohibits
+** any other process from modifying the database.  The read lock is
+** released when all cursors are closed.  If this instruction attempts
+** to get a read lock but fails, the script terminates with an
+** SQLITE_BUSY error code.
+**
+** The P4 value may be either an integer (P4_INT32) or a pointer to
+** a KeyInfo structure (P4_KEYINFO). If it is a pointer to a KeyInfo 
+** structure, then said structure defines the content and collating 
+** sequence of the index being opened. Otherwise, if P4 is an integer 
+** value, it is set to the number of columns in the table.
+**
+** See also: OpenWrite, ReopenIdx
+*/
+/* Opcode: ReopenIdx P1 P2 P3 P4 P5
+** Synopsis: root=P2 iDb=P3
+**
+** The ReopenIdx opcode works exactly like ReadOpen except that it first
+** checks to see if the cursor on P1 is already open with a root page
+** number of P2 and if it is this opcode becomes a no-op.  In other words,
+** if the cursor is already open, do not reopen it.
+**
+** The ReopenIdx opcode may only be used with P5==0 and with P4 being
+** a P4_KEYINFO object.  Furthermore, the P3 value must be the same as
+** every other ReopenIdx or OpenRead for the same cursor number.
+**
+** See the OpenRead opcode documentation for additional information.
+*/
+/* Opcode: OpenWrite P1 P2 P3 P4 P5
+** Synopsis: root=P2 iDb=P3
+**
+** Open a read/write cursor named P1 on the table or index whose root
+** page is P2.  Or if P5!=0 use the content of register P2 to find the
+** root page.
+**
+** The P4 value may be either an integer (P4_INT32) or a pointer to
+** a KeyInfo structure (P4_KEYINFO). If it is a pointer to a KeyInfo 
+** structure, then said structure defines the content and collating 
+** sequence of the index being opened. Otherwise, if P4 is an integer 
+** value, it is set to the number of columns in the table, or to the
+** largest index of any column of the table that is actually used.
+**
+** This instruction works just like OpenRead except that it opens the cursor
+** in read/write mode.  For a given table, there can be one or more read-only
+** cursors or a single read/write cursor but not both.
+**
+** See also OpenRead.
+*/
+case OP_ReopenIdx: {
+  int nField;
+  KeyInfo *pKeyInfo;
+  int p2;
+  int iDb;
+  int wrFlag;
+  Btree *pX;
+  VdbeCursor *pCur;
+  Db *pDb;
+
+  assert( pOp->p5==0 || pOp->p5==OPFLAG_SEEKEQ );
+  assert( pOp->p4type==P4_KEYINFO );
+  pCur = p->apCsr[pOp->p1];
+  if( pCur && pCur->pgnoRoot==(u32)pOp->p2 ){
+    assert( pCur->iDb==pOp->p3 );      /* Guaranteed by the code generator */
+    goto open_cursor_set_hints;
+  }
+  /* If the cursor is not currently open or is open on a different
+  ** index, then fall through into OP_OpenRead to force a reopen */
+case OP_OpenRead:
+case OP_OpenWrite:
+
+  assert( pOp->opcode==OP_OpenWrite || pOp->p5==0 || pOp->p5==OPFLAG_SEEKEQ );
+  assert( p->bIsReader );
+  assert( pOp->opcode==OP_OpenRead || pOp->opcode==OP_ReopenIdx
+          || p->readOnly==0 );
+
+  if( p->expired ){
+    rc = SQLITE_ABORT_ROLLBACK;
+    break;
+  }
+
+  nField = 0;
+  pKeyInfo = 0;
+  p2 = pOp->p2;
+  iDb = pOp->p3;
+  assert( iDb>=0 && iDb<db->nDb );
+  assert( DbMaskTest(p->btreeMask, iDb) );
+  pDb = &db->aDb[iDb];
+  pX = pDb->pBt;
+  assert( pX!=0 );
+  if( pOp->opcode==OP_OpenWrite ){
+    assert( OPFLAG_FORDELETE==BTREE_FORDELETE );
+    wrFlag = BTREE_WRCSR | (pOp->p5 & OPFLAG_FORDELETE);
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    if( pDb->pSchema->file_format < p->minWriteFileFormat ){
+      p->minWriteFileFormat = pDb->pSchema->file_format;
+    }
+  }else{
+    wrFlag = 0;
+  }
+  if( pOp->p5 & OPFLAG_P2ISREG ){
+    assert( p2>0 );
+    assert( p2<=(p->nMem-p->nCursor) );
+    pIn2 = &aMem[p2];
+    assert( memIsValid(pIn2) );
+    assert( (pIn2->flags & MEM_Int)!=0 );
+    sqlite3VdbeMemIntegerify(pIn2);
+    p2 = (int)pIn2->u.i;
+    /* The p2 value always comes from a prior OP_CreateTable opcode and
+    ** that opcode will always set the p2 value to 2 or more or else fail.
+    ** If there were a failure, the prepared statement would have halted
+    ** before reaching this instruction. */
+    if( NEVER(p2<2) ) {
+      rc = SQLITE_CORRUPT_BKPT;
+      goto abort_due_to_error;
+    }
+  }
+  if( pOp->p4type==P4_KEYINFO ){
+    pKeyInfo = pOp->p4.pKeyInfo;
+    assert( pKeyInfo->enc==ENC(db) );
+    assert( pKeyInfo->db==db );
+    nField = pKeyInfo->nField+pKeyInfo->nXField;
+  }else if( pOp->p4type==P4_INT32 ){
+    nField = pOp->p4.i;
+  }
+  assert( pOp->p1>=0 );
+  assert( nField>=0 );
+  testcase( nField==0 );  /* Table with INTEGER PRIMARY KEY and nothing else */
+  pCur = allocateCursor(p, pOp->p1, nField, iDb, CURTYPE_BTREE);
+  if( pCur==0 ) goto no_mem;
+  pCur->nullRow = 1;
+  pCur->isOrdered = 1;
+  pCur->pgnoRoot = p2;
+  rc = sqlite3BtreeCursor(pX, p2, wrFlag, pKeyInfo, pCur->uc.pCursor);
+  pCur->pKeyInfo = pKeyInfo;
+  /* Set the VdbeCursor.isTable variable. Previous versions of
+  ** SQLite used to check if the root-page flags were sane at this point
+  ** and report database corruption if they were not, but this check has
+  ** since moved into the btree layer.  */  
+  pCur->isTable = pOp->p4type!=P4_KEYINFO;
+
+open_cursor_set_hints:
+  assert( OPFLAG_BULKCSR==BTREE_BULKLOAD );
+  assert( OPFLAG_SEEKEQ==BTREE_SEEK_EQ );
+  testcase( pOp->p5 & OPFLAG_BULKCSR );
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+  testcase( pOp->p2 & OPFLAG_SEEKEQ );
+#endif
+  sqlite3BtreeCursorHintFlags(pCur->uc.pCursor,
+                               (pOp->p5 & (OPFLAG_BULKCSR|OPFLAG_SEEKEQ)));
+  break;
+}
+
+/* Opcode: OpenEphemeral P1 P2 * P4 P5
+** Synopsis: nColumn=P2
+**
+** Open a new cursor P1 to a transient table.
+** The cursor is always opened read/write even if 
+** the main database is read-only.  The ephemeral
+** table is deleted automatically when the cursor is closed.
+**
+** P2 is the number of columns in the ephemeral table.
+** The cursor points to a BTree table if P4==0 and to a BTree index
+** if P4 is not 0.  If P4 is not NULL, it points to a KeyInfo structure
+** that defines the format of keys in the index.
+**
+** The P5 parameter can be a mask of the BTREE_* flags defined
+** in btree.h.  These flags control aspects of the operation of
+** the btree.  The BTREE_OMIT_JOURNAL and BTREE_SINGLE flags are
+** added automatically.
+*/
+/* Opcode: OpenAutoindex P1 P2 * P4 *
+** Synopsis: nColumn=P2
+**
+** This opcode works the same as OP_OpenEphemeral.  It has a
+** different name to distinguish its use.  Tables created using
+** by this opcode will be used for automatically created transient
+** indices in joins.
+*/
+case OP_OpenAutoindex: 
+case OP_OpenEphemeral: {
+  VdbeCursor *pCx;
+  KeyInfo *pKeyInfo;
+
+  static const int vfsFlags = 
+      SQLITE_OPEN_READWRITE |
+      SQLITE_OPEN_CREATE |
+      SQLITE_OPEN_EXCLUSIVE |
+      SQLITE_OPEN_DELETEONCLOSE |
+      SQLITE_OPEN_TRANSIENT_DB;
+  assert( pOp->p1>=0 );
+  assert( pOp->p2>=0 );
+  pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_BTREE);
+  if( pCx==0 ) goto no_mem;
+  pCx->nullRow = 1;
+  pCx->isEphemeral = 1;
+  rc = sqlite3BtreeOpen(db->pVfs, 0, db, &pCx->pBt, 
+                        BTREE_OMIT_JOURNAL | BTREE_SINGLE | pOp->p5, vfsFlags);
+  if( rc==SQLITE_OK ){
+    rc = sqlite3BtreeBeginTrans(pCx->pBt, 1);
+  }
+  if( rc==SQLITE_OK ){
+    /* If a transient index is required, create it by calling
+    ** sqlite3BtreeCreateTable() with the BTREE_BLOBKEY flag before
+    ** opening it. If a transient table is required, just use the
+    ** automatically created table with root-page 1 (an BLOB_INTKEY table).
+    */
+    if( (pKeyInfo = pOp->p4.pKeyInfo)!=0 ){
+      int pgno;
+      assert( pOp->p4type==P4_KEYINFO );
+      rc = sqlite3BtreeCreateTable(pCx->pBt, &pgno, BTREE_BLOBKEY | pOp->p5); 
+      if( rc==SQLITE_OK ){
+        assert( pgno==MASTER_ROOT+1 );
+        assert( pKeyInfo->db==db );
+        assert( pKeyInfo->enc==ENC(db) );
+        pCx->pKeyInfo = pKeyInfo;
+        rc = sqlite3BtreeCursor(pCx->pBt, pgno, BTREE_WRCSR,
+                                pKeyInfo, pCx->uc.pCursor);
+      }
+      pCx->isTable = 0;
+    }else{
+      rc = sqlite3BtreeCursor(pCx->pBt, MASTER_ROOT, BTREE_WRCSR,
+                              0, pCx->uc.pCursor);
+      pCx->isTable = 1;
+    }
+  }
+  pCx->isOrdered = (pOp->p5!=BTREE_UNORDERED);
+  break;
+}
+
+/* Opcode: SorterOpen P1 P2 P3 P4 *
+**
+** This opcode works like OP_OpenEphemeral except that it opens
+** a transient index that is specifically designed to sort large
+** tables using an external merge-sort algorithm.
+**
+** If argument P3 is non-zero, then it indicates that the sorter may
+** assume that a stable sort considering the first P3 fields of each
+** key is sufficient to produce the required results.
+*/
+case OP_SorterOpen: {
+  VdbeCursor *pCx;
+
+  assert( pOp->p1>=0 );
+  assert( pOp->p2>=0 );
+  pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_SORTER);
+  if( pCx==0 ) goto no_mem;
+  pCx->pKeyInfo = pOp->p4.pKeyInfo;
+  assert( pCx->pKeyInfo->db==db );
+  assert( pCx->pKeyInfo->enc==ENC(db) );
+  rc = sqlite3VdbeSorterInit(db, pOp->p3, pCx);
+  break;
+}
+
+/* Opcode: SequenceTest P1 P2 * * *
+** Synopsis: if( cursor[P1].ctr++ ) pc = P2
+**
+** P1 is a sorter cursor. If the sequence counter is currently zero, jump
+** to P2. Regardless of whether or not the jump is taken, increment the
+** the sequence value.
+*/
+case OP_SequenceTest: {
+  VdbeCursor *pC;
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( isSorter(pC) );
+  if( (pC->seqCount++)==0 ){
+    goto jump_to_p2;
+  }
+  break;
+}
+
+/* Opcode: OpenPseudo P1 P2 P3 * *
+** Synopsis: P3 columns in r[P2]
+**
+** Open a new cursor that points to a fake table that contains a single
+** row of data.  The content of that one row is the content of memory
+** register P2.  In other words, cursor P1 becomes an alias for the 
+** MEM_Blob content contained in register P2.
+**
+** A pseudo-table created by this opcode is used to hold a single
+** row output from the sorter so that the row can be decomposed into
+** individual columns using the OP_Column opcode.  The OP_Column opcode
+** is the only cursor opcode that works with a pseudo-table.
+**
+** P3 is the number of fields in the records that will be stored by
+** the pseudo-table.
+*/
+case OP_OpenPseudo: {
+  VdbeCursor *pCx;
+
+  assert( pOp->p1>=0 );
+  assert( pOp->p3>=0 );
+  pCx = allocateCursor(p, pOp->p1, pOp->p3, -1, CURTYPE_PSEUDO);
+  if( pCx==0 ) goto no_mem;
+  pCx->nullRow = 1;
+  pCx->uc.pseudoTableReg = pOp->p2;
+  pCx->isTable = 1;
+  assert( pOp->p5==0 );
+  break;
+}
+
+/* Opcode: Close P1 * * * *
+**
+** Close a cursor previously opened as P1.  If P1 is not
+** currently open, this instruction is a no-op.
+*/
+case OP_Close: {
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  sqlite3VdbeFreeCursor(p, p->apCsr[pOp->p1]);
+  p->apCsr[pOp->p1] = 0;
+  break;
+}
+
+#ifdef SQLITE_ENABLE_COLUMN_USED_MASK
+/* Opcode: ColumnsUsed P1 * * P4 *
+**
+** This opcode (which only exists if SQLite was compiled with
+** SQLITE_ENABLE_COLUMN_USED_MASK) identifies which columns of the
+** table or index for cursor P1 are used.  P4 is a 64-bit integer
+** (P4_INT64) in which the first 63 bits are one for each of the
+** first 63 columns of the table or index that are actually used
+** by the cursor.  The high-order bit is set if any column after
+** the 64th is used.
+*/
+case OP_ColumnsUsed: {
+  VdbeCursor *pC;
+  pC = p->apCsr[pOp->p1];
+  assert( pC->eCurType==CURTYPE_BTREE );
+  pC->maskUsed = *(u64*)pOp->p4.pI64;
+  break;
+}
+#endif
+
+/* Opcode: SeekGE P1 P2 P3 P4 *
+** Synopsis: key=r[P3@P4]
+**
+** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
+** use the value in register P3 as the key.  If cursor P1 refers 
+** to an SQL index, then P3 is the first in an array of P4 registers 
+** that are used as an unpacked index key. 
+**
+** Reposition cursor P1 so that  it points to the smallest entry that 
+** is greater than or equal to the key value. If there are no records 
+** greater than or equal to the key and P2 is not zero, then jump to P2.
+**
+** If the cursor P1 was opened using the OPFLAG_SEEKEQ flag, then this
+** opcode will always land on a record that equally equals the key, or
+** else jump immediately to P2.  When the cursor is OPFLAG_SEEKEQ, this
+** opcode must be followed by an IdxLE opcode with the same arguments.
+** The IdxLE opcode will be skipped if this opcode succeeds, but the
+** IdxLE opcode will be used on subsequent loop iterations.
+**
+** This opcode leaves the cursor configured to move in forward order,
+** from the beginning toward the end.  In other words, the cursor is
+** configured to use Next, not Prev.
+**
+** See also: Found, NotFound, SeekLt, SeekGt, SeekLe
+*/
+/* Opcode: SeekGT P1 P2 P3 P4 *
+** Synopsis: key=r[P3@P4]
+**
+** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
+** use the value in register P3 as a key. If cursor P1 refers 
+** to an SQL index, then P3 is the first in an array of P4 registers 
+** that are used as an unpacked index key. 
+**
+** Reposition cursor P1 so that  it points to the smallest entry that 
+** is greater than the key value. If there are no records greater than 
+** the key and P2 is not zero, then jump to P2.
+**
+** This opcode leaves the cursor configured to move in forward order,
+** from the beginning toward the end.  In other words, the cursor is
+** configured to use Next, not Prev.
+**
+** See also: Found, NotFound, SeekLt, SeekGe, SeekLe
+*/
+/* Opcode: SeekLT P1 P2 P3 P4 * 
+** Synopsis: key=r[P3@P4]
+**
+** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
+** use the value in register P3 as a key. If cursor P1 refers 
+** to an SQL index, then P3 is the first in an array of P4 registers 
+** that are used as an unpacked index key. 
+**
+** Reposition cursor P1 so that  it points to the largest entry that 
+** is less than the key value. If there are no records less than 
+** the key and P2 is not zero, then jump to P2.
+**
+** This opcode leaves the cursor configured to move in reverse order,
+** from the end toward the beginning.  In other words, the cursor is
+** configured to use Prev, not Next.
+**
+** See also: Found, NotFound, SeekGt, SeekGe, SeekLe
+*/
+/* Opcode: SeekLE P1 P2 P3 P4 *
+** Synopsis: key=r[P3@P4]
+**
+** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
+** use the value in register P3 as a key. If cursor P1 refers 
+** to an SQL index, then P3 is the first in an array of P4 registers 
+** that are used as an unpacked index key. 
+**
+** Reposition cursor P1 so that it points to the largest entry that 
+** is less than or equal to the key value. If there are no records 
+** less than or equal to the key and P2 is not zero, then jump to P2.
+**
+** This opcode leaves the cursor configured to move in reverse order,
+** from the end toward the beginning.  In other words, the cursor is
+** configured to use Prev, not Next.
+**
+** If the cursor P1 was opened using the OPFLAG_SEEKEQ flag, then this
+** opcode will always land on a record that equally equals the key, or
+** else jump immediately to P2.  When the cursor is OPFLAG_SEEKEQ, this
+** opcode must be followed by an IdxGE opcode with the same arguments.
+** The IdxGE opcode will be skipped if this opcode succeeds, but the
+** IdxGE opcode will be used on subsequent loop iterations.
+**
+** See also: Found, NotFound, SeekGt, SeekGe, SeekLt
+*/
+case OP_SeekLT:         /* jump, in3 */
+case OP_SeekLE:         /* jump, in3 */
+case OP_SeekGE:         /* jump, in3 */
+case OP_SeekGT: {       /* jump, in3 */
+  int res;           /* Comparison result */
+  int oc;            /* Opcode */
+  VdbeCursor *pC;    /* The cursor to seek */
+  UnpackedRecord r;  /* The key to seek for */
+  int nField;        /* Number of columns or fields in the key */
+  i64 iKey;          /* The rowid we are to seek to */
+  int eqOnly;        /* Only interested in == results */
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  assert( pOp->p2!=0 );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( OP_SeekLE == OP_SeekLT+1 );
+  assert( OP_SeekGE == OP_SeekLT+2 );
+  assert( OP_SeekGT == OP_SeekLT+3 );
+  assert( pC->isOrdered );
+  assert( pC->uc.pCursor!=0 );
+  oc = pOp->opcode;
+  eqOnly = 0;
+  pC->nullRow = 0;
+#ifdef SQLITE_DEBUG
+  pC->seekOp = pOp->opcode;
+#endif
+
+  if( pC->isTable ){
+    /* The BTREE_SEEK_EQ flag is only set on index cursors */
+    assert( sqlite3BtreeCursorHasHint(pC->uc.pCursor, BTREE_SEEK_EQ)==0 );
+
+    /* The input value in P3 might be of any type: integer, real, string,
+    ** blob, or NULL.  But it needs to be an integer before we can do
+    ** the seek, so convert it. */
+    pIn3 = &aMem[pOp->p3];
+    if( (pIn3->flags & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
+      applyNumericAffinity(pIn3, 0);
+    }
+    iKey = sqlite3VdbeIntValue(pIn3);
+
+    /* If the P3 value could not be converted into an integer without
+    ** loss of information, then special processing is required... */
+    if( (pIn3->flags & MEM_Int)==0 ){
+      if( (pIn3->flags & MEM_Real)==0 ){
+        /* If the P3 value cannot be converted into any kind of a number,
+        ** then the seek is not possible, so jump to P2 */
+        VdbeBranchTaken(1,2); goto jump_to_p2;
+        break;
+      }
+
+      /* If the approximation iKey is larger than the actual real search
+      ** term, substitute >= for > and < for <=. e.g. if the search term
+      ** is 4.9 and the integer approximation 5:
+      **
+      **        (x >  4.9)    ->     (x >= 5)
+      **        (x <= 4.9)    ->     (x <  5)
+      */
+      if( pIn3->u.r<(double)iKey ){
+        assert( OP_SeekGE==(OP_SeekGT-1) );
+        assert( OP_SeekLT==(OP_SeekLE-1) );
+        assert( (OP_SeekLE & 0x0001)==(OP_SeekGT & 0x0001) );
+        if( (oc & 0x0001)==(OP_SeekGT & 0x0001) ) oc--;
+      }
+
+      /* If the approximation iKey is smaller than the actual real search
+      ** term, substitute <= for < and > for >=.  */
+      else if( pIn3->u.r>(double)iKey ){
+        assert( OP_SeekLE==(OP_SeekLT+1) );
+        assert( OP_SeekGT==(OP_SeekGE+1) );
+        assert( (OP_SeekLT & 0x0001)==(OP_SeekGE & 0x0001) );
+        if( (oc & 0x0001)==(OP_SeekLT & 0x0001) ) oc++;
+      }
+    } 
+    rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, 0, (u64)iKey, 0, &res);
+    pC->movetoTarget = iKey;  /* Used by OP_Delete */
+    if( rc!=SQLITE_OK ){
+      goto abort_due_to_error;
+    }
+  }else{
+    /* For a cursor with the BTREE_SEEK_EQ hint, only the OP_SeekGE and
+    ** OP_SeekLE opcodes are allowed, and these must be immediately followed
+    ** by an OP_IdxGT or OP_IdxLT opcode, respectively, with the same key.
+    */
+    if( sqlite3BtreeCursorHasHint(pC->uc.pCursor, BTREE_SEEK_EQ) ){
+      eqOnly = 1;
+      assert( pOp->opcode==OP_SeekGE || pOp->opcode==OP_SeekLE );
+      assert( pOp[1].opcode==OP_IdxLT || pOp[1].opcode==OP_IdxGT );
+      assert( pOp[1].p1==pOp[0].p1 );
+      assert( pOp[1].p2==pOp[0].p2 );
+      assert( pOp[1].p3==pOp[0].p3 );
+      assert( pOp[1].p4.i==pOp[0].p4.i );
+    }
+
+    nField = pOp->p4.i;
+    assert( pOp->p4type==P4_INT32 );
+    assert( nField>0 );
+    r.pKeyInfo = pC->pKeyInfo;
+    r.nField = (u16)nField;
+
+    /* The next line of code computes as follows, only faster:
+    **   if( oc==OP_SeekGT || oc==OP_SeekLE ){
+    **     r.default_rc = -1;
+    **   }else{
+    **     r.default_rc = +1;
+    **   }
+    */
+    r.default_rc = ((1 & (oc - OP_SeekLT)) ? -1 : +1);
+    assert( oc!=OP_SeekGT || r.default_rc==-1 );
+    assert( oc!=OP_SeekLE || r.default_rc==-1 );
+    assert( oc!=OP_SeekGE || r.default_rc==+1 );
+    assert( oc!=OP_SeekLT || r.default_rc==+1 );
+
+    r.aMem = &aMem[pOp->p3];
+#ifdef SQLITE_DEBUG
+    { int i; for(i=0; i<r.nField; i++) assert( memIsValid(&r.aMem[i]) ); }
+#endif
+    ExpandBlob(r.aMem);
+    r.eqSeen = 0;
+    rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, &r, 0, 0, &res);
+    if( rc!=SQLITE_OK ){
+      goto abort_due_to_error;
+    }
+    if( eqOnly && r.eqSeen==0 ){
+      assert( res!=0 );
+      goto seek_not_found;
+    }
+  }
+  pC->deferredMoveto = 0;
+  pC->cacheStatus = CACHE_STALE;
+#ifdef SQLITE_TEST
+  sqlite3_search_count++;
+#endif
+  if( oc>=OP_SeekGE ){  assert( oc==OP_SeekGE || oc==OP_SeekGT );
+    if( res<0 || (res==0 && oc==OP_SeekGT) ){
+      res = 0;
+      rc = sqlite3BtreeNext(pC->uc.pCursor, &res);
+      if( rc!=SQLITE_OK ) goto abort_due_to_error;
+    }else{
+      res = 0;
+    }
+  }else{
+    assert( oc==OP_SeekLT || oc==OP_SeekLE );
+    if( res>0 || (res==0 && oc==OP_SeekLT) ){
+      res = 0;
+      rc = sqlite3BtreePrevious(pC->uc.pCursor, &res);
+      if( rc!=SQLITE_OK ) goto abort_due_to_error;
+    }else{
+      /* res might be negative because the table is empty.  Check to
+      ** see if this is the case.
+      */
+      res = sqlite3BtreeEof(pC->uc.pCursor);
+    }
+  }
+seek_not_found:
+  assert( pOp->p2>0 );
+  VdbeBranchTaken(res!=0,2);
+  if( res ){
+    goto jump_to_p2;
+  }else if( eqOnly ){
+    assert( pOp[1].opcode==OP_IdxLT || pOp[1].opcode==OP_IdxGT );
+    pOp++; /* Skip the OP_IdxLt or OP_IdxGT that follows */
+  }
+  break;
+}
+
+/* Opcode: Seek P1 P2 * * *
+** Synopsis:  intkey=r[P2]
+**
+** P1 is an open table cursor and P2 is a rowid integer.  Arrange
+** for P1 to move so that it points to the rowid given by P2.
+**
+** This is actually a deferred seek.  Nothing actually happens until
+** the cursor is used to read a record.  That way, if no reads
+** occur, no unnecessary I/O happens.
+*/
+case OP_Seek: {    /* in2 */
+  VdbeCursor *pC;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( pC->uc.pCursor!=0 );
+  assert( pC->isTable );
+  pC->nullRow = 0;
+  pIn2 = &aMem[pOp->p2];
+  pC->movetoTarget = sqlite3VdbeIntValue(pIn2);
+  pC->deferredMoveto = 1;
+  break;
+}
+  
+
+/* Opcode: Found P1 P2 P3 P4 *
+** Synopsis: key=r[P3@P4]
+**
+** If P4==0 then register P3 holds a blob constructed by MakeRecord.  If
+** P4>0 then register P3 is the first of P4 registers that form an unpacked
+** record.
+**
+** Cursor P1 is on an index btree.  If the record identified by P3 and P4
+** is a prefix of any entry in P1 then a jump is made to P2 and
+** P1 is left pointing at the matching entry.
+**
+** This operation leaves the cursor in a state where it can be
+** advanced in the forward direction.  The Next instruction will work,
+** but not the Prev instruction.
+**
+** See also: NotFound, NoConflict, NotExists. SeekGe
+*/
+/* Opcode: NotFound P1 P2 P3 P4 *
+** Synopsis: key=r[P3@P4]
+**
+** If P4==0 then register P3 holds a blob constructed by MakeRecord.  If
+** P4>0 then register P3 is the first of P4 registers that form an unpacked
+** record.
+** 
+** Cursor P1 is on an index btree.  If the record identified by P3 and P4
+** is not the prefix of any entry in P1 then a jump is made to P2.  If P1 
+** does contain an entry whose prefix matches the P3/P4 record then control
+** falls through to the next instruction and P1 is left pointing at the
+** matching entry.
+**
+** This operation leaves the cursor in a state where it cannot be
+** advanced in either direction.  In other words, the Next and Prev
+** opcodes do not work after this operation.
+**
+** See also: Found, NotExists, NoConflict
+*/
+/* Opcode: NoConflict P1 P2 P3 P4 *
+** Synopsis: key=r[P3@P4]
+**
+** If P4==0 then register P3 holds a blob constructed by MakeRecord.  If
+** P4>0 then register P3 is the first of P4 registers that form an unpacked
+** record.
+** 
+** Cursor P1 is on an index btree.  If the record identified by P3 and P4
+** contains any NULL value, jump immediately to P2.  If all terms of the
+** record are not-NULL then a check is done to determine if any row in the
+** P1 index btree has a matching key prefix.  If there are no matches, jump
+** immediately to P2.  If there is a match, fall through and leave the P1
+** cursor pointing to the matching row.
+**
+** This opcode is similar to OP_NotFound with the exceptions that the
+** branch is always taken if any part of the search key input is NULL.
+**
+** This operation leaves the cursor in a state where it cannot be
+** advanced in either direction.  In other words, the Next and Prev
+** opcodes do not work after this operation.
+**
+** See also: NotFound, Found, NotExists
+*/
+case OP_NoConflict:     /* jump, in3 */
+case OP_NotFound:       /* jump, in3 */
+case OP_Found: {        /* jump, in3 */
+  int alreadyExists;
+  int takeJump;
+  int ii;
+  VdbeCursor *pC;
+  int res;
+  char *pFree;
+  UnpackedRecord *pIdxKey;
+  UnpackedRecord r;
+  char aTempRec[ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*4 + 7];
+
+#ifdef SQLITE_TEST
+  if( pOp->opcode!=OP_NoConflict ) sqlite3_found_count++;
+#endif
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  assert( pOp->p4type==P4_INT32 );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+#ifdef SQLITE_DEBUG
+  pC->seekOp = pOp->opcode;
+#endif
+  pIn3 = &aMem[pOp->p3];
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( pC->uc.pCursor!=0 );
+  assert( pC->isTable==0 );
+  pFree = 0;
+  if( pOp->p4.i>0 ){
+    r.pKeyInfo = pC->pKeyInfo;
+    r.nField = (u16)pOp->p4.i;
+    r.aMem = pIn3;
+    for(ii=0; ii<r.nField; ii++){
+      assert( memIsValid(&r.aMem[ii]) );
+      ExpandBlob(&r.aMem[ii]);
+#ifdef SQLITE_DEBUG
+      if( ii ) REGISTER_TRACE(pOp->p3+ii, &r.aMem[ii]);
+#endif
+    }
+    pIdxKey = &r;
+  }else{
+    pIdxKey = sqlite3VdbeAllocUnpackedRecord(
+        pC->pKeyInfo, aTempRec, sizeof(aTempRec), &pFree
+    );
+    if( pIdxKey==0 ) goto no_mem;
+    assert( pIn3->flags & MEM_Blob );
+    ExpandBlob(pIn3);
+    sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
+  }
+  pIdxKey->default_rc = 0;
+  takeJump = 0;
+  if( pOp->opcode==OP_NoConflict ){
+    /* For the OP_NoConflict opcode, take the jump if any of the
+    ** input fields are NULL, since any key with a NULL will not
+    ** conflict */
+    for(ii=0; ii<pIdxKey->nField; ii++){
+      if( pIdxKey->aMem[ii].flags & MEM_Null ){
+        takeJump = 1;
+        break;
+      }
+    }
+  }
+  rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, pIdxKey, 0, 0, &res);
+  sqlite3DbFree(db, pFree);
+  if( rc!=SQLITE_OK ){
+    break;
+  }
+  pC->seekResult = res;
+  alreadyExists = (res==0);
+  pC->nullRow = 1-alreadyExists;
+  pC->deferredMoveto = 0;
+  pC->cacheStatus = CACHE_STALE;
+  if( pOp->opcode==OP_Found ){
+    VdbeBranchTaken(alreadyExists!=0,2);
+    if( alreadyExists ) goto jump_to_p2;
+  }else{
+    VdbeBranchTaken(takeJump||alreadyExists==0,2);
+    if( takeJump || !alreadyExists ) goto jump_to_p2;
+  }
+  break;
+}
+
+/* Opcode: NotExists P1 P2 P3 * *
+** Synopsis: intkey=r[P3]
+**
+** P1 is the index of a cursor open on an SQL table btree (with integer
+** keys).  P3 is an integer rowid.  If P1 does not contain a record with
+** rowid P3 then jump immediately to P2.  Or, if P2 is 0, raise an
+** SQLITE_CORRUPT error. If P1 does contain a record with rowid P3 then 
+** leave the cursor pointing at that record and fall through to the next
+** instruction.
+**
+** The OP_NotFound opcode performs the same operation on index btrees
+** (with arbitrary multi-value keys).
+**
+** This opcode leaves the cursor in a state where it cannot be advanced
+** in either direction.  In other words, the Next and Prev opcodes will
+** not work following this opcode.
+**
+** See also: Found, NotFound, NoConflict
+*/
+case OP_NotExists: {        /* jump, in3 */
+  VdbeCursor *pC;
+  BtCursor *pCrsr;
+  int res;
+  u64 iKey;
+
+  pIn3 = &aMem[pOp->p3];
+  assert( pIn3->flags & MEM_Int );
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+#ifdef SQLITE_DEBUG
+  pC->seekOp = 0;
+#endif
+  assert( pC->isTable );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  pCrsr = pC->uc.pCursor;
+  assert( pCrsr!=0 );
+  res = 0;
+  iKey = pIn3->u.i;
+  rc = sqlite3BtreeMovetoUnpacked(pCrsr, 0, iKey, 0, &res);
+  assert( rc==SQLITE_OK || res==0 );
+  pC->movetoTarget = iKey;  /* Used by OP_Delete */
+  pC->nullRow = 0;
+  pC->cacheStatus = CACHE_STALE;
+  pC->deferredMoveto = 0;
+  VdbeBranchTaken(res!=0,2);
+  pC->seekResult = res;
+  if( res!=0 ){
+    assert( rc==SQLITE_OK );
+    if( pOp->p2==0 ){
+      rc = SQLITE_CORRUPT_BKPT;
+    }else{
+      goto jump_to_p2;
+    }
+  }
+  break;
+}
+
+/* Opcode: Sequence P1 P2 * * *
+** Synopsis: r[P2]=cursor[P1].ctr++
+**
+** Find the next available sequence number for cursor P1.
+** Write the sequence number into register P2.
+** The sequence number on the cursor is incremented after this
+** instruction.  
+*/
+case OP_Sequence: {           /* out2 */
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  assert( p->apCsr[pOp->p1]!=0 );
+  assert( p->apCsr[pOp->p1]->eCurType!=CURTYPE_VTAB );
+  pOut = out2Prerelease(p, pOp);
+  pOut->u.i = p->apCsr[pOp->p1]->seqCount++;
+  break;
+}
+
+
+/* Opcode: NewRowid P1 P2 P3 * *
+** Synopsis: r[P2]=rowid
+**
+** Get a new integer record number (a.k.a "rowid") used as the key to a table.
+** The record number is not previously used as a key in the database
+** table that cursor P1 points to.  The new record number is written
+** written to register P2.
+**
+** If P3>0 then P3 is a register in the root frame of this VDBE that holds 
+** the largest previously generated record number. No new record numbers are
+** allowed to be less than this value. When this value reaches its maximum, 
+** an SQLITE_FULL error is generated. The P3 register is updated with the '
+** generated record number. This P3 mechanism is used to help implement the
+** AUTOINCREMENT feature.
+*/
+case OP_NewRowid: {           /* out2 */
+  i64 v;                 /* The new rowid */
+  VdbeCursor *pC;        /* Cursor of table to get the new rowid */
+  int res;               /* Result of an sqlite3BtreeLast() */
+  int cnt;               /* Counter to limit the number of searches */
+  Mem *pMem;             /* Register holding largest rowid for AUTOINCREMENT */
+  VdbeFrame *pFrame;     /* Root frame of VDBE */
+
+  v = 0;
+  res = 0;
+  pOut = out2Prerelease(p, pOp);
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( pC->uc.pCursor!=0 );
+  {
+    /* The next rowid or record number (different terms for the same
+    ** thing) is obtained in a two-step algorithm.
+    **
+    ** First we attempt to find the largest existing rowid and add one
+    ** to that.  But if the largest existing rowid is already the maximum
+    ** positive integer, we have to fall through to the second
+    ** probabilistic algorithm
+    **
+    ** The second algorithm is to select a rowid at random and see if
+    ** it already exists in the table.  If it does not exist, we have
+    ** succeeded.  If the random rowid does exist, we select a new one
+    ** and try again, up to 100 times.
+    */
+    assert( pC->isTable );
+
+#ifdef SQLITE_32BIT_ROWID
+#   define MAX_ROWID 0x7fffffff
+#else
+    /* Some compilers complain about constants of the form 0x7fffffffffffffff.
+    ** Others complain about 0x7ffffffffffffffffLL.  The following macro seems
+    ** to provide the constant while making all compilers happy.
+    */
+#   define MAX_ROWID  (i64)( (((u64)0x7fffffff)<<32) | (u64)0xffffffff )
+#endif
+
+    if( !pC->useRandomRowid ){
+      rc = sqlite3BtreeLast(pC->uc.pCursor, &res);
+      if( rc!=SQLITE_OK ){
+        goto abort_due_to_error;
+      }
+      if( res ){
+        v = 1;   /* IMP: R-61914-48074 */
+      }else{
+        assert( sqlite3BtreeCursorIsValid(pC->uc.pCursor) );
+        rc = sqlite3BtreeKeySize(pC->uc.pCursor, &v);
+        assert( rc==SQLITE_OK );   /* Cannot fail following BtreeLast() */
+        if( v>=MAX_ROWID ){
+          pC->useRandomRowid = 1;
+        }else{
+          v++;   /* IMP: R-29538-34987 */
+        }
+      }
+    }
+
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+    if( pOp->p3 ){
+      /* Assert that P3 is a valid memory cell. */
+      assert( pOp->p3>0 );
+      if( p->pFrame ){
+        for(pFrame=p->pFrame; pFrame->pParent; pFrame=pFrame->pParent);
+        /* Assert that P3 is a valid memory cell. */
+        assert( pOp->p3<=pFrame->nMem );
+        pMem = &pFrame->aMem[pOp->p3];
+      }else{
+        /* Assert that P3 is a valid memory cell. */
+        assert( pOp->p3<=(p->nMem-p->nCursor) );
+        pMem = &aMem[pOp->p3];
+        memAboutToChange(p, pMem);
+      }
+      assert( memIsValid(pMem) );
+
+      REGISTER_TRACE(pOp->p3, pMem);
+      sqlite3VdbeMemIntegerify(pMem);
+      assert( (pMem->flags & MEM_Int)!=0 );  /* mem(P3) holds an integer */
+      if( pMem->u.i==MAX_ROWID || pC->useRandomRowid ){
+        rc = SQLITE_FULL;   /* IMP: R-12275-61338 */
+        goto abort_due_to_error;
+      }
+      if( v<pMem->u.i+1 ){
+        v = pMem->u.i + 1;
+      }
+      pMem->u.i = v;
+    }
+#endif
+    if( pC->useRandomRowid ){
+      /* IMPLEMENTATION-OF: R-07677-41881 If the largest ROWID is equal to the
+      ** largest possible integer (9223372036854775807) then the database
+      ** engine starts picking positive candidate ROWIDs at random until
+      ** it finds one that is not previously used. */
+      assert( pOp->p3==0 );  /* We cannot be in random rowid mode if this is
+                             ** an AUTOINCREMENT table. */
+      cnt = 0;
+      do{
+        sqlite3_randomness(sizeof(v), &v);
+        v &= (MAX_ROWID>>1); v++;  /* Ensure that v is greater than zero */
+      }while(  ((rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, 0, (u64)v,
+                                                 0, &res))==SQLITE_OK)
+            && (res==0)
+            && (++cnt<100));
+      if( rc==SQLITE_OK && res==0 ){
+        rc = SQLITE_FULL;   /* IMP: R-38219-53002 */
+        goto abort_due_to_error;
+      }
+      assert( v>0 );  /* EV: R-40812-03570 */
+    }
+    pC->deferredMoveto = 0;
+    pC->cacheStatus = CACHE_STALE;
+  }
+  pOut->u.i = v;
+  break;
+}
+
+/* Opcode: Insert P1 P2 P3 P4 P5
+** Synopsis: intkey=r[P3] data=r[P2]
+**
+** Write an entry into the table of cursor P1.  A new entry is
+** created if it doesn't already exist or the data for an existing
+** entry is overwritten.  The data is the value MEM_Blob stored in register
+** number P2. The key is stored in register P3. The key must
+** be a MEM_Int.
+**
+** If the OPFLAG_NCHANGE flag of P5 is set, then the row change count is
+** incremented (otherwise not).  If the OPFLAG_LASTROWID flag of P5 is set,
+** then rowid is stored for subsequent return by the
+** sqlite3_last_insert_rowid() function (otherwise it is unmodified).
+**
+** If the OPFLAG_USESEEKRESULT flag of P5 is set and if the result of
+** the last seek operation (OP_NotExists) was a success, then this
+** operation will not attempt to find the appropriate row before doing
+** the insert but will instead overwrite the row that the cursor is
+** currently pointing to.  Presumably, the prior OP_NotExists opcode
+** has already positioned the cursor correctly.  This is an optimization
+** that boosts performance by avoiding redundant seeks.
+**
+** If the OPFLAG_ISUPDATE flag is set, then this opcode is part of an
+** UPDATE operation.  Otherwise (if the flag is clear) then this opcode
+** is part of an INSERT operation.  The difference is only important to
+** the update hook.
+**
+** Parameter P4 may point to a string containing the table-name, or
+** may be NULL. If it is not NULL, then the update-hook 
+** (sqlite3.xUpdateCallback) is invoked following a successful insert.
+**
+** (WARNING/TODO: If P1 is a pseudo-cursor and P2 is dynamically
+** allocated, then ownership of P2 is transferred to the pseudo-cursor
+** and register P2 becomes ephemeral.  If the cursor is changed, the
+** value of register P2 will then change.  Make sure this does not
+** cause any problems.)
+**
+** This instruction only works on tables.  The equivalent instruction
+** for indices is OP_IdxInsert.
+*/
+/* Opcode: InsertInt P1 P2 P3 P4 P5
+** Synopsis:  intkey=P3 data=r[P2]
+**
+** This works exactly like OP_Insert except that the key is the
+** integer value P3, not the value of the integer stored in register P3.
+*/
+case OP_Insert: 
+case OP_InsertInt: {
+  Mem *pData;       /* MEM cell holding data for the record to be inserted */
+  Mem *pKey;        /* MEM cell holding key  for the record */
+  i64 iKey;         /* The integer ROWID or key for the record to be inserted */
+  VdbeCursor *pC;   /* Cursor to table into which insert is written */
+  int nZero;        /* Number of zero-bytes to append */
+  int seekResult;   /* Result of prior seek or 0 if no USESEEKRESULT flag */
+  const char *zDb;  /* database name - used by the update hook */
+  const char *zTbl; /* Table name - used by the opdate hook */
+  int op;           /* Opcode for update hook: SQLITE_UPDATE or SQLITE_INSERT */
+
+  pData = &aMem[pOp->p2];
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  assert( memIsValid(pData) );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( pC->uc.pCursor!=0 );
+  assert( pC->isTable );
+  REGISTER_TRACE(pOp->p2, pData);
+
+  if( pOp->opcode==OP_Insert ){
+    pKey = &aMem[pOp->p3];
+    assert( pKey->flags & MEM_Int );
+    assert( memIsValid(pKey) );
+    REGISTER_TRACE(pOp->p3, pKey);
+    iKey = pKey->u.i;
+  }else{
+    assert( pOp->opcode==OP_InsertInt );
+    iKey = pOp->p3;
+  }
+
+  if( pOp->p5 & OPFLAG_NCHANGE ) p->nChange++;
+  if( pOp->p5 & OPFLAG_LASTROWID ) db->lastRowid = lastRowid = iKey;
+  if( pData->flags & MEM_Null ){
+    pData->z = 0;
+    pData->n = 0;
+  }else{
+    assert( pData->flags & (MEM_Blob|MEM_Str) );
+  }
+  seekResult = ((pOp->p5 & OPFLAG_USESEEKRESULT) ? pC->seekResult : 0);
+  if( pData->flags & MEM_Zero ){
+    nZero = pData->u.nZero;
+  }else{
+    nZero = 0;
+  }
+  rc = sqlite3BtreeInsert(pC->uc.pCursor, 0, iKey,
+                          pData->z, pData->n, nZero,
+                          (pOp->p5 & OPFLAG_APPEND)!=0, seekResult
+  );
+  pC->deferredMoveto = 0;
+  pC->cacheStatus = CACHE_STALE;
+
+  /* Invoke the update-hook if required. */
+  if( rc==SQLITE_OK && db->xUpdateCallback && pOp->p4.z ){
+    zDb = db->aDb[pC->iDb].zName;
+    zTbl = pOp->p4.z;
+    op = ((pOp->p5 & OPFLAG_ISUPDATE) ? SQLITE_UPDATE : SQLITE_INSERT);
+    assert( pC->isTable );
+    db->xUpdateCallback(db->pUpdateArg, op, zDb, zTbl, iKey);
+    assert( pC->iDb>=0 );
+  }
+  break;
+}
+
+/* Opcode: Delete P1 P2 * P4 P5
+**
+** Delete the record at which the P1 cursor is currently pointing.
+**
+** If the P5 parameter is non-zero, the cursor will be left pointing at 
+** either the next or the previous record in the table. If it is left 
+** pointing at the next record, then the next Next instruction will be a 
+** no-op. As a result, in this case it is OK to delete a record from within a
+** Next loop. If P5 is zero, then the cursor is left in an undefined state.
+**
+** If the OPFLAG_NCHANGE flag of P2 is set, then the row change count is
+** incremented (otherwise not).
+**
+** P1 must not be pseudo-table.  It has to be a real table with
+** multiple rows.
+**
+** If P4 is not NULL, then it is the name of the table that P1 is
+** pointing to.  The update hook will be invoked, if it exists.
+** If P4 is not NULL then the P1 cursor must have been positioned
+** using OP_NotFound prior to invoking this opcode.
+*/
+case OP_Delete: {
+  VdbeCursor *pC;
+  u8 hasUpdateCallback;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( pC->uc.pCursor!=0 );
+  assert( pC->deferredMoveto==0 );
+
+  hasUpdateCallback = db->xUpdateCallback && pOp->p4.z && pC->isTable;
+  if( pOp->p5 && hasUpdateCallback ){
+    sqlite3BtreeKeySize(pC->uc.pCursor, &pC->movetoTarget);
+  }
+
+#ifdef SQLITE_DEBUG
+  /* The seek operation that positioned the cursor prior to OP_Delete will
+  ** have also set the pC->movetoTarget field to the rowid of the row that
+  ** is being deleted */
+  if( pOp->p4.z && pC->isTable && pOp->p5==0 ){
+    i64 iKey = 0;
+    sqlite3BtreeKeySize(pC->uc.pCursor, &iKey);
+    assert( pC->movetoTarget==iKey ); 
+  }
+#endif
+ 
+  rc = sqlite3BtreeDelete(pC->uc.pCursor, pOp->p5);
+  pC->cacheStatus = CACHE_STALE;
+
+  /* Invoke the update-hook if required. */
+  if( rc==SQLITE_OK && hasUpdateCallback ){
+    db->xUpdateCallback(db->pUpdateArg, SQLITE_DELETE,
+                        db->aDb[pC->iDb].zName, pOp->p4.z, pC->movetoTarget);
+    assert( pC->iDb>=0 );
+  }
+  if( pOp->p2 & OPFLAG_NCHANGE ) p->nChange++;
+  break;
+}
+/* Opcode: ResetCount * * * * *
+**
+** The value of the change counter is copied to the database handle
+** change counter (returned by subsequent calls to sqlite3_changes()).
+** Then the VMs internal change counter resets to 0.
+** This is used by trigger programs.
+*/
+case OP_ResetCount: {
+  sqlite3VdbeSetChanges(db, p->nChange);
+  p->nChange = 0;
+  break;
+}
+
+/* Opcode: SorterCompare P1 P2 P3 P4
+** Synopsis:  if key(P1)!=trim(r[P3],P4) goto P2
+**
+** P1 is a sorter cursor. This instruction compares a prefix of the
+** record blob in register P3 against a prefix of the entry that 
+** the sorter cursor currently points to.  Only the first P4 fields
+** of r[P3] and the sorter record are compared.
+**
+** If either P3 or the sorter contains a NULL in one of their significant
+** fields (not counting the P4 fields at the end which are ignored) then
+** the comparison is assumed to be equal.
+**
+** Fall through to next instruction if the two records compare equal to
+** each other.  Jump to P2 if they are different.
+*/
+case OP_SorterCompare: {
+  VdbeCursor *pC;
+  int res;
+  int nKeyCol;
+
+  pC = p->apCsr[pOp->p1];
+  assert( isSorter(pC) );
+  assert( pOp->p4type==P4_INT32 );
+  pIn3 = &aMem[pOp->p3];
+  nKeyCol = pOp->p4.i;
+  res = 0;
+  rc = sqlite3VdbeSorterCompare(pC, pIn3, nKeyCol, &res);
+  VdbeBranchTaken(res!=0,2);
+  if( res ) goto jump_to_p2;
+  break;
+};
+
+/* Opcode: SorterData P1 P2 P3 * *
+** Synopsis: r[P2]=data
+**
+** Write into register P2 the current sorter data for sorter cursor P1.
+** Then clear the column header cache on cursor P3.
+**
+** This opcode is normally use to move a record out of the sorter and into
+** a register that is the source for a pseudo-table cursor created using
+** OpenPseudo.  That pseudo-table cursor is the one that is identified by
+** parameter P3.  Clearing the P3 column cache as part of this opcode saves
+** us from having to issue a separate NullRow instruction to clear that cache.
+*/
+case OP_SorterData: {
+  VdbeCursor *pC;
+
+  pOut = &aMem[pOp->p2];
+  pC = p->apCsr[pOp->p1];
+  assert( isSorter(pC) );
+  rc = sqlite3VdbeSorterRowkey(pC, pOut);
+  assert( rc!=SQLITE_OK || (pOut->flags & MEM_Blob) );
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  p->apCsr[pOp->p3]->cacheStatus = CACHE_STALE;
+  break;
+}
+
+/* Opcode: RowData P1 P2 * * *
+** Synopsis: r[P2]=data
+**
+** Write into register P2 the complete row data for cursor P1.
+** There is no interpretation of the data.  
+** It is just copied onto the P2 register exactly as 
+** it is found in the database file.
+**
+** If the P1 cursor must be pointing to a valid row (not a NULL row)
+** of a real table, not a pseudo-table.
+*/
+/* Opcode: RowKey P1 P2 * * *
+** Synopsis: r[P2]=key
+**
+** Write into register P2 the complete row key for cursor P1.
+** There is no interpretation of the data.  
+** The key is copied onto the P2 register exactly as 
+** it is found in the database file.
+**
+** If the P1 cursor must be pointing to a valid row (not a NULL row)
+** of a real table, not a pseudo-table.
+*/
+case OP_RowKey:
+case OP_RowData: {
+  VdbeCursor *pC;
+  BtCursor *pCrsr;
+  u32 n;
+  i64 n64;
+
+  pOut = &aMem[pOp->p2];
+  memAboutToChange(p, pOut);
+
+  /* Note that RowKey and RowData are really exactly the same instruction */
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( isSorter(pC)==0 );
+  assert( pC->isTable || pOp->opcode!=OP_RowData );
+  assert( pC->isTable==0 || pOp->opcode==OP_RowData );
+  assert( pC->nullRow==0 );
+  assert( pC->uc.pCursor!=0 );
+  pCrsr = pC->uc.pCursor;
+
+  /* The OP_RowKey and OP_RowData opcodes always follow OP_NotExists or
+  ** OP_Rewind/Op_Next with no intervening instructions that might invalidate
+  ** the cursor.  If this where not the case, on of the following assert()s
+  ** would fail.  Should this ever change (because of changes in the code
+  ** generator) then the fix would be to insert a call to
+  ** sqlite3VdbeCursorMoveto().
+  */
+  assert( pC->deferredMoveto==0 );
+  assert( sqlite3BtreeCursorIsValid(pCrsr) );
+#if 0  /* Not required due to the previous to assert() statements */
+  rc = sqlite3VdbeCursorMoveto(pC);
+  if( rc!=SQLITE_OK ) goto abort_due_to_error;
+#endif
+
+  if( pC->isTable==0 ){
+    assert( !pC->isTable );
+    VVA_ONLY(rc =) sqlite3BtreeKeySize(pCrsr, &n64);
+    assert( rc==SQLITE_OK );    /* True because of CursorMoveto() call above */
+    if( n64>db->aLimit[SQLITE_LIMIT_LENGTH] ){
+      goto too_big;
+    }
+    n = (u32)n64;
+  }else{
+    VVA_ONLY(rc =) sqlite3BtreeDataSize(pCrsr, &n);
+    assert( rc==SQLITE_OK );    /* DataSize() cannot fail */
+    if( n>(u32)db->aLimit[SQLITE_LIMIT_LENGTH] ){
+      goto too_big;
+    }
+  }
+  testcase( n==0 );
+  if( sqlite3VdbeMemClearAndResize(pOut, MAX(n,32)) ){
+    goto no_mem;
+  }
+  pOut->n = n;
+  MemSetTypeFlag(pOut, MEM_Blob);
+  if( pC->isTable==0 ){
+    rc = sqlite3BtreeKey(pCrsr, 0, n, pOut->z);
+  }else{
+    rc = sqlite3BtreeData(pCrsr, 0, n, pOut->z);
+  }
+  pOut->enc = SQLITE_UTF8;  /* In case the blob is ever cast to text */
+  UPDATE_MAX_BLOBSIZE(pOut);
+  REGISTER_TRACE(pOp->p2, pOut);
+  break;
+}
+
+/* Opcode: Rowid P1 P2 * * *
+** Synopsis: r[P2]=rowid
+**
+** Store in register P2 an integer which is the key of the table entry that
+** P1 is currently point to.
+**
+** P1 can be either an ordinary table or a virtual table.  There used to
+** be a separate OP_VRowid opcode for use with virtual tables, but this
+** one opcode now works for both table types.
+*/
+case OP_Rowid: {                 /* out2 */
+  VdbeCursor *pC;
+  i64 v;
+  sqlite3_vtab *pVtab;
+  const sqlite3_module *pModule;
+
+  pOut = out2Prerelease(p, pOp);
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType!=CURTYPE_PSEUDO || pC->nullRow );
+  if( pC->nullRow ){
+    pOut->flags = MEM_Null;
+    break;
+  }else if( pC->deferredMoveto ){
+    v = pC->movetoTarget;
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  }else if( pC->eCurType==CURTYPE_VTAB ){
+    assert( pC->uc.pVCur!=0 );
+    pVtab = pC->uc.pVCur->pVtab;
+    pModule = pVtab->pModule;
+    assert( pModule->xRowid );
+    rc = pModule->xRowid(pC->uc.pVCur, &v);
+    sqlite3VtabImportErrmsg(p, pVtab);
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+  }else{
+    assert( pC->eCurType==CURTYPE_BTREE );
+    assert( pC->uc.pCursor!=0 );
+    rc = sqlite3VdbeCursorRestore(pC);
+    if( rc ) goto abort_due_to_error;
+    if( pC->nullRow ){
+      pOut->flags = MEM_Null;
+      break;
+    }
+    rc = sqlite3BtreeKeySize(pC->uc.pCursor, &v);
+    assert( rc==SQLITE_OK );  /* Always so because of CursorRestore() above */
+  }
+  pOut->u.i = v;
+  break;
+}
+
+/* Opcode: NullRow P1 * * * *
+**
+** Move the cursor P1 to a null row.  Any OP_Column operations
+** that occur while the cursor is on the null row will always
+** write a NULL.
+*/
+case OP_NullRow: {
+  VdbeCursor *pC;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  pC->nullRow = 1;
+  pC->cacheStatus = CACHE_STALE;
+  if( pC->eCurType==CURTYPE_BTREE ){
+    assert( pC->uc.pCursor!=0 );
+    sqlite3BtreeClearCursor(pC->uc.pCursor);
+  }
+  break;
+}
+
+/* Opcode: Last P1 P2 P3 * *
+**
+** The next use of the Rowid or Column or Prev instruction for P1 
+** will refer to the last entry in the database table or index.
+** If the table or index is empty and P2>0, then jump immediately to P2.
+** If P2 is 0 or if the table or index is not empty, fall through
+** to the following instruction.
+**
+** This opcode leaves the cursor configured to move in reverse order,
+** from the end toward the beginning.  In other words, the cursor is
+** configured to use Prev, not Next.
+*/
+case OP_Last: {        /* jump */
+  VdbeCursor *pC;
+  BtCursor *pCrsr;
+  int res;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  pCrsr = pC->uc.pCursor;
+  res = 0;
+  assert( pCrsr!=0 );
+  rc = sqlite3BtreeLast(pCrsr, &res);
+  pC->nullRow = (u8)res;
+  pC->deferredMoveto = 0;
+  pC->cacheStatus = CACHE_STALE;
+  pC->seekResult = pOp->p3;
+#ifdef SQLITE_DEBUG
+  pC->seekOp = OP_Last;
+#endif
+  if( pOp->p2>0 ){
+    VdbeBranchTaken(res!=0,2);
+    if( res ) goto jump_to_p2;
+  }
+  break;
+}
+
+
+/* Opcode: Sort P1 P2 * * *
+**
+** This opcode does exactly the same thing as OP_Rewind except that
+** it increments an undocumented global variable used for testing.
+**
+** Sorting is accomplished by writing records into a sorting index,
+** then rewinding that index and playing it back from beginning to
+** end.  We use the OP_Sort opcode instead of OP_Rewind to do the
+** rewinding so that the global variable will be incremented and
+** regression tests can determine whether or not the optimizer is
+** correctly optimizing out sorts.
+*/
+case OP_SorterSort:    /* jump */
+case OP_Sort: {        /* jump */
+#ifdef SQLITE_TEST
+  sqlite3_sort_count++;
+  sqlite3_search_count--;
+#endif
+  p->aCounter[SQLITE_STMTSTATUS_SORT]++;
+  /* Fall through into OP_Rewind */
+}
+/* Opcode: Rewind P1 P2 * * *
+**
+** The next use of the Rowid or Column or Next instruction for P1 
+** will refer to the first entry in the database table or index.
+** If the table or index is empty, jump immediately to P2.
+** If the table or index is not empty, fall through to the following 
+** instruction.
+**
+** This opcode leaves the cursor configured to move in forward order,
+** from the beginning toward the end.  In other words, the cursor is
+** configured to use Next, not Prev.
+*/
+case OP_Rewind: {        /* jump */
+  VdbeCursor *pC;
+  BtCursor *pCrsr;
+  int res;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( isSorter(pC)==(pOp->opcode==OP_SorterSort) );
+  res = 1;
+#ifdef SQLITE_DEBUG
+  pC->seekOp = OP_Rewind;
+#endif
+  if( isSorter(pC) ){
+    rc = sqlite3VdbeSorterRewind(pC, &res);
+  }else{
+    assert( pC->eCurType==CURTYPE_BTREE );
+    pCrsr = pC->uc.pCursor;
+    assert( pCrsr );
+    rc = sqlite3BtreeFirst(pCrsr, &res);
+    pC->deferredMoveto = 0;
+    pC->cacheStatus = CACHE_STALE;
+  }
+  pC->nullRow = (u8)res;
+  assert( pOp->p2>0 && pOp->p2<p->nOp );
+  VdbeBranchTaken(res!=0,2);
+  if( res ) goto jump_to_p2;
+  break;
+}
+
+/* Opcode: Next P1 P2 P3 P4 P5
+**
+** Advance cursor P1 so that it points to the next key/data pair in its
+** table or index.  If there are no more key/value pairs then fall through
+** to the following instruction.  But if the cursor advance was successful,
+** jump immediately to P2.
+**
+** The Next opcode is only valid following an SeekGT, SeekGE, or
+** OP_Rewind opcode used to position the cursor.  Next is not allowed
+** to follow SeekLT, SeekLE, or OP_Last.
+**
+** The P1 cursor must be for a real table, not a pseudo-table.  P1 must have
+** been opened prior to this opcode or the program will segfault.
+**
+** The P3 value is a hint to the btree implementation. If P3==1, that
+** means P1 is an SQL index and that this instruction could have been
+** omitted if that index had been unique.  P3 is usually 0.  P3 is
+** always either 0 or 1.
+**
+** P4 is always of type P4_ADVANCE. The function pointer points to
+** sqlite3BtreeNext().
+**
+** If P5 is positive and the jump is taken, then event counter
+** number P5-1 in the prepared statement is incremented.
+**
+** See also: Prev, NextIfOpen
+*/
+/* Opcode: NextIfOpen P1 P2 P3 P4 P5
+**
+** This opcode works just like Next except that if cursor P1 is not
+** open it behaves a no-op.
+*/
+/* Opcode: Prev P1 P2 P3 P4 P5
+**
+** Back up cursor P1 so that it points to the previous key/data pair in its
+** table or index.  If there is no previous key/value pairs then fall through
+** to the following instruction.  But if the cursor backup was successful,
+** jump immediately to P2.
+**
+**
+** The Prev opcode is only valid following an SeekLT, SeekLE, or
+** OP_Last opcode used to position the cursor.  Prev is not allowed
+** to follow SeekGT, SeekGE, or OP_Rewind.
+**
+** The P1 cursor must be for a real table, not a pseudo-table.  If P1 is
+** not open then the behavior is undefined.
+**
+** The P3 value is a hint to the btree implementation. If P3==1, that
+** means P1 is an SQL index and that this instruction could have been
+** omitted if that index had been unique.  P3 is usually 0.  P3 is
+** always either 0 or 1.
+**
+** P4 is always of type P4_ADVANCE. The function pointer points to
+** sqlite3BtreePrevious().
+**
+** If P5 is positive and the jump is taken, then event counter
+** number P5-1 in the prepared statement is incremented.
+*/
+/* Opcode: PrevIfOpen P1 P2 P3 P4 P5
+**
+** This opcode works just like Prev except that if cursor P1 is not
+** open it behaves a no-op.
+*/
+case OP_SorterNext: {  /* jump */
+  VdbeCursor *pC;
+  int res;
+
+  pC = p->apCsr[pOp->p1];
+  assert( isSorter(pC) );
+  res = 0;
+  rc = sqlite3VdbeSorterNext(db, pC, &res);
+  goto next_tail;
+case OP_PrevIfOpen:    /* jump */
+case OP_NextIfOpen:    /* jump */
+  if( p->apCsr[pOp->p1]==0 ) break;
+  /* Fall through */
+case OP_Prev:          /* jump */
+case OP_Next:          /* jump */
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  assert( pOp->p5<ArraySize(p->aCounter) );
+  pC = p->apCsr[pOp->p1];
+  res = pOp->p3;
+  assert( pC!=0 );
+  assert( pC->deferredMoveto==0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( res==0 || (res==1 && pC->isTable==0) );
+  testcase( res==1 );
+  assert( pOp->opcode!=OP_Next || pOp->p4.xAdvance==sqlite3BtreeNext );
+  assert( pOp->opcode!=OP_Prev || pOp->p4.xAdvance==sqlite3BtreePrevious );
+  assert( pOp->opcode!=OP_NextIfOpen || pOp->p4.xAdvance==sqlite3BtreeNext );
+  assert( pOp->opcode!=OP_PrevIfOpen || pOp->p4.xAdvance==sqlite3BtreePrevious);
+
+  /* The Next opcode is only used after SeekGT, SeekGE, and Rewind.
+  ** The Prev opcode is only used after SeekLT, SeekLE, and Last. */
+  assert( pOp->opcode!=OP_Next || pOp->opcode!=OP_NextIfOpen
+       || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE
+       || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found);
+  assert( pOp->opcode!=OP_Prev || pOp->opcode!=OP_PrevIfOpen
+       || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE
+       || pC->seekOp==OP_Last );
+
+  rc = pOp->p4.xAdvance(pC->uc.pCursor, &res);
+next_tail:
+  pC->cacheStatus = CACHE_STALE;
+  VdbeBranchTaken(res==0,2);
+  if( res==0 ){
+    pC->nullRow = 0;
+    p->aCounter[pOp->p5]++;
+#ifdef SQLITE_TEST
+    sqlite3_search_count++;
+#endif
+    goto jump_to_p2_and_check_for_interrupt;
+  }else{
+    pC->nullRow = 1;
+  }
+  goto check_for_interrupt;
+}
+
+/* Opcode: IdxInsert P1 P2 P3 * P5
+** Synopsis: key=r[P2]
+**
+** Register P2 holds an SQL index key made using the
+** MakeRecord instructions.  This opcode writes that key
+** into the index P1.  Data for the entry is nil.
+**
+** P3 is a flag that provides a hint to the b-tree layer that this
+** insert is likely to be an append.
+**
+** If P5 has the OPFLAG_NCHANGE bit set, then the change counter is
+** incremented by this instruction.  If the OPFLAG_NCHANGE bit is clear,
+** then the change counter is unchanged.
+**
+** If P5 has the OPFLAG_USESEEKRESULT bit set, then the cursor must have
+** just done a seek to the spot where the new entry is to be inserted.
+** This flag avoids doing an extra seek.
+**
+** This instruction only works for indices.  The equivalent instruction
+** for tables is OP_Insert.
+*/
+case OP_SorterInsert:       /* in2 */
+case OP_IdxInsert: {        /* in2 */
+  VdbeCursor *pC;
+  int nKey;
+  const char *zKey;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( isSorter(pC)==(pOp->opcode==OP_SorterInsert) );
+  pIn2 = &aMem[pOp->p2];
+  assert( pIn2->flags & MEM_Blob );
+  if( pOp->p5 & OPFLAG_NCHANGE ) p->nChange++;
+  assert( pC->eCurType==CURTYPE_BTREE || pOp->opcode==OP_SorterInsert );
+  assert( pC->isTable==0 );
+  rc = ExpandBlob(pIn2);
+  if( rc==SQLITE_OK ){
+    if( pOp->opcode==OP_SorterInsert ){
+      rc = sqlite3VdbeSorterWrite(pC, pIn2);
+    }else{
+      nKey = pIn2->n;
+      zKey = pIn2->z;
+      rc = sqlite3BtreeInsert(pC->uc.pCursor, zKey, nKey, "", 0, 0, pOp->p3, 
+          ((pOp->p5 & OPFLAG_USESEEKRESULT) ? pC->seekResult : 0)
+          );
+      assert( pC->deferredMoveto==0 );
+      pC->cacheStatus = CACHE_STALE;
+    }
+  }
+  break;
+}
+
+/* Opcode: IdxDelete P1 P2 P3 * *
+** Synopsis: key=r[P2@P3]
+**
+** The content of P3 registers starting at register P2 form
+** an unpacked index key. This opcode removes that entry from the 
+** index opened by cursor P1.
+*/
+case OP_IdxDelete: {
+  VdbeCursor *pC;
+  BtCursor *pCrsr;
+  int res;
+  UnpackedRecord r;
+
+  assert( pOp->p3>0 );
+  assert( pOp->p2>0 && pOp->p2+pOp->p3<=(p->nMem-p->nCursor)+1 );
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  pCrsr = pC->uc.pCursor;
+  assert( pCrsr!=0 );
+  assert( pOp->p5==0 );
+  r.pKeyInfo = pC->pKeyInfo;
+  r.nField = (u16)pOp->p3;
+  r.default_rc = 0;
+  r.aMem = &aMem[pOp->p2];
+#ifdef SQLITE_DEBUG
+  { int i; for(i=0; i<r.nField; i++) assert( memIsValid(&r.aMem[i]) ); }
+#endif
+  rc = sqlite3BtreeMovetoUnpacked(pCrsr, &r, 0, 0, &res);
+  if( rc==SQLITE_OK && res==0 ){
+    rc = sqlite3BtreeDelete(pCrsr, 0);
+  }
+  assert( pC->deferredMoveto==0 );
+  pC->cacheStatus = CACHE_STALE;
+  break;
+}
+
+/* Opcode: IdxRowid P1 P2 * * *
+** Synopsis: r[P2]=rowid
+**
+** Write into register P2 an integer which is the last entry in the record at
+** the end of the index key pointed to by cursor P1.  This integer should be
+** the rowid of the table entry to which this index entry points.
+**
+** See also: Rowid, MakeRecord.
+*/
+case OP_IdxRowid: {              /* out2 */
+  BtCursor *pCrsr;
+  VdbeCursor *pC;
+  i64 rowid;
+
+  pOut = out2Prerelease(p, pOp);
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  pCrsr = pC->uc.pCursor;
+  assert( pCrsr!=0 );
+  pOut->flags = MEM_Null;
+  assert( pC->isTable==0 );
+  assert( pC->deferredMoveto==0 );
+
+  /* sqlite3VbeCursorRestore() can only fail if the record has been deleted
+  ** out from under the cursor.  That will never happend for an IdxRowid
+  ** opcode, hence the NEVER() arround the check of the return value.
+  */
+  rc = sqlite3VdbeCursorRestore(pC);
+  if( NEVER(rc!=SQLITE_OK) ) goto abort_due_to_error;
+
+  if( !pC->nullRow ){
+    rowid = 0;  /* Not needed.  Only used to silence a warning. */
+    rc = sqlite3VdbeIdxRowid(db, pCrsr, &rowid);
+    if( rc!=SQLITE_OK ){
+      goto abort_due_to_error;
+    }
+    pOut->u.i = rowid;
+    pOut->flags = MEM_Int;
+  }
+  break;
+}
+
+/* Opcode: IdxGE P1 P2 P3 P4 P5
+** Synopsis: key=r[P3@P4]
+**
+** The P4 register values beginning with P3 form an unpacked index 
+** key that omits the PRIMARY KEY.  Compare this key value against the index 
+** that P1 is currently pointing to, ignoring the PRIMARY KEY or ROWID 
+** fields at the end.
+**
+** If the P1 index entry is greater than or equal to the key value
+** then jump to P2.  Otherwise fall through to the next instruction.
+*/
+/* Opcode: IdxGT P1 P2 P3 P4 P5
+** Synopsis: key=r[P3@P4]
+**
+** The P4 register values beginning with P3 form an unpacked index 
+** key that omits the PRIMARY KEY.  Compare this key value against the index 
+** that P1 is currently pointing to, ignoring the PRIMARY KEY or ROWID 
+** fields at the end.
+**
+** If the P1 index entry is greater than the key value
+** then jump to P2.  Otherwise fall through to the next instruction.
+*/
+/* Opcode: IdxLT P1 P2 P3 P4 P5
+** Synopsis: key=r[P3@P4]
+**
+** The P4 register values beginning with P3 form an unpacked index 
+** key that omits the PRIMARY KEY or ROWID.  Compare this key value against
+** the index that P1 is currently pointing to, ignoring the PRIMARY KEY or
+** ROWID on the P1 index.
+**
+** If the P1 index entry is less than the key value then jump to P2.
+** Otherwise fall through to the next instruction.
+*/
+/* Opcode: IdxLE P1 P2 P3 P4 P5
+** Synopsis: key=r[P3@P4]
+**
+** The P4 register values beginning with P3 form an unpacked index 
+** key that omits the PRIMARY KEY or ROWID.  Compare this key value against
+** the index that P1 is currently pointing to, ignoring the PRIMARY KEY or
+** ROWID on the P1 index.
+**
+** If the P1 index entry is less than or equal to the key value then jump
+** to P2. Otherwise fall through to the next instruction.
+*/
+case OP_IdxLE:          /* jump */
+case OP_IdxGT:          /* jump */
+case OP_IdxLT:          /* jump */
+case OP_IdxGE:  {       /* jump */
+  VdbeCursor *pC;
+  int res;
+  UnpackedRecord r;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  assert( pC->isOrdered );
+  assert( pC->eCurType==CURTYPE_BTREE );
+  assert( pC->uc.pCursor!=0);
+  assert( pC->deferredMoveto==0 );
+  assert( pOp->p5==0 || pOp->p5==1 );
+  assert( pOp->p4type==P4_INT32 );
+  r.pKeyInfo = pC->pKeyInfo;
+  r.nField = (u16)pOp->p4.i;
+  if( pOp->opcode<OP_IdxLT ){
+    assert( pOp->opcode==OP_IdxLE || pOp->opcode==OP_IdxGT );
+    r.default_rc = -1;
+  }else{
+    assert( pOp->opcode==OP_IdxGE || pOp->opcode==OP_IdxLT );
+    r.default_rc = 0;
+  }
+  r.aMem = &aMem[pOp->p3];
+#ifdef SQLITE_DEBUG
+  { int i; for(i=0; i<r.nField; i++) assert( memIsValid(&r.aMem[i]) ); }
+#endif
+  res = 0;  /* Not needed.  Only used to silence a warning. */
+  rc = sqlite3VdbeIdxKeyCompare(db, pC, &r, &res);
+  assert( (OP_IdxLE&1)==(OP_IdxLT&1) && (OP_IdxGE&1)==(OP_IdxGT&1) );
+  if( (pOp->opcode&1)==(OP_IdxLT&1) ){
+    assert( pOp->opcode==OP_IdxLE || pOp->opcode==OP_IdxLT );
+    res = -res;
+  }else{
+    assert( pOp->opcode==OP_IdxGE || pOp->opcode==OP_IdxGT );
+    res++;
+  }
+  VdbeBranchTaken(res>0,2);
+  if( res>0 ) goto jump_to_p2;
+  break;
+}
+
+/* Opcode: Destroy P1 P2 P3 * *
+**
+** Delete an entire database table or index whose root page in the database
+** file is given by P1.
+**
+** The table being destroyed is in the main database file if P3==0.  If
+** P3==1 then the table to be clear is in the auxiliary database file
+** that is used to store tables create using CREATE TEMPORARY TABLE.
+**
+** If AUTOVACUUM is enabled then it is possible that another root page
+** might be moved into the newly deleted root page in order to keep all
+** root pages contiguous at the beginning of the database.  The former
+** value of the root page that moved - its value before the move occurred -
+** is stored in register P2.  If no page 
+** movement was required (because the table being dropped was already 
+** the last one in the database) then a zero is stored in register P2.
+** If AUTOVACUUM is disabled then a zero is stored in register P2.
+**
+** See also: Clear
+*/
+case OP_Destroy: {     /* out2 */
+  int iMoved;
+  int iDb;
+
+  assert( p->readOnly==0 );
+  pOut = out2Prerelease(p, pOp);
+  pOut->flags = MEM_Null;
+  if( db->nVdbeRead > db->nVDestroy+1 ){
+    rc = SQLITE_LOCKED;
+    p->errorAction = OE_Abort;
+  }else{
+    iDb = pOp->p3;
+    assert( DbMaskTest(p->btreeMask, iDb) );
+    iMoved = 0;  /* Not needed.  Only to silence a warning. */
+    rc = sqlite3BtreeDropTable(db->aDb[iDb].pBt, pOp->p1, &iMoved);
+    pOut->flags = MEM_Int;
+    pOut->u.i = iMoved;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    if( rc==SQLITE_OK && iMoved!=0 ){
+      sqlite3RootPageMoved(db, iDb, iMoved, pOp->p1);
+      /* All OP_Destroy operations occur on the same btree */
+      assert( resetSchemaOnFault==0 || resetSchemaOnFault==iDb+1 );
+      resetSchemaOnFault = iDb+1;
+    }
+#endif
+  }
+  break;
+}
+
+/* Opcode: Clear P1 P2 P3
+**
+** Delete all contents of the database table or index whose root page
+** in the database file is given by P1.  But, unlike Destroy, do not
+** remove the table or index from the database file.
+**
+** The table being clear is in the main database file if P2==0.  If
+** P2==1 then the table to be clear is in the auxiliary database file
+** that is used to store tables create using CREATE TEMPORARY TABLE.
+**
+** If the P3 value is non-zero, then the table referred to must be an
+** intkey table (an SQL table, not an index). In this case the row change 
+** count is incremented by the number of rows in the table being cleared. 
+** If P3 is greater than zero, then the value stored in register P3 is
+** also incremented by the number of rows in the table being cleared.
+**
+** See also: Destroy
+*/
+case OP_Clear: {
+  int nChange;
+ 
+  nChange = 0;
+  assert( p->readOnly==0 );
+  assert( DbMaskTest(p->btreeMask, pOp->p2) );
+  rc = sqlite3BtreeClearTable(
+      db->aDb[pOp->p2].pBt, pOp->p1, (pOp->p3 ? &nChange : 0)
+  );
+  if( pOp->p3 ){
+    p->nChange += nChange;
+    if( pOp->p3>0 ){
+      assert( memIsValid(&aMem[pOp->p3]) );
+      memAboutToChange(p, &aMem[pOp->p3]);
+      aMem[pOp->p3].u.i += nChange;
+    }
+  }
+  break;
+}
+
+/* Opcode: ResetSorter P1 * * * *
+**
+** Delete all contents from the ephemeral table or sorter
+** that is open on cursor P1.
+**
+** This opcode only works for cursors used for sorting and
+** opened with OP_OpenEphemeral or OP_SorterOpen.
+*/
+case OP_ResetSorter: {
+  VdbeCursor *pC;
+ 
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  pC = p->apCsr[pOp->p1];
+  assert( pC!=0 );
+  if( isSorter(pC) ){
+    sqlite3VdbeSorterReset(db, pC->uc.pSorter);
+  }else{
+    assert( pC->eCurType==CURTYPE_BTREE );
+    assert( pC->isEphemeral );
+    rc = sqlite3BtreeClearTableOfCursor(pC->uc.pCursor);
+  }
+  break;
+}
+
+/* Opcode: CreateTable P1 P2 * * *
+** Synopsis: r[P2]=root iDb=P1
+**
+** Allocate a new table in the main database file if P1==0 or in the
+** auxiliary database file if P1==1 or in an attached database if
+** P1>1.  Write the root page number of the new table into
+** register P2
+**
+** The difference between a table and an index is this:  A table must
+** have a 4-byte integer key and can have arbitrary data.  An index
+** has an arbitrary key but no data.
+**
+** See also: CreateIndex
+*/
+/* Opcode: CreateIndex P1 P2 * * *
+** Synopsis: r[P2]=root iDb=P1
+**
+** Allocate a new index in the main database file if P1==0 or in the
+** auxiliary database file if P1==1 or in an attached database if
+** P1>1.  Write the root page number of the new table into
+** register P2.
+**
+** See documentation on OP_CreateTable for additional information.
+*/
+case OP_CreateIndex:            /* out2 */
+case OP_CreateTable: {          /* out2 */
+  int pgno;
+  int flags;
+  Db *pDb;
+
+  pOut = out2Prerelease(p, pOp);
+  pgno = 0;
+  assert( pOp->p1>=0 && pOp->p1<db->nDb );
+  assert( DbMaskTest(p->btreeMask, pOp->p1) );
+  assert( p->readOnly==0 );
+  pDb = &db->aDb[pOp->p1];
+  assert( pDb->pBt!=0 );
+  if( pOp->opcode==OP_CreateTable ){
+    /* flags = BTREE_INTKEY; */
+    flags = BTREE_INTKEY;
+  }else{
+    flags = BTREE_BLOBKEY;
+  }
+  rc = sqlite3BtreeCreateTable(pDb->pBt, &pgno, flags);
+  pOut->u.i = pgno;
+  break;
+}
+
+/* Opcode: ParseSchema P1 * * P4 *
+**
+** Read and parse all entries from the SQLITE_MASTER table of database P1
+** that match the WHERE clause P4. 
+**
+** This opcode invokes the parser to create a new virtual machine,
+** then runs the new virtual machine.  It is thus a re-entrant opcode.
+*/
+case OP_ParseSchema: {
+  int iDb;
+  const char *zMaster;
+  char *zSql;
+  InitData initData;
+
+  /* Any prepared statement that invokes this opcode will hold mutexes
+  ** on every btree.  This is a prerequisite for invoking 
+  ** sqlite3InitCallback().
+  */
+#ifdef SQLITE_DEBUG
+  for(iDb=0; iDb<db->nDb; iDb++){
+    assert( iDb==1 || sqlite3BtreeHoldsMutex(db->aDb[iDb].pBt) );
+  }
+#endif
+
+  iDb = pOp->p1;
+  assert( iDb>=0 && iDb<db->nDb );
+  assert( DbHasProperty(db, iDb, DB_SchemaLoaded) );
+  /* Used to be a conditional */ {
+    zMaster = SCHEMA_TABLE(iDb);
+    initData.db = db;
+    initData.iDb = pOp->p1;
+    initData.pzErrMsg = &p->zErrMsg;
+    zSql = sqlite3MPrintf(db,
+       "SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid",
+       db->aDb[iDb].zName, zMaster, pOp->p4.z);
+    if( zSql==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      assert( db->init.busy==0 );
+      db->init.busy = 1;
+      initData.rc = SQLITE_OK;
+      assert( !db->mallocFailed );
+      rc = sqlite3_exec(db, zSql, sqlite3InitCallback, &initData, 0);
+      if( rc==SQLITE_OK ) rc = initData.rc;
+      sqlite3DbFree(db, zSql);
+      db->init.busy = 0;
+    }
+  }
+  if( rc ) sqlite3ResetAllSchemasOfConnection(db);
+  if( rc==SQLITE_NOMEM ){
+    goto no_mem;
+  }
+  break;  
+}
+
+#if !defined(SQLITE_OMIT_ANALYZE)
+/* Opcode: LoadAnalysis P1 * * * *
+**
+** Read the sqlite_stat1 table for database P1 and load the content
+** of that table into the internal index hash table.  This will cause
+** the analysis to be used when preparing all subsequent queries.
+*/
+case OP_LoadAnalysis: {
+  assert( pOp->p1>=0 && pOp->p1<db->nDb );
+  rc = sqlite3AnalysisLoad(db, pOp->p1);
+  break;  
+}
+#endif /* !defined(SQLITE_OMIT_ANALYZE) */
+
+/* Opcode: DropTable P1 * * P4 *
+**
+** Remove the internal (in-memory) data structures that describe
+** the table named P4 in database P1.  This is called after a table
+** is dropped from disk (using the Destroy opcode) in order to keep 
+** the internal representation of the
+** schema consistent with what is on disk.
+*/
+case OP_DropTable: {
+  sqlite3UnlinkAndDeleteTable(db, pOp->p1, pOp->p4.z);
+  break;
+}
+
+/* Opcode: DropIndex P1 * * P4 *
+**
+** Remove the internal (in-memory) data structures that describe
+** the index named P4 in database P1.  This is called after an index
+** is dropped from disk (using the Destroy opcode)
+** in order to keep the internal representation of the
+** schema consistent with what is on disk.
+*/
+case OP_DropIndex: {
+  sqlite3UnlinkAndDeleteIndex(db, pOp->p1, pOp->p4.z);
+  break;
+}
+
+/* Opcode: DropTrigger P1 * * P4 *
+**
+** Remove the internal (in-memory) data structures that describe
+** the trigger named P4 in database P1.  This is called after a trigger
+** is dropped from disk (using the Destroy opcode) in order to keep 
+** the internal representation of the
+** schema consistent with what is on disk.
+*/
+case OP_DropTrigger: {
+  sqlite3UnlinkAndDeleteTrigger(db, pOp->p1, pOp->p4.z);
+  break;
+}
+
+
+#ifndef SQLITE_OMIT_INTEGRITY_CHECK
+/* Opcode: IntegrityCk P1 P2 P3 * P5
+**
+** Do an analysis of the currently open database.  Store in
+** register P1 the text of an error message describing any problems.
+** If no problems are found, store a NULL in register P1.
+**
+** The register P3 contains the maximum number of allowed errors.
+** At most reg(P3) errors will be reported.
+** In other words, the analysis stops as soon as reg(P1) errors are 
+** seen.  Reg(P1) is updated with the number of errors remaining.
+**
+** The root page numbers of all tables in the database are integer
+** stored in reg(P1), reg(P1+1), reg(P1+2), ....  There are P2 tables
+** total.
+**
+** If P5 is not zero, the check is done on the auxiliary database
+** file, not the main database file.
+**
+** This opcode is used to implement the integrity_check pragma.
+*/
+case OP_IntegrityCk: {
+  int nRoot;      /* Number of tables to check.  (Number of root pages.) */
+  int *aRoot;     /* Array of rootpage numbers for tables to be checked */
+  int j;          /* Loop counter */
+  int nErr;       /* Number of errors reported */
+  char *z;        /* Text of the error report */
+  Mem *pnErr;     /* Register keeping track of errors remaining */
+
+  assert( p->bIsReader );
+  nRoot = pOp->p2;
+  assert( nRoot>0 );
+  aRoot = sqlite3DbMallocRaw(db, sizeof(int)*(nRoot+1) );
+  if( aRoot==0 ) goto no_mem;
+  assert( pOp->p3>0 && pOp->p3<=(p->nMem-p->nCursor) );
+  pnErr = &aMem[pOp->p3];
+  assert( (pnErr->flags & MEM_Int)!=0 );
+  assert( (pnErr->flags & (MEM_Str|MEM_Blob))==0 );
+  pIn1 = &aMem[pOp->p1];
+  for(j=0; j<nRoot; j++){
+    aRoot[j] = (int)sqlite3VdbeIntValue(&pIn1[j]);
+  }
+  aRoot[j] = 0;
+  assert( pOp->p5<db->nDb );
+  assert( DbMaskTest(p->btreeMask, pOp->p5) );
+  z = sqlite3BtreeIntegrityCheck(db->aDb[pOp->p5].pBt, aRoot, nRoot,
+                                 (int)pnErr->u.i, &nErr);
+  sqlite3DbFree(db, aRoot);
+  pnErr->u.i -= nErr;
+  sqlite3VdbeMemSetNull(pIn1);
+  if( nErr==0 ){
+    assert( z==0 );
+  }else if( z==0 ){
+    goto no_mem;
+  }else{
+    sqlite3VdbeMemSetStr(pIn1, z, -1, SQLITE_UTF8, sqlite3_free);
+  }
+  UPDATE_MAX_BLOBSIZE(pIn1);
+  sqlite3VdbeChangeEncoding(pIn1, encoding);
+  break;
+}
+#endif /* SQLITE_OMIT_INTEGRITY_CHECK */
+
+/* Opcode: RowSetAdd P1 P2 * * *
+** Synopsis:  rowset(P1)=r[P2]
+**
+** Insert the integer value held by register P2 into a boolean index
+** held in register P1.
+**
+** An assertion fails if P2 is not an integer.
+*/
+case OP_RowSetAdd: {       /* in1, in2 */
+  pIn1 = &aMem[pOp->p1];
+  pIn2 = &aMem[pOp->p2];
+  assert( (pIn2->flags & MEM_Int)!=0 );
+  if( (pIn1->flags & MEM_RowSet)==0 ){
+    sqlite3VdbeMemSetRowSet(pIn1);
+    if( (pIn1->flags & MEM_RowSet)==0 ) goto no_mem;
+  }
+  sqlite3RowSetInsert(pIn1->u.pRowSet, pIn2->u.i);
+  break;
+}
+
+/* Opcode: RowSetRead P1 P2 P3 * *
+** Synopsis:  r[P3]=rowset(P1)
+**
+** Extract the smallest value from boolean index P1 and put that value into
+** register P3.  Or, if boolean index P1 is initially empty, leave P3
+** unchanged and jump to instruction P2.
+*/
+case OP_RowSetRead: {       /* jump, in1, out3 */
+  i64 val;
+
+  pIn1 = &aMem[pOp->p1];
+  if( (pIn1->flags & MEM_RowSet)==0 
+   || sqlite3RowSetNext(pIn1->u.pRowSet, &val)==0
+  ){
+    /* The boolean index is empty */
+    sqlite3VdbeMemSetNull(pIn1);
+    VdbeBranchTaken(1,2);
+    goto jump_to_p2_and_check_for_interrupt;
+  }else{
+    /* A value was pulled from the index */
+    VdbeBranchTaken(0,2);
+    sqlite3VdbeMemSetInt64(&aMem[pOp->p3], val);
+  }
+  goto check_for_interrupt;
+}
+
+/* Opcode: RowSetTest P1 P2 P3 P4
+** Synopsis: if r[P3] in rowset(P1) goto P2
+**
+** Register P3 is assumed to hold a 64-bit integer value. If register P1
+** contains a RowSet object and that RowSet object contains
+** the value held in P3, jump to register P2. Otherwise, insert the
+** integer in P3 into the RowSet and continue on to the
+** next opcode.
+**
+** The RowSet object is optimized for the case where successive sets
+** of integers, where each set contains no duplicates. Each set
+** of values is identified by a unique P4 value. The first set
+** must have P4==0, the final set P4=-1.  P4 must be either -1 or
+** non-negative.  For non-negative values of P4 only the lower 4
+** bits are significant.
+**
+** This allows optimizations: (a) when P4==0 there is no need to test
+** the rowset object for P3, as it is guaranteed not to contain it,
+** (b) when P4==-1 there is no need to insert the value, as it will
+** never be tested for, and (c) when a value that is part of set X is
+** inserted, there is no need to search to see if the same value was
+** previously inserted as part of set X (only if it was previously
+** inserted as part of some other set).
+*/
+case OP_RowSetTest: {                     /* jump, in1, in3 */
+  int iSet;
+  int exists;
+
+  pIn1 = &aMem[pOp->p1];
+  pIn3 = &aMem[pOp->p3];
+  iSet = pOp->p4.i;
+  assert( pIn3->flags&MEM_Int );
+
+  /* If there is anything other than a rowset object in memory cell P1,
+  ** delete it now and initialize P1 with an empty rowset
+  */
+  if( (pIn1->flags & MEM_RowSet)==0 ){
+    sqlite3VdbeMemSetRowSet(pIn1);
+    if( (pIn1->flags & MEM_RowSet)==0 ) goto no_mem;
+  }
+
+  assert( pOp->p4type==P4_INT32 );
+  assert( iSet==-1 || iSet>=0 );
+  if( iSet ){
+    exists = sqlite3RowSetTest(pIn1->u.pRowSet, iSet, pIn3->u.i);
+    VdbeBranchTaken(exists!=0,2);
+    if( exists ) goto jump_to_p2;
+  }
+  if( iSet>=0 ){
+    sqlite3RowSetInsert(pIn1->u.pRowSet, pIn3->u.i);
+  }
+  break;
+}
+
+
+#ifndef SQLITE_OMIT_TRIGGER
+
+/* Opcode: Program P1 P2 P3 P4 P5
+**
+** Execute the trigger program passed as P4 (type P4_SUBPROGRAM). 
+**
+** P1 contains the address of the memory cell that contains the first memory 
+** cell in an array of values used as arguments to the sub-program. P2 
+** contains the address to jump to if the sub-program throws an IGNORE 
+** exception using the RAISE() function. Register P3 contains the address 
+** of a memory cell in this (the parent) VM that is used to allocate the 
+** memory required by the sub-vdbe at runtime.
+**
+** P4 is a pointer to the VM containing the trigger program.
+**
+** If P5 is non-zero, then recursive program invocation is enabled.
+*/
+case OP_Program: {        /* jump */
+  int nMem;               /* Number of memory registers for sub-program */
+  int nByte;              /* Bytes of runtime space required for sub-program */
+  Mem *pRt;               /* Register to allocate runtime space */
+  Mem *pMem;              /* Used to iterate through memory cells */
+  Mem *pEnd;              /* Last memory cell in new array */
+  VdbeFrame *pFrame;      /* New vdbe frame to execute in */
+  SubProgram *pProgram;   /* Sub-program to execute */
+  void *t;                /* Token identifying trigger */
+
+  pProgram = pOp->p4.pProgram;
+  pRt = &aMem[pOp->p3];
+  assert( pProgram->nOp>0 );
+  
+  /* If the p5 flag is clear, then recursive invocation of triggers is 
+  ** disabled for backwards compatibility (p5 is set if this sub-program
+  ** is really a trigger, not a foreign key action, and the flag set
+  ** and cleared by the "PRAGMA recursive_triggers" command is clear).
+  ** 
+  ** It is recursive invocation of triggers, at the SQL level, that is 
+  ** disabled. In some cases a single trigger may generate more than one 
+  ** SubProgram (if the trigger may be executed with more than one different 
+  ** ON CONFLICT algorithm). SubProgram structures associated with a
+  ** single trigger all have the same value for the SubProgram.token 
+  ** variable.  */
+  if( pOp->p5 ){
+    t = pProgram->token;
+    for(pFrame=p->pFrame; pFrame && pFrame->token!=t; pFrame=pFrame->pParent);
+    if( pFrame ) break;
+  }
+
+  if( p->nFrame>=db->aLimit[SQLITE_LIMIT_TRIGGER_DEPTH] ){
+    rc = SQLITE_ERROR;
+    sqlite3VdbeError(p, "too many levels of trigger recursion");
+    break;
+  }
+
+  /* Register pRt is used to store the memory required to save the state
+  ** of the current program, and the memory required at runtime to execute
+  ** the trigger program. If this trigger has been fired before, then pRt 
+  ** is already allocated. Otherwise, it must be initialized.  */
+  if( (pRt->flags&MEM_Frame)==0 ){
+    /* SubProgram.nMem is set to the number of memory cells used by the 
+    ** program stored in SubProgram.aOp. As well as these, one memory
+    ** cell is required for each cursor used by the program. Set local
+    ** variable nMem (and later, VdbeFrame.nChildMem) to this value.
+    */
+    nMem = pProgram->nMem + pProgram->nCsr;
+    nByte = ROUND8(sizeof(VdbeFrame))
+              + nMem * sizeof(Mem)
+              + pProgram->nCsr * sizeof(VdbeCursor *)
+              + pProgram->nOnce * sizeof(u8);
+    pFrame = sqlite3DbMallocZero(db, nByte);
+    if( !pFrame ){
+      goto no_mem;
+    }
+    sqlite3VdbeMemRelease(pRt);
+    pRt->flags = MEM_Frame;
+    pRt->u.pFrame = pFrame;
+
+    pFrame->v = p;
+    pFrame->nChildMem = nMem;
+    pFrame->nChildCsr = pProgram->nCsr;
+    pFrame->pc = (int)(pOp - aOp);
+    pFrame->aMem = p->aMem;
+    pFrame->nMem = p->nMem;
+    pFrame->apCsr = p->apCsr;
+    pFrame->nCursor = p->nCursor;
+    pFrame->aOp = p->aOp;
+    pFrame->nOp = p->nOp;
+    pFrame->token = pProgram->token;
+    pFrame->aOnceFlag = p->aOnceFlag;
+    pFrame->nOnceFlag = p->nOnceFlag;
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+    pFrame->anExec = p->anExec;
+#endif
+
+    pEnd = &VdbeFrameMem(pFrame)[pFrame->nChildMem];
+    for(pMem=VdbeFrameMem(pFrame); pMem!=pEnd; pMem++){
+      pMem->flags = MEM_Undefined;
+      pMem->db = db;
+    }
+  }else{
+    pFrame = pRt->u.pFrame;
+    assert( pProgram->nMem+pProgram->nCsr==pFrame->nChildMem );
+    assert( pProgram->nCsr==pFrame->nChildCsr );
+    assert( (int)(pOp - aOp)==pFrame->pc );
+  }
+
+  p->nFrame++;
+  pFrame->pParent = p->pFrame;
+  pFrame->lastRowid = lastRowid;
+  pFrame->nChange = p->nChange;
+  pFrame->nDbChange = p->db->nChange;
+  p->nChange = 0;
+  p->pFrame = pFrame;
+  p->aMem = aMem = &VdbeFrameMem(pFrame)[-1];
+  p->nMem = pFrame->nChildMem;
+  p->nCursor = (u16)pFrame->nChildCsr;
+  p->apCsr = (VdbeCursor **)&aMem[p->nMem+1];
+  p->aOp = aOp = pProgram->aOp;
+  p->nOp = pProgram->nOp;
+  p->aOnceFlag = (u8 *)&p->apCsr[p->nCursor];
+  p->nOnceFlag = pProgram->nOnce;
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+  p->anExec = 0;
+#endif
+  pOp = &aOp[-1];
+  memset(p->aOnceFlag, 0, p->nOnceFlag);
+
+  break;
+}
+
+/* Opcode: Param P1 P2 * * *
+**
+** This opcode is only ever present in sub-programs called via the 
+** OP_Program instruction. Copy a value currently stored in a memory 
+** cell of the calling (parent) frame to cell P2 in the current frames 
+** address space. This is used by trigger programs to access the new.* 
+** and old.* values.
+**
+** The address of the cell in the parent frame is determined by adding
+** the value of the P1 argument to the value of the P1 argument to the
+** calling OP_Program instruction.
+*/
+case OP_Param: {           /* out2 */
+  VdbeFrame *pFrame;
+  Mem *pIn;
+  pOut = out2Prerelease(p, pOp);
+  pFrame = p->pFrame;
+  pIn = &pFrame->aMem[pOp->p1 + pFrame->aOp[pFrame->pc].p1];   
+  sqlite3VdbeMemShallowCopy(pOut, pIn, MEM_Ephem);
+  break;
+}
+
+#endif /* #ifndef SQLITE_OMIT_TRIGGER */
+
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+/* Opcode: FkCounter P1 P2 * * *
+** Synopsis: fkctr[P1]+=P2
+**
+** Increment a "constraint counter" by P2 (P2 may be negative or positive).
+** If P1 is non-zero, the database constraint counter is incremented 
+** (deferred foreign key constraints). Otherwise, if P1 is zero, the 
+** statement counter is incremented (immediate foreign key constraints).
+*/
+case OP_FkCounter: {
+  if( db->flags & SQLITE_DeferFKs ){
+    db->nDeferredImmCons += pOp->p2;
+  }else if( pOp->p1 ){
+    db->nDeferredCons += pOp->p2;
+  }else{
+    p->nFkConstraint += pOp->p2;
+  }
+  break;
+}
+
+/* Opcode: FkIfZero P1 P2 * * *
+** Synopsis: if fkctr[P1]==0 goto P2
+**
+** This opcode tests if a foreign key constraint-counter is currently zero.
+** If so, jump to instruction P2. Otherwise, fall through to the next 
+** instruction.
+**
+** If P1 is non-zero, then the jump is taken if the database constraint-counter
+** is zero (the one that counts deferred constraint violations). If P1 is
+** zero, the jump is taken if the statement constraint-counter is zero
+** (immediate foreign key constraint violations).
+*/
+case OP_FkIfZero: {         /* jump */
+  if( pOp->p1 ){
+    VdbeBranchTaken(db->nDeferredCons==0 && db->nDeferredImmCons==0, 2);
+    if( db->nDeferredCons==0 && db->nDeferredImmCons==0 ) goto jump_to_p2;
+  }else{
+    VdbeBranchTaken(p->nFkConstraint==0 && db->nDeferredImmCons==0, 2);
+    if( p->nFkConstraint==0 && db->nDeferredImmCons==0 ) goto jump_to_p2;
+  }
+  break;
+}
+#endif /* #ifndef SQLITE_OMIT_FOREIGN_KEY */
+
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+/* Opcode: MemMax P1 P2 * * *
+** Synopsis: r[P1]=max(r[P1],r[P2])
+**
+** P1 is a register in the root frame of this VM (the root frame is
+** different from the current frame if this instruction is being executed
+** within a sub-program). Set the value of register P1 to the maximum of 
+** its current value and the value in register P2.
+**
+** This instruction throws an error if the memory cell is not initially
+** an integer.
+*/
+case OP_MemMax: {        /* in2 */
+  VdbeFrame *pFrame;
+  if( p->pFrame ){
+    for(pFrame=p->pFrame; pFrame->pParent; pFrame=pFrame->pParent);
+    pIn1 = &pFrame->aMem[pOp->p1];
+  }else{
+    pIn1 = &aMem[pOp->p1];
+  }
+  assert( memIsValid(pIn1) );
+  sqlite3VdbeMemIntegerify(pIn1);
+  pIn2 = &aMem[pOp->p2];
+  sqlite3VdbeMemIntegerify(pIn2);
+  if( pIn1->u.i<pIn2->u.i){
+    pIn1->u.i = pIn2->u.i;
+  }
+  break;
+}
+#endif /* SQLITE_OMIT_AUTOINCREMENT */
+
+/* Opcode: IfPos P1 P2 P3 * *
+** Synopsis: if r[P1]>0 then r[P1]-=P3, goto P2
+**
+** Register P1 must contain an integer.
+** If the value of register P1 is 1 or greater, subtract P3 from the
+** value in P1 and jump to P2.
+**
+** If the initial value of register P1 is less than 1, then the
+** value is unchanged and control passes through to the next instruction.
+*/
+case OP_IfPos: {        /* jump, in1 */
+  pIn1 = &aMem[pOp->p1];
+  assert( pIn1->flags&MEM_Int );
+  VdbeBranchTaken( pIn1->u.i>0, 2);
+  if( pIn1->u.i>0 ){
+    pIn1->u.i -= pOp->p3;
+    goto jump_to_p2;
+  }
+  break;
+}
+
+/* Opcode: SetIfNotPos P1 P2 P3 * *
+** Synopsis: if r[P1]<=0 then r[P2]=P3
+**
+** Register P1 must contain an integer.
+** If the value of register P1 is not positive (if it is less than 1) then
+** set the value of register P2 to be the integer P3.
+*/
+case OP_SetIfNotPos: {        /* in1, in2 */
+  pIn1 = &aMem[pOp->p1];
+  assert( pIn1->flags&MEM_Int );
+  if( pIn1->u.i<=0 ){
+    pOut = out2Prerelease(p, pOp);
+    pOut->u.i = pOp->p3;
+  }
+  break;
+}
+
+/* Opcode: IfNotZero P1 P2 P3 * *
+** Synopsis: if r[P1]!=0 then r[P1]-=P3, goto P2
+**
+** Register P1 must contain an integer.  If the content of register P1 is
+** initially nonzero, then subtract P3 from the value in register P1 and
+** jump to P2.  If register P1 is initially zero, leave it unchanged
+** and fall through.
+*/
+case OP_IfNotZero: {        /* jump, in1 */
+  pIn1 = &aMem[pOp->p1];
+  assert( pIn1->flags&MEM_Int );
+  VdbeBranchTaken(pIn1->u.i<0, 2);
+  if( pIn1->u.i ){
+     pIn1->u.i -= pOp->p3;
+     goto jump_to_p2;
+  }
+  break;
+}
+
+/* Opcode: DecrJumpZero P1 P2 * * *
+** Synopsis: if (--r[P1])==0 goto P2
+**
+** Register P1 must hold an integer.  Decrement the value in register P1
+** then jump to P2 if the new value is exactly zero.
+*/
+case OP_DecrJumpZero: {      /* jump, in1 */
+  pIn1 = &aMem[pOp->p1];
+  assert( pIn1->flags&MEM_Int );
+  pIn1->u.i--;
+  VdbeBranchTaken(pIn1->u.i==0, 2);
+  if( pIn1->u.i==0 ) goto jump_to_p2;
+  break;
+}
+
+
+/* Opcode: JumpZeroIncr P1 P2 * * *
+** Synopsis: if (r[P1]++)==0 ) goto P2
+**
+** The register P1 must contain an integer.  If register P1 is initially
+** zero, then jump to P2.  Increment register P1 regardless of whether or
+** not the jump is taken.
+*/
+case OP_JumpZeroIncr: {        /* jump, in1 */
+  pIn1 = &aMem[pOp->p1];
+  assert( pIn1->flags&MEM_Int );
+  VdbeBranchTaken(pIn1->u.i==0, 2);
+  if( (pIn1->u.i++)==0 ) goto jump_to_p2;
+  break;
+}
+
+/* Opcode: AggStep0 * P2 P3 P4 P5
+** Synopsis: accum=r[P3] step(r[P2@P5])
+**
+** Execute the step function for an aggregate.  The
+** function has P5 arguments.   P4 is a pointer to the FuncDef
+** structure that specifies the function.  Register P3 is the
+** accumulator.
+**
+** The P5 arguments are taken from register P2 and its
+** successors.
+*/
+/* Opcode: AggStep * P2 P3 P4 P5
+** Synopsis: accum=r[P3] step(r[P2@P5])
+**
+** Execute the step function for an aggregate.  The
+** function has P5 arguments.   P4 is a pointer to an sqlite3_context
+** object that is used to run the function.  Register P3 is
+** as the accumulator.
+**
+** The P5 arguments are taken from register P2 and its
+** successors.
+**
+** This opcode is initially coded as OP_AggStep0.  On first evaluation,
+** the FuncDef stored in P4 is converted into an sqlite3_context and
+** the opcode is changed.  In this way, the initialization of the
+** sqlite3_context only happens once, instead of on each call to the
+** step function.
+*/
+case OP_AggStep0: {
+  int n;
+  sqlite3_context *pCtx;
+
+  assert( pOp->p4type==P4_FUNCDEF );
+  n = pOp->p5;
+  assert( pOp->p3>0 && pOp->p3<=(p->nMem-p->nCursor) );
+  assert( n==0 || (pOp->p2>0 && pOp->p2+n<=(p->nMem-p->nCursor)+1) );
+  assert( pOp->p3<pOp->p2 || pOp->p3>=pOp->p2+n );
+  pCtx = sqlite3DbMallocRaw(db, sizeof(*pCtx) + (n-1)*sizeof(sqlite3_value*));
+  if( pCtx==0 ) goto no_mem;
+  pCtx->pMem = 0;
+  pCtx->pFunc = pOp->p4.pFunc;
+  pCtx->iOp = (int)(pOp - aOp);
+  pCtx->pVdbe = p;
+  pCtx->argc = n;
+  pOp->p4type = P4_FUNCCTX;
+  pOp->p4.pCtx = pCtx;
+  pOp->opcode = OP_AggStep;
+  /* Fall through into OP_AggStep */
+}
+case OP_AggStep: {
+  int i;
+  sqlite3_context *pCtx;
+  Mem *pMem;
+  Mem t;
+
+  assert( pOp->p4type==P4_FUNCCTX );
+  pCtx = pOp->p4.pCtx;
+  pMem = &aMem[pOp->p3];
+
+  /* If this function is inside of a trigger, the register array in aMem[]
+  ** might change from one evaluation to the next.  The next block of code
+  ** checks to see if the register array has changed, and if so it
+  ** reinitializes the relavant parts of the sqlite3_context object */
+  if( pCtx->pMem != pMem ){
+    pCtx->pMem = pMem;
+    for(i=pCtx->argc-1; i>=0; i--) pCtx->argv[i] = &aMem[pOp->p2+i];
+  }
+
+#ifdef SQLITE_DEBUG
+  for(i=0; i<pCtx->argc; i++){
+    assert( memIsValid(pCtx->argv[i]) );
+    REGISTER_TRACE(pOp->p2+i, pCtx->argv[i]);
+  }
+#endif
+
+  pMem->n++;
+  sqlite3VdbeMemInit(&t, db, MEM_Null);
+  pCtx->pOut = &t;
+  pCtx->fErrorOrAux = 0;
+  pCtx->skipFlag = 0;
+  (pCtx->pFunc->xStep)(pCtx,pCtx->argc,pCtx->argv); /* IMP: R-24505-23230 */
+  if( pCtx->fErrorOrAux ){
+    if( pCtx->isError ){
+      sqlite3VdbeError(p, "%s", sqlite3_value_text(&t));
+      rc = pCtx->isError;
+    }
+    sqlite3VdbeMemRelease(&t);
+  }else{
+    assert( t.flags==MEM_Null );
+  }
+  if( pCtx->skipFlag ){
+    assert( pOp[-1].opcode==OP_CollSeq );
+    i = pOp[-1].p1;
+    if( i ) sqlite3VdbeMemSetInt64(&aMem[i], 1);
+  }
+  break;
+}
+
+/* Opcode: AggFinal P1 P2 * P4 *
+** Synopsis: accum=r[P1] N=P2
+**
+** Execute the finalizer function for an aggregate.  P1 is
+** the memory location that is the accumulator for the aggregate.
+**
+** P2 is the number of arguments that the step function takes and
+** P4 is a pointer to the FuncDef for this function.  The P2
+** argument is not used by this opcode.  It is only there to disambiguate
+** functions that can take varying numbers of arguments.  The
+** P4 argument is only needed for the degenerate case where
+** the step function was not previously called.
+*/
+case OP_AggFinal: {
+  Mem *pMem;
+  assert( pOp->p1>0 && pOp->p1<=(p->nMem-p->nCursor) );
+  pMem = &aMem[pOp->p1];
+  assert( (pMem->flags & ~(MEM_Null|MEM_Agg))==0 );
+  rc = sqlite3VdbeMemFinalize(pMem, pOp->p4.pFunc);
+  if( rc ){
+    sqlite3VdbeError(p, "%s", sqlite3_value_text(pMem));
+  }
+  sqlite3VdbeChangeEncoding(pMem, encoding);
+  UPDATE_MAX_BLOBSIZE(pMem);
+  if( sqlite3VdbeMemTooBig(pMem) ){
+    goto too_big;
+  }
+  break;
+}
+
+#ifndef SQLITE_OMIT_WAL
+/* Opcode: Checkpoint P1 P2 P3 * *
+**
+** Checkpoint database P1. This is a no-op if P1 is not currently in
+** WAL mode. Parameter P2 is one of SQLITE_CHECKPOINT_PASSIVE, FULL,
+** RESTART, or TRUNCATE.  Write 1 or 0 into mem[P3] if the checkpoint returns
+** SQLITE_BUSY or not, respectively.  Write the number of pages in the
+** WAL after the checkpoint into mem[P3+1] and the number of pages
+** in the WAL that have been checkpointed after the checkpoint
+** completes into mem[P3+2].  However on an error, mem[P3+1] and
+** mem[P3+2] are initialized to -1.
+*/
+case OP_Checkpoint: {
+  int i;                          /* Loop counter */
+  int aRes[3];                    /* Results */
+  Mem *pMem;                      /* Write results here */
+
+  assert( p->readOnly==0 );
+  aRes[0] = 0;
+  aRes[1] = aRes[2] = -1;
+  assert( pOp->p2==SQLITE_CHECKPOINT_PASSIVE
+       || pOp->p2==SQLITE_CHECKPOINT_FULL
+       || pOp->p2==SQLITE_CHECKPOINT_RESTART
+       || pOp->p2==SQLITE_CHECKPOINT_TRUNCATE
+  );
+  rc = sqlite3Checkpoint(db, pOp->p1, pOp->p2, &aRes[1], &aRes[2]);
+  if( rc==SQLITE_BUSY ){
+    rc = SQLITE_OK;
+    aRes[0] = 1;
+  }
+  for(i=0, pMem = &aMem[pOp->p3]; i<3; i++, pMem++){
+    sqlite3VdbeMemSetInt64(pMem, (i64)aRes[i]);
+  }    
+  break;
+};  
+#endif
+
+#ifndef SQLITE_OMIT_PRAGMA
+/* Opcode: JournalMode P1 P2 P3 * *
+**
+** Change the journal mode of database P1 to P3. P3 must be one of the
+** PAGER_JOURNALMODE_XXX values. If changing between the various rollback
+** modes (delete, truncate, persist, off and memory), this is a simple
+** operation. No IO is required.
+**
+** If changing into or out of WAL mode the procedure is more complicated.
+**
+** Write a string containing the final journal-mode to register P2.
+*/
+case OP_JournalMode: {    /* out2 */
+  Btree *pBt;                     /* Btree to change journal mode of */
+  Pager *pPager;                  /* Pager associated with pBt */
+  int eNew;                       /* New journal mode */
+  int eOld;                       /* The old journal mode */
+#ifndef SQLITE_OMIT_WAL
+  const char *zFilename;          /* Name of database file for pPager */
+#endif
+
+  pOut = out2Prerelease(p, pOp);
+  eNew = pOp->p3;
+  assert( eNew==PAGER_JOURNALMODE_DELETE 
+       || eNew==PAGER_JOURNALMODE_TRUNCATE 
+       || eNew==PAGER_JOURNALMODE_PERSIST 
+       || eNew==PAGER_JOURNALMODE_OFF
+       || eNew==PAGER_JOURNALMODE_MEMORY
+       || eNew==PAGER_JOURNALMODE_WAL
+       || eNew==PAGER_JOURNALMODE_QUERY
+  );
+  assert( pOp->p1>=0 && pOp->p1<db->nDb );
+  assert( p->readOnly==0 );
+
+  pBt = db->aDb[pOp->p1].pBt;
+  pPager = sqlite3BtreePager(pBt);
+  eOld = sqlite3PagerGetJournalMode(pPager);
+  if( eNew==PAGER_JOURNALMODE_QUERY ) eNew = eOld;
+  if( !sqlite3PagerOkToChangeJournalMode(pPager) ) eNew = eOld;
+
+#ifndef SQLITE_OMIT_WAL
+  zFilename = sqlite3PagerFilename(pPager, 1);
+
+  /* Do not allow a transition to journal_mode=WAL for a database
+  ** in temporary storage or if the VFS does not support shared memory 
+  */
+  if( eNew==PAGER_JOURNALMODE_WAL
+   && (sqlite3Strlen30(zFilename)==0           /* Temp file */
+       || !sqlite3PagerWalSupported(pPager))   /* No shared-memory support */
+  ){
+    eNew = eOld;
+  }
+
+  if( (eNew!=eOld)
+   && (eOld==PAGER_JOURNALMODE_WAL || eNew==PAGER_JOURNALMODE_WAL)
+  ){
+    if( !db->autoCommit || db->nVdbeRead>1 ){
+      rc = SQLITE_ERROR;
+      sqlite3VdbeError(p,
+          "cannot change %s wal mode from within a transaction",
+          (eNew==PAGER_JOURNALMODE_WAL ? "into" : "out of")
+      );
+      break;
+    }else{
+ 
+      if( eOld==PAGER_JOURNALMODE_WAL ){
+        /* If leaving WAL mode, close the log file. If successful, the call
+        ** to PagerCloseWal() checkpoints and deletes the write-ahead-log 
+        ** file. An EXCLUSIVE lock may still be held on the database file 
+        ** after a successful return. 
+        */
+        rc = sqlite3PagerCloseWal(pPager);
+        if( rc==SQLITE_OK ){
+          sqlite3PagerSetJournalMode(pPager, eNew);
+        }
+      }else if( eOld==PAGER_JOURNALMODE_MEMORY ){
+        /* Cannot transition directly from MEMORY to WAL.  Use mode OFF
+        ** as an intermediate */
+        sqlite3PagerSetJournalMode(pPager, PAGER_JOURNALMODE_OFF);
+      }
+  
+      /* Open a transaction on the database file. Regardless of the journal
+      ** mode, this transaction always uses a rollback journal.
+      */
+      assert( sqlite3BtreeIsInTrans(pBt)==0 );
+      if( rc==SQLITE_OK ){
+        rc = sqlite3BtreeSetVersion(pBt, (eNew==PAGER_JOURNALMODE_WAL ? 2 : 1));
+      }
+    }
+  }
+#endif /* ifndef SQLITE_OMIT_WAL */
+
+  if( rc ){
+    eNew = eOld;
+  }
+  eNew = sqlite3PagerSetJournalMode(pPager, eNew);
+
+  pOut->flags = MEM_Str|MEM_Static|MEM_Term;
+  pOut->z = (char *)sqlite3JournalModename(eNew);
+  pOut->n = sqlite3Strlen30(pOut->z);
+  pOut->enc = SQLITE_UTF8;
+  sqlite3VdbeChangeEncoding(pOut, encoding);
+  break;
+};
+#endif /* SQLITE_OMIT_PRAGMA */
+
+#if !defined(SQLITE_OMIT_VACUUM) && !defined(SQLITE_OMIT_ATTACH)
+/* Opcode: Vacuum * * * * *
+**
+** Vacuum the entire database.  This opcode will cause other virtual
+** machines to be created and run.  It may not be called from within
+** a transaction.
+*/
+case OP_Vacuum: {
+  assert( p->readOnly==0 );
+  rc = sqlite3RunVacuum(&p->zErrMsg, db);
+  break;
+}
+#endif
+
+#if !defined(SQLITE_OMIT_AUTOVACUUM)
+/* Opcode: IncrVacuum P1 P2 * * *
+**
+** Perform a single step of the incremental vacuum procedure on
+** the P1 database. If the vacuum has finished, jump to instruction
+** P2. Otherwise, fall through to the next instruction.
+*/
+case OP_IncrVacuum: {        /* jump */
+  Btree *pBt;
+
+  assert( pOp->p1>=0 && pOp->p1<db->nDb );
+  assert( DbMaskTest(p->btreeMask, pOp->p1) );
+  assert( p->readOnly==0 );
+  pBt = db->aDb[pOp->p1].pBt;
+  rc = sqlite3BtreeIncrVacuum(pBt);
+  VdbeBranchTaken(rc==SQLITE_DONE,2);
+  if( rc==SQLITE_DONE ){
+    rc = SQLITE_OK;
+    goto jump_to_p2;
+  }
+  break;
+}
+#endif
+
+/* Opcode: Expire P1 * * * *
+**
+** Cause precompiled statements to expire.  When an expired statement
+** is executed using sqlite3_step() it will either automatically
+** reprepare itself (if it was originally created using sqlite3_prepare_v2())
+** or it will fail with SQLITE_SCHEMA.
+** 
+** If P1 is 0, then all SQL statements become expired. If P1 is non-zero,
+** then only the currently executing statement is expired.
+*/
+case OP_Expire: {
+  if( !pOp->p1 ){
+    sqlite3ExpirePreparedStatements(db);
+  }else{
+    p->expired = 1;
+  }
+  break;
+}
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+/* Opcode: TableLock P1 P2 P3 P4 *
+** Synopsis: iDb=P1 root=P2 write=P3
+**
+** Obtain a lock on a particular table. This instruction is only used when
+** the shared-cache feature is enabled. 
+**
+** P1 is the index of the database in sqlite3.aDb[] of the database
+** on which the lock is acquired.  A readlock is obtained if P3==0 or
+** a write lock if P3==1.
+**
+** P2 contains the root-page of the table to lock.
+**
+** P4 contains a pointer to the name of the table being locked. This is only
+** used to generate an error message if the lock cannot be obtained.
+*/
+case OP_TableLock: {
+  u8 isWriteLock = (u8)pOp->p3;
+  if( isWriteLock || 0==(db->flags&SQLITE_ReadUncommitted) ){
+    int p1 = pOp->p1; 
+    assert( p1>=0 && p1<db->nDb );
+    assert( DbMaskTest(p->btreeMask, p1) );
+    assert( isWriteLock==0 || isWriteLock==1 );
+    rc = sqlite3BtreeLockTable(db->aDb[p1].pBt, pOp->p2, isWriteLock);
+    if( (rc&0xFF)==SQLITE_LOCKED ){
+      const char *z = pOp->p4.z;
+      sqlite3VdbeError(p, "database table is locked: %s", z);
+    }
+  }
+  break;
+}
+#endif /* SQLITE_OMIT_SHARED_CACHE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VBegin * * * P4 *
+**
+** P4 may be a pointer to an sqlite3_vtab structure. If so, call the 
+** xBegin method for that table.
+**
+** Also, whether or not P4 is set, check that this is not being called from
+** within a callback to a virtual table xSync() method. If it is, the error
+** code will be set to SQLITE_LOCKED.
+*/
+case OP_VBegin: {
+  VTable *pVTab;
+  pVTab = pOp->p4.pVtab;
+  rc = sqlite3VtabBegin(db, pVTab);
+  if( pVTab ) sqlite3VtabImportErrmsg(p, pVTab->pVtab);
+  break;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VCreate P1 P2 * * *
+**
+** P2 is a register that holds the name of a virtual table in database 
+** P1. Call the xCreate method for that table.
+*/
+case OP_VCreate: {
+  Mem sMem;          /* For storing the record being decoded */
+  const char *zTab;  /* Name of the virtual table */
+
+  memset(&sMem, 0, sizeof(sMem));
+  sMem.db = db;
+  /* Because P2 is always a static string, it is impossible for the
+  ** sqlite3VdbeMemCopy() to fail */
+  assert( (aMem[pOp->p2].flags & MEM_Str)!=0 );
+  assert( (aMem[pOp->p2].flags & MEM_Static)!=0 );
+  rc = sqlite3VdbeMemCopy(&sMem, &aMem[pOp->p2]);
+  assert( rc==SQLITE_OK );
+  zTab = (const char*)sqlite3_value_text(&sMem);
+  assert( zTab || db->mallocFailed );
+  if( zTab ){
+    rc = sqlite3VtabCallCreate(db, pOp->p1, zTab, &p->zErrMsg);
+  }
+  sqlite3VdbeMemRelease(&sMem);
+  break;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VDestroy P1 * * P4 *
+**
+** P4 is the name of a virtual table in database P1.  Call the xDestroy method
+** of that table.
+*/
+case OP_VDestroy: {
+  db->nVDestroy++;
+  rc = sqlite3VtabCallDestroy(db, pOp->p1, pOp->p4.z);
+  db->nVDestroy--;
+  break;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VOpen P1 * * P4 *
+**
+** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
+** P1 is a cursor number.  This opcode opens a cursor to the virtual
+** table and stores that cursor in P1.
+*/
+case OP_VOpen: {
+  VdbeCursor *pCur;
+  sqlite3_vtab_cursor *pVCur;
+  sqlite3_vtab *pVtab;
+  const sqlite3_module *pModule;
+
+  assert( p->bIsReader );
+  pCur = 0;
+  pVCur = 0;
+  pVtab = pOp->p4.pVtab->pVtab;
+  if( pVtab==0 || NEVER(pVtab->pModule==0) ){
+    rc = SQLITE_LOCKED;
+    break;
+  }
+  pModule = pVtab->pModule;
+  rc = pModule->xOpen(pVtab, &pVCur);
+  sqlite3VtabImportErrmsg(p, pVtab);
+  if( SQLITE_OK==rc ){
+    /* Initialize sqlite3_vtab_cursor base class */
+    pVCur->pVtab = pVtab;
+
+    /* Initialize vdbe cursor object */
+    pCur = allocateCursor(p, pOp->p1, 0, -1, CURTYPE_VTAB);
+    if( pCur ){
+      pCur->uc.pVCur = pVCur;
+      pVtab->nRef++;
+    }else{
+      assert( db->mallocFailed );
+      pModule->xClose(pVCur);
+      goto no_mem;
+    }
+  }
+  break;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VFilter P1 P2 P3 P4 *
+** Synopsis: iplan=r[P3] zplan='P4'
+**
+** P1 is a cursor opened using VOpen.  P2 is an address to jump to if
+** the filtered result set is empty.
+**
+** P4 is either NULL or a string that was generated by the xBestIndex
+** method of the module.  The interpretation of the P4 string is left
+** to the module implementation.
+**
+** This opcode invokes the xFilter method on the virtual table specified
+** by P1.  The integer query plan parameter to xFilter is stored in register
+** P3. Register P3+1 stores the argc parameter to be passed to the
+** xFilter method. Registers P3+2..P3+1+argc are the argc
+** additional parameters which are passed to
+** xFilter as argv. Register P3+2 becomes argv[0] when passed to xFilter.
+**
+** A jump is made to P2 if the result set after filtering would be empty.
+*/
+case OP_VFilter: {   /* jump */
+  int nArg;
+  int iQuery;
+  const sqlite3_module *pModule;
+  Mem *pQuery;
+  Mem *pArgc;
+  sqlite3_vtab_cursor *pVCur;
+  sqlite3_vtab *pVtab;
+  VdbeCursor *pCur;
+  int res;
+  int i;
+  Mem **apArg;
+
+  pQuery = &aMem[pOp->p3];
+  pArgc = &pQuery[1];
+  pCur = p->apCsr[pOp->p1];
+  assert( memIsValid(pQuery) );
+  REGISTER_TRACE(pOp->p3, pQuery);
+  assert( pCur->eCurType==CURTYPE_VTAB );
+  pVCur = pCur->uc.pVCur;
+  pVtab = pVCur->pVtab;
+  pModule = pVtab->pModule;
+
+  /* Grab the index number and argc parameters */
+  assert( (pQuery->flags&MEM_Int)!=0 && pArgc->flags==MEM_Int );
+  nArg = (int)pArgc->u.i;
+  iQuery = (int)pQuery->u.i;
+
+  /* Invoke the xFilter method */
+  res = 0;
+  apArg = p->apArg;
+  for(i = 0; i<nArg; i++){
+    apArg[i] = &pArgc[i+1];
+  }
+  rc = pModule->xFilter(pVCur, iQuery, pOp->p4.z, nArg, apArg);
+  sqlite3VtabImportErrmsg(p, pVtab);
+  if( rc==SQLITE_OK ){
+    res = pModule->xEof(pVCur);
+  }
+  pCur->nullRow = 0;
+  VdbeBranchTaken(res!=0,2);
+  if( res ) goto jump_to_p2;
+  break;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VColumn P1 P2 P3 * *
+** Synopsis: r[P3]=vcolumn(P2)
+**
+** Store the value of the P2-th column of
+** the row of the virtual-table that the 
+** P1 cursor is pointing to into register P3.
+*/
+case OP_VColumn: {
+  sqlite3_vtab *pVtab;
+  const sqlite3_module *pModule;
+  Mem *pDest;
+  sqlite3_context sContext;
+
+  VdbeCursor *pCur = p->apCsr[pOp->p1];
+  assert( pCur->eCurType==CURTYPE_VTAB );
+  assert( pOp->p3>0 && pOp->p3<=(p->nMem-p->nCursor) );
+  pDest = &aMem[pOp->p3];
+  memAboutToChange(p, pDest);
+  if( pCur->nullRow ){
+    sqlite3VdbeMemSetNull(pDest);
+    break;
+  }
+  pVtab = pCur->uc.pVCur->pVtab;
+  pModule = pVtab->pModule;
+  assert( pModule->xColumn );
+  memset(&sContext, 0, sizeof(sContext));
+  sContext.pOut = pDest;
+  MemSetTypeFlag(pDest, MEM_Null);
+  rc = pModule->xColumn(pCur->uc.pVCur, &sContext, pOp->p2);
+  sqlite3VtabImportErrmsg(p, pVtab);
+  if( sContext.isError ){
+    rc = sContext.isError;
+  }
+  sqlite3VdbeChangeEncoding(pDest, encoding);
+  REGISTER_TRACE(pOp->p3, pDest);
+  UPDATE_MAX_BLOBSIZE(pDest);
+
+  if( sqlite3VdbeMemTooBig(pDest) ){
+    goto too_big;
+  }
+  break;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VNext P1 P2 * * *
+**
+** Advance virtual table P1 to the next row in its result set and
+** jump to instruction P2.  Or, if the virtual table has reached
+** the end of its result set, then fall through to the next instruction.
+*/
+case OP_VNext: {   /* jump */
+  sqlite3_vtab *pVtab;
+  const sqlite3_module *pModule;
+  int res;
+  VdbeCursor *pCur;
+
+  res = 0;
+  pCur = p->apCsr[pOp->p1];
+  assert( pCur->eCurType==CURTYPE_VTAB );
+  if( pCur->nullRow ){
+    break;
+  }
+  pVtab = pCur->uc.pVCur->pVtab;
+  pModule = pVtab->pModule;
+  assert( pModule->xNext );
+
+  /* Invoke the xNext() method of the module. There is no way for the
+  ** underlying implementation to return an error if one occurs during
+  ** xNext(). Instead, if an error occurs, true is returned (indicating that 
+  ** data is available) and the error code returned when xColumn or
+  ** some other method is next invoked on the save virtual table cursor.
+  */
+  rc = pModule->xNext(pCur->uc.pVCur);
+  sqlite3VtabImportErrmsg(p, pVtab);
+  if( rc==SQLITE_OK ){
+    res = pModule->xEof(pCur->uc.pVCur);
+  }
+  VdbeBranchTaken(!res,2);
+  if( !res ){
+    /* If there is data, jump to P2 */
+    goto jump_to_p2_and_check_for_interrupt;
+  }
+  goto check_for_interrupt;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VRename P1 * * P4 *
+**
+** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
+** This opcode invokes the corresponding xRename method. The value
+** in register P1 is passed as the zName argument to the xRename method.
+*/
+case OP_VRename: {
+  sqlite3_vtab *pVtab;
+  Mem *pName;
+
+  pVtab = pOp->p4.pVtab->pVtab;
+  pName = &aMem[pOp->p1];
+  assert( pVtab->pModule->xRename );
+  assert( memIsValid(pName) );
+  assert( p->readOnly==0 );
+  REGISTER_TRACE(pOp->p1, pName);
+  assert( pName->flags & MEM_Str );
+  testcase( pName->enc==SQLITE_UTF8 );
+  testcase( pName->enc==SQLITE_UTF16BE );
+  testcase( pName->enc==SQLITE_UTF16LE );
+  rc = sqlite3VdbeChangeEncoding(pName, SQLITE_UTF8);
+  if( rc==SQLITE_OK ){
+    rc = pVtab->pModule->xRename(pVtab, pName->z);
+    sqlite3VtabImportErrmsg(p, pVtab);
+    p->expired = 0;
+  }
+  break;
+}
+#endif
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Opcode: VUpdate P1 P2 P3 P4 P5
+** Synopsis: data=r[P3@P2]
+**
+** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
+** This opcode invokes the corresponding xUpdate method. P2 values
+** are contiguous memory cells starting at P3 to pass to the xUpdate 
+** invocation. The value in register (P3+P2-1) corresponds to the 
+** p2th element of the argv array passed to xUpdate.
+**
+** The xUpdate method will do a DELETE or an INSERT or both.
+** The argv[0] element (which corresponds to memory cell P3)
+** is the rowid of a row to delete.  If argv[0] is NULL then no 
+** deletion occurs.  The argv[1] element is the rowid of the new 
+** row.  This can be NULL to have the virtual table select the new 
+** rowid for itself.  The subsequent elements in the array are 
+** the values of columns in the new row.
+**
+** If P2==1 then no insert is performed.  argv[0] is the rowid of
+** a row to delete.
+**
+** P1 is a boolean flag. If it is set to true and the xUpdate call
+** is successful, then the value returned by sqlite3_last_insert_rowid() 
+** is set to the value of the rowid for the row just inserted.
+**
+** P5 is the error actions (OE_Replace, OE_Fail, OE_Ignore, etc) to
+** apply in the case of a constraint failure on an insert or update.
+*/
+case OP_VUpdate: {
+  sqlite3_vtab *pVtab;
+  const sqlite3_module *pModule;
+  int nArg;
+  int i;
+  sqlite_int64 rowid;
+  Mem **apArg;
+  Mem *pX;
+
+  assert( pOp->p2==1        || pOp->p5==OE_Fail   || pOp->p5==OE_Rollback 
+       || pOp->p5==OE_Abort || pOp->p5==OE_Ignore || pOp->p5==OE_Replace
+  );
+  assert( p->readOnly==0 );
+  pVtab = pOp->p4.pVtab->pVtab;
+  if( pVtab==0 || NEVER(pVtab->pModule==0) ){
+    rc = SQLITE_LOCKED;
+    break;
+  }
+  pModule = pVtab->pModule;
+  nArg = pOp->p2;
+  assert( pOp->p4type==P4_VTAB );
+  if( ALWAYS(pModule->xUpdate) ){
+    u8 vtabOnConflict = db->vtabOnConflict;
+    apArg = p->apArg;
+    pX = &aMem[pOp->p3];
+    for(i=0; i<nArg; i++){
+      assert( memIsValid(pX) );
+      memAboutToChange(p, pX);
+      apArg[i] = pX;
+      pX++;
+    }
+    db->vtabOnConflict = pOp->p5;
+    rc = pModule->xUpdate(pVtab, nArg, apArg, &rowid);
+    db->vtabOnConflict = vtabOnConflict;
+    sqlite3VtabImportErrmsg(p, pVtab);
+    if( rc==SQLITE_OK && pOp->p1 ){
+      assert( nArg>1 && apArg[0] && (apArg[0]->flags&MEM_Null) );
+      db->lastRowid = lastRowid = rowid;
+    }
+    if( (rc&0xff)==SQLITE_CONSTRAINT && pOp->p4.pVtab->bConstraint ){
+      if( pOp->p5==OE_Ignore ){
+        rc = SQLITE_OK;
+      }else{
+        p->errorAction = ((pOp->p5==OE_Replace) ? OE_Abort : pOp->p5);
+      }
+    }else{
+      p->nChange++;
+    }
+  }
+  break;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifndef  SQLITE_OMIT_PAGER_PRAGMAS
+/* Opcode: Pagecount P1 P2 * * *
+**
+** Write the current number of pages in database P1 to memory cell P2.
+*/
+case OP_Pagecount: {            /* out2 */
+  pOut = out2Prerelease(p, pOp);
+  pOut->u.i = sqlite3BtreeLastPage(db->aDb[pOp->p1].pBt);
+  break;
+}
+#endif
+
+
+#ifndef  SQLITE_OMIT_PAGER_PRAGMAS
+/* Opcode: MaxPgcnt P1 P2 P3 * *
+**
+** Try to set the maximum page count for database P1 to the value in P3.
+** Do not let the maximum page count fall below the current page count and
+** do not change the maximum page count value if P3==0.
+**
+** Store the maximum page count after the change in register P2.
+*/
+case OP_MaxPgcnt: {            /* out2 */
+  unsigned int newMax;
+  Btree *pBt;
+
+  pOut = out2Prerelease(p, pOp);
+  pBt = db->aDb[pOp->p1].pBt;
+  newMax = 0;
+  if( pOp->p3 ){
+    newMax = sqlite3BtreeLastPage(pBt);
+    if( newMax < (unsigned)pOp->p3 ) newMax = (unsigned)pOp->p3;
+  }
+  pOut->u.i = sqlite3BtreeMaxPageCount(pBt, newMax);
+  break;
+}
+#endif
+
+
+/* Opcode: Init * P2 * P4 *
+** Synopsis:  Start at P2
+**
+** Programs contain a single instance of this opcode as the very first
+** opcode.
+**
+** If tracing is enabled (by the sqlite3_trace()) interface, then
+** the UTF-8 string contained in P4 is emitted on the trace callback.
+** Or if P4 is blank, use the string returned by sqlite3_sql().
+**
+** If P2 is not zero, jump to instruction P2.
+*/
+case OP_Init: {          /* jump */
+  char *zTrace;
+  char *z;
+
+#ifndef SQLITE_OMIT_TRACE
+  if( db->xTrace
+   && !p->doingRerun
+   && (zTrace = (pOp->p4.z ? pOp->p4.z : p->zSql))!=0
+  ){
+    z = sqlite3VdbeExpandSql(p, zTrace);
+    db->xTrace(db->pTraceArg, z);
+    sqlite3DbFree(db, z);
+  }
+#ifdef SQLITE_USE_FCNTL_TRACE
+  zTrace = (pOp->p4.z ? pOp->p4.z : p->zSql);
+  if( zTrace ){
+    int i;
+    for(i=0; i<db->nDb; i++){
+      if( DbMaskTest(p->btreeMask, i)==0 ) continue;
+      sqlite3_file_control(db, db->aDb[i].zName, SQLITE_FCNTL_TRACE, zTrace);
+    }
+  }
+#endif /* SQLITE_USE_FCNTL_TRACE */
+#ifdef SQLITE_DEBUG
+  if( (db->flags & SQLITE_SqlTrace)!=0
+   && (zTrace = (pOp->p4.z ? pOp->p4.z : p->zSql))!=0
+  ){
+    sqlite3DebugPrintf("SQL-trace: %s\n", zTrace);
+  }
+#endif /* SQLITE_DEBUG */
+#endif /* SQLITE_OMIT_TRACE */
+  if( pOp->p2 ) goto jump_to_p2;
+  break;
+}
+
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+/* Opcode: CursorHint P1 * * P4 *
+**
+** Provide a hint to cursor P1 that it only needs to return rows that
+** satisfy the Expr in P4.  TK_REGISTER terms in the P4 expression refer
+** to values currently held in registers.  TK_COLUMN terms in the P4
+** expression refer to columns in the b-tree to which cursor P1 is pointing.
+*/
+case OP_CursorHint: {
+  VdbeCursor *pC;
+
+  assert( pOp->p1>=0 && pOp->p1<p->nCursor );
+  assert( pOp->p4type==P4_EXPR );
+  pC = p->apCsr[pOp->p1];
+  if( pC ){
+    assert( pC->eCurType==CURTYPE_BTREE );
+    sqlite3BtreeCursorHint(pC->uc.pCursor, BTREE_HINT_RANGE,
+                           pOp->p4.pExpr, aMem);
+  }
+  break;
+}
+#endif /* SQLITE_ENABLE_CURSOR_HINTS */
+
+/* Opcode: Noop * * * * *
+**
+** Do nothing.  This instruction is often useful as a jump
+** destination.
+*/
+/*
+** The magic Explain opcode are only inserted when explain==2 (which
+** is to say when the EXPLAIN QUERY PLAN syntax is used.)
+** This opcode records information from the optimizer.  It is the
+** the same as a no-op.  This opcodesnever appears in a real VM program.
+*/
+default: {          /* This is really OP_Noop and OP_Explain */
+  assert( pOp->opcode==OP_Noop || pOp->opcode==OP_Explain );
+  break;
+}
+
+/*****************************************************************************
+** The cases of the switch statement above this line should all be indented
+** by 6 spaces.  But the left-most 6 spaces have been removed to improve the
+** readability.  From this point on down, the normal indentation rules are
+** restored.
+*****************************************************************************/
+    }
+
+#ifdef VDBE_PROFILE
+    {
+      u64 endTime = sqlite3Hwtime();
+      if( endTime>start ) pOrigOp->cycles += endTime - start;
+      pOrigOp->cnt++;
+    }
+#endif
+
+    /* The following code adds nothing to the actual functionality
+    ** of the program.  It is only here for testing and debugging.
+    ** On the other hand, it does burn CPU cycles every time through
+    ** the evaluator loop.  So we can leave it out when NDEBUG is defined.
+    */
+#ifndef NDEBUG
+    assert( pOp>=&aOp[-1] && pOp<&aOp[p->nOp-1] );
+
+#ifdef SQLITE_DEBUG
+    if( db->flags & SQLITE_VdbeTrace ){
+      if( rc!=0 ) printf("rc=%d\n",rc);
+      if( pOrigOp->opflags & (OPFLG_OUT2) ){
+        registerTrace(pOrigOp->p2, &aMem[pOrigOp->p2]);
+      }
+      if( pOrigOp->opflags & OPFLG_OUT3 ){
+        registerTrace(pOrigOp->p3, &aMem[pOrigOp->p3]);
+      }
+    }
+#endif  /* SQLITE_DEBUG */
+#endif  /* NDEBUG */
+  }  /* The end of the for(;;) loop the loops through opcodes */
+
+  /* If we reach this point, it means that execution is finished with
+  ** an error of some kind.
+  */
+vdbe_error_halt:
+  assert( rc );
+  p->rc = rc;
+  testcase( sqlite3GlobalConfig.xLog!=0 );
+  sqlite3_log(rc, "statement aborts at %d: [%s] %s", 
+                   (int)(pOp - aOp), p->zSql, p->zErrMsg);
+  sqlite3VdbeHalt(p);
+  if( rc==SQLITE_IOERR_NOMEM ) db->mallocFailed = 1;
+  rc = SQLITE_ERROR;
+  if( resetSchemaOnFault>0 ){
+    sqlite3ResetOneSchema(db, resetSchemaOnFault-1);
+  }
+
+  /* This is the only way out of this procedure.  We have to
+  ** release the mutexes on btrees that were acquired at the
+  ** top. */
+vdbe_return:
+  db->lastRowid = lastRowid;
+  testcase( nVmStep>0 );
+  p->aCounter[SQLITE_STMTSTATUS_VM_STEP] += (int)nVmStep;
+  sqlite3VdbeLeave(p);
+  return rc;
+
+  /* Jump to here if a string or blob larger than SQLITE_MAX_LENGTH
+  ** is encountered.
+  */
+too_big:
+  sqlite3VdbeError(p, "string or blob too big");
+  rc = SQLITE_TOOBIG;
+  goto vdbe_error_halt;
+
+  /* Jump to here if a malloc() fails.
+  */
+no_mem:
+  db->mallocFailed = 1;
+  sqlite3VdbeError(p, "out of memory");
+  rc = SQLITE_NOMEM;
+  goto vdbe_error_halt;
+
+  /* Jump to here for any other kind of fatal error.  The "rc" variable
+  ** should hold the error number.
+  */
+abort_due_to_error:
+  assert( p->zErrMsg==0 );
+  if( db->mallocFailed ) rc = SQLITE_NOMEM;
+  if( rc!=SQLITE_IOERR_NOMEM ){
+    sqlite3VdbeError(p, "%s", sqlite3ErrStr(rc));
+  }
+  goto vdbe_error_halt;
+
+  /* Jump to here if the sqlite3_interrupt() API sets the interrupt
+  ** flag.
+  */
+abort_due_to_interrupt:
+  assert( db->u1.isInterrupted );
+  rc = SQLITE_INTERRUPT;
+  p->rc = rc;
+  sqlite3VdbeError(p, "%s", sqlite3ErrStr(rc));
+  goto vdbe_error_halt;
+}
+
+
+/************** End of vdbe.c ************************************************/
+/************** Begin file vdbeblob.c ****************************************/
+/*
+** 2007 May 1
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains code used to implement incremental BLOB I/O.
+*/
+
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+#ifndef SQLITE_OMIT_INCRBLOB
+
+/*
+** Valid sqlite3_blob* handles point to Incrblob structures.
+*/
+typedef struct Incrblob Incrblob;
+struct Incrblob {
+  int flags;              /* Copy of "flags" passed to sqlite3_blob_open() */
+  int nByte;              /* Size of open blob, in bytes */
+  int iOffset;            /* Byte offset of blob in cursor data */
+  int iCol;               /* Table column this handle is open on */
+  BtCursor *pCsr;         /* Cursor pointing at blob row */
+  sqlite3_stmt *pStmt;    /* Statement holding cursor open */
+  sqlite3 *db;            /* The associated database */
+};
+
+
+/*
+** This function is used by both blob_open() and blob_reopen(). It seeks
+** the b-tree cursor associated with blob handle p to point to row iRow.
+** If successful, SQLITE_OK is returned and subsequent calls to
+** sqlite3_blob_read() or sqlite3_blob_write() access the specified row.
+**
+** If an error occurs, or if the specified row does not exist or does not
+** contain a value of type TEXT or BLOB in the column nominated when the
+** blob handle was opened, then an error code is returned and *pzErr may
+** be set to point to a buffer containing an error message. It is the
+** responsibility of the caller to free the error message buffer using
+** sqlite3DbFree().
+**
+** If an error does occur, then the b-tree cursor is closed. All subsequent
+** calls to sqlite3_blob_read(), blob_write() or blob_reopen() will 
+** immediately return SQLITE_ABORT.
+*/
+static int blobSeekToRow(Incrblob *p, sqlite3_int64 iRow, char **pzErr){
+  int rc;                         /* Error code */
+  char *zErr = 0;                 /* Error message */
+  Vdbe *v = (Vdbe *)p->pStmt;
+
+  /* Set the value of the SQL statements only variable to integer iRow. 
+  ** This is done directly instead of using sqlite3_bind_int64() to avoid 
+  ** triggering asserts related to mutexes.
+  */
+  assert( v->aVar[0].flags&MEM_Int );
+  v->aVar[0].u.i = iRow;
+
+  rc = sqlite3_step(p->pStmt);
+  if( rc==SQLITE_ROW ){
+    VdbeCursor *pC = v->apCsr[0];
+    u32 type = pC->aType[p->iCol];
+    if( type<12 ){
+      zErr = sqlite3MPrintf(p->db, "cannot open value of type %s",
+          type==0?"null": type==7?"real": "integer"
+      );
+      rc = SQLITE_ERROR;
+      sqlite3_finalize(p->pStmt);
+      p->pStmt = 0;
+    }else{
+      p->iOffset = pC->aType[p->iCol + pC->nField];
+      p->nByte = sqlite3VdbeSerialTypeLen(type);
+      p->pCsr =  pC->uc.pCursor;
+      sqlite3BtreeIncrblobCursor(p->pCsr);
+    }
+  }
+
+  if( rc==SQLITE_ROW ){
+    rc = SQLITE_OK;
+  }else if( p->pStmt ){
+    rc = sqlite3_finalize(p->pStmt);
+    p->pStmt = 0;
+    if( rc==SQLITE_OK ){
+      zErr = sqlite3MPrintf(p->db, "no such rowid: %lld", iRow);
+      rc = SQLITE_ERROR;
+    }else{
+      zErr = sqlite3MPrintf(p->db, "%s", sqlite3_errmsg(p->db));
+    }
+  }
+
+  assert( rc!=SQLITE_OK || zErr==0 );
+  assert( rc!=SQLITE_ROW && rc!=SQLITE_DONE );
+
+  *pzErr = zErr;
+  return rc;
+}
+
+/*
+** Open a blob handle.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_open(
+  sqlite3* db,            /* The database connection */
+  const char *zDb,        /* The attached database containing the blob */
+  const char *zTable,     /* The table containing the blob */
+  const char *zColumn,    /* The column containing the blob */
+  sqlite_int64 iRow,      /* The row containing the glob */
+  int flags,              /* True -> read/write access, false -> read-only */
+  sqlite3_blob **ppBlob   /* Handle for accessing the blob returned here */
+){
+  int nAttempt = 0;
+  int iCol;               /* Index of zColumn in row-record */
+
+  /* This VDBE program seeks a btree cursor to the identified 
+  ** db/table/row entry. The reason for using a vdbe program instead
+  ** of writing code to use the b-tree layer directly is that the
+  ** vdbe program will take advantage of the various transaction,
+  ** locking and error handling infrastructure built into the vdbe.
+  **
+  ** After seeking the cursor, the vdbe executes an OP_ResultRow.
+  ** Code external to the Vdbe then "borrows" the b-tree cursor and
+  ** uses it to implement the blob_read(), blob_write() and 
+  ** blob_bytes() functions.
+  **
+  ** The sqlite3_blob_close() function finalizes the vdbe program,
+  ** which closes the b-tree cursor and (possibly) commits the 
+  ** transaction.
+  */
+  static const int iLn = VDBE_OFFSET_LINENO(4);
+  static const VdbeOpList openBlob[] = {
+    /* {OP_Transaction, 0, 0, 0},  // 0: Inserted separately */
+    {OP_TableLock, 0, 0, 0},       /* 1: Acquire a read or write lock */
+    /* One of the following two instructions is replaced by an OP_Noop. */
+    {OP_OpenRead, 0, 0, 0},        /* 2: Open cursor 0 for reading */
+    {OP_OpenWrite, 0, 0, 0},       /* 3: Open cursor 0 for read/write */
+    {OP_Variable, 1, 1, 1},        /* 4: Push the rowid to the stack */
+    {OP_NotExists, 0, 10, 1},      /* 5: Seek the cursor */
+    {OP_Column, 0, 0, 1},          /* 6  */
+    {OP_ResultRow, 1, 0, 0},       /* 7  */
+    {OP_Goto, 0, 4, 0},            /* 8  */
+    {OP_Close, 0, 0, 0},           /* 9  */
+    {OP_Halt, 0, 0, 0},            /* 10 */
+  };
+
+  int rc = SQLITE_OK;
+  char *zErr = 0;
+  Table *pTab;
+  Parse *pParse = 0;
+  Incrblob *pBlob = 0;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( ppBlob==0 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  *ppBlob = 0;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zTable==0 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  flags = !!flags;                /* flags = (flags ? 1 : 0); */
+
+  sqlite3_mutex_enter(db->mutex);
+
+  pBlob = (Incrblob *)sqlite3DbMallocZero(db, sizeof(Incrblob));
+  if( !pBlob ) goto blob_open_out;
+  pParse = sqlite3StackAllocRaw(db, sizeof(*pParse));
+  if( !pParse ) goto blob_open_out;
+
+  do {
+    memset(pParse, 0, sizeof(Parse));
+    pParse->db = db;
+    sqlite3DbFree(db, zErr);
+    zErr = 0;
+
+    sqlite3BtreeEnterAll(db);
+    pTab = sqlite3LocateTable(pParse, 0, zTable, zDb);
+    if( pTab && IsVirtual(pTab) ){
+      pTab = 0;
+      sqlite3ErrorMsg(pParse, "cannot open virtual table: %s", zTable);
+    }
+    if( pTab && !HasRowid(pTab) ){
+      pTab = 0;
+      sqlite3ErrorMsg(pParse, "cannot open table without rowid: %s", zTable);
+    }
+#ifndef SQLITE_OMIT_VIEW
+    if( pTab && pTab->pSelect ){
+      pTab = 0;
+      sqlite3ErrorMsg(pParse, "cannot open view: %s", zTable);
+    }
+#endif
+    if( !pTab ){
+      if( pParse->zErrMsg ){
+        sqlite3DbFree(db, zErr);
+        zErr = pParse->zErrMsg;
+        pParse->zErrMsg = 0;
+      }
+      rc = SQLITE_ERROR;
+      sqlite3BtreeLeaveAll(db);
+      goto blob_open_out;
+    }
+
+    /* Now search pTab for the exact column. */
+    for(iCol=0; iCol<pTab->nCol; iCol++) {
+      if( sqlite3StrICmp(pTab->aCol[iCol].zName, zColumn)==0 ){
+        break;
+      }
+    }
+    if( iCol==pTab->nCol ){
+      sqlite3DbFree(db, zErr);
+      zErr = sqlite3MPrintf(db, "no such column: \"%s\"", zColumn);
+      rc = SQLITE_ERROR;
+      sqlite3BtreeLeaveAll(db);
+      goto blob_open_out;
+    }
+
+    /* If the value is being opened for writing, check that the
+    ** column is not indexed, and that it is not part of a foreign key. 
+    ** It is against the rules to open a column to which either of these
+    ** descriptions applies for writing.  */
+    if( flags ){
+      const char *zFault = 0;
+      Index *pIdx;
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+      if( db->flags&SQLITE_ForeignKeys ){
+        /* Check that the column is not part of an FK child key definition. It
+        ** is not necessary to check if it is part of a parent key, as parent
+        ** key columns must be indexed. The check below will pick up this 
+        ** case.  */
+        FKey *pFKey;
+        for(pFKey=pTab->pFKey; pFKey; pFKey=pFKey->pNextFrom){
+          int j;
+          for(j=0; j<pFKey->nCol; j++){
+            if( pFKey->aCol[j].iFrom==iCol ){
+              zFault = "foreign key";
+            }
+          }
+        }
+      }
+#endif
+      for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+        int j;
+        for(j=0; j<pIdx->nKeyCol; j++){
+          /* FIXME: Be smarter about indexes that use expressions */
+          if( pIdx->aiColumn[j]==iCol || pIdx->aiColumn[j]==XN_EXPR ){
+            zFault = "indexed";
+          }
+        }
+      }
+      if( zFault ){
+        sqlite3DbFree(db, zErr);
+        zErr = sqlite3MPrintf(db, "cannot open %s column for writing", zFault);
+        rc = SQLITE_ERROR;
+        sqlite3BtreeLeaveAll(db);
+        goto blob_open_out;
+      }
+    }
+
+    pBlob->pStmt = (sqlite3_stmt *)sqlite3VdbeCreate(pParse);
+    assert( pBlob->pStmt || db->mallocFailed );
+    if( pBlob->pStmt ){
+      Vdbe *v = (Vdbe *)pBlob->pStmt;
+      int iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+
+
+      sqlite3VdbeAddOp4Int(v, OP_Transaction, iDb, flags, 
+                           pTab->pSchema->schema_cookie,
+                           pTab->pSchema->iGeneration);
+      sqlite3VdbeChangeP5(v, 1);     
+      sqlite3VdbeAddOpList(v, ArraySize(openBlob), openBlob, iLn);
+
+      /* Make sure a mutex is held on the table to be accessed */
+      sqlite3VdbeUsesBtree(v, iDb); 
+
+      /* Configure the OP_TableLock instruction */
+#ifdef SQLITE_OMIT_SHARED_CACHE
+      sqlite3VdbeChangeToNoop(v, 1);
+#else
+      sqlite3VdbeChangeP1(v, 1, iDb);
+      sqlite3VdbeChangeP2(v, 1, pTab->tnum);
+      sqlite3VdbeChangeP3(v, 1, flags);
+      sqlite3VdbeChangeP4(v, 1, pTab->zName, P4_TRANSIENT);
+#endif
+
+      /* Remove either the OP_OpenWrite or OpenRead. Set the P2 
+      ** parameter of the other to pTab->tnum.  */
+      sqlite3VdbeChangeToNoop(v, 3 - flags);
+      sqlite3VdbeChangeP2(v, 2 + flags, pTab->tnum);
+      sqlite3VdbeChangeP3(v, 2 + flags, iDb);
+
+      /* Configure the number of columns. Configure the cursor to
+      ** think that the table has one more column than it really
+      ** does. An OP_Column to retrieve this imaginary column will
+      ** always return an SQL NULL. This is useful because it means
+      ** we can invoke OP_Column to fill in the vdbe cursors type 
+      ** and offset cache without causing any IO.
+      */
+      sqlite3VdbeChangeP4(v, 2+flags, SQLITE_INT_TO_PTR(pTab->nCol+1),P4_INT32);
+      sqlite3VdbeChangeP2(v, 6, pTab->nCol);
+      if( !db->mallocFailed ){
+        pParse->nVar = 1;
+        pParse->nMem = 1;
+        pParse->nTab = 1;
+        sqlite3VdbeMakeReady(v, pParse);
+      }
+    }
+   
+    pBlob->flags = flags;
+    pBlob->iCol = iCol;
+    pBlob->db = db;
+    sqlite3BtreeLeaveAll(db);
+    if( db->mallocFailed ){
+      goto blob_open_out;
+    }
+    sqlite3_bind_int64(pBlob->pStmt, 1, iRow);
+    rc = blobSeekToRow(pBlob, iRow, &zErr);
+  } while( (++nAttempt)<SQLITE_MAX_SCHEMA_RETRY && rc==SQLITE_SCHEMA );
+
+blob_open_out:
+  if( rc==SQLITE_OK && db->mallocFailed==0 ){
+    *ppBlob = (sqlite3_blob *)pBlob;
+  }else{
+    if( pBlob && pBlob->pStmt ) sqlite3VdbeFinalize((Vdbe *)pBlob->pStmt);
+    sqlite3DbFree(db, pBlob);
+  }
+  sqlite3ErrorWithMsg(db, rc, (zErr ? "%s" : 0), zErr);
+  sqlite3DbFree(db, zErr);
+  sqlite3ParserReset(pParse);
+  sqlite3StackFree(db, pParse);
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** Close a blob handle that was previously created using
+** sqlite3_blob_open().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_close(sqlite3_blob *pBlob){
+  Incrblob *p = (Incrblob *)pBlob;
+  int rc;
+  sqlite3 *db;
+
+  if( p ){
+    db = p->db;
+    sqlite3_mutex_enter(db->mutex);
+    rc = sqlite3_finalize(p->pStmt);
+    sqlite3DbFree(db, p);
+    sqlite3_mutex_leave(db->mutex);
+  }else{
+    rc = SQLITE_OK;
+  }
+  return rc;
+}
+
+/*
+** Perform a read or write operation on a blob
+*/
+static int blobReadWrite(
+  sqlite3_blob *pBlob, 
+  void *z, 
+  int n, 
+  int iOffset, 
+  int (*xCall)(BtCursor*, u32, u32, void*)
+){
+  int rc;
+  Incrblob *p = (Incrblob *)pBlob;
+  Vdbe *v;
+  sqlite3 *db;
+
+  if( p==0 ) return SQLITE_MISUSE_BKPT;
+  db = p->db;
+  sqlite3_mutex_enter(db->mutex);
+  v = (Vdbe*)p->pStmt;
+
+  if( n<0 || iOffset<0 || ((sqlite3_int64)iOffset+n)>p->nByte ){
+    /* Request is out of range. Return a transient error. */
+    rc = SQLITE_ERROR;
+  }else if( v==0 ){
+    /* If there is no statement handle, then the blob-handle has
+    ** already been invalidated. Return SQLITE_ABORT in this case.
+    */
+    rc = SQLITE_ABORT;
+  }else{
+    /* Call either BtreeData() or BtreePutData(). If SQLITE_ABORT is
+    ** returned, clean-up the statement handle.
+    */
+    assert( db == v->db );
+    sqlite3BtreeEnterCursor(p->pCsr);
+    rc = xCall(p->pCsr, iOffset+p->iOffset, n, z);
+    sqlite3BtreeLeaveCursor(p->pCsr);
+    if( rc==SQLITE_ABORT ){
+      sqlite3VdbeFinalize(v);
+      p->pStmt = 0;
+    }else{
+      v->rc = rc;
+    }
+  }
+  sqlite3Error(db, rc);
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** Read data from a blob handle.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_read(sqlite3_blob *pBlob, void *z, int n, int iOffset){
+  return blobReadWrite(pBlob, z, n, iOffset, sqlite3BtreeData);
+}
+
+/*
+** Write data to a blob handle.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_write(sqlite3_blob *pBlob, const void *z, int n, int iOffset){
+  return blobReadWrite(pBlob, (void *)z, n, iOffset, sqlite3BtreePutData);
+}
+
+/*
+** Query a blob handle for the size of the data.
+**
+** The Incrblob.nByte field is fixed for the lifetime of the Incrblob
+** so no mutex is required for access.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_bytes(sqlite3_blob *pBlob){
+  Incrblob *p = (Incrblob *)pBlob;
+  return (p && p->pStmt) ? p->nByte : 0;
+}
+
+/*
+** Move an existing blob handle to point to a different row of the same
+** database table.
+**
+** If an error occurs, or if the specified row does not exist or does not
+** contain a blob or text value, then an error code is returned and the
+** database handle error code and message set. If this happens, then all 
+** subsequent calls to sqlite3_blob_xxx() functions (except blob_close()) 
+** immediately return SQLITE_ABORT.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_reopen(sqlite3_blob *pBlob, sqlite3_int64 iRow){
+  int rc;
+  Incrblob *p = (Incrblob *)pBlob;
+  sqlite3 *db;
+
+  if( p==0 ) return SQLITE_MISUSE_BKPT;
+  db = p->db;
+  sqlite3_mutex_enter(db->mutex);
+
+  if( p->pStmt==0 ){
+    /* If there is no statement handle, then the blob-handle has
+    ** already been invalidated. Return SQLITE_ABORT in this case.
+    */
+    rc = SQLITE_ABORT;
+  }else{
+    char *zErr;
+    rc = blobSeekToRow(p, iRow, &zErr);
+    if( rc!=SQLITE_OK ){
+      sqlite3ErrorWithMsg(db, rc, (zErr ? "%s" : 0), zErr);
+      sqlite3DbFree(db, zErr);
+    }
+    assert( rc!=SQLITE_SCHEMA );
+  }
+
+  rc = sqlite3ApiExit(db, rc);
+  assert( rc==SQLITE_OK || p->pStmt==0 );
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+#endif /* #ifndef SQLITE_OMIT_INCRBLOB */
+
+/************** End of vdbeblob.c ********************************************/
+/************** Begin file vdbesort.c ****************************************/
+/*
+** 2011-07-09
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code for the VdbeSorter object, used in concert with
+** a VdbeCursor to sort large numbers of keys for CREATE INDEX statements
+** or by SELECT statements with ORDER BY clauses that cannot be satisfied
+** using indexes and without LIMIT clauses.
+**
+** The VdbeSorter object implements a multi-threaded external merge sort
+** algorithm that is efficient even if the number of elements being sorted
+** exceeds the available memory.
+**
+** Here is the (internal, non-API) interface between this module and the
+** rest of the SQLite system:
+**
+**    sqlite3VdbeSorterInit()       Create a new VdbeSorter object.
+**
+**    sqlite3VdbeSorterWrite()      Add a single new row to the VdbeSorter
+**                                  object.  The row is a binary blob in the
+**                                  OP_MakeRecord format that contains both
+**                                  the ORDER BY key columns and result columns
+**                                  in the case of a SELECT w/ ORDER BY, or
+**                                  the complete record for an index entry
+**                                  in the case of a CREATE INDEX.
+**
+**    sqlite3VdbeSorterRewind()     Sort all content previously added.
+**                                  Position the read cursor on the
+**                                  first sorted element.
+**
+**    sqlite3VdbeSorterNext()       Advance the read cursor to the next sorted
+**                                  element.
+**
+**    sqlite3VdbeSorterRowkey()     Return the complete binary blob for the
+**                                  row currently under the read cursor.
+**
+**    sqlite3VdbeSorterCompare()    Compare the binary blob for the row
+**                                  currently under the read cursor against
+**                                  another binary blob X and report if
+**                                  X is strictly less than the read cursor.
+**                                  Used to enforce uniqueness in a
+**                                  CREATE UNIQUE INDEX statement.
+**
+**    sqlite3VdbeSorterClose()      Close the VdbeSorter object and reclaim
+**                                  all resources.
+**
+**    sqlite3VdbeSorterReset()      Refurbish the VdbeSorter for reuse.  This
+**                                  is like Close() followed by Init() only
+**                                  much faster.
+**
+** The interfaces above must be called in a particular order.  Write() can 
+** only occur in between Init()/Reset() and Rewind().  Next(), Rowkey(), and
+** Compare() can only occur in between Rewind() and Close()/Reset(). i.e.
+**
+**   Init()
+**   for each record: Write()
+**   Rewind()
+**     Rowkey()/Compare()
+**   Next() 
+**   Close()
+**
+** Algorithm:
+**
+** Records passed to the sorter via calls to Write() are initially held 
+** unsorted in main memory. Assuming the amount of memory used never exceeds
+** a threshold, when Rewind() is called the set of records is sorted using
+** an in-memory merge sort. In this case, no temporary files are required
+** and subsequent calls to Rowkey(), Next() and Compare() read records 
+** directly from main memory.
+**
+** If the amount of space used to store records in main memory exceeds the
+** threshold, then the set of records currently in memory are sorted and
+** written to a temporary file in "Packed Memory Array" (PMA) format.
+** A PMA created at this point is known as a "level-0 PMA". Higher levels
+** of PMAs may be created by merging existing PMAs together - for example
+** merging two or more level-0 PMAs together creates a level-1 PMA.
+**
+** The threshold for the amount of main memory to use before flushing 
+** records to a PMA is roughly the same as the limit configured for the
+** page-cache of the main database. Specifically, the threshold is set to 
+** the value returned by "PRAGMA main.page_size" multipled by 
+** that returned by "PRAGMA main.cache_size", in bytes.
+**
+** If the sorter is running in single-threaded mode, then all PMAs generated
+** are appended to a single temporary file. Or, if the sorter is running in
+** multi-threaded mode then up to (N+1) temporary files may be opened, where
+** N is the configured number of worker threads. In this case, instead of
+** sorting the records and writing the PMA to a temporary file itself, the
+** calling thread usually launches a worker thread to do so. Except, if
+** there are already N worker threads running, the main thread does the work
+** itself.
+**
+** The sorter is running in multi-threaded mode if (a) the library was built
+** with pre-processor symbol SQLITE_MAX_WORKER_THREADS set to a value greater
+** than zero, and (b) worker threads have been enabled at runtime by calling
+** "PRAGMA threads=N" with some value of N greater than 0.
+**
+** When Rewind() is called, any data remaining in memory is flushed to a 
+** final PMA. So at this point the data is stored in some number of sorted
+** PMAs within temporary files on disk.
+**
+** If there are fewer than SORTER_MAX_MERGE_COUNT PMAs in total and the
+** sorter is running in single-threaded mode, then these PMAs are merged
+** incrementally as keys are retreived from the sorter by the VDBE.  The
+** MergeEngine object, described in further detail below, performs this
+** merge.
+**
+** Or, if running in multi-threaded mode, then a background thread is
+** launched to merge the existing PMAs. Once the background thread has
+** merged T bytes of data into a single sorted PMA, the main thread 
+** begins reading keys from that PMA while the background thread proceeds
+** with merging the next T bytes of data. And so on.
+**
+** Parameter T is set to half the value of the memory threshold used 
+** by Write() above to determine when to create a new PMA.
+**
+** If there are more than SORTER_MAX_MERGE_COUNT PMAs in total when 
+** Rewind() is called, then a hierarchy of incremental-merges is used. 
+** First, T bytes of data from the first SORTER_MAX_MERGE_COUNT PMAs on 
+** disk are merged together. Then T bytes of data from the second set, and
+** so on, such that no operation ever merges more than SORTER_MAX_MERGE_COUNT
+** PMAs at a time. This done is to improve locality.
+**
+** If running in multi-threaded mode and there are more than
+** SORTER_MAX_MERGE_COUNT PMAs on disk when Rewind() is called, then more
+** than one background thread may be created. Specifically, there may be
+** one background thread for each temporary file on disk, and one background
+** thread to merge the output of each of the others to a single PMA for
+** the main thread to read from.
+*/
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+/* 
+** If SQLITE_DEBUG_SORTER_THREADS is defined, this module outputs various
+** messages to stderr that may be helpful in understanding the performance
+** characteristics of the sorter in multi-threaded mode.
+*/
+#if 0
+# define SQLITE_DEBUG_SORTER_THREADS 1
+#endif
+
+/*
+** Hard-coded maximum amount of data to accumulate in memory before flushing
+** to a level 0 PMA. The purpose of this limit is to prevent various integer
+** overflows. 512MiB.
+*/
+#define SQLITE_MAX_PMASZ    (1<<29)
+
+/*
+** Private objects used by the sorter
+*/
+typedef struct MergeEngine MergeEngine;     /* Merge PMAs together */
+typedef struct PmaReader PmaReader;         /* Incrementally read one PMA */
+typedef struct PmaWriter PmaWriter;         /* Incrementally write one PMA */
+typedef struct SorterRecord SorterRecord;   /* A record being sorted */
+typedef struct SortSubtask SortSubtask;     /* A sub-task in the sort process */
+typedef struct SorterFile SorterFile;       /* Temporary file object wrapper */
+typedef struct SorterList SorterList;       /* In-memory list of records */
+typedef struct IncrMerger IncrMerger;       /* Read & merge multiple PMAs */
+
+/*
+** A container for a temp file handle and the current amount of data 
+** stored in the file.
+*/
+struct SorterFile {
+  sqlite3_file *pFd;              /* File handle */
+  i64 iEof;                       /* Bytes of data stored in pFd */
+};
+
+/*
+** An in-memory list of objects to be sorted.
+**
+** If aMemory==0 then each object is allocated separately and the objects
+** are connected using SorterRecord.u.pNext.  If aMemory!=0 then all objects
+** are stored in the aMemory[] bulk memory, one right after the other, and
+** are connected using SorterRecord.u.iNext.
+*/
+struct SorterList {
+  SorterRecord *pList;            /* Linked list of records */
+  u8 *aMemory;                    /* If non-NULL, bulk memory to hold pList */
+  int szPMA;                      /* Size of pList as PMA in bytes */
+};
+
+/*
+** The MergeEngine object is used to combine two or more smaller PMAs into
+** one big PMA using a merge operation.  Separate PMAs all need to be
+** combined into one big PMA in order to be able to step through the sorted
+** records in order.
+**
+** The aReadr[] array contains a PmaReader object for each of the PMAs being
+** merged.  An aReadr[] object either points to a valid key or else is at EOF.
+** ("EOF" means "End Of File".  When aReadr[] is at EOF there is no more data.)
+** For the purposes of the paragraphs below, we assume that the array is
+** actually N elements in size, where N is the smallest power of 2 greater
+** to or equal to the number of PMAs being merged. The extra aReadr[] elements
+** are treated as if they are empty (always at EOF).
+**
+** The aTree[] array is also N elements in size. The value of N is stored in
+** the MergeEngine.nTree variable.
+**
+** The final (N/2) elements of aTree[] contain the results of comparing
+** pairs of PMA keys together. Element i contains the result of 
+** comparing aReadr[2*i-N] and aReadr[2*i-N+1]. Whichever key is smaller, the
+** aTree element is set to the index of it. 
+**
+** For the purposes of this comparison, EOF is considered greater than any
+** other key value. If the keys are equal (only possible with two EOF
+** values), it doesn't matter which index is stored.
+**
+** The (N/4) elements of aTree[] that precede the final (N/2) described 
+** above contains the index of the smallest of each block of 4 PmaReaders
+** And so on. So that aTree[1] contains the index of the PmaReader that 
+** currently points to the smallest key value. aTree[0] is unused.
+**
+** Example:
+**
+**     aReadr[0] -> Banana
+**     aReadr[1] -> Feijoa
+**     aReadr[2] -> Elderberry
+**     aReadr[3] -> Currant
+**     aReadr[4] -> Grapefruit
+**     aReadr[5] -> Apple
+**     aReadr[6] -> Durian
+**     aReadr[7] -> EOF
+**
+**     aTree[] = { X, 5   0, 5    0, 3, 5, 6 }
+**
+** The current element is "Apple" (the value of the key indicated by 
+** PmaReader 5). When the Next() operation is invoked, PmaReader 5 will
+** be advanced to the next key in its segment. Say the next key is
+** "Eggplant":
+**
+**     aReadr[5] -> Eggplant
+**
+** The contents of aTree[] are updated first by comparing the new PmaReader
+** 5 key to the current key of PmaReader 4 (still "Grapefruit"). The PmaReader
+** 5 value is still smaller, so aTree[6] is set to 5. And so on up the tree.
+** The value of PmaReader 6 - "Durian" - is now smaller than that of PmaReader
+** 5, so aTree[3] is set to 6. Key 0 is smaller than key 6 (Banana<Durian),
+** so the value written into element 1 of the array is 0. As follows:
+**
+**     aTree[] = { X, 0   0, 6    0, 3, 5, 6 }
+**
+** In other words, each time we advance to the next sorter element, log2(N)
+** key comparison operations are required, where N is the number of segments
+** being merged (rounded up to the next power of 2).
+*/
+struct MergeEngine {
+  int nTree;                 /* Used size of aTree/aReadr (power of 2) */
+  SortSubtask *pTask;        /* Used by this thread only */
+  int *aTree;                /* Current state of incremental merge */
+  PmaReader *aReadr;         /* Array of PmaReaders to merge data from */
+};
+
+/*
+** This object represents a single thread of control in a sort operation.
+** Exactly VdbeSorter.nTask instances of this object are allocated
+** as part of each VdbeSorter object. Instances are never allocated any
+** other way. VdbeSorter.nTask is set to the number of worker threads allowed
+** (see SQLITE_CONFIG_WORKER_THREADS) plus one (the main thread).  Thus for
+** single-threaded operation, there is exactly one instance of this object
+** and for multi-threaded operation there are two or more instances.
+**
+** Essentially, this structure contains all those fields of the VdbeSorter
+** structure for which each thread requires a separate instance. For example,
+** each thread requries its own UnpackedRecord object to unpack records in
+** as part of comparison operations.
+**
+** Before a background thread is launched, variable bDone is set to 0. Then, 
+** right before it exits, the thread itself sets bDone to 1. This is used for 
+** two purposes:
+**
+**   1. When flushing the contents of memory to a level-0 PMA on disk, to
+**      attempt to select a SortSubtask for which there is not already an
+**      active background thread (since doing so causes the main thread
+**      to block until it finishes).
+**
+**   2. If SQLITE_DEBUG_SORTER_THREADS is defined, to determine if a call
+**      to sqlite3ThreadJoin() is likely to block. Cases that are likely to
+**      block provoke debugging output.
+**
+** In both cases, the effects of the main thread seeing (bDone==0) even
+** after the thread has finished are not dire. So we don't worry about
+** memory barriers and such here.
+*/
+typedef int (*SorterCompare)(SortSubtask*,int*,const void*,int,const void*,int);
+struct SortSubtask {
+  SQLiteThread *pThread;          /* Background thread, if any */
+  int bDone;                      /* Set if thread is finished but not joined */
+  VdbeSorter *pSorter;            /* Sorter that owns this sub-task */
+  UnpackedRecord *pUnpacked;      /* Space to unpack a record */
+  SorterList list;                /* List for thread to write to a PMA */
+  int nPMA;                       /* Number of PMAs currently in file */
+  SorterCompare xCompare;         /* Compare function to use */
+  SorterFile file;                /* Temp file for level-0 PMAs */
+  SorterFile file2;               /* Space for other PMAs */
+};
+
+
+/*
+** Main sorter structure. A single instance of this is allocated for each 
+** sorter cursor created by the VDBE.
+**
+** mxKeysize:
+**   As records are added to the sorter by calls to sqlite3VdbeSorterWrite(),
+**   this variable is updated so as to be set to the size on disk of the
+**   largest record in the sorter.
+*/
+struct VdbeSorter {
+  int mnPmaSize;                  /* Minimum PMA size, in bytes */
+  int mxPmaSize;                  /* Maximum PMA size, in bytes.  0==no limit */
+  int mxKeysize;                  /* Largest serialized key seen so far */
+  int pgsz;                       /* Main database page size */
+  PmaReader *pReader;             /* Readr data from here after Rewind() */
+  MergeEngine *pMerger;           /* Or here, if bUseThreads==0 */
+  sqlite3 *db;                    /* Database connection */
+  KeyInfo *pKeyInfo;              /* How to compare records */
+  UnpackedRecord *pUnpacked;      /* Used by VdbeSorterCompare() */
+  SorterList list;                /* List of in-memory records */
+  int iMemory;                    /* Offset of free space in list.aMemory */
+  int nMemory;                    /* Size of list.aMemory allocation in bytes */
+  u8 bUsePMA;                     /* True if one or more PMAs created */
+  u8 bUseThreads;                 /* True to use background threads */
+  u8 iPrev;                       /* Previous thread used to flush PMA */
+  u8 nTask;                       /* Size of aTask[] array */
+  u8 typeMask;
+  SortSubtask aTask[1];           /* One or more subtasks */
+};
+
+#define SORTER_TYPE_INTEGER 0x01
+#define SORTER_TYPE_TEXT    0x02
+
+/*
+** An instance of the following object is used to read records out of a
+** PMA, in sorted order.  The next key to be read is cached in nKey/aKey.
+** aKey might point into aMap or into aBuffer.  If neither of those locations
+** contain a contiguous representation of the key, then aAlloc is allocated
+** and the key is copied into aAlloc and aKey is made to poitn to aAlloc.
+**
+** pFd==0 at EOF.
+*/
+struct PmaReader {
+  i64 iReadOff;               /* Current read offset */
+  i64 iEof;                   /* 1 byte past EOF for this PmaReader */
+  int nAlloc;                 /* Bytes of space at aAlloc */
+  int nKey;                   /* Number of bytes in key */
+  sqlite3_file *pFd;          /* File handle we are reading from */
+  u8 *aAlloc;                 /* Space for aKey if aBuffer and pMap wont work */
+  u8 *aKey;                   /* Pointer to current key */
+  u8 *aBuffer;                /* Current read buffer */
+  int nBuffer;                /* Size of read buffer in bytes */
+  u8 *aMap;                   /* Pointer to mapping of entire file */
+  IncrMerger *pIncr;          /* Incremental merger */
+};
+
+/*
+** Normally, a PmaReader object iterates through an existing PMA stored 
+** within a temp file. However, if the PmaReader.pIncr variable points to
+** an object of the following type, it may be used to iterate/merge through
+** multiple PMAs simultaneously.
+**
+** There are two types of IncrMerger object - single (bUseThread==0) and 
+** multi-threaded (bUseThread==1). 
+**
+** A multi-threaded IncrMerger object uses two temporary files - aFile[0] 
+** and aFile[1]. Neither file is allowed to grow to more than mxSz bytes in 
+** size. When the IncrMerger is initialized, it reads enough data from 
+** pMerger to populate aFile[0]. It then sets variables within the 
+** corresponding PmaReader object to read from that file and kicks off 
+** a background thread to populate aFile[1] with the next mxSz bytes of 
+** sorted record data from pMerger. 
+**
+** When the PmaReader reaches the end of aFile[0], it blocks until the
+** background thread has finished populating aFile[1]. It then exchanges
+** the contents of the aFile[0] and aFile[1] variables within this structure,
+** sets the PmaReader fields to read from the new aFile[0] and kicks off
+** another background thread to populate the new aFile[1]. And so on, until
+** the contents of pMerger are exhausted.
+**
+** A single-threaded IncrMerger does not open any temporary files of its
+** own. Instead, it has exclusive access to mxSz bytes of space beginning
+** at offset iStartOff of file pTask->file2. And instead of using a 
+** background thread to prepare data for the PmaReader, with a single
+** threaded IncrMerger the allocate part of pTask->file2 is "refilled" with
+** keys from pMerger by the calling thread whenever the PmaReader runs out
+** of data.
+*/
+struct IncrMerger {
+  SortSubtask *pTask;             /* Task that owns this merger */
+  MergeEngine *pMerger;           /* Merge engine thread reads data from */
+  i64 iStartOff;                  /* Offset to start writing file at */
+  int mxSz;                       /* Maximum bytes of data to store */
+  int bEof;                       /* Set to true when merge is finished */
+  int bUseThread;                 /* True to use a bg thread for this object */
+  SorterFile aFile[2];            /* aFile[0] for reading, [1] for writing */
+};
+
+/*
+** An instance of this object is used for writing a PMA.
+**
+** The PMA is written one record at a time.  Each record is of an arbitrary
+** size.  But I/O is more efficient if it occurs in page-sized blocks where
+** each block is aligned on a page boundary.  This object caches writes to
+** the PMA so that aligned, page-size blocks are written.
+*/
+struct PmaWriter {
+  int eFWErr;                     /* Non-zero if in an error state */
+  u8 *aBuffer;                    /* Pointer to write buffer */
+  int nBuffer;                    /* Size of write buffer in bytes */
+  int iBufStart;                  /* First byte of buffer to write */
+  int iBufEnd;                    /* Last byte of buffer to write */
+  i64 iWriteOff;                  /* Offset of start of buffer in file */
+  sqlite3_file *pFd;              /* File handle to write to */
+};
+
+/*
+** This object is the header on a single record while that record is being
+** held in memory and prior to being written out as part of a PMA.
+**
+** How the linked list is connected depends on how memory is being managed
+** by this module. If using a separate allocation for each in-memory record
+** (VdbeSorter.list.aMemory==0), then the list is always connected using the
+** SorterRecord.u.pNext pointers.
+**
+** Or, if using the single large allocation method (VdbeSorter.list.aMemory!=0),
+** then while records are being accumulated the list is linked using the
+** SorterRecord.u.iNext offset. This is because the aMemory[] array may
+** be sqlite3Realloc()ed while records are being accumulated. Once the VM
+** has finished passing records to the sorter, or when the in-memory buffer
+** is full, the list is sorted. As part of the sorting process, it is
+** converted to use the SorterRecord.u.pNext pointers. See function
+** vdbeSorterSort() for details.
+*/
+struct SorterRecord {
+  int nVal;                       /* Size of the record in bytes */
+  union {
+    SorterRecord *pNext;          /* Pointer to next record in list */
+    int iNext;                    /* Offset within aMemory of next record */
+  } u;
+  /* The data for the record immediately follows this header */
+};
+
+/* Return a pointer to the buffer containing the record data for SorterRecord
+** object p. Should be used as if:
+**
+**   void *SRVAL(SorterRecord *p) { return (void*)&p[1]; }
+*/
+#define SRVAL(p) ((void*)((SorterRecord*)(p) + 1))
+
+
+/* Maximum number of PMAs that a single MergeEngine can merge */
+#define SORTER_MAX_MERGE_COUNT 16
+
+static int vdbeIncrSwap(IncrMerger*);
+static void vdbeIncrFree(IncrMerger *);
+
+/*
+** Free all memory belonging to the PmaReader object passed as the
+** argument. All structure fields are set to zero before returning.
+*/
+static void vdbePmaReaderClear(PmaReader *pReadr){
+  sqlite3_free(pReadr->aAlloc);
+  sqlite3_free(pReadr->aBuffer);
+  if( pReadr->aMap ) sqlite3OsUnfetch(pReadr->pFd, 0, pReadr->aMap);
+  vdbeIncrFree(pReadr->pIncr);
+  memset(pReadr, 0, sizeof(PmaReader));
+}
+
+/*
+** Read the next nByte bytes of data from the PMA p.
+** If successful, set *ppOut to point to a buffer containing the data
+** and return SQLITE_OK. Otherwise, if an error occurs, return an SQLite
+** error code.
+**
+** The buffer returned in *ppOut is only valid until the
+** next call to this function.
+*/
+static int vdbePmaReadBlob(
+  PmaReader *p,                   /* PmaReader from which to take the blob */
+  int nByte,                      /* Bytes of data to read */
+  u8 **ppOut                      /* OUT: Pointer to buffer containing data */
+){
+  int iBuf;                       /* Offset within buffer to read from */
+  int nAvail;                     /* Bytes of data available in buffer */
+
+  if( p->aMap ){
+    *ppOut = &p->aMap[p->iReadOff];
+    p->iReadOff += nByte;
+    return SQLITE_OK;
+  }
+
+  assert( p->aBuffer );
+
+  /* If there is no more data to be read from the buffer, read the next 
+  ** p->nBuffer bytes of data from the file into it. Or, if there are less
+  ** than p->nBuffer bytes remaining in the PMA, read all remaining data.  */
+  iBuf = p->iReadOff % p->nBuffer;
+  if( iBuf==0 ){
+    int nRead;                    /* Bytes to read from disk */
+    int rc;                       /* sqlite3OsRead() return code */
+
+    /* Determine how many bytes of data to read. */
+    if( (p->iEof - p->iReadOff) > (i64)p->nBuffer ){
+      nRead = p->nBuffer;
+    }else{
+      nRead = (int)(p->iEof - p->iReadOff);
+    }
+    assert( nRead>0 );
+
+    /* Readr data from the file. Return early if an error occurs. */
+    rc = sqlite3OsRead(p->pFd, p->aBuffer, nRead, p->iReadOff);
+    assert( rc!=SQLITE_IOERR_SHORT_READ );
+    if( rc!=SQLITE_OK ) return rc;
+  }
+  nAvail = p->nBuffer - iBuf; 
+
+  if( nByte<=nAvail ){
+    /* The requested data is available in the in-memory buffer. In this
+    ** case there is no need to make a copy of the data, just return a 
+    ** pointer into the buffer to the caller.  */
+    *ppOut = &p->aBuffer[iBuf];
+    p->iReadOff += nByte;
+  }else{
+    /* The requested data is not all available in the in-memory buffer.
+    ** In this case, allocate space at p->aAlloc[] to copy the requested
+    ** range into. Then return a copy of pointer p->aAlloc to the caller.  */
+    int nRem;                     /* Bytes remaining to copy */
+
+    /* Extend the p->aAlloc[] allocation if required. */
+    if( p->nAlloc<nByte ){
+      u8 *aNew;
+      int nNew = MAX(128, p->nAlloc*2);
+      while( nByte>nNew ) nNew = nNew*2;
+      aNew = sqlite3Realloc(p->aAlloc, nNew);
+      if( !aNew ) return SQLITE_NOMEM;
+      p->nAlloc = nNew;
+      p->aAlloc = aNew;
+    }
+
+    /* Copy as much data as is available in the buffer into the start of
+    ** p->aAlloc[].  */
+    memcpy(p->aAlloc, &p->aBuffer[iBuf], nAvail);
+    p->iReadOff += nAvail;
+    nRem = nByte - nAvail;
+
+    /* The following loop copies up to p->nBuffer bytes per iteration into
+    ** the p->aAlloc[] buffer.  */
+    while( nRem>0 ){
+      int rc;                     /* vdbePmaReadBlob() return code */
+      int nCopy;                  /* Number of bytes to copy */
+      u8 *aNext;                  /* Pointer to buffer to copy data from */
+
+      nCopy = nRem;
+      if( nRem>p->nBuffer ) nCopy = p->nBuffer;
+      rc = vdbePmaReadBlob(p, nCopy, &aNext);
+      if( rc!=SQLITE_OK ) return rc;
+      assert( aNext!=p->aAlloc );
+      memcpy(&p->aAlloc[nByte - nRem], aNext, nCopy);
+      nRem -= nCopy;
+    }
+
+    *ppOut = p->aAlloc;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Read a varint from the stream of data accessed by p. Set *pnOut to
+** the value read.
+*/
+static int vdbePmaReadVarint(PmaReader *p, u64 *pnOut){
+  int iBuf;
+
+  if( p->aMap ){
+    p->iReadOff += sqlite3GetVarint(&p->aMap[p->iReadOff], pnOut);
+  }else{
+    iBuf = p->iReadOff % p->nBuffer;
+    if( iBuf && (p->nBuffer-iBuf)>=9 ){
+      p->iReadOff += sqlite3GetVarint(&p->aBuffer[iBuf], pnOut);
+    }else{
+      u8 aVarint[16], *a;
+      int i = 0, rc;
+      do{
+        rc = vdbePmaReadBlob(p, 1, &a);
+        if( rc ) return rc;
+        aVarint[(i++)&0xf] = a[0];
+      }while( (a[0]&0x80)!=0 );
+      sqlite3GetVarint(aVarint, pnOut);
+    }
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Attempt to memory map file pFile. If successful, set *pp to point to the
+** new mapping and return SQLITE_OK. If the mapping is not attempted 
+** (because the file is too large or the VFS layer is configured not to use
+** mmap), return SQLITE_OK and set *pp to NULL.
+**
+** Or, if an error occurs, return an SQLite error code. The final value of
+** *pp is undefined in this case.
+*/
+static int vdbeSorterMapFile(SortSubtask *pTask, SorterFile *pFile, u8 **pp){
+  int rc = SQLITE_OK;
+  if( pFile->iEof<=(i64)(pTask->pSorter->db->nMaxSorterMmap) ){
+    sqlite3_file *pFd = pFile->pFd;
+    if( pFd->pMethods->iVersion>=3 ){
+      rc = sqlite3OsFetch(pFd, 0, (int)pFile->iEof, (void**)pp);
+      testcase( rc!=SQLITE_OK );
+    }
+  }
+  return rc;
+}
+
+/*
+** Attach PmaReader pReadr to file pFile (if it is not already attached to
+** that file) and seek it to offset iOff within the file.  Return SQLITE_OK 
+** if successful, or an SQLite error code if an error occurs.
+*/
+static int vdbePmaReaderSeek(
+  SortSubtask *pTask,             /* Task context */
+  PmaReader *pReadr,              /* Reader whose cursor is to be moved */
+  SorterFile *pFile,              /* Sorter file to read from */
+  i64 iOff                        /* Offset in pFile */
+){
+  int rc = SQLITE_OK;
+
+  assert( pReadr->pIncr==0 || pReadr->pIncr->bEof==0 );
+
+  if( sqlite3FaultSim(201) ) return SQLITE_IOERR_READ;
+  if( pReadr->aMap ){
+    sqlite3OsUnfetch(pReadr->pFd, 0, pReadr->aMap);
+    pReadr->aMap = 0;
+  }
+  pReadr->iReadOff = iOff;
+  pReadr->iEof = pFile->iEof;
+  pReadr->pFd = pFile->pFd;
+
+  rc = vdbeSorterMapFile(pTask, pFile, &pReadr->aMap);
+  if( rc==SQLITE_OK && pReadr->aMap==0 ){
+    int pgsz = pTask->pSorter->pgsz;
+    int iBuf = pReadr->iReadOff % pgsz;
+    if( pReadr->aBuffer==0 ){
+      pReadr->aBuffer = (u8*)sqlite3Malloc(pgsz);
+      if( pReadr->aBuffer==0 ) rc = SQLITE_NOMEM;
+      pReadr->nBuffer = pgsz;
+    }
+    if( rc==SQLITE_OK && iBuf ){
+      int nRead = pgsz - iBuf;
+      if( (pReadr->iReadOff + nRead) > pReadr->iEof ){
+        nRead = (int)(pReadr->iEof - pReadr->iReadOff);
+      }
+      rc = sqlite3OsRead(
+          pReadr->pFd, &pReadr->aBuffer[iBuf], nRead, pReadr->iReadOff
+      );
+      testcase( rc!=SQLITE_OK );
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Advance PmaReader pReadr to the next key in its PMA. Return SQLITE_OK if
+** no error occurs, or an SQLite error code if one does.
+*/
+static int vdbePmaReaderNext(PmaReader *pReadr){
+  int rc = SQLITE_OK;             /* Return Code */
+  u64 nRec = 0;                   /* Size of record in bytes */
+
+
+  if( pReadr->iReadOff>=pReadr->iEof ){
+    IncrMerger *pIncr = pReadr->pIncr;
+    int bEof = 1;
+    if( pIncr ){
+      rc = vdbeIncrSwap(pIncr);
+      if( rc==SQLITE_OK && pIncr->bEof==0 ){
+        rc = vdbePmaReaderSeek(
+            pIncr->pTask, pReadr, &pIncr->aFile[0], pIncr->iStartOff
+        );
+        bEof = 0;
+      }
+    }
+
+    if( bEof ){
+      /* This is an EOF condition */
+      vdbePmaReaderClear(pReadr);
+      testcase( rc!=SQLITE_OK );
+      return rc;
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = vdbePmaReadVarint(pReadr, &nRec);
+  }
+  if( rc==SQLITE_OK ){
+    pReadr->nKey = (int)nRec;
+    rc = vdbePmaReadBlob(pReadr, (int)nRec, &pReadr->aKey);
+    testcase( rc!=SQLITE_OK );
+  }
+
+  return rc;
+}
+
+/*
+** Initialize PmaReader pReadr to scan through the PMA stored in file pFile
+** starting at offset iStart and ending at offset iEof-1. This function 
+** leaves the PmaReader pointing to the first key in the PMA (or EOF if the 
+** PMA is empty).
+**
+** If the pnByte parameter is NULL, then it is assumed that the file 
+** contains a single PMA, and that that PMA omits the initial length varint.
+*/
+static int vdbePmaReaderInit(
+  SortSubtask *pTask,             /* Task context */
+  SorterFile *pFile,              /* Sorter file to read from */
+  i64 iStart,                     /* Start offset in pFile */
+  PmaReader *pReadr,              /* PmaReader to populate */
+  i64 *pnByte                     /* IN/OUT: Increment this value by PMA size */
+){
+  int rc;
+
+  assert( pFile->iEof>iStart );
+  assert( pReadr->aAlloc==0 && pReadr->nAlloc==0 );
+  assert( pReadr->aBuffer==0 );
+  assert( pReadr->aMap==0 );
+
+  rc = vdbePmaReaderSeek(pTask, pReadr, pFile, iStart);
+  if( rc==SQLITE_OK ){
+    u64 nByte;                    /* Size of PMA in bytes */
+    rc = vdbePmaReadVarint(pReadr, &nByte);
+    pReadr->iEof = pReadr->iReadOff + nByte;
+    *pnByte += nByte;
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = vdbePmaReaderNext(pReadr);
+  }
+  return rc;
+}
+
+/*
+** A version of vdbeSorterCompare() that assumes that it has already been
+** determined that the first field of key1 is equal to the first field of 
+** key2.
+*/
+static int vdbeSorterCompareTail(
+  SortSubtask *pTask,             /* Subtask context (for pKeyInfo) */
+  int *pbKey2Cached,              /* True if pTask->pUnpacked is pKey2 */
+  const void *pKey1, int nKey1,   /* Left side of comparison */
+  const void *pKey2, int nKey2    /* Right side of comparison */
+){
+  UnpackedRecord *r2 = pTask->pUnpacked;
+  if( *pbKey2Cached==0 ){
+    sqlite3VdbeRecordUnpack(pTask->pSorter->pKeyInfo, nKey2, pKey2, r2);
+    *pbKey2Cached = 1;
+  }
+  return sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, r2, 1);
+}
+
+/*
+** Compare key1 (buffer pKey1, size nKey1 bytes) with key2 (buffer pKey2, 
+** size nKey2 bytes). Use (pTask->pKeyInfo) for the collation sequences
+** used by the comparison. Return the result of the comparison.
+**
+** If IN/OUT parameter *pbKey2Cached is true when this function is called,
+** it is assumed that (pTask->pUnpacked) contains the unpacked version
+** of key2. If it is false, (pTask->pUnpacked) is populated with the unpacked
+** version of key2 and *pbKey2Cached set to true before returning.
+**
+** If an OOM error is encountered, (pTask->pUnpacked->error_rc) is set
+** to SQLITE_NOMEM.
+*/
+static int vdbeSorterCompare(
+  SortSubtask *pTask,             /* Subtask context (for pKeyInfo) */
+  int *pbKey2Cached,              /* True if pTask->pUnpacked is pKey2 */
+  const void *pKey1, int nKey1,   /* Left side of comparison */
+  const void *pKey2, int nKey2    /* Right side of comparison */
+){
+  UnpackedRecord *r2 = pTask->pUnpacked;
+  if( !*pbKey2Cached ){
+    sqlite3VdbeRecordUnpack(pTask->pSorter->pKeyInfo, nKey2, pKey2, r2);
+    *pbKey2Cached = 1;
+  }
+  return sqlite3VdbeRecordCompare(nKey1, pKey1, r2);
+}
+
+/*
+** A specially optimized version of vdbeSorterCompare() that assumes that
+** the first field of each key is a TEXT value and that the collation
+** sequence to compare them with is BINARY.
+*/
+static int vdbeSorterCompareText(
+  SortSubtask *pTask,             /* Subtask context (for pKeyInfo) */
+  int *pbKey2Cached,              /* True if pTask->pUnpacked is pKey2 */
+  const void *pKey1, int nKey1,   /* Left side of comparison */
+  const void *pKey2, int nKey2    /* Right side of comparison */
+){
+  const u8 * const p1 = (const u8 * const)pKey1;
+  const u8 * const p2 = (const u8 * const)pKey2;
+  const u8 * const v1 = &p1[ p1[0] ];   /* Pointer to value 1 */
+  const u8 * const v2 = &p2[ p2[0] ];   /* Pointer to value 2 */
+
+  int n1;
+  int n2;
+  int res;
+
+  getVarint32(&p1[1], n1); n1 = (n1 - 13) / 2;
+  getVarint32(&p2[1], n2); n2 = (n2 - 13) / 2;
+  res = memcmp(v1, v2, MIN(n1, n2));
+  if( res==0 ){
+    res = n1 - n2;
+  }
+
+  if( res==0 ){
+    if( pTask->pSorter->pKeyInfo->nField>1 ){
+      res = vdbeSorterCompareTail(
+          pTask, pbKey2Cached, pKey1, nKey1, pKey2, nKey2
+      );
+    }
+  }else{
+    if( pTask->pSorter->pKeyInfo->aSortOrder[0] ){
+      res = res * -1;
+    }
+  }
+
+  return res;
+}
+
+/*
+** A specially optimized version of vdbeSorterCompare() that assumes that
+** the first field of each key is an INTEGER value.
+*/
+static int vdbeSorterCompareInt(
+  SortSubtask *pTask,             /* Subtask context (for pKeyInfo) */
+  int *pbKey2Cached,              /* True if pTask->pUnpacked is pKey2 */
+  const void *pKey1, int nKey1,   /* Left side of comparison */
+  const void *pKey2, int nKey2    /* Right side of comparison */
+){
+  const u8 * const p1 = (const u8 * const)pKey1;
+  const u8 * const p2 = (const u8 * const)pKey2;
+  const int s1 = p1[1];                 /* Left hand serial type */
+  const int s2 = p2[1];                 /* Right hand serial type */
+  const u8 * const v1 = &p1[ p1[0] ];   /* Pointer to value 1 */
+  const u8 * const v2 = &p2[ p2[0] ];   /* Pointer to value 2 */
+  int res;                              /* Return value */
+
+  assert( (s1>0 && s1<7) || s1==8 || s1==9 );
+  assert( (s2>0 && s2<7) || s2==8 || s2==9 );
+
+  if( s1>7 && s2>7 ){
+    res = s1 - s2;
+  }else{
+    if( s1==s2 ){
+      if( (*v1 ^ *v2) & 0x80 ){
+        /* The two values have different signs */
+        res = (*v1 & 0x80) ? -1 : +1;
+      }else{
+        /* The two values have the same sign. Compare using memcmp(). */
+        static const u8 aLen[] = {0, 1, 2, 3, 4, 6, 8 };
+        int i;
+        res = 0;
+        for(i=0; i<aLen[s1]; i++){
+          if( (res = v1[i] - v2[i]) ) break;
+        }
+      }
+    }else{
+      if( s2>7 ){
+        res = +1;
+      }else if( s1>7 ){
+        res = -1;
+      }else{
+        res = s1 - s2;
+      }
+      assert( res!=0 );
+
+      if( res>0 ){
+        if( *v1 & 0x80 ) res = -1;
+      }else{
+        if( *v2 & 0x80 ) res = +1;
+      }
+    }
+  }
+
+  if( res==0 ){
+    if( pTask->pSorter->pKeyInfo->nField>1 ){
+      res = vdbeSorterCompareTail(
+          pTask, pbKey2Cached, pKey1, nKey1, pKey2, nKey2
+      );
+    }
+  }else if( pTask->pSorter->pKeyInfo->aSortOrder[0] ){
+    res = res * -1;
+  }
+
+  return res;
+}
+
+/*
+** Initialize the temporary index cursor just opened as a sorter cursor.
+**
+** Usually, the sorter module uses the value of (pCsr->pKeyInfo->nField)
+** to determine the number of fields that should be compared from the
+** records being sorted. However, if the value passed as argument nField
+** is non-zero and the sorter is able to guarantee a stable sort, nField
+** is used instead. This is used when sorting records for a CREATE INDEX
+** statement. In this case, keys are always delivered to the sorter in
+** order of the primary key, which happens to be make up the final part 
+** of the records being sorted. So if the sort is stable, there is never
+** any reason to compare PK fields and they can be ignored for a small
+** performance boost.
+**
+** The sorter can guarantee a stable sort when running in single-threaded
+** mode, but not in multi-threaded mode.
+**
+** SQLITE_OK is returned if successful, or an SQLite error code otherwise.
+*/
+SQLITE_PRIVATE int sqlite3VdbeSorterInit(
+  sqlite3 *db,                    /* Database connection (for malloc()) */
+  int nField,                     /* Number of key fields in each record */
+  VdbeCursor *pCsr                /* Cursor that holds the new sorter */
+){
+  int pgsz;                       /* Page size of main database */
+  int i;                          /* Used to iterate through aTask[] */
+  int mxCache;                    /* Cache size */
+  VdbeSorter *pSorter;            /* The new sorter */
+  KeyInfo *pKeyInfo;              /* Copy of pCsr->pKeyInfo with db==0 */
+  int szKeyInfo;                  /* Size of pCsr->pKeyInfo in bytes */
+  int sz;                         /* Size of pSorter in bytes */
+  int rc = SQLITE_OK;
+#if SQLITE_MAX_WORKER_THREADS==0
+# define nWorker 0
+#else
+  int nWorker;
+#endif
+
+  /* Initialize the upper limit on the number of worker threads */
+#if SQLITE_MAX_WORKER_THREADS>0
+  if( sqlite3TempInMemory(db) || sqlite3GlobalConfig.bCoreMutex==0 ){
+    nWorker = 0;
+  }else{
+    nWorker = db->aLimit[SQLITE_LIMIT_WORKER_THREADS];
+  }
+#endif
+
+  /* Do not allow the total number of threads (main thread + all workers)
+  ** to exceed the maximum merge count */
+#if SQLITE_MAX_WORKER_THREADS>=SORTER_MAX_MERGE_COUNT
+  if( nWorker>=SORTER_MAX_MERGE_COUNT ){
+    nWorker = SORTER_MAX_MERGE_COUNT-1;
+  }
+#endif
+
+  assert( pCsr->pKeyInfo && pCsr->pBt==0 );
+  assert( pCsr->eCurType==CURTYPE_SORTER );
+  szKeyInfo = sizeof(KeyInfo) + (pCsr->pKeyInfo->nField-1)*sizeof(CollSeq*);
+  sz = sizeof(VdbeSorter) + nWorker * sizeof(SortSubtask);
+
+  pSorter = (VdbeSorter*)sqlite3DbMallocZero(db, sz + szKeyInfo);
+  pCsr->uc.pSorter = pSorter;
+  if( pSorter==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    pSorter->pKeyInfo = pKeyInfo = (KeyInfo*)((u8*)pSorter + sz);
+    memcpy(pKeyInfo, pCsr->pKeyInfo, szKeyInfo);
+    pKeyInfo->db = 0;
+    if( nField && nWorker==0 ){
+      pKeyInfo->nXField += (pKeyInfo->nField - nField);
+      pKeyInfo->nField = nField;
+    }
+    pSorter->pgsz = pgsz = sqlite3BtreeGetPageSize(db->aDb[0].pBt);
+    pSorter->nTask = nWorker + 1;
+    pSorter->iPrev = (u8)(nWorker - 1);
+    pSorter->bUseThreads = (pSorter->nTask>1);
+    pSorter->db = db;
+    for(i=0; i<pSorter->nTask; i++){
+      SortSubtask *pTask = &pSorter->aTask[i];
+      pTask->pSorter = pSorter;
+    }
+
+    if( !sqlite3TempInMemory(db) ){
+      u32 szPma = sqlite3GlobalConfig.szPma;
+      pSorter->mnPmaSize = szPma * pgsz;
+      mxCache = db->aDb[0].pSchema->cache_size;
+      if( mxCache<(int)szPma ) mxCache = (int)szPma;
+      pSorter->mxPmaSize = MIN((i64)mxCache*pgsz, SQLITE_MAX_PMASZ);
+
+      /* EVIDENCE-OF: R-26747-61719 When the application provides any amount of
+      ** scratch memory using SQLITE_CONFIG_SCRATCH, SQLite avoids unnecessary
+      ** large heap allocations.
+      */
+      if( sqlite3GlobalConfig.pScratch==0 ){
+        assert( pSorter->iMemory==0 );
+        pSorter->nMemory = pgsz;
+        pSorter->list.aMemory = (u8*)sqlite3Malloc(pgsz);
+        if( !pSorter->list.aMemory ) rc = SQLITE_NOMEM;
+      }
+    }
+
+    if( (pKeyInfo->nField+pKeyInfo->nXField)<13 
+     && (pKeyInfo->aColl[0]==0 || pKeyInfo->aColl[0]==db->pDfltColl)
+    ){
+      pSorter->typeMask = SORTER_TYPE_INTEGER | SORTER_TYPE_TEXT;
+    }
+  }
+
+  return rc;
+}
+#undef nWorker   /* Defined at the top of this function */
+
+/*
+** Free the list of sorted records starting at pRecord.
+*/
+static void vdbeSorterRecordFree(sqlite3 *db, SorterRecord *pRecord){
+  SorterRecord *p;
+  SorterRecord *pNext;
+  for(p=pRecord; p; p=pNext){
+    pNext = p->u.pNext;
+    sqlite3DbFree(db, p);
+  }
+}
+
+/*
+** Free all resources owned by the object indicated by argument pTask. All 
+** fields of *pTask are zeroed before returning.
+*/
+static void vdbeSortSubtaskCleanup(sqlite3 *db, SortSubtask *pTask){
+  sqlite3DbFree(db, pTask->pUnpacked);
+#if SQLITE_MAX_WORKER_THREADS>0
+  /* pTask->list.aMemory can only be non-zero if it was handed memory
+  ** from the main thread.  That only occurs SQLITE_MAX_WORKER_THREADS>0 */
+  if( pTask->list.aMemory ){
+    sqlite3_free(pTask->list.aMemory);
+  }else
+#endif
+  {
+    assert( pTask->list.aMemory==0 );
+    vdbeSorterRecordFree(0, pTask->list.pList);
+  }
+  if( pTask->file.pFd ){
+    sqlite3OsCloseFree(pTask->file.pFd);
+  }
+  if( pTask->file2.pFd ){
+    sqlite3OsCloseFree(pTask->file2.pFd);
+  }
+  memset(pTask, 0, sizeof(SortSubtask));
+}
+
+#ifdef SQLITE_DEBUG_SORTER_THREADS
+static void vdbeSorterWorkDebug(SortSubtask *pTask, const char *zEvent){
+  i64 t;
+  int iTask = (pTask - pTask->pSorter->aTask);
+  sqlite3OsCurrentTimeInt64(pTask->pSorter->db->pVfs, &t);
+  fprintf(stderr, "%lld:%d %s\n", t, iTask, zEvent);
+}
+static void vdbeSorterRewindDebug(const char *zEvent){
+  i64 t;
+  sqlite3OsCurrentTimeInt64(sqlite3_vfs_find(0), &t);
+  fprintf(stderr, "%lld:X %s\n", t, zEvent);
+}
+static void vdbeSorterPopulateDebug(
+  SortSubtask *pTask,
+  const char *zEvent
+){
+  i64 t;
+  int iTask = (pTask - pTask->pSorter->aTask);
+  sqlite3OsCurrentTimeInt64(pTask->pSorter->db->pVfs, &t);
+  fprintf(stderr, "%lld:bg%d %s\n", t, iTask, zEvent);
+}
+static void vdbeSorterBlockDebug(
+  SortSubtask *pTask,
+  int bBlocked,
+  const char *zEvent
+){
+  if( bBlocked ){
+    i64 t;
+    sqlite3OsCurrentTimeInt64(pTask->pSorter->db->pVfs, &t);
+    fprintf(stderr, "%lld:main %s\n", t, zEvent);
+  }
+}
+#else
+# define vdbeSorterWorkDebug(x,y)
+# define vdbeSorterRewindDebug(y)
+# define vdbeSorterPopulateDebug(x,y)
+# define vdbeSorterBlockDebug(x,y,z)
+#endif
+
+#if SQLITE_MAX_WORKER_THREADS>0
+/*
+** Join thread pTask->thread.
+*/
+static int vdbeSorterJoinThread(SortSubtask *pTask){
+  int rc = SQLITE_OK;
+  if( pTask->pThread ){
+#ifdef SQLITE_DEBUG_SORTER_THREADS
+    int bDone = pTask->bDone;
+#endif
+    void *pRet = SQLITE_INT_TO_PTR(SQLITE_ERROR);
+    vdbeSorterBlockDebug(pTask, !bDone, "enter");
+    (void)sqlite3ThreadJoin(pTask->pThread, &pRet);
+    vdbeSorterBlockDebug(pTask, !bDone, "exit");
+    rc = SQLITE_PTR_TO_INT(pRet);
+    assert( pTask->bDone==1 );
+    pTask->bDone = 0;
+    pTask->pThread = 0;
+  }
+  return rc;
+}
+
+/*
+** Launch a background thread to run xTask(pIn).
+*/
+static int vdbeSorterCreateThread(
+  SortSubtask *pTask,             /* Thread will use this task object */
+  void *(*xTask)(void*),          /* Routine to run in a separate thread */
+  void *pIn                       /* Argument passed into xTask() */
+){
+  assert( pTask->pThread==0 && pTask->bDone==0 );
+  return sqlite3ThreadCreate(&pTask->pThread, xTask, pIn);
+}
+
+/*
+** Join all outstanding threads launched by SorterWrite() to create 
+** level-0 PMAs.
+*/
+static int vdbeSorterJoinAll(VdbeSorter *pSorter, int rcin){
+  int rc = rcin;
+  int i;
+
+  /* This function is always called by the main user thread.
+  **
+  ** If this function is being called after SorterRewind() has been called, 
+  ** it is possible that thread pSorter->aTask[pSorter->nTask-1].pThread
+  ** is currently attempt to join one of the other threads. To avoid a race
+  ** condition where this thread also attempts to join the same object, join 
+  ** thread pSorter->aTask[pSorter->nTask-1].pThread first. */
+  for(i=pSorter->nTask-1; i>=0; i--){
+    SortSubtask *pTask = &pSorter->aTask[i];
+    int rc2 = vdbeSorterJoinThread(pTask);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+  return rc;
+}
+#else
+# define vdbeSorterJoinAll(x,rcin) (rcin)
+# define vdbeSorterJoinThread(pTask) SQLITE_OK
+#endif
+
+/*
+** Allocate a new MergeEngine object capable of handling up to
+** nReader PmaReader inputs.
+**
+** nReader is automatically rounded up to the next power of two.
+** nReader may not exceed SORTER_MAX_MERGE_COUNT even after rounding up.
+*/
+static MergeEngine *vdbeMergeEngineNew(int nReader){
+  int N = 2;                      /* Smallest power of two >= nReader */
+  int nByte;                      /* Total bytes of space to allocate */
+  MergeEngine *pNew;              /* Pointer to allocated object to return */
+
+  assert( nReader<=SORTER_MAX_MERGE_COUNT );
+
+  while( N<nReader ) N += N;
+  nByte = sizeof(MergeEngine) + N * (sizeof(int) + sizeof(PmaReader));
+
+  pNew = sqlite3FaultSim(100) ? 0 : (MergeEngine*)sqlite3MallocZero(nByte);
+  if( pNew ){
+    pNew->nTree = N;
+    pNew->pTask = 0;
+    pNew->aReadr = (PmaReader*)&pNew[1];
+    pNew->aTree = (int*)&pNew->aReadr[N];
+  }
+  return pNew;
+}
+
+/*
+** Free the MergeEngine object passed as the only argument.
+*/
+static void vdbeMergeEngineFree(MergeEngine *pMerger){
+  int i;
+  if( pMerger ){
+    for(i=0; i<pMerger->nTree; i++){
+      vdbePmaReaderClear(&pMerger->aReadr[i]);
+    }
+  }
+  sqlite3_free(pMerger);
+}
+
+/*
+** Free all resources associated with the IncrMerger object indicated by
+** the first argument.
+*/
+static void vdbeIncrFree(IncrMerger *pIncr){
+  if( pIncr ){
+#if SQLITE_MAX_WORKER_THREADS>0
+    if( pIncr->bUseThread ){
+      vdbeSorterJoinThread(pIncr->pTask);
+      if( pIncr->aFile[0].pFd ) sqlite3OsCloseFree(pIncr->aFile[0].pFd);
+      if( pIncr->aFile[1].pFd ) sqlite3OsCloseFree(pIncr->aFile[1].pFd);
+    }
+#endif
+    vdbeMergeEngineFree(pIncr->pMerger);
+    sqlite3_free(pIncr);
+  }
+}
+
+/*
+** Reset a sorting cursor back to its original empty state.
+*/
+SQLITE_PRIVATE void sqlite3VdbeSorterReset(sqlite3 *db, VdbeSorter *pSorter){
+  int i;
+  (void)vdbeSorterJoinAll(pSorter, SQLITE_OK);
+  assert( pSorter->bUseThreads || pSorter->pReader==0 );
+#if SQLITE_MAX_WORKER_THREADS>0
+  if( pSorter->pReader ){
+    vdbePmaReaderClear(pSorter->pReader);
+    sqlite3DbFree(db, pSorter->pReader);
+    pSorter->pReader = 0;
+  }
+#endif
+  vdbeMergeEngineFree(pSorter->pMerger);
+  pSorter->pMerger = 0;
+  for(i=0; i<pSorter->nTask; i++){
+    SortSubtask *pTask = &pSorter->aTask[i];
+    vdbeSortSubtaskCleanup(db, pTask);
+    pTask->pSorter = pSorter;
+  }
+  if( pSorter->list.aMemory==0 ){
+    vdbeSorterRecordFree(0, pSorter->list.pList);
+  }
+  pSorter->list.pList = 0;
+  pSorter->list.szPMA = 0;
+  pSorter->bUsePMA = 0;
+  pSorter->iMemory = 0;
+  pSorter->mxKeysize = 0;
+  sqlite3DbFree(db, pSorter->pUnpacked);
+  pSorter->pUnpacked = 0;
+}
+
+/*
+** Free any cursor components allocated by sqlite3VdbeSorterXXX routines.
+*/
+SQLITE_PRIVATE void sqlite3VdbeSorterClose(sqlite3 *db, VdbeCursor *pCsr){
+  VdbeSorter *pSorter;
+  assert( pCsr->eCurType==CURTYPE_SORTER );
+  pSorter = pCsr->uc.pSorter;
+  if( pSorter ){
+    sqlite3VdbeSorterReset(db, pSorter);
+    sqlite3_free(pSorter->list.aMemory);
+    sqlite3DbFree(db, pSorter);
+    pCsr->uc.pSorter = 0;
+  }
+}
+
+#if SQLITE_MAX_MMAP_SIZE>0
+/*
+** The first argument is a file-handle open on a temporary file. The file
+** is guaranteed to be nByte bytes or smaller in size. This function
+** attempts to extend the file to nByte bytes in size and to ensure that
+** the VFS has memory mapped it.
+**
+** Whether or not the file does end up memory mapped of course depends on
+** the specific VFS implementation.
+*/
+static void vdbeSorterExtendFile(sqlite3 *db, sqlite3_file *pFd, i64 nByte){
+  if( nByte<=(i64)(db->nMaxSorterMmap) && pFd->pMethods->iVersion>=3 ){
+    void *p = 0;
+    int chunksize = 4*1024;
+    sqlite3OsFileControlHint(pFd, SQLITE_FCNTL_CHUNK_SIZE, &chunksize);
+    sqlite3OsFileControlHint(pFd, SQLITE_FCNTL_SIZE_HINT, &nByte);
+    sqlite3OsFetch(pFd, 0, (int)nByte, &p);
+    sqlite3OsUnfetch(pFd, 0, p);
+  }
+}
+#else
+# define vdbeSorterExtendFile(x,y,z)
+#endif
+
+/*
+** Allocate space for a file-handle and open a temporary file. If successful,
+** set *ppFd to point to the malloc'd file-handle and return SQLITE_OK.
+** Otherwise, set *ppFd to 0 and return an SQLite error code.
+*/
+static int vdbeSorterOpenTempFile(
+  sqlite3 *db,                    /* Database handle doing sort */
+  i64 nExtend,                    /* Attempt to extend file to this size */
+  sqlite3_file **ppFd
+){
+  int rc;
+  if( sqlite3FaultSim(202) ) return SQLITE_IOERR_ACCESS;
+  rc = sqlite3OsOpenMalloc(db->pVfs, 0, ppFd,
+      SQLITE_OPEN_TEMP_JOURNAL |
+      SQLITE_OPEN_READWRITE    | SQLITE_OPEN_CREATE |
+      SQLITE_OPEN_EXCLUSIVE    | SQLITE_OPEN_DELETEONCLOSE, &rc
+  );
+  if( rc==SQLITE_OK ){
+    i64 max = SQLITE_MAX_MMAP_SIZE;
+    sqlite3OsFileControlHint(*ppFd, SQLITE_FCNTL_MMAP_SIZE, (void*)&max);
+    if( nExtend>0 ){
+      vdbeSorterExtendFile(db, *ppFd, nExtend);
+    }
+  }
+  return rc;
+}
+
+/*
+** If it has not already been allocated, allocate the UnpackedRecord 
+** structure at pTask->pUnpacked. Return SQLITE_OK if successful (or 
+** if no allocation was required), or SQLITE_NOMEM otherwise.
+*/
+static int vdbeSortAllocUnpacked(SortSubtask *pTask){
+  if( pTask->pUnpacked==0 ){
+    char *pFree;
+    pTask->pUnpacked = sqlite3VdbeAllocUnpackedRecord(
+        pTask->pSorter->pKeyInfo, 0, 0, &pFree
+    );
+    assert( pTask->pUnpacked==(UnpackedRecord*)pFree );
+    if( pFree==0 ) return SQLITE_NOMEM;
+    pTask->pUnpacked->nField = pTask->pSorter->pKeyInfo->nField;
+    pTask->pUnpacked->errCode = 0;
+  }
+  return SQLITE_OK;
+}
+
+
+/*
+** Merge the two sorted lists p1 and p2 into a single list.
+** Set *ppOut to the head of the new list.
+*/
+static void vdbeSorterMerge(
+  SortSubtask *pTask,             /* Calling thread context */
+  SorterRecord *p1,               /* First list to merge */
+  SorterRecord *p2,               /* Second list to merge */
+  SorterRecord **ppOut            /* OUT: Head of merged list */
+){
+  SorterRecord *pFinal = 0;
+  SorterRecord **pp = &pFinal;
+  int bCached = 0;
+
+  while( p1 && p2 ){
+    int res;
+    res = pTask->xCompare(
+        pTask, &bCached, SRVAL(p1), p1->nVal, SRVAL(p2), p2->nVal
+    );
+
+    if( res<=0 ){
+      *pp = p1;
+      pp = &p1->u.pNext;
+      p1 = p1->u.pNext;
+    }else{
+      *pp = p2;
+      pp = &p2->u.pNext;
+      p2 = p2->u.pNext;
+      bCached = 0;
+    }
+  }
+  *pp = p1 ? p1 : p2;
+  *ppOut = pFinal;
+}
+
+/*
+** Return the SorterCompare function to compare values collected by the
+** sorter object passed as the only argument.
+*/
+static SorterCompare vdbeSorterGetCompare(VdbeSorter *p){
+  if( p->typeMask==SORTER_TYPE_INTEGER ){
+    return vdbeSorterCompareInt;
+  }else if( p->typeMask==SORTER_TYPE_TEXT ){
+    return vdbeSorterCompareText; 
+  }
+  return vdbeSorterCompare;
+}
+
+/*
+** Sort the linked list of records headed at pTask->pList. Return 
+** SQLITE_OK if successful, or an SQLite error code (i.e. SQLITE_NOMEM) if 
+** an error occurs.
+*/
+static int vdbeSorterSort(SortSubtask *pTask, SorterList *pList){
+  int i;
+  SorterRecord **aSlot;
+  SorterRecord *p;
+  int rc;
+
+  rc = vdbeSortAllocUnpacked(pTask);
+  if( rc!=SQLITE_OK ) return rc;
+
+  p = pList->pList;
+  pTask->xCompare = vdbeSorterGetCompare(pTask->pSorter);
+
+  aSlot = (SorterRecord **)sqlite3MallocZero(64 * sizeof(SorterRecord *));
+  if( !aSlot ){
+    return SQLITE_NOMEM;
+  }
+
+  while( p ){
+    SorterRecord *pNext;
+    if( pList->aMemory ){
+      if( (u8*)p==pList->aMemory ){
+        pNext = 0;
+      }else{
+        assert( p->u.iNext<sqlite3MallocSize(pList->aMemory) );
+        pNext = (SorterRecord*)&pList->aMemory[p->u.iNext];
+      }
+    }else{
+      pNext = p->u.pNext;
+    }
+
+    p->u.pNext = 0;
+    for(i=0; aSlot[i]; i++){
+      vdbeSorterMerge(pTask, p, aSlot[i], &p);
+      aSlot[i] = 0;
+    }
+    aSlot[i] = p;
+    p = pNext;
+  }
+
+  p = 0;
+  for(i=0; i<64; i++){
+    vdbeSorterMerge(pTask, p, aSlot[i], &p);
+  }
+  pList->pList = p;
+
+  sqlite3_free(aSlot);
+  assert( pTask->pUnpacked->errCode==SQLITE_OK 
+       || pTask->pUnpacked->errCode==SQLITE_NOMEM 
+  );
+  return pTask->pUnpacked->errCode;
+}
+
+/*
+** Initialize a PMA-writer object.
+*/
+static void vdbePmaWriterInit(
+  sqlite3_file *pFd,              /* File handle to write to */
+  PmaWriter *p,                   /* Object to populate */
+  int nBuf,                       /* Buffer size */
+  i64 iStart                      /* Offset of pFd to begin writing at */
+){
+  memset(p, 0, sizeof(PmaWriter));
+  p->aBuffer = (u8*)sqlite3Malloc(nBuf);
+  if( !p->aBuffer ){
+    p->eFWErr = SQLITE_NOMEM;
+  }else{
+    p->iBufEnd = p->iBufStart = (iStart % nBuf);
+    p->iWriteOff = iStart - p->iBufStart;
+    p->nBuffer = nBuf;
+    p->pFd = pFd;
+  }
+}
+
+/*
+** Write nData bytes of data to the PMA. Return SQLITE_OK
+** if successful, or an SQLite error code if an error occurs.
+*/
+static void vdbePmaWriteBlob(PmaWriter *p, u8 *pData, int nData){
+  int nRem = nData;
+  while( nRem>0 && p->eFWErr==0 ){
+    int nCopy = nRem;
+    if( nCopy>(p->nBuffer - p->iBufEnd) ){
+      nCopy = p->nBuffer - p->iBufEnd;
+    }
+
+    memcpy(&p->aBuffer[p->iBufEnd], &pData[nData-nRem], nCopy);
+    p->iBufEnd += nCopy;
+    if( p->iBufEnd==p->nBuffer ){
+      p->eFWErr = sqlite3OsWrite(p->pFd, 
+          &p->aBuffer[p->iBufStart], p->iBufEnd - p->iBufStart, 
+          p->iWriteOff + p->iBufStart
+      );
+      p->iBufStart = p->iBufEnd = 0;
+      p->iWriteOff += p->nBuffer;
+    }
+    assert( p->iBufEnd<p->nBuffer );
+
+    nRem -= nCopy;
+  }
+}
+
+/*
+** Flush any buffered data to disk and clean up the PMA-writer object.
+** The results of using the PMA-writer after this call are undefined.
+** Return SQLITE_OK if flushing the buffered data succeeds or is not 
+** required. Otherwise, return an SQLite error code.
+**
+** Before returning, set *piEof to the offset immediately following the
+** last byte written to the file.
+*/
+static int vdbePmaWriterFinish(PmaWriter *p, i64 *piEof){
+  int rc;
+  if( p->eFWErr==0 && ALWAYS(p->aBuffer) && p->iBufEnd>p->iBufStart ){
+    p->eFWErr = sqlite3OsWrite(p->pFd, 
+        &p->aBuffer[p->iBufStart], p->iBufEnd - p->iBufStart, 
+        p->iWriteOff + p->iBufStart
+    );
+  }
+  *piEof = (p->iWriteOff + p->iBufEnd);
+  sqlite3_free(p->aBuffer);
+  rc = p->eFWErr;
+  memset(p, 0, sizeof(PmaWriter));
+  return rc;
+}
+
+/*
+** Write value iVal encoded as a varint to the PMA. Return 
+** SQLITE_OK if successful, or an SQLite error code if an error occurs.
+*/
+static void vdbePmaWriteVarint(PmaWriter *p, u64 iVal){
+  int nByte; 
+  u8 aByte[10];
+  nByte = sqlite3PutVarint(aByte, iVal);
+  vdbePmaWriteBlob(p, aByte, nByte);
+}
+
+/*
+** Write the current contents of in-memory linked-list pList to a level-0
+** PMA in the temp file belonging to sub-task pTask. Return SQLITE_OK if 
+** successful, or an SQLite error code otherwise.
+**
+** The format of a PMA is:
+**
+**     * A varint. This varint contains the total number of bytes of content
+**       in the PMA (not including the varint itself).
+**
+**     * One or more records packed end-to-end in order of ascending keys. 
+**       Each record consists of a varint followed by a blob of data (the 
+**       key). The varint is the number of bytes in the blob of data.
+*/
+static int vdbeSorterListToPMA(SortSubtask *pTask, SorterList *pList){
+  sqlite3 *db = pTask->pSorter->db;
+  int rc = SQLITE_OK;             /* Return code */
+  PmaWriter writer;               /* Object used to write to the file */
+
+#ifdef SQLITE_DEBUG
+  /* Set iSz to the expected size of file pTask->file after writing the PMA. 
+  ** This is used by an assert() statement at the end of this function.  */
+  i64 iSz = pList->szPMA + sqlite3VarintLen(pList->szPMA) + pTask->file.iEof;
+#endif
+
+  vdbeSorterWorkDebug(pTask, "enter");
+  memset(&writer, 0, sizeof(PmaWriter));
+  assert( pList->szPMA>0 );
+
+  /* If the first temporary PMA file has not been opened, open it now. */
+  if( pTask->file.pFd==0 ){
+    rc = vdbeSorterOpenTempFile(db, 0, &pTask->file.pFd);
+    assert( rc!=SQLITE_OK || pTask->file.pFd );
+    assert( pTask->file.iEof==0 );
+    assert( pTask->nPMA==0 );
+  }
+
+  /* Try to get the file to memory map */
+  if( rc==SQLITE_OK ){
+    vdbeSorterExtendFile(db, pTask->file.pFd, pTask->file.iEof+pList->szPMA+9);
+  }
+
+  /* Sort the list */
+  if( rc==SQLITE_OK ){
+    rc = vdbeSorterSort(pTask, pList);
+  }
+
+  if( rc==SQLITE_OK ){
+    SorterRecord *p;
+    SorterRecord *pNext = 0;
+
+    vdbePmaWriterInit(pTask->file.pFd, &writer, pTask->pSorter->pgsz,
+                      pTask->file.iEof);
+    pTask->nPMA++;
+    vdbePmaWriteVarint(&writer, pList->szPMA);
+    for(p=pList->pList; p; p=pNext){
+      pNext = p->u.pNext;
+      vdbePmaWriteVarint(&writer, p->nVal);
+      vdbePmaWriteBlob(&writer, SRVAL(p), p->nVal);
+      if( pList->aMemory==0 ) sqlite3_free(p);
+    }
+    pList->pList = p;
+    rc = vdbePmaWriterFinish(&writer, &pTask->file.iEof);
+  }
+
+  vdbeSorterWorkDebug(pTask, "exit");
+  assert( rc!=SQLITE_OK || pList->pList==0 );
+  assert( rc!=SQLITE_OK || pTask->file.iEof==iSz );
+  return rc;
+}
+
+/*
+** Advance the MergeEngine to its next entry.
+** Set *pbEof to true there is no next entry because
+** the MergeEngine has reached the end of all its inputs.
+**
+** Return SQLITE_OK if successful or an error code if an error occurs.
+*/
+static int vdbeMergeEngineStep(
+  MergeEngine *pMerger,      /* The merge engine to advance to the next row */
+  int *pbEof                 /* Set TRUE at EOF.  Set false for more content */
+){
+  int rc;
+  int iPrev = pMerger->aTree[1];/* Index of PmaReader to advance */
+  SortSubtask *pTask = pMerger->pTask;
+
+  /* Advance the current PmaReader */
+  rc = vdbePmaReaderNext(&pMerger->aReadr[iPrev]);
+
+  /* Update contents of aTree[] */
+  if( rc==SQLITE_OK ){
+    int i;                      /* Index of aTree[] to recalculate */
+    PmaReader *pReadr1;         /* First PmaReader to compare */
+    PmaReader *pReadr2;         /* Second PmaReader to compare */
+    int bCached = 0;
+
+    /* Find the first two PmaReaders to compare. The one that was just
+    ** advanced (iPrev) and the one next to it in the array.  */
+    pReadr1 = &pMerger->aReadr[(iPrev & 0xFFFE)];
+    pReadr2 = &pMerger->aReadr[(iPrev | 0x0001)];
+
+    for(i=(pMerger->nTree+iPrev)/2; i>0; i=i/2){
+      /* Compare pReadr1 and pReadr2. Store the result in variable iRes. */
+      int iRes;
+      if( pReadr1->pFd==0 ){
+        iRes = +1;
+      }else if( pReadr2->pFd==0 ){
+        iRes = -1;
+      }else{
+        iRes = pTask->xCompare(pTask, &bCached,
+            pReadr1->aKey, pReadr1->nKey, pReadr2->aKey, pReadr2->nKey
+        );
+      }
+
+      /* If pReadr1 contained the smaller value, set aTree[i] to its index.
+      ** Then set pReadr2 to the next PmaReader to compare to pReadr1. In this
+      ** case there is no cache of pReadr2 in pTask->pUnpacked, so set
+      ** pKey2 to point to the record belonging to pReadr2.
+      **
+      ** Alternatively, if pReadr2 contains the smaller of the two values,
+      ** set aTree[i] to its index and update pReadr1. If vdbeSorterCompare()
+      ** was actually called above, then pTask->pUnpacked now contains
+      ** a value equivalent to pReadr2. So set pKey2 to NULL to prevent
+      ** vdbeSorterCompare() from decoding pReadr2 again.
+      **
+      ** If the two values were equal, then the value from the oldest
+      ** PMA should be considered smaller. The VdbeSorter.aReadr[] array
+      ** is sorted from oldest to newest, so pReadr1 contains older values
+      ** than pReadr2 iff (pReadr1<pReadr2).  */
+      if( iRes<0 || (iRes==0 && pReadr1<pReadr2) ){
+        pMerger->aTree[i] = (int)(pReadr1 - pMerger->aReadr);
+        pReadr2 = &pMerger->aReadr[ pMerger->aTree[i ^ 0x0001] ];
+        bCached = 0;
+      }else{
+        if( pReadr1->pFd ) bCached = 0;
+        pMerger->aTree[i] = (int)(pReadr2 - pMerger->aReadr);
+        pReadr1 = &pMerger->aReadr[ pMerger->aTree[i ^ 0x0001] ];
+      }
+    }
+    *pbEof = (pMerger->aReadr[pMerger->aTree[1]].pFd==0);
+  }
+
+  return (rc==SQLITE_OK ? pTask->pUnpacked->errCode : rc);
+}
+
+#if SQLITE_MAX_WORKER_THREADS>0
+/*
+** The main routine for background threads that write level-0 PMAs.
+*/
+static void *vdbeSorterFlushThread(void *pCtx){
+  SortSubtask *pTask = (SortSubtask*)pCtx;
+  int rc;                         /* Return code */
+  assert( pTask->bDone==0 );
+  rc = vdbeSorterListToPMA(pTask, &pTask->list);
+  pTask->bDone = 1;
+  return SQLITE_INT_TO_PTR(rc);
+}
+#endif /* SQLITE_MAX_WORKER_THREADS>0 */
+
+/*
+** Flush the current contents of VdbeSorter.list to a new PMA, possibly
+** using a background thread.
+*/
+static int vdbeSorterFlushPMA(VdbeSorter *pSorter){
+#if SQLITE_MAX_WORKER_THREADS==0
+  pSorter->bUsePMA = 1;
+  return vdbeSorterListToPMA(&pSorter->aTask[0], &pSorter->list);
+#else
+  int rc = SQLITE_OK;
+  int i;
+  SortSubtask *pTask = 0;    /* Thread context used to create new PMA */
+  int nWorker = (pSorter->nTask-1);
+
+  /* Set the flag to indicate that at least one PMA has been written. 
+  ** Or will be, anyhow.  */
+  pSorter->bUsePMA = 1;
+
+  /* Select a sub-task to sort and flush the current list of in-memory
+  ** records to disk. If the sorter is running in multi-threaded mode,
+  ** round-robin between the first (pSorter->nTask-1) tasks. Except, if
+  ** the background thread from a sub-tasks previous turn is still running,
+  ** skip it. If the first (pSorter->nTask-1) sub-tasks are all still busy,
+  ** fall back to using the final sub-task. The first (pSorter->nTask-1)
+  ** sub-tasks are prefered as they use background threads - the final 
+  ** sub-task uses the main thread. */
+  for(i=0; i<nWorker; i++){
+    int iTest = (pSorter->iPrev + i + 1) % nWorker;
+    pTask = &pSorter->aTask[iTest];
+    if( pTask->bDone ){
+      rc = vdbeSorterJoinThread(pTask);
+    }
+    if( rc!=SQLITE_OK || pTask->pThread==0 ) break;
+  }
+
+  if( rc==SQLITE_OK ){
+    if( i==nWorker ){
+      /* Use the foreground thread for this operation */
+      rc = vdbeSorterListToPMA(&pSorter->aTask[nWorker], &pSorter->list);
+    }else{
+      /* Launch a background thread for this operation */
+      u8 *aMem = pTask->list.aMemory;
+      void *pCtx = (void*)pTask;
+
+      assert( pTask->pThread==0 && pTask->bDone==0 );
+      assert( pTask->list.pList==0 );
+      assert( pTask->list.aMemory==0 || pSorter->list.aMemory!=0 );
+
+      pSorter->iPrev = (u8)(pTask - pSorter->aTask);
+      pTask->list = pSorter->list;
+      pSorter->list.pList = 0;
+      pSorter->list.szPMA = 0;
+      if( aMem ){
+        pSorter->list.aMemory = aMem;
+        pSorter->nMemory = sqlite3MallocSize(aMem);
+      }else if( pSorter->list.aMemory ){
+        pSorter->list.aMemory = sqlite3Malloc(pSorter->nMemory);
+        if( !pSorter->list.aMemory ) return SQLITE_NOMEM;
+      }
+
+      rc = vdbeSorterCreateThread(pTask, vdbeSorterFlushThread, pCtx);
+    }
+  }
+
+  return rc;
+#endif /* SQLITE_MAX_WORKER_THREADS!=0 */
+}
+
+/*
+** Add a record to the sorter.
+*/
+SQLITE_PRIVATE int sqlite3VdbeSorterWrite(
+  const VdbeCursor *pCsr,         /* Sorter cursor */
+  Mem *pVal                       /* Memory cell containing record */
+){
+  VdbeSorter *pSorter;
+  int rc = SQLITE_OK;             /* Return Code */
+  SorterRecord *pNew;             /* New list element */
+  int bFlush;                     /* True to flush contents of memory to PMA */
+  int nReq;                       /* Bytes of memory required */
+  int nPMA;                       /* Bytes of PMA space required */
+  int t;                          /* serial type of first record field */
+
+  assert( pCsr->eCurType==CURTYPE_SORTER );
+  pSorter = pCsr->uc.pSorter;
+  getVarint32((const u8*)&pVal->z[1], t);
+  if( t>0 && t<10 && t!=7 ){
+    pSorter->typeMask &= SORTER_TYPE_INTEGER;
+  }else if( t>10 && (t & 0x01) ){
+    pSorter->typeMask &= SORTER_TYPE_TEXT;
+  }else{
+    pSorter->typeMask = 0;
+  }
+
+  assert( pSorter );
+
+  /* Figure out whether or not the current contents of memory should be
+  ** flushed to a PMA before continuing. If so, do so.
+  **
+  ** If using the single large allocation mode (pSorter->aMemory!=0), then
+  ** flush the contents of memory to a new PMA if (a) at least one value is
+  ** already in memory and (b) the new value will not fit in memory.
+  ** 
+  ** Or, if using separate allocations for each record, flush the contents
+  ** of memory to a PMA if either of the following are true:
+  **
+  **   * The total memory allocated for the in-memory list is greater 
+  **     than (page-size * cache-size), or
+  **
+  **   * The total memory allocated for the in-memory list is greater 
+  **     than (page-size * 10) and sqlite3HeapNearlyFull() returns true.
+  */
+  nReq = pVal->n + sizeof(SorterRecord);
+  nPMA = pVal->n + sqlite3VarintLen(pVal->n);
+  if( pSorter->mxPmaSize ){
+    if( pSorter->list.aMemory ){
+      bFlush = pSorter->iMemory && (pSorter->iMemory+nReq) > pSorter->mxPmaSize;
+    }else{
+      bFlush = (
+          (pSorter->list.szPMA > pSorter->mxPmaSize)
+       || (pSorter->list.szPMA > pSorter->mnPmaSize && sqlite3HeapNearlyFull())
+      );
+    }
+    if( bFlush ){
+      rc = vdbeSorterFlushPMA(pSorter);
+      pSorter->list.szPMA = 0;
+      pSorter->iMemory = 0;
+      assert( rc!=SQLITE_OK || pSorter->list.pList==0 );
+    }
+  }
+
+  pSorter->list.szPMA += nPMA;
+  if( nPMA>pSorter->mxKeysize ){
+    pSorter->mxKeysize = nPMA;
+  }
+
+  if( pSorter->list.aMemory ){
+    int nMin = pSorter->iMemory + nReq;
+
+    if( nMin>pSorter->nMemory ){
+      u8 *aNew;
+      int nNew = pSorter->nMemory * 2;
+      while( nNew < nMin ) nNew = nNew*2;
+      if( nNew > pSorter->mxPmaSize ) nNew = pSorter->mxPmaSize;
+      if( nNew < nMin ) nNew = nMin;
+
+      aNew = sqlite3Realloc(pSorter->list.aMemory, nNew);
+      if( !aNew ) return SQLITE_NOMEM;
+      pSorter->list.pList = (SorterRecord*)(
+          aNew + ((u8*)pSorter->list.pList - pSorter->list.aMemory)
+      );
+      pSorter->list.aMemory = aNew;
+      pSorter->nMemory = nNew;
+    }
+
+    pNew = (SorterRecord*)&pSorter->list.aMemory[pSorter->iMemory];
+    pSorter->iMemory += ROUND8(nReq);
+    pNew->u.iNext = (int)((u8*)(pSorter->list.pList) - pSorter->list.aMemory);
+  }else{
+    pNew = (SorterRecord *)sqlite3Malloc(nReq);
+    if( pNew==0 ){
+      return SQLITE_NOMEM;
+    }
+    pNew->u.pNext = pSorter->list.pList;
+  }
+
+  memcpy(SRVAL(pNew), pVal->z, pVal->n);
+  pNew->nVal = pVal->n;
+  pSorter->list.pList = pNew;
+
+  return rc;
+}
+
+/*
+** Read keys from pIncr->pMerger and populate pIncr->aFile[1]. The format
+** of the data stored in aFile[1] is the same as that used by regular PMAs,
+** except that the number-of-bytes varint is omitted from the start.
+*/
+static int vdbeIncrPopulate(IncrMerger *pIncr){
+  int rc = SQLITE_OK;
+  int rc2;
+  i64 iStart = pIncr->iStartOff;
+  SorterFile *pOut = &pIncr->aFile[1];
+  SortSubtask *pTask = pIncr->pTask;
+  MergeEngine *pMerger = pIncr->pMerger;
+  PmaWriter writer;
+  assert( pIncr->bEof==0 );
+
+  vdbeSorterPopulateDebug(pTask, "enter");
+
+  vdbePmaWriterInit(pOut->pFd, &writer, pTask->pSorter->pgsz, iStart);
+  while( rc==SQLITE_OK ){
+    int dummy;
+    PmaReader *pReader = &pMerger->aReadr[ pMerger->aTree[1] ];
+    int nKey = pReader->nKey;
+    i64 iEof = writer.iWriteOff + writer.iBufEnd;
+
+    /* Check if the output file is full or if the input has been exhausted.
+    ** In either case exit the loop. */
+    if( pReader->pFd==0 ) break;
+    if( (iEof + nKey + sqlite3VarintLen(nKey))>(iStart + pIncr->mxSz) ) break;
+
+    /* Write the next key to the output. */
+    vdbePmaWriteVarint(&writer, nKey);
+    vdbePmaWriteBlob(&writer, pReader->aKey, nKey);
+    assert( pIncr->pMerger->pTask==pTask );
+    rc = vdbeMergeEngineStep(pIncr->pMerger, &dummy);
+  }
+
+  rc2 = vdbePmaWriterFinish(&writer, &pOut->iEof);
+  if( rc==SQLITE_OK ) rc = rc2;
+  vdbeSorterPopulateDebug(pTask, "exit");
+  return rc;
+}
+
+#if SQLITE_MAX_WORKER_THREADS>0
+/*
+** The main routine for background threads that populate aFile[1] of
+** multi-threaded IncrMerger objects.
+*/
+static void *vdbeIncrPopulateThread(void *pCtx){
+  IncrMerger *pIncr = (IncrMerger*)pCtx;
+  void *pRet = SQLITE_INT_TO_PTR( vdbeIncrPopulate(pIncr) );
+  pIncr->pTask->bDone = 1;
+  return pRet;
+}
+
+/*
+** Launch a background thread to populate aFile[1] of pIncr.
+*/
+static int vdbeIncrBgPopulate(IncrMerger *pIncr){
+  void *p = (void*)pIncr;
+  assert( pIncr->bUseThread );
+  return vdbeSorterCreateThread(pIncr->pTask, vdbeIncrPopulateThread, p);
+}
+#endif
+
+/*
+** This function is called when the PmaReader corresponding to pIncr has
+** finished reading the contents of aFile[0]. Its purpose is to "refill"
+** aFile[0] such that the PmaReader should start rereading it from the
+** beginning.
+**
+** For single-threaded objects, this is accomplished by literally reading 
+** keys from pIncr->pMerger and repopulating aFile[0]. 
+**
+** For multi-threaded objects, all that is required is to wait until the 
+** background thread is finished (if it is not already) and then swap 
+** aFile[0] and aFile[1] in place. If the contents of pMerger have not
+** been exhausted, this function also launches a new background thread
+** to populate the new aFile[1].
+**
+** SQLITE_OK is returned on success, or an SQLite error code otherwise.
+*/
+static int vdbeIncrSwap(IncrMerger *pIncr){
+  int rc = SQLITE_OK;
+
+#if SQLITE_MAX_WORKER_THREADS>0
+  if( pIncr->bUseThread ){
+    rc = vdbeSorterJoinThread(pIncr->pTask);
+
+    if( rc==SQLITE_OK ){
+      SorterFile f0 = pIncr->aFile[0];
+      pIncr->aFile[0] = pIncr->aFile[1];
+      pIncr->aFile[1] = f0;
+    }
+
+    if( rc==SQLITE_OK ){
+      if( pIncr->aFile[0].iEof==pIncr->iStartOff ){
+        pIncr->bEof = 1;
+      }else{
+        rc = vdbeIncrBgPopulate(pIncr);
+      }
+    }
+  }else
+#endif
+  {
+    rc = vdbeIncrPopulate(pIncr);
+    pIncr->aFile[0] = pIncr->aFile[1];
+    if( pIncr->aFile[0].iEof==pIncr->iStartOff ){
+      pIncr->bEof = 1;
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Allocate and return a new IncrMerger object to read data from pMerger.
+**
+** If an OOM condition is encountered, return NULL. In this case free the
+** pMerger argument before returning.
+*/
+static int vdbeIncrMergerNew(
+  SortSubtask *pTask,     /* The thread that will be using the new IncrMerger */
+  MergeEngine *pMerger,   /* The MergeEngine that the IncrMerger will control */
+  IncrMerger **ppOut      /* Write the new IncrMerger here */
+){
+  int rc = SQLITE_OK;
+  IncrMerger *pIncr = *ppOut = (IncrMerger*)
+       (sqlite3FaultSim(100) ? 0 : sqlite3MallocZero(sizeof(*pIncr)));
+  if( pIncr ){
+    pIncr->pMerger = pMerger;
+    pIncr->pTask = pTask;
+    pIncr->mxSz = MAX(pTask->pSorter->mxKeysize+9,pTask->pSorter->mxPmaSize/2);
+    pTask->file2.iEof += pIncr->mxSz;
+  }else{
+    vdbeMergeEngineFree(pMerger);
+    rc = SQLITE_NOMEM;
+  }
+  return rc;
+}
+
+#if SQLITE_MAX_WORKER_THREADS>0
+/*
+** Set the "use-threads" flag on object pIncr.
+*/
+static void vdbeIncrMergerSetThreads(IncrMerger *pIncr){
+  pIncr->bUseThread = 1;
+  pIncr->pTask->file2.iEof -= pIncr->mxSz;
+}
+#endif /* SQLITE_MAX_WORKER_THREADS>0 */
+
+
+
+/*
+** Recompute pMerger->aTree[iOut] by comparing the next keys on the
+** two PmaReaders that feed that entry.  Neither of the PmaReaders
+** are advanced.  This routine merely does the comparison.
+*/
+static void vdbeMergeEngineCompare(
+  MergeEngine *pMerger,  /* Merge engine containing PmaReaders to compare */
+  int iOut               /* Store the result in pMerger->aTree[iOut] */
+){
+  int i1;
+  int i2;
+  int iRes;
+  PmaReader *p1;
+  PmaReader *p2;
+
+  assert( iOut<pMerger->nTree && iOut>0 );
+
+  if( iOut>=(pMerger->nTree/2) ){
+    i1 = (iOut - pMerger->nTree/2) * 2;
+    i2 = i1 + 1;
+  }else{
+    i1 = pMerger->aTree[iOut*2];
+    i2 = pMerger->aTree[iOut*2+1];
+  }
+
+  p1 = &pMerger->aReadr[i1];
+  p2 = &pMerger->aReadr[i2];
+
+  if( p1->pFd==0 ){
+    iRes = i2;
+  }else if( p2->pFd==0 ){
+    iRes = i1;
+  }else{
+    SortSubtask *pTask = pMerger->pTask;
+    int bCached = 0;
+    int res;
+    assert( pTask->pUnpacked!=0 );  /* from vdbeSortSubtaskMain() */
+    res = pTask->xCompare(
+        pTask, &bCached, p1->aKey, p1->nKey, p2->aKey, p2->nKey
+    );
+    if( res<=0 ){
+      iRes = i1;
+    }else{
+      iRes = i2;
+    }
+  }
+
+  pMerger->aTree[iOut] = iRes;
+}
+
+/*
+** Allowed values for the eMode parameter to vdbeMergeEngineInit()
+** and vdbePmaReaderIncrMergeInit().
+**
+** Only INCRINIT_NORMAL is valid in single-threaded builds (when
+** SQLITE_MAX_WORKER_THREADS==0).  The other values are only used
+** when there exists one or more separate worker threads.
+*/
+#define INCRINIT_NORMAL 0
+#define INCRINIT_TASK   1
+#define INCRINIT_ROOT   2
+
+/* 
+** Forward reference required as the vdbeIncrMergeInit() and
+** vdbePmaReaderIncrInit() routines are called mutually recursively when
+** building a merge tree.
+*/
+static int vdbePmaReaderIncrInit(PmaReader *pReadr, int eMode);
+
+/*
+** Initialize the MergeEngine object passed as the second argument. Once this
+** function returns, the first key of merged data may be read from the 
+** MergeEngine object in the usual fashion.
+**
+** If argument eMode is INCRINIT_ROOT, then it is assumed that any IncrMerge
+** objects attached to the PmaReader objects that the merger reads from have
+** already been populated, but that they have not yet populated aFile[0] and
+** set the PmaReader objects up to read from it. In this case all that is
+** required is to call vdbePmaReaderNext() on each PmaReader to point it at
+** its first key.
+**
+** Otherwise, if eMode is any value other than INCRINIT_ROOT, then use 
+** vdbePmaReaderIncrMergeInit() to initialize each PmaReader that feeds data 
+** to pMerger.
+**
+** SQLITE_OK is returned if successful, or an SQLite error code otherwise.
+*/
+static int vdbeMergeEngineInit(
+  SortSubtask *pTask,             /* Thread that will run pMerger */
+  MergeEngine *pMerger,           /* MergeEngine to initialize */
+  int eMode                       /* One of the INCRINIT_XXX constants */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  int i;                          /* For looping over PmaReader objects */
+  int nTree = pMerger->nTree;
+
+  /* eMode is always INCRINIT_NORMAL in single-threaded mode */
+  assert( SQLITE_MAX_WORKER_THREADS>0 || eMode==INCRINIT_NORMAL );
+
+  /* Verify that the MergeEngine is assigned to a single thread */
+  assert( pMerger->pTask==0 );
+  pMerger->pTask = pTask;
+
+  for(i=0; i<nTree; i++){
+    if( SQLITE_MAX_WORKER_THREADS>0 && eMode==INCRINIT_ROOT ){
+      /* PmaReaders should be normally initialized in order, as if they are
+      ** reading from the same temp file this makes for more linear file IO.
+      ** However, in the INCRINIT_ROOT case, if PmaReader aReadr[nTask-1] is
+      ** in use it will block the vdbePmaReaderNext() call while it uses
+      ** the main thread to fill its buffer. So calling PmaReaderNext()
+      ** on this PmaReader before any of the multi-threaded PmaReaders takes
+      ** better advantage of multi-processor hardware. */
+      rc = vdbePmaReaderNext(&pMerger->aReadr[nTree-i-1]);
+    }else{
+      rc = vdbePmaReaderIncrInit(&pMerger->aReadr[i], INCRINIT_NORMAL);
+    }
+    if( rc!=SQLITE_OK ) return rc;
+  }
+
+  for(i=pMerger->nTree-1; i>0; i--){
+    vdbeMergeEngineCompare(pMerger, i);
+  }
+  return pTask->pUnpacked->errCode;
+}
+
+/*
+** The PmaReader passed as the first argument is guaranteed to be an
+** incremental-reader (pReadr->pIncr!=0). This function serves to open
+** and/or initialize the temp file related fields of the IncrMerge
+** object at (pReadr->pIncr).
+**
+** If argument eMode is set to INCRINIT_NORMAL, then all PmaReaders
+** in the sub-tree headed by pReadr are also initialized. Data is then 
+** loaded into the buffers belonging to pReadr and it is set to point to 
+** the first key in its range.
+**
+** If argument eMode is set to INCRINIT_TASK, then pReadr is guaranteed
+** to be a multi-threaded PmaReader and this function is being called in a
+** background thread. In this case all PmaReaders in the sub-tree are 
+** initialized as for INCRINIT_NORMAL and the aFile[1] buffer belonging to
+** pReadr is populated. However, pReadr itself is not set up to point
+** to its first key. A call to vdbePmaReaderNext() is still required to do
+** that. 
+**
+** The reason this function does not call vdbePmaReaderNext() immediately 
+** in the INCRINIT_TASK case is that vdbePmaReaderNext() assumes that it has
+** to block on thread (pTask->thread) before accessing aFile[1]. But, since
+** this entire function is being run by thread (pTask->thread), that will
+** lead to the current background thread attempting to join itself.
+**
+** Finally, if argument eMode is set to INCRINIT_ROOT, it may be assumed
+** that pReadr->pIncr is a multi-threaded IncrMerge objects, and that all
+** child-trees have already been initialized using IncrInit(INCRINIT_TASK).
+** In this case vdbePmaReaderNext() is called on all child PmaReaders and
+** the current PmaReader set to point to the first key in its range.
+**
+** SQLITE_OK is returned if successful, or an SQLite error code otherwise.
+*/
+static int vdbePmaReaderIncrMergeInit(PmaReader *pReadr, int eMode){
+  int rc = SQLITE_OK;
+  IncrMerger *pIncr = pReadr->pIncr;
+  SortSubtask *pTask = pIncr->pTask;
+  sqlite3 *db = pTask->pSorter->db;
+
+  /* eMode is always INCRINIT_NORMAL in single-threaded mode */
+  assert( SQLITE_MAX_WORKER_THREADS>0 || eMode==INCRINIT_NORMAL );
+
+  rc = vdbeMergeEngineInit(pTask, pIncr->pMerger, eMode);
+
+  /* Set up the required files for pIncr. A multi-theaded IncrMerge object
+  ** requires two temp files to itself, whereas a single-threaded object
+  ** only requires a region of pTask->file2. */
+  if( rc==SQLITE_OK ){
+    int mxSz = pIncr->mxSz;
+#if SQLITE_MAX_WORKER_THREADS>0
+    if( pIncr->bUseThread ){
+      rc = vdbeSorterOpenTempFile(db, mxSz, &pIncr->aFile[0].pFd);
+      if( rc==SQLITE_OK ){
+        rc = vdbeSorterOpenTempFile(db, mxSz, &pIncr->aFile[1].pFd);
+      }
+    }else
+#endif
+    /*if( !pIncr->bUseThread )*/{
+      if( pTask->file2.pFd==0 ){
+        assert( pTask->file2.iEof>0 );
+        rc = vdbeSorterOpenTempFile(db, pTask->file2.iEof, &pTask->file2.pFd);
+        pTask->file2.iEof = 0;
+      }
+      if( rc==SQLITE_OK ){
+        pIncr->aFile[1].pFd = pTask->file2.pFd;
+        pIncr->iStartOff = pTask->file2.iEof;
+        pTask->file2.iEof += mxSz;
+      }
+    }
+  }
+
+#if SQLITE_MAX_WORKER_THREADS>0
+  if( rc==SQLITE_OK && pIncr->bUseThread ){
+    /* Use the current thread to populate aFile[1], even though this
+    ** PmaReader is multi-threaded. If this is an INCRINIT_TASK object,
+    ** then this function is already running in background thread 
+    ** pIncr->pTask->thread. 
+    **
+    ** If this is the INCRINIT_ROOT object, then it is running in the 
+    ** main VDBE thread. But that is Ok, as that thread cannot return
+    ** control to the VDBE or proceed with anything useful until the 
+    ** first results are ready from this merger object anyway.
+    */
+    assert( eMode==INCRINIT_ROOT || eMode==INCRINIT_TASK );
+    rc = vdbeIncrPopulate(pIncr);
+  }
+#endif
+
+  if( rc==SQLITE_OK && (SQLITE_MAX_WORKER_THREADS==0 || eMode!=INCRINIT_TASK) ){
+    rc = vdbePmaReaderNext(pReadr);
+  }
+
+  return rc;
+}
+
+#if SQLITE_MAX_WORKER_THREADS>0
+/*
+** The main routine for vdbePmaReaderIncrMergeInit() operations run in 
+** background threads.
+*/
+static void *vdbePmaReaderBgIncrInit(void *pCtx){
+  PmaReader *pReader = (PmaReader*)pCtx;
+  void *pRet = SQLITE_INT_TO_PTR(
+                  vdbePmaReaderIncrMergeInit(pReader,INCRINIT_TASK)
+               );
+  pReader->pIncr->pTask->bDone = 1;
+  return pRet;
+}
+#endif
+
+/*
+** If the PmaReader passed as the first argument is not an incremental-reader
+** (if pReadr->pIncr==0), then this function is a no-op. Otherwise, it invokes
+** the vdbePmaReaderIncrMergeInit() function with the parameters passed to
+** this routine to initialize the incremental merge.
+** 
+** If the IncrMerger object is multi-threaded (IncrMerger.bUseThread==1), 
+** then a background thread is launched to call vdbePmaReaderIncrMergeInit().
+** Or, if the IncrMerger is single threaded, the same function is called
+** using the current thread.
+*/
+static int vdbePmaReaderIncrInit(PmaReader *pReadr, int eMode){
+  IncrMerger *pIncr = pReadr->pIncr;   /* Incremental merger */
+  int rc = SQLITE_OK;                  /* Return code */
+  if( pIncr ){
+#if SQLITE_MAX_WORKER_THREADS>0
+    assert( pIncr->bUseThread==0 || eMode==INCRINIT_TASK );
+    if( pIncr->bUseThread ){
+      void *pCtx = (void*)pReadr;
+      rc = vdbeSorterCreateThread(pIncr->pTask, vdbePmaReaderBgIncrInit, pCtx);
+    }else
+#endif
+    {
+      rc = vdbePmaReaderIncrMergeInit(pReadr, eMode);
+    }
+  }
+  return rc;
+}
+
+/*
+** Allocate a new MergeEngine object to merge the contents of nPMA level-0
+** PMAs from pTask->file. If no error occurs, set *ppOut to point to
+** the new object and return SQLITE_OK. Or, if an error does occur, set *ppOut
+** to NULL and return an SQLite error code.
+**
+** When this function is called, *piOffset is set to the offset of the
+** first PMA to read from pTask->file. Assuming no error occurs, it is 
+** set to the offset immediately following the last byte of the last
+** PMA before returning. If an error does occur, then the final value of
+** *piOffset is undefined.
+*/
+static int vdbeMergeEngineLevel0(
+  SortSubtask *pTask,             /* Sorter task to read from */
+  int nPMA,                       /* Number of PMAs to read */
+  i64 *piOffset,                  /* IN/OUT: Readr offset in pTask->file */
+  MergeEngine **ppOut             /* OUT: New merge-engine */
+){
+  MergeEngine *pNew;              /* Merge engine to return */
+  i64 iOff = *piOffset;
+  int i;
+  int rc = SQLITE_OK;
+
+  *ppOut = pNew = vdbeMergeEngineNew(nPMA);
+  if( pNew==0 ) rc = SQLITE_NOMEM;
+
+  for(i=0; i<nPMA && rc==SQLITE_OK; i++){
+    i64 nDummy;
+    PmaReader *pReadr = &pNew->aReadr[i];
+    rc = vdbePmaReaderInit(pTask, &pTask->file, iOff, pReadr, &nDummy);
+    iOff = pReadr->iEof;
+  }
+
+  if( rc!=SQLITE_OK ){
+    vdbeMergeEngineFree(pNew);
+    *ppOut = 0;
+  }
+  *piOffset = iOff;
+  return rc;
+}
+
+/*
+** Return the depth of a tree comprising nPMA PMAs, assuming a fanout of
+** SORTER_MAX_MERGE_COUNT. The returned value does not include leaf nodes.
+**
+** i.e.
+**
+**   nPMA<=16    -> TreeDepth() == 0
+**   nPMA<=256   -> TreeDepth() == 1
+**   nPMA<=65536 -> TreeDepth() == 2
+*/
+static int vdbeSorterTreeDepth(int nPMA){
+  int nDepth = 0;
+  i64 nDiv = SORTER_MAX_MERGE_COUNT;
+  while( nDiv < (i64)nPMA ){
+    nDiv = nDiv * SORTER_MAX_MERGE_COUNT;
+    nDepth++;
+  }
+  return nDepth;
+}
+
+/*
+** pRoot is the root of an incremental merge-tree with depth nDepth (according
+** to vdbeSorterTreeDepth()). pLeaf is the iSeq'th leaf to be added to the
+** tree, counting from zero. This function adds pLeaf to the tree.
+**
+** If successful, SQLITE_OK is returned. If an error occurs, an SQLite error
+** code is returned and pLeaf is freed.
+*/
+static int vdbeSorterAddToTree(
+  SortSubtask *pTask,             /* Task context */
+  int nDepth,                     /* Depth of tree according to TreeDepth() */
+  int iSeq,                       /* Sequence number of leaf within tree */
+  MergeEngine *pRoot,             /* Root of tree */
+  MergeEngine *pLeaf              /* Leaf to add to tree */
+){
+  int rc = SQLITE_OK;
+  int nDiv = 1;
+  int i;
+  MergeEngine *p = pRoot;
+  IncrMerger *pIncr;
+
+  rc = vdbeIncrMergerNew(pTask, pLeaf, &pIncr);
+
+  for(i=1; i<nDepth; i++){
+    nDiv = nDiv * SORTER_MAX_MERGE_COUNT;
+  }
+
+  for(i=1; i<nDepth && rc==SQLITE_OK; i++){
+    int iIter = (iSeq / nDiv) % SORTER_MAX_MERGE_COUNT;
+    PmaReader *pReadr = &p->aReadr[iIter];
+
+    if( pReadr->pIncr==0 ){
+      MergeEngine *pNew = vdbeMergeEngineNew(SORTER_MAX_MERGE_COUNT);
+      if( pNew==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        rc = vdbeIncrMergerNew(pTask, pNew, &pReadr->pIncr);
+      }
+    }
+    if( rc==SQLITE_OK ){
+      p = pReadr->pIncr->pMerger;
+      nDiv = nDiv / SORTER_MAX_MERGE_COUNT;
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    p->aReadr[iSeq % SORTER_MAX_MERGE_COUNT].pIncr = pIncr;
+  }else{
+    vdbeIncrFree(pIncr);
+  }
+  return rc;
+}
+
+/*
+** This function is called as part of a SorterRewind() operation on a sorter
+** that has already written two or more level-0 PMAs to one or more temp
+** files. It builds a tree of MergeEngine/IncrMerger/PmaReader objects that 
+** can be used to incrementally merge all PMAs on disk.
+**
+** If successful, SQLITE_OK is returned and *ppOut set to point to the
+** MergeEngine object at the root of the tree before returning. Or, if an
+** error occurs, an SQLite error code is returned and the final value 
+** of *ppOut is undefined.
+*/
+static int vdbeSorterMergeTreeBuild(
+  VdbeSorter *pSorter,       /* The VDBE cursor that implements the sort */
+  MergeEngine **ppOut        /* Write the MergeEngine here */
+){
+  MergeEngine *pMain = 0;
+  int rc = SQLITE_OK;
+  int iTask;
+
+#if SQLITE_MAX_WORKER_THREADS>0
+  /* If the sorter uses more than one task, then create the top-level 
+  ** MergeEngine here. This MergeEngine will read data from exactly 
+  ** one PmaReader per sub-task.  */
+  assert( pSorter->bUseThreads || pSorter->nTask==1 );
+  if( pSorter->nTask>1 ){
+    pMain = vdbeMergeEngineNew(pSorter->nTask);
+    if( pMain==0 ) rc = SQLITE_NOMEM;
+  }
+#endif
+
+  for(iTask=0; rc==SQLITE_OK && iTask<pSorter->nTask; iTask++){
+    SortSubtask *pTask = &pSorter->aTask[iTask];
+    assert( pTask->nPMA>0 || SQLITE_MAX_WORKER_THREADS>0 );
+    if( SQLITE_MAX_WORKER_THREADS==0 || pTask->nPMA ){
+      MergeEngine *pRoot = 0;     /* Root node of tree for this task */
+      int nDepth = vdbeSorterTreeDepth(pTask->nPMA);
+      i64 iReadOff = 0;
+
+      if( pTask->nPMA<=SORTER_MAX_MERGE_COUNT ){
+        rc = vdbeMergeEngineLevel0(pTask, pTask->nPMA, &iReadOff, &pRoot);
+      }else{
+        int i;
+        int iSeq = 0;
+        pRoot = vdbeMergeEngineNew(SORTER_MAX_MERGE_COUNT);
+        if( pRoot==0 ) rc = SQLITE_NOMEM;
+        for(i=0; i<pTask->nPMA && rc==SQLITE_OK; i += SORTER_MAX_MERGE_COUNT){
+          MergeEngine *pMerger = 0; /* New level-0 PMA merger */
+          int nReader;              /* Number of level-0 PMAs to merge */
+
+          nReader = MIN(pTask->nPMA - i, SORTER_MAX_MERGE_COUNT);
+          rc = vdbeMergeEngineLevel0(pTask, nReader, &iReadOff, &pMerger);
+          if( rc==SQLITE_OK ){
+            rc = vdbeSorterAddToTree(pTask, nDepth, iSeq++, pRoot, pMerger);
+          }
+        }
+      }
+
+      if( rc==SQLITE_OK ){
+#if SQLITE_MAX_WORKER_THREADS>0
+        if( pMain!=0 ){
+          rc = vdbeIncrMergerNew(pTask, pRoot, &pMain->aReadr[iTask].pIncr);
+        }else
+#endif
+        {
+          assert( pMain==0 );
+          pMain = pRoot;
+        }
+      }else{
+        vdbeMergeEngineFree(pRoot);
+      }
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    vdbeMergeEngineFree(pMain);
+    pMain = 0;
+  }
+  *ppOut = pMain;
+  return rc;
+}
+
+/*
+** This function is called as part of an sqlite3VdbeSorterRewind() operation
+** on a sorter that has written two or more PMAs to temporary files. It sets
+** up either VdbeSorter.pMerger (for single threaded sorters) or pReader
+** (for multi-threaded sorters) so that it can be used to iterate through
+** all records stored in the sorter.
+**
+** SQLITE_OK is returned if successful, or an SQLite error code otherwise.
+*/
+static int vdbeSorterSetupMerge(VdbeSorter *pSorter){
+  int rc;                         /* Return code */
+  SortSubtask *pTask0 = &pSorter->aTask[0];
+  MergeEngine *pMain = 0;
+#if SQLITE_MAX_WORKER_THREADS
+  sqlite3 *db = pTask0->pSorter->db;
+  int i;
+  SorterCompare xCompare = vdbeSorterGetCompare(pSorter);
+  for(i=0; i<pSorter->nTask; i++){
+    pSorter->aTask[i].xCompare = xCompare;
+  }
+#endif
+
+  rc = vdbeSorterMergeTreeBuild(pSorter, &pMain);
+  if( rc==SQLITE_OK ){
+#if SQLITE_MAX_WORKER_THREADS
+    assert( pSorter->bUseThreads==0 || pSorter->nTask>1 );
+    if( pSorter->bUseThreads ){
+      int iTask;
+      PmaReader *pReadr = 0;
+      SortSubtask *pLast = &pSorter->aTask[pSorter->nTask-1];
+      rc = vdbeSortAllocUnpacked(pLast);
+      if( rc==SQLITE_OK ){
+        pReadr = (PmaReader*)sqlite3DbMallocZero(db, sizeof(PmaReader));
+        pSorter->pReader = pReadr;
+        if( pReadr==0 ) rc = SQLITE_NOMEM;
+      }
+      if( rc==SQLITE_OK ){
+        rc = vdbeIncrMergerNew(pLast, pMain, &pReadr->pIncr);
+        if( rc==SQLITE_OK ){
+          vdbeIncrMergerSetThreads(pReadr->pIncr);
+          for(iTask=0; iTask<(pSorter->nTask-1); iTask++){
+            IncrMerger *pIncr;
+            if( (pIncr = pMain->aReadr[iTask].pIncr) ){
+              vdbeIncrMergerSetThreads(pIncr);
+              assert( pIncr->pTask!=pLast );
+            }
+          }
+          for(iTask=0; rc==SQLITE_OK && iTask<pSorter->nTask; iTask++){
+            /* Check that:
+            **   
+            **   a) The incremental merge object is configured to use the
+            **      right task, and
+            **   b) If it is using task (nTask-1), it is configured to run
+            **      in single-threaded mode. This is important, as the
+            **      root merge (INCRINIT_ROOT) will be using the same task
+            **      object.
+            */
+            PmaReader *p = &pMain->aReadr[iTask];
+            assert( p->pIncr==0 || (
+                (p->pIncr->pTask==&pSorter->aTask[iTask])             /* a */
+             && (iTask!=pSorter->nTask-1 || p->pIncr->bUseThread==0)  /* b */
+            ));
+            rc = vdbePmaReaderIncrInit(p, INCRINIT_TASK);
+          }
+        }
+        pMain = 0;
+      }
+      if( rc==SQLITE_OK ){
+        rc = vdbePmaReaderIncrMergeInit(pReadr, INCRINIT_ROOT);
+      }
+    }else
+#endif
+    {
+      rc = vdbeMergeEngineInit(pTask0, pMain, INCRINIT_NORMAL);
+      pSorter->pMerger = pMain;
+      pMain = 0;
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    vdbeMergeEngineFree(pMain);
+  }
+  return rc;
+}
+
+
+/*
+** Once the sorter has been populated by calls to sqlite3VdbeSorterWrite,
+** this function is called to prepare for iterating through the records
+** in sorted order.
+*/
+SQLITE_PRIVATE int sqlite3VdbeSorterRewind(const VdbeCursor *pCsr, int *pbEof){
+  VdbeSorter *pSorter;
+  int rc = SQLITE_OK;             /* Return code */
+
+  assert( pCsr->eCurType==CURTYPE_SORTER );
+  pSorter = pCsr->uc.pSorter;
+  assert( pSorter );
+
+  /* If no data has been written to disk, then do not do so now. Instead,
+  ** sort the VdbeSorter.pRecord list. The vdbe layer will read data directly
+  ** from the in-memory list.  */
+  if( pSorter->bUsePMA==0 ){
+    if( pSorter->list.pList ){
+      *pbEof = 0;
+      rc = vdbeSorterSort(&pSorter->aTask[0], &pSorter->list);
+    }else{
+      *pbEof = 1;
+    }
+    return rc;
+  }
+
+  /* Write the current in-memory list to a PMA. When the VdbeSorterWrite() 
+  ** function flushes the contents of memory to disk, it immediately always
+  ** creates a new list consisting of a single key immediately afterwards.
+  ** So the list is never empty at this point.  */
+  assert( pSorter->list.pList );
+  rc = vdbeSorterFlushPMA(pSorter);
+
+  /* Join all threads */
+  rc = vdbeSorterJoinAll(pSorter, rc);
+
+  vdbeSorterRewindDebug("rewind");
+
+  /* Assuming no errors have occurred, set up a merger structure to 
+  ** incrementally read and merge all remaining PMAs.  */
+  assert( pSorter->pReader==0 );
+  if( rc==SQLITE_OK ){
+    rc = vdbeSorterSetupMerge(pSorter);
+    *pbEof = 0;
+  }
+
+  vdbeSorterRewindDebug("rewinddone");
+  return rc;
+}
+
+/*
+** Advance to the next element in the sorter.
+*/
+SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 *db, const VdbeCursor *pCsr, int *pbEof){
+  VdbeSorter *pSorter;
+  int rc;                         /* Return code */
+
+  assert( pCsr->eCurType==CURTYPE_SORTER );
+  pSorter = pCsr->uc.pSorter;
+  assert( pSorter->bUsePMA || (pSorter->pReader==0 && pSorter->pMerger==0) );
+  if( pSorter->bUsePMA ){
+    assert( pSorter->pReader==0 || pSorter->pMerger==0 );
+    assert( pSorter->bUseThreads==0 || pSorter->pReader );
+    assert( pSorter->bUseThreads==1 || pSorter->pMerger );
+#if SQLITE_MAX_WORKER_THREADS>0
+    if( pSorter->bUseThreads ){
+      rc = vdbePmaReaderNext(pSorter->pReader);
+      *pbEof = (pSorter->pReader->pFd==0);
+    }else
+#endif
+    /*if( !pSorter->bUseThreads )*/ {
+      assert( pSorter->pMerger!=0 );
+      assert( pSorter->pMerger->pTask==(&pSorter->aTask[0]) );
+      rc = vdbeMergeEngineStep(pSorter->pMerger, pbEof);
+    }
+  }else{
+    SorterRecord *pFree = pSorter->list.pList;
+    pSorter->list.pList = pFree->u.pNext;
+    pFree->u.pNext = 0;
+    if( pSorter->list.aMemory==0 ) vdbeSorterRecordFree(db, pFree);
+    *pbEof = !pSorter->list.pList;
+    rc = SQLITE_OK;
+  }
+  return rc;
+}
+
+/*
+** Return a pointer to a buffer owned by the sorter that contains the 
+** current key.
+*/
+static void *vdbeSorterRowkey(
+  const VdbeSorter *pSorter,      /* Sorter object */
+  int *pnKey                      /* OUT: Size of current key in bytes */
+){
+  void *pKey;
+  if( pSorter->bUsePMA ){
+    PmaReader *pReader;
+#if SQLITE_MAX_WORKER_THREADS>0
+    if( pSorter->bUseThreads ){
+      pReader = pSorter->pReader;
+    }else
+#endif
+    /*if( !pSorter->bUseThreads )*/{
+      pReader = &pSorter->pMerger->aReadr[pSorter->pMerger->aTree[1]];
+    }
+    *pnKey = pReader->nKey;
+    pKey = pReader->aKey;
+  }else{
+    *pnKey = pSorter->list.pList->nVal;
+    pKey = SRVAL(pSorter->list.pList);
+  }
+  return pKey;
+}
+
+/*
+** Copy the current sorter key into the memory cell pOut.
+*/
+SQLITE_PRIVATE int sqlite3VdbeSorterRowkey(const VdbeCursor *pCsr, Mem *pOut){
+  VdbeSorter *pSorter;
+  void *pKey; int nKey;           /* Sorter key to copy into pOut */
+
+  assert( pCsr->eCurType==CURTYPE_SORTER );
+  pSorter = pCsr->uc.pSorter;
+  pKey = vdbeSorterRowkey(pSorter, &nKey);
+  if( sqlite3VdbeMemClearAndResize(pOut, nKey) ){
+    return SQLITE_NOMEM;
+  }
+  pOut->n = nKey;
+  MemSetTypeFlag(pOut, MEM_Blob);
+  memcpy(pOut->z, pKey, nKey);
+
+  return SQLITE_OK;
+}
+
+/*
+** Compare the key in memory cell pVal with the key that the sorter cursor
+** passed as the first argument currently points to. For the purposes of
+** the comparison, ignore the rowid field at the end of each record.
+**
+** If the sorter cursor key contains any NULL values, consider it to be
+** less than pVal. Even if pVal also contains NULL values.
+**
+** If an error occurs, return an SQLite error code (i.e. SQLITE_NOMEM).
+** Otherwise, set *pRes to a negative, zero or positive value if the
+** key in pVal is smaller than, equal to or larger than the current sorter
+** key.
+**
+** This routine forms the core of the OP_SorterCompare opcode, which in
+** turn is used to verify uniqueness when constructing a UNIQUE INDEX.
+*/
+SQLITE_PRIVATE int sqlite3VdbeSorterCompare(
+  const VdbeCursor *pCsr,         /* Sorter cursor */
+  Mem *pVal,                      /* Value to compare to current sorter key */
+  int nKeyCol,                    /* Compare this many columns */
+  int *pRes                       /* OUT: Result of comparison */
+){
+  VdbeSorter *pSorter;
+  UnpackedRecord *r2;
+  KeyInfo *pKeyInfo;
+  int i;
+  void *pKey; int nKey;           /* Sorter key to compare pVal with */
+
+  assert( pCsr->eCurType==CURTYPE_SORTER );
+  pSorter = pCsr->uc.pSorter;
+  r2 = pSorter->pUnpacked;
+  pKeyInfo = pCsr->pKeyInfo;
+  if( r2==0 ){
+    char *p;
+    r2 = pSorter->pUnpacked = sqlite3VdbeAllocUnpackedRecord(pKeyInfo,0,0,&p);
+    assert( pSorter->pUnpacked==(UnpackedRecord*)p );
+    if( r2==0 ) return SQLITE_NOMEM;
+    r2->nField = nKeyCol;
+  }
+  assert( r2->nField==nKeyCol );
+
+  pKey = vdbeSorterRowkey(pSorter, &nKey);
+  sqlite3VdbeRecordUnpack(pKeyInfo, nKey, pKey, r2);
+  for(i=0; i<nKeyCol; i++){
+    if( r2->aMem[i].flags & MEM_Null ){
+      *pRes = -1;
+      return SQLITE_OK;
+    }
+  }
+
+  *pRes = sqlite3VdbeRecordCompare(pVal->n, pVal->z, r2);
+  return SQLITE_OK;
+}
+
+/************** End of vdbesort.c ********************************************/
+/************** Begin file journal.c *****************************************/
+/*
+** 2007 August 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file implements a special kind of sqlite3_file object used
+** by SQLite to create journal files if the atomic-write optimization
+** is enabled.
+**
+** The distinctive characteristic of this sqlite3_file is that the
+** actual on disk file is created lazily. When the file is created,
+** the caller specifies a buffer size for an in-memory buffer to
+** be used to service read() and write() requests. The actual file
+** on disk is not created or populated until either:
+**
+**   1) The in-memory representation grows too large for the allocated 
+**      buffer, or
+**   2) The sqlite3JournalCreate() function is called.
+*/
+#ifdef SQLITE_ENABLE_ATOMIC_WRITE
+/* #include "sqliteInt.h" */
+
+
+/*
+** A JournalFile object is a subclass of sqlite3_file used by
+** as an open file handle for journal files.
+*/
+struct JournalFile {
+  sqlite3_io_methods *pMethod;    /* I/O methods on journal files */
+  int nBuf;                       /* Size of zBuf[] in bytes */
+  char *zBuf;                     /* Space to buffer journal writes */
+  int iSize;                      /* Amount of zBuf[] currently used */
+  int flags;                      /* xOpen flags */
+  sqlite3_vfs *pVfs;              /* The "real" underlying VFS */
+  sqlite3_file *pReal;            /* The "real" underlying file descriptor */
+  const char *zJournal;           /* Name of the journal file */
+};
+typedef struct JournalFile JournalFile;
+
+/*
+** If it does not already exists, create and populate the on-disk file 
+** for JournalFile p.
+*/
+static int createFile(JournalFile *p){
+  int rc = SQLITE_OK;
+  if( !p->pReal ){
+    sqlite3_file *pReal = (sqlite3_file *)&p[1];
+    rc = sqlite3OsOpen(p->pVfs, p->zJournal, pReal, p->flags, 0);
+    if( rc==SQLITE_OK ){
+      p->pReal = pReal;
+      if( p->iSize>0 ){
+        assert(p->iSize<=p->nBuf);
+        rc = sqlite3OsWrite(p->pReal, p->zBuf, p->iSize, 0);
+      }
+      if( rc!=SQLITE_OK ){
+        /* If an error occurred while writing to the file, close it before
+        ** returning. This way, SQLite uses the in-memory journal data to 
+        ** roll back changes made to the internal page-cache before this
+        ** function was called.  */
+        sqlite3OsClose(pReal);
+        p->pReal = 0;
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Close the file.
+*/
+static int jrnlClose(sqlite3_file *pJfd){
+  JournalFile *p = (JournalFile *)pJfd;
+  if( p->pReal ){
+    sqlite3OsClose(p->pReal);
+  }
+  sqlite3_free(p->zBuf);
+  return SQLITE_OK;
+}
+
+/*
+** Read data from the file.
+*/
+static int jrnlRead(
+  sqlite3_file *pJfd,    /* The journal file from which to read */
+  void *zBuf,            /* Put the results here */
+  int iAmt,              /* Number of bytes to read */
+  sqlite_int64 iOfst     /* Begin reading at this offset */
+){
+  int rc = SQLITE_OK;
+  JournalFile *p = (JournalFile *)pJfd;
+  if( p->pReal ){
+    rc = sqlite3OsRead(p->pReal, zBuf, iAmt, iOfst);
+  }else if( (iAmt+iOfst)>p->iSize ){
+    rc = SQLITE_IOERR_SHORT_READ;
+  }else{
+    memcpy(zBuf, &p->zBuf[iOfst], iAmt);
+  }
+  return rc;
+}
+
+/*
+** Write data to the file.
+*/
+static int jrnlWrite(
+  sqlite3_file *pJfd,    /* The journal file into which to write */
+  const void *zBuf,      /* Take data to be written from here */
+  int iAmt,              /* Number of bytes to write */
+  sqlite_int64 iOfst     /* Begin writing at this offset into the file */
+){
+  int rc = SQLITE_OK;
+  JournalFile *p = (JournalFile *)pJfd;
+  if( !p->pReal && (iOfst+iAmt)>p->nBuf ){
+    rc = createFile(p);
+  }
+  if( rc==SQLITE_OK ){
+    if( p->pReal ){
+      rc = sqlite3OsWrite(p->pReal, zBuf, iAmt, iOfst);
+    }else{
+      memcpy(&p->zBuf[iOfst], zBuf, iAmt);
+      if( p->iSize<(iOfst+iAmt) ){
+        p->iSize = (iOfst+iAmt);
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Truncate the file.
+*/
+static int jrnlTruncate(sqlite3_file *pJfd, sqlite_int64 size){
+  int rc = SQLITE_OK;
+  JournalFile *p = (JournalFile *)pJfd;
+  if( p->pReal ){
+    rc = sqlite3OsTruncate(p->pReal, size);
+  }else if( size<p->iSize ){
+    p->iSize = size;
+  }
+  return rc;
+}
+
+/*
+** Sync the file.
+*/
+static int jrnlSync(sqlite3_file *pJfd, int flags){
+  int rc;
+  JournalFile *p = (JournalFile *)pJfd;
+  if( p->pReal ){
+    rc = sqlite3OsSync(p->pReal, flags);
+  }else{
+    rc = SQLITE_OK;
+  }
+  return rc;
+}
+
+/*
+** Query the size of the file in bytes.
+*/
+static int jrnlFileSize(sqlite3_file *pJfd, sqlite_int64 *pSize){
+  int rc = SQLITE_OK;
+  JournalFile *p = (JournalFile *)pJfd;
+  if( p->pReal ){
+    rc = sqlite3OsFileSize(p->pReal, pSize);
+  }else{
+    *pSize = (sqlite_int64) p->iSize;
+  }
+  return rc;
+}
+
+/*
+** Table of methods for JournalFile sqlite3_file object.
+*/
+static struct sqlite3_io_methods JournalFileMethods = {
+  1,             /* iVersion */
+  jrnlClose,     /* xClose */
+  jrnlRead,      /* xRead */
+  jrnlWrite,     /* xWrite */
+  jrnlTruncate,  /* xTruncate */
+  jrnlSync,      /* xSync */
+  jrnlFileSize,  /* xFileSize */
+  0,             /* xLock */
+  0,             /* xUnlock */
+  0,             /* xCheckReservedLock */
+  0,             /* xFileControl */
+  0,             /* xSectorSize */
+  0,             /* xDeviceCharacteristics */
+  0,             /* xShmMap */
+  0,             /* xShmLock */
+  0,             /* xShmBarrier */
+  0              /* xShmUnmap */
+};
+
+/* 
+** Open a journal file.
+*/
+SQLITE_PRIVATE int sqlite3JournalOpen(
+  sqlite3_vfs *pVfs,         /* The VFS to use for actual file I/O */
+  const char *zName,         /* Name of the journal file */
+  sqlite3_file *pJfd,        /* Preallocated, blank file handle */
+  int flags,                 /* Opening flags */
+  int nBuf                   /* Bytes buffered before opening the file */
+){
+  JournalFile *p = (JournalFile *)pJfd;
+  memset(p, 0, sqlite3JournalSize(pVfs));
+  if( nBuf>0 ){
+    p->zBuf = sqlite3MallocZero(nBuf);
+    if( !p->zBuf ){
+      return SQLITE_NOMEM;
+    }
+  }else{
+    return sqlite3OsOpen(pVfs, zName, pJfd, flags, 0);
+  }
+  p->pMethod = &JournalFileMethods;
+  p->nBuf = nBuf;
+  p->flags = flags;
+  p->zJournal = zName;
+  p->pVfs = pVfs;
+  return SQLITE_OK;
+}
+
+/*
+** If the argument p points to a JournalFile structure, and the underlying
+** file has not yet been created, create it now.
+*/
+SQLITE_PRIVATE int sqlite3JournalCreate(sqlite3_file *p){
+  if( p->pMethods!=&JournalFileMethods ){
+    return SQLITE_OK;
+  }
+  return createFile((JournalFile *)p);
+}
+
+/*
+** The file-handle passed as the only argument is guaranteed to be an open
+** file. It may or may not be of class JournalFile. If the file is a
+** JournalFile, and the underlying file on disk has not yet been opened,
+** return 0. Otherwise, return 1.
+*/
+SQLITE_PRIVATE int sqlite3JournalExists(sqlite3_file *p){
+  return (p->pMethods!=&JournalFileMethods || ((JournalFile *)p)->pReal!=0);
+}
+
+/* 
+** Return the number of bytes required to store a JournalFile that uses vfs
+** pVfs to create the underlying on-disk files.
+*/
+SQLITE_PRIVATE int sqlite3JournalSize(sqlite3_vfs *pVfs){
+  return (pVfs->szOsFile+sizeof(JournalFile));
+}
+#endif
+
+/************** End of journal.c *********************************************/
+/************** Begin file memjournal.c **************************************/
+/*
+** 2008 October 7
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains code use to implement an in-memory rollback journal.
+** The in-memory rollback journal is used to journal transactions for
+** ":memory:" databases and when the journal_mode=MEMORY pragma is used.
+*/
+/* #include "sqliteInt.h" */
+
+/* Forward references to internal structures */
+typedef struct MemJournal MemJournal;
+typedef struct FilePoint FilePoint;
+typedef struct FileChunk FileChunk;
+
+/* Space to hold the rollback journal is allocated in increments of
+** this many bytes.
+**
+** The size chosen is a little less than a power of two.  That way,
+** the FileChunk object will have a size that almost exactly fills
+** a power-of-two allocation.  This minimizes wasted space in power-of-two
+** memory allocators.
+*/
+#define JOURNAL_CHUNKSIZE ((int)(1024-sizeof(FileChunk*)))
+
+/*
+** The rollback journal is composed of a linked list of these structures.
+*/
+struct FileChunk {
+  FileChunk *pNext;               /* Next chunk in the journal */
+  u8 zChunk[JOURNAL_CHUNKSIZE];   /* Content of this chunk */
+};
+
+/*
+** An instance of this object serves as a cursor into the rollback journal.
+** The cursor can be either for reading or writing.
+*/
+struct FilePoint {
+  sqlite3_int64 iOffset;          /* Offset from the beginning of the file */
+  FileChunk *pChunk;              /* Specific chunk into which cursor points */
+};
+
+/*
+** This subclass is a subclass of sqlite3_file.  Each open memory-journal
+** is an instance of this class.
+*/
+struct MemJournal {
+  sqlite3_io_methods *pMethod;    /* Parent class. MUST BE FIRST */
+  FileChunk *pFirst;              /* Head of in-memory chunk-list */
+  FilePoint endpoint;             /* Pointer to the end of the file */
+  FilePoint readpoint;            /* Pointer to the end of the last xRead() */
+};
+
+/*
+** Read data from the in-memory journal file.  This is the implementation
+** of the sqlite3_vfs.xRead method.
+*/
+static int memjrnlRead(
+  sqlite3_file *pJfd,    /* The journal file from which to read */
+  void *zBuf,            /* Put the results here */
+  int iAmt,              /* Number of bytes to read */
+  sqlite_int64 iOfst     /* Begin reading at this offset */
+){
+  MemJournal *p = (MemJournal *)pJfd;
+  u8 *zOut = zBuf;
+  int nRead = iAmt;
+  int iChunkOffset;
+  FileChunk *pChunk;
+
+  /* SQLite never tries to read past the end of a rollback journal file */
+  assert( iOfst+iAmt<=p->endpoint.iOffset );
+
+  if( p->readpoint.iOffset!=iOfst || iOfst==0 ){
+    sqlite3_int64 iOff = 0;
+    for(pChunk=p->pFirst; 
+        ALWAYS(pChunk) && (iOff+JOURNAL_CHUNKSIZE)<=iOfst;
+        pChunk=pChunk->pNext
+    ){
+      iOff += JOURNAL_CHUNKSIZE;
+    }
+  }else{
+    pChunk = p->readpoint.pChunk;
+  }
+
+  iChunkOffset = (int)(iOfst%JOURNAL_CHUNKSIZE);
+  do {
+    int iSpace = JOURNAL_CHUNKSIZE - iChunkOffset;
+    int nCopy = MIN(nRead, (JOURNAL_CHUNKSIZE - iChunkOffset));
+    memcpy(zOut, &pChunk->zChunk[iChunkOffset], nCopy);
+    zOut += nCopy;
+    nRead -= iSpace;
+    iChunkOffset = 0;
+  } while( nRead>=0 && (pChunk=pChunk->pNext)!=0 && nRead>0 );
+  p->readpoint.iOffset = iOfst+iAmt;
+  p->readpoint.pChunk = pChunk;
+
+  return SQLITE_OK;
+}
+
+/*
+** Write data to the file.
+*/
+static int memjrnlWrite(
+  sqlite3_file *pJfd,    /* The journal file into which to write */
+  const void *zBuf,      /* Take data to be written from here */
+  int iAmt,              /* Number of bytes to write */
+  sqlite_int64 iOfst     /* Begin writing at this offset into the file */
+){
+  MemJournal *p = (MemJournal *)pJfd;
+  int nWrite = iAmt;
+  u8 *zWrite = (u8 *)zBuf;
+
+  /* An in-memory journal file should only ever be appended to. Random
+  ** access writes are not required by sqlite.
+  */
+  assert( iOfst==p->endpoint.iOffset );
+  UNUSED_PARAMETER(iOfst);
+
+  while( nWrite>0 ){
+    FileChunk *pChunk = p->endpoint.pChunk;
+    int iChunkOffset = (int)(p->endpoint.iOffset%JOURNAL_CHUNKSIZE);
+    int iSpace = MIN(nWrite, JOURNAL_CHUNKSIZE - iChunkOffset);
+
+    if( iChunkOffset==0 ){
+      /* New chunk is required to extend the file. */
+      FileChunk *pNew = sqlite3_malloc(sizeof(FileChunk));
+      if( !pNew ){
+        return SQLITE_IOERR_NOMEM;
+      }
+      pNew->pNext = 0;
+      if( pChunk ){
+        assert( p->pFirst );
+        pChunk->pNext = pNew;
+      }else{
+        assert( !p->pFirst );
+        p->pFirst = pNew;
+      }
+      p->endpoint.pChunk = pNew;
+    }
+
+    memcpy(&p->endpoint.pChunk->zChunk[iChunkOffset], zWrite, iSpace);
+    zWrite += iSpace;
+    nWrite -= iSpace;
+    p->endpoint.iOffset += iSpace;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Truncate the file.
+*/
+static int memjrnlTruncate(sqlite3_file *pJfd, sqlite_int64 size){
+  MemJournal *p = (MemJournal *)pJfd;
+  FileChunk *pChunk;
+  assert(size==0);
+  UNUSED_PARAMETER(size);
+  pChunk = p->pFirst;
+  while( pChunk ){
+    FileChunk *pTmp = pChunk;
+    pChunk = pChunk->pNext;
+    sqlite3_free(pTmp);
+  }
+  sqlite3MemJournalOpen(pJfd);
+  return SQLITE_OK;
+}
+
+/*
+** Close the file.
+*/
+static int memjrnlClose(sqlite3_file *pJfd){
+  memjrnlTruncate(pJfd, 0);
+  return SQLITE_OK;
+}
+
+
+/*
+** Sync the file.
+**
+** Syncing an in-memory journal is a no-op.  And, in fact, this routine
+** is never called in a working implementation.  This implementation
+** exists purely as a contingency, in case some malfunction in some other
+** part of SQLite causes Sync to be called by mistake.
+*/
+static int memjrnlSync(sqlite3_file *NotUsed, int NotUsed2){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  return SQLITE_OK;
+}
+
+/*
+** Query the size of the file in bytes.
+*/
+static int memjrnlFileSize(sqlite3_file *pJfd, sqlite_int64 *pSize){
+  MemJournal *p = (MemJournal *)pJfd;
+  *pSize = (sqlite_int64) p->endpoint.iOffset;
+  return SQLITE_OK;
+}
+
+/*
+** Table of methods for MemJournal sqlite3_file object.
+*/
+static const struct sqlite3_io_methods MemJournalMethods = {
+  1,                /* iVersion */
+  memjrnlClose,     /* xClose */
+  memjrnlRead,      /* xRead */
+  memjrnlWrite,     /* xWrite */
+  memjrnlTruncate,  /* xTruncate */
+  memjrnlSync,      /* xSync */
+  memjrnlFileSize,  /* xFileSize */
+  0,                /* xLock */
+  0,                /* xUnlock */
+  0,                /* xCheckReservedLock */
+  0,                /* xFileControl */
+  0,                /* xSectorSize */
+  0,                /* xDeviceCharacteristics */
+  0,                /* xShmMap */
+  0,                /* xShmLock */
+  0,                /* xShmBarrier */
+  0,                /* xShmUnmap */
+  0,                /* xFetch */
+  0                 /* xUnfetch */
+};
+
+/* 
+** Open a journal file.
+*/
+SQLITE_PRIVATE void sqlite3MemJournalOpen(sqlite3_file *pJfd){
+  MemJournal *p = (MemJournal *)pJfd;
+  assert( EIGHT_BYTE_ALIGNMENT(p) );
+  memset(p, 0, sqlite3MemJournalSize());
+  p->pMethod = (sqlite3_io_methods*)&MemJournalMethods;
+}
+
+/*
+** Return true if the file-handle passed as an argument is 
+** an in-memory journal 
+*/
+SQLITE_PRIVATE int sqlite3IsMemJournal(sqlite3_file *pJfd){
+  return pJfd->pMethods==&MemJournalMethods;
+}
+
+/* 
+** Return the number of bytes required to store a MemJournal file descriptor.
+*/
+SQLITE_PRIVATE int sqlite3MemJournalSize(void){
+  return sizeof(MemJournal);
+}
+
+/************** End of memjournal.c ******************************************/
+/************** Begin file walker.c ******************************************/
+/*
+** 2008 August 16
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains routines used for walking the parser tree for
+** an SQL statement.
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdlib.h> */
+/* #include <string.h> */
+
+
+/*
+** Walk an expression tree.  Invoke the callback once for each node
+** of the expression, while descending.  (In other words, the callback
+** is invoked before visiting children.)
+**
+** The return value from the callback should be one of the WRC_*
+** constants to specify how to proceed with the walk.
+**
+**    WRC_Continue      Continue descending down the tree.
+**
+**    WRC_Prune         Do not descend into child nodes.  But allow
+**                      the walk to continue with sibling nodes.
+**
+**    WRC_Abort         Do no more callbacks.  Unwind the stack and
+**                      return the top-level walk call.
+**
+** The return value from this routine is WRC_Abort to abandon the tree walk
+** and WRC_Continue to continue.
+*/
+SQLITE_PRIVATE int sqlite3WalkExpr(Walker *pWalker, Expr *pExpr){
+  int rc;
+  if( pExpr==0 ) return WRC_Continue;
+  testcase( ExprHasProperty(pExpr, EP_TokenOnly) );
+  testcase( ExprHasProperty(pExpr, EP_Reduced) );
+  rc = pWalker->xExprCallback(pWalker, pExpr);
+  if( rc==WRC_Continue
+              && !ExprHasProperty(pExpr,EP_TokenOnly) ){
+    if( sqlite3WalkExpr(pWalker, pExpr->pLeft) ) return WRC_Abort;
+    if( sqlite3WalkExpr(pWalker, pExpr->pRight) ) return WRC_Abort;
+    if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+      if( sqlite3WalkSelect(pWalker, pExpr->x.pSelect) ) return WRC_Abort;
+    }else{
+      if( sqlite3WalkExprList(pWalker, pExpr->x.pList) ) return WRC_Abort;
+    }
+  }
+  return rc & WRC_Abort;
+}
+
+/*
+** Call sqlite3WalkExpr() for every expression in list p or until
+** an abort request is seen.
+*/
+SQLITE_PRIVATE int sqlite3WalkExprList(Walker *pWalker, ExprList *p){
+  int i;
+  struct ExprList_item *pItem;
+  if( p ){
+    for(i=p->nExpr, pItem=p->a; i>0; i--, pItem++){
+      if( sqlite3WalkExpr(pWalker, pItem->pExpr) ) return WRC_Abort;
+    }
+  }
+  return WRC_Continue;
+}
+
+/*
+** Walk all expressions associated with SELECT statement p.  Do
+** not invoke the SELECT callback on p, but do (of course) invoke
+** any expr callbacks and SELECT callbacks that come from subqueries.
+** Return WRC_Abort or WRC_Continue.
+*/
+SQLITE_PRIVATE int sqlite3WalkSelectExpr(Walker *pWalker, Select *p){
+  if( sqlite3WalkExprList(pWalker, p->pEList) ) return WRC_Abort;
+  if( sqlite3WalkExpr(pWalker, p->pWhere) ) return WRC_Abort;
+  if( sqlite3WalkExprList(pWalker, p->pGroupBy) ) return WRC_Abort;
+  if( sqlite3WalkExpr(pWalker, p->pHaving) ) return WRC_Abort;
+  if( sqlite3WalkExprList(pWalker, p->pOrderBy) ) return WRC_Abort;
+  if( sqlite3WalkExpr(pWalker, p->pLimit) ) return WRC_Abort;
+  if( sqlite3WalkExpr(pWalker, p->pOffset) ) return WRC_Abort;
+  return WRC_Continue;
+}
+
+/*
+** Walk the parse trees associated with all subqueries in the
+** FROM clause of SELECT statement p.  Do not invoke the select
+** callback on p, but do invoke it on each FROM clause subquery
+** and on any subqueries further down in the tree.  Return 
+** WRC_Abort or WRC_Continue;
+*/
+SQLITE_PRIVATE int sqlite3WalkSelectFrom(Walker *pWalker, Select *p){
+  SrcList *pSrc;
+  int i;
+  struct SrcList_item *pItem;
+
+  pSrc = p->pSrc;
+  if( ALWAYS(pSrc) ){
+    for(i=pSrc->nSrc, pItem=pSrc->a; i>0; i--, pItem++){
+      if( sqlite3WalkSelect(pWalker, pItem->pSelect) ){
+        return WRC_Abort;
+      }
+      if( pItem->fg.isTabFunc
+       && sqlite3WalkExprList(pWalker, pItem->u1.pFuncArg)
+      ){
+        return WRC_Abort;
+      }
+    }
+  }
+  return WRC_Continue;
+} 
+
+/*
+** Call sqlite3WalkExpr() for every expression in Select statement p.
+** Invoke sqlite3WalkSelect() for subqueries in the FROM clause and
+** on the compound select chain, p->pPrior. 
+**
+** If it is not NULL, the xSelectCallback() callback is invoked before
+** the walk of the expressions and FROM clause. The xSelectCallback2()
+** method, if it is not NULL, is invoked following the walk of the 
+** expressions and FROM clause.
+**
+** Return WRC_Continue under normal conditions.  Return WRC_Abort if
+** there is an abort request.
+**
+** If the Walker does not have an xSelectCallback() then this routine
+** is a no-op returning WRC_Continue.
+*/
+SQLITE_PRIVATE int sqlite3WalkSelect(Walker *pWalker, Select *p){
+  int rc;
+  if( p==0 || (pWalker->xSelectCallback==0 && pWalker->xSelectCallback2==0) ){
+    return WRC_Continue;
+  }
+  rc = WRC_Continue;
+  pWalker->walkerDepth++;
+  while( p ){
+    if( pWalker->xSelectCallback ){
+       rc = pWalker->xSelectCallback(pWalker, p);
+       if( rc ) break;
+    }
+    if( sqlite3WalkSelectExpr(pWalker, p)
+     || sqlite3WalkSelectFrom(pWalker, p)
+    ){
+      pWalker->walkerDepth--;
+      return WRC_Abort;
+    }
+    if( pWalker->xSelectCallback2 ){
+      pWalker->xSelectCallback2(pWalker, p);
+    }
+    p = p->pPrior;
+  }
+  pWalker->walkerDepth--;
+  return rc & WRC_Abort;
+}
+
+/************** End of walker.c **********************************************/
+/************** Begin file resolve.c *****************************************/
+/*
+** 2008 August 18
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains routines used for walking the parser tree and
+** resolve all identifiers by associating them with a particular
+** table and column.
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdlib.h> */
+/* #include <string.h> */
+
+/*
+** Walk the expression tree pExpr and increase the aggregate function
+** depth (the Expr.op2 field) by N on every TK_AGG_FUNCTION node.
+** This needs to occur when copying a TK_AGG_FUNCTION node from an
+** outer query into an inner subquery.
+**
+** incrAggFunctionDepth(pExpr,n) is the main routine.  incrAggDepth(..)
+** is a helper function - a callback for the tree walker.
+*/
+static int incrAggDepth(Walker *pWalker, Expr *pExpr){
+  if( pExpr->op==TK_AGG_FUNCTION ) pExpr->op2 += pWalker->u.n;
+  return WRC_Continue;
+}
+static void incrAggFunctionDepth(Expr *pExpr, int N){
+  if( N>0 ){
+    Walker w;
+    memset(&w, 0, sizeof(w));
+    w.xExprCallback = incrAggDepth;
+    w.u.n = N;
+    sqlite3WalkExpr(&w, pExpr);
+  }
+}
+
+/*
+** Turn the pExpr expression into an alias for the iCol-th column of the
+** result set in pEList.
+**
+** If the reference is followed by a COLLATE operator, then make sure
+** the COLLATE operator is preserved.  For example:
+**
+**     SELECT a+b, c+d FROM t1 ORDER BY 1 COLLATE nocase;
+**
+** Should be transformed into:
+**
+**     SELECT a+b, c+d FROM t1 ORDER BY (a+b) COLLATE nocase;
+**
+** The nSubquery parameter specifies how many levels of subquery the
+** alias is removed from the original expression.  The usual value is
+** zero but it might be more if the alias is contained within a subquery
+** of the original expression.  The Expr.op2 field of TK_AGG_FUNCTION
+** structures must be increased by the nSubquery amount.
+*/
+static void resolveAlias(
+  Parse *pParse,         /* Parsing context */
+  ExprList *pEList,      /* A result set */
+  int iCol,              /* A column in the result set.  0..pEList->nExpr-1 */
+  Expr *pExpr,           /* Transform this into an alias to the result set */
+  const char *zType,     /* "GROUP" or "ORDER" or "" */
+  int nSubquery          /* Number of subqueries that the label is moving */
+){
+  Expr *pOrig;           /* The iCol-th column of the result set */
+  Expr *pDup;            /* Copy of pOrig */
+  sqlite3 *db;           /* The database connection */
+
+  assert( iCol>=0 && iCol<pEList->nExpr );
+  pOrig = pEList->a[iCol].pExpr;
+  assert( pOrig!=0 );
+  db = pParse->db;
+  pDup = sqlite3ExprDup(db, pOrig, 0);
+  if( pDup==0 ) return;
+  if( zType[0]!='G' ) incrAggFunctionDepth(pDup, nSubquery);
+  if( pExpr->op==TK_COLLATE ){
+    pDup = sqlite3ExprAddCollateString(pParse, pDup, pExpr->u.zToken);
+  }
+  ExprSetProperty(pDup, EP_Alias);
+
+  /* Before calling sqlite3ExprDelete(), set the EP_Static flag. This 
+  ** prevents ExprDelete() from deleting the Expr structure itself,
+  ** allowing it to be repopulated by the memcpy() on the following line.
+  ** The pExpr->u.zToken might point into memory that will be freed by the
+  ** sqlite3DbFree(db, pDup) on the last line of this block, so be sure to
+  ** make a copy of the token before doing the sqlite3DbFree().
+  */
+  ExprSetProperty(pExpr, EP_Static);
+  sqlite3ExprDelete(db, pExpr);
+  memcpy(pExpr, pDup, sizeof(*pExpr));
+  if( !ExprHasProperty(pExpr, EP_IntValue) && pExpr->u.zToken!=0 ){
+    assert( (pExpr->flags & (EP_Reduced|EP_TokenOnly))==0 );
+    pExpr->u.zToken = sqlite3DbStrDup(db, pExpr->u.zToken);
+    pExpr->flags |= EP_MemToken;
+  }
+  sqlite3DbFree(db, pDup);
+}
+
+
+/*
+** Return TRUE if the name zCol occurs anywhere in the USING clause.
+**
+** Return FALSE if the USING clause is NULL or if it does not contain
+** zCol.
+*/
+static int nameInUsingClause(IdList *pUsing, const char *zCol){
+  if( pUsing ){
+    int k;
+    for(k=0; k<pUsing->nId; k++){
+      if( sqlite3StrICmp(pUsing->a[k].zName, zCol)==0 ) return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** Subqueries stores the original database, table and column names for their
+** result sets in ExprList.a[].zSpan, in the form "DATABASE.TABLE.COLUMN".
+** Check to see if the zSpan given to this routine matches the zDb, zTab,
+** and zCol.  If any of zDb, zTab, and zCol are NULL then those fields will
+** match anything.
+*/
+SQLITE_PRIVATE int sqlite3MatchSpanName(
+  const char *zSpan,
+  const char *zCol,
+  const char *zTab,
+  const char *zDb
+){
+  int n;
+  for(n=0; ALWAYS(zSpan[n]) && zSpan[n]!='.'; n++){}
+  if( zDb && (sqlite3StrNICmp(zSpan, zDb, n)!=0 || zDb[n]!=0) ){
+    return 0;
+  }
+  zSpan += n+1;
+  for(n=0; ALWAYS(zSpan[n]) && zSpan[n]!='.'; n++){}
+  if( zTab && (sqlite3StrNICmp(zSpan, zTab, n)!=0 || zTab[n]!=0) ){
+    return 0;
+  }
+  zSpan += n+1;
+  if( zCol && sqlite3StrICmp(zSpan, zCol)!=0 ){
+    return 0;
+  }
+  return 1;
+}
+
+/*
+** Given the name of a column of the form X.Y.Z or Y.Z or just Z, look up
+** that name in the set of source tables in pSrcList and make the pExpr 
+** expression node refer back to that source column.  The following changes
+** are made to pExpr:
+**
+**    pExpr->iDb           Set the index in db->aDb[] of the database X
+**                         (even if X is implied).
+**    pExpr->iTable        Set to the cursor number for the table obtained
+**                         from pSrcList.
+**    pExpr->pTab          Points to the Table structure of X.Y (even if
+**                         X and/or Y are implied.)
+**    pExpr->iColumn       Set to the column number within the table.
+**    pExpr->op            Set to TK_COLUMN.
+**    pExpr->pLeft         Any expression this points to is deleted
+**    pExpr->pRight        Any expression this points to is deleted.
+**
+** The zDb variable is the name of the database (the "X").  This value may be
+** NULL meaning that name is of the form Y.Z or Z.  Any available database
+** can be used.  The zTable variable is the name of the table (the "Y").  This
+** value can be NULL if zDb is also NULL.  If zTable is NULL it
+** means that the form of the name is Z and that columns from any table
+** can be used.
+**
+** If the name cannot be resolved unambiguously, leave an error message
+** in pParse and return WRC_Abort.  Return WRC_Prune on success.
+*/
+static int lookupName(
+  Parse *pParse,       /* The parsing context */
+  const char *zDb,     /* Name of the database containing table, or NULL */
+  const char *zTab,    /* Name of table containing column, or NULL */
+  const char *zCol,    /* Name of the column. */
+  NameContext *pNC,    /* The name context used to resolve the name */
+  Expr *pExpr          /* Make this EXPR node point to the selected column */
+){
+  int i, j;                         /* Loop counters */
+  int cnt = 0;                      /* Number of matching column names */
+  int cntTab = 0;                   /* Number of matching table names */
+  int nSubquery = 0;                /* How many levels of subquery */
+  sqlite3 *db = pParse->db;         /* The database connection */
+  struct SrcList_item *pItem;       /* Use for looping over pSrcList items */
+  struct SrcList_item *pMatch = 0;  /* The matching pSrcList item */
+  NameContext *pTopNC = pNC;        /* First namecontext in the list */
+  Schema *pSchema = 0;              /* Schema of the expression */
+  int isTrigger = 0;                /* True if resolved to a trigger column */
+  Table *pTab = 0;                  /* Table hold the row */
+  Column *pCol;                     /* A column of pTab */
+
+  assert( pNC );     /* the name context cannot be NULL. */
+  assert( zCol );    /* The Z in X.Y.Z cannot be NULL */
+  assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) );
+
+  /* Initialize the node to no-match */
+  pExpr->iTable = -1;
+  pExpr->pTab = 0;
+  ExprSetVVAProperty(pExpr, EP_NoReduce);
+
+  /* Translate the schema name in zDb into a pointer to the corresponding
+  ** schema.  If not found, pSchema will remain NULL and nothing will match
+  ** resulting in an appropriate error message toward the end of this routine
+  */
+  if( zDb ){
+    testcase( pNC->ncFlags & NC_PartIdx );
+    testcase( pNC->ncFlags & NC_IsCheck );
+    if( (pNC->ncFlags & (NC_PartIdx|NC_IsCheck))!=0 ){
+      /* Silently ignore database qualifiers inside CHECK constraints and
+      ** partial indices.  Do not raise errors because that might break
+      ** legacy and because it does not hurt anything to just ignore the
+      ** database name. */
+      zDb = 0;
+    }else{
+      for(i=0; i<db->nDb; i++){
+        assert( db->aDb[i].zName );
+        if( sqlite3StrICmp(db->aDb[i].zName,zDb)==0 ){
+          pSchema = db->aDb[i].pSchema;
+          break;
+        }
+      }
+    }
+  }
+
+  /* Start at the inner-most context and move outward until a match is found */
+  while( pNC && cnt==0 ){
+    ExprList *pEList;
+    SrcList *pSrcList = pNC->pSrcList;
+
+    if( pSrcList ){
+      for(i=0, pItem=pSrcList->a; i<pSrcList->nSrc; i++, pItem++){
+        pTab = pItem->pTab;
+        assert( pTab!=0 && pTab->zName!=0 );
+        assert( pTab->nCol>0 );
+        if( pItem->pSelect && (pItem->pSelect->selFlags & SF_NestedFrom)!=0 ){
+          int hit = 0;
+          pEList = pItem->pSelect->pEList;
+          for(j=0; j<pEList->nExpr; j++){
+            if( sqlite3MatchSpanName(pEList->a[j].zSpan, zCol, zTab, zDb) ){
+              cnt++;
+              cntTab = 2;
+              pMatch = pItem;
+              pExpr->iColumn = j;
+              hit = 1;
+            }
+          }
+          if( hit || zTab==0 ) continue;
+        }
+        if( zDb && pTab->pSchema!=pSchema ){
+          continue;
+        }
+        if( zTab ){
+          const char *zTabName = pItem->zAlias ? pItem->zAlias : pTab->zName;
+          assert( zTabName!=0 );
+          if( sqlite3StrICmp(zTabName, zTab)!=0 ){
+            continue;
+          }
+        }
+        if( 0==(cntTab++) ){
+          pMatch = pItem;
+        }
+        for(j=0, pCol=pTab->aCol; j<pTab->nCol; j++, pCol++){
+          if( sqlite3StrICmp(pCol->zName, zCol)==0 ){
+            /* If there has been exactly one prior match and this match
+            ** is for the right-hand table of a NATURAL JOIN or is in a 
+            ** USING clause, then skip this match.
+            */
+            if( cnt==1 ){
+              if( pItem->fg.jointype & JT_NATURAL ) continue;
+              if( nameInUsingClause(pItem->pUsing, zCol) ) continue;
+            }
+            cnt++;
+            pMatch = pItem;
+            /* Substitute the rowid (column -1) for the INTEGER PRIMARY KEY */
+            pExpr->iColumn = j==pTab->iPKey ? -1 : (i16)j;
+            break;
+          }
+        }
+      }
+      if( pMatch ){
+        pExpr->iTable = pMatch->iCursor;
+        pExpr->pTab = pMatch->pTab;
+        /* RIGHT JOIN not (yet) supported */
+        assert( (pMatch->fg.jointype & JT_RIGHT)==0 );
+        if( (pMatch->fg.jointype & JT_LEFT)!=0 ){
+          ExprSetProperty(pExpr, EP_CanBeNull);
+        }
+        pSchema = pExpr->pTab->pSchema;
+      }
+    } /* if( pSrcList ) */
+
+#ifndef SQLITE_OMIT_TRIGGER
+    /* If we have not already resolved the name, then maybe 
+    ** it is a new.* or old.* trigger argument reference
+    */
+    if( zDb==0 && zTab!=0 && cntTab==0 && pParse->pTriggerTab!=0 ){
+      int op = pParse->eTriggerOp;
+      assert( op==TK_DELETE || op==TK_UPDATE || op==TK_INSERT );
+      if( op!=TK_DELETE && sqlite3StrICmp("new",zTab) == 0 ){
+        pExpr->iTable = 1;
+        pTab = pParse->pTriggerTab;
+      }else if( op!=TK_INSERT && sqlite3StrICmp("old",zTab)==0 ){
+        pExpr->iTable = 0;
+        pTab = pParse->pTriggerTab;
+      }else{
+        pTab = 0;
+      }
+
+      if( pTab ){ 
+        int iCol;
+        pSchema = pTab->pSchema;
+        cntTab++;
+        for(iCol=0, pCol=pTab->aCol; iCol<pTab->nCol; iCol++, pCol++){
+          if( sqlite3StrICmp(pCol->zName, zCol)==0 ){
+            if( iCol==pTab->iPKey ){
+              iCol = -1;
+            }
+            break;
+          }
+        }
+        if( iCol>=pTab->nCol && sqlite3IsRowid(zCol) && VisibleRowid(pTab) ){
+          /* IMP: R-51414-32910 */
+          iCol = -1;
+        }
+        if( iCol<pTab->nCol ){
+          cnt++;
+          if( iCol<0 ){
+            pExpr->affinity = SQLITE_AFF_INTEGER;
+          }else if( pExpr->iTable==0 ){
+            testcase( iCol==31 );
+            testcase( iCol==32 );
+            pParse->oldmask |= (iCol>=32 ? 0xffffffff : (((u32)1)<<iCol));
+          }else{
+            testcase( iCol==31 );
+            testcase( iCol==32 );
+            pParse->newmask |= (iCol>=32 ? 0xffffffff : (((u32)1)<<iCol));
+          }
+          pExpr->iColumn = (i16)iCol;
+          pExpr->pTab = pTab;
+          isTrigger = 1;
+        }
+      }
+    }
+#endif /* !defined(SQLITE_OMIT_TRIGGER) */
+
+    /*
+    ** Perhaps the name is a reference to the ROWID
+    */
+    if( cnt==0
+     && cntTab==1
+     && pMatch
+     && (pNC->ncFlags & NC_IdxExpr)==0
+     && sqlite3IsRowid(zCol)
+     && VisibleRowid(pMatch->pTab)
+    ){
+      cnt = 1;
+      pExpr->iColumn = -1;
+      pExpr->affinity = SQLITE_AFF_INTEGER;
+    }
+
+    /*
+    ** If the input is of the form Z (not Y.Z or X.Y.Z) then the name Z
+    ** might refer to an result-set alias.  This happens, for example, when
+    ** we are resolving names in the WHERE clause of the following command:
+    **
+    **     SELECT a+b AS x FROM table WHERE x<10;
+    **
+    ** In cases like this, replace pExpr with a copy of the expression that
+    ** forms the result set entry ("a+b" in the example) and return immediately.
+    ** Note that the expression in the result set should have already been
+    ** resolved by the time the WHERE clause is resolved.
+    **
+    ** The ability to use an output result-set column in the WHERE, GROUP BY,
+    ** or HAVING clauses, or as part of a larger expression in the ORDER BY
+    ** clause is not standard SQL.  This is a (goofy) SQLite extension, that
+    ** is supported for backwards compatibility only. Hence, we issue a warning
+    ** on sqlite3_log() whenever the capability is used.
+    */
+    if( (pEList = pNC->pEList)!=0
+     && zTab==0
+     && cnt==0
+    ){
+      for(j=0; j<pEList->nExpr; j++){
+        char *zAs = pEList->a[j].zName;
+        if( zAs!=0 && sqlite3StrICmp(zAs, zCol)==0 ){
+          Expr *pOrig;
+          assert( pExpr->pLeft==0 && pExpr->pRight==0 );
+          assert( pExpr->x.pList==0 );
+          assert( pExpr->x.pSelect==0 );
+          pOrig = pEList->a[j].pExpr;
+          if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
+            sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
+            return WRC_Abort;
+          }
+          resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
+          cnt = 1;
+          pMatch = 0;
+          assert( zTab==0 && zDb==0 );
+          goto lookupname_end;
+        }
+      } 
+    }
+
+    /* Advance to the next name context.  The loop will exit when either
+    ** we have a match (cnt>0) or when we run out of name contexts.
+    */
+    if( cnt==0 ){
+      pNC = pNC->pNext;
+      nSubquery++;
+    }
+  }
+
+  /*
+  ** If X and Y are NULL (in other words if only the column name Z is
+  ** supplied) and the value of Z is enclosed in double-quotes, then
+  ** Z is a string literal if it doesn't match any column names.  In that
+  ** case, we need to return right away and not make any changes to
+  ** pExpr.
+  **
+  ** Because no reference was made to outer contexts, the pNC->nRef
+  ** fields are not changed in any context.
+  */
+  if( cnt==0 && zTab==0 && ExprHasProperty(pExpr,EP_DblQuoted) ){
+    pExpr->op = TK_STRING;
+    pExpr->pTab = 0;
+    return WRC_Prune;
+  }
+
+  /*
+  ** cnt==0 means there was not match.  cnt>1 means there were two or
+  ** more matches.  Either way, we have an error.
+  */
+  if( cnt!=1 ){
+    const char *zErr;
+    zErr = cnt==0 ? "no such column" : "ambiguous column name";
+    if( zDb ){
+      sqlite3ErrorMsg(pParse, "%s: %s.%s.%s", zErr, zDb, zTab, zCol);
+    }else if( zTab ){
+      sqlite3ErrorMsg(pParse, "%s: %s.%s", zErr, zTab, zCol);
+    }else{
+      sqlite3ErrorMsg(pParse, "%s: %s", zErr, zCol);
+    }
+    pParse->checkSchema = 1;
+    pTopNC->nErr++;
+  }
+
+  /* If a column from a table in pSrcList is referenced, then record
+  ** this fact in the pSrcList.a[].colUsed bitmask.  Column 0 causes
+  ** bit 0 to be set.  Column 1 sets bit 1.  And so forth.  If the
+  ** column number is greater than the number of bits in the bitmask
+  ** then set the high-order bit of the bitmask.
+  */
+  if( pExpr->iColumn>=0 && pMatch!=0 ){
+    int n = pExpr->iColumn;
+    testcase( n==BMS-1 );
+    if( n>=BMS ){
+      n = BMS-1;
+    }
+    assert( pMatch->iCursor==pExpr->iTable );
+    pMatch->colUsed |= ((Bitmask)1)<<n;
+  }
+
+  /* Clean up and return
+  */
+  sqlite3ExprDelete(db, pExpr->pLeft);
+  pExpr->pLeft = 0;
+  sqlite3ExprDelete(db, pExpr->pRight);
+  pExpr->pRight = 0;
+  pExpr->op = (isTrigger ? TK_TRIGGER : TK_COLUMN);
+lookupname_end:
+  if( cnt==1 ){
+    assert( pNC!=0 );
+    if( !ExprHasProperty(pExpr, EP_Alias) ){
+      sqlite3AuthRead(pParse, pExpr, pSchema, pNC->pSrcList);
+    }
+    /* Increment the nRef value on all name contexts from TopNC up to
+    ** the point where the name matched. */
+    for(;;){
+      assert( pTopNC!=0 );
+      pTopNC->nRef++;
+      if( pTopNC==pNC ) break;
+      pTopNC = pTopNC->pNext;
+    }
+    return WRC_Prune;
+  } else {
+    return WRC_Abort;
+  }
+}
+
+/*
+** Allocate and return a pointer to an expression to load the column iCol
+** from datasource iSrc in SrcList pSrc.
+*/
+SQLITE_PRIVATE Expr *sqlite3CreateColumnExpr(sqlite3 *db, SrcList *pSrc, int iSrc, int iCol){
+  Expr *p = sqlite3ExprAlloc(db, TK_COLUMN, 0, 0);
+  if( p ){
+    struct SrcList_item *pItem = &pSrc->a[iSrc];
+    p->pTab = pItem->pTab;
+    p->iTable = pItem->iCursor;
+    if( p->pTab->iPKey==iCol ){
+      p->iColumn = -1;
+    }else{
+      p->iColumn = (ynVar)iCol;
+      testcase( iCol==BMS );
+      testcase( iCol==BMS-1 );
+      pItem->colUsed |= ((Bitmask)1)<<(iCol>=BMS ? BMS-1 : iCol);
+    }
+    ExprSetProperty(p, EP_Resolved);
+  }
+  return p;
+}
+
+/*
+** Report an error that an expression is not valid for some set of
+** pNC->ncFlags values determined by validMask.
+*/
+static void notValid(
+  Parse *pParse,       /* Leave error message here */
+  NameContext *pNC,    /* The name context */
+  const char *zMsg,    /* Type of error */
+  int validMask        /* Set of contexts for which prohibited */
+){
+  assert( (validMask&~(NC_IsCheck|NC_PartIdx|NC_IdxExpr))==0 );
+  if( (pNC->ncFlags & validMask)!=0 ){
+    const char *zIn = "partial index WHERE clauses";
+    if( pNC->ncFlags & NC_IdxExpr )      zIn = "index expressions";
+#ifndef SQLITE_OMIT_CHECK
+    else if( pNC->ncFlags & NC_IsCheck ) zIn = "CHECK constraints";
+#endif
+    sqlite3ErrorMsg(pParse, "%s prohibited in %s", zMsg, zIn);
+  }
+}
+
+/*
+** Expression p should encode a floating point value between 1.0 and 0.0.
+** Return 1024 times this value.  Or return -1 if p is not a floating point
+** value between 1.0 and 0.0.
+*/
+static int exprProbability(Expr *p){
+  double r = -1.0;
+  if( p->op!=TK_FLOAT ) return -1;
+  sqlite3AtoF(p->u.zToken, &r, sqlite3Strlen30(p->u.zToken), SQLITE_UTF8);
+  assert( r>=0.0 );
+  if( r>1.0 ) return -1;
+  return (int)(r*134217728.0);
+}
+
+/*
+** This routine is callback for sqlite3WalkExpr().
+**
+** Resolve symbolic names into TK_COLUMN operators for the current
+** node in the expression tree.  Return 0 to continue the search down
+** the tree or 2 to abort the tree walk.
+**
+** This routine also does error checking and name resolution for
+** function names.  The operator for aggregate functions is changed
+** to TK_AGG_FUNCTION.
+*/
+static int resolveExprStep(Walker *pWalker, Expr *pExpr){
+  NameContext *pNC;
+  Parse *pParse;
+
+  pNC = pWalker->u.pNC;
+  assert( pNC!=0 );
+  pParse = pNC->pParse;
+  assert( pParse==pWalker->pParse );
+
+  if( ExprHasProperty(pExpr, EP_Resolved) ) return WRC_Prune;
+  ExprSetProperty(pExpr, EP_Resolved);
+#ifndef NDEBUG
+  if( pNC->pSrcList && pNC->pSrcList->nAlloc>0 ){
+    SrcList *pSrcList = pNC->pSrcList;
+    int i;
+    for(i=0; i<pNC->pSrcList->nSrc; i++){
+      assert( pSrcList->a[i].iCursor>=0 && pSrcList->a[i].iCursor<pParse->nTab);
+    }
+  }
+#endif
+  switch( pExpr->op ){
+
+#if defined(SQLITE_ENABLE_UPDATE_DELETE_LIMIT) && !defined(SQLITE_OMIT_SUBQUERY)
+    /* The special operator TK_ROW means use the rowid for the first
+    ** column in the FROM clause.  This is used by the LIMIT and ORDER BY
+    ** clause processing on UPDATE and DELETE statements.
+    */
+    case TK_ROW: {
+      SrcList *pSrcList = pNC->pSrcList;
+      struct SrcList_item *pItem;
+      assert( pSrcList && pSrcList->nSrc==1 );
+      pItem = pSrcList->a; 
+      pExpr->op = TK_COLUMN;
+      pExpr->pTab = pItem->pTab;
+      pExpr->iTable = pItem->iCursor;
+      pExpr->iColumn = -1;
+      pExpr->affinity = SQLITE_AFF_INTEGER;
+      break;
+    }
+#endif /* defined(SQLITE_ENABLE_UPDATE_DELETE_LIMIT)
+          && !defined(SQLITE_OMIT_SUBQUERY) */
+
+    /* A lone identifier is the name of a column.
+    */
+    case TK_ID: {
+      return lookupName(pParse, 0, 0, pExpr->u.zToken, pNC, pExpr);
+    }
+  
+    /* A table name and column name:     ID.ID
+    ** Or a database, table and column:  ID.ID.ID
+    */
+    case TK_DOT: {
+      const char *zColumn;
+      const char *zTable;
+      const char *zDb;
+      Expr *pRight;
+
+      /* if( pSrcList==0 ) break; */
+      notValid(pParse, pNC, "the \".\" operator", NC_IdxExpr);
+      /*notValid(pParse, pNC, "the \".\" operator", NC_PartIdx|NC_IsCheck, 1);*/
+      pRight = pExpr->pRight;
+      if( pRight->op==TK_ID ){
+        zDb = 0;
+        zTable = pExpr->pLeft->u.zToken;
+        zColumn = pRight->u.zToken;
+      }else{
+        assert( pRight->op==TK_DOT );
+        zDb = pExpr->pLeft->u.zToken;
+        zTable = pRight->pLeft->u.zToken;
+        zColumn = pRight->pRight->u.zToken;
+      }
+      return lookupName(pParse, zDb, zTable, zColumn, pNC, pExpr);
+    }
+
+    /* Resolve function names
+    */
+    case TK_FUNCTION: {
+      ExprList *pList = pExpr->x.pList;    /* The argument list */
+      int n = pList ? pList->nExpr : 0;    /* Number of arguments */
+      int no_such_func = 0;       /* True if no such function exists */
+      int wrong_num_args = 0;     /* True if wrong number of arguments */
+      int is_agg = 0;             /* True if is an aggregate function */
+      int auth;                   /* Authorization to use the function */
+      int nId;                    /* Number of characters in function name */
+      const char *zId;            /* The function name. */
+      FuncDef *pDef;              /* Information about the function */
+      u8 enc = ENC(pParse->db);   /* The database encoding */
+
+      assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
+      notValid(pParse, pNC, "functions", NC_PartIdx);
+      zId = pExpr->u.zToken;
+      nId = sqlite3Strlen30(zId);
+      pDef = sqlite3FindFunction(pParse->db, zId, nId, n, enc, 0);
+      if( pDef==0 ){
+        pDef = sqlite3FindFunction(pParse->db, zId, nId, -2, enc, 0);
+        if( pDef==0 ){
+          no_such_func = 1;
+        }else{
+          wrong_num_args = 1;
+        }
+      }else{
+        is_agg = pDef->xFunc==0;
+        if( pDef->funcFlags & SQLITE_FUNC_UNLIKELY ){
+          ExprSetProperty(pExpr, EP_Unlikely|EP_Skip);
+          if( n==2 ){
+            pExpr->iTable = exprProbability(pList->a[1].pExpr);
+            if( pExpr->iTable<0 ){
+              sqlite3ErrorMsg(pParse,
+                "second argument to likelihood() must be a "
+                "constant between 0.0 and 1.0");
+              pNC->nErr++;
+            }
+          }else{
+            /* EVIDENCE-OF: R-61304-29449 The unlikely(X) function is
+            ** equivalent to likelihood(X, 0.0625).
+            ** EVIDENCE-OF: R-01283-11636 The unlikely(X) function is
+            ** short-hand for likelihood(X,0.0625).
+            ** EVIDENCE-OF: R-36850-34127 The likely(X) function is short-hand
+            ** for likelihood(X,0.9375).
+            ** EVIDENCE-OF: R-53436-40973 The likely(X) function is equivalent
+            ** to likelihood(X,0.9375). */
+            /* TUNING: unlikely() probability is 0.0625.  likely() is 0.9375 */
+            pExpr->iTable = pDef->zName[0]=='u' ? 8388608 : 125829120;
+          }             
+        }
+#ifndef SQLITE_OMIT_AUTHORIZATION
+        auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0, pDef->zName, 0);
+        if( auth!=SQLITE_OK ){
+          if( auth==SQLITE_DENY ){
+            sqlite3ErrorMsg(pParse, "not authorized to use function: %s",
+                                    pDef->zName);
+            pNC->nErr++;
+          }
+          pExpr->op = TK_NULL;
+          return WRC_Prune;
+        }
+#endif
+        if( pDef->funcFlags & (SQLITE_FUNC_CONSTANT|SQLITE_FUNC_SLOCHNG) ){
+          /* For the purposes of the EP_ConstFunc flag, date and time
+          ** functions and other functions that change slowly are considered
+          ** constant because they are constant for the duration of one query */
+          ExprSetProperty(pExpr,EP_ConstFunc);
+        }
+        if( (pDef->funcFlags & SQLITE_FUNC_CONSTANT)==0 ){
+          /* Date/time functions that use 'now', and other functions like
+          ** sqlite_version() that might change over time cannot be used
+          ** in an index. */
+          notValid(pParse, pNC, "non-deterministic functions", NC_IdxExpr);
+        }
+      }
+      if( is_agg && (pNC->ncFlags & NC_AllowAgg)==0 ){
+        sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId);
+        pNC->nErr++;
+        is_agg = 0;
+      }else if( no_such_func && pParse->db->init.busy==0 ){
+        sqlite3ErrorMsg(pParse, "no such function: %.*s", nId, zId);
+        pNC->nErr++;
+      }else if( wrong_num_args ){
+        sqlite3ErrorMsg(pParse,"wrong number of arguments to function %.*s()",
+             nId, zId);
+        pNC->nErr++;
+      }
+      if( is_agg ) pNC->ncFlags &= ~NC_AllowAgg;
+      sqlite3WalkExprList(pWalker, pList);
+      if( is_agg ){
+        NameContext *pNC2 = pNC;
+        pExpr->op = TK_AGG_FUNCTION;
+        pExpr->op2 = 0;
+        while( pNC2 && !sqlite3FunctionUsesThisSrc(pExpr, pNC2->pSrcList) ){
+          pExpr->op2++;
+          pNC2 = pNC2->pNext;
+        }
+        assert( pDef!=0 );
+        if( pNC2 ){
+          assert( SQLITE_FUNC_MINMAX==NC_MinMaxAgg );
+          testcase( (pDef->funcFlags & SQLITE_FUNC_MINMAX)!=0 );
+          pNC2->ncFlags |= NC_HasAgg | (pDef->funcFlags & SQLITE_FUNC_MINMAX);
+
+        }
+        pNC->ncFlags |= NC_AllowAgg;
+      }
+      /* FIX ME:  Compute pExpr->affinity based on the expected return
+      ** type of the function 
+      */
+      return WRC_Prune;
+    }
+#ifndef SQLITE_OMIT_SUBQUERY
+    case TK_SELECT:
+    case TK_EXISTS:  testcase( pExpr->op==TK_EXISTS );
+#endif
+    case TK_IN: {
+      testcase( pExpr->op==TK_IN );
+      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+        int nRef = pNC->nRef;
+        notValid(pParse, pNC, "subqueries", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
+        sqlite3WalkSelect(pWalker, pExpr->x.pSelect);
+        assert( pNC->nRef>=nRef );
+        if( nRef!=pNC->nRef ){
+          ExprSetProperty(pExpr, EP_VarSelect);
+        }
+      }
+      break;
+    }
+    case TK_VARIABLE: {
+      notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
+      break;
+    }
+  }
+  return (pParse->nErr || pParse->db->mallocFailed) ? WRC_Abort : WRC_Continue;
+}
+
+/*
+** pEList is a list of expressions which are really the result set of the
+** a SELECT statement.  pE is a term in an ORDER BY or GROUP BY clause.
+** This routine checks to see if pE is a simple identifier which corresponds
+** to the AS-name of one of the terms of the expression list.  If it is,
+** this routine return an integer between 1 and N where N is the number of
+** elements in pEList, corresponding to the matching entry.  If there is
+** no match, or if pE is not a simple identifier, then this routine
+** return 0.
+**
+** pEList has been resolved.  pE has not.
+*/
+static int resolveAsName(
+  Parse *pParse,     /* Parsing context for error messages */
+  ExprList *pEList,  /* List of expressions to scan */
+  Expr *pE           /* Expression we are trying to match */
+){
+  int i;             /* Loop counter */
+
+  UNUSED_PARAMETER(pParse);
+
+  if( pE->op==TK_ID ){
+    char *zCol = pE->u.zToken;
+    for(i=0; i<pEList->nExpr; i++){
+      char *zAs = pEList->a[i].zName;
+      if( zAs!=0 && sqlite3StrICmp(zAs, zCol)==0 ){
+        return i+1;
+      }
+    }
+  }
+  return 0;
+}
+
+/*
+** pE is a pointer to an expression which is a single term in the
+** ORDER BY of a compound SELECT.  The expression has not been
+** name resolved.
+**
+** At the point this routine is called, we already know that the
+** ORDER BY term is not an integer index into the result set.  That
+** case is handled by the calling routine.
+**
+** Attempt to match pE against result set columns in the left-most
+** SELECT statement.  Return the index i of the matching column,
+** as an indication to the caller that it should sort by the i-th column.
+** The left-most column is 1.  In other words, the value returned is the
+** same integer value that would be used in the SQL statement to indicate
+** the column.
+**
+** If there is no match, return 0.  Return -1 if an error occurs.
+*/
+static int resolveOrderByTermToExprList(
+  Parse *pParse,     /* Parsing context for error messages */
+  Select *pSelect,   /* The SELECT statement with the ORDER BY clause */
+  Expr *pE           /* The specific ORDER BY term */
+){
+  int i;             /* Loop counter */
+  ExprList *pEList;  /* The columns of the result set */
+  NameContext nc;    /* Name context for resolving pE */
+  sqlite3 *db;       /* Database connection */
+  int rc;            /* Return code from subprocedures */
+  u8 savedSuppErr;   /* Saved value of db->suppressErr */
+
+  assert( sqlite3ExprIsInteger(pE, &i)==0 );
+  pEList = pSelect->pEList;
+
+  /* Resolve all names in the ORDER BY term expression
+  */
+  memset(&nc, 0, sizeof(nc));
+  nc.pParse = pParse;
+  nc.pSrcList = pSelect->pSrc;
+  nc.pEList = pEList;
+  nc.ncFlags = NC_AllowAgg;
+  nc.nErr = 0;
+  db = pParse->db;
+  savedSuppErr = db->suppressErr;
+  db->suppressErr = 1;
+  rc = sqlite3ResolveExprNames(&nc, pE);
+  db->suppressErr = savedSuppErr;
+  if( rc ) return 0;
+
+  /* Try to match the ORDER BY expression against an expression
+  ** in the result set.  Return an 1-based index of the matching
+  ** result-set entry.
+  */
+  for(i=0; i<pEList->nExpr; i++){
+    if( sqlite3ExprCompare(pEList->a[i].pExpr, pE, -1)<2 ){
+      return i+1;
+    }
+  }
+
+  /* If no match, return 0. */
+  return 0;
+}
+
+/*
+** Generate an ORDER BY or GROUP BY term out-of-range error.
+*/
+static void resolveOutOfRangeError(
+  Parse *pParse,         /* The error context into which to write the error */
+  const char *zType,     /* "ORDER" or "GROUP" */
+  int i,                 /* The index (1-based) of the term out of range */
+  int mx                 /* Largest permissible value of i */
+){
+  sqlite3ErrorMsg(pParse, 
+    "%r %s BY term out of range - should be "
+    "between 1 and %d", i, zType, mx);
+}
+
+/*
+** Analyze the ORDER BY clause in a compound SELECT statement.   Modify
+** each term of the ORDER BY clause is a constant integer between 1
+** and N where N is the number of columns in the compound SELECT.
+**
+** ORDER BY terms that are already an integer between 1 and N are
+** unmodified.  ORDER BY terms that are integers outside the range of
+** 1 through N generate an error.  ORDER BY terms that are expressions
+** are matched against result set expressions of compound SELECT
+** beginning with the left-most SELECT and working toward the right.
+** At the first match, the ORDER BY expression is transformed into
+** the integer column number.
+**
+** Return the number of errors seen.
+*/
+static int resolveCompoundOrderBy(
+  Parse *pParse,        /* Parsing context.  Leave error messages here */
+  Select *pSelect       /* The SELECT statement containing the ORDER BY */
+){
+  int i;
+  ExprList *pOrderBy;
+  ExprList *pEList;
+  sqlite3 *db;
+  int moreToDo = 1;
+
+  pOrderBy = pSelect->pOrderBy;
+  if( pOrderBy==0 ) return 0;
+  db = pParse->db;
+#if SQLITE_MAX_COLUMN
+  if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
+    sqlite3ErrorMsg(pParse, "too many terms in ORDER BY clause");
+    return 1;
+  }
+#endif
+  for(i=0; i<pOrderBy->nExpr; i++){
+    pOrderBy->a[i].done = 0;
+  }
+  pSelect->pNext = 0;
+  while( pSelect->pPrior ){
+    pSelect->pPrior->pNext = pSelect;
+    pSelect = pSelect->pPrior;
+  }
+  while( pSelect && moreToDo ){
+    struct ExprList_item *pItem;
+    moreToDo = 0;
+    pEList = pSelect->pEList;
+    assert( pEList!=0 );
+    for(i=0, pItem=pOrderBy->a; i<pOrderBy->nExpr; i++, pItem++){
+      int iCol = -1;
+      Expr *pE, *pDup;
+      if( pItem->done ) continue;
+      pE = sqlite3ExprSkipCollate(pItem->pExpr);
+      if( sqlite3ExprIsInteger(pE, &iCol) ){
+        if( iCol<=0 || iCol>pEList->nExpr ){
+          resolveOutOfRangeError(pParse, "ORDER", i+1, pEList->nExpr);
+          return 1;
+        }
+      }else{
+        iCol = resolveAsName(pParse, pEList, pE);
+        if( iCol==0 ){
+          pDup = sqlite3ExprDup(db, pE, 0);
+          if( !db->mallocFailed ){
+            assert(pDup);
+            iCol = resolveOrderByTermToExprList(pParse, pSelect, pDup);
+          }
+          sqlite3ExprDelete(db, pDup);
+        }
+      }
+      if( iCol>0 ){
+        /* Convert the ORDER BY term into an integer column number iCol,
+        ** taking care to preserve the COLLATE clause if it exists */
+        Expr *pNew = sqlite3Expr(db, TK_INTEGER, 0);
+        if( pNew==0 ) return 1;
+        pNew->flags |= EP_IntValue;
+        pNew->u.iValue = iCol;
+        if( pItem->pExpr==pE ){
+          pItem->pExpr = pNew;
+        }else{
+          Expr *pParent = pItem->pExpr;
+          assert( pParent->op==TK_COLLATE );
+          while( pParent->pLeft->op==TK_COLLATE ) pParent = pParent->pLeft;
+          assert( pParent->pLeft==pE );
+          pParent->pLeft = pNew;
+        }
+        sqlite3ExprDelete(db, pE);
+        pItem->u.x.iOrderByCol = (u16)iCol;
+        pItem->done = 1;
+      }else{
+        moreToDo = 1;
+      }
+    }
+    pSelect = pSelect->pNext;
+  }
+  for(i=0; i<pOrderBy->nExpr; i++){
+    if( pOrderBy->a[i].done==0 ){
+      sqlite3ErrorMsg(pParse, "%r ORDER BY term does not match any "
+            "column in the result set", i+1);
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** Check every term in the ORDER BY or GROUP BY clause pOrderBy of
+** the SELECT statement pSelect.  If any term is reference to a
+** result set expression (as determined by the ExprList.a.u.x.iOrderByCol
+** field) then convert that term into a copy of the corresponding result set
+** column.
+**
+** If any errors are detected, add an error message to pParse and
+** return non-zero.  Return zero if no errors are seen.
+*/
+SQLITE_PRIVATE int sqlite3ResolveOrderGroupBy(
+  Parse *pParse,        /* Parsing context.  Leave error messages here */
+  Select *pSelect,      /* The SELECT statement containing the clause */
+  ExprList *pOrderBy,   /* The ORDER BY or GROUP BY clause to be processed */
+  const char *zType     /* "ORDER" or "GROUP" */
+){
+  int i;
+  sqlite3 *db = pParse->db;
+  ExprList *pEList;
+  struct ExprList_item *pItem;
+
+  if( pOrderBy==0 || pParse->db->mallocFailed ) return 0;
+#if SQLITE_MAX_COLUMN
+  if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
+    sqlite3ErrorMsg(pParse, "too many terms in %s BY clause", zType);
+    return 1;
+  }
+#endif
+  pEList = pSelect->pEList;
+  assert( pEList!=0 );  /* sqlite3SelectNew() guarantees this */
+  for(i=0, pItem=pOrderBy->a; i<pOrderBy->nExpr; i++, pItem++){
+    if( pItem->u.x.iOrderByCol ){
+      if( pItem->u.x.iOrderByCol>pEList->nExpr ){
+        resolveOutOfRangeError(pParse, zType, i+1, pEList->nExpr);
+        return 1;
+      }
+      resolveAlias(pParse, pEList, pItem->u.x.iOrderByCol-1, pItem->pExpr,
+                   zType,0);
+    }
+  }
+  return 0;
+}
+
+/*
+** pOrderBy is an ORDER BY or GROUP BY clause in SELECT statement pSelect.
+** The Name context of the SELECT statement is pNC.  zType is either
+** "ORDER" or "GROUP" depending on which type of clause pOrderBy is.
+**
+** This routine resolves each term of the clause into an expression.
+** If the order-by term is an integer I between 1 and N (where N is the
+** number of columns in the result set of the SELECT) then the expression
+** in the resolution is a copy of the I-th result-set expression.  If
+** the order-by term is an identifier that corresponds to the AS-name of
+** a result-set expression, then the term resolves to a copy of the
+** result-set expression.  Otherwise, the expression is resolved in
+** the usual way - using sqlite3ResolveExprNames().
+**
+** This routine returns the number of errors.  If errors occur, then
+** an appropriate error message might be left in pParse.  (OOM errors
+** excepted.)
+*/
+static int resolveOrderGroupBy(
+  NameContext *pNC,     /* The name context of the SELECT statement */
+  Select *pSelect,      /* The SELECT statement holding pOrderBy */
+  ExprList *pOrderBy,   /* An ORDER BY or GROUP BY clause to resolve */
+  const char *zType     /* Either "ORDER" or "GROUP", as appropriate */
+){
+  int i, j;                      /* Loop counters */
+  int iCol;                      /* Column number */
+  struct ExprList_item *pItem;   /* A term of the ORDER BY clause */
+  Parse *pParse;                 /* Parsing context */
+  int nResult;                   /* Number of terms in the result set */
+
+  if( pOrderBy==0 ) return 0;
+  nResult = pSelect->pEList->nExpr;
+  pParse = pNC->pParse;
+  for(i=0, pItem=pOrderBy->a; i<pOrderBy->nExpr; i++, pItem++){
+    Expr *pE = pItem->pExpr;
+    Expr *pE2 = sqlite3ExprSkipCollate(pE);
+    if( zType[0]!='G' ){
+      iCol = resolveAsName(pParse, pSelect->pEList, pE2);
+      if( iCol>0 ){
+        /* If an AS-name match is found, mark this ORDER BY column as being
+        ** a copy of the iCol-th result-set column.  The subsequent call to
+        ** sqlite3ResolveOrderGroupBy() will convert the expression to a
+        ** copy of the iCol-th result-set expression. */
+        pItem->u.x.iOrderByCol = (u16)iCol;
+        continue;
+      }
+    }
+    if( sqlite3ExprIsInteger(pE2, &iCol) ){
+      /* The ORDER BY term is an integer constant.  Again, set the column
+      ** number so that sqlite3ResolveOrderGroupBy() will convert the
+      ** order-by term to a copy of the result-set expression */
+      if( iCol<1 || iCol>0xffff ){
+        resolveOutOfRangeError(pParse, zType, i+1, nResult);
+        return 1;
+      }
+      pItem->u.x.iOrderByCol = (u16)iCol;
+      continue;
+    }
+
+    /* Otherwise, treat the ORDER BY term as an ordinary expression */
+    pItem->u.x.iOrderByCol = 0;
+    if( sqlite3ResolveExprNames(pNC, pE) ){
+      return 1;
+    }
+    for(j=0; j<pSelect->pEList->nExpr; j++){
+      if( sqlite3ExprCompare(pE, pSelect->pEList->a[j].pExpr, -1)==0 ){
+        pItem->u.x.iOrderByCol = j+1;
+      }
+    }
+  }
+  return sqlite3ResolveOrderGroupBy(pParse, pSelect, pOrderBy, zType);
+}
+
+/*
+** Resolve names in the SELECT statement p and all of its descendants.
+*/
+static int resolveSelectStep(Walker *pWalker, Select *p){
+  NameContext *pOuterNC;  /* Context that contains this SELECT */
+  NameContext sNC;        /* Name context of this SELECT */
+  int isCompound;         /* True if p is a compound select */
+  int nCompound;          /* Number of compound terms processed so far */
+  Parse *pParse;          /* Parsing context */
+  int i;                  /* Loop counter */
+  ExprList *pGroupBy;     /* The GROUP BY clause */
+  Select *pLeftmost;      /* Left-most of SELECT of a compound */
+  sqlite3 *db;            /* Database connection */
+  
+
+  assert( p!=0 );
+  if( p->selFlags & SF_Resolved ){
+    return WRC_Prune;
+  }
+  pOuterNC = pWalker->u.pNC;
+  pParse = pWalker->pParse;
+  db = pParse->db;
+
+  /* Normally sqlite3SelectExpand() will be called first and will have
+  ** already expanded this SELECT.  However, if this is a subquery within
+  ** an expression, sqlite3ResolveExprNames() will be called without a
+  ** prior call to sqlite3SelectExpand().  When that happens, let
+  ** sqlite3SelectPrep() do all of the processing for this SELECT.
+  ** sqlite3SelectPrep() will invoke both sqlite3SelectExpand() and
+  ** this routine in the correct order.
+  */
+  if( (p->selFlags & SF_Expanded)==0 ){
+    sqlite3SelectPrep(pParse, p, pOuterNC);
+    return (pParse->nErr || db->mallocFailed) ? WRC_Abort : WRC_Prune;
+  }
+
+  isCompound = p->pPrior!=0;
+  nCompound = 0;
+  pLeftmost = p;
+  while( p ){
+    assert( (p->selFlags & SF_Expanded)!=0 );
+    assert( (p->selFlags & SF_Resolved)==0 );
+    p->selFlags |= SF_Resolved;
+
+    /* Resolve the expressions in the LIMIT and OFFSET clauses. These
+    ** are not allowed to refer to any names, so pass an empty NameContext.
+    */
+    memset(&sNC, 0, sizeof(sNC));
+    sNC.pParse = pParse;
+    if( sqlite3ResolveExprNames(&sNC, p->pLimit) ||
+        sqlite3ResolveExprNames(&sNC, p->pOffset) ){
+      return WRC_Abort;
+    }
+
+    /* If the SF_Converted flags is set, then this Select object was
+    ** was created by the convertCompoundSelectToSubquery() function.
+    ** In this case the ORDER BY clause (p->pOrderBy) should be resolved
+    ** as if it were part of the sub-query, not the parent. This block
+    ** moves the pOrderBy down to the sub-query. It will be moved back
+    ** after the names have been resolved.  */
+    if( p->selFlags & SF_Converted ){
+      Select *pSub = p->pSrc->a[0].pSelect;
+      assert( p->pSrc->nSrc==1 && p->pOrderBy );
+      assert( pSub->pPrior && pSub->pOrderBy==0 );
+      pSub->pOrderBy = p->pOrderBy;
+      p->pOrderBy = 0;
+    }
+  
+    /* Recursively resolve names in all subqueries
+    */
+    for(i=0; i<p->pSrc->nSrc; i++){
+      struct SrcList_item *pItem = &p->pSrc->a[i];
+      if( pItem->pSelect ){
+        NameContext *pNC;         /* Used to iterate name contexts */
+        int nRef = 0;             /* Refcount for pOuterNC and outer contexts */
+        const char *zSavedContext = pParse->zAuthContext;
+
+        /* Count the total number of references to pOuterNC and all of its
+        ** parent contexts. After resolving references to expressions in
+        ** pItem->pSelect, check if this value has changed. If so, then
+        ** SELECT statement pItem->pSelect must be correlated. Set the
+        ** pItem->fg.isCorrelated flag if this is the case. */
+        for(pNC=pOuterNC; pNC; pNC=pNC->pNext) nRef += pNC->nRef;
+
+        if( pItem->zName ) pParse->zAuthContext = pItem->zName;
+        sqlite3ResolveSelectNames(pParse, pItem->pSelect, pOuterNC);
+        pParse->zAuthContext = zSavedContext;
+        if( pParse->nErr || db->mallocFailed ) return WRC_Abort;
+
+        for(pNC=pOuterNC; pNC; pNC=pNC->pNext) nRef -= pNC->nRef;
+        assert( pItem->fg.isCorrelated==0 && nRef<=0 );
+        pItem->fg.isCorrelated = (nRef!=0);
+      }
+    }
+  
+    /* Set up the local name-context to pass to sqlite3ResolveExprNames() to
+    ** resolve the result-set expression list.
+    */
+    sNC.ncFlags = NC_AllowAgg;
+    sNC.pSrcList = p->pSrc;
+    sNC.pNext = pOuterNC;
+  
+    /* Resolve names in the result set. */
+    if( sqlite3ResolveExprListNames(&sNC, p->pEList) ) return WRC_Abort;
+  
+    /* If there are no aggregate functions in the result-set, and no GROUP BY 
+    ** expression, do not allow aggregates in any of the other expressions.
+    */
+    assert( (p->selFlags & SF_Aggregate)==0 );
+    pGroupBy = p->pGroupBy;
+    if( pGroupBy || (sNC.ncFlags & NC_HasAgg)!=0 ){
+      assert( NC_MinMaxAgg==SF_MinMaxAgg );
+      p->selFlags |= SF_Aggregate | (sNC.ncFlags&NC_MinMaxAgg);
+    }else{
+      sNC.ncFlags &= ~NC_AllowAgg;
+    }
+  
+    /* If a HAVING clause is present, then there must be a GROUP BY clause.
+    */
+    if( p->pHaving && !pGroupBy ){
+      sqlite3ErrorMsg(pParse, "a GROUP BY clause is required before HAVING");
+      return WRC_Abort;
+    }
+  
+    /* Add the output column list to the name-context before parsing the
+    ** other expressions in the SELECT statement. This is so that
+    ** expressions in the WHERE clause (etc.) can refer to expressions by
+    ** aliases in the result set.
+    **
+    ** Minor point: If this is the case, then the expression will be
+    ** re-evaluated for each reference to it.
+    */
+    sNC.pEList = p->pEList;
+    if( sqlite3ResolveExprNames(&sNC, p->pHaving) ) return WRC_Abort;
+    if( sqlite3ResolveExprNames(&sNC, p->pWhere) ) return WRC_Abort;
+
+    /* Resolve names in table-valued-function arguments */
+    for(i=0; i<p->pSrc->nSrc; i++){
+      struct SrcList_item *pItem = &p->pSrc->a[i];
+      if( pItem->fg.isTabFunc
+       && sqlite3ResolveExprListNames(&sNC, pItem->u1.pFuncArg) 
+      ){
+        return WRC_Abort;
+      }
+    }
+
+    /* The ORDER BY and GROUP BY clauses may not refer to terms in
+    ** outer queries 
+    */
+    sNC.pNext = 0;
+    sNC.ncFlags |= NC_AllowAgg;
+
+    /* If this is a converted compound query, move the ORDER BY clause from 
+    ** the sub-query back to the parent query. At this point each term
+    ** within the ORDER BY clause has been transformed to an integer value.
+    ** These integers will be replaced by copies of the corresponding result
+    ** set expressions by the call to resolveOrderGroupBy() below.  */
+    if( p->selFlags & SF_Converted ){
+      Select *pSub = p->pSrc->a[0].pSelect;
+      p->pOrderBy = pSub->pOrderBy;
+      pSub->pOrderBy = 0;
+    }
+
+    /* Process the ORDER BY clause for singleton SELECT statements.
+    ** The ORDER BY clause for compounds SELECT statements is handled
+    ** below, after all of the result-sets for all of the elements of
+    ** the compound have been resolved.
+    **
+    ** If there is an ORDER BY clause on a term of a compound-select other
+    ** than the right-most term, then that is a syntax error.  But the error
+    ** is not detected until much later, and so we need to go ahead and
+    ** resolve those symbols on the incorrect ORDER BY for consistency.
+    */
+    if( isCompound<=nCompound  /* Defer right-most ORDER BY of a compound */
+     && resolveOrderGroupBy(&sNC, p, p->pOrderBy, "ORDER")
+    ){
+      return WRC_Abort;
+    }
+    if( db->mallocFailed ){
+      return WRC_Abort;
+    }
+  
+    /* Resolve the GROUP BY clause.  At the same time, make sure 
+    ** the GROUP BY clause does not contain aggregate functions.
+    */
+    if( pGroupBy ){
+      struct ExprList_item *pItem;
+    
+      if( resolveOrderGroupBy(&sNC, p, pGroupBy, "GROUP") || db->mallocFailed ){
+        return WRC_Abort;
+      }
+      for(i=0, pItem=pGroupBy->a; i<pGroupBy->nExpr; i++, pItem++){
+        if( ExprHasProperty(pItem->pExpr, EP_Agg) ){
+          sqlite3ErrorMsg(pParse, "aggregate functions are not allowed in "
+              "the GROUP BY clause");
+          return WRC_Abort;
+        }
+      }
+    }
+
+    /* If this is part of a compound SELECT, check that it has the right
+    ** number of expressions in the select list. */
+    if( p->pNext && p->pEList->nExpr!=p->pNext->pEList->nExpr ){
+      sqlite3SelectWrongNumTermsError(pParse, p->pNext);
+      return WRC_Abort;
+    }
+
+    /* Advance to the next term of the compound
+    */
+    p = p->pPrior;
+    nCompound++;
+  }
+
+  /* Resolve the ORDER BY on a compound SELECT after all terms of
+  ** the compound have been resolved.
+  */
+  if( isCompound && resolveCompoundOrderBy(pParse, pLeftmost) ){
+    return WRC_Abort;
+  }
+
+  return WRC_Prune;
+}
+
+/*
+** This routine walks an expression tree and resolves references to
+** table columns and result-set columns.  At the same time, do error
+** checking on function usage and set a flag if any aggregate functions
+** are seen.
+**
+** To resolve table columns references we look for nodes (or subtrees) of the 
+** form X.Y.Z or Y.Z or just Z where
+**
+**      X:   The name of a database.  Ex:  "main" or "temp" or
+**           the symbolic name assigned to an ATTACH-ed database.
+**
+**      Y:   The name of a table in a FROM clause.  Or in a trigger
+**           one of the special names "old" or "new".
+**
+**      Z:   The name of a column in table Y.
+**
+** The node at the root of the subtree is modified as follows:
+**
+**    Expr.op        Changed to TK_COLUMN
+**    Expr.pTab      Points to the Table object for X.Y
+**    Expr.iColumn   The column index in X.Y.  -1 for the rowid.
+**    Expr.iTable    The VDBE cursor number for X.Y
+**
+**
+** To resolve result-set references, look for expression nodes of the
+** form Z (with no X and Y prefix) where the Z matches the right-hand
+** size of an AS clause in the result-set of a SELECT.  The Z expression
+** is replaced by a copy of the left-hand side of the result-set expression.
+** Table-name and function resolution occurs on the substituted expression
+** tree.  For example, in:
+**
+**      SELECT a+b AS x, c+d AS y FROM t1 ORDER BY x;
+**
+** The "x" term of the order by is replaced by "a+b" to render:
+**
+**      SELECT a+b AS x, c+d AS y FROM t1 ORDER BY a+b;
+**
+** Function calls are checked to make sure that the function is 
+** defined and that the correct number of arguments are specified.
+** If the function is an aggregate function, then the NC_HasAgg flag is
+** set and the opcode is changed from TK_FUNCTION to TK_AGG_FUNCTION.
+** If an expression contains aggregate functions then the EP_Agg
+** property on the expression is set.
+**
+** An error message is left in pParse if anything is amiss.  The number
+** if errors is returned.
+*/
+SQLITE_PRIVATE int sqlite3ResolveExprNames( 
+  NameContext *pNC,       /* Namespace to resolve expressions in. */
+  Expr *pExpr             /* The expression to be analyzed. */
+){
+  u16 savedHasAgg;
+  Walker w;
+
+  if( pExpr==0 ) return 0;
+#if SQLITE_MAX_EXPR_DEPTH>0
+  {
+    Parse *pParse = pNC->pParse;
+    if( sqlite3ExprCheckHeight(pParse, pExpr->nHeight+pNC->pParse->nHeight) ){
+      return 1;
+    }
+    pParse->nHeight += pExpr->nHeight;
+  }
+#endif
+  savedHasAgg = pNC->ncFlags & (NC_HasAgg|NC_MinMaxAgg);
+  pNC->ncFlags &= ~(NC_HasAgg|NC_MinMaxAgg);
+  memset(&w, 0, sizeof(w));
+  w.xExprCallback = resolveExprStep;
+  w.xSelectCallback = resolveSelectStep;
+  w.pParse = pNC->pParse;
+  w.u.pNC = pNC;
+  sqlite3WalkExpr(&w, pExpr);
+#if SQLITE_MAX_EXPR_DEPTH>0
+  pNC->pParse->nHeight -= pExpr->nHeight;
+#endif
+  if( pNC->nErr>0 || w.pParse->nErr>0 ){
+    ExprSetProperty(pExpr, EP_Error);
+  }
+  if( pNC->ncFlags & NC_HasAgg ){
+    ExprSetProperty(pExpr, EP_Agg);
+  }
+  pNC->ncFlags |= savedHasAgg;
+  return ExprHasProperty(pExpr, EP_Error);
+}
+
+/*
+** Resolve all names for all expression in an expression list.  This is
+** just like sqlite3ResolveExprNames() except that it works for an expression
+** list rather than a single expression.
+*/
+SQLITE_PRIVATE int sqlite3ResolveExprListNames( 
+  NameContext *pNC,       /* Namespace to resolve expressions in. */
+  ExprList *pList         /* The expression list to be analyzed. */
+){
+  int i;
+  if( pList ){
+    for(i=0; i<pList->nExpr; i++){
+      if( sqlite3ResolveExprNames(pNC, pList->a[i].pExpr) ) return WRC_Abort;
+    }
+  }
+  return WRC_Continue;
+}
+
+/*
+** Resolve all names in all expressions of a SELECT and in all
+** decendents of the SELECT, including compounds off of p->pPrior,
+** subqueries in expressions, and subqueries used as FROM clause
+** terms.
+**
+** See sqlite3ResolveExprNames() for a description of the kinds of
+** transformations that occur.
+**
+** All SELECT statements should have been expanded using
+** sqlite3SelectExpand() prior to invoking this routine.
+*/
+SQLITE_PRIVATE void sqlite3ResolveSelectNames(
+  Parse *pParse,         /* The parser context */
+  Select *p,             /* The SELECT statement being coded. */
+  NameContext *pOuterNC  /* Name context for parent SELECT statement */
+){
+  Walker w;
+
+  assert( p!=0 );
+  memset(&w, 0, sizeof(w));
+  w.xExprCallback = resolveExprStep;
+  w.xSelectCallback = resolveSelectStep;
+  w.pParse = pParse;
+  w.u.pNC = pOuterNC;
+  sqlite3WalkSelect(&w, p);
+}
+
+/*
+** Resolve names in expressions that can only reference a single table:
+**
+**    *   CHECK constraints
+**    *   WHERE clauses on partial indices
+**
+** The Expr.iTable value for Expr.op==TK_COLUMN nodes of the expression
+** is set to -1 and the Expr.iColumn value is set to the column number.
+**
+** Any errors cause an error message to be set in pParse.
+*/
+SQLITE_PRIVATE void sqlite3ResolveSelfReference(
+  Parse *pParse,      /* Parsing context */
+  Table *pTab,        /* The table being referenced */
+  int type,           /* NC_IsCheck or NC_PartIdx or NC_IdxExpr */
+  Expr *pExpr,        /* Expression to resolve.  May be NULL. */
+  ExprList *pList     /* Expression list to resolve.  May be NUL. */
+){
+  SrcList sSrc;                   /* Fake SrcList for pParse->pNewTable */
+  NameContext sNC;                /* Name context for pParse->pNewTable */
+
+  assert( type==NC_IsCheck || type==NC_PartIdx || type==NC_IdxExpr );
+  memset(&sNC, 0, sizeof(sNC));
+  memset(&sSrc, 0, sizeof(sSrc));
+  sSrc.nSrc = 1;
+  sSrc.a[0].zName = pTab->zName;
+  sSrc.a[0].pTab = pTab;
+  sSrc.a[0].iCursor = -1;
+  sNC.pParse = pParse;
+  sNC.pSrcList = &sSrc;
+  sNC.ncFlags = type;
+  if( sqlite3ResolveExprNames(&sNC, pExpr) ) return;
+  if( pList ) sqlite3ResolveExprListNames(&sNC, pList);
+}
+
+/************** End of resolve.c *********************************************/
+/************** Begin file expr.c ********************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains routines used for analyzing expressions and
+** for generating VDBE code that evaluates expressions in SQLite.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** Return the 'affinity' of the expression pExpr if any.
+**
+** If pExpr is a column, a reference to a column via an 'AS' alias,
+** or a sub-select with a column as the return value, then the 
+** affinity of that column is returned. Otherwise, 0x00 is returned,
+** indicating no affinity for the expression.
+**
+** i.e. the WHERE clause expressions in the following statements all
+** have an affinity:
+**
+** CREATE TABLE t1(a);
+** SELECT * FROM t1 WHERE a;
+** SELECT a AS b FROM t1 WHERE b;
+** SELECT * FROM t1 WHERE (select a from t1);
+*/
+SQLITE_PRIVATE char sqlite3ExprAffinity(Expr *pExpr){
+  int op;
+  pExpr = sqlite3ExprSkipCollate(pExpr);
+  if( pExpr->flags & EP_Generic ) return 0;
+  op = pExpr->op;
+  if( op==TK_SELECT ){
+    assert( pExpr->flags&EP_xIsSelect );
+    return sqlite3ExprAffinity(pExpr->x.pSelect->pEList->a[0].pExpr);
+  }
+#ifndef SQLITE_OMIT_CAST
+  if( op==TK_CAST ){
+    assert( !ExprHasProperty(pExpr, EP_IntValue) );
+    return sqlite3AffinityType(pExpr->u.zToken, 0);
+  }
+#endif
+  if( (op==TK_AGG_COLUMN || op==TK_COLUMN || op==TK_REGISTER) 
+   && pExpr->pTab!=0
+  ){
+    /* op==TK_REGISTER && pExpr->pTab!=0 happens when pExpr was originally
+    ** a TK_COLUMN but was previously evaluated and cached in a register */
+    int j = pExpr->iColumn;
+    if( j<0 ) return SQLITE_AFF_INTEGER;
+    assert( pExpr->pTab && j<pExpr->pTab->nCol );
+    return pExpr->pTab->aCol[j].affinity;
+  }
+  return pExpr->affinity;
+}
+
+/*
+** Set the collating sequence for expression pExpr to be the collating
+** sequence named by pToken.   Return a pointer to a new Expr node that
+** implements the COLLATE operator.
+**
+** If a memory allocation error occurs, that fact is recorded in pParse->db
+** and the pExpr parameter is returned unchanged.
+*/
+SQLITE_PRIVATE Expr *sqlite3ExprAddCollateToken(
+  Parse *pParse,           /* Parsing context */
+  Expr *pExpr,             /* Add the "COLLATE" clause to this expression */
+  const Token *pCollName,  /* Name of collating sequence */
+  int dequote              /* True to dequote pCollName */
+){
+  if( pCollName->n>0 ){
+    Expr *pNew = sqlite3ExprAlloc(pParse->db, TK_COLLATE, pCollName, dequote);
+    if( pNew ){
+      pNew->pLeft = pExpr;
+      pNew->flags |= EP_Collate|EP_Skip;
+      pExpr = pNew;
+    }
+  }
+  return pExpr;
+}
+SQLITE_PRIVATE Expr *sqlite3ExprAddCollateString(Parse *pParse, Expr *pExpr, const char *zC){
+  Token s;
+  assert( zC!=0 );
+  s.z = zC;
+  s.n = sqlite3Strlen30(s.z);
+  return sqlite3ExprAddCollateToken(pParse, pExpr, &s, 0);
+}
+
+/*
+** Skip over any TK_COLLATE operators and any unlikely()
+** or likelihood() function at the root of an expression.
+*/
+SQLITE_PRIVATE Expr *sqlite3ExprSkipCollate(Expr *pExpr){
+  while( pExpr && ExprHasProperty(pExpr, EP_Skip) ){
+    if( ExprHasProperty(pExpr, EP_Unlikely) ){
+      assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
+      assert( pExpr->x.pList->nExpr>0 );
+      assert( pExpr->op==TK_FUNCTION );
+      pExpr = pExpr->x.pList->a[0].pExpr;
+    }else{
+      assert( pExpr->op==TK_COLLATE );
+      pExpr = pExpr->pLeft;
+    }
+  }   
+  return pExpr;
+}
+
+/*
+** Return the collation sequence for the expression pExpr. If
+** there is no defined collating sequence, return NULL.
+**
+** The collating sequence might be determined by a COLLATE operator
+** or by the presence of a column with a defined collating sequence.
+** COLLATE operators take first precedence.  Left operands take
+** precedence over right operands.
+*/
+SQLITE_PRIVATE CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
+  sqlite3 *db = pParse->db;
+  CollSeq *pColl = 0;
+  Expr *p = pExpr;
+  while( p ){
+    int op = p->op;
+    if( p->flags & EP_Generic ) break;
+    if( op==TK_CAST || op==TK_UPLUS ){
+      p = p->pLeft;
+      continue;
+    }
+    if( op==TK_COLLATE || (op==TK_REGISTER && p->op2==TK_COLLATE) ){
+      pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
+      break;
+    }
+    if( (op==TK_AGG_COLUMN || op==TK_COLUMN
+          || op==TK_REGISTER || op==TK_TRIGGER)
+     && p->pTab!=0
+    ){
+      /* op==TK_REGISTER && p->pTab!=0 happens when pExpr was originally
+      ** a TK_COLUMN but was previously evaluated and cached in a register */
+      int j = p->iColumn;
+      if( j>=0 ){
+        const char *zColl = p->pTab->aCol[j].zColl;
+        pColl = sqlite3FindCollSeq(db, ENC(db), zColl, 0);
+      }
+      break;
+    }
+    if( p->flags & EP_Collate ){
+      if( p->pLeft && (p->pLeft->flags & EP_Collate)!=0 ){
+        p = p->pLeft;
+      }else{
+        Expr *pNext  = p->pRight;
+        /* The Expr.x union is never used at the same time as Expr.pRight */
+        assert( p->x.pList==0 || p->pRight==0 );
+        /* p->flags holds EP_Collate and p->pLeft->flags does not.  And
+        ** p->x.pSelect cannot.  So if p->x.pLeft exists, it must hold at
+        ** least one EP_Collate. Thus the following two ALWAYS. */
+        if( p->x.pList!=0 && ALWAYS(!ExprHasProperty(p, EP_xIsSelect)) ){
+          int i;
+          for(i=0; ALWAYS(i<p->x.pList->nExpr); i++){
+            if( ExprHasProperty(p->x.pList->a[i].pExpr, EP_Collate) ){
+              pNext = p->x.pList->a[i].pExpr;
+              break;
+            }
+          }
+        }
+        p = pNext;
+      }
+    }else{
+      break;
+    }
+  }
+  if( sqlite3CheckCollSeq(pParse, pColl) ){ 
+    pColl = 0;
+  }
+  return pColl;
+}
+
+/*
+** pExpr is an operand of a comparison operator.  aff2 is the
+** type affinity of the other operand.  This routine returns the
+** type affinity that should be used for the comparison operator.
+*/
+SQLITE_PRIVATE char sqlite3CompareAffinity(Expr *pExpr, char aff2){
+  char aff1 = sqlite3ExprAffinity(pExpr);
+  if( aff1 && aff2 ){
+    /* Both sides of the comparison are columns. If one has numeric
+    ** affinity, use that. Otherwise use no affinity.
+    */
+    if( sqlite3IsNumericAffinity(aff1) || sqlite3IsNumericAffinity(aff2) ){
+      return SQLITE_AFF_NUMERIC;
+    }else{
+      return SQLITE_AFF_BLOB;
+    }
+  }else if( !aff1 && !aff2 ){
+    /* Neither side of the comparison is a column.  Compare the
+    ** results directly.
+    */
+    return SQLITE_AFF_BLOB;
+  }else{
+    /* One side is a column, the other is not. Use the columns affinity. */
+    assert( aff1==0 || aff2==0 );
+    return (aff1 + aff2);
+  }
+}
+
+/*
+** pExpr is a comparison operator.  Return the type affinity that should
+** be applied to both operands prior to doing the comparison.
+*/
+static char comparisonAffinity(Expr *pExpr){
+  char aff;
+  assert( pExpr->op==TK_EQ || pExpr->op==TK_IN || pExpr->op==TK_LT ||
+          pExpr->op==TK_GT || pExpr->op==TK_GE || pExpr->op==TK_LE ||
+          pExpr->op==TK_NE || pExpr->op==TK_IS || pExpr->op==TK_ISNOT );
+  assert( pExpr->pLeft );
+  aff = sqlite3ExprAffinity(pExpr->pLeft);
+  if( pExpr->pRight ){
+    aff = sqlite3CompareAffinity(pExpr->pRight, aff);
+  }else if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+    aff = sqlite3CompareAffinity(pExpr->x.pSelect->pEList->a[0].pExpr, aff);
+  }else if( !aff ){
+    aff = SQLITE_AFF_BLOB;
+  }
+  return aff;
+}
+
+/*
+** pExpr is a comparison expression, eg. '=', '<', IN(...) etc.
+** idx_affinity is the affinity of an indexed column. Return true
+** if the index with affinity idx_affinity may be used to implement
+** the comparison in pExpr.
+*/
+SQLITE_PRIVATE int sqlite3IndexAffinityOk(Expr *pExpr, char idx_affinity){
+  char aff = comparisonAffinity(pExpr);
+  switch( aff ){
+    case SQLITE_AFF_BLOB:
+      return 1;
+    case SQLITE_AFF_TEXT:
+      return idx_affinity==SQLITE_AFF_TEXT;
+    default:
+      return sqlite3IsNumericAffinity(idx_affinity);
+  }
+}
+
+/*
+** Return the P5 value that should be used for a binary comparison
+** opcode (OP_Eq, OP_Ge etc.) used to compare pExpr1 and pExpr2.
+*/
+static u8 binaryCompareP5(Expr *pExpr1, Expr *pExpr2, int jumpIfNull){
+  u8 aff = (char)sqlite3ExprAffinity(pExpr2);
+  aff = (u8)sqlite3CompareAffinity(pExpr1, aff) | (u8)jumpIfNull;
+  return aff;
+}
+
+/*
+** Return a pointer to the collation sequence that should be used by
+** a binary comparison operator comparing pLeft and pRight.
+**
+** If the left hand expression has a collating sequence type, then it is
+** used. Otherwise the collation sequence for the right hand expression
+** is used, or the default (BINARY) if neither expression has a collating
+** type.
+**
+** Argument pRight (but not pLeft) may be a null pointer. In this case,
+** it is not considered.
+*/
+SQLITE_PRIVATE CollSeq *sqlite3BinaryCompareCollSeq(
+  Parse *pParse, 
+  Expr *pLeft, 
+  Expr *pRight
+){
+  CollSeq *pColl;
+  assert( pLeft );
+  if( pLeft->flags & EP_Collate ){
+    pColl = sqlite3ExprCollSeq(pParse, pLeft);
+  }else if( pRight && (pRight->flags & EP_Collate)!=0 ){
+    pColl = sqlite3ExprCollSeq(pParse, pRight);
+  }else{
+    pColl = sqlite3ExprCollSeq(pParse, pLeft);
+    if( !pColl ){
+      pColl = sqlite3ExprCollSeq(pParse, pRight);
+    }
+  }
+  return pColl;
+}
+
+/*
+** Generate code for a comparison operator.
+*/
+static int codeCompare(
+  Parse *pParse,    /* The parsing (and code generating) context */
+  Expr *pLeft,      /* The left operand */
+  Expr *pRight,     /* The right operand */
+  int opcode,       /* The comparison opcode */
+  int in1, int in2, /* Register holding operands */
+  int dest,         /* Jump here if true.  */
+  int jumpIfNull    /* If true, jump if either operand is NULL */
+){
+  int p5;
+  int addr;
+  CollSeq *p4;
+
+  p4 = sqlite3BinaryCompareCollSeq(pParse, pLeft, pRight);
+  p5 = binaryCompareP5(pLeft, pRight, jumpIfNull);
+  addr = sqlite3VdbeAddOp4(pParse->pVdbe, opcode, in2, dest, in1,
+                           (void*)p4, P4_COLLSEQ);
+  sqlite3VdbeChangeP5(pParse->pVdbe, (u8)p5);
+  return addr;
+}
+
+#if SQLITE_MAX_EXPR_DEPTH>0
+/*
+** Check that argument nHeight is less than or equal to the maximum
+** expression depth allowed. If it is not, leave an error message in
+** pParse.
+*/
+SQLITE_PRIVATE int sqlite3ExprCheckHeight(Parse *pParse, int nHeight){
+  int rc = SQLITE_OK;
+  int mxHeight = pParse->db->aLimit[SQLITE_LIMIT_EXPR_DEPTH];
+  if( nHeight>mxHeight ){
+    sqlite3ErrorMsg(pParse, 
+       "Expression tree is too large (maximum depth %d)", mxHeight
+    );
+    rc = SQLITE_ERROR;
+  }
+  return rc;
+}
+
+/* The following three functions, heightOfExpr(), heightOfExprList()
+** and heightOfSelect(), are used to determine the maximum height
+** of any expression tree referenced by the structure passed as the
+** first argument.
+**
+** If this maximum height is greater than the current value pointed
+** to by pnHeight, the second parameter, then set *pnHeight to that
+** value.
+*/
+static void heightOfExpr(Expr *p, int *pnHeight){
+  if( p ){
+    if( p->nHeight>*pnHeight ){
+      *pnHeight = p->nHeight;
+    }
+  }
+}
+static void heightOfExprList(ExprList *p, int *pnHeight){
+  if( p ){
+    int i;
+    for(i=0; i<p->nExpr; i++){
+      heightOfExpr(p->a[i].pExpr, pnHeight);
+    }
+  }
+}
+static void heightOfSelect(Select *p, int *pnHeight){
+  if( p ){
+    heightOfExpr(p->pWhere, pnHeight);
+    heightOfExpr(p->pHaving, pnHeight);
+    heightOfExpr(p->pLimit, pnHeight);
+    heightOfExpr(p->pOffset, pnHeight);
+    heightOfExprList(p->pEList, pnHeight);
+    heightOfExprList(p->pGroupBy, pnHeight);
+    heightOfExprList(p->pOrderBy, pnHeight);
+    heightOfSelect(p->pPrior, pnHeight);
+  }
+}
+
+/*
+** Set the Expr.nHeight variable in the structure passed as an 
+** argument. An expression with no children, Expr.pList or 
+** Expr.pSelect member has a height of 1. Any other expression
+** has a height equal to the maximum height of any other 
+** referenced Expr plus one.
+**
+** Also propagate EP_Propagate flags up from Expr.x.pList to Expr.flags,
+** if appropriate.
+*/
+static void exprSetHeight(Expr *p){
+  int nHeight = 0;
+  heightOfExpr(p->pLeft, &nHeight);
+  heightOfExpr(p->pRight, &nHeight);
+  if( ExprHasProperty(p, EP_xIsSelect) ){
+    heightOfSelect(p->x.pSelect, &nHeight);
+  }else if( p->x.pList ){
+    heightOfExprList(p->x.pList, &nHeight);
+    p->flags |= EP_Propagate & sqlite3ExprListFlags(p->x.pList);
+  }
+  p->nHeight = nHeight + 1;
+}
+
+/*
+** Set the Expr.nHeight variable using the exprSetHeight() function. If
+** the height is greater than the maximum allowed expression depth,
+** leave an error in pParse.
+**
+** Also propagate all EP_Propagate flags from the Expr.x.pList into
+** Expr.flags. 
+*/
+SQLITE_PRIVATE void sqlite3ExprSetHeightAndFlags(Parse *pParse, Expr *p){
+  if( pParse->nErr ) return;
+  exprSetHeight(p);
+  sqlite3ExprCheckHeight(pParse, p->nHeight);
+}
+
+/*
+** Return the maximum height of any expression tree referenced
+** by the select statement passed as an argument.
+*/
+SQLITE_PRIVATE int sqlite3SelectExprHeight(Select *p){
+  int nHeight = 0;
+  heightOfSelect(p, &nHeight);
+  return nHeight;
+}
+#else /* ABOVE:  Height enforcement enabled.  BELOW: Height enforcement off */
+/*
+** Propagate all EP_Propagate flags from the Expr.x.pList into
+** Expr.flags. 
+*/
+SQLITE_PRIVATE void sqlite3ExprSetHeightAndFlags(Parse *pParse, Expr *p){
+  if( p && p->x.pList && !ExprHasProperty(p, EP_xIsSelect) ){
+    p->flags |= EP_Propagate & sqlite3ExprListFlags(p->x.pList);
+  }
+}
+#define exprSetHeight(y)
+#endif /* SQLITE_MAX_EXPR_DEPTH>0 */
+
+/*
+** This routine is the core allocator for Expr nodes.
+**
+** Construct a new expression node and return a pointer to it.  Memory
+** for this node and for the pToken argument is a single allocation
+** obtained from sqlite3DbMalloc().  The calling function
+** is responsible for making sure the node eventually gets freed.
+**
+** If dequote is true, then the token (if it exists) is dequoted.
+** If dequote is false, no dequoting is performed.  The deQuote
+** parameter is ignored if pToken is NULL or if the token does not
+** appear to be quoted.  If the quotes were of the form "..." (double-quotes)
+** then the EP_DblQuoted flag is set on the expression node.
+**
+** Special case:  If op==TK_INTEGER and pToken points to a string that
+** can be translated into a 32-bit integer, then the token is not
+** stored in u.zToken.  Instead, the integer values is written
+** into u.iValue and the EP_IntValue flag is set.  No extra storage
+** is allocated to hold the integer text and the dequote flag is ignored.
+*/
+SQLITE_PRIVATE Expr *sqlite3ExprAlloc(
+  sqlite3 *db,            /* Handle for sqlite3DbMallocZero() (may be null) */
+  int op,                 /* Expression opcode */
+  const Token *pToken,    /* Token argument.  Might be NULL */
+  int dequote             /* True to dequote */
+){
+  Expr *pNew;
+  int nExtra = 0;
+  int iValue = 0;
+
+  if( pToken ){
+    if( op!=TK_INTEGER || pToken->z==0
+          || sqlite3GetInt32(pToken->z, &iValue)==0 ){
+      nExtra = pToken->n+1;
+      assert( iValue>=0 );
+    }
+  }
+  pNew = sqlite3DbMallocZero(db, sizeof(Expr)+nExtra);
+  if( pNew ){
+    pNew->op = (u8)op;
+    pNew->iAgg = -1;
+    if( pToken ){
+      if( nExtra==0 ){
+        pNew->flags |= EP_IntValue;
+        pNew->u.iValue = iValue;
+      }else{
+        int c;
+        pNew->u.zToken = (char*)&pNew[1];
+        assert( pToken->z!=0 || pToken->n==0 );
+        if( pToken->n ) memcpy(pNew->u.zToken, pToken->z, pToken->n);
+        pNew->u.zToken[pToken->n] = 0;
+        if( dequote && nExtra>=3 
+             && ((c = pToken->z[0])=='\'' || c=='"' || c=='[' || c=='`') ){
+          sqlite3Dequote(pNew->u.zToken);
+          if( c=='"' ) pNew->flags |= EP_DblQuoted;
+        }
+      }
+    }
+#if SQLITE_MAX_EXPR_DEPTH>0
+    pNew->nHeight = 1;
+#endif  
+  }
+  return pNew;
+}
+
+/*
+** Allocate a new expression node from a zero-terminated token that has
+** already been dequoted.
+*/
+SQLITE_PRIVATE Expr *sqlite3Expr(
+  sqlite3 *db,            /* Handle for sqlite3DbMallocZero() (may be null) */
+  int op,                 /* Expression opcode */
+  const char *zToken      /* Token argument.  Might be NULL */
+){
+  Token x;
+  x.z = zToken;
+  x.n = zToken ? sqlite3Strlen30(zToken) : 0;
+  return sqlite3ExprAlloc(db, op, &x, 0);
+}
+
+/*
+** Attach subtrees pLeft and pRight to the Expr node pRoot.
+**
+** If pRoot==NULL that means that a memory allocation error has occurred.
+** In that case, delete the subtrees pLeft and pRight.
+*/
+SQLITE_PRIVATE void sqlite3ExprAttachSubtrees(
+  sqlite3 *db,
+  Expr *pRoot,
+  Expr *pLeft,
+  Expr *pRight
+){
+  if( pRoot==0 ){
+    assert( db->mallocFailed );
+    sqlite3ExprDelete(db, pLeft);
+    sqlite3ExprDelete(db, pRight);
+  }else{
+    if( pRight ){
+      pRoot->pRight = pRight;
+      pRoot->flags |= EP_Propagate & pRight->flags;
+    }
+    if( pLeft ){
+      pRoot->pLeft = pLeft;
+      pRoot->flags |= EP_Propagate & pLeft->flags;
+    }
+    exprSetHeight(pRoot);
+  }
+}
+
+/*
+** Allocate an Expr node which joins as many as two subtrees.
+**
+** One or both of the subtrees can be NULL.  Return a pointer to the new
+** Expr node.  Or, if an OOM error occurs, set pParse->db->mallocFailed,
+** free the subtrees and return NULL.
+*/
+SQLITE_PRIVATE Expr *sqlite3PExpr(
+  Parse *pParse,          /* Parsing context */
+  int op,                 /* Expression opcode */
+  Expr *pLeft,            /* Left operand */
+  Expr *pRight,           /* Right operand */
+  const Token *pToken     /* Argument token */
+){
+  Expr *p;
+  if( op==TK_AND && pParse->nErr==0 ){
+    /* Take advantage of short-circuit false optimization for AND */
+    p = sqlite3ExprAnd(pParse->db, pLeft, pRight);
+  }else{
+    p = sqlite3ExprAlloc(pParse->db, op & TKFLG_MASK, pToken, 1);
+    sqlite3ExprAttachSubtrees(pParse->db, p, pLeft, pRight);
+  }
+  if( p ) {
+    sqlite3ExprCheckHeight(pParse, p->nHeight);
+  }
+  return p;
+}
+
+/*
+** If the expression is always either TRUE or FALSE (respectively),
+** then return 1.  If one cannot determine the truth value of the
+** expression at compile-time return 0.
+**
+** This is an optimization.  If is OK to return 0 here even if
+** the expression really is always false or false (a false negative).
+** But it is a bug to return 1 if the expression might have different
+** boolean values in different circumstances (a false positive.)
+**
+** Note that if the expression is part of conditional for a
+** LEFT JOIN, then we cannot determine at compile-time whether or not
+** is it true or false, so always return 0.
+*/
+static int exprAlwaysTrue(Expr *p){
+  int v = 0;
+  if( ExprHasProperty(p, EP_FromJoin) ) return 0;
+  if( !sqlite3ExprIsInteger(p, &v) ) return 0;
+  return v!=0;
+}
+static int exprAlwaysFalse(Expr *p){
+  int v = 0;
+  if( ExprHasProperty(p, EP_FromJoin) ) return 0;
+  if( !sqlite3ExprIsInteger(p, &v) ) return 0;
+  return v==0;
+}
+
+/*
+** Join two expressions using an AND operator.  If either expression is
+** NULL, then just return the other expression.
+**
+** If one side or the other of the AND is known to be false, then instead
+** of returning an AND expression, just return a constant expression with
+** a value of false.
+*/
+SQLITE_PRIVATE Expr *sqlite3ExprAnd(sqlite3 *db, Expr *pLeft, Expr *pRight){
+  if( pLeft==0 ){
+    return pRight;
+  }else if( pRight==0 ){
+    return pLeft;
+  }else if( exprAlwaysFalse(pLeft) || exprAlwaysFalse(pRight) ){
+    sqlite3ExprDelete(db, pLeft);
+    sqlite3ExprDelete(db, pRight);
+    return sqlite3ExprAlloc(db, TK_INTEGER, &sqlite3IntTokens[0], 0);
+  }else{
+    Expr *pNew = sqlite3ExprAlloc(db, TK_AND, 0, 0);
+    sqlite3ExprAttachSubtrees(db, pNew, pLeft, pRight);
+    return pNew;
+  }
+}
+
+/*
+** Construct a new expression node for a function with multiple
+** arguments.
+*/
+SQLITE_PRIVATE Expr *sqlite3ExprFunction(Parse *pParse, ExprList *pList, Token *pToken){
+  Expr *pNew;
+  sqlite3 *db = pParse->db;
+  assert( pToken );
+  pNew = sqlite3ExprAlloc(db, TK_FUNCTION, pToken, 1);
+  if( pNew==0 ){
+    sqlite3ExprListDelete(db, pList); /* Avoid memory leak when malloc fails */
+    return 0;
+  }
+  pNew->x.pList = pList;
+  assert( !ExprHasProperty(pNew, EP_xIsSelect) );
+  sqlite3ExprSetHeightAndFlags(pParse, pNew);
+  return pNew;
+}
+
+/*
+** Assign a variable number to an expression that encodes a wildcard
+** in the original SQL statement.  
+**
+** Wildcards consisting of a single "?" are assigned the next sequential
+** variable number.
+**
+** Wildcards of the form "?nnn" are assigned the number "nnn".  We make
+** sure "nnn" is not too be to avoid a denial of service attack when
+** the SQL statement comes from an external source.
+**
+** Wildcards of the form ":aaa", "@aaa", or "$aaa" are assigned the same number
+** as the previous instance of the same wildcard.  Or if this is the first
+** instance of the wildcard, the next sequential variable number is
+** assigned.
+*/
+SQLITE_PRIVATE void sqlite3ExprAssignVarNumber(Parse *pParse, Expr *pExpr){
+  sqlite3 *db = pParse->db;
+  const char *z;
+
+  if( pExpr==0 ) return;
+  assert( !ExprHasProperty(pExpr, EP_IntValue|EP_Reduced|EP_TokenOnly) );
+  z = pExpr->u.zToken;
+  assert( z!=0 );
+  assert( z[0]!=0 );
+  if( z[1]==0 ){
+    /* Wildcard of the form "?".  Assign the next variable number */
+    assert( z[0]=='?' );
+    pExpr->iColumn = (ynVar)(++pParse->nVar);
+  }else{
+    ynVar x = 0;
+    u32 n = sqlite3Strlen30(z);
+    if( z[0]=='?' ){
+      /* Wildcard of the form "?nnn".  Convert "nnn" to an integer and
+      ** use it as the variable number */
+      i64 i;
+      int bOk = 0==sqlite3Atoi64(&z[1], &i, n-1, SQLITE_UTF8);
+      pExpr->iColumn = x = (ynVar)i;
+      testcase( i==0 );
+      testcase( i==1 );
+      testcase( i==db->aLimit[SQLITE_LIMIT_VARIABLE_NUMBER]-1 );
+      testcase( i==db->aLimit[SQLITE_LIMIT_VARIABLE_NUMBER] );
+      if( bOk==0 || i<1 || i>db->aLimit[SQLITE_LIMIT_VARIABLE_NUMBER] ){
+        sqlite3ErrorMsg(pParse, "variable number must be between ?1 and ?%d",
+            db->aLimit[SQLITE_LIMIT_VARIABLE_NUMBER]);
+        x = 0;
+      }
+      if( i>pParse->nVar ){
+        pParse->nVar = (int)i;
+      }
+    }else{
+      /* Wildcards like ":aaa", "$aaa" or "@aaa".  Reuse the same variable
+      ** number as the prior appearance of the same name, or if the name
+      ** has never appeared before, reuse the same variable number
+      */
+      ynVar i;
+      for(i=0; i<pParse->nzVar; i++){
+        if( pParse->azVar[i] && strcmp(pParse->azVar[i],z)==0 ){
+          pExpr->iColumn = x = (ynVar)i+1;
+          break;
+        }
+      }
+      if( x==0 ) x = pExpr->iColumn = (ynVar)(++pParse->nVar);
+    }
+    if( x>0 ){
+      if( x>pParse->nzVar ){
+        char **a;
+        a = sqlite3DbRealloc(db, pParse->azVar, x*sizeof(a[0]));
+        if( a==0 ) return;  /* Error reported through db->mallocFailed */
+        pParse->azVar = a;
+        memset(&a[pParse->nzVar], 0, (x-pParse->nzVar)*sizeof(a[0]));
+        pParse->nzVar = x;
+      }
+      if( z[0]!='?' || pParse->azVar[x-1]==0 ){
+        sqlite3DbFree(db, pParse->azVar[x-1]);
+        pParse->azVar[x-1] = sqlite3DbStrNDup(db, z, n);
+      }
+    }
+  } 
+  if( !pParse->nErr && pParse->nVar>db->aLimit[SQLITE_LIMIT_VARIABLE_NUMBER] ){
+    sqlite3ErrorMsg(pParse, "too many SQL variables");
+  }
+}
+
+/*
+** Recursively delete an expression tree.
+*/
+SQLITE_PRIVATE void sqlite3ExprDelete(sqlite3 *db, Expr *p){
+  if( p==0 ) return;
+  /* Sanity check: Assert that the IntValue is non-negative if it exists */
+  assert( !ExprHasProperty(p, EP_IntValue) || p->u.iValue>=0 );
+  if( !ExprHasProperty(p, EP_TokenOnly) ){
+    /* The Expr.x union is never used at the same time as Expr.pRight */
+    assert( p->x.pList==0 || p->pRight==0 );
+    sqlite3ExprDelete(db, p->pLeft);
+    sqlite3ExprDelete(db, p->pRight);
+    if( ExprHasProperty(p, EP_MemToken) ) sqlite3DbFree(db, p->u.zToken);
+    if( ExprHasProperty(p, EP_xIsSelect) ){
+      sqlite3SelectDelete(db, p->x.pSelect);
+    }else{
+      sqlite3ExprListDelete(db, p->x.pList);
+    }
+  }
+  if( !ExprHasProperty(p, EP_Static) ){
+    sqlite3DbFree(db, p);
+  }
+}
+
+/*
+** Return the number of bytes allocated for the expression structure 
+** passed as the first argument. This is always one of EXPR_FULLSIZE,
+** EXPR_REDUCEDSIZE or EXPR_TOKENONLYSIZE.
+*/
+static int exprStructSize(Expr *p){
+  if( ExprHasProperty(p, EP_TokenOnly) ) return EXPR_TOKENONLYSIZE;
+  if( ExprHasProperty(p, EP_Reduced) ) return EXPR_REDUCEDSIZE;
+  return EXPR_FULLSIZE;
+}
+
+/*
+** The dupedExpr*Size() routines each return the number of bytes required
+** to store a copy of an expression or expression tree.  They differ in
+** how much of the tree is measured.
+**
+**     dupedExprStructSize()     Size of only the Expr structure 
+**     dupedExprNodeSize()       Size of Expr + space for token
+**     dupedExprSize()           Expr + token + subtree components
+**
+***************************************************************************
+**
+** The dupedExprStructSize() function returns two values OR-ed together:  
+** (1) the space required for a copy of the Expr structure only and 
+** (2) the EP_xxx flags that indicate what the structure size should be.
+** The return values is always one of:
+**
+**      EXPR_FULLSIZE
+**      EXPR_REDUCEDSIZE   | EP_Reduced
+**      EXPR_TOKENONLYSIZE | EP_TokenOnly
+**
+** The size of the structure can be found by masking the return value
+** of this routine with 0xfff.  The flags can be found by masking the
+** return value with EP_Reduced|EP_TokenOnly.
+**
+** Note that with flags==EXPRDUP_REDUCE, this routines works on full-size
+** (unreduced) Expr objects as they or originally constructed by the parser.
+** During expression analysis, extra information is computed and moved into
+** later parts of teh Expr object and that extra information might get chopped
+** off if the expression is reduced.  Note also that it does not work to
+** make an EXPRDUP_REDUCE copy of a reduced expression.  It is only legal
+** to reduce a pristine expression tree from the parser.  The implementation
+** of dupedExprStructSize() contain multiple assert() statements that attempt
+** to enforce this constraint.
+*/
+static int dupedExprStructSize(Expr *p, int flags){
+  int nSize;
+  assert( flags==EXPRDUP_REDUCE || flags==0 ); /* Only one flag value allowed */
+  assert( EXPR_FULLSIZE<=0xfff );
+  assert( (0xfff & (EP_Reduced|EP_TokenOnly))==0 );
+  if( 0==(flags&EXPRDUP_REDUCE) ){
+    nSize = EXPR_FULLSIZE;
+  }else{
+    assert( !ExprHasProperty(p, EP_TokenOnly|EP_Reduced) );
+    assert( !ExprHasProperty(p, EP_FromJoin) ); 
+    assert( !ExprHasProperty(p, EP_MemToken) );
+    assert( !ExprHasProperty(p, EP_NoReduce) );
+    if( p->pLeft || p->x.pList ){
+      nSize = EXPR_REDUCEDSIZE | EP_Reduced;
+    }else{
+      assert( p->pRight==0 );
+      nSize = EXPR_TOKENONLYSIZE | EP_TokenOnly;
+    }
+  }
+  return nSize;
+}
+
+/*
+** This function returns the space in bytes required to store the copy 
+** of the Expr structure and a copy of the Expr.u.zToken string (if that
+** string is defined.)
+*/
+static int dupedExprNodeSize(Expr *p, int flags){
+  int nByte = dupedExprStructSize(p, flags) & 0xfff;
+  if( !ExprHasProperty(p, EP_IntValue) && p->u.zToken ){
+    nByte += sqlite3Strlen30(p->u.zToken)+1;
+  }
+  return ROUND8(nByte);
+}
+
+/*
+** Return the number of bytes required to create a duplicate of the 
+** expression passed as the first argument. The second argument is a
+** mask containing EXPRDUP_XXX flags.
+**
+** The value returned includes space to create a copy of the Expr struct
+** itself and the buffer referred to by Expr.u.zToken, if any.
+**
+** If the EXPRDUP_REDUCE flag is set, then the return value includes 
+** space to duplicate all Expr nodes in the tree formed by Expr.pLeft 
+** and Expr.pRight variables (but not for any structures pointed to or 
+** descended from the Expr.x.pList or Expr.x.pSelect variables).
+*/
+static int dupedExprSize(Expr *p, int flags){
+  int nByte = 0;
+  if( p ){
+    nByte = dupedExprNodeSize(p, flags);
+    if( flags&EXPRDUP_REDUCE ){
+      nByte += dupedExprSize(p->pLeft, flags) + dupedExprSize(p->pRight, flags);
+    }
+  }
+  return nByte;
+}
+
+/*
+** This function is similar to sqlite3ExprDup(), except that if pzBuffer 
+** is not NULL then *pzBuffer is assumed to point to a buffer large enough 
+** to store the copy of expression p, the copies of p->u.zToken
+** (if applicable), and the copies of the p->pLeft and p->pRight expressions,
+** if any. Before returning, *pzBuffer is set to the first byte past the
+** portion of the buffer copied into by this function.
+*/
+static Expr *exprDup(sqlite3 *db, Expr *p, int flags, u8 **pzBuffer){
+  Expr *pNew = 0;                      /* Value to return */
+  assert( flags==0 || flags==EXPRDUP_REDUCE );
+  if( p ){
+    const int isReduced = (flags&EXPRDUP_REDUCE);
+    u8 *zAlloc;
+    u32 staticFlag = 0;
+
+    assert( pzBuffer==0 || isReduced );
+
+    /* Figure out where to write the new Expr structure. */
+    if( pzBuffer ){
+      zAlloc = *pzBuffer;
+      staticFlag = EP_Static;
+    }else{
+      zAlloc = sqlite3DbMallocRaw(db, dupedExprSize(p, flags));
+    }
+    pNew = (Expr *)zAlloc;
+
+    if( pNew ){
+      /* Set nNewSize to the size allocated for the structure pointed to
+      ** by pNew. This is either EXPR_FULLSIZE, EXPR_REDUCEDSIZE or
+      ** EXPR_TOKENONLYSIZE. nToken is set to the number of bytes consumed
+      ** by the copy of the p->u.zToken string (if any).
+      */
+      const unsigned nStructSize = dupedExprStructSize(p, flags);
+      const int nNewSize = nStructSize & 0xfff;
+      int nToken;
+      if( !ExprHasProperty(p, EP_IntValue) && p->u.zToken ){
+        nToken = sqlite3Strlen30(p->u.zToken) + 1;
+      }else{
+        nToken = 0;
+      }
+      if( isReduced ){
+        assert( ExprHasProperty(p, EP_Reduced)==0 );
+        memcpy(zAlloc, p, nNewSize);
+      }else{
+        u32 nSize = (u32)exprStructSize(p);
+        memcpy(zAlloc, p, nSize);
+        if( nSize<EXPR_FULLSIZE ){ 
+          memset(&zAlloc[nSize], 0, EXPR_FULLSIZE-nSize);
+        }
+      }
+
+      /* Set the EP_Reduced, EP_TokenOnly, and EP_Static flags appropriately. */
+      pNew->flags &= ~(EP_Reduced|EP_TokenOnly|EP_Static|EP_MemToken);
+      pNew->flags |= nStructSize & (EP_Reduced|EP_TokenOnly);
+      pNew->flags |= staticFlag;
+
+      /* Copy the p->u.zToken string, if any. */
+      if( nToken ){
+        char *zToken = pNew->u.zToken = (char*)&zAlloc[nNewSize];
+        memcpy(zToken, p->u.zToken, nToken);
+      }
+
+      if( 0==((p->flags|pNew->flags) & EP_TokenOnly) ){
+        /* Fill in the pNew->x.pSelect or pNew->x.pList member. */
+        if( ExprHasProperty(p, EP_xIsSelect) ){
+          pNew->x.pSelect = sqlite3SelectDup(db, p->x.pSelect, isReduced);
+        }else{
+          pNew->x.pList = sqlite3ExprListDup(db, p->x.pList, isReduced);
+        }
+      }
+
+      /* Fill in pNew->pLeft and pNew->pRight. */
+      if( ExprHasProperty(pNew, EP_Reduced|EP_TokenOnly) ){
+        zAlloc += dupedExprNodeSize(p, flags);
+        if( ExprHasProperty(pNew, EP_Reduced) ){
+          pNew->pLeft = exprDup(db, p->pLeft, EXPRDUP_REDUCE, &zAlloc);
+          pNew->pRight = exprDup(db, p->pRight, EXPRDUP_REDUCE, &zAlloc);
+        }
+        if( pzBuffer ){
+          *pzBuffer = zAlloc;
+        }
+      }else{
+        if( !ExprHasProperty(p, EP_TokenOnly) ){
+          pNew->pLeft = sqlite3ExprDup(db, p->pLeft, 0);
+          pNew->pRight = sqlite3ExprDup(db, p->pRight, 0);
+        }
+      }
+
+    }
+  }
+  return pNew;
+}
+
+/*
+** Create and return a deep copy of the object passed as the second 
+** argument. If an OOM condition is encountered, NULL is returned
+** and the db->mallocFailed flag set.
+*/
+#ifndef SQLITE_OMIT_CTE
+static With *withDup(sqlite3 *db, With *p){
+  With *pRet = 0;
+  if( p ){
+    int nByte = sizeof(*p) + sizeof(p->a[0]) * (p->nCte-1);
+    pRet = sqlite3DbMallocZero(db, nByte);
+    if( pRet ){
+      int i;
+      pRet->nCte = p->nCte;
+      for(i=0; i<p->nCte; i++){
+        pRet->a[i].pSelect = sqlite3SelectDup(db, p->a[i].pSelect, 0);
+        pRet->a[i].pCols = sqlite3ExprListDup(db, p->a[i].pCols, 0);
+        pRet->a[i].zName = sqlite3DbStrDup(db, p->a[i].zName);
+      }
+    }
+  }
+  return pRet;
+}
+#else
+# define withDup(x,y) 0
+#endif
+
+/*
+** The following group of routines make deep copies of expressions,
+** expression lists, ID lists, and select statements.  The copies can
+** be deleted (by being passed to their respective ...Delete() routines)
+** without effecting the originals.
+**
+** The expression list, ID, and source lists return by sqlite3ExprListDup(),
+** sqlite3IdListDup(), and sqlite3SrcListDup() can not be further expanded 
+** by subsequent calls to sqlite*ListAppend() routines.
+**
+** Any tables that the SrcList might point to are not duplicated.
+**
+** The flags parameter contains a combination of the EXPRDUP_XXX flags.
+** If the EXPRDUP_REDUCE flag is set, then the structure returned is a
+** truncated version of the usual Expr structure that will be stored as
+** part of the in-memory representation of the database schema.
+*/
+SQLITE_PRIVATE Expr *sqlite3ExprDup(sqlite3 *db, Expr *p, int flags){
+  assert( flags==0 || flags==EXPRDUP_REDUCE );
+  return exprDup(db, p, flags, 0);
+}
+SQLITE_PRIVATE ExprList *sqlite3ExprListDup(sqlite3 *db, ExprList *p, int flags){
+  ExprList *pNew;
+  struct ExprList_item *pItem, *pOldItem;
+  int i;
+  if( p==0 ) return 0;
+  pNew = sqlite3DbMallocRaw(db, sizeof(*pNew) );
+  if( pNew==0 ) return 0;
+  pNew->nExpr = i = p->nExpr;
+  if( (flags & EXPRDUP_REDUCE)==0 ) for(i=1; i<p->nExpr; i+=i){}
+  pNew->a = pItem = sqlite3DbMallocRaw(db,  i*sizeof(p->a[0]) );
+  if( pItem==0 ){
+    sqlite3DbFree(db, pNew);
+    return 0;
+  } 
+  pOldItem = p->a;
+  for(i=0; i<p->nExpr; i++, pItem++, pOldItem++){
+    Expr *pOldExpr = pOldItem->pExpr;
+    pItem->pExpr = sqlite3ExprDup(db, pOldExpr, flags);
+    pItem->zName = sqlite3DbStrDup(db, pOldItem->zName);
+    pItem->zSpan = sqlite3DbStrDup(db, pOldItem->zSpan);
+    pItem->sortOrder = pOldItem->sortOrder;
+    pItem->done = 0;
+    pItem->bSpanIsTab = pOldItem->bSpanIsTab;
+    pItem->u = pOldItem->u;
+  }
+  return pNew;
+}
+
+/*
+** If cursors, triggers, views and subqueries are all omitted from
+** the build, then none of the following routines, except for 
+** sqlite3SelectDup(), can be called. sqlite3SelectDup() is sometimes
+** called with a NULL argument.
+*/
+#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER) \
+ || !defined(SQLITE_OMIT_SUBQUERY)
+SQLITE_PRIVATE SrcList *sqlite3SrcListDup(sqlite3 *db, SrcList *p, int flags){
+  SrcList *pNew;
+  int i;
+  int nByte;
+  if( p==0 ) return 0;
+  nByte = sizeof(*p) + (p->nSrc>0 ? sizeof(p->a[0]) * (p->nSrc-1) : 0);
+  pNew = sqlite3DbMallocRaw(db, nByte );
+  if( pNew==0 ) return 0;
+  pNew->nSrc = pNew->nAlloc = p->nSrc;
+  for(i=0; i<p->nSrc; i++){
+    struct SrcList_item *pNewItem = &pNew->a[i];
+    struct SrcList_item *pOldItem = &p->a[i];
+    Table *pTab;
+    pNewItem->pSchema = pOldItem->pSchema;
+    pNewItem->zDatabase = sqlite3DbStrDup(db, pOldItem->zDatabase);
+    pNewItem->zName = sqlite3DbStrDup(db, pOldItem->zName);
+    pNewItem->zAlias = sqlite3DbStrDup(db, pOldItem->zAlias);
+    pNewItem->fg = pOldItem->fg;
+    pNewItem->iCursor = pOldItem->iCursor;
+    pNewItem->addrFillSub = pOldItem->addrFillSub;
+    pNewItem->regReturn = pOldItem->regReturn;
+    if( pNewItem->fg.isIndexedBy ){
+      pNewItem->u1.zIndexedBy = sqlite3DbStrDup(db, pOldItem->u1.zIndexedBy);
+    }
+    pNewItem->pIBIndex = pOldItem->pIBIndex;
+    if( pNewItem->fg.isTabFunc ){
+      pNewItem->u1.pFuncArg = 
+          sqlite3ExprListDup(db, pOldItem->u1.pFuncArg, flags);
+    }
+    pTab = pNewItem->pTab = pOldItem->pTab;
+    if( pTab ){
+      pTab->nRef++;
+    }
+    pNewItem->pSelect = sqlite3SelectDup(db, pOldItem->pSelect, flags);
+    pNewItem->pOn = sqlite3ExprDup(db, pOldItem->pOn, flags);
+    pNewItem->pUsing = sqlite3IdListDup(db, pOldItem->pUsing);
+    pNewItem->colUsed = pOldItem->colUsed;
+  }
+  return pNew;
+}
+SQLITE_PRIVATE IdList *sqlite3IdListDup(sqlite3 *db, IdList *p){
+  IdList *pNew;
+  int i;
+  if( p==0 ) return 0;
+  pNew = sqlite3DbMallocRaw(db, sizeof(*pNew) );
+  if( pNew==0 ) return 0;
+  pNew->nId = p->nId;
+  pNew->a = sqlite3DbMallocRaw(db, p->nId*sizeof(p->a[0]) );
+  if( pNew->a==0 ){
+    sqlite3DbFree(db, pNew);
+    return 0;
+  }
+  /* Note that because the size of the allocation for p->a[] is not
+  ** necessarily a power of two, sqlite3IdListAppend() may not be called
+  ** on the duplicate created by this function. */
+  for(i=0; i<p->nId; i++){
+    struct IdList_item *pNewItem = &pNew->a[i];
+    struct IdList_item *pOldItem = &p->a[i];
+    pNewItem->zName = sqlite3DbStrDup(db, pOldItem->zName);
+    pNewItem->idx = pOldItem->idx;
+  }
+  return pNew;
+}
+SQLITE_PRIVATE Select *sqlite3SelectDup(sqlite3 *db, Select *p, int flags){
+  Select *pNew, *pPrior;
+  if( p==0 ) return 0;
+  pNew = sqlite3DbMallocRaw(db, sizeof(*p) );
+  if( pNew==0 ) return 0;
+  pNew->pEList = sqlite3ExprListDup(db, p->pEList, flags);
+  pNew->pSrc = sqlite3SrcListDup(db, p->pSrc, flags);
+  pNew->pWhere = sqlite3ExprDup(db, p->pWhere, flags);
+  pNew->pGroupBy = sqlite3ExprListDup(db, p->pGroupBy, flags);
+  pNew->pHaving = sqlite3ExprDup(db, p->pHaving, flags);
+  pNew->pOrderBy = sqlite3ExprListDup(db, p->pOrderBy, flags);
+  pNew->op = p->op;
+  pNew->pPrior = pPrior = sqlite3SelectDup(db, p->pPrior, flags);
+  if( pPrior ) pPrior->pNext = pNew;
+  pNew->pNext = 0;
+  pNew->pLimit = sqlite3ExprDup(db, p->pLimit, flags);
+  pNew->pOffset = sqlite3ExprDup(db, p->pOffset, flags);
+  pNew->iLimit = 0;
+  pNew->iOffset = 0;
+  pNew->selFlags = p->selFlags & ~SF_UsesEphemeral;
+  pNew->addrOpenEphm[0] = -1;
+  pNew->addrOpenEphm[1] = -1;
+  pNew->nSelectRow = p->nSelectRow;
+  pNew->pWith = withDup(db, p->pWith);
+  sqlite3SelectSetName(pNew, p->zSelName);
+  return pNew;
+}
+#else
+SQLITE_PRIVATE Select *sqlite3SelectDup(sqlite3 *db, Select *p, int flags){
+  assert( p==0 );
+  return 0;
+}
+#endif
+
+
+/*
+** Add a new element to the end of an expression list.  If pList is
+** initially NULL, then create a new expression list.
+**
+** If a memory allocation error occurs, the entire list is freed and
+** NULL is returned.  If non-NULL is returned, then it is guaranteed
+** that the new entry was successfully appended.
+*/
+SQLITE_PRIVATE ExprList *sqlite3ExprListAppend(
+  Parse *pParse,          /* Parsing context */
+  ExprList *pList,        /* List to which to append. Might be NULL */
+  Expr *pExpr             /* Expression to be appended. Might be NULL */
+){
+  sqlite3 *db = pParse->db;
+  if( pList==0 ){
+    pList = sqlite3DbMallocZero(db, sizeof(ExprList) );
+    if( pList==0 ){
+      goto no_mem;
+    }
+    pList->a = sqlite3DbMallocRaw(db, sizeof(pList->a[0]));
+    if( pList->a==0 ) goto no_mem;
+  }else if( (pList->nExpr & (pList->nExpr-1))==0 ){
+    struct ExprList_item *a;
+    assert( pList->nExpr>0 );
+    a = sqlite3DbRealloc(db, pList->a, pList->nExpr*2*sizeof(pList->a[0]));
+    if( a==0 ){
+      goto no_mem;
+    }
+    pList->a = a;
+  }
+  assert( pList->a!=0 );
+  if( 1 ){
+    struct ExprList_item *pItem = &pList->a[pList->nExpr++];
+    memset(pItem, 0, sizeof(*pItem));
+    pItem->pExpr = pExpr;
+  }
+  return pList;
+
+no_mem:     
+  /* Avoid leaking memory if malloc has failed. */
+  sqlite3ExprDelete(db, pExpr);
+  sqlite3ExprListDelete(db, pList);
+  return 0;
+}
+
+/*
+** Set the sort order for the last element on the given ExprList.
+*/
+SQLITE_PRIVATE void sqlite3ExprListSetSortOrder(ExprList *p, int iSortOrder){
+  if( p==0 ) return;
+  assert( SQLITE_SO_UNDEFINED<0 && SQLITE_SO_ASC>=0 && SQLITE_SO_DESC>0 );
+  assert( p->nExpr>0 );
+  if( iSortOrder<0 ){
+    assert( p->a[p->nExpr-1].sortOrder==SQLITE_SO_ASC );
+    return;
+  }
+  p->a[p->nExpr-1].sortOrder = (u8)iSortOrder;
+}
+
+/*
+** Set the ExprList.a[].zName element of the most recently added item
+** on the expression list.
+**
+** pList might be NULL following an OOM error.  But pName should never be
+** NULL.  If a memory allocation fails, the pParse->db->mallocFailed flag
+** is set.
+*/
+SQLITE_PRIVATE void sqlite3ExprListSetName(
+  Parse *pParse,          /* Parsing context */
+  ExprList *pList,        /* List to which to add the span. */
+  Token *pName,           /* Name to be added */
+  int dequote             /* True to cause the name to be dequoted */
+){
+  assert( pList!=0 || pParse->db->mallocFailed!=0 );
+  if( pList ){
+    struct ExprList_item *pItem;
+    assert( pList->nExpr>0 );
+    pItem = &pList->a[pList->nExpr-1];
+    assert( pItem->zName==0 );
+    pItem->zName = sqlite3DbStrNDup(pParse->db, pName->z, pName->n);
+    if( dequote && pItem->zName ) sqlite3Dequote(pItem->zName);
+  }
+}
+
+/*
+** Set the ExprList.a[].zSpan element of the most recently added item
+** on the expression list.
+**
+** pList might be NULL following an OOM error.  But pSpan should never be
+** NULL.  If a memory allocation fails, the pParse->db->mallocFailed flag
+** is set.
+*/
+SQLITE_PRIVATE void sqlite3ExprListSetSpan(
+  Parse *pParse,          /* Parsing context */
+  ExprList *pList,        /* List to which to add the span. */
+  ExprSpan *pSpan         /* The span to be added */
+){
+  sqlite3 *db = pParse->db;
+  assert( pList!=0 || db->mallocFailed!=0 );
+  if( pList ){
+    struct ExprList_item *pItem = &pList->a[pList->nExpr-1];
+    assert( pList->nExpr>0 );
+    assert( db->mallocFailed || pItem->pExpr==pSpan->pExpr );
+    sqlite3DbFree(db, pItem->zSpan);
+    pItem->zSpan = sqlite3DbStrNDup(db, (char*)pSpan->zStart,
+                                    (int)(pSpan->zEnd - pSpan->zStart));
+  }
+}
+
+/*
+** If the expression list pEList contains more than iLimit elements,
+** leave an error message in pParse.
+*/
+SQLITE_PRIVATE void sqlite3ExprListCheckLength(
+  Parse *pParse,
+  ExprList *pEList,
+  const char *zObject
+){
+  int mx = pParse->db->aLimit[SQLITE_LIMIT_COLUMN];
+  testcase( pEList && pEList->nExpr==mx );
+  testcase( pEList && pEList->nExpr==mx+1 );
+  if( pEList && pEList->nExpr>mx ){
+    sqlite3ErrorMsg(pParse, "too many columns in %s", zObject);
+  }
+}
+
+/*
+** Delete an entire expression list.
+*/
+SQLITE_PRIVATE void sqlite3ExprListDelete(sqlite3 *db, ExprList *pList){
+  int i;
+  struct ExprList_item *pItem;
+  if( pList==0 ) return;
+  assert( pList->a!=0 || pList->nExpr==0 );
+  for(pItem=pList->a, i=0; i<pList->nExpr; i++, pItem++){
+    sqlite3ExprDelete(db, pItem->pExpr);
+    sqlite3DbFree(db, pItem->zName);
+    sqlite3DbFree(db, pItem->zSpan);
+  }
+  sqlite3DbFree(db, pList->a);
+  sqlite3DbFree(db, pList);
+}
+
+/*
+** Return the bitwise-OR of all Expr.flags fields in the given
+** ExprList.
+*/
+SQLITE_PRIVATE u32 sqlite3ExprListFlags(const ExprList *pList){
+  int i;
+  u32 m = 0;
+  if( pList ){
+    for(i=0; i<pList->nExpr; i++){
+       Expr *pExpr = pList->a[i].pExpr;
+       if( ALWAYS(pExpr) ) m |= pExpr->flags;
+    }
+  }
+  return m;
+}
+
+/*
+** These routines are Walker callbacks used to check expressions to
+** see if they are "constant" for some definition of constant.  The
+** Walker.eCode value determines the type of "constant" we are looking
+** for.
+**
+** These callback routines are used to implement the following:
+**
+**     sqlite3ExprIsConstant()                  pWalker->eCode==1
+**     sqlite3ExprIsConstantNotJoin()           pWalker->eCode==2
+**     sqlite3ExprIsTableConstant()             pWalker->eCode==3
+**     sqlite3ExprIsConstantOrFunction()        pWalker->eCode==4 or 5
+**
+** In all cases, the callbacks set Walker.eCode=0 and abort if the expression
+** is found to not be a constant.
+**
+** The sqlite3ExprIsConstantOrFunction() is used for evaluating expressions
+** in a CREATE TABLE statement.  The Walker.eCode value is 5 when parsing
+** an existing schema and 4 when processing a new statement.  A bound
+** parameter raises an error for new statements, but is silently converted
+** to NULL for existing schemas.  This allows sqlite_master tables that 
+** contain a bound parameter because they were generated by older versions
+** of SQLite to be parsed by newer versions of SQLite without raising a
+** malformed schema error.
+*/
+static int exprNodeIsConstant(Walker *pWalker, Expr *pExpr){
+
+  /* If pWalker->eCode is 2 then any term of the expression that comes from
+  ** the ON or USING clauses of a left join disqualifies the expression
+  ** from being considered constant. */
+  if( pWalker->eCode==2 && ExprHasProperty(pExpr, EP_FromJoin) ){
+    pWalker->eCode = 0;
+    return WRC_Abort;
+  }
+
+  switch( pExpr->op ){
+    /* Consider functions to be constant if all their arguments are constant
+    ** and either pWalker->eCode==4 or 5 or the function has the
+    ** SQLITE_FUNC_CONST flag. */
+    case TK_FUNCTION:
+      if( pWalker->eCode>=4 || ExprHasProperty(pExpr,EP_ConstFunc) ){
+        return WRC_Continue;
+      }else{
+        pWalker->eCode = 0;
+        return WRC_Abort;
+      }
+    case TK_ID:
+    case TK_COLUMN:
+    case TK_AGG_FUNCTION:
+    case TK_AGG_COLUMN:
+      testcase( pExpr->op==TK_ID );
+      testcase( pExpr->op==TK_COLUMN );
+      testcase( pExpr->op==TK_AGG_FUNCTION );
+      testcase( pExpr->op==TK_AGG_COLUMN );
+      if( pWalker->eCode==3 && pExpr->iTable==pWalker->u.iCur ){
+        return WRC_Continue;
+      }else{
+        pWalker->eCode = 0;
+        return WRC_Abort;
+      }
+    case TK_VARIABLE:
+      if( pWalker->eCode==5 ){
+        /* Silently convert bound parameters that appear inside of CREATE
+        ** statements into a NULL when parsing the CREATE statement text out
+        ** of the sqlite_master table */
+        pExpr->op = TK_NULL;
+      }else if( pWalker->eCode==4 ){
+        /* A bound parameter in a CREATE statement that originates from
+        ** sqlite3_prepare() causes an error */
+        pWalker->eCode = 0;
+        return WRC_Abort;
+      }
+      /* Fall through */
+    default:
+      testcase( pExpr->op==TK_SELECT ); /* selectNodeIsConstant will disallow */
+      testcase( pExpr->op==TK_EXISTS ); /* selectNodeIsConstant will disallow */
+      return WRC_Continue;
+  }
+}
+static int selectNodeIsConstant(Walker *pWalker, Select *NotUsed){
+  UNUSED_PARAMETER(NotUsed);
+  pWalker->eCode = 0;
+  return WRC_Abort;
+}
+static int exprIsConst(Expr *p, int initFlag, int iCur){
+  Walker w;
+  memset(&w, 0, sizeof(w));
+  w.eCode = initFlag;
+  w.xExprCallback = exprNodeIsConstant;
+  w.xSelectCallback = selectNodeIsConstant;
+  w.u.iCur = iCur;
+  sqlite3WalkExpr(&w, p);
+  return w.eCode;
+}
+
+/*
+** Walk an expression tree.  Return non-zero if the expression is constant
+** and 0 if it involves variables or function calls.
+**
+** For the purposes of this function, a double-quoted string (ex: "abc")
+** is considered a variable but a single-quoted string (ex: 'abc') is
+** a constant.
+*/
+SQLITE_PRIVATE int sqlite3ExprIsConstant(Expr *p){
+  return exprIsConst(p, 1, 0);
+}
+
+/*
+** Walk an expression tree.  Return non-zero if the expression is constant
+** that does no originate from the ON or USING clauses of a join.
+** Return 0 if it involves variables or function calls or terms from
+** an ON or USING clause.
+*/
+SQLITE_PRIVATE int sqlite3ExprIsConstantNotJoin(Expr *p){
+  return exprIsConst(p, 2, 0);
+}
+
+/*
+** Walk an expression tree.  Return non-zero if the expression is constant
+** for any single row of the table with cursor iCur.  In other words, the
+** expression must not refer to any non-deterministic function nor any
+** table other than iCur.
+*/
+SQLITE_PRIVATE int sqlite3ExprIsTableConstant(Expr *p, int iCur){
+  return exprIsConst(p, 3, iCur);
+}
+
+/*
+** Walk an expression tree.  Return non-zero if the expression is constant
+** or a function call with constant arguments.  Return and 0 if there
+** are any variables.
+**
+** For the purposes of this function, a double-quoted string (ex: "abc")
+** is considered a variable but a single-quoted string (ex: 'abc') is
+** a constant.
+*/
+SQLITE_PRIVATE int sqlite3ExprIsConstantOrFunction(Expr *p, u8 isInit){
+  assert( isInit==0 || isInit==1 );
+  return exprIsConst(p, 4+isInit, 0);
+}
+
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+/*
+** Walk an expression tree.  Return 1 if the expression contains a
+** subquery of some kind.  Return 0 if there are no subqueries.
+*/
+SQLITE_PRIVATE int sqlite3ExprContainsSubquery(Expr *p){
+  Walker w;
+  memset(&w, 0, sizeof(w));
+  w.eCode = 1;
+  w.xExprCallback = sqlite3ExprWalkNoop;
+  w.xSelectCallback = selectNodeIsConstant;
+  sqlite3WalkExpr(&w, p);
+  return w.eCode==0;
+}
+#endif
+
+/*
+** If the expression p codes a constant integer that is small enough
+** to fit in a 32-bit integer, return 1 and put the value of the integer
+** in *pValue.  If the expression is not an integer or if it is too big
+** to fit in a signed 32-bit integer, return 0 and leave *pValue unchanged.
+*/
+SQLITE_PRIVATE int sqlite3ExprIsInteger(Expr *p, int *pValue){
+  int rc = 0;
+
+  /* If an expression is an integer literal that fits in a signed 32-bit
+  ** integer, then the EP_IntValue flag will have already been set */
+  assert( p->op!=TK_INTEGER || (p->flags & EP_IntValue)!=0
+           || sqlite3GetInt32(p->u.zToken, &rc)==0 );
+
+  if( p->flags & EP_IntValue ){
+    *pValue = p->u.iValue;
+    return 1;
+  }
+  switch( p->op ){
+    case TK_UPLUS: {
+      rc = sqlite3ExprIsInteger(p->pLeft, pValue);
+      break;
+    }
+    case TK_UMINUS: {
+      int v;
+      if( sqlite3ExprIsInteger(p->pLeft, &v) ){
+        assert( v!=(-2147483647-1) );
+        *pValue = -v;
+        rc = 1;
+      }
+      break;
+    }
+    default: break;
+  }
+  return rc;
+}
+
+/*
+** Return FALSE if there is no chance that the expression can be NULL.
+**
+** If the expression might be NULL or if the expression is too complex
+** to tell return TRUE.  
+**
+** This routine is used as an optimization, to skip OP_IsNull opcodes
+** when we know that a value cannot be NULL.  Hence, a false positive
+** (returning TRUE when in fact the expression can never be NULL) might
+** be a small performance hit but is otherwise harmless.  On the other
+** hand, a false negative (returning FALSE when the result could be NULL)
+** will likely result in an incorrect answer.  So when in doubt, return
+** TRUE.
+*/
+SQLITE_PRIVATE int sqlite3ExprCanBeNull(const Expr *p){
+  u8 op;
+  while( p->op==TK_UPLUS || p->op==TK_UMINUS ){ p = p->pLeft; }
+  op = p->op;
+  if( op==TK_REGISTER ) op = p->op2;
+  switch( op ){
+    case TK_INTEGER:
+    case TK_STRING:
+    case TK_FLOAT:
+    case TK_BLOB:
+      return 0;
+    case TK_COLUMN:
+      assert( p->pTab!=0 );
+      return ExprHasProperty(p, EP_CanBeNull) ||
+             (p->iColumn>=0 && p->pTab->aCol[p->iColumn].notNull==0);
+    default:
+      return 1;
+  }
+}
+
+/*
+** Return TRUE if the given expression is a constant which would be
+** unchanged by OP_Affinity with the affinity given in the second
+** argument.
+**
+** This routine is used to determine if the OP_Affinity operation
+** can be omitted.  When in doubt return FALSE.  A false negative
+** is harmless.  A false positive, however, can result in the wrong
+** answer.
+*/
+SQLITE_PRIVATE int sqlite3ExprNeedsNoAffinityChange(const Expr *p, char aff){
+  u8 op;
+  if( aff==SQLITE_AFF_BLOB ) return 1;
+  while( p->op==TK_UPLUS || p->op==TK_UMINUS ){ p = p->pLeft; }
+  op = p->op;
+  if( op==TK_REGISTER ) op = p->op2;
+  switch( op ){
+    case TK_INTEGER: {
+      return aff==SQLITE_AFF_INTEGER || aff==SQLITE_AFF_NUMERIC;
+    }
+    case TK_FLOAT: {
+      return aff==SQLITE_AFF_REAL || aff==SQLITE_AFF_NUMERIC;
+    }
+    case TK_STRING: {
+      return aff==SQLITE_AFF_TEXT;
+    }
+    case TK_BLOB: {
+      return 1;
+    }
+    case TK_COLUMN: {
+      assert( p->iTable>=0 );  /* p cannot be part of a CHECK constraint */
+      return p->iColumn<0
+          && (aff==SQLITE_AFF_INTEGER || aff==SQLITE_AFF_NUMERIC);
+    }
+    default: {
+      return 0;
+    }
+  }
+}
+
+/*
+** Return TRUE if the given string is a row-id column name.
+*/
+SQLITE_PRIVATE int sqlite3IsRowid(const char *z){
+  if( sqlite3StrICmp(z, "_ROWID_")==0 ) return 1;
+  if( sqlite3StrICmp(z, "ROWID")==0 ) return 1;
+  if( sqlite3StrICmp(z, "OID")==0 ) return 1;
+  return 0;
+}
+
+/*
+** Return true if we are able to the IN operator optimization on a
+** query of the form
+**
+**       x IN (SELECT ...)
+**
+** Where the SELECT... clause is as specified by the parameter to this
+** routine.
+**
+** The Select object passed in has already been preprocessed and no
+** errors have been found.
+*/
+#ifndef SQLITE_OMIT_SUBQUERY
+static int isCandidateForInOpt(Select *p){
+  SrcList *pSrc;
+  ExprList *pEList;
+  Table *pTab;
+  if( p==0 ) return 0;                   /* right-hand side of IN is SELECT */
+  if( p->pPrior ) return 0;              /* Not a compound SELECT */
+  if( p->selFlags & (SF_Distinct|SF_Aggregate) ){
+    testcase( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct );
+    testcase( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Aggregate );
+    return 0; /* No DISTINCT keyword and no aggregate functions */
+  }
+  assert( p->pGroupBy==0 );              /* Has no GROUP BY clause */
+  if( p->pLimit ) return 0;              /* Has no LIMIT clause */
+  assert( p->pOffset==0 );               /* No LIMIT means no OFFSET */
+  if( p->pWhere ) return 0;              /* Has no WHERE clause */
+  pSrc = p->pSrc;
+  assert( pSrc!=0 );
+  if( pSrc->nSrc!=1 ) return 0;          /* Single term in FROM clause */
+  if( pSrc->a[0].pSelect ) return 0;     /* FROM is not a subquery or view */
+  pTab = pSrc->a[0].pTab;
+  if( NEVER(pTab==0) ) return 0;
+  assert( pTab->pSelect==0 );            /* FROM clause is not a view */
+  if( IsVirtual(pTab) ) return 0;        /* FROM clause not a virtual table */
+  pEList = p->pEList;
+  if( pEList->nExpr!=1 ) return 0;       /* One column in the result set */
+  if( pEList->a[0].pExpr->op!=TK_COLUMN ) return 0; /* Result is a column */
+  return 1;
+}
+#endif /* SQLITE_OMIT_SUBQUERY */
+
+/*
+** Code an OP_Once instruction and allocate space for its flag. Return the 
+** address of the new instruction.
+*/
+SQLITE_PRIVATE int sqlite3CodeOnce(Parse *pParse){
+  Vdbe *v = sqlite3GetVdbe(pParse);      /* Virtual machine being coded */
+  return sqlite3VdbeAddOp1(v, OP_Once, pParse->nOnce++);
+}
+
+/*
+** Generate code that checks the left-most column of index table iCur to see if
+** it contains any NULL entries.  Cause the register at regHasNull to be set
+** to a non-NULL value if iCur contains no NULLs.  Cause register regHasNull
+** to be set to NULL if iCur contains one or more NULL values.
+*/
+static void sqlite3SetHasNullFlag(Vdbe *v, int iCur, int regHasNull){
+  int addr1;
+  sqlite3VdbeAddOp2(v, OP_Integer, 0, regHasNull);
+  addr1 = sqlite3VdbeAddOp1(v, OP_Rewind, iCur); VdbeCoverage(v);
+  sqlite3VdbeAddOp3(v, OP_Column, iCur, 0, regHasNull);
+  sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+  VdbeComment((v, "first_entry_in(%d)", iCur));
+  sqlite3VdbeJumpHere(v, addr1);
+}
+
+
+#ifndef SQLITE_OMIT_SUBQUERY
+/*
+** The argument is an IN operator with a list (not a subquery) on the 
+** right-hand side.  Return TRUE if that list is constant.
+*/
+static int sqlite3InRhsIsConstant(Expr *pIn){
+  Expr *pLHS;
+  int res;
+  assert( !ExprHasProperty(pIn, EP_xIsSelect) );
+  pLHS = pIn->pLeft;
+  pIn->pLeft = 0;
+  res = sqlite3ExprIsConstant(pIn);
+  pIn->pLeft = pLHS;
+  return res;
+}
+#endif
+
+/*
+** This function is used by the implementation of the IN (...) operator.
+** The pX parameter is the expression on the RHS of the IN operator, which
+** might be either a list of expressions or a subquery.
+**
+** The job of this routine is to find or create a b-tree object that can
+** be used either to test for membership in the RHS set or to iterate through
+** all members of the RHS set, skipping duplicates.
+**
+** A cursor is opened on the b-tree object that is the RHS of the IN operator
+** and pX->iTable is set to the index of that cursor.
+**
+** The returned value of this function indicates the b-tree type, as follows:
+**
+**   IN_INDEX_ROWID      - The cursor was opened on a database table.
+**   IN_INDEX_INDEX_ASC  - The cursor was opened on an ascending index.
+**   IN_INDEX_INDEX_DESC - The cursor was opened on a descending index.
+**   IN_INDEX_EPH        - The cursor was opened on a specially created and
+**                         populated epheremal table.
+**   IN_INDEX_NOOP       - No cursor was allocated.  The IN operator must be
+**                         implemented as a sequence of comparisons.
+**
+** An existing b-tree might be used if the RHS expression pX is a simple
+** subquery such as:
+**
+**     SELECT <column> FROM <table>
+**
+** If the RHS of the IN operator is a list or a more complex subquery, then
+** an ephemeral table might need to be generated from the RHS and then
+** pX->iTable made to point to the ephemeral table instead of an
+** existing table.
+**
+** The inFlags parameter must contain exactly one of the bits
+** IN_INDEX_MEMBERSHIP or IN_INDEX_LOOP.  If inFlags contains
+** IN_INDEX_MEMBERSHIP, then the generated table will be used for a
+** fast membership test.  When the IN_INDEX_LOOP bit is set, the
+** IN index will be used to loop over all values of the RHS of the
+** IN operator.
+**
+** When IN_INDEX_LOOP is used (and the b-tree will be used to iterate
+** through the set members) then the b-tree must not contain duplicates.
+** An epheremal table must be used unless the selected <column> is guaranteed
+** to be unique - either because it is an INTEGER PRIMARY KEY or it
+** has a UNIQUE constraint or UNIQUE index.
+**
+** When IN_INDEX_MEMBERSHIP is used (and the b-tree will be used 
+** for fast set membership tests) then an epheremal table must 
+** be used unless <column> is an INTEGER PRIMARY KEY or an index can 
+** be found with <column> as its left-most column.
+**
+** If the IN_INDEX_NOOP_OK and IN_INDEX_MEMBERSHIP are both set and
+** if the RHS of the IN operator is a list (not a subquery) then this
+** routine might decide that creating an ephemeral b-tree for membership
+** testing is too expensive and return IN_INDEX_NOOP.  In that case, the
+** calling routine should implement the IN operator using a sequence
+** of Eq or Ne comparison operations.
+**
+** When the b-tree is being used for membership tests, the calling function
+** might need to know whether or not the RHS side of the IN operator
+** contains a NULL.  If prRhsHasNull is not a NULL pointer and 
+** if there is any chance that the (...) might contain a NULL value at
+** runtime, then a register is allocated and the register number written
+** to *prRhsHasNull. If there is no chance that the (...) contains a
+** NULL value, then *prRhsHasNull is left unchanged.
+**
+** If a register is allocated and its location stored in *prRhsHasNull, then
+** the value in that register will be NULL if the b-tree contains one or more
+** NULL values, and it will be some non-NULL value if the b-tree contains no
+** NULL values.
+*/
+#ifndef SQLITE_OMIT_SUBQUERY
+SQLITE_PRIVATE int sqlite3FindInIndex(Parse *pParse, Expr *pX, u32 inFlags, int *prRhsHasNull){
+  Select *p;                            /* SELECT to the right of IN operator */
+  int eType = 0;                        /* Type of RHS table. IN_INDEX_* */
+  int iTab = pParse->nTab++;            /* Cursor of the RHS table */
+  int mustBeUnique;                     /* True if RHS must be unique */
+  Vdbe *v = sqlite3GetVdbe(pParse);     /* Virtual machine being coded */
+
+  assert( pX->op==TK_IN );
+  mustBeUnique = (inFlags & IN_INDEX_LOOP)!=0;
+
+  /* Check to see if an existing table or index can be used to
+  ** satisfy the query.  This is preferable to generating a new 
+  ** ephemeral table.
+  */
+  p = (ExprHasProperty(pX, EP_xIsSelect) ? pX->x.pSelect : 0);
+  if( pParse->nErr==0 && isCandidateForInOpt(p) ){
+    sqlite3 *db = pParse->db;              /* Database connection */
+    Table *pTab;                           /* Table <table>. */
+    Expr *pExpr;                           /* Expression <column> */
+    i16 iCol;                              /* Index of column <column> */
+    i16 iDb;                               /* Database idx for pTab */
+
+    assert( p );                        /* Because of isCandidateForInOpt(p) */
+    assert( p->pEList!=0 );             /* Because of isCandidateForInOpt(p) */
+    assert( p->pEList->a[0].pExpr!=0 ); /* Because of isCandidateForInOpt(p) */
+    assert( p->pSrc!=0 );               /* Because of isCandidateForInOpt(p) */
+    pTab = p->pSrc->a[0].pTab;
+    pExpr = p->pEList->a[0].pExpr;
+    iCol = (i16)pExpr->iColumn;
+   
+    /* Code an OP_Transaction and OP_TableLock for <table>. */
+    iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+    sqlite3CodeVerifySchema(pParse, iDb);
+    sqlite3TableLock(pParse, iDb, pTab->tnum, 0, pTab->zName);
+
+    /* This function is only called from two places. In both cases the vdbe
+    ** has already been allocated. So assume sqlite3GetVdbe() is always
+    ** successful here.
+    */
+    assert(v);
+    if( iCol<0 ){
+      int iAddr = sqlite3CodeOnce(pParse);
+      VdbeCoverage(v);
+
+      sqlite3OpenTable(pParse, iTab, iDb, pTab, OP_OpenRead);
+      eType = IN_INDEX_ROWID;
+
+      sqlite3VdbeJumpHere(v, iAddr);
+    }else{
+      Index *pIdx;                         /* Iterator variable */
+
+      /* The collation sequence used by the comparison. If an index is to
+      ** be used in place of a temp-table, it must be ordered according
+      ** to this collation sequence.  */
+      CollSeq *pReq = sqlite3BinaryCompareCollSeq(pParse, pX->pLeft, pExpr);
+
+      /* Check that the affinity that will be used to perform the 
+      ** comparison is the same as the affinity of the column. If
+      ** it is not, it is not possible to use any index.
+      */
+      int affinity_ok = sqlite3IndexAffinityOk(pX, pTab->aCol[iCol].affinity);
+
+      for(pIdx=pTab->pIndex; pIdx && eType==0 && affinity_ok; pIdx=pIdx->pNext){
+        if( (pIdx->aiColumn[0]==iCol)
+         && sqlite3FindCollSeq(db, ENC(db), pIdx->azColl[0], 0)==pReq
+         && (!mustBeUnique || (pIdx->nKeyCol==1 && IsUniqueIndex(pIdx)))
+        ){
+          int iAddr = sqlite3CodeOnce(pParse); VdbeCoverage(v);
+          sqlite3VdbeAddOp3(v, OP_OpenRead, iTab, pIdx->tnum, iDb);
+          sqlite3VdbeSetP4KeyInfo(pParse, pIdx);
+          VdbeComment((v, "%s", pIdx->zName));
+          assert( IN_INDEX_INDEX_DESC == IN_INDEX_INDEX_ASC+1 );
+          eType = IN_INDEX_INDEX_ASC + pIdx->aSortOrder[0];
+
+          if( prRhsHasNull && !pTab->aCol[iCol].notNull ){
+            *prRhsHasNull = ++pParse->nMem;
+            sqlite3SetHasNullFlag(v, iTab, *prRhsHasNull);
+          }
+          sqlite3VdbeJumpHere(v, iAddr);
+        }
+      }
+    }
+  }
+
+  /* If no preexisting index is available for the IN clause
+  ** and IN_INDEX_NOOP is an allowed reply
+  ** and the RHS of the IN operator is a list, not a subquery
+  ** and the RHS is not contant or has two or fewer terms,
+  ** then it is not worth creating an ephemeral table to evaluate
+  ** the IN operator so return IN_INDEX_NOOP.
+  */
+  if( eType==0
+   && (inFlags & IN_INDEX_NOOP_OK)
+   && !ExprHasProperty(pX, EP_xIsSelect)
+   && (!sqlite3InRhsIsConstant(pX) || pX->x.pList->nExpr<=2)
+  ){
+    eType = IN_INDEX_NOOP;
+  }
+     
+
+  if( eType==0 ){
+    /* Could not find an existing table or index to use as the RHS b-tree.
+    ** We will have to generate an ephemeral table to do the job.
+    */
+    u32 savedNQueryLoop = pParse->nQueryLoop;
+    int rMayHaveNull = 0;
+    eType = IN_INDEX_EPH;
+    if( inFlags & IN_INDEX_LOOP ){
+      pParse->nQueryLoop = 0;
+      if( pX->pLeft->iColumn<0 && !ExprHasProperty(pX, EP_xIsSelect) ){
+        eType = IN_INDEX_ROWID;
+      }
+    }else if( prRhsHasNull ){
+      *prRhsHasNull = rMayHaveNull = ++pParse->nMem;
+    }
+    sqlite3CodeSubselect(pParse, pX, rMayHaveNull, eType==IN_INDEX_ROWID);
+    pParse->nQueryLoop = savedNQueryLoop;
+  }else{
+    pX->iTable = iTab;
+  }
+  return eType;
+}
+#endif
+
+/*
+** Generate code for scalar subqueries used as a subquery expression, EXISTS,
+** or IN operators.  Examples:
+**
+**     (SELECT a FROM b)          -- subquery
+**     EXISTS (SELECT a FROM b)   -- EXISTS subquery
+**     x IN (4,5,11)              -- IN operator with list on right-hand side
+**     x IN (SELECT a FROM b)     -- IN operator with subquery on the right
+**
+** The pExpr parameter describes the expression that contains the IN
+** operator or subquery.
+**
+** If parameter isRowid is non-zero, then expression pExpr is guaranteed
+** to be of the form "<rowid> IN (?, ?, ?)", where <rowid> is a reference
+** to some integer key column of a table B-Tree. In this case, use an
+** intkey B-Tree to store the set of IN(...) values instead of the usual
+** (slower) variable length keys B-Tree.
+**
+** If rMayHaveNull is non-zero, that means that the operation is an IN
+** (not a SELECT or EXISTS) and that the RHS might contains NULLs.
+** All this routine does is initialize the register given by rMayHaveNull
+** to NULL.  Calling routines will take care of changing this register
+** value to non-NULL if the RHS is NULL-free.
+**
+** For a SELECT or EXISTS operator, return the register that holds the
+** result.  For IN operators or if an error occurs, the return value is 0.
+*/
+#ifndef SQLITE_OMIT_SUBQUERY
+SQLITE_PRIVATE int sqlite3CodeSubselect(
+  Parse *pParse,          /* Parsing context */
+  Expr *pExpr,            /* The IN, SELECT, or EXISTS operator */
+  int rHasNullFlag,       /* Register that records whether NULLs exist in RHS */
+  int isRowid             /* If true, LHS of IN operator is a rowid */
+){
+  int jmpIfDynamic = -1;                      /* One-time test address */
+  int rReg = 0;                           /* Register storing resulting */
+  Vdbe *v = sqlite3GetVdbe(pParse);
+  if( NEVER(v==0) ) return 0;
+  sqlite3ExprCachePush(pParse);
+
+  /* This code must be run in its entirety every time it is encountered
+  ** if any of the following is true:
+  **
+  **    *  The right-hand side is a correlated subquery
+  **    *  The right-hand side is an expression list containing variables
+  **    *  We are inside a trigger
+  **
+  ** If all of the above are false, then we can run this code just once
+  ** save the results, and reuse the same result on subsequent invocations.
+  */
+  if( !ExprHasProperty(pExpr, EP_VarSelect) ){
+    jmpIfDynamic = sqlite3CodeOnce(pParse); VdbeCoverage(v);
+  }
+
+#ifndef SQLITE_OMIT_EXPLAIN
+  if( pParse->explain==2 ){
+    char *zMsg = sqlite3MPrintf(pParse->db, "EXECUTE %s%s SUBQUERY %d",
+        jmpIfDynamic>=0?"":"CORRELATED ",
+        pExpr->op==TK_IN?"LIST":"SCALAR",
+        pParse->iNextSelectId
+    );
+    sqlite3VdbeAddOp4(v, OP_Explain, pParse->iSelectId, 0, 0, zMsg, P4_DYNAMIC);
+  }
+#endif
+
+  switch( pExpr->op ){
+    case TK_IN: {
+      char affinity;              /* Affinity of the LHS of the IN */
+      int addr;                   /* Address of OP_OpenEphemeral instruction */
+      Expr *pLeft = pExpr->pLeft; /* the LHS of the IN operator */
+      KeyInfo *pKeyInfo = 0;      /* Key information */
+
+      affinity = sqlite3ExprAffinity(pLeft);
+
+      /* Whether this is an 'x IN(SELECT...)' or an 'x IN(<exprlist>)'
+      ** expression it is handled the same way.  An ephemeral table is 
+      ** filled with single-field index keys representing the results
+      ** from the SELECT or the <exprlist>.
+      **
+      ** If the 'x' expression is a column value, or the SELECT...
+      ** statement returns a column value, then the affinity of that
+      ** column is used to build the index keys. If both 'x' and the
+      ** SELECT... statement are columns, then numeric affinity is used
+      ** if either column has NUMERIC or INTEGER affinity. If neither
+      ** 'x' nor the SELECT... statement are columns, then numeric affinity
+      ** is used.
+      */
+      pExpr->iTable = pParse->nTab++;
+      addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pExpr->iTable, !isRowid);
+      pKeyInfo = isRowid ? 0 : sqlite3KeyInfoAlloc(pParse->db, 1, 1);
+
+      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+        /* Case 1:     expr IN (SELECT ...)
+        **
+        ** Generate code to write the results of the select into the temporary
+        ** table allocated and opened above.
+        */
+        Select *pSelect = pExpr->x.pSelect;
+        SelectDest dest;
+        ExprList *pEList;
+
+        assert( !isRowid );
+        sqlite3SelectDestInit(&dest, SRT_Set, pExpr->iTable);
+        dest.affSdst = (u8)affinity;
+        assert( (pExpr->iTable&0x0000FFFF)==pExpr->iTable );
+        pSelect->iLimit = 0;
+        testcase( pSelect->selFlags & SF_Distinct );
+        testcase( pKeyInfo==0 ); /* Caused by OOM in sqlite3KeyInfoAlloc() */
+        if( sqlite3Select(pParse, pSelect, &dest) ){
+          sqlite3KeyInfoUnref(pKeyInfo);
+          return 0;
+        }
+        pEList = pSelect->pEList;
+        assert( pKeyInfo!=0 ); /* OOM will cause exit after sqlite3Select() */
+        assert( pEList!=0 );
+        assert( pEList->nExpr>0 );
+        assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
+        pKeyInfo->aColl[0] = sqlite3BinaryCompareCollSeq(pParse, pExpr->pLeft,
+                                                         pEList->a[0].pExpr);
+      }else if( ALWAYS(pExpr->x.pList!=0) ){
+        /* Case 2:     expr IN (exprlist)
+        **
+        ** For each expression, build an index key from the evaluation and
+        ** store it in the temporary table. If <expr> is a column, then use
+        ** that columns affinity when building index keys. If <expr> is not
+        ** a column, use numeric affinity.
+        */
+        int i;
+        ExprList *pList = pExpr->x.pList;
+        struct ExprList_item *pItem;
+        int r1, r2, r3;
+
+        if( !affinity ){
+          affinity = SQLITE_AFF_BLOB;
+        }
+        if( pKeyInfo ){
+          assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
+          pKeyInfo->aColl[0] = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
+        }
+
+        /* Loop through each expression in <exprlist>. */
+        r1 = sqlite3GetTempReg(pParse);
+        r2 = sqlite3GetTempReg(pParse);
+        if( isRowid ) sqlite3VdbeAddOp2(v, OP_Null, 0, r2);
+        for(i=pList->nExpr, pItem=pList->a; i>0; i--, pItem++){
+          Expr *pE2 = pItem->pExpr;
+          int iValToIns;
+
+          /* If the expression is not constant then we will need to
+          ** disable the test that was generated above that makes sure
+          ** this code only executes once.  Because for a non-constant
+          ** expression we need to rerun this code each time.
+          */
+          if( jmpIfDynamic>=0 && !sqlite3ExprIsConstant(pE2) ){
+            sqlite3VdbeChangeToNoop(v, jmpIfDynamic);
+            jmpIfDynamic = -1;
+          }
+
+          /* Evaluate the expression and insert it into the temp table */
+          if( isRowid && sqlite3ExprIsInteger(pE2, &iValToIns) ){
+            sqlite3VdbeAddOp3(v, OP_InsertInt, pExpr->iTable, r2, iValToIns);
+          }else{
+            r3 = sqlite3ExprCodeTarget(pParse, pE2, r1);
+            if( isRowid ){
+              sqlite3VdbeAddOp2(v, OP_MustBeInt, r3,
+                                sqlite3VdbeCurrentAddr(v)+2);
+              VdbeCoverage(v);
+              sqlite3VdbeAddOp3(v, OP_Insert, pExpr->iTable, r2, r3);
+            }else{
+              sqlite3VdbeAddOp4(v, OP_MakeRecord, r3, 1, r2, &affinity, 1);
+              sqlite3ExprCacheAffinityChange(pParse, r3, 1);
+              sqlite3VdbeAddOp2(v, OP_IdxInsert, pExpr->iTable, r2);
+            }
+          }
+        }
+        sqlite3ReleaseTempReg(pParse, r1);
+        sqlite3ReleaseTempReg(pParse, r2);
+      }
+      if( pKeyInfo ){
+        sqlite3VdbeChangeP4(v, addr, (void *)pKeyInfo, P4_KEYINFO);
+      }
+      break;
+    }
+
+    case TK_EXISTS:
+    case TK_SELECT:
+    default: {
+      /* If this has to be a scalar SELECT.  Generate code to put the
+      ** value of this select in a memory cell and record the number
+      ** of the memory cell in iColumn.  If this is an EXISTS, write
+      ** an integer 0 (not exists) or 1 (exists) into a memory cell
+      ** and record that memory cell in iColumn.
+      */
+      Select *pSel;                         /* SELECT statement to encode */
+      SelectDest dest;                      /* How to deal with SELECt result */
+
+      testcase( pExpr->op==TK_EXISTS );
+      testcase( pExpr->op==TK_SELECT );
+      assert( pExpr->op==TK_EXISTS || pExpr->op==TK_SELECT );
+
+      assert( ExprHasProperty(pExpr, EP_xIsSelect) );
+      pSel = pExpr->x.pSelect;
+      sqlite3SelectDestInit(&dest, 0, ++pParse->nMem);
+      if( pExpr->op==TK_SELECT ){
+        dest.eDest = SRT_Mem;
+        dest.iSdst = dest.iSDParm;
+        sqlite3VdbeAddOp2(v, OP_Null, 0, dest.iSDParm);
+        VdbeComment((v, "Init subquery result"));
+      }else{
+        dest.eDest = SRT_Exists;
+        sqlite3VdbeAddOp2(v, OP_Integer, 0, dest.iSDParm);
+        VdbeComment((v, "Init EXISTS result"));
+      }
+      sqlite3ExprDelete(pParse->db, pSel->pLimit);
+      pSel->pLimit = sqlite3PExpr(pParse, TK_INTEGER, 0, 0,
+                                  &sqlite3IntTokens[1]);
+      pSel->iLimit = 0;
+      pSel->selFlags &= ~SF_MultiValue;
+      if( sqlite3Select(pParse, pSel, &dest) ){
+        return 0;
+      }
+      rReg = dest.iSDParm;
+      ExprSetVVAProperty(pExpr, EP_NoReduce);
+      break;
+    }
+  }
+
+  if( rHasNullFlag ){
+    sqlite3SetHasNullFlag(v, pExpr->iTable, rHasNullFlag);
+  }
+
+  if( jmpIfDynamic>=0 ){
+    sqlite3VdbeJumpHere(v, jmpIfDynamic);
+  }
+  sqlite3ExprCachePop(pParse);
+
+  return rReg;
+}
+#endif /* SQLITE_OMIT_SUBQUERY */
+
+#ifndef SQLITE_OMIT_SUBQUERY
+/*
+** Generate code for an IN expression.
+**
+**      x IN (SELECT ...)
+**      x IN (value, value, ...)
+**
+** The left-hand side (LHS) is a scalar expression.  The right-hand side (RHS)
+** is an array of zero or more values.  The expression is true if the LHS is
+** contained within the RHS.  The value of the expression is unknown (NULL)
+** if the LHS is NULL or if the LHS is not contained within the RHS and the
+** RHS contains one or more NULL values.
+**
+** This routine generates code that jumps to destIfFalse if the LHS is not 
+** contained within the RHS.  If due to NULLs we cannot determine if the LHS
+** is contained in the RHS then jump to destIfNull.  If the LHS is contained
+** within the RHS then fall through.
+*/
+static void sqlite3ExprCodeIN(
+  Parse *pParse,        /* Parsing and code generating context */
+  Expr *pExpr,          /* The IN expression */
+  int destIfFalse,      /* Jump here if LHS is not contained in the RHS */
+  int destIfNull        /* Jump here if the results are unknown due to NULLs */
+){
+  int rRhsHasNull = 0;  /* Register that is true if RHS contains NULL values */
+  char affinity;        /* Comparison affinity to use */
+  int eType;            /* Type of the RHS */
+  int r1;               /* Temporary use register */
+  Vdbe *v;              /* Statement under construction */
+
+  /* Compute the RHS.   After this step, the table with cursor
+  ** pExpr->iTable will contains the values that make up the RHS.
+  */
+  v = pParse->pVdbe;
+  assert( v!=0 );       /* OOM detected prior to this routine */
+  VdbeNoopComment((v, "begin IN expr"));
+  eType = sqlite3FindInIndex(pParse, pExpr,
+                             IN_INDEX_MEMBERSHIP | IN_INDEX_NOOP_OK,
+                             destIfFalse==destIfNull ? 0 : &rRhsHasNull);
+
+  /* Figure out the affinity to use to create a key from the results
+  ** of the expression. affinityStr stores a static string suitable for
+  ** P4 of OP_MakeRecord.
+  */
+  affinity = comparisonAffinity(pExpr);
+
+  /* Code the LHS, the <expr> from "<expr> IN (...)".
+  */
+  sqlite3ExprCachePush(pParse);
+  r1 = sqlite3GetTempReg(pParse);
+  sqlite3ExprCode(pParse, pExpr->pLeft, r1);
+
+  /* If sqlite3FindInIndex() did not find or create an index that is
+  ** suitable for evaluating the IN operator, then evaluate using a
+  ** sequence of comparisons.
+  */
+  if( eType==IN_INDEX_NOOP ){
+    ExprList *pList = pExpr->x.pList;
+    CollSeq *pColl = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
+    int labelOk = sqlite3VdbeMakeLabel(v);
+    int r2, regToFree;
+    int regCkNull = 0;
+    int ii;
+    assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
+    if( destIfNull!=destIfFalse ){
+      regCkNull = sqlite3GetTempReg(pParse);
+      sqlite3VdbeAddOp3(v, OP_BitAnd, r1, r1, regCkNull);
+    }
+    for(ii=0; ii<pList->nExpr; ii++){
+      r2 = sqlite3ExprCodeTemp(pParse, pList->a[ii].pExpr, &regToFree);
+      if( regCkNull && sqlite3ExprCanBeNull(pList->a[ii].pExpr) ){
+        sqlite3VdbeAddOp3(v, OP_BitAnd, regCkNull, r2, regCkNull);
+      }
+      if( ii<pList->nExpr-1 || destIfNull!=destIfFalse ){
+        sqlite3VdbeAddOp4(v, OP_Eq, r1, labelOk, r2,
+                          (void*)pColl, P4_COLLSEQ);
+        VdbeCoverageIf(v, ii<pList->nExpr-1);
+        VdbeCoverageIf(v, ii==pList->nExpr-1);
+        sqlite3VdbeChangeP5(v, affinity);
+      }else{
+        assert( destIfNull==destIfFalse );
+        sqlite3VdbeAddOp4(v, OP_Ne, r1, destIfFalse, r2,
+                          (void*)pColl, P4_COLLSEQ); VdbeCoverage(v);
+        sqlite3VdbeChangeP5(v, affinity | SQLITE_JUMPIFNULL);
+      }
+      sqlite3ReleaseTempReg(pParse, regToFree);
+    }
+    if( regCkNull ){
+      sqlite3VdbeAddOp2(v, OP_IsNull, regCkNull, destIfNull); VdbeCoverage(v);
+      sqlite3VdbeGoto(v, destIfFalse);
+    }
+    sqlite3VdbeResolveLabel(v, labelOk);
+    sqlite3ReleaseTempReg(pParse, regCkNull);
+  }else{
+  
+    /* If the LHS is NULL, then the result is either false or NULL depending
+    ** on whether the RHS is empty or not, respectively.
+    */
+    if( sqlite3ExprCanBeNull(pExpr->pLeft) ){
+      if( destIfNull==destIfFalse ){
+        /* Shortcut for the common case where the false and NULL outcomes are
+        ** the same. */
+        sqlite3VdbeAddOp2(v, OP_IsNull, r1, destIfNull); VdbeCoverage(v);
+      }else{
+        int addr1 = sqlite3VdbeAddOp1(v, OP_NotNull, r1); VdbeCoverage(v);
+        sqlite3VdbeAddOp2(v, OP_Rewind, pExpr->iTable, destIfFalse);
+        VdbeCoverage(v);
+        sqlite3VdbeGoto(v, destIfNull);
+        sqlite3VdbeJumpHere(v, addr1);
+      }
+    }
+  
+    if( eType==IN_INDEX_ROWID ){
+      /* In this case, the RHS is the ROWID of table b-tree
+      */
+      sqlite3VdbeAddOp2(v, OP_MustBeInt, r1, destIfFalse); VdbeCoverage(v);
+      sqlite3VdbeAddOp3(v, OP_NotExists, pExpr->iTable, destIfFalse, r1);
+      VdbeCoverage(v);
+    }else{
+      /* In this case, the RHS is an index b-tree.
+      */
+      sqlite3VdbeAddOp4(v, OP_Affinity, r1, 1, 0, &affinity, 1);
+  
+      /* If the set membership test fails, then the result of the 
+      ** "x IN (...)" expression must be either 0 or NULL. If the set
+      ** contains no NULL values, then the result is 0. If the set 
+      ** contains one or more NULL values, then the result of the
+      ** expression is also NULL.
+      */
+      assert( destIfFalse!=destIfNull || rRhsHasNull==0 );
+      if( rRhsHasNull==0 ){
+        /* This branch runs if it is known at compile time that the RHS
+        ** cannot contain NULL values. This happens as the result
+        ** of a "NOT NULL" constraint in the database schema.
+        **
+        ** Also run this branch if NULL is equivalent to FALSE
+        ** for this particular IN operator.
+        */
+        sqlite3VdbeAddOp4Int(v, OP_NotFound, pExpr->iTable, destIfFalse, r1, 1);
+        VdbeCoverage(v);
+      }else{
+        /* In this branch, the RHS of the IN might contain a NULL and
+        ** the presence of a NULL on the RHS makes a difference in the
+        ** outcome.
+        */
+        int addr1;
+  
+        /* First check to see if the LHS is contained in the RHS.  If so,
+        ** then the answer is TRUE the presence of NULLs in the RHS does
+        ** not matter.  If the LHS is not contained in the RHS, then the
+        ** answer is NULL if the RHS contains NULLs and the answer is
+        ** FALSE if the RHS is NULL-free.
+        */
+        addr1 = sqlite3VdbeAddOp4Int(v, OP_Found, pExpr->iTable, 0, r1, 1);
+        VdbeCoverage(v);
+        sqlite3VdbeAddOp2(v, OP_IsNull, rRhsHasNull, destIfNull);
+        VdbeCoverage(v);
+        sqlite3VdbeGoto(v, destIfFalse);
+        sqlite3VdbeJumpHere(v, addr1);
+      }
+    }
+  }
+  sqlite3ReleaseTempReg(pParse, r1);
+  sqlite3ExprCachePop(pParse);
+  VdbeComment((v, "end IN expr"));
+}
+#endif /* SQLITE_OMIT_SUBQUERY */
+
+#ifndef SQLITE_OMIT_FLOATING_POINT
+/*
+** Generate an instruction that will put the floating point
+** value described by z[0..n-1] into register iMem.
+**
+** The z[] string will probably not be zero-terminated.  But the 
+** z[n] character is guaranteed to be something that does not look
+** like the continuation of the number.
+*/
+static void codeReal(Vdbe *v, const char *z, int negateFlag, int iMem){
+  if( ALWAYS(z!=0) ){
+    double value;
+    sqlite3AtoF(z, &value, sqlite3Strlen30(z), SQLITE_UTF8);
+    assert( !sqlite3IsNaN(value) ); /* The new AtoF never returns NaN */
+    if( negateFlag ) value = -value;
+    sqlite3VdbeAddOp4Dup8(v, OP_Real, 0, iMem, 0, (u8*)&value, P4_REAL);
+  }
+}
+#endif
+
+
+/*
+** Generate an instruction that will put the integer describe by
+** text z[0..n-1] into register iMem.
+**
+** Expr.u.zToken is always UTF8 and zero-terminated.
+*/
+static void codeInteger(Parse *pParse, Expr *pExpr, int negFlag, int iMem){
+  Vdbe *v = pParse->pVdbe;
+  if( pExpr->flags & EP_IntValue ){
+    int i = pExpr->u.iValue;
+    assert( i>=0 );
+    if( negFlag ) i = -i;
+    sqlite3VdbeAddOp2(v, OP_Integer, i, iMem);
+  }else{
+    int c;
+    i64 value;
+    const char *z = pExpr->u.zToken;
+    assert( z!=0 );
+    c = sqlite3DecOrHexToI64(z, &value);
+    if( c==0 || (c==2 && negFlag) ){
+      if( negFlag ){ value = c==2 ? SMALLEST_INT64 : -value; }
+      sqlite3VdbeAddOp4Dup8(v, OP_Int64, 0, iMem, 0, (u8*)&value, P4_INT64);
+    }else{
+#ifdef SQLITE_OMIT_FLOATING_POINT
+      sqlite3ErrorMsg(pParse, "oversized integer: %s%s", negFlag ? "-" : "", z);
+#else
+#ifndef SQLITE_OMIT_HEX_INTEGER
+      if( sqlite3_strnicmp(z,"0x",2)==0 ){
+        sqlite3ErrorMsg(pParse, "hex literal too big: %s", z);
+      }else
+#endif
+      {
+        codeReal(v, z, negFlag, iMem);
+      }
+#endif
+    }
+  }
+}
+
+/*
+** Clear a cache entry.
+*/
+static void cacheEntryClear(Parse *pParse, struct yColCache *p){
+  if( p->tempReg ){
+    if( pParse->nTempReg<ArraySize(pParse->aTempReg) ){
+      pParse->aTempReg[pParse->nTempReg++] = p->iReg;
+    }
+    p->tempReg = 0;
+  }
+}
+
+
+/*
+** Record in the column cache that a particular column from a
+** particular table is stored in a particular register.
+*/
+SQLITE_PRIVATE void sqlite3ExprCacheStore(Parse *pParse, int iTab, int iCol, int iReg){
+  int i;
+  int minLru;
+  int idxLru;
+  struct yColCache *p;
+
+  /* Unless an error has occurred, register numbers are always positive. */
+  assert( iReg>0 || pParse->nErr || pParse->db->mallocFailed );
+  assert( iCol>=-1 && iCol<32768 );  /* Finite column numbers */
+
+  /* The SQLITE_ColumnCache flag disables the column cache.  This is used
+  ** for testing only - to verify that SQLite always gets the same answer
+  ** with and without the column cache.
+  */
+  if( OptimizationDisabled(pParse->db, SQLITE_ColumnCache) ) return;
+
+  /* First replace any existing entry.
+  **
+  ** Actually, the way the column cache is currently used, we are guaranteed
+  ** that the object will never already be in cache.  Verify this guarantee.
+  */
+#ifndef NDEBUG
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    assert( p->iReg==0 || p->iTable!=iTab || p->iColumn!=iCol );
+  }
+#endif
+
+  /* Find an empty slot and replace it */
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    if( p->iReg==0 ){
+      p->iLevel = pParse->iCacheLevel;
+      p->iTable = iTab;
+      p->iColumn = iCol;
+      p->iReg = iReg;
+      p->tempReg = 0;
+      p->lru = pParse->iCacheCnt++;
+      return;
+    }
+  }
+
+  /* Replace the last recently used */
+  minLru = 0x7fffffff;
+  idxLru = -1;
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    if( p->lru<minLru ){
+      idxLru = i;
+      minLru = p->lru;
+    }
+  }
+  if( ALWAYS(idxLru>=0) ){
+    p = &pParse->aColCache[idxLru];
+    p->iLevel = pParse->iCacheLevel;
+    p->iTable = iTab;
+    p->iColumn = iCol;
+    p->iReg = iReg;
+    p->tempReg = 0;
+    p->lru = pParse->iCacheCnt++;
+    return;
+  }
+}
+
+/*
+** Indicate that registers between iReg..iReg+nReg-1 are being overwritten.
+** Purge the range of registers from the column cache.
+*/
+SQLITE_PRIVATE void sqlite3ExprCacheRemove(Parse *pParse, int iReg, int nReg){
+  int i;
+  int iLast = iReg + nReg - 1;
+  struct yColCache *p;
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    int r = p->iReg;
+    if( r>=iReg && r<=iLast ){
+      cacheEntryClear(pParse, p);
+      p->iReg = 0;
+    }
+  }
+}
+
+/*
+** Remember the current column cache context.  Any new entries added
+** added to the column cache after this call are removed when the
+** corresponding pop occurs.
+*/
+SQLITE_PRIVATE void sqlite3ExprCachePush(Parse *pParse){
+  pParse->iCacheLevel++;
+#ifdef SQLITE_DEBUG
+  if( pParse->db->flags & SQLITE_VdbeAddopTrace ){
+    printf("PUSH to %d\n", pParse->iCacheLevel);
+  }
+#endif
+}
+
+/*
+** Remove from the column cache any entries that were added since the
+** the previous sqlite3ExprCachePush operation.  In other words, restore
+** the cache to the state it was in prior the most recent Push.
+*/
+SQLITE_PRIVATE void sqlite3ExprCachePop(Parse *pParse){
+  int i;
+  struct yColCache *p;
+  assert( pParse->iCacheLevel>=1 );
+  pParse->iCacheLevel--;
+#ifdef SQLITE_DEBUG
+  if( pParse->db->flags & SQLITE_VdbeAddopTrace ){
+    printf("POP  to %d\n", pParse->iCacheLevel);
+  }
+#endif
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    if( p->iReg && p->iLevel>pParse->iCacheLevel ){
+      cacheEntryClear(pParse, p);
+      p->iReg = 0;
+    }
+  }
+}
+
+/*
+** When a cached column is reused, make sure that its register is
+** no longer available as a temp register.  ticket #3879:  that same
+** register might be in the cache in multiple places, so be sure to
+** get them all.
+*/
+static void sqlite3ExprCachePinRegister(Parse *pParse, int iReg){
+  int i;
+  struct yColCache *p;
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    if( p->iReg==iReg ){
+      p->tempReg = 0;
+    }
+  }
+}
+
+/* Generate code that will load into register regOut a value that is
+** appropriate for the iIdxCol-th column of index pIdx.
+*/
+SQLITE_PRIVATE void sqlite3ExprCodeLoadIndexColumn(
+  Parse *pParse,  /* The parsing context */
+  Index *pIdx,    /* The index whose column is to be loaded */
+  int iTabCur,    /* Cursor pointing to a table row */
+  int iIdxCol,    /* The column of the index to be loaded */
+  int regOut      /* Store the index column value in this register */
+){
+  i16 iTabCol = pIdx->aiColumn[iIdxCol];
+  if( iTabCol==XN_EXPR ){
+    assert( pIdx->aColExpr );
+    assert( pIdx->aColExpr->nExpr>iIdxCol );
+    pParse->iSelfTab = iTabCur;
+    sqlite3ExprCodeCopy(pParse, pIdx->aColExpr->a[iIdxCol].pExpr, regOut);
+  }else{
+    sqlite3ExprCodeGetColumnOfTable(pParse->pVdbe, pIdx->pTable, iTabCur,
+                                    iTabCol, regOut);
+  }
+}
+
+/*
+** Generate code to extract the value of the iCol-th column of a table.
+*/
+SQLITE_PRIVATE void sqlite3ExprCodeGetColumnOfTable(
+  Vdbe *v,        /* The VDBE under construction */
+  Table *pTab,    /* The table containing the value */
+  int iTabCur,    /* The table cursor.  Or the PK cursor for WITHOUT ROWID */
+  int iCol,       /* Index of the column to extract */
+  int regOut      /* Extract the value into this register */
+){
+  if( iCol<0 || iCol==pTab->iPKey ){
+    sqlite3VdbeAddOp2(v, OP_Rowid, iTabCur, regOut);
+  }else{
+    int op = IsVirtual(pTab) ? OP_VColumn : OP_Column;
+    int x = iCol;
+    if( !HasRowid(pTab) ){
+      x = sqlite3ColumnOfIndex(sqlite3PrimaryKeyIndex(pTab), iCol);
+    }
+    sqlite3VdbeAddOp3(v, op, iTabCur, x, regOut);
+  }
+  if( iCol>=0 ){
+    sqlite3ColumnDefault(v, pTab, iCol, regOut);
+  }
+}
+
+/*
+** Generate code that will extract the iColumn-th column from
+** table pTab and store the column value in a register. 
+**
+** An effort is made to store the column value in register iReg.  This
+** is not garanteeed for GetColumn() - the result can be stored in
+** any register.  But the result is guaranteed to land in register iReg
+** for GetColumnToReg().
+**
+** There must be an open cursor to pTab in iTable when this routine
+** is called.  If iColumn<0 then code is generated that extracts the rowid.
+*/
+SQLITE_PRIVATE int sqlite3ExprCodeGetColumn(
+  Parse *pParse,   /* Parsing and code generating context */
+  Table *pTab,     /* Description of the table we are reading from */
+  int iColumn,     /* Index of the table column */
+  int iTable,      /* The cursor pointing to the table */
+  int iReg,        /* Store results here */
+  u8 p5            /* P5 value for OP_Column + FLAGS */
+){
+  Vdbe *v = pParse->pVdbe;
+  int i;
+  struct yColCache *p;
+
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    if( p->iReg>0 && p->iTable==iTable && p->iColumn==iColumn ){
+      p->lru = pParse->iCacheCnt++;
+      sqlite3ExprCachePinRegister(pParse, p->iReg);
+      return p->iReg;
+    }
+  }  
+  assert( v!=0 );
+  sqlite3ExprCodeGetColumnOfTable(v, pTab, iTable, iColumn, iReg);
+  if( p5 ){
+    sqlite3VdbeChangeP5(v, p5);
+  }else{   
+    sqlite3ExprCacheStore(pParse, iTable, iColumn, iReg);
+  }
+  return iReg;
+}
+SQLITE_PRIVATE void sqlite3ExprCodeGetColumnToReg(
+  Parse *pParse,   /* Parsing and code generating context */
+  Table *pTab,     /* Description of the table we are reading from */
+  int iColumn,     /* Index of the table column */
+  int iTable,      /* The cursor pointing to the table */
+  int iReg         /* Store results here */
+){
+  int r1 = sqlite3ExprCodeGetColumn(pParse, pTab, iColumn, iTable, iReg, 0);
+  if( r1!=iReg ) sqlite3VdbeAddOp2(pParse->pVdbe, OP_SCopy, r1, iReg);
+}
+
+
+/*
+** Clear all column cache entries.
+*/
+SQLITE_PRIVATE void sqlite3ExprCacheClear(Parse *pParse){
+  int i;
+  struct yColCache *p;
+
+#if SQLITE_DEBUG
+  if( pParse->db->flags & SQLITE_VdbeAddopTrace ){
+    printf("CLEAR\n");
+  }
+#endif
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    if( p->iReg ){
+      cacheEntryClear(pParse, p);
+      p->iReg = 0;
+    }
+  }
+}
+
+/*
+** Record the fact that an affinity change has occurred on iCount
+** registers starting with iStart.
+*/
+SQLITE_PRIVATE void sqlite3ExprCacheAffinityChange(Parse *pParse, int iStart, int iCount){
+  sqlite3ExprCacheRemove(pParse, iStart, iCount);
+}
+
+/*
+** Generate code to move content from registers iFrom...iFrom+nReg-1
+** over to iTo..iTo+nReg-1. Keep the column cache up-to-date.
+*/
+SQLITE_PRIVATE void sqlite3ExprCodeMove(Parse *pParse, int iFrom, int iTo, int nReg){
+  assert( iFrom>=iTo+nReg || iFrom+nReg<=iTo );
+  sqlite3VdbeAddOp3(pParse->pVdbe, OP_Move, iFrom, iTo, nReg);
+  sqlite3ExprCacheRemove(pParse, iFrom, nReg);
+}
+
+#if defined(SQLITE_DEBUG) || defined(SQLITE_COVERAGE_TEST)
+/*
+** Return true if any register in the range iFrom..iTo (inclusive)
+** is used as part of the column cache.
+**
+** This routine is used within assert() and testcase() macros only
+** and does not appear in a normal build.
+*/
+static int usedAsColumnCache(Parse *pParse, int iFrom, int iTo){
+  int i;
+  struct yColCache *p;
+  for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+    int r = p->iReg;
+    if( r>=iFrom && r<=iTo ) return 1;    /*NO_TEST*/
+  }
+  return 0;
+}
+#endif /* SQLITE_DEBUG || SQLITE_COVERAGE_TEST */
+
+/*
+** Convert an expression node to a TK_REGISTER
+*/
+static void exprToRegister(Expr *p, int iReg){
+  p->op2 = p->op;
+  p->op = TK_REGISTER;
+  p->iTable = iReg;
+  ExprClearProperty(p, EP_Skip);
+}
+
+/*
+** Generate code into the current Vdbe to evaluate the given
+** expression.  Attempt to store the results in register "target".
+** Return the register where results are stored.
+**
+** With this routine, there is no guarantee that results will
+** be stored in target.  The result might be stored in some other
+** register if it is convenient to do so.  The calling function
+** must check the return code and move the results to the desired
+** register.
+*/
+SQLITE_PRIVATE int sqlite3ExprCodeTarget(Parse *pParse, Expr *pExpr, int target){
+  Vdbe *v = pParse->pVdbe;  /* The VM under construction */
+  int op;                   /* The opcode being coded */
+  int inReg = target;       /* Results stored in register inReg */
+  int regFree1 = 0;         /* If non-zero free this temporary register */
+  int regFree2 = 0;         /* If non-zero free this temporary register */
+  int r1, r2, r3, r4;       /* Various register numbers */
+  sqlite3 *db = pParse->db; /* The database connection */
+  Expr tempX;               /* Temporary expression node */
+
+  assert( target>0 && target<=pParse->nMem );
+  if( v==0 ){
+    assert( pParse->db->mallocFailed );
+    return 0;
+  }
+
+  if( pExpr==0 ){
+    op = TK_NULL;
+  }else{
+    op = pExpr->op;
+  }
+  switch( op ){
+    case TK_AGG_COLUMN: {
+      AggInfo *pAggInfo = pExpr->pAggInfo;
+      struct AggInfo_col *pCol = &pAggInfo->aCol[pExpr->iAgg];
+      if( !pAggInfo->directMode ){
+        assert( pCol->iMem>0 );
+        inReg = pCol->iMem;
+        break;
+      }else if( pAggInfo->useSortingIdx ){
+        sqlite3VdbeAddOp3(v, OP_Column, pAggInfo->sortingIdxPTab,
+                              pCol->iSorterColumn, target);
+        break;
+      }
+      /* Otherwise, fall thru into the TK_COLUMN case */
+    }
+    case TK_COLUMN: {
+      int iTab = pExpr->iTable;
+      if( iTab<0 ){
+        if( pParse->ckBase>0 ){
+          /* Generating CHECK constraints or inserting into partial index */
+          inReg = pExpr->iColumn + pParse->ckBase;
+          break;
+        }else{
+          /* Coding an expression that is part of an index where column names
+          ** in the index refer to the table to which the index belongs */
+          iTab = pParse->iSelfTab;
+        }
+      }
+      inReg = sqlite3ExprCodeGetColumn(pParse, pExpr->pTab,
+                               pExpr->iColumn, iTab, target,
+                               pExpr->op2);
+      break;
+    }
+    case TK_INTEGER: {
+      codeInteger(pParse, pExpr, 0, target);
+      break;
+    }
+#ifndef SQLITE_OMIT_FLOATING_POINT
+    case TK_FLOAT: {
+      assert( !ExprHasProperty(pExpr, EP_IntValue) );
+      codeReal(v, pExpr->u.zToken, 0, target);
+      break;
+    }
+#endif
+    case TK_STRING: {
+      assert( !ExprHasProperty(pExpr, EP_IntValue) );
+      sqlite3VdbeLoadString(v, target, pExpr->u.zToken);
+      break;
+    }
+    case TK_NULL: {
+      sqlite3VdbeAddOp2(v, OP_Null, 0, target);
+      break;
+    }
+#ifndef SQLITE_OMIT_BLOB_LITERAL
+    case TK_BLOB: {
+      int n;
+      const char *z;
+      char *zBlob;
+      assert( !ExprHasProperty(pExpr, EP_IntValue) );
+      assert( pExpr->u.zToken[0]=='x' || pExpr->u.zToken[0]=='X' );
+      assert( pExpr->u.zToken[1]=='\'' );
+      z = &pExpr->u.zToken[2];
+      n = sqlite3Strlen30(z) - 1;
+      assert( z[n]=='\'' );
+      zBlob = sqlite3HexToBlob(sqlite3VdbeDb(v), z, n);
+      sqlite3VdbeAddOp4(v, OP_Blob, n/2, target, 0, zBlob, P4_DYNAMIC);
+      break;
+    }
+#endif
+    case TK_VARIABLE: {
+      assert( !ExprHasProperty(pExpr, EP_IntValue) );
+      assert( pExpr->u.zToken!=0 );
+      assert( pExpr->u.zToken[0]!=0 );
+      sqlite3VdbeAddOp2(v, OP_Variable, pExpr->iColumn, target);
+      if( pExpr->u.zToken[1]!=0 ){
+        assert( pExpr->u.zToken[0]=='?' 
+             || strcmp(pExpr->u.zToken, pParse->azVar[pExpr->iColumn-1])==0 );
+        sqlite3VdbeChangeP4(v, -1, pParse->azVar[pExpr->iColumn-1], P4_STATIC);
+      }
+      break;
+    }
+    case TK_REGISTER: {
+      inReg = pExpr->iTable;
+      break;
+    }
+#ifndef SQLITE_OMIT_CAST
+    case TK_CAST: {
+      /* Expressions of the form:   CAST(pLeft AS token) */
+      inReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft, target);
+      if( inReg!=target ){
+        sqlite3VdbeAddOp2(v, OP_SCopy, inReg, target);
+        inReg = target;
+      }
+      sqlite3VdbeAddOp2(v, OP_Cast, target,
+                        sqlite3AffinityType(pExpr->u.zToken, 0));
+      testcase( usedAsColumnCache(pParse, inReg, inReg) );
+      sqlite3ExprCacheAffinityChange(pParse, inReg, 1);
+      break;
+    }
+#endif /* SQLITE_OMIT_CAST */
+    case TK_LT:
+    case TK_LE:
+    case TK_GT:
+    case TK_GE:
+    case TK_NE:
+    case TK_EQ: {
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pExpr->pRight, &regFree2);
+      codeCompare(pParse, pExpr->pLeft, pExpr->pRight, op,
+                  r1, r2, inReg, SQLITE_STOREP2);
+      assert(TK_LT==OP_Lt); testcase(op==OP_Lt); VdbeCoverageIf(v,op==OP_Lt);
+      assert(TK_LE==OP_Le); testcase(op==OP_Le); VdbeCoverageIf(v,op==OP_Le);
+      assert(TK_GT==OP_Gt); testcase(op==OP_Gt); VdbeCoverageIf(v,op==OP_Gt);
+      assert(TK_GE==OP_Ge); testcase(op==OP_Ge); VdbeCoverageIf(v,op==OP_Ge);
+      assert(TK_EQ==OP_Eq); testcase(op==OP_Eq); VdbeCoverageIf(v,op==OP_Eq);
+      assert(TK_NE==OP_Ne); testcase(op==OP_Ne); VdbeCoverageIf(v,op==OP_Ne);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      break;
+    }
+    case TK_IS:
+    case TK_ISNOT: {
+      testcase( op==TK_IS );
+      testcase( op==TK_ISNOT );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pExpr->pRight, &regFree2);
+      op = (op==TK_IS) ? TK_EQ : TK_NE;
+      codeCompare(pParse, pExpr->pLeft, pExpr->pRight, op,
+                  r1, r2, inReg, SQLITE_STOREP2 | SQLITE_NULLEQ);
+      VdbeCoverageIf(v, op==TK_EQ);
+      VdbeCoverageIf(v, op==TK_NE);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      break;
+    }
+    case TK_AND:
+    case TK_OR:
+    case TK_PLUS:
+    case TK_STAR:
+    case TK_MINUS:
+    case TK_REM:
+    case TK_BITAND:
+    case TK_BITOR:
+    case TK_SLASH:
+    case TK_LSHIFT:
+    case TK_RSHIFT: 
+    case TK_CONCAT: {
+      assert( TK_AND==OP_And );            testcase( op==TK_AND );
+      assert( TK_OR==OP_Or );              testcase( op==TK_OR );
+      assert( TK_PLUS==OP_Add );           testcase( op==TK_PLUS );
+      assert( TK_MINUS==OP_Subtract );     testcase( op==TK_MINUS );
+      assert( TK_REM==OP_Remainder );      testcase( op==TK_REM );
+      assert( TK_BITAND==OP_BitAnd );      testcase( op==TK_BITAND );
+      assert( TK_BITOR==OP_BitOr );        testcase( op==TK_BITOR );
+      assert( TK_SLASH==OP_Divide );       testcase( op==TK_SLASH );
+      assert( TK_LSHIFT==OP_ShiftLeft );   testcase( op==TK_LSHIFT );
+      assert( TK_RSHIFT==OP_ShiftRight );  testcase( op==TK_RSHIFT );
+      assert( TK_CONCAT==OP_Concat );      testcase( op==TK_CONCAT );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pExpr->pRight, &regFree2);
+      sqlite3VdbeAddOp3(v, op, r2, r1, target);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      break;
+    }
+    case TK_UMINUS: {
+      Expr *pLeft = pExpr->pLeft;
+      assert( pLeft );
+      if( pLeft->op==TK_INTEGER ){
+        codeInteger(pParse, pLeft, 1, target);
+#ifndef SQLITE_OMIT_FLOATING_POINT
+      }else if( pLeft->op==TK_FLOAT ){
+        assert( !ExprHasProperty(pExpr, EP_IntValue) );
+        codeReal(v, pLeft->u.zToken, 1, target);
+#endif
+      }else{
+        tempX.op = TK_INTEGER;
+        tempX.flags = EP_IntValue|EP_TokenOnly;
+        tempX.u.iValue = 0;
+        r1 = sqlite3ExprCodeTemp(pParse, &tempX, &regFree1);
+        r2 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree2);
+        sqlite3VdbeAddOp3(v, OP_Subtract, r2, r1, target);
+        testcase( regFree2==0 );
+      }
+      inReg = target;
+      break;
+    }
+    case TK_BITNOT:
+    case TK_NOT: {
+      assert( TK_BITNOT==OP_BitNot );   testcase( op==TK_BITNOT );
+      assert( TK_NOT==OP_Not );         testcase( op==TK_NOT );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      testcase( regFree1==0 );
+      inReg = target;
+      sqlite3VdbeAddOp2(v, op, r1, inReg);
+      break;
+    }
+    case TK_ISNULL:
+    case TK_NOTNULL: {
+      int addr;
+      assert( TK_ISNULL==OP_IsNull );   testcase( op==TK_ISNULL );
+      assert( TK_NOTNULL==OP_NotNull ); testcase( op==TK_NOTNULL );
+      sqlite3VdbeAddOp2(v, OP_Integer, 1, target);
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      testcase( regFree1==0 );
+      addr = sqlite3VdbeAddOp1(v, op, r1);
+      VdbeCoverageIf(v, op==TK_ISNULL);
+      VdbeCoverageIf(v, op==TK_NOTNULL);
+      sqlite3VdbeAddOp2(v, OP_Integer, 0, target);
+      sqlite3VdbeJumpHere(v, addr);
+      break;
+    }
+    case TK_AGG_FUNCTION: {
+      AggInfo *pInfo = pExpr->pAggInfo;
+      if( pInfo==0 ){
+        assert( !ExprHasProperty(pExpr, EP_IntValue) );
+        sqlite3ErrorMsg(pParse, "misuse of aggregate: %s()", pExpr->u.zToken);
+      }else{
+        inReg = pInfo->aFunc[pExpr->iAgg].iMem;
+      }
+      break;
+    }
+    case TK_FUNCTION: {
+      ExprList *pFarg;       /* List of function arguments */
+      int nFarg;             /* Number of function arguments */
+      FuncDef *pDef;         /* The function definition object */
+      int nId;               /* Length of the function name in bytes */
+      const char *zId;       /* The function name */
+      u32 constMask = 0;     /* Mask of function arguments that are constant */
+      int i;                 /* Loop counter */
+      u8 enc = ENC(db);      /* The text encoding used by this database */
+      CollSeq *pColl = 0;    /* A collating sequence */
+
+      assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
+      if( ExprHasProperty(pExpr, EP_TokenOnly) ){
+        pFarg = 0;
+      }else{
+        pFarg = pExpr->x.pList;
+      }
+      nFarg = pFarg ? pFarg->nExpr : 0;
+      assert( !ExprHasProperty(pExpr, EP_IntValue) );
+      zId = pExpr->u.zToken;
+      nId = sqlite3Strlen30(zId);
+      pDef = sqlite3FindFunction(db, zId, nId, nFarg, enc, 0);
+      if( pDef==0 || pDef->xFunc==0 ){
+        sqlite3ErrorMsg(pParse, "unknown function: %.*s()", nId, zId);
+        break;
+      }
+
+      /* Attempt a direct implementation of the built-in COALESCE() and
+      ** IFNULL() functions.  This avoids unnecessary evaluation of
+      ** arguments past the first non-NULL argument.
+      */
+      if( pDef->funcFlags & SQLITE_FUNC_COALESCE ){
+        int endCoalesce = sqlite3VdbeMakeLabel(v);
+        assert( nFarg>=2 );
+        sqlite3ExprCode(pParse, pFarg->a[0].pExpr, target);
+        for(i=1; i<nFarg; i++){
+          sqlite3VdbeAddOp2(v, OP_NotNull, target, endCoalesce);
+          VdbeCoverage(v);
+          sqlite3ExprCacheRemove(pParse, target, 1);
+          sqlite3ExprCachePush(pParse);
+          sqlite3ExprCode(pParse, pFarg->a[i].pExpr, target);
+          sqlite3ExprCachePop(pParse);
+        }
+        sqlite3VdbeResolveLabel(v, endCoalesce);
+        break;
+      }
+
+      /* The UNLIKELY() function is a no-op.  The result is the value
+      ** of the first argument.
+      */
+      if( pDef->funcFlags & SQLITE_FUNC_UNLIKELY ){
+        assert( nFarg>=1 );
+        inReg = sqlite3ExprCodeTarget(pParse, pFarg->a[0].pExpr, target);
+        break;
+      }
+
+      for(i=0; i<nFarg; i++){
+        if( i<32 && sqlite3ExprIsConstant(pFarg->a[i].pExpr) ){
+          testcase( i==31 );
+          constMask |= MASKBIT32(i);
+        }
+        if( (pDef->funcFlags & SQLITE_FUNC_NEEDCOLL)!=0 && !pColl ){
+          pColl = sqlite3ExprCollSeq(pParse, pFarg->a[i].pExpr);
+        }
+      }
+      if( pFarg ){
+        if( constMask ){
+          r1 = pParse->nMem+1;
+          pParse->nMem += nFarg;
+        }else{
+          r1 = sqlite3GetTempRange(pParse, nFarg);
+        }
+
+        /* For length() and typeof() functions with a column argument,
+        ** set the P5 parameter to the OP_Column opcode to OPFLAG_LENGTHARG
+        ** or OPFLAG_TYPEOFARG respectively, to avoid unnecessary data
+        ** loading.
+        */
+        if( (pDef->funcFlags & (SQLITE_FUNC_LENGTH|SQLITE_FUNC_TYPEOF))!=0 ){
+          u8 exprOp;
+          assert( nFarg==1 );
+          assert( pFarg->a[0].pExpr!=0 );
+          exprOp = pFarg->a[0].pExpr->op;
+          if( exprOp==TK_COLUMN || exprOp==TK_AGG_COLUMN ){
+            assert( SQLITE_FUNC_LENGTH==OPFLAG_LENGTHARG );
+            assert( SQLITE_FUNC_TYPEOF==OPFLAG_TYPEOFARG );
+            testcase( pDef->funcFlags & OPFLAG_LENGTHARG );
+            pFarg->a[0].pExpr->op2 = 
+                  pDef->funcFlags & (OPFLAG_LENGTHARG|OPFLAG_TYPEOFARG);
+          }
+        }
+
+        sqlite3ExprCachePush(pParse);     /* Ticket 2ea2425d34be */
+        sqlite3ExprCodeExprList(pParse, pFarg, r1, 0,
+                                SQLITE_ECEL_DUP|SQLITE_ECEL_FACTOR);
+        sqlite3ExprCachePop(pParse);      /* Ticket 2ea2425d34be */
+      }else{
+        r1 = 0;
+      }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+      /* Possibly overload the function if the first argument is
+      ** a virtual table column.
+      **
+      ** For infix functions (LIKE, GLOB, REGEXP, and MATCH) use the
+      ** second argument, not the first, as the argument to test to
+      ** see if it is a column in a virtual table.  This is done because
+      ** the left operand of infix functions (the operand we want to
+      ** control overloading) ends up as the second argument to the
+      ** function.  The expression "A glob B" is equivalent to 
+      ** "glob(B,A).  We want to use the A in "A glob B" to test
+      ** for function overloading.  But we use the B term in "glob(B,A)".
+      */
+      if( nFarg>=2 && (pExpr->flags & EP_InfixFunc) ){
+        pDef = sqlite3VtabOverloadFunction(db, pDef, nFarg, pFarg->a[1].pExpr);
+      }else if( nFarg>0 ){
+        pDef = sqlite3VtabOverloadFunction(db, pDef, nFarg, pFarg->a[0].pExpr);
+      }
+#endif
+      if( pDef->funcFlags & SQLITE_FUNC_NEEDCOLL ){
+        if( !pColl ) pColl = db->pDfltColl; 
+        sqlite3VdbeAddOp4(v, OP_CollSeq, 0, 0, 0, (char *)pColl, P4_COLLSEQ);
+      }
+      sqlite3VdbeAddOp4(v, OP_Function0, constMask, r1, target,
+                        (char*)pDef, P4_FUNCDEF);
+      sqlite3VdbeChangeP5(v, (u8)nFarg);
+      if( nFarg && constMask==0 ){
+        sqlite3ReleaseTempRange(pParse, r1, nFarg);
+      }
+      break;
+    }
+#ifndef SQLITE_OMIT_SUBQUERY
+    case TK_EXISTS:
+    case TK_SELECT: {
+      testcase( op==TK_EXISTS );
+      testcase( op==TK_SELECT );
+      inReg = sqlite3CodeSubselect(pParse, pExpr, 0, 0);
+      break;
+    }
+    case TK_IN: {
+      int destIfFalse = sqlite3VdbeMakeLabel(v);
+      int destIfNull = sqlite3VdbeMakeLabel(v);
+      sqlite3VdbeAddOp2(v, OP_Null, 0, target);
+      sqlite3ExprCodeIN(pParse, pExpr, destIfFalse, destIfNull);
+      sqlite3VdbeAddOp2(v, OP_Integer, 1, target);
+      sqlite3VdbeResolveLabel(v, destIfFalse);
+      sqlite3VdbeAddOp2(v, OP_AddImm, target, 0);
+      sqlite3VdbeResolveLabel(v, destIfNull);
+      break;
+    }
+#endif /* SQLITE_OMIT_SUBQUERY */
+
+
+    /*
+    **    x BETWEEN y AND z
+    **
+    ** This is equivalent to
+    **
+    **    x>=y AND x<=z
+    **
+    ** X is stored in pExpr->pLeft.
+    ** Y is stored in pExpr->pList->a[0].pExpr.
+    ** Z is stored in pExpr->pList->a[1].pExpr.
+    */
+    case TK_BETWEEN: {
+      Expr *pLeft = pExpr->pLeft;
+      struct ExprList_item *pLItem = pExpr->x.pList->a;
+      Expr *pRight = pLItem->pExpr;
+
+      r1 = sqlite3ExprCodeTemp(pParse, pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pRight, &regFree2);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      r3 = sqlite3GetTempReg(pParse);
+      r4 = sqlite3GetTempReg(pParse);
+      codeCompare(pParse, pLeft, pRight, OP_Ge,
+                  r1, r2, r3, SQLITE_STOREP2);  VdbeCoverage(v);
+      pLItem++;
+      pRight = pLItem->pExpr;
+      sqlite3ReleaseTempReg(pParse, regFree2);
+      r2 = sqlite3ExprCodeTemp(pParse, pRight, &regFree2);
+      testcase( regFree2==0 );
+      codeCompare(pParse, pLeft, pRight, OP_Le, r1, r2, r4, SQLITE_STOREP2);
+      VdbeCoverage(v);
+      sqlite3VdbeAddOp3(v, OP_And, r3, r4, target);
+      sqlite3ReleaseTempReg(pParse, r3);
+      sqlite3ReleaseTempReg(pParse, r4);
+      break;
+    }
+    case TK_COLLATE: 
+    case TK_UPLUS: {
+      inReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft, target);
+      break;
+    }
+
+    case TK_TRIGGER: {
+      /* If the opcode is TK_TRIGGER, then the expression is a reference
+      ** to a column in the new.* or old.* pseudo-tables available to
+      ** trigger programs. In this case Expr.iTable is set to 1 for the
+      ** new.* pseudo-table, or 0 for the old.* pseudo-table. Expr.iColumn
+      ** is set to the column of the pseudo-table to read, or to -1 to
+      ** read the rowid field.
+      **
+      ** The expression is implemented using an OP_Param opcode. The p1
+      ** parameter is set to 0 for an old.rowid reference, or to (i+1)
+      ** to reference another column of the old.* pseudo-table, where 
+      ** i is the index of the column. For a new.rowid reference, p1 is
+      ** set to (n+1), where n is the number of columns in each pseudo-table.
+      ** For a reference to any other column in the new.* pseudo-table, p1
+      ** is set to (n+2+i), where n and i are as defined previously. For
+      ** example, if the table on which triggers are being fired is
+      ** declared as:
+      **
+      **   CREATE TABLE t1(a, b);
+      **
+      ** Then p1 is interpreted as follows:
+      **
+      **   p1==0   ->    old.rowid     p1==3   ->    new.rowid
+      **   p1==1   ->    old.a         p1==4   ->    new.a
+      **   p1==2   ->    old.b         p1==5   ->    new.b       
+      */
+      Table *pTab = pExpr->pTab;
+      int p1 = pExpr->iTable * (pTab->nCol+1) + 1 + pExpr->iColumn;
+
+      assert( pExpr->iTable==0 || pExpr->iTable==1 );
+      assert( pExpr->iColumn>=-1 && pExpr->iColumn<pTab->nCol );
+      assert( pTab->iPKey<0 || pExpr->iColumn!=pTab->iPKey );
+      assert( p1>=0 && p1<(pTab->nCol*2+2) );
+
+      sqlite3VdbeAddOp2(v, OP_Param, p1, target);
+      VdbeComment((v, "%s.%s -> $%d",
+        (pExpr->iTable ? "new" : "old"),
+        (pExpr->iColumn<0 ? "rowid" : pExpr->pTab->aCol[pExpr->iColumn].zName),
+        target
+      ));
+
+#ifndef SQLITE_OMIT_FLOATING_POINT
+      /* If the column has REAL affinity, it may currently be stored as an
+      ** integer. Use OP_RealAffinity to make sure it is really real.
+      **
+      ** EVIDENCE-OF: R-60985-57662 SQLite will convert the value back to
+      ** floating point when extracting it from the record.  */
+      if( pExpr->iColumn>=0 
+       && pTab->aCol[pExpr->iColumn].affinity==SQLITE_AFF_REAL
+      ){
+        sqlite3VdbeAddOp1(v, OP_RealAffinity, target);
+      }
+#endif
+      break;
+    }
+
+
+    /*
+    ** Form A:
+    **   CASE x WHEN e1 THEN r1 WHEN e2 THEN r2 ... WHEN eN THEN rN ELSE y END
+    **
+    ** Form B:
+    **   CASE WHEN e1 THEN r1 WHEN e2 THEN r2 ... WHEN eN THEN rN ELSE y END
+    **
+    ** Form A is can be transformed into the equivalent form B as follows:
+    **   CASE WHEN x=e1 THEN r1 WHEN x=e2 THEN r2 ...
+    **        WHEN x=eN THEN rN ELSE y END
+    **
+    ** X (if it exists) is in pExpr->pLeft.
+    ** Y is in the last element of pExpr->x.pList if pExpr->x.pList->nExpr is
+    ** odd.  The Y is also optional.  If the number of elements in x.pList
+    ** is even, then Y is omitted and the "otherwise" result is NULL.
+    ** Ei is in pExpr->pList->a[i*2] and Ri is pExpr->pList->a[i*2+1].
+    **
+    ** The result of the expression is the Ri for the first matching Ei,
+    ** or if there is no matching Ei, the ELSE term Y, or if there is
+    ** no ELSE term, NULL.
+    */
+    default: assert( op==TK_CASE ); {
+      int endLabel;                     /* GOTO label for end of CASE stmt */
+      int nextCase;                     /* GOTO label for next WHEN clause */
+      int nExpr;                        /* 2x number of WHEN terms */
+      int i;                            /* Loop counter */
+      ExprList *pEList;                 /* List of WHEN terms */
+      struct ExprList_item *aListelem;  /* Array of WHEN terms */
+      Expr opCompare;                   /* The X==Ei expression */
+      Expr *pX;                         /* The X expression */
+      Expr *pTest = 0;                  /* X==Ei (form A) or just Ei (form B) */
+      VVA_ONLY( int iCacheLevel = pParse->iCacheLevel; )
+
+      assert( !ExprHasProperty(pExpr, EP_xIsSelect) && pExpr->x.pList );
+      assert(pExpr->x.pList->nExpr > 0);
+      pEList = pExpr->x.pList;
+      aListelem = pEList->a;
+      nExpr = pEList->nExpr;
+      endLabel = sqlite3VdbeMakeLabel(v);
+      if( (pX = pExpr->pLeft)!=0 ){
+        tempX = *pX;
+        testcase( pX->op==TK_COLUMN );
+        exprToRegister(&tempX, sqlite3ExprCodeTemp(pParse, pX, &regFree1));
+        testcase( regFree1==0 );
+        opCompare.op = TK_EQ;
+        opCompare.pLeft = &tempX;
+        pTest = &opCompare;
+        /* Ticket b351d95f9cd5ef17e9d9dbae18f5ca8611190001:
+        ** The value in regFree1 might get SCopy-ed into the file result.
+        ** So make sure that the regFree1 register is not reused for other
+        ** purposes and possibly overwritten.  */
+        regFree1 = 0;
+      }
+      for(i=0; i<nExpr-1; i=i+2){
+        sqlite3ExprCachePush(pParse);
+        if( pX ){
+          assert( pTest!=0 );
+          opCompare.pRight = aListelem[i].pExpr;
+        }else{
+          pTest = aListelem[i].pExpr;
+        }
+        nextCase = sqlite3VdbeMakeLabel(v);
+        testcase( pTest->op==TK_COLUMN );
+        sqlite3ExprIfFalse(pParse, pTest, nextCase, SQLITE_JUMPIFNULL);
+        testcase( aListelem[i+1].pExpr->op==TK_COLUMN );
+        sqlite3ExprCode(pParse, aListelem[i+1].pExpr, target);
+        sqlite3VdbeGoto(v, endLabel);
+        sqlite3ExprCachePop(pParse);
+        sqlite3VdbeResolveLabel(v, nextCase);
+      }
+      if( (nExpr&1)!=0 ){
+        sqlite3ExprCachePush(pParse);
+        sqlite3ExprCode(pParse, pEList->a[nExpr-1].pExpr, target);
+        sqlite3ExprCachePop(pParse);
+      }else{
+        sqlite3VdbeAddOp2(v, OP_Null, 0, target);
+      }
+      assert( db->mallocFailed || pParse->nErr>0 
+           || pParse->iCacheLevel==iCacheLevel );
+      sqlite3VdbeResolveLabel(v, endLabel);
+      break;
+    }
+#ifndef SQLITE_OMIT_TRIGGER
+    case TK_RAISE: {
+      assert( pExpr->affinity==OE_Rollback 
+           || pExpr->affinity==OE_Abort
+           || pExpr->affinity==OE_Fail
+           || pExpr->affinity==OE_Ignore
+      );
+      if( !pParse->pTriggerTab ){
+        sqlite3ErrorMsg(pParse,
+                       "RAISE() may only be used within a trigger-program");
+        return 0;
+      }
+      if( pExpr->affinity==OE_Abort ){
+        sqlite3MayAbort(pParse);
+      }
+      assert( !ExprHasProperty(pExpr, EP_IntValue) );
+      if( pExpr->affinity==OE_Ignore ){
+        sqlite3VdbeAddOp4(
+            v, OP_Halt, SQLITE_OK, OE_Ignore, 0, pExpr->u.zToken,0);
+        VdbeCoverage(v);
+      }else{
+        sqlite3HaltConstraint(pParse, SQLITE_CONSTRAINT_TRIGGER,
+                              pExpr->affinity, pExpr->u.zToken, 0, 0);
+      }
+
+      break;
+    }
+#endif
+  }
+  sqlite3ReleaseTempReg(pParse, regFree1);
+  sqlite3ReleaseTempReg(pParse, regFree2);
+  return inReg;
+}
+
+/*
+** Factor out the code of the given expression to initialization time.
+*/
+SQLITE_PRIVATE void sqlite3ExprCodeAtInit(
+  Parse *pParse,    /* Parsing context */
+  Expr *pExpr,      /* The expression to code when the VDBE initializes */
+  int regDest,      /* Store the value in this register */
+  u8 reusable       /* True if this expression is reusable */
+){
+  ExprList *p;
+  assert( ConstFactorOk(pParse) );
+  p = pParse->pConstExpr;
+  pExpr = sqlite3ExprDup(pParse->db, pExpr, 0);
+  p = sqlite3ExprListAppend(pParse, p, pExpr);
+  if( p ){
+     struct ExprList_item *pItem = &p->a[p->nExpr-1];
+     pItem->u.iConstExprReg = regDest;
+     pItem->reusable = reusable;
+  }
+  pParse->pConstExpr = p;
+}
+
+/*
+** Generate code to evaluate an expression and store the results
+** into a register.  Return the register number where the results
+** are stored.
+**
+** If the register is a temporary register that can be deallocated,
+** then write its number into *pReg.  If the result register is not
+** a temporary, then set *pReg to zero.
+**
+** If pExpr is a constant, then this routine might generate this
+** code to fill the register in the initialization section of the
+** VDBE program, in order to factor it out of the evaluation loop.
+*/
+SQLITE_PRIVATE int sqlite3ExprCodeTemp(Parse *pParse, Expr *pExpr, int *pReg){
+  int r2;
+  pExpr = sqlite3ExprSkipCollate(pExpr);
+  if( ConstFactorOk(pParse)
+   && pExpr->op!=TK_REGISTER
+   && sqlite3ExprIsConstantNotJoin(pExpr)
+  ){
+    ExprList *p = pParse->pConstExpr;
+    int i;
+    *pReg  = 0;
+    if( p ){
+      struct ExprList_item *pItem;
+      for(pItem=p->a, i=p->nExpr; i>0; pItem++, i--){
+        if( pItem->reusable && sqlite3ExprCompare(pItem->pExpr,pExpr,-1)==0 ){
+          return pItem->u.iConstExprReg;
+        }
+      }
+    }
+    r2 = ++pParse->nMem;
+    sqlite3ExprCodeAtInit(pParse, pExpr, r2, 1);
+  }else{
+    int r1 = sqlite3GetTempReg(pParse);
+    r2 = sqlite3ExprCodeTarget(pParse, pExpr, r1);
+    if( r2==r1 ){
+      *pReg = r1;
+    }else{
+      sqlite3ReleaseTempReg(pParse, r1);
+      *pReg = 0;
+    }
+  }
+  return r2;
+}
+
+/*
+** Generate code that will evaluate expression pExpr and store the
+** results in register target.  The results are guaranteed to appear
+** in register target.
+*/
+SQLITE_PRIVATE void sqlite3ExprCode(Parse *pParse, Expr *pExpr, int target){
+  int inReg;
+
+  assert( target>0 && target<=pParse->nMem );
+  if( pExpr && pExpr->op==TK_REGISTER ){
+    sqlite3VdbeAddOp2(pParse->pVdbe, OP_Copy, pExpr->iTable, target);
+  }else{
+    inReg = sqlite3ExprCodeTarget(pParse, pExpr, target);
+    assert( pParse->pVdbe!=0 || pParse->db->mallocFailed );
+    if( inReg!=target && pParse->pVdbe ){
+      sqlite3VdbeAddOp2(pParse->pVdbe, OP_SCopy, inReg, target);
+    }
+  }
+}
+
+/*
+** Make a transient copy of expression pExpr and then code it using
+** sqlite3ExprCode().  This routine works just like sqlite3ExprCode()
+** except that the input expression is guaranteed to be unchanged.
+*/
+SQLITE_PRIVATE void sqlite3ExprCodeCopy(Parse *pParse, Expr *pExpr, int target){
+  sqlite3 *db = pParse->db;
+  pExpr = sqlite3ExprDup(db, pExpr, 0);
+  if( !db->mallocFailed ) sqlite3ExprCode(pParse, pExpr, target);
+  sqlite3ExprDelete(db, pExpr);
+}
+
+/*
+** Generate code that will evaluate expression pExpr and store the
+** results in register target.  The results are guaranteed to appear
+** in register target.  If the expression is constant, then this routine
+** might choose to code the expression at initialization time.
+*/
+SQLITE_PRIVATE void sqlite3ExprCodeFactorable(Parse *pParse, Expr *pExpr, int target){
+  if( pParse->okConstFactor && sqlite3ExprIsConstant(pExpr) ){
+    sqlite3ExprCodeAtInit(pParse, pExpr, target, 0);
+  }else{
+    sqlite3ExprCode(pParse, pExpr, target);
+  }
+}
+
+/*
+** Generate code that evaluates the given expression and puts the result
+** in register target.
+**
+** Also make a copy of the expression results into another "cache" register
+** and modify the expression so that the next time it is evaluated,
+** the result is a copy of the cache register.
+**
+** This routine is used for expressions that are used multiple 
+** times.  They are evaluated once and the results of the expression
+** are reused.
+*/
+SQLITE_PRIVATE void sqlite3ExprCodeAndCache(Parse *pParse, Expr *pExpr, int target){
+  Vdbe *v = pParse->pVdbe;
+  int iMem;
+
+  assert( target>0 );
+  assert( pExpr->op!=TK_REGISTER );
+  sqlite3ExprCode(pParse, pExpr, target);
+  iMem = ++pParse->nMem;
+  sqlite3VdbeAddOp2(v, OP_Copy, target, iMem);
+  exprToRegister(pExpr, iMem);
+}
+
+/*
+** Generate code that pushes the value of every element of the given
+** expression list into a sequence of registers beginning at target.
+**
+** Return the number of elements evaluated.
+**
+** The SQLITE_ECEL_DUP flag prevents the arguments from being
+** filled using OP_SCopy.  OP_Copy must be used instead.
+**
+** The SQLITE_ECEL_FACTOR argument allows constant arguments to be
+** factored out into initialization code.
+**
+** The SQLITE_ECEL_REF flag means that expressions in the list with
+** ExprList.a[].u.x.iOrderByCol>0 have already been evaluated and stored
+** in registers at srcReg, and so the value can be copied from there.
+*/
+SQLITE_PRIVATE int sqlite3ExprCodeExprList(
+  Parse *pParse,     /* Parsing context */
+  ExprList *pList,   /* The expression list to be coded */
+  int target,        /* Where to write results */
+  int srcReg,        /* Source registers if SQLITE_ECEL_REF */
+  u8 flags           /* SQLITE_ECEL_* flags */
+){
+  struct ExprList_item *pItem;
+  int i, j, n;
+  u8 copyOp = (flags & SQLITE_ECEL_DUP) ? OP_Copy : OP_SCopy;
+  Vdbe *v = pParse->pVdbe;
+  assert( pList!=0 );
+  assert( target>0 );
+  assert( pParse->pVdbe!=0 );  /* Never gets this far otherwise */
+  n = pList->nExpr;
+  if( !ConstFactorOk(pParse) ) flags &= ~SQLITE_ECEL_FACTOR;
+  for(pItem=pList->a, i=0; i<n; i++, pItem++){
+    Expr *pExpr = pItem->pExpr;
+    if( (flags & SQLITE_ECEL_REF)!=0 && (j = pList->a[i].u.x.iOrderByCol)>0 ){
+      sqlite3VdbeAddOp2(v, copyOp, j+srcReg-1, target+i);
+    }else if( (flags & SQLITE_ECEL_FACTOR)!=0 && sqlite3ExprIsConstant(pExpr) ){
+      sqlite3ExprCodeAtInit(pParse, pExpr, target+i, 0);
+    }else{
+      int inReg = sqlite3ExprCodeTarget(pParse, pExpr, target+i);
+      if( inReg!=target+i ){
+        VdbeOp *pOp;
+        if( copyOp==OP_Copy
+         && (pOp=sqlite3VdbeGetOp(v, -1))->opcode==OP_Copy
+         && pOp->p1+pOp->p3+1==inReg
+         && pOp->p2+pOp->p3+1==target+i
+        ){
+          pOp->p3++;
+        }else{
+          sqlite3VdbeAddOp2(v, copyOp, inReg, target+i);
+        }
+      }
+    }
+  }
+  return n;
+}
+
+/*
+** Generate code for a BETWEEN operator.
+**
+**    x BETWEEN y AND z
+**
+** The above is equivalent to 
+**
+**    x>=y AND x<=z
+**
+** Code it as such, taking care to do the common subexpression
+** elimination of x.
+*/
+static void exprCodeBetween(
+  Parse *pParse,    /* Parsing and code generating context */
+  Expr *pExpr,      /* The BETWEEN expression */
+  int dest,         /* Jump here if the jump is taken */
+  int jumpIfTrue,   /* Take the jump if the BETWEEN is true */
+  int jumpIfNull    /* Take the jump if the BETWEEN is NULL */
+){
+  Expr exprAnd;     /* The AND operator in  x>=y AND x<=z  */
+  Expr compLeft;    /* The  x>=y  term */
+  Expr compRight;   /* The  x<=z  term */
+  Expr exprX;       /* The  x  subexpression */
+  int regFree1 = 0; /* Temporary use register */
+
+  assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
+  exprX = *pExpr->pLeft;
+  exprAnd.op = TK_AND;
+  exprAnd.pLeft = &compLeft;
+  exprAnd.pRight = &compRight;
+  compLeft.op = TK_GE;
+  compLeft.pLeft = &exprX;
+  compLeft.pRight = pExpr->x.pList->a[0].pExpr;
+  compRight.op = TK_LE;
+  compRight.pLeft = &exprX;
+  compRight.pRight = pExpr->x.pList->a[1].pExpr;
+  exprToRegister(&exprX, sqlite3ExprCodeTemp(pParse, &exprX, &regFree1));
+  if( jumpIfTrue ){
+    sqlite3ExprIfTrue(pParse, &exprAnd, dest, jumpIfNull);
+  }else{
+    sqlite3ExprIfFalse(pParse, &exprAnd, dest, jumpIfNull);
+  }
+  sqlite3ReleaseTempReg(pParse, regFree1);
+
+  /* Ensure adequate test coverage */
+  testcase( jumpIfTrue==0 && jumpIfNull==0 && regFree1==0 );
+  testcase( jumpIfTrue==0 && jumpIfNull==0 && regFree1!=0 );
+  testcase( jumpIfTrue==0 && jumpIfNull!=0 && regFree1==0 );
+  testcase( jumpIfTrue==0 && jumpIfNull!=0 && regFree1!=0 );
+  testcase( jumpIfTrue!=0 && jumpIfNull==0 && regFree1==0 );
+  testcase( jumpIfTrue!=0 && jumpIfNull==0 && regFree1!=0 );
+  testcase( jumpIfTrue!=0 && jumpIfNull!=0 && regFree1==0 );
+  testcase( jumpIfTrue!=0 && jumpIfNull!=0 && regFree1!=0 );
+}
+
+/*
+** Generate code for a boolean expression such that a jump is made
+** to the label "dest" if the expression is true but execution
+** continues straight thru if the expression is false.
+**
+** If the expression evaluates to NULL (neither true nor false), then
+** take the jump if the jumpIfNull flag is SQLITE_JUMPIFNULL.
+**
+** This code depends on the fact that certain token values (ex: TK_EQ)
+** are the same as opcode values (ex: OP_Eq) that implement the corresponding
+** operation.  Special comments in vdbe.c and the mkopcodeh.awk script in
+** the make process cause these values to align.  Assert()s in the code
+** below verify that the numbers are aligned correctly.
+*/
+SQLITE_PRIVATE void sqlite3ExprIfTrue(Parse *pParse, Expr *pExpr, int dest, int jumpIfNull){
+  Vdbe *v = pParse->pVdbe;
+  int op = 0;
+  int regFree1 = 0;
+  int regFree2 = 0;
+  int r1, r2;
+
+  assert( jumpIfNull==SQLITE_JUMPIFNULL || jumpIfNull==0 );
+  if( NEVER(v==0) )     return;  /* Existence of VDBE checked by caller */
+  if( NEVER(pExpr==0) ) return;  /* No way this can happen */
+  op = pExpr->op;
+  switch( op ){
+    case TK_AND: {
+      int d2 = sqlite3VdbeMakeLabel(v);
+      testcase( jumpIfNull==0 );
+      sqlite3ExprIfFalse(pParse, pExpr->pLeft, d2,jumpIfNull^SQLITE_JUMPIFNULL);
+      sqlite3ExprCachePush(pParse);
+      sqlite3ExprIfTrue(pParse, pExpr->pRight, dest, jumpIfNull);
+      sqlite3VdbeResolveLabel(v, d2);
+      sqlite3ExprCachePop(pParse);
+      break;
+    }
+    case TK_OR: {
+      testcase( jumpIfNull==0 );
+      sqlite3ExprIfTrue(pParse, pExpr->pLeft, dest, jumpIfNull);
+      sqlite3ExprCachePush(pParse);
+      sqlite3ExprIfTrue(pParse, pExpr->pRight, dest, jumpIfNull);
+      sqlite3ExprCachePop(pParse);
+      break;
+    }
+    case TK_NOT: {
+      testcase( jumpIfNull==0 );
+      sqlite3ExprIfFalse(pParse, pExpr->pLeft, dest, jumpIfNull);
+      break;
+    }
+    case TK_LT:
+    case TK_LE:
+    case TK_GT:
+    case TK_GE:
+    case TK_NE:
+    case TK_EQ: {
+      testcase( jumpIfNull==0 );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pExpr->pRight, &regFree2);
+      codeCompare(pParse, pExpr->pLeft, pExpr->pRight, op,
+                  r1, r2, dest, jumpIfNull);
+      assert(TK_LT==OP_Lt); testcase(op==OP_Lt); VdbeCoverageIf(v,op==OP_Lt);
+      assert(TK_LE==OP_Le); testcase(op==OP_Le); VdbeCoverageIf(v,op==OP_Le);
+      assert(TK_GT==OP_Gt); testcase(op==OP_Gt); VdbeCoverageIf(v,op==OP_Gt);
+      assert(TK_GE==OP_Ge); testcase(op==OP_Ge); VdbeCoverageIf(v,op==OP_Ge);
+      assert(TK_EQ==OP_Eq); testcase(op==OP_Eq); VdbeCoverageIf(v,op==OP_Eq);
+      assert(TK_NE==OP_Ne); testcase(op==OP_Ne); VdbeCoverageIf(v,op==OP_Ne);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      break;
+    }
+    case TK_IS:
+    case TK_ISNOT: {
+      testcase( op==TK_IS );
+      testcase( op==TK_ISNOT );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pExpr->pRight, &regFree2);
+      op = (op==TK_IS) ? TK_EQ : TK_NE;
+      codeCompare(pParse, pExpr->pLeft, pExpr->pRight, op,
+                  r1, r2, dest, SQLITE_NULLEQ);
+      VdbeCoverageIf(v, op==TK_EQ);
+      VdbeCoverageIf(v, op==TK_NE);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      break;
+    }
+    case TK_ISNULL:
+    case TK_NOTNULL: {
+      assert( TK_ISNULL==OP_IsNull );   testcase( op==TK_ISNULL );
+      assert( TK_NOTNULL==OP_NotNull ); testcase( op==TK_NOTNULL );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      sqlite3VdbeAddOp2(v, op, r1, dest);
+      VdbeCoverageIf(v, op==TK_ISNULL);
+      VdbeCoverageIf(v, op==TK_NOTNULL);
+      testcase( regFree1==0 );
+      break;
+    }
+    case TK_BETWEEN: {
+      testcase( jumpIfNull==0 );
+      exprCodeBetween(pParse, pExpr, dest, 1, jumpIfNull);
+      break;
+    }
+#ifndef SQLITE_OMIT_SUBQUERY
+    case TK_IN: {
+      int destIfFalse = sqlite3VdbeMakeLabel(v);
+      int destIfNull = jumpIfNull ? dest : destIfFalse;
+      sqlite3ExprCodeIN(pParse, pExpr, destIfFalse, destIfNull);
+      sqlite3VdbeGoto(v, dest);
+      sqlite3VdbeResolveLabel(v, destIfFalse);
+      break;
+    }
+#endif
+    default: {
+      if( exprAlwaysTrue(pExpr) ){
+        sqlite3VdbeGoto(v, dest);
+      }else if( exprAlwaysFalse(pExpr) ){
+        /* No-op */
+      }else{
+        r1 = sqlite3ExprCodeTemp(pParse, pExpr, &regFree1);
+        sqlite3VdbeAddOp3(v, OP_If, r1, dest, jumpIfNull!=0);
+        VdbeCoverage(v);
+        testcase( regFree1==0 );
+        testcase( jumpIfNull==0 );
+      }
+      break;
+    }
+  }
+  sqlite3ReleaseTempReg(pParse, regFree1);
+  sqlite3ReleaseTempReg(pParse, regFree2);  
+}
+
+/*
+** Generate code for a boolean expression such that a jump is made
+** to the label "dest" if the expression is false but execution
+** continues straight thru if the expression is true.
+**
+** If the expression evaluates to NULL (neither true nor false) then
+** jump if jumpIfNull is SQLITE_JUMPIFNULL or fall through if jumpIfNull
+** is 0.
+*/
+SQLITE_PRIVATE void sqlite3ExprIfFalse(Parse *pParse, Expr *pExpr, int dest, int jumpIfNull){
+  Vdbe *v = pParse->pVdbe;
+  int op = 0;
+  int regFree1 = 0;
+  int regFree2 = 0;
+  int r1, r2;
+
+  assert( jumpIfNull==SQLITE_JUMPIFNULL || jumpIfNull==0 );
+  if( NEVER(v==0) ) return; /* Existence of VDBE checked by caller */
+  if( pExpr==0 )    return;
+
+  /* The value of pExpr->op and op are related as follows:
+  **
+  **       pExpr->op            op
+  **       ---------          ----------
+  **       TK_ISNULL          OP_NotNull
+  **       TK_NOTNULL         OP_IsNull
+  **       TK_NE              OP_Eq
+  **       TK_EQ              OP_Ne
+  **       TK_GT              OP_Le
+  **       TK_LE              OP_Gt
+  **       TK_GE              OP_Lt
+  **       TK_LT              OP_Ge
+  **
+  ** For other values of pExpr->op, op is undefined and unused.
+  ** The value of TK_ and OP_ constants are arranged such that we
+  ** can compute the mapping above using the following expression.
+  ** Assert()s verify that the computation is correct.
+  */
+  op = ((pExpr->op+(TK_ISNULL&1))^1)-(TK_ISNULL&1);
+
+  /* Verify correct alignment of TK_ and OP_ constants
+  */
+  assert( pExpr->op!=TK_ISNULL || op==OP_NotNull );
+  assert( pExpr->op!=TK_NOTNULL || op==OP_IsNull );
+  assert( pExpr->op!=TK_NE || op==OP_Eq );
+  assert( pExpr->op!=TK_EQ || op==OP_Ne );
+  assert( pExpr->op!=TK_LT || op==OP_Ge );
+  assert( pExpr->op!=TK_LE || op==OP_Gt );
+  assert( pExpr->op!=TK_GT || op==OP_Le );
+  assert( pExpr->op!=TK_GE || op==OP_Lt );
+
+  switch( pExpr->op ){
+    case TK_AND: {
+      testcase( jumpIfNull==0 );
+      sqlite3ExprIfFalse(pParse, pExpr->pLeft, dest, jumpIfNull);
+      sqlite3ExprCachePush(pParse);
+      sqlite3ExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
+      sqlite3ExprCachePop(pParse);
+      break;
+    }
+    case TK_OR: {
+      int d2 = sqlite3VdbeMakeLabel(v);
+      testcase( jumpIfNull==0 );
+      sqlite3ExprIfTrue(pParse, pExpr->pLeft, d2, jumpIfNull^SQLITE_JUMPIFNULL);
+      sqlite3ExprCachePush(pParse);
+      sqlite3ExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
+      sqlite3VdbeResolveLabel(v, d2);
+      sqlite3ExprCachePop(pParse);
+      break;
+    }
+    case TK_NOT: {
+      testcase( jumpIfNull==0 );
+      sqlite3ExprIfTrue(pParse, pExpr->pLeft, dest, jumpIfNull);
+      break;
+    }
+    case TK_LT:
+    case TK_LE:
+    case TK_GT:
+    case TK_GE:
+    case TK_NE:
+    case TK_EQ: {
+      testcase( jumpIfNull==0 );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pExpr->pRight, &regFree2);
+      codeCompare(pParse, pExpr->pLeft, pExpr->pRight, op,
+                  r1, r2, dest, jumpIfNull);
+      assert(TK_LT==OP_Lt); testcase(op==OP_Lt); VdbeCoverageIf(v,op==OP_Lt);
+      assert(TK_LE==OP_Le); testcase(op==OP_Le); VdbeCoverageIf(v,op==OP_Le);
+      assert(TK_GT==OP_Gt); testcase(op==OP_Gt); VdbeCoverageIf(v,op==OP_Gt);
+      assert(TK_GE==OP_Ge); testcase(op==OP_Ge); VdbeCoverageIf(v,op==OP_Ge);
+      assert(TK_EQ==OP_Eq); testcase(op==OP_Eq); VdbeCoverageIf(v,op==OP_Eq);
+      assert(TK_NE==OP_Ne); testcase(op==OP_Ne); VdbeCoverageIf(v,op==OP_Ne);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      break;
+    }
+    case TK_IS:
+    case TK_ISNOT: {
+      testcase( pExpr->op==TK_IS );
+      testcase( pExpr->op==TK_ISNOT );
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      r2 = sqlite3ExprCodeTemp(pParse, pExpr->pRight, &regFree2);
+      op = (pExpr->op==TK_IS) ? TK_NE : TK_EQ;
+      codeCompare(pParse, pExpr->pLeft, pExpr->pRight, op,
+                  r1, r2, dest, SQLITE_NULLEQ);
+      VdbeCoverageIf(v, op==TK_EQ);
+      VdbeCoverageIf(v, op==TK_NE);
+      testcase( regFree1==0 );
+      testcase( regFree2==0 );
+      break;
+    }
+    case TK_ISNULL:
+    case TK_NOTNULL: {
+      r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
+      sqlite3VdbeAddOp2(v, op, r1, dest);
+      testcase( op==TK_ISNULL );   VdbeCoverageIf(v, op==TK_ISNULL);
+      testcase( op==TK_NOTNULL );  VdbeCoverageIf(v, op==TK_NOTNULL);
+      testcase( regFree1==0 );
+      break;
+    }
+    case TK_BETWEEN: {
+      testcase( jumpIfNull==0 );
+      exprCodeBetween(pParse, pExpr, dest, 0, jumpIfNull);
+      break;
+    }
+#ifndef SQLITE_OMIT_SUBQUERY
+    case TK_IN: {
+      if( jumpIfNull ){
+        sqlite3ExprCodeIN(pParse, pExpr, dest, dest);
+      }else{
+        int destIfNull = sqlite3VdbeMakeLabel(v);
+        sqlite3ExprCodeIN(pParse, pExpr, dest, destIfNull);
+        sqlite3VdbeResolveLabel(v, destIfNull);
+      }
+      break;
+    }
+#endif
+    default: {
+      if( exprAlwaysFalse(pExpr) ){
+        sqlite3VdbeGoto(v, dest);
+      }else if( exprAlwaysTrue(pExpr) ){
+        /* no-op */
+      }else{
+        r1 = sqlite3ExprCodeTemp(pParse, pExpr, &regFree1);
+        sqlite3VdbeAddOp3(v, OP_IfNot, r1, dest, jumpIfNull!=0);
+        VdbeCoverage(v);
+        testcase( regFree1==0 );
+        testcase( jumpIfNull==0 );
+      }
+      break;
+    }
+  }
+  sqlite3ReleaseTempReg(pParse, regFree1);
+  sqlite3ReleaseTempReg(pParse, regFree2);
+}
+
+/*
+** Like sqlite3ExprIfFalse() except that a copy is made of pExpr before
+** code generation, and that copy is deleted after code generation. This
+** ensures that the original pExpr is unchanged.
+*/
+SQLITE_PRIVATE void sqlite3ExprIfFalseDup(Parse *pParse, Expr *pExpr, int dest,int jumpIfNull){
+  sqlite3 *db = pParse->db;
+  Expr *pCopy = sqlite3ExprDup(db, pExpr, 0);
+  if( db->mallocFailed==0 ){
+    sqlite3ExprIfFalse(pParse, pCopy, dest, jumpIfNull);
+  }
+  sqlite3ExprDelete(db, pCopy);
+}
+
+
+/*
+** Do a deep comparison of two expression trees.  Return 0 if the two
+** expressions are completely identical.  Return 1 if they differ only
+** by a COLLATE operator at the top level.  Return 2 if there are differences
+** other than the top-level COLLATE operator.
+**
+** If any subelement of pB has Expr.iTable==(-1) then it is allowed
+** to compare equal to an equivalent element in pA with Expr.iTable==iTab.
+**
+** The pA side might be using TK_REGISTER.  If that is the case and pB is
+** not using TK_REGISTER but is otherwise equivalent, then still return 0.
+**
+** Sometimes this routine will return 2 even if the two expressions
+** really are equivalent.  If we cannot prove that the expressions are
+** identical, we return 2 just to be safe.  So if this routine
+** returns 2, then you do not really know for certain if the two
+** expressions are the same.  But if you get a 0 or 1 return, then you
+** can be sure the expressions are the same.  In the places where
+** this routine is used, it does not hurt to get an extra 2 - that
+** just might result in some slightly slower code.  But returning
+** an incorrect 0 or 1 could lead to a malfunction.
+*/
+SQLITE_PRIVATE int sqlite3ExprCompare(Expr *pA, Expr *pB, int iTab){
+  u32 combinedFlags;
+  if( pA==0 || pB==0 ){
+    return pB==pA ? 0 : 2;
+  }
+  combinedFlags = pA->flags | pB->flags;
+  if( combinedFlags & EP_IntValue ){
+    if( (pA->flags&pB->flags&EP_IntValue)!=0 && pA->u.iValue==pB->u.iValue ){
+      return 0;
+    }
+    return 2;
+  }
+  if( pA->op!=pB->op ){
+    if( pA->op==TK_COLLATE && sqlite3ExprCompare(pA->pLeft, pB, iTab)<2 ){
+      return 1;
+    }
+    if( pB->op==TK_COLLATE && sqlite3ExprCompare(pA, pB->pLeft, iTab)<2 ){
+      return 1;
+    }
+    return 2;
+  }
+  if( pA->op!=TK_COLUMN && pA->op!=TK_AGG_COLUMN && pA->u.zToken ){
+    if( pA->op==TK_FUNCTION ){
+      if( sqlite3StrICmp(pA->u.zToken,pB->u.zToken)!=0 ) return 2;
+    }else if( strcmp(pA->u.zToken,pB->u.zToken)!=0 ){
+      return pA->op==TK_COLLATE ? 1 : 2;
+    }
+  }
+  if( (pA->flags & EP_Distinct)!=(pB->flags & EP_Distinct) ) return 2;
+  if( ALWAYS((combinedFlags & EP_TokenOnly)==0) ){
+    if( combinedFlags & EP_xIsSelect ) return 2;
+    if( sqlite3ExprCompare(pA->pLeft, pB->pLeft, iTab) ) return 2;
+    if( sqlite3ExprCompare(pA->pRight, pB->pRight, iTab) ) return 2;
+    if( sqlite3ExprListCompare(pA->x.pList, pB->x.pList, iTab) ) return 2;
+    if( ALWAYS((combinedFlags & EP_Reduced)==0) && pA->op!=TK_STRING ){
+      if( pA->iColumn!=pB->iColumn ) return 2;
+      if( pA->iTable!=pB->iTable 
+       && (pA->iTable!=iTab || NEVER(pB->iTable>=0)) ) return 2;
+    }
+  }
+  return 0;
+}
+
+/*
+** Compare two ExprList objects.  Return 0 if they are identical and 
+** non-zero if they differ in any way.
+**
+** If any subelement of pB has Expr.iTable==(-1) then it is allowed
+** to compare equal to an equivalent element in pA with Expr.iTable==iTab.
+**
+** This routine might return non-zero for equivalent ExprLists.  The
+** only consequence will be disabled optimizations.  But this routine
+** must never return 0 if the two ExprList objects are different, or
+** a malfunction will result.
+**
+** Two NULL pointers are considered to be the same.  But a NULL pointer
+** always differs from a non-NULL pointer.
+*/
+SQLITE_PRIVATE int sqlite3ExprListCompare(ExprList *pA, ExprList *pB, int iTab){
+  int i;
+  if( pA==0 && pB==0 ) return 0;
+  if( pA==0 || pB==0 ) return 1;
+  if( pA->nExpr!=pB->nExpr ) return 1;
+  for(i=0; i<pA->nExpr; i++){
+    Expr *pExprA = pA->a[i].pExpr;
+    Expr *pExprB = pB->a[i].pExpr;
+    if( pA->a[i].sortOrder!=pB->a[i].sortOrder ) return 1;
+    if( sqlite3ExprCompare(pExprA, pExprB, iTab) ) return 1;
+  }
+  return 0;
+}
+
+/*
+** Return true if we can prove the pE2 will always be true if pE1 is
+** true.  Return false if we cannot complete the proof or if pE2 might
+** be false.  Examples:
+**
+**     pE1: x==5       pE2: x==5             Result: true
+**     pE1: x>0        pE2: x==5             Result: false
+**     pE1: x=21       pE2: x=21 OR y=43     Result: true
+**     pE1: x!=123     pE2: x IS NOT NULL    Result: true
+**     pE1: x!=?1      pE2: x IS NOT NULL    Result: true
+**     pE1: x IS NULL  pE2: x IS NOT NULL    Result: false
+**     pE1: x IS ?2    pE2: x IS NOT NULL    Reuslt: false
+**
+** When comparing TK_COLUMN nodes between pE1 and pE2, if pE2 has
+** Expr.iTable<0 then assume a table number given by iTab.
+**
+** When in doubt, return false.  Returning true might give a performance
+** improvement.  Returning false might cause a performance reduction, but
+** it will always give the correct answer and is hence always safe.
+*/
+SQLITE_PRIVATE int sqlite3ExprImpliesExpr(Expr *pE1, Expr *pE2, int iTab){
+  if( sqlite3ExprCompare(pE1, pE2, iTab)==0 ){
+    return 1;
+  }
+  if( pE2->op==TK_OR
+   && (sqlite3ExprImpliesExpr(pE1, pE2->pLeft, iTab)
+             || sqlite3ExprImpliesExpr(pE1, pE2->pRight, iTab) )
+  ){
+    return 1;
+  }
+  if( pE2->op==TK_NOTNULL
+   && sqlite3ExprCompare(pE1->pLeft, pE2->pLeft, iTab)==0
+   && (pE1->op!=TK_ISNULL && pE1->op!=TK_IS)
+  ){
+    return 1;
+  }
+  return 0;
+}
+
+/*
+** An instance of the following structure is used by the tree walker
+** to count references to table columns in the arguments of an 
+** aggregate function, in order to implement the
+** sqlite3FunctionThisSrc() routine.
+*/
+struct SrcCount {
+  SrcList *pSrc;   /* One particular FROM clause in a nested query */
+  int nThis;       /* Number of references to columns in pSrcList */
+  int nOther;      /* Number of references to columns in other FROM clauses */
+};
+
+/*
+** Count the number of references to columns.
+*/
+static int exprSrcCount(Walker *pWalker, Expr *pExpr){
+  /* The NEVER() on the second term is because sqlite3FunctionUsesThisSrc()
+  ** is always called before sqlite3ExprAnalyzeAggregates() and so the
+  ** TK_COLUMNs have not yet been converted into TK_AGG_COLUMN.  If
+  ** sqlite3FunctionUsesThisSrc() is used differently in the future, the
+  ** NEVER() will need to be removed. */
+  if( pExpr->op==TK_COLUMN || NEVER(pExpr->op==TK_AGG_COLUMN) ){
+    int i;
+    struct SrcCount *p = pWalker->u.pSrcCount;
+    SrcList *pSrc = p->pSrc;
+    int nSrc = pSrc ? pSrc->nSrc : 0;
+    for(i=0; i<nSrc; i++){
+      if( pExpr->iTable==pSrc->a[i].iCursor ) break;
+    }
+    if( i<nSrc ){
+      p->nThis++;
+    }else{
+      p->nOther++;
+    }
+  }
+  return WRC_Continue;
+}
+
+/*
+** Determine if any of the arguments to the pExpr Function reference
+** pSrcList.  Return true if they do.  Also return true if the function
+** has no arguments or has only constant arguments.  Return false if pExpr
+** references columns but not columns of tables found in pSrcList.
+*/
+SQLITE_PRIVATE int sqlite3FunctionUsesThisSrc(Expr *pExpr, SrcList *pSrcList){
+  Walker w;
+  struct SrcCount cnt;
+  assert( pExpr->op==TK_AGG_FUNCTION );
+  memset(&w, 0, sizeof(w));
+  w.xExprCallback = exprSrcCount;
+  w.u.pSrcCount = &cnt;
+  cnt.pSrc = pSrcList;
+  cnt.nThis = 0;
+  cnt.nOther = 0;
+  sqlite3WalkExprList(&w, pExpr->x.pList);
+  return cnt.nThis>0 || cnt.nOther==0;
+}
+
+/*
+** Add a new element to the pAggInfo->aCol[] array.  Return the index of
+** the new element.  Return a negative number if malloc fails.
+*/
+static int addAggInfoColumn(sqlite3 *db, AggInfo *pInfo){
+  int i;
+  pInfo->aCol = sqlite3ArrayAllocate(
+       db,
+       pInfo->aCol,
+       sizeof(pInfo->aCol[0]),
+       &pInfo->nColumn,
+       &i
+  );
+  return i;
+}    
+
+/*
+** Add a new element to the pAggInfo->aFunc[] array.  Return the index of
+** the new element.  Return a negative number if malloc fails.
+*/
+static int addAggInfoFunc(sqlite3 *db, AggInfo *pInfo){
+  int i;
+  pInfo->aFunc = sqlite3ArrayAllocate(
+       db, 
+       pInfo->aFunc,
+       sizeof(pInfo->aFunc[0]),
+       &pInfo->nFunc,
+       &i
+  );
+  return i;
+}    
+
+/*
+** This is the xExprCallback for a tree walker.  It is used to
+** implement sqlite3ExprAnalyzeAggregates().  See sqlite3ExprAnalyzeAggregates
+** for additional information.
+*/
+static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
+  int i;
+  NameContext *pNC = pWalker->u.pNC;
+  Parse *pParse = pNC->pParse;
+  SrcList *pSrcList = pNC->pSrcList;
+  AggInfo *pAggInfo = pNC->pAggInfo;
+
+  switch( pExpr->op ){
+    case TK_AGG_COLUMN:
+    case TK_COLUMN: {
+      testcase( pExpr->op==TK_AGG_COLUMN );
+      testcase( pExpr->op==TK_COLUMN );
+      /* Check to see if the column is in one of the tables in the FROM
+      ** clause of the aggregate query */
+      if( ALWAYS(pSrcList!=0) ){
+        struct SrcList_item *pItem = pSrcList->a;
+        for(i=0; i<pSrcList->nSrc; i++, pItem++){
+          struct AggInfo_col *pCol;
+          assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) );
+          if( pExpr->iTable==pItem->iCursor ){
+            /* If we reach this point, it means that pExpr refers to a table
+            ** that is in the FROM clause of the aggregate query.  
+            **
+            ** Make an entry for the column in pAggInfo->aCol[] if there
+            ** is not an entry there already.
+            */
+            int k;
+            pCol = pAggInfo->aCol;
+            for(k=0; k<pAggInfo->nColumn; k++, pCol++){
+              if( pCol->iTable==pExpr->iTable &&
+                  pCol->iColumn==pExpr->iColumn ){
+                break;
+              }
+            }
+            if( (k>=pAggInfo->nColumn)
+             && (k = addAggInfoColumn(pParse->db, pAggInfo))>=0 
+            ){
+              pCol = &pAggInfo->aCol[k];
+              pCol->pTab = pExpr->pTab;
+              pCol->iTable = pExpr->iTable;
+              pCol->iColumn = pExpr->iColumn;
+              pCol->iMem = ++pParse->nMem;
+              pCol->iSorterColumn = -1;
+              pCol->pExpr = pExpr;
+              if( pAggInfo->pGroupBy ){
+                int j, n;
+                ExprList *pGB = pAggInfo->pGroupBy;
+                struct ExprList_item *pTerm = pGB->a;
+                n = pGB->nExpr;
+                for(j=0; j<n; j++, pTerm++){
+                  Expr *pE = pTerm->pExpr;
+                  if( pE->op==TK_COLUMN && pE->iTable==pExpr->iTable &&
+                      pE->iColumn==pExpr->iColumn ){
+                    pCol->iSorterColumn = j;
+                    break;
+                  }
+                }
+              }
+              if( pCol->iSorterColumn<0 ){
+                pCol->iSorterColumn = pAggInfo->nSortingColumn++;
+              }
+            }
+            /* There is now an entry for pExpr in pAggInfo->aCol[] (either
+            ** because it was there before or because we just created it).
+            ** Convert the pExpr to be a TK_AGG_COLUMN referring to that
+            ** pAggInfo->aCol[] entry.
+            */
+            ExprSetVVAProperty(pExpr, EP_NoReduce);
+            pExpr->pAggInfo = pAggInfo;
+            pExpr->op = TK_AGG_COLUMN;
+            pExpr->iAgg = (i16)k;
+            break;
+          } /* endif pExpr->iTable==pItem->iCursor */
+        } /* end loop over pSrcList */
+      }
+      return WRC_Prune;
+    }
+    case TK_AGG_FUNCTION: {
+      if( (pNC->ncFlags & NC_InAggFunc)==0
+       && pWalker->walkerDepth==pExpr->op2
+      ){
+        /* Check to see if pExpr is a duplicate of another aggregate 
+        ** function that is already in the pAggInfo structure
+        */
+        struct AggInfo_func *pItem = pAggInfo->aFunc;
+        for(i=0; i<pAggInfo->nFunc; i++, pItem++){
+          if( sqlite3ExprCompare(pItem->pExpr, pExpr, -1)==0 ){
+            break;
+          }
+        }
+        if( i>=pAggInfo->nFunc ){
+          /* pExpr is original.  Make a new entry in pAggInfo->aFunc[]
+          */
+          u8 enc = ENC(pParse->db);
+          i = addAggInfoFunc(pParse->db, pAggInfo);
+          if( i>=0 ){
+            assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
+            pItem = &pAggInfo->aFunc[i];
+            pItem->pExpr = pExpr;
+            pItem->iMem = ++pParse->nMem;
+            assert( !ExprHasProperty(pExpr, EP_IntValue) );
+            pItem->pFunc = sqlite3FindFunction(pParse->db,
+                   pExpr->u.zToken, sqlite3Strlen30(pExpr->u.zToken),
+                   pExpr->x.pList ? pExpr->x.pList->nExpr : 0, enc, 0);
+            if( pExpr->flags & EP_Distinct ){
+              pItem->iDistinct = pParse->nTab++;
+            }else{
+              pItem->iDistinct = -1;
+            }
+          }
+        }
+        /* Make pExpr point to the appropriate pAggInfo->aFunc[] entry
+        */
+        assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) );
+        ExprSetVVAProperty(pExpr, EP_NoReduce);
+        pExpr->iAgg = (i16)i;
+        pExpr->pAggInfo = pAggInfo;
+        return WRC_Prune;
+      }else{
+        return WRC_Continue;
+      }
+    }
+  }
+  return WRC_Continue;
+}
+static int analyzeAggregatesInSelect(Walker *pWalker, Select *pSelect){
+  UNUSED_PARAMETER(pWalker);
+  UNUSED_PARAMETER(pSelect);
+  return WRC_Continue;
+}
+
+/*
+** Analyze the pExpr expression looking for aggregate functions and
+** for variables that need to be added to AggInfo object that pNC->pAggInfo
+** points to.  Additional entries are made on the AggInfo object as
+** necessary.
+**
+** This routine should only be called after the expression has been
+** analyzed by sqlite3ResolveExprNames().
+*/
+SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext *pNC, Expr *pExpr){
+  Walker w;
+  memset(&w, 0, sizeof(w));
+  w.xExprCallback = analyzeAggregate;
+  w.xSelectCallback = analyzeAggregatesInSelect;
+  w.u.pNC = pNC;
+  assert( pNC->pSrcList!=0 );
+  sqlite3WalkExpr(&w, pExpr);
+}
+
+/*
+** Call sqlite3ExprAnalyzeAggregates() for every expression in an
+** expression list.  Return the number of errors.
+**
+** If an error is found, the analysis is cut short.
+*/
+SQLITE_PRIVATE void sqlite3ExprAnalyzeAggList(NameContext *pNC, ExprList *pList){
+  struct ExprList_item *pItem;
+  int i;
+  if( pList ){
+    for(pItem=pList->a, i=0; i<pList->nExpr; i++, pItem++){
+      sqlite3ExprAnalyzeAggregates(pNC, pItem->pExpr);
+    }
+  }
+}
+
+/*
+** Allocate a single new register for use to hold some intermediate result.
+*/
+SQLITE_PRIVATE int sqlite3GetTempReg(Parse *pParse){
+  if( pParse->nTempReg==0 ){
+    return ++pParse->nMem;
+  }
+  return pParse->aTempReg[--pParse->nTempReg];
+}
+
+/*
+** Deallocate a register, making available for reuse for some other
+** purpose.
+**
+** If a register is currently being used by the column cache, then
+** the deallocation is deferred until the column cache line that uses
+** the register becomes stale.
+*/
+SQLITE_PRIVATE void sqlite3ReleaseTempReg(Parse *pParse, int iReg){
+  if( iReg && pParse->nTempReg<ArraySize(pParse->aTempReg) ){
+    int i;
+    struct yColCache *p;
+    for(i=0, p=pParse->aColCache; i<SQLITE_N_COLCACHE; i++, p++){
+      if( p->iReg==iReg ){
+        p->tempReg = 1;
+        return;
+      }
+    }
+    pParse->aTempReg[pParse->nTempReg++] = iReg;
+  }
+}
+
+/*
+** Allocate or deallocate a block of nReg consecutive registers
+*/
+SQLITE_PRIVATE int sqlite3GetTempRange(Parse *pParse, int nReg){
+  int i, n;
+  i = pParse->iRangeReg;
+  n = pParse->nRangeReg;
+  if( nReg<=n ){
+    assert( !usedAsColumnCache(pParse, i, i+n-1) );
+    pParse->iRangeReg += nReg;
+    pParse->nRangeReg -= nReg;
+  }else{
+    i = pParse->nMem+1;
+    pParse->nMem += nReg;
+  }
+  return i;
+}
+SQLITE_PRIVATE void sqlite3ReleaseTempRange(Parse *pParse, int iReg, int nReg){
+  sqlite3ExprCacheRemove(pParse, iReg, nReg);
+  if( nReg>pParse->nRangeReg ){
+    pParse->nRangeReg = nReg;
+    pParse->iRangeReg = iReg;
+  }
+}
+
+/*
+** Mark all temporary registers as being unavailable for reuse.
+*/
+SQLITE_PRIVATE void sqlite3ClearTempRegCache(Parse *pParse){
+  pParse->nTempReg = 0;
+  pParse->nRangeReg = 0;
+}
+
+/************** End of expr.c ************************************************/
+/************** Begin file alter.c *******************************************/
+/*
+** 2005 February 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains C code routines that used to generate VDBE code
+** that implements the ALTER TABLE command.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** The code in this file only exists if we are not omitting the
+** ALTER TABLE logic from the build.
+*/
+#ifndef SQLITE_OMIT_ALTERTABLE
+
+
+/*
+** This function is used by SQL generated to implement the 
+** ALTER TABLE command. The first argument is the text of a CREATE TABLE or
+** CREATE INDEX command. The second is a table name. The table name in 
+** the CREATE TABLE or CREATE INDEX statement is replaced with the third
+** argument and the result returned. Examples:
+**
+** sqlite_rename_table('CREATE TABLE abc(a, b, c)', 'def')
+**     -> 'CREATE TABLE def(a, b, c)'
+**
+** sqlite_rename_table('CREATE INDEX i ON abc(a)', 'def')
+**     -> 'CREATE INDEX i ON def(a, b, c)'
+*/
+static void renameTableFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **argv
+){
+  unsigned char const *zSql = sqlite3_value_text(argv[0]);
+  unsigned char const *zTableName = sqlite3_value_text(argv[1]);
+
+  int token;
+  Token tname;
+  unsigned char const *zCsr = zSql;
+  int len = 0;
+  char *zRet;
+
+  sqlite3 *db = sqlite3_context_db_handle(context);
+
+  UNUSED_PARAMETER(NotUsed);
+
+  /* The principle used to locate the table name in the CREATE TABLE 
+  ** statement is that the table name is the first non-space token that
+  ** is immediately followed by a TK_LP or TK_USING token.
+  */
+  if( zSql ){
+    do {
+      if( !*zCsr ){
+        /* Ran out of input before finding an opening bracket. Return NULL. */
+        return;
+      }
+
+      /* Store the token that zCsr points to in tname. */
+      tname.z = (char*)zCsr;
+      tname.n = len;
+
+      /* Advance zCsr to the next token. Store that token type in 'token',
+      ** and its length in 'len' (to be used next iteration of this loop).
+      */
+      do {
+        zCsr += len;
+        len = sqlite3GetToken(zCsr, &token);
+      } while( token==TK_SPACE );
+      assert( len>0 );
+    } while( token!=TK_LP && token!=TK_USING );
+
+    zRet = sqlite3MPrintf(db, "%.*s\"%w\"%s", (int)(((u8*)tname.z) - zSql),
+       zSql, zTableName, tname.z+tname.n);
+    sqlite3_result_text(context, zRet, -1, SQLITE_DYNAMIC);
+  }
+}
+
+/*
+** This C function implements an SQL user function that is used by SQL code
+** generated by the ALTER TABLE ... RENAME command to modify the definition
+** of any foreign key constraints that use the table being renamed as the 
+** parent table. It is passed three arguments:
+**
+**   1) The complete text of the CREATE TABLE statement being modified,
+**   2) The old name of the table being renamed, and
+**   3) The new name of the table being renamed.
+**
+** It returns the new CREATE TABLE statement. For example:
+**
+**   sqlite_rename_parent('CREATE TABLE t1(a REFERENCES t2)', 't2', 't3')
+**       -> 'CREATE TABLE t1(a REFERENCES t3)'
+*/
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+static void renameParentFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **argv
+){
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  char *zOutput = 0;
+  char *zResult;
+  unsigned char const *zInput = sqlite3_value_text(argv[0]);
+  unsigned char const *zOld = sqlite3_value_text(argv[1]);
+  unsigned char const *zNew = sqlite3_value_text(argv[2]);
+
+  unsigned const char *z;         /* Pointer to token */
+  int n;                          /* Length of token z */
+  int token;                      /* Type of token */
+
+  UNUSED_PARAMETER(NotUsed);
+  if( zInput==0 || zOld==0 ) return;
+  for(z=zInput; *z; z=z+n){
+    n = sqlite3GetToken(z, &token);
+    if( token==TK_REFERENCES ){
+      char *zParent;
+      do {
+        z += n;
+        n = sqlite3GetToken(z, &token);
+      }while( token==TK_SPACE );
+
+      if( token==TK_ILLEGAL ) break;
+      zParent = sqlite3DbStrNDup(db, (const char *)z, n);
+      if( zParent==0 ) break;
+      sqlite3Dequote(zParent);
+      if( 0==sqlite3StrICmp((const char *)zOld, zParent) ){
+        char *zOut = sqlite3MPrintf(db, "%s%.*s\"%w\"", 
+            (zOutput?zOutput:""), (int)(z-zInput), zInput, (const char *)zNew
+        );
+        sqlite3DbFree(db, zOutput);
+        zOutput = zOut;
+        zInput = &z[n];
+      }
+      sqlite3DbFree(db, zParent);
+    }
+  }
+
+  zResult = sqlite3MPrintf(db, "%s%s", (zOutput?zOutput:""), zInput), 
+  sqlite3_result_text(context, zResult, -1, SQLITE_DYNAMIC);
+  sqlite3DbFree(db, zOutput);
+}
+#endif
+
+#ifndef SQLITE_OMIT_TRIGGER
+/* This function is used by SQL generated to implement the
+** ALTER TABLE command. The first argument is the text of a CREATE TRIGGER 
+** statement. The second is a table name. The table name in the CREATE 
+** TRIGGER statement is replaced with the third argument and the result 
+** returned. This is analagous to renameTableFunc() above, except for CREATE
+** TRIGGER, not CREATE INDEX and CREATE TABLE.
+*/
+static void renameTriggerFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **argv
+){
+  unsigned char const *zSql = sqlite3_value_text(argv[0]);
+  unsigned char const *zTableName = sqlite3_value_text(argv[1]);
+
+  int token;
+  Token tname;
+  int dist = 3;
+  unsigned char const *zCsr = zSql;
+  int len = 0;
+  char *zRet;
+  sqlite3 *db = sqlite3_context_db_handle(context);
+
+  UNUSED_PARAMETER(NotUsed);
+
+  /* The principle used to locate the table name in the CREATE TRIGGER 
+  ** statement is that the table name is the first token that is immediately
+  ** preceded by either TK_ON or TK_DOT and immediately followed by one
+  ** of TK_WHEN, TK_BEGIN or TK_FOR.
+  */
+  if( zSql ){
+    do {
+
+      if( !*zCsr ){
+        /* Ran out of input before finding the table name. Return NULL. */
+        return;
+      }
+
+      /* Store the token that zCsr points to in tname. */
+      tname.z = (char*)zCsr;
+      tname.n = len;
+
+      /* Advance zCsr to the next token. Store that token type in 'token',
+      ** and its length in 'len' (to be used next iteration of this loop).
+      */
+      do {
+        zCsr += len;
+        len = sqlite3GetToken(zCsr, &token);
+      }while( token==TK_SPACE );
+      assert( len>0 );
+
+      /* Variable 'dist' stores the number of tokens read since the most
+      ** recent TK_DOT or TK_ON. This means that when a WHEN, FOR or BEGIN 
+      ** token is read and 'dist' equals 2, the condition stated above
+      ** to be met.
+      **
+      ** Note that ON cannot be a database, table or column name, so
+      ** there is no need to worry about syntax like 
+      ** "CREATE TRIGGER ... ON ON.ON BEGIN ..." etc.
+      */
+      dist++;
+      if( token==TK_DOT || token==TK_ON ){
+        dist = 0;
+      }
+    } while( dist!=2 || (token!=TK_WHEN && token!=TK_FOR && token!=TK_BEGIN) );
+
+    /* Variable tname now contains the token that is the old table-name
+    ** in the CREATE TRIGGER statement.
+    */
+    zRet = sqlite3MPrintf(db, "%.*s\"%w\"%s", (int)(((u8*)tname.z) - zSql),
+       zSql, zTableName, tname.z+tname.n);
+    sqlite3_result_text(context, zRet, -1, SQLITE_DYNAMIC);
+  }
+}
+#endif   /* !SQLITE_OMIT_TRIGGER */
+
+/*
+** Register built-in functions used to help implement ALTER TABLE
+*/
+SQLITE_PRIVATE void sqlite3AlterFunctions(void){
+  static SQLITE_WSD FuncDef aAlterTableFuncs[] = {
+    FUNCTION(sqlite_rename_table,   2, 0, 0, renameTableFunc),
+#ifndef SQLITE_OMIT_TRIGGER
+    FUNCTION(sqlite_rename_trigger, 2, 0, 0, renameTriggerFunc),
+#endif
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+    FUNCTION(sqlite_rename_parent,  3, 0, 0, renameParentFunc),
+#endif
+  };
+  int i;
+  FuncDefHash *pHash = &GLOBAL(FuncDefHash, sqlite3GlobalFunctions);
+  FuncDef *aFunc = (FuncDef*)&GLOBAL(FuncDef, aAlterTableFuncs);
+
+  for(i=0; i<ArraySize(aAlterTableFuncs); i++){
+    sqlite3FuncDefInsert(pHash, &aFunc[i]);
+  }
+}
+
+/*
+** This function is used to create the text of expressions of the form:
+**
+**   name=<constant1> OR name=<constant2> OR ...
+**
+** If argument zWhere is NULL, then a pointer string containing the text 
+** "name=<constant>" is returned, where <constant> is the quoted version
+** of the string passed as argument zConstant. The returned buffer is
+** allocated using sqlite3DbMalloc(). It is the responsibility of the
+** caller to ensure that it is eventually freed.
+**
+** If argument zWhere is not NULL, then the string returned is 
+** "<where> OR name=<constant>", where <where> is the contents of zWhere.
+** In this case zWhere is passed to sqlite3DbFree() before returning.
+** 
+*/
+static char *whereOrName(sqlite3 *db, char *zWhere, char *zConstant){
+  char *zNew;
+  if( !zWhere ){
+    zNew = sqlite3MPrintf(db, "name=%Q", zConstant);
+  }else{
+    zNew = sqlite3MPrintf(db, "%s OR name=%Q", zWhere, zConstant);
+    sqlite3DbFree(db, zWhere);
+  }
+  return zNew;
+}
+
+#if !defined(SQLITE_OMIT_FOREIGN_KEY) && !defined(SQLITE_OMIT_TRIGGER)
+/*
+** Generate the text of a WHERE expression which can be used to select all
+** tables that have foreign key constraints that refer to table pTab (i.e.
+** constraints for which pTab is the parent table) from the sqlite_master
+** table.
+*/
+static char *whereForeignKeys(Parse *pParse, Table *pTab){
+  FKey *p;
+  char *zWhere = 0;
+  for(p=sqlite3FkReferences(pTab); p; p=p->pNextTo){
+    zWhere = whereOrName(pParse->db, zWhere, p->pFrom->zName);
+  }
+  return zWhere;
+}
+#endif
+
+/*
+** Generate the text of a WHERE expression which can be used to select all
+** temporary triggers on table pTab from the sqlite_temp_master table. If
+** table pTab has no temporary triggers, or is itself stored in the 
+** temporary database, NULL is returned.
+*/
+static char *whereTempTriggers(Parse *pParse, Table *pTab){
+  Trigger *pTrig;
+  char *zWhere = 0;
+  const Schema *pTempSchema = pParse->db->aDb[1].pSchema; /* Temp db schema */
+
+  /* If the table is not located in the temp-db (in which case NULL is 
+  ** returned, loop through the tables list of triggers. For each trigger
+  ** that is not part of the temp-db schema, add a clause to the WHERE 
+  ** expression being built up in zWhere.
+  */
+  if( pTab->pSchema!=pTempSchema ){
+    sqlite3 *db = pParse->db;
+    for(pTrig=sqlite3TriggerList(pParse, pTab); pTrig; pTrig=pTrig->pNext){
+      if( pTrig->pSchema==pTempSchema ){
+        zWhere = whereOrName(db, zWhere, pTrig->zName);
+      }
+    }
+  }
+  if( zWhere ){
+    char *zNew = sqlite3MPrintf(pParse->db, "type='trigger' AND (%s)", zWhere);
+    sqlite3DbFree(pParse->db, zWhere);
+    zWhere = zNew;
+  }
+  return zWhere;
+}
+
+/*
+** Generate code to drop and reload the internal representation of table
+** pTab from the database, including triggers and temporary triggers.
+** Argument zName is the name of the table in the database schema at
+** the time the generated code is executed. This can be different from
+** pTab->zName if this function is being called to code part of an 
+** "ALTER TABLE RENAME TO" statement.
+*/
+static void reloadTableSchema(Parse *pParse, Table *pTab, const char *zName){
+  Vdbe *v;
+  char *zWhere;
+  int iDb;                   /* Index of database containing pTab */
+#ifndef SQLITE_OMIT_TRIGGER
+  Trigger *pTrig;
+#endif
+
+  v = sqlite3GetVdbe(pParse);
+  if( NEVER(v==0) ) return;
+  assert( sqlite3BtreeHoldsAllMutexes(pParse->db) );
+  iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+  assert( iDb>=0 );
+
+#ifndef SQLITE_OMIT_TRIGGER
+  /* Drop any table triggers from the internal schema. */
+  for(pTrig=sqlite3TriggerList(pParse, pTab); pTrig; pTrig=pTrig->pNext){
+    int iTrigDb = sqlite3SchemaToIndex(pParse->db, pTrig->pSchema);
+    assert( iTrigDb==iDb || iTrigDb==1 );
+    sqlite3VdbeAddOp4(v, OP_DropTrigger, iTrigDb, 0, 0, pTrig->zName, 0);
+  }
+#endif
+
+  /* Drop the table and index from the internal schema.  */
+  sqlite3VdbeAddOp4(v, OP_DropTable, iDb, 0, 0, pTab->zName, 0);
+
+  /* Reload the table, index and permanent trigger schemas. */
+  zWhere = sqlite3MPrintf(pParse->db, "tbl_name=%Q", zName);
+  if( !zWhere ) return;
+  sqlite3VdbeAddParseSchemaOp(v, iDb, zWhere);
+
+#ifndef SQLITE_OMIT_TRIGGER
+  /* Now, if the table is not stored in the temp database, reload any temp 
+  ** triggers. Don't use IN(...) in case SQLITE_OMIT_SUBQUERY is defined. 
+  */
+  if( (zWhere=whereTempTriggers(pParse, pTab))!=0 ){
+    sqlite3VdbeAddParseSchemaOp(v, 1, zWhere);
+  }
+#endif
+}
+
+/*
+** Parameter zName is the name of a table that is about to be altered
+** (either with ALTER TABLE ... RENAME TO or ALTER TABLE ... ADD COLUMN).
+** If the table is a system table, this function leaves an error message
+** in pParse->zErr (system tables may not be altered) and returns non-zero.
+**
+** Or, if zName is not a system table, zero is returned.
+*/
+static int isSystemTable(Parse *pParse, const char *zName){
+  if( sqlite3Strlen30(zName)>6 && 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
+    sqlite3ErrorMsg(pParse, "table %s may not be altered", zName);
+    return 1;
+  }
+  return 0;
+}
+
+/*
+** Generate code to implement the "ALTER TABLE xxx RENAME TO yyy" 
+** command. 
+*/
+SQLITE_PRIVATE void sqlite3AlterRenameTable(
+  Parse *pParse,            /* Parser context. */
+  SrcList *pSrc,            /* The table to rename. */
+  Token *pName              /* The new table name. */
+){
+  int iDb;                  /* Database that contains the table */
+  char *zDb;                /* Name of database iDb */
+  Table *pTab;              /* Table being renamed */
+  char *zName = 0;          /* NULL-terminated version of pName */ 
+  sqlite3 *db = pParse->db; /* Database connection */
+  int nTabName;             /* Number of UTF-8 characters in zTabName */
+  const char *zTabName;     /* Original name of the table */
+  Vdbe *v;
+#ifndef SQLITE_OMIT_TRIGGER
+  char *zWhere = 0;         /* Where clause to locate temp triggers */
+#endif
+  VTable *pVTab = 0;        /* Non-zero if this is a v-tab with an xRename() */
+  int savedDbFlags;         /* Saved value of db->flags */
+
+  savedDbFlags = db->flags;  
+  if( NEVER(db->mallocFailed) ) goto exit_rename_table;
+  assert( pSrc->nSrc==1 );
+  assert( sqlite3BtreeHoldsAllMutexes(pParse->db) );
+
+  pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]);
+  if( !pTab ) goto exit_rename_table;
+  iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+  zDb = db->aDb[iDb].zName;
+  db->flags |= SQLITE_PreferBuiltin;
+
+  /* Get a NULL terminated version of the new table name. */
+  zName = sqlite3NameFromToken(db, pName);
+  if( !zName ) goto exit_rename_table;
+
+  /* Check that a table or index named 'zName' does not already exist
+  ** in database iDb. If so, this is an error.
+  */
+  if( sqlite3FindTable(db, zName, zDb) || sqlite3FindIndex(db, zName, zDb) ){
+    sqlite3ErrorMsg(pParse, 
+        "there is already another table or index with this name: %s", zName);
+    goto exit_rename_table;
+  }
+
+  /* Make sure it is not a system table being altered, or a reserved name
+  ** that the table is being renamed to.
+  */
+  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
+    goto exit_rename_table;
+  }
+  if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){ goto
+    exit_rename_table;
+  }
+
+#ifndef SQLITE_OMIT_VIEW
+  if( pTab->pSelect ){
+    sqlite3ErrorMsg(pParse, "view %s may not be altered", pTab->zName);
+    goto exit_rename_table;
+  }
+#endif
+
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  /* Invoke the authorization callback. */
+  if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){
+    goto exit_rename_table;
+  }
+#endif
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( sqlite3ViewGetColumnNames(pParse, pTab) ){
+    goto exit_rename_table;
+  }
+  if( IsVirtual(pTab) ){
+    pVTab = sqlite3GetVTable(db, pTab);
+    if( pVTab->pVtab->pModule->xRename==0 ){
+      pVTab = 0;
+    }
+  }
+#endif
+
+  /* Begin a transaction for database iDb. 
+  ** Then modify the schema cookie (since the ALTER TABLE modifies the
+  ** schema). Open a statement transaction if the table is a virtual
+  ** table.
+  */
+  v = sqlite3GetVdbe(pParse);
+  if( v==0 ){
+    goto exit_rename_table;
+  }
+  sqlite3BeginWriteOperation(pParse, pVTab!=0, iDb);
+  sqlite3ChangeCookie(pParse, iDb);
+
+  /* If this is a virtual table, invoke the xRename() function if
+  ** one is defined. The xRename() callback will modify the names
+  ** of any resources used by the v-table implementation (including other
+  ** SQLite tables) that are identified by the name of the virtual table.
+  */
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( pVTab ){
+    int i = ++pParse->nMem;
+    sqlite3VdbeLoadString(v, i, zName);
+    sqlite3VdbeAddOp4(v, OP_VRename, i, 0, 0,(const char*)pVTab, P4_VTAB);
+    sqlite3MayAbort(pParse);
+  }
+#endif
+
+  /* figure out how many UTF-8 characters are in zName */
+  zTabName = pTab->zName;
+  nTabName = sqlite3Utf8CharLen(zTabName, -1);
+
+#if !defined(SQLITE_OMIT_FOREIGN_KEY) && !defined(SQLITE_OMIT_TRIGGER)
+  if( db->flags&SQLITE_ForeignKeys ){
+    /* If foreign-key support is enabled, rewrite the CREATE TABLE 
+    ** statements corresponding to all child tables of foreign key constraints
+    ** for which the renamed table is the parent table.  */
+    if( (zWhere=whereForeignKeys(pParse, pTab))!=0 ){
+      sqlite3NestedParse(pParse, 
+          "UPDATE \"%w\".%s SET "
+              "sql = sqlite_rename_parent(sql, %Q, %Q) "
+              "WHERE %s;", zDb, SCHEMA_TABLE(iDb), zTabName, zName, zWhere);
+      sqlite3DbFree(db, zWhere);
+    }
+  }
+#endif
+
+  /* Modify the sqlite_master table to use the new table name. */
+  sqlite3NestedParse(pParse,
+      "UPDATE %Q.%s SET "
+#ifdef SQLITE_OMIT_TRIGGER
+          "sql = sqlite_rename_table(sql, %Q), "
+#else
+          "sql = CASE "
+            "WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)"
+            "ELSE sqlite_rename_table(sql, %Q) END, "
+#endif
+          "tbl_name = %Q, "
+          "name = CASE "
+            "WHEN type='table' THEN %Q "
+            "WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN "
+             "'sqlite_autoindex_' || %Q || substr(name,%d+18) "
+            "ELSE name END "
+      "WHERE tbl_name=%Q COLLATE nocase AND "
+          "(type='table' OR type='index' OR type='trigger');", 
+      zDb, SCHEMA_TABLE(iDb), zName, zName, zName, 
+#ifndef SQLITE_OMIT_TRIGGER
+      zName,
+#endif
+      zName, nTabName, zTabName
+  );
+
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+  /* If the sqlite_sequence table exists in this database, then update 
+  ** it with the new table name.
+  */
+  if( sqlite3FindTable(db, "sqlite_sequence", zDb) ){
+    sqlite3NestedParse(pParse,
+        "UPDATE \"%w\".sqlite_sequence set name = %Q WHERE name = %Q",
+        zDb, zName, pTab->zName);
+  }
+#endif
+
+#ifndef SQLITE_OMIT_TRIGGER
+  /* If there are TEMP triggers on this table, modify the sqlite_temp_master
+  ** table. Don't do this if the table being ALTERed is itself located in
+  ** the temp database.
+  */
+  if( (zWhere=whereTempTriggers(pParse, pTab))!=0 ){
+    sqlite3NestedParse(pParse, 
+        "UPDATE sqlite_temp_master SET "
+            "sql = sqlite_rename_trigger(sql, %Q), "
+            "tbl_name = %Q "
+            "WHERE %s;", zName, zName, zWhere);
+    sqlite3DbFree(db, zWhere);
+  }
+#endif
+
+#if !defined(SQLITE_OMIT_FOREIGN_KEY) && !defined(SQLITE_OMIT_TRIGGER)
+  if( db->flags&SQLITE_ForeignKeys ){
+    FKey *p;
+    for(p=sqlite3FkReferences(pTab); p; p=p->pNextTo){
+      Table *pFrom = p->pFrom;
+      if( pFrom!=pTab ){
+        reloadTableSchema(pParse, p->pFrom, pFrom->zName);
+      }
+    }
+  }
+#endif
+
+  /* Drop and reload the internal table schema. */
+  reloadTableSchema(pParse, pTab, zName);
+
+exit_rename_table:
+  sqlite3SrcListDelete(db, pSrc);
+  sqlite3DbFree(db, zName);
+  db->flags = savedDbFlags;
+}
+
+
+/*
+** Generate code to make sure the file format number is at least minFormat.
+** The generated code will increase the file format number if necessary.
+*/
+SQLITE_PRIVATE void sqlite3MinimumFileFormat(Parse *pParse, int iDb, int minFormat){
+  Vdbe *v;
+  v = sqlite3GetVdbe(pParse);
+  /* The VDBE should have been allocated before this routine is called.
+  ** If that allocation failed, we would have quit before reaching this
+  ** point */
+  if( ALWAYS(v) ){
+    int r1 = sqlite3GetTempReg(pParse);
+    int r2 = sqlite3GetTempReg(pParse);
+    int addr1;
+    sqlite3VdbeAddOp3(v, OP_ReadCookie, iDb, r1, BTREE_FILE_FORMAT);
+    sqlite3VdbeUsesBtree(v, iDb);
+    sqlite3VdbeAddOp2(v, OP_Integer, minFormat, r2);
+    addr1 = sqlite3VdbeAddOp3(v, OP_Ge, r2, 0, r1);
+    sqlite3VdbeChangeP5(v, SQLITE_NOTNULL); VdbeCoverage(v);
+    sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, BTREE_FILE_FORMAT, r2);
+    sqlite3VdbeJumpHere(v, addr1);
+    sqlite3ReleaseTempReg(pParse, r1);
+    sqlite3ReleaseTempReg(pParse, r2);
+  }
+}
+
+/*
+** This function is called after an "ALTER TABLE ... ADD" statement
+** has been parsed. Argument pColDef contains the text of the new
+** column definition.
+**
+** The Table structure pParse->pNewTable was extended to include
+** the new column during parsing.
+*/
+SQLITE_PRIVATE void sqlite3AlterFinishAddColumn(Parse *pParse, Token *pColDef){
+  Table *pNew;              /* Copy of pParse->pNewTable */
+  Table *pTab;              /* Table being altered */
+  int iDb;                  /* Database number */
+  const char *zDb;          /* Database name */
+  const char *zTab;         /* Table name */
+  char *zCol;               /* Null-terminated column definition */
+  Column *pCol;             /* The new column */
+  Expr *pDflt;              /* Default value for the new column */
+  sqlite3 *db;              /* The database connection; */
+
+  db = pParse->db;
+  if( pParse->nErr || db->mallocFailed ) return;
+  pNew = pParse->pNewTable;
+  assert( pNew );
+
+  assert( sqlite3BtreeHoldsAllMutexes(db) );
+  iDb = sqlite3SchemaToIndex(db, pNew->pSchema);
+  zDb = db->aDb[iDb].zName;
+  zTab = &pNew->zName[16];  /* Skip the "sqlite_altertab_" prefix on the name */
+  pCol = &pNew->aCol[pNew->nCol-1];
+  pDflt = pCol->pDflt;
+  pTab = sqlite3FindTable(db, zTab, zDb);
+  assert( pTab );
+
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  /* Invoke the authorization callback. */
+  if( sqlite3AuthCheck(pParse, SQLITE_ALTER_TABLE, zDb, pTab->zName, 0) ){
+    return;
+  }
+#endif
+
+  /* If the default value for the new column was specified with a 
+  ** literal NULL, then set pDflt to 0. This simplifies checking
+  ** for an SQL NULL default below.
+  */
+  if( pDflt && pDflt->op==TK_NULL ){
+    pDflt = 0;
+  }
+
+  /* Check that the new column is not specified as PRIMARY KEY or UNIQUE.
+  ** If there is a NOT NULL constraint, then the default value for the
+  ** column must not be NULL.
+  */
+  if( pCol->colFlags & COLFLAG_PRIMKEY ){
+    sqlite3ErrorMsg(pParse, "Cannot add a PRIMARY KEY column");
+    return;
+  }
+  if( pNew->pIndex ){
+    sqlite3ErrorMsg(pParse, "Cannot add a UNIQUE column");
+    return;
+  }
+  if( (db->flags&SQLITE_ForeignKeys) && pNew->pFKey && pDflt ){
+    sqlite3ErrorMsg(pParse, 
+        "Cannot add a REFERENCES column with non-NULL default value");
+    return;
+  }
+  if( pCol->notNull && !pDflt ){
+    sqlite3ErrorMsg(pParse, 
+        "Cannot add a NOT NULL column with default value NULL");
+    return;
+  }
+
+  /* Ensure the default expression is something that sqlite3ValueFromExpr()
+  ** can handle (i.e. not CURRENT_TIME etc.)
+  */
+  if( pDflt ){
+    sqlite3_value *pVal = 0;
+    int rc;
+    rc = sqlite3ValueFromExpr(db, pDflt, SQLITE_UTF8, SQLITE_AFF_BLOB, &pVal);
+    assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
+    if( rc!=SQLITE_OK ){
+      db->mallocFailed = 1;
+      return;
+    }
+    if( !pVal ){
+      sqlite3ErrorMsg(pParse, "Cannot add a column with non-constant default");
+      return;
+    }
+    sqlite3ValueFree(pVal);
+  }
+
+  /* Modify the CREATE TABLE statement. */
+  zCol = sqlite3DbStrNDup(db, (char*)pColDef->z, pColDef->n);
+  if( zCol ){
+    char *zEnd = &zCol[pColDef->n-1];
+    int savedDbFlags = db->flags;
+    while( zEnd>zCol && (*zEnd==';' || sqlite3Isspace(*zEnd)) ){
+      *zEnd-- = '\0';
+    }
+    db->flags |= SQLITE_PreferBuiltin;
+    sqlite3NestedParse(pParse, 
+        "UPDATE \"%w\".%s SET "
+          "sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) "
+        "WHERE type = 'table' AND name = %Q", 
+      zDb, SCHEMA_TABLE(iDb), pNew->addColOffset, zCol, pNew->addColOffset+1,
+      zTab
+    );
+    sqlite3DbFree(db, zCol);
+    db->flags = savedDbFlags;
+  }
+
+  /* If the default value of the new column is NULL, then set the file
+  ** format to 2. If the default value of the new column is not NULL,
+  ** the file format becomes 3.
+  */
+  sqlite3MinimumFileFormat(pParse, iDb, pDflt ? 3 : 2);
+
+  /* Reload the schema of the modified table. */
+  reloadTableSchema(pParse, pTab, pTab->zName);
+}
+
+/*
+** This function is called by the parser after the table-name in
+** an "ALTER TABLE <table-name> ADD" statement is parsed. Argument 
+** pSrc is the full-name of the table being altered.
+**
+** This routine makes a (partial) copy of the Table structure
+** for the table being altered and sets Parse.pNewTable to point
+** to it. Routines called by the parser as the column definition
+** is parsed (i.e. sqlite3AddColumn()) add the new Column data to 
+** the copy. The copy of the Table structure is deleted by tokenize.c 
+** after parsing is finished.
+**
+** Routine sqlite3AlterFinishAddColumn() will be called to complete
+** coding the "ALTER TABLE ... ADD" statement.
+*/
+SQLITE_PRIVATE void sqlite3AlterBeginAddColumn(Parse *pParse, SrcList *pSrc){
+  Table *pNew;
+  Table *pTab;
+  Vdbe *v;
+  int iDb;
+  int i;
+  int nAlloc;
+  sqlite3 *db = pParse->db;
+
+  /* Look up the table being altered. */
+  assert( pParse->pNewTable==0 );
+  assert( sqlite3BtreeHoldsAllMutexes(db) );
+  if( db->mallocFailed ) goto exit_begin_add_column;
+  pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]);
+  if( !pTab ) goto exit_begin_add_column;
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( IsVirtual(pTab) ){
+    sqlite3ErrorMsg(pParse, "virtual tables may not be altered");
+    goto exit_begin_add_column;
+  }
+#endif
+
+  /* Make sure this is not an attempt to ALTER a view. */
+  if( pTab->pSelect ){
+    sqlite3ErrorMsg(pParse, "Cannot add a column to a view");
+    goto exit_begin_add_column;
+  }
+  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
+    goto exit_begin_add_column;
+  }
+
+  assert( pTab->addColOffset>0 );
+  iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+
+  /* Put a copy of the Table struct in Parse.pNewTable for the
+  ** sqlite3AddColumn() function and friends to modify.  But modify
+  ** the name by adding an "sqlite_altertab_" prefix.  By adding this
+  ** prefix, we insure that the name will not collide with an existing
+  ** table because user table are not allowed to have the "sqlite_"
+  ** prefix on their name.
+  */
+  pNew = (Table*)sqlite3DbMallocZero(db, sizeof(Table));
+  if( !pNew ) goto exit_begin_add_column;
+  pParse->pNewTable = pNew;
+  pNew->nRef = 1;
+  pNew->nCol = pTab->nCol;
+  assert( pNew->nCol>0 );
+  nAlloc = (((pNew->nCol-1)/8)*8)+8;
+  assert( nAlloc>=pNew->nCol && nAlloc%8==0 && nAlloc-pNew->nCol<8 );
+  pNew->aCol = (Column*)sqlite3DbMallocZero(db, sizeof(Column)*nAlloc);
+  pNew->zName = sqlite3MPrintf(db, "sqlite_altertab_%s", pTab->zName);
+  if( !pNew->aCol || !pNew->zName ){
+    db->mallocFailed = 1;
+    goto exit_begin_add_column;
+  }
+  memcpy(pNew->aCol, pTab->aCol, sizeof(Column)*pNew->nCol);
+  for(i=0; i<pNew->nCol; i++){
+    Column *pCol = &pNew->aCol[i];
+    pCol->zName = sqlite3DbStrDup(db, pCol->zName);
+    pCol->zColl = 0;
+    pCol->zType = 0;
+    pCol->pDflt = 0;
+    pCol->zDflt = 0;
+  }
+  pNew->pSchema = db->aDb[iDb].pSchema;
+  pNew->addColOffset = pTab->addColOffset;
+  pNew->nRef = 1;
+
+  /* Begin a transaction and increment the schema cookie.  */
+  sqlite3BeginWriteOperation(pParse, 0, iDb);
+  v = sqlite3GetVdbe(pParse);
+  if( !v ) goto exit_begin_add_column;
+  sqlite3ChangeCookie(pParse, iDb);
+
+exit_begin_add_column:
+  sqlite3SrcListDelete(db, pSrc);
+  return;
+}
+#endif  /* SQLITE_ALTER_TABLE */
+
+/************** End of alter.c ***********************************************/
+/************** Begin file analyze.c *****************************************/
+/*
+** 2005-07-08
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code associated with the ANALYZE command.
+**
+** The ANALYZE command gather statistics about the content of tables
+** and indices.  These statistics are made available to the query planner
+** to help it make better decisions about how to perform queries.
+**
+** The following system tables are or have been supported:
+**
+**    CREATE TABLE sqlite_stat1(tbl, idx, stat);
+**    CREATE TABLE sqlite_stat2(tbl, idx, sampleno, sample);
+**    CREATE TABLE sqlite_stat3(tbl, idx, nEq, nLt, nDLt, sample);
+**    CREATE TABLE sqlite_stat4(tbl, idx, nEq, nLt, nDLt, sample);
+**
+** Additional tables might be added in future releases of SQLite.
+** The sqlite_stat2 table is not created or used unless the SQLite version
+** is between 3.6.18 and 3.7.8, inclusive, and unless SQLite is compiled
+** with SQLITE_ENABLE_STAT2.  The sqlite_stat2 table is deprecated.
+** The sqlite_stat2 table is superseded by sqlite_stat3, which is only
+** created and used by SQLite versions 3.7.9 and later and with
+** SQLITE_ENABLE_STAT3 defined.  The functionality of sqlite_stat3
+** is a superset of sqlite_stat2.  The sqlite_stat4 is an enhanced
+** version of sqlite_stat3 and is only available when compiled with
+** SQLITE_ENABLE_STAT4 and in SQLite versions 3.8.1 and later.  It is
+** not possible to enable both STAT3 and STAT4 at the same time.  If they
+** are both enabled, then STAT4 takes precedence.
+**
+** For most applications, sqlite_stat1 provides all the statistics required
+** for the query planner to make good choices.
+**
+** Format of sqlite_stat1:
+**
+** There is normally one row per index, with the index identified by the
+** name in the idx column.  The tbl column is the name of the table to
+** which the index belongs.  In each such row, the stat column will be
+** a string consisting of a list of integers.  The first integer in this
+** list is the number of rows in the index.  (This is the same as the
+** number of rows in the table, except for partial indices.)  The second
+** integer is the average number of rows in the index that have the same
+** value in the first column of the index.  The third integer is the average
+** number of rows in the index that have the same value for the first two
+** columns.  The N-th integer (for N>1) is the average number of rows in 
+** the index which have the same value for the first N-1 columns.  For
+** a K-column index, there will be K+1 integers in the stat column.  If
+** the index is unique, then the last integer will be 1.
+**
+** The list of integers in the stat column can optionally be followed
+** by the keyword "unordered".  The "unordered" keyword, if it is present,
+** must be separated from the last integer by a single space.  If the
+** "unordered" keyword is present, then the query planner assumes that
+** the index is unordered and will not use the index for a range query.
+** 
+** If the sqlite_stat1.idx column is NULL, then the sqlite_stat1.stat
+** column contains a single integer which is the (estimated) number of
+** rows in the table identified by sqlite_stat1.tbl.
+**
+** Format of sqlite_stat2:
+**
+** The sqlite_stat2 is only created and is only used if SQLite is compiled
+** with SQLITE_ENABLE_STAT2 and if the SQLite version number is between
+** 3.6.18 and 3.7.8.  The "stat2" table contains additional information
+** about the distribution of keys within an index.  The index is identified by
+** the "idx" column and the "tbl" column is the name of the table to which
+** the index belongs.  There are usually 10 rows in the sqlite_stat2
+** table for each index.
+**
+** The sqlite_stat2 entries for an index that have sampleno between 0 and 9
+** inclusive are samples of the left-most key value in the index taken at
+** evenly spaced points along the index.  Let the number of samples be S
+** (10 in the standard build) and let C be the number of rows in the index.
+** Then the sampled rows are given by:
+**
+**     rownumber = (i*C*2 + C)/(S*2)
+**
+** For i between 0 and S-1.  Conceptually, the index space is divided into
+** S uniform buckets and the samples are the middle row from each bucket.
+**
+** The format for sqlite_stat2 is recorded here for legacy reference.  This
+** version of SQLite does not support sqlite_stat2.  It neither reads nor
+** writes the sqlite_stat2 table.  This version of SQLite only supports
+** sqlite_stat3.
+**
+** Format for sqlite_stat3:
+**
+** The sqlite_stat3 format is a subset of sqlite_stat4.  Hence, the
+** sqlite_stat4 format will be described first.  Further information
+** about sqlite_stat3 follows the sqlite_stat4 description.
+**
+** Format for sqlite_stat4:
+**
+** As with sqlite_stat2, the sqlite_stat4 table contains histogram data
+** to aid the query planner in choosing good indices based on the values
+** that indexed columns are compared against in the WHERE clauses of
+** queries.
+**
+** The sqlite_stat4 table contains multiple entries for each index.
+** The idx column names the index and the tbl column is the table of the
+** index.  If the idx and tbl columns are the same, then the sample is
+** of the INTEGER PRIMARY KEY.  The sample column is a blob which is the
+** binary encoding of a key from the index.  The nEq column is a
+** list of integers.  The first integer is the approximate number
+** of entries in the index whose left-most column exactly matches
+** the left-most column of the sample.  The second integer in nEq
+** is the approximate number of entries in the index where the
+** first two columns match the first two columns of the sample.
+** And so forth.  nLt is another list of integers that show the approximate
+** number of entries that are strictly less than the sample.  The first
+** integer in nLt contains the number of entries in the index where the
+** left-most column is less than the left-most column of the sample.
+** The K-th integer in the nLt entry is the number of index entries 
+** where the first K columns are less than the first K columns of the
+** sample.  The nDLt column is like nLt except that it contains the 
+** number of distinct entries in the index that are less than the
+** sample.
+**
+** There can be an arbitrary number of sqlite_stat4 entries per index.
+** The ANALYZE command will typically generate sqlite_stat4 tables
+** that contain between 10 and 40 samples which are distributed across
+** the key space, though not uniformly, and which include samples with
+** large nEq values.
+**
+** Format for sqlite_stat3 redux:
+**
+** The sqlite_stat3 table is like sqlite_stat4 except that it only
+** looks at the left-most column of the index.  The sqlite_stat3.sample
+** column contains the actual value of the left-most column instead
+** of a blob encoding of the complete index key as is found in
+** sqlite_stat4.sample.  The nEq, nLt, and nDLt entries of sqlite_stat3
+** all contain just a single integer which is the same as the first
+** integer in the equivalent columns in sqlite_stat4.
+*/
+#ifndef SQLITE_OMIT_ANALYZE
+/* #include "sqliteInt.h" */
+
+#if defined(SQLITE_ENABLE_STAT4)
+# define IsStat4     1
+# define IsStat3     0
+#elif defined(SQLITE_ENABLE_STAT3)
+# define IsStat4     0
+# define IsStat3     1
+#else
+# define IsStat4     0
+# define IsStat3     0
+# undef SQLITE_STAT4_SAMPLES
+# define SQLITE_STAT4_SAMPLES 1
+#endif
+#define IsStat34    (IsStat3+IsStat4)  /* 1 for STAT3 or STAT4. 0 otherwise */
+
+/*
+** This routine generates code that opens the sqlite_statN tables.
+** The sqlite_stat1 table is always relevant.  sqlite_stat2 is now
+** obsolete.  sqlite_stat3 and sqlite_stat4 are only opened when
+** appropriate compile-time options are provided.
+**
+** If the sqlite_statN tables do not previously exist, it is created.
+**
+** Argument zWhere may be a pointer to a buffer containing a table name,
+** or it may be a NULL pointer. If it is not NULL, then all entries in
+** the sqlite_statN tables associated with the named table are deleted.
+** If zWhere==0, then code is generated to delete all stat table entries.
+*/
+static void openStatTable(
+  Parse *pParse,          /* Parsing context */
+  int iDb,                /* The database we are looking in */
+  int iStatCur,           /* Open the sqlite_stat1 table on this cursor */
+  const char *zWhere,     /* Delete entries for this table or index */
+  const char *zWhereType  /* Either "tbl" or "idx" */
+){
+  static const struct {
+    const char *zName;
+    const char *zCols;
+  } aTable[] = {
+    { "sqlite_stat1", "tbl,idx,stat" },
+#if defined(SQLITE_ENABLE_STAT4)
+    { "sqlite_stat4", "tbl,idx,neq,nlt,ndlt,sample" },
+    { "sqlite_stat3", 0 },
+#elif defined(SQLITE_ENABLE_STAT3)
+    { "sqlite_stat3", "tbl,idx,neq,nlt,ndlt,sample" },
+    { "sqlite_stat4", 0 },
+#else
+    { "sqlite_stat3", 0 },
+    { "sqlite_stat4", 0 },
+#endif
+  };
+  int i;
+  sqlite3 *db = pParse->db;
+  Db *pDb;
+  Vdbe *v = sqlite3GetVdbe(pParse);
+  int aRoot[ArraySize(aTable)];
+  u8 aCreateTbl[ArraySize(aTable)];
+
+  if( v==0 ) return;
+  assert( sqlite3BtreeHoldsAllMutexes(db) );
+  assert( sqlite3VdbeDb(v)==db );
+  pDb = &db->aDb[iDb];
+
+  /* Create new statistic tables if they do not exist, or clear them
+  ** if they do already exist.
+  */
+  for(i=0; i<ArraySize(aTable); i++){
+    const char *zTab = aTable[i].zName;
+    Table *pStat;
+    if( (pStat = sqlite3FindTable(db, zTab, pDb->zName))==0 ){
+      if( aTable[i].zCols ){
+        /* The sqlite_statN table does not exist. Create it. Note that a 
+        ** side-effect of the CREATE TABLE statement is to leave the rootpage 
+        ** of the new table in register pParse->regRoot. This is important 
+        ** because the OpenWrite opcode below will be needing it. */
+        sqlite3NestedParse(pParse,
+            "CREATE TABLE %Q.%s(%s)", pDb->zName, zTab, aTable[i].zCols
+        );
+        aRoot[i] = pParse->regRoot;
+        aCreateTbl[i] = OPFLAG_P2ISREG;
+      }
+    }else{
+      /* The table already exists. If zWhere is not NULL, delete all entries 
+      ** associated with the table zWhere. If zWhere is NULL, delete the
+      ** entire contents of the table. */
+      aRoot[i] = pStat->tnum;
+      aCreateTbl[i] = 0;
+      sqlite3TableLock(pParse, iDb, aRoot[i], 1, zTab);
+      if( zWhere ){
+        sqlite3NestedParse(pParse,
+           "DELETE FROM %Q.%s WHERE %s=%Q",
+           pDb->zName, zTab, zWhereType, zWhere
+        );
+      }else{
+        /* The sqlite_stat[134] table already exists.  Delete all rows. */
+        sqlite3VdbeAddOp2(v, OP_Clear, aRoot[i], iDb);
+      }
+    }
+  }
+
+  /* Open the sqlite_stat[134] tables for writing. */
+  for(i=0; aTable[i].zCols; i++){
+    assert( i<ArraySize(aTable) );
+    sqlite3VdbeAddOp4Int(v, OP_OpenWrite, iStatCur+i, aRoot[i], iDb, 3);
+    sqlite3VdbeChangeP5(v, aCreateTbl[i]);
+    VdbeComment((v, aTable[i].zName));
+  }
+}
+
+/*
+** Recommended number of samples for sqlite_stat4
+*/
+#ifndef SQLITE_STAT4_SAMPLES
+# define SQLITE_STAT4_SAMPLES 24
+#endif
+
+/*
+** Three SQL functions - stat_init(), stat_push(), and stat_get() -
+** share an instance of the following structure to hold their state
+** information.
+*/
+typedef struct Stat4Accum Stat4Accum;
+typedef struct Stat4Sample Stat4Sample;
+struct Stat4Sample {
+  tRowcnt *anEq;                  /* sqlite_stat4.nEq */
+  tRowcnt *anDLt;                 /* sqlite_stat4.nDLt */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  tRowcnt *anLt;                  /* sqlite_stat4.nLt */
+  union {
+    i64 iRowid;                     /* Rowid in main table of the key */
+    u8 *aRowid;                     /* Key for WITHOUT ROWID tables */
+  } u;
+  u32 nRowid;                     /* Sizeof aRowid[] */
+  u8 isPSample;                   /* True if a periodic sample */
+  int iCol;                       /* If !isPSample, the reason for inclusion */
+  u32 iHash;                      /* Tiebreaker hash */
+#endif
+};                                                    
+struct Stat4Accum {
+  tRowcnt nRow;             /* Number of rows in the entire table */
+  tRowcnt nPSample;         /* How often to do a periodic sample */
+  int nCol;                 /* Number of columns in index + pk/rowid */
+  int nKeyCol;              /* Number of index columns w/o the pk/rowid */
+  int mxSample;             /* Maximum number of samples to accumulate */
+  Stat4Sample current;      /* Current row as a Stat4Sample */
+  u32 iPrn;                 /* Pseudo-random number used for sampling */
+  Stat4Sample *aBest;       /* Array of nCol best samples */
+  int iMin;                 /* Index in a[] of entry with minimum score */
+  int nSample;              /* Current number of samples */
+  int iGet;                 /* Index of current sample accessed by stat_get() */
+  Stat4Sample *a;           /* Array of mxSample Stat4Sample objects */
+  sqlite3 *db;              /* Database connection, for malloc() */
+};
+
+/* Reclaim memory used by a Stat4Sample
+*/
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+static void sampleClear(sqlite3 *db, Stat4Sample *p){
+  assert( db!=0 );
+  if( p->nRowid ){
+    sqlite3DbFree(db, p->u.aRowid);
+    p->nRowid = 0;
+  }
+}
+#endif
+
+/* Initialize the BLOB value of a ROWID
+*/
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+static void sampleSetRowid(sqlite3 *db, Stat4Sample *p, int n, const u8 *pData){
+  assert( db!=0 );
+  if( p->nRowid ) sqlite3DbFree(db, p->u.aRowid);
+  p->u.aRowid = sqlite3DbMallocRaw(db, n);
+  if( p->u.aRowid ){
+    p->nRowid = n;
+    memcpy(p->u.aRowid, pData, n);
+  }else{
+    p->nRowid = 0;
+  }
+}
+#endif
+
+/* Initialize the INTEGER value of a ROWID.
+*/
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+static void sampleSetRowidInt64(sqlite3 *db, Stat4Sample *p, i64 iRowid){
+  assert( db!=0 );
+  if( p->nRowid ) sqlite3DbFree(db, p->u.aRowid);
+  p->nRowid = 0;
+  p->u.iRowid = iRowid;
+}
+#endif
+
+
+/*
+** Copy the contents of object (*pFrom) into (*pTo).
+*/
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+static void sampleCopy(Stat4Accum *p, Stat4Sample *pTo, Stat4Sample *pFrom){
+  pTo->isPSample = pFrom->isPSample;
+  pTo->iCol = pFrom->iCol;
+  pTo->iHash = pFrom->iHash;
+  memcpy(pTo->anEq, pFrom->anEq, sizeof(tRowcnt)*p->nCol);
+  memcpy(pTo->anLt, pFrom->anLt, sizeof(tRowcnt)*p->nCol);
+  memcpy(pTo->anDLt, pFrom->anDLt, sizeof(tRowcnt)*p->nCol);
+  if( pFrom->nRowid ){
+    sampleSetRowid(p->db, pTo, pFrom->nRowid, pFrom->u.aRowid);
+  }else{
+    sampleSetRowidInt64(p->db, pTo, pFrom->u.iRowid);
+  }
+}
+#endif
+
+/*
+** Reclaim all memory of a Stat4Accum structure.
+*/
+static void stat4Destructor(void *pOld){
+  Stat4Accum *p = (Stat4Accum*)pOld;
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  int i;
+  for(i=0; i<p->nCol; i++) sampleClear(p->db, p->aBest+i);
+  for(i=0; i<p->mxSample; i++) sampleClear(p->db, p->a+i);
+  sampleClear(p->db, &p->current);
+#endif
+  sqlite3DbFree(p->db, p);
+}
+
+/*
+** Implementation of the stat_init(N,K,C) SQL function. The three parameters
+** are:
+**     N:    The number of columns in the index including the rowid/pk (note 1)
+**     K:    The number of columns in the index excluding the rowid/pk.
+**     C:    The number of rows in the index (note 2)
+**
+** Note 1:  In the special case of the covering index that implements a
+** WITHOUT ROWID table, N is the number of PRIMARY KEY columns, not the
+** total number of columns in the table.
+**
+** Note 2:  C is only used for STAT3 and STAT4.
+**
+** For indexes on ordinary rowid tables, N==K+1.  But for indexes on
+** WITHOUT ROWID tables, N=K+P where P is the number of columns in the
+** PRIMARY KEY of the table.  The covering index that implements the
+** original WITHOUT ROWID table as N==K as a special case.
+**
+** This routine allocates the Stat4Accum object in heap memory. The return 
+** value is a pointer to the Stat4Accum object.  The datatype of the
+** return value is BLOB, but it is really just a pointer to the Stat4Accum
+** object.
+*/
+static void statInit(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  Stat4Accum *p;
+  int nCol;                       /* Number of columns in index being sampled */
+  int nKeyCol;                    /* Number of key columns */
+  int nColUp;                     /* nCol rounded up for alignment */
+  int n;                          /* Bytes of space to allocate */
+  sqlite3 *db;                    /* Database connection */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  int mxSample = SQLITE_STAT4_SAMPLES;
+#endif
+
+  /* Decode the three function arguments */
+  UNUSED_PARAMETER(argc);
+  nCol = sqlite3_value_int(argv[0]);
+  assert( nCol>0 );
+  nColUp = sizeof(tRowcnt)<8 ? (nCol+1)&~1 : nCol;
+  nKeyCol = sqlite3_value_int(argv[1]);
+  assert( nKeyCol<=nCol );
+  assert( nKeyCol>0 );
+
+  /* Allocate the space required for the Stat4Accum object */
+  n = sizeof(*p) 
+    + sizeof(tRowcnt)*nColUp                  /* Stat4Accum.anEq */
+    + sizeof(tRowcnt)*nColUp                  /* Stat4Accum.anDLt */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    + sizeof(tRowcnt)*nColUp                  /* Stat4Accum.anLt */
+    + sizeof(Stat4Sample)*(nCol+mxSample)     /* Stat4Accum.aBest[], a[] */
+    + sizeof(tRowcnt)*3*nColUp*(nCol+mxSample)
+#endif
+  ;
+  db = sqlite3_context_db_handle(context);
+  p = sqlite3DbMallocZero(db, n);
+  if( p==0 ){
+    sqlite3_result_error_nomem(context);
+    return;
+  }
+
+  p->db = db;
+  p->nRow = 0;
+  p->nCol = nCol;
+  p->nKeyCol = nKeyCol;
+  p->current.anDLt = (tRowcnt*)&p[1];
+  p->current.anEq = &p->current.anDLt[nColUp];
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  {
+    u8 *pSpace;                     /* Allocated space not yet assigned */
+    int i;                          /* Used to iterate through p->aSample[] */
+
+    p->iGet = -1;
+    p->mxSample = mxSample;
+    p->nPSample = (tRowcnt)(sqlite3_value_int64(argv[2])/(mxSample/3+1) + 1);
+    p->current.anLt = &p->current.anEq[nColUp];
+    p->iPrn = 0x689e962d*(u32)nCol ^ 0xd0944565*(u32)sqlite3_value_int(argv[2]);
+  
+    /* Set up the Stat4Accum.a[] and aBest[] arrays */
+    p->a = (struct Stat4Sample*)&p->current.anLt[nColUp];
+    p->aBest = &p->a[mxSample];
+    pSpace = (u8*)(&p->a[mxSample+nCol]);
+    for(i=0; i<(mxSample+nCol); i++){
+      p->a[i].anEq = (tRowcnt *)pSpace; pSpace += (sizeof(tRowcnt) * nColUp);
+      p->a[i].anLt = (tRowcnt *)pSpace; pSpace += (sizeof(tRowcnt) * nColUp);
+      p->a[i].anDLt = (tRowcnt *)pSpace; pSpace += (sizeof(tRowcnt) * nColUp);
+    }
+    assert( (pSpace - (u8*)p)==n );
+  
+    for(i=0; i<nCol; i++){
+      p->aBest[i].iCol = i;
+    }
+  }
+#endif
+
+  /* Return a pointer to the allocated object to the caller.  Note that
+  ** only the pointer (the 2nd parameter) matters.  The size of the object
+  ** (given by the 3rd parameter) is never used and can be any positive
+  ** value. */
+  sqlite3_result_blob(context, p, sizeof(*p), stat4Destructor);
+}
+static const FuncDef statInitFuncdef = {
+  2+IsStat34,      /* nArg */
+  SQLITE_UTF8,     /* funcFlags */
+  0,               /* pUserData */
+  0,               /* pNext */
+  statInit,        /* xFunc */
+  0,               /* xStep */
+  0,               /* xFinalize */
+  "stat_init",     /* zName */
+  0,               /* pHash */
+  0                /* pDestructor */
+};
+
+#ifdef SQLITE_ENABLE_STAT4
+/*
+** pNew and pOld are both candidate non-periodic samples selected for 
+** the same column (pNew->iCol==pOld->iCol). Ignoring this column and 
+** considering only any trailing columns and the sample hash value, this
+** function returns true if sample pNew is to be preferred over pOld.
+** In other words, if we assume that the cardinalities of the selected
+** column for pNew and pOld are equal, is pNew to be preferred over pOld.
+**
+** This function assumes that for each argument sample, the contents of
+** the anEq[] array from pSample->anEq[pSample->iCol+1] onwards are valid. 
+*/
+static int sampleIsBetterPost(
+  Stat4Accum *pAccum, 
+  Stat4Sample *pNew, 
+  Stat4Sample *pOld
+){
+  int nCol = pAccum->nCol;
+  int i;
+  assert( pNew->iCol==pOld->iCol );
+  for(i=pNew->iCol+1; i<nCol; i++){
+    if( pNew->anEq[i]>pOld->anEq[i] ) return 1;
+    if( pNew->anEq[i]<pOld->anEq[i] ) return 0;
+  }
+  if( pNew->iHash>pOld->iHash ) return 1;
+  return 0;
+}
+#endif
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/*
+** Return true if pNew is to be preferred over pOld.
+**
+** This function assumes that for each argument sample, the contents of
+** the anEq[] array from pSample->anEq[pSample->iCol] onwards are valid. 
+*/
+static int sampleIsBetter(
+  Stat4Accum *pAccum, 
+  Stat4Sample *pNew, 
+  Stat4Sample *pOld
+){
+  tRowcnt nEqNew = pNew->anEq[pNew->iCol];
+  tRowcnt nEqOld = pOld->anEq[pOld->iCol];
+
+  assert( pOld->isPSample==0 && pNew->isPSample==0 );
+  assert( IsStat4 || (pNew->iCol==0 && pOld->iCol==0) );
+
+  if( (nEqNew>nEqOld) ) return 1;
+#ifdef SQLITE_ENABLE_STAT4
+  if( nEqNew==nEqOld ){
+    if( pNew->iCol<pOld->iCol ) return 1;
+    return (pNew->iCol==pOld->iCol && sampleIsBetterPost(pAccum, pNew, pOld));
+  }
+  return 0;
+#else
+  return (nEqNew==nEqOld && pNew->iHash>pOld->iHash);
+#endif
+}
+
+/*
+** Copy the contents of sample *pNew into the p->a[] array. If necessary,
+** remove the least desirable sample from p->a[] to make room.
+*/
+static void sampleInsert(Stat4Accum *p, Stat4Sample *pNew, int nEqZero){
+  Stat4Sample *pSample = 0;
+  int i;
+
+  assert( IsStat4 || nEqZero==0 );
+
+#ifdef SQLITE_ENABLE_STAT4
+  if( pNew->isPSample==0 ){
+    Stat4Sample *pUpgrade = 0;
+    assert( pNew->anEq[pNew->iCol]>0 );
+
+    /* This sample is being added because the prefix that ends in column 
+    ** iCol occurs many times in the table. However, if we have already
+    ** added a sample that shares this prefix, there is no need to add
+    ** this one. Instead, upgrade the priority of the highest priority
+    ** existing sample that shares this prefix.  */
+    for(i=p->nSample-1; i>=0; i--){
+      Stat4Sample *pOld = &p->a[i];
+      if( pOld->anEq[pNew->iCol]==0 ){
+        if( pOld->isPSample ) return;
+        assert( pOld->iCol>pNew->iCol );
+        assert( sampleIsBetter(p, pNew, pOld) );
+        if( pUpgrade==0 || sampleIsBetter(p, pOld, pUpgrade) ){
+          pUpgrade = pOld;
+        }
+      }
+    }
+    if( pUpgrade ){
+      pUpgrade->iCol = pNew->iCol;
+      pUpgrade->anEq[pUpgrade->iCol] = pNew->anEq[pUpgrade->iCol];
+      goto find_new_min;
+    }
+  }
+#endif
+
+  /* If necessary, remove sample iMin to make room for the new sample. */
+  if( p->nSample>=p->mxSample ){
+    Stat4Sample *pMin = &p->a[p->iMin];
+    tRowcnt *anEq = pMin->anEq;
+    tRowcnt *anLt = pMin->anLt;
+    tRowcnt *anDLt = pMin->anDLt;
+    sampleClear(p->db, pMin);
+    memmove(pMin, &pMin[1], sizeof(p->a[0])*(p->nSample-p->iMin-1));
+    pSample = &p->a[p->nSample-1];
+    pSample->nRowid = 0;
+    pSample->anEq = anEq;
+    pSample->anDLt = anDLt;
+    pSample->anLt = anLt;
+    p->nSample = p->mxSample-1;
+  }
+
+  /* The "rows less-than" for the rowid column must be greater than that
+  ** for the last sample in the p->a[] array. Otherwise, the samples would
+  ** be out of order. */
+#ifdef SQLITE_ENABLE_STAT4
+  assert( p->nSample==0 
+       || pNew->anLt[p->nCol-1] > p->a[p->nSample-1].anLt[p->nCol-1] );
+#endif
+
+  /* Insert the new sample */
+  pSample = &p->a[p->nSample];
+  sampleCopy(p, pSample, pNew);
+  p->nSample++;
+
+  /* Zero the first nEqZero entries in the anEq[] array. */
+  memset(pSample->anEq, 0, sizeof(tRowcnt)*nEqZero);
+
+#ifdef SQLITE_ENABLE_STAT4
+ find_new_min:
+#endif
+  if( p->nSample>=p->mxSample ){
+    int iMin = -1;
+    for(i=0; i<p->mxSample; i++){
+      if( p->a[i].isPSample ) continue;
+      if( iMin<0 || sampleIsBetter(p, &p->a[iMin], &p->a[i]) ){
+        iMin = i;
+      }
+    }
+    assert( iMin>=0 );
+    p->iMin = iMin;
+  }
+}
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+/*
+** Field iChng of the index being scanned has changed. So at this point
+** p->current contains a sample that reflects the previous row of the
+** index. The value of anEq[iChng] and subsequent anEq[] elements are
+** correct at this point.
+*/
+static void samplePushPrevious(Stat4Accum *p, int iChng){
+#ifdef SQLITE_ENABLE_STAT4
+  int i;
+
+  /* Check if any samples from the aBest[] array should be pushed
+  ** into IndexSample.a[] at this point.  */
+  for(i=(p->nCol-2); i>=iChng; i--){
+    Stat4Sample *pBest = &p->aBest[i];
+    pBest->anEq[i] = p->current.anEq[i];
+    if( p->nSample<p->mxSample || sampleIsBetter(p, pBest, &p->a[p->iMin]) ){
+      sampleInsert(p, pBest, i);
+    }
+  }
+
+  /* Update the anEq[] fields of any samples already collected. */
+  for(i=p->nSample-1; i>=0; i--){
+    int j;
+    for(j=iChng; j<p->nCol; j++){
+      if( p->a[i].anEq[j]==0 ) p->a[i].anEq[j] = p->current.anEq[j];
+    }
+  }
+#endif
+
+#if defined(SQLITE_ENABLE_STAT3) && !defined(SQLITE_ENABLE_STAT4)
+  if( iChng==0 ){
+    tRowcnt nLt = p->current.anLt[0];
+    tRowcnt nEq = p->current.anEq[0];
+
+    /* Check if this is to be a periodic sample. If so, add it. */
+    if( (nLt/p->nPSample)!=(nLt+nEq)/p->nPSample ){
+      p->current.isPSample = 1;
+      sampleInsert(p, &p->current, 0);
+      p->current.isPSample = 0;
+    }else 
+
+    /* Or if it is a non-periodic sample. Add it in this case too. */
+    if( p->nSample<p->mxSample 
+     || sampleIsBetter(p, &p->current, &p->a[p->iMin]) 
+    ){
+      sampleInsert(p, &p->current, 0);
+    }
+  }
+#endif
+
+#ifndef SQLITE_ENABLE_STAT3_OR_STAT4
+  UNUSED_PARAMETER( p );
+  UNUSED_PARAMETER( iChng );
+#endif
+}
+
+/*
+** Implementation of the stat_push SQL function:  stat_push(P,C,R)
+** Arguments:
+**
+**    P     Pointer to the Stat4Accum object created by stat_init()
+**    C     Index of left-most column to differ from previous row
+**    R     Rowid for the current row.  Might be a key record for
+**          WITHOUT ROWID tables.
+**
+** This SQL function always returns NULL.  It's purpose it to accumulate
+** statistical data and/or samples in the Stat4Accum object about the
+** index being analyzed.  The stat_get() SQL function will later be used to
+** extract relevant information for constructing the sqlite_statN tables.
+**
+** The R parameter is only used for STAT3 and STAT4
+*/
+static void statPush(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  int i;
+
+  /* The three function arguments */
+  Stat4Accum *p = (Stat4Accum*)sqlite3_value_blob(argv[0]);
+  int iChng = sqlite3_value_int(argv[1]);
+
+  UNUSED_PARAMETER( argc );
+  UNUSED_PARAMETER( context );
+  assert( p->nCol>0 );
+  assert( iChng<p->nCol );
+
+  if( p->nRow==0 ){
+    /* This is the first call to this function. Do initialization. */
+    for(i=0; i<p->nCol; i++) p->current.anEq[i] = 1;
+  }else{
+    /* Second and subsequent calls get processed here */
+    samplePushPrevious(p, iChng);
+
+    /* Update anDLt[], anLt[] and anEq[] to reflect the values that apply
+    ** to the current row of the index. */
+    for(i=0; i<iChng; i++){
+      p->current.anEq[i]++;
+    }
+    for(i=iChng; i<p->nCol; i++){
+      p->current.anDLt[i]++;
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+      p->current.anLt[i] += p->current.anEq[i];
+#endif
+      p->current.anEq[i] = 1;
+    }
+  }
+  p->nRow++;
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  if( sqlite3_value_type(argv[2])==SQLITE_INTEGER ){
+    sampleSetRowidInt64(p->db, &p->current, sqlite3_value_int64(argv[2]));
+  }else{
+    sampleSetRowid(p->db, &p->current, sqlite3_value_bytes(argv[2]),
+                                       sqlite3_value_blob(argv[2]));
+  }
+  p->current.iHash = p->iPrn = p->iPrn*1103515245 + 12345;
+#endif
+
+#ifdef SQLITE_ENABLE_STAT4
+  {
+    tRowcnt nLt = p->current.anLt[p->nCol-1];
+
+    /* Check if this is to be a periodic sample. If so, add it. */
+    if( (nLt/p->nPSample)!=(nLt+1)/p->nPSample ){
+      p->current.isPSample = 1;
+      p->current.iCol = 0;
+      sampleInsert(p, &p->current, p->nCol-1);
+      p->current.isPSample = 0;
+    }
+
+    /* Update the aBest[] array. */
+    for(i=0; i<(p->nCol-1); i++){
+      p->current.iCol = i;
+      if( i>=iChng || sampleIsBetterPost(p, &p->current, &p->aBest[i]) ){
+        sampleCopy(p, &p->aBest[i], &p->current);
+      }
+    }
+  }
+#endif
+}
+static const FuncDef statPushFuncdef = {
+  2+IsStat34,      /* nArg */
+  SQLITE_UTF8,     /* funcFlags */
+  0,               /* pUserData */
+  0,               /* pNext */
+  statPush,        /* xFunc */
+  0,               /* xStep */
+  0,               /* xFinalize */
+  "stat_push",     /* zName */
+  0,               /* pHash */
+  0                /* pDestructor */
+};
+
+#define STAT_GET_STAT1 0          /* "stat" column of stat1 table */
+#define STAT_GET_ROWID 1          /* "rowid" column of stat[34] entry */
+#define STAT_GET_NEQ   2          /* "neq" column of stat[34] entry */
+#define STAT_GET_NLT   3          /* "nlt" column of stat[34] entry */
+#define STAT_GET_NDLT  4          /* "ndlt" column of stat[34] entry */
+
+/*
+** Implementation of the stat_get(P,J) SQL function.  This routine is
+** used to query statistical information that has been gathered into
+** the Stat4Accum object by prior calls to stat_push().  The P parameter
+** has type BLOB but it is really just a pointer to the Stat4Accum object.
+** The content to returned is determined by the parameter J
+** which is one of the STAT_GET_xxxx values defined above.
+**
+** If neither STAT3 nor STAT4 are enabled, then J is always
+** STAT_GET_STAT1 and is hence omitted and this routine becomes
+** a one-parameter function, stat_get(P), that always returns the
+** stat1 table entry information.
+*/
+static void statGet(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  Stat4Accum *p = (Stat4Accum*)sqlite3_value_blob(argv[0]);
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  /* STAT3 and STAT4 have a parameter on this routine. */
+  int eCall = sqlite3_value_int(argv[1]);
+  assert( argc==2 );
+  assert( eCall==STAT_GET_STAT1 || eCall==STAT_GET_NEQ 
+       || eCall==STAT_GET_ROWID || eCall==STAT_GET_NLT
+       || eCall==STAT_GET_NDLT 
+  );
+  if( eCall==STAT_GET_STAT1 )
+#else
+  assert( argc==1 );
+#endif
+  {
+    /* Return the value to store in the "stat" column of the sqlite_stat1
+    ** table for this index.
+    **
+    ** The value is a string composed of a list of integers describing 
+    ** the index. The first integer in the list is the total number of 
+    ** entries in the index. There is one additional integer in the list 
+    ** for each indexed column. This additional integer is an estimate of
+    ** the number of rows matched by a stabbing query on the index using
+    ** a key with the corresponding number of fields. In other words,
+    ** if the index is on columns (a,b) and the sqlite_stat1 value is 
+    ** "100 10 2", then SQLite estimates that:
+    **
+    **   * the index contains 100 rows,
+    **   * "WHERE a=?" matches 10 rows, and
+    **   * "WHERE a=? AND b=?" matches 2 rows.
+    **
+    ** If D is the count of distinct values and K is the total number of 
+    ** rows, then each estimate is computed as:
+    **
+    **        I = (K+D-1)/D
+    */
+    char *z;
+    int i;
+
+    char *zRet = sqlite3MallocZero( (p->nKeyCol+1)*25 );
+    if( zRet==0 ){
+      sqlite3_result_error_nomem(context);
+      return;
+    }
+
+    sqlite3_snprintf(24, zRet, "%llu", (u64)p->nRow);
+    z = zRet + sqlite3Strlen30(zRet);
+    for(i=0; i<p->nKeyCol; i++){
+      u64 nDistinct = p->current.anDLt[i] + 1;
+      u64 iVal = (p->nRow + nDistinct - 1) / nDistinct;
+      sqlite3_snprintf(24, z, " %llu", iVal);
+      z += sqlite3Strlen30(z);
+      assert( p->current.anEq[i] );
+    }
+    assert( z[0]=='\0' && z>zRet );
+
+    sqlite3_result_text(context, zRet, -1, sqlite3_free);
+  }
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  else if( eCall==STAT_GET_ROWID ){
+    if( p->iGet<0 ){
+      samplePushPrevious(p, 0);
+      p->iGet = 0;
+    }
+    if( p->iGet<p->nSample ){
+      Stat4Sample *pS = p->a + p->iGet;
+      if( pS->nRowid==0 ){
+        sqlite3_result_int64(context, pS->u.iRowid);
+      }else{
+        sqlite3_result_blob(context, pS->u.aRowid, pS->nRowid,
+                            SQLITE_TRANSIENT);
+      }
+    }
+  }else{
+    tRowcnt *aCnt = 0;
+
+    assert( p->iGet<p->nSample );
+    switch( eCall ){
+      case STAT_GET_NEQ:  aCnt = p->a[p->iGet].anEq; break;
+      case STAT_GET_NLT:  aCnt = p->a[p->iGet].anLt; break;
+      default: {
+        aCnt = p->a[p->iGet].anDLt; 
+        p->iGet++;
+        break;
+      }
+    }
+
+    if( IsStat3 ){
+      sqlite3_result_int64(context, (i64)aCnt[0]);
+    }else{
+      char *zRet = sqlite3MallocZero(p->nCol * 25);
+      if( zRet==0 ){
+        sqlite3_result_error_nomem(context);
+      }else{
+        int i;
+        char *z = zRet;
+        for(i=0; i<p->nCol; i++){
+          sqlite3_snprintf(24, z, "%llu ", (u64)aCnt[i]);
+          z += sqlite3Strlen30(z);
+        }
+        assert( z[0]=='\0' && z>zRet );
+        z[-1] = '\0';
+        sqlite3_result_text(context, zRet, -1, sqlite3_free);
+      }
+    }
+  }
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+#ifndef SQLITE_DEBUG
+  UNUSED_PARAMETER( argc );
+#endif
+}
+static const FuncDef statGetFuncdef = {
+  1+IsStat34,      /* nArg */
+  SQLITE_UTF8,     /* funcFlags */
+  0,               /* pUserData */
+  0,               /* pNext */
+  statGet,         /* xFunc */
+  0,               /* xStep */
+  0,               /* xFinalize */
+  "stat_get",      /* zName */
+  0,               /* pHash */
+  0                /* pDestructor */
+};
+
+static void callStatGet(Vdbe *v, int regStat4, int iParam, int regOut){
+  assert( regOut!=regStat4 && regOut!=regStat4+1 );
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  sqlite3VdbeAddOp2(v, OP_Integer, iParam, regStat4+1);
+#elif SQLITE_DEBUG
+  assert( iParam==STAT_GET_STAT1 );
+#else
+  UNUSED_PARAMETER( iParam );
+#endif
+  sqlite3VdbeAddOp3(v, OP_Function0, 0, regStat4, regOut);
+  sqlite3VdbeChangeP4(v, -1, (char*)&statGetFuncdef, P4_FUNCDEF);
+  sqlite3VdbeChangeP5(v, 1 + IsStat34);
+}
+
+/*
+** Generate code to do an analysis of all indices associated with
+** a single table.
+*/
+static void analyzeOneTable(
+  Parse *pParse,   /* Parser context */
+  Table *pTab,     /* Table whose indices are to be analyzed */
+  Index *pOnlyIdx, /* If not NULL, only analyze this one index */
+  int iStatCur,    /* Index of VdbeCursor that writes the sqlite_stat1 table */
+  int iMem,        /* Available memory locations begin here */
+  int iTab         /* Next available cursor */
+){
+  sqlite3 *db = pParse->db;    /* Database handle */
+  Index *pIdx;                 /* An index to being analyzed */
+  int iIdxCur;                 /* Cursor open on index being analyzed */
+  int iTabCur;                 /* Table cursor */
+  Vdbe *v;                     /* The virtual machine being built up */
+  int i;                       /* Loop counter */
+  int jZeroRows = -1;          /* Jump from here if number of rows is zero */
+  int iDb;                     /* Index of database containing pTab */
+  u8 needTableCnt = 1;         /* True to count the table */
+  int regNewRowid = iMem++;    /* Rowid for the inserted record */
+  int regStat4 = iMem++;       /* Register to hold Stat4Accum object */
+  int regChng = iMem++;        /* Index of changed index field */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  int regRowid = iMem++;       /* Rowid argument passed to stat_push() */
+#endif
+  int regTemp = iMem++;        /* Temporary use register */
+  int regTabname = iMem++;     /* Register containing table name */
+  int regIdxname = iMem++;     /* Register containing index name */
+  int regStat1 = iMem++;       /* Value for the stat column of sqlite_stat1 */
+  int regPrev = iMem;          /* MUST BE LAST (see below) */
+
+  pParse->nMem = MAX(pParse->nMem, iMem);
+  v = sqlite3GetVdbe(pParse);
+  if( v==0 || NEVER(pTab==0) ){
+    return;
+  }
+  if( pTab->tnum==0 ){
+    /* Do not gather statistics on views or virtual tables */
+    return;
+  }
+  if( sqlite3_strlike("sqlite_%", pTab->zName, 0)==0 ){
+    /* Do not gather statistics on system tables */
+    return;
+  }
+  assert( sqlite3BtreeHoldsAllMutexes(db) );
+  iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+  assert( iDb>=0 );
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  if( sqlite3AuthCheck(pParse, SQLITE_ANALYZE, pTab->zName, 0,
+      db->aDb[iDb].zName ) ){
+    return;
+  }
+#endif
+
+  /* Establish a read-lock on the table at the shared-cache level. 
+  ** Open a read-only cursor on the table. Also allocate a cursor number
+  ** to use for scanning indexes (iIdxCur). No index cursor is opened at
+  ** this time though.  */
+  sqlite3TableLock(pParse, iDb, pTab->tnum, 0, pTab->zName);
+  iTabCur = iTab++;
+  iIdxCur = iTab++;
+  pParse->nTab = MAX(pParse->nTab, iTab);
+  sqlite3OpenTable(pParse, iTabCur, iDb, pTab, OP_OpenRead);
+  sqlite3VdbeLoadString(v, regTabname, pTab->zName);
+
+  for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+    int nCol;                     /* Number of columns in pIdx. "N" */
+    int addrRewind;               /* Address of "OP_Rewind iIdxCur" */
+    int addrNextRow;              /* Address of "next_row:" */
+    const char *zIdxName;         /* Name of the index */
+    int nColTest;                 /* Number of columns to test for changes */
+
+    if( pOnlyIdx && pOnlyIdx!=pIdx ) continue;
+    if( pIdx->pPartIdxWhere==0 ) needTableCnt = 0;
+    if( !HasRowid(pTab) && IsPrimaryKeyIndex(pIdx) ){
+      nCol = pIdx->nKeyCol;
+      zIdxName = pTab->zName;
+      nColTest = nCol - 1;
+    }else{
+      nCol = pIdx->nColumn;
+      zIdxName = pIdx->zName;
+      nColTest = pIdx->uniqNotNull ? pIdx->nKeyCol-1 : nCol-1;
+    }
+
+    /* Populate the register containing the index name. */
+    sqlite3VdbeLoadString(v, regIdxname, zIdxName);
+    VdbeComment((v, "Analysis for %s.%s", pTab->zName, zIdxName));
+
+    /*
+    ** Pseudo-code for loop that calls stat_push():
+    **
+    **   Rewind csr
+    **   if eof(csr) goto end_of_scan;
+    **   regChng = 0
+    **   goto chng_addr_0;
+    **
+    **  next_row:
+    **   regChng = 0
+    **   if( idx(0) != regPrev(0) ) goto chng_addr_0
+    **   regChng = 1
+    **   if( idx(1) != regPrev(1) ) goto chng_addr_1
+    **   ...
+    **   regChng = N
+    **   goto chng_addr_N
+    **
+    **  chng_addr_0:
+    **   regPrev(0) = idx(0)
+    **  chng_addr_1:
+    **   regPrev(1) = idx(1)
+    **  ...
+    **
+    **  endDistinctTest:
+    **   regRowid = idx(rowid)
+    **   stat_push(P, regChng, regRowid)
+    **   Next csr
+    **   if !eof(csr) goto next_row;
+    **
+    **  end_of_scan:
+    */
+
+    /* Make sure there are enough memory cells allocated to accommodate 
+    ** the regPrev array and a trailing rowid (the rowid slot is required
+    ** when building a record to insert into the sample column of 
+    ** the sqlite_stat4 table.  */
+    pParse->nMem = MAX(pParse->nMem, regPrev+nColTest);
+
+    /* Open a read-only cursor on the index being analyzed. */
+    assert( iDb==sqlite3SchemaToIndex(db, pIdx->pSchema) );
+    sqlite3VdbeAddOp3(v, OP_OpenRead, iIdxCur, pIdx->tnum, iDb);
+    sqlite3VdbeSetP4KeyInfo(pParse, pIdx);
+    VdbeComment((v, "%s", pIdx->zName));
+
+    /* Invoke the stat_init() function. The arguments are:
+    ** 
+    **    (1) the number of columns in the index including the rowid
+    **        (or for a WITHOUT ROWID table, the number of PK columns),
+    **    (2) the number of columns in the key without the rowid/pk
+    **    (3) the number of rows in the index,
+    **
+    **
+    ** The third argument is only used for STAT3 and STAT4
+    */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    sqlite3VdbeAddOp2(v, OP_Count, iIdxCur, regStat4+3);
+#endif
+    sqlite3VdbeAddOp2(v, OP_Integer, nCol, regStat4+1);
+    sqlite3VdbeAddOp2(v, OP_Integer, pIdx->nKeyCol, regStat4+2);
+    sqlite3VdbeAddOp3(v, OP_Function0, 0, regStat4+1, regStat4);
+    sqlite3VdbeChangeP4(v, -1, (char*)&statInitFuncdef, P4_FUNCDEF);
+    sqlite3VdbeChangeP5(v, 2+IsStat34);
+
+    /* Implementation of the following:
+    **
+    **   Rewind csr
+    **   if eof(csr) goto end_of_scan;
+    **   regChng = 0
+    **   goto next_push_0;
+    **
+    */
+    addrRewind = sqlite3VdbeAddOp1(v, OP_Rewind, iIdxCur);
+    VdbeCoverage(v);
+    sqlite3VdbeAddOp2(v, OP_Integer, 0, regChng);
+    addrNextRow = sqlite3VdbeCurrentAddr(v);
+
+    if( nColTest>0 ){
+      int endDistinctTest = sqlite3VdbeMakeLabel(v);
+      int *aGotoChng;               /* Array of jump instruction addresses */
+      aGotoChng = sqlite3DbMallocRaw(db, sizeof(int)*nColTest);
+      if( aGotoChng==0 ) continue;
+
+      /*
+      **  next_row:
+      **   regChng = 0
+      **   if( idx(0) != regPrev(0) ) goto chng_addr_0
+      **   regChng = 1
+      **   if( idx(1) != regPrev(1) ) goto chng_addr_1
+      **   ...
+      **   regChng = N
+      **   goto endDistinctTest
+      */
+      sqlite3VdbeAddOp0(v, OP_Goto);
+      addrNextRow = sqlite3VdbeCurrentAddr(v);
+      if( nColTest==1 && pIdx->nKeyCol==1 && IsUniqueIndex(pIdx) ){
+        /* For a single-column UNIQUE index, once we have found a non-NULL
+        ** row, we know that all the rest will be distinct, so skip 
+        ** subsequent distinctness tests. */
+        sqlite3VdbeAddOp2(v, OP_NotNull, regPrev, endDistinctTest);
+        VdbeCoverage(v);
+      }
+      for(i=0; i<nColTest; i++){
+        char *pColl = (char*)sqlite3LocateCollSeq(pParse, pIdx->azColl[i]);
+        sqlite3VdbeAddOp2(v, OP_Integer, i, regChng);
+        sqlite3VdbeAddOp3(v, OP_Column, iIdxCur, i, regTemp);
+        aGotoChng[i] = 
+        sqlite3VdbeAddOp4(v, OP_Ne, regTemp, 0, regPrev+i, pColl, P4_COLLSEQ);
+        sqlite3VdbeChangeP5(v, SQLITE_NULLEQ);
+        VdbeCoverage(v);
+      }
+      sqlite3VdbeAddOp2(v, OP_Integer, nColTest, regChng);
+      sqlite3VdbeGoto(v, endDistinctTest);
+  
+  
+      /*
+      **  chng_addr_0:
+      **   regPrev(0) = idx(0)
+      **  chng_addr_1:
+      **   regPrev(1) = idx(1)
+      **  ...
+      */
+      sqlite3VdbeJumpHere(v, addrNextRow-1);
+      for(i=0; i<nColTest; i++){
+        sqlite3VdbeJumpHere(v, aGotoChng[i]);
+        sqlite3VdbeAddOp3(v, OP_Column, iIdxCur, i, regPrev+i);
+      }
+      sqlite3VdbeResolveLabel(v, endDistinctTest);
+      sqlite3DbFree(db, aGotoChng);
+    }
+  
+    /*
+    **  chng_addr_N:
+    **   regRowid = idx(rowid)            // STAT34 only
+    **   stat_push(P, regChng, regRowid)  // 3rd parameter STAT34 only
+    **   Next csr
+    **   if !eof(csr) goto next_row;
+    */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    assert( regRowid==(regStat4+2) );
+    if( HasRowid(pTab) ){
+      sqlite3VdbeAddOp2(v, OP_IdxRowid, iIdxCur, regRowid);
+    }else{
+      Index *pPk = sqlite3PrimaryKeyIndex(pIdx->pTable);
+      int j, k, regKey;
+      regKey = sqlite3GetTempRange(pParse, pPk->nKeyCol);
+      for(j=0; j<pPk->nKeyCol; j++){
+        k = sqlite3ColumnOfIndex(pIdx, pPk->aiColumn[j]);
+        assert( k>=0 && k<pTab->nCol );
+        sqlite3VdbeAddOp3(v, OP_Column, iIdxCur, k, regKey+j);
+        VdbeComment((v, "%s", pTab->aCol[pPk->aiColumn[j]].zName));
+      }
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, regKey, pPk->nKeyCol, regRowid);
+      sqlite3ReleaseTempRange(pParse, regKey, pPk->nKeyCol);
+    }
+#endif
+    assert( regChng==(regStat4+1) );
+    sqlite3VdbeAddOp3(v, OP_Function0, 1, regStat4, regTemp);
+    sqlite3VdbeChangeP4(v, -1, (char*)&statPushFuncdef, P4_FUNCDEF);
+    sqlite3VdbeChangeP5(v, 2+IsStat34);
+    sqlite3VdbeAddOp2(v, OP_Next, iIdxCur, addrNextRow); VdbeCoverage(v);
+
+    /* Add the entry to the stat1 table. */
+    callStatGet(v, regStat4, STAT_GET_STAT1, regStat1);
+    assert( "BBB"[0]==SQLITE_AFF_TEXT );
+    sqlite3VdbeAddOp4(v, OP_MakeRecord, regTabname, 3, regTemp, "BBB", 0);
+    sqlite3VdbeAddOp2(v, OP_NewRowid, iStatCur, regNewRowid);
+    sqlite3VdbeAddOp3(v, OP_Insert, iStatCur, regTemp, regNewRowid);
+    sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
+
+    /* Add the entries to the stat3 or stat4 table. */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    {
+      int regEq = regStat1;
+      int regLt = regStat1+1;
+      int regDLt = regStat1+2;
+      int regSample = regStat1+3;
+      int regCol = regStat1+4;
+      int regSampleRowid = regCol + nCol;
+      int addrNext;
+      int addrIsNull;
+      u8 seekOp = HasRowid(pTab) ? OP_NotExists : OP_NotFound;
+
+      pParse->nMem = MAX(pParse->nMem, regCol+nCol);
+
+      addrNext = sqlite3VdbeCurrentAddr(v);
+      callStatGet(v, regStat4, STAT_GET_ROWID, regSampleRowid);
+      addrIsNull = sqlite3VdbeAddOp1(v, OP_IsNull, regSampleRowid);
+      VdbeCoverage(v);
+      callStatGet(v, regStat4, STAT_GET_NEQ, regEq);
+      callStatGet(v, regStat4, STAT_GET_NLT, regLt);
+      callStatGet(v, regStat4, STAT_GET_NDLT, regDLt);
+      sqlite3VdbeAddOp4Int(v, seekOp, iTabCur, addrNext, regSampleRowid, 0);
+      /* We know that the regSampleRowid row exists because it was read by
+      ** the previous loop.  Thus the not-found jump of seekOp will never
+      ** be taken */
+      VdbeCoverageNeverTaken(v);
+#ifdef SQLITE_ENABLE_STAT3
+      sqlite3ExprCodeLoadIndexColumn(pParse, pIdx, iTabCur, 0, regSample);
+#else
+      for(i=0; i<nCol; i++){
+        sqlite3ExprCodeLoadIndexColumn(pParse, pIdx, iTabCur, i, regCol+i);
+      }
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, regCol, nCol, regSample);
+#endif
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, regTabname, 6, regTemp);
+      sqlite3VdbeAddOp2(v, OP_NewRowid, iStatCur+1, regNewRowid);
+      sqlite3VdbeAddOp3(v, OP_Insert, iStatCur+1, regTemp, regNewRowid);
+      sqlite3VdbeAddOp2(v, OP_Goto, 1, addrNext); /* P1==1 for end-of-loop */
+      sqlite3VdbeJumpHere(v, addrIsNull);
+    }
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+    /* End of analysis */
+    sqlite3VdbeJumpHere(v, addrRewind);
+  }
+
+
+  /* Create a single sqlite_stat1 entry containing NULL as the index
+  ** name and the row count as the content.
+  */
+  if( pOnlyIdx==0 && needTableCnt ){
+    VdbeComment((v, "%s", pTab->zName));
+    sqlite3VdbeAddOp2(v, OP_Count, iTabCur, regStat1);
+    jZeroRows = sqlite3VdbeAddOp1(v, OP_IfNot, regStat1); VdbeCoverage(v);
+    sqlite3VdbeAddOp2(v, OP_Null, 0, regIdxname);
+    assert( "BBB"[0]==SQLITE_AFF_TEXT );
+    sqlite3VdbeAddOp4(v, OP_MakeRecord, regTabname, 3, regTemp, "BBB", 0);
+    sqlite3VdbeAddOp2(v, OP_NewRowid, iStatCur, regNewRowid);
+    sqlite3VdbeAddOp3(v, OP_Insert, iStatCur, regTemp, regNewRowid);
+    sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
+    sqlite3VdbeJumpHere(v, jZeroRows);
+  }
+}
+
+
+/*
+** Generate code that will cause the most recent index analysis to
+** be loaded into internal hash tables where is can be used.
+*/
+static void loadAnalysis(Parse *pParse, int iDb){
+  Vdbe *v = sqlite3GetVdbe(pParse);
+  if( v ){
+    sqlite3VdbeAddOp1(v, OP_LoadAnalysis, iDb);
+  }
+}
+
+/*
+** Generate code that will do an analysis of an entire database
+*/
+static void analyzeDatabase(Parse *pParse, int iDb){
+  sqlite3 *db = pParse->db;
+  Schema *pSchema = db->aDb[iDb].pSchema;    /* Schema of database iDb */
+  HashElem *k;
+  int iStatCur;
+  int iMem;
+  int iTab;
+
+  sqlite3BeginWriteOperation(pParse, 0, iDb);
+  iStatCur = pParse->nTab;
+  pParse->nTab += 3;
+  openStatTable(pParse, iDb, iStatCur, 0, 0);
+  iMem = pParse->nMem+1;
+  iTab = pParse->nTab;
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  for(k=sqliteHashFirst(&pSchema->tblHash); k; k=sqliteHashNext(k)){
+    Table *pTab = (Table*)sqliteHashData(k);
+    analyzeOneTable(pParse, pTab, 0, iStatCur, iMem, iTab);
+  }
+  loadAnalysis(pParse, iDb);
+}
+
+/*
+** Generate code that will do an analysis of a single table in
+** a database.  If pOnlyIdx is not NULL then it is a single index
+** in pTab that should be analyzed.
+*/
+static void analyzeTable(Parse *pParse, Table *pTab, Index *pOnlyIdx){
+  int iDb;
+  int iStatCur;
+
+  assert( pTab!=0 );
+  assert( sqlite3BtreeHoldsAllMutexes(pParse->db) );
+  iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+  sqlite3BeginWriteOperation(pParse, 0, iDb);
+  iStatCur = pParse->nTab;
+  pParse->nTab += 3;
+  if( pOnlyIdx ){
+    openStatTable(pParse, iDb, iStatCur, pOnlyIdx->zName, "idx");
+  }else{
+    openStatTable(pParse, iDb, iStatCur, pTab->zName, "tbl");
+  }
+  analyzeOneTable(pParse, pTab, pOnlyIdx, iStatCur,pParse->nMem+1,pParse->nTab);
+  loadAnalysis(pParse, iDb);
+}
+
+/*
+** Generate code for the ANALYZE command.  The parser calls this routine
+** when it recognizes an ANALYZE command.
+**
+**        ANALYZE                            -- 1
+**        ANALYZE  <database>                -- 2
+**        ANALYZE  ?<database>.?<tablename>  -- 3
+**
+** Form 1 causes all indices in all attached databases to be analyzed.
+** Form 2 analyzes all indices the single database named.
+** Form 3 analyzes all indices associated with the named table.
+*/
+SQLITE_PRIVATE void sqlite3Analyze(Parse *pParse, Token *pName1, Token *pName2){
+  sqlite3 *db = pParse->db;
+  int iDb;
+  int i;
+  char *z, *zDb;
+  Table *pTab;
+  Index *pIdx;
+  Token *pTableName;
+  Vdbe *v;
+
+  /* Read the database schema. If an error occurs, leave an error message
+  ** and code in pParse and return NULL. */
+  assert( sqlite3BtreeHoldsAllMutexes(pParse->db) );
+  if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
+    return;
+  }
+
+  assert( pName2!=0 || pName1==0 );
+  if( pName1==0 ){
+    /* Form 1:  Analyze everything */
+    for(i=0; i<db->nDb; i++){
+      if( i==1 ) continue;  /* Do not analyze the TEMP database */
+      analyzeDatabase(pParse, i);
+    }
+  }else if( pName2->n==0 ){
+    /* Form 2:  Analyze the database or table named */
+    iDb = sqlite3FindDb(db, pName1);
+    if( iDb>=0 ){
+      analyzeDatabase(pParse, iDb);
+    }else{
+      z = sqlite3NameFromToken(db, pName1);
+      if( z ){
+        if( (pIdx = sqlite3FindIndex(db, z, 0))!=0 ){
+          analyzeTable(pParse, pIdx->pTable, pIdx);
+        }else if( (pTab = sqlite3LocateTable(pParse, 0, z, 0))!=0 ){
+          analyzeTable(pParse, pTab, 0);
+        }
+        sqlite3DbFree(db, z);
+      }
+    }
+  }else{
+    /* Form 3: Analyze the fully qualified table name */
+    iDb = sqlite3TwoPartName(pParse, pName1, pName2, &pTableName);
+    if( iDb>=0 ){
+      zDb = db->aDb[iDb].zName;
+      z = sqlite3NameFromToken(db, pTableName);
+      if( z ){
+        if( (pIdx = sqlite3FindIndex(db, z, zDb))!=0 ){
+          analyzeTable(pParse, pIdx->pTable, pIdx);
+        }else if( (pTab = sqlite3LocateTable(pParse, 0, z, zDb))!=0 ){
+          analyzeTable(pParse, pTab, 0);
+        }
+        sqlite3DbFree(db, z);
+      }
+    }   
+  }
+  v = sqlite3GetVdbe(pParse);
+  if( v ) sqlite3VdbeAddOp0(v, OP_Expire);
+}
+
+/*
+** Used to pass information from the analyzer reader through to the
+** callback routine.
+*/
+typedef struct analysisInfo analysisInfo;
+struct analysisInfo {
+  sqlite3 *db;
+  const char *zDatabase;
+};
+
+/*
+** The first argument points to a nul-terminated string containing a
+** list of space separated integers. Read the first nOut of these into
+** the array aOut[].
+*/
+static void decodeIntArray(
+  char *zIntArray,       /* String containing int array to decode */
+  int nOut,              /* Number of slots in aOut[] */
+  tRowcnt *aOut,         /* Store integers here */
+  LogEst *aLog,          /* Or, if aOut==0, here */
+  Index *pIndex          /* Handle extra flags for this index, if not NULL */
+){
+  char *z = zIntArray;
+  int c;
+  int i;
+  tRowcnt v;
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  if( z==0 ) z = "";
+#else
+  assert( z!=0 );
+#endif
+  for(i=0; *z && i<nOut; i++){
+    v = 0;
+    while( (c=z[0])>='0' && c<='9' ){
+      v = v*10 + c - '0';
+      z++;
+    }
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    if( aOut ) aOut[i] = v;
+    if( aLog ) aLog[i] = sqlite3LogEst(v);
+#else
+    assert( aOut==0 );
+    UNUSED_PARAMETER(aOut);
+    assert( aLog!=0 );
+    aLog[i] = sqlite3LogEst(v);
+#endif
+    if( *z==' ' ) z++;
+  }
+#ifndef SQLITE_ENABLE_STAT3_OR_STAT4
+  assert( pIndex!=0 ); {
+#else
+  if( pIndex ){
+#endif
+    pIndex->bUnordered = 0;
+    pIndex->noSkipScan = 0;
+    while( z[0] ){
+      if( sqlite3_strglob("unordered*", z)==0 ){
+        pIndex->bUnordered = 1;
+      }else if( sqlite3_strglob("sz=[0-9]*", z)==0 ){
+        pIndex->szIdxRow = sqlite3LogEst(sqlite3Atoi(z+3));
+      }else if( sqlite3_strglob("noskipscan*", z)==0 ){
+        pIndex->noSkipScan = 1;
+      }
+#ifdef SQLITE_ENABLE_COSTMULT
+      else if( sqlite3_strglob("costmult=[0-9]*",z)==0 ){
+        pIndex->pTable->costMult = sqlite3LogEst(sqlite3Atoi(z+9));
+      }
+#endif
+      while( z[0]!=0 && z[0]!=' ' ) z++;
+      while( z[0]==' ' ) z++;
+    }
+  }
+}
+
+/*
+** This callback is invoked once for each index when reading the
+** sqlite_stat1 table.  
+**
+**     argv[0] = name of the table
+**     argv[1] = name of the index (might be NULL)
+**     argv[2] = results of analysis - on integer for each column
+**
+** Entries for which argv[1]==NULL simply record the number of rows in
+** the table.
+*/
+static int analysisLoader(void *pData, int argc, char **argv, char **NotUsed){
+  analysisInfo *pInfo = (analysisInfo*)pData;
+  Index *pIndex;
+  Table *pTable;
+  const char *z;
+
+  assert( argc==3 );
+  UNUSED_PARAMETER2(NotUsed, argc);
+
+  if( argv==0 || argv[0]==0 || argv[2]==0 ){
+    return 0;
+  }
+  pTable = sqlite3FindTable(pInfo->db, argv[0], pInfo->zDatabase);
+  if( pTable==0 ){
+    return 0;
+  }
+  if( argv[1]==0 ){
+    pIndex = 0;
+  }else if( sqlite3_stricmp(argv[0],argv[1])==0 ){
+    pIndex = sqlite3PrimaryKeyIndex(pTable);
+  }else{
+    pIndex = sqlite3FindIndex(pInfo->db, argv[1], pInfo->zDatabase);
+  }
+  z = argv[2];
+
+  if( pIndex ){
+    tRowcnt *aiRowEst = 0;
+    int nCol = pIndex->nKeyCol+1;
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    /* Index.aiRowEst may already be set here if there are duplicate 
+    ** sqlite_stat1 entries for this index. In that case just clobber
+    ** the old data with the new instead of allocating a new array.  */
+    if( pIndex->aiRowEst==0 ){
+      pIndex->aiRowEst = (tRowcnt*)sqlite3MallocZero(sizeof(tRowcnt) * nCol);
+      if( pIndex->aiRowEst==0 ) pInfo->db->mallocFailed = 1;
+    }
+    aiRowEst = pIndex->aiRowEst;
+#endif
+    pIndex->bUnordered = 0;
+    decodeIntArray((char*)z, nCol, aiRowEst, pIndex->aiRowLogEst, pIndex);
+    if( pIndex->pPartIdxWhere==0 ) pTable->nRowLogEst = pIndex->aiRowLogEst[0];
+  }else{
+    Index fakeIdx;
+    fakeIdx.szIdxRow = pTable->szTabRow;
+#ifdef SQLITE_ENABLE_COSTMULT
+    fakeIdx.pTable = pTable;
+#endif
+    decodeIntArray((char*)z, 1, 0, &pTable->nRowLogEst, &fakeIdx);
+    pTable->szTabRow = fakeIdx.szIdxRow;
+  }
+
+  return 0;
+}
+
+/*
+** If the Index.aSample variable is not NULL, delete the aSample[] array
+** and its contents.
+*/
+SQLITE_PRIVATE void sqlite3DeleteIndexSamples(sqlite3 *db, Index *pIdx){
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  if( pIdx->aSample ){
+    int j;
+    for(j=0; j<pIdx->nSample; j++){
+      IndexSample *p = &pIdx->aSample[j];
+      sqlite3DbFree(db, p->p);
+    }
+    sqlite3DbFree(db, pIdx->aSample);
+  }
+  if( db && db->pnBytesFreed==0 ){
+    pIdx->nSample = 0;
+    pIdx->aSample = 0;
+  }
+#else
+  UNUSED_PARAMETER(db);
+  UNUSED_PARAMETER(pIdx);
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+}
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/*
+** Populate the pIdx->aAvgEq[] array based on the samples currently
+** stored in pIdx->aSample[]. 
+*/
+static void initAvgEq(Index *pIdx){
+  if( pIdx ){
+    IndexSample *aSample = pIdx->aSample;
+    IndexSample *pFinal = &aSample[pIdx->nSample-1];
+    int iCol;
+    int nCol = 1;
+    if( pIdx->nSampleCol>1 ){
+      /* If this is stat4 data, then calculate aAvgEq[] values for all
+      ** sample columns except the last. The last is always set to 1, as
+      ** once the trailing PK fields are considered all index keys are
+      ** unique.  */
+      nCol = pIdx->nSampleCol-1;
+      pIdx->aAvgEq[nCol] = 1;
+    }
+    for(iCol=0; iCol<nCol; iCol++){
+      int nSample = pIdx->nSample;
+      int i;                    /* Used to iterate through samples */
+      tRowcnt sumEq = 0;        /* Sum of the nEq values */
+      tRowcnt avgEq = 0;
+      tRowcnt nRow;             /* Number of rows in index */
+      i64 nSum100 = 0;          /* Number of terms contributing to sumEq */
+      i64 nDist100;             /* Number of distinct values in index */
+
+      if( !pIdx->aiRowEst || iCol>=pIdx->nKeyCol || pIdx->aiRowEst[iCol+1]==0 ){
+        nRow = pFinal->anLt[iCol];
+        nDist100 = (i64)100 * pFinal->anDLt[iCol];
+        nSample--;
+      }else{
+        nRow = pIdx->aiRowEst[0];
+        nDist100 = ((i64)100 * pIdx->aiRowEst[0]) / pIdx->aiRowEst[iCol+1];
+      }
+      pIdx->nRowEst0 = nRow;
+
+      /* Set nSum to the number of distinct (iCol+1) field prefixes that
+      ** occur in the stat4 table for this index. Set sumEq to the sum of 
+      ** the nEq values for column iCol for the same set (adding the value 
+      ** only once where there exist duplicate prefixes).  */
+      for(i=0; i<nSample; i++){
+        if( i==(pIdx->nSample-1)
+         || aSample[i].anDLt[iCol]!=aSample[i+1].anDLt[iCol] 
+        ){
+          sumEq += aSample[i].anEq[iCol];
+          nSum100 += 100;
+        }
+      }
+
+      if( nDist100>nSum100 ){
+        avgEq = ((i64)100 * (nRow - sumEq))/(nDist100 - nSum100);
+      }
+      if( avgEq==0 ) avgEq = 1;
+      pIdx->aAvgEq[iCol] = avgEq;
+    }
+  }
+}
+
+/*
+** Look up an index by name.  Or, if the name of a WITHOUT ROWID table
+** is supplied instead, find the PRIMARY KEY index for that table.
+*/
+static Index *findIndexOrPrimaryKey(
+  sqlite3 *db,
+  const char *zName,
+  const char *zDb
+){
+  Index *pIdx = sqlite3FindIndex(db, zName, zDb);
+  if( pIdx==0 ){
+    Table *pTab = sqlite3FindTable(db, zName, zDb);
+    if( pTab && !HasRowid(pTab) ) pIdx = sqlite3PrimaryKeyIndex(pTab);
+  }
+  return pIdx;
+}
+
+/*
+** Load the content from either the sqlite_stat4 or sqlite_stat3 table 
+** into the relevant Index.aSample[] arrays.
+**
+** Arguments zSql1 and zSql2 must point to SQL statements that return
+** data equivalent to the following (statements are different for stat3,
+** see the caller of this function for details):
+**
+**    zSql1: SELECT idx,count(*) FROM %Q.sqlite_stat4 GROUP BY idx
+**    zSql2: SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat4
+**
+** where %Q is replaced with the database name before the SQL is executed.
+*/
+static int loadStatTbl(
+  sqlite3 *db,                  /* Database handle */
+  int bStat3,                   /* Assume single column records only */
+  const char *zSql1,            /* SQL statement 1 (see above) */
+  const char *zSql2,            /* SQL statement 2 (see above) */
+  const char *zDb               /* Database name (e.g. "main") */
+){
+  int rc;                       /* Result codes from subroutines */
+  sqlite3_stmt *pStmt = 0;      /* An SQL statement being run */
+  char *zSql;                   /* Text of the SQL statement */
+  Index *pPrevIdx = 0;          /* Previous index in the loop */
+  IndexSample *pSample;         /* A slot in pIdx->aSample[] */
+
+  assert( db->lookaside.bEnabled==0 );
+  zSql = sqlite3MPrintf(db, zSql1, zDb);
+  if( !zSql ){
+    return SQLITE_NOMEM;
+  }
+  rc = sqlite3_prepare(db, zSql, -1, &pStmt, 0);
+  sqlite3DbFree(db, zSql);
+  if( rc ) return rc;
+
+  while( sqlite3_step(pStmt)==SQLITE_ROW ){
+    int nIdxCol = 1;              /* Number of columns in stat4 records */
+
+    char *zIndex;   /* Index name */
+    Index *pIdx;    /* Pointer to the index object */
+    int nSample;    /* Number of samples */
+    int nByte;      /* Bytes of space required */
+    int i;          /* Bytes of space required */
+    tRowcnt *pSpace;
+
+    zIndex = (char *)sqlite3_column_text(pStmt, 0);
+    if( zIndex==0 ) continue;
+    nSample = sqlite3_column_int(pStmt, 1);
+    pIdx = findIndexOrPrimaryKey(db, zIndex, zDb);
+    assert( pIdx==0 || bStat3 || pIdx->nSample==0 );
+    /* Index.nSample is non-zero at this point if data has already been
+    ** loaded from the stat4 table. In this case ignore stat3 data.  */
+    if( pIdx==0 || pIdx->nSample ) continue;
+    if( bStat3==0 ){
+      assert( !HasRowid(pIdx->pTable) || pIdx->nColumn==pIdx->nKeyCol+1 );
+      if( !HasRowid(pIdx->pTable) && IsPrimaryKeyIndex(pIdx) ){
+        nIdxCol = pIdx->nKeyCol;
+      }else{
+        nIdxCol = pIdx->nColumn;
+      }
+    }
+    pIdx->nSampleCol = nIdxCol;
+    nByte = sizeof(IndexSample) * nSample;
+    nByte += sizeof(tRowcnt) * nIdxCol * 3 * nSample;
+    nByte += nIdxCol * sizeof(tRowcnt);     /* Space for Index.aAvgEq[] */
+
+    pIdx->aSample = sqlite3DbMallocZero(db, nByte);
+    if( pIdx->aSample==0 ){
+      sqlite3_finalize(pStmt);
+      return SQLITE_NOMEM;
+    }
+    pSpace = (tRowcnt*)&pIdx->aSample[nSample];
+    pIdx->aAvgEq = pSpace; pSpace += nIdxCol;
+    for(i=0; i<nSample; i++){
+      pIdx->aSample[i].anEq = pSpace; pSpace += nIdxCol;
+      pIdx->aSample[i].anLt = pSpace; pSpace += nIdxCol;
+      pIdx->aSample[i].anDLt = pSpace; pSpace += nIdxCol;
+    }
+    assert( ((u8*)pSpace)-nByte==(u8*)(pIdx->aSample) );
+  }
+  rc = sqlite3_finalize(pStmt);
+  if( rc ) return rc;
+
+  zSql = sqlite3MPrintf(db, zSql2, zDb);
+  if( !zSql ){
+    return SQLITE_NOMEM;
+  }
+  rc = sqlite3_prepare(db, zSql, -1, &pStmt, 0);
+  sqlite3DbFree(db, zSql);
+  if( rc ) return rc;
+
+  while( sqlite3_step(pStmt)==SQLITE_ROW ){
+    char *zIndex;                 /* Index name */
+    Index *pIdx;                  /* Pointer to the index object */
+    int nCol = 1;                 /* Number of columns in index */
+
+    zIndex = (char *)sqlite3_column_text(pStmt, 0);
+    if( zIndex==0 ) continue;
+    pIdx = findIndexOrPrimaryKey(db, zIndex, zDb);
+    if( pIdx==0 ) continue;
+    /* This next condition is true if data has already been loaded from 
+    ** the sqlite_stat4 table. In this case ignore stat3 data.  */
+    nCol = pIdx->nSampleCol;
+    if( bStat3 && nCol>1 ) continue;
+    if( pIdx!=pPrevIdx ){
+      initAvgEq(pPrevIdx);
+      pPrevIdx = pIdx;
+    }
+    pSample = &pIdx->aSample[pIdx->nSample];
+    decodeIntArray((char*)sqlite3_column_text(pStmt,1),nCol,pSample->anEq,0,0);
+    decodeIntArray((char*)sqlite3_column_text(pStmt,2),nCol,pSample->anLt,0,0);
+    decodeIntArray((char*)sqlite3_column_text(pStmt,3),nCol,pSample->anDLt,0,0);
+
+    /* Take a copy of the sample. Add two 0x00 bytes the end of the buffer.
+    ** This is in case the sample record is corrupted. In that case, the
+    ** sqlite3VdbeRecordCompare() may read up to two varints past the
+    ** end of the allocated buffer before it realizes it is dealing with
+    ** a corrupt record. Adding the two 0x00 bytes prevents this from causing
+    ** a buffer overread.  */
+    pSample->n = sqlite3_column_bytes(pStmt, 4);
+    pSample->p = sqlite3DbMallocZero(db, pSample->n + 2);
+    if( pSample->p==0 ){
+      sqlite3_finalize(pStmt);
+      return SQLITE_NOMEM;
+    }
+    memcpy(pSample->p, sqlite3_column_blob(pStmt, 4), pSample->n);
+    pIdx->nSample++;
+  }
+  rc = sqlite3_finalize(pStmt);
+  if( rc==SQLITE_OK ) initAvgEq(pPrevIdx);
+  return rc;
+}
+
+/*
+** Load content from the sqlite_stat4 and sqlite_stat3 tables into 
+** the Index.aSample[] arrays of all indices.
+*/
+static int loadStat4(sqlite3 *db, const char *zDb){
+  int rc = SQLITE_OK;             /* Result codes from subroutines */
+
+  assert( db->lookaside.bEnabled==0 );
+  if( sqlite3FindTable(db, "sqlite_stat4", zDb) ){
+    rc = loadStatTbl(db, 0,
+      "SELECT idx,count(*) FROM %Q.sqlite_stat4 GROUP BY idx", 
+      "SELECT idx,neq,nlt,ndlt,sample FROM %Q.sqlite_stat4",
+      zDb
+    );
+  }
+
+  if( rc==SQLITE_OK && sqlite3FindTable(db, "sqlite_stat3", zDb) ){
+    rc = loadStatTbl(db, 1,
+      "SELECT idx,count(*) FROM %Q.sqlite_stat3 GROUP BY idx", 
+      "SELECT idx,neq,nlt,ndlt,sqlite_record(sample) FROM %Q.sqlite_stat3",
+      zDb
+    );
+  }
+
+  return rc;
+}
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+/*
+** Load the content of the sqlite_stat1 and sqlite_stat3/4 tables. The
+** contents of sqlite_stat1 are used to populate the Index.aiRowEst[]
+** arrays. The contents of sqlite_stat3/4 are used to populate the
+** Index.aSample[] arrays.
+**
+** If the sqlite_stat1 table is not present in the database, SQLITE_ERROR
+** is returned. In this case, even if SQLITE_ENABLE_STAT3/4 was defined 
+** during compilation and the sqlite_stat3/4 table is present, no data is 
+** read from it.
+**
+** If SQLITE_ENABLE_STAT3/4 was defined during compilation and the 
+** sqlite_stat4 table is not present in the database, SQLITE_ERROR is
+** returned. However, in this case, data is read from the sqlite_stat1
+** table (if it is present) before returning.
+**
+** If an OOM error occurs, this function always sets db->mallocFailed.
+** This means if the caller does not care about other errors, the return
+** code may be ignored.
+*/
+SQLITE_PRIVATE int sqlite3AnalysisLoad(sqlite3 *db, int iDb){
+  analysisInfo sInfo;
+  HashElem *i;
+  char *zSql;
+  int rc;
+
+  assert( iDb>=0 && iDb<db->nDb );
+  assert( db->aDb[iDb].pBt!=0 );
+
+  /* Clear any prior statistics */
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  for(i=sqliteHashFirst(&db->aDb[iDb].pSchema->idxHash);i;i=sqliteHashNext(i)){
+    Index *pIdx = sqliteHashData(i);
+    sqlite3DefaultRowEst(pIdx);
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    sqlite3DeleteIndexSamples(db, pIdx);
+    pIdx->aSample = 0;
+#endif
+  }
+
+  /* Check to make sure the sqlite_stat1 table exists */
+  sInfo.db = db;
+  sInfo.zDatabase = db->aDb[iDb].zName;
+  if( sqlite3FindTable(db, "sqlite_stat1", sInfo.zDatabase)==0 ){
+    return SQLITE_ERROR;
+  }
+
+  /* Load new statistics out of the sqlite_stat1 table */
+  zSql = sqlite3MPrintf(db, 
+      "SELECT tbl,idx,stat FROM %Q.sqlite_stat1", sInfo.zDatabase);
+  if( zSql==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    rc = sqlite3_exec(db, zSql, analysisLoader, &sInfo, 0);
+    sqlite3DbFree(db, zSql);
+  }
+
+
+  /* Load the statistics from the sqlite_stat4 table. */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  if( rc==SQLITE_OK && OptimizationEnabled(db, SQLITE_Stat34) ){
+    int lookasideEnabled = db->lookaside.bEnabled;
+    db->lookaside.bEnabled = 0;
+    rc = loadStat4(db, sInfo.zDatabase);
+    db->lookaside.bEnabled = lookasideEnabled;
+  }
+  for(i=sqliteHashFirst(&db->aDb[iDb].pSchema->idxHash);i;i=sqliteHashNext(i)){
+    Index *pIdx = sqliteHashData(i);
+    sqlite3_free(pIdx->aiRowEst);
+    pIdx->aiRowEst = 0;
+  }
+#endif
+
+  if( rc==SQLITE_NOMEM ){
+    db->mallocFailed = 1;
+  }
+  return rc;
+}
+
+
+#endif /* SQLITE_OMIT_ANALYZE */
+
+/************** End of analyze.c *********************************************/
+/************** Begin file attach.c ******************************************/
+/*
+** 2003 April 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used to implement the ATTACH and DETACH commands.
+*/
+/* #include "sqliteInt.h" */
+
+#ifndef SQLITE_OMIT_ATTACH
+/*
+** Resolve an expression that was part of an ATTACH or DETACH statement. This
+** is slightly different from resolving a normal SQL expression, because simple
+** identifiers are treated as strings, not possible column names or aliases.
+**
+** i.e. if the parser sees:
+**
+**     ATTACH DATABASE abc AS def
+**
+** it treats the two expressions as literal strings 'abc' and 'def' instead of
+** looking for columns of the same name.
+**
+** This only applies to the root node of pExpr, so the statement:
+**
+**     ATTACH DATABASE abc||def AS 'db2'
+**
+** will fail because neither abc or def can be resolved.
+*/
+static int resolveAttachExpr(NameContext *pName, Expr *pExpr)
+{
+  int rc = SQLITE_OK;
+  if( pExpr ){
+    if( pExpr->op!=TK_ID ){
+      rc = sqlite3ResolveExprNames(pName, pExpr);
+    }else{
+      pExpr->op = TK_STRING;
+    }
+  }
+  return rc;
+}
+
+/*
+** An SQL user-function registered to do the work of an ATTACH statement. The
+** three arguments to the function come directly from an attach statement:
+**
+**     ATTACH DATABASE x AS y KEY z
+**
+**     SELECT sqlite_attach(x, y, z)
+**
+** If the optional "KEY z" syntax is omitted, an SQL NULL is passed as the
+** third argument.
+*/
+static void attachFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **argv
+){
+  int i;
+  int rc = 0;
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  const char *zName;
+  const char *zFile;
+  char *zPath = 0;
+  char *zErr = 0;
+  unsigned int flags;
+  Db *aNew;
+  char *zErrDyn = 0;
+  sqlite3_vfs *pVfs;
+
+  UNUSED_PARAMETER(NotUsed);
+
+  zFile = (const char *)sqlite3_value_text(argv[0]);
+  zName = (const char *)sqlite3_value_text(argv[1]);
+  if( zFile==0 ) zFile = "";
+  if( zName==0 ) zName = "";
+
+  /* Check for the following errors:
+  **
+  **     * Too many attached databases,
+  **     * Transaction currently open
+  **     * Specified database name already being used.
+  */
+  if( db->nDb>=db->aLimit[SQLITE_LIMIT_ATTACHED]+2 ){
+    zErrDyn = sqlite3MPrintf(db, "too many attached databases - max %d", 
+      db->aLimit[SQLITE_LIMIT_ATTACHED]
+    );
+    goto attach_error;
+  }
+  if( !db->autoCommit ){
+    zErrDyn = sqlite3MPrintf(db, "cannot ATTACH database within transaction");
+    goto attach_error;
+  }
+  for(i=0; i<db->nDb; i++){
+    char *z = db->aDb[i].zName;
+    assert( z && zName );
+    if( sqlite3StrICmp(z, zName)==0 ){
+      zErrDyn = sqlite3MPrintf(db, "database %s is already in use", zName);
+      goto attach_error;
+    }
+  }
+
+  /* Allocate the new entry in the db->aDb[] array and initialize the schema
+  ** hash tables.
+  */
+  if( db->aDb==db->aDbStatic ){
+    aNew = sqlite3DbMallocRaw(db, sizeof(db->aDb[0])*3 );
+    if( aNew==0 ) return;
+    memcpy(aNew, db->aDb, sizeof(db->aDb[0])*2);
+  }else{
+    aNew = sqlite3DbRealloc(db, db->aDb, sizeof(db->aDb[0])*(db->nDb+1) );
+    if( aNew==0 ) return;
+  }
+  db->aDb = aNew;
+  aNew = &db->aDb[db->nDb];
+  memset(aNew, 0, sizeof(*aNew));
+
+  /* Open the database file. If the btree is successfully opened, use
+  ** it to obtain the database schema. At this point the schema may
+  ** or may not be initialized.
+  */
+  flags = db->openFlags;
+  rc = sqlite3ParseUri(db->pVfs->zName, zFile, &flags, &pVfs, &zPath, &zErr);
+  if( rc!=SQLITE_OK ){
+    if( rc==SQLITE_NOMEM ) db->mallocFailed = 1;
+    sqlite3_result_error(context, zErr, -1);
+    sqlite3_free(zErr);
+    return;
+  }
+  assert( pVfs );
+  flags |= SQLITE_OPEN_MAIN_DB;
+  rc = sqlite3BtreeOpen(pVfs, zPath, db, &aNew->pBt, 0, flags);
+  sqlite3_free( zPath );
+  db->nDb++;
+  if( rc==SQLITE_CONSTRAINT ){
+    rc = SQLITE_ERROR;
+    zErrDyn = sqlite3MPrintf(db, "database is already attached");
+  }else if( rc==SQLITE_OK ){
+    Pager *pPager;
+    aNew->pSchema = sqlite3SchemaGet(db, aNew->pBt);
+    if( !aNew->pSchema ){
+      rc = SQLITE_NOMEM;
+    }else if( aNew->pSchema->file_format && aNew->pSchema->enc!=ENC(db) ){
+      zErrDyn = sqlite3MPrintf(db, 
+        "attached databases must use the same text encoding as main database");
+      rc = SQLITE_ERROR;
+    }
+    sqlite3BtreeEnter(aNew->pBt);
+    pPager = sqlite3BtreePager(aNew->pBt);
+    sqlite3PagerLockingMode(pPager, db->dfltLockMode);
+    sqlite3BtreeSecureDelete(aNew->pBt,
+                             sqlite3BtreeSecureDelete(db->aDb[0].pBt,-1) );
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+    sqlite3BtreeSetPagerFlags(aNew->pBt, 3 | (db->flags & PAGER_FLAGS_MASK));
+#endif
+    sqlite3BtreeLeave(aNew->pBt);
+  }
+  aNew->safety_level = 3;
+  aNew->zName = sqlite3DbStrDup(db, zName);
+  if( rc==SQLITE_OK && aNew->zName==0 ){
+    rc = SQLITE_NOMEM;
+  }
+
+
+#ifdef SQLITE_HAS_CODEC
+  if( rc==SQLITE_OK ){
+    extern int sqlite3CodecAttach(sqlite3*, int, const void*, int);
+    extern void sqlite3CodecGetKey(sqlite3*, int, void**, int*);
+    int nKey;
+    char *zKey;
+    int t = sqlite3_value_type(argv[2]);
+    switch( t ){
+      case SQLITE_INTEGER:
+      case SQLITE_FLOAT:
+        zErrDyn = sqlite3DbStrDup(db, "Invalid key value");
+        rc = SQLITE_ERROR;
+        break;
+        
+      case SQLITE_TEXT:
+      case SQLITE_BLOB:
+        nKey = sqlite3_value_bytes(argv[2]);
+        zKey = (char *)sqlite3_value_blob(argv[2]);
+        rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
+        break;
+
+      case SQLITE_NULL:
+        /* No key specified.  Use the key from the main database */
+        sqlite3CodecGetKey(db, 0, (void**)&zKey, &nKey);
+        if( nKey>0 || sqlite3BtreeGetOptimalReserve(db->aDb[0].pBt)>0 ){
+          rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
+        }
+        break;
+    }
+  }
+#endif
+
+  /* If the file was opened successfully, read the schema for the new database.
+  ** If this fails, or if opening the file failed, then close the file and 
+  ** remove the entry from the db->aDb[] array. i.e. put everything back the way
+  ** we found it.
+  */
+  if( rc==SQLITE_OK ){
+    sqlite3BtreeEnterAll(db);
+    rc = sqlite3Init(db, &zErrDyn);
+    sqlite3BtreeLeaveAll(db);
+  }
+#ifdef SQLITE_USER_AUTHENTICATION
+  if( rc==SQLITE_OK ){
+    u8 newAuth = 0;
+    rc = sqlite3UserAuthCheckLogin(db, zName, &newAuth);
+    if( newAuth<db->auth.authLevel ){
+      rc = SQLITE_AUTH_USER;
+    }
+  }
+#endif
+  if( rc ){
+    int iDb = db->nDb - 1;
+    assert( iDb>=2 );
+    if( db->aDb[iDb].pBt ){
+      sqlite3BtreeClose(db->aDb[iDb].pBt);
+      db->aDb[iDb].pBt = 0;
+      db->aDb[iDb].pSchema = 0;
+    }
+    sqlite3ResetAllSchemasOfConnection(db);
+    db->nDb = iDb;
+    if( rc==SQLITE_NOMEM || rc==SQLITE_IOERR_NOMEM ){
+      db->mallocFailed = 1;
+      sqlite3DbFree(db, zErrDyn);
+      zErrDyn = sqlite3MPrintf(db, "out of memory");
+    }else if( zErrDyn==0 ){
+      zErrDyn = sqlite3MPrintf(db, "unable to open database: %s", zFile);
+    }
+    goto attach_error;
+  }
+  
+  return;
+
+attach_error:
+  /* Return an error if we get here */
+  if( zErrDyn ){
+    sqlite3_result_error(context, zErrDyn, -1);
+    sqlite3DbFree(db, zErrDyn);
+  }
+  if( rc ) sqlite3_result_error_code(context, rc);
+}
+
+/*
+** An SQL user-function registered to do the work of an DETACH statement. The
+** three arguments to the function come directly from a detach statement:
+**
+**     DETACH DATABASE x
+**
+**     SELECT sqlite_detach(x)
+*/
+static void detachFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **argv
+){
+  const char *zName = (const char *)sqlite3_value_text(argv[0]);
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  int i;
+  Db *pDb = 0;
+  char zErr[128];
+
+  UNUSED_PARAMETER(NotUsed);
+
+  if( zName==0 ) zName = "";
+  for(i=0; i<db->nDb; i++){
+    pDb = &db->aDb[i];
+    if( pDb->pBt==0 ) continue;
+    if( sqlite3StrICmp(pDb->zName, zName)==0 ) break;
+  }
+
+  if( i>=db->nDb ){
+    sqlite3_snprintf(sizeof(zErr),zErr, "no such database: %s", zName);
+    goto detach_error;
+  }
+  if( i<2 ){
+    sqlite3_snprintf(sizeof(zErr),zErr, "cannot detach database %s", zName);
+    goto detach_error;
+  }
+  if( !db->autoCommit ){
+    sqlite3_snprintf(sizeof(zErr), zErr,
+                     "cannot DETACH database within transaction");
+    goto detach_error;
+  }
+  if( sqlite3BtreeIsInReadTrans(pDb->pBt) || sqlite3BtreeIsInBackup(pDb->pBt) ){
+    sqlite3_snprintf(sizeof(zErr),zErr, "database %s is locked", zName);
+    goto detach_error;
+  }
+
+  sqlite3BtreeClose(pDb->pBt);
+  pDb->pBt = 0;
+  pDb->pSchema = 0;
+  sqlite3CollapseDatabaseArray(db);
+  return;
+
+detach_error:
+  sqlite3_result_error(context, zErr, -1);
+}
+
+/*
+** This procedure generates VDBE code for a single invocation of either the
+** sqlite_detach() or sqlite_attach() SQL user functions.
+*/
+static void codeAttach(
+  Parse *pParse,       /* The parser context */
+  int type,            /* Either SQLITE_ATTACH or SQLITE_DETACH */
+  FuncDef const *pFunc,/* FuncDef wrapper for detachFunc() or attachFunc() */
+  Expr *pAuthArg,      /* Expression to pass to authorization callback */
+  Expr *pFilename,     /* Name of database file */
+  Expr *pDbname,       /* Name of the database to use internally */
+  Expr *pKey           /* Database key for encryption extension */
+){
+  int rc;
+  NameContext sName;
+  Vdbe *v;
+  sqlite3* db = pParse->db;
+  int regArgs;
+
+  memset(&sName, 0, sizeof(NameContext));
+  sName.pParse = pParse;
+
+  if( 
+      SQLITE_OK!=(rc = resolveAttachExpr(&sName, pFilename)) ||
+      SQLITE_OK!=(rc = resolveAttachExpr(&sName, pDbname)) ||
+      SQLITE_OK!=(rc = resolveAttachExpr(&sName, pKey))
+  ){
+    goto attach_end;
+  }
+
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  if( pAuthArg ){
+    char *zAuthArg;
+    if( pAuthArg->op==TK_STRING ){
+      zAuthArg = pAuthArg->u.zToken;
+    }else{
+      zAuthArg = 0;
+    }
+    rc = sqlite3AuthCheck(pParse, type, zAuthArg, 0, 0);
+    if(rc!=SQLITE_OK ){
+      goto attach_end;
+    }
+  }
+#endif /* SQLITE_OMIT_AUTHORIZATION */
+
+
+  v = sqlite3GetVdbe(pParse);
+  regArgs = sqlite3GetTempRange(pParse, 4);
+  sqlite3ExprCode(pParse, pFilename, regArgs);
+  sqlite3ExprCode(pParse, pDbname, regArgs+1);
+  sqlite3ExprCode(pParse, pKey, regArgs+2);
+
+  assert( v || db->mallocFailed );
+  if( v ){
+    sqlite3VdbeAddOp3(v, OP_Function0, 0, regArgs+3-pFunc->nArg, regArgs+3);
+    assert( pFunc->nArg==-1 || (pFunc->nArg&0xff)==pFunc->nArg );
+    sqlite3VdbeChangeP5(v, (u8)(pFunc->nArg));
+    sqlite3VdbeChangeP4(v, -1, (char *)pFunc, P4_FUNCDEF);
+
+    /* Code an OP_Expire. For an ATTACH statement, set P1 to true (expire this
+    ** statement only). For DETACH, set it to false (expire all existing
+    ** statements).
+    */
+    sqlite3VdbeAddOp1(v, OP_Expire, (type==SQLITE_ATTACH));
+  }
+  
+attach_end:
+  sqlite3ExprDelete(db, pFilename);
+  sqlite3ExprDelete(db, pDbname);
+  sqlite3ExprDelete(db, pKey);
+}
+
+/*
+** Called by the parser to compile a DETACH statement.
+**
+**     DETACH pDbname
+*/
+SQLITE_PRIVATE void sqlite3Detach(Parse *pParse, Expr *pDbname){
+  static const FuncDef detach_func = {
+    1,                /* nArg */
+    SQLITE_UTF8,      /* funcFlags */
+    0,                /* pUserData */
+    0,                /* pNext */
+    detachFunc,       /* xFunc */
+    0,                /* xStep */
+    0,                /* xFinalize */
+    "sqlite_detach",  /* zName */
+    0,                /* pHash */
+    0                 /* pDestructor */
+  };
+  codeAttach(pParse, SQLITE_DETACH, &detach_func, pDbname, 0, 0, pDbname);
+}
+
+/*
+** Called by the parser to compile an ATTACH statement.
+**
+**     ATTACH p AS pDbname KEY pKey
+*/
+SQLITE_PRIVATE void sqlite3Attach(Parse *pParse, Expr *p, Expr *pDbname, Expr *pKey){
+  static const FuncDef attach_func = {
+    3,                /* nArg */
+    SQLITE_UTF8,      /* funcFlags */
+    0,                /* pUserData */
+    0,                /* pNext */
+    attachFunc,       /* xFunc */
+    0,                /* xStep */
+    0,                /* xFinalize */
+    "sqlite_attach",  /* zName */
+    0,                /* pHash */
+    0                 /* pDestructor */
+  };
+  codeAttach(pParse, SQLITE_ATTACH, &attach_func, p, p, pDbname, pKey);
+}
+#endif /* SQLITE_OMIT_ATTACH */
+
+/*
+** Initialize a DbFixer structure.  This routine must be called prior
+** to passing the structure to one of the sqliteFixAAAA() routines below.
+*/
+SQLITE_PRIVATE void sqlite3FixInit(
+  DbFixer *pFix,      /* The fixer to be initialized */
+  Parse *pParse,      /* Error messages will be written here */
+  int iDb,            /* This is the database that must be used */
+  const char *zType,  /* "view", "trigger", or "index" */
+  const Token *pName  /* Name of the view, trigger, or index */
+){
+  sqlite3 *db;
+
+  db = pParse->db;
+  assert( db->nDb>iDb );
+  pFix->pParse = pParse;
+  pFix->zDb = db->aDb[iDb].zName;
+  pFix->pSchema = db->aDb[iDb].pSchema;
+  pFix->zType = zType;
+  pFix->pName = pName;
+  pFix->bVarOnly = (iDb==1);
+}
+
+/*
+** The following set of routines walk through the parse tree and assign
+** a specific database to all table references where the database name
+** was left unspecified in the original SQL statement.  The pFix structure
+** must have been initialized by a prior call to sqlite3FixInit().
+**
+** These routines are used to make sure that an index, trigger, or
+** view in one database does not refer to objects in a different database.
+** (Exception: indices, triggers, and views in the TEMP database are
+** allowed to refer to anything.)  If a reference is explicitly made
+** to an object in a different database, an error message is added to
+** pParse->zErrMsg and these routines return non-zero.  If everything
+** checks out, these routines return 0.
+*/
+SQLITE_PRIVATE int sqlite3FixSrcList(
+  DbFixer *pFix,       /* Context of the fixation */
+  SrcList *pList       /* The Source list to check and modify */
+){
+  int i;
+  const char *zDb;
+  struct SrcList_item *pItem;
+
+  if( NEVER(pList==0) ) return 0;
+  zDb = pFix->zDb;
+  for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
+    if( pFix->bVarOnly==0 ){
+      if( pItem->zDatabase && sqlite3StrICmp(pItem->zDatabase, zDb) ){
+        sqlite3ErrorMsg(pFix->pParse,
+            "%s %T cannot reference objects in database %s",
+            pFix->zType, pFix->pName, pItem->zDatabase);
+        return 1;
+      }
+      sqlite3DbFree(pFix->pParse->db, pItem->zDatabase);
+      pItem->zDatabase = 0;
+      pItem->pSchema = pFix->pSchema;
+    }
+#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
+    if( sqlite3FixSelect(pFix, pItem->pSelect) ) return 1;
+    if( sqlite3FixExpr(pFix, pItem->pOn) ) return 1;
+#endif
+  }
+  return 0;
+}
+#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_TRIGGER)
+SQLITE_PRIVATE int sqlite3FixSelect(
+  DbFixer *pFix,       /* Context of the fixation */
+  Select *pSelect      /* The SELECT statement to be fixed to one database */
+){
+  while( pSelect ){
+    if( sqlite3FixExprList(pFix, pSelect->pEList) ){
+      return 1;
+    }
+    if( sqlite3FixSrcList(pFix, pSelect->pSrc) ){
+      return 1;
+    }
+    if( sqlite3FixExpr(pFix, pSelect->pWhere) ){
+      return 1;
+    }
+    if( sqlite3FixExprList(pFix, pSelect->pGroupBy) ){
+      return 1;
+    }
+    if( sqlite3FixExpr(pFix, pSelect->pHaving) ){
+      return 1;
+    }
+    if( sqlite3FixExprList(pFix, pSelect->pOrderBy) ){
+      return 1;
+    }
+    if( sqlite3FixExpr(pFix, pSelect->pLimit) ){
+      return 1;
+    }
+    if( sqlite3FixExpr(pFix, pSelect->pOffset) ){
+      return 1;
+    }
+    pSelect = pSelect->pPrior;
+  }
+  return 0;
+}
+SQLITE_PRIVATE int sqlite3FixExpr(
+  DbFixer *pFix,     /* Context of the fixation */
+  Expr *pExpr        /* The expression to be fixed to one database */
+){
+  while( pExpr ){
+    if( pExpr->op==TK_VARIABLE ){
+      if( pFix->pParse->db->init.busy ){
+        pExpr->op = TK_NULL;
+      }else{
+        sqlite3ErrorMsg(pFix->pParse, "%s cannot use variables", pFix->zType);
+        return 1;
+      }
+    }
+    if( ExprHasProperty(pExpr, EP_TokenOnly) ) break;
+    if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+      if( sqlite3FixSelect(pFix, pExpr->x.pSelect) ) return 1;
+    }else{
+      if( sqlite3FixExprList(pFix, pExpr->x.pList) ) return 1;
+    }
+    if( sqlite3FixExpr(pFix, pExpr->pRight) ){
+      return 1;
+    }
+    pExpr = pExpr->pLeft;
+  }
+  return 0;
+}
+SQLITE_PRIVATE int sqlite3FixExprList(
+  DbFixer *pFix,     /* Context of the fixation */
+  ExprList *pList    /* The expression to be fixed to one database */
+){
+  int i;
+  struct ExprList_item *pItem;
+  if( pList==0 ) return 0;
+  for(i=0, pItem=pList->a; i<pList->nExpr; i++, pItem++){
+    if( sqlite3FixExpr(pFix, pItem->pExpr) ){
+      return 1;
+    }
+  }
+  return 0;
+}
+#endif
+
+#ifndef SQLITE_OMIT_TRIGGER
+SQLITE_PRIVATE int sqlite3FixTriggerStep(
+  DbFixer *pFix,     /* Context of the fixation */
+  TriggerStep *pStep /* The trigger step be fixed to one database */
+){
+  while( pStep ){
+    if( sqlite3FixSelect(pFix, pStep->pSelect) ){
+      return 1;
+    }
+    if( sqlite3FixExpr(pFix, pStep->pWhere) ){
+      return 1;
+    }
+    if( sqlite3FixExprList(pFix, pStep->pExprList) ){
+      return 1;
+    }
+    pStep = pStep->pNext;
+  }
+  return 0;
+}
+#endif
+
+/************** End of attach.c **********************************************/
+/************** Begin file auth.c ********************************************/
+/*
+** 2003 January 11
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used to implement the sqlite3_set_authorizer()
+** API.  This facility is an optional feature of the library.  Embedded
+** systems that do not need this facility may omit it by recompiling
+** the library with -DSQLITE_OMIT_AUTHORIZATION=1
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** All of the code in this file may be omitted by defining a single
+** macro.
+*/
+#ifndef SQLITE_OMIT_AUTHORIZATION
+
+/*
+** Set or clear the access authorization function.
+**
+** The access authorization function is be called during the compilation
+** phase to verify that the user has read and/or write access permission on
+** various fields of the database.  The first argument to the auth function
+** is a copy of the 3rd argument to this routine.  The second argument
+** to the auth function is one of these constants:
+**
+**       SQLITE_CREATE_INDEX
+**       SQLITE_CREATE_TABLE
+**       SQLITE_CREATE_TEMP_INDEX
+**       SQLITE_CREATE_TEMP_TABLE
+**       SQLITE_CREATE_TEMP_TRIGGER
+**       SQLITE_CREATE_TEMP_VIEW
+**       SQLITE_CREATE_TRIGGER
+**       SQLITE_CREATE_VIEW
+**       SQLITE_DELETE
+**       SQLITE_DROP_INDEX
+**       SQLITE_DROP_TABLE
+**       SQLITE_DROP_TEMP_INDEX
+**       SQLITE_DROP_TEMP_TABLE
+**       SQLITE_DROP_TEMP_TRIGGER
+**       SQLITE_DROP_TEMP_VIEW
+**       SQLITE_DROP_TRIGGER
+**       SQLITE_DROP_VIEW
+**       SQLITE_INSERT
+**       SQLITE_PRAGMA
+**       SQLITE_READ
+**       SQLITE_SELECT
+**       SQLITE_TRANSACTION
+**       SQLITE_UPDATE
+**
+** The third and fourth arguments to the auth function are the name of
+** the table and the column that are being accessed.  The auth function
+** should return either SQLITE_OK, SQLITE_DENY, or SQLITE_IGNORE.  If
+** SQLITE_OK is returned, it means that access is allowed.  SQLITE_DENY
+** means that the SQL statement will never-run - the sqlite3_exec() call
+** will return with an error.  SQLITE_IGNORE means that the SQL statement
+** should run but attempts to read the specified column will return NULL
+** and attempts to write the column will be ignored.
+**
+** Setting the auth function to NULL disables this hook.  The default
+** setting of the auth function is NULL.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_set_authorizer(
+  sqlite3 *db,
+  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
+  void *pArg
+){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  db->xAuth = (sqlite3_xauth)xAuth;
+  db->pAuthArg = pArg;
+  sqlite3ExpirePreparedStatements(db);
+  sqlite3_mutex_leave(db->mutex);
+  return SQLITE_OK;
+}
+
+/*
+** Write an error message into pParse->zErrMsg that explains that the
+** user-supplied authorization function returned an illegal value.
+*/
+static void sqliteAuthBadReturnCode(Parse *pParse){
+  sqlite3ErrorMsg(pParse, "authorizer malfunction");
+  pParse->rc = SQLITE_ERROR;
+}
+
+/*
+** Invoke the authorization callback for permission to read column zCol from
+** table zTab in database zDb. This function assumes that an authorization
+** callback has been registered (i.e. that sqlite3.xAuth is not NULL).
+**
+** If SQLITE_IGNORE is returned and pExpr is not NULL, then pExpr is changed
+** to an SQL NULL expression. Otherwise, if pExpr is NULL, then SQLITE_IGNORE
+** is treated as SQLITE_DENY. In this case an error is left in pParse.
+*/
+SQLITE_PRIVATE int sqlite3AuthReadCol(
+  Parse *pParse,                  /* The parser context */
+  const char *zTab,               /* Table name */
+  const char *zCol,               /* Column name */
+  int iDb                         /* Index of containing database. */
+){
+  sqlite3 *db = pParse->db;       /* Database handle */
+  char *zDb = db->aDb[iDb].zName; /* Name of attached database */
+  int rc;                         /* Auth callback return code */
+
+  rc = db->xAuth(db->pAuthArg, SQLITE_READ, zTab,zCol,zDb,pParse->zAuthContext
+#ifdef SQLITE_USER_AUTHENTICATION
+                 ,db->auth.zAuthUser
+#endif
+                );
+  if( rc==SQLITE_DENY ){
+    if( db->nDb>2 || iDb!=0 ){
+      sqlite3ErrorMsg(pParse, "access to %s.%s.%s is prohibited",zDb,zTab,zCol);
+    }else{
+      sqlite3ErrorMsg(pParse, "access to %s.%s is prohibited", zTab, zCol);
+    }
+    pParse->rc = SQLITE_AUTH;
+  }else if( rc!=SQLITE_IGNORE && rc!=SQLITE_OK ){
+    sqliteAuthBadReturnCode(pParse);
+  }
+  return rc;
+}
+
+/*
+** The pExpr should be a TK_COLUMN expression.  The table referred to
+** is in pTabList or else it is the NEW or OLD table of a trigger.  
+** Check to see if it is OK to read this particular column.
+**
+** If the auth function returns SQLITE_IGNORE, change the TK_COLUMN 
+** instruction into a TK_NULL.  If the auth function returns SQLITE_DENY,
+** then generate an error.
+*/
+SQLITE_PRIVATE void sqlite3AuthRead(
+  Parse *pParse,        /* The parser context */
+  Expr *pExpr,          /* The expression to check authorization on */
+  Schema *pSchema,      /* The schema of the expression */
+  SrcList *pTabList     /* All table that pExpr might refer to */
+){
+  sqlite3 *db = pParse->db;
+  Table *pTab = 0;      /* The table being read */
+  const char *zCol;     /* Name of the column of the table */
+  int iSrc;             /* Index in pTabList->a[] of table being read */
+  int iDb;              /* The index of the database the expression refers to */
+  int iCol;             /* Index of column in table */
+
+  if( db->xAuth==0 ) return;
+  iDb = sqlite3SchemaToIndex(pParse->db, pSchema);
+  if( iDb<0 ){
+    /* An attempt to read a column out of a subquery or other
+    ** temporary table. */
+    return;
+  }
+
+  assert( pExpr->op==TK_COLUMN || pExpr->op==TK_TRIGGER );
+  if( pExpr->op==TK_TRIGGER ){
+    pTab = pParse->pTriggerTab;
+  }else{
+    assert( pTabList );
+    for(iSrc=0; ALWAYS(iSrc<pTabList->nSrc); iSrc++){
+      if( pExpr->iTable==pTabList->a[iSrc].iCursor ){
+        pTab = pTabList->a[iSrc].pTab;
+        break;
+      }
+    }
+  }
+  iCol = pExpr->iColumn;
+  if( NEVER(pTab==0) ) return;
+
+  if( iCol>=0 ){
+    assert( iCol<pTab->nCol );
+    zCol = pTab->aCol[iCol].zName;
+  }else if( pTab->iPKey>=0 ){
+    assert( pTab->iPKey<pTab->nCol );
+    zCol = pTab->aCol[pTab->iPKey].zName;
+  }else{
+    zCol = "ROWID";
+  }
+  assert( iDb>=0 && iDb<db->nDb );
+  if( SQLITE_IGNORE==sqlite3AuthReadCol(pParse, pTab->zName, zCol, iDb) ){
+    pExpr->op = TK_NULL;
+  }
+}
+
+/*
+** Do an authorization check using the code and arguments given.  Return
+** either SQLITE_OK (zero) or SQLITE_IGNORE or SQLITE_DENY.  If SQLITE_DENY
+** is returned, then the error count and error message in pParse are
+** modified appropriately.
+*/
+SQLITE_PRIVATE int sqlite3AuthCheck(
+  Parse *pParse,
+  int code,
+  const char *zArg1,
+  const char *zArg2,
+  const char *zArg3
+){
+  sqlite3 *db = pParse->db;
+  int rc;
+
+  /* Don't do any authorization checks if the database is initialising
+  ** or if the parser is being invoked from within sqlite3_declare_vtab.
+  */
+  if( db->init.busy || IN_DECLARE_VTAB ){
+    return SQLITE_OK;
+  }
+
+  if( db->xAuth==0 ){
+    return SQLITE_OK;
+  }
+  rc = db->xAuth(db->pAuthArg, code, zArg1, zArg2, zArg3, pParse->zAuthContext
+#ifdef SQLITE_USER_AUTHENTICATION
+                 ,db->auth.zAuthUser
+#endif
+                );
+  if( rc==SQLITE_DENY ){
+    sqlite3ErrorMsg(pParse, "not authorized");
+    pParse->rc = SQLITE_AUTH;
+  }else if( rc!=SQLITE_OK && rc!=SQLITE_IGNORE ){
+    rc = SQLITE_DENY;
+    sqliteAuthBadReturnCode(pParse);
+  }
+  return rc;
+}
+
+/*
+** Push an authorization context.  After this routine is called, the
+** zArg3 argument to authorization callbacks will be zContext until
+** popped.  Or if pParse==0, this routine is a no-op.
+*/
+SQLITE_PRIVATE void sqlite3AuthContextPush(
+  Parse *pParse,
+  AuthContext *pContext, 
+  const char *zContext
+){
+  assert( pParse );
+  pContext->pParse = pParse;
+  pContext->zAuthContext = pParse->zAuthContext;
+  pParse->zAuthContext = zContext;
+}
+
+/*
+** Pop an authorization context that was previously pushed
+** by sqlite3AuthContextPush
+*/
+SQLITE_PRIVATE void sqlite3AuthContextPop(AuthContext *pContext){
+  if( pContext->pParse ){
+    pContext->pParse->zAuthContext = pContext->zAuthContext;
+    pContext->pParse = 0;
+  }
+}
+
+#endif /* SQLITE_OMIT_AUTHORIZATION */
+
+/************** End of auth.c ************************************************/
+/************** Begin file build.c *******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains C code routines that are called by the SQLite parser
+** when syntax rules are reduced.  The routines in this file handle the
+** following kinds of SQL syntax:
+**
+**     CREATE TABLE
+**     DROP TABLE
+**     CREATE INDEX
+**     DROP INDEX
+**     creating ID lists
+**     BEGIN TRANSACTION
+**     COMMIT
+**     ROLLBACK
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** This routine is called when a new SQL statement is beginning to
+** be parsed.  Initialize the pParse structure as needed.
+*/
+SQLITE_PRIVATE void sqlite3BeginParse(Parse *pParse, int explainFlag){
+  pParse->explain = (u8)explainFlag;
+  pParse->nVar = 0;
+}
+
+#ifndef SQLITE_OMIT_SHARED_CACHE
+/*
+** The TableLock structure is only used by the sqlite3TableLock() and
+** codeTableLocks() functions.
+*/
+struct TableLock {
+  int iDb;             /* The database containing the table to be locked */
+  int iTab;            /* The root page of the table to be locked */
+  u8 isWriteLock;      /* True for write lock.  False for a read lock */
+  const char *zName;   /* Name of the table */
+};
+
+/*
+** Record the fact that we want to lock a table at run-time.  
+**
+** The table to be locked has root page iTab and is found in database iDb.
+** A read or a write lock can be taken depending on isWritelock.
+**
+** This routine just records the fact that the lock is desired.  The
+** code to make the lock occur is generated by a later call to
+** codeTableLocks() which occurs during sqlite3FinishCoding().
+*/
+SQLITE_PRIVATE void sqlite3TableLock(
+  Parse *pParse,     /* Parsing context */
+  int iDb,           /* Index of the database containing the table to lock */
+  int iTab,          /* Root page number of the table to be locked */
+  u8 isWriteLock,    /* True for a write lock */
+  const char *zName  /* Name of the table to be locked */
+){
+  Parse *pToplevel = sqlite3ParseToplevel(pParse);
+  int i;
+  int nBytes;
+  TableLock *p;
+  assert( iDb>=0 );
+
+  for(i=0; i<pToplevel->nTableLock; i++){
+    p = &pToplevel->aTableLock[i];
+    if( p->iDb==iDb && p->iTab==iTab ){
+      p->isWriteLock = (p->isWriteLock || isWriteLock);
+      return;
+    }
+  }
+
+  nBytes = sizeof(TableLock) * (pToplevel->nTableLock+1);
+  pToplevel->aTableLock =
+      sqlite3DbReallocOrFree(pToplevel->db, pToplevel->aTableLock, nBytes);
+  if( pToplevel->aTableLock ){
+    p = &pToplevel->aTableLock[pToplevel->nTableLock++];
+    p->iDb = iDb;
+    p->iTab = iTab;
+    p->isWriteLock = isWriteLock;
+    p->zName = zName;
+  }else{
+    pToplevel->nTableLock = 0;
+    pToplevel->db->mallocFailed = 1;
+  }
+}
+
+/*
+** Code an OP_TableLock instruction for each table locked by the
+** statement (configured by calls to sqlite3TableLock()).
+*/
+static void codeTableLocks(Parse *pParse){
+  int i;
+  Vdbe *pVdbe; 
+
+  pVdbe = sqlite3GetVdbe(pParse);
+  assert( pVdbe!=0 ); /* sqlite3GetVdbe cannot fail: VDBE already allocated */
+
+  for(i=0; i<pParse->nTableLock; i++){
+    TableLock *p = &pParse->aTableLock[i];
+    int p1 = p->iDb;
+    sqlite3VdbeAddOp4(pVdbe, OP_TableLock, p1, p->iTab, p->isWriteLock,
+                      p->zName, P4_STATIC);
+  }
+}
+#else
+  #define codeTableLocks(x)
+#endif
+
+/*
+** Return TRUE if the given yDbMask object is empty - if it contains no
+** 1 bits.  This routine is used by the DbMaskAllZero() and DbMaskNotZero()
+** macros when SQLITE_MAX_ATTACHED is greater than 30.
+*/
+#if SQLITE_MAX_ATTACHED>30
+SQLITE_PRIVATE int sqlite3DbMaskAllZero(yDbMask m){
+  int i;
+  for(i=0; i<sizeof(yDbMask); i++) if( m[i] ) return 0;
+  return 1;
+}
+#endif
+
+/*
+** This routine is called after a single SQL statement has been
+** parsed and a VDBE program to execute that statement has been
+** prepared.  This routine puts the finishing touches on the
+** VDBE program and resets the pParse structure for the next
+** parse.
+**
+** Note that if an error occurred, it might be the case that
+** no VDBE code was generated.
+*/
+SQLITE_PRIVATE void sqlite3FinishCoding(Parse *pParse){
+  sqlite3 *db;
+  Vdbe *v;
+
+  assert( pParse->pToplevel==0 );
+  db = pParse->db;
+  if( pParse->nested ) return;
+  if( db->mallocFailed || pParse->nErr ){
+    if( pParse->rc==SQLITE_OK ) pParse->rc = SQLITE_ERROR;
+    return;
+  }
+
+  /* Begin by generating some termination code at the end of the
+  ** vdbe program
+  */
+  v = sqlite3GetVdbe(pParse);
+  assert( !pParse->isMultiWrite 
+       || sqlite3VdbeAssertMayAbort(v, pParse->mayAbort));
+  if( v ){
+    while( sqlite3VdbeDeletePriorOpcode(v, OP_Close) ){}
+    sqlite3VdbeAddOp0(v, OP_Halt);
+
+#if SQLITE_USER_AUTHENTICATION
+    if( pParse->nTableLock>0 && db->init.busy==0 ){
+      sqlite3UserAuthInit(db);
+      if( db->auth.authLevel<UAUTH_User ){
+        pParse->rc = SQLITE_AUTH_USER;
+        sqlite3ErrorMsg(pParse, "user not authenticated");
+        return;
+      }
+    }
+#endif
+
+    /* The cookie mask contains one bit for each database file open.
+    ** (Bit 0 is for main, bit 1 is for temp, and so forth.)  Bits are
+    ** set for each database that is used.  Generate code to start a
+    ** transaction on each used database and to verify the schema cookie
+    ** on each used database.
+    */
+    if( db->mallocFailed==0 
+     && (DbMaskNonZero(pParse->cookieMask) || pParse->pConstExpr)
+    ){
+      int iDb, i;
+      assert( sqlite3VdbeGetOp(v, 0)->opcode==OP_Init );
+      sqlite3VdbeJumpHere(v, 0);
+      for(iDb=0; iDb<db->nDb; iDb++){
+        if( DbMaskTest(pParse->cookieMask, iDb)==0 ) continue;
+        sqlite3VdbeUsesBtree(v, iDb);
+        sqlite3VdbeAddOp4Int(v,
+          OP_Transaction,                    /* Opcode */
+          iDb,                               /* P1 */
+          DbMaskTest(pParse->writeMask,iDb), /* P2 */
+          pParse->cookieValue[iDb],          /* P3 */
+          db->aDb[iDb].pSchema->iGeneration  /* P4 */
+        );
+        if( db->init.busy==0 ) sqlite3VdbeChangeP5(v, 1);
+        VdbeComment((v,
+              "usesStmtJournal=%d", pParse->mayAbort && pParse->isMultiWrite));
+      }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+      for(i=0; i<pParse->nVtabLock; i++){
+        char *vtab = (char *)sqlite3GetVTable(db, pParse->apVtabLock[i]);
+        sqlite3VdbeAddOp4(v, OP_VBegin, 0, 0, 0, vtab, P4_VTAB);
+      }
+      pParse->nVtabLock = 0;
+#endif
+
+      /* Once all the cookies have been verified and transactions opened, 
+      ** obtain the required table-locks. This is a no-op unless the 
+      ** shared-cache feature is enabled.
+      */
+      codeTableLocks(pParse);
+
+      /* Initialize any AUTOINCREMENT data structures required.
+      */
+      sqlite3AutoincrementBegin(pParse);
+
+      /* Code constant expressions that where factored out of inner loops */
+      if( pParse->pConstExpr ){
+        ExprList *pEL = pParse->pConstExpr;
+        pParse->okConstFactor = 0;
+        for(i=0; i<pEL->nExpr; i++){
+          sqlite3ExprCode(pParse, pEL->a[i].pExpr, pEL->a[i].u.iConstExprReg);
+        }
+      }
+
+      /* Finally, jump back to the beginning of the executable code. */
+      sqlite3VdbeGoto(v, 1);
+    }
+  }
+
+
+  /* Get the VDBE program ready for execution
+  */
+  if( v && pParse->nErr==0 && !db->mallocFailed ){
+    assert( pParse->iCacheLevel==0 );  /* Disables and re-enables match */
+    /* A minimum of one cursor is required if autoincrement is used
+    *  See ticket [a696379c1f08866] */
+    if( pParse->pAinc!=0 && pParse->nTab==0 ) pParse->nTab = 1;
+    sqlite3VdbeMakeReady(v, pParse);
+    pParse->rc = SQLITE_DONE;
+    pParse->colNamesSet = 0;
+  }else{
+    pParse->rc = SQLITE_ERROR;
+  }
+  pParse->nTab = 0;
+  pParse->nMem = 0;
+  pParse->nSet = 0;
+  pParse->nVar = 0;
+  DbMaskZero(pParse->cookieMask);
+}
+
+/*
+** Run the parser and code generator recursively in order to generate
+** code for the SQL statement given onto the end of the pParse context
+** currently under construction.  When the parser is run recursively
+** this way, the final OP_Halt is not appended and other initialization
+** and finalization steps are omitted because those are handling by the
+** outermost parser.
+**
+** Not everything is nestable.  This facility is designed to permit
+** INSERT, UPDATE, and DELETE operations against SQLITE_MASTER.  Use
+** care if you decide to try to use this routine for some other purposes.
+*/
+SQLITE_PRIVATE void sqlite3NestedParse(Parse *pParse, const char *zFormat, ...){
+  va_list ap;
+  char *zSql;
+  char *zErrMsg = 0;
+  sqlite3 *db = pParse->db;
+# define SAVE_SZ  (sizeof(Parse) - offsetof(Parse,nVar))
+  char saveBuf[SAVE_SZ];
+
+  if( pParse->nErr ) return;
+  assert( pParse->nested<10 );  /* Nesting should only be of limited depth */
+  va_start(ap, zFormat);
+  zSql = sqlite3VMPrintf(db, zFormat, ap);
+  va_end(ap);
+  if( zSql==0 ){
+    return;   /* A malloc must have failed */
+  }
+  pParse->nested++;
+  memcpy(saveBuf, &pParse->nVar, SAVE_SZ);
+  memset(&pParse->nVar, 0, SAVE_SZ);
+  sqlite3RunParser(pParse, zSql, &zErrMsg);
+  sqlite3DbFree(db, zErrMsg);
+  sqlite3DbFree(db, zSql);
+  memcpy(&pParse->nVar, saveBuf, SAVE_SZ);
+  pParse->nested--;
+}
+
+#if SQLITE_USER_AUTHENTICATION
+/*
+** Return TRUE if zTable is the name of the system table that stores the
+** list of users and their access credentials.
+*/
+SQLITE_PRIVATE int sqlite3UserAuthTable(const char *zTable){
+  return sqlite3_stricmp(zTable, "sqlite_user")==0;
+}
+#endif
+
+/*
+** Locate the in-memory structure that describes a particular database
+** table given the name of that table and (optionally) the name of the
+** database containing the table.  Return NULL if not found.
+**
+** If zDatabase is 0, all databases are searched for the table and the
+** first matching table is returned.  (No checking for duplicate table
+** names is done.)  The search order is TEMP first, then MAIN, then any
+** auxiliary databases added using the ATTACH command.
+**
+** See also sqlite3LocateTable().
+*/
+SQLITE_PRIVATE Table *sqlite3FindTable(sqlite3 *db, const char *zName, const char *zDatabase){
+  Table *p = 0;
+  int i;
+
+  /* All mutexes are required for schema access.  Make sure we hold them. */
+  assert( zDatabase!=0 || sqlite3BtreeHoldsAllMutexes(db) );
+#if SQLITE_USER_AUTHENTICATION
+  /* Only the admin user is allowed to know that the sqlite_user table
+  ** exists */
+  if( db->auth.authLevel<UAUTH_Admin && sqlite3UserAuthTable(zName)!=0 ){
+    return 0;
+  }
+#endif
+  for(i=OMIT_TEMPDB; i<db->nDb; i++){
+    int j = (i<2) ? i^1 : i;   /* Search TEMP before MAIN */
+    if( zDatabase!=0 && sqlite3StrICmp(zDatabase, db->aDb[j].zName) ) continue;
+    assert( sqlite3SchemaMutexHeld(db, j, 0) );
+    p = sqlite3HashFind(&db->aDb[j].pSchema->tblHash, zName);
+    if( p ) break;
+  }
+  return p;
+}
+
+/*
+** Locate the in-memory structure that describes a particular database
+** table given the name of that table and (optionally) the name of the
+** database containing the table.  Return NULL if not found.  Also leave an
+** error message in pParse->zErrMsg.
+**
+** The difference between this routine and sqlite3FindTable() is that this
+** routine leaves an error message in pParse->zErrMsg where
+** sqlite3FindTable() does not.
+*/
+SQLITE_PRIVATE Table *sqlite3LocateTable(
+  Parse *pParse,         /* context in which to report errors */
+  int isView,            /* True if looking for a VIEW rather than a TABLE */
+  const char *zName,     /* Name of the table we are looking for */
+  const char *zDbase     /* Name of the database.  Might be NULL */
+){
+  Table *p;
+
+  /* Read the database schema. If an error occurs, leave an error message
+  ** and code in pParse and return NULL. */
+  if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
+    return 0;
+  }
+
+  p = sqlite3FindTable(pParse->db, zName, zDbase);
+  if( p==0 ){
+    const char *zMsg = isView ? "no such view" : "no such table";
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    if( sqlite3FindDbName(pParse->db, zDbase)<1 ){
+      /* If zName is the not the name of a table in the schema created using
+      ** CREATE, then check to see if it is the name of an virtual table that
+      ** can be an eponymous virtual table. */
+      Module *pMod = (Module*)sqlite3HashFind(&pParse->db->aModule, zName);
+      if( pMod && sqlite3VtabEponymousTableInit(pParse, pMod) ){
+        return pMod->pEpoTab;
+      }
+    }
+#endif
+    if( zDbase ){
+      sqlite3ErrorMsg(pParse, "%s: %s.%s", zMsg, zDbase, zName);
+    }else{
+      sqlite3ErrorMsg(pParse, "%s: %s", zMsg, zName);
+    }
+    pParse->checkSchema = 1;
+  }
+
+  return p;
+}
+
+/*
+** Locate the table identified by *p.
+**
+** This is a wrapper around sqlite3LocateTable(). The difference between
+** sqlite3LocateTable() and this function is that this function restricts
+** the search to schema (p->pSchema) if it is not NULL. p->pSchema may be
+** non-NULL if it is part of a view or trigger program definition. See
+** sqlite3FixSrcList() for details.
+*/
+SQLITE_PRIVATE Table *sqlite3LocateTableItem(
+  Parse *pParse, 
+  int isView, 
+  struct SrcList_item *p
+){
+  const char *zDb;
+  assert( p->pSchema==0 || p->zDatabase==0 );
+  if( p->pSchema ){
+    int iDb = sqlite3SchemaToIndex(pParse->db, p->pSchema);
+    zDb = pParse->db->aDb[iDb].zName;
+  }else{
+    zDb = p->zDatabase;
+  }
+  return sqlite3LocateTable(pParse, isView, p->zName, zDb);
+}
+
+/*
+** Locate the in-memory structure that describes 
+** a particular index given the name of that index
+** and the name of the database that contains the index.
+** Return NULL if not found.
+**
+** If zDatabase is 0, all databases are searched for the
+** table and the first matching index is returned.  (No checking
+** for duplicate index names is done.)  The search order is
+** TEMP first, then MAIN, then any auxiliary databases added
+** using the ATTACH command.
+*/
+SQLITE_PRIVATE Index *sqlite3FindIndex(sqlite3 *db, const char *zName, const char *zDb){
+  Index *p = 0;
+  int i;
+  /* All mutexes are required for schema access.  Make sure we hold them. */
+  assert( zDb!=0 || sqlite3BtreeHoldsAllMutexes(db) );
+  for(i=OMIT_TEMPDB; i<db->nDb; i++){
+    int j = (i<2) ? i^1 : i;  /* Search TEMP before MAIN */
+    Schema *pSchema = db->aDb[j].pSchema;
+    assert( pSchema );
+    if( zDb && sqlite3StrICmp(zDb, db->aDb[j].zName) ) continue;
+    assert( sqlite3SchemaMutexHeld(db, j, 0) );
+    p = sqlite3HashFind(&pSchema->idxHash, zName);
+    if( p ) break;
+  }
+  return p;
+}
+
+/*
+** Reclaim the memory used by an index
+*/
+static void freeIndex(sqlite3 *db, Index *p){
+#ifndef SQLITE_OMIT_ANALYZE
+  sqlite3DeleteIndexSamples(db, p);
+#endif
+  sqlite3ExprDelete(db, p->pPartIdxWhere);
+  sqlite3ExprListDelete(db, p->aColExpr);
+  sqlite3DbFree(db, p->zColAff);
+  if( p->isResized ) sqlite3DbFree(db, (void *)p->azColl);
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  sqlite3_free(p->aiRowEst);
+#endif
+  sqlite3DbFree(db, p);
+}
+
+/*
+** For the index called zIdxName which is found in the database iDb,
+** unlike that index from its Table then remove the index from
+** the index hash table and free all memory structures associated
+** with the index.
+*/
+SQLITE_PRIVATE void sqlite3UnlinkAndDeleteIndex(sqlite3 *db, int iDb, const char *zIdxName){
+  Index *pIndex;
+  Hash *pHash;
+
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  pHash = &db->aDb[iDb].pSchema->idxHash;
+  pIndex = sqlite3HashInsert(pHash, zIdxName, 0);
+  if( ALWAYS(pIndex) ){
+    if( pIndex->pTable->pIndex==pIndex ){
+      pIndex->pTable->pIndex = pIndex->pNext;
+    }else{
+      Index *p;
+      /* Justification of ALWAYS();  The index must be on the list of
+      ** indices. */
+      p = pIndex->pTable->pIndex;
+      while( ALWAYS(p) && p->pNext!=pIndex ){ p = p->pNext; }
+      if( ALWAYS(p && p->pNext==pIndex) ){
+        p->pNext = pIndex->pNext;
+      }
+    }
+    freeIndex(db, pIndex);
+  }
+  db->flags |= SQLITE_InternChanges;
+}
+
+/*
+** Look through the list of open database files in db->aDb[] and if
+** any have been closed, remove them from the list.  Reallocate the
+** db->aDb[] structure to a smaller size, if possible.
+**
+** Entry 0 (the "main" database) and entry 1 (the "temp" database)
+** are never candidates for being collapsed.
+*/
+SQLITE_PRIVATE void sqlite3CollapseDatabaseArray(sqlite3 *db){
+  int i, j;
+  for(i=j=2; i<db->nDb; i++){
+    struct Db *pDb = &db->aDb[i];
+    if( pDb->pBt==0 ){
+      sqlite3DbFree(db, pDb->zName);
+      pDb->zName = 0;
+      continue;
+    }
+    if( j<i ){
+      db->aDb[j] = db->aDb[i];
+    }
+    j++;
+  }
+  memset(&db->aDb[j], 0, (db->nDb-j)*sizeof(db->aDb[j]));
+  db->nDb = j;
+  if( db->nDb<=2 && db->aDb!=db->aDbStatic ){
+    memcpy(db->aDbStatic, db->aDb, 2*sizeof(db->aDb[0]));
+    sqlite3DbFree(db, db->aDb);
+    db->aDb = db->aDbStatic;
+  }
+}
+
+/*
+** Reset the schema for the database at index iDb.  Also reset the
+** TEMP schema.
+*/
+SQLITE_PRIVATE void sqlite3ResetOneSchema(sqlite3 *db, int iDb){
+  Db *pDb;
+  assert( iDb<db->nDb );
+
+  /* Case 1:  Reset the single schema identified by iDb */
+  pDb = &db->aDb[iDb];
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  assert( pDb->pSchema!=0 );
+  sqlite3SchemaClear(pDb->pSchema);
+
+  /* If any database other than TEMP is reset, then also reset TEMP
+  ** since TEMP might be holding triggers that reference tables in the
+  ** other database.
+  */
+  if( iDb!=1 ){
+    pDb = &db->aDb[1];
+    assert( pDb->pSchema!=0 );
+    sqlite3SchemaClear(pDb->pSchema);
+  }
+  return;
+}
+
+/*
+** Erase all schema information from all attached databases (including
+** "main" and "temp") for a single database connection.
+*/
+SQLITE_PRIVATE void sqlite3ResetAllSchemasOfConnection(sqlite3 *db){
+  int i;
+  sqlite3BtreeEnterAll(db);
+  for(i=0; i<db->nDb; i++){
+    Db *pDb = &db->aDb[i];
+    if( pDb->pSchema ){
+      sqlite3SchemaClear(pDb->pSchema);
+    }
+  }
+  db->flags &= ~SQLITE_InternChanges;
+  sqlite3VtabUnlockList(db);
+  sqlite3BtreeLeaveAll(db);
+  sqlite3CollapseDatabaseArray(db);
+}
+
+/*
+** This routine is called when a commit occurs.
+*/
+SQLITE_PRIVATE void sqlite3CommitInternalChanges(sqlite3 *db){
+  db->flags &= ~SQLITE_InternChanges;
+}
+
+/*
+** Delete memory allocated for the column names of a table or view (the
+** Table.aCol[] array).
+*/
+SQLITE_PRIVATE void sqlite3DeleteColumnNames(sqlite3 *db, Table *pTable){
+  int i;
+  Column *pCol;
+  assert( pTable!=0 );
+  if( (pCol = pTable->aCol)!=0 ){
+    for(i=0; i<pTable->nCol; i++, pCol++){
+      sqlite3DbFree(db, pCol->zName);
+      sqlite3ExprDelete(db, pCol->pDflt);
+      sqlite3DbFree(db, pCol->zDflt);
+      sqlite3DbFree(db, pCol->zType);
+      sqlite3DbFree(db, pCol->zColl);
+    }
+    sqlite3DbFree(db, pTable->aCol);
+  }
+}
+
+/*
+** Remove the memory data structures associated with the given
+** Table.  No changes are made to disk by this routine.
+**
+** This routine just deletes the data structure.  It does not unlink
+** the table data structure from the hash table.  But it does destroy
+** memory structures of the indices and foreign keys associated with 
+** the table.
+**
+** The db parameter is optional.  It is needed if the Table object 
+** contains lookaside memory.  (Table objects in the schema do not use
+** lookaside memory, but some ephemeral Table objects do.)  Or the
+** db parameter can be used with db->pnBytesFreed to measure the memory
+** used by the Table object.
+*/
+SQLITE_PRIVATE void sqlite3DeleteTable(sqlite3 *db, Table *pTable){
+  Index *pIndex, *pNext;
+  TESTONLY( int nLookaside; ) /* Used to verify lookaside not used for schema */
+
+  assert( !pTable || pTable->nRef>0 );
+
+  /* Do not delete the table until the reference count reaches zero. */
+  if( !pTable ) return;
+  if( ((!db || db->pnBytesFreed==0) && (--pTable->nRef)>0) ) return;
+
+  /* Record the number of outstanding lookaside allocations in schema Tables
+  ** prior to doing any free() operations.  Since schema Tables do not use
+  ** lookaside, this number should not change. */
+  TESTONLY( nLookaside = (db && (pTable->tabFlags & TF_Ephemeral)==0) ?
+                         db->lookaside.nOut : 0 );
+
+  /* Delete all indices associated with this table. */
+  for(pIndex = pTable->pIndex; pIndex; pIndex=pNext){
+    pNext = pIndex->pNext;
+    assert( pIndex->pSchema==pTable->pSchema );
+    if( !db || db->pnBytesFreed==0 ){
+      char *zName = pIndex->zName; 
+      TESTONLY ( Index *pOld = ) sqlite3HashInsert(
+         &pIndex->pSchema->idxHash, zName, 0
+      );
+      assert( db==0 || sqlite3SchemaMutexHeld(db, 0, pIndex->pSchema) );
+      assert( pOld==pIndex || pOld==0 );
+    }
+    freeIndex(db, pIndex);
+  }
+
+  /* Delete any foreign keys attached to this table. */
+  sqlite3FkDelete(db, pTable);
+
+  /* Delete the Table structure itself.
+  */
+  sqlite3DeleteColumnNames(db, pTable);
+  sqlite3DbFree(db, pTable->zName);
+  sqlite3DbFree(db, pTable->zColAff);
+  sqlite3SelectDelete(db, pTable->pSelect);
+  sqlite3ExprListDelete(db, pTable->pCheck);
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  sqlite3VtabClear(db, pTable);
+#endif
+  sqlite3DbFree(db, pTable);
+
+  /* Verify that no lookaside memory was used by schema tables */
+  assert( nLookaside==0 || nLookaside==db->lookaside.nOut );
+}
+
+/*
+** Unlink the given table from the hash tables and the delete the
+** table structure with all its indices and foreign keys.
+*/
+SQLITE_PRIVATE void sqlite3UnlinkAndDeleteTable(sqlite3 *db, int iDb, const char *zTabName){
+  Table *p;
+  Db *pDb;
+
+  assert( db!=0 );
+  assert( iDb>=0 && iDb<db->nDb );
+  assert( zTabName );
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  testcase( zTabName[0]==0 );  /* Zero-length table names are allowed */
+  pDb = &db->aDb[iDb];
+  p = sqlite3HashInsert(&pDb->pSchema->tblHash, zTabName, 0);
+  sqlite3DeleteTable(db, p);
+  db->flags |= SQLITE_InternChanges;
+}
+
+/*
+** Given a token, return a string that consists of the text of that
+** token.  Space to hold the returned string
+** is obtained from sqliteMalloc() and must be freed by the calling
+** function.
+**
+** Any quotation marks (ex:  "name", 'name', [name], or `name`) that
+** surround the body of the token are removed.
+**
+** Tokens are often just pointers into the original SQL text and so
+** are not \000 terminated and are not persistent.  The returned string
+** is \000 terminated and is persistent.
+*/
+SQLITE_PRIVATE char *sqlite3NameFromToken(sqlite3 *db, Token *pName){
+  char *zName;
+  if( pName ){
+    zName = sqlite3DbStrNDup(db, (char*)pName->z, pName->n);
+    sqlite3Dequote(zName);
+  }else{
+    zName = 0;
+  }
+  return zName;
+}
+
+/*
+** Open the sqlite_master table stored in database number iDb for
+** writing. The table is opened using cursor 0.
+*/
+SQLITE_PRIVATE void sqlite3OpenMasterTable(Parse *p, int iDb){
+  Vdbe *v = sqlite3GetVdbe(p);
+  sqlite3TableLock(p, iDb, MASTER_ROOT, 1, SCHEMA_TABLE(iDb));
+  sqlite3VdbeAddOp4Int(v, OP_OpenWrite, 0, MASTER_ROOT, iDb, 5);
+  if( p->nTab==0 ){
+    p->nTab = 1;
+  }
+}
+
+/*
+** Parameter zName points to a nul-terminated buffer containing the name
+** of a database ("main", "temp" or the name of an attached db). This
+** function returns the index of the named database in db->aDb[], or
+** -1 if the named db cannot be found.
+*/
+SQLITE_PRIVATE int sqlite3FindDbName(sqlite3 *db, const char *zName){
+  int i = -1;         /* Database number */
+  if( zName ){
+    Db *pDb;
+    int n = sqlite3Strlen30(zName);
+    for(i=(db->nDb-1), pDb=&db->aDb[i]; i>=0; i--, pDb--){
+      if( (!OMIT_TEMPDB || i!=1 ) && n==sqlite3Strlen30(pDb->zName) && 
+          0==sqlite3StrICmp(pDb->zName, zName) ){
+        break;
+      }
+    }
+  }
+  return i;
+}
+
+/*
+** The token *pName contains the name of a database (either "main" or
+** "temp" or the name of an attached db). This routine returns the
+** index of the named database in db->aDb[], or -1 if the named db 
+** does not exist.
+*/
+SQLITE_PRIVATE int sqlite3FindDb(sqlite3 *db, Token *pName){
+  int i;                               /* Database number */
+  char *zName;                         /* Name we are searching for */
+  zName = sqlite3NameFromToken(db, pName);
+  i = sqlite3FindDbName(db, zName);
+  sqlite3DbFree(db, zName);
+  return i;
+}
+
+/* The table or view or trigger name is passed to this routine via tokens
+** pName1 and pName2. If the table name was fully qualified, for example:
+**
+** CREATE TABLE xxx.yyy (...);
+** 
+** Then pName1 is set to "xxx" and pName2 "yyy". On the other hand if
+** the table name is not fully qualified, i.e.:
+**
+** CREATE TABLE yyy(...);
+**
+** Then pName1 is set to "yyy" and pName2 is "".
+**
+** This routine sets the *ppUnqual pointer to point at the token (pName1 or
+** pName2) that stores the unqualified table name.  The index of the
+** database "xxx" is returned.
+*/
+SQLITE_PRIVATE int sqlite3TwoPartName(
+  Parse *pParse,      /* Parsing and code generating context */
+  Token *pName1,      /* The "xxx" in the name "xxx.yyy" or "xxx" */
+  Token *pName2,      /* The "yyy" in the name "xxx.yyy" */
+  Token **pUnqual     /* Write the unqualified object name here */
+){
+  int iDb;                    /* Database holding the object */
+  sqlite3 *db = pParse->db;
+
+  if( ALWAYS(pName2!=0) && pName2->n>0 ){
+    if( db->init.busy ) {
+      sqlite3ErrorMsg(pParse, "corrupt database");
+      return -1;
+    }
+    *pUnqual = pName2;
+    iDb = sqlite3FindDb(db, pName1);
+    if( iDb<0 ){
+      sqlite3ErrorMsg(pParse, "unknown database %T", pName1);
+      return -1;
+    }
+  }else{
+    assert( db->init.iDb==0 || db->init.busy );
+    iDb = db->init.iDb;
+    *pUnqual = pName1;
+  }
+  return iDb;
+}
+
+/*
+** This routine is used to check if the UTF-8 string zName is a legal
+** unqualified name for a new schema object (table, index, view or
+** trigger). All names are legal except those that begin with the string
+** "sqlite_" (in upper, lower or mixed case). This portion of the namespace
+** is reserved for internal use.
+*/
+SQLITE_PRIVATE int sqlite3CheckObjectName(Parse *pParse, const char *zName){
+  if( !pParse->db->init.busy && pParse->nested==0 
+          && (pParse->db->flags & SQLITE_WriteSchema)==0
+          && 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
+    sqlite3ErrorMsg(pParse, "object name reserved for internal use: %s", zName);
+    return SQLITE_ERROR;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Return the PRIMARY KEY index of a table
+*/
+SQLITE_PRIVATE Index *sqlite3PrimaryKeyIndex(Table *pTab){
+  Index *p;
+  for(p=pTab->pIndex; p && !IsPrimaryKeyIndex(p); p=p->pNext){}
+  return p;
+}
+
+/*
+** Return the column of index pIdx that corresponds to table
+** column iCol.  Return -1 if not found.
+*/
+SQLITE_PRIVATE i16 sqlite3ColumnOfIndex(Index *pIdx, i16 iCol){
+  int i;
+  for(i=0; i<pIdx->nColumn; i++){
+    if( iCol==pIdx->aiColumn[i] ) return i;
+  }
+  return -1;
+}
+
+/*
+** Begin constructing a new table representation in memory.  This is
+** the first of several action routines that get called in response
+** to a CREATE TABLE statement.  In particular, this routine is called
+** after seeing tokens "CREATE" and "TABLE" and the table name. The isTemp
+** flag is true if the table should be stored in the auxiliary database
+** file instead of in the main database file.  This is normally the case
+** when the "TEMP" or "TEMPORARY" keyword occurs in between
+** CREATE and TABLE.
+**
+** The new table record is initialized and put in pParse->pNewTable.
+** As more of the CREATE TABLE statement is parsed, additional action
+** routines will be called to add more information to this record.
+** At the end of the CREATE TABLE statement, the sqlite3EndTable() routine
+** is called to complete the construction of the new table record.
+*/
+SQLITE_PRIVATE void sqlite3StartTable(
+  Parse *pParse,   /* Parser context */
+  Token *pName1,   /* First part of the name of the table or view */
+  Token *pName2,   /* Second part of the name of the table or view */
+  int isTemp,      /* True if this is a TEMP table */
+  int isView,      /* True if this is a VIEW */
+  int isVirtual,   /* True if this is a VIRTUAL table */
+  int noErr        /* Do nothing if table already exists */
+){
+  Table *pTable;
+  char *zName = 0; /* The name of the new table */
+  sqlite3 *db = pParse->db;
+  Vdbe *v;
+  int iDb;         /* Database number to create the table in */
+  Token *pName;    /* Unqualified name of the table to create */
+
+  /* The table or view name to create is passed to this routine via tokens
+  ** pName1 and pName2. If the table name was fully qualified, for example:
+  **
+  ** CREATE TABLE xxx.yyy (...);
+  ** 
+  ** Then pName1 is set to "xxx" and pName2 "yyy". On the other hand if
+  ** the table name is not fully qualified, i.e.:
+  **
+  ** CREATE TABLE yyy(...);
+  **
+  ** Then pName1 is set to "yyy" and pName2 is "".
+  **
+  ** The call below sets the pName pointer to point at the token (pName1 or
+  ** pName2) that stores the unqualified table name. The variable iDb is
+  ** set to the index of the database that the table or view is to be
+  ** created in.
+  */
+  iDb = sqlite3TwoPartName(pParse, pName1, pName2, &pName);
+  if( iDb<0 ) return;
+  if( !OMIT_TEMPDB && isTemp && pName2->n>0 && iDb!=1 ){
+    /* If creating a temp table, the name may not be qualified. Unless 
+    ** the database name is "temp" anyway.  */
+    sqlite3ErrorMsg(pParse, "temporary table name must be unqualified");
+    return;
+  }
+  if( !OMIT_TEMPDB && isTemp ) iDb = 1;
+
+  pParse->sNameToken = *pName;
+  zName = sqlite3NameFromToken(db, pName);
+  if( zName==0 ) return;
+  if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){
+    goto begin_table_error;
+  }
+  if( db->init.iDb==1 ) isTemp = 1;
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  assert( (isTemp & 1)==isTemp );
+  {
+    int code;
+    char *zDb = db->aDb[iDb].zName;
+    if( sqlite3AuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(isTemp), 0, zDb) ){
+      goto begin_table_error;
+    }
+    if( isView ){
+      if( !OMIT_TEMPDB && isTemp ){
+        code = SQLITE_CREATE_TEMP_VIEW;
+      }else{
+        code = SQLITE_CREATE_VIEW;
+      }
+    }else{
+      if( !OMIT_TEMPDB && isTemp ){
+        code = SQLITE_CREATE_TEMP_TABLE;
+      }else{
+        code = SQLITE_CREATE_TABLE;
+      }
+    }
+    if( !isVirtual && sqlite3AuthCheck(pParse, code, zName, 0, zDb) ){
+      goto begin_table_error;
+    }
+  }
+#endif
+
+  /* Make sure the new table name does not collide with an existing
+  ** index or table name in the same database.  Issue an error message if
+  ** it does. The exception is if the statement being parsed was passed
+  ** to an sqlite3_declare_vtab() call. In that case only the column names
+  ** and types will be used, so there is no need to test for namespace
+  ** collisions.
+  */
+  if( !IN_DECLARE_VTAB ){
+    char *zDb = db->aDb[iDb].zName;
+    if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
+      goto begin_table_error;
+    }
+    pTable = sqlite3FindTable(db, zName, zDb);
+    if( pTable ){
+      if( !noErr ){
+        sqlite3ErrorMsg(pParse, "table %T already exists", pName);
+      }else{
+        assert( !db->init.busy || CORRUPT_DB );
+        sqlite3CodeVerifySchema(pParse, iDb);
+      }
+      goto begin_table_error;
+    }
+    if( sqlite3FindIndex(db, zName, zDb)!=0 ){
+      sqlite3ErrorMsg(pParse, "there is already an index named %s", zName);
+      goto begin_table_error;
+    }
+  }
+
+  pTable = sqlite3DbMallocZero(db, sizeof(Table));
+  if( pTable==0 ){
+    db->mallocFailed = 1;
+    pParse->rc = SQLITE_NOMEM;
+    pParse->nErr++;
+    goto begin_table_error;
+  }
+  pTable->zName = zName;
+  pTable->iPKey = -1;
+  pTable->pSchema = db->aDb[iDb].pSchema;
+  pTable->nRef = 1;
+  pTable->nRowLogEst = 200; assert( 200==sqlite3LogEst(1048576) );
+  assert( pParse->pNewTable==0 );
+  pParse->pNewTable = pTable;
+
+  /* If this is the magic sqlite_sequence table used by autoincrement,
+  ** then record a pointer to this table in the main database structure
+  ** so that INSERT can find the table easily.
+  */
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+  if( !pParse->nested && strcmp(zName, "sqlite_sequence")==0 ){
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    pTable->pSchema->pSeqTab = pTable;
+  }
+#endif
+
+  /* Begin generating the code that will insert the table record into
+  ** the SQLITE_MASTER table.  Note in particular that we must go ahead
+  ** and allocate the record number for the table entry now.  Before any
+  ** PRIMARY KEY or UNIQUE keywords are parsed.  Those keywords will cause
+  ** indices to be created and the table record must come before the 
+  ** indices.  Hence, the record number for the table must be allocated
+  ** now.
+  */
+  if( !db->init.busy && (v = sqlite3GetVdbe(pParse))!=0 ){
+    int addr1;
+    int fileFormat;
+    int reg1, reg2, reg3;
+    /* nullRow[] is an OP_Record encoding of a row containing 5 NULLs */
+    static const char nullRow[] = { 6, 0, 0, 0, 0, 0 };
+    sqlite3BeginWriteOperation(pParse, 1, iDb);
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    if( isVirtual ){
+      sqlite3VdbeAddOp0(v, OP_VBegin);
+    }
+#endif
+
+    /* If the file format and encoding in the database have not been set, 
+    ** set them now.
+    */
+    reg1 = pParse->regRowid = ++pParse->nMem;
+    reg2 = pParse->regRoot = ++pParse->nMem;
+    reg3 = ++pParse->nMem;
+    sqlite3VdbeAddOp3(v, OP_ReadCookie, iDb, reg3, BTREE_FILE_FORMAT);
+    sqlite3VdbeUsesBtree(v, iDb);
+    addr1 = sqlite3VdbeAddOp1(v, OP_If, reg3); VdbeCoverage(v);
+    fileFormat = (db->flags & SQLITE_LegacyFileFmt)!=0 ?
+                  1 : SQLITE_MAX_FILE_FORMAT;
+    sqlite3VdbeAddOp2(v, OP_Integer, fileFormat, reg3);
+    sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, BTREE_FILE_FORMAT, reg3);
+    sqlite3VdbeAddOp2(v, OP_Integer, ENC(db), reg3);
+    sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, BTREE_TEXT_ENCODING, reg3);
+    sqlite3VdbeJumpHere(v, addr1);
+
+    /* This just creates a place-holder record in the sqlite_master table.
+    ** The record created does not contain anything yet.  It will be replaced
+    ** by the real entry in code generated at sqlite3EndTable().
+    **
+    ** The rowid for the new entry is left in register pParse->regRowid.
+    ** The root page number of the new table is left in reg pParse->regRoot.
+    ** The rowid and root page number values are needed by the code that
+    ** sqlite3EndTable will generate.
+    */
+#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_VIRTUALTABLE)
+    if( isView || isVirtual ){
+      sqlite3VdbeAddOp2(v, OP_Integer, 0, reg2);
+    }else
+#endif
+    {
+      pParse->addrCrTab = sqlite3VdbeAddOp2(v, OP_CreateTable, iDb, reg2);
+    }
+    sqlite3OpenMasterTable(pParse, iDb);
+    sqlite3VdbeAddOp2(v, OP_NewRowid, 0, reg1);
+    sqlite3VdbeAddOp4(v, OP_Blob, 6, reg3, 0, nullRow, P4_STATIC);
+    sqlite3VdbeAddOp3(v, OP_Insert, 0, reg3, reg1);
+    sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
+    sqlite3VdbeAddOp0(v, OP_Close);
+  }
+
+  /* Normal (non-error) return. */
+  return;
+
+  /* If an error occurs, we jump here */
+begin_table_error:
+  sqlite3DbFree(db, zName);
+  return;
+}
+
+/* Set properties of a table column based on the (magical)
+** name of the column.
+*/
+#if SQLITE_ENABLE_HIDDEN_COLUMNS
+SQLITE_PRIVATE void sqlite3ColumnPropertiesFromName(Table *pTab, Column *pCol){
+  if( sqlite3_strnicmp(pCol->zName, "__hidden__", 10)==0 ){
+    pCol->colFlags |= COLFLAG_HIDDEN;
+  }else if( pTab && pCol!=pTab->aCol && (pCol[-1].colFlags & COLFLAG_HIDDEN) ){
+    pTab->tabFlags |= TF_OOOHidden;
+  }
+}
+#endif
+
+
+/*
+** Add a new column to the table currently being constructed.
+**
+** The parser calls this routine once for each column declaration
+** in a CREATE TABLE statement.  sqlite3StartTable() gets called
+** first to get things going.  Then this routine is called for each
+** column.
+*/
+SQLITE_PRIVATE void sqlite3AddColumn(Parse *pParse, Token *pName){
+  Table *p;
+  int i;
+  char *z;
+  Column *pCol;
+  sqlite3 *db = pParse->db;
+  if( (p = pParse->pNewTable)==0 ) return;
+#if SQLITE_MAX_COLUMN
+  if( p->nCol+1>db->aLimit[SQLITE_LIMIT_COLUMN] ){
+    sqlite3ErrorMsg(pParse, "too many columns on %s", p->zName);
+    return;
+  }
+#endif
+  z = sqlite3NameFromToken(db, pName);
+  if( z==0 ) return;
+  for(i=0; i<p->nCol; i++){
+    if( sqlite3_stricmp(z, p->aCol[i].zName)==0 ){
+      sqlite3ErrorMsg(pParse, "duplicate column name: %s", z);
+      sqlite3DbFree(db, z);
+      return;
+    }
+  }
+  if( (p->nCol & 0x7)==0 ){
+    Column *aNew;
+    aNew = sqlite3DbRealloc(db,p->aCol,(p->nCol+8)*sizeof(p->aCol[0]));
+    if( aNew==0 ){
+      sqlite3DbFree(db, z);
+      return;
+    }
+    p->aCol = aNew;
+  }
+  pCol = &p->aCol[p->nCol];
+  memset(pCol, 0, sizeof(p->aCol[0]));
+  pCol->zName = z;
+  sqlite3ColumnPropertiesFromName(p, pCol);
+ 
+  /* If there is no type specified, columns have the default affinity
+  ** 'BLOB'. If there is a type specified, then sqlite3AddColumnType() will
+  ** be called next to set pCol->affinity correctly.
+  */
+  pCol->affinity = SQLITE_AFF_BLOB;
+  pCol->szEst = 1;
+  p->nCol++;
+}
+
+/*
+** This routine is called by the parser while in the middle of
+** parsing a CREATE TABLE statement.  A "NOT NULL" constraint has
+** been seen on a column.  This routine sets the notNull flag on
+** the column currently under construction.
+*/
+SQLITE_PRIVATE void sqlite3AddNotNull(Parse *pParse, int onError){
+  Table *p;
+  p = pParse->pNewTable;
+  if( p==0 || NEVER(p->nCol<1) ) return;
+  p->aCol[p->nCol-1].notNull = (u8)onError;
+}
+
+/*
+** Scan the column type name zType (length nType) and return the
+** associated affinity type.
+**
+** This routine does a case-independent search of zType for the 
+** substrings in the following table. If one of the substrings is
+** found, the corresponding affinity is returned. If zType contains
+** more than one of the substrings, entries toward the top of 
+** the table take priority. For example, if zType is 'BLOBINT', 
+** SQLITE_AFF_INTEGER is returned.
+**
+** Substring     | Affinity
+** --------------------------------
+** 'INT'         | SQLITE_AFF_INTEGER
+** 'CHAR'        | SQLITE_AFF_TEXT
+** 'CLOB'        | SQLITE_AFF_TEXT
+** 'TEXT'        | SQLITE_AFF_TEXT
+** 'BLOB'        | SQLITE_AFF_BLOB
+** 'REAL'        | SQLITE_AFF_REAL
+** 'FLOA'        | SQLITE_AFF_REAL
+** 'DOUB'        | SQLITE_AFF_REAL
+**
+** If none of the substrings in the above table are found,
+** SQLITE_AFF_NUMERIC is returned.
+*/
+SQLITE_PRIVATE char sqlite3AffinityType(const char *zIn, u8 *pszEst){
+  u32 h = 0;
+  char aff = SQLITE_AFF_NUMERIC;
+  const char *zChar = 0;
+
+  if( zIn==0 ) return aff;
+  while( zIn[0] ){
+    h = (h<<8) + sqlite3UpperToLower[(*zIn)&0xff];
+    zIn++;
+    if( h==(('c'<<24)+('h'<<16)+('a'<<8)+'r') ){             /* CHAR */
+      aff = SQLITE_AFF_TEXT;
+      zChar = zIn;
+    }else if( h==(('c'<<24)+('l'<<16)+('o'<<8)+'b') ){       /* CLOB */
+      aff = SQLITE_AFF_TEXT;
+    }else if( h==(('t'<<24)+('e'<<16)+('x'<<8)+'t') ){       /* TEXT */
+      aff = SQLITE_AFF_TEXT;
+    }else if( h==(('b'<<24)+('l'<<16)+('o'<<8)+'b')          /* BLOB */
+        && (aff==SQLITE_AFF_NUMERIC || aff==SQLITE_AFF_REAL) ){
+      aff = SQLITE_AFF_BLOB;
+      if( zIn[0]=='(' ) zChar = zIn;
+#ifndef SQLITE_OMIT_FLOATING_POINT
+    }else if( h==(('r'<<24)+('e'<<16)+('a'<<8)+'l')          /* REAL */
+        && aff==SQLITE_AFF_NUMERIC ){
+      aff = SQLITE_AFF_REAL;
+    }else if( h==(('f'<<24)+('l'<<16)+('o'<<8)+'a')          /* FLOA */
+        && aff==SQLITE_AFF_NUMERIC ){
+      aff = SQLITE_AFF_REAL;
+    }else if( h==(('d'<<24)+('o'<<16)+('u'<<8)+'b')          /* DOUB */
+        && aff==SQLITE_AFF_NUMERIC ){
+      aff = SQLITE_AFF_REAL;
+#endif
+    }else if( (h&0x00FFFFFF)==(('i'<<16)+('n'<<8)+'t') ){    /* INT */
+      aff = SQLITE_AFF_INTEGER;
+      break;
+    }
+  }
+
+  /* If pszEst is not NULL, store an estimate of the field size.  The
+  ** estimate is scaled so that the size of an integer is 1.  */
+  if( pszEst ){
+    *pszEst = 1;   /* default size is approx 4 bytes */
+    if( aff<SQLITE_AFF_NUMERIC ){
+      if( zChar ){
+        while( zChar[0] ){
+          if( sqlite3Isdigit(zChar[0]) ){
+            int v = 0;
+            sqlite3GetInt32(zChar, &v);
+            v = v/4 + 1;
+            if( v>255 ) v = 255;
+            *pszEst = v; /* BLOB(k), VARCHAR(k), CHAR(k) -> r=(k/4+1) */
+            break;
+          }
+          zChar++;
+        }
+      }else{
+        *pszEst = 5;   /* BLOB, TEXT, CLOB -> r=5  (approx 20 bytes)*/
+      }
+    }
+  }
+  return aff;
+}
+
+/*
+** This routine is called by the parser while in the middle of
+** parsing a CREATE TABLE statement.  The pFirst token is the first
+** token in the sequence of tokens that describe the type of the
+** column currently under construction.   pLast is the last token
+** in the sequence.  Use this information to construct a string
+** that contains the typename of the column and store that string
+** in zType.
+*/ 
+SQLITE_PRIVATE void sqlite3AddColumnType(Parse *pParse, Token *pType){
+  Table *p;
+  Column *pCol;
+
+  p = pParse->pNewTable;
+  if( p==0 || NEVER(p->nCol<1) ) return;
+  pCol = &p->aCol[p->nCol-1];
+  assert( pCol->zType==0 || CORRUPT_DB );
+  sqlite3DbFree(pParse->db, pCol->zType);
+  pCol->zType = sqlite3NameFromToken(pParse->db, pType);
+  pCol->affinity = sqlite3AffinityType(pCol->zType, &pCol->szEst);
+}
+
+/*
+** The expression is the default value for the most recently added column
+** of the table currently under construction.
+**
+** Default value expressions must be constant.  Raise an exception if this
+** is not the case.
+**
+** This routine is called by the parser while in the middle of
+** parsing a CREATE TABLE statement.
+*/
+SQLITE_PRIVATE void sqlite3AddDefaultValue(Parse *pParse, ExprSpan *pSpan){
+  Table *p;
+  Column *pCol;
+  sqlite3 *db = pParse->db;
+  p = pParse->pNewTable;
+  if( p!=0 ){
+    pCol = &(p->aCol[p->nCol-1]);
+    if( !sqlite3ExprIsConstantOrFunction(pSpan->pExpr, db->init.busy) ){
+      sqlite3ErrorMsg(pParse, "default value of column [%s] is not constant",
+          pCol->zName);
+    }else{
+      /* A copy of pExpr is used instead of the original, as pExpr contains
+      ** tokens that point to volatile memory. The 'span' of the expression
+      ** is required by pragma table_info.
+      */
+      sqlite3ExprDelete(db, pCol->pDflt);
+      pCol->pDflt = sqlite3ExprDup(db, pSpan->pExpr, EXPRDUP_REDUCE);
+      sqlite3DbFree(db, pCol->zDflt);
+      pCol->zDflt = sqlite3DbStrNDup(db, (char*)pSpan->zStart,
+                                     (int)(pSpan->zEnd - pSpan->zStart));
+    }
+  }
+  sqlite3ExprDelete(db, pSpan->pExpr);
+}
+
+/*
+** Backwards Compatibility Hack:
+** 
+** Historical versions of SQLite accepted strings as column names in
+** indexes and PRIMARY KEY constraints and in UNIQUE constraints.  Example:
+**
+**     CREATE TABLE xyz(a,b,c,d,e,PRIMARY KEY('a'),UNIQUE('b','c' COLLATE trim)
+**     CREATE INDEX abc ON xyz('c','d' DESC,'e' COLLATE nocase DESC);
+**
+** This is goofy.  But to preserve backwards compatibility we continue to
+** accept it.  This routine does the necessary conversion.  It converts
+** the expression given in its argument from a TK_STRING into a TK_ID
+** if the expression is just a TK_STRING with an optional COLLATE clause.
+** If the epxression is anything other than TK_STRING, the expression is
+** unchanged.
+*/
+static void sqlite3StringToId(Expr *p){
+  if( p->op==TK_STRING ){
+    p->op = TK_ID;
+  }else if( p->op==TK_COLLATE && p->pLeft->op==TK_STRING ){
+    p->pLeft->op = TK_ID;
+  }
+}
+
+/*
+** Designate the PRIMARY KEY for the table.  pList is a list of names 
+** of columns that form the primary key.  If pList is NULL, then the
+** most recently added column of the table is the primary key.
+**
+** A table can have at most one primary key.  If the table already has
+** a primary key (and this is the second primary key) then create an
+** error.
+**
+** If the PRIMARY KEY is on a single column whose datatype is INTEGER,
+** then we will try to use that column as the rowid.  Set the Table.iPKey
+** field of the table under construction to be the index of the
+** INTEGER PRIMARY KEY column.  Table.iPKey is set to -1 if there is
+** no INTEGER PRIMARY KEY.
+**
+** If the key is not an INTEGER PRIMARY KEY, then create a unique
+** index for the key.  No index is created for INTEGER PRIMARY KEYs.
+*/
+SQLITE_PRIVATE void sqlite3AddPrimaryKey(
+  Parse *pParse,    /* Parsing context */
+  ExprList *pList,  /* List of field names to be indexed */
+  int onError,      /* What to do with a uniqueness conflict */
+  int autoInc,      /* True if the AUTOINCREMENT keyword is present */
+  int sortOrder     /* SQLITE_SO_ASC or SQLITE_SO_DESC */
+){
+  Table *pTab = pParse->pNewTable;
+  char *zType = 0;
+  int iCol = -1, i;
+  int nTerm;
+  if( pTab==0 || IN_DECLARE_VTAB ) goto primary_key_exit;
+  if( pTab->tabFlags & TF_HasPrimaryKey ){
+    sqlite3ErrorMsg(pParse, 
+      "table \"%s\" has more than one primary key", pTab->zName);
+    goto primary_key_exit;
+  }
+  pTab->tabFlags |= TF_HasPrimaryKey;
+  if( pList==0 ){
+    iCol = pTab->nCol - 1;
+    pTab->aCol[iCol].colFlags |= COLFLAG_PRIMKEY;
+    zType = pTab->aCol[iCol].zType;
+    nTerm = 1;
+  }else{
+    nTerm = pList->nExpr;
+    for(i=0; i<nTerm; i++){
+      Expr *pCExpr = sqlite3ExprSkipCollate(pList->a[i].pExpr);
+      assert( pCExpr!=0 );
+      sqlite3StringToId(pCExpr);
+      if( pCExpr->op==TK_ID ){
+        const char *zCName = pCExpr->u.zToken;
+        for(iCol=0; iCol<pTab->nCol; iCol++){
+          if( sqlite3StrICmp(zCName, pTab->aCol[iCol].zName)==0 ){
+            pTab->aCol[iCol].colFlags |= COLFLAG_PRIMKEY;
+            zType = pTab->aCol[iCol].zType;
+            break;
+          }
+        }
+      }
+    }
+  }
+  if( nTerm==1
+   && zType && sqlite3StrICmp(zType, "INTEGER")==0
+   && sortOrder!=SQLITE_SO_DESC
+  ){
+    pTab->iPKey = iCol;
+    pTab->keyConf = (u8)onError;
+    assert( autoInc==0 || autoInc==1 );
+    pTab->tabFlags |= autoInc*TF_Autoincrement;
+    if( pList ) pParse->iPkSortOrder = pList->a[0].sortOrder;
+  }else if( autoInc ){
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+    sqlite3ErrorMsg(pParse, "AUTOINCREMENT is only allowed on an "
+       "INTEGER PRIMARY KEY");
+#endif
+  }else{
+    Index *p;
+    p = sqlite3CreateIndex(pParse, 0, 0, 0, pList, onError, 0,
+                           0, sortOrder, 0);
+    if( p ){
+      p->idxType = SQLITE_IDXTYPE_PRIMARYKEY;
+    }
+    pList = 0;
+  }
+
+primary_key_exit:
+  sqlite3ExprListDelete(pParse->db, pList);
+  return;
+}
+
+/*
+** Add a new CHECK constraint to the table currently under construction.
+*/
+SQLITE_PRIVATE void sqlite3AddCheckConstraint(
+  Parse *pParse,    /* Parsing context */
+  Expr *pCheckExpr  /* The check expression */
+){
+#ifndef SQLITE_OMIT_CHECK
+  Table *pTab = pParse->pNewTable;
+  sqlite3 *db = pParse->db;
+  if( pTab && !IN_DECLARE_VTAB
+   && !sqlite3BtreeIsReadonly(db->aDb[db->init.iDb].pBt)
+  ){
+    pTab->pCheck = sqlite3ExprListAppend(pParse, pTab->pCheck, pCheckExpr);
+    if( pParse->constraintName.n ){
+      sqlite3ExprListSetName(pParse, pTab->pCheck, &pParse->constraintName, 1);
+    }
+  }else
+#endif
+  {
+    sqlite3ExprDelete(pParse->db, pCheckExpr);
+  }
+}
+
+/*
+** Set the collation function of the most recently parsed table column
+** to the CollSeq given.
+*/
+SQLITE_PRIVATE void sqlite3AddCollateType(Parse *pParse, Token *pToken){
+  Table *p;
+  int i;
+  char *zColl;              /* Dequoted name of collation sequence */
+  sqlite3 *db;
+
+  if( (p = pParse->pNewTable)==0 ) return;
+  i = p->nCol-1;
+  db = pParse->db;
+  zColl = sqlite3NameFromToken(db, pToken);
+  if( !zColl ) return;
+
+  if( sqlite3LocateCollSeq(pParse, zColl) ){
+    Index *pIdx;
+    sqlite3DbFree(db, p->aCol[i].zColl);
+    p->aCol[i].zColl = zColl;
+  
+    /* If the column is declared as "<name> PRIMARY KEY COLLATE <type>",
+    ** then an index may have been created on this column before the
+    ** collation type was added. Correct this if it is the case.
+    */
+    for(pIdx=p->pIndex; pIdx; pIdx=pIdx->pNext){
+      assert( pIdx->nKeyCol==1 );
+      if( pIdx->aiColumn[0]==i ){
+        pIdx->azColl[0] = p->aCol[i].zColl;
+      }
+    }
+  }else{
+    sqlite3DbFree(db, zColl);
+  }
+}
+
+/*
+** This function returns the collation sequence for database native text
+** encoding identified by the string zName, length nName.
+**
+** If the requested collation sequence is not available, or not available
+** in the database native encoding, the collation factory is invoked to
+** request it. If the collation factory does not supply such a sequence,
+** and the sequence is available in another text encoding, then that is
+** returned instead.
+**
+** If no versions of the requested collations sequence are available, or
+** another error occurs, NULL is returned and an error message written into
+** pParse.
+**
+** This routine is a wrapper around sqlite3FindCollSeq().  This routine
+** invokes the collation factory if the named collation cannot be found
+** and generates an error message.
+**
+** See also: sqlite3FindCollSeq(), sqlite3GetCollSeq()
+*/
+SQLITE_PRIVATE CollSeq *sqlite3LocateCollSeq(Parse *pParse, const char *zName){
+  sqlite3 *db = pParse->db;
+  u8 enc = ENC(db);
+  u8 initbusy = db->init.busy;
+  CollSeq *pColl;
+
+  pColl = sqlite3FindCollSeq(db, enc, zName, initbusy);
+  if( !initbusy && (!pColl || !pColl->xCmp) ){
+    pColl = sqlite3GetCollSeq(pParse, enc, pColl, zName);
+  }
+
+  return pColl;
+}
+
+
+/*
+** Generate code that will increment the schema cookie.
+**
+** The schema cookie is used to determine when the schema for the
+** database changes.  After each schema change, the cookie value
+** changes.  When a process first reads the schema it records the
+** cookie.  Thereafter, whenever it goes to access the database,
+** it checks the cookie to make sure the schema has not changed
+** since it was last read.
+**
+** This plan is not completely bullet-proof.  It is possible for
+** the schema to change multiple times and for the cookie to be
+** set back to prior value.  But schema changes are infrequent
+** and the probability of hitting the same cookie value is only
+** 1 chance in 2^32.  So we're safe enough.
+*/
+SQLITE_PRIVATE void sqlite3ChangeCookie(Parse *pParse, int iDb){
+  int r1 = sqlite3GetTempReg(pParse);
+  sqlite3 *db = pParse->db;
+  Vdbe *v = pParse->pVdbe;
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  sqlite3VdbeAddOp2(v, OP_Integer, db->aDb[iDb].pSchema->schema_cookie+1, r1);
+  sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, BTREE_SCHEMA_VERSION, r1);
+  sqlite3ReleaseTempReg(pParse, r1);
+}
+
+/*
+** Measure the number of characters needed to output the given
+** identifier.  The number returned includes any quotes used
+** but does not include the null terminator.
+**
+** The estimate is conservative.  It might be larger that what is
+** really needed.
+*/
+static int identLength(const char *z){
+  int n;
+  for(n=0; *z; n++, z++){
+    if( *z=='"' ){ n++; }
+  }
+  return n + 2;
+}
+
+/*
+** The first parameter is a pointer to an output buffer. The second 
+** parameter is a pointer to an integer that contains the offset at
+** which to write into the output buffer. This function copies the
+** nul-terminated string pointed to by the third parameter, zSignedIdent,
+** to the specified offset in the buffer and updates *pIdx to refer
+** to the first byte after the last byte written before returning.
+** 
+** If the string zSignedIdent consists entirely of alpha-numeric
+** characters, does not begin with a digit and is not an SQL keyword,
+** then it is copied to the output buffer exactly as it is. Otherwise,
+** it is quoted using double-quotes.
+*/
+static void identPut(char *z, int *pIdx, char *zSignedIdent){
+  unsigned char *zIdent = (unsigned char*)zSignedIdent;
+  int i, j, needQuote;
+  i = *pIdx;
+
+  for(j=0; zIdent[j]; j++){
+    if( !sqlite3Isalnum(zIdent[j]) && zIdent[j]!='_' ) break;
+  }
+  needQuote = sqlite3Isdigit(zIdent[0])
+            || sqlite3KeywordCode(zIdent, j)!=TK_ID
+            || zIdent[j]!=0
+            || j==0;
+
+  if( needQuote ) z[i++] = '"';
+  for(j=0; zIdent[j]; j++){
+    z[i++] = zIdent[j];
+    if( zIdent[j]=='"' ) z[i++] = '"';
+  }
+  if( needQuote ) z[i++] = '"';
+  z[i] = 0;
+  *pIdx = i;
+}
+
+/*
+** Generate a CREATE TABLE statement appropriate for the given
+** table.  Memory to hold the text of the statement is obtained
+** from sqliteMalloc() and must be freed by the calling function.
+*/
+static char *createTableStmt(sqlite3 *db, Table *p){
+  int i, k, n;
+  char *zStmt;
+  char *zSep, *zSep2, *zEnd;
+  Column *pCol;
+  n = 0;
+  for(pCol = p->aCol, i=0; i<p->nCol; i++, pCol++){
+    n += identLength(pCol->zName) + 5;
+  }
+  n += identLength(p->zName);
+  if( n<50 ){ 
+    zSep = "";
+    zSep2 = ",";
+    zEnd = ")";
+  }else{
+    zSep = "\n  ";
+    zSep2 = ",\n  ";
+    zEnd = "\n)";
+  }
+  n += 35 + 6*p->nCol;
+  zStmt = sqlite3DbMallocRaw(0, n);
+  if( zStmt==0 ){
+    db->mallocFailed = 1;
+    return 0;
+  }
+  sqlite3_snprintf(n, zStmt, "CREATE TABLE ");
+  k = sqlite3Strlen30(zStmt);
+  identPut(zStmt, &k, p->zName);
+  zStmt[k++] = '(';
+  for(pCol=p->aCol, i=0; i<p->nCol; i++, pCol++){
+    static const char * const azType[] = {
+        /* SQLITE_AFF_BLOB    */ "",
+        /* SQLITE_AFF_TEXT    */ " TEXT",
+        /* SQLITE_AFF_NUMERIC */ " NUM",
+        /* SQLITE_AFF_INTEGER */ " INT",
+        /* SQLITE_AFF_REAL    */ " REAL"
+    };
+    int len;
+    const char *zType;
+
+    sqlite3_snprintf(n-k, &zStmt[k], zSep);
+    k += sqlite3Strlen30(&zStmt[k]);
+    zSep = zSep2;
+    identPut(zStmt, &k, pCol->zName);
+    assert( pCol->affinity-SQLITE_AFF_BLOB >= 0 );
+    assert( pCol->affinity-SQLITE_AFF_BLOB < ArraySize(azType) );
+    testcase( pCol->affinity==SQLITE_AFF_BLOB );
+    testcase( pCol->affinity==SQLITE_AFF_TEXT );
+    testcase( pCol->affinity==SQLITE_AFF_NUMERIC );
+    testcase( pCol->affinity==SQLITE_AFF_INTEGER );
+    testcase( pCol->affinity==SQLITE_AFF_REAL );
+    
+    zType = azType[pCol->affinity - SQLITE_AFF_BLOB];
+    len = sqlite3Strlen30(zType);
+    assert( pCol->affinity==SQLITE_AFF_BLOB 
+            || pCol->affinity==sqlite3AffinityType(zType, 0) );
+    memcpy(&zStmt[k], zType, len);
+    k += len;
+    assert( k<=n );
+  }
+  sqlite3_snprintf(n-k, &zStmt[k], "%s", zEnd);
+  return zStmt;
+}
+
+/*
+** Resize an Index object to hold N columns total.  Return SQLITE_OK
+** on success and SQLITE_NOMEM on an OOM error.
+*/
+static int resizeIndexObject(sqlite3 *db, Index *pIdx, int N){
+  char *zExtra;
+  int nByte;
+  if( pIdx->nColumn>=N ) return SQLITE_OK;
+  assert( pIdx->isResized==0 );
+  nByte = (sizeof(char*) + sizeof(i16) + 1)*N;
+  zExtra = sqlite3DbMallocZero(db, nByte);
+  if( zExtra==0 ) return SQLITE_NOMEM;
+  memcpy(zExtra, pIdx->azColl, sizeof(char*)*pIdx->nColumn);
+  pIdx->azColl = (const char**)zExtra;
+  zExtra += sizeof(char*)*N;
+  memcpy(zExtra, pIdx->aiColumn, sizeof(i16)*pIdx->nColumn);
+  pIdx->aiColumn = (i16*)zExtra;
+  zExtra += sizeof(i16)*N;
+  memcpy(zExtra, pIdx->aSortOrder, pIdx->nColumn);
+  pIdx->aSortOrder = (u8*)zExtra;
+  pIdx->nColumn = N;
+  pIdx->isResized = 1;
+  return SQLITE_OK;
+}
+
+/*
+** Estimate the total row width for a table.
+*/
+static void estimateTableWidth(Table *pTab){
+  unsigned wTable = 0;
+  const Column *pTabCol;
+  int i;
+  for(i=pTab->nCol, pTabCol=pTab->aCol; i>0; i--, pTabCol++){
+    wTable += pTabCol->szEst;
+  }
+  if( pTab->iPKey<0 ) wTable++;
+  pTab->szTabRow = sqlite3LogEst(wTable*4);
+}
+
+/*
+** Estimate the average size of a row for an index.
+*/
+static void estimateIndexWidth(Index *pIdx){
+  unsigned wIndex = 0;
+  int i;
+  const Column *aCol = pIdx->pTable->aCol;
+  for(i=0; i<pIdx->nColumn; i++){
+    i16 x = pIdx->aiColumn[i];
+    assert( x<pIdx->pTable->nCol );
+    wIndex += x<0 ? 1 : aCol[pIdx->aiColumn[i]].szEst;
+  }
+  pIdx->szIdxRow = sqlite3LogEst(wIndex*4);
+}
+
+/* Return true if value x is found any of the first nCol entries of aiCol[]
+*/
+static int hasColumn(const i16 *aiCol, int nCol, int x){
+  while( nCol-- > 0 ) if( x==*(aiCol++) ) return 1;
+  return 0;
+}
+
+/*
+** This routine runs at the end of parsing a CREATE TABLE statement that
+** has a WITHOUT ROWID clause.  The job of this routine is to convert both
+** internal schema data structures and the generated VDBE code so that they
+** are appropriate for a WITHOUT ROWID table instead of a rowid table.
+** Changes include:
+**
+**     (1)  Convert the OP_CreateTable into an OP_CreateIndex.  There is
+**          no rowid btree for a WITHOUT ROWID.  Instead, the canonical
+**          data storage is a covering index btree.
+**     (2)  Bypass the creation of the sqlite_master table entry
+**          for the PRIMARY KEY as the primary key index is now
+**          identified by the sqlite_master table entry of the table itself.
+**     (3)  Set the Index.tnum of the PRIMARY KEY Index object in the
+**          schema to the rootpage from the main table.
+**     (4)  Set all columns of the PRIMARY KEY schema object to be NOT NULL.
+**     (5)  Add all table columns to the PRIMARY KEY Index object
+**          so that the PRIMARY KEY is a covering index.  The surplus
+**          columns are part of KeyInfo.nXField and are not used for
+**          sorting or lookup or uniqueness checks.
+**     (6)  Replace the rowid tail on all automatically generated UNIQUE
+**          indices with the PRIMARY KEY columns.
+*/
+static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
+  Index *pIdx;
+  Index *pPk;
+  int nPk;
+  int i, j;
+  sqlite3 *db = pParse->db;
+  Vdbe *v = pParse->pVdbe;
+
+  /* Convert the OP_CreateTable opcode that would normally create the
+  ** root-page for the table into an OP_CreateIndex opcode.  The index
+  ** created will become the PRIMARY KEY index.
+  */
+  if( pParse->addrCrTab ){
+    assert( v );
+    sqlite3VdbeChangeOpcode(v, pParse->addrCrTab, OP_CreateIndex);
+  }
+
+  /* Locate the PRIMARY KEY index.  Or, if this table was originally
+  ** an INTEGER PRIMARY KEY table, create a new PRIMARY KEY index. 
+  */
+  if( pTab->iPKey>=0 ){
+    ExprList *pList;
+    Token ipkToken;
+    ipkToken.z = pTab->aCol[pTab->iPKey].zName;
+    ipkToken.n = sqlite3Strlen30(ipkToken.z);
+    pList = sqlite3ExprListAppend(pParse, 0, 
+                  sqlite3ExprAlloc(db, TK_ID, &ipkToken, 0));
+    if( pList==0 ) return;
+    pList->a[0].sortOrder = pParse->iPkSortOrder;
+    assert( pParse->pNewTable==pTab );
+    pPk = sqlite3CreateIndex(pParse, 0, 0, 0, pList, pTab->keyConf, 0, 0, 0, 0);
+    if( pPk==0 ) return;
+    pPk->idxType = SQLITE_IDXTYPE_PRIMARYKEY;
+    pTab->iPKey = -1;
+  }else{
+    pPk = sqlite3PrimaryKeyIndex(pTab);
+
+    /* Bypass the creation of the PRIMARY KEY btree and the sqlite_master
+    ** table entry. This is only required if currently generating VDBE
+    ** code for a CREATE TABLE (not when parsing one as part of reading
+    ** a database schema).  */
+    if( v ){
+      assert( db->init.busy==0 );
+      sqlite3VdbeChangeOpcode(v, pPk->tnum, OP_Goto);
+    }
+
+    /*
+    ** Remove all redundant columns from the PRIMARY KEY.  For example, change
+    ** "PRIMARY KEY(a,b,a,b,c,b,c,d)" into just "PRIMARY KEY(a,b,c,d)".  Later
+    ** code assumes the PRIMARY KEY contains no repeated columns.
+    */
+    for(i=j=1; i<pPk->nKeyCol; i++){
+      if( hasColumn(pPk->aiColumn, j, pPk->aiColumn[i]) ){
+        pPk->nColumn--;
+      }else{
+        pPk->aiColumn[j++] = pPk->aiColumn[i];
+      }
+    }
+    pPk->nKeyCol = j;
+  }
+  pPk->isCovering = 1;
+  assert( pPk!=0 );
+  nPk = pPk->nKeyCol;
+
+  /* Make sure every column of the PRIMARY KEY is NOT NULL.  (Except,
+  ** do not enforce this for imposter tables.) */
+  if( !db->init.imposterTable ){
+    for(i=0; i<nPk; i++){
+      pTab->aCol[pPk->aiColumn[i]].notNull = OE_Abort;
+    }
+    pPk->uniqNotNull = 1;
+  }
+
+  /* The root page of the PRIMARY KEY is the table root page */
+  pPk->tnum = pTab->tnum;
+
+  /* Update the in-memory representation of all UNIQUE indices by converting
+  ** the final rowid column into one or more columns of the PRIMARY KEY.
+  */
+  for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+    int n;
+    if( IsPrimaryKeyIndex(pIdx) ) continue;
+    for(i=n=0; i<nPk; i++){
+      if( !hasColumn(pIdx->aiColumn, pIdx->nKeyCol, pPk->aiColumn[i]) ) n++;
+    }
+    if( n==0 ){
+      /* This index is a superset of the primary key */
+      pIdx->nColumn = pIdx->nKeyCol;
+      continue;
+    }
+    if( resizeIndexObject(db, pIdx, pIdx->nKeyCol+n) ) return;
+    for(i=0, j=pIdx->nKeyCol; i<nPk; i++){
+      if( !hasColumn(pIdx->aiColumn, pIdx->nKeyCol, pPk->aiColumn[i]) ){
+        pIdx->aiColumn[j] = pPk->aiColumn[i];
+        pIdx->azColl[j] = pPk->azColl[i];
+        j++;
+      }
+    }
+    assert( pIdx->nColumn>=pIdx->nKeyCol+n );
+    assert( pIdx->nColumn>=j );
+  }
+
+  /* Add all table columns to the PRIMARY KEY index
+  */
+  if( nPk<pTab->nCol ){
+    if( resizeIndexObject(db, pPk, pTab->nCol) ) return;
+    for(i=0, j=nPk; i<pTab->nCol; i++){
+      if( !hasColumn(pPk->aiColumn, j, i) ){
+        assert( j<pPk->nColumn );
+        pPk->aiColumn[j] = i;
+        pPk->azColl[j] = sqlite3StrBINARY;
+        j++;
+      }
+    }
+    assert( pPk->nColumn==j );
+    assert( pTab->nCol==j );
+  }else{
+    pPk->nColumn = pTab->nCol;
+  }
+}
+
+/*
+** This routine is called to report the final ")" that terminates
+** a CREATE TABLE statement.
+**
+** The table structure that other action routines have been building
+** is added to the internal hash tables, assuming no errors have
+** occurred.
+**
+** An entry for the table is made in the master table on disk, unless
+** this is a temporary table or db->init.busy==1.  When db->init.busy==1
+** it means we are reading the sqlite_master table because we just
+** connected to the database or because the sqlite_master table has
+** recently changed, so the entry for this table already exists in
+** the sqlite_master table.  We do not want to create it again.
+**
+** If the pSelect argument is not NULL, it means that this routine
+** was called to create a table generated from a 
+** "CREATE TABLE ... AS SELECT ..." statement.  The column names of
+** the new table will match the result set of the SELECT.
+*/
+SQLITE_PRIVATE void sqlite3EndTable(
+  Parse *pParse,          /* Parse context */
+  Token *pCons,           /* The ',' token after the last column defn. */
+  Token *pEnd,            /* The ')' before options in the CREATE TABLE */
+  u8 tabOpts,             /* Extra table options. Usually 0. */
+  Select *pSelect         /* Select from a "CREATE ... AS SELECT" */
+){
+  Table *p;                 /* The new table */
+  sqlite3 *db = pParse->db; /* The database connection */
+  int iDb;                  /* Database in which the table lives */
+  Index *pIdx;              /* An implied index of the table */
+
+  if( pEnd==0 && pSelect==0 ){
+    return;
+  }
+  assert( !db->mallocFailed );
+  p = pParse->pNewTable;
+  if( p==0 ) return;
+
+  assert( !db->init.busy || !pSelect );
+
+  /* If the db->init.busy is 1 it means we are reading the SQL off the
+  ** "sqlite_master" or "sqlite_temp_master" table on the disk.
+  ** So do not write to the disk again.  Extract the root page number
+  ** for the table from the db->init.newTnum field.  (The page number
+  ** should have been put there by the sqliteOpenCb routine.)
+  */
+  if( db->init.busy ){
+    p->tnum = db->init.newTnum;
+  }
+
+  /* Special processing for WITHOUT ROWID Tables */
+  if( tabOpts & TF_WithoutRowid ){
+    if( (p->tabFlags & TF_Autoincrement) ){
+      sqlite3ErrorMsg(pParse,
+          "AUTOINCREMENT not allowed on WITHOUT ROWID tables");
+      return;
+    }
+    if( (p->tabFlags & TF_HasPrimaryKey)==0 ){
+      sqlite3ErrorMsg(pParse, "PRIMARY KEY missing on table %s", p->zName);
+    }else{
+      p->tabFlags |= TF_WithoutRowid | TF_NoVisibleRowid;
+      convertToWithoutRowidTable(pParse, p);
+    }
+  }
+
+  iDb = sqlite3SchemaToIndex(db, p->pSchema);
+
+#ifndef SQLITE_OMIT_CHECK
+  /* Resolve names in all CHECK constraint expressions.
+  */
+  if( p->pCheck ){
+    sqlite3ResolveSelfReference(pParse, p, NC_IsCheck, 0, p->pCheck);
+  }
+#endif /* !defined(SQLITE_OMIT_CHECK) */
+
+  /* Estimate the average row size for the table and for all implied indices */
+  estimateTableWidth(p);
+  for(pIdx=p->pIndex; pIdx; pIdx=pIdx->pNext){
+    estimateIndexWidth(pIdx);
+  }
+
+  /* If not initializing, then create a record for the new table
+  ** in the SQLITE_MASTER table of the database.
+  **
+  ** If this is a TEMPORARY table, write the entry into the auxiliary
+  ** file instead of into the main database file.
+  */
+  if( !db->init.busy ){
+    int n;
+    Vdbe *v;
+    char *zType;    /* "view" or "table" */
+    char *zType2;   /* "VIEW" or "TABLE" */
+    char *zStmt;    /* Text of the CREATE TABLE or CREATE VIEW statement */
+
+    v = sqlite3GetVdbe(pParse);
+    if( NEVER(v==0) ) return;
+
+    sqlite3VdbeAddOp1(v, OP_Close, 0);
+
+    /* 
+    ** Initialize zType for the new view or table.
+    */
+    if( p->pSelect==0 ){
+      /* A regular table */
+      zType = "table";
+      zType2 = "TABLE";
+#ifndef SQLITE_OMIT_VIEW
+    }else{
+      /* A view */
+      zType = "view";
+      zType2 = "VIEW";
+#endif
+    }
+
+    /* If this is a CREATE TABLE xx AS SELECT ..., execute the SELECT
+    ** statement to populate the new table. The root-page number for the
+    ** new table is in register pParse->regRoot.
+    **
+    ** Once the SELECT has been coded by sqlite3Select(), it is in a
+    ** suitable state to query for the column names and types to be used
+    ** by the new table.
+    **
+    ** A shared-cache write-lock is not required to write to the new table,
+    ** as a schema-lock must have already been obtained to create it. Since
+    ** a schema-lock excludes all other database users, the write-lock would
+    ** be redundant.
+    */
+    if( pSelect ){
+      SelectDest dest;    /* Where the SELECT should store results */
+      int regYield;       /* Register holding co-routine entry-point */
+      int addrTop;        /* Top of the co-routine */
+      int regRec;         /* A record to be insert into the new table */
+      int regRowid;       /* Rowid of the next row to insert */
+      int addrInsLoop;    /* Top of the loop for inserting rows */
+      Table *pSelTab;     /* A table that describes the SELECT results */
+
+      regYield = ++pParse->nMem;
+      regRec = ++pParse->nMem;
+      regRowid = ++pParse->nMem;
+      assert(pParse->nTab==1);
+      sqlite3MayAbort(pParse);
+      sqlite3VdbeAddOp3(v, OP_OpenWrite, 1, pParse->regRoot, iDb);
+      sqlite3VdbeChangeP5(v, OPFLAG_P2ISREG);
+      pParse->nTab = 2;
+      addrTop = sqlite3VdbeCurrentAddr(v) + 1;
+      sqlite3VdbeAddOp3(v, OP_InitCoroutine, regYield, 0, addrTop);
+      sqlite3SelectDestInit(&dest, SRT_Coroutine, regYield);
+      sqlite3Select(pParse, pSelect, &dest);
+      sqlite3VdbeAddOp1(v, OP_EndCoroutine, regYield);
+      sqlite3VdbeJumpHere(v, addrTop - 1);
+      if( pParse->nErr ) return;
+      pSelTab = sqlite3ResultSetOfSelect(pParse, pSelect);
+      if( pSelTab==0 ) return;
+      assert( p->aCol==0 );
+      p->nCol = pSelTab->nCol;
+      p->aCol = pSelTab->aCol;
+      pSelTab->nCol = 0;
+      pSelTab->aCol = 0;
+      sqlite3DeleteTable(db, pSelTab);
+      addrInsLoop = sqlite3VdbeAddOp1(v, OP_Yield, dest.iSDParm);
+      VdbeCoverage(v);
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, dest.iSdst, dest.nSdst, regRec);
+      sqlite3TableAffinity(v, p, 0);
+      sqlite3VdbeAddOp2(v, OP_NewRowid, 1, regRowid);
+      sqlite3VdbeAddOp3(v, OP_Insert, 1, regRec, regRowid);
+      sqlite3VdbeGoto(v, addrInsLoop);
+      sqlite3VdbeJumpHere(v, addrInsLoop);
+      sqlite3VdbeAddOp1(v, OP_Close, 1);
+    }
+
+    /* Compute the complete text of the CREATE statement */
+    if( pSelect ){
+      zStmt = createTableStmt(db, p);
+    }else{
+      Token *pEnd2 = tabOpts ? &pParse->sLastToken : pEnd;
+      n = (int)(pEnd2->z - pParse->sNameToken.z);
+      if( pEnd2->z[0]!=';' ) n += pEnd2->n;
+      zStmt = sqlite3MPrintf(db, 
+          "CREATE %s %.*s", zType2, n, pParse->sNameToken.z
+      );
+    }
+
+    /* A slot for the record has already been allocated in the 
+    ** SQLITE_MASTER table.  We just need to update that slot with all
+    ** the information we've collected.
+    */
+    sqlite3NestedParse(pParse,
+      "UPDATE %Q.%s "
+         "SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q "
+       "WHERE rowid=#%d",
+      db->aDb[iDb].zName, SCHEMA_TABLE(iDb),
+      zType,
+      p->zName,
+      p->zName,
+      pParse->regRoot,
+      zStmt,
+      pParse->regRowid
+    );
+    sqlite3DbFree(db, zStmt);
+    sqlite3ChangeCookie(pParse, iDb);
+
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+    /* Check to see if we need to create an sqlite_sequence table for
+    ** keeping track of autoincrement keys.
+    */
+    if( p->tabFlags & TF_Autoincrement ){
+      Db *pDb = &db->aDb[iDb];
+      assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+      if( pDb->pSchema->pSeqTab==0 ){
+        sqlite3NestedParse(pParse,
+          "CREATE TABLE %Q.sqlite_sequence(name,seq)",
+          pDb->zName
+        );
+      }
+    }
+#endif
+
+    /* Reparse everything to update our internal data structures */
+    sqlite3VdbeAddParseSchemaOp(v, iDb,
+           sqlite3MPrintf(db, "tbl_name='%q' AND type!='trigger'", p->zName));
+  }
+
+
+  /* Add the table to the in-memory representation of the database.
+  */
+  if( db->init.busy ){
+    Table *pOld;
+    Schema *pSchema = p->pSchema;
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    pOld = sqlite3HashInsert(&pSchema->tblHash, p->zName, p);
+    if( pOld ){
+      assert( p==pOld );  /* Malloc must have failed inside HashInsert() */
+      db->mallocFailed = 1;
+      return;
+    }
+    pParse->pNewTable = 0;
+    db->flags |= SQLITE_InternChanges;
+
+#ifndef SQLITE_OMIT_ALTERTABLE
+    if( !p->pSelect ){
+      const char *zName = (const char *)pParse->sNameToken.z;
+      int nName;
+      assert( !pSelect && pCons && pEnd );
+      if( pCons->z==0 ){
+        pCons = pEnd;
+      }
+      nName = (int)((const char *)pCons->z - zName);
+      p->addColOffset = 13 + sqlite3Utf8CharLen(zName, nName);
+    }
+#endif
+  }
+}
+
+#ifndef SQLITE_OMIT_VIEW
+/*
+** The parser calls this routine in order to create a new VIEW
+*/
+SQLITE_PRIVATE void sqlite3CreateView(
+  Parse *pParse,     /* The parsing context */
+  Token *pBegin,     /* The CREATE token that begins the statement */
+  Token *pName1,     /* The token that holds the name of the view */
+  Token *pName2,     /* The token that holds the name of the view */
+  ExprList *pCNames, /* Optional list of view column names */
+  Select *pSelect,   /* A SELECT statement that will become the new view */
+  int isTemp,        /* TRUE for a TEMPORARY view */
+  int noErr          /* Suppress error messages if VIEW already exists */
+){
+  Table *p;
+  int n;
+  const char *z;
+  Token sEnd;
+  DbFixer sFix;
+  Token *pName = 0;
+  int iDb;
+  sqlite3 *db = pParse->db;
+
+  if( pParse->nVar>0 ){
+    sqlite3ErrorMsg(pParse, "parameters are not allowed in views");
+    goto create_view_fail;
+  }
+  sqlite3StartTable(pParse, pName1, pName2, isTemp, 1, 0, noErr);
+  p = pParse->pNewTable;
+  if( p==0 || pParse->nErr ) goto create_view_fail;
+  sqlite3TwoPartName(pParse, pName1, pName2, &pName);
+  iDb = sqlite3SchemaToIndex(db, p->pSchema);
+  sqlite3FixInit(&sFix, pParse, iDb, "view", pName);
+  if( sqlite3FixSelect(&sFix, pSelect) ) goto create_view_fail;
+
+  /* Make a copy of the entire SELECT statement that defines the view.
+  ** This will force all the Expr.token.z values to be dynamically
+  ** allocated rather than point to the input string - which means that
+  ** they will persist after the current sqlite3_exec() call returns.
+  */
+  p->pSelect = sqlite3SelectDup(db, pSelect, EXPRDUP_REDUCE);
+  p->pCheck = sqlite3ExprListDup(db, pCNames, EXPRDUP_REDUCE);
+  if( db->mallocFailed ) goto create_view_fail;
+
+  /* Locate the end of the CREATE VIEW statement.  Make sEnd point to
+  ** the end.
+  */
+  sEnd = pParse->sLastToken;
+  assert( sEnd.z[0]!=0 );
+  if( sEnd.z[0]!=';' ){
+    sEnd.z += sEnd.n;
+  }
+  sEnd.n = 0;
+  n = (int)(sEnd.z - pBegin->z);
+  assert( n>0 );
+  z = pBegin->z;
+  while( sqlite3Isspace(z[n-1]) ){ n--; }
+  sEnd.z = &z[n-1];
+  sEnd.n = 1;
+
+  /* Use sqlite3EndTable() to add the view to the SQLITE_MASTER table */
+  sqlite3EndTable(pParse, 0, &sEnd, 0, 0);
+
+create_view_fail:
+  sqlite3SelectDelete(db, pSelect);
+  sqlite3ExprListDelete(db, pCNames);
+  return;
+}
+#endif /* SQLITE_OMIT_VIEW */
+
+#if !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_VIRTUALTABLE)
+/*
+** The Table structure pTable is really a VIEW.  Fill in the names of
+** the columns of the view in the pTable structure.  Return the number
+** of errors.  If an error is seen leave an error message in pParse->zErrMsg.
+*/
+SQLITE_PRIVATE int sqlite3ViewGetColumnNames(Parse *pParse, Table *pTable){
+  Table *pSelTab;   /* A fake table from which we get the result set */
+  Select *pSel;     /* Copy of the SELECT that implements the view */
+  int nErr = 0;     /* Number of errors encountered */
+  int n;            /* Temporarily holds the number of cursors assigned */
+  sqlite3 *db = pParse->db;  /* Database connection for malloc errors */
+  sqlite3_xauth xAuth;       /* Saved xAuth pointer */
+  u8 bEnabledLA;             /* Saved db->lookaside.bEnabled state */
+
+  assert( pTable );
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( sqlite3VtabCallConnect(pParse, pTable) ){
+    return SQLITE_ERROR;
+  }
+  if( IsVirtual(pTable) ) return 0;
+#endif
+
+#ifndef SQLITE_OMIT_VIEW
+  /* A positive nCol means the columns names for this view are
+  ** already known.
+  */
+  if( pTable->nCol>0 ) return 0;
+
+  /* A negative nCol is a special marker meaning that we are currently
+  ** trying to compute the column names.  If we enter this routine with
+  ** a negative nCol, it means two or more views form a loop, like this:
+  **
+  **     CREATE VIEW one AS SELECT * FROM two;
+  **     CREATE VIEW two AS SELECT * FROM one;
+  **
+  ** Actually, the error above is now caught prior to reaching this point.
+  ** But the following test is still important as it does come up
+  ** in the following:
+  ** 
+  **     CREATE TABLE main.ex1(a);
+  **     CREATE TEMP VIEW ex1 AS SELECT a FROM ex1;
+  **     SELECT * FROM temp.ex1;
+  */
+  if( pTable->nCol<0 ){
+    sqlite3ErrorMsg(pParse, "view %s is circularly defined", pTable->zName);
+    return 1;
+  }
+  assert( pTable->nCol>=0 );
+
+  /* If we get this far, it means we need to compute the table names.
+  ** Note that the call to sqlite3ResultSetOfSelect() will expand any
+  ** "*" elements in the results set of the view and will assign cursors
+  ** to the elements of the FROM clause.  But we do not want these changes
+  ** to be permanent.  So the computation is done on a copy of the SELECT
+  ** statement that defines the view.
+  */
+  assert( pTable->pSelect );
+  bEnabledLA = db->lookaside.bEnabled;
+  if( pTable->pCheck ){
+    db->lookaside.bEnabled = 0;
+    sqlite3ColumnsFromExprList(pParse, pTable->pCheck, 
+                               &pTable->nCol, &pTable->aCol);
+  }else{
+    pSel = sqlite3SelectDup(db, pTable->pSelect, 0);
+    if( pSel ){
+      n = pParse->nTab;
+      sqlite3SrcListAssignCursors(pParse, pSel->pSrc);
+      pTable->nCol = -1;
+      db->lookaside.bEnabled = 0;
+#ifndef SQLITE_OMIT_AUTHORIZATION
+      xAuth = db->xAuth;
+      db->xAuth = 0;
+      pSelTab = sqlite3ResultSetOfSelect(pParse, pSel);
+      db->xAuth = xAuth;
+#else
+      pSelTab = sqlite3ResultSetOfSelect(pParse, pSel);
+#endif
+      pParse->nTab = n;
+      if( pSelTab ){
+        assert( pTable->aCol==0 );
+        pTable->nCol = pSelTab->nCol;
+        pTable->aCol = pSelTab->aCol;
+        pSelTab->nCol = 0;
+        pSelTab->aCol = 0;
+        sqlite3DeleteTable(db, pSelTab);
+        assert( sqlite3SchemaMutexHeld(db, 0, pTable->pSchema) );
+      }else{
+        pTable->nCol = 0;
+        nErr++;
+      }
+      sqlite3SelectDelete(db, pSel);
+    } else {
+      nErr++;
+    }
+  }
+  db->lookaside.bEnabled = bEnabledLA;
+  pTable->pSchema->schemaFlags |= DB_UnresetViews;
+#endif /* SQLITE_OMIT_VIEW */
+  return nErr;  
+}
+#endif /* !defined(SQLITE_OMIT_VIEW) || !defined(SQLITE_OMIT_VIRTUALTABLE) */
+
+#ifndef SQLITE_OMIT_VIEW
+/*
+** Clear the column names from every VIEW in database idx.
+*/
+static void sqliteViewResetAll(sqlite3 *db, int idx){
+  HashElem *i;
+  assert( sqlite3SchemaMutexHeld(db, idx, 0) );
+  if( !DbHasProperty(db, idx, DB_UnresetViews) ) return;
+  for(i=sqliteHashFirst(&db->aDb[idx].pSchema->tblHash); i;i=sqliteHashNext(i)){
+    Table *pTab = sqliteHashData(i);
+    if( pTab->pSelect ){
+      sqlite3DeleteColumnNames(db, pTab);
+      pTab->aCol = 0;
+      pTab->nCol = 0;
+    }
+  }
+  DbClearProperty(db, idx, DB_UnresetViews);
+}
+#else
+# define sqliteViewResetAll(A,B)
+#endif /* SQLITE_OMIT_VIEW */
+
+/*
+** This function is called by the VDBE to adjust the internal schema
+** used by SQLite when the btree layer moves a table root page. The
+** root-page of a table or index in database iDb has changed from iFrom
+** to iTo.
+**
+** Ticket #1728:  The symbol table might still contain information
+** on tables and/or indices that are the process of being deleted.
+** If you are unlucky, one of those deleted indices or tables might
+** have the same rootpage number as the real table or index that is
+** being moved.  So we cannot stop searching after the first match 
+** because the first match might be for one of the deleted indices
+** or tables and not the table/index that is actually being moved.
+** We must continue looping until all tables and indices with
+** rootpage==iFrom have been converted to have a rootpage of iTo
+** in order to be certain that we got the right one.
+*/
+#ifndef SQLITE_OMIT_AUTOVACUUM
+SQLITE_PRIVATE void sqlite3RootPageMoved(sqlite3 *db, int iDb, int iFrom, int iTo){
+  HashElem *pElem;
+  Hash *pHash;
+  Db *pDb;
+
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  pDb = &db->aDb[iDb];
+  pHash = &pDb->pSchema->tblHash;
+  for(pElem=sqliteHashFirst(pHash); pElem; pElem=sqliteHashNext(pElem)){
+    Table *pTab = sqliteHashData(pElem);
+    if( pTab->tnum==iFrom ){
+      pTab->tnum = iTo;
+    }
+  }
+  pHash = &pDb->pSchema->idxHash;
+  for(pElem=sqliteHashFirst(pHash); pElem; pElem=sqliteHashNext(pElem)){
+    Index *pIdx = sqliteHashData(pElem);
+    if( pIdx->tnum==iFrom ){
+      pIdx->tnum = iTo;
+    }
+  }
+}
+#endif
+
+/*
+** Write code to erase the table with root-page iTable from database iDb.
+** Also write code to modify the sqlite_master table and internal schema
+** if a root-page of another table is moved by the btree-layer whilst
+** erasing iTable (this can happen with an auto-vacuum database).
+*/ 
+static void destroyRootPage(Parse *pParse, int iTable, int iDb){
+  Vdbe *v = sqlite3GetVdbe(pParse);
+  int r1 = sqlite3GetTempReg(pParse);
+  sqlite3VdbeAddOp3(v, OP_Destroy, iTable, r1, iDb);
+  sqlite3MayAbort(pParse);
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  /* OP_Destroy stores an in integer r1. If this integer
+  ** is non-zero, then it is the root page number of a table moved to
+  ** location iTable. The following code modifies the sqlite_master table to
+  ** reflect this.
+  **
+  ** The "#NNN" in the SQL is a special constant that means whatever value
+  ** is in register NNN.  See grammar rules associated with the TK_REGISTER
+  ** token for additional information.
+  */
+  sqlite3NestedParse(pParse, 
+     "UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d",
+     pParse->db->aDb[iDb].zName, SCHEMA_TABLE(iDb), iTable, r1, r1);
+#endif
+  sqlite3ReleaseTempReg(pParse, r1);
+}
+
+/*
+** Write VDBE code to erase table pTab and all associated indices on disk.
+** Code to update the sqlite_master tables and internal schema definitions
+** in case a root-page belonging to another table is moved by the btree layer
+** is also added (this can happen with an auto-vacuum database).
+*/
+static void destroyTable(Parse *pParse, Table *pTab){
+#ifdef SQLITE_OMIT_AUTOVACUUM
+  Index *pIdx;
+  int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+  destroyRootPage(pParse, pTab->tnum, iDb);
+  for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+    destroyRootPage(pParse, pIdx->tnum, iDb);
+  }
+#else
+  /* If the database may be auto-vacuum capable (if SQLITE_OMIT_AUTOVACUUM
+  ** is not defined), then it is important to call OP_Destroy on the
+  ** table and index root-pages in order, starting with the numerically 
+  ** largest root-page number. This guarantees that none of the root-pages
+  ** to be destroyed is relocated by an earlier OP_Destroy. i.e. if the
+  ** following were coded:
+  **
+  ** OP_Destroy 4 0
+  ** ...
+  ** OP_Destroy 5 0
+  **
+  ** and root page 5 happened to be the largest root-page number in the
+  ** database, then root page 5 would be moved to page 4 by the 
+  ** "OP_Destroy 4 0" opcode. The subsequent "OP_Destroy 5 0" would hit
+  ** a free-list page.
+  */
+  int iTab = pTab->tnum;
+  int iDestroyed = 0;
+
+  while( 1 ){
+    Index *pIdx;
+    int iLargest = 0;
+
+    if( iDestroyed==0 || iTab<iDestroyed ){
+      iLargest = iTab;
+    }
+    for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+      int iIdx = pIdx->tnum;
+      assert( pIdx->pSchema==pTab->pSchema );
+      if( (iDestroyed==0 || (iIdx<iDestroyed)) && iIdx>iLargest ){
+        iLargest = iIdx;
+      }
+    }
+    if( iLargest==0 ){
+      return;
+    }else{
+      int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+      assert( iDb>=0 && iDb<pParse->db->nDb );
+      destroyRootPage(pParse, iLargest, iDb);
+      iDestroyed = iLargest;
+    }
+  }
+#endif
+}
+
+/*
+** Remove entries from the sqlite_statN tables (for N in (1,2,3))
+** after a DROP INDEX or DROP TABLE command.
+*/
+static void sqlite3ClearStatTables(
+  Parse *pParse,         /* The parsing context */
+  int iDb,               /* The database number */
+  const char *zType,     /* "idx" or "tbl" */
+  const char *zName      /* Name of index or table */
+){
+  int i;
+  const char *zDbName = pParse->db->aDb[iDb].zName;
+  for(i=1; i<=4; i++){
+    char zTab[24];
+    sqlite3_snprintf(sizeof(zTab),zTab,"sqlite_stat%d",i);
+    if( sqlite3FindTable(pParse->db, zTab, zDbName) ){
+      sqlite3NestedParse(pParse,
+        "DELETE FROM %Q.%s WHERE %s=%Q",
+        zDbName, zTab, zType, zName
+      );
+    }
+  }
+}
+
+/*
+** Generate code to drop a table.
+*/
+SQLITE_PRIVATE void sqlite3CodeDropTable(Parse *pParse, Table *pTab, int iDb, int isView){
+  Vdbe *v;
+  sqlite3 *db = pParse->db;
+  Trigger *pTrigger;
+  Db *pDb = &db->aDb[iDb];
+
+  v = sqlite3GetVdbe(pParse);
+  assert( v!=0 );
+  sqlite3BeginWriteOperation(pParse, 1, iDb);
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( IsVirtual(pTab) ){
+    sqlite3VdbeAddOp0(v, OP_VBegin);
+  }
+#endif
+
+  /* Drop all triggers associated with the table being dropped. Code
+  ** is generated to remove entries from sqlite_master and/or
+  ** sqlite_temp_master if required.
+  */
+  pTrigger = sqlite3TriggerList(pParse, pTab);
+  while( pTrigger ){
+    assert( pTrigger->pSchema==pTab->pSchema || 
+        pTrigger->pSchema==db->aDb[1].pSchema );
+    sqlite3DropTriggerPtr(pParse, pTrigger);
+    pTrigger = pTrigger->pNext;
+  }
+
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+  /* Remove any entries of the sqlite_sequence table associated with
+  ** the table being dropped. This is done before the table is dropped
+  ** at the btree level, in case the sqlite_sequence table needs to
+  ** move as a result of the drop (can happen in auto-vacuum mode).
+  */
+  if( pTab->tabFlags & TF_Autoincrement ){
+    sqlite3NestedParse(pParse,
+      "DELETE FROM %Q.sqlite_sequence WHERE name=%Q",
+      pDb->zName, pTab->zName
+    );
+  }
+#endif
+
+  /* Drop all SQLITE_MASTER table and index entries that refer to the
+  ** table. The program name loops through the master table and deletes
+  ** every row that refers to a table of the same name as the one being
+  ** dropped. Triggers are handled separately because a trigger can be
+  ** created in the temp database that refers to a table in another
+  ** database.
+  */
+  sqlite3NestedParse(pParse, 
+      "DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'",
+      pDb->zName, SCHEMA_TABLE(iDb), pTab->zName);
+  if( !isView && !IsVirtual(pTab) ){
+    destroyTable(pParse, pTab);
+  }
+
+  /* Remove the table entry from SQLite's internal schema and modify
+  ** the schema cookie.
+  */
+  if( IsVirtual(pTab) ){
+    sqlite3VdbeAddOp4(v, OP_VDestroy, iDb, 0, 0, pTab->zName, 0);
+  }
+  sqlite3VdbeAddOp4(v, OP_DropTable, iDb, 0, 0, pTab->zName, 0);
+  sqlite3ChangeCookie(pParse, iDb);
+  sqliteViewResetAll(db, iDb);
+}
+
+/*
+** This routine is called to do the work of a DROP TABLE statement.
+** pName is the name of the table to be dropped.
+*/
+SQLITE_PRIVATE void sqlite3DropTable(Parse *pParse, SrcList *pName, int isView, int noErr){
+  Table *pTab;
+  Vdbe *v;
+  sqlite3 *db = pParse->db;
+  int iDb;
+
+  if( db->mallocFailed ){
+    goto exit_drop_table;
+  }
+  assert( pParse->nErr==0 );
+  assert( pName->nSrc==1 );
+  if( sqlite3ReadSchema(pParse) ) goto exit_drop_table;
+  if( noErr ) db->suppressErr++;
+  pTab = sqlite3LocateTableItem(pParse, isView, &pName->a[0]);
+  if( noErr ) db->suppressErr--;
+
+  if( pTab==0 ){
+    if( noErr ) sqlite3CodeVerifyNamedSchema(pParse, pName->a[0].zDatabase);
+    goto exit_drop_table;
+  }
+  iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+  assert( iDb>=0 && iDb<db->nDb );
+
+  /* If pTab is a virtual table, call ViewGetColumnNames() to ensure
+  ** it is initialized.
+  */
+  if( IsVirtual(pTab) && sqlite3ViewGetColumnNames(pParse, pTab) ){
+    goto exit_drop_table;
+  }
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  {
+    int code;
+    const char *zTab = SCHEMA_TABLE(iDb);
+    const char *zDb = db->aDb[iDb].zName;
+    const char *zArg2 = 0;
+    if( sqlite3AuthCheck(pParse, SQLITE_DELETE, zTab, 0, zDb)){
+      goto exit_drop_table;
+    }
+    if( isView ){
+      if( !OMIT_TEMPDB && iDb==1 ){
+        code = SQLITE_DROP_TEMP_VIEW;
+      }else{
+        code = SQLITE_DROP_VIEW;
+      }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    }else if( IsVirtual(pTab) ){
+      code = SQLITE_DROP_VTABLE;
+      zArg2 = sqlite3GetVTable(db, pTab)->pMod->zName;
+#endif
+    }else{
+      if( !OMIT_TEMPDB && iDb==1 ){
+        code = SQLITE_DROP_TEMP_TABLE;
+      }else{
+        code = SQLITE_DROP_TABLE;
+      }
+    }
+    if( sqlite3AuthCheck(pParse, code, pTab->zName, zArg2, zDb) ){
+      goto exit_drop_table;
+    }
+    if( sqlite3AuthCheck(pParse, SQLITE_DELETE, pTab->zName, 0, zDb) ){
+      goto exit_drop_table;
+    }
+  }
+#endif
+  if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 
+    && sqlite3StrNICmp(pTab->zName, "sqlite_stat", 11)!=0 ){
+    sqlite3ErrorMsg(pParse, "table %s may not be dropped", pTab->zName);
+    goto exit_drop_table;
+  }
+
+#ifndef SQLITE_OMIT_VIEW
+  /* Ensure DROP TABLE is not used on a view, and DROP VIEW is not used
+  ** on a table.
+  */
+  if( isView && pTab->pSelect==0 ){
+    sqlite3ErrorMsg(pParse, "use DROP TABLE to delete table %s", pTab->zName);
+    goto exit_drop_table;
+  }
+  if( !isView && pTab->pSelect ){
+    sqlite3ErrorMsg(pParse, "use DROP VIEW to delete view %s", pTab->zName);
+    goto exit_drop_table;
+  }
+#endif
+
+  /* Generate code to remove the table from the master table
+  ** on disk.
+  */
+  v = sqlite3GetVdbe(pParse);
+  if( v ){
+    sqlite3BeginWriteOperation(pParse, 1, iDb);
+    sqlite3ClearStatTables(pParse, iDb, "tbl", pTab->zName);
+    sqlite3FkDropTable(pParse, pName, pTab);
+    sqlite3CodeDropTable(pParse, pTab, iDb, isView);
+  }
+
+exit_drop_table:
+  sqlite3SrcListDelete(db, pName);
+}
+
+/*
+** This routine is called to create a new foreign key on the table
+** currently under construction.  pFromCol determines which columns
+** in the current table point to the foreign key.  If pFromCol==0 then
+** connect the key to the last column inserted.  pTo is the name of
+** the table referred to (a.k.a the "parent" table).  pToCol is a list
+** of tables in the parent pTo table.  flags contains all
+** information about the conflict resolution algorithms specified
+** in the ON DELETE, ON UPDATE and ON INSERT clauses.
+**
+** An FKey structure is created and added to the table currently
+** under construction in the pParse->pNewTable field.
+**
+** The foreign key is set for IMMEDIATE processing.  A subsequent call
+** to sqlite3DeferForeignKey() might change this to DEFERRED.
+*/
+SQLITE_PRIVATE void sqlite3CreateForeignKey(
+  Parse *pParse,       /* Parsing context */
+  ExprList *pFromCol,  /* Columns in this table that point to other table */
+  Token *pTo,          /* Name of the other table */
+  ExprList *pToCol,    /* Columns in the other table */
+  int flags            /* Conflict resolution algorithms. */
+){
+  sqlite3 *db = pParse->db;
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+  FKey *pFKey = 0;
+  FKey *pNextTo;
+  Table *p = pParse->pNewTable;
+  int nByte;
+  int i;
+  int nCol;
+  char *z;
+
+  assert( pTo!=0 );
+  if( p==0 || IN_DECLARE_VTAB ) goto fk_end;
+  if( pFromCol==0 ){
+    int iCol = p->nCol-1;
+    if( NEVER(iCol<0) ) goto fk_end;
+    if( pToCol && pToCol->nExpr!=1 ){
+      sqlite3ErrorMsg(pParse, "foreign key on %s"
+         " should reference only one column of table %T",
+         p->aCol[iCol].zName, pTo);
+      goto fk_end;
+    }
+    nCol = 1;
+  }else if( pToCol && pToCol->nExpr!=pFromCol->nExpr ){
+    sqlite3ErrorMsg(pParse,
+        "number of columns in foreign key does not match the number of "
+        "columns in the referenced table");
+    goto fk_end;
+  }else{
+    nCol = pFromCol->nExpr;
+  }
+  nByte = sizeof(*pFKey) + (nCol-1)*sizeof(pFKey->aCol[0]) + pTo->n + 1;
+  if( pToCol ){
+    for(i=0; i<pToCol->nExpr; i++){
+      nByte += sqlite3Strlen30(pToCol->a[i].zName) + 1;
+    }
+  }
+  pFKey = sqlite3DbMallocZero(db, nByte );
+  if( pFKey==0 ){
+    goto fk_end;
+  }
+  pFKey->pFrom = p;
+  pFKey->pNextFrom = p->pFKey;
+  z = (char*)&pFKey->aCol[nCol];
+  pFKey->zTo = z;
+  memcpy(z, pTo->z, pTo->n);
+  z[pTo->n] = 0;
+  sqlite3Dequote(z);
+  z += pTo->n+1;
+  pFKey->nCol = nCol;
+  if( pFromCol==0 ){
+    pFKey->aCol[0].iFrom = p->nCol-1;
+  }else{
+    for(i=0; i<nCol; i++){
+      int j;
+      for(j=0; j<p->nCol; j++){
+        if( sqlite3StrICmp(p->aCol[j].zName, pFromCol->a[i].zName)==0 ){
+          pFKey->aCol[i].iFrom = j;
+          break;
+        }
+      }
+      if( j>=p->nCol ){
+        sqlite3ErrorMsg(pParse, 
+          "unknown column \"%s\" in foreign key definition", 
+          pFromCol->a[i].zName);
+        goto fk_end;
+      }
+    }
+  }
+  if( pToCol ){
+    for(i=0; i<nCol; i++){
+      int n = sqlite3Strlen30(pToCol->a[i].zName);
+      pFKey->aCol[i].zCol = z;
+      memcpy(z, pToCol->a[i].zName, n);
+      z[n] = 0;
+      z += n+1;
+    }
+  }
+  pFKey->isDeferred = 0;
+  pFKey->aAction[0] = (u8)(flags & 0xff);            /* ON DELETE action */
+  pFKey->aAction[1] = (u8)((flags >> 8 ) & 0xff);    /* ON UPDATE action */
+
+  assert( sqlite3SchemaMutexHeld(db, 0, p->pSchema) );
+  pNextTo = (FKey *)sqlite3HashInsert(&p->pSchema->fkeyHash, 
+      pFKey->zTo, (void *)pFKey
+  );
+  if( pNextTo==pFKey ){
+    db->mallocFailed = 1;
+    goto fk_end;
+  }
+  if( pNextTo ){
+    assert( pNextTo->pPrevTo==0 );
+    pFKey->pNextTo = pNextTo;
+    pNextTo->pPrevTo = pFKey;
+  }
+
+  /* Link the foreign key to the table as the last step.
+  */
+  p->pFKey = pFKey;
+  pFKey = 0;
+
+fk_end:
+  sqlite3DbFree(db, pFKey);
+#endif /* !defined(SQLITE_OMIT_FOREIGN_KEY) */
+  sqlite3ExprListDelete(db, pFromCol);
+  sqlite3ExprListDelete(db, pToCol);
+}
+
+/*
+** This routine is called when an INITIALLY IMMEDIATE or INITIALLY DEFERRED
+** clause is seen as part of a foreign key definition.  The isDeferred
+** parameter is 1 for INITIALLY DEFERRED and 0 for INITIALLY IMMEDIATE.
+** The behavior of the most recently created foreign key is adjusted
+** accordingly.
+*/
+SQLITE_PRIVATE void sqlite3DeferForeignKey(Parse *pParse, int isDeferred){
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+  Table *pTab;
+  FKey *pFKey;
+  if( (pTab = pParse->pNewTable)==0 || (pFKey = pTab->pFKey)==0 ) return;
+  assert( isDeferred==0 || isDeferred==1 ); /* EV: R-30323-21917 */
+  pFKey->isDeferred = (u8)isDeferred;
+#endif
+}
+
+/*
+** Generate code that will erase and refill index *pIdx.  This is
+** used to initialize a newly created index or to recompute the
+** content of an index in response to a REINDEX command.
+**
+** if memRootPage is not negative, it means that the index is newly
+** created.  The register specified by memRootPage contains the
+** root page number of the index.  If memRootPage is negative, then
+** the index already exists and must be cleared before being refilled and
+** the root page number of the index is taken from pIndex->tnum.
+*/
+static void sqlite3RefillIndex(Parse *pParse, Index *pIndex, int memRootPage){
+  Table *pTab = pIndex->pTable;  /* The table that is indexed */
+  int iTab = pParse->nTab++;     /* Btree cursor used for pTab */
+  int iIdx = pParse->nTab++;     /* Btree cursor used for pIndex */
+  int iSorter;                   /* Cursor opened by OpenSorter (if in use) */
+  int addr1;                     /* Address of top of loop */
+  int addr2;                     /* Address to jump to for next iteration */
+  int tnum;                      /* Root page of index */
+  int iPartIdxLabel;             /* Jump to this label to skip a row */
+  Vdbe *v;                       /* Generate code into this virtual machine */
+  KeyInfo *pKey;                 /* KeyInfo for index */
+  int regRecord;                 /* Register holding assembled index record */
+  sqlite3 *db = pParse->db;      /* The database connection */
+  int iDb = sqlite3SchemaToIndex(db, pIndex->pSchema);
+
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  if( sqlite3AuthCheck(pParse, SQLITE_REINDEX, pIndex->zName, 0,
+      db->aDb[iDb].zName ) ){
+    return;
+  }
+#endif
+
+  /* Require a write-lock on the table to perform this operation */
+  sqlite3TableLock(pParse, iDb, pTab->tnum, 1, pTab->zName);
+
+  v = sqlite3GetVdbe(pParse);
+  if( v==0 ) return;
+  if( memRootPage>=0 ){
+    tnum = memRootPage;
+  }else{
+    tnum = pIndex->tnum;
+  }
+  pKey = sqlite3KeyInfoOfIndex(pParse, pIndex);
+
+  /* Open the sorter cursor if we are to use one. */
+  iSorter = pParse->nTab++;
+  sqlite3VdbeAddOp4(v, OP_SorterOpen, iSorter, 0, pIndex->nKeyCol, (char*)
+                    sqlite3KeyInfoRef(pKey), P4_KEYINFO);
+
+  /* Open the table. Loop through all rows of the table, inserting index
+  ** records into the sorter. */
+  sqlite3OpenTable(pParse, iTab, iDb, pTab, OP_OpenRead);
+  addr1 = sqlite3VdbeAddOp2(v, OP_Rewind, iTab, 0); VdbeCoverage(v);
+  regRecord = sqlite3GetTempReg(pParse);
+
+  sqlite3GenerateIndexKey(pParse,pIndex,iTab,regRecord,0,&iPartIdxLabel,0,0);
+  sqlite3VdbeAddOp2(v, OP_SorterInsert, iSorter, regRecord);
+  sqlite3ResolvePartIdxLabel(pParse, iPartIdxLabel);
+  sqlite3VdbeAddOp2(v, OP_Next, iTab, addr1+1); VdbeCoverage(v);
+  sqlite3VdbeJumpHere(v, addr1);
+  if( memRootPage<0 ) sqlite3VdbeAddOp2(v, OP_Clear, tnum, iDb);
+  sqlite3VdbeAddOp4(v, OP_OpenWrite, iIdx, tnum, iDb, 
+                    (char *)pKey, P4_KEYINFO);
+  sqlite3VdbeChangeP5(v, OPFLAG_BULKCSR|((memRootPage>=0)?OPFLAG_P2ISREG:0));
+
+  addr1 = sqlite3VdbeAddOp2(v, OP_SorterSort, iSorter, 0); VdbeCoverage(v);
+  assert( pKey!=0 || db->mallocFailed || pParse->nErr );
+  if( IsUniqueIndex(pIndex) && pKey!=0 ){
+    int j2 = sqlite3VdbeCurrentAddr(v) + 3;
+    sqlite3VdbeGoto(v, j2);
+    addr2 = sqlite3VdbeCurrentAddr(v);
+    sqlite3VdbeAddOp4Int(v, OP_SorterCompare, iSorter, j2, regRecord,
+                         pIndex->nKeyCol); VdbeCoverage(v);
+    sqlite3UniqueConstraint(pParse, OE_Abort, pIndex);
+  }else{
+    addr2 = sqlite3VdbeCurrentAddr(v);
+  }
+  sqlite3VdbeAddOp3(v, OP_SorterData, iSorter, regRecord, iIdx);
+  sqlite3VdbeAddOp3(v, OP_Last, iIdx, 0, -1);
+  sqlite3VdbeAddOp3(v, OP_IdxInsert, iIdx, regRecord, 0);
+  sqlite3VdbeChangeP5(v, OPFLAG_USESEEKRESULT);
+  sqlite3ReleaseTempReg(pParse, regRecord);
+  sqlite3VdbeAddOp2(v, OP_SorterNext, iSorter, addr2); VdbeCoverage(v);
+  sqlite3VdbeJumpHere(v, addr1);
+
+  sqlite3VdbeAddOp1(v, OP_Close, iTab);
+  sqlite3VdbeAddOp1(v, OP_Close, iIdx);
+  sqlite3VdbeAddOp1(v, OP_Close, iSorter);
+}
+
+/*
+** Allocate heap space to hold an Index object with nCol columns.
+**
+** Increase the allocation size to provide an extra nExtra bytes
+** of 8-byte aligned space after the Index object and return a
+** pointer to this extra space in *ppExtra.
+*/
+SQLITE_PRIVATE Index *sqlite3AllocateIndexObject(
+  sqlite3 *db,         /* Database connection */
+  i16 nCol,            /* Total number of columns in the index */
+  int nExtra,          /* Number of bytes of extra space to alloc */
+  char **ppExtra       /* Pointer to the "extra" space */
+){
+  Index *p;            /* Allocated index object */
+  int nByte;           /* Bytes of space for Index object + arrays */
+
+  nByte = ROUND8(sizeof(Index)) +              /* Index structure  */
+          ROUND8(sizeof(char*)*nCol) +         /* Index.azColl     */
+          ROUND8(sizeof(LogEst)*(nCol+1) +     /* Index.aiRowLogEst   */
+                 sizeof(i16)*nCol +            /* Index.aiColumn   */
+                 sizeof(u8)*nCol);             /* Index.aSortOrder */
+  p = sqlite3DbMallocZero(db, nByte + nExtra);
+  if( p ){
+    char *pExtra = ((char*)p)+ROUND8(sizeof(Index));
+    p->azColl = (const char**)pExtra; pExtra += ROUND8(sizeof(char*)*nCol);
+    p->aiRowLogEst = (LogEst*)pExtra; pExtra += sizeof(LogEst)*(nCol+1);
+    p->aiColumn = (i16*)pExtra;       pExtra += sizeof(i16)*nCol;
+    p->aSortOrder = (u8*)pExtra;
+    p->nColumn = nCol;
+    p->nKeyCol = nCol - 1;
+    *ppExtra = ((char*)p) + nByte;
+  }
+  return p;
+}
+
+/*
+** Create a new index for an SQL table.  pName1.pName2 is the name of the index 
+** and pTblList is the name of the table that is to be indexed.  Both will 
+** be NULL for a primary key or an index that is created to satisfy a
+** UNIQUE constraint.  If pTable and pIndex are NULL, use pParse->pNewTable
+** as the table to be indexed.  pParse->pNewTable is a table that is
+** currently being constructed by a CREATE TABLE statement.
+**
+** pList is a list of columns to be indexed.  pList will be NULL if this
+** is a primary key or unique-constraint on the most recent column added
+** to the table currently under construction.  
+**
+** If the index is created successfully, return a pointer to the new Index
+** structure. This is used by sqlite3AddPrimaryKey() to mark the index
+** as the tables primary key (Index.idxType==SQLITE_IDXTYPE_PRIMARYKEY)
+*/
+SQLITE_PRIVATE Index *sqlite3CreateIndex(
+  Parse *pParse,     /* All information about this parse */
+  Token *pName1,     /* First part of index name. May be NULL */
+  Token *pName2,     /* Second part of index name. May be NULL */
+  SrcList *pTblName, /* Table to index. Use pParse->pNewTable if 0 */
+  ExprList *pList,   /* A list of columns to be indexed */
+  int onError,       /* OE_Abort, OE_Ignore, OE_Replace, or OE_None */
+  Token *pStart,     /* The CREATE token that begins this statement */
+  Expr *pPIWhere,    /* WHERE clause for partial indices */
+  int sortOrder,     /* Sort order of primary key when pList==NULL */
+  int ifNotExist     /* Omit error if index already exists */
+){
+  Index *pRet = 0;     /* Pointer to return */
+  Table *pTab = 0;     /* Table to be indexed */
+  Index *pIndex = 0;   /* The index to be created */
+  char *zName = 0;     /* Name of the index */
+  int nName;           /* Number of characters in zName */
+  int i, j;
+  DbFixer sFix;        /* For assigning database names to pTable */
+  int sortOrderMask;   /* 1 to honor DESC in index.  0 to ignore. */
+  sqlite3 *db = pParse->db;
+  Db *pDb;             /* The specific table containing the indexed database */
+  int iDb;             /* Index of the database that is being written */
+  Token *pName = 0;    /* Unqualified name of the index to create */
+  struct ExprList_item *pListItem; /* For looping over pList */
+  int nExtra = 0;                  /* Space allocated for zExtra[] */
+  int nExtraCol;                   /* Number of extra columns needed */
+  char *zExtra = 0;                /* Extra space after the Index object */
+  Index *pPk = 0;      /* PRIMARY KEY index for WITHOUT ROWID tables */
+
+  if( db->mallocFailed || IN_DECLARE_VTAB || pParse->nErr>0 ){
+    goto exit_create_index;
+  }
+  if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
+    goto exit_create_index;
+  }
+
+  /*
+  ** Find the table that is to be indexed.  Return early if not found.
+  */
+  if( pTblName!=0 ){
+
+    /* Use the two-part index name to determine the database 
+    ** to search for the table. 'Fix' the table name to this db
+    ** before looking up the table.
+    */
+    assert( pName1 && pName2 );
+    iDb = sqlite3TwoPartName(pParse, pName1, pName2, &pName);
+    if( iDb<0 ) goto exit_create_index;
+    assert( pName && pName->z );
+
+#ifndef SQLITE_OMIT_TEMPDB
+    /* If the index name was unqualified, check if the table
+    ** is a temp table. If so, set the database to 1. Do not do this
+    ** if initialising a database schema.
+    */
+    if( !db->init.busy ){
+      pTab = sqlite3SrcListLookup(pParse, pTblName);
+      if( pName2->n==0 && pTab && pTab->pSchema==db->aDb[1].pSchema ){
+        iDb = 1;
+      }
+    }
+#endif
+
+    sqlite3FixInit(&sFix, pParse, iDb, "index", pName);
+    if( sqlite3FixSrcList(&sFix, pTblName) ){
+      /* Because the parser constructs pTblName from a single identifier,
+      ** sqlite3FixSrcList can never fail. */
+      assert(0);
+    }
+    pTab = sqlite3LocateTableItem(pParse, 0, &pTblName->a[0]);
+    assert( db->mallocFailed==0 || pTab==0 );
+    if( pTab==0 ) goto exit_create_index;
+    if( iDb==1 && db->aDb[iDb].pSchema!=pTab->pSchema ){
+      sqlite3ErrorMsg(pParse, 
+           "cannot create a TEMP index on non-TEMP table \"%s\"",
+           pTab->zName);
+      goto exit_create_index;
+    }
+    if( !HasRowid(pTab) ) pPk = sqlite3PrimaryKeyIndex(pTab);
+  }else{
+    assert( pName==0 );
+    assert( pStart==0 );
+    pTab = pParse->pNewTable;
+    if( !pTab ) goto exit_create_index;
+    iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+  }
+  pDb = &db->aDb[iDb];
+
+  assert( pTab!=0 );
+  assert( pParse->nErr==0 );
+  if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 
+       && db->init.busy==0
+#if SQLITE_USER_AUTHENTICATION
+       && sqlite3UserAuthTable(pTab->zName)==0
+#endif
+       && sqlite3StrNICmp(&pTab->zName[7],"altertab_",9)!=0 ){
+    sqlite3ErrorMsg(pParse, "table %s may not be indexed", pTab->zName);
+    goto exit_create_index;
+  }
+#ifndef SQLITE_OMIT_VIEW
+  if( pTab->pSelect ){
+    sqlite3ErrorMsg(pParse, "views may not be indexed");
+    goto exit_create_index;
+  }
+#endif
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( IsVirtual(pTab) ){
+    sqlite3ErrorMsg(pParse, "virtual tables may not be indexed");
+    goto exit_create_index;
+  }
+#endif
+
+  /*
+  ** Find the name of the index.  Make sure there is not already another
+  ** index or table with the same name.  
+  **
+  ** Exception:  If we are reading the names of permanent indices from the
+  ** sqlite_master table (because some other process changed the schema) and
+  ** one of the index names collides with the name of a temporary table or
+  ** index, then we will continue to process this index.
+  **
+  ** If pName==0 it means that we are
+  ** dealing with a primary key or UNIQUE constraint.  We have to invent our
+  ** own name.
+  */
+  if( pName ){
+    zName = sqlite3NameFromToken(db, pName);
+    if( zName==0 ) goto exit_create_index;
+    assert( pName->z!=0 );
+    if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){
+      goto exit_create_index;
+    }
+    if( !db->init.busy ){
+      if( sqlite3FindTable(db, zName, 0)!=0 ){
+        sqlite3ErrorMsg(pParse, "there is already a table named %s", zName);
+        goto exit_create_index;
+      }
+    }
+    if( sqlite3FindIndex(db, zName, pDb->zName)!=0 ){
+      if( !ifNotExist ){
+        sqlite3ErrorMsg(pParse, "index %s already exists", zName);
+      }else{
+        assert( !db->init.busy );
+        sqlite3CodeVerifySchema(pParse, iDb);
+      }
+      goto exit_create_index;
+    }
+  }else{
+    int n;
+    Index *pLoop;
+    for(pLoop=pTab->pIndex, n=1; pLoop; pLoop=pLoop->pNext, n++){}
+    zName = sqlite3MPrintf(db, "sqlite_autoindex_%s_%d", pTab->zName, n);
+    if( zName==0 ){
+      goto exit_create_index;
+    }
+  }
+
+  /* Check for authorization to create an index.
+  */
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  {
+    const char *zDb = pDb->zName;
+    if( sqlite3AuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(iDb), 0, zDb) ){
+      goto exit_create_index;
+    }
+    i = SQLITE_CREATE_INDEX;
+    if( !OMIT_TEMPDB && iDb==1 ) i = SQLITE_CREATE_TEMP_INDEX;
+    if( sqlite3AuthCheck(pParse, i, zName, pTab->zName, zDb) ){
+      goto exit_create_index;
+    }
+  }
+#endif
+
+  /* If pList==0, it means this routine was called to make a primary
+  ** key out of the last column added to the table under construction.
+  ** So create a fake list to simulate this.
+  */
+  if( pList==0 ){
+    Token prevCol;
+    prevCol.z = pTab->aCol[pTab->nCol-1].zName;
+    prevCol.n = sqlite3Strlen30(prevCol.z);
+    pList = sqlite3ExprListAppend(pParse, 0,
+              sqlite3ExprAlloc(db, TK_ID, &prevCol, 0));
+    if( pList==0 ) goto exit_create_index;
+    assert( pList->nExpr==1 );
+    sqlite3ExprListSetSortOrder(pList, sortOrder);
+  }else{
+    sqlite3ExprListCheckLength(pParse, pList, "index");
+  }
+
+  /* Figure out how many bytes of space are required to store explicitly
+  ** specified collation sequence names.
+  */
+  for(i=0; i<pList->nExpr; i++){
+    Expr *pExpr = pList->a[i].pExpr;
+    assert( pExpr!=0 );
+    if( pExpr->op==TK_COLLATE ){
+      nExtra += (1 + sqlite3Strlen30(pExpr->u.zToken));
+    }
+  }
+
+  /* 
+  ** Allocate the index structure. 
+  */
+  nName = sqlite3Strlen30(zName);
+  nExtraCol = pPk ? pPk->nKeyCol : 1;
+  pIndex = sqlite3AllocateIndexObject(db, pList->nExpr + nExtraCol,
+                                      nName + nExtra + 1, &zExtra);
+  if( db->mallocFailed ){
+    goto exit_create_index;
+  }
+  assert( EIGHT_BYTE_ALIGNMENT(pIndex->aiRowLogEst) );
+  assert( EIGHT_BYTE_ALIGNMENT(pIndex->azColl) );
+  pIndex->zName = zExtra;
+  zExtra += nName + 1;
+  memcpy(pIndex->zName, zName, nName+1);
+  pIndex->pTable = pTab;
+  pIndex->onError = (u8)onError;
+  pIndex->uniqNotNull = onError!=OE_None;
+  pIndex->idxType = pName ? SQLITE_IDXTYPE_APPDEF : SQLITE_IDXTYPE_UNIQUE;
+  pIndex->pSchema = db->aDb[iDb].pSchema;
+  pIndex->nKeyCol = pList->nExpr;
+  if( pPIWhere ){
+    sqlite3ResolveSelfReference(pParse, pTab, NC_PartIdx, pPIWhere, 0);
+    pIndex->pPartIdxWhere = pPIWhere;
+    pPIWhere = 0;
+  }
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+
+  /* Check to see if we should honor DESC requests on index columns
+  */
+  if( pDb->pSchema->file_format>=4 ){
+    sortOrderMask = -1;   /* Honor DESC */
+  }else{
+    sortOrderMask = 0;    /* Ignore DESC */
+  }
+
+  /* Analyze the list of expressions that form the terms of the index and
+  ** report any errors.  In the common case where the expression is exactly
+  ** a table column, store that column in aiColumn[].  For general expressions,
+  ** populate pIndex->aColExpr and store XN_EXPR (-2) in aiColumn[].
+  **
+  ** TODO: Issue a warning if two or more columns of the index are identical.
+  ** TODO: Issue a warning if the table primary key is used as part of the
+  ** index key.
+  */
+  for(i=0, pListItem=pList->a; i<pList->nExpr; i++, pListItem++){
+    Expr *pCExpr;                  /* The i-th index expression */
+    int requestedSortOrder;        /* ASC or DESC on the i-th expression */
+    const char *zColl;             /* Collation sequence name */
+
+    sqlite3StringToId(pListItem->pExpr);
+    sqlite3ResolveSelfReference(pParse, pTab, NC_IdxExpr, pListItem->pExpr, 0);
+    if( pParse->nErr ) goto exit_create_index;
+    pCExpr = sqlite3ExprSkipCollate(pListItem->pExpr);
+    if( pCExpr->op!=TK_COLUMN ){
+      if( pTab==pParse->pNewTable ){
+        sqlite3ErrorMsg(pParse, "expressions prohibited in PRIMARY KEY and "
+                                "UNIQUE constraints");
+        goto exit_create_index;
+      }
+      if( pIndex->aColExpr==0 ){
+        ExprList *pCopy = sqlite3ExprListDup(db, pList, 0);
+        pIndex->aColExpr = pCopy;
+        if( !db->mallocFailed ){
+          assert( pCopy!=0 );
+          pListItem = &pCopy->a[i];
+        }
+      }
+      j = XN_EXPR;
+      pIndex->aiColumn[i] = XN_EXPR;
+      pIndex->uniqNotNull = 0;
+    }else{
+      j = pCExpr->iColumn;
+      assert( j<=0x7fff );
+      if( j<0 ){
+        j = pTab->iPKey;
+      }else if( pTab->aCol[j].notNull==0 ){
+        pIndex->uniqNotNull = 0;
+      }
+      pIndex->aiColumn[i] = (i16)j;
+    }
+    zColl = 0;
+    if( pListItem->pExpr->op==TK_COLLATE ){
+      int nColl;
+      zColl = pListItem->pExpr->u.zToken;
+      nColl = sqlite3Strlen30(zColl) + 1;
+      assert( nExtra>=nColl );
+      memcpy(zExtra, zColl, nColl);
+      zColl = zExtra;
+      zExtra += nColl;
+      nExtra -= nColl;
+    }else if( j>=0 ){
+      zColl = pTab->aCol[j].zColl;
+    }
+    if( !zColl ) zColl = sqlite3StrBINARY;
+    if( !db->init.busy && !sqlite3LocateCollSeq(pParse, zColl) ){
+      goto exit_create_index;
+    }
+    pIndex->azColl[i] = zColl;
+    requestedSortOrder = pListItem->sortOrder & sortOrderMask;
+    pIndex->aSortOrder[i] = (u8)requestedSortOrder;
+  }
+
+  /* Append the table key to the end of the index.  For WITHOUT ROWID
+  ** tables (when pPk!=0) this will be the declared PRIMARY KEY.  For
+  ** normal tables (when pPk==0) this will be the rowid.
+  */
+  if( pPk ){
+    for(j=0; j<pPk->nKeyCol; j++){
+      int x = pPk->aiColumn[j];
+      assert( x>=0 );
+      if( hasColumn(pIndex->aiColumn, pIndex->nKeyCol, x) ){
+        pIndex->nColumn--; 
+      }else{
+        pIndex->aiColumn[i] = x;
+        pIndex->azColl[i] = pPk->azColl[j];
+        pIndex->aSortOrder[i] = pPk->aSortOrder[j];
+        i++;
+      }
+    }
+    assert( i==pIndex->nColumn );
+  }else{
+    pIndex->aiColumn[i] = XN_ROWID;
+    pIndex->azColl[i] = sqlite3StrBINARY;
+  }
+  sqlite3DefaultRowEst(pIndex);
+  if( pParse->pNewTable==0 ) estimateIndexWidth(pIndex);
+
+  if( pTab==pParse->pNewTable ){
+    /* This routine has been called to create an automatic index as a
+    ** result of a PRIMARY KEY or UNIQUE clause on a column definition, or
+    ** a PRIMARY KEY or UNIQUE clause following the column definitions.
+    ** i.e. one of:
+    **
+    ** CREATE TABLE t(x PRIMARY KEY, y);
+    ** CREATE TABLE t(x, y, UNIQUE(x, y));
+    **
+    ** Either way, check to see if the table already has such an index. If
+    ** so, don't bother creating this one. This only applies to
+    ** automatically created indices. Users can do as they wish with
+    ** explicit indices.
+    **
+    ** Two UNIQUE or PRIMARY KEY constraints are considered equivalent
+    ** (and thus suppressing the second one) even if they have different
+    ** sort orders.
+    **
+    ** If there are different collating sequences or if the columns of
+    ** the constraint occur in different orders, then the constraints are
+    ** considered distinct and both result in separate indices.
+    */
+    Index *pIdx;
+    for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+      int k;
+      assert( IsUniqueIndex(pIdx) );
+      assert( pIdx->idxType!=SQLITE_IDXTYPE_APPDEF );
+      assert( IsUniqueIndex(pIndex) );
+
+      if( pIdx->nKeyCol!=pIndex->nKeyCol ) continue;
+      for(k=0; k<pIdx->nKeyCol; k++){
+        const char *z1;
+        const char *z2;
+        assert( pIdx->aiColumn[k]>=0 );
+        if( pIdx->aiColumn[k]!=pIndex->aiColumn[k] ) break;
+        z1 = pIdx->azColl[k];
+        z2 = pIndex->azColl[k];
+        if( z1!=z2 && sqlite3StrICmp(z1, z2) ) break;
+      }
+      if( k==pIdx->nKeyCol ){
+        if( pIdx->onError!=pIndex->onError ){
+          /* This constraint creates the same index as a previous
+          ** constraint specified somewhere in the CREATE TABLE statement.
+          ** However the ON CONFLICT clauses are different. If both this 
+          ** constraint and the previous equivalent constraint have explicit
+          ** ON CONFLICT clauses this is an error. Otherwise, use the
+          ** explicitly specified behavior for the index.
+          */
+          if( !(pIdx->onError==OE_Default || pIndex->onError==OE_Default) ){
+            sqlite3ErrorMsg(pParse, 
+                "conflicting ON CONFLICT clauses specified", 0);
+          }
+          if( pIdx->onError==OE_Default ){
+            pIdx->onError = pIndex->onError;
+          }
+        }
+        pRet = pIdx;
+        goto exit_create_index;
+      }
+    }
+  }
+
+  /* Link the new Index structure to its table and to the other
+  ** in-memory database structures. 
+  */
+  assert( pParse->nErr==0 );
+  if( db->init.busy ){
+    Index *p;
+    assert( sqlite3SchemaMutexHeld(db, 0, pIndex->pSchema) );
+    p = sqlite3HashInsert(&pIndex->pSchema->idxHash, 
+                          pIndex->zName, pIndex);
+    if( p ){
+      assert( p==pIndex );  /* Malloc must have failed */
+      db->mallocFailed = 1;
+      goto exit_create_index;
+    }
+    db->flags |= SQLITE_InternChanges;
+    if( pTblName!=0 ){
+      pIndex->tnum = db->init.newTnum;
+    }
+  }
+
+  /* If this is the initial CREATE INDEX statement (or CREATE TABLE if the
+  ** index is an implied index for a UNIQUE or PRIMARY KEY constraint) then
+  ** emit code to allocate the index rootpage on disk and make an entry for
+  ** the index in the sqlite_master table and populate the index with
+  ** content.  But, do not do this if we are simply reading the sqlite_master
+  ** table to parse the schema, or if this index is the PRIMARY KEY index
+  ** of a WITHOUT ROWID table.
+  **
+  ** If pTblName==0 it means this index is generated as an implied PRIMARY KEY
+  ** or UNIQUE index in a CREATE TABLE statement.  Since the table
+  ** has just been created, it contains no data and the index initialization
+  ** step can be skipped.
+  */
+  else if( HasRowid(pTab) || pTblName!=0 ){
+    Vdbe *v;
+    char *zStmt;
+    int iMem = ++pParse->nMem;
+
+    v = sqlite3GetVdbe(pParse);
+    if( v==0 ) goto exit_create_index;
+
+    sqlite3BeginWriteOperation(pParse, 1, iDb);
+
+    /* Create the rootpage for the index using CreateIndex. But before
+    ** doing so, code a Noop instruction and store its address in 
+    ** Index.tnum. This is required in case this index is actually a 
+    ** PRIMARY KEY and the table is actually a WITHOUT ROWID table. In 
+    ** that case the convertToWithoutRowidTable() routine will replace
+    ** the Noop with a Goto to jump over the VDBE code generated below. */
+    pIndex->tnum = sqlite3VdbeAddOp0(v, OP_Noop);
+    sqlite3VdbeAddOp2(v, OP_CreateIndex, iDb, iMem);
+
+    /* Gather the complete text of the CREATE INDEX statement into
+    ** the zStmt variable
+    */
+    if( pStart ){
+      int n = (int)(pParse->sLastToken.z - pName->z) + pParse->sLastToken.n;
+      if( pName->z[n-1]==';' ) n--;
+      /* A named index with an explicit CREATE INDEX statement */
+      zStmt = sqlite3MPrintf(db, "CREATE%s INDEX %.*s",
+        onError==OE_None ? "" : " UNIQUE", n, pName->z);
+    }else{
+      /* An automatic index created by a PRIMARY KEY or UNIQUE constraint */
+      /* zStmt = sqlite3MPrintf(""); */
+      zStmt = 0;
+    }
+
+    /* Add an entry in sqlite_master for this index
+    */
+    sqlite3NestedParse(pParse, 
+        "INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);",
+        db->aDb[iDb].zName, SCHEMA_TABLE(iDb),
+        pIndex->zName,
+        pTab->zName,
+        iMem,
+        zStmt
+    );
+    sqlite3DbFree(db, zStmt);
+
+    /* Fill the index with data and reparse the schema. Code an OP_Expire
+    ** to invalidate all pre-compiled statements.
+    */
+    if( pTblName ){
+      sqlite3RefillIndex(pParse, pIndex, iMem);
+      sqlite3ChangeCookie(pParse, iDb);
+      sqlite3VdbeAddParseSchemaOp(v, iDb,
+         sqlite3MPrintf(db, "name='%q' AND type='index'", pIndex->zName));
+      sqlite3VdbeAddOp1(v, OP_Expire, 0);
+    }
+
+    sqlite3VdbeJumpHere(v, pIndex->tnum);
+  }
+
+  /* When adding an index to the list of indices for a table, make
+  ** sure all indices labeled OE_Replace come after all those labeled
+  ** OE_Ignore.  This is necessary for the correct constraint check
+  ** processing (in sqlite3GenerateConstraintChecks()) as part of
+  ** UPDATE and INSERT statements.  
+  */
+  if( db->init.busy || pTblName==0 ){
+    if( onError!=OE_Replace || pTab->pIndex==0
+         || pTab->pIndex->onError==OE_Replace){
+      pIndex->pNext = pTab->pIndex;
+      pTab->pIndex = pIndex;
+    }else{
+      Index *pOther = pTab->pIndex;
+      while( pOther->pNext && pOther->pNext->onError!=OE_Replace ){
+        pOther = pOther->pNext;
+      }
+      pIndex->pNext = pOther->pNext;
+      pOther->pNext = pIndex;
+    }
+    pRet = pIndex;
+    pIndex = 0;
+  }
+
+  /* Clean up before exiting */
+exit_create_index:
+  if( pIndex ) freeIndex(db, pIndex);
+  sqlite3ExprDelete(db, pPIWhere);
+  sqlite3ExprListDelete(db, pList);
+  sqlite3SrcListDelete(db, pTblName);
+  sqlite3DbFree(db, zName);
+  return pRet;
+}
+
+/*
+** Fill the Index.aiRowEst[] array with default information - information
+** to be used when we have not run the ANALYZE command.
+**
+** aiRowEst[0] is supposed to contain the number of elements in the index.
+** Since we do not know, guess 1 million.  aiRowEst[1] is an estimate of the
+** number of rows in the table that match any particular value of the
+** first column of the index.  aiRowEst[2] is an estimate of the number
+** of rows that match any particular combination of the first 2 columns
+** of the index.  And so forth.  It must always be the case that
+*
+**           aiRowEst[N]<=aiRowEst[N-1]
+**           aiRowEst[N]>=1
+**
+** Apart from that, we have little to go on besides intuition as to
+** how aiRowEst[] should be initialized.  The numbers generated here
+** are based on typical values found in actual indices.
+*/
+SQLITE_PRIVATE void sqlite3DefaultRowEst(Index *pIdx){
+  /*                10,  9,  8,  7,  6 */
+  LogEst aVal[] = { 33, 32, 30, 28, 26 };
+  LogEst *a = pIdx->aiRowLogEst;
+  int nCopy = MIN(ArraySize(aVal), pIdx->nKeyCol);
+  int i;
+
+  /* Set the first entry (number of rows in the index) to the estimated 
+  ** number of rows in the table. Or 10, if the estimated number of rows 
+  ** in the table is less than that.  */
+  a[0] = pIdx->pTable->nRowLogEst;
+  if( a[0]<33 ) a[0] = 33;        assert( 33==sqlite3LogEst(10) );
+
+  /* Estimate that a[1] is 10, a[2] is 9, a[3] is 8, a[4] is 7, a[5] is
+  ** 6 and each subsequent value (if any) is 5.  */
+  memcpy(&a[1], aVal, nCopy*sizeof(LogEst));
+  for(i=nCopy+1; i<=pIdx->nKeyCol; i++){
+    a[i] = 23;                    assert( 23==sqlite3LogEst(5) );
+  }
+
+  assert( 0==sqlite3LogEst(1) );
+  if( IsUniqueIndex(pIdx) ) a[pIdx->nKeyCol] = 0;
+}
+
+/*
+** This routine will drop an existing named index.  This routine
+** implements the DROP INDEX statement.
+*/
+SQLITE_PRIVATE void sqlite3DropIndex(Parse *pParse, SrcList *pName, int ifExists){
+  Index *pIndex;
+  Vdbe *v;
+  sqlite3 *db = pParse->db;
+  int iDb;
+
+  assert( pParse->nErr==0 );   /* Never called with prior errors */
+  if( db->mallocFailed ){
+    goto exit_drop_index;
+  }
+  assert( pName->nSrc==1 );
+  if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
+    goto exit_drop_index;
+  }
+  pIndex = sqlite3FindIndex(db, pName->a[0].zName, pName->a[0].zDatabase);
+  if( pIndex==0 ){
+    if( !ifExists ){
+      sqlite3ErrorMsg(pParse, "no such index: %S", pName, 0);
+    }else{
+      sqlite3CodeVerifyNamedSchema(pParse, pName->a[0].zDatabase);
+    }
+    pParse->checkSchema = 1;
+    goto exit_drop_index;
+  }
+  if( pIndex->idxType!=SQLITE_IDXTYPE_APPDEF ){
+    sqlite3ErrorMsg(pParse, "index associated with UNIQUE "
+      "or PRIMARY KEY constraint cannot be dropped", 0);
+    goto exit_drop_index;
+  }
+  iDb = sqlite3SchemaToIndex(db, pIndex->pSchema);
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  {
+    int code = SQLITE_DROP_INDEX;
+    Table *pTab = pIndex->pTable;
+    const char *zDb = db->aDb[iDb].zName;
+    const char *zTab = SCHEMA_TABLE(iDb);
+    if( sqlite3AuthCheck(pParse, SQLITE_DELETE, zTab, 0, zDb) ){
+      goto exit_drop_index;
+    }
+    if( !OMIT_TEMPDB && iDb ) code = SQLITE_DROP_TEMP_INDEX;
+    if( sqlite3AuthCheck(pParse, code, pIndex->zName, pTab->zName, zDb) ){
+      goto exit_drop_index;
+    }
+  }
+#endif
+
+  /* Generate code to remove the index and from the master table */
+  v = sqlite3GetVdbe(pParse);
+  if( v ){
+    sqlite3BeginWriteOperation(pParse, 1, iDb);
+    sqlite3NestedParse(pParse,
+       "DELETE FROM %Q.%s WHERE name=%Q AND type='index'",
+       db->aDb[iDb].zName, SCHEMA_TABLE(iDb), pIndex->zName
+    );
+    sqlite3ClearStatTables(pParse, iDb, "idx", pIndex->zName);
+    sqlite3ChangeCookie(pParse, iDb);
+    destroyRootPage(pParse, pIndex->tnum, iDb);
+    sqlite3VdbeAddOp4(v, OP_DropIndex, iDb, 0, 0, pIndex->zName, 0);
+  }
+
+exit_drop_index:
+  sqlite3SrcListDelete(db, pName);
+}
+
+/*
+** pArray is a pointer to an array of objects. Each object in the
+** array is szEntry bytes in size. This routine uses sqlite3DbRealloc()
+** to extend the array so that there is space for a new object at the end.
+**
+** When this function is called, *pnEntry contains the current size of
+** the array (in entries - so the allocation is ((*pnEntry) * szEntry) bytes
+** in total).
+**
+** If the realloc() is successful (i.e. if no OOM condition occurs), the
+** space allocated for the new object is zeroed, *pnEntry updated to
+** reflect the new size of the array and a pointer to the new allocation
+** returned. *pIdx is set to the index of the new array entry in this case.
+**
+** Otherwise, if the realloc() fails, *pIdx is set to -1, *pnEntry remains
+** unchanged and a copy of pArray returned.
+*/
+SQLITE_PRIVATE void *sqlite3ArrayAllocate(
+  sqlite3 *db,      /* Connection to notify of malloc failures */
+  void *pArray,     /* Array of objects.  Might be reallocated */
+  int szEntry,      /* Size of each object in the array */
+  int *pnEntry,     /* Number of objects currently in use */
+  int *pIdx         /* Write the index of a new slot here */
+){
+  char *z;
+  int n = *pnEntry;
+  if( (n & (n-1))==0 ){
+    int sz = (n==0) ? 1 : 2*n;
+    void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry);
+    if( pNew==0 ){
+      *pIdx = -1;
+      return pArray;
+    }
+    pArray = pNew;
+  }
+  z = (char*)pArray;
+  memset(&z[n * szEntry], 0, szEntry);
+  *pIdx = n;
+  ++*pnEntry;
+  return pArray;
+}
+
+/*
+** Append a new element to the given IdList.  Create a new IdList if
+** need be.
+**
+** A new IdList is returned, or NULL if malloc() fails.
+*/
+SQLITE_PRIVATE IdList *sqlite3IdListAppend(sqlite3 *db, IdList *pList, Token *pToken){
+  int i;
+  if( pList==0 ){
+    pList = sqlite3DbMallocZero(db, sizeof(IdList) );
+    if( pList==0 ) return 0;
+  }
+  pList->a = sqlite3ArrayAllocate(
+      db,
+      pList->a,
+      sizeof(pList->a[0]),
+      &pList->nId,
+      &i
+  );
+  if( i<0 ){
+    sqlite3IdListDelete(db, pList);
+    return 0;
+  }
+  pList->a[i].zName = sqlite3NameFromToken(db, pToken);
+  return pList;
+}
+
+/*
+** Delete an IdList.
+*/
+SQLITE_PRIVATE void sqlite3IdListDelete(sqlite3 *db, IdList *pList){
+  int i;
+  if( pList==0 ) return;
+  for(i=0; i<pList->nId; i++){
+    sqlite3DbFree(db, pList->a[i].zName);
+  }
+  sqlite3DbFree(db, pList->a);
+  sqlite3DbFree(db, pList);
+}
+
+/*
+** Return the index in pList of the identifier named zId.  Return -1
+** if not found.
+*/
+SQLITE_PRIVATE int sqlite3IdListIndex(IdList *pList, const char *zName){
+  int i;
+  if( pList==0 ) return -1;
+  for(i=0; i<pList->nId; i++){
+    if( sqlite3StrICmp(pList->a[i].zName, zName)==0 ) return i;
+  }
+  return -1;
+}
+
+/*
+** Expand the space allocated for the given SrcList object by
+** creating nExtra new slots beginning at iStart.  iStart is zero based.
+** New slots are zeroed.
+**
+** For example, suppose a SrcList initially contains two entries: A,B.
+** To append 3 new entries onto the end, do this:
+**
+**    sqlite3SrcListEnlarge(db, pSrclist, 3, 2);
+**
+** After the call above it would contain:  A, B, nil, nil, nil.
+** If the iStart argument had been 1 instead of 2, then the result
+** would have been:  A, nil, nil, nil, B.  To prepend the new slots,
+** the iStart value would be 0.  The result then would
+** be: nil, nil, nil, A, B.
+**
+** If a memory allocation fails the SrcList is unchanged.  The
+** db->mallocFailed flag will be set to true.
+*/
+SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(
+  sqlite3 *db,       /* Database connection to notify of OOM errors */
+  SrcList *pSrc,     /* The SrcList to be enlarged */
+  int nExtra,        /* Number of new slots to add to pSrc->a[] */
+  int iStart         /* Index in pSrc->a[] of first new slot */
+){
+  int i;
+
+  /* Sanity checking on calling parameters */
+  assert( iStart>=0 );
+  assert( nExtra>=1 );
+  assert( pSrc!=0 );
+  assert( iStart<=pSrc->nSrc );
+
+  /* Allocate additional space if needed */
+  if( (u32)pSrc->nSrc+nExtra>pSrc->nAlloc ){
+    SrcList *pNew;
+    int nAlloc = pSrc->nSrc+nExtra;
+    int nGot;
+    pNew = sqlite3DbRealloc(db, pSrc,
+               sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) );
+    if( pNew==0 ){
+      assert( db->mallocFailed );
+      return pSrc;
+    }
+    pSrc = pNew;
+    nGot = (sqlite3DbMallocSize(db, pNew) - sizeof(*pSrc))/sizeof(pSrc->a[0])+1;
+    pSrc->nAlloc = nGot;
+  }
+
+  /* Move existing slots that come after the newly inserted slots
+  ** out of the way */
+  for(i=pSrc->nSrc-1; i>=iStart; i--){
+    pSrc->a[i+nExtra] = pSrc->a[i];
+  }
+  pSrc->nSrc += nExtra;
+
+  /* Zero the newly allocated slots */
+  memset(&pSrc->a[iStart], 0, sizeof(pSrc->a[0])*nExtra);
+  for(i=iStart; i<iStart+nExtra; i++){
+    pSrc->a[i].iCursor = -1;
+  }
+
+  /* Return a pointer to the enlarged SrcList */
+  return pSrc;
+}
+
+
+/*
+** Append a new table name to the given SrcList.  Create a new SrcList if
+** need be.  A new entry is created in the SrcList even if pTable is NULL.
+**
+** A SrcList is returned, or NULL if there is an OOM error.  The returned
+** SrcList might be the same as the SrcList that was input or it might be
+** a new one.  If an OOM error does occurs, then the prior value of pList
+** that is input to this routine is automatically freed.
+**
+** If pDatabase is not null, it means that the table has an optional
+** database name prefix.  Like this:  "database.table".  The pDatabase
+** points to the table name and the pTable points to the database name.
+** The SrcList.a[].zName field is filled with the table name which might
+** come from pTable (if pDatabase is NULL) or from pDatabase.  
+** SrcList.a[].zDatabase is filled with the database name from pTable,
+** or with NULL if no database is specified.
+**
+** In other words, if call like this:
+**
+**         sqlite3SrcListAppend(D,A,B,0);
+**
+** Then B is a table name and the database name is unspecified.  If called
+** like this:
+**
+**         sqlite3SrcListAppend(D,A,B,C);
+**
+** Then C is the table name and B is the database name.  If C is defined
+** then so is B.  In other words, we never have a case where:
+**
+**         sqlite3SrcListAppend(D,A,0,C);
+**
+** Both pTable and pDatabase are assumed to be quoted.  They are dequoted
+** before being added to the SrcList.
+*/
+SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(
+  sqlite3 *db,        /* Connection to notify of malloc failures */
+  SrcList *pList,     /* Append to this SrcList. NULL creates a new SrcList */
+  Token *pTable,      /* Table to append */
+  Token *pDatabase    /* Database of the table */
+){
+  struct SrcList_item *pItem;
+  assert( pDatabase==0 || pTable!=0 );  /* Cannot have C without B */
+  if( pList==0 ){
+    pList = sqlite3DbMallocZero(db, sizeof(SrcList) );
+    if( pList==0 ) return 0;
+    pList->nAlloc = 1;
+  }
+  pList = sqlite3SrcListEnlarge(db, pList, 1, pList->nSrc);
+  if( db->mallocFailed ){
+    sqlite3SrcListDelete(db, pList);
+    return 0;
+  }
+  pItem = &pList->a[pList->nSrc-1];
+  if( pDatabase && pDatabase->z==0 ){
+    pDatabase = 0;
+  }
+  if( pDatabase ){
+    Token *pTemp = pDatabase;
+    pDatabase = pTable;
+    pTable = pTemp;
+  }
+  pItem->zName = sqlite3NameFromToken(db, pTable);
+  pItem->zDatabase = sqlite3NameFromToken(db, pDatabase);
+  return pList;
+}
+
+/*
+** Assign VdbeCursor index numbers to all tables in a SrcList
+*/
+SQLITE_PRIVATE void sqlite3SrcListAssignCursors(Parse *pParse, SrcList *pList){
+  int i;
+  struct SrcList_item *pItem;
+  assert(pList || pParse->db->mallocFailed );
+  if( pList ){
+    for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
+      if( pItem->iCursor>=0 ) break;
+      pItem->iCursor = pParse->nTab++;
+      if( pItem->pSelect ){
+        sqlite3SrcListAssignCursors(pParse, pItem->pSelect->pSrc);
+      }
+    }
+  }
+}
+
+/*
+** Delete an entire SrcList including all its substructure.
+*/
+SQLITE_PRIVATE void sqlite3SrcListDelete(sqlite3 *db, SrcList *pList){
+  int i;
+  struct SrcList_item *pItem;
+  if( pList==0 ) return;
+  for(pItem=pList->a, i=0; i<pList->nSrc; i++, pItem++){
+    sqlite3DbFree(db, pItem->zDatabase);
+    sqlite3DbFree(db, pItem->zName);
+    sqlite3DbFree(db, pItem->zAlias);
+    if( pItem->fg.isIndexedBy ) sqlite3DbFree(db, pItem->u1.zIndexedBy);
+    if( pItem->fg.isTabFunc ) sqlite3ExprListDelete(db, pItem->u1.pFuncArg);
+    sqlite3DeleteTable(db, pItem->pTab);
+    sqlite3SelectDelete(db, pItem->pSelect);
+    sqlite3ExprDelete(db, pItem->pOn);
+    sqlite3IdListDelete(db, pItem->pUsing);
+  }
+  sqlite3DbFree(db, pList);
+}
+
+/*
+** This routine is called by the parser to add a new term to the
+** end of a growing FROM clause.  The "p" parameter is the part of
+** the FROM clause that has already been constructed.  "p" is NULL
+** if this is the first term of the FROM clause.  pTable and pDatabase
+** are the name of the table and database named in the FROM clause term.
+** pDatabase is NULL if the database name qualifier is missing - the
+** usual case.  If the term has an alias, then pAlias points to the
+** alias token.  If the term is a subquery, then pSubquery is the
+** SELECT statement that the subquery encodes.  The pTable and
+** pDatabase parameters are NULL for subqueries.  The pOn and pUsing
+** parameters are the content of the ON and USING clauses.
+**
+** Return a new SrcList which encodes is the FROM with the new
+** term added.
+*/
+SQLITE_PRIVATE SrcList *sqlite3SrcListAppendFromTerm(
+  Parse *pParse,          /* Parsing context */
+  SrcList *p,             /* The left part of the FROM clause already seen */
+  Token *pTable,          /* Name of the table to add to the FROM clause */
+  Token *pDatabase,       /* Name of the database containing pTable */
+  Token *pAlias,          /* The right-hand side of the AS subexpression */
+  Select *pSubquery,      /* A subquery used in place of a table name */
+  Expr *pOn,              /* The ON clause of a join */
+  IdList *pUsing          /* The USING clause of a join */
+){
+  struct SrcList_item *pItem;
+  sqlite3 *db = pParse->db;
+  if( !p && (pOn || pUsing) ){
+    sqlite3ErrorMsg(pParse, "a JOIN clause is required before %s", 
+      (pOn ? "ON" : "USING")
+    );
+    goto append_from_error;
+  }
+  p = sqlite3SrcListAppend(db, p, pTable, pDatabase);
+  if( p==0 || NEVER(p->nSrc==0) ){
+    goto append_from_error;
+  }
+  pItem = &p->a[p->nSrc-1];
+  assert( pAlias!=0 );
+  if( pAlias->n ){
+    pItem->zAlias = sqlite3NameFromToken(db, pAlias);
+  }
+  pItem->pSelect = pSubquery;
+  pItem->pOn = pOn;
+  pItem->pUsing = pUsing;
+  return p;
+
+ append_from_error:
+  assert( p==0 );
+  sqlite3ExprDelete(db, pOn);
+  sqlite3IdListDelete(db, pUsing);
+  sqlite3SelectDelete(db, pSubquery);
+  return 0;
+}
+
+/*
+** Add an INDEXED BY or NOT INDEXED clause to the most recently added 
+** element of the source-list passed as the second argument.
+*/
+SQLITE_PRIVATE void sqlite3SrcListIndexedBy(Parse *pParse, SrcList *p, Token *pIndexedBy){
+  assert( pIndexedBy!=0 );
+  if( p && ALWAYS(p->nSrc>0) ){
+    struct SrcList_item *pItem = &p->a[p->nSrc-1];
+    assert( pItem->fg.notIndexed==0 );
+    assert( pItem->fg.isIndexedBy==0 );
+    assert( pItem->fg.isTabFunc==0 );
+    if( pIndexedBy->n==1 && !pIndexedBy->z ){
+      /* A "NOT INDEXED" clause was supplied. See parse.y 
+      ** construct "indexed_opt" for details. */
+      pItem->fg.notIndexed = 1;
+    }else{
+      pItem->u1.zIndexedBy = sqlite3NameFromToken(pParse->db, pIndexedBy);
+      pItem->fg.isIndexedBy = (pItem->u1.zIndexedBy!=0);
+    }
+  }
+}
+
+/*
+** Add the list of function arguments to the SrcList entry for a
+** table-valued-function.
+*/
+SQLITE_PRIVATE void sqlite3SrcListFuncArgs(Parse *pParse, SrcList *p, ExprList *pList){
+  if( p ){
+    struct SrcList_item *pItem = &p->a[p->nSrc-1];
+    assert( pItem->fg.notIndexed==0 );
+    assert( pItem->fg.isIndexedBy==0 );
+    assert( pItem->fg.isTabFunc==0 );
+    pItem->u1.pFuncArg = pList;
+    pItem->fg.isTabFunc = 1;
+  }else{
+    sqlite3ExprListDelete(pParse->db, pList);
+  }
+}
+
+/*
+** When building up a FROM clause in the parser, the join operator
+** is initially attached to the left operand.  But the code generator
+** expects the join operator to be on the right operand.  This routine
+** Shifts all join operators from left to right for an entire FROM
+** clause.
+**
+** Example: Suppose the join is like this:
+**
+**           A natural cross join B
+**
+** The operator is "natural cross join".  The A and B operands are stored
+** in p->a[0] and p->a[1], respectively.  The parser initially stores the
+** operator with A.  This routine shifts that operator over to B.
+*/
+SQLITE_PRIVATE void sqlite3SrcListShiftJoinType(SrcList *p){
+  if( p ){
+    int i;
+    for(i=p->nSrc-1; i>0; i--){
+      p->a[i].fg.jointype = p->a[i-1].fg.jointype;
+    }
+    p->a[0].fg.jointype = 0;
+  }
+}
+
+/*
+** Begin a transaction
+*/
+SQLITE_PRIVATE void sqlite3BeginTransaction(Parse *pParse, int type){
+  sqlite3 *db;
+  Vdbe *v;
+  int i;
+
+  assert( pParse!=0 );
+  db = pParse->db;
+  assert( db!=0 );
+/*  if( db->aDb[0].pBt==0 ) return; */
+  if( sqlite3AuthCheck(pParse, SQLITE_TRANSACTION, "BEGIN", 0, 0) ){
+    return;
+  }
+  v = sqlite3GetVdbe(pParse);
+  if( !v ) return;
+  if( type!=TK_DEFERRED ){
+    for(i=0; i<db->nDb; i++){
+      sqlite3VdbeAddOp2(v, OP_Transaction, i, (type==TK_EXCLUSIVE)+1);
+      sqlite3VdbeUsesBtree(v, i);
+    }
+  }
+  sqlite3VdbeAddOp2(v, OP_AutoCommit, 0, 0);
+}
+
+/*
+** Commit a transaction
+*/
+SQLITE_PRIVATE void sqlite3CommitTransaction(Parse *pParse){
+  Vdbe *v;
+
+  assert( pParse!=0 );
+  assert( pParse->db!=0 );
+  if( sqlite3AuthCheck(pParse, SQLITE_TRANSACTION, "COMMIT", 0, 0) ){
+    return;
+  }
+  v = sqlite3GetVdbe(pParse);
+  if( v ){
+    sqlite3VdbeAddOp2(v, OP_AutoCommit, 1, 0);
+  }
+}
+
+/*
+** Rollback a transaction
+*/
+SQLITE_PRIVATE void sqlite3RollbackTransaction(Parse *pParse){
+  Vdbe *v;
+
+  assert( pParse!=0 );
+  assert( pParse->db!=0 );
+  if( sqlite3AuthCheck(pParse, SQLITE_TRANSACTION, "ROLLBACK", 0, 0) ){
+    return;
+  }
+  v = sqlite3GetVdbe(pParse);
+  if( v ){
+    sqlite3VdbeAddOp2(v, OP_AutoCommit, 1, 1);
+  }
+}
+
+/*
+** This function is called by the parser when it parses a command to create,
+** release or rollback an SQL savepoint. 
+*/
+SQLITE_PRIVATE void sqlite3Savepoint(Parse *pParse, int op, Token *pName){
+  char *zName = sqlite3NameFromToken(pParse->db, pName);
+  if( zName ){
+    Vdbe *v = sqlite3GetVdbe(pParse);
+#ifndef SQLITE_OMIT_AUTHORIZATION
+    static const char * const az[] = { "BEGIN", "RELEASE", "ROLLBACK" };
+    assert( !SAVEPOINT_BEGIN && SAVEPOINT_RELEASE==1 && SAVEPOINT_ROLLBACK==2 );
+#endif
+    if( !v || sqlite3AuthCheck(pParse, SQLITE_SAVEPOINT, az[op], zName, 0) ){
+      sqlite3DbFree(pParse->db, zName);
+      return;
+    }
+    sqlite3VdbeAddOp4(v, OP_Savepoint, op, 0, 0, zName, P4_DYNAMIC);
+  }
+}
+
+/*
+** Make sure the TEMP database is open and available for use.  Return
+** the number of errors.  Leave any error messages in the pParse structure.
+*/
+SQLITE_PRIVATE int sqlite3OpenTempDatabase(Parse *pParse){
+  sqlite3 *db = pParse->db;
+  if( db->aDb[1].pBt==0 && !pParse->explain ){
+    int rc;
+    Btree *pBt;
+    static const int flags = 
+          SQLITE_OPEN_READWRITE |
+          SQLITE_OPEN_CREATE |
+          SQLITE_OPEN_EXCLUSIVE |
+          SQLITE_OPEN_DELETEONCLOSE |
+          SQLITE_OPEN_TEMP_DB;
+
+    rc = sqlite3BtreeOpen(db->pVfs, 0, db, &pBt, 0, flags);
+    if( rc!=SQLITE_OK ){
+      sqlite3ErrorMsg(pParse, "unable to open a temporary database "
+        "file for storing temporary tables");
+      pParse->rc = rc;
+      return 1;
+    }
+    db->aDb[1].pBt = pBt;
+    assert( db->aDb[1].pSchema );
+    if( SQLITE_NOMEM==sqlite3BtreeSetPageSize(pBt, db->nextPagesize, -1, 0) ){
+      db->mallocFailed = 1;
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** Record the fact that the schema cookie will need to be verified
+** for database iDb.  The code to actually verify the schema cookie
+** will occur at the end of the top-level VDBE and will be generated
+** later, by sqlite3FinishCoding().
+*/
+SQLITE_PRIVATE void sqlite3CodeVerifySchema(Parse *pParse, int iDb){
+  Parse *pToplevel = sqlite3ParseToplevel(pParse);
+  sqlite3 *db = pToplevel->db;
+
+  assert( iDb>=0 && iDb<db->nDb );
+  assert( db->aDb[iDb].pBt!=0 || iDb==1 );
+  assert( iDb<SQLITE_MAX_ATTACHED+2 );
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  if( DbMaskTest(pToplevel->cookieMask, iDb)==0 ){
+    DbMaskSet(pToplevel->cookieMask, iDb);
+    pToplevel->cookieValue[iDb] = db->aDb[iDb].pSchema->schema_cookie;
+    if( !OMIT_TEMPDB && iDb==1 ){
+      sqlite3OpenTempDatabase(pToplevel);
+    }
+  }
+}
+
+/*
+** If argument zDb is NULL, then call sqlite3CodeVerifySchema() for each 
+** attached database. Otherwise, invoke it for the database named zDb only.
+*/
+SQLITE_PRIVATE void sqlite3CodeVerifyNamedSchema(Parse *pParse, const char *zDb){
+  sqlite3 *db = pParse->db;
+  int i;
+  for(i=0; i<db->nDb; i++){
+    Db *pDb = &db->aDb[i];
+    if( pDb->pBt && (!zDb || 0==sqlite3StrICmp(zDb, pDb->zName)) ){
+      sqlite3CodeVerifySchema(pParse, i);
+    }
+  }
+}
+
+/*
+** Generate VDBE code that prepares for doing an operation that
+** might change the database.
+**
+** This routine starts a new transaction if we are not already within
+** a transaction.  If we are already within a transaction, then a checkpoint
+** is set if the setStatement parameter is true.  A checkpoint should
+** be set for operations that might fail (due to a constraint) part of
+** the way through and which will need to undo some writes without having to
+** rollback the whole transaction.  For operations where all constraints
+** can be checked before any changes are made to the database, it is never
+** necessary to undo a write and the checkpoint should not be set.
+*/
+SQLITE_PRIVATE void sqlite3BeginWriteOperation(Parse *pParse, int setStatement, int iDb){
+  Parse *pToplevel = sqlite3ParseToplevel(pParse);
+  sqlite3CodeVerifySchema(pParse, iDb);
+  DbMaskSet(pToplevel->writeMask, iDb);
+  pToplevel->isMultiWrite |= setStatement;
+}
+
+/*
+** Indicate that the statement currently under construction might write
+** more than one entry (example: deleting one row then inserting another,
+** inserting multiple rows in a table, or inserting a row and index entries.)
+** If an abort occurs after some of these writes have completed, then it will
+** be necessary to undo the completed writes.
+*/
+SQLITE_PRIVATE void sqlite3MultiWrite(Parse *pParse){
+  Parse *pToplevel = sqlite3ParseToplevel(pParse);
+  pToplevel->isMultiWrite = 1;
+}
+
+/* 
+** The code generator calls this routine if is discovers that it is
+** possible to abort a statement prior to completion.  In order to 
+** perform this abort without corrupting the database, we need to make
+** sure that the statement is protected by a statement transaction.
+**
+** Technically, we only need to set the mayAbort flag if the
+** isMultiWrite flag was previously set.  There is a time dependency
+** such that the abort must occur after the multiwrite.  This makes
+** some statements involving the REPLACE conflict resolution algorithm
+** go a little faster.  But taking advantage of this time dependency
+** makes it more difficult to prove that the code is correct (in 
+** particular, it prevents us from writing an effective
+** implementation of sqlite3AssertMayAbort()) and so we have chosen
+** to take the safe route and skip the optimization.
+*/
+SQLITE_PRIVATE void sqlite3MayAbort(Parse *pParse){
+  Parse *pToplevel = sqlite3ParseToplevel(pParse);
+  pToplevel->mayAbort = 1;
+}
+
+/*
+** Code an OP_Halt that causes the vdbe to return an SQLITE_CONSTRAINT
+** error. The onError parameter determines which (if any) of the statement
+** and/or current transaction is rolled back.
+*/
+SQLITE_PRIVATE void sqlite3HaltConstraint(
+  Parse *pParse,    /* Parsing context */
+  int errCode,      /* extended error code */
+  int onError,      /* Constraint type */
+  char *p4,         /* Error message */
+  i8 p4type,        /* P4_STATIC or P4_TRANSIENT */
+  u8 p5Errmsg       /* P5_ErrMsg type */
+){
+  Vdbe *v = sqlite3GetVdbe(pParse);
+  assert( (errCode&0xff)==SQLITE_CONSTRAINT );
+  if( onError==OE_Abort ){
+    sqlite3MayAbort(pParse);
+  }
+  sqlite3VdbeAddOp4(v, OP_Halt, errCode, onError, 0, p4, p4type);
+  if( p5Errmsg ) sqlite3VdbeChangeP5(v, p5Errmsg);
+}
+
+/*
+** Code an OP_Halt due to UNIQUE or PRIMARY KEY constraint violation.
+*/
+SQLITE_PRIVATE void sqlite3UniqueConstraint(
+  Parse *pParse,    /* Parsing context */
+  int onError,      /* Constraint type */
+  Index *pIdx       /* The index that triggers the constraint */
+){
+  char *zErr;
+  int j;
+  StrAccum errMsg;
+  Table *pTab = pIdx->pTable;
+
+  sqlite3StrAccumInit(&errMsg, pParse->db, 0, 0, 200);
+  if( pIdx->aColExpr ){
+    sqlite3XPrintf(&errMsg, 0, "index '%q'", pIdx->zName);
+  }else{
+    for(j=0; j<pIdx->nKeyCol; j++){
+      char *zCol;
+      assert( pIdx->aiColumn[j]>=0 );
+      zCol = pTab->aCol[pIdx->aiColumn[j]].zName;
+      if( j ) sqlite3StrAccumAppend(&errMsg, ", ", 2);
+      sqlite3XPrintf(&errMsg, 0, "%s.%s", pTab->zName, zCol);
+    }
+  }
+  zErr = sqlite3StrAccumFinish(&errMsg);
+  sqlite3HaltConstraint(pParse, 
+    IsPrimaryKeyIndex(pIdx) ? SQLITE_CONSTRAINT_PRIMARYKEY 
+                            : SQLITE_CONSTRAINT_UNIQUE,
+    onError, zErr, P4_DYNAMIC, P5_ConstraintUnique);
+}
+
+
+/*
+** Code an OP_Halt due to non-unique rowid.
+*/
+SQLITE_PRIVATE void sqlite3RowidConstraint(
+  Parse *pParse,    /* Parsing context */
+  int onError,      /* Conflict resolution algorithm */
+  Table *pTab       /* The table with the non-unique rowid */ 
+){
+  char *zMsg;
+  int rc;
+  if( pTab->iPKey>=0 ){
+    zMsg = sqlite3MPrintf(pParse->db, "%s.%s", pTab->zName,
+                          pTab->aCol[pTab->iPKey].zName);
+    rc = SQLITE_CONSTRAINT_PRIMARYKEY;
+  }else{
+    zMsg = sqlite3MPrintf(pParse->db, "%s.rowid", pTab->zName);
+    rc = SQLITE_CONSTRAINT_ROWID;
+  }
+  sqlite3HaltConstraint(pParse, rc, onError, zMsg, P4_DYNAMIC,
+                        P5_ConstraintUnique);
+}
+
+/*
+** Check to see if pIndex uses the collating sequence pColl.  Return
+** true if it does and false if it does not.
+*/
+#ifndef SQLITE_OMIT_REINDEX
+static int collationMatch(const char *zColl, Index *pIndex){
+  int i;
+  assert( zColl!=0 );
+  for(i=0; i<pIndex->nColumn; i++){
+    const char *z = pIndex->azColl[i];
+    assert( z!=0 || pIndex->aiColumn[i]<0 );
+    if( pIndex->aiColumn[i]>=0 && 0==sqlite3StrICmp(z, zColl) ){
+      return 1;
+    }
+  }
+  return 0;
+}
+#endif
+
+/*
+** Recompute all indices of pTab that use the collating sequence pColl.
+** If pColl==0 then recompute all indices of pTab.
+*/
+#ifndef SQLITE_OMIT_REINDEX
+static void reindexTable(Parse *pParse, Table *pTab, char const *zColl){
+  Index *pIndex;              /* An index associated with pTab */
+
+  for(pIndex=pTab->pIndex; pIndex; pIndex=pIndex->pNext){
+    if( zColl==0 || collationMatch(zColl, pIndex) ){
+      int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+      sqlite3BeginWriteOperation(pParse, 0, iDb);
+      sqlite3RefillIndex(pParse, pIndex, -1);
+    }
+  }
+}
+#endif
+
+/*
+** Recompute all indices of all tables in all databases where the
+** indices use the collating sequence pColl.  If pColl==0 then recompute
+** all indices everywhere.
+*/
+#ifndef SQLITE_OMIT_REINDEX
+static void reindexDatabases(Parse *pParse, char const *zColl){
+  Db *pDb;                    /* A single database */
+  int iDb;                    /* The database index number */
+  sqlite3 *db = pParse->db;   /* The database connection */
+  HashElem *k;                /* For looping over tables in pDb */
+  Table *pTab;                /* A table in the database */
+
+  assert( sqlite3BtreeHoldsAllMutexes(db) );  /* Needed for schema access */
+  for(iDb=0, pDb=db->aDb; iDb<db->nDb; iDb++, pDb++){
+    assert( pDb!=0 );
+    for(k=sqliteHashFirst(&pDb->pSchema->tblHash);  k; k=sqliteHashNext(k)){
+      pTab = (Table*)sqliteHashData(k);
+      reindexTable(pParse, pTab, zColl);
+    }
+  }
+}
+#endif
+
+/*
+** Generate code for the REINDEX command.
+**
+**        REINDEX                            -- 1
+**        REINDEX  <collation>               -- 2
+**        REINDEX  ?<database>.?<tablename>  -- 3
+**        REINDEX  ?<database>.?<indexname>  -- 4
+**
+** Form 1 causes all indices in all attached databases to be rebuilt.
+** Form 2 rebuilds all indices in all databases that use the named
+** collating function.  Forms 3 and 4 rebuild the named index or all
+** indices associated with the named table.
+*/
+#ifndef SQLITE_OMIT_REINDEX
+SQLITE_PRIVATE void sqlite3Reindex(Parse *pParse, Token *pName1, Token *pName2){
+  CollSeq *pColl;             /* Collating sequence to be reindexed, or NULL */
+  char *z;                    /* Name of a table or index */
+  const char *zDb;            /* Name of the database */
+  Table *pTab;                /* A table in the database */
+  Index *pIndex;              /* An index associated with pTab */
+  int iDb;                    /* The database index number */
+  sqlite3 *db = pParse->db;   /* The database connection */
+  Token *pObjName;            /* Name of the table or index to be reindexed */
+
+  /* Read the database schema. If an error occurs, leave an error message
+  ** and code in pParse and return NULL. */
+  if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
+    return;
+  }
+
+  if( pName1==0 ){
+    reindexDatabases(pParse, 0);
+    return;
+  }else if( NEVER(pName2==0) || pName2->z==0 ){
+    char *zColl;
+    assert( pName1->z );
+    zColl = sqlite3NameFromToken(pParse->db, pName1);
+    if( !zColl ) return;
+    pColl = sqlite3FindCollSeq(db, ENC(db), zColl, 0);
+    if( pColl ){
+      reindexDatabases(pParse, zColl);
+      sqlite3DbFree(db, zColl);
+      return;
+    }
+    sqlite3DbFree(db, zColl);
+  }
+  iDb = sqlite3TwoPartName(pParse, pName1, pName2, &pObjName);
+  if( iDb<0 ) return;
+  z = sqlite3NameFromToken(db, pObjName);
+  if( z==0 ) return;
+  zDb = db->aDb[iDb].zName;
+  pTab = sqlite3FindTable(db, z, zDb);
+  if( pTab ){
+    reindexTable(pParse, pTab, 0);
+    sqlite3DbFree(db, z);
+    return;
+  }
+  pIndex = sqlite3FindIndex(db, z, zDb);
+  sqlite3DbFree(db, z);
+  if( pIndex ){
+    sqlite3BeginWriteOperation(pParse, 0, iDb);
+    sqlite3RefillIndex(pParse, pIndex, -1);
+    return;
+  }
+  sqlite3ErrorMsg(pParse, "unable to identify the object to be reindexed");
+}
+#endif
+
+/*
+** Return a KeyInfo structure that is appropriate for the given Index.
+**
+** The KeyInfo structure for an index is cached in the Index object.
+** So there might be multiple references to the returned pointer.  The
+** caller should not try to modify the KeyInfo object.
+**
+** The caller should invoke sqlite3KeyInfoUnref() on the returned object
+** when it has finished using it.
+*/
+SQLITE_PRIVATE KeyInfo *sqlite3KeyInfoOfIndex(Parse *pParse, Index *pIdx){
+  int i;
+  int nCol = pIdx->nColumn;
+  int nKey = pIdx->nKeyCol;
+  KeyInfo *pKey;
+  if( pParse->nErr ) return 0;
+  if( pIdx->uniqNotNull ){
+    pKey = sqlite3KeyInfoAlloc(pParse->db, nKey, nCol-nKey);
+  }else{
+    pKey = sqlite3KeyInfoAlloc(pParse->db, nCol, 0);
+  }
+  if( pKey ){
+    assert( sqlite3KeyInfoIsWriteable(pKey) );
+    for(i=0; i<nCol; i++){
+      const char *zColl = pIdx->azColl[i];
+      pKey->aColl[i] = zColl==sqlite3StrBINARY ? 0 :
+                        sqlite3LocateCollSeq(pParse, zColl);
+      pKey->aSortOrder[i] = pIdx->aSortOrder[i];
+    }
+    if( pParse->nErr ){
+      sqlite3KeyInfoUnref(pKey);
+      pKey = 0;
+    }
+  }
+  return pKey;
+}
+
+#ifndef SQLITE_OMIT_CTE
+/* 
+** This routine is invoked once per CTE by the parser while parsing a 
+** WITH clause. 
+*/
+SQLITE_PRIVATE With *sqlite3WithAdd(
+  Parse *pParse,          /* Parsing context */
+  With *pWith,            /* Existing WITH clause, or NULL */
+  Token *pName,           /* Name of the common-table */
+  ExprList *pArglist,     /* Optional column name list for the table */
+  Select *pQuery          /* Query used to initialize the table */
+){
+  sqlite3 *db = pParse->db;
+  With *pNew;
+  char *zName;
+
+  /* Check that the CTE name is unique within this WITH clause. If
+  ** not, store an error in the Parse structure. */
+  zName = sqlite3NameFromToken(pParse->db, pName);
+  if( zName && pWith ){
+    int i;
+    for(i=0; i<pWith->nCte; i++){
+      if( sqlite3StrICmp(zName, pWith->a[i].zName)==0 ){
+        sqlite3ErrorMsg(pParse, "duplicate WITH table name: %s", zName);
+      }
+    }
+  }
+
+  if( pWith ){
+    int nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
+    pNew = sqlite3DbRealloc(db, pWith, nByte);
+  }else{
+    pNew = sqlite3DbMallocZero(db, sizeof(*pWith));
+  }
+  assert( zName!=0 || pNew==0 );
+  assert( db->mallocFailed==0 || pNew==0 );
+
+  if( pNew==0 ){
+    sqlite3ExprListDelete(db, pArglist);
+    sqlite3SelectDelete(db, pQuery);
+    sqlite3DbFree(db, zName);
+    pNew = pWith;
+  }else{
+    pNew->a[pNew->nCte].pSelect = pQuery;
+    pNew->a[pNew->nCte].pCols = pArglist;
+    pNew->a[pNew->nCte].zName = zName;
+    pNew->a[pNew->nCte].zCteErr = 0;
+    pNew->nCte++;
+  }
+
+  return pNew;
+}
+
+/*
+** Free the contents of the With object passed as the second argument.
+*/
+SQLITE_PRIVATE void sqlite3WithDelete(sqlite3 *db, With *pWith){
+  if( pWith ){
+    int i;
+    for(i=0; i<pWith->nCte; i++){
+      struct Cte *pCte = &pWith->a[i];
+      sqlite3ExprListDelete(db, pCte->pCols);
+      sqlite3SelectDelete(db, pCte->pSelect);
+      sqlite3DbFree(db, pCte->zName);
+    }
+    sqlite3DbFree(db, pWith);
+  }
+}
+#endif /* !defined(SQLITE_OMIT_CTE) */
+
+/************** End of build.c ***********************************************/
+/************** Begin file callback.c ****************************************/
+/*
+** 2005 May 23 
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains functions used to access the internal hash tables
+** of user defined functions and collation sequences.
+*/
+
+/* #include "sqliteInt.h" */
+
+/*
+** Invoke the 'collation needed' callback to request a collation sequence
+** in the encoding enc of name zName, length nName.
+*/
+static void callCollNeeded(sqlite3 *db, int enc, const char *zName){
+  assert( !db->xCollNeeded || !db->xCollNeeded16 );
+  if( db->xCollNeeded ){
+    char *zExternal = sqlite3DbStrDup(db, zName);
+    if( !zExternal ) return;
+    db->xCollNeeded(db->pCollNeededArg, db, enc, zExternal);
+    sqlite3DbFree(db, zExternal);
+  }
+#ifndef SQLITE_OMIT_UTF16
+  if( db->xCollNeeded16 ){
+    char const *zExternal;
+    sqlite3_value *pTmp = sqlite3ValueNew(db);
+    sqlite3ValueSetStr(pTmp, -1, zName, SQLITE_UTF8, SQLITE_STATIC);
+    zExternal = sqlite3ValueText(pTmp, SQLITE_UTF16NATIVE);
+    if( zExternal ){
+      db->xCollNeeded16(db->pCollNeededArg, db, (int)ENC(db), zExternal);
+    }
+    sqlite3ValueFree(pTmp);
+  }
+#endif
+}
+
+/*
+** This routine is called if the collation factory fails to deliver a
+** collation function in the best encoding but there may be other versions
+** of this collation function (for other text encodings) available. Use one
+** of these instead if they exist. Avoid a UTF-8 <-> UTF-16 conversion if
+** possible.
+*/
+static int synthCollSeq(sqlite3 *db, CollSeq *pColl){
+  CollSeq *pColl2;
+  char *z = pColl->zName;
+  int i;
+  static const u8 aEnc[] = { SQLITE_UTF16BE, SQLITE_UTF16LE, SQLITE_UTF8 };
+  for(i=0; i<3; i++){
+    pColl2 = sqlite3FindCollSeq(db, aEnc[i], z, 0);
+    if( pColl2->xCmp!=0 ){
+      memcpy(pColl, pColl2, sizeof(CollSeq));
+      pColl->xDel = 0;         /* Do not copy the destructor */
+      return SQLITE_OK;
+    }
+  }
+  return SQLITE_ERROR;
+}
+
+/*
+** This function is responsible for invoking the collation factory callback
+** or substituting a collation sequence of a different encoding when the
+** requested collation sequence is not available in the desired encoding.
+** 
+** If it is not NULL, then pColl must point to the database native encoding 
+** collation sequence with name zName, length nName.
+**
+** The return value is either the collation sequence to be used in database
+** db for collation type name zName, length nName, or NULL, if no collation
+** sequence can be found.  If no collation is found, leave an error message.
+**
+** See also: sqlite3LocateCollSeq(), sqlite3FindCollSeq()
+*/
+SQLITE_PRIVATE CollSeq *sqlite3GetCollSeq(
+  Parse *pParse,        /* Parsing context */
+  u8 enc,               /* The desired encoding for the collating sequence */
+  CollSeq *pColl,       /* Collating sequence with native encoding, or NULL */
+  const char *zName     /* Collating sequence name */
+){
+  CollSeq *p;
+  sqlite3 *db = pParse->db;
+
+  p = pColl;
+  if( !p ){
+    p = sqlite3FindCollSeq(db, enc, zName, 0);
+  }
+  if( !p || !p->xCmp ){
+    /* No collation sequence of this type for this encoding is registered.
+    ** Call the collation factory to see if it can supply us with one.
+    */
+    callCollNeeded(db, enc, zName);
+    p = sqlite3FindCollSeq(db, enc, zName, 0);
+  }
+  if( p && !p->xCmp && synthCollSeq(db, p) ){
+    p = 0;
+  }
+  assert( !p || p->xCmp );
+  if( p==0 ){
+    sqlite3ErrorMsg(pParse, "no such collation sequence: %s", zName);
+  }
+  return p;
+}
+
+/*
+** This routine is called on a collation sequence before it is used to
+** check that it is defined. An undefined collation sequence exists when
+** a database is loaded that contains references to collation sequences
+** that have not been defined by sqlite3_create_collation() etc.
+**
+** If required, this routine calls the 'collation needed' callback to
+** request a definition of the collating sequence. If this doesn't work, 
+** an equivalent collating sequence that uses a text encoding different
+** from the main database is substituted, if one is available.
+*/
+SQLITE_PRIVATE int sqlite3CheckCollSeq(Parse *pParse, CollSeq *pColl){
+  if( pColl ){
+    const char *zName = pColl->zName;
+    sqlite3 *db = pParse->db;
+    CollSeq *p = sqlite3GetCollSeq(pParse, ENC(db), pColl, zName);
+    if( !p ){
+      return SQLITE_ERROR;
+    }
+    assert( p==pColl );
+  }
+  return SQLITE_OK;
+}
+
+
+
+/*
+** Locate and return an entry from the db.aCollSeq hash table. If the entry
+** specified by zName and nName is not found and parameter 'create' is
+** true, then create a new entry. Otherwise return NULL.
+**
+** Each pointer stored in the sqlite3.aCollSeq hash table contains an
+** array of three CollSeq structures. The first is the collation sequence
+** preferred for UTF-8, the second UTF-16le, and the third UTF-16be.
+**
+** Stored immediately after the three collation sequences is a copy of
+** the collation sequence name. A pointer to this string is stored in
+** each collation sequence structure.
+*/
+static CollSeq *findCollSeqEntry(
+  sqlite3 *db,          /* Database connection */
+  const char *zName,    /* Name of the collating sequence */
+  int create            /* Create a new entry if true */
+){
+  CollSeq *pColl;
+  pColl = sqlite3HashFind(&db->aCollSeq, zName);
+
+  if( 0==pColl && create ){
+    int nName = sqlite3Strlen30(zName);
+    pColl = sqlite3DbMallocZero(db, 3*sizeof(*pColl) + nName + 1);
+    if( pColl ){
+      CollSeq *pDel = 0;
+      pColl[0].zName = (char*)&pColl[3];
+      pColl[0].enc = SQLITE_UTF8;
+      pColl[1].zName = (char*)&pColl[3];
+      pColl[1].enc = SQLITE_UTF16LE;
+      pColl[2].zName = (char*)&pColl[3];
+      pColl[2].enc = SQLITE_UTF16BE;
+      memcpy(pColl[0].zName, zName, nName);
+      pColl[0].zName[nName] = 0;
+      pDel = sqlite3HashInsert(&db->aCollSeq, pColl[0].zName, pColl);
+
+      /* If a malloc() failure occurred in sqlite3HashInsert(), it will 
+      ** return the pColl pointer to be deleted (because it wasn't added
+      ** to the hash table).
+      */
+      assert( pDel==0 || pDel==pColl );
+      if( pDel!=0 ){
+        db->mallocFailed = 1;
+        sqlite3DbFree(db, pDel);
+        pColl = 0;
+      }
+    }
+  }
+  return pColl;
+}
+
+/*
+** Parameter zName points to a UTF-8 encoded string nName bytes long.
+** Return the CollSeq* pointer for the collation sequence named zName
+** for the encoding 'enc' from the database 'db'.
+**
+** If the entry specified is not found and 'create' is true, then create a
+** new entry.  Otherwise return NULL.
+**
+** A separate function sqlite3LocateCollSeq() is a wrapper around
+** this routine.  sqlite3LocateCollSeq() invokes the collation factory
+** if necessary and generates an error message if the collating sequence
+** cannot be found.
+**
+** See also: sqlite3LocateCollSeq(), sqlite3GetCollSeq()
+*/
+SQLITE_PRIVATE CollSeq *sqlite3FindCollSeq(
+  sqlite3 *db,
+  u8 enc,
+  const char *zName,
+  int create
+){
+  CollSeq *pColl;
+  if( zName ){
+    pColl = findCollSeqEntry(db, zName, create);
+  }else{
+    pColl = db->pDfltColl;
+  }
+  assert( SQLITE_UTF8==1 && SQLITE_UTF16LE==2 && SQLITE_UTF16BE==3 );
+  assert( enc>=SQLITE_UTF8 && enc<=SQLITE_UTF16BE );
+  if( pColl ) pColl += enc-1;
+  return pColl;
+}
+
+/* During the search for the best function definition, this procedure
+** is called to test how well the function passed as the first argument
+** matches the request for a function with nArg arguments in a system
+** that uses encoding enc. The value returned indicates how well the
+** request is matched. A higher value indicates a better match.
+**
+** If nArg is -1 that means to only return a match (non-zero) if p->nArg
+** is also -1.  In other words, we are searching for a function that
+** takes a variable number of arguments.
+**
+** If nArg is -2 that means that we are searching for any function 
+** regardless of the number of arguments it uses, so return a positive
+** match score for any
+**
+** The returned value is always between 0 and 6, as follows:
+**
+** 0: Not a match.
+** 1: UTF8/16 conversion required and function takes any number of arguments.
+** 2: UTF16 byte order change required and function takes any number of args.
+** 3: encoding matches and function takes any number of arguments
+** 4: UTF8/16 conversion required - argument count matches exactly
+** 5: UTF16 byte order conversion required - argument count matches exactly
+** 6: Perfect match:  encoding and argument count match exactly.
+**
+** If nArg==(-2) then any function with a non-null xStep or xFunc is
+** a perfect match and any function with both xStep and xFunc NULL is
+** a non-match.
+*/
+#define FUNC_PERFECT_MATCH 6  /* The score for a perfect match */
+static int matchQuality(
+  FuncDef *p,     /* The function we are evaluating for match quality */
+  int nArg,       /* Desired number of arguments.  (-1)==any */
+  u8 enc          /* Desired text encoding */
+){
+  int match;
+
+  /* nArg of -2 is a special case */
+  if( nArg==(-2) ) return (p->xFunc==0 && p->xStep==0) ? 0 : FUNC_PERFECT_MATCH;
+
+  /* Wrong number of arguments means "no match" */
+  if( p->nArg!=nArg && p->nArg>=0 ) return 0;
+
+  /* Give a better score to a function with a specific number of arguments
+  ** than to function that accepts any number of arguments. */
+  if( p->nArg==nArg ){
+    match = 4;
+  }else{
+    match = 1;
+  }
+
+  /* Bonus points if the text encoding matches */
+  if( enc==(p->funcFlags & SQLITE_FUNC_ENCMASK) ){
+    match += 2;  /* Exact encoding match */
+  }else if( (enc & p->funcFlags & 2)!=0 ){
+    match += 1;  /* Both are UTF16, but with different byte orders */
+  }
+
+  return match;
+}
+
+/*
+** Search a FuncDefHash for a function with the given name.  Return
+** a pointer to the matching FuncDef if found, or 0 if there is no match.
+*/
+static FuncDef *functionSearch(
+  FuncDefHash *pHash,  /* Hash table to search */
+  int h,               /* Hash of the name */
+  const char *zFunc,   /* Name of function */
+  int nFunc            /* Number of bytes in zFunc */
+){
+  FuncDef *p;
+  for(p=pHash->a[h]; p; p=p->pHash){
+    if( sqlite3StrNICmp(p->zName, zFunc, nFunc)==0 && p->zName[nFunc]==0 ){
+      return p;
+    }
+  }
+  return 0;
+}
+
+/*
+** Insert a new FuncDef into a FuncDefHash hash table.
+*/
+SQLITE_PRIVATE void sqlite3FuncDefInsert(
+  FuncDefHash *pHash,  /* The hash table into which to insert */
+  FuncDef *pDef        /* The function definition to insert */
+){
+  FuncDef *pOther;
+  int nName = sqlite3Strlen30(pDef->zName);
+  u8 c1 = (u8)pDef->zName[0];
+  int h = (sqlite3UpperToLower[c1] + nName) % ArraySize(pHash->a);
+  pOther = functionSearch(pHash, h, pDef->zName, nName);
+  if( pOther ){
+    assert( pOther!=pDef && pOther->pNext!=pDef );
+    pDef->pNext = pOther->pNext;
+    pOther->pNext = pDef;
+  }else{
+    pDef->pNext = 0;
+    pDef->pHash = pHash->a[h];
+    pHash->a[h] = pDef;
+  }
+}
+  
+  
+
+/*
+** Locate a user function given a name, a number of arguments and a flag
+** indicating whether the function prefers UTF-16 over UTF-8.  Return a
+** pointer to the FuncDef structure that defines that function, or return
+** NULL if the function does not exist.
+**
+** If the createFlag argument is true, then a new (blank) FuncDef
+** structure is created and liked into the "db" structure if a
+** no matching function previously existed.
+**
+** If nArg is -2, then the first valid function found is returned.  A
+** function is valid if either xFunc or xStep is non-zero.  The nArg==(-2)
+** case is used to see if zName is a valid function name for some number
+** of arguments.  If nArg is -2, then createFlag must be 0.
+**
+** If createFlag is false, then a function with the required name and
+** number of arguments may be returned even if the eTextRep flag does not
+** match that requested.
+*/
+SQLITE_PRIVATE FuncDef *sqlite3FindFunction(
+  sqlite3 *db,       /* An open database */
+  const char *zName, /* Name of the function.  Not null-terminated */
+  int nName,         /* Number of characters in the name */
+  int nArg,          /* Number of arguments.  -1 means any number */
+  u8 enc,            /* Preferred text encoding */
+  u8 createFlag      /* Create new entry if true and does not otherwise exist */
+){
+  FuncDef *p;         /* Iterator variable */
+  FuncDef *pBest = 0; /* Best match found so far */
+  int bestScore = 0;  /* Score of best match */
+  int h;              /* Hash value */
+
+  assert( nArg>=(-2) );
+  assert( nArg>=(-1) || createFlag==0 );
+  h = (sqlite3UpperToLower[(u8)zName[0]] + nName) % ArraySize(db->aFunc.a);
+
+  /* First search for a match amongst the application-defined functions.
+  */
+  p = functionSearch(&db->aFunc, h, zName, nName);
+  while( p ){
+    int score = matchQuality(p, nArg, enc);
+    if( score>bestScore ){
+      pBest = p;
+      bestScore = score;
+    }
+    p = p->pNext;
+  }
+
+  /* If no match is found, search the built-in functions.
+  **
+  ** If the SQLITE_PreferBuiltin flag is set, then search the built-in
+  ** functions even if a prior app-defined function was found.  And give
+  ** priority to built-in functions.
+  **
+  ** Except, if createFlag is true, that means that we are trying to
+  ** install a new function.  Whatever FuncDef structure is returned it will
+  ** have fields overwritten with new information appropriate for the
+  ** new function.  But the FuncDefs for built-in functions are read-only.
+  ** So we must not search for built-ins when creating a new function.
+  */ 
+  if( !createFlag && (pBest==0 || (db->flags & SQLITE_PreferBuiltin)!=0) ){
+    FuncDefHash *pHash = &GLOBAL(FuncDefHash, sqlite3GlobalFunctions);
+    bestScore = 0;
+    p = functionSearch(pHash, h, zName, nName);
+    while( p ){
+      int score = matchQuality(p, nArg, enc);
+      if( score>bestScore ){
+        pBest = p;
+        bestScore = score;
+      }
+      p = p->pNext;
+    }
+  }
+
+  /* If the createFlag parameter is true and the search did not reveal an
+  ** exact match for the name, number of arguments and encoding, then add a
+  ** new entry to the hash table and return it.
+  */
+  if( createFlag && bestScore<FUNC_PERFECT_MATCH && 
+      (pBest = sqlite3DbMallocZero(db, sizeof(*pBest)+nName+1))!=0 ){
+    pBest->zName = (char *)&pBest[1];
+    pBest->nArg = (u16)nArg;
+    pBest->funcFlags = enc;
+    memcpy(pBest->zName, zName, nName);
+    pBest->zName[nName] = 0;
+    sqlite3FuncDefInsert(&db->aFunc, pBest);
+  }
+
+  if( pBest && (pBest->xStep || pBest->xFunc || createFlag) ){
+    return pBest;
+  }
+  return 0;
+}
+
+/*
+** Free all resources held by the schema structure. The void* argument points
+** at a Schema struct. This function does not call sqlite3DbFree(db, ) on the 
+** pointer itself, it just cleans up subsidiary resources (i.e. the contents
+** of the schema hash tables).
+**
+** The Schema.cache_size variable is not cleared.
+*/
+SQLITE_PRIVATE void sqlite3SchemaClear(void *p){
+  Hash temp1;
+  Hash temp2;
+  HashElem *pElem;
+  Schema *pSchema = (Schema *)p;
+
+  temp1 = pSchema->tblHash;
+  temp2 = pSchema->trigHash;
+  sqlite3HashInit(&pSchema->trigHash);
+  sqlite3HashClear(&pSchema->idxHash);
+  for(pElem=sqliteHashFirst(&temp2); pElem; pElem=sqliteHashNext(pElem)){
+    sqlite3DeleteTrigger(0, (Trigger*)sqliteHashData(pElem));
+  }
+  sqlite3HashClear(&temp2);
+  sqlite3HashInit(&pSchema->tblHash);
+  for(pElem=sqliteHashFirst(&temp1); pElem; pElem=sqliteHashNext(pElem)){
+    Table *pTab = sqliteHashData(pElem);
+    sqlite3DeleteTable(0, pTab);
+  }
+  sqlite3HashClear(&temp1);
+  sqlite3HashClear(&pSchema->fkeyHash);
+  pSchema->pSeqTab = 0;
+  if( pSchema->schemaFlags & DB_SchemaLoaded ){
+    pSchema->iGeneration++;
+    pSchema->schemaFlags &= ~DB_SchemaLoaded;
+  }
+}
+
+/*
+** Find and return the schema associated with a BTree.  Create
+** a new one if necessary.
+*/
+SQLITE_PRIVATE Schema *sqlite3SchemaGet(sqlite3 *db, Btree *pBt){
+  Schema * p;
+  if( pBt ){
+    p = (Schema *)sqlite3BtreeSchema(pBt, sizeof(Schema), sqlite3SchemaClear);
+  }else{
+    p = (Schema *)sqlite3DbMallocZero(0, sizeof(Schema));
+  }
+  if( !p ){
+    db->mallocFailed = 1;
+  }else if ( 0==p->file_format ){
+    sqlite3HashInit(&p->tblHash);
+    sqlite3HashInit(&p->idxHash);
+    sqlite3HashInit(&p->trigHash);
+    sqlite3HashInit(&p->fkeyHash);
+    p->enc = SQLITE_UTF8;
+  }
+  return p;
+}
+
+/************** End of callback.c ********************************************/
+/************** Begin file delete.c ******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains C code routines that are called by the parser
+** in order to generate code for DELETE FROM statements.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** While a SrcList can in general represent multiple tables and subqueries
+** (as in the FROM clause of a SELECT statement) in this case it contains
+** the name of a single table, as one might find in an INSERT, DELETE,
+** or UPDATE statement.  Look up that table in the symbol table and
+** return a pointer.  Set an error message and return NULL if the table 
+** name is not found or if any other error occurs.
+**
+** The following fields are initialized appropriate in pSrc:
+**
+**    pSrc->a[0].pTab       Pointer to the Table object
+**    pSrc->a[0].pIndex     Pointer to the INDEXED BY index, if there is one
+**
+*/
+SQLITE_PRIVATE Table *sqlite3SrcListLookup(Parse *pParse, SrcList *pSrc){
+  struct SrcList_item *pItem = pSrc->a;
+  Table *pTab;
+  assert( pItem && pSrc->nSrc==1 );
+  pTab = sqlite3LocateTableItem(pParse, 0, pItem);
+  sqlite3DeleteTable(pParse->db, pItem->pTab);
+  pItem->pTab = pTab;
+  if( pTab ){
+    pTab->nRef++;
+  }
+  if( sqlite3IndexedByLookup(pParse, pItem) ){
+    pTab = 0;
+  }
+  return pTab;
+}
+
+/*
+** Check to make sure the given table is writable.  If it is not
+** writable, generate an error message and return 1.  If it is
+** writable return 0;
+*/
+SQLITE_PRIVATE int sqlite3IsReadOnly(Parse *pParse, Table *pTab, int viewOk){
+  /* A table is not writable under the following circumstances:
+  **
+  **   1) It is a virtual table and no implementation of the xUpdate method
+  **      has been provided, or
+  **   2) It is a system table (i.e. sqlite_master), this call is not
+  **      part of a nested parse and writable_schema pragma has not 
+  **      been specified.
+  **
+  ** In either case leave an error message in pParse and return non-zero.
+  */
+  if( ( IsVirtual(pTab) 
+     && sqlite3GetVTable(pParse->db, pTab)->pMod->pModule->xUpdate==0 )
+   || ( (pTab->tabFlags & TF_Readonly)!=0
+     && (pParse->db->flags & SQLITE_WriteSchema)==0
+     && pParse->nested==0 )
+  ){
+    sqlite3ErrorMsg(pParse, "table %s may not be modified", pTab->zName);
+    return 1;
+  }
+
+#ifndef SQLITE_OMIT_VIEW
+  if( !viewOk && pTab->pSelect ){
+    sqlite3ErrorMsg(pParse,"cannot modify %s because it is a view",pTab->zName);
+    return 1;
+  }
+#endif
+  return 0;
+}
+
+
+#if !defined(SQLITE_OMIT_VIEW) && !defined(SQLITE_OMIT_TRIGGER)
+/*
+** Evaluate a view and store its result in an ephemeral table.  The
+** pWhere argument is an optional WHERE clause that restricts the
+** set of rows in the view that are to be added to the ephemeral table.
+*/
+SQLITE_PRIVATE void sqlite3MaterializeView(
+  Parse *pParse,       /* Parsing context */
+  Table *pView,        /* View definition */
+  Expr *pWhere,        /* Optional WHERE clause to be added */
+  int iCur             /* Cursor number for ephemeral table */
+){
+  SelectDest dest;
+  Select *pSel;
+  SrcList *pFrom;
+  sqlite3 *db = pParse->db;
+  int iDb = sqlite3SchemaToIndex(db, pView->pSchema);
+  pWhere = sqlite3ExprDup(db, pWhere, 0);
+  pFrom = sqlite3SrcListAppend(db, 0, 0, 0);
+  if( pFrom ){
+    assert( pFrom->nSrc==1 );
+    pFrom->a[0].zName = sqlite3DbStrDup(db, pView->zName);
+    pFrom->a[0].zDatabase = sqlite3DbStrDup(db, db->aDb[iDb].zName);
+    assert( pFrom->a[0].pOn==0 );
+    assert( pFrom->a[0].pUsing==0 );
+  }
+  pSel = sqlite3SelectNew(pParse, 0, pFrom, pWhere, 0, 0, 0, 
+                          SF_IncludeHidden, 0, 0);
+  sqlite3SelectDestInit(&dest, SRT_EphemTab, iCur);
+  sqlite3Select(pParse, pSel, &dest);
+  sqlite3SelectDelete(db, pSel);
+}
+#endif /* !defined(SQLITE_OMIT_VIEW) && !defined(SQLITE_OMIT_TRIGGER) */
+
+#if defined(SQLITE_ENABLE_UPDATE_DELETE_LIMIT) && !defined(SQLITE_OMIT_SUBQUERY)
+/*
+** Generate an expression tree to implement the WHERE, ORDER BY,
+** and LIMIT/OFFSET portion of DELETE and UPDATE statements.
+**
+**     DELETE FROM table_wxyz WHERE a<5 ORDER BY a LIMIT 1;
+**                            \__________________________/
+**                               pLimitWhere (pInClause)
+*/
+SQLITE_PRIVATE Expr *sqlite3LimitWhere(
+  Parse *pParse,               /* The parser context */
+  SrcList *pSrc,               /* the FROM clause -- which tables to scan */
+  Expr *pWhere,                /* The WHERE clause.  May be null */
+  ExprList *pOrderBy,          /* The ORDER BY clause.  May be null */
+  Expr *pLimit,                /* The LIMIT clause.  May be null */
+  Expr *pOffset,               /* The OFFSET clause.  May be null */
+  char *zStmtType              /* Either DELETE or UPDATE.  For err msgs. */
+){
+  Expr *pWhereRowid = NULL;    /* WHERE rowid .. */
+  Expr *pInClause = NULL;      /* WHERE rowid IN ( select ) */
+  Expr *pSelectRowid = NULL;   /* SELECT rowid ... */
+  ExprList *pEList = NULL;     /* Expression list contaning only pSelectRowid */
+  SrcList *pSelectSrc = NULL;  /* SELECT rowid FROM x ... (dup of pSrc) */
+  Select *pSelect = NULL;      /* Complete SELECT tree */
+
+  /* Check that there isn't an ORDER BY without a LIMIT clause.
+  */
+  if( pOrderBy && (pLimit == 0) ) {
+    sqlite3ErrorMsg(pParse, "ORDER BY without LIMIT on %s", zStmtType);
+    goto limit_where_cleanup_2;
+  }
+
+  /* We only need to generate a select expression if there
+  ** is a limit/offset term to enforce.
+  */
+  if( pLimit == 0 ) {
+    /* if pLimit is null, pOffset will always be null as well. */
+    assert( pOffset == 0 );
+    return pWhere;
+  }
+
+  /* Generate a select expression tree to enforce the limit/offset 
+  ** term for the DELETE or UPDATE statement.  For example:
+  **   DELETE FROM table_a WHERE col1=1 ORDER BY col2 LIMIT 1 OFFSET 1
+  ** becomes:
+  **   DELETE FROM table_a WHERE rowid IN ( 
+  **     SELECT rowid FROM table_a WHERE col1=1 ORDER BY col2 LIMIT 1 OFFSET 1
+  **   );
+  */
+
+  pSelectRowid = sqlite3PExpr(pParse, TK_ROW, 0, 0, 0);
+  if( pSelectRowid == 0 ) goto limit_where_cleanup_2;
+  pEList = sqlite3ExprListAppend(pParse, 0, pSelectRowid);
+  if( pEList == 0 ) goto limit_where_cleanup_2;
+
+  /* duplicate the FROM clause as it is needed by both the DELETE/UPDATE tree
+  ** and the SELECT subtree. */
+  pSelectSrc = sqlite3SrcListDup(pParse->db, pSrc, 0);
+  if( pSelectSrc == 0 ) {
+    sqlite3ExprListDelete(pParse->db, pEList);
+    goto limit_where_cleanup_2;
+  }
+
+  /* generate the SELECT expression tree. */
+  pSelect = sqlite3SelectNew(pParse,pEList,pSelectSrc,pWhere,0,0,
+                             pOrderBy,0,pLimit,pOffset);
+  if( pSelect == 0 ) return 0;
+
+  /* now generate the new WHERE rowid IN clause for the DELETE/UDPATE */
+  pWhereRowid = sqlite3PExpr(pParse, TK_ROW, 0, 0, 0);
+  if( pWhereRowid == 0 ) goto limit_where_cleanup_1;
+  pInClause = sqlite3PExpr(pParse, TK_IN, pWhereRowid, 0, 0);
+  if( pInClause == 0 ) goto limit_where_cleanup_1;
+
+  pInClause->x.pSelect = pSelect;
+  pInClause->flags |= EP_xIsSelect;
+  sqlite3ExprSetHeightAndFlags(pParse, pInClause);
+  return pInClause;
+
+  /* something went wrong. clean up anything allocated. */
+limit_where_cleanup_1:
+  sqlite3SelectDelete(pParse->db, pSelect);
+  return 0;
+
+limit_where_cleanup_2:
+  sqlite3ExprDelete(pParse->db, pWhere);
+  sqlite3ExprListDelete(pParse->db, pOrderBy);
+  sqlite3ExprDelete(pParse->db, pLimit);
+  sqlite3ExprDelete(pParse->db, pOffset);
+  return 0;
+}
+#endif /* defined(SQLITE_ENABLE_UPDATE_DELETE_LIMIT) */
+       /*      && !defined(SQLITE_OMIT_SUBQUERY) */
+
+/*
+** Generate code for a DELETE FROM statement.
+**
+**     DELETE FROM table_wxyz WHERE a<5 AND b NOT NULL;
+**                 \________/       \________________/
+**                  pTabList              pWhere
+*/
+SQLITE_PRIVATE void sqlite3DeleteFrom(
+  Parse *pParse,         /* The parser context */
+  SrcList *pTabList,     /* The table from which we should delete things */
+  Expr *pWhere           /* The WHERE clause.  May be null */
+){
+  Vdbe *v;               /* The virtual database engine */
+  Table *pTab;           /* The table from which records will be deleted */
+  const char *zDb;       /* Name of database holding pTab */
+  int i;                 /* Loop counter */
+  WhereInfo *pWInfo;     /* Information about the WHERE clause */
+  Index *pIdx;           /* For looping over indices of the table */
+  int iTabCur;           /* Cursor number for the table */
+  int iDataCur = 0;      /* VDBE cursor for the canonical data source */
+  int iIdxCur = 0;       /* Cursor number of the first index */
+  int nIdx;              /* Number of indices */
+  sqlite3 *db;           /* Main database structure */
+  AuthContext sContext;  /* Authorization context */
+  NameContext sNC;       /* Name context to resolve expressions in */
+  int iDb;               /* Database number */
+  int memCnt = -1;       /* Memory cell used for change counting */
+  int rcauth;            /* Value returned by authorization callback */
+  int eOnePass;          /* ONEPASS_OFF or _SINGLE or _MULTI */
+  int aiCurOnePass[2];   /* The write cursors opened by WHERE_ONEPASS */
+  u8 *aToOpen = 0;       /* Open cursor iTabCur+j if aToOpen[j] is true */
+  Index *pPk;            /* The PRIMARY KEY index on the table */
+  int iPk = 0;           /* First of nPk registers holding PRIMARY KEY value */
+  i16 nPk = 1;           /* Number of columns in the PRIMARY KEY */
+  int iKey;              /* Memory cell holding key of row to be deleted */
+  i16 nKey;              /* Number of memory cells in the row key */
+  int iEphCur = 0;       /* Ephemeral table holding all primary key values */
+  int iRowSet = 0;       /* Register for rowset of rows to delete */
+  int addrBypass = 0;    /* Address of jump over the delete logic */
+  int addrLoop = 0;      /* Top of the delete loop */
+  int addrEphOpen = 0;   /* Instruction to open the Ephemeral table */
+ 
+#ifndef SQLITE_OMIT_TRIGGER
+  int isView;                  /* True if attempting to delete from a view */
+  Trigger *pTrigger;           /* List of table triggers, if required */
+  int bComplex;                /* True if there are either triggers or FKs */
+#endif
+
+  memset(&sContext, 0, sizeof(sContext));
+  db = pParse->db;
+  if( pParse->nErr || db->mallocFailed ){
+    goto delete_from_cleanup;
+  }
+  assert( pTabList->nSrc==1 );
+
+  /* Locate the table which we want to delete.  This table has to be
+  ** put in an SrcList structure because some of the subroutines we
+  ** will be calling are designed to work with multiple tables and expect
+  ** an SrcList* parameter instead of just a Table* parameter.
+  */
+  pTab = sqlite3SrcListLookup(pParse, pTabList);
+  if( pTab==0 )  goto delete_from_cleanup;
+
+  /* Figure out if we have any triggers and if the table being
+  ** deleted from is a view
+  */
+#ifndef SQLITE_OMIT_TRIGGER
+  pTrigger = sqlite3TriggersExist(pParse, pTab, TK_DELETE, 0, 0);
+  isView = pTab->pSelect!=0;
+  bComplex = pTrigger || sqlite3FkRequired(pParse, pTab, 0, 0);
+#else
+# define pTrigger 0
+# define isView 0
+# define bComplex 0
+#endif
+#ifdef SQLITE_OMIT_VIEW
+# undef isView
+# define isView 0
+#endif
+
+  /* If pTab is really a view, make sure it has been initialized.
+  */
+  if( sqlite3ViewGetColumnNames(pParse, pTab) ){
+    goto delete_from_cleanup;
+  }
+
+  if( sqlite3IsReadOnly(pParse, pTab, (pTrigger?1:0)) ){
+    goto delete_from_cleanup;
+  }
+  iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+  assert( iDb<db->nDb );
+  zDb = db->aDb[iDb].zName;
+  rcauth = sqlite3AuthCheck(pParse, SQLITE_DELETE, pTab->zName, 0, zDb);
+  assert( rcauth==SQLITE_OK || rcauth==SQLITE_DENY || rcauth==SQLITE_IGNORE );
+  if( rcauth==SQLITE_DENY ){
+    goto delete_from_cleanup;
+  }
+  assert(!isView || pTrigger);
+
+  /* Assign cursor numbers to the table and all its indices.
+  */
+  assert( pTabList->nSrc==1 );
+  iTabCur = pTabList->a[0].iCursor = pParse->nTab++;
+  for(nIdx=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, nIdx++){
+    pParse->nTab++;
+  }
+
+  /* Start the view context
+  */
+  if( isView ){
+    sqlite3AuthContextPush(pParse, &sContext, pTab->zName);
+  }
+
+  /* Begin generating code.
+  */
+  v = sqlite3GetVdbe(pParse);
+  if( v==0 ){
+    goto delete_from_cleanup;
+  }
+  if( pParse->nested==0 ) sqlite3VdbeCountChanges(v);
+  sqlite3BeginWriteOperation(pParse, 1, iDb);
+
+  /* If we are trying to delete from a view, realize that view into
+  ** an ephemeral table.
+  */
+#if !defined(SQLITE_OMIT_VIEW) && !defined(SQLITE_OMIT_TRIGGER)
+  if( isView ){
+    sqlite3MaterializeView(pParse, pTab, pWhere, iTabCur);
+    iDataCur = iIdxCur = iTabCur;
+  }
+#endif
+
+  /* Resolve the column names in the WHERE clause.
+  */
+  memset(&sNC, 0, sizeof(sNC));
+  sNC.pParse = pParse;
+  sNC.pSrcList = pTabList;
+  if( sqlite3ResolveExprNames(&sNC, pWhere) ){
+    goto delete_from_cleanup;
+  }
+
+  /* Initialize the counter of the number of rows deleted, if
+  ** we are counting rows.
+  */
+  if( db->flags & SQLITE_CountRows ){
+    memCnt = ++pParse->nMem;
+    sqlite3VdbeAddOp2(v, OP_Integer, 0, memCnt);
+  }
+
+#ifndef SQLITE_OMIT_TRUNCATE_OPTIMIZATION
+  /* Special case: A DELETE without a WHERE clause deletes everything.
+  ** It is easier just to erase the whole table. Prior to version 3.6.5,
+  ** this optimization caused the row change count (the value returned by 
+  ** API function sqlite3_count_changes) to be set incorrectly.  */
+  if( rcauth==SQLITE_OK
+   && pWhere==0
+   && !bComplex
+   && !IsVirtual(pTab)
+  ){
+    assert( !isView );
+    sqlite3TableLock(pParse, iDb, pTab->tnum, 1, pTab->zName);
+    if( HasRowid(pTab) ){
+      sqlite3VdbeAddOp4(v, OP_Clear, pTab->tnum, iDb, memCnt,
+                        pTab->zName, P4_STATIC);
+    }
+    for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+      assert( pIdx->pSchema==pTab->pSchema );
+      sqlite3VdbeAddOp2(v, OP_Clear, pIdx->tnum, iDb);
+    }
+  }else
+#endif /* SQLITE_OMIT_TRUNCATE_OPTIMIZATION */
+  {
+    u16 wcf = WHERE_ONEPASS_DESIRED|WHERE_DUPLICATES_OK;
+    wcf |= (bComplex ? 0 : WHERE_ONEPASS_MULTIROW);
+    if( HasRowid(pTab) ){
+      /* For a rowid table, initialize the RowSet to an empty set */
+      pPk = 0;
+      nPk = 1;
+      iRowSet = ++pParse->nMem;
+      sqlite3VdbeAddOp2(v, OP_Null, 0, iRowSet);
+    }else{
+      /* For a WITHOUT ROWID table, create an ephemeral table used to
+      ** hold all primary keys for rows to be deleted. */
+      pPk = sqlite3PrimaryKeyIndex(pTab);
+      assert( pPk!=0 );
+      nPk = pPk->nKeyCol;
+      iPk = pParse->nMem+1;
+      pParse->nMem += nPk;
+      iEphCur = pParse->nTab++;
+      addrEphOpen = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, iEphCur, nPk);
+      sqlite3VdbeSetP4KeyInfo(pParse, pPk);
+    }
+  
+    /* Construct a query to find the rowid or primary key for every row
+    ** to be deleted, based on the WHERE clause. Set variable eOnePass
+    ** to indicate the strategy used to implement this delete:
+    **
+    **  ONEPASS_OFF:    Two-pass approach - use a FIFO for rowids/PK values.
+    **  ONEPASS_SINGLE: One-pass approach - at most one row deleted.
+    **  ONEPASS_MULTI:  One-pass approach - any number of rows may be deleted.
+    */
+    pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, 0, 0, wcf, iTabCur+1);
+    if( pWInfo==0 ) goto delete_from_cleanup;
+    eOnePass = sqlite3WhereOkOnePass(pWInfo, aiCurOnePass);
+    assert( IsVirtual(pTab)==0 || eOnePass!=ONEPASS_MULTI );
+    assert( IsVirtual(pTab) || bComplex || eOnePass!=ONEPASS_OFF );
+  
+    /* Keep track of the number of rows to be deleted */
+    if( db->flags & SQLITE_CountRows ){
+      sqlite3VdbeAddOp2(v, OP_AddImm, memCnt, 1);
+    }
+  
+    /* Extract the rowid or primary key for the current row */
+    if( pPk ){
+      for(i=0; i<nPk; i++){
+        assert( pPk->aiColumn[i]>=0 );
+        sqlite3ExprCodeGetColumnOfTable(v, pTab, iTabCur,
+                                        pPk->aiColumn[i], iPk+i);
+      }
+      iKey = iPk;
+    }else{
+      iKey = pParse->nMem + 1;
+      iKey = sqlite3ExprCodeGetColumn(pParse, pTab, -1, iTabCur, iKey, 0);
+      if( iKey>pParse->nMem ) pParse->nMem = iKey;
+    }
+  
+    if( eOnePass!=ONEPASS_OFF ){
+      /* For ONEPASS, no need to store the rowid/primary-key. There is only
+      ** one, so just keep it in its register(s) and fall through to the
+      ** delete code.  */
+      nKey = nPk; /* OP_Found will use an unpacked key */
+      aToOpen = sqlite3DbMallocRaw(db, nIdx+2);
+      if( aToOpen==0 ){
+        sqlite3WhereEnd(pWInfo);
+        goto delete_from_cleanup;
+      }
+      memset(aToOpen, 1, nIdx+1);
+      aToOpen[nIdx+1] = 0;
+      if( aiCurOnePass[0]>=0 ) aToOpen[aiCurOnePass[0]-iTabCur] = 0;
+      if( aiCurOnePass[1]>=0 ) aToOpen[aiCurOnePass[1]-iTabCur] = 0;
+      if( addrEphOpen ) sqlite3VdbeChangeToNoop(v, addrEphOpen);
+    }else{
+      if( pPk ){
+        /* Add the PK key for this row to the temporary table */
+        iKey = ++pParse->nMem;
+        nKey = 0;   /* Zero tells OP_Found to use a composite key */
+        sqlite3VdbeAddOp4(v, OP_MakeRecord, iPk, nPk, iKey,
+            sqlite3IndexAffinityStr(pParse->db, pPk), nPk);
+        sqlite3VdbeAddOp2(v, OP_IdxInsert, iEphCur, iKey);
+      }else{
+        /* Add the rowid of the row to be deleted to the RowSet */
+        nKey = 1;  /* OP_Seek always uses a single rowid */
+        sqlite3VdbeAddOp2(v, OP_RowSetAdd, iRowSet, iKey);
+      }
+    }
+  
+    /* If this DELETE cannot use the ONEPASS strategy, this is the 
+    ** end of the WHERE loop */
+    if( eOnePass!=ONEPASS_OFF ){
+      addrBypass = sqlite3VdbeMakeLabel(v);
+    }else{
+      sqlite3WhereEnd(pWInfo);
+    }
+  
+    /* Unless this is a view, open cursors for the table we are 
+    ** deleting from and all its indices. If this is a view, then the
+    ** only effect this statement has is to fire the INSTEAD OF 
+    ** triggers.
+    */
+    if( !isView ){
+      int iAddrOnce = 0;
+      u8 p5 = (eOnePass==ONEPASS_OFF ? 0 : OPFLAG_FORDELETE);
+      if( eOnePass==ONEPASS_MULTI ){
+        iAddrOnce = sqlite3CodeOnce(pParse); VdbeCoverage(v);
+      }
+      testcase( IsVirtual(pTab) );
+      sqlite3OpenTableAndIndices(pParse, pTab, OP_OpenWrite, p5, iTabCur, 
+                                 aToOpen, &iDataCur, &iIdxCur);
+      assert( pPk || IsVirtual(pTab) || iDataCur==iTabCur );
+      assert( pPk || IsVirtual(pTab) || iIdxCur==iDataCur+1 );
+      if( eOnePass==ONEPASS_MULTI ) sqlite3VdbeJumpHere(v, iAddrOnce);
+    }
+  
+    /* Set up a loop over the rowids/primary-keys that were found in the
+    ** where-clause loop above.
+    */
+    if( eOnePass!=ONEPASS_OFF ){
+      assert( nKey==nPk );  /* OP_Found will use an unpacked key */
+      if( !IsVirtual(pTab) && aToOpen[iDataCur-iTabCur] ){
+        assert( pPk!=0 || pTab->pSelect!=0 );
+        sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, addrBypass, iKey, nKey);
+        VdbeCoverage(v);
+      }
+    }else if( pPk ){
+      addrLoop = sqlite3VdbeAddOp1(v, OP_Rewind, iEphCur); VdbeCoverage(v);
+      sqlite3VdbeAddOp2(v, OP_RowKey, iEphCur, iKey);
+      assert( nKey==0 );  /* OP_Found will use a composite key */
+    }else{
+      addrLoop = sqlite3VdbeAddOp3(v, OP_RowSetRead, iRowSet, 0, iKey);
+      VdbeCoverage(v);
+      assert( nKey==1 );
+    }  
+  
+    /* Delete the row */
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    if( IsVirtual(pTab) ){
+      const char *pVTab = (const char *)sqlite3GetVTable(db, pTab);
+      sqlite3VtabMakeWritable(pParse, pTab);
+      sqlite3VdbeAddOp4(v, OP_VUpdate, 0, 1, iKey, pVTab, P4_VTAB);
+      sqlite3VdbeChangeP5(v, OE_Abort);
+      assert( eOnePass==ONEPASS_OFF || eOnePass==ONEPASS_SINGLE );
+      sqlite3MayAbort(pParse);
+      if( eOnePass==ONEPASS_SINGLE && sqlite3IsToplevel(pParse) ){
+        pParse->isMultiWrite = 0;
+      }
+    }else
+#endif
+    {
+      int count = (pParse->nested==0);    /* True to count changes */
+      int iIdxNoSeek = -1;
+      if( bComplex==0 && aiCurOnePass[1]!=iDataCur ){
+        iIdxNoSeek = aiCurOnePass[1];
+      }
+      sqlite3GenerateRowDelete(pParse, pTab, pTrigger, iDataCur, iIdxCur,
+          iKey, nKey, count, OE_Default, eOnePass, iIdxNoSeek);
+    }
+  
+    /* End of the loop over all rowids/primary-keys. */
+    if( eOnePass!=ONEPASS_OFF ){
+      sqlite3VdbeResolveLabel(v, addrBypass);
+      sqlite3WhereEnd(pWInfo);
+    }else if( pPk ){
+      sqlite3VdbeAddOp2(v, OP_Next, iEphCur, addrLoop+1); VdbeCoverage(v);
+      sqlite3VdbeJumpHere(v, addrLoop);
+    }else{
+      sqlite3VdbeGoto(v, addrLoop);
+      sqlite3VdbeJumpHere(v, addrLoop);
+    }     
+  
+    /* Close the cursors open on the table and its indexes. */
+    if( !isView && !IsVirtual(pTab) ){
+      if( !pPk ) sqlite3VdbeAddOp1(v, OP_Close, iDataCur);
+      for(i=0, pIdx=pTab->pIndex; pIdx; i++, pIdx=pIdx->pNext){
+        sqlite3VdbeAddOp1(v, OP_Close, iIdxCur + i);
+      }
+    }
+  } /* End non-truncate path */
+
+  /* Update the sqlite_sequence table by storing the content of the
+  ** maximum rowid counter values recorded while inserting into
+  ** autoincrement tables.
+  */
+  if( pParse->nested==0 && pParse->pTriggerTab==0 ){
+    sqlite3AutoincrementEnd(pParse);
+  }
+
+  /* Return the number of rows that were deleted. If this routine is 
+  ** generating code because of a call to sqlite3NestedParse(), do not
+  ** invoke the callback function.
+  */
+  if( (db->flags&SQLITE_CountRows) && !pParse->nested && !pParse->pTriggerTab ){
+    sqlite3VdbeAddOp2(v, OP_ResultRow, memCnt, 1);
+    sqlite3VdbeSetNumCols(v, 1);
+    sqlite3VdbeSetColName(v, 0, COLNAME_NAME, "rows deleted", SQLITE_STATIC);
+  }
+
+delete_from_cleanup:
+  sqlite3AuthContextPop(&sContext);
+  sqlite3SrcListDelete(db, pTabList);
+  sqlite3ExprDelete(db, pWhere);
+  sqlite3DbFree(db, aToOpen);
+  return;
+}
+/* Make sure "isView" and other macros defined above are undefined. Otherwise
+** they may interfere with compilation of other functions in this file
+** (or in another file, if this file becomes part of the amalgamation).  */
+#ifdef isView
+ #undef isView
+#endif
+#ifdef pTrigger
+ #undef pTrigger
+#endif
+
+/*
+** This routine generates VDBE code that causes a single row of a
+** single table to be deleted.  Both the original table entry and
+** all indices are removed.
+**
+** Preconditions:
+**
+**   1.  iDataCur is an open cursor on the btree that is the canonical data
+**       store for the table.  (This will be either the table itself,
+**       in the case of a rowid table, or the PRIMARY KEY index in the case
+**       of a WITHOUT ROWID table.)
+**
+**   2.  Read/write cursors for all indices of pTab must be open as
+**       cursor number iIdxCur+i for the i-th index.
+**
+**   3.  The primary key for the row to be deleted must be stored in a
+**       sequence of nPk memory cells starting at iPk.  If nPk==0 that means
+**       that a search record formed from OP_MakeRecord is contained in the
+**       single memory location iPk.
+**
+** eMode:
+**   Parameter eMode may be passed either ONEPASS_OFF (0), ONEPASS_SINGLE, or
+**   ONEPASS_MULTI.  If eMode is not ONEPASS_OFF, then the cursor
+**   iDataCur already points to the row to delete. If eMode is ONEPASS_OFF
+**   then this function must seek iDataCur to the entry identified by iPk
+**   and nPk before reading from it.
+**
+**   If eMode is ONEPASS_MULTI, then this call is being made as part
+**   of a ONEPASS delete that affects multiple rows. In this case, if 
+**   iIdxNoSeek is a valid cursor number (>=0), then its position should
+**   be preserved following the delete operation. Or, if iIdxNoSeek is not
+**   a valid cursor number, the position of iDataCur should be preserved
+**   instead.
+**
+** iIdxNoSeek:
+**   If iIdxNoSeek is a valid cursor number (>=0), then it identifies an
+**   index cursor (from within array of cursors starting at iIdxCur) that
+**   already points to the index entry to be deleted.
+*/
+SQLITE_PRIVATE void sqlite3GenerateRowDelete(
+  Parse *pParse,     /* Parsing context */
+  Table *pTab,       /* Table containing the row to be deleted */
+  Trigger *pTrigger, /* List of triggers to (potentially) fire */
+  int iDataCur,      /* Cursor from which column data is extracted */
+  int iIdxCur,       /* First index cursor */
+  int iPk,           /* First memory cell containing the PRIMARY KEY */
+  i16 nPk,           /* Number of PRIMARY KEY memory cells */
+  u8 count,          /* If non-zero, increment the row change counter */
+  u8 onconf,         /* Default ON CONFLICT policy for triggers */
+  u8 eMode,          /* ONEPASS_OFF, _SINGLE, or _MULTI.  See above */
+  int iIdxNoSeek     /* Cursor number of cursor that does not need seeking */
+){
+  Vdbe *v = pParse->pVdbe;        /* Vdbe */
+  int iOld = 0;                   /* First register in OLD.* array */
+  int iLabel;                     /* Label resolved to end of generated code */
+  u8 opSeek;                      /* Seek opcode */
+
+  /* Vdbe is guaranteed to have been allocated by this stage. */
+  assert( v );
+  VdbeModuleComment((v, "BEGIN: GenRowDel(%d,%d,%d,%d)",
+                         iDataCur, iIdxCur, iPk, (int)nPk));
+
+  /* Seek cursor iCur to the row to delete. If this row no longer exists 
+  ** (this can happen if a trigger program has already deleted it), do
+  ** not attempt to delete it or fire any DELETE triggers.  */
+  iLabel = sqlite3VdbeMakeLabel(v);
+  opSeek = HasRowid(pTab) ? OP_NotExists : OP_NotFound;
+  if( eMode==ONEPASS_OFF ){
+    sqlite3VdbeAddOp4Int(v, opSeek, iDataCur, iLabel, iPk, nPk);
+    VdbeCoverageIf(v, opSeek==OP_NotExists);
+    VdbeCoverageIf(v, opSeek==OP_NotFound);
+  }
+ 
+  /* If there are any triggers to fire, allocate a range of registers to
+  ** use for the old.* references in the triggers.  */
+  if( sqlite3FkRequired(pParse, pTab, 0, 0) || pTrigger ){
+    u32 mask;                     /* Mask of OLD.* columns in use */
+    int iCol;                     /* Iterator used while populating OLD.* */
+    int addrStart;                /* Start of BEFORE trigger programs */
+
+    /* TODO: Could use temporary registers here. Also could attempt to
+    ** avoid copying the contents of the rowid register.  */
+    mask = sqlite3TriggerColmask(
+        pParse, pTrigger, 0, 0, TRIGGER_BEFORE|TRIGGER_AFTER, pTab, onconf
+    );
+    mask |= sqlite3FkOldmask(pParse, pTab);
+    iOld = pParse->nMem+1;
+    pParse->nMem += (1 + pTab->nCol);
+
+    /* Populate the OLD.* pseudo-table register array. These values will be 
+    ** used by any BEFORE and AFTER triggers that exist.  */
+    sqlite3VdbeAddOp2(v, OP_Copy, iPk, iOld);
+    for(iCol=0; iCol<pTab->nCol; iCol++){
+      testcase( mask!=0xffffffff && iCol==31 );
+      testcase( mask!=0xffffffff && iCol==32 );
+      if( mask==0xffffffff || (iCol<=31 && (mask & MASKBIT32(iCol))!=0) ){
+        sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, iCol, iOld+iCol+1);
+      }
+    }
+
+    /* Invoke BEFORE DELETE trigger programs. */
+    addrStart = sqlite3VdbeCurrentAddr(v);
+    sqlite3CodeRowTrigger(pParse, pTrigger, 
+        TK_DELETE, 0, TRIGGER_BEFORE, pTab, iOld, onconf, iLabel
+    );
+
+    /* If any BEFORE triggers were coded, then seek the cursor to the 
+    ** row to be deleted again. It may be that the BEFORE triggers moved
+    ** the cursor or of already deleted the row that the cursor was
+    ** pointing to.
+    */
+    if( addrStart<sqlite3VdbeCurrentAddr(v) ){
+      sqlite3VdbeAddOp4Int(v, opSeek, iDataCur, iLabel, iPk, nPk);
+      VdbeCoverageIf(v, opSeek==OP_NotExists);
+      VdbeCoverageIf(v, opSeek==OP_NotFound);
+    }
+
+    /* Do FK processing. This call checks that any FK constraints that
+    ** refer to this table (i.e. constraints attached to other tables) 
+    ** are not violated by deleting this row.  */
+    sqlite3FkCheck(pParse, pTab, iOld, 0, 0, 0);
+  }
+
+  /* Delete the index and table entries. Skip this step if pTab is really
+  ** a view (in which case the only effect of the DELETE statement is to
+  ** fire the INSTEAD OF triggers).  */ 
+  if( pTab->pSelect==0 ){
+    sqlite3GenerateRowIndexDelete(pParse, pTab, iDataCur, iIdxCur,0,iIdxNoSeek);
+    sqlite3VdbeAddOp2(v, OP_Delete, iDataCur, (count?OPFLAG_NCHANGE:0));
+    if( count ){
+      sqlite3VdbeChangeP4(v, -1, pTab->zName, P4_TRANSIENT);
+    }
+    if( iIdxNoSeek>=0 ){
+      sqlite3VdbeAddOp1(v, OP_Delete, iIdxNoSeek);
+    }
+    sqlite3VdbeChangeP5(v, eMode==ONEPASS_MULTI);
+  }
+
+  /* Do any ON CASCADE, SET NULL or SET DEFAULT operations required to
+  ** handle rows (possibly in other tables) that refer via a foreign key
+  ** to the row just deleted. */ 
+  sqlite3FkActions(pParse, pTab, 0, iOld, 0, 0);
+
+  /* Invoke AFTER DELETE trigger programs. */
+  sqlite3CodeRowTrigger(pParse, pTrigger, 
+      TK_DELETE, 0, TRIGGER_AFTER, pTab, iOld, onconf, iLabel
+  );
+
+  /* Jump here if the row had already been deleted before any BEFORE
+  ** trigger programs were invoked. Or if a trigger program throws a 
+  ** RAISE(IGNORE) exception.  */
+  sqlite3VdbeResolveLabel(v, iLabel);
+  VdbeModuleComment((v, "END: GenRowDel()"));
+}
+
+/*
+** This routine generates VDBE code that causes the deletion of all
+** index entries associated with a single row of a single table, pTab
+**
+** Preconditions:
+**
+**   1.  A read/write cursor "iDataCur" must be open on the canonical storage
+**       btree for the table pTab.  (This will be either the table itself
+**       for rowid tables or to the primary key index for WITHOUT ROWID
+**       tables.)
+**
+**   2.  Read/write cursors for all indices of pTab must be open as
+**       cursor number iIdxCur+i for the i-th index.  (The pTab->pIndex
+**       index is the 0-th index.)
+**
+**   3.  The "iDataCur" cursor must be already be positioned on the row
+**       that is to be deleted.
+*/
+SQLITE_PRIVATE void sqlite3GenerateRowIndexDelete(
+  Parse *pParse,     /* Parsing and code generating context */
+  Table *pTab,       /* Table containing the row to be deleted */
+  int iDataCur,      /* Cursor of table holding data. */
+  int iIdxCur,       /* First index cursor */
+  int *aRegIdx,      /* Only delete if aRegIdx!=0 && aRegIdx[i]>0 */
+  int iIdxNoSeek     /* Do not delete from this cursor */
+){
+  int i;             /* Index loop counter */
+  int r1 = -1;       /* Register holding an index key */
+  int iPartIdxLabel; /* Jump destination for skipping partial index entries */
+  Index *pIdx;       /* Current index */
+  Index *pPrior = 0; /* Prior index */
+  Vdbe *v;           /* The prepared statement under construction */
+  Index *pPk;        /* PRIMARY KEY index, or NULL for rowid tables */
+
+  v = pParse->pVdbe;
+  pPk = HasRowid(pTab) ? 0 : sqlite3PrimaryKeyIndex(pTab);
+  for(i=0, pIdx=pTab->pIndex; pIdx; i++, pIdx=pIdx->pNext){
+    assert( iIdxCur+i!=iDataCur || pPk==pIdx );
+    if( aRegIdx!=0 && aRegIdx[i]==0 ) continue;
+    if( pIdx==pPk ) continue;
+    if( iIdxCur+i==iIdxNoSeek ) continue;
+    VdbeModuleComment((v, "GenRowIdxDel for %s", pIdx->zName));
+    r1 = sqlite3GenerateIndexKey(pParse, pIdx, iDataCur, 0, 1,
+        &iPartIdxLabel, pPrior, r1);
+    sqlite3VdbeAddOp3(v, OP_IdxDelete, iIdxCur+i, r1,
+        pIdx->uniqNotNull ? pIdx->nKeyCol : pIdx->nColumn);
+    sqlite3ResolvePartIdxLabel(pParse, iPartIdxLabel);
+    pPrior = pIdx;
+  }
+}
+
+/*
+** Generate code that will assemble an index key and stores it in register
+** regOut.  The key with be for index pIdx which is an index on pTab.
+** iCur is the index of a cursor open on the pTab table and pointing to
+** the entry that needs indexing.  If pTab is a WITHOUT ROWID table, then
+** iCur must be the cursor of the PRIMARY KEY index.
+**
+** Return a register number which is the first in a block of
+** registers that holds the elements of the index key.  The
+** block of registers has already been deallocated by the time
+** this routine returns.
+**
+** If *piPartIdxLabel is not NULL, fill it in with a label and jump
+** to that label if pIdx is a partial index that should be skipped.
+** The label should be resolved using sqlite3ResolvePartIdxLabel().
+** A partial index should be skipped if its WHERE clause evaluates
+** to false or null.  If pIdx is not a partial index, *piPartIdxLabel
+** will be set to zero which is an empty label that is ignored by
+** sqlite3ResolvePartIdxLabel().
+**
+** The pPrior and regPrior parameters are used to implement a cache to
+** avoid unnecessary register loads.  If pPrior is not NULL, then it is
+** a pointer to a different index for which an index key has just been
+** computed into register regPrior.  If the current pIdx index is generating
+** its key into the same sequence of registers and if pPrior and pIdx share
+** a column in common, then the register corresponding to that column already
+** holds the correct value and the loading of that register is skipped.
+** This optimization is helpful when doing a DELETE or an INTEGRITY_CHECK 
+** on a table with multiple indices, and especially with the ROWID or
+** PRIMARY KEY columns of the index.
+*/
+SQLITE_PRIVATE int sqlite3GenerateIndexKey(
+  Parse *pParse,       /* Parsing context */
+  Index *pIdx,         /* The index for which to generate a key */
+  int iDataCur,        /* Cursor number from which to take column data */
+  int regOut,          /* Put the new key into this register if not 0 */
+  int prefixOnly,      /* Compute only a unique prefix of the key */
+  int *piPartIdxLabel, /* OUT: Jump to this label to skip partial index */
+  Index *pPrior,       /* Previously generated index key */
+  int regPrior         /* Register holding previous generated key */
+){
+  Vdbe *v = pParse->pVdbe;
+  int j;
+  int regBase;
+  int nCol;
+
+  if( piPartIdxLabel ){
+    if( pIdx->pPartIdxWhere ){
+      *piPartIdxLabel = sqlite3VdbeMakeLabel(v);
+      pParse->iSelfTab = iDataCur;
+      sqlite3ExprCachePush(pParse);
+      sqlite3ExprIfFalseDup(pParse, pIdx->pPartIdxWhere, *piPartIdxLabel, 
+                            SQLITE_JUMPIFNULL);
+    }else{
+      *piPartIdxLabel = 0;
+    }
+  }
+  nCol = (prefixOnly && pIdx->uniqNotNull) ? pIdx->nKeyCol : pIdx->nColumn;
+  regBase = sqlite3GetTempRange(pParse, nCol);
+  if( pPrior && (regBase!=regPrior || pPrior->pPartIdxWhere) ) pPrior = 0;
+  for(j=0; j<nCol; j++){
+    if( pPrior
+     && pPrior->aiColumn[j]==pIdx->aiColumn[j]
+     && pPrior->aiColumn[j]!=XN_EXPR
+    ){
+      /* This column was already computed by the previous index */
+      continue;
+    }
+    sqlite3ExprCodeLoadIndexColumn(pParse, pIdx, iDataCur, j, regBase+j);
+    /* If the column affinity is REAL but the number is an integer, then it
+    ** might be stored in the table as an integer (using a compact
+    ** representation) then converted to REAL by an OP_RealAffinity opcode.
+    ** But we are getting ready to store this value back into an index, where
+    ** it should be converted by to INTEGER again.  So omit the OP_RealAffinity
+    ** opcode if it is present */
+    sqlite3VdbeDeletePriorOpcode(v, OP_RealAffinity);
+  }
+  if( regOut ){
+    sqlite3VdbeAddOp3(v, OP_MakeRecord, regBase, nCol, regOut);
+  }
+  sqlite3ReleaseTempRange(pParse, regBase, nCol);
+  return regBase;
+}
+
+/*
+** If a prior call to sqlite3GenerateIndexKey() generated a jump-over label
+** because it was a partial index, then this routine should be called to
+** resolve that label.
+*/
+SQLITE_PRIVATE void sqlite3ResolvePartIdxLabel(Parse *pParse, int iLabel){
+  if( iLabel ){
+    sqlite3VdbeResolveLabel(pParse->pVdbe, iLabel);
+    sqlite3ExprCachePop(pParse);
+  }
+}
+
+/************** End of delete.c **********************************************/
+/************** Begin file func.c ********************************************/
+/*
+** 2002 February 23
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the C-language implementations for many of the SQL
+** functions of SQLite.  (Some function, and in particular the date and
+** time functions, are implemented separately.)
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdlib.h> */
+/* #include <assert.h> */
+/* #include "vdbeInt.h" */
+
+/*
+** Return the collating function associated with a function.
+*/
+static CollSeq *sqlite3GetFuncCollSeq(sqlite3_context *context){
+  VdbeOp *pOp;
+  assert( context->pVdbe!=0 );
+  pOp = &context->pVdbe->aOp[context->iOp-1];
+  assert( pOp->opcode==OP_CollSeq );
+  assert( pOp->p4type==P4_COLLSEQ );
+  return pOp->p4.pColl;
+}
+
+/*
+** Indicate that the accumulator load should be skipped on this
+** iteration of the aggregate loop.
+*/
+static void sqlite3SkipAccumulatorLoad(sqlite3_context *context){
+  context->skipFlag = 1;
+}
+
+/*
+** Implementation of the non-aggregate min() and max() functions
+*/
+static void minmaxFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  int i;
+  int mask;    /* 0 for min() or 0xffffffff for max() */
+  int iBest;
+  CollSeq *pColl;
+
+  assert( argc>1 );
+  mask = sqlite3_user_data(context)==0 ? 0 : -1;
+  pColl = sqlite3GetFuncCollSeq(context);
+  assert( pColl );
+  assert( mask==-1 || mask==0 );
+  iBest = 0;
+  if( sqlite3_value_type(argv[0])==SQLITE_NULL ) return;
+  for(i=1; i<argc; i++){
+    if( sqlite3_value_type(argv[i])==SQLITE_NULL ) return;
+    if( (sqlite3MemCompare(argv[iBest], argv[i], pColl)^mask)>=0 ){
+      testcase( mask==0 );
+      iBest = i;
+    }
+  }
+  sqlite3_result_value(context, argv[iBest]);
+}
+
+/*
+** Return the type of the argument.
+*/
+static void typeofFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **argv
+){
+  const char *z = 0;
+  UNUSED_PARAMETER(NotUsed);
+  switch( sqlite3_value_type(argv[0]) ){
+    case SQLITE_INTEGER: z = "integer"; break;
+    case SQLITE_TEXT:    z = "text";    break;
+    case SQLITE_FLOAT:   z = "real";    break;
+    case SQLITE_BLOB:    z = "blob";    break;
+    default:             z = "null";    break;
+  }
+  sqlite3_result_text(context, z, -1, SQLITE_STATIC);
+}
+
+
+/*
+** Implementation of the length() function
+*/
+static void lengthFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  int len;
+
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  switch( sqlite3_value_type(argv[0]) ){
+    case SQLITE_BLOB:
+    case SQLITE_INTEGER:
+    case SQLITE_FLOAT: {
+      sqlite3_result_int(context, sqlite3_value_bytes(argv[0]));
+      break;
+    }
+    case SQLITE_TEXT: {
+      const unsigned char *z = sqlite3_value_text(argv[0]);
+      if( z==0 ) return;
+      len = 0;
+      while( *z ){
+        len++;
+        SQLITE_SKIP_UTF8(z);
+      }
+      sqlite3_result_int(context, len);
+      break;
+    }
+    default: {
+      sqlite3_result_null(context);
+      break;
+    }
+  }
+}
+
+/*
+** Implementation of the abs() function.
+**
+** IMP: R-23979-26855 The abs(X) function returns the absolute value of
+** the numeric argument X. 
+*/
+static void absFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  switch( sqlite3_value_type(argv[0]) ){
+    case SQLITE_INTEGER: {
+      i64 iVal = sqlite3_value_int64(argv[0]);
+      if( iVal<0 ){
+        if( iVal==SMALLEST_INT64 ){
+          /* IMP: R-31676-45509 If X is the integer -9223372036854775808
+          ** then abs(X) throws an integer overflow error since there is no
+          ** equivalent positive 64-bit two complement value. */
+          sqlite3_result_error(context, "integer overflow", -1);
+          return;
+        }
+        iVal = -iVal;
+      } 
+      sqlite3_result_int64(context, iVal);
+      break;
+    }
+    case SQLITE_NULL: {
+      /* IMP: R-37434-19929 Abs(X) returns NULL if X is NULL. */
+      sqlite3_result_null(context);
+      break;
+    }
+    default: {
+      /* Because sqlite3_value_double() returns 0.0 if the argument is not
+      ** something that can be converted into a number, we have:
+      ** IMP: R-01992-00519 Abs(X) returns 0.0 if X is a string or blob
+      ** that cannot be converted to a numeric value.
+      */
+      double rVal = sqlite3_value_double(argv[0]);
+      if( rVal<0 ) rVal = -rVal;
+      sqlite3_result_double(context, rVal);
+      break;
+    }
+  }
+}
+
+/*
+** Implementation of the instr() function.
+**
+** instr(haystack,needle) finds the first occurrence of needle
+** in haystack and returns the number of previous characters plus 1,
+** or 0 if needle does not occur within haystack.
+**
+** If both haystack and needle are BLOBs, then the result is one more than
+** the number of bytes in haystack prior to the first occurrence of needle,
+** or 0 if needle never occurs in haystack.
+*/
+static void instrFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const unsigned char *zHaystack;
+  const unsigned char *zNeedle;
+  int nHaystack;
+  int nNeedle;
+  int typeHaystack, typeNeedle;
+  int N = 1;
+  int isText;
+
+  UNUSED_PARAMETER(argc);
+  typeHaystack = sqlite3_value_type(argv[0]);
+  typeNeedle = sqlite3_value_type(argv[1]);
+  if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
+  nHaystack = sqlite3_value_bytes(argv[0]);
+  nNeedle = sqlite3_value_bytes(argv[1]);
+  if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
+    zHaystack = sqlite3_value_blob(argv[0]);
+    zNeedle = sqlite3_value_blob(argv[1]);
+    isText = 0;
+  }else{
+    zHaystack = sqlite3_value_text(argv[0]);
+    zNeedle = sqlite3_value_text(argv[1]);
+    isText = 1;
+  }
+  while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
+    N++;
+    do{
+      nHaystack--;
+      zHaystack++;
+    }while( isText && (zHaystack[0]&0xc0)==0x80 );
+  }
+  if( nNeedle>nHaystack ) N = 0;
+  sqlite3_result_int(context, N);
+}
+
+/*
+** Implementation of the printf() function.
+*/
+static void printfFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  PrintfArguments x;
+  StrAccum str;
+  const char *zFormat;
+  int n;
+  sqlite3 *db = sqlite3_context_db_handle(context);
+
+  if( argc>=1 && (zFormat = (const char*)sqlite3_value_text(argv[0]))!=0 ){
+    x.nArg = argc-1;
+    x.nUsed = 0;
+    x.apArg = argv+1;
+    sqlite3StrAccumInit(&str, db, 0, 0, db->aLimit[SQLITE_LIMIT_LENGTH]);
+    sqlite3XPrintf(&str, SQLITE_PRINTF_SQLFUNC, zFormat, &x);
+    n = str.nChar;
+    sqlite3_result_text(context, sqlite3StrAccumFinish(&str), n,
+                        SQLITE_DYNAMIC);
+  }
+}
+
+/*
+** Implementation of the substr() function.
+**
+** substr(x,p1,p2)  returns p2 characters of x[] beginning with p1.
+** p1 is 1-indexed.  So substr(x,1,1) returns the first character
+** of x.  If x is text, then we actually count UTF-8 characters.
+** If x is a blob, then we count bytes.
+**
+** If p1 is negative, then we begin abs(p1) from the end of x[].
+**
+** If p2 is negative, return the p2 characters preceding p1.
+*/
+static void substrFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const unsigned char *z;
+  const unsigned char *z2;
+  int len;
+  int p0type;
+  i64 p1, p2;
+  int negP2 = 0;
+
+  assert( argc==3 || argc==2 );
+  if( sqlite3_value_type(argv[1])==SQLITE_NULL
+   || (argc==3 && sqlite3_value_type(argv[2])==SQLITE_NULL)
+  ){
+    return;
+  }
+  p0type = sqlite3_value_type(argv[0]);
+  p1 = sqlite3_value_int(argv[1]);
+  if( p0type==SQLITE_BLOB ){
+    len = sqlite3_value_bytes(argv[0]);
+    z = sqlite3_value_blob(argv[0]);
+    if( z==0 ) return;
+    assert( len==sqlite3_value_bytes(argv[0]) );
+  }else{
+    z = sqlite3_value_text(argv[0]);
+    if( z==0 ) return;
+    len = 0;
+    if( p1<0 ){
+      for(z2=z; *z2; len++){
+        SQLITE_SKIP_UTF8(z2);
+      }
+    }
+  }
+#ifdef SQLITE_SUBSTR_COMPATIBILITY
+  /* If SUBSTR_COMPATIBILITY is defined then substr(X,0,N) work the same as
+  ** as substr(X,1,N) - it returns the first N characters of X.  This
+  ** is essentially a back-out of the bug-fix in check-in [5fc125d362df4b8]
+  ** from 2009-02-02 for compatibility of applications that exploited the
+  ** old buggy behavior. */
+  if( p1==0 ) p1 = 1; /* <rdar://problem/6778339> */
+#endif
+  if( argc==3 ){
+    p2 = sqlite3_value_int(argv[2]);
+    if( p2<0 ){
+      p2 = -p2;
+      negP2 = 1;
+    }
+  }else{
+    p2 = sqlite3_context_db_handle(context)->aLimit[SQLITE_LIMIT_LENGTH];
+  }
+  if( p1<0 ){
+    p1 += len;
+    if( p1<0 ){
+      p2 += p1;
+      if( p2<0 ) p2 = 0;
+      p1 = 0;
+    }
+  }else if( p1>0 ){
+    p1--;
+  }else if( p2>0 ){
+    p2--;
+  }
+  if( negP2 ){
+    p1 -= p2;
+    if( p1<0 ){
+      p2 += p1;
+      p1 = 0;
+    }
+  }
+  assert( p1>=0 && p2>=0 );
+  if( p0type!=SQLITE_BLOB ){
+    while( *z && p1 ){
+      SQLITE_SKIP_UTF8(z);
+      p1--;
+    }
+    for(z2=z; *z2 && p2; p2--){
+      SQLITE_SKIP_UTF8(z2);
+    }
+    sqlite3_result_text64(context, (char*)z, z2-z, SQLITE_TRANSIENT,
+                          SQLITE_UTF8);
+  }else{
+    if( p1+p2>len ){
+      p2 = len-p1;
+      if( p2<0 ) p2 = 0;
+    }
+    sqlite3_result_blob64(context, (char*)&z[p1], (u64)p2, SQLITE_TRANSIENT);
+  }
+}
+
+/*
+** Implementation of the round() function
+*/
+#ifndef SQLITE_OMIT_FLOATING_POINT
+static void roundFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
+  int n = 0;
+  double r;
+  char *zBuf;
+  assert( argc==1 || argc==2 );
+  if( argc==2 ){
+    if( SQLITE_NULL==sqlite3_value_type(argv[1]) ) return;
+    n = sqlite3_value_int(argv[1]);
+    if( n>30 ) n = 30;
+    if( n<0 ) n = 0;
+  }
+  if( sqlite3_value_type(argv[0])==SQLITE_NULL ) return;
+  r = sqlite3_value_double(argv[0]);
+  /* If Y==0 and X will fit in a 64-bit int,
+  ** handle the rounding directly,
+  ** otherwise use printf.
+  */
+  if( n==0 && r>=0 && r<LARGEST_INT64-1 ){
+    r = (double)((sqlite_int64)(r+0.5));
+  }else if( n==0 && r<0 && (-r)<LARGEST_INT64-1 ){
+    r = -(double)((sqlite_int64)((-r)+0.5));
+  }else{
+    zBuf = sqlite3_mprintf("%.*f",n,r);
+    if( zBuf==0 ){
+      sqlite3_result_error_nomem(context);
+      return;
+    }
+    sqlite3AtoF(zBuf, &r, sqlite3Strlen30(zBuf), SQLITE_UTF8);
+    sqlite3_free(zBuf);
+  }
+  sqlite3_result_double(context, r);
+}
+#endif
+
+/*
+** Allocate nByte bytes of space using sqlite3Malloc(). If the
+** allocation fails, call sqlite3_result_error_nomem() to notify
+** the database handle that malloc() has failed and return NULL.
+** If nByte is larger than the maximum string or blob length, then
+** raise an SQLITE_TOOBIG exception and return NULL.
+*/
+static void *contextMalloc(sqlite3_context *context, i64 nByte){
+  char *z;
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  assert( nByte>0 );
+  testcase( nByte==db->aLimit[SQLITE_LIMIT_LENGTH] );
+  testcase( nByte==db->aLimit[SQLITE_LIMIT_LENGTH]+1 );
+  if( nByte>db->aLimit[SQLITE_LIMIT_LENGTH] ){
+    sqlite3_result_error_toobig(context);
+    z = 0;
+  }else{
+    z = sqlite3Malloc(nByte);
+    if( !z ){
+      sqlite3_result_error_nomem(context);
+    }
+  }
+  return z;
+}
+
+/*
+** Implementation of the upper() and lower() SQL functions.
+*/
+static void upperFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
+  char *z1;
+  const char *z2;
+  int i, n;
+  UNUSED_PARAMETER(argc);
+  z2 = (char*)sqlite3_value_text(argv[0]);
+  n = sqlite3_value_bytes(argv[0]);
+  /* Verify that the call to _bytes() does not invalidate the _text() pointer */
+  assert( z2==(char*)sqlite3_value_text(argv[0]) );
+  if( z2 ){
+    z1 = contextMalloc(context, ((i64)n)+1);
+    if( z1 ){
+      for(i=0; i<n; i++){
+        z1[i] = (char)sqlite3Toupper(z2[i]);
+      }
+      sqlite3_result_text(context, z1, n, sqlite3_free);
+    }
+  }
+}
+static void lowerFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
+  char *z1;
+  const char *z2;
+  int i, n;
+  UNUSED_PARAMETER(argc);
+  z2 = (char*)sqlite3_value_text(argv[0]);
+  n = sqlite3_value_bytes(argv[0]);
+  /* Verify that the call to _bytes() does not invalidate the _text() pointer */
+  assert( z2==(char*)sqlite3_value_text(argv[0]) );
+  if( z2 ){
+    z1 = contextMalloc(context, ((i64)n)+1);
+    if( z1 ){
+      for(i=0; i<n; i++){
+        z1[i] = sqlite3Tolower(z2[i]);
+      }
+      sqlite3_result_text(context, z1, n, sqlite3_free);
+    }
+  }
+}
+
+/*
+** Some functions like COALESCE() and IFNULL() and UNLIKELY() are implemented
+** as VDBE code so that unused argument values do not have to be computed.
+** However, we still need some kind of function implementation for this
+** routines in the function table.  The noopFunc macro provides this.
+** noopFunc will never be called so it doesn't matter what the implementation
+** is.  We might as well use the "version()" function as a substitute.
+*/
+#define noopFunc versionFunc   /* Substitute function - never called */
+
+/*
+** Implementation of random().  Return a random integer.  
+*/
+static void randomFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  sqlite_int64 r;
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  sqlite3_randomness(sizeof(r), &r);
+  if( r<0 ){
+    /* We need to prevent a random number of 0x8000000000000000 
+    ** (or -9223372036854775808) since when you do abs() of that
+    ** number of you get the same value back again.  To do this
+    ** in a way that is testable, mask the sign bit off of negative
+    ** values, resulting in a positive value.  Then take the 
+    ** 2s complement of that positive value.  The end result can
+    ** therefore be no less than -9223372036854775807.
+    */
+    r = -(r & LARGEST_INT64);
+  }
+  sqlite3_result_int64(context, r);
+}
+
+/*
+** Implementation of randomblob(N).  Return a random blob
+** that is N bytes long.
+*/
+static void randomBlob(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  int n;
+  unsigned char *p;
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  n = sqlite3_value_int(argv[0]);
+  if( n<1 ){
+    n = 1;
+  }
+  p = contextMalloc(context, n);
+  if( p ){
+    sqlite3_randomness(n, p);
+    sqlite3_result_blob(context, (char*)p, n, sqlite3_free);
+  }
+}
+
+/*
+** Implementation of the last_insert_rowid() SQL function.  The return
+** value is the same as the sqlite3_last_insert_rowid() API function.
+*/
+static void last_insert_rowid(
+  sqlite3_context *context, 
+  int NotUsed, 
+  sqlite3_value **NotUsed2
+){
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  /* IMP: R-51513-12026 The last_insert_rowid() SQL function is a
+  ** wrapper around the sqlite3_last_insert_rowid() C/C++ interface
+  ** function. */
+  sqlite3_result_int64(context, sqlite3_last_insert_rowid(db));
+}
+
+/*
+** Implementation of the changes() SQL function.
+**
+** IMP: R-62073-11209 The changes() SQL function is a wrapper
+** around the sqlite3_changes() C/C++ function and hence follows the same
+** rules for counting changes.
+*/
+static void changes(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  sqlite3_result_int(context, sqlite3_changes(db));
+}
+
+/*
+** Implementation of the total_changes() SQL function.  The return value is
+** the same as the sqlite3_total_changes() API function.
+*/
+static void total_changes(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  /* IMP: R-52756-41993 This function is a wrapper around the
+  ** sqlite3_total_changes() C/C++ interface. */
+  sqlite3_result_int(context, sqlite3_total_changes(db));
+}
+
+/*
+** A structure defining how to do GLOB-style comparisons.
+*/
+struct compareInfo {
+  u8 matchAll;
+  u8 matchOne;
+  u8 matchSet;
+  u8 noCase;
+};
+
+/*
+** For LIKE and GLOB matching on EBCDIC machines, assume that every
+** character is exactly one byte in size.  Also, provde the Utf8Read()
+** macro for fast reading of the next character in the common case where
+** the next character is ASCII.
+*/
+#if defined(SQLITE_EBCDIC)
+# define sqlite3Utf8Read(A)        (*((*A)++))
+# define Utf8Read(A)               (*(A++))
+#else
+# define Utf8Read(A)               (A[0]<0x80?*(A++):sqlite3Utf8Read(&A))
+#endif
+
+static const struct compareInfo globInfo = { '*', '?', '[', 0 };
+/* The correct SQL-92 behavior is for the LIKE operator to ignore
+** case.  Thus  'a' LIKE 'A' would be true. */
+static const struct compareInfo likeInfoNorm = { '%', '_',   0, 1 };
+/* If SQLITE_CASE_SENSITIVE_LIKE is defined, then the LIKE operator
+** is case sensitive causing 'a' LIKE 'A' to be false */
+static const struct compareInfo likeInfoAlt = { '%', '_',   0, 0 };
+
+/*
+** Compare two UTF-8 strings for equality where the first string can
+** potentially be a "glob" or "like" expression.  Return true (1) if they
+** are the same and false (0) if they are different.
+**
+** Globbing rules:
+**
+**      '*'       Matches any sequence of zero or more characters.
+**
+**      '?'       Matches exactly one character.
+**
+**     [...]      Matches one character from the enclosed list of
+**                characters.
+**
+**     [^...]     Matches one character not in the enclosed list.
+**
+** With the [...] and [^...] matching, a ']' character can be included
+** in the list by making it the first character after '[' or '^'.  A
+** range of characters can be specified using '-'.  Example:
+** "[a-z]" matches any single lower-case letter.  To match a '-', make
+** it the last character in the list.
+**
+** Like matching rules:
+** 
+**      '%'       Matches any sequence of zero or more characters
+**
+***     '_'       Matches any one character
+**
+**      Ec        Where E is the "esc" character and c is any other
+**                character, including '%', '_', and esc, match exactly c.
+**
+** The comments within this routine usually assume glob matching.
+**
+** This routine is usually quick, but can be N**2 in the worst case.
+*/
+static int patternCompare(
+  const u8 *zPattern,              /* The glob pattern */
+  const u8 *zString,               /* The string to compare against the glob */
+  const struct compareInfo *pInfo, /* Information about how to do the compare */
+  u32 esc                          /* The escape character */
+){
+  u32 c, c2;                       /* Next pattern and input string chars */
+  u32 matchOne = pInfo->matchOne;  /* "?" or "_" */
+  u32 matchAll = pInfo->matchAll;  /* "*" or "%" */
+  u32 matchOther;                  /* "[" or the escape character */
+  u8 noCase = pInfo->noCase;       /* True if uppercase==lowercase */
+  const u8 *zEscaped = 0;          /* One past the last escaped input char */
+  
+  /* The GLOB operator does not have an ESCAPE clause.  And LIKE does not
+  ** have the matchSet operator.  So we either have to look for one or
+  ** the other, never both.  Hence the single variable matchOther is used
+  ** to store the one we have to look for.
+  */
+  matchOther = esc ? esc : pInfo->matchSet;
+
+  while( (c = Utf8Read(zPattern))!=0 ){
+    if( c==matchAll ){  /* Match "*" */
+      /* Skip over multiple "*" characters in the pattern.  If there
+      ** are also "?" characters, skip those as well, but consume a
+      ** single character of the input string for each "?" skipped */
+      while( (c=Utf8Read(zPattern)) == matchAll || c == matchOne ){
+        if( c==matchOne && sqlite3Utf8Read(&zString)==0 ){
+          return 0;
+        }
+      }
+      if( c==0 ){
+        return 1;   /* "*" at the end of the pattern matches */
+      }else if( c==matchOther ){
+        if( esc ){
+          c = sqlite3Utf8Read(&zPattern);
+          if( c==0 ) return 0;
+        }else{
+          /* "[...]" immediately follows the "*".  We have to do a slow
+          ** recursive search in this case, but it is an unusual case. */
+          assert( matchOther<0x80 );  /* '[' is a single-byte character */
+          while( *zString
+                 && patternCompare(&zPattern[-1],zString,pInfo,esc)==0 ){
+            SQLITE_SKIP_UTF8(zString);
+          }
+          return *zString!=0;
+        }
+      }
+
+      /* At this point variable c contains the first character of the
+      ** pattern string past the "*".  Search in the input string for the
+      ** first matching character and recursively contine the match from
+      ** that point.
+      **
+      ** For a case-insensitive search, set variable cx to be the same as
+      ** c but in the other case and search the input string for either
+      ** c or cx.
+      */
+      if( c<=0x80 ){
+        u32 cx;
+        if( noCase ){
+          cx = sqlite3Toupper(c);
+          c = sqlite3Tolower(c);
+        }else{
+          cx = c;
+        }
+        while( (c2 = *(zString++))!=0 ){
+          if( c2!=c && c2!=cx ) continue;
+          if( patternCompare(zPattern,zString,pInfo,esc) ) return 1;
+        }
+      }else{
+        while( (c2 = Utf8Read(zString))!=0 ){
+          if( c2!=c ) continue;
+          if( patternCompare(zPattern,zString,pInfo,esc) ) return 1;
+        }
+      }
+      return 0;
+    }
+    if( c==matchOther ){
+      if( esc ){
+        c = sqlite3Utf8Read(&zPattern);
+        if( c==0 ) return 0;
+        zEscaped = zPattern;
+      }else{
+        u32 prior_c = 0;
+        int seen = 0;
+        int invert = 0;
+        c = sqlite3Utf8Read(&zString);
+        if( c==0 ) return 0;
+        c2 = sqlite3Utf8Read(&zPattern);
+        if( c2=='^' ){
+          invert = 1;
+          c2 = sqlite3Utf8Read(&zPattern);
+        }
+        if( c2==']' ){
+          if( c==']' ) seen = 1;
+          c2 = sqlite3Utf8Read(&zPattern);
+        }
+        while( c2 && c2!=']' ){
+          if( c2=='-' && zPattern[0]!=']' && zPattern[0]!=0 && prior_c>0 ){
+            c2 = sqlite3Utf8Read(&zPattern);
+            if( c>=prior_c && c<=c2 ) seen = 1;
+            prior_c = 0;
+          }else{
+            if( c==c2 ){
+              seen = 1;
+            }
+            prior_c = c2;
+          }
+          c2 = sqlite3Utf8Read(&zPattern);
+        }
+        if( c2==0 || (seen ^ invert)==0 ){
+          return 0;
+        }
+        continue;
+      }
+    }
+    c2 = Utf8Read(zString);
+    if( c==c2 ) continue;
+    if( noCase && c<0x80 && c2<0x80 && sqlite3Tolower(c)==sqlite3Tolower(c2) ){
+      continue;
+    }
+    if( c==matchOne && zPattern!=zEscaped && c2!=0 ) continue;
+    return 0;
+  }
+  return *zString==0;
+}
+
+/*
+** The sqlite3_strglob() interface.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_strglob(const char *zGlobPattern, const char *zString){
+  return patternCompare((u8*)zGlobPattern, (u8*)zString, &globInfo, 0)==0;
+}
+
+/*
+** The sqlite3_strlike() interface.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_strlike(const char *zPattern, const char *zStr, unsigned int esc){
+  return patternCompare((u8*)zPattern, (u8*)zStr, &likeInfoNorm, esc)==0;
+}
+
+/*
+** Count the number of times that the LIKE operator (or GLOB which is
+** just a variation of LIKE) gets called.  This is used for testing
+** only.
+*/
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_like_count = 0;
+#endif
+
+
+/*
+** Implementation of the like() SQL function.  This function implements
+** the build-in LIKE operator.  The first argument to the function is the
+** pattern and the second argument is the string.  So, the SQL statements:
+**
+**       A LIKE B
+**
+** is implemented as like(B,A).
+**
+** This same function (with a different compareInfo structure) computes
+** the GLOB operator.
+*/
+static void likeFunc(
+  sqlite3_context *context, 
+  int argc, 
+  sqlite3_value **argv
+){
+  const unsigned char *zA, *zB;
+  u32 escape = 0;
+  int nPat;
+  sqlite3 *db = sqlite3_context_db_handle(context);
+
+#ifdef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+  if( sqlite3_value_type(argv[0])==SQLITE_BLOB
+   || sqlite3_value_type(argv[1])==SQLITE_BLOB
+  ){
+#ifdef SQLITE_TEST
+    sqlite3_like_count++;
+#endif
+    sqlite3_result_int(context, 0);
+    return;
+  }
+#endif
+  zB = sqlite3_value_text(argv[0]);
+  zA = sqlite3_value_text(argv[1]);
+
+  /* Limit the length of the LIKE or GLOB pattern to avoid problems
+  ** of deep recursion and N*N behavior in patternCompare().
+  */
+  nPat = sqlite3_value_bytes(argv[0]);
+  testcase( nPat==db->aLimit[SQLITE_LIMIT_LIKE_PATTERN_LENGTH] );
+  testcase( nPat==db->aLimit[SQLITE_LIMIT_LIKE_PATTERN_LENGTH]+1 );
+  if( nPat > db->aLimit[SQLITE_LIMIT_LIKE_PATTERN_LENGTH] ){
+    sqlite3_result_error(context, "LIKE or GLOB pattern too complex", -1);
+    return;
+  }
+  assert( zB==sqlite3_value_text(argv[0]) );  /* Encoding did not change */
+
+  if( argc==3 ){
+    /* The escape character string must consist of a single UTF-8 character.
+    ** Otherwise, return an error.
+    */
+    const unsigned char *zEsc = sqlite3_value_text(argv[2]);
+    if( zEsc==0 ) return;
+    if( sqlite3Utf8CharLen((char*)zEsc, -1)!=1 ){
+      sqlite3_result_error(context, 
+          "ESCAPE expression must be a single character", -1);
+      return;
+    }
+    escape = sqlite3Utf8Read(&zEsc);
+  }
+  if( zA && zB ){
+    struct compareInfo *pInfo = sqlite3_user_data(context);
+#ifdef SQLITE_TEST
+    sqlite3_like_count++;
+#endif
+    
+    sqlite3_result_int(context, patternCompare(zB, zA, pInfo, escape));
+  }
+}
+
+/*
+** Implementation of the NULLIF(x,y) function.  The result is the first
+** argument if the arguments are different.  The result is NULL if the
+** arguments are equal to each other.
+*/
+static void nullifFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **argv
+){
+  CollSeq *pColl = sqlite3GetFuncCollSeq(context);
+  UNUSED_PARAMETER(NotUsed);
+  if( sqlite3MemCompare(argv[0], argv[1], pColl)!=0 ){
+    sqlite3_result_value(context, argv[0]);
+  }
+}
+
+/*
+** Implementation of the sqlite_version() function.  The result is the version
+** of the SQLite library that is running.
+*/
+static void versionFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  /* IMP: R-48699-48617 This function is an SQL wrapper around the
+  ** sqlite3_libversion() C-interface. */
+  sqlite3_result_text(context, sqlite3_libversion(), -1, SQLITE_STATIC);
+}
+
+/*
+** Implementation of the sqlite_source_id() function. The result is a string
+** that identifies the particular version of the source code used to build
+** SQLite.
+*/
+static void sourceidFunc(
+  sqlite3_context *context,
+  int NotUsed,
+  sqlite3_value **NotUsed2
+){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  /* IMP: R-24470-31136 This function is an SQL wrapper around the
+  ** sqlite3_sourceid() C interface. */
+  sqlite3_result_text(context, sqlite3_sourceid(), -1, SQLITE_STATIC);
+}
+
+/*
+** Implementation of the sqlite_log() function.  This is a wrapper around
+** sqlite3_log().  The return value is NULL.  The function exists purely for
+** its side-effects.
+*/
+static void errlogFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  UNUSED_PARAMETER(argc);
+  UNUSED_PARAMETER(context);
+  sqlite3_log(sqlite3_value_int(argv[0]), "%s", sqlite3_value_text(argv[1]));
+}
+
+/*
+** Implementation of the sqlite_compileoption_used() function.
+** The result is an integer that identifies if the compiler option
+** was used to build SQLite.
+*/
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+static void compileoptionusedFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const char *zOptName;
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  /* IMP: R-39564-36305 The sqlite_compileoption_used() SQL
+  ** function is a wrapper around the sqlite3_compileoption_used() C/C++
+  ** function.
+  */
+  if( (zOptName = (const char*)sqlite3_value_text(argv[0]))!=0 ){
+    sqlite3_result_int(context, sqlite3_compileoption_used(zOptName));
+  }
+}
+#endif /* SQLITE_OMIT_COMPILEOPTION_DIAGS */
+
+/*
+** Implementation of the sqlite_compileoption_get() function. 
+** The result is a string that identifies the compiler options 
+** used to build SQLite.
+*/
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+static void compileoptiongetFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  int n;
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  /* IMP: R-04922-24076 The sqlite_compileoption_get() SQL function
+  ** is a wrapper around the sqlite3_compileoption_get() C/C++ function.
+  */
+  n = sqlite3_value_int(argv[0]);
+  sqlite3_result_text(context, sqlite3_compileoption_get(n), -1, SQLITE_STATIC);
+}
+#endif /* SQLITE_OMIT_COMPILEOPTION_DIAGS */
+
+/* Array for converting from half-bytes (nybbles) into ASCII hex
+** digits. */
+static const char hexdigits[] = {
+  '0', '1', '2', '3', '4', '5', '6', '7',
+  '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' 
+};
+
+/*
+** Implementation of the QUOTE() function.  This function takes a single
+** argument.  If the argument is numeric, the return value is the same as
+** the argument.  If the argument is NULL, the return value is the string
+** "NULL".  Otherwise, the argument is enclosed in single quotes with
+** single-quote escapes.
+*/
+static void quoteFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  switch( sqlite3_value_type(argv[0]) ){
+    case SQLITE_FLOAT: {
+      double r1, r2;
+      char zBuf[50];
+      r1 = sqlite3_value_double(argv[0]);
+      sqlite3_snprintf(sizeof(zBuf), zBuf, "%!.15g", r1);
+      sqlite3AtoF(zBuf, &r2, 20, SQLITE_UTF8);
+      if( r1!=r2 ){
+        sqlite3_snprintf(sizeof(zBuf), zBuf, "%!.20e", r1);
+      }
+      sqlite3_result_text(context, zBuf, -1, SQLITE_TRANSIENT);
+      break;
+    }
+    case SQLITE_INTEGER: {
+      sqlite3_result_value(context, argv[0]);
+      break;
+    }
+    case SQLITE_BLOB: {
+      char *zText = 0;
+      char const *zBlob = sqlite3_value_blob(argv[0]);
+      int nBlob = sqlite3_value_bytes(argv[0]);
+      assert( zBlob==sqlite3_value_blob(argv[0]) ); /* No encoding change */
+      zText = (char *)contextMalloc(context, (2*(i64)nBlob)+4); 
+      if( zText ){
+        int i;
+        for(i=0; i<nBlob; i++){
+          zText[(i*2)+2] = hexdigits[(zBlob[i]>>4)&0x0F];
+          zText[(i*2)+3] = hexdigits[(zBlob[i])&0x0F];
+        }
+        zText[(nBlob*2)+2] = '\'';
+        zText[(nBlob*2)+3] = '\0';
+        zText[0] = 'X';
+        zText[1] = '\'';
+        sqlite3_result_text(context, zText, -1, SQLITE_TRANSIENT);
+        sqlite3_free(zText);
+      }
+      break;
+    }
+    case SQLITE_TEXT: {
+      int i,j;
+      u64 n;
+      const unsigned char *zArg = sqlite3_value_text(argv[0]);
+      char *z;
+
+      if( zArg==0 ) return;
+      for(i=0, n=0; zArg[i]; i++){ if( zArg[i]=='\'' ) n++; }
+      z = contextMalloc(context, ((i64)i)+((i64)n)+3);
+      if( z ){
+        z[0] = '\'';
+        for(i=0, j=1; zArg[i]; i++){
+          z[j++] = zArg[i];
+          if( zArg[i]=='\'' ){
+            z[j++] = '\'';
+          }
+        }
+        z[j++] = '\'';
+        z[j] = 0;
+        sqlite3_result_text(context, z, j, sqlite3_free);
+      }
+      break;
+    }
+    default: {
+      assert( sqlite3_value_type(argv[0])==SQLITE_NULL );
+      sqlite3_result_text(context, "NULL", 4, SQLITE_STATIC);
+      break;
+    }
+  }
+}
+
+/*
+** The unicode() function.  Return the integer unicode code-point value
+** for the first character of the input string. 
+*/
+static void unicodeFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const unsigned char *z = sqlite3_value_text(argv[0]);
+  (void)argc;
+  if( z && z[0] ) sqlite3_result_int(context, sqlite3Utf8Read(&z));
+}
+
+/*
+** The char() function takes zero or more arguments, each of which is
+** an integer.  It constructs a string where each character of the string
+** is the unicode character for the corresponding integer argument.
+*/
+static void charFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  unsigned char *z, *zOut;
+  int i;
+  zOut = z = sqlite3_malloc64( argc*4+1 );
+  if( z==0 ){
+    sqlite3_result_error_nomem(context);
+    return;
+  }
+  for(i=0; i<argc; i++){
+    sqlite3_int64 x;
+    unsigned c;
+    x = sqlite3_value_int64(argv[i]);
+    if( x<0 || x>0x10ffff ) x = 0xfffd;
+    c = (unsigned)(x & 0x1fffff);
+    if( c<0x00080 ){
+      *zOut++ = (u8)(c&0xFF);
+    }else if( c<0x00800 ){
+      *zOut++ = 0xC0 + (u8)((c>>6)&0x1F);
+      *zOut++ = 0x80 + (u8)(c & 0x3F);
+    }else if( c<0x10000 ){
+      *zOut++ = 0xE0 + (u8)((c>>12)&0x0F);
+      *zOut++ = 0x80 + (u8)((c>>6) & 0x3F);
+      *zOut++ = 0x80 + (u8)(c & 0x3F);
+    }else{
+      *zOut++ = 0xF0 + (u8)((c>>18) & 0x07);
+      *zOut++ = 0x80 + (u8)((c>>12) & 0x3F);
+      *zOut++ = 0x80 + (u8)((c>>6) & 0x3F);
+      *zOut++ = 0x80 + (u8)(c & 0x3F);
+    }                                                    \
+  }
+  sqlite3_result_text64(context, (char*)z, zOut-z, sqlite3_free, SQLITE_UTF8);
+}
+
+/*
+** The hex() function.  Interpret the argument as a blob.  Return
+** a hexadecimal rendering as text.
+*/
+static void hexFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  int i, n;
+  const unsigned char *pBlob;
+  char *zHex, *z;
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  pBlob = sqlite3_value_blob(argv[0]);
+  n = sqlite3_value_bytes(argv[0]);
+  assert( pBlob==sqlite3_value_blob(argv[0]) );  /* No encoding change */
+  z = zHex = contextMalloc(context, ((i64)n)*2 + 1);
+  if( zHex ){
+    for(i=0; i<n; i++, pBlob++){
+      unsigned char c = *pBlob;
+      *(z++) = hexdigits[(c>>4)&0xf];
+      *(z++) = hexdigits[c&0xf];
+    }
+    *z = 0;
+    sqlite3_result_text(context, zHex, n*2, sqlite3_free);
+  }
+}
+
+/*
+** The zeroblob(N) function returns a zero-filled blob of size N bytes.
+*/
+static void zeroblobFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  i64 n;
+  int rc;
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  n = sqlite3_value_int64(argv[0]);
+  if( n<0 ) n = 0;
+  rc = sqlite3_result_zeroblob64(context, n); /* IMP: R-00293-64994 */
+  if( rc ){
+    sqlite3_result_error_code(context, rc);
+  }
+}
+
+/*
+** The replace() function.  Three arguments are all strings: call
+** them A, B, and C. The result is also a string which is derived
+** from A by replacing every occurrence of B with C.  The match
+** must be exact.  Collating sequences are not used.
+*/
+static void replaceFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const unsigned char *zStr;        /* The input string A */
+  const unsigned char *zPattern;    /* The pattern string B */
+  const unsigned char *zRep;        /* The replacement string C */
+  unsigned char *zOut;              /* The output */
+  int nStr;                /* Size of zStr */
+  int nPattern;            /* Size of zPattern */
+  int nRep;                /* Size of zRep */
+  i64 nOut;                /* Maximum size of zOut */
+  int loopLimit;           /* Last zStr[] that might match zPattern[] */
+  int i, j;                /* Loop counters */
+
+  assert( argc==3 );
+  UNUSED_PARAMETER(argc);
+  zStr = sqlite3_value_text(argv[0]);
+  if( zStr==0 ) return;
+  nStr = sqlite3_value_bytes(argv[0]);
+  assert( zStr==sqlite3_value_text(argv[0]) );  /* No encoding change */
+  zPattern = sqlite3_value_text(argv[1]);
+  if( zPattern==0 ){
+    assert( sqlite3_value_type(argv[1])==SQLITE_NULL
+            || sqlite3_context_db_handle(context)->mallocFailed );
+    return;
+  }
+  if( zPattern[0]==0 ){
+    assert( sqlite3_value_type(argv[1])!=SQLITE_NULL );
+    sqlite3_result_value(context, argv[0]);
+    return;
+  }
+  nPattern = sqlite3_value_bytes(argv[1]);
+  assert( zPattern==sqlite3_value_text(argv[1]) );  /* No encoding change */
+  zRep = sqlite3_value_text(argv[2]);
+  if( zRep==0 ) return;
+  nRep = sqlite3_value_bytes(argv[2]);
+  assert( zRep==sqlite3_value_text(argv[2]) );
+  nOut = nStr + 1;
+  assert( nOut<SQLITE_MAX_LENGTH );
+  zOut = contextMalloc(context, (i64)nOut);
+  if( zOut==0 ){
+    return;
+  }
+  loopLimit = nStr - nPattern;  
+  for(i=j=0; i<=loopLimit; i++){
+    if( zStr[i]!=zPattern[0] || memcmp(&zStr[i], zPattern, nPattern) ){
+      zOut[j++] = zStr[i];
+    }else{
+      u8 *zOld;
+      sqlite3 *db = sqlite3_context_db_handle(context);
+      nOut += nRep - nPattern;
+      testcase( nOut-1==db->aLimit[SQLITE_LIMIT_LENGTH] );
+      testcase( nOut-2==db->aLimit[SQLITE_LIMIT_LENGTH] );
+      if( nOut-1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
+        sqlite3_result_error_toobig(context);
+        sqlite3_free(zOut);
+        return;
+      }
+      zOld = zOut;
+      zOut = sqlite3_realloc64(zOut, (int)nOut);
+      if( zOut==0 ){
+        sqlite3_result_error_nomem(context);
+        sqlite3_free(zOld);
+        return;
+      }
+      memcpy(&zOut[j], zRep, nRep);
+      j += nRep;
+      i += nPattern-1;
+    }
+  }
+  assert( j+nStr-i+1==nOut );
+  memcpy(&zOut[j], &zStr[i], nStr-i);
+  j += nStr - i;
+  assert( j<=nOut );
+  zOut[j] = 0;
+  sqlite3_result_text(context, (char*)zOut, j, sqlite3_free);
+}
+
+/*
+** Implementation of the TRIM(), LTRIM(), and RTRIM() functions.
+** The userdata is 0x1 for left trim, 0x2 for right trim, 0x3 for both.
+*/
+static void trimFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const unsigned char *zIn;         /* Input string */
+  const unsigned char *zCharSet;    /* Set of characters to trim */
+  int nIn;                          /* Number of bytes in input */
+  int flags;                        /* 1: trimleft  2: trimright  3: trim */
+  int i;                            /* Loop counter */
+  unsigned char *aLen = 0;          /* Length of each character in zCharSet */
+  unsigned char **azChar = 0;       /* Individual characters in zCharSet */
+  int nChar;                        /* Number of characters in zCharSet */
+
+  if( sqlite3_value_type(argv[0])==SQLITE_NULL ){
+    return;
+  }
+  zIn = sqlite3_value_text(argv[0]);
+  if( zIn==0 ) return;
+  nIn = sqlite3_value_bytes(argv[0]);
+  assert( zIn==sqlite3_value_text(argv[0]) );
+  if( argc==1 ){
+    static const unsigned char lenOne[] = { 1 };
+    static unsigned char * const azOne[] = { (u8*)" " };
+    nChar = 1;
+    aLen = (u8*)lenOne;
+    azChar = (unsigned char **)azOne;
+    zCharSet = 0;
+  }else if( (zCharSet = sqlite3_value_text(argv[1]))==0 ){
+    return;
+  }else{
+    const unsigned char *z;
+    for(z=zCharSet, nChar=0; *z; nChar++){
+      SQLITE_SKIP_UTF8(z);
+    }
+    if( nChar>0 ){
+      azChar = contextMalloc(context, ((i64)nChar)*(sizeof(char*)+1));
+      if( azChar==0 ){
+        return;
+      }
+      aLen = (unsigned char*)&azChar[nChar];
+      for(z=zCharSet, nChar=0; *z; nChar++){
+        azChar[nChar] = (unsigned char *)z;
+        SQLITE_SKIP_UTF8(z);
+        aLen[nChar] = (u8)(z - azChar[nChar]);
+      }
+    }
+  }
+  if( nChar>0 ){
+    flags = SQLITE_PTR_TO_INT(sqlite3_user_data(context));
+    if( flags & 1 ){
+      while( nIn>0 ){
+        int len = 0;
+        for(i=0; i<nChar; i++){
+          len = aLen[i];
+          if( len<=nIn && memcmp(zIn, azChar[i], len)==0 ) break;
+        }
+        if( i>=nChar ) break;
+        zIn += len;
+        nIn -= len;
+      }
+    }
+    if( flags & 2 ){
+      while( nIn>0 ){
+        int len = 0;
+        for(i=0; i<nChar; i++){
+          len = aLen[i];
+          if( len<=nIn && memcmp(&zIn[nIn-len],azChar[i],len)==0 ) break;
+        }
+        if( i>=nChar ) break;
+        nIn -= len;
+      }
+    }
+    if( zCharSet ){
+      sqlite3_free(azChar);
+    }
+  }
+  sqlite3_result_text(context, (char*)zIn, nIn, SQLITE_TRANSIENT);
+}
+
+
+/* IMP: R-25361-16150 This function is omitted from SQLite by default. It
+** is only available if the SQLITE_SOUNDEX compile-time option is used
+** when SQLite is built.
+*/
+#ifdef SQLITE_SOUNDEX
+/*
+** Compute the soundex encoding of a word.
+**
+** IMP: R-59782-00072 The soundex(X) function returns a string that is the
+** soundex encoding of the string X. 
+*/
+static void soundexFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  char zResult[8];
+  const u8 *zIn;
+  int i, j;
+  static const unsigned char iCode[] = {
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 1, 2, 3, 0, 1, 2, 0, 0, 2, 2, 4, 5, 5, 0,
+    1, 2, 6, 2, 3, 0, 1, 0, 2, 0, 2, 0, 0, 0, 0, 0,
+    0, 0, 1, 2, 3, 0, 1, 2, 0, 0, 2, 2, 4, 5, 5, 0,
+    1, 2, 6, 2, 3, 0, 1, 0, 2, 0, 2, 0, 0, 0, 0, 0,
+  };
+  assert( argc==1 );
+  zIn = (u8*)sqlite3_value_text(argv[0]);
+  if( zIn==0 ) zIn = (u8*)"";
+  for(i=0; zIn[i] && !sqlite3Isalpha(zIn[i]); i++){}
+  if( zIn[i] ){
+    u8 prevcode = iCode[zIn[i]&0x7f];
+    zResult[0] = sqlite3Toupper(zIn[i]);
+    for(j=1; j<4 && zIn[i]; i++){
+      int code = iCode[zIn[i]&0x7f];
+      if( code>0 ){
+        if( code!=prevcode ){
+          prevcode = code;
+          zResult[j++] = code + '0';
+        }
+      }else{
+        prevcode = 0;
+      }
+    }
+    while( j<4 ){
+      zResult[j++] = '0';
+    }
+    zResult[j] = 0;
+    sqlite3_result_text(context, zResult, 4, SQLITE_TRANSIENT);
+  }else{
+    /* IMP: R-64894-50321 The string "?000" is returned if the argument
+    ** is NULL or contains no ASCII alphabetic characters. */
+    sqlite3_result_text(context, "?000", 4, SQLITE_STATIC);
+  }
+}
+#endif /* SQLITE_SOUNDEX */
+
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+/*
+** A function that loads a shared-library extension then returns NULL.
+*/
+static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){
+  const char *zFile = (const char *)sqlite3_value_text(argv[0]);
+  const char *zProc;
+  sqlite3 *db = sqlite3_context_db_handle(context);
+  char *zErrMsg = 0;
+
+  if( argc==2 ){
+    zProc = (const char *)sqlite3_value_text(argv[1]);
+  }else{
+    zProc = 0;
+  }
+  if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){
+    sqlite3_result_error(context, zErrMsg, -1);
+    sqlite3_free(zErrMsg);
+  }
+}
+#endif
+
+
+/*
+** An instance of the following structure holds the context of a
+** sum() or avg() aggregate computation.
+*/
+typedef struct SumCtx SumCtx;
+struct SumCtx {
+  double rSum;      /* Floating point sum */
+  i64 iSum;         /* Integer sum */   
+  i64 cnt;          /* Number of elements summed */
+  u8 overflow;      /* True if integer overflow seen */
+  u8 approx;        /* True if non-integer value was input to the sum */
+};
+
+/*
+** Routines used to compute the sum, average, and total.
+**
+** The SUM() function follows the (broken) SQL standard which means
+** that it returns NULL if it sums over no inputs.  TOTAL returns
+** 0.0 in that case.  In addition, TOTAL always returns a float where
+** SUM might return an integer if it never encounters a floating point
+** value.  TOTAL never fails, but SUM might through an exception if
+** it overflows an integer.
+*/
+static void sumStep(sqlite3_context *context, int argc, sqlite3_value **argv){
+  SumCtx *p;
+  int type;
+  assert( argc==1 );
+  UNUSED_PARAMETER(argc);
+  p = sqlite3_aggregate_context(context, sizeof(*p));
+  type = sqlite3_value_numeric_type(argv[0]);
+  if( p && type!=SQLITE_NULL ){
+    p->cnt++;
+    if( type==SQLITE_INTEGER ){
+      i64 v = sqlite3_value_int64(argv[0]);
+      p->rSum += v;
+      if( (p->approx|p->overflow)==0 && sqlite3AddInt64(&p->iSum, v) ){
+        p->overflow = 1;
+      }
+    }else{
+      p->rSum += sqlite3_value_double(argv[0]);
+      p->approx = 1;
+    }
+  }
+}
+static void sumFinalize(sqlite3_context *context){
+  SumCtx *p;
+  p = sqlite3_aggregate_context(context, 0);
+  if( p && p->cnt>0 ){
+    if( p->overflow ){
+      sqlite3_result_error(context,"integer overflow",-1);
+    }else if( p->approx ){
+      sqlite3_result_double(context, p->rSum);
+    }else{
+      sqlite3_result_int64(context, p->iSum);
+    }
+  }
+}
+static void avgFinalize(sqlite3_context *context){
+  SumCtx *p;
+  p = sqlite3_aggregate_context(context, 0);
+  if( p && p->cnt>0 ){
+    sqlite3_result_double(context, p->rSum/(double)p->cnt);
+  }
+}
+static void totalFinalize(sqlite3_context *context){
+  SumCtx *p;
+  p = sqlite3_aggregate_context(context, 0);
+  /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
+  sqlite3_result_double(context, p ? p->rSum : (double)0);
+}
+
+/*
+** The following structure keeps track of state information for the
+** count() aggregate function.
+*/
+typedef struct CountCtx CountCtx;
+struct CountCtx {
+  i64 n;
+};
+
+/*
+** Routines to implement the count() aggregate function.
+*/
+static void countStep(sqlite3_context *context, int argc, sqlite3_value **argv){
+  CountCtx *p;
+  p = sqlite3_aggregate_context(context, sizeof(*p));
+  if( (argc==0 || SQLITE_NULL!=sqlite3_value_type(argv[0])) && p ){
+    p->n++;
+  }
+
+#ifndef SQLITE_OMIT_DEPRECATED
+  /* The sqlite3_aggregate_count() function is deprecated.  But just to make
+  ** sure it still operates correctly, verify that its count agrees with our 
+  ** internal count when using count(*) and when the total count can be
+  ** expressed as a 32-bit integer. */
+  assert( argc==1 || p==0 || p->n>0x7fffffff
+          || p->n==sqlite3_aggregate_count(context) );
+#endif
+}   
+static void countFinalize(sqlite3_context *context){
+  CountCtx *p;
+  p = sqlite3_aggregate_context(context, 0);
+  sqlite3_result_int64(context, p ? p->n : 0);
+}
+
+/*
+** Routines to implement min() and max() aggregate functions.
+*/
+static void minmaxStep(
+  sqlite3_context *context, 
+  int NotUsed, 
+  sqlite3_value **argv
+){
+  Mem *pArg  = (Mem *)argv[0];
+  Mem *pBest;
+  UNUSED_PARAMETER(NotUsed);
+
+  pBest = (Mem *)sqlite3_aggregate_context(context, sizeof(*pBest));
+  if( !pBest ) return;
+
+  if( sqlite3_value_type(argv[0])==SQLITE_NULL ){
+    if( pBest->flags ) sqlite3SkipAccumulatorLoad(context);
+  }else if( pBest->flags ){
+    int max;
+    int cmp;
+    CollSeq *pColl = sqlite3GetFuncCollSeq(context);
+    /* This step function is used for both the min() and max() aggregates,
+    ** the only difference between the two being that the sense of the
+    ** comparison is inverted. For the max() aggregate, the
+    ** sqlite3_user_data() function returns (void *)-1. For min() it
+    ** returns (void *)db, where db is the sqlite3* database pointer.
+    ** Therefore the next statement sets variable 'max' to 1 for the max()
+    ** aggregate, or 0 for min().
+    */
+    max = sqlite3_user_data(context)!=0;
+    cmp = sqlite3MemCompare(pBest, pArg, pColl);
+    if( (max && cmp<0) || (!max && cmp>0) ){
+      sqlite3VdbeMemCopy(pBest, pArg);
+    }else{
+      sqlite3SkipAccumulatorLoad(context);
+    }
+  }else{
+    pBest->db = sqlite3_context_db_handle(context);
+    sqlite3VdbeMemCopy(pBest, pArg);
+  }
+}
+static void minMaxFinalize(sqlite3_context *context){
+  sqlite3_value *pRes;
+  pRes = (sqlite3_value *)sqlite3_aggregate_context(context, 0);
+  if( pRes ){
+    if( pRes->flags ){
+      sqlite3_result_value(context, pRes);
+    }
+    sqlite3VdbeMemRelease(pRes);
+  }
+}
+
+/*
+** group_concat(EXPR, ?SEPARATOR?)
+*/
+static void groupConcatStep(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const char *zVal;
+  StrAccum *pAccum;
+  const char *zSep;
+  int nVal, nSep;
+  assert( argc==1 || argc==2 );
+  if( sqlite3_value_type(argv[0])==SQLITE_NULL ) return;
+  pAccum = (StrAccum*)sqlite3_aggregate_context(context, sizeof(*pAccum));
+
+  if( pAccum ){
+    sqlite3 *db = sqlite3_context_db_handle(context);
+    int firstTerm = pAccum->mxAlloc==0;
+    pAccum->mxAlloc = db->aLimit[SQLITE_LIMIT_LENGTH];
+    if( !firstTerm ){
+      if( argc==2 ){
+        zSep = (char*)sqlite3_value_text(argv[1]);
+        nSep = sqlite3_value_bytes(argv[1]);
+      }else{
+        zSep = ",";
+        nSep = 1;
+      }
+      if( nSep ) sqlite3StrAccumAppend(pAccum, zSep, nSep);
+    }
+    zVal = (char*)sqlite3_value_text(argv[0]);
+    nVal = sqlite3_value_bytes(argv[0]);
+    if( zVal ) sqlite3StrAccumAppend(pAccum, zVal, nVal);
+  }
+}
+static void groupConcatFinalize(sqlite3_context *context){
+  StrAccum *pAccum;
+  pAccum = sqlite3_aggregate_context(context, 0);
+  if( pAccum ){
+    if( pAccum->accError==STRACCUM_TOOBIG ){
+      sqlite3_result_error_toobig(context);
+    }else if( pAccum->accError==STRACCUM_NOMEM ){
+      sqlite3_result_error_nomem(context);
+    }else{    
+      sqlite3_result_text(context, sqlite3StrAccumFinish(pAccum), -1, 
+                          sqlite3_free);
+    }
+  }
+}
+
+/*
+** This routine does per-connection function registration.  Most
+** of the built-in functions above are part of the global function set.
+** This routine only deals with those that are not global.
+*/
+SQLITE_PRIVATE void sqlite3RegisterBuiltinFunctions(sqlite3 *db){
+  int rc = sqlite3_overload_function(db, "MATCH", 2);
+  assert( rc==SQLITE_NOMEM || rc==SQLITE_OK );
+  if( rc==SQLITE_NOMEM ){
+    db->mallocFailed = 1;
+  }
+}
+
+/*
+** Set the LIKEOPT flag on the 2-argument function with the given name.
+*/
+static void setLikeOptFlag(sqlite3 *db, const char *zName, u8 flagVal){
+  FuncDef *pDef;
+  pDef = sqlite3FindFunction(db, zName, sqlite3Strlen30(zName),
+                             2, SQLITE_UTF8, 0);
+  if( ALWAYS(pDef) ){
+    pDef->funcFlags |= flagVal;
+  }
+}
+
+/*
+** Register the built-in LIKE and GLOB functions.  The caseSensitive
+** parameter determines whether or not the LIKE operator is case
+** sensitive.  GLOB is always case sensitive.
+*/
+SQLITE_PRIVATE void sqlite3RegisterLikeFunctions(sqlite3 *db, int caseSensitive){
+  struct compareInfo *pInfo;
+  if( caseSensitive ){
+    pInfo = (struct compareInfo*)&likeInfoAlt;
+  }else{
+    pInfo = (struct compareInfo*)&likeInfoNorm;
+  }
+  sqlite3CreateFunc(db, "like", 2, SQLITE_UTF8, pInfo, likeFunc, 0, 0, 0);
+  sqlite3CreateFunc(db, "like", 3, SQLITE_UTF8, pInfo, likeFunc, 0, 0, 0);
+  sqlite3CreateFunc(db, "glob", 2, SQLITE_UTF8, 
+      (struct compareInfo*)&globInfo, likeFunc, 0, 0, 0);
+  setLikeOptFlag(db, "glob", SQLITE_FUNC_LIKE | SQLITE_FUNC_CASE);
+  setLikeOptFlag(db, "like", 
+      caseSensitive ? (SQLITE_FUNC_LIKE | SQLITE_FUNC_CASE) : SQLITE_FUNC_LIKE);
+}
+
+/*
+** pExpr points to an expression which implements a function.  If
+** it is appropriate to apply the LIKE optimization to that function
+** then set aWc[0] through aWc[2] to the wildcard characters and
+** return TRUE.  If the function is not a LIKE-style function then
+** return FALSE.
+**
+** *pIsNocase is set to true if uppercase and lowercase are equivalent for
+** the function (default for LIKE).  If the function makes the distinction
+** between uppercase and lowercase (as does GLOB) then *pIsNocase is set to
+** false.
+*/
+SQLITE_PRIVATE int sqlite3IsLikeFunction(sqlite3 *db, Expr *pExpr, int *pIsNocase, char *aWc){
+  FuncDef *pDef;
+  if( pExpr->op!=TK_FUNCTION 
+   || !pExpr->x.pList 
+   || pExpr->x.pList->nExpr!=2
+  ){
+    return 0;
+  }
+  assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
+  pDef = sqlite3FindFunction(db, pExpr->u.zToken, 
+                             sqlite3Strlen30(pExpr->u.zToken),
+                             2, SQLITE_UTF8, 0);
+  if( NEVER(pDef==0) || (pDef->funcFlags & SQLITE_FUNC_LIKE)==0 ){
+    return 0;
+  }
+
+  /* The memcpy() statement assumes that the wildcard characters are
+  ** the first three statements in the compareInfo structure.  The
+  ** asserts() that follow verify that assumption
+  */
+  memcpy(aWc, pDef->pUserData, 3);
+  assert( (char*)&likeInfoAlt == (char*)&likeInfoAlt.matchAll );
+  assert( &((char*)&likeInfoAlt)[1] == (char*)&likeInfoAlt.matchOne );
+  assert( &((char*)&likeInfoAlt)[2] == (char*)&likeInfoAlt.matchSet );
+  *pIsNocase = (pDef->funcFlags & SQLITE_FUNC_CASE)==0;
+  return 1;
+}
+
+/*
+** All of the FuncDef structures in the aBuiltinFunc[] array above
+** to the global function hash table.  This occurs at start-time (as
+** a consequence of calling sqlite3_initialize()).
+**
+** After this routine runs
+*/
+SQLITE_PRIVATE void sqlite3RegisterGlobalFunctions(void){
+  /*
+  ** The following array holds FuncDef structures for all of the functions
+  ** defined in this file.
+  **
+  ** The array cannot be constant since changes are made to the
+  ** FuncDef.pHash elements at start-time.  The elements of this array
+  ** are read-only after initialization is complete.
+  */
+  static SQLITE_WSD FuncDef aBuiltinFunc[] = {
+    FUNCTION(ltrim,              1, 1, 0, trimFunc         ),
+    FUNCTION(ltrim,              2, 1, 0, trimFunc         ),
+    FUNCTION(rtrim,              1, 2, 0, trimFunc         ),
+    FUNCTION(rtrim,              2, 2, 0, trimFunc         ),
+    FUNCTION(trim,               1, 3, 0, trimFunc         ),
+    FUNCTION(trim,               2, 3, 0, trimFunc         ),
+    FUNCTION(min,               -1, 0, 1, minmaxFunc       ),
+    FUNCTION(min,                0, 0, 1, 0                ),
+    AGGREGATE2(min,              1, 0, 1, minmaxStep,      minMaxFinalize,
+                                          SQLITE_FUNC_MINMAX ),
+    FUNCTION(max,               -1, 1, 1, minmaxFunc       ),
+    FUNCTION(max,                0, 1, 1, 0                ),
+    AGGREGATE2(max,              1, 1, 1, minmaxStep,      minMaxFinalize,
+                                          SQLITE_FUNC_MINMAX ),
+    FUNCTION2(typeof,            1, 0, 0, typeofFunc,  SQLITE_FUNC_TYPEOF),
+    FUNCTION2(length,            1, 0, 0, lengthFunc,  SQLITE_FUNC_LENGTH),
+    FUNCTION(instr,              2, 0, 0, instrFunc        ),
+    FUNCTION(substr,             2, 0, 0, substrFunc       ),
+    FUNCTION(substr,             3, 0, 0, substrFunc       ),
+    FUNCTION(printf,            -1, 0, 0, printfFunc       ),
+    FUNCTION(unicode,            1, 0, 0, unicodeFunc      ),
+    FUNCTION(char,              -1, 0, 0, charFunc         ),
+    FUNCTION(abs,                1, 0, 0, absFunc          ),
+#ifndef SQLITE_OMIT_FLOATING_POINT
+    FUNCTION(round,              1, 0, 0, roundFunc        ),
+    FUNCTION(round,              2, 0, 0, roundFunc        ),
+#endif
+    FUNCTION(upper,              1, 0, 0, upperFunc        ),
+    FUNCTION(lower,              1, 0, 0, lowerFunc        ),
+    FUNCTION(coalesce,           1, 0, 0, 0                ),
+    FUNCTION(coalesce,           0, 0, 0, 0                ),
+    FUNCTION2(coalesce,         -1, 0, 0, noopFunc,  SQLITE_FUNC_COALESCE),
+    FUNCTION(hex,                1, 0, 0, hexFunc          ),
+    FUNCTION2(ifnull,            2, 0, 0, noopFunc,  SQLITE_FUNC_COALESCE),
+    FUNCTION2(unlikely,          1, 0, 0, noopFunc,  SQLITE_FUNC_UNLIKELY),
+    FUNCTION2(likelihood,        2, 0, 0, noopFunc,  SQLITE_FUNC_UNLIKELY),
+    FUNCTION2(likely,            1, 0, 0, noopFunc,  SQLITE_FUNC_UNLIKELY),
+    VFUNCTION(random,            0, 0, 0, randomFunc       ),
+    VFUNCTION(randomblob,        1, 0, 0, randomBlob       ),
+    FUNCTION(nullif,             2, 0, 1, nullifFunc       ),
+    DFUNCTION(sqlite_version,    0, 0, 0, versionFunc      ),
+    DFUNCTION(sqlite_source_id,  0, 0, 0, sourceidFunc     ),
+    FUNCTION(sqlite_log,         2, 0, 0, errlogFunc       ),
+#if SQLITE_USER_AUTHENTICATION
+    FUNCTION(sqlite_crypt,       2, 0, 0, sqlite3CryptFunc ),
+#endif
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+    DFUNCTION(sqlite_compileoption_used,1, 0, 0, compileoptionusedFunc  ),
+    DFUNCTION(sqlite_compileoption_get, 1, 0, 0, compileoptiongetFunc  ),
+#endif /* SQLITE_OMIT_COMPILEOPTION_DIAGS */
+    FUNCTION(quote,              1, 0, 0, quoteFunc        ),
+    VFUNCTION(last_insert_rowid, 0, 0, 0, last_insert_rowid),
+    VFUNCTION(changes,           0, 0, 0, changes          ),
+    VFUNCTION(total_changes,     0, 0, 0, total_changes    ),
+    FUNCTION(replace,            3, 0, 0, replaceFunc      ),
+    FUNCTION(zeroblob,           1, 0, 0, zeroblobFunc     ),
+  #ifdef SQLITE_SOUNDEX
+    FUNCTION(soundex,            1, 0, 0, soundexFunc      ),
+  #endif
+  #ifndef SQLITE_OMIT_LOAD_EXTENSION
+    VFUNCTION(load_extension,    1, 0, 0, loadExt          ),
+    VFUNCTION(load_extension,    2, 0, 0, loadExt          ),
+  #endif
+    AGGREGATE(sum,               1, 0, 0, sumStep,         sumFinalize    ),
+    AGGREGATE(total,             1, 0, 0, sumStep,         totalFinalize    ),
+    AGGREGATE(avg,               1, 0, 0, sumStep,         avgFinalize    ),
+    AGGREGATE2(count,            0, 0, 0, countStep,       countFinalize,
+               SQLITE_FUNC_COUNT  ),
+    AGGREGATE(count,             1, 0, 0, countStep,       countFinalize  ),
+    AGGREGATE(group_concat,      1, 0, 0, groupConcatStep, groupConcatFinalize),
+    AGGREGATE(group_concat,      2, 0, 0, groupConcatStep, groupConcatFinalize),
+  
+    LIKEFUNC(glob, 2, &globInfo, SQLITE_FUNC_LIKE|SQLITE_FUNC_CASE),
+  #ifdef SQLITE_CASE_SENSITIVE_LIKE
+    LIKEFUNC(like, 2, &likeInfoAlt, SQLITE_FUNC_LIKE|SQLITE_FUNC_CASE),
+    LIKEFUNC(like, 3, &likeInfoAlt, SQLITE_FUNC_LIKE|SQLITE_FUNC_CASE),
+  #else
+    LIKEFUNC(like, 2, &likeInfoNorm, SQLITE_FUNC_LIKE),
+    LIKEFUNC(like, 3, &likeInfoNorm, SQLITE_FUNC_LIKE),
+  #endif
+  };
+
+  int i;
+  FuncDefHash *pHash = &GLOBAL(FuncDefHash, sqlite3GlobalFunctions);
+  FuncDef *aFunc = (FuncDef*)&GLOBAL(FuncDef, aBuiltinFunc);
+
+  for(i=0; i<ArraySize(aBuiltinFunc); i++){
+    sqlite3FuncDefInsert(pHash, &aFunc[i]);
+  }
+  sqlite3RegisterDateTimeFunctions();
+#ifndef SQLITE_OMIT_ALTERTABLE
+  sqlite3AlterFunctions();
+#endif
+#if defined(SQLITE_ENABLE_STAT3) || defined(SQLITE_ENABLE_STAT4)
+  sqlite3AnalyzeFunctions();
+#endif
+}
+
+/************** End of func.c ************************************************/
+/************** Begin file fkey.c ********************************************/
+/*
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used by the compiler to add foreign key
+** support to compiled SQL statements.
+*/
+/* #include "sqliteInt.h" */
+
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+#ifndef SQLITE_OMIT_TRIGGER
+
+/*
+** Deferred and Immediate FKs
+** --------------------------
+**
+** Foreign keys in SQLite come in two flavours: deferred and immediate.
+** If an immediate foreign key constraint is violated,
+** SQLITE_CONSTRAINT_FOREIGNKEY is returned and the current
+** statement transaction rolled back. If a 
+** deferred foreign key constraint is violated, no action is taken 
+** immediately. However if the application attempts to commit the 
+** transaction before fixing the constraint violation, the attempt fails.
+**
+** Deferred constraints are implemented using a simple counter associated
+** with the database handle. The counter is set to zero each time a 
+** database transaction is opened. Each time a statement is executed 
+** that causes a foreign key violation, the counter is incremented. Each
+** time a statement is executed that removes an existing violation from
+** the database, the counter is decremented. When the transaction is
+** committed, the commit fails if the current value of the counter is
+** greater than zero. This scheme has two big drawbacks:
+**
+**   * When a commit fails due to a deferred foreign key constraint, 
+**     there is no way to tell which foreign constraint is not satisfied,
+**     or which row it is not satisfied for.
+**
+**   * If the database contains foreign key violations when the 
+**     transaction is opened, this may cause the mechanism to malfunction.
+**
+** Despite these problems, this approach is adopted as it seems simpler
+** than the alternatives.
+**
+** INSERT operations:
+**
+**   I.1) For each FK for which the table is the child table, search
+**        the parent table for a match. If none is found increment the
+**        constraint counter.
+**
+**   I.2) For each FK for which the table is the parent table, 
+**        search the child table for rows that correspond to the new
+**        row in the parent table. Decrement the counter for each row
+**        found (as the constraint is now satisfied).
+**
+** DELETE operations:
+**
+**   D.1) For each FK for which the table is the child table, 
+**        search the parent table for a row that corresponds to the 
+**        deleted row in the child table. If such a row is not found, 
+**        decrement the counter.
+**
+**   D.2) For each FK for which the table is the parent table, search 
+**        the child table for rows that correspond to the deleted row 
+**        in the parent table. For each found increment the counter.
+**
+** UPDATE operations:
+**
+**   An UPDATE command requires that all 4 steps above are taken, but only
+**   for FK constraints for which the affected columns are actually 
+**   modified (values must be compared at runtime).
+**
+** Note that I.1 and D.1 are very similar operations, as are I.2 and D.2.
+** This simplifies the implementation a bit.
+**
+** For the purposes of immediate FK constraints, the OR REPLACE conflict
+** resolution is considered to delete rows before the new row is inserted.
+** If a delete caused by OR REPLACE violates an FK constraint, an exception
+** is thrown, even if the FK constraint would be satisfied after the new 
+** row is inserted.
+**
+** Immediate constraints are usually handled similarly. The only difference 
+** is that the counter used is stored as part of each individual statement
+** object (struct Vdbe). If, after the statement has run, its immediate
+** constraint counter is greater than zero,
+** it returns SQLITE_CONSTRAINT_FOREIGNKEY
+** and the statement transaction is rolled back. An exception is an INSERT
+** statement that inserts a single row only (no triggers). In this case,
+** instead of using a counter, an exception is thrown immediately if the
+** INSERT violates a foreign key constraint. This is necessary as such
+** an INSERT does not open a statement transaction.
+**
+** TODO: How should dropping a table be handled? How should renaming a 
+** table be handled?
+**
+**
+** Query API Notes
+** ---------------
+**
+** Before coding an UPDATE or DELETE row operation, the code-generator
+** for those two operations needs to know whether or not the operation
+** requires any FK processing and, if so, which columns of the original
+** row are required by the FK processing VDBE code (i.e. if FKs were
+** implemented using triggers, which of the old.* columns would be 
+** accessed). No information is required by the code-generator before
+** coding an INSERT operation. The functions used by the UPDATE/DELETE
+** generation code to query for this information are:
+**
+**   sqlite3FkRequired() - Test to see if FK processing is required.
+**   sqlite3FkOldmask()  - Query for the set of required old.* columns.
+**
+**
+** Externally accessible module functions
+** --------------------------------------
+**
+**   sqlite3FkCheck()    - Check for foreign key violations.
+**   sqlite3FkActions()  - Code triggers for ON UPDATE/ON DELETE actions.
+**   sqlite3FkDelete()   - Delete an FKey structure.
+*/
+
+/*
+** VDBE Calling Convention
+** -----------------------
+**
+** Example:
+**
+**   For the following INSERT statement:
+**
+**     CREATE TABLE t1(a, b INTEGER PRIMARY KEY, c);
+**     INSERT INTO t1 VALUES(1, 2, 3.1);
+**
+**   Register (x):        2    (type integer)
+**   Register (x+1):      1    (type integer)
+**   Register (x+2):      NULL (type NULL)
+**   Register (x+3):      3.1  (type real)
+*/
+
+/*
+** A foreign key constraint requires that the key columns in the parent
+** table are collectively subject to a UNIQUE or PRIMARY KEY constraint.
+** Given that pParent is the parent table for foreign key constraint pFKey, 
+** search the schema for a unique index on the parent key columns. 
+**
+** If successful, zero is returned. If the parent key is an INTEGER PRIMARY 
+** KEY column, then output variable *ppIdx is set to NULL. Otherwise, *ppIdx 
+** is set to point to the unique index. 
+** 
+** If the parent key consists of a single column (the foreign key constraint
+** is not a composite foreign key), output variable *paiCol is set to NULL.
+** Otherwise, it is set to point to an allocated array of size N, where
+** N is the number of columns in the parent key. The first element of the
+** array is the index of the child table column that is mapped by the FK
+** constraint to the parent table column stored in the left-most column
+** of index *ppIdx. The second element of the array is the index of the
+** child table column that corresponds to the second left-most column of
+** *ppIdx, and so on.
+**
+** If the required index cannot be found, either because:
+**
+**   1) The named parent key columns do not exist, or
+**
+**   2) The named parent key columns do exist, but are not subject to a
+**      UNIQUE or PRIMARY KEY constraint, or
+**
+**   3) No parent key columns were provided explicitly as part of the
+**      foreign key definition, and the parent table does not have a
+**      PRIMARY KEY, or
+**
+**   4) No parent key columns were provided explicitly as part of the
+**      foreign key definition, and the PRIMARY KEY of the parent table 
+**      consists of a different number of columns to the child key in 
+**      the child table.
+**
+** then non-zero is returned, and a "foreign key mismatch" error loaded
+** into pParse. If an OOM error occurs, non-zero is returned and the
+** pParse->db->mallocFailed flag is set.
+*/
+SQLITE_PRIVATE int sqlite3FkLocateIndex(
+  Parse *pParse,                  /* Parse context to store any error in */
+  Table *pParent,                 /* Parent table of FK constraint pFKey */
+  FKey *pFKey,                    /* Foreign key to find index for */
+  Index **ppIdx,                  /* OUT: Unique index on parent table */
+  int **paiCol                    /* OUT: Map of index columns in pFKey */
+){
+  Index *pIdx = 0;                    /* Value to return via *ppIdx */
+  int *aiCol = 0;                     /* Value to return via *paiCol */
+  int nCol = pFKey->nCol;             /* Number of columns in parent key */
+  char *zKey = pFKey->aCol[0].zCol;   /* Name of left-most parent key column */
+
+  /* The caller is responsible for zeroing output parameters. */
+  assert( ppIdx && *ppIdx==0 );
+  assert( !paiCol || *paiCol==0 );
+  assert( pParse );
+
+  /* If this is a non-composite (single column) foreign key, check if it 
+  ** maps to the INTEGER PRIMARY KEY of table pParent. If so, leave *ppIdx 
+  ** and *paiCol set to zero and return early. 
+  **
+  ** Otherwise, for a composite foreign key (more than one column), allocate
+  ** space for the aiCol array (returned via output parameter *paiCol).
+  ** Non-composite foreign keys do not require the aiCol array.
+  */
+  if( nCol==1 ){
+    /* The FK maps to the IPK if any of the following are true:
+    **
+    **   1) There is an INTEGER PRIMARY KEY column and the FK is implicitly 
+    **      mapped to the primary key of table pParent, or
+    **   2) The FK is explicitly mapped to a column declared as INTEGER
+    **      PRIMARY KEY.
+    */
+    if( pParent->iPKey>=0 ){
+      if( !zKey ) return 0;
+      if( !sqlite3StrICmp(pParent->aCol[pParent->iPKey].zName, zKey) ) return 0;
+    }
+  }else if( paiCol ){
+    assert( nCol>1 );
+    aiCol = (int *)sqlite3DbMallocRaw(pParse->db, nCol*sizeof(int));
+    if( !aiCol ) return 1;
+    *paiCol = aiCol;
+  }
+
+  for(pIdx=pParent->pIndex; pIdx; pIdx=pIdx->pNext){
+    if( pIdx->nKeyCol==nCol && IsUniqueIndex(pIdx) ){ 
+      /* pIdx is a UNIQUE index (or a PRIMARY KEY) and has the right number
+      ** of columns. If each indexed column corresponds to a foreign key
+      ** column of pFKey, then this index is a winner.  */
+
+      if( zKey==0 ){
+        /* If zKey is NULL, then this foreign key is implicitly mapped to 
+        ** the PRIMARY KEY of table pParent. The PRIMARY KEY index may be 
+        ** identified by the test.  */
+        if( IsPrimaryKeyIndex(pIdx) ){
+          if( aiCol ){
+            int i;
+            for(i=0; i<nCol; i++) aiCol[i] = pFKey->aCol[i].iFrom;
+          }
+          break;
+        }
+      }else{
+        /* If zKey is non-NULL, then this foreign key was declared to
+        ** map to an explicit list of columns in table pParent. Check if this
+        ** index matches those columns. Also, check that the index uses
+        ** the default collation sequences for each column. */
+        int i, j;
+        for(i=0; i<nCol; i++){
+          i16 iCol = pIdx->aiColumn[i];     /* Index of column in parent tbl */
+          const char *zDfltColl;            /* Def. collation for column */
+          char *zIdxCol;                    /* Name of indexed column */
+
+          if( iCol<0 ) break; /* No foreign keys against expression indexes */
+
+          /* If the index uses a collation sequence that is different from
+          ** the default collation sequence for the column, this index is
+          ** unusable. Bail out early in this case.  */
+          zDfltColl = pParent->aCol[iCol].zColl;
+          if( !zDfltColl ) zDfltColl = sqlite3StrBINARY;
+          if( sqlite3StrICmp(pIdx->azColl[i], zDfltColl) ) break;
+
+          zIdxCol = pParent->aCol[iCol].zName;
+          for(j=0; j<nCol; j++){
+            if( sqlite3StrICmp(pFKey->aCol[j].zCol, zIdxCol)==0 ){
+              if( aiCol ) aiCol[i] = pFKey->aCol[j].iFrom;
+              break;
+            }
+          }
+          if( j==nCol ) break;
+        }
+        if( i==nCol ) break;      /* pIdx is usable */
+      }
+    }
+  }
+
+  if( !pIdx ){
+    if( !pParse->disableTriggers ){
+      sqlite3ErrorMsg(pParse,
+           "foreign key mismatch - \"%w\" referencing \"%w\"",
+           pFKey->pFrom->zName, pFKey->zTo);
+    }
+    sqlite3DbFree(pParse->db, aiCol);
+    return 1;
+  }
+
+  *ppIdx = pIdx;
+  return 0;
+}
+
+/*
+** This function is called when a row is inserted into or deleted from the 
+** child table of foreign key constraint pFKey. If an SQL UPDATE is executed 
+** on the child table of pFKey, this function is invoked twice for each row
+** affected - once to "delete" the old row, and then again to "insert" the
+** new row.
+**
+** Each time it is called, this function generates VDBE code to locate the
+** row in the parent table that corresponds to the row being inserted into 
+** or deleted from the child table. If the parent row can be found, no 
+** special action is taken. Otherwise, if the parent row can *not* be
+** found in the parent table:
+**
+**   Operation | FK type   | Action taken
+**   --------------------------------------------------------------------------
+**   INSERT      immediate   Increment the "immediate constraint counter".
+**
+**   DELETE      immediate   Decrement the "immediate constraint counter".
+**
+**   INSERT      deferred    Increment the "deferred constraint counter".
+**
+**   DELETE      deferred    Decrement the "deferred constraint counter".
+**
+** These operations are identified in the comment at the top of this file 
+** (fkey.c) as "I.1" and "D.1".
+*/
+static void fkLookupParent(
+  Parse *pParse,        /* Parse context */
+  int iDb,              /* Index of database housing pTab */
+  Table *pTab,          /* Parent table of FK pFKey */
+  Index *pIdx,          /* Unique index on parent key columns in pTab */
+  FKey *pFKey,          /* Foreign key constraint */
+  int *aiCol,           /* Map from parent key columns to child table columns */
+  int regData,          /* Address of array containing child table row */
+  int nIncr,            /* Increment constraint counter by this */
+  int isIgnore          /* If true, pretend pTab contains all NULL values */
+){
+  int i;                                    /* Iterator variable */
+  Vdbe *v = sqlite3GetVdbe(pParse);         /* Vdbe to add code to */
+  int iCur = pParse->nTab - 1;              /* Cursor number to use */
+  int iOk = sqlite3VdbeMakeLabel(v);        /* jump here if parent key found */
+
+  /* If nIncr is less than zero, then check at runtime if there are any
+  ** outstanding constraints to resolve. If there are not, there is no need
+  ** to check if deleting this row resolves any outstanding violations.
+  **
+  ** Check if any of the key columns in the child table row are NULL. If 
+  ** any are, then the constraint is considered satisfied. No need to 
+  ** search for a matching row in the parent table.  */
+  if( nIncr<0 ){
+    sqlite3VdbeAddOp2(v, OP_FkIfZero, pFKey->isDeferred, iOk);
+    VdbeCoverage(v);
+  }
+  for(i=0; i<pFKey->nCol; i++){
+    int iReg = aiCol[i] + regData + 1;
+    sqlite3VdbeAddOp2(v, OP_IsNull, iReg, iOk); VdbeCoverage(v);
+  }
+
+  if( isIgnore==0 ){
+    if( pIdx==0 ){
+      /* If pIdx is NULL, then the parent key is the INTEGER PRIMARY KEY
+      ** column of the parent table (table pTab).  */
+      int iMustBeInt;               /* Address of MustBeInt instruction */
+      int regTemp = sqlite3GetTempReg(pParse);
+  
+      /* Invoke MustBeInt to coerce the child key value to an integer (i.e. 
+      ** apply the affinity of the parent key). If this fails, then there
+      ** is no matching parent key. Before using MustBeInt, make a copy of
+      ** the value. Otherwise, the value inserted into the child key column
+      ** will have INTEGER affinity applied to it, which may not be correct.  */
+      sqlite3VdbeAddOp2(v, OP_SCopy, aiCol[0]+1+regData, regTemp);
+      iMustBeInt = sqlite3VdbeAddOp2(v, OP_MustBeInt, regTemp, 0);
+      VdbeCoverage(v);
+  
+      /* If the parent table is the same as the child table, and we are about
+      ** to increment the constraint-counter (i.e. this is an INSERT operation),
+      ** then check if the row being inserted matches itself. If so, do not
+      ** increment the constraint-counter.  */
+      if( pTab==pFKey->pFrom && nIncr==1 ){
+        sqlite3VdbeAddOp3(v, OP_Eq, regData, iOk, regTemp); VdbeCoverage(v);
+        sqlite3VdbeChangeP5(v, SQLITE_NOTNULL);
+      }
+  
+      sqlite3OpenTable(pParse, iCur, iDb, pTab, OP_OpenRead);
+      sqlite3VdbeAddOp3(v, OP_NotExists, iCur, 0, regTemp); VdbeCoverage(v);
+      sqlite3VdbeGoto(v, iOk);
+      sqlite3VdbeJumpHere(v, sqlite3VdbeCurrentAddr(v)-2);
+      sqlite3VdbeJumpHere(v, iMustBeInt);
+      sqlite3ReleaseTempReg(pParse, regTemp);
+    }else{
+      int nCol = pFKey->nCol;
+      int regTemp = sqlite3GetTempRange(pParse, nCol);
+      int regRec = sqlite3GetTempReg(pParse);
+  
+      sqlite3VdbeAddOp3(v, OP_OpenRead, iCur, pIdx->tnum, iDb);
+      sqlite3VdbeSetP4KeyInfo(pParse, pIdx);
+      for(i=0; i<nCol; i++){
+        sqlite3VdbeAddOp2(v, OP_Copy, aiCol[i]+1+regData, regTemp+i);
+      }
+  
+      /* If the parent table is the same as the child table, and we are about
+      ** to increment the constraint-counter (i.e. this is an INSERT operation),
+      ** then check if the row being inserted matches itself. If so, do not
+      ** increment the constraint-counter. 
+      **
+      ** If any of the parent-key values are NULL, then the row cannot match 
+      ** itself. So set JUMPIFNULL to make sure we do the OP_Found if any
+      ** of the parent-key values are NULL (at this point it is known that
+      ** none of the child key values are).
+      */
+      if( pTab==pFKey->pFrom && nIncr==1 ){
+        int iJump = sqlite3VdbeCurrentAddr(v) + nCol + 1;
+        for(i=0; i<nCol; i++){
+          int iChild = aiCol[i]+1+regData;
+          int iParent = pIdx->aiColumn[i]+1+regData;
+          assert( pIdx->aiColumn[i]>=0 );
+          assert( aiCol[i]!=pTab->iPKey );
+          if( pIdx->aiColumn[i]==pTab->iPKey ){
+            /* The parent key is a composite key that includes the IPK column */
+            iParent = regData;
+          }
+          sqlite3VdbeAddOp3(v, OP_Ne, iChild, iJump, iParent); VdbeCoverage(v);
+          sqlite3VdbeChangeP5(v, SQLITE_JUMPIFNULL);
+        }
+        sqlite3VdbeGoto(v, iOk);
+      }
+  
+      sqlite3VdbeAddOp4(v, OP_MakeRecord, regTemp, nCol, regRec,
+                        sqlite3IndexAffinityStr(pParse->db,pIdx), nCol);
+      sqlite3VdbeAddOp4Int(v, OP_Found, iCur, iOk, regRec, 0); VdbeCoverage(v);
+  
+      sqlite3ReleaseTempReg(pParse, regRec);
+      sqlite3ReleaseTempRange(pParse, regTemp, nCol);
+    }
+  }
+
+  if( !pFKey->isDeferred && !(pParse->db->flags & SQLITE_DeferFKs)
+   && !pParse->pToplevel 
+   && !pParse->isMultiWrite 
+  ){
+    /* Special case: If this is an INSERT statement that will insert exactly
+    ** one row into the table, raise a constraint immediately instead of
+    ** incrementing a counter. This is necessary as the VM code is being
+    ** generated for will not open a statement transaction.  */
+    assert( nIncr==1 );
+    sqlite3HaltConstraint(pParse, SQLITE_CONSTRAINT_FOREIGNKEY,
+        OE_Abort, 0, P4_STATIC, P5_ConstraintFK);
+  }else{
+    if( nIncr>0 && pFKey->isDeferred==0 ){
+      sqlite3MayAbort(pParse);
+    }
+    sqlite3VdbeAddOp2(v, OP_FkCounter, pFKey->isDeferred, nIncr);
+  }
+
+  sqlite3VdbeResolveLabel(v, iOk);
+  sqlite3VdbeAddOp1(v, OP_Close, iCur);
+}
+
+
+/*
+** Return an Expr object that refers to a memory register corresponding
+** to column iCol of table pTab.
+**
+** regBase is the first of an array of register that contains the data
+** for pTab.  regBase itself holds the rowid.  regBase+1 holds the first
+** column.  regBase+2 holds the second column, and so forth.
+*/
+static Expr *exprTableRegister(
+  Parse *pParse,     /* Parsing and code generating context */
+  Table *pTab,       /* The table whose content is at r[regBase]... */
+  int regBase,       /* Contents of table pTab */
+  i16 iCol           /* Which column of pTab is desired */
+){
+  Expr *pExpr;
+  Column *pCol;
+  const char *zColl;
+  sqlite3 *db = pParse->db;
+
+  pExpr = sqlite3Expr(db, TK_REGISTER, 0);
+  if( pExpr ){
+    if( iCol>=0 && iCol!=pTab->iPKey ){
+      pCol = &pTab->aCol[iCol];
+      pExpr->iTable = regBase + iCol + 1;
+      pExpr->affinity = pCol->affinity;
+      zColl = pCol->zColl;
+      if( zColl==0 ) zColl = db->pDfltColl->zName;
+      pExpr = sqlite3ExprAddCollateString(pParse, pExpr, zColl);
+    }else{
+      pExpr->iTable = regBase;
+      pExpr->affinity = SQLITE_AFF_INTEGER;
+    }
+  }
+  return pExpr;
+}
+
+/*
+** Return an Expr object that refers to column iCol of table pTab which
+** has cursor iCur.
+*/
+static Expr *exprTableColumn(
+  sqlite3 *db,      /* The database connection */
+  Table *pTab,      /* The table whose column is desired */
+  int iCursor,      /* The open cursor on the table */
+  i16 iCol          /* The column that is wanted */
+){
+  Expr *pExpr = sqlite3Expr(db, TK_COLUMN, 0);
+  if( pExpr ){
+    pExpr->pTab = pTab;
+    pExpr->iTable = iCursor;
+    pExpr->iColumn = iCol;
+  }
+  return pExpr;
+}
+
+/*
+** This function is called to generate code executed when a row is deleted
+** from the parent table of foreign key constraint pFKey and, if pFKey is 
+** deferred, when a row is inserted into the same table. When generating
+** code for an SQL UPDATE operation, this function may be called twice -
+** once to "delete" the old row and once to "insert" the new row.
+**
+** Parameter nIncr is passed -1 when inserting a row (as this may decrease
+** the number of FK violations in the db) or +1 when deleting one (as this
+** may increase the number of FK constraint problems).
+**
+** The code generated by this function scans through the rows in the child
+** table that correspond to the parent table row being deleted or inserted.
+** For each child row found, one of the following actions is taken:
+**
+**   Operation | FK type   | Action taken
+**   --------------------------------------------------------------------------
+**   DELETE      immediate   Increment the "immediate constraint counter".
+**                           Or, if the ON (UPDATE|DELETE) action is RESTRICT,
+**                           throw a "FOREIGN KEY constraint failed" exception.
+**
+**   INSERT      immediate   Decrement the "immediate constraint counter".
+**
+**   DELETE      deferred    Increment the "deferred constraint counter".
+**                           Or, if the ON (UPDATE|DELETE) action is RESTRICT,
+**                           throw a "FOREIGN KEY constraint failed" exception.
+**
+**   INSERT      deferred    Decrement the "deferred constraint counter".
+**
+** These operations are identified in the comment at the top of this file 
+** (fkey.c) as "I.2" and "D.2".
+*/
+static void fkScanChildren(
+  Parse *pParse,                  /* Parse context */
+  SrcList *pSrc,                  /* The child table to be scanned */
+  Table *pTab,                    /* The parent table */
+  Index *pIdx,                    /* Index on parent covering the foreign key */
+  FKey *pFKey,                    /* The foreign key linking pSrc to pTab */
+  int *aiCol,                     /* Map from pIdx cols to child table cols */
+  int regData,                    /* Parent row data starts here */
+  int nIncr                       /* Amount to increment deferred counter by */
+){
+  sqlite3 *db = pParse->db;       /* Database handle */
+  int i;                          /* Iterator variable */
+  Expr *pWhere = 0;               /* WHERE clause to scan with */
+  NameContext sNameContext;       /* Context used to resolve WHERE clause */
+  WhereInfo *pWInfo;              /* Context used by sqlite3WhereXXX() */
+  int iFkIfZero = 0;              /* Address of OP_FkIfZero */
+  Vdbe *v = sqlite3GetVdbe(pParse);
+
+  assert( pIdx==0 || pIdx->pTable==pTab );
+  assert( pIdx==0 || pIdx->nKeyCol==pFKey->nCol );
+  assert( pIdx!=0 || pFKey->nCol==1 );
+  assert( pIdx!=0 || HasRowid(pTab) );
+
+  if( nIncr<0 ){
+    iFkIfZero = sqlite3VdbeAddOp2(v, OP_FkIfZero, pFKey->isDeferred, 0);
+    VdbeCoverage(v);
+  }
+
+  /* Create an Expr object representing an SQL expression like:
+  **
+  **   <parent-key1> = <child-key1> AND <parent-key2> = <child-key2> ...
+  **
+  ** The collation sequence used for the comparison should be that of
+  ** the parent key columns. The affinity of the parent key column should
+  ** be applied to each child key value before the comparison takes place.
+  */
+  for(i=0; i<pFKey->nCol; i++){
+    Expr *pLeft;                  /* Value from parent table row */
+    Expr *pRight;                 /* Column ref to child table */
+    Expr *pEq;                    /* Expression (pLeft = pRight) */
+    i16 iCol;                     /* Index of column in child table */ 
+    const char *zCol;             /* Name of column in child table */
+
+    iCol = pIdx ? pIdx->aiColumn[i] : -1;
+    pLeft = exprTableRegister(pParse, pTab, regData, iCol);
+    iCol = aiCol ? aiCol[i] : pFKey->aCol[0].iFrom;
+    assert( iCol>=0 );
+    zCol = pFKey->pFrom->aCol[iCol].zName;
+    pRight = sqlite3Expr(db, TK_ID, zCol);
+    pEq = sqlite3PExpr(pParse, TK_EQ, pLeft, pRight, 0);
+    pWhere = sqlite3ExprAnd(db, pWhere, pEq);
+  }
+
+  /* If the child table is the same as the parent table, then add terms
+  ** to the WHERE clause that prevent this entry from being scanned.
+  ** The added WHERE clause terms are like this:
+  **
+  **     $current_rowid!=rowid
+  **     NOT( $current_a==a AND $current_b==b AND ... )
+  **
+  ** The first form is used for rowid tables.  The second form is used
+  ** for WITHOUT ROWID tables.  In the second form, the primary key is
+  ** (a,b,...)
+  */
+  if( pTab==pFKey->pFrom && nIncr>0 ){
+    Expr *pNe;                    /* Expression (pLeft != pRight) */
+    Expr *pLeft;                  /* Value from parent table row */
+    Expr *pRight;                 /* Column ref to child table */
+    if( HasRowid(pTab) ){
+      pLeft = exprTableRegister(pParse, pTab, regData, -1);
+      pRight = exprTableColumn(db, pTab, pSrc->a[0].iCursor, -1);
+      pNe = sqlite3PExpr(pParse, TK_NE, pLeft, pRight, 0);
+    }else{
+      Expr *pEq, *pAll = 0;
+      Index *pPk = sqlite3PrimaryKeyIndex(pTab);
+      assert( pIdx!=0 );
+      for(i=0; i<pPk->nKeyCol; i++){
+        i16 iCol = pIdx->aiColumn[i];
+        assert( iCol>=0 );
+        pLeft = exprTableRegister(pParse, pTab, regData, iCol);
+        pRight = exprTableColumn(db, pTab, pSrc->a[0].iCursor, iCol);
+        pEq = sqlite3PExpr(pParse, TK_EQ, pLeft, pRight, 0);
+        pAll = sqlite3ExprAnd(db, pAll, pEq);
+      }
+      pNe = sqlite3PExpr(pParse, TK_NOT, pAll, 0, 0);
+    }
+    pWhere = sqlite3ExprAnd(db, pWhere, pNe);
+  }
+
+  /* Resolve the references in the WHERE clause. */
+  memset(&sNameContext, 0, sizeof(NameContext));
+  sNameContext.pSrcList = pSrc;
+  sNameContext.pParse = pParse;
+  sqlite3ResolveExprNames(&sNameContext, pWhere);
+
+  /* Create VDBE to loop through the entries in pSrc that match the WHERE
+  ** clause. For each row found, increment either the deferred or immediate
+  ** foreign key constraint counter. */
+  pWInfo = sqlite3WhereBegin(pParse, pSrc, pWhere, 0, 0, 0, 0);
+  sqlite3VdbeAddOp2(v, OP_FkCounter, pFKey->isDeferred, nIncr);
+  if( pWInfo ){
+    sqlite3WhereEnd(pWInfo);
+  }
+
+  /* Clean up the WHERE clause constructed above. */
+  sqlite3ExprDelete(db, pWhere);
+  if( iFkIfZero ){
+    sqlite3VdbeJumpHere(v, iFkIfZero);
+  }
+}
+
+/*
+** This function returns a linked list of FKey objects (connected by
+** FKey.pNextTo) holding all children of table pTab.  For example,
+** given the following schema:
+**
+**   CREATE TABLE t1(a PRIMARY KEY);
+**   CREATE TABLE t2(b REFERENCES t1(a);
+**
+** Calling this function with table "t1" as an argument returns a pointer
+** to the FKey structure representing the foreign key constraint on table
+** "t2". Calling this function with "t2" as the argument would return a
+** NULL pointer (as there are no FK constraints for which t2 is the parent
+** table).
+*/
+SQLITE_PRIVATE FKey *sqlite3FkReferences(Table *pTab){
+  return (FKey *)sqlite3HashFind(&pTab->pSchema->fkeyHash, pTab->zName);
+}
+
+/*
+** The second argument is a Trigger structure allocated by the 
+** fkActionTrigger() routine. This function deletes the Trigger structure
+** and all of its sub-components.
+**
+** The Trigger structure or any of its sub-components may be allocated from
+** the lookaside buffer belonging to database handle dbMem.
+*/
+static void fkTriggerDelete(sqlite3 *dbMem, Trigger *p){
+  if( p ){
+    TriggerStep *pStep = p->step_list;
+    sqlite3ExprDelete(dbMem, pStep->pWhere);
+    sqlite3ExprListDelete(dbMem, pStep->pExprList);
+    sqlite3SelectDelete(dbMem, pStep->pSelect);
+    sqlite3ExprDelete(dbMem, p->pWhen);
+    sqlite3DbFree(dbMem, p);
+  }
+}
+
+/*
+** This function is called to generate code that runs when table pTab is
+** being dropped from the database. The SrcList passed as the second argument
+** to this function contains a single entry guaranteed to resolve to
+** table pTab.
+**
+** Normally, no code is required. However, if either
+**
+**   (a) The table is the parent table of a FK constraint, or
+**   (b) The table is the child table of a deferred FK constraint and it is
+**       determined at runtime that there are outstanding deferred FK 
+**       constraint violations in the database,
+**
+** then the equivalent of "DELETE FROM <tbl>" is executed before dropping
+** the table from the database. Triggers are disabled while running this
+** DELETE, but foreign key actions are not.
+*/
+SQLITE_PRIVATE void sqlite3FkDropTable(Parse *pParse, SrcList *pName, Table *pTab){
+  sqlite3 *db = pParse->db;
+  if( (db->flags&SQLITE_ForeignKeys) && !IsVirtual(pTab) && !pTab->pSelect ){
+    int iSkip = 0;
+    Vdbe *v = sqlite3GetVdbe(pParse);
+
+    assert( v );                  /* VDBE has already been allocated */
+    if( sqlite3FkReferences(pTab)==0 ){
+      /* Search for a deferred foreign key constraint for which this table
+      ** is the child table. If one cannot be found, return without 
+      ** generating any VDBE code. If one can be found, then jump over
+      ** the entire DELETE if there are no outstanding deferred constraints
+      ** when this statement is run.  */
+      FKey *p;
+      for(p=pTab->pFKey; p; p=p->pNextFrom){
+        if( p->isDeferred || (db->flags & SQLITE_DeferFKs) ) break;
+      }
+      if( !p ) return;
+      iSkip = sqlite3VdbeMakeLabel(v);
+      sqlite3VdbeAddOp2(v, OP_FkIfZero, 1, iSkip); VdbeCoverage(v);
+    }
+
+    pParse->disableTriggers = 1;
+    sqlite3DeleteFrom(pParse, sqlite3SrcListDup(db, pName, 0), 0);
+    pParse->disableTriggers = 0;
+
+    /* If the DELETE has generated immediate foreign key constraint 
+    ** violations, halt the VDBE and return an error at this point, before
+    ** any modifications to the schema are made. This is because statement
+    ** transactions are not able to rollback schema changes.  
+    **
+    ** If the SQLITE_DeferFKs flag is set, then this is not required, as
+    ** the statement transaction will not be rolled back even if FK
+    ** constraints are violated.
+    */
+    if( (db->flags & SQLITE_DeferFKs)==0 ){
+      sqlite3VdbeAddOp2(v, OP_FkIfZero, 0, sqlite3VdbeCurrentAddr(v)+2);
+      VdbeCoverage(v);
+      sqlite3HaltConstraint(pParse, SQLITE_CONSTRAINT_FOREIGNKEY,
+          OE_Abort, 0, P4_STATIC, P5_ConstraintFK);
+    }
+
+    if( iSkip ){
+      sqlite3VdbeResolveLabel(v, iSkip);
+    }
+  }
+}
+
+
+/*
+** The second argument points to an FKey object representing a foreign key
+** for which pTab is the child table. An UPDATE statement against pTab
+** is currently being processed. For each column of the table that is 
+** actually updated, the corresponding element in the aChange[] array
+** is zero or greater (if a column is unmodified the corresponding element
+** is set to -1). If the rowid column is modified by the UPDATE statement
+** the bChngRowid argument is non-zero.
+**
+** This function returns true if any of the columns that are part of the
+** child key for FK constraint *p are modified.
+*/
+static int fkChildIsModified(
+  Table *pTab,                    /* Table being updated */
+  FKey *p,                        /* Foreign key for which pTab is the child */
+  int *aChange,                   /* Array indicating modified columns */
+  int bChngRowid                  /* True if rowid is modified by this update */
+){
+  int i;
+  for(i=0; i<p->nCol; i++){
+    int iChildKey = p->aCol[i].iFrom;
+    if( aChange[iChildKey]>=0 ) return 1;
+    if( iChildKey==pTab->iPKey && bChngRowid ) return 1;
+  }
+  return 0;
+}
+
+/*
+** The second argument points to an FKey object representing a foreign key
+** for which pTab is the parent table. An UPDATE statement against pTab
+** is currently being processed. For each column of the table that is 
+** actually updated, the corresponding element in the aChange[] array
+** is zero or greater (if a column is unmodified the corresponding element
+** is set to -1). If the rowid column is modified by the UPDATE statement
+** the bChngRowid argument is non-zero.
+**
+** This function returns true if any of the columns that are part of the
+** parent key for FK constraint *p are modified.
+*/
+static int fkParentIsModified(
+  Table *pTab, 
+  FKey *p, 
+  int *aChange, 
+  int bChngRowid
+){
+  int i;
+  for(i=0; i<p->nCol; i++){
+    char *zKey = p->aCol[i].zCol;
+    int iKey;
+    for(iKey=0; iKey<pTab->nCol; iKey++){
+      if( aChange[iKey]>=0 || (iKey==pTab->iPKey && bChngRowid) ){
+        Column *pCol = &pTab->aCol[iKey];
+        if( zKey ){
+          if( 0==sqlite3StrICmp(pCol->zName, zKey) ) return 1;
+        }else if( pCol->colFlags & COLFLAG_PRIMKEY ){
+          return 1;
+        }
+      }
+    }
+  }
+  return 0;
+}
+
+/*
+** Return true if the parser passed as the first argument is being
+** used to code a trigger that is really a "SET NULL" action belonging
+** to trigger pFKey.
+*/
+static int isSetNullAction(Parse *pParse, FKey *pFKey){
+  Parse *pTop = sqlite3ParseToplevel(pParse);
+  if( pTop->pTriggerPrg ){
+    Trigger *p = pTop->pTriggerPrg->pTrigger;
+    if( (p==pFKey->apTrigger[0] && pFKey->aAction[0]==OE_SetNull)
+     || (p==pFKey->apTrigger[1] && pFKey->aAction[1]==OE_SetNull)
+    ){
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** This function is called when inserting, deleting or updating a row of
+** table pTab to generate VDBE code to perform foreign key constraint 
+** processing for the operation.
+**
+** For a DELETE operation, parameter regOld is passed the index of the
+** first register in an array of (pTab->nCol+1) registers containing the
+** rowid of the row being deleted, followed by each of the column values
+** of the row being deleted, from left to right. Parameter regNew is passed
+** zero in this case.
+**
+** For an INSERT operation, regOld is passed zero and regNew is passed the
+** first register of an array of (pTab->nCol+1) registers containing the new
+** row data.
+**
+** For an UPDATE operation, this function is called twice. Once before
+** the original record is deleted from the table using the calling convention
+** described for DELETE. Then again after the original record is deleted
+** but before the new record is inserted using the INSERT convention. 
+*/
+SQLITE_PRIVATE void sqlite3FkCheck(
+  Parse *pParse,                  /* Parse context */
+  Table *pTab,                    /* Row is being deleted from this table */ 
+  int regOld,                     /* Previous row data is stored here */
+  int regNew,                     /* New row data is stored here */
+  int *aChange,                   /* Array indicating UPDATEd columns (or 0) */
+  int bChngRowid                  /* True if rowid is UPDATEd */
+){
+  sqlite3 *db = pParse->db;       /* Database handle */
+  FKey *pFKey;                    /* Used to iterate through FKs */
+  int iDb;                        /* Index of database containing pTab */
+  const char *zDb;                /* Name of database containing pTab */
+  int isIgnoreErrors = pParse->disableTriggers;
+
+  /* Exactly one of regOld and regNew should be non-zero. */
+  assert( (regOld==0)!=(regNew==0) );
+
+  /* If foreign-keys are disabled, this function is a no-op. */
+  if( (db->flags&SQLITE_ForeignKeys)==0 ) return;
+
+  iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+  zDb = db->aDb[iDb].zName;
+
+  /* Loop through all the foreign key constraints for which pTab is the
+  ** child table (the table that the foreign key definition is part of).  */
+  for(pFKey=pTab->pFKey; pFKey; pFKey=pFKey->pNextFrom){
+    Table *pTo;                   /* Parent table of foreign key pFKey */
+    Index *pIdx = 0;              /* Index on key columns in pTo */
+    int *aiFree = 0;
+    int *aiCol;
+    int iCol;
+    int i;
+    int bIgnore = 0;
+
+    if( aChange 
+     && sqlite3_stricmp(pTab->zName, pFKey->zTo)!=0
+     && fkChildIsModified(pTab, pFKey, aChange, bChngRowid)==0 
+    ){
+      continue;
+    }
+
+    /* Find the parent table of this foreign key. Also find a unique index 
+    ** on the parent key columns in the parent table. If either of these 
+    ** schema items cannot be located, set an error in pParse and return 
+    ** early.  */
+    if( pParse->disableTriggers ){
+      pTo = sqlite3FindTable(db, pFKey->zTo, zDb);
+    }else{
+      pTo = sqlite3LocateTable(pParse, 0, pFKey->zTo, zDb);
+    }
+    if( !pTo || sqlite3FkLocateIndex(pParse, pTo, pFKey, &pIdx, &aiFree) ){
+      assert( isIgnoreErrors==0 || (regOld!=0 && regNew==0) );
+      if( !isIgnoreErrors || db->mallocFailed ) return;
+      if( pTo==0 ){
+        /* If isIgnoreErrors is true, then a table is being dropped. In this
+        ** case SQLite runs a "DELETE FROM xxx" on the table being dropped
+        ** before actually dropping it in order to check FK constraints.
+        ** If the parent table of an FK constraint on the current table is
+        ** missing, behave as if it is empty. i.e. decrement the relevant
+        ** FK counter for each row of the current table with non-NULL keys.
+        */
+        Vdbe *v = sqlite3GetVdbe(pParse);
+        int iJump = sqlite3VdbeCurrentAddr(v) + pFKey->nCol + 1;
+        for(i=0; i<pFKey->nCol; i++){
+          int iReg = pFKey->aCol[i].iFrom + regOld + 1;
+          sqlite3VdbeAddOp2(v, OP_IsNull, iReg, iJump); VdbeCoverage(v);
+        }
+        sqlite3VdbeAddOp2(v, OP_FkCounter, pFKey->isDeferred, -1);
+      }
+      continue;
+    }
+    assert( pFKey->nCol==1 || (aiFree && pIdx) );
+
+    if( aiFree ){
+      aiCol = aiFree;
+    }else{
+      iCol = pFKey->aCol[0].iFrom;
+      aiCol = &iCol;
+    }
+    for(i=0; i<pFKey->nCol; i++){
+      if( aiCol[i]==pTab->iPKey ){
+        aiCol[i] = -1;
+      }
+      assert( pIdx==0 || pIdx->aiColumn[i]>=0 );
+#ifndef SQLITE_OMIT_AUTHORIZATION
+      /* Request permission to read the parent key columns. If the 
+      ** authorization callback returns SQLITE_IGNORE, behave as if any
+      ** values read from the parent table are NULL. */
+      if( db->xAuth ){
+        int rcauth;
+        char *zCol = pTo->aCol[pIdx ? pIdx->aiColumn[i] : pTo->iPKey].zName;
+        rcauth = sqlite3AuthReadCol(pParse, pTo->zName, zCol, iDb);
+        bIgnore = (rcauth==SQLITE_IGNORE);
+      }
+#endif
+    }
+
+    /* Take a shared-cache advisory read-lock on the parent table. Allocate 
+    ** a cursor to use to search the unique index on the parent key columns 
+    ** in the parent table.  */
+    sqlite3TableLock(pParse, iDb, pTo->tnum, 0, pTo->zName);
+    pParse->nTab++;
+
+    if( regOld!=0 ){
+      /* A row is being removed from the child table. Search for the parent.
+      ** If the parent does not exist, removing the child row resolves an 
+      ** outstanding foreign key constraint violation. */
+      fkLookupParent(pParse, iDb, pTo, pIdx, pFKey, aiCol, regOld, -1, bIgnore);
+    }
+    if( regNew!=0 && !isSetNullAction(pParse, pFKey) ){
+      /* A row is being added to the child table. If a parent row cannot
+      ** be found, adding the child row has violated the FK constraint. 
+      **
+      ** If this operation is being performed as part of a trigger program
+      ** that is actually a "SET NULL" action belonging to this very 
+      ** foreign key, then omit this scan altogether. As all child key
+      ** values are guaranteed to be NULL, it is not possible for adding
+      ** this row to cause an FK violation.  */
+      fkLookupParent(pParse, iDb, pTo, pIdx, pFKey, aiCol, regNew, +1, bIgnore);
+    }
+
+    sqlite3DbFree(db, aiFree);
+  }
+
+  /* Loop through all the foreign key constraints that refer to this table.
+  ** (the "child" constraints) */
+  for(pFKey = sqlite3FkReferences(pTab); pFKey; pFKey=pFKey->pNextTo){
+    Index *pIdx = 0;              /* Foreign key index for pFKey */
+    SrcList *pSrc;
+    int *aiCol = 0;
+
+    if( aChange && fkParentIsModified(pTab, pFKey, aChange, bChngRowid)==0 ){
+      continue;
+    }
+
+    if( !pFKey->isDeferred && !(db->flags & SQLITE_DeferFKs) 
+     && !pParse->pToplevel && !pParse->isMultiWrite 
+    ){
+      assert( regOld==0 && regNew!=0 );
+      /* Inserting a single row into a parent table cannot cause (or fix)
+      ** an immediate foreign key violation. So do nothing in this case.  */
+      continue;
+    }
+
+    if( sqlite3FkLocateIndex(pParse, pTab, pFKey, &pIdx, &aiCol) ){
+      if( !isIgnoreErrors || db->mallocFailed ) return;
+      continue;
+    }
+    assert( aiCol || pFKey->nCol==1 );
+
+    /* Create a SrcList structure containing the child table.  We need the
+    ** child table as a SrcList for sqlite3WhereBegin() */
+    pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
+    if( pSrc ){
+      struct SrcList_item *pItem = pSrc->a;
+      pItem->pTab = pFKey->pFrom;
+      pItem->zName = pFKey->pFrom->zName;
+      pItem->pTab->nRef++;
+      pItem->iCursor = pParse->nTab++;
+  
+      if( regNew!=0 ){
+        fkScanChildren(pParse, pSrc, pTab, pIdx, pFKey, aiCol, regNew, -1);
+      }
+      if( regOld!=0 ){
+        int eAction = pFKey->aAction[aChange!=0];
+        fkScanChildren(pParse, pSrc, pTab, pIdx, pFKey, aiCol, regOld, 1);
+        /* If this is a deferred FK constraint, or a CASCADE or SET NULL
+        ** action applies, then any foreign key violations caused by
+        ** removing the parent key will be rectified by the action trigger.
+        ** So do not set the "may-abort" flag in this case.
+        **
+        ** Note 1: If the FK is declared "ON UPDATE CASCADE", then the
+        ** may-abort flag will eventually be set on this statement anyway
+        ** (when this function is called as part of processing the UPDATE
+        ** within the action trigger).
+        **
+        ** Note 2: At first glance it may seem like SQLite could simply omit
+        ** all OP_FkCounter related scans when either CASCADE or SET NULL
+        ** applies. The trouble starts if the CASCADE or SET NULL action 
+        ** trigger causes other triggers or action rules attached to the 
+        ** child table to fire. In these cases the fk constraint counters
+        ** might be set incorrectly if any OP_FkCounter related scans are 
+        ** omitted.  */
+        if( !pFKey->isDeferred && eAction!=OE_Cascade && eAction!=OE_SetNull ){
+          sqlite3MayAbort(pParse);
+        }
+      }
+      pItem->zName = 0;
+      sqlite3SrcListDelete(db, pSrc);
+    }
+    sqlite3DbFree(db, aiCol);
+  }
+}
+
+#define COLUMN_MASK(x) (((x)>31) ? 0xffffffff : ((u32)1<<(x)))
+
+/*
+** This function is called before generating code to update or delete a 
+** row contained in table pTab.
+*/
+SQLITE_PRIVATE u32 sqlite3FkOldmask(
+  Parse *pParse,                  /* Parse context */
+  Table *pTab                     /* Table being modified */
+){
+  u32 mask = 0;
+  if( pParse->db->flags&SQLITE_ForeignKeys ){
+    FKey *p;
+    int i;
+    for(p=pTab->pFKey; p; p=p->pNextFrom){
+      for(i=0; i<p->nCol; i++) mask |= COLUMN_MASK(p->aCol[i].iFrom);
+    }
+    for(p=sqlite3FkReferences(pTab); p; p=p->pNextTo){
+      Index *pIdx = 0;
+      sqlite3FkLocateIndex(pParse, pTab, p, &pIdx, 0);
+      if( pIdx ){
+        for(i=0; i<pIdx->nKeyCol; i++){
+          assert( pIdx->aiColumn[i]>=0 );
+          mask |= COLUMN_MASK(pIdx->aiColumn[i]);
+        }
+      }
+    }
+  }
+  return mask;
+}
+
+
+/*
+** This function is called before generating code to update or delete a 
+** row contained in table pTab. If the operation is a DELETE, then
+** parameter aChange is passed a NULL value. For an UPDATE, aChange points
+** to an array of size N, where N is the number of columns in table pTab.
+** If the i'th column is not modified by the UPDATE, then the corresponding 
+** entry in the aChange[] array is set to -1. If the column is modified,
+** the value is 0 or greater. Parameter chngRowid is set to true if the
+** UPDATE statement modifies the rowid fields of the table.
+**
+** If any foreign key processing will be required, this function returns
+** true. If there is no foreign key related processing, this function 
+** returns false.
+*/
+SQLITE_PRIVATE int sqlite3FkRequired(
+  Parse *pParse,                  /* Parse context */
+  Table *pTab,                    /* Table being modified */
+  int *aChange,                   /* Non-NULL for UPDATE operations */
+  int chngRowid                   /* True for UPDATE that affects rowid */
+){
+  if( pParse->db->flags&SQLITE_ForeignKeys ){
+    if( !aChange ){
+      /* A DELETE operation. Foreign key processing is required if the 
+      ** table in question is either the child or parent table for any 
+      ** foreign key constraint.  */
+      return (sqlite3FkReferences(pTab) || pTab->pFKey);
+    }else{
+      /* This is an UPDATE. Foreign key processing is only required if the
+      ** operation modifies one or more child or parent key columns. */
+      FKey *p;
+
+      /* Check if any child key columns are being modified. */
+      for(p=pTab->pFKey; p; p=p->pNextFrom){
+        if( fkChildIsModified(pTab, p, aChange, chngRowid) ) return 1;
+      }
+
+      /* Check if any parent key columns are being modified. */
+      for(p=sqlite3FkReferences(pTab); p; p=p->pNextTo){
+        if( fkParentIsModified(pTab, p, aChange, chngRowid) ) return 1;
+      }
+    }
+  }
+  return 0;
+}
+
+/*
+** This function is called when an UPDATE or DELETE operation is being 
+** compiled on table pTab, which is the parent table of foreign-key pFKey.
+** If the current operation is an UPDATE, then the pChanges parameter is
+** passed a pointer to the list of columns being modified. If it is a
+** DELETE, pChanges is passed a NULL pointer.
+**
+** It returns a pointer to a Trigger structure containing a trigger
+** equivalent to the ON UPDATE or ON DELETE action specified by pFKey.
+** If the action is "NO ACTION" or "RESTRICT", then a NULL pointer is
+** returned (these actions require no special handling by the triggers
+** sub-system, code for them is created by fkScanChildren()).
+**
+** For example, if pFKey is the foreign key and pTab is table "p" in 
+** the following schema:
+**
+**   CREATE TABLE p(pk PRIMARY KEY);
+**   CREATE TABLE c(ck REFERENCES p ON DELETE CASCADE);
+**
+** then the returned trigger structure is equivalent to:
+**
+**   CREATE TRIGGER ... DELETE ON p BEGIN
+**     DELETE FROM c WHERE ck = old.pk;
+**   END;
+**
+** The returned pointer is cached as part of the foreign key object. It
+** is eventually freed along with the rest of the foreign key object by 
+** sqlite3FkDelete().
+*/
+static Trigger *fkActionTrigger(
+  Parse *pParse,                  /* Parse context */
+  Table *pTab,                    /* Table being updated or deleted from */
+  FKey *pFKey,                    /* Foreign key to get action for */
+  ExprList *pChanges              /* Change-list for UPDATE, NULL for DELETE */
+){
+  sqlite3 *db = pParse->db;       /* Database handle */
+  int action;                     /* One of OE_None, OE_Cascade etc. */
+  Trigger *pTrigger;              /* Trigger definition to return */
+  int iAction = (pChanges!=0);    /* 1 for UPDATE, 0 for DELETE */
+
+  action = pFKey->aAction[iAction];
+  pTrigger = pFKey->apTrigger[iAction];
+
+  if( action!=OE_None && !pTrigger ){
+    u8 enableLookaside;           /* Copy of db->lookaside.bEnabled */
+    char const *zFrom;            /* Name of child table */
+    int nFrom;                    /* Length in bytes of zFrom */
+    Index *pIdx = 0;              /* Parent key index for this FK */
+    int *aiCol = 0;               /* child table cols -> parent key cols */
+    TriggerStep *pStep = 0;        /* First (only) step of trigger program */
+    Expr *pWhere = 0;             /* WHERE clause of trigger step */
+    ExprList *pList = 0;          /* Changes list if ON UPDATE CASCADE */
+    Select *pSelect = 0;          /* If RESTRICT, "SELECT RAISE(...)" */
+    int i;                        /* Iterator variable */
+    Expr *pWhen = 0;              /* WHEN clause for the trigger */
+
+    if( sqlite3FkLocateIndex(pParse, pTab, pFKey, &pIdx, &aiCol) ) return 0;
+    assert( aiCol || pFKey->nCol==1 );
+
+    for(i=0; i<pFKey->nCol; i++){
+      Token tOld = { "old", 3 };  /* Literal "old" token */
+      Token tNew = { "new", 3 };  /* Literal "new" token */
+      Token tFromCol;             /* Name of column in child table */
+      Token tToCol;               /* Name of column in parent table */
+      int iFromCol;               /* Idx of column in child table */
+      Expr *pEq;                  /* tFromCol = OLD.tToCol */
+
+      iFromCol = aiCol ? aiCol[i] : pFKey->aCol[0].iFrom;
+      assert( iFromCol>=0 );
+      assert( pIdx!=0 || (pTab->iPKey>=0 && pTab->iPKey<pTab->nCol) );
+      assert( pIdx==0 || pIdx->aiColumn[i]>=0 );
+      tToCol.z = pTab->aCol[pIdx ? pIdx->aiColumn[i] : pTab->iPKey].zName;
+      tFromCol.z = pFKey->pFrom->aCol[iFromCol].zName;
+
+      tToCol.n = sqlite3Strlen30(tToCol.z);
+      tFromCol.n = sqlite3Strlen30(tFromCol.z);
+
+      /* Create the expression "OLD.zToCol = zFromCol". It is important
+      ** that the "OLD.zToCol" term is on the LHS of the = operator, so
+      ** that the affinity and collation sequence associated with the
+      ** parent table are used for the comparison. */
+      pEq = sqlite3PExpr(pParse, TK_EQ,
+          sqlite3PExpr(pParse, TK_DOT, 
+            sqlite3ExprAlloc(db, TK_ID, &tOld, 0),
+            sqlite3ExprAlloc(db, TK_ID, &tToCol, 0)
+          , 0),
+          sqlite3ExprAlloc(db, TK_ID, &tFromCol, 0)
+      , 0);
+      pWhere = sqlite3ExprAnd(db, pWhere, pEq);
+
+      /* For ON UPDATE, construct the next term of the WHEN clause.
+      ** The final WHEN clause will be like this:
+      **
+      **    WHEN NOT(old.col1 IS new.col1 AND ... AND old.colN IS new.colN)
+      */
+      if( pChanges ){
+        pEq = sqlite3PExpr(pParse, TK_IS,
+            sqlite3PExpr(pParse, TK_DOT, 
+              sqlite3ExprAlloc(db, TK_ID, &tOld, 0),
+              sqlite3ExprAlloc(db, TK_ID, &tToCol, 0),
+              0),
+            sqlite3PExpr(pParse, TK_DOT, 
+              sqlite3ExprAlloc(db, TK_ID, &tNew, 0),
+              sqlite3ExprAlloc(db, TK_ID, &tToCol, 0),
+              0),
+            0);
+        pWhen = sqlite3ExprAnd(db, pWhen, pEq);
+      }
+  
+      if( action!=OE_Restrict && (action!=OE_Cascade || pChanges) ){
+        Expr *pNew;
+        if( action==OE_Cascade ){
+          pNew = sqlite3PExpr(pParse, TK_DOT, 
+            sqlite3ExprAlloc(db, TK_ID, &tNew, 0),
+            sqlite3ExprAlloc(db, TK_ID, &tToCol, 0)
+          , 0);
+        }else if( action==OE_SetDflt ){
+          Expr *pDflt = pFKey->pFrom->aCol[iFromCol].pDflt;
+          if( pDflt ){
+            pNew = sqlite3ExprDup(db, pDflt, 0);
+          }else{
+            pNew = sqlite3PExpr(pParse, TK_NULL, 0, 0, 0);
+          }
+        }else{
+          pNew = sqlite3PExpr(pParse, TK_NULL, 0, 0, 0);
+        }
+        pList = sqlite3ExprListAppend(pParse, pList, pNew);
+        sqlite3ExprListSetName(pParse, pList, &tFromCol, 0);
+      }
+    }
+    sqlite3DbFree(db, aiCol);
+
+    zFrom = pFKey->pFrom->zName;
+    nFrom = sqlite3Strlen30(zFrom);
+
+    if( action==OE_Restrict ){
+      Token tFrom;
+      Expr *pRaise; 
+
+      tFrom.z = zFrom;
+      tFrom.n = nFrom;
+      pRaise = sqlite3Expr(db, TK_RAISE, "FOREIGN KEY constraint failed");
+      if( pRaise ){
+        pRaise->affinity = OE_Abort;
+      }
+      pSelect = sqlite3SelectNew(pParse, 
+          sqlite3ExprListAppend(pParse, 0, pRaise),
+          sqlite3SrcListAppend(db, 0, &tFrom, 0),
+          pWhere,
+          0, 0, 0, 0, 0, 0
+      );
+      pWhere = 0;
+    }
+
+    /* Disable lookaside memory allocation */
+    enableLookaside = db->lookaside.bEnabled;
+    db->lookaside.bEnabled = 0;
+
+    pTrigger = (Trigger *)sqlite3DbMallocZero(db, 
+        sizeof(Trigger) +         /* struct Trigger */
+        sizeof(TriggerStep) +     /* Single step in trigger program */
+        nFrom + 1                 /* Space for pStep->zTarget */
+    );
+    if( pTrigger ){
+      pStep = pTrigger->step_list = (TriggerStep *)&pTrigger[1];
+      pStep->zTarget = (char *)&pStep[1];
+      memcpy((char *)pStep->zTarget, zFrom, nFrom);
+  
+      pStep->pWhere = sqlite3ExprDup(db, pWhere, EXPRDUP_REDUCE);
+      pStep->pExprList = sqlite3ExprListDup(db, pList, EXPRDUP_REDUCE);
+      pStep->pSelect = sqlite3SelectDup(db, pSelect, EXPRDUP_REDUCE);
+      if( pWhen ){
+        pWhen = sqlite3PExpr(pParse, TK_NOT, pWhen, 0, 0);
+        pTrigger->pWhen = sqlite3ExprDup(db, pWhen, EXPRDUP_REDUCE);
+      }
+    }
+
+    /* Re-enable the lookaside buffer, if it was disabled earlier. */
+    db->lookaside.bEnabled = enableLookaside;
+
+    sqlite3ExprDelete(db, pWhere);
+    sqlite3ExprDelete(db, pWhen);
+    sqlite3ExprListDelete(db, pList);
+    sqlite3SelectDelete(db, pSelect);
+    if( db->mallocFailed==1 ){
+      fkTriggerDelete(db, pTrigger);
+      return 0;
+    }
+    assert( pStep!=0 );
+
+    switch( action ){
+      case OE_Restrict:
+        pStep->op = TK_SELECT; 
+        break;
+      case OE_Cascade: 
+        if( !pChanges ){ 
+          pStep->op = TK_DELETE; 
+          break; 
+        }
+      default:
+        pStep->op = TK_UPDATE;
+    }
+    pStep->pTrig = pTrigger;
+    pTrigger->pSchema = pTab->pSchema;
+    pTrigger->pTabSchema = pTab->pSchema;
+    pFKey->apTrigger[iAction] = pTrigger;
+    pTrigger->op = (pChanges ? TK_UPDATE : TK_DELETE);
+  }
+
+  return pTrigger;
+}
+
+/*
+** This function is called when deleting or updating a row to implement
+** any required CASCADE, SET NULL or SET DEFAULT actions.
+*/
+SQLITE_PRIVATE void sqlite3FkActions(
+  Parse *pParse,                  /* Parse context */
+  Table *pTab,                    /* Table being updated or deleted from */
+  ExprList *pChanges,             /* Change-list for UPDATE, NULL for DELETE */
+  int regOld,                     /* Address of array containing old row */
+  int *aChange,                   /* Array indicating UPDATEd columns (or 0) */
+  int bChngRowid                  /* True if rowid is UPDATEd */
+){
+  /* If foreign-key support is enabled, iterate through all FKs that 
+  ** refer to table pTab. If there is an action associated with the FK 
+  ** for this operation (either update or delete), invoke the associated 
+  ** trigger sub-program.  */
+  if( pParse->db->flags&SQLITE_ForeignKeys ){
+    FKey *pFKey;                  /* Iterator variable */
+    for(pFKey = sqlite3FkReferences(pTab); pFKey; pFKey=pFKey->pNextTo){
+      if( aChange==0 || fkParentIsModified(pTab, pFKey, aChange, bChngRowid) ){
+        Trigger *pAct = fkActionTrigger(pParse, pTab, pFKey, pChanges);
+        if( pAct ){
+          sqlite3CodeRowTriggerDirect(pParse, pAct, pTab, regOld, OE_Abort, 0);
+        }
+      }
+    }
+  }
+}
+
+#endif /* ifndef SQLITE_OMIT_TRIGGER */
+
+/*
+** Free all memory associated with foreign key definitions attached to
+** table pTab. Remove the deleted foreign keys from the Schema.fkeyHash
+** hash table.
+*/
+SQLITE_PRIVATE void sqlite3FkDelete(sqlite3 *db, Table *pTab){
+  FKey *pFKey;                    /* Iterator variable */
+  FKey *pNext;                    /* Copy of pFKey->pNextFrom */
+
+  assert( db==0 || sqlite3SchemaMutexHeld(db, 0, pTab->pSchema) );
+  for(pFKey=pTab->pFKey; pFKey; pFKey=pNext){
+
+    /* Remove the FK from the fkeyHash hash table. */
+    if( !db || db->pnBytesFreed==0 ){
+      if( pFKey->pPrevTo ){
+        pFKey->pPrevTo->pNextTo = pFKey->pNextTo;
+      }else{
+        void *p = (void *)pFKey->pNextTo;
+        const char *z = (p ? pFKey->pNextTo->zTo : pFKey->zTo);
+        sqlite3HashInsert(&pTab->pSchema->fkeyHash, z, p);
+      }
+      if( pFKey->pNextTo ){
+        pFKey->pNextTo->pPrevTo = pFKey->pPrevTo;
+      }
+    }
+
+    /* EV: R-30323-21917 Each foreign key constraint in SQLite is
+    ** classified as either immediate or deferred.
+    */
+    assert( pFKey->isDeferred==0 || pFKey->isDeferred==1 );
+
+    /* Delete any triggers created to implement actions for this FK. */
+#ifndef SQLITE_OMIT_TRIGGER
+    fkTriggerDelete(db, pFKey->apTrigger[0]);
+    fkTriggerDelete(db, pFKey->apTrigger[1]);
+#endif
+
+    pNext = pFKey->pNextFrom;
+    sqlite3DbFree(db, pFKey);
+  }
+}
+#endif /* ifndef SQLITE_OMIT_FOREIGN_KEY */
+
+/************** End of fkey.c ************************************************/
+/************** Begin file insert.c ******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains C code routines that are called by the parser
+** to handle INSERT statements in SQLite.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** Generate code that will 
+**
+**   (1) acquire a lock for table pTab then
+**   (2) open pTab as cursor iCur.
+**
+** If pTab is a WITHOUT ROWID table, then it is the PRIMARY KEY index
+** for that table that is actually opened.
+*/
+SQLITE_PRIVATE void sqlite3OpenTable(
+  Parse *pParse,  /* Generate code into this VDBE */
+  int iCur,       /* The cursor number of the table */
+  int iDb,        /* The database index in sqlite3.aDb[] */
+  Table *pTab,    /* The table to be opened */
+  int opcode      /* OP_OpenRead or OP_OpenWrite */
+){
+  Vdbe *v;
+  assert( !IsVirtual(pTab) );
+  v = sqlite3GetVdbe(pParse);
+  assert( opcode==OP_OpenWrite || opcode==OP_OpenRead );
+  sqlite3TableLock(pParse, iDb, pTab->tnum, 
+                   (opcode==OP_OpenWrite)?1:0, pTab->zName);
+  if( HasRowid(pTab) ){
+    sqlite3VdbeAddOp4Int(v, opcode, iCur, pTab->tnum, iDb, pTab->nCol);
+    VdbeComment((v, "%s", pTab->zName));
+  }else{
+    Index *pPk = sqlite3PrimaryKeyIndex(pTab);
+    assert( pPk!=0 );
+    assert( pPk->tnum==pTab->tnum );
+    sqlite3VdbeAddOp3(v, opcode, iCur, pPk->tnum, iDb);
+    sqlite3VdbeSetP4KeyInfo(pParse, pPk);
+    VdbeComment((v, "%s", pTab->zName));
+  }
+}
+
+/*
+** Return a pointer to the column affinity string associated with index
+** pIdx. A column affinity string has one character for each column in 
+** the table, according to the affinity of the column:
+**
+**  Character      Column affinity
+**  ------------------------------
+**  'A'            BLOB
+**  'B'            TEXT
+**  'C'            NUMERIC
+**  'D'            INTEGER
+**  'F'            REAL
+**
+** An extra 'D' is appended to the end of the string to cover the
+** rowid that appears as the last column in every index.
+**
+** Memory for the buffer containing the column index affinity string
+** is managed along with the rest of the Index structure. It will be
+** released when sqlite3DeleteIndex() is called.
+*/
+SQLITE_PRIVATE const char *sqlite3IndexAffinityStr(sqlite3 *db, Index *pIdx){
+  if( !pIdx->zColAff ){
+    /* The first time a column affinity string for a particular index is
+    ** required, it is allocated and populated here. It is then stored as
+    ** a member of the Index structure for subsequent use.
+    **
+    ** The column affinity string will eventually be deleted by
+    ** sqliteDeleteIndex() when the Index structure itself is cleaned
+    ** up.
+    */
+    int n;
+    Table *pTab = pIdx->pTable;
+    pIdx->zColAff = (char *)sqlite3DbMallocRaw(0, pIdx->nColumn+1);
+    if( !pIdx->zColAff ){
+      db->mallocFailed = 1;
+      return 0;
+    }
+    for(n=0; n<pIdx->nColumn; n++){
+      i16 x = pIdx->aiColumn[n];
+      if( x>=0 ){
+        pIdx->zColAff[n] = pTab->aCol[x].affinity;
+      }else if( x==XN_ROWID ){
+        pIdx->zColAff[n] = SQLITE_AFF_INTEGER;
+      }else{
+        char aff;
+        assert( x==XN_EXPR );
+        assert( pIdx->aColExpr!=0 );
+        aff = sqlite3ExprAffinity(pIdx->aColExpr->a[n].pExpr);
+        if( aff==0 ) aff = SQLITE_AFF_BLOB;
+        pIdx->zColAff[n] = aff;
+      }
+    }
+    pIdx->zColAff[n] = 0;
+  }
+ 
+  return pIdx->zColAff;
+}
+
+/*
+** Compute the affinity string for table pTab, if it has not already been
+** computed.  As an optimization, omit trailing SQLITE_AFF_BLOB affinities.
+**
+** If the affinity exists (if it is no entirely SQLITE_AFF_BLOB values) and
+** if iReg>0 then code an OP_Affinity opcode that will set the affinities
+** for register iReg and following.  Or if affinities exists and iReg==0,
+** then just set the P4 operand of the previous opcode (which should  be
+** an OP_MakeRecord) to the affinity string.
+**
+** A column affinity string has one character per column:
+**
+**  Character      Column affinity
+**  ------------------------------
+**  'A'            BLOB
+**  'B'            TEXT
+**  'C'            NUMERIC
+**  'D'            INTEGER
+**  'E'            REAL
+*/
+SQLITE_PRIVATE void sqlite3TableAffinity(Vdbe *v, Table *pTab, int iReg){
+  int i;
+  char *zColAff = pTab->zColAff;
+  if( zColAff==0 ){
+    sqlite3 *db = sqlite3VdbeDb(v);
+    zColAff = (char *)sqlite3DbMallocRaw(0, pTab->nCol+1);
+    if( !zColAff ){
+      db->mallocFailed = 1;
+      return;
+    }
+
+    for(i=0; i<pTab->nCol; i++){
+      zColAff[i] = pTab->aCol[i].affinity;
+    }
+    do{
+      zColAff[i--] = 0;
+    }while( i>=0 && zColAff[i]==SQLITE_AFF_BLOB );
+    pTab->zColAff = zColAff;
+  }
+  i = sqlite3Strlen30(zColAff);
+  if( i ){
+    if( iReg ){
+      sqlite3VdbeAddOp4(v, OP_Affinity, iReg, i, 0, zColAff, i);
+    }else{
+      sqlite3VdbeChangeP4(v, -1, zColAff, i);
+    }
+  }
+}
+
+/*
+** Return non-zero if the table pTab in database iDb or any of its indices
+** have been opened at any point in the VDBE program. This is used to see if 
+** a statement of the form  "INSERT INTO <iDb, pTab> SELECT ..." can 
+** run without using a temporary table for the results of the SELECT. 
+*/
+static int readsTable(Parse *p, int iDb, Table *pTab){
+  Vdbe *v = sqlite3GetVdbe(p);
+  int i;
+  int iEnd = sqlite3VdbeCurrentAddr(v);
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  VTable *pVTab = IsVirtual(pTab) ? sqlite3GetVTable(p->db, pTab) : 0;
+#endif
+
+  for(i=1; i<iEnd; i++){
+    VdbeOp *pOp = sqlite3VdbeGetOp(v, i);
+    assert( pOp!=0 );
+    if( pOp->opcode==OP_OpenRead && pOp->p3==iDb ){
+      Index *pIndex;
+      int tnum = pOp->p2;
+      if( tnum==pTab->tnum ){
+        return 1;
+      }
+      for(pIndex=pTab->pIndex; pIndex; pIndex=pIndex->pNext){
+        if( tnum==pIndex->tnum ){
+          return 1;
+        }
+      }
+    }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    if( pOp->opcode==OP_VOpen && pOp->p4.pVtab==pVTab ){
+      assert( pOp->p4.pVtab!=0 );
+      assert( pOp->p4type==P4_VTAB );
+      return 1;
+    }
+#endif
+  }
+  return 0;
+}
+
+#ifndef SQLITE_OMIT_AUTOINCREMENT
+/*
+** Locate or create an AutoincInfo structure associated with table pTab
+** which is in database iDb.  Return the register number for the register
+** that holds the maximum rowid.
+**
+** There is at most one AutoincInfo structure per table even if the
+** same table is autoincremented multiple times due to inserts within
+** triggers.  A new AutoincInfo structure is created if this is the
+** first use of table pTab.  On 2nd and subsequent uses, the original
+** AutoincInfo structure is used.
+**
+** Three memory locations are allocated:
+**
+**   (1)  Register to hold the name of the pTab table.
+**   (2)  Register to hold the maximum ROWID of pTab.
+**   (3)  Register to hold the rowid in sqlite_sequence of pTab
+**
+** The 2nd register is the one that is returned.  That is all the
+** insert routine needs to know about.
+*/
+static int autoIncBegin(
+  Parse *pParse,      /* Parsing context */
+  int iDb,            /* Index of the database holding pTab */
+  Table *pTab         /* The table we are writing to */
+){
+  int memId = 0;      /* Register holding maximum rowid */
+  if( pTab->tabFlags & TF_Autoincrement ){
+    Parse *pToplevel = sqlite3ParseToplevel(pParse);
+    AutoincInfo *pInfo;
+
+    pInfo = pToplevel->pAinc;
+    while( pInfo && pInfo->pTab!=pTab ){ pInfo = pInfo->pNext; }
+    if( pInfo==0 ){
+      pInfo = sqlite3DbMallocRaw(pParse->db, sizeof(*pInfo));
+      if( pInfo==0 ) return 0;
+      pInfo->pNext = pToplevel->pAinc;
+      pToplevel->pAinc = pInfo;
+      pInfo->pTab = pTab;
+      pInfo->iDb = iDb;
+      pToplevel->nMem++;                  /* Register to hold name of table */
+      pInfo->regCtr = ++pToplevel->nMem;  /* Max rowid register */
+      pToplevel->nMem++;                  /* Rowid in sqlite_sequence */
+    }
+    memId = pInfo->regCtr;
+  }
+  return memId;
+}
+
+/*
+** This routine generates code that will initialize all of the
+** register used by the autoincrement tracker.  
+*/
+SQLITE_PRIVATE void sqlite3AutoincrementBegin(Parse *pParse){
+  AutoincInfo *p;            /* Information about an AUTOINCREMENT */
+  sqlite3 *db = pParse->db;  /* The database connection */
+  Db *pDb;                   /* Database only autoinc table */
+  int memId;                 /* Register holding max rowid */
+  int addr;                  /* A VDBE address */
+  Vdbe *v = pParse->pVdbe;   /* VDBE under construction */
+
+  /* This routine is never called during trigger-generation.  It is
+  ** only called from the top-level */
+  assert( pParse->pTriggerTab==0 );
+  assert( sqlite3IsToplevel(pParse) );
+
+  assert( v );   /* We failed long ago if this is not so */
+  for(p = pParse->pAinc; p; p = p->pNext){
+    pDb = &db->aDb[p->iDb];
+    memId = p->regCtr;
+    assert( sqlite3SchemaMutexHeld(db, 0, pDb->pSchema) );
+    sqlite3OpenTable(pParse, 0, p->iDb, pDb->pSchema->pSeqTab, OP_OpenRead);
+    sqlite3VdbeAddOp3(v, OP_Null, 0, memId, memId+1);
+    addr = sqlite3VdbeCurrentAddr(v);
+    sqlite3VdbeLoadString(v, memId-1, p->pTab->zName);
+    sqlite3VdbeAddOp2(v, OP_Rewind, 0, addr+9); VdbeCoverage(v);
+    sqlite3VdbeAddOp3(v, OP_Column, 0, 0, memId);
+    sqlite3VdbeAddOp3(v, OP_Ne, memId-1, addr+7, memId); VdbeCoverage(v);
+    sqlite3VdbeChangeP5(v, SQLITE_JUMPIFNULL);
+    sqlite3VdbeAddOp2(v, OP_Rowid, 0, memId+1);
+    sqlite3VdbeAddOp3(v, OP_Column, 0, 1, memId);
+    sqlite3VdbeGoto(v, addr+9);
+    sqlite3VdbeAddOp2(v, OP_Next, 0, addr+2); VdbeCoverage(v);
+    sqlite3VdbeAddOp2(v, OP_Integer, 0, memId);
+    sqlite3VdbeAddOp0(v, OP_Close);
+  }
+}
+
+/*
+** Update the maximum rowid for an autoincrement calculation.
+**
+** This routine should be called when the top of the stack holds a
+** new rowid that is about to be inserted.  If that new rowid is
+** larger than the maximum rowid in the memId memory cell, then the
+** memory cell is updated.  The stack is unchanged.
+*/
+static void autoIncStep(Parse *pParse, int memId, int regRowid){
+  if( memId>0 ){
+    sqlite3VdbeAddOp2(pParse->pVdbe, OP_MemMax, memId, regRowid);
+  }
+}
+
+/*
+** This routine generates the code needed to write autoincrement
+** maximum rowid values back into the sqlite_sequence register.
+** Every statement that might do an INSERT into an autoincrement
+** table (either directly or through triggers) needs to call this
+** routine just before the "exit" code.
+*/
+SQLITE_PRIVATE void sqlite3AutoincrementEnd(Parse *pParse){
+  AutoincInfo *p;
+  Vdbe *v = pParse->pVdbe;
+  sqlite3 *db = pParse->db;
+
+  assert( v );
+  for(p = pParse->pAinc; p; p = p->pNext){
+    Db *pDb = &db->aDb[p->iDb];
+    int addr1;
+    int iRec;
+    int memId = p->regCtr;
+
+    iRec = sqlite3GetTempReg(pParse);
+    assert( sqlite3SchemaMutexHeld(db, 0, pDb->pSchema) );
+    sqlite3OpenTable(pParse, 0, p->iDb, pDb->pSchema->pSeqTab, OP_OpenWrite);
+    addr1 = sqlite3VdbeAddOp1(v, OP_NotNull, memId+1); VdbeCoverage(v);
+    sqlite3VdbeAddOp2(v, OP_NewRowid, 0, memId+1);
+    sqlite3VdbeJumpHere(v, addr1);
+    sqlite3VdbeAddOp3(v, OP_MakeRecord, memId-1, 2, iRec);
+    sqlite3VdbeAddOp3(v, OP_Insert, 0, iRec, memId+1);
+    sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
+    sqlite3VdbeAddOp0(v, OP_Close);
+    sqlite3ReleaseTempReg(pParse, iRec);
+  }
+}
+#else
+/*
+** If SQLITE_OMIT_AUTOINCREMENT is defined, then the three routines
+** above are all no-ops
+*/
+# define autoIncBegin(A,B,C) (0)
+# define autoIncStep(A,B,C)
+#endif /* SQLITE_OMIT_AUTOINCREMENT */
+
+
+/* Forward declaration */
+static int xferOptimization(
+  Parse *pParse,        /* Parser context */
+  Table *pDest,         /* The table we are inserting into */
+  Select *pSelect,      /* A SELECT statement to use as the data source */
+  int onError,          /* How to handle constraint errors */
+  int iDbDest           /* The database of pDest */
+);
+
+/*
+** This routine is called to handle SQL of the following forms:
+**
+**    insert into TABLE (IDLIST) values(EXPRLIST),(EXPRLIST),...
+**    insert into TABLE (IDLIST) select
+**    insert into TABLE (IDLIST) default values
+**
+** The IDLIST following the table name is always optional.  If omitted,
+** then a list of all (non-hidden) columns for the table is substituted.
+** The IDLIST appears in the pColumn parameter.  pColumn is NULL if IDLIST
+** is omitted.
+**
+** For the pSelect parameter holds the values to be inserted for the
+** first two forms shown above.  A VALUES clause is really just short-hand
+** for a SELECT statement that omits the FROM clause and everything else
+** that follows.  If the pSelect parameter is NULL, that means that the
+** DEFAULT VALUES form of the INSERT statement is intended.
+**
+** The code generated follows one of four templates.  For a simple
+** insert with data coming from a single-row VALUES clause, the code executes
+** once straight down through.  Pseudo-code follows (we call this
+** the "1st template"):
+**
+**         open write cursor to <table> and its indices
+**         put VALUES clause expressions into registers
+**         write the resulting record into <table>
+**         cleanup
+**
+** The three remaining templates assume the statement is of the form
+**
+**   INSERT INTO <table> SELECT ...
+**
+** If the SELECT clause is of the restricted form "SELECT * FROM <table2>" -
+** in other words if the SELECT pulls all columns from a single table
+** and there is no WHERE or LIMIT or GROUP BY or ORDER BY clauses, and
+** if <table2> and <table1> are distinct tables but have identical
+** schemas, including all the same indices, then a special optimization
+** is invoked that copies raw records from <table2> over to <table1>.
+** See the xferOptimization() function for the implementation of this
+** template.  This is the 2nd template.
+**
+**         open a write cursor to <table>
+**         open read cursor on <table2>
+**         transfer all records in <table2> over to <table>
+**         close cursors
+**         foreach index on <table>
+**           open a write cursor on the <table> index
+**           open a read cursor on the corresponding <table2> index
+**           transfer all records from the read to the write cursors
+**           close cursors
+**         end foreach
+**
+** The 3rd template is for when the second template does not apply
+** and the SELECT clause does not read from <table> at any time.
+** The generated code follows this template:
+**
+**         X <- A
+**         goto B
+**      A: setup for the SELECT
+**         loop over the rows in the SELECT
+**           load values into registers R..R+n
+**           yield X
+**         end loop
+**         cleanup after the SELECT
+**         end-coroutine X
+**      B: open write cursor to <table> and its indices
+**      C: yield X, at EOF goto D
+**         insert the select result into <table> from R..R+n
+**         goto C
+**      D: cleanup
+**
+** The 4th template is used if the insert statement takes its
+** values from a SELECT but the data is being inserted into a table
+** that is also read as part of the SELECT.  In the third form,
+** we have to use an intermediate table to store the results of
+** the select.  The template is like this:
+**
+**         X <- A
+**         goto B
+**      A: setup for the SELECT
+**         loop over the tables in the SELECT
+**           load value into register R..R+n
+**           yield X
+**         end loop
+**         cleanup after the SELECT
+**         end co-routine R
+**      B: open temp table
+**      L: yield X, at EOF goto M
+**         insert row from R..R+n into temp table
+**         goto L
+**      M: open write cursor to <table> and its indices
+**         rewind temp table
+**      C: loop over rows of intermediate table
+**           transfer values form intermediate table into <table>
+**         end loop
+**      D: cleanup
+*/
+SQLITE_PRIVATE void sqlite3Insert(
+  Parse *pParse,        /* Parser context */
+  SrcList *pTabList,    /* Name of table into which we are inserting */
+  Select *pSelect,      /* A SELECT statement to use as the data source */
+  IdList *pColumn,      /* Column names corresponding to IDLIST. */
+  int onError           /* How to handle constraint errors */
+){
+  sqlite3 *db;          /* The main database structure */
+  Table *pTab;          /* The table to insert into.  aka TABLE */
+  char *zTab;           /* Name of the table into which we are inserting */
+  const char *zDb;      /* Name of the database holding this table */
+  int i, j, idx;        /* Loop counters */
+  Vdbe *v;              /* Generate code into this virtual machine */
+  Index *pIdx;          /* For looping over indices of the table */
+  int nColumn;          /* Number of columns in the data */
+  int nHidden = 0;      /* Number of hidden columns if TABLE is virtual */
+  int iDataCur = 0;     /* VDBE cursor that is the main data repository */
+  int iIdxCur = 0;      /* First index cursor */
+  int ipkColumn = -1;   /* Column that is the INTEGER PRIMARY KEY */
+  int endOfLoop;        /* Label for the end of the insertion loop */
+  int srcTab = 0;       /* Data comes from this temporary cursor if >=0 */
+  int addrInsTop = 0;   /* Jump to label "D" */
+  int addrCont = 0;     /* Top of insert loop. Label "C" in templates 3 and 4 */
+  SelectDest dest;      /* Destination for SELECT on rhs of INSERT */
+  int iDb;              /* Index of database holding TABLE */
+  Db *pDb;              /* The database containing table being inserted into */
+  u8 useTempTable = 0;  /* Store SELECT results in intermediate table */
+  u8 appendFlag = 0;    /* True if the insert is likely to be an append */
+  u8 withoutRowid;      /* 0 for normal table.  1 for WITHOUT ROWID table */
+  u8 bIdListInOrder;    /* True if IDLIST is in table order */
+  ExprList *pList = 0;  /* List of VALUES() to be inserted  */
+
+  /* Register allocations */
+  int regFromSelect = 0;/* Base register for data coming from SELECT */
+  int regAutoinc = 0;   /* Register holding the AUTOINCREMENT counter */
+  int regRowCount = 0;  /* Memory cell used for the row counter */
+  int regIns;           /* Block of regs holding rowid+data being inserted */
+  int regRowid;         /* registers holding insert rowid */
+  int regData;          /* register holding first column to insert */
+  int *aRegIdx = 0;     /* One register allocated to each index */
+
+#ifndef SQLITE_OMIT_TRIGGER
+  int isView;                 /* True if attempting to insert into a view */
+  Trigger *pTrigger;          /* List of triggers on pTab, if required */
+  int tmask;                  /* Mask of trigger times */
+#endif
+
+  db = pParse->db;
+  memset(&dest, 0, sizeof(dest));
+  if( pParse->nErr || db->mallocFailed ){
+    goto insert_cleanup;
+  }
+
+  /* If the Select object is really just a simple VALUES() list with a
+  ** single row (the common case) then keep that one row of values
+  ** and discard the other (unused) parts of the pSelect object
+  */
+  if( pSelect && (pSelect->selFlags & SF_Values)!=0 && pSelect->pPrior==0 ){
+    pList = pSelect->pEList;
+    pSelect->pEList = 0;
+    sqlite3SelectDelete(db, pSelect);
+    pSelect = 0;
+  }
+
+  /* Locate the table into which we will be inserting new information.
+  */
+  assert( pTabList->nSrc==1 );
+  zTab = pTabList->a[0].zName;
+  if( NEVER(zTab==0) ) goto insert_cleanup;
+  pTab = sqlite3SrcListLookup(pParse, pTabList);
+  if( pTab==0 ){
+    goto insert_cleanup;
+  }
+  iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+  assert( iDb<db->nDb );
+  pDb = &db->aDb[iDb];
+  zDb = pDb->zName;
+  if( sqlite3AuthCheck(pParse, SQLITE_INSERT, pTab->zName, 0, zDb) ){
+    goto insert_cleanup;
+  }
+  withoutRowid = !HasRowid(pTab);
+
+  /* Figure out if we have any triggers and if the table being
+  ** inserted into is a view
+  */
+#ifndef SQLITE_OMIT_TRIGGER
+  pTrigger = sqlite3TriggersExist(pParse, pTab, TK_INSERT, 0, &tmask);
+  isView = pTab->pSelect!=0;
+#else
+# define pTrigger 0
+# define tmask 0
+# define isView 0
+#endif
+#ifdef SQLITE_OMIT_VIEW
+# undef isView
+# define isView 0
+#endif
+  assert( (pTrigger && tmask) || (pTrigger==0 && tmask==0) );
+
+  /* If pTab is really a view, make sure it has been initialized.
+  ** ViewGetColumnNames() is a no-op if pTab is not a view.
+  */
+  if( sqlite3ViewGetColumnNames(pParse, pTab) ){
+    goto insert_cleanup;
+  }
+
+  /* Cannot insert into a read-only table.
+  */
+  if( sqlite3IsReadOnly(pParse, pTab, tmask) ){
+    goto insert_cleanup;
+  }
+
+  /* Allocate a VDBE
+  */
+  v = sqlite3GetVdbe(pParse);
+  if( v==0 ) goto insert_cleanup;
+  if( pParse->nested==0 ) sqlite3VdbeCountChanges(v);
+  sqlite3BeginWriteOperation(pParse, pSelect || pTrigger, iDb);
+
+#ifndef SQLITE_OMIT_XFER_OPT
+  /* If the statement is of the form
+  **
+  **       INSERT INTO <table1> SELECT * FROM <table2>;
+  **
+  ** Then special optimizations can be applied that make the transfer
+  ** very fast and which reduce fragmentation of indices.
+  **
+  ** This is the 2nd template.
+  */
+  if( pColumn==0 && xferOptimization(pParse, pTab, pSelect, onError, iDb) ){
+    assert( !pTrigger );
+    assert( pList==0 );
+    goto insert_end;
+  }
+#endif /* SQLITE_OMIT_XFER_OPT */
+
+  /* If this is an AUTOINCREMENT table, look up the sequence number in the
+  ** sqlite_sequence table and store it in memory cell regAutoinc.
+  */
+  regAutoinc = autoIncBegin(pParse, iDb, pTab);
+
+  /* Allocate registers for holding the rowid of the new row,
+  ** the content of the new row, and the assembled row record.
+  */
+  regRowid = regIns = pParse->nMem+1;
+  pParse->nMem += pTab->nCol + 1;
+  if( IsVirtual(pTab) ){
+    regRowid++;
+    pParse->nMem++;
+  }
+  regData = regRowid+1;
+
+  /* If the INSERT statement included an IDLIST term, then make sure
+  ** all elements of the IDLIST really are columns of the table and 
+  ** remember the column indices.
+  **
+  ** If the table has an INTEGER PRIMARY KEY column and that column
+  ** is named in the IDLIST, then record in the ipkColumn variable
+  ** the index into IDLIST of the primary key column.  ipkColumn is
+  ** the index of the primary key as it appears in IDLIST, not as
+  ** is appears in the original table.  (The index of the INTEGER
+  ** PRIMARY KEY in the original table is pTab->iPKey.)
+  */
+  bIdListInOrder = (pTab->tabFlags & TF_OOOHidden)==0;
+  if( pColumn ){
+    for(i=0; i<pColumn->nId; i++){
+      pColumn->a[i].idx = -1;
+    }
+    for(i=0; i<pColumn->nId; i++){
+      for(j=0; j<pTab->nCol; j++){
+        if( sqlite3StrICmp(pColumn->a[i].zName, pTab->aCol[j].zName)==0 ){
+          pColumn->a[i].idx = j;
+          if( i!=j ) bIdListInOrder = 0;
+          if( j==pTab->iPKey ){
+            ipkColumn = i;  assert( !withoutRowid );
+          }
+          break;
+        }
+      }
+      if( j>=pTab->nCol ){
+        if( sqlite3IsRowid(pColumn->a[i].zName) && !withoutRowid ){
+          ipkColumn = i;
+          bIdListInOrder = 0;
+        }else{
+          sqlite3ErrorMsg(pParse, "table %S has no column named %s",
+              pTabList, 0, pColumn->a[i].zName);
+          pParse->checkSchema = 1;
+          goto insert_cleanup;
+        }
+      }
+    }
+  }
+
+  /* Figure out how many columns of data are supplied.  If the data
+  ** is coming from a SELECT statement, then generate a co-routine that
+  ** produces a single row of the SELECT on each invocation.  The
+  ** co-routine is the common header to the 3rd and 4th templates.
+  */
+  if( pSelect ){
+    /* Data is coming from a SELECT or from a multi-row VALUES clause.
+    ** Generate a co-routine to run the SELECT. */
+    int regYield;       /* Register holding co-routine entry-point */
+    int addrTop;        /* Top of the co-routine */
+    int rc;             /* Result code */
+
+    regYield = ++pParse->nMem;
+    addrTop = sqlite3VdbeCurrentAddr(v) + 1;
+    sqlite3VdbeAddOp3(v, OP_InitCoroutine, regYield, 0, addrTop);
+    sqlite3SelectDestInit(&dest, SRT_Coroutine, regYield);
+    dest.iSdst = bIdListInOrder ? regData : 0;
+    dest.nSdst = pTab->nCol;
+    rc = sqlite3Select(pParse, pSelect, &dest);
+    regFromSelect = dest.iSdst;
+    if( rc || db->mallocFailed || pParse->nErr ) goto insert_cleanup;
+    sqlite3VdbeAddOp1(v, OP_EndCoroutine, regYield);
+    sqlite3VdbeJumpHere(v, addrTop - 1);                       /* label B: */
+    assert( pSelect->pEList );
+    nColumn = pSelect->pEList->nExpr;
+
+    /* Set useTempTable to TRUE if the result of the SELECT statement
+    ** should be written into a temporary table (template 4).  Set to
+    ** FALSE if each output row of the SELECT can be written directly into
+    ** the destination table (template 3).
+    **
+    ** A temp table must be used if the table being updated is also one
+    ** of the tables being read by the SELECT statement.  Also use a 
+    ** temp table in the case of row triggers.
+    */
+    if( pTrigger || readsTable(pParse, iDb, pTab) ){
+      useTempTable = 1;
+    }
+
+    if( useTempTable ){
+      /* Invoke the coroutine to extract information from the SELECT
+      ** and add it to a transient table srcTab.  The code generated
+      ** here is from the 4th template:
+      **
+      **      B: open temp table
+      **      L: yield X, goto M at EOF
+      **         insert row from R..R+n into temp table
+      **         goto L
+      **      M: ...
+      */
+      int regRec;          /* Register to hold packed record */
+      int regTempRowid;    /* Register to hold temp table ROWID */
+      int addrL;           /* Label "L" */
+
+      srcTab = pParse->nTab++;
+      regRec = sqlite3GetTempReg(pParse);
+      regTempRowid = sqlite3GetTempReg(pParse);
+      sqlite3VdbeAddOp2(v, OP_OpenEphemeral, srcTab, nColumn);
+      addrL = sqlite3VdbeAddOp1(v, OP_Yield, dest.iSDParm); VdbeCoverage(v);
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, regFromSelect, nColumn, regRec);
+      sqlite3VdbeAddOp2(v, OP_NewRowid, srcTab, regTempRowid);
+      sqlite3VdbeAddOp3(v, OP_Insert, srcTab, regRec, regTempRowid);
+      sqlite3VdbeGoto(v, addrL);
+      sqlite3VdbeJumpHere(v, addrL);
+      sqlite3ReleaseTempReg(pParse, regRec);
+      sqlite3ReleaseTempReg(pParse, regTempRowid);
+    }
+  }else{
+    /* This is the case if the data for the INSERT is coming from a 
+    ** single-row VALUES clause
+    */
+    NameContext sNC;
+    memset(&sNC, 0, sizeof(sNC));
+    sNC.pParse = pParse;
+    srcTab = -1;
+    assert( useTempTable==0 );
+    if( pList ){
+      nColumn = pList->nExpr;
+      if( sqlite3ResolveExprListNames(&sNC, pList) ){
+        goto insert_cleanup;
+      }
+    }else{
+      nColumn = 0;
+    }
+  }
+
+  /* If there is no IDLIST term but the table has an integer primary
+  ** key, the set the ipkColumn variable to the integer primary key 
+  ** column index in the original table definition.
+  */
+  if( pColumn==0 && nColumn>0 ){
+    ipkColumn = pTab->iPKey;
+  }
+
+  /* Make sure the number of columns in the source data matches the number
+  ** of columns to be inserted into the table.
+  */
+  for(i=0; i<pTab->nCol; i++){
+    nHidden += (IsHiddenColumn(&pTab->aCol[i]) ? 1 : 0);
+  }
+  if( pColumn==0 && nColumn && nColumn!=(pTab->nCol-nHidden) ){
+    sqlite3ErrorMsg(pParse, 
+       "table %S has %d columns but %d values were supplied",
+       pTabList, 0, pTab->nCol-nHidden, nColumn);
+    goto insert_cleanup;
+  }
+  if( pColumn!=0 && nColumn!=pColumn->nId ){
+    sqlite3ErrorMsg(pParse, "%d values for %d columns", nColumn, pColumn->nId);
+    goto insert_cleanup;
+  }
+    
+  /* Initialize the count of rows to be inserted
+  */
+  if( db->flags & SQLITE_CountRows ){
+    regRowCount = ++pParse->nMem;
+    sqlite3VdbeAddOp2(v, OP_Integer, 0, regRowCount);
+  }
+
+  /* If this is not a view, open the table and and all indices */
+  if( !isView ){
+    int nIdx;
+    nIdx = sqlite3OpenTableAndIndices(pParse, pTab, OP_OpenWrite, 0, -1, 0,
+                                      &iDataCur, &iIdxCur);
+    aRegIdx = sqlite3DbMallocRaw(db, sizeof(int)*(nIdx+1));
+    if( aRegIdx==0 ){
+      goto insert_cleanup;
+    }
+    for(i=0; i<nIdx; i++){
+      aRegIdx[i] = ++pParse->nMem;
+    }
+  }
+
+  /* This is the top of the main insertion loop */
+  if( useTempTable ){
+    /* This block codes the top of loop only.  The complete loop is the
+    ** following pseudocode (template 4):
+    **
+    **         rewind temp table, if empty goto D
+    **      C: loop over rows of intermediate table
+    **           transfer values form intermediate table into <table>
+    **         end loop
+    **      D: ...
+    */
+    addrInsTop = sqlite3VdbeAddOp1(v, OP_Rewind, srcTab); VdbeCoverage(v);
+    addrCont = sqlite3VdbeCurrentAddr(v);
+  }else if( pSelect ){
+    /* This block codes the top of loop only.  The complete loop is the
+    ** following pseudocode (template 3):
+    **
+    **      C: yield X, at EOF goto D
+    **         insert the select result into <table> from R..R+n
+    **         goto C
+    **      D: ...
+    */
+    addrInsTop = addrCont = sqlite3VdbeAddOp1(v, OP_Yield, dest.iSDParm);
+    VdbeCoverage(v);
+  }
+
+  /* Run the BEFORE and INSTEAD OF triggers, if there are any
+  */
+  endOfLoop = sqlite3VdbeMakeLabel(v);
+  if( tmask & TRIGGER_BEFORE ){
+    int regCols = sqlite3GetTempRange(pParse, pTab->nCol+1);
+
+    /* build the NEW.* reference row.  Note that if there is an INTEGER
+    ** PRIMARY KEY into which a NULL is being inserted, that NULL will be
+    ** translated into a unique ID for the row.  But on a BEFORE trigger,
+    ** we do not know what the unique ID will be (because the insert has
+    ** not happened yet) so we substitute a rowid of -1
+    */
+    if( ipkColumn<0 ){
+      sqlite3VdbeAddOp2(v, OP_Integer, -1, regCols);
+    }else{
+      int addr1;
+      assert( !withoutRowid );
+      if( useTempTable ){
+        sqlite3VdbeAddOp3(v, OP_Column, srcTab, ipkColumn, regCols);
+      }else{
+        assert( pSelect==0 );  /* Otherwise useTempTable is true */
+        sqlite3ExprCode(pParse, pList->a[ipkColumn].pExpr, regCols);
+      }
+      addr1 = sqlite3VdbeAddOp1(v, OP_NotNull, regCols); VdbeCoverage(v);
+      sqlite3VdbeAddOp2(v, OP_Integer, -1, regCols);
+      sqlite3VdbeJumpHere(v, addr1);
+      sqlite3VdbeAddOp1(v, OP_MustBeInt, regCols); VdbeCoverage(v);
+    }
+
+    /* Cannot have triggers on a virtual table. If it were possible,
+    ** this block would have to account for hidden column.
+    */
+    assert( !IsVirtual(pTab) );
+
+    /* Create the new column data
+    */
+    for(i=j=0; i<pTab->nCol; i++){
+      if( pColumn ){
+        for(j=0; j<pColumn->nId; j++){
+          if( pColumn->a[j].idx==i ) break;
+        }
+      }
+      if( (!useTempTable && !pList) || (pColumn && j>=pColumn->nId)
+            || (pColumn==0 && IsOrdinaryHiddenColumn(&pTab->aCol[i])) ){
+        sqlite3ExprCode(pParse, pTab->aCol[i].pDflt, regCols+i+1);
+      }else if( useTempTable ){
+        sqlite3VdbeAddOp3(v, OP_Column, srcTab, j, regCols+i+1); 
+      }else{
+        assert( pSelect==0 ); /* Otherwise useTempTable is true */
+        sqlite3ExprCodeAndCache(pParse, pList->a[j].pExpr, regCols+i+1);
+      }
+      if( pColumn==0 && !IsOrdinaryHiddenColumn(&pTab->aCol[i]) ) j++;
+    }
+
+    /* If this is an INSERT on a view with an INSTEAD OF INSERT trigger,
+    ** do not attempt any conversions before assembling the record.
+    ** If this is a real table, attempt conversions as required by the
+    ** table column affinities.
+    */
+    if( !isView ){
+      sqlite3TableAffinity(v, pTab, regCols+1);
+    }
+
+    /* Fire BEFORE or INSTEAD OF triggers */
+    sqlite3CodeRowTrigger(pParse, pTrigger, TK_INSERT, 0, TRIGGER_BEFORE, 
+        pTab, regCols-pTab->nCol-1, onError, endOfLoop);
+
+    sqlite3ReleaseTempRange(pParse, regCols, pTab->nCol+1);
+  }
+
+  /* Compute the content of the next row to insert into a range of
+  ** registers beginning at regIns.
+  */
+  if( !isView ){
+    if( IsVirtual(pTab) ){
+      /* The row that the VUpdate opcode will delete: none */
+      sqlite3VdbeAddOp2(v, OP_Null, 0, regIns);
+    }
+    if( ipkColumn>=0 ){
+      if( useTempTable ){
+        sqlite3VdbeAddOp3(v, OP_Column, srcTab, ipkColumn, regRowid);
+      }else if( pSelect ){
+        sqlite3VdbeAddOp2(v, OP_Copy, regFromSelect+ipkColumn, regRowid);
+      }else{
+        VdbeOp *pOp;
+        sqlite3ExprCode(pParse, pList->a[ipkColumn].pExpr, regRowid);
+        pOp = sqlite3VdbeGetOp(v, -1);
+        if( ALWAYS(pOp) && pOp->opcode==OP_Null && !IsVirtual(pTab) ){
+          appendFlag = 1;
+          pOp->opcode = OP_NewRowid;
+          pOp->p1 = iDataCur;
+          pOp->p2 = regRowid;
+          pOp->p3 = regAutoinc;
+        }
+      }
+      /* If the PRIMARY KEY expression is NULL, then use OP_NewRowid
+      ** to generate a unique primary key value.
+      */
+      if( !appendFlag ){
+        int addr1;
+        if( !IsVirtual(pTab) ){
+          addr1 = sqlite3VdbeAddOp1(v, OP_NotNull, regRowid); VdbeCoverage(v);
+          sqlite3VdbeAddOp3(v, OP_NewRowid, iDataCur, regRowid, regAutoinc);
+          sqlite3VdbeJumpHere(v, addr1);
+        }else{
+          addr1 = sqlite3VdbeCurrentAddr(v);
+          sqlite3VdbeAddOp2(v, OP_IsNull, regRowid, addr1+2); VdbeCoverage(v);
+        }
+        sqlite3VdbeAddOp1(v, OP_MustBeInt, regRowid); VdbeCoverage(v);
+      }
+    }else if( IsVirtual(pTab) || withoutRowid ){
+      sqlite3VdbeAddOp2(v, OP_Null, 0, regRowid);
+    }else{
+      sqlite3VdbeAddOp3(v, OP_NewRowid, iDataCur, regRowid, regAutoinc);
+      appendFlag = 1;
+    }
+    autoIncStep(pParse, regAutoinc, regRowid);
+
+    /* Compute data for all columns of the new entry, beginning
+    ** with the first column.
+    */
+    nHidden = 0;
+    for(i=0; i<pTab->nCol; i++){
+      int iRegStore = regRowid+1+i;
+      if( i==pTab->iPKey ){
+        /* The value of the INTEGER PRIMARY KEY column is always a NULL.
+        ** Whenever this column is read, the rowid will be substituted
+        ** in its place.  Hence, fill this column with a NULL to avoid
+        ** taking up data space with information that will never be used.
+        ** As there may be shallow copies of this value, make it a soft-NULL */
+        sqlite3VdbeAddOp1(v, OP_SoftNull, iRegStore);
+        continue;
+      }
+      if( pColumn==0 ){
+        if( IsHiddenColumn(&pTab->aCol[i]) ){
+          j = -1;
+          nHidden++;
+        }else{
+          j = i - nHidden;
+        }
+      }else{
+        for(j=0; j<pColumn->nId; j++){
+          if( pColumn->a[j].idx==i ) break;
+        }
+      }
+      if( j<0 || nColumn==0 || (pColumn && j>=pColumn->nId) ){
+        sqlite3ExprCodeFactorable(pParse, pTab->aCol[i].pDflt, iRegStore);
+      }else if( useTempTable ){
+        sqlite3VdbeAddOp3(v, OP_Column, srcTab, j, iRegStore); 
+      }else if( pSelect ){
+        if( regFromSelect!=regData ){
+          sqlite3VdbeAddOp2(v, OP_SCopy, regFromSelect+j, iRegStore);
+        }
+      }else{
+        sqlite3ExprCode(pParse, pList->a[j].pExpr, iRegStore);
+      }
+    }
+
+    /* Generate code to check constraints and generate index keys and
+    ** do the insertion.
+    */
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    if( IsVirtual(pTab) ){
+      const char *pVTab = (const char *)sqlite3GetVTable(db, pTab);
+      sqlite3VtabMakeWritable(pParse, pTab);
+      sqlite3VdbeAddOp4(v, OP_VUpdate, 1, pTab->nCol+2, regIns, pVTab, P4_VTAB);
+      sqlite3VdbeChangeP5(v, onError==OE_Default ? OE_Abort : onError);
+      sqlite3MayAbort(pParse);
+    }else
+#endif
+    {
+      int isReplace;    /* Set to true if constraints may cause a replace */
+      sqlite3GenerateConstraintChecks(pParse, pTab, aRegIdx, iDataCur, iIdxCur,
+          regIns, 0, ipkColumn>=0, onError, endOfLoop, &isReplace
+      );
+      sqlite3FkCheck(pParse, pTab, 0, regIns, 0, 0);
+      sqlite3CompleteInsertion(pParse, pTab, iDataCur, iIdxCur,
+                               regIns, aRegIdx, 0, appendFlag, isReplace==0);
+    }
+  }
+
+  /* Update the count of rows that are inserted
+  */
+  if( (db->flags & SQLITE_CountRows)!=0 ){
+    sqlite3VdbeAddOp2(v, OP_AddImm, regRowCount, 1);
+  }
+
+  if( pTrigger ){
+    /* Code AFTER triggers */
+    sqlite3CodeRowTrigger(pParse, pTrigger, TK_INSERT, 0, TRIGGER_AFTER, 
+        pTab, regData-2-pTab->nCol, onError, endOfLoop);
+  }
+
+  /* The bottom of the main insertion loop, if the data source
+  ** is a SELECT statement.
+  */
+  sqlite3VdbeResolveLabel(v, endOfLoop);
+  if( useTempTable ){
+    sqlite3VdbeAddOp2(v, OP_Next, srcTab, addrCont); VdbeCoverage(v);
+    sqlite3VdbeJumpHere(v, addrInsTop);
+    sqlite3VdbeAddOp1(v, OP_Close, srcTab);
+  }else if( pSelect ){
+    sqlite3VdbeGoto(v, addrCont);
+    sqlite3VdbeJumpHere(v, addrInsTop);
+  }
+
+  if( !IsVirtual(pTab) && !isView ){
+    /* Close all tables opened */
+    if( iDataCur<iIdxCur ) sqlite3VdbeAddOp1(v, OP_Close, iDataCur);
+    for(idx=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, idx++){
+      sqlite3VdbeAddOp1(v, OP_Close, idx+iIdxCur);
+    }
+  }
+
+insert_end:
+  /* Update the sqlite_sequence table by storing the content of the
+  ** maximum rowid counter values recorded while inserting into
+  ** autoincrement tables.
+  */
+  if( pParse->nested==0 && pParse->pTriggerTab==0 ){
+    sqlite3AutoincrementEnd(pParse);
+  }
+
+  /*
+  ** Return the number of rows inserted. If this routine is 
+  ** generating code because of a call to sqlite3NestedParse(), do not
+  ** invoke the callback function.
+  */
+  if( (db->flags&SQLITE_CountRows) && !pParse->nested && !pParse->pTriggerTab ){
+    sqlite3VdbeAddOp2(v, OP_ResultRow, regRowCount, 1);
+    sqlite3VdbeSetNumCols(v, 1);
+    sqlite3VdbeSetColName(v, 0, COLNAME_NAME, "rows inserted", SQLITE_STATIC);
+  }
+
+insert_cleanup:
+  sqlite3SrcListDelete(db, pTabList);
+  sqlite3ExprListDelete(db, pList);
+  sqlite3SelectDelete(db, pSelect);
+  sqlite3IdListDelete(db, pColumn);
+  sqlite3DbFree(db, aRegIdx);
+}
+
+/* Make sure "isView" and other macros defined above are undefined. Otherwise
+** they may interfere with compilation of other functions in this file
+** (or in another file, if this file becomes part of the amalgamation).  */
+#ifdef isView
+ #undef isView
+#endif
+#ifdef pTrigger
+ #undef pTrigger
+#endif
+#ifdef tmask
+ #undef tmask
+#endif
+
+/*
+** Generate code to do constraint checks prior to an INSERT or an UPDATE
+** on table pTab.
+**
+** The regNewData parameter is the first register in a range that contains
+** the data to be inserted or the data after the update.  There will be
+** pTab->nCol+1 registers in this range.  The first register (the one
+** that regNewData points to) will contain the new rowid, or NULL in the
+** case of a WITHOUT ROWID table.  The second register in the range will
+** contain the content of the first table column.  The third register will
+** contain the content of the second table column.  And so forth.
+**
+** The regOldData parameter is similar to regNewData except that it contains
+** the data prior to an UPDATE rather than afterwards.  regOldData is zero
+** for an INSERT.  This routine can distinguish between UPDATE and INSERT by
+** checking regOldData for zero.
+**
+** For an UPDATE, the pkChng boolean is true if the true primary key (the
+** rowid for a normal table or the PRIMARY KEY for a WITHOUT ROWID table)
+** might be modified by the UPDATE.  If pkChng is false, then the key of
+** the iDataCur content table is guaranteed to be unchanged by the UPDATE.
+**
+** For an INSERT, the pkChng boolean indicates whether or not the rowid
+** was explicitly specified as part of the INSERT statement.  If pkChng
+** is zero, it means that the either rowid is computed automatically or
+** that the table is a WITHOUT ROWID table and has no rowid.  On an INSERT,
+** pkChng will only be true if the INSERT statement provides an integer
+** value for either the rowid column or its INTEGER PRIMARY KEY alias.
+**
+** The code generated by this routine will store new index entries into
+** registers identified by aRegIdx[].  No index entry is created for
+** indices where aRegIdx[i]==0.  The order of indices in aRegIdx[] is
+** the same as the order of indices on the linked list of indices
+** at pTab->pIndex.
+**
+** The caller must have already opened writeable cursors on the main
+** table and all applicable indices (that is to say, all indices for which
+** aRegIdx[] is not zero).  iDataCur is the cursor for the main table when
+** inserting or updating a rowid table, or the cursor for the PRIMARY KEY
+** index when operating on a WITHOUT ROWID table.  iIdxCur is the cursor
+** for the first index in the pTab->pIndex list.  Cursors for other indices
+** are at iIdxCur+N for the N-th element of the pTab->pIndex list.
+**
+** This routine also generates code to check constraints.  NOT NULL,
+** CHECK, and UNIQUE constraints are all checked.  If a constraint fails,
+** then the appropriate action is performed.  There are five possible
+** actions: ROLLBACK, ABORT, FAIL, REPLACE, and IGNORE.
+**
+**  Constraint type  Action       What Happens
+**  ---------------  ----------   ----------------------------------------
+**  any              ROLLBACK     The current transaction is rolled back and
+**                                sqlite3_step() returns immediately with a
+**                                return code of SQLITE_CONSTRAINT.
+**
+**  any              ABORT        Back out changes from the current command
+**                                only (do not do a complete rollback) then
+**                                cause sqlite3_step() to return immediately
+**                                with SQLITE_CONSTRAINT.
+**
+**  any              FAIL         Sqlite3_step() returns immediately with a
+**                                return code of SQLITE_CONSTRAINT.  The
+**                                transaction is not rolled back and any
+**                                changes to prior rows are retained.
+**
+**  any              IGNORE       The attempt in insert or update the current
+**                                row is skipped, without throwing an error.
+**                                Processing continues with the next row.
+**                                (There is an immediate jump to ignoreDest.)
+**
+**  NOT NULL         REPLACE      The NULL value is replace by the default
+**                                value for that column.  If the default value
+**                                is NULL, the action is the same as ABORT.
+**
+**  UNIQUE           REPLACE      The other row that conflicts with the row
+**                                being inserted is removed.
+**
+**  CHECK            REPLACE      Illegal.  The results in an exception.
+**
+** Which action to take is determined by the overrideError parameter.
+** Or if overrideError==OE_Default, then the pParse->onError parameter
+** is used.  Or if pParse->onError==OE_Default then the onError value
+** for the constraint is used.
+*/
+SQLITE_PRIVATE void sqlite3GenerateConstraintChecks(
+  Parse *pParse,       /* The parser context */
+  Table *pTab,         /* The table being inserted or updated */
+  int *aRegIdx,        /* Use register aRegIdx[i] for index i.  0 for unused */
+  int iDataCur,        /* Canonical data cursor (main table or PK index) */
+  int iIdxCur,         /* First index cursor */
+  int regNewData,      /* First register in a range holding values to insert */
+  int regOldData,      /* Previous content.  0 for INSERTs */
+  u8 pkChng,           /* Non-zero if the rowid or PRIMARY KEY changed */
+  u8 overrideError,    /* Override onError to this if not OE_Default */
+  int ignoreDest,      /* Jump to this label on an OE_Ignore resolution */
+  int *pbMayReplace    /* OUT: Set to true if constraint may cause a replace */
+){
+  Vdbe *v;             /* VDBE under constrution */
+  Index *pIdx;         /* Pointer to one of the indices */
+  Index *pPk = 0;      /* The PRIMARY KEY index */
+  sqlite3 *db;         /* Database connection */
+  int i;               /* loop counter */
+  int ix;              /* Index loop counter */
+  int nCol;            /* Number of columns */
+  int onError;         /* Conflict resolution strategy */
+  int addr1;           /* Address of jump instruction */
+  int seenReplace = 0; /* True if REPLACE is used to resolve INT PK conflict */
+  int nPkField;        /* Number of fields in PRIMARY KEY. 1 for ROWID tables */
+  int ipkTop = 0;      /* Top of the rowid change constraint check */
+  int ipkBottom = 0;   /* Bottom of the rowid change constraint check */
+  u8 isUpdate;         /* True if this is an UPDATE operation */
+  u8 bAffinityDone = 0;  /* True if the OP_Affinity operation has been run */
+  int regRowid = -1;   /* Register holding ROWID value */
+
+  isUpdate = regOldData!=0;
+  db = pParse->db;
+  v = sqlite3GetVdbe(pParse);
+  assert( v!=0 );
+  assert( pTab->pSelect==0 );  /* This table is not a VIEW */
+  nCol = pTab->nCol;
+  
+  /* pPk is the PRIMARY KEY index for WITHOUT ROWID tables and NULL for
+  ** normal rowid tables.  nPkField is the number of key fields in the 
+  ** pPk index or 1 for a rowid table.  In other words, nPkField is the
+  ** number of fields in the true primary key of the table. */
+  if( HasRowid(pTab) ){
+    pPk = 0;
+    nPkField = 1;
+  }else{
+    pPk = sqlite3PrimaryKeyIndex(pTab);
+    nPkField = pPk->nKeyCol;
+  }
+
+  /* Record that this module has started */
+  VdbeModuleComment((v, "BEGIN: GenCnstCks(%d,%d,%d,%d,%d)",
+                     iDataCur, iIdxCur, regNewData, regOldData, pkChng));
+
+  /* Test all NOT NULL constraints.
+  */
+  for(i=0; i<nCol; i++){
+    if( i==pTab->iPKey ){
+      continue;
+    }
+    onError = pTab->aCol[i].notNull;
+    if( onError==OE_None ) continue;
+    if( overrideError!=OE_Default ){
+      onError = overrideError;
+    }else if( onError==OE_Default ){
+      onError = OE_Abort;
+    }
+    if( onError==OE_Replace && pTab->aCol[i].pDflt==0 ){
+      onError = OE_Abort;
+    }
+    assert( onError==OE_Rollback || onError==OE_Abort || onError==OE_Fail
+        || onError==OE_Ignore || onError==OE_Replace );
+    switch( onError ){
+      case OE_Abort:
+        sqlite3MayAbort(pParse);
+        /* Fall through */
+      case OE_Rollback:
+      case OE_Fail: {
+        char *zMsg = sqlite3MPrintf(db, "%s.%s", pTab->zName,
+                                    pTab->aCol[i].zName);
+        sqlite3VdbeAddOp4(v, OP_HaltIfNull, SQLITE_CONSTRAINT_NOTNULL, onError,
+                          regNewData+1+i, zMsg, P4_DYNAMIC);
+        sqlite3VdbeChangeP5(v, P5_ConstraintNotNull);
+        VdbeCoverage(v);
+        break;
+      }
+      case OE_Ignore: {
+        sqlite3VdbeAddOp2(v, OP_IsNull, regNewData+1+i, ignoreDest);
+        VdbeCoverage(v);
+        break;
+      }
+      default: {
+        assert( onError==OE_Replace );
+        addr1 = sqlite3VdbeAddOp1(v, OP_NotNull, regNewData+1+i);
+           VdbeCoverage(v);
+        sqlite3ExprCode(pParse, pTab->aCol[i].pDflt, regNewData+1+i);
+        sqlite3VdbeJumpHere(v, addr1);
+        break;
+      }
+    }
+  }
+
+  /* Test all CHECK constraints
+  */
+#ifndef SQLITE_OMIT_CHECK
+  if( pTab->pCheck && (db->flags & SQLITE_IgnoreChecks)==0 ){
+    ExprList *pCheck = pTab->pCheck;
+    pParse->ckBase = regNewData+1;
+    onError = overrideError!=OE_Default ? overrideError : OE_Abort;
+    for(i=0; i<pCheck->nExpr; i++){
+      int allOk = sqlite3VdbeMakeLabel(v);
+      sqlite3ExprIfTrue(pParse, pCheck->a[i].pExpr, allOk, SQLITE_JUMPIFNULL);
+      if( onError==OE_Ignore ){
+        sqlite3VdbeGoto(v, ignoreDest);
+      }else{
+        char *zName = pCheck->a[i].zName;
+        if( zName==0 ) zName = pTab->zName;
+        if( onError==OE_Replace ) onError = OE_Abort; /* IMP: R-15569-63625 */
+        sqlite3HaltConstraint(pParse, SQLITE_CONSTRAINT_CHECK,
+                              onError, zName, P4_TRANSIENT,
+                              P5_ConstraintCheck);
+      }
+      sqlite3VdbeResolveLabel(v, allOk);
+    }
+  }
+#endif /* !defined(SQLITE_OMIT_CHECK) */
+
+  /* If rowid is changing, make sure the new rowid does not previously
+  ** exist in the table.
+  */
+  if( pkChng && pPk==0 ){
+    int addrRowidOk = sqlite3VdbeMakeLabel(v);
+
+    /* Figure out what action to take in case of a rowid collision */
+    onError = pTab->keyConf;
+    if( overrideError!=OE_Default ){
+      onError = overrideError;
+    }else if( onError==OE_Default ){
+      onError = OE_Abort;
+    }
+
+    if( isUpdate ){
+      /* pkChng!=0 does not mean that the rowid has change, only that
+      ** it might have changed.  Skip the conflict logic below if the rowid
+      ** is unchanged. */
+      sqlite3VdbeAddOp3(v, OP_Eq, regNewData, addrRowidOk, regOldData);
+      sqlite3VdbeChangeP5(v, SQLITE_NOTNULL);
+      VdbeCoverage(v);
+    }
+
+    /* If the response to a rowid conflict is REPLACE but the response
+    ** to some other UNIQUE constraint is FAIL or IGNORE, then we need
+    ** to defer the running of the rowid conflict checking until after
+    ** the UNIQUE constraints have run.
+    */
+    if( onError==OE_Replace && overrideError!=OE_Replace ){
+      for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+        if( pIdx->onError==OE_Ignore || pIdx->onError==OE_Fail ){
+          ipkTop = sqlite3VdbeAddOp0(v, OP_Goto);
+          break;
+        }
+      }
+    }
+
+    /* Check to see if the new rowid already exists in the table.  Skip
+    ** the following conflict logic if it does not. */
+    sqlite3VdbeAddOp3(v, OP_NotExists, iDataCur, addrRowidOk, regNewData);
+    VdbeCoverage(v);
+
+    /* Generate code that deals with a rowid collision */
+    switch( onError ){
+      default: {
+        onError = OE_Abort;
+        /* Fall thru into the next case */
+      }
+      case OE_Rollback:
+      case OE_Abort:
+      case OE_Fail: {
+        sqlite3RowidConstraint(pParse, onError, pTab);
+        break;
+      }
+      case OE_Replace: {
+        /* If there are DELETE triggers on this table and the
+        ** recursive-triggers flag is set, call GenerateRowDelete() to
+        ** remove the conflicting row from the table. This will fire
+        ** the triggers and remove both the table and index b-tree entries.
+        **
+        ** Otherwise, if there are no triggers or the recursive-triggers
+        ** flag is not set, but the table has one or more indexes, call 
+        ** GenerateRowIndexDelete(). This removes the index b-tree entries 
+        ** only. The table b-tree entry will be replaced by the new entry 
+        ** when it is inserted.  
+        **
+        ** If either GenerateRowDelete() or GenerateRowIndexDelete() is called,
+        ** also invoke MultiWrite() to indicate that this VDBE may require
+        ** statement rollback (if the statement is aborted after the delete
+        ** takes place). Earlier versions called sqlite3MultiWrite() regardless,
+        ** but being more selective here allows statements like:
+        **
+        **   REPLACE INTO t(rowid) VALUES($newrowid)
+        **
+        ** to run without a statement journal if there are no indexes on the
+        ** table.
+        */
+        Trigger *pTrigger = 0;
+        if( db->flags&SQLITE_RecTriggers ){
+          pTrigger = sqlite3TriggersExist(pParse, pTab, TK_DELETE, 0, 0);
+        }
+        if( pTrigger || sqlite3FkRequired(pParse, pTab, 0, 0) ){
+          sqlite3MultiWrite(pParse);
+          sqlite3GenerateRowDelete(pParse, pTab, pTrigger, iDataCur, iIdxCur,
+                                   regNewData, 1, 0, OE_Replace,
+                                   ONEPASS_SINGLE, -1);
+        }else{
+          if( pTab->pIndex ){
+            sqlite3MultiWrite(pParse);
+            sqlite3GenerateRowIndexDelete(pParse, pTab, iDataCur, iIdxCur,0,-1);
+          }
+        }
+        seenReplace = 1;
+        break;
+      }
+      case OE_Ignore: {
+        /*assert( seenReplace==0 );*/
+        sqlite3VdbeGoto(v, ignoreDest);
+        break;
+      }
+    }
+    sqlite3VdbeResolveLabel(v, addrRowidOk);
+    if( ipkTop ){
+      ipkBottom = sqlite3VdbeAddOp0(v, OP_Goto);
+      sqlite3VdbeJumpHere(v, ipkTop);
+    }
+  }
+
+  /* Test all UNIQUE constraints by creating entries for each UNIQUE
+  ** index and making sure that duplicate entries do not already exist.
+  ** Compute the revised record entries for indices as we go.
+  **
+  ** This loop also handles the case of the PRIMARY KEY index for a
+  ** WITHOUT ROWID table.
+  */
+  for(ix=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, ix++){
+    int regIdx;          /* Range of registers hold conent for pIdx */
+    int regR;            /* Range of registers holding conflicting PK */
+    int iThisCur;        /* Cursor for this UNIQUE index */
+    int addrUniqueOk;    /* Jump here if the UNIQUE constraint is satisfied */
+
+    if( aRegIdx[ix]==0 ) continue;  /* Skip indices that do not change */
+    if( bAffinityDone==0 ){
+      sqlite3TableAffinity(v, pTab, regNewData+1);
+      bAffinityDone = 1;
+    }
+    iThisCur = iIdxCur+ix;
+    addrUniqueOk = sqlite3VdbeMakeLabel(v);
+
+    /* Skip partial indices for which the WHERE clause is not true */
+    if( pIdx->pPartIdxWhere ){
+      sqlite3VdbeAddOp2(v, OP_Null, 0, aRegIdx[ix]);
+      pParse->ckBase = regNewData+1;
+      sqlite3ExprIfFalseDup(pParse, pIdx->pPartIdxWhere, addrUniqueOk,
+                            SQLITE_JUMPIFNULL);
+      pParse->ckBase = 0;
+    }
+
+    /* Create a record for this index entry as it should appear after
+    ** the insert or update.  Store that record in the aRegIdx[ix] register
+    */
+    regIdx = sqlite3GetTempRange(pParse, pIdx->nColumn);
+    for(i=0; i<pIdx->nColumn; i++){
+      int iField = pIdx->aiColumn[i];
+      int x;
+      if( iField==XN_EXPR ){
+        pParse->ckBase = regNewData+1;
+        sqlite3ExprCodeCopy(pParse, pIdx->aColExpr->a[i].pExpr, regIdx+i);
+        pParse->ckBase = 0;
+        VdbeComment((v, "%s column %d", pIdx->zName, i));
+      }else{
+        if( iField==XN_ROWID || iField==pTab->iPKey ){
+          if( regRowid==regIdx+i ) continue; /* ROWID already in regIdx+i */
+          x = regNewData;
+          regRowid =  pIdx->pPartIdxWhere ? -1 : regIdx+i;
+        }else{
+          x = iField + regNewData + 1;
+        }
+        sqlite3VdbeAddOp2(v, iField<0 ? OP_IntCopy : OP_SCopy, x, regIdx+i);
+        VdbeComment((v, "%s", iField<0 ? "rowid" : pTab->aCol[iField].zName));
+      }
+    }
+    sqlite3VdbeAddOp3(v, OP_MakeRecord, regIdx, pIdx->nColumn, aRegIdx[ix]);
+    VdbeComment((v, "for %s", pIdx->zName));
+    sqlite3ExprCacheAffinityChange(pParse, regIdx, pIdx->nColumn);
+
+    /* In an UPDATE operation, if this index is the PRIMARY KEY index 
+    ** of a WITHOUT ROWID table and there has been no change the
+    ** primary key, then no collision is possible.  The collision detection
+    ** logic below can all be skipped. */
+    if( isUpdate && pPk==pIdx && pkChng==0 ){
+      sqlite3VdbeResolveLabel(v, addrUniqueOk);
+      continue;
+    }
+
+    /* Find out what action to take in case there is a uniqueness conflict */
+    onError = pIdx->onError;
+    if( onError==OE_None ){ 
+      sqlite3ReleaseTempRange(pParse, regIdx, pIdx->nColumn);
+      sqlite3VdbeResolveLabel(v, addrUniqueOk);
+      continue;  /* pIdx is not a UNIQUE index */
+    }
+    if( overrideError!=OE_Default ){
+      onError = overrideError;
+    }else if( onError==OE_Default ){
+      onError = OE_Abort;
+    }
+    
+    /* Check to see if the new index entry will be unique */
+    sqlite3VdbeAddOp4Int(v, OP_NoConflict, iThisCur, addrUniqueOk,
+                         regIdx, pIdx->nKeyCol); VdbeCoverage(v);
+
+    /* Generate code to handle collisions */
+    regR = (pIdx==pPk) ? regIdx : sqlite3GetTempRange(pParse, nPkField);
+    if( isUpdate || onError==OE_Replace ){
+      if( HasRowid(pTab) ){
+        sqlite3VdbeAddOp2(v, OP_IdxRowid, iThisCur, regR);
+        /* Conflict only if the rowid of the existing index entry
+        ** is different from old-rowid */
+        if( isUpdate ){
+          sqlite3VdbeAddOp3(v, OP_Eq, regR, addrUniqueOk, regOldData);
+          sqlite3VdbeChangeP5(v, SQLITE_NOTNULL);
+          VdbeCoverage(v);
+        }
+      }else{
+        int x;
+        /* Extract the PRIMARY KEY from the end of the index entry and
+        ** store it in registers regR..regR+nPk-1 */
+        if( pIdx!=pPk ){
+          for(i=0; i<pPk->nKeyCol; i++){
+            assert( pPk->aiColumn[i]>=0 );
+            x = sqlite3ColumnOfIndex(pIdx, pPk->aiColumn[i]);
+            sqlite3VdbeAddOp3(v, OP_Column, iThisCur, x, regR+i);
+            VdbeComment((v, "%s.%s", pTab->zName,
+                         pTab->aCol[pPk->aiColumn[i]].zName));
+          }
+        }
+        if( isUpdate ){
+          /* If currently processing the PRIMARY KEY of a WITHOUT ROWID 
+          ** table, only conflict if the new PRIMARY KEY values are actually
+          ** different from the old.
+          **
+          ** For a UNIQUE index, only conflict if the PRIMARY KEY values
+          ** of the matched index row are different from the original PRIMARY
+          ** KEY values of this row before the update.  */
+          int addrJump = sqlite3VdbeCurrentAddr(v)+pPk->nKeyCol;
+          int op = OP_Ne;
+          int regCmp = (IsPrimaryKeyIndex(pIdx) ? regIdx : regR);
+  
+          for(i=0; i<pPk->nKeyCol; i++){
+            char *p4 = (char*)sqlite3LocateCollSeq(pParse, pPk->azColl[i]);
+            x = pPk->aiColumn[i];
+            assert( x>=0 );
+            if( i==(pPk->nKeyCol-1) ){
+              addrJump = addrUniqueOk;
+              op = OP_Eq;
+            }
+            sqlite3VdbeAddOp4(v, op, 
+                regOldData+1+x, addrJump, regCmp+i, p4, P4_COLLSEQ
+            );
+            sqlite3VdbeChangeP5(v, SQLITE_NOTNULL);
+            VdbeCoverageIf(v, op==OP_Eq);
+            VdbeCoverageIf(v, op==OP_Ne);
+          }
+        }
+      }
+    }
+
+    /* Generate code that executes if the new index entry is not unique */
+    assert( onError==OE_Rollback || onError==OE_Abort || onError==OE_Fail
+        || onError==OE_Ignore || onError==OE_Replace );
+    switch( onError ){
+      case OE_Rollback:
+      case OE_Abort:
+      case OE_Fail: {
+        sqlite3UniqueConstraint(pParse, onError, pIdx);
+        break;
+      }
+      case OE_Ignore: {
+        sqlite3VdbeGoto(v, ignoreDest);
+        break;
+      }
+      default: {
+        Trigger *pTrigger = 0;
+        assert( onError==OE_Replace );
+        sqlite3MultiWrite(pParse);
+        if( db->flags&SQLITE_RecTriggers ){
+          pTrigger = sqlite3TriggersExist(pParse, pTab, TK_DELETE, 0, 0);
+        }
+        sqlite3GenerateRowDelete(pParse, pTab, pTrigger, iDataCur, iIdxCur,
+            regR, nPkField, 0, OE_Replace,
+            (pIdx==pPk ? ONEPASS_SINGLE : ONEPASS_OFF), -1);
+        seenReplace = 1;
+        break;
+      }
+    }
+    sqlite3VdbeResolveLabel(v, addrUniqueOk);
+    sqlite3ReleaseTempRange(pParse, regIdx, pIdx->nColumn);
+    if( regR!=regIdx ) sqlite3ReleaseTempRange(pParse, regR, nPkField);
+  }
+  if( ipkTop ){
+    sqlite3VdbeGoto(v, ipkTop+1);
+    sqlite3VdbeJumpHere(v, ipkBottom);
+  }
+  
+  *pbMayReplace = seenReplace;
+  VdbeModuleComment((v, "END: GenCnstCks(%d)", seenReplace));
+}
+
+/*
+** This routine generates code to finish the INSERT or UPDATE operation
+** that was started by a prior call to sqlite3GenerateConstraintChecks.
+** A consecutive range of registers starting at regNewData contains the
+** rowid and the content to be inserted.
+**
+** The arguments to this routine should be the same as the first six
+** arguments to sqlite3GenerateConstraintChecks.
+*/
+SQLITE_PRIVATE void sqlite3CompleteInsertion(
+  Parse *pParse,      /* The parser context */
+  Table *pTab,        /* the table into which we are inserting */
+  int iDataCur,       /* Cursor of the canonical data source */
+  int iIdxCur,        /* First index cursor */
+  int regNewData,     /* Range of content */
+  int *aRegIdx,       /* Register used by each index.  0 for unused indices */
+  int isUpdate,       /* True for UPDATE, False for INSERT */
+  int appendBias,     /* True if this is likely to be an append */
+  int useSeekResult   /* True to set the USESEEKRESULT flag on OP_[Idx]Insert */
+){
+  Vdbe *v;            /* Prepared statements under construction */
+  Index *pIdx;        /* An index being inserted or updated */
+  u8 pik_flags;       /* flag values passed to the btree insert */
+  int regData;        /* Content registers (after the rowid) */
+  int regRec;         /* Register holding assembled record for the table */
+  int i;              /* Loop counter */
+  u8 bAffinityDone = 0; /* True if OP_Affinity has been run already */
+
+  v = sqlite3GetVdbe(pParse);
+  assert( v!=0 );
+  assert( pTab->pSelect==0 );  /* This table is not a VIEW */
+  for(i=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, i++){
+    if( aRegIdx[i]==0 ) continue;
+    bAffinityDone = 1;
+    if( pIdx->pPartIdxWhere ){
+      sqlite3VdbeAddOp2(v, OP_IsNull, aRegIdx[i], sqlite3VdbeCurrentAddr(v)+2);
+      VdbeCoverage(v);
+    }
+    sqlite3VdbeAddOp2(v, OP_IdxInsert, iIdxCur+i, aRegIdx[i]);
+    pik_flags = 0;
+    if( useSeekResult ) pik_flags = OPFLAG_USESEEKRESULT;
+    if( IsPrimaryKeyIndex(pIdx) && !HasRowid(pTab) ){
+      assert( pParse->nested==0 );
+      pik_flags |= OPFLAG_NCHANGE;
+    }
+    if( pik_flags )  sqlite3VdbeChangeP5(v, pik_flags);
+  }
+  if( !HasRowid(pTab) ) return;
+  regData = regNewData + 1;
+  regRec = sqlite3GetTempReg(pParse);
+  sqlite3VdbeAddOp3(v, OP_MakeRecord, regData, pTab->nCol, regRec);
+  if( !bAffinityDone ) sqlite3TableAffinity(v, pTab, 0);
+  sqlite3ExprCacheAffinityChange(pParse, regData, pTab->nCol);
+  if( pParse->nested ){
+    pik_flags = 0;
+  }else{
+    pik_flags = OPFLAG_NCHANGE;
+    pik_flags |= (isUpdate?OPFLAG_ISUPDATE:OPFLAG_LASTROWID);
+  }
+  if( appendBias ){
+    pik_flags |= OPFLAG_APPEND;
+  }
+  if( useSeekResult ){
+    pik_flags |= OPFLAG_USESEEKRESULT;
+  }
+  sqlite3VdbeAddOp3(v, OP_Insert, iDataCur, regRec, regNewData);
+  if( !pParse->nested ){
+    sqlite3VdbeChangeP4(v, -1, pTab->zName, P4_TRANSIENT);
+  }
+  sqlite3VdbeChangeP5(v, pik_flags);
+}
+
+/*
+** Allocate cursors for the pTab table and all its indices and generate
+** code to open and initialized those cursors.
+**
+** The cursor for the object that contains the complete data (normally
+** the table itself, but the PRIMARY KEY index in the case of a WITHOUT
+** ROWID table) is returned in *piDataCur.  The first index cursor is
+** returned in *piIdxCur.  The number of indices is returned.
+**
+** Use iBase as the first cursor (either the *piDataCur for rowid tables
+** or the first index for WITHOUT ROWID tables) if it is non-negative.
+** If iBase is negative, then allocate the next available cursor.
+**
+** For a rowid table, *piDataCur will be exactly one less than *piIdxCur.
+** For a WITHOUT ROWID table, *piDataCur will be somewhere in the range
+** of *piIdxCurs, depending on where the PRIMARY KEY index appears on the
+** pTab->pIndex list.
+**
+** If pTab is a virtual table, then this routine is a no-op and the
+** *piDataCur and *piIdxCur values are left uninitialized.
+*/
+SQLITE_PRIVATE int sqlite3OpenTableAndIndices(
+  Parse *pParse,   /* Parsing context */
+  Table *pTab,     /* Table to be opened */
+  int op,          /* OP_OpenRead or OP_OpenWrite */
+  u8 p5,           /* P5 value for OP_Open* instructions */
+  int iBase,       /* Use this for the table cursor, if there is one */
+  u8 *aToOpen,     /* If not NULL: boolean for each table and index */
+  int *piDataCur,  /* Write the database source cursor number here */
+  int *piIdxCur    /* Write the first index cursor number here */
+){
+  int i;
+  int iDb;
+  int iDataCur;
+  Index *pIdx;
+  Vdbe *v;
+
+  assert( op==OP_OpenRead || op==OP_OpenWrite );
+  assert( op==OP_OpenWrite || p5==0 );
+  if( IsVirtual(pTab) ){
+    /* This routine is a no-op for virtual tables. Leave the output
+    ** variables *piDataCur and *piIdxCur uninitialized so that valgrind
+    ** can detect if they are used by mistake in the caller. */
+    return 0;
+  }
+  iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+  v = sqlite3GetVdbe(pParse);
+  assert( v!=0 );
+  if( iBase<0 ) iBase = pParse->nTab;
+  iDataCur = iBase++;
+  if( piDataCur ) *piDataCur = iDataCur;
+  if( HasRowid(pTab) && (aToOpen==0 || aToOpen[0]) ){
+    sqlite3OpenTable(pParse, iDataCur, iDb, pTab, op);
+  }else{
+    sqlite3TableLock(pParse, iDb, pTab->tnum, op==OP_OpenWrite, pTab->zName);
+  }
+  if( piIdxCur ) *piIdxCur = iBase;
+  for(i=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, i++){
+    int iIdxCur = iBase++;
+    assert( pIdx->pSchema==pTab->pSchema );
+    if( IsPrimaryKeyIndex(pIdx) && !HasRowid(pTab) && piDataCur ){
+      *piDataCur = iIdxCur;
+    }
+    if( aToOpen==0 || aToOpen[i+1] ){
+      sqlite3VdbeAddOp3(v, op, iIdxCur, pIdx->tnum, iDb);
+      sqlite3VdbeSetP4KeyInfo(pParse, pIdx);
+      sqlite3VdbeChangeP5(v, p5);
+      VdbeComment((v, "%s", pIdx->zName));
+    }
+  }
+  if( iBase>pParse->nTab ) pParse->nTab = iBase;
+  return i;
+}
+
+
+#ifdef SQLITE_TEST
+/*
+** The following global variable is incremented whenever the
+** transfer optimization is used.  This is used for testing
+** purposes only - to make sure the transfer optimization really
+** is happening when it is supposed to.
+*/
+SQLITE_API int sqlite3_xferopt_count;
+#endif /* SQLITE_TEST */
+
+
+#ifndef SQLITE_OMIT_XFER_OPT
+/*
+** Check to see if index pSrc is compatible as a source of data
+** for index pDest in an insert transfer optimization.  The rules
+** for a compatible index:
+**
+**    *   The index is over the same set of columns
+**    *   The same DESC and ASC markings occurs on all columns
+**    *   The same onError processing (OE_Abort, OE_Ignore, etc)
+**    *   The same collating sequence on each column
+**    *   The index has the exact same WHERE clause
+*/
+static int xferCompatibleIndex(Index *pDest, Index *pSrc){
+  int i;
+  assert( pDest && pSrc );
+  assert( pDest->pTable!=pSrc->pTable );
+  if( pDest->nKeyCol!=pSrc->nKeyCol ){
+    return 0;   /* Different number of columns */
+  }
+  if( pDest->onError!=pSrc->onError ){
+    return 0;   /* Different conflict resolution strategies */
+  }
+  for(i=0; i<pSrc->nKeyCol; i++){
+    if( pSrc->aiColumn[i]!=pDest->aiColumn[i] ){
+      return 0;   /* Different columns indexed */
+    }
+    if( pSrc->aiColumn[i]==XN_EXPR ){
+      assert( pSrc->aColExpr!=0 && pDest->aColExpr!=0 );
+      if( sqlite3ExprCompare(pSrc->aColExpr->a[i].pExpr,
+                             pDest->aColExpr->a[i].pExpr, -1)!=0 ){
+        return 0;   /* Different expressions in the index */
+      }
+    }
+    if( pSrc->aSortOrder[i]!=pDest->aSortOrder[i] ){
+      return 0;   /* Different sort orders */
+    }
+    if( sqlite3_stricmp(pSrc->azColl[i],pDest->azColl[i])!=0 ){
+      return 0;   /* Different collating sequences */
+    }
+  }
+  if( sqlite3ExprCompare(pSrc->pPartIdxWhere, pDest->pPartIdxWhere, -1) ){
+    return 0;     /* Different WHERE clauses */
+  }
+
+  /* If no test above fails then the indices must be compatible */
+  return 1;
+}
+
+/*
+** Attempt the transfer optimization on INSERTs of the form
+**
+**     INSERT INTO tab1 SELECT * FROM tab2;
+**
+** The xfer optimization transfers raw records from tab2 over to tab1.  
+** Columns are not decoded and reassembled, which greatly improves
+** performance.  Raw index records are transferred in the same way.
+**
+** The xfer optimization is only attempted if tab1 and tab2 are compatible.
+** There are lots of rules for determining compatibility - see comments
+** embedded in the code for details.
+**
+** This routine returns TRUE if the optimization is guaranteed to be used.
+** Sometimes the xfer optimization will only work if the destination table
+** is empty - a factor that can only be determined at run-time.  In that
+** case, this routine generates code for the xfer optimization but also
+** does a test to see if the destination table is empty and jumps over the
+** xfer optimization code if the test fails.  In that case, this routine
+** returns FALSE so that the caller will know to go ahead and generate
+** an unoptimized transfer.  This routine also returns FALSE if there
+** is no chance that the xfer optimization can be applied.
+**
+** This optimization is particularly useful at making VACUUM run faster.
+*/
+static int xferOptimization(
+  Parse *pParse,        /* Parser context */
+  Table *pDest,         /* The table we are inserting into */
+  Select *pSelect,      /* A SELECT statement to use as the data source */
+  int onError,          /* How to handle constraint errors */
+  int iDbDest           /* The database of pDest */
+){
+  sqlite3 *db = pParse->db;
+  ExprList *pEList;                /* The result set of the SELECT */
+  Table *pSrc;                     /* The table in the FROM clause of SELECT */
+  Index *pSrcIdx, *pDestIdx;       /* Source and destination indices */
+  struct SrcList_item *pItem;      /* An element of pSelect->pSrc */
+  int i;                           /* Loop counter */
+  int iDbSrc;                      /* The database of pSrc */
+  int iSrc, iDest;                 /* Cursors from source and destination */
+  int addr1, addr2;                /* Loop addresses */
+  int emptyDestTest = 0;           /* Address of test for empty pDest */
+  int emptySrcTest = 0;            /* Address of test for empty pSrc */
+  Vdbe *v;                         /* The VDBE we are building */
+  int regAutoinc;                  /* Memory register used by AUTOINC */
+  int destHasUniqueIdx = 0;        /* True if pDest has a UNIQUE index */
+  int regData, regRowid;           /* Registers holding data and rowid */
+
+  if( pSelect==0 ){
+    return 0;   /* Must be of the form  INSERT INTO ... SELECT ... */
+  }
+  if( pParse->pWith || pSelect->pWith ){
+    /* Do not attempt to process this query if there are an WITH clauses
+    ** attached to it. Proceeding may generate a false "no such table: xxx"
+    ** error if pSelect reads from a CTE named "xxx".  */
+    return 0;
+  }
+  if( sqlite3TriggerList(pParse, pDest) ){
+    return 0;   /* tab1 must not have triggers */
+  }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( pDest->tabFlags & TF_Virtual ){
+    return 0;   /* tab1 must not be a virtual table */
+  }
+#endif
+  if( onError==OE_Default ){
+    if( pDest->iPKey>=0 ) onError = pDest->keyConf;
+    if( onError==OE_Default ) onError = OE_Abort;
+  }
+  assert(pSelect->pSrc);   /* allocated even if there is no FROM clause */
+  if( pSelect->pSrc->nSrc!=1 ){
+    return 0;   /* FROM clause must have exactly one term */
+  }
+  if( pSelect->pSrc->a[0].pSelect ){
+    return 0;   /* FROM clause cannot contain a subquery */
+  }
+  if( pSelect->pWhere ){
+    return 0;   /* SELECT may not have a WHERE clause */
+  }
+  if( pSelect->pOrderBy ){
+    return 0;   /* SELECT may not have an ORDER BY clause */
+  }
+  /* Do not need to test for a HAVING clause.  If HAVING is present but
+  ** there is no ORDER BY, we will get an error. */
+  if( pSelect->pGroupBy ){
+    return 0;   /* SELECT may not have a GROUP BY clause */
+  }
+  if( pSelect->pLimit ){
+    return 0;   /* SELECT may not have a LIMIT clause */
+  }
+  assert( pSelect->pOffset==0 );  /* Must be so if pLimit==0 */
+  if( pSelect->pPrior ){
+    return 0;   /* SELECT may not be a compound query */
+  }
+  if( pSelect->selFlags & SF_Distinct ){
+    return 0;   /* SELECT may not be DISTINCT */
+  }
+  pEList = pSelect->pEList;
+  assert( pEList!=0 );
+  if( pEList->nExpr!=1 ){
+    return 0;   /* The result set must have exactly one column */
+  }
+  assert( pEList->a[0].pExpr );
+  if( pEList->a[0].pExpr->op!=TK_ASTERISK ){
+    return 0;   /* The result set must be the special operator "*" */
+  }
+
+  /* At this point we have established that the statement is of the
+  ** correct syntactic form to participate in this optimization.  Now
+  ** we have to check the semantics.
+  */
+  pItem = pSelect->pSrc->a;
+  pSrc = sqlite3LocateTableItem(pParse, 0, pItem);
+  if( pSrc==0 ){
+    return 0;   /* FROM clause does not contain a real table */
+  }
+  if( pSrc==pDest ){
+    return 0;   /* tab1 and tab2 may not be the same table */
+  }
+  if( HasRowid(pDest)!=HasRowid(pSrc) ){
+    return 0;   /* source and destination must both be WITHOUT ROWID or not */
+  }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if( pSrc->tabFlags & TF_Virtual ){
+    return 0;   /* tab2 must not be a virtual table */
+  }
+#endif
+  if( pSrc->pSelect ){
+    return 0;   /* tab2 may not be a view */
+  }
+  if( pDest->nCol!=pSrc->nCol ){
+    return 0;   /* Number of columns must be the same in tab1 and tab2 */
+  }
+  if( pDest->iPKey!=pSrc->iPKey ){
+    return 0;   /* Both tables must have the same INTEGER PRIMARY KEY */
+  }
+  for(i=0; i<pDest->nCol; i++){
+    Column *pDestCol = &pDest->aCol[i];
+    Column *pSrcCol = &pSrc->aCol[i];
+#ifdef SQLITE_ENABLE_HIDDEN_COLUMNS
+    if( (db->flags & SQLITE_Vacuum)==0 
+     && (pDestCol->colFlags | pSrcCol->colFlags) & COLFLAG_HIDDEN 
+    ){
+      return 0;    /* Neither table may have __hidden__ columns */
+    }
+#endif
+    if( pDestCol->affinity!=pSrcCol->affinity ){
+      return 0;    /* Affinity must be the same on all columns */
+    }
+    if( sqlite3_stricmp(pDestCol->zColl, pSrcCol->zColl)!=0 ){
+      return 0;    /* Collating sequence must be the same on all columns */
+    }
+    if( pDestCol->notNull && !pSrcCol->notNull ){
+      return 0;    /* tab2 must be NOT NULL if tab1 is */
+    }
+    /* Default values for second and subsequent columns need to match. */
+    if( i>0
+     && ((pDestCol->zDflt==0)!=(pSrcCol->zDflt==0) 
+         || (pDestCol->zDflt && strcmp(pDestCol->zDflt, pSrcCol->zDflt)!=0))
+    ){
+      return 0;    /* Default values must be the same for all columns */
+    }
+  }
+  for(pDestIdx=pDest->pIndex; pDestIdx; pDestIdx=pDestIdx->pNext){
+    if( IsUniqueIndex(pDestIdx) ){
+      destHasUniqueIdx = 1;
+    }
+    for(pSrcIdx=pSrc->pIndex; pSrcIdx; pSrcIdx=pSrcIdx->pNext){
+      if( xferCompatibleIndex(pDestIdx, pSrcIdx) ) break;
+    }
+    if( pSrcIdx==0 ){
+      return 0;    /* pDestIdx has no corresponding index in pSrc */
+    }
+  }
+#ifndef SQLITE_OMIT_CHECK
+  if( pDest->pCheck && sqlite3ExprListCompare(pSrc->pCheck,pDest->pCheck,-1) ){
+    return 0;   /* Tables have different CHECK constraints.  Ticket #2252 */
+  }
+#endif
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+  /* Disallow the transfer optimization if the destination table constains
+  ** any foreign key constraints.  This is more restrictive than necessary.
+  ** But the main beneficiary of the transfer optimization is the VACUUM 
+  ** command, and the VACUUM command disables foreign key constraints.  So
+  ** the extra complication to make this rule less restrictive is probably
+  ** not worth the effort.  Ticket [6284df89debdfa61db8073e062908af0c9b6118e]
+  */
+  if( (db->flags & SQLITE_ForeignKeys)!=0 && pDest->pFKey!=0 ){
+    return 0;
+  }
+#endif
+  if( (db->flags & SQLITE_CountRows)!=0 ){
+    return 0;  /* xfer opt does not play well with PRAGMA count_changes */
+  }
+
+  /* If we get this far, it means that the xfer optimization is at
+  ** least a possibility, though it might only work if the destination
+  ** table (tab1) is initially empty.
+  */
+#ifdef SQLITE_TEST
+  sqlite3_xferopt_count++;
+#endif
+  iDbSrc = sqlite3SchemaToIndex(db, pSrc->pSchema);
+  v = sqlite3GetVdbe(pParse);
+  sqlite3CodeVerifySchema(pParse, iDbSrc);
+  iSrc = pParse->nTab++;
+  iDest = pParse->nTab++;
+  regAutoinc = autoIncBegin(pParse, iDbDest, pDest);
+  regData = sqlite3GetTempReg(pParse);
+  regRowid = sqlite3GetTempReg(pParse);
+  sqlite3OpenTable(pParse, iDest, iDbDest, pDest, OP_OpenWrite);
+  assert( HasRowid(pDest) || destHasUniqueIdx );
+  if( (db->flags & SQLITE_Vacuum)==0 && (
+      (pDest->iPKey<0 && pDest->pIndex!=0)          /* (1) */
+   || destHasUniqueIdx                              /* (2) */
+   || (onError!=OE_Abort && onError!=OE_Rollback)   /* (3) */
+  )){
+    /* In some circumstances, we are able to run the xfer optimization
+    ** only if the destination table is initially empty. Unless the
+    ** SQLITE_Vacuum flag is set, this block generates code to make
+    ** that determination. If SQLITE_Vacuum is set, then the destination
+    ** table is always empty.
+    **
+    ** Conditions under which the destination must be empty:
+    **
+    ** (1) There is no INTEGER PRIMARY KEY but there are indices.
+    **     (If the destination is not initially empty, the rowid fields
+    **     of index entries might need to change.)
+    **
+    ** (2) The destination has a unique index.  (The xfer optimization 
+    **     is unable to test uniqueness.)
+    **
+    ** (3) onError is something other than OE_Abort and OE_Rollback.
+    */
+    addr1 = sqlite3VdbeAddOp2(v, OP_Rewind, iDest, 0); VdbeCoverage(v);
+    emptyDestTest = sqlite3VdbeAddOp0(v, OP_Goto);
+    sqlite3VdbeJumpHere(v, addr1);
+  }
+  if( HasRowid(pSrc) ){
+    sqlite3OpenTable(pParse, iSrc, iDbSrc, pSrc, OP_OpenRead);
+    emptySrcTest = sqlite3VdbeAddOp2(v, OP_Rewind, iSrc, 0); VdbeCoverage(v);
+    if( pDest->iPKey>=0 ){
+      addr1 = sqlite3VdbeAddOp2(v, OP_Rowid, iSrc, regRowid);
+      addr2 = sqlite3VdbeAddOp3(v, OP_NotExists, iDest, 0, regRowid);
+      VdbeCoverage(v);
+      sqlite3RowidConstraint(pParse, onError, pDest);
+      sqlite3VdbeJumpHere(v, addr2);
+      autoIncStep(pParse, regAutoinc, regRowid);
+    }else if( pDest->pIndex==0 ){
+      addr1 = sqlite3VdbeAddOp2(v, OP_NewRowid, iDest, regRowid);
+    }else{
+      addr1 = sqlite3VdbeAddOp2(v, OP_Rowid, iSrc, regRowid);
+      assert( (pDest->tabFlags & TF_Autoincrement)==0 );
+    }
+    sqlite3VdbeAddOp2(v, OP_RowData, iSrc, regData);
+    sqlite3VdbeAddOp3(v, OP_Insert, iDest, regData, regRowid);
+    sqlite3VdbeChangeP5(v, OPFLAG_NCHANGE|OPFLAG_LASTROWID|OPFLAG_APPEND);
+    sqlite3VdbeChangeP4(v, -1, pDest->zName, 0);
+    sqlite3VdbeAddOp2(v, OP_Next, iSrc, addr1); VdbeCoverage(v);
+    sqlite3VdbeAddOp2(v, OP_Close, iSrc, 0);
+    sqlite3VdbeAddOp2(v, OP_Close, iDest, 0);
+  }else{
+    sqlite3TableLock(pParse, iDbDest, pDest->tnum, 1, pDest->zName);
+    sqlite3TableLock(pParse, iDbSrc, pSrc->tnum, 0, pSrc->zName);
+  }
+  for(pDestIdx=pDest->pIndex; pDestIdx; pDestIdx=pDestIdx->pNext){
+    u8 idxInsFlags = 0;
+    for(pSrcIdx=pSrc->pIndex; ALWAYS(pSrcIdx); pSrcIdx=pSrcIdx->pNext){
+      if( xferCompatibleIndex(pDestIdx, pSrcIdx) ) break;
+    }
+    assert( pSrcIdx );
+    sqlite3VdbeAddOp3(v, OP_OpenRead, iSrc, pSrcIdx->tnum, iDbSrc);
+    sqlite3VdbeSetP4KeyInfo(pParse, pSrcIdx);
+    VdbeComment((v, "%s", pSrcIdx->zName));
+    sqlite3VdbeAddOp3(v, OP_OpenWrite, iDest, pDestIdx->tnum, iDbDest);
+    sqlite3VdbeSetP4KeyInfo(pParse, pDestIdx);
+    sqlite3VdbeChangeP5(v, OPFLAG_BULKCSR);
+    VdbeComment((v, "%s", pDestIdx->zName));
+    addr1 = sqlite3VdbeAddOp2(v, OP_Rewind, iSrc, 0); VdbeCoverage(v);
+    sqlite3VdbeAddOp2(v, OP_RowKey, iSrc, regData);
+    if( db->flags & SQLITE_Vacuum ){
+      /* This INSERT command is part of a VACUUM operation, which guarantees
+      ** that the destination table is empty. If all indexed columns use
+      ** collation sequence BINARY, then it can also be assumed that the
+      ** index will be populated by inserting keys in strictly sorted 
+      ** order. In this case, instead of seeking within the b-tree as part
+      ** of every OP_IdxInsert opcode, an OP_Last is added before the
+      ** OP_IdxInsert to seek to the point within the b-tree where each key 
+      ** should be inserted. This is faster.
+      **
+      ** If any of the indexed columns use a collation sequence other than
+      ** BINARY, this optimization is disabled. This is because the user 
+      ** might change the definition of a collation sequence and then run
+      ** a VACUUM command. In that case keys may not be written in strictly
+      ** sorted order.  */
+      for(i=0; i<pSrcIdx->nColumn; i++){
+        const char *zColl = pSrcIdx->azColl[i];
+        assert( sqlite3_stricmp(sqlite3StrBINARY, zColl)!=0
+                    || sqlite3StrBINARY==zColl );
+        if( sqlite3_stricmp(sqlite3StrBINARY, zColl) ) break;
+      }
+      if( i==pSrcIdx->nColumn ){
+        idxInsFlags = OPFLAG_USESEEKRESULT;
+        sqlite3VdbeAddOp3(v, OP_Last, iDest, 0, -1);
+      }
+    }
+    if( !HasRowid(pSrc) && pDestIdx->idxType==2 ){
+      idxInsFlags |= OPFLAG_NCHANGE;
+    }
+    sqlite3VdbeAddOp3(v, OP_IdxInsert, iDest, regData, 1);
+    sqlite3VdbeChangeP5(v, idxInsFlags);
+    sqlite3VdbeAddOp2(v, OP_Next, iSrc, addr1+1); VdbeCoverage(v);
+    sqlite3VdbeJumpHere(v, addr1);
+    sqlite3VdbeAddOp2(v, OP_Close, iSrc, 0);
+    sqlite3VdbeAddOp2(v, OP_Close, iDest, 0);
+  }
+  if( emptySrcTest ) sqlite3VdbeJumpHere(v, emptySrcTest);
+  sqlite3ReleaseTempReg(pParse, regRowid);
+  sqlite3ReleaseTempReg(pParse, regData);
+  if( emptyDestTest ){
+    sqlite3VdbeAddOp2(v, OP_Halt, SQLITE_OK, 0);
+    sqlite3VdbeJumpHere(v, emptyDestTest);
+    sqlite3VdbeAddOp2(v, OP_Close, iDest, 0);
+    return 0;
+  }else{
+    return 1;
+  }
+}
+#endif /* SQLITE_OMIT_XFER_OPT */
+
+/************** End of insert.c **********************************************/
+/************** Begin file legacy.c ******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Main file for the SQLite library.  The routines in this file
+** implement the programmer interface to the library.  Routines in
+** other files are for internal use by SQLite and should not be
+** accessed by users of the library.
+*/
+
+/* #include "sqliteInt.h" */
+
+/*
+** Execute SQL code.  Return one of the SQLITE_ success/failure
+** codes.  Also write an error message into memory obtained from
+** malloc() and make *pzErrMsg point to that message.
+**
+** If the SQL is a query, then for each row in the query result
+** the xCallback() function is called.  pArg becomes the first
+** argument to xCallback().  If xCallback=NULL then no callback
+** is invoked, even for queries.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_exec(
+  sqlite3 *db,                /* The database on which the SQL executes */
+  const char *zSql,           /* The SQL to be executed */
+  sqlite3_callback xCallback, /* Invoke this callback routine */
+  void *pArg,                 /* First argument to xCallback() */
+  char **pzErrMsg             /* Write error messages here */
+){
+  int rc = SQLITE_OK;         /* Return code */
+  const char *zLeftover;      /* Tail of unprocessed SQL */
+  sqlite3_stmt *pStmt = 0;    /* The current SQL statement */
+  char **azCols = 0;          /* Names of result columns */
+  int callbackIsInit;         /* True if callback data is initialized */
+
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+  if( zSql==0 ) zSql = "";
+
+  sqlite3_mutex_enter(db->mutex);
+  sqlite3Error(db, SQLITE_OK);
+  while( rc==SQLITE_OK && zSql[0] ){
+    int nCol;
+    char **azVals = 0;
+
+    pStmt = 0;
+    rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
+    assert( rc==SQLITE_OK || pStmt==0 );
+    if( rc!=SQLITE_OK ){
+      continue;
+    }
+    if( !pStmt ){
+      /* this happens for a comment or white-space */
+      zSql = zLeftover;
+      continue;
+    }
+
+    callbackIsInit = 0;
+    nCol = sqlite3_column_count(pStmt);
+
+    while( 1 ){
+      int i;
+      rc = sqlite3_step(pStmt);
+
+      /* Invoke the callback function if required */
+      if( xCallback && (SQLITE_ROW==rc || 
+          (SQLITE_DONE==rc && !callbackIsInit
+                           && db->flags&SQLITE_NullCallback)) ){
+        if( !callbackIsInit ){
+          azCols = sqlite3DbMallocZero(db, 2*nCol*sizeof(const char*) + 1);
+          if( azCols==0 ){
+            goto exec_out;
+          }
+          for(i=0; i<nCol; i++){
+            azCols[i] = (char *)sqlite3_column_name(pStmt, i);
+            /* sqlite3VdbeSetColName() installs column names as UTF8
+            ** strings so there is no way for sqlite3_column_name() to fail. */
+            assert( azCols[i]!=0 );
+          }
+          callbackIsInit = 1;
+        }
+        if( rc==SQLITE_ROW ){
+          azVals = &azCols[nCol];
+          for(i=0; i<nCol; i++){
+            azVals[i] = (char *)sqlite3_column_text(pStmt, i);
+            if( !azVals[i] && sqlite3_column_type(pStmt, i)!=SQLITE_NULL ){
+              db->mallocFailed = 1;
+              goto exec_out;
+            }
+          }
+        }
+        if( xCallback(pArg, nCol, azVals, azCols) ){
+          /* EVIDENCE-OF: R-38229-40159 If the callback function to
+          ** sqlite3_exec() returns non-zero, then sqlite3_exec() will
+          ** return SQLITE_ABORT. */
+          rc = SQLITE_ABORT;
+          sqlite3VdbeFinalize((Vdbe *)pStmt);
+          pStmt = 0;
+          sqlite3Error(db, SQLITE_ABORT);
+          goto exec_out;
+        }
+      }
+
+      if( rc!=SQLITE_ROW ){
+        rc = sqlite3VdbeFinalize((Vdbe *)pStmt);
+        pStmt = 0;
+        zSql = zLeftover;
+        while( sqlite3Isspace(zSql[0]) ) zSql++;
+        break;
+      }
+    }
+
+    sqlite3DbFree(db, azCols);
+    azCols = 0;
+  }
+
+exec_out:
+  if( pStmt ) sqlite3VdbeFinalize((Vdbe *)pStmt);
+  sqlite3DbFree(db, azCols);
+
+  rc = sqlite3ApiExit(db, rc);
+  if( rc!=SQLITE_OK && pzErrMsg ){
+    int nErrMsg = 1 + sqlite3Strlen30(sqlite3_errmsg(db));
+    *pzErrMsg = sqlite3Malloc(nErrMsg);
+    if( *pzErrMsg ){
+      memcpy(*pzErrMsg, sqlite3_errmsg(db), nErrMsg);
+    }else{
+      rc = SQLITE_NOMEM;
+      sqlite3Error(db, SQLITE_NOMEM);
+    }
+  }else if( pzErrMsg ){
+    *pzErrMsg = 0;
+  }
+
+  assert( (rc&db->errMask)==rc );
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/************** End of legacy.c **********************************************/
+/************** Begin file loadext.c *****************************************/
+/*
+** 2006 June 7
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used to dynamically load extensions into
+** the SQLite library.
+*/
+
+#ifndef SQLITE_CORE
+  #define SQLITE_CORE 1  /* Disable the API redefinition in sqlite3ext.h */
+#endif
+/************** Include sqlite3ext.h in the middle of loadext.c **************/
+/************** Begin file sqlite3ext.h **************************************/
+/*
+** 2006 June 7
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This header file defines the SQLite interface for use by
+** shared libraries that want to be imported as extensions into
+** an SQLite instance.  Shared libraries that intend to be loaded
+** as extensions by SQLite should #include this file instead of 
+** sqlite3.h.
+*/
+#ifndef _SQLITE3EXT_H_
+#define _SQLITE3EXT_H_
+/* #include "sqlite3.h" */
+
+typedef struct sqlite3_api_routines sqlite3_api_routines;
+
+/*
+** The following structure holds pointers to all of the SQLite API
+** routines.
+**
+** WARNING:  In order to maintain backwards compatibility, add new
+** interfaces to the end of this structure only.  If you insert new
+** interfaces in the middle of this structure, then older different
+** versions of SQLite will not be able to load each other's shared
+** libraries!
+*/
+struct sqlite3_api_routines {
+  void * (*aggregate_context)(sqlite3_context*,int nBytes);
+  int  (*aggregate_count)(sqlite3_context*);
+  int  (*bind_blob)(sqlite3_stmt*,int,const void*,int n,void(*)(void*));
+  int  (*bind_double)(sqlite3_stmt*,int,double);
+  int  (*bind_int)(sqlite3_stmt*,int,int);
+  int  (*bind_int64)(sqlite3_stmt*,int,sqlite_int64);
+  int  (*bind_null)(sqlite3_stmt*,int);
+  int  (*bind_parameter_count)(sqlite3_stmt*);
+  int  (*bind_parameter_index)(sqlite3_stmt*,const char*zName);
+  const char * (*bind_parameter_name)(sqlite3_stmt*,int);
+  int  (*bind_text)(sqlite3_stmt*,int,const char*,int n,void(*)(void*));
+  int  (*bind_text16)(sqlite3_stmt*,int,const void*,int,void(*)(void*));
+  int  (*bind_value)(sqlite3_stmt*,int,const sqlite3_value*);
+  int  (*busy_handler)(sqlite3*,int(*)(void*,int),void*);
+  int  (*busy_timeout)(sqlite3*,int ms);
+  int  (*changes)(sqlite3*);
+  int  (*close)(sqlite3*);
+  int  (*collation_needed)(sqlite3*,void*,void(*)(void*,sqlite3*,
+                           int eTextRep,const char*));
+  int  (*collation_needed16)(sqlite3*,void*,void(*)(void*,sqlite3*,
+                             int eTextRep,const void*));
+  const void * (*column_blob)(sqlite3_stmt*,int iCol);
+  int  (*column_bytes)(sqlite3_stmt*,int iCol);
+  int  (*column_bytes16)(sqlite3_stmt*,int iCol);
+  int  (*column_count)(sqlite3_stmt*pStmt);
+  const char * (*column_database_name)(sqlite3_stmt*,int);
+  const void * (*column_database_name16)(sqlite3_stmt*,int);
+  const char * (*column_decltype)(sqlite3_stmt*,int i);
+  const void * (*column_decltype16)(sqlite3_stmt*,int);
+  double  (*column_double)(sqlite3_stmt*,int iCol);
+  int  (*column_int)(sqlite3_stmt*,int iCol);
+  sqlite_int64  (*column_int64)(sqlite3_stmt*,int iCol);
+  const char * (*column_name)(sqlite3_stmt*,int);
+  const void * (*column_name16)(sqlite3_stmt*,int);
+  const char * (*column_origin_name)(sqlite3_stmt*,int);
+  const void * (*column_origin_name16)(sqlite3_stmt*,int);
+  const char * (*column_table_name)(sqlite3_stmt*,int);
+  const void * (*column_table_name16)(sqlite3_stmt*,int);
+  const unsigned char * (*column_text)(sqlite3_stmt*,int iCol);
+  const void * (*column_text16)(sqlite3_stmt*,int iCol);
+  int  (*column_type)(sqlite3_stmt*,int iCol);
+  sqlite3_value* (*column_value)(sqlite3_stmt*,int iCol);
+  void * (*commit_hook)(sqlite3*,int(*)(void*),void*);
+  int  (*complete)(const char*sql);
+  int  (*complete16)(const void*sql);
+  int  (*create_collation)(sqlite3*,const char*,int,void*,
+                           int(*)(void*,int,const void*,int,const void*));
+  int  (*create_collation16)(sqlite3*,const void*,int,void*,
+                             int(*)(void*,int,const void*,int,const void*));
+  int  (*create_function)(sqlite3*,const char*,int,int,void*,
+                          void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+                          void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+                          void (*xFinal)(sqlite3_context*));
+  int  (*create_function16)(sqlite3*,const void*,int,int,void*,
+                            void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+                            void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+                            void (*xFinal)(sqlite3_context*));
+  int (*create_module)(sqlite3*,const char*,const sqlite3_module*,void*);
+  int  (*data_count)(sqlite3_stmt*pStmt);
+  sqlite3 * (*db_handle)(sqlite3_stmt*);
+  int (*declare_vtab)(sqlite3*,const char*);
+  int  (*enable_shared_cache)(int);
+  int  (*errcode)(sqlite3*db);
+  const char * (*errmsg)(sqlite3*);
+  const void * (*errmsg16)(sqlite3*);
+  int  (*exec)(sqlite3*,const char*,sqlite3_callback,void*,char**);
+  int  (*expired)(sqlite3_stmt*);
+  int  (*finalize)(sqlite3_stmt*pStmt);
+  void  (*free)(void*);
+  void  (*free_table)(char**result);
+  int  (*get_autocommit)(sqlite3*);
+  void * (*get_auxdata)(sqlite3_context*,int);
+  int  (*get_table)(sqlite3*,const char*,char***,int*,int*,char**);
+  int  (*global_recover)(void);
+  void  (*interruptx)(sqlite3*);
+  sqlite_int64  (*last_insert_rowid)(sqlite3*);
+  const char * (*libversion)(void);
+  int  (*libversion_number)(void);
+  void *(*malloc)(int);
+  char * (*mprintf)(const char*,...);
+  int  (*open)(const char*,sqlite3**);
+  int  (*open16)(const void*,sqlite3**);
+  int  (*prepare)(sqlite3*,const char*,int,sqlite3_stmt**,const char**);
+  int  (*prepare16)(sqlite3*,const void*,int,sqlite3_stmt**,const void**);
+  void * (*profile)(sqlite3*,void(*)(void*,const char*,sqlite_uint64),void*);
+  void  (*progress_handler)(sqlite3*,int,int(*)(void*),void*);
+  void *(*realloc)(void*,int);
+  int  (*reset)(sqlite3_stmt*pStmt);
+  void  (*result_blob)(sqlite3_context*,const void*,int,void(*)(void*));
+  void  (*result_double)(sqlite3_context*,double);
+  void  (*result_error)(sqlite3_context*,const char*,int);
+  void  (*result_error16)(sqlite3_context*,const void*,int);
+  void  (*result_int)(sqlite3_context*,int);
+  void  (*result_int64)(sqlite3_context*,sqlite_int64);
+  void  (*result_null)(sqlite3_context*);
+  void  (*result_text)(sqlite3_context*,const char*,int,void(*)(void*));
+  void  (*result_text16)(sqlite3_context*,const void*,int,void(*)(void*));
+  void  (*result_text16be)(sqlite3_context*,const void*,int,void(*)(void*));
+  void  (*result_text16le)(sqlite3_context*,const void*,int,void(*)(void*));
+  void  (*result_value)(sqlite3_context*,sqlite3_value*);
+  void * (*rollback_hook)(sqlite3*,void(*)(void*),void*);
+  int  (*set_authorizer)(sqlite3*,int(*)(void*,int,const char*,const char*,
+                         const char*,const char*),void*);
+  void  (*set_auxdata)(sqlite3_context*,int,void*,void (*)(void*));
+  char * (*snprintf)(int,char*,const char*,...);
+  int  (*step)(sqlite3_stmt*);
+  int  (*table_column_metadata)(sqlite3*,const char*,const char*,const char*,
+                                char const**,char const**,int*,int*,int*);
+  void  (*thread_cleanup)(void);
+  int  (*total_changes)(sqlite3*);
+  void * (*trace)(sqlite3*,void(*xTrace)(void*,const char*),void*);
+  int  (*transfer_bindings)(sqlite3_stmt*,sqlite3_stmt*);
+  void * (*update_hook)(sqlite3*,void(*)(void*,int ,char const*,char const*,
+                                         sqlite_int64),void*);
+  void * (*user_data)(sqlite3_context*);
+  const void * (*value_blob)(sqlite3_value*);
+  int  (*value_bytes)(sqlite3_value*);
+  int  (*value_bytes16)(sqlite3_value*);
+  double  (*value_double)(sqlite3_value*);
+  int  (*value_int)(sqlite3_value*);
+  sqlite_int64  (*value_int64)(sqlite3_value*);
+  int  (*value_numeric_type)(sqlite3_value*);
+  const unsigned char * (*value_text)(sqlite3_value*);
+  const void * (*value_text16)(sqlite3_value*);
+  const void * (*value_text16be)(sqlite3_value*);
+  const void * (*value_text16le)(sqlite3_value*);
+  int  (*value_type)(sqlite3_value*);
+  char *(*vmprintf)(const char*,va_list);
+  /* Added ??? */
+  int (*overload_function)(sqlite3*, const char *zFuncName, int nArg);
+  /* Added by 3.3.13 */
+  int (*prepare_v2)(sqlite3*,const char*,int,sqlite3_stmt**,const char**);
+  int (*prepare16_v2)(sqlite3*,const void*,int,sqlite3_stmt**,const void**);
+  int (*clear_bindings)(sqlite3_stmt*);
+  /* Added by 3.4.1 */
+  int (*create_module_v2)(sqlite3*,const char*,const sqlite3_module*,void*,
+                          void (*xDestroy)(void *));
+  /* Added by 3.5.0 */
+  int (*bind_zeroblob)(sqlite3_stmt*,int,int);
+  int (*blob_bytes)(sqlite3_blob*);
+  int (*blob_close)(sqlite3_blob*);
+  int (*blob_open)(sqlite3*,const char*,const char*,const char*,sqlite3_int64,
+                   int,sqlite3_blob**);
+  int (*blob_read)(sqlite3_blob*,void*,int,int);
+  int (*blob_write)(sqlite3_blob*,const void*,int,int);
+  int (*create_collation_v2)(sqlite3*,const char*,int,void*,
+                             int(*)(void*,int,const void*,int,const void*),
+                             void(*)(void*));
+  int (*file_control)(sqlite3*,const char*,int,void*);
+  sqlite3_int64 (*memory_highwater)(int);
+  sqlite3_int64 (*memory_used)(void);
+  sqlite3_mutex *(*mutex_alloc)(int);
+  void (*mutex_enter)(sqlite3_mutex*);
+  void (*mutex_free)(sqlite3_mutex*);
+  void (*mutex_leave)(sqlite3_mutex*);
+  int (*mutex_try)(sqlite3_mutex*);
+  int (*open_v2)(const char*,sqlite3**,int,const char*);
+  int (*release_memory)(int);
+  void (*result_error_nomem)(sqlite3_context*);
+  void (*result_error_toobig)(sqlite3_context*);
+  int (*sleep)(int);
+  void (*soft_heap_limit)(int);
+  sqlite3_vfs *(*vfs_find)(const char*);
+  int (*vfs_register)(sqlite3_vfs*,int);
+  int (*vfs_unregister)(sqlite3_vfs*);
+  int (*xthreadsafe)(void);
+  void (*result_zeroblob)(sqlite3_context*,int);
+  void (*result_error_code)(sqlite3_context*,int);
+  int (*test_control)(int, ...);
+  void (*randomness)(int,void*);
+  sqlite3 *(*context_db_handle)(sqlite3_context*);
+  int (*extended_result_codes)(sqlite3*,int);
+  int (*limit)(sqlite3*,int,int);
+  sqlite3_stmt *(*next_stmt)(sqlite3*,sqlite3_stmt*);
+  const char *(*sql)(sqlite3_stmt*);
+  int (*status)(int,int*,int*,int);
+  int (*backup_finish)(sqlite3_backup*);
+  sqlite3_backup *(*backup_init)(sqlite3*,const char*,sqlite3*,const char*);
+  int (*backup_pagecount)(sqlite3_backup*);
+  int (*backup_remaining)(sqlite3_backup*);
+  int (*backup_step)(sqlite3_backup*,int);
+  const char *(*compileoption_get)(int);
+  int (*compileoption_used)(const char*);
+  int (*create_function_v2)(sqlite3*,const char*,int,int,void*,
+                            void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+                            void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+                            void (*xFinal)(sqlite3_context*),
+                            void(*xDestroy)(void*));
+  int (*db_config)(sqlite3*,int,...);
+  sqlite3_mutex *(*db_mutex)(sqlite3*);
+  int (*db_status)(sqlite3*,int,int*,int*,int);
+  int (*extended_errcode)(sqlite3*);
+  void (*log)(int,const char*,...);
+  sqlite3_int64 (*soft_heap_limit64)(sqlite3_int64);
+  const char *(*sourceid)(void);
+  int (*stmt_status)(sqlite3_stmt*,int,int);
+  int (*strnicmp)(const char*,const char*,int);
+  int (*unlock_notify)(sqlite3*,void(*)(void**,int),void*);
+  int (*wal_autocheckpoint)(sqlite3*,int);
+  int (*wal_checkpoint)(sqlite3*,const char*);
+  void *(*wal_hook)(sqlite3*,int(*)(void*,sqlite3*,const char*,int),void*);
+  int (*blob_reopen)(sqlite3_blob*,sqlite3_int64);
+  int (*vtab_config)(sqlite3*,int op,...);
+  int (*vtab_on_conflict)(sqlite3*);
+  /* Version 3.7.16 and later */
+  int (*close_v2)(sqlite3*);
+  const char *(*db_filename)(sqlite3*,const char*);
+  int (*db_readonly)(sqlite3*,const char*);
+  int (*db_release_memory)(sqlite3*);
+  const char *(*errstr)(int);
+  int (*stmt_busy)(sqlite3_stmt*);
+  int (*stmt_readonly)(sqlite3_stmt*);
+  int (*stricmp)(const char*,const char*);
+  int (*uri_boolean)(const char*,const char*,int);
+  sqlite3_int64 (*uri_int64)(const char*,const char*,sqlite3_int64);
+  const char *(*uri_parameter)(const char*,const char*);
+  char *(*vsnprintf)(int,char*,const char*,va_list);
+  int (*wal_checkpoint_v2)(sqlite3*,const char*,int,int*,int*);
+  /* Version 3.8.7 and later */
+  int (*auto_extension)(void(*)(void));
+  int (*bind_blob64)(sqlite3_stmt*,int,const void*,sqlite3_uint64,
+                     void(*)(void*));
+  int (*bind_text64)(sqlite3_stmt*,int,const char*,sqlite3_uint64,
+                      void(*)(void*),unsigned char);
+  int (*cancel_auto_extension)(void(*)(void));
+  int (*load_extension)(sqlite3*,const char*,const char*,char**);
+  void *(*malloc64)(sqlite3_uint64);
+  sqlite3_uint64 (*msize)(void*);
+  void *(*realloc64)(void*,sqlite3_uint64);
+  void (*reset_auto_extension)(void);
+  void (*result_blob64)(sqlite3_context*,const void*,sqlite3_uint64,
+                        void(*)(void*));
+  void (*result_text64)(sqlite3_context*,const char*,sqlite3_uint64,
+                         void(*)(void*), unsigned char);
+  int (*strglob)(const char*,const char*);
+  /* Version 3.8.11 and later */
+  sqlite3_value *(*value_dup)(const sqlite3_value*);
+  void (*value_free)(sqlite3_value*);
+  int (*result_zeroblob64)(sqlite3_context*,sqlite3_uint64);
+  int (*bind_zeroblob64)(sqlite3_stmt*, int, sqlite3_uint64);
+  /* Version 3.9.0 and later */
+  unsigned int (*value_subtype)(sqlite3_value*);
+  void (*result_subtype)(sqlite3_context*,unsigned int);
+  /* Version 3.10.0 and later */
+  int (*status64)(int,sqlite3_int64*,sqlite3_int64*,int);
+  int (*strlike)(const char*,const char*,unsigned int);
+  int (*db_cacheflush)(sqlite3*);
+};
+
+/*
+** The following macros redefine the API routines so that they are
+** redirected through the global sqlite3_api structure.
+**
+** This header file is also used by the loadext.c source file
+** (part of the main SQLite library - not an extension) so that
+** it can get access to the sqlite3_api_routines structure
+** definition.  But the main library does not want to redefine
+** the API.  So the redefinition macros are only valid if the
+** SQLITE_CORE macros is undefined.
+*/
+#if !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION)
+#define sqlite3_aggregate_context      sqlite3_api->aggregate_context
+#ifndef SQLITE_OMIT_DEPRECATED
+#define sqlite3_aggregate_count        sqlite3_api->aggregate_count
+#endif
+#define sqlite3_bind_blob              sqlite3_api->bind_blob
+#define sqlite3_bind_double            sqlite3_api->bind_double
+#define sqlite3_bind_int               sqlite3_api->bind_int
+#define sqlite3_bind_int64             sqlite3_api->bind_int64
+#define sqlite3_bind_null              sqlite3_api->bind_null
+#define sqlite3_bind_parameter_count   sqlite3_api->bind_parameter_count
+#define sqlite3_bind_parameter_index   sqlite3_api->bind_parameter_index
+#define sqlite3_bind_parameter_name    sqlite3_api->bind_parameter_name
+#define sqlite3_bind_text              sqlite3_api->bind_text
+#define sqlite3_bind_text16            sqlite3_api->bind_text16
+#define sqlite3_bind_value             sqlite3_api->bind_value
+#define sqlite3_busy_handler           sqlite3_api->busy_handler
+#define sqlite3_busy_timeout           sqlite3_api->busy_timeout
+#define sqlite3_changes                sqlite3_api->changes
+#define sqlite3_close                  sqlite3_api->close
+#define sqlite3_collation_needed       sqlite3_api->collation_needed
+#define sqlite3_collation_needed16     sqlite3_api->collation_needed16
+#define sqlite3_column_blob            sqlite3_api->column_blob
+#define sqlite3_column_bytes           sqlite3_api->column_bytes
+#define sqlite3_column_bytes16         sqlite3_api->column_bytes16
+#define sqlite3_column_count           sqlite3_api->column_count
+#define sqlite3_column_database_name   sqlite3_api->column_database_name
+#define sqlite3_column_database_name16 sqlite3_api->column_database_name16
+#define sqlite3_column_decltype        sqlite3_api->column_decltype
+#define sqlite3_column_decltype16      sqlite3_api->column_decltype16
+#define sqlite3_column_double          sqlite3_api->column_double
+#define sqlite3_column_int             sqlite3_api->column_int
+#define sqlite3_column_int64           sqlite3_api->column_int64
+#define sqlite3_column_name            sqlite3_api->column_name
+#define sqlite3_column_name16          sqlite3_api->column_name16
+#define sqlite3_column_origin_name     sqlite3_api->column_origin_name
+#define sqlite3_column_origin_name16   sqlite3_api->column_origin_name16
+#define sqlite3_column_table_name      sqlite3_api->column_table_name
+#define sqlite3_column_table_name16    sqlite3_api->column_table_name16
+#define sqlite3_column_text            sqlite3_api->column_text
+#define sqlite3_column_text16          sqlite3_api->column_text16
+#define sqlite3_column_type            sqlite3_api->column_type
+#define sqlite3_column_value           sqlite3_api->column_value
+#define sqlite3_commit_hook            sqlite3_api->commit_hook
+#define sqlite3_complete               sqlite3_api->complete
+#define sqlite3_complete16             sqlite3_api->complete16
+#define sqlite3_create_collation       sqlite3_api->create_collation
+#define sqlite3_create_collation16     sqlite3_api->create_collation16
+#define sqlite3_create_function        sqlite3_api->create_function
+#define sqlite3_create_function16      sqlite3_api->create_function16
+#define sqlite3_create_module          sqlite3_api->create_module
+#define sqlite3_create_module_v2       sqlite3_api->create_module_v2
+#define sqlite3_data_count             sqlite3_api->data_count
+#define sqlite3_db_handle              sqlite3_api->db_handle
+#define sqlite3_declare_vtab           sqlite3_api->declare_vtab
+#define sqlite3_enable_shared_cache    sqlite3_api->enable_shared_cache
+#define sqlite3_errcode                sqlite3_api->errcode
+#define sqlite3_errmsg                 sqlite3_api->errmsg
+#define sqlite3_errmsg16               sqlite3_api->errmsg16
+#define sqlite3_exec                   sqlite3_api->exec
+#ifndef SQLITE_OMIT_DEPRECATED
+#define sqlite3_expired                sqlite3_api->expired
+#endif
+#define sqlite3_finalize               sqlite3_api->finalize
+#define sqlite3_free                   sqlite3_api->free
+#define sqlite3_free_table             sqlite3_api->free_table
+#define sqlite3_get_autocommit         sqlite3_api->get_autocommit
+#define sqlite3_get_auxdata            sqlite3_api->get_auxdata
+#define sqlite3_get_table              sqlite3_api->get_table
+#ifndef SQLITE_OMIT_DEPRECATED
+#define sqlite3_global_recover         sqlite3_api->global_recover
+#endif
+#define sqlite3_interrupt              sqlite3_api->interruptx
+#define sqlite3_last_insert_rowid      sqlite3_api->last_insert_rowid
+#define sqlite3_libversion             sqlite3_api->libversion
+#define sqlite3_libversion_number      sqlite3_api->libversion_number
+#define sqlite3_malloc                 sqlite3_api->malloc
+#define sqlite3_mprintf                sqlite3_api->mprintf
+#define sqlite3_open                   sqlite3_api->open
+#define sqlite3_open16                 sqlite3_api->open16
+#define sqlite3_prepare                sqlite3_api->prepare
+#define sqlite3_prepare16              sqlite3_api->prepare16
+#define sqlite3_prepare_v2             sqlite3_api->prepare_v2
+#define sqlite3_prepare16_v2           sqlite3_api->prepare16_v2
+#define sqlite3_profile                sqlite3_api->profile
+#define sqlite3_progress_handler       sqlite3_api->progress_handler
+#define sqlite3_realloc                sqlite3_api->realloc
+#define sqlite3_reset                  sqlite3_api->reset
+#define sqlite3_result_blob            sqlite3_api->result_blob
+#define sqlite3_result_double          sqlite3_api->result_double
+#define sqlite3_result_error           sqlite3_api->result_error
+#define sqlite3_result_error16         sqlite3_api->result_error16
+#define sqlite3_result_int             sqlite3_api->result_int
+#define sqlite3_result_int64           sqlite3_api->result_int64
+#define sqlite3_result_null            sqlite3_api->result_null
+#define sqlite3_result_text            sqlite3_api->result_text
+#define sqlite3_result_text16          sqlite3_api->result_text16
+#define sqlite3_result_text16be        sqlite3_api->result_text16be
+#define sqlite3_result_text16le        sqlite3_api->result_text16le
+#define sqlite3_result_value           sqlite3_api->result_value
+#define sqlite3_rollback_hook          sqlite3_api->rollback_hook
+#define sqlite3_set_authorizer         sqlite3_api->set_authorizer
+#define sqlite3_set_auxdata            sqlite3_api->set_auxdata
+#define sqlite3_snprintf               sqlite3_api->snprintf
+#define sqlite3_step                   sqlite3_api->step
+#define sqlite3_table_column_metadata  sqlite3_api->table_column_metadata
+#define sqlite3_thread_cleanup         sqlite3_api->thread_cleanup
+#define sqlite3_total_changes          sqlite3_api->total_changes
+#define sqlite3_trace                  sqlite3_api->trace
+#ifndef SQLITE_OMIT_DEPRECATED
+#define sqlite3_transfer_bindings      sqlite3_api->transfer_bindings
+#endif
+#define sqlite3_update_hook            sqlite3_api->update_hook
+#define sqlite3_user_data              sqlite3_api->user_data
+#define sqlite3_value_blob             sqlite3_api->value_blob
+#define sqlite3_value_bytes            sqlite3_api->value_bytes
+#define sqlite3_value_bytes16          sqlite3_api->value_bytes16
+#define sqlite3_value_double           sqlite3_api->value_double
+#define sqlite3_value_int              sqlite3_api->value_int
+#define sqlite3_value_int64            sqlite3_api->value_int64
+#define sqlite3_value_numeric_type     sqlite3_api->value_numeric_type
+#define sqlite3_value_text             sqlite3_api->value_text
+#define sqlite3_value_text16           sqlite3_api->value_text16
+#define sqlite3_value_text16be         sqlite3_api->value_text16be
+#define sqlite3_value_text16le         sqlite3_api->value_text16le
+#define sqlite3_value_type             sqlite3_api->value_type
+#define sqlite3_vmprintf               sqlite3_api->vmprintf
+#define sqlite3_vsnprintf              sqlite3_api->vsnprintf
+#define sqlite3_overload_function      sqlite3_api->overload_function
+#define sqlite3_prepare_v2             sqlite3_api->prepare_v2
+#define sqlite3_prepare16_v2           sqlite3_api->prepare16_v2
+#define sqlite3_clear_bindings         sqlite3_api->clear_bindings
+#define sqlite3_bind_zeroblob          sqlite3_api->bind_zeroblob
+#define sqlite3_blob_bytes             sqlite3_api->blob_bytes
+#define sqlite3_blob_close             sqlite3_api->blob_close
+#define sqlite3_blob_open              sqlite3_api->blob_open
+#define sqlite3_blob_read              sqlite3_api->blob_read
+#define sqlite3_blob_write             sqlite3_api->blob_write
+#define sqlite3_create_collation_v2    sqlite3_api->create_collation_v2
+#define sqlite3_file_control           sqlite3_api->file_control
+#define sqlite3_memory_highwater       sqlite3_api->memory_highwater
+#define sqlite3_memory_used            sqlite3_api->memory_used
+#define sqlite3_mutex_alloc            sqlite3_api->mutex_alloc
+#define sqlite3_mutex_enter            sqlite3_api->mutex_enter
+#define sqlite3_mutex_free             sqlite3_api->mutex_free
+#define sqlite3_mutex_leave            sqlite3_api->mutex_leave
+#define sqlite3_mutex_try              sqlite3_api->mutex_try
+#define sqlite3_open_v2                sqlite3_api->open_v2
+#define sqlite3_release_memory         sqlite3_api->release_memory
+#define sqlite3_result_error_nomem     sqlite3_api->result_error_nomem
+#define sqlite3_result_error_toobig    sqlite3_api->result_error_toobig
+#define sqlite3_sleep                  sqlite3_api->sleep
+#define sqlite3_soft_heap_limit        sqlite3_api->soft_heap_limit
+#define sqlite3_vfs_find               sqlite3_api->vfs_find
+#define sqlite3_vfs_register           sqlite3_api->vfs_register
+#define sqlite3_vfs_unregister         sqlite3_api->vfs_unregister
+#define sqlite3_threadsafe             sqlite3_api->xthreadsafe
+#define sqlite3_result_zeroblob        sqlite3_api->result_zeroblob
+#define sqlite3_result_error_code      sqlite3_api->result_error_code
+#define sqlite3_test_control           sqlite3_api->test_control
+#define sqlite3_randomness             sqlite3_api->randomness
+#define sqlite3_context_db_handle      sqlite3_api->context_db_handle
+#define sqlite3_extended_result_codes  sqlite3_api->extended_result_codes
+#define sqlite3_limit                  sqlite3_api->limit
+#define sqlite3_next_stmt              sqlite3_api->next_stmt
+#define sqlite3_sql                    sqlite3_api->sql
+#define sqlite3_status                 sqlite3_api->status
+#define sqlite3_backup_finish          sqlite3_api->backup_finish
+#define sqlite3_backup_init            sqlite3_api->backup_init
+#define sqlite3_backup_pagecount       sqlite3_api->backup_pagecount
+#define sqlite3_backup_remaining       sqlite3_api->backup_remaining
+#define sqlite3_backup_step            sqlite3_api->backup_step
+#define sqlite3_compileoption_get      sqlite3_api->compileoption_get
+#define sqlite3_compileoption_used     sqlite3_api->compileoption_used
+#define sqlite3_create_function_v2     sqlite3_api->create_function_v2
+#define sqlite3_db_config              sqlite3_api->db_config
+#define sqlite3_db_mutex               sqlite3_api->db_mutex
+#define sqlite3_db_status              sqlite3_api->db_status
+#define sqlite3_extended_errcode       sqlite3_api->extended_errcode
+#define sqlite3_log                    sqlite3_api->log
+#define sqlite3_soft_heap_limit64      sqlite3_api->soft_heap_limit64
+#define sqlite3_sourceid               sqlite3_api->sourceid
+#define sqlite3_stmt_status            sqlite3_api->stmt_status
+#define sqlite3_strnicmp               sqlite3_api->strnicmp
+#define sqlite3_unlock_notify          sqlite3_api->unlock_notify
+#define sqlite3_wal_autocheckpoint     sqlite3_api->wal_autocheckpoint
+#define sqlite3_wal_checkpoint         sqlite3_api->wal_checkpoint
+#define sqlite3_wal_hook               sqlite3_api->wal_hook
+#define sqlite3_blob_reopen            sqlite3_api->blob_reopen
+#define sqlite3_vtab_config            sqlite3_api->vtab_config
+#define sqlite3_vtab_on_conflict       sqlite3_api->vtab_on_conflict
+/* Version 3.7.16 and later */
+#define sqlite3_close_v2               sqlite3_api->close_v2
+#define sqlite3_db_filename            sqlite3_api->db_filename
+#define sqlite3_db_readonly            sqlite3_api->db_readonly
+#define sqlite3_db_release_memory      sqlite3_api->db_release_memory
+#define sqlite3_errstr                 sqlite3_api->errstr
+#define sqlite3_stmt_busy              sqlite3_api->stmt_busy
+#define sqlite3_stmt_readonly          sqlite3_api->stmt_readonly
+#define sqlite3_stricmp                sqlite3_api->stricmp
+#define sqlite3_uri_boolean            sqlite3_api->uri_boolean
+#define sqlite3_uri_int64              sqlite3_api->uri_int64
+#define sqlite3_uri_parameter          sqlite3_api->uri_parameter
+#define sqlite3_uri_vsnprintf          sqlite3_api->vsnprintf
+#define sqlite3_wal_checkpoint_v2      sqlite3_api->wal_checkpoint_v2
+/* Version 3.8.7 and later */
+#define sqlite3_auto_extension         sqlite3_api->auto_extension
+#define sqlite3_bind_blob64            sqlite3_api->bind_blob64
+#define sqlite3_bind_text64            sqlite3_api->bind_text64
+#define sqlite3_cancel_auto_extension  sqlite3_api->cancel_auto_extension
+#define sqlite3_load_extension         sqlite3_api->load_extension
+#define sqlite3_malloc64               sqlite3_api->malloc64
+#define sqlite3_msize                  sqlite3_api->msize
+#define sqlite3_realloc64              sqlite3_api->realloc64
+#define sqlite3_reset_auto_extension   sqlite3_api->reset_auto_extension
+#define sqlite3_result_blob64          sqlite3_api->result_blob64
+#define sqlite3_result_text64          sqlite3_api->result_text64
+#define sqlite3_strglob                sqlite3_api->strglob
+/* Version 3.8.11 and later */
+#define sqlite3_value_dup              sqlite3_api->value_dup
+#define sqlite3_value_free             sqlite3_api->value_free
+#define sqlite3_result_zeroblob64      sqlite3_api->result_zeroblob64
+#define sqlite3_bind_zeroblob64        sqlite3_api->bind_zeroblob64
+/* Version 3.9.0 and later */
+#define sqlite3_value_subtype          sqlite3_api->value_subtype
+#define sqlite3_result_subtype         sqlite3_api->result_subtype
+/* Version 3.10.0 and later */
+#define sqlite3_status64               sqlite3_api->status64
+#define sqlite3_strlike                sqlite3_api->strlike
+#define sqlite3_db_cacheflush          sqlite3_api->db_cacheflush
+#endif /* !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) */
+
+#if !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION)
+  /* This case when the file really is being compiled as a loadable 
+  ** extension */
+# define SQLITE_EXTENSION_INIT1     const sqlite3_api_routines *sqlite3_api=0;
+# define SQLITE_EXTENSION_INIT2(v)  sqlite3_api=v;
+# define SQLITE_EXTENSION_INIT3     \
+    extern const sqlite3_api_routines *sqlite3_api;
+#else
+  /* This case when the file is being statically linked into the 
+  ** application */
+# define SQLITE_EXTENSION_INIT1     /*no-op*/
+# define SQLITE_EXTENSION_INIT2(v)  (void)v; /* unused parameter */
+# define SQLITE_EXTENSION_INIT3     /*no-op*/
+#endif
+
+#endif /* _SQLITE3EXT_H_ */
+
+/************** End of sqlite3ext.h ******************************************/
+/************** Continuing where we left off in loadext.c ********************/
+/* #include "sqliteInt.h" */
+/* #include <string.h> */
+
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+
+/*
+** Some API routines are omitted when various features are
+** excluded from a build of SQLite.  Substitute a NULL pointer
+** for any missing APIs.
+*/
+#ifndef SQLITE_ENABLE_COLUMN_METADATA
+# define sqlite3_column_database_name   0
+# define sqlite3_column_database_name16 0
+# define sqlite3_column_table_name      0
+# define sqlite3_column_table_name16    0
+# define sqlite3_column_origin_name     0
+# define sqlite3_column_origin_name16   0
+#endif
+
+#ifdef SQLITE_OMIT_AUTHORIZATION
+# define sqlite3_set_authorizer         0
+#endif
+
+#ifdef SQLITE_OMIT_UTF16
+# define sqlite3_bind_text16            0
+# define sqlite3_collation_needed16     0
+# define sqlite3_column_decltype16      0
+# define sqlite3_column_name16          0
+# define sqlite3_column_text16          0
+# define sqlite3_complete16             0
+# define sqlite3_create_collation16     0
+# define sqlite3_create_function16      0
+# define sqlite3_errmsg16               0
+# define sqlite3_open16                 0
+# define sqlite3_prepare16              0
+# define sqlite3_prepare16_v2           0
+# define sqlite3_result_error16         0
+# define sqlite3_result_text16          0
+# define sqlite3_result_text16be        0
+# define sqlite3_result_text16le        0
+# define sqlite3_value_text16           0
+# define sqlite3_value_text16be         0
+# define sqlite3_value_text16le         0
+# define sqlite3_column_database_name16 0
+# define sqlite3_column_table_name16    0
+# define sqlite3_column_origin_name16   0
+#endif
+
+#ifdef SQLITE_OMIT_COMPLETE
+# define sqlite3_complete 0
+# define sqlite3_complete16 0
+#endif
+
+#ifdef SQLITE_OMIT_DECLTYPE
+# define sqlite3_column_decltype16      0
+# define sqlite3_column_decltype        0
+#endif
+
+#ifdef SQLITE_OMIT_PROGRESS_CALLBACK
+# define sqlite3_progress_handler 0
+#endif
+
+#ifdef SQLITE_OMIT_VIRTUALTABLE
+# define sqlite3_create_module 0
+# define sqlite3_create_module_v2 0
+# define sqlite3_declare_vtab 0
+# define sqlite3_vtab_config 0
+# define sqlite3_vtab_on_conflict 0
+#endif
+
+#ifdef SQLITE_OMIT_SHARED_CACHE
+# define sqlite3_enable_shared_cache 0
+#endif
+
+#ifdef SQLITE_OMIT_TRACE
+# define sqlite3_profile       0
+# define sqlite3_trace         0
+#endif
+
+#ifdef SQLITE_OMIT_GET_TABLE
+# define sqlite3_free_table    0
+# define sqlite3_get_table     0
+#endif
+
+#ifdef SQLITE_OMIT_INCRBLOB
+#define sqlite3_bind_zeroblob  0
+#define sqlite3_blob_bytes     0
+#define sqlite3_blob_close     0
+#define sqlite3_blob_open      0
+#define sqlite3_blob_read      0
+#define sqlite3_blob_write     0
+#define sqlite3_blob_reopen    0
+#endif
+
+/*
+** The following structure contains pointers to all SQLite API routines.
+** A pointer to this structure is passed into extensions when they are
+** loaded so that the extension can make calls back into the SQLite
+** library.
+**
+** When adding new APIs, add them to the bottom of this structure
+** in order to preserve backwards compatibility.
+**
+** Extensions that use newer APIs should first call the
+** sqlite3_libversion_number() to make sure that the API they
+** intend to use is supported by the library.  Extensions should
+** also check to make sure that the pointer to the function is
+** not NULL before calling it.
+*/
+static const sqlite3_api_routines sqlite3Apis = {
+  sqlite3_aggregate_context,
+#ifndef SQLITE_OMIT_DEPRECATED
+  sqlite3_aggregate_count,
+#else
+  0,
+#endif
+  sqlite3_bind_blob,
+  sqlite3_bind_double,
+  sqlite3_bind_int,
+  sqlite3_bind_int64,
+  sqlite3_bind_null,
+  sqlite3_bind_parameter_count,
+  sqlite3_bind_parameter_index,
+  sqlite3_bind_parameter_name,
+  sqlite3_bind_text,
+  sqlite3_bind_text16,
+  sqlite3_bind_value,
+  sqlite3_busy_handler,
+  sqlite3_busy_timeout,
+  sqlite3_changes,
+  sqlite3_close,
+  sqlite3_collation_needed,
+  sqlite3_collation_needed16,
+  sqlite3_column_blob,
+  sqlite3_column_bytes,
+  sqlite3_column_bytes16,
+  sqlite3_column_count,
+  sqlite3_column_database_name,
+  sqlite3_column_database_name16,
+  sqlite3_column_decltype,
+  sqlite3_column_decltype16,
+  sqlite3_column_double,
+  sqlite3_column_int,
+  sqlite3_column_int64,
+  sqlite3_column_name,
+  sqlite3_column_name16,
+  sqlite3_column_origin_name,
+  sqlite3_column_origin_name16,
+  sqlite3_column_table_name,
+  sqlite3_column_table_name16,
+  sqlite3_column_text,
+  sqlite3_column_text16,
+  sqlite3_column_type,
+  sqlite3_column_value,
+  sqlite3_commit_hook,
+  sqlite3_complete,
+  sqlite3_complete16,
+  sqlite3_create_collation,
+  sqlite3_create_collation16,
+  sqlite3_create_function,
+  sqlite3_create_function16,
+  sqlite3_create_module,
+  sqlite3_data_count,
+  sqlite3_db_handle,
+  sqlite3_declare_vtab,
+  sqlite3_enable_shared_cache,
+  sqlite3_errcode,
+  sqlite3_errmsg,
+  sqlite3_errmsg16,
+  sqlite3_exec,
+#ifndef SQLITE_OMIT_DEPRECATED
+  sqlite3_expired,
+#else
+  0,
+#endif
+  sqlite3_finalize,
+  sqlite3_free,
+  sqlite3_free_table,
+  sqlite3_get_autocommit,
+  sqlite3_get_auxdata,
+  sqlite3_get_table,
+  0,     /* Was sqlite3_global_recover(), but that function is deprecated */
+  sqlite3_interrupt,
+  sqlite3_last_insert_rowid,
+  sqlite3_libversion,
+  sqlite3_libversion_number,
+  sqlite3_malloc,
+  sqlite3_mprintf,
+  sqlite3_open,
+  sqlite3_open16,
+  sqlite3_prepare,
+  sqlite3_prepare16,
+  sqlite3_profile,
+  sqlite3_progress_handler,
+  sqlite3_realloc,
+  sqlite3_reset,
+  sqlite3_result_blob,
+  sqlite3_result_double,
+  sqlite3_result_error,
+  sqlite3_result_error16,
+  sqlite3_result_int,
+  sqlite3_result_int64,
+  sqlite3_result_null,
+  sqlite3_result_text,
+  sqlite3_result_text16,
+  sqlite3_result_text16be,
+  sqlite3_result_text16le,
+  sqlite3_result_value,
+  sqlite3_rollback_hook,
+  sqlite3_set_authorizer,
+  sqlite3_set_auxdata,
+  sqlite3_snprintf,
+  sqlite3_step,
+  sqlite3_table_column_metadata,
+#ifndef SQLITE_OMIT_DEPRECATED
+  sqlite3_thread_cleanup,
+#else
+  0,
+#endif
+  sqlite3_total_changes,
+  sqlite3_trace,
+#ifndef SQLITE_OMIT_DEPRECATED
+  sqlite3_transfer_bindings,
+#else
+  0,
+#endif
+  sqlite3_update_hook,
+  sqlite3_user_data,
+  sqlite3_value_blob,
+  sqlite3_value_bytes,
+  sqlite3_value_bytes16,
+  sqlite3_value_double,
+  sqlite3_value_int,
+  sqlite3_value_int64,
+  sqlite3_value_numeric_type,
+  sqlite3_value_text,
+  sqlite3_value_text16,
+  sqlite3_value_text16be,
+  sqlite3_value_text16le,
+  sqlite3_value_type,
+  sqlite3_vmprintf,
+  /*
+  ** The original API set ends here.  All extensions can call any
+  ** of the APIs above provided that the pointer is not NULL.  But
+  ** before calling APIs that follow, extension should check the
+  ** sqlite3_libversion_number() to make sure they are dealing with
+  ** a library that is new enough to support that API.
+  *************************************************************************
+  */
+  sqlite3_overload_function,
+
+  /*
+  ** Added after 3.3.13
+  */
+  sqlite3_prepare_v2,
+  sqlite3_prepare16_v2,
+  sqlite3_clear_bindings,
+
+  /*
+  ** Added for 3.4.1
+  */
+  sqlite3_create_module_v2,
+
+  /*
+  ** Added for 3.5.0
+  */
+  sqlite3_bind_zeroblob,
+  sqlite3_blob_bytes,
+  sqlite3_blob_close,
+  sqlite3_blob_open,
+  sqlite3_blob_read,
+  sqlite3_blob_write,
+  sqlite3_create_collation_v2,
+  sqlite3_file_control,
+  sqlite3_memory_highwater,
+  sqlite3_memory_used,
+#ifdef SQLITE_MUTEX_OMIT
+  0, 
+  0, 
+  0,
+  0,
+  0,
+#else
+  sqlite3_mutex_alloc,
+  sqlite3_mutex_enter,
+  sqlite3_mutex_free,
+  sqlite3_mutex_leave,
+  sqlite3_mutex_try,
+#endif
+  sqlite3_open_v2,
+  sqlite3_release_memory,
+  sqlite3_result_error_nomem,
+  sqlite3_result_error_toobig,
+  sqlite3_sleep,
+  sqlite3_soft_heap_limit,
+  sqlite3_vfs_find,
+  sqlite3_vfs_register,
+  sqlite3_vfs_unregister,
+
+  /*
+  ** Added for 3.5.8
+  */
+  sqlite3_threadsafe,
+  sqlite3_result_zeroblob,
+  sqlite3_result_error_code,
+  sqlite3_test_control,
+  sqlite3_randomness,
+  sqlite3_context_db_handle,
+
+  /*
+  ** Added for 3.6.0
+  */
+  sqlite3_extended_result_codes,
+  sqlite3_limit,
+  sqlite3_next_stmt,
+  sqlite3_sql,
+  sqlite3_status,
+
+  /*
+  ** Added for 3.7.4
+  */
+  sqlite3_backup_finish,
+  sqlite3_backup_init,
+  sqlite3_backup_pagecount,
+  sqlite3_backup_remaining,
+  sqlite3_backup_step,
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+  sqlite3_compileoption_get,
+  sqlite3_compileoption_used,
+#else
+  0,
+  0,
+#endif
+  sqlite3_create_function_v2,
+  sqlite3_db_config,
+  sqlite3_db_mutex,
+  sqlite3_db_status,
+  sqlite3_extended_errcode,
+  sqlite3_log,
+  sqlite3_soft_heap_limit64,
+  sqlite3_sourceid,
+  sqlite3_stmt_status,
+  sqlite3_strnicmp,
+#ifdef SQLITE_ENABLE_UNLOCK_NOTIFY
+  sqlite3_unlock_notify,
+#else
+  0,
+#endif
+#ifndef SQLITE_OMIT_WAL
+  sqlite3_wal_autocheckpoint,
+  sqlite3_wal_checkpoint,
+  sqlite3_wal_hook,
+#else
+  0,
+  0,
+  0,
+#endif
+  sqlite3_blob_reopen,
+  sqlite3_vtab_config,
+  sqlite3_vtab_on_conflict,
+  sqlite3_close_v2,
+  sqlite3_db_filename,
+  sqlite3_db_readonly,
+  sqlite3_db_release_memory,
+  sqlite3_errstr,
+  sqlite3_stmt_busy,
+  sqlite3_stmt_readonly,
+  sqlite3_stricmp,
+  sqlite3_uri_boolean,
+  sqlite3_uri_int64,
+  sqlite3_uri_parameter,
+  sqlite3_vsnprintf,
+  sqlite3_wal_checkpoint_v2,
+  /* Version 3.8.7 and later */
+  sqlite3_auto_extension,
+  sqlite3_bind_blob64,
+  sqlite3_bind_text64,
+  sqlite3_cancel_auto_extension,
+  sqlite3_load_extension,
+  sqlite3_malloc64,
+  sqlite3_msize,
+  sqlite3_realloc64,
+  sqlite3_reset_auto_extension,
+  sqlite3_result_blob64,
+  sqlite3_result_text64,
+  sqlite3_strglob,
+  /* Version 3.8.11 and later */
+  (sqlite3_value*(*)(const sqlite3_value*))sqlite3_value_dup,
+  sqlite3_value_free,
+  sqlite3_result_zeroblob64,
+  sqlite3_bind_zeroblob64,
+  /* Version 3.9.0 and later */
+  sqlite3_value_subtype,
+  sqlite3_result_subtype,
+  /* Version 3.10.0 and later */
+  sqlite3_status64,
+  sqlite3_strlike,
+  sqlite3_db_cacheflush
+};
+
+/*
+** Attempt to load an SQLite extension library contained in the file
+** zFile.  The entry point is zProc.  zProc may be 0 in which case a
+** default entry point name (sqlite3_extension_init) is used.  Use
+** of the default name is recommended.
+**
+** Return SQLITE_OK on success and SQLITE_ERROR if something goes wrong.
+**
+** If an error occurs and pzErrMsg is not 0, then fill *pzErrMsg with 
+** error message text.  The calling function should free this memory
+** by calling sqlite3DbFree(db, ).
+*/
+static int sqlite3LoadExtension(
+  sqlite3 *db,          /* Load the extension into this database connection */
+  const char *zFile,    /* Name of the shared library containing extension */
+  const char *zProc,    /* Entry point.  Use "sqlite3_extension_init" if 0 */
+  char **pzErrMsg       /* Put error message here if not 0 */
+){
+  sqlite3_vfs *pVfs = db->pVfs;
+  void *handle;
+  int (*xInit)(sqlite3*,char**,const sqlite3_api_routines*);
+  char *zErrmsg = 0;
+  const char *zEntry;
+  char *zAltEntry = 0;
+  void **aHandle;
+  u64 nMsg = 300 + sqlite3Strlen30(zFile);
+  int ii;
+
+  /* Shared library endings to try if zFile cannot be loaded as written */
+  static const char *azEndings[] = {
+#if SQLITE_OS_WIN
+     "dll"   
+#elif defined(__APPLE__)
+     "dylib"
+#else
+     "so"
+#endif
+  };
+
+
+  if( pzErrMsg ) *pzErrMsg = 0;
+
+  /* Ticket #1863.  To avoid a creating security problems for older
+  ** applications that relink against newer versions of SQLite, the
+  ** ability to run load_extension is turned off by default.  One
+  ** must call sqlite3_enable_load_extension() to turn on extension
+  ** loading.  Otherwise you get the following error.
+  */
+  if( (db->flags & SQLITE_LoadExtension)==0 ){
+    if( pzErrMsg ){
+      *pzErrMsg = sqlite3_mprintf("not authorized");
+    }
+    return SQLITE_ERROR;
+  }
+
+  zEntry = zProc ? zProc : "sqlite3_extension_init";
+
+  handle = sqlite3OsDlOpen(pVfs, zFile);
+#if SQLITE_OS_UNIX || SQLITE_OS_WIN
+  for(ii=0; ii<ArraySize(azEndings) && handle==0; ii++){
+    char *zAltFile = sqlite3_mprintf("%s.%s", zFile, azEndings[ii]);
+    if( zAltFile==0 ) return SQLITE_NOMEM;
+    handle = sqlite3OsDlOpen(pVfs, zAltFile);
+    sqlite3_free(zAltFile);
+  }
+#endif
+  if( handle==0 ){
+    if( pzErrMsg ){
+      *pzErrMsg = zErrmsg = sqlite3_malloc64(nMsg);
+      if( zErrmsg ){
+        sqlite3_snprintf(nMsg, zErrmsg, 
+            "unable to open shared library [%s]", zFile);
+        sqlite3OsDlError(pVfs, nMsg-1, zErrmsg);
+      }
+    }
+    return SQLITE_ERROR;
+  }
+  xInit = (int(*)(sqlite3*,char**,const sqlite3_api_routines*))
+                   sqlite3OsDlSym(pVfs, handle, zEntry);
+
+  /* If no entry point was specified and the default legacy
+  ** entry point name "sqlite3_extension_init" was not found, then
+  ** construct an entry point name "sqlite3_X_init" where the X is
+  ** replaced by the lowercase value of every ASCII alphabetic 
+  ** character in the filename after the last "/" upto the first ".",
+  ** and eliding the first three characters if they are "lib".  
+  ** Examples:
+  **
+  **    /usr/local/lib/libExample5.4.3.so ==>  sqlite3_example_init
+  **    C:/lib/mathfuncs.dll              ==>  sqlite3_mathfuncs_init
+  */
+  if( xInit==0 && zProc==0 ){
+    int iFile, iEntry, c;
+    int ncFile = sqlite3Strlen30(zFile);
+    zAltEntry = sqlite3_malloc64(ncFile+30);
+    if( zAltEntry==0 ){
+      sqlite3OsDlClose(pVfs, handle);
+      return SQLITE_NOMEM;
+    }
+    memcpy(zAltEntry, "sqlite3_", 8);
+    for(iFile=ncFile-1; iFile>=0 && zFile[iFile]!='/'; iFile--){}
+    iFile++;
+    if( sqlite3_strnicmp(zFile+iFile, "lib", 3)==0 ) iFile += 3;
+    for(iEntry=8; (c = zFile[iFile])!=0 && c!='.'; iFile++){
+      if( sqlite3Isalpha(c) ){
+        zAltEntry[iEntry++] = (char)sqlite3UpperToLower[(unsigned)c];
+      }
+    }
+    memcpy(zAltEntry+iEntry, "_init", 6);
+    zEntry = zAltEntry;
+    xInit = (int(*)(sqlite3*,char**,const sqlite3_api_routines*))
+                     sqlite3OsDlSym(pVfs, handle, zEntry);
+  }
+  if( xInit==0 ){
+    if( pzErrMsg ){
+      nMsg += sqlite3Strlen30(zEntry);
+      *pzErrMsg = zErrmsg = sqlite3_malloc64(nMsg);
+      if( zErrmsg ){
+        sqlite3_snprintf(nMsg, zErrmsg,
+            "no entry point [%s] in shared library [%s]", zEntry, zFile);
+        sqlite3OsDlError(pVfs, nMsg-1, zErrmsg);
+      }
+    }
+    sqlite3OsDlClose(pVfs, handle);
+    sqlite3_free(zAltEntry);
+    return SQLITE_ERROR;
+  }
+  sqlite3_free(zAltEntry);
+  if( xInit(db, &zErrmsg, &sqlite3Apis) ){
+    if( pzErrMsg ){
+      *pzErrMsg = sqlite3_mprintf("error during initialization: %s", zErrmsg);
+    }
+    sqlite3_free(zErrmsg);
+    sqlite3OsDlClose(pVfs, handle);
+    return SQLITE_ERROR;
+  }
+
+  /* Append the new shared library handle to the db->aExtension array. */
+  aHandle = sqlite3DbMallocZero(db, sizeof(handle)*(db->nExtension+1));
+  if( aHandle==0 ){
+    return SQLITE_NOMEM;
+  }
+  if( db->nExtension>0 ){
+    memcpy(aHandle, db->aExtension, sizeof(handle)*db->nExtension);
+  }
+  sqlite3DbFree(db, db->aExtension);
+  db->aExtension = aHandle;
+
+  db->aExtension[db->nExtension++] = handle;
+  return SQLITE_OK;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_load_extension(
+  sqlite3 *db,          /* Load the extension into this database connection */
+  const char *zFile,    /* Name of the shared library containing extension */
+  const char *zProc,    /* Entry point.  Use "sqlite3_extension_init" if 0 */
+  char **pzErrMsg       /* Put error message here if not 0 */
+){
+  int rc;
+  sqlite3_mutex_enter(db->mutex);
+  rc = sqlite3LoadExtension(db, zFile, zProc, pzErrMsg);
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** Call this routine when the database connection is closing in order
+** to clean up loaded extensions
+*/
+SQLITE_PRIVATE void sqlite3CloseExtensions(sqlite3 *db){
+  int i;
+  assert( sqlite3_mutex_held(db->mutex) );
+  for(i=0; i<db->nExtension; i++){
+    sqlite3OsDlClose(db->pVfs, db->aExtension[i]);
+  }
+  sqlite3DbFree(db, db->aExtension);
+}
+
+/*
+** Enable or disable extension loading.  Extension loading is disabled by
+** default so as not to open security holes in older applications.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_enable_load_extension(sqlite3 *db, int onoff){
+  sqlite3_mutex_enter(db->mutex);
+  if( onoff ){
+    db->flags |= SQLITE_LoadExtension;
+  }else{
+    db->flags &= ~SQLITE_LoadExtension;
+  }
+  sqlite3_mutex_leave(db->mutex);
+  return SQLITE_OK;
+}
+
+#endif /* SQLITE_OMIT_LOAD_EXTENSION */
+
+/*
+** The auto-extension code added regardless of whether or not extension
+** loading is supported.  We need a dummy sqlite3Apis pointer for that
+** code if regular extension loading is not available.  This is that
+** dummy pointer.
+*/
+#ifdef SQLITE_OMIT_LOAD_EXTENSION
+static const sqlite3_api_routines sqlite3Apis = { 0 };
+#endif
+
+
+/*
+** The following object holds the list of automatically loaded
+** extensions.
+**
+** This list is shared across threads.  The SQLITE_MUTEX_STATIC_MASTER
+** mutex must be held while accessing this list.
+*/
+typedef struct sqlite3AutoExtList sqlite3AutoExtList;
+static SQLITE_WSD struct sqlite3AutoExtList {
+  u32 nExt;              /* Number of entries in aExt[] */          
+  void (**aExt)(void);   /* Pointers to the extension init functions */
+} sqlite3Autoext = { 0, 0 };
+
+/* The "wsdAutoext" macro will resolve to the autoextension
+** state vector.  If writable static data is unsupported on the target,
+** we have to locate the state vector at run-time.  In the more common
+** case where writable static data is supported, wsdStat can refer directly
+** to the "sqlite3Autoext" state vector declared above.
+*/
+#ifdef SQLITE_OMIT_WSD
+# define wsdAutoextInit \
+  sqlite3AutoExtList *x = &GLOBAL(sqlite3AutoExtList,sqlite3Autoext)
+# define wsdAutoext x[0]
+#else
+# define wsdAutoextInit
+# define wsdAutoext sqlite3Autoext
+#endif
+
+
+/*
+** Register a statically linked extension that is automatically
+** loaded by every new database connection.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_auto_extension(void (*xInit)(void)){
+  int rc = SQLITE_OK;
+#ifndef SQLITE_OMIT_AUTOINIT
+  rc = sqlite3_initialize();
+  if( rc ){
+    return rc;
+  }else
+#endif
+  {
+    u32 i;
+#if SQLITE_THREADSAFE
+    sqlite3_mutex *mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+#endif
+    wsdAutoextInit;
+    sqlite3_mutex_enter(mutex);
+    for(i=0; i<wsdAutoext.nExt; i++){
+      if( wsdAutoext.aExt[i]==xInit ) break;
+    }
+    if( i==wsdAutoext.nExt ){
+      u64 nByte = (wsdAutoext.nExt+1)*sizeof(wsdAutoext.aExt[0]);
+      void (**aNew)(void);
+      aNew = sqlite3_realloc64(wsdAutoext.aExt, nByte);
+      if( aNew==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        wsdAutoext.aExt = aNew;
+        wsdAutoext.aExt[wsdAutoext.nExt] = xInit;
+        wsdAutoext.nExt++;
+      }
+    }
+    sqlite3_mutex_leave(mutex);
+    assert( (rc&0xff)==rc );
+    return rc;
+  }
+}
+
+/*
+** Cancel a prior call to sqlite3_auto_extension.  Remove xInit from the
+** set of routines that is invoked for each new database connection, if it
+** is currently on the list.  If xInit is not on the list, then this
+** routine is a no-op.
+**
+** Return 1 if xInit was found on the list and removed.  Return 0 if xInit
+** was not on the list.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_cancel_auto_extension(void (*xInit)(void)){
+#if SQLITE_THREADSAFE
+  sqlite3_mutex *mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+#endif
+  int i;
+  int n = 0;
+  wsdAutoextInit;
+  sqlite3_mutex_enter(mutex);
+  for(i=(int)wsdAutoext.nExt-1; i>=0; i--){
+    if( wsdAutoext.aExt[i]==xInit ){
+      wsdAutoext.nExt--;
+      wsdAutoext.aExt[i] = wsdAutoext.aExt[wsdAutoext.nExt];
+      n++;
+      break;
+    }
+  }
+  sqlite3_mutex_leave(mutex);
+  return n;
+}
+
+/*
+** Reset the automatic extension loading mechanism.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_reset_auto_extension(void){
+#ifndef SQLITE_OMIT_AUTOINIT
+  if( sqlite3_initialize()==SQLITE_OK )
+#endif
+  {
+#if SQLITE_THREADSAFE
+    sqlite3_mutex *mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+#endif
+    wsdAutoextInit;
+    sqlite3_mutex_enter(mutex);
+    sqlite3_free(wsdAutoext.aExt);
+    wsdAutoext.aExt = 0;
+    wsdAutoext.nExt = 0;
+    sqlite3_mutex_leave(mutex);
+  }
+}
+
+/*
+** Load all automatic extensions.
+**
+** If anything goes wrong, set an error in the database connection.
+*/
+SQLITE_PRIVATE void sqlite3AutoLoadExtensions(sqlite3 *db){
+  u32 i;
+  int go = 1;
+  int rc;
+  int (*xInit)(sqlite3*,char**,const sqlite3_api_routines*);
+
+  wsdAutoextInit;
+  if( wsdAutoext.nExt==0 ){
+    /* Common case: early out without every having to acquire a mutex */
+    return;
+  }
+  for(i=0; go; i++){
+    char *zErrmsg;
+#if SQLITE_THREADSAFE
+    sqlite3_mutex *mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
+#endif
+    sqlite3_mutex_enter(mutex);
+    if( i>=wsdAutoext.nExt ){
+      xInit = 0;
+      go = 0;
+    }else{
+      xInit = (int(*)(sqlite3*,char**,const sqlite3_api_routines*))
+              wsdAutoext.aExt[i];
+    }
+    sqlite3_mutex_leave(mutex);
+    zErrmsg = 0;
+    if( xInit && (rc = xInit(db, &zErrmsg, &sqlite3Apis))!=0 ){
+      sqlite3ErrorWithMsg(db, rc,
+            "automatic extension loading failed: %s", zErrmsg);
+      go = 0;
+    }
+    sqlite3_free(zErrmsg);
+  }
+}
+
+/************** End of loadext.c *********************************************/
+/************** Begin file pragma.c ******************************************/
+/*
+** 2003 April 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used to implement the PRAGMA command.
+*/
+/* #include "sqliteInt.h" */
+
+#if !defined(SQLITE_ENABLE_LOCKING_STYLE)
+#  if defined(__APPLE__)
+#    define SQLITE_ENABLE_LOCKING_STYLE 1
+#  else
+#    define SQLITE_ENABLE_LOCKING_STYLE 0
+#  endif
+#endif
+
+/***************************************************************************
+** The "pragma.h" include file is an automatically generated file that
+** that includes the PragType_XXXX macro definitions and the aPragmaName[]
+** object.  This ensures that the aPragmaName[] table is arranged in
+** lexicographical order to facility a binary search of the pragma name.
+** Do not edit pragma.h directly.  Edit and rerun the script in at 
+** ../tool/mkpragmatab.tcl. */
+/************** Include pragma.h in the middle of pragma.c *******************/
+/************** Begin file pragma.h ******************************************/
+/* DO NOT EDIT!
+** This file is automatically generated by the script at
+** ../tool/mkpragmatab.tcl.  To update the set of pragmas, edit
+** that script and rerun it.
+*/
+#define PragTyp_HEADER_VALUE                   0
+#define PragTyp_AUTO_VACUUM                    1
+#define PragTyp_FLAG                           2
+#define PragTyp_BUSY_TIMEOUT                   3
+#define PragTyp_CACHE_SIZE                     4
+#define PragTyp_CACHE_SPILL                    5
+#define PragTyp_CASE_SENSITIVE_LIKE            6
+#define PragTyp_COLLATION_LIST                 7
+#define PragTyp_COMPILE_OPTIONS                8
+#define PragTyp_DATA_STORE_DIRECTORY           9
+#define PragTyp_DATABASE_LIST                 10
+#define PragTyp_DEFAULT_CACHE_SIZE            11
+#define PragTyp_ENCODING                      12
+#define PragTyp_FOREIGN_KEY_CHECK             13
+#define PragTyp_FOREIGN_KEY_LIST              14
+#define PragTyp_INCREMENTAL_VACUUM            15
+#define PragTyp_INDEX_INFO                    16
+#define PragTyp_INDEX_LIST                    17
+#define PragTyp_INTEGRITY_CHECK               18
+#define PragTyp_JOURNAL_MODE                  19
+#define PragTyp_JOURNAL_SIZE_LIMIT            20
+#define PragTyp_LOCK_PROXY_FILE               21
+#define PragTyp_LOCKING_MODE                  22
+#define PragTyp_PAGE_COUNT                    23
+#define PragTyp_MMAP_SIZE                     24
+#define PragTyp_PAGE_SIZE                     25
+#define PragTyp_SECURE_DELETE                 26
+#define PragTyp_SHRINK_MEMORY                 27
+#define PragTyp_SOFT_HEAP_LIMIT               28
+#define PragTyp_STATS                         29
+#define PragTyp_SYNCHRONOUS                   30
+#define PragTyp_TABLE_INFO                    31
+#define PragTyp_TEMP_STORE                    32
+#define PragTyp_TEMP_STORE_DIRECTORY          33
+#define PragTyp_THREADS                       34
+#define PragTyp_WAL_AUTOCHECKPOINT            35
+#define PragTyp_WAL_CHECKPOINT                36
+#define PragTyp_ACTIVATE_EXTENSIONS           37
+#define PragTyp_HEXKEY                        38
+#define PragTyp_KEY                           39
+#define PragTyp_REKEY                         40
+#define PragTyp_LOCK_STATUS                   41
+#define PragTyp_PARSER_TRACE                  42
+#define PragFlag_NeedSchema           0x01
+#define PragFlag_ReadOnly             0x02
+static const struct sPragmaNames {
+  const char *const zName;  /* Name of pragma */
+  u8 ePragTyp;              /* PragTyp_XXX value */
+  u8 mPragFlag;             /* Zero or more PragFlag_XXX values */
+  u32 iArg;                 /* Extra argument */
+} aPragmaNames[] = {
+#if defined(SQLITE_HAS_CODEC) || defined(SQLITE_ENABLE_CEROD)
+  { /* zName:     */ "activate_extensions",
+    /* ePragTyp:  */ PragTyp_ACTIVATE_EXTENSIONS,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS)
+  { /* zName:     */ "application_id",
+    /* ePragTyp:  */ PragTyp_HEADER_VALUE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ BTREE_APPLICATION_ID },
+#endif
+#if !defined(SQLITE_OMIT_AUTOVACUUM)
+  { /* zName:     */ "auto_vacuum",
+    /* ePragTyp:  */ PragTyp_AUTO_VACUUM,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+#if !defined(SQLITE_OMIT_AUTOMATIC_INDEX)
+  { /* zName:     */ "automatic_index",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_AutoIndex },
+#endif
+#endif
+  { /* zName:     */ "busy_timeout",
+    /* ePragTyp:  */ PragTyp_BUSY_TIMEOUT,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
+  { /* zName:     */ "cache_size",
+    /* ePragTyp:  */ PragTyp_CACHE_SIZE,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "cache_spill",
+    /* ePragTyp:  */ PragTyp_CACHE_SPILL,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+  { /* zName:     */ "case_sensitive_like",
+    /* ePragTyp:  */ PragTyp_CASE_SENSITIVE_LIKE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "cell_size_check",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_CellSizeCk },
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "checkpoint_fullfsync",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_CkptFullFSync },
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_PRAGMAS)
+  { /* zName:     */ "collation_list",
+    /* ePragTyp:  */ PragTyp_COLLATION_LIST,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_COMPILEOPTION_DIAGS)
+  { /* zName:     */ "compile_options",
+    /* ePragTyp:  */ PragTyp_COMPILE_OPTIONS,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "count_changes",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_CountRows },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS) && SQLITE_OS_WIN
+  { /* zName:     */ "data_store_directory",
+    /* ePragTyp:  */ PragTyp_DATA_STORE_DIRECTORY,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS)
+  { /* zName:     */ "data_version",
+    /* ePragTyp:  */ PragTyp_HEADER_VALUE,
+    /* ePragFlag: */ PragFlag_ReadOnly,
+    /* iArg:      */ BTREE_DATA_VERSION },
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_PRAGMAS)
+  { /* zName:     */ "database_list",
+    /* ePragTyp:  */ PragTyp_DATABASE_LIST,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS) && !defined(SQLITE_OMIT_DEPRECATED)
+  { /* zName:     */ "default_cache_size",
+    /* ePragTyp:  */ PragTyp_DEFAULT_CACHE_SIZE,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+#if !defined(SQLITE_OMIT_FOREIGN_KEY) && !defined(SQLITE_OMIT_TRIGGER)
+  { /* zName:     */ "defer_foreign_keys",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_DeferFKs },
+#endif
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "empty_result_callbacks",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_NullCallback },
+#endif
+#if !defined(SQLITE_OMIT_UTF16)
+  { /* zName:     */ "encoding",
+    /* ePragTyp:  */ PragTyp_ENCODING,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FOREIGN_KEY) && !defined(SQLITE_OMIT_TRIGGER)
+  { /* zName:     */ "foreign_key_check",
+    /* ePragTyp:  */ PragTyp_FOREIGN_KEY_CHECK,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FOREIGN_KEY)
+  { /* zName:     */ "foreign_key_list",
+    /* ePragTyp:  */ PragTyp_FOREIGN_KEY_LIST,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+#if !defined(SQLITE_OMIT_FOREIGN_KEY) && !defined(SQLITE_OMIT_TRIGGER)
+  { /* zName:     */ "foreign_keys",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_ForeignKeys },
+#endif
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS)
+  { /* zName:     */ "freelist_count",
+    /* ePragTyp:  */ PragTyp_HEADER_VALUE,
+    /* ePragFlag: */ PragFlag_ReadOnly,
+    /* iArg:      */ BTREE_FREE_PAGE_COUNT },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "full_column_names",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_FullColNames },
+  { /* zName:     */ "fullfsync",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_FullFSync },
+#endif
+#if defined(SQLITE_HAS_CODEC)
+  { /* zName:     */ "hexkey",
+    /* ePragTyp:  */ PragTyp_HEXKEY,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "hexrekey",
+    /* ePragTyp:  */ PragTyp_HEXKEY,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+#if !defined(SQLITE_OMIT_CHECK)
+  { /* zName:     */ "ignore_check_constraints",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_IgnoreChecks },
+#endif
+#endif
+#if !defined(SQLITE_OMIT_AUTOVACUUM)
+  { /* zName:     */ "incremental_vacuum",
+    /* ePragTyp:  */ PragTyp_INCREMENTAL_VACUUM,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_PRAGMAS)
+  { /* zName:     */ "index_info",
+    /* ePragTyp:  */ PragTyp_INDEX_INFO,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "index_list",
+    /* ePragTyp:  */ PragTyp_INDEX_LIST,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "index_xinfo",
+    /* ePragTyp:  */ PragTyp_INDEX_INFO,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 1 },
+#endif
+#if !defined(SQLITE_OMIT_INTEGRITY_CHECK)
+  { /* zName:     */ "integrity_check",
+    /* ePragTyp:  */ PragTyp_INTEGRITY_CHECK,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
+  { /* zName:     */ "journal_mode",
+    /* ePragTyp:  */ PragTyp_JOURNAL_MODE,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "journal_size_limit",
+    /* ePragTyp:  */ PragTyp_JOURNAL_SIZE_LIMIT,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if defined(SQLITE_HAS_CODEC)
+  { /* zName:     */ "key",
+    /* ePragTyp:  */ PragTyp_KEY,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "legacy_file_format",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_LegacyFileFmt },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS) && SQLITE_ENABLE_LOCKING_STYLE
+  { /* zName:     */ "lock_proxy_file",
+    /* ePragTyp:  */ PragTyp_LOCK_PROXY_FILE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
+  { /* zName:     */ "lock_status",
+    /* ePragTyp:  */ PragTyp_LOCK_STATUS,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
+  { /* zName:     */ "locking_mode",
+    /* ePragTyp:  */ PragTyp_LOCKING_MODE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "max_page_count",
+    /* ePragTyp:  */ PragTyp_PAGE_COUNT,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "mmap_size",
+    /* ePragTyp:  */ PragTyp_MMAP_SIZE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "page_count",
+    /* ePragTyp:  */ PragTyp_PAGE_COUNT,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "page_size",
+    /* ePragTyp:  */ PragTyp_PAGE_SIZE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if defined(SQLITE_DEBUG) && !defined(SQLITE_OMIT_PARSER_TRACE)
+  { /* zName:     */ "parser_trace",
+    /* ePragTyp:  */ PragTyp_PARSER_TRACE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "query_only",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_QueryOnly },
+#endif
+#if !defined(SQLITE_OMIT_INTEGRITY_CHECK)
+  { /* zName:     */ "quick_check",
+    /* ePragTyp:  */ PragTyp_INTEGRITY_CHECK,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "read_uncommitted",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_ReadUncommitted },
+  { /* zName:     */ "recursive_triggers",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_RecTriggers },
+#endif
+#if defined(SQLITE_HAS_CODEC)
+  { /* zName:     */ "rekey",
+    /* ePragTyp:  */ PragTyp_REKEY,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "reverse_unordered_selects",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_ReverseOrder },
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS)
+  { /* zName:     */ "schema_version",
+    /* ePragTyp:  */ PragTyp_HEADER_VALUE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ BTREE_SCHEMA_VERSION },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
+  { /* zName:     */ "secure_delete",
+    /* ePragTyp:  */ PragTyp_SECURE_DELETE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "short_column_names",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_ShortColNames },
+#endif
+  { /* zName:     */ "shrink_memory",
+    /* ePragTyp:  */ PragTyp_SHRINK_MEMORY,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "soft_heap_limit",
+    /* ePragTyp:  */ PragTyp_SOFT_HEAP_LIMIT,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+#if defined(SQLITE_DEBUG)
+  { /* zName:     */ "sql_trace",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_SqlTrace },
+#endif
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_PRAGMAS)
+  { /* zName:     */ "stats",
+    /* ePragTyp:  */ PragTyp_STATS,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
+  { /* zName:     */ "synchronous",
+    /* ePragTyp:  */ PragTyp_SYNCHRONOUS,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_SCHEMA_PRAGMAS)
+  { /* zName:     */ "table_info",
+    /* ePragTyp:  */ PragTyp_TABLE_INFO,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
+  { /* zName:     */ "temp_store",
+    /* ePragTyp:  */ PragTyp_TEMP_STORE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "temp_store_directory",
+    /* ePragTyp:  */ PragTyp_TEMP_STORE_DIRECTORY,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#endif
+  { /* zName:     */ "threads",
+    /* ePragTyp:  */ PragTyp_THREADS,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+#if !defined(SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS)
+  { /* zName:     */ "user_version",
+    /* ePragTyp:  */ PragTyp_HEADER_VALUE,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ BTREE_USER_VERSION },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+#if defined(SQLITE_DEBUG)
+  { /* zName:     */ "vdbe_addoptrace",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_VdbeAddopTrace },
+  { /* zName:     */ "vdbe_debug",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_SqlTrace|SQLITE_VdbeListing|SQLITE_VdbeTrace },
+  { /* zName:     */ "vdbe_eqp",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_VdbeEQP },
+  { /* zName:     */ "vdbe_listing",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_VdbeListing },
+  { /* zName:     */ "vdbe_trace",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_VdbeTrace },
+#endif
+#endif
+#if !defined(SQLITE_OMIT_WAL)
+  { /* zName:     */ "wal_autocheckpoint",
+    /* ePragTyp:  */ PragTyp_WAL_AUTOCHECKPOINT,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ 0 },
+  { /* zName:     */ "wal_checkpoint",
+    /* ePragTyp:  */ PragTyp_WAL_CHECKPOINT,
+    /* ePragFlag: */ PragFlag_NeedSchema,
+    /* iArg:      */ 0 },
+#endif
+#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
+  { /* zName:     */ "writable_schema",
+    /* ePragTyp:  */ PragTyp_FLAG,
+    /* ePragFlag: */ 0,
+    /* iArg:      */ SQLITE_WriteSchema|SQLITE_RecoveryMode },
+#endif
+};
+/* Number of pragmas: 60 on by default, 73 total. */
+
+/************** End of pragma.h **********************************************/
+/************** Continuing where we left off in pragma.c *********************/
+
+/*
+** Interpret the given string as a safety level.  Return 0 for OFF,
+** 1 for ON or NORMAL and 2 for FULL.  Return 1 for an empty or 
+** unrecognized string argument.  The FULL option is disallowed
+** if the omitFull parameter it 1.
+**
+** Note that the values returned are one less that the values that
+** should be passed into sqlite3BtreeSetSafetyLevel().  The is done
+** to support legacy SQL code.  The safety level used to be boolean
+** and older scripts may have used numbers 0 for OFF and 1 for ON.
+*/
+static u8 getSafetyLevel(const char *z, int omitFull, u8 dflt){
+                             /* 123456789 123456789 */
+  static const char zText[] = "onoffalseyestruefull";
+  static const u8 iOffset[] = {0, 1, 2, 4, 9, 12, 16};
+  static const u8 iLength[] = {2, 2, 3, 5, 3, 4, 4};
+  static const u8 iValue[] =  {1, 0, 0, 0, 1, 1, 2};
+  int i, n;
+  if( sqlite3Isdigit(*z) ){
+    return (u8)sqlite3Atoi(z);
+  }
+  n = sqlite3Strlen30(z);
+  for(i=0; i<ArraySize(iLength)-omitFull; i++){
+    if( iLength[i]==n && sqlite3StrNICmp(&zText[iOffset[i]],z,n)==0 ){
+      return iValue[i];
+    }
+  }
+  return dflt;
+}
+
+/*
+** Interpret the given string as a boolean value.
+*/
+SQLITE_PRIVATE u8 sqlite3GetBoolean(const char *z, u8 dflt){
+  return getSafetyLevel(z,1,dflt)!=0;
+}
+
+/* The sqlite3GetBoolean() function is used by other modules but the
+** remainder of this file is specific to PRAGMA processing.  So omit
+** the rest of the file if PRAGMAs are omitted from the build.
+*/
+#if !defined(SQLITE_OMIT_PRAGMA)
+
+/*
+** Interpret the given string as a locking mode value.
+*/
+static int getLockingMode(const char *z){
+  if( z ){
+    if( 0==sqlite3StrICmp(z, "exclusive") ) return PAGER_LOCKINGMODE_EXCLUSIVE;
+    if( 0==sqlite3StrICmp(z, "normal") ) return PAGER_LOCKINGMODE_NORMAL;
+  }
+  return PAGER_LOCKINGMODE_QUERY;
+}
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+/*
+** Interpret the given string as an auto-vacuum mode value.
+**
+** The following strings, "none", "full" and "incremental" are 
+** acceptable, as are their numeric equivalents: 0, 1 and 2 respectively.
+*/
+static int getAutoVacuum(const char *z){
+  int i;
+  if( 0==sqlite3StrICmp(z, "none") ) return BTREE_AUTOVACUUM_NONE;
+  if( 0==sqlite3StrICmp(z, "full") ) return BTREE_AUTOVACUUM_FULL;
+  if( 0==sqlite3StrICmp(z, "incremental") ) return BTREE_AUTOVACUUM_INCR;
+  i = sqlite3Atoi(z);
+  return (u8)((i>=0&&i<=2)?i:0);
+}
+#endif /* ifndef SQLITE_OMIT_AUTOVACUUM */
+
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+/*
+** Interpret the given string as a temp db location. Return 1 for file
+** backed temporary databases, 2 for the Red-Black tree in memory database
+** and 0 to use the compile-time default.
+*/
+static int getTempStore(const char *z){
+  if( z[0]>='0' && z[0]<='2' ){
+    return z[0] - '0';
+  }else if( sqlite3StrICmp(z, "file")==0 ){
+    return 1;
+  }else if( sqlite3StrICmp(z, "memory")==0 ){
+    return 2;
+  }else{
+    return 0;
+  }
+}
+#endif /* SQLITE_PAGER_PRAGMAS */
+
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+/*
+** Invalidate temp storage, either when the temp storage is changed
+** from default, or when 'file' and the temp_store_directory has changed
+*/
+static int invalidateTempStorage(Parse *pParse){
+  sqlite3 *db = pParse->db;
+  if( db->aDb[1].pBt!=0 ){
+    if( !db->autoCommit || sqlite3BtreeIsInReadTrans(db->aDb[1].pBt) ){
+      sqlite3ErrorMsg(pParse, "temporary storage cannot be changed "
+        "from within a transaction");
+      return SQLITE_ERROR;
+    }
+    sqlite3BtreeClose(db->aDb[1].pBt);
+    db->aDb[1].pBt = 0;
+    sqlite3ResetAllSchemasOfConnection(db);
+  }
+  return SQLITE_OK;
+}
+#endif /* SQLITE_PAGER_PRAGMAS */
+
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+/*
+** If the TEMP database is open, close it and mark the database schema
+** as needing reloading.  This must be done when using the SQLITE_TEMP_STORE
+** or DEFAULT_TEMP_STORE pragmas.
+*/
+static int changeTempStorage(Parse *pParse, const char *zStorageType){
+  int ts = getTempStore(zStorageType);
+  sqlite3 *db = pParse->db;
+  if( db->temp_store==ts ) return SQLITE_OK;
+  if( invalidateTempStorage( pParse ) != SQLITE_OK ){
+    return SQLITE_ERROR;
+  }
+  db->temp_store = (u8)ts;
+  return SQLITE_OK;
+}
+#endif /* SQLITE_PAGER_PRAGMAS */
+
+/*
+** Set the names of the first N columns to the values in azCol[]
+*/
+static void setAllColumnNames(
+  Vdbe *v,               /* The query under construction */
+  int N,                 /* Number of columns */
+  const char **azCol     /* Names of columns */
+){
+  int i;
+  sqlite3VdbeSetNumCols(v, N);
+  for(i=0; i<N; i++){
+    sqlite3VdbeSetColName(v, i, COLNAME_NAME, azCol[i], SQLITE_STATIC);
+  }
+}
+static void setOneColumnName(Vdbe *v, const char *z){
+  setAllColumnNames(v, 1, &z);
+}
+
+/*
+** Generate code to return a single integer value.
+*/
+static void returnSingleInt(Vdbe *v, const char *zLabel, i64 value){
+  sqlite3VdbeAddOp4Dup8(v, OP_Int64, 0, 1, 0, (const u8*)&value, P4_INT64);
+  setOneColumnName(v, zLabel);
+  sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
+}
+
+/*
+** Generate code to return a single text value.
+*/
+static void returnSingleText(
+  Vdbe *v,                /* Prepared statement under construction */
+  const char *zLabel,     /* Name of the result column */
+  const char *zValue      /* Value to be returned */
+){
+  if( zValue ){
+    sqlite3VdbeLoadString(v, 1, (const char*)zValue);
+    setOneColumnName(v, zLabel);
+    sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
+  }
+}
+
+
+/*
+** Set the safety_level and pager flags for pager iDb.  Or if iDb<0
+** set these values for all pagers.
+*/
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+static void setAllPagerFlags(sqlite3 *db){
+  if( db->autoCommit ){
+    Db *pDb = db->aDb;
+    int n = db->nDb;
+    assert( SQLITE_FullFSync==PAGER_FULLFSYNC );
+    assert( SQLITE_CkptFullFSync==PAGER_CKPT_FULLFSYNC );
+    assert( SQLITE_CacheSpill==PAGER_CACHESPILL );
+    assert( (PAGER_FULLFSYNC | PAGER_CKPT_FULLFSYNC | PAGER_CACHESPILL)
+             ==  PAGER_FLAGS_MASK );
+    assert( (pDb->safety_level & PAGER_SYNCHRONOUS_MASK)==pDb->safety_level );
+    while( (n--) > 0 ){
+      if( pDb->pBt ){
+        sqlite3BtreeSetPagerFlags(pDb->pBt,
+                 pDb->safety_level | (db->flags & PAGER_FLAGS_MASK) );
+      }
+      pDb++;
+    }
+  }
+}
+#else
+# define setAllPagerFlags(X)  /* no-op */
+#endif
+
+
+/*
+** Return a human-readable name for a constraint resolution action.
+*/
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+static const char *actionName(u8 action){
+  const char *zName;
+  switch( action ){
+    case OE_SetNull:  zName = "SET NULL";        break;
+    case OE_SetDflt:  zName = "SET DEFAULT";     break;
+    case OE_Cascade:  zName = "CASCADE";         break;
+    case OE_Restrict: zName = "RESTRICT";        break;
+    default:          zName = "NO ACTION";  
+                      assert( action==OE_None ); break;
+  }
+  return zName;
+}
+#endif
+
+
+/*
+** Parameter eMode must be one of the PAGER_JOURNALMODE_XXX constants
+** defined in pager.h. This function returns the associated lowercase
+** journal-mode name.
+*/
+SQLITE_PRIVATE const char *sqlite3JournalModename(int eMode){
+  static char * const azModeName[] = {
+    "delete", "persist", "off", "truncate", "memory"
+#ifndef SQLITE_OMIT_WAL
+     , "wal"
+#endif
+  };
+  assert( PAGER_JOURNALMODE_DELETE==0 );
+  assert( PAGER_JOURNALMODE_PERSIST==1 );
+  assert( PAGER_JOURNALMODE_OFF==2 );
+  assert( PAGER_JOURNALMODE_TRUNCATE==3 );
+  assert( PAGER_JOURNALMODE_MEMORY==4 );
+  assert( PAGER_JOURNALMODE_WAL==5 );
+  assert( eMode>=0 && eMode<=ArraySize(azModeName) );
+
+  if( eMode==ArraySize(azModeName) ) return 0;
+  return azModeName[eMode];
+}
+
+/*
+** Process a pragma statement.  
+**
+** Pragmas are of this form:
+**
+**      PRAGMA [schema.]id [= value]
+**
+** The identifier might also be a string.  The value is a string, and
+** identifier, or a number.  If minusFlag is true, then the value is
+** a number that was preceded by a minus sign.
+**
+** If the left side is "database.id" then pId1 is the database name
+** and pId2 is the id.  If the left side is just "id" then pId1 is the
+** id and pId2 is any empty string.
+*/
+SQLITE_PRIVATE void sqlite3Pragma(
+  Parse *pParse, 
+  Token *pId1,        /* First part of [schema.]id field */
+  Token *pId2,        /* Second part of [schema.]id field, or NULL */
+  Token *pValue,      /* Token for <value>, or NULL */
+  int minusFlag       /* True if a '-' sign preceded <value> */
+){
+  char *zLeft = 0;       /* Nul-terminated UTF-8 string <id> */
+  char *zRight = 0;      /* Nul-terminated UTF-8 string <value>, or NULL */
+  const char *zDb = 0;   /* The database name */
+  Token *pId;            /* Pointer to <id> token */
+  char *aFcntl[4];       /* Argument to SQLITE_FCNTL_PRAGMA */
+  int iDb;               /* Database index for <database> */
+  int lwr, upr, mid = 0;       /* Binary search bounds */
+  int rc;                      /* return value form SQLITE_FCNTL_PRAGMA */
+  sqlite3 *db = pParse->db;    /* The database connection */
+  Db *pDb;                     /* The specific database being pragmaed */
+  Vdbe *v = sqlite3GetVdbe(pParse);  /* Prepared statement */
+  const struct sPragmaNames *pPragma;
+
+  if( v==0 ) return;
+  sqlite3VdbeRunOnlyOnce(v);
+  pParse->nMem = 2;
+
+  /* Interpret the [schema.] part of the pragma statement. iDb is the
+  ** index of the database this pragma is being applied to in db.aDb[]. */
+  iDb = sqlite3TwoPartName(pParse, pId1, pId2, &pId);
+  if( iDb<0 ) return;
+  pDb = &db->aDb[iDb];
+
+  /* If the temp database has been explicitly named as part of the 
+  ** pragma, make sure it is open. 
+  */
+  if( iDb==1 && sqlite3OpenTempDatabase(pParse) ){
+    return;
+  }
+
+  zLeft = sqlite3NameFromToken(db, pId);
+  if( !zLeft ) return;
+  if( minusFlag ){
+    zRight = sqlite3MPrintf(db, "-%T", pValue);
+  }else{
+    zRight = sqlite3NameFromToken(db, pValue);
+  }
+
+  assert( pId2 );
+  zDb = pId2->n>0 ? pDb->zName : 0;
+  if( sqlite3AuthCheck(pParse, SQLITE_PRAGMA, zLeft, zRight, zDb) ){
+    goto pragma_out;
+  }
+
+  /* Send an SQLITE_FCNTL_PRAGMA file-control to the underlying VFS
+  ** connection.  If it returns SQLITE_OK, then assume that the VFS
+  ** handled the pragma and generate a no-op prepared statement.
+  **
+  ** IMPLEMENTATION-OF: R-12238-55120 Whenever a PRAGMA statement is parsed,
+  ** an SQLITE_FCNTL_PRAGMA file control is sent to the open sqlite3_file
+  ** object corresponding to the database file to which the pragma
+  ** statement refers.
+  **
+  ** IMPLEMENTATION-OF: R-29875-31678 The argument to the SQLITE_FCNTL_PRAGMA
+  ** file control is an array of pointers to strings (char**) in which the
+  ** second element of the array is the name of the pragma and the third
+  ** element is the argument to the pragma or NULL if the pragma has no
+  ** argument.
+  */
+  aFcntl[0] = 0;
+  aFcntl[1] = zLeft;
+  aFcntl[2] = zRight;
+  aFcntl[3] = 0;
+  db->busyHandler.nBusy = 0;
+  rc = sqlite3_file_control(db, zDb, SQLITE_FCNTL_PRAGMA, (void*)aFcntl);
+  if( rc==SQLITE_OK ){
+    returnSingleText(v, "result", aFcntl[0]);
+    sqlite3_free(aFcntl[0]);
+    goto pragma_out;
+  }
+  if( rc!=SQLITE_NOTFOUND ){
+    if( aFcntl[0] ){
+      sqlite3ErrorMsg(pParse, "%s", aFcntl[0]);
+      sqlite3_free(aFcntl[0]);
+    }
+    pParse->nErr++;
+    pParse->rc = rc;
+    goto pragma_out;
+  }
+
+  /* Locate the pragma in the lookup table */
+  lwr = 0;
+  upr = ArraySize(aPragmaNames)-1;
+  while( lwr<=upr ){
+    mid = (lwr+upr)/2;
+    rc = sqlite3_stricmp(zLeft, aPragmaNames[mid].zName);
+    if( rc==0 ) break;
+    if( rc<0 ){
+      upr = mid - 1;
+    }else{
+      lwr = mid + 1;
+    }
+  }
+  if( lwr>upr ) goto pragma_out;
+  pPragma = &aPragmaNames[mid];
+
+  /* Make sure the database schema is loaded if the pragma requires that */
+  if( (pPragma->mPragFlag & PragFlag_NeedSchema)!=0 ){
+    if( sqlite3ReadSchema(pParse) ) goto pragma_out;
+  }
+
+  /* Jump to the appropriate pragma handler */
+  switch( pPragma->ePragTyp ){
+  
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS) && !defined(SQLITE_OMIT_DEPRECATED)
+  /*
+  **  PRAGMA [schema.]default_cache_size
+  **  PRAGMA [schema.]default_cache_size=N
+  **
+  ** The first form reports the current persistent setting for the
+  ** page cache size.  The value returned is the maximum number of
+  ** pages in the page cache.  The second form sets both the current
+  ** page cache size value and the persistent page cache size value
+  ** stored in the database file.
+  **
+  ** Older versions of SQLite would set the default cache size to a
+  ** negative number to indicate synchronous=OFF.  These days, synchronous
+  ** is always on by default regardless of the sign of the default cache
+  ** size.  But continue to take the absolute value of the default cache
+  ** size of historical compatibility.
+  */
+  case PragTyp_DEFAULT_CACHE_SIZE: {
+    static const int iLn = VDBE_OFFSET_LINENO(2);
+    static const VdbeOpList getCacheSize[] = {
+      { OP_Transaction, 0, 0,        0},                         /* 0 */
+      { OP_ReadCookie,  0, 1,        BTREE_DEFAULT_CACHE_SIZE},  /* 1 */
+      { OP_IfPos,       1, 8,        0},
+      { OP_Integer,     0, 2,        0},
+      { OP_Subtract,    1, 2,        1},
+      { OP_IfPos,       1, 8,        0},
+      { OP_Integer,     0, 1,        0},                         /* 6 */
+      { OP_Noop,        0, 0,        0},
+      { OP_ResultRow,   1, 1,        0},
+    };
+    int addr;
+    sqlite3VdbeUsesBtree(v, iDb);
+    if( !zRight ){
+      setOneColumnName(v, "cache_size");
+      pParse->nMem += 2;
+      addr = sqlite3VdbeAddOpList(v, ArraySize(getCacheSize), getCacheSize,iLn);
+      sqlite3VdbeChangeP1(v, addr, iDb);
+      sqlite3VdbeChangeP1(v, addr+1, iDb);
+      sqlite3VdbeChangeP1(v, addr+6, SQLITE_DEFAULT_CACHE_SIZE);
+    }else{
+      int size = sqlite3AbsInt32(sqlite3Atoi(zRight));
+      sqlite3BeginWriteOperation(pParse, 0, iDb);
+      sqlite3VdbeAddOp2(v, OP_Integer, size, 1);
+      sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, BTREE_DEFAULT_CACHE_SIZE, 1);
+      assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+      pDb->pSchema->cache_size = size;
+      sqlite3BtreeSetCacheSize(pDb->pBt, pDb->pSchema->cache_size);
+    }
+    break;
+  }
+#endif /* !SQLITE_OMIT_PAGER_PRAGMAS && !SQLITE_OMIT_DEPRECATED */
+
+#if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
+  /*
+  **  PRAGMA [schema.]page_size
+  **  PRAGMA [schema.]page_size=N
+  **
+  ** The first form reports the current setting for the
+  ** database page size in bytes.  The second form sets the
+  ** database page size value.  The value can only be set if
+  ** the database has not yet been created.
+  */
+  case PragTyp_PAGE_SIZE: {
+    Btree *pBt = pDb->pBt;
+    assert( pBt!=0 );
+    if( !zRight ){
+      int size = ALWAYS(pBt) ? sqlite3BtreeGetPageSize(pBt) : 0;
+      returnSingleInt(v, "page_size", size);
+    }else{
+      /* Malloc may fail when setting the page-size, as there is an internal
+      ** buffer that the pager module resizes using sqlite3_realloc().
+      */
+      db->nextPagesize = sqlite3Atoi(zRight);
+      if( SQLITE_NOMEM==sqlite3BtreeSetPageSize(pBt, db->nextPagesize,-1,0) ){
+        db->mallocFailed = 1;
+      }
+    }
+    break;
+  }
+
+  /*
+  **  PRAGMA [schema.]secure_delete
+  **  PRAGMA [schema.]secure_delete=ON/OFF
+  **
+  ** The first form reports the current setting for the
+  ** secure_delete flag.  The second form changes the secure_delete
+  ** flag setting and reports thenew value.
+  */
+  case PragTyp_SECURE_DELETE: {
+    Btree *pBt = pDb->pBt;
+    int b = -1;
+    assert( pBt!=0 );
+    if( zRight ){
+      b = sqlite3GetBoolean(zRight, 0);
+    }
+    if( pId2->n==0 && b>=0 ){
+      int ii;
+      for(ii=0; ii<db->nDb; ii++){
+        sqlite3BtreeSecureDelete(db->aDb[ii].pBt, b);
+      }
+    }
+    b = sqlite3BtreeSecureDelete(pBt, b);
+    returnSingleInt(v, "secure_delete", b);
+    break;
+  }
+
+  /*
+  **  PRAGMA [schema.]max_page_count
+  **  PRAGMA [schema.]max_page_count=N
+  **
+  ** The first form reports the current setting for the
+  ** maximum number of pages in the database file.  The 
+  ** second form attempts to change this setting.  Both
+  ** forms return the current setting.
+  **
+  ** The absolute value of N is used.  This is undocumented and might
+  ** change.  The only purpose is to provide an easy way to test
+  ** the sqlite3AbsInt32() function.
+  **
+  **  PRAGMA [schema.]page_count
+  **
+  ** Return the number of pages in the specified database.
+  */
+  case PragTyp_PAGE_COUNT: {
+    int iReg;
+    sqlite3CodeVerifySchema(pParse, iDb);
+    iReg = ++pParse->nMem;
+    if( sqlite3Tolower(zLeft[0])=='p' ){
+      sqlite3VdbeAddOp2(v, OP_Pagecount, iDb, iReg);
+    }else{
+      sqlite3VdbeAddOp3(v, OP_MaxPgcnt, iDb, iReg, 
+                        sqlite3AbsInt32(sqlite3Atoi(zRight)));
+    }
+    sqlite3VdbeAddOp2(v, OP_ResultRow, iReg, 1);
+    sqlite3VdbeSetNumCols(v, 1);
+    sqlite3VdbeSetColName(v, 0, COLNAME_NAME, zLeft, SQLITE_TRANSIENT);
+    break;
+  }
+
+  /*
+  **  PRAGMA [schema.]locking_mode
+  **  PRAGMA [schema.]locking_mode = (normal|exclusive)
+  */
+  case PragTyp_LOCKING_MODE: {
+    const char *zRet = "normal";
+    int eMode = getLockingMode(zRight);
+
+    if( pId2->n==0 && eMode==PAGER_LOCKINGMODE_QUERY ){
+      /* Simple "PRAGMA locking_mode;" statement. This is a query for
+      ** the current default locking mode (which may be different to
+      ** the locking-mode of the main database).
+      */
+      eMode = db->dfltLockMode;
+    }else{
+      Pager *pPager;
+      if( pId2->n==0 ){
+        /* This indicates that no database name was specified as part
+        ** of the PRAGMA command. In this case the locking-mode must be
+        ** set on all attached databases, as well as the main db file.
+        **
+        ** Also, the sqlite3.dfltLockMode variable is set so that
+        ** any subsequently attached databases also use the specified
+        ** locking mode.
+        */
+        int ii;
+        assert(pDb==&db->aDb[0]);
+        for(ii=2; ii<db->nDb; ii++){
+          pPager = sqlite3BtreePager(db->aDb[ii].pBt);
+          sqlite3PagerLockingMode(pPager, eMode);
+        }
+        db->dfltLockMode = (u8)eMode;
+      }
+      pPager = sqlite3BtreePager(pDb->pBt);
+      eMode = sqlite3PagerLockingMode(pPager, eMode);
+    }
+
+    assert( eMode==PAGER_LOCKINGMODE_NORMAL
+            || eMode==PAGER_LOCKINGMODE_EXCLUSIVE );
+    if( eMode==PAGER_LOCKINGMODE_EXCLUSIVE ){
+      zRet = "exclusive";
+    }
+    returnSingleText(v, "locking_mode", zRet);
+    break;
+  }
+
+  /*
+  **  PRAGMA [schema.]journal_mode
+  **  PRAGMA [schema.]journal_mode =
+  **                      (delete|persist|off|truncate|memory|wal|off)
+  */
+  case PragTyp_JOURNAL_MODE: {
+    int eMode;        /* One of the PAGER_JOURNALMODE_XXX symbols */
+    int ii;           /* Loop counter */
+
+    setOneColumnName(v, "journal_mode");
+    if( zRight==0 ){
+      /* If there is no "=MODE" part of the pragma, do a query for the
+      ** current mode */
+      eMode = PAGER_JOURNALMODE_QUERY;
+    }else{
+      const char *zMode;
+      int n = sqlite3Strlen30(zRight);
+      for(eMode=0; (zMode = sqlite3JournalModename(eMode))!=0; eMode++){
+        if( sqlite3StrNICmp(zRight, zMode, n)==0 ) break;
+      }
+      if( !zMode ){
+        /* If the "=MODE" part does not match any known journal mode,
+        ** then do a query */
+        eMode = PAGER_JOURNALMODE_QUERY;
+      }
+    }
+    if( eMode==PAGER_JOURNALMODE_QUERY && pId2->n==0 ){
+      /* Convert "PRAGMA journal_mode" into "PRAGMA main.journal_mode" */
+      iDb = 0;
+      pId2->n = 1;
+    }
+    for(ii=db->nDb-1; ii>=0; ii--){
+      if( db->aDb[ii].pBt && (ii==iDb || pId2->n==0) ){
+        sqlite3VdbeUsesBtree(v, ii);
+        sqlite3VdbeAddOp3(v, OP_JournalMode, ii, 1, eMode);
+      }
+    }
+    sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
+    break;
+  }
+
+  /*
+  **  PRAGMA [schema.]journal_size_limit
+  **  PRAGMA [schema.]journal_size_limit=N
+  **
+  ** Get or set the size limit on rollback journal files.
+  */
+  case PragTyp_JOURNAL_SIZE_LIMIT: {
+    Pager *pPager = sqlite3BtreePager(pDb->pBt);
+    i64 iLimit = -2;
+    if( zRight ){
+      sqlite3DecOrHexToI64(zRight, &iLimit);
+      if( iLimit<-1 ) iLimit = -1;
+    }
+    iLimit = sqlite3PagerJournalSizeLimit(pPager, iLimit);
+    returnSingleInt(v, "journal_size_limit", iLimit);
+    break;
+  }
+
+#endif /* SQLITE_OMIT_PAGER_PRAGMAS */
+
+  /*
+  **  PRAGMA [schema.]auto_vacuum
+  **  PRAGMA [schema.]auto_vacuum=N
+  **
+  ** Get or set the value of the database 'auto-vacuum' parameter.
+  ** The value is one of:  0 NONE 1 FULL 2 INCREMENTAL
+  */
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  case PragTyp_AUTO_VACUUM: {
+    Btree *pBt = pDb->pBt;
+    assert( pBt!=0 );
+    if( !zRight ){
+      returnSingleInt(v, "auto_vacuum", sqlite3BtreeGetAutoVacuum(pBt));
+    }else{
+      int eAuto = getAutoVacuum(zRight);
+      assert( eAuto>=0 && eAuto<=2 );
+      db->nextAutovac = (u8)eAuto;
+      /* Call SetAutoVacuum() to set initialize the internal auto and
+      ** incr-vacuum flags. This is required in case this connection
+      ** creates the database file. It is important that it is created
+      ** as an auto-vacuum capable db.
+      */
+      rc = sqlite3BtreeSetAutoVacuum(pBt, eAuto);
+      if( rc==SQLITE_OK && (eAuto==1 || eAuto==2) ){
+        /* When setting the auto_vacuum mode to either "full" or 
+        ** "incremental", write the value of meta[6] in the database
+        ** file. Before writing to meta[6], check that meta[3] indicates
+        ** that this really is an auto-vacuum capable database.
+        */
+        static const int iLn = VDBE_OFFSET_LINENO(2);
+        static const VdbeOpList setMeta6[] = {
+          { OP_Transaction,    0,         1,                 0},    /* 0 */
+          { OP_ReadCookie,     0,         1,         BTREE_LARGEST_ROOT_PAGE},
+          { OP_If,             1,         0,                 0},    /* 2 */
+          { OP_Halt,           SQLITE_OK, OE_Abort,          0},    /* 3 */
+          { OP_Integer,        0,         1,                 0},    /* 4 */
+          { OP_SetCookie,      0,         BTREE_INCR_VACUUM, 1},    /* 5 */
+        };
+        int iAddr;
+        iAddr = sqlite3VdbeAddOpList(v, ArraySize(setMeta6), setMeta6, iLn);
+        sqlite3VdbeChangeP1(v, iAddr, iDb);
+        sqlite3VdbeChangeP1(v, iAddr+1, iDb);
+        sqlite3VdbeChangeP2(v, iAddr+2, iAddr+4);
+        sqlite3VdbeChangeP1(v, iAddr+4, eAuto-1);
+        sqlite3VdbeChangeP1(v, iAddr+5, iDb);
+        sqlite3VdbeUsesBtree(v, iDb);
+      }
+    }
+    break;
+  }
+#endif
+
+  /*
+  **  PRAGMA [schema.]incremental_vacuum(N)
+  **
+  ** Do N steps of incremental vacuuming on a database.
+  */
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  case PragTyp_INCREMENTAL_VACUUM: {
+    int iLimit, addr;
+    if( zRight==0 || !sqlite3GetInt32(zRight, &iLimit) || iLimit<=0 ){
+      iLimit = 0x7fffffff;
+    }
+    sqlite3BeginWriteOperation(pParse, 0, iDb);
+    sqlite3VdbeAddOp2(v, OP_Integer, iLimit, 1);
+    addr = sqlite3VdbeAddOp1(v, OP_IncrVacuum, iDb); VdbeCoverage(v);
+    sqlite3VdbeAddOp1(v, OP_ResultRow, 1);
+    sqlite3VdbeAddOp2(v, OP_AddImm, 1, -1);
+    sqlite3VdbeAddOp2(v, OP_IfPos, 1, addr); VdbeCoverage(v);
+    sqlite3VdbeJumpHere(v, addr);
+    break;
+  }
+#endif
+
+#ifndef SQLITE_OMIT_PAGER_PRAGMAS
+  /*
+  **  PRAGMA [schema.]cache_size
+  **  PRAGMA [schema.]cache_size=N
+  **
+  ** The first form reports the current local setting for the
+  ** page cache size. The second form sets the local
+  ** page cache size value.  If N is positive then that is the
+  ** number of pages in the cache.  If N is negative, then the
+  ** number of pages is adjusted so that the cache uses -N kibibytes
+  ** of memory.
+  */
+  case PragTyp_CACHE_SIZE: {
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    if( !zRight ){
+      returnSingleInt(v, "cache_size", pDb->pSchema->cache_size);
+    }else{
+      int size = sqlite3Atoi(zRight);
+      pDb->pSchema->cache_size = size;
+      sqlite3BtreeSetCacheSize(pDb->pBt, pDb->pSchema->cache_size);
+    }
+    break;
+  }
+
+  /*
+  **  PRAGMA [schema.]cache_spill
+  **  PRAGMA cache_spill=BOOLEAN
+  **  PRAGMA [schema.]cache_spill=N
+  **
+  ** The first form reports the current local setting for the
+  ** page cache spill size. The second form turns cache spill on
+  ** or off.  When turnning cache spill on, the size is set to the
+  ** current cache_size.  The third form sets a spill size that
+  ** may be different form the cache size.
+  ** If N is positive then that is the
+  ** number of pages in the cache.  If N is negative, then the
+  ** number of pages is adjusted so that the cache uses -N kibibytes
+  ** of memory.
+  **
+  ** If the number of cache_spill pages is less then the number of
+  ** cache_size pages, no spilling occurs until the page count exceeds
+  ** the number of cache_size pages.
+  **
+  ** The cache_spill=BOOLEAN setting applies to all attached schemas,
+  ** not just the schema specified.
+  */
+  case PragTyp_CACHE_SPILL: {
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    if( !zRight ){
+      returnSingleInt(v, "cache_spill", 
+         (db->flags & SQLITE_CacheSpill)==0 ? 0 : 
+            sqlite3BtreeSetSpillSize(pDb->pBt,0));
+    }else{
+      int size = 1;
+      if( sqlite3GetInt32(zRight, &size) ){
+        sqlite3BtreeSetSpillSize(pDb->pBt, size);
+      }
+      if( sqlite3GetBoolean(zRight, size!=0) ){
+        db->flags |= SQLITE_CacheSpill;
+      }else{
+        db->flags &= ~SQLITE_CacheSpill;
+      }
+      setAllPagerFlags(db);
+    }
+    break;
+  }
+
+  /*
+  **  PRAGMA [schema.]mmap_size(N)
+  **
+  ** Used to set mapping size limit. The mapping size limit is
+  ** used to limit the aggregate size of all memory mapped regions of the
+  ** database file. If this parameter is set to zero, then memory mapping
+  ** is not used at all.  If N is negative, then the default memory map
+  ** limit determined by sqlite3_config(SQLITE_CONFIG_MMAP_SIZE) is set.
+  ** The parameter N is measured in bytes.
+  **
+  ** This value is advisory.  The underlying VFS is free to memory map
+  ** as little or as much as it wants.  Except, if N is set to 0 then the
+  ** upper layers will never invoke the xFetch interfaces to the VFS.
+  */
+  case PragTyp_MMAP_SIZE: {
+    sqlite3_int64 sz;
+#if SQLITE_MAX_MMAP_SIZE>0
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    if( zRight ){
+      int ii;
+      sqlite3DecOrHexToI64(zRight, &sz);
+      if( sz<0 ) sz = sqlite3GlobalConfig.szMmap;
+      if( pId2->n==0 ) db->szMmap = sz;
+      for(ii=db->nDb-1; ii>=0; ii--){
+        if( db->aDb[ii].pBt && (ii==iDb || pId2->n==0) ){
+          sqlite3BtreeSetMmapLimit(db->aDb[ii].pBt, sz);
+        }
+      }
+    }
+    sz = -1;
+    rc = sqlite3_file_control(db, zDb, SQLITE_FCNTL_MMAP_SIZE, &sz);
+#else
+    sz = 0;
+    rc = SQLITE_OK;
+#endif
+    if( rc==SQLITE_OK ){
+      returnSingleInt(v, "mmap_size", sz);
+    }else if( rc!=SQLITE_NOTFOUND ){
+      pParse->nErr++;
+      pParse->rc = rc;
+    }
+    break;
+  }
+
+  /*
+  **   PRAGMA temp_store
+  **   PRAGMA temp_store = "default"|"memory"|"file"
+  **
+  ** Return or set the local value of the temp_store flag.  Changing
+  ** the local value does not make changes to the disk file and the default
+  ** value will be restored the next time the database is opened.
+  **
+  ** Note that it is possible for the library compile-time options to
+  ** override this setting
+  */
+  case PragTyp_TEMP_STORE: {
+    if( !zRight ){
+      returnSingleInt(v, "temp_store", db->temp_store);
+    }else{
+      changeTempStorage(pParse, zRight);
+    }
+    break;
+  }
+
+  /*
+  **   PRAGMA temp_store_directory
+  **   PRAGMA temp_store_directory = ""|"directory_name"
+  **
+  ** Return or set the local value of the temp_store_directory flag.  Changing
+  ** the value sets a specific directory to be used for temporary files.
+  ** Setting to a null string reverts to the default temporary directory search.
+  ** If temporary directory is changed, then invalidateTempStorage.
+  **
+  */
+  case PragTyp_TEMP_STORE_DIRECTORY: {
+    if( !zRight ){
+      returnSingleText(v, "temp_store_directory", sqlite3_temp_directory);
+    }else{
+#ifndef SQLITE_OMIT_WSD
+      if( zRight[0] ){
+        int res;
+        rc = sqlite3OsAccess(db->pVfs, zRight, SQLITE_ACCESS_READWRITE, &res);
+        if( rc!=SQLITE_OK || res==0 ){
+          sqlite3ErrorMsg(pParse, "not a writable directory");
+          goto pragma_out;
+        }
+      }
+      if( SQLITE_TEMP_STORE==0
+       || (SQLITE_TEMP_STORE==1 && db->temp_store<=1)
+       || (SQLITE_TEMP_STORE==2 && db->temp_store==1)
+      ){
+        invalidateTempStorage(pParse);
+      }
+      sqlite3_free(sqlite3_temp_directory);
+      if( zRight[0] ){
+        sqlite3_temp_directory = sqlite3_mprintf("%s", zRight);
+      }else{
+        sqlite3_temp_directory = 0;
+      }
+#endif /* SQLITE_OMIT_WSD */
+    }
+    break;
+  }
+
+#if SQLITE_OS_WIN
+  /*
+  **   PRAGMA data_store_directory
+  **   PRAGMA data_store_directory = ""|"directory_name"
+  **
+  ** Return or set the local value of the data_store_directory flag.  Changing
+  ** the value sets a specific directory to be used for database files that
+  ** were specified with a relative pathname.  Setting to a null string reverts
+  ** to the default database directory, which for database files specified with
+  ** a relative path will probably be based on the current directory for the
+  ** process.  Database file specified with an absolute path are not impacted
+  ** by this setting, regardless of its value.
+  **
+  */
+  case PragTyp_DATA_STORE_DIRECTORY: {
+    if( !zRight ){
+      returnSingleText(v, "data_store_directory", sqlite3_data_directory);
+    }else{
+#ifndef SQLITE_OMIT_WSD
+      if( zRight[0] ){
+        int res;
+        rc = sqlite3OsAccess(db->pVfs, zRight, SQLITE_ACCESS_READWRITE, &res);
+        if( rc!=SQLITE_OK || res==0 ){
+          sqlite3ErrorMsg(pParse, "not a writable directory");
+          goto pragma_out;
+        }
+      }
+      sqlite3_free(sqlite3_data_directory);
+      if( zRight[0] ){
+        sqlite3_data_directory = sqlite3_mprintf("%s", zRight);
+      }else{
+        sqlite3_data_directory = 0;
+      }
+#endif /* SQLITE_OMIT_WSD */
+    }
+    break;
+  }
+#endif
+
+#if SQLITE_ENABLE_LOCKING_STYLE
+  /*
+  **   PRAGMA [schema.]lock_proxy_file
+  **   PRAGMA [schema.]lock_proxy_file = ":auto:"|"lock_file_path"
+  **
+  ** Return or set the value of the lock_proxy_file flag.  Changing
+  ** the value sets a specific file to be used for database access locks.
+  **
+  */
+  case PragTyp_LOCK_PROXY_FILE: {
+    if( !zRight ){
+      Pager *pPager = sqlite3BtreePager(pDb->pBt);
+      char *proxy_file_path = NULL;
+      sqlite3_file *pFile = sqlite3PagerFile(pPager);
+      sqlite3OsFileControlHint(pFile, SQLITE_GET_LOCKPROXYFILE, 
+                           &proxy_file_path);
+      returnSingleText(v, "lock_proxy_file", proxy_file_path);
+    }else{
+      Pager *pPager = sqlite3BtreePager(pDb->pBt);
+      sqlite3_file *pFile = sqlite3PagerFile(pPager);
+      int res;
+      if( zRight[0] ){
+        res=sqlite3OsFileControl(pFile, SQLITE_SET_LOCKPROXYFILE, 
+                                     zRight);
+      } else {
+        res=sqlite3OsFileControl(pFile, SQLITE_SET_LOCKPROXYFILE, 
+                                     NULL);
+      }
+      if( res!=SQLITE_OK ){
+        sqlite3ErrorMsg(pParse, "failed to set lock proxy file");
+        goto pragma_out;
+      }
+    }
+    break;
+  }
+#endif /* SQLITE_ENABLE_LOCKING_STYLE */      
+    
+  /*
+  **   PRAGMA [schema.]synchronous
+  **   PRAGMA [schema.]synchronous=OFF|ON|NORMAL|FULL
+  **
+  ** Return or set the local value of the synchronous flag.  Changing
+  ** the local value does not make changes to the disk file and the
+  ** default value will be restored the next time the database is
+  ** opened.
+  */
+  case PragTyp_SYNCHRONOUS: {
+    if( !zRight ){
+      returnSingleInt(v, "synchronous", pDb->safety_level-1);
+    }else{
+      if( !db->autoCommit ){
+        sqlite3ErrorMsg(pParse, 
+            "Safety level may not be changed inside a transaction");
+      }else{
+        int iLevel = (getSafetyLevel(zRight,0,1)+1) & PAGER_SYNCHRONOUS_MASK;
+        if( iLevel==0 ) iLevel = 1;
+        pDb->safety_level = iLevel;
+        setAllPagerFlags(db);
+      }
+    }
+    break;
+  }
+#endif /* SQLITE_OMIT_PAGER_PRAGMAS */
+
+#ifndef SQLITE_OMIT_FLAG_PRAGMAS
+  case PragTyp_FLAG: {
+    if( zRight==0 ){
+      returnSingleInt(v, pPragma->zName, (db->flags & pPragma->iArg)!=0 );
+    }else{
+      int mask = pPragma->iArg;    /* Mask of bits to set or clear. */
+      if( db->autoCommit==0 ){
+        /* Foreign key support may not be enabled or disabled while not
+        ** in auto-commit mode.  */
+        mask &= ~(SQLITE_ForeignKeys);
+      }
+#if SQLITE_USER_AUTHENTICATION
+      if( db->auth.authLevel==UAUTH_User ){
+        /* Do not allow non-admin users to modify the schema arbitrarily */
+        mask &= ~(SQLITE_WriteSchema);
+      }
+#endif
+
+      if( sqlite3GetBoolean(zRight, 0) ){
+        db->flags |= mask;
+      }else{
+        db->flags &= ~mask;
+        if( mask==SQLITE_DeferFKs ) db->nDeferredImmCons = 0;
+      }
+
+      /* Many of the flag-pragmas modify the code generated by the SQL 
+      ** compiler (eg. count_changes). So add an opcode to expire all
+      ** compiled SQL statements after modifying a pragma value.
+      */
+      sqlite3VdbeAddOp2(v, OP_Expire, 0, 0);
+      setAllPagerFlags(db);
+    }
+    break;
+  }
+#endif /* SQLITE_OMIT_FLAG_PRAGMAS */
+
+#ifndef SQLITE_OMIT_SCHEMA_PRAGMAS
+  /*
+  **   PRAGMA table_info(<table>)
+  **
+  ** Return a single row for each column of the named table. The columns of
+  ** the returned data set are:
+  **
+  ** cid:        Column id (numbered from left to right, starting at 0)
+  ** name:       Column name
+  ** type:       Column declaration type.
+  ** notnull:    True if 'NOT NULL' is part of column declaration
+  ** dflt_value: The default value for the column, if any.
+  */
+  case PragTyp_TABLE_INFO: if( zRight ){
+    Table *pTab;
+    pTab = sqlite3FindTable(db, zRight, zDb);
+    if( pTab ){
+      static const char *azCol[] = {
+         "cid", "name", "type", "notnull", "dflt_value", "pk"
+      };
+      int i, k;
+      int nHidden = 0;
+      Column *pCol;
+      Index *pPk = sqlite3PrimaryKeyIndex(pTab);
+      pParse->nMem = 6;
+      sqlite3CodeVerifySchema(pParse, iDb);
+      setAllColumnNames(v, 6, azCol); assert( 6==ArraySize(azCol) );
+      sqlite3ViewGetColumnNames(pParse, pTab);
+      for(i=0, pCol=pTab->aCol; i<pTab->nCol; i++, pCol++){
+        if( IsHiddenColumn(pCol) ){
+          nHidden++;
+          continue;
+        }
+        if( (pCol->colFlags & COLFLAG_PRIMKEY)==0 ){
+          k = 0;
+        }else if( pPk==0 ){
+          k = 1;
+        }else{
+          for(k=1; k<=pTab->nCol && pPk->aiColumn[k-1]!=i; k++){}
+        }
+        sqlite3VdbeMultiLoad(v, 1, "issisi",
+               i-nHidden,
+               pCol->zName,
+               pCol->zType ? pCol->zType : "",
+               pCol->notNull ? 1 : 0,
+               pCol->zDflt,
+               k);
+        sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 6);
+      }
+    }
+  }
+  break;
+
+  case PragTyp_STATS: {
+    static const char *azCol[] = { "table", "index", "width", "height" };
+    Index *pIdx;
+    HashElem *i;
+    v = sqlite3GetVdbe(pParse);
+    pParse->nMem = 4;
+    sqlite3CodeVerifySchema(pParse, iDb);
+    setAllColumnNames(v, 4, azCol);  assert( 4==ArraySize(azCol) );
+    for(i=sqliteHashFirst(&pDb->pSchema->tblHash); i; i=sqliteHashNext(i)){
+      Table *pTab = sqliteHashData(i);
+      sqlite3VdbeMultiLoad(v, 1, "ssii",
+           pTab->zName,
+           0,
+           (int)sqlite3LogEstToInt(pTab->szTabRow),
+           (int)sqlite3LogEstToInt(pTab->nRowLogEst));
+      sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 4);
+      for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+        sqlite3VdbeMultiLoad(v, 2, "sii",
+           pIdx->zName,
+           (int)sqlite3LogEstToInt(pIdx->szIdxRow),
+           (int)sqlite3LogEstToInt(pIdx->aiRowLogEst[0]));
+        sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 4);
+      }
+    }
+  }
+  break;
+
+  case PragTyp_INDEX_INFO: if( zRight ){
+    Index *pIdx;
+    Table *pTab;
+    pIdx = sqlite3FindIndex(db, zRight, zDb);
+    if( pIdx ){
+      static const char *azCol[] = {
+         "seqno", "cid", "name", "desc", "coll", "key"
+      };
+      int i;
+      int mx;
+      if( pPragma->iArg ){
+        /* PRAGMA index_xinfo (newer version with more rows and columns) */
+        mx = pIdx->nColumn;
+        pParse->nMem = 6;
+      }else{
+        /* PRAGMA index_info (legacy version) */
+        mx = pIdx->nKeyCol;
+        pParse->nMem = 3;
+      }
+      pTab = pIdx->pTable;
+      sqlite3CodeVerifySchema(pParse, iDb);
+      assert( pParse->nMem<=ArraySize(azCol) );
+      setAllColumnNames(v, pParse->nMem, azCol);
+      for(i=0; i<mx; i++){
+        i16 cnum = pIdx->aiColumn[i];
+        sqlite3VdbeMultiLoad(v, 1, "iis", i, cnum,
+                             cnum<0 ? 0 : pTab->aCol[cnum].zName);
+        if( pPragma->iArg ){
+          sqlite3VdbeMultiLoad(v, 4, "isi",
+            pIdx->aSortOrder[i],
+            pIdx->azColl[i],
+            i<pIdx->nKeyCol);
+        }
+        sqlite3VdbeAddOp2(v, OP_ResultRow, 1, pParse->nMem);
+      }
+    }
+  }
+  break;
+
+  case PragTyp_INDEX_LIST: if( zRight ){
+    Index *pIdx;
+    Table *pTab;
+    int i;
+    pTab = sqlite3FindTable(db, zRight, zDb);
+    if( pTab ){
+      static const char *azCol[] = {
+        "seq", "name", "unique", "origin", "partial"
+      };
+      v = sqlite3GetVdbe(pParse);
+      pParse->nMem = 5;
+      sqlite3CodeVerifySchema(pParse, iDb);
+      setAllColumnNames(v, 5, azCol);  assert( 5==ArraySize(azCol) );
+      for(pIdx=pTab->pIndex, i=0; pIdx; pIdx=pIdx->pNext, i++){
+        const char *azOrigin[] = { "c", "u", "pk" };
+        sqlite3VdbeMultiLoad(v, 1, "isisi",
+           i,
+           pIdx->zName,
+           IsUniqueIndex(pIdx),
+           azOrigin[pIdx->idxType],
+           pIdx->pPartIdxWhere!=0);
+        sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 5);
+      }
+    }
+  }
+  break;
+
+  case PragTyp_DATABASE_LIST: {
+    static const char *azCol[] = { "seq", "name", "file" };
+    int i;
+    pParse->nMem = 3;
+    setAllColumnNames(v, 3, azCol); assert( 3==ArraySize(azCol) );
+    for(i=0; i<db->nDb; i++){
+      if( db->aDb[i].pBt==0 ) continue;
+      assert( db->aDb[i].zName!=0 );
+      sqlite3VdbeMultiLoad(v, 1, "iss",
+         i,
+         db->aDb[i].zName,
+         sqlite3BtreeGetFilename(db->aDb[i].pBt));
+      sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 3);
+    }
+  }
+  break;
+
+  case PragTyp_COLLATION_LIST: {
+    static const char *azCol[] = { "seq", "name" };
+    int i = 0;
+    HashElem *p;
+    pParse->nMem = 2;
+    setAllColumnNames(v, 2, azCol); assert( 2==ArraySize(azCol) );
+    for(p=sqliteHashFirst(&db->aCollSeq); p; p=sqliteHashNext(p)){
+      CollSeq *pColl = (CollSeq *)sqliteHashData(p);
+      sqlite3VdbeMultiLoad(v, 1, "is", i++, pColl->zName);
+      sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 2);
+    }
+  }
+  break;
+#endif /* SQLITE_OMIT_SCHEMA_PRAGMAS */
+
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+  case PragTyp_FOREIGN_KEY_LIST: if( zRight ){
+    FKey *pFK;
+    Table *pTab;
+    pTab = sqlite3FindTable(db, zRight, zDb);
+    if( pTab ){
+      v = sqlite3GetVdbe(pParse);
+      pFK = pTab->pFKey;
+      if( pFK ){
+        static const char *azCol[] = {
+           "id", "seq", "table", "from", "to", "on_update", "on_delete",
+           "match"
+        };
+        int i = 0; 
+        pParse->nMem = 8;
+        sqlite3CodeVerifySchema(pParse, iDb);
+        setAllColumnNames(v, 8, azCol); assert( 8==ArraySize(azCol) );
+        while(pFK){
+          int j;
+          for(j=0; j<pFK->nCol; j++){
+            sqlite3VdbeMultiLoad(v, 1, "iissssss",
+                   i,
+                   j,
+                   pFK->zTo,
+                   pTab->aCol[pFK->aCol[j].iFrom].zName,
+                   pFK->aCol[j].zCol,
+                   actionName(pFK->aAction[1]),  /* ON UPDATE */
+                   actionName(pFK->aAction[0]),  /* ON DELETE */
+                   "NONE");
+            sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 8);
+          }
+          ++i;
+          pFK = pFK->pNextFrom;
+        }
+      }
+    }
+  }
+  break;
+#endif /* !defined(SQLITE_OMIT_FOREIGN_KEY) */
+
+#ifndef SQLITE_OMIT_FOREIGN_KEY
+#ifndef SQLITE_OMIT_TRIGGER
+  case PragTyp_FOREIGN_KEY_CHECK: {
+    FKey *pFK;             /* A foreign key constraint */
+    Table *pTab;           /* Child table contain "REFERENCES" keyword */
+    Table *pParent;        /* Parent table that child points to */
+    Index *pIdx;           /* Index in the parent table */
+    int i;                 /* Loop counter:  Foreign key number for pTab */
+    int j;                 /* Loop counter:  Field of the foreign key */
+    HashElem *k;           /* Loop counter:  Next table in schema */
+    int x;                 /* result variable */
+    int regResult;         /* 3 registers to hold a result row */
+    int regKey;            /* Register to hold key for checking the FK */
+    int regRow;            /* Registers to hold a row from pTab */
+    int addrTop;           /* Top of a loop checking foreign keys */
+    int addrOk;            /* Jump here if the key is OK */
+    int *aiCols;           /* child to parent column mapping */
+    static const char *azCol[] = { "table", "rowid", "parent", "fkid" };
+
+    regResult = pParse->nMem+1;
+    pParse->nMem += 4;
+    regKey = ++pParse->nMem;
+    regRow = ++pParse->nMem;
+    v = sqlite3GetVdbe(pParse);
+    setAllColumnNames(v, 4, azCol); assert( 4==ArraySize(azCol) );
+    sqlite3CodeVerifySchema(pParse, iDb);
+    k = sqliteHashFirst(&db->aDb[iDb].pSchema->tblHash);
+    while( k ){
+      if( zRight ){
+        pTab = sqlite3LocateTable(pParse, 0, zRight, zDb);
+        k = 0;
+      }else{
+        pTab = (Table*)sqliteHashData(k);
+        k = sqliteHashNext(k);
+      }
+      if( pTab==0 || pTab->pFKey==0 ) continue;
+      sqlite3TableLock(pParse, iDb, pTab->tnum, 0, pTab->zName);
+      if( pTab->nCol+regRow>pParse->nMem ) pParse->nMem = pTab->nCol + regRow;
+      sqlite3OpenTable(pParse, 0, iDb, pTab, OP_OpenRead);
+      sqlite3VdbeLoadString(v, regResult, pTab->zName);
+      for(i=1, pFK=pTab->pFKey; pFK; i++, pFK=pFK->pNextFrom){
+        pParent = sqlite3FindTable(db, pFK->zTo, zDb);
+        if( pParent==0 ) continue;
+        pIdx = 0;
+        sqlite3TableLock(pParse, iDb, pParent->tnum, 0, pParent->zName);
+        x = sqlite3FkLocateIndex(pParse, pParent, pFK, &pIdx, 0);
+        if( x==0 ){
+          if( pIdx==0 ){
+            sqlite3OpenTable(pParse, i, iDb, pParent, OP_OpenRead);
+          }else{
+            sqlite3VdbeAddOp3(v, OP_OpenRead, i, pIdx->tnum, iDb);
+            sqlite3VdbeSetP4KeyInfo(pParse, pIdx);
+          }
+        }else{
+          k = 0;
+          break;
+        }
+      }
+      assert( pParse->nErr>0 || pFK==0 );
+      if( pFK ) break;
+      if( pParse->nTab<i ) pParse->nTab = i;
+      addrTop = sqlite3VdbeAddOp1(v, OP_Rewind, 0); VdbeCoverage(v);
+      for(i=1, pFK=pTab->pFKey; pFK; i++, pFK=pFK->pNextFrom){
+        pParent = sqlite3FindTable(db, pFK->zTo, zDb);
+        pIdx = 0;
+        aiCols = 0;
+        if( pParent ){
+          x = sqlite3FkLocateIndex(pParse, pParent, pFK, &pIdx, &aiCols);
+          assert( x==0 );
+        }
+        addrOk = sqlite3VdbeMakeLabel(v);
+        if( pParent && pIdx==0 ){
+          int iKey = pFK->aCol[0].iFrom;
+          assert( iKey>=0 && iKey<pTab->nCol );
+          if( iKey!=pTab->iPKey ){
+            sqlite3VdbeAddOp3(v, OP_Column, 0, iKey, regRow);
+            sqlite3ColumnDefault(v, pTab, iKey, regRow);
+            sqlite3VdbeAddOp2(v, OP_IsNull, regRow, addrOk); VdbeCoverage(v);
+            sqlite3VdbeAddOp2(v, OP_MustBeInt, regRow, 
+               sqlite3VdbeCurrentAddr(v)+3); VdbeCoverage(v);
+          }else{
+            sqlite3VdbeAddOp2(v, OP_Rowid, 0, regRow);
+          }
+          sqlite3VdbeAddOp3(v, OP_NotExists, i, 0, regRow); VdbeCoverage(v);
+          sqlite3VdbeGoto(v, addrOk);
+          sqlite3VdbeJumpHere(v, sqlite3VdbeCurrentAddr(v)-2);
+        }else{
+          for(j=0; j<pFK->nCol; j++){
+            sqlite3ExprCodeGetColumnOfTable(v, pTab, 0,
+                            aiCols ? aiCols[j] : pFK->aCol[j].iFrom, regRow+j);
+            sqlite3VdbeAddOp2(v, OP_IsNull, regRow+j, addrOk); VdbeCoverage(v);
+          }
+          if( pParent ){
+            sqlite3VdbeAddOp4(v, OP_MakeRecord, regRow, pFK->nCol, regKey,
+                              sqlite3IndexAffinityStr(db,pIdx), pFK->nCol);
+            sqlite3VdbeAddOp4Int(v, OP_Found, i, addrOk, regKey, 0);
+            VdbeCoverage(v);
+          }
+        }
+        sqlite3VdbeAddOp2(v, OP_Rowid, 0, regResult+1);
+        sqlite3VdbeMultiLoad(v, regResult+2, "si", pFK->zTo, i-1);
+        sqlite3VdbeAddOp2(v, OP_ResultRow, regResult, 4);
+        sqlite3VdbeResolveLabel(v, addrOk);
+        sqlite3DbFree(db, aiCols);
+      }
+      sqlite3VdbeAddOp2(v, OP_Next, 0, addrTop+1); VdbeCoverage(v);
+      sqlite3VdbeJumpHere(v, addrTop);
+    }
+  }
+  break;
+#endif /* !defined(SQLITE_OMIT_TRIGGER) */
+#endif /* !defined(SQLITE_OMIT_FOREIGN_KEY) */
+
+#ifndef NDEBUG
+  case PragTyp_PARSER_TRACE: {
+    if( zRight ){
+      if( sqlite3GetBoolean(zRight, 0) ){
+        sqlite3ParserTrace(stdout, "parser: ");
+      }else{
+        sqlite3ParserTrace(0, 0);
+      }
+    }
+  }
+  break;
+#endif
+
+  /* Reinstall the LIKE and GLOB functions.  The variant of LIKE
+  ** used will be case sensitive or not depending on the RHS.
+  */
+  case PragTyp_CASE_SENSITIVE_LIKE: {
+    if( zRight ){
+      sqlite3RegisterLikeFunctions(db, sqlite3GetBoolean(zRight, 0));
+    }
+  }
+  break;
+
+#ifndef SQLITE_INTEGRITY_CHECK_ERROR_MAX
+# define SQLITE_INTEGRITY_CHECK_ERROR_MAX 100
+#endif
+
+#ifndef SQLITE_OMIT_INTEGRITY_CHECK
+  /* Pragma "quick_check" is reduced version of 
+  ** integrity_check designed to detect most database corruption
+  ** without most of the overhead of a full integrity-check.
+  */
+  case PragTyp_INTEGRITY_CHECK: {
+    int i, j, addr, mxErr;
+
+    /* Code that appears at the end of the integrity check.  If no error
+    ** messages have been generated, output OK.  Otherwise output the
+    ** error message
+    */
+    static const int iLn = VDBE_OFFSET_LINENO(2);
+    static const VdbeOpList endCode[] = {
+      { OP_AddImm,      1, 0,        0},    /* 0 */
+      { OP_If,          1, 0,        0},    /* 1 */
+      { OP_String8,     0, 3,        0},    /* 2 */
+      { OP_ResultRow,   3, 1,        0},
+    };
+
+    int isQuick = (sqlite3Tolower(zLeft[0])=='q');
+
+    /* If the PRAGMA command was of the form "PRAGMA <db>.integrity_check",
+    ** then iDb is set to the index of the database identified by <db>.
+    ** In this case, the integrity of database iDb only is verified by
+    ** the VDBE created below.
+    **
+    ** Otherwise, if the command was simply "PRAGMA integrity_check" (or
+    ** "PRAGMA quick_check"), then iDb is set to 0. In this case, set iDb
+    ** to -1 here, to indicate that the VDBE should verify the integrity
+    ** of all attached databases.  */
+    assert( iDb>=0 );
+    assert( iDb==0 || pId2->z );
+    if( pId2->z==0 ) iDb = -1;
+
+    /* Initialize the VDBE program */
+    pParse->nMem = 6;
+    setOneColumnName(v, "integrity_check");
+
+    /* Set the maximum error count */
+    mxErr = SQLITE_INTEGRITY_CHECK_ERROR_MAX;
+    if( zRight ){
+      sqlite3GetInt32(zRight, &mxErr);
+      if( mxErr<=0 ){
+        mxErr = SQLITE_INTEGRITY_CHECK_ERROR_MAX;
+      }
+    }
+    sqlite3VdbeAddOp2(v, OP_Integer, mxErr, 1);  /* reg[1] holds errors left */
+
+    /* Do an integrity check on each database file */
+    for(i=0; i<db->nDb; i++){
+      HashElem *x;
+      Hash *pTbls;
+      int cnt = 0;
+
+      if( OMIT_TEMPDB && i==1 ) continue;
+      if( iDb>=0 && i!=iDb ) continue;
+
+      sqlite3CodeVerifySchema(pParse, i);
+      addr = sqlite3VdbeAddOp1(v, OP_IfPos, 1); /* Halt if out of errors */
+      VdbeCoverage(v);
+      sqlite3VdbeAddOp2(v, OP_Halt, 0, 0);
+      sqlite3VdbeJumpHere(v, addr);
+
+      /* Do an integrity check of the B-Tree
+      **
+      ** Begin by filling registers 2, 3, ... with the root pages numbers
+      ** for all tables and indices in the database.
+      */
+      assert( sqlite3SchemaMutexHeld(db, i, 0) );
+      pTbls = &db->aDb[i].pSchema->tblHash;
+      for(x=sqliteHashFirst(pTbls); x; x=sqliteHashNext(x)){
+        Table *pTab = sqliteHashData(x);
+        Index *pIdx;
+        if( HasRowid(pTab) ){
+          sqlite3VdbeAddOp2(v, OP_Integer, pTab->tnum, 2+cnt);
+          VdbeComment((v, "%s", pTab->zName));
+          cnt++;
+        }
+        for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+          sqlite3VdbeAddOp2(v, OP_Integer, pIdx->tnum, 2+cnt);
+          VdbeComment((v, "%s", pIdx->zName));
+          cnt++;
+        }
+      }
+
+      /* Make sure sufficient number of registers have been allocated */
+      pParse->nMem = MAX( pParse->nMem, cnt+8 );
+
+      /* Do the b-tree integrity checks */
+      sqlite3VdbeAddOp3(v, OP_IntegrityCk, 2, cnt, 1);
+      sqlite3VdbeChangeP5(v, (u8)i);
+      addr = sqlite3VdbeAddOp1(v, OP_IsNull, 2); VdbeCoverage(v);
+      sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0,
+         sqlite3MPrintf(db, "*** in database %s ***\n", db->aDb[i].zName),
+         P4_DYNAMIC);
+      sqlite3VdbeAddOp3(v, OP_Move, 2, 4, 1);
+      sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 2);
+      sqlite3VdbeAddOp2(v, OP_ResultRow, 2, 1);
+      sqlite3VdbeJumpHere(v, addr);
+
+      /* Make sure all the indices are constructed correctly.
+      */
+      for(x=sqliteHashFirst(pTbls); x && !isQuick; x=sqliteHashNext(x)){
+        Table *pTab = sqliteHashData(x);
+        Index *pIdx, *pPk;
+        Index *pPrior = 0;
+        int loopTop;
+        int iDataCur, iIdxCur;
+        int r1 = -1;
+
+        if( pTab->pIndex==0 ) continue;
+        pPk = HasRowid(pTab) ? 0 : sqlite3PrimaryKeyIndex(pTab);
+        addr = sqlite3VdbeAddOp1(v, OP_IfPos, 1);  /* Stop if out of errors */
+        VdbeCoverage(v);
+        sqlite3VdbeAddOp2(v, OP_Halt, 0, 0);
+        sqlite3VdbeJumpHere(v, addr);
+        sqlite3ExprCacheClear(pParse);
+        sqlite3OpenTableAndIndices(pParse, pTab, OP_OpenRead, 0,
+                                   1, 0, &iDataCur, &iIdxCur);
+        sqlite3VdbeAddOp2(v, OP_Integer, 0, 7);
+        for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
+          sqlite3VdbeAddOp2(v, OP_Integer, 0, 8+j); /* index entries counter */
+        }
+        pParse->nMem = MAX(pParse->nMem, 8+j);
+        sqlite3VdbeAddOp2(v, OP_Rewind, iDataCur, 0); VdbeCoverage(v);
+        loopTop = sqlite3VdbeAddOp2(v, OP_AddImm, 7, 1);
+        /* Verify that all NOT NULL columns really are NOT NULL */
+        for(j=0; j<pTab->nCol; j++){
+          char *zErr;
+          int jmp2, jmp3;
+          if( j==pTab->iPKey ) continue;
+          if( pTab->aCol[j].notNull==0 ) continue;
+          sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, j, 3);
+          sqlite3VdbeChangeP5(v, OPFLAG_TYPEOFARG);
+          jmp2 = sqlite3VdbeAddOp1(v, OP_NotNull, 3); VdbeCoverage(v);
+          sqlite3VdbeAddOp2(v, OP_AddImm, 1, -1); /* Decrement error limit */
+          zErr = sqlite3MPrintf(db, "NULL value in %s.%s", pTab->zName,
+                              pTab->aCol[j].zName);
+          sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0, zErr, P4_DYNAMIC);
+          sqlite3VdbeAddOp2(v, OP_ResultRow, 3, 1);
+          jmp3 = sqlite3VdbeAddOp1(v, OP_IfPos, 1); VdbeCoverage(v);
+          sqlite3VdbeAddOp0(v, OP_Halt);
+          sqlite3VdbeJumpHere(v, jmp2);
+          sqlite3VdbeJumpHere(v, jmp3);
+        }
+        /* Validate index entries for the current row */
+        for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
+          int jmp2, jmp3, jmp4, jmp5;
+          int ckUniq = sqlite3VdbeMakeLabel(v);
+          if( pPk==pIdx ) continue;
+          r1 = sqlite3GenerateIndexKey(pParse, pIdx, iDataCur, 0, 0, &jmp3,
+                                       pPrior, r1);
+          pPrior = pIdx;
+          sqlite3VdbeAddOp2(v, OP_AddImm, 8+j, 1);  /* increment entry count */
+          /* Verify that an index entry exists for the current table row */
+          jmp2 = sqlite3VdbeAddOp4Int(v, OP_Found, iIdxCur+j, ckUniq, r1,
+                                      pIdx->nColumn); VdbeCoverage(v);
+          sqlite3VdbeAddOp2(v, OP_AddImm, 1, -1); /* Decrement error limit */
+          sqlite3VdbeLoadString(v, 3, "row ");
+          sqlite3VdbeAddOp3(v, OP_Concat, 7, 3, 3);
+          sqlite3VdbeLoadString(v, 4, " missing from index ");
+          sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 3);
+          jmp5 = sqlite3VdbeLoadString(v, 4, pIdx->zName);
+          sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 3);
+          sqlite3VdbeAddOp2(v, OP_ResultRow, 3, 1);
+          jmp4 = sqlite3VdbeAddOp1(v, OP_IfPos, 1); VdbeCoverage(v);
+          sqlite3VdbeAddOp0(v, OP_Halt);
+          sqlite3VdbeJumpHere(v, jmp2);
+          /* For UNIQUE indexes, verify that only one entry exists with the
+          ** current key.  The entry is unique if (1) any column is NULL
+          ** or (2) the next entry has a different key */
+          if( IsUniqueIndex(pIdx) ){
+            int uniqOk = sqlite3VdbeMakeLabel(v);
+            int jmp6;
+            int kk;
+            for(kk=0; kk<pIdx->nKeyCol; kk++){
+              int iCol = pIdx->aiColumn[kk];
+              assert( iCol!=XN_ROWID && iCol<pTab->nCol );
+              if( iCol>=0 && pTab->aCol[iCol].notNull ) continue;
+              sqlite3VdbeAddOp2(v, OP_IsNull, r1+kk, uniqOk);
+              VdbeCoverage(v);
+            }
+            jmp6 = sqlite3VdbeAddOp1(v, OP_Next, iIdxCur+j); VdbeCoverage(v);
+            sqlite3VdbeGoto(v, uniqOk);
+            sqlite3VdbeJumpHere(v, jmp6);
+            sqlite3VdbeAddOp4Int(v, OP_IdxGT, iIdxCur+j, uniqOk, r1,
+                                 pIdx->nKeyCol); VdbeCoverage(v);
+            sqlite3VdbeAddOp2(v, OP_AddImm, 1, -1); /* Decrement error limit */
+            sqlite3VdbeLoadString(v, 3, "non-unique entry in index ");
+            sqlite3VdbeGoto(v, jmp5);
+            sqlite3VdbeResolveLabel(v, uniqOk);
+          }
+          sqlite3VdbeJumpHere(v, jmp4);
+          sqlite3ResolvePartIdxLabel(pParse, jmp3);
+        }
+        sqlite3VdbeAddOp2(v, OP_Next, iDataCur, loopTop); VdbeCoverage(v);
+        sqlite3VdbeJumpHere(v, loopTop-1);
+#ifndef SQLITE_OMIT_BTREECOUNT
+        sqlite3VdbeLoadString(v, 2, "wrong # of entries in index ");
+        for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
+          if( pPk==pIdx ) continue;
+          addr = sqlite3VdbeCurrentAddr(v);
+          sqlite3VdbeAddOp2(v, OP_IfPos, 1, addr+2); VdbeCoverage(v);
+          sqlite3VdbeAddOp2(v, OP_Halt, 0, 0);
+          sqlite3VdbeAddOp2(v, OP_Count, iIdxCur+j, 3);
+          sqlite3VdbeAddOp3(v, OP_Eq, 8+j, addr+8, 3); VdbeCoverage(v);
+          sqlite3VdbeChangeP5(v, SQLITE_NOTNULL);
+          sqlite3VdbeAddOp2(v, OP_AddImm, 1, -1);
+          sqlite3VdbeLoadString(v, 3, pIdx->zName);
+          sqlite3VdbeAddOp3(v, OP_Concat, 3, 2, 7);
+          sqlite3VdbeAddOp2(v, OP_ResultRow, 7, 1);
+        }
+#endif /* SQLITE_OMIT_BTREECOUNT */
+      } 
+    }
+    addr = sqlite3VdbeAddOpList(v, ArraySize(endCode), endCode, iLn);
+    sqlite3VdbeChangeP2(v, addr, -mxErr);
+    sqlite3VdbeJumpHere(v, addr+1);
+    sqlite3VdbeChangeP4(v, addr+2, "ok", P4_STATIC);
+  }
+  break;
+#endif /* SQLITE_OMIT_INTEGRITY_CHECK */
+
+#ifndef SQLITE_OMIT_UTF16
+  /*
+  **   PRAGMA encoding
+  **   PRAGMA encoding = "utf-8"|"utf-16"|"utf-16le"|"utf-16be"
+  **
+  ** In its first form, this pragma returns the encoding of the main
+  ** database. If the database is not initialized, it is initialized now.
+  **
+  ** The second form of this pragma is a no-op if the main database file
+  ** has not already been initialized. In this case it sets the default
+  ** encoding that will be used for the main database file if a new file
+  ** is created. If an existing main database file is opened, then the
+  ** default text encoding for the existing database is used.
+  ** 
+  ** In all cases new databases created using the ATTACH command are
+  ** created to use the same default text encoding as the main database. If
+  ** the main database has not been initialized and/or created when ATTACH
+  ** is executed, this is done before the ATTACH operation.
+  **
+  ** In the second form this pragma sets the text encoding to be used in
+  ** new database files created using this database handle. It is only
+  ** useful if invoked immediately after the main database i
+  */
+  case PragTyp_ENCODING: {
+    static const struct EncName {
+      char *zName;
+      u8 enc;
+    } encnames[] = {
+      { "UTF8",     SQLITE_UTF8        },
+      { "UTF-8",    SQLITE_UTF8        },  /* Must be element [1] */
+      { "UTF-16le", SQLITE_UTF16LE     },  /* Must be element [2] */
+      { "UTF-16be", SQLITE_UTF16BE     },  /* Must be element [3] */
+      { "UTF16le",  SQLITE_UTF16LE     },
+      { "UTF16be",  SQLITE_UTF16BE     },
+      { "UTF-16",   0                  }, /* SQLITE_UTF16NATIVE */
+      { "UTF16",    0                  }, /* SQLITE_UTF16NATIVE */
+      { 0, 0 }
+    };
+    const struct EncName *pEnc;
+    if( !zRight ){    /* "PRAGMA encoding" */
+      if( sqlite3ReadSchema(pParse) ) goto pragma_out;
+      assert( encnames[SQLITE_UTF8].enc==SQLITE_UTF8 );
+      assert( encnames[SQLITE_UTF16LE].enc==SQLITE_UTF16LE );
+      assert( encnames[SQLITE_UTF16BE].enc==SQLITE_UTF16BE );
+      returnSingleText(v, "encoding", encnames[ENC(pParse->db)].zName);
+    }else{                        /* "PRAGMA encoding = XXX" */
+      /* Only change the value of sqlite.enc if the database handle is not
+      ** initialized. If the main database exists, the new sqlite.enc value
+      ** will be overwritten when the schema is next loaded. If it does not
+      ** already exists, it will be created to use the new encoding value.
+      */
+      if( 
+        !(DbHasProperty(db, 0, DB_SchemaLoaded)) || 
+        DbHasProperty(db, 0, DB_Empty) 
+      ){
+        for(pEnc=&encnames[0]; pEnc->zName; pEnc++){
+          if( 0==sqlite3StrICmp(zRight, pEnc->zName) ){
+            SCHEMA_ENC(db) = ENC(db) =
+                pEnc->enc ? pEnc->enc : SQLITE_UTF16NATIVE;
+            break;
+          }
+        }
+        if( !pEnc->zName ){
+          sqlite3ErrorMsg(pParse, "unsupported encoding: %s", zRight);
+        }
+      }
+    }
+  }
+  break;
+#endif /* SQLITE_OMIT_UTF16 */
+
+#ifndef SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS
+  /*
+  **   PRAGMA [schema.]schema_version
+  **   PRAGMA [schema.]schema_version = <integer>
+  **
+  **   PRAGMA [schema.]user_version
+  **   PRAGMA [schema.]user_version = <integer>
+  **
+  **   PRAGMA [schema.]freelist_count = <integer>
+  **
+  **   PRAGMA [schema.]application_id
+  **   PRAGMA [schema.]application_id = <integer>
+  **
+  ** The pragma's schema_version and user_version are used to set or get
+  ** the value of the schema-version and user-version, respectively. Both
+  ** the schema-version and the user-version are 32-bit signed integers
+  ** stored in the database header.
+  **
+  ** The schema-cookie is usually only manipulated internally by SQLite. It
+  ** is incremented by SQLite whenever the database schema is modified (by
+  ** creating or dropping a table or index). The schema version is used by
+  ** SQLite each time a query is executed to ensure that the internal cache
+  ** of the schema used when compiling the SQL query matches the schema of
+  ** the database against which the compiled query is actually executed.
+  ** Subverting this mechanism by using "PRAGMA schema_version" to modify
+  ** the schema-version is potentially dangerous and may lead to program
+  ** crashes or database corruption. Use with caution!
+  **
+  ** The user-version is not used internally by SQLite. It may be used by
+  ** applications for any purpose.
+  */
+  case PragTyp_HEADER_VALUE: {
+    int iCookie = pPragma->iArg;  /* Which cookie to read or write */
+    sqlite3VdbeUsesBtree(v, iDb);
+    if( zRight && (pPragma->mPragFlag & PragFlag_ReadOnly)==0 ){
+      /* Write the specified cookie value */
+      static const VdbeOpList setCookie[] = {
+        { OP_Transaction,    0,  1,  0},    /* 0 */
+        { OP_Integer,        0,  1,  0},    /* 1 */
+        { OP_SetCookie,      0,  0,  1},    /* 2 */
+      };
+      int addr = sqlite3VdbeAddOpList(v, ArraySize(setCookie), setCookie, 0);
+      sqlite3VdbeChangeP1(v, addr, iDb);
+      sqlite3VdbeChangeP1(v, addr+1, sqlite3Atoi(zRight));
+      sqlite3VdbeChangeP1(v, addr+2, iDb);
+      sqlite3VdbeChangeP2(v, addr+2, iCookie);
+    }else{
+      /* Read the specified cookie value */
+      static const VdbeOpList readCookie[] = {
+        { OP_Transaction,     0,  0,  0},    /* 0 */
+        { OP_ReadCookie,      0,  1,  0},    /* 1 */
+        { OP_ResultRow,       1,  1,  0}
+      };
+      int addr = sqlite3VdbeAddOpList(v, ArraySize(readCookie), readCookie, 0);
+      sqlite3VdbeChangeP1(v, addr, iDb);
+      sqlite3VdbeChangeP1(v, addr+1, iDb);
+      sqlite3VdbeChangeP3(v, addr+1, iCookie);
+      sqlite3VdbeSetNumCols(v, 1);
+      sqlite3VdbeSetColName(v, 0, COLNAME_NAME, zLeft, SQLITE_TRANSIENT);
+    }
+  }
+  break;
+#endif /* SQLITE_OMIT_SCHEMA_VERSION_PRAGMAS */
+
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+  /*
+  **   PRAGMA compile_options
+  **
+  ** Return the names of all compile-time options used in this build,
+  ** one option per row.
+  */
+  case PragTyp_COMPILE_OPTIONS: {
+    int i = 0;
+    const char *zOpt;
+    pParse->nMem = 1;
+    setOneColumnName(v, "compile_option");
+    while( (zOpt = sqlite3_compileoption_get(i++))!=0 ){
+      sqlite3VdbeLoadString(v, 1, zOpt);
+      sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
+    }
+  }
+  break;
+#endif /* SQLITE_OMIT_COMPILEOPTION_DIAGS */
+
+#ifndef SQLITE_OMIT_WAL
+  /*
+  **   PRAGMA [schema.]wal_checkpoint = passive|full|restart|truncate
+  **
+  ** Checkpoint the database.
+  */
+  case PragTyp_WAL_CHECKPOINT: {
+    static const char *azCol[] = { "busy", "log", "checkpointed" };
+    int iBt = (pId2->z?iDb:SQLITE_MAX_ATTACHED);
+    int eMode = SQLITE_CHECKPOINT_PASSIVE;
+    if( zRight ){
+      if( sqlite3StrICmp(zRight, "full")==0 ){
+        eMode = SQLITE_CHECKPOINT_FULL;
+      }else if( sqlite3StrICmp(zRight, "restart")==0 ){
+        eMode = SQLITE_CHECKPOINT_RESTART;
+      }else if( sqlite3StrICmp(zRight, "truncate")==0 ){
+        eMode = SQLITE_CHECKPOINT_TRUNCATE;
+      }
+    }
+    setAllColumnNames(v, 3, azCol);  assert( 3==ArraySize(azCol) );
+    pParse->nMem = 3;
+    sqlite3VdbeAddOp3(v, OP_Checkpoint, iBt, eMode, 1);
+    sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 3);
+  }
+  break;
+
+  /*
+  **   PRAGMA wal_autocheckpoint
+  **   PRAGMA wal_autocheckpoint = N
+  **
+  ** Configure a database connection to automatically checkpoint a database
+  ** after accumulating N frames in the log. Or query for the current value
+  ** of N.
+  */
+  case PragTyp_WAL_AUTOCHECKPOINT: {
+    if( zRight ){
+      sqlite3_wal_autocheckpoint(db, sqlite3Atoi(zRight));
+    }
+    returnSingleInt(v, "wal_autocheckpoint", 
+       db->xWalCallback==sqlite3WalDefaultHook ? 
+           SQLITE_PTR_TO_INT(db->pWalArg) : 0);
+  }
+  break;
+#endif
+
+  /*
+  **  PRAGMA shrink_memory
+  **
+  ** IMPLEMENTATION-OF: R-23445-46109 This pragma causes the database
+  ** connection on which it is invoked to free up as much memory as it
+  ** can, by calling sqlite3_db_release_memory().
+  */
+  case PragTyp_SHRINK_MEMORY: {
+    sqlite3_db_release_memory(db);
+    break;
+  }
+
+  /*
+  **   PRAGMA busy_timeout
+  **   PRAGMA busy_timeout = N
+  **
+  ** Call sqlite3_busy_timeout(db, N).  Return the current timeout value
+  ** if one is set.  If no busy handler or a different busy handler is set
+  ** then 0 is returned.  Setting the busy_timeout to 0 or negative
+  ** disables the timeout.
+  */
+  /*case PragTyp_BUSY_TIMEOUT*/ default: {
+    assert( pPragma->ePragTyp==PragTyp_BUSY_TIMEOUT );
+    if( zRight ){
+      sqlite3_busy_timeout(db, sqlite3Atoi(zRight));
+    }
+    returnSingleInt(v, "timeout",  db->busyTimeout);
+    break;
+  }
+
+  /*
+  **   PRAGMA soft_heap_limit
+  **   PRAGMA soft_heap_limit = N
+  **
+  ** IMPLEMENTATION-OF: R-26343-45930 This pragma invokes the
+  ** sqlite3_soft_heap_limit64() interface with the argument N, if N is
+  ** specified and is a non-negative integer.
+  ** IMPLEMENTATION-OF: R-64451-07163 The soft_heap_limit pragma always
+  ** returns the same integer that would be returned by the
+  ** sqlite3_soft_heap_limit64(-1) C-language function.
+  */
+  case PragTyp_SOFT_HEAP_LIMIT: {
+    sqlite3_int64 N;
+    if( zRight && sqlite3DecOrHexToI64(zRight, &N)==SQLITE_OK ){
+      sqlite3_soft_heap_limit64(N);
+    }
+    returnSingleInt(v, "soft_heap_limit",  sqlite3_soft_heap_limit64(-1));
+    break;
+  }
+
+  /*
+  **   PRAGMA threads
+  **   PRAGMA threads = N
+  **
+  ** Configure the maximum number of worker threads.  Return the new
+  ** maximum, which might be less than requested.
+  */
+  case PragTyp_THREADS: {
+    sqlite3_int64 N;
+    if( zRight
+     && sqlite3DecOrHexToI64(zRight, &N)==SQLITE_OK
+     && N>=0
+    ){
+      sqlite3_limit(db, SQLITE_LIMIT_WORKER_THREADS, (int)(N&0x7fffffff));
+    }
+    returnSingleInt(v, "threads",
+                    sqlite3_limit(db, SQLITE_LIMIT_WORKER_THREADS, -1));
+    break;
+  }
+
+#if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
+  /*
+  ** Report the current state of file logs for all databases
+  */
+  case PragTyp_LOCK_STATUS: {
+    static const char *const azLockName[] = {
+      "unlocked", "shared", "reserved", "pending", "exclusive"
+    };
+    static const char *azCol[] = { "database", "status" };
+    int i;
+    setAllColumnNames(v, 2, azCol); assert( 2==ArraySize(azCol) );
+    pParse->nMem = 2;
+    for(i=0; i<db->nDb; i++){
+      Btree *pBt;
+      const char *zState = "unknown";
+      int j;
+      if( db->aDb[i].zName==0 ) continue;
+      pBt = db->aDb[i].pBt;
+      if( pBt==0 || sqlite3BtreePager(pBt)==0 ){
+        zState = "closed";
+      }else if( sqlite3_file_control(db, i ? db->aDb[i].zName : 0, 
+                                     SQLITE_FCNTL_LOCKSTATE, &j)==SQLITE_OK ){
+         zState = azLockName[j];
+      }
+      sqlite3VdbeMultiLoad(v, 1, "ss", db->aDb[i].zName, zState);
+      sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 2);
+    }
+    break;
+  }
+#endif
+
+#ifdef SQLITE_HAS_CODEC
+  case PragTyp_KEY: {
+    if( zRight ) sqlite3_key_v2(db, zDb, zRight, sqlite3Strlen30(zRight));
+    break;
+  }
+  case PragTyp_REKEY: {
+    if( zRight ) sqlite3_rekey_v2(db, zDb, zRight, sqlite3Strlen30(zRight));
+    break;
+  }
+  case PragTyp_HEXKEY: {
+    if( zRight ){
+      u8 iByte;
+      int i;
+      char zKey[40];
+      for(i=0, iByte=0; i<sizeof(zKey)*2 && sqlite3Isxdigit(zRight[i]); i++){
+        iByte = (iByte<<4) + sqlite3HexToInt(zRight[i]);
+        if( (i&1)!=0 ) zKey[i/2] = iByte;
+      }
+      if( (zLeft[3] & 0xf)==0xb ){
+        sqlite3_key_v2(db, zDb, zKey, i/2);
+      }else{
+        sqlite3_rekey_v2(db, zDb, zKey, i/2);
+      }
+    }
+    break;
+  }
+#endif
+#if defined(SQLITE_HAS_CODEC) || defined(SQLITE_ENABLE_CEROD)
+  case PragTyp_ACTIVATE_EXTENSIONS: if( zRight ){
+#ifdef SQLITE_HAS_CODEC
+    if( sqlite3StrNICmp(zRight, "see-", 4)==0 ){
+      sqlite3_activate_see(&zRight[4]);
+    }
+#endif
+#ifdef SQLITE_ENABLE_CEROD
+    if( sqlite3StrNICmp(zRight, "cerod-", 6)==0 ){
+      sqlite3_activate_cerod(&zRight[6]);
+    }
+#endif
+  }
+  break;
+#endif
+
+  } /* End of the PRAGMA switch */
+
+pragma_out:
+  sqlite3DbFree(db, zLeft);
+  sqlite3DbFree(db, zRight);
+}
+
+#endif /* SQLITE_OMIT_PRAGMA */
+
+/************** End of pragma.c **********************************************/
+/************** Begin file prepare.c *****************************************/
+/*
+** 2005 May 25
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the implementation of the sqlite3_prepare()
+** interface, and routines that contribute to loading the database schema
+** from disk.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** Fill the InitData structure with an error message that indicates
+** that the database is corrupt.
+*/
+static void corruptSchema(
+  InitData *pData,     /* Initialization context */
+  const char *zObj,    /* Object being parsed at the point of error */
+  const char *zExtra   /* Error information */
+){
+  sqlite3 *db = pData->db;
+  if( !db->mallocFailed && (db->flags & SQLITE_RecoveryMode)==0 ){
+    char *z;
+    if( zObj==0 ) zObj = "?";
+    z = sqlite3_mprintf("malformed database schema (%s)", zObj);
+    if( z && zExtra ) z = sqlite3_mprintf("%z - %s", z, zExtra);
+    sqlite3DbFree(db, *pData->pzErrMsg);
+    *pData->pzErrMsg = z;
+    if( z==0 ) db->mallocFailed = 1;
+  }
+  pData->rc = db->mallocFailed ? SQLITE_NOMEM : SQLITE_CORRUPT_BKPT;
+}
+
+/*
+** This is the callback routine for the code that initializes the
+** database.  See sqlite3Init() below for additional information.
+** This routine is also called from the OP_ParseSchema opcode of the VDBE.
+**
+** Each callback contains the following information:
+**
+**     argv[0] = name of thing being created
+**     argv[1] = root page number for table or index. 0 for trigger or view.
+**     argv[2] = SQL text for the CREATE statement.
+**
+*/
+SQLITE_PRIVATE int sqlite3InitCallback(void *pInit, int argc, char **argv, char **NotUsed){
+  InitData *pData = (InitData*)pInit;
+  sqlite3 *db = pData->db;
+  int iDb = pData->iDb;
+
+  assert( argc==3 );
+  UNUSED_PARAMETER2(NotUsed, argc);
+  assert( sqlite3_mutex_held(db->mutex) );
+  DbClearProperty(db, iDb, DB_Empty);
+  if( db->mallocFailed ){
+    corruptSchema(pData, argv[0], 0);
+    return 1;
+  }
+
+  assert( iDb>=0 && iDb<db->nDb );
+  if( argv==0 ) return 0;   /* Might happen if EMPTY_RESULT_CALLBACKS are on */
+  if( argv[1]==0 ){
+    corruptSchema(pData, argv[0], 0);
+  }else if( sqlite3_strnicmp(argv[2],"create ",7)==0 ){
+    /* Call the parser to process a CREATE TABLE, INDEX or VIEW.
+    ** But because db->init.busy is set to 1, no VDBE code is generated
+    ** or executed.  All the parser does is build the internal data
+    ** structures that describe the table, index, or view.
+    */
+    int rc;
+    sqlite3_stmt *pStmt;
+    TESTONLY(int rcp);            /* Return code from sqlite3_prepare() */
+
+    assert( db->init.busy );
+    db->init.iDb = iDb;
+    db->init.newTnum = sqlite3Atoi(argv[1]);
+    db->init.orphanTrigger = 0;
+    TESTONLY(rcp = ) sqlite3_prepare(db, argv[2], -1, &pStmt, 0);
+    rc = db->errCode;
+    assert( (rc&0xFF)==(rcp&0xFF) );
+    db->init.iDb = 0;
+    if( SQLITE_OK!=rc ){
+      if( db->init.orphanTrigger ){
+        assert( iDb==1 );
+      }else{
+        pData->rc = rc;
+        if( rc==SQLITE_NOMEM ){
+          db->mallocFailed = 1;
+        }else if( rc!=SQLITE_INTERRUPT && (rc&0xFF)!=SQLITE_LOCKED ){
+          corruptSchema(pData, argv[0], sqlite3_errmsg(db));
+        }
+      }
+    }
+    sqlite3_finalize(pStmt);
+  }else if( argv[0]==0 || (argv[2]!=0 && argv[2][0]!=0) ){
+    corruptSchema(pData, argv[0], 0);
+  }else{
+    /* If the SQL column is blank it means this is an index that
+    ** was created to be the PRIMARY KEY or to fulfill a UNIQUE
+    ** constraint for a CREATE TABLE.  The index should have already
+    ** been created when we processed the CREATE TABLE.  All we have
+    ** to do here is record the root page number for that index.
+    */
+    Index *pIndex;
+    pIndex = sqlite3FindIndex(db, argv[0], db->aDb[iDb].zName);
+    if( pIndex==0 ){
+      /* This can occur if there exists an index on a TEMP table which
+      ** has the same name as another index on a permanent index.  Since
+      ** the permanent table is hidden by the TEMP table, we can also
+      ** safely ignore the index on the permanent table.
+      */
+      /* Do Nothing */;
+    }else if( sqlite3GetInt32(argv[1], &pIndex->tnum)==0 ){
+      corruptSchema(pData, argv[0], "invalid rootpage");
+    }
+  }
+  return 0;
+}
+
+/*
+** Attempt to read the database schema and initialize internal
+** data structures for a single database file.  The index of the
+** database file is given by iDb.  iDb==0 is used for the main
+** database.  iDb==1 should never be used.  iDb>=2 is used for
+** auxiliary databases.  Return one of the SQLITE_ error codes to
+** indicate success or failure.
+*/
+static int sqlite3InitOne(sqlite3 *db, int iDb, char **pzErrMsg){
+  int rc;
+  int i;
+#ifndef SQLITE_OMIT_DEPRECATED
+  int size;
+#endif
+  Table *pTab;
+  Db *pDb;
+  char const *azArg[4];
+  int meta[5];
+  InitData initData;
+  char const *zMasterSchema;
+  char const *zMasterName;
+  int openedTransaction = 0;
+
+  /*
+  ** The master database table has a structure like this
+  */
+  static const char master_schema[] = 
+     "CREATE TABLE sqlite_master(\n"
+     "  type text,\n"
+     "  name text,\n"
+     "  tbl_name text,\n"
+     "  rootpage integer,\n"
+     "  sql text\n"
+     ")"
+  ;
+#ifndef SQLITE_OMIT_TEMPDB
+  static const char temp_master_schema[] = 
+     "CREATE TEMP TABLE sqlite_temp_master(\n"
+     "  type text,\n"
+     "  name text,\n"
+     "  tbl_name text,\n"
+     "  rootpage integer,\n"
+     "  sql text\n"
+     ")"
+  ;
+#else
+  #define temp_master_schema 0
+#endif
+
+  assert( iDb>=0 && iDb<db->nDb );
+  assert( db->aDb[iDb].pSchema );
+  assert( sqlite3_mutex_held(db->mutex) );
+  assert( iDb==1 || sqlite3BtreeHoldsMutex(db->aDb[iDb].pBt) );
+
+  /* zMasterSchema and zInitScript are set to point at the master schema
+  ** and initialisation script appropriate for the database being
+  ** initialized. zMasterName is the name of the master table.
+  */
+  if( !OMIT_TEMPDB && iDb==1 ){
+    zMasterSchema = temp_master_schema;
+  }else{
+    zMasterSchema = master_schema;
+  }
+  zMasterName = SCHEMA_TABLE(iDb);
+
+  /* Construct the schema tables.  */
+  azArg[0] = zMasterName;
+  azArg[1] = "1";
+  azArg[2] = zMasterSchema;
+  azArg[3] = 0;
+  initData.db = db;
+  initData.iDb = iDb;
+  initData.rc = SQLITE_OK;
+  initData.pzErrMsg = pzErrMsg;
+  sqlite3InitCallback(&initData, 3, (char **)azArg, 0);
+  if( initData.rc ){
+    rc = initData.rc;
+    goto error_out;
+  }
+  pTab = sqlite3FindTable(db, zMasterName, db->aDb[iDb].zName);
+  if( ALWAYS(pTab) ){
+    pTab->tabFlags |= TF_Readonly;
+  }
+
+  /* Create a cursor to hold the database open
+  */
+  pDb = &db->aDb[iDb];
+  if( pDb->pBt==0 ){
+    if( !OMIT_TEMPDB && ALWAYS(iDb==1) ){
+      DbSetProperty(db, 1, DB_SchemaLoaded);
+    }
+    return SQLITE_OK;
+  }
+
+  /* If there is not already a read-only (or read-write) transaction opened
+  ** on the b-tree database, open one now. If a transaction is opened, it 
+  ** will be closed before this function returns.  */
+  sqlite3BtreeEnter(pDb->pBt);
+  if( !sqlite3BtreeIsInReadTrans(pDb->pBt) ){
+    rc = sqlite3BtreeBeginTrans(pDb->pBt, 0);
+    if( rc!=SQLITE_OK ){
+      sqlite3SetString(pzErrMsg, db, sqlite3ErrStr(rc));
+      goto initone_error_out;
+    }
+    openedTransaction = 1;
+  }
+
+  /* Get the database meta information.
+  **
+  ** Meta values are as follows:
+  **    meta[0]   Schema cookie.  Changes with each schema change.
+  **    meta[1]   File format of schema layer.
+  **    meta[2]   Size of the page cache.
+  **    meta[3]   Largest rootpage (auto/incr_vacuum mode)
+  **    meta[4]   Db text encoding. 1:UTF-8 2:UTF-16LE 3:UTF-16BE
+  **    meta[5]   User version
+  **    meta[6]   Incremental vacuum mode
+  **    meta[7]   unused
+  **    meta[8]   unused
+  **    meta[9]   unused
+  **
+  ** Note: The #defined SQLITE_UTF* symbols in sqliteInt.h correspond to
+  ** the possible values of meta[4].
+  */
+  for(i=0; i<ArraySize(meta); i++){
+    sqlite3BtreeGetMeta(pDb->pBt, i+1, (u32 *)&meta[i]);
+  }
+  pDb->pSchema->schema_cookie = meta[BTREE_SCHEMA_VERSION-1];
+
+  /* If opening a non-empty database, check the text encoding. For the
+  ** main database, set sqlite3.enc to the encoding of the main database.
+  ** For an attached db, it is an error if the encoding is not the same
+  ** as sqlite3.enc.
+  */
+  if( meta[BTREE_TEXT_ENCODING-1] ){  /* text encoding */
+    if( iDb==0 ){
+#ifndef SQLITE_OMIT_UTF16
+      u8 encoding;
+      /* If opening the main database, set ENC(db). */
+      encoding = (u8)meta[BTREE_TEXT_ENCODING-1] & 3;
+      if( encoding==0 ) encoding = SQLITE_UTF8;
+      ENC(db) = encoding;
+#else
+      ENC(db) = SQLITE_UTF8;
+#endif
+    }else{
+      /* If opening an attached database, the encoding much match ENC(db) */
+      if( meta[BTREE_TEXT_ENCODING-1]!=ENC(db) ){
+        sqlite3SetString(pzErrMsg, db, "attached databases must use the same"
+            " text encoding as main database");
+        rc = SQLITE_ERROR;
+        goto initone_error_out;
+      }
+    }
+  }else{
+    DbSetProperty(db, iDb, DB_Empty);
+  }
+  pDb->pSchema->enc = ENC(db);
+
+  if( pDb->pSchema->cache_size==0 ){
+#ifndef SQLITE_OMIT_DEPRECATED
+    size = sqlite3AbsInt32(meta[BTREE_DEFAULT_CACHE_SIZE-1]);
+    if( size==0 ){ size = SQLITE_DEFAULT_CACHE_SIZE; }
+    pDb->pSchema->cache_size = size;
+#else
+    pDb->pSchema->cache_size = SQLITE_DEFAULT_CACHE_SIZE;
+#endif
+    sqlite3BtreeSetCacheSize(pDb->pBt, pDb->pSchema->cache_size);
+  }
+
+  /*
+  ** file_format==1    Version 3.0.0.
+  ** file_format==2    Version 3.1.3.  // ALTER TABLE ADD COLUMN
+  ** file_format==3    Version 3.1.4.  // ditto but with non-NULL defaults
+  ** file_format==4    Version 3.3.0.  // DESC indices.  Boolean constants
+  */
+  pDb->pSchema->file_format = (u8)meta[BTREE_FILE_FORMAT-1];
+  if( pDb->pSchema->file_format==0 ){
+    pDb->pSchema->file_format = 1;
+  }
+  if( pDb->pSchema->file_format>SQLITE_MAX_FILE_FORMAT ){
+    sqlite3SetString(pzErrMsg, db, "unsupported file format");
+    rc = SQLITE_ERROR;
+    goto initone_error_out;
+  }
+
+  /* Ticket #2804:  When we open a database in the newer file format,
+  ** clear the legacy_file_format pragma flag so that a VACUUM will
+  ** not downgrade the database and thus invalidate any descending
+  ** indices that the user might have created.
+  */
+  if( iDb==0 && meta[BTREE_FILE_FORMAT-1]>=4 ){
+    db->flags &= ~SQLITE_LegacyFileFmt;
+  }
+
+  /* Read the schema information out of the schema tables
+  */
+  assert( db->init.busy );
+  {
+    char *zSql;
+    zSql = sqlite3MPrintf(db, 
+        "SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid",
+        db->aDb[iDb].zName, zMasterName);
+#ifndef SQLITE_OMIT_AUTHORIZATION
+    {
+      sqlite3_xauth xAuth;
+      xAuth = db->xAuth;
+      db->xAuth = 0;
+#endif
+      rc = sqlite3_exec(db, zSql, sqlite3InitCallback, &initData, 0);
+#ifndef SQLITE_OMIT_AUTHORIZATION
+      db->xAuth = xAuth;
+    }
+#endif
+    if( rc==SQLITE_OK ) rc = initData.rc;
+    sqlite3DbFree(db, zSql);
+#ifndef SQLITE_OMIT_ANALYZE
+    if( rc==SQLITE_OK ){
+      sqlite3AnalysisLoad(db, iDb);
+    }
+#endif
+  }
+  if( db->mallocFailed ){
+    rc = SQLITE_NOMEM;
+    sqlite3ResetAllSchemasOfConnection(db);
+  }
+  if( rc==SQLITE_OK || (db->flags&SQLITE_RecoveryMode)){
+    /* Black magic: If the SQLITE_RecoveryMode flag is set, then consider
+    ** the schema loaded, even if errors occurred. In this situation the 
+    ** current sqlite3_prepare() operation will fail, but the following one
+    ** will attempt to compile the supplied statement against whatever subset
+    ** of the schema was loaded before the error occurred. The primary
+    ** purpose of this is to allow access to the sqlite_master table
+    ** even when its contents have been corrupted.
+    */
+    DbSetProperty(db, iDb, DB_SchemaLoaded);
+    rc = SQLITE_OK;
+  }
+
+  /* Jump here for an error that occurs after successfully allocating
+  ** curMain and calling sqlite3BtreeEnter(). For an error that occurs
+  ** before that point, jump to error_out.
+  */
+initone_error_out:
+  if( openedTransaction ){
+    sqlite3BtreeCommit(pDb->pBt);
+  }
+  sqlite3BtreeLeave(pDb->pBt);
+
+error_out:
+  if( rc==SQLITE_NOMEM || rc==SQLITE_IOERR_NOMEM ){
+    db->mallocFailed = 1;
+  }
+  return rc;
+}
+
+/*
+** Initialize all database files - the main database file, the file
+** used to store temporary tables, and any additional database files
+** created using ATTACH statements.  Return a success code.  If an
+** error occurs, write an error message into *pzErrMsg.
+**
+** After a database is initialized, the DB_SchemaLoaded bit is set
+** bit is set in the flags field of the Db structure. If the database
+** file was of zero-length, then the DB_Empty flag is also set.
+*/
+SQLITE_PRIVATE int sqlite3Init(sqlite3 *db, char **pzErrMsg){
+  int i, rc;
+  int commit_internal = !(db->flags&SQLITE_InternChanges);
+  
+  assert( sqlite3_mutex_held(db->mutex) );
+  assert( sqlite3BtreeHoldsMutex(db->aDb[0].pBt) );
+  assert( db->init.busy==0 );
+  rc = SQLITE_OK;
+  db->init.busy = 1;
+  ENC(db) = SCHEMA_ENC(db);
+  for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
+    if( DbHasProperty(db, i, DB_SchemaLoaded) || i==1 ) continue;
+    rc = sqlite3InitOne(db, i, pzErrMsg);
+    if( rc ){
+      sqlite3ResetOneSchema(db, i);
+    }
+  }
+
+  /* Once all the other databases have been initialized, load the schema
+  ** for the TEMP database. This is loaded last, as the TEMP database
+  ** schema may contain references to objects in other databases.
+  */
+#ifndef SQLITE_OMIT_TEMPDB
+  assert( db->nDb>1 );
+  if( rc==SQLITE_OK && !DbHasProperty(db, 1, DB_SchemaLoaded) ){
+    rc = sqlite3InitOne(db, 1, pzErrMsg);
+    if( rc ){
+      sqlite3ResetOneSchema(db, 1);
+    }
+  }
+#endif
+
+  db->init.busy = 0;
+  if( rc==SQLITE_OK && commit_internal ){
+    sqlite3CommitInternalChanges(db);
+  }
+
+  return rc; 
+}
+
+/*
+** This routine is a no-op if the database schema is already initialized.
+** Otherwise, the schema is loaded. An error code is returned.
+*/
+SQLITE_PRIVATE int sqlite3ReadSchema(Parse *pParse){
+  int rc = SQLITE_OK;
+  sqlite3 *db = pParse->db;
+  assert( sqlite3_mutex_held(db->mutex) );
+  if( !db->init.busy ){
+    rc = sqlite3Init(db, &pParse->zErrMsg);
+  }
+  if( rc!=SQLITE_OK ){
+    pParse->rc = rc;
+    pParse->nErr++;
+  }
+  return rc;
+}
+
+
+/*
+** Check schema cookies in all databases.  If any cookie is out
+** of date set pParse->rc to SQLITE_SCHEMA.  If all schema cookies
+** make no changes to pParse->rc.
+*/
+static void schemaIsValid(Parse *pParse){
+  sqlite3 *db = pParse->db;
+  int iDb;
+  int rc;
+  int cookie;
+
+  assert( pParse->checkSchema );
+  assert( sqlite3_mutex_held(db->mutex) );
+  for(iDb=0; iDb<db->nDb; iDb++){
+    int openedTransaction = 0;         /* True if a transaction is opened */
+    Btree *pBt = db->aDb[iDb].pBt;     /* Btree database to read cookie from */
+    if( pBt==0 ) continue;
+
+    /* If there is not already a read-only (or read-write) transaction opened
+    ** on the b-tree database, open one now. If a transaction is opened, it 
+    ** will be closed immediately after reading the meta-value. */
+    if( !sqlite3BtreeIsInReadTrans(pBt) ){
+      rc = sqlite3BtreeBeginTrans(pBt, 0);
+      if( rc==SQLITE_NOMEM || rc==SQLITE_IOERR_NOMEM ){
+        db->mallocFailed = 1;
+      }
+      if( rc!=SQLITE_OK ) return;
+      openedTransaction = 1;
+    }
+
+    /* Read the schema cookie from the database. If it does not match the 
+    ** value stored as part of the in-memory schema representation,
+    ** set Parse.rc to SQLITE_SCHEMA. */
+    sqlite3BtreeGetMeta(pBt, BTREE_SCHEMA_VERSION, (u32 *)&cookie);
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    if( cookie!=db->aDb[iDb].pSchema->schema_cookie ){
+      sqlite3ResetOneSchema(db, iDb);
+      pParse->rc = SQLITE_SCHEMA;
+    }
+
+    /* Close the transaction, if one was opened. */
+    if( openedTransaction ){
+      sqlite3BtreeCommit(pBt);
+    }
+  }
+}
+
+/*
+** Convert a schema pointer into the iDb index that indicates
+** which database file in db->aDb[] the schema refers to.
+**
+** If the same database is attached more than once, the first
+** attached database is returned.
+*/
+SQLITE_PRIVATE int sqlite3SchemaToIndex(sqlite3 *db, Schema *pSchema){
+  int i = -1000000;
+
+  /* If pSchema is NULL, then return -1000000. This happens when code in 
+  ** expr.c is trying to resolve a reference to a transient table (i.e. one
+  ** created by a sub-select). In this case the return value of this 
+  ** function should never be used.
+  **
+  ** We return -1000000 instead of the more usual -1 simply because using
+  ** -1000000 as the incorrect index into db->aDb[] is much 
+  ** more likely to cause a segfault than -1 (of course there are assert()
+  ** statements too, but it never hurts to play the odds).
+  */
+  assert( sqlite3_mutex_held(db->mutex) );
+  if( pSchema ){
+    for(i=0; ALWAYS(i<db->nDb); i++){
+      if( db->aDb[i].pSchema==pSchema ){
+        break;
+      }
+    }
+    assert( i>=0 && i<db->nDb );
+  }
+  return i;
+}
+
+/*
+** Free all memory allocations in the pParse object
+*/
+SQLITE_PRIVATE void sqlite3ParserReset(Parse *pParse){
+  if( pParse ){
+    sqlite3 *db = pParse->db;
+    sqlite3DbFree(db, pParse->aLabel);
+    sqlite3ExprListDelete(db, pParse->pConstExpr);
+  }
+}
+
+/*
+** Compile the UTF-8 encoded SQL statement zSql into a statement handle.
+*/
+static int sqlite3Prepare(
+  sqlite3 *db,              /* Database handle. */
+  const char *zSql,         /* UTF-8 encoded SQL statement. */
+  int nBytes,               /* Length of zSql in bytes. */
+  int saveSqlFlag,          /* True to copy SQL text into the sqlite3_stmt */
+  Vdbe *pReprepare,         /* VM being reprepared */
+  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
+  const char **pzTail       /* OUT: End of parsed string */
+){
+  Parse *pParse;            /* Parsing context */
+  char *zErrMsg = 0;        /* Error message */
+  int rc = SQLITE_OK;       /* Result code */
+  int i;                    /* Loop counter */
+
+  /* Allocate the parsing context */
+  pParse = sqlite3StackAllocZero(db, sizeof(*pParse));
+  if( pParse==0 ){
+    rc = SQLITE_NOMEM;
+    goto end_prepare;
+  }
+  pParse->pReprepare = pReprepare;
+  assert( ppStmt && *ppStmt==0 );
+  assert( !db->mallocFailed );
+  assert( sqlite3_mutex_held(db->mutex) );
+
+  /* Check to verify that it is possible to get a read lock on all
+  ** database schemas.  The inability to get a read lock indicates that
+  ** some other database connection is holding a write-lock, which in
+  ** turn means that the other connection has made uncommitted changes
+  ** to the schema.
+  **
+  ** Were we to proceed and prepare the statement against the uncommitted
+  ** schema changes and if those schema changes are subsequently rolled
+  ** back and different changes are made in their place, then when this
+  ** prepared statement goes to run the schema cookie would fail to detect
+  ** the schema change.  Disaster would follow.
+  **
+  ** This thread is currently holding mutexes on all Btrees (because
+  ** of the sqlite3BtreeEnterAll() in sqlite3LockAndPrepare()) so it
+  ** is not possible for another thread to start a new schema change
+  ** while this routine is running.  Hence, we do not need to hold 
+  ** locks on the schema, we just need to make sure nobody else is 
+  ** holding them.
+  **
+  ** Note that setting READ_UNCOMMITTED overrides most lock detection,
+  ** but it does *not* override schema lock detection, so this all still
+  ** works even if READ_UNCOMMITTED is set.
+  */
+  for(i=0; i<db->nDb; i++) {
+    Btree *pBt = db->aDb[i].pBt;
+    if( pBt ){
+      assert( sqlite3BtreeHoldsMutex(pBt) );
+      rc = sqlite3BtreeSchemaLocked(pBt);
+      if( rc ){
+        const char *zDb = db->aDb[i].zName;
+        sqlite3ErrorWithMsg(db, rc, "database schema is locked: %s", zDb);
+        testcase( db->flags & SQLITE_ReadUncommitted );
+        goto end_prepare;
+      }
+    }
+  }
+
+  sqlite3VtabUnlockList(db);
+
+  pParse->db = db;
+  pParse->nQueryLoop = 0;  /* Logarithmic, so 0 really means 1 */
+  if( nBytes>=0 && (nBytes==0 || zSql[nBytes-1]!=0) ){
+    char *zSqlCopy;
+    int mxLen = db->aLimit[SQLITE_LIMIT_SQL_LENGTH];
+    testcase( nBytes==mxLen );
+    testcase( nBytes==mxLen+1 );
+    if( nBytes>mxLen ){
+      sqlite3ErrorWithMsg(db, SQLITE_TOOBIG, "statement too long");
+      rc = sqlite3ApiExit(db, SQLITE_TOOBIG);
+      goto end_prepare;
+    }
+    zSqlCopy = sqlite3DbStrNDup(db, zSql, nBytes);
+    if( zSqlCopy ){
+      sqlite3RunParser(pParse, zSqlCopy, &zErrMsg);
+      sqlite3DbFree(db, zSqlCopy);
+      pParse->zTail = &zSql[pParse->zTail-zSqlCopy];
+    }else{
+      pParse->zTail = &zSql[nBytes];
+    }
+  }else{
+    sqlite3RunParser(pParse, zSql, &zErrMsg);
+  }
+  assert( 0==pParse->nQueryLoop );
+
+  if( db->mallocFailed ){
+    pParse->rc = SQLITE_NOMEM;
+  }
+  if( pParse->rc==SQLITE_DONE ) pParse->rc = SQLITE_OK;
+  if( pParse->checkSchema ){
+    schemaIsValid(pParse);
+  }
+  if( db->mallocFailed ){
+    pParse->rc = SQLITE_NOMEM;
+  }
+  if( pzTail ){
+    *pzTail = pParse->zTail;
+  }
+  rc = pParse->rc;
+
+#ifndef SQLITE_OMIT_EXPLAIN
+  if( rc==SQLITE_OK && pParse->pVdbe && pParse->explain ){
+    static const char * const azColName[] = {
+       "addr", "opcode", "p1", "p2", "p3", "p4", "p5", "comment",
+       "selectid", "order", "from", "detail"
+    };
+    int iFirst, mx;
+    if( pParse->explain==2 ){
+      sqlite3VdbeSetNumCols(pParse->pVdbe, 4);
+      iFirst = 8;
+      mx = 12;
+    }else{
+      sqlite3VdbeSetNumCols(pParse->pVdbe, 8);
+      iFirst = 0;
+      mx = 8;
+    }
+    for(i=iFirst; i<mx; i++){
+      sqlite3VdbeSetColName(pParse->pVdbe, i-iFirst, COLNAME_NAME,
+                            azColName[i], SQLITE_STATIC);
+    }
+  }
+#endif
+
+  if( db->init.busy==0 ){
+    Vdbe *pVdbe = pParse->pVdbe;
+    sqlite3VdbeSetSql(pVdbe, zSql, (int)(pParse->zTail-zSql), saveSqlFlag);
+  }
+  if( pParse->pVdbe && (rc!=SQLITE_OK || db->mallocFailed) ){
+    sqlite3VdbeFinalize(pParse->pVdbe);
+    assert(!(*ppStmt));
+  }else{
+    *ppStmt = (sqlite3_stmt*)pParse->pVdbe;
+  }
+
+  if( zErrMsg ){
+    sqlite3ErrorWithMsg(db, rc, "%s", zErrMsg);
+    sqlite3DbFree(db, zErrMsg);
+  }else{
+    sqlite3Error(db, rc);
+  }
+
+  /* Delete any TriggerPrg structures allocated while parsing this statement. */
+  while( pParse->pTriggerPrg ){
+    TriggerPrg *pT = pParse->pTriggerPrg;
+    pParse->pTriggerPrg = pT->pNext;
+    sqlite3DbFree(db, pT);
+  }
+
+end_prepare:
+
+  sqlite3ParserReset(pParse);
+  sqlite3StackFree(db, pParse);
+  rc = sqlite3ApiExit(db, rc);
+  assert( (rc&db->errMask)==rc );
+  return rc;
+}
+static int sqlite3LockAndPrepare(
+  sqlite3 *db,              /* Database handle. */
+  const char *zSql,         /* UTF-8 encoded SQL statement. */
+  int nBytes,               /* Length of zSql in bytes. */
+  int saveSqlFlag,          /* True to copy SQL text into the sqlite3_stmt */
+  Vdbe *pOld,               /* VM being reprepared */
+  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
+  const char **pzTail       /* OUT: End of parsed string */
+){
+  int rc;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( ppStmt==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  *ppStmt = 0;
+  if( !sqlite3SafetyCheckOk(db)||zSql==0 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+  sqlite3_mutex_enter(db->mutex);
+  sqlite3BtreeEnterAll(db);
+  rc = sqlite3Prepare(db, zSql, nBytes, saveSqlFlag, pOld, ppStmt, pzTail);
+  if( rc==SQLITE_SCHEMA ){
+    sqlite3_finalize(*ppStmt);
+    rc = sqlite3Prepare(db, zSql, nBytes, saveSqlFlag, pOld, ppStmt, pzTail);
+  }
+  sqlite3BtreeLeaveAll(db);
+  sqlite3_mutex_leave(db->mutex);
+  assert( rc==SQLITE_OK || *ppStmt==0 );
+  return rc;
+}
+
+/*
+** Rerun the compilation of a statement after a schema change.
+**
+** If the statement is successfully recompiled, return SQLITE_OK. Otherwise,
+** if the statement cannot be recompiled because another connection has
+** locked the sqlite3_master table, return SQLITE_LOCKED. If any other error
+** occurs, return SQLITE_SCHEMA.
+*/
+SQLITE_PRIVATE int sqlite3Reprepare(Vdbe *p){
+  int rc;
+  sqlite3_stmt *pNew;
+  const char *zSql;
+  sqlite3 *db;
+
+  assert( sqlite3_mutex_held(sqlite3VdbeDb(p)->mutex) );
+  zSql = sqlite3_sql((sqlite3_stmt *)p);
+  assert( zSql!=0 );  /* Reprepare only called for prepare_v2() statements */
+  db = sqlite3VdbeDb(p);
+  assert( sqlite3_mutex_held(db->mutex) );
+  rc = sqlite3LockAndPrepare(db, zSql, -1, 0, p, &pNew, 0);
+  if( rc ){
+    if( rc==SQLITE_NOMEM ){
+      db->mallocFailed = 1;
+    }
+    assert( pNew==0 );
+    return rc;
+  }else{
+    assert( pNew!=0 );
+  }
+  sqlite3VdbeSwap((Vdbe*)pNew, p);
+  sqlite3TransferBindings(pNew, (sqlite3_stmt*)p);
+  sqlite3VdbeResetStepResult((Vdbe*)pNew);
+  sqlite3VdbeFinalize((Vdbe*)pNew);
+  return SQLITE_OK;
+}
+
+
+/*
+** Two versions of the official API.  Legacy and new use.  In the legacy
+** version, the original SQL text is not saved in the prepared statement
+** and so if a schema change occurs, SQLITE_SCHEMA is returned by
+** sqlite3_step().  In the new version, the original SQL text is retained
+** and the statement is automatically recompiled if an schema change
+** occurs.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare(
+  sqlite3 *db,              /* Database handle. */
+  const char *zSql,         /* UTF-8 encoded SQL statement. */
+  int nBytes,               /* Length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
+  const char **pzTail       /* OUT: End of parsed string */
+){
+  int rc;
+  rc = sqlite3LockAndPrepare(db,zSql,nBytes,0,0,ppStmt,pzTail);
+  assert( rc==SQLITE_OK || ppStmt==0 || *ppStmt==0 );  /* VERIFY: F13021 */
+  return rc;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare_v2(
+  sqlite3 *db,              /* Database handle. */
+  const char *zSql,         /* UTF-8 encoded SQL statement. */
+  int nBytes,               /* Length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
+  const char **pzTail       /* OUT: End of parsed string */
+){
+  int rc;
+  rc = sqlite3LockAndPrepare(db,zSql,nBytes,1,0,ppStmt,pzTail);
+  assert( rc==SQLITE_OK || ppStmt==0 || *ppStmt==0 );  /* VERIFY: F13021 */
+  return rc;
+}
+
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** Compile the UTF-16 encoded SQL statement zSql into a statement handle.
+*/
+static int sqlite3Prepare16(
+  sqlite3 *db,              /* Database handle. */ 
+  const void *zSql,         /* UTF-16 encoded SQL statement. */
+  int nBytes,               /* Length of zSql in bytes. */
+  int saveSqlFlag,          /* True to save SQL text into the sqlite3_stmt */
+  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
+  const void **pzTail       /* OUT: End of parsed string */
+){
+  /* This function currently works by first transforming the UTF-16
+  ** encoded string to UTF-8, then invoking sqlite3_prepare(). The
+  ** tricky bit is figuring out the pointer to return in *pzTail.
+  */
+  char *zSql8;
+  const char *zTail8 = 0;
+  int rc = SQLITE_OK;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( ppStmt==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  *ppStmt = 0;
+  if( !sqlite3SafetyCheckOk(db)||zSql==0 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+  if( nBytes>=0 ){
+    int sz;
+    const char *z = (const char*)zSql;
+    for(sz=0; sz<nBytes && (z[sz]!=0 || z[sz+1]!=0); sz += 2){}
+    nBytes = sz;
+  }
+  sqlite3_mutex_enter(db->mutex);
+  zSql8 = sqlite3Utf16to8(db, zSql, nBytes, SQLITE_UTF16NATIVE);
+  if( zSql8 ){
+    rc = sqlite3LockAndPrepare(db, zSql8, -1, saveSqlFlag, 0, ppStmt, &zTail8);
+  }
+
+  if( zTail8 && pzTail ){
+    /* If sqlite3_prepare returns a tail pointer, we calculate the
+    ** equivalent pointer into the UTF-16 string by counting the unicode
+    ** characters between zSql8 and zTail8, and then returning a pointer
+    ** the same number of characters into the UTF-16 string.
+    */
+    int chars_parsed = sqlite3Utf8CharLen(zSql8, (int)(zTail8-zSql8));
+    *pzTail = (u8 *)zSql + sqlite3Utf16ByteLen(zSql, chars_parsed);
+  }
+  sqlite3DbFree(db, zSql8); 
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** Two versions of the official API.  Legacy and new use.  In the legacy
+** version, the original SQL text is not saved in the prepared statement
+** and so if a schema change occurs, SQLITE_SCHEMA is returned by
+** sqlite3_step().  In the new version, the original SQL text is retained
+** and the statement is automatically recompiled if an schema change
+** occurs.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare16(
+  sqlite3 *db,              /* Database handle. */ 
+  const void *zSql,         /* UTF-16 encoded SQL statement. */
+  int nBytes,               /* Length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
+  const void **pzTail       /* OUT: End of parsed string */
+){
+  int rc;
+  rc = sqlite3Prepare16(db,zSql,nBytes,0,ppStmt,pzTail);
+  assert( rc==SQLITE_OK || ppStmt==0 || *ppStmt==0 );  /* VERIFY: F13021 */
+  return rc;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare16_v2(
+  sqlite3 *db,              /* Database handle. */ 
+  const void *zSql,         /* UTF-16 encoded SQL statement. */
+  int nBytes,               /* Length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,    /* OUT: A pointer to the prepared statement */
+  const void **pzTail       /* OUT: End of parsed string */
+){
+  int rc;
+  rc = sqlite3Prepare16(db,zSql,nBytes,1,ppStmt,pzTail);
+  assert( rc==SQLITE_OK || ppStmt==0 || *ppStmt==0 );  /* VERIFY: F13021 */
+  return rc;
+}
+
+#endif /* SQLITE_OMIT_UTF16 */
+
+/************** End of prepare.c *********************************************/
+/************** Begin file select.c ******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains C code routines that are called by the parser
+** to handle SELECT statements in SQLite.
+*/
+/* #include "sqliteInt.h" */
+
+/*
+** Trace output macros
+*/
+#if SELECTTRACE_ENABLED
+/***/ int sqlite3SelectTrace = 0;
+# define SELECTTRACE(K,P,S,X)  \
+  if(sqlite3SelectTrace&(K))   \
+    sqlite3DebugPrintf("%*s%s.%p: ",(P)->nSelectIndent*2-2,"",\
+        (S)->zSelName,(S)),\
+    sqlite3DebugPrintf X
+#else
+# define SELECTTRACE(K,P,S,X)
+#endif
+
+
+/*
+** An instance of the following object is used to record information about
+** how to process the DISTINCT keyword, to simplify passing that information
+** into the selectInnerLoop() routine.
+*/
+typedef struct DistinctCtx DistinctCtx;
+struct DistinctCtx {
+  u8 isTnct;      /* True if the DISTINCT keyword is present */
+  u8 eTnctType;   /* One of the WHERE_DISTINCT_* operators */
+  int tabTnct;    /* Ephemeral table used for DISTINCT processing */
+  int addrTnct;   /* Address of OP_OpenEphemeral opcode for tabTnct */
+};
+
+/*
+** An instance of the following object is used to record information about
+** the ORDER BY (or GROUP BY) clause of query is being coded.
+*/
+typedef struct SortCtx SortCtx;
+struct SortCtx {
+  ExprList *pOrderBy;   /* The ORDER BY (or GROUP BY clause) */
+  int nOBSat;           /* Number of ORDER BY terms satisfied by indices */
+  int iECursor;         /* Cursor number for the sorter */
+  int regReturn;        /* Register holding block-output return address */
+  int labelBkOut;       /* Start label for the block-output subroutine */
+  int addrSortIndex;    /* Address of the OP_SorterOpen or OP_OpenEphemeral */
+  int labelDone;        /* Jump here when done, ex: LIMIT reached */
+  u8 sortFlags;         /* Zero or more SORTFLAG_* bits */
+};
+#define SORTFLAG_UseSorter  0x01   /* Use SorterOpen instead of OpenEphemeral */
+
+/*
+** Delete all the content of a Select structure.  Deallocate the structure
+** itself only if bFree is true.
+*/
+static void clearSelect(sqlite3 *db, Select *p, int bFree){
+  while( p ){
+    Select *pPrior = p->pPrior;
+    sqlite3ExprListDelete(db, p->pEList);
+    sqlite3SrcListDelete(db, p->pSrc);
+    sqlite3ExprDelete(db, p->pWhere);
+    sqlite3ExprListDelete(db, p->pGroupBy);
+    sqlite3ExprDelete(db, p->pHaving);
+    sqlite3ExprListDelete(db, p->pOrderBy);
+    sqlite3ExprDelete(db, p->pLimit);
+    sqlite3ExprDelete(db, p->pOffset);
+    sqlite3WithDelete(db, p->pWith);
+    if( bFree ) sqlite3DbFree(db, p);
+    p = pPrior;
+    bFree = 1;
+  }
+}
+
+/*
+** Initialize a SelectDest structure.
+*/
+SQLITE_PRIVATE void sqlite3SelectDestInit(SelectDest *pDest, int eDest, int iParm){
+  pDest->eDest = (u8)eDest;
+  pDest->iSDParm = iParm;
+  pDest->affSdst = 0;
+  pDest->iSdst = 0;
+  pDest->nSdst = 0;
+}
+
+
+/*
+** Allocate a new Select structure and return a pointer to that
+** structure.
+*/
+SQLITE_PRIVATE Select *sqlite3SelectNew(
+  Parse *pParse,        /* Parsing context */
+  ExprList *pEList,     /* which columns to include in the result */
+  SrcList *pSrc,        /* the FROM clause -- which tables to scan */
+  Expr *pWhere,         /* the WHERE clause */
+  ExprList *pGroupBy,   /* the GROUP BY clause */
+  Expr *pHaving,        /* the HAVING clause */
+  ExprList *pOrderBy,   /* the ORDER BY clause */
+  u16 selFlags,         /* Flag parameters, such as SF_Distinct */
+  Expr *pLimit,         /* LIMIT value.  NULL means not used */
+  Expr *pOffset         /* OFFSET value.  NULL means no offset */
+){
+  Select *pNew;
+  Select standin;
+  sqlite3 *db = pParse->db;
+  pNew = sqlite3DbMallocZero(db, sizeof(*pNew) );
+  if( pNew==0 ){
+    assert( db->mallocFailed );
+    pNew = &standin;
+    memset(pNew, 0, sizeof(*pNew));
+  }
+  if( pEList==0 ){
+    pEList = sqlite3ExprListAppend(pParse, 0, sqlite3Expr(db,TK_ASTERISK,0));
+  }
+  pNew->pEList = pEList;
+  if( pSrc==0 ) pSrc = sqlite3DbMallocZero(db, sizeof(*pSrc));
+  pNew->pSrc = pSrc;
+  pNew->pWhere = pWhere;
+  pNew->pGroupBy = pGroupBy;
+  pNew->pHaving = pHaving;
+  pNew->pOrderBy = pOrderBy;
+  pNew->selFlags = selFlags;
+  pNew->op = TK_SELECT;
+  pNew->pLimit = pLimit;
+  pNew->pOffset = pOffset;
+  assert( pOffset==0 || pLimit!=0 || pParse->nErr>0 || db->mallocFailed!=0 );
+  pNew->addrOpenEphm[0] = -1;
+  pNew->addrOpenEphm[1] = -1;
+  if( db->mallocFailed ) {
+    clearSelect(db, pNew, pNew!=&standin);
+    pNew = 0;
+  }else{
+    assert( pNew->pSrc!=0 || pParse->nErr>0 );
+  }
+  assert( pNew!=&standin );
+  return pNew;
+}
+
+#if SELECTTRACE_ENABLED
+/*
+** Set the name of a Select object
+*/
+SQLITE_PRIVATE void sqlite3SelectSetName(Select *p, const char *zName){
+  if( p && zName ){
+    sqlite3_snprintf(sizeof(p->zSelName), p->zSelName, "%s", zName);
+  }
+}
+#endif
+
+
+/*
+** Delete the given Select structure and all of its substructures.
+*/
+SQLITE_PRIVATE void sqlite3SelectDelete(sqlite3 *db, Select *p){
+  clearSelect(db, p, 1);
+}
+
+/*
+** Return a pointer to the right-most SELECT statement in a compound.
+*/
+static Select *findRightmost(Select *p){
+  while( p->pNext ) p = p->pNext;
+  return p;
+}
+
+/*
+** Given 1 to 3 identifiers preceding the JOIN keyword, determine the
+** type of join.  Return an integer constant that expresses that type
+** in terms of the following bit values:
+**
+**     JT_INNER
+**     JT_CROSS
+**     JT_OUTER
+**     JT_NATURAL
+**     JT_LEFT
+**     JT_RIGHT
+**
+** A full outer join is the combination of JT_LEFT and JT_RIGHT.
+**
+** If an illegal or unsupported join type is seen, then still return
+** a join type, but put an error in the pParse structure.
+*/
+SQLITE_PRIVATE int sqlite3JoinType(Parse *pParse, Token *pA, Token *pB, Token *pC){
+  int jointype = 0;
+  Token *apAll[3];
+  Token *p;
+                             /*   0123456789 123456789 123456789 123 */
+  static const char zKeyText[] = "naturaleftouterightfullinnercross";
+  static const struct {
+    u8 i;        /* Beginning of keyword text in zKeyText[] */
+    u8 nChar;    /* Length of the keyword in characters */
+    u8 code;     /* Join type mask */
+  } aKeyword[] = {
+    /* natural */ { 0,  7, JT_NATURAL                },
+    /* left    */ { 6,  4, JT_LEFT|JT_OUTER          },
+    /* outer   */ { 10, 5, JT_OUTER                  },
+    /* right   */ { 14, 5, JT_RIGHT|JT_OUTER         },
+    /* full    */ { 19, 4, JT_LEFT|JT_RIGHT|JT_OUTER },
+    /* inner   */ { 23, 5, JT_INNER                  },
+    /* cross   */ { 28, 5, JT_INNER|JT_CROSS         },
+  };
+  int i, j;
+  apAll[0] = pA;
+  apAll[1] = pB;
+  apAll[2] = pC;
+  for(i=0; i<3 && apAll[i]; i++){
+    p = apAll[i];
+    for(j=0; j<ArraySize(aKeyword); j++){
+      if( p->n==aKeyword[j].nChar 
+          && sqlite3StrNICmp((char*)p->z, &zKeyText[aKeyword[j].i], p->n)==0 ){
+        jointype |= aKeyword[j].code;
+        break;
+      }
+    }
+    testcase( j==0 || j==1 || j==2 || j==3 || j==4 || j==5 || j==6 );
+    if( j>=ArraySize(aKeyword) ){
+      jointype |= JT_ERROR;
+      break;
+    }
+  }
+  if(
+     (jointype & (JT_INNER|JT_OUTER))==(JT_INNER|JT_OUTER) ||
+     (jointype & JT_ERROR)!=0
+  ){
+    const char *zSp = " ";
+    assert( pB!=0 );
+    if( pC==0 ){ zSp++; }
+    sqlite3ErrorMsg(pParse, "unknown or unsupported join type: "
+       "%T %T%s%T", pA, pB, zSp, pC);
+    jointype = JT_INNER;
+  }else if( (jointype & JT_OUTER)!=0 
+         && (jointype & (JT_LEFT|JT_RIGHT))!=JT_LEFT ){
+    sqlite3ErrorMsg(pParse, 
+      "RIGHT and FULL OUTER JOINs are not currently supported");
+    jointype = JT_INNER;
+  }
+  return jointype;
+}
+
+/*
+** Return the index of a column in a table.  Return -1 if the column
+** is not contained in the table.
+*/
+static int columnIndex(Table *pTab, const char *zCol){
+  int i;
+  for(i=0; i<pTab->nCol; i++){
+    if( sqlite3StrICmp(pTab->aCol[i].zName, zCol)==0 ) return i;
+  }
+  return -1;
+}
+
+/*
+** Search the first N tables in pSrc, from left to right, looking for a
+** table that has a column named zCol.  
+**
+** When found, set *piTab and *piCol to the table index and column index
+** of the matching column and return TRUE.
+**
+** If not found, return FALSE.
+*/
+static int tableAndColumnIndex(
+  SrcList *pSrc,       /* Array of tables to search */
+  int N,               /* Number of tables in pSrc->a[] to search */
+  const char *zCol,    /* Name of the column we are looking for */
+  int *piTab,          /* Write index of pSrc->a[] here */
+  int *piCol           /* Write index of pSrc->a[*piTab].pTab->aCol[] here */
+){
+  int i;               /* For looping over tables in pSrc */
+  int iCol;            /* Index of column matching zCol */
+
+  assert( (piTab==0)==(piCol==0) );  /* Both or neither are NULL */
+  for(i=0; i<N; i++){
+    iCol = columnIndex(pSrc->a[i].pTab, zCol);
+    if( iCol>=0 ){
+      if( piTab ){
+        *piTab = i;
+        *piCol = iCol;
+      }
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** This function is used to add terms implied by JOIN syntax to the
+** WHERE clause expression of a SELECT statement. The new term, which
+** is ANDed with the existing WHERE clause, is of the form:
+**
+**    (tab1.col1 = tab2.col2)
+**
+** where tab1 is the iSrc'th table in SrcList pSrc and tab2 is the 
+** (iSrc+1)'th. Column col1 is column iColLeft of tab1, and col2 is
+** column iColRight of tab2.
+*/
+static void addWhereTerm(
+  Parse *pParse,                  /* Parsing context */
+  SrcList *pSrc,                  /* List of tables in FROM clause */
+  int iLeft,                      /* Index of first table to join in pSrc */
+  int iColLeft,                   /* Index of column in first table */
+  int iRight,                     /* Index of second table in pSrc */
+  int iColRight,                  /* Index of column in second table */
+  int isOuterJoin,                /* True if this is an OUTER join */
+  Expr **ppWhere                  /* IN/OUT: The WHERE clause to add to */
+){
+  sqlite3 *db = pParse->db;
+  Expr *pE1;
+  Expr *pE2;
+  Expr *pEq;
+
+  assert( iLeft<iRight );
+  assert( pSrc->nSrc>iRight );
+  assert( pSrc->a[iLeft].pTab );
+  assert( pSrc->a[iRight].pTab );
+
+  pE1 = sqlite3CreateColumnExpr(db, pSrc, iLeft, iColLeft);
+  pE2 = sqlite3CreateColumnExpr(db, pSrc, iRight, iColRight);
+
+  pEq = sqlite3PExpr(pParse, TK_EQ, pE1, pE2, 0);
+  if( pEq && isOuterJoin ){
+    ExprSetProperty(pEq, EP_FromJoin);
+    assert( !ExprHasProperty(pEq, EP_TokenOnly|EP_Reduced) );
+    ExprSetVVAProperty(pEq, EP_NoReduce);
+    pEq->iRightJoinTable = (i16)pE2->iTable;
+  }
+  *ppWhere = sqlite3ExprAnd(db, *ppWhere, pEq);
+}
+
+/*
+** Set the EP_FromJoin property on all terms of the given expression.
+** And set the Expr.iRightJoinTable to iTable for every term in the
+** expression.
+**
+** The EP_FromJoin property is used on terms of an expression to tell
+** the LEFT OUTER JOIN processing logic that this term is part of the
+** join restriction specified in the ON or USING clause and not a part
+** of the more general WHERE clause.  These terms are moved over to the
+** WHERE clause during join processing but we need to remember that they
+** originated in the ON or USING clause.
+**
+** The Expr.iRightJoinTable tells the WHERE clause processing that the
+** expression depends on table iRightJoinTable even if that table is not
+** explicitly mentioned in the expression.  That information is needed
+** for cases like this:
+**
+**    SELECT * FROM t1 LEFT JOIN t2 ON t1.a=t2.b AND t1.x=5
+**
+** The where clause needs to defer the handling of the t1.x=5
+** term until after the t2 loop of the join.  In that way, a
+** NULL t2 row will be inserted whenever t1.x!=5.  If we do not
+** defer the handling of t1.x=5, it will be processed immediately
+** after the t1 loop and rows with t1.x!=5 will never appear in
+** the output, which is incorrect.
+*/
+static void setJoinExpr(Expr *p, int iTable){
+  while( p ){
+    ExprSetProperty(p, EP_FromJoin);
+    assert( !ExprHasProperty(p, EP_TokenOnly|EP_Reduced) );
+    ExprSetVVAProperty(p, EP_NoReduce);
+    p->iRightJoinTable = (i16)iTable;
+    if( p->op==TK_FUNCTION && p->x.pList ){
+      int i;
+      for(i=0; i<p->x.pList->nExpr; i++){
+        setJoinExpr(p->x.pList->a[i].pExpr, iTable);
+      }
+    }
+    setJoinExpr(p->pLeft, iTable);
+    p = p->pRight;
+  } 
+}
+
+/*
+** This routine processes the join information for a SELECT statement.
+** ON and USING clauses are converted into extra terms of the WHERE clause.
+** NATURAL joins also create extra WHERE clause terms.
+**
+** The terms of a FROM clause are contained in the Select.pSrc structure.
+** The left most table is the first entry in Select.pSrc.  The right-most
+** table is the last entry.  The join operator is held in the entry to
+** the left.  Thus entry 0 contains the join operator for the join between
+** entries 0 and 1.  Any ON or USING clauses associated with the join are
+** also attached to the left entry.
+**
+** This routine returns the number of errors encountered.
+*/
+static int sqliteProcessJoin(Parse *pParse, Select *p){
+  SrcList *pSrc;                  /* All tables in the FROM clause */
+  int i, j;                       /* Loop counters */
+  struct SrcList_item *pLeft;     /* Left table being joined */
+  struct SrcList_item *pRight;    /* Right table being joined */
+
+  pSrc = p->pSrc;
+  pLeft = &pSrc->a[0];
+  pRight = &pLeft[1];
+  for(i=0; i<pSrc->nSrc-1; i++, pRight++, pLeft++){
+    Table *pLeftTab = pLeft->pTab;
+    Table *pRightTab = pRight->pTab;
+    int isOuter;
+
+    if( NEVER(pLeftTab==0 || pRightTab==0) ) continue;
+    isOuter = (pRight->fg.jointype & JT_OUTER)!=0;
+
+    /* When the NATURAL keyword is present, add WHERE clause terms for
+    ** every column that the two tables have in common.
+    */
+    if( pRight->fg.jointype & JT_NATURAL ){
+      if( pRight->pOn || pRight->pUsing ){
+        sqlite3ErrorMsg(pParse, "a NATURAL join may not have "
+           "an ON or USING clause", 0);
+        return 1;
+      }
+      for(j=0; j<pRightTab->nCol; j++){
+        char *zName;   /* Name of column in the right table */
+        int iLeft;     /* Matching left table */
+        int iLeftCol;  /* Matching column in the left table */
+
+        zName = pRightTab->aCol[j].zName;
+        if( tableAndColumnIndex(pSrc, i+1, zName, &iLeft, &iLeftCol) ){
+          addWhereTerm(pParse, pSrc, iLeft, iLeftCol, i+1, j,
+                       isOuter, &p->pWhere);
+        }
+      }
+    }
+
+    /* Disallow both ON and USING clauses in the same join
+    */
+    if( pRight->pOn && pRight->pUsing ){
+      sqlite3ErrorMsg(pParse, "cannot have both ON and USING "
+        "clauses in the same join");
+      return 1;
+    }
+
+    /* Add the ON clause to the end of the WHERE clause, connected by
+    ** an AND operator.
+    */
+    if( pRight->pOn ){
+      if( isOuter ) setJoinExpr(pRight->pOn, pRight->iCursor);
+      p->pWhere = sqlite3ExprAnd(pParse->db, p->pWhere, pRight->pOn);
+      pRight->pOn = 0;
+    }
+
+    /* Create extra terms on the WHERE clause for each column named
+    ** in the USING clause.  Example: If the two tables to be joined are 
+    ** A and B and the USING clause names X, Y, and Z, then add this
+    ** to the WHERE clause:    A.X=B.X AND A.Y=B.Y AND A.Z=B.Z
+    ** Report an error if any column mentioned in the USING clause is
+    ** not contained in both tables to be joined.
+    */
+    if( pRight->pUsing ){
+      IdList *pList = pRight->pUsing;
+      for(j=0; j<pList->nId; j++){
+        char *zName;     /* Name of the term in the USING clause */
+        int iLeft;       /* Table on the left with matching column name */
+        int iLeftCol;    /* Column number of matching column on the left */
+        int iRightCol;   /* Column number of matching column on the right */
+
+        zName = pList->a[j].zName;
+        iRightCol = columnIndex(pRightTab, zName);
+        if( iRightCol<0
+         || !tableAndColumnIndex(pSrc, i+1, zName, &iLeft, &iLeftCol)
+        ){
+          sqlite3ErrorMsg(pParse, "cannot join using column %s - column "
+            "not present in both tables", zName);
+          return 1;
+        }
+        addWhereTerm(pParse, pSrc, iLeft, iLeftCol, i+1, iRightCol,
+                     isOuter, &p->pWhere);
+      }
+    }
+  }
+  return 0;
+}
+
+/* Forward reference */
+static KeyInfo *keyInfoFromExprList(
+  Parse *pParse,       /* Parsing context */
+  ExprList *pList,     /* Form the KeyInfo object from this ExprList */
+  int iStart,          /* Begin with this column of pList */
+  int nExtra           /* Add this many extra columns to the end */
+);
+
+/*
+** Generate code that will push the record in registers regData
+** through regData+nData-1 onto the sorter.
+*/
+static void pushOntoSorter(
+  Parse *pParse,         /* Parser context */
+  SortCtx *pSort,        /* Information about the ORDER BY clause */
+  Select *pSelect,       /* The whole SELECT statement */
+  int regData,           /* First register holding data to be sorted */
+  int regOrigData,       /* First register holding data before packing */
+  int nData,             /* Number of elements in the data array */
+  int nPrefixReg         /* No. of reg prior to regData available for use */
+){
+  Vdbe *v = pParse->pVdbe;                         /* Stmt under construction */
+  int bSeq = ((pSort->sortFlags & SORTFLAG_UseSorter)==0);
+  int nExpr = pSort->pOrderBy->nExpr;              /* No. of ORDER BY terms */
+  int nBase = nExpr + bSeq + nData;                /* Fields in sorter record */
+  int regBase;                                     /* Regs for sorter record */
+  int regRecord = ++pParse->nMem;                  /* Assembled sorter record */
+  int nOBSat = pSort->nOBSat;                      /* ORDER BY terms to skip */
+  int op;                            /* Opcode to add sorter record to sorter */
+  int iLimit;                        /* LIMIT counter */
+
+  assert( bSeq==0 || bSeq==1 );
+  assert( nData==1 || regData==regOrigData );
+  if( nPrefixReg ){
+    assert( nPrefixReg==nExpr+bSeq );
+    regBase = regData - nExpr - bSeq;
+  }else{
+    regBase = pParse->nMem + 1;
+    pParse->nMem += nBase;
+  }
+  assert( pSelect->iOffset==0 || pSelect->iLimit!=0 );
+  iLimit = pSelect->iOffset ? pSelect->iOffset+1 : pSelect->iLimit;
+  pSort->labelDone = sqlite3VdbeMakeLabel(v);
+  sqlite3ExprCodeExprList(pParse, pSort->pOrderBy, regBase, regOrigData,
+                          SQLITE_ECEL_DUP|SQLITE_ECEL_REF);
+  if( bSeq ){
+    sqlite3VdbeAddOp2(v, OP_Sequence, pSort->iECursor, regBase+nExpr);
+  }
+  if( nPrefixReg==0 ){
+    sqlite3ExprCodeMove(pParse, regData, regBase+nExpr+bSeq, nData);
+  }
+  sqlite3VdbeAddOp3(v, OP_MakeRecord, regBase+nOBSat, nBase-nOBSat, regRecord);
+  if( nOBSat>0 ){
+    int regPrevKey;   /* The first nOBSat columns of the previous row */
+    int addrFirst;    /* Address of the OP_IfNot opcode */
+    int addrJmp;      /* Address of the OP_Jump opcode */
+    VdbeOp *pOp;      /* Opcode that opens the sorter */
+    int nKey;         /* Number of sorting key columns, including OP_Sequence */
+    KeyInfo *pKI;     /* Original KeyInfo on the sorter table */
+
+    regPrevKey = pParse->nMem+1;
+    pParse->nMem += pSort->nOBSat;
+    nKey = nExpr - pSort->nOBSat + bSeq;
+    if( bSeq ){
+      addrFirst = sqlite3VdbeAddOp1(v, OP_IfNot, regBase+nExpr); 
+    }else{
+      addrFirst = sqlite3VdbeAddOp1(v, OP_SequenceTest, pSort->iECursor);
+    }
+    VdbeCoverage(v);
+    sqlite3VdbeAddOp3(v, OP_Compare, regPrevKey, regBase, pSort->nOBSat);
+    pOp = sqlite3VdbeGetOp(v, pSort->addrSortIndex);
+    if( pParse->db->mallocFailed ) return;
+    pOp->p2 = nKey + nData;
+    pKI = pOp->p4.pKeyInfo;
+    memset(pKI->aSortOrder, 0, pKI->nField); /* Makes OP_Jump below testable */
+    sqlite3VdbeChangeP4(v, -1, (char*)pKI, P4_KEYINFO);
+    testcase( pKI->nXField>2 );
+    pOp->p4.pKeyInfo = keyInfoFromExprList(pParse, pSort->pOrderBy, nOBSat,
+                                           pKI->nXField-1);
+    addrJmp = sqlite3VdbeCurrentAddr(v);
+    sqlite3VdbeAddOp3(v, OP_Jump, addrJmp+1, 0, addrJmp+1); VdbeCoverage(v);
+    pSort->labelBkOut = sqlite3VdbeMakeLabel(v);
+    pSort->regReturn = ++pParse->nMem;
+    sqlite3VdbeAddOp2(v, OP_Gosub, pSort->regReturn, pSort->labelBkOut);
+    sqlite3VdbeAddOp1(v, OP_ResetSorter, pSort->iECursor);
+    if( iLimit ){
+      sqlite3VdbeAddOp2(v, OP_IfNot, iLimit, pSort->labelDone);
+      VdbeCoverage(v);
+    }
+    sqlite3VdbeJumpHere(v, addrFirst);
+    sqlite3ExprCodeMove(pParse, regBase, regPrevKey, pSort->nOBSat);
+    sqlite3VdbeJumpHere(v, addrJmp);
+  }
+  if( pSort->sortFlags & SORTFLAG_UseSorter ){
+    op = OP_SorterInsert;
+  }else{
+    op = OP_IdxInsert;
+  }
+  sqlite3VdbeAddOp2(v, op, pSort->iECursor, regRecord);
+  if( iLimit ){
+    int addr;
+    addr = sqlite3VdbeAddOp3(v, OP_IfNotZero, iLimit, 0, 1); VdbeCoverage(v);
+    sqlite3VdbeAddOp1(v, OP_Last, pSort->iECursor);
+    sqlite3VdbeAddOp1(v, OP_Delete, pSort->iECursor);
+    sqlite3VdbeJumpHere(v, addr);
+  }
+}
+
+/*
+** Add code to implement the OFFSET
+*/
+static void codeOffset(
+  Vdbe *v,          /* Generate code into this VM */
+  int iOffset,      /* Register holding the offset counter */
+  int iContinue     /* Jump here to skip the current record */
+){
+  if( iOffset>0 ){
+    sqlite3VdbeAddOp3(v, OP_IfPos, iOffset, iContinue, 1); VdbeCoverage(v);
+    VdbeComment((v, "OFFSET"));
+  }
+}
+
+/*
+** Add code that will check to make sure the N registers starting at iMem
+** form a distinct entry.  iTab is a sorting index that holds previously
+** seen combinations of the N values.  A new entry is made in iTab
+** if the current N values are new.
+**
+** A jump to addrRepeat is made and the N+1 values are popped from the
+** stack if the top N elements are not distinct.
+*/
+static void codeDistinct(
+  Parse *pParse,     /* Parsing and code generating context */
+  int iTab,          /* A sorting index used to test for distinctness */
+  int addrRepeat,    /* Jump to here if not distinct */
+  int N,             /* Number of elements */
+  int iMem           /* First element */
+){
+  Vdbe *v;
+  int r1;
+
+  v = pParse->pVdbe;
+  r1 = sqlite3GetTempReg(pParse);
+  sqlite3VdbeAddOp4Int(v, OP_Found, iTab, addrRepeat, iMem, N); VdbeCoverage(v);
+  sqlite3VdbeAddOp3(v, OP_MakeRecord, iMem, N, r1);
+  sqlite3VdbeAddOp2(v, OP_IdxInsert, iTab, r1);
+  sqlite3ReleaseTempReg(pParse, r1);
+}
+
+#ifndef SQLITE_OMIT_SUBQUERY
+/*
+** Generate an error message when a SELECT is used within a subexpression
+** (example:  "a IN (SELECT * FROM table)") but it has more than 1 result
+** column.  We do this in a subroutine because the error used to occur
+** in multiple places.  (The error only occurs in one place now, but we
+** retain the subroutine to minimize code disruption.)
+*/
+static int checkForMultiColumnSelectError(
+  Parse *pParse,       /* Parse context. */
+  SelectDest *pDest,   /* Destination of SELECT results */
+  int nExpr            /* Number of result columns returned by SELECT */
+){
+  int eDest = pDest->eDest;
+  if( nExpr>1 && (eDest==SRT_Mem || eDest==SRT_Set) ){
+    sqlite3ErrorMsg(pParse, "only a single result allowed for "
+       "a SELECT that is part of an expression");
+    return 1;
+  }else{
+    return 0;
+  }
+}
+#endif
+
+/*
+** This routine generates the code for the inside of the inner loop
+** of a SELECT.
+**
+** If srcTab is negative, then the pEList expressions
+** are evaluated in order to get the data for this row.  If srcTab is
+** zero or more, then data is pulled from srcTab and pEList is used only 
+** to get number columns and the datatype for each column.
+*/
+static void selectInnerLoop(
+  Parse *pParse,          /* The parser context */
+  Select *p,              /* The complete select statement being coded */
+  ExprList *pEList,       /* List of values being extracted */
+  int srcTab,             /* Pull data from this table */
+  SortCtx *pSort,         /* If not NULL, info on how to process ORDER BY */
+  DistinctCtx *pDistinct, /* If not NULL, info on how to process DISTINCT */
+  SelectDest *pDest,      /* How to dispose of the results */
+  int iContinue,          /* Jump here to continue with next row */
+  int iBreak              /* Jump here to break out of the inner loop */
+){
+  Vdbe *v = pParse->pVdbe;
+  int i;
+  int hasDistinct;        /* True if the DISTINCT keyword is present */
+  int regResult;              /* Start of memory holding result set */
+  int eDest = pDest->eDest;   /* How to dispose of results */
+  int iParm = pDest->iSDParm; /* First argument to disposal method */
+  int nResultCol;             /* Number of result columns */
+  int nPrefixReg = 0;         /* Number of extra registers before regResult */
+
+  assert( v );
+  assert( pEList!=0 );
+  hasDistinct = pDistinct ? pDistinct->eTnctType : WHERE_DISTINCT_NOOP;
+  if( pSort && pSort->pOrderBy==0 ) pSort = 0;
+  if( pSort==0 && !hasDistinct ){
+    assert( iContinue!=0 );
+    codeOffset(v, p->iOffset, iContinue);
+  }
+
+  /* Pull the requested columns.
+  */
+  nResultCol = pEList->nExpr;
+
+  if( pDest->iSdst==0 ){
+    if( pSort ){
+      nPrefixReg = pSort->pOrderBy->nExpr;
+      if( !(pSort->sortFlags & SORTFLAG_UseSorter) ) nPrefixReg++;
+      pParse->nMem += nPrefixReg;
+    }
+    pDest->iSdst = pParse->nMem+1;
+    pParse->nMem += nResultCol;
+  }else if( pDest->iSdst+nResultCol > pParse->nMem ){
+    /* This is an error condition that can result, for example, when a SELECT
+    ** on the right-hand side of an INSERT contains more result columns than
+    ** there are columns in the table on the left.  The error will be caught
+    ** and reported later.  But we need to make sure enough memory is allocated
+    ** to avoid other spurious errors in the meantime. */
+    pParse->nMem += nResultCol;
+  }
+  pDest->nSdst = nResultCol;
+  regResult = pDest->iSdst;
+  if( srcTab>=0 ){
+    for(i=0; i<nResultCol; i++){
+      sqlite3VdbeAddOp3(v, OP_Column, srcTab, i, regResult+i);
+      VdbeComment((v, "%s", pEList->a[i].zName));
+    }
+  }else if( eDest!=SRT_Exists ){
+    /* If the destination is an EXISTS(...) expression, the actual
+    ** values returned by the SELECT are not required.
+    */
+    u8 ecelFlags;
+    if( eDest==SRT_Mem || eDest==SRT_Output || eDest==SRT_Coroutine ){
+      ecelFlags = SQLITE_ECEL_DUP;
+    }else{
+      ecelFlags = 0;
+    }
+    sqlite3ExprCodeExprList(pParse, pEList, regResult, 0, ecelFlags);
+  }
+
+  /* If the DISTINCT keyword was present on the SELECT statement
+  ** and this row has been seen before, then do not make this row
+  ** part of the result.
+  */
+  if( hasDistinct ){
+    switch( pDistinct->eTnctType ){
+      case WHERE_DISTINCT_ORDERED: {
+        VdbeOp *pOp;            /* No longer required OpenEphemeral instr. */
+        int iJump;              /* Jump destination */
+        int regPrev;            /* Previous row content */
+
+        /* Allocate space for the previous row */
+        regPrev = pParse->nMem+1;
+        pParse->nMem += nResultCol;
+
+        /* Change the OP_OpenEphemeral coded earlier to an OP_Null
+        ** sets the MEM_Cleared bit on the first register of the
+        ** previous value.  This will cause the OP_Ne below to always
+        ** fail on the first iteration of the loop even if the first
+        ** row is all NULLs.
+        */
+        sqlite3VdbeChangeToNoop(v, pDistinct->addrTnct);
+        pOp = sqlite3VdbeGetOp(v, pDistinct->addrTnct);
+        pOp->opcode = OP_Null;
+        pOp->p1 = 1;
+        pOp->p2 = regPrev;
+
+        iJump = sqlite3VdbeCurrentAddr(v) + nResultCol;
+        for(i=0; i<nResultCol; i++){
+          CollSeq *pColl = sqlite3ExprCollSeq(pParse, pEList->a[i].pExpr);
+          if( i<nResultCol-1 ){
+            sqlite3VdbeAddOp3(v, OP_Ne, regResult+i, iJump, regPrev+i);
+            VdbeCoverage(v);
+          }else{
+            sqlite3VdbeAddOp3(v, OP_Eq, regResult+i, iContinue, regPrev+i);
+            VdbeCoverage(v);
+           }
+          sqlite3VdbeChangeP4(v, -1, (const char *)pColl, P4_COLLSEQ);
+          sqlite3VdbeChangeP5(v, SQLITE_NULLEQ);
+        }
+        assert( sqlite3VdbeCurrentAddr(v)==iJump || pParse->db->mallocFailed );
+        sqlite3VdbeAddOp3(v, OP_Copy, regResult, regPrev, nResultCol-1);
+        break;
+      }
+
+      case WHERE_DISTINCT_UNIQUE: {
+        sqlite3VdbeChangeToNoop(v, pDistinct->addrTnct);
+        break;
+      }
+
+      default: {
+        assert( pDistinct->eTnctType==WHERE_DISTINCT_UNORDERED );
+        codeDistinct(pParse, pDistinct->tabTnct, iContinue, nResultCol,
+                     regResult);
+        break;
+      }
+    }
+    if( pSort==0 ){
+      codeOffset(v, p->iOffset, iContinue);
+    }
+  }
+
+  switch( eDest ){
+    /* In this mode, write each query result to the key of the temporary
+    ** table iParm.
+    */
+#ifndef SQLITE_OMIT_COMPOUND_SELECT
+    case SRT_Union: {
+      int r1;
+      r1 = sqlite3GetTempReg(pParse);
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, regResult, nResultCol, r1);
+      sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, r1);
+      sqlite3ReleaseTempReg(pParse, r1);
+      break;
+    }
+
+    /* Construct a record from the query result, but instead of
+    ** saving that record, use it as a key to delete elements from
+    ** the temporary table iParm.
+    */
+    case SRT_Except: {
+      sqlite3VdbeAddOp3(v, OP_IdxDelete, iParm, regResult, nResultCol);
+      break;
+    }
+#endif /* SQLITE_OMIT_COMPOUND_SELECT */
+
+    /* Store the result as data using a unique key.
+    */
+    case SRT_Fifo:
+    case SRT_DistFifo:
+    case SRT_Table:
+    case SRT_EphemTab: {
+      int r1 = sqlite3GetTempRange(pParse, nPrefixReg+1);
+      testcase( eDest==SRT_Table );
+      testcase( eDest==SRT_EphemTab );
+      testcase( eDest==SRT_Fifo );
+      testcase( eDest==SRT_DistFifo );
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, regResult, nResultCol, r1+nPrefixReg);
+#ifndef SQLITE_OMIT_CTE
+      if( eDest==SRT_DistFifo ){
+        /* If the destination is DistFifo, then cursor (iParm+1) is open
+        ** on an ephemeral index. If the current row is already present
+        ** in the index, do not write it to the output. If not, add the
+        ** current row to the index and proceed with writing it to the
+        ** output table as well.  */
+        int addr = sqlite3VdbeCurrentAddr(v) + 4;
+        sqlite3VdbeAddOp4Int(v, OP_Found, iParm+1, addr, r1, 0);
+        VdbeCoverage(v);
+        sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm+1, r1);
+        assert( pSort==0 );
+      }
+#endif
+      if( pSort ){
+        pushOntoSorter(pParse, pSort, p, r1+nPrefixReg,regResult,1,nPrefixReg);
+      }else{
+        int r2 = sqlite3GetTempReg(pParse);
+        sqlite3VdbeAddOp2(v, OP_NewRowid, iParm, r2);
+        sqlite3VdbeAddOp3(v, OP_Insert, iParm, r1, r2);
+        sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
+        sqlite3ReleaseTempReg(pParse, r2);
+      }
+      sqlite3ReleaseTempRange(pParse, r1, nPrefixReg+1);
+      break;
+    }
+
+#ifndef SQLITE_OMIT_SUBQUERY
+    /* If we are creating a set for an "expr IN (SELECT ...)" construct,
+    ** then there should be a single item on the stack.  Write this
+    ** item into the set table with bogus data.
+    */
+    case SRT_Set: {
+      assert( nResultCol==1 );
+      pDest->affSdst =
+                  sqlite3CompareAffinity(pEList->a[0].pExpr, pDest->affSdst);
+      if( pSort ){
+        /* At first glance you would think we could optimize out the
+        ** ORDER BY in this case since the order of entries in the set
+        ** does not matter.  But there might be a LIMIT clause, in which
+        ** case the order does matter */
+        pushOntoSorter(pParse, pSort, p, regResult, regResult, 1, nPrefixReg);
+      }else{
+        int r1 = sqlite3GetTempReg(pParse);
+        sqlite3VdbeAddOp4(v, OP_MakeRecord, regResult,1,r1, &pDest->affSdst, 1);
+        sqlite3ExprCacheAffinityChange(pParse, regResult, 1);
+        sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, r1);
+        sqlite3ReleaseTempReg(pParse, r1);
+      }
+      break;
+    }
+
+    /* If any row exist in the result set, record that fact and abort.
+    */
+    case SRT_Exists: {
+      sqlite3VdbeAddOp2(v, OP_Integer, 1, iParm);
+      /* The LIMIT clause will terminate the loop for us */
+      break;
+    }
+
+    /* If this is a scalar select that is part of an expression, then
+    ** store the results in the appropriate memory cell and break out
+    ** of the scan loop.
+    */
+    case SRT_Mem: {
+      assert( nResultCol==1 );
+      if( pSort ){
+        pushOntoSorter(pParse, pSort, p, regResult, regResult, 1, nPrefixReg);
+      }else{
+        assert( regResult==iParm );
+        /* The LIMIT clause will jump out of the loop for us */
+      }
+      break;
+    }
+#endif /* #ifndef SQLITE_OMIT_SUBQUERY */
+
+    case SRT_Coroutine:       /* Send data to a co-routine */
+    case SRT_Output: {        /* Return the results */
+      testcase( eDest==SRT_Coroutine );
+      testcase( eDest==SRT_Output );
+      if( pSort ){
+        pushOntoSorter(pParse, pSort, p, regResult, regResult, nResultCol,
+                       nPrefixReg);
+      }else if( eDest==SRT_Coroutine ){
+        sqlite3VdbeAddOp1(v, OP_Yield, pDest->iSDParm);
+      }else{
+        sqlite3VdbeAddOp2(v, OP_ResultRow, regResult, nResultCol);
+        sqlite3ExprCacheAffinityChange(pParse, regResult, nResultCol);
+      }
+      break;
+    }
+
+#ifndef SQLITE_OMIT_CTE
+    /* Write the results into a priority queue that is order according to
+    ** pDest->pOrderBy (in pSO).  pDest->iSDParm (in iParm) is the cursor for an
+    ** index with pSO->nExpr+2 columns.  Build a key using pSO for the first
+    ** pSO->nExpr columns, then make sure all keys are unique by adding a
+    ** final OP_Sequence column.  The last column is the record as a blob.
+    */
+    case SRT_DistQueue:
+    case SRT_Queue: {
+      int nKey;
+      int r1, r2, r3;
+      int addrTest = 0;
+      ExprList *pSO;
+      pSO = pDest->pOrderBy;
+      assert( pSO );
+      nKey = pSO->nExpr;
+      r1 = sqlite3GetTempReg(pParse);
+      r2 = sqlite3GetTempRange(pParse, nKey+2);
+      r3 = r2+nKey+1;
+      if( eDest==SRT_DistQueue ){
+        /* If the destination is DistQueue, then cursor (iParm+1) is open
+        ** on a second ephemeral index that holds all values every previously
+        ** added to the queue. */
+        addrTest = sqlite3VdbeAddOp4Int(v, OP_Found, iParm+1, 0, 
+                                        regResult, nResultCol);
+        VdbeCoverage(v);
+      }
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, regResult, nResultCol, r3);
+      if( eDest==SRT_DistQueue ){
+        sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm+1, r3);
+        sqlite3VdbeChangeP5(v, OPFLAG_USESEEKRESULT);
+      }
+      for(i=0; i<nKey; i++){
+        sqlite3VdbeAddOp2(v, OP_SCopy,
+                          regResult + pSO->a[i].u.x.iOrderByCol - 1,
+                          r2+i);
+      }
+      sqlite3VdbeAddOp2(v, OP_Sequence, iParm, r2+nKey);
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, r2, nKey+2, r1);
+      sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, r1);
+      if( addrTest ) sqlite3VdbeJumpHere(v, addrTest);
+      sqlite3ReleaseTempReg(pParse, r1);
+      sqlite3ReleaseTempRange(pParse, r2, nKey+2);
+      break;
+    }
+#endif /* SQLITE_OMIT_CTE */
+
+
+
+#if !defined(SQLITE_OMIT_TRIGGER)
+    /* Discard the results.  This is used for SELECT statements inside
+    ** the body of a TRIGGER.  The purpose of such selects is to call
+    ** user-defined functions that have side effects.  We do not care
+    ** about the actual results of the select.
+    */
+    default: {
+      assert( eDest==SRT_Discard );
+      break;
+    }
+#endif
+  }
+
+  /* Jump to the end of the loop if the LIMIT is reached.  Except, if
+  ** there is a sorter, in which case the sorter has already limited
+  ** the output for us.
+  */
+  if( pSort==0 && p->iLimit ){
+    sqlite3VdbeAddOp2(v, OP_DecrJumpZero, p->iLimit, iBreak); VdbeCoverage(v);
+  }
+}
+
+/*
+** Allocate a KeyInfo object sufficient for an index of N key columns and
+** X extra columns.
+*/
+SQLITE_PRIVATE KeyInfo *sqlite3KeyInfoAlloc(sqlite3 *db, int N, int X){
+  KeyInfo *p = sqlite3DbMallocZero(0, 
+                   sizeof(KeyInfo) + (N+X)*(sizeof(CollSeq*)+1));
+  if( p ){
+    p->aSortOrder = (u8*)&p->aColl[N+X];
+    p->nField = (u16)N;
+    p->nXField = (u16)X;
+    p->enc = ENC(db);
+    p->db = db;
+    p->nRef = 1;
+  }else{
+    db->mallocFailed = 1;
+  }
+  return p;
+}
+
+/*
+** Deallocate a KeyInfo object
+*/
+SQLITE_PRIVATE void sqlite3KeyInfoUnref(KeyInfo *p){
+  if( p ){
+    assert( p->nRef>0 );
+    p->nRef--;
+    if( p->nRef==0 ) sqlite3DbFree(0, p);
+  }
+}
+
+/*
+** Make a new pointer to a KeyInfo object
+*/
+SQLITE_PRIVATE KeyInfo *sqlite3KeyInfoRef(KeyInfo *p){
+  if( p ){
+    assert( p->nRef>0 );
+    p->nRef++;
+  }
+  return p;
+}
+
+#ifdef SQLITE_DEBUG
+/*
+** Return TRUE if a KeyInfo object can be change.  The KeyInfo object
+** can only be changed if this is just a single reference to the object.
+**
+** This routine is used only inside of assert() statements.
+*/
+SQLITE_PRIVATE int sqlite3KeyInfoIsWriteable(KeyInfo *p){ return p->nRef==1; }
+#endif /* SQLITE_DEBUG */
+
+/*
+** Given an expression list, generate a KeyInfo structure that records
+** the collating sequence for each expression in that expression list.
+**
+** If the ExprList is an ORDER BY or GROUP BY clause then the resulting
+** KeyInfo structure is appropriate for initializing a virtual index to
+** implement that clause.  If the ExprList is the result set of a SELECT
+** then the KeyInfo structure is appropriate for initializing a virtual
+** index to implement a DISTINCT test.
+**
+** Space to hold the KeyInfo structure is obtained from malloc.  The calling
+** function is responsible for seeing that this structure is eventually
+** freed.
+*/
+static KeyInfo *keyInfoFromExprList(
+  Parse *pParse,       /* Parsing context */
+  ExprList *pList,     /* Form the KeyInfo object from this ExprList */
+  int iStart,          /* Begin with this column of pList */
+  int nExtra           /* Add this many extra columns to the end */
+){
+  int nExpr;
+  KeyInfo *pInfo;
+  struct ExprList_item *pItem;
+  sqlite3 *db = pParse->db;
+  int i;
+
+  nExpr = pList->nExpr;
+  pInfo = sqlite3KeyInfoAlloc(db, nExpr-iStart, nExtra+1);
+  if( pInfo ){
+    assert( sqlite3KeyInfoIsWriteable(pInfo) );
+    for(i=iStart, pItem=pList->a+iStart; i<nExpr; i++, pItem++){
+      CollSeq *pColl;
+      pColl = sqlite3ExprCollSeq(pParse, pItem->pExpr);
+      if( !pColl ) pColl = db->pDfltColl;
+      pInfo->aColl[i-iStart] = pColl;
+      pInfo->aSortOrder[i-iStart] = pItem->sortOrder;
+    }
+  }
+  return pInfo;
+}
+
+/*
+** Name of the connection operator, used for error messages.
+*/
+static const char *selectOpName(int id){
+  char *z;
+  switch( id ){
+    case TK_ALL:       z = "UNION ALL";   break;
+    case TK_INTERSECT: z = "INTERSECT";   break;
+    case TK_EXCEPT:    z = "EXCEPT";      break;
+    default:           z = "UNION";       break;
+  }
+  return z;
+}
+
+#ifndef SQLITE_OMIT_EXPLAIN
+/*
+** Unless an "EXPLAIN QUERY PLAN" command is being processed, this function
+** is a no-op. Otherwise, it adds a single row of output to the EQP result,
+** where the caption is of the form:
+**
+**   "USE TEMP B-TREE FOR xxx"
+**
+** where xxx is one of "DISTINCT", "ORDER BY" or "GROUP BY". Exactly which
+** is determined by the zUsage argument.
+*/
+static void explainTempTable(Parse *pParse, const char *zUsage){
+  if( pParse->explain==2 ){
+    Vdbe *v = pParse->pVdbe;
+    char *zMsg = sqlite3MPrintf(pParse->db, "USE TEMP B-TREE FOR %s", zUsage);
+    sqlite3VdbeAddOp4(v, OP_Explain, pParse->iSelectId, 0, 0, zMsg, P4_DYNAMIC);
+  }
+}
+
+/*
+** Assign expression b to lvalue a. A second, no-op, version of this macro
+** is provided when SQLITE_OMIT_EXPLAIN is defined. This allows the code
+** in sqlite3Select() to assign values to structure member variables that
+** only exist if SQLITE_OMIT_EXPLAIN is not defined without polluting the
+** code with #ifndef directives.
+*/
+# define explainSetInteger(a, b) a = b
+
+#else
+/* No-op versions of the explainXXX() functions and macros. */
+# define explainTempTable(y,z)
+# define explainSetInteger(y,z)
+#endif
+
+#if !defined(SQLITE_OMIT_EXPLAIN) && !defined(SQLITE_OMIT_COMPOUND_SELECT)
+/*
+** Unless an "EXPLAIN QUERY PLAN" command is being processed, this function
+** is a no-op. Otherwise, it adds a single row of output to the EQP result,
+** where the caption is of one of the two forms:
+**
+**   "COMPOSITE SUBQUERIES iSub1 and iSub2 (op)"
+**   "COMPOSITE SUBQUERIES iSub1 and iSub2 USING TEMP B-TREE (op)"
+**
+** where iSub1 and iSub2 are the integers passed as the corresponding
+** function parameters, and op is the text representation of the parameter
+** of the same name. The parameter "op" must be one of TK_UNION, TK_EXCEPT,
+** TK_INTERSECT or TK_ALL. The first form is used if argument bUseTmp is 
+** false, or the second form if it is true.
+*/
+static void explainComposite(
+  Parse *pParse,                  /* Parse context */
+  int op,                         /* One of TK_UNION, TK_EXCEPT etc. */
+  int iSub1,                      /* Subquery id 1 */
+  int iSub2,                      /* Subquery id 2 */
+  int bUseTmp                     /* True if a temp table was used */
+){
+  assert( op==TK_UNION || op==TK_EXCEPT || op==TK_INTERSECT || op==TK_ALL );
+  if( pParse->explain==2 ){
+    Vdbe *v = pParse->pVdbe;
+    char *zMsg = sqlite3MPrintf(
+        pParse->db, "COMPOUND SUBQUERIES %d AND %d %s(%s)", iSub1, iSub2,
+        bUseTmp?"USING TEMP B-TREE ":"", selectOpName(op)
+    );
+    sqlite3VdbeAddOp4(v, OP_Explain, pParse->iSelectId, 0, 0, zMsg, P4_DYNAMIC);
+  }
+}
+#else
+/* No-op versions of the explainXXX() functions and macros. */
+# define explainComposite(v,w,x,y,z)
+#endif
+
+/*
+** If the inner loop was generated using a non-null pOrderBy argument,
+** then the results were placed in a sorter.  After the loop is terminated
+** we need to run the sorter and output the results.  The following
+** routine generates the code needed to do that.
+*/
+static void generateSortTail(
+  Parse *pParse,    /* Parsing context */
+  Select *p,        /* The SELECT statement */
+  SortCtx *pSort,   /* Information on the ORDER BY clause */
+  int nColumn,      /* Number of columns of data */
+  SelectDest *pDest /* Write the sorted results here */
+){
+  Vdbe *v = pParse->pVdbe;                     /* The prepared statement */
+  int addrBreak = pSort->labelDone;            /* Jump here to exit loop */
+  int addrContinue = sqlite3VdbeMakeLabel(v);  /* Jump here for next cycle */
+  int addr;
+  int addrOnce = 0;
+  int iTab;
+  ExprList *pOrderBy = pSort->pOrderBy;
+  int eDest = pDest->eDest;
+  int iParm = pDest->iSDParm;
+  int regRow;
+  int regRowid;
+  int nKey;
+  int iSortTab;                   /* Sorter cursor to read from */
+  int nSortData;                  /* Trailing values to read from sorter */
+  int i;
+  int bSeq;                       /* True if sorter record includes seq. no. */
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+  struct ExprList_item *aOutEx = p->pEList->a;
+#endif
+
+  assert( addrBreak<0 );
+  if( pSort->labelBkOut ){
+    sqlite3VdbeAddOp2(v, OP_Gosub, pSort->regReturn, pSort->labelBkOut);
+    sqlite3VdbeGoto(v, addrBreak);
+    sqlite3VdbeResolveLabel(v, pSort->labelBkOut);
+  }
+  iTab = pSort->iECursor;
+  if( eDest==SRT_Output || eDest==SRT_Coroutine ){
+    regRowid = 0;
+    regRow = pDest->iSdst;
+    nSortData = nColumn;
+  }else{
+    regRowid = sqlite3GetTempReg(pParse);
+    regRow = sqlite3GetTempReg(pParse);
+    nSortData = 1;
+  }
+  nKey = pOrderBy->nExpr - pSort->nOBSat;
+  if( pSort->sortFlags & SORTFLAG_UseSorter ){
+    int regSortOut = ++pParse->nMem;
+    iSortTab = pParse->nTab++;
+    if( pSort->labelBkOut ){
+      addrOnce = sqlite3CodeOnce(pParse); VdbeCoverage(v);
+    }
+    sqlite3VdbeAddOp3(v, OP_OpenPseudo, iSortTab, regSortOut, nKey+1+nSortData);
+    if( addrOnce ) sqlite3VdbeJumpHere(v, addrOnce);
+    addr = 1 + sqlite3VdbeAddOp2(v, OP_SorterSort, iTab, addrBreak);
+    VdbeCoverage(v);
+    codeOffset(v, p->iOffset, addrContinue);
+    sqlite3VdbeAddOp3(v, OP_SorterData, iTab, regSortOut, iSortTab);
+    bSeq = 0;
+  }else{
+    addr = 1 + sqlite3VdbeAddOp2(v, OP_Sort, iTab, addrBreak); VdbeCoverage(v);
+    codeOffset(v, p->iOffset, addrContinue);
+    iSortTab = iTab;
+    bSeq = 1;
+  }
+  for(i=0; i<nSortData; i++){
+    sqlite3VdbeAddOp3(v, OP_Column, iSortTab, nKey+bSeq+i, regRow+i);
+    VdbeComment((v, "%s", aOutEx[i].zName ? aOutEx[i].zName : aOutEx[i].zSpan));
+  }
+  switch( eDest ){
+    case SRT_EphemTab: {
+      sqlite3VdbeAddOp2(v, OP_NewRowid, iParm, regRowid);
+      sqlite3VdbeAddOp3(v, OP_Insert, iParm, regRow, regRowid);
+      sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
+      break;
+    }
+#ifndef SQLITE_OMIT_SUBQUERY
+    case SRT_Set: {
+      assert( nColumn==1 );
+      sqlite3VdbeAddOp4(v, OP_MakeRecord, regRow, 1, regRowid,
+                        &pDest->affSdst, 1);
+      sqlite3ExprCacheAffinityChange(pParse, regRow, 1);
+      sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, regRowid);
+      break;
+    }
+    case SRT_Mem: {
+      assert( nColumn==1 );
+      sqlite3ExprCodeMove(pParse, regRow, iParm, 1);
+      /* The LIMIT clause will terminate the loop for us */
+      break;
+    }
+#endif
+    default: {
+      assert( eDest==SRT_Output || eDest==SRT_Coroutine ); 
+      testcase( eDest==SRT_Output );
+      testcase( eDest==SRT_Coroutine );
+      if( eDest==SRT_Output ){
+        sqlite3VdbeAddOp2(v, OP_ResultRow, pDest->iSdst, nColumn);
+        sqlite3ExprCacheAffinityChange(pParse, pDest->iSdst, nColumn);
+      }else{
+        sqlite3VdbeAddOp1(v, OP_Yield, pDest->iSDParm);
+      }
+      break;
+    }
+  }
+  if( regRowid ){
+    sqlite3ReleaseTempReg(pParse, regRow);
+    sqlite3ReleaseTempReg(pParse, regRowid);
+  }
+  /* The bottom of the loop
+  */
+  sqlite3VdbeResolveLabel(v, addrContinue);
+  if( pSort->sortFlags & SORTFLAG_UseSorter ){
+    sqlite3VdbeAddOp2(v, OP_SorterNext, iTab, addr); VdbeCoverage(v);
+  }else{
+    sqlite3VdbeAddOp2(v, OP_Next, iTab, addr); VdbeCoverage(v);
+  }
+  if( pSort->regReturn ) sqlite3VdbeAddOp1(v, OP_Return, pSort->regReturn);
+  sqlite3VdbeResolveLabel(v, addrBreak);
+}
+
+/*
+** Return a pointer to a string containing the 'declaration type' of the
+** expression pExpr. The string may be treated as static by the caller.
+**
+** Also try to estimate the size of the returned value and return that
+** result in *pEstWidth.
+**
+** The declaration type is the exact datatype definition extracted from the
+** original CREATE TABLE statement if the expression is a column. The
+** declaration type for a ROWID field is INTEGER. Exactly when an expression
+** is considered a column can be complex in the presence of subqueries. The
+** result-set expression in all of the following SELECT statements is 
+** considered a column by this function.
+**
+**   SELECT col FROM tbl;
+**   SELECT (SELECT col FROM tbl;
+**   SELECT (SELECT col FROM tbl);
+**   SELECT abc FROM (SELECT col AS abc FROM tbl);
+** 
+** The declaration type for any expression other than a column is NULL.
+**
+** This routine has either 3 or 6 parameters depending on whether or not
+** the SQLITE_ENABLE_COLUMN_METADATA compile-time option is used.
+*/
+#ifdef SQLITE_ENABLE_COLUMN_METADATA
+# define columnType(A,B,C,D,E,F) columnTypeImpl(A,B,C,D,E,F)
+#else /* if !defined(SQLITE_ENABLE_COLUMN_METADATA) */
+# define columnType(A,B,C,D,E,F) columnTypeImpl(A,B,F)
+#endif
+static const char *columnTypeImpl(
+  NameContext *pNC, 
+  Expr *pExpr,
+#ifdef SQLITE_ENABLE_COLUMN_METADATA
+  const char **pzOrigDb,
+  const char **pzOrigTab,
+  const char **pzOrigCol,
+#endif
+  u8 *pEstWidth
+){
+  char const *zType = 0;
+  int j;
+  u8 estWidth = 1;
+#ifdef SQLITE_ENABLE_COLUMN_METADATA
+  char const *zOrigDb = 0;
+  char const *zOrigTab = 0;
+  char const *zOrigCol = 0;
+#endif
+
+  assert( pExpr!=0 );
+  assert( pNC->pSrcList!=0 );
+  switch( pExpr->op ){
+    case TK_AGG_COLUMN:
+    case TK_COLUMN: {
+      /* The expression is a column. Locate the table the column is being
+      ** extracted from in NameContext.pSrcList. This table may be real
+      ** database table or a subquery.
+      */
+      Table *pTab = 0;            /* Table structure column is extracted from */
+      Select *pS = 0;             /* Select the column is extracted from */
+      int iCol = pExpr->iColumn;  /* Index of column in pTab */
+      testcase( pExpr->op==TK_AGG_COLUMN );
+      testcase( pExpr->op==TK_COLUMN );
+      while( pNC && !pTab ){
+        SrcList *pTabList = pNC->pSrcList;
+        for(j=0;j<pTabList->nSrc && pTabList->a[j].iCursor!=pExpr->iTable;j++);
+        if( j<pTabList->nSrc ){
+          pTab = pTabList->a[j].pTab;
+          pS = pTabList->a[j].pSelect;
+        }else{
+          pNC = pNC->pNext;
+        }
+      }
+
+      if( pTab==0 ){
+        /* At one time, code such as "SELECT new.x" within a trigger would
+        ** cause this condition to run.  Since then, we have restructured how
+        ** trigger code is generated and so this condition is no longer 
+        ** possible. However, it can still be true for statements like
+        ** the following:
+        **
+        **   CREATE TABLE t1(col INTEGER);
+        **   SELECT (SELECT t1.col) FROM FROM t1;
+        **
+        ** when columnType() is called on the expression "t1.col" in the 
+        ** sub-select. In this case, set the column type to NULL, even
+        ** though it should really be "INTEGER".
+        **
+        ** This is not a problem, as the column type of "t1.col" is never
+        ** used. When columnType() is called on the expression 
+        ** "(SELECT t1.col)", the correct type is returned (see the TK_SELECT
+        ** branch below.  */
+        break;
+      }
+
+      assert( pTab && pExpr->pTab==pTab );
+      if( pS ){
+        /* The "table" is actually a sub-select or a view in the FROM clause
+        ** of the SELECT statement. Return the declaration type and origin
+        ** data for the result-set column of the sub-select.
+        */
+        if( iCol>=0 && ALWAYS(iCol<pS->pEList->nExpr) ){
+          /* If iCol is less than zero, then the expression requests the
+          ** rowid of the sub-select or view. This expression is legal (see 
+          ** test case misc2.2.2) - it always evaluates to NULL.
+          **
+          ** The ALWAYS() is because iCol>=pS->pEList->nExpr will have been
+          ** caught already by name resolution.
+          */
+          NameContext sNC;
+          Expr *p = pS->pEList->a[iCol].pExpr;
+          sNC.pSrcList = pS->pSrc;
+          sNC.pNext = pNC;
+          sNC.pParse = pNC->pParse;
+          zType = columnType(&sNC, p,&zOrigDb,&zOrigTab,&zOrigCol, &estWidth); 
+        }
+      }else if( pTab->pSchema ){
+        /* A real table */
+        assert( !pS );
+        if( iCol<0 ) iCol = pTab->iPKey;
+        assert( iCol==-1 || (iCol>=0 && iCol<pTab->nCol) );
+#ifdef SQLITE_ENABLE_COLUMN_METADATA
+        if( iCol<0 ){
+          zType = "INTEGER";
+          zOrigCol = "rowid";
+        }else{
+          zType = pTab->aCol[iCol].zType;
+          zOrigCol = pTab->aCol[iCol].zName;
+          estWidth = pTab->aCol[iCol].szEst;
+        }
+        zOrigTab = pTab->zName;
+        if( pNC->pParse ){
+          int iDb = sqlite3SchemaToIndex(pNC->pParse->db, pTab->pSchema);
+          zOrigDb = pNC->pParse->db->aDb[iDb].zName;
+        }
+#else
+        if( iCol<0 ){
+          zType = "INTEGER";
+        }else{
+          zType = pTab->aCol[iCol].zType;
+          estWidth = pTab->aCol[iCol].szEst;
+        }
+#endif
+      }
+      break;
+    }
+#ifndef SQLITE_OMIT_SUBQUERY
+    case TK_SELECT: {
+      /* The expression is a sub-select. Return the declaration type and
+      ** origin info for the single column in the result set of the SELECT
+      ** statement.
+      */
+      NameContext sNC;
+      Select *pS = pExpr->x.pSelect;
+      Expr *p = pS->pEList->a[0].pExpr;
+      assert( ExprHasProperty(pExpr, EP_xIsSelect) );
+      sNC.pSrcList = pS->pSrc;
+      sNC.pNext = pNC;
+      sNC.pParse = pNC->pParse;
+      zType = columnType(&sNC, p, &zOrigDb, &zOrigTab, &zOrigCol, &estWidth); 
+      break;
+    }
+#endif
+  }
+
+#ifdef SQLITE_ENABLE_COLUMN_METADATA  
+  if( pzOrigDb ){
+    assert( pzOrigTab && pzOrigCol );
+    *pzOrigDb = zOrigDb;
+    *pzOrigTab = zOrigTab;
+    *pzOrigCol = zOrigCol;
+  }
+#endif
+  if( pEstWidth ) *pEstWidth = estWidth;
+  return zType;
+}
+
+/*
+** Generate code that will tell the VDBE the declaration types of columns
+** in the result set.
+*/
+static void generateColumnTypes(
+  Parse *pParse,      /* Parser context */
+  SrcList *pTabList,  /* List of tables */
+  ExprList *pEList    /* Expressions defining the result set */
+){
+#ifndef SQLITE_OMIT_DECLTYPE
+  Vdbe *v = pParse->pVdbe;
+  int i;
+  NameContext sNC;
+  sNC.pSrcList = pTabList;
+  sNC.pParse = pParse;
+  for(i=0; i<pEList->nExpr; i++){
+    Expr *p = pEList->a[i].pExpr;
+    const char *zType;
+#ifdef SQLITE_ENABLE_COLUMN_METADATA
+    const char *zOrigDb = 0;
+    const char *zOrigTab = 0;
+    const char *zOrigCol = 0;
+    zType = columnType(&sNC, p, &zOrigDb, &zOrigTab, &zOrigCol, 0);
+
+    /* The vdbe must make its own copy of the column-type and other 
+    ** column specific strings, in case the schema is reset before this
+    ** virtual machine is deleted.
+    */
+    sqlite3VdbeSetColName(v, i, COLNAME_DATABASE, zOrigDb, SQLITE_TRANSIENT);
+    sqlite3VdbeSetColName(v, i, COLNAME_TABLE, zOrigTab, SQLITE_TRANSIENT);
+    sqlite3VdbeSetColName(v, i, COLNAME_COLUMN, zOrigCol, SQLITE_TRANSIENT);
+#else
+    zType = columnType(&sNC, p, 0, 0, 0, 0);
+#endif
+    sqlite3VdbeSetColName(v, i, COLNAME_DECLTYPE, zType, SQLITE_TRANSIENT);
+  }
+#endif /* !defined(SQLITE_OMIT_DECLTYPE) */
+}
+
+/*
+** Generate code that will tell the VDBE the names of columns
+** in the result set.  This information is used to provide the
+** azCol[] values in the callback.
+*/
+static void generateColumnNames(
+  Parse *pParse,      /* Parser context */
+  SrcList *pTabList,  /* List of tables */
+  ExprList *pEList    /* Expressions defining the result set */
+){
+  Vdbe *v = pParse->pVdbe;
+  int i, j;
+  sqlite3 *db = pParse->db;
+  int fullNames, shortNames;
+
+#ifndef SQLITE_OMIT_EXPLAIN
+  /* If this is an EXPLAIN, skip this step */
+  if( pParse->explain ){
+    return;
+  }
+#endif
+
+  if( pParse->colNamesSet || db->mallocFailed ) return;
+  assert( v!=0 );
+  assert( pTabList!=0 );
+  pParse->colNamesSet = 1;
+  fullNames = (db->flags & SQLITE_FullColNames)!=0;
+  shortNames = (db->flags & SQLITE_ShortColNames)!=0;
+  sqlite3VdbeSetNumCols(v, pEList->nExpr);
+  for(i=0; i<pEList->nExpr; i++){
+    Expr *p;
+    p = pEList->a[i].pExpr;
+    if( NEVER(p==0) ) continue;
+    if( pEList->a[i].zName ){
+      char *zName = pEList->a[i].zName;
+      sqlite3VdbeSetColName(v, i, COLNAME_NAME, zName, SQLITE_TRANSIENT);
+    }else if( p->op==TK_COLUMN || p->op==TK_AGG_COLUMN ){
+      Table *pTab;
+      char *zCol;
+      int iCol = p->iColumn;
+      for(j=0; ALWAYS(j<pTabList->nSrc); j++){
+        if( pTabList->a[j].iCursor==p->iTable ) break;
+      }
+      assert( j<pTabList->nSrc );
+      pTab = pTabList->a[j].pTab;
+      if( iCol<0 ) iCol = pTab->iPKey;
+      assert( iCol==-1 || (iCol>=0 && iCol<pTab->nCol) );
+      if( iCol<0 ){
+        zCol = "rowid";
+      }else{
+        zCol = pTab->aCol[iCol].zName;
+      }
+      if( !shortNames && !fullNames ){
+        sqlite3VdbeSetColName(v, i, COLNAME_NAME, 
+            sqlite3DbStrDup(db, pEList->a[i].zSpan), SQLITE_DYNAMIC);
+      }else if( fullNames ){
+        char *zName = 0;
+        zName = sqlite3MPrintf(db, "%s.%s", pTab->zName, zCol);
+        sqlite3VdbeSetColName(v, i, COLNAME_NAME, zName, SQLITE_DYNAMIC);
+      }else{
+        sqlite3VdbeSetColName(v, i, COLNAME_NAME, zCol, SQLITE_TRANSIENT);
+      }
+    }else{
+      const char *z = pEList->a[i].zSpan;
+      z = z==0 ? sqlite3MPrintf(db, "column%d", i+1) : sqlite3DbStrDup(db, z);
+      sqlite3VdbeSetColName(v, i, COLNAME_NAME, z, SQLITE_DYNAMIC);
+    }
+  }
+  generateColumnTypes(pParse, pTabList, pEList);
+}
+
+/*
+** Given an expression list (which is really the list of expressions
+** that form the result set of a SELECT statement) compute appropriate
+** column names for a table that would hold the expression list.
+**
+** All column names will be unique.
+**
+** Only the column names are computed.  Column.zType, Column.zColl,
+** and other fields of Column are zeroed.
+**
+** Return SQLITE_OK on success.  If a memory allocation error occurs,
+** store NULL in *paCol and 0 in *pnCol and return SQLITE_NOMEM.
+*/
+SQLITE_PRIVATE int sqlite3ColumnsFromExprList(
+  Parse *pParse,          /* Parsing context */
+  ExprList *pEList,       /* Expr list from which to derive column names */
+  i16 *pnCol,             /* Write the number of columns here */
+  Column **paCol          /* Write the new column list here */
+){
+  sqlite3 *db = pParse->db;   /* Database connection */
+  int i, j;                   /* Loop counters */
+  u32 cnt;                    /* Index added to make the name unique */
+  Column *aCol, *pCol;        /* For looping over result columns */
+  int nCol;                   /* Number of columns in the result set */
+  Expr *p;                    /* Expression for a single result column */
+  char *zName;                /* Column name */
+  int nName;                  /* Size of name in zName[] */
+  Hash ht;                    /* Hash table of column names */
+
+  sqlite3HashInit(&ht);
+  if( pEList ){
+    nCol = pEList->nExpr;
+    aCol = sqlite3DbMallocZero(db, sizeof(aCol[0])*nCol);
+    testcase( aCol==0 );
+  }else{
+    nCol = 0;
+    aCol = 0;
+  }
+  assert( nCol==(i16)nCol );
+  *pnCol = nCol;
+  *paCol = aCol;
+
+  for(i=0, pCol=aCol; i<nCol && !db->mallocFailed; i++, pCol++){
+    /* Get an appropriate name for the column
+    */
+    p = sqlite3ExprSkipCollate(pEList->a[i].pExpr);
+    if( (zName = pEList->a[i].zName)!=0 ){
+      /* If the column contains an "AS <name>" phrase, use <name> as the name */
+    }else{
+      Expr *pColExpr = p;  /* The expression that is the result column name */
+      Table *pTab;         /* Table associated with this expression */
+      while( pColExpr->op==TK_DOT ){
+        pColExpr = pColExpr->pRight;
+        assert( pColExpr!=0 );
+      }
+      if( pColExpr->op==TK_COLUMN && ALWAYS(pColExpr->pTab!=0) ){
+        /* For columns use the column name name */
+        int iCol = pColExpr->iColumn;
+        pTab = pColExpr->pTab;
+        if( iCol<0 ) iCol = pTab->iPKey;
+        zName = iCol>=0 ? pTab->aCol[iCol].zName : "rowid";
+      }else if( pColExpr->op==TK_ID ){
+        assert( !ExprHasProperty(pColExpr, EP_IntValue) );
+        zName = pColExpr->u.zToken;
+      }else{
+        /* Use the original text of the column expression as its name */
+        zName = pEList->a[i].zSpan;
+      }
+    }
+    zName = sqlite3MPrintf(db, "%s", zName);
+
+    /* Make sure the column name is unique.  If the name is not unique,
+    ** append an integer to the name so that it becomes unique.
+    */
+    cnt = 0;
+    while( zName && sqlite3HashFind(&ht, zName)!=0 ){
+      nName = sqlite3Strlen30(zName);
+      if( nName>0 ){
+        for(j=nName-1; j>0 && sqlite3Isdigit(zName[j]); j--){}
+        if( zName[j]==':' ) nName = j;
+      }
+      zName = sqlite3MPrintf(db, "%.*z:%u", nName, zName, ++cnt);
+      if( cnt>3 ) sqlite3_randomness(sizeof(cnt), &cnt);
+    }
+    pCol->zName = zName;
+    sqlite3ColumnPropertiesFromName(0, pCol);
+    if( zName && sqlite3HashInsert(&ht, zName, pCol)==pCol ){
+      db->mallocFailed = 1;
+    }
+  }
+  sqlite3HashClear(&ht);
+  if( db->mallocFailed ){
+    for(j=0; j<i; j++){
+      sqlite3DbFree(db, aCol[j].zName);
+    }
+    sqlite3DbFree(db, aCol);
+    *paCol = 0;
+    *pnCol = 0;
+    return SQLITE_NOMEM;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Add type and collation information to a column list based on
+** a SELECT statement.
+** 
+** The column list presumably came from selectColumnNamesFromExprList().
+** The column list has only names, not types or collations.  This
+** routine goes through and adds the types and collations.
+**
+** This routine requires that all identifiers in the SELECT
+** statement be resolved.
+*/
+static void selectAddColumnTypeAndCollation(
+  Parse *pParse,        /* Parsing contexts */
+  Table *pTab,          /* Add column type information to this table */
+  Select *pSelect       /* SELECT used to determine types and collations */
+){
+  sqlite3 *db = pParse->db;
+  NameContext sNC;
+  Column *pCol;
+  CollSeq *pColl;
+  int i;
+  Expr *p;
+  struct ExprList_item *a;
+  u64 szAll = 0;
+
+  assert( pSelect!=0 );
+  assert( (pSelect->selFlags & SF_Resolved)!=0 );
+  assert( pTab->nCol==pSelect->pEList->nExpr || db->mallocFailed );
+  if( db->mallocFailed ) return;
+  memset(&sNC, 0, sizeof(sNC));
+  sNC.pSrcList = pSelect->pSrc;
+  a = pSelect->pEList->a;
+  for(i=0, pCol=pTab->aCol; i<pTab->nCol; i++, pCol++){
+    p = a[i].pExpr;
+    if( pCol->zType==0 ){
+      pCol->zType = sqlite3DbStrDup(db, 
+                        columnType(&sNC, p,0,0,0, &pCol->szEst));
+    }
+    szAll += pCol->szEst;
+    pCol->affinity = sqlite3ExprAffinity(p);
+    if( pCol->affinity==0 ) pCol->affinity = SQLITE_AFF_BLOB;
+    pColl = sqlite3ExprCollSeq(pParse, p);
+    if( pColl && pCol->zColl==0 ){
+      pCol->zColl = sqlite3DbStrDup(db, pColl->zName);
+    }
+  }
+  pTab->szTabRow = sqlite3LogEst(szAll*4);
+}
+
+/*
+** Given a SELECT statement, generate a Table structure that describes
+** the result set of that SELECT.
+*/
+SQLITE_PRIVATE Table *sqlite3ResultSetOfSelect(Parse *pParse, Select *pSelect){
+  Table *pTab;
+  sqlite3 *db = pParse->db;
+  int savedFlags;
+
+  savedFlags = db->flags;
+  db->flags &= ~SQLITE_FullColNames;
+  db->flags |= SQLITE_ShortColNames;
+  sqlite3SelectPrep(pParse, pSelect, 0);
+  if( pParse->nErr ) return 0;
+  while( pSelect->pPrior ) pSelect = pSelect->pPrior;
+  db->flags = savedFlags;
+  pTab = sqlite3DbMallocZero(db, sizeof(Table) );
+  if( pTab==0 ){
+    return 0;
+  }
+  /* The sqlite3ResultSetOfSelect() is only used n contexts where lookaside
+  ** is disabled */
+  assert( db->lookaside.bEnabled==0 );
+  pTab->nRef = 1;
+  pTab->zName = 0;
+  pTab->nRowLogEst = 200; assert( 200==sqlite3LogEst(1048576) );
+  sqlite3ColumnsFromExprList(pParse, pSelect->pEList, &pTab->nCol, &pTab->aCol);
+  selectAddColumnTypeAndCollation(pParse, pTab, pSelect);
+  pTab->iPKey = -1;
+  if( db->mallocFailed ){
+    sqlite3DeleteTable(db, pTab);
+    return 0;
+  }
+  return pTab;
+}
+
+/*
+** Get a VDBE for the given parser context.  Create a new one if necessary.
+** If an error occurs, return NULL and leave a message in pParse.
+*/
+SQLITE_PRIVATE Vdbe *sqlite3GetVdbe(Parse *pParse){
+  Vdbe *v = pParse->pVdbe;
+  if( v==0 ){
+    v = pParse->pVdbe = sqlite3VdbeCreate(pParse);
+    if( v ) sqlite3VdbeAddOp0(v, OP_Init);
+    if( pParse->pToplevel==0
+     && OptimizationEnabled(pParse->db,SQLITE_FactorOutConst)
+    ){
+      pParse->okConstFactor = 1;
+    }
+
+  }
+  return v;
+}
+
+
+/*
+** Compute the iLimit and iOffset fields of the SELECT based on the
+** pLimit and pOffset expressions.  pLimit and pOffset hold the expressions
+** that appear in the original SQL statement after the LIMIT and OFFSET
+** keywords.  Or NULL if those keywords are omitted. iLimit and iOffset 
+** are the integer memory register numbers for counters used to compute 
+** the limit and offset.  If there is no limit and/or offset, then 
+** iLimit and iOffset are negative.
+**
+** This routine changes the values of iLimit and iOffset only if
+** a limit or offset is defined by pLimit and pOffset.  iLimit and
+** iOffset should have been preset to appropriate default values (zero)
+** prior to calling this routine.
+**
+** The iOffset register (if it exists) is initialized to the value
+** of the OFFSET.  The iLimit register is initialized to LIMIT.  Register
+** iOffset+1 is initialized to LIMIT+OFFSET.
+**
+** Only if pLimit!=0 or pOffset!=0 do the limit registers get
+** redefined.  The UNION ALL operator uses this property to force
+** the reuse of the same limit and offset registers across multiple
+** SELECT statements.
+*/
+static void computeLimitRegisters(Parse *pParse, Select *p, int iBreak){
+  Vdbe *v = 0;
+  int iLimit = 0;
+  int iOffset;
+  int n;
+  if( p->iLimit ) return;
+
+  /* 
+  ** "LIMIT -1" always shows all rows.  There is some
+  ** controversy about what the correct behavior should be.
+  ** The current implementation interprets "LIMIT 0" to mean
+  ** no rows.
+  */
+  sqlite3ExprCacheClear(pParse);
+  assert( p->pOffset==0 || p->pLimit!=0 );
+  if( p->pLimit ){
+    p->iLimit = iLimit = ++pParse->nMem;
+    v = sqlite3GetVdbe(pParse);
+    assert( v!=0 );
+    if( sqlite3ExprIsInteger(p->pLimit, &n) ){
+      sqlite3VdbeAddOp2(v, OP_Integer, n, iLimit);
+      VdbeComment((v, "LIMIT counter"));
+      if( n==0 ){
+        sqlite3VdbeGoto(v, iBreak);
+      }else if( n>=0 && p->nSelectRow>(u64)n ){
+        p->nSelectRow = n;
+      }
+    }else{
+      sqlite3ExprCode(pParse, p->pLimit, iLimit);
+      sqlite3VdbeAddOp1(v, OP_MustBeInt, iLimit); VdbeCoverage(v);
+      VdbeComment((v, "LIMIT counter"));
+      sqlite3VdbeAddOp2(v, OP_IfNot, iLimit, iBreak); VdbeCoverage(v);
+    }
+    if( p->pOffset ){
+      p->iOffset = iOffset = ++pParse->nMem;
+      pParse->nMem++;   /* Allocate an extra register for limit+offset */
+      sqlite3ExprCode(pParse, p->pOffset, iOffset);
+      sqlite3VdbeAddOp1(v, OP_MustBeInt, iOffset); VdbeCoverage(v);
+      VdbeComment((v, "OFFSET counter"));
+      sqlite3VdbeAddOp3(v, OP_SetIfNotPos, iOffset, iOffset, 0);
+      sqlite3VdbeAddOp3(v, OP_Add, iLimit, iOffset, iOffset+1);
+      VdbeComment((v, "LIMIT+OFFSET"));
+      sqlite3VdbeAddOp3(v, OP_SetIfNotPos, iLimit, iOffset+1, -1);
+    }
+  }
+}
+
+#ifndef SQLITE_OMIT_COMPOUND_SELECT
+/*
+** Return the appropriate collating sequence for the iCol-th column of
+** the result set for the compound-select statement "p".  Return NULL if
+** the column has no default collating sequence.
+**
+** The collating sequence for the compound select is taken from the
+** left-most term of the select that has a collating sequence.
+*/
+static CollSeq *multiSelectCollSeq(Parse *pParse, Select *p, int iCol){
+  CollSeq *pRet;
+  if( p->pPrior ){
+    pRet = multiSelectCollSeq(pParse, p->pPrior, iCol);
+  }else{
+    pRet = 0;
+  }
+  assert( iCol>=0 );
+  /* iCol must be less than p->pEList->nExpr.  Otherwise an error would
+  ** have been thrown during name resolution and we would not have gotten
+  ** this far */
+  if( pRet==0 && ALWAYS(iCol<p->pEList->nExpr) ){
+    pRet = sqlite3ExprCollSeq(pParse, p->pEList->a[iCol].pExpr);
+  }
+  return pRet;
+}
+
+/*
+** The select statement passed as the second parameter is a compound SELECT
+** with an ORDER BY clause. This function allocates and returns a KeyInfo
+** structure suitable for implementing the ORDER BY.
+**
+** Space to hold the KeyInfo structure is obtained from malloc. The calling
+** function is responsible for ensuring that this structure is eventually
+** freed.
+*/
+static KeyInfo *multiSelectOrderByKeyInfo(Parse *pParse, Select *p, int nExtra){
+  ExprList *pOrderBy = p->pOrderBy;
+  int nOrderBy = p->pOrderBy->nExpr;
+  sqlite3 *db = pParse->db;
+  KeyInfo *pRet = sqlite3KeyInfoAlloc(db, nOrderBy+nExtra, 1);
+  if( pRet ){
+    int i;
+    for(i=0; i<nOrderBy; i++){
+      struct ExprList_item *pItem = &pOrderBy->a[i];
+      Expr *pTerm = pItem->pExpr;
+      CollSeq *pColl;
+
+      if( pTerm->flags & EP_Collate ){
+        pColl = sqlite3ExprCollSeq(pParse, pTerm);
+      }else{
+        pColl = multiSelectCollSeq(pParse, p, pItem->u.x.iOrderByCol-1);
+        if( pColl==0 ) pColl = db->pDfltColl;
+        pOrderBy->a[i].pExpr =
+          sqlite3ExprAddCollateString(pParse, pTerm, pColl->zName);
+      }
+      assert( sqlite3KeyInfoIsWriteable(pRet) );
+      pRet->aColl[i] = pColl;
+      pRet->aSortOrder[i] = pOrderBy->a[i].sortOrder;
+    }
+  }
+
+  return pRet;
+}
+
+#ifndef SQLITE_OMIT_CTE
+/*
+** This routine generates VDBE code to compute the content of a WITH RECURSIVE
+** query of the form:
+**
+**   <recursive-table> AS (<setup-query> UNION [ALL] <recursive-query>)
+**                         \___________/             \_______________/
+**                           p->pPrior                      p
+**
+**
+** There is exactly one reference to the recursive-table in the FROM clause
+** of recursive-query, marked with the SrcList->a[].fg.isRecursive flag.
+**
+** The setup-query runs once to generate an initial set of rows that go
+** into a Queue table.  Rows are extracted from the Queue table one by
+** one.  Each row extracted from Queue is output to pDest.  Then the single
+** extracted row (now in the iCurrent table) becomes the content of the
+** recursive-table for a recursive-query run.  The output of the recursive-query
+** is added back into the Queue table.  Then another row is extracted from Queue
+** and the iteration continues until the Queue table is empty.
+**
+** If the compound query operator is UNION then no duplicate rows are ever
+** inserted into the Queue table.  The iDistinct table keeps a copy of all rows
+** that have ever been inserted into Queue and causes duplicates to be
+** discarded.  If the operator is UNION ALL, then duplicates are allowed.
+** 
+** If the query has an ORDER BY, then entries in the Queue table are kept in
+** ORDER BY order and the first entry is extracted for each cycle.  Without
+** an ORDER BY, the Queue table is just a FIFO.
+**
+** If a LIMIT clause is provided, then the iteration stops after LIMIT rows
+** have been output to pDest.  A LIMIT of zero means to output no rows and a
+** negative LIMIT means to output all rows.  If there is also an OFFSET clause
+** with a positive value, then the first OFFSET outputs are discarded rather
+** than being sent to pDest.  The LIMIT count does not begin until after OFFSET
+** rows have been skipped.
+*/
+static void generateWithRecursiveQuery(
+  Parse *pParse,        /* Parsing context */
+  Select *p,            /* The recursive SELECT to be coded */
+  SelectDest *pDest     /* What to do with query results */
+){
+  SrcList *pSrc = p->pSrc;      /* The FROM clause of the recursive query */
+  int nCol = p->pEList->nExpr;  /* Number of columns in the recursive table */
+  Vdbe *v = pParse->pVdbe;      /* The prepared statement under construction */
+  Select *pSetup = p->pPrior;   /* The setup query */
+  int addrTop;                  /* Top of the loop */
+  int addrCont, addrBreak;      /* CONTINUE and BREAK addresses */
+  int iCurrent = 0;             /* The Current table */
+  int regCurrent;               /* Register holding Current table */
+  int iQueue;                   /* The Queue table */
+  int iDistinct = 0;            /* To ensure unique results if UNION */
+  int eDest = SRT_Fifo;         /* How to write to Queue */
+  SelectDest destQueue;         /* SelectDest targetting the Queue table */
+  int i;                        /* Loop counter */
+  int rc;                       /* Result code */
+  ExprList *pOrderBy;           /* The ORDER BY clause */
+  Expr *pLimit, *pOffset;       /* Saved LIMIT and OFFSET */
+  int regLimit, regOffset;      /* Registers used by LIMIT and OFFSET */
+
+  /* Obtain authorization to do a recursive query */
+  if( sqlite3AuthCheck(pParse, SQLITE_RECURSIVE, 0, 0, 0) ) return;
+
+  /* Process the LIMIT and OFFSET clauses, if they exist */
+  addrBreak = sqlite3VdbeMakeLabel(v);
+  computeLimitRegisters(pParse, p, addrBreak);
+  pLimit = p->pLimit;
+  pOffset = p->pOffset;
+  regLimit = p->iLimit;
+  regOffset = p->iOffset;
+  p->pLimit = p->pOffset = 0;
+  p->iLimit = p->iOffset = 0;
+  pOrderBy = p->pOrderBy;
+
+  /* Locate the cursor number of the Current table */
+  for(i=0; ALWAYS(i<pSrc->nSrc); i++){
+    if( pSrc->a[i].fg.isRecursive ){
+      iCurrent = pSrc->a[i].iCursor;
+      break;
+    }
+  }
+
+  /* Allocate cursors numbers for Queue and Distinct.  The cursor number for
+  ** the Distinct table must be exactly one greater than Queue in order
+  ** for the SRT_DistFifo and SRT_DistQueue destinations to work. */
+  iQueue = pParse->nTab++;
+  if( p->op==TK_UNION ){
+    eDest = pOrderBy ? SRT_DistQueue : SRT_DistFifo;
+    iDistinct = pParse->nTab++;
+  }else{
+    eDest = pOrderBy ? SRT_Queue : SRT_Fifo;
+  }
+  sqlite3SelectDestInit(&destQueue, eDest, iQueue);
+
+  /* Allocate cursors for Current, Queue, and Distinct. */
+  regCurrent = ++pParse->nMem;
+  sqlite3VdbeAddOp3(v, OP_OpenPseudo, iCurrent, regCurrent, nCol);
+  if( pOrderBy ){
+    KeyInfo *pKeyInfo = multiSelectOrderByKeyInfo(pParse, p, 1);
+    sqlite3VdbeAddOp4(v, OP_OpenEphemeral, iQueue, pOrderBy->nExpr+2, 0,
+                      (char*)pKeyInfo, P4_KEYINFO);
+    destQueue.pOrderBy = pOrderBy;
+  }else{
+    sqlite3VdbeAddOp2(v, OP_OpenEphemeral, iQueue, nCol);
+  }
+  VdbeComment((v, "Queue table"));
+  if( iDistinct ){
+    p->addrOpenEphm[0] = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, iDistinct, 0);
+    p->selFlags |= SF_UsesEphemeral;
+  }
+
+  /* Detach the ORDER BY clause from the compound SELECT */
+  p->pOrderBy = 0;
+
+  /* Store the results of the setup-query in Queue. */
+  pSetup->pNext = 0;
+  rc = sqlite3Select(pParse, pSetup, &destQueue);
+  pSetup->pNext = p;
+  if( rc ) goto end_of_recursive_query;
+
+  /* Find the next row in the Queue and output that row */
+  addrTop = sqlite3VdbeAddOp2(v, OP_Rewind, iQueue, addrBreak); VdbeCoverage(v);
+
+  /* Transfer the next row in Queue over to Current */
+  sqlite3VdbeAddOp1(v, OP_NullRow, iCurrent); /* To reset column cache */
+  if( pOrderBy ){
+    sqlite3VdbeAddOp3(v, OP_Column, iQueue, pOrderBy->nExpr+1, regCurrent);
+  }else{
+    sqlite3VdbeAddOp2(v, OP_RowData, iQueue, regCurrent);
+  }
+  sqlite3VdbeAddOp1(v, OP_Delete, iQueue);
+
+  /* Output the single row in Current */
+  addrCont = sqlite3VdbeMakeLabel(v);
+  codeOffset(v, regOffset, addrCont);
+  selectInnerLoop(pParse, p, p->pEList, iCurrent,
+      0, 0, pDest, addrCont, addrBreak);
+  if( regLimit ){
+    sqlite3VdbeAddOp2(v, OP_DecrJumpZero, regLimit, addrBreak);
+    VdbeCoverage(v);
+  }
+  sqlite3VdbeResolveLabel(v, addrCont);
+
+  /* Execute the recursive SELECT taking the single row in Current as
+  ** the value for the recursive-table. Store the results in the Queue.
+  */
+  if( p->selFlags & SF_Aggregate ){
+    sqlite3ErrorMsg(pParse, "recursive aggregate queries not supported");
+  }else{
+    p->pPrior = 0;
+    sqlite3Select(pParse, p, &destQueue);
+    assert( p->pPrior==0 );
+    p->pPrior = pSetup;
+  }
+
+  /* Keep running the loop until the Queue is empty */
+  sqlite3VdbeGoto(v, addrTop);
+  sqlite3VdbeResolveLabel(v, addrBreak);
+
+end_of_recursive_query:
+  sqlite3ExprListDelete(pParse->db, p->pOrderBy);
+  p->pOrderBy = pOrderBy;
+  p->pLimit = pLimit;
+  p->pOffset = pOffset;
+  return;
+}
+#endif /* SQLITE_OMIT_CTE */
+
+/* Forward references */
+static int multiSelectOrderBy(
+  Parse *pParse,        /* Parsing context */
+  Select *p,            /* The right-most of SELECTs to be coded */
+  SelectDest *pDest     /* What to do with query results */
+);
+
+/*
+** Handle the special case of a compound-select that originates from a
+** VALUES clause.  By handling this as a special case, we avoid deep
+** recursion, and thus do not need to enforce the SQLITE_LIMIT_COMPOUND_SELECT
+** on a VALUES clause.
+**
+** Because the Select object originates from a VALUES clause:
+**   (1) It has no LIMIT or OFFSET
+**   (2) All terms are UNION ALL
+**   (3) There is no ORDER BY clause
+*/
+static int multiSelectValues(
+  Parse *pParse,        /* Parsing context */
+  Select *p,            /* The right-most of SELECTs to be coded */
+  SelectDest *pDest     /* What to do with query results */
+){
+  Select *pPrior;
+  int nRow = 1;
+  int rc = 0;
+  assert( p->selFlags & SF_MultiValue );
+  do{
+    assert( p->selFlags & SF_Values );
+    assert( p->op==TK_ALL || (p->op==TK_SELECT && p->pPrior==0) );
+    assert( p->pLimit==0 );
+    assert( p->pOffset==0 );
+    assert( p->pNext==0 || p->pEList->nExpr==p->pNext->pEList->nExpr );
+    if( p->pPrior==0 ) break;
+    assert( p->pPrior->pNext==p );
+    p = p->pPrior;
+    nRow++;
+  }while(1);
+  while( p ){
+    pPrior = p->pPrior;
+    p->pPrior = 0;
+    rc = sqlite3Select(pParse, p, pDest);
+    p->pPrior = pPrior;
+    if( rc ) break;
+    p->nSelectRow = nRow;
+    p = p->pNext;
+  }
+  return rc;
+}
+
+/*
+** This routine is called to process a compound query form from
+** two or more separate queries using UNION, UNION ALL, EXCEPT, or
+** INTERSECT
+**
+** "p" points to the right-most of the two queries.  the query on the
+** left is p->pPrior.  The left query could also be a compound query
+** in which case this routine will be called recursively. 
+**
+** The results of the total query are to be written into a destination
+** of type eDest with parameter iParm.
+**
+** Example 1:  Consider a three-way compound SQL statement.
+**
+**     SELECT a FROM t1 UNION SELECT b FROM t2 UNION SELECT c FROM t3
+**
+** This statement is parsed up as follows:
+**
+**     SELECT c FROM t3
+**      |
+**      `----->  SELECT b FROM t2
+**                |
+**                `------>  SELECT a FROM t1
+**
+** The arrows in the diagram above represent the Select.pPrior pointer.
+** So if this routine is called with p equal to the t3 query, then
+** pPrior will be the t2 query.  p->op will be TK_UNION in this case.
+**
+** Notice that because of the way SQLite parses compound SELECTs, the
+** individual selects always group from left to right.
+*/
+static int multiSelect(
+  Parse *pParse,        /* Parsing context */
+  Select *p,            /* The right-most of SELECTs to be coded */
+  SelectDest *pDest     /* What to do with query results */
+){
+  int rc = SQLITE_OK;   /* Success code from a subroutine */
+  Select *pPrior;       /* Another SELECT immediately to our left */
+  Vdbe *v;              /* Generate code to this VDBE */
+  SelectDest dest;      /* Alternative data destination */
+  Select *pDelete = 0;  /* Chain of simple selects to delete */
+  sqlite3 *db;          /* Database connection */
+#ifndef SQLITE_OMIT_EXPLAIN
+  int iSub1 = 0;        /* EQP id of left-hand query */
+  int iSub2 = 0;        /* EQP id of right-hand query */
+#endif
+
+  /* Make sure there is no ORDER BY or LIMIT clause on prior SELECTs.  Only
+  ** the last (right-most) SELECT in the series may have an ORDER BY or LIMIT.
+  */
+  assert( p && p->pPrior );  /* Calling function guarantees this much */
+  assert( (p->selFlags & SF_Recursive)==0 || p->op==TK_ALL || p->op==TK_UNION );
+  db = pParse->db;
+  pPrior = p->pPrior;
+  dest = *pDest;
+  if( pPrior->pOrderBy ){
+    sqlite3ErrorMsg(pParse,"ORDER BY clause should come after %s not before",
+      selectOpName(p->op));
+    rc = 1;
+    goto multi_select_end;
+  }
+  if( pPrior->pLimit ){
+    sqlite3ErrorMsg(pParse,"LIMIT clause should come after %s not before",
+      selectOpName(p->op));
+    rc = 1;
+    goto multi_select_end;
+  }
+
+  v = sqlite3GetVdbe(pParse);
+  assert( v!=0 );  /* The VDBE already created by calling function */
+
+  /* Create the destination temporary table if necessary
+  */
+  if( dest.eDest==SRT_EphemTab ){
+    assert( p->pEList );
+    sqlite3VdbeAddOp2(v, OP_OpenEphemeral, dest.iSDParm, p->pEList->nExpr);
+    sqlite3VdbeChangeP5(v, BTREE_UNORDERED);
+    dest.eDest = SRT_Table;
+  }
+
+  /* Special handling for a compound-select that originates as a VALUES clause.
+  */
+  if( p->selFlags & SF_MultiValue ){
+    rc = multiSelectValues(pParse, p, &dest);
+    goto multi_select_end;
+  }
+
+  /* Make sure all SELECTs in the statement have the same number of elements
+  ** in their result sets.
+  */
+  assert( p->pEList && pPrior->pEList );
+  assert( p->pEList->nExpr==pPrior->pEList->nExpr );
+
+#ifndef SQLITE_OMIT_CTE
+  if( p->selFlags & SF_Recursive ){
+    generateWithRecursiveQuery(pParse, p, &dest);
+  }else
+#endif
+
+  /* Compound SELECTs that have an ORDER BY clause are handled separately.
+  */
+  if( p->pOrderBy ){
+    return multiSelectOrderBy(pParse, p, pDest);
+  }else
+
+  /* Generate code for the left and right SELECT statements.
+  */
+  switch( p->op ){
+    case TK_ALL: {
+      int addr = 0;
+      int nLimit;
+      assert( !pPrior->pLimit );
+      pPrior->iLimit = p->iLimit;
+      pPrior->iOffset = p->iOffset;
+      pPrior->pLimit = p->pLimit;
+      pPrior->pOffset = p->pOffset;
+      explainSetInteger(iSub1, pParse->iNextSelectId);
+      rc = sqlite3Select(pParse, pPrior, &dest);
+      p->pLimit = 0;
+      p->pOffset = 0;
+      if( rc ){
+        goto multi_select_end;
+      }
+      p->pPrior = 0;
+      p->iLimit = pPrior->iLimit;
+      p->iOffset = pPrior->iOffset;
+      if( p->iLimit ){
+        addr = sqlite3VdbeAddOp1(v, OP_IfNot, p->iLimit); VdbeCoverage(v);
+        VdbeComment((v, "Jump ahead if LIMIT reached"));
+        if( p->iOffset ){
+          sqlite3VdbeAddOp3(v, OP_SetIfNotPos, p->iOffset, p->iOffset, 0);
+          sqlite3VdbeAddOp3(v, OP_Add, p->iLimit, p->iOffset, p->iOffset+1);
+          sqlite3VdbeAddOp3(v, OP_SetIfNotPos, p->iLimit, p->iOffset+1, -1);
+        }
+      }
+      explainSetInteger(iSub2, pParse->iNextSelectId);
+      rc = sqlite3Select(pParse, p, &dest);
+      testcase( rc!=SQLITE_OK );
+      pDelete = p->pPrior;
+      p->pPrior = pPrior;
+      p->nSelectRow += pPrior->nSelectRow;
+      if( pPrior->pLimit
+       && sqlite3ExprIsInteger(pPrior->pLimit, &nLimit)
+       && nLimit>0 && p->nSelectRow > (u64)nLimit 
+      ){
+        p->nSelectRow = nLimit;
+      }
+      if( addr ){
+        sqlite3VdbeJumpHere(v, addr);
+      }
+      break;
+    }
+    case TK_EXCEPT:
+    case TK_UNION: {
+      int unionTab;    /* Cursor number of the temporary table holding result */
+      u8 op = 0;       /* One of the SRT_ operations to apply to self */
+      int priorOp;     /* The SRT_ operation to apply to prior selects */
+      Expr *pLimit, *pOffset; /* Saved values of p->nLimit and p->nOffset */
+      int addr;
+      SelectDest uniondest;
+
+      testcase( p->op==TK_EXCEPT );
+      testcase( p->op==TK_UNION );
+      priorOp = SRT_Union;
+      if( dest.eDest==priorOp ){
+        /* We can reuse a temporary table generated by a SELECT to our
+        ** right.
+        */
+        assert( p->pLimit==0 );      /* Not allowed on leftward elements */
+        assert( p->pOffset==0 );     /* Not allowed on leftward elements */
+        unionTab = dest.iSDParm;
+      }else{
+        /* We will need to create our own temporary table to hold the
+        ** intermediate results.
+        */
+        unionTab = pParse->nTab++;
+        assert( p->pOrderBy==0 );
+        addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, unionTab, 0);
+        assert( p->addrOpenEphm[0] == -1 );
+        p->addrOpenEphm[0] = addr;
+        findRightmost(p)->selFlags |= SF_UsesEphemeral;
+        assert( p->pEList );
+      }
+
+      /* Code the SELECT statements to our left
+      */
+      assert( !pPrior->pOrderBy );
+      sqlite3SelectDestInit(&uniondest, priorOp, unionTab);
+      explainSetInteger(iSub1, pParse->iNextSelectId);
+      rc = sqlite3Select(pParse, pPrior, &uniondest);
+      if( rc ){
+        goto multi_select_end;
+      }
+
+      /* Code the current SELECT statement
+      */
+      if( p->op==TK_EXCEPT ){
+        op = SRT_Except;
+      }else{
+        assert( p->op==TK_UNION );
+        op = SRT_Union;
+      }
+      p->pPrior = 0;
+      pLimit = p->pLimit;
+      p->pLimit = 0;
+      pOffset = p->pOffset;
+      p->pOffset = 0;
+      uniondest.eDest = op;
+      explainSetInteger(iSub2, pParse->iNextSelectId);
+      rc = sqlite3Select(pParse, p, &uniondest);
+      testcase( rc!=SQLITE_OK );
+      /* Query flattening in sqlite3Select() might refill p->pOrderBy.
+      ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */
+      sqlite3ExprListDelete(db, p->pOrderBy);
+      pDelete = p->pPrior;
+      p->pPrior = pPrior;
+      p->pOrderBy = 0;
+      if( p->op==TK_UNION ) p->nSelectRow += pPrior->nSelectRow;
+      sqlite3ExprDelete(db, p->pLimit);
+      p->pLimit = pLimit;
+      p->pOffset = pOffset;
+      p->iLimit = 0;
+      p->iOffset = 0;
+
+      /* Convert the data in the temporary table into whatever form
+      ** it is that we currently need.
+      */
+      assert( unionTab==dest.iSDParm || dest.eDest!=priorOp );
+      if( dest.eDest!=priorOp ){
+        int iCont, iBreak, iStart;
+        assert( p->pEList );
+        if( dest.eDest==SRT_Output ){
+          Select *pFirst = p;
+          while( pFirst->pPrior ) pFirst = pFirst->pPrior;
+          generateColumnNames(pParse, pFirst->pSrc, pFirst->pEList);
+        }
+        iBreak = sqlite3VdbeMakeLabel(v);
+        iCont = sqlite3VdbeMakeLabel(v);
+        computeLimitRegisters(pParse, p, iBreak);
+        sqlite3VdbeAddOp2(v, OP_Rewind, unionTab, iBreak); VdbeCoverage(v);
+        iStart = sqlite3VdbeCurrentAddr(v);
+        selectInnerLoop(pParse, p, p->pEList, unionTab,
+                        0, 0, &dest, iCont, iBreak);
+        sqlite3VdbeResolveLabel(v, iCont);
+        sqlite3VdbeAddOp2(v, OP_Next, unionTab, iStart); VdbeCoverage(v);
+        sqlite3VdbeResolveLabel(v, iBreak);
+        sqlite3VdbeAddOp2(v, OP_Close, unionTab, 0);
+      }
+      break;
+    }
+    default: assert( p->op==TK_INTERSECT ); {
+      int tab1, tab2;
+      int iCont, iBreak, iStart;
+      Expr *pLimit, *pOffset;
+      int addr;
+      SelectDest intersectdest;
+      int r1;
+
+      /* INTERSECT is different from the others since it requires
+      ** two temporary tables.  Hence it has its own case.  Begin
+      ** by allocating the tables we will need.
+      */
+      tab1 = pParse->nTab++;
+      tab2 = pParse->nTab++;
+      assert( p->pOrderBy==0 );
+
+      addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, tab1, 0);
+      assert( p->addrOpenEphm[0] == -1 );
+      p->addrOpenEphm[0] = addr;
+      findRightmost(p)->selFlags |= SF_UsesEphemeral;
+      assert( p->pEList );
+
+      /* Code the SELECTs to our left into temporary table "tab1".
+      */
+      sqlite3SelectDestInit(&intersectdest, SRT_Union, tab1);
+      explainSetInteger(iSub1, pParse->iNextSelectId);
+      rc = sqlite3Select(pParse, pPrior, &intersectdest);
+      if( rc ){
+        goto multi_select_end;
+      }
+
+      /* Code the current SELECT into temporary table "tab2"
+      */
+      addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, tab2, 0);
+      assert( p->addrOpenEphm[1] == -1 );
+      p->addrOpenEphm[1] = addr;
+      p->pPrior = 0;
+      pLimit = p->pLimit;
+      p->pLimit = 0;
+      pOffset = p->pOffset;
+      p->pOffset = 0;
+      intersectdest.iSDParm = tab2;
+      explainSetInteger(iSub2, pParse->iNextSelectId);
+      rc = sqlite3Select(pParse, p, &intersectdest);
+      testcase( rc!=SQLITE_OK );
+      pDelete = p->pPrior;
+      p->pPrior = pPrior;
+      if( p->nSelectRow>pPrior->nSelectRow ) p->nSelectRow = pPrior->nSelectRow;
+      sqlite3ExprDelete(db, p->pLimit);
+      p->pLimit = pLimit;
+      p->pOffset = pOffset;
+
+      /* Generate code to take the intersection of the two temporary
+      ** tables.
+      */
+      assert( p->pEList );
+      if( dest.eDest==SRT_Output ){
+        Select *pFirst = p;
+        while( pFirst->pPrior ) pFirst = pFirst->pPrior;
+        generateColumnNames(pParse, pFirst->pSrc, pFirst->pEList);
+      }
+      iBreak = sqlite3VdbeMakeLabel(v);
+      iCont = sqlite3VdbeMakeLabel(v);
+      computeLimitRegisters(pParse, p, iBreak);
+      sqlite3VdbeAddOp2(v, OP_Rewind, tab1, iBreak); VdbeCoverage(v);
+      r1 = sqlite3GetTempReg(pParse);
+      iStart = sqlite3VdbeAddOp2(v, OP_RowKey, tab1, r1);
+      sqlite3VdbeAddOp4Int(v, OP_NotFound, tab2, iCont, r1, 0); VdbeCoverage(v);
+      sqlite3ReleaseTempReg(pParse, r1);
+      selectInnerLoop(pParse, p, p->pEList, tab1,
+                      0, 0, &dest, iCont, iBreak);
+      sqlite3VdbeResolveLabel(v, iCont);
+      sqlite3VdbeAddOp2(v, OP_Next, tab1, iStart); VdbeCoverage(v);
+      sqlite3VdbeResolveLabel(v, iBreak);
+      sqlite3VdbeAddOp2(v, OP_Close, tab2, 0);
+      sqlite3VdbeAddOp2(v, OP_Close, tab1, 0);
+      break;
+    }
+  }
+
+  explainComposite(pParse, p->op, iSub1, iSub2, p->op!=TK_ALL);
+
+  /* Compute collating sequences used by 
+  ** temporary tables needed to implement the compound select.
+  ** Attach the KeyInfo structure to all temporary tables.
+  **
+  ** This section is run by the right-most SELECT statement only.
+  ** SELECT statements to the left always skip this part.  The right-most
+  ** SELECT might also skip this part if it has no ORDER BY clause and
+  ** no temp tables are required.
+  */
+  if( p->selFlags & SF_UsesEphemeral ){
+    int i;                        /* Loop counter */
+    KeyInfo *pKeyInfo;            /* Collating sequence for the result set */
+    Select *pLoop;                /* For looping through SELECT statements */
+    CollSeq **apColl;             /* For looping through pKeyInfo->aColl[] */
+    int nCol;                     /* Number of columns in result set */
+
+    assert( p->pNext==0 );
+    nCol = p->pEList->nExpr;
+    pKeyInfo = sqlite3KeyInfoAlloc(db, nCol, 1);
+    if( !pKeyInfo ){
+      rc = SQLITE_NOMEM;
+      goto multi_select_end;
+    }
+    for(i=0, apColl=pKeyInfo->aColl; i<nCol; i++, apColl++){
+      *apColl = multiSelectCollSeq(pParse, p, i);
+      if( 0==*apColl ){
+        *apColl = db->pDfltColl;
+      }
+    }
+
+    for(pLoop=p; pLoop; pLoop=pLoop->pPrior){
+      for(i=0; i<2; i++){
+        int addr = pLoop->addrOpenEphm[i];
+        if( addr<0 ){
+          /* If [0] is unused then [1] is also unused.  So we can
+          ** always safely abort as soon as the first unused slot is found */
+          assert( pLoop->addrOpenEphm[1]<0 );
+          break;
+        }
+        sqlite3VdbeChangeP2(v, addr, nCol);
+        sqlite3VdbeChangeP4(v, addr, (char*)sqlite3KeyInfoRef(pKeyInfo),
+                            P4_KEYINFO);
+        pLoop->addrOpenEphm[i] = -1;
+      }
+    }
+    sqlite3KeyInfoUnref(pKeyInfo);
+  }
+
+multi_select_end:
+  pDest->iSdst = dest.iSdst;
+  pDest->nSdst = dest.nSdst;
+  sqlite3SelectDelete(db, pDelete);
+  return rc;
+}
+#endif /* SQLITE_OMIT_COMPOUND_SELECT */
+
+/*
+** Error message for when two or more terms of a compound select have different
+** size result sets.
+*/
+SQLITE_PRIVATE void sqlite3SelectWrongNumTermsError(Parse *pParse, Select *p){
+  if( p->selFlags & SF_Values ){
+    sqlite3ErrorMsg(pParse, "all VALUES must have the same number of terms");
+  }else{
+    sqlite3ErrorMsg(pParse, "SELECTs to the left and right of %s"
+      " do not have the same number of result columns", selectOpName(p->op));
+  }
+}
+
+/*
+** Code an output subroutine for a coroutine implementation of a
+** SELECT statment.
+**
+** The data to be output is contained in pIn->iSdst.  There are
+** pIn->nSdst columns to be output.  pDest is where the output should
+** be sent.
+**
+** regReturn is the number of the register holding the subroutine
+** return address.
+**
+** If regPrev>0 then it is the first register in a vector that
+** records the previous output.  mem[regPrev] is a flag that is false
+** if there has been no previous output.  If regPrev>0 then code is
+** generated to suppress duplicates.  pKeyInfo is used for comparing
+** keys.
+**
+** If the LIMIT found in p->iLimit is reached, jump immediately to
+** iBreak.
+*/
+static int generateOutputSubroutine(
+  Parse *pParse,          /* Parsing context */
+  Select *p,              /* The SELECT statement */
+  SelectDest *pIn,        /* Coroutine supplying data */
+  SelectDest *pDest,      /* Where to send the data */
+  int regReturn,          /* The return address register */
+  int regPrev,            /* Previous result register.  No uniqueness if 0 */
+  KeyInfo *pKeyInfo,      /* For comparing with previous entry */
+  int iBreak              /* Jump here if we hit the LIMIT */
+){
+  Vdbe *v = pParse->pVdbe;
+  int iContinue;
+  int addr;
+
+  addr = sqlite3VdbeCurrentAddr(v);
+  iContinue = sqlite3VdbeMakeLabel(v);
+
+  /* Suppress duplicates for UNION, EXCEPT, and INTERSECT 
+  */
+  if( regPrev ){
+    int addr1, addr2;
+    addr1 = sqlite3VdbeAddOp1(v, OP_IfNot, regPrev); VdbeCoverage(v);
+    addr2 = sqlite3VdbeAddOp4(v, OP_Compare, pIn->iSdst, regPrev+1, pIn->nSdst,
+                              (char*)sqlite3KeyInfoRef(pKeyInfo), P4_KEYINFO);
+    sqlite3VdbeAddOp3(v, OP_Jump, addr2+2, iContinue, addr2+2); VdbeCoverage(v);
+    sqlite3VdbeJumpHere(v, addr1);
+    sqlite3VdbeAddOp3(v, OP_Copy, pIn->iSdst, regPrev+1, pIn->nSdst-1);
+    sqlite3VdbeAddOp2(v, OP_Integer, 1, regPrev);
+  }
+  if( pParse->db->mallocFailed ) return 0;
+
+  /* Suppress the first OFFSET entries if there is an OFFSET clause
+  */
+  codeOffset(v, p->iOffset, iContinue);
+
+  assert( pDest->eDest!=SRT_Exists );
+  assert( pDest->eDest!=SRT_Table );
+  switch( pDest->eDest ){
+    /* Store the result as data using a unique key.
+    */
+    case SRT_EphemTab: {
+      int r1 = sqlite3GetTempReg(pParse);
+      int r2 = sqlite3GetTempReg(pParse);
+      sqlite3VdbeAddOp3(v, OP_MakeRecord, pIn->iSdst, pIn->nSdst, r1);
+      sqlite3VdbeAddOp2(v, OP_NewRowid, pDest->iSDParm, r2);
+      sqlite3VdbeAddOp3(v, OP_Insert, pDest->iSDParm, r1, r2);
+      sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
+      sqlite3ReleaseTempReg(pParse, r2);
+      sqlite3ReleaseTempReg(pParse, r1);
+      break;
+    }
+
+#ifndef SQLITE_OMIT_SUBQUERY
+    /* If we are creating a set for an "expr IN (SELECT ...)" construct,
+    ** then there should be a single item on the stack.  Write this
+    ** item into the set table with bogus data.
+    */
+    case SRT_Set: {
+      int r1;
+      assert( pIn->nSdst==1 || pParse->nErr>0 );
+      pDest->affSdst = 
+         sqlite3CompareAffinity(p->pEList->a[0].pExpr, pDest->affSdst);
+      r1 = sqlite3GetTempReg(pParse);
+      sqlite3VdbeAddOp4(v, OP_MakeRecord, pIn->iSdst, 1, r1, &pDest->affSdst,1);
+      sqlite3ExprCacheAffinityChange(pParse, pIn->iSdst, 1);
+      sqlite3VdbeAddOp2(v, OP_IdxInsert, pDest->iSDParm, r1);
+      sqlite3ReleaseTempReg(pParse, r1);
+      break;
+    }
+
+    /* If this is a scalar select that is part of an expression, then
+    ** store the results in the appropriate memory cell and break out
+    ** of the scan loop.
+    */
+    case SRT_Mem: {
+      assert( pIn->nSdst==1 || pParse->nErr>0 );  testcase( pIn->nSdst!=1 );
+      sqlite3ExprCodeMove(pParse, pIn->iSdst, pDest->iSDParm, 1);
+      /* The LIMIT clause will jump out of the loop for us */
+      break;
+    }
+#endif /* #ifndef SQLITE_OMIT_SUBQUERY */
+
+    /* The results are stored in a sequence of registers
+    ** starting at pDest->iSdst.  Then the co-routine yields.
+    */
+    case SRT_Coroutine: {
+      if( pDest->iSdst==0 ){
+        pDest->iSdst = sqlite3GetTempRange(pParse, pIn->nSdst);
+        pDest->nSdst = pIn->nSdst;
+      }
+      sqlite3ExprCodeMove(pParse, pIn->iSdst, pDest->iSdst, pIn->nSdst);
+      sqlite3VdbeAddOp1(v, OP_Yield, pDest->iSDParm);
+      break;
+    }
+
+    /* If none of the above, then the result destination must be
+    ** SRT_Output.  This routine is never called with any other
+    ** destination other than the ones handled above or SRT_Output.
+    **
+    ** For SRT_Output, results are stored in a sequence of registers.  
+    ** Then the OP_ResultRow opcode is used to cause sqlite3_step() to
+    ** return the next row of result.
+    */
+    default: {
+      assert( pDest->eDest==SRT_Output );
+      sqlite3VdbeAddOp2(v, OP_ResultRow, pIn->iSdst, pIn->nSdst);
+      sqlite3ExprCacheAffinityChange(pParse, pIn->iSdst, pIn->nSdst);
+      break;
+    }
+  }
+
+  /* Jump to the end of the loop if the LIMIT is reached.
+  */
+  if( p->iLimit ){
+    sqlite3VdbeAddOp2(v, OP_DecrJumpZero, p->iLimit, iBreak); VdbeCoverage(v);
+  }
+
+  /* Generate the subroutine return
+  */
+  sqlite3VdbeResolveLabel(v, iContinue);
+  sqlite3VdbeAddOp1(v, OP_Return, regReturn);
+
+  return addr;
+}
+
+/*
+** Alternative compound select code generator for cases when there
+** is an ORDER BY clause.
+**
+** We assume a query of the following form:
+**
+**      <selectA>  <operator>  <selectB>  ORDER BY <orderbylist>
+**
+** <operator> is one of UNION ALL, UNION, EXCEPT, or INTERSECT.  The idea
+** is to code both <selectA> and <selectB> with the ORDER BY clause as
+** co-routines.  Then run the co-routines in parallel and merge the results
+** into the output.  In addition to the two coroutines (called selectA and
+** selectB) there are 7 subroutines:
+**
+**    outA:    Move the output of the selectA coroutine into the output
+**             of the compound query.
+**
+**    outB:    Move the output of the selectB coroutine into the output
+**             of the compound query.  (Only generated for UNION and
+**             UNION ALL.  EXCEPT and INSERTSECT never output a row that
+**             appears only in B.)
+**
+**    AltB:    Called when there is data from both coroutines and A<B.
+**
+**    AeqB:    Called when there is data from both coroutines and A==B.
+**
+**    AgtB:    Called when there is data from both coroutines and A>B.
+**
+**    EofA:    Called when data is exhausted from selectA.
+**
+**    EofB:    Called when data is exhausted from selectB.
+**
+** The implementation of the latter five subroutines depend on which 
+** <operator> is used:
+**
+**
+**             UNION ALL         UNION            EXCEPT          INTERSECT
+**          -------------  -----------------  --------------  -----------------
+**   AltB:   outA, nextA      outA, nextA       outA, nextA         nextA
+**
+**   AeqB:   outA, nextA         nextA             nextA         outA, nextA
+**
+**   AgtB:   outB, nextB      outB, nextB          nextB            nextB
+**
+**   EofA:   outB, nextB      outB, nextB          halt             halt
+**
+**   EofB:   outA, nextA      outA, nextA       outA, nextA         halt
+**
+** In the AltB, AeqB, and AgtB subroutines, an EOF on A following nextA
+** causes an immediate jump to EofA and an EOF on B following nextB causes
+** an immediate jump to EofB.  Within EofA and EofB, and EOF on entry or
+** following nextX causes a jump to the end of the select processing.
+**
+** Duplicate removal in the UNION, EXCEPT, and INTERSECT cases is handled
+** within the output subroutine.  The regPrev register set holds the previously
+** output value.  A comparison is made against this value and the output
+** is skipped if the next results would be the same as the previous.
+**
+** The implementation plan is to implement the two coroutines and seven
+** subroutines first, then put the control logic at the bottom.  Like this:
+**
+**          goto Init
+**     coA: coroutine for left query (A)
+**     coB: coroutine for right query (B)
+**    outA: output one row of A
+**    outB: output one row of B (UNION and UNION ALL only)
+**    EofA: ...
+**    EofB: ...
+**    AltB: ...
+**    AeqB: ...
+**    AgtB: ...
+**    Init: initialize coroutine registers
+**          yield coA
+**          if eof(A) goto EofA
+**          yield coB
+**          if eof(B) goto EofB
+**    Cmpr: Compare A, B
+**          Jump AltB, AeqB, AgtB
+**     End: ...
+**
+** We call AltB, AeqB, AgtB, EofA, and EofB "subroutines" but they are not
+** actually called using Gosub and they do not Return.  EofA and EofB loop
+** until all data is exhausted then jump to the "end" labe.  AltB, AeqB,
+** and AgtB jump to either L2 or to one of EofA or EofB.
+*/
+#ifndef SQLITE_OMIT_COMPOUND_SELECT
+static int multiSelectOrderBy(
+  Parse *pParse,        /* Parsing context */
+  Select *p,            /* The right-most of SELECTs to be coded */
+  SelectDest *pDest     /* What to do with query results */
+){
+  int i, j;             /* Loop counters */
+  Select *pPrior;       /* Another SELECT immediately to our left */
+  Vdbe *v;              /* Generate code to this VDBE */
+  SelectDest destA;     /* Destination for coroutine A */
+  SelectDest destB;     /* Destination for coroutine B */
+  int regAddrA;         /* Address register for select-A coroutine */
+  int regAddrB;         /* Address register for select-B coroutine */
+  int addrSelectA;      /* Address of the select-A coroutine */
+  int addrSelectB;      /* Address of the select-B coroutine */
+  int regOutA;          /* Address register for the output-A subroutine */
+  int regOutB;          /* Address register for the output-B subroutine */
+  int addrOutA;         /* Address of the output-A subroutine */
+  int addrOutB = 0;     /* Address of the output-B subroutine */
+  int addrEofA;         /* Address of the select-A-exhausted subroutine */
+  int addrEofA_noB;     /* Alternate addrEofA if B is uninitialized */
+  int addrEofB;         /* Address of the select-B-exhausted subroutine */
+  int addrAltB;         /* Address of the A<B subroutine */
+  int addrAeqB;         /* Address of the A==B subroutine */
+  int addrAgtB;         /* Address of the A>B subroutine */
+  int regLimitA;        /* Limit register for select-A */
+  int regLimitB;        /* Limit register for select-A */
+  int regPrev;          /* A range of registers to hold previous output */
+  int savedLimit;       /* Saved value of p->iLimit */
+  int savedOffset;      /* Saved value of p->iOffset */
+  int labelCmpr;        /* Label for the start of the merge algorithm */
+  int labelEnd;         /* Label for the end of the overall SELECT stmt */
+  int addr1;            /* Jump instructions that get retargetted */
+  int op;               /* One of TK_ALL, TK_UNION, TK_EXCEPT, TK_INTERSECT */
+  KeyInfo *pKeyDup = 0; /* Comparison information for duplicate removal */
+  KeyInfo *pKeyMerge;   /* Comparison information for merging rows */
+  sqlite3 *db;          /* Database connection */
+  ExprList *pOrderBy;   /* The ORDER BY clause */
+  int nOrderBy;         /* Number of terms in the ORDER BY clause */
+  int *aPermute;        /* Mapping from ORDER BY terms to result set columns */
+#ifndef SQLITE_OMIT_EXPLAIN
+  int iSub1;            /* EQP id of left-hand query */
+  int iSub2;            /* EQP id of right-hand query */
+#endif
+
+  assert( p->pOrderBy!=0 );
+  assert( pKeyDup==0 ); /* "Managed" code needs this.  Ticket #3382. */
+  db = pParse->db;
+  v = pParse->pVdbe;
+  assert( v!=0 );       /* Already thrown the error if VDBE alloc failed */
+  labelEnd = sqlite3VdbeMakeLabel(v);
+  labelCmpr = sqlite3VdbeMakeLabel(v);
+
+
+  /* Patch up the ORDER BY clause
+  */
+  op = p->op;  
+  pPrior = p->pPrior;
+  assert( pPrior->pOrderBy==0 );
+  pOrderBy = p->pOrderBy;
+  assert( pOrderBy );
+  nOrderBy = pOrderBy->nExpr;
+
+  /* For operators other than UNION ALL we have to make sure that
+  ** the ORDER BY clause covers every term of the result set.  Add
+  ** terms to the ORDER BY clause as necessary.
+  */
+  if( op!=TK_ALL ){
+    for(i=1; db->mallocFailed==0 && i<=p->pEList->nExpr; i++){
+      struct ExprList_item *pItem;
+      for(j=0, pItem=pOrderBy->a; j<nOrderBy; j++, pItem++){
+        assert( pItem->u.x.iOrderByCol>0 );
+        if( pItem->u.x.iOrderByCol==i ) break;
+      }
+      if( j==nOrderBy ){
+        Expr *pNew = sqlite3Expr(db, TK_INTEGER, 0);
+        if( pNew==0 ) return SQLITE_NOMEM;
+        pNew->flags |= EP_IntValue;
+        pNew->u.iValue = i;
+        pOrderBy = sqlite3ExprListAppend(pParse, pOrderBy, pNew);
+        if( pOrderBy ) pOrderBy->a[nOrderBy++].u.x.iOrderByCol = (u16)i;
+      }
+    }
+  }
+
+  /* Compute the comparison permutation and keyinfo that is used with
+  ** the permutation used to determine if the next
+  ** row of results comes from selectA or selectB.  Also add explicit
+  ** collations to the ORDER BY clause terms so that when the subqueries
+  ** to the right and the left are evaluated, they use the correct
+  ** collation.
+  */
+  aPermute = sqlite3DbMallocRaw(db, sizeof(int)*nOrderBy);
+  if( aPermute ){
+    struct ExprList_item *pItem;
+    for(i=0, pItem=pOrderBy->a; i<nOrderBy; i++, pItem++){
+      assert( pItem->u.x.iOrderByCol>0 );
+      assert( pItem->u.x.iOrderByCol<=p->pEList->nExpr );
+      aPermute[i] = pItem->u.x.iOrderByCol - 1;
+    }
+    pKeyMerge = multiSelectOrderByKeyInfo(pParse, p, 1);
+  }else{
+    pKeyMerge = 0;
+  }
+
+  /* Reattach the ORDER BY clause to the query.
+  */
+  p->pOrderBy = pOrderBy;
+  pPrior->pOrderBy = sqlite3ExprListDup(pParse->db, pOrderBy, 0);
+
+  /* Allocate a range of temporary registers and the KeyInfo needed
+  ** for the logic that removes duplicate result rows when the
+  ** operator is UNION, EXCEPT, or INTERSECT (but not UNION ALL).
+  */
+  if( op==TK_ALL ){
+    regPrev = 0;
+  }else{
+    int nExpr = p->pEList->nExpr;
+    assert( nOrderBy>=nExpr || db->mallocFailed );
+    regPrev = pParse->nMem+1;
+    pParse->nMem += nExpr+1;
+    sqlite3VdbeAddOp2(v, OP_Integer, 0, regPrev);
+    pKeyDup = sqlite3KeyInfoAlloc(db, nExpr, 1);
+    if( pKeyDup ){
+      assert( sqlite3KeyInfoIsWriteable(pKeyDup) );
+      for(i=0; i<nExpr; i++){
+        pKeyDup->aColl[i] = multiSelectCollSeq(pParse, p, i);
+        pKeyDup->aSortOrder[i] = 0;
+      }
+    }
+  }
+ 
+  /* Separate the left and the right query from one another
+  */
+  p->pPrior = 0;
+  pPrior->pNext = 0;
+  sqlite3ResolveOrderGroupBy(pParse, p, p->pOrderBy, "ORDER");
+  if( pPrior->pPrior==0 ){
+    sqlite3ResolveOrderGroupBy(pParse, pPrior, pPrior->pOrderBy, "ORDER");
+  }
+
+  /* Compute the limit registers */
+  computeLimitRegisters(pParse, p, labelEnd);
+  if( p->iLimit && op==TK_ALL ){
+    regLimitA = ++pParse->nMem;
+    regLimitB = ++pParse->nMem;
+    sqlite3VdbeAddOp2(v, OP_Copy, p->iOffset ? p->iOffset+1 : p->iLimit,
+                                  regLimitA);
+    sqlite3VdbeAddOp2(v, OP_Copy, regLimitA, regLimitB);
+  }else{
+    regLimitA = regLimitB = 0;
+  }
+  sqlite3ExprDelete(db, p->pLimit);
+  p->pLimit = 0;
+  sqlite3ExprDelete(db, p->pOffset);
+  p->pOffset = 0;
+
+  regAddrA = ++pParse->nMem;
+  regAddrB = ++pParse->nMem;
+  regOutA = ++pParse->nMem;
+  regOutB = ++pParse->nMem;
+  sqlite3SelectDestInit(&destA, SRT_Coroutine, regAddrA);
+  sqlite3SelectDestInit(&destB, SRT_Coroutine, regAddrB);
+
+  /* Generate a coroutine to evaluate the SELECT statement to the
+  ** left of the compound operator - the "A" select.
+  */
+  addrSelectA = sqlite3VdbeCurrentAddr(v) + 1;
+  addr1 = sqlite3VdbeAddOp3(v, OP_InitCoroutine, regAddrA, 0, addrSelectA);
+  VdbeComment((v, "left SELECT"));
+  pPrior->iLimit = regLimitA;
+  explainSetInteger(iSub1, pParse->iNextSelectId);
+  sqlite3Select(pParse, pPrior, &destA);
+  sqlite3VdbeAddOp1(v, OP_EndCoroutine, regAddrA);
+  sqlite3VdbeJumpHere(v, addr1);
+
+  /* Generate a coroutine to evaluate the SELECT statement on 
+  ** the right - the "B" select
+  */
+  addrSelectB = sqlite3VdbeCurrentAddr(v) + 1;
+  addr1 = sqlite3VdbeAddOp3(v, OP_InitCoroutine, regAddrB, 0, addrSelectB);
+  VdbeComment((v, "right SELECT"));
+  savedLimit = p->iLimit;
+  savedOffset = p->iOffset;
+  p->iLimit = regLimitB;
+  p->iOffset = 0;  
+  explainSetInteger(iSub2, pParse->iNextSelectId);
+  sqlite3Select(pParse, p, &destB);
+  p->iLimit = savedLimit;
+  p->iOffset = savedOffset;
+  sqlite3VdbeAddOp1(v, OP_EndCoroutine, regAddrB);
+
+  /* Generate a subroutine that outputs the current row of the A
+  ** select as the next output row of the compound select.
+  */
+  VdbeNoopComment((v, "Output routine for A"));
+  addrOutA = generateOutputSubroutine(pParse,
+                 p, &destA, pDest, regOutA,
+                 regPrev, pKeyDup, labelEnd);
+  
+  /* Generate a subroutine that outputs the current row of the B
+  ** select as the next output row of the compound select.
+  */
+  if( op==TK_ALL || op==TK_UNION ){
+    VdbeNoopComment((v, "Output routine for B"));
+    addrOutB = generateOutputSubroutine(pParse,
+                 p, &destB, pDest, regOutB,
+                 regPrev, pKeyDup, labelEnd);
+  }
+  sqlite3KeyInfoUnref(pKeyDup);
+
+  /* Generate a subroutine to run when the results from select A
+  ** are exhausted and only data in select B remains.
+  */
+  if( op==TK_EXCEPT || op==TK_INTERSECT ){
+    addrEofA_noB = addrEofA = labelEnd;
+  }else{  
+    VdbeNoopComment((v, "eof-A subroutine"));
+    addrEofA = sqlite3VdbeAddOp2(v, OP_Gosub, regOutB, addrOutB);
+    addrEofA_noB = sqlite3VdbeAddOp2(v, OP_Yield, regAddrB, labelEnd);
+                                     VdbeCoverage(v);
+    sqlite3VdbeGoto(v, addrEofA);
+    p->nSelectRow += pPrior->nSelectRow;
+  }
+
+  /* Generate a subroutine to run when the results from select B
+  ** are exhausted and only data in select A remains.
+  */
+  if( op==TK_INTERSECT ){
+    addrEofB = addrEofA;
+    if( p->nSelectRow > pPrior->nSelectRow ) p->nSelectRow = pPrior->nSelectRow;
+  }else{  
+    VdbeNoopComment((v, "eof-B subroutine"));
+    addrEofB = sqlite3VdbeAddOp2(v, OP_Gosub, regOutA, addrOutA);
+    sqlite3VdbeAddOp2(v, OP_Yield, regAddrA, labelEnd); VdbeCoverage(v);
+    sqlite3VdbeGoto(v, addrEofB);
+  }
+
+  /* Generate code to handle the case of A<B
+  */
+  VdbeNoopComment((v, "A-lt-B subroutine"));
+  addrAltB = sqlite3VdbeAddOp2(v, OP_Gosub, regOutA, addrOutA);
+  sqlite3VdbeAddOp2(v, OP_Yield, regAddrA, addrEofA); VdbeCoverage(v);
+  sqlite3VdbeGoto(v, labelCmpr);
+
+  /* Generate code to handle the case of A==B
+  */
+  if( op==TK_ALL ){
+    addrAeqB = addrAltB;
+  }else if( op==TK_INTERSECT ){
+    addrAeqB = addrAltB;
+    addrAltB++;
+  }else{
+    VdbeNoopComment((v, "A-eq-B subroutine"));
+    addrAeqB =
+    sqlite3VdbeAddOp2(v, OP_Yield, regAddrA, addrEofA); VdbeCoverage(v);
+    sqlite3VdbeGoto(v, labelCmpr);
+  }
+
+  /* Generate code to handle the case of A>B
+  */
+  VdbeNoopComment((v, "A-gt-B subroutine"));
+  addrAgtB = sqlite3VdbeCurrentAddr(v);
+  if( op==TK_ALL || op==TK_UNION ){
+    sqlite3VdbeAddOp2(v, OP_Gosub, regOutB, addrOutB);
+  }
+  sqlite3VdbeAddOp2(v, OP_Yield, regAddrB, addrEofB); VdbeCoverage(v);
+  sqlite3VdbeGoto(v, labelCmpr);
+
+  /* This code runs once to initialize everything.
+  */
+  sqlite3VdbeJumpHere(v, addr1);
+  sqlite3VdbeAddOp2(v, OP_Yield, regAddrA, addrEofA_noB); VdbeCoverage(v);
+  sqlite3VdbeAddOp2(v, OP_Yield, regAddrB, addrEofB); VdbeCoverage(v);
+
+  /* Implement the main merge loop
+  */
+  sqlite3VdbeResolveLabel(v, labelCmpr);
+  sqlite3VdbeAddOp4(v, OP_Permutation, 0, 0, 0, (char*)aPermute, P4_INTARRAY);
+  sqlite3VdbeAddOp4(v, OP_Compare, destA.iSdst, destB.iSdst, nOrderBy,
+                         (char*)pKeyMerge, P4_KEYINFO);
+  sqlite3VdbeChangeP5(v, OPFLAG_PERMUTE);
+  sqlite3VdbeAddOp3(v, OP_Jump, addrAltB, addrAeqB, addrAgtB); VdbeCoverage(v);
+
+  /* Jump to the this point in order to terminate the query.
+  */
+  sqlite3VdbeResolveLabel(v, labelEnd);
+
+  /* Set the number of output columns
+  */
+  if( pDest->eDest==SRT_Output ){
+    Select *pFirst = pPrior;
+    while( pFirst->pPrior ) pFirst = pFirst->pPrior;
+    generateColumnNames(pParse, pFirst->pSrc, pFirst->pEList);
+  }
+
+  /* Reassembly the compound query so that it will be freed correctly
+  ** by the calling function */
+  if( p->pPrior ){
+    sqlite3SelectDelete(db, p->pPrior);
+  }
+  p->pPrior = pPrior;
+  pPrior->pNext = p;
+
+  /*** TBD:  Insert subroutine calls to close cursors on incomplete
+  **** subqueries ****/
+  explainComposite(pParse, p->op, iSub1, iSub2, 0);
+  return pParse->nErr!=0;
+}
+#endif
+
+#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
+/* Forward Declarations */
+static void substExprList(sqlite3*, ExprList*, int, ExprList*);
+static void substSelect(sqlite3*, Select *, int, ExprList*, int);
+
+/*
+** Scan through the expression pExpr.  Replace every reference to
+** a column in table number iTable with a copy of the iColumn-th
+** entry in pEList.  (But leave references to the ROWID column 
+** unchanged.)
+**
+** This routine is part of the flattening procedure.  A subquery
+** whose result set is defined by pEList appears as entry in the
+** FROM clause of a SELECT such that the VDBE cursor assigned to that
+** FORM clause entry is iTable.  This routine make the necessary 
+** changes to pExpr so that it refers directly to the source table
+** of the subquery rather the result set of the subquery.
+*/
+static Expr *substExpr(
+  sqlite3 *db,        /* Report malloc errors to this connection */
+  Expr *pExpr,        /* Expr in which substitution occurs */
+  int iTable,         /* Table to be substituted */
+  ExprList *pEList    /* Substitute expressions */
+){
+  if( pExpr==0 ) return 0;
+  if( pExpr->op==TK_COLUMN && pExpr->iTable==iTable ){
+    if( pExpr->iColumn<0 ){
+      pExpr->op = TK_NULL;
+    }else{
+      Expr *pNew;
+      assert( pEList!=0 && pExpr->iColumn<pEList->nExpr );
+      assert( pExpr->pLeft==0 && pExpr->pRight==0 );
+      pNew = sqlite3ExprDup(db, pEList->a[pExpr->iColumn].pExpr, 0);
+      sqlite3ExprDelete(db, pExpr);
+      pExpr = pNew;
+    }
+  }else{
+    pExpr->pLeft = substExpr(db, pExpr->pLeft, iTable, pEList);
+    pExpr->pRight = substExpr(db, pExpr->pRight, iTable, pEList);
+    if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+      substSelect(db, pExpr->x.pSelect, iTable, pEList, 1);
+    }else{
+      substExprList(db, pExpr->x.pList, iTable, pEList);
+    }
+  }
+  return pExpr;
+}
+static void substExprList(
+  sqlite3 *db,         /* Report malloc errors here */
+  ExprList *pList,     /* List to scan and in which to make substitutes */
+  int iTable,          /* Table to be substituted */
+  ExprList *pEList     /* Substitute values */
+){
+  int i;
+  if( pList==0 ) return;
+  for(i=0; i<pList->nExpr; i++){
+    pList->a[i].pExpr = substExpr(db, pList->a[i].pExpr, iTable, pEList);
+  }
+}
+static void substSelect(
+  sqlite3 *db,         /* Report malloc errors here */
+  Select *p,           /* SELECT statement in which to make substitutions */
+  int iTable,          /* Table to be replaced */
+  ExprList *pEList,    /* Substitute values */
+  int doPrior          /* Do substitutes on p->pPrior too */
+){
+  SrcList *pSrc;
+  struct SrcList_item *pItem;
+  int i;
+  if( !p ) return;
+  do{
+    substExprList(db, p->pEList, iTable, pEList);
+    substExprList(db, p->pGroupBy, iTable, pEList);
+    substExprList(db, p->pOrderBy, iTable, pEList);
+    p->pHaving = substExpr(db, p->pHaving, iTable, pEList);
+    p->pWhere = substExpr(db, p->pWhere, iTable, pEList);
+    pSrc = p->pSrc;
+    assert( pSrc!=0 );
+    for(i=pSrc->nSrc, pItem=pSrc->a; i>0; i--, pItem++){
+      substSelect(db, pItem->pSelect, iTable, pEList, 1);
+      if( pItem->fg.isTabFunc ){
+        substExprList(db, pItem->u1.pFuncArg, iTable, pEList);
+      }
+    }
+  }while( doPrior && (p = p->pPrior)!=0 );
+}
+#endif /* !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW) */
+
+#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
+/*
+** This routine attempts to flatten subqueries as a performance optimization.
+** This routine returns 1 if it makes changes and 0 if no flattening occurs.
+**
+** To understand the concept of flattening, consider the following
+** query:
+**
+**     SELECT a FROM (SELECT x+y AS a FROM t1 WHERE z<100) WHERE a>5
+**
+** The default way of implementing this query is to execute the
+** subquery first and store the results in a temporary table, then
+** run the outer query on that temporary table.  This requires two
+** passes over the data.  Furthermore, because the temporary table
+** has no indices, the WHERE clause on the outer query cannot be
+** optimized.
+**
+** This routine attempts to rewrite queries such as the above into
+** a single flat select, like this:
+**
+**     SELECT x+y AS a FROM t1 WHERE z<100 AND a>5
+**
+** The code generated for this simplification gives the same result
+** but only has to scan the data once.  And because indices might 
+** exist on the table t1, a complete scan of the data might be
+** avoided.
+**
+** Flattening is only attempted if all of the following are true:
+**
+**   (1)  The subquery and the outer query do not both use aggregates.
+**
+**   (2)  The subquery is not an aggregate or (2a) the outer query is not a join
+**        and (2b) the outer query does not use subqueries other than the one
+**        FROM-clause subquery that is a candidate for flattening.  (2b is
+**        due to ticket [2f7170d73bf9abf80] from 2015-02-09.)
+**
+**   (3)  The subquery is not the right operand of a left outer join
+**        (Originally ticket #306.  Strengthened by ticket #3300)
+**
+**   (4)  The subquery is not DISTINCT.
+**
+**  (**)  At one point restrictions (4) and (5) defined a subset of DISTINCT
+**        sub-queries that were excluded from this optimization. Restriction 
+**        (4) has since been expanded to exclude all DISTINCT subqueries.
+**
+**   (6)  The subquery does not use aggregates or the outer query is not
+**        DISTINCT.
+**
+**   (7)  The subquery has a FROM clause.  TODO:  For subqueries without
+**        A FROM clause, consider adding a FROM close with the special
+**        table sqlite_once that consists of a single row containing a
+**        single NULL.
+**
+**   (8)  The subquery does not use LIMIT or the outer query is not a join.
+**
+**   (9)  The subquery does not use LIMIT or the outer query does not use
+**        aggregates.
+**
+**  (**)  Restriction (10) was removed from the code on 2005-02-05 but we
+**        accidently carried the comment forward until 2014-09-15.  Original
+**        text: "The subquery does not use aggregates or the outer query 
+**        does not use LIMIT."
+**
+**  (11)  The subquery and the outer query do not both have ORDER BY clauses.
+**
+**  (**)  Not implemented.  Subsumed into restriction (3).  Was previously
+**        a separate restriction deriving from ticket #350.
+**
+**  (13)  The subquery and outer query do not both use LIMIT.
+**
+**  (14)  The subquery does not use OFFSET.
+**
+**  (15)  The outer query is not part of a compound select or the
+**        subquery does not have a LIMIT clause.
+**        (See ticket #2339 and ticket [02a8e81d44]).
+**
+**  (16)  The outer query is not an aggregate or the subquery does
+**        not contain ORDER BY.  (Ticket #2942)  This used to not matter
+**        until we introduced the group_concat() function.  
+**
+**  (17)  The sub-query is not a compound select, or it is a UNION ALL 
+**        compound clause made up entirely of non-aggregate queries, and 
+**        the parent query:
+**
+**          * is not itself part of a compound select,
+**          * is not an aggregate or DISTINCT query, and
+**          * is not a join
+**
+**        The parent and sub-query may contain WHERE clauses. Subject to
+**        rules (11), (13) and (14), they may also contain ORDER BY,
+**        LIMIT and OFFSET clauses.  The subquery cannot use any compound
+**        operator other than UNION ALL because all the other compound
+**        operators have an implied DISTINCT which is disallowed by
+**        restriction (4).
+**
+**        Also, each component of the sub-query must return the same number
+**        of result columns. This is actually a requirement for any compound
+**        SELECT statement, but all the code here does is make sure that no
+**        such (illegal) sub-query is flattened. The caller will detect the
+**        syntax error and return a detailed message.
+**
+**  (18)  If the sub-query is a compound select, then all terms of the
+**        ORDER by clause of the parent must be simple references to 
+**        columns of the sub-query.
+**
+**  (19)  The subquery does not use LIMIT or the outer query does not
+**        have a WHERE clause.
+**
+**  (20)  If the sub-query is a compound select, then it must not use
+**        an ORDER BY clause.  Ticket #3773.  We could relax this constraint
+**        somewhat by saying that the terms of the ORDER BY clause must
+**        appear as unmodified result columns in the outer query.  But we
+**        have other optimizations in mind to deal with that case.
+**
+**  (21)  The subquery does not use LIMIT or the outer query is not
+**        DISTINCT.  (See ticket [752e1646fc]).
+**
+**  (22)  The subquery is not a recursive CTE.
+**
+**  (23)  The parent is not a recursive CTE, or the sub-query is not a
+**        compound query. This restriction is because transforming the
+**        parent to a compound query confuses the code that handles
+**        recursive queries in multiSelect().
+**
+**  (24)  The subquery is not an aggregate that uses the built-in min() or 
+**        or max() functions.  (Without this restriction, a query like:
+**        "SELECT x FROM (SELECT max(y), x FROM t1)" would not necessarily
+**        return the value X for which Y was maximal.)
+**
+**
+** In this routine, the "p" parameter is a pointer to the outer query.
+** The subquery is p->pSrc->a[iFrom].  isAgg is true if the outer query
+** uses aggregates and subqueryIsAgg is true if the subquery uses aggregates.
+**
+** If flattening is not attempted, this routine is a no-op and returns 0.
+** If flattening is attempted this routine returns 1.
+**
+** All of the expression analysis must occur on both the outer query and
+** the subquery before this routine runs.
+*/
+static int flattenSubquery(
+  Parse *pParse,       /* Parsing context */
+  Select *p,           /* The parent or outer SELECT statement */
+  int iFrom,           /* Index in p->pSrc->a[] of the inner subquery */
+  int isAgg,           /* True if outer SELECT uses aggregate functions */
+  int subqueryIsAgg    /* True if the subquery uses aggregate functions */
+){
+  const char *zSavedAuthContext = pParse->zAuthContext;
+  Select *pParent;    /* Current UNION ALL term of the other query */
+  Select *pSub;       /* The inner query or "subquery" */
+  Select *pSub1;      /* Pointer to the rightmost select in sub-query */
+  SrcList *pSrc;      /* The FROM clause of the outer query */
+  SrcList *pSubSrc;   /* The FROM clause of the subquery */
+  ExprList *pList;    /* The result set of the outer query */
+  int iParent;        /* VDBE cursor number of the pSub result set temp table */
+  int i;              /* Loop counter */
+  Expr *pWhere;                    /* The WHERE clause */
+  struct SrcList_item *pSubitem;   /* The subquery */
+  sqlite3 *db = pParse->db;
+
+  /* Check to see if flattening is permitted.  Return 0 if not.
+  */
+  assert( p!=0 );
+  assert( p->pPrior==0 );  /* Unable to flatten compound queries */
+  if( OptimizationDisabled(db, SQLITE_QueryFlattener) ) return 0;
+  pSrc = p->pSrc;
+  assert( pSrc && iFrom>=0 && iFrom<pSrc->nSrc );
+  pSubitem = &pSrc->a[iFrom];
+  iParent = pSubitem->iCursor;
+  pSub = pSubitem->pSelect;
+  assert( pSub!=0 );
+  if( subqueryIsAgg ){
+    if( isAgg ) return 0;                                /* Restriction (1)   */
+    if( pSrc->nSrc>1 ) return 0;                         /* Restriction (2a)  */
+    if( (p->pWhere && ExprHasProperty(p->pWhere,EP_Subquery))
+     || (sqlite3ExprListFlags(p->pEList) & EP_Subquery)!=0
+     || (sqlite3ExprListFlags(p->pOrderBy) & EP_Subquery)!=0
+    ){
+      return 0;                                          /* Restriction (2b)  */
+    }
+  }
+    
+  pSubSrc = pSub->pSrc;
+  assert( pSubSrc );
+  /* Prior to version 3.1.2, when LIMIT and OFFSET had to be simple constants,
+  ** not arbitrary expressions, we allowed some combining of LIMIT and OFFSET
+  ** because they could be computed at compile-time.  But when LIMIT and OFFSET
+  ** became arbitrary expressions, we were forced to add restrictions (13)
+  ** and (14). */
+  if( pSub->pLimit && p->pLimit ) return 0;              /* Restriction (13) */
+  if( pSub->pOffset ) return 0;                          /* Restriction (14) */
+  if( (p->selFlags & SF_Compound)!=0 && pSub->pLimit ){
+    return 0;                                            /* Restriction (15) */
+  }
+  if( pSubSrc->nSrc==0 ) return 0;                       /* Restriction (7)  */
+  if( pSub->selFlags & SF_Distinct ) return 0;           /* Restriction (5)  */
+  if( pSub->pLimit && (pSrc->nSrc>1 || isAgg) ){
+     return 0;         /* Restrictions (8)(9) */
+  }
+  if( (p->selFlags & SF_Distinct)!=0 && subqueryIsAgg ){
+     return 0;         /* Restriction (6)  */
+  }
+  if( p->pOrderBy && pSub->pOrderBy ){
+     return 0;                                           /* Restriction (11) */
+  }
+  if( isAgg && pSub->pOrderBy ) return 0;                /* Restriction (16) */
+  if( pSub->pLimit && p->pWhere ) return 0;              /* Restriction (19) */
+  if( pSub->pLimit && (p->selFlags & SF_Distinct)!=0 ){
+     return 0;         /* Restriction (21) */
+  }
+  testcase( pSub->selFlags & SF_Recursive );
+  testcase( pSub->selFlags & SF_MinMaxAgg );
+  if( pSub->selFlags & (SF_Recursive|SF_MinMaxAgg) ){
+    return 0; /* Restrictions (22) and (24) */
+  }
+  if( (p->selFlags & SF_Recursive) && pSub->pPrior ){
+    return 0; /* Restriction (23) */
+  }
+
+  /* OBSOLETE COMMENT 1:
+  ** Restriction 3:  If the subquery is a join, make sure the subquery is 
+  ** not used as the right operand of an outer join.  Examples of why this
+  ** is not allowed:
+  **
+  **         t1 LEFT OUTER JOIN (t2 JOIN t3)
+  **
+  ** If we flatten the above, we would get
+  **
+  **         (t1 LEFT OUTER JOIN t2) JOIN t3
+  **
+  ** which is not at all the same thing.
+  **
+  ** OBSOLETE COMMENT 2:
+  ** Restriction 12:  If the subquery is the right operand of a left outer
+  ** join, make sure the subquery has no WHERE clause.
+  ** An examples of why this is not allowed:
+  **
+  **         t1 LEFT OUTER JOIN (SELECT * FROM t2 WHERE t2.x>0)
+  **
+  ** If we flatten the above, we would get
+  **
+  **         (t1 LEFT OUTER JOIN t2) WHERE t2.x>0
+  **
+  ** But the t2.x>0 test will always fail on a NULL row of t2, which
+  ** effectively converts the OUTER JOIN into an INNER JOIN.
+  **
+  ** THIS OVERRIDES OBSOLETE COMMENTS 1 AND 2 ABOVE:
+  ** Ticket #3300 shows that flattening the right term of a LEFT JOIN
+  ** is fraught with danger.  Best to avoid the whole thing.  If the
+  ** subquery is the right term of a LEFT JOIN, then do not flatten.
+  */
+  if( (pSubitem->fg.jointype & JT_OUTER)!=0 ){
+    return 0;
+  }
+
+  /* Restriction 17: If the sub-query is a compound SELECT, then it must
+  ** use only the UNION ALL operator. And none of the simple select queries
+  ** that make up the compound SELECT are allowed to be aggregate or distinct
+  ** queries.
+  */
+  if( pSub->pPrior ){
+    if( pSub->pOrderBy ){
+      return 0;  /* Restriction 20 */
+    }
+    if( isAgg || (p->selFlags & SF_Distinct)!=0 || pSrc->nSrc!=1 ){
+      return 0;
+    }
+    for(pSub1=pSub; pSub1; pSub1=pSub1->pPrior){
+      testcase( (pSub1->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct );
+      testcase( (pSub1->selFlags & (SF_Distinct|SF_Aggregate))==SF_Aggregate );
+      assert( pSub->pSrc!=0 );
+      assert( pSub->pEList->nExpr==pSub1->pEList->nExpr );
+      if( (pSub1->selFlags & (SF_Distinct|SF_Aggregate))!=0
+       || (pSub1->pPrior && pSub1->op!=TK_ALL) 
+       || pSub1->pSrc->nSrc<1
+      ){
+        return 0;
+      }
+      testcase( pSub1->pSrc->nSrc>1 );
+    }
+
+    /* Restriction 18. */
+    if( p->pOrderBy ){
+      int ii;
+      for(ii=0; ii<p->pOrderBy->nExpr; ii++){
+        if( p->pOrderBy->a[ii].u.x.iOrderByCol==0 ) return 0;
+      }
+    }
+  }
+
+  /***** If we reach this point, flattening is permitted. *****/
+  SELECTTRACE(1,pParse,p,("flatten %s.%p from term %d\n",
+                   pSub->zSelName, pSub, iFrom));
+
+  /* Authorize the subquery */
+  pParse->zAuthContext = pSubitem->zName;
+  TESTONLY(i =) sqlite3AuthCheck(pParse, SQLITE_SELECT, 0, 0, 0);
+  testcase( i==SQLITE_DENY );
+  pParse->zAuthContext = zSavedAuthContext;
+
+  /* If the sub-query is a compound SELECT statement, then (by restrictions
+  ** 17 and 18 above) it must be a UNION ALL and the parent query must 
+  ** be of the form:
+  **
+  **     SELECT <expr-list> FROM (<sub-query>) <where-clause> 
+  **
+  ** followed by any ORDER BY, LIMIT and/or OFFSET clauses. This block
+  ** creates N-1 copies of the parent query without any ORDER BY, LIMIT or 
+  ** OFFSET clauses and joins them to the left-hand-side of the original
+  ** using UNION ALL operators. In this case N is the number of simple
+  ** select statements in the compound sub-query.
+  **
+  ** Example:
+  **
+  **     SELECT a+1 FROM (
+  **        SELECT x FROM tab
+  **        UNION ALL
+  **        SELECT y FROM tab
+  **        UNION ALL
+  **        SELECT abs(z*2) FROM tab2
+  **     ) WHERE a!=5 ORDER BY 1
+  **
+  ** Transformed into:
+  **
+  **     SELECT x+1 FROM tab WHERE x+1!=5
+  **     UNION ALL
+  **     SELECT y+1 FROM tab WHERE y+1!=5
+  **     UNION ALL
+  **     SELECT abs(z*2)+1 FROM tab2 WHERE abs(z*2)+1!=5
+  **     ORDER BY 1
+  **
+  ** We call this the "compound-subquery flattening".
+  */
+  for(pSub=pSub->pPrior; pSub; pSub=pSub->pPrior){
+    Select *pNew;
+    ExprList *pOrderBy = p->pOrderBy;
+    Expr *pLimit = p->pLimit;
+    Expr *pOffset = p->pOffset;
+    Select *pPrior = p->pPrior;
+    p->pOrderBy = 0;
+    p->pSrc = 0;
+    p->pPrior = 0;
+    p->pLimit = 0;
+    p->pOffset = 0;
+    pNew = sqlite3SelectDup(db, p, 0);
+    sqlite3SelectSetName(pNew, pSub->zSelName);
+    p->pOffset = pOffset;
+    p->pLimit = pLimit;
+    p->pOrderBy = pOrderBy;
+    p->pSrc = pSrc;
+    p->op = TK_ALL;
+    if( pNew==0 ){
+      p->pPrior = pPrior;
+    }else{
+      pNew->pPrior = pPrior;
+      if( pPrior ) pPrior->pNext = pNew;
+      pNew->pNext = p;
+      p->pPrior = pNew;
+      SELECTTRACE(2,pParse,p,
+         ("compound-subquery flattener creates %s.%p as peer\n",
+         pNew->zSelName, pNew));
+    }
+    if( db->mallocFailed ) return 1;
+  }
+
+  /* Begin flattening the iFrom-th entry of the FROM clause 
+  ** in the outer query.
+  */
+  pSub = pSub1 = pSubitem->pSelect;
+
+  /* Delete the transient table structure associated with the
+  ** subquery
+  */
+  sqlite3DbFree(db, pSubitem->zDatabase);
+  sqlite3DbFree(db, pSubitem->zName);
+  sqlite3DbFree(db, pSubitem->zAlias);
+  pSubitem->zDatabase = 0;
+  pSubitem->zName = 0;
+  pSubitem->zAlias = 0;
+  pSubitem->pSelect = 0;
+
+  /* Defer deleting the Table object associated with the
+  ** subquery until code generation is
+  ** complete, since there may still exist Expr.pTab entries that
+  ** refer to the subquery even after flattening.  Ticket #3346.
+  **
+  ** pSubitem->pTab is always non-NULL by test restrictions and tests above.
+  */
+  if( ALWAYS(pSubitem->pTab!=0) ){
+    Table *pTabToDel = pSubitem->pTab;
+    if( pTabToDel->nRef==1 ){
+      Parse *pToplevel = sqlite3ParseToplevel(pParse);
+      pTabToDel->pNextZombie = pToplevel->pZombieTab;
+      pToplevel->pZombieTab = pTabToDel;
+    }else{
+      pTabToDel->nRef--;
+    }
+    pSubitem->pTab = 0;
+  }
+
+  /* The following loop runs once for each term in a compound-subquery
+  ** flattening (as described above).  If we are doing a different kind
+  ** of flattening - a flattening other than a compound-subquery flattening -
+  ** then this loop only runs once.
+  **
+  ** This loop moves all of the FROM elements of the subquery into the
+  ** the FROM clause of the outer query.  Before doing this, remember
+  ** the cursor number for the original outer query FROM element in
+  ** iParent.  The iParent cursor will never be used.  Subsequent code
+  ** will scan expressions looking for iParent references and replace
+  ** those references with expressions that resolve to the subquery FROM
+  ** elements we are now copying in.
+  */
+  for(pParent=p; pParent; pParent=pParent->pPrior, pSub=pSub->pPrior){
+    int nSubSrc;
+    u8 jointype = 0;
+    pSubSrc = pSub->pSrc;     /* FROM clause of subquery */
+    nSubSrc = pSubSrc->nSrc;  /* Number of terms in subquery FROM clause */
+    pSrc = pParent->pSrc;     /* FROM clause of the outer query */
+
+    if( pSrc ){
+      assert( pParent==p );  /* First time through the loop */
+      jointype = pSubitem->fg.jointype;
+    }else{
+      assert( pParent!=p );  /* 2nd and subsequent times through the loop */
+      pSrc = pParent->pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
+      if( pSrc==0 ){
+        assert( db->mallocFailed );
+        break;
+      }
+    }
+
+    /* The subquery uses a single slot of the FROM clause of the outer
+    ** query.  If the subquery has more than one element in its FROM clause,
+    ** then expand the outer query to make space for it to hold all elements
+    ** of the subquery.
+    **
+    ** Example:
+    **
+    **    SELECT * FROM tabA, (SELECT * FROM sub1, sub2), tabB;
+    **
+    ** The outer query has 3 slots in its FROM clause.  One slot of the
+    ** outer query (the middle slot) is used by the subquery.  The next
+    ** block of code will expand the outer query FROM clause to 4 slots.
+    ** The middle slot is expanded to two slots in order to make space
+    ** for the two elements in the FROM clause of the subquery.
+    */
+    if( nSubSrc>1 ){
+      pParent->pSrc = pSrc = sqlite3SrcListEnlarge(db, pSrc, nSubSrc-1,iFrom+1);
+      if( db->mallocFailed ){
+        break;
+      }
+    }
+
+    /* Transfer the FROM clause terms from the subquery into the
+    ** outer query.
+    */
+    for(i=0; i<nSubSrc; i++){
+      sqlite3IdListDelete(db, pSrc->a[i+iFrom].pUsing);
+      assert( pSrc->a[i+iFrom].fg.isTabFunc==0 );
+      pSrc->a[i+iFrom] = pSubSrc->a[i];
+      memset(&pSubSrc->a[i], 0, sizeof(pSubSrc->a[i]));
+    }
+    pSrc->a[iFrom].fg.jointype = jointype;
+  
+    /* Now begin substituting subquery result set expressions for 
+    ** references to the iParent in the outer query.
+    ** 
+    ** Example:
+    **
+    **   SELECT a+5, b*10 FROM (SELECT x*3 AS a, y+10 AS b FROM t1) WHERE a>b;
+    **   \                     \_____________ subquery __________/          /
+    **    \_____________________ outer query ______________________________/
+    **
+    ** We look at every expression in the outer query and every place we see
+    ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10".
+    */
+    pList = pParent->pEList;
+    for(i=0; i<pList->nExpr; i++){
+      if( pList->a[i].zName==0 ){
+        char *zName = sqlite3DbStrDup(db, pList->a[i].zSpan);
+        sqlite3Dequote(zName);
+        pList->a[i].zName = zName;
+      }
+    }
+    if( pSub->pOrderBy ){
+      /* At this point, any non-zero iOrderByCol values indicate that the
+      ** ORDER BY column expression is identical to the iOrderByCol'th
+      ** expression returned by SELECT statement pSub. Since these values
+      ** do not necessarily correspond to columns in SELECT statement pParent,
+      ** zero them before transfering the ORDER BY clause.
+      **
+      ** Not doing this may cause an error if a subsequent call to this
+      ** function attempts to flatten a compound sub-query into pParent
+      ** (the only way this can happen is if the compound sub-query is
+      ** currently part of pSub->pSrc). See ticket [d11a6e908f].  */
+      ExprList *pOrderBy = pSub->pOrderBy;
+      for(i=0; i<pOrderBy->nExpr; i++){
+        pOrderBy->a[i].u.x.iOrderByCol = 0;
+      }
+      assert( pParent->pOrderBy==0 );
+      assert( pSub->pPrior==0 );
+      pParent->pOrderBy = pOrderBy;
+      pSub->pOrderBy = 0;
+    }
+    pWhere = sqlite3ExprDup(db, pSub->pWhere, 0);
+    if( subqueryIsAgg ){
+      assert( pParent->pHaving==0 );
+      pParent->pHaving = pParent->pWhere;
+      pParent->pWhere = pWhere;
+      pParent->pHaving = sqlite3ExprAnd(db, pParent->pHaving, 
+                                  sqlite3ExprDup(db, pSub->pHaving, 0));
+      assert( pParent->pGroupBy==0 );
+      pParent->pGroupBy = sqlite3ExprListDup(db, pSub->pGroupBy, 0);
+    }else{
+      pParent->pWhere = sqlite3ExprAnd(db, pParent->pWhere, pWhere);
+    }
+    substSelect(db, pParent, iParent, pSub->pEList, 0);
+  
+    /* The flattened query is distinct if either the inner or the
+    ** outer query is distinct. 
+    */
+    pParent->selFlags |= pSub->selFlags & SF_Distinct;
+  
+    /*
+    ** SELECT ... FROM (SELECT ... LIMIT a OFFSET b) LIMIT x OFFSET y;
+    **
+    ** One is tempted to try to add a and b to combine the limits.  But this
+    ** does not work if either limit is negative.
+    */
+    if( pSub->pLimit ){
+      pParent->pLimit = pSub->pLimit;
+      pSub->pLimit = 0;
+    }
+  }
+
+  /* Finially, delete what is left of the subquery and return
+  ** success.
+  */
+  sqlite3SelectDelete(db, pSub1);
+
+#if SELECTTRACE_ENABLED
+  if( sqlite3SelectTrace & 0x100 ){
+    SELECTTRACE(0x100,pParse,p,("After flattening:\n"));
+    sqlite3TreeViewSelect(0, p, 0);
+  }
+#endif
+
+  return 1;
+}
+#endif /* !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW) */
+
+
+
+#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
+/*
+** Make copies of relevant WHERE clause terms of the outer query into
+** the WHERE clause of subquery.  Example:
+**
+**    SELECT * FROM (SELECT a AS x, c-d AS y FROM t1) WHERE x=5 AND y=10;
+**
+** Transformed into:
+**
+**    SELECT * FROM (SELECT a AS x, c-d AS y FROM t1 WHERE a=5 AND c-d=10)
+**     WHERE x=5 AND y=10;
+**
+** The hope is that the terms added to the inner query will make it more
+** efficient.
+**
+** Do not attempt this optimization if:
+**
+**   (1) The inner query is an aggregate.  (In that case, we'd really want
+**       to copy the outer WHERE-clause terms onto the HAVING clause of the
+**       inner query.  But they probably won't help there so do not bother.)
+**
+**   (2) The inner query is the recursive part of a common table expression.
+**
+**   (3) The inner query has a LIMIT clause (since the changes to the WHERE
+**       close would change the meaning of the LIMIT).
+**
+**   (4) The inner query is the right operand of a LEFT JOIN.  (The caller
+**       enforces this restriction since this routine does not have enough
+**       information to know.)
+**
+**   (5) The WHERE clause expression originates in the ON or USING clause
+**       of a LEFT JOIN.
+**
+** Return 0 if no changes are made and non-zero if one or more WHERE clause
+** terms are duplicated into the subquery.
+*/
+static int pushDownWhereTerms(
+  sqlite3 *db,          /* The database connection (for malloc()) */
+  Select *pSubq,        /* The subquery whose WHERE clause is to be augmented */
+  Expr *pWhere,         /* The WHERE clause of the outer query */
+  int iCursor           /* Cursor number of the subquery */
+){
+  Expr *pNew;
+  int nChng = 0;
+  if( pWhere==0 ) return 0;
+  if( (pSubq->selFlags & (SF_Aggregate|SF_Recursive))!=0 ){
+     return 0; /* restrictions (1) and (2) */
+  }
+  if( pSubq->pLimit!=0 ){
+     return 0; /* restriction (3) */
+  }
+  while( pWhere->op==TK_AND ){
+    nChng += pushDownWhereTerms(db, pSubq, pWhere->pRight, iCursor);
+    pWhere = pWhere->pLeft;
+  }
+  if( ExprHasProperty(pWhere,EP_FromJoin) ) return 0; /* restriction 5 */
+  if( sqlite3ExprIsTableConstant(pWhere, iCursor) ){
+    nChng++;
+    while( pSubq ){
+      pNew = sqlite3ExprDup(db, pWhere, 0);
+      pNew = substExpr(db, pNew, iCursor, pSubq->pEList);
+      pSubq->pWhere = sqlite3ExprAnd(db, pSubq->pWhere, pNew);
+      pSubq = pSubq->pPrior;
+    }
+  }
+  return nChng;
+}
+#endif /* !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW) */
+
+/*
+** Based on the contents of the AggInfo structure indicated by the first
+** argument, this function checks if the following are true:
+**
+**    * the query contains just a single aggregate function,
+**    * the aggregate function is either min() or max(), and
+**    * the argument to the aggregate function is a column value.
+**
+** If all of the above are true, then WHERE_ORDERBY_MIN or WHERE_ORDERBY_MAX
+** is returned as appropriate. Also, *ppMinMax is set to point to the 
+** list of arguments passed to the aggregate before returning.
+**
+** Or, if the conditions above are not met, *ppMinMax is set to 0 and
+** WHERE_ORDERBY_NORMAL is returned.
+*/
+static u8 minMaxQuery(AggInfo *pAggInfo, ExprList **ppMinMax){
+  int eRet = WHERE_ORDERBY_NORMAL;          /* Return value */
+
+  *ppMinMax = 0;
+  if( pAggInfo->nFunc==1 ){
+    Expr *pExpr = pAggInfo->aFunc[0].pExpr; /* Aggregate function */
+    ExprList *pEList = pExpr->x.pList;      /* Arguments to agg function */
+
+    assert( pExpr->op==TK_AGG_FUNCTION );
+    if( pEList && pEList->nExpr==1 && pEList->a[0].pExpr->op==TK_AGG_COLUMN ){
+      const char *zFunc = pExpr->u.zToken;
+      if( sqlite3StrICmp(zFunc, "min")==0 ){
+        eRet = WHERE_ORDERBY_MIN;
+        *ppMinMax = pEList;
+      }else if( sqlite3StrICmp(zFunc, "max")==0 ){
+        eRet = WHERE_ORDERBY_MAX;
+        *ppMinMax = pEList;
+      }
+    }
+  }
+
+  assert( *ppMinMax==0 || (*ppMinMax)->nExpr==1 );
+  return eRet;
+}
+
+/*
+** The select statement passed as the first argument is an aggregate query.
+** The second argument is the associated aggregate-info object. This 
+** function tests if the SELECT is of the form:
+**
+**   SELECT count(*) FROM <tbl>
+**
+** where table is a database table, not a sub-select or view. If the query
+** does match this pattern, then a pointer to the Table object representing
+** <tbl> is returned. Otherwise, 0 is returned.
+*/
+static Table *isSimpleCount(Select *p, AggInfo *pAggInfo){
+  Table *pTab;
+  Expr *pExpr;
+
+  assert( !p->pGroupBy );
+
+  if( p->pWhere || p->pEList->nExpr!=1 
+   || p->pSrc->nSrc!=1 || p->pSrc->a[0].pSelect
+  ){
+    return 0;
+  }
+  pTab = p->pSrc->a[0].pTab;
+  pExpr = p->pEList->a[0].pExpr;
+  assert( pTab && !pTab->pSelect && pExpr );
+
+  if( IsVirtual(pTab) ) return 0;
+  if( pExpr->op!=TK_AGG_FUNCTION ) return 0;
+  if( NEVER(pAggInfo->nFunc==0) ) return 0;
+  if( (pAggInfo->aFunc[0].pFunc->funcFlags&SQLITE_FUNC_COUNT)==0 ) return 0;
+  if( pExpr->flags&EP_Distinct ) return 0;
+
+  return pTab;
+}
+
+/*
+** If the source-list item passed as an argument was augmented with an
+** INDEXED BY clause, then try to locate the specified index. If there
+** was such a clause and the named index cannot be found, return 
+** SQLITE_ERROR and leave an error in pParse. Otherwise, populate 
+** pFrom->pIndex and return SQLITE_OK.
+*/
+SQLITE_PRIVATE int sqlite3IndexedByLookup(Parse *pParse, struct SrcList_item *pFrom){
+  if( pFrom->pTab && pFrom->fg.isIndexedBy ){
+    Table *pTab = pFrom->pTab;
+    char *zIndexedBy = pFrom->u1.zIndexedBy;
+    Index *pIdx;
+    for(pIdx=pTab->pIndex; 
+        pIdx && sqlite3StrICmp(pIdx->zName, zIndexedBy); 
+        pIdx=pIdx->pNext
+    );
+    if( !pIdx ){
+      sqlite3ErrorMsg(pParse, "no such index: %s", zIndexedBy, 0);
+      pParse->checkSchema = 1;
+      return SQLITE_ERROR;
+    }
+    pFrom->pIBIndex = pIdx;
+  }
+  return SQLITE_OK;
+}
+/*
+** Detect compound SELECT statements that use an ORDER BY clause with 
+** an alternative collating sequence.
+**
+**    SELECT ... FROM t1 EXCEPT SELECT ... FROM t2 ORDER BY .. COLLATE ...
+**
+** These are rewritten as a subquery:
+**
+**    SELECT * FROM (SELECT ... FROM t1 EXCEPT SELECT ... FROM t2)
+**     ORDER BY ... COLLATE ...
+**
+** This transformation is necessary because the multiSelectOrderBy() routine
+** above that generates the code for a compound SELECT with an ORDER BY clause
+** uses a merge algorithm that requires the same collating sequence on the
+** result columns as on the ORDER BY clause.  See ticket
+** http://www.sqlite.org/src/info/6709574d2a
+**
+** This transformation is only needed for EXCEPT, INTERSECT, and UNION.
+** The UNION ALL operator works fine with multiSelectOrderBy() even when
+** there are COLLATE terms in the ORDER BY.
+*/
+static int convertCompoundSelectToSubquery(Walker *pWalker, Select *p){
+  int i;
+  Select *pNew;
+  Select *pX;
+  sqlite3 *db;
+  struct ExprList_item *a;
+  SrcList *pNewSrc;
+  Parse *pParse;
+  Token dummy;
+
+  if( p->pPrior==0 ) return WRC_Continue;
+  if( p->pOrderBy==0 ) return WRC_Continue;
+  for(pX=p; pX && (pX->op==TK_ALL || pX->op==TK_SELECT); pX=pX->pPrior){}
+  if( pX==0 ) return WRC_Continue;
+  a = p->pOrderBy->a;
+  for(i=p->pOrderBy->nExpr-1; i>=0; i--){
+    if( a[i].pExpr->flags & EP_Collate ) break;
+  }
+  if( i<0 ) return WRC_Continue;
+
+  /* If we reach this point, that means the transformation is required. */
+
+  pParse = pWalker->pParse;
+  db = pParse->db;
+  pNew = sqlite3DbMallocZero(db, sizeof(*pNew) );
+  if( pNew==0 ) return WRC_Abort;
+  memset(&dummy, 0, sizeof(dummy));
+  pNewSrc = sqlite3SrcListAppendFromTerm(pParse,0,0,0,&dummy,pNew,0,0);
+  if( pNewSrc==0 ) return WRC_Abort;
+  *pNew = *p;
+  p->pSrc = pNewSrc;
+  p->pEList = sqlite3ExprListAppend(pParse, 0, sqlite3Expr(db, TK_ASTERISK, 0));
+  p->op = TK_SELECT;
+  p->pWhere = 0;
+  pNew->pGroupBy = 0;
+  pNew->pHaving = 0;
+  pNew->pOrderBy = 0;
+  p->pPrior = 0;
+  p->pNext = 0;
+  p->pWith = 0;
+  p->selFlags &= ~SF_Compound;
+  assert( (p->selFlags & SF_Converted)==0 );
+  p->selFlags |= SF_Converted;
+  assert( pNew->pPrior!=0 );
+  pNew->pPrior->pNext = pNew;
+  pNew->pLimit = 0;
+  pNew->pOffset = 0;
+  return WRC_Continue;
+}
+
+/*
+** Check to see if the FROM clause term pFrom has table-valued function
+** arguments.  If it does, leave an error message in pParse and return
+** non-zero, since pFrom is not allowed to be a table-valued function.
+*/
+static int cannotBeFunction(Parse *pParse, struct SrcList_item *pFrom){
+  if( pFrom->fg.isTabFunc ){
+    sqlite3ErrorMsg(pParse, "'%s' is not a function", pFrom->zName);
+    return 1;
+  }
+  return 0;
+}
+
+#ifndef SQLITE_OMIT_CTE
+/*
+** Argument pWith (which may be NULL) points to a linked list of nested 
+** WITH contexts, from inner to outermost. If the table identified by 
+** FROM clause element pItem is really a common-table-expression (CTE) 
+** then return a pointer to the CTE definition for that table. Otherwise
+** return NULL.
+**
+** If a non-NULL value is returned, set *ppContext to point to the With
+** object that the returned CTE belongs to.
+*/
+static struct Cte *searchWith(
+  With *pWith,                    /* Current innermost WITH clause */
+  struct SrcList_item *pItem,     /* FROM clause element to resolve */
+  With **ppContext                /* OUT: WITH clause return value belongs to */
+){
+  const char *zName;
+  if( pItem->zDatabase==0 && (zName = pItem->zName)!=0 ){
+    With *p;
+    for(p=pWith; p; p=p->pOuter){
+      int i;
+      for(i=0; i<p->nCte; i++){
+        if( sqlite3StrICmp(zName, p->a[i].zName)==0 ){
+          *ppContext = p;
+          return &p->a[i];
+        }
+      }
+    }
+  }
+  return 0;
+}
+
+/* The code generator maintains a stack of active WITH clauses
+** with the inner-most WITH clause being at the top of the stack.
+**
+** This routine pushes the WITH clause passed as the second argument
+** onto the top of the stack. If argument bFree is true, then this
+** WITH clause will never be popped from the stack. In this case it
+** should be freed along with the Parse object. In other cases, when
+** bFree==0, the With object will be freed along with the SELECT 
+** statement with which it is associated.
+*/
+SQLITE_PRIVATE void sqlite3WithPush(Parse *pParse, With *pWith, u8 bFree){
+  assert( bFree==0 || (pParse->pWith==0 && pParse->pWithToFree==0) );
+  if( pWith ){
+    assert( pParse->pWith!=pWith );
+    pWith->pOuter = pParse->pWith;
+    pParse->pWith = pWith;
+    if( bFree ) pParse->pWithToFree = pWith;
+  }
+}
+
+/*
+** This function checks if argument pFrom refers to a CTE declared by 
+** a WITH clause on the stack currently maintained by the parser. And,
+** if currently processing a CTE expression, if it is a recursive
+** reference to the current CTE.
+**
+** If pFrom falls into either of the two categories above, pFrom->pTab
+** and other fields are populated accordingly. The caller should check
+** (pFrom->pTab!=0) to determine whether or not a successful match
+** was found.
+**
+** Whether or not a match is found, SQLITE_OK is returned if no error
+** occurs. If an error does occur, an error message is stored in the
+** parser and some error code other than SQLITE_OK returned.
+*/
+static int withExpand(
+  Walker *pWalker, 
+  struct SrcList_item *pFrom
+){
+  Parse *pParse = pWalker->pParse;
+  sqlite3 *db = pParse->db;
+  struct Cte *pCte;               /* Matched CTE (or NULL if no match) */
+  With *pWith;                    /* WITH clause that pCte belongs to */
+
+  assert( pFrom->pTab==0 );
+
+  pCte = searchWith(pParse->pWith, pFrom, &pWith);
+  if( pCte ){
+    Table *pTab;
+    ExprList *pEList;
+    Select *pSel;
+    Select *pLeft;                /* Left-most SELECT statement */
+    int bMayRecursive;            /* True if compound joined by UNION [ALL] */
+    With *pSavedWith;             /* Initial value of pParse->pWith */
+
+    /* If pCte->zCteErr is non-NULL at this point, then this is an illegal
+    ** recursive reference to CTE pCte. Leave an error in pParse and return
+    ** early. If pCte->zCteErr is NULL, then this is not a recursive reference.
+    ** In this case, proceed.  */
+    if( pCte->zCteErr ){
+      sqlite3ErrorMsg(pParse, pCte->zCteErr, pCte->zName);
+      return SQLITE_ERROR;
+    }
+    if( cannotBeFunction(pParse, pFrom) ) return SQLITE_ERROR;
+
+    assert( pFrom->pTab==0 );
+    pFrom->pTab = pTab = sqlite3DbMallocZero(db, sizeof(Table));
+    if( pTab==0 ) return WRC_Abort;
+    pTab->nRef = 1;
+    pTab->zName = sqlite3DbStrDup(db, pCte->zName);
+    pTab->iPKey = -1;
+    pTab->nRowLogEst = 200; assert( 200==sqlite3LogEst(1048576) );
+    pTab->tabFlags |= TF_Ephemeral | TF_NoVisibleRowid;
+    pFrom->pSelect = sqlite3SelectDup(db, pCte->pSelect, 0);
+    if( db->mallocFailed ) return SQLITE_NOMEM;
+    assert( pFrom->pSelect );
+
+    /* Check if this is a recursive CTE. */
+    pSel = pFrom->pSelect;
+    bMayRecursive = ( pSel->op==TK_ALL || pSel->op==TK_UNION );
+    if( bMayRecursive ){
+      int i;
+      SrcList *pSrc = pFrom->pSelect->pSrc;
+      for(i=0; i<pSrc->nSrc; i++){
+        struct SrcList_item *pItem = &pSrc->a[i];
+        if( pItem->zDatabase==0 
+         && pItem->zName!=0 
+         && 0==sqlite3StrICmp(pItem->zName, pCte->zName)
+          ){
+          pItem->pTab = pTab;
+          pItem->fg.isRecursive = 1;
+          pTab->nRef++;
+          pSel->selFlags |= SF_Recursive;
+        }
+      }
+    }
+
+    /* Only one recursive reference is permitted. */ 
+    if( pTab->nRef>2 ){
+      sqlite3ErrorMsg(
+          pParse, "multiple references to recursive table: %s", pCte->zName
+      );
+      return SQLITE_ERROR;
+    }
+    assert( pTab->nRef==1 || ((pSel->selFlags&SF_Recursive) && pTab->nRef==2 ));
+
+    pCte->zCteErr = "circular reference: %s";
+    pSavedWith = pParse->pWith;
+    pParse->pWith = pWith;
+    sqlite3WalkSelect(pWalker, bMayRecursive ? pSel->pPrior : pSel);
+    pParse->pWith = pWith;
+
+    for(pLeft=pSel; pLeft->pPrior; pLeft=pLeft->pPrior);
+    pEList = pLeft->pEList;
+    if( pCte->pCols ){
+      if( pEList && pEList->nExpr!=pCte->pCols->nExpr ){
+        sqlite3ErrorMsg(pParse, "table %s has %d values for %d columns",
+            pCte->zName, pEList->nExpr, pCte->pCols->nExpr
+        );
+        pParse->pWith = pSavedWith;
+        return SQLITE_ERROR;
+      }
+      pEList = pCte->pCols;
+    }
+
+    sqlite3ColumnsFromExprList(pParse, pEList, &pTab->nCol, &pTab->aCol);
+    if( bMayRecursive ){
+      if( pSel->selFlags & SF_Recursive ){
+        pCte->zCteErr = "multiple recursive references: %s";
+      }else{
+        pCte->zCteErr = "recursive reference in a subquery: %s";
+      }
+      sqlite3WalkSelect(pWalker, pSel);
+    }
+    pCte->zCteErr = 0;
+    pParse->pWith = pSavedWith;
+  }
+
+  return SQLITE_OK;
+}
+#endif
+
+#ifndef SQLITE_OMIT_CTE
+/*
+** If the SELECT passed as the second argument has an associated WITH 
+** clause, pop it from the stack stored as part of the Parse object.
+**
+** This function is used as the xSelectCallback2() callback by
+** sqlite3SelectExpand() when walking a SELECT tree to resolve table
+** names and other FROM clause elements. 
+*/
+static void selectPopWith(Walker *pWalker, Select *p){
+  Parse *pParse = pWalker->pParse;
+  With *pWith = findRightmost(p)->pWith;
+  if( pWith!=0 ){
+    assert( pParse->pWith==pWith );
+    pParse->pWith = pWith->pOuter;
+  }
+}
+#else
+#define selectPopWith 0
+#endif
+
+/*
+** This routine is a Walker callback for "expanding" a SELECT statement.
+** "Expanding" means to do the following:
+**
+**    (1)  Make sure VDBE cursor numbers have been assigned to every
+**         element of the FROM clause.
+**
+**    (2)  Fill in the pTabList->a[].pTab fields in the SrcList that 
+**         defines FROM clause.  When views appear in the FROM clause,
+**         fill pTabList->a[].pSelect with a copy of the SELECT statement
+**         that implements the view.  A copy is made of the view's SELECT
+**         statement so that we can freely modify or delete that statement
+**         without worrying about messing up the persistent representation
+**         of the view.
+**
+**    (3)  Add terms to the WHERE clause to accommodate the NATURAL keyword
+**         on joins and the ON and USING clause of joins.
+**
+**    (4)  Scan the list of columns in the result set (pEList) looking
+**         for instances of the "*" operator or the TABLE.* operator.
+**         If found, expand each "*" to be every column in every table
+**         and TABLE.* to be every column in TABLE.
+**
+*/
+static int selectExpander(Walker *pWalker, Select *p){
+  Parse *pParse = pWalker->pParse;
+  int i, j, k;
+  SrcList *pTabList;
+  ExprList *pEList;
+  struct SrcList_item *pFrom;
+  sqlite3 *db = pParse->db;
+  Expr *pE, *pRight, *pExpr;
+  u16 selFlags = p->selFlags;
+
+  p->selFlags |= SF_Expanded;
+  if( db->mallocFailed  ){
+    return WRC_Abort;
+  }
+  if( NEVER(p->pSrc==0) || (selFlags & SF_Expanded)!=0 ){
+    return WRC_Prune;
+  }
+  pTabList = p->pSrc;
+  pEList = p->pEList;
+  if( pWalker->xSelectCallback2==selectPopWith ){
+    sqlite3WithPush(pParse, findRightmost(p)->pWith, 0);
+  }
+
+  /* Make sure cursor numbers have been assigned to all entries in
+  ** the FROM clause of the SELECT statement.
+  */
+  sqlite3SrcListAssignCursors(pParse, pTabList);
+
+  /* Look up every table named in the FROM clause of the select.  If
+  ** an entry of the FROM clause is a subquery instead of a table or view,
+  ** then create a transient table structure to describe the subquery.
+  */
+  for(i=0, pFrom=pTabList->a; i<pTabList->nSrc; i++, pFrom++){
+    Table *pTab;
+    assert( pFrom->fg.isRecursive==0 || pFrom->pTab!=0 );
+    if( pFrom->fg.isRecursive ) continue;
+    assert( pFrom->pTab==0 );
+#ifndef SQLITE_OMIT_CTE
+    if( withExpand(pWalker, pFrom) ) return WRC_Abort;
+    if( pFrom->pTab ) {} else
+#endif
+    if( pFrom->zName==0 ){
+#ifndef SQLITE_OMIT_SUBQUERY
+      Select *pSel = pFrom->pSelect;
+      /* A sub-query in the FROM clause of a SELECT */
+      assert( pSel!=0 );
+      assert( pFrom->pTab==0 );
+      if( sqlite3WalkSelect(pWalker, pSel) ) return WRC_Abort;
+      pFrom->pTab = pTab = sqlite3DbMallocZero(db, sizeof(Table));
+      if( pTab==0 ) return WRC_Abort;
+      pTab->nRef = 1;
+      pTab->zName = sqlite3MPrintf(db, "sqlite_sq_%p", (void*)pTab);
+      while( pSel->pPrior ){ pSel = pSel->pPrior; }
+      sqlite3ColumnsFromExprList(pParse, pSel->pEList,&pTab->nCol,&pTab->aCol);
+      pTab->iPKey = -1;
+      pTab->nRowLogEst = 200; assert( 200==sqlite3LogEst(1048576) );
+      pTab->tabFlags |= TF_Ephemeral;
+#endif
+    }else{
+      /* An ordinary table or view name in the FROM clause */
+      assert( pFrom->pTab==0 );
+      pFrom->pTab = pTab = sqlite3LocateTableItem(pParse, 0, pFrom);
+      if( pTab==0 ) return WRC_Abort;
+      if( pTab->nRef==0xffff ){
+        sqlite3ErrorMsg(pParse, "too many references to \"%s\": max 65535",
+           pTab->zName);
+        pFrom->pTab = 0;
+        return WRC_Abort;
+      }
+      pTab->nRef++;
+      if( !IsVirtual(pTab) && cannotBeFunction(pParse, pFrom) ){
+        return WRC_Abort;
+      }
+#if !defined(SQLITE_OMIT_VIEW) || !defined (SQLITE_OMIT_VIRTUALTABLE)
+      if( IsVirtual(pTab) || pTab->pSelect ){
+        i16 nCol;
+        if( sqlite3ViewGetColumnNames(pParse, pTab) ) return WRC_Abort;
+        assert( pFrom->pSelect==0 );
+        pFrom->pSelect = sqlite3SelectDup(db, pTab->pSelect, 0);
+        sqlite3SelectSetName(pFrom->pSelect, pTab->zName);
+        nCol = pTab->nCol;
+        pTab->nCol = -1;
+        sqlite3WalkSelect(pWalker, pFrom->pSelect);
+        pTab->nCol = nCol;
+      }
+#endif
+    }
+
+    /* Locate the index named by the INDEXED BY clause, if any. */
+    if( sqlite3IndexedByLookup(pParse, pFrom) ){
+      return WRC_Abort;
+    }
+  }
+
+  /* Process NATURAL keywords, and ON and USING clauses of joins.
+  */
+  if( db->mallocFailed || sqliteProcessJoin(pParse, p) ){
+    return WRC_Abort;
+  }
+
+  /* For every "*" that occurs in the column list, insert the names of
+  ** all columns in all tables.  And for every TABLE.* insert the names
+  ** of all columns in TABLE.  The parser inserted a special expression
+  ** with the TK_ASTERISK operator for each "*" that it found in the column
+  ** list.  The following code just has to locate the TK_ASTERISK
+  ** expressions and expand each one to the list of all columns in
+  ** all tables.
+  **
+  ** The first loop just checks to see if there are any "*" operators
+  ** that need expanding.
+  */
+  for(k=0; k<pEList->nExpr; k++){
+    pE = pEList->a[k].pExpr;
+    if( pE->op==TK_ASTERISK ) break;
+    assert( pE->op!=TK_DOT || pE->pRight!=0 );
+    assert( pE->op!=TK_DOT || (pE->pLeft!=0 && pE->pLeft->op==TK_ID) );
+    if( pE->op==TK_DOT && pE->pRight->op==TK_ASTERISK ) break;
+  }
+  if( k<pEList->nExpr ){
+    /*
+    ** If we get here it means the result set contains one or more "*"
+    ** operators that need to be expanded.  Loop through each expression
+    ** in the result set and expand them one by one.
+    */
+    struct ExprList_item *a = pEList->a;
+    ExprList *pNew = 0;
+    int flags = pParse->db->flags;
+    int longNames = (flags & SQLITE_FullColNames)!=0
+                      && (flags & SQLITE_ShortColNames)==0;
+
+    for(k=0; k<pEList->nExpr; k++){
+      pE = a[k].pExpr;
+      pRight = pE->pRight;
+      assert( pE->op!=TK_DOT || pRight!=0 );
+      if( pE->op!=TK_ASTERISK
+       && (pE->op!=TK_DOT || pRight->op!=TK_ASTERISK)
+      ){
+        /* This particular expression does not need to be expanded.
+        */
+        pNew = sqlite3ExprListAppend(pParse, pNew, a[k].pExpr);
+        if( pNew ){
+          pNew->a[pNew->nExpr-1].zName = a[k].zName;
+          pNew->a[pNew->nExpr-1].zSpan = a[k].zSpan;
+          a[k].zName = 0;
+          a[k].zSpan = 0;
+        }
+        a[k].pExpr = 0;
+      }else{
+        /* This expression is a "*" or a "TABLE.*" and needs to be
+        ** expanded. */
+        int tableSeen = 0;      /* Set to 1 when TABLE matches */
+        char *zTName = 0;       /* text of name of TABLE */
+        if( pE->op==TK_DOT ){
+          assert( pE->pLeft!=0 );
+          assert( !ExprHasProperty(pE->pLeft, EP_IntValue) );
+          zTName = pE->pLeft->u.zToken;
+        }
+        for(i=0, pFrom=pTabList->a; i<pTabList->nSrc; i++, pFrom++){
+          Table *pTab = pFrom->pTab;
+          Select *pSub = pFrom->pSelect;
+          char *zTabName = pFrom->zAlias;
+          const char *zSchemaName = 0;
+          int iDb;
+          if( zTabName==0 ){
+            zTabName = pTab->zName;
+          }
+          if( db->mallocFailed ) break;
+          if( pSub==0 || (pSub->selFlags & SF_NestedFrom)==0 ){
+            pSub = 0;
+            if( zTName && sqlite3StrICmp(zTName, zTabName)!=0 ){
+              continue;
+            }
+            iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+            zSchemaName = iDb>=0 ? db->aDb[iDb].zName : "*";
+          }
+          for(j=0; j<pTab->nCol; j++){
+            char *zName = pTab->aCol[j].zName;
+            char *zColname;  /* The computed column name */
+            char *zToFree;   /* Malloced string that needs to be freed */
+            Token sColname;  /* Computed column name as a token */
+
+            assert( zName );
+            if( zTName && pSub
+             && sqlite3MatchSpanName(pSub->pEList->a[j].zSpan, 0, zTName, 0)==0
+            ){
+              continue;
+            }
+
+            /* If a column is marked as 'hidden', omit it from the expanded
+            ** result-set list unless the SELECT has the SF_IncludeHidden
+            ** bit set.
+            */
+            if( (p->selFlags & SF_IncludeHidden)==0
+             && IsHiddenColumn(&pTab->aCol[j]) 
+            ){
+              continue;
+            }
+            tableSeen = 1;
+
+            if( i>0 && zTName==0 ){
+              if( (pFrom->fg.jointype & JT_NATURAL)!=0
+                && tableAndColumnIndex(pTabList, i, zName, 0, 0)
+              ){
+                /* In a NATURAL join, omit the join columns from the 
+                ** table to the right of the join */
+                continue;
+              }
+              if( sqlite3IdListIndex(pFrom->pUsing, zName)>=0 ){
+                /* In a join with a USING clause, omit columns in the
+                ** using clause from the table on the right. */
+                continue;
+              }
+            }
+            pRight = sqlite3Expr(db, TK_ID, zName);
+            zColname = zName;
+            zToFree = 0;
+            if( longNames || pTabList->nSrc>1 ){
+              Expr *pLeft;
+              pLeft = sqlite3Expr(db, TK_ID, zTabName);
+              pExpr = sqlite3PExpr(pParse, TK_DOT, pLeft, pRight, 0);
+              if( zSchemaName ){
+                pLeft = sqlite3Expr(db, TK_ID, zSchemaName);
+                pExpr = sqlite3PExpr(pParse, TK_DOT, pLeft, pExpr, 0);
+              }
+              if( longNames ){
+                zColname = sqlite3MPrintf(db, "%s.%s", zTabName, zName);
+                zToFree = zColname;
+              }
+            }else{
+              pExpr = pRight;
+            }
+            pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
+            sColname.z = zColname;
+            sColname.n = sqlite3Strlen30(zColname);
+            sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
+            if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
+              struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
+              if( pSub ){
+                pX->zSpan = sqlite3DbStrDup(db, pSub->pEList->a[j].zSpan);
+                testcase( pX->zSpan==0 );
+              }else{
+                pX->zSpan = sqlite3MPrintf(db, "%s.%s.%s",
+                                           zSchemaName, zTabName, zColname);
+                testcase( pX->zSpan==0 );
+              }
+              pX->bSpanIsTab = 1;
+            }
+            sqlite3DbFree(db, zToFree);
+          }
+        }
+        if( !tableSeen ){
+          if( zTName ){
+            sqlite3ErrorMsg(pParse, "no such table: %s", zTName);
+          }else{
+            sqlite3ErrorMsg(pParse, "no tables specified");
+          }
+        }
+      }
+    }
+    sqlite3ExprListDelete(db, pEList);
+    p->pEList = pNew;
+  }
+#if SQLITE_MAX_COLUMN
+  if( p->pEList && p->pEList->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
+    sqlite3ErrorMsg(pParse, "too many columns in result set");
+    return WRC_Abort;
+  }
+#endif
+  return WRC_Continue;
+}
+
+/*
+** No-op routine for the parse-tree walker.
+**
+** When this routine is the Walker.xExprCallback then expression trees
+** are walked without any actions being taken at each node.  Presumably,
+** when this routine is used for Walker.xExprCallback then 
+** Walker.xSelectCallback is set to do something useful for every 
+** subquery in the parser tree.
+*/
+SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker *NotUsed, Expr *NotUsed2){
+  UNUSED_PARAMETER2(NotUsed, NotUsed2);
+  return WRC_Continue;
+}
+
+/*
+** This routine "expands" a SELECT statement and all of its subqueries.
+** For additional information on what it means to "expand" a SELECT
+** statement, see the comment on the selectExpand worker callback above.
+**
+** Expanding a SELECT statement is the first step in processing a
+** SELECT statement.  The SELECT statement must be expanded before
+** name resolution is performed.
+**
+** If anything goes wrong, an error message is written into pParse.
+** The calling function can detect the problem by looking at pParse->nErr
+** and/or pParse->db->mallocFailed.
+*/
+static void sqlite3SelectExpand(Parse *pParse, Select *pSelect){
+  Walker w;
+  memset(&w, 0, sizeof(w));
+  w.xExprCallback = sqlite3ExprWalkNoop;
+  w.pParse = pParse;
+  if( pParse->hasCompound ){
+    w.xSelectCallback = convertCompoundSelectToSubquery;
+    sqlite3WalkSelect(&w, pSelect);
+  }
+  w.xSelectCallback = selectExpander;
+  if( (pSelect->selFlags & SF_MultiValue)==0 ){
+    w.xSelectCallback2 = selectPopWith;
+  }
+  sqlite3WalkSelect(&w, pSelect);
+}
+
+
+#ifndef SQLITE_OMIT_SUBQUERY
+/*
+** This is a Walker.xSelectCallback callback for the sqlite3SelectTypeInfo()
+** interface.
+**
+** For each FROM-clause subquery, add Column.zType and Column.zColl
+** information to the Table structure that represents the result set
+** of that subquery.
+**
+** The Table structure that represents the result set was constructed
+** by selectExpander() but the type and collation information was omitted
+** at that point because identifiers had not yet been resolved.  This
+** routine is called after identifier resolution.
+*/
+static void selectAddSubqueryTypeInfo(Walker *pWalker, Select *p){
+  Parse *pParse;
+  int i;
+  SrcList *pTabList;
+  struct SrcList_item *pFrom;
+
+  assert( p->selFlags & SF_Resolved );
+  assert( (p->selFlags & SF_HasTypeInfo)==0 );
+  p->selFlags |= SF_HasTypeInfo;
+  pParse = pWalker->pParse;
+  pTabList = p->pSrc;
+  for(i=0, pFrom=pTabList->a; i<pTabList->nSrc; i++, pFrom++){
+    Table *pTab = pFrom->pTab;
+    assert( pTab!=0 );
+    if( (pTab->tabFlags & TF_Ephemeral)!=0 ){
+      /* A sub-query in the FROM clause of a SELECT */
+      Select *pSel = pFrom->pSelect;
+      if( pSel ){
+        while( pSel->pPrior ) pSel = pSel->pPrior;
+        selectAddColumnTypeAndCollation(pParse, pTab, pSel);
+      }
+    }
+  }
+}
+#endif
+
+
+/*
+** This routine adds datatype and collating sequence information to
+** the Table structures of all FROM-clause subqueries in a
+** SELECT statement.
+**
+** Use this routine after name resolution.
+*/
+static void sqlite3SelectAddTypeInfo(Parse *pParse, Select *pSelect){
+#ifndef SQLITE_OMIT_SUBQUERY
+  Walker w;
+  memset(&w, 0, sizeof(w));
+  w.xSelectCallback2 = selectAddSubqueryTypeInfo;
+  w.xExprCallback = sqlite3ExprWalkNoop;
+  w.pParse = pParse;
+  sqlite3WalkSelect(&w, pSelect);
+#endif
+}
+
+
+/*
+** This routine sets up a SELECT statement for processing.  The
+** following is accomplished:
+**
+**     *  VDBE Cursor numbers are assigned to all FROM-clause terms.
+**     *  Ephemeral Table objects are created for all FROM-clause subqueries.
+**     *  ON and USING clauses are shifted into WHERE statements
+**     *  Wildcards "*" and "TABLE.*" in result sets are expanded.
+**     *  Identifiers in expression are matched to tables.
+**
+** This routine acts recursively on all subqueries within the SELECT.
+*/
+SQLITE_PRIVATE void sqlite3SelectPrep(
+  Parse *pParse,         /* The parser context */
+  Select *p,             /* The SELECT statement being coded. */
+  NameContext *pOuterNC  /* Name context for container */
+){
+  sqlite3 *db;
+  if( NEVER(p==0) ) return;
+  db = pParse->db;
+  if( db->mallocFailed ) return;
+  if( p->selFlags & SF_HasTypeInfo ) return;
+  sqlite3SelectExpand(pParse, p);
+  if( pParse->nErr || db->mallocFailed ) return;
+  sqlite3ResolveSelectNames(pParse, p, pOuterNC);
+  if( pParse->nErr || db->mallocFailed ) return;
+  sqlite3SelectAddTypeInfo(pParse, p);
+}
+
+/*
+** Reset the aggregate accumulator.
+**
+** The aggregate accumulator is a set of memory cells that hold
+** intermediate results while calculating an aggregate.  This
+** routine generates code that stores NULLs in all of those memory
+** cells.
+*/
+static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){
+  Vdbe *v = pParse->pVdbe;
+  int i;
+  struct AggInfo_func *pFunc;
+  int nReg = pAggInfo->nFunc + pAggInfo->nColumn;
+  if( nReg==0 ) return;
+#ifdef SQLITE_DEBUG
+  /* Verify that all AggInfo registers are within the range specified by
+  ** AggInfo.mnReg..AggInfo.mxReg */
+  assert( nReg==pAggInfo->mxReg-pAggInfo->mnReg+1 );
+  for(i=0; i<pAggInfo->nColumn; i++){
+    assert( pAggInfo->aCol[i].iMem>=pAggInfo->mnReg
+         && pAggInfo->aCol[i].iMem<=pAggInfo->mxReg );
+  }
+  for(i=0; i<pAggInfo->nFunc; i++){
+    assert( pAggInfo->aFunc[i].iMem>=pAggInfo->mnReg
+         && pAggInfo->aFunc[i].iMem<=pAggInfo->mxReg );
+  }
+#endif
+  sqlite3VdbeAddOp3(v, OP_Null, 0, pAggInfo->mnReg, pAggInfo->mxReg);
+  for(pFunc=pAggInfo->aFunc, i=0; i<pAggInfo->nFunc; i++, pFunc++){
+    if( pFunc->iDistinct>=0 ){
+      Expr *pE = pFunc->pExpr;
+      assert( !ExprHasProperty(pE, EP_xIsSelect) );
+      if( pE->x.pList==0 || pE->x.pList->nExpr!=1 ){
+        sqlite3ErrorMsg(pParse, "DISTINCT aggregates must have exactly one "
+           "argument");
+        pFunc->iDistinct = -1;
+      }else{
+        KeyInfo *pKeyInfo = keyInfoFromExprList(pParse, pE->x.pList, 0, 0);
+        sqlite3VdbeAddOp4(v, OP_OpenEphemeral, pFunc->iDistinct, 0, 0,
+                          (char*)pKeyInfo, P4_KEYINFO);
+      }
+    }
+  }
+}
+
+/*
+** Invoke the OP_AggFinalize opcode for every aggregate function
+** in the AggInfo structure.
+*/
+static void finalizeAggFunctions(Parse *pParse, AggInfo *pAggInfo){
+  Vdbe *v = pParse->pVdbe;
+  int i;
+  struct AggInfo_func *pF;
+  for(i=0, pF=pAggInfo->aFunc; i<pAggInfo->nFunc; i++, pF++){
+    ExprList *pList = pF->pExpr->x.pList;
+    assert( !ExprHasProperty(pF->pExpr, EP_xIsSelect) );
+    sqlite3VdbeAddOp4(v, OP_AggFinal, pF->iMem, pList ? pList->nExpr : 0, 0,
+                      (void*)pF->pFunc, P4_FUNCDEF);
+  }
+}
+
+/*
+** Update the accumulator memory cells for an aggregate based on
+** the current cursor position.
+*/
+static void updateAccumulator(Parse *pParse, AggInfo *pAggInfo){
+  Vdbe *v = pParse->pVdbe;
+  int i;
+  int regHit = 0;
+  int addrHitTest = 0;
+  struct AggInfo_func *pF;
+  struct AggInfo_col *pC;
+
+  pAggInfo->directMode = 1;
+  for(i=0, pF=pAggInfo->aFunc; i<pAggInfo->nFunc; i++, pF++){
+    int nArg;
+    int addrNext = 0;
+    int regAgg;
+    ExprList *pList = pF->pExpr->x.pList;
+    assert( !ExprHasProperty(pF->pExpr, EP_xIsSelect) );
+    if( pList ){
+      nArg = pList->nExpr;
+      regAgg = sqlite3GetTempRange(pParse, nArg);
+      sqlite3ExprCodeExprList(pParse, pList, regAgg, 0, SQLITE_ECEL_DUP);
+    }else{
+      nArg = 0;
+      regAgg = 0;
+    }
+    if( pF->iDistinct>=0 ){
+      addrNext = sqlite3VdbeMakeLabel(v);
+      testcase( nArg==0 );  /* Error condition */
+      testcase( nArg>1 );   /* Also an error */
+      codeDistinct(pParse, pF->iDistinct, addrNext, 1, regAgg);
+    }
+    if( pF->pFunc->funcFlags & SQLITE_FUNC_NEEDCOLL ){
+      CollSeq *pColl = 0;
+      struct ExprList_item *pItem;
+      int j;
+      assert( pList!=0 );  /* pList!=0 if pF->pFunc has NEEDCOLL */
+      for(j=0, pItem=pList->a; !pColl && j<nArg; j++, pItem++){
+        pColl = sqlite3ExprCollSeq(pParse, pItem->pExpr);
+      }
+      if( !pColl ){
+        pColl = pParse->db->pDfltColl;
+      }
+      if( regHit==0 && pAggInfo->nAccumulator ) regHit = ++pParse->nMem;
+      sqlite3VdbeAddOp4(v, OP_CollSeq, regHit, 0, 0, (char *)pColl, P4_COLLSEQ);
+    }
+    sqlite3VdbeAddOp4(v, OP_AggStep0, 0, regAgg, pF->iMem,
+                      (void*)pF->pFunc, P4_FUNCDEF);
+    sqlite3VdbeChangeP5(v, (u8)nArg);
+    sqlite3ExprCacheAffinityChange(pParse, regAgg, nArg);
+    sqlite3ReleaseTempRange(pParse, regAgg, nArg);
+    if( addrNext ){
+      sqlite3VdbeResolveLabel(v, addrNext);
+      sqlite3ExprCacheClear(pParse);
+    }
+  }
+
+  /* Before populating the accumulator registers, clear the column cache.
+  ** Otherwise, if any of the required column values are already present 
+  ** in registers, sqlite3ExprCode() may use OP_SCopy to copy the value
+  ** to pC->iMem. But by the time the value is used, the original register
+  ** may have been used, invalidating the underlying buffer holding the
+  ** text or blob value. See ticket [883034dcb5].
+  **
+  ** Another solution would be to change the OP_SCopy used to copy cached
+  ** values to an OP_Copy.
+  */
+  if( regHit ){
+    addrHitTest = sqlite3VdbeAddOp1(v, OP_If, regHit); VdbeCoverage(v);
+  }
+  sqlite3ExprCacheClear(pParse);
+  for(i=0, pC=pAggInfo->aCol; i<pAggInfo->nAccumulator; i++, pC++){
+    sqlite3ExprCode(pParse, pC->pExpr, pC->iMem);
+  }
+  pAggInfo->directMode = 0;
+  sqlite3ExprCacheClear(pParse);
+  if( addrHitTest ){
+    sqlite3VdbeJumpHere(v, addrHitTest);
+  }
+}
+
+/*
+** Add a single OP_Explain instruction to the VDBE to explain a simple
+** count(*) query ("SELECT count(*) FROM pTab").
+*/
+#ifndef SQLITE_OMIT_EXPLAIN
+static void explainSimpleCount(
+  Parse *pParse,                  /* Parse context */
+  Table *pTab,                    /* Table being queried */
+  Index *pIdx                     /* Index used to optimize scan, or NULL */
+){
+  if( pParse->explain==2 ){
+    int bCover = (pIdx!=0 && (HasRowid(pTab) || !IsPrimaryKeyIndex(pIdx)));
+    char *zEqp = sqlite3MPrintf(pParse->db, "SCAN TABLE %s%s%s",
+        pTab->zName,
+        bCover ? " USING COVERING INDEX " : "",
+        bCover ? pIdx->zName : ""
+    );
+    sqlite3VdbeAddOp4(
+        pParse->pVdbe, OP_Explain, pParse->iSelectId, 0, 0, zEqp, P4_DYNAMIC
+    );
+  }
+}
+#else
+# define explainSimpleCount(a,b,c)
+#endif
+
+/*
+** Generate code for the SELECT statement given in the p argument.  
+**
+** The results are returned according to the SelectDest structure.
+** See comments in sqliteInt.h for further information.
+**
+** This routine returns the number of errors.  If any errors are
+** encountered, then an appropriate error message is left in
+** pParse->zErrMsg.
+**
+** This routine does NOT free the Select structure passed in.  The
+** calling function needs to do that.
+*/
+SQLITE_PRIVATE int sqlite3Select(
+  Parse *pParse,         /* The parser context */
+  Select *p,             /* The SELECT statement being coded. */
+  SelectDest *pDest      /* What to do with the query results */
+){
+  int i, j;              /* Loop counters */
+  WhereInfo *pWInfo;     /* Return from sqlite3WhereBegin() */
+  Vdbe *v;               /* The virtual machine under construction */
+  int isAgg;             /* True for select lists like "count(*)" */
+  ExprList *pEList = 0;  /* List of columns to extract. */
+  SrcList *pTabList;     /* List of tables to select from */
+  Expr *pWhere;          /* The WHERE clause.  May be NULL */
+  ExprList *pGroupBy;    /* The GROUP BY clause.  May be NULL */
+  Expr *pHaving;         /* The HAVING clause.  May be NULL */
+  int rc = 1;            /* Value to return from this function */
+  DistinctCtx sDistinct; /* Info on how to code the DISTINCT keyword */
+  SortCtx sSort;         /* Info on how to code the ORDER BY clause */
+  AggInfo sAggInfo;      /* Information used by aggregate queries */
+  int iEnd;              /* Address of the end of the query */
+  sqlite3 *db;           /* The database connection */
+
+#ifndef SQLITE_OMIT_EXPLAIN
+  int iRestoreSelectId = pParse->iSelectId;
+  pParse->iSelectId = pParse->iNextSelectId++;
+#endif
+
+  db = pParse->db;
+  if( p==0 || db->mallocFailed || pParse->nErr ){
+    return 1;
+  }
+  if( sqlite3AuthCheck(pParse, SQLITE_SELECT, 0, 0, 0) ) return 1;
+  memset(&sAggInfo, 0, sizeof(sAggInfo));
+#if SELECTTRACE_ENABLED
+  pParse->nSelectIndent++;
+  SELECTTRACE(1,pParse,p, ("begin processing:\n"));
+  if( sqlite3SelectTrace & 0x100 ){
+    sqlite3TreeViewSelect(0, p, 0);
+  }
+#endif
+
+  assert( p->pOrderBy==0 || pDest->eDest!=SRT_DistFifo );
+  assert( p->pOrderBy==0 || pDest->eDest!=SRT_Fifo );
+  assert( p->pOrderBy==0 || pDest->eDest!=SRT_DistQueue );
+  assert( p->pOrderBy==0 || pDest->eDest!=SRT_Queue );
+  if( IgnorableOrderby(pDest) ){
+    assert(pDest->eDest==SRT_Exists || pDest->eDest==SRT_Union || 
+           pDest->eDest==SRT_Except || pDest->eDest==SRT_Discard ||
+           pDest->eDest==SRT_Queue  || pDest->eDest==SRT_DistFifo ||
+           pDest->eDest==SRT_DistQueue || pDest->eDest==SRT_Fifo);
+    /* If ORDER BY makes no difference in the output then neither does
+    ** DISTINCT so it can be removed too. */
+    sqlite3ExprListDelete(db, p->pOrderBy);
+    p->pOrderBy = 0;
+    p->selFlags &= ~SF_Distinct;
+  }
+  sqlite3SelectPrep(pParse, p, 0);
+  memset(&sSort, 0, sizeof(sSort));
+  sSort.pOrderBy = p->pOrderBy;
+  pTabList = p->pSrc;
+  if( pParse->nErr || db->mallocFailed ){
+    goto select_end;
+  }
+  assert( p->pEList!=0 );
+  isAgg = (p->selFlags & SF_Aggregate)!=0;
+#if SELECTTRACE_ENABLED
+  if( sqlite3SelectTrace & 0x100 ){
+    SELECTTRACE(0x100,pParse,p, ("after name resolution:\n"));
+    sqlite3TreeViewSelect(0, p, 0);
+  }
+#endif
+
+
+  /* If writing to memory or generating a set
+  ** only a single column may be output.
+  */
+#ifndef SQLITE_OMIT_SUBQUERY
+  if( checkForMultiColumnSelectError(pParse, pDest, p->pEList->nExpr) ){
+    goto select_end;
+  }
+#endif
+
+  /* Try to flatten subqueries in the FROM clause up into the main query
+  */
+#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
+  for(i=0; !p->pPrior && i<pTabList->nSrc; i++){
+    struct SrcList_item *pItem = &pTabList->a[i];
+    Select *pSub = pItem->pSelect;
+    int isAggSub;
+    Table *pTab = pItem->pTab;
+    if( pSub==0 ) continue;
+
+    /* Catch mismatch in the declared columns of a view and the number of
+    ** columns in the SELECT on the RHS */
+    if( pTab->nCol!=pSub->pEList->nExpr ){
+      sqlite3ErrorMsg(pParse, "expected %d columns for '%s' but got %d",
+                      pTab->nCol, pTab->zName, pSub->pEList->nExpr);
+      goto select_end;
+    }
+
+    isAggSub = (pSub->selFlags & SF_Aggregate)!=0;
+    if( flattenSubquery(pParse, p, i, isAgg, isAggSub) ){
+      /* This subquery can be absorbed into its parent. */
+      if( isAggSub ){
+        isAgg = 1;
+        p->selFlags |= SF_Aggregate;
+      }
+      i = -1;
+    }
+    pTabList = p->pSrc;
+    if( db->mallocFailed ) goto select_end;
+    if( !IgnorableOrderby(pDest) ){
+      sSort.pOrderBy = p->pOrderBy;
+    }
+  }
+#endif
+
+  /* Get a pointer the VDBE under construction, allocating a new VDBE if one
+  ** does not already exist */
+  v = sqlite3GetVdbe(pParse);
+  if( v==0 ) goto select_end;
+
+#ifndef SQLITE_OMIT_COMPOUND_SELECT
+  /* Handle compound SELECT statements using the separate multiSelect()
+  ** procedure.
+  */
+  if( p->pPrior ){
+    rc = multiSelect(pParse, p, pDest);
+    explainSetInteger(pParse->iSelectId, iRestoreSelectId);
+#if SELECTTRACE_ENABLED
+    SELECTTRACE(1,pParse,p,("end compound-select processing\n"));
+    pParse->nSelectIndent--;
+#endif
+    return rc;
+  }
+#endif
+
+  /* Generate code for all sub-queries in the FROM clause
+  */
+#if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
+  for(i=0; i<pTabList->nSrc; i++){
+    struct SrcList_item *pItem = &pTabList->a[i];
+    SelectDest dest;
+    Select *pSub = pItem->pSelect;
+    if( pSub==0 ) continue;
+
+    /* Sometimes the code for a subquery will be generated more than
+    ** once, if the subquery is part of the WHERE clause in a LEFT JOIN,
+    ** for example.  In that case, do not regenerate the code to manifest
+    ** a view or the co-routine to implement a view.  The first instance
+    ** is sufficient, though the subroutine to manifest the view does need
+    ** to be invoked again. */
+    if( pItem->addrFillSub ){
+      if( pItem->fg.viaCoroutine==0 ){
+        sqlite3VdbeAddOp2(v, OP_Gosub, pItem->regReturn, pItem->addrFillSub);
+      }
+      continue;
+    }
+
+    /* Increment Parse.nHeight by the height of the largest expression
+    ** tree referred to by this, the parent select. The child select
+    ** may contain expression trees of at most
+    ** (SQLITE_MAX_EXPR_DEPTH-Parse.nHeight) height. This is a bit
+    ** more conservative than necessary, but much easier than enforcing
+    ** an exact limit.
+    */
+    pParse->nHeight += sqlite3SelectExprHeight(p);
+
+    /* Make copies of constant WHERE-clause terms in the outer query down
+    ** inside the subquery.  This can help the subquery to run more efficiently.
+    */
+    if( (pItem->fg.jointype & JT_OUTER)==0
+     && pushDownWhereTerms(db, pSub, p->pWhere, pItem->iCursor)
+    ){
+#if SELECTTRACE_ENABLED
+      if( sqlite3SelectTrace & 0x100 ){
+        SELECTTRACE(0x100,pParse,p,("After WHERE-clause push-down:\n"));
+        sqlite3TreeViewSelect(0, p, 0);
+      }
+#endif
+    }
+
+    /* Generate code to implement the subquery
+    */
+    if( pTabList->nSrc==1
+     && (p->selFlags & SF_All)==0
+     && OptimizationEnabled(db, SQLITE_SubqCoroutine)
+    ){
+      /* Implement a co-routine that will return a single row of the result
+      ** set on each invocation.
+      */
+      int addrTop = sqlite3VdbeCurrentAddr(v)+1;
+      pItem->regReturn = ++pParse->nMem;
+      sqlite3VdbeAddOp3(v, OP_InitCoroutine, pItem->regReturn, 0, addrTop);
+      VdbeComment((v, "%s", pItem->pTab->zName));
+      pItem->addrFillSub = addrTop;
+      sqlite3SelectDestInit(&dest, SRT_Coroutine, pItem->regReturn);
+      explainSetInteger(pItem->iSelectId, (u8)pParse->iNextSelectId);
+      sqlite3Select(pParse, pSub, &dest);
+      pItem->pTab->nRowLogEst = sqlite3LogEst(pSub->nSelectRow);
+      pItem->fg.viaCoroutine = 1;
+      pItem->regResult = dest.iSdst;
+      sqlite3VdbeAddOp1(v, OP_EndCoroutine, pItem->regReturn);
+      sqlite3VdbeJumpHere(v, addrTop-1);
+      sqlite3ClearTempRegCache(pParse);
+    }else{
+      /* Generate a subroutine that will fill an ephemeral table with
+      ** the content of this subquery.  pItem->addrFillSub will point
+      ** to the address of the generated subroutine.  pItem->regReturn
+      ** is a register allocated to hold the subroutine return address
+      */
+      int topAddr;
+      int onceAddr = 0;
+      int retAddr;
+      assert( pItem->addrFillSub==0 );
+      pItem->regReturn = ++pParse->nMem;
+      topAddr = sqlite3VdbeAddOp2(v, OP_Integer, 0, pItem->regReturn);
+      pItem->addrFillSub = topAddr+1;
+      if( pItem->fg.isCorrelated==0 ){
+        /* If the subquery is not correlated and if we are not inside of
+        ** a trigger, then we only need to compute the value of the subquery
+        ** once. */
+        onceAddr = sqlite3CodeOnce(pParse); VdbeCoverage(v);
+        VdbeComment((v, "materialize \"%s\"", pItem->pTab->zName));
+      }else{
+        VdbeNoopComment((v, "materialize \"%s\"", pItem->pTab->zName));
+      }
+      sqlite3SelectDestInit(&dest, SRT_EphemTab, pItem->iCursor);
+      explainSetInteger(pItem->iSelectId, (u8)pParse->iNextSelectId);
+      sqlite3Select(pParse, pSub, &dest);
+      pItem->pTab->nRowLogEst = sqlite3LogEst(pSub->nSelectRow);
+      if( onceAddr ) sqlite3VdbeJumpHere(v, onceAddr);
+      retAddr = sqlite3VdbeAddOp1(v, OP_Return, pItem->regReturn);
+      VdbeComment((v, "end %s", pItem->pTab->zName));
+      sqlite3VdbeChangeP1(v, topAddr, retAddr);
+      sqlite3ClearTempRegCache(pParse);
+    }
+    if( db->mallocFailed ) goto select_end;
+    pParse->nHeight -= sqlite3SelectExprHeight(p);
+  }
+#endif
+
+  /* Various elements of the SELECT copied into local variables for
+  ** convenience */
+  pEList = p->pEList;
+  pWhere = p->pWhere;
+  pGroupBy = p->pGroupBy;
+  pHaving = p->pHaving;
+  sDistinct.isTnct = (p->selFlags & SF_Distinct)!=0;
+
+#if SELECTTRACE_ENABLED
+  if( sqlite3SelectTrace & 0x400 ){
+    SELECTTRACE(0x400,pParse,p,("After all FROM-clause analysis:\n"));
+    sqlite3TreeViewSelect(0, p, 0);
+  }
+#endif
+
+  /* If the query is DISTINCT with an ORDER BY but is not an aggregate, and 
+  ** if the select-list is the same as the ORDER BY list, then this query
+  ** can be rewritten as a GROUP BY. In other words, this:
+  **
+  **     SELECT DISTINCT xyz FROM ... ORDER BY xyz
+  **
+  ** is transformed to:
+  **
+  **     SELECT xyz FROM ... GROUP BY xyz ORDER BY xyz
+  **
+  ** The second form is preferred as a single index (or temp-table) may be 
+  ** used for both the ORDER BY and DISTINCT processing. As originally 
+  ** written the query must use a temp-table for at least one of the ORDER 
+  ** BY and DISTINCT, and an index or separate temp-table for the other.
+  */
+  if( (p->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct 
+   && sqlite3ExprListCompare(sSort.pOrderBy, pEList, -1)==0
+  ){
+    p->selFlags &= ~SF_Distinct;
+    pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0);
+    /* Notice that even thought SF_Distinct has been cleared from p->selFlags,
+    ** the sDistinct.isTnct is still set.  Hence, isTnct represents the
+    ** original setting of the SF_Distinct flag, not the current setting */
+    assert( sDistinct.isTnct );
+  }
+
+  /* If there is an ORDER BY clause, then create an ephemeral index to
+  ** do the sorting.  But this sorting ephemeral index might end up
+  ** being unused if the data can be extracted in pre-sorted order.
+  ** If that is the case, then the OP_OpenEphemeral instruction will be
+  ** changed to an OP_Noop once we figure out that the sorting index is
+  ** not needed.  The sSort.addrSortIndex variable is used to facilitate
+  ** that change.
+  */
+  if( sSort.pOrderBy ){
+    KeyInfo *pKeyInfo;
+    pKeyInfo = keyInfoFromExprList(pParse, sSort.pOrderBy, 0, pEList->nExpr);
+    sSort.iECursor = pParse->nTab++;
+    sSort.addrSortIndex =
+      sqlite3VdbeAddOp4(v, OP_OpenEphemeral,
+          sSort.iECursor, sSort.pOrderBy->nExpr+1+pEList->nExpr, 0,
+          (char*)pKeyInfo, P4_KEYINFO
+      );
+  }else{
+    sSort.addrSortIndex = -1;
+  }
+
+  /* If the output is destined for a temporary table, open that table.
+  */
+  if( pDest->eDest==SRT_EphemTab ){
+    sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pDest->iSDParm, pEList->nExpr);
+  }
+
+  /* Set the limiter.
+  */
+  iEnd = sqlite3VdbeMakeLabel(v);
+  p->nSelectRow = LARGEST_INT64;
+  computeLimitRegisters(pParse, p, iEnd);
+  if( p->iLimit==0 && sSort.addrSortIndex>=0 ){
+    sqlite3VdbeChangeOpcode(v, sSort.addrSortIndex, OP_SorterOpen);
+    sSort.sortFlags |= SORTFLAG_UseSorter;
+  }
+
+  /* Open an ephemeral index to use for the distinct set.
+  */
+  if( p->selFlags & SF_Distinct ){
+    sDistinct.tabTnct = pParse->nTab++;
+    sDistinct.addrTnct = sqlite3VdbeAddOp4(v, OP_OpenEphemeral,
+                             sDistinct.tabTnct, 0, 0,
+                             (char*)keyInfoFromExprList(pParse, p->pEList,0,0),
+                             P4_KEYINFO);
+    sqlite3VdbeChangeP5(v, BTREE_UNORDERED);
+    sDistinct.eTnctType = WHERE_DISTINCT_UNORDERED;
+  }else{
+    sDistinct.eTnctType = WHERE_DISTINCT_NOOP;
+  }
+
+  if( !isAgg && pGroupBy==0 ){
+    /* No aggregate functions and no GROUP BY clause */
+    u16 wctrlFlags = (sDistinct.isTnct ? WHERE_WANT_DISTINCT : 0);
+
+    /* Begin the database scan. */
+    pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, sSort.pOrderBy,
+                               p->pEList, wctrlFlags, 0);
+    if( pWInfo==0 ) goto select_end;
+    if( sqlite3WhereOutputRowCount(pWInfo) < p->nSelectRow ){
+      p->nSelectRow = sqlite3WhereOutputRowCount(pWInfo);
+    }
+    if( sDistinct.isTnct && sqlite3WhereIsDistinct(pWInfo) ){
+      sDistinct.eTnctType = sqlite3WhereIsDistinct(pWInfo);
+    }
+    if( sSort.pOrderBy ){
+      sSort.nOBSat = sqlite3WhereIsOrdered(pWInfo);
+      if( sSort.nOBSat==sSort.pOrderBy->nExpr ){
+        sSort.pOrderBy = 0;
+      }
+    }
+
+    /* If sorting index that was created by a prior OP_OpenEphemeral 
+    ** instruction ended up not being needed, then change the OP_OpenEphemeral
+    ** into an OP_Noop.
+    */
+    if( sSort.addrSortIndex>=0 && sSort.pOrderBy==0 ){
+      sqlite3VdbeChangeToNoop(v, sSort.addrSortIndex);
+    }
+
+    /* Use the standard inner loop. */
+    selectInnerLoop(pParse, p, pEList, -1, &sSort, &sDistinct, pDest,
+                    sqlite3WhereContinueLabel(pWInfo),
+                    sqlite3WhereBreakLabel(pWInfo));
+
+    /* End the database scan loop.
+    */
+    sqlite3WhereEnd(pWInfo);
+  }else{
+    /* This case when there exist aggregate functions or a GROUP BY clause
+    ** or both */
+    NameContext sNC;    /* Name context for processing aggregate information */
+    int iAMem;          /* First Mem address for storing current GROUP BY */
+    int iBMem;          /* First Mem address for previous GROUP BY */
+    int iUseFlag;       /* Mem address holding flag indicating that at least
+                        ** one row of the input to the aggregator has been
+                        ** processed */
+    int iAbortFlag;     /* Mem address which causes query abort if positive */
+    int groupBySort;    /* Rows come from source in GROUP BY order */
+    int addrEnd;        /* End of processing for this SELECT */
+    int sortPTab = 0;   /* Pseudotable used to decode sorting results */
+    int sortOut = 0;    /* Output register from the sorter */
+    int orderByGrp = 0; /* True if the GROUP BY and ORDER BY are the same */
+
+    /* Remove any and all aliases between the result set and the
+    ** GROUP BY clause.
+    */
+    if( pGroupBy ){
+      int k;                        /* Loop counter */
+      struct ExprList_item *pItem;  /* For looping over expression in a list */
+
+      for(k=p->pEList->nExpr, pItem=p->pEList->a; k>0; k--, pItem++){
+        pItem->u.x.iAlias = 0;
+      }
+      for(k=pGroupBy->nExpr, pItem=pGroupBy->a; k>0; k--, pItem++){
+        pItem->u.x.iAlias = 0;
+      }
+      if( p->nSelectRow>100 ) p->nSelectRow = 100;
+    }else{
+      p->nSelectRow = 1;
+    }
+
+    /* If there is both a GROUP BY and an ORDER BY clause and they are
+    ** identical, then it may be possible to disable the ORDER BY clause 
+    ** on the grounds that the GROUP BY will cause elements to come out 
+    ** in the correct order. It also may not - the GROUP BY might use a
+    ** database index that causes rows to be grouped together as required
+    ** but not actually sorted. Either way, record the fact that the
+    ** ORDER BY and GROUP BY clauses are the same by setting the orderByGrp
+    ** variable.  */
+    if( sqlite3ExprListCompare(pGroupBy, sSort.pOrderBy, -1)==0 ){
+      orderByGrp = 1;
+    }
+ 
+    /* Create a label to jump to when we want to abort the query */
+    addrEnd = sqlite3VdbeMakeLabel(v);
+
+    /* Convert TK_COLUMN nodes into TK_AGG_COLUMN and make entries in
+    ** sAggInfo for all TK_AGG_FUNCTION nodes in expressions of the
+    ** SELECT statement.
+    */
+    memset(&sNC, 0, sizeof(sNC));
+    sNC.pParse = pParse;
+    sNC.pSrcList = pTabList;
+    sNC.pAggInfo = &sAggInfo;
+    sAggInfo.mnReg = pParse->nMem+1;
+    sAggInfo.nSortingColumn = pGroupBy ? pGroupBy->nExpr : 0;
+    sAggInfo.pGroupBy = pGroupBy;
+    sqlite3ExprAnalyzeAggList(&sNC, pEList);
+    sqlite3ExprAnalyzeAggList(&sNC, sSort.pOrderBy);
+    if( pHaving ){
+      sqlite3ExprAnalyzeAggregates(&sNC, pHaving);
+    }
+    sAggInfo.nAccumulator = sAggInfo.nColumn;
+    for(i=0; i<sAggInfo.nFunc; i++){
+      assert( !ExprHasProperty(sAggInfo.aFunc[i].pExpr, EP_xIsSelect) );
+      sNC.ncFlags |= NC_InAggFunc;
+      sqlite3ExprAnalyzeAggList(&sNC, sAggInfo.aFunc[i].pExpr->x.pList);
+      sNC.ncFlags &= ~NC_InAggFunc;
+    }
+    sAggInfo.mxReg = pParse->nMem;
+    if( db->mallocFailed ) goto select_end;
+
+    /* Processing for aggregates with GROUP BY is very different and
+    ** much more complex than aggregates without a GROUP BY.
+    */
+    if( pGroupBy ){
+      KeyInfo *pKeyInfo;  /* Keying information for the group by clause */
+      int addr1;          /* A-vs-B comparision jump */
+      int addrOutputRow;  /* Start of subroutine that outputs a result row */
+      int regOutputRow;   /* Return address register for output subroutine */
+      int addrSetAbort;   /* Set the abort flag and return */
+      int addrTopOfLoop;  /* Top of the input loop */
+      int addrSortingIdx; /* The OP_OpenEphemeral for the sorting index */
+      int addrReset;      /* Subroutine for resetting the accumulator */
+      int regReset;       /* Return address register for reset subroutine */
+
+      /* If there is a GROUP BY clause we might need a sorting index to
+      ** implement it.  Allocate that sorting index now.  If it turns out
+      ** that we do not need it after all, the OP_SorterOpen instruction
+      ** will be converted into a Noop.  
+      */
+      sAggInfo.sortingIdx = pParse->nTab++;
+      pKeyInfo = keyInfoFromExprList(pParse, pGroupBy, 0, sAggInfo.nColumn);
+      addrSortingIdx = sqlite3VdbeAddOp4(v, OP_SorterOpen, 
+          sAggInfo.sortingIdx, sAggInfo.nSortingColumn, 
+          0, (char*)pKeyInfo, P4_KEYINFO);
+
+      /* Initialize memory locations used by GROUP BY aggregate processing
+      */
+      iUseFlag = ++pParse->nMem;
+      iAbortFlag = ++pParse->nMem;
+      regOutputRow = ++pParse->nMem;
+      addrOutputRow = sqlite3VdbeMakeLabel(v);
+      regReset = ++pParse->nMem;
+      addrReset = sqlite3VdbeMakeLabel(v);
+      iAMem = pParse->nMem + 1;
+      pParse->nMem += pGroupBy->nExpr;
+      iBMem = pParse->nMem + 1;
+      pParse->nMem += pGroupBy->nExpr;
+      sqlite3VdbeAddOp2(v, OP_Integer, 0, iAbortFlag);
+      VdbeComment((v, "clear abort flag"));
+      sqlite3VdbeAddOp2(v, OP_Integer, 0, iUseFlag);
+      VdbeComment((v, "indicate accumulator empty"));
+      sqlite3VdbeAddOp3(v, OP_Null, 0, iAMem, iAMem+pGroupBy->nExpr-1);
+
+      /* Begin a loop that will extract all source rows in GROUP BY order.
+      ** This might involve two separate loops with an OP_Sort in between, or
+      ** it might be a single loop that uses an index to extract information
+      ** in the right order to begin with.
+      */
+      sqlite3VdbeAddOp2(v, OP_Gosub, regReset, addrReset);
+      pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, pGroupBy, 0,
+          WHERE_GROUPBY | (orderByGrp ? WHERE_SORTBYGROUP : 0), 0
+      );
+      if( pWInfo==0 ) goto select_end;
+      if( sqlite3WhereIsOrdered(pWInfo)==pGroupBy->nExpr ){
+        /* The optimizer is able to deliver rows in group by order so
+        ** we do not have to sort.  The OP_OpenEphemeral table will be
+        ** cancelled later because we still need to use the pKeyInfo
+        */
+        groupBySort = 0;
+      }else{
+        /* Rows are coming out in undetermined order.  We have to push
+        ** each row into a sorting index, terminate the first loop,
+        ** then loop over the sorting index in order to get the output
+        ** in sorted order
+        */
+        int regBase;
+        int regRecord;
+        int nCol;
+        int nGroupBy;
+
+        explainTempTable(pParse, 
+            (sDistinct.isTnct && (p->selFlags&SF_Distinct)==0) ?
+                    "DISTINCT" : "GROUP BY");
+
+        groupBySort = 1;
+        nGroupBy = pGroupBy->nExpr;
+        nCol = nGroupBy;
+        j = nGroupBy;
+        for(i=0; i<sAggInfo.nColumn; i++){
+          if( sAggInfo.aCol[i].iSorterColumn>=j ){
+            nCol++;
+            j++;
+          }
+        }
+        regBase = sqlite3GetTempRange(pParse, nCol);
+        sqlite3ExprCacheClear(pParse);
+        sqlite3ExprCodeExprList(pParse, pGroupBy, regBase, 0, 0);
+        j = nGroupBy;
+        for(i=0; i<sAggInfo.nColumn; i++){
+          struct AggInfo_col *pCol = &sAggInfo.aCol[i];
+          if( pCol->iSorterColumn>=j ){
+            int r1 = j + regBase;
+            sqlite3ExprCodeGetColumnToReg(pParse, 
+                               pCol->pTab, pCol->iColumn, pCol->iTable, r1);
+            j++;
+          }
+        }
+        regRecord = sqlite3GetTempReg(pParse);
+        sqlite3VdbeAddOp3(v, OP_MakeRecord, regBase, nCol, regRecord);
+        sqlite3VdbeAddOp2(v, OP_SorterInsert, sAggInfo.sortingIdx, regRecord);
+        sqlite3ReleaseTempReg(pParse, regRecord);
+        sqlite3ReleaseTempRange(pParse, regBase, nCol);
+        sqlite3WhereEnd(pWInfo);
+        sAggInfo.sortingIdxPTab = sortPTab = pParse->nTab++;
+        sortOut = sqlite3GetTempReg(pParse);
+        sqlite3VdbeAddOp3(v, OP_OpenPseudo, sortPTab, sortOut, nCol);
+        sqlite3VdbeAddOp2(v, OP_SorterSort, sAggInfo.sortingIdx, addrEnd);
+        VdbeComment((v, "GROUP BY sort")); VdbeCoverage(v);
+        sAggInfo.useSortingIdx = 1;
+        sqlite3ExprCacheClear(pParse);
+
+      }
+
+      /* If the index or temporary table used by the GROUP BY sort
+      ** will naturally deliver rows in the order required by the ORDER BY
+      ** clause, cancel the ephemeral table open coded earlier.
+      **
+      ** This is an optimization - the correct answer should result regardless.
+      ** Use the SQLITE_GroupByOrder flag with SQLITE_TESTCTRL_OPTIMIZER to 
+      ** disable this optimization for testing purposes.  */
+      if( orderByGrp && OptimizationEnabled(db, SQLITE_GroupByOrder) 
+       && (groupBySort || sqlite3WhereIsSorted(pWInfo))
+      ){
+        sSort.pOrderBy = 0;
+        sqlite3VdbeChangeToNoop(v, sSort.addrSortIndex);
+      }
+
+      /* Evaluate the current GROUP BY terms and store in b0, b1, b2...
+      ** (b0 is memory location iBMem+0, b1 is iBMem+1, and so forth)
+      ** Then compare the current GROUP BY terms against the GROUP BY terms
+      ** from the previous row currently stored in a0, a1, a2...
+      */
+      addrTopOfLoop = sqlite3VdbeCurrentAddr(v);
+      sqlite3ExprCacheClear(pParse);
+      if( groupBySort ){
+        sqlite3VdbeAddOp3(v, OP_SorterData, sAggInfo.sortingIdx,
+                          sortOut, sortPTab);
+      }
+      for(j=0; j<pGroupBy->nExpr; j++){
+        if( groupBySort ){
+          sqlite3VdbeAddOp3(v, OP_Column, sortPTab, j, iBMem+j);
+        }else{
+          sAggInfo.directMode = 1;
+          sqlite3ExprCode(pParse, pGroupBy->a[j].pExpr, iBMem+j);
+        }
+      }
+      sqlite3VdbeAddOp4(v, OP_Compare, iAMem, iBMem, pGroupBy->nExpr,
+                          (char*)sqlite3KeyInfoRef(pKeyInfo), P4_KEYINFO);
+      addr1 = sqlite3VdbeCurrentAddr(v);
+      sqlite3VdbeAddOp3(v, OP_Jump, addr1+1, 0, addr1+1); VdbeCoverage(v);
+
+      /* Generate code that runs whenever the GROUP BY changes.
+      ** Changes in the GROUP BY are detected by the previous code
+      ** block.  If there were no changes, this block is skipped.
+      **
+      ** This code copies current group by terms in b0,b1,b2,...
+      ** over to a0,a1,a2.  It then calls the output subroutine
+      ** and resets the aggregate accumulator registers in preparation
+      ** for the next GROUP BY batch.
+      */
+      sqlite3ExprCodeMove(pParse, iBMem, iAMem, pGroupBy->nExpr);
+      sqlite3VdbeAddOp2(v, OP_Gosub, regOutputRow, addrOutputRow);
+      VdbeComment((v, "output one row"));
+      sqlite3VdbeAddOp2(v, OP_IfPos, iAbortFlag, addrEnd); VdbeCoverage(v);
+      VdbeComment((v, "check abort flag"));
+      sqlite3VdbeAddOp2(v, OP_Gosub, regReset, addrReset);
+      VdbeComment((v, "reset accumulator"));
+
+      /* Update the aggregate accumulators based on the content of
+      ** the current row
+      */
+      sqlite3VdbeJumpHere(v, addr1);
+      updateAccumulator(pParse, &sAggInfo);
+      sqlite3VdbeAddOp2(v, OP_Integer, 1, iUseFlag);
+      VdbeComment((v, "indicate data in accumulator"));
+
+      /* End of the loop
+      */
+      if( groupBySort ){
+        sqlite3VdbeAddOp2(v, OP_SorterNext, sAggInfo.sortingIdx, addrTopOfLoop);
+        VdbeCoverage(v);
+      }else{
+        sqlite3WhereEnd(pWInfo);
+        sqlite3VdbeChangeToNoop(v, addrSortingIdx);
+      }
+
+      /* Output the final row of result
+      */
+      sqlite3VdbeAddOp2(v, OP_Gosub, regOutputRow, addrOutputRow);
+      VdbeComment((v, "output final row"));
+
+      /* Jump over the subroutines
+      */
+      sqlite3VdbeGoto(v, addrEnd);
+
+      /* Generate a subroutine that outputs a single row of the result
+      ** set.  This subroutine first looks at the iUseFlag.  If iUseFlag
+      ** is less than or equal to zero, the subroutine is a no-op.  If
+      ** the processing calls for the query to abort, this subroutine
+      ** increments the iAbortFlag memory location before returning in
+      ** order to signal the caller to abort.
+      */
+      addrSetAbort = sqlite3VdbeCurrentAddr(v);
+      sqlite3VdbeAddOp2(v, OP_Integer, 1, iAbortFlag);
+      VdbeComment((v, "set abort flag"));
+      sqlite3VdbeAddOp1(v, OP_Return, regOutputRow);
+      sqlite3VdbeResolveLabel(v, addrOutputRow);
+      addrOutputRow = sqlite3VdbeCurrentAddr(v);
+      sqlite3VdbeAddOp2(v, OP_IfPos, iUseFlag, addrOutputRow+2);
+      VdbeCoverage(v);
+      VdbeComment((v, "Groupby result generator entry point"));
+      sqlite3VdbeAddOp1(v, OP_Return, regOutputRow);
+      finalizeAggFunctions(pParse, &sAggInfo);
+      sqlite3ExprIfFalse(pParse, pHaving, addrOutputRow+1, SQLITE_JUMPIFNULL);
+      selectInnerLoop(pParse, p, p->pEList, -1, &sSort,
+                      &sDistinct, pDest,
+                      addrOutputRow+1, addrSetAbort);
+      sqlite3VdbeAddOp1(v, OP_Return, regOutputRow);
+      VdbeComment((v, "end groupby result generator"));
+
+      /* Generate a subroutine that will reset the group-by accumulator
+      */
+      sqlite3VdbeResolveLabel(v, addrReset);
+      resetAccumulator(pParse, &sAggInfo);
+      sqlite3VdbeAddOp1(v, OP_Return, regReset);
+     
+    } /* endif pGroupBy.  Begin aggregate queries without GROUP BY: */
+    else {
+      ExprList *pDel = 0;
+#ifndef SQLITE_OMIT_BTREECOUNT
+      Table *pTab;
+      if( (pTab = isSimpleCount(p, &sAggInfo))!=0 ){
+        /* If isSimpleCount() returns a pointer to a Table structure, then
+        ** the SQL statement is of the form:
+        **
+        **   SELECT count(*) FROM <tbl>
+        **
+        ** where the Table structure returned represents table <tbl>.
+        **
+        ** This statement is so common that it is optimized specially. The
+        ** OP_Count instruction is executed either on the intkey table that
+        ** contains the data for table <tbl> or on one of its indexes. It
+        ** is better to execute the op on an index, as indexes are almost
+        ** always spread across less pages than their corresponding tables.
+        */
+        const int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+        const int iCsr = pParse->nTab++;     /* Cursor to scan b-tree */
+        Index *pIdx;                         /* Iterator variable */
+        KeyInfo *pKeyInfo = 0;               /* Keyinfo for scanned index */
+        Index *pBest = 0;                    /* Best index found so far */
+        int iRoot = pTab->tnum;              /* Root page of scanned b-tree */
+
+        sqlite3CodeVerifySchema(pParse, iDb);
+        sqlite3TableLock(pParse, iDb, pTab->tnum, 0, pTab->zName);
+
+        /* Search for the index that has the lowest scan cost.
+        **
+        ** (2011-04-15) Do not do a full scan of an unordered index.
+        **
+        ** (2013-10-03) Do not count the entries in a partial index.
+        **
+        ** In practice the KeyInfo structure will not be used. It is only 
+        ** passed to keep OP_OpenRead happy.
+        */
+        if( !HasRowid(pTab) ) pBest = sqlite3PrimaryKeyIndex(pTab);
+        for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+          if( pIdx->bUnordered==0
+           && pIdx->szIdxRow<pTab->szTabRow
+           && pIdx->pPartIdxWhere==0
+           && (!pBest || pIdx->szIdxRow<pBest->szIdxRow)
+          ){
+            pBest = pIdx;
+          }
+        }
+        if( pBest ){
+          iRoot = pBest->tnum;
+          pKeyInfo = sqlite3KeyInfoOfIndex(pParse, pBest);
+        }
+
+        /* Open a read-only cursor, execute the OP_Count, close the cursor. */
+        sqlite3VdbeAddOp4Int(v, OP_OpenRead, iCsr, iRoot, iDb, 1);
+        if( pKeyInfo ){
+          sqlite3VdbeChangeP4(v, -1, (char *)pKeyInfo, P4_KEYINFO);
+        }
+        sqlite3VdbeAddOp2(v, OP_Count, iCsr, sAggInfo.aFunc[0].iMem);
+        sqlite3VdbeAddOp1(v, OP_Close, iCsr);
+        explainSimpleCount(pParse, pTab, pBest);
+      }else
+#endif /* SQLITE_OMIT_BTREECOUNT */
+      {
+        /* Check if the query is of one of the following forms:
+        **
+        **   SELECT min(x) FROM ...
+        **   SELECT max(x) FROM ...
+        **
+        ** If it is, then ask the code in where.c to attempt to sort results
+        ** as if there was an "ORDER ON x" or "ORDER ON x DESC" clause. 
+        ** If where.c is able to produce results sorted in this order, then
+        ** add vdbe code to break out of the processing loop after the 
+        ** first iteration (since the first iteration of the loop is 
+        ** guaranteed to operate on the row with the minimum or maximum 
+        ** value of x, the only row required).
+        **
+        ** A special flag must be passed to sqlite3WhereBegin() to slightly
+        ** modify behavior as follows:
+        **
+        **   + If the query is a "SELECT min(x)", then the loop coded by
+        **     where.c should not iterate over any values with a NULL value
+        **     for x.
+        **
+        **   + The optimizer code in where.c (the thing that decides which
+        **     index or indices to use) should place a different priority on 
+        **     satisfying the 'ORDER BY' clause than it does in other cases.
+        **     Refer to code and comments in where.c for details.
+        */
+        ExprList *pMinMax = 0;
+        u8 flag = WHERE_ORDERBY_NORMAL;
+        
+        assert( p->pGroupBy==0 );
+        assert( flag==0 );
+        if( p->pHaving==0 ){
+          flag = minMaxQuery(&sAggInfo, &pMinMax);
+        }
+        assert( flag==0 || (pMinMax!=0 && pMinMax->nExpr==1) );
+
+        if( flag ){
+          pMinMax = sqlite3ExprListDup(db, pMinMax, 0);
+          pDel = pMinMax;
+          if( pMinMax && !db->mallocFailed ){
+            pMinMax->a[0].sortOrder = flag!=WHERE_ORDERBY_MIN ?1:0;
+            pMinMax->a[0].pExpr->op = TK_COLUMN;
+          }
+        }
+  
+        /* This case runs if the aggregate has no GROUP BY clause.  The
+        ** processing is much simpler since there is only a single row
+        ** of output.
+        */
+        resetAccumulator(pParse, &sAggInfo);
+        pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, pMinMax,0,flag,0);
+        if( pWInfo==0 ){
+          sqlite3ExprListDelete(db, pDel);
+          goto select_end;
+        }
+        updateAccumulator(pParse, &sAggInfo);
+        assert( pMinMax==0 || pMinMax->nExpr==1 );
+        if( sqlite3WhereIsOrdered(pWInfo)>0 ){
+          sqlite3VdbeGoto(v, sqlite3WhereBreakLabel(pWInfo));
+          VdbeComment((v, "%s() by index",
+                (flag==WHERE_ORDERBY_MIN?"min":"max")));
+        }
+        sqlite3WhereEnd(pWInfo);
+        finalizeAggFunctions(pParse, &sAggInfo);
+      }
+
+      sSort.pOrderBy = 0;
+      sqlite3ExprIfFalse(pParse, pHaving, addrEnd, SQLITE_JUMPIFNULL);
+      selectInnerLoop(pParse, p, p->pEList, -1, 0, 0, 
+                      pDest, addrEnd, addrEnd);
+      sqlite3ExprListDelete(db, pDel);
+    }
+    sqlite3VdbeResolveLabel(v, addrEnd);
+    
+  } /* endif aggregate query */
+
+  if( sDistinct.eTnctType==WHERE_DISTINCT_UNORDERED ){
+    explainTempTable(pParse, "DISTINCT");
+  }
+
+  /* If there is an ORDER BY clause, then we need to sort the results
+  ** and send them to the callback one by one.
+  */
+  if( sSort.pOrderBy ){
+    explainTempTable(pParse,
+                     sSort.nOBSat>0 ? "RIGHT PART OF ORDER BY":"ORDER BY");
+    generateSortTail(pParse, p, &sSort, pEList->nExpr, pDest);
+  }
+
+  /* Jump here to skip this query
+  */
+  sqlite3VdbeResolveLabel(v, iEnd);
+
+  /* The SELECT has been coded. If there is an error in the Parse structure,
+  ** set the return code to 1. Otherwise 0. */
+  rc = (pParse->nErr>0);
+
+  /* Control jumps to here if an error is encountered above, or upon
+  ** successful coding of the SELECT.
+  */
+select_end:
+  explainSetInteger(pParse->iSelectId, iRestoreSelectId);
+
+  /* Identify column names if results of the SELECT are to be output.
+  */
+  if( rc==SQLITE_OK && pDest->eDest==SRT_Output ){
+    generateColumnNames(pParse, pTabList, pEList);
+  }
+
+  sqlite3DbFree(db, sAggInfo.aCol);
+  sqlite3DbFree(db, sAggInfo.aFunc);
+#if SELECTTRACE_ENABLED
+  SELECTTRACE(1,pParse,p,("end processing\n"));
+  pParse->nSelectIndent--;
+#endif
+  return rc;
+}
+
+/************** End of select.c **********************************************/
+/************** Begin file table.c *******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the sqlite3_get_table() and sqlite3_free_table()
+** interface routines.  These are just wrappers around the main
+** interface routine of sqlite3_exec().
+**
+** These routines are in a separate files so that they will not be linked
+** if they are not used.
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdlib.h> */
+/* #include <string.h> */
+
+#ifndef SQLITE_OMIT_GET_TABLE
+
+/*
+** This structure is used to pass data from sqlite3_get_table() through
+** to the callback function is uses to build the result.
+*/
+typedef struct TabResult {
+  char **azResult;   /* Accumulated output */
+  char *zErrMsg;     /* Error message text, if an error occurs */
+  u32 nAlloc;        /* Slots allocated for azResult[] */
+  u32 nRow;          /* Number of rows in the result */
+  u32 nColumn;       /* Number of columns in the result */
+  u32 nData;         /* Slots used in azResult[].  (nRow+1)*nColumn */
+  int rc;            /* Return code from sqlite3_exec() */
+} TabResult;
+
+/*
+** This routine is called once for each row in the result table.  Its job
+** is to fill in the TabResult structure appropriately, allocating new
+** memory as necessary.
+*/
+static int sqlite3_get_table_cb(void *pArg, int nCol, char **argv, char **colv){
+  TabResult *p = (TabResult*)pArg;  /* Result accumulator */
+  int need;                         /* Slots needed in p->azResult[] */
+  int i;                            /* Loop counter */
+  char *z;                          /* A single column of result */
+
+  /* Make sure there is enough space in p->azResult to hold everything
+  ** we need to remember from this invocation of the callback.
+  */
+  if( p->nRow==0 && argv!=0 ){
+    need = nCol*2;
+  }else{
+    need = nCol;
+  }
+  if( p->nData + need > p->nAlloc ){
+    char **azNew;
+    p->nAlloc = p->nAlloc*2 + need;
+    azNew = sqlite3_realloc64( p->azResult, sizeof(char*)*p->nAlloc );
+    if( azNew==0 ) goto malloc_failed;
+    p->azResult = azNew;
+  }
+
+  /* If this is the first row, then generate an extra row containing
+  ** the names of all columns.
+  */
+  if( p->nRow==0 ){
+    p->nColumn = nCol;
+    for(i=0; i<nCol; i++){
+      z = sqlite3_mprintf("%s", colv[i]);
+      if( z==0 ) goto malloc_failed;
+      p->azResult[p->nData++] = z;
+    }
+  }else if( (int)p->nColumn!=nCol ){
+    sqlite3_free(p->zErrMsg);
+    p->zErrMsg = sqlite3_mprintf(
+       "sqlite3_get_table() called with two or more incompatible queries"
+    );
+    p->rc = SQLITE_ERROR;
+    return 1;
+  }
+
+  /* Copy over the row data
+  */
+  if( argv!=0 ){
+    for(i=0; i<nCol; i++){
+      if( argv[i]==0 ){
+        z = 0;
+      }else{
+        int n = sqlite3Strlen30(argv[i])+1;
+        z = sqlite3_malloc64( n );
+        if( z==0 ) goto malloc_failed;
+        memcpy(z, argv[i], n);
+      }
+      p->azResult[p->nData++] = z;
+    }
+    p->nRow++;
+  }
+  return 0;
+
+malloc_failed:
+  p->rc = SQLITE_NOMEM;
+  return 1;
+}
+
+/*
+** Query the database.  But instead of invoking a callback for each row,
+** malloc() for space to hold the result and return the entire results
+** at the conclusion of the call.
+**
+** The result that is written to ***pazResult is held in memory obtained
+** from malloc().  But the caller cannot free this memory directly.  
+** Instead, the entire table should be passed to sqlite3_free_table() when
+** the calling procedure is finished using it.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_get_table(
+  sqlite3 *db,                /* The database on which the SQL executes */
+  const char *zSql,           /* The SQL to be executed */
+  char ***pazResult,          /* Write the result table here */
+  int *pnRow,                 /* Write the number of rows in the result here */
+  int *pnColumn,              /* Write the number of columns of result here */
+  char **pzErrMsg             /* Write error messages here */
+){
+  int rc;
+  TabResult res;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || pazResult==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  *pazResult = 0;
+  if( pnColumn ) *pnColumn = 0;
+  if( pnRow ) *pnRow = 0;
+  if( pzErrMsg ) *pzErrMsg = 0;
+  res.zErrMsg = 0;
+  res.nRow = 0;
+  res.nColumn = 0;
+  res.nData = 1;
+  res.nAlloc = 20;
+  res.rc = SQLITE_OK;
+  res.azResult = sqlite3_malloc64(sizeof(char*)*res.nAlloc );
+  if( res.azResult==0 ){
+     db->errCode = SQLITE_NOMEM;
+     return SQLITE_NOMEM;
+  }
+  res.azResult[0] = 0;
+  rc = sqlite3_exec(db, zSql, sqlite3_get_table_cb, &res, pzErrMsg);
+  assert( sizeof(res.azResult[0])>= sizeof(res.nData) );
+  res.azResult[0] = SQLITE_INT_TO_PTR(res.nData);
+  if( (rc&0xff)==SQLITE_ABORT ){
+    sqlite3_free_table(&res.azResult[1]);
+    if( res.zErrMsg ){
+      if( pzErrMsg ){
+        sqlite3_free(*pzErrMsg);
+        *pzErrMsg = sqlite3_mprintf("%s",res.zErrMsg);
+      }
+      sqlite3_free(res.zErrMsg);
+    }
+    db->errCode = res.rc;  /* Assume 32-bit assignment is atomic */
+    return res.rc;
+  }
+  sqlite3_free(res.zErrMsg);
+  if( rc!=SQLITE_OK ){
+    sqlite3_free_table(&res.azResult[1]);
+    return rc;
+  }
+  if( res.nAlloc>res.nData ){
+    char **azNew;
+    azNew = sqlite3_realloc64( res.azResult, sizeof(char*)*res.nData );
+    if( azNew==0 ){
+      sqlite3_free_table(&res.azResult[1]);
+      db->errCode = SQLITE_NOMEM;
+      return SQLITE_NOMEM;
+    }
+    res.azResult = azNew;
+  }
+  *pazResult = &res.azResult[1];
+  if( pnColumn ) *pnColumn = res.nColumn;
+  if( pnRow ) *pnRow = res.nRow;
+  return rc;
+}
+
+/*
+** This routine frees the space the sqlite3_get_table() malloced.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_free_table(
+  char **azResult            /* Result returned from sqlite3_get_table() */
+){
+  if( azResult ){
+    int i, n;
+    azResult--;
+    assert( azResult!=0 );
+    n = SQLITE_PTR_TO_INT(azResult[0]);
+    for(i=1; i<n; i++){ if( azResult[i] ) sqlite3_free(azResult[i]); }
+    sqlite3_free(azResult);
+  }
+}
+
+#endif /* SQLITE_OMIT_GET_TABLE */
+
+/************** End of table.c ***********************************************/
+/************** Begin file trigger.c *****************************************/
+/*
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains the implementation for TRIGGERs
+*/
+/* #include "sqliteInt.h" */
+
+#ifndef SQLITE_OMIT_TRIGGER
+/*
+** Delete a linked list of TriggerStep structures.
+*/
+SQLITE_PRIVATE void sqlite3DeleteTriggerStep(sqlite3 *db, TriggerStep *pTriggerStep){
+  while( pTriggerStep ){
+    TriggerStep * pTmp = pTriggerStep;
+    pTriggerStep = pTriggerStep->pNext;
+
+    sqlite3ExprDelete(db, pTmp->pWhere);
+    sqlite3ExprListDelete(db, pTmp->pExprList);
+    sqlite3SelectDelete(db, pTmp->pSelect);
+    sqlite3IdListDelete(db, pTmp->pIdList);
+
+    sqlite3DbFree(db, pTmp);
+  }
+}
+
+/*
+** Given table pTab, return a list of all the triggers attached to 
+** the table. The list is connected by Trigger.pNext pointers.
+**
+** All of the triggers on pTab that are in the same database as pTab
+** are already attached to pTab->pTrigger.  But there might be additional
+** triggers on pTab in the TEMP schema.  This routine prepends all
+** TEMP triggers on pTab to the beginning of the pTab->pTrigger list
+** and returns the combined list.
+**
+** To state it another way:  This routine returns a list of all triggers
+** that fire off of pTab.  The list will include any TEMP triggers on
+** pTab as well as the triggers lised in pTab->pTrigger.
+*/
+SQLITE_PRIVATE Trigger *sqlite3TriggerList(Parse *pParse, Table *pTab){
+  Schema * const pTmpSchema = pParse->db->aDb[1].pSchema;
+  Trigger *pList = 0;                  /* List of triggers to return */
+
+  if( pParse->disableTriggers ){
+    return 0;
+  }
+
+  if( pTmpSchema!=pTab->pSchema ){
+    HashElem *p;
+    assert( sqlite3SchemaMutexHeld(pParse->db, 0, pTmpSchema) );
+    for(p=sqliteHashFirst(&pTmpSchema->trigHash); p; p=sqliteHashNext(p)){
+      Trigger *pTrig = (Trigger *)sqliteHashData(p);
+      if( pTrig->pTabSchema==pTab->pSchema
+       && 0==sqlite3StrICmp(pTrig->table, pTab->zName) 
+      ){
+        pTrig->pNext = (pList ? pList : pTab->pTrigger);
+        pList = pTrig;
+      }
+    }
+  }
+
+  return (pList ? pList : pTab->pTrigger);
+}
+
+/*
+** This is called by the parser when it sees a CREATE TRIGGER statement
+** up to the point of the BEGIN before the trigger actions.  A Trigger
+** structure is generated based on the information available and stored
+** in pParse->pNewTrigger.  After the trigger actions have been parsed, the
+** sqlite3FinishTrigger() function is called to complete the trigger
+** construction process.
+*/
+SQLITE_PRIVATE void sqlite3BeginTrigger(
+  Parse *pParse,      /* The parse context of the CREATE TRIGGER statement */
+  Token *pName1,      /* The name of the trigger */
+  Token *pName2,      /* The name of the trigger */
+  int tr_tm,          /* One of TK_BEFORE, TK_AFTER, TK_INSTEAD */
+  int op,             /* One of TK_INSERT, TK_UPDATE, TK_DELETE */
+  IdList *pColumns,   /* column list if this is an UPDATE OF trigger */
+  SrcList *pTableName,/* The name of the table/view the trigger applies to */
+  Expr *pWhen,        /* WHEN clause */
+  int isTemp,         /* True if the TEMPORARY keyword is present */
+  int noErr           /* Suppress errors if the trigger already exists */
+){
+  Trigger *pTrigger = 0;  /* The new trigger */
+  Table *pTab;            /* Table that the trigger fires off of */
+  char *zName = 0;        /* Name of the trigger */
+  sqlite3 *db = pParse->db;  /* The database connection */
+  int iDb;                /* The database to store the trigger in */
+  Token *pName;           /* The unqualified db name */
+  DbFixer sFix;           /* State vector for the DB fixer */
+  int iTabDb;             /* Index of the database holding pTab */
+
+  assert( pName1!=0 );   /* pName1->z might be NULL, but not pName1 itself */
+  assert( pName2!=0 );
+  assert( op==TK_INSERT || op==TK_UPDATE || op==TK_DELETE );
+  assert( op>0 && op<0xff );
+  if( isTemp ){
+    /* If TEMP was specified, then the trigger name may not be qualified. */
+    if( pName2->n>0 ){
+      sqlite3ErrorMsg(pParse, "temporary trigger may not have qualified name");
+      goto trigger_cleanup;
+    }
+    iDb = 1;
+    pName = pName1;
+  }else{
+    /* Figure out the db that the trigger will be created in */
+    iDb = sqlite3TwoPartName(pParse, pName1, pName2, &pName);
+    if( iDb<0 ){
+      goto trigger_cleanup;
+    }
+  }
+  if( !pTableName || db->mallocFailed ){
+    goto trigger_cleanup;
+  }
+
+  /* A long-standing parser bug is that this syntax was allowed:
+  **
+  **    CREATE TRIGGER attached.demo AFTER INSERT ON attached.tab ....
+  **                                                 ^^^^^^^^
+  **
+  ** To maintain backwards compatibility, ignore the database
+  ** name on pTableName if we are reparsing out of SQLITE_MASTER.
+  */
+  if( db->init.busy && iDb!=1 ){
+    sqlite3DbFree(db, pTableName->a[0].zDatabase);
+    pTableName->a[0].zDatabase = 0;
+  }
+
+  /* If the trigger name was unqualified, and the table is a temp table,
+  ** then set iDb to 1 to create the trigger in the temporary database.
+  ** If sqlite3SrcListLookup() returns 0, indicating the table does not
+  ** exist, the error is caught by the block below.
+  */
+  pTab = sqlite3SrcListLookup(pParse, pTableName);
+  if( db->init.busy==0 && pName2->n==0 && pTab
+        && pTab->pSchema==db->aDb[1].pSchema ){
+    iDb = 1;
+  }
+
+  /* Ensure the table name matches database name and that the table exists */
+  if( db->mallocFailed ) goto trigger_cleanup;
+  assert( pTableName->nSrc==1 );
+  sqlite3FixInit(&sFix, pParse, iDb, "trigger", pName);
+  if( sqlite3FixSrcList(&sFix, pTableName) ){
+    goto trigger_cleanup;
+  }
+  pTab = sqlite3SrcListLookup(pParse, pTableName);
+  if( !pTab ){
+    /* The table does not exist. */
+    if( db->init.iDb==1 ){
+      /* Ticket #3810.
+      ** Normally, whenever a table is dropped, all associated triggers are
+      ** dropped too.  But if a TEMP trigger is created on a non-TEMP table
+      ** and the table is dropped by a different database connection, the
+      ** trigger is not visible to the database connection that does the
+      ** drop so the trigger cannot be dropped.  This results in an
+      ** "orphaned trigger" - a trigger whose associated table is missing.
+      */
+      db->init.orphanTrigger = 1;
+    }
+    goto trigger_cleanup;
+  }
+  if( IsVirtual(pTab) ){
+    sqlite3ErrorMsg(pParse, "cannot create triggers on virtual tables");
+    goto trigger_cleanup;
+  }
+
+  /* Check that the trigger name is not reserved and that no trigger of the
+  ** specified name exists */
+  zName = sqlite3NameFromToken(db, pName);
+  if( !zName || SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){
+    goto trigger_cleanup;
+  }
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  if( sqlite3HashFind(&(db->aDb[iDb].pSchema->trigHash),zName) ){
+    if( !noErr ){
+      sqlite3ErrorMsg(pParse, "trigger %T already exists", pName);
+    }else{
+      assert( !db->init.busy );
+      sqlite3CodeVerifySchema(pParse, iDb);
+    }
+    goto trigger_cleanup;
+  }
+
+  /* Do not create a trigger on a system table */
+  if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 ){
+    sqlite3ErrorMsg(pParse, "cannot create trigger on system table");
+    goto trigger_cleanup;
+  }
+
+  /* INSTEAD of triggers are only for views and views only support INSTEAD
+  ** of triggers.
+  */
+  if( pTab->pSelect && tr_tm!=TK_INSTEAD ){
+    sqlite3ErrorMsg(pParse, "cannot create %s trigger on view: %S", 
+        (tr_tm == TK_BEFORE)?"BEFORE":"AFTER", pTableName, 0);
+    goto trigger_cleanup;
+  }
+  if( !pTab->pSelect && tr_tm==TK_INSTEAD ){
+    sqlite3ErrorMsg(pParse, "cannot create INSTEAD OF"
+        " trigger on table: %S", pTableName, 0);
+    goto trigger_cleanup;
+  }
+  iTabDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  {
+    int code = SQLITE_CREATE_TRIGGER;
+    const char *zDb = db->aDb[iTabDb].zName;
+    const char *zDbTrig = isTemp ? db->aDb[1].zName : zDb;
+    if( iTabDb==1 || isTemp ) code = SQLITE_CREATE_TEMP_TRIGGER;
+    if( sqlite3AuthCheck(pParse, code, zName, pTab->zName, zDbTrig) ){
+      goto trigger_cleanup;
+    }
+    if( sqlite3AuthCheck(pParse, SQLITE_INSERT, SCHEMA_TABLE(iTabDb),0,zDb)){
+      goto trigger_cleanup;
+    }
+  }
+#endif
+
+  /* INSTEAD OF triggers can only appear on views and BEFORE triggers
+  ** cannot appear on views.  So we might as well translate every
+  ** INSTEAD OF trigger into a BEFORE trigger.  It simplifies code
+  ** elsewhere.
+  */
+  if (tr_tm == TK_INSTEAD){
+    tr_tm = TK_BEFORE;
+  }
+
+  /* Build the Trigger object */
+  pTrigger = (Trigger*)sqlite3DbMallocZero(db, sizeof(Trigger));
+  if( pTrigger==0 ) goto trigger_cleanup;
+  pTrigger->zName = zName;
+  zName = 0;
+  pTrigger->table = sqlite3DbStrDup(db, pTableName->a[0].zName);
+  pTrigger->pSchema = db->aDb[iDb].pSchema;
+  pTrigger->pTabSchema = pTab->pSchema;
+  pTrigger->op = (u8)op;
+  pTrigger->tr_tm = tr_tm==TK_BEFORE ? TRIGGER_BEFORE : TRIGGER_AFTER;
+  pTrigger->pWhen = sqlite3ExprDup(db, pWhen, EXPRDUP_REDUCE);
+  pTrigger->pColumns = sqlite3IdListDup(db, pColumns);
+  assert( pParse->pNewTrigger==0 );
+  pParse->pNewTrigger = pTrigger;
+
+trigger_cleanup:
+  sqlite3DbFree(db, zName);
+  sqlite3SrcListDelete(db, pTableName);
+  sqlite3IdListDelete(db, pColumns);
+  sqlite3ExprDelete(db, pWhen);
+  if( !pParse->pNewTrigger ){
+    sqlite3DeleteTrigger(db, pTrigger);
+  }else{
+    assert( pParse->pNewTrigger==pTrigger );
+  }
+}
+
+/*
+** This routine is called after all of the trigger actions have been parsed
+** in order to complete the process of building the trigger.
+*/
+SQLITE_PRIVATE void sqlite3FinishTrigger(
+  Parse *pParse,          /* Parser context */
+  TriggerStep *pStepList, /* The triggered program */
+  Token *pAll             /* Token that describes the complete CREATE TRIGGER */
+){
+  Trigger *pTrig = pParse->pNewTrigger;   /* Trigger being finished */
+  char *zName;                            /* Name of trigger */
+  sqlite3 *db = pParse->db;               /* The database */
+  DbFixer sFix;                           /* Fixer object */
+  int iDb;                                /* Database containing the trigger */
+  Token nameToken;                        /* Trigger name for error reporting */
+
+  pParse->pNewTrigger = 0;
+  if( NEVER(pParse->nErr) || !pTrig ) goto triggerfinish_cleanup;
+  zName = pTrig->zName;
+  iDb = sqlite3SchemaToIndex(pParse->db, pTrig->pSchema);
+  pTrig->step_list = pStepList;
+  while( pStepList ){
+    pStepList->pTrig = pTrig;
+    pStepList = pStepList->pNext;
+  }
+  nameToken.z = pTrig->zName;
+  nameToken.n = sqlite3Strlen30(nameToken.z);
+  sqlite3FixInit(&sFix, pParse, iDb, "trigger", &nameToken);
+  if( sqlite3FixTriggerStep(&sFix, pTrig->step_list) 
+   || sqlite3FixExpr(&sFix, pTrig->pWhen) 
+  ){
+    goto triggerfinish_cleanup;
+  }
+
+  /* if we are not initializing,
+  ** build the sqlite_master entry
+  */
+  if( !db->init.busy ){
+    Vdbe *v;
+    char *z;
+
+    /* Make an entry in the sqlite_master table */
+    v = sqlite3GetVdbe(pParse);
+    if( v==0 ) goto triggerfinish_cleanup;
+    sqlite3BeginWriteOperation(pParse, 0, iDb);
+    z = sqlite3DbStrNDup(db, (char*)pAll->z, pAll->n);
+    sqlite3NestedParse(pParse,
+       "INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')",
+       db->aDb[iDb].zName, SCHEMA_TABLE(iDb), zName,
+       pTrig->table, z);
+    sqlite3DbFree(db, z);
+    sqlite3ChangeCookie(pParse, iDb);
+    sqlite3VdbeAddParseSchemaOp(v, iDb,
+        sqlite3MPrintf(db, "type='trigger' AND name='%q'", zName));
+  }
+
+  if( db->init.busy ){
+    Trigger *pLink = pTrig;
+    Hash *pHash = &db->aDb[iDb].pSchema->trigHash;
+    assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+    pTrig = sqlite3HashInsert(pHash, zName, pTrig);
+    if( pTrig ){
+      db->mallocFailed = 1;
+    }else if( pLink->pSchema==pLink->pTabSchema ){
+      Table *pTab;
+      pTab = sqlite3HashFind(&pLink->pTabSchema->tblHash, pLink->table);
+      assert( pTab!=0 );
+      pLink->pNext = pTab->pTrigger;
+      pTab->pTrigger = pLink;
+    }
+  }
+
+triggerfinish_cleanup:
+  sqlite3DeleteTrigger(db, pTrig);
+  assert( !pParse->pNewTrigger );
+  sqlite3DeleteTriggerStep(db, pStepList);
+}
+
+/*
+** Turn a SELECT statement (that the pSelect parameter points to) into
+** a trigger step.  Return a pointer to a TriggerStep structure.
+**
+** The parser calls this routine when it finds a SELECT statement in
+** body of a TRIGGER.  
+*/
+SQLITE_PRIVATE TriggerStep *sqlite3TriggerSelectStep(sqlite3 *db, Select *pSelect){
+  TriggerStep *pTriggerStep = sqlite3DbMallocZero(db, sizeof(TriggerStep));
+  if( pTriggerStep==0 ) {
+    sqlite3SelectDelete(db, pSelect);
+    return 0;
+  }
+  pTriggerStep->op = TK_SELECT;
+  pTriggerStep->pSelect = pSelect;
+  pTriggerStep->orconf = OE_Default;
+  return pTriggerStep;
+}
+
+/*
+** Allocate space to hold a new trigger step.  The allocated space
+** holds both the TriggerStep object and the TriggerStep.target.z string.
+**
+** If an OOM error occurs, NULL is returned and db->mallocFailed is set.
+*/
+static TriggerStep *triggerStepAllocate(
+  sqlite3 *db,                /* Database connection */
+  u8 op,                      /* Trigger opcode */
+  Token *pName                /* The target name */
+){
+  TriggerStep *pTriggerStep;
+
+  pTriggerStep = sqlite3DbMallocZero(db, sizeof(TriggerStep) + pName->n + 1);
+  if( pTriggerStep ){
+    char *z = (char*)&pTriggerStep[1];
+    memcpy(z, pName->z, pName->n);
+    sqlite3Dequote(z);
+    pTriggerStep->zTarget = z;
+    pTriggerStep->op = op;
+  }
+  return pTriggerStep;
+}
+
+/*
+** Build a trigger step out of an INSERT statement.  Return a pointer
+** to the new trigger step.
+**
+** The parser calls this routine when it sees an INSERT inside the
+** body of a trigger.
+*/
+SQLITE_PRIVATE TriggerStep *sqlite3TriggerInsertStep(
+  sqlite3 *db,        /* The database connection */
+  Token *pTableName,  /* Name of the table into which we insert */
+  IdList *pColumn,    /* List of columns in pTableName to insert into */
+  Select *pSelect,    /* A SELECT statement that supplies values */
+  u8 orconf           /* The conflict algorithm (OE_Abort, OE_Replace, etc.) */
+){
+  TriggerStep *pTriggerStep;
+
+  assert(pSelect != 0 || db->mallocFailed);
+
+  pTriggerStep = triggerStepAllocate(db, TK_INSERT, pTableName);
+  if( pTriggerStep ){
+    pTriggerStep->pSelect = sqlite3SelectDup(db, pSelect, EXPRDUP_REDUCE);
+    pTriggerStep->pIdList = pColumn;
+    pTriggerStep->orconf = orconf;
+  }else{
+    sqlite3IdListDelete(db, pColumn);
+  }
+  sqlite3SelectDelete(db, pSelect);
+
+  return pTriggerStep;
+}
+
+/*
+** Construct a trigger step that implements an UPDATE statement and return
+** a pointer to that trigger step.  The parser calls this routine when it
+** sees an UPDATE statement inside the body of a CREATE TRIGGER.
+*/
+SQLITE_PRIVATE TriggerStep *sqlite3TriggerUpdateStep(
+  sqlite3 *db,         /* The database connection */
+  Token *pTableName,   /* Name of the table to be updated */
+  ExprList *pEList,    /* The SET clause: list of column and new values */
+  Expr *pWhere,        /* The WHERE clause */
+  u8 orconf            /* The conflict algorithm. (OE_Abort, OE_Ignore, etc) */
+){
+  TriggerStep *pTriggerStep;
+
+  pTriggerStep = triggerStepAllocate(db, TK_UPDATE, pTableName);
+  if( pTriggerStep ){
+    pTriggerStep->pExprList = sqlite3ExprListDup(db, pEList, EXPRDUP_REDUCE);
+    pTriggerStep->pWhere = sqlite3ExprDup(db, pWhere, EXPRDUP_REDUCE);
+    pTriggerStep->orconf = orconf;
+  }
+  sqlite3ExprListDelete(db, pEList);
+  sqlite3ExprDelete(db, pWhere);
+  return pTriggerStep;
+}
+
+/*
+** Construct a trigger step that implements a DELETE statement and return
+** a pointer to that trigger step.  The parser calls this routine when it
+** sees a DELETE statement inside the body of a CREATE TRIGGER.
+*/
+SQLITE_PRIVATE TriggerStep *sqlite3TriggerDeleteStep(
+  sqlite3 *db,            /* Database connection */
+  Token *pTableName,      /* The table from which rows are deleted */
+  Expr *pWhere            /* The WHERE clause */
+){
+  TriggerStep *pTriggerStep;
+
+  pTriggerStep = triggerStepAllocate(db, TK_DELETE, pTableName);
+  if( pTriggerStep ){
+    pTriggerStep->pWhere = sqlite3ExprDup(db, pWhere, EXPRDUP_REDUCE);
+    pTriggerStep->orconf = OE_Default;
+  }
+  sqlite3ExprDelete(db, pWhere);
+  return pTriggerStep;
+}
+
+/* 
+** Recursively delete a Trigger structure
+*/
+SQLITE_PRIVATE void sqlite3DeleteTrigger(sqlite3 *db, Trigger *pTrigger){
+  if( pTrigger==0 ) return;
+  sqlite3DeleteTriggerStep(db, pTrigger->step_list);
+  sqlite3DbFree(db, pTrigger->zName);
+  sqlite3DbFree(db, pTrigger->table);
+  sqlite3ExprDelete(db, pTrigger->pWhen);
+  sqlite3IdListDelete(db, pTrigger->pColumns);
+  sqlite3DbFree(db, pTrigger);
+}
+
+/*
+** This function is called to drop a trigger from the database schema. 
+**
+** This may be called directly from the parser and therefore identifies
+** the trigger by name.  The sqlite3DropTriggerPtr() routine does the
+** same job as this routine except it takes a pointer to the trigger
+** instead of the trigger name.
+**/
+SQLITE_PRIVATE void sqlite3DropTrigger(Parse *pParse, SrcList *pName, int noErr){
+  Trigger *pTrigger = 0;
+  int i;
+  const char *zDb;
+  const char *zName;
+  sqlite3 *db = pParse->db;
+
+  if( db->mallocFailed ) goto drop_trigger_cleanup;
+  if( SQLITE_OK!=sqlite3ReadSchema(pParse) ){
+    goto drop_trigger_cleanup;
+  }
+
+  assert( pName->nSrc==1 );
+  zDb = pName->a[0].zDatabase;
+  zName = pName->a[0].zName;
+  assert( zDb!=0 || sqlite3BtreeHoldsAllMutexes(db) );
+  for(i=OMIT_TEMPDB; i<db->nDb; i++){
+    int j = (i<2) ? i^1 : i;  /* Search TEMP before MAIN */
+    if( zDb && sqlite3StrICmp(db->aDb[j].zName, zDb) ) continue;
+    assert( sqlite3SchemaMutexHeld(db, j, 0) );
+    pTrigger = sqlite3HashFind(&(db->aDb[j].pSchema->trigHash), zName);
+    if( pTrigger ) break;
+  }
+  if( !pTrigger ){
+    if( !noErr ){
+      sqlite3ErrorMsg(pParse, "no such trigger: %S", pName, 0);
+    }else{
+      sqlite3CodeVerifyNamedSchema(pParse, zDb);
+    }
+    pParse->checkSchema = 1;
+    goto drop_trigger_cleanup;
+  }
+  sqlite3DropTriggerPtr(pParse, pTrigger);
+
+drop_trigger_cleanup:
+  sqlite3SrcListDelete(db, pName);
+}
+
+/*
+** Return a pointer to the Table structure for the table that a trigger
+** is set on.
+*/
+static Table *tableOfTrigger(Trigger *pTrigger){
+  return sqlite3HashFind(&pTrigger->pTabSchema->tblHash, pTrigger->table);
+}
+
+
+/*
+** Drop a trigger given a pointer to that trigger. 
+*/
+SQLITE_PRIVATE void sqlite3DropTriggerPtr(Parse *pParse, Trigger *pTrigger){
+  Table   *pTable;
+  Vdbe *v;
+  sqlite3 *db = pParse->db;
+  int iDb;
+
+  iDb = sqlite3SchemaToIndex(pParse->db, pTrigger->pSchema);
+  assert( iDb>=0 && iDb<db->nDb );
+  pTable = tableOfTrigger(pTrigger);
+  assert( pTable );
+  assert( pTable->pSchema==pTrigger->pSchema || iDb==1 );
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  {
+    int code = SQLITE_DROP_TRIGGER;
+    const char *zDb = db->aDb[iDb].zName;
+    const char *zTab = SCHEMA_TABLE(iDb);
+    if( iDb==1 ) code = SQLITE_DROP_TEMP_TRIGGER;
+    if( sqlite3AuthCheck(pParse, code, pTrigger->zName, pTable->zName, zDb) ||
+      sqlite3AuthCheck(pParse, SQLITE_DELETE, zTab, 0, zDb) ){
+      return;
+    }
+  }
+#endif
+
+  /* Generate code to destroy the database record of the trigger.
+  */
+  assert( pTable!=0 );
+  if( (v = sqlite3GetVdbe(pParse))!=0 ){
+    sqlite3NestedParse(pParse,
+       "DELETE FROM %Q.%s WHERE name=%Q AND type='trigger'",
+       db->aDb[iDb].zName, SCHEMA_TABLE(iDb), pTrigger->zName
+    );
+    sqlite3ChangeCookie(pParse, iDb);
+    sqlite3VdbeAddOp4(v, OP_DropTrigger, iDb, 0, 0, pTrigger->zName, 0);
+  }
+}
+
+/*
+** Remove a trigger from the hash tables of the sqlite* pointer.
+*/
+SQLITE_PRIVATE void sqlite3UnlinkAndDeleteTrigger(sqlite3 *db, int iDb, const char *zName){
+  Trigger *pTrigger;
+  Hash *pHash;
+
+  assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
+  pHash = &(db->aDb[iDb].pSchema->trigHash);
+  pTrigger = sqlite3HashInsert(pHash, zName, 0);
+  if( ALWAYS(pTrigger) ){
+    if( pTrigger->pSchema==pTrigger->pTabSchema ){
+      Table *pTab = tableOfTrigger(pTrigger);
+      Trigger **pp;
+      for(pp=&pTab->pTrigger; *pp!=pTrigger; pp=&((*pp)->pNext));
+      *pp = (*pp)->pNext;
+    }
+    sqlite3DeleteTrigger(db, pTrigger);
+    db->flags |= SQLITE_InternChanges;
+  }
+}
+
+/*
+** pEList is the SET clause of an UPDATE statement.  Each entry
+** in pEList is of the format <id>=<expr>.  If any of the entries
+** in pEList have an <id> which matches an identifier in pIdList,
+** then return TRUE.  If pIdList==NULL, then it is considered a
+** wildcard that matches anything.  Likewise if pEList==NULL then
+** it matches anything so always return true.  Return false only
+** if there is no match.
+*/
+static int checkColumnOverlap(IdList *pIdList, ExprList *pEList){
+  int e;
+  if( pIdList==0 || NEVER(pEList==0) ) return 1;
+  for(e=0; e<pEList->nExpr; e++){
+    if( sqlite3IdListIndex(pIdList, pEList->a[e].zName)>=0 ) return 1;
+  }
+  return 0; 
+}
+
+/*
+** Return a list of all triggers on table pTab if there exists at least
+** one trigger that must be fired when an operation of type 'op' is 
+** performed on the table, and, if that operation is an UPDATE, if at
+** least one of the columns in pChanges is being modified.
+*/
+SQLITE_PRIVATE Trigger *sqlite3TriggersExist(
+  Parse *pParse,          /* Parse context */
+  Table *pTab,            /* The table the contains the triggers */
+  int op,                 /* one of TK_DELETE, TK_INSERT, TK_UPDATE */
+  ExprList *pChanges,     /* Columns that change in an UPDATE statement */
+  int *pMask              /* OUT: Mask of TRIGGER_BEFORE|TRIGGER_AFTER */
+){
+  int mask = 0;
+  Trigger *pList = 0;
+  Trigger *p;
+
+  if( (pParse->db->flags & SQLITE_EnableTrigger)!=0 ){
+    pList = sqlite3TriggerList(pParse, pTab);
+  }
+  assert( pList==0 || IsVirtual(pTab)==0 );
+  for(p=pList; p; p=p->pNext){
+    if( p->op==op && checkColumnOverlap(p->pColumns, pChanges) ){
+      mask |= p->tr_tm;
+    }
+  }
+  if( pMask ){
+    *pMask = mask;
+  }
+  return (mask ? pList : 0);
+}
+
+/*
+** Convert the pStep->zTarget string into a SrcList and return a pointer
+** to that SrcList.
+**
+** This routine adds a specific database name, if needed, to the target when
+** forming the SrcList.  This prevents a trigger in one database from
+** referring to a target in another database.  An exception is when the
+** trigger is in TEMP in which case it can refer to any other database it
+** wants.
+*/
+static SrcList *targetSrcList(
+  Parse *pParse,       /* The parsing context */
+  TriggerStep *pStep   /* The trigger containing the target token */
+){
+  sqlite3 *db = pParse->db;
+  int iDb;             /* Index of the database to use */
+  SrcList *pSrc;       /* SrcList to be returned */
+
+  pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
+  if( pSrc ){
+    assert( pSrc->nSrc>0 );
+    pSrc->a[pSrc->nSrc-1].zName = sqlite3DbStrDup(db, pStep->zTarget);
+    iDb = sqlite3SchemaToIndex(db, pStep->pTrig->pSchema);
+    if( iDb==0 || iDb>=2 ){
+      assert( iDb<db->nDb );
+      pSrc->a[pSrc->nSrc-1].zDatabase = sqlite3DbStrDup(db, db->aDb[iDb].zName);
+    }
+  }
+  return pSrc;
+}
+
+/*
+** Generate VDBE code for the statements inside the body of a single 
+** trigger.
+*/
+static int codeTriggerProgram(
+  Parse *pParse,            /* The parser context */
+  TriggerStep *pStepList,   /* List of statements inside the trigger body */
+  int orconf                /* Conflict algorithm. (OE_Abort, etc) */  
+){
+  TriggerStep *pStep;
+  Vdbe *v = pParse->pVdbe;
+  sqlite3 *db = pParse->db;
+
+  assert( pParse->pTriggerTab && pParse->pToplevel );
+  assert( pStepList );
+  assert( v!=0 );
+  for(pStep=pStepList; pStep; pStep=pStep->pNext){
+    /* Figure out the ON CONFLICT policy that will be used for this step
+    ** of the trigger program. If the statement that caused this trigger
+    ** to fire had an explicit ON CONFLICT, then use it. Otherwise, use
+    ** the ON CONFLICT policy that was specified as part of the trigger
+    ** step statement. Example:
+    **
+    **   CREATE TRIGGER AFTER INSERT ON t1 BEGIN;
+    **     INSERT OR REPLACE INTO t2 VALUES(new.a, new.b);
+    **   END;
+    **
+    **   INSERT INTO t1 ... ;            -- insert into t2 uses REPLACE policy
+    **   INSERT OR IGNORE INTO t1 ... ;  -- insert into t2 uses IGNORE policy
+    */
+    pParse->eOrconf = (orconf==OE_Default)?pStep->orconf:(u8)orconf;
+    assert( pParse->okConstFactor==0 );
+
+    switch( pStep->op ){
+      case TK_UPDATE: {
+        sqlite3Update(pParse, 
+          targetSrcList(pParse, pStep),
+          sqlite3ExprListDup(db, pStep->pExprList, 0), 
+          sqlite3ExprDup(db, pStep->pWhere, 0), 
+          pParse->eOrconf
+        );
+        break;
+      }
+      case TK_INSERT: {
+        sqlite3Insert(pParse, 
+          targetSrcList(pParse, pStep),
+          sqlite3SelectDup(db, pStep->pSelect, 0), 
+          sqlite3IdListDup(db, pStep->pIdList), 
+          pParse->eOrconf
+        );
+        break;
+      }
+      case TK_DELETE: {
+        sqlite3DeleteFrom(pParse, 
+          targetSrcList(pParse, pStep),
+          sqlite3ExprDup(db, pStep->pWhere, 0)
+        );
+        break;
+      }
+      default: assert( pStep->op==TK_SELECT ); {
+        SelectDest sDest;
+        Select *pSelect = sqlite3SelectDup(db, pStep->pSelect, 0);
+        sqlite3SelectDestInit(&sDest, SRT_Discard, 0);
+        sqlite3Select(pParse, pSelect, &sDest);
+        sqlite3SelectDelete(db, pSelect);
+        break;
+      }
+    } 
+    if( pStep->op!=TK_SELECT ){
+      sqlite3VdbeAddOp0(v, OP_ResetCount);
+    }
+  }
+
+  return 0;
+}
+
+#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
+/*
+** This function is used to add VdbeComment() annotations to a VDBE
+** program. It is not used in production code, only for debugging.
+*/
+static const char *onErrorText(int onError){
+  switch( onError ){
+    case OE_Abort:    return "abort";
+    case OE_Rollback: return "rollback";
+    case OE_Fail:     return "fail";
+    case OE_Replace:  return "replace";
+    case OE_Ignore:   return "ignore";
+    case OE_Default:  return "default";
+  }
+  return "n/a";
+}
+#endif
+
+/*
+** Parse context structure pFrom has just been used to create a sub-vdbe
+** (trigger program). If an error has occurred, transfer error information
+** from pFrom to pTo.
+*/
+static void transferParseError(Parse *pTo, Parse *pFrom){
+  assert( pFrom->zErrMsg==0 || pFrom->nErr );
+  assert( pTo->zErrMsg==0 || pTo->nErr );
+  if( pTo->nErr==0 ){
+    pTo->zErrMsg = pFrom->zErrMsg;
+    pTo->nErr = pFrom->nErr;
+    pTo->rc = pFrom->rc;
+  }else{
+    sqlite3DbFree(pFrom->db, pFrom->zErrMsg);
+  }
+}
+
+/*
+** Create and populate a new TriggerPrg object with a sub-program 
+** implementing trigger pTrigger with ON CONFLICT policy orconf.
+*/
+static TriggerPrg *codeRowTrigger(
+  Parse *pParse,       /* Current parse context */
+  Trigger *pTrigger,   /* Trigger to code */
+  Table *pTab,         /* The table pTrigger is attached to */
+  int orconf           /* ON CONFLICT policy to code trigger program with */
+){
+  Parse *pTop = sqlite3ParseToplevel(pParse);
+  sqlite3 *db = pParse->db;   /* Database handle */
+  TriggerPrg *pPrg;           /* Value to return */
+  Expr *pWhen = 0;            /* Duplicate of trigger WHEN expression */
+  Vdbe *v;                    /* Temporary VM */
+  NameContext sNC;            /* Name context for sub-vdbe */
+  SubProgram *pProgram = 0;   /* Sub-vdbe for trigger program */
+  Parse *pSubParse;           /* Parse context for sub-vdbe */
+  int iEndTrigger = 0;        /* Label to jump to if WHEN is false */
+
+  assert( pTrigger->zName==0 || pTab==tableOfTrigger(pTrigger) );
+  assert( pTop->pVdbe );
+
+  /* Allocate the TriggerPrg and SubProgram objects. To ensure that they
+  ** are freed if an error occurs, link them into the Parse.pTriggerPrg 
+  ** list of the top-level Parse object sooner rather than later.  */
+  pPrg = sqlite3DbMallocZero(db, sizeof(TriggerPrg));
+  if( !pPrg ) return 0;
+  pPrg->pNext = pTop->pTriggerPrg;
+  pTop->pTriggerPrg = pPrg;
+  pPrg->pProgram = pProgram = sqlite3DbMallocZero(db, sizeof(SubProgram));
+  if( !pProgram ) return 0;
+  sqlite3VdbeLinkSubProgram(pTop->pVdbe, pProgram);
+  pPrg->pTrigger = pTrigger;
+  pPrg->orconf = orconf;
+  pPrg->aColmask[0] = 0xffffffff;
+  pPrg->aColmask[1] = 0xffffffff;
+
+  /* Allocate and populate a new Parse context to use for coding the 
+  ** trigger sub-program.  */
+  pSubParse = sqlite3StackAllocZero(db, sizeof(Parse));
+  if( !pSubParse ) return 0;
+  memset(&sNC, 0, sizeof(sNC));
+  sNC.pParse = pSubParse;
+  pSubParse->db = db;
+  pSubParse->pTriggerTab = pTab;
+  pSubParse->pToplevel = pTop;
+  pSubParse->zAuthContext = pTrigger->zName;
+  pSubParse->eTriggerOp = pTrigger->op;
+  pSubParse->nQueryLoop = pParse->nQueryLoop;
+
+  v = sqlite3GetVdbe(pSubParse);
+  if( v ){
+    VdbeComment((v, "Start: %s.%s (%s %s%s%s ON %s)", 
+      pTrigger->zName, onErrorText(orconf),
+      (pTrigger->tr_tm==TRIGGER_BEFORE ? "BEFORE" : "AFTER"),
+        (pTrigger->op==TK_UPDATE ? "UPDATE" : ""),
+        (pTrigger->op==TK_INSERT ? "INSERT" : ""),
+        (pTrigger->op==TK_DELETE ? "DELETE" : ""),
+      pTab->zName
+    ));
+#ifndef SQLITE_OMIT_TRACE
+    sqlite3VdbeChangeP4(v, -1, 
+      sqlite3MPrintf(db, "-- TRIGGER %s", pTrigger->zName), P4_DYNAMIC
+    );
+#endif
+
+    /* If one was specified, code the WHEN clause. If it evaluates to false
+    ** (or NULL) the sub-vdbe is immediately halted by jumping to the 
+    ** OP_Halt inserted at the end of the program.  */
+    if( pTrigger->pWhen ){
+      pWhen = sqlite3ExprDup(db, pTrigger->pWhen, 0);
+      if( SQLITE_OK==sqlite3ResolveExprNames(&sNC, pWhen) 
+       && db->mallocFailed==0 
+      ){
+        iEndTrigger = sqlite3VdbeMakeLabel(v);
+        sqlite3ExprIfFalse(pSubParse, pWhen, iEndTrigger, SQLITE_JUMPIFNULL);
+      }
+      sqlite3ExprDelete(db, pWhen);
+    }
+
+    /* Code the trigger program into the sub-vdbe. */
+    codeTriggerProgram(pSubParse, pTrigger->step_list, orconf);
+
+    /* Insert an OP_Halt at the end of the sub-program. */
+    if( iEndTrigger ){
+      sqlite3VdbeResolveLabel(v, iEndTrigger);
+    }
+    sqlite3VdbeAddOp0(v, OP_Halt);
+    VdbeComment((v, "End: %s.%s", pTrigger->zName, onErrorText(orconf)));
+
+    transferParseError(pParse, pSubParse);
+    if( db->mallocFailed==0 ){
+      pProgram->aOp = sqlite3VdbeTakeOpArray(v, &pProgram->nOp, &pTop->nMaxArg);
+    }
+    pProgram->nMem = pSubParse->nMem;
+    pProgram->nCsr = pSubParse->nTab;
+    pProgram->nOnce = pSubParse->nOnce;
+    pProgram->token = (void *)pTrigger;
+    pPrg->aColmask[0] = pSubParse->oldmask;
+    pPrg->aColmask[1] = pSubParse->newmask;
+    sqlite3VdbeDelete(v);
+  }
+
+  assert( !pSubParse->pAinc       && !pSubParse->pZombieTab );
+  assert( !pSubParse->pTriggerPrg && !pSubParse->nMaxArg );
+  sqlite3ParserReset(pSubParse);
+  sqlite3StackFree(db, pSubParse);
+
+  return pPrg;
+}
+    
+/*
+** Return a pointer to a TriggerPrg object containing the sub-program for
+** trigger pTrigger with default ON CONFLICT algorithm orconf. If no such
+** TriggerPrg object exists, a new object is allocated and populated before
+** being returned.
+*/
+static TriggerPrg *getRowTrigger(
+  Parse *pParse,       /* Current parse context */
+  Trigger *pTrigger,   /* Trigger to code */
+  Table *pTab,         /* The table trigger pTrigger is attached to */
+  int orconf           /* ON CONFLICT algorithm. */
+){
+  Parse *pRoot = sqlite3ParseToplevel(pParse);
+  TriggerPrg *pPrg;
+
+  assert( pTrigger->zName==0 || pTab==tableOfTrigger(pTrigger) );
+
+  /* It may be that this trigger has already been coded (or is in the
+  ** process of being coded). If this is the case, then an entry with
+  ** a matching TriggerPrg.pTrigger field will be present somewhere
+  ** in the Parse.pTriggerPrg list. Search for such an entry.  */
+  for(pPrg=pRoot->pTriggerPrg; 
+      pPrg && (pPrg->pTrigger!=pTrigger || pPrg->orconf!=orconf); 
+      pPrg=pPrg->pNext
+  );
+
+  /* If an existing TriggerPrg could not be located, create a new one. */
+  if( !pPrg ){
+    pPrg = codeRowTrigger(pParse, pTrigger, pTab, orconf);
+  }
+
+  return pPrg;
+}
+
+/*
+** Generate code for the trigger program associated with trigger p on 
+** table pTab. The reg, orconf and ignoreJump parameters passed to this
+** function are the same as those described in the header function for
+** sqlite3CodeRowTrigger()
+*/
+SQLITE_PRIVATE void sqlite3CodeRowTriggerDirect(
+  Parse *pParse,       /* Parse context */
+  Trigger *p,          /* Trigger to code */
+  Table *pTab,         /* The table to code triggers from */
+  int reg,             /* Reg array containing OLD.* and NEW.* values */
+  int orconf,          /* ON CONFLICT policy */
+  int ignoreJump       /* Instruction to jump to for RAISE(IGNORE) */
+){
+  Vdbe *v = sqlite3GetVdbe(pParse); /* Main VM */
+  TriggerPrg *pPrg;
+  pPrg = getRowTrigger(pParse, p, pTab, orconf);
+  assert( pPrg || pParse->nErr || pParse->db->mallocFailed );
+
+  /* Code the OP_Program opcode in the parent VDBE. P4 of the OP_Program 
+  ** is a pointer to the sub-vdbe containing the trigger program.  */
+  if( pPrg ){
+    int bRecursive = (p->zName && 0==(pParse->db->flags&SQLITE_RecTriggers));
+
+    sqlite3VdbeAddOp3(v, OP_Program, reg, ignoreJump, ++pParse->nMem);
+    sqlite3VdbeChangeP4(v, -1, (const char *)pPrg->pProgram, P4_SUBPROGRAM);
+    VdbeComment(
+        (v, "Call: %s.%s", (p->zName?p->zName:"fkey"), onErrorText(orconf)));
+
+    /* Set the P5 operand of the OP_Program instruction to non-zero if
+    ** recursive invocation of this trigger program is disallowed. Recursive
+    ** invocation is disallowed if (a) the sub-program is really a trigger,
+    ** not a foreign key action, and (b) the flag to enable recursive triggers
+    ** is clear.  */
+    sqlite3VdbeChangeP5(v, (u8)bRecursive);
+  }
+}
+
+/*
+** This is called to code the required FOR EACH ROW triggers for an operation
+** on table pTab. The operation to code triggers for (INSERT, UPDATE or DELETE)
+** is given by the op parameter. The tr_tm parameter determines whether the
+** BEFORE or AFTER triggers are coded. If the operation is an UPDATE, then
+** parameter pChanges is passed the list of columns being modified.
+**
+** If there are no triggers that fire at the specified time for the specified
+** operation on pTab, this function is a no-op.
+**
+** The reg argument is the address of the first in an array of registers 
+** that contain the values substituted for the new.* and old.* references
+** in the trigger program. If N is the number of columns in table pTab
+** (a copy of pTab->nCol), then registers are populated as follows:
+**
+**   Register       Contains
+**   ------------------------------------------------------
+**   reg+0          OLD.rowid
+**   reg+1          OLD.* value of left-most column of pTab
+**   ...            ...
+**   reg+N          OLD.* value of right-most column of pTab
+**   reg+N+1        NEW.rowid
+**   reg+N+2        OLD.* value of left-most column of pTab
+**   ...            ...
+**   reg+N+N+1      NEW.* value of right-most column of pTab
+**
+** For ON DELETE triggers, the registers containing the NEW.* values will
+** never be accessed by the trigger program, so they are not allocated or 
+** populated by the caller (there is no data to populate them with anyway). 
+** Similarly, for ON INSERT triggers the values stored in the OLD.* registers
+** are never accessed, and so are not allocated by the caller. So, for an
+** ON INSERT trigger, the value passed to this function as parameter reg
+** is not a readable register, although registers (reg+N) through 
+** (reg+N+N+1) are.
+**
+** Parameter orconf is the default conflict resolution algorithm for the
+** trigger program to use (REPLACE, IGNORE etc.). Parameter ignoreJump
+** is the instruction that control should jump to if a trigger program
+** raises an IGNORE exception.
+*/
+SQLITE_PRIVATE void sqlite3CodeRowTrigger(
+  Parse *pParse,       /* Parse context */
+  Trigger *pTrigger,   /* List of triggers on table pTab */
+  int op,              /* One of TK_UPDATE, TK_INSERT, TK_DELETE */
+  ExprList *pChanges,  /* Changes list for any UPDATE OF triggers */
+  int tr_tm,           /* One of TRIGGER_BEFORE, TRIGGER_AFTER */
+  Table *pTab,         /* The table to code triggers from */
+  int reg,             /* The first in an array of registers (see above) */
+  int orconf,          /* ON CONFLICT policy */
+  int ignoreJump       /* Instruction to jump to for RAISE(IGNORE) */
+){
+  Trigger *p;          /* Used to iterate through pTrigger list */
+
+  assert( op==TK_UPDATE || op==TK_INSERT || op==TK_DELETE );
+  assert( tr_tm==TRIGGER_BEFORE || tr_tm==TRIGGER_AFTER );
+  assert( (op==TK_UPDATE)==(pChanges!=0) );
+
+  for(p=pTrigger; p; p=p->pNext){
+
+    /* Sanity checking:  The schema for the trigger and for the table are
+    ** always defined.  The trigger must be in the same schema as the table
+    ** or else it must be a TEMP trigger. */
+    assert( p->pSchema!=0 );
+    assert( p->pTabSchema!=0 );
+    assert( p->pSchema==p->pTabSchema 
+         || p->pSchema==pParse->db->aDb[1].pSchema );
+
+    /* Determine whether we should code this trigger */
+    if( p->op==op 
+     && p->tr_tm==tr_tm 
+     && checkColumnOverlap(p->pColumns, pChanges)
+    ){
+      sqlite3CodeRowTriggerDirect(pParse, p, pTab, reg, orconf, ignoreJump);
+    }
+  }
+}
+
+/*
+** Triggers may access values stored in the old.* or new.* pseudo-table. 
+** This function returns a 32-bit bitmask indicating which columns of the 
+** old.* or new.* tables actually are used by triggers. This information 
+** may be used by the caller, for example, to avoid having to load the entire
+** old.* record into memory when executing an UPDATE or DELETE command.
+**
+** Bit 0 of the returned mask is set if the left-most column of the
+** table may be accessed using an [old|new].<col> reference. Bit 1 is set if
+** the second leftmost column value is required, and so on. If there
+** are more than 32 columns in the table, and at least one of the columns
+** with an index greater than 32 may be accessed, 0xffffffff is returned.
+**
+** It is not possible to determine if the old.rowid or new.rowid column is 
+** accessed by triggers. The caller must always assume that it is.
+**
+** Parameter isNew must be either 1 or 0. If it is 0, then the mask returned
+** applies to the old.* table. If 1, the new.* table.
+**
+** Parameter tr_tm must be a mask with one or both of the TRIGGER_BEFORE
+** and TRIGGER_AFTER bits set. Values accessed by BEFORE triggers are only
+** included in the returned mask if the TRIGGER_BEFORE bit is set in the
+** tr_tm parameter. Similarly, values accessed by AFTER triggers are only
+** included in the returned mask if the TRIGGER_AFTER bit is set in tr_tm.
+*/
+SQLITE_PRIVATE u32 sqlite3TriggerColmask(
+  Parse *pParse,       /* Parse context */
+  Trigger *pTrigger,   /* List of triggers on table pTab */
+  ExprList *pChanges,  /* Changes list for any UPDATE OF triggers */
+  int isNew,           /* 1 for new.* ref mask, 0 for old.* ref mask */
+  int tr_tm,           /* Mask of TRIGGER_BEFORE|TRIGGER_AFTER */
+  Table *pTab,         /* The table to code triggers from */
+  int orconf           /* Default ON CONFLICT policy for trigger steps */
+){
+  const int op = pChanges ? TK_UPDATE : TK_DELETE;
+  u32 mask = 0;
+  Trigger *p;
+
+  assert( isNew==1 || isNew==0 );
+  for(p=pTrigger; p; p=p->pNext){
+    if( p->op==op && (tr_tm&p->tr_tm)
+     && checkColumnOverlap(p->pColumns,pChanges)
+    ){
+      TriggerPrg *pPrg;
+      pPrg = getRowTrigger(pParse, p, pTab, orconf);
+      if( pPrg ){
+        mask |= pPrg->aColmask[isNew];
+      }
+    }
+  }
+
+  return mask;
+}
+
+#endif /* !defined(SQLITE_OMIT_TRIGGER) */
+
+/************** End of trigger.c *********************************************/
+/************** Begin file update.c ******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains C code routines that are called by the parser
+** to handle UPDATE statements.
+*/
+/* #include "sqliteInt.h" */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* Forward declaration */
+static void updateVirtualTable(
+  Parse *pParse,       /* The parsing context */
+  SrcList *pSrc,       /* The virtual table to be modified */
+  Table *pTab,         /* The virtual table */
+  ExprList *pChanges,  /* The columns to change in the UPDATE statement */
+  Expr *pRowidExpr,    /* Expression used to recompute the rowid */
+  int *aXRef,          /* Mapping from columns of pTab to entries in pChanges */
+  Expr *pWhere,        /* WHERE clause of the UPDATE statement */
+  int onError          /* ON CONFLICT strategy */
+);
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/*
+** The most recently coded instruction was an OP_Column to retrieve the
+** i-th column of table pTab. This routine sets the P4 parameter of the 
+** OP_Column to the default value, if any.
+**
+** The default value of a column is specified by a DEFAULT clause in the 
+** column definition. This was either supplied by the user when the table
+** was created, or added later to the table definition by an ALTER TABLE
+** command. If the latter, then the row-records in the table btree on disk
+** may not contain a value for the column and the default value, taken
+** from the P4 parameter of the OP_Column instruction, is returned instead.
+** If the former, then all row-records are guaranteed to include a value
+** for the column and the P4 value is not required.
+**
+** Column definitions created by an ALTER TABLE command may only have 
+** literal default values specified: a number, null or a string. (If a more
+** complicated default expression value was provided, it is evaluated 
+** when the ALTER TABLE is executed and one of the literal values written
+** into the sqlite_master table.)
+**
+** Therefore, the P4 parameter is only required if the default value for
+** the column is a literal number, string or null. The sqlite3ValueFromExpr()
+** function is capable of transforming these types of expressions into
+** sqlite3_value objects.
+**
+** If parameter iReg is not negative, code an OP_RealAffinity instruction
+** on register iReg. This is used when an equivalent integer value is 
+** stored in place of an 8-byte floating point value in order to save 
+** space.
+*/
+SQLITE_PRIVATE void sqlite3ColumnDefault(Vdbe *v, Table *pTab, int i, int iReg){
+  assert( pTab!=0 );
+  if( !pTab->pSelect ){
+    sqlite3_value *pValue = 0;
+    u8 enc = ENC(sqlite3VdbeDb(v));
+    Column *pCol = &pTab->aCol[i];
+    VdbeComment((v, "%s.%s", pTab->zName, pCol->zName));
+    assert( i<pTab->nCol );
+    sqlite3ValueFromExpr(sqlite3VdbeDb(v), pCol->pDflt, enc, 
+                         pCol->affinity, &pValue);
+    if( pValue ){
+      sqlite3VdbeChangeP4(v, -1, (const char *)pValue, P4_MEM);
+    }
+#ifndef SQLITE_OMIT_FLOATING_POINT
+    if( pTab->aCol[i].affinity==SQLITE_AFF_REAL ){
+      sqlite3VdbeAddOp1(v, OP_RealAffinity, iReg);
+    }
+#endif
+  }
+}
+
+/*
+** Process an UPDATE statement.
+**
+**   UPDATE OR IGNORE table_wxyz SET a=b, c=d WHERE e<5 AND f NOT NULL;
+**          \_______/ \________/     \______/       \________________/
+*            onError   pTabList      pChanges             pWhere
+*/
+SQLITE_PRIVATE void sqlite3Update(
+  Parse *pParse,         /* The parser context */
+  SrcList *pTabList,     /* The table in which we should change things */
+  ExprList *pChanges,    /* Things to be changed */
+  Expr *pWhere,          /* The WHERE clause.  May be null */
+  int onError            /* How to handle constraint errors */
+){
+  int i, j;              /* Loop counters */
+  Table *pTab;           /* The table to be updated */
+  int addrTop = 0;       /* VDBE instruction address of the start of the loop */
+  WhereInfo *pWInfo;     /* Information about the WHERE clause */
+  Vdbe *v;               /* The virtual database engine */
+  Index *pIdx;           /* For looping over indices */
+  Index *pPk;            /* The PRIMARY KEY index for WITHOUT ROWID tables */
+  int nIdx;              /* Number of indices that need updating */
+  int iBaseCur;          /* Base cursor number */
+  int iDataCur;          /* Cursor for the canonical data btree */
+  int iIdxCur;           /* Cursor for the first index */
+  sqlite3 *db;           /* The database structure */
+  int *aRegIdx = 0;      /* One register assigned to each index to be updated */
+  int *aXRef = 0;        /* aXRef[i] is the index in pChanges->a[] of the
+                         ** an expression for the i-th column of the table.
+                         ** aXRef[i]==-1 if the i-th column is not changed. */
+  u8 *aToOpen;           /* 1 for tables and indices to be opened */
+  u8 chngPk;             /* PRIMARY KEY changed in a WITHOUT ROWID table */
+  u8 chngRowid;          /* Rowid changed in a normal table */
+  u8 chngKey;            /* Either chngPk or chngRowid */
+  Expr *pRowidExpr = 0;  /* Expression defining the new record number */
+  AuthContext sContext;  /* The authorization context */
+  NameContext sNC;       /* The name-context to resolve expressions in */
+  int iDb;               /* Database containing the table being updated */
+  int okOnePass;         /* True for one-pass algorithm without the FIFO */
+  int hasFK;             /* True if foreign key processing is required */
+  int labelBreak;        /* Jump here to break out of UPDATE loop */
+  int labelContinue;     /* Jump here to continue next step of UPDATE loop */
+
+#ifndef SQLITE_OMIT_TRIGGER
+  int isView;            /* True when updating a view (INSTEAD OF trigger) */
+  Trigger *pTrigger;     /* List of triggers on pTab, if required */
+  int tmask;             /* Mask of TRIGGER_BEFORE|TRIGGER_AFTER */
+#endif
+  int newmask;           /* Mask of NEW.* columns accessed by BEFORE triggers */
+  int iEph = 0;          /* Ephemeral table holding all primary key values */
+  int nKey = 0;          /* Number of elements in regKey for WITHOUT ROWID */
+  int aiCurOnePass[2];   /* The write cursors opened by WHERE_ONEPASS */
+
+  /* Register Allocations */
+  int regRowCount = 0;   /* A count of rows changed */
+  int regOldRowid = 0;   /* The old rowid */
+  int regNewRowid = 0;   /* The new rowid */
+  int regNew = 0;        /* Content of the NEW.* table in triggers */
+  int regOld = 0;        /* Content of OLD.* table in triggers */
+  int regRowSet = 0;     /* Rowset of rows to be updated */
+  int regKey = 0;        /* composite PRIMARY KEY value */
+
+  memset(&sContext, 0, sizeof(sContext));
+  db = pParse->db;
+  if( pParse->nErr || db->mallocFailed ){
+    goto update_cleanup;
+  }
+  assert( pTabList->nSrc==1 );
+
+  /* Locate the table which we want to update. 
+  */
+  pTab = sqlite3SrcListLookup(pParse, pTabList);
+  if( pTab==0 ) goto update_cleanup;
+  iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
+
+  /* Figure out if we have any triggers and if the table being
+  ** updated is a view.
+  */
+#ifndef SQLITE_OMIT_TRIGGER
+  pTrigger = sqlite3TriggersExist(pParse, pTab, TK_UPDATE, pChanges, &tmask);
+  isView = pTab->pSelect!=0;
+  assert( pTrigger || tmask==0 );
+#else
+# define pTrigger 0
+# define isView 0
+# define tmask 0
+#endif
+#ifdef SQLITE_OMIT_VIEW
+# undef isView
+# define isView 0
+#endif
+
+  if( sqlite3ViewGetColumnNames(pParse, pTab) ){
+    goto update_cleanup;
+  }
+  if( sqlite3IsReadOnly(pParse, pTab, tmask) ){
+    goto update_cleanup;
+  }
+
+  /* Allocate a cursors for the main database table and for all indices.
+  ** The index cursors might not be used, but if they are used they
+  ** need to occur right after the database cursor.  So go ahead and
+  ** allocate enough space, just in case.
+  */
+  pTabList->a[0].iCursor = iBaseCur = iDataCur = pParse->nTab++;
+  iIdxCur = iDataCur+1;
+  pPk = HasRowid(pTab) ? 0 : sqlite3PrimaryKeyIndex(pTab);
+  for(nIdx=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, nIdx++){
+    if( IsPrimaryKeyIndex(pIdx) && pPk!=0 ){
+      iDataCur = pParse->nTab;
+      pTabList->a[0].iCursor = iDataCur;
+    }
+    pParse->nTab++;
+  }
+
+  /* Allocate space for aXRef[], aRegIdx[], and aToOpen[].  
+  ** Initialize aXRef[] and aToOpen[] to their default values.
+  */
+  aXRef = sqlite3DbMallocRaw(db, sizeof(int) * (pTab->nCol+nIdx) + nIdx+2 );
+  if( aXRef==0 ) goto update_cleanup;
+  aRegIdx = aXRef+pTab->nCol;
+  aToOpen = (u8*)(aRegIdx+nIdx);
+  memset(aToOpen, 1, nIdx+1);
+  aToOpen[nIdx+1] = 0;
+  for(i=0; i<pTab->nCol; i++) aXRef[i] = -1;
+
+  /* Initialize the name-context */
+  memset(&sNC, 0, sizeof(sNC));
+  sNC.pParse = pParse;
+  sNC.pSrcList = pTabList;
+
+  /* Resolve the column names in all the expressions of the
+  ** of the UPDATE statement.  Also find the column index
+  ** for each column to be updated in the pChanges array.  For each
+  ** column to be updated, make sure we have authorization to change
+  ** that column.
+  */
+  chngRowid = chngPk = 0;
+  for(i=0; i<pChanges->nExpr; i++){
+    if( sqlite3ResolveExprNames(&sNC, pChanges->a[i].pExpr) ){
+      goto update_cleanup;
+    }
+    for(j=0; j<pTab->nCol; j++){
+      if( sqlite3StrICmp(pTab->aCol[j].zName, pChanges->a[i].zName)==0 ){
+        if( j==pTab->iPKey ){
+          chngRowid = 1;
+          pRowidExpr = pChanges->a[i].pExpr;
+        }else if( pPk && (pTab->aCol[j].colFlags & COLFLAG_PRIMKEY)!=0 ){
+          chngPk = 1;
+        }
+        aXRef[j] = i;
+        break;
+      }
+    }
+    if( j>=pTab->nCol ){
+      if( pPk==0 && sqlite3IsRowid(pChanges->a[i].zName) ){
+        j = -1;
+        chngRowid = 1;
+        pRowidExpr = pChanges->a[i].pExpr;
+      }else{
+        sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
+        pParse->checkSchema = 1;
+        goto update_cleanup;
+      }
+    }
+#ifndef SQLITE_OMIT_AUTHORIZATION
+    {
+      int rc;
+      rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,
+                            j<0 ? "ROWID" : pTab->aCol[j].zName,
+                            db->aDb[iDb].zName);
+      if( rc==SQLITE_DENY ){
+        goto update_cleanup;
+      }else if( rc==SQLITE_IGNORE ){
+        aXRef[j] = -1;
+      }
+    }
+#endif
+  }
+  assert( (chngRowid & chngPk)==0 );
+  assert( chngRowid==0 || chngRowid==1 );
+  assert( chngPk==0 || chngPk==1 );
+  chngKey = chngRowid + chngPk;
+
+  /* The SET expressions are not actually used inside the WHERE loop.  
+  ** So reset the colUsed mask. Unless this is a virtual table. In that
+  ** case, set all bits of the colUsed mask (to ensure that the virtual
+  ** table implementation makes all columns available).
+  */
+  pTabList->a[0].colUsed = IsVirtual(pTab) ? (Bitmask)-1 : 0;
+
+  hasFK = sqlite3FkRequired(pParse, pTab, aXRef, chngKey);
+
+  /* There is one entry in the aRegIdx[] array for each index on the table
+  ** being updated.  Fill in aRegIdx[] with a register number that will hold
+  ** the key for accessing each index.
+  **
+  ** FIXME:  Be smarter about omitting indexes that use expressions.
+  */
+  for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
+    int reg;
+    if( chngKey || hasFK || pIdx->pPartIdxWhere || pIdx==pPk ){
+      reg = ++pParse->nMem;
+    }else{
+      reg = 0;
+      for(i=0; i<pIdx->nKeyCol; i++){
+        i16 iIdxCol = pIdx->aiColumn[i];
+        if( iIdxCol<0 || aXRef[iIdxCol]>=0 ){
+          reg = ++pParse->nMem;
+          break;
+        }
+      }
+    }
+    if( reg==0 ) aToOpen[j+1] = 0;
+    aRegIdx[j] = reg;
+  }
+
+  /* Begin generating code. */
+  v = sqlite3GetVdbe(pParse);
+  if( v==0 ) goto update_cleanup;
+  if( pParse->nested==0 ) sqlite3VdbeCountChanges(v);
+  sqlite3BeginWriteOperation(pParse, 1, iDb);
+
+  /* Allocate required registers. */
+  if( !IsVirtual(pTab) ){
+    regRowSet = ++pParse->nMem;
+    regOldRowid = regNewRowid = ++pParse->nMem;
+    if( chngPk || pTrigger || hasFK ){
+      regOld = pParse->nMem + 1;
+      pParse->nMem += pTab->nCol;
+    }
+    if( chngKey || pTrigger || hasFK ){
+      regNewRowid = ++pParse->nMem;
+    }
+    regNew = pParse->nMem + 1;
+    pParse->nMem += pTab->nCol;
+  }
+
+  /* Start the view context. */
+  if( isView ){
+    sqlite3AuthContextPush(pParse, &sContext, pTab->zName);
+  }
+
+  /* If we are trying to update a view, realize that view into
+  ** an ephemeral table.
+  */
+#if !defined(SQLITE_OMIT_VIEW) && !defined(SQLITE_OMIT_TRIGGER)
+  if( isView ){
+    sqlite3MaterializeView(pParse, pTab, pWhere, iDataCur);
+  }
+#endif
+
+  /* Resolve the column names in all the expressions in the
+  ** WHERE clause.
+  */
+  if( sqlite3ResolveExprNames(&sNC, pWhere) ){
+    goto update_cleanup;
+  }
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  /* Virtual tables must be handled separately */
+  if( IsVirtual(pTab) ){
+    updateVirtualTable(pParse, pTabList, pTab, pChanges, pRowidExpr, aXRef,
+                       pWhere, onError);
+    goto update_cleanup;
+  }
+#endif
+
+  /* Begin the database scan
+  */
+  if( HasRowid(pTab) ){
+    sqlite3VdbeAddOp3(v, OP_Null, 0, regRowSet, regOldRowid);
+    pWInfo = sqlite3WhereBegin(
+        pParse, pTabList, pWhere, 0, 0, WHERE_ONEPASS_DESIRED, iIdxCur
+    );
+    if( pWInfo==0 ) goto update_cleanup;
+    okOnePass = sqlite3WhereOkOnePass(pWInfo, aiCurOnePass);
+  
+    /* Remember the rowid of every item to be updated.
+    */
+    sqlite3VdbeAddOp2(v, OP_Rowid, iDataCur, regOldRowid);
+    if( !okOnePass ){
+      sqlite3VdbeAddOp2(v, OP_RowSetAdd, regRowSet, regOldRowid);
+    }
+  
+    /* End the database scan loop.
+    */
+    sqlite3WhereEnd(pWInfo);
+  }else{
+    int iPk;         /* First of nPk memory cells holding PRIMARY KEY value */
+    i16 nPk;         /* Number of components of the PRIMARY KEY */
+    int addrOpen;    /* Address of the OpenEphemeral instruction */
+
+    assert( pPk!=0 );
+    nPk = pPk->nKeyCol;
+    iPk = pParse->nMem+1;
+    pParse->nMem += nPk;
+    regKey = ++pParse->nMem;
+    iEph = pParse->nTab++;
+    sqlite3VdbeAddOp2(v, OP_Null, 0, iPk);
+    addrOpen = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, iEph, nPk);
+    sqlite3VdbeSetP4KeyInfo(pParse, pPk);
+    pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, 0, 0, 
+                               WHERE_ONEPASS_DESIRED, iIdxCur);
+    if( pWInfo==0 ) goto update_cleanup;
+    okOnePass = sqlite3WhereOkOnePass(pWInfo, aiCurOnePass);
+    for(i=0; i<nPk; i++){
+      assert( pPk->aiColumn[i]>=0 );
+      sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, pPk->aiColumn[i],
+                                      iPk+i);
+    }
+    if( okOnePass ){
+      sqlite3VdbeChangeToNoop(v, addrOpen);
+      nKey = nPk;
+      regKey = iPk;
+    }else{
+      sqlite3VdbeAddOp4(v, OP_MakeRecord, iPk, nPk, regKey,
+                        sqlite3IndexAffinityStr(db, pPk), nPk);
+      sqlite3VdbeAddOp2(v, OP_IdxInsert, iEph, regKey);
+    }
+    sqlite3WhereEnd(pWInfo);
+  }
+
+  /* Initialize the count of updated rows
+  */
+  if( (db->flags & SQLITE_CountRows) && !pParse->pTriggerTab ){
+    regRowCount = ++pParse->nMem;
+    sqlite3VdbeAddOp2(v, OP_Integer, 0, regRowCount);
+  }
+
+  labelBreak = sqlite3VdbeMakeLabel(v);
+  if( !isView ){
+    /* 
+    ** Open every index that needs updating.  Note that if any
+    ** index could potentially invoke a REPLACE conflict resolution 
+    ** action, then we need to open all indices because we might need
+    ** to be deleting some records.
+    */
+    if( onError==OE_Replace ){
+      memset(aToOpen, 1, nIdx+1);
+    }else{
+      for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+        if( pIdx->onError==OE_Replace ){
+          memset(aToOpen, 1, nIdx+1);
+          break;
+        }
+      }
+    }
+    if( okOnePass ){
+      if( aiCurOnePass[0]>=0 ) aToOpen[aiCurOnePass[0]-iBaseCur] = 0;
+      if( aiCurOnePass[1]>=0 ) aToOpen[aiCurOnePass[1]-iBaseCur] = 0;
+    }
+    sqlite3OpenTableAndIndices(pParse, pTab, OP_OpenWrite, 0, iBaseCur, aToOpen,
+                               0, 0);
+  }
+
+  /* Top of the update loop */
+  if( okOnePass ){
+    if( aToOpen[iDataCur-iBaseCur] && !isView ){
+      assert( pPk );
+      sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelBreak, regKey, nKey);
+      VdbeCoverageNeverTaken(v);
+    }
+    labelContinue = labelBreak;
+    sqlite3VdbeAddOp2(v, OP_IsNull, pPk ? regKey : regOldRowid, labelBreak);
+    VdbeCoverageIf(v, pPk==0);
+    VdbeCoverageIf(v, pPk!=0);
+  }else if( pPk ){
+    labelContinue = sqlite3VdbeMakeLabel(v);
+    sqlite3VdbeAddOp2(v, OP_Rewind, iEph, labelBreak); VdbeCoverage(v);
+    addrTop = sqlite3VdbeAddOp2(v, OP_RowKey, iEph, regKey);
+    sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelContinue, regKey, 0);
+    VdbeCoverage(v);
+  }else{
+    labelContinue = sqlite3VdbeAddOp3(v, OP_RowSetRead, regRowSet, labelBreak,
+                             regOldRowid);
+    VdbeCoverage(v);
+    sqlite3VdbeAddOp3(v, OP_NotExists, iDataCur, labelContinue, regOldRowid);
+    VdbeCoverage(v);
+  }
+
+  /* If the record number will change, set register regNewRowid to
+  ** contain the new value. If the record number is not being modified,
+  ** then regNewRowid is the same register as regOldRowid, which is
+  ** already populated.  */
+  assert( chngKey || pTrigger || hasFK || regOldRowid==regNewRowid );
+  if( chngRowid ){
+    sqlite3ExprCode(pParse, pRowidExpr, regNewRowid);
+    sqlite3VdbeAddOp1(v, OP_MustBeInt, regNewRowid); VdbeCoverage(v);
+  }
+
+  /* Compute the old pre-UPDATE content of the row being changed, if that
+  ** information is needed */
+  if( chngPk || hasFK || pTrigger ){
+    u32 oldmask = (hasFK ? sqlite3FkOldmask(pParse, pTab) : 0);
+    oldmask |= sqlite3TriggerColmask(pParse, 
+        pTrigger, pChanges, 0, TRIGGER_BEFORE|TRIGGER_AFTER, pTab, onError
+    );
+    for(i=0; i<pTab->nCol; i++){
+      if( oldmask==0xffffffff
+       || (i<32 && (oldmask & MASKBIT32(i))!=0)
+       || (pTab->aCol[i].colFlags & COLFLAG_PRIMKEY)!=0
+      ){
+        testcase(  oldmask!=0xffffffff && i==31 );
+        sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, i, regOld+i);
+      }else{
+        sqlite3VdbeAddOp2(v, OP_Null, 0, regOld+i);
+      }
+    }
+    if( chngRowid==0 && pPk==0 ){
+      sqlite3VdbeAddOp2(v, OP_Copy, regOldRowid, regNewRowid);
+    }
+  }
+
+  /* Populate the array of registers beginning at regNew with the new
+  ** row data. This array is used to check constants, create the new
+  ** table and index records, and as the values for any new.* references
+  ** made by triggers.
+  **
+  ** If there are one or more BEFORE triggers, then do not populate the
+  ** registers associated with columns that are (a) not modified by
+  ** this UPDATE statement and (b) not accessed by new.* references. The
+  ** values for registers not modified by the UPDATE must be reloaded from 
+  ** the database after the BEFORE triggers are fired anyway (as the trigger 
+  ** may have modified them). So not loading those that are not going to
+  ** be used eliminates some redundant opcodes.
+  */
+  newmask = sqlite3TriggerColmask(
+      pParse, pTrigger, pChanges, 1, TRIGGER_BEFORE, pTab, onError
+  );
+  for(i=0; i<pTab->nCol; i++){
+    if( i==pTab->iPKey ){
+      sqlite3VdbeAddOp2(v, OP_Null, 0, regNew+i);
+    }else{
+      j = aXRef[i];
+      if( j>=0 ){
+        sqlite3ExprCode(pParse, pChanges->a[j].pExpr, regNew+i);
+      }else if( 0==(tmask&TRIGGER_BEFORE) || i>31 || (newmask & MASKBIT32(i)) ){
+        /* This branch loads the value of a column that will not be changed 
+        ** into a register. This is done if there are no BEFORE triggers, or
+        ** if there are one or more BEFORE triggers that use this value via
+        ** a new.* reference in a trigger program.
+        */
+        testcase( i==31 );
+        testcase( i==32 );
+        sqlite3ExprCodeGetColumnToReg(pParse, pTab, i, iDataCur, regNew+i);
+      }else{
+        sqlite3VdbeAddOp2(v, OP_Null, 0, regNew+i);
+      }
+    }
+  }
+
+  /* Fire any BEFORE UPDATE triggers. This happens before constraints are
+  ** verified. One could argue that this is wrong.
+  */
+  if( tmask&TRIGGER_BEFORE ){
+    sqlite3TableAffinity(v, pTab, regNew);
+    sqlite3CodeRowTrigger(pParse, pTrigger, TK_UPDATE, pChanges, 
+        TRIGGER_BEFORE, pTab, regOldRowid, onError, labelContinue);
+
+    /* The row-trigger may have deleted the row being updated. In this
+    ** case, jump to the next row. No updates or AFTER triggers are 
+    ** required. This behavior - what happens when the row being updated
+    ** is deleted or renamed by a BEFORE trigger - is left undefined in the
+    ** documentation.
+    */
+    if( pPk ){
+      sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelContinue,regKey,nKey);
+      VdbeCoverage(v);
+    }else{
+      sqlite3VdbeAddOp3(v, OP_NotExists, iDataCur, labelContinue, regOldRowid);
+      VdbeCoverage(v);
+    }
+
+    /* If it did not delete it, the row-trigger may still have modified 
+    ** some of the columns of the row being updated. Load the values for 
+    ** all columns not modified by the update statement into their 
+    ** registers in case this has happened.
+    */
+    for(i=0; i<pTab->nCol; i++){
+      if( aXRef[i]<0 && i!=pTab->iPKey ){
+        sqlite3ExprCodeGetColumnOfTable(v, pTab, iDataCur, i, regNew+i);
+      }
+    }
+  }
+
+  if( !isView ){
+    int addr1 = 0;        /* Address of jump instruction */
+    int bReplace = 0;     /* True if REPLACE conflict resolution might happen */
+
+    /* Do constraint checks. */
+    assert( regOldRowid>0 );
+    sqlite3GenerateConstraintChecks(pParse, pTab, aRegIdx, iDataCur, iIdxCur,
+        regNewRowid, regOldRowid, chngKey, onError, labelContinue, &bReplace);
+
+    /* Do FK constraint checks. */
+    if( hasFK ){
+      sqlite3FkCheck(pParse, pTab, regOldRowid, 0, aXRef, chngKey);
+    }
+
+    /* Delete the index entries associated with the current record.  */
+    if( bReplace || chngKey ){
+      if( pPk ){
+        addr1 = sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, 0, regKey, nKey);
+      }else{
+        addr1 = sqlite3VdbeAddOp3(v, OP_NotExists, iDataCur, 0, regOldRowid);
+      }
+      VdbeCoverageNeverTaken(v);
+    }
+    sqlite3GenerateRowIndexDelete(pParse, pTab, iDataCur, iIdxCur, aRegIdx, -1);
+  
+    /* If changing the record number, delete the old record.  */
+    if( hasFK || chngKey || pPk!=0 ){
+      sqlite3VdbeAddOp2(v, OP_Delete, iDataCur, 0);
+    }
+    if( bReplace || chngKey ){
+      sqlite3VdbeJumpHere(v, addr1);
+    }
+
+    if( hasFK ){
+      sqlite3FkCheck(pParse, pTab, 0, regNewRowid, aXRef, chngKey);
+    }
+  
+    /* Insert the new index entries and the new record. */
+    sqlite3CompleteInsertion(pParse, pTab, iDataCur, iIdxCur,
+                             regNewRowid, aRegIdx, 1, 0, 0);
+
+    /* Do any ON CASCADE, SET NULL or SET DEFAULT operations required to
+    ** handle rows (possibly in other tables) that refer via a foreign key
+    ** to the row just updated. */ 
+    if( hasFK ){
+      sqlite3FkActions(pParse, pTab, pChanges, regOldRowid, aXRef, chngKey);
+    }
+  }
+
+  /* Increment the row counter 
+  */
+  if( (db->flags & SQLITE_CountRows) && !pParse->pTriggerTab){
+    sqlite3VdbeAddOp2(v, OP_AddImm, regRowCount, 1);
+  }
+
+  sqlite3CodeRowTrigger(pParse, pTrigger, TK_UPDATE, pChanges, 
+      TRIGGER_AFTER, pTab, regOldRowid, onError, labelContinue);
+
+  /* Repeat the above with the next record to be updated, until
+  ** all record selected by the WHERE clause have been updated.
+  */
+  if( okOnePass ){
+    /* Nothing to do at end-of-loop for a single-pass */
+  }else if( pPk ){
+    sqlite3VdbeResolveLabel(v, labelContinue);
+    sqlite3VdbeAddOp2(v, OP_Next, iEph, addrTop); VdbeCoverage(v);
+  }else{
+    sqlite3VdbeGoto(v, labelContinue);
+  }
+  sqlite3VdbeResolveLabel(v, labelBreak);
+
+  /* Close all tables */
+  for(i=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, i++){
+    assert( aRegIdx );
+    if( aToOpen[i+1] ){
+      sqlite3VdbeAddOp2(v, OP_Close, iIdxCur+i, 0);
+    }
+  }
+  if( iDataCur<iIdxCur ) sqlite3VdbeAddOp2(v, OP_Close, iDataCur, 0);
+
+  /* Update the sqlite_sequence table by storing the content of the
+  ** maximum rowid counter values recorded while inserting into
+  ** autoincrement tables.
+  */
+  if( pParse->nested==0 && pParse->pTriggerTab==0 ){
+    sqlite3AutoincrementEnd(pParse);
+  }
+
+  /*
+  ** Return the number of rows that were changed. If this routine is 
+  ** generating code because of a call to sqlite3NestedParse(), do not
+  ** invoke the callback function.
+  */
+  if( (db->flags&SQLITE_CountRows) && !pParse->pTriggerTab && !pParse->nested ){
+    sqlite3VdbeAddOp2(v, OP_ResultRow, regRowCount, 1);
+    sqlite3VdbeSetNumCols(v, 1);
+    sqlite3VdbeSetColName(v, 0, COLNAME_NAME, "rows updated", SQLITE_STATIC);
+  }
+
+update_cleanup:
+  sqlite3AuthContextPop(&sContext);
+  sqlite3DbFree(db, aXRef); /* Also frees aRegIdx[] and aToOpen[] */
+  sqlite3SrcListDelete(db, pTabList);
+  sqlite3ExprListDelete(db, pChanges);
+  sqlite3ExprDelete(db, pWhere);
+  return;
+}
+/* Make sure "isView" and other macros defined above are undefined. Otherwise
+** they may interfere with compilation of other functions in this file
+** (or in another file, if this file becomes part of the amalgamation).  */
+#ifdef isView
+ #undef isView
+#endif
+#ifdef pTrigger
+ #undef pTrigger
+#endif
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/*
+** Generate code for an UPDATE of a virtual table.
+**
+** There are two possible strategies - the default and the special 
+** "onepass" strategy. Onepass is only used if the virtual table 
+** implementation indicates that pWhere may match at most one row.
+**
+** The default strategy is to create an ephemeral table that contains
+** for each row to be changed:
+**
+**   (A)  The original rowid of that row.
+**   (B)  The revised rowid for the row.
+**   (C)  The content of every column in the row.
+**
+** Then loop through the contents of this ephemeral table executing a
+** VUpdate for each row. When finished, drop the ephemeral table.
+**
+** The "onepass" strategy does not use an ephemeral table. Instead, it
+** stores the same values (A, B and C above) in a register array and
+** makes a single invocation of VUpdate.
+*/
+static void updateVirtualTable(
+  Parse *pParse,       /* The parsing context */
+  SrcList *pSrc,       /* The virtual table to be modified */
+  Table *pTab,         /* The virtual table */
+  ExprList *pChanges,  /* The columns to change in the UPDATE statement */
+  Expr *pRowid,        /* Expression used to recompute the rowid */
+  int *aXRef,          /* Mapping from columns of pTab to entries in pChanges */
+  Expr *pWhere,        /* WHERE clause of the UPDATE statement */
+  int onError          /* ON CONFLICT strategy */
+){
+  Vdbe *v = pParse->pVdbe;  /* Virtual machine under construction */
+  int ephemTab;             /* Table holding the result of the SELECT */
+  int i;                    /* Loop counter */
+  sqlite3 *db = pParse->db; /* Database connection */
+  const char *pVTab = (const char*)sqlite3GetVTable(db, pTab);
+  WhereInfo *pWInfo;
+  int nArg = 2 + pTab->nCol;      /* Number of arguments to VUpdate */
+  int regArg;                     /* First register in VUpdate arg array */
+  int regRec;                     /* Register in which to assemble record */
+  int regRowid;                   /* Register for ephem table rowid */
+  int iCsr = pSrc->a[0].iCursor;  /* Cursor used for virtual table scan */
+  int aDummy[2];                  /* Unused arg for sqlite3WhereOkOnePass() */
+  int bOnePass;                   /* True to use onepass strategy */
+  int addr;                       /* Address of OP_OpenEphemeral */
+
+  /* Allocate nArg registers to martial the arguments to VUpdate. Then
+  ** create and open the ephemeral table in which the records created from
+  ** these arguments will be temporarily stored. */
+  assert( v );
+  ephemTab = pParse->nTab++;
+  addr= sqlite3VdbeAddOp2(v, OP_OpenEphemeral, ephemTab, nArg);
+  regArg = pParse->nMem + 1;
+  pParse->nMem += nArg;
+  regRec = ++pParse->nMem;
+  regRowid = ++pParse->nMem;
+
+  /* Start scanning the virtual table */
+  pWInfo = sqlite3WhereBegin(pParse, pSrc, pWhere, 0,0,WHERE_ONEPASS_DESIRED,0);
+  if( pWInfo==0 ) return;
+
+  /* Populate the argument registers. */
+  sqlite3VdbeAddOp2(v, OP_Rowid, iCsr, regArg);
+  if( pRowid ){
+    sqlite3ExprCode(pParse, pRowid, regArg+1);
+  }else{
+    sqlite3VdbeAddOp2(v, OP_Rowid, iCsr, regArg+1);
+  }
+  for(i=0; i<pTab->nCol; i++){
+    if( aXRef[i]>=0 ){
+      sqlite3ExprCode(pParse, pChanges->a[aXRef[i]].pExpr, regArg+2+i);
+    }else{
+      sqlite3VdbeAddOp3(v, OP_VColumn, iCsr, i, regArg+2+i);
+    }
+  }
+
+  bOnePass = sqlite3WhereOkOnePass(pWInfo, aDummy);
+
+  if( bOnePass ){
+    /* If using the onepass strategy, no-op out the OP_OpenEphemeral coded
+    ** above. Also, if this is a top-level parse (not a trigger), clear the
+    ** multi-write flag so that the VM does not open a statement journal */
+    sqlite3VdbeChangeToNoop(v, addr);
+    if( sqlite3IsToplevel(pParse) ){
+      pParse->isMultiWrite = 0;
+    }
+  }else{
+    /* Create a record from the argument register contents and insert it into
+    ** the ephemeral table. */
+    sqlite3VdbeAddOp3(v, OP_MakeRecord, regArg, nArg, regRec);
+    sqlite3VdbeAddOp2(v, OP_NewRowid, ephemTab, regRowid);
+    sqlite3VdbeAddOp3(v, OP_Insert, ephemTab, regRec, regRowid);
+  }
+
+
+  if( bOnePass==0 ){
+    /* End the virtual table scan */
+    sqlite3WhereEnd(pWInfo);
+
+    /* Begin scannning through the ephemeral table. */
+    addr = sqlite3VdbeAddOp1(v, OP_Rewind, ephemTab); VdbeCoverage(v);
+
+    /* Extract arguments from the current row of the ephemeral table and 
+    ** invoke the VUpdate method.  */
+    for(i=0; i<nArg; i++){
+      sqlite3VdbeAddOp3(v, OP_Column, ephemTab, i, regArg+i);
+    }
+  }
+  sqlite3VtabMakeWritable(pParse, pTab);
+  sqlite3VdbeAddOp4(v, OP_VUpdate, 0, nArg, regArg, pVTab, P4_VTAB);
+  sqlite3VdbeChangeP5(v, onError==OE_Default ? OE_Abort : onError);
+  sqlite3MayAbort(pParse);
+
+  /* End of the ephemeral table scan. Or, if using the onepass strategy,
+  ** jump to here if the scan visited zero rows. */
+  if( bOnePass==0 ){
+    sqlite3VdbeAddOp2(v, OP_Next, ephemTab, addr+1); VdbeCoverage(v);
+    sqlite3VdbeJumpHere(v, addr);
+    sqlite3VdbeAddOp2(v, OP_Close, ephemTab, 0);
+  }else{
+    sqlite3WhereEnd(pWInfo);
+  }
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/************** End of update.c **********************************************/
+/************** Begin file vacuum.c ******************************************/
+/*
+** 2003 April 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used to implement the VACUUM command.
+**
+** Most of the code in this file may be omitted by defining the
+** SQLITE_OMIT_VACUUM macro.
+*/
+/* #include "sqliteInt.h" */
+/* #include "vdbeInt.h" */
+
+#if !defined(SQLITE_OMIT_VACUUM) && !defined(SQLITE_OMIT_ATTACH)
+/*
+** Finalize a prepared statement.  If there was an error, store the
+** text of the error message in *pzErrMsg.  Return the result code.
+*/
+static int vacuumFinalize(sqlite3 *db, sqlite3_stmt *pStmt, char **pzErrMsg){
+  int rc;
+  rc = sqlite3VdbeFinalize((Vdbe*)pStmt);
+  if( rc ){
+    sqlite3SetString(pzErrMsg, db, sqlite3_errmsg(db));
+  }
+  return rc;
+}
+
+/*
+** Execute zSql on database db. Return an error code.
+*/
+static int execSql(sqlite3 *db, char **pzErrMsg, const char *zSql){
+  sqlite3_stmt *pStmt;
+  VVA_ONLY( int rc; )
+  if( !zSql ){
+    return SQLITE_NOMEM;
+  }
+  if( SQLITE_OK!=sqlite3_prepare(db, zSql, -1, &pStmt, 0) ){
+    sqlite3SetString(pzErrMsg, db, sqlite3_errmsg(db));
+    return sqlite3_errcode(db);
+  }
+  VVA_ONLY( rc = ) sqlite3_step(pStmt);
+  assert( rc!=SQLITE_ROW || (db->flags&SQLITE_CountRows) );
+  return vacuumFinalize(db, pStmt, pzErrMsg);
+}
+
+/*
+** Execute zSql on database db. The statement returns exactly
+** one column. Execute this as SQL on the same database.
+*/
+static int execExecSql(sqlite3 *db, char **pzErrMsg, const char *zSql){
+  sqlite3_stmt *pStmt;
+  int rc;
+
+  rc = sqlite3_prepare(db, zSql, -1, &pStmt, 0);
+  if( rc!=SQLITE_OK ) return rc;
+
+  while( SQLITE_ROW==sqlite3_step(pStmt) ){
+    rc = execSql(db, pzErrMsg, (char*)sqlite3_column_text(pStmt, 0));
+    if( rc!=SQLITE_OK ){
+      vacuumFinalize(db, pStmt, pzErrMsg);
+      return rc;
+    }
+  }
+
+  return vacuumFinalize(db, pStmt, pzErrMsg);
+}
+
+/*
+** The VACUUM command is used to clean up the database,
+** collapse free space, etc.  It is modelled after the VACUUM command
+** in PostgreSQL.  The VACUUM command works as follows:
+**
+**   (1)  Create a new transient database file
+**   (2)  Copy all content from the database being vacuumed into
+**        the new transient database file
+**   (3)  Copy content from the transient database back into the
+**        original database.
+**
+** The transient database requires temporary disk space approximately
+** equal to the size of the original database.  The copy operation of
+** step (3) requires additional temporary disk space approximately equal
+** to the size of the original database for the rollback journal.
+** Hence, temporary disk space that is approximately 2x the size of the
+** original database is required.  Every page of the database is written
+** approximately 3 times:  Once for step (2) and twice for step (3).
+** Two writes per page are required in step (3) because the original
+** database content must be written into the rollback journal prior to
+** overwriting the database with the vacuumed content.
+**
+** Only 1x temporary space and only 1x writes would be required if
+** the copy of step (3) were replaced by deleting the original database
+** and renaming the transient database as the original.  But that will
+** not work if other processes are attached to the original database.
+** And a power loss in between deleting the original and renaming the
+** transient would cause the database file to appear to be deleted
+** following reboot.
+*/
+SQLITE_PRIVATE void sqlite3Vacuum(Parse *pParse){
+  Vdbe *v = sqlite3GetVdbe(pParse);
+  if( v ){
+    sqlite3VdbeAddOp2(v, OP_Vacuum, 0, 0);
+    sqlite3VdbeUsesBtree(v, 0);
+  }
+  return;
+}
+
+/*
+** This routine implements the OP_Vacuum opcode of the VDBE.
+*/
+SQLITE_PRIVATE int sqlite3RunVacuum(char **pzErrMsg, sqlite3 *db){
+  int rc = SQLITE_OK;     /* Return code from service routines */
+  Btree *pMain;           /* The database being vacuumed */
+  Btree *pTemp;           /* The temporary database we vacuum into */
+  char *zSql = 0;         /* SQL statements */
+  int saved_flags;        /* Saved value of the db->flags */
+  int saved_nChange;      /* Saved value of db->nChange */
+  int saved_nTotalChange; /* Saved value of db->nTotalChange */
+  void (*saved_xTrace)(void*,const char*);  /* Saved db->xTrace */
+  Db *pDb = 0;            /* Database to detach at end of vacuum */
+  int isMemDb;            /* True if vacuuming a :memory: database */
+  int nRes;               /* Bytes of reserved space at the end of each page */
+  int nDb;                /* Number of attached databases */
+
+  if( !db->autoCommit ){
+    sqlite3SetString(pzErrMsg, db, "cannot VACUUM from within a transaction");
+    return SQLITE_ERROR;
+  }
+  if( db->nVdbeActive>1 ){
+    sqlite3SetString(pzErrMsg, db,"cannot VACUUM - SQL statements in progress");
+    return SQLITE_ERROR;
+  }
+
+  /* Save the current value of the database flags so that it can be 
+  ** restored before returning. Then set the writable-schema flag, and
+  ** disable CHECK and foreign key constraints.  */
+  saved_flags = db->flags;
+  saved_nChange = db->nChange;
+  saved_nTotalChange = db->nTotalChange;
+  saved_xTrace = db->xTrace;
+  db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks | SQLITE_PreferBuiltin;
+  db->flags &= ~(SQLITE_ForeignKeys | SQLITE_ReverseOrder);
+  db->xTrace = 0;
+
+  pMain = db->aDb[0].pBt;
+  isMemDb = sqlite3PagerIsMemdb(sqlite3BtreePager(pMain));
+
+  /* Attach the temporary database as 'vacuum_db'. The synchronous pragma
+  ** can be set to 'off' for this file, as it is not recovered if a crash
+  ** occurs anyway. The integrity of the database is maintained by a
+  ** (possibly synchronous) transaction opened on the main database before
+  ** sqlite3BtreeCopyFile() is called.
+  **
+  ** An optimisation would be to use a non-journaled pager.
+  ** (Later:) I tried setting "PRAGMA vacuum_db.journal_mode=OFF" but
+  ** that actually made the VACUUM run slower.  Very little journalling
+  ** actually occurs when doing a vacuum since the vacuum_db is initially
+  ** empty.  Only the journal header is written.  Apparently it takes more
+  ** time to parse and run the PRAGMA to turn journalling off than it does
+  ** to write the journal header file.
+  */
+  nDb = db->nDb;
+  if( sqlite3TempInMemory(db) ){
+    zSql = "ATTACH ':memory:' AS vacuum_db;";
+  }else{
+    zSql = "ATTACH '' AS vacuum_db;";
+  }
+  rc = execSql(db, pzErrMsg, zSql);
+  if( db->nDb>nDb ){
+    pDb = &db->aDb[db->nDb-1];
+    assert( strcmp(pDb->zName,"vacuum_db")==0 );
+  }
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+  pTemp = db->aDb[db->nDb-1].pBt;
+
+  /* The call to execSql() to attach the temp database has left the file
+  ** locked (as there was more than one active statement when the transaction
+  ** to read the schema was concluded. Unlock it here so that this doesn't
+  ** cause problems for the call to BtreeSetPageSize() below.  */
+  sqlite3BtreeCommit(pTemp);
+
+  nRes = sqlite3BtreeGetOptimalReserve(pMain);
+
+  /* A VACUUM cannot change the pagesize of an encrypted database. */
+#ifdef SQLITE_HAS_CODEC
+  if( db->nextPagesize ){
+    extern void sqlite3CodecGetKey(sqlite3*, int, void**, int*);
+    int nKey;
+    char *zKey;
+    sqlite3CodecGetKey(db, 0, (void**)&zKey, &nKey);
+    if( nKey ) db->nextPagesize = 0;
+  }
+#endif
+
+  rc = execSql(db, pzErrMsg, "PRAGMA vacuum_db.synchronous=OFF");
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+
+  /* Begin a transaction and take an exclusive lock on the main database
+  ** file. This is done before the sqlite3BtreeGetPageSize(pMain) call below,
+  ** to ensure that we do not try to change the page-size on a WAL database.
+  */
+  rc = execSql(db, pzErrMsg, "BEGIN;");
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+  rc = sqlite3BtreeBeginTrans(pMain, 2);
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+
+  /* Do not attempt to change the page size for a WAL database */
+  if( sqlite3PagerGetJournalMode(sqlite3BtreePager(pMain))
+                                               ==PAGER_JOURNALMODE_WAL ){
+    db->nextPagesize = 0;
+  }
+
+  if( sqlite3BtreeSetPageSize(pTemp, sqlite3BtreeGetPageSize(pMain), nRes, 0)
+   || (!isMemDb && sqlite3BtreeSetPageSize(pTemp, db->nextPagesize, nRes, 0))
+   || NEVER(db->mallocFailed)
+  ){
+    rc = SQLITE_NOMEM;
+    goto end_of_vacuum;
+  }
+
+#ifndef SQLITE_OMIT_AUTOVACUUM
+  sqlite3BtreeSetAutoVacuum(pTemp, db->nextAutovac>=0 ? db->nextAutovac :
+                                           sqlite3BtreeGetAutoVacuum(pMain));
+#endif
+
+  /* Query the schema of the main database. Create a mirror schema
+  ** in the temporary database.
+  */
+  rc = execExecSql(db, pzErrMsg,
+      "SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) "
+      "  FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence'"
+      "   AND coalesce(rootpage,1)>0"
+  );
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+  rc = execExecSql(db, pzErrMsg,
+      "SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14)"
+      "  FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %' ");
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+  rc = execExecSql(db, pzErrMsg,
+      "SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) "
+      "  FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'");
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+
+  /* Loop through the tables in the main database. For each, do
+  ** an "INSERT INTO vacuum_db.xxx SELECT * FROM main.xxx;" to copy
+  ** the contents to the temporary database.
+  */
+  assert( (db->flags & SQLITE_Vacuum)==0 );
+  db->flags |= SQLITE_Vacuum;
+  rc = execExecSql(db, pzErrMsg,
+      "SELECT 'INSERT INTO vacuum_db.' || quote(name) "
+      "|| ' SELECT * FROM main.' || quote(name) || ';'"
+      "FROM main.sqlite_master "
+      "WHERE type = 'table' AND name!='sqlite_sequence' "
+      "  AND coalesce(rootpage,1)>0"
+  );
+  assert( (db->flags & SQLITE_Vacuum)!=0 );
+  db->flags &= ~SQLITE_Vacuum;
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+
+  /* Copy over the sequence table
+  */
+  rc = execExecSql(db, pzErrMsg,
+      "SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' "
+      "FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' "
+  );
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+  rc = execExecSql(db, pzErrMsg,
+      "SELECT 'INSERT INTO vacuum_db.' || quote(name) "
+      "|| ' SELECT * FROM main.' || quote(name) || ';' "
+      "FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';"
+  );
+  if( rc!=SQLITE_OK ) goto end_of_vacuum;
+
+
+  /* Copy the triggers, views, and virtual tables from the main database
+  ** over to the temporary database.  None of these objects has any
+  ** associated storage, so all we have to do is copy their entries
+  ** from the SQLITE_MASTER table.
+  */
+  rc = execSql(db, pzErrMsg,
+      "INSERT INTO vacuum_db.sqlite_master "
+      "  SELECT type, name, tbl_name, rootpage, sql"
+      "    FROM main.sqlite_master"
+      "   WHERE type='view' OR type='trigger'"
+      "      OR (type='table' AND rootpage=0)"
+  );
+  if( rc ) goto end_of_vacuum;
+
+  /* At this point, there is a write transaction open on both the 
+  ** vacuum database and the main database. Assuming no error occurs,
+  ** both transactions are closed by this block - the main database
+  ** transaction by sqlite3BtreeCopyFile() and the other by an explicit
+  ** call to sqlite3BtreeCommit().
+  */
+  {
+    u32 meta;
+    int i;
+
+    /* This array determines which meta meta values are preserved in the
+    ** vacuum.  Even entries are the meta value number and odd entries
+    ** are an increment to apply to the meta value after the vacuum.
+    ** The increment is used to increase the schema cookie so that other
+    ** connections to the same database will know to reread the schema.
+    */
+    static const unsigned char aCopy[] = {
+       BTREE_SCHEMA_VERSION,     1,  /* Add one to the old schema cookie */
+       BTREE_DEFAULT_CACHE_SIZE, 0,  /* Preserve the default page cache size */
+       BTREE_TEXT_ENCODING,      0,  /* Preserve the text encoding */
+       BTREE_USER_VERSION,       0,  /* Preserve the user version */
+       BTREE_APPLICATION_ID,     0,  /* Preserve the application id */
+    };
+
+    assert( 1==sqlite3BtreeIsInTrans(pTemp) );
+    assert( 1==sqlite3BtreeIsInTrans(pMain) );
+
+    /* Copy Btree meta values */
+    for(i=0; i<ArraySize(aCopy); i+=2){
+      /* GetMeta() and UpdateMeta() cannot fail in this context because
+      ** we already have page 1 loaded into cache and marked dirty. */
+      sqlite3BtreeGetMeta(pMain, aCopy[i], &meta);
+      rc = sqlite3BtreeUpdateMeta(pTemp, aCopy[i], meta+aCopy[i+1]);
+      if( NEVER(rc!=SQLITE_OK) ) goto end_of_vacuum;
+    }
+
+    rc = sqlite3BtreeCopyFile(pMain, pTemp);
+    if( rc!=SQLITE_OK ) goto end_of_vacuum;
+    rc = sqlite3BtreeCommit(pTemp);
+    if( rc!=SQLITE_OK ) goto end_of_vacuum;
+#ifndef SQLITE_OMIT_AUTOVACUUM
+    sqlite3BtreeSetAutoVacuum(pMain, sqlite3BtreeGetAutoVacuum(pTemp));
+#endif
+  }
+
+  assert( rc==SQLITE_OK );
+  rc = sqlite3BtreeSetPageSize(pMain, sqlite3BtreeGetPageSize(pTemp), nRes,1);
+
+end_of_vacuum:
+  /* Restore the original value of db->flags */
+  db->flags = saved_flags;
+  db->nChange = saved_nChange;
+  db->nTotalChange = saved_nTotalChange;
+  db->xTrace = saved_xTrace;
+  sqlite3BtreeSetPageSize(pMain, -1, -1, 1);
+
+  /* Currently there is an SQL level transaction open on the vacuum
+  ** database. No locks are held on any other files (since the main file
+  ** was committed at the btree level). So it safe to end the transaction
+  ** by manually setting the autoCommit flag to true and detaching the
+  ** vacuum database. The vacuum_db journal file is deleted when the pager
+  ** is closed by the DETACH.
+  */
+  db->autoCommit = 1;
+
+  if( pDb ){
+    sqlite3BtreeClose(pDb->pBt);
+    pDb->pBt = 0;
+    pDb->pSchema = 0;
+  }
+
+  /* This both clears the schemas and reduces the size of the db->aDb[]
+  ** array. */ 
+  sqlite3ResetAllSchemasOfConnection(db);
+
+  return rc;
+}
+
+#endif  /* SQLITE_OMIT_VACUUM && SQLITE_OMIT_ATTACH */
+
+/************** End of vacuum.c **********************************************/
+/************** Begin file vtab.c ********************************************/
+/*
+** 2006 June 10
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code used to help implement virtual tables.
+*/
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/* #include "sqliteInt.h" */
+
+/*
+** Before a virtual table xCreate() or xConnect() method is invoked, the
+** sqlite3.pVtabCtx member variable is set to point to an instance of
+** this struct allocated on the stack. It is used by the implementation of 
+** the sqlite3_declare_vtab() and sqlite3_vtab_config() APIs, both of which
+** are invoked only from within xCreate and xConnect methods.
+*/
+struct VtabCtx {
+  VTable *pVTable;    /* The virtual table being constructed */
+  Table *pTab;        /* The Table object to which the virtual table belongs */
+  VtabCtx *pPrior;    /* Parent context (if any) */
+  int bDeclared;      /* True after sqlite3_declare_vtab() is called */
+};
+
+/*
+** The actual function that does the work of creating a new module.
+** This function implements the sqlite3_create_module() and
+** sqlite3_create_module_v2() interfaces.
+*/
+static int createModule(
+  sqlite3 *db,                    /* Database in which module is registered */
+  const char *zName,              /* Name assigned to this module */
+  const sqlite3_module *pModule,  /* The definition of the module */
+  void *pAux,                     /* Context pointer for xCreate/xConnect */
+  void (*xDestroy)(void *)        /* Module destructor function */
+){
+  int rc = SQLITE_OK;
+  int nName;
+
+  sqlite3_mutex_enter(db->mutex);
+  nName = sqlite3Strlen30(zName);
+  if( sqlite3HashFind(&db->aModule, zName) ){
+    rc = SQLITE_MISUSE_BKPT;
+  }else{
+    Module *pMod;
+    pMod = (Module *)sqlite3DbMallocRaw(db, sizeof(Module) + nName + 1);
+    if( pMod ){
+      Module *pDel;
+      char *zCopy = (char *)(&pMod[1]);
+      memcpy(zCopy, zName, nName+1);
+      pMod->zName = zCopy;
+      pMod->pModule = pModule;
+      pMod->pAux = pAux;
+      pMod->xDestroy = xDestroy;
+      pMod->pEpoTab = 0;
+      pDel = (Module *)sqlite3HashInsert(&db->aModule,zCopy,(void*)pMod);
+      assert( pDel==0 || pDel==pMod );
+      if( pDel ){
+        db->mallocFailed = 1;
+        sqlite3DbFree(db, pDel);
+      }
+    }
+  }
+  rc = sqlite3ApiExit(db, rc);
+  if( rc!=SQLITE_OK && xDestroy ) xDestroy(pAux);
+
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+
+/*
+** External API function used to create a new virtual-table module.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_module(
+  sqlite3 *db,                    /* Database in which module is registered */
+  const char *zName,              /* Name assigned to this module */
+  const sqlite3_module *pModule,  /* The definition of the module */
+  void *pAux                      /* Context pointer for xCreate/xConnect */
+){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zName==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  return createModule(db, zName, pModule, pAux, 0);
+}
+
+/*
+** External API function used to create a new virtual-table module.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_module_v2(
+  sqlite3 *db,                    /* Database in which module is registered */
+  const char *zName,              /* Name assigned to this module */
+  const sqlite3_module *pModule,  /* The definition of the module */
+  void *pAux,                     /* Context pointer for xCreate/xConnect */
+  void (*xDestroy)(void *)        /* Module destructor function */
+){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zName==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  return createModule(db, zName, pModule, pAux, xDestroy);
+}
+
+/*
+** Lock the virtual table so that it cannot be disconnected.
+** Locks nest.  Every lock should have a corresponding unlock.
+** If an unlock is omitted, resources leaks will occur.  
+**
+** If a disconnect is attempted while a virtual table is locked,
+** the disconnect is deferred until all locks have been removed.
+*/
+SQLITE_PRIVATE void sqlite3VtabLock(VTable *pVTab){
+  pVTab->nRef++;
+}
+
+
+/*
+** pTab is a pointer to a Table structure representing a virtual-table.
+** Return a pointer to the VTable object used by connection db to access 
+** this virtual-table, if one has been created, or NULL otherwise.
+*/
+SQLITE_PRIVATE VTable *sqlite3GetVTable(sqlite3 *db, Table *pTab){
+  VTable *pVtab;
+  assert( IsVirtual(pTab) );
+  for(pVtab=pTab->pVTable; pVtab && pVtab->db!=db; pVtab=pVtab->pNext);
+  return pVtab;
+}
+
+/*
+** Decrement the ref-count on a virtual table object. When the ref-count
+** reaches zero, call the xDisconnect() method to delete the object.
+*/
+SQLITE_PRIVATE void sqlite3VtabUnlock(VTable *pVTab){
+  sqlite3 *db = pVTab->db;
+
+  assert( db );
+  assert( pVTab->nRef>0 );
+  assert( db->magic==SQLITE_MAGIC_OPEN || db->magic==SQLITE_MAGIC_ZOMBIE );
+
+  pVTab->nRef--;
+  if( pVTab->nRef==0 ){
+    sqlite3_vtab *p = pVTab->pVtab;
+    if( p ){
+      p->pModule->xDisconnect(p);
+    }
+    sqlite3DbFree(db, pVTab);
+  }
+}
+
+/*
+** Table p is a virtual table. This function moves all elements in the
+** p->pVTable list to the sqlite3.pDisconnect lists of their associated
+** database connections to be disconnected at the next opportunity. 
+** Except, if argument db is not NULL, then the entry associated with
+** connection db is left in the p->pVTable list.
+*/
+static VTable *vtabDisconnectAll(sqlite3 *db, Table *p){
+  VTable *pRet = 0;
+  VTable *pVTable = p->pVTable;
+  p->pVTable = 0;
+
+  /* Assert that the mutex (if any) associated with the BtShared database 
+  ** that contains table p is held by the caller. See header comments 
+  ** above function sqlite3VtabUnlockList() for an explanation of why
+  ** this makes it safe to access the sqlite3.pDisconnect list of any
+  ** database connection that may have an entry in the p->pVTable list.
+  */
+  assert( db==0 || sqlite3SchemaMutexHeld(db, 0, p->pSchema) );
+
+  while( pVTable ){
+    sqlite3 *db2 = pVTable->db;
+    VTable *pNext = pVTable->pNext;
+    assert( db2 );
+    if( db2==db ){
+      pRet = pVTable;
+      p->pVTable = pRet;
+      pRet->pNext = 0;
+    }else{
+      pVTable->pNext = db2->pDisconnect;
+      db2->pDisconnect = pVTable;
+    }
+    pVTable = pNext;
+  }
+
+  assert( !db || pRet );
+  return pRet;
+}
+
+/*
+** Table *p is a virtual table. This function removes the VTable object
+** for table *p associated with database connection db from the linked
+** list in p->pVTab. It also decrements the VTable ref count. This is
+** used when closing database connection db to free all of its VTable
+** objects without disturbing the rest of the Schema object (which may
+** be being used by other shared-cache connections).
+*/
+SQLITE_PRIVATE void sqlite3VtabDisconnect(sqlite3 *db, Table *p){
+  VTable **ppVTab;
+
+  assert( IsVirtual(p) );
+  assert( sqlite3BtreeHoldsAllMutexes(db) );
+  assert( sqlite3_mutex_held(db->mutex) );
+
+  for(ppVTab=&p->pVTable; *ppVTab; ppVTab=&(*ppVTab)->pNext){
+    if( (*ppVTab)->db==db  ){
+      VTable *pVTab = *ppVTab;
+      *ppVTab = pVTab->pNext;
+      sqlite3VtabUnlock(pVTab);
+      break;
+    }
+  }
+}
+
+
+/*
+** Disconnect all the virtual table objects in the sqlite3.pDisconnect list.
+**
+** This function may only be called when the mutexes associated with all
+** shared b-tree databases opened using connection db are held by the 
+** caller. This is done to protect the sqlite3.pDisconnect list. The
+** sqlite3.pDisconnect list is accessed only as follows:
+**
+**   1) By this function. In this case, all BtShared mutexes and the mutex
+**      associated with the database handle itself must be held.
+**
+**   2) By function vtabDisconnectAll(), when it adds a VTable entry to
+**      the sqlite3.pDisconnect list. In this case either the BtShared mutex
+**      associated with the database the virtual table is stored in is held
+**      or, if the virtual table is stored in a non-sharable database, then
+**      the database handle mutex is held.
+**
+** As a result, a sqlite3.pDisconnect cannot be accessed simultaneously 
+** by multiple threads. It is thread-safe.
+*/
+SQLITE_PRIVATE void sqlite3VtabUnlockList(sqlite3 *db){
+  VTable *p = db->pDisconnect;
+  db->pDisconnect = 0;
+
+  assert( sqlite3BtreeHoldsAllMutexes(db) );
+  assert( sqlite3_mutex_held(db->mutex) );
+
+  if( p ){
+    sqlite3ExpirePreparedStatements(db);
+    do {
+      VTable *pNext = p->pNext;
+      sqlite3VtabUnlock(p);
+      p = pNext;
+    }while( p );
+  }
+}
+
+/*
+** Clear any and all virtual-table information from the Table record.
+** This routine is called, for example, just before deleting the Table
+** record.
+**
+** Since it is a virtual-table, the Table structure contains a pointer
+** to the head of a linked list of VTable structures. Each VTable 
+** structure is associated with a single sqlite3* user of the schema.
+** The reference count of the VTable structure associated with database 
+** connection db is decremented immediately (which may lead to the 
+** structure being xDisconnected and free). Any other VTable structures
+** in the list are moved to the sqlite3.pDisconnect list of the associated 
+** database connection.
+*/
+SQLITE_PRIVATE void sqlite3VtabClear(sqlite3 *db, Table *p){
+  if( !db || db->pnBytesFreed==0 ) vtabDisconnectAll(0, p);
+  if( p->azModuleArg ){
+    int i;
+    for(i=0; i<p->nModuleArg; i++){
+      if( i!=1 ) sqlite3DbFree(db, p->azModuleArg[i]);
+    }
+    sqlite3DbFree(db, p->azModuleArg);
+  }
+}
+
+/*
+** Add a new module argument to pTable->azModuleArg[].
+** The string is not copied - the pointer is stored.  The
+** string will be freed automatically when the table is
+** deleted.
+*/
+static void addModuleArgument(sqlite3 *db, Table *pTable, char *zArg){
+  int nBytes = sizeof(char *)*(2+pTable->nModuleArg);
+  char **azModuleArg;
+  azModuleArg = sqlite3DbRealloc(db, pTable->azModuleArg, nBytes);
+  if( azModuleArg==0 ){
+    sqlite3DbFree(db, zArg);
+  }else{
+    int i = pTable->nModuleArg++;
+    azModuleArg[i] = zArg;
+    azModuleArg[i+1] = 0;
+    pTable->azModuleArg = azModuleArg;
+  }
+}
+
+/*
+** The parser calls this routine when it first sees a CREATE VIRTUAL TABLE
+** statement.  The module name has been parsed, but the optional list
+** of parameters that follow the module name are still pending.
+*/
+SQLITE_PRIVATE void sqlite3VtabBeginParse(
+  Parse *pParse,        /* Parsing context */
+  Token *pName1,        /* Name of new table, or database name */
+  Token *pName2,        /* Name of new table or NULL */
+  Token *pModuleName,   /* Name of the module for the virtual table */
+  int ifNotExists       /* No error if the table already exists */
+){
+  int iDb;              /* The database the table is being created in */
+  Table *pTable;        /* The new virtual table */
+  sqlite3 *db;          /* Database connection */
+
+  sqlite3StartTable(pParse, pName1, pName2, 0, 0, 1, ifNotExists);
+  pTable = pParse->pNewTable;
+  if( pTable==0 ) return;
+  assert( 0==pTable->pIndex );
+
+  db = pParse->db;
+  iDb = sqlite3SchemaToIndex(db, pTable->pSchema);
+  assert( iDb>=0 );
+
+  pTable->tabFlags |= TF_Virtual;
+  pTable->nModuleArg = 0;
+  addModuleArgument(db, pTable, sqlite3NameFromToken(db, pModuleName));
+  addModuleArgument(db, pTable, 0);
+  addModuleArgument(db, pTable, sqlite3DbStrDup(db, pTable->zName));
+  assert( (pParse->sNameToken.z==pName2->z && pName2->z!=0)
+       || (pParse->sNameToken.z==pName1->z && pName2->z==0)
+  );
+  pParse->sNameToken.n = (int)(
+      &pModuleName->z[pModuleName->n] - pParse->sNameToken.z
+  );
+
+#ifndef SQLITE_OMIT_AUTHORIZATION
+  /* Creating a virtual table invokes the authorization callback twice.
+  ** The first invocation, to obtain permission to INSERT a row into the
+  ** sqlite_master table, has already been made by sqlite3StartTable().
+  ** The second call, to obtain permission to create the table, is made now.
+  */
+  if( pTable->azModuleArg ){
+    sqlite3AuthCheck(pParse, SQLITE_CREATE_VTABLE, pTable->zName, 
+            pTable->azModuleArg[0], pParse->db->aDb[iDb].zName);
+  }
+#endif
+}
+
+/*
+** This routine takes the module argument that has been accumulating
+** in pParse->zArg[] and appends it to the list of arguments on the
+** virtual table currently under construction in pParse->pTable.
+*/
+static void addArgumentToVtab(Parse *pParse){
+  if( pParse->sArg.z && pParse->pNewTable ){
+    const char *z = (const char*)pParse->sArg.z;
+    int n = pParse->sArg.n;
+    sqlite3 *db = pParse->db;
+    addModuleArgument(db, pParse->pNewTable, sqlite3DbStrNDup(db, z, n));
+  }
+}
+
+/*
+** The parser calls this routine after the CREATE VIRTUAL TABLE statement
+** has been completely parsed.
+*/
+SQLITE_PRIVATE void sqlite3VtabFinishParse(Parse *pParse, Token *pEnd){
+  Table *pTab = pParse->pNewTable;  /* The table being constructed */
+  sqlite3 *db = pParse->db;         /* The database connection */
+
+  if( pTab==0 ) return;
+  addArgumentToVtab(pParse);
+  pParse->sArg.z = 0;
+  if( pTab->nModuleArg<1 ) return;
+  
+  /* If the CREATE VIRTUAL TABLE statement is being entered for the
+  ** first time (in other words if the virtual table is actually being
+  ** created now instead of just being read out of sqlite_master) then
+  ** do additional initialization work and store the statement text
+  ** in the sqlite_master table.
+  */
+  if( !db->init.busy ){
+    char *zStmt;
+    char *zWhere;
+    int iDb;
+    int iReg;
+    Vdbe *v;
+
+    /* Compute the complete text of the CREATE VIRTUAL TABLE statement */
+    if( pEnd ){
+      pParse->sNameToken.n = (int)(pEnd->z - pParse->sNameToken.z) + pEnd->n;
+    }
+    zStmt = sqlite3MPrintf(db, "CREATE VIRTUAL TABLE %T", &pParse->sNameToken);
+
+    /* A slot for the record has already been allocated in the 
+    ** SQLITE_MASTER table.  We just need to update that slot with all
+    ** the information we've collected.  
+    **
+    ** The VM register number pParse->regRowid holds the rowid of an
+    ** entry in the sqlite_master table tht was created for this vtab
+    ** by sqlite3StartTable().
+    */
+    iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+    sqlite3NestedParse(pParse,
+      "UPDATE %Q.%s "
+         "SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q "
+       "WHERE rowid=#%d",
+      db->aDb[iDb].zName, SCHEMA_TABLE(iDb),
+      pTab->zName,
+      pTab->zName,
+      zStmt,
+      pParse->regRowid
+    );
+    sqlite3DbFree(db, zStmt);
+    v = sqlite3GetVdbe(pParse);
+    sqlite3ChangeCookie(pParse, iDb);
+
+    sqlite3VdbeAddOp2(v, OP_Expire, 0, 0);
+    zWhere = sqlite3MPrintf(db, "name='%q' AND type='table'", pTab->zName);
+    sqlite3VdbeAddParseSchemaOp(v, iDb, zWhere);
+
+    iReg = ++pParse->nMem;
+    sqlite3VdbeLoadString(v, iReg, pTab->zName);
+    sqlite3VdbeAddOp2(v, OP_VCreate, iDb, iReg);
+  }
+
+  /* If we are rereading the sqlite_master table create the in-memory
+  ** record of the table. The xConnect() method is not called until
+  ** the first time the virtual table is used in an SQL statement. This
+  ** allows a schema that contains virtual tables to be loaded before
+  ** the required virtual table implementations are registered.  */
+  else {
+    Table *pOld;
+    Schema *pSchema = pTab->pSchema;
+    const char *zName = pTab->zName;
+    assert( sqlite3SchemaMutexHeld(db, 0, pSchema) );
+    pOld = sqlite3HashInsert(&pSchema->tblHash, zName, pTab);
+    if( pOld ){
+      db->mallocFailed = 1;
+      assert( pTab==pOld );  /* Malloc must have failed inside HashInsert() */
+      return;
+    }
+    pParse->pNewTable = 0;
+  }
+}
+
+/*
+** The parser calls this routine when it sees the first token
+** of an argument to the module name in a CREATE VIRTUAL TABLE statement.
+*/
+SQLITE_PRIVATE void sqlite3VtabArgInit(Parse *pParse){
+  addArgumentToVtab(pParse);
+  pParse->sArg.z = 0;
+  pParse->sArg.n = 0;
+}
+
+/*
+** The parser calls this routine for each token after the first token
+** in an argument to the module name in a CREATE VIRTUAL TABLE statement.
+*/
+SQLITE_PRIVATE void sqlite3VtabArgExtend(Parse *pParse, Token *p){
+  Token *pArg = &pParse->sArg;
+  if( pArg->z==0 ){
+    pArg->z = p->z;
+    pArg->n = p->n;
+  }else{
+    assert(pArg->z <= p->z);
+    pArg->n = (int)(&p->z[p->n] - pArg->z);
+  }
+}
+
+/*
+** Invoke a virtual table constructor (either xCreate or xConnect). The
+** pointer to the function to invoke is passed as the fourth parameter
+** to this procedure.
+*/
+static int vtabCallConstructor(
+  sqlite3 *db, 
+  Table *pTab,
+  Module *pMod,
+  int (*xConstruct)(sqlite3*,void*,int,const char*const*,sqlite3_vtab**,char**),
+  char **pzErr
+){
+  VtabCtx sCtx;
+  VTable *pVTable;
+  int rc;
+  const char *const*azArg = (const char *const*)pTab->azModuleArg;
+  int nArg = pTab->nModuleArg;
+  char *zErr = 0;
+  char *zModuleName;
+  int iDb;
+  VtabCtx *pCtx;
+
+  /* Check that the virtual-table is not already being initialized */
+  for(pCtx=db->pVtabCtx; pCtx; pCtx=pCtx->pPrior){
+    if( pCtx->pTab==pTab ){
+      *pzErr = sqlite3MPrintf(db, 
+          "vtable constructor called recursively: %s", pTab->zName
+      );
+      return SQLITE_LOCKED;
+    }
+  }
+
+  zModuleName = sqlite3MPrintf(db, "%s", pTab->zName);
+  if( !zModuleName ){
+    return SQLITE_NOMEM;
+  }
+
+  pVTable = sqlite3DbMallocZero(db, sizeof(VTable));
+  if( !pVTable ){
+    sqlite3DbFree(db, zModuleName);
+    return SQLITE_NOMEM;
+  }
+  pVTable->db = db;
+  pVTable->pMod = pMod;
+
+  iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+  pTab->azModuleArg[1] = db->aDb[iDb].zName;
+
+  /* Invoke the virtual table constructor */
+  assert( &db->pVtabCtx );
+  assert( xConstruct );
+  sCtx.pTab = pTab;
+  sCtx.pVTable = pVTable;
+  sCtx.pPrior = db->pVtabCtx;
+  sCtx.bDeclared = 0;
+  db->pVtabCtx = &sCtx;
+  rc = xConstruct(db, pMod->pAux, nArg, azArg, &pVTable->pVtab, &zErr);
+  db->pVtabCtx = sCtx.pPrior;
+  if( rc==SQLITE_NOMEM ) db->mallocFailed = 1;
+  assert( sCtx.pTab==pTab );
+
+  if( SQLITE_OK!=rc ){
+    if( zErr==0 ){
+      *pzErr = sqlite3MPrintf(db, "vtable constructor failed: %s", zModuleName);
+    }else {
+      *pzErr = sqlite3MPrintf(db, "%s", zErr);
+      sqlite3_free(zErr);
+    }
+    sqlite3DbFree(db, pVTable);
+  }else if( ALWAYS(pVTable->pVtab) ){
+    /* Justification of ALWAYS():  A correct vtab constructor must allocate
+    ** the sqlite3_vtab object if successful.  */
+    memset(pVTable->pVtab, 0, sizeof(pVTable->pVtab[0]));
+    pVTable->pVtab->pModule = pMod->pModule;
+    pVTable->nRef = 1;
+    if( sCtx.bDeclared==0 ){
+      const char *zFormat = "vtable constructor did not declare schema: %s";
+      *pzErr = sqlite3MPrintf(db, zFormat, pTab->zName);
+      sqlite3VtabUnlock(pVTable);
+      rc = SQLITE_ERROR;
+    }else{
+      int iCol;
+      u8 oooHidden = 0;
+      /* If everything went according to plan, link the new VTable structure
+      ** into the linked list headed by pTab->pVTable. Then loop through the 
+      ** columns of the table to see if any of them contain the token "hidden".
+      ** If so, set the Column COLFLAG_HIDDEN flag and remove the token from
+      ** the type string.  */
+      pVTable->pNext = pTab->pVTable;
+      pTab->pVTable = pVTable;
+
+      for(iCol=0; iCol<pTab->nCol; iCol++){
+        char *zType = pTab->aCol[iCol].zType;
+        int nType;
+        int i = 0;
+        if( !zType ){
+          pTab->tabFlags |= oooHidden;
+          continue;
+        }
+        nType = sqlite3Strlen30(zType);
+        if( sqlite3StrNICmp("hidden", zType, 6)||(zType[6] && zType[6]!=' ') ){
+          for(i=0; i<nType; i++){
+            if( (0==sqlite3StrNICmp(" hidden", &zType[i], 7))
+             && (zType[i+7]=='\0' || zType[i+7]==' ')
+            ){
+              i++;
+              break;
+            }
+          }
+        }
+        if( i<nType ){
+          int j;
+          int nDel = 6 + (zType[i+6] ? 1 : 0);
+          for(j=i; (j+nDel)<=nType; j++){
+            zType[j] = zType[j+nDel];
+          }
+          if( zType[i]=='\0' && i>0 ){
+            assert(zType[i-1]==' ');
+            zType[i-1] = '\0';
+          }
+          pTab->aCol[iCol].colFlags |= COLFLAG_HIDDEN;
+          oooHidden = TF_OOOHidden;
+        }else{
+          pTab->tabFlags |= oooHidden;
+        }
+      }
+    }
+  }
+
+  sqlite3DbFree(db, zModuleName);
+  return rc;
+}
+
+/*
+** This function is invoked by the parser to call the xConnect() method
+** of the virtual table pTab. If an error occurs, an error code is returned 
+** and an error left in pParse.
+**
+** This call is a no-op if table pTab is not a virtual table.
+*/
+SQLITE_PRIVATE int sqlite3VtabCallConnect(Parse *pParse, Table *pTab){
+  sqlite3 *db = pParse->db;
+  const char *zMod;
+  Module *pMod;
+  int rc;
+
+  assert( pTab );
+  if( (pTab->tabFlags & TF_Virtual)==0 || sqlite3GetVTable(db, pTab) ){
+    return SQLITE_OK;
+  }
+
+  /* Locate the required virtual table module */
+  zMod = pTab->azModuleArg[0];
+  pMod = (Module*)sqlite3HashFind(&db->aModule, zMod);
+
+  if( !pMod ){
+    const char *zModule = pTab->azModuleArg[0];
+    sqlite3ErrorMsg(pParse, "no such module: %s", zModule);
+    rc = SQLITE_ERROR;
+  }else{
+    char *zErr = 0;
+    rc = vtabCallConstructor(db, pTab, pMod, pMod->pModule->xConnect, &zErr);
+    if( rc!=SQLITE_OK ){
+      sqlite3ErrorMsg(pParse, "%s", zErr);
+    }
+    sqlite3DbFree(db, zErr);
+  }
+
+  return rc;
+}
+/*
+** Grow the db->aVTrans[] array so that there is room for at least one
+** more v-table. Return SQLITE_NOMEM if a malloc fails, or SQLITE_OK otherwise.
+*/
+static int growVTrans(sqlite3 *db){
+  const int ARRAY_INCR = 5;
+
+  /* Grow the sqlite3.aVTrans array if required */
+  if( (db->nVTrans%ARRAY_INCR)==0 ){
+    VTable **aVTrans;
+    int nBytes = sizeof(sqlite3_vtab *) * (db->nVTrans + ARRAY_INCR);
+    aVTrans = sqlite3DbRealloc(db, (void *)db->aVTrans, nBytes);
+    if( !aVTrans ){
+      return SQLITE_NOMEM;
+    }
+    memset(&aVTrans[db->nVTrans], 0, sizeof(sqlite3_vtab *)*ARRAY_INCR);
+    db->aVTrans = aVTrans;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Add the virtual table pVTab to the array sqlite3.aVTrans[]. Space should
+** have already been reserved using growVTrans().
+*/
+static void addToVTrans(sqlite3 *db, VTable *pVTab){
+  /* Add pVtab to the end of sqlite3.aVTrans */
+  db->aVTrans[db->nVTrans++] = pVTab;
+  sqlite3VtabLock(pVTab);
+}
+
+/*
+** This function is invoked by the vdbe to call the xCreate method
+** of the virtual table named zTab in database iDb. 
+**
+** If an error occurs, *pzErr is set to point an an English language
+** description of the error and an SQLITE_XXX error code is returned.
+** In this case the caller must call sqlite3DbFree(db, ) on *pzErr.
+*/
+SQLITE_PRIVATE int sqlite3VtabCallCreate(sqlite3 *db, int iDb, const char *zTab, char **pzErr){
+  int rc = SQLITE_OK;
+  Table *pTab;
+  Module *pMod;
+  const char *zMod;
+
+  pTab = sqlite3FindTable(db, zTab, db->aDb[iDb].zName);
+  assert( pTab && (pTab->tabFlags & TF_Virtual)!=0 && !pTab->pVTable );
+
+  /* Locate the required virtual table module */
+  zMod = pTab->azModuleArg[0];
+  pMod = (Module*)sqlite3HashFind(&db->aModule, zMod);
+
+  /* If the module has been registered and includes a Create method, 
+  ** invoke it now. If the module has not been registered, return an 
+  ** error. Otherwise, do nothing.
+  */
+  if( pMod==0 || pMod->pModule->xCreate==0 || pMod->pModule->xDestroy==0 ){
+    *pzErr = sqlite3MPrintf(db, "no such module: %s", zMod);
+    rc = SQLITE_ERROR;
+  }else{
+    rc = vtabCallConstructor(db, pTab, pMod, pMod->pModule->xCreate, pzErr);
+  }
+
+  /* Justification of ALWAYS():  The xConstructor method is required to
+  ** create a valid sqlite3_vtab if it returns SQLITE_OK. */
+  if( rc==SQLITE_OK && ALWAYS(sqlite3GetVTable(db, pTab)) ){
+    rc = growVTrans(db);
+    if( rc==SQLITE_OK ){
+      addToVTrans(db, sqlite3GetVTable(db, pTab));
+    }
+  }
+
+  return rc;
+}
+
+/*
+** This function is used to set the schema of a virtual table.  It is only
+** valid to call this function from within the xCreate() or xConnect() of a
+** virtual table module.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_declare_vtab(sqlite3 *db, const char *zCreateTable){
+  VtabCtx *pCtx;
+  Parse *pParse;
+  int rc = SQLITE_OK;
+  Table *pTab;
+  char *zErr = 0;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zCreateTable==0 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pCtx = db->pVtabCtx;
+  if( !pCtx || pCtx->bDeclared ){
+    sqlite3Error(db, SQLITE_MISUSE);
+    sqlite3_mutex_leave(db->mutex);
+    return SQLITE_MISUSE_BKPT;
+  }
+  pTab = pCtx->pTab;
+  assert( (pTab->tabFlags & TF_Virtual)!=0 );
+
+  pParse = sqlite3StackAllocZero(db, sizeof(*pParse));
+  if( pParse==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    pParse->declareVtab = 1;
+    pParse->db = db;
+    pParse->nQueryLoop = 1;
+  
+    if( SQLITE_OK==sqlite3RunParser(pParse, zCreateTable, &zErr) 
+     && pParse->pNewTable
+     && !db->mallocFailed
+     && !pParse->pNewTable->pSelect
+     && (pParse->pNewTable->tabFlags & TF_Virtual)==0
+    ){
+      if( !pTab->aCol ){
+        pTab->aCol = pParse->pNewTable->aCol;
+        pTab->nCol = pParse->pNewTable->nCol;
+        pParse->pNewTable->nCol = 0;
+        pParse->pNewTable->aCol = 0;
+      }
+      pCtx->bDeclared = 1;
+    }else{
+      sqlite3ErrorWithMsg(db, SQLITE_ERROR, (zErr ? "%s" : 0), zErr);
+      sqlite3DbFree(db, zErr);
+      rc = SQLITE_ERROR;
+    }
+    pParse->declareVtab = 0;
+  
+    if( pParse->pVdbe ){
+      sqlite3VdbeFinalize(pParse->pVdbe);
+    }
+    sqlite3DeleteTable(db, pParse->pNewTable);
+    sqlite3ParserReset(pParse);
+    sqlite3StackFree(db, pParse);
+  }
+
+  assert( (rc&0xff)==rc );
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** This function is invoked by the vdbe to call the xDestroy method
+** of the virtual table named zTab in database iDb. This occurs
+** when a DROP TABLE is mentioned.
+**
+** This call is a no-op if zTab is not a virtual table.
+*/
+SQLITE_PRIVATE int sqlite3VtabCallDestroy(sqlite3 *db, int iDb, const char *zTab){
+  int rc = SQLITE_OK;
+  Table *pTab;
+
+  pTab = sqlite3FindTable(db, zTab, db->aDb[iDb].zName);
+  if( ALWAYS(pTab!=0 && pTab->pVTable!=0) ){
+    VTable *p;
+    int (*xDestroy)(sqlite3_vtab *);
+    for(p=pTab->pVTable; p; p=p->pNext){
+      assert( p->pVtab );
+      if( p->pVtab->nRef>0 ){
+        return SQLITE_LOCKED;
+      }
+    }
+    p = vtabDisconnectAll(db, pTab);
+    xDestroy = p->pMod->pModule->xDestroy;
+    assert( xDestroy!=0 );  /* Checked before the virtual table is created */
+    rc = xDestroy(p->pVtab);
+    /* Remove the sqlite3_vtab* from the aVTrans[] array, if applicable */
+    if( rc==SQLITE_OK ){
+      assert( pTab->pVTable==p && p->pNext==0 );
+      p->pVtab = 0;
+      pTab->pVTable = 0;
+      sqlite3VtabUnlock(p);
+    }
+  }
+
+  return rc;
+}
+
+/*
+** This function invokes either the xRollback or xCommit method
+** of each of the virtual tables in the sqlite3.aVTrans array. The method
+** called is identified by the second argument, "offset", which is
+** the offset of the method to call in the sqlite3_module structure.
+**
+** The array is cleared after invoking the callbacks. 
+*/
+static void callFinaliser(sqlite3 *db, int offset){
+  int i;
+  if( db->aVTrans ){
+    VTable **aVTrans = db->aVTrans;
+    db->aVTrans = 0;
+    for(i=0; i<db->nVTrans; i++){
+      VTable *pVTab = aVTrans[i];
+      sqlite3_vtab *p = pVTab->pVtab;
+      if( p ){
+        int (*x)(sqlite3_vtab *);
+        x = *(int (**)(sqlite3_vtab *))((char *)p->pModule + offset);
+        if( x ) x(p);
+      }
+      pVTab->iSavepoint = 0;
+      sqlite3VtabUnlock(pVTab);
+    }
+    sqlite3DbFree(db, aVTrans);
+    db->nVTrans = 0;
+  }
+}
+
+/*
+** Invoke the xSync method of all virtual tables in the sqlite3.aVTrans
+** array. Return the error code for the first error that occurs, or
+** SQLITE_OK if all xSync operations are successful.
+**
+** If an error message is available, leave it in p->zErrMsg.
+*/
+SQLITE_PRIVATE int sqlite3VtabSync(sqlite3 *db, Vdbe *p){
+  int i;
+  int rc = SQLITE_OK;
+  VTable **aVTrans = db->aVTrans;
+
+  db->aVTrans = 0;
+  for(i=0; rc==SQLITE_OK && i<db->nVTrans; i++){
+    int (*x)(sqlite3_vtab *);
+    sqlite3_vtab *pVtab = aVTrans[i]->pVtab;
+    if( pVtab && (x = pVtab->pModule->xSync)!=0 ){
+      rc = x(pVtab);
+      sqlite3VtabImportErrmsg(p, pVtab);
+    }
+  }
+  db->aVTrans = aVTrans;
+  return rc;
+}
+
+/*
+** Invoke the xRollback method of all virtual tables in the 
+** sqlite3.aVTrans array. Then clear the array itself.
+*/
+SQLITE_PRIVATE int sqlite3VtabRollback(sqlite3 *db){
+  callFinaliser(db, offsetof(sqlite3_module,xRollback));
+  return SQLITE_OK;
+}
+
+/*
+** Invoke the xCommit method of all virtual tables in the 
+** sqlite3.aVTrans array. Then clear the array itself.
+*/
+SQLITE_PRIVATE int sqlite3VtabCommit(sqlite3 *db){
+  callFinaliser(db, offsetof(sqlite3_module,xCommit));
+  return SQLITE_OK;
+}
+
+/*
+** If the virtual table pVtab supports the transaction interface
+** (xBegin/xRollback/xCommit and optionally xSync) and a transaction is
+** not currently open, invoke the xBegin method now.
+**
+** If the xBegin call is successful, place the sqlite3_vtab pointer
+** in the sqlite3.aVTrans array.
+*/
+SQLITE_PRIVATE int sqlite3VtabBegin(sqlite3 *db, VTable *pVTab){
+  int rc = SQLITE_OK;
+  const sqlite3_module *pModule;
+
+  /* Special case: If db->aVTrans is NULL and db->nVTrans is greater
+  ** than zero, then this function is being called from within a
+  ** virtual module xSync() callback. It is illegal to write to 
+  ** virtual module tables in this case, so return SQLITE_LOCKED.
+  */
+  if( sqlite3VtabInSync(db) ){
+    return SQLITE_LOCKED;
+  }
+  if( !pVTab ){
+    return SQLITE_OK;
+  } 
+  pModule = pVTab->pVtab->pModule;
+
+  if( pModule->xBegin ){
+    int i;
+
+    /* If pVtab is already in the aVTrans array, return early */
+    for(i=0; i<db->nVTrans; i++){
+      if( db->aVTrans[i]==pVTab ){
+        return SQLITE_OK;
+      }
+    }
+
+    /* Invoke the xBegin method. If successful, add the vtab to the 
+    ** sqlite3.aVTrans[] array. */
+    rc = growVTrans(db);
+    if( rc==SQLITE_OK ){
+      rc = pModule->xBegin(pVTab->pVtab);
+      if( rc==SQLITE_OK ){
+        int iSvpt = db->nStatement + db->nSavepoint;
+        addToVTrans(db, pVTab);
+        if( iSvpt ) rc = sqlite3VtabSavepoint(db, SAVEPOINT_BEGIN, iSvpt-1);
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Invoke either the xSavepoint, xRollbackTo or xRelease method of all
+** virtual tables that currently have an open transaction. Pass iSavepoint
+** as the second argument to the virtual table method invoked.
+**
+** If op is SAVEPOINT_BEGIN, the xSavepoint method is invoked. If it is
+** SAVEPOINT_ROLLBACK, the xRollbackTo method. Otherwise, if op is 
+** SAVEPOINT_RELEASE, then the xRelease method of each virtual table with
+** an open transaction is invoked.
+**
+** If any virtual table method returns an error code other than SQLITE_OK, 
+** processing is abandoned and the error returned to the caller of this
+** function immediately. If all calls to virtual table methods are successful,
+** SQLITE_OK is returned.
+*/
+SQLITE_PRIVATE int sqlite3VtabSavepoint(sqlite3 *db, int op, int iSavepoint){
+  int rc = SQLITE_OK;
+
+  assert( op==SAVEPOINT_RELEASE||op==SAVEPOINT_ROLLBACK||op==SAVEPOINT_BEGIN );
+  assert( iSavepoint>=-1 );
+  if( db->aVTrans ){
+    int i;
+    for(i=0; rc==SQLITE_OK && i<db->nVTrans; i++){
+      VTable *pVTab = db->aVTrans[i];
+      const sqlite3_module *pMod = pVTab->pMod->pModule;
+      if( pVTab->pVtab && pMod->iVersion>=2 ){
+        int (*xMethod)(sqlite3_vtab *, int);
+        switch( op ){
+          case SAVEPOINT_BEGIN:
+            xMethod = pMod->xSavepoint;
+            pVTab->iSavepoint = iSavepoint+1;
+            break;
+          case SAVEPOINT_ROLLBACK:
+            xMethod = pMod->xRollbackTo;
+            break;
+          default:
+            xMethod = pMod->xRelease;
+            break;
+        }
+        if( xMethod && pVTab->iSavepoint>iSavepoint ){
+          rc = xMethod(pVTab->pVtab, iSavepoint);
+        }
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** The first parameter (pDef) is a function implementation.  The
+** second parameter (pExpr) is the first argument to this function.
+** If pExpr is a column in a virtual table, then let the virtual
+** table implementation have an opportunity to overload the function.
+**
+** This routine is used to allow virtual table implementations to
+** overload MATCH, LIKE, GLOB, and REGEXP operators.
+**
+** Return either the pDef argument (indicating no change) or a 
+** new FuncDef structure that is marked as ephemeral using the
+** SQLITE_FUNC_EPHEM flag.
+*/
+SQLITE_PRIVATE FuncDef *sqlite3VtabOverloadFunction(
+  sqlite3 *db,    /* Database connection for reporting malloc problems */
+  FuncDef *pDef,  /* Function to possibly overload */
+  int nArg,       /* Number of arguments to the function */
+  Expr *pExpr     /* First argument to the function */
+){
+  Table *pTab;
+  sqlite3_vtab *pVtab;
+  sqlite3_module *pMod;
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**) = 0;
+  void *pArg = 0;
+  FuncDef *pNew;
+  int rc = 0;
+  char *zLowerName;
+  unsigned char *z;
+
+
+  /* Check to see the left operand is a column in a virtual table */
+  if( NEVER(pExpr==0) ) return pDef;
+  if( pExpr->op!=TK_COLUMN ) return pDef;
+  pTab = pExpr->pTab;
+  if( NEVER(pTab==0) ) return pDef;
+  if( (pTab->tabFlags & TF_Virtual)==0 ) return pDef;
+  pVtab = sqlite3GetVTable(db, pTab)->pVtab;
+  assert( pVtab!=0 );
+  assert( pVtab->pModule!=0 );
+  pMod = (sqlite3_module *)pVtab->pModule;
+  if( pMod->xFindFunction==0 ) return pDef;
+ 
+  /* Call the xFindFunction method on the virtual table implementation
+  ** to see if the implementation wants to overload this function 
+  */
+  zLowerName = sqlite3DbStrDup(db, pDef->zName);
+  if( zLowerName ){
+    for(z=(unsigned char*)zLowerName; *z; z++){
+      *z = sqlite3UpperToLower[*z];
+    }
+    rc = pMod->xFindFunction(pVtab, nArg, zLowerName, &xFunc, &pArg);
+    sqlite3DbFree(db, zLowerName);
+  }
+  if( rc==0 ){
+    return pDef;
+  }
+
+  /* Create a new ephemeral function definition for the overloaded
+  ** function */
+  pNew = sqlite3DbMallocZero(db, sizeof(*pNew)
+                             + sqlite3Strlen30(pDef->zName) + 1);
+  if( pNew==0 ){
+    return pDef;
+  }
+  *pNew = *pDef;
+  pNew->zName = (char *)&pNew[1];
+  memcpy(pNew->zName, pDef->zName, sqlite3Strlen30(pDef->zName)+1);
+  pNew->xFunc = xFunc;
+  pNew->pUserData = pArg;
+  pNew->funcFlags |= SQLITE_FUNC_EPHEM;
+  return pNew;
+}
+
+/*
+** Make sure virtual table pTab is contained in the pParse->apVirtualLock[]
+** array so that an OP_VBegin will get generated for it.  Add pTab to the
+** array if it is missing.  If pTab is already in the array, this routine
+** is a no-op.
+*/
+SQLITE_PRIVATE void sqlite3VtabMakeWritable(Parse *pParse, Table *pTab){
+  Parse *pToplevel = sqlite3ParseToplevel(pParse);
+  int i, n;
+  Table **apVtabLock;
+
+  assert( IsVirtual(pTab) );
+  for(i=0; i<pToplevel->nVtabLock; i++){
+    if( pTab==pToplevel->apVtabLock[i] ) return;
+  }
+  n = (pToplevel->nVtabLock+1)*sizeof(pToplevel->apVtabLock[0]);
+  apVtabLock = sqlite3_realloc64(pToplevel->apVtabLock, n);
+  if( apVtabLock ){
+    pToplevel->apVtabLock = apVtabLock;
+    pToplevel->apVtabLock[pToplevel->nVtabLock++] = pTab;
+  }else{
+    pToplevel->db->mallocFailed = 1;
+  }
+}
+
+/*
+** Check to see if virtual tale module pMod can be have an eponymous
+** virtual table instance.  If it can, create one if one does not already
+** exist. Return non-zero if the eponymous virtual table instance exists
+** when this routine returns, and return zero if it does not exist.
+**
+** An eponymous virtual table instance is one that is named after its
+** module, and more importantly, does not require a CREATE VIRTUAL TABLE
+** statement in order to come into existance.  Eponymous virtual table
+** instances always exist.  They cannot be DROP-ed.
+**
+** Any virtual table module for which xConnect and xCreate are the same
+** method can have an eponymous virtual table instance.
+*/
+SQLITE_PRIVATE int sqlite3VtabEponymousTableInit(Parse *pParse, Module *pMod){
+  const sqlite3_module *pModule = pMod->pModule;
+  Table *pTab;
+  char *zErr = 0;
+  int nName;
+  int rc;
+  sqlite3 *db = pParse->db;
+  if( pMod->pEpoTab ) return 1;
+  if( pModule->xCreate!=0 && pModule->xCreate!=pModule->xConnect ) return 0;
+  nName = sqlite3Strlen30(pMod->zName) + 1;
+  pTab = sqlite3DbMallocZero(db, sizeof(Table) + nName);
+  if( pTab==0 ) return 0;
+  pMod->pEpoTab = pTab;
+  pTab->zName = (char*)&pTab[1];
+  memcpy(pTab->zName, pMod->zName, nName);
+  pTab->nRef = 1;
+  pTab->pSchema = db->aDb[0].pSchema;
+  pTab->tabFlags |= TF_Virtual;
+  pTab->nModuleArg = 0;
+  pTab->iPKey = -1;
+  addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
+  addModuleArgument(db, pTab, 0);
+  addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
+  rc = vtabCallConstructor(db, pTab, pMod, pModule->xConnect, &zErr);
+  if( rc ){
+    sqlite3ErrorMsg(pParse, "%s", zErr);
+    sqlite3DbFree(db, zErr);
+    sqlite3VtabEponymousTableClear(db, pMod);
+    return 0;
+  }
+  return 1;
+}
+
+/*
+** Erase the eponymous virtual table instance associated with
+** virtual table module pMod, if it exists.
+*/
+SQLITE_PRIVATE void sqlite3VtabEponymousTableClear(sqlite3 *db, Module *pMod){
+  Table *pTab = pMod->pEpoTab;
+  if( pTab!=0 ){
+    sqlite3DeleteColumnNames(db, pTab);
+    sqlite3VtabClear(db, pTab);
+    sqlite3DbFree(db, pTab);
+    pMod->pEpoTab = 0;
+  }
+}
+
+/*
+** Return the ON CONFLICT resolution mode in effect for the virtual
+** table update operation currently in progress.
+**
+** The results of this routine are undefined unless it is called from
+** within an xUpdate method.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_vtab_on_conflict(sqlite3 *db){
+  static const unsigned char aMap[] = { 
+    SQLITE_ROLLBACK, SQLITE_ABORT, SQLITE_FAIL, SQLITE_IGNORE, SQLITE_REPLACE 
+  };
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  assert( OE_Rollback==1 && OE_Abort==2 && OE_Fail==3 );
+  assert( OE_Ignore==4 && OE_Replace==5 );
+  assert( db->vtabOnConflict>=1 && db->vtabOnConflict<=5 );
+  return (int)aMap[db->vtabOnConflict-1];
+}
+
+/*
+** Call from within the xCreate() or xConnect() methods to provide 
+** the SQLite core with additional information about the behavior
+** of the virtual table being implemented.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_vtab_config(sqlite3 *db, int op, ...){
+  va_list ap;
+  int rc = SQLITE_OK;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  va_start(ap, op);
+  switch( op ){
+    case SQLITE_VTAB_CONSTRAINT_SUPPORT: {
+      VtabCtx *p = db->pVtabCtx;
+      if( !p ){
+        rc = SQLITE_MISUSE_BKPT;
+      }else{
+        assert( p->pTab==0 || (p->pTab->tabFlags & TF_Virtual)!=0 );
+        p->pVTable->bConstraint = (u8)va_arg(ap, int);
+      }
+      break;
+    }
+    default:
+      rc = SQLITE_MISUSE_BKPT;
+      break;
+  }
+  va_end(ap);
+
+  if( rc!=SQLITE_OK ) sqlite3Error(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/************** End of vtab.c ************************************************/
+/************** Begin file wherecode.c ***************************************/
+/*
+** 2015-06-06
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This module contains C code that generates VDBE code used to process
+** the WHERE clause of SQL statements.
+**
+** This file was split off from where.c on 2015-06-06 in order to reduce the
+** size of where.c and make it easier to edit.  This file contains the routines
+** that actually generate the bulk of the WHERE loop code.  The original where.c
+** file retains the code that does query planning and analysis.
+*/
+/* #include "sqliteInt.h" */
+/************** Include whereInt.h in the middle of wherecode.c **************/
+/************** Begin file whereInt.h ****************************************/
+/*
+** 2013-11-12
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains structure and macro definitions for the query
+** planner logic in "where.c".  These definitions are broken out into
+** a separate source file for easier editing.
+*/
+
+/*
+** Trace output macros
+*/
+#if defined(SQLITE_TEST) || defined(SQLITE_DEBUG)
+/***/ int sqlite3WhereTrace;
+#endif
+#if defined(SQLITE_DEBUG) \
+    && (defined(SQLITE_TEST) || defined(SQLITE_ENABLE_WHERETRACE))
+# define WHERETRACE(K,X)  if(sqlite3WhereTrace&(K)) sqlite3DebugPrintf X
+# define WHERETRACE_ENABLED 1
+#else
+# define WHERETRACE(K,X)
+#endif
+
+/* Forward references
+*/
+typedef struct WhereClause WhereClause;
+typedef struct WhereMaskSet WhereMaskSet;
+typedef struct WhereOrInfo WhereOrInfo;
+typedef struct WhereAndInfo WhereAndInfo;
+typedef struct WhereLevel WhereLevel;
+typedef struct WhereLoop WhereLoop;
+typedef struct WherePath WherePath;
+typedef struct WhereTerm WhereTerm;
+typedef struct WhereLoopBuilder WhereLoopBuilder;
+typedef struct WhereScan WhereScan;
+typedef struct WhereOrCost WhereOrCost;
+typedef struct WhereOrSet WhereOrSet;
+
+/*
+** This object contains information needed to implement a single nested
+** loop in WHERE clause.
+**
+** Contrast this object with WhereLoop.  This object describes the
+** implementation of the loop.  WhereLoop describes the algorithm.
+** This object contains a pointer to the WhereLoop algorithm as one of
+** its elements.
+**
+** The WhereInfo object contains a single instance of this object for
+** each term in the FROM clause (which is to say, for each of the
+** nested loops as implemented).  The order of WhereLevel objects determines
+** the loop nested order, with WhereInfo.a[0] being the outer loop and
+** WhereInfo.a[WhereInfo.nLevel-1] being the inner loop.
+*/
+struct WhereLevel {
+  int iLeftJoin;        /* Memory cell used to implement LEFT OUTER JOIN */
+  int iTabCur;          /* The VDBE cursor used to access the table */
+  int iIdxCur;          /* The VDBE cursor used to access pIdx */
+  int addrBrk;          /* Jump here to break out of the loop */
+  int addrNxt;          /* Jump here to start the next IN combination */
+  int addrSkip;         /* Jump here for next iteration of skip-scan */
+  int addrCont;         /* Jump here to continue with the next loop cycle */
+  int addrFirst;        /* First instruction of interior of the loop */
+  int addrBody;         /* Beginning of the body of this loop */
+#ifndef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+  int iLikeRepCntr;     /* LIKE range processing counter register */
+  int addrLikeRep;      /* LIKE range processing address */
+#endif
+  u8 iFrom;             /* Which entry in the FROM clause */
+  u8 op, p3, p5;        /* Opcode, P3 & P5 of the opcode that ends the loop */
+  int p1, p2;           /* Operands of the opcode used to ends the loop */
+  union {               /* Information that depends on pWLoop->wsFlags */
+    struct {
+      int nIn;              /* Number of entries in aInLoop[] */
+      struct InLoop {
+        int iCur;              /* The VDBE cursor used by this IN operator */
+        int addrInTop;         /* Top of the IN loop */
+        u8 eEndLoopOp;         /* IN Loop terminator. OP_Next or OP_Prev */
+      } *aInLoop;           /* Information about each nested IN operator */
+    } in;                 /* Used when pWLoop->wsFlags&WHERE_IN_ABLE */
+    Index *pCovidx;       /* Possible covering index for WHERE_MULTI_OR */
+  } u;
+  struct WhereLoop *pWLoop;  /* The selected WhereLoop object */
+  Bitmask notReady;          /* FROM entries not usable at this level */
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+  int addrVisit;        /* Address at which row is visited */
+#endif
+};
+
+/*
+** Each instance of this object represents an algorithm for evaluating one
+** term of a join.  Every term of the FROM clause will have at least
+** one corresponding WhereLoop object (unless INDEXED BY constraints
+** prevent a query solution - which is an error) and many terms of the
+** FROM clause will have multiple WhereLoop objects, each describing a
+** potential way of implementing that FROM-clause term, together with
+** dependencies and cost estimates for using the chosen algorithm.
+**
+** Query planning consists of building up a collection of these WhereLoop
+** objects, then computing a particular sequence of WhereLoop objects, with
+** one WhereLoop object per FROM clause term, that satisfy all dependencies
+** and that minimize the overall cost.
+*/
+struct WhereLoop {
+  Bitmask prereq;       /* Bitmask of other loops that must run first */
+  Bitmask maskSelf;     /* Bitmask identifying table iTab */
+#ifdef SQLITE_DEBUG
+  char cId;             /* Symbolic ID of this loop for debugging use */
+#endif
+  u8 iTab;              /* Position in FROM clause of table for this loop */
+  u8 iSortIdx;          /* Sorting index number.  0==None */
+  LogEst rSetup;        /* One-time setup cost (ex: create transient index) */
+  LogEst rRun;          /* Cost of running each loop */
+  LogEst nOut;          /* Estimated number of output rows */
+  union {
+    struct {               /* Information for internal btree tables */
+      u16 nEq;               /* Number of equality constraints */
+      Index *pIndex;         /* Index used, or NULL */
+    } btree;
+    struct {               /* Information for virtual tables */
+      int idxNum;            /* Index number */
+      u8 needFree;           /* True if sqlite3_free(idxStr) is needed */
+      i8 isOrdered;          /* True if satisfies ORDER BY */
+      u16 omitMask;          /* Terms that may be omitted */
+      char *idxStr;          /* Index identifier string */
+    } vtab;
+  } u;
+  u32 wsFlags;          /* WHERE_* flags describing the plan */
+  u16 nLTerm;           /* Number of entries in aLTerm[] */
+  u16 nSkip;            /* Number of NULL aLTerm[] entries */
+  /**** whereLoopXfer() copies fields above ***********************/
+# define WHERE_LOOP_XFER_SZ offsetof(WhereLoop,nLSlot)
+  u16 nLSlot;           /* Number of slots allocated for aLTerm[] */
+  WhereTerm **aLTerm;   /* WhereTerms used */
+  WhereLoop *pNextLoop; /* Next WhereLoop object in the WhereClause */
+  WhereTerm *aLTermSpace[3];  /* Initial aLTerm[] space */
+};
+
+/* This object holds the prerequisites and the cost of running a
+** subquery on one operand of an OR operator in the WHERE clause.
+** See WhereOrSet for additional information 
+*/
+struct WhereOrCost {
+  Bitmask prereq;     /* Prerequisites */
+  LogEst rRun;        /* Cost of running this subquery */
+  LogEst nOut;        /* Number of outputs for this subquery */
+};
+
+/* The WhereOrSet object holds a set of possible WhereOrCosts that
+** correspond to the subquery(s) of OR-clause processing.  Only the
+** best N_OR_COST elements are retained.
+*/
+#define N_OR_COST 3
+struct WhereOrSet {
+  u16 n;                      /* Number of valid a[] entries */
+  WhereOrCost a[N_OR_COST];   /* Set of best costs */
+};
+
+/*
+** Each instance of this object holds a sequence of WhereLoop objects
+** that implement some or all of a query plan.
+**
+** Think of each WhereLoop object as a node in a graph with arcs
+** showing dependencies and costs for travelling between nodes.  (That is
+** not a completely accurate description because WhereLoop costs are a
+** vector, not a scalar, and because dependencies are many-to-one, not
+** one-to-one as are graph nodes.  But it is a useful visualization aid.)
+** Then a WherePath object is a path through the graph that visits some
+** or all of the WhereLoop objects once.
+**
+** The "solver" works by creating the N best WherePath objects of length
+** 1.  Then using those as a basis to compute the N best WherePath objects
+** of length 2.  And so forth until the length of WherePaths equals the
+** number of nodes in the FROM clause.  The best (lowest cost) WherePath
+** at the end is the chosen query plan.
+*/
+struct WherePath {
+  Bitmask maskLoop;     /* Bitmask of all WhereLoop objects in this path */
+  Bitmask revLoop;      /* aLoop[]s that should be reversed for ORDER BY */
+  LogEst nRow;          /* Estimated number of rows generated by this path */
+  LogEst rCost;         /* Total cost of this path */
+  LogEst rUnsorted;     /* Total cost of this path ignoring sorting costs */
+  i8 isOrdered;         /* No. of ORDER BY terms satisfied. -1 for unknown */
+  WhereLoop **aLoop;    /* Array of WhereLoop objects implementing this path */
+};
+
+/*
+** The query generator uses an array of instances of this structure to
+** help it analyze the subexpressions of the WHERE clause.  Each WHERE
+** clause subexpression is separated from the others by AND operators,
+** usually, or sometimes subexpressions separated by OR.
+**
+** All WhereTerms are collected into a single WhereClause structure.  
+** The following identity holds:
+**
+**        WhereTerm.pWC->a[WhereTerm.idx] == WhereTerm
+**
+** When a term is of the form:
+**
+**              X <op> <expr>
+**
+** where X is a column name and <op> is one of certain operators,
+** then WhereTerm.leftCursor and WhereTerm.u.leftColumn record the
+** cursor number and column number for X.  WhereTerm.eOperator records
+** the <op> using a bitmask encoding defined by WO_xxx below.  The
+** use of a bitmask encoding for the operator allows us to search
+** quickly for terms that match any of several different operators.
+**
+** A WhereTerm might also be two or more subterms connected by OR:
+**
+**         (t1.X <op> <expr>) OR (t1.Y <op> <expr>) OR ....
+**
+** In this second case, wtFlag has the TERM_ORINFO bit set and eOperator==WO_OR
+** and the WhereTerm.u.pOrInfo field points to auxiliary information that
+** is collected about the OR clause.
+**
+** If a term in the WHERE clause does not match either of the two previous
+** categories, then eOperator==0.  The WhereTerm.pExpr field is still set
+** to the original subexpression content and wtFlags is set up appropriately
+** but no other fields in the WhereTerm object are meaningful.
+**
+** When eOperator!=0, prereqRight and prereqAll record sets of cursor numbers,
+** but they do so indirectly.  A single WhereMaskSet structure translates
+** cursor number into bits and the translated bit is stored in the prereq
+** fields.  The translation is used in order to maximize the number of
+** bits that will fit in a Bitmask.  The VDBE cursor numbers might be
+** spread out over the non-negative integers.  For example, the cursor
+** numbers might be 3, 8, 9, 10, 20, 23, 41, and 45.  The WhereMaskSet
+** translates these sparse cursor numbers into consecutive integers
+** beginning with 0 in order to make the best possible use of the available
+** bits in the Bitmask.  So, in the example above, the cursor numbers
+** would be mapped into integers 0 through 7.
+**
+** The number of terms in a join is limited by the number of bits
+** in prereqRight and prereqAll.  The default is 64 bits, hence SQLite
+** is only able to process joins with 64 or fewer tables.
+*/
+struct WhereTerm {
+  Expr *pExpr;            /* Pointer to the subexpression that is this term */
+  int iParent;            /* Disable pWC->a[iParent] when this term disabled */
+  int leftCursor;         /* Cursor number of X in "X <op> <expr>" */
+  union {
+    int leftColumn;         /* Column number of X in "X <op> <expr>" */
+    WhereOrInfo *pOrInfo;   /* Extra information if (eOperator & WO_OR)!=0 */
+    WhereAndInfo *pAndInfo; /* Extra information if (eOperator& WO_AND)!=0 */
+  } u;
+  LogEst truthProb;       /* Probability of truth for this expression */
+  u16 eOperator;          /* A WO_xx value describing <op> */
+  u16 wtFlags;            /* TERM_xxx bit flags.  See below */
+  u8 nChild;              /* Number of children that must disable us */
+  u8 eMatchOp;            /* Op for vtab MATCH/LIKE/GLOB/REGEXP terms */
+  WhereClause *pWC;       /* The clause this term is part of */
+  Bitmask prereqRight;    /* Bitmask of tables used by pExpr->pRight */
+  Bitmask prereqAll;      /* Bitmask of tables referenced by pExpr */
+};
+
+/*
+** Allowed values of WhereTerm.wtFlags
+*/
+#define TERM_DYNAMIC    0x01   /* Need to call sqlite3ExprDelete(db, pExpr) */
+#define TERM_VIRTUAL    0x02   /* Added by the optimizer.  Do not code */
+#define TERM_CODED      0x04   /* This term is already coded */
+#define TERM_COPIED     0x08   /* Has a child */
+#define TERM_ORINFO     0x10   /* Need to free the WhereTerm.u.pOrInfo object */
+#define TERM_ANDINFO    0x20   /* Need to free the WhereTerm.u.pAndInfo obj */
+#define TERM_OR_OK      0x40   /* Used during OR-clause processing */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+#  define TERM_VNULL    0x80   /* Manufactured x>NULL or x<=NULL term */
+#else
+#  define TERM_VNULL    0x00   /* Disabled if not using stat3 */
+#endif
+#define TERM_LIKEOPT    0x100  /* Virtual terms from the LIKE optimization */
+#define TERM_LIKECOND   0x200  /* Conditionally this LIKE operator term */
+#define TERM_LIKE       0x400  /* The original LIKE operator */
+#define TERM_IS         0x800  /* Term.pExpr is an IS operator */
+
+/*
+** An instance of the WhereScan object is used as an iterator for locating
+** terms in the WHERE clause that are useful to the query planner.
+*/
+struct WhereScan {
+  WhereClause *pOrigWC;      /* Original, innermost WhereClause */
+  WhereClause *pWC;          /* WhereClause currently being scanned */
+  const char *zCollName;     /* Required collating sequence, if not NULL */
+  Expr *pIdxExpr;            /* Search for this index expression */
+  char idxaff;               /* Must match this affinity, if zCollName!=NULL */
+  unsigned char nEquiv;      /* Number of entries in aEquiv[] */
+  unsigned char iEquiv;      /* Next unused slot in aEquiv[] */
+  u32 opMask;                /* Acceptable operators */
+  int k;                     /* Resume scanning at this->pWC->a[this->k] */
+  int aiCur[11];             /* Cursors in the equivalence class */
+  i16 aiColumn[11];          /* Corresponding column number in the eq-class */
+};
+
+/*
+** An instance of the following structure holds all information about a
+** WHERE clause.  Mostly this is a container for one or more WhereTerms.
+**
+** Explanation of pOuter:  For a WHERE clause of the form
+**
+**           a AND ((b AND c) OR (d AND e)) AND f
+**
+** There are separate WhereClause objects for the whole clause and for
+** the subclauses "(b AND c)" and "(d AND e)".  The pOuter field of the
+** subclauses points to the WhereClause object for the whole clause.
+*/
+struct WhereClause {
+  WhereInfo *pWInfo;       /* WHERE clause processing context */
+  WhereClause *pOuter;     /* Outer conjunction */
+  u8 op;                   /* Split operator.  TK_AND or TK_OR */
+  int nTerm;               /* Number of terms */
+  int nSlot;               /* Number of entries in a[] */
+  WhereTerm *a;            /* Each a[] describes a term of the WHERE cluase */
+#if defined(SQLITE_SMALL_STACK)
+  WhereTerm aStatic[1];    /* Initial static space for a[] */
+#else
+  WhereTerm aStatic[8];    /* Initial static space for a[] */
+#endif
+};
+
+/*
+** A WhereTerm with eOperator==WO_OR has its u.pOrInfo pointer set to
+** a dynamically allocated instance of the following structure.
+*/
+struct WhereOrInfo {
+  WhereClause wc;          /* Decomposition into subterms */
+  Bitmask indexable;       /* Bitmask of all indexable tables in the clause */
+};
+
+/*
+** A WhereTerm with eOperator==WO_AND has its u.pAndInfo pointer set to
+** a dynamically allocated instance of the following structure.
+*/
+struct WhereAndInfo {
+  WhereClause wc;          /* The subexpression broken out */
+};
+
+/*
+** An instance of the following structure keeps track of a mapping
+** between VDBE cursor numbers and bits of the bitmasks in WhereTerm.
+**
+** The VDBE cursor numbers are small integers contained in 
+** SrcList_item.iCursor and Expr.iTable fields.  For any given WHERE 
+** clause, the cursor numbers might not begin with 0 and they might
+** contain gaps in the numbering sequence.  But we want to make maximum
+** use of the bits in our bitmasks.  This structure provides a mapping
+** from the sparse cursor numbers into consecutive integers beginning
+** with 0.
+**
+** If WhereMaskSet.ix[A]==B it means that The A-th bit of a Bitmask
+** corresponds VDBE cursor number B.  The A-th bit of a bitmask is 1<<A.
+**
+** For example, if the WHERE clause expression used these VDBE
+** cursors:  4, 5, 8, 29, 57, 73.  Then the  WhereMaskSet structure
+** would map those cursor numbers into bits 0 through 5.
+**
+** Note that the mapping is not necessarily ordered.  In the example
+** above, the mapping might go like this:  4->3, 5->1, 8->2, 29->0,
+** 57->5, 73->4.  Or one of 719 other combinations might be used. It
+** does not really matter.  What is important is that sparse cursor
+** numbers all get mapped into bit numbers that begin with 0 and contain
+** no gaps.
+*/
+struct WhereMaskSet {
+  int n;                        /* Number of assigned cursor values */
+  int ix[BMS];                  /* Cursor assigned to each bit */
+};
+
+/*
+** Initialize a WhereMaskSet object
+*/
+#define initMaskSet(P)  (P)->n=0
+
+/*
+** This object is a convenience wrapper holding all information needed
+** to construct WhereLoop objects for a particular query.
+*/
+struct WhereLoopBuilder {
+  WhereInfo *pWInfo;        /* Information about this WHERE */
+  WhereClause *pWC;         /* WHERE clause terms */
+  ExprList *pOrderBy;       /* ORDER BY clause */
+  WhereLoop *pNew;          /* Template WhereLoop */
+  WhereOrSet *pOrSet;       /* Record best loops here, if not NULL */
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  UnpackedRecord *pRec;     /* Probe for stat4 (if required) */
+  int nRecValid;            /* Number of valid fields currently in pRec */
+#endif
+};
+
+/*
+** The WHERE clause processing routine has two halves.  The
+** first part does the start of the WHERE loop and the second
+** half does the tail of the WHERE loop.  An instance of
+** this structure is returned by the first half and passed
+** into the second half to give some continuity.
+**
+** An instance of this object holds the complete state of the query
+** planner.
+*/
+struct WhereInfo {
+  Parse *pParse;            /* Parsing and code generating context */
+  SrcList *pTabList;        /* List of tables in the join */
+  ExprList *pOrderBy;       /* The ORDER BY clause or NULL */
+  ExprList *pResultSet;     /* Result set. DISTINCT operates on these */
+  WhereLoop *pLoops;        /* List of all WhereLoop objects */
+  Bitmask revMask;          /* Mask of ORDER BY terms that need reversing */
+  LogEst nRowOut;           /* Estimated number of output rows */
+  u16 wctrlFlags;           /* Flags originally passed to sqlite3WhereBegin() */
+  i8 nOBSat;                /* Number of ORDER BY terms satisfied by indices */
+  u8 sorted;                /* True if really sorted (not just grouped) */
+  u8 eOnePass;              /* ONEPASS_OFF, or _SINGLE, or _MULTI */
+  u8 untestedTerms;         /* Not all WHERE terms resolved by outer loop */
+  u8 eDistinct;             /* One of the WHERE_DISTINCT_* values below */
+  u8 nLevel;                /* Number of nested loop */
+  int iTop;                 /* The very beginning of the WHERE loop */
+  int iContinue;            /* Jump here to continue with next record */
+  int iBreak;               /* Jump here to break out of the loop */
+  int savedNQueryLoop;      /* pParse->nQueryLoop outside the WHERE loop */
+  int aiCurOnePass[2];      /* OP_OpenWrite cursors for the ONEPASS opt */
+  WhereMaskSet sMaskSet;    /* Map cursor numbers to bitmasks */
+  WhereClause sWC;          /* Decomposition of the WHERE clause */
+  WhereLevel a[1];          /* Information about each nest loop in WHERE */
+};
+
+/*
+** Private interfaces - callable only by other where.c routines.
+**
+** where.c:
+*/
+SQLITE_PRIVATE Bitmask sqlite3WhereGetMask(WhereMaskSet*,int);
+SQLITE_PRIVATE WhereTerm *sqlite3WhereFindTerm(
+  WhereClause *pWC,     /* The WHERE clause to be searched */
+  int iCur,             /* Cursor number of LHS */
+  int iColumn,          /* Column number of LHS */
+  Bitmask notReady,     /* RHS must not overlap with this mask */
+  u32 op,               /* Mask of WO_xx values describing operator */
+  Index *pIdx           /* Must be compatible with this index, if not NULL */
+);
+
+/* wherecode.c: */
+#ifndef SQLITE_OMIT_EXPLAIN
+SQLITE_PRIVATE int sqlite3WhereExplainOneScan(
+  Parse *pParse,                  /* Parse context */
+  SrcList *pTabList,              /* Table list this loop refers to */
+  WhereLevel *pLevel,             /* Scan to write OP_Explain opcode for */
+  int iLevel,                     /* Value for "level" column of output */
+  int iFrom,                      /* Value for "from" column of output */
+  u16 wctrlFlags                  /* Flags passed to sqlite3WhereBegin() */
+);
+#else
+# define sqlite3WhereExplainOneScan(u,v,w,x,y,z) 0
+#endif /* SQLITE_OMIT_EXPLAIN */
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+SQLITE_PRIVATE void sqlite3WhereAddScanStatus(
+  Vdbe *v,                        /* Vdbe to add scanstatus entry to */
+  SrcList *pSrclist,              /* FROM clause pLvl reads data from */
+  WhereLevel *pLvl,               /* Level to add scanstatus() entry for */
+  int addrExplain                 /* Address of OP_Explain (or 0) */
+);
+#else
+# define sqlite3WhereAddScanStatus(a, b, c, d) ((void)d)
+#endif
+SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
+  WhereInfo *pWInfo,   /* Complete information about the WHERE clause */
+  int iLevel,          /* Which level of pWInfo->a[] should be coded */
+  Bitmask notReady     /* Which tables are currently available */
+);
+
+/* whereexpr.c: */
+SQLITE_PRIVATE void sqlite3WhereClauseInit(WhereClause*,WhereInfo*);
+SQLITE_PRIVATE void sqlite3WhereClauseClear(WhereClause*);
+SQLITE_PRIVATE void sqlite3WhereSplit(WhereClause*,Expr*,u8);
+SQLITE_PRIVATE Bitmask sqlite3WhereExprUsage(WhereMaskSet*, Expr*);
+SQLITE_PRIVATE Bitmask sqlite3WhereExprListUsage(WhereMaskSet*, ExprList*);
+SQLITE_PRIVATE void sqlite3WhereExprAnalyze(SrcList*, WhereClause*);
+SQLITE_PRIVATE void sqlite3WhereTabFuncArgs(Parse*, struct SrcList_item*, WhereClause*);
+
+
+
+
+
+/*
+** Bitmasks for the operators on WhereTerm objects.  These are all
+** operators that are of interest to the query planner.  An
+** OR-ed combination of these values can be used when searching for
+** particular WhereTerms within a WhereClause.
+*/
+#define WO_IN     0x0001
+#define WO_EQ     0x0002
+#define WO_LT     (WO_EQ<<(TK_LT-TK_EQ))
+#define WO_LE     (WO_EQ<<(TK_LE-TK_EQ))
+#define WO_GT     (WO_EQ<<(TK_GT-TK_EQ))
+#define WO_GE     (WO_EQ<<(TK_GE-TK_EQ))
+#define WO_MATCH  0x0040
+#define WO_IS     0x0080
+#define WO_ISNULL 0x0100
+#define WO_OR     0x0200       /* Two or more OR-connected terms */
+#define WO_AND    0x0400       /* Two or more AND-connected terms */
+#define WO_EQUIV  0x0800       /* Of the form A==B, both columns */
+#define WO_NOOP   0x1000       /* This term does not restrict search space */
+
+#define WO_ALL    0x1fff       /* Mask of all possible WO_* values */
+#define WO_SINGLE 0x01ff       /* Mask of all non-compound WO_* values */
+
+/*
+** These are definitions of bits in the WhereLoop.wsFlags field.
+** The particular combination of bits in each WhereLoop help to
+** determine the algorithm that WhereLoop represents.
+*/
+#define WHERE_COLUMN_EQ    0x00000001  /* x=EXPR */
+#define WHERE_COLUMN_RANGE 0x00000002  /* x<EXPR and/or x>EXPR */
+#define WHERE_COLUMN_IN    0x00000004  /* x IN (...) */
+#define WHERE_COLUMN_NULL  0x00000008  /* x IS NULL */
+#define WHERE_CONSTRAINT   0x0000000f  /* Any of the WHERE_COLUMN_xxx values */
+#define WHERE_TOP_LIMIT    0x00000010  /* x<EXPR or x<=EXPR constraint */
+#define WHERE_BTM_LIMIT    0x00000020  /* x>EXPR or x>=EXPR constraint */
+#define WHERE_BOTH_LIMIT   0x00000030  /* Both x>EXPR and x<EXPR */
+#define WHERE_IDX_ONLY     0x00000040  /* Use index only - omit table */
+#define WHERE_IPK          0x00000100  /* x is the INTEGER PRIMARY KEY */
+#define WHERE_INDEXED      0x00000200  /* WhereLoop.u.btree.pIndex is valid */
+#define WHERE_VIRTUALTABLE 0x00000400  /* WhereLoop.u.vtab is valid */
+#define WHERE_IN_ABLE      0x00000800  /* Able to support an IN operator */
+#define WHERE_ONEROW       0x00001000  /* Selects no more than one row */
+#define WHERE_MULTI_OR     0x00002000  /* OR using multiple indices */
+#define WHERE_AUTO_INDEX   0x00004000  /* Uses an ephemeral index */
+#define WHERE_SKIPSCAN     0x00008000  /* Uses the skip-scan algorithm */
+#define WHERE_UNQ_WANTED   0x00010000  /* WHERE_ONEROW would have been helpful*/
+#define WHERE_PARTIALIDX   0x00020000  /* The automatic index is partial */
+
+/************** End of whereInt.h ********************************************/
+/************** Continuing where we left off in wherecode.c ******************/
+
+#ifndef SQLITE_OMIT_EXPLAIN
+/*
+** This routine is a helper for explainIndexRange() below
+**
+** pStr holds the text of an expression that we are building up one term
+** at a time.  This routine adds a new term to the end of the expression.
+** Terms are separated by AND so add the "AND" text for second and subsequent
+** terms only.
+*/
+static void explainAppendTerm(
+  StrAccum *pStr,             /* The text expression being built */
+  int iTerm,                  /* Index of this term.  First is zero */
+  const char *zColumn,        /* Name of the column */
+  const char *zOp             /* Name of the operator */
+){
+  if( iTerm ) sqlite3StrAccumAppend(pStr, " AND ", 5);
+  sqlite3StrAccumAppendAll(pStr, zColumn);
+  sqlite3StrAccumAppend(pStr, zOp, 1);
+  sqlite3StrAccumAppend(pStr, "?", 1);
+}
+
+/*
+** Return the name of the i-th column of the pIdx index.
+*/
+static const char *explainIndexColumnName(Index *pIdx, int i){
+  i = pIdx->aiColumn[i];
+  if( i==XN_EXPR ) return "<expr>";
+  if( i==XN_ROWID ) return "rowid";
+  return pIdx->pTable->aCol[i].zName;
+}
+
+/*
+** Argument pLevel describes a strategy for scanning table pTab. This 
+** function appends text to pStr that describes the subset of table
+** rows scanned by the strategy in the form of an SQL expression.
+**
+** For example, if the query:
+**
+**   SELECT * FROM t1 WHERE a=1 AND b>2;
+**
+** is run and there is an index on (a, b), then this function returns a
+** string similar to:
+**
+**   "a=? AND b>?"
+*/
+static void explainIndexRange(StrAccum *pStr, WhereLoop *pLoop){
+  Index *pIndex = pLoop->u.btree.pIndex;
+  u16 nEq = pLoop->u.btree.nEq;
+  u16 nSkip = pLoop->nSkip;
+  int i, j;
+
+  if( nEq==0 && (pLoop->wsFlags&(WHERE_BTM_LIMIT|WHERE_TOP_LIMIT))==0 ) return;
+  sqlite3StrAccumAppend(pStr, " (", 2);
+  for(i=0; i<nEq; i++){
+    const char *z = explainIndexColumnName(pIndex, i);
+    if( i ) sqlite3StrAccumAppend(pStr, " AND ", 5);
+    sqlite3XPrintf(pStr, 0, i>=nSkip ? "%s=?" : "ANY(%s)", z);
+  }
+
+  j = i;
+  if( pLoop->wsFlags&WHERE_BTM_LIMIT ){
+    const char *z = explainIndexColumnName(pIndex, i);
+    explainAppendTerm(pStr, i++, z, ">");
+  }
+  if( pLoop->wsFlags&WHERE_TOP_LIMIT ){
+    const char *z = explainIndexColumnName(pIndex, j);
+    explainAppendTerm(pStr, i, z, "<");
+  }
+  sqlite3StrAccumAppend(pStr, ")", 1);
+}
+
+/*
+** This function is a no-op unless currently processing an EXPLAIN QUERY PLAN
+** command, or if either SQLITE_DEBUG or SQLITE_ENABLE_STMT_SCANSTATUS was
+** defined at compile-time. If it is not a no-op, a single OP_Explain opcode 
+** is added to the output to describe the table scan strategy in pLevel.
+**
+** If an OP_Explain opcode is added to the VM, its address is returned.
+** Otherwise, if no OP_Explain is coded, zero is returned.
+*/
+SQLITE_PRIVATE int sqlite3WhereExplainOneScan(
+  Parse *pParse,                  /* Parse context */
+  SrcList *pTabList,              /* Table list this loop refers to */
+  WhereLevel *pLevel,             /* Scan to write OP_Explain opcode for */
+  int iLevel,                     /* Value for "level" column of output */
+  int iFrom,                      /* Value for "from" column of output */
+  u16 wctrlFlags                  /* Flags passed to sqlite3WhereBegin() */
+){
+  int ret = 0;
+#if !defined(SQLITE_DEBUG) && !defined(SQLITE_ENABLE_STMT_SCANSTATUS)
+  if( pParse->explain==2 )
+#endif
+  {
+    struct SrcList_item *pItem = &pTabList->a[pLevel->iFrom];
+    Vdbe *v = pParse->pVdbe;      /* VM being constructed */
+    sqlite3 *db = pParse->db;     /* Database handle */
+    int iId = pParse->iSelectId;  /* Select id (left-most output column) */
+    int isSearch;                 /* True for a SEARCH. False for SCAN. */
+    WhereLoop *pLoop;             /* The controlling WhereLoop object */
+    u32 flags;                    /* Flags that describe this loop */
+    char *zMsg;                   /* Text to add to EQP output */
+    StrAccum str;                 /* EQP output string */
+    char zBuf[100];               /* Initial space for EQP output string */
+
+    pLoop = pLevel->pWLoop;
+    flags = pLoop->wsFlags;
+    if( (flags&WHERE_MULTI_OR) || (wctrlFlags&WHERE_ONETABLE_ONLY) ) return 0;
+
+    isSearch = (flags&(WHERE_BTM_LIMIT|WHERE_TOP_LIMIT))!=0
+            || ((flags&WHERE_VIRTUALTABLE)==0 && (pLoop->u.btree.nEq>0))
+            || (wctrlFlags&(WHERE_ORDERBY_MIN|WHERE_ORDERBY_MAX));
+
+    sqlite3StrAccumInit(&str, db, zBuf, sizeof(zBuf), SQLITE_MAX_LENGTH);
+    sqlite3StrAccumAppendAll(&str, isSearch ? "SEARCH" : "SCAN");
+    if( pItem->pSelect ){
+      sqlite3XPrintf(&str, 0, " SUBQUERY %d", pItem->iSelectId);
+    }else{
+      sqlite3XPrintf(&str, 0, " TABLE %s", pItem->zName);
+    }
+
+    if( pItem->zAlias ){
+      sqlite3XPrintf(&str, 0, " AS %s", pItem->zAlias);
+    }
+    if( (flags & (WHERE_IPK|WHERE_VIRTUALTABLE))==0 ){
+      const char *zFmt = 0;
+      Index *pIdx;
+
+      assert( pLoop->u.btree.pIndex!=0 );
+      pIdx = pLoop->u.btree.pIndex;
+      assert( !(flags&WHERE_AUTO_INDEX) || (flags&WHERE_IDX_ONLY) );
+      if( !HasRowid(pItem->pTab) && IsPrimaryKeyIndex(pIdx) ){
+        if( isSearch ){
+          zFmt = "PRIMARY KEY";
+        }
+      }else if( flags & WHERE_PARTIALIDX ){
+        zFmt = "AUTOMATIC PARTIAL COVERING INDEX";
+      }else if( flags & WHERE_AUTO_INDEX ){
+        zFmt = "AUTOMATIC COVERING INDEX";
+      }else if( flags & WHERE_IDX_ONLY ){
+        zFmt = "COVERING INDEX %s";
+      }else{
+        zFmt = "INDEX %s";
+      }
+      if( zFmt ){
+        sqlite3StrAccumAppend(&str, " USING ", 7);
+        sqlite3XPrintf(&str, 0, zFmt, pIdx->zName);
+        explainIndexRange(&str, pLoop);
+      }
+    }else if( (flags & WHERE_IPK)!=0 && (flags & WHERE_CONSTRAINT)!=0 ){
+      const char *zRangeOp;
+      if( flags&(WHERE_COLUMN_EQ|WHERE_COLUMN_IN) ){
+        zRangeOp = "=";
+      }else if( (flags&WHERE_BOTH_LIMIT)==WHERE_BOTH_LIMIT ){
+        zRangeOp = ">? AND rowid<";
+      }else if( flags&WHERE_BTM_LIMIT ){
+        zRangeOp = ">";
+      }else{
+        assert( flags&WHERE_TOP_LIMIT);
+        zRangeOp = "<";
+      }
+      sqlite3XPrintf(&str, 0, " USING INTEGER PRIMARY KEY (rowid%s?)",zRangeOp);
+    }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    else if( (flags & WHERE_VIRTUALTABLE)!=0 ){
+      sqlite3XPrintf(&str, 0, " VIRTUAL TABLE INDEX %d:%s",
+                  pLoop->u.vtab.idxNum, pLoop->u.vtab.idxStr);
+    }
+#endif
+#ifdef SQLITE_EXPLAIN_ESTIMATED_ROWS
+    if( pLoop->nOut>=10 ){
+      sqlite3XPrintf(&str, 0, " (~%llu rows)", sqlite3LogEstToInt(pLoop->nOut));
+    }else{
+      sqlite3StrAccumAppend(&str, " (~1 row)", 9);
+    }
+#endif
+    zMsg = sqlite3StrAccumFinish(&str);
+    ret = sqlite3VdbeAddOp4(v, OP_Explain, iId, iLevel, iFrom, zMsg,P4_DYNAMIC);
+  }
+  return ret;
+}
+#endif /* SQLITE_OMIT_EXPLAIN */
+
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+/*
+** Configure the VM passed as the first argument with an
+** sqlite3_stmt_scanstatus() entry corresponding to the scan used to 
+** implement level pLvl. Argument pSrclist is a pointer to the FROM 
+** clause that the scan reads data from.
+**
+** If argument addrExplain is not 0, it must be the address of an 
+** OP_Explain instruction that describes the same loop.
+*/
+SQLITE_PRIVATE void sqlite3WhereAddScanStatus(
+  Vdbe *v,                        /* Vdbe to add scanstatus entry to */
+  SrcList *pSrclist,              /* FROM clause pLvl reads data from */
+  WhereLevel *pLvl,               /* Level to add scanstatus() entry for */
+  int addrExplain                 /* Address of OP_Explain (or 0) */
+){
+  const char *zObj = 0;
+  WhereLoop *pLoop = pLvl->pWLoop;
+  if( (pLoop->wsFlags & WHERE_VIRTUALTABLE)==0  &&  pLoop->u.btree.pIndex!=0 ){
+    zObj = pLoop->u.btree.pIndex->zName;
+  }else{
+    zObj = pSrclist->a[pLvl->iFrom].zName;
+  }
+  sqlite3VdbeScanStatus(
+      v, addrExplain, pLvl->addrBody, pLvl->addrVisit, pLoop->nOut, zObj
+  );
+}
+#endif
+
+
+/*
+** Disable a term in the WHERE clause.  Except, do not disable the term
+** if it controls a LEFT OUTER JOIN and it did not originate in the ON
+** or USING clause of that join.
+**
+** Consider the term t2.z='ok' in the following queries:
+**
+**   (1)  SELECT * FROM t1 LEFT JOIN t2 ON t1.a=t2.x WHERE t2.z='ok'
+**   (2)  SELECT * FROM t1 LEFT JOIN t2 ON t1.a=t2.x AND t2.z='ok'
+**   (3)  SELECT * FROM t1, t2 WHERE t1.a=t2.x AND t2.z='ok'
+**
+** The t2.z='ok' is disabled in the in (2) because it originates
+** in the ON clause.  The term is disabled in (3) because it is not part
+** of a LEFT OUTER JOIN.  In (1), the term is not disabled.
+**
+** Disabling a term causes that term to not be tested in the inner loop
+** of the join.  Disabling is an optimization.  When terms are satisfied
+** by indices, we disable them to prevent redundant tests in the inner
+** loop.  We would get the correct results if nothing were ever disabled,
+** but joins might run a little slower.  The trick is to disable as much
+** as we can without disabling too much.  If we disabled in (1), we'd get
+** the wrong answer.  See ticket #813.
+**
+** If all the children of a term are disabled, then that term is also
+** automatically disabled.  In this way, terms get disabled if derived
+** virtual terms are tested first.  For example:
+**
+**      x GLOB 'abc*' AND x>='abc' AND x<'acd'
+**      \___________/     \______/     \_____/
+**         parent          child1       child2
+**
+** Only the parent term was in the original WHERE clause.  The child1
+** and child2 terms were added by the LIKE optimization.  If both of
+** the virtual child terms are valid, then testing of the parent can be 
+** skipped.
+**
+** Usually the parent term is marked as TERM_CODED.  But if the parent
+** term was originally TERM_LIKE, then the parent gets TERM_LIKECOND instead.
+** The TERM_LIKECOND marking indicates that the term should be coded inside
+** a conditional such that is only evaluated on the second pass of a
+** LIKE-optimization loop, when scanning BLOBs instead of strings.
+*/
+static void disableTerm(WhereLevel *pLevel, WhereTerm *pTerm){
+  int nLoop = 0;
+  while( pTerm
+      && (pTerm->wtFlags & TERM_CODED)==0
+      && (pLevel->iLeftJoin==0 || ExprHasProperty(pTerm->pExpr, EP_FromJoin))
+      && (pLevel->notReady & pTerm->prereqAll)==0
+  ){
+    if( nLoop && (pTerm->wtFlags & TERM_LIKE)!=0 ){
+      pTerm->wtFlags |= TERM_LIKECOND;
+    }else{
+      pTerm->wtFlags |= TERM_CODED;
+    }
+    if( pTerm->iParent<0 ) break;
+    pTerm = &pTerm->pWC->a[pTerm->iParent];
+    pTerm->nChild--;
+    if( pTerm->nChild!=0 ) break;
+    nLoop++;
+  }
+}
+
+/*
+** Code an OP_Affinity opcode to apply the column affinity string zAff
+** to the n registers starting at base. 
+**
+** As an optimization, SQLITE_AFF_BLOB entries (which are no-ops) at the
+** beginning and end of zAff are ignored.  If all entries in zAff are
+** SQLITE_AFF_BLOB, then no code gets generated.
+**
+** This routine makes its own copy of zAff so that the caller is free
+** to modify zAff after this routine returns.
+*/
+static void codeApplyAffinity(Parse *pParse, int base, int n, char *zAff){
+  Vdbe *v = pParse->pVdbe;
+  if( zAff==0 ){
+    assert( pParse->db->mallocFailed );
+    return;
+  }
+  assert( v!=0 );
+
+  /* Adjust base and n to skip over SQLITE_AFF_BLOB entries at the beginning
+  ** and end of the affinity string.
+  */
+  while( n>0 && zAff[0]==SQLITE_AFF_BLOB ){
+    n--;
+    base++;
+    zAff++;
+  }
+  while( n>1 && zAff[n-1]==SQLITE_AFF_BLOB ){
+    n--;
+  }
+
+  /* Code the OP_Affinity opcode if there is anything left to do. */
+  if( n>0 ){
+    sqlite3VdbeAddOp2(v, OP_Affinity, base, n);
+    sqlite3VdbeChangeP4(v, -1, zAff, n);
+    sqlite3ExprCacheAffinityChange(pParse, base, n);
+  }
+}
+
+
+/*
+** Generate code for a single equality term of the WHERE clause.  An equality
+** term can be either X=expr or X IN (...).   pTerm is the term to be 
+** coded.
+**
+** The current value for the constraint is left in register iReg.
+**
+** For a constraint of the form X=expr, the expression is evaluated and its
+** result is left on the stack.  For constraints of the form X IN (...)
+** this routine sets up a loop that will iterate over all values of X.
+*/
+static int codeEqualityTerm(
+  Parse *pParse,      /* The parsing context */
+  WhereTerm *pTerm,   /* The term of the WHERE clause to be coded */
+  WhereLevel *pLevel, /* The level of the FROM clause we are working on */
+  int iEq,            /* Index of the equality term within this level */
+  int bRev,           /* True for reverse-order IN operations */
+  int iTarget         /* Attempt to leave results in this register */
+){
+  Expr *pX = pTerm->pExpr;
+  Vdbe *v = pParse->pVdbe;
+  int iReg;                  /* Register holding results */
+
+  assert( iTarget>0 );
+  if( pX->op==TK_EQ || pX->op==TK_IS ){
+    iReg = sqlite3ExprCodeTarget(pParse, pX->pRight, iTarget);
+  }else if( pX->op==TK_ISNULL ){
+    iReg = iTarget;
+    sqlite3VdbeAddOp2(v, OP_Null, 0, iReg);
+#ifndef SQLITE_OMIT_SUBQUERY
+  }else{
+    int eType;
+    int iTab;
+    struct InLoop *pIn;
+    WhereLoop *pLoop = pLevel->pWLoop;
+
+    if( (pLoop->wsFlags & WHERE_VIRTUALTABLE)==0
+      && pLoop->u.btree.pIndex!=0
+      && pLoop->u.btree.pIndex->aSortOrder[iEq]
+    ){
+      testcase( iEq==0 );
+      testcase( bRev );
+      bRev = !bRev;
+    }
+    assert( pX->op==TK_IN );
+    iReg = iTarget;
+    eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0);
+    if( eType==IN_INDEX_INDEX_DESC ){
+      testcase( bRev );
+      bRev = !bRev;
+    }
+    iTab = pX->iTable;
+    sqlite3VdbeAddOp2(v, bRev ? OP_Last : OP_Rewind, iTab, 0);
+    VdbeCoverageIf(v, bRev);
+    VdbeCoverageIf(v, !bRev);
+    assert( (pLoop->wsFlags & WHERE_MULTI_OR)==0 );
+    pLoop->wsFlags |= WHERE_IN_ABLE;
+    if( pLevel->u.in.nIn==0 ){
+      pLevel->addrNxt = sqlite3VdbeMakeLabel(v);
+    }
+    pLevel->u.in.nIn++;
+    pLevel->u.in.aInLoop =
+       sqlite3DbReallocOrFree(pParse->db, pLevel->u.in.aInLoop,
+                              sizeof(pLevel->u.in.aInLoop[0])*pLevel->u.in.nIn);
+    pIn = pLevel->u.in.aInLoop;
+    if( pIn ){
+      pIn += pLevel->u.in.nIn - 1;
+      pIn->iCur = iTab;
+      if( eType==IN_INDEX_ROWID ){
+        pIn->addrInTop = sqlite3VdbeAddOp2(v, OP_Rowid, iTab, iReg);
+      }else{
+        pIn->addrInTop = sqlite3VdbeAddOp3(v, OP_Column, iTab, 0, iReg);
+      }
+      pIn->eEndLoopOp = bRev ? OP_PrevIfOpen : OP_NextIfOpen;
+      sqlite3VdbeAddOp1(v, OP_IsNull, iReg); VdbeCoverage(v);
+    }else{
+      pLevel->u.in.nIn = 0;
+    }
+#endif
+  }
+  disableTerm(pLevel, pTerm);
+  return iReg;
+}
+
+/*
+** Generate code that will evaluate all == and IN constraints for an
+** index scan.
+**
+** For example, consider table t1(a,b,c,d,e,f) with index i1(a,b,c).
+** Suppose the WHERE clause is this:  a==5 AND b IN (1,2,3) AND c>5 AND c<10
+** The index has as many as three equality constraints, but in this
+** example, the third "c" value is an inequality.  So only two 
+** constraints are coded.  This routine will generate code to evaluate
+** a==5 and b IN (1,2,3).  The current values for a and b will be stored
+** in consecutive registers and the index of the first register is returned.
+**
+** In the example above nEq==2.  But this subroutine works for any value
+** of nEq including 0.  If nEq==0, this routine is nearly a no-op.
+** The only thing it does is allocate the pLevel->iMem memory cell and
+** compute the affinity string.
+**
+** The nExtraReg parameter is 0 or 1.  It is 0 if all WHERE clause constraints
+** are == or IN and are covered by the nEq.  nExtraReg is 1 if there is
+** an inequality constraint (such as the "c>=5 AND c<10" in the example) that
+** occurs after the nEq quality constraints.
+**
+** This routine allocates a range of nEq+nExtraReg memory cells and returns
+** the index of the first memory cell in that range. The code that
+** calls this routine will use that memory range to store keys for
+** start and termination conditions of the loop.
+** key value of the loop.  If one or more IN operators appear, then
+** this routine allocates an additional nEq memory cells for internal
+** use.
+**
+** Before returning, *pzAff is set to point to a buffer containing a
+** copy of the column affinity string of the index allocated using
+** sqlite3DbMalloc(). Except, entries in the copy of the string associated
+** with equality constraints that use BLOB or NONE affinity are set to
+** SQLITE_AFF_BLOB. This is to deal with SQL such as the following:
+**
+**   CREATE TABLE t1(a TEXT PRIMARY KEY, b);
+**   SELECT ... FROM t1 AS t2, t1 WHERE t1.a = t2.b;
+**
+** In the example above, the index on t1(a) has TEXT affinity. But since
+** the right hand side of the equality constraint (t2.b) has BLOB/NONE affinity,
+** no conversion should be attempted before using a t2.b value as part of
+** a key to search the index. Hence the first byte in the returned affinity
+** string in this example would be set to SQLITE_AFF_BLOB.
+*/
+static int codeAllEqualityTerms(
+  Parse *pParse,        /* Parsing context */
+  WhereLevel *pLevel,   /* Which nested loop of the FROM we are coding */
+  int bRev,             /* Reverse the order of IN operators */
+  int nExtraReg,        /* Number of extra registers to allocate */
+  char **pzAff          /* OUT: Set to point to affinity string */
+){
+  u16 nEq;                      /* The number of == or IN constraints to code */
+  u16 nSkip;                    /* Number of left-most columns to skip */
+  Vdbe *v = pParse->pVdbe;      /* The vm under construction */
+  Index *pIdx;                  /* The index being used for this loop */
+  WhereTerm *pTerm;             /* A single constraint term */
+  WhereLoop *pLoop;             /* The WhereLoop object */
+  int j;                        /* Loop counter */
+  int regBase;                  /* Base register */
+  int nReg;                     /* Number of registers to allocate */
+  char *zAff;                   /* Affinity string to return */
+
+  /* This module is only called on query plans that use an index. */
+  pLoop = pLevel->pWLoop;
+  assert( (pLoop->wsFlags & WHERE_VIRTUALTABLE)==0 );
+  nEq = pLoop->u.btree.nEq;
+  nSkip = pLoop->nSkip;
+  pIdx = pLoop->u.btree.pIndex;
+  assert( pIdx!=0 );
+
+  /* Figure out how many memory cells we will need then allocate them.
+  */
+  regBase = pParse->nMem + 1;
+  nReg = pLoop->u.btree.nEq + nExtraReg;
+  pParse->nMem += nReg;
+
+  zAff = sqlite3DbStrDup(pParse->db,sqlite3IndexAffinityStr(pParse->db,pIdx));
+  if( !zAff ){
+    pParse->db->mallocFailed = 1;
+  }
+
+  if( nSkip ){
+    int iIdxCur = pLevel->iIdxCur;
+    sqlite3VdbeAddOp1(v, (bRev?OP_Last:OP_Rewind), iIdxCur);
+    VdbeCoverageIf(v, bRev==0);
+    VdbeCoverageIf(v, bRev!=0);
+    VdbeComment((v, "begin skip-scan on %s", pIdx->zName));
+    j = sqlite3VdbeAddOp0(v, OP_Goto);
+    pLevel->addrSkip = sqlite3VdbeAddOp4Int(v, (bRev?OP_SeekLT:OP_SeekGT),
+                            iIdxCur, 0, regBase, nSkip);
+    VdbeCoverageIf(v, bRev==0);
+    VdbeCoverageIf(v, bRev!=0);
+    sqlite3VdbeJumpHere(v, j);
+    for(j=0; j<nSkip; j++){
+      sqlite3VdbeAddOp3(v, OP_Column, iIdxCur, j, regBase+j);
+      testcase( pIdx->aiColumn[j]==XN_EXPR );
+      VdbeComment((v, "%s", explainIndexColumnName(pIdx, j)));
+    }
+  }    
+
+  /* Evaluate the equality constraints
+  */
+  assert( zAff==0 || (int)strlen(zAff)>=nEq );
+  for(j=nSkip; j<nEq; j++){
+    int r1;
+    pTerm = pLoop->aLTerm[j];
+    assert( pTerm!=0 );
+    /* The following testcase is true for indices with redundant columns. 
+    ** Ex: CREATE INDEX i1 ON t1(a,b,a); SELECT * FROM t1 WHERE a=0 AND b=0; */
+    testcase( (pTerm->wtFlags & TERM_CODED)!=0 );
+    testcase( pTerm->wtFlags & TERM_VIRTUAL );
+    r1 = codeEqualityTerm(pParse, pTerm, pLevel, j, bRev, regBase+j);
+    if( r1!=regBase+j ){
+      if( nReg==1 ){
+        sqlite3ReleaseTempReg(pParse, regBase);
+        regBase = r1;
+      }else{
+        sqlite3VdbeAddOp2(v, OP_SCopy, r1, regBase+j);
+      }
+    }
+    testcase( pTerm->eOperator & WO_ISNULL );
+    testcase( pTerm->eOperator & WO_IN );
+    if( (pTerm->eOperator & (WO_ISNULL|WO_IN))==0 ){
+      Expr *pRight = pTerm->pExpr->pRight;
+      if( (pTerm->wtFlags & TERM_IS)==0 && sqlite3ExprCanBeNull(pRight) ){
+        sqlite3VdbeAddOp2(v, OP_IsNull, regBase+j, pLevel->addrBrk);
+        VdbeCoverage(v);
+      }
+      if( zAff ){
+        if( sqlite3CompareAffinity(pRight, zAff[j])==SQLITE_AFF_BLOB ){
+          zAff[j] = SQLITE_AFF_BLOB;
+        }
+        if( sqlite3ExprNeedsNoAffinityChange(pRight, zAff[j]) ){
+          zAff[j] = SQLITE_AFF_BLOB;
+        }
+      }
+    }
+  }
+  *pzAff = zAff;
+  return regBase;
+}
+
+#ifndef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+/*
+** If the most recently coded instruction is a constant range contraint
+** that originated from the LIKE optimization, then change the P3 to be
+** pLoop->iLikeRepCntr and set P5.
+**
+** The LIKE optimization trys to evaluate "x LIKE 'abc%'" as a range
+** expression: "x>='ABC' AND x<'abd'".  But this requires that the range
+** scan loop run twice, once for strings and a second time for BLOBs.
+** The OP_String opcodes on the second pass convert the upper and lower
+** bound string contants to blobs.  This routine makes the necessary changes
+** to the OP_String opcodes for that to happen.
+**
+** Except, of course, if SQLITE_LIKE_DOESNT_MATCH_BLOBS is defined, then
+** only the one pass through the string space is required, so this routine
+** becomes a no-op.
+*/
+static void whereLikeOptimizationStringFixup(
+  Vdbe *v,                /* prepared statement under construction */
+  WhereLevel *pLevel,     /* The loop that contains the LIKE operator */
+  WhereTerm *pTerm        /* The upper or lower bound just coded */
+){
+  if( pTerm->wtFlags & TERM_LIKEOPT ){
+    VdbeOp *pOp;
+    assert( pLevel->iLikeRepCntr>0 );
+    pOp = sqlite3VdbeGetOp(v, -1);
+    assert( pOp!=0 );
+    assert( pOp->opcode==OP_String8 
+            || pTerm->pWC->pWInfo->pParse->db->mallocFailed );
+    pOp->p3 = pLevel->iLikeRepCntr;
+    pOp->p5 = 1;
+  }
+}
+#else
+# define whereLikeOptimizationStringFixup(A,B,C)
+#endif
+
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+/*
+** Information is passed from codeCursorHint() down to individual nodes of
+** the expression tree (by sqlite3WalkExpr()) using an instance of this
+** structure.
+*/
+struct CCurHint {
+  int iTabCur;    /* Cursor for the main table */
+  int iIdxCur;    /* Cursor for the index, if pIdx!=0.  Unused otherwise */
+  Index *pIdx;    /* The index used to access the table */
+};
+
+/*
+** This function is called for every node of an expression that is a candidate
+** for a cursor hint on an index cursor.  For TK_COLUMN nodes that reference
+** the table CCurHint.iTabCur, verify that the same column can be
+** accessed through the index.  If it cannot, then set pWalker->eCode to 1.
+*/
+static int codeCursorHintCheckExpr(Walker *pWalker, Expr *pExpr){
+  struct CCurHint *pHint = pWalker->u.pCCurHint;
+  assert( pHint->pIdx!=0 );
+  if( pExpr->op==TK_COLUMN
+   && pExpr->iTable==pHint->iTabCur
+   && sqlite3ColumnOfIndex(pHint->pIdx, pExpr->iColumn)<0
+  ){
+    pWalker->eCode = 1;
+  }
+  return WRC_Continue;
+}
+
+
+/*
+** This function is called on every node of an expression tree used as an
+** argument to the OP_CursorHint instruction. If the node is a TK_COLUMN
+** that accesses any table other than the one identified by
+** CCurHint.iTabCur, then do the following:
+**
+**   1) allocate a register and code an OP_Column instruction to read 
+**      the specified column into the new register, and
+**
+**   2) transform the expression node to a TK_REGISTER node that reads 
+**      from the newly populated register.
+**
+** Also, if the node is a TK_COLUMN that does access the table idenified
+** by pCCurHint.iTabCur, and an index is being used (which we will
+** know because CCurHint.pIdx!=0) then transform the TK_COLUMN into
+** an access of the index rather than the original table.
+*/
+static int codeCursorHintFixExpr(Walker *pWalker, Expr *pExpr){
+  int rc = WRC_Continue;
+  struct CCurHint *pHint = pWalker->u.pCCurHint;
+  if( pExpr->op==TK_COLUMN ){
+    if( pExpr->iTable!=pHint->iTabCur ){
+      Vdbe *v = pWalker->pParse->pVdbe;
+      int reg = ++pWalker->pParse->nMem;   /* Register for column value */
+      sqlite3ExprCodeGetColumnOfTable(
+          v, pExpr->pTab, pExpr->iTable, pExpr->iColumn, reg
+      );
+      pExpr->op = TK_REGISTER;
+      pExpr->iTable = reg;
+    }else if( pHint->pIdx!=0 ){
+      pExpr->iTable = pHint->iIdxCur;
+      pExpr->iColumn = sqlite3ColumnOfIndex(pHint->pIdx, pExpr->iColumn);
+      assert( pExpr->iColumn>=0 );
+    }
+  }else if( pExpr->op==TK_AGG_FUNCTION ){
+    /* An aggregate function in the WHERE clause of a query means this must
+    ** be a correlated sub-query, and expression pExpr is an aggregate from
+    ** the parent context. Do not walk the function arguments in this case.
+    **
+    ** todo: It should be possible to replace this node with a TK_REGISTER
+    ** expression, as the result of the expression must be stored in a 
+    ** register at this point. The same holds for TK_AGG_COLUMN nodes. */
+    rc = WRC_Prune;
+  }
+  return rc;
+}
+
+/*
+** Insert an OP_CursorHint instruction if it is appropriate to do so.
+*/
+static void codeCursorHint(
+  WhereInfo *pWInfo,    /* The where clause */
+  WhereLevel *pLevel,   /* Which loop to provide hints for */
+  WhereTerm *pEndRange  /* Hint this end-of-scan boundary term if not NULL */
+){
+  Parse *pParse = pWInfo->pParse;
+  sqlite3 *db = pParse->db;
+  Vdbe *v = pParse->pVdbe;
+  Expr *pExpr = 0;
+  WhereLoop *pLoop = pLevel->pWLoop;
+  int iCur;
+  WhereClause *pWC;
+  WhereTerm *pTerm;
+  int i, j;
+  struct CCurHint sHint;
+  Walker sWalker;
+
+  if( OptimizationDisabled(db, SQLITE_CursorHints) ) return;
+  iCur = pLevel->iTabCur;
+  assert( iCur==pWInfo->pTabList->a[pLevel->iFrom].iCursor );
+  sHint.iTabCur = iCur;
+  sHint.iIdxCur = pLevel->iIdxCur;
+  sHint.pIdx = pLoop->u.btree.pIndex;
+  memset(&sWalker, 0, sizeof(sWalker));
+  sWalker.pParse = pParse;
+  sWalker.u.pCCurHint = &sHint;
+  pWC = &pWInfo->sWC;
+  for(i=0; i<pWC->nTerm; i++){
+    pTerm = &pWC->a[i];
+    if( pTerm->wtFlags & (TERM_VIRTUAL|TERM_CODED) ) continue;
+    if( pTerm->prereqAll & pLevel->notReady ) continue;
+    if( ExprHasProperty(pTerm->pExpr, EP_FromJoin) ) continue;
+
+    /* All terms in pWLoop->aLTerm[] except pEndRange are used to initialize
+    ** the cursor.  These terms are not needed as hints for a pure range
+    ** scan (that has no == terms) so omit them. */
+    if( pLoop->u.btree.nEq==0 && pTerm!=pEndRange ){
+      for(j=0; j<pLoop->nLTerm && pLoop->aLTerm[j]!=pTerm; j++){}
+      if( j<pLoop->nLTerm ) continue;
+    }
+
+    /* No subqueries or non-deterministic functions allowed */
+    if( sqlite3ExprContainsSubquery(pTerm->pExpr) ) continue;
+
+    /* For an index scan, make sure referenced columns are actually in
+    ** the index. */
+    if( sHint.pIdx!=0 ){
+      sWalker.eCode = 0;
+      sWalker.xExprCallback = codeCursorHintCheckExpr;
+      sqlite3WalkExpr(&sWalker, pTerm->pExpr);
+      if( sWalker.eCode ) continue;
+    }
+
+    /* If we survive all prior tests, that means this term is worth hinting */
+    pExpr = sqlite3ExprAnd(db, pExpr, sqlite3ExprDup(db, pTerm->pExpr, 0));
+  }
+  if( pExpr!=0 ){
+    sWalker.xExprCallback = codeCursorHintFixExpr;
+    sqlite3WalkExpr(&sWalker, pExpr);
+    sqlite3VdbeAddOp4(v, OP_CursorHint, 
+                      (sHint.pIdx ? sHint.iIdxCur : sHint.iTabCur), 0, 0,
+                      (const char*)pExpr, P4_EXPR);
+  }
+}
+#else
+# define codeCursorHint(A,B,C)  /* No-op */
+#endif /* SQLITE_ENABLE_CURSOR_HINTS */
+
+/*
+** Generate code for the start of the iLevel-th loop in the WHERE clause
+** implementation described by pWInfo.
+*/
+SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
+  WhereInfo *pWInfo,   /* Complete information about the WHERE clause */
+  int iLevel,          /* Which level of pWInfo->a[] should be coded */
+  Bitmask notReady     /* Which tables are currently available */
+){
+  int j, k;            /* Loop counters */
+  int iCur;            /* The VDBE cursor for the table */
+  int addrNxt;         /* Where to jump to continue with the next IN case */
+  int omitTable;       /* True if we use the index only */
+  int bRev;            /* True if we need to scan in reverse order */
+  WhereLevel *pLevel;  /* The where level to be coded */
+  WhereLoop *pLoop;    /* The WhereLoop object being coded */
+  WhereClause *pWC;    /* Decomposition of the entire WHERE clause */
+  WhereTerm *pTerm;               /* A WHERE clause term */
+  Parse *pParse;                  /* Parsing context */
+  sqlite3 *db;                    /* Database connection */
+  Vdbe *v;                        /* The prepared stmt under constructions */
+  struct SrcList_item *pTabItem;  /* FROM clause term being coded */
+  int addrBrk;                    /* Jump here to break out of the loop */
+  int addrCont;                   /* Jump here to continue with next cycle */
+  int iRowidReg = 0;        /* Rowid is stored in this register, if not zero */
+  int iReleaseReg = 0;      /* Temp register to free before returning */
+
+  pParse = pWInfo->pParse;
+  v = pParse->pVdbe;
+  pWC = &pWInfo->sWC;
+  db = pParse->db;
+  pLevel = &pWInfo->a[iLevel];
+  pLoop = pLevel->pWLoop;
+  pTabItem = &pWInfo->pTabList->a[pLevel->iFrom];
+  iCur = pTabItem->iCursor;
+  pLevel->notReady = notReady & ~sqlite3WhereGetMask(&pWInfo->sMaskSet, iCur);
+  bRev = (pWInfo->revMask>>iLevel)&1;
+  omitTable = (pLoop->wsFlags & WHERE_IDX_ONLY)!=0 
+           && (pWInfo->wctrlFlags & WHERE_FORCE_TABLE)==0;
+  VdbeModuleComment((v, "Begin WHERE-loop%d: %s",iLevel,pTabItem->pTab->zName));
+
+  /* Create labels for the "break" and "continue" instructions
+  ** for the current loop.  Jump to addrBrk to break out of a loop.
+  ** Jump to cont to go immediately to the next iteration of the
+  ** loop.
+  **
+  ** When there is an IN operator, we also have a "addrNxt" label that
+  ** means to continue with the next IN value combination.  When
+  ** there are no IN operators in the constraints, the "addrNxt" label
+  ** is the same as "addrBrk".
+  */
+  addrBrk = pLevel->addrBrk = pLevel->addrNxt = sqlite3VdbeMakeLabel(v);
+  addrCont = pLevel->addrCont = sqlite3VdbeMakeLabel(v);
+
+  /* If this is the right table of a LEFT OUTER JOIN, allocate and
+  ** initialize a memory cell that records if this table matches any
+  ** row of the left table of the join.
+  */
+  if( pLevel->iFrom>0 && (pTabItem[0].fg.jointype & JT_LEFT)!=0 ){
+    pLevel->iLeftJoin = ++pParse->nMem;
+    sqlite3VdbeAddOp2(v, OP_Integer, 0, pLevel->iLeftJoin);
+    VdbeComment((v, "init LEFT JOIN no-match flag"));
+  }
+
+  /* Special case of a FROM clause subquery implemented as a co-routine */
+  if( pTabItem->fg.viaCoroutine ){
+    int regYield = pTabItem->regReturn;
+    sqlite3VdbeAddOp3(v, OP_InitCoroutine, regYield, 0, pTabItem->addrFillSub);
+    pLevel->p2 =  sqlite3VdbeAddOp2(v, OP_Yield, regYield, addrBrk);
+    VdbeCoverage(v);
+    VdbeComment((v, "next row of \"%s\"", pTabItem->pTab->zName));
+    pLevel->op = OP_Goto;
+  }else
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  if(  (pLoop->wsFlags & WHERE_VIRTUALTABLE)!=0 ){
+    /* Case 1:  The table is a virtual-table.  Use the VFilter and VNext
+    **          to access the data.
+    */
+    int iReg;   /* P3 Value for OP_VFilter */
+    int addrNotFound;
+    int nConstraint = pLoop->nLTerm;
+
+    sqlite3ExprCachePush(pParse);
+    iReg = sqlite3GetTempRange(pParse, nConstraint+2);
+    addrNotFound = pLevel->addrBrk;
+    for(j=0; j<nConstraint; j++){
+      int iTarget = iReg+j+2;
+      pTerm = pLoop->aLTerm[j];
+      if( pTerm==0 ) continue;
+      if( pTerm->eOperator & WO_IN ){
+        codeEqualityTerm(pParse, pTerm, pLevel, j, bRev, iTarget);
+        addrNotFound = pLevel->addrNxt;
+      }else{
+        sqlite3ExprCode(pParse, pTerm->pExpr->pRight, iTarget);
+      }
+    }
+    sqlite3VdbeAddOp2(v, OP_Integer, pLoop->u.vtab.idxNum, iReg);
+    sqlite3VdbeAddOp2(v, OP_Integer, nConstraint, iReg+1);
+    sqlite3VdbeAddOp4(v, OP_VFilter, iCur, addrNotFound, iReg,
+                      pLoop->u.vtab.idxStr,
+                      pLoop->u.vtab.needFree ? P4_MPRINTF : P4_STATIC);
+    VdbeCoverage(v);
+    pLoop->u.vtab.needFree = 0;
+    for(j=0; j<nConstraint && j<16; j++){
+      if( (pLoop->u.vtab.omitMask>>j)&1 ){
+        disableTerm(pLevel, pLoop->aLTerm[j]);
+      }
+    }
+    pLevel->p1 = iCur;
+    pLevel->op = pWInfo->eOnePass ? OP_Noop : OP_VNext;
+    pLevel->p2 = sqlite3VdbeCurrentAddr(v);
+    sqlite3ReleaseTempRange(pParse, iReg, nConstraint+2);
+    sqlite3ExprCachePop(pParse);
+  }else
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+  if( (pLoop->wsFlags & WHERE_IPK)!=0
+   && (pLoop->wsFlags & (WHERE_COLUMN_IN|WHERE_COLUMN_EQ))!=0
+  ){
+    /* Case 2:  We can directly reference a single row using an
+    **          equality comparison against the ROWID field.  Or
+    **          we reference multiple rows using a "rowid IN (...)"
+    **          construct.
+    */
+    assert( pLoop->u.btree.nEq==1 );
+    pTerm = pLoop->aLTerm[0];
+    assert( pTerm!=0 );
+    assert( pTerm->pExpr!=0 );
+    assert( omitTable==0 );
+    testcase( pTerm->wtFlags & TERM_VIRTUAL );
+    iReleaseReg = ++pParse->nMem;
+    iRowidReg = codeEqualityTerm(pParse, pTerm, pLevel, 0, bRev, iReleaseReg);
+    if( iRowidReg!=iReleaseReg ) sqlite3ReleaseTempReg(pParse, iReleaseReg);
+    addrNxt = pLevel->addrNxt;
+    sqlite3VdbeAddOp2(v, OP_MustBeInt, iRowidReg, addrNxt); VdbeCoverage(v);
+    sqlite3VdbeAddOp3(v, OP_NotExists, iCur, addrNxt, iRowidReg);
+    VdbeCoverage(v);
+    sqlite3ExprCacheAffinityChange(pParse, iRowidReg, 1);
+    sqlite3ExprCacheStore(pParse, iCur, -1, iRowidReg);
+    VdbeComment((v, "pk"));
+    pLevel->op = OP_Noop;
+  }else if( (pLoop->wsFlags & WHERE_IPK)!=0
+         && (pLoop->wsFlags & WHERE_COLUMN_RANGE)!=0
+  ){
+    /* Case 3:  We have an inequality comparison against the ROWID field.
+    */
+    int testOp = OP_Noop;
+    int start;
+    int memEndValue = 0;
+    WhereTerm *pStart, *pEnd;
+
+    assert( omitTable==0 );
+    j = 0;
+    pStart = pEnd = 0;
+    if( pLoop->wsFlags & WHERE_BTM_LIMIT ) pStart = pLoop->aLTerm[j++];
+    if( pLoop->wsFlags & WHERE_TOP_LIMIT ) pEnd = pLoop->aLTerm[j++];
+    assert( pStart!=0 || pEnd!=0 );
+    if( bRev ){
+      pTerm = pStart;
+      pStart = pEnd;
+      pEnd = pTerm;
+    }
+    codeCursorHint(pWInfo, pLevel, pEnd);
+    if( pStart ){
+      Expr *pX;             /* The expression that defines the start bound */
+      int r1, rTemp;        /* Registers for holding the start boundary */
+
+      /* The following constant maps TK_xx codes into corresponding 
+      ** seek opcodes.  It depends on a particular ordering of TK_xx
+      */
+      const u8 aMoveOp[] = {
+           /* TK_GT */  OP_SeekGT,
+           /* TK_LE */  OP_SeekLE,
+           /* TK_LT */  OP_SeekLT,
+           /* TK_GE */  OP_SeekGE
+      };
+      assert( TK_LE==TK_GT+1 );      /* Make sure the ordering.. */
+      assert( TK_LT==TK_GT+2 );      /*  ... of the TK_xx values... */
+      assert( TK_GE==TK_GT+3 );      /*  ... is correcct. */
+
+      assert( (pStart->wtFlags & TERM_VNULL)==0 );
+      testcase( pStart->wtFlags & TERM_VIRTUAL );
+      pX = pStart->pExpr;
+      assert( pX!=0 );
+      testcase( pStart->leftCursor!=iCur ); /* transitive constraints */
+      r1 = sqlite3ExprCodeTemp(pParse, pX->pRight, &rTemp);
+      sqlite3VdbeAddOp3(v, aMoveOp[pX->op-TK_GT], iCur, addrBrk, r1);
+      VdbeComment((v, "pk"));
+      VdbeCoverageIf(v, pX->op==TK_GT);
+      VdbeCoverageIf(v, pX->op==TK_LE);
+      VdbeCoverageIf(v, pX->op==TK_LT);
+      VdbeCoverageIf(v, pX->op==TK_GE);
+      sqlite3ExprCacheAffinityChange(pParse, r1, 1);
+      sqlite3ReleaseTempReg(pParse, rTemp);
+      disableTerm(pLevel, pStart);
+    }else{
+      sqlite3VdbeAddOp2(v, bRev ? OP_Last : OP_Rewind, iCur, addrBrk);
+      VdbeCoverageIf(v, bRev==0);
+      VdbeCoverageIf(v, bRev!=0);
+    }
+    if( pEnd ){
+      Expr *pX;
+      pX = pEnd->pExpr;
+      assert( pX!=0 );
+      assert( (pEnd->wtFlags & TERM_VNULL)==0 );
+      testcase( pEnd->leftCursor!=iCur ); /* Transitive constraints */
+      testcase( pEnd->wtFlags & TERM_VIRTUAL );
+      memEndValue = ++pParse->nMem;
+      sqlite3ExprCode(pParse, pX->pRight, memEndValue);
+      if( pX->op==TK_LT || pX->op==TK_GT ){
+        testOp = bRev ? OP_Le : OP_Ge;
+      }else{
+        testOp = bRev ? OP_Lt : OP_Gt;
+      }
+      disableTerm(pLevel, pEnd);
+    }
+    start = sqlite3VdbeCurrentAddr(v);
+    pLevel->op = bRev ? OP_Prev : OP_Next;
+    pLevel->p1 = iCur;
+    pLevel->p2 = start;
+    assert( pLevel->p5==0 );
+    if( testOp!=OP_Noop ){
+      iRowidReg = ++pParse->nMem;
+      sqlite3VdbeAddOp2(v, OP_Rowid, iCur, iRowidReg);
+      sqlite3ExprCacheStore(pParse, iCur, -1, iRowidReg);
+      sqlite3VdbeAddOp3(v, testOp, memEndValue, addrBrk, iRowidReg);
+      VdbeCoverageIf(v, testOp==OP_Le);
+      VdbeCoverageIf(v, testOp==OP_Lt);
+      VdbeCoverageIf(v, testOp==OP_Ge);
+      VdbeCoverageIf(v, testOp==OP_Gt);
+      sqlite3VdbeChangeP5(v, SQLITE_AFF_NUMERIC | SQLITE_JUMPIFNULL);
+    }
+  }else if( pLoop->wsFlags & WHERE_INDEXED ){
+    /* Case 4: A scan using an index.
+    **
+    **         The WHERE clause may contain zero or more equality 
+    **         terms ("==" or "IN" operators) that refer to the N
+    **         left-most columns of the index. It may also contain
+    **         inequality constraints (>, <, >= or <=) on the indexed
+    **         column that immediately follows the N equalities. Only 
+    **         the right-most column can be an inequality - the rest must
+    **         use the "==" and "IN" operators. For example, if the 
+    **         index is on (x,y,z), then the following clauses are all 
+    **         optimized:
+    **
+    **            x=5
+    **            x=5 AND y=10
+    **            x=5 AND y<10
+    **            x=5 AND y>5 AND y<10
+    **            x=5 AND y=5 AND z<=10
+    **
+    **         The z<10 term of the following cannot be used, only
+    **         the x=5 term:
+    **
+    **            x=5 AND z<10
+    **
+    **         N may be zero if there are inequality constraints.
+    **         If there are no inequality constraints, then N is at
+    **         least one.
+    **
+    **         This case is also used when there are no WHERE clause
+    **         constraints but an index is selected anyway, in order
+    **         to force the output order to conform to an ORDER BY.
+    */  
+    static const u8 aStartOp[] = {
+      0,
+      0,
+      OP_Rewind,           /* 2: (!start_constraints && startEq &&  !bRev) */
+      OP_Last,             /* 3: (!start_constraints && startEq &&   bRev) */
+      OP_SeekGT,           /* 4: (start_constraints  && !startEq && !bRev) */
+      OP_SeekLT,           /* 5: (start_constraints  && !startEq &&  bRev) */
+      OP_SeekGE,           /* 6: (start_constraints  &&  startEq && !bRev) */
+      OP_SeekLE            /* 7: (start_constraints  &&  startEq &&  bRev) */
+    };
+    static const u8 aEndOp[] = {
+      OP_IdxGE,            /* 0: (end_constraints && !bRev && !endEq) */
+      OP_IdxGT,            /* 1: (end_constraints && !bRev &&  endEq) */
+      OP_IdxLE,            /* 2: (end_constraints &&  bRev && !endEq) */
+      OP_IdxLT,            /* 3: (end_constraints &&  bRev &&  endEq) */
+    };
+    u16 nEq = pLoop->u.btree.nEq;     /* Number of == or IN terms */
+    int regBase;                 /* Base register holding constraint values */
+    WhereTerm *pRangeStart = 0;  /* Inequality constraint at range start */
+    WhereTerm *pRangeEnd = 0;    /* Inequality constraint at range end */
+    int startEq;                 /* True if range start uses ==, >= or <= */
+    int endEq;                   /* True if range end uses ==, >= or <= */
+    int start_constraints;       /* Start of range is constrained */
+    int nConstraint;             /* Number of constraint terms */
+    Index *pIdx;                 /* The index we will be using */
+    int iIdxCur;                 /* The VDBE cursor for the index */
+    int nExtraReg = 0;           /* Number of extra registers needed */
+    int op;                      /* Instruction opcode */
+    char *zStartAff;             /* Affinity for start of range constraint */
+    char cEndAff = 0;            /* Affinity for end of range constraint */
+    u8 bSeekPastNull = 0;        /* True to seek past initial nulls */
+    u8 bStopAtNull = 0;          /* Add condition to terminate at NULLs */
+
+    pIdx = pLoop->u.btree.pIndex;
+    iIdxCur = pLevel->iIdxCur;
+    assert( nEq>=pLoop->nSkip );
+
+    /* If this loop satisfies a sort order (pOrderBy) request that 
+    ** was passed to this function to implement a "SELECT min(x) ..." 
+    ** query, then the caller will only allow the loop to run for
+    ** a single iteration. This means that the first row returned
+    ** should not have a NULL value stored in 'x'. If column 'x' is
+    ** the first one after the nEq equality constraints in the index,
+    ** this requires some special handling.
+    */
+    assert( pWInfo->pOrderBy==0
+         || pWInfo->pOrderBy->nExpr==1
+         || (pWInfo->wctrlFlags&WHERE_ORDERBY_MIN)==0 );
+    if( (pWInfo->wctrlFlags&WHERE_ORDERBY_MIN)!=0
+     && pWInfo->nOBSat>0
+     && (pIdx->nKeyCol>nEq)
+    ){
+      assert( pLoop->nSkip==0 );
+      bSeekPastNull = 1;
+      nExtraReg = 1;
+    }
+
+    /* Find any inequality constraint terms for the start and end 
+    ** of the range. 
+    */
+    j = nEq;
+    if( pLoop->wsFlags & WHERE_BTM_LIMIT ){
+      pRangeStart = pLoop->aLTerm[j++];
+      nExtraReg = 1;
+      /* Like optimization range constraints always occur in pairs */
+      assert( (pRangeStart->wtFlags & TERM_LIKEOPT)==0 || 
+              (pLoop->wsFlags & WHERE_TOP_LIMIT)!=0 );
+    }
+    if( pLoop->wsFlags & WHERE_TOP_LIMIT ){
+      pRangeEnd = pLoop->aLTerm[j++];
+      nExtraReg = 1;
+#ifndef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+      if( (pRangeEnd->wtFlags & TERM_LIKEOPT)!=0 ){
+        assert( pRangeStart!=0 );                     /* LIKE opt constraints */
+        assert( pRangeStart->wtFlags & TERM_LIKEOPT );   /* occur in pairs */
+        pLevel->iLikeRepCntr = ++pParse->nMem;
+        testcase( bRev );
+        testcase( pIdx->aSortOrder[nEq]==SQLITE_SO_DESC );
+        sqlite3VdbeAddOp2(v, OP_Integer,
+                          bRev ^ (pIdx->aSortOrder[nEq]==SQLITE_SO_DESC),
+                          pLevel->iLikeRepCntr);
+        VdbeComment((v, "LIKE loop counter"));
+        pLevel->addrLikeRep = sqlite3VdbeCurrentAddr(v);
+      }
+#endif
+      if( pRangeStart==0
+       && (j = pIdx->aiColumn[nEq])>=0 
+       && pIdx->pTable->aCol[j].notNull==0
+      ){
+        bSeekPastNull = 1;
+      }
+    }
+    assert( pRangeEnd==0 || (pRangeEnd->wtFlags & TERM_VNULL)==0 );
+
+    /* If we are doing a reverse order scan on an ascending index, or
+    ** a forward order scan on a descending index, interchange the 
+    ** start and end terms (pRangeStart and pRangeEnd).
+    */
+    if( (nEq<pIdx->nKeyCol && bRev==(pIdx->aSortOrder[nEq]==SQLITE_SO_ASC))
+     || (bRev && pIdx->nKeyCol==nEq)
+    ){
+      SWAP(WhereTerm *, pRangeEnd, pRangeStart);
+      SWAP(u8, bSeekPastNull, bStopAtNull);
+    }
+
+    /* Generate code to evaluate all constraint terms using == or IN
+    ** and store the values of those terms in an array of registers
+    ** starting at regBase.
+    */
+    codeCursorHint(pWInfo, pLevel, pRangeEnd);
+    regBase = codeAllEqualityTerms(pParse,pLevel,bRev,nExtraReg,&zStartAff);
+    assert( zStartAff==0 || sqlite3Strlen30(zStartAff)>=nEq );
+    if( zStartAff ) cEndAff = zStartAff[nEq];
+    addrNxt = pLevel->addrNxt;
+
+    testcase( pRangeStart && (pRangeStart->eOperator & WO_LE)!=0 );
+    testcase( pRangeStart && (pRangeStart->eOperator & WO_GE)!=0 );
+    testcase( pRangeEnd && (pRangeEnd->eOperator & WO_LE)!=0 );
+    testcase( pRangeEnd && (pRangeEnd->eOperator & WO_GE)!=0 );
+    startEq = !pRangeStart || pRangeStart->eOperator & (WO_LE|WO_GE);
+    endEq =   !pRangeEnd || pRangeEnd->eOperator & (WO_LE|WO_GE);
+    start_constraints = pRangeStart || nEq>0;
+
+    /* Seek the index cursor to the start of the range. */
+    nConstraint = nEq;
+    if( pRangeStart ){
+      Expr *pRight = pRangeStart->pExpr->pRight;
+      sqlite3ExprCode(pParse, pRight, regBase+nEq);
+      whereLikeOptimizationStringFixup(v, pLevel, pRangeStart);
+      if( (pRangeStart->wtFlags & TERM_VNULL)==0
+       && sqlite3ExprCanBeNull(pRight)
+      ){
+        sqlite3VdbeAddOp2(v, OP_IsNull, regBase+nEq, addrNxt);
+        VdbeCoverage(v);
+      }
+      if( zStartAff ){
+        if( sqlite3CompareAffinity(pRight, zStartAff[nEq])==SQLITE_AFF_BLOB){
+          /* Since the comparison is to be performed with no conversions
+          ** applied to the operands, set the affinity to apply to pRight to 
+          ** SQLITE_AFF_BLOB.  */
+          zStartAff[nEq] = SQLITE_AFF_BLOB;
+        }
+        if( sqlite3ExprNeedsNoAffinityChange(pRight, zStartAff[nEq]) ){
+          zStartAff[nEq] = SQLITE_AFF_BLOB;
+        }
+      }  
+      nConstraint++;
+      testcase( pRangeStart->wtFlags & TERM_VIRTUAL );
+    }else if( bSeekPastNull ){
+      sqlite3VdbeAddOp2(v, OP_Null, 0, regBase+nEq);
+      nConstraint++;
+      startEq = 0;
+      start_constraints = 1;
+    }
+    codeApplyAffinity(pParse, regBase, nConstraint - bSeekPastNull, zStartAff);
+    op = aStartOp[(start_constraints<<2) + (startEq<<1) + bRev];
+    assert( op!=0 );
+    sqlite3VdbeAddOp4Int(v, op, iIdxCur, addrNxt, regBase, nConstraint);
+    VdbeCoverage(v);
+    VdbeCoverageIf(v, op==OP_Rewind);  testcase( op==OP_Rewind );
+    VdbeCoverageIf(v, op==OP_Last);    testcase( op==OP_Last );
+    VdbeCoverageIf(v, op==OP_SeekGT);  testcase( op==OP_SeekGT );
+    VdbeCoverageIf(v, op==OP_SeekGE);  testcase( op==OP_SeekGE );
+    VdbeCoverageIf(v, op==OP_SeekLE);  testcase( op==OP_SeekLE );
+    VdbeCoverageIf(v, op==OP_SeekLT);  testcase( op==OP_SeekLT );
+
+    /* Load the value for the inequality constraint at the end of the
+    ** range (if any).
+    */
+    nConstraint = nEq;
+    if( pRangeEnd ){
+      Expr *pRight = pRangeEnd->pExpr->pRight;
+      sqlite3ExprCacheRemove(pParse, regBase+nEq, 1);
+      sqlite3ExprCode(pParse, pRight, regBase+nEq);
+      whereLikeOptimizationStringFixup(v, pLevel, pRangeEnd);
+      if( (pRangeEnd->wtFlags & TERM_VNULL)==0
+       && sqlite3ExprCanBeNull(pRight)
+      ){
+        sqlite3VdbeAddOp2(v, OP_IsNull, regBase+nEq, addrNxt);
+        VdbeCoverage(v);
+      }
+      if( sqlite3CompareAffinity(pRight, cEndAff)!=SQLITE_AFF_BLOB
+       && !sqlite3ExprNeedsNoAffinityChange(pRight, cEndAff)
+      ){
+        codeApplyAffinity(pParse, regBase+nEq, 1, &cEndAff);
+      }
+      nConstraint++;
+      testcase( pRangeEnd->wtFlags & TERM_VIRTUAL );
+    }else if( bStopAtNull ){
+      sqlite3VdbeAddOp2(v, OP_Null, 0, regBase+nEq);
+      endEq = 0;
+      nConstraint++;
+    }
+    sqlite3DbFree(db, zStartAff);
+
+    /* Top of the loop body */
+    pLevel->p2 = sqlite3VdbeCurrentAddr(v);
+
+    /* Check if the index cursor is past the end of the range. */
+    if( nConstraint ){
+      op = aEndOp[bRev*2 + endEq];
+      sqlite3VdbeAddOp4Int(v, op, iIdxCur, addrNxt, regBase, nConstraint);
+      testcase( op==OP_IdxGT );  VdbeCoverageIf(v, op==OP_IdxGT );
+      testcase( op==OP_IdxGE );  VdbeCoverageIf(v, op==OP_IdxGE );
+      testcase( op==OP_IdxLT );  VdbeCoverageIf(v, op==OP_IdxLT );
+      testcase( op==OP_IdxLE );  VdbeCoverageIf(v, op==OP_IdxLE );
+    }
+
+    /* Seek the table cursor, if required */
+    disableTerm(pLevel, pRangeStart);
+    disableTerm(pLevel, pRangeEnd);
+    if( omitTable ){
+      /* pIdx is a covering index.  No need to access the main table. */
+    }else if( HasRowid(pIdx->pTable) ){
+      iRowidReg = ++pParse->nMem;
+      sqlite3VdbeAddOp2(v, OP_IdxRowid, iIdxCur, iRowidReg);
+      sqlite3ExprCacheStore(pParse, iCur, -1, iRowidReg);
+      if( pWInfo->eOnePass!=ONEPASS_OFF ){
+        sqlite3VdbeAddOp3(v, OP_NotExists, iCur, 0, iRowidReg);
+        VdbeCoverage(v);
+      }else{
+        sqlite3VdbeAddOp2(v, OP_Seek, iCur, iRowidReg);  /* Deferred seek */
+      }
+    }else if( iCur!=iIdxCur ){
+      Index *pPk = sqlite3PrimaryKeyIndex(pIdx->pTable);
+      iRowidReg = sqlite3GetTempRange(pParse, pPk->nKeyCol);
+      for(j=0; j<pPk->nKeyCol; j++){
+        k = sqlite3ColumnOfIndex(pIdx, pPk->aiColumn[j]);
+        sqlite3VdbeAddOp3(v, OP_Column, iIdxCur, k, iRowidReg+j);
+      }
+      sqlite3VdbeAddOp4Int(v, OP_NotFound, iCur, addrCont,
+                           iRowidReg, pPk->nKeyCol); VdbeCoverage(v);
+    }
+
+    /* Record the instruction used to terminate the loop. Disable 
+    ** WHERE clause terms made redundant by the index range scan.
+    */
+    if( pLoop->wsFlags & WHERE_ONEROW ){
+      pLevel->op = OP_Noop;
+    }else if( bRev ){
+      pLevel->op = OP_Prev;
+    }else{
+      pLevel->op = OP_Next;
+    }
+    pLevel->p1 = iIdxCur;
+    pLevel->p3 = (pLoop->wsFlags&WHERE_UNQ_WANTED)!=0 ? 1:0;
+    if( (pLoop->wsFlags & WHERE_CONSTRAINT)==0 ){
+      pLevel->p5 = SQLITE_STMTSTATUS_FULLSCAN_STEP;
+    }else{
+      assert( pLevel->p5==0 );
+    }
+  }else
+
+#ifndef SQLITE_OMIT_OR_OPTIMIZATION
+  if( pLoop->wsFlags & WHERE_MULTI_OR ){
+    /* Case 5:  Two or more separately indexed terms connected by OR
+    **
+    ** Example:
+    **
+    **   CREATE TABLE t1(a,b,c,d);
+    **   CREATE INDEX i1 ON t1(a);
+    **   CREATE INDEX i2 ON t1(b);
+    **   CREATE INDEX i3 ON t1(c);
+    **
+    **   SELECT * FROM t1 WHERE a=5 OR b=7 OR (c=11 AND d=13)
+    **
+    ** In the example, there are three indexed terms connected by OR.
+    ** The top of the loop looks like this:
+    **
+    **          Null       1                # Zero the rowset in reg 1
+    **
+    ** Then, for each indexed term, the following. The arguments to
+    ** RowSetTest are such that the rowid of the current row is inserted
+    ** into the RowSet. If it is already present, control skips the
+    ** Gosub opcode and jumps straight to the code generated by WhereEnd().
+    **
+    **        sqlite3WhereBegin(<term>)
+    **          RowSetTest                  # Insert rowid into rowset
+    **          Gosub      2 A
+    **        sqlite3WhereEnd()
+    **
+    ** Following the above, code to terminate the loop. Label A, the target
+    ** of the Gosub above, jumps to the instruction right after the Goto.
+    **
+    **          Null       1                # Zero the rowset in reg 1
+    **          Goto       B                # The loop is finished.
+    **
+    **       A: <loop body>                 # Return data, whatever.
+    **
+    **          Return     2                # Jump back to the Gosub
+    **
+    **       B: <after the loop>
+    **
+    ** Added 2014-05-26: If the table is a WITHOUT ROWID table, then
+    ** use an ephemeral index instead of a RowSet to record the primary
+    ** keys of the rows we have already seen.
+    **
+    */
+    WhereClause *pOrWc;    /* The OR-clause broken out into subterms */
+    SrcList *pOrTab;       /* Shortened table list or OR-clause generation */
+    Index *pCov = 0;             /* Potential covering index (or NULL) */
+    int iCovCur = pParse->nTab++;  /* Cursor used for index scans (if any) */
+
+    int regReturn = ++pParse->nMem;           /* Register used with OP_Gosub */
+    int regRowset = 0;                        /* Register for RowSet object */
+    int regRowid = 0;                         /* Register holding rowid */
+    int iLoopBody = sqlite3VdbeMakeLabel(v);  /* Start of loop body */
+    int iRetInit;                             /* Address of regReturn init */
+    int untestedTerms = 0;             /* Some terms not completely tested */
+    int ii;                            /* Loop counter */
+    u16 wctrlFlags;                    /* Flags for sub-WHERE clause */
+    Expr *pAndExpr = 0;                /* An ".. AND (...)" expression */
+    Table *pTab = pTabItem->pTab;
+   
+    pTerm = pLoop->aLTerm[0];
+    assert( pTerm!=0 );
+    assert( pTerm->eOperator & WO_OR );
+    assert( (pTerm->wtFlags & TERM_ORINFO)!=0 );
+    pOrWc = &pTerm->u.pOrInfo->wc;
+    pLevel->op = OP_Return;
+    pLevel->p1 = regReturn;
+
+    /* Set up a new SrcList in pOrTab containing the table being scanned
+    ** by this loop in the a[0] slot and all notReady tables in a[1..] slots.
+    ** This becomes the SrcList in the recursive call to sqlite3WhereBegin().
+    */
+    if( pWInfo->nLevel>1 ){
+      int nNotReady;                 /* The number of notReady tables */
+      struct SrcList_item *origSrc;     /* Original list of tables */
+      nNotReady = pWInfo->nLevel - iLevel - 1;
+      pOrTab = sqlite3StackAllocRaw(db,
+                            sizeof(*pOrTab)+ nNotReady*sizeof(pOrTab->a[0]));
+      if( pOrTab==0 ) return notReady;
+      pOrTab->nAlloc = (u8)(nNotReady + 1);
+      pOrTab->nSrc = pOrTab->nAlloc;
+      memcpy(pOrTab->a, pTabItem, sizeof(*pTabItem));
+      origSrc = pWInfo->pTabList->a;
+      for(k=1; k<=nNotReady; k++){
+        memcpy(&pOrTab->a[k], &origSrc[pLevel[k].iFrom], sizeof(pOrTab->a[k]));
+      }
+    }else{
+      pOrTab = pWInfo->pTabList;
+    }
+
+    /* Initialize the rowset register to contain NULL. An SQL NULL is 
+    ** equivalent to an empty rowset.  Or, create an ephemeral index
+    ** capable of holding primary keys in the case of a WITHOUT ROWID.
+    **
+    ** Also initialize regReturn to contain the address of the instruction 
+    ** immediately following the OP_Return at the bottom of the loop. This
+    ** is required in a few obscure LEFT JOIN cases where control jumps
+    ** over the top of the loop into the body of it. In this case the 
+    ** correct response for the end-of-loop code (the OP_Return) is to 
+    ** fall through to the next instruction, just as an OP_Next does if
+    ** called on an uninitialized cursor.
+    */
+    if( (pWInfo->wctrlFlags & WHERE_DUPLICATES_OK)==0 ){
+      if( HasRowid(pTab) ){
+        regRowset = ++pParse->nMem;
+        sqlite3VdbeAddOp2(v, OP_Null, 0, regRowset);
+      }else{
+        Index *pPk = sqlite3PrimaryKeyIndex(pTab);
+        regRowset = pParse->nTab++;
+        sqlite3VdbeAddOp2(v, OP_OpenEphemeral, regRowset, pPk->nKeyCol);
+        sqlite3VdbeSetP4KeyInfo(pParse, pPk);
+      }
+      regRowid = ++pParse->nMem;
+    }
+    iRetInit = sqlite3VdbeAddOp2(v, OP_Integer, 0, regReturn);
+
+    /* If the original WHERE clause is z of the form:  (x1 OR x2 OR ...) AND y
+    ** Then for every term xN, evaluate as the subexpression: xN AND z
+    ** That way, terms in y that are factored into the disjunction will
+    ** be picked up by the recursive calls to sqlite3WhereBegin() below.
+    **
+    ** Actually, each subexpression is converted to "xN AND w" where w is
+    ** the "interesting" terms of z - terms that did not originate in the
+    ** ON or USING clause of a LEFT JOIN, and terms that are usable as 
+    ** indices.
+    **
+    ** This optimization also only applies if the (x1 OR x2 OR ...) term
+    ** is not contained in the ON clause of a LEFT JOIN.
+    ** See ticket http://www.sqlite.org/src/info/f2369304e4
+    */
+    if( pWC->nTerm>1 ){
+      int iTerm;
+      for(iTerm=0; iTerm<pWC->nTerm; iTerm++){
+        Expr *pExpr = pWC->a[iTerm].pExpr;
+        if( &pWC->a[iTerm] == pTerm ) continue;
+        if( ExprHasProperty(pExpr, EP_FromJoin) ) continue;
+        if( (pWC->a[iTerm].wtFlags & TERM_VIRTUAL)!=0 ) continue;
+        if( (pWC->a[iTerm].eOperator & WO_ALL)==0 ) continue;
+        testcase( pWC->a[iTerm].wtFlags & TERM_ORINFO );
+        pExpr = sqlite3ExprDup(db, pExpr, 0);
+        pAndExpr = sqlite3ExprAnd(db, pAndExpr, pExpr);
+      }
+      if( pAndExpr ){
+        pAndExpr = sqlite3PExpr(pParse, TK_AND|TKFLG_DONTFOLD, 0, pAndExpr, 0);
+      }
+    }
+
+    /* Run a separate WHERE clause for each term of the OR clause.  After
+    ** eliminating duplicates from other WHERE clauses, the action for each
+    ** sub-WHERE clause is to to invoke the main loop body as a subroutine.
+    */
+    wctrlFlags =  WHERE_OMIT_OPEN_CLOSE
+                | WHERE_FORCE_TABLE
+                | WHERE_ONETABLE_ONLY
+                | WHERE_NO_AUTOINDEX;
+    for(ii=0; ii<pOrWc->nTerm; ii++){
+      WhereTerm *pOrTerm = &pOrWc->a[ii];
+      if( pOrTerm->leftCursor==iCur || (pOrTerm->eOperator & WO_AND)!=0 ){
+        WhereInfo *pSubWInfo;           /* Info for single OR-term scan */
+        Expr *pOrExpr = pOrTerm->pExpr; /* Current OR clause term */
+        int jmp1 = 0;                   /* Address of jump operation */
+        if( pAndExpr && !ExprHasProperty(pOrExpr, EP_FromJoin) ){
+          pAndExpr->pLeft = pOrExpr;
+          pOrExpr = pAndExpr;
+        }
+        /* Loop through table entries that match term pOrTerm. */
+        WHERETRACE(0xffff, ("Subplan for OR-clause:\n"));
+        pSubWInfo = sqlite3WhereBegin(pParse, pOrTab, pOrExpr, 0, 0,
+                                      wctrlFlags, iCovCur);
+        assert( pSubWInfo || pParse->nErr || db->mallocFailed );
+        if( pSubWInfo ){
+          WhereLoop *pSubLoop;
+          int addrExplain = sqlite3WhereExplainOneScan(
+              pParse, pOrTab, &pSubWInfo->a[0], iLevel, pLevel->iFrom, 0
+          );
+          sqlite3WhereAddScanStatus(v, pOrTab, &pSubWInfo->a[0], addrExplain);
+
+          /* This is the sub-WHERE clause body.  First skip over
+          ** duplicate rows from prior sub-WHERE clauses, and record the
+          ** rowid (or PRIMARY KEY) for the current row so that the same
+          ** row will be skipped in subsequent sub-WHERE clauses.
+          */
+          if( (pWInfo->wctrlFlags & WHERE_DUPLICATES_OK)==0 ){
+            int r;
+            int iSet = ((ii==pOrWc->nTerm-1)?-1:ii);
+            if( HasRowid(pTab) ){
+              r = sqlite3ExprCodeGetColumn(pParse, pTab, -1, iCur, regRowid, 0);
+              jmp1 = sqlite3VdbeAddOp4Int(v, OP_RowSetTest, regRowset, 0,
+                                           r,iSet);
+              VdbeCoverage(v);
+            }else{
+              Index *pPk = sqlite3PrimaryKeyIndex(pTab);
+              int nPk = pPk->nKeyCol;
+              int iPk;
+
+              /* Read the PK into an array of temp registers. */
+              r = sqlite3GetTempRange(pParse, nPk);
+              for(iPk=0; iPk<nPk; iPk++){
+                int iCol = pPk->aiColumn[iPk];
+                sqlite3ExprCodeGetColumnToReg(pParse, pTab, iCol, iCur, r+iPk);
+              }
+
+              /* Check if the temp table already contains this key. If so,
+              ** the row has already been included in the result set and
+              ** can be ignored (by jumping past the Gosub below). Otherwise,
+              ** insert the key into the temp table and proceed with processing
+              ** the row.
+              **
+              ** Use some of the same optimizations as OP_RowSetTest: If iSet
+              ** is zero, assume that the key cannot already be present in
+              ** the temp table. And if iSet is -1, assume that there is no 
+              ** need to insert the key into the temp table, as it will never 
+              ** be tested for.  */ 
+              if( iSet ){
+                jmp1 = sqlite3VdbeAddOp4Int(v, OP_Found, regRowset, 0, r, nPk);
+                VdbeCoverage(v);
+              }
+              if( iSet>=0 ){
+                sqlite3VdbeAddOp3(v, OP_MakeRecord, r, nPk, regRowid);
+                sqlite3VdbeAddOp3(v, OP_IdxInsert, regRowset, regRowid, 0);
+                if( iSet ) sqlite3VdbeChangeP5(v, OPFLAG_USESEEKRESULT);
+              }
+
+              /* Release the array of temp registers */
+              sqlite3ReleaseTempRange(pParse, r, nPk);
+            }
+          }
+
+          /* Invoke the main loop body as a subroutine */
+          sqlite3VdbeAddOp2(v, OP_Gosub, regReturn, iLoopBody);
+
+          /* Jump here (skipping the main loop body subroutine) if the
+          ** current sub-WHERE row is a duplicate from prior sub-WHEREs. */
+          if( jmp1 ) sqlite3VdbeJumpHere(v, jmp1);
+
+          /* The pSubWInfo->untestedTerms flag means that this OR term
+          ** contained one or more AND term from a notReady table.  The
+          ** terms from the notReady table could not be tested and will
+          ** need to be tested later.
+          */
+          if( pSubWInfo->untestedTerms ) untestedTerms = 1;
+
+          /* If all of the OR-connected terms are optimized using the same
+          ** index, and the index is opened using the same cursor number
+          ** by each call to sqlite3WhereBegin() made by this loop, it may
+          ** be possible to use that index as a covering index.
+          **
+          ** If the call to sqlite3WhereBegin() above resulted in a scan that
+          ** uses an index, and this is either the first OR-connected term
+          ** processed or the index is the same as that used by all previous
+          ** terms, set pCov to the candidate covering index. Otherwise, set 
+          ** pCov to NULL to indicate that no candidate covering index will 
+          ** be available.
+          */
+          pSubLoop = pSubWInfo->a[0].pWLoop;
+          assert( (pSubLoop->wsFlags & WHERE_AUTO_INDEX)==0 );
+          if( (pSubLoop->wsFlags & WHERE_INDEXED)!=0
+           && (ii==0 || pSubLoop->u.btree.pIndex==pCov)
+           && (HasRowid(pTab) || !IsPrimaryKeyIndex(pSubLoop->u.btree.pIndex))
+          ){
+            assert( pSubWInfo->a[0].iIdxCur==iCovCur );
+            pCov = pSubLoop->u.btree.pIndex;
+            wctrlFlags |= WHERE_REOPEN_IDX;
+          }else{
+            pCov = 0;
+          }
+
+          /* Finish the loop through table entries that match term pOrTerm. */
+          sqlite3WhereEnd(pSubWInfo);
+        }
+      }
+    }
+    pLevel->u.pCovidx = pCov;
+    if( pCov ) pLevel->iIdxCur = iCovCur;
+    if( pAndExpr ){
+      pAndExpr->pLeft = 0;
+      sqlite3ExprDelete(db, pAndExpr);
+    }
+    sqlite3VdbeChangeP1(v, iRetInit, sqlite3VdbeCurrentAddr(v));
+    sqlite3VdbeGoto(v, pLevel->addrBrk);
+    sqlite3VdbeResolveLabel(v, iLoopBody);
+
+    if( pWInfo->nLevel>1 ) sqlite3StackFree(db, pOrTab);
+    if( !untestedTerms ) disableTerm(pLevel, pTerm);
+  }else
+#endif /* SQLITE_OMIT_OR_OPTIMIZATION */
+
+  {
+    /* Case 6:  There is no usable index.  We must do a complete
+    **          scan of the entire table.
+    */
+    static const u8 aStep[] = { OP_Next, OP_Prev };
+    static const u8 aStart[] = { OP_Rewind, OP_Last };
+    assert( bRev==0 || bRev==1 );
+    if( pTabItem->fg.isRecursive ){
+      /* Tables marked isRecursive have only a single row that is stored in
+      ** a pseudo-cursor.  No need to Rewind or Next such cursors. */
+      pLevel->op = OP_Noop;
+    }else{
+      codeCursorHint(pWInfo, pLevel, 0);
+      pLevel->op = aStep[bRev];
+      pLevel->p1 = iCur;
+      pLevel->p2 = 1 + sqlite3VdbeAddOp2(v, aStart[bRev], iCur, addrBrk);
+      VdbeCoverageIf(v, bRev==0);
+      VdbeCoverageIf(v, bRev!=0);
+      pLevel->p5 = SQLITE_STMTSTATUS_FULLSCAN_STEP;
+    }
+  }
+
+#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
+  pLevel->addrVisit = sqlite3VdbeCurrentAddr(v);
+#endif
+
+  /* Insert code to test every subexpression that can be completely
+  ** computed using the current set of tables.
+  */
+  for(pTerm=pWC->a, j=pWC->nTerm; j>0; j--, pTerm++){
+    Expr *pE;
+    int skipLikeAddr = 0;
+    testcase( pTerm->wtFlags & TERM_VIRTUAL );
+    testcase( pTerm->wtFlags & TERM_CODED );
+    if( pTerm->wtFlags & (TERM_VIRTUAL|TERM_CODED) ) continue;
+    if( (pTerm->prereqAll & pLevel->notReady)!=0 ){
+      testcase( pWInfo->untestedTerms==0
+               && (pWInfo->wctrlFlags & WHERE_ONETABLE_ONLY)!=0 );
+      pWInfo->untestedTerms = 1;
+      continue;
+    }
+    pE = pTerm->pExpr;
+    assert( pE!=0 );
+    if( pLevel->iLeftJoin && !ExprHasProperty(pE, EP_FromJoin) ){
+      continue;
+    }
+    if( pTerm->wtFlags & TERM_LIKECOND ){
+#ifdef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+      continue;
+#else
+      assert( pLevel->iLikeRepCntr>0 );
+      skipLikeAddr = sqlite3VdbeAddOp1(v, OP_IfNot, pLevel->iLikeRepCntr);
+      VdbeCoverage(v);
+#endif
+    }
+    sqlite3ExprIfFalse(pParse, pE, addrCont, SQLITE_JUMPIFNULL);
+    if( skipLikeAddr ) sqlite3VdbeJumpHere(v, skipLikeAddr);
+    pTerm->wtFlags |= TERM_CODED;
+  }
+
+  /* Insert code to test for implied constraints based on transitivity
+  ** of the "==" operator.
+  **
+  ** Example: If the WHERE clause contains "t1.a=t2.b" and "t2.b=123"
+  ** and we are coding the t1 loop and the t2 loop has not yet coded,
+  ** then we cannot use the "t1.a=t2.b" constraint, but we can code
+  ** the implied "t1.a=123" constraint.
+  */
+  for(pTerm=pWC->a, j=pWC->nTerm; j>0; j--, pTerm++){
+    Expr *pE, *pEAlt;
+    WhereTerm *pAlt;
+    if( pTerm->wtFlags & (TERM_VIRTUAL|TERM_CODED) ) continue;
+    if( (pTerm->eOperator & (WO_EQ|WO_IS))==0 ) continue;
+    if( (pTerm->eOperator & WO_EQUIV)==0 ) continue;
+    if( pTerm->leftCursor!=iCur ) continue;
+    if( pLevel->iLeftJoin ) continue;
+    pE = pTerm->pExpr;
+    assert( !ExprHasProperty(pE, EP_FromJoin) );
+    assert( (pTerm->prereqRight & pLevel->notReady)!=0 );
+    pAlt = sqlite3WhereFindTerm(pWC, iCur, pTerm->u.leftColumn, notReady,
+                    WO_EQ|WO_IN|WO_IS, 0);
+    if( pAlt==0 ) continue;
+    if( pAlt->wtFlags & (TERM_CODED) ) continue;
+    testcase( pAlt->eOperator & WO_EQ );
+    testcase( pAlt->eOperator & WO_IS );
+    testcase( pAlt->eOperator & WO_IN );
+    VdbeModuleComment((v, "begin transitive constraint"));
+    pEAlt = sqlite3StackAllocRaw(db, sizeof(*pEAlt));
+    if( pEAlt ){
+      *pEAlt = *pAlt->pExpr;
+      pEAlt->pLeft = pE->pLeft;
+      sqlite3ExprIfFalse(pParse, pEAlt, addrCont, SQLITE_JUMPIFNULL);
+      sqlite3StackFree(db, pEAlt);
+    }
+  }
+
+  /* For a LEFT OUTER JOIN, generate code that will record the fact that
+  ** at least one row of the right table has matched the left table.  
+  */
+  if( pLevel->iLeftJoin ){
+    pLevel->addrFirst = sqlite3VdbeCurrentAddr(v);
+    sqlite3VdbeAddOp2(v, OP_Integer, 1, pLevel->iLeftJoin);
+    VdbeComment((v, "record LEFT JOIN hit"));
+    sqlite3ExprCacheClear(pParse);
+    for(pTerm=pWC->a, j=0; j<pWC->nTerm; j++, pTerm++){
+      testcase( pTerm->wtFlags & TERM_VIRTUAL );
+      testcase( pTerm->wtFlags & TERM_CODED );
+      if( pTerm->wtFlags & (TERM_VIRTUAL|TERM_CODED) ) continue;
+      if( (pTerm->prereqAll & pLevel->notReady)!=0 ){
+        assert( pWInfo->untestedTerms );
+        continue;
+      }
+      assert( pTerm->pExpr );
+      sqlite3ExprIfFalse(pParse, pTerm->pExpr, addrCont, SQLITE_JUMPIFNULL);
+      pTerm->wtFlags |= TERM_CODED;
+    }
+  }
+
+  return pLevel->notReady;
+}
+
+/************** End of wherecode.c *******************************************/
+/************** Begin file whereexpr.c ***************************************/
+/*
+** 2015-06-08
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This module contains C code that generates VDBE code used to process
+** the WHERE clause of SQL statements.
+**
+** This file was originally part of where.c but was split out to improve
+** readability and editabiliity.  This file contains utility routines for
+** analyzing Expr objects in the WHERE clause.
+*/
+/* #include "sqliteInt.h" */
+/* #include "whereInt.h" */
+
+/* Forward declarations */
+static void exprAnalyze(SrcList*, WhereClause*, int);
+
+/*
+** Deallocate all memory associated with a WhereOrInfo object.
+*/
+static void whereOrInfoDelete(sqlite3 *db, WhereOrInfo *p){
+  sqlite3WhereClauseClear(&p->wc);
+  sqlite3DbFree(db, p);
+}
+
+/*
+** Deallocate all memory associated with a WhereAndInfo object.
+*/
+static void whereAndInfoDelete(sqlite3 *db, WhereAndInfo *p){
+  sqlite3WhereClauseClear(&p->wc);
+  sqlite3DbFree(db, p);
+}
+
+/*
+** Add a single new WhereTerm entry to the WhereClause object pWC.
+** The new WhereTerm object is constructed from Expr p and with wtFlags.
+** The index in pWC->a[] of the new WhereTerm is returned on success.
+** 0 is returned if the new WhereTerm could not be added due to a memory
+** allocation error.  The memory allocation failure will be recorded in
+** the db->mallocFailed flag so that higher-level functions can detect it.
+**
+** This routine will increase the size of the pWC->a[] array as necessary.
+**
+** If the wtFlags argument includes TERM_DYNAMIC, then responsibility
+** for freeing the expression p is assumed by the WhereClause object pWC.
+** This is true even if this routine fails to allocate a new WhereTerm.
+**
+** WARNING:  This routine might reallocate the space used to store
+** WhereTerms.  All pointers to WhereTerms should be invalidated after
+** calling this routine.  Such pointers may be reinitialized by referencing
+** the pWC->a[] array.
+*/
+static int whereClauseInsert(WhereClause *pWC, Expr *p, u16 wtFlags){
+  WhereTerm *pTerm;
+  int idx;
+  testcase( wtFlags & TERM_VIRTUAL );
+  if( pWC->nTerm>=pWC->nSlot ){
+    WhereTerm *pOld = pWC->a;
+    sqlite3 *db = pWC->pWInfo->pParse->db;
+    pWC->a = sqlite3DbMallocRaw(db, sizeof(pWC->a[0])*pWC->nSlot*2 );
+    if( pWC->a==0 ){
+      if( wtFlags & TERM_DYNAMIC ){
+        sqlite3ExprDelete(db, p);
+      }
+      pWC->a = pOld;
+      return 0;
+    }
+    memcpy(pWC->a, pOld, sizeof(pWC->a[0])*pWC->nTerm);
+    if( pOld!=pWC->aStatic ){
+      sqlite3DbFree(db, pOld);
+    }
+    pWC->nSlot = sqlite3DbMallocSize(db, pWC->a)/sizeof(pWC->a[0]);
+    memset(&pWC->a[pWC->nTerm], 0, sizeof(pWC->a[0])*(pWC->nSlot-pWC->nTerm));
+  }
+  pTerm = &pWC->a[idx = pWC->nTerm++];
+  if( p && ExprHasProperty(p, EP_Unlikely) ){
+    pTerm->truthProb = sqlite3LogEst(p->iTable) - 270;
+  }else{
+    pTerm->truthProb = 1;
+  }
+  pTerm->pExpr = sqlite3ExprSkipCollate(p);
+  pTerm->wtFlags = wtFlags;
+  pTerm->pWC = pWC;
+  pTerm->iParent = -1;
+  return idx;
+}
+
+/*
+** Return TRUE if the given operator is one of the operators that is
+** allowed for an indexable WHERE clause term.  The allowed operators are
+** "=", "<", ">", "<=", ">=", "IN", and "IS NULL"
+*/
+static int allowedOp(int op){
+  assert( TK_GT>TK_EQ && TK_GT<TK_GE );
+  assert( TK_LT>TK_EQ && TK_LT<TK_GE );
+  assert( TK_LE>TK_EQ && TK_LE<TK_GE );
+  assert( TK_GE==TK_EQ+4 );
+  return op==TK_IN || (op>=TK_EQ && op<=TK_GE) || op==TK_ISNULL || op==TK_IS;
+}
+
+/*
+** Commute a comparison operator.  Expressions of the form "X op Y"
+** are converted into "Y op X".
+**
+** If left/right precedence rules come into play when determining the
+** collating sequence, then COLLATE operators are adjusted to ensure
+** that the collating sequence does not change.  For example:
+** "Y collate NOCASE op X" becomes "X op Y" because any collation sequence on
+** the left hand side of a comparison overrides any collation sequence 
+** attached to the right. For the same reason the EP_Collate flag
+** is not commuted.
+*/
+static void exprCommute(Parse *pParse, Expr *pExpr){
+  u16 expRight = (pExpr->pRight->flags & EP_Collate);
+  u16 expLeft = (pExpr->pLeft->flags & EP_Collate);
+  assert( allowedOp(pExpr->op) && pExpr->op!=TK_IN );
+  if( expRight==expLeft ){
+    /* Either X and Y both have COLLATE operator or neither do */
+    if( expRight ){
+      /* Both X and Y have COLLATE operators.  Make sure X is always
+      ** used by clearing the EP_Collate flag from Y. */
+      pExpr->pRight->flags &= ~EP_Collate;
+    }else if( sqlite3ExprCollSeq(pParse, pExpr->pLeft)!=0 ){
+      /* Neither X nor Y have COLLATE operators, but X has a non-default
+      ** collating sequence.  So add the EP_Collate marker on X to cause
+      ** it to be searched first. */
+      pExpr->pLeft->flags |= EP_Collate;
+    }
+  }
+  SWAP(Expr*,pExpr->pRight,pExpr->pLeft);
+  if( pExpr->op>=TK_GT ){
+    assert( TK_LT==TK_GT+2 );
+    assert( TK_GE==TK_LE+2 );
+    assert( TK_GT>TK_EQ );
+    assert( TK_GT<TK_LE );
+    assert( pExpr->op>=TK_GT && pExpr->op<=TK_GE );
+    pExpr->op = ((pExpr->op-TK_GT)^2)+TK_GT;
+  }
+}
+
+/*
+** Translate from TK_xx operator to WO_xx bitmask.
+*/
+static u16 operatorMask(int op){
+  u16 c;
+  assert( allowedOp(op) );
+  if( op==TK_IN ){
+    c = WO_IN;
+  }else if( op==TK_ISNULL ){
+    c = WO_ISNULL;
+  }else if( op==TK_IS ){
+    c = WO_IS;
+  }else{
+    assert( (WO_EQ<<(op-TK_EQ)) < 0x7fff );
+    c = (u16)(WO_EQ<<(op-TK_EQ));
+  }
+  assert( op!=TK_ISNULL || c==WO_ISNULL );
+  assert( op!=TK_IN || c==WO_IN );
+  assert( op!=TK_EQ || c==WO_EQ );
+  assert( op!=TK_LT || c==WO_LT );
+  assert( op!=TK_LE || c==WO_LE );
+  assert( op!=TK_GT || c==WO_GT );
+  assert( op!=TK_GE || c==WO_GE );
+  assert( op!=TK_IS || c==WO_IS );
+  return c;
+}
+
+
+#ifndef SQLITE_OMIT_LIKE_OPTIMIZATION
+/*
+** Check to see if the given expression is a LIKE or GLOB operator that
+** can be optimized using inequality constraints.  Return TRUE if it is
+** so and false if not.
+**
+** In order for the operator to be optimizible, the RHS must be a string
+** literal that does not begin with a wildcard.  The LHS must be a column
+** that may only be NULL, a string, or a BLOB, never a number. (This means
+** that virtual tables cannot participate in the LIKE optimization.)  The
+** collating sequence for the column on the LHS must be appropriate for
+** the operator.
+*/
+static int isLikeOrGlob(
+  Parse *pParse,    /* Parsing and code generating context */
+  Expr *pExpr,      /* Test this expression */
+  Expr **ppPrefix,  /* Pointer to TK_STRING expression with pattern prefix */
+  int *pisComplete, /* True if the only wildcard is % in the last character */
+  int *pnoCase      /* True if uppercase is equivalent to lowercase */
+){
+  const char *z = 0;         /* String on RHS of LIKE operator */
+  Expr *pRight, *pLeft;      /* Right and left size of LIKE operator */
+  ExprList *pList;           /* List of operands to the LIKE operator */
+  int c;                     /* One character in z[] */
+  int cnt;                   /* Number of non-wildcard prefix characters */
+  char wc[3];                /* Wildcard characters */
+  sqlite3 *db = pParse->db;  /* Database connection */
+  sqlite3_value *pVal = 0;
+  int op;                    /* Opcode of pRight */
+
+  if( !sqlite3IsLikeFunction(db, pExpr, pnoCase, wc) ){
+    return 0;
+  }
+#ifdef SQLITE_EBCDIC
+  if( *pnoCase ) return 0;
+#endif
+  pList = pExpr->x.pList;
+  pLeft = pList->a[1].pExpr;
+  if( pLeft->op!=TK_COLUMN 
+   || sqlite3ExprAffinity(pLeft)!=SQLITE_AFF_TEXT 
+   || IsVirtual(pLeft->pTab)  /* Value might be numeric */
+  ){
+    /* IMP: R-02065-49465 The left-hand side of the LIKE or GLOB operator must
+    ** be the name of an indexed column with TEXT affinity. */
+    return 0;
+  }
+  assert( pLeft->iColumn!=(-1) ); /* Because IPK never has AFF_TEXT */
+
+  pRight = sqlite3ExprSkipCollate(pList->a[0].pExpr);
+  op = pRight->op;
+  if( op==TK_VARIABLE ){
+    Vdbe *pReprepare = pParse->pReprepare;
+    int iCol = pRight->iColumn;
+    pVal = sqlite3VdbeGetBoundValue(pReprepare, iCol, SQLITE_AFF_BLOB);
+    if( pVal && sqlite3_value_type(pVal)==SQLITE_TEXT ){
+      z = (char *)sqlite3_value_text(pVal);
+    }
+    sqlite3VdbeSetVarmask(pParse->pVdbe, iCol);
+    assert( pRight->op==TK_VARIABLE || pRight->op==TK_REGISTER );
+  }else if( op==TK_STRING ){
+    z = pRight->u.zToken;
+  }
+  if( z ){
+    cnt = 0;
+    while( (c=z[cnt])!=0 && c!=wc[0] && c!=wc[1] && c!=wc[2] ){
+      cnt++;
+    }
+    if( cnt!=0 && 255!=(u8)z[cnt-1] ){
+      Expr *pPrefix;
+      *pisComplete = c==wc[0] && z[cnt+1]==0;
+      pPrefix = sqlite3Expr(db, TK_STRING, z);
+      if( pPrefix ) pPrefix->u.zToken[cnt] = 0;
+      *ppPrefix = pPrefix;
+      if( op==TK_VARIABLE ){
+        Vdbe *v = pParse->pVdbe;
+        sqlite3VdbeSetVarmask(v, pRight->iColumn);
+        if( *pisComplete && pRight->u.zToken[1] ){
+          /* If the rhs of the LIKE expression is a variable, and the current
+          ** value of the variable means there is no need to invoke the LIKE
+          ** function, then no OP_Variable will be added to the program.
+          ** This causes problems for the sqlite3_bind_parameter_name()
+          ** API. To work around them, add a dummy OP_Variable here.
+          */ 
+          int r1 = sqlite3GetTempReg(pParse);
+          sqlite3ExprCodeTarget(pParse, pRight, r1);
+          sqlite3VdbeChangeP3(v, sqlite3VdbeCurrentAddr(v)-1, 0);
+          sqlite3ReleaseTempReg(pParse, r1);
+        }
+      }
+    }else{
+      z = 0;
+    }
+  }
+
+  sqlite3ValueFree(pVal);
+  return (z!=0);
+}
+#endif /* SQLITE_OMIT_LIKE_OPTIMIZATION */
+
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/*
+** Check to see if the given expression is of the form
+**
+**         column OP expr
+**
+** where OP is one of MATCH, GLOB, LIKE or REGEXP and "column" is a 
+** column of a virtual table.
+**
+** If it is then return TRUE.  If not, return FALSE.
+*/
+static int isMatchOfColumn(
+  Expr *pExpr,                    /* Test this expression */
+  unsigned char *peOp2            /* OUT: 0 for MATCH, or else an op2 value */
+){
+  struct Op2 {
+    const char *zOp;
+    unsigned char eOp2;
+  } aOp[] = {
+    { "match",  SQLITE_INDEX_CONSTRAINT_MATCH },
+    { "glob",   SQLITE_INDEX_CONSTRAINT_GLOB },
+    { "like",   SQLITE_INDEX_CONSTRAINT_LIKE },
+    { "regexp", SQLITE_INDEX_CONSTRAINT_REGEXP }
+  };
+  ExprList *pList;
+  Expr *pCol;                     /* Column reference */
+  int i;
+
+  if( pExpr->op!=TK_FUNCTION ){
+    return 0;
+  }
+  pList = pExpr->x.pList;
+  if( pList==0 || pList->nExpr!=2 ){
+    return 0;
+  }
+  pCol = pList->a[1].pExpr;
+  if( pCol->op!=TK_COLUMN || !IsVirtual(pCol->pTab) ){
+    return 0;
+  }
+  for(i=0; i<ArraySize(aOp); i++){
+    if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){
+      *peOp2 = aOp[i].eOp2;
+      return 1;
+    }
+  }
+  return 0;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/*
+** If the pBase expression originated in the ON or USING clause of
+** a join, then transfer the appropriate markings over to derived.
+*/
+static void transferJoinMarkings(Expr *pDerived, Expr *pBase){
+  if( pDerived ){
+    pDerived->flags |= pBase->flags & EP_FromJoin;
+    pDerived->iRightJoinTable = pBase->iRightJoinTable;
+  }
+}
+
+/*
+** Mark term iChild as being a child of term iParent
+*/
+static void markTermAsChild(WhereClause *pWC, int iChild, int iParent){
+  pWC->a[iChild].iParent = iParent;
+  pWC->a[iChild].truthProb = pWC->a[iParent].truthProb;
+  pWC->a[iParent].nChild++;
+}
+
+/*
+** Return the N-th AND-connected subterm of pTerm.  Or if pTerm is not
+** a conjunction, then return just pTerm when N==0.  If N is exceeds
+** the number of available subterms, return NULL.
+*/
+static WhereTerm *whereNthSubterm(WhereTerm *pTerm, int N){
+  if( pTerm->eOperator!=WO_AND ){
+    return N==0 ? pTerm : 0;
+  }
+  if( N<pTerm->u.pAndInfo->wc.nTerm ){
+    return &pTerm->u.pAndInfo->wc.a[N];
+  }
+  return 0;
+}
+
+/*
+** Subterms pOne and pTwo are contained within WHERE clause pWC.  The
+** two subterms are in disjunction - they are OR-ed together.
+**
+** If these two terms are both of the form:  "A op B" with the same
+** A and B values but different operators and if the operators are
+** compatible (if one is = and the other is <, for example) then
+** add a new virtual AND term to pWC that is the combination of the
+** two.
+**
+** Some examples:
+**
+**    x<y OR x=y    -->     x<=y
+**    x=y OR x=y    -->     x=y
+**    x<=y OR x<y   -->     x<=y
+**
+** The following is NOT generated:
+**
+**    x<y OR x>y    -->     x!=y     
+*/
+static void whereCombineDisjuncts(
+  SrcList *pSrc,         /* the FROM clause */
+  WhereClause *pWC,      /* The complete WHERE clause */
+  WhereTerm *pOne,       /* First disjunct */
+  WhereTerm *pTwo        /* Second disjunct */
+){
+  u16 eOp = pOne->eOperator | pTwo->eOperator;
+  sqlite3 *db;           /* Database connection (for malloc) */
+  Expr *pNew;            /* New virtual expression */
+  int op;                /* Operator for the combined expression */
+  int idxNew;            /* Index in pWC of the next virtual term */
+
+  if( (pOne->eOperator & (WO_EQ|WO_LT|WO_LE|WO_GT|WO_GE))==0 ) return;
+  if( (pTwo->eOperator & (WO_EQ|WO_LT|WO_LE|WO_GT|WO_GE))==0 ) return;
+  if( (eOp & (WO_EQ|WO_LT|WO_LE))!=eOp
+   && (eOp & (WO_EQ|WO_GT|WO_GE))!=eOp ) return;
+  assert( pOne->pExpr->pLeft!=0 && pOne->pExpr->pRight!=0 );
+  assert( pTwo->pExpr->pLeft!=0 && pTwo->pExpr->pRight!=0 );
+  if( sqlite3ExprCompare(pOne->pExpr->pLeft, pTwo->pExpr->pLeft, -1) ) return;
+  if( sqlite3ExprCompare(pOne->pExpr->pRight, pTwo->pExpr->pRight, -1) )return;
+  /* If we reach this point, it means the two subterms can be combined */
+  if( (eOp & (eOp-1))!=0 ){
+    if( eOp & (WO_LT|WO_LE) ){
+      eOp = WO_LE;
+    }else{
+      assert( eOp & (WO_GT|WO_GE) );
+      eOp = WO_GE;
+    }
+  }
+  db = pWC->pWInfo->pParse->db;
+  pNew = sqlite3ExprDup(db, pOne->pExpr, 0);
+  if( pNew==0 ) return;
+  for(op=TK_EQ; eOp!=(WO_EQ<<(op-TK_EQ)); op++){ assert( op<TK_GE ); }
+  pNew->op = op;
+  idxNew = whereClauseInsert(pWC, pNew, TERM_VIRTUAL|TERM_DYNAMIC);
+  exprAnalyze(pSrc, pWC, idxNew);
+}
+
+#if !defined(SQLITE_OMIT_OR_OPTIMIZATION) && !defined(SQLITE_OMIT_SUBQUERY)
+/*
+** Analyze a term that consists of two or more OR-connected
+** subterms.  So in:
+**
+**     ... WHERE  (a=5) AND (b=7 OR c=9 OR d=13) AND (d=13)
+**                          ^^^^^^^^^^^^^^^^^^^^
+**
+** This routine analyzes terms such as the middle term in the above example.
+** A WhereOrTerm object is computed and attached to the term under
+** analysis, regardless of the outcome of the analysis.  Hence:
+**
+**     WhereTerm.wtFlags   |=  TERM_ORINFO
+**     WhereTerm.u.pOrInfo  =  a dynamically allocated WhereOrTerm object
+**
+** The term being analyzed must have two or more of OR-connected subterms.
+** A single subterm might be a set of AND-connected sub-subterms.
+** Examples of terms under analysis:
+**
+**     (A)     t1.x=t2.y OR t1.x=t2.z OR t1.y=15 OR t1.z=t3.a+5
+**     (B)     x=expr1 OR expr2=x OR x=expr3
+**     (C)     t1.x=t2.y OR (t1.x=t2.z AND t1.y=15)
+**     (D)     x=expr1 OR (y>11 AND y<22 AND z LIKE '*hello*')
+**     (E)     (p.a=1 AND q.b=2 AND r.c=3) OR (p.x=4 AND q.y=5 AND r.z=6)
+**     (F)     x>A OR (x=A AND y>=B)
+**
+** CASE 1:
+**
+** If all subterms are of the form T.C=expr for some single column of C and
+** a single table T (as shown in example B above) then create a new virtual
+** term that is an equivalent IN expression.  In other words, if the term
+** being analyzed is:
+**
+**      x = expr1  OR  expr2 = x  OR  x = expr3
+**
+** then create a new virtual term like this:
+**
+**      x IN (expr1,expr2,expr3)
+**
+** CASE 2:
+**
+** If there are exactly two disjuncts and one side has x>A and the other side
+** has x=A (for the same x and A) then add a new virtual conjunct term to the
+** WHERE clause of the form "x>=A".  Example:
+**
+**      x>A OR (x=A AND y>B)    adds:    x>=A
+**
+** The added conjunct can sometimes be helpful in query planning.
+**
+** CASE 3:
+**
+** If all subterms are indexable by a single table T, then set
+**
+**     WhereTerm.eOperator              =  WO_OR
+**     WhereTerm.u.pOrInfo->indexable  |=  the cursor number for table T
+**
+** A subterm is "indexable" if it is of the form
+** "T.C <op> <expr>" where C is any column of table T and 
+** <op> is one of "=", "<", "<=", ">", ">=", "IS NULL", or "IN".
+** A subterm is also indexable if it is an AND of two or more
+** subsubterms at least one of which is indexable.  Indexable AND 
+** subterms have their eOperator set to WO_AND and they have
+** u.pAndInfo set to a dynamically allocated WhereAndTerm object.
+**
+** From another point of view, "indexable" means that the subterm could
+** potentially be used with an index if an appropriate index exists.
+** This analysis does not consider whether or not the index exists; that
+** is decided elsewhere.  This analysis only looks at whether subterms
+** appropriate for indexing exist.
+**
+** All examples A through E above satisfy case 3.  But if a term
+** also satisfies case 1 (such as B) we know that the optimizer will
+** always prefer case 1, so in that case we pretend that case 3 is not
+** satisfied.
+**
+** It might be the case that multiple tables are indexable.  For example,
+** (E) above is indexable on tables P, Q, and R.
+**
+** Terms that satisfy case 3 are candidates for lookup by using
+** separate indices to find rowids for each subterm and composing
+** the union of all rowids using a RowSet object.  This is similar
+** to "bitmap indices" in other database engines.
+**
+** OTHERWISE:
+**
+** If none of cases 1, 2, or 3 apply, then leave the eOperator set to
+** zero.  This term is not useful for search.
+*/
+static void exprAnalyzeOrTerm(
+  SrcList *pSrc,            /* the FROM clause */
+  WhereClause *pWC,         /* the complete WHERE clause */
+  int idxTerm               /* Index of the OR-term to be analyzed */
+){
+  WhereInfo *pWInfo = pWC->pWInfo;        /* WHERE clause processing context */
+  Parse *pParse = pWInfo->pParse;         /* Parser context */
+  sqlite3 *db = pParse->db;               /* Database connection */
+  WhereTerm *pTerm = &pWC->a[idxTerm];    /* The term to be analyzed */
+  Expr *pExpr = pTerm->pExpr;             /* The expression of the term */
+  int i;                                  /* Loop counters */
+  WhereClause *pOrWc;       /* Breakup of pTerm into subterms */
+  WhereTerm *pOrTerm;       /* A Sub-term within the pOrWc */
+  WhereOrInfo *pOrInfo;     /* Additional information associated with pTerm */
+  Bitmask chngToIN;         /* Tables that might satisfy case 1 */
+  Bitmask indexable;        /* Tables that are indexable, satisfying case 2 */
+
+  /*
+  ** Break the OR clause into its separate subterms.  The subterms are
+  ** stored in a WhereClause structure containing within the WhereOrInfo
+  ** object that is attached to the original OR clause term.
+  */
+  assert( (pTerm->wtFlags & (TERM_DYNAMIC|TERM_ORINFO|TERM_ANDINFO))==0 );
+  assert( pExpr->op==TK_OR );
+  pTerm->u.pOrInfo = pOrInfo = sqlite3DbMallocZero(db, sizeof(*pOrInfo));
+  if( pOrInfo==0 ) return;
+  pTerm->wtFlags |= TERM_ORINFO;
+  pOrWc = &pOrInfo->wc;
+  sqlite3WhereClauseInit(pOrWc, pWInfo);
+  sqlite3WhereSplit(pOrWc, pExpr, TK_OR);
+  sqlite3WhereExprAnalyze(pSrc, pOrWc);
+  if( db->mallocFailed ) return;
+  assert( pOrWc->nTerm>=2 );
+
+  /*
+  ** Compute the set of tables that might satisfy cases 1 or 3.
+  */
+  indexable = ~(Bitmask)0;
+  chngToIN = ~(Bitmask)0;
+  for(i=pOrWc->nTerm-1, pOrTerm=pOrWc->a; i>=0 && indexable; i--, pOrTerm++){
+    if( (pOrTerm->eOperator & WO_SINGLE)==0 ){
+      WhereAndInfo *pAndInfo;
+      assert( (pOrTerm->wtFlags & (TERM_ANDINFO|TERM_ORINFO))==0 );
+      chngToIN = 0;
+      pAndInfo = sqlite3DbMallocRaw(db, sizeof(*pAndInfo));
+      if( pAndInfo ){
+        WhereClause *pAndWC;
+        WhereTerm *pAndTerm;
+        int j;
+        Bitmask b = 0;
+        pOrTerm->u.pAndInfo = pAndInfo;
+        pOrTerm->wtFlags |= TERM_ANDINFO;
+        pOrTerm->eOperator = WO_AND;
+        pAndWC = &pAndInfo->wc;
+        sqlite3WhereClauseInit(pAndWC, pWC->pWInfo);
+        sqlite3WhereSplit(pAndWC, pOrTerm->pExpr, TK_AND);
+        sqlite3WhereExprAnalyze(pSrc, pAndWC);
+        pAndWC->pOuter = pWC;
+        testcase( db->mallocFailed );
+        if( !db->mallocFailed ){
+          for(j=0, pAndTerm=pAndWC->a; j<pAndWC->nTerm; j++, pAndTerm++){
+            assert( pAndTerm->pExpr );
+            if( allowedOp(pAndTerm->pExpr->op) ){
+              b |= sqlite3WhereGetMask(&pWInfo->sMaskSet, pAndTerm->leftCursor);
+            }
+          }
+        }
+        indexable &= b;
+      }
+    }else if( pOrTerm->wtFlags & TERM_COPIED ){
+      /* Skip this term for now.  We revisit it when we process the
+      ** corresponding TERM_VIRTUAL term */
+    }else{
+      Bitmask b;
+      b = sqlite3WhereGetMask(&pWInfo->sMaskSet, pOrTerm->leftCursor);
+      if( pOrTerm->wtFlags & TERM_VIRTUAL ){
+        WhereTerm *pOther = &pOrWc->a[pOrTerm->iParent];
+        b |= sqlite3WhereGetMask(&pWInfo->sMaskSet, pOther->leftCursor);
+      }
+      indexable &= b;
+      if( (pOrTerm->eOperator & WO_EQ)==0 ){
+        chngToIN = 0;
+      }else{
+        chngToIN &= b;
+      }
+    }
+  }
+
+  /*
+  ** Record the set of tables that satisfy case 3.  The set might be
+  ** empty.
+  */
+  pOrInfo->indexable = indexable;
+  pTerm->eOperator = indexable==0 ? 0 : WO_OR;
+
+  /* For a two-way OR, attempt to implementation case 2.
+  */
+  if( indexable && pOrWc->nTerm==2 ){
+    int iOne = 0;
+    WhereTerm *pOne;
+    while( (pOne = whereNthSubterm(&pOrWc->a[0],iOne++))!=0 ){
+      int iTwo = 0;
+      WhereTerm *pTwo;
+      while( (pTwo = whereNthSubterm(&pOrWc->a[1],iTwo++))!=0 ){
+        whereCombineDisjuncts(pSrc, pWC, pOne, pTwo);
+      }
+    }
+  }
+
+  /*
+  ** chngToIN holds a set of tables that *might* satisfy case 1.  But
+  ** we have to do some additional checking to see if case 1 really
+  ** is satisfied.
+  **
+  ** chngToIN will hold either 0, 1, or 2 bits.  The 0-bit case means
+  ** that there is no possibility of transforming the OR clause into an
+  ** IN operator because one or more terms in the OR clause contain
+  ** something other than == on a column in the single table.  The 1-bit
+  ** case means that every term of the OR clause is of the form
+  ** "table.column=expr" for some single table.  The one bit that is set
+  ** will correspond to the common table.  We still need to check to make
+  ** sure the same column is used on all terms.  The 2-bit case is when
+  ** the all terms are of the form "table1.column=table2.column".  It
+  ** might be possible to form an IN operator with either table1.column
+  ** or table2.column as the LHS if either is common to every term of
+  ** the OR clause.
+  **
+  ** Note that terms of the form "table.column1=table.column2" (the
+  ** same table on both sizes of the ==) cannot be optimized.
+  */
+  if( chngToIN ){
+    int okToChngToIN = 0;     /* True if the conversion to IN is valid */
+    int iColumn = -1;         /* Column index on lhs of IN operator */
+    int iCursor = -1;         /* Table cursor common to all terms */
+    int j = 0;                /* Loop counter */
+
+    /* Search for a table and column that appears on one side or the
+    ** other of the == operator in every subterm.  That table and column
+    ** will be recorded in iCursor and iColumn.  There might not be any
+    ** such table and column.  Set okToChngToIN if an appropriate table
+    ** and column is found but leave okToChngToIN false if not found.
+    */
+    for(j=0; j<2 && !okToChngToIN; j++){
+      pOrTerm = pOrWc->a;
+      for(i=pOrWc->nTerm-1; i>=0; i--, pOrTerm++){
+        assert( pOrTerm->eOperator & WO_EQ );
+        pOrTerm->wtFlags &= ~TERM_OR_OK;
+        if( pOrTerm->leftCursor==iCursor ){
+          /* This is the 2-bit case and we are on the second iteration and
+          ** current term is from the first iteration.  So skip this term. */
+          assert( j==1 );
+          continue;
+        }
+        if( (chngToIN & sqlite3WhereGetMask(&pWInfo->sMaskSet,
+                                            pOrTerm->leftCursor))==0 ){
+          /* This term must be of the form t1.a==t2.b where t2 is in the
+          ** chngToIN set but t1 is not.  This term will be either preceded
+          ** or follwed by an inverted copy (t2.b==t1.a).  Skip this term 
+          ** and use its inversion. */
+          testcase( pOrTerm->wtFlags & TERM_COPIED );
+          testcase( pOrTerm->wtFlags & TERM_VIRTUAL );
+          assert( pOrTerm->wtFlags & (TERM_COPIED|TERM_VIRTUAL) );
+          continue;
+        }
+        iColumn = pOrTerm->u.leftColumn;
+        iCursor = pOrTerm->leftCursor;
+        break;
+      }
+      if( i<0 ){
+        /* No candidate table+column was found.  This can only occur
+        ** on the second iteration */
+        assert( j==1 );
+        assert( IsPowerOfTwo(chngToIN) );
+        assert( chngToIN==sqlite3WhereGetMask(&pWInfo->sMaskSet, iCursor) );
+        break;
+      }
+      testcase( j==1 );
+
+      /* We have found a candidate table and column.  Check to see if that
+      ** table and column is common to every term in the OR clause */
+      okToChngToIN = 1;
+      for(; i>=0 && okToChngToIN; i--, pOrTerm++){
+        assert( pOrTerm->eOperator & WO_EQ );
+        if( pOrTerm->leftCursor!=iCursor ){
+          pOrTerm->wtFlags &= ~TERM_OR_OK;
+        }else if( pOrTerm->u.leftColumn!=iColumn ){
+          okToChngToIN = 0;
+        }else{
+          int affLeft, affRight;
+          /* If the right-hand side is also a column, then the affinities
+          ** of both right and left sides must be such that no type
+          ** conversions are required on the right.  (Ticket #2249)
+          */
+          affRight = sqlite3ExprAffinity(pOrTerm->pExpr->pRight);
+          affLeft = sqlite3ExprAffinity(pOrTerm->pExpr->pLeft);
+          if( affRight!=0 && affRight!=affLeft ){
+            okToChngToIN = 0;
+          }else{
+            pOrTerm->wtFlags |= TERM_OR_OK;
+          }
+        }
+      }
+    }
+
+    /* At this point, okToChngToIN is true if original pTerm satisfies
+    ** case 1.  In that case, construct a new virtual term that is 
+    ** pTerm converted into an IN operator.
+    */
+    if( okToChngToIN ){
+      Expr *pDup;            /* A transient duplicate expression */
+      ExprList *pList = 0;   /* The RHS of the IN operator */
+      Expr *pLeft = 0;       /* The LHS of the IN operator */
+      Expr *pNew;            /* The complete IN operator */
+
+      for(i=pOrWc->nTerm-1, pOrTerm=pOrWc->a; i>=0; i--, pOrTerm++){
+        if( (pOrTerm->wtFlags & TERM_OR_OK)==0 ) continue;
+        assert( pOrTerm->eOperator & WO_EQ );
+        assert( pOrTerm->leftCursor==iCursor );
+        assert( pOrTerm->u.leftColumn==iColumn );
+        pDup = sqlite3ExprDup(db, pOrTerm->pExpr->pRight, 0);
+        pList = sqlite3ExprListAppend(pWInfo->pParse, pList, pDup);
+        pLeft = pOrTerm->pExpr->pLeft;
+      }
+      assert( pLeft!=0 );
+      pDup = sqlite3ExprDup(db, pLeft, 0);
+      pNew = sqlite3PExpr(pParse, TK_IN, pDup, 0, 0);
+      if( pNew ){
+        int idxNew;
+        transferJoinMarkings(pNew, pExpr);
+        assert( !ExprHasProperty(pNew, EP_xIsSelect) );
+        pNew->x.pList = pList;
+        idxNew = whereClauseInsert(pWC, pNew, TERM_VIRTUAL|TERM_DYNAMIC);
+        testcase( idxNew==0 );
+        exprAnalyze(pSrc, pWC, idxNew);
+        pTerm = &pWC->a[idxTerm];
+        markTermAsChild(pWC, idxNew, idxTerm);
+      }else{
+        sqlite3ExprListDelete(db, pList);
+      }
+      pTerm->eOperator = WO_NOOP;  /* case 1 trumps case 3 */
+    }
+  }
+}
+#endif /* !SQLITE_OMIT_OR_OPTIMIZATION && !SQLITE_OMIT_SUBQUERY */
+
+/*
+** We already know that pExpr is a binary operator where both operands are
+** column references.  This routine checks to see if pExpr is an equivalence
+** relation:
+**   1.  The SQLITE_Transitive optimization must be enabled
+**   2.  Must be either an == or an IS operator
+**   3.  Not originating in the ON clause of an OUTER JOIN
+**   4.  The affinities of A and B must be compatible
+**   5a. Both operands use the same collating sequence OR
+**   5b. The overall collating sequence is BINARY
+** If this routine returns TRUE, that means that the RHS can be substituted
+** for the LHS anyplace else in the WHERE clause where the LHS column occurs.
+** This is an optimization.  No harm comes from returning 0.  But if 1 is
+** returned when it should not be, then incorrect answers might result.
+*/
+static int termIsEquivalence(Parse *pParse, Expr *pExpr){
+  char aff1, aff2;
+  CollSeq *pColl;
+  const char *zColl1, *zColl2;
+  if( !OptimizationEnabled(pParse->db, SQLITE_Transitive) ) return 0;
+  if( pExpr->op!=TK_EQ && pExpr->op!=TK_IS ) return 0;
+  if( ExprHasProperty(pExpr, EP_FromJoin) ) return 0;
+  aff1 = sqlite3ExprAffinity(pExpr->pLeft);
+  aff2 = sqlite3ExprAffinity(pExpr->pRight);
+  if( aff1!=aff2
+   && (!sqlite3IsNumericAffinity(aff1) || !sqlite3IsNumericAffinity(aff2))
+  ){
+    return 0;
+  }
+  pColl = sqlite3BinaryCompareCollSeq(pParse, pExpr->pLeft, pExpr->pRight);
+  if( pColl==0 || sqlite3StrICmp(pColl->zName, "BINARY")==0 ) return 1;
+  pColl = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
+  /* Since pLeft and pRight are both a column references, their collating
+  ** sequence should always be defined. */
+  zColl1 = ALWAYS(pColl) ? pColl->zName : 0;
+  pColl = sqlite3ExprCollSeq(pParse, pExpr->pRight);
+  zColl2 = ALWAYS(pColl) ? pColl->zName : 0;
+  return sqlite3StrICmp(zColl1, zColl2)==0;
+}
+
+/*
+** Recursively walk the expressions of a SELECT statement and generate
+** a bitmask indicating which tables are used in that expression
+** tree.
+*/
+static Bitmask exprSelectUsage(WhereMaskSet *pMaskSet, Select *pS){
+  Bitmask mask = 0;
+  while( pS ){
+    SrcList *pSrc = pS->pSrc;
+    mask |= sqlite3WhereExprListUsage(pMaskSet, pS->pEList);
+    mask |= sqlite3WhereExprListUsage(pMaskSet, pS->pGroupBy);
+    mask |= sqlite3WhereExprListUsage(pMaskSet, pS->pOrderBy);
+    mask |= sqlite3WhereExprUsage(pMaskSet, pS->pWhere);
+    mask |= sqlite3WhereExprUsage(pMaskSet, pS->pHaving);
+    if( ALWAYS(pSrc!=0) ){
+      int i;
+      for(i=0; i<pSrc->nSrc; i++){
+        mask |= exprSelectUsage(pMaskSet, pSrc->a[i].pSelect);
+        mask |= sqlite3WhereExprUsage(pMaskSet, pSrc->a[i].pOn);
+      }
+    }
+    pS = pS->pPrior;
+  }
+  return mask;
+}
+
+/*
+** Expression pExpr is one operand of a comparison operator that might
+** be useful for indexing.  This routine checks to see if pExpr appears
+** in any index.  Return TRUE (1) if pExpr is an indexed term and return
+** FALSE (0) if not.  If TRUE is returned, also set *piCur to the cursor
+** number of the table that is indexed and *piColumn to the column number
+** of the column that is indexed, or -2 if an expression is being indexed.
+**
+** If pExpr is a TK_COLUMN column reference, then this routine always returns
+** true even if that particular column is not indexed, because the column
+** might be added to an automatic index later.
+*/
+static int exprMightBeIndexed(
+  SrcList *pFrom,        /* The FROM clause */
+  Bitmask mPrereq,       /* Bitmask of FROM clause terms referenced by pExpr */
+  Expr *pExpr,           /* An operand of a comparison operator */
+  int *piCur,            /* Write the referenced table cursor number here */
+  int *piColumn          /* Write the referenced table column number here */
+){
+  Index *pIdx;
+  int i;
+  int iCur;
+  if( pExpr->op==TK_COLUMN ){
+    *piCur = pExpr->iTable;
+    *piColumn = pExpr->iColumn;
+    return 1;
+  }
+  if( mPrereq==0 ) return 0;                 /* No table references */
+  if( (mPrereq&(mPrereq-1))!=0 ) return 0;   /* Refs more than one table */
+  for(i=0; mPrereq>1; i++, mPrereq>>=1){}
+  iCur = pFrom->a[i].iCursor;
+  for(pIdx=pFrom->a[i].pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+    if( pIdx->aColExpr==0 ) continue;
+    for(i=0; i<pIdx->nKeyCol; i++){
+      if( pIdx->aiColumn[i]!=(-2) ) continue;
+      if( sqlite3ExprCompare(pExpr, pIdx->aColExpr->a[i].pExpr, iCur)==0 ){
+        *piCur = iCur;
+        *piColumn = -2;
+        return 1;
+      }
+    }
+  }
+  return 0;
+}
+
+/*
+** The input to this routine is an WhereTerm structure with only the
+** "pExpr" field filled in.  The job of this routine is to analyze the
+** subexpression and populate all the other fields of the WhereTerm
+** structure.
+**
+** If the expression is of the form "<expr> <op> X" it gets commuted
+** to the standard form of "X <op> <expr>".
+**
+** If the expression is of the form "X <op> Y" where both X and Y are
+** columns, then the original expression is unchanged and a new virtual
+** term of the form "Y <op> X" is added to the WHERE clause and
+** analyzed separately.  The original term is marked with TERM_COPIED
+** and the new term is marked with TERM_DYNAMIC (because it's pExpr
+** needs to be freed with the WhereClause) and TERM_VIRTUAL (because it
+** is a commuted copy of a prior term.)  The original term has nChild=1
+** and the copy has idxParent set to the index of the original term.
+*/
+static void exprAnalyze(
+  SrcList *pSrc,            /* the FROM clause */
+  WhereClause *pWC,         /* the WHERE clause */
+  int idxTerm               /* Index of the term to be analyzed */
+){
+  WhereInfo *pWInfo = pWC->pWInfo; /* WHERE clause processing context */
+  WhereTerm *pTerm;                /* The term to be analyzed */
+  WhereMaskSet *pMaskSet;          /* Set of table index masks */
+  Expr *pExpr;                     /* The expression to be analyzed */
+  Bitmask prereqLeft;              /* Prerequesites of the pExpr->pLeft */
+  Bitmask prereqAll;               /* Prerequesites of pExpr */
+  Bitmask extraRight = 0;          /* Extra dependencies on LEFT JOIN */
+  Expr *pStr1 = 0;                 /* RHS of LIKE/GLOB operator */
+  int isComplete = 0;              /* RHS of LIKE/GLOB ends with wildcard */
+  int noCase = 0;                  /* uppercase equivalent to lowercase */
+  int op;                          /* Top-level operator.  pExpr->op */
+  Parse *pParse = pWInfo->pParse;  /* Parsing context */
+  sqlite3 *db = pParse->db;        /* Database connection */
+  unsigned char eOp2;              /* op2 value for LIKE/REGEXP/GLOB */
+
+  if( db->mallocFailed ){
+    return;
+  }
+  pTerm = &pWC->a[idxTerm];
+  pMaskSet = &pWInfo->sMaskSet;
+  pExpr = pTerm->pExpr;
+  assert( pExpr->op!=TK_AS && pExpr->op!=TK_COLLATE );
+  prereqLeft = sqlite3WhereExprUsage(pMaskSet, pExpr->pLeft);
+  op = pExpr->op;
+  if( op==TK_IN ){
+    assert( pExpr->pRight==0 );
+    if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+      pTerm->prereqRight = exprSelectUsage(pMaskSet, pExpr->x.pSelect);
+    }else{
+      pTerm->prereqRight = sqlite3WhereExprListUsage(pMaskSet, pExpr->x.pList);
+    }
+  }else if( op==TK_ISNULL ){
+    pTerm->prereqRight = 0;
+  }else{
+    pTerm->prereqRight = sqlite3WhereExprUsage(pMaskSet, pExpr->pRight);
+  }
+  prereqAll = sqlite3WhereExprUsage(pMaskSet, pExpr);
+  if( ExprHasProperty(pExpr, EP_FromJoin) ){
+    Bitmask x = sqlite3WhereGetMask(pMaskSet, pExpr->iRightJoinTable);
+    prereqAll |= x;
+    extraRight = x-1;  /* ON clause terms may not be used with an index
+                       ** on left table of a LEFT JOIN.  Ticket #3015 */
+  }
+  pTerm->prereqAll = prereqAll;
+  pTerm->leftCursor = -1;
+  pTerm->iParent = -1;
+  pTerm->eOperator = 0;
+  if( allowedOp(op) ){
+    int iCur, iColumn;
+    Expr *pLeft = sqlite3ExprSkipCollate(pExpr->pLeft);
+    Expr *pRight = sqlite3ExprSkipCollate(pExpr->pRight);
+    u16 opMask = (pTerm->prereqRight & prereqLeft)==0 ? WO_ALL : WO_EQUIV;
+    if( exprMightBeIndexed(pSrc, prereqLeft, pLeft, &iCur, &iColumn) ){
+      pTerm->leftCursor = iCur;
+      pTerm->u.leftColumn = iColumn;
+      pTerm->eOperator = operatorMask(op) & opMask;
+    }
+    if( op==TK_IS ) pTerm->wtFlags |= TERM_IS;
+    if( pRight 
+     && exprMightBeIndexed(pSrc, pTerm->prereqRight, pRight, &iCur, &iColumn)
+    ){
+      WhereTerm *pNew;
+      Expr *pDup;
+      u16 eExtraOp = 0;        /* Extra bits for pNew->eOperator */
+      if( pTerm->leftCursor>=0 ){
+        int idxNew;
+        pDup = sqlite3ExprDup(db, pExpr, 0);
+        if( db->mallocFailed ){
+          sqlite3ExprDelete(db, pDup);
+          return;
+        }
+        idxNew = whereClauseInsert(pWC, pDup, TERM_VIRTUAL|TERM_DYNAMIC);
+        if( idxNew==0 ) return;
+        pNew = &pWC->a[idxNew];
+        markTermAsChild(pWC, idxNew, idxTerm);
+        if( op==TK_IS ) pNew->wtFlags |= TERM_IS;
+        pTerm = &pWC->a[idxTerm];
+        pTerm->wtFlags |= TERM_COPIED;
+
+        if( termIsEquivalence(pParse, pDup) ){
+          pTerm->eOperator |= WO_EQUIV;
+          eExtraOp = WO_EQUIV;
+        }
+      }else{
+        pDup = pExpr;
+        pNew = pTerm;
+      }
+      exprCommute(pParse, pDup);
+      pNew->leftCursor = iCur;
+      pNew->u.leftColumn = iColumn;
+      testcase( (prereqLeft | extraRight) != prereqLeft );
+      pNew->prereqRight = prereqLeft | extraRight;
+      pNew->prereqAll = prereqAll;
+      pNew->eOperator = (operatorMask(pDup->op) + eExtraOp) & opMask;
+    }
+  }
+
+#ifndef SQLITE_OMIT_BETWEEN_OPTIMIZATION
+  /* If a term is the BETWEEN operator, create two new virtual terms
+  ** that define the range that the BETWEEN implements.  For example:
+  **
+  **      a BETWEEN b AND c
+  **
+  ** is converted into:
+  **
+  **      (a BETWEEN b AND c) AND (a>=b) AND (a<=c)
+  **
+  ** The two new terms are added onto the end of the WhereClause object.
+  ** The new terms are "dynamic" and are children of the original BETWEEN
+  ** term.  That means that if the BETWEEN term is coded, the children are
+  ** skipped.  Or, if the children are satisfied by an index, the original
+  ** BETWEEN term is skipped.
+  */
+  else if( pExpr->op==TK_BETWEEN && pWC->op==TK_AND ){
+    ExprList *pList = pExpr->x.pList;
+    int i;
+    static const u8 ops[] = {TK_GE, TK_LE};
+    assert( pList!=0 );
+    assert( pList->nExpr==2 );
+    for(i=0; i<2; i++){
+      Expr *pNewExpr;
+      int idxNew;
+      pNewExpr = sqlite3PExpr(pParse, ops[i], 
+                             sqlite3ExprDup(db, pExpr->pLeft, 0),
+                             sqlite3ExprDup(db, pList->a[i].pExpr, 0), 0);
+      transferJoinMarkings(pNewExpr, pExpr);
+      idxNew = whereClauseInsert(pWC, pNewExpr, TERM_VIRTUAL|TERM_DYNAMIC);
+      testcase( idxNew==0 );
+      exprAnalyze(pSrc, pWC, idxNew);
+      pTerm = &pWC->a[idxTerm];
+      markTermAsChild(pWC, idxNew, idxTerm);
+    }
+  }
+#endif /* SQLITE_OMIT_BETWEEN_OPTIMIZATION */
+
+#if !defined(SQLITE_OMIT_OR_OPTIMIZATION) && !defined(SQLITE_OMIT_SUBQUERY)
+  /* Analyze a term that is composed of two or more subterms connected by
+  ** an OR operator.
+  */
+  else if( pExpr->op==TK_OR ){
+    assert( pWC->op==TK_AND );
+    exprAnalyzeOrTerm(pSrc, pWC, idxTerm);
+    pTerm = &pWC->a[idxTerm];
+  }
+#endif /* SQLITE_OMIT_OR_OPTIMIZATION */
+
+#ifndef SQLITE_OMIT_LIKE_OPTIMIZATION
+  /* Add constraints to reduce the search space on a LIKE or GLOB
+  ** operator.
+  **
+  ** A like pattern of the form "x LIKE 'aBc%'" is changed into constraints
+  **
+  **          x>='ABC' AND x<'abd' AND x LIKE 'aBc%'
+  **
+  ** The last character of the prefix "abc" is incremented to form the
+  ** termination condition "abd".  If case is not significant (the default
+  ** for LIKE) then the lower-bound is made all uppercase and the upper-
+  ** bound is made all lowercase so that the bounds also work when comparing
+  ** BLOBs.
+  */
+  if( pWC->op==TK_AND 
+   && isLikeOrGlob(pParse, pExpr, &pStr1, &isComplete, &noCase)
+  ){
+    Expr *pLeft;       /* LHS of LIKE/GLOB operator */
+    Expr *pStr2;       /* Copy of pStr1 - RHS of LIKE/GLOB operator */
+    Expr *pNewExpr1;
+    Expr *pNewExpr2;
+    int idxNew1;
+    int idxNew2;
+    const char *zCollSeqName;     /* Name of collating sequence */
+    const u16 wtFlags = TERM_LIKEOPT | TERM_VIRTUAL | TERM_DYNAMIC;
+
+    pLeft = pExpr->x.pList->a[1].pExpr;
+    pStr2 = sqlite3ExprDup(db, pStr1, 0);
+
+    /* Convert the lower bound to upper-case and the upper bound to
+    ** lower-case (upper-case is less than lower-case in ASCII) so that
+    ** the range constraints also work for BLOBs
+    */
+    if( noCase && !pParse->db->mallocFailed ){
+      int i;
+      char c;
+      pTerm->wtFlags |= TERM_LIKE;
+      for(i=0; (c = pStr1->u.zToken[i])!=0; i++){
+        pStr1->u.zToken[i] = sqlite3Toupper(c);
+        pStr2->u.zToken[i] = sqlite3Tolower(c);
+      }
+    }
+
+    if( !db->mallocFailed ){
+      u8 c, *pC;       /* Last character before the first wildcard */
+      pC = (u8*)&pStr2->u.zToken[sqlite3Strlen30(pStr2->u.zToken)-1];
+      c = *pC;
+      if( noCase ){
+        /* The point is to increment the last character before the first
+        ** wildcard.  But if we increment '@', that will push it into the
+        ** alphabetic range where case conversions will mess up the 
+        ** inequality.  To avoid this, make sure to also run the full
+        ** LIKE on all candidate expressions by clearing the isComplete flag
+        */
+        if( c=='A'-1 ) isComplete = 0;
+        c = sqlite3UpperToLower[c];
+      }
+      *pC = c + 1;
+    }
+    zCollSeqName = noCase ? "NOCASE" : "BINARY";
+    pNewExpr1 = sqlite3ExprDup(db, pLeft, 0);
+    pNewExpr1 = sqlite3PExpr(pParse, TK_GE,
+           sqlite3ExprAddCollateString(pParse,pNewExpr1,zCollSeqName),
+           pStr1, 0);
+    transferJoinMarkings(pNewExpr1, pExpr);
+    idxNew1 = whereClauseInsert(pWC, pNewExpr1, wtFlags);
+    testcase( idxNew1==0 );
+    exprAnalyze(pSrc, pWC, idxNew1);
+    pNewExpr2 = sqlite3ExprDup(db, pLeft, 0);
+    pNewExpr2 = sqlite3PExpr(pParse, TK_LT,
+           sqlite3ExprAddCollateString(pParse,pNewExpr2,zCollSeqName),
+           pStr2, 0);
+    transferJoinMarkings(pNewExpr2, pExpr);
+    idxNew2 = whereClauseInsert(pWC, pNewExpr2, wtFlags);
+    testcase( idxNew2==0 );
+    exprAnalyze(pSrc, pWC, idxNew2);
+    pTerm = &pWC->a[idxTerm];
+    if( isComplete ){
+      markTermAsChild(pWC, idxNew1, idxTerm);
+      markTermAsChild(pWC, idxNew2, idxTerm);
+    }
+  }
+#endif /* SQLITE_OMIT_LIKE_OPTIMIZATION */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  /* Add a WO_MATCH auxiliary term to the constraint set if the
+  ** current expression is of the form:  column MATCH expr.
+  ** This information is used by the xBestIndex methods of
+  ** virtual tables.  The native query optimizer does not attempt
+  ** to do anything with MATCH functions.
+  */
+  if( isMatchOfColumn(pExpr, &eOp2) ){
+    int idxNew;
+    Expr *pRight, *pLeft;
+    WhereTerm *pNewTerm;
+    Bitmask prereqColumn, prereqExpr;
+
+    pRight = pExpr->x.pList->a[0].pExpr;
+    pLeft = pExpr->x.pList->a[1].pExpr;
+    prereqExpr = sqlite3WhereExprUsage(pMaskSet, pRight);
+    prereqColumn = sqlite3WhereExprUsage(pMaskSet, pLeft);
+    if( (prereqExpr & prereqColumn)==0 ){
+      Expr *pNewExpr;
+      pNewExpr = sqlite3PExpr(pParse, TK_MATCH, 
+                              0, sqlite3ExprDup(db, pRight, 0), 0);
+      idxNew = whereClauseInsert(pWC, pNewExpr, TERM_VIRTUAL|TERM_DYNAMIC);
+      testcase( idxNew==0 );
+      pNewTerm = &pWC->a[idxNew];
+      pNewTerm->prereqRight = prereqExpr;
+      pNewTerm->leftCursor = pLeft->iTable;
+      pNewTerm->u.leftColumn = pLeft->iColumn;
+      pNewTerm->eOperator = WO_MATCH;
+      pNewTerm->eMatchOp = eOp2;
+      markTermAsChild(pWC, idxNew, idxTerm);
+      pTerm = &pWC->a[idxTerm];
+      pTerm->wtFlags |= TERM_COPIED;
+      pNewTerm->prereqAll = pTerm->prereqAll;
+    }
+  }
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  /* When sqlite_stat3 histogram data is available an operator of the
+  ** form "x IS NOT NULL" can sometimes be evaluated more efficiently
+  ** as "x>NULL" if x is not an INTEGER PRIMARY KEY.  So construct a
+  ** virtual term of that form.
+  **
+  ** Note that the virtual term must be tagged with TERM_VNULL.
+  */
+  if( pExpr->op==TK_NOTNULL
+   && pExpr->pLeft->op==TK_COLUMN
+   && pExpr->pLeft->iColumn>=0
+   && OptimizationEnabled(db, SQLITE_Stat34)
+  ){
+    Expr *pNewExpr;
+    Expr *pLeft = pExpr->pLeft;
+    int idxNew;
+    WhereTerm *pNewTerm;
+
+    pNewExpr = sqlite3PExpr(pParse, TK_GT,
+                            sqlite3ExprDup(db, pLeft, 0),
+                            sqlite3PExpr(pParse, TK_NULL, 0, 0, 0), 0);
+
+    idxNew = whereClauseInsert(pWC, pNewExpr,
+                              TERM_VIRTUAL|TERM_DYNAMIC|TERM_VNULL);
+    if( idxNew ){
+      pNewTerm = &pWC->a[idxNew];
+      pNewTerm->prereqRight = 0;
+      pNewTerm->leftCursor = pLeft->iTable;
+      pNewTerm->u.leftColumn = pLeft->iColumn;
+      pNewTerm->eOperator = WO_GT;
+      markTermAsChild(pWC, idxNew, idxTerm);
+      pTerm = &pWC->a[idxTerm];
+      pTerm->wtFlags |= TERM_COPIED;
+      pNewTerm->prereqAll = pTerm->prereqAll;
+    }
+  }
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+  /* Prevent ON clause terms of a LEFT JOIN from being used to drive
+  ** an index for tables to the left of the join.
+  */
+  pTerm->prereqRight |= extraRight;
+}
+
+/***************************************************************************
+** Routines with file scope above.  Interface to the rest of the where.c
+** subsystem follows.
+***************************************************************************/
+
+/*
+** This routine identifies subexpressions in the WHERE clause where
+** each subexpression is separated by the AND operator or some other
+** operator specified in the op parameter.  The WhereClause structure
+** is filled with pointers to subexpressions.  For example:
+**
+**    WHERE  a=='hello' AND coalesce(b,11)<10 AND (c+12!=d OR c==22)
+**           \________/     \_______________/     \________________/
+**            slot[0]            slot[1]               slot[2]
+**
+** The original WHERE clause in pExpr is unaltered.  All this routine
+** does is make slot[] entries point to substructure within pExpr.
+**
+** In the previous sentence and in the diagram, "slot[]" refers to
+** the WhereClause.a[] array.  The slot[] array grows as needed to contain
+** all terms of the WHERE clause.
+*/
+SQLITE_PRIVATE void sqlite3WhereSplit(WhereClause *pWC, Expr *pExpr, u8 op){
+  Expr *pE2 = sqlite3ExprSkipCollate(pExpr);
+  pWC->op = op;
+  if( pE2==0 ) return;
+  if( pE2->op!=op ){
+    whereClauseInsert(pWC, pExpr, 0);
+  }else{
+    sqlite3WhereSplit(pWC, pE2->pLeft, op);
+    sqlite3WhereSplit(pWC, pE2->pRight, op);
+  }
+}
+
+/*
+** Initialize a preallocated WhereClause structure.
+*/
+SQLITE_PRIVATE void sqlite3WhereClauseInit(
+  WhereClause *pWC,        /* The WhereClause to be initialized */
+  WhereInfo *pWInfo        /* The WHERE processing context */
+){
+  pWC->pWInfo = pWInfo;
+  pWC->pOuter = 0;
+  pWC->nTerm = 0;
+  pWC->nSlot = ArraySize(pWC->aStatic);
+  pWC->a = pWC->aStatic;
+}
+
+/*
+** Deallocate a WhereClause structure.  The WhereClause structure
+** itself is not freed.  This routine is the inverse of
+** sqlite3WhereClauseInit().
+*/
+SQLITE_PRIVATE void sqlite3WhereClauseClear(WhereClause *pWC){
+  int i;
+  WhereTerm *a;
+  sqlite3 *db = pWC->pWInfo->pParse->db;
+  for(i=pWC->nTerm-1, a=pWC->a; i>=0; i--, a++){
+    if( a->wtFlags & TERM_DYNAMIC ){
+      sqlite3ExprDelete(db, a->pExpr);
+    }
+    if( a->wtFlags & TERM_ORINFO ){
+      whereOrInfoDelete(db, a->u.pOrInfo);
+    }else if( a->wtFlags & TERM_ANDINFO ){
+      whereAndInfoDelete(db, a->u.pAndInfo);
+    }
+  }
+  if( pWC->a!=pWC->aStatic ){
+    sqlite3DbFree(db, pWC->a);
+  }
+}
+
+
+/*
+** These routines walk (recursively) an expression tree and generate
+** a bitmask indicating which tables are used in that expression
+** tree.
+*/
+SQLITE_PRIVATE Bitmask sqlite3WhereExprUsage(WhereMaskSet *pMaskSet, Expr *p){
+  Bitmask mask = 0;
+  if( p==0 ) return 0;
+  if( p->op==TK_COLUMN ){
+    mask = sqlite3WhereGetMask(pMaskSet, p->iTable);
+    return mask;
+  }
+  mask = sqlite3WhereExprUsage(pMaskSet, p->pRight);
+  mask |= sqlite3WhereExprUsage(pMaskSet, p->pLeft);
+  if( ExprHasProperty(p, EP_xIsSelect) ){
+    mask |= exprSelectUsage(pMaskSet, p->x.pSelect);
+  }else{
+    mask |= sqlite3WhereExprListUsage(pMaskSet, p->x.pList);
+  }
+  return mask;
+}
+SQLITE_PRIVATE Bitmask sqlite3WhereExprListUsage(WhereMaskSet *pMaskSet, ExprList *pList){
+  int i;
+  Bitmask mask = 0;
+  if( pList ){
+    for(i=0; i<pList->nExpr; i++){
+      mask |= sqlite3WhereExprUsage(pMaskSet, pList->a[i].pExpr);
+    }
+  }
+  return mask;
+}
+
+
+/*
+** Call exprAnalyze on all terms in a WHERE clause.  
+**
+** Note that exprAnalyze() might add new virtual terms onto the
+** end of the WHERE clause.  We do not want to analyze these new
+** virtual terms, so start analyzing at the end and work forward
+** so that the added virtual terms are never processed.
+*/
+SQLITE_PRIVATE void sqlite3WhereExprAnalyze(
+  SrcList *pTabList,       /* the FROM clause */
+  WhereClause *pWC         /* the WHERE clause to be analyzed */
+){
+  int i;
+  for(i=pWC->nTerm-1; i>=0; i--){
+    exprAnalyze(pTabList, pWC, i);
+  }
+}
+
+/*
+** For table-valued-functions, transform the function arguments into
+** new WHERE clause terms.  
+**
+** Each function argument translates into an equality constraint against
+** a HIDDEN column in the table.
+*/
+SQLITE_PRIVATE void sqlite3WhereTabFuncArgs(
+  Parse *pParse,                    /* Parsing context */
+  struct SrcList_item *pItem,       /* The FROM clause term to process */
+  WhereClause *pWC                  /* Xfer function arguments to here */
+){
+  Table *pTab;
+  int j, k;
+  ExprList *pArgs;
+  Expr *pColRef;
+  Expr *pTerm;
+  if( pItem->fg.isTabFunc==0 ) return;
+  pTab = pItem->pTab;
+  assert( pTab!=0 );
+  pArgs = pItem->u1.pFuncArg;
+  if( pArgs==0 ) return;
+  for(j=k=0; j<pArgs->nExpr; j++){
+    while( k<pTab->nCol && (pTab->aCol[k].colFlags & COLFLAG_HIDDEN)==0 ){k++;}
+    if( k>=pTab->nCol ){
+      sqlite3ErrorMsg(pParse, "too many arguments on %s() - max %d",
+                      pTab->zName, j);
+      return;
+    }
+    pColRef = sqlite3PExpr(pParse, TK_COLUMN, 0, 0, 0);
+    if( pColRef==0 ) return;
+    pColRef->iTable = pItem->iCursor;
+    pColRef->iColumn = k++;
+    pColRef->pTab = pTab;
+    pTerm = sqlite3PExpr(pParse, TK_EQ, pColRef,
+                         sqlite3ExprDup(pParse->db, pArgs->a[j].pExpr, 0), 0);
+    whereClauseInsert(pWC, pTerm, TERM_DYNAMIC);
+  }
+}
+
+/************** End of whereexpr.c *******************************************/
+/************** Begin file where.c *******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This module contains C code that generates VDBE code used to process
+** the WHERE clause of SQL statements.  This module is responsible for
+** generating the code that loops through a table looking for applicable
+** rows.  Indices are selected and used to speed the search when doing
+** so is applicable.  Because this module is responsible for selecting
+** indices, you might also think of this module as the "query optimizer".
+*/
+/* #include "sqliteInt.h" */
+/* #include "whereInt.h" */
+
+/* Forward declaration of methods */
+static int whereLoopResize(sqlite3*, WhereLoop*, int);
+
+/* Test variable that can be set to enable WHERE tracing */
+#if defined(SQLITE_TEST) || defined(SQLITE_DEBUG)
+/***/ int sqlite3WhereTrace = 0;
+#endif
+
+
+/*
+** Return the estimated number of output rows from a WHERE clause
+*/
+SQLITE_PRIVATE u64 sqlite3WhereOutputRowCount(WhereInfo *pWInfo){
+  return sqlite3LogEstToInt(pWInfo->nRowOut);
+}
+
+/*
+** Return one of the WHERE_DISTINCT_xxxxx values to indicate how this
+** WHERE clause returns outputs for DISTINCT processing.
+*/
+SQLITE_PRIVATE int sqlite3WhereIsDistinct(WhereInfo *pWInfo){
+  return pWInfo->eDistinct;
+}
+
+/*
+** Return TRUE if the WHERE clause returns rows in ORDER BY order.
+** Return FALSE if the output needs to be sorted.
+*/
+SQLITE_PRIVATE int sqlite3WhereIsOrdered(WhereInfo *pWInfo){
+  return pWInfo->nOBSat;
+}
+
+/*
+** Return the VDBE address or label to jump to in order to continue
+** immediately with the next row of a WHERE clause.
+*/
+SQLITE_PRIVATE int sqlite3WhereContinueLabel(WhereInfo *pWInfo){
+  assert( pWInfo->iContinue!=0 );
+  return pWInfo->iContinue;
+}
+
+/*
+** Return the VDBE address or label to jump to in order to break
+** out of a WHERE loop.
+*/
+SQLITE_PRIVATE int sqlite3WhereBreakLabel(WhereInfo *pWInfo){
+  return pWInfo->iBreak;
+}
+
+/*
+** Return ONEPASS_OFF (0) if an UPDATE or DELETE statement is unable to
+** operate directly on the rowis returned by a WHERE clause.  Return
+** ONEPASS_SINGLE (1) if the statement can operation directly because only
+** a single row is to be changed.  Return ONEPASS_MULTI (2) if the one-pass
+** optimization can be used on multiple 
+**
+** If the ONEPASS optimization is used (if this routine returns true)
+** then also write the indices of open cursors used by ONEPASS
+** into aiCur[0] and aiCur[1].  iaCur[0] gets the cursor of the data
+** table and iaCur[1] gets the cursor used by an auxiliary index.
+** Either value may be -1, indicating that cursor is not used.
+** Any cursors returned will have been opened for writing.
+**
+** aiCur[0] and aiCur[1] both get -1 if the where-clause logic is
+** unable to use the ONEPASS optimization.
+*/
+SQLITE_PRIVATE int sqlite3WhereOkOnePass(WhereInfo *pWInfo, int *aiCur){
+  memcpy(aiCur, pWInfo->aiCurOnePass, sizeof(int)*2);
+#ifdef WHERETRACE_ENABLED
+  if( sqlite3WhereTrace && pWInfo->eOnePass!=ONEPASS_OFF ){
+    sqlite3DebugPrintf("%s cursors: %d %d\n",
+         pWInfo->eOnePass==ONEPASS_SINGLE ? "ONEPASS_SINGLE" : "ONEPASS_MULTI",
+         aiCur[0], aiCur[1]);
+  }
+#endif
+  return pWInfo->eOnePass;
+}
+
+/*
+** Move the content of pSrc into pDest
+*/
+static void whereOrMove(WhereOrSet *pDest, WhereOrSet *pSrc){
+  pDest->n = pSrc->n;
+  memcpy(pDest->a, pSrc->a, pDest->n*sizeof(pDest->a[0]));
+}
+
+/*
+** Try to insert a new prerequisite/cost entry into the WhereOrSet pSet.
+**
+** The new entry might overwrite an existing entry, or it might be
+** appended, or it might be discarded.  Do whatever is the right thing
+** so that pSet keeps the N_OR_COST best entries seen so far.
+*/
+static int whereOrInsert(
+  WhereOrSet *pSet,      /* The WhereOrSet to be updated */
+  Bitmask prereq,        /* Prerequisites of the new entry */
+  LogEst rRun,           /* Run-cost of the new entry */
+  LogEst nOut            /* Number of outputs for the new entry */
+){
+  u16 i;
+  WhereOrCost *p;
+  for(i=pSet->n, p=pSet->a; i>0; i--, p++){
+    if( rRun<=p->rRun && (prereq & p->prereq)==prereq ){
+      goto whereOrInsert_done;
+    }
+    if( p->rRun<=rRun && (p->prereq & prereq)==p->prereq ){
+      return 0;
+    }
+  }
+  if( pSet->n<N_OR_COST ){
+    p = &pSet->a[pSet->n++];
+    p->nOut = nOut;
+  }else{
+    p = pSet->a;
+    for(i=1; i<pSet->n; i++){
+      if( p->rRun>pSet->a[i].rRun ) p = pSet->a + i;
+    }
+    if( p->rRun<=rRun ) return 0;
+  }
+whereOrInsert_done:
+  p->prereq = prereq;
+  p->rRun = rRun;
+  if( p->nOut>nOut ) p->nOut = nOut;
+  return 1;
+}
+
+/*
+** Return the bitmask for the given cursor number.  Return 0 if
+** iCursor is not in the set.
+*/
+SQLITE_PRIVATE Bitmask sqlite3WhereGetMask(WhereMaskSet *pMaskSet, int iCursor){
+  int i;
+  assert( pMaskSet->n<=(int)sizeof(Bitmask)*8 );
+  for(i=0; i<pMaskSet->n; i++){
+    if( pMaskSet->ix[i]==iCursor ){
+      return MASKBIT(i);
+    }
+  }
+  return 0;
+}
+
+/*
+** Create a new mask for cursor iCursor.
+**
+** There is one cursor per table in the FROM clause.  The number of
+** tables in the FROM clause is limited by a test early in the
+** sqlite3WhereBegin() routine.  So we know that the pMaskSet->ix[]
+** array will never overflow.
+*/
+static void createMask(WhereMaskSet *pMaskSet, int iCursor){
+  assert( pMaskSet->n < ArraySize(pMaskSet->ix) );
+  pMaskSet->ix[pMaskSet->n++] = iCursor;
+}
+
+/*
+** Advance to the next WhereTerm that matches according to the criteria
+** established when the pScan object was initialized by whereScanInit().
+** Return NULL if there are no more matching WhereTerms.
+*/
+static WhereTerm *whereScanNext(WhereScan *pScan){
+  int iCur;            /* The cursor on the LHS of the term */
+  i16 iColumn;         /* The column on the LHS of the term.  -1 for IPK */
+  Expr *pX;            /* An expression being tested */
+  WhereClause *pWC;    /* Shorthand for pScan->pWC */
+  WhereTerm *pTerm;    /* The term being tested */
+  int k = pScan->k;    /* Where to start scanning */
+
+  while( pScan->iEquiv<=pScan->nEquiv ){
+    iCur = pScan->aiCur[pScan->iEquiv-1];
+    iColumn = pScan->aiColumn[pScan->iEquiv-1];
+    if( iColumn==XN_EXPR && pScan->pIdxExpr==0 ) return 0;
+    while( (pWC = pScan->pWC)!=0 ){
+      for(pTerm=pWC->a+k; k<pWC->nTerm; k++, pTerm++){
+        if( pTerm->leftCursor==iCur
+         && pTerm->u.leftColumn==iColumn
+         && (iColumn!=XN_EXPR
+             || sqlite3ExprCompare(pTerm->pExpr->pLeft,pScan->pIdxExpr,iCur)==0)
+         && (pScan->iEquiv<=1 || !ExprHasProperty(pTerm->pExpr, EP_FromJoin))
+        ){
+          if( (pTerm->eOperator & WO_EQUIV)!=0
+           && pScan->nEquiv<ArraySize(pScan->aiCur)
+           && (pX = sqlite3ExprSkipCollate(pTerm->pExpr->pRight))->op==TK_COLUMN
+          ){
+            int j;
+            for(j=0; j<pScan->nEquiv; j++){
+              if( pScan->aiCur[j]==pX->iTable
+               && pScan->aiColumn[j]==pX->iColumn ){
+                  break;
+              }
+            }
+            if( j==pScan->nEquiv ){
+              pScan->aiCur[j] = pX->iTable;
+              pScan->aiColumn[j] = pX->iColumn;
+              pScan->nEquiv++;
+            }
+          }
+          if( (pTerm->eOperator & pScan->opMask)!=0 ){
+            /* Verify the affinity and collating sequence match */
+            if( pScan->zCollName && (pTerm->eOperator & WO_ISNULL)==0 ){
+              CollSeq *pColl;
+              Parse *pParse = pWC->pWInfo->pParse;
+              pX = pTerm->pExpr;
+              if( !sqlite3IndexAffinityOk(pX, pScan->idxaff) ){
+                continue;
+              }
+              assert(pX->pLeft);
+              pColl = sqlite3BinaryCompareCollSeq(pParse,
+                                                  pX->pLeft, pX->pRight);
+              if( pColl==0 ) pColl = pParse->db->pDfltColl;
+              if( sqlite3StrICmp(pColl->zName, pScan->zCollName) ){
+                continue;
+              }
+            }
+            if( (pTerm->eOperator & (WO_EQ|WO_IS))!=0
+             && (pX = pTerm->pExpr->pRight)->op==TK_COLUMN
+             && pX->iTable==pScan->aiCur[0]
+             && pX->iColumn==pScan->aiColumn[0]
+            ){
+              testcase( pTerm->eOperator & WO_IS );
+              continue;
+            }
+            pScan->k = k+1;
+            return pTerm;
+          }
+        }
+      }
+      pScan->pWC = pScan->pWC->pOuter;
+      k = 0;
+    }
+    pScan->pWC = pScan->pOrigWC;
+    k = 0;
+    pScan->iEquiv++;
+  }
+  return 0;
+}
+
+/*
+** Initialize a WHERE clause scanner object.  Return a pointer to the
+** first match.  Return NULL if there are no matches.
+**
+** The scanner will be searching the WHERE clause pWC.  It will look
+** for terms of the form "X <op> <expr>" where X is column iColumn of table
+** iCur.  The <op> must be one of the operators described by opMask.
+**
+** If the search is for X and the WHERE clause contains terms of the
+** form X=Y then this routine might also return terms of the form
+** "Y <op> <expr>".  The number of levels of transitivity is limited,
+** but is enough to handle most commonly occurring SQL statements.
+**
+** If X is not the INTEGER PRIMARY KEY then X must be compatible with
+** index pIdx.
+*/
+static WhereTerm *whereScanInit(
+  WhereScan *pScan,       /* The WhereScan object being initialized */
+  WhereClause *pWC,       /* The WHERE clause to be scanned */
+  int iCur,               /* Cursor to scan for */
+  int iColumn,            /* Column to scan for */
+  u32 opMask,             /* Operator(s) to scan for */
+  Index *pIdx             /* Must be compatible with this index */
+){
+  int j = 0;
+
+  /* memset(pScan, 0, sizeof(*pScan)); */
+  pScan->pOrigWC = pWC;
+  pScan->pWC = pWC;
+  pScan->pIdxExpr = 0;
+  if( pIdx ){
+    j = iColumn;
+    iColumn = pIdx->aiColumn[j];
+    if( iColumn==XN_EXPR ) pScan->pIdxExpr = pIdx->aColExpr->a[j].pExpr;
+  }
+  if( pIdx && iColumn>=0 ){
+    pScan->idxaff = pIdx->pTable->aCol[iColumn].affinity;
+    pScan->zCollName = pIdx->azColl[j];
+  }else{
+    pScan->idxaff = 0;
+    pScan->zCollName = 0;
+  }
+  pScan->opMask = opMask;
+  pScan->k = 0;
+  pScan->aiCur[0] = iCur;
+  pScan->aiColumn[0] = iColumn;
+  pScan->nEquiv = 1;
+  pScan->iEquiv = 1;
+  return whereScanNext(pScan);
+}
+
+/*
+** Search for a term in the WHERE clause that is of the form "X <op> <expr>"
+** where X is a reference to the iColumn of table iCur and <op> is one of
+** the WO_xx operator codes specified by the op parameter.
+** Return a pointer to the term.  Return 0 if not found.
+**
+** If pIdx!=0 then search for terms matching the iColumn-th column of pIdx
+** rather than the iColumn-th column of table iCur.
+**
+** The term returned might by Y=<expr> if there is another constraint in
+** the WHERE clause that specifies that X=Y.  Any such constraints will be
+** identified by the WO_EQUIV bit in the pTerm->eOperator field.  The
+** aiCur[]/iaColumn[] arrays hold X and all its equivalents. There are 11
+** slots in aiCur[]/aiColumn[] so that means we can look for X plus up to 10
+** other equivalent values.  Hence a search for X will return <expr> if X=A1
+** and A1=A2 and A2=A3 and ... and A9=A10 and A10=<expr>.
+**
+** If there are multiple terms in the WHERE clause of the form "X <op> <expr>"
+** then try for the one with no dependencies on <expr> - in other words where
+** <expr> is a constant expression of some kind.  Only return entries of
+** the form "X <op> Y" where Y is a column in another table if no terms of
+** the form "X <op> <const-expr>" exist.   If no terms with a constant RHS
+** exist, try to return a term that does not use WO_EQUIV.
+*/
+SQLITE_PRIVATE WhereTerm *sqlite3WhereFindTerm(
+  WhereClause *pWC,     /* The WHERE clause to be searched */
+  int iCur,             /* Cursor number of LHS */
+  int iColumn,          /* Column number of LHS */
+  Bitmask notReady,     /* RHS must not overlap with this mask */
+  u32 op,               /* Mask of WO_xx values describing operator */
+  Index *pIdx           /* Must be compatible with this index, if not NULL */
+){
+  WhereTerm *pResult = 0;
+  WhereTerm *p;
+  WhereScan scan;
+
+  p = whereScanInit(&scan, pWC, iCur, iColumn, op, pIdx);
+  op &= WO_EQ|WO_IS;
+  while( p ){
+    if( (p->prereqRight & notReady)==0 ){
+      if( p->prereqRight==0 && (p->eOperator&op)!=0 ){
+        testcase( p->eOperator & WO_IS );
+        return p;
+      }
+      if( pResult==0 ) pResult = p;
+    }
+    p = whereScanNext(&scan);
+  }
+  return pResult;
+}
+
+/*
+** This function searches pList for an entry that matches the iCol-th column
+** of index pIdx.
+**
+** If such an expression is found, its index in pList->a[] is returned. If
+** no expression is found, -1 is returned.
+*/
+static int findIndexCol(
+  Parse *pParse,                  /* Parse context */
+  ExprList *pList,                /* Expression list to search */
+  int iBase,                      /* Cursor for table associated with pIdx */
+  Index *pIdx,                    /* Index to match column of */
+  int iCol                        /* Column of index to match */
+){
+  int i;
+  const char *zColl = pIdx->azColl[iCol];
+
+  for(i=0; i<pList->nExpr; i++){
+    Expr *p = sqlite3ExprSkipCollate(pList->a[i].pExpr);
+    if( p->op==TK_COLUMN
+     && p->iColumn==pIdx->aiColumn[iCol]
+     && p->iTable==iBase
+    ){
+      CollSeq *pColl = sqlite3ExprCollSeq(pParse, pList->a[i].pExpr);
+      if( pColl && 0==sqlite3StrICmp(pColl->zName, zColl) ){
+        return i;
+      }
+    }
+  }
+
+  return -1;
+}
+
+/*
+** Return TRUE if the iCol-th column of index pIdx is NOT NULL
+*/
+static int indexColumnNotNull(Index *pIdx, int iCol){
+  int j;
+  assert( pIdx!=0 );
+  assert( iCol>=0 && iCol<pIdx->nColumn );
+  j = pIdx->aiColumn[iCol];
+  if( j>=0 ){
+    return pIdx->pTable->aCol[j].notNull;
+  }else if( j==(-1) ){
+    return 1;
+  }else{
+    assert( j==(-2) );
+    return 0;  /* Assume an indexed expression can always yield a NULL */
+
+  }
+}
+
+/*
+** Return true if the DISTINCT expression-list passed as the third argument
+** is redundant.
+**
+** A DISTINCT list is redundant if any subset of the columns in the
+** DISTINCT list are collectively unique and individually non-null.
+*/
+static int isDistinctRedundant(
+  Parse *pParse,            /* Parsing context */
+  SrcList *pTabList,        /* The FROM clause */
+  WhereClause *pWC,         /* The WHERE clause */
+  ExprList *pDistinct       /* The result set that needs to be DISTINCT */
+){
+  Table *pTab;
+  Index *pIdx;
+  int i;                          
+  int iBase;
+
+  /* If there is more than one table or sub-select in the FROM clause of
+  ** this query, then it will not be possible to show that the DISTINCT 
+  ** clause is redundant. */
+  if( pTabList->nSrc!=1 ) return 0;
+  iBase = pTabList->a[0].iCursor;
+  pTab = pTabList->a[0].pTab;
+
+  /* If any of the expressions is an IPK column on table iBase, then return 
+  ** true. Note: The (p->iTable==iBase) part of this test may be false if the
+  ** current SELECT is a correlated sub-query.
+  */
+  for(i=0; i<pDistinct->nExpr; i++){
+    Expr *p = sqlite3ExprSkipCollate(pDistinct->a[i].pExpr);
+    if( p->op==TK_COLUMN && p->iTable==iBase && p->iColumn<0 ) return 1;
+  }
+
+  /* Loop through all indices on the table, checking each to see if it makes
+  ** the DISTINCT qualifier redundant. It does so if:
+  **
+  **   1. The index is itself UNIQUE, and
+  **
+  **   2. All of the columns in the index are either part of the pDistinct
+  **      list, or else the WHERE clause contains a term of the form "col=X",
+  **      where X is a constant value. The collation sequences of the
+  **      comparison and select-list expressions must match those of the index.
+  **
+  **   3. All of those index columns for which the WHERE clause does not
+  **      contain a "col=X" term are subject to a NOT NULL constraint.
+  */
+  for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+    if( !IsUniqueIndex(pIdx) ) continue;
+    for(i=0; i<pIdx->nKeyCol; i++){
+      if( 0==sqlite3WhereFindTerm(pWC, iBase, i, ~(Bitmask)0, WO_EQ, pIdx) ){
+        if( findIndexCol(pParse, pDistinct, iBase, pIdx, i)<0 ) break;
+        if( indexColumnNotNull(pIdx, i)==0 ) break;
+      }
+    }
+    if( i==pIdx->nKeyCol ){
+      /* This index implies that the DISTINCT qualifier is redundant. */
+      return 1;
+    }
+  }
+
+  return 0;
+}
+
+
+/*
+** Estimate the logarithm of the input value to base 2.
+*/
+static LogEst estLog(LogEst N){
+  return N<=10 ? 0 : sqlite3LogEst(N) - 33;
+}
+
+/*
+** Convert OP_Column opcodes to OP_Copy in previously generated code.
+**
+** This routine runs over generated VDBE code and translates OP_Column
+** opcodes into OP_Copy when the table is being accessed via co-routine 
+** instead of via table lookup.
+**
+** If the bIncrRowid parameter is 0, then any OP_Rowid instructions on
+** cursor iTabCur are transformed into OP_Null. Or, if bIncrRowid is non-zero,
+** then each OP_Rowid is transformed into an instruction to increment the
+** value stored in its output register.
+*/
+static void translateColumnToCopy(
+  Vdbe *v,            /* The VDBE containing code to translate */
+  int iStart,         /* Translate from this opcode to the end */
+  int iTabCur,        /* OP_Column/OP_Rowid references to this table */
+  int iRegister,      /* The first column is in this register */
+  int bIncrRowid      /* If non-zero, transform OP_rowid to OP_AddImm(1) */
+){
+  VdbeOp *pOp = sqlite3VdbeGetOp(v, iStart);
+  int iEnd = sqlite3VdbeCurrentAddr(v);
+  for(; iStart<iEnd; iStart++, pOp++){
+    if( pOp->p1!=iTabCur ) continue;
+    if( pOp->opcode==OP_Column ){
+      pOp->opcode = OP_Copy;
+      pOp->p1 = pOp->p2 + iRegister;
+      pOp->p2 = pOp->p3;
+      pOp->p3 = 0;
+    }else if( pOp->opcode==OP_Rowid ){
+      if( bIncrRowid ){
+        /* Increment the value stored in the P2 operand of the OP_Rowid. */
+        pOp->opcode = OP_AddImm;
+        pOp->p1 = pOp->p2;
+        pOp->p2 = 1;
+      }else{
+        pOp->opcode = OP_Null;
+        pOp->p1 = 0;
+        pOp->p3 = 0;
+      }
+    }
+  }
+}
+
+/*
+** Two routines for printing the content of an sqlite3_index_info
+** structure.  Used for testing and debugging only.  If neither
+** SQLITE_TEST or SQLITE_DEBUG are defined, then these routines
+** are no-ops.
+*/
+#if !defined(SQLITE_OMIT_VIRTUALTABLE) && defined(WHERETRACE_ENABLED)
+static void TRACE_IDX_INPUTS(sqlite3_index_info *p){
+  int i;
+  if( !sqlite3WhereTrace ) return;
+  for(i=0; i<p->nConstraint; i++){
+    sqlite3DebugPrintf("  constraint[%d]: col=%d termid=%d op=%d usabled=%d\n",
+       i,
+       p->aConstraint[i].iColumn,
+       p->aConstraint[i].iTermOffset,
+       p->aConstraint[i].op,
+       p->aConstraint[i].usable);
+  }
+  for(i=0; i<p->nOrderBy; i++){
+    sqlite3DebugPrintf("  orderby[%d]: col=%d desc=%d\n",
+       i,
+       p->aOrderBy[i].iColumn,
+       p->aOrderBy[i].desc);
+  }
+}
+static void TRACE_IDX_OUTPUTS(sqlite3_index_info *p){
+  int i;
+  if( !sqlite3WhereTrace ) return;
+  for(i=0; i<p->nConstraint; i++){
+    sqlite3DebugPrintf("  usage[%d]: argvIdx=%d omit=%d\n",
+       i,
+       p->aConstraintUsage[i].argvIndex,
+       p->aConstraintUsage[i].omit);
+  }
+  sqlite3DebugPrintf("  idxNum=%d\n", p->idxNum);
+  sqlite3DebugPrintf("  idxStr=%s\n", p->idxStr);
+  sqlite3DebugPrintf("  orderByConsumed=%d\n", p->orderByConsumed);
+  sqlite3DebugPrintf("  estimatedCost=%g\n", p->estimatedCost);
+  sqlite3DebugPrintf("  estimatedRows=%lld\n", p->estimatedRows);
+}
+#else
+#define TRACE_IDX_INPUTS(A)
+#define TRACE_IDX_OUTPUTS(A)
+#endif
+
+#ifndef SQLITE_OMIT_AUTOMATIC_INDEX
+/*
+** Return TRUE if the WHERE clause term pTerm is of a form where it
+** could be used with an index to access pSrc, assuming an appropriate
+** index existed.
+*/
+static int termCanDriveIndex(
+  WhereTerm *pTerm,              /* WHERE clause term to check */
+  struct SrcList_item *pSrc,     /* Table we are trying to access */
+  Bitmask notReady               /* Tables in outer loops of the join */
+){
+  char aff;
+  if( pTerm->leftCursor!=pSrc->iCursor ) return 0;
+  if( (pTerm->eOperator & (WO_EQ|WO_IS))==0 ) return 0;
+  if( (pTerm->prereqRight & notReady)!=0 ) return 0;
+  if( pTerm->u.leftColumn<0 ) return 0;
+  aff = pSrc->pTab->aCol[pTerm->u.leftColumn].affinity;
+  if( !sqlite3IndexAffinityOk(pTerm->pExpr, aff) ) return 0;
+  testcase( pTerm->pExpr->op==TK_IS );
+  return 1;
+}
+#endif
+
+
+#ifndef SQLITE_OMIT_AUTOMATIC_INDEX
+/*
+** Generate code to construct the Index object for an automatic index
+** and to set up the WhereLevel object pLevel so that the code generator
+** makes use of the automatic index.
+*/
+static void constructAutomaticIndex(
+  Parse *pParse,              /* The parsing context */
+  WhereClause *pWC,           /* The WHERE clause */
+  struct SrcList_item *pSrc,  /* The FROM clause term to get the next index */
+  Bitmask notReady,           /* Mask of cursors that are not available */
+  WhereLevel *pLevel          /* Write new index here */
+){
+  int nKeyCol;                /* Number of columns in the constructed index */
+  WhereTerm *pTerm;           /* A single term of the WHERE clause */
+  WhereTerm *pWCEnd;          /* End of pWC->a[] */
+  Index *pIdx;                /* Object describing the transient index */
+  Vdbe *v;                    /* Prepared statement under construction */
+  int addrInit;               /* Address of the initialization bypass jump */
+  Table *pTable;              /* The table being indexed */
+  int addrTop;                /* Top of the index fill loop */
+  int regRecord;              /* Register holding an index record */
+  int n;                      /* Column counter */
+  int i;                      /* Loop counter */
+  int mxBitCol;               /* Maximum column in pSrc->colUsed */
+  CollSeq *pColl;             /* Collating sequence to on a column */
+  WhereLoop *pLoop;           /* The Loop object */
+  char *zNotUsed;             /* Extra space on the end of pIdx */
+  Bitmask idxCols;            /* Bitmap of columns used for indexing */
+  Bitmask extraCols;          /* Bitmap of additional columns */
+  u8 sentWarning = 0;         /* True if a warnning has been issued */
+  Expr *pPartial = 0;         /* Partial Index Expression */
+  int iContinue = 0;          /* Jump here to skip excluded rows */
+  struct SrcList_item *pTabItem;  /* FROM clause term being indexed */
+  int addrCounter = 0;        /* Address where integer counter is initialized */
+  int regBase;                /* Array of registers where record is assembled */
+
+  /* Generate code to skip over the creation and initialization of the
+  ** transient index on 2nd and subsequent iterations of the loop. */
+  v = pParse->pVdbe;
+  assert( v!=0 );
+  addrInit = sqlite3CodeOnce(pParse); VdbeCoverage(v);
+
+  /* Count the number of columns that will be added to the index
+  ** and used to match WHERE clause constraints */
+  nKeyCol = 0;
+  pTable = pSrc->pTab;
+  pWCEnd = &pWC->a[pWC->nTerm];
+  pLoop = pLevel->pWLoop;
+  idxCols = 0;
+  for(pTerm=pWC->a; pTerm<pWCEnd; pTerm++){
+    Expr *pExpr = pTerm->pExpr;
+    assert( !ExprHasProperty(pExpr, EP_FromJoin)    /* prereq always non-zero */
+         || pExpr->iRightJoinTable!=pSrc->iCursor   /*   for the right-hand   */
+         || pLoop->prereq!=0 );                     /*   table of a LEFT JOIN */
+    if( pLoop->prereq==0
+     && (pTerm->wtFlags & TERM_VIRTUAL)==0
+     && !ExprHasProperty(pExpr, EP_FromJoin)
+     && sqlite3ExprIsTableConstant(pExpr, pSrc->iCursor) ){
+      pPartial = sqlite3ExprAnd(pParse->db, pPartial,
+                                sqlite3ExprDup(pParse->db, pExpr, 0));
+    }
+    if( termCanDriveIndex(pTerm, pSrc, notReady) ){
+      int iCol = pTerm->u.leftColumn;
+      Bitmask cMask = iCol>=BMS ? MASKBIT(BMS-1) : MASKBIT(iCol);
+      testcase( iCol==BMS );
+      testcase( iCol==BMS-1 );
+      if( !sentWarning ){
+        sqlite3_log(SQLITE_WARNING_AUTOINDEX,
+            "automatic index on %s(%s)", pTable->zName,
+            pTable->aCol[iCol].zName);
+        sentWarning = 1;
+      }
+      if( (idxCols & cMask)==0 ){
+        if( whereLoopResize(pParse->db, pLoop, nKeyCol+1) ){
+          goto end_auto_index_create;
+        }
+        pLoop->aLTerm[nKeyCol++] = pTerm;
+        idxCols |= cMask;
+      }
+    }
+  }
+  assert( nKeyCol>0 );
+  pLoop->u.btree.nEq = pLoop->nLTerm = nKeyCol;
+  pLoop->wsFlags = WHERE_COLUMN_EQ | WHERE_IDX_ONLY | WHERE_INDEXED
+                     | WHERE_AUTO_INDEX;
+
+  /* Count the number of additional columns needed to create a
+  ** covering index.  A "covering index" is an index that contains all
+  ** columns that are needed by the query.  With a covering index, the
+  ** original table never needs to be accessed.  Automatic indices must
+  ** be a covering index because the index will not be updated if the
+  ** original table changes and the index and table cannot both be used
+  ** if they go out of sync.
+  */
+  extraCols = pSrc->colUsed & (~idxCols | MASKBIT(BMS-1));
+  mxBitCol = MIN(BMS-1,pTable->nCol);
+  testcase( pTable->nCol==BMS-1 );
+  testcase( pTable->nCol==BMS-2 );
+  for(i=0; i<mxBitCol; i++){
+    if( extraCols & MASKBIT(i) ) nKeyCol++;
+  }
+  if( pSrc->colUsed & MASKBIT(BMS-1) ){
+    nKeyCol += pTable->nCol - BMS + 1;
+  }
+
+  /* Construct the Index object to describe this index */
+  pIdx = sqlite3AllocateIndexObject(pParse->db, nKeyCol+1, 0, &zNotUsed);
+  if( pIdx==0 ) goto end_auto_index_create;
+  pLoop->u.btree.pIndex = pIdx;
+  pIdx->zName = "auto-index";
+  pIdx->pTable = pTable;
+  n = 0;
+  idxCols = 0;
+  for(pTerm=pWC->a; pTerm<pWCEnd; pTerm++){
+    if( termCanDriveIndex(pTerm, pSrc, notReady) ){
+      int iCol = pTerm->u.leftColumn;
+      Bitmask cMask = iCol>=BMS ? MASKBIT(BMS-1) : MASKBIT(iCol);
+      testcase( iCol==BMS-1 );
+      testcase( iCol==BMS );
+      if( (idxCols & cMask)==0 ){
+        Expr *pX = pTerm->pExpr;
+        idxCols |= cMask;
+        pIdx->aiColumn[n] = pTerm->u.leftColumn;
+        pColl = sqlite3BinaryCompareCollSeq(pParse, pX->pLeft, pX->pRight);
+        pIdx->azColl[n] = pColl ? pColl->zName : sqlite3StrBINARY;
+        n++;
+      }
+    }
+  }
+  assert( (u32)n==pLoop->u.btree.nEq );
+
+  /* Add additional columns needed to make the automatic index into
+  ** a covering index */
+  for(i=0; i<mxBitCol; i++){
+    if( extraCols & MASKBIT(i) ){
+      pIdx->aiColumn[n] = i;
+      pIdx->azColl[n] = sqlite3StrBINARY;
+      n++;
+    }
+  }
+  if( pSrc->colUsed & MASKBIT(BMS-1) ){
+    for(i=BMS-1; i<pTable->nCol; i++){
+      pIdx->aiColumn[n] = i;
+      pIdx->azColl[n] = sqlite3StrBINARY;
+      n++;
+    }
+  }
+  assert( n==nKeyCol );
+  pIdx->aiColumn[n] = XN_ROWID;
+  pIdx->azColl[n] = sqlite3StrBINARY;
+
+  /* Create the automatic index */
+  assert( pLevel->iIdxCur>=0 );
+  pLevel->iIdxCur = pParse->nTab++;
+  sqlite3VdbeAddOp2(v, OP_OpenAutoindex, pLevel->iIdxCur, nKeyCol+1);
+  sqlite3VdbeSetP4KeyInfo(pParse, pIdx);
+  VdbeComment((v, "for %s", pTable->zName));
+
+  /* Fill the automatic index with content */
+  sqlite3ExprCachePush(pParse);
+  pTabItem = &pWC->pWInfo->pTabList->a[pLevel->iFrom];
+  if( pTabItem->fg.viaCoroutine ){
+    int regYield = pTabItem->regReturn;
+    addrCounter = sqlite3VdbeAddOp2(v, OP_Integer, 0, 0);
+    sqlite3VdbeAddOp3(v, OP_InitCoroutine, regYield, 0, pTabItem->addrFillSub);
+    addrTop =  sqlite3VdbeAddOp1(v, OP_Yield, regYield);
+    VdbeCoverage(v);
+    VdbeComment((v, "next row of \"%s\"", pTabItem->pTab->zName));
+  }else{
+    addrTop = sqlite3VdbeAddOp1(v, OP_Rewind, pLevel->iTabCur); VdbeCoverage(v);
+  }
+  if( pPartial ){
+    iContinue = sqlite3VdbeMakeLabel(v);
+    sqlite3ExprIfFalse(pParse, pPartial, iContinue, SQLITE_JUMPIFNULL);
+    pLoop->wsFlags |= WHERE_PARTIALIDX;
+  }
+  regRecord = sqlite3GetTempReg(pParse);
+  regBase = sqlite3GenerateIndexKey(
+      pParse, pIdx, pLevel->iTabCur, regRecord, 0, 0, 0, 0
+  );
+  sqlite3VdbeAddOp2(v, OP_IdxInsert, pLevel->iIdxCur, regRecord);
+  sqlite3VdbeChangeP5(v, OPFLAG_USESEEKRESULT);
+  if( pPartial ) sqlite3VdbeResolveLabel(v, iContinue);
+  if( pTabItem->fg.viaCoroutine ){
+    sqlite3VdbeChangeP2(v, addrCounter, regBase+n);
+    translateColumnToCopy(v, addrTop, pLevel->iTabCur, pTabItem->regResult, 1);
+    sqlite3VdbeGoto(v, addrTop);
+    pTabItem->fg.viaCoroutine = 0;
+  }else{
+    sqlite3VdbeAddOp2(v, OP_Next, pLevel->iTabCur, addrTop+1); VdbeCoverage(v);
+  }
+  sqlite3VdbeChangeP5(v, SQLITE_STMTSTATUS_AUTOINDEX);
+  sqlite3VdbeJumpHere(v, addrTop);
+  sqlite3ReleaseTempReg(pParse, regRecord);
+  sqlite3ExprCachePop(pParse);
+  
+  /* Jump here when skipping the initialization */
+  sqlite3VdbeJumpHere(v, addrInit);
+
+end_auto_index_create:
+  sqlite3ExprDelete(pParse->db, pPartial);
+}
+#endif /* SQLITE_OMIT_AUTOMATIC_INDEX */
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/*
+** Allocate and populate an sqlite3_index_info structure. It is the 
+** responsibility of the caller to eventually release the structure
+** by passing the pointer returned by this function to sqlite3_free().
+*/
+static sqlite3_index_info *allocateIndexInfo(
+  Parse *pParse,
+  WhereClause *pWC,
+  Bitmask mUnusable,              /* Ignore terms with these prereqs */
+  struct SrcList_item *pSrc,
+  ExprList *pOrderBy
+){
+  int i, j;
+  int nTerm;
+  struct sqlite3_index_constraint *pIdxCons;
+  struct sqlite3_index_orderby *pIdxOrderBy;
+  struct sqlite3_index_constraint_usage *pUsage;
+  WhereTerm *pTerm;
+  int nOrderBy;
+  sqlite3_index_info *pIdxInfo;
+
+  /* Count the number of possible WHERE clause constraints referring
+  ** to this virtual table */
+  for(i=nTerm=0, pTerm=pWC->a; i<pWC->nTerm; i++, pTerm++){
+    if( pTerm->leftCursor != pSrc->iCursor ) continue;
+    if( pTerm->prereqRight & mUnusable ) continue;
+    assert( IsPowerOfTwo(pTerm->eOperator & ~WO_EQUIV) );
+    testcase( pTerm->eOperator & WO_IN );
+    testcase( pTerm->eOperator & WO_ISNULL );
+    testcase( pTerm->eOperator & WO_IS );
+    testcase( pTerm->eOperator & WO_ALL );
+    if( (pTerm->eOperator & ~(WO_ISNULL|WO_EQUIV|WO_IS))==0 ) continue;
+    if( pTerm->wtFlags & TERM_VNULL ) continue;
+    assert( pTerm->u.leftColumn>=(-1) );
+    nTerm++;
+  }
+
+  /* If the ORDER BY clause contains only columns in the current 
+  ** virtual table then allocate space for the aOrderBy part of
+  ** the sqlite3_index_info structure.
+  */
+  nOrderBy = 0;
+  if( pOrderBy ){
+    int n = pOrderBy->nExpr;
+    for(i=0; i<n; i++){
+      Expr *pExpr = pOrderBy->a[i].pExpr;
+      if( pExpr->op!=TK_COLUMN || pExpr->iTable!=pSrc->iCursor ) break;
+    }
+    if( i==n){
+      nOrderBy = n;
+    }
+  }
+
+  /* Allocate the sqlite3_index_info structure
+  */
+  pIdxInfo = sqlite3DbMallocZero(pParse->db, sizeof(*pIdxInfo)
+                           + (sizeof(*pIdxCons) + sizeof(*pUsage))*nTerm
+                           + sizeof(*pIdxOrderBy)*nOrderBy );
+  if( pIdxInfo==0 ){
+    sqlite3ErrorMsg(pParse, "out of memory");
+    return 0;
+  }
+
+  /* Initialize the structure.  The sqlite3_index_info structure contains
+  ** many fields that are declared "const" to prevent xBestIndex from
+  ** changing them.  We have to do some funky casting in order to
+  ** initialize those fields.
+  */
+  pIdxCons = (struct sqlite3_index_constraint*)&pIdxInfo[1];
+  pIdxOrderBy = (struct sqlite3_index_orderby*)&pIdxCons[nTerm];
+  pUsage = (struct sqlite3_index_constraint_usage*)&pIdxOrderBy[nOrderBy];
+  *(int*)&pIdxInfo->nConstraint = nTerm;
+  *(int*)&pIdxInfo->nOrderBy = nOrderBy;
+  *(struct sqlite3_index_constraint**)&pIdxInfo->aConstraint = pIdxCons;
+  *(struct sqlite3_index_orderby**)&pIdxInfo->aOrderBy = pIdxOrderBy;
+  *(struct sqlite3_index_constraint_usage**)&pIdxInfo->aConstraintUsage =
+                                                                   pUsage;
+
+  for(i=j=0, pTerm=pWC->a; i<pWC->nTerm; i++, pTerm++){
+    u8 op;
+    if( pTerm->leftCursor != pSrc->iCursor ) continue;
+    if( pTerm->prereqRight & mUnusable ) continue;
+    assert( IsPowerOfTwo(pTerm->eOperator & ~WO_EQUIV) );
+    testcase( pTerm->eOperator & WO_IN );
+    testcase( pTerm->eOperator & WO_IS );
+    testcase( pTerm->eOperator & WO_ISNULL );
+    testcase( pTerm->eOperator & WO_ALL );
+    if( (pTerm->eOperator & ~(WO_ISNULL|WO_EQUIV|WO_IS))==0 ) continue;
+    if( pTerm->wtFlags & TERM_VNULL ) continue;
+    assert( pTerm->u.leftColumn>=(-1) );
+    pIdxCons[j].iColumn = pTerm->u.leftColumn;
+    pIdxCons[j].iTermOffset = i;
+    op = (u8)pTerm->eOperator & WO_ALL;
+    if( op==WO_IN ) op = WO_EQ;
+    if( op==WO_MATCH ){
+      op = pTerm->eMatchOp;
+    }
+    pIdxCons[j].op = op;
+    /* The direct assignment in the previous line is possible only because
+    ** the WO_ and SQLITE_INDEX_CONSTRAINT_ codes are identical.  The
+    ** following asserts verify this fact. */
+    assert( WO_EQ==SQLITE_INDEX_CONSTRAINT_EQ );
+    assert( WO_LT==SQLITE_INDEX_CONSTRAINT_LT );
+    assert( WO_LE==SQLITE_INDEX_CONSTRAINT_LE );
+    assert( WO_GT==SQLITE_INDEX_CONSTRAINT_GT );
+    assert( WO_GE==SQLITE_INDEX_CONSTRAINT_GE );
+    assert( WO_MATCH==SQLITE_INDEX_CONSTRAINT_MATCH );
+    assert( pTerm->eOperator & (WO_IN|WO_EQ|WO_LT|WO_LE|WO_GT|WO_GE|WO_MATCH) );
+    j++;
+  }
+  for(i=0; i<nOrderBy; i++){
+    Expr *pExpr = pOrderBy->a[i].pExpr;
+    pIdxOrderBy[i].iColumn = pExpr->iColumn;
+    pIdxOrderBy[i].desc = pOrderBy->a[i].sortOrder;
+  }
+
+  return pIdxInfo;
+}
+
+/*
+** The table object reference passed as the second argument to this function
+** must represent a virtual table. This function invokes the xBestIndex()
+** method of the virtual table with the sqlite3_index_info object that
+** comes in as the 3rd argument to this function.
+**
+** If an error occurs, pParse is populated with an error message and a
+** non-zero value is returned. Otherwise, 0 is returned and the output
+** part of the sqlite3_index_info structure is left populated.
+**
+** Whether or not an error is returned, it is the responsibility of the
+** caller to eventually free p->idxStr if p->needToFreeIdxStr indicates
+** that this is required.
+*/
+static int vtabBestIndex(Parse *pParse, Table *pTab, sqlite3_index_info *p){
+  sqlite3_vtab *pVtab = sqlite3GetVTable(pParse->db, pTab)->pVtab;
+  int i;
+  int rc;
+
+  TRACE_IDX_INPUTS(p);
+  rc = pVtab->pModule->xBestIndex(pVtab, p);
+  TRACE_IDX_OUTPUTS(p);
+
+  if( rc!=SQLITE_OK ){
+    if( rc==SQLITE_NOMEM ){
+      pParse->db->mallocFailed = 1;
+    }else if( !pVtab->zErrMsg ){
+      sqlite3ErrorMsg(pParse, "%s", sqlite3ErrStr(rc));
+    }else{
+      sqlite3ErrorMsg(pParse, "%s", pVtab->zErrMsg);
+    }
+  }
+  sqlite3_free(pVtab->zErrMsg);
+  pVtab->zErrMsg = 0;
+
+  for(i=0; i<p->nConstraint; i++){
+    if( !p->aConstraint[i].usable && p->aConstraintUsage[i].argvIndex>0 ){
+      sqlite3ErrorMsg(pParse, 
+          "table %s: xBestIndex returned an invalid plan", pTab->zName);
+    }
+  }
+
+  return pParse->nErr;
+}
+#endif /* !defined(SQLITE_OMIT_VIRTUALTABLE) */
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/*
+** Estimate the location of a particular key among all keys in an
+** index.  Store the results in aStat as follows:
+**
+**    aStat[0]      Est. number of rows less than pRec
+**    aStat[1]      Est. number of rows equal to pRec
+**
+** Return the index of the sample that is the smallest sample that
+** is greater than or equal to pRec. Note that this index is not an index
+** into the aSample[] array - it is an index into a virtual set of samples
+** based on the contents of aSample[] and the number of fields in record 
+** pRec. 
+*/
+static int whereKeyStats(
+  Parse *pParse,              /* Database connection */
+  Index *pIdx,                /* Index to consider domain of */
+  UnpackedRecord *pRec,       /* Vector of values to consider */
+  int roundUp,                /* Round up if true.  Round down if false */
+  tRowcnt *aStat              /* OUT: stats written here */
+){
+  IndexSample *aSample = pIdx->aSample;
+  int iCol;                   /* Index of required stats in anEq[] etc. */
+  int i;                      /* Index of first sample >= pRec */
+  int iSample;                /* Smallest sample larger than or equal to pRec */
+  int iMin = 0;               /* Smallest sample not yet tested */
+  int iTest;                  /* Next sample to test */
+  int res;                    /* Result of comparison operation */
+  int nField;                 /* Number of fields in pRec */
+  tRowcnt iLower = 0;         /* anLt[] + anEq[] of largest sample pRec is > */
+
+#ifndef SQLITE_DEBUG
+  UNUSED_PARAMETER( pParse );
+#endif
+  assert( pRec!=0 );
+  assert( pIdx->nSample>0 );
+  assert( pRec->nField>0 && pRec->nField<=pIdx->nSampleCol );
+
+  /* Do a binary search to find the first sample greater than or equal
+  ** to pRec. If pRec contains a single field, the set of samples to search
+  ** is simply the aSample[] array. If the samples in aSample[] contain more
+  ** than one fields, all fields following the first are ignored.
+  **
+  ** If pRec contains N fields, where N is more than one, then as well as the
+  ** samples in aSample[] (truncated to N fields), the search also has to
+  ** consider prefixes of those samples. For example, if the set of samples
+  ** in aSample is:
+  **
+  **     aSample[0] = (a, 5) 
+  **     aSample[1] = (a, 10) 
+  **     aSample[2] = (b, 5) 
+  **     aSample[3] = (c, 100) 
+  **     aSample[4] = (c, 105)
+  **
+  ** Then the search space should ideally be the samples above and the 
+  ** unique prefixes [a], [b] and [c]. But since that is hard to organize, 
+  ** the code actually searches this set:
+  **
+  **     0: (a) 
+  **     1: (a, 5) 
+  **     2: (a, 10) 
+  **     3: (a, 10) 
+  **     4: (b) 
+  **     5: (b, 5) 
+  **     6: (c) 
+  **     7: (c, 100) 
+  **     8: (c, 105)
+  **     9: (c, 105)
+  **
+  ** For each sample in the aSample[] array, N samples are present in the
+  ** effective sample array. In the above, samples 0 and 1 are based on 
+  ** sample aSample[0]. Samples 2 and 3 on aSample[1] etc.
+  **
+  ** Often, sample i of each block of N effective samples has (i+1) fields.
+  ** Except, each sample may be extended to ensure that it is greater than or
+  ** equal to the previous sample in the array. For example, in the above, 
+  ** sample 2 is the first sample of a block of N samples, so at first it 
+  ** appears that it should be 1 field in size. However, that would make it 
+  ** smaller than sample 1, so the binary search would not work. As a result, 
+  ** it is extended to two fields. The duplicates that this creates do not 
+  ** cause any problems.
+  */
+  nField = pRec->nField;
+  iCol = 0;
+  iSample = pIdx->nSample * nField;
+  do{
+    int iSamp;                    /* Index in aSample[] of test sample */
+    int n;                        /* Number of fields in test sample */
+
+    iTest = (iMin+iSample)/2;
+    iSamp = iTest / nField;
+    if( iSamp>0 ){
+      /* The proposed effective sample is a prefix of sample aSample[iSamp].
+      ** Specifically, the shortest prefix of at least (1 + iTest%nField) 
+      ** fields that is greater than the previous effective sample.  */
+      for(n=(iTest % nField) + 1; n<nField; n++){
+        if( aSample[iSamp-1].anLt[n-1]!=aSample[iSamp].anLt[n-1] ) break;
+      }
+    }else{
+      n = iTest + 1;
+    }
+
+    pRec->nField = n;
+    res = sqlite3VdbeRecordCompare(aSample[iSamp].n, aSample[iSamp].p, pRec);
+    if( res<0 ){
+      iLower = aSample[iSamp].anLt[n-1] + aSample[iSamp].anEq[n-1];
+      iMin = iTest+1;
+    }else if( res==0 && n<nField ){
+      iLower = aSample[iSamp].anLt[n-1];
+      iMin = iTest+1;
+      res = -1;
+    }else{
+      iSample = iTest;
+      iCol = n-1;
+    }
+  }while( res && iMin<iSample );
+  i = iSample / nField;
+
+#ifdef SQLITE_DEBUG
+  /* The following assert statements check that the binary search code
+  ** above found the right answer. This block serves no purpose other
+  ** than to invoke the asserts.  */
+  if( pParse->db->mallocFailed==0 ){
+    if( res==0 ){
+      /* If (res==0) is true, then pRec must be equal to sample i. */
+      assert( i<pIdx->nSample );
+      assert( iCol==nField-1 );
+      pRec->nField = nField;
+      assert( 0==sqlite3VdbeRecordCompare(aSample[i].n, aSample[i].p, pRec) 
+           || pParse->db->mallocFailed 
+      );
+    }else{
+      /* Unless i==pIdx->nSample, indicating that pRec is larger than
+      ** all samples in the aSample[] array, pRec must be smaller than the
+      ** (iCol+1) field prefix of sample i.  */
+      assert( i<=pIdx->nSample && i>=0 );
+      pRec->nField = iCol+1;
+      assert( i==pIdx->nSample 
+           || sqlite3VdbeRecordCompare(aSample[i].n, aSample[i].p, pRec)>0
+           || pParse->db->mallocFailed );
+
+      /* if i==0 and iCol==0, then record pRec is smaller than all samples
+      ** in the aSample[] array. Otherwise, if (iCol>0) then pRec must
+      ** be greater than or equal to the (iCol) field prefix of sample i.
+      ** If (i>0), then pRec must also be greater than sample (i-1).  */
+      if( iCol>0 ){
+        pRec->nField = iCol;
+        assert( sqlite3VdbeRecordCompare(aSample[i].n, aSample[i].p, pRec)<=0
+             || pParse->db->mallocFailed );
+      }
+      if( i>0 ){
+        pRec->nField = nField;
+        assert( sqlite3VdbeRecordCompare(aSample[i-1].n, aSample[i-1].p, pRec)<0
+             || pParse->db->mallocFailed );
+      }
+    }
+  }
+#endif /* ifdef SQLITE_DEBUG */
+
+  if( res==0 ){
+    /* Record pRec is equal to sample i */
+    assert( iCol==nField-1 );
+    aStat[0] = aSample[i].anLt[iCol];
+    aStat[1] = aSample[i].anEq[iCol];
+  }else{
+    /* At this point, the (iCol+1) field prefix of aSample[i] is the first 
+    ** sample that is greater than pRec. Or, if i==pIdx->nSample then pRec
+    ** is larger than all samples in the array. */
+    tRowcnt iUpper, iGap;
+    if( i>=pIdx->nSample ){
+      iUpper = sqlite3LogEstToInt(pIdx->aiRowLogEst[0]);
+    }else{
+      iUpper = aSample[i].anLt[iCol];
+    }
+
+    if( iLower>=iUpper ){
+      iGap = 0;
+    }else{
+      iGap = iUpper - iLower;
+    }
+    if( roundUp ){
+      iGap = (iGap*2)/3;
+    }else{
+      iGap = iGap/3;
+    }
+    aStat[0] = iLower + iGap;
+    aStat[1] = pIdx->aAvgEq[iCol];
+  }
+
+  /* Restore the pRec->nField value before returning.  */
+  pRec->nField = nField;
+  return i;
+}
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+/*
+** If it is not NULL, pTerm is a term that provides an upper or lower
+** bound on a range scan. Without considering pTerm, it is estimated 
+** that the scan will visit nNew rows. This function returns the number
+** estimated to be visited after taking pTerm into account.
+**
+** If the user explicitly specified a likelihood() value for this term,
+** then the return value is the likelihood multiplied by the number of
+** input rows. Otherwise, this function assumes that an "IS NOT NULL" term
+** has a likelihood of 0.50, and any other term a likelihood of 0.25.
+*/
+static LogEst whereRangeAdjust(WhereTerm *pTerm, LogEst nNew){
+  LogEst nRet = nNew;
+  if( pTerm ){
+    if( pTerm->truthProb<=0 ){
+      nRet += pTerm->truthProb;
+    }else if( (pTerm->wtFlags & TERM_VNULL)==0 ){
+      nRet -= 20;        assert( 20==sqlite3LogEst(4) );
+    }
+  }
+  return nRet;
+}
+
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/*
+** Return the affinity for a single column of an index.
+*/
+static char sqlite3IndexColumnAffinity(sqlite3 *db, Index *pIdx, int iCol){
+  assert( iCol>=0 && iCol<pIdx->nColumn );
+  if( !pIdx->zColAff ){
+    if( sqlite3IndexAffinityStr(db, pIdx)==0 ) return SQLITE_AFF_BLOB;
+  }
+  return pIdx->zColAff[iCol];
+}
+#endif
+
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/* 
+** This function is called to estimate the number of rows visited by a
+** range-scan on a skip-scan index. For example:
+**
+**   CREATE INDEX i1 ON t1(a, b, c);
+**   SELECT * FROM t1 WHERE a=? AND c BETWEEN ? AND ?;
+**
+** Value pLoop->nOut is currently set to the estimated number of rows 
+** visited for scanning (a=? AND b=?). This function reduces that estimate 
+** by some factor to account for the (c BETWEEN ? AND ?) expression based
+** on the stat4 data for the index. this scan will be peformed multiple 
+** times (once for each (a,b) combination that matches a=?) is dealt with 
+** by the caller.
+**
+** It does this by scanning through all stat4 samples, comparing values
+** extracted from pLower and pUpper with the corresponding column in each
+** sample. If L and U are the number of samples found to be less than or
+** equal to the values extracted from pLower and pUpper respectively, and
+** N is the total number of samples, the pLoop->nOut value is adjusted
+** as follows:
+**
+**   nOut = nOut * ( min(U - L, 1) / N )
+**
+** If pLower is NULL, or a value cannot be extracted from the term, L is
+** set to zero. If pUpper is NULL, or a value cannot be extracted from it,
+** U is set to N.
+**
+** Normally, this function sets *pbDone to 1 before returning. However,
+** if no value can be extracted from either pLower or pUpper (and so the
+** estimate of the number of rows delivered remains unchanged), *pbDone
+** is left as is.
+**
+** If an error occurs, an SQLite error code is returned. Otherwise, 
+** SQLITE_OK.
+*/
+static int whereRangeSkipScanEst(
+  Parse *pParse,       /* Parsing & code generating context */
+  WhereTerm *pLower,   /* Lower bound on the range. ex: "x>123" Might be NULL */
+  WhereTerm *pUpper,   /* Upper bound on the range. ex: "x<455" Might be NULL */
+  WhereLoop *pLoop,    /* Update the .nOut value of this loop */
+  int *pbDone          /* Set to true if at least one expr. value extracted */
+){
+  Index *p = pLoop->u.btree.pIndex;
+  int nEq = pLoop->u.btree.nEq;
+  sqlite3 *db = pParse->db;
+  int nLower = -1;
+  int nUpper = p->nSample+1;
+  int rc = SQLITE_OK;
+  u8 aff = sqlite3IndexColumnAffinity(db, p, nEq);
+  CollSeq *pColl;
+  
+  sqlite3_value *p1 = 0;          /* Value extracted from pLower */
+  sqlite3_value *p2 = 0;          /* Value extracted from pUpper */
+  sqlite3_value *pVal = 0;        /* Value extracted from record */
+
+  pColl = sqlite3LocateCollSeq(pParse, p->azColl[nEq]);
+  if( pLower ){
+    rc = sqlite3Stat4ValueFromExpr(pParse, pLower->pExpr->pRight, aff, &p1);
+    nLower = 0;
+  }
+  if( pUpper && rc==SQLITE_OK ){
+    rc = sqlite3Stat4ValueFromExpr(pParse, pUpper->pExpr->pRight, aff, &p2);
+    nUpper = p2 ? 0 : p->nSample;
+  }
+
+  if( p1 || p2 ){
+    int i;
+    int nDiff;
+    for(i=0; rc==SQLITE_OK && i<p->nSample; i++){
+      rc = sqlite3Stat4Column(db, p->aSample[i].p, p->aSample[i].n, nEq, &pVal);
+      if( rc==SQLITE_OK && p1 ){
+        int res = sqlite3MemCompare(p1, pVal, pColl);
+        if( res>=0 ) nLower++;
+      }
+      if( rc==SQLITE_OK && p2 ){
+        int res = sqlite3MemCompare(p2, pVal, pColl);
+        if( res>=0 ) nUpper++;
+      }
+    }
+    nDiff = (nUpper - nLower);
+    if( nDiff<=0 ) nDiff = 1;
+
+    /* If there is both an upper and lower bound specified, and the 
+    ** comparisons indicate that they are close together, use the fallback
+    ** method (assume that the scan visits 1/64 of the rows) for estimating
+    ** the number of rows visited. Otherwise, estimate the number of rows
+    ** using the method described in the header comment for this function. */
+    if( nDiff!=1 || pUpper==0 || pLower==0 ){
+      int nAdjust = (sqlite3LogEst(p->nSample) - sqlite3LogEst(nDiff));
+      pLoop->nOut -= nAdjust;
+      *pbDone = 1;
+      WHERETRACE(0x10, ("range skip-scan regions: %u..%u  adjust=%d est=%d\n",
+                           nLower, nUpper, nAdjust*-1, pLoop->nOut));
+    }
+
+  }else{
+    assert( *pbDone==0 );
+  }
+
+  sqlite3ValueFree(p1);
+  sqlite3ValueFree(p2);
+  sqlite3ValueFree(pVal);
+
+  return rc;
+}
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+/*
+** This function is used to estimate the number of rows that will be visited
+** by scanning an index for a range of values. The range may have an upper
+** bound, a lower bound, or both. The WHERE clause terms that set the upper
+** and lower bounds are represented by pLower and pUpper respectively. For
+** example, assuming that index p is on t1(a):
+**
+**   ... FROM t1 WHERE a > ? AND a < ? ...
+**                    |_____|   |_____|
+**                       |         |
+**                     pLower    pUpper
+**
+** If either of the upper or lower bound is not present, then NULL is passed in
+** place of the corresponding WhereTerm.
+**
+** The value in (pBuilder->pNew->u.btree.nEq) is the number of the index
+** column subject to the range constraint. Or, equivalently, the number of
+** equality constraints optimized by the proposed index scan. For example,
+** assuming index p is on t1(a, b), and the SQL query is:
+**
+**   ... FROM t1 WHERE a = ? AND b > ? AND b < ? ...
+**
+** then nEq is set to 1 (as the range restricted column, b, is the second 
+** left-most column of the index). Or, if the query is:
+**
+**   ... FROM t1 WHERE a > ? AND a < ? ...
+**
+** then nEq is set to 0.
+**
+** When this function is called, *pnOut is set to the sqlite3LogEst() of the
+** number of rows that the index scan is expected to visit without 
+** considering the range constraints. If nEq is 0, then *pnOut is the number of 
+** rows in the index. Assuming no error occurs, *pnOut is adjusted (reduced)
+** to account for the range constraints pLower and pUpper.
+** 
+** In the absence of sqlite_stat4 ANALYZE data, or if such data cannot be
+** used, a single range inequality reduces the search space by a factor of 4. 
+** and a pair of constraints (x>? AND x<?) reduces the expected number of
+** rows visited by a factor of 64.
+*/
+static int whereRangeScanEst(
+  Parse *pParse,       /* Parsing & code generating context */
+  WhereLoopBuilder *pBuilder,
+  WhereTerm *pLower,   /* Lower bound on the range. ex: "x>123" Might be NULL */
+  WhereTerm *pUpper,   /* Upper bound on the range. ex: "x<455" Might be NULL */
+  WhereLoop *pLoop     /* Modify the .nOut and maybe .rRun fields */
+){
+  int rc = SQLITE_OK;
+  int nOut = pLoop->nOut;
+  LogEst nNew;
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+  Index *p = pLoop->u.btree.pIndex;
+  int nEq = pLoop->u.btree.nEq;
+
+  if( p->nSample>0 && nEq<p->nSampleCol ){
+    if( nEq==pBuilder->nRecValid ){
+      UnpackedRecord *pRec = pBuilder->pRec;
+      tRowcnt a[2];
+      u8 aff;
+
+      /* Variable iLower will be set to the estimate of the number of rows in 
+      ** the index that are less than the lower bound of the range query. The
+      ** lower bound being the concatenation of $P and $L, where $P is the
+      ** key-prefix formed by the nEq values matched against the nEq left-most
+      ** columns of the index, and $L is the value in pLower.
+      **
+      ** Or, if pLower is NULL or $L cannot be extracted from it (because it
+      ** is not a simple variable or literal value), the lower bound of the
+      ** range is $P. Due to a quirk in the way whereKeyStats() works, even
+      ** if $L is available, whereKeyStats() is called for both ($P) and 
+      ** ($P:$L) and the larger of the two returned values is used.
+      **
+      ** Similarly, iUpper is to be set to the estimate of the number of rows
+      ** less than the upper bound of the range query. Where the upper bound
+      ** is either ($P) or ($P:$U). Again, even if $U is available, both values
+      ** of iUpper are requested of whereKeyStats() and the smaller used.
+      **
+      ** The number of rows between the two bounds is then just iUpper-iLower.
+      */
+      tRowcnt iLower;     /* Rows less than the lower bound */
+      tRowcnt iUpper;     /* Rows less than the upper bound */
+      int iLwrIdx = -2;   /* aSample[] for the lower bound */
+      int iUprIdx = -1;   /* aSample[] for the upper bound */
+
+      if( pRec ){
+        testcase( pRec->nField!=pBuilder->nRecValid );
+        pRec->nField = pBuilder->nRecValid;
+      }
+      aff = sqlite3IndexColumnAffinity(pParse->db, p, nEq);
+      assert( nEq!=p->nKeyCol || aff==SQLITE_AFF_INTEGER );
+      /* Determine iLower and iUpper using ($P) only. */
+      if( nEq==0 ){
+        iLower = 0;
+        iUpper = p->nRowEst0;
+      }else{
+        /* Note: this call could be optimized away - since the same values must 
+        ** have been requested when testing key $P in whereEqualScanEst().  */
+        whereKeyStats(pParse, p, pRec, 0, a);
+        iLower = a[0];
+        iUpper = a[0] + a[1];
+      }
+
+      assert( pLower==0 || (pLower->eOperator & (WO_GT|WO_GE))!=0 );
+      assert( pUpper==0 || (pUpper->eOperator & (WO_LT|WO_LE))!=0 );
+      assert( p->aSortOrder!=0 );
+      if( p->aSortOrder[nEq] ){
+        /* The roles of pLower and pUpper are swapped for a DESC index */
+        SWAP(WhereTerm*, pLower, pUpper);
+      }
+
+      /* If possible, improve on the iLower estimate using ($P:$L). */
+      if( pLower ){
+        int bOk;                    /* True if value is extracted from pExpr */
+        Expr *pExpr = pLower->pExpr->pRight;
+        rc = sqlite3Stat4ProbeSetValue(pParse, p, &pRec, pExpr, aff, nEq, &bOk);
+        if( rc==SQLITE_OK && bOk ){
+          tRowcnt iNew;
+          iLwrIdx = whereKeyStats(pParse, p, pRec, 0, a);
+          iNew = a[0] + ((pLower->eOperator & (WO_GT|WO_LE)) ? a[1] : 0);
+          if( iNew>iLower ) iLower = iNew;
+          nOut--;
+          pLower = 0;
+        }
+      }
+
+      /* If possible, improve on the iUpper estimate using ($P:$U). */
+      if( pUpper ){
+        int bOk;                    /* True if value is extracted from pExpr */
+        Expr *pExpr = pUpper->pExpr->pRight;
+        rc = sqlite3Stat4ProbeSetValue(pParse, p, &pRec, pExpr, aff, nEq, &bOk);
+        if( rc==SQLITE_OK && bOk ){
+          tRowcnt iNew;
+          iUprIdx = whereKeyStats(pParse, p, pRec, 1, a);
+          iNew = a[0] + ((pUpper->eOperator & (WO_GT|WO_LE)) ? a[1] : 0);
+          if( iNew<iUpper ) iUpper = iNew;
+          nOut--;
+          pUpper = 0;
+        }
+      }
+
+      pBuilder->pRec = pRec;
+      if( rc==SQLITE_OK ){
+        if( iUpper>iLower ){
+          nNew = sqlite3LogEst(iUpper - iLower);
+          /* TUNING:  If both iUpper and iLower are derived from the same
+          ** sample, then assume they are 4x more selective.  This brings
+          ** the estimated selectivity more in line with what it would be
+          ** if estimated without the use of STAT3/4 tables. */
+          if( iLwrIdx==iUprIdx ) nNew -= 20;  assert( 20==sqlite3LogEst(4) );
+        }else{
+          nNew = 10;        assert( 10==sqlite3LogEst(2) );
+        }
+        if( nNew<nOut ){
+          nOut = nNew;
+        }
+        WHERETRACE(0x10, ("STAT4 range scan: %u..%u  est=%d\n",
+                           (u32)iLower, (u32)iUpper, nOut));
+      }
+    }else{
+      int bDone = 0;
+      rc = whereRangeSkipScanEst(pParse, pLower, pUpper, pLoop, &bDone);
+      if( bDone ) return rc;
+    }
+  }
+#else
+  UNUSED_PARAMETER(pParse);
+  UNUSED_PARAMETER(pBuilder);
+  assert( pLower || pUpper );
+#endif
+  assert( pUpper==0 || (pUpper->wtFlags & TERM_VNULL)==0 );
+  nNew = whereRangeAdjust(pLower, nOut);
+  nNew = whereRangeAdjust(pUpper, nNew);
+
+  /* TUNING: If there is both an upper and lower limit and neither limit
+  ** has an application-defined likelihood(), assume the range is
+  ** reduced by an additional 75%. This means that, by default, an open-ended
+  ** range query (e.g. col > ?) is assumed to match 1/4 of the rows in the
+  ** index. While a closed range (e.g. col BETWEEN ? AND ?) is estimated to
+  ** match 1/64 of the index. */ 
+  if( pLower && pLower->truthProb>0 && pUpper && pUpper->truthProb>0 ){
+    nNew -= 20;
+  }
+
+  nOut -= (pLower!=0) + (pUpper!=0);
+  if( nNew<10 ) nNew = 10;
+  if( nNew<nOut ) nOut = nNew;
+#if defined(WHERETRACE_ENABLED)
+  if( pLoop->nOut>nOut ){
+    WHERETRACE(0x10,("Range scan lowers nOut from %d to %d\n",
+                    pLoop->nOut, nOut));
+  }
+#endif
+  pLoop->nOut = (LogEst)nOut;
+  return rc;
+}
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/*
+** Estimate the number of rows that will be returned based on
+** an equality constraint x=VALUE and where that VALUE occurs in
+** the histogram data.  This only works when x is the left-most
+** column of an index and sqlite_stat3 histogram data is available
+** for that index.  When pExpr==NULL that means the constraint is
+** "x IS NULL" instead of "x=VALUE".
+**
+** Write the estimated row count into *pnRow and return SQLITE_OK. 
+** If unable to make an estimate, leave *pnRow unchanged and return
+** non-zero.
+**
+** This routine can fail if it is unable to load a collating sequence
+** required for string comparison, or if unable to allocate memory
+** for a UTF conversion required for comparison.  The error is stored
+** in the pParse structure.
+*/
+static int whereEqualScanEst(
+  Parse *pParse,       /* Parsing & code generating context */
+  WhereLoopBuilder *pBuilder,
+  Expr *pExpr,         /* Expression for VALUE in the x=VALUE constraint */
+  tRowcnt *pnRow       /* Write the revised row estimate here */
+){
+  Index *p = pBuilder->pNew->u.btree.pIndex;
+  int nEq = pBuilder->pNew->u.btree.nEq;
+  UnpackedRecord *pRec = pBuilder->pRec;
+  u8 aff;                   /* Column affinity */
+  int rc;                   /* Subfunction return code */
+  tRowcnt a[2];             /* Statistics */
+  int bOk;
+
+  assert( nEq>=1 );
+  assert( nEq<=p->nColumn );
+  assert( p->aSample!=0 );
+  assert( p->nSample>0 );
+  assert( pBuilder->nRecValid<nEq );
+
+  /* If values are not available for all fields of the index to the left
+  ** of this one, no estimate can be made. Return SQLITE_NOTFOUND. */
+  if( pBuilder->nRecValid<(nEq-1) ){
+    return SQLITE_NOTFOUND;
+  }
+
+  /* This is an optimization only. The call to sqlite3Stat4ProbeSetValue()
+  ** below would return the same value.  */
+  if( nEq>=p->nColumn ){
+    *pnRow = 1;
+    return SQLITE_OK;
+  }
+
+  aff = sqlite3IndexColumnAffinity(pParse->db, p, nEq-1);
+  rc = sqlite3Stat4ProbeSetValue(pParse, p, &pRec, pExpr, aff, nEq-1, &bOk);
+  pBuilder->pRec = pRec;
+  if( rc!=SQLITE_OK ) return rc;
+  if( bOk==0 ) return SQLITE_NOTFOUND;
+  pBuilder->nRecValid = nEq;
+
+  whereKeyStats(pParse, p, pRec, 0, a);
+  WHERETRACE(0x10,("equality scan regions: %d\n", (int)a[1]));
+  *pnRow = a[1];
+  
+  return rc;
+}
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+/*
+** Estimate the number of rows that will be returned based on
+** an IN constraint where the right-hand side of the IN operator
+** is a list of values.  Example:
+**
+**        WHERE x IN (1,2,3,4)
+**
+** Write the estimated row count into *pnRow and return SQLITE_OK. 
+** If unable to make an estimate, leave *pnRow unchanged and return
+** non-zero.
+**
+** This routine can fail if it is unable to load a collating sequence
+** required for string comparison, or if unable to allocate memory
+** for a UTF conversion required for comparison.  The error is stored
+** in the pParse structure.
+*/
+static int whereInScanEst(
+  Parse *pParse,       /* Parsing & code generating context */
+  WhereLoopBuilder *pBuilder,
+  ExprList *pList,     /* The value list on the RHS of "x IN (v1,v2,v3,...)" */
+  tRowcnt *pnRow       /* Write the revised row estimate here */
+){
+  Index *p = pBuilder->pNew->u.btree.pIndex;
+  i64 nRow0 = sqlite3LogEstToInt(p->aiRowLogEst[0]);
+  int nRecValid = pBuilder->nRecValid;
+  int rc = SQLITE_OK;     /* Subfunction return code */
+  tRowcnt nEst;           /* Number of rows for a single term */
+  tRowcnt nRowEst = 0;    /* New estimate of the number of rows */
+  int i;                  /* Loop counter */
+
+  assert( p->aSample!=0 );
+  for(i=0; rc==SQLITE_OK && i<pList->nExpr; i++){
+    nEst = nRow0;
+    rc = whereEqualScanEst(pParse, pBuilder, pList->a[i].pExpr, &nEst);
+    nRowEst += nEst;
+    pBuilder->nRecValid = nRecValid;
+  }
+
+  if( rc==SQLITE_OK ){
+    if( nRowEst > nRow0 ) nRowEst = nRow0;
+    *pnRow = nRowEst;
+    WHERETRACE(0x10,("IN row estimate: est=%d\n", nRowEst));
+  }
+  assert( pBuilder->nRecValid==nRecValid );
+  return rc;
+}
+#endif /* SQLITE_ENABLE_STAT3_OR_STAT4 */
+
+
+#ifdef WHERETRACE_ENABLED
+/*
+** Print the content of a WhereTerm object
+*/
+static void whereTermPrint(WhereTerm *pTerm, int iTerm){
+  if( pTerm==0 ){
+    sqlite3DebugPrintf("TERM-%-3d NULL\n", iTerm);
+  }else{
+    char zType[4];
+    memcpy(zType, "...", 4);
+    if( pTerm->wtFlags & TERM_VIRTUAL ) zType[0] = 'V';
+    if( pTerm->eOperator & WO_EQUIV  ) zType[1] = 'E';
+    if( ExprHasProperty(pTerm->pExpr, EP_FromJoin) ) zType[2] = 'L';
+    sqlite3DebugPrintf(
+       "TERM-%-3d %p %s cursor=%-3d prob=%-3d op=0x%03x wtFlags=0x%04x\n",
+       iTerm, pTerm, zType, pTerm->leftCursor, pTerm->truthProb,
+       pTerm->eOperator, pTerm->wtFlags);
+    sqlite3TreeViewExpr(0, pTerm->pExpr, 0);
+  }
+}
+#endif
+
+#ifdef WHERETRACE_ENABLED
+/*
+** Print a WhereLoop object for debugging purposes
+*/
+static void whereLoopPrint(WhereLoop *p, WhereClause *pWC){
+  WhereInfo *pWInfo = pWC->pWInfo;
+  int nb = 1+(pWInfo->pTabList->nSrc+7)/8;
+  struct SrcList_item *pItem = pWInfo->pTabList->a + p->iTab;
+  Table *pTab = pItem->pTab;
+  sqlite3DebugPrintf("%c%2d.%0*llx.%0*llx", p->cId,
+                     p->iTab, nb, p->maskSelf, nb, p->prereq);
+  sqlite3DebugPrintf(" %12s",
+                     pItem->zAlias ? pItem->zAlias : pTab->zName);
+  if( (p->wsFlags & WHERE_VIRTUALTABLE)==0 ){
+    const char *zName;
+    if( p->u.btree.pIndex && (zName = p->u.btree.pIndex->zName)!=0 ){
+      if( strncmp(zName, "sqlite_autoindex_", 17)==0 ){
+        int i = sqlite3Strlen30(zName) - 1;
+        while( zName[i]!='_' ) i--;
+        zName += i;
+      }
+      sqlite3DebugPrintf(".%-16s %2d", zName, p->u.btree.nEq);
+    }else{
+      sqlite3DebugPrintf("%20s","");
+    }
+  }else{
+    char *z;
+    if( p->u.vtab.idxStr ){
+      z = sqlite3_mprintf("(%d,\"%s\",%x)",
+                p->u.vtab.idxNum, p->u.vtab.idxStr, p->u.vtab.omitMask);
+    }else{
+      z = sqlite3_mprintf("(%d,%x)", p->u.vtab.idxNum, p->u.vtab.omitMask);
+    }
+    sqlite3DebugPrintf(" %-19s", z);
+    sqlite3_free(z);
+  }
+  if( p->wsFlags & WHERE_SKIPSCAN ){
+    sqlite3DebugPrintf(" f %05x %d-%d", p->wsFlags, p->nLTerm,p->nSkip);
+  }else{
+    sqlite3DebugPrintf(" f %05x N %d", p->wsFlags, p->nLTerm);
+  }
+  sqlite3DebugPrintf(" cost %d,%d,%d\n", p->rSetup, p->rRun, p->nOut);
+  if( p->nLTerm && (sqlite3WhereTrace & 0x100)!=0 ){
+    int i;
+    for(i=0; i<p->nLTerm; i++){
+      whereTermPrint(p->aLTerm[i], i);
+    }
+  }
+}
+#endif
+
+/*
+** Convert bulk memory into a valid WhereLoop that can be passed
+** to whereLoopClear harmlessly.
+*/
+static void whereLoopInit(WhereLoop *p){
+  p->aLTerm = p->aLTermSpace;
+  p->nLTerm = 0;
+  p->nLSlot = ArraySize(p->aLTermSpace);
+  p->wsFlags = 0;
+}
+
+/*
+** Clear the WhereLoop.u union.  Leave WhereLoop.pLTerm intact.
+*/
+static void whereLoopClearUnion(sqlite3 *db, WhereLoop *p){
+  if( p->wsFlags & (WHERE_VIRTUALTABLE|WHERE_AUTO_INDEX) ){
+    if( (p->wsFlags & WHERE_VIRTUALTABLE)!=0 && p->u.vtab.needFree ){
+      sqlite3_free(p->u.vtab.idxStr);
+      p->u.vtab.needFree = 0;
+      p->u.vtab.idxStr = 0;
+    }else if( (p->wsFlags & WHERE_AUTO_INDEX)!=0 && p->u.btree.pIndex!=0 ){
+      sqlite3DbFree(db, p->u.btree.pIndex->zColAff);
+      sqlite3DbFree(db, p->u.btree.pIndex);
+      p->u.btree.pIndex = 0;
+    }
+  }
+}
+
+/*
+** Deallocate internal memory used by a WhereLoop object
+*/
+static void whereLoopClear(sqlite3 *db, WhereLoop *p){
+  if( p->aLTerm!=p->aLTermSpace ) sqlite3DbFree(db, p->aLTerm);
+  whereLoopClearUnion(db, p);
+  whereLoopInit(p);
+}
+
+/*
+** Increase the memory allocation for pLoop->aLTerm[] to be at least n.
+*/
+static int whereLoopResize(sqlite3 *db, WhereLoop *p, int n){
+  WhereTerm **paNew;
+  if( p->nLSlot>=n ) return SQLITE_OK;
+  n = (n+7)&~7;
+  paNew = sqlite3DbMallocRaw(db, sizeof(p->aLTerm[0])*n);
+  if( paNew==0 ) return SQLITE_NOMEM;
+  memcpy(paNew, p->aLTerm, sizeof(p->aLTerm[0])*p->nLSlot);
+  if( p->aLTerm!=p->aLTermSpace ) sqlite3DbFree(db, p->aLTerm);
+  p->aLTerm = paNew;
+  p->nLSlot = n;
+  return SQLITE_OK;
+}
+
+/*
+** Transfer content from the second pLoop into the first.
+*/
+static int whereLoopXfer(sqlite3 *db, WhereLoop *pTo, WhereLoop *pFrom){
+  whereLoopClearUnion(db, pTo);
+  if( whereLoopResize(db, pTo, pFrom->nLTerm) ){
+    memset(&pTo->u, 0, sizeof(pTo->u));
+    return SQLITE_NOMEM;
+  }
+  memcpy(pTo, pFrom, WHERE_LOOP_XFER_SZ);
+  memcpy(pTo->aLTerm, pFrom->aLTerm, pTo->nLTerm*sizeof(pTo->aLTerm[0]));
+  if( pFrom->wsFlags & WHERE_VIRTUALTABLE ){
+    pFrom->u.vtab.needFree = 0;
+  }else if( (pFrom->wsFlags & WHERE_AUTO_INDEX)!=0 ){
+    pFrom->u.btree.pIndex = 0;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Delete a WhereLoop object
+*/
+static void whereLoopDelete(sqlite3 *db, WhereLoop *p){
+  whereLoopClear(db, p);
+  sqlite3DbFree(db, p);
+}
+
+/*
+** Free a WhereInfo structure
+*/
+static void whereInfoFree(sqlite3 *db, WhereInfo *pWInfo){
+  if( ALWAYS(pWInfo) ){
+    int i;
+    for(i=0; i<pWInfo->nLevel; i++){
+      WhereLevel *pLevel = &pWInfo->a[i];
+      if( pLevel->pWLoop && (pLevel->pWLoop->wsFlags & WHERE_IN_ABLE) ){
+        sqlite3DbFree(db, pLevel->u.in.aInLoop);
+      }
+    }
+    sqlite3WhereClauseClear(&pWInfo->sWC);
+    while( pWInfo->pLoops ){
+      WhereLoop *p = pWInfo->pLoops;
+      pWInfo->pLoops = p->pNextLoop;
+      whereLoopDelete(db, p);
+    }
+    sqlite3DbFree(db, pWInfo);
+  }
+}
+
+/*
+** Return TRUE if all of the following are true:
+**
+**   (1)  X has the same or lower cost that Y
+**   (2)  X is a proper subset of Y
+**   (3)  X skips at least as many columns as Y
+**
+** By "proper subset" we mean that X uses fewer WHERE clause terms
+** than Y and that every WHERE clause term used by X is also used
+** by Y.
+**
+** If X is a proper subset of Y then Y is a better choice and ought
+** to have a lower cost.  This routine returns TRUE when that cost 
+** relationship is inverted and needs to be adjusted.  The third rule
+** was added because if X uses skip-scan less than Y it still might
+** deserve a lower cost even if it is a proper subset of Y.
+*/
+static int whereLoopCheaperProperSubset(
+  const WhereLoop *pX,       /* First WhereLoop to compare */
+  const WhereLoop *pY        /* Compare against this WhereLoop */
+){
+  int i, j;
+  if( pX->nLTerm-pX->nSkip >= pY->nLTerm-pY->nSkip ){
+    return 0; /* X is not a subset of Y */
+  }
+  if( pY->nSkip > pX->nSkip ) return 0;
+  if( pX->rRun >= pY->rRun ){
+    if( pX->rRun > pY->rRun ) return 0;    /* X costs more than Y */
+    if( pX->nOut > pY->nOut ) return 0;    /* X costs more than Y */
+  }
+  for(i=pX->nLTerm-1; i>=0; i--){
+    if( pX->aLTerm[i]==0 ) continue;
+    for(j=pY->nLTerm-1; j>=0; j--){
+      if( pY->aLTerm[j]==pX->aLTerm[i] ) break;
+    }
+    if( j<0 ) return 0;  /* X not a subset of Y since term X[i] not used by Y */
+  }
+  return 1;  /* All conditions meet */
+}
+
+/*
+** Try to adjust the cost of WhereLoop pTemplate upwards or downwards so
+** that:
+**
+**   (1) pTemplate costs less than any other WhereLoops that are a proper
+**       subset of pTemplate
+**
+**   (2) pTemplate costs more than any other WhereLoops for which pTemplate
+**       is a proper subset.
+**
+** To say "WhereLoop X is a proper subset of Y" means that X uses fewer
+** WHERE clause terms than Y and that every WHERE clause term used by X is
+** also used by Y.
+*/
+static void whereLoopAdjustCost(const WhereLoop *p, WhereLoop *pTemplate){
+  if( (pTemplate->wsFlags & WHERE_INDEXED)==0 ) return;
+  for(; p; p=p->pNextLoop){
+    if( p->iTab!=pTemplate->iTab ) continue;
+    if( (p->wsFlags & WHERE_INDEXED)==0 ) continue;
+    if( whereLoopCheaperProperSubset(p, pTemplate) ){
+      /* Adjust pTemplate cost downward so that it is cheaper than its 
+      ** subset p. */
+      WHERETRACE(0x80,("subset cost adjustment %d,%d to %d,%d\n",
+                       pTemplate->rRun, pTemplate->nOut, p->rRun, p->nOut-1));
+      pTemplate->rRun = p->rRun;
+      pTemplate->nOut = p->nOut - 1;
+    }else if( whereLoopCheaperProperSubset(pTemplate, p) ){
+      /* Adjust pTemplate cost upward so that it is costlier than p since
+      ** pTemplate is a proper subset of p */
+      WHERETRACE(0x80,("subset cost adjustment %d,%d to %d,%d\n",
+                       pTemplate->rRun, pTemplate->nOut, p->rRun, p->nOut+1));
+      pTemplate->rRun = p->rRun;
+      pTemplate->nOut = p->nOut + 1;
+    }
+  }
+}
+
+/*
+** Search the list of WhereLoops in *ppPrev looking for one that can be
+** supplanted by pTemplate.
+**
+** Return NULL if the WhereLoop list contains an entry that can supplant
+** pTemplate, in other words if pTemplate does not belong on the list.
+**
+** If pX is a WhereLoop that pTemplate can supplant, then return the
+** link that points to pX.
+**
+** If pTemplate cannot supplant any existing element of the list but needs
+** to be added to the list, then return a pointer to the tail of the list.
+*/
+static WhereLoop **whereLoopFindLesser(
+  WhereLoop **ppPrev,
+  const WhereLoop *pTemplate
+){
+  WhereLoop *p;
+  for(p=(*ppPrev); p; ppPrev=&p->pNextLoop, p=*ppPrev){
+    if( p->iTab!=pTemplate->iTab || p->iSortIdx!=pTemplate->iSortIdx ){
+      /* If either the iTab or iSortIdx values for two WhereLoop are different
+      ** then those WhereLoops need to be considered separately.  Neither is
+      ** a candidate to replace the other. */
+      continue;
+    }
+    /* In the current implementation, the rSetup value is either zero
+    ** or the cost of building an automatic index (NlogN) and the NlogN
+    ** is the same for compatible WhereLoops. */
+    assert( p->rSetup==0 || pTemplate->rSetup==0 
+                 || p->rSetup==pTemplate->rSetup );
+
+    /* whereLoopAddBtree() always generates and inserts the automatic index
+    ** case first.  Hence compatible candidate WhereLoops never have a larger
+    ** rSetup. Call this SETUP-INVARIANT */
+    assert( p->rSetup>=pTemplate->rSetup );
+
+    /* Any loop using an appliation-defined index (or PRIMARY KEY or
+    ** UNIQUE constraint) with one or more == constraints is better
+    ** than an automatic index. Unless it is a skip-scan. */
+    if( (p->wsFlags & WHERE_AUTO_INDEX)!=0
+     && (pTemplate->nSkip)==0
+     && (pTemplate->wsFlags & WHERE_INDEXED)!=0
+     && (pTemplate->wsFlags & WHERE_COLUMN_EQ)!=0
+     && (p->prereq & pTemplate->prereq)==pTemplate->prereq
+    ){
+      break;
+    }
+
+    /* If existing WhereLoop p is better than pTemplate, pTemplate can be
+    ** discarded.  WhereLoop p is better if:
+    **   (1)  p has no more dependencies than pTemplate, and
+    **   (2)  p has an equal or lower cost than pTemplate
+    */
+    if( (p->prereq & pTemplate->prereq)==p->prereq    /* (1)  */
+     && p->rSetup<=pTemplate->rSetup                  /* (2a) */
+     && p->rRun<=pTemplate->rRun                      /* (2b) */
+     && p->nOut<=pTemplate->nOut                      /* (2c) */
+    ){
+      return 0;  /* Discard pTemplate */
+    }
+
+    /* If pTemplate is always better than p, then cause p to be overwritten
+    ** with pTemplate.  pTemplate is better than p if:
+    **   (1)  pTemplate has no more dependences than p, and
+    **   (2)  pTemplate has an equal or lower cost than p.
+    */
+    if( (p->prereq & pTemplate->prereq)==pTemplate->prereq   /* (1)  */
+     && p->rRun>=pTemplate->rRun                             /* (2a) */
+     && p->nOut>=pTemplate->nOut                             /* (2b) */
+    ){
+      assert( p->rSetup>=pTemplate->rSetup ); /* SETUP-INVARIANT above */
+      break;   /* Cause p to be overwritten by pTemplate */
+    }
+  }
+  return ppPrev;
+}
+
+/*
+** Insert or replace a WhereLoop entry using the template supplied.
+**
+** An existing WhereLoop entry might be overwritten if the new template
+** is better and has fewer dependencies.  Or the template will be ignored
+** and no insert will occur if an existing WhereLoop is faster and has
+** fewer dependencies than the template.  Otherwise a new WhereLoop is
+** added based on the template.
+**
+** If pBuilder->pOrSet is not NULL then we care about only the
+** prerequisites and rRun and nOut costs of the N best loops.  That
+** information is gathered in the pBuilder->pOrSet object.  This special
+** processing mode is used only for OR clause processing.
+**
+** When accumulating multiple loops (when pBuilder->pOrSet is NULL) we
+** still might overwrite similar loops with the new template if the
+** new template is better.  Loops may be overwritten if the following 
+** conditions are met:
+**
+**    (1)  They have the same iTab.
+**    (2)  They have the same iSortIdx.
+**    (3)  The template has same or fewer dependencies than the current loop
+**    (4)  The template has the same or lower cost than the current loop
+*/
+static int whereLoopInsert(WhereLoopBuilder *pBuilder, WhereLoop *pTemplate){
+  WhereLoop **ppPrev, *p;
+  WhereInfo *pWInfo = pBuilder->pWInfo;
+  sqlite3 *db = pWInfo->pParse->db;
+
+  /* If pBuilder->pOrSet is defined, then only keep track of the costs
+  ** and prereqs.
+  */
+  if( pBuilder->pOrSet!=0 ){
+    if( pTemplate->nLTerm ){
+#if WHERETRACE_ENABLED
+      u16 n = pBuilder->pOrSet->n;
+      int x =
+#endif
+      whereOrInsert(pBuilder->pOrSet, pTemplate->prereq, pTemplate->rRun,
+                                    pTemplate->nOut);
+#if WHERETRACE_ENABLED /* 0x8 */
+      if( sqlite3WhereTrace & 0x8 ){
+        sqlite3DebugPrintf(x?"   or-%d:  ":"   or-X:  ", n);
+        whereLoopPrint(pTemplate, pBuilder->pWC);
+      }
+#endif
+    }
+    return SQLITE_OK;
+  }
+
+  /* Look for an existing WhereLoop to replace with pTemplate
+  */
+  whereLoopAdjustCost(pWInfo->pLoops, pTemplate);
+  ppPrev = whereLoopFindLesser(&pWInfo->pLoops, pTemplate);
+
+  if( ppPrev==0 ){
+    /* There already exists a WhereLoop on the list that is better
+    ** than pTemplate, so just ignore pTemplate */
+#if WHERETRACE_ENABLED /* 0x8 */
+    if( sqlite3WhereTrace & 0x8 ){
+      sqlite3DebugPrintf("   skip: ");
+      whereLoopPrint(pTemplate, pBuilder->pWC);
+    }
+#endif
+    return SQLITE_OK;  
+  }else{
+    p = *ppPrev;
+  }
+
+  /* If we reach this point it means that either p[] should be overwritten
+  ** with pTemplate[] if p[] exists, or if p==NULL then allocate a new
+  ** WhereLoop and insert it.
+  */
+#if WHERETRACE_ENABLED /* 0x8 */
+  if( sqlite3WhereTrace & 0x8 ){
+    if( p!=0 ){
+      sqlite3DebugPrintf("replace: ");
+      whereLoopPrint(p, pBuilder->pWC);
+    }
+    sqlite3DebugPrintf("    add: ");
+    whereLoopPrint(pTemplate, pBuilder->pWC);
+  }
+#endif
+  if( p==0 ){
+    /* Allocate a new WhereLoop to add to the end of the list */
+    *ppPrev = p = sqlite3DbMallocRaw(db, sizeof(WhereLoop));
+    if( p==0 ) return SQLITE_NOMEM;
+    whereLoopInit(p);
+    p->pNextLoop = 0;
+  }else{
+    /* We will be overwriting WhereLoop p[].  But before we do, first
+    ** go through the rest of the list and delete any other entries besides
+    ** p[] that are also supplated by pTemplate */
+    WhereLoop **ppTail = &p->pNextLoop;
+    WhereLoop *pToDel;
+    while( *ppTail ){
+      ppTail = whereLoopFindLesser(ppTail, pTemplate);
+      if( ppTail==0 ) break;
+      pToDel = *ppTail;
+      if( pToDel==0 ) break;
+      *ppTail = pToDel->pNextLoop;
+#if WHERETRACE_ENABLED /* 0x8 */
+      if( sqlite3WhereTrace & 0x8 ){
+        sqlite3DebugPrintf(" delete: ");
+        whereLoopPrint(pToDel, pBuilder->pWC);
+      }
+#endif
+      whereLoopDelete(db, pToDel);
+    }
+  }
+  whereLoopXfer(db, p, pTemplate);
+  if( (p->wsFlags & WHERE_VIRTUALTABLE)==0 ){
+    Index *pIndex = p->u.btree.pIndex;
+    if( pIndex && pIndex->tnum==0 ){
+      p->u.btree.pIndex = 0;
+    }
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Adjust the WhereLoop.nOut value downward to account for terms of the
+** WHERE clause that reference the loop but which are not used by an
+** index.
+*
+** For every WHERE clause term that is not used by the index
+** and which has a truth probability assigned by one of the likelihood(),
+** likely(), or unlikely() SQL functions, reduce the estimated number
+** of output rows by the probability specified.
+**
+** TUNING:  For every WHERE clause term that is not used by the index
+** and which does not have an assigned truth probability, heuristics
+** described below are used to try to estimate the truth probability.
+** TODO --> Perhaps this is something that could be improved by better
+** table statistics.
+**
+** Heuristic 1:  Estimate the truth probability as 93.75%.  The 93.75%
+** value corresponds to -1 in LogEst notation, so this means decrement
+** the WhereLoop.nOut field for every such WHERE clause term.
+**
+** Heuristic 2:  If there exists one or more WHERE clause terms of the
+** form "x==EXPR" and EXPR is not a constant 0 or 1, then make sure the
+** final output row estimate is no greater than 1/4 of the total number
+** of rows in the table.  In other words, assume that x==EXPR will filter
+** out at least 3 out of 4 rows.  If EXPR is -1 or 0 or 1, then maybe the
+** "x" column is boolean or else -1 or 0 or 1 is a common default value
+** on the "x" column and so in that case only cap the output row estimate
+** at 1/2 instead of 1/4.
+*/
+static void whereLoopOutputAdjust(
+  WhereClause *pWC,      /* The WHERE clause */
+  WhereLoop *pLoop,      /* The loop to adjust downward */
+  LogEst nRow            /* Number of rows in the entire table */
+){
+  WhereTerm *pTerm, *pX;
+  Bitmask notAllowed = ~(pLoop->prereq|pLoop->maskSelf);
+  int i, j, k;
+  LogEst iReduce = 0;    /* pLoop->nOut should not exceed nRow-iReduce */
+
+  assert( (pLoop->wsFlags & WHERE_AUTO_INDEX)==0 );
+  for(i=pWC->nTerm, pTerm=pWC->a; i>0; i--, pTerm++){
+    if( (pTerm->wtFlags & TERM_VIRTUAL)!=0 ) break;
+    if( (pTerm->prereqAll & pLoop->maskSelf)==0 ) continue;
+    if( (pTerm->prereqAll & notAllowed)!=0 ) continue;
+    for(j=pLoop->nLTerm-1; j>=0; j--){
+      pX = pLoop->aLTerm[j];
+      if( pX==0 ) continue;
+      if( pX==pTerm ) break;
+      if( pX->iParent>=0 && (&pWC->a[pX->iParent])==pTerm ) break;
+    }
+    if( j<0 ){
+      if( pTerm->truthProb<=0 ){
+        /* If a truth probability is specified using the likelihood() hints,
+        ** then use the probability provided by the application. */
+        pLoop->nOut += pTerm->truthProb;
+      }else{
+        /* In the absence of explicit truth probabilities, use heuristics to
+        ** guess a reasonable truth probability. */
+        pLoop->nOut--;
+        if( pTerm->eOperator&(WO_EQ|WO_IS) ){
+          Expr *pRight = pTerm->pExpr->pRight;
+          testcase( pTerm->pExpr->op==TK_IS );
+          if( sqlite3ExprIsInteger(pRight, &k) && k>=(-1) && k<=1 ){
+            k = 10;
+          }else{
+            k = 20;
+          }
+          if( iReduce<k ) iReduce = k;
+        }
+      }
+    }
+  }
+  if( pLoop->nOut > nRow-iReduce )  pLoop->nOut = nRow - iReduce;
+}
+
+/*
+** Adjust the cost C by the costMult facter T.  This only occurs if
+** compiled with -DSQLITE_ENABLE_COSTMULT
+*/
+#ifdef SQLITE_ENABLE_COSTMULT
+# define ApplyCostMultiplier(C,T)  C += T
+#else
+# define ApplyCostMultiplier(C,T)
+#endif
+
+/*
+** We have so far matched pBuilder->pNew->u.btree.nEq terms of the 
+** index pIndex. Try to match one more.
+**
+** When this function is called, pBuilder->pNew->nOut contains the 
+** number of rows expected to be visited by filtering using the nEq 
+** terms only. If it is modified, this value is restored before this 
+** function returns.
+**
+** If pProbe->tnum==0, that means pIndex is a fake index used for the
+** INTEGER PRIMARY KEY.
+*/
+static int whereLoopAddBtreeIndex(
+  WhereLoopBuilder *pBuilder,     /* The WhereLoop factory */
+  struct SrcList_item *pSrc,      /* FROM clause term being analyzed */
+  Index *pProbe,                  /* An index on pSrc */
+  LogEst nInMul                   /* log(Number of iterations due to IN) */
+){
+  WhereInfo *pWInfo = pBuilder->pWInfo;  /* WHERE analyse context */
+  Parse *pParse = pWInfo->pParse;        /* Parsing context */
+  sqlite3 *db = pParse->db;       /* Database connection malloc context */
+  WhereLoop *pNew;                /* Template WhereLoop under construction */
+  WhereTerm *pTerm;               /* A WhereTerm under consideration */
+  int opMask;                     /* Valid operators for constraints */
+  WhereScan scan;                 /* Iterator for WHERE terms */
+  Bitmask saved_prereq;           /* Original value of pNew->prereq */
+  u16 saved_nLTerm;               /* Original value of pNew->nLTerm */
+  u16 saved_nEq;                  /* Original value of pNew->u.btree.nEq */
+  u16 saved_nSkip;                /* Original value of pNew->nSkip */
+  u32 saved_wsFlags;              /* Original value of pNew->wsFlags */
+  LogEst saved_nOut;              /* Original value of pNew->nOut */
+  int rc = SQLITE_OK;             /* Return code */
+  LogEst rSize;                   /* Number of rows in the table */
+  LogEst rLogSize;                /* Logarithm of table size */
+  WhereTerm *pTop = 0, *pBtm = 0; /* Top and bottom range constraints */
+
+  pNew = pBuilder->pNew;
+  if( db->mallocFailed ) return SQLITE_NOMEM;
+
+  assert( (pNew->wsFlags & WHERE_VIRTUALTABLE)==0 );
+  assert( (pNew->wsFlags & WHERE_TOP_LIMIT)==0 );
+  if( pNew->wsFlags & WHERE_BTM_LIMIT ){
+    opMask = WO_LT|WO_LE;
+  }else if( /*pProbe->tnum<=0 ||*/ (pSrc->fg.jointype & JT_LEFT)!=0 ){
+    opMask = WO_EQ|WO_IN|WO_GT|WO_GE|WO_LT|WO_LE;
+  }else{
+    opMask = WO_EQ|WO_IN|WO_GT|WO_GE|WO_LT|WO_LE|WO_ISNULL|WO_IS;
+  }
+  if( pProbe->bUnordered ) opMask &= ~(WO_GT|WO_GE|WO_LT|WO_LE);
+
+  assert( pNew->u.btree.nEq<pProbe->nColumn );
+
+  saved_nEq = pNew->u.btree.nEq;
+  saved_nSkip = pNew->nSkip;
+  saved_nLTerm = pNew->nLTerm;
+  saved_wsFlags = pNew->wsFlags;
+  saved_prereq = pNew->prereq;
+  saved_nOut = pNew->nOut;
+  pTerm = whereScanInit(&scan, pBuilder->pWC, pSrc->iCursor, saved_nEq,
+                        opMask, pProbe);
+  pNew->rSetup = 0;
+  rSize = pProbe->aiRowLogEst[0];
+  rLogSize = estLog(rSize);
+  for(; rc==SQLITE_OK && pTerm!=0; pTerm = whereScanNext(&scan)){
+    u16 eOp = pTerm->eOperator;   /* Shorthand for pTerm->eOperator */
+    LogEst rCostIdx;
+    LogEst nOutUnadjusted;        /* nOut before IN() and WHERE adjustments */
+    int nIn = 0;
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    int nRecValid = pBuilder->nRecValid;
+#endif
+    if( (eOp==WO_ISNULL || (pTerm->wtFlags&TERM_VNULL)!=0)
+     && indexColumnNotNull(pProbe, saved_nEq)
+    ){
+      continue; /* ignore IS [NOT] NULL constraints on NOT NULL columns */
+    }
+    if( pTerm->prereqRight & pNew->maskSelf ) continue;
+
+    /* Do not allow the upper bound of a LIKE optimization range constraint
+    ** to mix with a lower range bound from some other source */
+    if( pTerm->wtFlags & TERM_LIKEOPT && pTerm->eOperator==WO_LT ) continue;
+
+    pNew->wsFlags = saved_wsFlags;
+    pNew->u.btree.nEq = saved_nEq;
+    pNew->nLTerm = saved_nLTerm;
+    if( whereLoopResize(db, pNew, pNew->nLTerm+1) ) break; /* OOM */
+    pNew->aLTerm[pNew->nLTerm++] = pTerm;
+    pNew->prereq = (saved_prereq | pTerm->prereqRight) & ~pNew->maskSelf;
+
+    assert( nInMul==0
+        || (pNew->wsFlags & WHERE_COLUMN_NULL)!=0 
+        || (pNew->wsFlags & WHERE_COLUMN_IN)!=0 
+        || (pNew->wsFlags & WHERE_SKIPSCAN)!=0 
+    );
+
+    if( eOp & WO_IN ){
+      Expr *pExpr = pTerm->pExpr;
+      pNew->wsFlags |= WHERE_COLUMN_IN;
+      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
+        /* "x IN (SELECT ...)":  TUNING: the SELECT returns 25 rows */
+        nIn = 46;  assert( 46==sqlite3LogEst(25) );
+      }else if( ALWAYS(pExpr->x.pList && pExpr->x.pList->nExpr) ){
+        /* "x IN (value, value, ...)" */
+        nIn = sqlite3LogEst(pExpr->x.pList->nExpr);
+      }
+      assert( nIn>0 );  /* RHS always has 2 or more terms...  The parser
+                        ** changes "x IN (?)" into "x=?". */
+
+    }else if( eOp & (WO_EQ|WO_IS) ){
+      int iCol = pProbe->aiColumn[saved_nEq];
+      pNew->wsFlags |= WHERE_COLUMN_EQ;
+      assert( saved_nEq==pNew->u.btree.nEq );
+      if( iCol==XN_ROWID 
+       || (iCol>0 && nInMul==0 && saved_nEq==pProbe->nKeyCol-1)
+      ){
+        if( iCol>=0 && pProbe->uniqNotNull==0 ){
+          pNew->wsFlags |= WHERE_UNQ_WANTED;
+        }else{
+          pNew->wsFlags |= WHERE_ONEROW;
+        }
+      }
+    }else if( eOp & WO_ISNULL ){
+      pNew->wsFlags |= WHERE_COLUMN_NULL;
+    }else if( eOp & (WO_GT|WO_GE) ){
+      testcase( eOp & WO_GT );
+      testcase( eOp & WO_GE );
+      pNew->wsFlags |= WHERE_COLUMN_RANGE|WHERE_BTM_LIMIT;
+      pBtm = pTerm;
+      pTop = 0;
+      if( pTerm->wtFlags & TERM_LIKEOPT ){
+        /* Range contraints that come from the LIKE optimization are
+        ** always used in pairs. */
+        pTop = &pTerm[1];
+        assert( (pTop-(pTerm->pWC->a))<pTerm->pWC->nTerm );
+        assert( pTop->wtFlags & TERM_LIKEOPT );
+        assert( pTop->eOperator==WO_LT );
+        if( whereLoopResize(db, pNew, pNew->nLTerm+1) ) break; /* OOM */
+        pNew->aLTerm[pNew->nLTerm++] = pTop;
+        pNew->wsFlags |= WHERE_TOP_LIMIT;
+      }
+    }else{
+      assert( eOp & (WO_LT|WO_LE) );
+      testcase( eOp & WO_LT );
+      testcase( eOp & WO_LE );
+      pNew->wsFlags |= WHERE_COLUMN_RANGE|WHERE_TOP_LIMIT;
+      pTop = pTerm;
+      pBtm = (pNew->wsFlags & WHERE_BTM_LIMIT)!=0 ?
+                     pNew->aLTerm[pNew->nLTerm-2] : 0;
+    }
+
+    /* At this point pNew->nOut is set to the number of rows expected to
+    ** be visited by the index scan before considering term pTerm, or the
+    ** values of nIn and nInMul. In other words, assuming that all 
+    ** "x IN(...)" terms are replaced with "x = ?". This block updates
+    ** the value of pNew->nOut to account for pTerm (but not nIn/nInMul).  */
+    assert( pNew->nOut==saved_nOut );
+    if( pNew->wsFlags & WHERE_COLUMN_RANGE ){
+      /* Adjust nOut using stat3/stat4 data. Or, if there is no stat3/stat4
+      ** data, using some other estimate.  */
+      whereRangeScanEst(pParse, pBuilder, pBtm, pTop, pNew);
+    }else{
+      int nEq = ++pNew->u.btree.nEq;
+      assert( eOp & (WO_ISNULL|WO_EQ|WO_IN|WO_IS) );
+
+      assert( pNew->nOut==saved_nOut );
+      if( pTerm->truthProb<=0 && pProbe->aiColumn[saved_nEq]>=0 ){
+        assert( (eOp & WO_IN) || nIn==0 );
+        testcase( eOp & WO_IN );
+        pNew->nOut += pTerm->truthProb;
+        pNew->nOut -= nIn;
+      }else{
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+        tRowcnt nOut = 0;
+        if( nInMul==0 
+         && pProbe->nSample 
+         && pNew->u.btree.nEq<=pProbe->nSampleCol
+         && ((eOp & WO_IN)==0 || !ExprHasProperty(pTerm->pExpr, EP_xIsSelect))
+        ){
+          Expr *pExpr = pTerm->pExpr;
+          if( (eOp & (WO_EQ|WO_ISNULL|WO_IS))!=0 ){
+            testcase( eOp & WO_EQ );
+            testcase( eOp & WO_IS );
+            testcase( eOp & WO_ISNULL );
+            rc = whereEqualScanEst(pParse, pBuilder, pExpr->pRight, &nOut);
+          }else{
+            rc = whereInScanEst(pParse, pBuilder, pExpr->x.pList, &nOut);
+          }
+          if( rc==SQLITE_NOTFOUND ) rc = SQLITE_OK;
+          if( rc!=SQLITE_OK ) break;          /* Jump out of the pTerm loop */
+          if( nOut ){
+            pNew->nOut = sqlite3LogEst(nOut);
+            if( pNew->nOut>saved_nOut ) pNew->nOut = saved_nOut;
+            pNew->nOut -= nIn;
+          }
+        }
+        if( nOut==0 )
+#endif
+        {
+          pNew->nOut += (pProbe->aiRowLogEst[nEq] - pProbe->aiRowLogEst[nEq-1]);
+          if( eOp & WO_ISNULL ){
+            /* TUNING: If there is no likelihood() value, assume that a 
+            ** "col IS NULL" expression matches twice as many rows 
+            ** as (col=?). */
+            pNew->nOut += 10;
+          }
+        }
+      }
+    }
+
+    /* Set rCostIdx to the cost of visiting selected rows in index. Add
+    ** it to pNew->rRun, which is currently set to the cost of the index
+    ** seek only. Then, if this is a non-covering index, add the cost of
+    ** visiting the rows in the main table.  */
+    rCostIdx = pNew->nOut + 1 + (15*pProbe->szIdxRow)/pSrc->pTab->szTabRow;
+    pNew->rRun = sqlite3LogEstAdd(rLogSize, rCostIdx);
+    if( (pNew->wsFlags & (WHERE_IDX_ONLY|WHERE_IPK))==0 ){
+      pNew->rRun = sqlite3LogEstAdd(pNew->rRun, pNew->nOut + 16);
+    }
+    ApplyCostMultiplier(pNew->rRun, pProbe->pTable->costMult);
+
+    nOutUnadjusted = pNew->nOut;
+    pNew->rRun += nInMul + nIn;
+    pNew->nOut += nInMul + nIn;
+    whereLoopOutputAdjust(pBuilder->pWC, pNew, rSize);
+    rc = whereLoopInsert(pBuilder, pNew);
+
+    if( pNew->wsFlags & WHERE_COLUMN_RANGE ){
+      pNew->nOut = saved_nOut;
+    }else{
+      pNew->nOut = nOutUnadjusted;
+    }
+
+    if( (pNew->wsFlags & WHERE_TOP_LIMIT)==0
+     && pNew->u.btree.nEq<pProbe->nColumn
+    ){
+      whereLoopAddBtreeIndex(pBuilder, pSrc, pProbe, nInMul+nIn);
+    }
+    pNew->nOut = saved_nOut;
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    pBuilder->nRecValid = nRecValid;
+#endif
+  }
+  pNew->prereq = saved_prereq;
+  pNew->u.btree.nEq = saved_nEq;
+  pNew->nSkip = saved_nSkip;
+  pNew->wsFlags = saved_wsFlags;
+  pNew->nOut = saved_nOut;
+  pNew->nLTerm = saved_nLTerm;
+
+  /* Consider using a skip-scan if there are no WHERE clause constraints
+  ** available for the left-most terms of the index, and if the average
+  ** number of repeats in the left-most terms is at least 18. 
+  **
+  ** The magic number 18 is selected on the basis that scanning 17 rows
+  ** is almost always quicker than an index seek (even though if the index
+  ** contains fewer than 2^17 rows we assume otherwise in other parts of
+  ** the code). And, even if it is not, it should not be too much slower. 
+  ** On the other hand, the extra seeks could end up being significantly
+  ** more expensive.  */
+  assert( 42==sqlite3LogEst(18) );
+  if( saved_nEq==saved_nSkip
+   && saved_nEq+1<pProbe->nKeyCol
+   && pProbe->noSkipScan==0
+   && pProbe->aiRowLogEst[saved_nEq+1]>=42  /* TUNING: Minimum for skip-scan */
+   && (rc = whereLoopResize(db, pNew, pNew->nLTerm+1))==SQLITE_OK
+  ){
+    LogEst nIter;
+    pNew->u.btree.nEq++;
+    pNew->nSkip++;
+    pNew->aLTerm[pNew->nLTerm++] = 0;
+    pNew->wsFlags |= WHERE_SKIPSCAN;
+    nIter = pProbe->aiRowLogEst[saved_nEq] - pProbe->aiRowLogEst[saved_nEq+1];
+    pNew->nOut -= nIter;
+    /* TUNING:  Because uncertainties in the estimates for skip-scan queries,
+    ** add a 1.375 fudge factor to make skip-scan slightly less likely. */
+    nIter += 5;
+    whereLoopAddBtreeIndex(pBuilder, pSrc, pProbe, nIter + nInMul);
+    pNew->nOut = saved_nOut;
+    pNew->u.btree.nEq = saved_nEq;
+    pNew->nSkip = saved_nSkip;
+    pNew->wsFlags = saved_wsFlags;
+  }
+
+  return rc;
+}
+
+/*
+** Return True if it is possible that pIndex might be useful in
+** implementing the ORDER BY clause in pBuilder.
+**
+** Return False if pBuilder does not contain an ORDER BY clause or
+** if there is no way for pIndex to be useful in implementing that
+** ORDER BY clause.
+*/
+static int indexMightHelpWithOrderBy(
+  WhereLoopBuilder *pBuilder,
+  Index *pIndex,
+  int iCursor
+){
+  ExprList *pOB;
+  ExprList *aColExpr;
+  int ii, jj;
+
+  if( pIndex->bUnordered ) return 0;
+  if( (pOB = pBuilder->pWInfo->pOrderBy)==0 ) return 0;
+  for(ii=0; ii<pOB->nExpr; ii++){
+    Expr *pExpr = sqlite3ExprSkipCollate(pOB->a[ii].pExpr);
+    if( pExpr->op==TK_COLUMN && pExpr->iTable==iCursor ){
+      if( pExpr->iColumn<0 ) return 1;
+      for(jj=0; jj<pIndex->nKeyCol; jj++){
+        if( pExpr->iColumn==pIndex->aiColumn[jj] ) return 1;
+      }
+    }else if( (aColExpr = pIndex->aColExpr)!=0 ){
+      for(jj=0; jj<pIndex->nKeyCol; jj++){
+        if( pIndex->aiColumn[jj]!=XN_EXPR ) continue;
+        if( sqlite3ExprCompare(pExpr,aColExpr->a[jj].pExpr,iCursor)==0 ){
+          return 1;
+        }
+      }
+    }
+  }
+  return 0;
+}
+
+/*
+** Return a bitmask where 1s indicate that the corresponding column of
+** the table is used by an index.  Only the first 63 columns are considered.
+*/
+static Bitmask columnsInIndex(Index *pIdx){
+  Bitmask m = 0;
+  int j;
+  for(j=pIdx->nColumn-1; j>=0; j--){
+    int x = pIdx->aiColumn[j];
+    if( x>=0 ){
+      testcase( x==BMS-1 );
+      testcase( x==BMS-2 );
+      if( x<BMS-1 ) m |= MASKBIT(x);
+    }
+  }
+  return m;
+}
+
+/* Check to see if a partial index with pPartIndexWhere can be used
+** in the current query.  Return true if it can be and false if not.
+*/
+static int whereUsablePartialIndex(int iTab, WhereClause *pWC, Expr *pWhere){
+  int i;
+  WhereTerm *pTerm;
+  while( pWhere->op==TK_AND ){
+    if( !whereUsablePartialIndex(iTab,pWC,pWhere->pLeft) ) return 0;
+    pWhere = pWhere->pRight;
+  }
+  for(i=0, pTerm=pWC->a; i<pWC->nTerm; i++, pTerm++){
+    Expr *pExpr = pTerm->pExpr;
+    if( sqlite3ExprImpliesExpr(pExpr, pWhere, iTab) 
+     && (!ExprHasProperty(pExpr, EP_FromJoin) || pExpr->iRightJoinTable==iTab)
+    ){
+      return 1;
+    }
+  }
+  return 0;
+}
+
+/*
+** Add all WhereLoop objects for a single table of the join where the table
+** is idenfied by pBuilder->pNew->iTab.  That table is guaranteed to be
+** a b-tree table, not a virtual table.
+**
+** The costs (WhereLoop.rRun) of the b-tree loops added by this function
+** are calculated as follows:
+**
+** For a full scan, assuming the table (or index) contains nRow rows:
+**
+**     cost = nRow * 3.0                    // full-table scan
+**     cost = nRow * K                      // scan of covering index
+**     cost = nRow * (K+3.0)                // scan of non-covering index
+**
+** where K is a value between 1.1 and 3.0 set based on the relative 
+** estimated average size of the index and table records.
+**
+** For an index scan, where nVisit is the number of index rows visited
+** by the scan, and nSeek is the number of seek operations required on 
+** the index b-tree:
+**
+**     cost = nSeek * (log(nRow) + K * nVisit)          // covering index
+**     cost = nSeek * (log(nRow) + (K+3.0) * nVisit)    // non-covering index
+**
+** Normally, nSeek is 1. nSeek values greater than 1 come about if the 
+** WHERE clause includes "x IN (....)" terms used in place of "x=?". Or when 
+** implicit "x IN (SELECT x FROM tbl)" terms are added for skip-scans.
+**
+** The estimated values (nRow, nVisit, nSeek) often contain a large amount
+** of uncertainty.  For this reason, scoring is designed to pick plans that
+** "do the least harm" if the estimates are inaccurate.  For example, a
+** log(nRow) factor is omitted from a non-covering index scan in order to
+** bias the scoring in favor of using an index, since the worst-case
+** performance of using an index is far better than the worst-case performance
+** of a full table scan.
+*/
+static int whereLoopAddBtree(
+  WhereLoopBuilder *pBuilder, /* WHERE clause information */
+  Bitmask mExtra              /* Extra prerequesites for using this table */
+){
+  WhereInfo *pWInfo;          /* WHERE analysis context */
+  Index *pProbe;              /* An index we are evaluating */
+  Index sPk;                  /* A fake index object for the primary key */
+  LogEst aiRowEstPk[2];       /* The aiRowLogEst[] value for the sPk index */
+  i16 aiColumnPk = -1;        /* The aColumn[] value for the sPk index */
+  SrcList *pTabList;          /* The FROM clause */
+  struct SrcList_item *pSrc;  /* The FROM clause btree term to add */
+  WhereLoop *pNew;            /* Template WhereLoop object */
+  int rc = SQLITE_OK;         /* Return code */
+  int iSortIdx = 1;           /* Index number */
+  int b;                      /* A boolean value */
+  LogEst rSize;               /* number of rows in the table */
+  LogEst rLogSize;            /* Logarithm of the number of rows in the table */
+  WhereClause *pWC;           /* The parsed WHERE clause */
+  Table *pTab;                /* Table being queried */
+  
+  pNew = pBuilder->pNew;
+  pWInfo = pBuilder->pWInfo;
+  pTabList = pWInfo->pTabList;
+  pSrc = pTabList->a + pNew->iTab;
+  pTab = pSrc->pTab;
+  pWC = pBuilder->pWC;
+  assert( !IsVirtual(pSrc->pTab) );
+
+  if( pSrc->pIBIndex ){
+    /* An INDEXED BY clause specifies a particular index to use */
+    pProbe = pSrc->pIBIndex;
+  }else if( !HasRowid(pTab) ){
+    pProbe = pTab->pIndex;
+  }else{
+    /* There is no INDEXED BY clause.  Create a fake Index object in local
+    ** variable sPk to represent the rowid primary key index.  Make this
+    ** fake index the first in a chain of Index objects with all of the real
+    ** indices to follow */
+    Index *pFirst;                  /* First of real indices on the table */
+    memset(&sPk, 0, sizeof(Index));
+    sPk.nKeyCol = 1;
+    sPk.nColumn = 1;
+    sPk.aiColumn = &aiColumnPk;
+    sPk.aiRowLogEst = aiRowEstPk;
+    sPk.onError = OE_Replace;
+    sPk.pTable = pTab;
+    sPk.szIdxRow = pTab->szTabRow;
+    aiRowEstPk[0] = pTab->nRowLogEst;
+    aiRowEstPk[1] = 0;
+    pFirst = pSrc->pTab->pIndex;
+    if( pSrc->fg.notIndexed==0 ){
+      /* The real indices of the table are only considered if the
+      ** NOT INDEXED qualifier is omitted from the FROM clause */
+      sPk.pNext = pFirst;
+    }
+    pProbe = &sPk;
+  }
+  rSize = pTab->nRowLogEst;
+  rLogSize = estLog(rSize);
+
+#ifndef SQLITE_OMIT_AUTOMATIC_INDEX
+  /* Automatic indexes */
+  if( !pBuilder->pOrSet      /* Not part of an OR optimization */
+   && (pWInfo->wctrlFlags & WHERE_NO_AUTOINDEX)==0
+   && (pWInfo->pParse->db->flags & SQLITE_AutoIndex)!=0
+   && pSrc->pIBIndex==0      /* Has no INDEXED BY clause */
+   && !pSrc->fg.notIndexed   /* Has no NOT INDEXED clause */
+   && HasRowid(pTab)         /* Not WITHOUT ROWID table. (FIXME: Why not?) */
+   && !pSrc->fg.isCorrelated /* Not a correlated subquery */
+   && !pSrc->fg.isRecursive  /* Not a recursive common table expression. */
+  ){
+    /* Generate auto-index WhereLoops */
+    WhereTerm *pTerm;
+    WhereTerm *pWCEnd = pWC->a + pWC->nTerm;
+    for(pTerm=pWC->a; rc==SQLITE_OK && pTerm<pWCEnd; pTerm++){
+      if( pTerm->prereqRight & pNew->maskSelf ) continue;
+      if( termCanDriveIndex(pTerm, pSrc, 0) ){
+        pNew->u.btree.nEq = 1;
+        pNew->nSkip = 0;
+        pNew->u.btree.pIndex = 0;
+        pNew->nLTerm = 1;
+        pNew->aLTerm[0] = pTerm;
+        /* TUNING: One-time cost for computing the automatic index is
+        ** estimated to be X*N*log2(N) where N is the number of rows in
+        ** the table being indexed and where X is 7 (LogEst=28) for normal
+        ** tables or 1.375 (LogEst=4) for views and subqueries.  The value
+        ** of X is smaller for views and subqueries so that the query planner
+        ** will be more aggressive about generating automatic indexes for
+        ** those objects, since there is no opportunity to add schema
+        ** indexes on subqueries and views. */
+        pNew->rSetup = rLogSize + rSize + 4;
+        if( pTab->pSelect==0 && (pTab->tabFlags & TF_Ephemeral)==0 ){
+          pNew->rSetup += 24;
+        }
+        ApplyCostMultiplier(pNew->rSetup, pTab->costMult);
+        /* TUNING: Each index lookup yields 20 rows in the table.  This
+        ** is more than the usual guess of 10 rows, since we have no way
+        ** of knowing how selective the index will ultimately be.  It would
+        ** not be unreasonable to make this value much larger. */
+        pNew->nOut = 43;  assert( 43==sqlite3LogEst(20) );
+        pNew->rRun = sqlite3LogEstAdd(rLogSize,pNew->nOut);
+        pNew->wsFlags = WHERE_AUTO_INDEX;
+        pNew->prereq = mExtra | pTerm->prereqRight;
+        rc = whereLoopInsert(pBuilder, pNew);
+      }
+    }
+  }
+#endif /* SQLITE_OMIT_AUTOMATIC_INDEX */
+
+  /* Loop over all indices
+  */
+  for(; rc==SQLITE_OK && pProbe; pProbe=pProbe->pNext, iSortIdx++){
+    if( pProbe->pPartIdxWhere!=0
+     && !whereUsablePartialIndex(pSrc->iCursor, pWC, pProbe->pPartIdxWhere) ){
+      testcase( pNew->iTab!=pSrc->iCursor );  /* See ticket [98d973b8f5] */
+      continue;  /* Partial index inappropriate for this query */
+    }
+    rSize = pProbe->aiRowLogEst[0];
+    pNew->u.btree.nEq = 0;
+    pNew->nSkip = 0;
+    pNew->nLTerm = 0;
+    pNew->iSortIdx = 0;
+    pNew->rSetup = 0;
+    pNew->prereq = mExtra;
+    pNew->nOut = rSize;
+    pNew->u.btree.pIndex = pProbe;
+    b = indexMightHelpWithOrderBy(pBuilder, pProbe, pSrc->iCursor);
+    /* The ONEPASS_DESIRED flags never occurs together with ORDER BY */
+    assert( (pWInfo->wctrlFlags & WHERE_ONEPASS_DESIRED)==0 || b==0 );
+    if( pProbe->tnum<=0 ){
+      /* Integer primary key index */
+      pNew->wsFlags = WHERE_IPK;
+
+      /* Full table scan */
+      pNew->iSortIdx = b ? iSortIdx : 0;
+      /* TUNING: Cost of full table scan is (N*3.0). */
+      pNew->rRun = rSize + 16;
+      ApplyCostMultiplier(pNew->rRun, pTab->costMult);
+      whereLoopOutputAdjust(pWC, pNew, rSize);
+      rc = whereLoopInsert(pBuilder, pNew);
+      pNew->nOut = rSize;
+      if( rc ) break;
+    }else{
+      Bitmask m;
+      if( pProbe->isCovering ){
+        pNew->wsFlags = WHERE_IDX_ONLY | WHERE_INDEXED;
+        m = 0;
+      }else{
+        m = pSrc->colUsed & ~columnsInIndex(pProbe);
+        pNew->wsFlags = (m==0) ? (WHERE_IDX_ONLY|WHERE_INDEXED) : WHERE_INDEXED;
+      }
+
+      /* Full scan via index */
+      if( b
+       || !HasRowid(pTab)
+       || ( m==0
+         && pProbe->bUnordered==0
+         && (pProbe->szIdxRow<pTab->szTabRow)
+         && (pWInfo->wctrlFlags & WHERE_ONEPASS_DESIRED)==0
+         && sqlite3GlobalConfig.bUseCis
+         && OptimizationEnabled(pWInfo->pParse->db, SQLITE_CoverIdxScan)
+          )
+      ){
+        pNew->iSortIdx = b ? iSortIdx : 0;
+
+        /* The cost of visiting the index rows is N*K, where K is
+        ** between 1.1 and 3.0, depending on the relative sizes of the
+        ** index and table rows. If this is a non-covering index scan,
+        ** also add the cost of visiting table rows (N*3.0).  */
+        pNew->rRun = rSize + 1 + (15*pProbe->szIdxRow)/pTab->szTabRow;
+        if( m!=0 ){
+          pNew->rRun = sqlite3LogEstAdd(pNew->rRun, rSize+16);
+        }
+        ApplyCostMultiplier(pNew->rRun, pTab->costMult);
+        whereLoopOutputAdjust(pWC, pNew, rSize);
+        rc = whereLoopInsert(pBuilder, pNew);
+        pNew->nOut = rSize;
+        if( rc ) break;
+      }
+    }
+
+    rc = whereLoopAddBtreeIndex(pBuilder, pSrc, pProbe, 0);
+#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
+    sqlite3Stat4ProbeFree(pBuilder->pRec);
+    pBuilder->nRecValid = 0;
+    pBuilder->pRec = 0;
+#endif
+
+    /* If there was an INDEXED BY clause, then only that one index is
+    ** considered. */
+    if( pSrc->pIBIndex ) break;
+  }
+  return rc;
+}
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/*
+** Add all WhereLoop objects for a table of the join identified by
+** pBuilder->pNew->iTab.  That table is guaranteed to be a virtual table.
+**
+** If there are no LEFT or CROSS JOIN joins in the query, both mExtra and
+** mUnusable are set to 0. Otherwise, mExtra is a mask of all FROM clause
+** entries that occur before the virtual table in the FROM clause and are
+** separated from it by at least one LEFT or CROSS JOIN. Similarly, the
+** mUnusable mask contains all FROM clause entries that occur after the
+** virtual table and are separated from it by at least one LEFT or 
+** CROSS JOIN. 
+**
+** For example, if the query were:
+**
+**   ... FROM t1, t2 LEFT JOIN t3, t4, vt CROSS JOIN t5, t6;
+**
+** then mExtra corresponds to (t1, t2) and mUnusable to (t5, t6).
+**
+** All the tables in mExtra must be scanned before the current virtual 
+** table. So any terms for which all prerequisites are satisfied by 
+** mExtra may be specified as "usable" in all calls to xBestIndex. 
+** Conversely, all tables in mUnusable must be scanned after the current
+** virtual table, so any terms for which the prerequisites overlap with
+** mUnusable should always be configured as "not-usable" for xBestIndex.
+*/
+static int whereLoopAddVirtual(
+  WhereLoopBuilder *pBuilder,  /* WHERE clause information */
+  Bitmask mExtra,              /* Tables that must be scanned before this one */
+  Bitmask mUnusable            /* Tables that must be scanned after this one */
+){
+  WhereInfo *pWInfo;           /* WHERE analysis context */
+  Parse *pParse;               /* The parsing context */
+  WhereClause *pWC;            /* The WHERE clause */
+  struct SrcList_item *pSrc;   /* The FROM clause term to search */
+  Table *pTab;
+  sqlite3 *db;
+  sqlite3_index_info *pIdxInfo;
+  struct sqlite3_index_constraint *pIdxCons;
+  struct sqlite3_index_constraint_usage *pUsage;
+  WhereTerm *pTerm;
+  int i, j;
+  int iTerm, mxTerm;
+  int nConstraint;
+  int seenIn = 0;              /* True if an IN operator is seen */
+  int seenVar = 0;             /* True if a non-constant constraint is seen */
+  int iPhase;                  /* 0: const w/o IN, 1: const, 2: no IN,  2: IN */
+  WhereLoop *pNew;
+  int rc = SQLITE_OK;
+
+  assert( (mExtra & mUnusable)==0 );
+  pWInfo = pBuilder->pWInfo;
+  pParse = pWInfo->pParse;
+  db = pParse->db;
+  pWC = pBuilder->pWC;
+  pNew = pBuilder->pNew;
+  pSrc = &pWInfo->pTabList->a[pNew->iTab];
+  pTab = pSrc->pTab;
+  assert( IsVirtual(pTab) );
+  pIdxInfo = allocateIndexInfo(pParse, pWC, mUnusable, pSrc,pBuilder->pOrderBy);
+  if( pIdxInfo==0 ) return SQLITE_NOMEM;
+  pNew->prereq = 0;
+  pNew->rSetup = 0;
+  pNew->wsFlags = WHERE_VIRTUALTABLE;
+  pNew->nLTerm = 0;
+  pNew->u.vtab.needFree = 0;
+  pUsage = pIdxInfo->aConstraintUsage;
+  nConstraint = pIdxInfo->nConstraint;
+  if( whereLoopResize(db, pNew, nConstraint) ){
+    sqlite3DbFree(db, pIdxInfo);
+    return SQLITE_NOMEM;
+  }
+
+  for(iPhase=0; iPhase<=3; iPhase++){
+    if( !seenIn && (iPhase&1)!=0 ){
+      iPhase++;
+      if( iPhase>3 ) break;
+    }
+    if( !seenVar && iPhase>1 ) break;
+    pIdxCons = *(struct sqlite3_index_constraint**)&pIdxInfo->aConstraint;
+    for(i=0; i<pIdxInfo->nConstraint; i++, pIdxCons++){
+      j = pIdxCons->iTermOffset;
+      pTerm = &pWC->a[j];
+      switch( iPhase ){
+        case 0:    /* Constants without IN operator */
+          pIdxCons->usable = 0;
+          if( (pTerm->eOperator & WO_IN)!=0 ){
+            seenIn = 1;
+          }
+          if( (pTerm->prereqRight & ~mExtra)!=0 ){
+            seenVar = 1;
+          }else if( (pTerm->eOperator & WO_IN)==0 ){
+            pIdxCons->usable = 1;
+          }
+          break;
+        case 1:    /* Constants with IN operators */
+          assert( seenIn );
+          pIdxCons->usable = (pTerm->prereqRight & ~mExtra)==0;
+          break;
+        case 2:    /* Variables without IN */
+          assert( seenVar );
+          pIdxCons->usable = (pTerm->eOperator & WO_IN)==0;
+          break;
+        default:   /* Variables with IN */
+          assert( seenVar && seenIn );
+          pIdxCons->usable = 1;
+          break;
+      }
+    }
+    memset(pUsage, 0, sizeof(pUsage[0])*pIdxInfo->nConstraint);
+    if( pIdxInfo->needToFreeIdxStr ) sqlite3_free(pIdxInfo->idxStr);
+    pIdxInfo->idxStr = 0;
+    pIdxInfo->idxNum = 0;
+    pIdxInfo->needToFreeIdxStr = 0;
+    pIdxInfo->orderByConsumed = 0;
+    pIdxInfo->estimatedCost = SQLITE_BIG_DBL / (double)2;
+    pIdxInfo->estimatedRows = 25;
+    pIdxInfo->idxFlags = 0;
+    pIdxInfo->colUsed = (sqlite3_int64)pSrc->colUsed;
+    rc = vtabBestIndex(pParse, pTab, pIdxInfo);
+    if( rc ) goto whereLoopAddVtab_exit;
+    pIdxCons = *(struct sqlite3_index_constraint**)&pIdxInfo->aConstraint;
+    pNew->prereq = mExtra;
+    mxTerm = -1;
+    assert( pNew->nLSlot>=nConstraint );
+    for(i=0; i<nConstraint; i++) pNew->aLTerm[i] = 0;
+    pNew->u.vtab.omitMask = 0;
+    for(i=0; i<nConstraint; i++, pIdxCons++){
+      if( (iTerm = pUsage[i].argvIndex - 1)>=0 ){
+        j = pIdxCons->iTermOffset;
+        if( iTerm>=nConstraint
+         || j<0
+         || j>=pWC->nTerm
+         || pNew->aLTerm[iTerm]!=0
+        ){
+          rc = SQLITE_ERROR;
+          sqlite3ErrorMsg(pParse, "%s.xBestIndex() malfunction", pTab->zName);
+          goto whereLoopAddVtab_exit;
+        }
+        testcase( iTerm==nConstraint-1 );
+        testcase( j==0 );
+        testcase( j==pWC->nTerm-1 );
+        pTerm = &pWC->a[j];
+        pNew->prereq |= pTerm->prereqRight;
+        assert( iTerm<pNew->nLSlot );
+        pNew->aLTerm[iTerm] = pTerm;
+        if( iTerm>mxTerm ) mxTerm = iTerm;
+        testcase( iTerm==15 );
+        testcase( iTerm==16 );
+        if( iTerm<16 && pUsage[i].omit ) pNew->u.vtab.omitMask |= 1<<iTerm;
+        if( (pTerm->eOperator & WO_IN)!=0 ){
+          if( pUsage[i].omit==0 ){
+            /* Do not attempt to use an IN constraint if the virtual table
+            ** says that the equivalent EQ constraint cannot be safely omitted.
+            ** If we do attempt to use such a constraint, some rows might be
+            ** repeated in the output. */
+            break;
+          }
+          /* A virtual table that is constrained by an IN clause may not
+          ** consume the ORDER BY clause because (1) the order of IN terms
+          ** is not necessarily related to the order of output terms and
+          ** (2) Multiple outputs from a single IN value will not merge
+          ** together.  */
+          pIdxInfo->orderByConsumed = 0;
+          pIdxInfo->idxFlags &= ~SQLITE_INDEX_SCAN_UNIQUE;
+        }
+      }
+    }
+    if( i>=nConstraint ){
+      pNew->nLTerm = mxTerm+1;
+      assert( pNew->nLTerm<=pNew->nLSlot );
+      pNew->u.vtab.idxNum = pIdxInfo->idxNum;
+      pNew->u.vtab.needFree = pIdxInfo->needToFreeIdxStr;
+      pIdxInfo->needToFreeIdxStr = 0;
+      pNew->u.vtab.idxStr = pIdxInfo->idxStr;
+      pNew->u.vtab.isOrdered = (i8)(pIdxInfo->orderByConsumed ?
+                                      pIdxInfo->nOrderBy : 0);
+      pNew->rSetup = 0;
+      pNew->rRun = sqlite3LogEstFromDouble(pIdxInfo->estimatedCost);
+      pNew->nOut = sqlite3LogEst(pIdxInfo->estimatedRows);
+
+      /* Set the WHERE_ONEROW flag if the xBestIndex() method indicated
+      ** that the scan will visit at most one row. Clear it otherwise. */
+      if( pIdxInfo->idxFlags & SQLITE_INDEX_SCAN_UNIQUE ){
+        pNew->wsFlags |= WHERE_ONEROW;
+      }else{
+        pNew->wsFlags &= ~WHERE_ONEROW;
+      }
+      whereLoopInsert(pBuilder, pNew);
+      if( pNew->u.vtab.needFree ){
+        sqlite3_free(pNew->u.vtab.idxStr);
+        pNew->u.vtab.needFree = 0;
+      }
+    }
+  }  
+
+whereLoopAddVtab_exit:
+  if( pIdxInfo->needToFreeIdxStr ) sqlite3_free(pIdxInfo->idxStr);
+  sqlite3DbFree(db, pIdxInfo);
+  return rc;
+}
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/*
+** Add WhereLoop entries to handle OR terms.  This works for either
+** btrees or virtual tables.
+*/
+static int whereLoopAddOr(
+  WhereLoopBuilder *pBuilder, 
+  Bitmask mExtra, 
+  Bitmask mUnusable
+){
+  WhereInfo *pWInfo = pBuilder->pWInfo;
+  WhereClause *pWC;
+  WhereLoop *pNew;
+  WhereTerm *pTerm, *pWCEnd;
+  int rc = SQLITE_OK;
+  int iCur;
+  WhereClause tempWC;
+  WhereLoopBuilder sSubBuild;
+  WhereOrSet sSum, sCur;
+  struct SrcList_item *pItem;
+  
+  pWC = pBuilder->pWC;
+  pWCEnd = pWC->a + pWC->nTerm;
+  pNew = pBuilder->pNew;
+  memset(&sSum, 0, sizeof(sSum));
+  pItem = pWInfo->pTabList->a + pNew->iTab;
+  iCur = pItem->iCursor;
+
+  for(pTerm=pWC->a; pTerm<pWCEnd && rc==SQLITE_OK; pTerm++){
+    if( (pTerm->eOperator & WO_OR)!=0
+     && (pTerm->u.pOrInfo->indexable & pNew->maskSelf)!=0 
+    ){
+      WhereClause * const pOrWC = &pTerm->u.pOrInfo->wc;
+      WhereTerm * const pOrWCEnd = &pOrWC->a[pOrWC->nTerm];
+      WhereTerm *pOrTerm;
+      int once = 1;
+      int i, j;
+    
+      sSubBuild = *pBuilder;
+      sSubBuild.pOrderBy = 0;
+      sSubBuild.pOrSet = &sCur;
+
+      WHERETRACE(0x200, ("Begin processing OR-clause %p\n", pTerm));
+      for(pOrTerm=pOrWC->a; pOrTerm<pOrWCEnd; pOrTerm++){
+        if( (pOrTerm->eOperator & WO_AND)!=0 ){
+          sSubBuild.pWC = &pOrTerm->u.pAndInfo->wc;
+        }else if( pOrTerm->leftCursor==iCur ){
+          tempWC.pWInfo = pWC->pWInfo;
+          tempWC.pOuter = pWC;
+          tempWC.op = TK_AND;
+          tempWC.nTerm = 1;
+          tempWC.a = pOrTerm;
+          sSubBuild.pWC = &tempWC;
+        }else{
+          continue;
+        }
+        sCur.n = 0;
+#ifdef WHERETRACE_ENABLED
+        WHERETRACE(0x200, ("OR-term %d of %p has %d subterms:\n", 
+                   (int)(pOrTerm-pOrWC->a), pTerm, sSubBuild.pWC->nTerm));
+        if( sqlite3WhereTrace & 0x400 ){
+          for(i=0; i<sSubBuild.pWC->nTerm; i++){
+            whereTermPrint(&sSubBuild.pWC->a[i], i);
+          }
+        }
+#endif
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+        if( IsVirtual(pItem->pTab) ){
+          rc = whereLoopAddVirtual(&sSubBuild, mExtra, mUnusable);
+        }else
+#endif
+        {
+          rc = whereLoopAddBtree(&sSubBuild, mExtra);
+        }
+        if( rc==SQLITE_OK ){
+          rc = whereLoopAddOr(&sSubBuild, mExtra, mUnusable);
+        }
+        assert( rc==SQLITE_OK || sCur.n==0 );
+        if( sCur.n==0 ){
+          sSum.n = 0;
+          break;
+        }else if( once ){
+          whereOrMove(&sSum, &sCur);
+          once = 0;
+        }else{
+          WhereOrSet sPrev;
+          whereOrMove(&sPrev, &sSum);
+          sSum.n = 0;
+          for(i=0; i<sPrev.n; i++){
+            for(j=0; j<sCur.n; j++){
+              whereOrInsert(&sSum, sPrev.a[i].prereq | sCur.a[j].prereq,
+                            sqlite3LogEstAdd(sPrev.a[i].rRun, sCur.a[j].rRun),
+                            sqlite3LogEstAdd(sPrev.a[i].nOut, sCur.a[j].nOut));
+            }
+          }
+        }
+      }
+      pNew->nLTerm = 1;
+      pNew->aLTerm[0] = pTerm;
+      pNew->wsFlags = WHERE_MULTI_OR;
+      pNew->rSetup = 0;
+      pNew->iSortIdx = 0;
+      memset(&pNew->u, 0, sizeof(pNew->u));
+      for(i=0; rc==SQLITE_OK && i<sSum.n; i++){
+        /* TUNING: Currently sSum.a[i].rRun is set to the sum of the costs
+        ** of all sub-scans required by the OR-scan. However, due to rounding
+        ** errors, it may be that the cost of the OR-scan is equal to its
+        ** most expensive sub-scan. Add the smallest possible penalty 
+        ** (equivalent to multiplying the cost by 1.07) to ensure that 
+        ** this does not happen. Otherwise, for WHERE clauses such as the
+        ** following where there is an index on "y":
+        **
+        **     WHERE likelihood(x=?, 0.99) OR y=?
+        **
+        ** the planner may elect to "OR" together a full-table scan and an
+        ** index lookup. And other similarly odd results.  */
+        pNew->rRun = sSum.a[i].rRun + 1;
+        pNew->nOut = sSum.a[i].nOut;
+        pNew->prereq = sSum.a[i].prereq;
+        rc = whereLoopInsert(pBuilder, pNew);
+      }
+      WHERETRACE(0x200, ("End processing OR-clause %p\n", pTerm));
+    }
+  }
+  return rc;
+}
+
+/*
+** Add all WhereLoop objects for all tables 
+*/
+static int whereLoopAddAll(WhereLoopBuilder *pBuilder){
+  WhereInfo *pWInfo = pBuilder->pWInfo;
+  Bitmask mExtra = 0;
+  Bitmask mPrior = 0;
+  int iTab;
+  SrcList *pTabList = pWInfo->pTabList;
+  struct SrcList_item *pItem;
+  struct SrcList_item *pEnd = &pTabList->a[pWInfo->nLevel];
+  sqlite3 *db = pWInfo->pParse->db;
+  int rc = SQLITE_OK;
+  WhereLoop *pNew;
+  u8 priorJointype = 0;
+
+  /* Loop over the tables in the join, from left to right */
+  pNew = pBuilder->pNew;
+  whereLoopInit(pNew);
+  for(iTab=0, pItem=pTabList->a; pItem<pEnd; iTab++, pItem++){
+    Bitmask mUnusable = 0;
+    pNew->iTab = iTab;
+    pNew->maskSelf = sqlite3WhereGetMask(&pWInfo->sMaskSet, pItem->iCursor);
+    if( ((pItem->fg.jointype|priorJointype) & (JT_LEFT|JT_CROSS))!=0 ){
+      /* This condition is true when pItem is the FROM clause term on the
+      ** right-hand-side of a LEFT or CROSS JOIN.  */
+      mExtra = mPrior;
+    }
+    priorJointype = pItem->fg.jointype;
+    if( IsVirtual(pItem->pTab) ){
+      struct SrcList_item *p;
+      for(p=&pItem[1]; p<pEnd; p++){
+        if( mUnusable || (p->fg.jointype & (JT_LEFT|JT_CROSS)) ){
+          mUnusable |= sqlite3WhereGetMask(&pWInfo->sMaskSet, p->iCursor);
+        }
+      }
+      rc = whereLoopAddVirtual(pBuilder, mExtra, mUnusable);
+    }else{
+      rc = whereLoopAddBtree(pBuilder, mExtra);
+    }
+    if( rc==SQLITE_OK ){
+      rc = whereLoopAddOr(pBuilder, mExtra, mUnusable);
+    }
+    mPrior |= pNew->maskSelf;
+    if( rc || db->mallocFailed ) break;
+  }
+
+  whereLoopClear(db, pNew);
+  return rc;
+}
+
+/*
+** Examine a WherePath (with the addition of the extra WhereLoop of the 5th
+** parameters) to see if it outputs rows in the requested ORDER BY
+** (or GROUP BY) without requiring a separate sort operation.  Return N:
+** 
+**   N>0:   N terms of the ORDER BY clause are satisfied
+**   N==0:  No terms of the ORDER BY clause are satisfied
+**   N<0:   Unknown yet how many terms of ORDER BY might be satisfied.   
+**
+** Note that processing for WHERE_GROUPBY and WHERE_DISTINCTBY is not as
+** strict.  With GROUP BY and DISTINCT the only requirement is that
+** equivalent rows appear immediately adjacent to one another.  GROUP BY
+** and DISTINCT do not require rows to appear in any particular order as long
+** as equivalent rows are grouped together.  Thus for GROUP BY and DISTINCT
+** the pOrderBy terms can be matched in any order.  With ORDER BY, the 
+** pOrderBy terms must be matched in strict left-to-right order.
+*/
+static i8 wherePathSatisfiesOrderBy(
+  WhereInfo *pWInfo,    /* The WHERE clause */
+  ExprList *pOrderBy,   /* ORDER BY or GROUP BY or DISTINCT clause to check */
+  WherePath *pPath,     /* The WherePath to check */
+  u16 wctrlFlags,       /* Might contain WHERE_GROUPBY or WHERE_DISTINCTBY */
+  u16 nLoop,            /* Number of entries in pPath->aLoop[] */
+  WhereLoop *pLast,     /* Add this WhereLoop to the end of pPath->aLoop[] */
+  Bitmask *pRevMask     /* OUT: Mask of WhereLoops to run in reverse order */
+){
+  u8 revSet;            /* True if rev is known */
+  u8 rev;               /* Composite sort order */
+  u8 revIdx;            /* Index sort order */
+  u8 isOrderDistinct;   /* All prior WhereLoops are order-distinct */
+  u8 distinctColumns;   /* True if the loop has UNIQUE NOT NULL columns */
+  u8 isMatch;           /* iColumn matches a term of the ORDER BY clause */
+  u16 nKeyCol;          /* Number of key columns in pIndex */
+  u16 nColumn;          /* Total number of ordered columns in the index */
+  u16 nOrderBy;         /* Number terms in the ORDER BY clause */
+  int iLoop;            /* Index of WhereLoop in pPath being processed */
+  int i, j;             /* Loop counters */
+  int iCur;             /* Cursor number for current WhereLoop */
+  int iColumn;          /* A column number within table iCur */
+  WhereLoop *pLoop = 0; /* Current WhereLoop being processed. */
+  WhereTerm *pTerm;     /* A single term of the WHERE clause */
+  Expr *pOBExpr;        /* An expression from the ORDER BY clause */
+  CollSeq *pColl;       /* COLLATE function from an ORDER BY clause term */
+  Index *pIndex;        /* The index associated with pLoop */
+  sqlite3 *db = pWInfo->pParse->db;  /* Database connection */
+  Bitmask obSat = 0;    /* Mask of ORDER BY terms satisfied so far */
+  Bitmask obDone;       /* Mask of all ORDER BY terms */
+  Bitmask orderDistinctMask;  /* Mask of all well-ordered loops */
+  Bitmask ready;              /* Mask of inner loops */
+
+  /*
+  ** We say the WhereLoop is "one-row" if it generates no more than one
+  ** row of output.  A WhereLoop is one-row if all of the following are true:
+  **  (a) All index columns match with WHERE_COLUMN_EQ.
+  **  (b) The index is unique
+  ** Any WhereLoop with an WHERE_COLUMN_EQ constraint on the rowid is one-row.
+  ** Every one-row WhereLoop will have the WHERE_ONEROW bit set in wsFlags.
+  **
+  ** We say the WhereLoop is "order-distinct" if the set of columns from
+  ** that WhereLoop that are in the ORDER BY clause are different for every
+  ** row of the WhereLoop.  Every one-row WhereLoop is automatically
+  ** order-distinct.   A WhereLoop that has no columns in the ORDER BY clause
+  ** is not order-distinct. To be order-distinct is not quite the same as being
+  ** UNIQUE since a UNIQUE column or index can have multiple rows that 
+  ** are NULL and NULL values are equivalent for the purpose of order-distinct.
+  ** To be order-distinct, the columns must be UNIQUE and NOT NULL.
+  **
+  ** The rowid for a table is always UNIQUE and NOT NULL so whenever the
+  ** rowid appears in the ORDER BY clause, the corresponding WhereLoop is
+  ** automatically order-distinct.
+  */
+
+  assert( pOrderBy!=0 );
+  if( nLoop && OptimizationDisabled(db, SQLITE_OrderByIdxJoin) ) return 0;
+
+  nOrderBy = pOrderBy->nExpr;
+  testcase( nOrderBy==BMS-1 );
+  if( nOrderBy>BMS-1 ) return 0;  /* Cannot optimize overly large ORDER BYs */
+  isOrderDistinct = 1;
+  obDone = MASKBIT(nOrderBy)-1;
+  orderDistinctMask = 0;
+  ready = 0;
+  for(iLoop=0; isOrderDistinct && obSat<obDone && iLoop<=nLoop; iLoop++){
+    if( iLoop>0 ) ready |= pLoop->maskSelf;
+    pLoop = iLoop<nLoop ? pPath->aLoop[iLoop] : pLast;
+    if( pLoop->wsFlags & WHERE_VIRTUALTABLE ){
+      if( pLoop->u.vtab.isOrdered ) obSat = obDone;
+      break;
+    }
+    iCur = pWInfo->pTabList->a[pLoop->iTab].iCursor;
+
+    /* Mark off any ORDER BY term X that is a column in the table of
+    ** the current loop for which there is term in the WHERE
+    ** clause of the form X IS NULL or X=? that reference only outer
+    ** loops.
+    */
+    for(i=0; i<nOrderBy; i++){
+      if( MASKBIT(i) & obSat ) continue;
+      pOBExpr = sqlite3ExprSkipCollate(pOrderBy->a[i].pExpr);
+      if( pOBExpr->op!=TK_COLUMN ) continue;
+      if( pOBExpr->iTable!=iCur ) continue;
+      pTerm = sqlite3WhereFindTerm(&pWInfo->sWC, iCur, pOBExpr->iColumn,
+                       ~ready, WO_EQ|WO_ISNULL|WO_IS, 0);
+      if( pTerm==0 ) continue;
+      if( (pTerm->eOperator&(WO_EQ|WO_IS))!=0 && pOBExpr->iColumn>=0 ){
+        const char *z1, *z2;
+        pColl = sqlite3ExprCollSeq(pWInfo->pParse, pOrderBy->a[i].pExpr);
+        if( !pColl ) pColl = db->pDfltColl;
+        z1 = pColl->zName;
+        pColl = sqlite3ExprCollSeq(pWInfo->pParse, pTerm->pExpr);
+        if( !pColl ) pColl = db->pDfltColl;
+        z2 = pColl->zName;
+        if( sqlite3StrICmp(z1, z2)!=0 ) continue;
+        testcase( pTerm->pExpr->op==TK_IS );
+      }
+      obSat |= MASKBIT(i);
+    }
+
+    if( (pLoop->wsFlags & WHERE_ONEROW)==0 ){
+      if( pLoop->wsFlags & WHERE_IPK ){
+        pIndex = 0;
+        nKeyCol = 0;
+        nColumn = 1;
+      }else if( (pIndex = pLoop->u.btree.pIndex)==0 || pIndex->bUnordered ){
+        return 0;
+      }else{
+        nKeyCol = pIndex->nKeyCol;
+        nColumn = pIndex->nColumn;
+        assert( nColumn==nKeyCol+1 || !HasRowid(pIndex->pTable) );
+        assert( pIndex->aiColumn[nColumn-1]==XN_ROWID
+                          || !HasRowid(pIndex->pTable));
+        isOrderDistinct = IsUniqueIndex(pIndex);
+      }
+
+      /* Loop through all columns of the index and deal with the ones
+      ** that are not constrained by == or IN.
+      */
+      rev = revSet = 0;
+      distinctColumns = 0;
+      for(j=0; j<nColumn; j++){
+        u8 bOnce;   /* True to run the ORDER BY search loop */
+
+        /* Skip over == and IS NULL terms */
+        if( j<pLoop->u.btree.nEq
+         && pLoop->nSkip==0
+         && ((i = pLoop->aLTerm[j]->eOperator) & (WO_EQ|WO_ISNULL|WO_IS))!=0
+        ){
+          if( i & WO_ISNULL ){
+            testcase( isOrderDistinct );
+            isOrderDistinct = 0;
+          }
+          continue;  
+        }
+
+        /* Get the column number in the table (iColumn) and sort order
+        ** (revIdx) for the j-th column of the index.
+        */
+        if( pIndex ){
+          iColumn = pIndex->aiColumn[j];
+          revIdx = pIndex->aSortOrder[j];
+          if( iColumn==pIndex->pTable->iPKey ) iColumn = -1;
+        }else{
+          iColumn = XN_ROWID;
+          revIdx = 0;
+        }
+
+        /* An unconstrained column that might be NULL means that this
+        ** WhereLoop is not well-ordered
+        */
+        if( isOrderDistinct
+         && iColumn>=0
+         && j>=pLoop->u.btree.nEq
+         && pIndex->pTable->aCol[iColumn].notNull==0
+        ){
+          isOrderDistinct = 0;
+        }
+
+        /* Find the ORDER BY term that corresponds to the j-th column
+        ** of the index and mark that ORDER BY term off 
+        */
+        bOnce = 1;
+        isMatch = 0;
+        for(i=0; bOnce && i<nOrderBy; i++){
+          if( MASKBIT(i) & obSat ) continue;
+          pOBExpr = sqlite3ExprSkipCollate(pOrderBy->a[i].pExpr);
+          testcase( wctrlFlags & WHERE_GROUPBY );
+          testcase( wctrlFlags & WHERE_DISTINCTBY );
+          if( (wctrlFlags & (WHERE_GROUPBY|WHERE_DISTINCTBY))==0 ) bOnce = 0;
+          if( iColumn>=(-1) ){
+            if( pOBExpr->op!=TK_COLUMN ) continue;
+            if( pOBExpr->iTable!=iCur ) continue;
+            if( pOBExpr->iColumn!=iColumn ) continue;
+          }else{
+            if( sqlite3ExprCompare(pOBExpr,pIndex->aColExpr->a[j].pExpr,iCur) ){
+              continue;
+            }
+          }
+          if( iColumn>=0 ){
+            pColl = sqlite3ExprCollSeq(pWInfo->pParse, pOrderBy->a[i].pExpr);
+            if( !pColl ) pColl = db->pDfltColl;
+            if( sqlite3StrICmp(pColl->zName, pIndex->azColl[j])!=0 ) continue;
+          }
+          isMatch = 1;
+          break;
+        }
+        if( isMatch && (wctrlFlags & WHERE_GROUPBY)==0 ){
+          /* Make sure the sort order is compatible in an ORDER BY clause.
+          ** Sort order is irrelevant for a GROUP BY clause. */
+          if( revSet ){
+            if( (rev ^ revIdx)!=pOrderBy->a[i].sortOrder ) isMatch = 0;
+          }else{
+            rev = revIdx ^ pOrderBy->a[i].sortOrder;
+            if( rev ) *pRevMask |= MASKBIT(iLoop);
+            revSet = 1;
+          }
+        }
+        if( isMatch ){
+          if( iColumn<0 ){
+            testcase( distinctColumns==0 );
+            distinctColumns = 1;
+          }
+          obSat |= MASKBIT(i);
+        }else{
+          /* No match found */
+          if( j==0 || j<nKeyCol ){
+            testcase( isOrderDistinct!=0 );
+            isOrderDistinct = 0;
+          }
+          break;
+        }
+      } /* end Loop over all index columns */
+      if( distinctColumns ){
+        testcase( isOrderDistinct==0 );
+        isOrderDistinct = 1;
+      }
+    } /* end-if not one-row */
+
+    /* Mark off any other ORDER BY terms that reference pLoop */
+    if( isOrderDistinct ){
+      orderDistinctMask |= pLoop->maskSelf;
+      for(i=0; i<nOrderBy; i++){
+        Expr *p;
+        Bitmask mTerm;
+        if( MASKBIT(i) & obSat ) continue;
+        p = pOrderBy->a[i].pExpr;
+        mTerm = sqlite3WhereExprUsage(&pWInfo->sMaskSet,p);
+        if( mTerm==0 && !sqlite3ExprIsConstant(p) ) continue;
+        if( (mTerm&~orderDistinctMask)==0 ){
+          obSat |= MASKBIT(i);
+        }
+      }
+    }
+  } /* End the loop over all WhereLoops from outer-most down to inner-most */
+  if( obSat==obDone ) return (i8)nOrderBy;
+  if( !isOrderDistinct ){
+    for(i=nOrderBy-1; i>0; i--){
+      Bitmask m = MASKBIT(i) - 1;
+      if( (obSat&m)==m ) return i;
+    }
+    return 0;
+  }
+  return -1;
+}
+
+
+/*
+** If the WHERE_GROUPBY flag is set in the mask passed to sqlite3WhereBegin(),
+** the planner assumes that the specified pOrderBy list is actually a GROUP
+** BY clause - and so any order that groups rows as required satisfies the
+** request.
+**
+** Normally, in this case it is not possible for the caller to determine
+** whether or not the rows are really being delivered in sorted order, or
+** just in some other order that provides the required grouping. However,
+** if the WHERE_SORTBYGROUP flag is also passed to sqlite3WhereBegin(), then
+** this function may be called on the returned WhereInfo object. It returns
+** true if the rows really will be sorted in the specified order, or false
+** otherwise.
+**
+** For example, assuming:
+**
+**   CREATE INDEX i1 ON t1(x, Y);
+**
+** then
+**
+**   SELECT * FROM t1 GROUP BY x,y ORDER BY x,y;   -- IsSorted()==1
+**   SELECT * FROM t1 GROUP BY y,x ORDER BY y,x;   -- IsSorted()==0
+*/
+SQLITE_PRIVATE int sqlite3WhereIsSorted(WhereInfo *pWInfo){
+  assert( pWInfo->wctrlFlags & WHERE_GROUPBY );
+  assert( pWInfo->wctrlFlags & WHERE_SORTBYGROUP );
+  return pWInfo->sorted;
+}
+
+#ifdef WHERETRACE_ENABLED
+/* For debugging use only: */
+static const char *wherePathName(WherePath *pPath, int nLoop, WhereLoop *pLast){
+  static char zName[65];
+  int i;
+  for(i=0; i<nLoop; i++){ zName[i] = pPath->aLoop[i]->cId; }
+  if( pLast ) zName[i++] = pLast->cId;
+  zName[i] = 0;
+  return zName;
+}
+#endif
+
+/*
+** Return the cost of sorting nRow rows, assuming that the keys have 
+** nOrderby columns and that the first nSorted columns are already in
+** order.
+*/
+static LogEst whereSortingCost(
+  WhereInfo *pWInfo,
+  LogEst nRow,
+  int nOrderBy,
+  int nSorted
+){
+  /* TUNING: Estimated cost of a full external sort, where N is 
+  ** the number of rows to sort is:
+  **
+  **   cost = (3.0 * N * log(N)).
+  ** 
+  ** Or, if the order-by clause has X terms but only the last Y 
+  ** terms are out of order, then block-sorting will reduce the 
+  ** sorting cost to:
+  **
+  **   cost = (3.0 * N * log(N)) * (Y/X)
+  **
+  ** The (Y/X) term is implemented using stack variable rScale
+  ** below.  */
+  LogEst rScale, rSortCost;
+  assert( nOrderBy>0 && 66==sqlite3LogEst(100) );
+  rScale = sqlite3LogEst((nOrderBy-nSorted)*100/nOrderBy) - 66;
+  rSortCost = nRow + estLog(nRow) + rScale + 16;
+
+  /* TUNING: The cost of implementing DISTINCT using a B-TREE is
+  ** similar but with a larger constant of proportionality. 
+  ** Multiply by an additional factor of 3.0.  */
+  if( pWInfo->wctrlFlags & WHERE_WANT_DISTINCT ){
+    rSortCost += 16;
+  }
+
+  return rSortCost;
+}
+
+/*
+** Given the list of WhereLoop objects at pWInfo->pLoops, this routine
+** attempts to find the lowest cost path that visits each WhereLoop
+** once.  This path is then loaded into the pWInfo->a[].pWLoop fields.
+**
+** Assume that the total number of output rows that will need to be sorted
+** will be nRowEst (in the 10*log2 representation).  Or, ignore sorting
+** costs if nRowEst==0.
+**
+** Return SQLITE_OK on success or SQLITE_NOMEM of a memory allocation
+** error occurs.
+*/
+static int wherePathSolver(WhereInfo *pWInfo, LogEst nRowEst){
+  int mxChoice;             /* Maximum number of simultaneous paths tracked */
+  int nLoop;                /* Number of terms in the join */
+  Parse *pParse;            /* Parsing context */
+  sqlite3 *db;              /* The database connection */
+  int iLoop;                /* Loop counter over the terms of the join */
+  int ii, jj;               /* Loop counters */
+  int mxI = 0;              /* Index of next entry to replace */
+  int nOrderBy;             /* Number of ORDER BY clause terms */
+  LogEst mxCost = 0;        /* Maximum cost of a set of paths */
+  LogEst mxUnsorted = 0;    /* Maximum unsorted cost of a set of path */
+  int nTo, nFrom;           /* Number of valid entries in aTo[] and aFrom[] */
+  WherePath *aFrom;         /* All nFrom paths at the previous level */
+  WherePath *aTo;           /* The nTo best paths at the current level */
+  WherePath *pFrom;         /* An element of aFrom[] that we are working on */
+  WherePath *pTo;           /* An element of aTo[] that we are working on */
+  WhereLoop *pWLoop;        /* One of the WhereLoop objects */
+  WhereLoop **pX;           /* Used to divy up the pSpace memory */
+  LogEst *aSortCost = 0;    /* Sorting and partial sorting costs */
+  char *pSpace;             /* Temporary memory used by this routine */
+  int nSpace;               /* Bytes of space allocated at pSpace */
+
+  pParse = pWInfo->pParse;
+  db = pParse->db;
+  nLoop = pWInfo->nLevel;
+  /* TUNING: For simple queries, only the best path is tracked.
+  ** For 2-way joins, the 5 best paths are followed.
+  ** For joins of 3 or more tables, track the 10 best paths */
+  mxChoice = (nLoop<=1) ? 1 : (nLoop==2 ? 5 : 10);
+  assert( nLoop<=pWInfo->pTabList->nSrc );
+  WHERETRACE(0x002, ("---- begin solver.  (nRowEst=%d)\n", nRowEst));
+
+  /* If nRowEst is zero and there is an ORDER BY clause, ignore it. In this
+  ** case the purpose of this call is to estimate the number of rows returned
+  ** by the overall query. Once this estimate has been obtained, the caller
+  ** will invoke this function a second time, passing the estimate as the
+  ** nRowEst parameter.  */
+  if( pWInfo->pOrderBy==0 || nRowEst==0 ){
+    nOrderBy = 0;
+  }else{
+    nOrderBy = pWInfo->pOrderBy->nExpr;
+  }
+
+  /* Allocate and initialize space for aTo, aFrom and aSortCost[] */
+  nSpace = (sizeof(WherePath)+sizeof(WhereLoop*)*nLoop)*mxChoice*2;
+  nSpace += sizeof(LogEst) * nOrderBy;
+  pSpace = sqlite3DbMallocRaw(db, nSpace);
+  if( pSpace==0 ) return SQLITE_NOMEM;
+  aTo = (WherePath*)pSpace;
+  aFrom = aTo+mxChoice;
+  memset(aFrom, 0, sizeof(aFrom[0]));
+  pX = (WhereLoop**)(aFrom+mxChoice);
+  for(ii=mxChoice*2, pFrom=aTo; ii>0; ii--, pFrom++, pX += nLoop){
+    pFrom->aLoop = pX;
+  }
+  if( nOrderBy ){
+    /* If there is an ORDER BY clause and it is not being ignored, set up
+    ** space for the aSortCost[] array. Each element of the aSortCost array
+    ** is either zero - meaning it has not yet been initialized - or the
+    ** cost of sorting nRowEst rows of data where the first X terms of
+    ** the ORDER BY clause are already in order, where X is the array 
+    ** index.  */
+    aSortCost = (LogEst*)pX;
+    memset(aSortCost, 0, sizeof(LogEst) * nOrderBy);
+  }
+  assert( aSortCost==0 || &pSpace[nSpace]==(char*)&aSortCost[nOrderBy] );
+  assert( aSortCost!=0 || &pSpace[nSpace]==(char*)pX );
+
+  /* Seed the search with a single WherePath containing zero WhereLoops.
+  **
+  ** TUNING: Do not let the number of iterations go above 28.  If the cost
+  ** of computing an automatic index is not paid back within the first 28
+  ** rows, then do not use the automatic index. */
+  aFrom[0].nRow = MIN(pParse->nQueryLoop, 48);  assert( 48==sqlite3LogEst(28) );
+  nFrom = 1;
+  assert( aFrom[0].isOrdered==0 );
+  if( nOrderBy ){
+    /* If nLoop is zero, then there are no FROM terms in the query. Since
+    ** in this case the query may return a maximum of one row, the results
+    ** are already in the requested order. Set isOrdered to nOrderBy to
+    ** indicate this. Or, if nLoop is greater than zero, set isOrdered to
+    ** -1, indicating that the result set may or may not be ordered, 
+    ** depending on the loops added to the current plan.  */
+    aFrom[0].isOrdered = nLoop>0 ? -1 : nOrderBy;
+  }
+
+  /* Compute successively longer WherePaths using the previous generation
+  ** of WherePaths as the basis for the next.  Keep track of the mxChoice
+  ** best paths at each generation */
+  for(iLoop=0; iLoop<nLoop; iLoop++){
+    nTo = 0;
+    for(ii=0, pFrom=aFrom; ii<nFrom; ii++, pFrom++){
+      for(pWLoop=pWInfo->pLoops; pWLoop; pWLoop=pWLoop->pNextLoop){
+        LogEst nOut;                      /* Rows visited by (pFrom+pWLoop) */
+        LogEst rCost;                     /* Cost of path (pFrom+pWLoop) */
+        LogEst rUnsorted;                 /* Unsorted cost of (pFrom+pWLoop) */
+        i8 isOrdered = pFrom->isOrdered;  /* isOrdered for (pFrom+pWLoop) */
+        Bitmask maskNew;                  /* Mask of src visited by (..) */
+        Bitmask revMask = 0;              /* Mask of rev-order loops for (..) */
+
+        if( (pWLoop->prereq & ~pFrom->maskLoop)!=0 ) continue;
+        if( (pWLoop->maskSelf & pFrom->maskLoop)!=0 ) continue;
+        /* At this point, pWLoop is a candidate to be the next loop. 
+        ** Compute its cost */
+        rUnsorted = sqlite3LogEstAdd(pWLoop->rSetup,pWLoop->rRun + pFrom->nRow);
+        rUnsorted = sqlite3LogEstAdd(rUnsorted, pFrom->rUnsorted);
+        nOut = pFrom->nRow + pWLoop->nOut;
+        maskNew = pFrom->maskLoop | pWLoop->maskSelf;
+        if( isOrdered<0 ){
+          isOrdered = wherePathSatisfiesOrderBy(pWInfo,
+                       pWInfo->pOrderBy, pFrom, pWInfo->wctrlFlags,
+                       iLoop, pWLoop, &revMask);
+        }else{
+          revMask = pFrom->revLoop;
+        }
+        if( isOrdered>=0 && isOrdered<nOrderBy ){
+          if( aSortCost[isOrdered]==0 ){
+            aSortCost[isOrdered] = whereSortingCost(
+                pWInfo, nRowEst, nOrderBy, isOrdered
+            );
+          }
+          rCost = sqlite3LogEstAdd(rUnsorted, aSortCost[isOrdered]);
+
+          WHERETRACE(0x002,
+              ("---- sort cost=%-3d (%d/%d) increases cost %3d to %-3d\n",
+               aSortCost[isOrdered], (nOrderBy-isOrdered), nOrderBy, 
+               rUnsorted, rCost));
+        }else{
+          rCost = rUnsorted;
+        }
+
+        /* Check to see if pWLoop should be added to the set of
+        ** mxChoice best-so-far paths.
+        **
+        ** First look for an existing path among best-so-far paths
+        ** that covers the same set of loops and has the same isOrdered
+        ** setting as the current path candidate.
+        **
+        ** The term "((pTo->isOrdered^isOrdered)&0x80)==0" is equivalent
+        ** to (pTo->isOrdered==(-1))==(isOrdered==(-1))" for the range
+        ** of legal values for isOrdered, -1..64.
+        */
+        for(jj=0, pTo=aTo; jj<nTo; jj++, pTo++){
+          if( pTo->maskLoop==maskNew
+           && ((pTo->isOrdered^isOrdered)&0x80)==0
+          ){
+            testcase( jj==nTo-1 );
+            break;
+          }
+        }
+        if( jj>=nTo ){
+          /* None of the existing best-so-far paths match the candidate. */
+          if( nTo>=mxChoice
+           && (rCost>mxCost || (rCost==mxCost && rUnsorted>=mxUnsorted))
+          ){
+            /* The current candidate is no better than any of the mxChoice
+            ** paths currently in the best-so-far buffer.  So discard
+            ** this candidate as not viable. */
+#ifdef WHERETRACE_ENABLED /* 0x4 */
+            if( sqlite3WhereTrace&0x4 ){
+              sqlite3DebugPrintf("Skip   %s cost=%-3d,%3d order=%c\n",
+                  wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
+                  isOrdered>=0 ? isOrdered+'0' : '?');
+            }
+#endif
+            continue;
+          }
+          /* If we reach this points it means that the new candidate path
+          ** needs to be added to the set of best-so-far paths. */
+          if( nTo<mxChoice ){
+            /* Increase the size of the aTo set by one */
+            jj = nTo++;
+          }else{
+            /* New path replaces the prior worst to keep count below mxChoice */
+            jj = mxI;
+          }
+          pTo = &aTo[jj];
+#ifdef WHERETRACE_ENABLED /* 0x4 */
+          if( sqlite3WhereTrace&0x4 ){
+            sqlite3DebugPrintf("New    %s cost=%-3d,%3d order=%c\n",
+                wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
+                isOrdered>=0 ? isOrdered+'0' : '?');
+          }
+#endif
+        }else{
+          /* Control reaches here if best-so-far path pTo=aTo[jj] covers the
+          ** same set of loops and has the sam isOrdered setting as the
+          ** candidate path.  Check to see if the candidate should replace
+          ** pTo or if the candidate should be skipped */
+          if( pTo->rCost<rCost || (pTo->rCost==rCost && pTo->nRow<=nOut) ){
+#ifdef WHERETRACE_ENABLED /* 0x4 */
+            if( sqlite3WhereTrace&0x4 ){
+              sqlite3DebugPrintf(
+                  "Skip   %s cost=%-3d,%3d order=%c",
+                  wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
+                  isOrdered>=0 ? isOrdered+'0' : '?');
+              sqlite3DebugPrintf("   vs %s cost=%-3d,%d order=%c\n",
+                  wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
+                  pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
+            }
+#endif
+            /* Discard the candidate path from further consideration */
+            testcase( pTo->rCost==rCost );
+            continue;
+          }
+          testcase( pTo->rCost==rCost+1 );
+          /* Control reaches here if the candidate path is better than the
+          ** pTo path.  Replace pTo with the candidate. */
+#ifdef WHERETRACE_ENABLED /* 0x4 */
+          if( sqlite3WhereTrace&0x4 ){
+            sqlite3DebugPrintf(
+                "Update %s cost=%-3d,%3d order=%c",
+                wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
+                isOrdered>=0 ? isOrdered+'0' : '?');
+            sqlite3DebugPrintf("  was %s cost=%-3d,%3d order=%c\n",
+                wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
+                pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
+          }
+#endif
+        }
+        /* pWLoop is a winner.  Add it to the set of best so far */
+        pTo->maskLoop = pFrom->maskLoop | pWLoop->maskSelf;
+        pTo->revLoop = revMask;
+        pTo->nRow = nOut;
+        pTo->rCost = rCost;
+        pTo->rUnsorted = rUnsorted;
+        pTo->isOrdered = isOrdered;
+        memcpy(pTo->aLoop, pFrom->aLoop, sizeof(WhereLoop*)*iLoop);
+        pTo->aLoop[iLoop] = pWLoop;
+        if( nTo>=mxChoice ){
+          mxI = 0;
+          mxCost = aTo[0].rCost;
+          mxUnsorted = aTo[0].nRow;
+          for(jj=1, pTo=&aTo[1]; jj<mxChoice; jj++, pTo++){
+            if( pTo->rCost>mxCost 
+             || (pTo->rCost==mxCost && pTo->rUnsorted>mxUnsorted) 
+            ){
+              mxCost = pTo->rCost;
+              mxUnsorted = pTo->rUnsorted;
+              mxI = jj;
+            }
+          }
+        }
+      }
+    }
+
+#ifdef WHERETRACE_ENABLED  /* >=2 */
+    if( sqlite3WhereTrace & 0x02 ){
+      sqlite3DebugPrintf("---- after round %d ----\n", iLoop);
+      for(ii=0, pTo=aTo; ii<nTo; ii++, pTo++){
+        sqlite3DebugPrintf(" %s cost=%-3d nrow=%-3d order=%c",
+           wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
+           pTo->isOrdered>=0 ? (pTo->isOrdered+'0') : '?');
+        if( pTo->isOrdered>0 ){
+          sqlite3DebugPrintf(" rev=0x%llx\n", pTo->revLoop);
+        }else{
+          sqlite3DebugPrintf("\n");
+        }
+      }
+    }
+#endif
+
+    /* Swap the roles of aFrom and aTo for the next generation */
+    pFrom = aTo;
+    aTo = aFrom;
+    aFrom = pFrom;
+    nFrom = nTo;
+  }
+
+  if( nFrom==0 ){
+    sqlite3ErrorMsg(pParse, "no query solution");
+    sqlite3DbFree(db, pSpace);
+    return SQLITE_ERROR;
+  }
+  
+  /* Find the lowest cost path.  pFrom will be left pointing to that path */
+  pFrom = aFrom;
+  for(ii=1; ii<nFrom; ii++){
+    if( pFrom->rCost>aFrom[ii].rCost ) pFrom = &aFrom[ii];
+  }
+  assert( pWInfo->nLevel==nLoop );
+  /* Load the lowest cost path into pWInfo */
+  for(iLoop=0; iLoop<nLoop; iLoop++){
+    WhereLevel *pLevel = pWInfo->a + iLoop;
+    pLevel->pWLoop = pWLoop = pFrom->aLoop[iLoop];
+    pLevel->iFrom = pWLoop->iTab;
+    pLevel->iTabCur = pWInfo->pTabList->a[pLevel->iFrom].iCursor;
+  }
+  if( (pWInfo->wctrlFlags & WHERE_WANT_DISTINCT)!=0
+   && (pWInfo->wctrlFlags & WHERE_DISTINCTBY)==0
+   && pWInfo->eDistinct==WHERE_DISTINCT_NOOP
+   && nRowEst
+  ){
+    Bitmask notUsed;
+    int rc = wherePathSatisfiesOrderBy(pWInfo, pWInfo->pResultSet, pFrom,
+                 WHERE_DISTINCTBY, nLoop-1, pFrom->aLoop[nLoop-1], &notUsed);
+    if( rc==pWInfo->pResultSet->nExpr ){
+      pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
+    }
+  }
+  if( pWInfo->pOrderBy ){
+    if( pWInfo->wctrlFlags & WHERE_DISTINCTBY ){
+      if( pFrom->isOrdered==pWInfo->pOrderBy->nExpr ){
+        pWInfo->eDistinct = WHERE_DISTINCT_ORDERED;
+      }
+    }else{
+      pWInfo->nOBSat = pFrom->isOrdered;
+      if( pWInfo->nOBSat<0 ) pWInfo->nOBSat = 0;
+      pWInfo->revMask = pFrom->revLoop;
+    }
+    if( (pWInfo->wctrlFlags & WHERE_SORTBYGROUP)
+        && pWInfo->nOBSat==pWInfo->pOrderBy->nExpr && nLoop>0
+    ){
+      Bitmask revMask = 0;
+      int nOrder = wherePathSatisfiesOrderBy(pWInfo, pWInfo->pOrderBy, 
+          pFrom, 0, nLoop-1, pFrom->aLoop[nLoop-1], &revMask
+      );
+      assert( pWInfo->sorted==0 );
+      if( nOrder==pWInfo->pOrderBy->nExpr ){
+        pWInfo->sorted = 1;
+        pWInfo->revMask = revMask;
+      }
+    }
+  }
+
+
+  pWInfo->nRowOut = pFrom->nRow;
+
+  /* Free temporary memory and return success */
+  sqlite3DbFree(db, pSpace);
+  return SQLITE_OK;
+}
+
+/*
+** Most queries use only a single table (they are not joins) and have
+** simple == constraints against indexed fields.  This routine attempts
+** to plan those simple cases using much less ceremony than the
+** general-purpose query planner, and thereby yield faster sqlite3_prepare()
+** times for the common case.
+**
+** Return non-zero on success, if this query can be handled by this
+** no-frills query planner.  Return zero if this query needs the 
+** general-purpose query planner.
+*/
+static int whereShortCut(WhereLoopBuilder *pBuilder){
+  WhereInfo *pWInfo;
+  struct SrcList_item *pItem;
+  WhereClause *pWC;
+  WhereTerm *pTerm;
+  WhereLoop *pLoop;
+  int iCur;
+  int j;
+  Table *pTab;
+  Index *pIdx;
+  
+  pWInfo = pBuilder->pWInfo;
+  if( pWInfo->wctrlFlags & WHERE_FORCE_TABLE ) return 0;
+  assert( pWInfo->pTabList->nSrc>=1 );
+  pItem = pWInfo->pTabList->a;
+  pTab = pItem->pTab;
+  if( IsVirtual(pTab) ) return 0;
+  if( pItem->fg.isIndexedBy ) return 0;
+  iCur = pItem->iCursor;
+  pWC = &pWInfo->sWC;
+  pLoop = pBuilder->pNew;
+  pLoop->wsFlags = 0;
+  pLoop->nSkip = 0;
+  pTerm = sqlite3WhereFindTerm(pWC, iCur, -1, 0, WO_EQ|WO_IS, 0);
+  if( pTerm ){
+    testcase( pTerm->eOperator & WO_IS );
+    pLoop->wsFlags = WHERE_COLUMN_EQ|WHERE_IPK|WHERE_ONEROW;
+    pLoop->aLTerm[0] = pTerm;
+    pLoop->nLTerm = 1;
+    pLoop->u.btree.nEq = 1;
+    /* TUNING: Cost of a rowid lookup is 10 */
+    pLoop->rRun = 33;  /* 33==sqlite3LogEst(10) */
+  }else{
+    for(pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext){
+      int opMask;
+      assert( pLoop->aLTermSpace==pLoop->aLTerm );
+      if( !IsUniqueIndex(pIdx)
+       || pIdx->pPartIdxWhere!=0 
+       || pIdx->nKeyCol>ArraySize(pLoop->aLTermSpace) 
+      ) continue;
+      opMask = pIdx->uniqNotNull ? (WO_EQ|WO_IS) : WO_EQ;
+      for(j=0; j<pIdx->nKeyCol; j++){
+        pTerm = sqlite3WhereFindTerm(pWC, iCur, j, 0, opMask, pIdx);
+        if( pTerm==0 ) break;
+        testcase( pTerm->eOperator & WO_IS );
+        pLoop->aLTerm[j] = pTerm;
+      }
+      if( j!=pIdx->nKeyCol ) continue;
+      pLoop->wsFlags = WHERE_COLUMN_EQ|WHERE_ONEROW|WHERE_INDEXED;
+      if( pIdx->isCovering || (pItem->colUsed & ~columnsInIndex(pIdx))==0 ){
+        pLoop->wsFlags |= WHERE_IDX_ONLY;
+      }
+      pLoop->nLTerm = j;
+      pLoop->u.btree.nEq = j;
+      pLoop->u.btree.pIndex = pIdx;
+      /* TUNING: Cost of a unique index lookup is 15 */
+      pLoop->rRun = 39;  /* 39==sqlite3LogEst(15) */
+      break;
+    }
+  }
+  if( pLoop->wsFlags ){
+    pLoop->nOut = (LogEst)1;
+    pWInfo->a[0].pWLoop = pLoop;
+    pLoop->maskSelf = sqlite3WhereGetMask(&pWInfo->sMaskSet, iCur);
+    pWInfo->a[0].iTabCur = iCur;
+    pWInfo->nRowOut = 1;
+    if( pWInfo->pOrderBy ) pWInfo->nOBSat =  pWInfo->pOrderBy->nExpr;
+    if( pWInfo->wctrlFlags & WHERE_WANT_DISTINCT ){
+      pWInfo->eDistinct = WHERE_DISTINCT_UNIQUE;
+    }
+#ifdef SQLITE_DEBUG
+    pLoop->cId = '0';
+#endif
+    return 1;
+  }
+  return 0;
+}
+
+/*
+** Generate the beginning of the loop used for WHERE clause processing.
+** The return value is a pointer to an opaque structure that contains
+** information needed to terminate the loop.  Later, the calling routine
+** should invoke sqlite3WhereEnd() with the return value of this function
+** in order to complete the WHERE clause processing.
+**
+** If an error occurs, this routine returns NULL.
+**
+** The basic idea is to do a nested loop, one loop for each table in
+** the FROM clause of a select.  (INSERT and UPDATE statements are the
+** same as a SELECT with only a single table in the FROM clause.)  For
+** example, if the SQL is this:
+**
+**       SELECT * FROM t1, t2, t3 WHERE ...;
+**
+** Then the code generated is conceptually like the following:
+**
+**      foreach row1 in t1 do       \    Code generated
+**        foreach row2 in t2 do      |-- by sqlite3WhereBegin()
+**          foreach row3 in t3 do   /
+**            ...
+**          end                     \    Code generated
+**        end                        |-- by sqlite3WhereEnd()
+**      end                         /
+**
+** Note that the loops might not be nested in the order in which they
+** appear in the FROM clause if a different order is better able to make
+** use of indices.  Note also that when the IN operator appears in
+** the WHERE clause, it might result in additional nested loops for
+** scanning through all values on the right-hand side of the IN.
+**
+** There are Btree cursors associated with each table.  t1 uses cursor
+** number pTabList->a[0].iCursor.  t2 uses the cursor pTabList->a[1].iCursor.
+** And so forth.  This routine generates code to open those VDBE cursors
+** and sqlite3WhereEnd() generates the code to close them.
+**
+** The code that sqlite3WhereBegin() generates leaves the cursors named
+** in pTabList pointing at their appropriate entries.  The [...] code
+** can use OP_Column and OP_Rowid opcodes on these cursors to extract
+** data from the various tables of the loop.
+**
+** If the WHERE clause is empty, the foreach loops must each scan their
+** entire tables.  Thus a three-way join is an O(N^3) operation.  But if
+** the tables have indices and there are terms in the WHERE clause that
+** refer to those indices, a complete table scan can be avoided and the
+** code will run much faster.  Most of the work of this routine is checking
+** to see if there are indices that can be used to speed up the loop.
+**
+** Terms of the WHERE clause are also used to limit which rows actually
+** make it to the "..." in the middle of the loop.  After each "foreach",
+** terms of the WHERE clause that use only terms in that loop and outer
+** loops are evaluated and if false a jump is made around all subsequent
+** inner loops (or around the "..." if the test occurs within the inner-
+** most loop)
+**
+** OUTER JOINS
+**
+** An outer join of tables t1 and t2 is conceptally coded as follows:
+**
+**    foreach row1 in t1 do
+**      flag = 0
+**      foreach row2 in t2 do
+**        start:
+**          ...
+**          flag = 1
+**      end
+**      if flag==0 then
+**        move the row2 cursor to a null row
+**        goto start
+**      fi
+**    end
+**
+** ORDER BY CLAUSE PROCESSING
+**
+** pOrderBy is a pointer to the ORDER BY clause (or the GROUP BY clause
+** if the WHERE_GROUPBY flag is set in wctrlFlags) of a SELECT statement
+** if there is one.  If there is no ORDER BY clause or if this routine
+** is called from an UPDATE or DELETE statement, then pOrderBy is NULL.
+**
+** The iIdxCur parameter is the cursor number of an index.  If 
+** WHERE_ONETABLE_ONLY is set, iIdxCur is the cursor number of an index
+** to use for OR clause processing.  The WHERE clause should use this
+** specific cursor.  If WHERE_ONEPASS_DESIRED is set, then iIdxCur is
+** the first cursor in an array of cursors for all indices.  iIdxCur should
+** be used to compute the appropriate cursor depending on which index is
+** used.
+*/
+SQLITE_PRIVATE WhereInfo *sqlite3WhereBegin(
+  Parse *pParse,        /* The parser context */
+  SrcList *pTabList,    /* FROM clause: A list of all tables to be scanned */
+  Expr *pWhere,         /* The WHERE clause */
+  ExprList *pOrderBy,   /* An ORDER BY (or GROUP BY) clause, or NULL */
+  ExprList *pResultSet, /* Result set of the query */
+  u16 wctrlFlags,       /* One of the WHERE_* flags defined in sqliteInt.h */
+  int iIdxCur           /* If WHERE_ONETABLE_ONLY is set, index cursor number */
+){
+  int nByteWInfo;            /* Num. bytes allocated for WhereInfo struct */
+  int nTabList;              /* Number of elements in pTabList */
+  WhereInfo *pWInfo;         /* Will become the return value of this function */
+  Vdbe *v = pParse->pVdbe;   /* The virtual database engine */
+  Bitmask notReady;          /* Cursors that are not yet positioned */
+  WhereLoopBuilder sWLB;     /* The WhereLoop builder */
+  WhereMaskSet *pMaskSet;    /* The expression mask set */
+  WhereLevel *pLevel;        /* A single level in pWInfo->a[] */
+  WhereLoop *pLoop;          /* Pointer to a single WhereLoop object */
+  int ii;                    /* Loop counter */
+  sqlite3 *db;               /* Database connection */
+  int rc;                    /* Return code */
+  u8 bFordelete = 0;
+
+  assert( (wctrlFlags & WHERE_ONEPASS_MULTIROW)==0 || (
+        (wctrlFlags & WHERE_ONEPASS_DESIRED)!=0 
+     && (wctrlFlags & WHERE_OMIT_OPEN_CLOSE)==0 
+  ));
+
+  /* Variable initialization */
+  db = pParse->db;
+  memset(&sWLB, 0, sizeof(sWLB));
+
+  /* An ORDER/GROUP BY clause of more than 63 terms cannot be optimized */
+  testcase( pOrderBy && pOrderBy->nExpr==BMS-1 );
+  if( pOrderBy && pOrderBy->nExpr>=BMS ) pOrderBy = 0;
+  sWLB.pOrderBy = pOrderBy;
+
+  /* Disable the DISTINCT optimization if SQLITE_DistinctOpt is set via
+  ** sqlite3_test_ctrl(SQLITE_TESTCTRL_OPTIMIZATIONS,...) */
+  if( OptimizationDisabled(db, SQLITE_DistinctOpt) ){
+    wctrlFlags &= ~WHERE_WANT_DISTINCT;
+  }
+
+  /* The number of tables in the FROM clause is limited by the number of
+  ** bits in a Bitmask 
+  */
+  testcase( pTabList->nSrc==BMS );
+  if( pTabList->nSrc>BMS ){
+    sqlite3ErrorMsg(pParse, "at most %d tables in a join", BMS);
+    return 0;
+  }
+
+  /* This function normally generates a nested loop for all tables in 
+  ** pTabList.  But if the WHERE_ONETABLE_ONLY flag is set, then we should
+  ** only generate code for the first table in pTabList and assume that
+  ** any cursors associated with subsequent tables are uninitialized.
+  */
+  nTabList = (wctrlFlags & WHERE_ONETABLE_ONLY) ? 1 : pTabList->nSrc;
+
+  /* Allocate and initialize the WhereInfo structure that will become the
+  ** return value. A single allocation is used to store the WhereInfo
+  ** struct, the contents of WhereInfo.a[], the WhereClause structure
+  ** and the WhereMaskSet structure. Since WhereClause contains an 8-byte
+  ** field (type Bitmask) it must be aligned on an 8-byte boundary on
+  ** some architectures. Hence the ROUND8() below.
+  */
+  nByteWInfo = ROUND8(sizeof(WhereInfo)+(nTabList-1)*sizeof(WhereLevel));
+  pWInfo = sqlite3DbMallocZero(db, nByteWInfo + sizeof(WhereLoop));
+  if( db->mallocFailed ){
+    sqlite3DbFree(db, pWInfo);
+    pWInfo = 0;
+    goto whereBeginError;
+  }
+  pWInfo->aiCurOnePass[0] = pWInfo->aiCurOnePass[1] = -1;
+  pWInfo->nLevel = nTabList;
+  pWInfo->pParse = pParse;
+  pWInfo->pTabList = pTabList;
+  pWInfo->pOrderBy = pOrderBy;
+  pWInfo->pResultSet = pResultSet;
+  pWInfo->iBreak = pWInfo->iContinue = sqlite3VdbeMakeLabel(v);
+  pWInfo->wctrlFlags = wctrlFlags;
+  pWInfo->savedNQueryLoop = pParse->nQueryLoop;
+  assert( pWInfo->eOnePass==ONEPASS_OFF );  /* ONEPASS defaults to OFF */
+  pMaskSet = &pWInfo->sMaskSet;
+  sWLB.pWInfo = pWInfo;
+  sWLB.pWC = &pWInfo->sWC;
+  sWLB.pNew = (WhereLoop*)(((char*)pWInfo)+nByteWInfo);
+  assert( EIGHT_BYTE_ALIGNMENT(sWLB.pNew) );
+  whereLoopInit(sWLB.pNew);
+#ifdef SQLITE_DEBUG
+  sWLB.pNew->cId = '*';
+#endif
+
+  /* Split the WHERE clause into separate subexpressions where each
+  ** subexpression is separated by an AND operator.
+  */
+  initMaskSet(pMaskSet);
+  sqlite3WhereClauseInit(&pWInfo->sWC, pWInfo);
+  sqlite3WhereSplit(&pWInfo->sWC, pWhere, TK_AND);
+    
+  /* Special case: a WHERE clause that is constant.  Evaluate the
+  ** expression and either jump over all of the code or fall thru.
+  */
+  for(ii=0; ii<sWLB.pWC->nTerm; ii++){
+    if( nTabList==0 || sqlite3ExprIsConstantNotJoin(sWLB.pWC->a[ii].pExpr) ){
+      sqlite3ExprIfFalse(pParse, sWLB.pWC->a[ii].pExpr, pWInfo->iBreak,
+                         SQLITE_JUMPIFNULL);
+      sWLB.pWC->a[ii].wtFlags |= TERM_CODED;
+    }
+  }
+
+  /* Special case: No FROM clause
+  */
+  if( nTabList==0 ){
+    if( pOrderBy ) pWInfo->nOBSat = pOrderBy->nExpr;
+    if( wctrlFlags & WHERE_WANT_DISTINCT ){
+      pWInfo->eDistinct = WHERE_DISTINCT_UNIQUE;
+    }
+  }
+
+  /* Assign a bit from the bitmask to every term in the FROM clause.
+  **
+  ** The N-th term of the FROM clause is assigned a bitmask of 1<<N.
+  **
+  ** The rule of the previous sentence ensures thta if X is the bitmask for
+  ** a table T, then X-1 is the bitmask for all other tables to the left of T.
+  ** Knowing the bitmask for all tables to the left of a left join is
+  ** important.  Ticket #3015.
+  **
+  ** Note that bitmasks are created for all pTabList->nSrc tables in
+  ** pTabList, not just the first nTabList tables.  nTabList is normally
+  ** equal to pTabList->nSrc but might be shortened to 1 if the
+  ** WHERE_ONETABLE_ONLY flag is set.
+  */
+  for(ii=0; ii<pTabList->nSrc; ii++){
+    createMask(pMaskSet, pTabList->a[ii].iCursor);
+    sqlite3WhereTabFuncArgs(pParse, &pTabList->a[ii], &pWInfo->sWC);
+  }
+#ifdef SQLITE_DEBUG
+  for(ii=0; ii<pTabList->nSrc; ii++){
+    Bitmask m = sqlite3WhereGetMask(pMaskSet, pTabList->a[ii].iCursor);
+    assert( m==MASKBIT(ii) );
+  }
+#endif
+
+  /* Analyze all of the subexpressions. */
+  sqlite3WhereExprAnalyze(pTabList, &pWInfo->sWC);
+  if( db->mallocFailed ) goto whereBeginError;
+
+  if( wctrlFlags & WHERE_WANT_DISTINCT ){
+    if( isDistinctRedundant(pParse, pTabList, &pWInfo->sWC, pResultSet) ){
+      /* The DISTINCT marking is pointless.  Ignore it. */
+      pWInfo->eDistinct = WHERE_DISTINCT_UNIQUE;
+    }else if( pOrderBy==0 ){
+      /* Try to ORDER BY the result set to make distinct processing easier */
+      pWInfo->wctrlFlags |= WHERE_DISTINCTBY;
+      pWInfo->pOrderBy = pResultSet;
+    }
+  }
+
+  /* Construct the WhereLoop objects */
+  WHERETRACE(0xffff,("*** Optimizer Start *** (wctrlFlags: 0x%x)\n",
+             wctrlFlags));
+#if defined(WHERETRACE_ENABLED)
+  if( sqlite3WhereTrace & 0x100 ){ /* Display all terms of the WHERE clause */
+    int i;
+    for(i=0; i<sWLB.pWC->nTerm; i++){
+      whereTermPrint(&sWLB.pWC->a[i], i);
+    }
+  }
+#endif
+
+  if( nTabList!=1 || whereShortCut(&sWLB)==0 ){
+    rc = whereLoopAddAll(&sWLB);
+    if( rc ) goto whereBeginError;
+  
+#ifdef WHERETRACE_ENABLED
+    if( sqlite3WhereTrace ){    /* Display all of the WhereLoop objects */
+      WhereLoop *p;
+      int i;
+      static const char zLabel[] = "0123456789abcdefghijklmnopqrstuvwyxz"
+                                             "ABCDEFGHIJKLMNOPQRSTUVWYXZ";
+      for(p=pWInfo->pLoops, i=0; p; p=p->pNextLoop, i++){
+        p->cId = zLabel[i%sizeof(zLabel)];
+        whereLoopPrint(p, sWLB.pWC);
+      }
+    }
+#endif
+  
+    wherePathSolver(pWInfo, 0);
+    if( db->mallocFailed ) goto whereBeginError;
+    if( pWInfo->pOrderBy ){
+       wherePathSolver(pWInfo, pWInfo->nRowOut+1);
+       if( db->mallocFailed ) goto whereBeginError;
+    }
+  }
+  if( pWInfo->pOrderBy==0 && (db->flags & SQLITE_ReverseOrder)!=0 ){
+     pWInfo->revMask = (Bitmask)(-1);
+  }
+  if( pParse->nErr || NEVER(db->mallocFailed) ){
+    goto whereBeginError;
+  }
+#ifdef WHERETRACE_ENABLED
+  if( sqlite3WhereTrace ){
+    sqlite3DebugPrintf("---- Solution nRow=%d", pWInfo->nRowOut);
+    if( pWInfo->nOBSat>0 ){
+      sqlite3DebugPrintf(" ORDERBY=%d,0x%llx", pWInfo->nOBSat, pWInfo->revMask);
+    }
+    switch( pWInfo->eDistinct ){
+      case WHERE_DISTINCT_UNIQUE: {
+        sqlite3DebugPrintf("  DISTINCT=unique");
+        break;
+      }
+      case WHERE_DISTINCT_ORDERED: {
+        sqlite3DebugPrintf("  DISTINCT=ordered");
+        break;
+      }
+      case WHERE_DISTINCT_UNORDERED: {
+        sqlite3DebugPrintf("  DISTINCT=unordered");
+        break;
+      }
+    }
+    sqlite3DebugPrintf("\n");
+    for(ii=0; ii<pWInfo->nLevel; ii++){
+      whereLoopPrint(pWInfo->a[ii].pWLoop, sWLB.pWC);
+    }
+  }
+#endif
+  /* Attempt to omit tables from the join that do not effect the result */
+  if( pWInfo->nLevel>=2
+   && pResultSet!=0
+   && OptimizationEnabled(db, SQLITE_OmitNoopJoin)
+  ){
+    Bitmask tabUsed = sqlite3WhereExprListUsage(pMaskSet, pResultSet);
+    if( sWLB.pOrderBy ){
+      tabUsed |= sqlite3WhereExprListUsage(pMaskSet, sWLB.pOrderBy);
+    }
+    while( pWInfo->nLevel>=2 ){
+      WhereTerm *pTerm, *pEnd;
+      pLoop = pWInfo->a[pWInfo->nLevel-1].pWLoop;
+      if( (pWInfo->pTabList->a[pLoop->iTab].fg.jointype & JT_LEFT)==0 ) break;
+      if( (wctrlFlags & WHERE_WANT_DISTINCT)==0
+       && (pLoop->wsFlags & WHERE_ONEROW)==0
+      ){
+        break;
+      }
+      if( (tabUsed & pLoop->maskSelf)!=0 ) break;
+      pEnd = sWLB.pWC->a + sWLB.pWC->nTerm;
+      for(pTerm=sWLB.pWC->a; pTerm<pEnd; pTerm++){
+        if( (pTerm->prereqAll & pLoop->maskSelf)!=0
+         && !ExprHasProperty(pTerm->pExpr, EP_FromJoin)
+        ){
+          break;
+        }
+      }
+      if( pTerm<pEnd ) break;
+      WHERETRACE(0xffff, ("-> drop loop %c not used\n", pLoop->cId));
+      pWInfo->nLevel--;
+      nTabList--;
+    }
+  }
+  WHERETRACE(0xffff,("*** Optimizer Finished ***\n"));
+  pWInfo->pParse->nQueryLoop += pWInfo->nRowOut;
+
+  /* If the caller is an UPDATE or DELETE statement that is requesting
+  ** to use a one-pass algorithm, determine if this is appropriate.
+  ** The one-pass algorithm only works if the WHERE clause constrains
+  ** the statement to update or delete a single row.
+  */
+  assert( (wctrlFlags & WHERE_ONEPASS_DESIRED)==0 || pWInfo->nLevel==1 );
+  if( (wctrlFlags & WHERE_ONEPASS_DESIRED)!=0 ){
+    int wsFlags = pWInfo->a[0].pWLoop->wsFlags;
+    int bOnerow = (wsFlags & WHERE_ONEROW)!=0;
+    if( bOnerow || ( (wctrlFlags & WHERE_ONEPASS_MULTIROW)
+       && 0==(wsFlags & WHERE_VIRTUALTABLE)
+    )){
+      pWInfo->eOnePass = bOnerow ? ONEPASS_SINGLE : ONEPASS_MULTI;
+      if( HasRowid(pTabList->a[0].pTab) && (wsFlags & WHERE_IDX_ONLY) ){
+        if( wctrlFlags & WHERE_ONEPASS_MULTIROW ){
+          bFordelete = OPFLAG_FORDELETE;
+        }
+        pWInfo->a[0].pWLoop->wsFlags = (wsFlags & ~WHERE_IDX_ONLY);
+      }
+    }
+  }
+
+  /* Open all tables in the pTabList and any indices selected for
+  ** searching those tables.
+  */
+  for(ii=0, pLevel=pWInfo->a; ii<nTabList; ii++, pLevel++){
+    Table *pTab;     /* Table to open */
+    int iDb;         /* Index of database containing table/index */
+    struct SrcList_item *pTabItem;
+
+    pTabItem = &pTabList->a[pLevel->iFrom];
+    pTab = pTabItem->pTab;
+    iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+    pLoop = pLevel->pWLoop;
+    if( (pTab->tabFlags & TF_Ephemeral)!=0 || pTab->pSelect ){
+      /* Do nothing */
+    }else
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+    if( (pLoop->wsFlags & WHERE_VIRTUALTABLE)!=0 ){
+      const char *pVTab = (const char *)sqlite3GetVTable(db, pTab);
+      int iCur = pTabItem->iCursor;
+      sqlite3VdbeAddOp4(v, OP_VOpen, iCur, 0, 0, pVTab, P4_VTAB);
+    }else if( IsVirtual(pTab) ){
+      /* noop */
+    }else
+#endif
+    if( (pLoop->wsFlags & WHERE_IDX_ONLY)==0
+         && (wctrlFlags & WHERE_OMIT_OPEN_CLOSE)==0 ){
+      int op = OP_OpenRead;
+      if( pWInfo->eOnePass!=ONEPASS_OFF ){
+        op = OP_OpenWrite;
+        pWInfo->aiCurOnePass[0] = pTabItem->iCursor;
+      };
+      sqlite3OpenTable(pParse, pTabItem->iCursor, iDb, pTab, op);
+      assert( pTabItem->iCursor==pLevel->iTabCur );
+      testcase( pWInfo->eOnePass==ONEPASS_OFF && pTab->nCol==BMS-1 );
+      testcase( pWInfo->eOnePass==ONEPASS_OFF && pTab->nCol==BMS );
+      if( pWInfo->eOnePass==ONEPASS_OFF && pTab->nCol<BMS && HasRowid(pTab) ){
+        Bitmask b = pTabItem->colUsed;
+        int n = 0;
+        for(; b; b=b>>1, n++){}
+        sqlite3VdbeChangeP4(v, sqlite3VdbeCurrentAddr(v)-1, 
+                            SQLITE_INT_TO_PTR(n), P4_INT32);
+        assert( n<=pTab->nCol );
+      }
+#ifdef SQLITE_ENABLE_CURSOR_HINTS
+      if( pLoop->u.btree.pIndex!=0 ){
+        sqlite3VdbeChangeP5(v, OPFLAG_SEEKEQ|bFordelete);
+      }else
+#endif
+      {
+        sqlite3VdbeChangeP5(v, bFordelete);
+      }
+#ifdef SQLITE_ENABLE_COLUMN_USED_MASK
+      sqlite3VdbeAddOp4Dup8(v, OP_ColumnsUsed, pTabItem->iCursor, 0, 0,
+                            (const u8*)&pTabItem->colUsed, P4_INT64);
+#endif
+    }else{
+      sqlite3TableLock(pParse, iDb, pTab->tnum, 0, pTab->zName);
+    }
+    if( pLoop->wsFlags & WHERE_INDEXED ){
+      Index *pIx = pLoop->u.btree.pIndex;
+      int iIndexCur;
+      int op = OP_OpenRead;
+      /* iIdxCur is always set if to a positive value if ONEPASS is possible */
+      assert( iIdxCur!=0 || (pWInfo->wctrlFlags & WHERE_ONEPASS_DESIRED)==0 );
+      if( !HasRowid(pTab) && IsPrimaryKeyIndex(pIx)
+       && (wctrlFlags & WHERE_ONETABLE_ONLY)!=0
+      ){
+        /* This is one term of an OR-optimization using the PRIMARY KEY of a
+        ** WITHOUT ROWID table.  No need for a separate index */
+        iIndexCur = pLevel->iTabCur;
+        op = 0;
+      }else if( pWInfo->eOnePass!=ONEPASS_OFF ){
+        Index *pJ = pTabItem->pTab->pIndex;
+        iIndexCur = iIdxCur;
+        assert( wctrlFlags & WHERE_ONEPASS_DESIRED );
+        while( ALWAYS(pJ) && pJ!=pIx ){
+          iIndexCur++;
+          pJ = pJ->pNext;
+        }
+        op = OP_OpenWrite;
+        pWInfo->aiCurOnePass[1] = iIndexCur;
+      }else if( iIdxCur && (wctrlFlags & WHERE_ONETABLE_ONLY)!=0 ){
+        iIndexCur = iIdxCur;
+        if( wctrlFlags & WHERE_REOPEN_IDX ) op = OP_ReopenIdx;
+      }else{
+        iIndexCur = pParse->nTab++;
+      }
+      pLevel->iIdxCur = iIndexCur;
+      assert( pIx->pSchema==pTab->pSchema );
+      assert( iIndexCur>=0 );
+      if( op ){
+        sqlite3VdbeAddOp3(v, op, iIndexCur, pIx->tnum, iDb);
+        sqlite3VdbeSetP4KeyInfo(pParse, pIx);
+        if( (pLoop->wsFlags & WHERE_CONSTRAINT)!=0
+         && (pLoop->wsFlags & (WHERE_COLUMN_RANGE|WHERE_SKIPSCAN))==0
+         && (pWInfo->wctrlFlags&WHERE_ORDERBY_MIN)==0
+        ){
+          sqlite3VdbeChangeP5(v, OPFLAG_SEEKEQ); /* Hint to COMDB2 */
+        }
+        VdbeComment((v, "%s", pIx->zName));
+#ifdef SQLITE_ENABLE_COLUMN_USED_MASK
+        {
+          u64 colUsed = 0;
+          int ii, jj;
+          for(ii=0; ii<pIx->nColumn; ii++){
+            jj = pIx->aiColumn[ii];
+            if( jj<0 ) continue;
+            if( jj>63 ) jj = 63;
+            if( (pTabItem->colUsed & MASKBIT(jj))==0 ) continue;
+            colUsed |= ((u64)1)<<(ii<63 ? ii : 63);
+          }
+          sqlite3VdbeAddOp4Dup8(v, OP_ColumnsUsed, iIndexCur, 0, 0,
+                                (u8*)&colUsed, P4_INT64);
+        }
+#endif /* SQLITE_ENABLE_COLUMN_USED_MASK */
+      }
+    }
+    if( iDb>=0 ) sqlite3CodeVerifySchema(pParse, iDb);
+  }
+  pWInfo->iTop = sqlite3VdbeCurrentAddr(v);
+  if( db->mallocFailed ) goto whereBeginError;
+
+  /* Generate the code to do the search.  Each iteration of the for
+  ** loop below generates code for a single nested loop of the VM
+  ** program.
+  */
+  notReady = ~(Bitmask)0;
+  for(ii=0; ii<nTabList; ii++){
+    int addrExplain;
+    int wsFlags;
+    pLevel = &pWInfo->a[ii];
+    wsFlags = pLevel->pWLoop->wsFlags;
+#ifndef SQLITE_OMIT_AUTOMATIC_INDEX
+    if( (pLevel->pWLoop->wsFlags & WHERE_AUTO_INDEX)!=0 ){
+      constructAutomaticIndex(pParse, &pWInfo->sWC,
+                &pTabList->a[pLevel->iFrom], notReady, pLevel);
+      if( db->mallocFailed ) goto whereBeginError;
+    }
+#endif
+    addrExplain = sqlite3WhereExplainOneScan(
+        pParse, pTabList, pLevel, ii, pLevel->iFrom, wctrlFlags
+    );
+    pLevel->addrBody = sqlite3VdbeCurrentAddr(v);
+    notReady = sqlite3WhereCodeOneLoopStart(pWInfo, ii, notReady);
+    pWInfo->iContinue = pLevel->addrCont;
+    if( (wsFlags&WHERE_MULTI_OR)==0 && (wctrlFlags&WHERE_ONETABLE_ONLY)==0 ){
+      sqlite3WhereAddScanStatus(v, pTabList, pLevel, addrExplain);
+    }
+  }
+
+  /* Done. */
+  VdbeModuleComment((v, "Begin WHERE-core"));
+  return pWInfo;
+
+  /* Jump here if malloc fails */
+whereBeginError:
+  if( pWInfo ){
+    pParse->nQueryLoop = pWInfo->savedNQueryLoop;
+    whereInfoFree(db, pWInfo);
+  }
+  return 0;
+}
+
+/*
+** Generate the end of the WHERE loop.  See comments on 
+** sqlite3WhereBegin() for additional information.
+*/
+SQLITE_PRIVATE void sqlite3WhereEnd(WhereInfo *pWInfo){
+  Parse *pParse = pWInfo->pParse;
+  Vdbe *v = pParse->pVdbe;
+  int i;
+  WhereLevel *pLevel;
+  WhereLoop *pLoop;
+  SrcList *pTabList = pWInfo->pTabList;
+  sqlite3 *db = pParse->db;
+
+  /* Generate loop termination code.
+  */
+  VdbeModuleComment((v, "End WHERE-core"));
+  sqlite3ExprCacheClear(pParse);
+  for(i=pWInfo->nLevel-1; i>=0; i--){
+    int addr;
+    pLevel = &pWInfo->a[i];
+    pLoop = pLevel->pWLoop;
+    sqlite3VdbeResolveLabel(v, pLevel->addrCont);
+    if( pLevel->op!=OP_Noop ){
+      sqlite3VdbeAddOp3(v, pLevel->op, pLevel->p1, pLevel->p2, pLevel->p3);
+      sqlite3VdbeChangeP5(v, pLevel->p5);
+      VdbeCoverage(v);
+      VdbeCoverageIf(v, pLevel->op==OP_Next);
+      VdbeCoverageIf(v, pLevel->op==OP_Prev);
+      VdbeCoverageIf(v, pLevel->op==OP_VNext);
+    }
+    if( pLoop->wsFlags & WHERE_IN_ABLE && pLevel->u.in.nIn>0 ){
+      struct InLoop *pIn;
+      int j;
+      sqlite3VdbeResolveLabel(v, pLevel->addrNxt);
+      for(j=pLevel->u.in.nIn, pIn=&pLevel->u.in.aInLoop[j-1]; j>0; j--, pIn--){
+        sqlite3VdbeJumpHere(v, pIn->addrInTop+1);
+        sqlite3VdbeAddOp2(v, pIn->eEndLoopOp, pIn->iCur, pIn->addrInTop);
+        VdbeCoverage(v);
+        VdbeCoverageIf(v, pIn->eEndLoopOp==OP_PrevIfOpen);
+        VdbeCoverageIf(v, pIn->eEndLoopOp==OP_NextIfOpen);
+        sqlite3VdbeJumpHere(v, pIn->addrInTop-1);
+      }
+    }
+    sqlite3VdbeResolveLabel(v, pLevel->addrBrk);
+    if( pLevel->addrSkip ){
+      sqlite3VdbeGoto(v, pLevel->addrSkip);
+      VdbeComment((v, "next skip-scan on %s", pLoop->u.btree.pIndex->zName));
+      sqlite3VdbeJumpHere(v, pLevel->addrSkip);
+      sqlite3VdbeJumpHere(v, pLevel->addrSkip-2);
+    }
+#ifndef SQLITE_LIKE_DOESNT_MATCH_BLOBS
+    if( pLevel->addrLikeRep ){
+      int op;
+      if( sqlite3VdbeGetOp(v, pLevel->addrLikeRep-1)->p1 ){
+        op = OP_DecrJumpZero;
+      }else{
+        op = OP_JumpZeroIncr;
+      }
+      sqlite3VdbeAddOp2(v, op, pLevel->iLikeRepCntr, pLevel->addrLikeRep);
+      VdbeCoverage(v);
+    }
+#endif
+    if( pLevel->iLeftJoin ){
+      addr = sqlite3VdbeAddOp1(v, OP_IfPos, pLevel->iLeftJoin); VdbeCoverage(v);
+      assert( (pLoop->wsFlags & WHERE_IDX_ONLY)==0
+           || (pLoop->wsFlags & WHERE_INDEXED)!=0 );
+      if( (pLoop->wsFlags & WHERE_IDX_ONLY)==0 ){
+        sqlite3VdbeAddOp1(v, OP_NullRow, pTabList->a[i].iCursor);
+      }
+      if( pLoop->wsFlags & WHERE_INDEXED ){
+        sqlite3VdbeAddOp1(v, OP_NullRow, pLevel->iIdxCur);
+      }
+      if( pLevel->op==OP_Return ){
+        sqlite3VdbeAddOp2(v, OP_Gosub, pLevel->p1, pLevel->addrFirst);
+      }else{
+        sqlite3VdbeGoto(v, pLevel->addrFirst);
+      }
+      sqlite3VdbeJumpHere(v, addr);
+    }
+    VdbeModuleComment((v, "End WHERE-loop%d: %s", i,
+                     pWInfo->pTabList->a[pLevel->iFrom].pTab->zName));
+  }
+
+  /* The "break" point is here, just past the end of the outer loop.
+  ** Set it.
+  */
+  sqlite3VdbeResolveLabel(v, pWInfo->iBreak);
+
+  assert( pWInfo->nLevel<=pTabList->nSrc );
+  for(i=0, pLevel=pWInfo->a; i<pWInfo->nLevel; i++, pLevel++){
+    int k, last;
+    VdbeOp *pOp;
+    Index *pIdx = 0;
+    struct SrcList_item *pTabItem = &pTabList->a[pLevel->iFrom];
+    Table *pTab = pTabItem->pTab;
+    assert( pTab!=0 );
+    pLoop = pLevel->pWLoop;
+
+    /* For a co-routine, change all OP_Column references to the table of
+    ** the co-routine into OP_Copy of result contained in a register.
+    ** OP_Rowid becomes OP_Null.
+    */
+    if( pTabItem->fg.viaCoroutine && !db->mallocFailed ){
+      translateColumnToCopy(v, pLevel->addrBody, pLevel->iTabCur,
+                            pTabItem->regResult, 0);
+      continue;
+    }
+
+    /* Close all of the cursors that were opened by sqlite3WhereBegin.
+    ** Except, do not close cursors that will be reused by the OR optimization
+    ** (WHERE_OMIT_OPEN_CLOSE).  And do not close the OP_OpenWrite cursors
+    ** created for the ONEPASS optimization.
+    */
+    if( (pTab->tabFlags & TF_Ephemeral)==0
+     && pTab->pSelect==0
+     && (pWInfo->wctrlFlags & WHERE_OMIT_OPEN_CLOSE)==0
+    ){
+      int ws = pLoop->wsFlags;
+      if( pWInfo->eOnePass==ONEPASS_OFF && (ws & WHERE_IDX_ONLY)==0 ){
+        sqlite3VdbeAddOp1(v, OP_Close, pTabItem->iCursor);
+      }
+      if( (ws & WHERE_INDEXED)!=0
+       && (ws & (WHERE_IPK|WHERE_AUTO_INDEX))==0 
+       && pLevel->iIdxCur!=pWInfo->aiCurOnePass[1]
+      ){
+        sqlite3VdbeAddOp1(v, OP_Close, pLevel->iIdxCur);
+      }
+    }
+
+    /* If this scan uses an index, make VDBE code substitutions to read data
+    ** from the index instead of from the table where possible.  In some cases
+    ** this optimization prevents the table from ever being read, which can
+    ** yield a significant performance boost.
+    ** 
+    ** Calls to the code generator in between sqlite3WhereBegin and
+    ** sqlite3WhereEnd will have created code that references the table
+    ** directly.  This loop scans all that code looking for opcodes
+    ** that reference the table and converts them into opcodes that
+    ** reference the index.
+    */
+    if( pLoop->wsFlags & (WHERE_INDEXED|WHERE_IDX_ONLY) ){
+      pIdx = pLoop->u.btree.pIndex;
+    }else if( pLoop->wsFlags & WHERE_MULTI_OR ){
+      pIdx = pLevel->u.pCovidx;
+    }
+    if( pIdx
+     && (pWInfo->eOnePass==ONEPASS_OFF || !HasRowid(pIdx->pTable))
+     && !db->mallocFailed
+    ){
+      last = sqlite3VdbeCurrentAddr(v);
+      k = pLevel->addrBody;
+      pOp = sqlite3VdbeGetOp(v, k);
+      for(; k<last; k++, pOp++){
+        if( pOp->p1!=pLevel->iTabCur ) continue;
+        if( pOp->opcode==OP_Column ){
+          int x = pOp->p2;
+          assert( pIdx->pTable==pTab );
+          if( !HasRowid(pTab) ){
+            Index *pPk = sqlite3PrimaryKeyIndex(pTab);
+            x = pPk->aiColumn[x];
+            assert( x>=0 );
+          }
+          x = sqlite3ColumnOfIndex(pIdx, x);
+          if( x>=0 ){
+            pOp->p2 = x;
+            pOp->p1 = pLevel->iIdxCur;
+          }
+          assert( (pLoop->wsFlags & WHERE_IDX_ONLY)==0 || x>=0 );
+        }else if( pOp->opcode==OP_Rowid ){
+          pOp->p1 = pLevel->iIdxCur;
+          pOp->opcode = OP_IdxRowid;
+        }
+      }
+    }
+  }
+
+  /* Final cleanup
+  */
+  pParse->nQueryLoop = pWInfo->savedNQueryLoop;
+  whereInfoFree(db, pWInfo);
+  return;
+}
+
+/************** End of where.c ***********************************************/
+/************** Begin file parse.c *******************************************/
+/*
+** 2000-05-29
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Driver template for the LEMON parser generator.
+**
+** The "lemon" program processes an LALR(1) input grammar file, then uses
+** this template to construct a parser.  The "lemon" program inserts text
+** at each "%%" line.  Also, any "P-a-r-s-e" identifer prefix (without the
+** interstitial "-" characters) contained in this template is changed into
+** the value of the %name directive from the grammar.  Otherwise, the content
+** of this template is copied straight through into the generate parser
+** source file.
+**
+** The following is the concatenation of all %include directives from the
+** input grammar file:
+*/
+/* #include <stdio.h> */
+/************ Begin %include sections from the grammar ************************/
+
+/* #include "sqliteInt.h" */
+
+/*
+** Disable all error recovery processing in the parser push-down
+** automaton.
+*/
+#define YYNOERRORRECOVERY 1
+
+/*
+** Make yytestcase() the same as testcase()
+*/
+#define yytestcase(X) testcase(X)
+
+/*
+** Indicate that sqlite3ParserFree() will never be called with a null
+** pointer.
+*/
+#define YYPARSEFREENEVERNULL 1
+
+/*
+** Alternative datatype for the argument to the malloc() routine passed
+** into sqlite3ParserAlloc().  The default is size_t.
+*/
+#define YYMALLOCARGTYPE  u64
+
+/*
+** An instance of this structure holds information about the
+** LIMIT clause of a SELECT statement.
+*/
+struct LimitVal {
+  Expr *pLimit;    /* The LIMIT expression.  NULL if there is no limit */
+  Expr *pOffset;   /* The OFFSET expression.  NULL if there is none */
+};
+
+/*
+** An instance of this structure is used to store the LIKE,
+** GLOB, NOT LIKE, and NOT GLOB operators.
+*/
+struct LikeOp {
+  Token eOperator;  /* "like" or "glob" or "regexp" */
+  int bNot;         /* True if the NOT keyword is present */
+};
+
+/*
+** An instance of the following structure describes the event of a
+** TRIGGER.  "a" is the event type, one of TK_UPDATE, TK_INSERT,
+** TK_DELETE, or TK_INSTEAD.  If the event is of the form
+**
+**      UPDATE ON (a,b,c)
+**
+** Then the "b" IdList records the list "a,b,c".
+*/
+struct TrigEvent { int a; IdList * b; };
+
+/*
+** An instance of this structure holds the ATTACH key and the key type.
+*/
+struct AttachKey { int type;  Token key; };
+
+
+  /*
+  ** For a compound SELECT statement, make sure p->pPrior->pNext==p for
+  ** all elements in the list.  And make sure list length does not exceed
+  ** SQLITE_LIMIT_COMPOUND_SELECT.
+  */
+  static void parserDoubleLinkSelect(Parse *pParse, Select *p){
+    if( p->pPrior ){
+      Select *pNext = 0, *pLoop;
+      int mxSelect, cnt = 0;
+      for(pLoop=p; pLoop; pNext=pLoop, pLoop=pLoop->pPrior, cnt++){
+        pLoop->pNext = pNext;
+        pLoop->selFlags |= SF_Compound;
+      }
+      if( (p->selFlags & SF_MultiValue)==0 && 
+        (mxSelect = pParse->db->aLimit[SQLITE_LIMIT_COMPOUND_SELECT])>0 &&
+        cnt>mxSelect
+      ){
+        sqlite3ErrorMsg(pParse, "too many terms in compound SELECT");
+      }
+    }
+  }
+
+  /* This is a utility routine used to set the ExprSpan.zStart and
+  ** ExprSpan.zEnd values of pOut so that the span covers the complete
+  ** range of text beginning with pStart and going to the end of pEnd.
+  */
+  static void spanSet(ExprSpan *pOut, Token *pStart, Token *pEnd){
+    pOut->zStart = pStart->z;
+    pOut->zEnd = &pEnd->z[pEnd->n];
+  }
+
+  /* Construct a new Expr object from a single identifier.  Use the
+  ** new Expr to populate pOut.  Set the span of pOut to be the identifier
+  ** that created the expression.
+  */
+  static void spanExpr(ExprSpan *pOut, Parse *pParse, int op, Token *pValue){
+    pOut->pExpr = sqlite3PExpr(pParse, op, 0, 0, pValue);
+    pOut->zStart = pValue->z;
+    pOut->zEnd = &pValue->z[pValue->n];
+  }
+
+  /* This routine constructs a binary expression node out of two ExprSpan
+  ** objects and uses the result to populate a new ExprSpan object.
+  */
+  static void spanBinaryExpr(
+    ExprSpan *pOut,     /* Write the result here */
+    Parse *pParse,      /* The parsing context.  Errors accumulate here */
+    int op,             /* The binary operation */
+    ExprSpan *pLeft,    /* The left operand */
+    ExprSpan *pRight    /* The right operand */
+  ){
+    pOut->pExpr = sqlite3PExpr(pParse, op, pLeft->pExpr, pRight->pExpr, 0);
+    pOut->zStart = pLeft->zStart;
+    pOut->zEnd = pRight->zEnd;
+  }
+
+  /* If doNot is true, then add a TK_NOT Expr-node wrapper around the
+  ** outside of *ppExpr.
+  */
+  static void exprNot(Parse *pParse, int doNot, Expr **ppExpr){
+    if( doNot ) *ppExpr = sqlite3PExpr(pParse, TK_NOT, *ppExpr, 0, 0);
+  }
+
+  /* Construct an expression node for a unary postfix operator
+  */
+  static void spanUnaryPostfix(
+    ExprSpan *pOut,        /* Write the new expression node here */
+    Parse *pParse,         /* Parsing context to record errors */
+    int op,                /* The operator */
+    ExprSpan *pOperand,    /* The operand */
+    Token *pPostOp         /* The operand token for setting the span */
+  ){
+    pOut->pExpr = sqlite3PExpr(pParse, op, pOperand->pExpr, 0, 0);
+    pOut->zStart = pOperand->zStart;
+    pOut->zEnd = &pPostOp->z[pPostOp->n];
+  }                           
+
+  /* A routine to convert a binary TK_IS or TK_ISNOT expression into a
+  ** unary TK_ISNULL or TK_NOTNULL expression. */
+  static void binaryToUnaryIfNull(Parse *pParse, Expr *pY, Expr *pA, int op){
+    sqlite3 *db = pParse->db;
+    if( pY && pA && pY->op==TK_NULL ){
+      pA->op = (u8)op;
+      sqlite3ExprDelete(db, pA->pRight);
+      pA->pRight = 0;
+    }
+  }
+
+  /* Construct an expression node for a unary prefix operator
+  */
+  static void spanUnaryPrefix(
+    ExprSpan *pOut,        /* Write the new expression node here */
+    Parse *pParse,         /* Parsing context to record errors */
+    int op,                /* The operator */
+    ExprSpan *pOperand,    /* The operand */
+    Token *pPreOp         /* The operand token for setting the span */
+  ){
+    pOut->pExpr = sqlite3PExpr(pParse, op, pOperand->pExpr, 0, 0);
+    pOut->zStart = pPreOp->z;
+    pOut->zEnd = pOperand->zEnd;
+  }
+
+  /* Add a single new term to an ExprList that is used to store a
+  ** list of identifiers.  Report an error if the ID list contains
+  ** a COLLATE clause or an ASC or DESC keyword, except ignore the
+  ** error while parsing a legacy schema.
+  */
+  static ExprList *parserAddExprIdListTerm(
+    Parse *pParse,
+    ExprList *pPrior,
+    Token *pIdToken,
+    int hasCollate,
+    int sortOrder
+  ){
+    ExprList *p = sqlite3ExprListAppend(pParse, pPrior, 0);
+    if( (hasCollate || sortOrder!=SQLITE_SO_UNDEFINED)
+        && pParse->db->init.busy==0
+    ){
+      sqlite3ErrorMsg(pParse, "syntax error after column name \"%.*s\"",
+                         pIdToken->n, pIdToken->z);
+    }
+    sqlite3ExprListSetName(pParse, p, pIdToken, 1);
+    return p;
+  }
+/**************** End of %include directives **********************************/
+/* These constants specify the various numeric values for terminal symbols
+** in a format understandable to "makeheaders".  This section is blank unless
+** "lemon" is run with the "-m" command-line option.
+***************** Begin makeheaders token definitions *************************/
+/**************** End makeheaders token definitions ***************************/
+
+/* The next sections is a series of control #defines.
+** various aspects of the generated parser.
+**    YYCODETYPE         is the data type used to store the integer codes
+**                       that represent terminal and non-terminal symbols.
+**                       "unsigned char" is used if there are fewer than
+**                       256 symbols.  Larger types otherwise.
+**    YYNOCODE           is a number of type YYCODETYPE that is not used for
+**                       any terminal or nonterminal symbol.
+**    YYFALLBACK         If defined, this indicates that one or more tokens
+**                       (also known as: "terminal symbols") have fall-back
+**                       values which should be used if the original symbol
+**                       would not parse.  This permits keywords to sometimes
+**                       be used as identifiers, for example.
+**    YYACTIONTYPE       is the data type used for "action codes" - numbers
+**                       that indicate what to do in response to the next
+**                       token.
+**    sqlite3ParserTOKENTYPE     is the data type used for minor type for terminal
+**                       symbols.  Background: A "minor type" is a semantic
+**                       value associated with a terminal or non-terminal
+**                       symbols.  For example, for an "ID" terminal symbol,
+**                       the minor type might be the name of the identifier.
+**                       Each non-terminal can have a different minor type.
+**                       Terminal symbols all have the same minor type, though.
+**                       This macros defines the minor type for terminal 
+**                       symbols.
+**    YYMINORTYPE        is the data type used for all minor types.
+**                       This is typically a union of many types, one of
+**                       which is sqlite3ParserTOKENTYPE.  The entry in the union
+**                       for terminal symbols is called "yy0".
+**    YYSTACKDEPTH       is the maximum depth of the parser's stack.  If
+**                       zero the stack is dynamically sized using realloc()
+**    sqlite3ParserARG_SDECL     A static variable declaration for the %extra_argument
+**    sqlite3ParserARG_PDECL     A parameter declaration for the %extra_argument
+**    sqlite3ParserARG_STORE     Code to store %extra_argument into yypParser
+**    sqlite3ParserARG_FETCH     Code to extract %extra_argument from yypParser
+**    YYERRORSYMBOL      is the code number of the error symbol.  If not
+**                       defined, then do no error processing.
+**    YYNSTATE           the combined number of states.
+**    YYNRULE            the number of rules in the grammar
+**    YY_MAX_SHIFT       Maximum value for shift actions
+**    YY_MIN_SHIFTREDUCE Minimum value for shift-reduce actions
+**    YY_MAX_SHIFTREDUCE Maximum value for shift-reduce actions
+**    YY_MIN_REDUCE      Maximum value for reduce actions
+**    YY_ERROR_ACTION    The yy_action[] code for syntax error
+**    YY_ACCEPT_ACTION   The yy_action[] code for accept
+**    YY_NO_ACTION       The yy_action[] code for no-op
+*/
+#ifndef INTERFACE
+# define INTERFACE 1
+#endif
+/************* Begin control #defines *****************************************/
+#define YYCODETYPE unsigned char
+#define YYNOCODE 253
+#define YYACTIONTYPE unsigned short int
+#define YYWILDCARD 70
+#define sqlite3ParserTOKENTYPE Token
+typedef union {
+  int yyinit;
+  sqlite3ParserTOKENTYPE yy0;
+  int yy4;
+  struct TrigEvent yy90;
+  ExprSpan yy118;
+  TriggerStep* yy203;
+  struct {int value; int mask;} yy215;
+  SrcList* yy259;
+  struct LimitVal yy292;
+  Expr* yy314;
+  ExprList* yy322;
+  struct LikeOp yy342;
+  IdList* yy384;
+  Select* yy387;
+  With* yy451;
+} YYMINORTYPE;
+#ifndef YYSTACKDEPTH
+#define YYSTACKDEPTH 100
+#endif
+#define sqlite3ParserARG_SDECL Parse *pParse;
+#define sqlite3ParserARG_PDECL ,Parse *pParse
+#define sqlite3ParserARG_FETCH Parse *pParse = yypParser->pParse
+#define sqlite3ParserARG_STORE yypParser->pParse = pParse
+#define YYFALLBACK 1
+#define YYNSTATE             436
+#define YYNRULE              328
+#define YY_MAX_SHIFT         435
+#define YY_MIN_SHIFTREDUCE   649
+#define YY_MAX_SHIFTREDUCE   976
+#define YY_MIN_REDUCE        977
+#define YY_MAX_REDUCE        1304
+#define YY_ERROR_ACTION      1305
+#define YY_ACCEPT_ACTION     1306
+#define YY_NO_ACTION         1307
+/************* End control #defines *******************************************/
+
+/* The yyzerominor constant is used to initialize instances of
+** YYMINORTYPE objects to zero. */
+static const YYMINORTYPE yyzerominor = { 0 };
+
+/* Define the yytestcase() macro to be a no-op if is not already defined
+** otherwise.
+**
+** Applications can choose to define yytestcase() in the %include section
+** to a macro that can assist in verifying code coverage.  For production
+** code the yytestcase() macro should be turned off.  But it is useful
+** for testing.
+*/
+#ifndef yytestcase
+# define yytestcase(X)
+#endif
+
+
+/* Next are the tables used to determine what action to take based on the
+** current state and lookahead token.  These tables are used to implement
+** functions that take a state number and lookahead value and return an
+** action integer.  
+**
+** Suppose the action integer is N.  Then the action is determined as
+** follows
+**
+**   0 <= N <= YY_MAX_SHIFT             Shift N.  That is, push the lookahead
+**                                      token onto the stack and goto state N.
+**
+**   N between YY_MIN_SHIFTREDUCE       Shift to an arbitrary state then
+**     and YY_MAX_SHIFTREDUCE           reduce by rule N-YY_MIN_SHIFTREDUCE.
+**
+**   N between YY_MIN_REDUCE            Reduce by rule N-YY_MIN_REDUCE
+**     and YY_MAX_REDUCE
+
+**   N == YY_ERROR_ACTION               A syntax error has occurred.
+**
+**   N == YY_ACCEPT_ACTION              The parser accepts its input.
+**
+**   N == YY_NO_ACTION                  No such action.  Denotes unused
+**                                      slots in the yy_action[] table.
+**
+** The action table is constructed as a single large table named yy_action[].
+** Given state S and lookahead X, the action is computed as
+**
+**      yy_action[ yy_shift_ofst[S] + X ]
+**
+** If the index value yy_shift_ofst[S]+X is out of range or if the value
+** yy_lookahead[yy_shift_ofst[S]+X] is not equal to X or if yy_shift_ofst[S]
+** is equal to YY_SHIFT_USE_DFLT, it means that the action is not in the table
+** and that yy_default[S] should be used instead.  
+**
+** The formula above is for computing the action when the lookahead is
+** a terminal symbol.  If the lookahead is a non-terminal (as occurs after
+** a reduce action) then the yy_reduce_ofst[] array is used in place of
+** the yy_shift_ofst[] array and YY_REDUCE_USE_DFLT is used in place of
+** YY_SHIFT_USE_DFLT.
+**
+** The following are the tables generated in this section:
+**
+**  yy_action[]        A single table containing all actions.
+**  yy_lookahead[]     A table containing the lookahead for each entry in
+**                     yy_action.  Used to detect hash collisions.
+**  yy_shift_ofst[]    For each state, the offset into yy_action for
+**                     shifting terminals.
+**  yy_reduce_ofst[]   For each state, the offset into yy_action for
+**                     shifting non-terminals after a reduce.
+**  yy_default[]       Default action for each state.
+**
+*********** Begin parsing tables **********************************************/
+#define YY_ACTTAB_COUNT (1501)
+static const YYACTIONTYPE yy_action[] = {
+ /*     0 */   311, 1306,  145,  651,    2,  192,  652,  338,  780,   92,
+ /*    10 */    92,   92,   92,   85,   90,   90,   90,   90,   89,   89,
+ /*    20 */    88,   88,   88,   87,  335,   88,   88,   88,   87,  335,
+ /*    30 */   327,  856,  856,   92,   92,   92,   92,  697,   90,   90,
+ /*    40 */    90,   90,   89,   89,   88,   88,   88,   87,  335,   76,
+ /*    50 */   807,   74,   93,   94,   84,  868,  871,  860,  860,   91,
+ /*    60 */    91,   92,   92,   92,   92,  335,   90,   90,   90,   90,
+ /*    70 */    89,   89,   88,   88,   88,   87,  335,  311,  780,   90,
+ /*    80 */    90,   90,   90,   89,   89,   88,   88,   88,   87,  335,
+ /*    90 */   356,  808,  776,  701,  689,  689,   86,   83,  166,  257,
+ /*   100 */   809,  715,  430,   86,   83,  166,  324,  697,  856,  856,
+ /*   110 */   201,  158,  276,  387,  271,  386,  188,  689,  689,  828,
+ /*   120 */    86,   83,  166,  269,  833,   49,  123,   87,  335,   93,
+ /*   130 */    94,   84,  868,  871,  860,  860,   91,   91,   92,   92,
+ /*   140 */    92,   92,  239,   90,   90,   90,   90,   89,   89,   88,
+ /*   150 */    88,   88,   87,  335,  311,  763,  333,  332,  216,  408,
+ /*   160 */   394,   69,  231,  393,  690,  691,  396,  910,  251,  354,
+ /*   170 */   250,  288,  315,  430,  908,  430,  909,   89,   89,   88,
+ /*   180 */    88,   88,   87,  335,  391,  856,  856,  690,  691,  183,
+ /*   190 */    95,  123,  384,  381,  380,  833,   31,  833,   49,  912,
+ /*   200 */   912,  751,  752,  379,  123,  311,   93,   94,   84,  868,
+ /*   210 */   871,  860,  860,   91,   91,   92,   92,   92,   92,  114,
+ /*   220 */    90,   90,   90,   90,   89,   89,   88,   88,   88,   87,
+ /*   230 */   335,  430,  408,  399,  435,  657,  856,  856,  346,   57,
+ /*   240 */   232,  828,  109,  704,  366,  689,  689,  363,  825,  760,
+ /*   250 */    97,  749,  752,  833,   49,  708,  708,   93,   94,   84,
+ /*   260 */   868,  871,  860,  860,   91,   91,   92,   92,   92,   92,
+ /*   270 */   423,   90,   90,   90,   90,   89,   89,   88,   88,   88,
+ /*   280 */    87,  335,  311,  114,   22,  361,  688,   58,  408,  390,
+ /*   290 */   251,  349,  240,  213,  762,  689,  689,  847,  685,  115,
+ /*   300 */   361,  231,  393,  689,  689,  396,  183,  689,  689,  384,
+ /*   310 */   381,  380,  361,  856,  856,  690,  691,  160,  159,  223,
+ /*   320 */   379,  738,   25,  806,  707,  841,  143,  689,  689,  835,
+ /*   330 */   392,  339,  766,  766,   93,   94,   84,  868,  871,  860,
+ /*   340 */   860,   91,   91,   92,   92,   92,   92,  914,   90,   90,
+ /*   350 */    90,   90,   89,   89,   88,   88,   88,   87,  335,  311,
+ /*   360 */   840,  840,  840,  266,  257,  690,  691,  778,  706,   86,
+ /*   370 */    83,  166,  219,  690,  691,  737,    1,  690,  691,  689,
+ /*   380 */   689,  689,  689,  430,   86,   83,  166,  249,  688,  937,
+ /*   390 */   856,  856,  427,  699,  700,  828,  298,  690,  691,  221,
+ /*   400 */   686,  115,  123,  944,  795,  833,   48,  342,  305,  970,
+ /*   410 */   847,   93,   94,   84,  868,  871,  860,  860,   91,   91,
+ /*   420 */    92,   92,   92,   92,  114,   90,   90,   90,   90,   89,
+ /*   430 */    89,   88,   88,   88,   87,  335,  311,  940,  841,  679,
+ /*   440 */   713,  429,  835,  430,  251,  354,  250,  355,  288,  690,
+ /*   450 */   691,  690,  691,  285,  941,  340,  971,  287,  210,   23,
+ /*   460 */   174,  793,  832,  430,  353,  833,   10,  856,  856,   24,
+ /*   470 */   942,  151,  753,  840,  840,  840,  794,  968, 1290,  321,
+ /*   480 */   398, 1290,  356,  352,  754,  833,   49,  935,   93,   94,
+ /*   490 */    84,  868,  871,  860,  860,   91,   91,   92,   92,   92,
+ /*   500 */    92,  430,   90,   90,   90,   90,   89,   89,   88,   88,
+ /*   510 */    88,   87,  335,  311,  376,  114,  907,  705,  430,  907,
+ /*   520 */   328,  890,  114,  833,   10,  966,  430,  857,  857,  320,
+ /*   530 */   189,  163,  832,  165,  430,  906,  344,  323,  906,  904,
+ /*   540 */   833,   10,  965,  306,  856,  856,  187,  419,  833,   10,
+ /*   550 */   220,  869,  872,  832,  222,  403,  833,   49, 1219,  793,
+ /*   560 */    68,  937,  406,  245,   66,   93,   94,   84,  868,  871,
+ /*   570 */   860,  860,   91,   91,   92,   92,   92,   92,  861,   90,
+ /*   580 */    90,   90,   90,   89,   89,   88,   88,   88,   87,  335,
+ /*   590 */   311,  404,  213,  762,  834,  345,  114,  940,  902,  368,
+ /*   600 */   727,    5,  316,  192,  396,  772,  780,  269,  230,  242,
+ /*   610 */   771,  244,  397,  164,  941,  385,  123,  347,   55,  355,
+ /*   620 */   329,  856,  856,  728,  333,  332,  688,  968, 1291,  724,
+ /*   630 */   942, 1291,  413,  214,  833,    9,  362,  286,  955,  115,
+ /*   640 */   718,  311,   93,   94,   84,  868,  871,  860,  860,   91,
+ /*   650 */    91,   92,   92,   92,   92,  430,   90,   90,   90,   90,
+ /*   660 */    89,   89,   88,   88,   88,   87,  335,  912,  912, 1300,
+ /*   670 */  1300,  758,  856,  856,  325,  966,  780,  833,   35,  747,
+ /*   680 */   720,  334,  699,  700,  977,  652,  338,  243,  745,  920,
+ /*   690 */   920,  369,  187,   93,   94,   84,  868,  871,  860,  860,
+ /*   700 */    91,   91,   92,   92,   92,   92,  114,   90,   90,   90,
+ /*   710 */    90,   89,   89,   88,   88,   88,   87,  335,  311,  430,
+ /*   720 */   954,  430,  112,  310,  430,  693,  317,  698,  400,  430,
+ /*   730 */   793,  359,  430, 1017,  430,  192,  430,  401,  780,  430,
+ /*   740 */   360,  833,   36,  833,   12,  430,  833,   27,  316,  856,
+ /*   750 */   856,  833,   37,   20,  833,   38,  833,   39,  833,   28,
+ /*   760 */    72,  833,   29,  663,  664,  665,  264,  833,   40,  234,
+ /*   770 */    93,   94,   84,  868,  871,  860,  860,   91,   91,   92,
+ /*   780 */    92,   92,   92,  430,   90,   90,   90,   90,   89,   89,
+ /*   790 */    88,   88,   88,   87,  335,  311,  430,  698,  430,  917,
+ /*   800 */   147,  430,  165,  916,  275,  833,   41,  430,  780,  430,
+ /*   810 */    21,  430,  259,  430,  262,  274,  430,  367,  833,   42,
+ /*   820 */   833,   11,  430,  833,   43,  235,  856,  856,  793,  833,
+ /*   830 */    99,  833,   44,  833,   45,  833,   32,   75,  833,   46,
+ /*   840 */   305,  967,  257,  257,  833,   47,  311,   93,   94,   84,
+ /*   850 */   868,  871,  860,  860,   91,   91,   92,   92,   92,   92,
+ /*   860 */   430,   90,   90,   90,   90,   89,   89,   88,   88,   88,
+ /*   870 */    87,  335,  430,  186,  185,  184,  238,  856,  856,  650,
+ /*   880 */     2, 1064,  833,   33,  739,  217,  218,  257,  971,  257,
+ /*   890 */   426,  317,  257,  774,  833,  117,  257,  311,   93,   94,
+ /*   900 */    84,  868,  871,  860,  860,   91,   91,   92,   92,   92,
+ /*   910 */    92,  430,   90,   90,   90,   90,   89,   89,   88,   88,
+ /*   920 */    88,   87,  335,  430,  318,  124,  212,  163,  856,  856,
+ /*   930 */   943,  900,  898,  833,  118,  759,  726,  725,  257,  755,
+ /*   940 */   289,  289,  733,  734,  961,  833,  119,  682,  311,   93,
+ /*   950 */    82,   84,  868,  871,  860,  860,   91,   91,   92,   92,
+ /*   960 */    92,   92,  430,   90,   90,   90,   90,   89,   89,   88,
+ /*   970 */    88,   88,   87,  335,  430,  716,  246,  322,  331,  856,
+ /*   980 */   856,  256,  114,  357,  833,   53,  808,  913,  913,  932,
+ /*   990 */   156,  416,  420,  424,  930,  809,  833,   34,  364,  311,
+ /*  1000 */   253,   94,   84,  868,  871,  860,  860,   91,   91,   92,
+ /*  1010 */    92,   92,   92,  430,   90,   90,   90,   90,   89,   89,
+ /*  1020 */    88,   88,   88,   87,  335,  430,  114,  114,  114,  960,
+ /*  1030 */   856,  856,  307,  258,  830,  833,  100,  191,  252,  377,
+ /*  1040 */   267,   68,  197,   68,  261,  716,  769,  833,   50,   71,
+ /*  1050 */   911,  911,  263,   84,  868,  871,  860,  860,   91,   91,
+ /*  1060 */    92,   92,   92,   92,  430,   90,   90,   90,   90,   89,
+ /*  1070 */    89,   88,   88,   88,   87,  335,   80,  425,  802,    3,
+ /*  1080 */  1214,  191,  430,  265,  336,  336,  833,  101,  741,   80,
+ /*  1090 */   425,  897,    3,  723,  722,  428,  721,  336,  336,  430,
+ /*  1100 */   893,  270,  430,  197,  833,  102,  430,  800,  428,  430,
+ /*  1110 */   695,  430,  843,  111,  414,  430,  784,  409,  430,  831,
+ /*  1120 */   430,  833,   98,  123,  833,  116,  847,  414,  833,   49,
+ /*  1130 */   779,  833,  113,  833,  106,  226,  123,  833,  105,  847,
+ /*  1140 */   833,  103,  833,  104,  791,  411,   77,   78,  290,  412,
+ /*  1150 */   430,  291,  114,   79,  432,  431,  389,  430,  835,   77,
+ /*  1160 */    78,  897,  839,  408,  410,  430,   79,  432,  431,  372,
+ /*  1170 */   703,  835,  833,   52,  430,   80,  425,  430,    3,  833,
+ /*  1180 */    54,  772,  843,  336,  336,  684,  771,  833,   51,  840,
+ /*  1190 */   840,  840,  842,   19,  428,  672,  833,   26,  671,  833,
+ /*  1200 */    30,  673,  840,  840,  840,  842,   19,  207,  661,  278,
+ /*  1210 */   304,  148,  280,  414,  282,  248,  358,  822,  382,    6,
+ /*  1220 */   348,  161,  273,   80,  425,  847,    3,  934,  895,  720,
+ /*  1230 */   894,  336,  336,  296,  157,  415,  241,  284,  674,  958,
+ /*  1240 */   194,  953,  428,  951,  948,   77,   78,  777,  319,   56,
+ /*  1250 */    59,  135,   79,  432,  431,  121,   66,  835,  146,  128,
+ /*  1260 */   350,  414,  819,  130,  351,  131,  132,  133,  375,  173,
+ /*  1270 */   107,  138,  149,  847,  365,  178,   62,   70,  425,  936,
+ /*  1280 */     3,  827,  889,  371,  255,  336,  336,  792,  840,  840,
+ /*  1290 */   840,  842,   19,   77,   78,  915,  428,  208,  179,  144,
+ /*  1300 */    79,  432,  431,  373,  260,  835,  180,  326,  675,  181,
+ /*  1310 */   308,  744,  388,  743,  731,  414,  718,  742,  730,  712,
+ /*  1320 */   402,  309,  711,  272,  788,   65,  710,  847,  709,  277,
+ /*  1330 */   193,  789,  787,  279,  876,   73,  840,  840,  840,  842,
+ /*  1340 */    19,  786,  281,  418,  283,  422,  227,   77,   78,  330,
+ /*  1350 */   228,  229,   96,  767,   79,  432,  431,  407,   67,  835,
+ /*  1360 */   215,  292,  293,  405,  294,  303,  302,  301,  204,  299,
+ /*  1370 */   295,  202,  676,  681,    7,  433,  669,  203,  205,  206,
+ /*  1380 */   125,  110,  313,  434,  667,  666,  658,  168,  224,  237,
+ /*  1390 */   840,  840,  840,  842,   19,  120,  656,  337,  236,  155,
+ /*  1400 */   167,  341,  233,  314,  108,  905,  903,  826,  127,  126,
+ /*  1410 */   756,  170,  129,  172,  247,  928,  134,  136,  171,   60,
+ /*  1420 */    61,  123,  169,  137,  933,  175,  176,  927,    8,   13,
+ /*  1430 */   177,  254,  918,  139,  191,  924,  140,  370,  678,  150,
+ /*  1440 */   374,  182,  274,  268,  141,  122,   63,   14,  378,   15,
+ /*  1450 */   383,   64,  225,  846,  845,  874,   16,    4,  729,  765,
+ /*  1460 */   770,  162,  395,  209,  211,  142,  801,  878,  796,  312,
+ /*  1470 */    71,   68,  875,  873,  939,  190,  417,  938,   17,  195,
+ /*  1480 */   196,  152,   18,  975,  199,  976,  153,  198,  154,  421,
+ /*  1490 */   877,  844,  696,   81,  200,  297,  343, 1019, 1018,  300,
+ /*  1500 */   653,
+};
+static const YYCODETYPE yy_lookahead[] = {
+ /*     0 */    19,  144,  145,  146,  147,   24,    1,    2,   27,   80,
+ /*    10 */    81,   82,   83,   84,   85,   86,   87,   88,   89,   90,
+ /*    20 */    91,   92,   93,   94,   95,   91,   92,   93,   94,   95,
+ /*    30 */    19,   50,   51,   80,   81,   82,   83,   27,   85,   86,
+ /*    40 */    87,   88,   89,   90,   91,   92,   93,   94,   95,  137,
+ /*    50 */   177,  139,   71,   72,   73,   74,   75,   76,   77,   78,
+ /*    60 */    79,   80,   81,   82,   83,   95,   85,   86,   87,   88,
+ /*    70 */    89,   90,   91,   92,   93,   94,   95,   19,   97,   85,
+ /*    80 */    86,   87,   88,   89,   90,   91,   92,   93,   94,   95,
+ /*    90 */   152,   33,  212,  173,   27,   28,  223,  224,  225,  152,
+ /*   100 */    42,  181,  152,  223,  224,  225,   95,   97,   50,   51,
+ /*   110 */    99,  100,  101,  102,  103,  104,  105,   27,   28,   59,
+ /*   120 */   223,  224,  225,  112,  174,  175,   66,   94,   95,   71,
+ /*   130 */    72,   73,   74,   75,   76,   77,   78,   79,   80,   81,
+ /*   140 */    82,   83,  195,   85,   86,   87,   88,   89,   90,   91,
+ /*   150 */    92,   93,   94,   95,   19,  197,   89,   90,  220,  209,
+ /*   160 */   210,   26,  119,  120,   97,   98,  208,  100,  108,  109,
+ /*   170 */   110,  152,  157,  152,  107,  152,  109,   89,   90,   91,
+ /*   180 */    92,   93,   94,   95,  163,   50,   51,   97,   98,   99,
+ /*   190 */    55,   66,  102,  103,  104,  174,  175,  174,  175,  132,
+ /*   200 */   133,  192,  193,  113,   66,   19,   71,   72,   73,   74,
+ /*   210 */    75,   76,   77,   78,   79,   80,   81,   82,   83,  198,
+ /*   220 */    85,   86,   87,   88,   89,   90,   91,   92,   93,   94,
+ /*   230 */    95,  152,  209,  210,  148,  149,   50,   51,  100,   53,
+ /*   240 */   154,   59,  156,  174,  229,   27,   28,  232,  163,  163,
+ /*   250 */    22,  192,  193,  174,  175,   27,   28,   71,   72,   73,
+ /*   260 */    74,   75,   76,   77,   78,   79,   80,   81,   82,   83,
+ /*   270 */   251,   85,   86,   87,   88,   89,   90,   91,   92,   93,
+ /*   280 */    94,   95,   19,  198,  198,  152,  152,   24,  209,  210,
+ /*   290 */   108,  109,  110,  196,  197,   27,   28,   69,  164,  165,
+ /*   300 */   152,  119,  120,   27,   28,  208,   99,   27,   28,  102,
+ /*   310 */   103,  104,  152,   50,   51,   97,   98,   89,   90,  185,
+ /*   320 */   113,  187,   22,  177,  174,   97,   58,   27,   28,  101,
+ /*   330 */   115,  245,  117,  118,   71,   72,   73,   74,   75,   76,
+ /*   340 */    77,   78,   79,   80,   81,   82,   83,   11,   85,   86,
+ /*   350 */    87,   88,   89,   90,   91,   92,   93,   94,   95,   19,
+ /*   360 */   132,  133,  134,   23,  152,   97,   98,   91,  174,  223,
+ /*   370 */   224,  225,  239,   97,   98,  187,   22,   97,   98,   27,
+ /*   380 */    28,   27,   28,  152,  223,  224,  225,  239,  152,  163,
+ /*   390 */    50,   51,  170,  171,  172,   59,  160,   97,   98,  239,
+ /*   400 */   164,  165,   66,  242,  124,  174,  175,  195,   22,   23,
+ /*   410 */    69,   71,   72,   73,   74,   75,   76,   77,   78,   79,
+ /*   420 */    80,   81,   82,   83,  198,   85,   86,   87,   88,   89,
+ /*   430 */    90,   91,   92,   93,   94,   95,   19,   12,   97,   21,
+ /*   440 */    23,  152,  101,  152,  108,  109,  110,  221,  152,   97,
+ /*   450 */    98,   97,   98,  152,   29,  243,   70,  226,   23,  233,
+ /*   460 */    26,   26,  152,  152,  238,  174,  175,   50,   51,   22,
+ /*   470 */    45,   24,   47,  132,  133,  134,  124,   22,   23,  188,
+ /*   480 */   163,   26,  152,   65,   59,  174,  175,  163,   71,   72,
+ /*   490 */    73,   74,   75,   76,   77,   78,   79,   80,   81,   82,
+ /*   500 */    83,  152,   85,   86,   87,   88,   89,   90,   91,   92,
+ /*   510 */    93,   94,   95,   19,   19,  198,  152,   23,  152,  152,
+ /*   520 */   209,  103,  198,  174,  175,   70,  152,   50,   51,  219,
+ /*   530 */   213,  214,  152,   98,  152,  171,  172,  188,  171,  172,
+ /*   540 */   174,  175,  248,  249,   50,   51,   51,  251,  174,  175,
+ /*   550 */   220,   74,   75,  152,  188,  152,  174,  175,  140,  124,
+ /*   560 */    26,  163,  188,   16,  130,   71,   72,   73,   74,   75,
+ /*   570 */    76,   77,   78,   79,   80,   81,   82,   83,  101,   85,
+ /*   580 */    86,   87,   88,   89,   90,   91,   92,   93,   94,   95,
+ /*   590 */    19,  209,  196,  197,   23,  231,  198,   12,  231,  219,
+ /*   600 */    37,   22,  107,   24,  208,  116,   27,  112,  201,   62,
+ /*   610 */   121,   64,  152,  152,   29,   52,   66,  221,  211,  221,
+ /*   620 */   219,   50,   51,   60,   89,   90,  152,   22,   23,  183,
+ /*   630 */    45,   26,   47,   22,  174,  175,  238,  152,  164,  165,
+ /*   640 */   106,   19,   71,   72,   73,   74,   75,   76,   77,   78,
+ /*   650 */    79,   80,   81,   82,   83,  152,   85,   86,   87,   88,
+ /*   660 */    89,   90,   91,   92,   93,   94,   95,  132,  133,  119,
+ /*   670 */   120,  163,   50,   51,  111,   70,   97,  174,  175,  181,
+ /*   680 */   182,  170,  171,  172,    0,    1,    2,  140,  190,  108,
+ /*   690 */   109,  110,   51,   71,   72,   73,   74,   75,   76,   77,
+ /*   700 */    78,   79,   80,   81,   82,   83,  198,   85,   86,   87,
+ /*   710 */    88,   89,   90,   91,   92,   93,   94,   95,   19,  152,
+ /*   720 */   152,  152,   22,  166,  152,  168,  169,   27,   19,  152,
+ /*   730 */    26,   19,  152,  122,  152,   24,  152,   28,   27,  152,
+ /*   740 */    28,  174,  175,  174,  175,  152,  174,  175,  107,   50,
+ /*   750 */    51,  174,  175,   22,  174,  175,  174,  175,  174,  175,
+ /*   760 */   138,  174,  175,    7,    8,    9,   16,  174,  175,  152,
+ /*   770 */    71,   72,   73,   74,   75,   76,   77,   78,   79,   80,
+ /*   780 */    81,   82,   83,  152,   85,   86,   87,   88,   89,   90,
+ /*   790 */    91,   92,   93,   94,   95,   19,  152,   97,  152,   31,
+ /*   800 */    24,  152,   98,   35,  101,  174,  175,  152,   97,  152,
+ /*   810 */    79,  152,   62,  152,   64,  112,  152,   49,  174,  175,
+ /*   820 */   174,  175,  152,  174,  175,  152,   50,   51,  124,  174,
+ /*   830 */   175,  174,  175,  174,  175,  174,  175,  138,  174,  175,
+ /*   840 */    22,   23,  152,  152,  174,  175,   19,   71,   72,   73,
+ /*   850 */    74,   75,   76,   77,   78,   79,   80,   81,   82,   83,
+ /*   860 */   152,   85,   86,   87,   88,   89,   90,   91,   92,   93,
+ /*   870 */    94,   95,  152,  108,  109,  110,  152,   50,   51,  146,
+ /*   880 */   147,   23,  174,  175,   26,  195,  195,  152,   70,  152,
+ /*   890 */   168,  169,  152,   26,  174,  175,  152,   19,   71,   72,
+ /*   900 */    73,   74,   75,   76,   77,   78,   79,   80,   81,   82,
+ /*   910 */    83,  152,   85,   86,   87,   88,   89,   90,   91,   92,
+ /*   920 */    93,   94,   95,  152,  246,  247,  213,  214,   50,   51,
+ /*   930 */   195,  152,  195,  174,  175,  195,  100,  101,  152,  195,
+ /*   940 */   152,  152,    7,    8,  152,  174,  175,  163,   19,   71,
+ /*   950 */    72,   73,   74,   75,   76,   77,   78,   79,   80,   81,
+ /*   960 */    82,   83,  152,   85,   86,   87,   88,   89,   90,   91,
+ /*   970 */    92,   93,   94,   95,  152,   27,  152,  189,  189,   50,
+ /*   980 */    51,  195,  198,  152,  174,  175,   33,  132,  133,  152,
+ /*   990 */   123,  163,  163,  163,  152,   42,  174,  175,  152,   19,
+ /*  1000 */   152,   72,   73,   74,   75,   76,   77,   78,   79,   80,
+ /*  1010 */    81,   82,   83,  152,   85,   86,   87,   88,   89,   90,
+ /*  1020 */    91,   92,   93,   94,   95,  152,  198,  198,  198,   23,
+ /*  1030 */    50,   51,   26,  152,   23,  174,  175,   26,   23,   23,
+ /*  1040 */    23,   26,   26,   26,  152,   97,   23,  174,  175,   26,
+ /*  1050 */   132,  133,  152,   73,   74,   75,   76,   77,   78,   79,
+ /*  1060 */    80,   81,   82,   83,  152,   85,   86,   87,   88,   89,
+ /*  1070 */    90,   91,   92,   93,   94,   95,   19,   20,   23,   22,
+ /*  1080 */    23,   26,  152,  152,   27,   28,  174,  175,  152,   19,
+ /*  1090 */    20,   27,   22,  183,  183,   38,  152,   27,   28,  152,
+ /*  1100 */    23,  152,  152,   26,  174,  175,  152,  152,   38,  152,
+ /*  1110 */    23,  152,   27,   26,   57,  152,  215,  163,  152,  152,
+ /*  1120 */   152,  174,  175,   66,  174,  175,   69,   57,  174,  175,
+ /*  1130 */   152,  174,  175,  174,  175,  212,   66,  174,  175,   69,
+ /*  1140 */   174,  175,  174,  175,  152,  152,   89,   90,  152,  193,
+ /*  1150 */   152,  152,  198,   96,   97,   98,   91,  152,  101,   89,
+ /*  1160 */    90,   97,  152,  209,  210,  152,   96,   97,   98,  235,
+ /*  1170 */   152,  101,  174,  175,  152,   19,   20,  152,   22,  174,
+ /*  1180 */   175,  116,   97,   27,   28,  152,  121,  174,  175,  132,
+ /*  1190 */   133,  134,  135,  136,   38,  152,  174,  175,  152,  174,
+ /*  1200 */   175,  152,  132,  133,  134,  135,  136,  234,  152,  212,
+ /*  1210 */   150,  199,  212,   57,  212,  240,  240,  203,  178,  200,
+ /*  1220 */   216,  186,  177,   19,   20,   69,   22,  203,  177,  182,
+ /*  1230 */   177,   27,   28,  202,  200,  228,  216,  216,  155,   39,
+ /*  1240 */   122,  159,   38,  159,   41,   89,   90,   91,  159,  241,
+ /*  1250 */   241,   22,   96,   97,   98,   71,  130,  101,  222,  191,
+ /*  1260 */    18,   57,  203,  194,  159,  194,  194,  194,   18,  158,
+ /*  1270 */   244,  191,  222,   69,  159,  158,  137,   19,   20,  203,
+ /*  1280 */    22,  191,  203,   46,  236,   27,   28,  159,  132,  133,
+ /*  1290 */   134,  135,  136,   89,   90,  237,   38,  159,  158,   22,
+ /*  1300 */    96,   97,   98,  179,  159,  101,  158,   48,  159,  158,
+ /*  1310 */   179,  176,  107,  176,  184,   57,  106,  176,  184,  176,
+ /*  1320 */   125,  179,  178,  176,  218,  107,  176,   69,  176,  217,
+ /*  1330 */   159,  218,  218,  217,  159,  137,  132,  133,  134,  135,
+ /*  1340 */   136,  218,  217,  179,  217,  179,  227,   89,   90,   95,
+ /*  1350 */   230,  230,  129,  207,   96,   97,   98,  126,  128,  101,
+ /*  1360 */     5,  206,  205,  127,  204,   10,   11,   12,   13,   14,
+ /*  1370 */   203,   25,   17,  162,   26,  161,   13,  153,  153,    6,
+ /*  1380 */   247,  180,  250,  151,  151,  151,  151,   32,  180,   34,
+ /*  1390 */   132,  133,  134,  135,  136,  167,    4,    3,   43,   22,
+ /*  1400 */    15,   68,  142,  250,   16,   23,   23,  120,  111,  131,
+ /*  1410 */    20,   56,  123,  125,   16,    1,  123,  131,   63,   79,
+ /*  1420 */    79,   66,   67,  111,   28,   36,  122,    1,    5,   22,
+ /*  1430 */   107,  140,   54,   54,   26,   61,  107,   44,   20,   24,
+ /*  1440 */    19,  105,  112,   23,   22,   40,   22,   22,   53,   22,
+ /*  1450 */    53,   22,   53,   23,   23,   23,   22,   22,   30,  116,
+ /*  1460 */    23,  122,   26,   23,   23,   22,   28,   11,  124,  114,
+ /*  1470 */    26,   26,   23,   23,   23,   36,   24,   23,   36,   26,
+ /*  1480 */    22,   22,   36,   23,  122,   23,   22,   26,   22,   24,
+ /*  1490 */    23,   23,   23,   22,  122,   23,  141,  122,  122,   15,
+ /*  1500 */     1,
+};
+#define YY_SHIFT_USE_DFLT (-89)
+#define YY_SHIFT_COUNT (435)
+#define YY_SHIFT_MIN   (-88)
+#define YY_SHIFT_MAX   (1499)
+static const short yy_shift_ofst[] = {
+ /*     0 */     5, 1057, 1355, 1070, 1204, 1204, 1204,   90,   60,  -19,
+ /*    10 */    58,   58,  186, 1204, 1204, 1204, 1204, 1204, 1204, 1204,
+ /*    20 */    67,   67,  182,  336,  218,  550,  135,  263,  340,  417,
+ /*    30 */   494,  571,  622,  699,  776,  827,  827,  827,  827,  827,
+ /*    40 */   827,  827,  827,  827,  827,  827,  827,  827,  827,  827,
+ /*    50 */   878,  827,  929,  980,  980, 1156, 1204, 1204, 1204, 1204,
+ /*    60 */  1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204,
+ /*    70 */  1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204,
+ /*    80 */  1204, 1204, 1204, 1204, 1258, 1204, 1204, 1204, 1204, 1204,
+ /*    90 */  1204, 1204, 1204, 1204, 1204, 1204, 1204, 1204,  -71,  -47,
+ /*   100 */   -47,  -47,  -47,  -47,   -6,   88,  -66,  218,  218,  418,
+ /*   110 */   495,  535,  535,   33,   43,   10,  -30,  -89,  -89,  -89,
+ /*   120 */    11,  425,  425,  268,  455,  605,  218,  218,  218,  218,
+ /*   130 */   218,  218,  218,  218,  218,  218,  218,  218,  218,  218,
+ /*   140 */   218,  218,  218,  218,  218,  684,  138,   10,   43,  125,
+ /*   150 */   125,  125,  125,  125,  125,  -89,  -89,  -89,  228,  341,
+ /*   160 */   341,  207,  276,  300,  280,  352,  354,  218,  218,  218,
+ /*   170 */   218,  218,  218,  218,  218,  218,  218,  218,  218,  218,
+ /*   180 */   218,  218,  218,  218,  563,  563,  563,  218,  218,  435,
+ /*   190 */   218,  218,  218,  579,  218,  218,  585,  218,  218,  218,
+ /*   200 */   218,  218,  218,  218,  218,  218,  218,  581,  768,  711,
+ /*   210 */   711,  711,  704,  215, 1065,  756,  434,  709,  709,  712,
+ /*   220 */   434,  712,  534,  858,  641,  953,  709,  -88,  953,  953,
+ /*   230 */   867,  489,  447, 1200, 1118, 1118, 1203, 1203, 1118, 1229,
+ /*   240 */  1184, 1126, 1242, 1242, 1242, 1242, 1118, 1250, 1126, 1229,
+ /*   250 */  1184, 1184, 1126, 1118, 1250, 1139, 1237, 1118, 1118, 1250,
+ /*   260 */  1277, 1118, 1250, 1118, 1250, 1277, 1205, 1205, 1205, 1259,
+ /*   270 */  1277, 1205, 1210, 1205, 1259, 1205, 1205, 1195, 1218, 1195,
+ /*   280 */  1218, 1195, 1218, 1195, 1218, 1118, 1118, 1198, 1277, 1254,
+ /*   290 */  1254, 1277, 1223, 1231, 1230, 1236, 1126, 1346, 1348, 1363,
+ /*   300 */  1363, 1373, 1373, 1373, 1373,  -89,  -89,  -89,  -89,  -89,
+ /*   310 */   -89,  477,  547,  386,  818,  750,  765,  700, 1006,  731,
+ /*   320 */  1011, 1015, 1016, 1017,  948,  836,  935,  703, 1023, 1055,
+ /*   330 */  1064, 1077,  855,  918, 1087, 1085,  611, 1392, 1394, 1377,
+ /*   340 */  1260, 1385, 1333, 1388, 1382, 1383, 1287, 1278, 1297, 1289,
+ /*   350 */  1390, 1288, 1398, 1414, 1293, 1286, 1340, 1341, 1312, 1396,
+ /*   360 */  1389, 1304, 1426, 1423, 1407, 1323, 1291, 1378, 1408, 1379,
+ /*   370 */  1374, 1393, 1329, 1415, 1418, 1421, 1330, 1336, 1422, 1395,
+ /*   380 */  1424, 1425, 1420, 1427, 1397, 1428, 1429, 1399, 1405, 1430,
+ /*   390 */  1431, 1432, 1343, 1434, 1437, 1435, 1436, 1339, 1440, 1441,
+ /*   400 */  1438, 1439, 1443, 1344, 1444, 1442, 1445, 1446, 1444, 1449,
+ /*   410 */  1450, 1451, 1453, 1454, 1458, 1456, 1460, 1459, 1452, 1461,
+ /*   420 */  1462, 1464, 1465, 1461, 1467, 1466, 1468, 1469, 1471, 1362,
+ /*   430 */  1372, 1375, 1376, 1472, 1484, 1499,
+};
+#define YY_REDUCE_USE_DFLT (-144)
+#define YY_REDUCE_COUNT (310)
+#define YY_REDUCE_MIN   (-143)
+#define YY_REDUCE_MAX   (1235)
+static const short yy_reduce_ofst[] = {
+ /*     0 */  -143,  954,   86,   21,  -50,   23,   79,  134,  226, -120,
+ /*    10 */  -127,  146,  161,  291,  349,  366,  311,  382,  374,  231,
+ /*    20 */   364,  367,  396,  398,  236,  317, -103, -103, -103, -103,
+ /*    30 */  -103, -103, -103, -103, -103, -103, -103, -103, -103, -103,
+ /*    40 */  -103, -103, -103, -103, -103, -103, -103, -103, -103, -103,
+ /*    50 */  -103, -103, -103, -103, -103,  460,  503,  567,  569,  572,
+ /*    60 */   577,  580,  582,  584,  587,  593,  631,  644,  646,  649,
+ /*    70 */   655,  657,  659,  661,  664,  670,  708,  720,  759,  771,
+ /*    80 */   810,  822,  861,  873,  912,  930,  947,  950,  957,  959,
+ /*    90 */   963,  966,  968,  998, 1005, 1013, 1022, 1025, -103, -103,
+ /*   100 */  -103, -103, -103, -103, -103, -103, -103,  474,  212,   15,
+ /*   110 */   498,  222,  511, -103,   97,  557, -103, -103, -103, -103,
+ /*   120 */   -80,    9,   59,   19,  294,  294,  -53,  -62,  690,  691,
+ /*   130 */   735,  737,  740,  744,  133,  310,  148,  330,  160,  380,
+ /*   140 */   786,  788,  401,  296,  789,  733,   85,  722,  -42,  324,
+ /*   150 */   508,  784,  828,  829,  830,  678,  713,  407,   69,  150,
+ /*   160 */   194,  188,  289,  301,  403,  461,  485,  568,  617,  673,
+ /*   170 */   724,  779,  792,  824,  831,  837,  842,  846,  848,  881,
+ /*   180 */   892,  900,  931,  936,  446,  910,  911,  944,  949,  901,
+ /*   190 */   955,  967,  978,  923,  992,  993,  956,  996,  999, 1010,
+ /*   200 */   289, 1018, 1033, 1043, 1046, 1049, 1056,  934,  973,  997,
+ /*   210 */  1000, 1002,  901, 1012, 1019, 1060, 1014, 1004, 1020,  975,
+ /*   220 */  1024,  976, 1040, 1035, 1047, 1045, 1021, 1007, 1051, 1053,
+ /*   230 */  1031, 1034, 1083, 1026, 1082, 1084, 1008, 1009, 1089, 1036,
+ /*   240 */  1068, 1059, 1069, 1071, 1072, 1073, 1105, 1111, 1076, 1050,
+ /*   250 */  1080, 1090, 1079, 1115, 1117, 1058, 1048, 1128, 1138, 1140,
+ /*   260 */  1124, 1145, 1148, 1149, 1151, 1131, 1135, 1137, 1141, 1130,
+ /*   270 */  1142, 1143, 1144, 1147, 1134, 1150, 1152, 1106, 1112, 1113,
+ /*   280 */  1116, 1114, 1125, 1123, 1127, 1171, 1175, 1119, 1164, 1120,
+ /*   290 */  1121, 1166, 1146, 1155, 1157, 1160, 1167, 1211, 1214, 1224,
+ /*   300 */  1225, 1232, 1233, 1234, 1235, 1132, 1153, 1133, 1201, 1208,
+ /*   310 */  1228,
+};
+static const YYACTIONTYPE yy_default[] = {
+ /*     0 */   982, 1300, 1300, 1300, 1214, 1214, 1214, 1305, 1300, 1109,
+ /*    10 */  1138, 1138, 1274, 1305, 1305, 1305, 1305, 1305, 1305, 1212,
+ /*    20 */  1305, 1305, 1305, 1300, 1305, 1113, 1144, 1305, 1305, 1305,
+ /*    30 */  1305, 1305, 1305, 1305, 1305, 1273, 1275, 1152, 1151, 1254,
+ /*    40 */  1125, 1149, 1142, 1146, 1215, 1208, 1209, 1207, 1211, 1216,
+ /*    50 */  1305, 1145, 1177, 1192, 1176, 1305, 1305, 1305, 1305, 1305,
+ /*    60 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*    70 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*    80 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*    90 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1186, 1191,
+ /*   100 */  1198, 1190, 1187, 1179, 1178, 1180, 1181, 1305, 1305, 1008,
+ /*   110 */  1074, 1305, 1305, 1182, 1305, 1020, 1183, 1195, 1194, 1193,
+ /*   120 */  1015, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   130 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   140 */  1305, 1305, 1305, 1305, 1305,  982, 1300, 1305, 1305, 1300,
+ /*   150 */  1300, 1300, 1300, 1300, 1300, 1292, 1113, 1103, 1305, 1305,
+ /*   160 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1280, 1278,
+ /*   170 */  1305, 1227, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   180 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   190 */  1305, 1305, 1305, 1109, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   200 */  1305, 1305, 1305, 1305, 1305, 1305,  988, 1305, 1247, 1109,
+ /*   210 */  1109, 1109, 1111, 1089, 1101,  990, 1148, 1127, 1127, 1259,
+ /*   220 */  1148, 1259, 1045, 1068, 1042, 1138, 1127, 1210, 1138, 1138,
+ /*   230 */  1110, 1101, 1305, 1285, 1118, 1118, 1277, 1277, 1118, 1157,
+ /*   240 */  1078, 1148, 1085, 1085, 1085, 1085, 1118, 1005, 1148, 1157,
+ /*   250 */  1078, 1078, 1148, 1118, 1005, 1253, 1251, 1118, 1118, 1005,
+ /*   260 */  1220, 1118, 1005, 1118, 1005, 1220, 1076, 1076, 1076, 1060,
+ /*   270 */  1220, 1076, 1045, 1076, 1060, 1076, 1076, 1131, 1126, 1131,
+ /*   280 */  1126, 1131, 1126, 1131, 1126, 1118, 1118, 1305, 1220, 1224,
+ /*   290 */  1224, 1220, 1143, 1132, 1141, 1139, 1148, 1011, 1063,  998,
+ /*   300 */   998,  987,  987,  987,  987, 1297, 1297, 1292, 1047, 1047,
+ /*   310 */  1030, 1305, 1305, 1305, 1305, 1305, 1305, 1022, 1305, 1229,
+ /*   320 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   330 */  1305, 1305, 1305, 1305, 1305, 1305, 1164, 1305,  983, 1287,
+ /*   340 */  1305, 1305, 1284, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   350 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   360 */  1305, 1257, 1305, 1305, 1305, 1305, 1305, 1305, 1250, 1249,
+ /*   370 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   380 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305,
+ /*   390 */  1305, 1305, 1092, 1305, 1305, 1305, 1096, 1305, 1305, 1305,
+ /*   400 */  1305, 1305, 1305, 1305, 1140, 1305, 1133, 1305, 1213, 1305,
+ /*   410 */  1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1305, 1302,
+ /*   420 */  1305, 1305, 1305, 1301, 1305, 1305, 1305, 1305, 1305, 1166,
+ /*   430 */  1305, 1165, 1169, 1305,  996, 1305,
+};
+/********** End of lemon-generated parsing tables *****************************/
+
+/* The next table maps tokens (terminal symbols) into fallback tokens.  
+** If a construct like the following:
+** 
+**      %fallback ID X Y Z.
+**
+** appears in the grammar, then ID becomes a fallback token for X, Y,
+** and Z.  Whenever one of the tokens X, Y, or Z is input to the parser
+** but it does not parse, the type of the token is changed to ID and
+** the parse is retried before an error is thrown.
+**
+** This feature can be used, for example, to cause some keywords in a language
+** to revert to identifiers if they keyword does not apply in the context where
+** it appears.
+*/
+#ifdef YYFALLBACK
+static const YYCODETYPE yyFallback[] = {
+    0,  /*          $ => nothing */
+    0,  /*       SEMI => nothing */
+   27,  /*    EXPLAIN => ID */
+   27,  /*      QUERY => ID */
+   27,  /*       PLAN => ID */
+   27,  /*      BEGIN => ID */
+    0,  /* TRANSACTION => nothing */
+   27,  /*   DEFERRED => ID */
+   27,  /*  IMMEDIATE => ID */
+   27,  /*  EXCLUSIVE => ID */
+    0,  /*     COMMIT => nothing */
+   27,  /*        END => ID */
+   27,  /*   ROLLBACK => ID */
+   27,  /*  SAVEPOINT => ID */
+   27,  /*    RELEASE => ID */
+    0,  /*         TO => nothing */
+    0,  /*      TABLE => nothing */
+    0,  /*     CREATE => nothing */
+   27,  /*         IF => ID */
+    0,  /*        NOT => nothing */
+    0,  /*     EXISTS => nothing */
+   27,  /*       TEMP => ID */
+    0,  /*         LP => nothing */
+    0,  /*         RP => nothing */
+    0,  /*         AS => nothing */
+   27,  /*    WITHOUT => ID */
+    0,  /*      COMMA => nothing */
+    0,  /*         ID => nothing */
+    0,  /*    INDEXED => nothing */
+   27,  /*      ABORT => ID */
+   27,  /*     ACTION => ID */
+   27,  /*      AFTER => ID */
+   27,  /*    ANALYZE => ID */
+   27,  /*        ASC => ID */
+   27,  /*     ATTACH => ID */
+   27,  /*     BEFORE => ID */
+   27,  /*         BY => ID */
+   27,  /*    CASCADE => ID */
+   27,  /*       CAST => ID */
+   27,  /*   COLUMNKW => ID */
+   27,  /*   CONFLICT => ID */
+   27,  /*   DATABASE => ID */
+   27,  /*       DESC => ID */
+   27,  /*     DETACH => ID */
+   27,  /*       EACH => ID */
+   27,  /*       FAIL => ID */
+   27,  /*        FOR => ID */
+   27,  /*     IGNORE => ID */
+   27,  /*  INITIALLY => ID */
+   27,  /*    INSTEAD => ID */
+   27,  /*    LIKE_KW => ID */
+   27,  /*      MATCH => ID */
+   27,  /*         NO => ID */
+   27,  /*        KEY => ID */
+   27,  /*         OF => ID */
+   27,  /*     OFFSET => ID */
+   27,  /*     PRAGMA => ID */
+   27,  /*      RAISE => ID */
+   27,  /*  RECURSIVE => ID */
+   27,  /*    REPLACE => ID */
+   27,  /*   RESTRICT => ID */
+   27,  /*        ROW => ID */
+   27,  /*    TRIGGER => ID */
+   27,  /*     VACUUM => ID */
+   27,  /*       VIEW => ID */
+   27,  /*    VIRTUAL => ID */
+   27,  /*       WITH => ID */
+   27,  /*    REINDEX => ID */
+   27,  /*     RENAME => ID */
+   27,  /*   CTIME_KW => ID */
+};
+#endif /* YYFALLBACK */
+
+/* The following structure represents a single element of the
+** parser's stack.  Information stored includes:
+**
+**   +  The state number for the parser at this level of the stack.
+**
+**   +  The value of the token stored at this level of the stack.
+**      (In other words, the "major" token.)
+**
+**   +  The semantic value stored at this level of the stack.  This is
+**      the information used by the action routines in the grammar.
+**      It is sometimes called the "minor" token.
+**
+** After the "shift" half of a SHIFTREDUCE action, the stateno field
+** actually contains the reduce action for the second half of the
+** SHIFTREDUCE.
+*/
+struct yyStackEntry {
+  YYACTIONTYPE stateno;  /* The state-number, or reduce action in SHIFTREDUCE */
+  YYCODETYPE major;      /* The major token value.  This is the code
+                         ** number for the token at this stack level */
+  YYMINORTYPE minor;     /* The user-supplied minor token value.  This
+                         ** is the value of the token  */
+};
+typedef struct yyStackEntry yyStackEntry;
+
+/* The state of the parser is completely contained in an instance of
+** the following structure */
+struct yyParser {
+  int yyidx;                    /* Index of top element in stack */
+#ifdef YYTRACKMAXSTACKDEPTH
+  int yyidxMax;                 /* Maximum value of yyidx */
+#endif
+  int yyerrcnt;                 /* Shifts left before out of the error */
+  sqlite3ParserARG_SDECL                /* A place to hold %extra_argument */
+#if YYSTACKDEPTH<=0
+  int yystksz;                  /* Current side of the stack */
+  yyStackEntry *yystack;        /* The parser's stack */
+#else
+  yyStackEntry yystack[YYSTACKDEPTH];  /* The parser's stack */
+#endif
+};
+typedef struct yyParser yyParser;
+
+#ifndef NDEBUG
+/* #include <stdio.h> */
+static FILE *yyTraceFILE = 0;
+static char *yyTracePrompt = 0;
+#endif /* NDEBUG */
+
+#ifndef NDEBUG
+/* 
+** Turn parser tracing on by giving a stream to which to write the trace
+** and a prompt to preface each trace message.  Tracing is turned off
+** by making either argument NULL 
+**
+** Inputs:
+** <ul>
+** <li> A FILE* to which trace output should be written.
+**      If NULL, then tracing is turned off.
+** <li> A prefix string written at the beginning of every
+**      line of trace output.  If NULL, then tracing is
+**      turned off.
+** </ul>
+**
+** Outputs:
+** None.
+*/
+SQLITE_PRIVATE void sqlite3ParserTrace(FILE *TraceFILE, char *zTracePrompt){
+  yyTraceFILE = TraceFILE;
+  yyTracePrompt = zTracePrompt;
+  if( yyTraceFILE==0 ) yyTracePrompt = 0;
+  else if( yyTracePrompt==0 ) yyTraceFILE = 0;
+}
+#endif /* NDEBUG */
+
+#ifndef NDEBUG
+/* For tracing shifts, the names of all terminals and nonterminals
+** are required.  The following table supplies these names */
+static const char *const yyTokenName[] = { 
+  "$",             "SEMI",          "EXPLAIN",       "QUERY",       
+  "PLAN",          "BEGIN",         "TRANSACTION",   "DEFERRED",    
+  "IMMEDIATE",     "EXCLUSIVE",     "COMMIT",        "END",         
+  "ROLLBACK",      "SAVEPOINT",     "RELEASE",       "TO",          
+  "TABLE",         "CREATE",        "IF",            "NOT",         
+  "EXISTS",        "TEMP",          "LP",            "RP",          
+  "AS",            "WITHOUT",       "COMMA",         "ID",          
+  "INDEXED",       "ABORT",         "ACTION",        "AFTER",       
+  "ANALYZE",       "ASC",           "ATTACH",        "BEFORE",      
+  "BY",            "CASCADE",       "CAST",          "COLUMNKW",    
+  "CONFLICT",      "DATABASE",      "DESC",          "DETACH",      
+  "EACH",          "FAIL",          "FOR",           "IGNORE",      
+  "INITIALLY",     "INSTEAD",       "LIKE_KW",       "MATCH",       
+  "NO",            "KEY",           "OF",            "OFFSET",      
+  "PRAGMA",        "RAISE",         "RECURSIVE",     "REPLACE",     
+  "RESTRICT",      "ROW",           "TRIGGER",       "VACUUM",      
+  "VIEW",          "VIRTUAL",       "WITH",          "REINDEX",     
+  "RENAME",        "CTIME_KW",      "ANY",           "OR",          
+  "AND",           "IS",            "BETWEEN",       "IN",          
+  "ISNULL",        "NOTNULL",       "NE",            "EQ",          
+  "GT",            "LE",            "LT",            "GE",          
+  "ESCAPE",        "BITAND",        "BITOR",         "LSHIFT",      
+  "RSHIFT",        "PLUS",          "MINUS",         "STAR",        
+  "SLASH",         "REM",           "CONCAT",        "COLLATE",     
+  "BITNOT",        "STRING",        "JOIN_KW",       "CONSTRAINT",  
+  "DEFAULT",       "NULL",          "PRIMARY",       "UNIQUE",      
+  "CHECK",         "REFERENCES",    "AUTOINCR",      "ON",          
+  "INSERT",        "DELETE",        "UPDATE",        "SET",         
+  "DEFERRABLE",    "FOREIGN",       "DROP",          "UNION",       
+  "ALL",           "EXCEPT",        "INTERSECT",     "SELECT",      
+  "VALUES",        "DISTINCT",      "DOT",           "FROM",        
+  "JOIN",          "USING",         "ORDER",         "GROUP",       
+  "HAVING",        "LIMIT",         "WHERE",         "INTO",        
+  "INTEGER",       "FLOAT",         "BLOB",          "VARIABLE",    
+  "CASE",          "WHEN",          "THEN",          "ELSE",        
+  "INDEX",         "ALTER",         "ADD",           "error",       
+  "input",         "cmdlist",       "ecmd",          "explain",     
+  "cmdx",          "cmd",           "transtype",     "trans_opt",   
+  "nm",            "savepoint_opt",  "create_table",  "create_table_args",
+  "createkw",      "temp",          "ifnotexists",   "dbnm",        
+  "columnlist",    "conslist_opt",  "table_options",  "select",      
+  "column",        "columnid",      "type",          "carglist",    
+  "typetoken",     "typename",      "signed",        "plus_num",    
+  "minus_num",     "ccons",         "term",          "expr",        
+  "onconf",        "sortorder",     "autoinc",       "eidlist_opt", 
+  "refargs",       "defer_subclause",  "refarg",        "refact",      
+  "init_deferred_pred_opt",  "conslist",      "tconscomma",    "tcons",       
+  "sortlist",      "eidlist",       "defer_subclause_opt",  "orconf",      
+  "resolvetype",   "raisetype",     "ifexists",      "fullname",    
+  "selectnowith",  "oneselect",     "with",          "multiselect_op",
+  "distinct",      "selcollist",    "from",          "where_opt",   
+  "groupby_opt",   "having_opt",    "orderby_opt",   "limit_opt",   
+  "values",        "nexprlist",     "exprlist",      "sclp",        
+  "as",            "seltablist",    "stl_prefix",    "joinop",      
+  "indexed_opt",   "on_opt",        "using_opt",     "idlist",      
+  "setlist",       "insert_cmd",    "idlist_opt",    "likeop",      
+  "between_op",    "in_op",         "case_operand",  "case_exprlist",
+  "case_else",     "uniqueflag",    "collate",       "nmnum",       
+  "trigger_decl",  "trigger_cmd_list",  "trigger_time",  "trigger_event",
+  "foreach_clause",  "when_clause",   "trigger_cmd",   "trnm",        
+  "tridxby",       "database_kw_opt",  "key_opt",       "add_column_fullname",
+  "kwcolumn_opt",  "create_vtab",   "vtabarglist",   "vtabarg",     
+  "vtabargtoken",  "lp",            "anylist",       "wqlist",      
+};
+#endif /* NDEBUG */
+
+#ifndef NDEBUG
+/* For tracing reduce actions, the names of all rules are required.
+*/
+static const char *const yyRuleName[] = {
+ /*   0 */ "input ::= cmdlist",
+ /*   1 */ "cmdlist ::= cmdlist ecmd",
+ /*   2 */ "cmdlist ::= ecmd",
+ /*   3 */ "ecmd ::= SEMI",
+ /*   4 */ "ecmd ::= explain cmdx SEMI",
+ /*   5 */ "explain ::=",
+ /*   6 */ "explain ::= EXPLAIN",
+ /*   7 */ "explain ::= EXPLAIN QUERY PLAN",
+ /*   8 */ "cmdx ::= cmd",
+ /*   9 */ "cmd ::= BEGIN transtype trans_opt",
+ /*  10 */ "trans_opt ::=",
+ /*  11 */ "trans_opt ::= TRANSACTION",
+ /*  12 */ "trans_opt ::= TRANSACTION nm",
+ /*  13 */ "transtype ::=",
+ /*  14 */ "transtype ::= DEFERRED",
+ /*  15 */ "transtype ::= IMMEDIATE",
+ /*  16 */ "transtype ::= EXCLUSIVE",
+ /*  17 */ "cmd ::= COMMIT trans_opt",
+ /*  18 */ "cmd ::= END trans_opt",
+ /*  19 */ "cmd ::= ROLLBACK trans_opt",
+ /*  20 */ "savepoint_opt ::= SAVEPOINT",
+ /*  21 */ "savepoint_opt ::=",
+ /*  22 */ "cmd ::= SAVEPOINT nm",
+ /*  23 */ "cmd ::= RELEASE savepoint_opt nm",
+ /*  24 */ "cmd ::= ROLLBACK trans_opt TO savepoint_opt nm",
+ /*  25 */ "cmd ::= create_table create_table_args",
+ /*  26 */ "create_table ::= createkw temp TABLE ifnotexists nm dbnm",
+ /*  27 */ "createkw ::= CREATE",
+ /*  28 */ "ifnotexists ::=",
+ /*  29 */ "ifnotexists ::= IF NOT EXISTS",
+ /*  30 */ "temp ::= TEMP",
+ /*  31 */ "temp ::=",
+ /*  32 */ "create_table_args ::= LP columnlist conslist_opt RP table_options",
+ /*  33 */ "create_table_args ::= AS select",
+ /*  34 */ "table_options ::=",
+ /*  35 */ "table_options ::= WITHOUT nm",
+ /*  36 */ "columnlist ::= columnlist COMMA column",
+ /*  37 */ "columnlist ::= column",
+ /*  38 */ "column ::= columnid type carglist",
+ /*  39 */ "columnid ::= nm",
+ /*  40 */ "nm ::= ID|INDEXED",
+ /*  41 */ "nm ::= STRING",
+ /*  42 */ "nm ::= JOIN_KW",
+ /*  43 */ "type ::=",
+ /*  44 */ "type ::= typetoken",
+ /*  45 */ "typetoken ::= typename",
+ /*  46 */ "typetoken ::= typename LP signed RP",
+ /*  47 */ "typetoken ::= typename LP signed COMMA signed RP",
+ /*  48 */ "typename ::= ID|STRING",
+ /*  49 */ "typename ::= typename ID|STRING",
+ /*  50 */ "signed ::= plus_num",
+ /*  51 */ "signed ::= minus_num",
+ /*  52 */ "carglist ::= carglist ccons",
+ /*  53 */ "carglist ::=",
+ /*  54 */ "ccons ::= CONSTRAINT nm",
+ /*  55 */ "ccons ::= DEFAULT term",
+ /*  56 */ "ccons ::= DEFAULT LP expr RP",
+ /*  57 */ "ccons ::= DEFAULT PLUS term",
+ /*  58 */ "ccons ::= DEFAULT MINUS term",
+ /*  59 */ "ccons ::= DEFAULT ID|INDEXED",
+ /*  60 */ "ccons ::= NULL onconf",
+ /*  61 */ "ccons ::= NOT NULL onconf",
+ /*  62 */ "ccons ::= PRIMARY KEY sortorder onconf autoinc",
+ /*  63 */ "ccons ::= UNIQUE onconf",
+ /*  64 */ "ccons ::= CHECK LP expr RP",
+ /*  65 */ "ccons ::= REFERENCES nm eidlist_opt refargs",
+ /*  66 */ "ccons ::= defer_subclause",
+ /*  67 */ "ccons ::= COLLATE ID|STRING",
+ /*  68 */ "autoinc ::=",
+ /*  69 */ "autoinc ::= AUTOINCR",
+ /*  70 */ "refargs ::=",
+ /*  71 */ "refargs ::= refargs refarg",
+ /*  72 */ "refarg ::= MATCH nm",
+ /*  73 */ "refarg ::= ON INSERT refact",
+ /*  74 */ "refarg ::= ON DELETE refact",
+ /*  75 */ "refarg ::= ON UPDATE refact",
+ /*  76 */ "refact ::= SET NULL",
+ /*  77 */ "refact ::= SET DEFAULT",
+ /*  78 */ "refact ::= CASCADE",
+ /*  79 */ "refact ::= RESTRICT",
+ /*  80 */ "refact ::= NO ACTION",
+ /*  81 */ "defer_subclause ::= NOT DEFERRABLE init_deferred_pred_opt",
+ /*  82 */ "defer_subclause ::= DEFERRABLE init_deferred_pred_opt",
+ /*  83 */ "init_deferred_pred_opt ::=",
+ /*  84 */ "init_deferred_pred_opt ::= INITIALLY DEFERRED",
+ /*  85 */ "init_deferred_pred_opt ::= INITIALLY IMMEDIATE",
+ /*  86 */ "conslist_opt ::=",
+ /*  87 */ "conslist_opt ::= COMMA conslist",
+ /*  88 */ "conslist ::= conslist tconscomma tcons",
+ /*  89 */ "conslist ::= tcons",
+ /*  90 */ "tconscomma ::= COMMA",
+ /*  91 */ "tconscomma ::=",
+ /*  92 */ "tcons ::= CONSTRAINT nm",
+ /*  93 */ "tcons ::= PRIMARY KEY LP sortlist autoinc RP onconf",
+ /*  94 */ "tcons ::= UNIQUE LP sortlist RP onconf",
+ /*  95 */ "tcons ::= CHECK LP expr RP onconf",
+ /*  96 */ "tcons ::= FOREIGN KEY LP eidlist RP REFERENCES nm eidlist_opt refargs defer_subclause_opt",
+ /*  97 */ "defer_subclause_opt ::=",
+ /*  98 */ "defer_subclause_opt ::= defer_subclause",
+ /*  99 */ "onconf ::=",
+ /* 100 */ "onconf ::= ON CONFLICT resolvetype",
+ /* 101 */ "orconf ::=",
+ /* 102 */ "orconf ::= OR resolvetype",
+ /* 103 */ "resolvetype ::= raisetype",
+ /* 104 */ "resolvetype ::= IGNORE",
+ /* 105 */ "resolvetype ::= REPLACE",
+ /* 106 */ "cmd ::= DROP TABLE ifexists fullname",
+ /* 107 */ "ifexists ::= IF EXISTS",
+ /* 108 */ "ifexists ::=",
+ /* 109 */ "cmd ::= createkw temp VIEW ifnotexists nm dbnm eidlist_opt AS select",
+ /* 110 */ "cmd ::= DROP VIEW ifexists fullname",
+ /* 111 */ "cmd ::= select",
+ /* 112 */ "select ::= with selectnowith",
+ /* 113 */ "selectnowith ::= oneselect",
+ /* 114 */ "selectnowith ::= selectnowith multiselect_op oneselect",
+ /* 115 */ "multiselect_op ::= UNION",
+ /* 116 */ "multiselect_op ::= UNION ALL",
+ /* 117 */ "multiselect_op ::= EXCEPT|INTERSECT",
+ /* 118 */ "oneselect ::= SELECT distinct selcollist from where_opt groupby_opt having_opt orderby_opt limit_opt",
+ /* 119 */ "oneselect ::= values",
+ /* 120 */ "values ::= VALUES LP nexprlist RP",
+ /* 121 */ "values ::= values COMMA LP exprlist RP",
+ /* 122 */ "distinct ::= DISTINCT",
+ /* 123 */ "distinct ::= ALL",
+ /* 124 */ "distinct ::=",
+ /* 125 */ "sclp ::= selcollist COMMA",
+ /* 126 */ "sclp ::=",
+ /* 127 */ "selcollist ::= sclp expr as",
+ /* 128 */ "selcollist ::= sclp STAR",
+ /* 129 */ "selcollist ::= sclp nm DOT STAR",
+ /* 130 */ "as ::= AS nm",
+ /* 131 */ "as ::= ID|STRING",
+ /* 132 */ "as ::=",
+ /* 133 */ "from ::=",
+ /* 134 */ "from ::= FROM seltablist",
+ /* 135 */ "stl_prefix ::= seltablist joinop",
+ /* 136 */ "stl_prefix ::=",
+ /* 137 */ "seltablist ::= stl_prefix nm dbnm as indexed_opt on_opt using_opt",
+ /* 138 */ "seltablist ::= stl_prefix nm dbnm LP exprlist RP as on_opt using_opt",
+ /* 139 */ "seltablist ::= stl_prefix LP select RP as on_opt using_opt",
+ /* 140 */ "seltablist ::= stl_prefix LP seltablist RP as on_opt using_opt",
+ /* 141 */ "dbnm ::=",
+ /* 142 */ "dbnm ::= DOT nm",
+ /* 143 */ "fullname ::= nm dbnm",
+ /* 144 */ "joinop ::= COMMA|JOIN",
+ /* 145 */ "joinop ::= JOIN_KW JOIN",
+ /* 146 */ "joinop ::= JOIN_KW nm JOIN",
+ /* 147 */ "joinop ::= JOIN_KW nm nm JOIN",
+ /* 148 */ "on_opt ::= ON expr",
+ /* 149 */ "on_opt ::=",
+ /* 150 */ "indexed_opt ::=",
+ /* 151 */ "indexed_opt ::= INDEXED BY nm",
+ /* 152 */ "indexed_opt ::= NOT INDEXED",
+ /* 153 */ "using_opt ::= USING LP idlist RP",
+ /* 154 */ "using_opt ::=",
+ /* 155 */ "orderby_opt ::=",
+ /* 156 */ "orderby_opt ::= ORDER BY sortlist",
+ /* 157 */ "sortlist ::= sortlist COMMA expr sortorder",
+ /* 158 */ "sortlist ::= expr sortorder",
+ /* 159 */ "sortorder ::= ASC",
+ /* 160 */ "sortorder ::= DESC",
+ /* 161 */ "sortorder ::=",
+ /* 162 */ "groupby_opt ::=",
+ /* 163 */ "groupby_opt ::= GROUP BY nexprlist",
+ /* 164 */ "having_opt ::=",
+ /* 165 */ "having_opt ::= HAVING expr",
+ /* 166 */ "limit_opt ::=",
+ /* 167 */ "limit_opt ::= LIMIT expr",
+ /* 168 */ "limit_opt ::= LIMIT expr OFFSET expr",
+ /* 169 */ "limit_opt ::= LIMIT expr COMMA expr",
+ /* 170 */ "cmd ::= with DELETE FROM fullname indexed_opt where_opt",
+ /* 171 */ "where_opt ::=",
+ /* 172 */ "where_opt ::= WHERE expr",
+ /* 173 */ "cmd ::= with UPDATE orconf fullname indexed_opt SET setlist where_opt",
+ /* 174 */ "setlist ::= setlist COMMA nm EQ expr",
+ /* 175 */ "setlist ::= nm EQ expr",
+ /* 176 */ "cmd ::= with insert_cmd INTO fullname idlist_opt select",
+ /* 177 */ "cmd ::= with insert_cmd INTO fullname idlist_opt DEFAULT VALUES",
+ /* 178 */ "insert_cmd ::= INSERT orconf",
+ /* 179 */ "insert_cmd ::= REPLACE",
+ /* 180 */ "idlist_opt ::=",
+ /* 181 */ "idlist_opt ::= LP idlist RP",
+ /* 182 */ "idlist ::= idlist COMMA nm",
+ /* 183 */ "idlist ::= nm",
+ /* 184 */ "expr ::= term",
+ /* 185 */ "expr ::= LP expr RP",
+ /* 186 */ "term ::= NULL",
+ /* 187 */ "expr ::= ID|INDEXED",
+ /* 188 */ "expr ::= JOIN_KW",
+ /* 189 */ "expr ::= nm DOT nm",
+ /* 190 */ "expr ::= nm DOT nm DOT nm",
+ /* 191 */ "term ::= INTEGER|FLOAT|BLOB",
+ /* 192 */ "term ::= STRING",
+ /* 193 */ "expr ::= VARIABLE",
+ /* 194 */ "expr ::= expr COLLATE ID|STRING",
+ /* 195 */ "expr ::= CAST LP expr AS typetoken RP",
+ /* 196 */ "expr ::= ID|INDEXED LP distinct exprlist RP",
+ /* 197 */ "expr ::= ID|INDEXED LP STAR RP",
+ /* 198 */ "term ::= CTIME_KW",
+ /* 199 */ "expr ::= expr AND expr",
+ /* 200 */ "expr ::= expr OR expr",
+ /* 201 */ "expr ::= expr LT|GT|GE|LE expr",
+ /* 202 */ "expr ::= expr EQ|NE expr",
+ /* 203 */ "expr ::= expr BITAND|BITOR|LSHIFT|RSHIFT expr",
+ /* 204 */ "expr ::= expr PLUS|MINUS expr",
+ /* 205 */ "expr ::= expr STAR|SLASH|REM expr",
+ /* 206 */ "expr ::= expr CONCAT expr",
+ /* 207 */ "likeop ::= LIKE_KW|MATCH",
+ /* 208 */ "likeop ::= NOT LIKE_KW|MATCH",
+ /* 209 */ "expr ::= expr likeop expr",
+ /* 210 */ "expr ::= expr likeop expr ESCAPE expr",
+ /* 211 */ "expr ::= expr ISNULL|NOTNULL",
+ /* 212 */ "expr ::= expr NOT NULL",
+ /* 213 */ "expr ::= expr IS expr",
+ /* 214 */ "expr ::= expr IS NOT expr",
+ /* 215 */ "expr ::= NOT expr",
+ /* 216 */ "expr ::= BITNOT expr",
+ /* 217 */ "expr ::= MINUS expr",
+ /* 218 */ "expr ::= PLUS expr",
+ /* 219 */ "between_op ::= BETWEEN",
+ /* 220 */ "between_op ::= NOT BETWEEN",
+ /* 221 */ "expr ::= expr between_op expr AND expr",
+ /* 222 */ "in_op ::= IN",
+ /* 223 */ "in_op ::= NOT IN",
+ /* 224 */ "expr ::= expr in_op LP exprlist RP",
+ /* 225 */ "expr ::= LP select RP",
+ /* 226 */ "expr ::= expr in_op LP select RP",
+ /* 227 */ "expr ::= expr in_op nm dbnm",
+ /* 228 */ "expr ::= EXISTS LP select RP",
+ /* 229 */ "expr ::= CASE case_operand case_exprlist case_else END",
+ /* 230 */ "case_exprlist ::= case_exprlist WHEN expr THEN expr",
+ /* 231 */ "case_exprlist ::= WHEN expr THEN expr",
+ /* 232 */ "case_else ::= ELSE expr",
+ /* 233 */ "case_else ::=",
+ /* 234 */ "case_operand ::= expr",
+ /* 235 */ "case_operand ::=",
+ /* 236 */ "exprlist ::= nexprlist",
+ /* 237 */ "exprlist ::=",
+ /* 238 */ "nexprlist ::= nexprlist COMMA expr",
+ /* 239 */ "nexprlist ::= expr",
+ /* 240 */ "cmd ::= createkw uniqueflag INDEX ifnotexists nm dbnm ON nm LP sortlist RP where_opt",
+ /* 241 */ "uniqueflag ::= UNIQUE",
+ /* 242 */ "uniqueflag ::=",
+ /* 243 */ "eidlist_opt ::=",
+ /* 244 */ "eidlist_opt ::= LP eidlist RP",
+ /* 245 */ "eidlist ::= eidlist COMMA nm collate sortorder",
+ /* 246 */ "eidlist ::= nm collate sortorder",
+ /* 247 */ "collate ::=",
+ /* 248 */ "collate ::= COLLATE ID|STRING",
+ /* 249 */ "cmd ::= DROP INDEX ifexists fullname",
+ /* 250 */ "cmd ::= VACUUM",
+ /* 251 */ "cmd ::= VACUUM nm",
+ /* 252 */ "cmd ::= PRAGMA nm dbnm",
+ /* 253 */ "cmd ::= PRAGMA nm dbnm EQ nmnum",
+ /* 254 */ "cmd ::= PRAGMA nm dbnm LP nmnum RP",
+ /* 255 */ "cmd ::= PRAGMA nm dbnm EQ minus_num",
+ /* 256 */ "cmd ::= PRAGMA nm dbnm LP minus_num RP",
+ /* 257 */ "nmnum ::= plus_num",
+ /* 258 */ "nmnum ::= nm",
+ /* 259 */ "nmnum ::= ON",
+ /* 260 */ "nmnum ::= DELETE",
+ /* 261 */ "nmnum ::= DEFAULT",
+ /* 262 */ "plus_num ::= PLUS INTEGER|FLOAT",
+ /* 263 */ "plus_num ::= INTEGER|FLOAT",
+ /* 264 */ "minus_num ::= MINUS INTEGER|FLOAT",
+ /* 265 */ "cmd ::= createkw trigger_decl BEGIN trigger_cmd_list END",
+ /* 266 */ "trigger_decl ::= temp TRIGGER ifnotexists nm dbnm trigger_time trigger_event ON fullname foreach_clause when_clause",
+ /* 267 */ "trigger_time ::= BEFORE",
+ /* 268 */ "trigger_time ::= AFTER",
+ /* 269 */ "trigger_time ::= INSTEAD OF",
+ /* 270 */ "trigger_time ::=",
+ /* 271 */ "trigger_event ::= DELETE|INSERT",
+ /* 272 */ "trigger_event ::= UPDATE",
+ /* 273 */ "trigger_event ::= UPDATE OF idlist",
+ /* 274 */ "foreach_clause ::=",
+ /* 275 */ "foreach_clause ::= FOR EACH ROW",
+ /* 276 */ "when_clause ::=",
+ /* 277 */ "when_clause ::= WHEN expr",
+ /* 278 */ "trigger_cmd_list ::= trigger_cmd_list trigger_cmd SEMI",
+ /* 279 */ "trigger_cmd_list ::= trigger_cmd SEMI",
+ /* 280 */ "trnm ::= nm",
+ /* 281 */ "trnm ::= nm DOT nm",
+ /* 282 */ "tridxby ::=",
+ /* 283 */ "tridxby ::= INDEXED BY nm",
+ /* 284 */ "tridxby ::= NOT INDEXED",
+ /* 285 */ "trigger_cmd ::= UPDATE orconf trnm tridxby SET setlist where_opt",
+ /* 286 */ "trigger_cmd ::= insert_cmd INTO trnm idlist_opt select",
+ /* 287 */ "trigger_cmd ::= DELETE FROM trnm tridxby where_opt",
+ /* 288 */ "trigger_cmd ::= select",
+ /* 289 */ "expr ::= RAISE LP IGNORE RP",
+ /* 290 */ "expr ::= RAISE LP raisetype COMMA nm RP",
+ /* 291 */ "raisetype ::= ROLLBACK",
+ /* 292 */ "raisetype ::= ABORT",
+ /* 293 */ "raisetype ::= FAIL",
+ /* 294 */ "cmd ::= DROP TRIGGER ifexists fullname",
+ /* 295 */ "cmd ::= ATTACH database_kw_opt expr AS expr key_opt",
+ /* 296 */ "cmd ::= DETACH database_kw_opt expr",
+ /* 297 */ "key_opt ::=",
+ /* 298 */ "key_opt ::= KEY expr",
+ /* 299 */ "database_kw_opt ::= DATABASE",
+ /* 300 */ "database_kw_opt ::=",
+ /* 301 */ "cmd ::= REINDEX",
+ /* 302 */ "cmd ::= REINDEX nm dbnm",
+ /* 303 */ "cmd ::= ANALYZE",
+ /* 304 */ "cmd ::= ANALYZE nm dbnm",
+ /* 305 */ "cmd ::= ALTER TABLE fullname RENAME TO nm",
+ /* 306 */ "cmd ::= ALTER TABLE add_column_fullname ADD kwcolumn_opt column",
+ /* 307 */ "add_column_fullname ::= fullname",
+ /* 308 */ "kwcolumn_opt ::=",
+ /* 309 */ "kwcolumn_opt ::= COLUMNKW",
+ /* 310 */ "cmd ::= create_vtab",
+ /* 311 */ "cmd ::= create_vtab LP vtabarglist RP",
+ /* 312 */ "create_vtab ::= createkw VIRTUAL TABLE ifnotexists nm dbnm USING nm",
+ /* 313 */ "vtabarglist ::= vtabarg",
+ /* 314 */ "vtabarglist ::= vtabarglist COMMA vtabarg",
+ /* 315 */ "vtabarg ::=",
+ /* 316 */ "vtabarg ::= vtabarg vtabargtoken",
+ /* 317 */ "vtabargtoken ::= ANY",
+ /* 318 */ "vtabargtoken ::= lp anylist RP",
+ /* 319 */ "lp ::= LP",
+ /* 320 */ "anylist ::=",
+ /* 321 */ "anylist ::= anylist LP anylist RP",
+ /* 322 */ "anylist ::= anylist ANY",
+ /* 323 */ "with ::=",
+ /* 324 */ "with ::= WITH wqlist",
+ /* 325 */ "with ::= WITH RECURSIVE wqlist",
+ /* 326 */ "wqlist ::= nm eidlist_opt AS LP select RP",
+ /* 327 */ "wqlist ::= wqlist COMMA nm eidlist_opt AS LP select RP",
+};
+#endif /* NDEBUG */
+
+
+#if YYSTACKDEPTH<=0
+/*
+** Try to increase the size of the parser stack.
+*/
+static void yyGrowStack(yyParser *p){
+  int newSize;
+  yyStackEntry *pNew;
+
+  newSize = p->yystksz*2 + 100;
+  pNew = realloc(p->yystack, newSize*sizeof(pNew[0]));
+  if( pNew ){
+    p->yystack = pNew;
+    p->yystksz = newSize;
+#ifndef NDEBUG
+    if( yyTraceFILE ){
+      fprintf(yyTraceFILE,"%sStack grows to %d entries!\n",
+              yyTracePrompt, p->yystksz);
+    }
+#endif
+  }
+}
+#endif
+
+/* Datatype of the argument to the memory allocated passed as the
+** second argument to sqlite3ParserAlloc() below.  This can be changed by
+** putting an appropriate #define in the %include section of the input
+** grammar.
+*/
+#ifndef YYMALLOCARGTYPE
+# define YYMALLOCARGTYPE size_t
+#endif
+
+/* 
+** This function allocates a new parser.
+** The only argument is a pointer to a function which works like
+** malloc.
+**
+** Inputs:
+** A pointer to the function used to allocate memory.
+**
+** Outputs:
+** A pointer to a parser.  This pointer is used in subsequent calls
+** to sqlite3Parser and sqlite3ParserFree.
+*/
+SQLITE_PRIVATE void *sqlite3ParserAlloc(void *(*mallocProc)(YYMALLOCARGTYPE)){
+  yyParser *pParser;
+  pParser = (yyParser*)(*mallocProc)( (YYMALLOCARGTYPE)sizeof(yyParser) );
+  if( pParser ){
+    pParser->yyidx = -1;
+#ifdef YYTRACKMAXSTACKDEPTH
+    pParser->yyidxMax = 0;
+#endif
+#if YYSTACKDEPTH<=0
+    pParser->yystack = NULL;
+    pParser->yystksz = 0;
+    yyGrowStack(pParser);
+#endif
+  }
+  return pParser;
+}
+
+/* The following function deletes the "minor type" or semantic value
+** associated with a symbol.  The symbol can be either a terminal
+** or nonterminal. "yymajor" is the symbol code, and "yypminor" is
+** a pointer to the value to be deleted.  The code used to do the 
+** deletions is derived from the %destructor and/or %token_destructor
+** directives of the input grammar.
+*/
+static void yy_destructor(
+  yyParser *yypParser,    /* The parser */
+  YYCODETYPE yymajor,     /* Type code for object to destroy */
+  YYMINORTYPE *yypminor   /* The object to be destroyed */
+){
+  sqlite3ParserARG_FETCH;
+  switch( yymajor ){
+    /* Here is inserted the actions which take place when a
+    ** terminal or non-terminal is destroyed.  This can happen
+    ** when the symbol is popped from the stack during a
+    ** reduce or during error processing or when a parser is 
+    ** being destroyed before it is finished parsing.
+    **
+    ** Note: during a reduce, the only symbols destroyed are those
+    ** which appear on the RHS of the rule, but which are *not* used
+    ** inside the C code.
+    */
+/********* Begin destructor definitions ***************************************/
+    case 163: /* select */
+    case 196: /* selectnowith */
+    case 197: /* oneselect */
+    case 208: /* values */
+{
+sqlite3SelectDelete(pParse->db, (yypminor->yy387));
+}
+      break;
+    case 174: /* term */
+    case 175: /* expr */
+{
+sqlite3ExprDelete(pParse->db, (yypminor->yy118).pExpr);
+}
+      break;
+    case 179: /* eidlist_opt */
+    case 188: /* sortlist */
+    case 189: /* eidlist */
+    case 201: /* selcollist */
+    case 204: /* groupby_opt */
+    case 206: /* orderby_opt */
+    case 209: /* nexprlist */
+    case 210: /* exprlist */
+    case 211: /* sclp */
+    case 220: /* setlist */
+    case 227: /* case_exprlist */
+{
+sqlite3ExprListDelete(pParse->db, (yypminor->yy322));
+}
+      break;
+    case 195: /* fullname */
+    case 202: /* from */
+    case 213: /* seltablist */
+    case 214: /* stl_prefix */
+{
+sqlite3SrcListDelete(pParse->db, (yypminor->yy259));
+}
+      break;
+    case 198: /* with */
+    case 251: /* wqlist */
+{
+sqlite3WithDelete(pParse->db, (yypminor->yy451));
+}
+      break;
+    case 203: /* where_opt */
+    case 205: /* having_opt */
+    case 217: /* on_opt */
+    case 226: /* case_operand */
+    case 228: /* case_else */
+    case 237: /* when_clause */
+    case 242: /* key_opt */
+{
+sqlite3ExprDelete(pParse->db, (yypminor->yy314));
+}
+      break;
+    case 218: /* using_opt */
+    case 219: /* idlist */
+    case 222: /* idlist_opt */
+{
+sqlite3IdListDelete(pParse->db, (yypminor->yy384));
+}
+      break;
+    case 233: /* trigger_cmd_list */
+    case 238: /* trigger_cmd */
+{
+sqlite3DeleteTriggerStep(pParse->db, (yypminor->yy203));
+}
+      break;
+    case 235: /* trigger_event */
+{
+sqlite3IdListDelete(pParse->db, (yypminor->yy90).b);
+}
+      break;
+/********* End destructor definitions *****************************************/
+    default:  break;   /* If no destructor action specified: do nothing */
+  }
+}
+
+/*
+** Pop the parser's stack once.
+**
+** If there is a destructor routine associated with the token which
+** is popped from the stack, then call it.
+*/
+static void yy_pop_parser_stack(yyParser *pParser){
+  yyStackEntry *yytos;
+  assert( pParser->yyidx>=0 );
+  yytos = &pParser->yystack[pParser->yyidx--];
+#ifndef NDEBUG
+  if( yyTraceFILE ){
+    fprintf(yyTraceFILE,"%sPopping %s\n",
+      yyTracePrompt,
+      yyTokenName[yytos->major]);
+  }
+#endif
+  yy_destructor(pParser, yytos->major, &yytos->minor);
+}
+
+/* 
+** Deallocate and destroy a parser.  Destructors are called for
+** all stack elements before shutting the parser down.
+**
+** If the YYPARSEFREENEVERNULL macro exists (for example because it
+** is defined in a %include section of the input grammar) then it is
+** assumed that the input pointer is never NULL.
+*/
+SQLITE_PRIVATE void sqlite3ParserFree(
+  void *p,                    /* The parser to be deleted */
+  void (*freeProc)(void*)     /* Function used to reclaim memory */
+){
+  yyParser *pParser = (yyParser*)p;
+#ifndef YYPARSEFREENEVERNULL
+  if( pParser==0 ) return;
+#endif
+  while( pParser->yyidx>=0 ) yy_pop_parser_stack(pParser);
+#if YYSTACKDEPTH<=0
+  free(pParser->yystack);
+#endif
+  (*freeProc)((void*)pParser);
+}
+
+/*
+** Return the peak depth of the stack for a parser.
+*/
+#ifdef YYTRACKMAXSTACKDEPTH
+SQLITE_PRIVATE int sqlite3ParserStackPeak(void *p){
+  yyParser *pParser = (yyParser*)p;
+  return pParser->yyidxMax;
+}
+#endif
+
+/*
+** Find the appropriate action for a parser given the terminal
+** look-ahead token iLookAhead.
+*/
+static int yy_find_shift_action(
+  yyParser *pParser,        /* The parser */
+  YYCODETYPE iLookAhead     /* The look-ahead token */
+){
+  int i;
+  int stateno = pParser->yystack[pParser->yyidx].stateno;
+ 
+  if( stateno>=YY_MIN_REDUCE ) return stateno;
+  assert( stateno <= YY_SHIFT_COUNT );
+  do{
+    i = yy_shift_ofst[stateno];
+    if( i==YY_SHIFT_USE_DFLT ) return yy_default[stateno];
+    assert( iLookAhead!=YYNOCODE );
+    i += iLookAhead;
+    if( i<0 || i>=YY_ACTTAB_COUNT || yy_lookahead[i]!=iLookAhead ){
+      if( iLookAhead>0 ){
+#ifdef YYFALLBACK
+        YYCODETYPE iFallback;            /* Fallback token */
+        if( iLookAhead<sizeof(yyFallback)/sizeof(yyFallback[0])
+               && (iFallback = yyFallback[iLookAhead])!=0 ){
+#ifndef NDEBUG
+          if( yyTraceFILE ){
+            fprintf(yyTraceFILE, "%sFALLBACK %s => %s\n",
+               yyTracePrompt, yyTokenName[iLookAhead], yyTokenName[iFallback]);
+          }
+#endif
+          assert( yyFallback[iFallback]==0 ); /* Fallback loop must terminate */
+          iLookAhead = iFallback;
+          continue;
+        }
+#endif
+#ifdef YYWILDCARD
+        {
+          int j = i - iLookAhead + YYWILDCARD;
+          if( 
+#if YY_SHIFT_MIN+YYWILDCARD<0
+            j>=0 &&
+#endif
+#if YY_SHIFT_MAX+YYWILDCARD>=YY_ACTTAB_COUNT
+            j<YY_ACTTAB_COUNT &&
+#endif
+            yy_lookahead[j]==YYWILDCARD
+          ){
+#ifndef NDEBUG
+            if( yyTraceFILE ){
+              fprintf(yyTraceFILE, "%sWILDCARD %s => %s\n",
+                 yyTracePrompt, yyTokenName[iLookAhead],
+                 yyTokenName[YYWILDCARD]);
+            }
+#endif /* NDEBUG */
+            return yy_action[j];
+          }
+        }
+#endif /* YYWILDCARD */
+      }
+      return yy_default[stateno];
+    }else{
+      return yy_action[i];
+    }
+  }while(1);
+}
+
+/*
+** Find the appropriate action for a parser given the non-terminal
+** look-ahead token iLookAhead.
+*/
+static int yy_find_reduce_action(
+  int stateno,              /* Current state number */
+  YYCODETYPE iLookAhead     /* The look-ahead token */
+){
+  int i;
+#ifdef YYERRORSYMBOL
+  if( stateno>YY_REDUCE_COUNT ){
+    return yy_default[stateno];
+  }
+#else
+  assert( stateno<=YY_REDUCE_COUNT );
+#endif
+  i = yy_reduce_ofst[stateno];
+  assert( i!=YY_REDUCE_USE_DFLT );
+  assert( iLookAhead!=YYNOCODE );
+  i += iLookAhead;
+#ifdef YYERRORSYMBOL
+  if( i<0 || i>=YY_ACTTAB_COUNT || yy_lookahead[i]!=iLookAhead ){
+    return yy_default[stateno];
+  }
+#else
+  assert( i>=0 && i<YY_ACTTAB_COUNT );
+  assert( yy_lookahead[i]==iLookAhead );
+#endif
+  return yy_action[i];
+}
+
+/*
+** The following routine is called if the stack overflows.
+*/
+static void yyStackOverflow(yyParser *yypParser, YYMINORTYPE *yypMinor){
+   sqlite3ParserARG_FETCH;
+   yypParser->yyidx--;
+#ifndef NDEBUG
+   if( yyTraceFILE ){
+     fprintf(yyTraceFILE,"%sStack Overflow!\n",yyTracePrompt);
+   }
+#endif
+   while( yypParser->yyidx>=0 ) yy_pop_parser_stack(yypParser);
+   /* Here code is inserted which will execute if the parser
+   ** stack every overflows */
+/******** Begin %stack_overflow code ******************************************/
+
+  UNUSED_PARAMETER(yypMinor); /* Silence some compiler warnings */
+  sqlite3ErrorMsg(pParse, "parser stack overflow");
+/******** End %stack_overflow code ********************************************/
+   sqlite3ParserARG_STORE; /* Suppress warning about unused %extra_argument var */
+}
+
+/*
+** Print tracing information for a SHIFT action
+*/
+#ifndef NDEBUG
+static void yyTraceShift(yyParser *yypParser, int yyNewState){
+  if( yyTraceFILE ){
+    if( yyNewState<YYNSTATE ){
+      fprintf(yyTraceFILE,"%sShift '%s', go to state %d\n",
+         yyTracePrompt,yyTokenName[yypParser->yystack[yypParser->yyidx].major],
+         yyNewState);
+    }else{
+      fprintf(yyTraceFILE,"%sShift '%s'\n",
+         yyTracePrompt,yyTokenName[yypParser->yystack[yypParser->yyidx].major]);
+    }
+  }
+}
+#else
+# define yyTraceShift(X,Y)
+#endif
+
+/*
+** Perform a shift action.
+*/
+static void yy_shift(
+  yyParser *yypParser,          /* The parser to be shifted */
+  int yyNewState,               /* The new state to shift in */
+  int yyMajor,                  /* The major token to shift in */
+  YYMINORTYPE *yypMinor         /* Pointer to the minor token to shift in */
+){
+  yyStackEntry *yytos;
+  yypParser->yyidx++;
+#ifdef YYTRACKMAXSTACKDEPTH
+  if( yypParser->yyidx>yypParser->yyidxMax ){
+    yypParser->yyidxMax = yypParser->yyidx;
+  }
+#endif
+#if YYSTACKDEPTH>0 
+  if( yypParser->yyidx>=YYSTACKDEPTH ){
+    yyStackOverflow(yypParser, yypMinor);
+    return;
+  }
+#else
+  if( yypParser->yyidx>=yypParser->yystksz ){
+    yyGrowStack(yypParser);
+    if( yypParser->yyidx>=yypParser->yystksz ){
+      yyStackOverflow(yypParser, yypMinor);
+      return;
+    }
+  }
+#endif
+  yytos = &yypParser->yystack[yypParser->yyidx];
+  yytos->stateno = (YYACTIONTYPE)yyNewState;
+  yytos->major = (YYCODETYPE)yyMajor;
+  yytos->minor = *yypMinor;
+  yyTraceShift(yypParser, yyNewState);
+}
+
+/* The following table contains information about every rule that
+** is used during the reduce.
+*/
+static const struct {
+  YYCODETYPE lhs;         /* Symbol on the left-hand side of the rule */
+  unsigned char nrhs;     /* Number of right-hand side symbols in the rule */
+} yyRuleInfo[] = {
+  { 144, 1 },
+  { 145, 2 },
+  { 145, 1 },
+  { 146, 1 },
+  { 146, 3 },
+  { 147, 0 },
+  { 147, 1 },
+  { 147, 3 },
+  { 148, 1 },
+  { 149, 3 },
+  { 151, 0 },
+  { 151, 1 },
+  { 151, 2 },
+  { 150, 0 },
+  { 150, 1 },
+  { 150, 1 },
+  { 150, 1 },
+  { 149, 2 },
+  { 149, 2 },
+  { 149, 2 },
+  { 153, 1 },
+  { 153, 0 },
+  { 149, 2 },
+  { 149, 3 },
+  { 149, 5 },
+  { 149, 2 },
+  { 154, 6 },
+  { 156, 1 },
+  { 158, 0 },
+  { 158, 3 },
+  { 157, 1 },
+  { 157, 0 },
+  { 155, 5 },
+  { 155, 2 },
+  { 162, 0 },
+  { 162, 2 },
+  { 160, 3 },
+  { 160, 1 },
+  { 164, 3 },
+  { 165, 1 },
+  { 152, 1 },
+  { 152, 1 },
+  { 152, 1 },
+  { 166, 0 },
+  { 166, 1 },
+  { 168, 1 },
+  { 168, 4 },
+  { 168, 6 },
+  { 169, 1 },
+  { 169, 2 },
+  { 170, 1 },
+  { 170, 1 },
+  { 167, 2 },
+  { 167, 0 },
+  { 173, 2 },
+  { 173, 2 },
+  { 173, 4 },
+  { 173, 3 },
+  { 173, 3 },
+  { 173, 2 },
+  { 173, 2 },
+  { 173, 3 },
+  { 173, 5 },
+  { 173, 2 },
+  { 173, 4 },
+  { 173, 4 },
+  { 173, 1 },
+  { 173, 2 },
+  { 178, 0 },
+  { 178, 1 },
+  { 180, 0 },
+  { 180, 2 },
+  { 182, 2 },
+  { 182, 3 },
+  { 182, 3 },
+  { 182, 3 },
+  { 183, 2 },
+  { 183, 2 },
+  { 183, 1 },
+  { 183, 1 },
+  { 183, 2 },
+  { 181, 3 },
+  { 181, 2 },
+  { 184, 0 },
+  { 184, 2 },
+  { 184, 2 },
+  { 161, 0 },
+  { 161, 2 },
+  { 185, 3 },
+  { 185, 1 },
+  { 186, 1 },
+  { 186, 0 },
+  { 187, 2 },
+  { 187, 7 },
+  { 187, 5 },
+  { 187, 5 },
+  { 187, 10 },
+  { 190, 0 },
+  { 190, 1 },
+  { 176, 0 },
+  { 176, 3 },
+  { 191, 0 },
+  { 191, 2 },
+  { 192, 1 },
+  { 192, 1 },
+  { 192, 1 },
+  { 149, 4 },
+  { 194, 2 },
+  { 194, 0 },
+  { 149, 9 },
+  { 149, 4 },
+  { 149, 1 },
+  { 163, 2 },
+  { 196, 1 },
+  { 196, 3 },
+  { 199, 1 },
+  { 199, 2 },
+  { 199, 1 },
+  { 197, 9 },
+  { 197, 1 },
+  { 208, 4 },
+  { 208, 5 },
+  { 200, 1 },
+  { 200, 1 },
+  { 200, 0 },
+  { 211, 2 },
+  { 211, 0 },
+  { 201, 3 },
+  { 201, 2 },
+  { 201, 4 },
+  { 212, 2 },
+  { 212, 1 },
+  { 212, 0 },
+  { 202, 0 },
+  { 202, 2 },
+  { 214, 2 },
+  { 214, 0 },
+  { 213, 7 },
+  { 213, 9 },
+  { 213, 7 },
+  { 213, 7 },
+  { 159, 0 },
+  { 159, 2 },
+  { 195, 2 },
+  { 215, 1 },
+  { 215, 2 },
+  { 215, 3 },
+  { 215, 4 },
+  { 217, 2 },
+  { 217, 0 },
+  { 216, 0 },
+  { 216, 3 },
+  { 216, 2 },
+  { 218, 4 },
+  { 218, 0 },
+  { 206, 0 },
+  { 206, 3 },
+  { 188, 4 },
+  { 188, 2 },
+  { 177, 1 },
+  { 177, 1 },
+  { 177, 0 },
+  { 204, 0 },
+  { 204, 3 },
+  { 205, 0 },
+  { 205, 2 },
+  { 207, 0 },
+  { 207, 2 },
+  { 207, 4 },
+  { 207, 4 },
+  { 149, 6 },
+  { 203, 0 },
+  { 203, 2 },
+  { 149, 8 },
+  { 220, 5 },
+  { 220, 3 },
+  { 149, 6 },
+  { 149, 7 },
+  { 221, 2 },
+  { 221, 1 },
+  { 222, 0 },
+  { 222, 3 },
+  { 219, 3 },
+  { 219, 1 },
+  { 175, 1 },
+  { 175, 3 },
+  { 174, 1 },
+  { 175, 1 },
+  { 175, 1 },
+  { 175, 3 },
+  { 175, 5 },
+  { 174, 1 },
+  { 174, 1 },
+  { 175, 1 },
+  { 175, 3 },
+  { 175, 6 },
+  { 175, 5 },
+  { 175, 4 },
+  { 174, 1 },
+  { 175, 3 },
+  { 175, 3 },
+  { 175, 3 },
+  { 175, 3 },
+  { 175, 3 },
+  { 175, 3 },
+  { 175, 3 },
+  { 175, 3 },
+  { 223, 1 },
+  { 223, 2 },
+  { 175, 3 },
+  { 175, 5 },
+  { 175, 2 },
+  { 175, 3 },
+  { 175, 3 },
+  { 175, 4 },
+  { 175, 2 },
+  { 175, 2 },
+  { 175, 2 },
+  { 175, 2 },
+  { 224, 1 },
+  { 224, 2 },
+  { 175, 5 },
+  { 225, 1 },
+  { 225, 2 },
+  { 175, 5 },
+  { 175, 3 },
+  { 175, 5 },
+  { 175, 4 },
+  { 175, 4 },
+  { 175, 5 },
+  { 227, 5 },
+  { 227, 4 },
+  { 228, 2 },
+  { 228, 0 },
+  { 226, 1 },
+  { 226, 0 },
+  { 210, 1 },
+  { 210, 0 },
+  { 209, 3 },
+  { 209, 1 },
+  { 149, 12 },
+  { 229, 1 },
+  { 229, 0 },
+  { 179, 0 },
+  { 179, 3 },
+  { 189, 5 },
+  { 189, 3 },
+  { 230, 0 },
+  { 230, 2 },
+  { 149, 4 },
+  { 149, 1 },
+  { 149, 2 },
+  { 149, 3 },
+  { 149, 5 },
+  { 149, 6 },
+  { 149, 5 },
+  { 149, 6 },
+  { 231, 1 },
+  { 231, 1 },
+  { 231, 1 },
+  { 231, 1 },
+  { 231, 1 },
+  { 171, 2 },
+  { 171, 1 },
+  { 172, 2 },
+  { 149, 5 },
+  { 232, 11 },
+  { 234, 1 },
+  { 234, 1 },
+  { 234, 2 },
+  { 234, 0 },
+  { 235, 1 },
+  { 235, 1 },
+  { 235, 3 },
+  { 236, 0 },
+  { 236, 3 },
+  { 237, 0 },
+  { 237, 2 },
+  { 233, 3 },
+  { 233, 2 },
+  { 239, 1 },
+  { 239, 3 },
+  { 240, 0 },
+  { 240, 3 },
+  { 240, 2 },
+  { 238, 7 },
+  { 238, 5 },
+  { 238, 5 },
+  { 238, 1 },
+  { 175, 4 },
+  { 175, 6 },
+  { 193, 1 },
+  { 193, 1 },
+  { 193, 1 },
+  { 149, 4 },
+  { 149, 6 },
+  { 149, 3 },
+  { 242, 0 },
+  { 242, 2 },
+  { 241, 1 },
+  { 241, 0 },
+  { 149, 1 },
+  { 149, 3 },
+  { 149, 1 },
+  { 149, 3 },
+  { 149, 6 },
+  { 149, 6 },
+  { 243, 1 },
+  { 244, 0 },
+  { 244, 1 },
+  { 149, 1 },
+  { 149, 4 },
+  { 245, 8 },
+  { 246, 1 },
+  { 246, 3 },
+  { 247, 0 },
+  { 247, 2 },
+  { 248, 1 },
+  { 248, 3 },
+  { 249, 1 },
+  { 250, 0 },
+  { 250, 4 },
+  { 250, 2 },
+  { 198, 0 },
+  { 198, 2 },
+  { 198, 3 },
+  { 251, 6 },
+  { 251, 8 },
+};
+
+static void yy_accept(yyParser*);  /* Forward Declaration */
+
+/*
+** Perform a reduce action and the shift that must immediately
+** follow the reduce.
+*/
+static void yy_reduce(
+  yyParser *yypParser,         /* The parser */
+  int yyruleno                 /* Number of the rule by which to reduce */
+){
+  int yygoto;                     /* The next state */
+  int yyact;                      /* The next action */
+  YYMINORTYPE yygotominor;        /* The LHS of the rule reduced */
+  yyStackEntry *yymsp;            /* The top of the parser's stack */
+  int yysize;                     /* Amount to pop the stack */
+  sqlite3ParserARG_FETCH;
+  yymsp = &yypParser->yystack[yypParser->yyidx];
+#ifndef NDEBUG
+  if( yyTraceFILE && yyruleno>=0 
+        && yyruleno<(int)(sizeof(yyRuleName)/sizeof(yyRuleName[0])) ){
+    yysize = yyRuleInfo[yyruleno].nrhs;
+    fprintf(yyTraceFILE, "%sReduce [%s], go to state %d.\n", yyTracePrompt,
+      yyRuleName[yyruleno], yymsp[-yysize].stateno);
+  }
+#endif /* NDEBUG */
+  yygotominor = yyzerominor;
+
+  switch( yyruleno ){
+  /* Beginning here are the reduction cases.  A typical example
+  ** follows:
+  **   case 0:
+  **  #line <lineno> <grammarfile>
+  **     { ... }           // User supplied code
+  **  #line <lineno> <thisfile>
+  **     break;
+  */
+/********** Begin reduce actions **********************************************/
+      case 5: /* explain ::= */
+{ sqlite3BeginParse(pParse, 0); }
+        break;
+      case 6: /* explain ::= EXPLAIN */
+{ sqlite3BeginParse(pParse, 1); }
+        break;
+      case 7: /* explain ::= EXPLAIN QUERY PLAN */
+{ sqlite3BeginParse(pParse, 2); }
+        break;
+      case 8: /* cmdx ::= cmd */
+{ sqlite3FinishCoding(pParse); }
+        break;
+      case 9: /* cmd ::= BEGIN transtype trans_opt */
+{sqlite3BeginTransaction(pParse, yymsp[-1].minor.yy4);}
+        break;
+      case 13: /* transtype ::= */
+{yygotominor.yy4 = TK_DEFERRED;}
+        break;
+      case 14: /* transtype ::= DEFERRED */
+      case 15: /* transtype ::= IMMEDIATE */ yytestcase(yyruleno==15);
+      case 16: /* transtype ::= EXCLUSIVE */ yytestcase(yyruleno==16);
+      case 115: /* multiselect_op ::= UNION */ yytestcase(yyruleno==115);
+      case 117: /* multiselect_op ::= EXCEPT|INTERSECT */ yytestcase(yyruleno==117);
+{yygotominor.yy4 = yymsp[0].major;}
+        break;
+      case 17: /* cmd ::= COMMIT trans_opt */
+      case 18: /* cmd ::= END trans_opt */ yytestcase(yyruleno==18);
+{sqlite3CommitTransaction(pParse);}
+        break;
+      case 19: /* cmd ::= ROLLBACK trans_opt */
+{sqlite3RollbackTransaction(pParse);}
+        break;
+      case 22: /* cmd ::= SAVEPOINT nm */
+{
+  sqlite3Savepoint(pParse, SAVEPOINT_BEGIN, &yymsp[0].minor.yy0);
+}
+        break;
+      case 23: /* cmd ::= RELEASE savepoint_opt nm */
+{
+  sqlite3Savepoint(pParse, SAVEPOINT_RELEASE, &yymsp[0].minor.yy0);
+}
+        break;
+      case 24: /* cmd ::= ROLLBACK trans_opt TO savepoint_opt nm */
+{
+  sqlite3Savepoint(pParse, SAVEPOINT_ROLLBACK, &yymsp[0].minor.yy0);
+}
+        break;
+      case 26: /* create_table ::= createkw temp TABLE ifnotexists nm dbnm */
+{
+   sqlite3StartTable(pParse,&yymsp[-1].minor.yy0,&yymsp[0].minor.yy0,yymsp[-4].minor.yy4,0,0,yymsp[-2].minor.yy4);
+}
+        break;
+      case 27: /* createkw ::= CREATE */
+{
+  pParse->db->lookaside.bEnabled = 0;
+  yygotominor.yy0 = yymsp[0].minor.yy0;
+}
+        break;
+      case 28: /* ifnotexists ::= */
+      case 31: /* temp ::= */ yytestcase(yyruleno==31);
+      case 34: /* table_options ::= */ yytestcase(yyruleno==34);
+      case 68: /* autoinc ::= */ yytestcase(yyruleno==68);
+      case 81: /* defer_subclause ::= NOT DEFERRABLE init_deferred_pred_opt */ yytestcase(yyruleno==81);
+      case 83: /* init_deferred_pred_opt ::= */ yytestcase(yyruleno==83);
+      case 85: /* init_deferred_pred_opt ::= INITIALLY IMMEDIATE */ yytestcase(yyruleno==85);
+      case 97: /* defer_subclause_opt ::= */ yytestcase(yyruleno==97);
+      case 108: /* ifexists ::= */ yytestcase(yyruleno==108);
+      case 124: /* distinct ::= */ yytestcase(yyruleno==124);
+      case 219: /* between_op ::= BETWEEN */ yytestcase(yyruleno==219);
+      case 222: /* in_op ::= IN */ yytestcase(yyruleno==222);
+      case 247: /* collate ::= */ yytestcase(yyruleno==247);
+{yygotominor.yy4 = 0;}
+        break;
+      case 29: /* ifnotexists ::= IF NOT EXISTS */
+      case 30: /* temp ::= TEMP */ yytestcase(yyruleno==30);
+      case 69: /* autoinc ::= AUTOINCR */ yytestcase(yyruleno==69);
+      case 84: /* init_deferred_pred_opt ::= INITIALLY DEFERRED */ yytestcase(yyruleno==84);
+      case 107: /* ifexists ::= IF EXISTS */ yytestcase(yyruleno==107);
+      case 220: /* between_op ::= NOT BETWEEN */ yytestcase(yyruleno==220);
+      case 223: /* in_op ::= NOT IN */ yytestcase(yyruleno==223);
+      case 248: /* collate ::= COLLATE ID|STRING */ yytestcase(yyruleno==248);
+{yygotominor.yy4 = 1;}
+        break;
+      case 32: /* create_table_args ::= LP columnlist conslist_opt RP table_options */
+{
+  sqlite3EndTable(pParse,&yymsp[-2].minor.yy0,&yymsp[-1].minor.yy0,yymsp[0].minor.yy4,0);
+}
+        break;
+      case 33: /* create_table_args ::= AS select */
+{
+  sqlite3EndTable(pParse,0,0,0,yymsp[0].minor.yy387);
+  sqlite3SelectDelete(pParse->db, yymsp[0].minor.yy387);
+}
+        break;
+      case 35: /* table_options ::= WITHOUT nm */
+{
+  if( yymsp[0].minor.yy0.n==5 && sqlite3_strnicmp(yymsp[0].minor.yy0.z,"rowid",5)==0 ){
+    yygotominor.yy4 = TF_WithoutRowid | TF_NoVisibleRowid;
+  }else{
+    yygotominor.yy4 = 0;
+    sqlite3ErrorMsg(pParse, "unknown table option: %.*s", yymsp[0].minor.yy0.n, yymsp[0].minor.yy0.z);
+  }
+}
+        break;
+      case 38: /* column ::= columnid type carglist */
+{
+  yygotominor.yy0.z = yymsp[-2].minor.yy0.z;
+  yygotominor.yy0.n = (int)(pParse->sLastToken.z-yymsp[-2].minor.yy0.z) + pParse->sLastToken.n;
+}
+        break;
+      case 39: /* columnid ::= nm */
+{
+  sqlite3AddColumn(pParse,&yymsp[0].minor.yy0);
+  yygotominor.yy0 = yymsp[0].minor.yy0;
+  pParse->constraintName.n = 0;
+}
+        break;
+      case 40: /* nm ::= ID|INDEXED */
+      case 41: /* nm ::= STRING */ yytestcase(yyruleno==41);
+      case 42: /* nm ::= JOIN_KW */ yytestcase(yyruleno==42);
+      case 45: /* typetoken ::= typename */ yytestcase(yyruleno==45);
+      case 48: /* typename ::= ID|STRING */ yytestcase(yyruleno==48);
+      case 130: /* as ::= AS nm */ yytestcase(yyruleno==130);
+      case 131: /* as ::= ID|STRING */ yytestcase(yyruleno==131);
+      case 142: /* dbnm ::= DOT nm */ yytestcase(yyruleno==142);
+      case 151: /* indexed_opt ::= INDEXED BY nm */ yytestcase(yyruleno==151);
+      case 257: /* nmnum ::= plus_num */ yytestcase(yyruleno==257);
+      case 258: /* nmnum ::= nm */ yytestcase(yyruleno==258);
+      case 259: /* nmnum ::= ON */ yytestcase(yyruleno==259);
+      case 260: /* nmnum ::= DELETE */ yytestcase(yyruleno==260);
+      case 261: /* nmnum ::= DEFAULT */ yytestcase(yyruleno==261);
+      case 262: /* plus_num ::= PLUS INTEGER|FLOAT */ yytestcase(yyruleno==262);
+      case 263: /* plus_num ::= INTEGER|FLOAT */ yytestcase(yyruleno==263);
+      case 264: /* minus_num ::= MINUS INTEGER|FLOAT */ yytestcase(yyruleno==264);
+      case 280: /* trnm ::= nm */ yytestcase(yyruleno==280);
+{yygotominor.yy0 = yymsp[0].minor.yy0;}
+        break;
+      case 44: /* type ::= typetoken */
+{sqlite3AddColumnType(pParse,&yymsp[0].minor.yy0);}
+        break;
+      case 46: /* typetoken ::= typename LP signed RP */
+{
+  yygotominor.yy0.z = yymsp[-3].minor.yy0.z;
+  yygotominor.yy0.n = (int)(&yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n] - yymsp[-3].minor.yy0.z);
+}
+        break;
+      case 47: /* typetoken ::= typename LP signed COMMA signed RP */
+{
+  yygotominor.yy0.z = yymsp[-5].minor.yy0.z;
+  yygotominor.yy0.n = (int)(&yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n] - yymsp[-5].minor.yy0.z);
+}
+        break;
+      case 49: /* typename ::= typename ID|STRING */
+{yygotominor.yy0.z=yymsp[-1].minor.yy0.z; yygotominor.yy0.n=yymsp[0].minor.yy0.n+(int)(yymsp[0].minor.yy0.z-yymsp[-1].minor.yy0.z);}
+        break;
+      case 54: /* ccons ::= CONSTRAINT nm */
+      case 92: /* tcons ::= CONSTRAINT nm */ yytestcase(yyruleno==92);
+{pParse->constraintName = yymsp[0].minor.yy0;}
+        break;
+      case 55: /* ccons ::= DEFAULT term */
+      case 57: /* ccons ::= DEFAULT PLUS term */ yytestcase(yyruleno==57);
+{sqlite3AddDefaultValue(pParse,&yymsp[0].minor.yy118);}
+        break;
+      case 56: /* ccons ::= DEFAULT LP expr RP */
+{sqlite3AddDefaultValue(pParse,&yymsp[-1].minor.yy118);}
+        break;
+      case 58: /* ccons ::= DEFAULT MINUS term */
+{
+  ExprSpan v;
+  v.pExpr = sqlite3PExpr(pParse, TK_UMINUS, yymsp[0].minor.yy118.pExpr, 0, 0);
+  v.zStart = yymsp[-1].minor.yy0.z;
+  v.zEnd = yymsp[0].minor.yy118.zEnd;
+  sqlite3AddDefaultValue(pParse,&v);
+}
+        break;
+      case 59: /* ccons ::= DEFAULT ID|INDEXED */
+{
+  ExprSpan v;
+  spanExpr(&v, pParse, TK_STRING, &yymsp[0].minor.yy0);
+  sqlite3AddDefaultValue(pParse,&v);
+}
+        break;
+      case 61: /* ccons ::= NOT NULL onconf */
+{sqlite3AddNotNull(pParse, yymsp[0].minor.yy4);}
+        break;
+      case 62: /* ccons ::= PRIMARY KEY sortorder onconf autoinc */
+{sqlite3AddPrimaryKey(pParse,0,yymsp[-1].minor.yy4,yymsp[0].minor.yy4,yymsp[-2].minor.yy4);}
+        break;
+      case 63: /* ccons ::= UNIQUE onconf */
+{sqlite3CreateIndex(pParse,0,0,0,0,yymsp[0].minor.yy4,0,0,0,0);}
+        break;
+      case 64: /* ccons ::= CHECK LP expr RP */
+{sqlite3AddCheckConstraint(pParse,yymsp[-1].minor.yy118.pExpr);}
+        break;
+      case 65: /* ccons ::= REFERENCES nm eidlist_opt refargs */
+{sqlite3CreateForeignKey(pParse,0,&yymsp[-2].minor.yy0,yymsp[-1].minor.yy322,yymsp[0].minor.yy4);}
+        break;
+      case 66: /* ccons ::= defer_subclause */
+{sqlite3DeferForeignKey(pParse,yymsp[0].minor.yy4);}
+        break;
+      case 67: /* ccons ::= COLLATE ID|STRING */
+{sqlite3AddCollateType(pParse, &yymsp[0].minor.yy0);}
+        break;
+      case 70: /* refargs ::= */
+{ yygotominor.yy4 = OE_None*0x0101; /* EV: R-19803-45884 */}
+        break;
+      case 71: /* refargs ::= refargs refarg */
+{ yygotominor.yy4 = (yymsp[-1].minor.yy4 & ~yymsp[0].minor.yy215.mask) | yymsp[0].minor.yy215.value; }
+        break;
+      case 72: /* refarg ::= MATCH nm */
+      case 73: /* refarg ::= ON INSERT refact */ yytestcase(yyruleno==73);
+{ yygotominor.yy215.value = 0;     yygotominor.yy215.mask = 0x000000; }
+        break;
+      case 74: /* refarg ::= ON DELETE refact */
+{ yygotominor.yy215.value = yymsp[0].minor.yy4;     yygotominor.yy215.mask = 0x0000ff; }
+        break;
+      case 75: /* refarg ::= ON UPDATE refact */
+{ yygotominor.yy215.value = yymsp[0].minor.yy4<<8;  yygotominor.yy215.mask = 0x00ff00; }
+        break;
+      case 76: /* refact ::= SET NULL */
+{ yygotominor.yy4 = OE_SetNull;  /* EV: R-33326-45252 */}
+        break;
+      case 77: /* refact ::= SET DEFAULT */
+{ yygotominor.yy4 = OE_SetDflt;  /* EV: R-33326-45252 */}
+        break;
+      case 78: /* refact ::= CASCADE */
+{ yygotominor.yy4 = OE_Cascade;  /* EV: R-33326-45252 */}
+        break;
+      case 79: /* refact ::= RESTRICT */
+{ yygotominor.yy4 = OE_Restrict; /* EV: R-33326-45252 */}
+        break;
+      case 80: /* refact ::= NO ACTION */
+{ yygotominor.yy4 = OE_None;     /* EV: R-33326-45252 */}
+        break;
+      case 82: /* defer_subclause ::= DEFERRABLE init_deferred_pred_opt */
+      case 98: /* defer_subclause_opt ::= defer_subclause */ yytestcase(yyruleno==98);
+      case 100: /* onconf ::= ON CONFLICT resolvetype */ yytestcase(yyruleno==100);
+      case 102: /* orconf ::= OR resolvetype */ yytestcase(yyruleno==102);
+      case 103: /* resolvetype ::= raisetype */ yytestcase(yyruleno==103);
+      case 178: /* insert_cmd ::= INSERT orconf */ yytestcase(yyruleno==178);
+{yygotominor.yy4 = yymsp[0].minor.yy4;}
+        break;
+      case 86: /* conslist_opt ::= */
+{yygotominor.yy0.n = 0; yygotominor.yy0.z = 0;}
+        break;
+      case 87: /* conslist_opt ::= COMMA conslist */
+{yygotominor.yy0 = yymsp[-1].minor.yy0;}
+        break;
+      case 90: /* tconscomma ::= COMMA */
+{pParse->constraintName.n = 0;}
+        break;
+      case 93: /* tcons ::= PRIMARY KEY LP sortlist autoinc RP onconf */
+{sqlite3AddPrimaryKey(pParse,yymsp[-3].minor.yy322,yymsp[0].minor.yy4,yymsp[-2].minor.yy4,0);}
+        break;
+      case 94: /* tcons ::= UNIQUE LP sortlist RP onconf */
+{sqlite3CreateIndex(pParse,0,0,0,yymsp[-2].minor.yy322,yymsp[0].minor.yy4,0,0,0,0);}
+        break;
+      case 95: /* tcons ::= CHECK LP expr RP onconf */
+{sqlite3AddCheckConstraint(pParse,yymsp[-2].minor.yy118.pExpr);}
+        break;
+      case 96: /* tcons ::= FOREIGN KEY LP eidlist RP REFERENCES nm eidlist_opt refargs defer_subclause_opt */
+{
+    sqlite3CreateForeignKey(pParse, yymsp[-6].minor.yy322, &yymsp[-3].minor.yy0, yymsp[-2].minor.yy322, yymsp[-1].minor.yy4);
+    sqlite3DeferForeignKey(pParse, yymsp[0].minor.yy4);
+}
+        break;
+      case 99: /* onconf ::= */
+      case 101: /* orconf ::= */ yytestcase(yyruleno==101);
+{yygotominor.yy4 = OE_Default;}
+        break;
+      case 104: /* resolvetype ::= IGNORE */
+{yygotominor.yy4 = OE_Ignore;}
+        break;
+      case 105: /* resolvetype ::= REPLACE */
+      case 179: /* insert_cmd ::= REPLACE */ yytestcase(yyruleno==179);
+{yygotominor.yy4 = OE_Replace;}
+        break;
+      case 106: /* cmd ::= DROP TABLE ifexists fullname */
+{
+  sqlite3DropTable(pParse, yymsp[0].minor.yy259, 0, yymsp[-1].minor.yy4);
+}
+        break;
+      case 109: /* cmd ::= createkw temp VIEW ifnotexists nm dbnm eidlist_opt AS select */
+{
+  sqlite3CreateView(pParse, &yymsp[-8].minor.yy0, &yymsp[-4].minor.yy0, &yymsp[-3].minor.yy0, yymsp[-2].minor.yy322, yymsp[0].minor.yy387, yymsp[-7].minor.yy4, yymsp[-5].minor.yy4);
+}
+        break;
+      case 110: /* cmd ::= DROP VIEW ifexists fullname */
+{
+  sqlite3DropTable(pParse, yymsp[0].minor.yy259, 1, yymsp[-1].minor.yy4);
+}
+        break;
+      case 111: /* cmd ::= select */
+{
+  SelectDest dest = {SRT_Output, 0, 0, 0, 0, 0};
+  sqlite3Select(pParse, yymsp[0].minor.yy387, &dest);
+  sqlite3SelectDelete(pParse->db, yymsp[0].minor.yy387);
+}
+        break;
+      case 112: /* select ::= with selectnowith */
+{
+  Select *p = yymsp[0].minor.yy387;
+  if( p ){
+    p->pWith = yymsp[-1].minor.yy451;
+    parserDoubleLinkSelect(pParse, p);
+  }else{
+    sqlite3WithDelete(pParse->db, yymsp[-1].minor.yy451);
+  }
+  yygotominor.yy387 = p;
+}
+        break;
+      case 113: /* selectnowith ::= oneselect */
+      case 119: /* oneselect ::= values */ yytestcase(yyruleno==119);
+{yygotominor.yy387 = yymsp[0].minor.yy387;}
+        break;
+      case 114: /* selectnowith ::= selectnowith multiselect_op oneselect */
+{
+  Select *pRhs = yymsp[0].minor.yy387;
+  Select *pLhs = yymsp[-2].minor.yy387;
+  if( pRhs && pRhs->pPrior ){
+    SrcList *pFrom;
+    Token x;
+    x.n = 0;
+    parserDoubleLinkSelect(pParse, pRhs);
+    pFrom = sqlite3SrcListAppendFromTerm(pParse,0,0,0,&x,pRhs,0,0);
+    pRhs = sqlite3SelectNew(pParse,0,pFrom,0,0,0,0,0,0,0);
+  }
+  if( pRhs ){
+    pRhs->op = (u8)yymsp[-1].minor.yy4;
+    pRhs->pPrior = pLhs;
+    if( ALWAYS(pLhs) ) pLhs->selFlags &= ~SF_MultiValue;
+    pRhs->selFlags &= ~SF_MultiValue;
+    if( yymsp[-1].minor.yy4!=TK_ALL ) pParse->hasCompound = 1;
+  }else{
+    sqlite3SelectDelete(pParse->db, pLhs);
+  }
+  yygotominor.yy387 = pRhs;
+}
+        break;
+      case 116: /* multiselect_op ::= UNION ALL */
+{yygotominor.yy4 = TK_ALL;}
+        break;
+      case 118: /* oneselect ::= SELECT distinct selcollist from where_opt groupby_opt having_opt orderby_opt limit_opt */
+{
+  yygotominor.yy387 = sqlite3SelectNew(pParse,yymsp[-6].minor.yy322,yymsp[-5].minor.yy259,yymsp[-4].minor.yy314,yymsp[-3].minor.yy322,yymsp[-2].minor.yy314,yymsp[-1].minor.yy322,yymsp[-7].minor.yy4,yymsp[0].minor.yy292.pLimit,yymsp[0].minor.yy292.pOffset);
+#if SELECTTRACE_ENABLED
+  /* Populate the Select.zSelName[] string that is used to help with
+  ** query planner debugging, to differentiate between multiple Select
+  ** objects in a complex query.
+  **
+  ** If the SELECT keyword is immediately followed by a C-style comment
+  ** then extract the first few alphanumeric characters from within that
+  ** comment to be the zSelName value.  Otherwise, the label is #N where
+  ** is an integer that is incremented with each SELECT statement seen.
+  */
+  if( yygotominor.yy387!=0 ){
+    const char *z = yymsp[-8].minor.yy0.z+6;
+    int i;
+    sqlite3_snprintf(sizeof(yygotominor.yy387->zSelName), yygotominor.yy387->zSelName, "#%d",
+                     ++pParse->nSelect);
+    while( z[0]==' ' ) z++;
+    if( z[0]=='/' && z[1]=='*' ){
+      z += 2;
+      while( z[0]==' ' ) z++;
+      for(i=0; sqlite3Isalnum(z[i]); i++){}
+      sqlite3_snprintf(sizeof(yygotominor.yy387->zSelName), yygotominor.yy387->zSelName, "%.*s", i, z);
+    }
+  }
+#endif /* SELECTRACE_ENABLED */
+}
+        break;
+      case 120: /* values ::= VALUES LP nexprlist RP */
+{
+  yygotominor.yy387 = sqlite3SelectNew(pParse,yymsp[-1].minor.yy322,0,0,0,0,0,SF_Values,0,0);
+}
+        break;
+      case 121: /* values ::= values COMMA LP exprlist RP */
+{
+  Select *pRight, *pLeft = yymsp[-4].minor.yy387;
+  pRight = sqlite3SelectNew(pParse,yymsp[-1].minor.yy322,0,0,0,0,0,SF_Values|SF_MultiValue,0,0);
+  if( ALWAYS(pLeft) ) pLeft->selFlags &= ~SF_MultiValue;
+  if( pRight ){
+    pRight->op = TK_ALL;
+    pLeft = yymsp[-4].minor.yy387;
+    pRight->pPrior = pLeft;
+    yygotominor.yy387 = pRight;
+  }else{
+    yygotominor.yy387 = pLeft;
+  }
+}
+        break;
+      case 122: /* distinct ::= DISTINCT */
+{yygotominor.yy4 = SF_Distinct;}
+        break;
+      case 123: /* distinct ::= ALL */
+{yygotominor.yy4 = SF_All;}
+        break;
+      case 125: /* sclp ::= selcollist COMMA */
+      case 244: /* eidlist_opt ::= LP eidlist RP */ yytestcase(yyruleno==244);
+{yygotominor.yy322 = yymsp[-1].minor.yy322;}
+        break;
+      case 126: /* sclp ::= */
+      case 155: /* orderby_opt ::= */ yytestcase(yyruleno==155);
+      case 162: /* groupby_opt ::= */ yytestcase(yyruleno==162);
+      case 237: /* exprlist ::= */ yytestcase(yyruleno==237);
+      case 243: /* eidlist_opt ::= */ yytestcase(yyruleno==243);
+{yygotominor.yy322 = 0;}
+        break;
+      case 127: /* selcollist ::= sclp expr as */
+{
+   yygotominor.yy322 = sqlite3ExprListAppend(pParse, yymsp[-2].minor.yy322, yymsp[-1].minor.yy118.pExpr);
+   if( yymsp[0].minor.yy0.n>0 ) sqlite3ExprListSetName(pParse, yygotominor.yy322, &yymsp[0].minor.yy0, 1);
+   sqlite3ExprListSetSpan(pParse,yygotominor.yy322,&yymsp[-1].minor.yy118);
+}
+        break;
+      case 128: /* selcollist ::= sclp STAR */
+{
+  Expr *p = sqlite3Expr(pParse->db, TK_ASTERISK, 0);
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse, yymsp[-1].minor.yy322, p);
+}
+        break;
+      case 129: /* selcollist ::= sclp nm DOT STAR */
+{
+  Expr *pRight = sqlite3PExpr(pParse, TK_ASTERISK, 0, 0, &yymsp[0].minor.yy0);
+  Expr *pLeft = sqlite3PExpr(pParse, TK_ID, 0, 0, &yymsp[-2].minor.yy0);
+  Expr *pDot = sqlite3PExpr(pParse, TK_DOT, pLeft, pRight, 0);
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse,yymsp[-3].minor.yy322, pDot);
+}
+        break;
+      case 132: /* as ::= */
+{yygotominor.yy0.n = 0;}
+        break;
+      case 133: /* from ::= */
+{yygotominor.yy259 = sqlite3DbMallocZero(pParse->db, sizeof(*yygotominor.yy259));}
+        break;
+      case 134: /* from ::= FROM seltablist */
+{
+  yygotominor.yy259 = yymsp[0].minor.yy259;
+  sqlite3SrcListShiftJoinType(yygotominor.yy259);
+}
+        break;
+      case 135: /* stl_prefix ::= seltablist joinop */
+{
+   yygotominor.yy259 = yymsp[-1].minor.yy259;
+   if( ALWAYS(yygotominor.yy259 && yygotominor.yy259->nSrc>0) ) yygotominor.yy259->a[yygotominor.yy259->nSrc-1].fg.jointype = (u8)yymsp[0].minor.yy4;
+}
+        break;
+      case 136: /* stl_prefix ::= */
+{yygotominor.yy259 = 0;}
+        break;
+      case 137: /* seltablist ::= stl_prefix nm dbnm as indexed_opt on_opt using_opt */
+{
+  yygotominor.yy259 = sqlite3SrcListAppendFromTerm(pParse,yymsp[-6].minor.yy259,&yymsp[-5].minor.yy0,&yymsp[-4].minor.yy0,&yymsp[-3].minor.yy0,0,yymsp[-1].minor.yy314,yymsp[0].minor.yy384);
+  sqlite3SrcListIndexedBy(pParse, yygotominor.yy259, &yymsp[-2].minor.yy0);
+}
+        break;
+      case 138: /* seltablist ::= stl_prefix nm dbnm LP exprlist RP as on_opt using_opt */
+{
+  yygotominor.yy259 = sqlite3SrcListAppendFromTerm(pParse,yymsp[-8].minor.yy259,&yymsp[-7].minor.yy0,&yymsp[-6].minor.yy0,&yymsp[-2].minor.yy0,0,yymsp[-1].minor.yy314,yymsp[0].minor.yy384);
+  sqlite3SrcListFuncArgs(pParse, yygotominor.yy259, yymsp[-4].minor.yy322);
+}
+        break;
+      case 139: /* seltablist ::= stl_prefix LP select RP as on_opt using_opt */
+{
+    yygotominor.yy259 = sqlite3SrcListAppendFromTerm(pParse,yymsp[-6].minor.yy259,0,0,&yymsp[-2].minor.yy0,yymsp[-4].minor.yy387,yymsp[-1].minor.yy314,yymsp[0].minor.yy384);
+  }
+        break;
+      case 140: /* seltablist ::= stl_prefix LP seltablist RP as on_opt using_opt */
+{
+    if( yymsp[-6].minor.yy259==0 && yymsp[-2].minor.yy0.n==0 && yymsp[-1].minor.yy314==0 && yymsp[0].minor.yy384==0 ){
+      yygotominor.yy259 = yymsp[-4].minor.yy259;
+    }else if( yymsp[-4].minor.yy259->nSrc==1 ){
+      yygotominor.yy259 = sqlite3SrcListAppendFromTerm(pParse,yymsp[-6].minor.yy259,0,0,&yymsp[-2].minor.yy0,0,yymsp[-1].minor.yy314,yymsp[0].minor.yy384);
+      if( yygotominor.yy259 ){
+        struct SrcList_item *pNew = &yygotominor.yy259->a[yygotominor.yy259->nSrc-1];
+        struct SrcList_item *pOld = yymsp[-4].minor.yy259->a;
+        pNew->zName = pOld->zName;
+        pNew->zDatabase = pOld->zDatabase;
+        pNew->pSelect = pOld->pSelect;
+        pOld->zName = pOld->zDatabase = 0;
+        pOld->pSelect = 0;
+      }
+      sqlite3SrcListDelete(pParse->db, yymsp[-4].minor.yy259);
+    }else{
+      Select *pSubquery;
+      sqlite3SrcListShiftJoinType(yymsp[-4].minor.yy259);
+      pSubquery = sqlite3SelectNew(pParse,0,yymsp[-4].minor.yy259,0,0,0,0,SF_NestedFrom,0,0);
+      yygotominor.yy259 = sqlite3SrcListAppendFromTerm(pParse,yymsp[-6].minor.yy259,0,0,&yymsp[-2].minor.yy0,pSubquery,yymsp[-1].minor.yy314,yymsp[0].minor.yy384);
+    }
+  }
+        break;
+      case 141: /* dbnm ::= */
+      case 150: /* indexed_opt ::= */ yytestcase(yyruleno==150);
+{yygotominor.yy0.z=0; yygotominor.yy0.n=0;}
+        break;
+      case 143: /* fullname ::= nm dbnm */
+{yygotominor.yy259 = sqlite3SrcListAppend(pParse->db,0,&yymsp[-1].minor.yy0,&yymsp[0].minor.yy0);}
+        break;
+      case 144: /* joinop ::= COMMA|JOIN */
+{ yygotominor.yy4 = JT_INNER; }
+        break;
+      case 145: /* joinop ::= JOIN_KW JOIN */
+{ yygotominor.yy4 = sqlite3JoinType(pParse,&yymsp[-1].minor.yy0,0,0); }
+        break;
+      case 146: /* joinop ::= JOIN_KW nm JOIN */
+{ yygotominor.yy4 = sqlite3JoinType(pParse,&yymsp[-2].minor.yy0,&yymsp[-1].minor.yy0,0); }
+        break;
+      case 147: /* joinop ::= JOIN_KW nm nm JOIN */
+{ yygotominor.yy4 = sqlite3JoinType(pParse,&yymsp[-3].minor.yy0,&yymsp[-2].minor.yy0,&yymsp[-1].minor.yy0); }
+        break;
+      case 148: /* on_opt ::= ON expr */
+      case 165: /* having_opt ::= HAVING expr */ yytestcase(yyruleno==165);
+      case 172: /* where_opt ::= WHERE expr */ yytestcase(yyruleno==172);
+      case 232: /* case_else ::= ELSE expr */ yytestcase(yyruleno==232);
+      case 234: /* case_operand ::= expr */ yytestcase(yyruleno==234);
+{yygotominor.yy314 = yymsp[0].minor.yy118.pExpr;}
+        break;
+      case 149: /* on_opt ::= */
+      case 164: /* having_opt ::= */ yytestcase(yyruleno==164);
+      case 171: /* where_opt ::= */ yytestcase(yyruleno==171);
+      case 233: /* case_else ::= */ yytestcase(yyruleno==233);
+      case 235: /* case_operand ::= */ yytestcase(yyruleno==235);
+{yygotominor.yy314 = 0;}
+        break;
+      case 152: /* indexed_opt ::= NOT INDEXED */
+{yygotominor.yy0.z=0; yygotominor.yy0.n=1;}
+        break;
+      case 153: /* using_opt ::= USING LP idlist RP */
+      case 181: /* idlist_opt ::= LP idlist RP */ yytestcase(yyruleno==181);
+{yygotominor.yy384 = yymsp[-1].minor.yy384;}
+        break;
+      case 154: /* using_opt ::= */
+      case 180: /* idlist_opt ::= */ yytestcase(yyruleno==180);
+{yygotominor.yy384 = 0;}
+        break;
+      case 156: /* orderby_opt ::= ORDER BY sortlist */
+      case 163: /* groupby_opt ::= GROUP BY nexprlist */ yytestcase(yyruleno==163);
+      case 236: /* exprlist ::= nexprlist */ yytestcase(yyruleno==236);
+{yygotominor.yy322 = yymsp[0].minor.yy322;}
+        break;
+      case 157: /* sortlist ::= sortlist COMMA expr sortorder */
+{
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse,yymsp[-3].minor.yy322,yymsp[-1].minor.yy118.pExpr);
+  sqlite3ExprListSetSortOrder(yygotominor.yy322,yymsp[0].minor.yy4);
+}
+        break;
+      case 158: /* sortlist ::= expr sortorder */
+{
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse,0,yymsp[-1].minor.yy118.pExpr);
+  sqlite3ExprListSetSortOrder(yygotominor.yy322,yymsp[0].minor.yy4);
+}
+        break;
+      case 159: /* sortorder ::= ASC */
+{yygotominor.yy4 = SQLITE_SO_ASC;}
+        break;
+      case 160: /* sortorder ::= DESC */
+{yygotominor.yy4 = SQLITE_SO_DESC;}
+        break;
+      case 161: /* sortorder ::= */
+{yygotominor.yy4 = SQLITE_SO_UNDEFINED;}
+        break;
+      case 166: /* limit_opt ::= */
+{yygotominor.yy292.pLimit = 0; yygotominor.yy292.pOffset = 0;}
+        break;
+      case 167: /* limit_opt ::= LIMIT expr */
+{yygotominor.yy292.pLimit = yymsp[0].minor.yy118.pExpr; yygotominor.yy292.pOffset = 0;}
+        break;
+      case 168: /* limit_opt ::= LIMIT expr OFFSET expr */
+{yygotominor.yy292.pLimit = yymsp[-2].minor.yy118.pExpr; yygotominor.yy292.pOffset = yymsp[0].minor.yy118.pExpr;}
+        break;
+      case 169: /* limit_opt ::= LIMIT expr COMMA expr */
+{yygotominor.yy292.pOffset = yymsp[-2].minor.yy118.pExpr; yygotominor.yy292.pLimit = yymsp[0].minor.yy118.pExpr;}
+        break;
+      case 170: /* cmd ::= with DELETE FROM fullname indexed_opt where_opt */
+{
+  sqlite3WithPush(pParse, yymsp[-5].minor.yy451, 1);
+  sqlite3SrcListIndexedBy(pParse, yymsp[-2].minor.yy259, &yymsp[-1].minor.yy0);
+  sqlite3DeleteFrom(pParse,yymsp[-2].minor.yy259,yymsp[0].minor.yy314);
+}
+        break;
+      case 173: /* cmd ::= with UPDATE orconf fullname indexed_opt SET setlist where_opt */
+{
+  sqlite3WithPush(pParse, yymsp[-7].minor.yy451, 1);
+  sqlite3SrcListIndexedBy(pParse, yymsp[-4].minor.yy259, &yymsp[-3].minor.yy0);
+  sqlite3ExprListCheckLength(pParse,yymsp[-1].minor.yy322,"set list"); 
+  sqlite3Update(pParse,yymsp[-4].minor.yy259,yymsp[-1].minor.yy322,yymsp[0].minor.yy314,yymsp[-5].minor.yy4);
+}
+        break;
+      case 174: /* setlist ::= setlist COMMA nm EQ expr */
+{
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse, yymsp[-4].minor.yy322, yymsp[0].minor.yy118.pExpr);
+  sqlite3ExprListSetName(pParse, yygotominor.yy322, &yymsp[-2].minor.yy0, 1);
+}
+        break;
+      case 175: /* setlist ::= nm EQ expr */
+{
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse, 0, yymsp[0].minor.yy118.pExpr);
+  sqlite3ExprListSetName(pParse, yygotominor.yy322, &yymsp[-2].minor.yy0, 1);
+}
+        break;
+      case 176: /* cmd ::= with insert_cmd INTO fullname idlist_opt select */
+{
+  sqlite3WithPush(pParse, yymsp[-5].minor.yy451, 1);
+  sqlite3Insert(pParse, yymsp[-2].minor.yy259, yymsp[0].minor.yy387, yymsp[-1].minor.yy384, yymsp[-4].minor.yy4);
+}
+        break;
+      case 177: /* cmd ::= with insert_cmd INTO fullname idlist_opt DEFAULT VALUES */
+{
+  sqlite3WithPush(pParse, yymsp[-6].minor.yy451, 1);
+  sqlite3Insert(pParse, yymsp[-3].minor.yy259, 0, yymsp[-2].minor.yy384, yymsp[-5].minor.yy4);
+}
+        break;
+      case 182: /* idlist ::= idlist COMMA nm */
+{yygotominor.yy384 = sqlite3IdListAppend(pParse->db,yymsp[-2].minor.yy384,&yymsp[0].minor.yy0);}
+        break;
+      case 183: /* idlist ::= nm */
+{yygotominor.yy384 = sqlite3IdListAppend(pParse->db,0,&yymsp[0].minor.yy0);}
+        break;
+      case 184: /* expr ::= term */
+{yygotominor.yy118 = yymsp[0].minor.yy118;}
+        break;
+      case 185: /* expr ::= LP expr RP */
+{yygotominor.yy118.pExpr = yymsp[-1].minor.yy118.pExpr; spanSet(&yygotominor.yy118,&yymsp[-2].minor.yy0,&yymsp[0].minor.yy0);}
+        break;
+      case 186: /* term ::= NULL */
+      case 191: /* term ::= INTEGER|FLOAT|BLOB */ yytestcase(yyruleno==191);
+      case 192: /* term ::= STRING */ yytestcase(yyruleno==192);
+{spanExpr(&yygotominor.yy118, pParse, yymsp[0].major, &yymsp[0].minor.yy0);}
+        break;
+      case 187: /* expr ::= ID|INDEXED */
+      case 188: /* expr ::= JOIN_KW */ yytestcase(yyruleno==188);
+{spanExpr(&yygotominor.yy118, pParse, TK_ID, &yymsp[0].minor.yy0);}
+        break;
+      case 189: /* expr ::= nm DOT nm */
+{
+  Expr *temp1 = sqlite3PExpr(pParse, TK_ID, 0, 0, &yymsp[-2].minor.yy0);
+  Expr *temp2 = sqlite3PExpr(pParse, TK_ID, 0, 0, &yymsp[0].minor.yy0);
+  yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_DOT, temp1, temp2, 0);
+  spanSet(&yygotominor.yy118,&yymsp[-2].minor.yy0,&yymsp[0].minor.yy0);
+}
+        break;
+      case 190: /* expr ::= nm DOT nm DOT nm */
+{
+  Expr *temp1 = sqlite3PExpr(pParse, TK_ID, 0, 0, &yymsp[-4].minor.yy0);
+  Expr *temp2 = sqlite3PExpr(pParse, TK_ID, 0, 0, &yymsp[-2].minor.yy0);
+  Expr *temp3 = sqlite3PExpr(pParse, TK_ID, 0, 0, &yymsp[0].minor.yy0);
+  Expr *temp4 = sqlite3PExpr(pParse, TK_DOT, temp2, temp3, 0);
+  yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_DOT, temp1, temp4, 0);
+  spanSet(&yygotominor.yy118,&yymsp[-4].minor.yy0,&yymsp[0].minor.yy0);
+}
+        break;
+      case 193: /* expr ::= VARIABLE */
+{
+  if( yymsp[0].minor.yy0.n>=2 && yymsp[0].minor.yy0.z[0]=='#' && sqlite3Isdigit(yymsp[0].minor.yy0.z[1]) ){
+    /* When doing a nested parse, one can include terms in an expression
+    ** that look like this:   #1 #2 ...  These terms refer to registers
+    ** in the virtual machine.  #N is the N-th register. */
+    if( pParse->nested==0 ){
+      sqlite3ErrorMsg(pParse, "near \"%T\": syntax error", &yymsp[0].minor.yy0);
+      yygotominor.yy118.pExpr = 0;
+    }else{
+      yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_REGISTER, 0, 0, &yymsp[0].minor.yy0);
+      if( yygotominor.yy118.pExpr ) sqlite3GetInt32(&yymsp[0].minor.yy0.z[1], &yygotominor.yy118.pExpr->iTable);
+    }
+  }else{
+    spanExpr(&yygotominor.yy118, pParse, TK_VARIABLE, &yymsp[0].minor.yy0);
+    sqlite3ExprAssignVarNumber(pParse, yygotominor.yy118.pExpr);
+  }
+  spanSet(&yygotominor.yy118, &yymsp[0].minor.yy0, &yymsp[0].minor.yy0);
+}
+        break;
+      case 194: /* expr ::= expr COLLATE ID|STRING */
+{
+  yygotominor.yy118.pExpr = sqlite3ExprAddCollateToken(pParse, yymsp[-2].minor.yy118.pExpr, &yymsp[0].minor.yy0, 1);
+  yygotominor.yy118.zStart = yymsp[-2].minor.yy118.zStart;
+  yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+}
+        break;
+      case 195: /* expr ::= CAST LP expr AS typetoken RP */
+{
+  yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_CAST, yymsp[-3].minor.yy118.pExpr, 0, &yymsp[-1].minor.yy0);
+  spanSet(&yygotominor.yy118,&yymsp[-5].minor.yy0,&yymsp[0].minor.yy0);
+}
+        break;
+      case 196: /* expr ::= ID|INDEXED LP distinct exprlist RP */
+{
+  if( yymsp[-1].minor.yy322 && yymsp[-1].minor.yy322->nExpr>pParse->db->aLimit[SQLITE_LIMIT_FUNCTION_ARG] ){
+    sqlite3ErrorMsg(pParse, "too many arguments on function %T", &yymsp[-4].minor.yy0);
+  }
+  yygotominor.yy118.pExpr = sqlite3ExprFunction(pParse, yymsp[-1].minor.yy322, &yymsp[-4].minor.yy0);
+  spanSet(&yygotominor.yy118,&yymsp[-4].minor.yy0,&yymsp[0].minor.yy0);
+  if( yymsp[-2].minor.yy4==SF_Distinct && yygotominor.yy118.pExpr ){
+    yygotominor.yy118.pExpr->flags |= EP_Distinct;
+  }
+}
+        break;
+      case 197: /* expr ::= ID|INDEXED LP STAR RP */
+{
+  yygotominor.yy118.pExpr = sqlite3ExprFunction(pParse, 0, &yymsp[-3].minor.yy0);
+  spanSet(&yygotominor.yy118,&yymsp[-3].minor.yy0,&yymsp[0].minor.yy0);
+}
+        break;
+      case 198: /* term ::= CTIME_KW */
+{
+  yygotominor.yy118.pExpr = sqlite3ExprFunction(pParse, 0, &yymsp[0].minor.yy0);
+  spanSet(&yygotominor.yy118, &yymsp[0].minor.yy0, &yymsp[0].minor.yy0);
+}
+        break;
+      case 199: /* expr ::= expr AND expr */
+      case 200: /* expr ::= expr OR expr */ yytestcase(yyruleno==200);
+      case 201: /* expr ::= expr LT|GT|GE|LE expr */ yytestcase(yyruleno==201);
+      case 202: /* expr ::= expr EQ|NE expr */ yytestcase(yyruleno==202);
+      case 203: /* expr ::= expr BITAND|BITOR|LSHIFT|RSHIFT expr */ yytestcase(yyruleno==203);
+      case 204: /* expr ::= expr PLUS|MINUS expr */ yytestcase(yyruleno==204);
+      case 205: /* expr ::= expr STAR|SLASH|REM expr */ yytestcase(yyruleno==205);
+      case 206: /* expr ::= expr CONCAT expr */ yytestcase(yyruleno==206);
+{spanBinaryExpr(&yygotominor.yy118,pParse,yymsp[-1].major,&yymsp[-2].minor.yy118,&yymsp[0].minor.yy118);}
+        break;
+      case 207: /* likeop ::= LIKE_KW|MATCH */
+{yygotominor.yy342.eOperator = yymsp[0].minor.yy0; yygotominor.yy342.bNot = 0;}
+        break;
+      case 208: /* likeop ::= NOT LIKE_KW|MATCH */
+{yygotominor.yy342.eOperator = yymsp[0].minor.yy0; yygotominor.yy342.bNot = 1;}
+        break;
+      case 209: /* expr ::= expr likeop expr */
+{
+  ExprList *pList;
+  pList = sqlite3ExprListAppend(pParse,0, yymsp[0].minor.yy118.pExpr);
+  pList = sqlite3ExprListAppend(pParse,pList, yymsp[-2].minor.yy118.pExpr);
+  yygotominor.yy118.pExpr = sqlite3ExprFunction(pParse, pList, &yymsp[-1].minor.yy342.eOperator);
+  exprNot(pParse, yymsp[-1].minor.yy342.bNot, &yygotominor.yy118.pExpr);
+  yygotominor.yy118.zStart = yymsp[-2].minor.yy118.zStart;
+  yygotominor.yy118.zEnd = yymsp[0].minor.yy118.zEnd;
+  if( yygotominor.yy118.pExpr ) yygotominor.yy118.pExpr->flags |= EP_InfixFunc;
+}
+        break;
+      case 210: /* expr ::= expr likeop expr ESCAPE expr */
+{
+  ExprList *pList;
+  pList = sqlite3ExprListAppend(pParse,0, yymsp[-2].minor.yy118.pExpr);
+  pList = sqlite3ExprListAppend(pParse,pList, yymsp[-4].minor.yy118.pExpr);
+  pList = sqlite3ExprListAppend(pParse,pList, yymsp[0].minor.yy118.pExpr);
+  yygotominor.yy118.pExpr = sqlite3ExprFunction(pParse, pList, &yymsp[-3].minor.yy342.eOperator);
+  exprNot(pParse, yymsp[-3].minor.yy342.bNot, &yygotominor.yy118.pExpr);
+  yygotominor.yy118.zStart = yymsp[-4].minor.yy118.zStart;
+  yygotominor.yy118.zEnd = yymsp[0].minor.yy118.zEnd;
+  if( yygotominor.yy118.pExpr ) yygotominor.yy118.pExpr->flags |= EP_InfixFunc;
+}
+        break;
+      case 211: /* expr ::= expr ISNULL|NOTNULL */
+{spanUnaryPostfix(&yygotominor.yy118,pParse,yymsp[0].major,&yymsp[-1].minor.yy118,&yymsp[0].minor.yy0);}
+        break;
+      case 212: /* expr ::= expr NOT NULL */
+{spanUnaryPostfix(&yygotominor.yy118,pParse,TK_NOTNULL,&yymsp[-2].minor.yy118,&yymsp[0].minor.yy0);}
+        break;
+      case 213: /* expr ::= expr IS expr */
+{
+  spanBinaryExpr(&yygotominor.yy118,pParse,TK_IS,&yymsp[-2].minor.yy118,&yymsp[0].minor.yy118);
+  binaryToUnaryIfNull(pParse, yymsp[0].minor.yy118.pExpr, yygotominor.yy118.pExpr, TK_ISNULL);
+}
+        break;
+      case 214: /* expr ::= expr IS NOT expr */
+{
+  spanBinaryExpr(&yygotominor.yy118,pParse,TK_ISNOT,&yymsp[-3].minor.yy118,&yymsp[0].minor.yy118);
+  binaryToUnaryIfNull(pParse, yymsp[0].minor.yy118.pExpr, yygotominor.yy118.pExpr, TK_NOTNULL);
+}
+        break;
+      case 215: /* expr ::= NOT expr */
+      case 216: /* expr ::= BITNOT expr */ yytestcase(yyruleno==216);
+{spanUnaryPrefix(&yygotominor.yy118,pParse,yymsp[-1].major,&yymsp[0].minor.yy118,&yymsp[-1].minor.yy0);}
+        break;
+      case 217: /* expr ::= MINUS expr */
+{spanUnaryPrefix(&yygotominor.yy118,pParse,TK_UMINUS,&yymsp[0].minor.yy118,&yymsp[-1].minor.yy0);}
+        break;
+      case 218: /* expr ::= PLUS expr */
+{spanUnaryPrefix(&yygotominor.yy118,pParse,TK_UPLUS,&yymsp[0].minor.yy118,&yymsp[-1].minor.yy0);}
+        break;
+      case 221: /* expr ::= expr between_op expr AND expr */
+{
+  ExprList *pList = sqlite3ExprListAppend(pParse,0, yymsp[-2].minor.yy118.pExpr);
+  pList = sqlite3ExprListAppend(pParse,pList, yymsp[0].minor.yy118.pExpr);
+  yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_BETWEEN, yymsp[-4].minor.yy118.pExpr, 0, 0);
+  if( yygotominor.yy118.pExpr ){
+    yygotominor.yy118.pExpr->x.pList = pList;
+  }else{
+    sqlite3ExprListDelete(pParse->db, pList);
+  } 
+  exprNot(pParse, yymsp[-3].minor.yy4, &yygotominor.yy118.pExpr);
+  yygotominor.yy118.zStart = yymsp[-4].minor.yy118.zStart;
+  yygotominor.yy118.zEnd = yymsp[0].minor.yy118.zEnd;
+}
+        break;
+      case 224: /* expr ::= expr in_op LP exprlist RP */
+{
+    if( yymsp[-1].minor.yy322==0 ){
+      /* Expressions of the form
+      **
+      **      expr1 IN ()
+      **      expr1 NOT IN ()
+      **
+      ** simplify to constants 0 (false) and 1 (true), respectively,
+      ** regardless of the value of expr1.
+      */
+      yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_INTEGER, 0, 0, &sqlite3IntTokens[yymsp[-3].minor.yy4]);
+      sqlite3ExprDelete(pParse->db, yymsp[-4].minor.yy118.pExpr);
+    }else if( yymsp[-1].minor.yy322->nExpr==1 ){
+      /* Expressions of the form:
+      **
+      **      expr1 IN (?1)
+      **      expr1 NOT IN (?2)
+      **
+      ** with exactly one value on the RHS can be simplified to something
+      ** like this:
+      **
+      **      expr1 == ?1
+      **      expr1 <> ?2
+      **
+      ** But, the RHS of the == or <> is marked with the EP_Generic flag
+      ** so that it may not contribute to the computation of comparison
+      ** affinity or the collating sequence to use for comparison.  Otherwise,
+      ** the semantics would be subtly different from IN or NOT IN.
+      */
+      Expr *pRHS = yymsp[-1].minor.yy322->a[0].pExpr;
+      yymsp[-1].minor.yy322->a[0].pExpr = 0;
+      sqlite3ExprListDelete(pParse->db, yymsp[-1].minor.yy322);
+      /* pRHS cannot be NULL because a malloc error would have been detected
+      ** before now and control would have never reached this point */
+      if( ALWAYS(pRHS) ){
+        pRHS->flags &= ~EP_Collate;
+        pRHS->flags |= EP_Generic;
+      }
+      yygotominor.yy118.pExpr = sqlite3PExpr(pParse, yymsp[-3].minor.yy4 ? TK_NE : TK_EQ, yymsp[-4].minor.yy118.pExpr, pRHS, 0);
+    }else{
+      yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_IN, yymsp[-4].minor.yy118.pExpr, 0, 0);
+      if( yygotominor.yy118.pExpr ){
+        yygotominor.yy118.pExpr->x.pList = yymsp[-1].minor.yy322;
+        sqlite3ExprSetHeightAndFlags(pParse, yygotominor.yy118.pExpr);
+      }else{
+        sqlite3ExprListDelete(pParse->db, yymsp[-1].minor.yy322);
+      }
+      exprNot(pParse, yymsp[-3].minor.yy4, &yygotominor.yy118.pExpr);
+    }
+    yygotominor.yy118.zStart = yymsp[-4].minor.yy118.zStart;
+    yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+  }
+        break;
+      case 225: /* expr ::= LP select RP */
+{
+    yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_SELECT, 0, 0, 0);
+    if( yygotominor.yy118.pExpr ){
+      yygotominor.yy118.pExpr->x.pSelect = yymsp[-1].minor.yy387;
+      ExprSetProperty(yygotominor.yy118.pExpr, EP_xIsSelect|EP_Subquery);
+      sqlite3ExprSetHeightAndFlags(pParse, yygotominor.yy118.pExpr);
+    }else{
+      sqlite3SelectDelete(pParse->db, yymsp[-1].minor.yy387);
+    }
+    yygotominor.yy118.zStart = yymsp[-2].minor.yy0.z;
+    yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+  }
+        break;
+      case 226: /* expr ::= expr in_op LP select RP */
+{
+    yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_IN, yymsp[-4].minor.yy118.pExpr, 0, 0);
+    if( yygotominor.yy118.pExpr ){
+      yygotominor.yy118.pExpr->x.pSelect = yymsp[-1].minor.yy387;
+      ExprSetProperty(yygotominor.yy118.pExpr, EP_xIsSelect|EP_Subquery);
+      sqlite3ExprSetHeightAndFlags(pParse, yygotominor.yy118.pExpr);
+    }else{
+      sqlite3SelectDelete(pParse->db, yymsp[-1].minor.yy387);
+    }
+    exprNot(pParse, yymsp[-3].minor.yy4, &yygotominor.yy118.pExpr);
+    yygotominor.yy118.zStart = yymsp[-4].minor.yy118.zStart;
+    yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+  }
+        break;
+      case 227: /* expr ::= expr in_op nm dbnm */
+{
+    SrcList *pSrc = sqlite3SrcListAppend(pParse->db, 0,&yymsp[-1].minor.yy0,&yymsp[0].minor.yy0);
+    yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_IN, yymsp[-3].minor.yy118.pExpr, 0, 0);
+    if( yygotominor.yy118.pExpr ){
+      yygotominor.yy118.pExpr->x.pSelect = sqlite3SelectNew(pParse, 0,pSrc,0,0,0,0,0,0,0);
+      ExprSetProperty(yygotominor.yy118.pExpr, EP_xIsSelect|EP_Subquery);
+      sqlite3ExprSetHeightAndFlags(pParse, yygotominor.yy118.pExpr);
+    }else{
+      sqlite3SrcListDelete(pParse->db, pSrc);
+    }
+    exprNot(pParse, yymsp[-2].minor.yy4, &yygotominor.yy118.pExpr);
+    yygotominor.yy118.zStart = yymsp[-3].minor.yy118.zStart;
+    yygotominor.yy118.zEnd = yymsp[0].minor.yy0.z ? &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n] : &yymsp[-1].minor.yy0.z[yymsp[-1].minor.yy0.n];
+  }
+        break;
+      case 228: /* expr ::= EXISTS LP select RP */
+{
+    Expr *p = yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_EXISTS, 0, 0, 0);
+    if( p ){
+      p->x.pSelect = yymsp[-1].minor.yy387;
+      ExprSetProperty(p, EP_xIsSelect|EP_Subquery);
+      sqlite3ExprSetHeightAndFlags(pParse, p);
+    }else{
+      sqlite3SelectDelete(pParse->db, yymsp[-1].minor.yy387);
+    }
+    yygotominor.yy118.zStart = yymsp[-3].minor.yy0.z;
+    yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+  }
+        break;
+      case 229: /* expr ::= CASE case_operand case_exprlist case_else END */
+{
+  yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_CASE, yymsp[-3].minor.yy314, 0, 0);
+  if( yygotominor.yy118.pExpr ){
+    yygotominor.yy118.pExpr->x.pList = yymsp[-1].minor.yy314 ? sqlite3ExprListAppend(pParse,yymsp[-2].minor.yy322,yymsp[-1].minor.yy314) : yymsp[-2].minor.yy322;
+    sqlite3ExprSetHeightAndFlags(pParse, yygotominor.yy118.pExpr);
+  }else{
+    sqlite3ExprListDelete(pParse->db, yymsp[-2].minor.yy322);
+    sqlite3ExprDelete(pParse->db, yymsp[-1].minor.yy314);
+  }
+  yygotominor.yy118.zStart = yymsp[-4].minor.yy0.z;
+  yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+}
+        break;
+      case 230: /* case_exprlist ::= case_exprlist WHEN expr THEN expr */
+{
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse,yymsp[-4].minor.yy322, yymsp[-2].minor.yy118.pExpr);
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse,yygotominor.yy322, yymsp[0].minor.yy118.pExpr);
+}
+        break;
+      case 231: /* case_exprlist ::= WHEN expr THEN expr */
+{
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse,0, yymsp[-2].minor.yy118.pExpr);
+  yygotominor.yy322 = sqlite3ExprListAppend(pParse,yygotominor.yy322, yymsp[0].minor.yy118.pExpr);
+}
+        break;
+      case 238: /* nexprlist ::= nexprlist COMMA expr */
+{yygotominor.yy322 = sqlite3ExprListAppend(pParse,yymsp[-2].minor.yy322,yymsp[0].minor.yy118.pExpr);}
+        break;
+      case 239: /* nexprlist ::= expr */
+{yygotominor.yy322 = sqlite3ExprListAppend(pParse,0,yymsp[0].minor.yy118.pExpr);}
+        break;
+      case 240: /* cmd ::= createkw uniqueflag INDEX ifnotexists nm dbnm ON nm LP sortlist RP where_opt */
+{
+  sqlite3CreateIndex(pParse, &yymsp[-7].minor.yy0, &yymsp[-6].minor.yy0, 
+                     sqlite3SrcListAppend(pParse->db,0,&yymsp[-4].minor.yy0,0), yymsp[-2].minor.yy322, yymsp[-10].minor.yy4,
+                      &yymsp[-11].minor.yy0, yymsp[0].minor.yy314, SQLITE_SO_ASC, yymsp[-8].minor.yy4);
+}
+        break;
+      case 241: /* uniqueflag ::= UNIQUE */
+      case 292: /* raisetype ::= ABORT */ yytestcase(yyruleno==292);
+{yygotominor.yy4 = OE_Abort;}
+        break;
+      case 242: /* uniqueflag ::= */
+{yygotominor.yy4 = OE_None;}
+        break;
+      case 245: /* eidlist ::= eidlist COMMA nm collate sortorder */
+{
+  yygotominor.yy322 = parserAddExprIdListTerm(pParse, yymsp[-4].minor.yy322, &yymsp[-2].minor.yy0, yymsp[-1].minor.yy4, yymsp[0].minor.yy4);
+}
+        break;
+      case 246: /* eidlist ::= nm collate sortorder */
+{
+  yygotominor.yy322 = parserAddExprIdListTerm(pParse, 0, &yymsp[-2].minor.yy0, yymsp[-1].minor.yy4, yymsp[0].minor.yy4);
+}
+        break;
+      case 249: /* cmd ::= DROP INDEX ifexists fullname */
+{sqlite3DropIndex(pParse, yymsp[0].minor.yy259, yymsp[-1].minor.yy4);}
+        break;
+      case 250: /* cmd ::= VACUUM */
+      case 251: /* cmd ::= VACUUM nm */ yytestcase(yyruleno==251);
+{sqlite3Vacuum(pParse);}
+        break;
+      case 252: /* cmd ::= PRAGMA nm dbnm */
+{sqlite3Pragma(pParse,&yymsp[-1].minor.yy0,&yymsp[0].minor.yy0,0,0);}
+        break;
+      case 253: /* cmd ::= PRAGMA nm dbnm EQ nmnum */
+{sqlite3Pragma(pParse,&yymsp[-3].minor.yy0,&yymsp[-2].minor.yy0,&yymsp[0].minor.yy0,0);}
+        break;
+      case 254: /* cmd ::= PRAGMA nm dbnm LP nmnum RP */
+{sqlite3Pragma(pParse,&yymsp[-4].minor.yy0,&yymsp[-3].minor.yy0,&yymsp[-1].minor.yy0,0);}
+        break;
+      case 255: /* cmd ::= PRAGMA nm dbnm EQ minus_num */
+{sqlite3Pragma(pParse,&yymsp[-3].minor.yy0,&yymsp[-2].minor.yy0,&yymsp[0].minor.yy0,1);}
+        break;
+      case 256: /* cmd ::= PRAGMA nm dbnm LP minus_num RP */
+{sqlite3Pragma(pParse,&yymsp[-4].minor.yy0,&yymsp[-3].minor.yy0,&yymsp[-1].minor.yy0,1);}
+        break;
+      case 265: /* cmd ::= createkw trigger_decl BEGIN trigger_cmd_list END */
+{
+  Token all;
+  all.z = yymsp[-3].minor.yy0.z;
+  all.n = (int)(yymsp[0].minor.yy0.z - yymsp[-3].minor.yy0.z) + yymsp[0].minor.yy0.n;
+  sqlite3FinishTrigger(pParse, yymsp[-1].minor.yy203, &all);
+}
+        break;
+      case 266: /* trigger_decl ::= temp TRIGGER ifnotexists nm dbnm trigger_time trigger_event ON fullname foreach_clause when_clause */
+{
+  sqlite3BeginTrigger(pParse, &yymsp[-7].minor.yy0, &yymsp[-6].minor.yy0, yymsp[-5].minor.yy4, yymsp[-4].minor.yy90.a, yymsp[-4].minor.yy90.b, yymsp[-2].minor.yy259, yymsp[0].minor.yy314, yymsp[-10].minor.yy4, yymsp[-8].minor.yy4);
+  yygotominor.yy0 = (yymsp[-6].minor.yy0.n==0?yymsp[-7].minor.yy0:yymsp[-6].minor.yy0);
+}
+        break;
+      case 267: /* trigger_time ::= BEFORE */
+      case 270: /* trigger_time ::= */ yytestcase(yyruleno==270);
+{ yygotominor.yy4 = TK_BEFORE; }
+        break;
+      case 268: /* trigger_time ::= AFTER */
+{ yygotominor.yy4 = TK_AFTER;  }
+        break;
+      case 269: /* trigger_time ::= INSTEAD OF */
+{ yygotominor.yy4 = TK_INSTEAD;}
+        break;
+      case 271: /* trigger_event ::= DELETE|INSERT */
+      case 272: /* trigger_event ::= UPDATE */ yytestcase(yyruleno==272);
+{yygotominor.yy90.a = yymsp[0].major; yygotominor.yy90.b = 0;}
+        break;
+      case 273: /* trigger_event ::= UPDATE OF idlist */
+{yygotominor.yy90.a = TK_UPDATE; yygotominor.yy90.b = yymsp[0].minor.yy384;}
+        break;
+      case 276: /* when_clause ::= */
+      case 297: /* key_opt ::= */ yytestcase(yyruleno==297);
+{ yygotominor.yy314 = 0; }
+        break;
+      case 277: /* when_clause ::= WHEN expr */
+      case 298: /* key_opt ::= KEY expr */ yytestcase(yyruleno==298);
+{ yygotominor.yy314 = yymsp[0].minor.yy118.pExpr; }
+        break;
+      case 278: /* trigger_cmd_list ::= trigger_cmd_list trigger_cmd SEMI */
+{
+  assert( yymsp[-2].minor.yy203!=0 );
+  yymsp[-2].minor.yy203->pLast->pNext = yymsp[-1].minor.yy203;
+  yymsp[-2].minor.yy203->pLast = yymsp[-1].minor.yy203;
+  yygotominor.yy203 = yymsp[-2].minor.yy203;
+}
+        break;
+      case 279: /* trigger_cmd_list ::= trigger_cmd SEMI */
+{ 
+  assert( yymsp[-1].minor.yy203!=0 );
+  yymsp[-1].minor.yy203->pLast = yymsp[-1].minor.yy203;
+  yygotominor.yy203 = yymsp[-1].minor.yy203;
+}
+        break;
+      case 281: /* trnm ::= nm DOT nm */
+{
+  yygotominor.yy0 = yymsp[0].minor.yy0;
+  sqlite3ErrorMsg(pParse, 
+        "qualified table names are not allowed on INSERT, UPDATE, and DELETE "
+        "statements within triggers");
+}
+        break;
+      case 283: /* tridxby ::= INDEXED BY nm */
+{
+  sqlite3ErrorMsg(pParse,
+        "the INDEXED BY clause is not allowed on UPDATE or DELETE statements "
+        "within triggers");
+}
+        break;
+      case 284: /* tridxby ::= NOT INDEXED */
+{
+  sqlite3ErrorMsg(pParse,
+        "the NOT INDEXED clause is not allowed on UPDATE or DELETE statements "
+        "within triggers");
+}
+        break;
+      case 285: /* trigger_cmd ::= UPDATE orconf trnm tridxby SET setlist where_opt */
+{ yygotominor.yy203 = sqlite3TriggerUpdateStep(pParse->db, &yymsp[-4].minor.yy0, yymsp[-1].minor.yy322, yymsp[0].minor.yy314, yymsp[-5].minor.yy4); }
+        break;
+      case 286: /* trigger_cmd ::= insert_cmd INTO trnm idlist_opt select */
+{yygotominor.yy203 = sqlite3TriggerInsertStep(pParse->db, &yymsp[-2].minor.yy0, yymsp[-1].minor.yy384, yymsp[0].minor.yy387, yymsp[-4].minor.yy4);}
+        break;
+      case 287: /* trigger_cmd ::= DELETE FROM trnm tridxby where_opt */
+{yygotominor.yy203 = sqlite3TriggerDeleteStep(pParse->db, &yymsp[-2].minor.yy0, yymsp[0].minor.yy314);}
+        break;
+      case 288: /* trigger_cmd ::= select */
+{yygotominor.yy203 = sqlite3TriggerSelectStep(pParse->db, yymsp[0].minor.yy387); }
+        break;
+      case 289: /* expr ::= RAISE LP IGNORE RP */
+{
+  yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_RAISE, 0, 0, 0); 
+  if( yygotominor.yy118.pExpr ){
+    yygotominor.yy118.pExpr->affinity = OE_Ignore;
+  }
+  yygotominor.yy118.zStart = yymsp[-3].minor.yy0.z;
+  yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+}
+        break;
+      case 290: /* expr ::= RAISE LP raisetype COMMA nm RP */
+{
+  yygotominor.yy118.pExpr = sqlite3PExpr(pParse, TK_RAISE, 0, 0, &yymsp[-1].minor.yy0); 
+  if( yygotominor.yy118.pExpr ) {
+    yygotominor.yy118.pExpr->affinity = (char)yymsp[-3].minor.yy4;
+  }
+  yygotominor.yy118.zStart = yymsp[-5].minor.yy0.z;
+  yygotominor.yy118.zEnd = &yymsp[0].minor.yy0.z[yymsp[0].minor.yy0.n];
+}
+        break;
+      case 291: /* raisetype ::= ROLLBACK */
+{yygotominor.yy4 = OE_Rollback;}
+        break;
+      case 293: /* raisetype ::= FAIL */
+{yygotominor.yy4 = OE_Fail;}
+        break;
+      case 294: /* cmd ::= DROP TRIGGER ifexists fullname */
+{
+  sqlite3DropTrigger(pParse,yymsp[0].minor.yy259,yymsp[-1].minor.yy4);
+}
+        break;
+      case 295: /* cmd ::= ATTACH database_kw_opt expr AS expr key_opt */
+{
+  sqlite3Attach(pParse, yymsp[-3].minor.yy118.pExpr, yymsp[-1].minor.yy118.pExpr, yymsp[0].minor.yy314);
+}
+        break;
+      case 296: /* cmd ::= DETACH database_kw_opt expr */
+{
+  sqlite3Detach(pParse, yymsp[0].minor.yy118.pExpr);
+}
+        break;
+      case 301: /* cmd ::= REINDEX */
+{sqlite3Reindex(pParse, 0, 0);}
+        break;
+      case 302: /* cmd ::= REINDEX nm dbnm */
+{sqlite3Reindex(pParse, &yymsp[-1].minor.yy0, &yymsp[0].minor.yy0);}
+        break;
+      case 303: /* cmd ::= ANALYZE */
+{sqlite3Analyze(pParse, 0, 0);}
+        break;
+      case 304: /* cmd ::= ANALYZE nm dbnm */
+{sqlite3Analyze(pParse, &yymsp[-1].minor.yy0, &yymsp[0].minor.yy0);}
+        break;
+      case 305: /* cmd ::= ALTER TABLE fullname RENAME TO nm */
+{
+  sqlite3AlterRenameTable(pParse,yymsp[-3].minor.yy259,&yymsp[0].minor.yy0);
+}
+        break;
+      case 306: /* cmd ::= ALTER TABLE add_column_fullname ADD kwcolumn_opt column */
+{
+  sqlite3AlterFinishAddColumn(pParse, &yymsp[0].minor.yy0);
+}
+        break;
+      case 307: /* add_column_fullname ::= fullname */
+{
+  pParse->db->lookaside.bEnabled = 0;
+  sqlite3AlterBeginAddColumn(pParse, yymsp[0].minor.yy259);
+}
+        break;
+      case 310: /* cmd ::= create_vtab */
+{sqlite3VtabFinishParse(pParse,0);}
+        break;
+      case 311: /* cmd ::= create_vtab LP vtabarglist RP */
+{sqlite3VtabFinishParse(pParse,&yymsp[0].minor.yy0);}
+        break;
+      case 312: /* create_vtab ::= createkw VIRTUAL TABLE ifnotexists nm dbnm USING nm */
+{
+    sqlite3VtabBeginParse(pParse, &yymsp[-3].minor.yy0, &yymsp[-2].minor.yy0, &yymsp[0].minor.yy0, yymsp[-4].minor.yy4);
+}
+        break;
+      case 315: /* vtabarg ::= */
+{sqlite3VtabArgInit(pParse);}
+        break;
+      case 317: /* vtabargtoken ::= ANY */
+      case 318: /* vtabargtoken ::= lp anylist RP */ yytestcase(yyruleno==318);
+      case 319: /* lp ::= LP */ yytestcase(yyruleno==319);
+{sqlite3VtabArgExtend(pParse,&yymsp[0].minor.yy0);}
+        break;
+      case 323: /* with ::= */
+{yygotominor.yy451 = 0;}
+        break;
+      case 324: /* with ::= WITH wqlist */
+      case 325: /* with ::= WITH RECURSIVE wqlist */ yytestcase(yyruleno==325);
+{ yygotominor.yy451 = yymsp[0].minor.yy451; }
+        break;
+      case 326: /* wqlist ::= nm eidlist_opt AS LP select RP */
+{
+  yygotominor.yy451 = sqlite3WithAdd(pParse, 0, &yymsp[-5].minor.yy0, yymsp[-4].minor.yy322, yymsp[-1].minor.yy387);
+}
+        break;
+      case 327: /* wqlist ::= wqlist COMMA nm eidlist_opt AS LP select RP */
+{
+  yygotominor.yy451 = sqlite3WithAdd(pParse, yymsp[-7].minor.yy451, &yymsp[-5].minor.yy0, yymsp[-4].minor.yy322, yymsp[-1].minor.yy387);
+}
+        break;
+      default:
+      /* (0) input ::= cmdlist */ yytestcase(yyruleno==0);
+      /* (1) cmdlist ::= cmdlist ecmd */ yytestcase(yyruleno==1);
+      /* (2) cmdlist ::= ecmd */ yytestcase(yyruleno==2);
+      /* (3) ecmd ::= SEMI */ yytestcase(yyruleno==3);
+      /* (4) ecmd ::= explain cmdx SEMI */ yytestcase(yyruleno==4);
+      /* (10) trans_opt ::= */ yytestcase(yyruleno==10);
+      /* (11) trans_opt ::= TRANSACTION */ yytestcase(yyruleno==11);
+      /* (12) trans_opt ::= TRANSACTION nm */ yytestcase(yyruleno==12);
+      /* (20) savepoint_opt ::= SAVEPOINT */ yytestcase(yyruleno==20);
+      /* (21) savepoint_opt ::= */ yytestcase(yyruleno==21);
+      /* (25) cmd ::= create_table create_table_args */ yytestcase(yyruleno==25);
+      /* (36) columnlist ::= columnlist COMMA column */ yytestcase(yyruleno==36);
+      /* (37) columnlist ::= column */ yytestcase(yyruleno==37);
+      /* (43) type ::= */ yytestcase(yyruleno==43);
+      /* (50) signed ::= plus_num */ yytestcase(yyruleno==50);
+      /* (51) signed ::= minus_num */ yytestcase(yyruleno==51);
+      /* (52) carglist ::= carglist ccons */ yytestcase(yyruleno==52);
+      /* (53) carglist ::= */ yytestcase(yyruleno==53);
+      /* (60) ccons ::= NULL onconf */ yytestcase(yyruleno==60);
+      /* (88) conslist ::= conslist tconscomma tcons */ yytestcase(yyruleno==88);
+      /* (89) conslist ::= tcons */ yytestcase(yyruleno==89);
+      /* (91) tconscomma ::= */ yytestcase(yyruleno==91);
+      /* (274) foreach_clause ::= */ yytestcase(yyruleno==274);
+      /* (275) foreach_clause ::= FOR EACH ROW */ yytestcase(yyruleno==275);
+      /* (282) tridxby ::= */ yytestcase(yyruleno==282);
+      /* (299) database_kw_opt ::= DATABASE */ yytestcase(yyruleno==299);
+      /* (300) database_kw_opt ::= */ yytestcase(yyruleno==300);
+      /* (308) kwcolumn_opt ::= */ yytestcase(yyruleno==308);
+      /* (309) kwcolumn_opt ::= COLUMNKW */ yytestcase(yyruleno==309);
+      /* (313) vtabarglist ::= vtabarg */ yytestcase(yyruleno==313);
+      /* (314) vtabarglist ::= vtabarglist COMMA vtabarg */ yytestcase(yyruleno==314);
+      /* (316) vtabarg ::= vtabarg vtabargtoken */ yytestcase(yyruleno==316);
+      /* (320) anylist ::= */ yytestcase(yyruleno==320);
+      /* (321) anylist ::= anylist LP anylist RP */ yytestcase(yyruleno==321);
+      /* (322) anylist ::= anylist ANY */ yytestcase(yyruleno==322);
+        break;
+/********** End reduce actions ************************************************/
+  };
+  assert( yyruleno>=0 && yyruleno<sizeof(yyRuleInfo)/sizeof(yyRuleInfo[0]) );
+  yygoto = yyRuleInfo[yyruleno].lhs;
+  yysize = yyRuleInfo[yyruleno].nrhs;
+  yypParser->yyidx -= yysize;
+  yyact = yy_find_reduce_action(yymsp[-yysize].stateno,(YYCODETYPE)yygoto);
+  if( yyact <= YY_MAX_SHIFTREDUCE ){
+    if( yyact>YY_MAX_SHIFT ) yyact += YY_MIN_REDUCE - YY_MIN_SHIFTREDUCE;
+    /* If the reduce action popped at least
+    ** one element off the stack, then we can push the new element back
+    ** onto the stack here, and skip the stack overflow test in yy_shift().
+    ** That gives a significant speed improvement. */
+    if( yysize ){
+      yypParser->yyidx++;
+      yymsp -= yysize-1;
+      yymsp->stateno = (YYACTIONTYPE)yyact;
+      yymsp->major = (YYCODETYPE)yygoto;
+      yymsp->minor = yygotominor;
+      yyTraceShift(yypParser, yyact);
+    }else{
+      yy_shift(yypParser,yyact,yygoto,&yygotominor);
+    }
+  }else{
+    assert( yyact == YY_ACCEPT_ACTION );
+    yy_accept(yypParser);
+  }
+}
+
+/*
+** The following code executes when the parse fails
+*/
+#ifndef YYNOERRORRECOVERY
+static void yy_parse_failed(
+  yyParser *yypParser           /* The parser */
+){
+  sqlite3ParserARG_FETCH;
+#ifndef NDEBUG
+  if( yyTraceFILE ){
+    fprintf(yyTraceFILE,"%sFail!\n",yyTracePrompt);
+  }
+#endif
+  while( yypParser->yyidx>=0 ) yy_pop_parser_stack(yypParser);
+  /* Here code is inserted which will be executed whenever the
+  ** parser fails */
+/************ Begin %parse_failure code ***************************************/
+/************ End %parse_failure code *****************************************/
+  sqlite3ParserARG_STORE; /* Suppress warning about unused %extra_argument variable */
+}
+#endif /* YYNOERRORRECOVERY */
+
+/*
+** The following code executes when a syntax error first occurs.
+*/
+static void yy_syntax_error(
+  yyParser *yypParser,           /* The parser */
+  int yymajor,                   /* The major type of the error token */
+  YYMINORTYPE yyminor            /* The minor type of the error token */
+){
+  sqlite3ParserARG_FETCH;
+#define TOKEN (yyminor.yy0)
+/************ Begin %syntax_error code ****************************************/
+
+  UNUSED_PARAMETER(yymajor);  /* Silence some compiler warnings */
+  assert( TOKEN.z[0] );  /* The tokenizer always gives us a token */
+  sqlite3ErrorMsg(pParse, "near \"%T\": syntax error", &TOKEN);
+/************ End %syntax_error code ******************************************/
+  sqlite3ParserARG_STORE; /* Suppress warning about unused %extra_argument variable */
+}
+
+/*
+** The following is executed when the parser accepts
+*/
+static void yy_accept(
+  yyParser *yypParser           /* The parser */
+){
+  sqlite3ParserARG_FETCH;
+#ifndef NDEBUG
+  if( yyTraceFILE ){
+    fprintf(yyTraceFILE,"%sAccept!\n",yyTracePrompt);
+  }
+#endif
+  while( yypParser->yyidx>=0 ) yy_pop_parser_stack(yypParser);
+  /* Here code is inserted which will be executed whenever the
+  ** parser accepts */
+/*********** Begin %parse_accept code *****************************************/
+/*********** End %parse_accept code *******************************************/
+  sqlite3ParserARG_STORE; /* Suppress warning about unused %extra_argument variable */
+}
+
+/* The main parser program.
+** The first argument is a pointer to a structure obtained from
+** "sqlite3ParserAlloc" which describes the current state of the parser.
+** The second argument is the major token number.  The third is
+** the minor token.  The fourth optional argument is whatever the
+** user wants (and specified in the grammar) and is available for
+** use by the action routines.
+**
+** Inputs:
+** <ul>
+** <li> A pointer to the parser (an opaque structure.)
+** <li> The major token number.
+** <li> The minor token number.
+** <li> An option argument of a grammar-specified type.
+** </ul>
+**
+** Outputs:
+** None.
+*/
+SQLITE_PRIVATE void sqlite3Parser(
+  void *yyp,                   /* The parser */
+  int yymajor,                 /* The major token code number */
+  sqlite3ParserTOKENTYPE yyminor       /* The value for the token */
+  sqlite3ParserARG_PDECL               /* Optional %extra_argument parameter */
+){
+  YYMINORTYPE yyminorunion;
+  int yyact;            /* The parser action. */
+#if !defined(YYERRORSYMBOL) && !defined(YYNOERRORRECOVERY)
+  int yyendofinput;     /* True if we are at the end of input */
+#endif
+#ifdef YYERRORSYMBOL
+  int yyerrorhit = 0;   /* True if yymajor has invoked an error */
+#endif
+  yyParser *yypParser;  /* The parser */
+
+  /* (re)initialize the parser, if necessary */
+  yypParser = (yyParser*)yyp;
+  if( yypParser->yyidx<0 ){
+#if YYSTACKDEPTH<=0
+    if( yypParser->yystksz <=0 ){
+      /*memset(&yyminorunion, 0, sizeof(yyminorunion));*/
+      yyminorunion = yyzerominor;
+      yyStackOverflow(yypParser, &yyminorunion);
+      return;
+    }
+#endif
+    yypParser->yyidx = 0;
+    yypParser->yyerrcnt = -1;
+    yypParser->yystack[0].stateno = 0;
+    yypParser->yystack[0].major = 0;
+#ifndef NDEBUG
+    if( yyTraceFILE ){
+      fprintf(yyTraceFILE,"%sInitialize. Empty stack. State 0\n",
+              yyTracePrompt);
+    }
+#endif
+  }
+  yyminorunion.yy0 = yyminor;
+#if !defined(YYERRORSYMBOL) && !defined(YYNOERRORRECOVERY)
+  yyendofinput = (yymajor==0);
+#endif
+  sqlite3ParserARG_STORE;
+
+#ifndef NDEBUG
+  if( yyTraceFILE ){
+    fprintf(yyTraceFILE,"%sInput '%s'\n",yyTracePrompt,yyTokenName[yymajor]);
+  }
+#endif
+
+  do{
+    yyact = yy_find_shift_action(yypParser,(YYCODETYPE)yymajor);
+    if( yyact <= YY_MAX_SHIFTREDUCE ){
+      if( yyact > YY_MAX_SHIFT ) yyact += YY_MIN_REDUCE - YY_MIN_SHIFTREDUCE;
+      yy_shift(yypParser,yyact,yymajor,&yyminorunion);
+      yypParser->yyerrcnt--;
+      yymajor = YYNOCODE;
+    }else if( yyact <= YY_MAX_REDUCE ){
+      yy_reduce(yypParser,yyact-YY_MIN_REDUCE);
+    }else{
+      assert( yyact == YY_ERROR_ACTION );
+#ifdef YYERRORSYMBOL
+      int yymx;
+#endif
+#ifndef NDEBUG
+      if( yyTraceFILE ){
+        fprintf(yyTraceFILE,"%sSyntax Error!\n",yyTracePrompt);
+      }
+#endif
+#ifdef YYERRORSYMBOL
+      /* A syntax error has occurred.
+      ** The response to an error depends upon whether or not the
+      ** grammar defines an error token "ERROR".  
+      **
+      ** This is what we do if the grammar does define ERROR:
+      **
+      **  * Call the %syntax_error function.
+      **
+      **  * Begin popping the stack until we enter a state where
+      **    it is legal to shift the error symbol, then shift
+      **    the error symbol.
+      **
+      **  * Set the error count to three.
+      **
+      **  * Begin accepting and shifting new tokens.  No new error
+      **    processing will occur until three tokens have been
+      **    shifted successfully.
+      **
+      */
+      if( yypParser->yyerrcnt<0 ){
+        yy_syntax_error(yypParser,yymajor,yyminorunion);
+      }
+      yymx = yypParser->yystack[yypParser->yyidx].major;
+      if( yymx==YYERRORSYMBOL || yyerrorhit ){
+#ifndef NDEBUG
+        if( yyTraceFILE ){
+          fprintf(yyTraceFILE,"%sDiscard input token %s\n",
+             yyTracePrompt,yyTokenName[yymajor]);
+        }
+#endif
+        yy_destructor(yypParser, (YYCODETYPE)yymajor,&yyminorunion);
+        yymajor = YYNOCODE;
+      }else{
+         while(
+          yypParser->yyidx >= 0 &&
+          yymx != YYERRORSYMBOL &&
+          (yyact = yy_find_reduce_action(
+                        yypParser->yystack[yypParser->yyidx].stateno,
+                        YYERRORSYMBOL)) >= YY_MIN_REDUCE
+        ){
+          yy_pop_parser_stack(yypParser);
+        }
+        if( yypParser->yyidx < 0 || yymajor==0 ){
+          yy_destructor(yypParser,(YYCODETYPE)yymajor,&yyminorunion);
+          yy_parse_failed(yypParser);
+          yymajor = YYNOCODE;
+        }else if( yymx!=YYERRORSYMBOL ){
+          YYMINORTYPE u2;
+          u2.YYERRSYMDT = 0;
+          yy_shift(yypParser,yyact,YYERRORSYMBOL,&u2);
+        }
+      }
+      yypParser->yyerrcnt = 3;
+      yyerrorhit = 1;
+#elif defined(YYNOERRORRECOVERY)
+      /* If the YYNOERRORRECOVERY macro is defined, then do not attempt to
+      ** do any kind of error recovery.  Instead, simply invoke the syntax
+      ** error routine and continue going as if nothing had happened.
+      **
+      ** Applications can set this macro (for example inside %include) if
+      ** they intend to abandon the parse upon the first syntax error seen.
+      */
+      yy_syntax_error(yypParser,yymajor,yyminorunion);
+      yy_destructor(yypParser,(YYCODETYPE)yymajor,&yyminorunion);
+      yymajor = YYNOCODE;
+      
+#else  /* YYERRORSYMBOL is not defined */
+      /* This is what we do if the grammar does not define ERROR:
+      **
+      **  * Report an error message, and throw away the input token.
+      **
+      **  * If the input token is $, then fail the parse.
+      **
+      ** As before, subsequent error messages are suppressed until
+      ** three input tokens have been successfully shifted.
+      */
+      if( yypParser->yyerrcnt<=0 ){
+        yy_syntax_error(yypParser,yymajor,yyminorunion);
+      }
+      yypParser->yyerrcnt = 3;
+      yy_destructor(yypParser,(YYCODETYPE)yymajor,&yyminorunion);
+      if( yyendofinput ){
+        yy_parse_failed(yypParser);
+      }
+      yymajor = YYNOCODE;
+#endif
+    }
+  }while( yymajor!=YYNOCODE && yypParser->yyidx>=0 );
+#ifndef NDEBUG
+  if( yyTraceFILE ){
+    int i;
+    fprintf(yyTraceFILE,"%sReturn. Stack=",yyTracePrompt);
+    for(i=1; i<=yypParser->yyidx; i++)
+      fprintf(yyTraceFILE,"%c%s", i==1 ? '[' : ' ', 
+              yyTokenName[yypParser->yystack[i].major]);
+    fprintf(yyTraceFILE,"]\n");
+  }
+#endif
+  return;
+}
+
+/************** End of parse.c ***********************************************/
+/************** Begin file tokenize.c ****************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** An tokenizer for SQL
+**
+** This file contains C code that splits an SQL input string up into
+** individual tokens and sends those tokens one-by-one over to the
+** parser for analysis.
+*/
+/* #include "sqliteInt.h" */
+/* #include <stdlib.h> */
+
+/*
+** The charMap() macro maps alphabetic characters into their
+** lower-case ASCII equivalent.  On ASCII machines, this is just
+** an upper-to-lower case map.  On EBCDIC machines we also need
+** to adjust the encoding.  Only alphabetic characters and underscores
+** need to be translated.
+*/
+#ifdef SQLITE_ASCII
+# define charMap(X) sqlite3UpperToLower[(unsigned char)X]
+#endif
+#ifdef SQLITE_EBCDIC
+# define charMap(X) ebcdicToAscii[(unsigned char)X]
+const unsigned char ebcdicToAscii[] = {
+/* 0   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* 0x */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* 1x */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* 2x */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* 3x */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* 4x */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* 5x */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0, 95,  0,  0,  /* 6x */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* 7x */
+   0, 97, 98, 99,100,101,102,103,104,105,  0,  0,  0,  0,  0,  0,  /* 8x */
+   0,106,107,108,109,110,111,112,113,114,  0,  0,  0,  0,  0,  0,  /* 9x */
+   0,  0,115,116,117,118,119,120,121,122,  0,  0,  0,  0,  0,  0,  /* Ax */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* Bx */
+   0, 97, 98, 99,100,101,102,103,104,105,  0,  0,  0,  0,  0,  0,  /* Cx */
+   0,106,107,108,109,110,111,112,113,114,  0,  0,  0,  0,  0,  0,  /* Dx */
+   0,  0,115,116,117,118,119,120,121,122,  0,  0,  0,  0,  0,  0,  /* Ex */
+   0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  0,  /* Fx */
+};
+#endif
+
+/*
+** The sqlite3KeywordCode function looks up an identifier to determine if
+** it is a keyword.  If it is a keyword, the token code of that keyword is 
+** returned.  If the input is not a keyword, TK_ID is returned.
+**
+** The implementation of this routine was generated by a program,
+** mkkeywordhash.h, located in the tool subdirectory of the distribution.
+** The output of the mkkeywordhash.c program is written into a file
+** named keywordhash.h and then included into this source file by
+** the #include below.
+*/
+/************** Include keywordhash.h in the middle of tokenize.c ************/
+/************** Begin file keywordhash.h *************************************/
+/***** This file contains automatically generated code ******
+**
+** The code in this file has been automatically generated by
+**
+**   sqlite/tool/mkkeywordhash.c
+**
+** The code in this file implements a function that determines whether
+** or not a given identifier is really an SQL keyword.  The same thing
+** might be implemented more directly using a hand-written hash table.
+** But by using this automatically generated code, the size of the code
+** is substantially reduced.  This is important for embedded applications
+** on platforms with limited memory.
+*/
+/* Hash score: 182 */
+static int keywordCode(const char *z, int n, int *pType){
+  /* zText[] encodes 834 bytes of keywords in 554 bytes */
+  /*   REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECT       */
+  /*   ABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVE         */
+  /*   XISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARY         */
+  /*   UNIQUERYWITHOUTERELEASEATTACHAVINGROUPDATEBEGINNERECURSIVE         */
+  /*   BETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACH     */
+  /*   IMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHEN     */
+  /*   WHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMIT         */
+  /*   CONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAIL        */
+  /*   FROMFULLGLOBYIFISNULLORDERESTRICTRIGHTROLLBACKROWUNIONUSING        */
+  /*   VACUUMVIEWINITIALLY                                                */
+  static const char zText[553] = {
+    'R','E','I','N','D','E','X','E','D','E','S','C','A','P','E','A','C','H',
+    'E','C','K','E','Y','B','E','F','O','R','E','I','G','N','O','R','E','G',
+    'E','X','P','L','A','I','N','S','T','E','A','D','D','A','T','A','B','A',
+    'S','E','L','E','C','T','A','B','L','E','F','T','H','E','N','D','E','F',
+    'E','R','R','A','B','L','E','L','S','E','X','C','E','P','T','R','A','N',
+    'S','A','C','T','I','O','N','A','T','U','R','A','L','T','E','R','A','I',
+    'S','E','X','C','L','U','S','I','V','E','X','I','S','T','S','A','V','E',
+    'P','O','I','N','T','E','R','S','E','C','T','R','I','G','G','E','R','E',
+    'F','E','R','E','N','C','E','S','C','O','N','S','T','R','A','I','N','T',
+    'O','F','F','S','E','T','E','M','P','O','R','A','R','Y','U','N','I','Q',
+    'U','E','R','Y','W','I','T','H','O','U','T','E','R','E','L','E','A','S',
+    'E','A','T','T','A','C','H','A','V','I','N','G','R','O','U','P','D','A',
+    'T','E','B','E','G','I','N','N','E','R','E','C','U','R','S','I','V','E',
+    'B','E','T','W','E','E','N','O','T','N','U','L','L','I','K','E','C','A',
+    'S','C','A','D','E','L','E','T','E','C','A','S','E','C','O','L','L','A',
+    'T','E','C','R','E','A','T','E','C','U','R','R','E','N','T','_','D','A',
+    'T','E','D','E','T','A','C','H','I','M','M','E','D','I','A','T','E','J',
+    'O','I','N','S','E','R','T','M','A','T','C','H','P','L','A','N','A','L',
+    'Y','Z','E','P','R','A','G','M','A','B','O','R','T','V','A','L','U','E',
+    'S','V','I','R','T','U','A','L','I','M','I','T','W','H','E','N','W','H',
+    'E','R','E','N','A','M','E','A','F','T','E','R','E','P','L','A','C','E',
+    'A','N','D','E','F','A','U','L','T','A','U','T','O','I','N','C','R','E',
+    'M','E','N','T','C','A','S','T','C','O','L','U','M','N','C','O','M','M',
+    'I','T','C','O','N','F','L','I','C','T','C','R','O','S','S','C','U','R',
+    'R','E','N','T','_','T','I','M','E','S','T','A','M','P','R','I','M','A',
+    'R','Y','D','E','F','E','R','R','E','D','I','S','T','I','N','C','T','D',
+    'R','O','P','F','A','I','L','F','R','O','M','F','U','L','L','G','L','O',
+    'B','Y','I','F','I','S','N','U','L','L','O','R','D','E','R','E','S','T',
+    'R','I','C','T','R','I','G','H','T','R','O','L','L','B','A','C','K','R',
+    'O','W','U','N','I','O','N','U','S','I','N','G','V','A','C','U','U','M',
+    'V','I','E','W','I','N','I','T','I','A','L','L','Y',
+  };
+  static const unsigned char aHash[127] = {
+      76, 105, 117,  74,   0,  45,   0,   0,  82,   0,  77,   0,   0,
+      42,  12,  78,  15,   0, 116,  85,  54, 112,   0,  19,   0,   0,
+     121,   0, 119, 115,   0,  22,  93,   0,   9,   0,   0,  70,  71,
+       0,  69,   6,   0,  48,  90, 102,   0, 118, 101,   0,   0,  44,
+       0, 103,  24,   0,  17,   0, 122,  53,  23,   0,   5, 110,  25,
+      96,   0,   0, 124, 106,  60, 123,  57,  28,  55,   0,  91,   0,
+     100,  26,   0,  99,   0,   0,   0,  95,  92,  97,  88, 109,  14,
+      39, 108,   0,  81,   0,  18,  89, 111,  32,   0, 120,  80, 113,
+      62,  46,  84,   0,   0,  94,  40,  59, 114,   0,  36,   0,   0,
+      29,   0,  86,  63,  64,   0,  20,  61,   0,  56,
+  };
+  static const unsigned char aNext[124] = {
+       0,   0,   0,   0,   4,   0,   0,   0,   0,   0,   0,   0,   0,
+       0,   2,   0,   0,   0,   0,   0,   0,  13,   0,   0,   0,   0,
+       0,   7,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,   0,
+       0,   0,   0,   0,  33,   0,  21,   0,   0,   0,   0,   0,  50,
+       0,  43,   3,  47,   0,   0,   0,   0,  30,   0,  58,   0,  38,
+       0,   0,   0,   1,  66,   0,   0,  67,   0,  41,   0,   0,   0,
+       0,   0,   0,  49,  65,   0,   0,   0,   0,  31,  52,  16,  34,
+      10,   0,   0,   0,   0,   0,   0,   0,  11,  72,  79,   0,   8,
+       0, 104,  98,   0, 107,   0,  87,   0,  75,  51,   0,  27,  37,
+      73,  83,   0,  35,  68,   0,   0,
+  };
+  static const unsigned char aLen[124] = {
+       7,   7,   5,   4,   6,   4,   5,   3,   6,   7,   3,   6,   6,
+       7,   7,   3,   8,   2,   6,   5,   4,   4,   3,  10,   4,   6,
+      11,   6,   2,   7,   5,   5,   9,   6,   9,   9,   7,  10,  10,
+       4,   6,   2,   3,   9,   4,   2,   6,   5,   7,   4,   5,   7,
+       6,   6,   5,   6,   5,   5,   9,   7,   7,   3,   2,   4,   4,
+       7,   3,   6,   4,   7,   6,  12,   6,   9,   4,   6,   5,   4,
+       7,   6,   5,   6,   7,   5,   4,   5,   6,   5,   7,   3,   7,
+      13,   2,   2,   4,   6,   6,   8,   5,  17,  12,   7,   8,   8,
+       2,   4,   4,   4,   4,   4,   2,   2,   6,   5,   8,   5,   8,
+       3,   5,   5,   6,   4,   9,   3,
+  };
+  static const unsigned short int aOffset[124] = {
+       0,   2,   2,   8,   9,  14,  16,  20,  23,  25,  25,  29,  33,
+      36,  41,  46,  48,  53,  54,  59,  62,  65,  67,  69,  78,  81,
+      86,  91,  95,  96, 101, 105, 109, 117, 122, 128, 136, 142, 152,
+     159, 162, 162, 165, 167, 167, 171, 176, 179, 184, 184, 188, 192,
+     199, 204, 209, 212, 218, 221, 225, 234, 240, 240, 240, 243, 246,
+     250, 251, 255, 261, 265, 272, 278, 290, 296, 305, 307, 313, 318,
+     320, 327, 332, 337, 343, 349, 354, 358, 361, 367, 371, 378, 380,
+     387, 389, 391, 400, 404, 410, 416, 424, 429, 429, 445, 452, 459,
+     460, 467, 471, 475, 479, 483, 486, 488, 490, 496, 500, 508, 513,
+     521, 524, 529, 534, 540, 544, 549,
+  };
+  static const unsigned char aCode[124] = {
+    TK_REINDEX,    TK_INDEXED,    TK_INDEX,      TK_DESC,       TK_ESCAPE,     
+    TK_EACH,       TK_CHECK,      TK_KEY,        TK_BEFORE,     TK_FOREIGN,    
+    TK_FOR,        TK_IGNORE,     TK_LIKE_KW,    TK_EXPLAIN,    TK_INSTEAD,    
+    TK_ADD,        TK_DATABASE,   TK_AS,         TK_SELECT,     TK_TABLE,      
+    TK_JOIN_KW,    TK_THEN,       TK_END,        TK_DEFERRABLE, TK_ELSE,       
+    TK_EXCEPT,     TK_TRANSACTION,TK_ACTION,     TK_ON,         TK_JOIN_KW,    
+    TK_ALTER,      TK_RAISE,      TK_EXCLUSIVE,  TK_EXISTS,     TK_SAVEPOINT,  
+    TK_INTERSECT,  TK_TRIGGER,    TK_REFERENCES, TK_CONSTRAINT, TK_INTO,       
+    TK_OFFSET,     TK_OF,         TK_SET,        TK_TEMP,       TK_TEMP,       
+    TK_OR,         TK_UNIQUE,     TK_QUERY,      TK_WITHOUT,    TK_WITH,       
+    TK_JOIN_KW,    TK_RELEASE,    TK_ATTACH,     TK_HAVING,     TK_GROUP,      
+    TK_UPDATE,     TK_BEGIN,      TK_JOIN_KW,    TK_RECURSIVE,  TK_BETWEEN,    
+    TK_NOTNULL,    TK_NOT,        TK_NO,         TK_NULL,       TK_LIKE_KW,    
+    TK_CASCADE,    TK_ASC,        TK_DELETE,     TK_CASE,       TK_COLLATE,    
+    TK_CREATE,     TK_CTIME_KW,   TK_DETACH,     TK_IMMEDIATE,  TK_JOIN,       
+    TK_INSERT,     TK_MATCH,      TK_PLAN,       TK_ANALYZE,    TK_PRAGMA,     
+    TK_ABORT,      TK_VALUES,     TK_VIRTUAL,    TK_LIMIT,      TK_WHEN,       
+    TK_WHERE,      TK_RENAME,     TK_AFTER,      TK_REPLACE,    TK_AND,        
+    TK_DEFAULT,    TK_AUTOINCR,   TK_TO,         TK_IN,         TK_CAST,       
+    TK_COLUMNKW,   TK_COMMIT,     TK_CONFLICT,   TK_JOIN_KW,    TK_CTIME_KW,   
+    TK_CTIME_KW,   TK_PRIMARY,    TK_DEFERRED,   TK_DISTINCT,   TK_IS,         
+    TK_DROP,       TK_FAIL,       TK_FROM,       TK_JOIN_KW,    TK_LIKE_KW,    
+    TK_BY,         TK_IF,         TK_ISNULL,     TK_ORDER,      TK_RESTRICT,   
+    TK_JOIN_KW,    TK_ROLLBACK,   TK_ROW,        TK_UNION,      TK_USING,      
+    TK_VACUUM,     TK_VIEW,       TK_INITIALLY,  TK_ALL,        
+  };
+  int h, i;
+  if( n>=2 ){
+    h = ((charMap(z[0])*4) ^ (charMap(z[n-1])*3) ^ n) % 127;
+    for(i=((int)aHash[h])-1; i>=0; i=((int)aNext[i])-1){
+      if( aLen[i]==n && sqlite3StrNICmp(&zText[aOffset[i]],z,n)==0 ){
+        testcase( i==0 ); /* REINDEX */
+        testcase( i==1 ); /* INDEXED */
+        testcase( i==2 ); /* INDEX */
+        testcase( i==3 ); /* DESC */
+        testcase( i==4 ); /* ESCAPE */
+        testcase( i==5 ); /* EACH */
+        testcase( i==6 ); /* CHECK */
+        testcase( i==7 ); /* KEY */
+        testcase( i==8 ); /* BEFORE */
+        testcase( i==9 ); /* FOREIGN */
+        testcase( i==10 ); /* FOR */
+        testcase( i==11 ); /* IGNORE */
+        testcase( i==12 ); /* REGEXP */
+        testcase( i==13 ); /* EXPLAIN */
+        testcase( i==14 ); /* INSTEAD */
+        testcase( i==15 ); /* ADD */
+        testcase( i==16 ); /* DATABASE */
+        testcase( i==17 ); /* AS */
+        testcase( i==18 ); /* SELECT */
+        testcase( i==19 ); /* TABLE */
+        testcase( i==20 ); /* LEFT */
+        testcase( i==21 ); /* THEN */
+        testcase( i==22 ); /* END */
+        testcase( i==23 ); /* DEFERRABLE */
+        testcase( i==24 ); /* ELSE */
+        testcase( i==25 ); /* EXCEPT */
+        testcase( i==26 ); /* TRANSACTION */
+        testcase( i==27 ); /* ACTION */
+        testcase( i==28 ); /* ON */
+        testcase( i==29 ); /* NATURAL */
+        testcase( i==30 ); /* ALTER */
+        testcase( i==31 ); /* RAISE */
+        testcase( i==32 ); /* EXCLUSIVE */
+        testcase( i==33 ); /* EXISTS */
+        testcase( i==34 ); /* SAVEPOINT */
+        testcase( i==35 ); /* INTERSECT */
+        testcase( i==36 ); /* TRIGGER */
+        testcase( i==37 ); /* REFERENCES */
+        testcase( i==38 ); /* CONSTRAINT */
+        testcase( i==39 ); /* INTO */
+        testcase( i==40 ); /* OFFSET */
+        testcase( i==41 ); /* OF */
+        testcase( i==42 ); /* SET */
+        testcase( i==43 ); /* TEMPORARY */
+        testcase( i==44 ); /* TEMP */
+        testcase( i==45 ); /* OR */
+        testcase( i==46 ); /* UNIQUE */
+        testcase( i==47 ); /* QUERY */
+        testcase( i==48 ); /* WITHOUT */
+        testcase( i==49 ); /* WITH */
+        testcase( i==50 ); /* OUTER */
+        testcase( i==51 ); /* RELEASE */
+        testcase( i==52 ); /* ATTACH */
+        testcase( i==53 ); /* HAVING */
+        testcase( i==54 ); /* GROUP */
+        testcase( i==55 ); /* UPDATE */
+        testcase( i==56 ); /* BEGIN */
+        testcase( i==57 ); /* INNER */
+        testcase( i==58 ); /* RECURSIVE */
+        testcase( i==59 ); /* BETWEEN */
+        testcase( i==60 ); /* NOTNULL */
+        testcase( i==61 ); /* NOT */
+        testcase( i==62 ); /* NO */
+        testcase( i==63 ); /* NULL */
+        testcase( i==64 ); /* LIKE */
+        testcase( i==65 ); /* CASCADE */
+        testcase( i==66 ); /* ASC */
+        testcase( i==67 ); /* DELETE */
+        testcase( i==68 ); /* CASE */
+        testcase( i==69 ); /* COLLATE */
+        testcase( i==70 ); /* CREATE */
+        testcase( i==71 ); /* CURRENT_DATE */
+        testcase( i==72 ); /* DETACH */
+        testcase( i==73 ); /* IMMEDIATE */
+        testcase( i==74 ); /* JOIN */
+        testcase( i==75 ); /* INSERT */
+        testcase( i==76 ); /* MATCH */
+        testcase( i==77 ); /* PLAN */
+        testcase( i==78 ); /* ANALYZE */
+        testcase( i==79 ); /* PRAGMA */
+        testcase( i==80 ); /* ABORT */
+        testcase( i==81 ); /* VALUES */
+        testcase( i==82 ); /* VIRTUAL */
+        testcase( i==83 ); /* LIMIT */
+        testcase( i==84 ); /* WHEN */
+        testcase( i==85 ); /* WHERE */
+        testcase( i==86 ); /* RENAME */
+        testcase( i==87 ); /* AFTER */
+        testcase( i==88 ); /* REPLACE */
+        testcase( i==89 ); /* AND */
+        testcase( i==90 ); /* DEFAULT */
+        testcase( i==91 ); /* AUTOINCREMENT */
+        testcase( i==92 ); /* TO */
+        testcase( i==93 ); /* IN */
+        testcase( i==94 ); /* CAST */
+        testcase( i==95 ); /* COLUMN */
+        testcase( i==96 ); /* COMMIT */
+        testcase( i==97 ); /* CONFLICT */
+        testcase( i==98 ); /* CROSS */
+        testcase( i==99 ); /* CURRENT_TIMESTAMP */
+        testcase( i==100 ); /* CURRENT_TIME */
+        testcase( i==101 ); /* PRIMARY */
+        testcase( i==102 ); /* DEFERRED */
+        testcase( i==103 ); /* DISTINCT */
+        testcase( i==104 ); /* IS */
+        testcase( i==105 ); /* DROP */
+        testcase( i==106 ); /* FAIL */
+        testcase( i==107 ); /* FROM */
+        testcase( i==108 ); /* FULL */
+        testcase( i==109 ); /* GLOB */
+        testcase( i==110 ); /* BY */
+        testcase( i==111 ); /* IF */
+        testcase( i==112 ); /* ISNULL */
+        testcase( i==113 ); /* ORDER */
+        testcase( i==114 ); /* RESTRICT */
+        testcase( i==115 ); /* RIGHT */
+        testcase( i==116 ); /* ROLLBACK */
+        testcase( i==117 ); /* ROW */
+        testcase( i==118 ); /* UNION */
+        testcase( i==119 ); /* USING */
+        testcase( i==120 ); /* VACUUM */
+        testcase( i==121 ); /* VIEW */
+        testcase( i==122 ); /* INITIALLY */
+        testcase( i==123 ); /* ALL */
+        *pType = aCode[i];
+        break;
+      }
+    }
+  }
+  return n;
+}
+SQLITE_PRIVATE int sqlite3KeywordCode(const unsigned char *z, int n){
+  int id = TK_ID;
+  keywordCode((char*)z, n, &id);
+  return id;
+}
+#define SQLITE_N_KEYWORD 124
+
+/************** End of keywordhash.h *****************************************/
+/************** Continuing where we left off in tokenize.c *******************/
+
+
+/*
+** If X is a character that can be used in an identifier then
+** IdChar(X) will be true.  Otherwise it is false.
+**
+** For ASCII, any character with the high-order bit set is
+** allowed in an identifier.  For 7-bit characters, 
+** sqlite3IsIdChar[X] must be 1.
+**
+** For EBCDIC, the rules are more complex but have the same
+** end result.
+**
+** Ticket #1066.  the SQL standard does not allow '$' in the
+** middle of identifiers.  But many SQL implementations do. 
+** SQLite will allow '$' in identifiers for compatibility.
+** But the feature is undocumented.
+*/
+#ifdef SQLITE_ASCII
+#define IdChar(C)  ((sqlite3CtypeMap[(unsigned char)C]&0x46)!=0)
+#endif
+#ifdef SQLITE_EBCDIC
+SQLITE_PRIVATE const char sqlite3IsEbcdicIdChar[] = {
+/* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF */
+    0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,  /* 4x */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 0, 0,  /* 5x */
+    0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 0,  /* 6x */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0,  /* 7x */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0,  /* 8x */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 0,  /* 9x */
+    1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0,  /* Ax */
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  /* Bx */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1,  /* Cx */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1,  /* Dx */
+    0, 0, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1,  /* Ex */
+    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0,  /* Fx */
+};
+#define IdChar(C)  (((c=C)>=0x42 && sqlite3IsEbcdicIdChar[c-0x40]))
+#endif
+
+/* Make the IdChar function accessible from ctime.c */
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+SQLITE_PRIVATE int sqlite3IsIdChar(u8 c){ return IdChar(c); }
+#endif
+
+
+/*
+** Return the length of the token that begins at z[0]. 
+** Store the token type in *tokenType before returning.
+*/
+SQLITE_PRIVATE int sqlite3GetToken(const unsigned char *z, int *tokenType){
+  int i, c;
+  switch( *z ){
+    case ' ': case '\t': case '\n': case '\f': case '\r': {
+      testcase( z[0]==' ' );
+      testcase( z[0]=='\t' );
+      testcase( z[0]=='\n' );
+      testcase( z[0]=='\f' );
+      testcase( z[0]=='\r' );
+      for(i=1; sqlite3Isspace(z[i]); i++){}
+      *tokenType = TK_SPACE;
+      return i;
+    }
+    case '-': {
+      if( z[1]=='-' ){
+        for(i=2; (c=z[i])!=0 && c!='\n'; i++){}
+        *tokenType = TK_SPACE;   /* IMP: R-22934-25134 */
+        return i;
+      }
+      *tokenType = TK_MINUS;
+      return 1;
+    }
+    case '(': {
+      *tokenType = TK_LP;
+      return 1;
+    }
+    case ')': {
+      *tokenType = TK_RP;
+      return 1;
+    }
+    case ';': {
+      *tokenType = TK_SEMI;
+      return 1;
+    }
+    case '+': {
+      *tokenType = TK_PLUS;
+      return 1;
+    }
+    case '*': {
+      *tokenType = TK_STAR;
+      return 1;
+    }
+    case '/': {
+      if( z[1]!='*' || z[2]==0 ){
+        *tokenType = TK_SLASH;
+        return 1;
+      }
+      for(i=3, c=z[2]; (c!='*' || z[i]!='/') && (c=z[i])!=0; i++){}
+      if( c ) i++;
+      *tokenType = TK_SPACE;   /* IMP: R-22934-25134 */
+      return i;
+    }
+    case '%': {
+      *tokenType = TK_REM;
+      return 1;
+    }
+    case '=': {
+      *tokenType = TK_EQ;
+      return 1 + (z[1]=='=');
+    }
+    case '<': {
+      if( (c=z[1])=='=' ){
+        *tokenType = TK_LE;
+        return 2;
+      }else if( c=='>' ){
+        *tokenType = TK_NE;
+        return 2;
+      }else if( c=='<' ){
+        *tokenType = TK_LSHIFT;
+        return 2;
+      }else{
+        *tokenType = TK_LT;
+        return 1;
+      }
+    }
+    case '>': {
+      if( (c=z[1])=='=' ){
+        *tokenType = TK_GE;
+        return 2;
+      }else if( c=='>' ){
+        *tokenType = TK_RSHIFT;
+        return 2;
+      }else{
+        *tokenType = TK_GT;
+        return 1;
+      }
+    }
+    case '!': {
+      if( z[1]!='=' ){
+        *tokenType = TK_ILLEGAL;
+        return 2;
+      }else{
+        *tokenType = TK_NE;
+        return 2;
+      }
+    }
+    case '|': {
+      if( z[1]!='|' ){
+        *tokenType = TK_BITOR;
+        return 1;
+      }else{
+        *tokenType = TK_CONCAT;
+        return 2;
+      }
+    }
+    case ',': {
+      *tokenType = TK_COMMA;
+      return 1;
+    }
+    case '&': {
+      *tokenType = TK_BITAND;
+      return 1;
+    }
+    case '~': {
+      *tokenType = TK_BITNOT;
+      return 1;
+    }
+    case '`':
+    case '\'':
+    case '"': {
+      int delim = z[0];
+      testcase( delim=='`' );
+      testcase( delim=='\'' );
+      testcase( delim=='"' );
+      for(i=1; (c=z[i])!=0; i++){
+        if( c==delim ){
+          if( z[i+1]==delim ){
+            i++;
+          }else{
+            break;
+          }
+        }
+      }
+      if( c=='\'' ){
+        *tokenType = TK_STRING;
+        return i+1;
+      }else if( c!=0 ){
+        *tokenType = TK_ID;
+        return i+1;
+      }else{
+        *tokenType = TK_ILLEGAL;
+        return i;
+      }
+    }
+    case '.': {
+#ifndef SQLITE_OMIT_FLOATING_POINT
+      if( !sqlite3Isdigit(z[1]) )
+#endif
+      {
+        *tokenType = TK_DOT;
+        return 1;
+      }
+      /* If the next character is a digit, this is a floating point
+      ** number that begins with ".".  Fall thru into the next case */
+    }
+    case '0': case '1': case '2': case '3': case '4':
+    case '5': case '6': case '7': case '8': case '9': {
+      testcase( z[0]=='0' );  testcase( z[0]=='1' );  testcase( z[0]=='2' );
+      testcase( z[0]=='3' );  testcase( z[0]=='4' );  testcase( z[0]=='5' );
+      testcase( z[0]=='6' );  testcase( z[0]=='7' );  testcase( z[0]=='8' );
+      testcase( z[0]=='9' );
+      *tokenType = TK_INTEGER;
+#ifndef SQLITE_OMIT_HEX_INTEGER
+      if( z[0]=='0' && (z[1]=='x' || z[1]=='X') && sqlite3Isxdigit(z[2]) ){
+        for(i=3; sqlite3Isxdigit(z[i]); i++){}
+        return i;
+      }
+#endif
+      for(i=0; sqlite3Isdigit(z[i]); i++){}
+#ifndef SQLITE_OMIT_FLOATING_POINT
+      if( z[i]=='.' ){
+        i++;
+        while( sqlite3Isdigit(z[i]) ){ i++; }
+        *tokenType = TK_FLOAT;
+      }
+      if( (z[i]=='e' || z[i]=='E') &&
+           ( sqlite3Isdigit(z[i+1]) 
+            || ((z[i+1]=='+' || z[i+1]=='-') && sqlite3Isdigit(z[i+2]))
+           )
+      ){
+        i += 2;
+        while( sqlite3Isdigit(z[i]) ){ i++; }
+        *tokenType = TK_FLOAT;
+      }
+#endif
+      while( IdChar(z[i]) ){
+        *tokenType = TK_ILLEGAL;
+        i++;
+      }
+      return i;
+    }
+    case '[': {
+      for(i=1, c=z[0]; c!=']' && (c=z[i])!=0; i++){}
+      *tokenType = c==']' ? TK_ID : TK_ILLEGAL;
+      return i;
+    }
+    case '?': {
+      *tokenType = TK_VARIABLE;
+      for(i=1; sqlite3Isdigit(z[i]); i++){}
+      return i;
+    }
+#ifndef SQLITE_OMIT_TCL_VARIABLE
+    case '$':
+#endif
+    case '@':  /* For compatibility with MS SQL Server */
+    case '#':
+    case ':': {
+      int n = 0;
+      testcase( z[0]=='$' );  testcase( z[0]=='@' );
+      testcase( z[0]==':' );  testcase( z[0]=='#' );
+      *tokenType = TK_VARIABLE;
+      for(i=1; (c=z[i])!=0; i++){
+        if( IdChar(c) ){
+          n++;
+#ifndef SQLITE_OMIT_TCL_VARIABLE
+        }else if( c=='(' && n>0 ){
+          do{
+            i++;
+          }while( (c=z[i])!=0 && !sqlite3Isspace(c) && c!=')' );
+          if( c==')' ){
+            i++;
+          }else{
+            *tokenType = TK_ILLEGAL;
+          }
+          break;
+        }else if( c==':' && z[i+1]==':' ){
+          i++;
+#endif
+        }else{
+          break;
+        }
+      }
+      if( n==0 ) *tokenType = TK_ILLEGAL;
+      return i;
+    }
+#ifndef SQLITE_OMIT_BLOB_LITERAL
+    case 'x': case 'X': {
+      testcase( z[0]=='x' ); testcase( z[0]=='X' );
+      if( z[1]=='\'' ){
+        *tokenType = TK_BLOB;
+        for(i=2; sqlite3Isxdigit(z[i]); i++){}
+        if( z[i]!='\'' || i%2 ){
+          *tokenType = TK_ILLEGAL;
+          while( z[i] && z[i]!='\'' ){ i++; }
+        }
+        if( z[i] ) i++;
+        return i;
+      }
+      /* Otherwise fall through to the next case */
+    }
+#endif
+    default: {
+      if( !IdChar(*z) ){
+        break;
+      }
+      for(i=1; IdChar(z[i]); i++){}
+      *tokenType = TK_ID;
+      return keywordCode((char*)z, i, tokenType);
+    }
+  }
+  *tokenType = TK_ILLEGAL;
+  return 1;
+}
+
+/*
+** Run the parser on the given SQL string.  The parser structure is
+** passed in.  An SQLITE_ status code is returned.  If an error occurs
+** then an and attempt is made to write an error message into 
+** memory obtained from sqlite3_malloc() and to make *pzErrMsg point to that
+** error message.
+*/
+SQLITE_PRIVATE int sqlite3RunParser(Parse *pParse, const char *zSql, char **pzErrMsg){
+  int nErr = 0;                   /* Number of errors encountered */
+  int i;                          /* Loop counter */
+  void *pEngine;                  /* The LEMON-generated LALR(1) parser */
+  int tokenType;                  /* type of the next token */
+  int lastTokenParsed = -1;       /* type of the previous token */
+  u8 enableLookaside;             /* Saved value of db->lookaside.bEnabled */
+  sqlite3 *db = pParse->db;       /* The database connection */
+  int mxSqlLen;                   /* Max length of an SQL string */
+
+  assert( zSql!=0 );
+  mxSqlLen = db->aLimit[SQLITE_LIMIT_SQL_LENGTH];
+  if( db->nVdbeActive==0 ){
+    db->u1.isInterrupted = 0;
+  }
+  pParse->rc = SQLITE_OK;
+  pParse->zTail = zSql;
+  i = 0;
+  assert( pzErrMsg!=0 );
+  /* sqlite3ParserTrace(stdout, "parser: "); */
+  pEngine = sqlite3ParserAlloc(sqlite3Malloc);
+  if( pEngine==0 ){
+    db->mallocFailed = 1;
+    return SQLITE_NOMEM;
+  }
+  assert( pParse->pNewTable==0 );
+  assert( pParse->pNewTrigger==0 );
+  assert( pParse->nVar==0 );
+  assert( pParse->nzVar==0 );
+  assert( pParse->azVar==0 );
+  enableLookaside = db->lookaside.bEnabled;
+  if( db->lookaside.pStart ) db->lookaside.bEnabled = 1;
+  while( zSql[i]!=0 ){
+    assert( i>=0 );
+    pParse->sLastToken.z = &zSql[i];
+    pParse->sLastToken.n = sqlite3GetToken((unsigned char*)&zSql[i],&tokenType);
+    i += pParse->sLastToken.n;
+    if( i>mxSqlLen ){
+      pParse->rc = SQLITE_TOOBIG;
+      break;
+    }
+    if( tokenType>=TK_SPACE ){
+      assert( tokenType==TK_SPACE || tokenType==TK_ILLEGAL );
+      if( db->u1.isInterrupted ){
+        sqlite3ErrorMsg(pParse, "interrupt");
+        pParse->rc = SQLITE_INTERRUPT;
+        break;
+      }
+      if( tokenType==TK_ILLEGAL ){
+        sqlite3ErrorMsg(pParse, "unrecognized token: \"%T\"",
+                        &pParse->sLastToken);
+        break;
+      }
+    }else{
+      if( tokenType==TK_SEMI ) pParse->zTail = &zSql[i];
+      sqlite3Parser(pEngine, tokenType, pParse->sLastToken, pParse);
+      lastTokenParsed = tokenType;
+      if( pParse->rc!=SQLITE_OK || db->mallocFailed ) break;
+    }
+  }
+  assert( nErr==0 );
+  if( pParse->rc==SQLITE_OK && db->mallocFailed==0 ){
+    assert( zSql[i]==0 );
+    if( lastTokenParsed!=TK_SEMI ){
+      sqlite3Parser(pEngine, TK_SEMI, pParse->sLastToken, pParse);
+      pParse->zTail = &zSql[i];
+    }
+    if( pParse->rc==SQLITE_OK && db->mallocFailed==0 ){
+      sqlite3Parser(pEngine, 0, pParse->sLastToken, pParse);
+    }
+  }
+#ifdef YYTRACKMAXSTACKDEPTH
+  sqlite3_mutex_enter(sqlite3MallocMutex());
+  sqlite3StatusHighwater(SQLITE_STATUS_PARSER_STACK,
+      sqlite3ParserStackPeak(pEngine)
+  );
+  sqlite3_mutex_leave(sqlite3MallocMutex());
+#endif /* YYDEBUG */
+  sqlite3ParserFree(pEngine, sqlite3_free);
+  db->lookaside.bEnabled = enableLookaside;
+  if( db->mallocFailed ){
+    pParse->rc = SQLITE_NOMEM;
+  }
+  if( pParse->rc!=SQLITE_OK && pParse->rc!=SQLITE_DONE && pParse->zErrMsg==0 ){
+    pParse->zErrMsg = sqlite3MPrintf(db, "%s", sqlite3ErrStr(pParse->rc));
+  }
+  assert( pzErrMsg!=0 );
+  if( pParse->zErrMsg ){
+    *pzErrMsg = pParse->zErrMsg;
+    sqlite3_log(pParse->rc, "%s", *pzErrMsg);
+    pParse->zErrMsg = 0;
+    nErr++;
+  }
+  if( pParse->pVdbe && pParse->nErr>0 && pParse->nested==0 ){
+    sqlite3VdbeDelete(pParse->pVdbe);
+    pParse->pVdbe = 0;
+  }
+#ifndef SQLITE_OMIT_SHARED_CACHE
+  if( pParse->nested==0 ){
+    sqlite3DbFree(db, pParse->aTableLock);
+    pParse->aTableLock = 0;
+    pParse->nTableLock = 0;
+  }
+#endif
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  sqlite3_free(pParse->apVtabLock);
+#endif
+
+  if( !IN_DECLARE_VTAB ){
+    /* If the pParse->declareVtab flag is set, do not delete any table 
+    ** structure built up in pParse->pNewTable. The calling code (see vtab.c)
+    ** will take responsibility for freeing the Table structure.
+    */
+    sqlite3DeleteTable(db, pParse->pNewTable);
+  }
+
+  sqlite3WithDelete(db, pParse->pWithToFree);
+  sqlite3DeleteTrigger(db, pParse->pNewTrigger);
+  for(i=pParse->nzVar-1; i>=0; i--) sqlite3DbFree(db, pParse->azVar[i]);
+  sqlite3DbFree(db, pParse->azVar);
+  while( pParse->pAinc ){
+    AutoincInfo *p = pParse->pAinc;
+    pParse->pAinc = p->pNext;
+    sqlite3DbFree(db, p);
+  }
+  while( pParse->pZombieTab ){
+    Table *p = pParse->pZombieTab;
+    pParse->pZombieTab = p->pNextZombie;
+    sqlite3DeleteTable(db, p);
+  }
+  assert( nErr==0 || pParse->rc!=SQLITE_OK );
+  return nErr;
+}
+
+/************** End of tokenize.c ********************************************/
+/************** Begin file complete.c ****************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** An tokenizer for SQL
+**
+** This file contains C code that implements the sqlite3_complete() API.
+** This code used to be part of the tokenizer.c source file.  But by
+** separating it out, the code will be automatically omitted from
+** static links that do not use it.
+*/
+/* #include "sqliteInt.h" */
+#ifndef SQLITE_OMIT_COMPLETE
+
+/*
+** This is defined in tokenize.c.  We just have to import the definition.
+*/
+#ifndef SQLITE_AMALGAMATION
+#ifdef SQLITE_ASCII
+#define IdChar(C)  ((sqlite3CtypeMap[(unsigned char)C]&0x46)!=0)
+#endif
+#ifdef SQLITE_EBCDIC
+SQLITE_PRIVATE const char sqlite3IsEbcdicIdChar[];
+#define IdChar(C)  (((c=C)>=0x42 && sqlite3IsEbcdicIdChar[c-0x40]))
+#endif
+#endif /* SQLITE_AMALGAMATION */
+
+
+/*
+** Token types used by the sqlite3_complete() routine.  See the header
+** comments on that procedure for additional information.
+*/
+#define tkSEMI    0
+#define tkWS      1
+#define tkOTHER   2
+#ifndef SQLITE_OMIT_TRIGGER
+#define tkEXPLAIN 3
+#define tkCREATE  4
+#define tkTEMP    5
+#define tkTRIGGER 6
+#define tkEND     7
+#endif
+
+/*
+** Return TRUE if the given SQL string ends in a semicolon.
+**
+** Special handling is require for CREATE TRIGGER statements.
+** Whenever the CREATE TRIGGER keywords are seen, the statement
+** must end with ";END;".
+**
+** This implementation uses a state machine with 8 states:
+**
+**   (0) INVALID   We have not yet seen a non-whitespace character.
+**
+**   (1) START     At the beginning or end of an SQL statement.  This routine
+**                 returns 1 if it ends in the START state and 0 if it ends
+**                 in any other state.
+**
+**   (2) NORMAL    We are in the middle of statement which ends with a single
+**                 semicolon.
+**
+**   (3) EXPLAIN   The keyword EXPLAIN has been seen at the beginning of 
+**                 a statement.
+**
+**   (4) CREATE    The keyword CREATE has been seen at the beginning of a
+**                 statement, possibly preceded by EXPLAIN and/or followed by
+**                 TEMP or TEMPORARY
+**
+**   (5) TRIGGER   We are in the middle of a trigger definition that must be
+**                 ended by a semicolon, the keyword END, and another semicolon.
+**
+**   (6) SEMI      We've seen the first semicolon in the ";END;" that occurs at
+**                 the end of a trigger definition.
+**
+**   (7) END       We've seen the ";END" of the ";END;" that occurs at the end
+**                 of a trigger definition.
+**
+** Transitions between states above are determined by tokens extracted
+** from the input.  The following tokens are significant:
+**
+**   (0) tkSEMI      A semicolon.
+**   (1) tkWS        Whitespace.
+**   (2) tkOTHER     Any other SQL token.
+**   (3) tkEXPLAIN   The "explain" keyword.
+**   (4) tkCREATE    The "create" keyword.
+**   (5) tkTEMP      The "temp" or "temporary" keyword.
+**   (6) tkTRIGGER   The "trigger" keyword.
+**   (7) tkEND       The "end" keyword.
+**
+** Whitespace never causes a state transition and is always ignored.
+** This means that a SQL string of all whitespace is invalid.
+**
+** If we compile with SQLITE_OMIT_TRIGGER, all of the computation needed
+** to recognize the end of a trigger can be omitted.  All we have to do
+** is look for a semicolon that is not part of an string or comment.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_complete(const char *zSql){
+  u8 state = 0;   /* Current state, using numbers defined in header comment */
+  u8 token;       /* Value of the next token */
+
+#ifndef SQLITE_OMIT_TRIGGER
+  /* A complex statement machine used to detect the end of a CREATE TRIGGER
+  ** statement.  This is the normal case.
+  */
+  static const u8 trans[8][8] = {
+                     /* Token:                                                */
+     /* State:       **  SEMI  WS  OTHER  EXPLAIN  CREATE  TEMP  TRIGGER  END */
+     /* 0 INVALID: */ {    1,  0,     2,       3,      4,    2,       2,   2, },
+     /* 1   START: */ {    1,  1,     2,       3,      4,    2,       2,   2, },
+     /* 2  NORMAL: */ {    1,  2,     2,       2,      2,    2,       2,   2, },
+     /* 3 EXPLAIN: */ {    1,  3,     3,       2,      4,    2,       2,   2, },
+     /* 4  CREATE: */ {    1,  4,     2,       2,      2,    4,       5,   2, },
+     /* 5 TRIGGER: */ {    6,  5,     5,       5,      5,    5,       5,   5, },
+     /* 6    SEMI: */ {    6,  6,     5,       5,      5,    5,       5,   7, },
+     /* 7     END: */ {    1,  7,     5,       5,      5,    5,       5,   5, },
+  };
+#else
+  /* If triggers are not supported by this compile then the statement machine
+  ** used to detect the end of a statement is much simpler
+  */
+  static const u8 trans[3][3] = {
+                     /* Token:           */
+     /* State:       **  SEMI  WS  OTHER */
+     /* 0 INVALID: */ {    1,  0,     2, },
+     /* 1   START: */ {    1,  1,     2, },
+     /* 2  NORMAL: */ {    1,  2,     2, },
+  };
+#endif /* SQLITE_OMIT_TRIGGER */
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( zSql==0 ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+
+  while( *zSql ){
+    switch( *zSql ){
+      case ';': {  /* A semicolon */
+        token = tkSEMI;
+        break;
+      }
+      case ' ':
+      case '\r':
+      case '\t':
+      case '\n':
+      case '\f': {  /* White space is ignored */
+        token = tkWS;
+        break;
+      }
+      case '/': {   /* C-style comments */
+        if( zSql[1]!='*' ){
+          token = tkOTHER;
+          break;
+        }
+        zSql += 2;
+        while( zSql[0] && (zSql[0]!='*' || zSql[1]!='/') ){ zSql++; }
+        if( zSql[0]==0 ) return 0;
+        zSql++;
+        token = tkWS;
+        break;
+      }
+      case '-': {   /* SQL-style comments from "--" to end of line */
+        if( zSql[1]!='-' ){
+          token = tkOTHER;
+          break;
+        }
+        while( *zSql && *zSql!='\n' ){ zSql++; }
+        if( *zSql==0 ) return state==1;
+        token = tkWS;
+        break;
+      }
+      case '[': {   /* Microsoft-style identifiers in [...] */
+        zSql++;
+        while( *zSql && *zSql!=']' ){ zSql++; }
+        if( *zSql==0 ) return 0;
+        token = tkOTHER;
+        break;
+      }
+      case '`':     /* Grave-accent quoted symbols used by MySQL */
+      case '"':     /* single- and double-quoted strings */
+      case '\'': {
+        int c = *zSql;
+        zSql++;
+        while( *zSql && *zSql!=c ){ zSql++; }
+        if( *zSql==0 ) return 0;
+        token = tkOTHER;
+        break;
+      }
+      default: {
+#ifdef SQLITE_EBCDIC
+        unsigned char c;
+#endif
+        if( IdChar((u8)*zSql) ){
+          /* Keywords and unquoted identifiers */
+          int nId;
+          for(nId=1; IdChar(zSql[nId]); nId++){}
+#ifdef SQLITE_OMIT_TRIGGER
+          token = tkOTHER;
+#else
+          switch( *zSql ){
+            case 'c': case 'C': {
+              if( nId==6 && sqlite3StrNICmp(zSql, "create", 6)==0 ){
+                token = tkCREATE;
+              }else{
+                token = tkOTHER;
+              }
+              break;
+            }
+            case 't': case 'T': {
+              if( nId==7 && sqlite3StrNICmp(zSql, "trigger", 7)==0 ){
+                token = tkTRIGGER;
+              }else if( nId==4 && sqlite3StrNICmp(zSql, "temp", 4)==0 ){
+                token = tkTEMP;
+              }else if( nId==9 && sqlite3StrNICmp(zSql, "temporary", 9)==0 ){
+                token = tkTEMP;
+              }else{
+                token = tkOTHER;
+              }
+              break;
+            }
+            case 'e':  case 'E': {
+              if( nId==3 && sqlite3StrNICmp(zSql, "end", 3)==0 ){
+                token = tkEND;
+              }else
+#ifndef SQLITE_OMIT_EXPLAIN
+              if( nId==7 && sqlite3StrNICmp(zSql, "explain", 7)==0 ){
+                token = tkEXPLAIN;
+              }else
+#endif
+              {
+                token = tkOTHER;
+              }
+              break;
+            }
+            default: {
+              token = tkOTHER;
+              break;
+            }
+          }
+#endif /* SQLITE_OMIT_TRIGGER */
+          zSql += nId-1;
+        }else{
+          /* Operators and special symbols */
+          token = tkOTHER;
+        }
+        break;
+      }
+    }
+    state = trans[state][token];
+    zSql++;
+  }
+  return state==1;
+}
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** This routine is the same as the sqlite3_complete() routine described
+** above, except that the parameter is required to be UTF-16 encoded, not
+** UTF-8.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_complete16(const void *zSql){
+  sqlite3_value *pVal;
+  char const *zSql8;
+  int rc;
+
+#ifndef SQLITE_OMIT_AUTOINIT
+  rc = sqlite3_initialize();
+  if( rc ) return rc;
+#endif
+  pVal = sqlite3ValueNew(0);
+  sqlite3ValueSetStr(pVal, -1, zSql, SQLITE_UTF16NATIVE, SQLITE_STATIC);
+  zSql8 = sqlite3ValueText(pVal, SQLITE_UTF8);
+  if( zSql8 ){
+    rc = sqlite3_complete(zSql8);
+  }else{
+    rc = SQLITE_NOMEM;
+  }
+  sqlite3ValueFree(pVal);
+  return rc & 0xff;
+}
+#endif /* SQLITE_OMIT_UTF16 */
+#endif /* SQLITE_OMIT_COMPLETE */
+
+/************** End of complete.c ********************************************/
+/************** Begin file main.c ********************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Main file for the SQLite library.  The routines in this file
+** implement the programmer interface to the library.  Routines in
+** other files are for internal use by SQLite and should not be
+** accessed by users of the library.
+*/
+/* #include "sqliteInt.h" */
+
+#ifdef SQLITE_ENABLE_FTS3
+/************** Include fts3.h in the middle of main.c ***********************/
+/************** Begin file fts3.h ********************************************/
+/*
+** 2006 Oct 10
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This header file is used by programs that want to link against the
+** FTS3 library.  All it does is declare the sqlite3Fts3Init() interface.
+*/
+/* #include "sqlite3.h" */
+
+#if 0
+extern "C" {
+#endif  /* __cplusplus */
+
+SQLITE_PRIVATE int sqlite3Fts3Init(sqlite3 *db);
+
+#if 0
+}  /* extern "C" */
+#endif  /* __cplusplus */
+
+/************** End of fts3.h ************************************************/
+/************** Continuing where we left off in main.c ***********************/
+#endif
+#ifdef SQLITE_ENABLE_RTREE
+/************** Include rtree.h in the middle of main.c **********************/
+/************** Begin file rtree.h *******************************************/
+/*
+** 2008 May 26
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This header file is used by programs that want to link against the
+** RTREE library.  All it does is declare the sqlite3RtreeInit() interface.
+*/
+/* #include "sqlite3.h" */
+
+#if 0
+extern "C" {
+#endif  /* __cplusplus */
+
+SQLITE_PRIVATE int sqlite3RtreeInit(sqlite3 *db);
+
+#if 0
+}  /* extern "C" */
+#endif  /* __cplusplus */
+
+/************** End of rtree.h ***********************************************/
+/************** Continuing where we left off in main.c ***********************/
+#endif
+#ifdef SQLITE_ENABLE_ICU
+/************** Include sqliteicu.h in the middle of main.c ******************/
+/************** Begin file sqliteicu.h ***************************************/
+/*
+** 2008 May 26
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This header file is used by programs that want to link against the
+** ICU extension.  All it does is declare the sqlite3IcuInit() interface.
+*/
+/* #include "sqlite3.h" */
+
+#if 0
+extern "C" {
+#endif  /* __cplusplus */
+
+SQLITE_PRIVATE int sqlite3IcuInit(sqlite3 *db);
+
+#if 0
+}  /* extern "C" */
+#endif  /* __cplusplus */
+
+
+/************** End of sqliteicu.h *******************************************/
+/************** Continuing where we left off in main.c ***********************/
+#endif
+#ifdef SQLITE_ENABLE_JSON1
+SQLITE_PRIVATE int sqlite3Json1Init(sqlite3*);
+#endif
+#ifdef SQLITE_ENABLE_FTS5
+SQLITE_PRIVATE int sqlite3Fts5Init(sqlite3*);
+#endif
+
+#ifndef SQLITE_AMALGAMATION
+/* IMPLEMENTATION-OF: R-46656-45156 The sqlite3_version[] string constant
+** contains the text of SQLITE_VERSION macro. 
+*/
+SQLITE_API const char sqlite3_version[] = SQLITE_VERSION;
+#endif
+
+/* IMPLEMENTATION-OF: R-53536-42575 The sqlite3_libversion() function returns
+** a pointer to the to the sqlite3_version[] string constant. 
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_libversion(void){ return sqlite3_version; }
+
+/* IMPLEMENTATION-OF: R-63124-39300 The sqlite3_sourceid() function returns a
+** pointer to a string constant whose value is the same as the
+** SQLITE_SOURCE_ID C preprocessor macro. 
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_sourceid(void){ return SQLITE_SOURCE_ID; }
+
+/* IMPLEMENTATION-OF: R-35210-63508 The sqlite3_libversion_number() function
+** returns an integer equal to SQLITE_VERSION_NUMBER.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_libversion_number(void){ return SQLITE_VERSION_NUMBER; }
+
+/* IMPLEMENTATION-OF: R-20790-14025 The sqlite3_threadsafe() function returns
+** zero if and only if SQLite was compiled with mutexing code omitted due to
+** the SQLITE_THREADSAFE compile-time option being set to 0.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_threadsafe(void){ return SQLITE_THREADSAFE; }
+
+/*
+** When compiling the test fixture or with debugging enabled (on Win32),
+** this variable being set to non-zero will cause OSTRACE macros to emit
+** extra diagnostic information.
+*/
+#ifdef SQLITE_HAVE_OS_TRACE
+# ifndef SQLITE_DEBUG_OS_TRACE
+#   define SQLITE_DEBUG_OS_TRACE 0
+# endif
+  int sqlite3OSTrace = SQLITE_DEBUG_OS_TRACE;
+#endif
+
+#if !defined(SQLITE_OMIT_TRACE) && defined(SQLITE_ENABLE_IOTRACE)
+/*
+** If the following function pointer is not NULL and if
+** SQLITE_ENABLE_IOTRACE is enabled, then messages describing
+** I/O active are written using this function.  These messages
+** are intended for debugging activity only.
+*/
+SQLITE_API void (SQLITE_CDECL *sqlite3IoTrace)(const char*, ...) = 0;
+#endif
+
+/*
+** If the following global variable points to a string which is the
+** name of a directory, then that directory will be used to store
+** temporary files.
+**
+** See also the "PRAGMA temp_store_directory" SQL command.
+*/
+SQLITE_API char *sqlite3_temp_directory = 0;
+
+/*
+** If the following global variable points to a string which is the
+** name of a directory, then that directory will be used to store
+** all database files specified with a relative pathname.
+**
+** See also the "PRAGMA data_store_directory" SQL command.
+*/
+SQLITE_API char *sqlite3_data_directory = 0;
+
+/*
+** Initialize SQLite.  
+**
+** This routine must be called to initialize the memory allocation,
+** VFS, and mutex subsystems prior to doing any serious work with
+** SQLite.  But as long as you do not compile with SQLITE_OMIT_AUTOINIT
+** this routine will be called automatically by key routines such as
+** sqlite3_open().  
+**
+** This routine is a no-op except on its very first call for the process,
+** or for the first call after a call to sqlite3_shutdown.
+**
+** The first thread to call this routine runs the initialization to
+** completion.  If subsequent threads call this routine before the first
+** thread has finished the initialization process, then the subsequent
+** threads must block until the first thread finishes with the initialization.
+**
+** The first thread might call this routine recursively.  Recursive
+** calls to this routine should not block, of course.  Otherwise the
+** initialization process would never complete.
+**
+** Let X be the first thread to enter this routine.  Let Y be some other
+** thread.  Then while the initial invocation of this routine by X is
+** incomplete, it is required that:
+**
+**    *  Calls to this routine from Y must block until the outer-most
+**       call by X completes.
+**
+**    *  Recursive calls to this routine from thread X return immediately
+**       without blocking.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_initialize(void){
+  MUTEX_LOGIC( sqlite3_mutex *pMaster; )       /* The main static mutex */
+  int rc;                                      /* Result code */
+#ifdef SQLITE_EXTRA_INIT
+  int bRunExtraInit = 0;                       /* Extra initialization needed */
+#endif
+
+#ifdef SQLITE_OMIT_WSD
+  rc = sqlite3_wsd_init(4096, 24);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+#endif
+
+  /* If the following assert() fails on some obscure processor/compiler
+  ** combination, the work-around is to set the correct pointer
+  ** size at compile-time using -DSQLITE_PTRSIZE=n compile-time option */
+  assert( SQLITE_PTRSIZE==sizeof(char*) );
+
+  /* If SQLite is already completely initialized, then this call
+  ** to sqlite3_initialize() should be a no-op.  But the initialization
+  ** must be complete.  So isInit must not be set until the very end
+  ** of this routine.
+  */
+  if( sqlite3GlobalConfig.isInit ) return SQLITE_OK;
+
+  /* Make sure the mutex subsystem is initialized.  If unable to 
+  ** initialize the mutex subsystem, return early with the error.
+  ** If the system is so sick that we are unable to allocate a mutex,
+  ** there is not much SQLite is going to be able to do.
+  **
+  ** The mutex subsystem must take care of serializing its own
+  ** initialization.
+  */
+  rc = sqlite3MutexInit();
+  if( rc ) return rc;
+
+  /* Initialize the malloc() system and the recursive pInitMutex mutex.
+  ** This operation is protected by the STATIC_MASTER mutex.  Note that
+  ** MutexAlloc() is called for a static mutex prior to initializing the
+  ** malloc subsystem - this implies that the allocation of a static
+  ** mutex must not require support from the malloc subsystem.
+  */
+  MUTEX_LOGIC( pMaster = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER); )
+  sqlite3_mutex_enter(pMaster);
+  sqlite3GlobalConfig.isMutexInit = 1;
+  if( !sqlite3GlobalConfig.isMallocInit ){
+    rc = sqlite3MallocInit();
+  }
+  if( rc==SQLITE_OK ){
+    sqlite3GlobalConfig.isMallocInit = 1;
+    if( !sqlite3GlobalConfig.pInitMutex ){
+      sqlite3GlobalConfig.pInitMutex =
+           sqlite3MutexAlloc(SQLITE_MUTEX_RECURSIVE);
+      if( sqlite3GlobalConfig.bCoreMutex && !sqlite3GlobalConfig.pInitMutex ){
+        rc = SQLITE_NOMEM;
+      }
+    }
+  }
+  if( rc==SQLITE_OK ){
+    sqlite3GlobalConfig.nRefInitMutex++;
+  }
+  sqlite3_mutex_leave(pMaster);
+
+  /* If rc is not SQLITE_OK at this point, then either the malloc
+  ** subsystem could not be initialized or the system failed to allocate
+  ** the pInitMutex mutex. Return an error in either case.  */
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  /* Do the rest of the initialization under the recursive mutex so
+  ** that we will be able to handle recursive calls into
+  ** sqlite3_initialize().  The recursive calls normally come through
+  ** sqlite3_os_init() when it invokes sqlite3_vfs_register(), but other
+  ** recursive calls might also be possible.
+  **
+  ** IMPLEMENTATION-OF: R-00140-37445 SQLite automatically serializes calls
+  ** to the xInit method, so the xInit method need not be threadsafe.
+  **
+  ** The following mutex is what serializes access to the appdef pcache xInit
+  ** methods.  The sqlite3_pcache_methods.xInit() all is embedded in the
+  ** call to sqlite3PcacheInitialize().
+  */
+  sqlite3_mutex_enter(sqlite3GlobalConfig.pInitMutex);
+  if( sqlite3GlobalConfig.isInit==0 && sqlite3GlobalConfig.inProgress==0 ){
+    FuncDefHash *pHash = &GLOBAL(FuncDefHash, sqlite3GlobalFunctions);
+    sqlite3GlobalConfig.inProgress = 1;
+#ifdef SQLITE_ENABLE_SQLLOG
+    {
+      extern void sqlite3_init_sqllog(void);
+      sqlite3_init_sqllog();
+    }
+#endif
+    memset(pHash, 0, sizeof(sqlite3GlobalFunctions));
+    sqlite3RegisterGlobalFunctions();
+    if( sqlite3GlobalConfig.isPCacheInit==0 ){
+      rc = sqlite3PcacheInitialize();
+    }
+    if( rc==SQLITE_OK ){
+      sqlite3GlobalConfig.isPCacheInit = 1;
+      rc = sqlite3OsInit();
+    }
+    if( rc==SQLITE_OK ){
+      sqlite3PCacheBufferSetup( sqlite3GlobalConfig.pPage, 
+          sqlite3GlobalConfig.szPage, sqlite3GlobalConfig.nPage);
+      sqlite3GlobalConfig.isInit = 1;
+#ifdef SQLITE_EXTRA_INIT
+      bRunExtraInit = 1;
+#endif
+    }
+    sqlite3GlobalConfig.inProgress = 0;
+  }
+  sqlite3_mutex_leave(sqlite3GlobalConfig.pInitMutex);
+
+  /* Go back under the static mutex and clean up the recursive
+  ** mutex to prevent a resource leak.
+  */
+  sqlite3_mutex_enter(pMaster);
+  sqlite3GlobalConfig.nRefInitMutex--;
+  if( sqlite3GlobalConfig.nRefInitMutex<=0 ){
+    assert( sqlite3GlobalConfig.nRefInitMutex==0 );
+    sqlite3_mutex_free(sqlite3GlobalConfig.pInitMutex);
+    sqlite3GlobalConfig.pInitMutex = 0;
+  }
+  sqlite3_mutex_leave(pMaster);
+
+  /* The following is just a sanity check to make sure SQLite has
+  ** been compiled correctly.  It is important to run this code, but
+  ** we don't want to run it too often and soak up CPU cycles for no
+  ** reason.  So we run it once during initialization.
+  */
+#ifndef NDEBUG
+#ifndef SQLITE_OMIT_FLOATING_POINT
+  /* This section of code's only "output" is via assert() statements. */
+  if ( rc==SQLITE_OK ){
+    u64 x = (((u64)1)<<63)-1;
+    double y;
+    assert(sizeof(x)==8);
+    assert(sizeof(x)==sizeof(y));
+    memcpy(&y, &x, 8);
+    assert( sqlite3IsNaN(y) );
+  }
+#endif
+#endif
+
+  /* Do extra initialization steps requested by the SQLITE_EXTRA_INIT
+  ** compile-time option.
+  */
+#ifdef SQLITE_EXTRA_INIT
+  if( bRunExtraInit ){
+    int SQLITE_EXTRA_INIT(const char*);
+    rc = SQLITE_EXTRA_INIT(0);
+  }
+#endif
+
+  return rc;
+}
+
+/*
+** Undo the effects of sqlite3_initialize().  Must not be called while
+** there are outstanding database connections or memory allocations or
+** while any part of SQLite is otherwise in use in any thread.  This
+** routine is not threadsafe.  But it is safe to invoke this routine
+** on when SQLite is already shut down.  If SQLite is already shut down
+** when this routine is invoked, then this routine is a harmless no-op.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_shutdown(void){
+#ifdef SQLITE_OMIT_WSD
+  int rc = sqlite3_wsd_init(4096, 24);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+#endif
+
+  if( sqlite3GlobalConfig.isInit ){
+#ifdef SQLITE_EXTRA_SHUTDOWN
+    void SQLITE_EXTRA_SHUTDOWN(void);
+    SQLITE_EXTRA_SHUTDOWN();
+#endif
+    sqlite3_os_end();
+    sqlite3_reset_auto_extension();
+    sqlite3GlobalConfig.isInit = 0;
+  }
+  if( sqlite3GlobalConfig.isPCacheInit ){
+    sqlite3PcacheShutdown();
+    sqlite3GlobalConfig.isPCacheInit = 0;
+  }
+  if( sqlite3GlobalConfig.isMallocInit ){
+    sqlite3MallocEnd();
+    sqlite3GlobalConfig.isMallocInit = 0;
+
+#ifndef SQLITE_OMIT_SHUTDOWN_DIRECTORIES
+    /* The heap subsystem has now been shutdown and these values are supposed
+    ** to be NULL or point to memory that was obtained from sqlite3_malloc(),
+    ** which would rely on that heap subsystem; therefore, make sure these
+    ** values cannot refer to heap memory that was just invalidated when the
+    ** heap subsystem was shutdown.  This is only done if the current call to
+    ** this function resulted in the heap subsystem actually being shutdown.
+    */
+    sqlite3_data_directory = 0;
+    sqlite3_temp_directory = 0;
+#endif
+  }
+  if( sqlite3GlobalConfig.isMutexInit ){
+    sqlite3MutexEnd();
+    sqlite3GlobalConfig.isMutexInit = 0;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** This API allows applications to modify the global configuration of
+** the SQLite library at run-time.
+**
+** This routine should only be called when there are no outstanding
+** database connections or memory allocations.  This routine is not
+** threadsafe.  Failure to heed these warnings can lead to unpredictable
+** behavior.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_config(int op, ...){
+  va_list ap;
+  int rc = SQLITE_OK;
+
+  /* sqlite3_config() shall return SQLITE_MISUSE if it is invoked while
+  ** the SQLite library is in use. */
+  if( sqlite3GlobalConfig.isInit ) return SQLITE_MISUSE_BKPT;
+
+  va_start(ap, op);
+  switch( op ){
+
+    /* Mutex configuration options are only available in a threadsafe
+    ** compile.
+    */
+#if defined(SQLITE_THREADSAFE) && SQLITE_THREADSAFE>0  /* IMP: R-54466-46756 */
+    case SQLITE_CONFIG_SINGLETHREAD: {
+      /* EVIDENCE-OF: R-02748-19096 This option sets the threading mode to
+      ** Single-thread. */
+      sqlite3GlobalConfig.bCoreMutex = 0;  /* Disable mutex on core */
+      sqlite3GlobalConfig.bFullMutex = 0;  /* Disable mutex on connections */
+      break;
+    }
+#endif
+#if defined(SQLITE_THREADSAFE) && SQLITE_THREADSAFE>0 /* IMP: R-20520-54086 */
+    case SQLITE_CONFIG_MULTITHREAD: {
+      /* EVIDENCE-OF: R-14374-42468 This option sets the threading mode to
+      ** Multi-thread. */
+      sqlite3GlobalConfig.bCoreMutex = 1;  /* Enable mutex on core */
+      sqlite3GlobalConfig.bFullMutex = 0;  /* Disable mutex on connections */
+      break;
+    }
+#endif
+#if defined(SQLITE_THREADSAFE) && SQLITE_THREADSAFE>0 /* IMP: R-59593-21810 */
+    case SQLITE_CONFIG_SERIALIZED: {
+      /* EVIDENCE-OF: R-41220-51800 This option sets the threading mode to
+      ** Serialized. */
+      sqlite3GlobalConfig.bCoreMutex = 1;  /* Enable mutex on core */
+      sqlite3GlobalConfig.bFullMutex = 1;  /* Enable mutex on connections */
+      break;
+    }
+#endif
+#if defined(SQLITE_THREADSAFE) && SQLITE_THREADSAFE>0 /* IMP: R-63666-48755 */
+    case SQLITE_CONFIG_MUTEX: {
+      /* Specify an alternative mutex implementation */
+      sqlite3GlobalConfig.mutex = *va_arg(ap, sqlite3_mutex_methods*);
+      break;
+    }
+#endif
+#if defined(SQLITE_THREADSAFE) && SQLITE_THREADSAFE>0 /* IMP: R-14450-37597 */
+    case SQLITE_CONFIG_GETMUTEX: {
+      /* Retrieve the current mutex implementation */
+      *va_arg(ap, sqlite3_mutex_methods*) = sqlite3GlobalConfig.mutex;
+      break;
+    }
+#endif
+
+    case SQLITE_CONFIG_MALLOC: {
+      /* EVIDENCE-OF: R-55594-21030 The SQLITE_CONFIG_MALLOC option takes a
+      ** single argument which is a pointer to an instance of the
+      ** sqlite3_mem_methods structure. The argument specifies alternative
+      ** low-level memory allocation routines to be used in place of the memory
+      ** allocation routines built into SQLite. */
+      sqlite3GlobalConfig.m = *va_arg(ap, sqlite3_mem_methods*);
+      break;
+    }
+    case SQLITE_CONFIG_GETMALLOC: {
+      /* EVIDENCE-OF: R-51213-46414 The SQLITE_CONFIG_GETMALLOC option takes a
+      ** single argument which is a pointer to an instance of the
+      ** sqlite3_mem_methods structure. The sqlite3_mem_methods structure is
+      ** filled with the currently defined memory allocation routines. */
+      if( sqlite3GlobalConfig.m.xMalloc==0 ) sqlite3MemSetDefault();
+      *va_arg(ap, sqlite3_mem_methods*) = sqlite3GlobalConfig.m;
+      break;
+    }
+    case SQLITE_CONFIG_MEMSTATUS: {
+      /* EVIDENCE-OF: R-61275-35157 The SQLITE_CONFIG_MEMSTATUS option takes
+      ** single argument of type int, interpreted as a boolean, which enables
+      ** or disables the collection of memory allocation statistics. */
+      sqlite3GlobalConfig.bMemstat = va_arg(ap, int);
+      break;
+    }
+    case SQLITE_CONFIG_SCRATCH: {
+      /* EVIDENCE-OF: R-08404-60887 There are three arguments to
+      ** SQLITE_CONFIG_SCRATCH: A pointer an 8-byte aligned memory buffer from
+      ** which the scratch allocations will be drawn, the size of each scratch
+      ** allocation (sz), and the maximum number of scratch allocations (N). */
+      sqlite3GlobalConfig.pScratch = va_arg(ap, void*);
+      sqlite3GlobalConfig.szScratch = va_arg(ap, int);
+      sqlite3GlobalConfig.nScratch = va_arg(ap, int);
+      break;
+    }
+    case SQLITE_CONFIG_PAGECACHE: {
+      /* EVIDENCE-OF: R-18761-36601 There are three arguments to
+      ** SQLITE_CONFIG_PAGECACHE: A pointer to 8-byte aligned memory (pMem),
+      ** the size of each page cache line (sz), and the number of cache lines
+      ** (N). */
+      sqlite3GlobalConfig.pPage = va_arg(ap, void*);
+      sqlite3GlobalConfig.szPage = va_arg(ap, int);
+      sqlite3GlobalConfig.nPage = va_arg(ap, int);
+      break;
+    }
+    case SQLITE_CONFIG_PCACHE_HDRSZ: {
+      /* EVIDENCE-OF: R-39100-27317 The SQLITE_CONFIG_PCACHE_HDRSZ option takes
+      ** a single parameter which is a pointer to an integer and writes into
+      ** that integer the number of extra bytes per page required for each page
+      ** in SQLITE_CONFIG_PAGECACHE. */
+      *va_arg(ap, int*) = 
+          sqlite3HeaderSizeBtree() +
+          sqlite3HeaderSizePcache() +
+          sqlite3HeaderSizePcache1();
+      break;
+    }
+
+    case SQLITE_CONFIG_PCACHE: {
+      /* no-op */
+      break;
+    }
+    case SQLITE_CONFIG_GETPCACHE: {
+      /* now an error */
+      rc = SQLITE_ERROR;
+      break;
+    }
+
+    case SQLITE_CONFIG_PCACHE2: {
+      /* EVIDENCE-OF: R-63325-48378 The SQLITE_CONFIG_PCACHE2 option takes a
+      ** single argument which is a pointer to an sqlite3_pcache_methods2
+      ** object. This object specifies the interface to a custom page cache
+      ** implementation. */
+      sqlite3GlobalConfig.pcache2 = *va_arg(ap, sqlite3_pcache_methods2*);
+      break;
+    }
+    case SQLITE_CONFIG_GETPCACHE2: {
+      /* EVIDENCE-OF: R-22035-46182 The SQLITE_CONFIG_GETPCACHE2 option takes a
+      ** single argument which is a pointer to an sqlite3_pcache_methods2
+      ** object. SQLite copies of the current page cache implementation into
+      ** that object. */
+      if( sqlite3GlobalConfig.pcache2.xInit==0 ){
+        sqlite3PCacheSetDefault();
+      }
+      *va_arg(ap, sqlite3_pcache_methods2*) = sqlite3GlobalConfig.pcache2;
+      break;
+    }
+
+/* EVIDENCE-OF: R-06626-12911 The SQLITE_CONFIG_HEAP option is only
+** available if SQLite is compiled with either SQLITE_ENABLE_MEMSYS3 or
+** SQLITE_ENABLE_MEMSYS5 and returns SQLITE_ERROR if invoked otherwise. */
+#if defined(SQLITE_ENABLE_MEMSYS3) || defined(SQLITE_ENABLE_MEMSYS5)
+    case SQLITE_CONFIG_HEAP: {
+      /* EVIDENCE-OF: R-19854-42126 There are three arguments to
+      ** SQLITE_CONFIG_HEAP: An 8-byte aligned pointer to the memory, the
+      ** number of bytes in the memory buffer, and the minimum allocation size.
+      */
+      sqlite3GlobalConfig.pHeap = va_arg(ap, void*);
+      sqlite3GlobalConfig.nHeap = va_arg(ap, int);
+      sqlite3GlobalConfig.mnReq = va_arg(ap, int);
+
+      if( sqlite3GlobalConfig.mnReq<1 ){
+        sqlite3GlobalConfig.mnReq = 1;
+      }else if( sqlite3GlobalConfig.mnReq>(1<<12) ){
+        /* cap min request size at 2^12 */
+        sqlite3GlobalConfig.mnReq = (1<<12);
+      }
+
+      if( sqlite3GlobalConfig.pHeap==0 ){
+        /* EVIDENCE-OF: R-49920-60189 If the first pointer (the memory pointer)
+        ** is NULL, then SQLite reverts to using its default memory allocator
+        ** (the system malloc() implementation), undoing any prior invocation of
+        ** SQLITE_CONFIG_MALLOC.
+        **
+        ** Setting sqlite3GlobalConfig.m to all zeros will cause malloc to
+        ** revert to its default implementation when sqlite3_initialize() is run
+        */
+        memset(&sqlite3GlobalConfig.m, 0, sizeof(sqlite3GlobalConfig.m));
+      }else{
+        /* EVIDENCE-OF: R-61006-08918 If the memory pointer is not NULL then the
+        ** alternative memory allocator is engaged to handle all of SQLites
+        ** memory allocation needs. */
+#ifdef SQLITE_ENABLE_MEMSYS3
+        sqlite3GlobalConfig.m = *sqlite3MemGetMemsys3();
+#endif
+#ifdef SQLITE_ENABLE_MEMSYS5
+        sqlite3GlobalConfig.m = *sqlite3MemGetMemsys5();
+#endif
+      }
+      break;
+    }
+#endif
+
+    case SQLITE_CONFIG_LOOKASIDE: {
+      sqlite3GlobalConfig.szLookaside = va_arg(ap, int);
+      sqlite3GlobalConfig.nLookaside = va_arg(ap, int);
+      break;
+    }
+    
+    /* Record a pointer to the logger function and its first argument.
+    ** The default is NULL.  Logging is disabled if the function pointer is
+    ** NULL.
+    */
+    case SQLITE_CONFIG_LOG: {
+      /* MSVC is picky about pulling func ptrs from va lists.
+      ** http://support.microsoft.com/kb/47961
+      ** sqlite3GlobalConfig.xLog = va_arg(ap, void(*)(void*,int,const char*));
+      */
+      typedef void(*LOGFUNC_t)(void*,int,const char*);
+      sqlite3GlobalConfig.xLog = va_arg(ap, LOGFUNC_t);
+      sqlite3GlobalConfig.pLogArg = va_arg(ap, void*);
+      break;
+    }
+
+    /* EVIDENCE-OF: R-55548-33817 The compile-time setting for URI filenames
+    ** can be changed at start-time using the
+    ** sqlite3_config(SQLITE_CONFIG_URI,1) or
+    ** sqlite3_config(SQLITE_CONFIG_URI,0) configuration calls.
+    */
+    case SQLITE_CONFIG_URI: {
+      /* EVIDENCE-OF: R-25451-61125 The SQLITE_CONFIG_URI option takes a single
+      ** argument of type int. If non-zero, then URI handling is globally
+      ** enabled. If the parameter is zero, then URI handling is globally
+      ** disabled. */
+      sqlite3GlobalConfig.bOpenUri = va_arg(ap, int);
+      break;
+    }
+
+    case SQLITE_CONFIG_COVERING_INDEX_SCAN: {
+      /* EVIDENCE-OF: R-36592-02772 The SQLITE_CONFIG_COVERING_INDEX_SCAN
+      ** option takes a single integer argument which is interpreted as a
+      ** boolean in order to enable or disable the use of covering indices for
+      ** full table scans in the query optimizer. */
+      sqlite3GlobalConfig.bUseCis = va_arg(ap, int);
+      break;
+    }
+
+#ifdef SQLITE_ENABLE_SQLLOG
+    case SQLITE_CONFIG_SQLLOG: {
+      typedef void(*SQLLOGFUNC_t)(void*, sqlite3*, const char*, int);
+      sqlite3GlobalConfig.xSqllog = va_arg(ap, SQLLOGFUNC_t);
+      sqlite3GlobalConfig.pSqllogArg = va_arg(ap, void *);
+      break;
+    }
+#endif
+
+    case SQLITE_CONFIG_MMAP_SIZE: {
+      /* EVIDENCE-OF: R-58063-38258 SQLITE_CONFIG_MMAP_SIZE takes two 64-bit
+      ** integer (sqlite3_int64) values that are the default mmap size limit
+      ** (the default setting for PRAGMA mmap_size) and the maximum allowed
+      ** mmap size limit. */
+      sqlite3_int64 szMmap = va_arg(ap, sqlite3_int64);
+      sqlite3_int64 mxMmap = va_arg(ap, sqlite3_int64);
+      /* EVIDENCE-OF: R-53367-43190 If either argument to this option is
+      ** negative, then that argument is changed to its compile-time default.
+      **
+      ** EVIDENCE-OF: R-34993-45031 The maximum allowed mmap size will be
+      ** silently truncated if necessary so that it does not exceed the
+      ** compile-time maximum mmap size set by the SQLITE_MAX_MMAP_SIZE
+      ** compile-time option.
+      */
+      if( mxMmap<0 || mxMmap>SQLITE_MAX_MMAP_SIZE ){
+        mxMmap = SQLITE_MAX_MMAP_SIZE;
+      }
+      if( szMmap<0 ) szMmap = SQLITE_DEFAULT_MMAP_SIZE;
+      if( szMmap>mxMmap) szMmap = mxMmap;
+      sqlite3GlobalConfig.mxMmap = mxMmap;
+      sqlite3GlobalConfig.szMmap = szMmap;
+      break;
+    }
+
+#if SQLITE_OS_WIN && defined(SQLITE_WIN32_MALLOC) /* IMP: R-04780-55815 */
+    case SQLITE_CONFIG_WIN32_HEAPSIZE: {
+      /* EVIDENCE-OF: R-34926-03360 SQLITE_CONFIG_WIN32_HEAPSIZE takes a 32-bit
+      ** unsigned integer value that specifies the maximum size of the created
+      ** heap. */
+      sqlite3GlobalConfig.nHeap = va_arg(ap, int);
+      break;
+    }
+#endif
+
+    case SQLITE_CONFIG_PMASZ: {
+      sqlite3GlobalConfig.szPma = va_arg(ap, unsigned int);
+      break;
+    }
+
+    default: {
+      rc = SQLITE_ERROR;
+      break;
+    }
+  }
+  va_end(ap);
+  return rc;
+}
+
+/*
+** Set up the lookaside buffers for a database connection.
+** Return SQLITE_OK on success.  
+** If lookaside is already active, return SQLITE_BUSY.
+**
+** The sz parameter is the number of bytes in each lookaside slot.
+** The cnt parameter is the number of slots.  If pStart is NULL the
+** space for the lookaside memory is obtained from sqlite3_malloc().
+** If pStart is not NULL then it is sz*cnt bytes of memory to use for
+** the lookaside memory.
+*/
+static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
+#ifndef SQLITE_OMIT_LOOKASIDE
+  void *pStart;
+  if( db->lookaside.nOut ){
+    return SQLITE_BUSY;
+  }
+  /* Free any existing lookaside buffer for this handle before
+  ** allocating a new one so we don't have to have space for 
+  ** both at the same time.
+  */
+  if( db->lookaside.bMalloced ){
+    sqlite3_free(db->lookaside.pStart);
+  }
+  /* The size of a lookaside slot after ROUNDDOWN8 needs to be larger
+  ** than a pointer to be useful.
+  */
+  sz = ROUNDDOWN8(sz);  /* IMP: R-33038-09382 */
+  if( sz<=(int)sizeof(LookasideSlot*) ) sz = 0;
+  if( cnt<0 ) cnt = 0;
+  if( sz==0 || cnt==0 ){
+    sz = 0;
+    pStart = 0;
+  }else if( pBuf==0 ){
+    sqlite3BeginBenignMalloc();
+    pStart = sqlite3Malloc( sz*cnt );  /* IMP: R-61949-35727 */
+    sqlite3EndBenignMalloc();
+    if( pStart ) cnt = sqlite3MallocSize(pStart)/sz;
+  }else{
+    pStart = pBuf;
+  }
+  db->lookaside.pStart = pStart;
+  db->lookaside.pFree = 0;
+  db->lookaside.sz = (u16)sz;
+  if( pStart ){
+    int i;
+    LookasideSlot *p;
+    assert( sz > (int)sizeof(LookasideSlot*) );
+    p = (LookasideSlot*)pStart;
+    for(i=cnt-1; i>=0; i--){
+      p->pNext = db->lookaside.pFree;
+      db->lookaside.pFree = p;
+      p = (LookasideSlot*)&((u8*)p)[sz];
+    }
+    db->lookaside.pEnd = p;
+    db->lookaside.bEnabled = 1;
+    db->lookaside.bMalloced = pBuf==0 ?1:0;
+  }else{
+    db->lookaside.pStart = db;
+    db->lookaside.pEnd = db;
+    db->lookaside.bEnabled = 0;
+    db->lookaside.bMalloced = 0;
+  }
+#endif /* SQLITE_OMIT_LOOKASIDE */
+  return SQLITE_OK;
+}
+
+/*
+** Return the mutex associated with a database connection.
+*/
+SQLITE_API sqlite3_mutex *SQLITE_STDCALL sqlite3_db_mutex(sqlite3 *db){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  return db->mutex;
+}
+
+/*
+** Free up as much memory as we can from the given database
+** connection.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_release_memory(sqlite3 *db){
+  int i;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  sqlite3BtreeEnterAll(db);
+  for(i=0; i<db->nDb; i++){
+    Btree *pBt = db->aDb[i].pBt;
+    if( pBt ){
+      Pager *pPager = sqlite3BtreePager(pBt);
+      sqlite3PagerShrink(pPager);
+    }
+  }
+  sqlite3BtreeLeaveAll(db);
+  sqlite3_mutex_leave(db->mutex);
+  return SQLITE_OK;
+}
+
+/*
+** Flush any dirty pages in the pager-cache for any attached database
+** to disk.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_cacheflush(sqlite3 *db){
+  int i;
+  int rc = SQLITE_OK;
+  int bSeenBusy = 0;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  sqlite3BtreeEnterAll(db);
+  for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
+    Btree *pBt = db->aDb[i].pBt;
+    if( pBt && sqlite3BtreeIsInTrans(pBt) ){
+      Pager *pPager = sqlite3BtreePager(pBt);
+      rc = sqlite3PagerFlush(pPager);
+      if( rc==SQLITE_BUSY ){
+        bSeenBusy = 1;
+        rc = SQLITE_OK;
+      }
+    }
+  }
+  sqlite3BtreeLeaveAll(db);
+  sqlite3_mutex_leave(db->mutex);
+  return ((rc==SQLITE_OK && bSeenBusy) ? SQLITE_BUSY : rc);
+}
+
+/*
+** Configuration settings for an individual database connection
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_db_config(sqlite3 *db, int op, ...){
+  va_list ap;
+  int rc;
+  va_start(ap, op);
+  switch( op ){
+    case SQLITE_DBCONFIG_LOOKASIDE: {
+      void *pBuf = va_arg(ap, void*); /* IMP: R-26835-10964 */
+      int sz = va_arg(ap, int);       /* IMP: R-47871-25994 */
+      int cnt = va_arg(ap, int);      /* IMP: R-04460-53386 */
+      rc = setupLookaside(db, pBuf, sz, cnt);
+      break;
+    }
+    default: {
+      static const struct {
+        int op;      /* The opcode */
+        u32 mask;    /* Mask of the bit in sqlite3.flags to set/clear */
+      } aFlagOp[] = {
+        { SQLITE_DBCONFIG_ENABLE_FKEY,    SQLITE_ForeignKeys    },
+        { SQLITE_DBCONFIG_ENABLE_TRIGGER, SQLITE_EnableTrigger  },
+      };
+      unsigned int i;
+      rc = SQLITE_ERROR; /* IMP: R-42790-23372 */
+      for(i=0; i<ArraySize(aFlagOp); i++){
+        if( aFlagOp[i].op==op ){
+          int onoff = va_arg(ap, int);
+          int *pRes = va_arg(ap, int*);
+          int oldFlags = db->flags;
+          if( onoff>0 ){
+            db->flags |= aFlagOp[i].mask;
+          }else if( onoff==0 ){
+            db->flags &= ~aFlagOp[i].mask;
+          }
+          if( oldFlags!=db->flags ){
+            sqlite3ExpirePreparedStatements(db);
+          }
+          if( pRes ){
+            *pRes = (db->flags & aFlagOp[i].mask)!=0;
+          }
+          rc = SQLITE_OK;
+          break;
+        }
+      }
+      break;
+    }
+  }
+  va_end(ap);
+  return rc;
+}
+
+
+/*
+** Return true if the buffer z[0..n-1] contains all spaces.
+*/
+static int allSpaces(const char *z, int n){
+  while( n>0 && z[n-1]==' ' ){ n--; }
+  return n==0;
+}
+
+/*
+** This is the default collating function named "BINARY" which is always
+** available.
+**
+** If the padFlag argument is not NULL then space padding at the end
+** of strings is ignored.  This implements the RTRIM collation.
+*/
+static int binCollFunc(
+  void *padFlag,
+  int nKey1, const void *pKey1,
+  int nKey2, const void *pKey2
+){
+  int rc, n;
+  n = nKey1<nKey2 ? nKey1 : nKey2;
+  /* EVIDENCE-OF: R-65033-28449 The built-in BINARY collation compares
+  ** strings byte by byte using the memcmp() function from the standard C
+  ** library. */
+  rc = memcmp(pKey1, pKey2, n);
+  if( rc==0 ){
+    if( padFlag
+     && allSpaces(((char*)pKey1)+n, nKey1-n)
+     && allSpaces(((char*)pKey2)+n, nKey2-n)
+    ){
+      /* EVIDENCE-OF: R-31624-24737 RTRIM is like BINARY except that extra
+      ** spaces at the end of either string do not change the result. In other
+      ** words, strings will compare equal to one another as long as they
+      ** differ only in the number of spaces at the end.
+      */
+    }else{
+      rc = nKey1 - nKey2;
+    }
+  }
+  return rc;
+}
+
+/*
+** Another built-in collating sequence: NOCASE. 
+**
+** This collating sequence is intended to be used for "case independent
+** comparison". SQLite's knowledge of upper and lower case equivalents
+** extends only to the 26 characters used in the English language.
+**
+** At the moment there is only a UTF-8 implementation.
+*/
+static int nocaseCollatingFunc(
+  void *NotUsed,
+  int nKey1, const void *pKey1,
+  int nKey2, const void *pKey2
+){
+  int r = sqlite3StrNICmp(
+      (const char *)pKey1, (const char *)pKey2, (nKey1<nKey2)?nKey1:nKey2);
+  UNUSED_PARAMETER(NotUsed);
+  if( 0==r ){
+    r = nKey1-nKey2;
+  }
+  return r;
+}
+
+/*
+** Return the ROWID of the most recent insert
+*/
+SQLITE_API sqlite_int64 SQLITE_STDCALL sqlite3_last_insert_rowid(sqlite3 *db){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  return db->lastRowid;
+}
+
+/*
+** Return the number of changes in the most recent call to sqlite3_exec().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_changes(sqlite3 *db){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  return db->nChange;
+}
+
+/*
+** Return the number of changes since the database handle was opened.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_total_changes(sqlite3 *db){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  return db->nTotalChange;
+}
+
+/*
+** Close all open savepoints. This function only manipulates fields of the
+** database handle object, it does not close any savepoints that may be open
+** at the b-tree/pager level.
+*/
+SQLITE_PRIVATE void sqlite3CloseSavepoints(sqlite3 *db){
+  while( db->pSavepoint ){
+    Savepoint *pTmp = db->pSavepoint;
+    db->pSavepoint = pTmp->pNext;
+    sqlite3DbFree(db, pTmp);
+  }
+  db->nSavepoint = 0;
+  db->nStatement = 0;
+  db->isTransactionSavepoint = 0;
+}
+
+/*
+** Invoke the destructor function associated with FuncDef p, if any. Except,
+** if this is not the last copy of the function, do not invoke it. Multiple
+** copies of a single function are created when create_function() is called
+** with SQLITE_ANY as the encoding.
+*/
+static void functionDestroy(sqlite3 *db, FuncDef *p){
+  FuncDestructor *pDestructor = p->pDestructor;
+  if( pDestructor ){
+    pDestructor->nRef--;
+    if( pDestructor->nRef==0 ){
+      pDestructor->xDestroy(pDestructor->pUserData);
+      sqlite3DbFree(db, pDestructor);
+    }
+  }
+}
+
+/*
+** Disconnect all sqlite3_vtab objects that belong to database connection
+** db. This is called when db is being closed.
+*/
+static void disconnectAllVtab(sqlite3 *db){
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  int i;
+  HashElem *p;
+  sqlite3BtreeEnterAll(db);
+  for(i=0; i<db->nDb; i++){
+    Schema *pSchema = db->aDb[i].pSchema;
+    if( db->aDb[i].pSchema ){
+      for(p=sqliteHashFirst(&pSchema->tblHash); p; p=sqliteHashNext(p)){
+        Table *pTab = (Table *)sqliteHashData(p);
+        if( IsVirtual(pTab) ) sqlite3VtabDisconnect(db, pTab);
+      }
+    }
+  }
+  for(p=sqliteHashFirst(&db->aModule); p; p=sqliteHashNext(p)){
+    Module *pMod = (Module *)sqliteHashData(p);
+    if( pMod->pEpoTab ){
+      sqlite3VtabDisconnect(db, pMod->pEpoTab);
+    }
+  }
+  sqlite3VtabUnlockList(db);
+  sqlite3BtreeLeaveAll(db);
+#else
+  UNUSED_PARAMETER(db);
+#endif
+}
+
+/*
+** Return TRUE if database connection db has unfinalized prepared
+** statements or unfinished sqlite3_backup objects.  
+*/
+static int connectionIsBusy(sqlite3 *db){
+  int j;
+  assert( sqlite3_mutex_held(db->mutex) );
+  if( db->pVdbe ) return 1;
+  for(j=0; j<db->nDb; j++){
+    Btree *pBt = db->aDb[j].pBt;
+    if( pBt && sqlite3BtreeIsInBackup(pBt) ) return 1;
+  }
+  return 0;
+}
+
+/*
+** Close an existing SQLite database
+*/
+static int sqlite3Close(sqlite3 *db, int forceZombie){
+  if( !db ){
+    /* EVIDENCE-OF: R-63257-11740 Calling sqlite3_close() or
+    ** sqlite3_close_v2() with a NULL pointer argument is a harmless no-op. */
+    return SQLITE_OK;
+  }
+  if( !sqlite3SafetyCheckSickOrOk(db) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+  sqlite3_mutex_enter(db->mutex);
+
+  /* Force xDisconnect calls on all virtual tables */
+  disconnectAllVtab(db);
+
+  /* If a transaction is open, the disconnectAllVtab() call above
+  ** will not have called the xDisconnect() method on any virtual
+  ** tables in the db->aVTrans[] array. The following sqlite3VtabRollback()
+  ** call will do so. We need to do this before the check for active
+  ** SQL statements below, as the v-table implementation may be storing
+  ** some prepared statements internally.
+  */
+  sqlite3VtabRollback(db);
+
+  /* Legacy behavior (sqlite3_close() behavior) is to return
+  ** SQLITE_BUSY if the connection can not be closed immediately.
+  */
+  if( !forceZombie && connectionIsBusy(db) ){
+    sqlite3ErrorWithMsg(db, SQLITE_BUSY, "unable to close due to unfinalized "
+       "statements or unfinished backups");
+    sqlite3_mutex_leave(db->mutex);
+    return SQLITE_BUSY;
+  }
+
+#ifdef SQLITE_ENABLE_SQLLOG
+  if( sqlite3GlobalConfig.xSqllog ){
+    /* Closing the handle. Fourth parameter is passed the value 2. */
+    sqlite3GlobalConfig.xSqllog(sqlite3GlobalConfig.pSqllogArg, db, 0, 2);
+  }
+#endif
+
+  /* Convert the connection into a zombie and then close it.
+  */
+  db->magic = SQLITE_MAGIC_ZOMBIE;
+  sqlite3LeaveMutexAndCloseZombie(db);
+  return SQLITE_OK;
+}
+
+/*
+** Two variations on the public interface for closing a database
+** connection. The sqlite3_close() version returns SQLITE_BUSY and
+** leaves the connection option if there are unfinalized prepared
+** statements or unfinished sqlite3_backups.  The sqlite3_close_v2()
+** version forces the connection to become a zombie if there are
+** unclosed resources, and arranges for deallocation when the last
+** prepare statement or sqlite3_backup closes.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_close(sqlite3 *db){ return sqlite3Close(db,0); }
+SQLITE_API int SQLITE_STDCALL sqlite3_close_v2(sqlite3 *db){ return sqlite3Close(db,1); }
+
+
+/*
+** Close the mutex on database connection db.
+**
+** Furthermore, if database connection db is a zombie (meaning that there
+** has been a prior call to sqlite3_close(db) or sqlite3_close_v2(db)) and
+** every sqlite3_stmt has now been finalized and every sqlite3_backup has
+** finished, then free all resources.
+*/
+SQLITE_PRIVATE void sqlite3LeaveMutexAndCloseZombie(sqlite3 *db){
+  HashElem *i;                    /* Hash table iterator */
+  int j;
+
+  /* If there are outstanding sqlite3_stmt or sqlite3_backup objects
+  ** or if the connection has not yet been closed by sqlite3_close_v2(),
+  ** then just leave the mutex and return.
+  */
+  if( db->magic!=SQLITE_MAGIC_ZOMBIE || connectionIsBusy(db) ){
+    sqlite3_mutex_leave(db->mutex);
+    return;
+  }
+
+  /* If we reach this point, it means that the database connection has
+  ** closed all sqlite3_stmt and sqlite3_backup objects and has been
+  ** passed to sqlite3_close (meaning that it is a zombie).  Therefore,
+  ** go ahead and free all resources.
+  */
+
+  /* If a transaction is open, roll it back. This also ensures that if
+  ** any database schemas have been modified by an uncommitted transaction
+  ** they are reset. And that the required b-tree mutex is held to make
+  ** the pager rollback and schema reset an atomic operation. */
+  sqlite3RollbackAll(db, SQLITE_OK);
+
+  /* Free any outstanding Savepoint structures. */
+  sqlite3CloseSavepoints(db);
+
+  /* Close all database connections */
+  for(j=0; j<db->nDb; j++){
+    struct Db *pDb = &db->aDb[j];
+    if( pDb->pBt ){
+      sqlite3BtreeClose(pDb->pBt);
+      pDb->pBt = 0;
+      if( j!=1 ){
+        pDb->pSchema = 0;
+      }
+    }
+  }
+  /* Clear the TEMP schema separately and last */
+  if( db->aDb[1].pSchema ){
+    sqlite3SchemaClear(db->aDb[1].pSchema);
+  }
+  sqlite3VtabUnlockList(db);
+
+  /* Free up the array of auxiliary databases */
+  sqlite3CollapseDatabaseArray(db);
+  assert( db->nDb<=2 );
+  assert( db->aDb==db->aDbStatic );
+
+  /* Tell the code in notify.c that the connection no longer holds any
+  ** locks and does not require any further unlock-notify callbacks.
+  */
+  sqlite3ConnectionClosed(db);
+
+  for(j=0; j<ArraySize(db->aFunc.a); j++){
+    FuncDef *pNext, *pHash, *p;
+    for(p=db->aFunc.a[j]; p; p=pHash){
+      pHash = p->pHash;
+      while( p ){
+        functionDestroy(db, p);
+        pNext = p->pNext;
+        sqlite3DbFree(db, p);
+        p = pNext;
+      }
+    }
+  }
+  for(i=sqliteHashFirst(&db->aCollSeq); i; i=sqliteHashNext(i)){
+    CollSeq *pColl = (CollSeq *)sqliteHashData(i);
+    /* Invoke any destructors registered for collation sequence user data. */
+    for(j=0; j<3; j++){
+      if( pColl[j].xDel ){
+        pColl[j].xDel(pColl[j].pUser);
+      }
+    }
+    sqlite3DbFree(db, pColl);
+  }
+  sqlite3HashClear(&db->aCollSeq);
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  for(i=sqliteHashFirst(&db->aModule); i; i=sqliteHashNext(i)){
+    Module *pMod = (Module *)sqliteHashData(i);
+    if( pMod->xDestroy ){
+      pMod->xDestroy(pMod->pAux);
+    }
+    sqlite3VtabEponymousTableClear(db, pMod);
+    sqlite3DbFree(db, pMod);
+  }
+  sqlite3HashClear(&db->aModule);
+#endif
+
+  sqlite3Error(db, SQLITE_OK); /* Deallocates any cached error strings. */
+  sqlite3ValueFree(db->pErr);
+  sqlite3CloseExtensions(db);
+#if SQLITE_USER_AUTHENTICATION
+  sqlite3_free(db->auth.zAuthUser);
+  sqlite3_free(db->auth.zAuthPW);
+#endif
+
+  db->magic = SQLITE_MAGIC_ERROR;
+
+  /* The temp-database schema is allocated differently from the other schema
+  ** objects (using sqliteMalloc() directly, instead of sqlite3BtreeSchema()).
+  ** So it needs to be freed here. Todo: Why not roll the temp schema into
+  ** the same sqliteMalloc() as the one that allocates the database 
+  ** structure?
+  */
+  sqlite3DbFree(db, db->aDb[1].pSchema);
+  sqlite3_mutex_leave(db->mutex);
+  db->magic = SQLITE_MAGIC_CLOSED;
+  sqlite3_mutex_free(db->mutex);
+  assert( db->lookaside.nOut==0 );  /* Fails on a lookaside memory leak */
+  if( db->lookaside.bMalloced ){
+    sqlite3_free(db->lookaside.pStart);
+  }
+  sqlite3_free(db);
+}
+
+/*
+** Rollback all database files.  If tripCode is not SQLITE_OK, then
+** any write cursors are invalidated ("tripped" - as in "tripping a circuit
+** breaker") and made to return tripCode if there are any further
+** attempts to use that cursor.  Read cursors remain open and valid
+** but are "saved" in case the table pages are moved around.
+*/
+SQLITE_PRIVATE void sqlite3RollbackAll(sqlite3 *db, int tripCode){
+  int i;
+  int inTrans = 0;
+  int schemaChange;
+  assert( sqlite3_mutex_held(db->mutex) );
+  sqlite3BeginBenignMalloc();
+
+  /* Obtain all b-tree mutexes before making any calls to BtreeRollback(). 
+  ** This is important in case the transaction being rolled back has
+  ** modified the database schema. If the b-tree mutexes are not taken
+  ** here, then another shared-cache connection might sneak in between
+  ** the database rollback and schema reset, which can cause false
+  ** corruption reports in some cases.  */
+  sqlite3BtreeEnterAll(db);
+  schemaChange = (db->flags & SQLITE_InternChanges)!=0 && db->init.busy==0;
+
+  for(i=0; i<db->nDb; i++){
+    Btree *p = db->aDb[i].pBt;
+    if( p ){
+      if( sqlite3BtreeIsInTrans(p) ){
+        inTrans = 1;
+      }
+      sqlite3BtreeRollback(p, tripCode, !schemaChange);
+    }
+  }
+  sqlite3VtabRollback(db);
+  sqlite3EndBenignMalloc();
+
+  if( (db->flags&SQLITE_InternChanges)!=0 && db->init.busy==0 ){
+    sqlite3ExpirePreparedStatements(db);
+    sqlite3ResetAllSchemasOfConnection(db);
+  }
+  sqlite3BtreeLeaveAll(db);
+
+  /* Any deferred constraint violations have now been resolved. */
+  db->nDeferredCons = 0;
+  db->nDeferredImmCons = 0;
+  db->flags &= ~SQLITE_DeferFKs;
+
+  /* If one has been configured, invoke the rollback-hook callback */
+  if( db->xRollbackCallback && (inTrans || !db->autoCommit) ){
+    db->xRollbackCallback(db->pRollbackArg);
+  }
+}
+
+/*
+** Return a static string containing the name corresponding to the error code
+** specified in the argument.
+*/
+#if defined(SQLITE_NEED_ERR_NAME)
+SQLITE_PRIVATE const char *sqlite3ErrName(int rc){
+  const char *zName = 0;
+  int i, origRc = rc;
+  for(i=0; i<2 && zName==0; i++, rc &= 0xff){
+    switch( rc ){
+      case SQLITE_OK:                 zName = "SQLITE_OK";                break;
+      case SQLITE_ERROR:              zName = "SQLITE_ERROR";             break;
+      case SQLITE_INTERNAL:           zName = "SQLITE_INTERNAL";          break;
+      case SQLITE_PERM:               zName = "SQLITE_PERM";              break;
+      case SQLITE_ABORT:              zName = "SQLITE_ABORT";             break;
+      case SQLITE_ABORT_ROLLBACK:     zName = "SQLITE_ABORT_ROLLBACK";    break;
+      case SQLITE_BUSY:               zName = "SQLITE_BUSY";              break;
+      case SQLITE_BUSY_RECOVERY:      zName = "SQLITE_BUSY_RECOVERY";     break;
+      case SQLITE_BUSY_SNAPSHOT:      zName = "SQLITE_BUSY_SNAPSHOT";     break;
+      case SQLITE_LOCKED:             zName = "SQLITE_LOCKED";            break;
+      case SQLITE_LOCKED_SHAREDCACHE: zName = "SQLITE_LOCKED_SHAREDCACHE";break;
+      case SQLITE_NOMEM:              zName = "SQLITE_NOMEM";             break;
+      case SQLITE_READONLY:           zName = "SQLITE_READONLY";          break;
+      case SQLITE_READONLY_RECOVERY:  zName = "SQLITE_READONLY_RECOVERY"; break;
+      case SQLITE_READONLY_CANTLOCK:  zName = "SQLITE_READONLY_CANTLOCK"; break;
+      case SQLITE_READONLY_ROLLBACK:  zName = "SQLITE_READONLY_ROLLBACK"; break;
+      case SQLITE_READONLY_DBMOVED:   zName = "SQLITE_READONLY_DBMOVED";  break;
+      case SQLITE_INTERRUPT:          zName = "SQLITE_INTERRUPT";         break;
+      case SQLITE_IOERR:              zName = "SQLITE_IOERR";             break;
+      case SQLITE_IOERR_READ:         zName = "SQLITE_IOERR_READ";        break;
+      case SQLITE_IOERR_SHORT_READ:   zName = "SQLITE_IOERR_SHORT_READ";  break;
+      case SQLITE_IOERR_WRITE:        zName = "SQLITE_IOERR_WRITE";       break;
+      case SQLITE_IOERR_FSYNC:        zName = "SQLITE_IOERR_FSYNC";       break;
+      case SQLITE_IOERR_DIR_FSYNC:    zName = "SQLITE_IOERR_DIR_FSYNC";   break;
+      case SQLITE_IOERR_TRUNCATE:     zName = "SQLITE_IOERR_TRUNCATE";    break;
+      case SQLITE_IOERR_FSTAT:        zName = "SQLITE_IOERR_FSTAT";       break;
+      case SQLITE_IOERR_UNLOCK:       zName = "SQLITE_IOERR_UNLOCK";      break;
+      case SQLITE_IOERR_RDLOCK:       zName = "SQLITE_IOERR_RDLOCK";      break;
+      case SQLITE_IOERR_DELETE:       zName = "SQLITE_IOERR_DELETE";      break;
+      case SQLITE_IOERR_NOMEM:        zName = "SQLITE_IOERR_NOMEM";       break;
+      case SQLITE_IOERR_ACCESS:       zName = "SQLITE_IOERR_ACCESS";      break;
+      case SQLITE_IOERR_CHECKRESERVEDLOCK:
+                                zName = "SQLITE_IOERR_CHECKRESERVEDLOCK"; break;
+      case SQLITE_IOERR_LOCK:         zName = "SQLITE_IOERR_LOCK";        break;
+      case SQLITE_IOERR_CLOSE:        zName = "SQLITE_IOERR_CLOSE";       break;
+      case SQLITE_IOERR_DIR_CLOSE:    zName = "SQLITE_IOERR_DIR_CLOSE";   break;
+      case SQLITE_IOERR_SHMOPEN:      zName = "SQLITE_IOERR_SHMOPEN";     break;
+      case SQLITE_IOERR_SHMSIZE:      zName = "SQLITE_IOERR_SHMSIZE";     break;
+      case SQLITE_IOERR_SHMLOCK:      zName = "SQLITE_IOERR_SHMLOCK";     break;
+      case SQLITE_IOERR_SHMMAP:       zName = "SQLITE_IOERR_SHMMAP";      break;
+      case SQLITE_IOERR_SEEK:         zName = "SQLITE_IOERR_SEEK";        break;
+      case SQLITE_IOERR_DELETE_NOENT: zName = "SQLITE_IOERR_DELETE_NOENT";break;
+      case SQLITE_IOERR_MMAP:         zName = "SQLITE_IOERR_MMAP";        break;
+      case SQLITE_IOERR_GETTEMPPATH:  zName = "SQLITE_IOERR_GETTEMPPATH"; break;
+      case SQLITE_IOERR_CONVPATH:     zName = "SQLITE_IOERR_CONVPATH";    break;
+      case SQLITE_CORRUPT:            zName = "SQLITE_CORRUPT";           break;
+      case SQLITE_CORRUPT_VTAB:       zName = "SQLITE_CORRUPT_VTAB";      break;
+      case SQLITE_NOTFOUND:           zName = "SQLITE_NOTFOUND";          break;
+      case SQLITE_FULL:               zName = "SQLITE_FULL";              break;
+      case SQLITE_CANTOPEN:           zName = "SQLITE_CANTOPEN";          break;
+      case SQLITE_CANTOPEN_NOTEMPDIR: zName = "SQLITE_CANTOPEN_NOTEMPDIR";break;
+      case SQLITE_CANTOPEN_ISDIR:     zName = "SQLITE_CANTOPEN_ISDIR";    break;
+      case SQLITE_CANTOPEN_FULLPATH:  zName = "SQLITE_CANTOPEN_FULLPATH"; break;
+      case SQLITE_CANTOPEN_CONVPATH:  zName = "SQLITE_CANTOPEN_CONVPATH"; break;
+      case SQLITE_PROTOCOL:           zName = "SQLITE_PROTOCOL";          break;
+      case SQLITE_EMPTY:              zName = "SQLITE_EMPTY";             break;
+      case SQLITE_SCHEMA:             zName = "SQLITE_SCHEMA";            break;
+      case SQLITE_TOOBIG:             zName = "SQLITE_TOOBIG";            break;
+      case SQLITE_CONSTRAINT:         zName = "SQLITE_CONSTRAINT";        break;
+      case SQLITE_CONSTRAINT_UNIQUE:  zName = "SQLITE_CONSTRAINT_UNIQUE"; break;
+      case SQLITE_CONSTRAINT_TRIGGER: zName = "SQLITE_CONSTRAINT_TRIGGER";break;
+      case SQLITE_CONSTRAINT_FOREIGNKEY:
+                                zName = "SQLITE_CONSTRAINT_FOREIGNKEY";   break;
+      case SQLITE_CONSTRAINT_CHECK:   zName = "SQLITE_CONSTRAINT_CHECK";  break;
+      case SQLITE_CONSTRAINT_PRIMARYKEY:
+                                zName = "SQLITE_CONSTRAINT_PRIMARYKEY";   break;
+      case SQLITE_CONSTRAINT_NOTNULL: zName = "SQLITE_CONSTRAINT_NOTNULL";break;
+      case SQLITE_CONSTRAINT_COMMITHOOK:
+                                zName = "SQLITE_CONSTRAINT_COMMITHOOK";   break;
+      case SQLITE_CONSTRAINT_VTAB:    zName = "SQLITE_CONSTRAINT_VTAB";   break;
+      case SQLITE_CONSTRAINT_FUNCTION:
+                                zName = "SQLITE_CONSTRAINT_FUNCTION";     break;
+      case SQLITE_CONSTRAINT_ROWID:   zName = "SQLITE_CONSTRAINT_ROWID";  break;
+      case SQLITE_MISMATCH:           zName = "SQLITE_MISMATCH";          break;
+      case SQLITE_MISUSE:             zName = "SQLITE_MISUSE";            break;
+      case SQLITE_NOLFS:              zName = "SQLITE_NOLFS";             break;
+      case SQLITE_AUTH:               zName = "SQLITE_AUTH";              break;
+      case SQLITE_FORMAT:             zName = "SQLITE_FORMAT";            break;
+      case SQLITE_RANGE:              zName = "SQLITE_RANGE";             break;
+      case SQLITE_NOTADB:             zName = "SQLITE_NOTADB";            break;
+      case SQLITE_ROW:                zName = "SQLITE_ROW";               break;
+      case SQLITE_NOTICE:             zName = "SQLITE_NOTICE";            break;
+      case SQLITE_NOTICE_RECOVER_WAL: zName = "SQLITE_NOTICE_RECOVER_WAL";break;
+      case SQLITE_NOTICE_RECOVER_ROLLBACK:
+                                zName = "SQLITE_NOTICE_RECOVER_ROLLBACK"; break;
+      case SQLITE_WARNING:            zName = "SQLITE_WARNING";           break;
+      case SQLITE_WARNING_AUTOINDEX:  zName = "SQLITE_WARNING_AUTOINDEX"; break;
+      case SQLITE_DONE:               zName = "SQLITE_DONE";              break;
+    }
+  }
+  if( zName==0 ){
+    static char zBuf[50];
+    sqlite3_snprintf(sizeof(zBuf), zBuf, "SQLITE_UNKNOWN(%d)", origRc);
+    zName = zBuf;
+  }
+  return zName;
+}
+#endif
+
+/*
+** Return a static string that describes the kind of error specified in the
+** argument.
+*/
+SQLITE_PRIVATE const char *sqlite3ErrStr(int rc){
+  static const char* const aMsg[] = {
+    /* SQLITE_OK          */ "not an error",
+    /* SQLITE_ERROR       */ "SQL logic error or missing database",
+    /* SQLITE_INTERNAL    */ 0,
+    /* SQLITE_PERM        */ "access permission denied",
+    /* SQLITE_ABORT       */ "callback requested query abort",
+    /* SQLITE_BUSY        */ "database is locked",
+    /* SQLITE_LOCKED      */ "database table is locked",
+    /* SQLITE_NOMEM       */ "out of memory",
+    /* SQLITE_READONLY    */ "attempt to write a readonly database",
+    /* SQLITE_INTERRUPT   */ "interrupted",
+    /* SQLITE_IOERR       */ "disk I/O error",
+    /* SQLITE_CORRUPT     */ "database disk image is malformed",
+    /* SQLITE_NOTFOUND    */ "unknown operation",
+    /* SQLITE_FULL        */ "database or disk is full",
+    /* SQLITE_CANTOPEN    */ "unable to open database file",
+    /* SQLITE_PROTOCOL    */ "locking protocol",
+    /* SQLITE_EMPTY       */ "table contains no data",
+    /* SQLITE_SCHEMA      */ "database schema has changed",
+    /* SQLITE_TOOBIG      */ "string or blob too big",
+    /* SQLITE_CONSTRAINT  */ "constraint failed",
+    /* SQLITE_MISMATCH    */ "datatype mismatch",
+    /* SQLITE_MISUSE      */ "library routine called out of sequence",
+    /* SQLITE_NOLFS       */ "large file support is disabled",
+    /* SQLITE_AUTH        */ "authorization denied",
+    /* SQLITE_FORMAT      */ "auxiliary database format error",
+    /* SQLITE_RANGE       */ "bind or column index out of range",
+    /* SQLITE_NOTADB      */ "file is encrypted or is not a database",
+  };
+  const char *zErr = "unknown error";
+  switch( rc ){
+    case SQLITE_ABORT_ROLLBACK: {
+      zErr = "abort due to ROLLBACK";
+      break;
+    }
+    default: {
+      rc &= 0xff;
+      if( ALWAYS(rc>=0) && rc<ArraySize(aMsg) && aMsg[rc]!=0 ){
+        zErr = aMsg[rc];
+      }
+      break;
+    }
+  }
+  return zErr;
+}
+
+/*
+** This routine implements a busy callback that sleeps and tries
+** again until a timeout value is reached.  The timeout value is
+** an integer number of milliseconds passed in as the first
+** argument.
+*/
+static int sqliteDefaultBusyCallback(
+ void *ptr,               /* Database connection */
+ int count                /* Number of times table has been busy */
+){
+#if SQLITE_OS_WIN || HAVE_USLEEP
+  static const u8 delays[] =
+     { 1, 2, 5, 10, 15, 20, 25, 25,  25,  50,  50, 100 };
+  static const u8 totals[] =
+     { 0, 1, 3,  8, 18, 33, 53, 78, 103, 128, 178, 228 };
+# define NDELAY ArraySize(delays)
+  sqlite3 *db = (sqlite3 *)ptr;
+  int timeout = db->busyTimeout;
+  int delay, prior;
+
+  assert( count>=0 );
+  if( count < NDELAY ){
+    delay = delays[count];
+    prior = totals[count];
+  }else{
+    delay = delays[NDELAY-1];
+    prior = totals[NDELAY-1] + delay*(count-(NDELAY-1));
+  }
+  if( prior + delay > timeout ){
+    delay = timeout - prior;
+    if( delay<=0 ) return 0;
+  }
+  sqlite3OsSleep(db->pVfs, delay*1000);
+  return 1;
+#else
+  sqlite3 *db = (sqlite3 *)ptr;
+  int timeout = ((sqlite3 *)ptr)->busyTimeout;
+  if( (count+1)*1000 > timeout ){
+    return 0;
+  }
+  sqlite3OsSleep(db->pVfs, 1000000);
+  return 1;
+#endif
+}
+
+/*
+** Invoke the given busy handler.
+**
+** This routine is called when an operation failed with a lock.
+** If this routine returns non-zero, the lock is retried.  If it
+** returns 0, the operation aborts with an SQLITE_BUSY error.
+*/
+SQLITE_PRIVATE int sqlite3InvokeBusyHandler(BusyHandler *p){
+  int rc;
+  if( NEVER(p==0) || p->xFunc==0 || p->nBusy<0 ) return 0;
+  rc = p->xFunc(p->pArg, p->nBusy);
+  if( rc==0 ){
+    p->nBusy = -1;
+  }else{
+    p->nBusy++;
+  }
+  return rc; 
+}
+
+/*
+** This routine sets the busy callback for an Sqlite database to the
+** given callback function with the given argument.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_busy_handler(
+  sqlite3 *db,
+  int (*xBusy)(void*,int),
+  void *pArg
+){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  db->busyHandler.xFunc = xBusy;
+  db->busyHandler.pArg = pArg;
+  db->busyHandler.nBusy = 0;
+  db->busyTimeout = 0;
+  sqlite3_mutex_leave(db->mutex);
+  return SQLITE_OK;
+}
+
+#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
+/*
+** This routine sets the progress callback for an Sqlite database to the
+** given callback function with the given argument. The progress callback will
+** be invoked every nOps opcodes.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_progress_handler(
+  sqlite3 *db, 
+  int nOps,
+  int (*xProgress)(void*), 
+  void *pArg
+){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  if( nOps>0 ){
+    db->xProgress = xProgress;
+    db->nProgressOps = (unsigned)nOps;
+    db->pProgressArg = pArg;
+  }else{
+    db->xProgress = 0;
+    db->nProgressOps = 0;
+    db->pProgressArg = 0;
+  }
+  sqlite3_mutex_leave(db->mutex);
+}
+#endif
+
+
+/*
+** This routine installs a default busy handler that waits for the
+** specified number of milliseconds before returning 0.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_busy_timeout(sqlite3 *db, int ms){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  if( ms>0 ){
+    sqlite3_busy_handler(db, sqliteDefaultBusyCallback, (void*)db);
+    db->busyTimeout = ms;
+  }else{
+    sqlite3_busy_handler(db, 0, 0);
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Cause any pending operation to stop at its earliest opportunity.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_interrupt(sqlite3 *db){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return;
+  }
+#endif
+  db->u1.isInterrupted = 1;
+}
+
+
+/*
+** This function is exactly the same as sqlite3_create_function(), except
+** that it is designed to be called by internal code. The difference is
+** that if a malloc() fails in sqlite3_create_function(), an error code
+** is returned and the mallocFailed flag cleared. 
+*/
+SQLITE_PRIVATE int sqlite3CreateFunc(
+  sqlite3 *db,
+  const char *zFunctionName,
+  int nArg,
+  int enc,
+  void *pUserData,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value **),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value **),
+  void (*xFinal)(sqlite3_context*),
+  FuncDestructor *pDestructor
+){
+  FuncDef *p;
+  int nName;
+  int extraFlags;
+
+  assert( sqlite3_mutex_held(db->mutex) );
+  if( zFunctionName==0 ||
+      (xFunc && (xFinal || xStep)) || 
+      (!xFunc && (xFinal && !xStep)) ||
+      (!xFunc && (!xFinal && xStep)) ||
+      (nArg<-1 || nArg>SQLITE_MAX_FUNCTION_ARG) ||
+      (255<(nName = sqlite3Strlen30( zFunctionName))) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+
+  assert( SQLITE_FUNC_CONSTANT==SQLITE_DETERMINISTIC );
+  extraFlags = enc &  SQLITE_DETERMINISTIC;
+  enc &= (SQLITE_FUNC_ENCMASK|SQLITE_ANY);
+  
+#ifndef SQLITE_OMIT_UTF16
+  /* If SQLITE_UTF16 is specified as the encoding type, transform this
+  ** to one of SQLITE_UTF16LE or SQLITE_UTF16BE using the
+  ** SQLITE_UTF16NATIVE macro. SQLITE_UTF16 is not used internally.
+  **
+  ** If SQLITE_ANY is specified, add three versions of the function
+  ** to the hash table.
+  */
+  if( enc==SQLITE_UTF16 ){
+    enc = SQLITE_UTF16NATIVE;
+  }else if( enc==SQLITE_ANY ){
+    int rc;
+    rc = sqlite3CreateFunc(db, zFunctionName, nArg, SQLITE_UTF8|extraFlags,
+         pUserData, xFunc, xStep, xFinal, pDestructor);
+    if( rc==SQLITE_OK ){
+      rc = sqlite3CreateFunc(db, zFunctionName, nArg, SQLITE_UTF16LE|extraFlags,
+          pUserData, xFunc, xStep, xFinal, pDestructor);
+    }
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+    enc = SQLITE_UTF16BE;
+  }
+#else
+  enc = SQLITE_UTF8;
+#endif
+  
+  /* Check if an existing function is being overridden or deleted. If so,
+  ** and there are active VMs, then return SQLITE_BUSY. If a function
+  ** is being overridden/deleted but there are no active VMs, allow the
+  ** operation to continue but invalidate all precompiled statements.
+  */
+  p = sqlite3FindFunction(db, zFunctionName, nName, nArg, (u8)enc, 0);
+  if( p && (p->funcFlags & SQLITE_FUNC_ENCMASK)==enc && p->nArg==nArg ){
+    if( db->nVdbeActive ){
+      sqlite3ErrorWithMsg(db, SQLITE_BUSY, 
+        "unable to delete/modify user-function due to active statements");
+      assert( !db->mallocFailed );
+      return SQLITE_BUSY;
+    }else{
+      sqlite3ExpirePreparedStatements(db);
+    }
+  }
+
+  p = sqlite3FindFunction(db, zFunctionName, nName, nArg, (u8)enc, 1);
+  assert(p || db->mallocFailed);
+  if( !p ){
+    return SQLITE_NOMEM;
+  }
+
+  /* If an older version of the function with a configured destructor is
+  ** being replaced invoke the destructor function here. */
+  functionDestroy(db, p);
+
+  if( pDestructor ){
+    pDestructor->nRef++;
+  }
+  p->pDestructor = pDestructor;
+  p->funcFlags = (p->funcFlags & SQLITE_FUNC_ENCMASK) | extraFlags;
+  testcase( p->funcFlags & SQLITE_DETERMINISTIC );
+  p->xFunc = xFunc;
+  p->xStep = xStep;
+  p->xFinalize = xFinal;
+  p->pUserData = pUserData;
+  p->nArg = (u16)nArg;
+  return SQLITE_OK;
+}
+
+/*
+** Create new user functions.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function(
+  sqlite3 *db,
+  const char *zFunc,
+  int nArg,
+  int enc,
+  void *p,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value **),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value **),
+  void (*xFinal)(sqlite3_context*)
+){
+  return sqlite3_create_function_v2(db, zFunc, nArg, enc, p, xFunc, xStep,
+                                    xFinal, 0);
+}
+
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function_v2(
+  sqlite3 *db,
+  const char *zFunc,
+  int nArg,
+  int enc,
+  void *p,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value **),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value **),
+  void (*xFinal)(sqlite3_context*),
+  void (*xDestroy)(void *)
+){
+  int rc = SQLITE_ERROR;
+  FuncDestructor *pArg = 0;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  if( xDestroy ){
+    pArg = (FuncDestructor *)sqlite3DbMallocZero(db, sizeof(FuncDestructor));
+    if( !pArg ){
+      xDestroy(p);
+      goto out;
+    }
+    pArg->xDestroy = xDestroy;
+    pArg->pUserData = p;
+  }
+  rc = sqlite3CreateFunc(db, zFunc, nArg, enc, p, xFunc, xStep, xFinal, pArg);
+  if( pArg && pArg->nRef==0 ){
+    assert( rc!=SQLITE_OK );
+    xDestroy(p);
+    sqlite3DbFree(db, pArg);
+  }
+
+ out:
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+#ifndef SQLITE_OMIT_UTF16
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function16(
+  sqlite3 *db,
+  const void *zFunctionName,
+  int nArg,
+  int eTextRep,
+  void *p,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+  void (*xFinal)(sqlite3_context*)
+){
+  int rc;
+  char *zFunc8;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zFunctionName==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  assert( !db->mallocFailed );
+  zFunc8 = sqlite3Utf16to8(db, zFunctionName, -1, SQLITE_UTF16NATIVE);
+  rc = sqlite3CreateFunc(db, zFunc8, nArg, eTextRep, p, xFunc, xStep, xFinal,0);
+  sqlite3DbFree(db, zFunc8);
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+#endif
+
+
+/*
+** Declare that a function has been overloaded by a virtual table.
+**
+** If the function already exists as a regular global function, then
+** this routine is a no-op.  If the function does not exist, then create
+** a new one that always throws a run-time error.  
+**
+** When virtual tables intend to provide an overloaded function, they
+** should call this routine to make sure the global function exists.
+** A global function must exist in order for name resolution to work
+** properly.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_overload_function(
+  sqlite3 *db,
+  const char *zName,
+  int nArg
+){
+  int nName = sqlite3Strlen30(zName);
+  int rc = SQLITE_OK;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zName==0 || nArg<-2 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  if( sqlite3FindFunction(db, zName, nName, nArg, SQLITE_UTF8, 0)==0 ){
+    rc = sqlite3CreateFunc(db, zName, nArg, SQLITE_UTF8,
+                           0, sqlite3InvalidFunction, 0, 0, 0);
+  }
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+#ifndef SQLITE_OMIT_TRACE
+/*
+** Register a trace function.  The pArg from the previously registered trace
+** is returned.  
+**
+** A NULL trace function means that no tracing is executes.  A non-NULL
+** trace is a pointer to a function that is invoked at the start of each
+** SQL statement.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_trace(sqlite3 *db, void (*xTrace)(void*,const char*), void *pArg){
+  void *pOld;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pOld = db->pTraceArg;
+  db->xTrace = xTrace;
+  db->pTraceArg = pArg;
+  sqlite3_mutex_leave(db->mutex);
+  return pOld;
+}
+/*
+** Register a profile function.  The pArg from the previously registered 
+** profile function is returned.  
+**
+** A NULL profile function means that no profiling is executes.  A non-NULL
+** profile is a pointer to a function that is invoked at the conclusion of
+** each SQL statement that is run.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_profile(
+  sqlite3 *db,
+  void (*xProfile)(void*,const char*,sqlite_uint64),
+  void *pArg
+){
+  void *pOld;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pOld = db->pProfileArg;
+  db->xProfile = xProfile;
+  db->pProfileArg = pArg;
+  sqlite3_mutex_leave(db->mutex);
+  return pOld;
+}
+#endif /* SQLITE_OMIT_TRACE */
+
+/*
+** Register a function to be invoked when a transaction commits.
+** If the invoked function returns non-zero, then the commit becomes a
+** rollback.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_commit_hook(
+  sqlite3 *db,              /* Attach the hook to this database */
+  int (*xCallback)(void*),  /* Function to invoke on each commit */
+  void *pArg                /* Argument to the function */
+){
+  void *pOld;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pOld = db->pCommitArg;
+  db->xCommitCallback = xCallback;
+  db->pCommitArg = pArg;
+  sqlite3_mutex_leave(db->mutex);
+  return pOld;
+}
+
+/*
+** Register a callback to be invoked each time a row is updated,
+** inserted or deleted using this database connection.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_update_hook(
+  sqlite3 *db,              /* Attach the hook to this database */
+  void (*xCallback)(void*,int,char const *,char const *,sqlite_int64),
+  void *pArg                /* Argument to the function */
+){
+  void *pRet;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pRet = db->pUpdateArg;
+  db->xUpdateCallback = xCallback;
+  db->pUpdateArg = pArg;
+  sqlite3_mutex_leave(db->mutex);
+  return pRet;
+}
+
+/*
+** Register a callback to be invoked each time a transaction is rolled
+** back by this database connection.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_rollback_hook(
+  sqlite3 *db,              /* Attach the hook to this database */
+  void (*xCallback)(void*), /* Callback function */
+  void *pArg                /* Argument to the function */
+){
+  void *pRet;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pRet = db->pRollbackArg;
+  db->xRollbackCallback = xCallback;
+  db->pRollbackArg = pArg;
+  sqlite3_mutex_leave(db->mutex);
+  return pRet;
+}
+
+#ifndef SQLITE_OMIT_WAL
+/*
+** The sqlite3_wal_hook() callback registered by sqlite3_wal_autocheckpoint().
+** Invoke sqlite3_wal_checkpoint if the number of frames in the log file
+** is greater than sqlite3.pWalArg cast to an integer (the value configured by
+** wal_autocheckpoint()).
+*/ 
+SQLITE_PRIVATE int sqlite3WalDefaultHook(
+  void *pClientData,     /* Argument */
+  sqlite3 *db,           /* Connection */
+  const char *zDb,       /* Database */
+  int nFrame             /* Size of WAL */
+){
+  if( nFrame>=SQLITE_PTR_TO_INT(pClientData) ){
+    sqlite3BeginBenignMalloc();
+    sqlite3_wal_checkpoint(db, zDb);
+    sqlite3EndBenignMalloc();
+  }
+  return SQLITE_OK;
+}
+#endif /* SQLITE_OMIT_WAL */
+
+/*
+** Configure an sqlite3_wal_hook() callback to automatically checkpoint
+** a database after committing a transaction if there are nFrame or
+** more frames in the log file. Passing zero or a negative value as the
+** nFrame parameter disables automatic checkpoints entirely.
+**
+** The callback registered by this function replaces any existing callback
+** registered using sqlite3_wal_hook(). Likewise, registering a callback
+** using sqlite3_wal_hook() disables the automatic checkpoint mechanism
+** configured by this function.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_autocheckpoint(sqlite3 *db, int nFrame){
+#ifdef SQLITE_OMIT_WAL
+  UNUSED_PARAMETER(db);
+  UNUSED_PARAMETER(nFrame);
+#else
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  if( nFrame>0 ){
+    sqlite3_wal_hook(db, sqlite3WalDefaultHook, SQLITE_INT_TO_PTR(nFrame));
+  }else{
+    sqlite3_wal_hook(db, 0, 0);
+  }
+#endif
+  return SQLITE_OK;
+}
+
+/*
+** Register a callback to be invoked each time a transaction is written
+** into the write-ahead-log by this database connection.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_wal_hook(
+  sqlite3 *db,                    /* Attach the hook to this db handle */
+  int(*xCallback)(void *, sqlite3*, const char*, int),
+  void *pArg                      /* First argument passed to xCallback() */
+){
+#ifndef SQLITE_OMIT_WAL
+  void *pRet;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pRet = db->pWalArg;
+  db->xWalCallback = xCallback;
+  db->pWalArg = pArg;
+  sqlite3_mutex_leave(db->mutex);
+  return pRet;
+#else
+  return 0;
+#endif
+}
+
+/*
+** Checkpoint database zDb.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_checkpoint_v2(
+  sqlite3 *db,                    /* Database handle */
+  const char *zDb,                /* Name of attached database (or NULL) */
+  int eMode,                      /* SQLITE_CHECKPOINT_* value */
+  int *pnLog,                     /* OUT: Size of WAL log in frames */
+  int *pnCkpt                     /* OUT: Total number of frames checkpointed */
+){
+#ifdef SQLITE_OMIT_WAL
+  return SQLITE_OK;
+#else
+  int rc;                         /* Return code */
+  int iDb = SQLITE_MAX_ATTACHED;  /* sqlite3.aDb[] index of db to checkpoint */
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+
+  /* Initialize the output variables to -1 in case an error occurs. */
+  if( pnLog ) *pnLog = -1;
+  if( pnCkpt ) *pnCkpt = -1;
+
+  assert( SQLITE_CHECKPOINT_PASSIVE==0 );
+  assert( SQLITE_CHECKPOINT_FULL==1 );
+  assert( SQLITE_CHECKPOINT_RESTART==2 );
+  assert( SQLITE_CHECKPOINT_TRUNCATE==3 );
+  if( eMode<SQLITE_CHECKPOINT_PASSIVE || eMode>SQLITE_CHECKPOINT_TRUNCATE ){
+    /* EVIDENCE-OF: R-03996-12088 The M parameter must be a valid checkpoint
+    ** mode: */
+    return SQLITE_MISUSE;
+  }
+
+  sqlite3_mutex_enter(db->mutex);
+  if( zDb && zDb[0] ){
+    iDb = sqlite3FindDbName(db, zDb);
+  }
+  if( iDb<0 ){
+    rc = SQLITE_ERROR;
+    sqlite3ErrorWithMsg(db, SQLITE_ERROR, "unknown database: %s", zDb);
+  }else{
+    db->busyHandler.nBusy = 0;
+    rc = sqlite3Checkpoint(db, iDb, eMode, pnLog, pnCkpt);
+    sqlite3Error(db, rc);
+  }
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+#endif
+}
+
+
+/*
+** Checkpoint database zDb. If zDb is NULL, or if the buffer zDb points
+** to contains a zero-length string, all attached databases are 
+** checkpointed.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_checkpoint(sqlite3 *db, const char *zDb){
+  /* EVIDENCE-OF: R-41613-20553 The sqlite3_wal_checkpoint(D,X) is equivalent to
+  ** sqlite3_wal_checkpoint_v2(D,X,SQLITE_CHECKPOINT_PASSIVE,0,0). */
+  return sqlite3_wal_checkpoint_v2(db,zDb,SQLITE_CHECKPOINT_PASSIVE,0,0);
+}
+
+#ifndef SQLITE_OMIT_WAL
+/*
+** Run a checkpoint on database iDb. This is a no-op if database iDb is
+** not currently open in WAL mode.
+**
+** If a transaction is open on the database being checkpointed, this 
+** function returns SQLITE_LOCKED and a checkpoint is not attempted. If 
+** an error occurs while running the checkpoint, an SQLite error code is 
+** returned (i.e. SQLITE_IOERR). Otherwise, SQLITE_OK.
+**
+** The mutex on database handle db should be held by the caller. The mutex
+** associated with the specific b-tree being checkpointed is taken by
+** this function while the checkpoint is running.
+**
+** If iDb is passed SQLITE_MAX_ATTACHED, then all attached databases are
+** checkpointed. If an error is encountered it is returned immediately -
+** no attempt is made to checkpoint any remaining databases.
+**
+** Parameter eMode is one of SQLITE_CHECKPOINT_PASSIVE, FULL or RESTART.
+*/
+SQLITE_PRIVATE int sqlite3Checkpoint(sqlite3 *db, int iDb, int eMode, int *pnLog, int *pnCkpt){
+  int rc = SQLITE_OK;             /* Return code */
+  int i;                          /* Used to iterate through attached dbs */
+  int bBusy = 0;                  /* True if SQLITE_BUSY has been encountered */
+
+  assert( sqlite3_mutex_held(db->mutex) );
+  assert( !pnLog || *pnLog==-1 );
+  assert( !pnCkpt || *pnCkpt==-1 );
+
+  for(i=0; i<db->nDb && rc==SQLITE_OK; i++){
+    if( i==iDb || iDb==SQLITE_MAX_ATTACHED ){
+      rc = sqlite3BtreeCheckpoint(db->aDb[i].pBt, eMode, pnLog, pnCkpt);
+      pnLog = 0;
+      pnCkpt = 0;
+      if( rc==SQLITE_BUSY ){
+        bBusy = 1;
+        rc = SQLITE_OK;
+      }
+    }
+  }
+
+  return (rc==SQLITE_OK && bBusy) ? SQLITE_BUSY : rc;
+}
+#endif /* SQLITE_OMIT_WAL */
+
+/*
+** This function returns true if main-memory should be used instead of
+** a temporary file for transient pager files and statement journals.
+** The value returned depends on the value of db->temp_store (runtime
+** parameter) and the compile time value of SQLITE_TEMP_STORE. The
+** following table describes the relationship between these two values
+** and this functions return value.
+**
+**   SQLITE_TEMP_STORE     db->temp_store     Location of temporary database
+**   -----------------     --------------     ------------------------------
+**   0                     any                file      (return 0)
+**   1                     1                  file      (return 0)
+**   1                     2                  memory    (return 1)
+**   1                     0                  file      (return 0)
+**   2                     1                  file      (return 0)
+**   2                     2                  memory    (return 1)
+**   2                     0                  memory    (return 1)
+**   3                     any                memory    (return 1)
+*/
+SQLITE_PRIVATE int sqlite3TempInMemory(const sqlite3 *db){
+#if SQLITE_TEMP_STORE==1
+  return ( db->temp_store==2 );
+#endif
+#if SQLITE_TEMP_STORE==2
+  return ( db->temp_store!=1 );
+#endif
+#if SQLITE_TEMP_STORE==3
+  UNUSED_PARAMETER(db);
+  return 1;
+#endif
+#if SQLITE_TEMP_STORE<1 || SQLITE_TEMP_STORE>3
+  UNUSED_PARAMETER(db);
+  return 0;
+#endif
+}
+
+/*
+** Return UTF-8 encoded English language explanation of the most recent
+** error.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_errmsg(sqlite3 *db){
+  const char *z;
+  if( !db ){
+    return sqlite3ErrStr(SQLITE_NOMEM);
+  }
+  if( !sqlite3SafetyCheckSickOrOk(db) ){
+    return sqlite3ErrStr(SQLITE_MISUSE_BKPT);
+  }
+  sqlite3_mutex_enter(db->mutex);
+  if( db->mallocFailed ){
+    z = sqlite3ErrStr(SQLITE_NOMEM);
+  }else{
+    testcase( db->pErr==0 );
+    z = (char*)sqlite3_value_text(db->pErr);
+    assert( !db->mallocFailed );
+    if( z==0 ){
+      z = sqlite3ErrStr(db->errCode);
+    }
+  }
+  sqlite3_mutex_leave(db->mutex);
+  return z;
+}
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** Return UTF-16 encoded English language explanation of the most recent
+** error.
+*/
+SQLITE_API const void *SQLITE_STDCALL sqlite3_errmsg16(sqlite3 *db){
+  static const u16 outOfMem[] = {
+    'o', 'u', 't', ' ', 'o', 'f', ' ', 'm', 'e', 'm', 'o', 'r', 'y', 0
+  };
+  static const u16 misuse[] = {
+    'l', 'i', 'b', 'r', 'a', 'r', 'y', ' ', 
+    'r', 'o', 'u', 't', 'i', 'n', 'e', ' ', 
+    'c', 'a', 'l', 'l', 'e', 'd', ' ', 
+    'o', 'u', 't', ' ', 
+    'o', 'f', ' ', 
+    's', 'e', 'q', 'u', 'e', 'n', 'c', 'e', 0
+  };
+
+  const void *z;
+  if( !db ){
+    return (void *)outOfMem;
+  }
+  if( !sqlite3SafetyCheckSickOrOk(db) ){
+    return (void *)misuse;
+  }
+  sqlite3_mutex_enter(db->mutex);
+  if( db->mallocFailed ){
+    z = (void *)outOfMem;
+  }else{
+    z = sqlite3_value_text16(db->pErr);
+    if( z==0 ){
+      sqlite3ErrorWithMsg(db, db->errCode, sqlite3ErrStr(db->errCode));
+      z = sqlite3_value_text16(db->pErr);
+    }
+    /* A malloc() may have failed within the call to sqlite3_value_text16()
+    ** above. If this is the case, then the db->mallocFailed flag needs to
+    ** be cleared before returning. Do this directly, instead of via
+    ** sqlite3ApiExit(), to avoid setting the database handle error message.
+    */
+    db->mallocFailed = 0;
+  }
+  sqlite3_mutex_leave(db->mutex);
+  return z;
+}
+#endif /* SQLITE_OMIT_UTF16 */
+
+/*
+** Return the most recent error code generated by an SQLite routine. If NULL is
+** passed to this function, we assume a malloc() failed during sqlite3_open().
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_errcode(sqlite3 *db){
+  if( db && !sqlite3SafetyCheckSickOrOk(db) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+  if( !db || db->mallocFailed ){
+    return SQLITE_NOMEM;
+  }
+  return db->errCode & db->errMask;
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_extended_errcode(sqlite3 *db){
+  if( db && !sqlite3SafetyCheckSickOrOk(db) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+  if( !db || db->mallocFailed ){
+    return SQLITE_NOMEM;
+  }
+  return db->errCode;
+}
+
+/*
+** Return a string that describes the kind of error specified in the
+** argument.  For now, this simply calls the internal sqlite3ErrStr()
+** function.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_errstr(int rc){
+  return sqlite3ErrStr(rc);
+}
+
+/*
+** Create a new collating function for database "db".  The name is zName
+** and the encoding is enc.
+*/
+static int createCollation(
+  sqlite3* db,
+  const char *zName, 
+  u8 enc,
+  void* pCtx,
+  int(*xCompare)(void*,int,const void*,int,const void*),
+  void(*xDel)(void*)
+){
+  CollSeq *pColl;
+  int enc2;
+  
+  assert( sqlite3_mutex_held(db->mutex) );
+
+  /* If SQLITE_UTF16 is specified as the encoding type, transform this
+  ** to one of SQLITE_UTF16LE or SQLITE_UTF16BE using the
+  ** SQLITE_UTF16NATIVE macro. SQLITE_UTF16 is not used internally.
+  */
+  enc2 = enc;
+  testcase( enc2==SQLITE_UTF16 );
+  testcase( enc2==SQLITE_UTF16_ALIGNED );
+  if( enc2==SQLITE_UTF16 || enc2==SQLITE_UTF16_ALIGNED ){
+    enc2 = SQLITE_UTF16NATIVE;
+  }
+  if( enc2<SQLITE_UTF8 || enc2>SQLITE_UTF16BE ){
+    return SQLITE_MISUSE_BKPT;
+  }
+
+  /* Check if this call is removing or replacing an existing collation 
+  ** sequence. If so, and there are active VMs, return busy. If there
+  ** are no active VMs, invalidate any pre-compiled statements.
+  */
+  pColl = sqlite3FindCollSeq(db, (u8)enc2, zName, 0);
+  if( pColl && pColl->xCmp ){
+    if( db->nVdbeActive ){
+      sqlite3ErrorWithMsg(db, SQLITE_BUSY, 
+        "unable to delete/modify collation sequence due to active statements");
+      return SQLITE_BUSY;
+    }
+    sqlite3ExpirePreparedStatements(db);
+
+    /* If collation sequence pColl was created directly by a call to
+    ** sqlite3_create_collation, and not generated by synthCollSeq(),
+    ** then any copies made by synthCollSeq() need to be invalidated.
+    ** Also, collation destructor - CollSeq.xDel() - function may need
+    ** to be called.
+    */ 
+    if( (pColl->enc & ~SQLITE_UTF16_ALIGNED)==enc2 ){
+      CollSeq *aColl = sqlite3HashFind(&db->aCollSeq, zName);
+      int j;
+      for(j=0; j<3; j++){
+        CollSeq *p = &aColl[j];
+        if( p->enc==pColl->enc ){
+          if( p->xDel ){
+            p->xDel(p->pUser);
+          }
+          p->xCmp = 0;
+        }
+      }
+    }
+  }
+
+  pColl = sqlite3FindCollSeq(db, (u8)enc2, zName, 1);
+  if( pColl==0 ) return SQLITE_NOMEM;
+  pColl->xCmp = xCompare;
+  pColl->pUser = pCtx;
+  pColl->xDel = xDel;
+  pColl->enc = (u8)(enc2 | (enc & SQLITE_UTF16_ALIGNED));
+  sqlite3Error(db, SQLITE_OK);
+  return SQLITE_OK;
+}
+
+
+/*
+** This array defines hard upper bounds on limit values.  The
+** initializer must be kept in sync with the SQLITE_LIMIT_*
+** #defines in sqlite3.h.
+*/
+static const int aHardLimit[] = {
+  SQLITE_MAX_LENGTH,
+  SQLITE_MAX_SQL_LENGTH,
+  SQLITE_MAX_COLUMN,
+  SQLITE_MAX_EXPR_DEPTH,
+  SQLITE_MAX_COMPOUND_SELECT,
+  SQLITE_MAX_VDBE_OP,
+  SQLITE_MAX_FUNCTION_ARG,
+  SQLITE_MAX_ATTACHED,
+  SQLITE_MAX_LIKE_PATTERN_LENGTH,
+  SQLITE_MAX_VARIABLE_NUMBER,      /* IMP: R-38091-32352 */
+  SQLITE_MAX_TRIGGER_DEPTH,
+  SQLITE_MAX_WORKER_THREADS,
+};
+
+/*
+** Make sure the hard limits are set to reasonable values
+*/
+#if SQLITE_MAX_LENGTH<100
+# error SQLITE_MAX_LENGTH must be at least 100
+#endif
+#if SQLITE_MAX_SQL_LENGTH<100
+# error SQLITE_MAX_SQL_LENGTH must be at least 100
+#endif
+#if SQLITE_MAX_SQL_LENGTH>SQLITE_MAX_LENGTH
+# error SQLITE_MAX_SQL_LENGTH must not be greater than SQLITE_MAX_LENGTH
+#endif
+#if SQLITE_MAX_COMPOUND_SELECT<2
+# error SQLITE_MAX_COMPOUND_SELECT must be at least 2
+#endif
+#if SQLITE_MAX_VDBE_OP<40
+# error SQLITE_MAX_VDBE_OP must be at least 40
+#endif
+#if SQLITE_MAX_FUNCTION_ARG<0 || SQLITE_MAX_FUNCTION_ARG>1000
+# error SQLITE_MAX_FUNCTION_ARG must be between 0 and 1000
+#endif
+#if SQLITE_MAX_ATTACHED<0 || SQLITE_MAX_ATTACHED>125
+# error SQLITE_MAX_ATTACHED must be between 0 and 125
+#endif
+#if SQLITE_MAX_LIKE_PATTERN_LENGTH<1
+# error SQLITE_MAX_LIKE_PATTERN_LENGTH must be at least 1
+#endif
+#if SQLITE_MAX_COLUMN>32767
+# error SQLITE_MAX_COLUMN must not exceed 32767
+#endif
+#if SQLITE_MAX_TRIGGER_DEPTH<1
+# error SQLITE_MAX_TRIGGER_DEPTH must be at least 1
+#endif
+#if SQLITE_MAX_WORKER_THREADS<0 || SQLITE_MAX_WORKER_THREADS>50
+# error SQLITE_MAX_WORKER_THREADS must be between 0 and 50
+#endif
+
+
+/*
+** Change the value of a limit.  Report the old value.
+** If an invalid limit index is supplied, report -1.
+** Make no changes but still report the old value if the
+** new limit is negative.
+**
+** A new lower limit does not shrink existing constructs.
+** It merely prevents new constructs that exceed the limit
+** from forming.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_limit(sqlite3 *db, int limitId, int newLimit){
+  int oldLimit;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return -1;
+  }
+#endif
+
+  /* EVIDENCE-OF: R-30189-54097 For each limit category SQLITE_LIMIT_NAME
+  ** there is a hard upper bound set at compile-time by a C preprocessor
+  ** macro called SQLITE_MAX_NAME. (The "_LIMIT_" in the name is changed to
+  ** "_MAX_".)
+  */
+  assert( aHardLimit[SQLITE_LIMIT_LENGTH]==SQLITE_MAX_LENGTH );
+  assert( aHardLimit[SQLITE_LIMIT_SQL_LENGTH]==SQLITE_MAX_SQL_LENGTH );
+  assert( aHardLimit[SQLITE_LIMIT_COLUMN]==SQLITE_MAX_COLUMN );
+  assert( aHardLimit[SQLITE_LIMIT_EXPR_DEPTH]==SQLITE_MAX_EXPR_DEPTH );
+  assert( aHardLimit[SQLITE_LIMIT_COMPOUND_SELECT]==SQLITE_MAX_COMPOUND_SELECT);
+  assert( aHardLimit[SQLITE_LIMIT_VDBE_OP]==SQLITE_MAX_VDBE_OP );
+  assert( aHardLimit[SQLITE_LIMIT_FUNCTION_ARG]==SQLITE_MAX_FUNCTION_ARG );
+  assert( aHardLimit[SQLITE_LIMIT_ATTACHED]==SQLITE_MAX_ATTACHED );
+  assert( aHardLimit[SQLITE_LIMIT_LIKE_PATTERN_LENGTH]==
+                                               SQLITE_MAX_LIKE_PATTERN_LENGTH );
+  assert( aHardLimit[SQLITE_LIMIT_VARIABLE_NUMBER]==SQLITE_MAX_VARIABLE_NUMBER);
+  assert( aHardLimit[SQLITE_LIMIT_TRIGGER_DEPTH]==SQLITE_MAX_TRIGGER_DEPTH );
+  assert( aHardLimit[SQLITE_LIMIT_WORKER_THREADS]==SQLITE_MAX_WORKER_THREADS );
+  assert( SQLITE_LIMIT_WORKER_THREADS==(SQLITE_N_LIMIT-1) );
+
+
+  if( limitId<0 || limitId>=SQLITE_N_LIMIT ){
+    return -1;
+  }
+  oldLimit = db->aLimit[limitId];
+  if( newLimit>=0 ){                   /* IMP: R-52476-28732 */
+    if( newLimit>aHardLimit[limitId] ){
+      newLimit = aHardLimit[limitId];  /* IMP: R-51463-25634 */
+    }
+    db->aLimit[limitId] = newLimit;
+  }
+  return oldLimit;                     /* IMP: R-53341-35419 */
+}
+
+/*
+** This function is used to parse both URIs and non-URI filenames passed by the
+** user to API functions sqlite3_open() or sqlite3_open_v2(), and for database
+** URIs specified as part of ATTACH statements.
+**
+** The first argument to this function is the name of the VFS to use (or
+** a NULL to signify the default VFS) if the URI does not contain a "vfs=xxx"
+** query parameter. The second argument contains the URI (or non-URI filename)
+** itself. When this function is called the *pFlags variable should contain
+** the default flags to open the database handle with. The value stored in
+** *pFlags may be updated before returning if the URI filename contains 
+** "cache=xxx" or "mode=xxx" query parameters.
+**
+** If successful, SQLITE_OK is returned. In this case *ppVfs is set to point to
+** the VFS that should be used to open the database file. *pzFile is set to
+** point to a buffer containing the name of the file to open. It is the 
+** responsibility of the caller to eventually call sqlite3_free() to release
+** this buffer.
+**
+** If an error occurs, then an SQLite error code is returned and *pzErrMsg
+** may be set to point to a buffer containing an English language error 
+** message. It is the responsibility of the caller to eventually release
+** this buffer by calling sqlite3_free().
+*/
+SQLITE_PRIVATE int sqlite3ParseUri(
+  const char *zDefaultVfs,        /* VFS to use if no "vfs=xxx" query option */
+  const char *zUri,               /* Nul-terminated URI to parse */
+  unsigned int *pFlags,           /* IN/OUT: SQLITE_OPEN_XXX flags */
+  sqlite3_vfs **ppVfs,            /* OUT: VFS to use */ 
+  char **pzFile,                  /* OUT: Filename component of URI */
+  char **pzErrMsg                 /* OUT: Error message (if rc!=SQLITE_OK) */
+){
+  int rc = SQLITE_OK;
+  unsigned int flags = *pFlags;
+  const char *zVfs = zDefaultVfs;
+  char *zFile;
+  char c;
+  int nUri = sqlite3Strlen30(zUri);
+
+  assert( *pzErrMsg==0 );
+
+  if( ((flags & SQLITE_OPEN_URI)             /* IMP: R-48725-32206 */
+            || sqlite3GlobalConfig.bOpenUri) /* IMP: R-51689-46548 */
+   && nUri>=5 && memcmp(zUri, "file:", 5)==0 /* IMP: R-57884-37496 */
+  ){
+    char *zOpt;
+    int eState;                   /* Parser state when parsing URI */
+    int iIn;                      /* Input character index */
+    int iOut = 0;                 /* Output character index */
+    u64 nByte = nUri+2;           /* Bytes of space to allocate */
+
+    /* Make sure the SQLITE_OPEN_URI flag is set to indicate to the VFS xOpen 
+    ** method that there may be extra parameters following the file-name.  */
+    flags |= SQLITE_OPEN_URI;
+
+    for(iIn=0; iIn<nUri; iIn++) nByte += (zUri[iIn]=='&');
+    zFile = sqlite3_malloc64(nByte);
+    if( !zFile ) return SQLITE_NOMEM;
+
+    iIn = 5;
+#ifdef SQLITE_ALLOW_URI_AUTHORITY
+    if( strncmp(zUri+5, "///", 3)==0 ){
+      iIn = 7;
+      /* The following condition causes URIs with five leading / characters
+      ** like file://///host/path to be converted into UNCs like //host/path.
+      ** The correct URI for that UNC has only two or four leading / characters
+      ** file://host/path or file:////host/path.  But 5 leading slashes is a 
+      ** common error, we are told, so we handle it as a special case. */
+      if( strncmp(zUri+7, "///", 3)==0 ){ iIn++; }
+    }else if( strncmp(zUri+5, "//localhost/", 12)==0 ){
+      iIn = 16;
+    }
+#else
+    /* Discard the scheme and authority segments of the URI. */
+    if( zUri[5]=='/' && zUri[6]=='/' ){
+      iIn = 7;
+      while( zUri[iIn] && zUri[iIn]!='/' ) iIn++;
+      if( iIn!=7 && (iIn!=16 || memcmp("localhost", &zUri[7], 9)) ){
+        *pzErrMsg = sqlite3_mprintf("invalid uri authority: %.*s", 
+            iIn-7, &zUri[7]);
+        rc = SQLITE_ERROR;
+        goto parse_uri_out;
+      }
+    }
+#endif
+
+    /* Copy the filename and any query parameters into the zFile buffer. 
+    ** Decode %HH escape codes along the way. 
+    **
+    ** Within this loop, variable eState may be set to 0, 1 or 2, depending
+    ** on the parsing context. As follows:
+    **
+    **   0: Parsing file-name.
+    **   1: Parsing name section of a name=value query parameter.
+    **   2: Parsing value section of a name=value query parameter.
+    */
+    eState = 0;
+    while( (c = zUri[iIn])!=0 && c!='#' ){
+      iIn++;
+      if( c=='%' 
+       && sqlite3Isxdigit(zUri[iIn]) 
+       && sqlite3Isxdigit(zUri[iIn+1]) 
+      ){
+        int octet = (sqlite3HexToInt(zUri[iIn++]) << 4);
+        octet += sqlite3HexToInt(zUri[iIn++]);
+
+        assert( octet>=0 && octet<256 );
+        if( octet==0 ){
+          /* This branch is taken when "%00" appears within the URI. In this
+          ** case we ignore all text in the remainder of the path, name or
+          ** value currently being parsed. So ignore the current character
+          ** and skip to the next "?", "=" or "&", as appropriate. */
+          while( (c = zUri[iIn])!=0 && c!='#' 
+              && (eState!=0 || c!='?')
+              && (eState!=1 || (c!='=' && c!='&'))
+              && (eState!=2 || c!='&')
+          ){
+            iIn++;
+          }
+          continue;
+        }
+        c = octet;
+      }else if( eState==1 && (c=='&' || c=='=') ){
+        if( zFile[iOut-1]==0 ){
+          /* An empty option name. Ignore this option altogether. */
+          while( zUri[iIn] && zUri[iIn]!='#' && zUri[iIn-1]!='&' ) iIn++;
+          continue;
+        }
+        if( c=='&' ){
+          zFile[iOut++] = '\0';
+        }else{
+          eState = 2;
+        }
+        c = 0;
+      }else if( (eState==0 && c=='?') || (eState==2 && c=='&') ){
+        c = 0;
+        eState = 1;
+      }
+      zFile[iOut++] = c;
+    }
+    if( eState==1 ) zFile[iOut++] = '\0';
+    zFile[iOut++] = '\0';
+    zFile[iOut++] = '\0';
+
+    /* Check if there were any options specified that should be interpreted 
+    ** here. Options that are interpreted here include "vfs" and those that
+    ** correspond to flags that may be passed to the sqlite3_open_v2()
+    ** method. */
+    zOpt = &zFile[sqlite3Strlen30(zFile)+1];
+    while( zOpt[0] ){
+      int nOpt = sqlite3Strlen30(zOpt);
+      char *zVal = &zOpt[nOpt+1];
+      int nVal = sqlite3Strlen30(zVal);
+
+      if( nOpt==3 && memcmp("vfs", zOpt, 3)==0 ){
+        zVfs = zVal;
+      }else{
+        struct OpenMode {
+          const char *z;
+          int mode;
+        } *aMode = 0;
+        char *zModeType = 0;
+        int mask = 0;
+        int limit = 0;
+
+        if( nOpt==5 && memcmp("cache", zOpt, 5)==0 ){
+          static struct OpenMode aCacheMode[] = {
+            { "shared",  SQLITE_OPEN_SHAREDCACHE },
+            { "private", SQLITE_OPEN_PRIVATECACHE },
+            { 0, 0 }
+          };
+
+          mask = SQLITE_OPEN_SHAREDCACHE|SQLITE_OPEN_PRIVATECACHE;
+          aMode = aCacheMode;
+          limit = mask;
+          zModeType = "cache";
+        }
+        if( nOpt==4 && memcmp("mode", zOpt, 4)==0 ){
+          static struct OpenMode aOpenMode[] = {
+            { "ro",  SQLITE_OPEN_READONLY },
+            { "rw",  SQLITE_OPEN_READWRITE }, 
+            { "rwc", SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE },
+            { "memory", SQLITE_OPEN_MEMORY },
+            { 0, 0 }
+          };
+
+          mask = SQLITE_OPEN_READONLY | SQLITE_OPEN_READWRITE
+                   | SQLITE_OPEN_CREATE | SQLITE_OPEN_MEMORY;
+          aMode = aOpenMode;
+          limit = mask & flags;
+          zModeType = "access";
+        }
+
+        if( aMode ){
+          int i;
+          int mode = 0;
+          for(i=0; aMode[i].z; i++){
+            const char *z = aMode[i].z;
+            if( nVal==sqlite3Strlen30(z) && 0==memcmp(zVal, z, nVal) ){
+              mode = aMode[i].mode;
+              break;
+            }
+          }
+          if( mode==0 ){
+            *pzErrMsg = sqlite3_mprintf("no such %s mode: %s", zModeType, zVal);
+            rc = SQLITE_ERROR;
+            goto parse_uri_out;
+          }
+          if( (mode & ~SQLITE_OPEN_MEMORY)>limit ){
+            *pzErrMsg = sqlite3_mprintf("%s mode not allowed: %s",
+                                        zModeType, zVal);
+            rc = SQLITE_PERM;
+            goto parse_uri_out;
+          }
+          flags = (flags & ~mask) | mode;
+        }
+      }
+
+      zOpt = &zVal[nVal+1];
+    }
+
+  }else{
+    zFile = sqlite3_malloc64(nUri+2);
+    if( !zFile ) return SQLITE_NOMEM;
+    memcpy(zFile, zUri, nUri);
+    zFile[nUri] = '\0';
+    zFile[nUri+1] = '\0';
+    flags &= ~SQLITE_OPEN_URI;
+  }
+
+  *ppVfs = sqlite3_vfs_find(zVfs);
+  if( *ppVfs==0 ){
+    *pzErrMsg = sqlite3_mprintf("no such vfs: %s", zVfs);
+    rc = SQLITE_ERROR;
+  }
+ parse_uri_out:
+  if( rc!=SQLITE_OK ){
+    sqlite3_free(zFile);
+    zFile = 0;
+  }
+  *pFlags = flags;
+  *pzFile = zFile;
+  return rc;
+}
+
+
+/*
+** This routine does the work of opening a database on behalf of
+** sqlite3_open() and sqlite3_open16(). The database filename "zFilename"  
+** is UTF-8 encoded.
+*/
+static int openDatabase(
+  const char *zFilename, /* Database filename UTF-8 encoded */
+  sqlite3 **ppDb,        /* OUT: Returned database handle */
+  unsigned int flags,    /* Operational flags */
+  const char *zVfs       /* Name of the VFS to use */
+){
+  sqlite3 *db;                    /* Store allocated handle here */
+  int rc;                         /* Return code */
+  int isThreadsafe;               /* True for threadsafe connections */
+  char *zOpen = 0;                /* Filename argument to pass to BtreeOpen() */
+  char *zErrMsg = 0;              /* Error message from sqlite3ParseUri() */
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( ppDb==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  *ppDb = 0;
+#ifndef SQLITE_OMIT_AUTOINIT
+  rc = sqlite3_initialize();
+  if( rc ) return rc;
+#endif
+
+  /* Only allow sensible combinations of bits in the flags argument.  
+  ** Throw an error if any non-sense combination is used.  If we
+  ** do not block illegal combinations here, it could trigger
+  ** assert() statements in deeper layers.  Sensible combinations
+  ** are:
+  **
+  **  1:  SQLITE_OPEN_READONLY
+  **  2:  SQLITE_OPEN_READWRITE
+  **  6:  SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE
+  */
+  assert( SQLITE_OPEN_READONLY  == 0x01 );
+  assert( SQLITE_OPEN_READWRITE == 0x02 );
+  assert( SQLITE_OPEN_CREATE    == 0x04 );
+  testcase( (1<<(flags&7))==0x02 ); /* READONLY */
+  testcase( (1<<(flags&7))==0x04 ); /* READWRITE */
+  testcase( (1<<(flags&7))==0x40 ); /* READWRITE | CREATE */
+  if( ((1<<(flags&7)) & 0x46)==0 ){
+    return SQLITE_MISUSE_BKPT;  /* IMP: R-65497-44594 */
+  }
+
+  if( sqlite3GlobalConfig.bCoreMutex==0 ){
+    isThreadsafe = 0;
+  }else if( flags & SQLITE_OPEN_NOMUTEX ){
+    isThreadsafe = 0;
+  }else if( flags & SQLITE_OPEN_FULLMUTEX ){
+    isThreadsafe = 1;
+  }else{
+    isThreadsafe = sqlite3GlobalConfig.bFullMutex;
+  }
+  if( flags & SQLITE_OPEN_PRIVATECACHE ){
+    flags &= ~SQLITE_OPEN_SHAREDCACHE;
+  }else if( sqlite3GlobalConfig.sharedCacheEnabled ){
+    flags |= SQLITE_OPEN_SHAREDCACHE;
+  }
+
+  /* Remove harmful bits from the flags parameter
+  **
+  ** The SQLITE_OPEN_NOMUTEX and SQLITE_OPEN_FULLMUTEX flags were
+  ** dealt with in the previous code block.  Besides these, the only
+  ** valid input flags for sqlite3_open_v2() are SQLITE_OPEN_READONLY,
+  ** SQLITE_OPEN_READWRITE, SQLITE_OPEN_CREATE, SQLITE_OPEN_SHAREDCACHE,
+  ** SQLITE_OPEN_PRIVATECACHE, and some reserved bits.  Silently mask
+  ** off all other flags.
+  */
+  flags &=  ~( SQLITE_OPEN_DELETEONCLOSE |
+               SQLITE_OPEN_EXCLUSIVE |
+               SQLITE_OPEN_MAIN_DB |
+               SQLITE_OPEN_TEMP_DB | 
+               SQLITE_OPEN_TRANSIENT_DB | 
+               SQLITE_OPEN_MAIN_JOURNAL | 
+               SQLITE_OPEN_TEMP_JOURNAL | 
+               SQLITE_OPEN_SUBJOURNAL | 
+               SQLITE_OPEN_MASTER_JOURNAL |
+               SQLITE_OPEN_NOMUTEX |
+               SQLITE_OPEN_FULLMUTEX |
+               SQLITE_OPEN_WAL
+             );
+
+  /* Allocate the sqlite data structure */
+  db = sqlite3MallocZero( sizeof(sqlite3) );
+  if( db==0 ) goto opendb_out;
+  if( isThreadsafe ){
+    db->mutex = sqlite3MutexAlloc(SQLITE_MUTEX_RECURSIVE);
+    if( db->mutex==0 ){
+      sqlite3_free(db);
+      db = 0;
+      goto opendb_out;
+    }
+  }
+  sqlite3_mutex_enter(db->mutex);
+  db->errMask = 0xff;
+  db->nDb = 2;
+  db->magic = SQLITE_MAGIC_BUSY;
+  db->aDb = db->aDbStatic;
+
+  assert( sizeof(db->aLimit)==sizeof(aHardLimit) );
+  memcpy(db->aLimit, aHardLimit, sizeof(db->aLimit));
+  db->aLimit[SQLITE_LIMIT_WORKER_THREADS] = SQLITE_DEFAULT_WORKER_THREADS;
+  db->autoCommit = 1;
+  db->nextAutovac = -1;
+  db->szMmap = sqlite3GlobalConfig.szMmap;
+  db->nextPagesize = 0;
+  db->nMaxSorterMmap = 0x7FFFFFFF;
+  db->flags |= SQLITE_ShortColNames | SQLITE_EnableTrigger | SQLITE_CacheSpill
+#if !defined(SQLITE_DEFAULT_AUTOMATIC_INDEX) || SQLITE_DEFAULT_AUTOMATIC_INDEX
+                 | SQLITE_AutoIndex
+#endif
+#if SQLITE_DEFAULT_CKPTFULLFSYNC
+                 | SQLITE_CkptFullFSync
+#endif
+#if SQLITE_DEFAULT_FILE_FORMAT<4
+                 | SQLITE_LegacyFileFmt
+#endif
+#ifdef SQLITE_ENABLE_LOAD_EXTENSION
+                 | SQLITE_LoadExtension
+#endif
+#if SQLITE_DEFAULT_RECURSIVE_TRIGGERS
+                 | SQLITE_RecTriggers
+#endif
+#if defined(SQLITE_DEFAULT_FOREIGN_KEYS) && SQLITE_DEFAULT_FOREIGN_KEYS
+                 | SQLITE_ForeignKeys
+#endif
+#if defined(SQLITE_REVERSE_UNORDERED_SELECTS)
+                 | SQLITE_ReverseOrder
+#endif
+#if defined(SQLITE_ENABLE_OVERSIZE_CELL_CHECK)
+                 | SQLITE_CellSizeCk
+#endif
+      ;
+  sqlite3HashInit(&db->aCollSeq);
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  sqlite3HashInit(&db->aModule);
+#endif
+
+  /* Add the default collation sequence BINARY. BINARY works for both UTF-8
+  ** and UTF-16, so add a version for each to avoid any unnecessary
+  ** conversions. The only error that can occur here is a malloc() failure.
+  **
+  ** EVIDENCE-OF: R-52786-44878 SQLite defines three built-in collating
+  ** functions:
+  */
+  createCollation(db, sqlite3StrBINARY, SQLITE_UTF8, 0, binCollFunc, 0);
+  createCollation(db, sqlite3StrBINARY, SQLITE_UTF16BE, 0, binCollFunc, 0);
+  createCollation(db, sqlite3StrBINARY, SQLITE_UTF16LE, 0, binCollFunc, 0);
+  createCollation(db, "NOCASE", SQLITE_UTF8, 0, nocaseCollatingFunc, 0);
+  createCollation(db, "RTRIM", SQLITE_UTF8, (void*)1, binCollFunc, 0);
+  if( db->mallocFailed ){
+    goto opendb_out;
+  }
+  /* EVIDENCE-OF: R-08308-17224 The default collating function for all
+  ** strings is BINARY. 
+  */
+  db->pDfltColl = sqlite3FindCollSeq(db, SQLITE_UTF8, sqlite3StrBINARY, 0);
+  assert( db->pDfltColl!=0 );
+
+  /* Parse the filename/URI argument. */
+  db->openFlags = flags;
+  rc = sqlite3ParseUri(zVfs, zFilename, &flags, &db->pVfs, &zOpen, &zErrMsg);
+  if( rc!=SQLITE_OK ){
+    if( rc==SQLITE_NOMEM ) db->mallocFailed = 1;
+    sqlite3ErrorWithMsg(db, rc, zErrMsg ? "%s" : 0, zErrMsg);
+    sqlite3_free(zErrMsg);
+    goto opendb_out;
+  }
+
+  /* Open the backend database driver */
+  rc = sqlite3BtreeOpen(db->pVfs, zOpen, db, &db->aDb[0].pBt, 0,
+                        flags | SQLITE_OPEN_MAIN_DB);
+  if( rc!=SQLITE_OK ){
+    if( rc==SQLITE_IOERR_NOMEM ){
+      rc = SQLITE_NOMEM;
+    }
+    sqlite3Error(db, rc);
+    goto opendb_out;
+  }
+  sqlite3BtreeEnter(db->aDb[0].pBt);
+  db->aDb[0].pSchema = sqlite3SchemaGet(db, db->aDb[0].pBt);
+  if( !db->mallocFailed ) ENC(db) = SCHEMA_ENC(db);
+  sqlite3BtreeLeave(db->aDb[0].pBt);
+  db->aDb[1].pSchema = sqlite3SchemaGet(db, 0);
+
+  /* The default safety_level for the main database is 'full'; for the temp
+  ** database it is 'NONE'. This matches the pager layer defaults.  
+  */
+  db->aDb[0].zName = "main";
+  db->aDb[0].safety_level = 3;
+  db->aDb[1].zName = "temp";
+  db->aDb[1].safety_level = 1;
+
+  db->magic = SQLITE_MAGIC_OPEN;
+  if( db->mallocFailed ){
+    goto opendb_out;
+  }
+
+  /* Register all built-in functions, but do not attempt to read the
+  ** database schema yet. This is delayed until the first time the database
+  ** is accessed.
+  */
+  sqlite3Error(db, SQLITE_OK);
+  sqlite3RegisterBuiltinFunctions(db);
+
+  /* Load automatic extensions - extensions that have been registered
+  ** using the sqlite3_automatic_extension() API.
+  */
+  rc = sqlite3_errcode(db);
+  if( rc==SQLITE_OK ){
+    sqlite3AutoLoadExtensions(db);
+    rc = sqlite3_errcode(db);
+    if( rc!=SQLITE_OK ){
+      goto opendb_out;
+    }
+  }
+
+#ifdef SQLITE_ENABLE_FTS1
+  if( !db->mallocFailed ){
+    extern int sqlite3Fts1Init(sqlite3*);
+    rc = sqlite3Fts1Init(db);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_FTS2
+  if( !db->mallocFailed && rc==SQLITE_OK ){
+    extern int sqlite3Fts2Init(sqlite3*);
+    rc = sqlite3Fts2Init(db);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_FTS3 /* automatically defined by SQLITE_ENABLE_FTS4 */
+  if( !db->mallocFailed && rc==SQLITE_OK ){
+    rc = sqlite3Fts3Init(db);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_FTS5
+  if( !db->mallocFailed && rc==SQLITE_OK ){
+    rc = sqlite3Fts5Init(db);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_ICU
+  if( !db->mallocFailed && rc==SQLITE_OK ){
+    rc = sqlite3IcuInit(db);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_RTREE
+  if( !db->mallocFailed && rc==SQLITE_OK){
+    rc = sqlite3RtreeInit(db);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_DBSTAT_VTAB
+  if( !db->mallocFailed && rc==SQLITE_OK){
+    rc = sqlite3DbstatRegister(db);
+  }
+#endif
+
+#ifdef SQLITE_ENABLE_JSON1
+  if( !db->mallocFailed && rc==SQLITE_OK){
+    rc = sqlite3Json1Init(db);
+  }
+#endif
+
+  /* -DSQLITE_DEFAULT_LOCKING_MODE=1 makes EXCLUSIVE the default locking
+  ** mode.  -DSQLITE_DEFAULT_LOCKING_MODE=0 make NORMAL the default locking
+  ** mode.  Doing nothing at all also makes NORMAL the default.
+  */
+#ifdef SQLITE_DEFAULT_LOCKING_MODE
+  db->dfltLockMode = SQLITE_DEFAULT_LOCKING_MODE;
+  sqlite3PagerLockingMode(sqlite3BtreePager(db->aDb[0].pBt),
+                          SQLITE_DEFAULT_LOCKING_MODE);
+#endif
+
+  if( rc ) sqlite3Error(db, rc);
+
+  /* Enable the lookaside-malloc subsystem */
+  setupLookaside(db, 0, sqlite3GlobalConfig.szLookaside,
+                        sqlite3GlobalConfig.nLookaside);
+
+  sqlite3_wal_autocheckpoint(db, SQLITE_DEFAULT_WAL_AUTOCHECKPOINT);
+
+opendb_out:
+  if( db ){
+    assert( db->mutex!=0 || isThreadsafe==0
+           || sqlite3GlobalConfig.bFullMutex==0 );
+    sqlite3_mutex_leave(db->mutex);
+  }
+  rc = sqlite3_errcode(db);
+  assert( db!=0 || rc==SQLITE_NOMEM );
+  if( rc==SQLITE_NOMEM ){
+    sqlite3_close(db);
+    db = 0;
+  }else if( rc!=SQLITE_OK ){
+    db->magic = SQLITE_MAGIC_SICK;
+  }
+  *ppDb = db;
+#ifdef SQLITE_ENABLE_SQLLOG
+  if( sqlite3GlobalConfig.xSqllog ){
+    /* Opening a db handle. Fourth parameter is passed 0. */
+    void *pArg = sqlite3GlobalConfig.pSqllogArg;
+    sqlite3GlobalConfig.xSqllog(pArg, db, zFilename, 0);
+  }
+#endif
+#if defined(SQLITE_HAS_CODEC)
+  if( rc==SQLITE_OK ){
+    const char *zHexKey = sqlite3_uri_parameter(zOpen, "hexkey");
+    if( zHexKey && zHexKey[0] ){
+      u8 iByte;
+      int i;
+      char zKey[40];
+      for(i=0, iByte=0; i<sizeof(zKey)*2 && sqlite3Isxdigit(zHexKey[i]); i++){
+        iByte = (iByte<<4) + sqlite3HexToInt(zHexKey[i]);
+        if( (i&1)!=0 ) zKey[i/2] = iByte;
+      }
+      sqlite3_key_v2(db, 0, zKey, i/2);
+    }
+  }
+#endif
+  sqlite3_free(zOpen);
+  return rc & 0xff;
+}
+
+/*
+** Open a new database handle.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_open(
+  const char *zFilename, 
+  sqlite3 **ppDb 
+){
+  return openDatabase(zFilename, ppDb,
+                      SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, 0);
+}
+SQLITE_API int SQLITE_STDCALL sqlite3_open_v2(
+  const char *filename,   /* Database filename (UTF-8) */
+  sqlite3 **ppDb,         /* OUT: SQLite db handle */
+  int flags,              /* Flags */
+  const char *zVfs        /* Name of VFS module to use */
+){
+  return openDatabase(filename, ppDb, (unsigned int)flags, zVfs);
+}
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** Open a new database handle.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_open16(
+  const void *zFilename, 
+  sqlite3 **ppDb
+){
+  char const *zFilename8;   /* zFilename encoded in UTF-8 instead of UTF-16 */
+  sqlite3_value *pVal;
+  int rc;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( ppDb==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  *ppDb = 0;
+#ifndef SQLITE_OMIT_AUTOINIT
+  rc = sqlite3_initialize();
+  if( rc ) return rc;
+#endif
+  if( zFilename==0 ) zFilename = "\000\000";
+  pVal = sqlite3ValueNew(0);
+  sqlite3ValueSetStr(pVal, -1, zFilename, SQLITE_UTF16NATIVE, SQLITE_STATIC);
+  zFilename8 = sqlite3ValueText(pVal, SQLITE_UTF8);
+  if( zFilename8 ){
+    rc = openDatabase(zFilename8, ppDb,
+                      SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, 0);
+    assert( *ppDb || rc==SQLITE_NOMEM );
+    if( rc==SQLITE_OK && !DbHasProperty(*ppDb, 0, DB_SchemaLoaded) ){
+      SCHEMA_ENC(*ppDb) = ENC(*ppDb) = SQLITE_UTF16NATIVE;
+    }
+  }else{
+    rc = SQLITE_NOMEM;
+  }
+  sqlite3ValueFree(pVal);
+
+  return rc & 0xff;
+}
+#endif /* SQLITE_OMIT_UTF16 */
+
+/*
+** Register a new collation sequence with the database handle db.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation(
+  sqlite3* db, 
+  const char *zName, 
+  int enc, 
+  void* pCtx,
+  int(*xCompare)(void*,int,const void*,int,const void*)
+){
+  return sqlite3_create_collation_v2(db, zName, enc, pCtx, xCompare, 0);
+}
+
+/*
+** Register a new collation sequence with the database handle db.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation_v2(
+  sqlite3* db, 
+  const char *zName, 
+  int enc, 
+  void* pCtx,
+  int(*xCompare)(void*,int,const void*,int,const void*),
+  void(*xDel)(void*)
+){
+  int rc;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zName==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  assert( !db->mallocFailed );
+  rc = createCollation(db, zName, (u8)enc, pCtx, xCompare, xDel);
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** Register a new collation sequence with the database handle db.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation16(
+  sqlite3* db, 
+  const void *zName,
+  int enc, 
+  void* pCtx,
+  int(*xCompare)(void*,int,const void*,int,const void*)
+){
+  int rc = SQLITE_OK;
+  char *zName8;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zName==0 ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  assert( !db->mallocFailed );
+  zName8 = sqlite3Utf16to8(db, zName, -1, SQLITE_UTF16NATIVE);
+  if( zName8 ){
+    rc = createCollation(db, zName8, (u8)enc, pCtx, xCompare, 0);
+    sqlite3DbFree(db, zName8);
+  }
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+#endif /* SQLITE_OMIT_UTF16 */
+
+/*
+** Register a collation sequence factory callback with the database handle
+** db. Replace any previously installed collation sequence factory.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_collation_needed(
+  sqlite3 *db, 
+  void *pCollNeededArg, 
+  void(*xCollNeeded)(void*,sqlite3*,int eTextRep,const char*)
+){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  db->xCollNeeded = xCollNeeded;
+  db->xCollNeeded16 = 0;
+  db->pCollNeededArg = pCollNeededArg;
+  sqlite3_mutex_leave(db->mutex);
+  return SQLITE_OK;
+}
+
+#ifndef SQLITE_OMIT_UTF16
+/*
+** Register a collation sequence factory callback with the database handle
+** db. Replace any previously installed collation sequence factory.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_collation_needed16(
+  sqlite3 *db, 
+  void *pCollNeededArg, 
+  void(*xCollNeeded16)(void*,sqlite3*,int eTextRep,const void*)
+){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  db->xCollNeeded = 0;
+  db->xCollNeeded16 = xCollNeeded16;
+  db->pCollNeededArg = pCollNeededArg;
+  sqlite3_mutex_leave(db->mutex);
+  return SQLITE_OK;
+}
+#endif /* SQLITE_OMIT_UTF16 */
+
+#ifndef SQLITE_OMIT_DEPRECATED
+/*
+** This function is now an anachronism. It used to be used to recover from a
+** malloc() failure, but SQLite now does this automatically.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_global_recover(void){
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** Test to see whether or not the database connection is in autocommit
+** mode.  Return TRUE if it is and FALSE if not.  Autocommit mode is on
+** by default.  Autocommit is disabled by a BEGIN statement and reenabled
+** by the next COMMIT or ROLLBACK.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_get_autocommit(sqlite3 *db){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  return db->autoCommit;
+}
+
+/*
+** The following routines are substitutes for constants SQLITE_CORRUPT,
+** SQLITE_MISUSE, SQLITE_CANTOPEN, SQLITE_IOERR and possibly other error
+** constants.  They serve two purposes:
+**
+**   1.  Serve as a convenient place to set a breakpoint in a debugger
+**       to detect when version error conditions occurs.
+**
+**   2.  Invoke sqlite3_log() to provide the source code location where
+**       a low-level error is first detected.
+*/
+SQLITE_PRIVATE int sqlite3CorruptError(int lineno){
+  testcase( sqlite3GlobalConfig.xLog!=0 );
+  sqlite3_log(SQLITE_CORRUPT,
+              "database corruption at line %d of [%.10s]",
+              lineno, 20+sqlite3_sourceid());
+  return SQLITE_CORRUPT;
+}
+SQLITE_PRIVATE int sqlite3MisuseError(int lineno){
+  testcase( sqlite3GlobalConfig.xLog!=0 );
+  sqlite3_log(SQLITE_MISUSE, 
+              "misuse at line %d of [%.10s]",
+              lineno, 20+sqlite3_sourceid());
+  return SQLITE_MISUSE;
+}
+SQLITE_PRIVATE int sqlite3CantopenError(int lineno){
+  testcase( sqlite3GlobalConfig.xLog!=0 );
+  sqlite3_log(SQLITE_CANTOPEN, 
+              "cannot open file at line %d of [%.10s]",
+              lineno, 20+sqlite3_sourceid());
+  return SQLITE_CANTOPEN;
+}
+
+
+#ifndef SQLITE_OMIT_DEPRECATED
+/*
+** This is a convenience routine that makes sure that all thread-specific
+** data for this thread has been deallocated.
+**
+** SQLite no longer uses thread-specific data so this routine is now a
+** no-op.  It is retained for historical compatibility.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_thread_cleanup(void){
+}
+#endif
+
+/*
+** Return meta information about a specific column of a database table.
+** See comment in sqlite3.h (sqlite.h.in) for details.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_table_column_metadata(
+  sqlite3 *db,                /* Connection handle */
+  const char *zDbName,        /* Database name or NULL */
+  const char *zTableName,     /* Table name */
+  const char *zColumnName,    /* Column name */
+  char const **pzDataType,    /* OUTPUT: Declared data type */
+  char const **pzCollSeq,     /* OUTPUT: Collation sequence name */
+  int *pNotNull,              /* OUTPUT: True if NOT NULL constraint exists */
+  int *pPrimaryKey,           /* OUTPUT: True if column part of PK */
+  int *pAutoinc               /* OUTPUT: True if column is auto-increment */
+){
+  int rc;
+  char *zErrMsg = 0;
+  Table *pTab = 0;
+  Column *pCol = 0;
+  int iCol = 0;
+  char const *zDataType = 0;
+  char const *zCollSeq = 0;
+  int notnull = 0;
+  int primarykey = 0;
+  int autoinc = 0;
+
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) || zTableName==0 ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+
+  /* Ensure the database schema has been loaded */
+  sqlite3_mutex_enter(db->mutex);
+  sqlite3BtreeEnterAll(db);
+  rc = sqlite3Init(db, &zErrMsg);
+  if( SQLITE_OK!=rc ){
+    goto error_out;
+  }
+
+  /* Locate the table in question */
+  pTab = sqlite3FindTable(db, zTableName, zDbName);
+  if( !pTab || pTab->pSelect ){
+    pTab = 0;
+    goto error_out;
+  }
+
+  /* Find the column for which info is requested */
+  if( zColumnName==0 ){
+    /* Query for existance of table only */
+  }else{
+    for(iCol=0; iCol<pTab->nCol; iCol++){
+      pCol = &pTab->aCol[iCol];
+      if( 0==sqlite3StrICmp(pCol->zName, zColumnName) ){
+        break;
+      }
+    }
+    if( iCol==pTab->nCol ){
+      if( HasRowid(pTab) && sqlite3IsRowid(zColumnName) ){
+        iCol = pTab->iPKey;
+        pCol = iCol>=0 ? &pTab->aCol[iCol] : 0;
+      }else{
+        pTab = 0;
+        goto error_out;
+      }
+    }
+  }
+
+  /* The following block stores the meta information that will be returned
+  ** to the caller in local variables zDataType, zCollSeq, notnull, primarykey
+  ** and autoinc. At this point there are two possibilities:
+  ** 
+  **     1. The specified column name was rowid", "oid" or "_rowid_" 
+  **        and there is no explicitly declared IPK column. 
+  **
+  **     2. The table is not a view and the column name identified an 
+  **        explicitly declared column. Copy meta information from *pCol.
+  */ 
+  if( pCol ){
+    zDataType = pCol->zType;
+    zCollSeq = pCol->zColl;
+    notnull = pCol->notNull!=0;
+    primarykey  = (pCol->colFlags & COLFLAG_PRIMKEY)!=0;
+    autoinc = pTab->iPKey==iCol && (pTab->tabFlags & TF_Autoincrement)!=0;
+  }else{
+    zDataType = "INTEGER";
+    primarykey = 1;
+  }
+  if( !zCollSeq ){
+    zCollSeq = sqlite3StrBINARY;
+  }
+
+error_out:
+  sqlite3BtreeLeaveAll(db);
+
+  /* Whether the function call succeeded or failed, set the output parameters
+  ** to whatever their local counterparts contain. If an error did occur,
+  ** this has the effect of zeroing all output parameters.
+  */
+  if( pzDataType ) *pzDataType = zDataType;
+  if( pzCollSeq ) *pzCollSeq = zCollSeq;
+  if( pNotNull ) *pNotNull = notnull;
+  if( pPrimaryKey ) *pPrimaryKey = primarykey;
+  if( pAutoinc ) *pAutoinc = autoinc;
+
+  if( SQLITE_OK==rc && !pTab ){
+    sqlite3DbFree(db, zErrMsg);
+    zErrMsg = sqlite3MPrintf(db, "no such table column: %s.%s", zTableName,
+        zColumnName);
+    rc = SQLITE_ERROR;
+  }
+  sqlite3ErrorWithMsg(db, rc, (zErrMsg?"%s":0), zErrMsg);
+  sqlite3DbFree(db, zErrMsg);
+  rc = sqlite3ApiExit(db, rc);
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** Sleep for a little while.  Return the amount of time slept.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_sleep(int ms){
+  sqlite3_vfs *pVfs;
+  int rc;
+  pVfs = sqlite3_vfs_find(0);
+  if( pVfs==0 ) return 0;
+
+  /* This function works in milliseconds, but the underlying OsSleep() 
+  ** API uses microseconds. Hence the 1000's.
+  */
+  rc = (sqlite3OsSleep(pVfs, 1000*ms)/1000);
+  return rc;
+}
+
+/*
+** Enable or disable the extended result codes.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_extended_result_codes(sqlite3 *db, int onoff){
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  db->errMask = onoff ? 0xffffffff : 0xff;
+  sqlite3_mutex_leave(db->mutex);
+  return SQLITE_OK;
+}
+
+/*
+** Invoke the xFileControl method on a particular database.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_file_control(sqlite3 *db, const char *zDbName, int op, void *pArg){
+  int rc = SQLITE_ERROR;
+  Btree *pBtree;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  pBtree = sqlite3DbNameToBtree(db, zDbName);
+  if( pBtree ){
+    Pager *pPager;
+    sqlite3_file *fd;
+    sqlite3BtreeEnter(pBtree);
+    pPager = sqlite3BtreePager(pBtree);
+    assert( pPager!=0 );
+    fd = sqlite3PagerFile(pPager);
+    assert( fd!=0 );
+    if( op==SQLITE_FCNTL_FILE_POINTER ){
+      *(sqlite3_file**)pArg = fd;
+      rc = SQLITE_OK;
+    }else if( op==SQLITE_FCNTL_VFS_POINTER ){
+      *(sqlite3_vfs**)pArg = sqlite3PagerVfs(pPager);
+      rc = SQLITE_OK;
+    }else if( op==SQLITE_FCNTL_JOURNAL_POINTER ){
+      *(sqlite3_file**)pArg = sqlite3PagerJrnlFile(pPager);
+      rc = SQLITE_OK;
+    }else if( fd->pMethods ){
+      rc = sqlite3OsFileControl(fd, op, pArg);
+    }else{
+      rc = SQLITE_NOTFOUND;
+    }
+    sqlite3BtreeLeave(pBtree);
+  }
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** Interface to the testing logic.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_test_control(int op, ...){
+  int rc = 0;
+#ifdef SQLITE_OMIT_BUILTIN_TEST
+  UNUSED_PARAMETER(op);
+#else
+  va_list ap;
+  va_start(ap, op);
+  switch( op ){
+
+    /*
+    ** Save the current state of the PRNG.
+    */
+    case SQLITE_TESTCTRL_PRNG_SAVE: {
+      sqlite3PrngSaveState();
+      break;
+    }
+
+    /*
+    ** Restore the state of the PRNG to the last state saved using
+    ** PRNG_SAVE.  If PRNG_SAVE has never before been called, then
+    ** this verb acts like PRNG_RESET.
+    */
+    case SQLITE_TESTCTRL_PRNG_RESTORE: {
+      sqlite3PrngRestoreState();
+      break;
+    }
+
+    /*
+    ** Reset the PRNG back to its uninitialized state.  The next call
+    ** to sqlite3_randomness() will reseed the PRNG using a single call
+    ** to the xRandomness method of the default VFS.
+    */
+    case SQLITE_TESTCTRL_PRNG_RESET: {
+      sqlite3_randomness(0,0);
+      break;
+    }
+
+    /*
+    **  sqlite3_test_control(BITVEC_TEST, size, program)
+    **
+    ** Run a test against a Bitvec object of size.  The program argument
+    ** is an array of integers that defines the test.  Return -1 on a
+    ** memory allocation error, 0 on success, or non-zero for an error.
+    ** See the sqlite3BitvecBuiltinTest() for additional information.
+    */
+    case SQLITE_TESTCTRL_BITVEC_TEST: {
+      int sz = va_arg(ap, int);
+      int *aProg = va_arg(ap, int*);
+      rc = sqlite3BitvecBuiltinTest(sz, aProg);
+      break;
+    }
+
+    /*
+    **  sqlite3_test_control(FAULT_INSTALL, xCallback)
+    **
+    ** Arrange to invoke xCallback() whenever sqlite3FaultSim() is called,
+    ** if xCallback is not NULL.
+    **
+    ** As a test of the fault simulator mechanism itself, sqlite3FaultSim(0)
+    ** is called immediately after installing the new callback and the return
+    ** value from sqlite3FaultSim(0) becomes the return from
+    ** sqlite3_test_control().
+    */
+    case SQLITE_TESTCTRL_FAULT_INSTALL: {
+      /* MSVC is picky about pulling func ptrs from va lists.
+      ** http://support.microsoft.com/kb/47961
+      ** sqlite3GlobalConfig.xTestCallback = va_arg(ap, int(*)(int));
+      */
+      typedef int(*TESTCALLBACKFUNC_t)(int);
+      sqlite3GlobalConfig.xTestCallback = va_arg(ap, TESTCALLBACKFUNC_t);
+      rc = sqlite3FaultSim(0);
+      break;
+    }
+
+    /*
+    **  sqlite3_test_control(BENIGN_MALLOC_HOOKS, xBegin, xEnd)
+    **
+    ** Register hooks to call to indicate which malloc() failures 
+    ** are benign.
+    */
+    case SQLITE_TESTCTRL_BENIGN_MALLOC_HOOKS: {
+      typedef void (*void_function)(void);
+      void_function xBenignBegin;
+      void_function xBenignEnd;
+      xBenignBegin = va_arg(ap, void_function);
+      xBenignEnd = va_arg(ap, void_function);
+      sqlite3BenignMallocHooks(xBenignBegin, xBenignEnd);
+      break;
+    }
+
+    /*
+    **  sqlite3_test_control(SQLITE_TESTCTRL_PENDING_BYTE, unsigned int X)
+    **
+    ** Set the PENDING byte to the value in the argument, if X>0.
+    ** Make no changes if X==0.  Return the value of the pending byte
+    ** as it existing before this routine was called.
+    **
+    ** IMPORTANT:  Changing the PENDING byte from 0x40000000 results in
+    ** an incompatible database file format.  Changing the PENDING byte
+    ** while any database connection is open results in undefined and
+    ** deleterious behavior.
+    */
+    case SQLITE_TESTCTRL_PENDING_BYTE: {
+      rc = PENDING_BYTE;
+#ifndef SQLITE_OMIT_WSD
+      {
+        unsigned int newVal = va_arg(ap, unsigned int);
+        if( newVal ) sqlite3PendingByte = newVal;
+      }
+#endif
+      break;
+    }
+
+    /*
+    **  sqlite3_test_control(SQLITE_TESTCTRL_ASSERT, int X)
+    **
+    ** This action provides a run-time test to see whether or not
+    ** assert() was enabled at compile-time.  If X is true and assert()
+    ** is enabled, then the return value is true.  If X is true and
+    ** assert() is disabled, then the return value is zero.  If X is
+    ** false and assert() is enabled, then the assertion fires and the
+    ** process aborts.  If X is false and assert() is disabled, then the
+    ** return value is zero.
+    */
+    case SQLITE_TESTCTRL_ASSERT: {
+      volatile int x = 0;
+      assert( (x = va_arg(ap,int))!=0 );
+      rc = x;
+      break;
+    }
+
+
+    /*
+    **  sqlite3_test_control(SQLITE_TESTCTRL_ALWAYS, int X)
+    **
+    ** This action provides a run-time test to see how the ALWAYS and
+    ** NEVER macros were defined at compile-time.
+    **
+    ** The return value is ALWAYS(X).  
+    **
+    ** The recommended test is X==2.  If the return value is 2, that means
+    ** ALWAYS() and NEVER() are both no-op pass-through macros, which is the
+    ** default setting.  If the return value is 1, then ALWAYS() is either
+    ** hard-coded to true or else it asserts if its argument is false.
+    ** The first behavior (hard-coded to true) is the case if
+    ** SQLITE_TESTCTRL_ASSERT shows that assert() is disabled and the second
+    ** behavior (assert if the argument to ALWAYS() is false) is the case if
+    ** SQLITE_TESTCTRL_ASSERT shows that assert() is enabled.
+    **
+    ** The run-time test procedure might look something like this:
+    **
+    **    if( sqlite3_test_control(SQLITE_TESTCTRL_ALWAYS, 2)==2 ){
+    **      // ALWAYS() and NEVER() are no-op pass-through macros
+    **    }else if( sqlite3_test_control(SQLITE_TESTCTRL_ASSERT, 1) ){
+    **      // ALWAYS(x) asserts that x is true. NEVER(x) asserts x is false.
+    **    }else{
+    **      // ALWAYS(x) is a constant 1.  NEVER(x) is a constant 0.
+    **    }
+    */
+    case SQLITE_TESTCTRL_ALWAYS: {
+      int x = va_arg(ap,int);
+      rc = ALWAYS(x);
+      break;
+    }
+
+    /*
+    **   sqlite3_test_control(SQLITE_TESTCTRL_BYTEORDER);
+    **
+    ** The integer returned reveals the byte-order of the computer on which
+    ** SQLite is running:
+    **
+    **       1     big-endian,    determined at run-time
+    **      10     little-endian, determined at run-time
+    **  432101     big-endian,    determined at compile-time
+    **  123410     little-endian, determined at compile-time
+    */ 
+    case SQLITE_TESTCTRL_BYTEORDER: {
+      rc = SQLITE_BYTEORDER*100 + SQLITE_LITTLEENDIAN*10 + SQLITE_BIGENDIAN;
+      break;
+    }
+
+    /*   sqlite3_test_control(SQLITE_TESTCTRL_RESERVE, sqlite3 *db, int N)
+    **
+    ** Set the nReserve size to N for the main database on the database
+    ** connection db.
+    */
+    case SQLITE_TESTCTRL_RESERVE: {
+      sqlite3 *db = va_arg(ap, sqlite3*);
+      int x = va_arg(ap,int);
+      sqlite3_mutex_enter(db->mutex);
+      sqlite3BtreeSetPageSize(db->aDb[0].pBt, 0, x, 0);
+      sqlite3_mutex_leave(db->mutex);
+      break;
+    }
+
+    /*  sqlite3_test_control(SQLITE_TESTCTRL_OPTIMIZATIONS, sqlite3 *db, int N)
+    **
+    ** Enable or disable various optimizations for testing purposes.  The 
+    ** argument N is a bitmask of optimizations to be disabled.  For normal
+    ** operation N should be 0.  The idea is that a test program (like the
+    ** SQL Logic Test or SLT test module) can run the same SQL multiple times
+    ** with various optimizations disabled to verify that the same answer
+    ** is obtained in every case.
+    */
+    case SQLITE_TESTCTRL_OPTIMIZATIONS: {
+      sqlite3 *db = va_arg(ap, sqlite3*);
+      db->dbOptFlags = (u16)(va_arg(ap, int) & 0xffff);
+      break;
+    }
+
+#ifdef SQLITE_N_KEYWORD
+    /* sqlite3_test_control(SQLITE_TESTCTRL_ISKEYWORD, const char *zWord)
+    **
+    ** If zWord is a keyword recognized by the parser, then return the
+    ** number of keywords.  Or if zWord is not a keyword, return 0.
+    ** 
+    ** This test feature is only available in the amalgamation since
+    ** the SQLITE_N_KEYWORD macro is not defined in this file if SQLite
+    ** is built using separate source files.
+    */
+    case SQLITE_TESTCTRL_ISKEYWORD: {
+      const char *zWord = va_arg(ap, const char*);
+      int n = sqlite3Strlen30(zWord);
+      rc = (sqlite3KeywordCode((u8*)zWord, n)!=TK_ID) ? SQLITE_N_KEYWORD : 0;
+      break;
+    }
+#endif 
+
+    /* sqlite3_test_control(SQLITE_TESTCTRL_SCRATCHMALLOC, sz, &pNew, pFree);
+    **
+    ** Pass pFree into sqlite3ScratchFree(). 
+    ** If sz>0 then allocate a scratch buffer into pNew.  
+    */
+    case SQLITE_TESTCTRL_SCRATCHMALLOC: {
+      void *pFree, **ppNew;
+      int sz;
+      sz = va_arg(ap, int);
+      ppNew = va_arg(ap, void**);
+      pFree = va_arg(ap, void*);
+      if( sz ) *ppNew = sqlite3ScratchMalloc(sz);
+      sqlite3ScratchFree(pFree);
+      break;
+    }
+
+    /*   sqlite3_test_control(SQLITE_TESTCTRL_LOCALTIME_FAULT, int onoff);
+    **
+    ** If parameter onoff is non-zero, configure the wrappers so that all
+    ** subsequent calls to localtime() and variants fail. If onoff is zero,
+    ** undo this setting.
+    */
+    case SQLITE_TESTCTRL_LOCALTIME_FAULT: {
+      sqlite3GlobalConfig.bLocaltimeFault = va_arg(ap, int);
+      break;
+    }
+
+    /*   sqlite3_test_control(SQLITE_TESTCTRL_NEVER_CORRUPT, int);
+    **
+    ** Set or clear a flag that indicates that the database file is always well-
+    ** formed and never corrupt.  This flag is clear by default, indicating that
+    ** database files might have arbitrary corruption.  Setting the flag during
+    ** testing causes certain assert() statements in the code to be activated
+    ** that demonstrat invariants on well-formed database files.
+    */
+    case SQLITE_TESTCTRL_NEVER_CORRUPT: {
+      sqlite3GlobalConfig.neverCorrupt = va_arg(ap, int);
+      break;
+    }
+
+
+    /*   sqlite3_test_control(SQLITE_TESTCTRL_VDBE_COVERAGE, xCallback, ptr);
+    **
+    ** Set the VDBE coverage callback function to xCallback with context 
+    ** pointer ptr.
+    */
+    case SQLITE_TESTCTRL_VDBE_COVERAGE: {
+#ifdef SQLITE_VDBE_COVERAGE
+      typedef void (*branch_callback)(void*,int,u8,u8);
+      sqlite3GlobalConfig.xVdbeBranch = va_arg(ap,branch_callback);
+      sqlite3GlobalConfig.pVdbeBranchArg = va_arg(ap,void*);
+#endif
+      break;
+    }
+
+    /*   sqlite3_test_control(SQLITE_TESTCTRL_SORTER_MMAP, db, nMax); */
+    case SQLITE_TESTCTRL_SORTER_MMAP: {
+      sqlite3 *db = va_arg(ap, sqlite3*);
+      db->nMaxSorterMmap = va_arg(ap, int);
+      break;
+    }
+
+    /*   sqlite3_test_control(SQLITE_TESTCTRL_ISINIT);
+    **
+    ** Return SQLITE_OK if SQLite has been initialized and SQLITE_ERROR if
+    ** not.
+    */
+    case SQLITE_TESTCTRL_ISINIT: {
+      if( sqlite3GlobalConfig.isInit==0 ) rc = SQLITE_ERROR;
+      break;
+    }
+
+    /*  sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, db, dbName, onOff, tnum);
+    **
+    ** This test control is used to create imposter tables.  "db" is a pointer
+    ** to the database connection.  dbName is the database name (ex: "main" or
+    ** "temp") which will receive the imposter.  "onOff" turns imposter mode on
+    ** or off.  "tnum" is the root page of the b-tree to which the imposter
+    ** table should connect.
+    **
+    ** Enable imposter mode only when the schema has already been parsed.  Then
+    ** run a single CREATE TABLE statement to construct the imposter table in
+    ** the parsed schema.  Then turn imposter mode back off again.
+    **
+    ** If onOff==0 and tnum>0 then reset the schema for all databases, causing
+    ** the schema to be reparsed the next time it is needed.  This has the
+    ** effect of erasing all imposter tables.
+    */
+    case SQLITE_TESTCTRL_IMPOSTER: {
+      sqlite3 *db = va_arg(ap, sqlite3*);
+      sqlite3_mutex_enter(db->mutex);
+      db->init.iDb = sqlite3FindDbName(db, va_arg(ap,const char*));
+      db->init.busy = db->init.imposterTable = va_arg(ap,int);
+      db->init.newTnum = va_arg(ap,int);
+      if( db->init.busy==0 && db->init.newTnum>0 ){
+        sqlite3ResetAllSchemasOfConnection(db);
+      }
+      sqlite3_mutex_leave(db->mutex);
+      break;
+    }
+  }
+  va_end(ap);
+#endif /* SQLITE_OMIT_BUILTIN_TEST */
+  return rc;
+}
+
+/*
+** This is a utility routine, useful to VFS implementations, that checks
+** to see if a database file was a URI that contained a specific query 
+** parameter, and if so obtains the value of the query parameter.
+**
+** The zFilename argument is the filename pointer passed into the xOpen()
+** method of a VFS implementation.  The zParam argument is the name of the
+** query parameter we seek.  This routine returns the value of the zParam
+** parameter if it exists.  If the parameter does not exist, this routine
+** returns a NULL pointer.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_uri_parameter(const char *zFilename, const char *zParam){
+  if( zFilename==0 || zParam==0 ) return 0;
+  zFilename += sqlite3Strlen30(zFilename) + 1;
+  while( zFilename[0] ){
+    int x = strcmp(zFilename, zParam);
+    zFilename += sqlite3Strlen30(zFilename) + 1;
+    if( x==0 ) return zFilename;
+    zFilename += sqlite3Strlen30(zFilename) + 1;
+  }
+  return 0;
+}
+
+/*
+** Return a boolean value for a query parameter.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_uri_boolean(const char *zFilename, const char *zParam, int bDflt){
+  const char *z = sqlite3_uri_parameter(zFilename, zParam);
+  bDflt = bDflt!=0;
+  return z ? sqlite3GetBoolean(z, bDflt) : bDflt;
+}
+
+/*
+** Return a 64-bit integer value for a query parameter.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_uri_int64(
+  const char *zFilename,    /* Filename as passed to xOpen */
+  const char *zParam,       /* URI parameter sought */
+  sqlite3_int64 bDflt       /* return if parameter is missing */
+){
+  const char *z = sqlite3_uri_parameter(zFilename, zParam);
+  sqlite3_int64 v;
+  if( z && sqlite3DecOrHexToI64(z, &v)==SQLITE_OK ){
+    bDflt = v;
+  }
+  return bDflt;
+}
+
+/*
+** Return the Btree pointer identified by zDbName.  Return NULL if not found.
+*/
+SQLITE_PRIVATE Btree *sqlite3DbNameToBtree(sqlite3 *db, const char *zDbName){
+  int i;
+  for(i=0; i<db->nDb; i++){
+    if( db->aDb[i].pBt
+     && (zDbName==0 || sqlite3StrICmp(zDbName, db->aDb[i].zName)==0)
+    ){
+      return db->aDb[i].pBt;
+    }
+  }
+  return 0;
+}
+
+/*
+** Return the filename of the database associated with a database
+** connection.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_db_filename(sqlite3 *db, const char *zDbName){
+  Btree *pBt;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return 0;
+  }
+#endif
+  pBt = sqlite3DbNameToBtree(db, zDbName);
+  return pBt ? sqlite3BtreeGetFilename(pBt) : 0;
+}
+
+/*
+** Return 1 if database is read-only or 0 if read/write.  Return -1 if
+** no such database exists.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_readonly(sqlite3 *db, const char *zDbName){
+  Btree *pBt;
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    (void)SQLITE_MISUSE_BKPT;
+    return -1;
+  }
+#endif
+  pBt = sqlite3DbNameToBtree(db, zDbName);
+  return pBt ? sqlite3BtreeIsReadonly(pBt) : -1;
+}
+
+#ifdef SQLITE_ENABLE_SNAPSHOT
+/*
+** Obtain a snapshot handle for the snapshot of database zDb currently 
+** being read by handle db.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_snapshot_get(
+  sqlite3 *db, 
+  const char *zDb,
+  sqlite3_snapshot **ppSnapshot
+){
+  int rc = SQLITE_ERROR;
+#ifndef SQLITE_OMIT_WAL
+  int iDb;
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+
+  iDb = sqlite3FindDbName(db, zDb);
+  if( iDb==0 || iDb>1 ){
+    Btree *pBt = db->aDb[iDb].pBt;
+    if( 0==sqlite3BtreeIsInTrans(pBt) ){
+      rc = sqlite3BtreeBeginTrans(pBt, 0);
+      if( rc==SQLITE_OK ){
+        rc = sqlite3PagerSnapshotGet(sqlite3BtreePager(pBt), ppSnapshot);
+      }
+    }
+  }
+
+  sqlite3_mutex_leave(db->mutex);
+#endif   /* SQLITE_OMIT_WAL */
+  return rc;
+}
+
+/*
+** Open a read-transaction on the snapshot idendified by pSnapshot.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_snapshot_open(
+  sqlite3 *db, 
+  const char *zDb, 
+  sqlite3_snapshot *pSnapshot
+){
+  int rc = SQLITE_ERROR;
+#ifndef SQLITE_OMIT_WAL
+
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if( !sqlite3SafetyCheckOk(db) ){
+    return SQLITE_MISUSE_BKPT;
+  }
+#endif
+  sqlite3_mutex_enter(db->mutex);
+  if( db->autoCommit==0 ){
+    int iDb;
+    iDb = sqlite3FindDbName(db, zDb);
+    if( iDb==0 || iDb>1 ){
+      Btree *pBt = db->aDb[iDb].pBt;
+      if( 0==sqlite3BtreeIsInReadTrans(pBt) ){
+        rc = sqlite3PagerSnapshotOpen(sqlite3BtreePager(pBt), pSnapshot);
+        if( rc==SQLITE_OK ){
+          rc = sqlite3BtreeBeginTrans(pBt, 0);
+          sqlite3PagerSnapshotOpen(sqlite3BtreePager(pBt), 0);
+        }
+      }
+    }
+  }
+
+  sqlite3_mutex_leave(db->mutex);
+#endif   /* SQLITE_OMIT_WAL */
+  return rc;
+}
+
+/*
+** Free a snapshot handle obtained from sqlite3_snapshot_get().
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_snapshot_free(sqlite3_snapshot *pSnapshot){
+  sqlite3_free(pSnapshot);
+}
+#endif /* SQLITE_ENABLE_SNAPSHOT */
+
+/************** End of main.c ************************************************/
+/************** Begin file notify.c ******************************************/
+/*
+** 2009 March 3
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains the implementation of the sqlite3_unlock_notify()
+** API method and its associated functionality.
+*/
+/* #include "sqliteInt.h" */
+/* #include "btreeInt.h" */
+
+/* Omit this entire file if SQLITE_ENABLE_UNLOCK_NOTIFY is not defined. */
+#ifdef SQLITE_ENABLE_UNLOCK_NOTIFY
+
+/*
+** Public interfaces:
+**
+**   sqlite3ConnectionBlocked()
+**   sqlite3ConnectionUnlocked()
+**   sqlite3ConnectionClosed()
+**   sqlite3_unlock_notify()
+*/
+
+#define assertMutexHeld() \
+  assert( sqlite3_mutex_held(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER)) )
+
+/*
+** Head of a linked list of all sqlite3 objects created by this process
+** for which either sqlite3.pBlockingConnection or sqlite3.pUnlockConnection
+** is not NULL. This variable may only accessed while the STATIC_MASTER
+** mutex is held.
+*/
+static sqlite3 *SQLITE_WSD sqlite3BlockedList = 0;
+
+#ifndef NDEBUG
+/*
+** This function is a complex assert() that verifies the following 
+** properties of the blocked connections list:
+**
+**   1) Each entry in the list has a non-NULL value for either 
+**      pUnlockConnection or pBlockingConnection, or both.
+**
+**   2) All entries in the list that share a common value for 
+**      xUnlockNotify are grouped together.
+**
+**   3) If the argument db is not NULL, then none of the entries in the
+**      blocked connections list have pUnlockConnection or pBlockingConnection
+**      set to db. This is used when closing connection db.
+*/
+static void checkListProperties(sqlite3 *db){
+  sqlite3 *p;
+  for(p=sqlite3BlockedList; p; p=p->pNextBlocked){
+    int seen = 0;
+    sqlite3 *p2;
+
+    /* Verify property (1) */
+    assert( p->pUnlockConnection || p->pBlockingConnection );
+
+    /* Verify property (2) */
+    for(p2=sqlite3BlockedList; p2!=p; p2=p2->pNextBlocked){
+      if( p2->xUnlockNotify==p->xUnlockNotify ) seen = 1;
+      assert( p2->xUnlockNotify==p->xUnlockNotify || !seen );
+      assert( db==0 || p->pUnlockConnection!=db );
+      assert( db==0 || p->pBlockingConnection!=db );
+    }
+  }
+}
+#else
+# define checkListProperties(x)
+#endif
+
+/*
+** Remove connection db from the blocked connections list. If connection
+** db is not currently a part of the list, this function is a no-op.
+*/
+static void removeFromBlockedList(sqlite3 *db){
+  sqlite3 **pp;
+  assertMutexHeld();
+  for(pp=&sqlite3BlockedList; *pp; pp = &(*pp)->pNextBlocked){
+    if( *pp==db ){
+      *pp = (*pp)->pNextBlocked;
+      break;
+    }
+  }
+}
+
+/*
+** Add connection db to the blocked connections list. It is assumed
+** that it is not already a part of the list.
+*/
+static void addToBlockedList(sqlite3 *db){
+  sqlite3 **pp;
+  assertMutexHeld();
+  for(
+    pp=&sqlite3BlockedList; 
+    *pp && (*pp)->xUnlockNotify!=db->xUnlockNotify; 
+    pp=&(*pp)->pNextBlocked
+  );
+  db->pNextBlocked = *pp;
+  *pp = db;
+}
+
+/*
+** Obtain the STATIC_MASTER mutex.
+*/
+static void enterMutex(void){
+  sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
+  checkListProperties(0);
+}
+
+/*
+** Release the STATIC_MASTER mutex.
+*/
+static void leaveMutex(void){
+  assertMutexHeld();
+  checkListProperties(0);
+  sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
+}
+
+/*
+** Register an unlock-notify callback.
+**
+** This is called after connection "db" has attempted some operation
+** but has received an SQLITE_LOCKED error because another connection
+** (call it pOther) in the same process was busy using the same shared
+** cache.  pOther is found by looking at db->pBlockingConnection.
+**
+** If there is no blocking connection, the callback is invoked immediately,
+** before this routine returns.
+**
+** If pOther is already blocked on db, then report SQLITE_LOCKED, to indicate
+** a deadlock.
+**
+** Otherwise, make arrangements to invoke xNotify when pOther drops
+** its locks.
+**
+** Each call to this routine overrides any prior callbacks registered
+** on the same "db".  If xNotify==0 then any prior callbacks are immediately
+** cancelled.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_unlock_notify(
+  sqlite3 *db,
+  void (*xNotify)(void **, int),
+  void *pArg
+){
+  int rc = SQLITE_OK;
+
+  sqlite3_mutex_enter(db->mutex);
+  enterMutex();
+
+  if( xNotify==0 ){
+    removeFromBlockedList(db);
+    db->pBlockingConnection = 0;
+    db->pUnlockConnection = 0;
+    db->xUnlockNotify = 0;
+    db->pUnlockArg = 0;
+  }else if( 0==db->pBlockingConnection ){
+    /* The blocking transaction has been concluded. Or there never was a 
+    ** blocking transaction. In either case, invoke the notify callback
+    ** immediately. 
+    */
+    xNotify(&pArg, 1);
+  }else{
+    sqlite3 *p;
+
+    for(p=db->pBlockingConnection; p && p!=db; p=p->pUnlockConnection){}
+    if( p ){
+      rc = SQLITE_LOCKED;              /* Deadlock detected. */
+    }else{
+      db->pUnlockConnection = db->pBlockingConnection;
+      db->xUnlockNotify = xNotify;
+      db->pUnlockArg = pArg;
+      removeFromBlockedList(db);
+      addToBlockedList(db);
+    }
+  }
+
+  leaveMutex();
+  assert( !db->mallocFailed );
+  sqlite3ErrorWithMsg(db, rc, (rc?"database is deadlocked":0));
+  sqlite3_mutex_leave(db->mutex);
+  return rc;
+}
+
+/*
+** This function is called while stepping or preparing a statement 
+** associated with connection db. The operation will return SQLITE_LOCKED
+** to the user because it requires a lock that will not be available
+** until connection pBlocker concludes its current transaction.
+*/
+SQLITE_PRIVATE void sqlite3ConnectionBlocked(sqlite3 *db, sqlite3 *pBlocker){
+  enterMutex();
+  if( db->pBlockingConnection==0 && db->pUnlockConnection==0 ){
+    addToBlockedList(db);
+  }
+  db->pBlockingConnection = pBlocker;
+  leaveMutex();
+}
+
+/*
+** This function is called when
+** the transaction opened by database db has just finished. Locks held 
+** by database connection db have been released.
+**
+** This function loops through each entry in the blocked connections
+** list and does the following:
+**
+**   1) If the sqlite3.pBlockingConnection member of a list entry is
+**      set to db, then set pBlockingConnection=0.
+**
+**   2) If the sqlite3.pUnlockConnection member of a list entry is
+**      set to db, then invoke the configured unlock-notify callback and
+**      set pUnlockConnection=0.
+**
+**   3) If the two steps above mean that pBlockingConnection==0 and
+**      pUnlockConnection==0, remove the entry from the blocked connections
+**      list.
+*/
+SQLITE_PRIVATE void sqlite3ConnectionUnlocked(sqlite3 *db){
+  void (*xUnlockNotify)(void **, int) = 0; /* Unlock-notify cb to invoke */
+  int nArg = 0;                            /* Number of entries in aArg[] */
+  sqlite3 **pp;                            /* Iterator variable */
+  void **aArg;               /* Arguments to the unlock callback */
+  void **aDyn = 0;           /* Dynamically allocated space for aArg[] */
+  void *aStatic[16];         /* Starter space for aArg[].  No malloc required */
+
+  aArg = aStatic;
+  enterMutex();         /* Enter STATIC_MASTER mutex */
+
+  /* This loop runs once for each entry in the blocked-connections list. */
+  for(pp=&sqlite3BlockedList; *pp; /* no-op */ ){
+    sqlite3 *p = *pp;
+
+    /* Step 1. */
+    if( p->pBlockingConnection==db ){
+      p->pBlockingConnection = 0;
+    }
+
+    /* Step 2. */
+    if( p->pUnlockConnection==db ){
+      assert( p->xUnlockNotify );
+      if( p->xUnlockNotify!=xUnlockNotify && nArg!=0 ){
+        xUnlockNotify(aArg, nArg);
+        nArg = 0;
+      }
+
+      sqlite3BeginBenignMalloc();
+      assert( aArg==aDyn || (aDyn==0 && aArg==aStatic) );
+      assert( nArg<=(int)ArraySize(aStatic) || aArg==aDyn );
+      if( (!aDyn && nArg==(int)ArraySize(aStatic))
+       || (aDyn && nArg==(int)(sqlite3MallocSize(aDyn)/sizeof(void*)))
+      ){
+        /* The aArg[] array needs to grow. */
+        void **pNew = (void **)sqlite3Malloc(nArg*sizeof(void *)*2);
+        if( pNew ){
+          memcpy(pNew, aArg, nArg*sizeof(void *));
+          sqlite3_free(aDyn);
+          aDyn = aArg = pNew;
+        }else{
+          /* This occurs when the array of context pointers that need to
+          ** be passed to the unlock-notify callback is larger than the
+          ** aStatic[] array allocated on the stack and the attempt to 
+          ** allocate a larger array from the heap has failed.
+          **
+          ** This is a difficult situation to handle. Returning an error
+          ** code to the caller is insufficient, as even if an error code
+          ** is returned the transaction on connection db will still be
+          ** closed and the unlock-notify callbacks on blocked connections
+          ** will go unissued. This might cause the application to wait
+          ** indefinitely for an unlock-notify callback that will never 
+          ** arrive.
+          **
+          ** Instead, invoke the unlock-notify callback with the context
+          ** array already accumulated. We can then clear the array and
+          ** begin accumulating any further context pointers without 
+          ** requiring any dynamic allocation. This is sub-optimal because
+          ** it means that instead of one callback with a large array of
+          ** context pointers the application will receive two or more
+          ** callbacks with smaller arrays of context pointers, which will
+          ** reduce the applications ability to prioritize multiple 
+          ** connections. But it is the best that can be done under the
+          ** circumstances.
+          */
+          xUnlockNotify(aArg, nArg);
+          nArg = 0;
+        }
+      }
+      sqlite3EndBenignMalloc();
+
+      aArg[nArg++] = p->pUnlockArg;
+      xUnlockNotify = p->xUnlockNotify;
+      p->pUnlockConnection = 0;
+      p->xUnlockNotify = 0;
+      p->pUnlockArg = 0;
+    }
+
+    /* Step 3. */
+    if( p->pBlockingConnection==0 && p->pUnlockConnection==0 ){
+      /* Remove connection p from the blocked connections list. */
+      *pp = p->pNextBlocked;
+      p->pNextBlocked = 0;
+    }else{
+      pp = &p->pNextBlocked;
+    }
+  }
+
+  if( nArg!=0 ){
+    xUnlockNotify(aArg, nArg);
+  }
+  sqlite3_free(aDyn);
+  leaveMutex();         /* Leave STATIC_MASTER mutex */
+}
+
+/*
+** This is called when the database connection passed as an argument is 
+** being closed. The connection is removed from the blocked list.
+*/
+SQLITE_PRIVATE void sqlite3ConnectionClosed(sqlite3 *db){
+  sqlite3ConnectionUnlocked(db);
+  enterMutex();
+  removeFromBlockedList(db);
+  checkListProperties(db);
+  leaveMutex();
+}
+#endif
+
+/************** End of notify.c **********************************************/
+/************** Begin file fts3.c ********************************************/
+/*
+** 2006 Oct 10
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This is an SQLite module implementing full-text search.
+*/
+
+/*
+** The code in this file is only compiled if:
+**
+**     * The FTS3 module is being built as an extension
+**       (in which case SQLITE_CORE is not defined), or
+**
+**     * The FTS3 module is being built into the core of
+**       SQLite (in which case SQLITE_ENABLE_FTS3 is defined).
+*/
+
+/* The full-text index is stored in a series of b+tree (-like)
+** structures called segments which map terms to doclists.  The
+** structures are like b+trees in layout, but are constructed from the
+** bottom up in optimal fashion and are not updatable.  Since trees
+** are built from the bottom up, things will be described from the
+** bottom up.
+**
+**
+**** Varints ****
+** The basic unit of encoding is a variable-length integer called a
+** varint.  We encode variable-length integers in little-endian order
+** using seven bits * per byte as follows:
+**
+** KEY:
+**         A = 0xxxxxxx    7 bits of data and one flag bit
+**         B = 1xxxxxxx    7 bits of data and one flag bit
+**
+**  7 bits - A
+** 14 bits - BA
+** 21 bits - BBA
+** and so on.
+**
+** This is similar in concept to how sqlite encodes "varints" but
+** the encoding is not the same.  SQLite varints are big-endian
+** are are limited to 9 bytes in length whereas FTS3 varints are
+** little-endian and can be up to 10 bytes in length (in theory).
+**
+** Example encodings:
+**
+**     1:    0x01
+**   127:    0x7f
+**   128:    0x81 0x00
+**
+**
+**** Document lists ****
+** A doclist (document list) holds a docid-sorted list of hits for a
+** given term.  Doclists hold docids and associated token positions.
+** A docid is the unique integer identifier for a single document.
+** A position is the index of a word within the document.  The first 
+** word of the document has a position of 0.
+**
+** FTS3 used to optionally store character offsets using a compile-time
+** option.  But that functionality is no longer supported.
+**
+** A doclist is stored like this:
+**
+** array {
+**   varint docid;          (delta from previous doclist)
+**   array {                (position list for column 0)
+**     varint position;     (2 more than the delta from previous position)
+**   }
+**   array {
+**     varint POS_COLUMN;   (marks start of position list for new column)
+**     varint column;       (index of new column)
+**     array {
+**       varint position;   (2 more than the delta from previous position)
+**     }
+**   }
+**   varint POS_END;        (marks end of positions for this document.
+** }
+**
+** Here, array { X } means zero or more occurrences of X, adjacent in
+** memory.  A "position" is an index of a token in the token stream
+** generated by the tokenizer. Note that POS_END and POS_COLUMN occur 
+** in the same logical place as the position element, and act as sentinals
+** ending a position list array.  POS_END is 0.  POS_COLUMN is 1.
+** The positions numbers are not stored literally but rather as two more
+** than the difference from the prior position, or the just the position plus
+** 2 for the first position.  Example:
+**
+**   label:       A B C D E  F  G H   I  J K
+**   value:     123 5 9 1 1 14 35 0 234 72 0
+**
+** The 123 value is the first docid.  For column zero in this document
+** there are two matches at positions 3 and 10 (5-2 and 9-2+3).  The 1
+** at D signals the start of a new column; the 1 at E indicates that the
+** new column is column number 1.  There are two positions at 12 and 45
+** (14-2 and 35-2+12).  The 0 at H indicate the end-of-document.  The
+** 234 at I is the delta to next docid (357).  It has one position 70
+** (72-2) and then terminates with the 0 at K.
+**
+** A "position-list" is the list of positions for multiple columns for
+** a single docid.  A "column-list" is the set of positions for a single
+** column.  Hence, a position-list consists of one or more column-lists,
+** a document record consists of a docid followed by a position-list and
+** a doclist consists of one or more document records.
+**
+** A bare doclist omits the position information, becoming an 
+** array of varint-encoded docids.
+**
+**** Segment leaf nodes ****
+** Segment leaf nodes store terms and doclists, ordered by term.  Leaf
+** nodes are written using LeafWriter, and read using LeafReader (to
+** iterate through a single leaf node's data) and LeavesReader (to
+** iterate through a segment's entire leaf layer).  Leaf nodes have
+** the format:
+**
+** varint iHeight;             (height from leaf level, always 0)
+** varint nTerm;               (length of first term)
+** char pTerm[nTerm];          (content of first term)
+** varint nDoclist;            (length of term's associated doclist)
+** char pDoclist[nDoclist];    (content of doclist)
+** array {
+**                             (further terms are delta-encoded)
+**   varint nPrefix;           (length of prefix shared with previous term)
+**   varint nSuffix;           (length of unshared suffix)
+**   char pTermSuffix[nSuffix];(unshared suffix of next term)
+**   varint nDoclist;          (length of term's associated doclist)
+**   char pDoclist[nDoclist];  (content of doclist)
+** }
+**
+** Here, array { X } means zero or more occurrences of X, adjacent in
+** memory.
+**
+** Leaf nodes are broken into blocks which are stored contiguously in
+** the %_segments table in sorted order.  This means that when the end
+** of a node is reached, the next term is in the node with the next
+** greater node id.
+**
+** New data is spilled to a new leaf node when the current node
+** exceeds LEAF_MAX bytes (default 2048).  New data which itself is
+** larger than STANDALONE_MIN (default 1024) is placed in a standalone
+** node (a leaf node with a single term and doclist).  The goal of
+** these settings is to pack together groups of small doclists while
+** making it efficient to directly access large doclists.  The
+** assumption is that large doclists represent terms which are more
+** likely to be query targets.
+**
+** TODO(shess) It may be useful for blocking decisions to be more
+** dynamic.  For instance, it may make more sense to have a 2.5k leaf
+** node rather than splitting into 2k and .5k nodes.  My intuition is
+** that this might extend through 2x or 4x the pagesize.
+**
+**
+**** Segment interior nodes ****
+** Segment interior nodes store blockids for subtree nodes and terms
+** to describe what data is stored by the each subtree.  Interior
+** nodes are written using InteriorWriter, and read using
+** InteriorReader.  InteriorWriters are created as needed when
+** SegmentWriter creates new leaf nodes, or when an interior node
+** itself grows too big and must be split.  The format of interior
+** nodes:
+**
+** varint iHeight;           (height from leaf level, always >0)
+** varint iBlockid;          (block id of node's leftmost subtree)
+** optional {
+**   varint nTerm;           (length of first term)
+**   char pTerm[nTerm];      (content of first term)
+**   array {
+**                                (further terms are delta-encoded)
+**     varint nPrefix;            (length of shared prefix with previous term)
+**     varint nSuffix;            (length of unshared suffix)
+**     char pTermSuffix[nSuffix]; (unshared suffix of next term)
+**   }
+** }
+**
+** Here, optional { X } means an optional element, while array { X }
+** means zero or more occurrences of X, adjacent in memory.
+**
+** An interior node encodes n terms separating n+1 subtrees.  The
+** subtree blocks are contiguous, so only the first subtree's blockid
+** is encoded.  The subtree at iBlockid will contain all terms less
+** than the first term encoded (or all terms if no term is encoded).
+** Otherwise, for terms greater than or equal to pTerm[i] but less
+** than pTerm[i+1], the subtree for that term will be rooted at
+** iBlockid+i.  Interior nodes only store enough term data to
+** distinguish adjacent children (if the rightmost term of the left
+** child is "something", and the leftmost term of the right child is
+** "wicked", only "w" is stored).
+**
+** New data is spilled to a new interior node at the same height when
+** the current node exceeds INTERIOR_MAX bytes (default 2048).
+** INTERIOR_MIN_TERMS (default 7) keeps large terms from monopolizing
+** interior nodes and making the tree too skinny.  The interior nodes
+** at a given height are naturally tracked by interior nodes at
+** height+1, and so on.
+**
+**
+**** Segment directory ****
+** The segment directory in table %_segdir stores meta-information for
+** merging and deleting segments, and also the root node of the
+** segment's tree.
+**
+** The root node is the top node of the segment's tree after encoding
+** the entire segment, restricted to ROOT_MAX bytes (default 1024).
+** This could be either a leaf node or an interior node.  If the top
+** node requires more than ROOT_MAX bytes, it is flushed to %_segments
+** and a new root interior node is generated (which should always fit
+** within ROOT_MAX because it only needs space for 2 varints, the
+** height and the blockid of the previous root).
+**
+** The meta-information in the segment directory is:
+**   level               - segment level (see below)
+**   idx                 - index within level
+**                       - (level,idx uniquely identify a segment)
+**   start_block         - first leaf node
+**   leaves_end_block    - last leaf node
+**   end_block           - last block (including interior nodes)
+**   root                - contents of root node
+**
+** If the root node is a leaf node, then start_block,
+** leaves_end_block, and end_block are all 0.
+**
+**
+**** Segment merging ****
+** To amortize update costs, segments are grouped into levels and
+** merged in batches.  Each increase in level represents exponentially
+** more documents.
+**
+** New documents (actually, document updates) are tokenized and
+** written individually (using LeafWriter) to a level 0 segment, with
+** incrementing idx.  When idx reaches MERGE_COUNT (default 16), all
+** level 0 segments are merged into a single level 1 segment.  Level 1
+** is populated like level 0, and eventually MERGE_COUNT level 1
+** segments are merged to a single level 2 segment (representing
+** MERGE_COUNT^2 updates), and so on.
+**
+** A segment merge traverses all segments at a given level in
+** parallel, performing a straightforward sorted merge.  Since segment
+** leaf nodes are written in to the %_segments table in order, this
+** merge traverses the underlying sqlite disk structures efficiently.
+** After the merge, all segment blocks from the merged level are
+** deleted.
+**
+** MERGE_COUNT controls how often we merge segments.  16 seems to be
+** somewhat of a sweet spot for insertion performance.  32 and 64 show
+** very similar performance numbers to 16 on insertion, though they're
+** a tiny bit slower (perhaps due to more overhead in merge-time
+** sorting).  8 is about 20% slower than 16, 4 about 50% slower than
+** 16, 2 about 66% slower than 16.
+**
+** At query time, high MERGE_COUNT increases the number of segments
+** which need to be scanned and merged.  For instance, with 100k docs
+** inserted:
+**
+**    MERGE_COUNT   segments
+**       16           25
+**        8           12
+**        4           10
+**        2            6
+**
+** This appears to have only a moderate impact on queries for very
+** frequent terms (which are somewhat dominated by segment merge
+** costs), and infrequent and non-existent terms still seem to be fast
+** even with many segments.
+**
+** TODO(shess) That said, it would be nice to have a better query-side
+** argument for MERGE_COUNT of 16.  Also, it is possible/likely that
+** optimizations to things like doclist merging will swing the sweet
+** spot around.
+**
+**
+**
+**** Handling of deletions and updates ****
+** Since we're using a segmented structure, with no docid-oriented
+** index into the term index, we clearly cannot simply update the term
+** index when a document is deleted or updated.  For deletions, we
+** write an empty doclist (varint(docid) varint(POS_END)), for updates
+** we simply write the new doclist.  Segment merges overwrite older
+** data for a particular docid with newer data, so deletes or updates
+** will eventually overtake the earlier data and knock it out.  The
+** query logic likewise merges doclists so that newer data knocks out
+** older data.
+*/
+
+/************** Include fts3Int.h in the middle of fts3.c ********************/
+/************** Begin file fts3Int.h *****************************************/
+/*
+** 2009 Nov 12
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+*/
+#ifndef _FTSINT_H
+#define _FTSINT_H
+
+#if !defined(NDEBUG) && !defined(SQLITE_DEBUG) 
+# define NDEBUG 1
+#endif
+
+/*
+** FTS4 is really an extension for FTS3.  It is enabled using the
+** SQLITE_ENABLE_FTS3 macro.  But to avoid confusion we also all
+** the SQLITE_ENABLE_FTS4 macro to serve as an alisse for SQLITE_ENABLE_FTS3.
+*/
+#if defined(SQLITE_ENABLE_FTS4) && !defined(SQLITE_ENABLE_FTS3)
+# define SQLITE_ENABLE_FTS3
+#endif
+
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* If not building as part of the core, include sqlite3ext.h. */
+#ifndef SQLITE_CORE
+/* # include "sqlite3ext.h"  */
+SQLITE_EXTENSION_INIT3
+#endif
+
+/* #include "sqlite3.h" */
+/************** Include fts3_tokenizer.h in the middle of fts3Int.h **********/
+/************** Begin file fts3_tokenizer.h **********************************/
+/*
+** 2006 July 10
+**
+** The author disclaims copyright to this source code.
+**
+*************************************************************************
+** Defines the interface to tokenizers used by fulltext-search.  There
+** are three basic components:
+**
+** sqlite3_tokenizer_module is a singleton defining the tokenizer
+** interface functions.  This is essentially the class structure for
+** tokenizers.
+**
+** sqlite3_tokenizer is used to define a particular tokenizer, perhaps
+** including customization information defined at creation time.
+**
+** sqlite3_tokenizer_cursor is generated by a tokenizer to generate
+** tokens from a particular input.
+*/
+#ifndef _FTS3_TOKENIZER_H_
+#define _FTS3_TOKENIZER_H_
+
+/* TODO(shess) Only used for SQLITE_OK and SQLITE_DONE at this time.
+** If tokenizers are to be allowed to call sqlite3_*() functions, then
+** we will need a way to register the API consistently.
+*/
+/* #include "sqlite3.h" */
+
+/*
+** Structures used by the tokenizer interface. When a new tokenizer
+** implementation is registered, the caller provides a pointer to
+** an sqlite3_tokenizer_module containing pointers to the callback
+** functions that make up an implementation.
+**
+** When an fts3 table is created, it passes any arguments passed to
+** the tokenizer clause of the CREATE VIRTUAL TABLE statement to the
+** sqlite3_tokenizer_module.xCreate() function of the requested tokenizer
+** implementation. The xCreate() function in turn returns an 
+** sqlite3_tokenizer structure representing the specific tokenizer to
+** be used for the fts3 table (customized by the tokenizer clause arguments).
+**
+** To tokenize an input buffer, the sqlite3_tokenizer_module.xOpen()
+** method is called. It returns an sqlite3_tokenizer_cursor object
+** that may be used to tokenize a specific input buffer based on
+** the tokenization rules supplied by a specific sqlite3_tokenizer
+** object.
+*/
+typedef struct sqlite3_tokenizer_module sqlite3_tokenizer_module;
+typedef struct sqlite3_tokenizer sqlite3_tokenizer;
+typedef struct sqlite3_tokenizer_cursor sqlite3_tokenizer_cursor;
+
+struct sqlite3_tokenizer_module {
+
+  /*
+  ** Structure version. Should always be set to 0 or 1.
+  */
+  int iVersion;
+
+  /*
+  ** Create a new tokenizer. The values in the argv[] array are the
+  ** arguments passed to the "tokenizer" clause of the CREATE VIRTUAL
+  ** TABLE statement that created the fts3 table. For example, if
+  ** the following SQL is executed:
+  **
+  **   CREATE .. USING fts3( ... , tokenizer <tokenizer-name> arg1 arg2)
+  **
+  ** then argc is set to 2, and the argv[] array contains pointers
+  ** to the strings "arg1" and "arg2".
+  **
+  ** This method should return either SQLITE_OK (0), or an SQLite error 
+  ** code. If SQLITE_OK is returned, then *ppTokenizer should be set
+  ** to point at the newly created tokenizer structure. The generic
+  ** sqlite3_tokenizer.pModule variable should not be initialized by
+  ** this callback. The caller will do so.
+  */
+  int (*xCreate)(
+    int argc,                           /* Size of argv array */
+    const char *const*argv,             /* Tokenizer argument strings */
+    sqlite3_tokenizer **ppTokenizer     /* OUT: Created tokenizer */
+  );
+
+  /*
+  ** Destroy an existing tokenizer. The fts3 module calls this method
+  ** exactly once for each successful call to xCreate().
+  */
+  int (*xDestroy)(sqlite3_tokenizer *pTokenizer);
+
+  /*
+  ** Create a tokenizer cursor to tokenize an input buffer. The caller
+  ** is responsible for ensuring that the input buffer remains valid
+  ** until the cursor is closed (using the xClose() method). 
+  */
+  int (*xOpen)(
+    sqlite3_tokenizer *pTokenizer,       /* Tokenizer object */
+    const char *pInput, int nBytes,      /* Input buffer */
+    sqlite3_tokenizer_cursor **ppCursor  /* OUT: Created tokenizer cursor */
+  );
+
+  /*
+  ** Destroy an existing tokenizer cursor. The fts3 module calls this 
+  ** method exactly once for each successful call to xOpen().
+  */
+  int (*xClose)(sqlite3_tokenizer_cursor *pCursor);
+
+  /*
+  ** Retrieve the next token from the tokenizer cursor pCursor. This
+  ** method should either return SQLITE_OK and set the values of the
+  ** "OUT" variables identified below, or SQLITE_DONE to indicate that
+  ** the end of the buffer has been reached, or an SQLite error code.
+  **
+  ** *ppToken should be set to point at a buffer containing the 
+  ** normalized version of the token (i.e. after any case-folding and/or
+  ** stemming has been performed). *pnBytes should be set to the length
+  ** of this buffer in bytes. The input text that generated the token is
+  ** identified by the byte offsets returned in *piStartOffset and
+  ** *piEndOffset. *piStartOffset should be set to the index of the first
+  ** byte of the token in the input buffer. *piEndOffset should be set
+  ** to the index of the first byte just past the end of the token in
+  ** the input buffer.
+  **
+  ** The buffer *ppToken is set to point at is managed by the tokenizer
+  ** implementation. It is only required to be valid until the next call
+  ** to xNext() or xClose(). 
+  */
+  /* TODO(shess) current implementation requires pInput to be
+  ** nul-terminated.  This should either be fixed, or pInput/nBytes
+  ** should be converted to zInput.
+  */
+  int (*xNext)(
+    sqlite3_tokenizer_cursor *pCursor,   /* Tokenizer cursor */
+    const char **ppToken, int *pnBytes,  /* OUT: Normalized text for token */
+    int *piStartOffset,  /* OUT: Byte offset of token in input buffer */
+    int *piEndOffset,    /* OUT: Byte offset of end of token in input buffer */
+    int *piPosition      /* OUT: Number of tokens returned before this one */
+  );
+
+  /***********************************************************************
+  ** Methods below this point are only available if iVersion>=1.
+  */
+
+  /* 
+  ** Configure the language id of a tokenizer cursor.
+  */
+  int (*xLanguageid)(sqlite3_tokenizer_cursor *pCsr, int iLangid);
+};
+
+struct sqlite3_tokenizer {
+  const sqlite3_tokenizer_module *pModule;  /* The module for this tokenizer */
+  /* Tokenizer implementations will typically add additional fields */
+};
+
+struct sqlite3_tokenizer_cursor {
+  sqlite3_tokenizer *pTokenizer;       /* Tokenizer for this cursor. */
+  /* Tokenizer implementations will typically add additional fields */
+};
+
+int fts3_global_term_cnt(int iTerm, int iCol);
+int fts3_term_cnt(int iTerm, int iCol);
+
+
+#endif /* _FTS3_TOKENIZER_H_ */
+
+/************** End of fts3_tokenizer.h **************************************/
+/************** Continuing where we left off in fts3Int.h ********************/
+/************** Include fts3_hash.h in the middle of fts3Int.h ***************/
+/************** Begin file fts3_hash.h ***************************************/
+/*
+** 2001 September 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This is the header file for the generic hash-table implementation
+** used in SQLite.  We've modified it slightly to serve as a standalone
+** hash table implementation for the full-text indexing module.
+**
+*/
+#ifndef _FTS3_HASH_H_
+#define _FTS3_HASH_H_
+
+/* Forward declarations of structures. */
+typedef struct Fts3Hash Fts3Hash;
+typedef struct Fts3HashElem Fts3HashElem;
+
+/* A complete hash table is an instance of the following structure.
+** The internals of this structure are intended to be opaque -- client
+** code should not attempt to access or modify the fields of this structure
+** directly.  Change this structure only by using the routines below.
+** However, many of the "procedures" and "functions" for modifying and
+** accessing this structure are really macros, so we can't really make
+** this structure opaque.
+*/
+struct Fts3Hash {
+  char keyClass;          /* HASH_INT, _POINTER, _STRING, _BINARY */
+  char copyKey;           /* True if copy of key made on insert */
+  int count;              /* Number of entries in this table */
+  Fts3HashElem *first;    /* The first element of the array */
+  int htsize;             /* Number of buckets in the hash table */
+  struct _fts3ht {        /* the hash table */
+    int count;               /* Number of entries with this hash */
+    Fts3HashElem *chain;     /* Pointer to first entry with this hash */
+  } *ht;
+};
+
+/* Each element in the hash table is an instance of the following 
+** structure.  All elements are stored on a single doubly-linked list.
+**
+** Again, this structure is intended to be opaque, but it can't really
+** be opaque because it is used by macros.
+*/
+struct Fts3HashElem {
+  Fts3HashElem *next, *prev; /* Next and previous elements in the table */
+  void *data;                /* Data associated with this element */
+  void *pKey; int nKey;      /* Key associated with this element */
+};
+
+/*
+** There are 2 different modes of operation for a hash table:
+**
+**   FTS3_HASH_STRING        pKey points to a string that is nKey bytes long
+**                           (including the null-terminator, if any).  Case
+**                           is respected in comparisons.
+**
+**   FTS3_HASH_BINARY        pKey points to binary data nKey bytes long. 
+**                           memcmp() is used to compare keys.
+**
+** A copy of the key is made if the copyKey parameter to fts3HashInit is 1.  
+*/
+#define FTS3_HASH_STRING    1
+#define FTS3_HASH_BINARY    2
+
+/*
+** Access routines.  To delete, insert a NULL pointer.
+*/
+SQLITE_PRIVATE void sqlite3Fts3HashInit(Fts3Hash *pNew, char keyClass, char copyKey);
+SQLITE_PRIVATE void *sqlite3Fts3HashInsert(Fts3Hash*, const void *pKey, int nKey, void *pData);
+SQLITE_PRIVATE void *sqlite3Fts3HashFind(const Fts3Hash*, const void *pKey, int nKey);
+SQLITE_PRIVATE void sqlite3Fts3HashClear(Fts3Hash*);
+SQLITE_PRIVATE Fts3HashElem *sqlite3Fts3HashFindElem(const Fts3Hash *, const void *, int);
+
+/*
+** Shorthand for the functions above
+*/
+#define fts3HashInit     sqlite3Fts3HashInit
+#define fts3HashInsert   sqlite3Fts3HashInsert
+#define fts3HashFind     sqlite3Fts3HashFind
+#define fts3HashClear    sqlite3Fts3HashClear
+#define fts3HashFindElem sqlite3Fts3HashFindElem
+
+/*
+** Macros for looping over all elements of a hash table.  The idiom is
+** like this:
+**
+**   Fts3Hash h;
+**   Fts3HashElem *p;
+**   ...
+**   for(p=fts3HashFirst(&h); p; p=fts3HashNext(p)){
+**     SomeStructure *pData = fts3HashData(p);
+**     // do something with pData
+**   }
+*/
+#define fts3HashFirst(H)  ((H)->first)
+#define fts3HashNext(E)   ((E)->next)
+#define fts3HashData(E)   ((E)->data)
+#define fts3HashKey(E)    ((E)->pKey)
+#define fts3HashKeysize(E) ((E)->nKey)
+
+/*
+** Number of entries in a hash table
+*/
+#define fts3HashCount(H)  ((H)->count)
+
+#endif /* _FTS3_HASH_H_ */
+
+/************** End of fts3_hash.h *******************************************/
+/************** Continuing where we left off in fts3Int.h ********************/
+
+/*
+** This constant determines the maximum depth of an FTS expression tree
+** that the library will create and use. FTS uses recursion to perform 
+** various operations on the query tree, so the disadvantage of a large
+** limit is that it may allow very large queries to use large amounts
+** of stack space (perhaps causing a stack overflow).
+*/
+#ifndef SQLITE_FTS3_MAX_EXPR_DEPTH
+# define SQLITE_FTS3_MAX_EXPR_DEPTH 12
+#endif
+
+
+/*
+** This constant controls how often segments are merged. Once there are
+** FTS3_MERGE_COUNT segments of level N, they are merged into a single
+** segment of level N+1.
+*/
+#define FTS3_MERGE_COUNT 16
+
+/*
+** This is the maximum amount of data (in bytes) to store in the 
+** Fts3Table.pendingTerms hash table. Normally, the hash table is
+** populated as documents are inserted/updated/deleted in a transaction
+** and used to create a new segment when the transaction is committed.
+** However if this limit is reached midway through a transaction, a new 
+** segment is created and the hash table cleared immediately.
+*/
+#define FTS3_MAX_PENDING_DATA (1*1024*1024)
+
+/*
+** Macro to return the number of elements in an array. SQLite has a
+** similar macro called ArraySize(). Use a different name to avoid
+** a collision when building an amalgamation with built-in FTS3.
+*/
+#define SizeofArray(X) ((int)(sizeof(X)/sizeof(X[0])))
+
+
+#ifndef MIN
+# define MIN(x,y) ((x)<(y)?(x):(y))
+#endif
+#ifndef MAX
+# define MAX(x,y) ((x)>(y)?(x):(y))
+#endif
+
+/*
+** Maximum length of a varint encoded integer. The varint format is different
+** from that used by SQLite, so the maximum length is 10, not 9.
+*/
+#define FTS3_VARINT_MAX 10
+
+/*
+** FTS4 virtual tables may maintain multiple indexes - one index of all terms
+** in the document set and zero or more prefix indexes. All indexes are stored
+** as one or more b+-trees in the %_segments and %_segdir tables. 
+**
+** It is possible to determine which index a b+-tree belongs to based on the
+** value stored in the "%_segdir.level" column. Given this value L, the index
+** that the b+-tree belongs to is (L<<10). In other words, all b+-trees with
+** level values between 0 and 1023 (inclusive) belong to index 0, all levels
+** between 1024 and 2047 to index 1, and so on.
+**
+** It is considered impossible for an index to use more than 1024 levels. In 
+** theory though this may happen, but only after at least 
+** (FTS3_MERGE_COUNT^1024) separate flushes of the pending-terms tables.
+*/
+#define FTS3_SEGDIR_MAXLEVEL      1024
+#define FTS3_SEGDIR_MAXLEVEL_STR "1024"
+
+/*
+** The testcase() macro is only used by the amalgamation.  If undefined,
+** make it a no-op.
+*/
+#ifndef testcase
+# define testcase(X)
+#endif
+
+/*
+** Terminator values for position-lists and column-lists.
+*/
+#define POS_COLUMN  (1)     /* Column-list terminator */
+#define POS_END     (0)     /* Position-list terminator */ 
+
+/*
+** This section provides definitions to allow the
+** FTS3 extension to be compiled outside of the 
+** amalgamation.
+*/
+#ifndef SQLITE_AMALGAMATION
+/*
+** Macros indicating that conditional expressions are always true or
+** false.
+*/
+#ifdef SQLITE_COVERAGE_TEST
+# define ALWAYS(x) (1)
+# define NEVER(X)  (0)
+#elif defined(SQLITE_DEBUG)
+# define ALWAYS(x) sqlite3Fts3Always((x)!=0)
+# define NEVER(x) sqlite3Fts3Never((x)!=0)
+SQLITE_PRIVATE int sqlite3Fts3Always(int b);
+SQLITE_PRIVATE int sqlite3Fts3Never(int b);
+#else
+# define ALWAYS(x) (x)
+# define NEVER(x)  (x)
+#endif
+
+/*
+** Internal types used by SQLite.
+*/
+typedef unsigned char u8;         /* 1-byte (or larger) unsigned integer */
+typedef short int i16;            /* 2-byte (or larger) signed integer */
+typedef unsigned int u32;         /* 4-byte unsigned integer */
+typedef sqlite3_uint64 u64;       /* 8-byte unsigned integer */
+typedef sqlite3_int64 i64;        /* 8-byte signed integer */
+
+/*
+** Macro used to suppress compiler warnings for unused parameters.
+*/
+#define UNUSED_PARAMETER(x) (void)(x)
+
+/*
+** Activate assert() only if SQLITE_TEST is enabled.
+*/
+#if !defined(NDEBUG) && !defined(SQLITE_DEBUG) 
+# define NDEBUG 1
+#endif
+
+/*
+** The TESTONLY macro is used to enclose variable declarations or
+** other bits of code that are needed to support the arguments
+** within testcase() and assert() macros.
+*/
+#if defined(SQLITE_DEBUG) || defined(SQLITE_COVERAGE_TEST)
+# define TESTONLY(X)  X
+#else
+# define TESTONLY(X)
+#endif
+
+#endif /* SQLITE_AMALGAMATION */
+
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE int sqlite3Fts3Corrupt(void);
+# define FTS_CORRUPT_VTAB sqlite3Fts3Corrupt()
+#else
+# define FTS_CORRUPT_VTAB SQLITE_CORRUPT_VTAB
+#endif
+
+typedef struct Fts3Table Fts3Table;
+typedef struct Fts3Cursor Fts3Cursor;
+typedef struct Fts3Expr Fts3Expr;
+typedef struct Fts3Phrase Fts3Phrase;
+typedef struct Fts3PhraseToken Fts3PhraseToken;
+
+typedef struct Fts3Doclist Fts3Doclist;
+typedef struct Fts3SegFilter Fts3SegFilter;
+typedef struct Fts3DeferredToken Fts3DeferredToken;
+typedef struct Fts3SegReader Fts3SegReader;
+typedef struct Fts3MultiSegReader Fts3MultiSegReader;
+
+typedef struct MatchinfoBuffer MatchinfoBuffer;
+
+/*
+** A connection to a fulltext index is an instance of the following
+** structure. The xCreate and xConnect methods create an instance
+** of this structure and xDestroy and xDisconnect free that instance.
+** All other methods receive a pointer to the structure as one of their
+** arguments.
+*/
+struct Fts3Table {
+  sqlite3_vtab base;              /* Base class used by SQLite core */
+  sqlite3 *db;                    /* The database connection */
+  const char *zDb;                /* logical database name */
+  const char *zName;              /* virtual table name */
+  int nColumn;                    /* number of named columns in virtual table */
+  char **azColumn;                /* column names.  malloced */
+  u8 *abNotindexed;               /* True for 'notindexed' columns */
+  sqlite3_tokenizer *pTokenizer;  /* tokenizer for inserts and queries */
+  char *zContentTbl;              /* content=xxx option, or NULL */
+  char *zLanguageid;              /* languageid=xxx option, or NULL */
+  int nAutoincrmerge;             /* Value configured by 'automerge' */
+  u32 nLeafAdd;                   /* Number of leaf blocks added this trans */
+
+  /* Precompiled statements used by the implementation. Each of these 
+  ** statements is run and reset within a single virtual table API call. 
+  */
+  sqlite3_stmt *aStmt[40];
+
+  char *zReadExprlist;
+  char *zWriteExprlist;
+
+  int nNodeSize;                  /* Soft limit for node size */
+  u8 bFts4;                       /* True for FTS4, false for FTS3 */
+  u8 bHasStat;                    /* True if %_stat table exists (2==unknown) */
+  u8 bHasDocsize;                 /* True if %_docsize table exists */
+  u8 bDescIdx;                    /* True if doclists are in reverse order */
+  u8 bIgnoreSavepoint;            /* True to ignore xSavepoint invocations */
+  int nPgsz;                      /* Page size for host database */
+  char *zSegmentsTbl;             /* Name of %_segments table */
+  sqlite3_blob *pSegments;        /* Blob handle open on %_segments table */
+
+  /* 
+  ** The following array of hash tables is used to buffer pending index 
+  ** updates during transactions. All pending updates buffered at any one
+  ** time must share a common language-id (see the FTS4 langid= feature).
+  ** The current language id is stored in variable iPrevLangid.
+  **
+  ** A single FTS4 table may have multiple full-text indexes. For each index
+  ** there is an entry in the aIndex[] array. Index 0 is an index of all the
+  ** terms that appear in the document set. Each subsequent index in aIndex[]
+  ** is an index of prefixes of a specific length.
+  **
+  ** Variable nPendingData contains an estimate the memory consumed by the 
+  ** pending data structures, including hash table overhead, but not including
+  ** malloc overhead.  When nPendingData exceeds nMaxPendingData, all hash
+  ** tables are flushed to disk. Variable iPrevDocid is the docid of the most 
+  ** recently inserted record.
+  */
+  int nIndex;                     /* Size of aIndex[] */
+  struct Fts3Index {
+    int nPrefix;                  /* Prefix length (0 for main terms index) */
+    Fts3Hash hPending;            /* Pending terms table for this index */
+  } *aIndex;
+  int nMaxPendingData;            /* Max pending data before flush to disk */
+  int nPendingData;               /* Current bytes of pending data */
+  sqlite_int64 iPrevDocid;        /* Docid of most recently inserted document */
+  int iPrevLangid;                /* Langid of recently inserted document */
+  int bPrevDelete;                /* True if last operation was a delete */
+
+#if defined(SQLITE_DEBUG) || defined(SQLITE_COVERAGE_TEST)
+  /* State variables used for validating that the transaction control
+  ** methods of the virtual table are called at appropriate times.  These
+  ** values do not contribute to FTS functionality; they are used for
+  ** verifying the operation of the SQLite core.
+  */
+  int inTransaction;     /* True after xBegin but before xCommit/xRollback */
+  int mxSavepoint;       /* Largest valid xSavepoint integer */
+#endif
+
+#ifdef SQLITE_TEST
+  /* True to disable the incremental doclist optimization. This is controled
+  ** by special insert command 'test-no-incr-doclist'.  */
+  int bNoIncrDoclist;
+#endif
+};
+
+/*
+** When the core wants to read from the virtual table, it creates a
+** virtual table cursor (an instance of the following structure) using
+** the xOpen method. Cursors are destroyed using the xClose method.
+*/
+struct Fts3Cursor {
+  sqlite3_vtab_cursor base;       /* Base class used by SQLite core */
+  i16 eSearch;                    /* Search strategy (see below) */
+  u8 isEof;                       /* True if at End Of Results */
+  u8 isRequireSeek;               /* True if must seek pStmt to %_content row */
+  sqlite3_stmt *pStmt;            /* Prepared statement in use by the cursor */
+  Fts3Expr *pExpr;                /* Parsed MATCH query string */
+  int iLangid;                    /* Language being queried for */
+  int nPhrase;                    /* Number of matchable phrases in query */
+  Fts3DeferredToken *pDeferred;   /* Deferred search tokens, if any */
+  sqlite3_int64 iPrevId;          /* Previous id read from aDoclist */
+  char *pNextId;                  /* Pointer into the body of aDoclist */
+  char *aDoclist;                 /* List of docids for full-text queries */
+  int nDoclist;                   /* Size of buffer at aDoclist */
+  u8 bDesc;                       /* True to sort in descending order */
+  int eEvalmode;                  /* An FTS3_EVAL_XX constant */
+  int nRowAvg;                    /* Average size of database rows, in pages */
+  sqlite3_int64 nDoc;             /* Documents in table */
+  i64 iMinDocid;                  /* Minimum docid to return */
+  i64 iMaxDocid;                  /* Maximum docid to return */
+  int isMatchinfoNeeded;          /* True when aMatchinfo[] needs filling in */
+  MatchinfoBuffer *pMIBuffer;     /* Buffer for matchinfo data */
+};
+
+#define FTS3_EVAL_FILTER    0
+#define FTS3_EVAL_NEXT      1
+#define FTS3_EVAL_MATCHINFO 2
+
+/*
+** The Fts3Cursor.eSearch member is always set to one of the following.
+** Actualy, Fts3Cursor.eSearch can be greater than or equal to
+** FTS3_FULLTEXT_SEARCH.  If so, then Fts3Cursor.eSearch - 2 is the index
+** of the column to be searched.  For example, in
+**
+**     CREATE VIRTUAL TABLE ex1 USING fts3(a,b,c,d);
+**     SELECT docid FROM ex1 WHERE b MATCH 'one two three';
+** 
+** Because the LHS of the MATCH operator is 2nd column "b",
+** Fts3Cursor.eSearch will be set to FTS3_FULLTEXT_SEARCH+1.  (+0 for a,
+** +1 for b, +2 for c, +3 for d.)  If the LHS of MATCH were "ex1" 
+** indicating that all columns should be searched,
+** then eSearch would be set to FTS3_FULLTEXT_SEARCH+4.
+*/
+#define FTS3_FULLSCAN_SEARCH 0    /* Linear scan of %_content table */
+#define FTS3_DOCID_SEARCH    1    /* Lookup by rowid on %_content table */
+#define FTS3_FULLTEXT_SEARCH 2    /* Full-text index search */
+
+/*
+** The lower 16-bits of the sqlite3_index_info.idxNum value set by
+** the xBestIndex() method contains the Fts3Cursor.eSearch value described
+** above. The upper 16-bits contain a combination of the following
+** bits, used to describe extra constraints on full-text searches.
+*/
+#define FTS3_HAVE_LANGID    0x00010000      /* languageid=? */
+#define FTS3_HAVE_DOCID_GE  0x00020000      /* docid>=? */
+#define FTS3_HAVE_DOCID_LE  0x00040000      /* docid<=? */
+
+struct Fts3Doclist {
+  char *aAll;                    /* Array containing doclist (or NULL) */
+  int nAll;                      /* Size of a[] in bytes */
+  char *pNextDocid;              /* Pointer to next docid */
+
+  sqlite3_int64 iDocid;          /* Current docid (if pList!=0) */
+  int bFreeList;                 /* True if pList should be sqlite3_free()d */
+  char *pList;                   /* Pointer to position list following iDocid */
+  int nList;                     /* Length of position list */
+};
+
+/*
+** A "phrase" is a sequence of one or more tokens that must match in
+** sequence.  A single token is the base case and the most common case.
+** For a sequence of tokens contained in double-quotes (i.e. "one two three")
+** nToken will be the number of tokens in the string.
+*/
+struct Fts3PhraseToken {
+  char *z;                        /* Text of the token */
+  int n;                          /* Number of bytes in buffer z */
+  int isPrefix;                   /* True if token ends with a "*" character */
+  int bFirst;                     /* True if token must appear at position 0 */
+
+  /* Variables above this point are populated when the expression is
+  ** parsed (by code in fts3_expr.c). Below this point the variables are
+  ** used when evaluating the expression. */
+  Fts3DeferredToken *pDeferred;   /* Deferred token object for this token */
+  Fts3MultiSegReader *pSegcsr;    /* Segment-reader for this token */
+};
+
+struct Fts3Phrase {
+  /* Cache of doclist for this phrase. */
+  Fts3Doclist doclist;
+  int bIncr;                 /* True if doclist is loaded incrementally */
+  int iDoclistToken;
+
+  /* Used by sqlite3Fts3EvalPhrasePoslist() if this is a descendent of an
+  ** OR condition.  */
+  char *pOrPoslist;
+  i64 iOrDocid;
+
+  /* Variables below this point are populated by fts3_expr.c when parsing 
+  ** a MATCH expression. Everything above is part of the evaluation phase. 
+  */
+  int nToken;                /* Number of tokens in the phrase */
+  int iColumn;               /* Index of column this phrase must match */
+  Fts3PhraseToken aToken[1]; /* One entry for each token in the phrase */
+};
+
+/*
+** A tree of these objects forms the RHS of a MATCH operator.
+**
+** If Fts3Expr.eType is FTSQUERY_PHRASE and isLoaded is true, then aDoclist 
+** points to a malloced buffer, size nDoclist bytes, containing the results 
+** of this phrase query in FTS3 doclist format. As usual, the initial 
+** "Length" field found in doclists stored on disk is omitted from this 
+** buffer.
+**
+** Variable aMI is used only for FTSQUERY_NEAR nodes to store the global
+** matchinfo data. If it is not NULL, it points to an array of size nCol*3,
+** where nCol is the number of columns in the queried FTS table. The array
+** is populated as follows:
+**
+**   aMI[iCol*3 + 0] = Undefined
+**   aMI[iCol*3 + 1] = Number of occurrences
+**   aMI[iCol*3 + 2] = Number of rows containing at least one instance
+**
+** The aMI array is allocated using sqlite3_malloc(). It should be freed 
+** when the expression node is.
+*/
+struct Fts3Expr {
+  int eType;                 /* One of the FTSQUERY_XXX values defined below */
+  int nNear;                 /* Valid if eType==FTSQUERY_NEAR */
+  Fts3Expr *pParent;         /* pParent->pLeft==this or pParent->pRight==this */
+  Fts3Expr *pLeft;           /* Left operand */
+  Fts3Expr *pRight;          /* Right operand */
+  Fts3Phrase *pPhrase;       /* Valid if eType==FTSQUERY_PHRASE */
+
+  /* The following are used by the fts3_eval.c module. */
+  sqlite3_int64 iDocid;      /* Current docid */
+  u8 bEof;                   /* True this expression is at EOF already */
+  u8 bStart;                 /* True if iDocid is valid */
+  u8 bDeferred;              /* True if this expression is entirely deferred */
+
+  /* The following are used by the fts3_snippet.c module. */
+  int iPhrase;               /* Index of this phrase in matchinfo() results */
+  u32 *aMI;                  /* See above */
+};
+
+/*
+** Candidate values for Fts3Query.eType. Note that the order of the first
+** four values is in order of precedence when parsing expressions. For 
+** example, the following:
+**
+**   "a OR b AND c NOT d NEAR e"
+**
+** is equivalent to:
+**
+**   "a OR (b AND (c NOT (d NEAR e)))"
+*/
+#define FTSQUERY_NEAR   1
+#define FTSQUERY_NOT    2
+#define FTSQUERY_AND    3
+#define FTSQUERY_OR     4
+#define FTSQUERY_PHRASE 5
+
+
+/* fts3_write.c */
+SQLITE_PRIVATE int sqlite3Fts3UpdateMethod(sqlite3_vtab*,int,sqlite3_value**,sqlite3_int64*);
+SQLITE_PRIVATE int sqlite3Fts3PendingTermsFlush(Fts3Table *);
+SQLITE_PRIVATE void sqlite3Fts3PendingTermsClear(Fts3Table *);
+SQLITE_PRIVATE int sqlite3Fts3Optimize(Fts3Table *);
+SQLITE_PRIVATE int sqlite3Fts3SegReaderNew(int, int, sqlite3_int64,
+  sqlite3_int64, sqlite3_int64, const char *, int, Fts3SegReader**);
+SQLITE_PRIVATE int sqlite3Fts3SegReaderPending(
+  Fts3Table*,int,const char*,int,int,Fts3SegReader**);
+SQLITE_PRIVATE void sqlite3Fts3SegReaderFree(Fts3SegReader *);
+SQLITE_PRIVATE int sqlite3Fts3AllSegdirs(Fts3Table*, int, int, int, sqlite3_stmt **);
+SQLITE_PRIVATE int sqlite3Fts3ReadBlock(Fts3Table*, sqlite3_int64, char **, int*, int*);
+
+SQLITE_PRIVATE int sqlite3Fts3SelectDoctotal(Fts3Table *, sqlite3_stmt **);
+SQLITE_PRIVATE int sqlite3Fts3SelectDocsize(Fts3Table *, sqlite3_int64, sqlite3_stmt **);
+
+#ifndef SQLITE_DISABLE_FTS4_DEFERRED
+SQLITE_PRIVATE void sqlite3Fts3FreeDeferredTokens(Fts3Cursor *);
+SQLITE_PRIVATE int sqlite3Fts3DeferToken(Fts3Cursor *, Fts3PhraseToken *, int);
+SQLITE_PRIVATE int sqlite3Fts3CacheDeferredDoclists(Fts3Cursor *);
+SQLITE_PRIVATE void sqlite3Fts3FreeDeferredDoclists(Fts3Cursor *);
+SQLITE_PRIVATE int sqlite3Fts3DeferredTokenList(Fts3DeferredToken *, char **, int *);
+#else
+# define sqlite3Fts3FreeDeferredTokens(x)
+# define sqlite3Fts3DeferToken(x,y,z) SQLITE_OK
+# define sqlite3Fts3CacheDeferredDoclists(x) SQLITE_OK
+# define sqlite3Fts3FreeDeferredDoclists(x)
+# define sqlite3Fts3DeferredTokenList(x,y,z) SQLITE_OK
+#endif
+
+SQLITE_PRIVATE void sqlite3Fts3SegmentsClose(Fts3Table *);
+SQLITE_PRIVATE int sqlite3Fts3MaxLevel(Fts3Table *, int *);
+
+/* Special values interpreted by sqlite3SegReaderCursor() */
+#define FTS3_SEGCURSOR_PENDING        -1
+#define FTS3_SEGCURSOR_ALL            -2
+
+SQLITE_PRIVATE int sqlite3Fts3SegReaderStart(Fts3Table*, Fts3MultiSegReader*, Fts3SegFilter*);
+SQLITE_PRIVATE int sqlite3Fts3SegReaderStep(Fts3Table *, Fts3MultiSegReader *);
+SQLITE_PRIVATE void sqlite3Fts3SegReaderFinish(Fts3MultiSegReader *);
+
+SQLITE_PRIVATE int sqlite3Fts3SegReaderCursor(Fts3Table *, 
+    int, int, int, const char *, int, int, int, Fts3MultiSegReader *);
+
+/* Flags allowed as part of the 4th argument to SegmentReaderIterate() */
+#define FTS3_SEGMENT_REQUIRE_POS   0x00000001
+#define FTS3_SEGMENT_IGNORE_EMPTY  0x00000002
+#define FTS3_SEGMENT_COLUMN_FILTER 0x00000004
+#define FTS3_SEGMENT_PREFIX        0x00000008
+#define FTS3_SEGMENT_SCAN          0x00000010
+#define FTS3_SEGMENT_FIRST         0x00000020
+
+/* Type passed as 4th argument to SegmentReaderIterate() */
+struct Fts3SegFilter {
+  const char *zTerm;
+  int nTerm;
+  int iCol;
+  int flags;
+};
+
+struct Fts3MultiSegReader {
+  /* Used internally by sqlite3Fts3SegReaderXXX() calls */
+  Fts3SegReader **apSegment;      /* Array of Fts3SegReader objects */
+  int nSegment;                   /* Size of apSegment array */
+  int nAdvance;                   /* How many seg-readers to advance */
+  Fts3SegFilter *pFilter;         /* Pointer to filter object */
+  char *aBuffer;                  /* Buffer to merge doclists in */
+  int nBuffer;                    /* Allocated size of aBuffer[] in bytes */
+
+  int iColFilter;                 /* If >=0, filter for this column */
+  int bRestart;
+
+  /* Used by fts3.c only. */
+  int nCost;                      /* Cost of running iterator */
+  int bLookup;                    /* True if a lookup of a single entry. */
+
+  /* Output values. Valid only after Fts3SegReaderStep() returns SQLITE_ROW. */
+  char *zTerm;                    /* Pointer to term buffer */
+  int nTerm;                      /* Size of zTerm in bytes */
+  char *aDoclist;                 /* Pointer to doclist buffer */
+  int nDoclist;                   /* Size of aDoclist[] in bytes */
+};
+
+SQLITE_PRIVATE int sqlite3Fts3Incrmerge(Fts3Table*,int,int);
+
+#define fts3GetVarint32(p, piVal) (                                           \
+  (*(u8*)(p)&0x80) ? sqlite3Fts3GetVarint32(p, piVal) : (*piVal=*(u8*)(p), 1) \
+)
+
+/* fts3.c */
+SQLITE_PRIVATE void sqlite3Fts3ErrMsg(char**,const char*,...);
+SQLITE_PRIVATE int sqlite3Fts3PutVarint(char *, sqlite3_int64);
+SQLITE_PRIVATE int sqlite3Fts3GetVarint(const char *, sqlite_int64 *);
+SQLITE_PRIVATE int sqlite3Fts3GetVarint32(const char *, int *);
+SQLITE_PRIVATE int sqlite3Fts3VarintLen(sqlite3_uint64);
+SQLITE_PRIVATE void sqlite3Fts3Dequote(char *);
+SQLITE_PRIVATE void sqlite3Fts3DoclistPrev(int,char*,int,char**,sqlite3_int64*,int*,u8*);
+SQLITE_PRIVATE int sqlite3Fts3EvalPhraseStats(Fts3Cursor *, Fts3Expr *, u32 *);
+SQLITE_PRIVATE int sqlite3Fts3FirstFilter(sqlite3_int64, char *, int, char *);
+SQLITE_PRIVATE void sqlite3Fts3CreateStatTable(int*, Fts3Table*);
+SQLITE_PRIVATE int sqlite3Fts3EvalTestDeferred(Fts3Cursor *pCsr, int *pRc);
+
+/* fts3_tokenizer.c */
+SQLITE_PRIVATE const char *sqlite3Fts3NextToken(const char *, int *);
+SQLITE_PRIVATE int sqlite3Fts3InitHashTable(sqlite3 *, Fts3Hash *, const char *);
+SQLITE_PRIVATE int sqlite3Fts3InitTokenizer(Fts3Hash *pHash, const char *, 
+    sqlite3_tokenizer **, char **
+);
+SQLITE_PRIVATE int sqlite3Fts3IsIdChar(char);
+
+/* fts3_snippet.c */
+SQLITE_PRIVATE void sqlite3Fts3Offsets(sqlite3_context*, Fts3Cursor*);
+SQLITE_PRIVATE void sqlite3Fts3Snippet(sqlite3_context *, Fts3Cursor *, const char *,
+  const char *, const char *, int, int
+);
+SQLITE_PRIVATE void sqlite3Fts3Matchinfo(sqlite3_context *, Fts3Cursor *, const char *);
+SQLITE_PRIVATE void sqlite3Fts3MIBufferFree(MatchinfoBuffer *p);
+
+/* fts3_expr.c */
+SQLITE_PRIVATE int sqlite3Fts3ExprParse(sqlite3_tokenizer *, int,
+  char **, int, int, int, const char *, int, Fts3Expr **, char **
+);
+SQLITE_PRIVATE void sqlite3Fts3ExprFree(Fts3Expr *);
+#ifdef SQLITE_TEST
+SQLITE_PRIVATE int sqlite3Fts3ExprInitTestInterface(sqlite3 *db);
+SQLITE_PRIVATE int sqlite3Fts3InitTerm(sqlite3 *db);
+#endif
+
+SQLITE_PRIVATE int sqlite3Fts3OpenTokenizer(sqlite3_tokenizer *, int, const char *, int,
+  sqlite3_tokenizer_cursor **
+);
+
+/* fts3_aux.c */
+SQLITE_PRIVATE int sqlite3Fts3InitAux(sqlite3 *db);
+
+SQLITE_PRIVATE void sqlite3Fts3EvalPhraseCleanup(Fts3Phrase *);
+
+SQLITE_PRIVATE int sqlite3Fts3MsrIncrStart(
+    Fts3Table*, Fts3MultiSegReader*, int, const char*, int);
+SQLITE_PRIVATE int sqlite3Fts3MsrIncrNext(
+    Fts3Table *, Fts3MultiSegReader *, sqlite3_int64 *, char **, int *);
+SQLITE_PRIVATE int sqlite3Fts3EvalPhrasePoslist(Fts3Cursor *, Fts3Expr *, int iCol, char **); 
+SQLITE_PRIVATE int sqlite3Fts3MsrOvfl(Fts3Cursor *, Fts3MultiSegReader *, int *);
+SQLITE_PRIVATE int sqlite3Fts3MsrIncrRestart(Fts3MultiSegReader *pCsr);
+
+/* fts3_tokenize_vtab.c */
+SQLITE_PRIVATE int sqlite3Fts3InitTok(sqlite3*, Fts3Hash *);
+
+/* fts3_unicode2.c (functions generated by parsing unicode text files) */
+#ifndef SQLITE_DISABLE_FTS3_UNICODE
+SQLITE_PRIVATE int sqlite3FtsUnicodeFold(int, int);
+SQLITE_PRIVATE int sqlite3FtsUnicodeIsalnum(int);
+SQLITE_PRIVATE int sqlite3FtsUnicodeIsdiacritic(int);
+#endif
+
+#endif /* !SQLITE_CORE || SQLITE_ENABLE_FTS3 */
+#endif /* _FTSINT_H */
+
+/************** End of fts3Int.h *********************************************/
+/************** Continuing where we left off in fts3.c ***********************/
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+#if defined(SQLITE_ENABLE_FTS3) && !defined(SQLITE_CORE)
+# define SQLITE_CORE 1
+#endif
+
+/* #include <assert.h> */
+/* #include <stdlib.h> */
+/* #include <stddef.h> */
+/* #include <stdio.h> */
+/* #include <string.h> */
+/* #include <stdarg.h> */
+
+/* #include "fts3.h" */
+#ifndef SQLITE_CORE 
+/* # include "sqlite3ext.h" */
+  SQLITE_EXTENSION_INIT1
+#endif
+
+static int fts3EvalNext(Fts3Cursor *pCsr);
+static int fts3EvalStart(Fts3Cursor *pCsr);
+static int fts3TermSegReaderCursor(
+    Fts3Cursor *, const char *, int, int, Fts3MultiSegReader **);
+
+#ifndef SQLITE_AMALGAMATION
+# if defined(SQLITE_DEBUG)
+SQLITE_PRIVATE int sqlite3Fts3Always(int b) { assert( b ); return b; }
+SQLITE_PRIVATE int sqlite3Fts3Never(int b)  { assert( !b ); return b; }
+# endif
+#endif
+
+/* 
+** Write a 64-bit variable-length integer to memory starting at p[0].
+** The length of data written will be between 1 and FTS3_VARINT_MAX bytes.
+** The number of bytes written is returned.
+*/
+SQLITE_PRIVATE int sqlite3Fts3PutVarint(char *p, sqlite_int64 v){
+  unsigned char *q = (unsigned char *) p;
+  sqlite_uint64 vu = v;
+  do{
+    *q++ = (unsigned char) ((vu & 0x7f) | 0x80);
+    vu >>= 7;
+  }while( vu!=0 );
+  q[-1] &= 0x7f;  /* turn off high bit in final byte */
+  assert( q - (unsigned char *)p <= FTS3_VARINT_MAX );
+  return (int) (q - (unsigned char *)p);
+}
+
+#define GETVARINT_STEP(v, ptr, shift, mask1, mask2, var, ret) \
+  v = (v & mask1) | ( (*ptr++) << shift );                    \
+  if( (v & mask2)==0 ){ var = v; return ret; }
+#define GETVARINT_INIT(v, ptr, shift, mask1, mask2, var, ret) \
+  v = (*ptr++);                                               \
+  if( (v & mask2)==0 ){ var = v; return ret; }
+
+/* 
+** Read a 64-bit variable-length integer from memory starting at p[0].
+** Return the number of bytes read, or 0 on error.
+** The value is stored in *v.
+*/
+SQLITE_PRIVATE int sqlite3Fts3GetVarint(const char *p, sqlite_int64 *v){
+  const char *pStart = p;
+  u32 a;
+  u64 b;
+  int shift;
+
+  GETVARINT_INIT(a, p, 0,  0x00,     0x80, *v, 1);
+  GETVARINT_STEP(a, p, 7,  0x7F,     0x4000, *v, 2);
+  GETVARINT_STEP(a, p, 14, 0x3FFF,   0x200000, *v, 3);
+  GETVARINT_STEP(a, p, 21, 0x1FFFFF, 0x10000000, *v, 4);
+  b = (a & 0x0FFFFFFF );
+
+  for(shift=28; shift<=63; shift+=7){
+    u64 c = *p++;
+    b += (c&0x7F) << shift;
+    if( (c & 0x80)==0 ) break;
+  }
+  *v = b;
+  return (int)(p - pStart);
+}
+
+/*
+** Similar to sqlite3Fts3GetVarint(), except that the output is truncated to a
+** 32-bit integer before it is returned.
+*/
+SQLITE_PRIVATE int sqlite3Fts3GetVarint32(const char *p, int *pi){
+  u32 a;
+
+#ifndef fts3GetVarint32
+  GETVARINT_INIT(a, p, 0,  0x00,     0x80, *pi, 1);
+#else
+  a = (*p++);
+  assert( a & 0x80 );
+#endif
+
+  GETVARINT_STEP(a, p, 7,  0x7F,     0x4000, *pi, 2);
+  GETVARINT_STEP(a, p, 14, 0x3FFF,   0x200000, *pi, 3);
+  GETVARINT_STEP(a, p, 21, 0x1FFFFF, 0x10000000, *pi, 4);
+  a = (a & 0x0FFFFFFF );
+  *pi = (int)(a | ((u32)(*p & 0x0F) << 28));
+  return 5;
+}
+
+/*
+** Return the number of bytes required to encode v as a varint
+*/
+SQLITE_PRIVATE int sqlite3Fts3VarintLen(sqlite3_uint64 v){
+  int i = 0;
+  do{
+    i++;
+    v >>= 7;
+  }while( v!=0 );
+  return i;
+}
+
+/*
+** Convert an SQL-style quoted string into a normal string by removing
+** the quote characters.  The conversion is done in-place.  If the
+** input does not begin with a quote character, then this routine
+** is a no-op.
+**
+** Examples:
+**
+**     "abc"   becomes   abc
+**     'xyz'   becomes   xyz
+**     [pqr]   becomes   pqr
+**     `mno`   becomes   mno
+**
+*/
+SQLITE_PRIVATE void sqlite3Fts3Dequote(char *z){
+  char quote;                     /* Quote character (if any ) */
+
+  quote = z[0];
+  if( quote=='[' || quote=='\'' || quote=='"' || quote=='`' ){
+    int iIn = 1;                  /* Index of next byte to read from input */
+    int iOut = 0;                 /* Index of next byte to write to output */
+
+    /* If the first byte was a '[', then the close-quote character is a ']' */
+    if( quote=='[' ) quote = ']';  
+
+    while( z[iIn] ){
+      if( z[iIn]==quote ){
+        if( z[iIn+1]!=quote ) break;
+        z[iOut++] = quote;
+        iIn += 2;
+      }else{
+        z[iOut++] = z[iIn++];
+      }
+    }
+    z[iOut] = '\0';
+  }
+}
+
+/*
+** Read a single varint from the doclist at *pp and advance *pp to point
+** to the first byte past the end of the varint.  Add the value of the varint
+** to *pVal.
+*/
+static void fts3GetDeltaVarint(char **pp, sqlite3_int64 *pVal){
+  sqlite3_int64 iVal;
+  *pp += sqlite3Fts3GetVarint(*pp, &iVal);
+  *pVal += iVal;
+}
+
+/*
+** When this function is called, *pp points to the first byte following a
+** varint that is part of a doclist (or position-list, or any other list
+** of varints). This function moves *pp to point to the start of that varint,
+** and sets *pVal by the varint value.
+**
+** Argument pStart points to the first byte of the doclist that the
+** varint is part of.
+*/
+static void fts3GetReverseVarint(
+  char **pp, 
+  char *pStart, 
+  sqlite3_int64 *pVal
+){
+  sqlite3_int64 iVal;
+  char *p;
+
+  /* Pointer p now points at the first byte past the varint we are 
+  ** interested in. So, unless the doclist is corrupt, the 0x80 bit is
+  ** clear on character p[-1]. */
+  for(p = (*pp)-2; p>=pStart && *p&0x80; p--);
+  p++;
+  *pp = p;
+
+  sqlite3Fts3GetVarint(p, &iVal);
+  *pVal = iVal;
+}
+
+/*
+** The xDisconnect() virtual table method.
+*/
+static int fts3DisconnectMethod(sqlite3_vtab *pVtab){
+  Fts3Table *p = (Fts3Table *)pVtab;
+  int i;
+
+  assert( p->nPendingData==0 );
+  assert( p->pSegments==0 );
+
+  /* Free any prepared statements held */
+  for(i=0; i<SizeofArray(p->aStmt); i++){
+    sqlite3_finalize(p->aStmt[i]);
+  }
+  sqlite3_free(p->zSegmentsTbl);
+  sqlite3_free(p->zReadExprlist);
+  sqlite3_free(p->zWriteExprlist);
+  sqlite3_free(p->zContentTbl);
+  sqlite3_free(p->zLanguageid);
+
+  /* Invoke the tokenizer destructor to free the tokenizer. */
+  p->pTokenizer->pModule->xDestroy(p->pTokenizer);
+
+  sqlite3_free(p);
+  return SQLITE_OK;
+}
+
+/*
+** Write an error message into *pzErr
+*/
+SQLITE_PRIVATE void sqlite3Fts3ErrMsg(char **pzErr, const char *zFormat, ...){
+  va_list ap;
+  sqlite3_free(*pzErr);
+  va_start(ap, zFormat);
+  *pzErr = sqlite3_vmprintf(zFormat, ap);
+  va_end(ap);
+}
+
+/*
+** Construct one or more SQL statements from the format string given
+** and then evaluate those statements. The success code is written
+** into *pRc.
+**
+** If *pRc is initially non-zero then this routine is a no-op.
+*/
+static void fts3DbExec(
+  int *pRc,              /* Success code */
+  sqlite3 *db,           /* Database in which to run SQL */
+  const char *zFormat,   /* Format string for SQL */
+  ...                    /* Arguments to the format string */
+){
+  va_list ap;
+  char *zSql;
+  if( *pRc ) return;
+  va_start(ap, zFormat);
+  zSql = sqlite3_vmprintf(zFormat, ap);
+  va_end(ap);
+  if( zSql==0 ){
+    *pRc = SQLITE_NOMEM;
+  }else{
+    *pRc = sqlite3_exec(db, zSql, 0, 0, 0);
+    sqlite3_free(zSql);
+  }
+}
+
+/*
+** The xDestroy() virtual table method.
+*/
+static int fts3DestroyMethod(sqlite3_vtab *pVtab){
+  Fts3Table *p = (Fts3Table *)pVtab;
+  int rc = SQLITE_OK;              /* Return code */
+  const char *zDb = p->zDb;        /* Name of database (e.g. "main", "temp") */
+  sqlite3 *db = p->db;             /* Database handle */
+
+  /* Drop the shadow tables */
+  if( p->zContentTbl==0 ){
+    fts3DbExec(&rc, db, "DROP TABLE IF EXISTS %Q.'%q_content'", zDb, p->zName);
+  }
+  fts3DbExec(&rc, db, "DROP TABLE IF EXISTS %Q.'%q_segments'", zDb,p->zName);
+  fts3DbExec(&rc, db, "DROP TABLE IF EXISTS %Q.'%q_segdir'", zDb, p->zName);
+  fts3DbExec(&rc, db, "DROP TABLE IF EXISTS %Q.'%q_docsize'", zDb, p->zName);
+  fts3DbExec(&rc, db, "DROP TABLE IF EXISTS %Q.'%q_stat'", zDb, p->zName);
+
+  /* If everything has worked, invoke fts3DisconnectMethod() to free the
+  ** memory associated with the Fts3Table structure and return SQLITE_OK.
+  ** Otherwise, return an SQLite error code.
+  */
+  return (rc==SQLITE_OK ? fts3DisconnectMethod(pVtab) : rc);
+}
+
+
+/*
+** Invoke sqlite3_declare_vtab() to declare the schema for the FTS3 table
+** passed as the first argument. This is done as part of the xConnect()
+** and xCreate() methods.
+**
+** If *pRc is non-zero when this function is called, it is a no-op. 
+** Otherwise, if an error occurs, an SQLite error code is stored in *pRc
+** before returning.
+*/
+static void fts3DeclareVtab(int *pRc, Fts3Table *p){
+  if( *pRc==SQLITE_OK ){
+    int i;                        /* Iterator variable */
+    int rc;                       /* Return code */
+    char *zSql;                   /* SQL statement passed to declare_vtab() */
+    char *zCols;                  /* List of user defined columns */
+    const char *zLanguageid;
+
+    zLanguageid = (p->zLanguageid ? p->zLanguageid : "__langid");
+    sqlite3_vtab_config(p->db, SQLITE_VTAB_CONSTRAINT_SUPPORT, 1);
+
+    /* Create a list of user columns for the virtual table */
+    zCols = sqlite3_mprintf("%Q, ", p->azColumn[0]);
+    for(i=1; zCols && i<p->nColumn; i++){
+      zCols = sqlite3_mprintf("%z%Q, ", zCols, p->azColumn[i]);
+    }
+
+    /* Create the whole "CREATE TABLE" statement to pass to SQLite */
+    zSql = sqlite3_mprintf(
+        "CREATE TABLE x(%s %Q HIDDEN, docid HIDDEN, %Q HIDDEN)", 
+        zCols, p->zName, zLanguageid
+    );
+    if( !zCols || !zSql ){
+      rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3_declare_vtab(p->db, zSql);
+    }
+
+    sqlite3_free(zSql);
+    sqlite3_free(zCols);
+    *pRc = rc;
+  }
+}
+
+/*
+** Create the %_stat table if it does not already exist.
+*/
+SQLITE_PRIVATE void sqlite3Fts3CreateStatTable(int *pRc, Fts3Table *p){
+  fts3DbExec(pRc, p->db, 
+      "CREATE TABLE IF NOT EXISTS %Q.'%q_stat'"
+          "(id INTEGER PRIMARY KEY, value BLOB);",
+      p->zDb, p->zName
+  );
+  if( (*pRc)==SQLITE_OK ) p->bHasStat = 1;
+}
+
+/*
+** Create the backing store tables (%_content, %_segments and %_segdir)
+** required by the FTS3 table passed as the only argument. This is done
+** as part of the vtab xCreate() method.
+**
+** If the p->bHasDocsize boolean is true (indicating that this is an
+** FTS4 table, not an FTS3 table) then also create the %_docsize and
+** %_stat tables required by FTS4.
+*/
+static int fts3CreateTables(Fts3Table *p){
+  int rc = SQLITE_OK;             /* Return code */
+  int i;                          /* Iterator variable */
+  sqlite3 *db = p->db;            /* The database connection */
+
+  if( p->zContentTbl==0 ){
+    const char *zLanguageid = p->zLanguageid;
+    char *zContentCols;           /* Columns of %_content table */
+
+    /* Create a list of user columns for the content table */
+    zContentCols = sqlite3_mprintf("docid INTEGER PRIMARY KEY");
+    for(i=0; zContentCols && i<p->nColumn; i++){
+      char *z = p->azColumn[i];
+      zContentCols = sqlite3_mprintf("%z, 'c%d%q'", zContentCols, i, z);
+    }
+    if( zLanguageid && zContentCols ){
+      zContentCols = sqlite3_mprintf("%z, langid", zContentCols, zLanguageid);
+    }
+    if( zContentCols==0 ) rc = SQLITE_NOMEM;
+  
+    /* Create the content table */
+    fts3DbExec(&rc, db, 
+       "CREATE TABLE %Q.'%q_content'(%s)",
+       p->zDb, p->zName, zContentCols
+    );
+    sqlite3_free(zContentCols);
+  }
+
+  /* Create other tables */
+  fts3DbExec(&rc, db, 
+      "CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);",
+      p->zDb, p->zName
+  );
+  fts3DbExec(&rc, db, 
+      "CREATE TABLE %Q.'%q_segdir'("
+        "level INTEGER,"
+        "idx INTEGER,"
+        "start_block INTEGER,"
+        "leaves_end_block INTEGER,"
+        "end_block INTEGER,"
+        "root BLOB,"
+        "PRIMARY KEY(level, idx)"
+      ");",
+      p->zDb, p->zName
+  );
+  if( p->bHasDocsize ){
+    fts3DbExec(&rc, db, 
+        "CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);",
+        p->zDb, p->zName
+    );
+  }
+  assert( p->bHasStat==p->bFts4 );
+  if( p->bHasStat ){
+    sqlite3Fts3CreateStatTable(&rc, p);
+  }
+  return rc;
+}
+
+/*
+** Store the current database page-size in bytes in p->nPgsz.
+**
+** If *pRc is non-zero when this function is called, it is a no-op. 
+** Otherwise, if an error occurs, an SQLite error code is stored in *pRc
+** before returning.
+*/
+static void fts3DatabasePageSize(int *pRc, Fts3Table *p){
+  if( *pRc==SQLITE_OK ){
+    int rc;                       /* Return code */
+    char *zSql;                   /* SQL text "PRAGMA %Q.page_size" */
+    sqlite3_stmt *pStmt;          /* Compiled "PRAGMA %Q.page_size" statement */
+  
+    zSql = sqlite3_mprintf("PRAGMA %Q.page_size", p->zDb);
+    if( !zSql ){
+      rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3_prepare(p->db, zSql, -1, &pStmt, 0);
+      if( rc==SQLITE_OK ){
+        sqlite3_step(pStmt);
+        p->nPgsz = sqlite3_column_int(pStmt, 0);
+        rc = sqlite3_finalize(pStmt);
+      }else if( rc==SQLITE_AUTH ){
+        p->nPgsz = 1024;
+        rc = SQLITE_OK;
+      }
+    }
+    assert( p->nPgsz>0 || rc!=SQLITE_OK );
+    sqlite3_free(zSql);
+    *pRc = rc;
+  }
+}
+
+/*
+** "Special" FTS4 arguments are column specifications of the following form:
+**
+**   <key> = <value>
+**
+** There may not be whitespace surrounding the "=" character. The <value> 
+** term may be quoted, but the <key> may not.
+*/
+static int fts3IsSpecialColumn(
+  const char *z, 
+  int *pnKey,
+  char **pzValue
+){
+  char *zValue;
+  const char *zCsr = z;
+
+  while( *zCsr!='=' ){
+    if( *zCsr=='\0' ) return 0;
+    zCsr++;
+  }
+
+  *pnKey = (int)(zCsr-z);
+  zValue = sqlite3_mprintf("%s", &zCsr[1]);
+  if( zValue ){
+    sqlite3Fts3Dequote(zValue);
+  }
+  *pzValue = zValue;
+  return 1;
+}
+
+/*
+** Append the output of a printf() style formatting to an existing string.
+*/
+static void fts3Appendf(
+  int *pRc,                       /* IN/OUT: Error code */
+  char **pz,                      /* IN/OUT: Pointer to string buffer */
+  const char *zFormat,            /* Printf format string to append */
+  ...                             /* Arguments for printf format string */
+){
+  if( *pRc==SQLITE_OK ){
+    va_list ap;
+    char *z;
+    va_start(ap, zFormat);
+    z = sqlite3_vmprintf(zFormat, ap);
+    va_end(ap);
+    if( z && *pz ){
+      char *z2 = sqlite3_mprintf("%s%s", *pz, z);
+      sqlite3_free(z);
+      z = z2;
+    }
+    if( z==0 ) *pRc = SQLITE_NOMEM;
+    sqlite3_free(*pz);
+    *pz = z;
+  }
+}
+
+/*
+** Return a copy of input string zInput enclosed in double-quotes (") and
+** with all double quote characters escaped. For example:
+**
+**     fts3QuoteId("un \"zip\"")   ->    "un \"\"zip\"\""
+**
+** The pointer returned points to memory obtained from sqlite3_malloc(). It
+** is the callers responsibility to call sqlite3_free() to release this
+** memory.
+*/
+static char *fts3QuoteId(char const *zInput){
+  int nRet;
+  char *zRet;
+  nRet = 2 + (int)strlen(zInput)*2 + 1;
+  zRet = sqlite3_malloc(nRet);
+  if( zRet ){
+    int i;
+    char *z = zRet;
+    *(z++) = '"';
+    for(i=0; zInput[i]; i++){
+      if( zInput[i]=='"' ) *(z++) = '"';
+      *(z++) = zInput[i];
+    }
+    *(z++) = '"';
+    *(z++) = '\0';
+  }
+  return zRet;
+}
+
+/*
+** Return a list of comma separated SQL expressions and a FROM clause that 
+** could be used in a SELECT statement such as the following:
+**
+**     SELECT <list of expressions> FROM %_content AS x ...
+**
+** to return the docid, followed by each column of text data in order
+** from left to write. If parameter zFunc is not NULL, then instead of
+** being returned directly each column of text data is passed to an SQL
+** function named zFunc first. For example, if zFunc is "unzip" and the
+** table has the three user-defined columns "a", "b", and "c", the following
+** string is returned:
+**
+**     "docid, unzip(x.'a'), unzip(x.'b'), unzip(x.'c') FROM %_content AS x"
+**
+** The pointer returned points to a buffer allocated by sqlite3_malloc(). It
+** is the responsibility of the caller to eventually free it.
+**
+** If *pRc is not SQLITE_OK when this function is called, it is a no-op (and
+** a NULL pointer is returned). Otherwise, if an OOM error is encountered
+** by this function, NULL is returned and *pRc is set to SQLITE_NOMEM. If
+** no error occurs, *pRc is left unmodified.
+*/
+static char *fts3ReadExprList(Fts3Table *p, const char *zFunc, int *pRc){
+  char *zRet = 0;
+  char *zFree = 0;
+  char *zFunction;
+  int i;
+
+  if( p->zContentTbl==0 ){
+    if( !zFunc ){
+      zFunction = "";
+    }else{
+      zFree = zFunction = fts3QuoteId(zFunc);
+    }
+    fts3Appendf(pRc, &zRet, "docid");
+    for(i=0; i<p->nColumn; i++){
+      fts3Appendf(pRc, &zRet, ",%s(x.'c%d%q')", zFunction, i, p->azColumn[i]);
+    }
+    if( p->zLanguageid ){
+      fts3Appendf(pRc, &zRet, ", x.%Q", "langid");
+    }
+    sqlite3_free(zFree);
+  }else{
+    fts3Appendf(pRc, &zRet, "rowid");
+    for(i=0; i<p->nColumn; i++){
+      fts3Appendf(pRc, &zRet, ", x.'%q'", p->azColumn[i]);
+    }
+    if( p->zLanguageid ){
+      fts3Appendf(pRc, &zRet, ", x.%Q", p->zLanguageid);
+    }
+  }
+  fts3Appendf(pRc, &zRet, " FROM '%q'.'%q%s' AS x", 
+      p->zDb,
+      (p->zContentTbl ? p->zContentTbl : p->zName),
+      (p->zContentTbl ? "" : "_content")
+  );
+  return zRet;
+}
+
+/*
+** Return a list of N comma separated question marks, where N is the number
+** of columns in the %_content table (one for the docid plus one for each
+** user-defined text column).
+**
+** If argument zFunc is not NULL, then all but the first question mark
+** is preceded by zFunc and an open bracket, and followed by a closed
+** bracket. For example, if zFunc is "zip" and the FTS3 table has three 
+** user-defined text columns, the following string is returned:
+**
+**     "?, zip(?), zip(?), zip(?)"
+**
+** The pointer returned points to a buffer allocated by sqlite3_malloc(). It
+** is the responsibility of the caller to eventually free it.
+**
+** If *pRc is not SQLITE_OK when this function is called, it is a no-op (and
+** a NULL pointer is returned). Otherwise, if an OOM error is encountered
+** by this function, NULL is returned and *pRc is set to SQLITE_NOMEM. If
+** no error occurs, *pRc is left unmodified.
+*/
+static char *fts3WriteExprList(Fts3Table *p, const char *zFunc, int *pRc){
+  char *zRet = 0;
+  char *zFree = 0;
+  char *zFunction;
+  int i;
+
+  if( !zFunc ){
+    zFunction = "";
+  }else{
+    zFree = zFunction = fts3QuoteId(zFunc);
+  }
+  fts3Appendf(pRc, &zRet, "?");
+  for(i=0; i<p->nColumn; i++){
+    fts3Appendf(pRc, &zRet, ",%s(?)", zFunction);
+  }
+  if( p->zLanguageid ){
+    fts3Appendf(pRc, &zRet, ", ?");
+  }
+  sqlite3_free(zFree);
+  return zRet;
+}
+
+/*
+** This function interprets the string at (*pp) as a non-negative integer
+** value. It reads the integer and sets *pnOut to the value read, then 
+** sets *pp to point to the byte immediately following the last byte of
+** the integer value.
+**
+** Only decimal digits ('0'..'9') may be part of an integer value. 
+**
+** If *pp does not being with a decimal digit SQLITE_ERROR is returned and
+** the output value undefined. Otherwise SQLITE_OK is returned.
+**
+** This function is used when parsing the "prefix=" FTS4 parameter.
+*/
+static int fts3GobbleInt(const char **pp, int *pnOut){
+  const int MAX_NPREFIX = 10000000;
+  const char *p;                  /* Iterator pointer */
+  int nInt = 0;                   /* Output value */
+
+  for(p=*pp; p[0]>='0' && p[0]<='9'; p++){
+    nInt = nInt * 10 + (p[0] - '0');
+    if( nInt>MAX_NPREFIX ){
+      nInt = 0;
+      break;
+    }
+  }
+  if( p==*pp ) return SQLITE_ERROR;
+  *pnOut = nInt;
+  *pp = p;
+  return SQLITE_OK;
+}
+
+/*
+** This function is called to allocate an array of Fts3Index structures
+** representing the indexes maintained by the current FTS table. FTS tables
+** always maintain the main "terms" index, but may also maintain one or
+** more "prefix" indexes, depending on the value of the "prefix=" parameter
+** (if any) specified as part of the CREATE VIRTUAL TABLE statement.
+**
+** Argument zParam is passed the value of the "prefix=" option if one was
+** specified, or NULL otherwise.
+**
+** If no error occurs, SQLITE_OK is returned and *apIndex set to point to
+** the allocated array. *pnIndex is set to the number of elements in the
+** array. If an error does occur, an SQLite error code is returned.
+**
+** Regardless of whether or not an error is returned, it is the responsibility
+** of the caller to call sqlite3_free() on the output array to free it.
+*/
+static int fts3PrefixParameter(
+  const char *zParam,             /* ABC in prefix=ABC parameter to parse */
+  int *pnIndex,                   /* OUT: size of *apIndex[] array */
+  struct Fts3Index **apIndex      /* OUT: Array of indexes for this table */
+){
+  struct Fts3Index *aIndex;       /* Allocated array */
+  int nIndex = 1;                 /* Number of entries in array */
+
+  if( zParam && zParam[0] ){
+    const char *p;
+    nIndex++;
+    for(p=zParam; *p; p++){
+      if( *p==',' ) nIndex++;
+    }
+  }
+
+  aIndex = sqlite3_malloc(sizeof(struct Fts3Index) * nIndex);
+  *apIndex = aIndex;
+  if( !aIndex ){
+    return SQLITE_NOMEM;
+  }
+
+  memset(aIndex, 0, sizeof(struct Fts3Index) * nIndex);
+  if( zParam ){
+    const char *p = zParam;
+    int i;
+    for(i=1; i<nIndex; i++){
+      int nPrefix = 0;
+      if( fts3GobbleInt(&p, &nPrefix) ) return SQLITE_ERROR;
+      assert( nPrefix>=0 );
+      if( nPrefix==0 ){
+        nIndex--;
+        i--;
+      }else{
+        aIndex[i].nPrefix = nPrefix;
+      }
+      p++;
+    }
+  }
+
+  *pnIndex = nIndex;
+  return SQLITE_OK;
+}
+
+/*
+** This function is called when initializing an FTS4 table that uses the
+** content=xxx option. It determines the number of and names of the columns
+** of the new FTS4 table.
+**
+** The third argument passed to this function is the value passed to the
+** config=xxx option (i.e. "xxx"). This function queries the database for
+** a table of that name. If found, the output variables are populated
+** as follows:
+**
+**   *pnCol:   Set to the number of columns table xxx has,
+**
+**   *pnStr:   Set to the total amount of space required to store a copy
+**             of each columns name, including the nul-terminator.
+**
+**   *pazCol:  Set to point to an array of *pnCol strings. Each string is
+**             the name of the corresponding column in table xxx. The array
+**             and its contents are allocated using a single allocation. It
+**             is the responsibility of the caller to free this allocation
+**             by eventually passing the *pazCol value to sqlite3_free().
+**
+** If the table cannot be found, an error code is returned and the output
+** variables are undefined. Or, if an OOM is encountered, SQLITE_NOMEM is
+** returned (and the output variables are undefined).
+*/
+static int fts3ContentColumns(
+  sqlite3 *db,                    /* Database handle */
+  const char *zDb,                /* Name of db (i.e. "main", "temp" etc.) */
+  const char *zTbl,               /* Name of content table */
+  const char ***pazCol,           /* OUT: Malloc'd array of column names */
+  int *pnCol,                     /* OUT: Size of array *pazCol */
+  int *pnStr,                     /* OUT: Bytes of string content */
+  char **pzErr                    /* OUT: error message */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  char *zSql;                     /* "SELECT *" statement on zTbl */  
+  sqlite3_stmt *pStmt = 0;        /* Compiled version of zSql */
+
+  zSql = sqlite3_mprintf("SELECT * FROM %Q.%Q", zDb, zTbl);
+  if( !zSql ){
+    rc = SQLITE_NOMEM;
+  }else{
+    rc = sqlite3_prepare(db, zSql, -1, &pStmt, 0);
+    if( rc!=SQLITE_OK ){
+      sqlite3Fts3ErrMsg(pzErr, "%s", sqlite3_errmsg(db));
+    }
+  }
+  sqlite3_free(zSql);
+
+  if( rc==SQLITE_OK ){
+    const char **azCol;           /* Output array */
+    int nStr = 0;                 /* Size of all column names (incl. 0x00) */
+    int nCol;                     /* Number of table columns */
+    int i;                        /* Used to iterate through columns */
+
+    /* Loop through the returned columns. Set nStr to the number of bytes of
+    ** space required to store a copy of each column name, including the
+    ** nul-terminator byte.  */
+    nCol = sqlite3_column_count(pStmt);
+    for(i=0; i<nCol; i++){
+      const char *zCol = sqlite3_column_name(pStmt, i);
+      nStr += (int)strlen(zCol) + 1;
+    }
+
+    /* Allocate and populate the array to return. */
+    azCol = (const char **)sqlite3_malloc(sizeof(char *) * nCol + nStr);
+    if( azCol==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      char *p = (char *)&azCol[nCol];
+      for(i=0; i<nCol; i++){
+        const char *zCol = sqlite3_column_name(pStmt, i);
+        int n = (int)strlen(zCol)+1;
+        memcpy(p, zCol, n);
+        azCol[i] = p;
+        p += n;
+      }
+    }
+    sqlite3_finalize(pStmt);
+
+    /* Set the output variables. */
+    *pnCol = nCol;
+    *pnStr = nStr;
+    *pazCol = azCol;
+  }
+
+  return rc;
+}
+
+/*
+** This function is the implementation of both the xConnect and xCreate
+** methods of the FTS3 virtual table.
+**
+** The argv[] array contains the following:
+**
+**   argv[0]   -> module name  ("fts3" or "fts4")
+**   argv[1]   -> database name
+**   argv[2]   -> table name
+**   argv[...] -> "column name" and other module argument fields.
+*/
+static int fts3InitVtab(
+  int isCreate,                   /* True for xCreate, false for xConnect */
+  sqlite3 *db,                    /* The SQLite database connection */
+  void *pAux,                     /* Hash table containing tokenizers */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVTab,          /* Write the resulting vtab structure here */
+  char **pzErr                    /* Write any error message here */
+){
+  Fts3Hash *pHash = (Fts3Hash *)pAux;
+  Fts3Table *p = 0;               /* Pointer to allocated vtab */
+  int rc = SQLITE_OK;             /* Return code */
+  int i;                          /* Iterator variable */
+  int nByte;                      /* Size of allocation used for *p */
+  int iCol;                       /* Column index */
+  int nString = 0;                /* Bytes required to hold all column names */
+  int nCol = 0;                   /* Number of columns in the FTS table */
+  char *zCsr;                     /* Space for holding column names */
+  int nDb;                        /* Bytes required to hold database name */
+  int nName;                      /* Bytes required to hold table name */
+  int isFts4 = (argv[0][3]=='4'); /* True for FTS4, false for FTS3 */
+  const char **aCol;              /* Array of column names */
+  sqlite3_tokenizer *pTokenizer = 0;        /* Tokenizer for this table */
+
+  int nIndex = 0;                 /* Size of aIndex[] array */
+  struct Fts3Index *aIndex = 0;   /* Array of indexes for this table */
+
+  /* The results of parsing supported FTS4 key=value options: */
+  int bNoDocsize = 0;             /* True to omit %_docsize table */
+  int bDescIdx = 0;               /* True to store descending indexes */
+  char *zPrefix = 0;              /* Prefix parameter value (or NULL) */
+  char *zCompress = 0;            /* compress=? parameter (or NULL) */
+  char *zUncompress = 0;          /* uncompress=? parameter (or NULL) */
+  char *zContent = 0;             /* content=? parameter (or NULL) */
+  char *zLanguageid = 0;          /* languageid=? parameter (or NULL) */
+  char **azNotindexed = 0;        /* The set of notindexed= columns */
+  int nNotindexed = 0;            /* Size of azNotindexed[] array */
+
+  assert( strlen(argv[0])==4 );
+  assert( (sqlite3_strnicmp(argv[0], "fts4", 4)==0 && isFts4)
+       || (sqlite3_strnicmp(argv[0], "fts3", 4)==0 && !isFts4)
+  );
+
+  nDb = (int)strlen(argv[1]) + 1;
+  nName = (int)strlen(argv[2]) + 1;
+
+  nByte = sizeof(const char *) * (argc-2);
+  aCol = (const char **)sqlite3_malloc(nByte);
+  if( aCol ){
+    memset((void*)aCol, 0, nByte);
+    azNotindexed = (char **)sqlite3_malloc(nByte);
+  }
+  if( azNotindexed ){
+    memset(azNotindexed, 0, nByte);
+  }
+  if( !aCol || !azNotindexed ){
+    rc = SQLITE_NOMEM;
+    goto fts3_init_out;
+  }
+
+  /* Loop through all of the arguments passed by the user to the FTS3/4
+  ** module (i.e. all the column names and special arguments). This loop
+  ** does the following:
+  **
+  **   + Figures out the number of columns the FTSX table will have, and
+  **     the number of bytes of space that must be allocated to store copies
+  **     of the column names.
+  **
+  **   + If there is a tokenizer specification included in the arguments,
+  **     initializes the tokenizer pTokenizer.
+  */
+  for(i=3; rc==SQLITE_OK && i<argc; i++){
+    char const *z = argv[i];
+    int nKey;
+    char *zVal;
+
+    /* Check if this is a tokenizer specification */
+    if( !pTokenizer 
+     && strlen(z)>8
+     && 0==sqlite3_strnicmp(z, "tokenize", 8) 
+     && 0==sqlite3Fts3IsIdChar(z[8])
+    ){
+      rc = sqlite3Fts3InitTokenizer(pHash, &z[9], &pTokenizer, pzErr);
+    }
+
+    /* Check if it is an FTS4 special argument. */
+    else if( isFts4 && fts3IsSpecialColumn(z, &nKey, &zVal) ){
+      struct Fts4Option {
+        const char *zOpt;
+        int nOpt;
+      } aFts4Opt[] = {
+        { "matchinfo",   9 },     /* 0 -> MATCHINFO */
+        { "prefix",      6 },     /* 1 -> PREFIX */
+        { "compress",    8 },     /* 2 -> COMPRESS */
+        { "uncompress", 10 },     /* 3 -> UNCOMPRESS */
+        { "order",       5 },     /* 4 -> ORDER */
+        { "content",     7 },     /* 5 -> CONTENT */
+        { "languageid", 10 },     /* 6 -> LANGUAGEID */
+        { "notindexed", 10 }      /* 7 -> NOTINDEXED */
+      };
+
+      int iOpt;
+      if( !zVal ){
+        rc = SQLITE_NOMEM;
+      }else{
+        for(iOpt=0; iOpt<SizeofArray(aFts4Opt); iOpt++){
+          struct Fts4Option *pOp = &aFts4Opt[iOpt];
+          if( nKey==pOp->nOpt && !sqlite3_strnicmp(z, pOp->zOpt, pOp->nOpt) ){
+            break;
+          }
+        }
+        if( iOpt==SizeofArray(aFts4Opt) ){
+          sqlite3Fts3ErrMsg(pzErr, "unrecognized parameter: %s", z);
+          rc = SQLITE_ERROR;
+        }else{
+          switch( iOpt ){
+            case 0:               /* MATCHINFO */
+              if( strlen(zVal)!=4 || sqlite3_strnicmp(zVal, "fts3", 4) ){
+                sqlite3Fts3ErrMsg(pzErr, "unrecognized matchinfo: %s", zVal);
+                rc = SQLITE_ERROR;
+              }
+              bNoDocsize = 1;
+              break;
+
+            case 1:               /* PREFIX */
+              sqlite3_free(zPrefix);
+              zPrefix = zVal;
+              zVal = 0;
+              break;
+
+            case 2:               /* COMPRESS */
+              sqlite3_free(zCompress);
+              zCompress = zVal;
+              zVal = 0;
+              break;
+
+            case 3:               /* UNCOMPRESS */
+              sqlite3_free(zUncompress);
+              zUncompress = zVal;
+              zVal = 0;
+              break;
+
+            case 4:               /* ORDER */
+              if( (strlen(zVal)!=3 || sqlite3_strnicmp(zVal, "asc", 3)) 
+               && (strlen(zVal)!=4 || sqlite3_strnicmp(zVal, "desc", 4)) 
+              ){
+                sqlite3Fts3ErrMsg(pzErr, "unrecognized order: %s", zVal);
+                rc = SQLITE_ERROR;
+              }
+              bDescIdx = (zVal[0]=='d' || zVal[0]=='D');
+              break;
+
+            case 5:              /* CONTENT */
+              sqlite3_free(zContent);
+              zContent = zVal;
+              zVal = 0;
+              break;
+
+            case 6:              /* LANGUAGEID */
+              assert( iOpt==6 );
+              sqlite3_free(zLanguageid);
+              zLanguageid = zVal;
+              zVal = 0;
+              break;
+
+            case 7:              /* NOTINDEXED */
+              azNotindexed[nNotindexed++] = zVal;
+              zVal = 0;
+              break;
+          }
+        }
+        sqlite3_free(zVal);
+      }
+    }
+
+    /* Otherwise, the argument is a column name. */
+    else {
+      nString += (int)(strlen(z) + 1);
+      aCol[nCol++] = z;
+    }
+  }
+
+  /* If a content=xxx option was specified, the following:
+  **
+  **   1. Ignore any compress= and uncompress= options.
+  **
+  **   2. If no column names were specified as part of the CREATE VIRTUAL
+  **      TABLE statement, use all columns from the content table.
+  */
+  if( rc==SQLITE_OK && zContent ){
+    sqlite3_free(zCompress); 
+    sqlite3_free(zUncompress); 
+    zCompress = 0;
+    zUncompress = 0;
+    if( nCol==0 ){
+      sqlite3_free((void*)aCol); 
+      aCol = 0;
+      rc = fts3ContentColumns(db, argv[1], zContent,&aCol,&nCol,&nString,pzErr);
+
+      /* If a languageid= option was specified, remove the language id
+      ** column from the aCol[] array. */ 
+      if( rc==SQLITE_OK && zLanguageid ){
+        int j;
+        for(j=0; j<nCol; j++){
+          if( sqlite3_stricmp(zLanguageid, aCol[j])==0 ){
+            int k;
+            for(k=j; k<nCol; k++) aCol[k] = aCol[k+1];
+            nCol--;
+            break;
+          }
+        }
+      }
+    }
+  }
+  if( rc!=SQLITE_OK ) goto fts3_init_out;
+
+  if( nCol==0 ){
+    assert( nString==0 );
+    aCol[0] = "content";
+    nString = 8;
+    nCol = 1;
+  }
+
+  if( pTokenizer==0 ){
+    rc = sqlite3Fts3InitTokenizer(pHash, "simple", &pTokenizer, pzErr);
+    if( rc!=SQLITE_OK ) goto fts3_init_out;
+  }
+  assert( pTokenizer );
+
+  rc = fts3PrefixParameter(zPrefix, &nIndex, &aIndex);
+  if( rc==SQLITE_ERROR ){
+    assert( zPrefix );
+    sqlite3Fts3ErrMsg(pzErr, "error parsing prefix parameter: %s", zPrefix);
+  }
+  if( rc!=SQLITE_OK ) goto fts3_init_out;
+
+  /* Allocate and populate the Fts3Table structure. */
+  nByte = sizeof(Fts3Table) +                  /* Fts3Table */
+          nCol * sizeof(char *) +              /* azColumn */
+          nIndex * sizeof(struct Fts3Index) +  /* aIndex */
+          nCol * sizeof(u8) +                  /* abNotindexed */
+          nName +                              /* zName */
+          nDb +                                /* zDb */
+          nString;                             /* Space for azColumn strings */
+  p = (Fts3Table*)sqlite3_malloc(nByte);
+  if( p==0 ){
+    rc = SQLITE_NOMEM;
+    goto fts3_init_out;
+  }
+  memset(p, 0, nByte);
+  p->db = db;
+  p->nColumn = nCol;
+  p->nPendingData = 0;
+  p->azColumn = (char **)&p[1];
+  p->pTokenizer = pTokenizer;
+  p->nMaxPendingData = FTS3_MAX_PENDING_DATA;
+  p->bHasDocsize = (isFts4 && bNoDocsize==0);
+  p->bHasStat = isFts4;
+  p->bFts4 = isFts4;
+  p->bDescIdx = bDescIdx;
+  p->nAutoincrmerge = 0xff;   /* 0xff means setting unknown */
+  p->zContentTbl = zContent;
+  p->zLanguageid = zLanguageid;
+  zContent = 0;
+  zLanguageid = 0;
+  TESTONLY( p->inTransaction = -1 );
+  TESTONLY( p->mxSavepoint = -1 );
+
+  p->aIndex = (struct Fts3Index *)&p->azColumn[nCol];
+  memcpy(p->aIndex, aIndex, sizeof(struct Fts3Index) * nIndex);
+  p->nIndex = nIndex;
+  for(i=0; i<nIndex; i++){
+    fts3HashInit(&p->aIndex[i].hPending, FTS3_HASH_STRING, 1);
+  }
+  p->abNotindexed = (u8 *)&p->aIndex[nIndex];
+
+  /* Fill in the zName and zDb fields of the vtab structure. */
+  zCsr = (char *)&p->abNotindexed[nCol];
+  p->zName = zCsr;
+  memcpy(zCsr, argv[2], nName);
+  zCsr += nName;
+  p->zDb = zCsr;
+  memcpy(zCsr, argv[1], nDb);
+  zCsr += nDb;
+
+  /* Fill in the azColumn array */
+  for(iCol=0; iCol<nCol; iCol++){
+    char *z; 
+    int n = 0;
+    z = (char *)sqlite3Fts3NextToken(aCol[iCol], &n);
+    memcpy(zCsr, z, n);
+    zCsr[n] = '\0';
+    sqlite3Fts3Dequote(zCsr);
+    p->azColumn[iCol] = zCsr;
+    zCsr += n+1;
+    assert( zCsr <= &((char *)p)[nByte] );
+  }
+
+  /* Fill in the abNotindexed array */
+  for(iCol=0; iCol<nCol; iCol++){
+    int n = (int)strlen(p->azColumn[iCol]);
+    for(i=0; i<nNotindexed; i++){
+      char *zNot = azNotindexed[i];
+      if( zNot && n==(int)strlen(zNot)
+       && 0==sqlite3_strnicmp(p->azColumn[iCol], zNot, n) 
+      ){
+        p->abNotindexed[iCol] = 1;
+        sqlite3_free(zNot);
+        azNotindexed[i] = 0;
+      }
+    }
+  }
+  for(i=0; i<nNotindexed; i++){
+    if( azNotindexed[i] ){
+      sqlite3Fts3ErrMsg(pzErr, "no such column: %s", azNotindexed[i]);
+      rc = SQLITE_ERROR;
+    }
+  }
+
+  if( rc==SQLITE_OK && (zCompress==0)!=(zUncompress==0) ){
+    char const *zMiss = (zCompress==0 ? "compress" : "uncompress");
+    rc = SQLITE_ERROR;
+    sqlite3Fts3ErrMsg(pzErr, "missing %s parameter in fts4 constructor", zMiss);
+  }
+  p->zReadExprlist = fts3ReadExprList(p, zUncompress, &rc);
+  p->zWriteExprlist = fts3WriteExprList(p, zCompress, &rc);
+  if( rc!=SQLITE_OK ) goto fts3_init_out;
+
+  /* If this is an xCreate call, create the underlying tables in the 
+  ** database. TODO: For xConnect(), it could verify that said tables exist.
+  */
+  if( isCreate ){
+    rc = fts3CreateTables(p);
+  }
+
+  /* Check to see if a legacy fts3 table has been "upgraded" by the
+  ** addition of a %_stat table so that it can use incremental merge.
+  */
+  if( !isFts4 && !isCreate ){
+    p->bHasStat = 2;
+  }
+
+  /* Figure out the page-size for the database. This is required in order to
+  ** estimate the cost of loading large doclists from the database.  */
+  fts3DatabasePageSize(&rc, p);
+  p->nNodeSize = p->nPgsz-35;
+
+  /* Declare the table schema to SQLite. */
+  fts3DeclareVtab(&rc, p);
+
+fts3_init_out:
+  sqlite3_free(zPrefix);
+  sqlite3_free(aIndex);
+  sqlite3_free(zCompress);
+  sqlite3_free(zUncompress);
+  sqlite3_free(zContent);
+  sqlite3_free(zLanguageid);
+  for(i=0; i<nNotindexed; i++) sqlite3_free(azNotindexed[i]);
+  sqlite3_free((void *)aCol);
+  sqlite3_free((void *)azNotindexed);
+  if( rc!=SQLITE_OK ){
+    if( p ){
+      fts3DisconnectMethod((sqlite3_vtab *)p);
+    }else if( pTokenizer ){
+      pTokenizer->pModule->xDestroy(pTokenizer);
+    }
+  }else{
+    assert( p->pSegments==0 );
+    *ppVTab = &p->base;
+  }
+  return rc;
+}
+
+/*
+** The xConnect() and xCreate() methods for the virtual table. All the
+** work is done in function fts3InitVtab().
+*/
+static int fts3ConnectMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pAux,                     /* Pointer to tokenizer hash table */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  return fts3InitVtab(0, db, pAux, argc, argv, ppVtab, pzErr);
+}
+static int fts3CreateMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pAux,                     /* Pointer to tokenizer hash table */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  return fts3InitVtab(1, db, pAux, argc, argv, ppVtab, pzErr);
+}
+
+/*
+** Set the pIdxInfo->estimatedRows variable to nRow. Unless this
+** extension is currently being used by a version of SQLite too old to
+** support estimatedRows. In that case this function is a no-op.
+*/
+static void fts3SetEstimatedRows(sqlite3_index_info *pIdxInfo, i64 nRow){
+#if SQLITE_VERSION_NUMBER>=3008002
+  if( sqlite3_libversion_number()>=3008002 ){
+    pIdxInfo->estimatedRows = nRow;
+  }
+#endif
+}
+
+/*
+** Set the SQLITE_INDEX_SCAN_UNIQUE flag in pIdxInfo->flags. Unless this
+** extension is currently being used by a version of SQLite too old to
+** support index-info flags. In that case this function is a no-op.
+*/
+static void fts3SetUniqueFlag(sqlite3_index_info *pIdxInfo){
+#if SQLITE_VERSION_NUMBER>=3008012
+  if( sqlite3_libversion_number()>=3008012 ){
+    pIdxInfo->idxFlags |= SQLITE_INDEX_SCAN_UNIQUE;
+  }
+#endif
+}
+
+/* 
+** Implementation of the xBestIndex method for FTS3 tables. There
+** are three possible strategies, in order of preference:
+**
+**   1. Direct lookup by rowid or docid. 
+**   2. Full-text search using a MATCH operator on a non-docid column.
+**   3. Linear scan of %_content table.
+*/
+static int fts3BestIndexMethod(sqlite3_vtab *pVTab, sqlite3_index_info *pInfo){
+  Fts3Table *p = (Fts3Table *)pVTab;
+  int i;                          /* Iterator variable */
+  int iCons = -1;                 /* Index of constraint to use */
+
+  int iLangidCons = -1;           /* Index of langid=x constraint, if present */
+  int iDocidGe = -1;              /* Index of docid>=x constraint, if present */
+  int iDocidLe = -1;              /* Index of docid<=x constraint, if present */
+  int iIdx;
+
+  /* By default use a full table scan. This is an expensive option,
+  ** so search through the constraints to see if a more efficient 
+  ** strategy is possible.
+  */
+  pInfo->idxNum = FTS3_FULLSCAN_SEARCH;
+  pInfo->estimatedCost = 5000000;
+  for(i=0; i<pInfo->nConstraint; i++){
+    int bDocid;                 /* True if this constraint is on docid */
+    struct sqlite3_index_constraint *pCons = &pInfo->aConstraint[i];
+    if( pCons->usable==0 ){
+      if( pCons->op==SQLITE_INDEX_CONSTRAINT_MATCH ){
+        /* There exists an unusable MATCH constraint. This means that if
+        ** the planner does elect to use the results of this call as part
+        ** of the overall query plan the user will see an "unable to use
+        ** function MATCH in the requested context" error. To discourage
+        ** this, return a very high cost here.  */
+        pInfo->idxNum = FTS3_FULLSCAN_SEARCH;
+        pInfo->estimatedCost = 1e50;
+        fts3SetEstimatedRows(pInfo, ((sqlite3_int64)1) << 50);
+        return SQLITE_OK;
+      }
+      continue;
+    }
+
+    bDocid = (pCons->iColumn<0 || pCons->iColumn==p->nColumn+1);
+
+    /* A direct lookup on the rowid or docid column. Assign a cost of 1.0. */
+    if( iCons<0 && pCons->op==SQLITE_INDEX_CONSTRAINT_EQ && bDocid ){
+      pInfo->idxNum = FTS3_DOCID_SEARCH;
+      pInfo->estimatedCost = 1.0;
+      iCons = i;
+    }
+
+    /* A MATCH constraint. Use a full-text search.
+    **
+    ** If there is more than one MATCH constraint available, use the first
+    ** one encountered. If there is both a MATCH constraint and a direct
+    ** rowid/docid lookup, prefer the MATCH strategy. This is done even 
+    ** though the rowid/docid lookup is faster than a MATCH query, selecting
+    ** it would lead to an "unable to use function MATCH in the requested 
+    ** context" error.
+    */
+    if( pCons->op==SQLITE_INDEX_CONSTRAINT_MATCH 
+     && pCons->iColumn>=0 && pCons->iColumn<=p->nColumn
+    ){
+      pInfo->idxNum = FTS3_FULLTEXT_SEARCH + pCons->iColumn;
+      pInfo->estimatedCost = 2.0;
+      iCons = i;
+    }
+
+    /* Equality constraint on the langid column */
+    if( pCons->op==SQLITE_INDEX_CONSTRAINT_EQ 
+     && pCons->iColumn==p->nColumn + 2
+    ){
+      iLangidCons = i;
+    }
+
+    if( bDocid ){
+      switch( pCons->op ){
+        case SQLITE_INDEX_CONSTRAINT_GE:
+        case SQLITE_INDEX_CONSTRAINT_GT:
+          iDocidGe = i;
+          break;
+
+        case SQLITE_INDEX_CONSTRAINT_LE:
+        case SQLITE_INDEX_CONSTRAINT_LT:
+          iDocidLe = i;
+          break;
+      }
+    }
+  }
+
+  /* If using a docid=? or rowid=? strategy, set the UNIQUE flag. */
+  if( pInfo->idxNum==FTS3_DOCID_SEARCH ) fts3SetUniqueFlag(pInfo);
+
+  iIdx = 1;
+  if( iCons>=0 ){
+    pInfo->aConstraintUsage[iCons].argvIndex = iIdx++;
+    pInfo->aConstraintUsage[iCons].omit = 1;
+  } 
+  if( iLangidCons>=0 ){
+    pInfo->idxNum |= FTS3_HAVE_LANGID;
+    pInfo->aConstraintUsage[iLangidCons].argvIndex = iIdx++;
+  } 
+  if( iDocidGe>=0 ){
+    pInfo->idxNum |= FTS3_HAVE_DOCID_GE;
+    pInfo->aConstraintUsage[iDocidGe].argvIndex = iIdx++;
+  } 
+  if( iDocidLe>=0 ){
+    pInfo->idxNum |= FTS3_HAVE_DOCID_LE;
+    pInfo->aConstraintUsage[iDocidLe].argvIndex = iIdx++;
+  } 
+
+  /* Regardless of the strategy selected, FTS can deliver rows in rowid (or
+  ** docid) order. Both ascending and descending are possible. 
+  */
+  if( pInfo->nOrderBy==1 ){
+    struct sqlite3_index_orderby *pOrder = &pInfo->aOrderBy[0];
+    if( pOrder->iColumn<0 || pOrder->iColumn==p->nColumn+1 ){
+      if( pOrder->desc ){
+        pInfo->idxStr = "DESC";
+      }else{
+        pInfo->idxStr = "ASC";
+      }
+      pInfo->orderByConsumed = 1;
+    }
+  }
+
+  assert( p->pSegments==0 );
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of xOpen method.
+*/
+static int fts3OpenMethod(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCsr){
+  sqlite3_vtab_cursor *pCsr;               /* Allocated cursor */
+
+  UNUSED_PARAMETER(pVTab);
+
+  /* Allocate a buffer large enough for an Fts3Cursor structure. If the
+  ** allocation succeeds, zero it and return SQLITE_OK. Otherwise, 
+  ** if the allocation fails, return SQLITE_NOMEM.
+  */
+  *ppCsr = pCsr = (sqlite3_vtab_cursor *)sqlite3_malloc(sizeof(Fts3Cursor));
+  if( !pCsr ){
+    return SQLITE_NOMEM;
+  }
+  memset(pCsr, 0, sizeof(Fts3Cursor));
+  return SQLITE_OK;
+}
+
+/*
+** Close the cursor.  For additional information see the documentation
+** on the xClose method of the virtual table interface.
+*/
+static int fts3CloseMethod(sqlite3_vtab_cursor *pCursor){
+  Fts3Cursor *pCsr = (Fts3Cursor *)pCursor;
+  assert( ((Fts3Table *)pCsr->base.pVtab)->pSegments==0 );
+  sqlite3_finalize(pCsr->pStmt);
+  sqlite3Fts3ExprFree(pCsr->pExpr);
+  sqlite3Fts3FreeDeferredTokens(pCsr);
+  sqlite3_free(pCsr->aDoclist);
+  sqlite3Fts3MIBufferFree(pCsr->pMIBuffer);
+  assert( ((Fts3Table *)pCsr->base.pVtab)->pSegments==0 );
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+/*
+** If pCsr->pStmt has not been prepared (i.e. if pCsr->pStmt==0), then
+** compose and prepare an SQL statement of the form:
+**
+**    "SELECT <columns> FROM %_content WHERE rowid = ?"
+**
+** (or the equivalent for a content=xxx table) and set pCsr->pStmt to
+** it. If an error occurs, return an SQLite error code.
+**
+** Otherwise, set *ppStmt to point to pCsr->pStmt and return SQLITE_OK.
+*/
+static int fts3CursorSeekStmt(Fts3Cursor *pCsr, sqlite3_stmt **ppStmt){
+  int rc = SQLITE_OK;
+  if( pCsr->pStmt==0 ){
+    Fts3Table *p = (Fts3Table *)pCsr->base.pVtab;
+    char *zSql;
+    zSql = sqlite3_mprintf("SELECT %s WHERE rowid = ?", p->zReadExprlist);
+    if( !zSql ) return SQLITE_NOMEM;
+    rc = sqlite3_prepare_v2(p->db, zSql, -1, &pCsr->pStmt, 0);
+    sqlite3_free(zSql);
+  }
+  *ppStmt = pCsr->pStmt;
+  return rc;
+}
+
+/*
+** Position the pCsr->pStmt statement so that it is on the row
+** of the %_content table that contains the last match.  Return
+** SQLITE_OK on success.  
+*/
+static int fts3CursorSeek(sqlite3_context *pContext, Fts3Cursor *pCsr){
+  int rc = SQLITE_OK;
+  if( pCsr->isRequireSeek ){
+    sqlite3_stmt *pStmt = 0;
+
+    rc = fts3CursorSeekStmt(pCsr, &pStmt);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pCsr->pStmt, 1, pCsr->iPrevId);
+      pCsr->isRequireSeek = 0;
+      if( SQLITE_ROW==sqlite3_step(pCsr->pStmt) ){
+        return SQLITE_OK;
+      }else{
+        rc = sqlite3_reset(pCsr->pStmt);
+        if( rc==SQLITE_OK && ((Fts3Table *)pCsr->base.pVtab)->zContentTbl==0 ){
+          /* If no row was found and no error has occurred, then the %_content
+          ** table is missing a row that is present in the full-text index.
+          ** The data structures are corrupt.  */
+          rc = FTS_CORRUPT_VTAB;
+          pCsr->isEof = 1;
+        }
+      }
+    }
+  }
+
+  if( rc!=SQLITE_OK && pContext ){
+    sqlite3_result_error_code(pContext, rc);
+  }
+  return rc;
+}
+
+/*
+** This function is used to process a single interior node when searching
+** a b-tree for a term or term prefix. The node data is passed to this 
+** function via the zNode/nNode parameters. The term to search for is
+** passed in zTerm/nTerm.
+**
+** If piFirst is not NULL, then this function sets *piFirst to the blockid
+** of the child node that heads the sub-tree that may contain the term.
+**
+** If piLast is not NULL, then *piLast is set to the right-most child node
+** that heads a sub-tree that may contain a term for which zTerm/nTerm is
+** a prefix.
+**
+** If an OOM error occurs, SQLITE_NOMEM is returned. Otherwise, SQLITE_OK.
+*/
+static int fts3ScanInteriorNode(
+  const char *zTerm,              /* Term to select leaves for */
+  int nTerm,                      /* Size of term zTerm in bytes */
+  const char *zNode,              /* Buffer containing segment interior node */
+  int nNode,                      /* Size of buffer at zNode */
+  sqlite3_int64 *piFirst,         /* OUT: Selected child node */
+  sqlite3_int64 *piLast           /* OUT: Selected child node */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  const char *zCsr = zNode;       /* Cursor to iterate through node */
+  const char *zEnd = &zCsr[nNode];/* End of interior node buffer */
+  char *zBuffer = 0;              /* Buffer to load terms into */
+  int nAlloc = 0;                 /* Size of allocated buffer */
+  int isFirstTerm = 1;            /* True when processing first term on page */
+  sqlite3_int64 iChild;           /* Block id of child node to descend to */
+
+  /* Skip over the 'height' varint that occurs at the start of every 
+  ** interior node. Then load the blockid of the left-child of the b-tree
+  ** node into variable iChild.  
+  **
+  ** Even if the data structure on disk is corrupted, this (reading two
+  ** varints from the buffer) does not risk an overread. If zNode is a
+  ** root node, then the buffer comes from a SELECT statement. SQLite does
+  ** not make this guarantee explicitly, but in practice there are always
+  ** either more than 20 bytes of allocated space following the nNode bytes of
+  ** contents, or two zero bytes. Or, if the node is read from the %_segments
+  ** table, then there are always 20 bytes of zeroed padding following the
+  ** nNode bytes of content (see sqlite3Fts3ReadBlock() for details).
+  */
+  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);
+  zCsr += sqlite3Fts3GetVarint(zCsr, &iChild);
+  if( zCsr>zEnd ){
+    return FTS_CORRUPT_VTAB;
+  }
+  
+  while( zCsr<zEnd && (piFirst || piLast) ){
+    int cmp;                      /* memcmp() result */
+    int nSuffix;                  /* Size of term suffix */
+    int nPrefix = 0;              /* Size of term prefix */
+    int nBuffer;                  /* Total term size */
+  
+    /* Load the next term on the node into zBuffer. Use realloc() to expand
+    ** the size of zBuffer if required.  */
+    if( !isFirstTerm ){
+      zCsr += fts3GetVarint32(zCsr, &nPrefix);
+    }
+    isFirstTerm = 0;
+    zCsr += fts3GetVarint32(zCsr, &nSuffix);
+    
+    if( nPrefix<0 || nSuffix<0 || &zCsr[nSuffix]>zEnd ){
+      rc = FTS_CORRUPT_VTAB;
+      goto finish_scan;
+    }
+    if( nPrefix+nSuffix>nAlloc ){
+      char *zNew;
+      nAlloc = (nPrefix+nSuffix) * 2;
+      zNew = (char *)sqlite3_realloc(zBuffer, nAlloc);
+      if( !zNew ){
+        rc = SQLITE_NOMEM;
+        goto finish_scan;
+      }
+      zBuffer = zNew;
+    }
+    assert( zBuffer );
+    memcpy(&zBuffer[nPrefix], zCsr, nSuffix);
+    nBuffer = nPrefix + nSuffix;
+    zCsr += nSuffix;
+
+    /* Compare the term we are searching for with the term just loaded from
+    ** the interior node. If the specified term is greater than or equal
+    ** to the term from the interior node, then all terms on the sub-tree 
+    ** headed by node iChild are smaller than zTerm. No need to search 
+    ** iChild.
+    **
+    ** If the interior node term is larger than the specified term, then
+    ** the tree headed by iChild may contain the specified term.
+    */
+    cmp = memcmp(zTerm, zBuffer, (nBuffer>nTerm ? nTerm : nBuffer));
+    if( piFirst && (cmp<0 || (cmp==0 && nBuffer>nTerm)) ){
+      *piFirst = iChild;
+      piFirst = 0;
+    }
+
+    if( piLast && cmp<0 ){
+      *piLast = iChild;
+      piLast = 0;
+    }
+
+    iChild++;
+  };
+
+  if( piFirst ) *piFirst = iChild;
+  if( piLast ) *piLast = iChild;
+
+ finish_scan:
+  sqlite3_free(zBuffer);
+  return rc;
+}
+
+
+/*
+** The buffer pointed to by argument zNode (size nNode bytes) contains an
+** interior node of a b-tree segment. The zTerm buffer (size nTerm bytes)
+** contains a term. This function searches the sub-tree headed by the zNode
+** node for the range of leaf nodes that may contain the specified term
+** or terms for which the specified term is a prefix.
+**
+** If piLeaf is not NULL, then *piLeaf is set to the blockid of the 
+** left-most leaf node in the tree that may contain the specified term.
+** If piLeaf2 is not NULL, then *piLeaf2 is set to the blockid of the
+** right-most leaf node that may contain a term for which the specified
+** term is a prefix.
+**
+** It is possible that the range of returned leaf nodes does not contain 
+** the specified term or any terms for which it is a prefix. However, if the 
+** segment does contain any such terms, they are stored within the identified
+** range. Because this function only inspects interior segment nodes (and
+** never loads leaf nodes into memory), it is not possible to be sure.
+**
+** If an error occurs, an error code other than SQLITE_OK is returned.
+*/ 
+static int fts3SelectLeaf(
+  Fts3Table *p,                   /* Virtual table handle */
+  const char *zTerm,              /* Term to select leaves for */
+  int nTerm,                      /* Size of term zTerm in bytes */
+  const char *zNode,              /* Buffer containing segment interior node */
+  int nNode,                      /* Size of buffer at zNode */
+  sqlite3_int64 *piLeaf,          /* Selected leaf node */
+  sqlite3_int64 *piLeaf2          /* Selected leaf node */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  int iHeight;                    /* Height of this node in tree */
+
+  assert( piLeaf || piLeaf2 );
+
+  fts3GetVarint32(zNode, &iHeight);
+  rc = fts3ScanInteriorNode(zTerm, nTerm, zNode, nNode, piLeaf, piLeaf2);
+  assert( !piLeaf2 || !piLeaf || rc!=SQLITE_OK || (*piLeaf<=*piLeaf2) );
+
+  if( rc==SQLITE_OK && iHeight>1 ){
+    char *zBlob = 0;              /* Blob read from %_segments table */
+    int nBlob = 0;                /* Size of zBlob in bytes */
+
+    if( piLeaf && piLeaf2 && (*piLeaf!=*piLeaf2) ){
+      rc = sqlite3Fts3ReadBlock(p, *piLeaf, &zBlob, &nBlob, 0);
+      if( rc==SQLITE_OK ){
+        rc = fts3SelectLeaf(p, zTerm, nTerm, zBlob, nBlob, piLeaf, 0);
+      }
+      sqlite3_free(zBlob);
+      piLeaf = 0;
+      zBlob = 0;
+    }
+
+    if( rc==SQLITE_OK ){
+      rc = sqlite3Fts3ReadBlock(p, piLeaf?*piLeaf:*piLeaf2, &zBlob, &nBlob, 0);
+    }
+    if( rc==SQLITE_OK ){
+      rc = fts3SelectLeaf(p, zTerm, nTerm, zBlob, nBlob, piLeaf, piLeaf2);
+    }
+    sqlite3_free(zBlob);
+  }
+
+  return rc;
+}
+
+/*
+** This function is used to create delta-encoded serialized lists of FTS3 
+** varints. Each call to this function appends a single varint to a list.
+*/
+static void fts3PutDeltaVarint(
+  char **pp,                      /* IN/OUT: Output pointer */
+  sqlite3_int64 *piPrev,          /* IN/OUT: Previous value written to list */
+  sqlite3_int64 iVal              /* Write this value to the list */
+){
+  assert( iVal-*piPrev > 0 || (*piPrev==0 && iVal==0) );
+  *pp += sqlite3Fts3PutVarint(*pp, iVal-*piPrev);
+  *piPrev = iVal;
+}
+
+/*
+** When this function is called, *ppPoslist is assumed to point to the 
+** start of a position-list. After it returns, *ppPoslist points to the
+** first byte after the position-list.
+**
+** A position list is list of positions (delta encoded) and columns for 
+** a single document record of a doclist.  So, in other words, this
+** routine advances *ppPoslist so that it points to the next docid in
+** the doclist, or to the first byte past the end of the doclist.
+**
+** If pp is not NULL, then the contents of the position list are copied
+** to *pp. *pp is set to point to the first byte past the last byte copied
+** before this function returns.
+*/
+static void fts3PoslistCopy(char **pp, char **ppPoslist){
+  char *pEnd = *ppPoslist;
+  char c = 0;
+
+  /* The end of a position list is marked by a zero encoded as an FTS3 
+  ** varint. A single POS_END (0) byte. Except, if the 0 byte is preceded by
+  ** a byte with the 0x80 bit set, then it is not a varint 0, but the tail
+  ** of some other, multi-byte, value.
+  **
+  ** The following while-loop moves pEnd to point to the first byte that is not 
+  ** immediately preceded by a byte with the 0x80 bit set. Then increments
+  ** pEnd once more so that it points to the byte immediately following the
+  ** last byte in the position-list.
+  */
+  while( *pEnd | c ){
+    c = *pEnd++ & 0x80;
+    testcase( c!=0 && (*pEnd)==0 );
+  }
+  pEnd++;  /* Advance past the POS_END terminator byte */
+
+  if( pp ){
+    int n = (int)(pEnd - *ppPoslist);
+    char *p = *pp;
+    memcpy(p, *ppPoslist, n);
+    p += n;
+    *pp = p;
+  }
+  *ppPoslist = pEnd;
+}
+
+/*
+** When this function is called, *ppPoslist is assumed to point to the 
+** start of a column-list. After it returns, *ppPoslist points to the
+** to the terminator (POS_COLUMN or POS_END) byte of the column-list.
+**
+** A column-list is list of delta-encoded positions for a single column
+** within a single document within a doclist.
+**
+** The column-list is terminated either by a POS_COLUMN varint (1) or
+** a POS_END varint (0).  This routine leaves *ppPoslist pointing to
+** the POS_COLUMN or POS_END that terminates the column-list.
+**
+** If pp is not NULL, then the contents of the column-list are copied
+** to *pp. *pp is set to point to the first byte past the last byte copied
+** before this function returns.  The POS_COLUMN or POS_END terminator
+** is not copied into *pp.
+*/
+static void fts3ColumnlistCopy(char **pp, char **ppPoslist){
+  char *pEnd = *ppPoslist;
+  char c = 0;
+
+  /* A column-list is terminated by either a 0x01 or 0x00 byte that is
+  ** not part of a multi-byte varint.
+  */
+  while( 0xFE & (*pEnd | c) ){
+    c = *pEnd++ & 0x80;
+    testcase( c!=0 && ((*pEnd)&0xfe)==0 );
+  }
+  if( pp ){
+    int n = (int)(pEnd - *ppPoslist);
+    char *p = *pp;
+    memcpy(p, *ppPoslist, n);
+    p += n;
+    *pp = p;
+  }
+  *ppPoslist = pEnd;
+}
+
+/*
+** Value used to signify the end of an position-list. This is safe because
+** it is not possible to have a document with 2^31 terms.
+*/
+#define POSITION_LIST_END 0x7fffffff
+
+/*
+** This function is used to help parse position-lists. When this function is
+** called, *pp may point to the start of the next varint in the position-list
+** being parsed, or it may point to 1 byte past the end of the position-list
+** (in which case **pp will be a terminator bytes POS_END (0) or
+** (1)).
+**
+** If *pp points past the end of the current position-list, set *pi to 
+** POSITION_LIST_END and return. Otherwise, read the next varint from *pp,
+** increment the current value of *pi by the value read, and set *pp to
+** point to the next value before returning.
+**
+** Before calling this routine *pi must be initialized to the value of
+** the previous position, or zero if we are reading the first position
+** in the position-list.  Because positions are delta-encoded, the value
+** of the previous position is needed in order to compute the value of
+** the next position.
+*/
+static void fts3ReadNextPos(
+  char **pp,                    /* IN/OUT: Pointer into position-list buffer */
+  sqlite3_int64 *pi             /* IN/OUT: Value read from position-list */
+){
+  if( (**pp)&0xFE ){
+    fts3GetDeltaVarint(pp, pi);
+    *pi -= 2;
+  }else{
+    *pi = POSITION_LIST_END;
+  }
+}
+
+/*
+** If parameter iCol is not 0, write an POS_COLUMN (1) byte followed by
+** the value of iCol encoded as a varint to *pp.   This will start a new
+** column list.
+**
+** Set *pp to point to the byte just after the last byte written before 
+** returning (do not modify it if iCol==0). Return the total number of bytes
+** written (0 if iCol==0).
+*/
+static int fts3PutColNumber(char **pp, int iCol){
+  int n = 0;                      /* Number of bytes written */
+  if( iCol ){
+    char *p = *pp;                /* Output pointer */
+    n = 1 + sqlite3Fts3PutVarint(&p[1], iCol);
+    *p = 0x01;
+    *pp = &p[n];
+  }
+  return n;
+}
+
+/*
+** Compute the union of two position lists.  The output written
+** into *pp contains all positions of both *pp1 and *pp2 in sorted
+** order and with any duplicates removed.  All pointers are
+** updated appropriately.   The caller is responsible for insuring
+** that there is enough space in *pp to hold the complete output.
+*/
+static void fts3PoslistMerge(
+  char **pp,                      /* Output buffer */
+  char **pp1,                     /* Left input list */
+  char **pp2                      /* Right input list */
+){
+  char *p = *pp;
+  char *p1 = *pp1;
+  char *p2 = *pp2;
+
+  while( *p1 || *p2 ){
+    int iCol1;         /* The current column index in pp1 */
+    int iCol2;         /* The current column index in pp2 */
+
+    if( *p1==POS_COLUMN ) fts3GetVarint32(&p1[1], &iCol1);
+    else if( *p1==POS_END ) iCol1 = POSITION_LIST_END;
+    else iCol1 = 0;
+
+    if( *p2==POS_COLUMN ) fts3GetVarint32(&p2[1], &iCol2);
+    else if( *p2==POS_END ) iCol2 = POSITION_LIST_END;
+    else iCol2 = 0;
+
+    if( iCol1==iCol2 ){
+      sqlite3_int64 i1 = 0;       /* Last position from pp1 */
+      sqlite3_int64 i2 = 0;       /* Last position from pp2 */
+      sqlite3_int64 iPrev = 0;
+      int n = fts3PutColNumber(&p, iCol1);
+      p1 += n;
+      p2 += n;
+
+      /* At this point, both p1 and p2 point to the start of column-lists
+      ** for the same column (the column with index iCol1 and iCol2).
+      ** A column-list is a list of non-negative delta-encoded varints, each 
+      ** incremented by 2 before being stored. Each list is terminated by a
+      ** POS_END (0) or POS_COLUMN (1). The following block merges the two lists
+      ** and writes the results to buffer p. p is left pointing to the byte
+      ** after the list written. No terminator (POS_END or POS_COLUMN) is
+      ** written to the output.
+      */
+      fts3GetDeltaVarint(&p1, &i1);
+      fts3GetDeltaVarint(&p2, &i2);
+      do {
+        fts3PutDeltaVarint(&p, &iPrev, (i1<i2) ? i1 : i2); 
+        iPrev -= 2;
+        if( i1==i2 ){
+          fts3ReadNextPos(&p1, &i1);
+          fts3ReadNextPos(&p2, &i2);
+        }else if( i1<i2 ){
+          fts3ReadNextPos(&p1, &i1);
+        }else{
+          fts3ReadNextPos(&p2, &i2);
+        }
+      }while( i1!=POSITION_LIST_END || i2!=POSITION_LIST_END );
+    }else if( iCol1<iCol2 ){
+      p1 += fts3PutColNumber(&p, iCol1);
+      fts3ColumnlistCopy(&p, &p1);
+    }else{
+      p2 += fts3PutColNumber(&p, iCol2);
+      fts3ColumnlistCopy(&p, &p2);
+    }
+  }
+
+  *p++ = POS_END;
+  *pp = p;
+  *pp1 = p1 + 1;
+  *pp2 = p2 + 1;
+}
+
+/*
+** This function is used to merge two position lists into one. When it is
+** called, *pp1 and *pp2 must both point to position lists. A position-list is
+** the part of a doclist that follows each document id. For example, if a row
+** contains:
+**
+**     'a b c'|'x y z'|'a b b a'
+**
+** Then the position list for this row for token 'b' would consist of:
+**
+**     0x02 0x01 0x02 0x03 0x03 0x00
+**
+** When this function returns, both *pp1 and *pp2 are left pointing to the
+** byte following the 0x00 terminator of their respective position lists.
+**
+** If isSaveLeft is 0, an entry is added to the output position list for 
+** each position in *pp2 for which there exists one or more positions in
+** *pp1 so that (pos(*pp2)>pos(*pp1) && pos(*pp2)-pos(*pp1)<=nToken). i.e.
+** when the *pp1 token appears before the *pp2 token, but not more than nToken
+** slots before it.
+**
+** e.g. nToken==1 searches for adjacent positions.
+*/
+static int fts3PoslistPhraseMerge(
+  char **pp,                      /* IN/OUT: Preallocated output buffer */
+  int nToken,                     /* Maximum difference in token positions */
+  int isSaveLeft,                 /* Save the left position */
+  int isExact,                    /* If *pp1 is exactly nTokens before *pp2 */
+  char **pp1,                     /* IN/OUT: Left input list */
+  char **pp2                      /* IN/OUT: Right input list */
+){
+  char *p = *pp;
+  char *p1 = *pp1;
+  char *p2 = *pp2;
+  int iCol1 = 0;
+  int iCol2 = 0;
+
+  /* Never set both isSaveLeft and isExact for the same invocation. */
+  assert( isSaveLeft==0 || isExact==0 );
+
+  assert( p!=0 && *p1!=0 && *p2!=0 );
+  if( *p1==POS_COLUMN ){ 
+    p1++;
+    p1 += fts3GetVarint32(p1, &iCol1);
+  }
+  if( *p2==POS_COLUMN ){ 
+    p2++;
+    p2 += fts3GetVarint32(p2, &iCol2);
+  }
+
+  while( 1 ){
+    if( iCol1==iCol2 ){
+      char *pSave = p;
+      sqlite3_int64 iPrev = 0;
+      sqlite3_int64 iPos1 = 0;
+      sqlite3_int64 iPos2 = 0;
+
+      if( iCol1 ){
+        *p++ = POS_COLUMN;
+        p += sqlite3Fts3PutVarint(p, iCol1);
+      }
+
+      assert( *p1!=POS_END && *p1!=POS_COLUMN );
+      assert( *p2!=POS_END && *p2!=POS_COLUMN );
+      fts3GetDeltaVarint(&p1, &iPos1); iPos1 -= 2;
+      fts3GetDeltaVarint(&p2, &iPos2); iPos2 -= 2;
+
+      while( 1 ){
+        if( iPos2==iPos1+nToken 
+         || (isExact==0 && iPos2>iPos1 && iPos2<=iPos1+nToken) 
+        ){
+          sqlite3_int64 iSave;
+          iSave = isSaveLeft ? iPos1 : iPos2;
+          fts3PutDeltaVarint(&p, &iPrev, iSave+2); iPrev -= 2;
+          pSave = 0;
+          assert( p );
+        }
+        if( (!isSaveLeft && iPos2<=(iPos1+nToken)) || iPos2<=iPos1 ){
+          if( (*p2&0xFE)==0 ) break;
+          fts3GetDeltaVarint(&p2, &iPos2); iPos2 -= 2;
+        }else{
+          if( (*p1&0xFE)==0 ) break;
+          fts3GetDeltaVarint(&p1, &iPos1); iPos1 -= 2;
+        }
+      }
+
+      if( pSave ){
+        assert( pp && p );
+        p = pSave;
+      }
+
+      fts3ColumnlistCopy(0, &p1);
+      fts3ColumnlistCopy(0, &p2);
+      assert( (*p1&0xFE)==0 && (*p2&0xFE)==0 );
+      if( 0==*p1 || 0==*p2 ) break;
+
+      p1++;
+      p1 += fts3GetVarint32(p1, &iCol1);
+      p2++;
+      p2 += fts3GetVarint32(p2, &iCol2);
+    }
+
+    /* Advance pointer p1 or p2 (whichever corresponds to the smaller of
+    ** iCol1 and iCol2) so that it points to either the 0x00 that marks the
+    ** end of the position list, or the 0x01 that precedes the next 
+    ** column-number in the position list. 
+    */
+    else if( iCol1<iCol2 ){
+      fts3ColumnlistCopy(0, &p1);
+      if( 0==*p1 ) break;
+      p1++;
+      p1 += fts3GetVarint32(p1, &iCol1);
+    }else{
+      fts3ColumnlistCopy(0, &p2);
+      if( 0==*p2 ) break;
+      p2++;
+      p2 += fts3GetVarint32(p2, &iCol2);
+    }
+  }
+
+  fts3PoslistCopy(0, &p2);
+  fts3PoslistCopy(0, &p1);
+  *pp1 = p1;
+  *pp2 = p2;
+  if( *pp==p ){
+    return 0;
+  }
+  *p++ = 0x00;
+  *pp = p;
+  return 1;
+}
+
+/*
+** Merge two position-lists as required by the NEAR operator. The argument
+** position lists correspond to the left and right phrases of an expression 
+** like:
+**
+**     "phrase 1" NEAR "phrase number 2"
+**
+** Position list *pp1 corresponds to the left-hand side of the NEAR 
+** expression and *pp2 to the right. As usual, the indexes in the position 
+** lists are the offsets of the last token in each phrase (tokens "1" and "2" 
+** in the example above).
+**
+** The output position list - written to *pp - is a copy of *pp2 with those
+** entries that are not sufficiently NEAR entries in *pp1 removed.
+*/
+static int fts3PoslistNearMerge(
+  char **pp,                      /* Output buffer */
+  char *aTmp,                     /* Temporary buffer space */
+  int nRight,                     /* Maximum difference in token positions */
+  int nLeft,                      /* Maximum difference in token positions */
+  char **pp1,                     /* IN/OUT: Left input list */
+  char **pp2                      /* IN/OUT: Right input list */
+){
+  char *p1 = *pp1;
+  char *p2 = *pp2;
+
+  char *pTmp1 = aTmp;
+  char *pTmp2;
+  char *aTmp2;
+  int res = 1;
+
+  fts3PoslistPhraseMerge(&pTmp1, nRight, 0, 0, pp1, pp2);
+  aTmp2 = pTmp2 = pTmp1;
+  *pp1 = p1;
+  *pp2 = p2;
+  fts3PoslistPhraseMerge(&pTmp2, nLeft, 1, 0, pp2, pp1);
+  if( pTmp1!=aTmp && pTmp2!=aTmp2 ){
+    fts3PoslistMerge(pp, &aTmp, &aTmp2);
+  }else if( pTmp1!=aTmp ){
+    fts3PoslistCopy(pp, &aTmp);
+  }else if( pTmp2!=aTmp2 ){
+    fts3PoslistCopy(pp, &aTmp2);
+  }else{
+    res = 0;
+  }
+
+  return res;
+}
+
+/* 
+** An instance of this function is used to merge together the (potentially
+** large number of) doclists for each term that matches a prefix query.
+** See function fts3TermSelectMerge() for details.
+*/
+typedef struct TermSelect TermSelect;
+struct TermSelect {
+  char *aaOutput[16];             /* Malloc'd output buffers */
+  int anOutput[16];               /* Size each output buffer in bytes */
+};
+
+/*
+** This function is used to read a single varint from a buffer. Parameter
+** pEnd points 1 byte past the end of the buffer. When this function is
+** called, if *pp points to pEnd or greater, then the end of the buffer
+** has been reached. In this case *pp is set to 0 and the function returns.
+**
+** If *pp does not point to or past pEnd, then a single varint is read
+** from *pp. *pp is then set to point 1 byte past the end of the read varint.
+**
+** If bDescIdx is false, the value read is added to *pVal before returning.
+** If it is true, the value read is subtracted from *pVal before this 
+** function returns.
+*/
+static void fts3GetDeltaVarint3(
+  char **pp,                      /* IN/OUT: Point to read varint from */
+  char *pEnd,                     /* End of buffer */
+  int bDescIdx,                   /* True if docids are descending */
+  sqlite3_int64 *pVal             /* IN/OUT: Integer value */
+){
+  if( *pp>=pEnd ){
+    *pp = 0;
+  }else{
+    sqlite3_int64 iVal;
+    *pp += sqlite3Fts3GetVarint(*pp, &iVal);
+    if( bDescIdx ){
+      *pVal -= iVal;
+    }else{
+      *pVal += iVal;
+    }
+  }
+}
+
+/*
+** This function is used to write a single varint to a buffer. The varint
+** is written to *pp. Before returning, *pp is set to point 1 byte past the
+** end of the value written.
+**
+** If *pbFirst is zero when this function is called, the value written to
+** the buffer is that of parameter iVal. 
+**
+** If *pbFirst is non-zero when this function is called, then the value 
+** written is either (iVal-*piPrev) (if bDescIdx is zero) or (*piPrev-iVal)
+** (if bDescIdx is non-zero).
+**
+** Before returning, this function always sets *pbFirst to 1 and *piPrev
+** to the value of parameter iVal.
+*/
+static void fts3PutDeltaVarint3(
+  char **pp,                      /* IN/OUT: Output pointer */
+  int bDescIdx,                   /* True for descending docids */
+  sqlite3_int64 *piPrev,          /* IN/OUT: Previous value written to list */
+  int *pbFirst,                   /* IN/OUT: True after first int written */
+  sqlite3_int64 iVal              /* Write this value to the list */
+){
+  sqlite3_int64 iWrite;
+  if( bDescIdx==0 || *pbFirst==0 ){
+    iWrite = iVal - *piPrev;
+  }else{
+    iWrite = *piPrev - iVal;
+  }
+  assert( *pbFirst || *piPrev==0 );
+  assert( *pbFirst==0 || iWrite>0 );
+  *pp += sqlite3Fts3PutVarint(*pp, iWrite);
+  *piPrev = iVal;
+  *pbFirst = 1;
+}
+
+
+/*
+** This macro is used by various functions that merge doclists. The two
+** arguments are 64-bit docid values. If the value of the stack variable
+** bDescDoclist is 0 when this macro is invoked, then it returns (i1-i2). 
+** Otherwise, (i2-i1).
+**
+** Using this makes it easier to write code that can merge doclists that are
+** sorted in either ascending or descending order.
+*/
+#define DOCID_CMP(i1, i2) ((bDescDoclist?-1:1) * (i1-i2))
+
+/*
+** This function does an "OR" merge of two doclists (output contains all
+** positions contained in either argument doclist). If the docids in the 
+** input doclists are sorted in ascending order, parameter bDescDoclist
+** should be false. If they are sorted in ascending order, it should be
+** passed a non-zero value.
+**
+** If no error occurs, *paOut is set to point at an sqlite3_malloc'd buffer
+** containing the output doclist and SQLITE_OK is returned. In this case
+** *pnOut is set to the number of bytes in the output doclist.
+**
+** If an error occurs, an SQLite error code is returned. The output values
+** are undefined in this case.
+*/
+static int fts3DoclistOrMerge(
+  int bDescDoclist,               /* True if arguments are desc */
+  char *a1, int n1,               /* First doclist */
+  char *a2, int n2,               /* Second doclist */
+  char **paOut, int *pnOut        /* OUT: Malloc'd doclist */
+){
+  sqlite3_int64 i1 = 0;
+  sqlite3_int64 i2 = 0;
+  sqlite3_int64 iPrev = 0;
+  char *pEnd1 = &a1[n1];
+  char *pEnd2 = &a2[n2];
+  char *p1 = a1;
+  char *p2 = a2;
+  char *p;
+  char *aOut;
+  int bFirstOut = 0;
+
+  *paOut = 0;
+  *pnOut = 0;
+
+  /* Allocate space for the output. Both the input and output doclists
+  ** are delta encoded. If they are in ascending order (bDescDoclist==0),
+  ** then the first docid in each list is simply encoded as a varint. For
+  ** each subsequent docid, the varint stored is the difference between the
+  ** current and previous docid (a positive number - since the list is in
+  ** ascending order).
+  **
+  ** The first docid written to the output is therefore encoded using the 
+  ** same number of bytes as it is in whichever of the input lists it is
+  ** read from. And each subsequent docid read from the same input list 
+  ** consumes either the same or less bytes as it did in the input (since
+  ** the difference between it and the previous value in the output must
+  ** be a positive value less than or equal to the delta value read from 
+  ** the input list). The same argument applies to all but the first docid
+  ** read from the 'other' list. And to the contents of all position lists
+  ** that will be copied and merged from the input to the output.
+  **
+  ** However, if the first docid copied to the output is a negative number,
+  ** then the encoding of the first docid from the 'other' input list may
+  ** be larger in the output than it was in the input (since the delta value
+  ** may be a larger positive integer than the actual docid).
+  **
+  ** The space required to store the output is therefore the sum of the
+  ** sizes of the two inputs, plus enough space for exactly one of the input
+  ** docids to grow. 
+  **
+  ** A symetric argument may be made if the doclists are in descending 
+  ** order.
+  */
+  aOut = sqlite3_malloc(n1+n2+FTS3_VARINT_MAX-1);
+  if( !aOut ) return SQLITE_NOMEM;
+
+  p = aOut;
+  fts3GetDeltaVarint3(&p1, pEnd1, 0, &i1);
+  fts3GetDeltaVarint3(&p2, pEnd2, 0, &i2);
+  while( p1 || p2 ){
+    sqlite3_int64 iDiff = DOCID_CMP(i1, i2);
+
+    if( p2 && p1 && iDiff==0 ){
+      fts3PutDeltaVarint3(&p, bDescDoclist, &iPrev, &bFirstOut, i1);
+      fts3PoslistMerge(&p, &p1, &p2);
+      fts3GetDeltaVarint3(&p1, pEnd1, bDescDoclist, &i1);
+      fts3GetDeltaVarint3(&p2, pEnd2, bDescDoclist, &i2);
+    }else if( !p2 || (p1 && iDiff<0) ){
+      fts3PutDeltaVarint3(&p, bDescDoclist, &iPrev, &bFirstOut, i1);
+      fts3PoslistCopy(&p, &p1);
+      fts3GetDeltaVarint3(&p1, pEnd1, bDescDoclist, &i1);
+    }else{
+      fts3PutDeltaVarint3(&p, bDescDoclist, &iPrev, &bFirstOut, i2);
+      fts3PoslistCopy(&p, &p2);
+      fts3GetDeltaVarint3(&p2, pEnd2, bDescDoclist, &i2);
+    }
+  }
+
+  *paOut = aOut;
+  *pnOut = (int)(p-aOut);
+  assert( *pnOut<=n1+n2+FTS3_VARINT_MAX-1 );
+  return SQLITE_OK;
+}
+
+/*
+** This function does a "phrase" merge of two doclists. In a phrase merge,
+** the output contains a copy of each position from the right-hand input
+** doclist for which there is a position in the left-hand input doclist
+** exactly nDist tokens before it.
+**
+** If the docids in the input doclists are sorted in ascending order,
+** parameter bDescDoclist should be false. If they are sorted in ascending 
+** order, it should be passed a non-zero value.
+**
+** The right-hand input doclist is overwritten by this function.
+*/
+static int fts3DoclistPhraseMerge(
+  int bDescDoclist,               /* True if arguments are desc */
+  int nDist,                      /* Distance from left to right (1=adjacent) */
+  char *aLeft, int nLeft,         /* Left doclist */
+  char **paRight, int *pnRight    /* IN/OUT: Right/output doclist */
+){
+  sqlite3_int64 i1 = 0;
+  sqlite3_int64 i2 = 0;
+  sqlite3_int64 iPrev = 0;
+  char *aRight = *paRight;
+  char *pEnd1 = &aLeft[nLeft];
+  char *pEnd2 = &aRight[*pnRight];
+  char *p1 = aLeft;
+  char *p2 = aRight;
+  char *p;
+  int bFirstOut = 0;
+  char *aOut;
+
+  assert( nDist>0 );
+  if( bDescDoclist ){
+    aOut = sqlite3_malloc(*pnRight + FTS3_VARINT_MAX);
+    if( aOut==0 ) return SQLITE_NOMEM;
+  }else{
+    aOut = aRight;
+  }
+  p = aOut;
+
+  fts3GetDeltaVarint3(&p1, pEnd1, 0, &i1);
+  fts3GetDeltaVarint3(&p2, pEnd2, 0, &i2);
+
+  while( p1 && p2 ){
+    sqlite3_int64 iDiff = DOCID_CMP(i1, i2);
+    if( iDiff==0 ){
+      char *pSave = p;
+      sqlite3_int64 iPrevSave = iPrev;
+      int bFirstOutSave = bFirstOut;
+
+      fts3PutDeltaVarint3(&p, bDescDoclist, &iPrev, &bFirstOut, i1);
+      if( 0==fts3PoslistPhraseMerge(&p, nDist, 0, 1, &p1, &p2) ){
+        p = pSave;
+        iPrev = iPrevSave;
+        bFirstOut = bFirstOutSave;
+      }
+      fts3GetDeltaVarint3(&p1, pEnd1, bDescDoclist, &i1);
+      fts3GetDeltaVarint3(&p2, pEnd2, bDescDoclist, &i2);
+    }else if( iDiff<0 ){
+      fts3PoslistCopy(0, &p1);
+      fts3GetDeltaVarint3(&p1, pEnd1, bDescDoclist, &i1);
+    }else{
+      fts3PoslistCopy(0, &p2);
+      fts3GetDeltaVarint3(&p2, pEnd2, bDescDoclist, &i2);
+    }
+  }
+
+  *pnRight = (int)(p - aOut);
+  if( bDescDoclist ){
+    sqlite3_free(aRight);
+    *paRight = aOut;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Argument pList points to a position list nList bytes in size. This
+** function checks to see if the position list contains any entries for
+** a token in position 0 (of any column). If so, it writes argument iDelta
+** to the output buffer pOut, followed by a position list consisting only
+** of the entries from pList at position 0, and terminated by an 0x00 byte.
+** The value returned is the number of bytes written to pOut (if any).
+*/
+SQLITE_PRIVATE int sqlite3Fts3FirstFilter(
+  sqlite3_int64 iDelta,           /* Varint that may be written to pOut */
+  char *pList,                    /* Position list (no 0x00 term) */
+  int nList,                      /* Size of pList in bytes */
+  char *pOut                      /* Write output here */
+){
+  int nOut = 0;
+  int bWritten = 0;               /* True once iDelta has been written */
+  char *p = pList;
+  char *pEnd = &pList[nList];
+
+  if( *p!=0x01 ){
+    if( *p==0x02 ){
+      nOut += sqlite3Fts3PutVarint(&pOut[nOut], iDelta);
+      pOut[nOut++] = 0x02;
+      bWritten = 1;
+    }
+    fts3ColumnlistCopy(0, &p);
+  }
+
+  while( p<pEnd && *p==0x01 ){
+    sqlite3_int64 iCol;
+    p++;
+    p += sqlite3Fts3GetVarint(p, &iCol);
+    if( *p==0x02 ){
+      if( bWritten==0 ){
+        nOut += sqlite3Fts3PutVarint(&pOut[nOut], iDelta);
+        bWritten = 1;
+      }
+      pOut[nOut++] = 0x01;
+      nOut += sqlite3Fts3PutVarint(&pOut[nOut], iCol);
+      pOut[nOut++] = 0x02;
+    }
+    fts3ColumnlistCopy(0, &p);
+  }
+  if( bWritten ){
+    pOut[nOut++] = 0x00;
+  }
+
+  return nOut;
+}
+
+
+/*
+** Merge all doclists in the TermSelect.aaOutput[] array into a single
+** doclist stored in TermSelect.aaOutput[0]. If successful, delete all
+** other doclists (except the aaOutput[0] one) and return SQLITE_OK.
+**
+** If an OOM error occurs, return SQLITE_NOMEM. In this case it is
+** the responsibility of the caller to free any doclists left in the
+** TermSelect.aaOutput[] array.
+*/
+static int fts3TermSelectFinishMerge(Fts3Table *p, TermSelect *pTS){
+  char *aOut = 0;
+  int nOut = 0;
+  int i;
+
+  /* Loop through the doclists in the aaOutput[] array. Merge them all
+  ** into a single doclist.
+  */
+  for(i=0; i<SizeofArray(pTS->aaOutput); i++){
+    if( pTS->aaOutput[i] ){
+      if( !aOut ){
+        aOut = pTS->aaOutput[i];
+        nOut = pTS->anOutput[i];
+        pTS->aaOutput[i] = 0;
+      }else{
+        int nNew;
+        char *aNew;
+
+        int rc = fts3DoclistOrMerge(p->bDescIdx, 
+            pTS->aaOutput[i], pTS->anOutput[i], aOut, nOut, &aNew, &nNew
+        );
+        if( rc!=SQLITE_OK ){
+          sqlite3_free(aOut);
+          return rc;
+        }
+
+        sqlite3_free(pTS->aaOutput[i]);
+        sqlite3_free(aOut);
+        pTS->aaOutput[i] = 0;
+        aOut = aNew;
+        nOut = nNew;
+      }
+    }
+  }
+
+  pTS->aaOutput[0] = aOut;
+  pTS->anOutput[0] = nOut;
+  return SQLITE_OK;
+}
+
+/*
+** Merge the doclist aDoclist/nDoclist into the TermSelect object passed
+** as the first argument. The merge is an "OR" merge (see function
+** fts3DoclistOrMerge() for details).
+**
+** This function is called with the doclist for each term that matches
+** a queried prefix. It merges all these doclists into one, the doclist
+** for the specified prefix. Since there can be a very large number of
+** doclists to merge, the merging is done pair-wise using the TermSelect
+** object.
+**
+** This function returns SQLITE_OK if the merge is successful, or an
+** SQLite error code (SQLITE_NOMEM) if an error occurs.
+*/
+static int fts3TermSelectMerge(
+  Fts3Table *p,                   /* FTS table handle */
+  TermSelect *pTS,                /* TermSelect object to merge into */
+  char *aDoclist,                 /* Pointer to doclist */
+  int nDoclist                    /* Size of aDoclist in bytes */
+){
+  if( pTS->aaOutput[0]==0 ){
+    /* If this is the first term selected, copy the doclist to the output
+    ** buffer using memcpy(). 
+    **
+    ** Add FTS3_VARINT_MAX bytes of unused space to the end of the 
+    ** allocation. This is so as to ensure that the buffer is big enough
+    ** to hold the current doclist AND'd with any other doclist. If the
+    ** doclists are stored in order=ASC order, this padding would not be
+    ** required (since the size of [doclistA AND doclistB] is always less
+    ** than or equal to the size of [doclistA] in that case). But this is
+    ** not true for order=DESC. For example, a doclist containing (1, -1) 
+    ** may be smaller than (-1), as in the first example the -1 may be stored
+    ** as a single-byte delta, whereas in the second it must be stored as a
+    ** FTS3_VARINT_MAX byte varint.
+    **
+    ** Similar padding is added in the fts3DoclistOrMerge() function.
+    */
+    pTS->aaOutput[0] = sqlite3_malloc(nDoclist + FTS3_VARINT_MAX + 1);
+    pTS->anOutput[0] = nDoclist;
+    if( pTS->aaOutput[0] ){
+      memcpy(pTS->aaOutput[0], aDoclist, nDoclist);
+    }else{
+      return SQLITE_NOMEM;
+    }
+  }else{
+    char *aMerge = aDoclist;
+    int nMerge = nDoclist;
+    int iOut;
+
+    for(iOut=0; iOut<SizeofArray(pTS->aaOutput); iOut++){
+      if( pTS->aaOutput[iOut]==0 ){
+        assert( iOut>0 );
+        pTS->aaOutput[iOut] = aMerge;
+        pTS->anOutput[iOut] = nMerge;
+        break;
+      }else{
+        char *aNew;
+        int nNew;
+
+        int rc = fts3DoclistOrMerge(p->bDescIdx, aMerge, nMerge, 
+            pTS->aaOutput[iOut], pTS->anOutput[iOut], &aNew, &nNew
+        );
+        if( rc!=SQLITE_OK ){
+          if( aMerge!=aDoclist ) sqlite3_free(aMerge);
+          return rc;
+        }
+
+        if( aMerge!=aDoclist ) sqlite3_free(aMerge);
+        sqlite3_free(pTS->aaOutput[iOut]);
+        pTS->aaOutput[iOut] = 0;
+  
+        aMerge = aNew;
+        nMerge = nNew;
+        if( (iOut+1)==SizeofArray(pTS->aaOutput) ){
+          pTS->aaOutput[iOut] = aMerge;
+          pTS->anOutput[iOut] = nMerge;
+        }
+      }
+    }
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Append SegReader object pNew to the end of the pCsr->apSegment[] array.
+*/
+static int fts3SegReaderCursorAppend(
+  Fts3MultiSegReader *pCsr, 
+  Fts3SegReader *pNew
+){
+  if( (pCsr->nSegment%16)==0 ){
+    Fts3SegReader **apNew;
+    int nByte = (pCsr->nSegment + 16)*sizeof(Fts3SegReader*);
+    apNew = (Fts3SegReader **)sqlite3_realloc(pCsr->apSegment, nByte);
+    if( !apNew ){
+      sqlite3Fts3SegReaderFree(pNew);
+      return SQLITE_NOMEM;
+    }
+    pCsr->apSegment = apNew;
+  }
+  pCsr->apSegment[pCsr->nSegment++] = pNew;
+  return SQLITE_OK;
+}
+
+/*
+** Add seg-reader objects to the Fts3MultiSegReader object passed as the
+** 8th argument.
+**
+** This function returns SQLITE_OK if successful, or an SQLite error code
+** otherwise.
+*/
+static int fts3SegReaderCursor(
+  Fts3Table *p,                   /* FTS3 table handle */
+  int iLangid,                    /* Language id */
+  int iIndex,                     /* Index to search (from 0 to p->nIndex-1) */
+  int iLevel,                     /* Level of segments to scan */
+  const char *zTerm,              /* Term to query for */
+  int nTerm,                      /* Size of zTerm in bytes */
+  int isPrefix,                   /* True for a prefix search */
+  int isScan,                     /* True to scan from zTerm to EOF */
+  Fts3MultiSegReader *pCsr        /* Cursor object to populate */
+){
+  int rc = SQLITE_OK;             /* Error code */
+  sqlite3_stmt *pStmt = 0;        /* Statement to iterate through segments */
+  int rc2;                        /* Result of sqlite3_reset() */
+
+  /* If iLevel is less than 0 and this is not a scan, include a seg-reader 
+  ** for the pending-terms. If this is a scan, then this call must be being
+  ** made by an fts4aux module, not an FTS table. In this case calling
+  ** Fts3SegReaderPending might segfault, as the data structures used by 
+  ** fts4aux are not completely populated. So it's easiest to filter these
+  ** calls out here.  */
+  if( iLevel<0 && p->aIndex ){
+    Fts3SegReader *pSeg = 0;
+    rc = sqlite3Fts3SegReaderPending(p, iIndex, zTerm, nTerm, isPrefix||isScan, &pSeg);
+    if( rc==SQLITE_OK && pSeg ){
+      rc = fts3SegReaderCursorAppend(pCsr, pSeg);
+    }
+  }
+
+  if( iLevel!=FTS3_SEGCURSOR_PENDING ){
+    if( rc==SQLITE_OK ){
+      rc = sqlite3Fts3AllSegdirs(p, iLangid, iIndex, iLevel, &pStmt);
+    }
+
+    while( rc==SQLITE_OK && SQLITE_ROW==(rc = sqlite3_step(pStmt)) ){
+      Fts3SegReader *pSeg = 0;
+
+      /* Read the values returned by the SELECT into local variables. */
+      sqlite3_int64 iStartBlock = sqlite3_column_int64(pStmt, 1);
+      sqlite3_int64 iLeavesEndBlock = sqlite3_column_int64(pStmt, 2);
+      sqlite3_int64 iEndBlock = sqlite3_column_int64(pStmt, 3);
+      int nRoot = sqlite3_column_bytes(pStmt, 4);
+      char const *zRoot = sqlite3_column_blob(pStmt, 4);
+
+      /* If zTerm is not NULL, and this segment is not stored entirely on its
+      ** root node, the range of leaves scanned can be reduced. Do this. */
+      if( iStartBlock && zTerm ){
+        sqlite3_int64 *pi = (isPrefix ? &iLeavesEndBlock : 0);
+        rc = fts3SelectLeaf(p, zTerm, nTerm, zRoot, nRoot, &iStartBlock, pi);
+        if( rc!=SQLITE_OK ) goto finished;
+        if( isPrefix==0 && isScan==0 ) iLeavesEndBlock = iStartBlock;
+      }
+ 
+      rc = sqlite3Fts3SegReaderNew(pCsr->nSegment+1, 
+          (isPrefix==0 && isScan==0),
+          iStartBlock, iLeavesEndBlock, 
+          iEndBlock, zRoot, nRoot, &pSeg
+      );
+      if( rc!=SQLITE_OK ) goto finished;
+      rc = fts3SegReaderCursorAppend(pCsr, pSeg);
+    }
+  }
+
+ finished:
+  rc2 = sqlite3_reset(pStmt);
+  if( rc==SQLITE_DONE ) rc = rc2;
+
+  return rc;
+}
+
+/*
+** Set up a cursor object for iterating through a full-text index or a 
+** single level therein.
+*/
+SQLITE_PRIVATE int sqlite3Fts3SegReaderCursor(
+  Fts3Table *p,                   /* FTS3 table handle */
+  int iLangid,                    /* Language-id to search */
+  int iIndex,                     /* Index to search (from 0 to p->nIndex-1) */
+  int iLevel,                     /* Level of segments to scan */
+  const char *zTerm,              /* Term to query for */
+  int nTerm,                      /* Size of zTerm in bytes */
+  int isPrefix,                   /* True for a prefix search */
+  int isScan,                     /* True to scan from zTerm to EOF */
+  Fts3MultiSegReader *pCsr       /* Cursor object to populate */
+){
+  assert( iIndex>=0 && iIndex<p->nIndex );
+  assert( iLevel==FTS3_SEGCURSOR_ALL
+      ||  iLevel==FTS3_SEGCURSOR_PENDING 
+      ||  iLevel>=0
+  );
+  assert( iLevel<FTS3_SEGDIR_MAXLEVEL );
+  assert( FTS3_SEGCURSOR_ALL<0 && FTS3_SEGCURSOR_PENDING<0 );
+  assert( isPrefix==0 || isScan==0 );
+
+  memset(pCsr, 0, sizeof(Fts3MultiSegReader));
+  return fts3SegReaderCursor(
+      p, iLangid, iIndex, iLevel, zTerm, nTerm, isPrefix, isScan, pCsr
+  );
+}
+
+/*
+** In addition to its current configuration, have the Fts3MultiSegReader
+** passed as the 4th argument also scan the doclist for term zTerm/nTerm.
+**
+** SQLITE_OK is returned if no error occurs, otherwise an SQLite error code.
+*/
+static int fts3SegReaderCursorAddZero(
+  Fts3Table *p,                   /* FTS virtual table handle */
+  int iLangid,
+  const char *zTerm,              /* Term to scan doclist of */
+  int nTerm,                      /* Number of bytes in zTerm */
+  Fts3MultiSegReader *pCsr        /* Fts3MultiSegReader to modify */
+){
+  return fts3SegReaderCursor(p, 
+      iLangid, 0, FTS3_SEGCURSOR_ALL, zTerm, nTerm, 0, 0,pCsr
+  );
+}
+
+/*
+** Open an Fts3MultiSegReader to scan the doclist for term zTerm/nTerm. Or,
+** if isPrefix is true, to scan the doclist for all terms for which 
+** zTerm/nTerm is a prefix. If successful, return SQLITE_OK and write
+** a pointer to the new Fts3MultiSegReader to *ppSegcsr. Otherwise, return
+** an SQLite error code.
+**
+** It is the responsibility of the caller to free this object by eventually
+** passing it to fts3SegReaderCursorFree() 
+**
+** SQLITE_OK is returned if no error occurs, otherwise an SQLite error code.
+** Output parameter *ppSegcsr is set to 0 if an error occurs.
+*/
+static int fts3TermSegReaderCursor(
+  Fts3Cursor *pCsr,               /* Virtual table cursor handle */
+  const char *zTerm,              /* Term to query for */
+  int nTerm,                      /* Size of zTerm in bytes */
+  int isPrefix,                   /* True for a prefix search */
+  Fts3MultiSegReader **ppSegcsr   /* OUT: Allocated seg-reader cursor */
+){
+  Fts3MultiSegReader *pSegcsr;    /* Object to allocate and return */
+  int rc = SQLITE_NOMEM;          /* Return code */
+
+  pSegcsr = sqlite3_malloc(sizeof(Fts3MultiSegReader));
+  if( pSegcsr ){
+    int i;
+    int bFound = 0;               /* True once an index has been found */
+    Fts3Table *p = (Fts3Table *)pCsr->base.pVtab;
+
+    if( isPrefix ){
+      for(i=1; bFound==0 && i<p->nIndex; i++){
+        if( p->aIndex[i].nPrefix==nTerm ){
+          bFound = 1;
+          rc = sqlite3Fts3SegReaderCursor(p, pCsr->iLangid, 
+              i, FTS3_SEGCURSOR_ALL, zTerm, nTerm, 0, 0, pSegcsr
+          );
+          pSegcsr->bLookup = 1;
+        }
+      }
+
+      for(i=1; bFound==0 && i<p->nIndex; i++){
+        if( p->aIndex[i].nPrefix==nTerm+1 ){
+          bFound = 1;
+          rc = sqlite3Fts3SegReaderCursor(p, pCsr->iLangid, 
+              i, FTS3_SEGCURSOR_ALL, zTerm, nTerm, 1, 0, pSegcsr
+          );
+          if( rc==SQLITE_OK ){
+            rc = fts3SegReaderCursorAddZero(
+                p, pCsr->iLangid, zTerm, nTerm, pSegcsr
+            );
+          }
+        }
+      }
+    }
+
+    if( bFound==0 ){
+      rc = sqlite3Fts3SegReaderCursor(p, pCsr->iLangid, 
+          0, FTS3_SEGCURSOR_ALL, zTerm, nTerm, isPrefix, 0, pSegcsr
+      );
+      pSegcsr->bLookup = !isPrefix;
+    }
+  }
+
+  *ppSegcsr = pSegcsr;
+  return rc;
+}
+
+/*
+** Free an Fts3MultiSegReader allocated by fts3TermSegReaderCursor().
+*/
+static void fts3SegReaderCursorFree(Fts3MultiSegReader *pSegcsr){
+  sqlite3Fts3SegReaderFinish(pSegcsr);
+  sqlite3_free(pSegcsr);
+}
+
+/*
+** This function retrieves the doclist for the specified term (or term
+** prefix) from the database.
+*/
+static int fts3TermSelect(
+  Fts3Table *p,                   /* Virtual table handle */
+  Fts3PhraseToken *pTok,          /* Token to query for */
+  int iColumn,                    /* Column to query (or -ve for all columns) */
+  int *pnOut,                     /* OUT: Size of buffer at *ppOut */
+  char **ppOut                    /* OUT: Malloced result buffer */
+){
+  int rc;                         /* Return code */
+  Fts3MultiSegReader *pSegcsr;    /* Seg-reader cursor for this term */
+  TermSelect tsc;                 /* Object for pair-wise doclist merging */
+  Fts3SegFilter filter;           /* Segment term filter configuration */
+
+  pSegcsr = pTok->pSegcsr;
+  memset(&tsc, 0, sizeof(TermSelect));
+
+  filter.flags = FTS3_SEGMENT_IGNORE_EMPTY | FTS3_SEGMENT_REQUIRE_POS
+        | (pTok->isPrefix ? FTS3_SEGMENT_PREFIX : 0)
+        | (pTok->bFirst ? FTS3_SEGMENT_FIRST : 0)
+        | (iColumn<p->nColumn ? FTS3_SEGMENT_COLUMN_FILTER : 0);
+  filter.iCol = iColumn;
+  filter.zTerm = pTok->z;
+  filter.nTerm = pTok->n;
+
+  rc = sqlite3Fts3SegReaderStart(p, pSegcsr, &filter);
+  while( SQLITE_OK==rc
+      && SQLITE_ROW==(rc = sqlite3Fts3SegReaderStep(p, pSegcsr)) 
+  ){
+    rc = fts3TermSelectMerge(p, &tsc, pSegcsr->aDoclist, pSegcsr->nDoclist);
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = fts3TermSelectFinishMerge(p, &tsc);
+  }
+  if( rc==SQLITE_OK ){
+    *ppOut = tsc.aaOutput[0];
+    *pnOut = tsc.anOutput[0];
+  }else{
+    int i;
+    for(i=0; i<SizeofArray(tsc.aaOutput); i++){
+      sqlite3_free(tsc.aaOutput[i]);
+    }
+  }
+
+  fts3SegReaderCursorFree(pSegcsr);
+  pTok->pSegcsr = 0;
+  return rc;
+}
+
+/*
+** This function counts the total number of docids in the doclist stored
+** in buffer aList[], size nList bytes.
+**
+** If the isPoslist argument is true, then it is assumed that the doclist
+** contains a position-list following each docid. Otherwise, it is assumed
+** that the doclist is simply a list of docids stored as delta encoded 
+** varints.
+*/
+static int fts3DoclistCountDocids(char *aList, int nList){
+  int nDoc = 0;                   /* Return value */
+  if( aList ){
+    char *aEnd = &aList[nList];   /* Pointer to one byte after EOF */
+    char *p = aList;              /* Cursor */
+    while( p<aEnd ){
+      nDoc++;
+      while( (*p++)&0x80 );     /* Skip docid varint */
+      fts3PoslistCopy(0, &p);   /* Skip over position list */
+    }
+  }
+
+  return nDoc;
+}
+
+/*
+** Advance the cursor to the next row in the %_content table that
+** matches the search criteria.  For a MATCH search, this will be
+** the next row that matches. For a full-table scan, this will be
+** simply the next row in the %_content table.  For a docid lookup,
+** this routine simply sets the EOF flag.
+**
+** Return SQLITE_OK if nothing goes wrong.  SQLITE_OK is returned
+** even if we reach end-of-file.  The fts3EofMethod() will be called
+** subsequently to determine whether or not an EOF was hit.
+*/
+static int fts3NextMethod(sqlite3_vtab_cursor *pCursor){
+  int rc;
+  Fts3Cursor *pCsr = (Fts3Cursor *)pCursor;
+  if( pCsr->eSearch==FTS3_DOCID_SEARCH || pCsr->eSearch==FTS3_FULLSCAN_SEARCH ){
+    if( SQLITE_ROW!=sqlite3_step(pCsr->pStmt) ){
+      pCsr->isEof = 1;
+      rc = sqlite3_reset(pCsr->pStmt);
+    }else{
+      pCsr->iPrevId = sqlite3_column_int64(pCsr->pStmt, 0);
+      rc = SQLITE_OK;
+    }
+  }else{
+    rc = fts3EvalNext((Fts3Cursor *)pCursor);
+  }
+  assert( ((Fts3Table *)pCsr->base.pVtab)->pSegments==0 );
+  return rc;
+}
+
+/*
+** The following are copied from sqliteInt.h.
+**
+** Constants for the largest and smallest possible 64-bit signed integers.
+** These macros are designed to work correctly on both 32-bit and 64-bit
+** compilers.
+*/
+#ifndef SQLITE_AMALGAMATION
+# define LARGEST_INT64  (0xffffffff|(((sqlite3_int64)0x7fffffff)<<32))
+# define SMALLEST_INT64 (((sqlite3_int64)-1) - LARGEST_INT64)
+#endif
+
+/*
+** If the numeric type of argument pVal is "integer", then return it
+** converted to a 64-bit signed integer. Otherwise, return a copy of
+** the second parameter, iDefault.
+*/
+static sqlite3_int64 fts3DocidRange(sqlite3_value *pVal, i64 iDefault){
+  if( pVal ){
+    int eType = sqlite3_value_numeric_type(pVal);
+    if( eType==SQLITE_INTEGER ){
+      return sqlite3_value_int64(pVal);
+    }
+  }
+  return iDefault;
+}
+
+/*
+** This is the xFilter interface for the virtual table.  See
+** the virtual table xFilter method documentation for additional
+** information.
+**
+** If idxNum==FTS3_FULLSCAN_SEARCH then do a full table scan against
+** the %_content table.
+**
+** If idxNum==FTS3_DOCID_SEARCH then do a docid lookup for a single entry
+** in the %_content table.
+**
+** If idxNum>=FTS3_FULLTEXT_SEARCH then use the full text index.  The
+** column on the left-hand side of the MATCH operator is column
+** number idxNum-FTS3_FULLTEXT_SEARCH, 0 indexed.  argv[0] is the right-hand
+** side of the MATCH operator.
+*/
+static int fts3FilterMethod(
+  sqlite3_vtab_cursor *pCursor,   /* The cursor used for this query */
+  int idxNum,                     /* Strategy index */
+  const char *idxStr,             /* Unused */
+  int nVal,                       /* Number of elements in apVal */
+  sqlite3_value **apVal           /* Arguments for the indexing scheme */
+){
+  int rc = SQLITE_OK;
+  char *zSql;                     /* SQL statement used to access %_content */
+  int eSearch;
+  Fts3Table *p = (Fts3Table *)pCursor->pVtab;
+  Fts3Cursor *pCsr = (Fts3Cursor *)pCursor;
+
+  sqlite3_value *pCons = 0;       /* The MATCH or rowid constraint, if any */
+  sqlite3_value *pLangid = 0;     /* The "langid = ?" constraint, if any */
+  sqlite3_value *pDocidGe = 0;    /* The "docid >= ?" constraint, if any */
+  sqlite3_value *pDocidLe = 0;    /* The "docid <= ?" constraint, if any */
+  int iIdx;
+
+  UNUSED_PARAMETER(idxStr);
+  UNUSED_PARAMETER(nVal);
+
+  eSearch = (idxNum & 0x0000FFFF);
+  assert( eSearch>=0 && eSearch<=(FTS3_FULLTEXT_SEARCH+p->nColumn) );
+  assert( p->pSegments==0 );
+
+  /* Collect arguments into local variables */
+  iIdx = 0;
+  if( eSearch!=FTS3_FULLSCAN_SEARCH ) pCons = apVal[iIdx++];
+  if( idxNum & FTS3_HAVE_LANGID ) pLangid = apVal[iIdx++];
+  if( idxNum & FTS3_HAVE_DOCID_GE ) pDocidGe = apVal[iIdx++];
+  if( idxNum & FTS3_HAVE_DOCID_LE ) pDocidLe = apVal[iIdx++];
+  assert( iIdx==nVal );
+
+  /* In case the cursor has been used before, clear it now. */
+  sqlite3_finalize(pCsr->pStmt);
+  sqlite3_free(pCsr->aDoclist);
+  sqlite3Fts3MIBufferFree(pCsr->pMIBuffer);
+  sqlite3Fts3ExprFree(pCsr->pExpr);
+  memset(&pCursor[1], 0, sizeof(Fts3Cursor)-sizeof(sqlite3_vtab_cursor));
+
+  /* Set the lower and upper bounds on docids to return */
+  pCsr->iMinDocid = fts3DocidRange(pDocidGe, SMALLEST_INT64);
+  pCsr->iMaxDocid = fts3DocidRange(pDocidLe, LARGEST_INT64);
+
+  if( idxStr ){
+    pCsr->bDesc = (idxStr[0]=='D');
+  }else{
+    pCsr->bDesc = p->bDescIdx;
+  }
+  pCsr->eSearch = (i16)eSearch;
+
+  if( eSearch!=FTS3_DOCID_SEARCH && eSearch!=FTS3_FULLSCAN_SEARCH ){
+    int iCol = eSearch-FTS3_FULLTEXT_SEARCH;
+    const char *zQuery = (const char *)sqlite3_value_text(pCons);
+
+    if( zQuery==0 && sqlite3_value_type(pCons)!=SQLITE_NULL ){
+      return SQLITE_NOMEM;
+    }
+
+    pCsr->iLangid = 0;
+    if( pLangid ) pCsr->iLangid = sqlite3_value_int(pLangid);
+
+    assert( p->base.zErrMsg==0 );
+    rc = sqlite3Fts3ExprParse(p->pTokenizer, pCsr->iLangid,
+        p->azColumn, p->bFts4, p->nColumn, iCol, zQuery, -1, &pCsr->pExpr, 
+        &p->base.zErrMsg
+    );
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+
+    rc = fts3EvalStart(pCsr);
+    sqlite3Fts3SegmentsClose(p);
+    if( rc!=SQLITE_OK ) return rc;
+    pCsr->pNextId = pCsr->aDoclist;
+    pCsr->iPrevId = 0;
+  }
+
+  /* Compile a SELECT statement for this cursor. For a full-table-scan, the
+  ** statement loops through all rows of the %_content table. For a
+  ** full-text query or docid lookup, the statement retrieves a single
+  ** row by docid.
+  */
+  if( eSearch==FTS3_FULLSCAN_SEARCH ){
+    if( pDocidGe || pDocidLe ){
+      zSql = sqlite3_mprintf(
+          "SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s",
+          p->zReadExprlist, pCsr->iMinDocid, pCsr->iMaxDocid,
+          (pCsr->bDesc ? "DESC" : "ASC")
+      );
+    }else{
+      zSql = sqlite3_mprintf("SELECT %s ORDER BY rowid %s", 
+          p->zReadExprlist, (pCsr->bDesc ? "DESC" : "ASC")
+      );
+    }
+    if( zSql ){
+      rc = sqlite3_prepare_v2(p->db, zSql, -1, &pCsr->pStmt, 0);
+      sqlite3_free(zSql);
+    }else{
+      rc = SQLITE_NOMEM;
+    }
+  }else if( eSearch==FTS3_DOCID_SEARCH ){
+    rc = fts3CursorSeekStmt(pCsr, &pCsr->pStmt);
+    if( rc==SQLITE_OK ){
+      rc = sqlite3_bind_value(pCsr->pStmt, 1, pCons);
+    }
+  }
+  if( rc!=SQLITE_OK ) return rc;
+
+  return fts3NextMethod(pCursor);
+}
+
+/* 
+** This is the xEof method of the virtual table. SQLite calls this 
+** routine to find out if it has reached the end of a result set.
+*/
+static int fts3EofMethod(sqlite3_vtab_cursor *pCursor){
+  return ((Fts3Cursor *)pCursor)->isEof;
+}
+
+/* 
+** This is the xRowid method. The SQLite core calls this routine to
+** retrieve the rowid for the current row of the result set. fts3
+** exposes %_content.docid as the rowid for the virtual table. The
+** rowid should be written to *pRowid.
+*/
+static int fts3RowidMethod(sqlite3_vtab_cursor *pCursor, sqlite_int64 *pRowid){
+  Fts3Cursor *pCsr = (Fts3Cursor *) pCursor;
+  *pRowid = pCsr->iPrevId;
+  return SQLITE_OK;
+}
+
+/* 
+** This is the xColumn method, called by SQLite to request a value from
+** the row that the supplied cursor currently points to.
+**
+** If:
+**
+**   (iCol <  p->nColumn)   -> The value of the iCol'th user column.
+**   (iCol == p->nColumn)   -> Magic column with the same name as the table.
+**   (iCol == p->nColumn+1) -> Docid column
+**   (iCol == p->nColumn+2) -> Langid column
+*/
+static int fts3ColumnMethod(
+  sqlite3_vtab_cursor *pCursor,   /* Cursor to retrieve value from */
+  sqlite3_context *pCtx,          /* Context for sqlite3_result_xxx() calls */
+  int iCol                        /* Index of column to read value from */
+){
+  int rc = SQLITE_OK;             /* Return Code */
+  Fts3Cursor *pCsr = (Fts3Cursor *) pCursor;
+  Fts3Table *p = (Fts3Table *)pCursor->pVtab;
+
+  /* The column value supplied by SQLite must be in range. */
+  assert( iCol>=0 && iCol<=p->nColumn+2 );
+
+  if( iCol==p->nColumn+1 ){
+    /* This call is a request for the "docid" column. Since "docid" is an 
+    ** alias for "rowid", use the xRowid() method to obtain the value.
+    */
+    sqlite3_result_int64(pCtx, pCsr->iPrevId);
+  }else if( iCol==p->nColumn ){
+    /* The extra column whose name is the same as the table.
+    ** Return a blob which is a pointer to the cursor.  */
+    sqlite3_result_blob(pCtx, &pCsr, sizeof(pCsr), SQLITE_TRANSIENT);
+  }else if( iCol==p->nColumn+2 && pCsr->pExpr ){
+    sqlite3_result_int64(pCtx, pCsr->iLangid);
+  }else{
+    /* The requested column is either a user column (one that contains 
+    ** indexed data), or the language-id column.  */
+    rc = fts3CursorSeek(0, pCsr);
+
+    if( rc==SQLITE_OK ){
+      if( iCol==p->nColumn+2 ){
+        int iLangid = 0;
+        if( p->zLanguageid ){
+          iLangid = sqlite3_column_int(pCsr->pStmt, p->nColumn+1);
+        }
+        sqlite3_result_int(pCtx, iLangid);
+      }else if( sqlite3_data_count(pCsr->pStmt)>(iCol+1) ){
+        sqlite3_result_value(pCtx, sqlite3_column_value(pCsr->pStmt, iCol+1));
+      }
+    }
+  }
+
+  assert( ((Fts3Table *)pCsr->base.pVtab)->pSegments==0 );
+  return rc;
+}
+
+/* 
+** This function is the implementation of the xUpdate callback used by 
+** FTS3 virtual tables. It is invoked by SQLite each time a row is to be
+** inserted, updated or deleted.
+*/
+static int fts3UpdateMethod(
+  sqlite3_vtab *pVtab,            /* Virtual table handle */
+  int nArg,                       /* Size of argument array */
+  sqlite3_value **apVal,          /* Array of arguments */
+  sqlite_int64 *pRowid            /* OUT: The affected (or effected) rowid */
+){
+  return sqlite3Fts3UpdateMethod(pVtab, nArg, apVal, pRowid);
+}
+
+/*
+** Implementation of xSync() method. Flush the contents of the pending-terms
+** hash-table to the database.
+*/
+static int fts3SyncMethod(sqlite3_vtab *pVtab){
+
+  /* Following an incremental-merge operation, assuming that the input
+  ** segments are not completely consumed (the usual case), they are updated
+  ** in place to remove the entries that have already been merged. This
+  ** involves updating the leaf block that contains the smallest unmerged
+  ** entry and each block (if any) between the leaf and the root node. So
+  ** if the height of the input segment b-trees is N, and input segments
+  ** are merged eight at a time, updating the input segments at the end
+  ** of an incremental-merge requires writing (8*(1+N)) blocks. N is usually
+  ** small - often between 0 and 2. So the overhead of the incremental
+  ** merge is somewhere between 8 and 24 blocks. To avoid this overhead
+  ** dwarfing the actual productive work accomplished, the incremental merge
+  ** is only attempted if it will write at least 64 leaf blocks. Hence
+  ** nMinMerge.
+  **
+  ** Of course, updating the input segments also involves deleting a bunch
+  ** of blocks from the segments table. But this is not considered overhead
+  ** as it would also be required by a crisis-merge that used the same input 
+  ** segments.
+  */
+  const u32 nMinMerge = 64;       /* Minimum amount of incr-merge work to do */
+
+  Fts3Table *p = (Fts3Table*)pVtab;
+  int rc = sqlite3Fts3PendingTermsFlush(p);
+
+  if( rc==SQLITE_OK 
+   && p->nLeafAdd>(nMinMerge/16) 
+   && p->nAutoincrmerge && p->nAutoincrmerge!=0xff
+  ){
+    int mxLevel = 0;              /* Maximum relative level value in db */
+    int A;                        /* Incr-merge parameter A */
+
+    rc = sqlite3Fts3MaxLevel(p, &mxLevel);
+    assert( rc==SQLITE_OK || mxLevel==0 );
+    A = p->nLeafAdd * mxLevel;
+    A += (A/2);
+    if( A>(int)nMinMerge ) rc = sqlite3Fts3Incrmerge(p, A, p->nAutoincrmerge);
+  }
+  sqlite3Fts3SegmentsClose(p);
+  return rc;
+}
+
+/*
+** If it is currently unknown whether or not the FTS table has an %_stat
+** table (if p->bHasStat==2), attempt to determine this (set p->bHasStat
+** to 0 or 1). Return SQLITE_OK if successful, or an SQLite error code
+** if an error occurs.
+*/
+static int fts3SetHasStat(Fts3Table *p){
+  int rc = SQLITE_OK;
+  if( p->bHasStat==2 ){
+    const char *zFmt ="SELECT 1 FROM %Q.sqlite_master WHERE tbl_name='%q_stat'";
+    char *zSql = sqlite3_mprintf(zFmt, p->zDb, p->zName);
+    if( zSql ){
+      sqlite3_stmt *pStmt = 0;
+      rc = sqlite3_prepare_v2(p->db, zSql, -1, &pStmt, 0);
+      if( rc==SQLITE_OK ){
+        int bHasStat = (sqlite3_step(pStmt)==SQLITE_ROW);
+        rc = sqlite3_finalize(pStmt);
+        if( rc==SQLITE_OK ) p->bHasStat = bHasStat;
+      }
+      sqlite3_free(zSql);
+    }else{
+      rc = SQLITE_NOMEM;
+    }
+  }
+  return rc;
+}
+
+/*
+** Implementation of xBegin() method. 
+*/
+static int fts3BeginMethod(sqlite3_vtab *pVtab){
+  Fts3Table *p = (Fts3Table*)pVtab;
+  UNUSED_PARAMETER(pVtab);
+  assert( p->pSegments==0 );
+  assert( p->nPendingData==0 );
+  assert( p->inTransaction!=1 );
+  TESTONLY( p->inTransaction = 1 );
+  TESTONLY( p->mxSavepoint = -1; );
+  p->nLeafAdd = 0;
+  return fts3SetHasStat(p);
+}
+
+/*
+** Implementation of xCommit() method. This is a no-op. The contents of
+** the pending-terms hash-table have already been flushed into the database
+** by fts3SyncMethod().
+*/
+static int fts3CommitMethod(sqlite3_vtab *pVtab){
+  TESTONLY( Fts3Table *p = (Fts3Table*)pVtab );
+  UNUSED_PARAMETER(pVtab);
+  assert( p->nPendingData==0 );
+  assert( p->inTransaction!=0 );
+  assert( p->pSegments==0 );
+  TESTONLY( p->inTransaction = 0 );
+  TESTONLY( p->mxSavepoint = -1; );
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of xRollback(). Discard the contents of the pending-terms
+** hash-table. Any changes made to the database are reverted by SQLite.
+*/
+static int fts3RollbackMethod(sqlite3_vtab *pVtab){
+  Fts3Table *p = (Fts3Table*)pVtab;
+  sqlite3Fts3PendingTermsClear(p);
+  assert( p->inTransaction!=0 );
+  TESTONLY( p->inTransaction = 0 );
+  TESTONLY( p->mxSavepoint = -1; );
+  return SQLITE_OK;
+}
+
+/*
+** When called, *ppPoslist must point to the byte immediately following the
+** end of a position-list. i.e. ( (*ppPoslist)[-1]==POS_END ). This function
+** moves *ppPoslist so that it instead points to the first byte of the
+** same position list.
+*/
+static void fts3ReversePoslist(char *pStart, char **ppPoslist){
+  char *p = &(*ppPoslist)[-2];
+  char c = 0;
+
+  /* Skip backwards passed any trailing 0x00 bytes added by NearTrim() */
+  while( p>pStart && (c=*p--)==0 );
+
+  /* Search backwards for a varint with value zero (the end of the previous 
+  ** poslist). This is an 0x00 byte preceded by some byte that does not
+  ** have the 0x80 bit set.  */
+  while( p>pStart && (*p & 0x80) | c ){ 
+    c = *p--; 
+  }
+  assert( p==pStart || c==0 );
+
+  /* At this point p points to that preceding byte without the 0x80 bit
+  ** set. So to find the start of the poslist, skip forward 2 bytes then
+  ** over a varint. 
+  **
+  ** Normally. The other case is that p==pStart and the poslist to return
+  ** is the first in the doclist. In this case do not skip forward 2 bytes.
+  ** The second part of the if condition (c==0 && *ppPoslist>&p[2])
+  ** is required for cases where the first byte of a doclist and the
+  ** doclist is empty. For example, if the first docid is 10, a doclist
+  ** that begins with:
+  **
+  **   0x0A 0x00 <next docid delta varint>
+  */
+  if( p>pStart || (c==0 && *ppPoslist>&p[2]) ){ p = &p[2]; }
+  while( *p++&0x80 );
+  *ppPoslist = p;
+}
+
+/*
+** Helper function used by the implementation of the overloaded snippet(),
+** offsets() and optimize() SQL functions.
+**
+** If the value passed as the third argument is a blob of size
+** sizeof(Fts3Cursor*), then the blob contents are copied to the 
+** output variable *ppCsr and SQLITE_OK is returned. Otherwise, an error
+** message is written to context pContext and SQLITE_ERROR returned. The
+** string passed via zFunc is used as part of the error message.
+*/
+static int fts3FunctionArg(
+  sqlite3_context *pContext,      /* SQL function call context */
+  const char *zFunc,              /* Function name */
+  sqlite3_value *pVal,            /* argv[0] passed to function */
+  Fts3Cursor **ppCsr              /* OUT: Store cursor handle here */
+){
+  Fts3Cursor *pRet;
+  if( sqlite3_value_type(pVal)!=SQLITE_BLOB 
+   || sqlite3_value_bytes(pVal)!=sizeof(Fts3Cursor *)
+  ){
+    char *zErr = sqlite3_mprintf("illegal first argument to %s", zFunc);
+    sqlite3_result_error(pContext, zErr, -1);
+    sqlite3_free(zErr);
+    return SQLITE_ERROR;
+  }
+  memcpy(&pRet, sqlite3_value_blob(pVal), sizeof(Fts3Cursor *));
+  *ppCsr = pRet;
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of the snippet() function for FTS3
+*/
+static void fts3SnippetFunc(
+  sqlite3_context *pContext,      /* SQLite function call context */
+  int nVal,                       /* Size of apVal[] array */
+  sqlite3_value **apVal           /* Array of arguments */
+){
+  Fts3Cursor *pCsr;               /* Cursor handle passed through apVal[0] */
+  const char *zStart = "<b>";
+  const char *zEnd = "</b>";
+  const char *zEllipsis = "<b>...</b>";
+  int iCol = -1;
+  int nToken = 15;                /* Default number of tokens in snippet */
+
+  /* There must be at least one argument passed to this function (otherwise
+  ** the non-overloaded version would have been called instead of this one).
+  */
+  assert( nVal>=1 );
+
+  if( nVal>6 ){
+    sqlite3_result_error(pContext, 
+        "wrong number of arguments to function snippet()", -1);
+    return;
+  }
+  if( fts3FunctionArg(pContext, "snippet", apVal[0], &pCsr) ) return;
+
+  switch( nVal ){
+    case 6: nToken = sqlite3_value_int(apVal[5]);
+    case 5: iCol = sqlite3_value_int(apVal[4]);
+    case 4: zEllipsis = (const char*)sqlite3_value_text(apVal[3]);
+    case 3: zEnd = (const char*)sqlite3_value_text(apVal[2]);
+    case 2: zStart = (const char*)sqlite3_value_text(apVal[1]);
+  }
+  if( !zEllipsis || !zEnd || !zStart ){
+    sqlite3_result_error_nomem(pContext);
+  }else if( nToken==0 ){
+    sqlite3_result_text(pContext, "", -1, SQLITE_STATIC);
+  }else if( SQLITE_OK==fts3CursorSeek(pContext, pCsr) ){
+    sqlite3Fts3Snippet(pContext, pCsr, zStart, zEnd, zEllipsis, iCol, nToken);
+  }
+}
+
+/*
+** Implementation of the offsets() function for FTS3
+*/
+static void fts3OffsetsFunc(
+  sqlite3_context *pContext,      /* SQLite function call context */
+  int nVal,                       /* Size of argument array */
+  sqlite3_value **apVal           /* Array of arguments */
+){
+  Fts3Cursor *pCsr;               /* Cursor handle passed through apVal[0] */
+
+  UNUSED_PARAMETER(nVal);
+
+  assert( nVal==1 );
+  if( fts3FunctionArg(pContext, "offsets", apVal[0], &pCsr) ) return;
+  assert( pCsr );
+  if( SQLITE_OK==fts3CursorSeek(pContext, pCsr) ){
+    sqlite3Fts3Offsets(pContext, pCsr);
+  }
+}
+
+/* 
+** Implementation of the special optimize() function for FTS3. This 
+** function merges all segments in the database to a single segment.
+** Example usage is:
+**
+**   SELECT optimize(t) FROM t LIMIT 1;
+**
+** where 't' is the name of an FTS3 table.
+*/
+static void fts3OptimizeFunc(
+  sqlite3_context *pContext,      /* SQLite function call context */
+  int nVal,                       /* Size of argument array */
+  sqlite3_value **apVal           /* Array of arguments */
+){
+  int rc;                         /* Return code */
+  Fts3Table *p;                   /* Virtual table handle */
+  Fts3Cursor *pCursor;            /* Cursor handle passed through apVal[0] */
+
+  UNUSED_PARAMETER(nVal);
+
+  assert( nVal==1 );
+  if( fts3FunctionArg(pContext, "optimize", apVal[0], &pCursor) ) return;
+  p = (Fts3Table *)pCursor->base.pVtab;
+  assert( p );
+
+  rc = sqlite3Fts3Optimize(p);
+
+  switch( rc ){
+    case SQLITE_OK:
+      sqlite3_result_text(pContext, "Index optimized", -1, SQLITE_STATIC);
+      break;
+    case SQLITE_DONE:
+      sqlite3_result_text(pContext, "Index already optimal", -1, SQLITE_STATIC);
+      break;
+    default:
+      sqlite3_result_error_code(pContext, rc);
+      break;
+  }
+}
+
+/*
+** Implementation of the matchinfo() function for FTS3
+*/
+static void fts3MatchinfoFunc(
+  sqlite3_context *pContext,      /* SQLite function call context */
+  int nVal,                       /* Size of argument array */
+  sqlite3_value **apVal           /* Array of arguments */
+){
+  Fts3Cursor *pCsr;               /* Cursor handle passed through apVal[0] */
+  assert( nVal==1 || nVal==2 );
+  if( SQLITE_OK==fts3FunctionArg(pContext, "matchinfo", apVal[0], &pCsr) ){
+    const char *zArg = 0;
+    if( nVal>1 ){
+      zArg = (const char *)sqlite3_value_text(apVal[1]);
+    }
+    sqlite3Fts3Matchinfo(pContext, pCsr, zArg);
+  }
+}
+
+/*
+** This routine implements the xFindFunction method for the FTS3
+** virtual table.
+*/
+static int fts3FindFunctionMethod(
+  sqlite3_vtab *pVtab,            /* Virtual table handle */
+  int nArg,                       /* Number of SQL function arguments */
+  const char *zName,              /* Name of SQL function */
+  void (**pxFunc)(sqlite3_context*,int,sqlite3_value**), /* OUT: Result */
+  void **ppArg                    /* Unused */
+){
+  struct Overloaded {
+    const char *zName;
+    void (*xFunc)(sqlite3_context*,int,sqlite3_value**);
+  } aOverload[] = {
+    { "snippet", fts3SnippetFunc },
+    { "offsets", fts3OffsetsFunc },
+    { "optimize", fts3OptimizeFunc },
+    { "matchinfo", fts3MatchinfoFunc },
+  };
+  int i;                          /* Iterator variable */
+
+  UNUSED_PARAMETER(pVtab);
+  UNUSED_PARAMETER(nArg);
+  UNUSED_PARAMETER(ppArg);
+
+  for(i=0; i<SizeofArray(aOverload); i++){
+    if( strcmp(zName, aOverload[i].zName)==0 ){
+      *pxFunc = aOverload[i].xFunc;
+      return 1;
+    }
+  }
+
+  /* No function of the specified name was found. Return 0. */
+  return 0;
+}
+
+/*
+** Implementation of FTS3 xRename method. Rename an fts3 table.
+*/
+static int fts3RenameMethod(
+  sqlite3_vtab *pVtab,            /* Virtual table handle */
+  const char *zName               /* New name of table */
+){
+  Fts3Table *p = (Fts3Table *)pVtab;
+  sqlite3 *db = p->db;            /* Database connection */
+  int rc;                         /* Return Code */
+
+  /* At this point it must be known if the %_stat table exists or not.
+  ** So bHasStat may not be 2.  */
+  rc = fts3SetHasStat(p);
+  
+  /* As it happens, the pending terms table is always empty here. This is
+  ** because an "ALTER TABLE RENAME TABLE" statement inside a transaction 
+  ** always opens a savepoint transaction. And the xSavepoint() method 
+  ** flushes the pending terms table. But leave the (no-op) call to
+  ** PendingTermsFlush() in in case that changes.
+  */
+  assert( p->nPendingData==0 );
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts3PendingTermsFlush(p);
+  }
+
+  if( p->zContentTbl==0 ){
+    fts3DbExec(&rc, db,
+      "ALTER TABLE %Q.'%q_content'  RENAME TO '%q_content';",
+      p->zDb, p->zName, zName
+    );
+  }
+
+  if( p->bHasDocsize ){
+    fts3DbExec(&rc, db,
+      "ALTER TABLE %Q.'%q_docsize'  RENAME TO '%q_docsize';",
+      p->zDb, p->zName, zName
+    );
+  }
+  if( p->bHasStat ){
+    fts3DbExec(&rc, db,
+      "ALTER TABLE %Q.'%q_stat'  RENAME TO '%q_stat';",
+      p->zDb, p->zName, zName
+    );
+  }
+  fts3DbExec(&rc, db,
+    "ALTER TABLE %Q.'%q_segments' RENAME TO '%q_segments';",
+    p->zDb, p->zName, zName
+  );
+  fts3DbExec(&rc, db,
+    "ALTER TABLE %Q.'%q_segdir'   RENAME TO '%q_segdir';",
+    p->zDb, p->zName, zName
+  );
+  return rc;
+}
+
+/*
+** The xSavepoint() method.
+**
+** Flush the contents of the pending-terms table to disk.
+*/
+static int fts3SavepointMethod(sqlite3_vtab *pVtab, int iSavepoint){
+  int rc = SQLITE_OK;
+  UNUSED_PARAMETER(iSavepoint);
+  assert( ((Fts3Table *)pVtab)->inTransaction );
+  assert( ((Fts3Table *)pVtab)->mxSavepoint < iSavepoint );
+  TESTONLY( ((Fts3Table *)pVtab)->mxSavepoint = iSavepoint );
+  if( ((Fts3Table *)pVtab)->bIgnoreSavepoint==0 ){
+    rc = fts3SyncMethod(pVtab);
+  }
+  return rc;
+}
+
+/*
+** The xRelease() method.
+**
+** This is a no-op.
+*/
+static int fts3ReleaseMethod(sqlite3_vtab *pVtab, int iSavepoint){
+  TESTONLY( Fts3Table *p = (Fts3Table*)pVtab );
+  UNUSED_PARAMETER(iSavepoint);
+  UNUSED_PARAMETER(pVtab);
+  assert( p->inTransaction );
+  assert( p->mxSavepoint >= iSavepoint );
+  TESTONLY( p->mxSavepoint = iSavepoint-1 );
+  return SQLITE_OK;
+}
+
+/*
+** The xRollbackTo() method.
+**
+** Discard the contents of the pending terms table.
+*/
+static int fts3RollbackToMethod(sqlite3_vtab *pVtab, int iSavepoint){
+  Fts3Table *p = (Fts3Table*)pVtab;
+  UNUSED_PARAMETER(iSavepoint);
+  assert( p->inTransaction );
+  assert( p->mxSavepoint >= iSavepoint );
+  TESTONLY( p->mxSavepoint = iSavepoint );
+  sqlite3Fts3PendingTermsClear(p);
+  return SQLITE_OK;
+}
+
+static const sqlite3_module fts3Module = {
+  /* iVersion      */ 2,
+  /* xCreate       */ fts3CreateMethod,
+  /* xConnect      */ fts3ConnectMethod,
+  /* xBestIndex    */ fts3BestIndexMethod,
+  /* xDisconnect   */ fts3DisconnectMethod,
+  /* xDestroy      */ fts3DestroyMethod,
+  /* xOpen         */ fts3OpenMethod,
+  /* xClose        */ fts3CloseMethod,
+  /* xFilter       */ fts3FilterMethod,
+  /* xNext         */ fts3NextMethod,
+  /* xEof          */ fts3EofMethod,
+  /* xColumn       */ fts3ColumnMethod,
+  /* xRowid        */ fts3RowidMethod,
+  /* xUpdate       */ fts3UpdateMethod,
+  /* xBegin        */ fts3BeginMethod,
+  /* xSync         */ fts3SyncMethod,
+  /* xCommit       */ fts3CommitMethod,
+  /* xRollback     */ fts3RollbackMethod,
+  /* xFindFunction */ fts3FindFunctionMethod,
+  /* xRename */       fts3RenameMethod,
+  /* xSavepoint    */ fts3SavepointMethod,
+  /* xRelease      */ fts3ReleaseMethod,
+  /* xRollbackTo   */ fts3RollbackToMethod,
+};
+
+/*
+** This function is registered as the module destructor (called when an
+** FTS3 enabled database connection is closed). It frees the memory
+** allocated for the tokenizer hash table.
+*/
+static void hashDestroy(void *p){
+  Fts3Hash *pHash = (Fts3Hash *)p;
+  sqlite3Fts3HashClear(pHash);
+  sqlite3_free(pHash);
+}
+
+/*
+** The fts3 built-in tokenizers - "simple", "porter" and "icu"- are 
+** implemented in files fts3_tokenizer1.c, fts3_porter.c and fts3_icu.c
+** respectively. The following three forward declarations are for functions
+** declared in these files used to retrieve the respective implementations.
+**
+** Calling sqlite3Fts3SimpleTokenizerModule() sets the value pointed
+** to by the argument to point to the "simple" tokenizer implementation.
+** And so on.
+*/
+SQLITE_PRIVATE void sqlite3Fts3SimpleTokenizerModule(sqlite3_tokenizer_module const**ppModule);
+SQLITE_PRIVATE void sqlite3Fts3PorterTokenizerModule(sqlite3_tokenizer_module const**ppModule);
+#ifndef SQLITE_DISABLE_FTS3_UNICODE
+SQLITE_PRIVATE void sqlite3Fts3UnicodeTokenizer(sqlite3_tokenizer_module const**ppModule);
+#endif
+#ifdef SQLITE_ENABLE_ICU
+SQLITE_PRIVATE void sqlite3Fts3IcuTokenizerModule(sqlite3_tokenizer_module const**ppModule);
+#endif
+
+/*
+** Initialize the fts3 extension. If this extension is built as part
+** of the sqlite library, then this function is called directly by
+** SQLite. If fts3 is built as a dynamically loadable extension, this
+** function is called by the sqlite3_extension_init() entry point.
+*/
+SQLITE_PRIVATE int sqlite3Fts3Init(sqlite3 *db){
+  int rc = SQLITE_OK;
+  Fts3Hash *pHash = 0;
+  const sqlite3_tokenizer_module *pSimple = 0;
+  const sqlite3_tokenizer_module *pPorter = 0;
+#ifndef SQLITE_DISABLE_FTS3_UNICODE
+  const sqlite3_tokenizer_module *pUnicode = 0;
+#endif
+
+#ifdef SQLITE_ENABLE_ICU
+  const sqlite3_tokenizer_module *pIcu = 0;
+  sqlite3Fts3IcuTokenizerModule(&pIcu);
+#endif
+
+#ifndef SQLITE_DISABLE_FTS3_UNICODE
+  sqlite3Fts3UnicodeTokenizer(&pUnicode);
+#endif
+
+#ifdef SQLITE_TEST
+  rc = sqlite3Fts3InitTerm(db);
+  if( rc!=SQLITE_OK ) return rc;
+#endif
+
+  rc = sqlite3Fts3InitAux(db);
+  if( rc!=SQLITE_OK ) return rc;
+
+  sqlite3Fts3SimpleTokenizerModule(&pSimple);
+  sqlite3Fts3PorterTokenizerModule(&pPorter);
+
+  /* Allocate and initialize the hash-table used to store tokenizers. */
+  pHash = sqlite3_malloc(sizeof(Fts3Hash));
+  if( !pHash ){
+    rc = SQLITE_NOMEM;
+  }else{
+    sqlite3Fts3HashInit(pHash, FTS3_HASH_STRING, 1);
+  }
+
+  /* Load the built-in tokenizers into the hash table */
+  if( rc==SQLITE_OK ){
+    if( sqlite3Fts3HashInsert(pHash, "simple", 7, (void *)pSimple)
+     || sqlite3Fts3HashInsert(pHash, "porter", 7, (void *)pPorter) 
+
+#ifndef SQLITE_DISABLE_FTS3_UNICODE
+     || sqlite3Fts3HashInsert(pHash, "unicode61", 10, (void *)pUnicode) 
+#endif
+#ifdef SQLITE_ENABLE_ICU
+     || (pIcu && sqlite3Fts3HashInsert(pHash, "icu", 4, (void *)pIcu))
+#endif
+    ){
+      rc = SQLITE_NOMEM;
+    }
+  }
+
+#ifdef SQLITE_TEST
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts3ExprInitTestInterface(db);
+  }
+#endif
+
+  /* Create the virtual table wrapper around the hash-table and overload 
+  ** the two scalar functions. If this is successful, register the
+  ** module with sqlite.
+  */
+  if( SQLITE_OK==rc 
+   && SQLITE_OK==(rc = sqlite3Fts3InitHashTable(db, pHash, "fts3_tokenizer"))
+   && SQLITE_OK==(rc = sqlite3_overload_function(db, "snippet", -1))
+   && SQLITE_OK==(rc = sqlite3_overload_function(db, "offsets", 1))
+   && SQLITE_OK==(rc = sqlite3_overload_function(db, "matchinfo", 1))
+   && SQLITE_OK==(rc = sqlite3_overload_function(db, "matchinfo", 2))
+   && SQLITE_OK==(rc = sqlite3_overload_function(db, "optimize", 1))
+  ){
+    rc = sqlite3_create_module_v2(
+        db, "fts3", &fts3Module, (void *)pHash, hashDestroy
+    );
+    if( rc==SQLITE_OK ){
+      rc = sqlite3_create_module_v2(
+          db, "fts4", &fts3Module, (void *)pHash, 0
+      );
+    }
+    if( rc==SQLITE_OK ){
+      rc = sqlite3Fts3InitTok(db, (void *)pHash);
+    }
+    return rc;
+  }
+
+
+  /* An error has occurred. Delete the hash table and return the error code. */
+  assert( rc!=SQLITE_OK );
+  if( pHash ){
+    sqlite3Fts3HashClear(pHash);
+    sqlite3_free(pHash);
+  }
+  return rc;
+}
+
+/*
+** Allocate an Fts3MultiSegReader for each token in the expression headed
+** by pExpr. 
+**
+** An Fts3SegReader object is a cursor that can seek or scan a range of
+** entries within a single segment b-tree. An Fts3MultiSegReader uses multiple
+** Fts3SegReader objects internally to provide an interface to seek or scan
+** within the union of all segments of a b-tree. Hence the name.
+**
+** If the allocated Fts3MultiSegReader just seeks to a single entry in a
+** segment b-tree (if the term is not a prefix or it is a prefix for which
+** there exists prefix b-tree of the right length) then it may be traversed
+** and merged incrementally. Otherwise, it has to be merged into an in-memory 
+** doclist and then traversed.
+*/
+static void fts3EvalAllocateReaders(
+  Fts3Cursor *pCsr,               /* FTS cursor handle */
+  Fts3Expr *pExpr,                /* Allocate readers for this expression */
+  int *pnToken,                   /* OUT: Total number of tokens in phrase. */
+  int *pnOr,                      /* OUT: Total number of OR nodes in expr. */
+  int *pRc                        /* IN/OUT: Error code */
+){
+  if( pExpr && SQLITE_OK==*pRc ){
+    if( pExpr->eType==FTSQUERY_PHRASE ){
+      int i;
+      int nToken = pExpr->pPhrase->nToken;
+      *pnToken += nToken;
+      for(i=0; i<nToken; i++){
+        Fts3PhraseToken *pToken = &pExpr->pPhrase->aToken[i];
+        int rc = fts3TermSegReaderCursor(pCsr, 
+            pToken->z, pToken->n, pToken->isPrefix, &pToken->pSegcsr
+        );
+        if( rc!=SQLITE_OK ){
+          *pRc = rc;
+          return;
+        }
+      }
+      assert( pExpr->pPhrase->iDoclistToken==0 );
+      pExpr->pPhrase->iDoclistToken = -1;
+    }else{
+      *pnOr += (pExpr->eType==FTSQUERY_OR);
+      fts3EvalAllocateReaders(pCsr, pExpr->pLeft, pnToken, pnOr, pRc);
+      fts3EvalAllocateReaders(pCsr, pExpr->pRight, pnToken, pnOr, pRc);
+    }
+  }
+}
+
+/*
+** Arguments pList/nList contain the doclist for token iToken of phrase p.
+** It is merged into the main doclist stored in p->doclist.aAll/nAll.
+**
+** This function assumes that pList points to a buffer allocated using
+** sqlite3_malloc(). This function takes responsibility for eventually
+** freeing the buffer.
+**
+** SQLITE_OK is returned if successful, or SQLITE_NOMEM if an error occurs.
+*/
+static int fts3EvalPhraseMergeToken(
+  Fts3Table *pTab,                /* FTS Table pointer */
+  Fts3Phrase *p,                  /* Phrase to merge pList/nList into */
+  int iToken,                     /* Token pList/nList corresponds to */
+  char *pList,                    /* Pointer to doclist */
+  int nList                       /* Number of bytes in pList */
+){
+  int rc = SQLITE_OK;
+  assert( iToken!=p->iDoclistToken );
+
+  if( pList==0 ){
+    sqlite3_free(p->doclist.aAll);
+    p->doclist.aAll = 0;
+    p->doclist.nAll = 0;
+  }
+
+  else if( p->iDoclistToken<0 ){
+    p->doclist.aAll = pList;
+    p->doclist.nAll = nList;
+  }
+
+  else if( p->doclist.aAll==0 ){
+    sqlite3_free(pList);
+  }
+
+  else {
+    char *pLeft;
+    char *pRight;
+    int nLeft;
+    int nRight;
+    int nDiff;
+
+    if( p->iDoclistToken<iToken ){
+      pLeft = p->doclist.aAll;
+      nLeft = p->doclist.nAll;
+      pRight = pList;
+      nRight = nList;
+      nDiff = iToken - p->iDoclistToken;
+    }else{
+      pRight = p->doclist.aAll;
+      nRight = p->doclist.nAll;
+      pLeft = pList;
+      nLeft = nList;
+      nDiff = p->iDoclistToken - iToken;
+    }
+
+    rc = fts3DoclistPhraseMerge(
+        pTab->bDescIdx, nDiff, pLeft, nLeft, &pRight, &nRight
+    );
+    sqlite3_free(pLeft);
+    p->doclist.aAll = pRight;
+    p->doclist.nAll = nRight;
+  }
+
+  if( iToken>p->iDoclistToken ) p->iDoclistToken = iToken;
+  return rc;
+}
+
+/*
+** Load the doclist for phrase p into p->doclist.aAll/nAll. The loaded doclist
+** does not take deferred tokens into account.
+**
+** SQLITE_OK is returned if no error occurs, otherwise an SQLite error code.
+*/
+static int fts3EvalPhraseLoad(
+  Fts3Cursor *pCsr,               /* FTS Cursor handle */
+  Fts3Phrase *p                   /* Phrase object */
+){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int iToken;
+  int rc = SQLITE_OK;
+
+  for(iToken=0; rc==SQLITE_OK && iToken<p->nToken; iToken++){
+    Fts3PhraseToken *pToken = &p->aToken[iToken];
+    assert( pToken->pDeferred==0 || pToken->pSegcsr==0 );
+
+    if( pToken->pSegcsr ){
+      int nThis = 0;
+      char *pThis = 0;
+      rc = fts3TermSelect(pTab, pToken, p->iColumn, &nThis, &pThis);
+      if( rc==SQLITE_OK ){
+        rc = fts3EvalPhraseMergeToken(pTab, p, iToken, pThis, nThis);
+      }
+    }
+    assert( pToken->pSegcsr==0 );
+  }
+
+  return rc;
+}
+
+/*
+** This function is called on each phrase after the position lists for
+** any deferred tokens have been loaded into memory. It updates the phrases
+** current position list to include only those positions that are really
+** instances of the phrase (after considering deferred tokens). If this
+** means that the phrase does not appear in the current row, doclist.pList
+** and doclist.nList are both zeroed.
+**
+** SQLITE_OK is returned if no error occurs, otherwise an SQLite error code.
+*/
+static int fts3EvalDeferredPhrase(Fts3Cursor *pCsr, Fts3Phrase *pPhrase){
+  int iToken;                     /* Used to iterate through phrase tokens */
+  char *aPoslist = 0;             /* Position list for deferred tokens */
+  int nPoslist = 0;               /* Number of bytes in aPoslist */
+  int iPrev = -1;                 /* Token number of previous deferred token */
+
+  assert( pPhrase->doclist.bFreeList==0 );
+
+  for(iToken=0; iToken<pPhrase->nToken; iToken++){
+    Fts3PhraseToken *pToken = &pPhrase->aToken[iToken];
+    Fts3DeferredToken *pDeferred = pToken->pDeferred;
+
+    if( pDeferred ){
+      char *pList;
+      int nList;
+      int rc = sqlite3Fts3DeferredTokenList(pDeferred, &pList, &nList);
+      if( rc!=SQLITE_OK ) return rc;
+
+      if( pList==0 ){
+        sqlite3_free(aPoslist);
+        pPhrase->doclist.pList = 0;
+        pPhrase->doclist.nList = 0;
+        return SQLITE_OK;
+
+      }else if( aPoslist==0 ){
+        aPoslist = pList;
+        nPoslist = nList;
+
+      }else{
+        char *aOut = pList;
+        char *p1 = aPoslist;
+        char *p2 = aOut;
+
+        assert( iPrev>=0 );
+        fts3PoslistPhraseMerge(&aOut, iToken-iPrev, 0, 1, &p1, &p2);
+        sqlite3_free(aPoslist);
+        aPoslist = pList;
+        nPoslist = (int)(aOut - aPoslist);
+        if( nPoslist==0 ){
+          sqlite3_free(aPoslist);
+          pPhrase->doclist.pList = 0;
+          pPhrase->doclist.nList = 0;
+          return SQLITE_OK;
+        }
+      }
+      iPrev = iToken;
+    }
+  }
+
+  if( iPrev>=0 ){
+    int nMaxUndeferred = pPhrase->iDoclistToken;
+    if( nMaxUndeferred<0 ){
+      pPhrase->doclist.pList = aPoslist;
+      pPhrase->doclist.nList = nPoslist;
+      pPhrase->doclist.iDocid = pCsr->iPrevId;
+      pPhrase->doclist.bFreeList = 1;
+    }else{
+      int nDistance;
+      char *p1;
+      char *p2;
+      char *aOut;
+
+      if( nMaxUndeferred>iPrev ){
+        p1 = aPoslist;
+        p2 = pPhrase->doclist.pList;
+        nDistance = nMaxUndeferred - iPrev;
+      }else{
+        p1 = pPhrase->doclist.pList;
+        p2 = aPoslist;
+        nDistance = iPrev - nMaxUndeferred;
+      }
+
+      aOut = (char *)sqlite3_malloc(nPoslist+8);
+      if( !aOut ){
+        sqlite3_free(aPoslist);
+        return SQLITE_NOMEM;
+      }
+      
+      pPhrase->doclist.pList = aOut;
+      if( fts3PoslistPhraseMerge(&aOut, nDistance, 0, 1, &p1, &p2) ){
+        pPhrase->doclist.bFreeList = 1;
+        pPhrase->doclist.nList = (int)(aOut - pPhrase->doclist.pList);
+      }else{
+        sqlite3_free(aOut);
+        pPhrase->doclist.pList = 0;
+        pPhrase->doclist.nList = 0;
+      }
+      sqlite3_free(aPoslist);
+    }
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Maximum number of tokens a phrase may have to be considered for the
+** incremental doclists strategy.
+*/
+#define MAX_INCR_PHRASE_TOKENS 4
+
+/*
+** This function is called for each Fts3Phrase in a full-text query 
+** expression to initialize the mechanism for returning rows. Once this
+** function has been called successfully on an Fts3Phrase, it may be
+** used with fts3EvalPhraseNext() to iterate through the matching docids.
+**
+** If parameter bOptOk is true, then the phrase may (or may not) use the
+** incremental loading strategy. Otherwise, the entire doclist is loaded into
+** memory within this call.
+**
+** SQLITE_OK is returned if no error occurs, otherwise an SQLite error code.
+*/
+static int fts3EvalPhraseStart(Fts3Cursor *pCsr, int bOptOk, Fts3Phrase *p){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int rc = SQLITE_OK;             /* Error code */
+  int i;
+
+  /* Determine if doclists may be loaded from disk incrementally. This is
+  ** possible if the bOptOk argument is true, the FTS doclists will be
+  ** scanned in forward order, and the phrase consists of 
+  ** MAX_INCR_PHRASE_TOKENS or fewer tokens, none of which are are "^first"
+  ** tokens or prefix tokens that cannot use a prefix-index.  */
+  int bHaveIncr = 0;
+  int bIncrOk = (bOptOk 
+   && pCsr->bDesc==pTab->bDescIdx 
+   && p->nToken<=MAX_INCR_PHRASE_TOKENS && p->nToken>0
+#ifdef SQLITE_TEST
+   && pTab->bNoIncrDoclist==0
+#endif
+  );
+  for(i=0; bIncrOk==1 && i<p->nToken; i++){
+    Fts3PhraseToken *pToken = &p->aToken[i];
+    if( pToken->bFirst || (pToken->pSegcsr!=0 && !pToken->pSegcsr->bLookup) ){
+      bIncrOk = 0;
+    }
+    if( pToken->pSegcsr ) bHaveIncr = 1;
+  }
+
+  if( bIncrOk && bHaveIncr ){
+    /* Use the incremental approach. */
+    int iCol = (p->iColumn >= pTab->nColumn ? -1 : p->iColumn);
+    for(i=0; rc==SQLITE_OK && i<p->nToken; i++){
+      Fts3PhraseToken *pToken = &p->aToken[i];
+      Fts3MultiSegReader *pSegcsr = pToken->pSegcsr;
+      if( pSegcsr ){
+        rc = sqlite3Fts3MsrIncrStart(pTab, pSegcsr, iCol, pToken->z, pToken->n);
+      }
+    }
+    p->bIncr = 1;
+  }else{
+    /* Load the full doclist for the phrase into memory. */
+    rc = fts3EvalPhraseLoad(pCsr, p);
+    p->bIncr = 0;
+  }
+
+  assert( rc!=SQLITE_OK || p->nToken<1 || p->aToken[0].pSegcsr==0 || p->bIncr );
+  return rc;
+}
+
+/*
+** This function is used to iterate backwards (from the end to start) 
+** through doclists. It is used by this module to iterate through phrase
+** doclists in reverse and by the fts3_write.c module to iterate through
+** pending-terms lists when writing to databases with "order=desc".
+**
+** The doclist may be sorted in ascending (parameter bDescIdx==0) or 
+** descending (parameter bDescIdx==1) order of docid. Regardless, this
+** function iterates from the end of the doclist to the beginning.
+*/
+SQLITE_PRIVATE void sqlite3Fts3DoclistPrev(
+  int bDescIdx,                   /* True if the doclist is desc */
+  char *aDoclist,                 /* Pointer to entire doclist */
+  int nDoclist,                   /* Length of aDoclist in bytes */
+  char **ppIter,                  /* IN/OUT: Iterator pointer */
+  sqlite3_int64 *piDocid,         /* IN/OUT: Docid pointer */
+  int *pnList,                    /* OUT: List length pointer */
+  u8 *pbEof                       /* OUT: End-of-file flag */
+){
+  char *p = *ppIter;
+
+  assert( nDoclist>0 );
+  assert( *pbEof==0 );
+  assert( p || *piDocid==0 );
+  assert( !p || (p>aDoclist && p<&aDoclist[nDoclist]) );
+
+  if( p==0 ){
+    sqlite3_int64 iDocid = 0;
+    char *pNext = 0;
+    char *pDocid = aDoclist;
+    char *pEnd = &aDoclist[nDoclist];
+    int iMul = 1;
+
+    while( pDocid<pEnd ){
+      sqlite3_int64 iDelta;
+      pDocid += sqlite3Fts3GetVarint(pDocid, &iDelta);
+      iDocid += (iMul * iDelta);
+      pNext = pDocid;
+      fts3PoslistCopy(0, &pDocid);
+      while( pDocid<pEnd && *pDocid==0 ) pDocid++;
+      iMul = (bDescIdx ? -1 : 1);
+    }
+
+    *pnList = (int)(pEnd - pNext);
+    *ppIter = pNext;
+    *piDocid = iDocid;
+  }else{
+    int iMul = (bDescIdx ? -1 : 1);
+    sqlite3_int64 iDelta;
+    fts3GetReverseVarint(&p, aDoclist, &iDelta);
+    *piDocid -= (iMul * iDelta);
+
+    if( p==aDoclist ){
+      *pbEof = 1;
+    }else{
+      char *pSave = p;
+      fts3ReversePoslist(aDoclist, &p);
+      *pnList = (int)(pSave - p);
+    }
+    *ppIter = p;
+  }
+}
+
+/*
+** Iterate forwards through a doclist.
+*/
+SQLITE_PRIVATE void sqlite3Fts3DoclistNext(
+  int bDescIdx,                   /* True if the doclist is desc */
+  char *aDoclist,                 /* Pointer to entire doclist */
+  int nDoclist,                   /* Length of aDoclist in bytes */
+  char **ppIter,                  /* IN/OUT: Iterator pointer */
+  sqlite3_int64 *piDocid,         /* IN/OUT: Docid pointer */
+  u8 *pbEof                       /* OUT: End-of-file flag */
+){
+  char *p = *ppIter;
+
+  assert( nDoclist>0 );
+  assert( *pbEof==0 );
+  assert( p || *piDocid==0 );
+  assert( !p || (p>=aDoclist && p<=&aDoclist[nDoclist]) );
+
+  if( p==0 ){
+    p = aDoclist;
+    p += sqlite3Fts3GetVarint(p, piDocid);
+  }else{
+    fts3PoslistCopy(0, &p);
+    while( p<&aDoclist[nDoclist] && *p==0 ) p++; 
+    if( p>=&aDoclist[nDoclist] ){
+      *pbEof = 1;
+    }else{
+      sqlite3_int64 iVar;
+      p += sqlite3Fts3GetVarint(p, &iVar);
+      *piDocid += ((bDescIdx ? -1 : 1) * iVar);
+    }
+  }
+
+  *ppIter = p;
+}
+
+/*
+** Advance the iterator pDL to the next entry in pDL->aAll/nAll. Set *pbEof
+** to true if EOF is reached.
+*/
+static void fts3EvalDlPhraseNext(
+  Fts3Table *pTab,
+  Fts3Doclist *pDL,
+  u8 *pbEof
+){
+  char *pIter;                            /* Used to iterate through aAll */
+  char *pEnd = &pDL->aAll[pDL->nAll];     /* 1 byte past end of aAll */
+ 
+  if( pDL->pNextDocid ){
+    pIter = pDL->pNextDocid;
+  }else{
+    pIter = pDL->aAll;
+  }
+
+  if( pIter>=pEnd ){
+    /* We have already reached the end of this doclist. EOF. */
+    *pbEof = 1;
+  }else{
+    sqlite3_int64 iDelta;
+    pIter += sqlite3Fts3GetVarint(pIter, &iDelta);
+    if( pTab->bDescIdx==0 || pDL->pNextDocid==0 ){
+      pDL->iDocid += iDelta;
+    }else{
+      pDL->iDocid -= iDelta;
+    }
+    pDL->pList = pIter;
+    fts3PoslistCopy(0, &pIter);
+    pDL->nList = (int)(pIter - pDL->pList);
+
+    /* pIter now points just past the 0x00 that terminates the position-
+    ** list for document pDL->iDocid. However, if this position-list was
+    ** edited in place by fts3EvalNearTrim(), then pIter may not actually
+    ** point to the start of the next docid value. The following line deals
+    ** with this case by advancing pIter past the zero-padding added by
+    ** fts3EvalNearTrim().  */
+    while( pIter<pEnd && *pIter==0 ) pIter++;
+
+    pDL->pNextDocid = pIter;
+    assert( pIter>=&pDL->aAll[pDL->nAll] || *pIter );
+    *pbEof = 0;
+  }
+}
+
+/*
+** Helper type used by fts3EvalIncrPhraseNext() and incrPhraseTokenNext().
+*/
+typedef struct TokenDoclist TokenDoclist;
+struct TokenDoclist {
+  int bIgnore;
+  sqlite3_int64 iDocid;
+  char *pList;
+  int nList;
+};
+
+/*
+** Token pToken is an incrementally loaded token that is part of a 
+** multi-token phrase. Advance it to the next matching document in the
+** database and populate output variable *p with the details of the new
+** entry. Or, if the iterator has reached EOF, set *pbEof to true.
+**
+** If an error occurs, return an SQLite error code. Otherwise, return 
+** SQLITE_OK.
+*/
+static int incrPhraseTokenNext(
+  Fts3Table *pTab,                /* Virtual table handle */
+  Fts3Phrase *pPhrase,            /* Phrase to advance token of */
+  int iToken,                     /* Specific token to advance */
+  TokenDoclist *p,                /* OUT: Docid and doclist for new entry */
+  u8 *pbEof                       /* OUT: True if iterator is at EOF */
+){
+  int rc = SQLITE_OK;
+
+  if( pPhrase->iDoclistToken==iToken ){
+    assert( p->bIgnore==0 );
+    assert( pPhrase->aToken[iToken].pSegcsr==0 );
+    fts3EvalDlPhraseNext(pTab, &pPhrase->doclist, pbEof);
+    p->pList = pPhrase->doclist.pList;
+    p->nList = pPhrase->doclist.nList;
+    p->iDocid = pPhrase->doclist.iDocid;
+  }else{
+    Fts3PhraseToken *pToken = &pPhrase->aToken[iToken];
+    assert( pToken->pDeferred==0 );
+    assert( pToken->pSegcsr || pPhrase->iDoclistToken>=0 );
+    if( pToken->pSegcsr ){
+      assert( p->bIgnore==0 );
+      rc = sqlite3Fts3MsrIncrNext(
+          pTab, pToken->pSegcsr, &p->iDocid, &p->pList, &p->nList
+      );
+      if( p->pList==0 ) *pbEof = 1;
+    }else{
+      p->bIgnore = 1;
+    }
+  }
+
+  return rc;
+}
+
+
+/*
+** The phrase iterator passed as the second argument:
+**
+**   * features at least one token that uses an incremental doclist, and 
+**
+**   * does not contain any deferred tokens.
+**
+** Advance it to the next matching documnent in the database and populate
+** the Fts3Doclist.pList and nList fields. 
+**
+** If there is no "next" entry and no error occurs, then *pbEof is set to
+** 1 before returning. Otherwise, if no error occurs and the iterator is
+** successfully advanced, *pbEof is set to 0.
+**
+** If an error occurs, return an SQLite error code. Otherwise, return 
+** SQLITE_OK.
+*/
+static int fts3EvalIncrPhraseNext(
+  Fts3Cursor *pCsr,               /* FTS Cursor handle */
+  Fts3Phrase *p,                  /* Phrase object to advance to next docid */
+  u8 *pbEof                       /* OUT: Set to 1 if EOF */
+){
+  int rc = SQLITE_OK;
+  Fts3Doclist *pDL = &p->doclist;
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  u8 bEof = 0;
+
+  /* This is only called if it is guaranteed that the phrase has at least
+  ** one incremental token. In which case the bIncr flag is set. */
+  assert( p->bIncr==1 );
+
+  if( p->nToken==1 && p->bIncr ){
+    rc = sqlite3Fts3MsrIncrNext(pTab, p->aToken[0].pSegcsr, 
+        &pDL->iDocid, &pDL->pList, &pDL->nList
+    );
+    if( pDL->pList==0 ) bEof = 1;
+  }else{
+    int bDescDoclist = pCsr->bDesc;
+    struct TokenDoclist a[MAX_INCR_PHRASE_TOKENS];
+
+    memset(a, 0, sizeof(a));
+    assert( p->nToken<=MAX_INCR_PHRASE_TOKENS );
+    assert( p->iDoclistToken<MAX_INCR_PHRASE_TOKENS );
+
+    while( bEof==0 ){
+      int bMaxSet = 0;
+      sqlite3_int64 iMax = 0;     /* Largest docid for all iterators */
+      int i;                      /* Used to iterate through tokens */
+
+      /* Advance the iterator for each token in the phrase once. */
+      for(i=0; rc==SQLITE_OK && i<p->nToken && bEof==0; i++){
+        rc = incrPhraseTokenNext(pTab, p, i, &a[i], &bEof);
+        if( a[i].bIgnore==0 && (bMaxSet==0 || DOCID_CMP(iMax, a[i].iDocid)<0) ){
+          iMax = a[i].iDocid;
+          bMaxSet = 1;
+        }
+      }
+      assert( rc!=SQLITE_OK || (p->nToken>=1 && a[p->nToken-1].bIgnore==0) );
+      assert( rc!=SQLITE_OK || bMaxSet );
+
+      /* Keep advancing iterators until they all point to the same document */
+      for(i=0; i<p->nToken; i++){
+        while( rc==SQLITE_OK && bEof==0 
+            && a[i].bIgnore==0 && DOCID_CMP(a[i].iDocid, iMax)<0 
+        ){
+          rc = incrPhraseTokenNext(pTab, p, i, &a[i], &bEof);
+          if( DOCID_CMP(a[i].iDocid, iMax)>0 ){
+            iMax = a[i].iDocid;
+            i = 0;
+          }
+        }
+      }
+
+      /* Check if the current entries really are a phrase match */
+      if( bEof==0 ){
+        int nList = 0;
+        int nByte = a[p->nToken-1].nList;
+        char *aDoclist = sqlite3_malloc(nByte+1);
+        if( !aDoclist ) return SQLITE_NOMEM;
+        memcpy(aDoclist, a[p->nToken-1].pList, nByte+1);
+
+        for(i=0; i<(p->nToken-1); i++){
+          if( a[i].bIgnore==0 ){
+            char *pL = a[i].pList;
+            char *pR = aDoclist;
+            char *pOut = aDoclist;
+            int nDist = p->nToken-1-i;
+            int res = fts3PoslistPhraseMerge(&pOut, nDist, 0, 1, &pL, &pR);
+            if( res==0 ) break;
+            nList = (int)(pOut - aDoclist);
+          }
+        }
+        if( i==(p->nToken-1) ){
+          pDL->iDocid = iMax;
+          pDL->pList = aDoclist;
+          pDL->nList = nList;
+          pDL->bFreeList = 1;
+          break;
+        }
+        sqlite3_free(aDoclist);
+      }
+    }
+  }
+
+  *pbEof = bEof;
+  return rc;
+}
+
+/*
+** Attempt to move the phrase iterator to point to the next matching docid. 
+** If an error occurs, return an SQLite error code. Otherwise, return 
+** SQLITE_OK.
+**
+** If there is no "next" entry and no error occurs, then *pbEof is set to
+** 1 before returning. Otherwise, if no error occurs and the iterator is
+** successfully advanced, *pbEof is set to 0.
+*/
+static int fts3EvalPhraseNext(
+  Fts3Cursor *pCsr,               /* FTS Cursor handle */
+  Fts3Phrase *p,                  /* Phrase object to advance to next docid */
+  u8 *pbEof                       /* OUT: Set to 1 if EOF */
+){
+  int rc = SQLITE_OK;
+  Fts3Doclist *pDL = &p->doclist;
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+
+  if( p->bIncr ){
+    rc = fts3EvalIncrPhraseNext(pCsr, p, pbEof);
+  }else if( pCsr->bDesc!=pTab->bDescIdx && pDL->nAll ){
+    sqlite3Fts3DoclistPrev(pTab->bDescIdx, pDL->aAll, pDL->nAll, 
+        &pDL->pNextDocid, &pDL->iDocid, &pDL->nList, pbEof
+    );
+    pDL->pList = pDL->pNextDocid;
+  }else{
+    fts3EvalDlPhraseNext(pTab, pDL, pbEof);
+  }
+
+  return rc;
+}
+
+/*
+**
+** If *pRc is not SQLITE_OK when this function is called, it is a no-op.
+** Otherwise, fts3EvalPhraseStart() is called on all phrases within the
+** expression. Also the Fts3Expr.bDeferred variable is set to true for any
+** expressions for which all descendent tokens are deferred.
+**
+** If parameter bOptOk is zero, then it is guaranteed that the
+** Fts3Phrase.doclist.aAll/nAll variables contain the entire doclist for
+** each phrase in the expression (subject to deferred token processing).
+** Or, if bOptOk is non-zero, then one or more tokens within the expression
+** may be loaded incrementally, meaning doclist.aAll/nAll is not available.
+**
+** If an error occurs within this function, *pRc is set to an SQLite error
+** code before returning.
+*/
+static void fts3EvalStartReaders(
+  Fts3Cursor *pCsr,               /* FTS Cursor handle */
+  Fts3Expr *pExpr,                /* Expression to initialize phrases in */
+  int *pRc                        /* IN/OUT: Error code */
+){
+  if( pExpr && SQLITE_OK==*pRc ){
+    if( pExpr->eType==FTSQUERY_PHRASE ){
+      int nToken = pExpr->pPhrase->nToken;
+      if( nToken ){
+        int i;
+        for(i=0; i<nToken; i++){
+          if( pExpr->pPhrase->aToken[i].pDeferred==0 ) break;
+        }
+        pExpr->bDeferred = (i==nToken);
+      }
+      *pRc = fts3EvalPhraseStart(pCsr, 1, pExpr->pPhrase);
+    }else{
+      fts3EvalStartReaders(pCsr, pExpr->pLeft, pRc);
+      fts3EvalStartReaders(pCsr, pExpr->pRight, pRc);
+      pExpr->bDeferred = (pExpr->pLeft->bDeferred && pExpr->pRight->bDeferred);
+    }
+  }
+}
+
+/*
+** An array of the following structures is assembled as part of the process
+** of selecting tokens to defer before the query starts executing (as part
+** of the xFilter() method). There is one element in the array for each
+** token in the FTS expression.
+**
+** Tokens are divided into AND/NEAR clusters. All tokens in a cluster belong
+** to phrases that are connected only by AND and NEAR operators (not OR or
+** NOT). When determining tokens to defer, each AND/NEAR cluster is considered
+** separately. The root of a tokens AND/NEAR cluster is stored in 
+** Fts3TokenAndCost.pRoot.
+*/
+typedef struct Fts3TokenAndCost Fts3TokenAndCost;
+struct Fts3TokenAndCost {
+  Fts3Phrase *pPhrase;            /* The phrase the token belongs to */
+  int iToken;                     /* Position of token in phrase */
+  Fts3PhraseToken *pToken;        /* The token itself */
+  Fts3Expr *pRoot;                /* Root of NEAR/AND cluster */
+  int nOvfl;                      /* Number of overflow pages to load doclist */
+  int iCol;                       /* The column the token must match */
+};
+
+/*
+** This function is used to populate an allocated Fts3TokenAndCost array.
+**
+** If *pRc is not SQLITE_OK when this function is called, it is a no-op.
+** Otherwise, if an error occurs during execution, *pRc is set to an
+** SQLite error code.
+*/
+static void fts3EvalTokenCosts(
+  Fts3Cursor *pCsr,               /* FTS Cursor handle */
+  Fts3Expr *pRoot,                /* Root of current AND/NEAR cluster */
+  Fts3Expr *pExpr,                /* Expression to consider */
+  Fts3TokenAndCost **ppTC,        /* Write new entries to *(*ppTC)++ */
+  Fts3Expr ***ppOr,               /* Write new OR root to *(*ppOr)++ */
+  int *pRc                        /* IN/OUT: Error code */
+){
+  if( *pRc==SQLITE_OK ){
+    if( pExpr->eType==FTSQUERY_PHRASE ){
+      Fts3Phrase *pPhrase = pExpr->pPhrase;
+      int i;
+      for(i=0; *pRc==SQLITE_OK && i<pPhrase->nToken; i++){
+        Fts3TokenAndCost *pTC = (*ppTC)++;
+        pTC->pPhrase = pPhrase;
+        pTC->iToken = i;
+        pTC->pRoot = pRoot;
+        pTC->pToken = &pPhrase->aToken[i];
+        pTC->iCol = pPhrase->iColumn;
+        *pRc = sqlite3Fts3MsrOvfl(pCsr, pTC->pToken->pSegcsr, &pTC->nOvfl);
+      }
+    }else if( pExpr->eType!=FTSQUERY_NOT ){
+      assert( pExpr->eType==FTSQUERY_OR
+           || pExpr->eType==FTSQUERY_AND
+           || pExpr->eType==FTSQUERY_NEAR
+      );
+      assert( pExpr->pLeft && pExpr->pRight );
+      if( pExpr->eType==FTSQUERY_OR ){
+        pRoot = pExpr->pLeft;
+        **ppOr = pRoot;
+        (*ppOr)++;
+      }
+      fts3EvalTokenCosts(pCsr, pRoot, pExpr->pLeft, ppTC, ppOr, pRc);
+      if( pExpr->eType==FTSQUERY_OR ){
+        pRoot = pExpr->pRight;
+        **ppOr = pRoot;
+        (*ppOr)++;
+      }
+      fts3EvalTokenCosts(pCsr, pRoot, pExpr->pRight, ppTC, ppOr, pRc);
+    }
+  }
+}
+
+/*
+** Determine the average document (row) size in pages. If successful,
+** write this value to *pnPage and return SQLITE_OK. Otherwise, return
+** an SQLite error code.
+**
+** The average document size in pages is calculated by first calculating 
+** determining the average size in bytes, B. If B is less than the amount
+** of data that will fit on a single leaf page of an intkey table in
+** this database, then the average docsize is 1. Otherwise, it is 1 plus
+** the number of overflow pages consumed by a record B bytes in size.
+*/
+static int fts3EvalAverageDocsize(Fts3Cursor *pCsr, int *pnPage){
+  if( pCsr->nRowAvg==0 ){
+    /* The average document size, which is required to calculate the cost
+    ** of each doclist, has not yet been determined. Read the required 
+    ** data from the %_stat table to calculate it.
+    **
+    ** Entry 0 of the %_stat table is a blob containing (nCol+1) FTS3 
+    ** varints, where nCol is the number of columns in the FTS3 table.
+    ** The first varint is the number of documents currently stored in
+    ** the table. The following nCol varints contain the total amount of
+    ** data stored in all rows of each column of the table, from left
+    ** to right.
+    */
+    int rc;
+    Fts3Table *p = (Fts3Table*)pCsr->base.pVtab;
+    sqlite3_stmt *pStmt;
+    sqlite3_int64 nDoc = 0;
+    sqlite3_int64 nByte = 0;
+    const char *pEnd;
+    const char *a;
+
+    rc = sqlite3Fts3SelectDoctotal(p, &pStmt);
+    if( rc!=SQLITE_OK ) return rc;
+    a = sqlite3_column_blob(pStmt, 0);
+    assert( a );
+
+    pEnd = &a[sqlite3_column_bytes(pStmt, 0)];
+    a += sqlite3Fts3GetVarint(a, &nDoc);
+    while( a<pEnd ){
+      a += sqlite3Fts3GetVarint(a, &nByte);
+    }
+    if( nDoc==0 || nByte==0 ){
+      sqlite3_reset(pStmt);
+      return FTS_CORRUPT_VTAB;
+    }
+
+    pCsr->nDoc = nDoc;
+    pCsr->nRowAvg = (int)(((nByte / nDoc) + p->nPgsz) / p->nPgsz);
+    assert( pCsr->nRowAvg>0 ); 
+    rc = sqlite3_reset(pStmt);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+
+  *pnPage = pCsr->nRowAvg;
+  return SQLITE_OK;
+}
+
+/*
+** This function is called to select the tokens (if any) that will be 
+** deferred. The array aTC[] has already been populated when this is
+** called.
+**
+** This function is called once for each AND/NEAR cluster in the 
+** expression. Each invocation determines which tokens to defer within
+** the cluster with root node pRoot. See comments above the definition
+** of struct Fts3TokenAndCost for more details.
+**
+** If no error occurs, SQLITE_OK is returned and sqlite3Fts3DeferToken()
+** called on each token to defer. Otherwise, an SQLite error code is
+** returned.
+*/
+static int fts3EvalSelectDeferred(
+  Fts3Cursor *pCsr,               /* FTS Cursor handle */
+  Fts3Expr *pRoot,                /* Consider tokens with this root node */
+  Fts3TokenAndCost *aTC,          /* Array of expression tokens and costs */
+  int nTC                         /* Number of entries in aTC[] */
+){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int nDocSize = 0;               /* Number of pages per doc loaded */
+  int rc = SQLITE_OK;             /* Return code */
+  int ii;                         /* Iterator variable for various purposes */
+  int nOvfl = 0;                  /* Total overflow pages used by doclists */
+  int nToken = 0;                 /* Total number of tokens in cluster */
+
+  int nMinEst = 0;                /* The minimum count for any phrase so far. */
+  int nLoad4 = 1;                 /* (Phrases that will be loaded)^4. */
+
+  /* Tokens are never deferred for FTS tables created using the content=xxx
+  ** option. The reason being that it is not guaranteed that the content
+  ** table actually contains the same data as the index. To prevent this from
+  ** causing any problems, the deferred token optimization is completely
+  ** disabled for content=xxx tables. */
+  if( pTab->zContentTbl ){
+    return SQLITE_OK;
+  }
+
+  /* Count the tokens in this AND/NEAR cluster. If none of the doclists
+  ** associated with the tokens spill onto overflow pages, or if there is
+  ** only 1 token, exit early. No tokens to defer in this case. */
+  for(ii=0; ii<nTC; ii++){
+    if( aTC[ii].pRoot==pRoot ){
+      nOvfl += aTC[ii].nOvfl;
+      nToken++;
+    }
+  }
+  if( nOvfl==0 || nToken<2 ) return SQLITE_OK;
+
+  /* Obtain the average docsize (in pages). */
+  rc = fts3EvalAverageDocsize(pCsr, &nDocSize);
+  assert( rc!=SQLITE_OK || nDocSize>0 );
+
+
+  /* Iterate through all tokens in this AND/NEAR cluster, in ascending order 
+  ** of the number of overflow pages that will be loaded by the pager layer 
+  ** to retrieve the entire doclist for the token from the full-text index.
+  ** Load the doclists for tokens that are either:
+  **
+  **   a. The cheapest token in the entire query (i.e. the one visited by the
+  **      first iteration of this loop), or
+  **
+  **   b. Part of a multi-token phrase.
+  **
+  ** After each token doclist is loaded, merge it with the others from the
+  ** same phrase and count the number of documents that the merged doclist
+  ** contains. Set variable "nMinEst" to the smallest number of documents in 
+  ** any phrase doclist for which 1 or more token doclists have been loaded.
+  ** Let nOther be the number of other phrases for which it is certain that
+  ** one or more tokens will not be deferred.
+  **
+  ** Then, for each token, defer it if loading the doclist would result in
+  ** loading N or more overflow pages into memory, where N is computed as:
+  **
+  **    (nMinEst + 4^nOther - 1) / (4^nOther)
+  */
+  for(ii=0; ii<nToken && rc==SQLITE_OK; ii++){
+    int iTC;                      /* Used to iterate through aTC[] array. */
+    Fts3TokenAndCost *pTC = 0;    /* Set to cheapest remaining token. */
+
+    /* Set pTC to point to the cheapest remaining token. */
+    for(iTC=0; iTC<nTC; iTC++){
+      if( aTC[iTC].pToken && aTC[iTC].pRoot==pRoot 
+       && (!pTC || aTC[iTC].nOvfl<pTC->nOvfl) 
+      ){
+        pTC = &aTC[iTC];
+      }
+    }
+    assert( pTC );
+
+    if( ii && pTC->nOvfl>=((nMinEst+(nLoad4/4)-1)/(nLoad4/4))*nDocSize ){
+      /* The number of overflow pages to load for this (and therefore all
+      ** subsequent) tokens is greater than the estimated number of pages 
+      ** that will be loaded if all subsequent tokens are deferred.
+      */
+      Fts3PhraseToken *pToken = pTC->pToken;
+      rc = sqlite3Fts3DeferToken(pCsr, pToken, pTC->iCol);
+      fts3SegReaderCursorFree(pToken->pSegcsr);
+      pToken->pSegcsr = 0;
+    }else{
+      /* Set nLoad4 to the value of (4^nOther) for the next iteration of the
+      ** for-loop. Except, limit the value to 2^24 to prevent it from 
+      ** overflowing the 32-bit integer it is stored in. */
+      if( ii<12 ) nLoad4 = nLoad4*4;
+
+      if( ii==0 || (pTC->pPhrase->nToken>1 && ii!=nToken-1) ){
+        /* Either this is the cheapest token in the entire query, or it is
+        ** part of a multi-token phrase. Either way, the entire doclist will
+        ** (eventually) be loaded into memory. It may as well be now. */
+        Fts3PhraseToken *pToken = pTC->pToken;
+        int nList = 0;
+        char *pList = 0;
+        rc = fts3TermSelect(pTab, pToken, pTC->iCol, &nList, &pList);
+        assert( rc==SQLITE_OK || pList==0 );
+        if( rc==SQLITE_OK ){
+          rc = fts3EvalPhraseMergeToken(
+              pTab, pTC->pPhrase, pTC->iToken,pList,nList
+          );
+        }
+        if( rc==SQLITE_OK ){
+          int nCount;
+          nCount = fts3DoclistCountDocids(
+              pTC->pPhrase->doclist.aAll, pTC->pPhrase->doclist.nAll
+          );
+          if( ii==0 || nCount<nMinEst ) nMinEst = nCount;
+        }
+      }
+    }
+    pTC->pToken = 0;
+  }
+
+  return rc;
+}
+
+/*
+** This function is called from within the xFilter method. It initializes
+** the full-text query currently stored in pCsr->pExpr. To iterate through
+** the results of a query, the caller does:
+**
+**    fts3EvalStart(pCsr);
+**    while( 1 ){
+**      fts3EvalNext(pCsr);
+**      if( pCsr->bEof ) break;
+**      ... return row pCsr->iPrevId to the caller ...
+**    }
+*/
+static int fts3EvalStart(Fts3Cursor *pCsr){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int rc = SQLITE_OK;
+  int nToken = 0;
+  int nOr = 0;
+
+  /* Allocate a MultiSegReader for each token in the expression. */
+  fts3EvalAllocateReaders(pCsr, pCsr->pExpr, &nToken, &nOr, &rc);
+
+  /* Determine which, if any, tokens in the expression should be deferred. */
+#ifndef SQLITE_DISABLE_FTS4_DEFERRED
+  if( rc==SQLITE_OK && nToken>1 && pTab->bFts4 ){
+    Fts3TokenAndCost *aTC;
+    Fts3Expr **apOr;
+    aTC = (Fts3TokenAndCost *)sqlite3_malloc(
+        sizeof(Fts3TokenAndCost) * nToken
+      + sizeof(Fts3Expr *) * nOr * 2
+    );
+    apOr = (Fts3Expr **)&aTC[nToken];
+
+    if( !aTC ){
+      rc = SQLITE_NOMEM;
+    }else{
+      int ii;
+      Fts3TokenAndCost *pTC = aTC;
+      Fts3Expr **ppOr = apOr;
+
+      fts3EvalTokenCosts(pCsr, 0, pCsr->pExpr, &pTC, &ppOr, &rc);
+      nToken = (int)(pTC-aTC);
+      nOr = (int)(ppOr-apOr);
+
+      if( rc==SQLITE_OK ){
+        rc = fts3EvalSelectDeferred(pCsr, 0, aTC, nToken);
+        for(ii=0; rc==SQLITE_OK && ii<nOr; ii++){
+          rc = fts3EvalSelectDeferred(pCsr, apOr[ii], aTC, nToken);
+        }
+      }
+
+      sqlite3_free(aTC);
+    }
+  }
+#endif
+
+  fts3EvalStartReaders(pCsr, pCsr->pExpr, &rc);
+  return rc;
+}
+
+/*
+** Invalidate the current position list for phrase pPhrase.
+*/
+static void fts3EvalInvalidatePoslist(Fts3Phrase *pPhrase){
+  if( pPhrase->doclist.bFreeList ){
+    sqlite3_free(pPhrase->doclist.pList);
+  }
+  pPhrase->doclist.pList = 0;
+  pPhrase->doclist.nList = 0;
+  pPhrase->doclist.bFreeList = 0;
+}
+
+/*
+** This function is called to edit the position list associated with
+** the phrase object passed as the fifth argument according to a NEAR
+** condition. For example:
+**
+**     abc NEAR/5 "def ghi"
+**
+** Parameter nNear is passed the NEAR distance of the expression (5 in
+** the example above). When this function is called, *paPoslist points to
+** the position list, and *pnToken is the number of phrase tokens in, the
+** phrase on the other side of the NEAR operator to pPhrase. For example,
+** if pPhrase refers to the "def ghi" phrase, then *paPoslist points to
+** the position list associated with phrase "abc".
+**
+** All positions in the pPhrase position list that are not sufficiently
+** close to a position in the *paPoslist position list are removed. If this
+** leaves 0 positions, zero is returned. Otherwise, non-zero.
+**
+** Before returning, *paPoslist is set to point to the position lsit 
+** associated with pPhrase. And *pnToken is set to the number of tokens in
+** pPhrase.
+*/
+static int fts3EvalNearTrim(
+  int nNear,                      /* NEAR distance. As in "NEAR/nNear". */
+  char *aTmp,                     /* Temporary space to use */
+  char **paPoslist,               /* IN/OUT: Position list */
+  int *pnToken,                   /* IN/OUT: Tokens in phrase of *paPoslist */
+  Fts3Phrase *pPhrase             /* The phrase object to trim the doclist of */
+){
+  int nParam1 = nNear + pPhrase->nToken;
+  int nParam2 = nNear + *pnToken;
+  int nNew;
+  char *p2; 
+  char *pOut; 
+  int res;
+
+  assert( pPhrase->doclist.pList );
+
+  p2 = pOut = pPhrase->doclist.pList;
+  res = fts3PoslistNearMerge(
+    &pOut, aTmp, nParam1, nParam2, paPoslist, &p2
+  );
+  if( res ){
+    nNew = (int)(pOut - pPhrase->doclist.pList) - 1;
+    assert( pPhrase->doclist.pList[nNew]=='\0' );
+    assert( nNew<=pPhrase->doclist.nList && nNew>0 );
+    memset(&pPhrase->doclist.pList[nNew], 0, pPhrase->doclist.nList - nNew);
+    pPhrase->doclist.nList = nNew;
+    *paPoslist = pPhrase->doclist.pList;
+    *pnToken = pPhrase->nToken;
+  }
+
+  return res;
+}
+
+/*
+** This function is a no-op if *pRc is other than SQLITE_OK when it is called.
+** Otherwise, it advances the expression passed as the second argument to
+** point to the next matching row in the database. Expressions iterate through
+** matching rows in docid order. Ascending order if Fts3Cursor.bDesc is zero,
+** or descending if it is non-zero.
+**
+** If an error occurs, *pRc is set to an SQLite error code. Otherwise, if
+** successful, the following variables in pExpr are set:
+**
+**   Fts3Expr.bEof                (non-zero if EOF - there is no next row)
+**   Fts3Expr.iDocid              (valid if bEof==0. The docid of the next row)
+**
+** If the expression is of type FTSQUERY_PHRASE, and the expression is not
+** at EOF, then the following variables are populated with the position list
+** for the phrase for the visited row:
+**
+**   FTs3Expr.pPhrase->doclist.nList        (length of pList in bytes)
+**   FTs3Expr.pPhrase->doclist.pList        (pointer to position list)
+**
+** It says above that this function advances the expression to the next
+** matching row. This is usually true, but there are the following exceptions:
+**
+**   1. Deferred tokens are not taken into account. If a phrase consists
+**      entirely of deferred tokens, it is assumed to match every row in
+**      the db. In this case the position-list is not populated at all. 
+**
+**      Or, if a phrase contains one or more deferred tokens and one or
+**      more non-deferred tokens, then the expression is advanced to the 
+**      next possible match, considering only non-deferred tokens. In other
+**      words, if the phrase is "A B C", and "B" is deferred, the expression
+**      is advanced to the next row that contains an instance of "A * C", 
+**      where "*" may match any single token. The position list in this case
+**      is populated as for "A * C" before returning.
+**
+**   2. NEAR is treated as AND. If the expression is "x NEAR y", it is 
+**      advanced to point to the next row that matches "x AND y".
+** 
+** See sqlite3Fts3EvalTestDeferred() for details on testing if a row is
+** really a match, taking into account deferred tokens and NEAR operators.
+*/
+static void fts3EvalNextRow(
+  Fts3Cursor *pCsr,               /* FTS Cursor handle */
+  Fts3Expr *pExpr,                /* Expr. to advance to next matching row */
+  int *pRc                        /* IN/OUT: Error code */
+){
+  if( *pRc==SQLITE_OK ){
+    int bDescDoclist = pCsr->bDesc;         /* Used by DOCID_CMP() macro */
+    assert( pExpr->bEof==0 );
+    pExpr->bStart = 1;
+
+    switch( pExpr->eType ){
+      case FTSQUERY_NEAR:
+      case FTSQUERY_AND: {
+        Fts3Expr *pLeft = pExpr->pLeft;
+        Fts3Expr *pRight = pExpr->pRight;
+        assert( !pLeft->bDeferred || !pRight->bDeferred );
+
+        if( pLeft->bDeferred ){
+          /* LHS is entirely deferred. So we assume it matches every row.
+          ** Advance the RHS iterator to find the next row visited. */
+          fts3EvalNextRow(pCsr, pRight, pRc);
+          pExpr->iDocid = pRight->iDocid;
+          pExpr->bEof = pRight->bEof;
+        }else if( pRight->bDeferred ){
+          /* RHS is entirely deferred. So we assume it matches every row.
+          ** Advance the LHS iterator to find the next row visited. */
+          fts3EvalNextRow(pCsr, pLeft, pRc);
+          pExpr->iDocid = pLeft->iDocid;
+          pExpr->bEof = pLeft->bEof;
+        }else{
+          /* Neither the RHS or LHS are deferred. */
+          fts3EvalNextRow(pCsr, pLeft, pRc);
+          fts3EvalNextRow(pCsr, pRight, pRc);
+          while( !pLeft->bEof && !pRight->bEof && *pRc==SQLITE_OK ){
+            sqlite3_int64 iDiff = DOCID_CMP(pLeft->iDocid, pRight->iDocid);
+            if( iDiff==0 ) break;
+            if( iDiff<0 ){
+              fts3EvalNextRow(pCsr, pLeft, pRc);
+            }else{
+              fts3EvalNextRow(pCsr, pRight, pRc);
+            }
+          }
+          pExpr->iDocid = pLeft->iDocid;
+          pExpr->bEof = (pLeft->bEof || pRight->bEof);
+          if( pExpr->eType==FTSQUERY_NEAR && pExpr->bEof ){
+            if( pRight->pPhrase && pRight->pPhrase->doclist.aAll ){
+              Fts3Doclist *pDl = &pRight->pPhrase->doclist;
+              while( *pRc==SQLITE_OK && pRight->bEof==0 ){
+                memset(pDl->pList, 0, pDl->nList);
+                fts3EvalNextRow(pCsr, pRight, pRc);
+              }
+            }
+            if( pLeft->pPhrase && pLeft->pPhrase->doclist.aAll ){
+              Fts3Doclist *pDl = &pLeft->pPhrase->doclist;
+              while( *pRc==SQLITE_OK && pLeft->bEof==0 ){
+                memset(pDl->pList, 0, pDl->nList);
+                fts3EvalNextRow(pCsr, pLeft, pRc);
+              }
+            }
+          }
+        }
+        break;
+      }
+  
+      case FTSQUERY_OR: {
+        Fts3Expr *pLeft = pExpr->pLeft;
+        Fts3Expr *pRight = pExpr->pRight;
+        sqlite3_int64 iCmp = DOCID_CMP(pLeft->iDocid, pRight->iDocid);
+
+        assert( pLeft->bStart || pLeft->iDocid==pRight->iDocid );
+        assert( pRight->bStart || pLeft->iDocid==pRight->iDocid );
+
+        if( pRight->bEof || (pLeft->bEof==0 && iCmp<0) ){
+          fts3EvalNextRow(pCsr, pLeft, pRc);
+        }else if( pLeft->bEof || (pRight->bEof==0 && iCmp>0) ){
+          fts3EvalNextRow(pCsr, pRight, pRc);
+        }else{
+          fts3EvalNextRow(pCsr, pLeft, pRc);
+          fts3EvalNextRow(pCsr, pRight, pRc);
+        }
+
+        pExpr->bEof = (pLeft->bEof && pRight->bEof);
+        iCmp = DOCID_CMP(pLeft->iDocid, pRight->iDocid);
+        if( pRight->bEof || (pLeft->bEof==0 &&  iCmp<0) ){
+          pExpr->iDocid = pLeft->iDocid;
+        }else{
+          pExpr->iDocid = pRight->iDocid;
+        }
+
+        break;
+      }
+
+      case FTSQUERY_NOT: {
+        Fts3Expr *pLeft = pExpr->pLeft;
+        Fts3Expr *pRight = pExpr->pRight;
+
+        if( pRight->bStart==0 ){
+          fts3EvalNextRow(pCsr, pRight, pRc);
+          assert( *pRc!=SQLITE_OK || pRight->bStart );
+        }
+
+        fts3EvalNextRow(pCsr, pLeft, pRc);
+        if( pLeft->bEof==0 ){
+          while( !*pRc 
+              && !pRight->bEof 
+              && DOCID_CMP(pLeft->iDocid, pRight->iDocid)>0 
+          ){
+            fts3EvalNextRow(pCsr, pRight, pRc);
+          }
+        }
+        pExpr->iDocid = pLeft->iDocid;
+        pExpr->bEof = pLeft->bEof;
+        break;
+      }
+
+      default: {
+        Fts3Phrase *pPhrase = pExpr->pPhrase;
+        fts3EvalInvalidatePoslist(pPhrase);
+        *pRc = fts3EvalPhraseNext(pCsr, pPhrase, &pExpr->bEof);
+        pExpr->iDocid = pPhrase->doclist.iDocid;
+        break;
+      }
+    }
+  }
+}
+
+/*
+** If *pRc is not SQLITE_OK, or if pExpr is not the root node of a NEAR
+** cluster, then this function returns 1 immediately.
+**
+** Otherwise, it checks if the current row really does match the NEAR 
+** expression, using the data currently stored in the position lists 
+** (Fts3Expr->pPhrase.doclist.pList/nList) for each phrase in the expression. 
+**
+** If the current row is a match, the position list associated with each
+** phrase in the NEAR expression is edited in place to contain only those
+** phrase instances sufficiently close to their peers to satisfy all NEAR
+** constraints. In this case it returns 1. If the NEAR expression does not 
+** match the current row, 0 is returned. The position lists may or may not
+** be edited if 0 is returned.
+*/
+static int fts3EvalNearTest(Fts3Expr *pExpr, int *pRc){
+  int res = 1;
+
+  /* The following block runs if pExpr is the root of a NEAR query.
+  ** For example, the query:
+  **
+  **         "w" NEAR "x" NEAR "y" NEAR "z"
+  **
+  ** which is represented in tree form as:
+  **
+  **                               |
+  **                          +--NEAR--+      <-- root of NEAR query
+  **                          |        |
+  **                     +--NEAR--+   "z"
+  **                     |        |
+  **                +--NEAR--+   "y"
+  **                |        |
+  **               "w"      "x"
+  **
+  ** The right-hand child of a NEAR node is always a phrase. The 
+  ** left-hand child may be either a phrase or a NEAR node. There are
+  ** no exceptions to this - it's the way the parser in fts3_expr.c works.
+  */
+  if( *pRc==SQLITE_OK 
+   && pExpr->eType==FTSQUERY_NEAR 
+   && pExpr->bEof==0
+   && (pExpr->pParent==0 || pExpr->pParent->eType!=FTSQUERY_NEAR)
+  ){
+    Fts3Expr *p; 
+    int nTmp = 0;                 /* Bytes of temp space */
+    char *aTmp;                   /* Temp space for PoslistNearMerge() */
+
+    /* Allocate temporary working space. */
+    for(p=pExpr; p->pLeft; p=p->pLeft){
+      nTmp += p->pRight->pPhrase->doclist.nList;
+    }
+    nTmp += p->pPhrase->doclist.nList;
+    if( nTmp==0 ){
+      res = 0;
+    }else{
+      aTmp = sqlite3_malloc(nTmp*2);
+      if( !aTmp ){
+        *pRc = SQLITE_NOMEM;
+        res = 0;
+      }else{
+        char *aPoslist = p->pPhrase->doclist.pList;
+        int nToken = p->pPhrase->nToken;
+
+        for(p=p->pParent;res && p && p->eType==FTSQUERY_NEAR; p=p->pParent){
+          Fts3Phrase *pPhrase = p->pRight->pPhrase;
+          int nNear = p->nNear;
+          res = fts3EvalNearTrim(nNear, aTmp, &aPoslist, &nToken, pPhrase);
+        }
+
+        aPoslist = pExpr->pRight->pPhrase->doclist.pList;
+        nToken = pExpr->pRight->pPhrase->nToken;
+        for(p=pExpr->pLeft; p && res; p=p->pLeft){
+          int nNear;
+          Fts3Phrase *pPhrase;
+          assert( p->pParent && p->pParent->pLeft==p );
+          nNear = p->pParent->nNear;
+          pPhrase = (
+              p->eType==FTSQUERY_NEAR ? p->pRight->pPhrase : p->pPhrase
+              );
+          res = fts3EvalNearTrim(nNear, aTmp, &aPoslist, &nToken, pPhrase);
+        }
+      }
+
+      sqlite3_free(aTmp);
+    }
+  }
+
+  return res;
+}
+
+/*
+** This function is a helper function for sqlite3Fts3EvalTestDeferred().
+** Assuming no error occurs or has occurred, It returns non-zero if the
+** expression passed as the second argument matches the row that pCsr 
+** currently points to, or zero if it does not.
+**
+** If *pRc is not SQLITE_OK when this function is called, it is a no-op.
+** If an error occurs during execution of this function, *pRc is set to 
+** the appropriate SQLite error code. In this case the returned value is 
+** undefined.
+*/
+static int fts3EvalTestExpr(
+  Fts3Cursor *pCsr,               /* FTS cursor handle */
+  Fts3Expr *pExpr,                /* Expr to test. May or may not be root. */
+  int *pRc                        /* IN/OUT: Error code */
+){
+  int bHit = 1;                   /* Return value */
+  if( *pRc==SQLITE_OK ){
+    switch( pExpr->eType ){
+      case FTSQUERY_NEAR:
+      case FTSQUERY_AND:
+        bHit = (
+            fts3EvalTestExpr(pCsr, pExpr->pLeft, pRc)
+         && fts3EvalTestExpr(pCsr, pExpr->pRight, pRc)
+         && fts3EvalNearTest(pExpr, pRc)
+        );
+
+        /* If the NEAR expression does not match any rows, zero the doclist for 
+        ** all phrases involved in the NEAR. This is because the snippet(),
+        ** offsets() and matchinfo() functions are not supposed to recognize 
+        ** any instances of phrases that are part of unmatched NEAR queries. 
+        ** For example if this expression:
+        **
+        **    ... MATCH 'a OR (b NEAR c)'
+        **
+        ** is matched against a row containing:
+        **
+        **        'a b d e'
+        **
+        ** then any snippet() should ony highlight the "a" term, not the "b"
+        ** (as "b" is part of a non-matching NEAR clause).
+        */
+        if( bHit==0 
+         && pExpr->eType==FTSQUERY_NEAR 
+         && (pExpr->pParent==0 || pExpr->pParent->eType!=FTSQUERY_NEAR)
+        ){
+          Fts3Expr *p;
+          for(p=pExpr; p->pPhrase==0; p=p->pLeft){
+            if( p->pRight->iDocid==pCsr->iPrevId ){
+              fts3EvalInvalidatePoslist(p->pRight->pPhrase);
+            }
+          }
+          if( p->iDocid==pCsr->iPrevId ){
+            fts3EvalInvalidatePoslist(p->pPhrase);
+          }
+        }
+
+        break;
+
+      case FTSQUERY_OR: {
+        int bHit1 = fts3EvalTestExpr(pCsr, pExpr->pLeft, pRc);
+        int bHit2 = fts3EvalTestExpr(pCsr, pExpr->pRight, pRc);
+        bHit = bHit1 || bHit2;
+        break;
+      }
+
+      case FTSQUERY_NOT:
+        bHit = (
+            fts3EvalTestExpr(pCsr, pExpr->pLeft, pRc)
+         && !fts3EvalTestExpr(pCsr, pExpr->pRight, pRc)
+        );
+        break;
+
+      default: {
+#ifndef SQLITE_DISABLE_FTS4_DEFERRED
+        if( pCsr->pDeferred 
+         && (pExpr->iDocid==pCsr->iPrevId || pExpr->bDeferred)
+        ){
+          Fts3Phrase *pPhrase = pExpr->pPhrase;
+          assert( pExpr->bDeferred || pPhrase->doclist.bFreeList==0 );
+          if( pExpr->bDeferred ){
+            fts3EvalInvalidatePoslist(pPhrase);
+          }
+          *pRc = fts3EvalDeferredPhrase(pCsr, pPhrase);
+          bHit = (pPhrase->doclist.pList!=0);
+          pExpr->iDocid = pCsr->iPrevId;
+        }else
+#endif
+        {
+          bHit = (pExpr->bEof==0 && pExpr->iDocid==pCsr->iPrevId);
+        }
+        break;
+      }
+    }
+  }
+  return bHit;
+}
+
+/*
+** This function is called as the second part of each xNext operation when
+** iterating through the results of a full-text query. At this point the
+** cursor points to a row that matches the query expression, with the
+** following caveats:
+**
+**   * Up until this point, "NEAR" operators in the expression have been
+**     treated as "AND".
+**
+**   * Deferred tokens have not yet been considered.
+**
+** If *pRc is not SQLITE_OK when this function is called, it immediately
+** returns 0. Otherwise, it tests whether or not after considering NEAR
+** operators and deferred tokens the current row is still a match for the
+** expression. It returns 1 if both of the following are true:
+**
+**   1. *pRc is SQLITE_OK when this function returns, and
+**
+**   2. After scanning the current FTS table row for the deferred tokens,
+**      it is determined that the row does *not* match the query.
+**
+** Or, if no error occurs and it seems the current row does match the FTS
+** query, return 0.
+*/
+SQLITE_PRIVATE int sqlite3Fts3EvalTestDeferred(Fts3Cursor *pCsr, int *pRc){
+  int rc = *pRc;
+  int bMiss = 0;
+  if( rc==SQLITE_OK ){
+
+    /* If there are one or more deferred tokens, load the current row into
+    ** memory and scan it to determine the position list for each deferred
+    ** token. Then, see if this row is really a match, considering deferred
+    ** tokens and NEAR operators (neither of which were taken into account
+    ** earlier, by fts3EvalNextRow()). 
+    */
+    if( pCsr->pDeferred ){
+      rc = fts3CursorSeek(0, pCsr);
+      if( rc==SQLITE_OK ){
+        rc = sqlite3Fts3CacheDeferredDoclists(pCsr);
+      }
+    }
+    bMiss = (0==fts3EvalTestExpr(pCsr, pCsr->pExpr, &rc));
+
+    /* Free the position-lists accumulated for each deferred token above. */
+    sqlite3Fts3FreeDeferredDoclists(pCsr);
+    *pRc = rc;
+  }
+  return (rc==SQLITE_OK && bMiss);
+}
+
+/*
+** Advance to the next document that matches the FTS expression in
+** Fts3Cursor.pExpr.
+*/
+static int fts3EvalNext(Fts3Cursor *pCsr){
+  int rc = SQLITE_OK;             /* Return Code */
+  Fts3Expr *pExpr = pCsr->pExpr;
+  assert( pCsr->isEof==0 );
+  if( pExpr==0 ){
+    pCsr->isEof = 1;
+  }else{
+    do {
+      if( pCsr->isRequireSeek==0 ){
+        sqlite3_reset(pCsr->pStmt);
+      }
+      assert( sqlite3_data_count(pCsr->pStmt)==0 );
+      fts3EvalNextRow(pCsr, pExpr, &rc);
+      pCsr->isEof = pExpr->bEof;
+      pCsr->isRequireSeek = 1;
+      pCsr->isMatchinfoNeeded = 1;
+      pCsr->iPrevId = pExpr->iDocid;
+    }while( pCsr->isEof==0 && sqlite3Fts3EvalTestDeferred(pCsr, &rc) );
+  }
+
+  /* Check if the cursor is past the end of the docid range specified
+  ** by Fts3Cursor.iMinDocid/iMaxDocid. If so, set the EOF flag.  */
+  if( rc==SQLITE_OK && (
+        (pCsr->bDesc==0 && pCsr->iPrevId>pCsr->iMaxDocid)
+     || (pCsr->bDesc!=0 && pCsr->iPrevId<pCsr->iMinDocid)
+  )){
+    pCsr->isEof = 1;
+  }
+
+  return rc;
+}
+
+/*
+** Restart interation for expression pExpr so that the next call to
+** fts3EvalNext() visits the first row. Do not allow incremental 
+** loading or merging of phrase doclists for this iteration.
+**
+** If *pRc is other than SQLITE_OK when this function is called, it is
+** a no-op. If an error occurs within this function, *pRc is set to an
+** SQLite error code before returning.
+*/
+static void fts3EvalRestart(
+  Fts3Cursor *pCsr,
+  Fts3Expr *pExpr,
+  int *pRc
+){
+  if( pExpr && *pRc==SQLITE_OK ){
+    Fts3Phrase *pPhrase = pExpr->pPhrase;
+
+    if( pPhrase ){
+      fts3EvalInvalidatePoslist(pPhrase);
+      if( pPhrase->bIncr ){
+        int i;
+        for(i=0; i<pPhrase->nToken; i++){
+          Fts3PhraseToken *pToken = &pPhrase->aToken[i];
+          assert( pToken->pDeferred==0 );
+          if( pToken->pSegcsr ){
+            sqlite3Fts3MsrIncrRestart(pToken->pSegcsr);
+          }
+        }
+        *pRc = fts3EvalPhraseStart(pCsr, 0, pPhrase);
+      }
+      pPhrase->doclist.pNextDocid = 0;
+      pPhrase->doclist.iDocid = 0;
+      pPhrase->pOrPoslist = 0;
+    }
+
+    pExpr->iDocid = 0;
+    pExpr->bEof = 0;
+    pExpr->bStart = 0;
+
+    fts3EvalRestart(pCsr, pExpr->pLeft, pRc);
+    fts3EvalRestart(pCsr, pExpr->pRight, pRc);
+  }
+}
+
+/*
+** After allocating the Fts3Expr.aMI[] array for each phrase in the 
+** expression rooted at pExpr, the cursor iterates through all rows matched
+** by pExpr, calling this function for each row. This function increments
+** the values in Fts3Expr.aMI[] according to the position-list currently
+** found in Fts3Expr.pPhrase->doclist.pList for each of the phrase 
+** expression nodes.
+*/
+static void fts3EvalUpdateCounts(Fts3Expr *pExpr){
+  if( pExpr ){
+    Fts3Phrase *pPhrase = pExpr->pPhrase;
+    if( pPhrase && pPhrase->doclist.pList ){
+      int iCol = 0;
+      char *p = pPhrase->doclist.pList;
+
+      assert( *p );
+      while( 1 ){
+        u8 c = 0;
+        int iCnt = 0;
+        while( 0xFE & (*p | c) ){
+          if( (c&0x80)==0 ) iCnt++;
+          c = *p++ & 0x80;
+        }
+
+        /* aMI[iCol*3 + 1] = Number of occurrences
+        ** aMI[iCol*3 + 2] = Number of rows containing at least one instance
+        */
+        pExpr->aMI[iCol*3 + 1] += iCnt;
+        pExpr->aMI[iCol*3 + 2] += (iCnt>0);
+        if( *p==0x00 ) break;
+        p++;
+        p += fts3GetVarint32(p, &iCol);
+      }
+    }
+
+    fts3EvalUpdateCounts(pExpr->pLeft);
+    fts3EvalUpdateCounts(pExpr->pRight);
+  }
+}
+
+/*
+** Expression pExpr must be of type FTSQUERY_PHRASE.
+**
+** If it is not already allocated and populated, this function allocates and
+** populates the Fts3Expr.aMI[] array for expression pExpr. If pExpr is part
+** of a NEAR expression, then it also allocates and populates the same array
+** for all other phrases that are part of the NEAR expression.
+**
+** SQLITE_OK is returned if the aMI[] array is successfully allocated and
+** populated. Otherwise, if an error occurs, an SQLite error code is returned.
+*/
+static int fts3EvalGatherStats(
+  Fts3Cursor *pCsr,               /* Cursor object */
+  Fts3Expr *pExpr                 /* FTSQUERY_PHRASE expression */
+){
+  int rc = SQLITE_OK;             /* Return code */
+
+  assert( pExpr->eType==FTSQUERY_PHRASE );
+  if( pExpr->aMI==0 ){
+    Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+    Fts3Expr *pRoot;                /* Root of NEAR expression */
+    Fts3Expr *p;                    /* Iterator used for several purposes */
+
+    sqlite3_int64 iPrevId = pCsr->iPrevId;
+    sqlite3_int64 iDocid;
+    u8 bEof;
+
+    /* Find the root of the NEAR expression */
+    pRoot = pExpr;
+    while( pRoot->pParent && pRoot->pParent->eType==FTSQUERY_NEAR ){
+      pRoot = pRoot->pParent;
+    }
+    iDocid = pRoot->iDocid;
+    bEof = pRoot->bEof;
+    assert( pRoot->bStart );
+
+    /* Allocate space for the aMSI[] array of each FTSQUERY_PHRASE node */
+    for(p=pRoot; p; p=p->pLeft){
+      Fts3Expr *pE = (p->eType==FTSQUERY_PHRASE?p:p->pRight);
+      assert( pE->aMI==0 );
+      pE->aMI = (u32 *)sqlite3_malloc(pTab->nColumn * 3 * sizeof(u32));
+      if( !pE->aMI ) return SQLITE_NOMEM;
+      memset(pE->aMI, 0, pTab->nColumn * 3 * sizeof(u32));
+    }
+
+    fts3EvalRestart(pCsr, pRoot, &rc);
+
+    while( pCsr->isEof==0 && rc==SQLITE_OK ){
+
+      do {
+        /* Ensure the %_content statement is reset. */
+        if( pCsr->isRequireSeek==0 ) sqlite3_reset(pCsr->pStmt);
+        assert( sqlite3_data_count(pCsr->pStmt)==0 );
+
+        /* Advance to the next document */
+        fts3EvalNextRow(pCsr, pRoot, &rc);
+        pCsr->isEof = pRoot->bEof;
+        pCsr->isRequireSeek = 1;
+        pCsr->isMatchinfoNeeded = 1;
+        pCsr->iPrevId = pRoot->iDocid;
+      }while( pCsr->isEof==0 
+           && pRoot->eType==FTSQUERY_NEAR 
+           && sqlite3Fts3EvalTestDeferred(pCsr, &rc) 
+      );
+
+      if( rc==SQLITE_OK && pCsr->isEof==0 ){
+        fts3EvalUpdateCounts(pRoot);
+      }
+    }
+
+    pCsr->isEof = 0;
+    pCsr->iPrevId = iPrevId;
+
+    if( bEof ){
+      pRoot->bEof = bEof;
+    }else{
+      /* Caution: pRoot may iterate through docids in ascending or descending
+      ** order. For this reason, even though it seems more defensive, the 
+      ** do loop can not be written:
+      **
+      **   do {...} while( pRoot->iDocid<iDocid && rc==SQLITE_OK );
+      */
+      fts3EvalRestart(pCsr, pRoot, &rc);
+      do {
+        fts3EvalNextRow(pCsr, pRoot, &rc);
+        assert( pRoot->bEof==0 );
+      }while( pRoot->iDocid!=iDocid && rc==SQLITE_OK );
+    }
+  }
+  return rc;
+}
+
+/*
+** This function is used by the matchinfo() module to query a phrase 
+** expression node for the following information:
+**
+**   1. The total number of occurrences of the phrase in each column of 
+**      the FTS table (considering all rows), and
+**
+**   2. For each column, the number of rows in the table for which the
+**      column contains at least one instance of the phrase.
+**
+** If no error occurs, SQLITE_OK is returned and the values for each column
+** written into the array aiOut as follows:
+**
+**   aiOut[iCol*3 + 1] = Number of occurrences
+**   aiOut[iCol*3 + 2] = Number of rows containing at least one instance
+**
+** Caveats:
+**
+**   * If a phrase consists entirely of deferred tokens, then all output 
+**     values are set to the number of documents in the table. In other
+**     words we assume that very common tokens occur exactly once in each 
+**     column of each row of the table.
+**
+**   * If a phrase contains some deferred tokens (and some non-deferred 
+**     tokens), count the potential occurrence identified by considering
+**     the non-deferred tokens instead of actual phrase occurrences.
+**
+**   * If the phrase is part of a NEAR expression, then only phrase instances
+**     that meet the NEAR constraint are included in the counts.
+*/
+SQLITE_PRIVATE int sqlite3Fts3EvalPhraseStats(
+  Fts3Cursor *pCsr,               /* FTS cursor handle */
+  Fts3Expr *pExpr,                /* Phrase expression */
+  u32 *aiOut                      /* Array to write results into (see above) */
+){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int rc = SQLITE_OK;
+  int iCol;
+
+  if( pExpr->bDeferred && pExpr->pParent->eType!=FTSQUERY_NEAR ){
+    assert( pCsr->nDoc>0 );
+    for(iCol=0; iCol<pTab->nColumn; iCol++){
+      aiOut[iCol*3 + 1] = (u32)pCsr->nDoc;
+      aiOut[iCol*3 + 2] = (u32)pCsr->nDoc;
+    }
+  }else{
+    rc = fts3EvalGatherStats(pCsr, pExpr);
+    if( rc==SQLITE_OK ){
+      assert( pExpr->aMI );
+      for(iCol=0; iCol<pTab->nColumn; iCol++){
+        aiOut[iCol*3 + 1] = pExpr->aMI[iCol*3 + 1];
+        aiOut[iCol*3 + 2] = pExpr->aMI[iCol*3 + 2];
+      }
+    }
+  }
+
+  return rc;
+}
+
+/*
+** The expression pExpr passed as the second argument to this function
+** must be of type FTSQUERY_PHRASE. 
+**
+** The returned value is either NULL or a pointer to a buffer containing
+** a position-list indicating the occurrences of the phrase in column iCol
+** of the current row. 
+**
+** More specifically, the returned buffer contains 1 varint for each 
+** occurrence of the phrase in the column, stored using the normal (delta+2) 
+** compression and is terminated by either an 0x01 or 0x00 byte. For example,
+** if the requested column contains "a b X c d X X" and the position-list
+** for 'X' is requested, the buffer returned may contain:
+**
+**     0x04 0x05 0x03 0x01   or   0x04 0x05 0x03 0x00
+**
+** This function works regardless of whether or not the phrase is deferred,
+** incremental, or neither.
+*/
+SQLITE_PRIVATE int sqlite3Fts3EvalPhrasePoslist(
+  Fts3Cursor *pCsr,               /* FTS3 cursor object */
+  Fts3Expr *pExpr,                /* Phrase to return doclist for */
+  int iCol,                       /* Column to return position list for */
+  char **ppOut                    /* OUT: Pointer to position list */
+){
+  Fts3Phrase *pPhrase = pExpr->pPhrase;
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  char *pIter;
+  int iThis;
+  sqlite3_int64 iDocid;
+
+  /* If this phrase is applies specifically to some column other than 
+  ** column iCol, return a NULL pointer.  */
+  *ppOut = 0;
+  assert( iCol>=0 && iCol<pTab->nColumn );
+  if( (pPhrase->iColumn<pTab->nColumn && pPhrase->iColumn!=iCol) ){
+    return SQLITE_OK;
+  }
+
+  iDocid = pExpr->iDocid;
+  pIter = pPhrase->doclist.pList;
+  if( iDocid!=pCsr->iPrevId || pExpr->bEof ){
+    int rc = SQLITE_OK;
+    int bDescDoclist = pTab->bDescIdx;      /* For DOCID_CMP macro */
+    int bOr = 0;
+    u8 bTreeEof = 0;
+    Fts3Expr *p;                  /* Used to iterate from pExpr to root */
+    Fts3Expr *pNear;              /* Most senior NEAR ancestor (or pExpr) */
+    int bMatch;
+
+    /* Check if this phrase descends from an OR expression node. If not, 
+    ** return NULL. Otherwise, the entry that corresponds to docid 
+    ** pCsr->iPrevId may lie earlier in the doclist buffer. Or, if the
+    ** tree that the node is part of has been marked as EOF, but the node
+    ** itself is not EOF, then it may point to an earlier entry. */
+    pNear = pExpr;
+    for(p=pExpr->pParent; p; p=p->pParent){
+      if( p->eType==FTSQUERY_OR ) bOr = 1;
+      if( p->eType==FTSQUERY_NEAR ) pNear = p;
+      if( p->bEof ) bTreeEof = 1;
+    }
+    if( bOr==0 ) return SQLITE_OK;
+
+    /* This is the descendent of an OR node. In this case we cannot use
+    ** an incremental phrase. Load the entire doclist for the phrase
+    ** into memory in this case.  */
+    if( pPhrase->bIncr ){
+      int bEofSave = pNear->bEof;
+      fts3EvalRestart(pCsr, pNear, &rc);
+      while( rc==SQLITE_OK && !pNear->bEof ){
+        fts3EvalNextRow(pCsr, pNear, &rc);
+        if( bEofSave==0 && pNear->iDocid==iDocid ) break;
+      }
+      assert( rc!=SQLITE_OK || pPhrase->bIncr==0 );
+    }
+    if( bTreeEof ){
+      while( rc==SQLITE_OK && !pNear->bEof ){
+        fts3EvalNextRow(pCsr, pNear, &rc);
+      }
+    }
+    if( rc!=SQLITE_OK ) return rc;
+
+    bMatch = 1;
+    for(p=pNear; p; p=p->pLeft){
+      u8 bEof = 0;
+      Fts3Expr *pTest = p;
+      Fts3Phrase *pPh;
+      assert( pTest->eType==FTSQUERY_NEAR || pTest->eType==FTSQUERY_PHRASE );
+      if( pTest->eType==FTSQUERY_NEAR ) pTest = pTest->pRight;
+      assert( pTest->eType==FTSQUERY_PHRASE );
+      pPh = pTest->pPhrase;
+
+      pIter = pPh->pOrPoslist;
+      iDocid = pPh->iOrDocid;
+      if( pCsr->bDesc==bDescDoclist ){
+        bEof = !pPh->doclist.nAll ||
+          (pIter >= (pPh->doclist.aAll + pPh->doclist.nAll));
+        while( (pIter==0 || DOCID_CMP(iDocid, pCsr->iPrevId)<0 ) && bEof==0 ){
+          sqlite3Fts3DoclistNext(
+              bDescDoclist, pPh->doclist.aAll, pPh->doclist.nAll, 
+              &pIter, &iDocid, &bEof
+          );
+        }
+      }else{
+        bEof = !pPh->doclist.nAll || (pIter && pIter<=pPh->doclist.aAll);
+        while( (pIter==0 || DOCID_CMP(iDocid, pCsr->iPrevId)>0 ) && bEof==0 ){
+          int dummy;
+          sqlite3Fts3DoclistPrev(
+              bDescDoclist, pPh->doclist.aAll, pPh->doclist.nAll, 
+              &pIter, &iDocid, &dummy, &bEof
+              );
+        }
+      }
+      pPh->pOrPoslist = pIter;
+      pPh->iOrDocid = iDocid;
+      if( bEof || iDocid!=pCsr->iPrevId ) bMatch = 0;
+    }
+
+    if( bMatch ){
+      pIter = pPhrase->pOrPoslist;
+    }else{
+      pIter = 0;
+    }
+  }
+  if( pIter==0 ) return SQLITE_OK;
+
+  if( *pIter==0x01 ){
+    pIter++;
+    pIter += fts3GetVarint32(pIter, &iThis);
+  }else{
+    iThis = 0;
+  }
+  while( iThis<iCol ){
+    fts3ColumnlistCopy(0, &pIter);
+    if( *pIter==0x00 ) return SQLITE_OK;
+    pIter++;
+    pIter += fts3GetVarint32(pIter, &iThis);
+  }
+  if( *pIter==0x00 ){
+    pIter = 0;
+  }
+
+  *ppOut = ((iCol==iThis)?pIter:0);
+  return SQLITE_OK;
+}
+
+/*
+** Free all components of the Fts3Phrase structure that were allocated by
+** the eval module. Specifically, this means to free:
+**
+**   * the contents of pPhrase->doclist, and
+**   * any Fts3MultiSegReader objects held by phrase tokens.
+*/
+SQLITE_PRIVATE void sqlite3Fts3EvalPhraseCleanup(Fts3Phrase *pPhrase){
+  if( pPhrase ){
+    int i;
+    sqlite3_free(pPhrase->doclist.aAll);
+    fts3EvalInvalidatePoslist(pPhrase);
+    memset(&pPhrase->doclist, 0, sizeof(Fts3Doclist));
+    for(i=0; i<pPhrase->nToken; i++){
+      fts3SegReaderCursorFree(pPhrase->aToken[i].pSegcsr);
+      pPhrase->aToken[i].pSegcsr = 0;
+    }
+  }
+}
+
+
+/*
+** Return SQLITE_CORRUPT_VTAB.
+*/
+#ifdef SQLITE_DEBUG
+SQLITE_PRIVATE int sqlite3Fts3Corrupt(){
+  return SQLITE_CORRUPT_VTAB;
+}
+#endif
+
+#if !SQLITE_CORE
+/*
+** Initialize API pointer table, if required.
+*/
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+SQLITE_API int SQLITE_STDCALL sqlite3_fts3_init(
+  sqlite3 *db, 
+  char **pzErrMsg,
+  const sqlite3_api_routines *pApi
+){
+  SQLITE_EXTENSION_INIT2(pApi)
+  return sqlite3Fts3Init(db);
+}
+#endif
+
+#endif
+
+/************** End of fts3.c ************************************************/
+/************** Begin file fts3_aux.c ****************************************/
+/*
+** 2011 Jan 27
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <string.h> */
+/* #include <assert.h> */
+
+typedef struct Fts3auxTable Fts3auxTable;
+typedef struct Fts3auxCursor Fts3auxCursor;
+
+struct Fts3auxTable {
+  sqlite3_vtab base;              /* Base class used by SQLite core */
+  Fts3Table *pFts3Tab;
+};
+
+struct Fts3auxCursor {
+  sqlite3_vtab_cursor base;       /* Base class used by SQLite core */
+  Fts3MultiSegReader csr;        /* Must be right after "base" */
+  Fts3SegFilter filter;
+  char *zStop;
+  int nStop;                      /* Byte-length of string zStop */
+  int iLangid;                    /* Language id to query */
+  int isEof;                      /* True if cursor is at EOF */
+  sqlite3_int64 iRowid;           /* Current rowid */
+
+  int iCol;                       /* Current value of 'col' column */
+  int nStat;                      /* Size of aStat[] array */
+  struct Fts3auxColstats {
+    sqlite3_int64 nDoc;           /* 'documents' values for current csr row */
+    sqlite3_int64 nOcc;           /* 'occurrences' values for current csr row */
+  } *aStat;
+};
+
+/*
+** Schema of the terms table.
+*/
+#define FTS3_AUX_SCHEMA \
+  "CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN)"
+
+/*
+** This function does all the work for both the xConnect and xCreate methods.
+** These tables have no persistent representation of their own, so xConnect
+** and xCreate are identical operations.
+*/
+static int fts3auxConnectMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pUnused,                  /* Unused */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  char const *zDb;                /* Name of database (e.g. "main") */
+  char const *zFts3;              /* Name of fts3 table */
+  int nDb;                        /* Result of strlen(zDb) */
+  int nFts3;                      /* Result of strlen(zFts3) */
+  int nByte;                      /* Bytes of space to allocate here */
+  int rc;                         /* value returned by declare_vtab() */
+  Fts3auxTable *p;                /* Virtual table object to return */
+
+  UNUSED_PARAMETER(pUnused);
+
+  /* The user should invoke this in one of two forms:
+  **
+  **     CREATE VIRTUAL TABLE xxx USING fts4aux(fts4-table);
+  **     CREATE VIRTUAL TABLE xxx USING fts4aux(fts4-table-db, fts4-table);
+  */
+  if( argc!=4 && argc!=5 ) goto bad_args;
+
+  zDb = argv[1]; 
+  nDb = (int)strlen(zDb);
+  if( argc==5 ){
+    if( nDb==4 && 0==sqlite3_strnicmp("temp", zDb, 4) ){
+      zDb = argv[3]; 
+      nDb = (int)strlen(zDb);
+      zFts3 = argv[4];
+    }else{
+      goto bad_args;
+    }
+  }else{
+    zFts3 = argv[3];
+  }
+  nFts3 = (int)strlen(zFts3);
+
+  rc = sqlite3_declare_vtab(db, FTS3_AUX_SCHEMA);
+  if( rc!=SQLITE_OK ) return rc;
+
+  nByte = sizeof(Fts3auxTable) + sizeof(Fts3Table) + nDb + nFts3 + 2;
+  p = (Fts3auxTable *)sqlite3_malloc(nByte);
+  if( !p ) return SQLITE_NOMEM;
+  memset(p, 0, nByte);
+
+  p->pFts3Tab = (Fts3Table *)&p[1];
+  p->pFts3Tab->zDb = (char *)&p->pFts3Tab[1];
+  p->pFts3Tab->zName = &p->pFts3Tab->zDb[nDb+1];
+  p->pFts3Tab->db = db;
+  p->pFts3Tab->nIndex = 1;
+
+  memcpy((char *)p->pFts3Tab->zDb, zDb, nDb);
+  memcpy((char *)p->pFts3Tab->zName, zFts3, nFts3);
+  sqlite3Fts3Dequote((char *)p->pFts3Tab->zName);
+
+  *ppVtab = (sqlite3_vtab *)p;
+  return SQLITE_OK;
+
+ bad_args:
+  sqlite3Fts3ErrMsg(pzErr, "invalid arguments to fts4aux constructor");
+  return SQLITE_ERROR;
+}
+
+/*
+** This function does the work for both the xDisconnect and xDestroy methods.
+** These tables have no persistent representation of their own, so xDisconnect
+** and xDestroy are identical operations.
+*/
+static int fts3auxDisconnectMethod(sqlite3_vtab *pVtab){
+  Fts3auxTable *p = (Fts3auxTable *)pVtab;
+  Fts3Table *pFts3 = p->pFts3Tab;
+  int i;
+
+  /* Free any prepared statements held */
+  for(i=0; i<SizeofArray(pFts3->aStmt); i++){
+    sqlite3_finalize(pFts3->aStmt[i]);
+  }
+  sqlite3_free(pFts3->zSegmentsTbl);
+  sqlite3_free(p);
+  return SQLITE_OK;
+}
+
+#define FTS4AUX_EQ_CONSTRAINT 1
+#define FTS4AUX_GE_CONSTRAINT 2
+#define FTS4AUX_LE_CONSTRAINT 4
+
+/*
+** xBestIndex - Analyze a WHERE and ORDER BY clause.
+*/
+static int fts3auxBestIndexMethod(
+  sqlite3_vtab *pVTab, 
+  sqlite3_index_info *pInfo
+){
+  int i;
+  int iEq = -1;
+  int iGe = -1;
+  int iLe = -1;
+  int iLangid = -1;
+  int iNext = 1;                  /* Next free argvIndex value */
+
+  UNUSED_PARAMETER(pVTab);
+
+  /* This vtab delivers always results in "ORDER BY term ASC" order. */
+  if( pInfo->nOrderBy==1 
+   && pInfo->aOrderBy[0].iColumn==0 
+   && pInfo->aOrderBy[0].desc==0
+  ){
+    pInfo->orderByConsumed = 1;
+  }
+
+  /* Search for equality and range constraints on the "term" column. 
+  ** And equality constraints on the hidden "languageid" column. */
+  for(i=0; i<pInfo->nConstraint; i++){
+    if( pInfo->aConstraint[i].usable ){
+      int op = pInfo->aConstraint[i].op;
+      int iCol = pInfo->aConstraint[i].iColumn;
+
+      if( iCol==0 ){
+        if( op==SQLITE_INDEX_CONSTRAINT_EQ ) iEq = i;
+        if( op==SQLITE_INDEX_CONSTRAINT_LT ) iLe = i;
+        if( op==SQLITE_INDEX_CONSTRAINT_LE ) iLe = i;
+        if( op==SQLITE_INDEX_CONSTRAINT_GT ) iGe = i;
+        if( op==SQLITE_INDEX_CONSTRAINT_GE ) iGe = i;
+      }
+      if( iCol==4 ){
+        if( op==SQLITE_INDEX_CONSTRAINT_EQ ) iLangid = i;
+      }
+    }
+  }
+
+  if( iEq>=0 ){
+    pInfo->idxNum = FTS4AUX_EQ_CONSTRAINT;
+    pInfo->aConstraintUsage[iEq].argvIndex = iNext++;
+    pInfo->estimatedCost = 5;
+  }else{
+    pInfo->idxNum = 0;
+    pInfo->estimatedCost = 20000;
+    if( iGe>=0 ){
+      pInfo->idxNum += FTS4AUX_GE_CONSTRAINT;
+      pInfo->aConstraintUsage[iGe].argvIndex = iNext++;
+      pInfo->estimatedCost /= 2;
+    }
+    if( iLe>=0 ){
+      pInfo->idxNum += FTS4AUX_LE_CONSTRAINT;
+      pInfo->aConstraintUsage[iLe].argvIndex = iNext++;
+      pInfo->estimatedCost /= 2;
+    }
+  }
+  if( iLangid>=0 ){
+    pInfo->aConstraintUsage[iLangid].argvIndex = iNext++;
+    pInfo->estimatedCost--;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** xOpen - Open a cursor.
+*/
+static int fts3auxOpenMethod(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCsr){
+  Fts3auxCursor *pCsr;            /* Pointer to cursor object to return */
+
+  UNUSED_PARAMETER(pVTab);
+
+  pCsr = (Fts3auxCursor *)sqlite3_malloc(sizeof(Fts3auxCursor));
+  if( !pCsr ) return SQLITE_NOMEM;
+  memset(pCsr, 0, sizeof(Fts3auxCursor));
+
+  *ppCsr = (sqlite3_vtab_cursor *)pCsr;
+  return SQLITE_OK;
+}
+
+/*
+** xClose - Close a cursor.
+*/
+static int fts3auxCloseMethod(sqlite3_vtab_cursor *pCursor){
+  Fts3Table *pFts3 = ((Fts3auxTable *)pCursor->pVtab)->pFts3Tab;
+  Fts3auxCursor *pCsr = (Fts3auxCursor *)pCursor;
+
+  sqlite3Fts3SegmentsClose(pFts3);
+  sqlite3Fts3SegReaderFinish(&pCsr->csr);
+  sqlite3_free((void *)pCsr->filter.zTerm);
+  sqlite3_free(pCsr->zStop);
+  sqlite3_free(pCsr->aStat);
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+static int fts3auxGrowStatArray(Fts3auxCursor *pCsr, int nSize){
+  if( nSize>pCsr->nStat ){
+    struct Fts3auxColstats *aNew;
+    aNew = (struct Fts3auxColstats *)sqlite3_realloc(pCsr->aStat, 
+        sizeof(struct Fts3auxColstats) * nSize
+    );
+    if( aNew==0 ) return SQLITE_NOMEM;
+    memset(&aNew[pCsr->nStat], 0, 
+        sizeof(struct Fts3auxColstats) * (nSize - pCsr->nStat)
+    );
+    pCsr->aStat = aNew;
+    pCsr->nStat = nSize;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** xNext - Advance the cursor to the next row, if any.
+*/
+static int fts3auxNextMethod(sqlite3_vtab_cursor *pCursor){
+  Fts3auxCursor *pCsr = (Fts3auxCursor *)pCursor;
+  Fts3Table *pFts3 = ((Fts3auxTable *)pCursor->pVtab)->pFts3Tab;
+  int rc;
+
+  /* Increment our pretend rowid value. */
+  pCsr->iRowid++;
+
+  for(pCsr->iCol++; pCsr->iCol<pCsr->nStat; pCsr->iCol++){
+    if( pCsr->aStat[pCsr->iCol].nDoc>0 ) return SQLITE_OK;
+  }
+
+  rc = sqlite3Fts3SegReaderStep(pFts3, &pCsr->csr);
+  if( rc==SQLITE_ROW ){
+    int i = 0;
+    int nDoclist = pCsr->csr.nDoclist;
+    char *aDoclist = pCsr->csr.aDoclist;
+    int iCol;
+
+    int eState = 0;
+
+    if( pCsr->zStop ){
+      int n = (pCsr->nStop<pCsr->csr.nTerm) ? pCsr->nStop : pCsr->csr.nTerm;
+      int mc = memcmp(pCsr->zStop, pCsr->csr.zTerm, n);
+      if( mc<0 || (mc==0 && pCsr->csr.nTerm>pCsr->nStop) ){
+        pCsr->isEof = 1;
+        return SQLITE_OK;
+      }
+    }
+
+    if( fts3auxGrowStatArray(pCsr, 2) ) return SQLITE_NOMEM;
+    memset(pCsr->aStat, 0, sizeof(struct Fts3auxColstats) * pCsr->nStat);
+    iCol = 0;
+
+    while( i<nDoclist ){
+      sqlite3_int64 v = 0;
+
+      i += sqlite3Fts3GetVarint(&aDoclist[i], &v);
+      switch( eState ){
+        /* State 0. In this state the integer just read was a docid. */
+        case 0:
+          pCsr->aStat[0].nDoc++;
+          eState = 1;
+          iCol = 0;
+          break;
+
+        /* State 1. In this state we are expecting either a 1, indicating
+        ** that the following integer will be a column number, or the
+        ** start of a position list for column 0.  
+        ** 
+        ** The only difference between state 1 and state 2 is that if the
+        ** integer encountered in state 1 is not 0 or 1, then we need to
+        ** increment the column 0 "nDoc" count for this term.
+        */
+        case 1:
+          assert( iCol==0 );
+          if( v>1 ){
+            pCsr->aStat[1].nDoc++;
+          }
+          eState = 2;
+          /* fall through */
+
+        case 2:
+          if( v==0 ){       /* 0x00. Next integer will be a docid. */
+            eState = 0;
+          }else if( v==1 ){ /* 0x01. Next integer will be a column number. */
+            eState = 3;
+          }else{            /* 2 or greater. A position. */
+            pCsr->aStat[iCol+1].nOcc++;
+            pCsr->aStat[0].nOcc++;
+          }
+          break;
+
+        /* State 3. The integer just read is a column number. */
+        default: assert( eState==3 );
+          iCol = (int)v;
+          if( fts3auxGrowStatArray(pCsr, iCol+2) ) return SQLITE_NOMEM;
+          pCsr->aStat[iCol+1].nDoc++;
+          eState = 2;
+          break;
+      }
+    }
+
+    pCsr->iCol = 0;
+    rc = SQLITE_OK;
+  }else{
+    pCsr->isEof = 1;
+  }
+  return rc;
+}
+
+/*
+** xFilter - Initialize a cursor to point at the start of its data.
+*/
+static int fts3auxFilterMethod(
+  sqlite3_vtab_cursor *pCursor,   /* The cursor used for this query */
+  int idxNum,                     /* Strategy index */
+  const char *idxStr,             /* Unused */
+  int nVal,                       /* Number of elements in apVal */
+  sqlite3_value **apVal           /* Arguments for the indexing scheme */
+){
+  Fts3auxCursor *pCsr = (Fts3auxCursor *)pCursor;
+  Fts3Table *pFts3 = ((Fts3auxTable *)pCursor->pVtab)->pFts3Tab;
+  int rc;
+  int isScan = 0;
+  int iLangVal = 0;               /* Language id to query */
+
+  int iEq = -1;                   /* Index of term=? value in apVal */
+  int iGe = -1;                   /* Index of term>=? value in apVal */
+  int iLe = -1;                   /* Index of term<=? value in apVal */
+  int iLangid = -1;               /* Index of languageid=? value in apVal */
+  int iNext = 0;
+
+  UNUSED_PARAMETER(nVal);
+  UNUSED_PARAMETER(idxStr);
+
+  assert( idxStr==0 );
+  assert( idxNum==FTS4AUX_EQ_CONSTRAINT || idxNum==0
+       || idxNum==FTS4AUX_LE_CONSTRAINT || idxNum==FTS4AUX_GE_CONSTRAINT
+       || idxNum==(FTS4AUX_LE_CONSTRAINT|FTS4AUX_GE_CONSTRAINT)
+  );
+
+  if( idxNum==FTS4AUX_EQ_CONSTRAINT ){
+    iEq = iNext++;
+  }else{
+    isScan = 1;
+    if( idxNum & FTS4AUX_GE_CONSTRAINT ){
+      iGe = iNext++;
+    }
+    if( idxNum & FTS4AUX_LE_CONSTRAINT ){
+      iLe = iNext++;
+    }
+  }
+  if( iNext<nVal ){
+    iLangid = iNext++;
+  }
+
+  /* In case this cursor is being reused, close and zero it. */
+  testcase(pCsr->filter.zTerm);
+  sqlite3Fts3SegReaderFinish(&pCsr->csr);
+  sqlite3_free((void *)pCsr->filter.zTerm);
+  sqlite3_free(pCsr->aStat);
+  memset(&pCsr->csr, 0, ((u8*)&pCsr[1]) - (u8*)&pCsr->csr);
+
+  pCsr->filter.flags = FTS3_SEGMENT_REQUIRE_POS|FTS3_SEGMENT_IGNORE_EMPTY;
+  if( isScan ) pCsr->filter.flags |= FTS3_SEGMENT_SCAN;
+
+  if( iEq>=0 || iGe>=0 ){
+    const unsigned char *zStr = sqlite3_value_text(apVal[0]);
+    assert( (iEq==0 && iGe==-1) || (iEq==-1 && iGe==0) );
+    if( zStr ){
+      pCsr->filter.zTerm = sqlite3_mprintf("%s", zStr);
+      pCsr->filter.nTerm = sqlite3_value_bytes(apVal[0]);
+      if( pCsr->filter.zTerm==0 ) return SQLITE_NOMEM;
+    }
+  }
+
+  if( iLe>=0 ){
+    pCsr->zStop = sqlite3_mprintf("%s", sqlite3_value_text(apVal[iLe]));
+    pCsr->nStop = sqlite3_value_bytes(apVal[iLe]);
+    if( pCsr->zStop==0 ) return SQLITE_NOMEM;
+  }
+  
+  if( iLangid>=0 ){
+    iLangVal = sqlite3_value_int(apVal[iLangid]);
+
+    /* If the user specified a negative value for the languageid, use zero
+    ** instead. This works, as the "languageid=?" constraint will also
+    ** be tested by the VDBE layer. The test will always be false (since
+    ** this module will not return a row with a negative languageid), and
+    ** so the overall query will return zero rows.  */
+    if( iLangVal<0 ) iLangVal = 0;
+  }
+  pCsr->iLangid = iLangVal;
+
+  rc = sqlite3Fts3SegReaderCursor(pFts3, iLangVal, 0, FTS3_SEGCURSOR_ALL,
+      pCsr->filter.zTerm, pCsr->filter.nTerm, 0, isScan, &pCsr->csr
+  );
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts3SegReaderStart(pFts3, &pCsr->csr, &pCsr->filter);
+  }
+
+  if( rc==SQLITE_OK ) rc = fts3auxNextMethod(pCursor);
+  return rc;
+}
+
+/*
+** xEof - Return true if the cursor is at EOF, or false otherwise.
+*/
+static int fts3auxEofMethod(sqlite3_vtab_cursor *pCursor){
+  Fts3auxCursor *pCsr = (Fts3auxCursor *)pCursor;
+  return pCsr->isEof;
+}
+
+/*
+** xColumn - Return a column value.
+*/
+static int fts3auxColumnMethod(
+  sqlite3_vtab_cursor *pCursor,   /* Cursor to retrieve value from */
+  sqlite3_context *pCtx,          /* Context for sqlite3_result_xxx() calls */
+  int iCol                        /* Index of column to read value from */
+){
+  Fts3auxCursor *p = (Fts3auxCursor *)pCursor;
+
+  assert( p->isEof==0 );
+  switch( iCol ){
+    case 0: /* term */
+      sqlite3_result_text(pCtx, p->csr.zTerm, p->csr.nTerm, SQLITE_TRANSIENT);
+      break;
+
+    case 1: /* col */
+      if( p->iCol ){
+        sqlite3_result_int(pCtx, p->iCol-1);
+      }else{
+        sqlite3_result_text(pCtx, "*", -1, SQLITE_STATIC);
+      }
+      break;
+
+    case 2: /* documents */
+      sqlite3_result_int64(pCtx, p->aStat[p->iCol].nDoc);
+      break;
+
+    case 3: /* occurrences */
+      sqlite3_result_int64(pCtx, p->aStat[p->iCol].nOcc);
+      break;
+
+    default: /* languageid */
+      assert( iCol==4 );
+      sqlite3_result_int(pCtx, p->iLangid);
+      break;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** xRowid - Return the current rowid for the cursor.
+*/
+static int fts3auxRowidMethod(
+  sqlite3_vtab_cursor *pCursor,   /* Cursor to retrieve value from */
+  sqlite_int64 *pRowid            /* OUT: Rowid value */
+){
+  Fts3auxCursor *pCsr = (Fts3auxCursor *)pCursor;
+  *pRowid = pCsr->iRowid;
+  return SQLITE_OK;
+}
+
+/*
+** Register the fts3aux module with database connection db. Return SQLITE_OK
+** if successful or an error code if sqlite3_create_module() fails.
+*/
+SQLITE_PRIVATE int sqlite3Fts3InitAux(sqlite3 *db){
+  static const sqlite3_module fts3aux_module = {
+     0,                           /* iVersion      */
+     fts3auxConnectMethod,        /* xCreate       */
+     fts3auxConnectMethod,        /* xConnect      */
+     fts3auxBestIndexMethod,      /* xBestIndex    */
+     fts3auxDisconnectMethod,     /* xDisconnect   */
+     fts3auxDisconnectMethod,     /* xDestroy      */
+     fts3auxOpenMethod,           /* xOpen         */
+     fts3auxCloseMethod,          /* xClose        */
+     fts3auxFilterMethod,         /* xFilter       */
+     fts3auxNextMethod,           /* xNext         */
+     fts3auxEofMethod,            /* xEof          */
+     fts3auxColumnMethod,         /* xColumn       */
+     fts3auxRowidMethod,          /* xRowid        */
+     0,                           /* xUpdate       */
+     0,                           /* xBegin        */
+     0,                           /* xSync         */
+     0,                           /* xCommit       */
+     0,                           /* xRollback     */
+     0,                           /* xFindFunction */
+     0,                           /* xRename       */
+     0,                           /* xSavepoint    */
+     0,                           /* xRelease      */
+     0                            /* xRollbackTo   */
+  };
+  int rc;                         /* Return code */
+
+  rc = sqlite3_create_module(db, "fts4aux", &fts3aux_module, 0);
+  return rc;
+}
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_aux.c ********************************************/
+/************** Begin file fts3_expr.c ***************************************/
+/*
+** 2008 Nov 28
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This module contains code that implements a parser for fts3 query strings
+** (the right-hand argument to the MATCH operator). Because the supported 
+** syntax is relatively simple, the whole tokenizer/parser system is
+** hand-coded. 
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/*
+** By default, this module parses the legacy syntax that has been 
+** traditionally used by fts3. Or, if SQLITE_ENABLE_FTS3_PARENTHESIS
+** is defined, then it uses the new syntax. The differences between
+** the new and the old syntaxes are:
+**
+**  a) The new syntax supports parenthesis. The old does not.
+**
+**  b) The new syntax supports the AND and NOT operators. The old does not.
+**
+**  c) The old syntax supports the "-" token qualifier. This is not 
+**     supported by the new syntax (it is replaced by the NOT operator).
+**
+**  d) When using the old syntax, the OR operator has a greater precedence
+**     than an implicit AND. When using the new, both implicity and explicit
+**     AND operators have a higher precedence than OR.
+**
+** If compiled with SQLITE_TEST defined, then this module exports the
+** symbol "int sqlite3_fts3_enable_parentheses". Setting this variable
+** to zero causes the module to use the old syntax. If it is set to 
+** non-zero the new syntax is activated. This is so both syntaxes can
+** be tested using a single build of testfixture.
+**
+** The following describes the syntax supported by the fts3 MATCH
+** operator in a similar format to that used by the lemon parser
+** generator. This module does not use actually lemon, it uses a
+** custom parser.
+**
+**   query ::= andexpr (OR andexpr)*.
+**
+**   andexpr ::= notexpr (AND? notexpr)*.
+**
+**   notexpr ::= nearexpr (NOT nearexpr|-TOKEN)*.
+**   notexpr ::= LP query RP.
+**
+**   nearexpr ::= phrase (NEAR distance_opt nearexpr)*.
+**
+**   distance_opt ::= .
+**   distance_opt ::= / INTEGER.
+**
+**   phrase ::= TOKEN.
+**   phrase ::= COLUMN:TOKEN.
+**   phrase ::= "TOKEN TOKEN TOKEN...".
+*/
+
+#ifdef SQLITE_TEST
+SQLITE_API int sqlite3_fts3_enable_parentheses = 0;
+#else
+# ifdef SQLITE_ENABLE_FTS3_PARENTHESIS 
+#  define sqlite3_fts3_enable_parentheses 1
+# else
+#  define sqlite3_fts3_enable_parentheses 0
+# endif
+#endif
+
+/*
+** Default span for NEAR operators.
+*/
+#define SQLITE_FTS3_DEFAULT_NEAR_PARAM 10
+
+/* #include <string.h> */
+/* #include <assert.h> */
+
+/*
+** isNot:
+**   This variable is used by function getNextNode(). When getNextNode() is
+**   called, it sets ParseContext.isNot to true if the 'next node' is a 
+**   FTSQUERY_PHRASE with a unary "-" attached to it. i.e. "mysql" in the
+**   FTS3 query "sqlite -mysql". Otherwise, ParseContext.isNot is set to
+**   zero.
+*/
+typedef struct ParseContext ParseContext;
+struct ParseContext {
+  sqlite3_tokenizer *pTokenizer;      /* Tokenizer module */
+  int iLangid;                        /* Language id used with tokenizer */
+  const char **azCol;                 /* Array of column names for fts3 table */
+  int bFts4;                          /* True to allow FTS4-only syntax */
+  int nCol;                           /* Number of entries in azCol[] */
+  int iDefaultCol;                    /* Default column to query */
+  int isNot;                          /* True if getNextNode() sees a unary - */
+  sqlite3_context *pCtx;              /* Write error message here */
+  int nNest;                          /* Number of nested brackets */
+};
+
+/*
+** This function is equivalent to the standard isspace() function. 
+**
+** The standard isspace() can be awkward to use safely, because although it
+** is defined to accept an argument of type int, its behavior when passed
+** an integer that falls outside of the range of the unsigned char type
+** is undefined (and sometimes, "undefined" means segfault). This wrapper
+** is defined to accept an argument of type char, and always returns 0 for
+** any values that fall outside of the range of the unsigned char type (i.e.
+** negative values).
+*/
+static int fts3isspace(char c){
+  return c==' ' || c=='\t' || c=='\n' || c=='\r' || c=='\v' || c=='\f';
+}
+
+/*
+** Allocate nByte bytes of memory using sqlite3_malloc(). If successful,
+** zero the memory before returning a pointer to it. If unsuccessful, 
+** return NULL.
+*/
+static void *fts3MallocZero(int nByte){
+  void *pRet = sqlite3_malloc(nByte);
+  if( pRet ) memset(pRet, 0, nByte);
+  return pRet;
+}
+
+SQLITE_PRIVATE int sqlite3Fts3OpenTokenizer(
+  sqlite3_tokenizer *pTokenizer,
+  int iLangid,
+  const char *z,
+  int n,
+  sqlite3_tokenizer_cursor **ppCsr
+){
+  sqlite3_tokenizer_module const *pModule = pTokenizer->pModule;
+  sqlite3_tokenizer_cursor *pCsr = 0;
+  int rc;
+
+  rc = pModule->xOpen(pTokenizer, z, n, &pCsr);
+  assert( rc==SQLITE_OK || pCsr==0 );
+  if( rc==SQLITE_OK ){
+    pCsr->pTokenizer = pTokenizer;
+    if( pModule->iVersion>=1 ){
+      rc = pModule->xLanguageid(pCsr, iLangid);
+      if( rc!=SQLITE_OK ){
+        pModule->xClose(pCsr);
+        pCsr = 0;
+      }
+    }
+  }
+  *ppCsr = pCsr;
+  return rc;
+}
+
+/*
+** Function getNextNode(), which is called by fts3ExprParse(), may itself
+** call fts3ExprParse(). So this forward declaration is required.
+*/
+static int fts3ExprParse(ParseContext *, const char *, int, Fts3Expr **, int *);
+
+/*
+** Extract the next token from buffer z (length n) using the tokenizer
+** and other information (column names etc.) in pParse. Create an Fts3Expr
+** structure of type FTSQUERY_PHRASE containing a phrase consisting of this
+** single token and set *ppExpr to point to it. If the end of the buffer is
+** reached before a token is found, set *ppExpr to zero. It is the
+** responsibility of the caller to eventually deallocate the allocated 
+** Fts3Expr structure (if any) by passing it to sqlite3_free().
+**
+** Return SQLITE_OK if successful, or SQLITE_NOMEM if a memory allocation
+** fails.
+*/
+static int getNextToken(
+  ParseContext *pParse,                   /* fts3 query parse context */
+  int iCol,                               /* Value for Fts3Phrase.iColumn */
+  const char *z, int n,                   /* Input string */
+  Fts3Expr **ppExpr,                      /* OUT: expression */
+  int *pnConsumed                         /* OUT: Number of bytes consumed */
+){
+  sqlite3_tokenizer *pTokenizer = pParse->pTokenizer;
+  sqlite3_tokenizer_module const *pModule = pTokenizer->pModule;
+  int rc;
+  sqlite3_tokenizer_cursor *pCursor;
+  Fts3Expr *pRet = 0;
+  int i = 0;
+
+  /* Set variable i to the maximum number of bytes of input to tokenize. */
+  for(i=0; i<n; i++){
+    if( sqlite3_fts3_enable_parentheses && (z[i]=='(' || z[i]==')') ) break;
+    if( z[i]=='"' ) break;
+  }
+
+  *pnConsumed = i;
+  rc = sqlite3Fts3OpenTokenizer(pTokenizer, pParse->iLangid, z, i, &pCursor);
+  if( rc==SQLITE_OK ){
+    const char *zToken;
+    int nToken = 0, iStart = 0, iEnd = 0, iPosition = 0;
+    int nByte;                               /* total space to allocate */
+
+    rc = pModule->xNext(pCursor, &zToken, &nToken, &iStart, &iEnd, &iPosition);
+    if( rc==SQLITE_OK ){
+      nByte = sizeof(Fts3Expr) + sizeof(Fts3Phrase) + nToken;
+      pRet = (Fts3Expr *)fts3MallocZero(nByte);
+      if( !pRet ){
+        rc = SQLITE_NOMEM;
+      }else{
+        pRet->eType = FTSQUERY_PHRASE;
+        pRet->pPhrase = (Fts3Phrase *)&pRet[1];
+        pRet->pPhrase->nToken = 1;
+        pRet->pPhrase->iColumn = iCol;
+        pRet->pPhrase->aToken[0].n = nToken;
+        pRet->pPhrase->aToken[0].z = (char *)&pRet->pPhrase[1];
+        memcpy(pRet->pPhrase->aToken[0].z, zToken, nToken);
+
+        if( iEnd<n && z[iEnd]=='*' ){
+          pRet->pPhrase->aToken[0].isPrefix = 1;
+          iEnd++;
+        }
+
+        while( 1 ){
+          if( !sqlite3_fts3_enable_parentheses 
+           && iStart>0 && z[iStart-1]=='-' 
+          ){
+            pParse->isNot = 1;
+            iStart--;
+          }else if( pParse->bFts4 && iStart>0 && z[iStart-1]=='^' ){
+            pRet->pPhrase->aToken[0].bFirst = 1;
+            iStart--;
+          }else{
+            break;
+          }
+        }
+
+      }
+      *pnConsumed = iEnd;
+    }else if( i && rc==SQLITE_DONE ){
+      rc = SQLITE_OK;
+    }
+
+    pModule->xClose(pCursor);
+  }
+  
+  *ppExpr = pRet;
+  return rc;
+}
+
+
+/*
+** Enlarge a memory allocation.  If an out-of-memory allocation occurs,
+** then free the old allocation.
+*/
+static void *fts3ReallocOrFree(void *pOrig, int nNew){
+  void *pRet = sqlite3_realloc(pOrig, nNew);
+  if( !pRet ){
+    sqlite3_free(pOrig);
+  }
+  return pRet;
+}
+
+/*
+** Buffer zInput, length nInput, contains the contents of a quoted string
+** that appeared as part of an fts3 query expression. Neither quote character
+** is included in the buffer. This function attempts to tokenize the entire
+** input buffer and create an Fts3Expr structure of type FTSQUERY_PHRASE 
+** containing the results.
+**
+** If successful, SQLITE_OK is returned and *ppExpr set to point at the
+** allocated Fts3Expr structure. Otherwise, either SQLITE_NOMEM (out of memory
+** error) or SQLITE_ERROR (tokenization error) is returned and *ppExpr set
+** to 0.
+*/
+static int getNextString(
+  ParseContext *pParse,                   /* fts3 query parse context */
+  const char *zInput, int nInput,         /* Input string */
+  Fts3Expr **ppExpr                       /* OUT: expression */
+){
+  sqlite3_tokenizer *pTokenizer = pParse->pTokenizer;
+  sqlite3_tokenizer_module const *pModule = pTokenizer->pModule;
+  int rc;
+  Fts3Expr *p = 0;
+  sqlite3_tokenizer_cursor *pCursor = 0;
+  char *zTemp = 0;
+  int nTemp = 0;
+
+  const int nSpace = sizeof(Fts3Expr) + sizeof(Fts3Phrase);
+  int nToken = 0;
+
+  /* The final Fts3Expr data structure, including the Fts3Phrase,
+  ** Fts3PhraseToken structures token buffers are all stored as a single 
+  ** allocation so that the expression can be freed with a single call to
+  ** sqlite3_free(). Setting this up requires a two pass approach.
+  **
+  ** The first pass, in the block below, uses a tokenizer cursor to iterate
+  ** through the tokens in the expression. This pass uses fts3ReallocOrFree()
+  ** to assemble data in two dynamic buffers:
+  **
+  **   Buffer p: Points to the Fts3Expr structure, followed by the Fts3Phrase
+  **             structure, followed by the array of Fts3PhraseToken 
+  **             structures. This pass only populates the Fts3PhraseToken array.
+  **
+  **   Buffer zTemp: Contains copies of all tokens.
+  **
+  ** The second pass, in the block that begins "if( rc==SQLITE_DONE )" below,
+  ** appends buffer zTemp to buffer p, and fills in the Fts3Expr and Fts3Phrase
+  ** structures.
+  */
+  rc = sqlite3Fts3OpenTokenizer(
+      pTokenizer, pParse->iLangid, zInput, nInput, &pCursor);
+  if( rc==SQLITE_OK ){
+    int ii;
+    for(ii=0; rc==SQLITE_OK; ii++){
+      const char *zByte;
+      int nByte = 0, iBegin = 0, iEnd = 0, iPos = 0;
+      rc = pModule->xNext(pCursor, &zByte, &nByte, &iBegin, &iEnd, &iPos);
+      if( rc==SQLITE_OK ){
+        Fts3PhraseToken *pToken;
+
+        p = fts3ReallocOrFree(p, nSpace + ii*sizeof(Fts3PhraseToken));
+        if( !p ) goto no_mem;
+
+        zTemp = fts3ReallocOrFree(zTemp, nTemp + nByte);
+        if( !zTemp ) goto no_mem;
+
+        assert( nToken==ii );
+        pToken = &((Fts3Phrase *)(&p[1]))->aToken[ii];
+        memset(pToken, 0, sizeof(Fts3PhraseToken));
+
+        memcpy(&zTemp[nTemp], zByte, nByte);
+        nTemp += nByte;
+
+        pToken->n = nByte;
+        pToken->isPrefix = (iEnd<nInput && zInput[iEnd]=='*');
+        pToken->bFirst = (iBegin>0 && zInput[iBegin-1]=='^');
+        nToken = ii+1;
+      }
+    }
+
+    pModule->xClose(pCursor);
+    pCursor = 0;
+  }
+
+  if( rc==SQLITE_DONE ){
+    int jj;
+    char *zBuf = 0;
+
+    p = fts3ReallocOrFree(p, nSpace + nToken*sizeof(Fts3PhraseToken) + nTemp);
+    if( !p ) goto no_mem;
+    memset(p, 0, (char *)&(((Fts3Phrase *)&p[1])->aToken[0])-(char *)p);
+    p->eType = FTSQUERY_PHRASE;
+    p->pPhrase = (Fts3Phrase *)&p[1];
+    p->pPhrase->iColumn = pParse->iDefaultCol;
+    p->pPhrase->nToken = nToken;
+
+    zBuf = (char *)&p->pPhrase->aToken[nToken];
+    if( zTemp ){
+      memcpy(zBuf, zTemp, nTemp);
+      sqlite3_free(zTemp);
+    }else{
+      assert( nTemp==0 );
+    }
+
+    for(jj=0; jj<p->pPhrase->nToken; jj++){
+      p->pPhrase->aToken[jj].z = zBuf;
+      zBuf += p->pPhrase->aToken[jj].n;
+    }
+    rc = SQLITE_OK;
+  }
+
+  *ppExpr = p;
+  return rc;
+no_mem:
+
+  if( pCursor ){
+    pModule->xClose(pCursor);
+  }
+  sqlite3_free(zTemp);
+  sqlite3_free(p);
+  *ppExpr = 0;
+  return SQLITE_NOMEM;
+}
+
+/*
+** The output variable *ppExpr is populated with an allocated Fts3Expr 
+** structure, or set to 0 if the end of the input buffer is reached.
+**
+** Returns an SQLite error code. SQLITE_OK if everything works, SQLITE_NOMEM
+** if a malloc failure occurs, or SQLITE_ERROR if a parse error is encountered.
+** If SQLITE_ERROR is returned, pContext is populated with an error message.
+*/
+static int getNextNode(
+  ParseContext *pParse,                   /* fts3 query parse context */
+  const char *z, int n,                   /* Input string */
+  Fts3Expr **ppExpr,                      /* OUT: expression */
+  int *pnConsumed                         /* OUT: Number of bytes consumed */
+){
+  static const struct Fts3Keyword {
+    char *z;                              /* Keyword text */
+    unsigned char n;                      /* Length of the keyword */
+    unsigned char parenOnly;              /* Only valid in paren mode */
+    unsigned char eType;                  /* Keyword code */
+  } aKeyword[] = {
+    { "OR" ,  2, 0, FTSQUERY_OR   },
+    { "AND",  3, 1, FTSQUERY_AND  },
+    { "NOT",  3, 1, FTSQUERY_NOT  },
+    { "NEAR", 4, 0, FTSQUERY_NEAR }
+  };
+  int ii;
+  int iCol;
+  int iColLen;
+  int rc;
+  Fts3Expr *pRet = 0;
+
+  const char *zInput = z;
+  int nInput = n;
+
+  pParse->isNot = 0;
+
+  /* Skip over any whitespace before checking for a keyword, an open or
+  ** close bracket, or a quoted string. 
+  */
+  while( nInput>0 && fts3isspace(*zInput) ){
+    nInput--;
+    zInput++;
+  }
+  if( nInput==0 ){
+    return SQLITE_DONE;
+  }
+
+  /* See if we are dealing with a keyword. */
+  for(ii=0; ii<(int)(sizeof(aKeyword)/sizeof(struct Fts3Keyword)); ii++){
+    const struct Fts3Keyword *pKey = &aKeyword[ii];
+
+    if( (pKey->parenOnly & ~sqlite3_fts3_enable_parentheses)!=0 ){
+      continue;
+    }
+
+    if( nInput>=pKey->n && 0==memcmp(zInput, pKey->z, pKey->n) ){
+      int nNear = SQLITE_FTS3_DEFAULT_NEAR_PARAM;
+      int nKey = pKey->n;
+      char cNext;
+
+      /* If this is a "NEAR" keyword, check for an explicit nearness. */
+      if( pKey->eType==FTSQUERY_NEAR ){
+        assert( nKey==4 );
+        if( zInput[4]=='/' && zInput[5]>='0' && zInput[5]<='9' ){
+          nNear = 0;
+          for(nKey=5; zInput[nKey]>='0' && zInput[nKey]<='9'; nKey++){
+            nNear = nNear * 10 + (zInput[nKey] - '0');
+          }
+        }
+      }
+
+      /* At this point this is probably a keyword. But for that to be true,
+      ** the next byte must contain either whitespace, an open or close
+      ** parenthesis, a quote character, or EOF. 
+      */
+      cNext = zInput[nKey];
+      if( fts3isspace(cNext) 
+       || cNext=='"' || cNext=='(' || cNext==')' || cNext==0
+      ){
+        pRet = (Fts3Expr *)fts3MallocZero(sizeof(Fts3Expr));
+        if( !pRet ){
+          return SQLITE_NOMEM;
+        }
+        pRet->eType = pKey->eType;
+        pRet->nNear = nNear;
+        *ppExpr = pRet;
+        *pnConsumed = (int)((zInput - z) + nKey);
+        return SQLITE_OK;
+      }
+
+      /* Turns out that wasn't a keyword after all. This happens if the
+      ** user has supplied a token such as "ORacle". Continue.
+      */
+    }
+  }
+
+  /* See if we are dealing with a quoted phrase. If this is the case, then
+  ** search for the closing quote and pass the whole string to getNextString()
+  ** for processing. This is easy to do, as fts3 has no syntax for escaping
+  ** a quote character embedded in a string.
+  */
+  if( *zInput=='"' ){
+    for(ii=1; ii<nInput && zInput[ii]!='"'; ii++);
+    *pnConsumed = (int)((zInput - z) + ii + 1);
+    if( ii==nInput ){
+      return SQLITE_ERROR;
+    }
+    return getNextString(pParse, &zInput[1], ii-1, ppExpr);
+  }
+
+  if( sqlite3_fts3_enable_parentheses ){
+    if( *zInput=='(' ){
+      int nConsumed = 0;
+      pParse->nNest++;
+      rc = fts3ExprParse(pParse, zInput+1, nInput-1, ppExpr, &nConsumed);
+      if( rc==SQLITE_OK && !*ppExpr ){ rc = SQLITE_DONE; }
+      *pnConsumed = (int)(zInput - z) + 1 + nConsumed;
+      return rc;
+    }else if( *zInput==')' ){
+      pParse->nNest--;
+      *pnConsumed = (int)((zInput - z) + 1);
+      *ppExpr = 0;
+      return SQLITE_DONE;
+    }
+  }
+
+  /* If control flows to this point, this must be a regular token, or 
+  ** the end of the input. Read a regular token using the sqlite3_tokenizer
+  ** interface. Before doing so, figure out if there is an explicit
+  ** column specifier for the token. 
+  **
+  ** TODO: Strangely, it is not possible to associate a column specifier
+  ** with a quoted phrase, only with a single token. Not sure if this was
+  ** an implementation artifact or an intentional decision when fts3 was
+  ** first implemented. Whichever it was, this module duplicates the 
+  ** limitation.
+  */
+  iCol = pParse->iDefaultCol;
+  iColLen = 0;
+  for(ii=0; ii<pParse->nCol; ii++){
+    const char *zStr = pParse->azCol[ii];
+    int nStr = (int)strlen(zStr);
+    if( nInput>nStr && zInput[nStr]==':' 
+     && sqlite3_strnicmp(zStr, zInput, nStr)==0 
+    ){
+      iCol = ii;
+      iColLen = (int)((zInput - z) + nStr + 1);
+      break;
+    }
+  }
+  rc = getNextToken(pParse, iCol, &z[iColLen], n-iColLen, ppExpr, pnConsumed);
+  *pnConsumed += iColLen;
+  return rc;
+}
+
+/*
+** The argument is an Fts3Expr structure for a binary operator (any type
+** except an FTSQUERY_PHRASE). Return an integer value representing the
+** precedence of the operator. Lower values have a higher precedence (i.e.
+** group more tightly). For example, in the C language, the == operator
+** groups more tightly than ||, and would therefore have a higher precedence.
+**
+** When using the new fts3 query syntax (when SQLITE_ENABLE_FTS3_PARENTHESIS
+** is defined), the order of the operators in precedence from highest to
+** lowest is:
+**
+**   NEAR
+**   NOT
+**   AND (including implicit ANDs)
+**   OR
+**
+** Note that when using the old query syntax, the OR operator has a higher
+** precedence than the AND operator.
+*/
+static int opPrecedence(Fts3Expr *p){
+  assert( p->eType!=FTSQUERY_PHRASE );
+  if( sqlite3_fts3_enable_parentheses ){
+    return p->eType;
+  }else if( p->eType==FTSQUERY_NEAR ){
+    return 1;
+  }else if( p->eType==FTSQUERY_OR ){
+    return 2;
+  }
+  assert( p->eType==FTSQUERY_AND );
+  return 3;
+}
+
+/*
+** Argument ppHead contains a pointer to the current head of a query 
+** expression tree being parsed. pPrev is the expression node most recently
+** inserted into the tree. This function adds pNew, which is always a binary
+** operator node, into the expression tree based on the relative precedence
+** of pNew and the existing nodes of the tree. This may result in the head
+** of the tree changing, in which case *ppHead is set to the new root node.
+*/
+static void insertBinaryOperator(
+  Fts3Expr **ppHead,       /* Pointer to the root node of a tree */
+  Fts3Expr *pPrev,         /* Node most recently inserted into the tree */
+  Fts3Expr *pNew           /* New binary node to insert into expression tree */
+){
+  Fts3Expr *pSplit = pPrev;
+  while( pSplit->pParent && opPrecedence(pSplit->pParent)<=opPrecedence(pNew) ){
+    pSplit = pSplit->pParent;
+  }
+
+  if( pSplit->pParent ){
+    assert( pSplit->pParent->pRight==pSplit );
+    pSplit->pParent->pRight = pNew;
+    pNew->pParent = pSplit->pParent;
+  }else{
+    *ppHead = pNew;
+  }
+  pNew->pLeft = pSplit;
+  pSplit->pParent = pNew;
+}
+
+/*
+** Parse the fts3 query expression found in buffer z, length n. This function
+** returns either when the end of the buffer is reached or an unmatched 
+** closing bracket - ')' - is encountered.
+**
+** If successful, SQLITE_OK is returned, *ppExpr is set to point to the
+** parsed form of the expression and *pnConsumed is set to the number of
+** bytes read from buffer z. Otherwise, *ppExpr is set to 0 and SQLITE_NOMEM
+** (out of memory error) or SQLITE_ERROR (parse error) is returned.
+*/
+static int fts3ExprParse(
+  ParseContext *pParse,                   /* fts3 query parse context */
+  const char *z, int n,                   /* Text of MATCH query */
+  Fts3Expr **ppExpr,                      /* OUT: Parsed query structure */
+  int *pnConsumed                         /* OUT: Number of bytes consumed */
+){
+  Fts3Expr *pRet = 0;
+  Fts3Expr *pPrev = 0;
+  Fts3Expr *pNotBranch = 0;               /* Only used in legacy parse mode */
+  int nIn = n;
+  const char *zIn = z;
+  int rc = SQLITE_OK;
+  int isRequirePhrase = 1;
+
+  while( rc==SQLITE_OK ){
+    Fts3Expr *p = 0;
+    int nByte = 0;
+
+    rc = getNextNode(pParse, zIn, nIn, &p, &nByte);
+    assert( nByte>0 || (rc!=SQLITE_OK && p==0) );
+    if( rc==SQLITE_OK ){
+      if( p ){
+        int isPhrase;
+
+        if( !sqlite3_fts3_enable_parentheses 
+            && p->eType==FTSQUERY_PHRASE && pParse->isNot 
+        ){
+          /* Create an implicit NOT operator. */
+          Fts3Expr *pNot = fts3MallocZero(sizeof(Fts3Expr));
+          if( !pNot ){
+            sqlite3Fts3ExprFree(p);
+            rc = SQLITE_NOMEM;
+            goto exprparse_out;
+          }
+          pNot->eType = FTSQUERY_NOT;
+          pNot->pRight = p;
+          p->pParent = pNot;
+          if( pNotBranch ){
+            pNot->pLeft = pNotBranch;
+            pNotBranch->pParent = pNot;
+          }
+          pNotBranch = pNot;
+          p = pPrev;
+        }else{
+          int eType = p->eType;
+          isPhrase = (eType==FTSQUERY_PHRASE || p->pLeft);
+
+          /* The isRequirePhrase variable is set to true if a phrase or
+          ** an expression contained in parenthesis is required. If a
+          ** binary operator (AND, OR, NOT or NEAR) is encounted when
+          ** isRequirePhrase is set, this is a syntax error.
+          */
+          if( !isPhrase && isRequirePhrase ){
+            sqlite3Fts3ExprFree(p);
+            rc = SQLITE_ERROR;
+            goto exprparse_out;
+          }
+
+          if( isPhrase && !isRequirePhrase ){
+            /* Insert an implicit AND operator. */
+            Fts3Expr *pAnd;
+            assert( pRet && pPrev );
+            pAnd = fts3MallocZero(sizeof(Fts3Expr));
+            if( !pAnd ){
+              sqlite3Fts3ExprFree(p);
+              rc = SQLITE_NOMEM;
+              goto exprparse_out;
+            }
+            pAnd->eType = FTSQUERY_AND;
+            insertBinaryOperator(&pRet, pPrev, pAnd);
+            pPrev = pAnd;
+          }
+
+          /* This test catches attempts to make either operand of a NEAR
+           ** operator something other than a phrase. For example, either of
+           ** the following:
+           **
+           **    (bracketed expression) NEAR phrase
+           **    phrase NEAR (bracketed expression)
+           **
+           ** Return an error in either case.
+           */
+          if( pPrev && (
+            (eType==FTSQUERY_NEAR && !isPhrase && pPrev->eType!=FTSQUERY_PHRASE)
+         || (eType!=FTSQUERY_PHRASE && isPhrase && pPrev->eType==FTSQUERY_NEAR)
+          )){
+            sqlite3Fts3ExprFree(p);
+            rc = SQLITE_ERROR;
+            goto exprparse_out;
+          }
+
+          if( isPhrase ){
+            if( pRet ){
+              assert( pPrev && pPrev->pLeft && pPrev->pRight==0 );
+              pPrev->pRight = p;
+              p->pParent = pPrev;
+            }else{
+              pRet = p;
+            }
+          }else{
+            insertBinaryOperator(&pRet, pPrev, p);
+          }
+          isRequirePhrase = !isPhrase;
+        }
+        pPrev = p;
+      }
+      assert( nByte>0 );
+    }
+    assert( rc!=SQLITE_OK || (nByte>0 && nByte<=nIn) );
+    nIn -= nByte;
+    zIn += nByte;
+  }
+
+  if( rc==SQLITE_DONE && pRet && isRequirePhrase ){
+    rc = SQLITE_ERROR;
+  }
+
+  if( rc==SQLITE_DONE ){
+    rc = SQLITE_OK;
+    if( !sqlite3_fts3_enable_parentheses && pNotBranch ){
+      if( !pRet ){
+        rc = SQLITE_ERROR;
+      }else{
+        Fts3Expr *pIter = pNotBranch;
+        while( pIter->pLeft ){
+          pIter = pIter->pLeft;
+        }
+        pIter->pLeft = pRet;
+        pRet->pParent = pIter;
+        pRet = pNotBranch;
+      }
+    }
+  }
+  *pnConsumed = n - nIn;
+
+exprparse_out:
+  if( rc!=SQLITE_OK ){
+    sqlite3Fts3ExprFree(pRet);
+    sqlite3Fts3ExprFree(pNotBranch);
+    pRet = 0;
+  }
+  *ppExpr = pRet;
+  return rc;
+}
+
+/*
+** Return SQLITE_ERROR if the maximum depth of the expression tree passed 
+** as the only argument is more than nMaxDepth.
+*/
+static int fts3ExprCheckDepth(Fts3Expr *p, int nMaxDepth){
+  int rc = SQLITE_OK;
+  if( p ){
+    if( nMaxDepth<0 ){ 
+      rc = SQLITE_TOOBIG;
+    }else{
+      rc = fts3ExprCheckDepth(p->pLeft, nMaxDepth-1);
+      if( rc==SQLITE_OK ){
+        rc = fts3ExprCheckDepth(p->pRight, nMaxDepth-1);
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** This function attempts to transform the expression tree at (*pp) to
+** an equivalent but more balanced form. The tree is modified in place.
+** If successful, SQLITE_OK is returned and (*pp) set to point to the 
+** new root expression node. 
+**
+** nMaxDepth is the maximum allowable depth of the balanced sub-tree.
+**
+** Otherwise, if an error occurs, an SQLite error code is returned and 
+** expression (*pp) freed.
+*/
+static int fts3ExprBalance(Fts3Expr **pp, int nMaxDepth){
+  int rc = SQLITE_OK;             /* Return code */
+  Fts3Expr *pRoot = *pp;          /* Initial root node */
+  Fts3Expr *pFree = 0;            /* List of free nodes. Linked by pParent. */
+  int eType = pRoot->eType;       /* Type of node in this tree */
+
+  if( nMaxDepth==0 ){
+    rc = SQLITE_ERROR;
+  }
+
+  if( rc==SQLITE_OK ){
+    if( (eType==FTSQUERY_AND || eType==FTSQUERY_OR) ){
+      Fts3Expr **apLeaf;
+      apLeaf = (Fts3Expr **)sqlite3_malloc(sizeof(Fts3Expr *) * nMaxDepth);
+      if( 0==apLeaf ){
+        rc = SQLITE_NOMEM;
+      }else{
+        memset(apLeaf, 0, sizeof(Fts3Expr *) * nMaxDepth);
+      }
+
+      if( rc==SQLITE_OK ){
+        int i;
+        Fts3Expr *p;
+
+        /* Set $p to point to the left-most leaf in the tree of eType nodes. */
+        for(p=pRoot; p->eType==eType; p=p->pLeft){
+          assert( p->pParent==0 || p->pParent->pLeft==p );
+          assert( p->pLeft && p->pRight );
+        }
+
+        /* This loop runs once for each leaf in the tree of eType nodes. */
+        while( 1 ){
+          int iLvl;
+          Fts3Expr *pParent = p->pParent;     /* Current parent of p */
+
+          assert( pParent==0 || pParent->pLeft==p );
+          p->pParent = 0;
+          if( pParent ){
+            pParent->pLeft = 0;
+          }else{
+            pRoot = 0;
+          }
+          rc = fts3ExprBalance(&p, nMaxDepth-1);
+          if( rc!=SQLITE_OK ) break;
+
+          for(iLvl=0; p && iLvl<nMaxDepth; iLvl++){
+            if( apLeaf[iLvl]==0 ){
+              apLeaf[iLvl] = p;
+              p = 0;
+            }else{
+              assert( pFree );
+              pFree->pLeft = apLeaf[iLvl];
+              pFree->pRight = p;
+              pFree->pLeft->pParent = pFree;
+              pFree->pRight->pParent = pFree;
+
+              p = pFree;
+              pFree = pFree->pParent;
+              p->pParent = 0;
+              apLeaf[iLvl] = 0;
+            }
+          }
+          if( p ){
+            sqlite3Fts3ExprFree(p);
+            rc = SQLITE_TOOBIG;
+            break;
+          }
+
+          /* If that was the last leaf node, break out of the loop */
+          if( pParent==0 ) break;
+
+          /* Set $p to point to the next leaf in the tree of eType nodes */
+          for(p=pParent->pRight; p->eType==eType; p=p->pLeft);
+
+          /* Remove pParent from the original tree. */
+          assert( pParent->pParent==0 || pParent->pParent->pLeft==pParent );
+          pParent->pRight->pParent = pParent->pParent;
+          if( pParent->pParent ){
+            pParent->pParent->pLeft = pParent->pRight;
+          }else{
+            assert( pParent==pRoot );
+            pRoot = pParent->pRight;
+          }
+
+          /* Link pParent into the free node list. It will be used as an
+          ** internal node of the new tree.  */
+          pParent->pParent = pFree;
+          pFree = pParent;
+        }
+
+        if( rc==SQLITE_OK ){
+          p = 0;
+          for(i=0; i<nMaxDepth; i++){
+            if( apLeaf[i] ){
+              if( p==0 ){
+                p = apLeaf[i];
+                p->pParent = 0;
+              }else{
+                assert( pFree!=0 );
+                pFree->pRight = p;
+                pFree->pLeft = apLeaf[i];
+                pFree->pLeft->pParent = pFree;
+                pFree->pRight->pParent = pFree;
+
+                p = pFree;
+                pFree = pFree->pParent;
+                p->pParent = 0;
+              }
+            }
+          }
+          pRoot = p;
+        }else{
+          /* An error occurred. Delete the contents of the apLeaf[] array 
+          ** and pFree list. Everything else is cleaned up by the call to
+          ** sqlite3Fts3ExprFree(pRoot) below.  */
+          Fts3Expr *pDel;
+          for(i=0; i<nMaxDepth; i++){
+            sqlite3Fts3ExprFree(apLeaf[i]);
+          }
+          while( (pDel=pFree)!=0 ){
+            pFree = pDel->pParent;
+            sqlite3_free(pDel);
+          }
+        }
+
+        assert( pFree==0 );
+        sqlite3_free( apLeaf );
+      }
+    }else if( eType==FTSQUERY_NOT ){
+      Fts3Expr *pLeft = pRoot->pLeft;
+      Fts3Expr *pRight = pRoot->pRight;
+
+      pRoot->pLeft = 0;
+      pRoot->pRight = 0;
+      pLeft->pParent = 0;
+      pRight->pParent = 0;
+
+      rc = fts3ExprBalance(&pLeft, nMaxDepth-1);
+      if( rc==SQLITE_OK ){
+        rc = fts3ExprBalance(&pRight, nMaxDepth-1);
+      }
+
+      if( rc!=SQLITE_OK ){
+        sqlite3Fts3ExprFree(pRight);
+        sqlite3Fts3ExprFree(pLeft);
+      }else{
+        assert( pLeft && pRight );
+        pRoot->pLeft = pLeft;
+        pLeft->pParent = pRoot;
+        pRoot->pRight = pRight;
+        pRight->pParent = pRoot;
+      }
+    }
+  }
+  
+  if( rc!=SQLITE_OK ){
+    sqlite3Fts3ExprFree(pRoot);
+    pRoot = 0;
+  }
+  *pp = pRoot;
+  return rc;
+}
+
+/*
+** This function is similar to sqlite3Fts3ExprParse(), with the following
+** differences:
+**
+**   1. It does not do expression rebalancing.
+**   2. It does not check that the expression does not exceed the 
+**      maximum allowable depth.
+**   3. Even if it fails, *ppExpr may still be set to point to an 
+**      expression tree. It should be deleted using sqlite3Fts3ExprFree()
+**      in this case.
+*/
+static int fts3ExprParseUnbalanced(
+  sqlite3_tokenizer *pTokenizer,      /* Tokenizer module */
+  int iLangid,                        /* Language id for tokenizer */
+  char **azCol,                       /* Array of column names for fts3 table */
+  int bFts4,                          /* True to allow FTS4-only syntax */
+  int nCol,                           /* Number of entries in azCol[] */
+  int iDefaultCol,                    /* Default column to query */
+  const char *z, int n,               /* Text of MATCH query */
+  Fts3Expr **ppExpr                   /* OUT: Parsed query structure */
+){
+  int nParsed;
+  int rc;
+  ParseContext sParse;
+
+  memset(&sParse, 0, sizeof(ParseContext));
+  sParse.pTokenizer = pTokenizer;
+  sParse.iLangid = iLangid;
+  sParse.azCol = (const char **)azCol;
+  sParse.nCol = nCol;
+  sParse.iDefaultCol = iDefaultCol;
+  sParse.bFts4 = bFts4;
+  if( z==0 ){
+    *ppExpr = 0;
+    return SQLITE_OK;
+  }
+  if( n<0 ){
+    n = (int)strlen(z);
+  }
+  rc = fts3ExprParse(&sParse, z, n, ppExpr, &nParsed);
+  assert( rc==SQLITE_OK || *ppExpr==0 );
+
+  /* Check for mismatched parenthesis */
+  if( rc==SQLITE_OK && sParse.nNest ){
+    rc = SQLITE_ERROR;
+  }
+  
+  return rc;
+}
+
+/*
+** Parameters z and n contain a pointer to and length of a buffer containing
+** an fts3 query expression, respectively. This function attempts to parse the
+** query expression and create a tree of Fts3Expr structures representing the
+** parsed expression. If successful, *ppExpr is set to point to the head
+** of the parsed expression tree and SQLITE_OK is returned. If an error
+** occurs, either SQLITE_NOMEM (out-of-memory error) or SQLITE_ERROR (parse
+** error) is returned and *ppExpr is set to 0.
+**
+** If parameter n is a negative number, then z is assumed to point to a
+** nul-terminated string and the length is determined using strlen().
+**
+** The first parameter, pTokenizer, is passed the fts3 tokenizer module to
+** use to normalize query tokens while parsing the expression. The azCol[]
+** array, which is assumed to contain nCol entries, should contain the names
+** of each column in the target fts3 table, in order from left to right. 
+** Column names must be nul-terminated strings.
+**
+** The iDefaultCol parameter should be passed the index of the table column
+** that appears on the left-hand-side of the MATCH operator (the default
+** column to match against for tokens for which a column name is not explicitly
+** specified as part of the query string), or -1 if tokens may by default
+** match any table column.
+*/
+SQLITE_PRIVATE int sqlite3Fts3ExprParse(
+  sqlite3_tokenizer *pTokenizer,      /* Tokenizer module */
+  int iLangid,                        /* Language id for tokenizer */
+  char **azCol,                       /* Array of column names for fts3 table */
+  int bFts4,                          /* True to allow FTS4-only syntax */
+  int nCol,                           /* Number of entries in azCol[] */
+  int iDefaultCol,                    /* Default column to query */
+  const char *z, int n,               /* Text of MATCH query */
+  Fts3Expr **ppExpr,                  /* OUT: Parsed query structure */
+  char **pzErr                        /* OUT: Error message (sqlite3_malloc) */
+){
+  int rc = fts3ExprParseUnbalanced(
+      pTokenizer, iLangid, azCol, bFts4, nCol, iDefaultCol, z, n, ppExpr
+  );
+  
+  /* Rebalance the expression. And check that its depth does not exceed
+  ** SQLITE_FTS3_MAX_EXPR_DEPTH.  */
+  if( rc==SQLITE_OK && *ppExpr ){
+    rc = fts3ExprBalance(ppExpr, SQLITE_FTS3_MAX_EXPR_DEPTH);
+    if( rc==SQLITE_OK ){
+      rc = fts3ExprCheckDepth(*ppExpr, SQLITE_FTS3_MAX_EXPR_DEPTH);
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    sqlite3Fts3ExprFree(*ppExpr);
+    *ppExpr = 0;
+    if( rc==SQLITE_TOOBIG ){
+      sqlite3Fts3ErrMsg(pzErr,
+          "FTS expression tree is too large (maximum depth %d)", 
+          SQLITE_FTS3_MAX_EXPR_DEPTH
+      );
+      rc = SQLITE_ERROR;
+    }else if( rc==SQLITE_ERROR ){
+      sqlite3Fts3ErrMsg(pzErr, "malformed MATCH expression: [%s]", z);
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Free a single node of an expression tree.
+*/
+static void fts3FreeExprNode(Fts3Expr *p){
+  assert( p->eType==FTSQUERY_PHRASE || p->pPhrase==0 );
+  sqlite3Fts3EvalPhraseCleanup(p->pPhrase);
+  sqlite3_free(p->aMI);
+  sqlite3_free(p);
+}
+
+/*
+** Free a parsed fts3 query expression allocated by sqlite3Fts3ExprParse().
+**
+** This function would be simpler if it recursively called itself. But
+** that would mean passing a sufficiently large expression to ExprParse()
+** could cause a stack overflow.
+*/
+SQLITE_PRIVATE void sqlite3Fts3ExprFree(Fts3Expr *pDel){
+  Fts3Expr *p;
+  assert( pDel==0 || pDel->pParent==0 );
+  for(p=pDel; p && (p->pLeft||p->pRight); p=(p->pLeft ? p->pLeft : p->pRight)){
+    assert( p->pParent==0 || p==p->pParent->pRight || p==p->pParent->pLeft );
+  }
+  while( p ){
+    Fts3Expr *pParent = p->pParent;
+    fts3FreeExprNode(p);
+    if( pParent && p==pParent->pLeft && pParent->pRight ){
+      p = pParent->pRight;
+      while( p && (p->pLeft || p->pRight) ){
+        assert( p==p->pParent->pRight || p==p->pParent->pLeft );
+        p = (p->pLeft ? p->pLeft : p->pRight);
+      }
+    }else{
+      p = pParent;
+    }
+  }
+}
+
+/****************************************************************************
+*****************************************************************************
+** Everything after this point is just test code.
+*/
+
+#ifdef SQLITE_TEST
+
+/* #include <stdio.h> */
+
+/*
+** Function to query the hash-table of tokenizers (see README.tokenizers).
+*/
+static int queryTestTokenizer(
+  sqlite3 *db, 
+  const char *zName,  
+  const sqlite3_tokenizer_module **pp
+){
+  int rc;
+  sqlite3_stmt *pStmt;
+  const char zSql[] = "SELECT fts3_tokenizer(?)";
+
+  *pp = 0;
+  rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  sqlite3_bind_text(pStmt, 1, zName, -1, SQLITE_STATIC);
+  if( SQLITE_ROW==sqlite3_step(pStmt) ){
+    if( sqlite3_column_type(pStmt, 0)==SQLITE_BLOB ){
+      memcpy((void *)pp, sqlite3_column_blob(pStmt, 0), sizeof(*pp));
+    }
+  }
+
+  return sqlite3_finalize(pStmt);
+}
+
+/*
+** Return a pointer to a buffer containing a text representation of the
+** expression passed as the first argument. The buffer is obtained from
+** sqlite3_malloc(). It is the responsibility of the caller to use 
+** sqlite3_free() to release the memory. If an OOM condition is encountered,
+** NULL is returned.
+**
+** If the second argument is not NULL, then its contents are prepended to 
+** the returned expression text and then freed using sqlite3_free().
+*/
+static char *exprToString(Fts3Expr *pExpr, char *zBuf){
+  if( pExpr==0 ){
+    return sqlite3_mprintf("");
+  }
+  switch( pExpr->eType ){
+    case FTSQUERY_PHRASE: {
+      Fts3Phrase *pPhrase = pExpr->pPhrase;
+      int i;
+      zBuf = sqlite3_mprintf(
+          "%zPHRASE %d 0", zBuf, pPhrase->iColumn);
+      for(i=0; zBuf && i<pPhrase->nToken; i++){
+        zBuf = sqlite3_mprintf("%z %.*s%s", zBuf, 
+            pPhrase->aToken[i].n, pPhrase->aToken[i].z,
+            (pPhrase->aToken[i].isPrefix?"+":"")
+        );
+      }
+      return zBuf;
+    }
+
+    case FTSQUERY_NEAR:
+      zBuf = sqlite3_mprintf("%zNEAR/%d ", zBuf, pExpr->nNear);
+      break;
+    case FTSQUERY_NOT:
+      zBuf = sqlite3_mprintf("%zNOT ", zBuf);
+      break;
+    case FTSQUERY_AND:
+      zBuf = sqlite3_mprintf("%zAND ", zBuf);
+      break;
+    case FTSQUERY_OR:
+      zBuf = sqlite3_mprintf("%zOR ", zBuf);
+      break;
+  }
+
+  if( zBuf ) zBuf = sqlite3_mprintf("%z{", zBuf);
+  if( zBuf ) zBuf = exprToString(pExpr->pLeft, zBuf);
+  if( zBuf ) zBuf = sqlite3_mprintf("%z} {", zBuf);
+
+  if( zBuf ) zBuf = exprToString(pExpr->pRight, zBuf);
+  if( zBuf ) zBuf = sqlite3_mprintf("%z}", zBuf);
+
+  return zBuf;
+}
+
+/*
+** This is the implementation of a scalar SQL function used to test the 
+** expression parser. It should be called as follows:
+**
+**   fts3_exprtest(<tokenizer>, <expr>, <column 1>, ...);
+**
+** The first argument, <tokenizer>, is the name of the fts3 tokenizer used
+** to parse the query expression (see README.tokenizers). The second argument
+** is the query expression to parse. Each subsequent argument is the name
+** of a column of the fts3 table that the query expression may refer to.
+** For example:
+**
+**   SELECT fts3_exprtest('simple', 'Bill col2:Bloggs', 'col1', 'col2');
+*/
+static void fts3ExprTest(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  sqlite3_tokenizer_module const *pModule = 0;
+  sqlite3_tokenizer *pTokenizer = 0;
+  int rc;
+  char **azCol = 0;
+  const char *zExpr;
+  int nExpr;
+  int nCol;
+  int ii;
+  Fts3Expr *pExpr;
+  char *zBuf = 0;
+  sqlite3 *db = sqlite3_context_db_handle(context);
+
+  if( argc<3 ){
+    sqlite3_result_error(context, 
+        "Usage: fts3_exprtest(tokenizer, expr, col1, ...", -1
+    );
+    return;
+  }
+
+  rc = queryTestTokenizer(db,
+                          (const char *)sqlite3_value_text(argv[0]), &pModule);
+  if( rc==SQLITE_NOMEM ){
+    sqlite3_result_error_nomem(context);
+    goto exprtest_out;
+  }else if( !pModule ){
+    sqlite3_result_error(context, "No such tokenizer module", -1);
+    goto exprtest_out;
+  }
+
+  rc = pModule->xCreate(0, 0, &pTokenizer);
+  assert( rc==SQLITE_NOMEM || rc==SQLITE_OK );
+  if( rc==SQLITE_NOMEM ){
+    sqlite3_result_error_nomem(context);
+    goto exprtest_out;
+  }
+  pTokenizer->pModule = pModule;
+
+  zExpr = (const char *)sqlite3_value_text(argv[1]);
+  nExpr = sqlite3_value_bytes(argv[1]);
+  nCol = argc-2;
+  azCol = (char **)sqlite3_malloc(nCol*sizeof(char *));
+  if( !azCol ){
+    sqlite3_result_error_nomem(context);
+    goto exprtest_out;
+  }
+  for(ii=0; ii<nCol; ii++){
+    azCol[ii] = (char *)sqlite3_value_text(argv[ii+2]);
+  }
+
+  if( sqlite3_user_data(context) ){
+    char *zDummy = 0;
+    rc = sqlite3Fts3ExprParse(
+        pTokenizer, 0, azCol, 0, nCol, nCol, zExpr, nExpr, &pExpr, &zDummy
+    );
+    assert( rc==SQLITE_OK || pExpr==0 );
+    sqlite3_free(zDummy);
+  }else{
+    rc = fts3ExprParseUnbalanced(
+        pTokenizer, 0, azCol, 0, nCol, nCol, zExpr, nExpr, &pExpr
+    );
+  }
+
+  if( rc!=SQLITE_OK && rc!=SQLITE_NOMEM ){
+    sqlite3Fts3ExprFree(pExpr);
+    sqlite3_result_error(context, "Error parsing expression", -1);
+  }else if( rc==SQLITE_NOMEM || !(zBuf = exprToString(pExpr, 0)) ){
+    sqlite3_result_error_nomem(context);
+  }else{
+    sqlite3_result_text(context, zBuf, -1, SQLITE_TRANSIENT);
+    sqlite3_free(zBuf);
+  }
+
+  sqlite3Fts3ExprFree(pExpr);
+
+exprtest_out:
+  if( pModule && pTokenizer ){
+    rc = pModule->xDestroy(pTokenizer);
+  }
+  sqlite3_free(azCol);
+}
+
+/*
+** Register the query expression parser test function fts3_exprtest() 
+** with database connection db. 
+*/
+SQLITE_PRIVATE int sqlite3Fts3ExprInitTestInterface(sqlite3* db){
+  int rc = sqlite3_create_function(
+      db, "fts3_exprtest", -1, SQLITE_UTF8, 0, fts3ExprTest, 0, 0
+  );
+  if( rc==SQLITE_OK ){
+    rc = sqlite3_create_function(db, "fts3_exprtest_rebalance", 
+        -1, SQLITE_UTF8, (void *)1, fts3ExprTest, 0, 0
+    );
+  }
+  return rc;
+}
+
+#endif
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_expr.c *******************************************/
+/************** Begin file fts3_hash.c ***************************************/
+/*
+** 2001 September 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This is the implementation of generic hash-tables used in SQLite.
+** We've modified it slightly to serve as a standalone hash table
+** implementation for the full-text indexing module.
+*/
+
+/*
+** The code in this file is only compiled if:
+**
+**     * The FTS3 module is being built as an extension
+**       (in which case SQLITE_CORE is not defined), or
+**
+**     * The FTS3 module is being built into the core of
+**       SQLite (in which case SQLITE_ENABLE_FTS3 is defined).
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <assert.h> */
+/* #include <stdlib.h> */
+/* #include <string.h> */
+
+/* #include "fts3_hash.h" */
+
+/*
+** Malloc and Free functions
+*/
+static void *fts3HashMalloc(int n){
+  void *p = sqlite3_malloc(n);
+  if( p ){
+    memset(p, 0, n);
+  }
+  return p;
+}
+static void fts3HashFree(void *p){
+  sqlite3_free(p);
+}
+
+/* Turn bulk memory into a hash table object by initializing the
+** fields of the Hash structure.
+**
+** "pNew" is a pointer to the hash table that is to be initialized.
+** keyClass is one of the constants 
+** FTS3_HASH_BINARY or FTS3_HASH_STRING.  The value of keyClass 
+** determines what kind of key the hash table will use.  "copyKey" is
+** true if the hash table should make its own private copy of keys and
+** false if it should just use the supplied pointer.
+*/
+SQLITE_PRIVATE void sqlite3Fts3HashInit(Fts3Hash *pNew, char keyClass, char copyKey){
+  assert( pNew!=0 );
+  assert( keyClass>=FTS3_HASH_STRING && keyClass<=FTS3_HASH_BINARY );
+  pNew->keyClass = keyClass;
+  pNew->copyKey = copyKey;
+  pNew->first = 0;
+  pNew->count = 0;
+  pNew->htsize = 0;
+  pNew->ht = 0;
+}
+
+/* Remove all entries from a hash table.  Reclaim all memory.
+** Call this routine to delete a hash table or to reset a hash table
+** to the empty state.
+*/
+SQLITE_PRIVATE void sqlite3Fts3HashClear(Fts3Hash *pH){
+  Fts3HashElem *elem;         /* For looping over all elements of the table */
+
+  assert( pH!=0 );
+  elem = pH->first;
+  pH->first = 0;
+  fts3HashFree(pH->ht);
+  pH->ht = 0;
+  pH->htsize = 0;
+  while( elem ){
+    Fts3HashElem *next_elem = elem->next;
+    if( pH->copyKey && elem->pKey ){
+      fts3HashFree(elem->pKey);
+    }
+    fts3HashFree(elem);
+    elem = next_elem;
+  }
+  pH->count = 0;
+}
+
+/*
+** Hash and comparison functions when the mode is FTS3_HASH_STRING
+*/
+static int fts3StrHash(const void *pKey, int nKey){
+  const char *z = (const char *)pKey;
+  unsigned h = 0;
+  if( nKey<=0 ) nKey = (int) strlen(z);
+  while( nKey > 0  ){
+    h = (h<<3) ^ h ^ *z++;
+    nKey--;
+  }
+  return (int)(h & 0x7fffffff);
+}
+static int fts3StrCompare(const void *pKey1, int n1, const void *pKey2, int n2){
+  if( n1!=n2 ) return 1;
+  return strncmp((const char*)pKey1,(const char*)pKey2,n1);
+}
+
+/*
+** Hash and comparison functions when the mode is FTS3_HASH_BINARY
+*/
+static int fts3BinHash(const void *pKey, int nKey){
+  int h = 0;
+  const char *z = (const char *)pKey;
+  while( nKey-- > 0 ){
+    h = (h<<3) ^ h ^ *(z++);
+  }
+  return h & 0x7fffffff;
+}
+static int fts3BinCompare(const void *pKey1, int n1, const void *pKey2, int n2){
+  if( n1!=n2 ) return 1;
+  return memcmp(pKey1,pKey2,n1);
+}
+
+/*
+** Return a pointer to the appropriate hash function given the key class.
+**
+** The C syntax in this function definition may be unfamilar to some 
+** programmers, so we provide the following additional explanation:
+**
+** The name of the function is "ftsHashFunction".  The function takes a
+** single parameter "keyClass".  The return value of ftsHashFunction()
+** is a pointer to another function.  Specifically, the return value
+** of ftsHashFunction() is a pointer to a function that takes two parameters
+** with types "const void*" and "int" and returns an "int".
+*/
+static int (*ftsHashFunction(int keyClass))(const void*,int){
+  if( keyClass==FTS3_HASH_STRING ){
+    return &fts3StrHash;
+  }else{
+    assert( keyClass==FTS3_HASH_BINARY );
+    return &fts3BinHash;
+  }
+}
+
+/*
+** Return a pointer to the appropriate hash function given the key class.
+**
+** For help in interpreted the obscure C code in the function definition,
+** see the header comment on the previous function.
+*/
+static int (*ftsCompareFunction(int keyClass))(const void*,int,const void*,int){
+  if( keyClass==FTS3_HASH_STRING ){
+    return &fts3StrCompare;
+  }else{
+    assert( keyClass==FTS3_HASH_BINARY );
+    return &fts3BinCompare;
+  }
+}
+
+/* Link an element into the hash table
+*/
+static void fts3HashInsertElement(
+  Fts3Hash *pH,            /* The complete hash table */
+  struct _fts3ht *pEntry,  /* The entry into which pNew is inserted */
+  Fts3HashElem *pNew       /* The element to be inserted */
+){
+  Fts3HashElem *pHead;     /* First element already in pEntry */
+  pHead = pEntry->chain;
+  if( pHead ){
+    pNew->next = pHead;
+    pNew->prev = pHead->prev;
+    if( pHead->prev ){ pHead->prev->next = pNew; }
+    else             { pH->first = pNew; }
+    pHead->prev = pNew;
+  }else{
+    pNew->next = pH->first;
+    if( pH->first ){ pH->first->prev = pNew; }
+    pNew->prev = 0;
+    pH->first = pNew;
+  }
+  pEntry->count++;
+  pEntry->chain = pNew;
+}
+
+
+/* Resize the hash table so that it cantains "new_size" buckets.
+** "new_size" must be a power of 2.  The hash table might fail 
+** to resize if sqliteMalloc() fails.
+**
+** Return non-zero if a memory allocation error occurs.
+*/
+static int fts3Rehash(Fts3Hash *pH, int new_size){
+  struct _fts3ht *new_ht;          /* The new hash table */
+  Fts3HashElem *elem, *next_elem;  /* For looping over existing elements */
+  int (*xHash)(const void*,int);   /* The hash function */
+
+  assert( (new_size & (new_size-1))==0 );
+  new_ht = (struct _fts3ht *)fts3HashMalloc( new_size*sizeof(struct _fts3ht) );
+  if( new_ht==0 ) return 1;
+  fts3HashFree(pH->ht);
+  pH->ht = new_ht;
+  pH->htsize = new_size;
+  xHash = ftsHashFunction(pH->keyClass);
+  for(elem=pH->first, pH->first=0; elem; elem = next_elem){
+    int h = (*xHash)(elem->pKey, elem->nKey) & (new_size-1);
+    next_elem = elem->next;
+    fts3HashInsertElement(pH, &new_ht[h], elem);
+  }
+  return 0;
+}
+
+/* This function (for internal use only) locates an element in an
+** hash table that matches the given key.  The hash for this key has
+** already been computed and is passed as the 4th parameter.
+*/
+static Fts3HashElem *fts3FindElementByHash(
+  const Fts3Hash *pH, /* The pH to be searched */
+  const void *pKey,   /* The key we are searching for */
+  int nKey,
+  int h               /* The hash for this key. */
+){
+  Fts3HashElem *elem;            /* Used to loop thru the element list */
+  int count;                     /* Number of elements left to test */
+  int (*xCompare)(const void*,int,const void*,int);  /* comparison function */
+
+  if( pH->ht ){
+    struct _fts3ht *pEntry = &pH->ht[h];
+    elem = pEntry->chain;
+    count = pEntry->count;
+    xCompare = ftsCompareFunction(pH->keyClass);
+    while( count-- && elem ){
+      if( (*xCompare)(elem->pKey,elem->nKey,pKey,nKey)==0 ){ 
+        return elem;
+      }
+      elem = elem->next;
+    }
+  }
+  return 0;
+}
+
+/* Remove a single entry from the hash table given a pointer to that
+** element and a hash on the element's key.
+*/
+static void fts3RemoveElementByHash(
+  Fts3Hash *pH,         /* The pH containing "elem" */
+  Fts3HashElem* elem,   /* The element to be removed from the pH */
+  int h                 /* Hash value for the element */
+){
+  struct _fts3ht *pEntry;
+  if( elem->prev ){
+    elem->prev->next = elem->next; 
+  }else{
+    pH->first = elem->next;
+  }
+  if( elem->next ){
+    elem->next->prev = elem->prev;
+  }
+  pEntry = &pH->ht[h];
+  if( pEntry->chain==elem ){
+    pEntry->chain = elem->next;
+  }
+  pEntry->count--;
+  if( pEntry->count<=0 ){
+    pEntry->chain = 0;
+  }
+  if( pH->copyKey && elem->pKey ){
+    fts3HashFree(elem->pKey);
+  }
+  fts3HashFree( elem );
+  pH->count--;
+  if( pH->count<=0 ){
+    assert( pH->first==0 );
+    assert( pH->count==0 );
+    fts3HashClear(pH);
+  }
+}
+
+SQLITE_PRIVATE Fts3HashElem *sqlite3Fts3HashFindElem(
+  const Fts3Hash *pH, 
+  const void *pKey, 
+  int nKey
+){
+  int h;                          /* A hash on key */
+  int (*xHash)(const void*,int);  /* The hash function */
+
+  if( pH==0 || pH->ht==0 ) return 0;
+  xHash = ftsHashFunction(pH->keyClass);
+  assert( xHash!=0 );
+  h = (*xHash)(pKey,nKey);
+  assert( (pH->htsize & (pH->htsize-1))==0 );
+  return fts3FindElementByHash(pH,pKey,nKey, h & (pH->htsize-1));
+}
+
+/* 
+** Attempt to locate an element of the hash table pH with a key
+** that matches pKey,nKey.  Return the data for this element if it is
+** found, or NULL if there is no match.
+*/
+SQLITE_PRIVATE void *sqlite3Fts3HashFind(const Fts3Hash *pH, const void *pKey, int nKey){
+  Fts3HashElem *pElem;            /* The element that matches key (if any) */
+
+  pElem = sqlite3Fts3HashFindElem(pH, pKey, nKey);
+  return pElem ? pElem->data : 0;
+}
+
+/* Insert an element into the hash table pH.  The key is pKey,nKey
+** and the data is "data".
+**
+** If no element exists with a matching key, then a new
+** element is created.  A copy of the key is made if the copyKey
+** flag is set.  NULL is returned.
+**
+** If another element already exists with the same key, then the
+** new data replaces the old data and the old data is returned.
+** The key is not copied in this instance.  If a malloc fails, then
+** the new data is returned and the hash table is unchanged.
+**
+** If the "data" parameter to this function is NULL, then the
+** element corresponding to "key" is removed from the hash table.
+*/
+SQLITE_PRIVATE void *sqlite3Fts3HashInsert(
+  Fts3Hash *pH,        /* The hash table to insert into */
+  const void *pKey,    /* The key */
+  int nKey,            /* Number of bytes in the key */
+  void *data           /* The data */
+){
+  int hraw;                 /* Raw hash value of the key */
+  int h;                    /* the hash of the key modulo hash table size */
+  Fts3HashElem *elem;       /* Used to loop thru the element list */
+  Fts3HashElem *new_elem;   /* New element added to the pH */
+  int (*xHash)(const void*,int);  /* The hash function */
+
+  assert( pH!=0 );
+  xHash = ftsHashFunction(pH->keyClass);
+  assert( xHash!=0 );
+  hraw = (*xHash)(pKey, nKey);
+  assert( (pH->htsize & (pH->htsize-1))==0 );
+  h = hraw & (pH->htsize-1);
+  elem = fts3FindElementByHash(pH,pKey,nKey,h);
+  if( elem ){
+    void *old_data = elem->data;
+    if( data==0 ){
+      fts3RemoveElementByHash(pH,elem,h);
+    }else{
+      elem->data = data;
+    }
+    return old_data;
+  }
+  if( data==0 ) return 0;
+  if( (pH->htsize==0 && fts3Rehash(pH,8))
+   || (pH->count>=pH->htsize && fts3Rehash(pH, pH->htsize*2))
+  ){
+    pH->count = 0;
+    return data;
+  }
+  assert( pH->htsize>0 );
+  new_elem = (Fts3HashElem*)fts3HashMalloc( sizeof(Fts3HashElem) );
+  if( new_elem==0 ) return data;
+  if( pH->copyKey && pKey!=0 ){
+    new_elem->pKey = fts3HashMalloc( nKey );
+    if( new_elem->pKey==0 ){
+      fts3HashFree(new_elem);
+      return data;
+    }
+    memcpy((void*)new_elem->pKey, pKey, nKey);
+  }else{
+    new_elem->pKey = (void*)pKey;
+  }
+  new_elem->nKey = nKey;
+  pH->count++;
+  assert( pH->htsize>0 );
+  assert( (pH->htsize & (pH->htsize-1))==0 );
+  h = hraw & (pH->htsize-1);
+  fts3HashInsertElement(pH, &pH->ht[h], new_elem);
+  new_elem->data = data;
+  return 0;
+}
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_hash.c *******************************************/
+/************** Begin file fts3_porter.c *************************************/
+/*
+** 2006 September 30
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Implementation of the full-text-search tokenizer that implements
+** a Porter stemmer.
+*/
+
+/*
+** The code in this file is only compiled if:
+**
+**     * The FTS3 module is being built as an extension
+**       (in which case SQLITE_CORE is not defined), or
+**
+**     * The FTS3 module is being built into the core of
+**       SQLite (in which case SQLITE_ENABLE_FTS3 is defined).
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <assert.h> */
+/* #include <stdlib.h> */
+/* #include <stdio.h> */
+/* #include <string.h> */
+
+/* #include "fts3_tokenizer.h" */
+
+/*
+** Class derived from sqlite3_tokenizer
+*/
+typedef struct porter_tokenizer {
+  sqlite3_tokenizer base;      /* Base class */
+} porter_tokenizer;
+
+/*
+** Class derived from sqlite3_tokenizer_cursor
+*/
+typedef struct porter_tokenizer_cursor {
+  sqlite3_tokenizer_cursor base;
+  const char *zInput;          /* input we are tokenizing */
+  int nInput;                  /* size of the input */
+  int iOffset;                 /* current position in zInput */
+  int iToken;                  /* index of next token to be returned */
+  char *zToken;                /* storage for current token */
+  int nAllocated;              /* space allocated to zToken buffer */
+} porter_tokenizer_cursor;
+
+
+/*
+** Create a new tokenizer instance.
+*/
+static int porterCreate(
+  int argc, const char * const *argv,
+  sqlite3_tokenizer **ppTokenizer
+){
+  porter_tokenizer *t;
+
+  UNUSED_PARAMETER(argc);
+  UNUSED_PARAMETER(argv);
+
+  t = (porter_tokenizer *) sqlite3_malloc(sizeof(*t));
+  if( t==NULL ) return SQLITE_NOMEM;
+  memset(t, 0, sizeof(*t));
+  *ppTokenizer = &t->base;
+  return SQLITE_OK;
+}
+
+/*
+** Destroy a tokenizer
+*/
+static int porterDestroy(sqlite3_tokenizer *pTokenizer){
+  sqlite3_free(pTokenizer);
+  return SQLITE_OK;
+}
+
+/*
+** Prepare to begin tokenizing a particular string.  The input
+** string to be tokenized is zInput[0..nInput-1].  A cursor
+** used to incrementally tokenize this string is returned in 
+** *ppCursor.
+*/
+static int porterOpen(
+  sqlite3_tokenizer *pTokenizer,         /* The tokenizer */
+  const char *zInput, int nInput,        /* String to be tokenized */
+  sqlite3_tokenizer_cursor **ppCursor    /* OUT: Tokenization cursor */
+){
+  porter_tokenizer_cursor *c;
+
+  UNUSED_PARAMETER(pTokenizer);
+
+  c = (porter_tokenizer_cursor *) sqlite3_malloc(sizeof(*c));
+  if( c==NULL ) return SQLITE_NOMEM;
+
+  c->zInput = zInput;
+  if( zInput==0 ){
+    c->nInput = 0;
+  }else if( nInput<0 ){
+    c->nInput = (int)strlen(zInput);
+  }else{
+    c->nInput = nInput;
+  }
+  c->iOffset = 0;                 /* start tokenizing at the beginning */
+  c->iToken = 0;
+  c->zToken = NULL;               /* no space allocated, yet. */
+  c->nAllocated = 0;
+
+  *ppCursor = &c->base;
+  return SQLITE_OK;
+}
+
+/*
+** Close a tokenization cursor previously opened by a call to
+** porterOpen() above.
+*/
+static int porterClose(sqlite3_tokenizer_cursor *pCursor){
+  porter_tokenizer_cursor *c = (porter_tokenizer_cursor *) pCursor;
+  sqlite3_free(c->zToken);
+  sqlite3_free(c);
+  return SQLITE_OK;
+}
+/*
+** Vowel or consonant
+*/
+static const char cType[] = {
+   0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0,
+   1, 1, 1, 2, 1
+};
+
+/*
+** isConsonant() and isVowel() determine if their first character in
+** the string they point to is a consonant or a vowel, according
+** to Porter ruls.  
+**
+** A consonate is any letter other than 'a', 'e', 'i', 'o', or 'u'.
+** 'Y' is a consonant unless it follows another consonant,
+** in which case it is a vowel.
+**
+** In these routine, the letters are in reverse order.  So the 'y' rule
+** is that 'y' is a consonant unless it is followed by another
+** consonent.
+*/
+static int isVowel(const char*);
+static int isConsonant(const char *z){
+  int j;
+  char x = *z;
+  if( x==0 ) return 0;
+  assert( x>='a' && x<='z' );
+  j = cType[x-'a'];
+  if( j<2 ) return j;
+  return z[1]==0 || isVowel(z + 1);
+}
+static int isVowel(const char *z){
+  int j;
+  char x = *z;
+  if( x==0 ) return 0;
+  assert( x>='a' && x<='z' );
+  j = cType[x-'a'];
+  if( j<2 ) return 1-j;
+  return isConsonant(z + 1);
+}
+
+/*
+** Let any sequence of one or more vowels be represented by V and let
+** C be sequence of one or more consonants.  Then every word can be
+** represented as:
+**
+**           [C] (VC){m} [V]
+**
+** In prose:  A word is an optional consonant followed by zero or
+** vowel-consonant pairs followed by an optional vowel.  "m" is the
+** number of vowel consonant pairs.  This routine computes the value
+** of m for the first i bytes of a word.
+**
+** Return true if the m-value for z is 1 or more.  In other words,
+** return true if z contains at least one vowel that is followed
+** by a consonant.
+**
+** In this routine z[] is in reverse order.  So we are really looking
+** for an instance of a consonant followed by a vowel.
+*/
+static int m_gt_0(const char *z){
+  while( isVowel(z) ){ z++; }
+  if( *z==0 ) return 0;
+  while( isConsonant(z) ){ z++; }
+  return *z!=0;
+}
+
+/* Like mgt0 above except we are looking for a value of m which is
+** exactly 1
+*/
+static int m_eq_1(const char *z){
+  while( isVowel(z) ){ z++; }
+  if( *z==0 ) return 0;
+  while( isConsonant(z) ){ z++; }
+  if( *z==0 ) return 0;
+  while( isVowel(z) ){ z++; }
+  if( *z==0 ) return 1;
+  while( isConsonant(z) ){ z++; }
+  return *z==0;
+}
+
+/* Like mgt0 above except we are looking for a value of m>1 instead
+** or m>0
+*/
+static int m_gt_1(const char *z){
+  while( isVowel(z) ){ z++; }
+  if( *z==0 ) return 0;
+  while( isConsonant(z) ){ z++; }
+  if( *z==0 ) return 0;
+  while( isVowel(z) ){ z++; }
+  if( *z==0 ) return 0;
+  while( isConsonant(z) ){ z++; }
+  return *z!=0;
+}
+
+/*
+** Return TRUE if there is a vowel anywhere within z[0..n-1]
+*/
+static int hasVowel(const char *z){
+  while( isConsonant(z) ){ z++; }
+  return *z!=0;
+}
+
+/*
+** Return TRUE if the word ends in a double consonant.
+**
+** The text is reversed here. So we are really looking at
+** the first two characters of z[].
+*/
+static int doubleConsonant(const char *z){
+  return isConsonant(z) && z[0]==z[1];
+}
+
+/*
+** Return TRUE if the word ends with three letters which
+** are consonant-vowel-consonent and where the final consonant
+** is not 'w', 'x', or 'y'.
+**
+** The word is reversed here.  So we are really checking the
+** first three letters and the first one cannot be in [wxy].
+*/
+static int star_oh(const char *z){
+  return
+    isConsonant(z) &&
+    z[0]!='w' && z[0]!='x' && z[0]!='y' &&
+    isVowel(z+1) &&
+    isConsonant(z+2);
+}
+
+/*
+** If the word ends with zFrom and xCond() is true for the stem
+** of the word that preceeds the zFrom ending, then change the 
+** ending to zTo.
+**
+** The input word *pz and zFrom are both in reverse order.  zTo
+** is in normal order. 
+**
+** Return TRUE if zFrom matches.  Return FALSE if zFrom does not
+** match.  Not that TRUE is returned even if xCond() fails and
+** no substitution occurs.
+*/
+static int stem(
+  char **pz,             /* The word being stemmed (Reversed) */
+  const char *zFrom,     /* If the ending matches this... (Reversed) */
+  const char *zTo,       /* ... change the ending to this (not reversed) */
+  int (*xCond)(const char*)   /* Condition that must be true */
+){
+  char *z = *pz;
+  while( *zFrom && *zFrom==*z ){ z++; zFrom++; }
+  if( *zFrom!=0 ) return 0;
+  if( xCond && !xCond(z) ) return 1;
+  while( *zTo ){
+    *(--z) = *(zTo++);
+  }
+  *pz = z;
+  return 1;
+}
+
+/*
+** This is the fallback stemmer used when the porter stemmer is
+** inappropriate.  The input word is copied into the output with
+** US-ASCII case folding.  If the input word is too long (more
+** than 20 bytes if it contains no digits or more than 6 bytes if
+** it contains digits) then word is truncated to 20 or 6 bytes
+** by taking 10 or 3 bytes from the beginning and end.
+*/
+static void copy_stemmer(const char *zIn, int nIn, char *zOut, int *pnOut){
+  int i, mx, j;
+  int hasDigit = 0;
+  for(i=0; i<nIn; i++){
+    char c = zIn[i];
+    if( c>='A' && c<='Z' ){
+      zOut[i] = c - 'A' + 'a';
+    }else{
+      if( c>='0' && c<='9' ) hasDigit = 1;
+      zOut[i] = c;
+    }
+  }
+  mx = hasDigit ? 3 : 10;
+  if( nIn>mx*2 ){
+    for(j=mx, i=nIn-mx; i<nIn; i++, j++){
+      zOut[j] = zOut[i];
+    }
+    i = j;
+  }
+  zOut[i] = 0;
+  *pnOut = i;
+}
+
+
+/*
+** Stem the input word zIn[0..nIn-1].  Store the output in zOut.
+** zOut is at least big enough to hold nIn bytes.  Write the actual
+** size of the output word (exclusive of the '\0' terminator) into *pnOut.
+**
+** Any upper-case characters in the US-ASCII character set ([A-Z])
+** are converted to lower case.  Upper-case UTF characters are
+** unchanged.
+**
+** Words that are longer than about 20 bytes are stemmed by retaining
+** a few bytes from the beginning and the end of the word.  If the
+** word contains digits, 3 bytes are taken from the beginning and
+** 3 bytes from the end.  For long words without digits, 10 bytes
+** are taken from each end.  US-ASCII case folding still applies.
+** 
+** If the input word contains not digits but does characters not 
+** in [a-zA-Z] then no stemming is attempted and this routine just 
+** copies the input into the input into the output with US-ASCII
+** case folding.
+**
+** Stemming never increases the length of the word.  So there is
+** no chance of overflowing the zOut buffer.
+*/
+static void porter_stemmer(const char *zIn, int nIn, char *zOut, int *pnOut){
+  int i, j;
+  char zReverse[28];
+  char *z, *z2;
+  if( nIn<3 || nIn>=(int)sizeof(zReverse)-7 ){
+    /* The word is too big or too small for the porter stemmer.
+    ** Fallback to the copy stemmer */
+    copy_stemmer(zIn, nIn, zOut, pnOut);
+    return;
+  }
+  for(i=0, j=sizeof(zReverse)-6; i<nIn; i++, j--){
+    char c = zIn[i];
+    if( c>='A' && c<='Z' ){
+      zReverse[j] = c + 'a' - 'A';
+    }else if( c>='a' && c<='z' ){
+      zReverse[j] = c;
+    }else{
+      /* The use of a character not in [a-zA-Z] means that we fallback
+      ** to the copy stemmer */
+      copy_stemmer(zIn, nIn, zOut, pnOut);
+      return;
+    }
+  }
+  memset(&zReverse[sizeof(zReverse)-5], 0, 5);
+  z = &zReverse[j+1];
+
+
+  /* Step 1a */
+  if( z[0]=='s' ){
+    if(
+     !stem(&z, "sess", "ss", 0) &&
+     !stem(&z, "sei", "i", 0)  &&
+     !stem(&z, "ss", "ss", 0)
+    ){
+      z++;
+    }
+  }
+
+  /* Step 1b */  
+  z2 = z;
+  if( stem(&z, "dee", "ee", m_gt_0) ){
+    /* Do nothing.  The work was all in the test */
+  }else if( 
+     (stem(&z, "gni", "", hasVowel) || stem(&z, "de", "", hasVowel))
+      && z!=z2
+  ){
+     if( stem(&z, "ta", "ate", 0) ||
+         stem(&z, "lb", "ble", 0) ||
+         stem(&z, "zi", "ize", 0) ){
+       /* Do nothing.  The work was all in the test */
+     }else if( doubleConsonant(z) && (*z!='l' && *z!='s' && *z!='z') ){
+       z++;
+     }else if( m_eq_1(z) && star_oh(z) ){
+       *(--z) = 'e';
+     }
+  }
+
+  /* Step 1c */
+  if( z[0]=='y' && hasVowel(z+1) ){
+    z[0] = 'i';
+  }
+
+  /* Step 2 */
+  switch( z[1] ){
+   case 'a':
+     if( !stem(&z, "lanoita", "ate", m_gt_0) ){
+       stem(&z, "lanoit", "tion", m_gt_0);
+     }
+     break;
+   case 'c':
+     if( !stem(&z, "icne", "ence", m_gt_0) ){
+       stem(&z, "icna", "ance", m_gt_0);
+     }
+     break;
+   case 'e':
+     stem(&z, "rezi", "ize", m_gt_0);
+     break;
+   case 'g':
+     stem(&z, "igol", "log", m_gt_0);
+     break;
+   case 'l':
+     if( !stem(&z, "ilb", "ble", m_gt_0) 
+      && !stem(&z, "illa", "al", m_gt_0)
+      && !stem(&z, "iltne", "ent", m_gt_0)
+      && !stem(&z, "ile", "e", m_gt_0)
+     ){
+       stem(&z, "ilsuo", "ous", m_gt_0);
+     }
+     break;
+   case 'o':
+     if( !stem(&z, "noitazi", "ize", m_gt_0)
+      && !stem(&z, "noita", "ate", m_gt_0)
+     ){
+       stem(&z, "rota", "ate", m_gt_0);
+     }
+     break;
+   case 's':
+     if( !stem(&z, "msila", "al", m_gt_0)
+      && !stem(&z, "ssenevi", "ive", m_gt_0)
+      && !stem(&z, "ssenluf", "ful", m_gt_0)
+     ){
+       stem(&z, "ssensuo", "ous", m_gt_0);
+     }
+     break;
+   case 't':
+     if( !stem(&z, "itila", "al", m_gt_0)
+      && !stem(&z, "itivi", "ive", m_gt_0)
+     ){
+       stem(&z, "itilib", "ble", m_gt_0);
+     }
+     break;
+  }
+
+  /* Step 3 */
+  switch( z[0] ){
+   case 'e':
+     if( !stem(&z, "etaci", "ic", m_gt_0)
+      && !stem(&z, "evita", "", m_gt_0)
+     ){
+       stem(&z, "ezila", "al", m_gt_0);
+     }
+     break;
+   case 'i':
+     stem(&z, "itici", "ic", m_gt_0);
+     break;
+   case 'l':
+     if( !stem(&z, "laci", "ic", m_gt_0) ){
+       stem(&z, "luf", "", m_gt_0);
+     }
+     break;
+   case 's':
+     stem(&z, "ssen", "", m_gt_0);
+     break;
+  }
+
+  /* Step 4 */
+  switch( z[1] ){
+   case 'a':
+     if( z[0]=='l' && m_gt_1(z+2) ){
+       z += 2;
+     }
+     break;
+   case 'c':
+     if( z[0]=='e' && z[2]=='n' && (z[3]=='a' || z[3]=='e')  && m_gt_1(z+4)  ){
+       z += 4;
+     }
+     break;
+   case 'e':
+     if( z[0]=='r' && m_gt_1(z+2) ){
+       z += 2;
+     }
+     break;
+   case 'i':
+     if( z[0]=='c' && m_gt_1(z+2) ){
+       z += 2;
+     }
+     break;
+   case 'l':
+     if( z[0]=='e' && z[2]=='b' && (z[3]=='a' || z[3]=='i') && m_gt_1(z+4) ){
+       z += 4;
+     }
+     break;
+   case 'n':
+     if( z[0]=='t' ){
+       if( z[2]=='a' ){
+         if( m_gt_1(z+3) ){
+           z += 3;
+         }
+       }else if( z[2]=='e' ){
+         if( !stem(&z, "tneme", "", m_gt_1)
+          && !stem(&z, "tnem", "", m_gt_1)
+         ){
+           stem(&z, "tne", "", m_gt_1);
+         }
+       }
+     }
+     break;
+   case 'o':
+     if( z[0]=='u' ){
+       if( m_gt_1(z+2) ){
+         z += 2;
+       }
+     }else if( z[3]=='s' || z[3]=='t' ){
+       stem(&z, "noi", "", m_gt_1);
+     }
+     break;
+   case 's':
+     if( z[0]=='m' && z[2]=='i' && m_gt_1(z+3) ){
+       z += 3;
+     }
+     break;
+   case 't':
+     if( !stem(&z, "eta", "", m_gt_1) ){
+       stem(&z, "iti", "", m_gt_1);
+     }
+     break;
+   case 'u':
+     if( z[0]=='s' && z[2]=='o' && m_gt_1(z+3) ){
+       z += 3;
+     }
+     break;
+   case 'v':
+   case 'z':
+     if( z[0]=='e' && z[2]=='i' && m_gt_1(z+3) ){
+       z += 3;
+     }
+     break;
+  }
+
+  /* Step 5a */
+  if( z[0]=='e' ){
+    if( m_gt_1(z+1) ){
+      z++;
+    }else if( m_eq_1(z+1) && !star_oh(z+1) ){
+      z++;
+    }
+  }
+
+  /* Step 5b */
+  if( m_gt_1(z) && z[0]=='l' && z[1]=='l' ){
+    z++;
+  }
+
+  /* z[] is now the stemmed word in reverse order.  Flip it back
+  ** around into forward order and return.
+  */
+  *pnOut = i = (int)strlen(z);
+  zOut[i] = 0;
+  while( *z ){
+    zOut[--i] = *(z++);
+  }
+}
+
+/*
+** Characters that can be part of a token.  We assume any character
+** whose value is greater than 0x80 (any UTF character) can be
+** part of a token.  In other words, delimiters all must have
+** values of 0x7f or lower.
+*/
+static const char porterIdChar[] = {
+/* x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 xA xB xC xD xE xF */
+    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,  /* 3x */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,  /* 4x */
+    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,  /* 5x */
+    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,  /* 6x */
+    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,  /* 7x */
+};
+#define isDelim(C) (((ch=C)&0x80)==0 && (ch<0x30 || !porterIdChar[ch-0x30]))
+
+/*
+** Extract the next token from a tokenization cursor.  The cursor must
+** have been opened by a prior call to porterOpen().
+*/
+static int porterNext(
+  sqlite3_tokenizer_cursor *pCursor,  /* Cursor returned by porterOpen */
+  const char **pzToken,               /* OUT: *pzToken is the token text */
+  int *pnBytes,                       /* OUT: Number of bytes in token */
+  int *piStartOffset,                 /* OUT: Starting offset of token */
+  int *piEndOffset,                   /* OUT: Ending offset of token */
+  int *piPosition                     /* OUT: Position integer of token */
+){
+  porter_tokenizer_cursor *c = (porter_tokenizer_cursor *) pCursor;
+  const char *z = c->zInput;
+
+  while( c->iOffset<c->nInput ){
+    int iStartOffset, ch;
+
+    /* Scan past delimiter characters */
+    while( c->iOffset<c->nInput && isDelim(z[c->iOffset]) ){
+      c->iOffset++;
+    }
+
+    /* Count non-delimiter characters. */
+    iStartOffset = c->iOffset;
+    while( c->iOffset<c->nInput && !isDelim(z[c->iOffset]) ){
+      c->iOffset++;
+    }
+
+    if( c->iOffset>iStartOffset ){
+      int n = c->iOffset-iStartOffset;
+      if( n>c->nAllocated ){
+        char *pNew;
+        c->nAllocated = n+20;
+        pNew = sqlite3_realloc(c->zToken, c->nAllocated);
+        if( !pNew ) return SQLITE_NOMEM;
+        c->zToken = pNew;
+      }
+      porter_stemmer(&z[iStartOffset], n, c->zToken, pnBytes);
+      *pzToken = c->zToken;
+      *piStartOffset = iStartOffset;
+      *piEndOffset = c->iOffset;
+      *piPosition = c->iToken++;
+      return SQLITE_OK;
+    }
+  }
+  return SQLITE_DONE;
+}
+
+/*
+** The set of routines that implement the porter-stemmer tokenizer
+*/
+static const sqlite3_tokenizer_module porterTokenizerModule = {
+  0,
+  porterCreate,
+  porterDestroy,
+  porterOpen,
+  porterClose,
+  porterNext,
+  0
+};
+
+/*
+** Allocate a new porter tokenizer.  Return a pointer to the new
+** tokenizer in *ppModule
+*/
+SQLITE_PRIVATE void sqlite3Fts3PorterTokenizerModule(
+  sqlite3_tokenizer_module const**ppModule
+){
+  *ppModule = &porterTokenizerModule;
+}
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_porter.c *****************************************/
+/************** Begin file fts3_tokenizer.c **********************************/
+/*
+** 2007 June 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This is part of an SQLite module implementing full-text search.
+** This particular file implements the generic tokenizer interface.
+*/
+
+/*
+** The code in this file is only compiled if:
+**
+**     * The FTS3 module is being built as an extension
+**       (in which case SQLITE_CORE is not defined), or
+**
+**     * The FTS3 module is being built into the core of
+**       SQLite (in which case SQLITE_ENABLE_FTS3 is defined).
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <assert.h> */
+/* #include <string.h> */
+
+/*
+** Implementation of the SQL scalar function for accessing the underlying 
+** hash table. This function may be called as follows:
+**
+**   SELECT <function-name>(<key-name>);
+**   SELECT <function-name>(<key-name>, <pointer>);
+**
+** where <function-name> is the name passed as the second argument
+** to the sqlite3Fts3InitHashTable() function (e.g. 'fts3_tokenizer').
+**
+** If the <pointer> argument is specified, it must be a blob value
+** containing a pointer to be stored as the hash data corresponding
+** to the string <key-name>. If <pointer> is not specified, then
+** the string <key-name> must already exist in the has table. Otherwise,
+** an error is returned.
+**
+** Whether or not the <pointer> argument is specified, the value returned
+** is a blob containing the pointer stored as the hash data corresponding
+** to string <key-name> (after the hash-table is updated, if applicable).
+*/
+static void scalarFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  Fts3Hash *pHash;
+  void *pPtr = 0;
+  const unsigned char *zName;
+  int nName;
+
+  assert( argc==1 || argc==2 );
+
+  pHash = (Fts3Hash *)sqlite3_user_data(context);
+
+  zName = sqlite3_value_text(argv[0]);
+  nName = sqlite3_value_bytes(argv[0])+1;
+
+  if( argc==2 ){
+    void *pOld;
+    int n = sqlite3_value_bytes(argv[1]);
+    if( zName==0 || n!=sizeof(pPtr) ){
+      sqlite3_result_error(context, "argument type mismatch", -1);
+      return;
+    }
+    pPtr = *(void **)sqlite3_value_blob(argv[1]);
+    pOld = sqlite3Fts3HashInsert(pHash, (void *)zName, nName, pPtr);
+    if( pOld==pPtr ){
+      sqlite3_result_error(context, "out of memory", -1);
+      return;
+    }
+  }else{
+    if( zName ){
+      pPtr = sqlite3Fts3HashFind(pHash, zName, nName);
+    }
+    if( !pPtr ){
+      char *zErr = sqlite3_mprintf("unknown tokenizer: %s", zName);
+      sqlite3_result_error(context, zErr, -1);
+      sqlite3_free(zErr);
+      return;
+    }
+  }
+
+  sqlite3_result_blob(context, (void *)&pPtr, sizeof(pPtr), SQLITE_TRANSIENT);
+}
+
+SQLITE_PRIVATE int sqlite3Fts3IsIdChar(char c){
+  static const char isFtsIdChar[] = {
+      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  /* 0x */
+      0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  /* 1x */
+      0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,  /* 2x */
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0,  /* 3x */
+      0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,  /* 4x */
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,  /* 5x */
+      0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,  /* 6x */
+      1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,  /* 7x */
+  };
+  return (c&0x80 || isFtsIdChar[(int)(c)]);
+}
+
+SQLITE_PRIVATE const char *sqlite3Fts3NextToken(const char *zStr, int *pn){
+  const char *z1;
+  const char *z2 = 0;
+
+  /* Find the start of the next token. */
+  z1 = zStr;
+  while( z2==0 ){
+    char c = *z1;
+    switch( c ){
+      case '\0': return 0;        /* No more tokens here */
+      case '\'':
+      case '"':
+      case '`': {
+        z2 = z1;
+        while( *++z2 && (*z2!=c || *++z2==c) );
+        break;
+      }
+      case '[':
+        z2 = &z1[1];
+        while( *z2 && z2[0]!=']' ) z2++;
+        if( *z2 ) z2++;
+        break;
+
+      default:
+        if( sqlite3Fts3IsIdChar(*z1) ){
+          z2 = &z1[1];
+          while( sqlite3Fts3IsIdChar(*z2) ) z2++;
+        }else{
+          z1++;
+        }
+    }
+  }
+
+  *pn = (int)(z2-z1);
+  return z1;
+}
+
+SQLITE_PRIVATE int sqlite3Fts3InitTokenizer(
+  Fts3Hash *pHash,                /* Tokenizer hash table */
+  const char *zArg,               /* Tokenizer name */
+  sqlite3_tokenizer **ppTok,      /* OUT: Tokenizer (if applicable) */
+  char **pzErr                    /* OUT: Set to malloced error message */
+){
+  int rc;
+  char *z = (char *)zArg;
+  int n = 0;
+  char *zCopy;
+  char *zEnd;                     /* Pointer to nul-term of zCopy */
+  sqlite3_tokenizer_module *m;
+
+  zCopy = sqlite3_mprintf("%s", zArg);
+  if( !zCopy ) return SQLITE_NOMEM;
+  zEnd = &zCopy[strlen(zCopy)];
+
+  z = (char *)sqlite3Fts3NextToken(zCopy, &n);
+  if( z==0 ){
+    assert( n==0 );
+    z = zCopy;
+  }
+  z[n] = '\0';
+  sqlite3Fts3Dequote(z);
+
+  m = (sqlite3_tokenizer_module *)sqlite3Fts3HashFind(pHash,z,(int)strlen(z)+1);
+  if( !m ){
+    sqlite3Fts3ErrMsg(pzErr, "unknown tokenizer: %s", z);
+    rc = SQLITE_ERROR;
+  }else{
+    char const **aArg = 0;
+    int iArg = 0;
+    z = &z[n+1];
+    while( z<zEnd && (NULL!=(z = (char *)sqlite3Fts3NextToken(z, &n))) ){
+      int nNew = sizeof(char *)*(iArg+1);
+      char const **aNew = (const char **)sqlite3_realloc((void *)aArg, nNew);
+      if( !aNew ){
+        sqlite3_free(zCopy);
+        sqlite3_free((void *)aArg);
+        return SQLITE_NOMEM;
+      }
+      aArg = aNew;
+      aArg[iArg++] = z;
+      z[n] = '\0';
+      sqlite3Fts3Dequote(z);
+      z = &z[n+1];
+    }
+    rc = m->xCreate(iArg, aArg, ppTok);
+    assert( rc!=SQLITE_OK || *ppTok );
+    if( rc!=SQLITE_OK ){
+      sqlite3Fts3ErrMsg(pzErr, "unknown tokenizer");
+    }else{
+      (*ppTok)->pModule = m; 
+    }
+    sqlite3_free((void *)aArg);
+  }
+
+  sqlite3_free(zCopy);
+  return rc;
+}
+
+
+#ifdef SQLITE_TEST
+
+#include <tcl.h>
+/* #include <string.h> */
+
+/*
+** Implementation of a special SQL scalar function for testing tokenizers 
+** designed to be used in concert with the Tcl testing framework. This
+** function must be called with two or more arguments:
+**
+**   SELECT <function-name>(<key-name>, ..., <input-string>);
+**
+** where <function-name> is the name passed as the second argument
+** to the sqlite3Fts3InitHashTable() function (e.g. 'fts3_tokenizer')
+** concatenated with the string '_test' (e.g. 'fts3_tokenizer_test').
+**
+** The return value is a string that may be interpreted as a Tcl
+** list. For each token in the <input-string>, three elements are
+** added to the returned list. The first is the token position, the 
+** second is the token text (folded, stemmed, etc.) and the third is the
+** substring of <input-string> associated with the token. For example, 
+** using the built-in "simple" tokenizer:
+**
+**   SELECT fts_tokenizer_test('simple', 'I don't see how');
+**
+** will return the string:
+**
+**   "{0 i I 1 dont don't 2 see see 3 how how}"
+**   
+*/
+static void testFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  Fts3Hash *pHash;
+  sqlite3_tokenizer_module *p;
+  sqlite3_tokenizer *pTokenizer = 0;
+  sqlite3_tokenizer_cursor *pCsr = 0;
+
+  const char *zErr = 0;
+
+  const char *zName;
+  int nName;
+  const char *zInput;
+  int nInput;
+
+  const char *azArg[64];
+
+  const char *zToken;
+  int nToken = 0;
+  int iStart = 0;
+  int iEnd = 0;
+  int iPos = 0;
+  int i;
+
+  Tcl_Obj *pRet;
+
+  if( argc<2 ){
+    sqlite3_result_error(context, "insufficient arguments", -1);
+    return;
+  }
+
+  nName = sqlite3_value_bytes(argv[0]);
+  zName = (const char *)sqlite3_value_text(argv[0]);
+  nInput = sqlite3_value_bytes(argv[argc-1]);
+  zInput = (const char *)sqlite3_value_text(argv[argc-1]);
+
+  pHash = (Fts3Hash *)sqlite3_user_data(context);
+  p = (sqlite3_tokenizer_module *)sqlite3Fts3HashFind(pHash, zName, nName+1);
+
+  if( !p ){
+    char *zErr2 = sqlite3_mprintf("unknown tokenizer: %s", zName);
+    sqlite3_result_error(context, zErr2, -1);
+    sqlite3_free(zErr2);
+    return;
+  }
+
+  pRet = Tcl_NewObj();
+  Tcl_IncrRefCount(pRet);
+
+  for(i=1; i<argc-1; i++){
+    azArg[i-1] = (const char *)sqlite3_value_text(argv[i]);
+  }
+
+  if( SQLITE_OK!=p->xCreate(argc-2, azArg, &pTokenizer) ){
+    zErr = "error in xCreate()";
+    goto finish;
+  }
+  pTokenizer->pModule = p;
+  if( sqlite3Fts3OpenTokenizer(pTokenizer, 0, zInput, nInput, &pCsr) ){
+    zErr = "error in xOpen()";
+    goto finish;
+  }
+
+  while( SQLITE_OK==p->xNext(pCsr, &zToken, &nToken, &iStart, &iEnd, &iPos) ){
+    Tcl_ListObjAppendElement(0, pRet, Tcl_NewIntObj(iPos));
+    Tcl_ListObjAppendElement(0, pRet, Tcl_NewStringObj(zToken, nToken));
+    zToken = &zInput[iStart];
+    nToken = iEnd-iStart;
+    Tcl_ListObjAppendElement(0, pRet, Tcl_NewStringObj(zToken, nToken));
+  }
+
+  if( SQLITE_OK!=p->xClose(pCsr) ){
+    zErr = "error in xClose()";
+    goto finish;
+  }
+  if( SQLITE_OK!=p->xDestroy(pTokenizer) ){
+    zErr = "error in xDestroy()";
+    goto finish;
+  }
+
+finish:
+  if( zErr ){
+    sqlite3_result_error(context, zErr, -1);
+  }else{
+    sqlite3_result_text(context, Tcl_GetString(pRet), -1, SQLITE_TRANSIENT);
+  }
+  Tcl_DecrRefCount(pRet);
+}
+
+static
+int registerTokenizer(
+  sqlite3 *db, 
+  char *zName, 
+  const sqlite3_tokenizer_module *p
+){
+  int rc;
+  sqlite3_stmt *pStmt;
+  const char zSql[] = "SELECT fts3_tokenizer(?, ?)";
+
+  rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  sqlite3_bind_text(pStmt, 1, zName, -1, SQLITE_STATIC);
+  sqlite3_bind_blob(pStmt, 2, &p, sizeof(p), SQLITE_STATIC);
+  sqlite3_step(pStmt);
+
+  return sqlite3_finalize(pStmt);
+}
+
+static
+int queryTokenizer(
+  sqlite3 *db, 
+  char *zName,  
+  const sqlite3_tokenizer_module **pp
+){
+  int rc;
+  sqlite3_stmt *pStmt;
+  const char zSql[] = "SELECT fts3_tokenizer(?)";
+
+  *pp = 0;
+  rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  sqlite3_bind_text(pStmt, 1, zName, -1, SQLITE_STATIC);
+  if( SQLITE_ROW==sqlite3_step(pStmt) ){
+    if( sqlite3_column_type(pStmt, 0)==SQLITE_BLOB ){
+      memcpy((void *)pp, sqlite3_column_blob(pStmt, 0), sizeof(*pp));
+    }
+  }
+
+  return sqlite3_finalize(pStmt);
+}
+
+SQLITE_PRIVATE void sqlite3Fts3SimpleTokenizerModule(sqlite3_tokenizer_module const**ppModule);
+
+/*
+** Implementation of the scalar function fts3_tokenizer_internal_test().
+** This function is used for testing only, it is not included in the
+** build unless SQLITE_TEST is defined.
+**
+** The purpose of this is to test that the fts3_tokenizer() function
+** can be used as designed by the C-code in the queryTokenizer and
+** registerTokenizer() functions above. These two functions are repeated
+** in the README.tokenizer file as an example, so it is important to
+** test them.
+**
+** To run the tests, evaluate the fts3_tokenizer_internal_test() scalar
+** function with no arguments. An assert() will fail if a problem is
+** detected. i.e.:
+**
+**     SELECT fts3_tokenizer_internal_test();
+**
+*/
+static void intTestFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  int rc;
+  const sqlite3_tokenizer_module *p1;
+  const sqlite3_tokenizer_module *p2;
+  sqlite3 *db = (sqlite3 *)sqlite3_user_data(context);
+
+  UNUSED_PARAMETER(argc);
+  UNUSED_PARAMETER(argv);
+
+  /* Test the query function */
+  sqlite3Fts3SimpleTokenizerModule(&p1);
+  rc = queryTokenizer(db, "simple", &p2);
+  assert( rc==SQLITE_OK );
+  assert( p1==p2 );
+  rc = queryTokenizer(db, "nosuchtokenizer", &p2);
+  assert( rc==SQLITE_ERROR );
+  assert( p2==0 );
+  assert( 0==strcmp(sqlite3_errmsg(db), "unknown tokenizer: nosuchtokenizer") );
+
+  /* Test the storage function */
+  rc = registerTokenizer(db, "nosuchtokenizer", p1);
+  assert( rc==SQLITE_OK );
+  rc = queryTokenizer(db, "nosuchtokenizer", &p2);
+  assert( rc==SQLITE_OK );
+  assert( p2==p1 );
+
+  sqlite3_result_text(context, "ok", -1, SQLITE_STATIC);
+}
+
+#endif
+
+/*
+** Set up SQL objects in database db used to access the contents of
+** the hash table pointed to by argument pHash. The hash table must
+** been initialized to use string keys, and to take a private copy 
+** of the key when a value is inserted. i.e. by a call similar to:
+**
+**    sqlite3Fts3HashInit(pHash, FTS3_HASH_STRING, 1);
+**
+** This function adds a scalar function (see header comment above
+** scalarFunc() in this file for details) and, if ENABLE_TABLE is
+** defined at compilation time, a temporary virtual table (see header 
+** comment above struct HashTableVtab) to the database schema. Both 
+** provide read/write access to the contents of *pHash.
+**
+** The third argument to this function, zName, is used as the name
+** of both the scalar and, if created, the virtual table.
+*/
+SQLITE_PRIVATE int sqlite3Fts3InitHashTable(
+  sqlite3 *db, 
+  Fts3Hash *pHash, 
+  const char *zName
+){
+  int rc = SQLITE_OK;
+  void *p = (void *)pHash;
+  const int any = SQLITE_ANY;
+
+#ifdef SQLITE_TEST
+  char *zTest = 0;
+  char *zTest2 = 0;
+  void *pdb = (void *)db;
+  zTest = sqlite3_mprintf("%s_test", zName);
+  zTest2 = sqlite3_mprintf("%s_internal_test", zName);
+  if( !zTest || !zTest2 ){
+    rc = SQLITE_NOMEM;
+  }
+#endif
+
+  if( SQLITE_OK==rc ){
+    rc = sqlite3_create_function(db, zName, 1, any, p, scalarFunc, 0, 0);
+  }
+  if( SQLITE_OK==rc ){
+    rc = sqlite3_create_function(db, zName, 2, any, p, scalarFunc, 0, 0);
+  }
+#ifdef SQLITE_TEST
+  if( SQLITE_OK==rc ){
+    rc = sqlite3_create_function(db, zTest, -1, any, p, testFunc, 0, 0);
+  }
+  if( SQLITE_OK==rc ){
+    rc = sqlite3_create_function(db, zTest2, 0, any, pdb, intTestFunc, 0, 0);
+  }
+#endif
+
+#ifdef SQLITE_TEST
+  sqlite3_free(zTest);
+  sqlite3_free(zTest2);
+#endif
+
+  return rc;
+}
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_tokenizer.c **************************************/
+/************** Begin file fts3_tokenizer1.c *********************************/
+/*
+** 2006 Oct 10
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** Implementation of the "simple" full-text-search tokenizer.
+*/
+
+/*
+** The code in this file is only compiled if:
+**
+**     * The FTS3 module is being built as an extension
+**       (in which case SQLITE_CORE is not defined), or
+**
+**     * The FTS3 module is being built into the core of
+**       SQLite (in which case SQLITE_ENABLE_FTS3 is defined).
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <assert.h> */
+/* #include <stdlib.h> */
+/* #include <stdio.h> */
+/* #include <string.h> */
+
+/* #include "fts3_tokenizer.h" */
+
+typedef struct simple_tokenizer {
+  sqlite3_tokenizer base;
+  char delim[128];             /* flag ASCII delimiters */
+} simple_tokenizer;
+
+typedef struct simple_tokenizer_cursor {
+  sqlite3_tokenizer_cursor base;
+  const char *pInput;          /* input we are tokenizing */
+  int nBytes;                  /* size of the input */
+  int iOffset;                 /* current position in pInput */
+  int iToken;                  /* index of next token to be returned */
+  char *pToken;                /* storage for current token */
+  int nTokenAllocated;         /* space allocated to zToken buffer */
+} simple_tokenizer_cursor;
+
+
+static int simpleDelim(simple_tokenizer *t, unsigned char c){
+  return c<0x80 && t->delim[c];
+}
+static int fts3_isalnum(int x){
+  return (x>='0' && x<='9') || (x>='A' && x<='Z') || (x>='a' && x<='z');
+}
+
+/*
+** Create a new tokenizer instance.
+*/
+static int simpleCreate(
+  int argc, const char * const *argv,
+  sqlite3_tokenizer **ppTokenizer
+){
+  simple_tokenizer *t;
+
+  t = (simple_tokenizer *) sqlite3_malloc(sizeof(*t));
+  if( t==NULL ) return SQLITE_NOMEM;
+  memset(t, 0, sizeof(*t));
+
+  /* TODO(shess) Delimiters need to remain the same from run to run,
+  ** else we need to reindex.  One solution would be a meta-table to
+  ** track such information in the database, then we'd only want this
+  ** information on the initial create.
+  */
+  if( argc>1 ){
+    int i, n = (int)strlen(argv[1]);
+    for(i=0; i<n; i++){
+      unsigned char ch = argv[1][i];
+      /* We explicitly don't support UTF-8 delimiters for now. */
+      if( ch>=0x80 ){
+        sqlite3_free(t);
+        return SQLITE_ERROR;
+      }
+      t->delim[ch] = 1;
+    }
+  } else {
+    /* Mark non-alphanumeric ASCII characters as delimiters */
+    int i;
+    for(i=1; i<0x80; i++){
+      t->delim[i] = !fts3_isalnum(i) ? -1 : 0;
+    }
+  }
+
+  *ppTokenizer = &t->base;
+  return SQLITE_OK;
+}
+
+/*
+** Destroy a tokenizer
+*/
+static int simpleDestroy(sqlite3_tokenizer *pTokenizer){
+  sqlite3_free(pTokenizer);
+  return SQLITE_OK;
+}
+
+/*
+** Prepare to begin tokenizing a particular string.  The input
+** string to be tokenized is pInput[0..nBytes-1].  A cursor
+** used to incrementally tokenize this string is returned in 
+** *ppCursor.
+*/
+static int simpleOpen(
+  sqlite3_tokenizer *pTokenizer,         /* The tokenizer */
+  const char *pInput, int nBytes,        /* String to be tokenized */
+  sqlite3_tokenizer_cursor **ppCursor    /* OUT: Tokenization cursor */
+){
+  simple_tokenizer_cursor *c;
+
+  UNUSED_PARAMETER(pTokenizer);
+
+  c = (simple_tokenizer_cursor *) sqlite3_malloc(sizeof(*c));
+  if( c==NULL ) return SQLITE_NOMEM;
+
+  c->pInput = pInput;
+  if( pInput==0 ){
+    c->nBytes = 0;
+  }else if( nBytes<0 ){
+    c->nBytes = (int)strlen(pInput);
+  }else{
+    c->nBytes = nBytes;
+  }
+  c->iOffset = 0;                 /* start tokenizing at the beginning */
+  c->iToken = 0;
+  c->pToken = NULL;               /* no space allocated, yet. */
+  c->nTokenAllocated = 0;
+
+  *ppCursor = &c->base;
+  return SQLITE_OK;
+}
+
+/*
+** Close a tokenization cursor previously opened by a call to
+** simpleOpen() above.
+*/
+static int simpleClose(sqlite3_tokenizer_cursor *pCursor){
+  simple_tokenizer_cursor *c = (simple_tokenizer_cursor *) pCursor;
+  sqlite3_free(c->pToken);
+  sqlite3_free(c);
+  return SQLITE_OK;
+}
+
+/*
+** Extract the next token from a tokenization cursor.  The cursor must
+** have been opened by a prior call to simpleOpen().
+*/
+static int simpleNext(
+  sqlite3_tokenizer_cursor *pCursor,  /* Cursor returned by simpleOpen */
+  const char **ppToken,               /* OUT: *ppToken is the token text */
+  int *pnBytes,                       /* OUT: Number of bytes in token */
+  int *piStartOffset,                 /* OUT: Starting offset of token */
+  int *piEndOffset,                   /* OUT: Ending offset of token */
+  int *piPosition                     /* OUT: Position integer of token */
+){
+  simple_tokenizer_cursor *c = (simple_tokenizer_cursor *) pCursor;
+  simple_tokenizer *t = (simple_tokenizer *) pCursor->pTokenizer;
+  unsigned char *p = (unsigned char *)c->pInput;
+
+  while( c->iOffset<c->nBytes ){
+    int iStartOffset;
+
+    /* Scan past delimiter characters */
+    while( c->iOffset<c->nBytes && simpleDelim(t, p[c->iOffset]) ){
+      c->iOffset++;
+    }
+
+    /* Count non-delimiter characters. */
+    iStartOffset = c->iOffset;
+    while( c->iOffset<c->nBytes && !simpleDelim(t, p[c->iOffset]) ){
+      c->iOffset++;
+    }
+
+    if( c->iOffset>iStartOffset ){
+      int i, n = c->iOffset-iStartOffset;
+      if( n>c->nTokenAllocated ){
+        char *pNew;
+        c->nTokenAllocated = n+20;
+        pNew = sqlite3_realloc(c->pToken, c->nTokenAllocated);
+        if( !pNew ) return SQLITE_NOMEM;
+        c->pToken = pNew;
+      }
+      for(i=0; i<n; i++){
+        /* TODO(shess) This needs expansion to handle UTF-8
+        ** case-insensitivity.
+        */
+        unsigned char ch = p[iStartOffset+i];
+        c->pToken[i] = (char)((ch>='A' && ch<='Z') ? ch-'A'+'a' : ch);
+      }
+      *ppToken = c->pToken;
+      *pnBytes = n;
+      *piStartOffset = iStartOffset;
+      *piEndOffset = c->iOffset;
+      *piPosition = c->iToken++;
+
+      return SQLITE_OK;
+    }
+  }
+  return SQLITE_DONE;
+}
+
+/*
+** The set of routines that implement the simple tokenizer
+*/
+static const sqlite3_tokenizer_module simpleTokenizerModule = {
+  0,
+  simpleCreate,
+  simpleDestroy,
+  simpleOpen,
+  simpleClose,
+  simpleNext,
+  0,
+};
+
+/*
+** Allocate a new simple tokenizer.  Return a pointer to the new
+** tokenizer in *ppModule
+*/
+SQLITE_PRIVATE void sqlite3Fts3SimpleTokenizerModule(
+  sqlite3_tokenizer_module const**ppModule
+){
+  *ppModule = &simpleTokenizerModule;
+}
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_tokenizer1.c *************************************/
+/************** Begin file fts3_tokenize_vtab.c ******************************/
+/*
+** 2013 Apr 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains code for the "fts3tokenize" virtual table module.
+** An fts3tokenize virtual table is created as follows:
+**
+**   CREATE VIRTUAL TABLE <tbl> USING fts3tokenize(
+**       <tokenizer-name>, <arg-1>, ...
+**   );
+**
+** The table created has the following schema:
+**
+**   CREATE TABLE <tbl>(input, token, start, end, position)
+**
+** When queried, the query must include a WHERE clause of type:
+**
+**   input = <string>
+**
+** The virtual table module tokenizes this <string>, using the FTS3 
+** tokenizer specified by the arguments to the CREATE VIRTUAL TABLE 
+** statement and returns one row for each token in the result. With
+** fields set as follows:
+**
+**   input:   Always set to a copy of <string>
+**   token:   A token from the input.
+**   start:   Byte offset of the token within the input <string>.
+**   end:     Byte offset of the byte immediately following the end of the
+**            token within the input string.
+**   pos:     Token offset of token within input.
+**
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <string.h> */
+/* #include <assert.h> */
+
+typedef struct Fts3tokTable Fts3tokTable;
+typedef struct Fts3tokCursor Fts3tokCursor;
+
+/*
+** Virtual table structure.
+*/
+struct Fts3tokTable {
+  sqlite3_vtab base;              /* Base class used by SQLite core */
+  const sqlite3_tokenizer_module *pMod;
+  sqlite3_tokenizer *pTok;
+};
+
+/*
+** Virtual table cursor structure.
+*/
+struct Fts3tokCursor {
+  sqlite3_vtab_cursor base;       /* Base class used by SQLite core */
+  char *zInput;                   /* Input string */
+  sqlite3_tokenizer_cursor *pCsr; /* Cursor to iterate through zInput */
+  int iRowid;                     /* Current 'rowid' value */
+  const char *zToken;             /* Current 'token' value */
+  int nToken;                     /* Size of zToken in bytes */
+  int iStart;                     /* Current 'start' value */
+  int iEnd;                       /* Current 'end' value */
+  int iPos;                       /* Current 'pos' value */
+};
+
+/*
+** Query FTS for the tokenizer implementation named zName.
+*/
+static int fts3tokQueryTokenizer(
+  Fts3Hash *pHash,
+  const char *zName,
+  const sqlite3_tokenizer_module **pp,
+  char **pzErr
+){
+  sqlite3_tokenizer_module *p;
+  int nName = (int)strlen(zName);
+
+  p = (sqlite3_tokenizer_module *)sqlite3Fts3HashFind(pHash, zName, nName+1);
+  if( !p ){
+    sqlite3Fts3ErrMsg(pzErr, "unknown tokenizer: %s", zName);
+    return SQLITE_ERROR;
+  }
+
+  *pp = p;
+  return SQLITE_OK;
+}
+
+/*
+** The second argument, argv[], is an array of pointers to nul-terminated
+** strings. This function makes a copy of the array and strings into a 
+** single block of memory. It then dequotes any of the strings that appear
+** to be quoted.
+**
+** If successful, output parameter *pazDequote is set to point at the
+** array of dequoted strings and SQLITE_OK is returned. The caller is
+** responsible for eventually calling sqlite3_free() to free the array
+** in this case. Or, if an error occurs, an SQLite error code is returned.
+** The final value of *pazDequote is undefined in this case.
+*/
+static int fts3tokDequoteArray(
+  int argc,                       /* Number of elements in argv[] */
+  const char * const *argv,       /* Input array */
+  char ***pazDequote              /* Output array */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  if( argc==0 ){
+    *pazDequote = 0;
+  }else{
+    int i;
+    int nByte = 0;
+    char **azDequote;
+
+    for(i=0; i<argc; i++){
+      nByte += (int)(strlen(argv[i]) + 1);
+    }
+
+    *pazDequote = azDequote = sqlite3_malloc(sizeof(char *)*argc + nByte);
+    if( azDequote==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      char *pSpace = (char *)&azDequote[argc];
+      for(i=0; i<argc; i++){
+        int n = (int)strlen(argv[i]);
+        azDequote[i] = pSpace;
+        memcpy(pSpace, argv[i], n+1);
+        sqlite3Fts3Dequote(pSpace);
+        pSpace += (n+1);
+      }
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Schema of the tokenizer table.
+*/
+#define FTS3_TOK_SCHEMA "CREATE TABLE x(input, token, start, end, position)"
+
+/*
+** This function does all the work for both the xConnect and xCreate methods.
+** These tables have no persistent representation of their own, so xConnect
+** and xCreate are identical operations.
+**
+**   argv[0]: module name
+**   argv[1]: database name 
+**   argv[2]: table name
+**   argv[3]: first argument (tokenizer name)
+*/
+static int fts3tokConnectMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pHash,                    /* Hash table of tokenizers */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  Fts3tokTable *pTab = 0;
+  const sqlite3_tokenizer_module *pMod = 0;
+  sqlite3_tokenizer *pTok = 0;
+  int rc;
+  char **azDequote = 0;
+  int nDequote;
+
+  rc = sqlite3_declare_vtab(db, FTS3_TOK_SCHEMA);
+  if( rc!=SQLITE_OK ) return rc;
+
+  nDequote = argc-3;
+  rc = fts3tokDequoteArray(nDequote, &argv[3], &azDequote);
+
+  if( rc==SQLITE_OK ){
+    const char *zModule;
+    if( nDequote<1 ){
+      zModule = "simple";
+    }else{
+      zModule = azDequote[0];
+    }
+    rc = fts3tokQueryTokenizer((Fts3Hash*)pHash, zModule, &pMod, pzErr);
+  }
+
+  assert( (rc==SQLITE_OK)==(pMod!=0) );
+  if( rc==SQLITE_OK ){
+    const char * const *azArg = (const char * const *)&azDequote[1];
+    rc = pMod->xCreate((nDequote>1 ? nDequote-1 : 0), azArg, &pTok);
+  }
+
+  if( rc==SQLITE_OK ){
+    pTab = (Fts3tokTable *)sqlite3_malloc(sizeof(Fts3tokTable));
+    if( pTab==0 ){
+      rc = SQLITE_NOMEM;
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    memset(pTab, 0, sizeof(Fts3tokTable));
+    pTab->pMod = pMod;
+    pTab->pTok = pTok;
+    *ppVtab = &pTab->base;
+  }else{
+    if( pTok ){
+      pMod->xDestroy(pTok);
+    }
+  }
+
+  sqlite3_free(azDequote);
+  return rc;
+}
+
+/*
+** This function does the work for both the xDisconnect and xDestroy methods.
+** These tables have no persistent representation of their own, so xDisconnect
+** and xDestroy are identical operations.
+*/
+static int fts3tokDisconnectMethod(sqlite3_vtab *pVtab){
+  Fts3tokTable *pTab = (Fts3tokTable *)pVtab;
+
+  pTab->pMod->xDestroy(pTab->pTok);
+  sqlite3_free(pTab);
+  return SQLITE_OK;
+}
+
+/*
+** xBestIndex - Analyze a WHERE and ORDER BY clause.
+*/
+static int fts3tokBestIndexMethod(
+  sqlite3_vtab *pVTab, 
+  sqlite3_index_info *pInfo
+){
+  int i;
+  UNUSED_PARAMETER(pVTab);
+
+  for(i=0; i<pInfo->nConstraint; i++){
+    if( pInfo->aConstraint[i].usable 
+     && pInfo->aConstraint[i].iColumn==0 
+     && pInfo->aConstraint[i].op==SQLITE_INDEX_CONSTRAINT_EQ 
+    ){
+      pInfo->idxNum = 1;
+      pInfo->aConstraintUsage[i].argvIndex = 1;
+      pInfo->aConstraintUsage[i].omit = 1;
+      pInfo->estimatedCost = 1;
+      return SQLITE_OK;
+    }
+  }
+
+  pInfo->idxNum = 0;
+  assert( pInfo->estimatedCost>1000000.0 );
+
+  return SQLITE_OK;
+}
+
+/*
+** xOpen - Open a cursor.
+*/
+static int fts3tokOpenMethod(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCsr){
+  Fts3tokCursor *pCsr;
+  UNUSED_PARAMETER(pVTab);
+
+  pCsr = (Fts3tokCursor *)sqlite3_malloc(sizeof(Fts3tokCursor));
+  if( pCsr==0 ){
+    return SQLITE_NOMEM;
+  }
+  memset(pCsr, 0, sizeof(Fts3tokCursor));
+
+  *ppCsr = (sqlite3_vtab_cursor *)pCsr;
+  return SQLITE_OK;
+}
+
+/*
+** Reset the tokenizer cursor passed as the only argument. As if it had
+** just been returned by fts3tokOpenMethod().
+*/
+static void fts3tokResetCursor(Fts3tokCursor *pCsr){
+  if( pCsr->pCsr ){
+    Fts3tokTable *pTab = (Fts3tokTable *)(pCsr->base.pVtab);
+    pTab->pMod->xClose(pCsr->pCsr);
+    pCsr->pCsr = 0;
+  }
+  sqlite3_free(pCsr->zInput);
+  pCsr->zInput = 0;
+  pCsr->zToken = 0;
+  pCsr->nToken = 0;
+  pCsr->iStart = 0;
+  pCsr->iEnd = 0;
+  pCsr->iPos = 0;
+  pCsr->iRowid = 0;
+}
+
+/*
+** xClose - Close a cursor.
+*/
+static int fts3tokCloseMethod(sqlite3_vtab_cursor *pCursor){
+  Fts3tokCursor *pCsr = (Fts3tokCursor *)pCursor;
+
+  fts3tokResetCursor(pCsr);
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+/*
+** xNext - Advance the cursor to the next row, if any.
+*/
+static int fts3tokNextMethod(sqlite3_vtab_cursor *pCursor){
+  Fts3tokCursor *pCsr = (Fts3tokCursor *)pCursor;
+  Fts3tokTable *pTab = (Fts3tokTable *)(pCursor->pVtab);
+  int rc;                         /* Return code */
+
+  pCsr->iRowid++;
+  rc = pTab->pMod->xNext(pCsr->pCsr,
+      &pCsr->zToken, &pCsr->nToken,
+      &pCsr->iStart, &pCsr->iEnd, &pCsr->iPos
+  );
+
+  if( rc!=SQLITE_OK ){
+    fts3tokResetCursor(pCsr);
+    if( rc==SQLITE_DONE ) rc = SQLITE_OK;
+  }
+
+  return rc;
+}
+
+/*
+** xFilter - Initialize a cursor to point at the start of its data.
+*/
+static int fts3tokFilterMethod(
+  sqlite3_vtab_cursor *pCursor,   /* The cursor used for this query */
+  int idxNum,                     /* Strategy index */
+  const char *idxStr,             /* Unused */
+  int nVal,                       /* Number of elements in apVal */
+  sqlite3_value **apVal           /* Arguments for the indexing scheme */
+){
+  int rc = SQLITE_ERROR;
+  Fts3tokCursor *pCsr = (Fts3tokCursor *)pCursor;
+  Fts3tokTable *pTab = (Fts3tokTable *)(pCursor->pVtab);
+  UNUSED_PARAMETER(idxStr);
+  UNUSED_PARAMETER(nVal);
+
+  fts3tokResetCursor(pCsr);
+  if( idxNum==1 ){
+    const char *zByte = (const char *)sqlite3_value_text(apVal[0]);
+    int nByte = sqlite3_value_bytes(apVal[0]);
+    pCsr->zInput = sqlite3_malloc(nByte+1);
+    if( pCsr->zInput==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      memcpy(pCsr->zInput, zByte, nByte);
+      pCsr->zInput[nByte] = 0;
+      rc = pTab->pMod->xOpen(pTab->pTok, pCsr->zInput, nByte, &pCsr->pCsr);
+      if( rc==SQLITE_OK ){
+        pCsr->pCsr->pTokenizer = pTab->pTok;
+      }
+    }
+  }
+
+  if( rc!=SQLITE_OK ) return rc;
+  return fts3tokNextMethod(pCursor);
+}
+
+/*
+** xEof - Return true if the cursor is at EOF, or false otherwise.
+*/
+static int fts3tokEofMethod(sqlite3_vtab_cursor *pCursor){
+  Fts3tokCursor *pCsr = (Fts3tokCursor *)pCursor;
+  return (pCsr->zToken==0);
+}
+
+/*
+** xColumn - Return a column value.
+*/
+static int fts3tokColumnMethod(
+  sqlite3_vtab_cursor *pCursor,   /* Cursor to retrieve value from */
+  sqlite3_context *pCtx,          /* Context for sqlite3_result_xxx() calls */
+  int iCol                        /* Index of column to read value from */
+){
+  Fts3tokCursor *pCsr = (Fts3tokCursor *)pCursor;
+
+  /* CREATE TABLE x(input, token, start, end, position) */
+  switch( iCol ){
+    case 0:
+      sqlite3_result_text(pCtx, pCsr->zInput, -1, SQLITE_TRANSIENT);
+      break;
+    case 1:
+      sqlite3_result_text(pCtx, pCsr->zToken, pCsr->nToken, SQLITE_TRANSIENT);
+      break;
+    case 2:
+      sqlite3_result_int(pCtx, pCsr->iStart);
+      break;
+    case 3:
+      sqlite3_result_int(pCtx, pCsr->iEnd);
+      break;
+    default:
+      assert( iCol==4 );
+      sqlite3_result_int(pCtx, pCsr->iPos);
+      break;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** xRowid - Return the current rowid for the cursor.
+*/
+static int fts3tokRowidMethod(
+  sqlite3_vtab_cursor *pCursor,   /* Cursor to retrieve value from */
+  sqlite_int64 *pRowid            /* OUT: Rowid value */
+){
+  Fts3tokCursor *pCsr = (Fts3tokCursor *)pCursor;
+  *pRowid = (sqlite3_int64)pCsr->iRowid;
+  return SQLITE_OK;
+}
+
+/*
+** Register the fts3tok module with database connection db. Return SQLITE_OK
+** if successful or an error code if sqlite3_create_module() fails.
+*/
+SQLITE_PRIVATE int sqlite3Fts3InitTok(sqlite3 *db, Fts3Hash *pHash){
+  static const sqlite3_module fts3tok_module = {
+     0,                           /* iVersion      */
+     fts3tokConnectMethod,        /* xCreate       */
+     fts3tokConnectMethod,        /* xConnect      */
+     fts3tokBestIndexMethod,      /* xBestIndex    */
+     fts3tokDisconnectMethod,     /* xDisconnect   */
+     fts3tokDisconnectMethod,     /* xDestroy      */
+     fts3tokOpenMethod,           /* xOpen         */
+     fts3tokCloseMethod,          /* xClose        */
+     fts3tokFilterMethod,         /* xFilter       */
+     fts3tokNextMethod,           /* xNext         */
+     fts3tokEofMethod,            /* xEof          */
+     fts3tokColumnMethod,         /* xColumn       */
+     fts3tokRowidMethod,          /* xRowid        */
+     0,                           /* xUpdate       */
+     0,                           /* xBegin        */
+     0,                           /* xSync         */
+     0,                           /* xCommit       */
+     0,                           /* xRollback     */
+     0,                           /* xFindFunction */
+     0,                           /* xRename       */
+     0,                           /* xSavepoint    */
+     0,                           /* xRelease      */
+     0                            /* xRollbackTo   */
+  };
+  int rc;                         /* Return code */
+
+  rc = sqlite3_create_module(db, "fts3tokenize", &fts3tok_module, (void*)pHash);
+  return rc;
+}
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_tokenize_vtab.c **********************************/
+/************** Begin file fts3_write.c **************************************/
+/*
+** 2009 Oct 23
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file is part of the SQLite FTS3 extension module. Specifically,
+** this file contains code to insert, update and delete rows from FTS3
+** tables. It also contains code to merge FTS3 b-tree segments. Some
+** of the sub-routines used to merge segments are also used by the query 
+** code in fts3.c.
+*/
+
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <string.h> */
+/* #include <assert.h> */
+/* #include <stdlib.h> */
+
+
+#define FTS_MAX_APPENDABLE_HEIGHT 16
+
+/*
+** When full-text index nodes are loaded from disk, the buffer that they
+** are loaded into has the following number of bytes of padding at the end 
+** of it. i.e. if a full-text index node is 900 bytes in size, then a buffer
+** of 920 bytes is allocated for it.
+**
+** This means that if we have a pointer into a buffer containing node data,
+** it is always safe to read up to two varints from it without risking an
+** overread, even if the node data is corrupted.
+*/
+#define FTS3_NODE_PADDING (FTS3_VARINT_MAX*2)
+
+/*
+** Under certain circumstances, b-tree nodes (doclists) can be loaded into
+** memory incrementally instead of all at once. This can be a big performance
+** win (reduced IO and CPU) if SQLite stops calling the virtual table xNext()
+** method before retrieving all query results (as may happen, for example,
+** if a query has a LIMIT clause).
+**
+** Incremental loading is used for b-tree nodes FTS3_NODE_CHUNK_THRESHOLD 
+** bytes and larger. Nodes are loaded in chunks of FTS3_NODE_CHUNKSIZE bytes.
+** The code is written so that the hard lower-limit for each of these values 
+** is 1. Clearly such small values would be inefficient, but can be useful 
+** for testing purposes.
+**
+** If this module is built with SQLITE_TEST defined, these constants may
+** be overridden at runtime for testing purposes. File fts3_test.c contains
+** a Tcl interface to read and write the values.
+*/
+#ifdef SQLITE_TEST
+int test_fts3_node_chunksize = (4*1024);
+int test_fts3_node_chunk_threshold = (4*1024)*4;
+# define FTS3_NODE_CHUNKSIZE       test_fts3_node_chunksize
+# define FTS3_NODE_CHUNK_THRESHOLD test_fts3_node_chunk_threshold
+#else
+# define FTS3_NODE_CHUNKSIZE (4*1024) 
+# define FTS3_NODE_CHUNK_THRESHOLD (FTS3_NODE_CHUNKSIZE*4)
+#endif
+
+/*
+** The two values that may be meaningfully bound to the :1 parameter in
+** statements SQL_REPLACE_STAT and SQL_SELECT_STAT.
+*/
+#define FTS_STAT_DOCTOTAL      0
+#define FTS_STAT_INCRMERGEHINT 1
+#define FTS_STAT_AUTOINCRMERGE 2
+
+/*
+** If FTS_LOG_MERGES is defined, call sqlite3_log() to report each automatic
+** and incremental merge operation that takes place. This is used for 
+** debugging FTS only, it should not usually be turned on in production
+** systems.
+*/
+#ifdef FTS3_LOG_MERGES
+static void fts3LogMerge(int nMerge, sqlite3_int64 iAbsLevel){
+  sqlite3_log(SQLITE_OK, "%d-way merge from level %d", nMerge, (int)iAbsLevel);
+}
+#else
+#define fts3LogMerge(x, y)
+#endif
+
+
+typedef struct PendingList PendingList;
+typedef struct SegmentNode SegmentNode;
+typedef struct SegmentWriter SegmentWriter;
+
+/*
+** An instance of the following data structure is used to build doclists
+** incrementally. See function fts3PendingListAppend() for details.
+*/
+struct PendingList {
+  int nData;
+  char *aData;
+  int nSpace;
+  sqlite3_int64 iLastDocid;
+  sqlite3_int64 iLastCol;
+  sqlite3_int64 iLastPos;
+};
+
+
+/*
+** Each cursor has a (possibly empty) linked list of the following objects.
+*/
+struct Fts3DeferredToken {
+  Fts3PhraseToken *pToken;        /* Pointer to corresponding expr token */
+  int iCol;                       /* Column token must occur in */
+  Fts3DeferredToken *pNext;       /* Next in list of deferred tokens */
+  PendingList *pList;             /* Doclist is assembled here */
+};
+
+/*
+** An instance of this structure is used to iterate through the terms on
+** a contiguous set of segment b-tree leaf nodes. Although the details of
+** this structure are only manipulated by code in this file, opaque handles
+** of type Fts3SegReader* are also used by code in fts3.c to iterate through
+** terms when querying the full-text index. See functions:
+**
+**   sqlite3Fts3SegReaderNew()
+**   sqlite3Fts3SegReaderFree()
+**   sqlite3Fts3SegReaderIterate()
+**
+** Methods used to manipulate Fts3SegReader structures:
+**
+**   fts3SegReaderNext()
+**   fts3SegReaderFirstDocid()
+**   fts3SegReaderNextDocid()
+*/
+struct Fts3SegReader {
+  int iIdx;                       /* Index within level, or 0x7FFFFFFF for PT */
+  u8 bLookup;                     /* True for a lookup only */
+  u8 rootOnly;                    /* True for a root-only reader */
+
+  sqlite3_int64 iStartBlock;      /* Rowid of first leaf block to traverse */
+  sqlite3_int64 iLeafEndBlock;    /* Rowid of final leaf block to traverse */
+  sqlite3_int64 iEndBlock;        /* Rowid of final block in segment (or 0) */
+  sqlite3_int64 iCurrentBlock;    /* Current leaf block (or 0) */
+
+  char *aNode;                    /* Pointer to node data (or NULL) */
+  int nNode;                      /* Size of buffer at aNode (or 0) */
+  int nPopulate;                  /* If >0, bytes of buffer aNode[] loaded */
+  sqlite3_blob *pBlob;            /* If not NULL, blob handle to read node */
+
+  Fts3HashElem **ppNextElem;
+
+  /* Variables set by fts3SegReaderNext(). These may be read directly
+  ** by the caller. They are valid from the time SegmentReaderNew() returns
+  ** until SegmentReaderNext() returns something other than SQLITE_OK
+  ** (i.e. SQLITE_DONE).
+  */
+  int nTerm;                      /* Number of bytes in current term */
+  char *zTerm;                    /* Pointer to current term */
+  int nTermAlloc;                 /* Allocated size of zTerm buffer */
+  char *aDoclist;                 /* Pointer to doclist of current entry */
+  int nDoclist;                   /* Size of doclist in current entry */
+
+  /* The following variables are used by fts3SegReaderNextDocid() to iterate 
+  ** through the current doclist (aDoclist/nDoclist).
+  */
+  char *pOffsetList;
+  int nOffsetList;                /* For descending pending seg-readers only */
+  sqlite3_int64 iDocid;
+};
+
+#define fts3SegReaderIsPending(p) ((p)->ppNextElem!=0)
+#define fts3SegReaderIsRootOnly(p) ((p)->rootOnly!=0)
+
+/*
+** An instance of this structure is used to create a segment b-tree in the
+** database. The internal details of this type are only accessed by the
+** following functions:
+**
+**   fts3SegWriterAdd()
+**   fts3SegWriterFlush()
+**   fts3SegWriterFree()
+*/
+struct SegmentWriter {
+  SegmentNode *pTree;             /* Pointer to interior tree structure */
+  sqlite3_int64 iFirst;           /* First slot in %_segments written */
+  sqlite3_int64 iFree;            /* Next free slot in %_segments */
+  char *zTerm;                    /* Pointer to previous term buffer */
+  int nTerm;                      /* Number of bytes in zTerm */
+  int nMalloc;                    /* Size of malloc'd buffer at zMalloc */
+  char *zMalloc;                  /* Malloc'd space (possibly) used for zTerm */
+  int nSize;                      /* Size of allocation at aData */
+  int nData;                      /* Bytes of data in aData */
+  char *aData;                    /* Pointer to block from malloc() */
+  i64 nLeafData;                  /* Number of bytes of leaf data written */
+};
+
+/*
+** Type SegmentNode is used by the following three functions to create
+** the interior part of the segment b+-tree structures (everything except
+** the leaf nodes). These functions and type are only ever used by code
+** within the fts3SegWriterXXX() family of functions described above.
+**
+**   fts3NodeAddTerm()
+**   fts3NodeWrite()
+**   fts3NodeFree()
+**
+** When a b+tree is written to the database (either as a result of a merge
+** or the pending-terms table being flushed), leaves are written into the 
+** database file as soon as they are completely populated. The interior of
+** the tree is assembled in memory and written out only once all leaves have
+** been populated and stored. This is Ok, as the b+-tree fanout is usually
+** very large, meaning that the interior of the tree consumes relatively 
+** little memory.
+*/
+struct SegmentNode {
+  SegmentNode *pParent;           /* Parent node (or NULL for root node) */
+  SegmentNode *pRight;            /* Pointer to right-sibling */
+  SegmentNode *pLeftmost;         /* Pointer to left-most node of this depth */
+  int nEntry;                     /* Number of terms written to node so far */
+  char *zTerm;                    /* Pointer to previous term buffer */
+  int nTerm;                      /* Number of bytes in zTerm */
+  int nMalloc;                    /* Size of malloc'd buffer at zMalloc */
+  char *zMalloc;                  /* Malloc'd space (possibly) used for zTerm */
+  int nData;                      /* Bytes of valid data so far */
+  char *aData;                    /* Node data */
+};
+
+/*
+** Valid values for the second argument to fts3SqlStmt().
+*/
+#define SQL_DELETE_CONTENT             0
+#define SQL_IS_EMPTY                   1
+#define SQL_DELETE_ALL_CONTENT         2 
+#define SQL_DELETE_ALL_SEGMENTS        3
+#define SQL_DELETE_ALL_SEGDIR          4
+#define SQL_DELETE_ALL_DOCSIZE         5
+#define SQL_DELETE_ALL_STAT            6
+#define SQL_SELECT_CONTENT_BY_ROWID    7
+#define SQL_NEXT_SEGMENT_INDEX         8
+#define SQL_INSERT_SEGMENTS            9
+#define SQL_NEXT_SEGMENTS_ID          10
+#define SQL_INSERT_SEGDIR             11
+#define SQL_SELECT_LEVEL              12
+#define SQL_SELECT_LEVEL_RANGE        13
+#define SQL_SELECT_LEVEL_COUNT        14
+#define SQL_SELECT_SEGDIR_MAX_LEVEL   15
+#define SQL_DELETE_SEGDIR_LEVEL       16
+#define SQL_DELETE_SEGMENTS_RANGE     17
+#define SQL_CONTENT_INSERT            18
+#define SQL_DELETE_DOCSIZE            19
+#define SQL_REPLACE_DOCSIZE           20
+#define SQL_SELECT_DOCSIZE            21
+#define SQL_SELECT_STAT               22
+#define SQL_REPLACE_STAT              23
+
+#define SQL_SELECT_ALL_PREFIX_LEVEL   24
+#define SQL_DELETE_ALL_TERMS_SEGDIR   25
+#define SQL_DELETE_SEGDIR_RANGE       26
+#define SQL_SELECT_ALL_LANGID         27
+#define SQL_FIND_MERGE_LEVEL          28
+#define SQL_MAX_LEAF_NODE_ESTIMATE    29
+#define SQL_DELETE_SEGDIR_ENTRY       30
+#define SQL_SHIFT_SEGDIR_ENTRY        31
+#define SQL_SELECT_SEGDIR             32
+#define SQL_CHOMP_SEGDIR              33
+#define SQL_SEGMENT_IS_APPENDABLE     34
+#define SQL_SELECT_INDEXES            35
+#define SQL_SELECT_MXLEVEL            36
+
+#define SQL_SELECT_LEVEL_RANGE2       37
+#define SQL_UPDATE_LEVEL_IDX          38
+#define SQL_UPDATE_LEVEL              39
+
+/*
+** This function is used to obtain an SQLite prepared statement handle
+** for the statement identified by the second argument. If successful,
+** *pp is set to the requested statement handle and SQLITE_OK returned.
+** Otherwise, an SQLite error code is returned and *pp is set to 0.
+**
+** If argument apVal is not NULL, then it must point to an array with
+** at least as many entries as the requested statement has bound 
+** parameters. The values are bound to the statements parameters before
+** returning.
+*/
+static int fts3SqlStmt(
+  Fts3Table *p,                   /* Virtual table handle */
+  int eStmt,                      /* One of the SQL_XXX constants above */
+  sqlite3_stmt **pp,              /* OUT: Statement handle */
+  sqlite3_value **apVal           /* Values to bind to statement */
+){
+  const char *azSql[] = {
+/* 0  */  "DELETE FROM %Q.'%q_content' WHERE rowid = ?",
+/* 1  */  "SELECT NOT EXISTS(SELECT docid FROM %Q.'%q_content' WHERE rowid!=?)",
+/* 2  */  "DELETE FROM %Q.'%q_content'",
+/* 3  */  "DELETE FROM %Q.'%q_segments'",
+/* 4  */  "DELETE FROM %Q.'%q_segdir'",
+/* 5  */  "DELETE FROM %Q.'%q_docsize'",
+/* 6  */  "DELETE FROM %Q.'%q_stat'",
+/* 7  */  "SELECT %s WHERE rowid=?",
+/* 8  */  "SELECT (SELECT max(idx) FROM %Q.'%q_segdir' WHERE level = ?) + 1",
+/* 9  */  "REPLACE INTO %Q.'%q_segments'(blockid, block) VALUES(?, ?)",
+/* 10 */  "SELECT coalesce((SELECT max(blockid) FROM %Q.'%q_segments') + 1, 1)",
+/* 11 */  "REPLACE INTO %Q.'%q_segdir' VALUES(?,?,?,?,?,?)",
+
+          /* Return segments in order from oldest to newest.*/ 
+/* 12 */  "SELECT idx, start_block, leaves_end_block, end_block, root "
+            "FROM %Q.'%q_segdir' WHERE level = ? ORDER BY idx ASC",
+/* 13 */  "SELECT idx, start_block, leaves_end_block, end_block, root "
+            "FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?"
+            "ORDER BY level DESC, idx ASC",
+
+/* 14 */  "SELECT count(*) FROM %Q.'%q_segdir' WHERE level = ?",
+/* 15 */  "SELECT max(level) FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?",
+
+/* 16 */  "DELETE FROM %Q.'%q_segdir' WHERE level = ?",
+/* 17 */  "DELETE FROM %Q.'%q_segments' WHERE blockid BETWEEN ? AND ?",
+/* 18 */  "INSERT INTO %Q.'%q_content' VALUES(%s)",
+/* 19 */  "DELETE FROM %Q.'%q_docsize' WHERE docid = ?",
+/* 20 */  "REPLACE INTO %Q.'%q_docsize' VALUES(?,?)",
+/* 21 */  "SELECT size FROM %Q.'%q_docsize' WHERE docid=?",
+/* 22 */  "SELECT value FROM %Q.'%q_stat' WHERE id=?",
+/* 23 */  "REPLACE INTO %Q.'%q_stat' VALUES(?,?)",
+/* 24 */  "",
+/* 25 */  "",
+
+/* 26 */ "DELETE FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?",
+/* 27 */ "SELECT ? UNION SELECT level / (1024 * ?) FROM %Q.'%q_segdir'",
+
+/* This statement is used to determine which level to read the input from
+** when performing an incremental merge. It returns the absolute level number
+** of the oldest level in the db that contains at least ? segments. Or,
+** if no level in the FTS index contains more than ? segments, the statement
+** returns zero rows.  */
+/* 28 */ "SELECT level FROM %Q.'%q_segdir' GROUP BY level HAVING count(*)>=?"
+         "  ORDER BY (level %% 1024) ASC LIMIT 1",
+
+/* Estimate the upper limit on the number of leaf nodes in a new segment
+** created by merging the oldest :2 segments from absolute level :1. See 
+** function sqlite3Fts3Incrmerge() for details.  */
+/* 29 */ "SELECT 2 * total(1 + leaves_end_block - start_block) "
+         "  FROM %Q.'%q_segdir' WHERE level = ? AND idx < ?",
+
+/* SQL_DELETE_SEGDIR_ENTRY
+**   Delete the %_segdir entry on absolute level :1 with index :2.  */
+/* 30 */ "DELETE FROM %Q.'%q_segdir' WHERE level = ? AND idx = ?",
+
+/* SQL_SHIFT_SEGDIR_ENTRY
+**   Modify the idx value for the segment with idx=:3 on absolute level :2
+**   to :1.  */
+/* 31 */ "UPDATE %Q.'%q_segdir' SET idx = ? WHERE level=? AND idx=?",
+
+/* SQL_SELECT_SEGDIR
+**   Read a single entry from the %_segdir table. The entry from absolute 
+**   level :1 with index value :2.  */
+/* 32 */  "SELECT idx, start_block, leaves_end_block, end_block, root "
+            "FROM %Q.'%q_segdir' WHERE level = ? AND idx = ?",
+
+/* SQL_CHOMP_SEGDIR
+**   Update the start_block (:1) and root (:2) fields of the %_segdir
+**   entry located on absolute level :3 with index :4.  */
+/* 33 */  "UPDATE %Q.'%q_segdir' SET start_block = ?, root = ?"
+            "WHERE level = ? AND idx = ?",
+
+/* SQL_SEGMENT_IS_APPENDABLE
+**   Return a single row if the segment with end_block=? is appendable. Or
+**   no rows otherwise.  */
+/* 34 */  "SELECT 1 FROM %Q.'%q_segments' WHERE blockid=? AND block IS NULL",
+
+/* SQL_SELECT_INDEXES
+**   Return the list of valid segment indexes for absolute level ?  */
+/* 35 */  "SELECT idx FROM %Q.'%q_segdir' WHERE level=? ORDER BY 1 ASC",
+
+/* SQL_SELECT_MXLEVEL
+**   Return the largest relative level in the FTS index or indexes.  */
+/* 36 */  "SELECT max( level %% 1024 ) FROM %Q.'%q_segdir'",
+
+          /* Return segments in order from oldest to newest.*/ 
+/* 37 */  "SELECT level, idx, end_block "
+            "FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ? "
+            "ORDER BY level DESC, idx ASC",
+
+          /* Update statements used while promoting segments */
+/* 38 */  "UPDATE OR FAIL %Q.'%q_segdir' SET level=-1,idx=? "
+            "WHERE level=? AND idx=?",
+/* 39 */  "UPDATE OR FAIL %Q.'%q_segdir' SET level=? WHERE level=-1"
+
+  };
+  int rc = SQLITE_OK;
+  sqlite3_stmt *pStmt;
+
+  assert( SizeofArray(azSql)==SizeofArray(p->aStmt) );
+  assert( eStmt<SizeofArray(azSql) && eStmt>=0 );
+  
+  pStmt = p->aStmt[eStmt];
+  if( !pStmt ){
+    char *zSql;
+    if( eStmt==SQL_CONTENT_INSERT ){
+      zSql = sqlite3_mprintf(azSql[eStmt], p->zDb, p->zName, p->zWriteExprlist);
+    }else if( eStmt==SQL_SELECT_CONTENT_BY_ROWID ){
+      zSql = sqlite3_mprintf(azSql[eStmt], p->zReadExprlist);
+    }else{
+      zSql = sqlite3_mprintf(azSql[eStmt], p->zDb, p->zName);
+    }
+    if( !zSql ){
+      rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3_prepare_v2(p->db, zSql, -1, &pStmt, NULL);
+      sqlite3_free(zSql);
+      assert( rc==SQLITE_OK || pStmt==0 );
+      p->aStmt[eStmt] = pStmt;
+    }
+  }
+  if( apVal ){
+    int i;
+    int nParam = sqlite3_bind_parameter_count(pStmt);
+    for(i=0; rc==SQLITE_OK && i<nParam; i++){
+      rc = sqlite3_bind_value(pStmt, i+1, apVal[i]);
+    }
+  }
+  *pp = pStmt;
+  return rc;
+}
+
+
+static int fts3SelectDocsize(
+  Fts3Table *pTab,                /* FTS3 table handle */
+  sqlite3_int64 iDocid,           /* Docid to bind for SQL_SELECT_DOCSIZE */
+  sqlite3_stmt **ppStmt           /* OUT: Statement handle */
+){
+  sqlite3_stmt *pStmt = 0;        /* Statement requested from fts3SqlStmt() */
+  int rc;                         /* Return code */
+
+  rc = fts3SqlStmt(pTab, SQL_SELECT_DOCSIZE, &pStmt, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pStmt, 1, iDocid);
+    rc = sqlite3_step(pStmt);
+    if( rc!=SQLITE_ROW || sqlite3_column_type(pStmt, 0)!=SQLITE_BLOB ){
+      rc = sqlite3_reset(pStmt);
+      if( rc==SQLITE_OK ) rc = FTS_CORRUPT_VTAB;
+      pStmt = 0;
+    }else{
+      rc = SQLITE_OK;
+    }
+  }
+
+  *ppStmt = pStmt;
+  return rc;
+}
+
+SQLITE_PRIVATE int sqlite3Fts3SelectDoctotal(
+  Fts3Table *pTab,                /* Fts3 table handle */
+  sqlite3_stmt **ppStmt           /* OUT: Statement handle */
+){
+  sqlite3_stmt *pStmt = 0;
+  int rc;
+  rc = fts3SqlStmt(pTab, SQL_SELECT_STAT, &pStmt, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int(pStmt, 1, FTS_STAT_DOCTOTAL);
+    if( sqlite3_step(pStmt)!=SQLITE_ROW
+     || sqlite3_column_type(pStmt, 0)!=SQLITE_BLOB
+    ){
+      rc = sqlite3_reset(pStmt);
+      if( rc==SQLITE_OK ) rc = FTS_CORRUPT_VTAB;
+      pStmt = 0;
+    }
+  }
+  *ppStmt = pStmt;
+  return rc;
+}
+
+SQLITE_PRIVATE int sqlite3Fts3SelectDocsize(
+  Fts3Table *pTab,                /* Fts3 table handle */
+  sqlite3_int64 iDocid,           /* Docid to read size data for */
+  sqlite3_stmt **ppStmt           /* OUT: Statement handle */
+){
+  return fts3SelectDocsize(pTab, iDocid, ppStmt);
+}
+
+/*
+** Similar to fts3SqlStmt(). Except, after binding the parameters in
+** array apVal[] to the SQL statement identified by eStmt, the statement
+** is executed.
+**
+** Returns SQLITE_OK if the statement is successfully executed, or an
+** SQLite error code otherwise.
+*/
+static void fts3SqlExec(
+  int *pRC,                /* Result code */
+  Fts3Table *p,            /* The FTS3 table */
+  int eStmt,               /* Index of statement to evaluate */
+  sqlite3_value **apVal    /* Parameters to bind */
+){
+  sqlite3_stmt *pStmt;
+  int rc;
+  if( *pRC ) return;
+  rc = fts3SqlStmt(p, eStmt, &pStmt, apVal); 
+  if( rc==SQLITE_OK ){
+    sqlite3_step(pStmt);
+    rc = sqlite3_reset(pStmt);
+  }
+  *pRC = rc;
+}
+
+
+/*
+** This function ensures that the caller has obtained an exclusive 
+** shared-cache table-lock on the %_segdir table. This is required before 
+** writing data to the fts3 table. If this lock is not acquired first, then
+** the caller may end up attempting to take this lock as part of committing
+** a transaction, causing SQLite to return SQLITE_LOCKED or 
+** LOCKED_SHAREDCACHEto a COMMIT command.
+**
+** It is best to avoid this because if FTS3 returns any error when 
+** committing a transaction, the whole transaction will be rolled back. 
+** And this is not what users expect when they get SQLITE_LOCKED_SHAREDCACHE. 
+** It can still happen if the user locks the underlying tables directly 
+** instead of accessing them via FTS.
+*/
+static int fts3Writelock(Fts3Table *p){
+  int rc = SQLITE_OK;
+  
+  if( p->nPendingData==0 ){
+    sqlite3_stmt *pStmt;
+    rc = fts3SqlStmt(p, SQL_DELETE_SEGDIR_LEVEL, &pStmt, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_null(pStmt, 1);
+      sqlite3_step(pStmt);
+      rc = sqlite3_reset(pStmt);
+    }
+  }
+
+  return rc;
+}
+
+/*
+** FTS maintains a separate indexes for each language-id (a 32-bit integer).
+** Within each language id, a separate index is maintained to store the
+** document terms, and each configured prefix size (configured the FTS 
+** "prefix=" option). And each index consists of multiple levels ("relative
+** levels").
+**
+** All three of these values (the language id, the specific index and the
+** level within the index) are encoded in 64-bit integer values stored
+** in the %_segdir table on disk. This function is used to convert three
+** separate component values into the single 64-bit integer value that
+** can be used to query the %_segdir table.
+**
+** Specifically, each language-id/index combination is allocated 1024 
+** 64-bit integer level values ("absolute levels"). The main terms index
+** for language-id 0 is allocate values 0-1023. The first prefix index
+** (if any) for language-id 0 is allocated values 1024-2047. And so on.
+** Language 1 indexes are allocated immediately following language 0.
+**
+** So, for a system with nPrefix prefix indexes configured, the block of
+** absolute levels that corresponds to language-id iLangid and index 
+** iIndex starts at absolute level ((iLangid * (nPrefix+1) + iIndex) * 1024).
+*/
+static sqlite3_int64 getAbsoluteLevel(
+  Fts3Table *p,                   /* FTS3 table handle */
+  int iLangid,                    /* Language id */
+  int iIndex,                     /* Index in p->aIndex[] */
+  int iLevel                      /* Level of segments */
+){
+  sqlite3_int64 iBase;            /* First absolute level for iLangid/iIndex */
+  assert( iLangid>=0 );
+  assert( p->nIndex>0 );
+  assert( iIndex>=0 && iIndex<p->nIndex );
+
+  iBase = ((sqlite3_int64)iLangid * p->nIndex + iIndex) * FTS3_SEGDIR_MAXLEVEL;
+  return iBase + iLevel;
+}
+
+/*
+** Set *ppStmt to a statement handle that may be used to iterate through
+** all rows in the %_segdir table, from oldest to newest. If successful,
+** return SQLITE_OK. If an error occurs while preparing the statement, 
+** return an SQLite error code.
+**
+** There is only ever one instance of this SQL statement compiled for
+** each FTS3 table.
+**
+** The statement returns the following columns from the %_segdir table:
+**
+**   0: idx
+**   1: start_block
+**   2: leaves_end_block
+**   3: end_block
+**   4: root
+*/
+SQLITE_PRIVATE int sqlite3Fts3AllSegdirs(
+  Fts3Table *p,                   /* FTS3 table */
+  int iLangid,                    /* Language being queried */
+  int iIndex,                     /* Index for p->aIndex[] */
+  int iLevel,                     /* Level to select (relative level) */
+  sqlite3_stmt **ppStmt           /* OUT: Compiled statement */
+){
+  int rc;
+  sqlite3_stmt *pStmt = 0;
+
+  assert( iLevel==FTS3_SEGCURSOR_ALL || iLevel>=0 );
+  assert( iLevel<FTS3_SEGDIR_MAXLEVEL );
+  assert( iIndex>=0 && iIndex<p->nIndex );
+
+  if( iLevel<0 ){
+    /* "SELECT * FROM %_segdir WHERE level BETWEEN ? AND ? ORDER BY ..." */
+    rc = fts3SqlStmt(p, SQL_SELECT_LEVEL_RANGE, &pStmt, 0);
+    if( rc==SQLITE_OK ){ 
+      sqlite3_bind_int64(pStmt, 1, getAbsoluteLevel(p, iLangid, iIndex, 0));
+      sqlite3_bind_int64(pStmt, 2, 
+          getAbsoluteLevel(p, iLangid, iIndex, FTS3_SEGDIR_MAXLEVEL-1)
+      );
+    }
+  }else{
+    /* "SELECT * FROM %_segdir WHERE level = ? ORDER BY ..." */
+    rc = fts3SqlStmt(p, SQL_SELECT_LEVEL, &pStmt, 0);
+    if( rc==SQLITE_OK ){ 
+      sqlite3_bind_int64(pStmt, 1, getAbsoluteLevel(p, iLangid, iIndex,iLevel));
+    }
+  }
+  *ppStmt = pStmt;
+  return rc;
+}
+
+
+/*
+** Append a single varint to a PendingList buffer. SQLITE_OK is returned
+** if successful, or an SQLite error code otherwise.
+**
+** This function also serves to allocate the PendingList structure itself.
+** For example, to create a new PendingList structure containing two
+** varints:
+**
+**   PendingList *p = 0;
+**   fts3PendingListAppendVarint(&p, 1);
+**   fts3PendingListAppendVarint(&p, 2);
+*/
+static int fts3PendingListAppendVarint(
+  PendingList **pp,               /* IN/OUT: Pointer to PendingList struct */
+  sqlite3_int64 i                 /* Value to append to data */
+){
+  PendingList *p = *pp;
+
+  /* Allocate or grow the PendingList as required. */
+  if( !p ){
+    p = sqlite3_malloc(sizeof(*p) + 100);
+    if( !p ){
+      return SQLITE_NOMEM;
+    }
+    p->nSpace = 100;
+    p->aData = (char *)&p[1];
+    p->nData = 0;
+  }
+  else if( p->nData+FTS3_VARINT_MAX+1>p->nSpace ){
+    int nNew = p->nSpace * 2;
+    p = sqlite3_realloc(p, sizeof(*p) + nNew);
+    if( !p ){
+      sqlite3_free(*pp);
+      *pp = 0;
+      return SQLITE_NOMEM;
+    }
+    p->nSpace = nNew;
+    p->aData = (char *)&p[1];
+  }
+
+  /* Append the new serialized varint to the end of the list. */
+  p->nData += sqlite3Fts3PutVarint(&p->aData[p->nData], i);
+  p->aData[p->nData] = '\0';
+  *pp = p;
+  return SQLITE_OK;
+}
+
+/*
+** Add a docid/column/position entry to a PendingList structure. Non-zero
+** is returned if the structure is sqlite3_realloced as part of adding
+** the entry. Otherwise, zero.
+**
+** If an OOM error occurs, *pRc is set to SQLITE_NOMEM before returning.
+** Zero is always returned in this case. Otherwise, if no OOM error occurs,
+** it is set to SQLITE_OK.
+*/
+static int fts3PendingListAppend(
+  PendingList **pp,               /* IN/OUT: PendingList structure */
+  sqlite3_int64 iDocid,           /* Docid for entry to add */
+  sqlite3_int64 iCol,             /* Column for entry to add */
+  sqlite3_int64 iPos,             /* Position of term for entry to add */
+  int *pRc                        /* OUT: Return code */
+){
+  PendingList *p = *pp;
+  int rc = SQLITE_OK;
+
+  assert( !p || p->iLastDocid<=iDocid );
+
+  if( !p || p->iLastDocid!=iDocid ){
+    sqlite3_int64 iDelta = iDocid - (p ? p->iLastDocid : 0);
+    if( p ){
+      assert( p->nData<p->nSpace );
+      assert( p->aData[p->nData]==0 );
+      p->nData++;
+    }
+    if( SQLITE_OK!=(rc = fts3PendingListAppendVarint(&p, iDelta)) ){
+      goto pendinglistappend_out;
+    }
+    p->iLastCol = -1;
+    p->iLastPos = 0;
+    p->iLastDocid = iDocid;
+  }
+  if( iCol>0 && p->iLastCol!=iCol ){
+    if( SQLITE_OK!=(rc = fts3PendingListAppendVarint(&p, 1))
+     || SQLITE_OK!=(rc = fts3PendingListAppendVarint(&p, iCol))
+    ){
+      goto pendinglistappend_out;
+    }
+    p->iLastCol = iCol;
+    p->iLastPos = 0;
+  }
+  if( iCol>=0 ){
+    assert( iPos>p->iLastPos || (iPos==0 && p->iLastPos==0) );
+    rc = fts3PendingListAppendVarint(&p, 2+iPos-p->iLastPos);
+    if( rc==SQLITE_OK ){
+      p->iLastPos = iPos;
+    }
+  }
+
+ pendinglistappend_out:
+  *pRc = rc;
+  if( p!=*pp ){
+    *pp = p;
+    return 1;
+  }
+  return 0;
+}
+
+/*
+** Free a PendingList object allocated by fts3PendingListAppend().
+*/
+static void fts3PendingListDelete(PendingList *pList){
+  sqlite3_free(pList);
+}
+
+/*
+** Add an entry to one of the pending-terms hash tables.
+*/
+static int fts3PendingTermsAddOne(
+  Fts3Table *p,
+  int iCol,
+  int iPos,
+  Fts3Hash *pHash,                /* Pending terms hash table to add entry to */
+  const char *zToken,
+  int nToken
+){
+  PendingList *pList;
+  int rc = SQLITE_OK;
+
+  pList = (PendingList *)fts3HashFind(pHash, zToken, nToken);
+  if( pList ){
+    p->nPendingData -= (pList->nData + nToken + sizeof(Fts3HashElem));
+  }
+  if( fts3PendingListAppend(&pList, p->iPrevDocid, iCol, iPos, &rc) ){
+    if( pList==fts3HashInsert(pHash, zToken, nToken, pList) ){
+      /* Malloc failed while inserting the new entry. This can only 
+      ** happen if there was no previous entry for this token.
+      */
+      assert( 0==fts3HashFind(pHash, zToken, nToken) );
+      sqlite3_free(pList);
+      rc = SQLITE_NOMEM;
+    }
+  }
+  if( rc==SQLITE_OK ){
+    p->nPendingData += (pList->nData + nToken + sizeof(Fts3HashElem));
+  }
+  return rc;
+}
+
+/*
+** Tokenize the nul-terminated string zText and add all tokens to the
+** pending-terms hash-table. The docid used is that currently stored in
+** p->iPrevDocid, and the column is specified by argument iCol.
+**
+** If successful, SQLITE_OK is returned. Otherwise, an SQLite error code.
+*/
+static int fts3PendingTermsAdd(
+  Fts3Table *p,                   /* Table into which text will be inserted */
+  int iLangid,                    /* Language id to use */
+  const char *zText,              /* Text of document to be inserted */
+  int iCol,                       /* Column into which text is being inserted */
+  u32 *pnWord                     /* IN/OUT: Incr. by number tokens inserted */
+){
+  int rc;
+  int iStart = 0;
+  int iEnd = 0;
+  int iPos = 0;
+  int nWord = 0;
+
+  char const *zToken;
+  int nToken = 0;
+
+  sqlite3_tokenizer *pTokenizer = p->pTokenizer;
+  sqlite3_tokenizer_module const *pModule = pTokenizer->pModule;
+  sqlite3_tokenizer_cursor *pCsr;
+  int (*xNext)(sqlite3_tokenizer_cursor *pCursor,
+      const char**,int*,int*,int*,int*);
+
+  assert( pTokenizer && pModule );
+
+  /* If the user has inserted a NULL value, this function may be called with
+  ** zText==0. In this case, add zero token entries to the hash table and 
+  ** return early. */
+  if( zText==0 ){
+    *pnWord = 0;
+    return SQLITE_OK;
+  }
+
+  rc = sqlite3Fts3OpenTokenizer(pTokenizer, iLangid, zText, -1, &pCsr);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  xNext = pModule->xNext;
+  while( SQLITE_OK==rc
+      && SQLITE_OK==(rc = xNext(pCsr, &zToken, &nToken, &iStart, &iEnd, &iPos))
+  ){
+    int i;
+    if( iPos>=nWord ) nWord = iPos+1;
+
+    /* Positions cannot be negative; we use -1 as a terminator internally.
+    ** Tokens must have a non-zero length.
+    */
+    if( iPos<0 || !zToken || nToken<=0 ){
+      rc = SQLITE_ERROR;
+      break;
+    }
+
+    /* Add the term to the terms index */
+    rc = fts3PendingTermsAddOne(
+        p, iCol, iPos, &p->aIndex[0].hPending, zToken, nToken
+    );
+    
+    /* Add the term to each of the prefix indexes that it is not too 
+    ** short for. */
+    for(i=1; rc==SQLITE_OK && i<p->nIndex; i++){
+      struct Fts3Index *pIndex = &p->aIndex[i];
+      if( nToken<pIndex->nPrefix ) continue;
+      rc = fts3PendingTermsAddOne(
+          p, iCol, iPos, &pIndex->hPending, zToken, pIndex->nPrefix
+      );
+    }
+  }
+
+  pModule->xClose(pCsr);
+  *pnWord += nWord;
+  return (rc==SQLITE_DONE ? SQLITE_OK : rc);
+}
+
+/* 
+** Calling this function indicates that subsequent calls to 
+** fts3PendingTermsAdd() are to add term/position-list pairs for the
+** contents of the document with docid iDocid.
+*/
+static int fts3PendingTermsDocid(
+  Fts3Table *p,                   /* Full-text table handle */
+  int bDelete,                    /* True if this op is a delete */
+  int iLangid,                    /* Language id of row being written */
+  sqlite_int64 iDocid             /* Docid of row being written */
+){
+  assert( iLangid>=0 );
+  assert( bDelete==1 || bDelete==0 );
+
+  /* TODO(shess) Explore whether partially flushing the buffer on
+  ** forced-flush would provide better performance.  I suspect that if
+  ** we ordered the doclists by size and flushed the largest until the
+  ** buffer was half empty, that would let the less frequent terms
+  ** generate longer doclists.
+  */
+  if( iDocid<p->iPrevDocid 
+   || (iDocid==p->iPrevDocid && p->bPrevDelete==0)
+   || p->iPrevLangid!=iLangid
+   || p->nPendingData>p->nMaxPendingData 
+  ){
+    int rc = sqlite3Fts3PendingTermsFlush(p);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+  p->iPrevDocid = iDocid;
+  p->iPrevLangid = iLangid;
+  p->bPrevDelete = bDelete;
+  return SQLITE_OK;
+}
+
+/*
+** Discard the contents of the pending-terms hash tables. 
+*/
+SQLITE_PRIVATE void sqlite3Fts3PendingTermsClear(Fts3Table *p){
+  int i;
+  for(i=0; i<p->nIndex; i++){
+    Fts3HashElem *pElem;
+    Fts3Hash *pHash = &p->aIndex[i].hPending;
+    for(pElem=fts3HashFirst(pHash); pElem; pElem=fts3HashNext(pElem)){
+      PendingList *pList = (PendingList *)fts3HashData(pElem);
+      fts3PendingListDelete(pList);
+    }
+    fts3HashClear(pHash);
+  }
+  p->nPendingData = 0;
+}
+
+/*
+** This function is called by the xUpdate() method as part of an INSERT
+** operation. It adds entries for each term in the new record to the
+** pendingTerms hash table.
+**
+** Argument apVal is the same as the similarly named argument passed to
+** fts3InsertData(). Parameter iDocid is the docid of the new row.
+*/
+static int fts3InsertTerms(
+  Fts3Table *p, 
+  int iLangid, 
+  sqlite3_value **apVal, 
+  u32 *aSz
+){
+  int i;                          /* Iterator variable */
+  for(i=2; i<p->nColumn+2; i++){
+    int iCol = i-2;
+    if( p->abNotindexed[iCol]==0 ){
+      const char *zText = (const char *)sqlite3_value_text(apVal[i]);
+      int rc = fts3PendingTermsAdd(p, iLangid, zText, iCol, &aSz[iCol]);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+      aSz[p->nColumn] += sqlite3_value_bytes(apVal[i]);
+    }
+  }
+  return SQLITE_OK;
+}
+
+/*
+** This function is called by the xUpdate() method for an INSERT operation.
+** The apVal parameter is passed a copy of the apVal argument passed by
+** SQLite to the xUpdate() method. i.e:
+**
+**   apVal[0]                Not used for INSERT.
+**   apVal[1]                rowid
+**   apVal[2]                Left-most user-defined column
+**   ...
+**   apVal[p->nColumn+1]     Right-most user-defined column
+**   apVal[p->nColumn+2]     Hidden column with same name as table
+**   apVal[p->nColumn+3]     Hidden "docid" column (alias for rowid)
+**   apVal[p->nColumn+4]     Hidden languageid column
+*/
+static int fts3InsertData(
+  Fts3Table *p,                   /* Full-text table */
+  sqlite3_value **apVal,          /* Array of values to insert */
+  sqlite3_int64 *piDocid          /* OUT: Docid for row just inserted */
+){
+  int rc;                         /* Return code */
+  sqlite3_stmt *pContentInsert;   /* INSERT INTO %_content VALUES(...) */
+
+  if( p->zContentTbl ){
+    sqlite3_value *pRowid = apVal[p->nColumn+3];
+    if( sqlite3_value_type(pRowid)==SQLITE_NULL ){
+      pRowid = apVal[1];
+    }
+    if( sqlite3_value_type(pRowid)!=SQLITE_INTEGER ){
+      return SQLITE_CONSTRAINT;
+    }
+    *piDocid = sqlite3_value_int64(pRowid);
+    return SQLITE_OK;
+  }
+
+  /* Locate the statement handle used to insert data into the %_content
+  ** table. The SQL for this statement is:
+  **
+  **   INSERT INTO %_content VALUES(?, ?, ?, ...)
+  **
+  ** The statement features N '?' variables, where N is the number of user
+  ** defined columns in the FTS3 table, plus one for the docid field.
+  */
+  rc = fts3SqlStmt(p, SQL_CONTENT_INSERT, &pContentInsert, &apVal[1]);
+  if( rc==SQLITE_OK && p->zLanguageid ){
+    rc = sqlite3_bind_int(
+        pContentInsert, p->nColumn+2, 
+        sqlite3_value_int(apVal[p->nColumn+4])
+    );
+  }
+  if( rc!=SQLITE_OK ) return rc;
+
+  /* There is a quirk here. The users INSERT statement may have specified
+  ** a value for the "rowid" field, for the "docid" field, or for both.
+  ** Which is a problem, since "rowid" and "docid" are aliases for the
+  ** same value. For example:
+  **
+  **   INSERT INTO fts3tbl(rowid, docid) VALUES(1, 2);
+  **
+  ** In FTS3, this is an error. It is an error to specify non-NULL values
+  ** for both docid and some other rowid alias.
+  */
+  if( SQLITE_NULL!=sqlite3_value_type(apVal[3+p->nColumn]) ){
+    if( SQLITE_NULL==sqlite3_value_type(apVal[0])
+     && SQLITE_NULL!=sqlite3_value_type(apVal[1])
+    ){
+      /* A rowid/docid conflict. */
+      return SQLITE_ERROR;
+    }
+    rc = sqlite3_bind_value(pContentInsert, 1, apVal[3+p->nColumn]);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+
+  /* Execute the statement to insert the record. Set *piDocid to the 
+  ** new docid value. 
+  */
+  sqlite3_step(pContentInsert);
+  rc = sqlite3_reset(pContentInsert);
+
+  *piDocid = sqlite3_last_insert_rowid(p->db);
+  return rc;
+}
+
+
+
+/*
+** Remove all data from the FTS3 table. Clear the hash table containing
+** pending terms.
+*/
+static int fts3DeleteAll(Fts3Table *p, int bContent){
+  int rc = SQLITE_OK;             /* Return code */
+
+  /* Discard the contents of the pending-terms hash table. */
+  sqlite3Fts3PendingTermsClear(p);
+
+  /* Delete everything from the shadow tables. Except, leave %_content as
+  ** is if bContent is false.  */
+  assert( p->zContentTbl==0 || bContent==0 );
+  if( bContent ) fts3SqlExec(&rc, p, SQL_DELETE_ALL_CONTENT, 0);
+  fts3SqlExec(&rc, p, SQL_DELETE_ALL_SEGMENTS, 0);
+  fts3SqlExec(&rc, p, SQL_DELETE_ALL_SEGDIR, 0);
+  if( p->bHasDocsize ){
+    fts3SqlExec(&rc, p, SQL_DELETE_ALL_DOCSIZE, 0);
+  }
+  if( p->bHasStat ){
+    fts3SqlExec(&rc, p, SQL_DELETE_ALL_STAT, 0);
+  }
+  return rc;
+}
+
+/*
+**
+*/
+static int langidFromSelect(Fts3Table *p, sqlite3_stmt *pSelect){
+  int iLangid = 0;
+  if( p->zLanguageid ) iLangid = sqlite3_column_int(pSelect, p->nColumn+1);
+  return iLangid;
+}
+
+/*
+** The first element in the apVal[] array is assumed to contain the docid
+** (an integer) of a row about to be deleted. Remove all terms from the
+** full-text index.
+*/
+static void fts3DeleteTerms( 
+  int *pRC,               /* Result code */
+  Fts3Table *p,           /* The FTS table to delete from */
+  sqlite3_value *pRowid,  /* The docid to be deleted */
+  u32 *aSz,               /* Sizes of deleted document written here */
+  int *pbFound            /* OUT: Set to true if row really does exist */
+){
+  int rc;
+  sqlite3_stmt *pSelect;
+
+  assert( *pbFound==0 );
+  if( *pRC ) return;
+  rc = fts3SqlStmt(p, SQL_SELECT_CONTENT_BY_ROWID, &pSelect, &pRowid);
+  if( rc==SQLITE_OK ){
+    if( SQLITE_ROW==sqlite3_step(pSelect) ){
+      int i;
+      int iLangid = langidFromSelect(p, pSelect);
+      i64 iDocid = sqlite3_column_int64(pSelect, 0);
+      rc = fts3PendingTermsDocid(p, 1, iLangid, iDocid);
+      for(i=1; rc==SQLITE_OK && i<=p->nColumn; i++){
+        int iCol = i-1;
+        if( p->abNotindexed[iCol]==0 ){
+          const char *zText = (const char *)sqlite3_column_text(pSelect, i);
+          rc = fts3PendingTermsAdd(p, iLangid, zText, -1, &aSz[iCol]);
+          aSz[p->nColumn] += sqlite3_column_bytes(pSelect, i);
+        }
+      }
+      if( rc!=SQLITE_OK ){
+        sqlite3_reset(pSelect);
+        *pRC = rc;
+        return;
+      }
+      *pbFound = 1;
+    }
+    rc = sqlite3_reset(pSelect);
+  }else{
+    sqlite3_reset(pSelect);
+  }
+  *pRC = rc;
+}
+
+/*
+** Forward declaration to account for the circular dependency between
+** functions fts3SegmentMerge() and fts3AllocateSegdirIdx().
+*/
+static int fts3SegmentMerge(Fts3Table *, int, int, int);
+
+/* 
+** This function allocates a new level iLevel index in the segdir table.
+** Usually, indexes are allocated within a level sequentially starting
+** with 0, so the allocated index is one greater than the value returned
+** by:
+**
+**   SELECT max(idx) FROM %_segdir WHERE level = :iLevel
+**
+** However, if there are already FTS3_MERGE_COUNT indexes at the requested
+** level, they are merged into a single level (iLevel+1) segment and the 
+** allocated index is 0.
+**
+** If successful, *piIdx is set to the allocated index slot and SQLITE_OK
+** returned. Otherwise, an SQLite error code is returned.
+*/
+static int fts3AllocateSegdirIdx(
+  Fts3Table *p, 
+  int iLangid,                    /* Language id */
+  int iIndex,                     /* Index for p->aIndex */
+  int iLevel, 
+  int *piIdx
+){
+  int rc;                         /* Return Code */
+  sqlite3_stmt *pNextIdx;         /* Query for next idx at level iLevel */
+  int iNext = 0;                  /* Result of query pNextIdx */
+
+  assert( iLangid>=0 );
+  assert( p->nIndex>=1 );
+
+  /* Set variable iNext to the next available segdir index at level iLevel. */
+  rc = fts3SqlStmt(p, SQL_NEXT_SEGMENT_INDEX, &pNextIdx, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(
+        pNextIdx, 1, getAbsoluteLevel(p, iLangid, iIndex, iLevel)
+    );
+    if( SQLITE_ROW==sqlite3_step(pNextIdx) ){
+      iNext = sqlite3_column_int(pNextIdx, 0);
+    }
+    rc = sqlite3_reset(pNextIdx);
+  }
+
+  if( rc==SQLITE_OK ){
+    /* If iNext is FTS3_MERGE_COUNT, indicating that level iLevel is already
+    ** full, merge all segments in level iLevel into a single iLevel+1
+    ** segment and allocate (newly freed) index 0 at level iLevel. Otherwise,
+    ** if iNext is less than FTS3_MERGE_COUNT, allocate index iNext.
+    */
+    if( iNext>=FTS3_MERGE_COUNT ){
+      fts3LogMerge(16, getAbsoluteLevel(p, iLangid, iIndex, iLevel));
+      rc = fts3SegmentMerge(p, iLangid, iIndex, iLevel);
+      *piIdx = 0;
+    }else{
+      *piIdx = iNext;
+    }
+  }
+
+  return rc;
+}
+
+/*
+** The %_segments table is declared as follows:
+**
+**   CREATE TABLE %_segments(blockid INTEGER PRIMARY KEY, block BLOB)
+**
+** This function reads data from a single row of the %_segments table. The
+** specific row is identified by the iBlockid parameter. If paBlob is not
+** NULL, then a buffer is allocated using sqlite3_malloc() and populated
+** with the contents of the blob stored in the "block" column of the 
+** identified table row is. Whether or not paBlob is NULL, *pnBlob is set
+** to the size of the blob in bytes before returning.
+**
+** If an error occurs, or the table does not contain the specified row,
+** an SQLite error code is returned. Otherwise, SQLITE_OK is returned. If
+** paBlob is non-NULL, then it is the responsibility of the caller to
+** eventually free the returned buffer.
+**
+** This function may leave an open sqlite3_blob* handle in the
+** Fts3Table.pSegments variable. This handle is reused by subsequent calls
+** to this function. The handle may be closed by calling the
+** sqlite3Fts3SegmentsClose() function. Reusing a blob handle is a handy
+** performance improvement, but the blob handle should always be closed
+** before control is returned to the user (to prevent a lock being held
+** on the database file for longer than necessary). Thus, any virtual table
+** method (xFilter etc.) that may directly or indirectly call this function
+** must call sqlite3Fts3SegmentsClose() before returning.
+*/
+SQLITE_PRIVATE int sqlite3Fts3ReadBlock(
+  Fts3Table *p,                   /* FTS3 table handle */
+  sqlite3_int64 iBlockid,         /* Access the row with blockid=$iBlockid */
+  char **paBlob,                  /* OUT: Blob data in malloc'd buffer */
+  int *pnBlob,                    /* OUT: Size of blob data */
+  int *pnLoad                     /* OUT: Bytes actually loaded */
+){
+  int rc;                         /* Return code */
+
+  /* pnBlob must be non-NULL. paBlob may be NULL or non-NULL. */
+  assert( pnBlob );
+
+  if( p->pSegments ){
+    rc = sqlite3_blob_reopen(p->pSegments, iBlockid);
+  }else{
+    if( 0==p->zSegmentsTbl ){
+      p->zSegmentsTbl = sqlite3_mprintf("%s_segments", p->zName);
+      if( 0==p->zSegmentsTbl ) return SQLITE_NOMEM;
+    }
+    rc = sqlite3_blob_open(
+       p->db, p->zDb, p->zSegmentsTbl, "block", iBlockid, 0, &p->pSegments
+    );
+  }
+
+  if( rc==SQLITE_OK ){
+    int nByte = sqlite3_blob_bytes(p->pSegments);
+    *pnBlob = nByte;
+    if( paBlob ){
+      char *aByte = sqlite3_malloc(nByte + FTS3_NODE_PADDING);
+      if( !aByte ){
+        rc = SQLITE_NOMEM;
+      }else{
+        if( pnLoad && nByte>(FTS3_NODE_CHUNK_THRESHOLD) ){
+          nByte = FTS3_NODE_CHUNKSIZE;
+          *pnLoad = nByte;
+        }
+        rc = sqlite3_blob_read(p->pSegments, aByte, nByte, 0);
+        memset(&aByte[nByte], 0, FTS3_NODE_PADDING);
+        if( rc!=SQLITE_OK ){
+          sqlite3_free(aByte);
+          aByte = 0;
+        }
+      }
+      *paBlob = aByte;
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Close the blob handle at p->pSegments, if it is open. See comments above
+** the sqlite3Fts3ReadBlock() function for details.
+*/
+SQLITE_PRIVATE void sqlite3Fts3SegmentsClose(Fts3Table *p){
+  sqlite3_blob_close(p->pSegments);
+  p->pSegments = 0;
+}
+    
+static int fts3SegReaderIncrRead(Fts3SegReader *pReader){
+  int nRead;                      /* Number of bytes to read */
+  int rc;                         /* Return code */
+
+  nRead = MIN(pReader->nNode - pReader->nPopulate, FTS3_NODE_CHUNKSIZE);
+  rc = sqlite3_blob_read(
+      pReader->pBlob, 
+      &pReader->aNode[pReader->nPopulate],
+      nRead,
+      pReader->nPopulate
+  );
+
+  if( rc==SQLITE_OK ){
+    pReader->nPopulate += nRead;
+    memset(&pReader->aNode[pReader->nPopulate], 0, FTS3_NODE_PADDING);
+    if( pReader->nPopulate==pReader->nNode ){
+      sqlite3_blob_close(pReader->pBlob);
+      pReader->pBlob = 0;
+      pReader->nPopulate = 0;
+    }
+  }
+  return rc;
+}
+
+static int fts3SegReaderRequire(Fts3SegReader *pReader, char *pFrom, int nByte){
+  int rc = SQLITE_OK;
+  assert( !pReader->pBlob 
+       || (pFrom>=pReader->aNode && pFrom<&pReader->aNode[pReader->nNode])
+  );
+  while( pReader->pBlob && rc==SQLITE_OK 
+     &&  (pFrom - pReader->aNode + nByte)>pReader->nPopulate
+  ){
+    rc = fts3SegReaderIncrRead(pReader);
+  }
+  return rc;
+}
+
+/*
+** Set an Fts3SegReader cursor to point at EOF.
+*/
+static void fts3SegReaderSetEof(Fts3SegReader *pSeg){
+  if( !fts3SegReaderIsRootOnly(pSeg) ){
+    sqlite3_free(pSeg->aNode);
+    sqlite3_blob_close(pSeg->pBlob);
+    pSeg->pBlob = 0;
+  }
+  pSeg->aNode = 0;
+}
+
+/*
+** Move the iterator passed as the first argument to the next term in the
+** segment. If successful, SQLITE_OK is returned. If there is no next term,
+** SQLITE_DONE. Otherwise, an SQLite error code.
+*/
+static int fts3SegReaderNext(
+  Fts3Table *p, 
+  Fts3SegReader *pReader,
+  int bIncr
+){
+  int rc;                         /* Return code of various sub-routines */
+  char *pNext;                    /* Cursor variable */
+  int nPrefix;                    /* Number of bytes in term prefix */
+  int nSuffix;                    /* Number of bytes in term suffix */
+
+  if( !pReader->aDoclist ){
+    pNext = pReader->aNode;
+  }else{
+    pNext = &pReader->aDoclist[pReader->nDoclist];
+  }
+
+  if( !pNext || pNext>=&pReader->aNode[pReader->nNode] ){
+
+    if( fts3SegReaderIsPending(pReader) ){
+      Fts3HashElem *pElem = *(pReader->ppNextElem);
+      sqlite3_free(pReader->aNode);
+      pReader->aNode = 0;
+      if( pElem ){
+        char *aCopy;
+        PendingList *pList = (PendingList *)fts3HashData(pElem);
+        int nCopy = pList->nData+1;
+        pReader->zTerm = (char *)fts3HashKey(pElem);
+        pReader->nTerm = fts3HashKeysize(pElem);
+        aCopy = (char*)sqlite3_malloc(nCopy);
+        if( !aCopy ) return SQLITE_NOMEM;
+        memcpy(aCopy, pList->aData, nCopy);
+        pReader->nNode = pReader->nDoclist = nCopy;
+        pReader->aNode = pReader->aDoclist = aCopy;
+        pReader->ppNextElem++;
+        assert( pReader->aNode );
+      }
+      return SQLITE_OK;
+    }
+
+    fts3SegReaderSetEof(pReader);
+
+    /* If iCurrentBlock>=iLeafEndBlock, this is an EOF condition. All leaf 
+    ** blocks have already been traversed.  */
+    assert( pReader->iCurrentBlock<=pReader->iLeafEndBlock );
+    if( pReader->iCurrentBlock>=pReader->iLeafEndBlock ){
+      return SQLITE_OK;
+    }
+
+    rc = sqlite3Fts3ReadBlock(
+        p, ++pReader->iCurrentBlock, &pReader->aNode, &pReader->nNode, 
+        (bIncr ? &pReader->nPopulate : 0)
+    );
+    if( rc!=SQLITE_OK ) return rc;
+    assert( pReader->pBlob==0 );
+    if( bIncr && pReader->nPopulate<pReader->nNode ){
+      pReader->pBlob = p->pSegments;
+      p->pSegments = 0;
+    }
+    pNext = pReader->aNode;
+  }
+
+  assert( !fts3SegReaderIsPending(pReader) );
+
+  rc = fts3SegReaderRequire(pReader, pNext, FTS3_VARINT_MAX*2);
+  if( rc!=SQLITE_OK ) return rc;
+  
+  /* Because of the FTS3_NODE_PADDING bytes of padding, the following is 
+  ** safe (no risk of overread) even if the node data is corrupted. */
+  pNext += fts3GetVarint32(pNext, &nPrefix);
+  pNext += fts3GetVarint32(pNext, &nSuffix);
+  if( nPrefix<0 || nSuffix<=0 
+   || &pNext[nSuffix]>&pReader->aNode[pReader->nNode] 
+  ){
+    return FTS_CORRUPT_VTAB;
+  }
+
+  if( nPrefix+nSuffix>pReader->nTermAlloc ){
+    int nNew = (nPrefix+nSuffix)*2;
+    char *zNew = sqlite3_realloc(pReader->zTerm, nNew);
+    if( !zNew ){
+      return SQLITE_NOMEM;
+    }
+    pReader->zTerm = zNew;
+    pReader->nTermAlloc = nNew;
+  }
+
+  rc = fts3SegReaderRequire(pReader, pNext, nSuffix+FTS3_VARINT_MAX);
+  if( rc!=SQLITE_OK ) return rc;
+
+  memcpy(&pReader->zTerm[nPrefix], pNext, nSuffix);
+  pReader->nTerm = nPrefix+nSuffix;
+  pNext += nSuffix;
+  pNext += fts3GetVarint32(pNext, &pReader->nDoclist);
+  pReader->aDoclist = pNext;
+  pReader->pOffsetList = 0;
+
+  /* Check that the doclist does not appear to extend past the end of the
+  ** b-tree node. And that the final byte of the doclist is 0x00. If either 
+  ** of these statements is untrue, then the data structure is corrupt.
+  */
+  if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode] 
+   || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1])
+  ){
+    return FTS_CORRUPT_VTAB;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Set the SegReader to point to the first docid in the doclist associated
+** with the current term.
+*/
+static int fts3SegReaderFirstDocid(Fts3Table *pTab, Fts3SegReader *pReader){
+  int rc = SQLITE_OK;
+  assert( pReader->aDoclist );
+  assert( !pReader->pOffsetList );
+  if( pTab->bDescIdx && fts3SegReaderIsPending(pReader) ){
+    u8 bEof = 0;
+    pReader->iDocid = 0;
+    pReader->nOffsetList = 0;
+    sqlite3Fts3DoclistPrev(0,
+        pReader->aDoclist, pReader->nDoclist, &pReader->pOffsetList, 
+        &pReader->iDocid, &pReader->nOffsetList, &bEof
+    );
+  }else{
+    rc = fts3SegReaderRequire(pReader, pReader->aDoclist, FTS3_VARINT_MAX);
+    if( rc==SQLITE_OK ){
+      int n = sqlite3Fts3GetVarint(pReader->aDoclist, &pReader->iDocid);
+      pReader->pOffsetList = &pReader->aDoclist[n];
+    }
+  }
+  return rc;
+}
+
+/*
+** Advance the SegReader to point to the next docid in the doclist
+** associated with the current term.
+** 
+** If arguments ppOffsetList and pnOffsetList are not NULL, then 
+** *ppOffsetList is set to point to the first column-offset list
+** in the doclist entry (i.e. immediately past the docid varint).
+** *pnOffsetList is set to the length of the set of column-offset
+** lists, not including the nul-terminator byte. For example:
+*/
+static int fts3SegReaderNextDocid(
+  Fts3Table *pTab,
+  Fts3SegReader *pReader,         /* Reader to advance to next docid */
+  char **ppOffsetList,            /* OUT: Pointer to current position-list */
+  int *pnOffsetList               /* OUT: Length of *ppOffsetList in bytes */
+){
+  int rc = SQLITE_OK;
+  char *p = pReader->pOffsetList;
+  char c = 0;
+
+  assert( p );
+
+  if( pTab->bDescIdx && fts3SegReaderIsPending(pReader) ){
+    /* A pending-terms seg-reader for an FTS4 table that uses order=desc.
+    ** Pending-terms doclists are always built up in ascending order, so
+    ** we have to iterate through them backwards here. */
+    u8 bEof = 0;
+    if( ppOffsetList ){
+      *ppOffsetList = pReader->pOffsetList;
+      *pnOffsetList = pReader->nOffsetList - 1;
+    }
+    sqlite3Fts3DoclistPrev(0,
+        pReader->aDoclist, pReader->nDoclist, &p, &pReader->iDocid,
+        &pReader->nOffsetList, &bEof
+    );
+    if( bEof ){
+      pReader->pOffsetList = 0;
+    }else{
+      pReader->pOffsetList = p;
+    }
+  }else{
+    char *pEnd = &pReader->aDoclist[pReader->nDoclist];
+
+    /* Pointer p currently points at the first byte of an offset list. The
+    ** following block advances it to point one byte past the end of
+    ** the same offset list. */
+    while( 1 ){
+  
+      /* The following line of code (and the "p++" below the while() loop) is
+      ** normally all that is required to move pointer p to the desired 
+      ** position. The exception is if this node is being loaded from disk
+      ** incrementally and pointer "p" now points to the first byte past
+      ** the populated part of pReader->aNode[].
+      */
+      while( *p | c ) c = *p++ & 0x80;
+      assert( *p==0 );
+  
+      if( pReader->pBlob==0 || p<&pReader->aNode[pReader->nPopulate] ) break;
+      rc = fts3SegReaderIncrRead(pReader);
+      if( rc!=SQLITE_OK ) return rc;
+    }
+    p++;
+  
+    /* If required, populate the output variables with a pointer to and the
+    ** size of the previous offset-list.
+    */
+    if( ppOffsetList ){
+      *ppOffsetList = pReader->pOffsetList;
+      *pnOffsetList = (int)(p - pReader->pOffsetList - 1);
+    }
+
+    /* List may have been edited in place by fts3EvalNearTrim() */
+    while( p<pEnd && *p==0 ) p++;
+  
+    /* If there are no more entries in the doclist, set pOffsetList to
+    ** NULL. Otherwise, set Fts3SegReader.iDocid to the next docid and
+    ** Fts3SegReader.pOffsetList to point to the next offset list before
+    ** returning.
+    */
+    if( p>=pEnd ){
+      pReader->pOffsetList = 0;
+    }else{
+      rc = fts3SegReaderRequire(pReader, p, FTS3_VARINT_MAX);
+      if( rc==SQLITE_OK ){
+        sqlite3_int64 iDelta;
+        pReader->pOffsetList = p + sqlite3Fts3GetVarint(p, &iDelta);
+        if( pTab->bDescIdx ){
+          pReader->iDocid -= iDelta;
+        }else{
+          pReader->iDocid += iDelta;
+        }
+      }
+    }
+  }
+
+  return SQLITE_OK;
+}
+
+
+SQLITE_PRIVATE int sqlite3Fts3MsrOvfl(
+  Fts3Cursor *pCsr, 
+  Fts3MultiSegReader *pMsr,
+  int *pnOvfl
+){
+  Fts3Table *p = (Fts3Table*)pCsr->base.pVtab;
+  int nOvfl = 0;
+  int ii;
+  int rc = SQLITE_OK;
+  int pgsz = p->nPgsz;
+
+  assert( p->bFts4 );
+  assert( pgsz>0 );
+
+  for(ii=0; rc==SQLITE_OK && ii<pMsr->nSegment; ii++){
+    Fts3SegReader *pReader = pMsr->apSegment[ii];
+    if( !fts3SegReaderIsPending(pReader) 
+     && !fts3SegReaderIsRootOnly(pReader) 
+    ){
+      sqlite3_int64 jj;
+      for(jj=pReader->iStartBlock; jj<=pReader->iLeafEndBlock; jj++){
+        int nBlob;
+        rc = sqlite3Fts3ReadBlock(p, jj, 0, &nBlob, 0);
+        if( rc!=SQLITE_OK ) break;
+        if( (nBlob+35)>pgsz ){
+          nOvfl += (nBlob + 34)/pgsz;
+        }
+      }
+    }
+  }
+  *pnOvfl = nOvfl;
+  return rc;
+}
+
+/*
+** Free all allocations associated with the iterator passed as the 
+** second argument.
+*/
+SQLITE_PRIVATE void sqlite3Fts3SegReaderFree(Fts3SegReader *pReader){
+  if( pReader ){
+    if( !fts3SegReaderIsPending(pReader) ){
+      sqlite3_free(pReader->zTerm);
+    }
+    if( !fts3SegReaderIsRootOnly(pReader) ){
+      sqlite3_free(pReader->aNode);
+    }
+    sqlite3_blob_close(pReader->pBlob);
+  }
+  sqlite3_free(pReader);
+}
+
+/*
+** Allocate a new SegReader object.
+*/
+SQLITE_PRIVATE int sqlite3Fts3SegReaderNew(
+  int iAge,                       /* Segment "age". */
+  int bLookup,                    /* True for a lookup only */
+  sqlite3_int64 iStartLeaf,       /* First leaf to traverse */
+  sqlite3_int64 iEndLeaf,         /* Final leaf to traverse */
+  sqlite3_int64 iEndBlock,        /* Final block of segment */
+  const char *zRoot,              /* Buffer containing root node */
+  int nRoot,                      /* Size of buffer containing root node */
+  Fts3SegReader **ppReader        /* OUT: Allocated Fts3SegReader */
+){
+  Fts3SegReader *pReader;         /* Newly allocated SegReader object */
+  int nExtra = 0;                 /* Bytes to allocate segment root node */
+
+  assert( iStartLeaf<=iEndLeaf );
+  if( iStartLeaf==0 ){
+    nExtra = nRoot + FTS3_NODE_PADDING;
+  }
+
+  pReader = (Fts3SegReader *)sqlite3_malloc(sizeof(Fts3SegReader) + nExtra);
+  if( !pReader ){
+    return SQLITE_NOMEM;
+  }
+  memset(pReader, 0, sizeof(Fts3SegReader));
+  pReader->iIdx = iAge;
+  pReader->bLookup = bLookup!=0;
+  pReader->iStartBlock = iStartLeaf;
+  pReader->iLeafEndBlock = iEndLeaf;
+  pReader->iEndBlock = iEndBlock;
+
+  if( nExtra ){
+    /* The entire segment is stored in the root node. */
+    pReader->aNode = (char *)&pReader[1];
+    pReader->rootOnly = 1;
+    pReader->nNode = nRoot;
+    memcpy(pReader->aNode, zRoot, nRoot);
+    memset(&pReader->aNode[nRoot], 0, FTS3_NODE_PADDING);
+  }else{
+    pReader->iCurrentBlock = iStartLeaf-1;
+  }
+  *ppReader = pReader;
+  return SQLITE_OK;
+}
+
+/*
+** This is a comparison function used as a qsort() callback when sorting
+** an array of pending terms by term. This occurs as part of flushing
+** the contents of the pending-terms hash table to the database.
+*/
+static int SQLITE_CDECL fts3CompareElemByTerm(
+  const void *lhs,
+  const void *rhs
+){
+  char *z1 = fts3HashKey(*(Fts3HashElem **)lhs);
+  char *z2 = fts3HashKey(*(Fts3HashElem **)rhs);
+  int n1 = fts3HashKeysize(*(Fts3HashElem **)lhs);
+  int n2 = fts3HashKeysize(*(Fts3HashElem **)rhs);
+
+  int n = (n1<n2 ? n1 : n2);
+  int c = memcmp(z1, z2, n);
+  if( c==0 ){
+    c = n1 - n2;
+  }
+  return c;
+}
+
+/*
+** This function is used to allocate an Fts3SegReader that iterates through
+** a subset of the terms stored in the Fts3Table.pendingTerms array.
+**
+** If the isPrefixIter parameter is zero, then the returned SegReader iterates
+** through each term in the pending-terms table. Or, if isPrefixIter is
+** non-zero, it iterates through each term and its prefixes. For example, if
+** the pending terms hash table contains the terms "sqlite", "mysql" and
+** "firebird", then the iterator visits the following 'terms' (in the order
+** shown):
+**
+**   f fi fir fire fireb firebi firebir firebird
+**   m my mys mysq mysql
+**   s sq sql sqli sqlit sqlite
+**
+** Whereas if isPrefixIter is zero, the terms visited are:
+**
+**   firebird mysql sqlite
+*/
+SQLITE_PRIVATE int sqlite3Fts3SegReaderPending(
+  Fts3Table *p,                   /* Virtual table handle */
+  int iIndex,                     /* Index for p->aIndex */
+  const char *zTerm,              /* Term to search for */
+  int nTerm,                      /* Size of buffer zTerm */
+  int bPrefix,                    /* True for a prefix iterator */
+  Fts3SegReader **ppReader        /* OUT: SegReader for pending-terms */
+){
+  Fts3SegReader *pReader = 0;     /* Fts3SegReader object to return */
+  Fts3HashElem *pE;               /* Iterator variable */
+  Fts3HashElem **aElem = 0;       /* Array of term hash entries to scan */
+  int nElem = 0;                  /* Size of array at aElem */
+  int rc = SQLITE_OK;             /* Return Code */
+  Fts3Hash *pHash;
+
+  pHash = &p->aIndex[iIndex].hPending;
+  if( bPrefix ){
+    int nAlloc = 0;               /* Size of allocated array at aElem */
+
+    for(pE=fts3HashFirst(pHash); pE; pE=fts3HashNext(pE)){
+      char *zKey = (char *)fts3HashKey(pE);
+      int nKey = fts3HashKeysize(pE);
+      if( nTerm==0 || (nKey>=nTerm && 0==memcmp(zKey, zTerm, nTerm)) ){
+        if( nElem==nAlloc ){
+          Fts3HashElem **aElem2;
+          nAlloc += 16;
+          aElem2 = (Fts3HashElem **)sqlite3_realloc(
+              aElem, nAlloc*sizeof(Fts3HashElem *)
+          );
+          if( !aElem2 ){
+            rc = SQLITE_NOMEM;
+            nElem = 0;
+            break;
+          }
+          aElem = aElem2;
+        }
+
+        aElem[nElem++] = pE;
+      }
+    }
+
+    /* If more than one term matches the prefix, sort the Fts3HashElem
+    ** objects in term order using qsort(). This uses the same comparison
+    ** callback as is used when flushing terms to disk.
+    */
+    if( nElem>1 ){
+      qsort(aElem, nElem, sizeof(Fts3HashElem *), fts3CompareElemByTerm);
+    }
+
+  }else{
+    /* The query is a simple term lookup that matches at most one term in
+    ** the index. All that is required is a straight hash-lookup. 
+    **
+    ** Because the stack address of pE may be accessed via the aElem pointer
+    ** below, the "Fts3HashElem *pE" must be declared so that it is valid
+    ** within this entire function, not just this "else{...}" block.
+    */
+    pE = fts3HashFindElem(pHash, zTerm, nTerm);
+    if( pE ){
+      aElem = &pE;
+      nElem = 1;
+    }
+  }
+
+  if( nElem>0 ){
+    int nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
+    pReader = (Fts3SegReader *)sqlite3_malloc(nByte);
+    if( !pReader ){
+      rc = SQLITE_NOMEM;
+    }else{
+      memset(pReader, 0, nByte);
+      pReader->iIdx = 0x7FFFFFFF;
+      pReader->ppNextElem = (Fts3HashElem **)&pReader[1];
+      memcpy(pReader->ppNextElem, aElem, nElem*sizeof(Fts3HashElem *));
+    }
+  }
+
+  if( bPrefix ){
+    sqlite3_free(aElem);
+  }
+  *ppReader = pReader;
+  return rc;
+}
+
+/*
+** Compare the entries pointed to by two Fts3SegReader structures. 
+** Comparison is as follows:
+**
+**   1) EOF is greater than not EOF.
+**
+**   2) The current terms (if any) are compared using memcmp(). If one
+**      term is a prefix of another, the longer term is considered the
+**      larger.
+**
+**   3) By segment age. An older segment is considered larger.
+*/
+static int fts3SegReaderCmp(Fts3SegReader *pLhs, Fts3SegReader *pRhs){
+  int rc;
+  if( pLhs->aNode && pRhs->aNode ){
+    int rc2 = pLhs->nTerm - pRhs->nTerm;
+    if( rc2<0 ){
+      rc = memcmp(pLhs->zTerm, pRhs->zTerm, pLhs->nTerm);
+    }else{
+      rc = memcmp(pLhs->zTerm, pRhs->zTerm, pRhs->nTerm);
+    }
+    if( rc==0 ){
+      rc = rc2;
+    }
+  }else{
+    rc = (pLhs->aNode==0) - (pRhs->aNode==0);
+  }
+  if( rc==0 ){
+    rc = pRhs->iIdx - pLhs->iIdx;
+  }
+  assert( rc!=0 );
+  return rc;
+}
+
+/*
+** A different comparison function for SegReader structures. In this
+** version, it is assumed that each SegReader points to an entry in
+** a doclist for identical terms. Comparison is made as follows:
+**
+**   1) EOF (end of doclist in this case) is greater than not EOF.
+**
+**   2) By current docid.
+**
+**   3) By segment age. An older segment is considered larger.
+*/
+static int fts3SegReaderDoclistCmp(Fts3SegReader *pLhs, Fts3SegReader *pRhs){
+  int rc = (pLhs->pOffsetList==0)-(pRhs->pOffsetList==0);
+  if( rc==0 ){
+    if( pLhs->iDocid==pRhs->iDocid ){
+      rc = pRhs->iIdx - pLhs->iIdx;
+    }else{
+      rc = (pLhs->iDocid > pRhs->iDocid) ? 1 : -1;
+    }
+  }
+  assert( pLhs->aNode && pRhs->aNode );
+  return rc;
+}
+static int fts3SegReaderDoclistCmpRev(Fts3SegReader *pLhs, Fts3SegReader *pRhs){
+  int rc = (pLhs->pOffsetList==0)-(pRhs->pOffsetList==0);
+  if( rc==0 ){
+    if( pLhs->iDocid==pRhs->iDocid ){
+      rc = pRhs->iIdx - pLhs->iIdx;
+    }else{
+      rc = (pLhs->iDocid < pRhs->iDocid) ? 1 : -1;
+    }
+  }
+  assert( pLhs->aNode && pRhs->aNode );
+  return rc;
+}
+
+/*
+** Compare the term that the Fts3SegReader object passed as the first argument
+** points to with the term specified by arguments zTerm and nTerm. 
+**
+** If the pSeg iterator is already at EOF, return 0. Otherwise, return
+** -ve if the pSeg term is less than zTerm/nTerm, 0 if the two terms are
+** equal, or +ve if the pSeg term is greater than zTerm/nTerm.
+*/
+static int fts3SegReaderTermCmp(
+  Fts3SegReader *pSeg,            /* Segment reader object */
+  const char *zTerm,              /* Term to compare to */
+  int nTerm                       /* Size of term zTerm in bytes */
+){
+  int res = 0;
+  if( pSeg->aNode ){
+    if( pSeg->nTerm>nTerm ){
+      res = memcmp(pSeg->zTerm, zTerm, nTerm);
+    }else{
+      res = memcmp(pSeg->zTerm, zTerm, pSeg->nTerm);
+    }
+    if( res==0 ){
+      res = pSeg->nTerm-nTerm;
+    }
+  }
+  return res;
+}
+
+/*
+** Argument apSegment is an array of nSegment elements. It is known that
+** the final (nSegment-nSuspect) members are already in sorted order
+** (according to the comparison function provided). This function shuffles
+** the array around until all entries are in sorted order.
+*/
+static void fts3SegReaderSort(
+  Fts3SegReader **apSegment,                     /* Array to sort entries of */
+  int nSegment,                                  /* Size of apSegment array */
+  int nSuspect,                                  /* Unsorted entry count */
+  int (*xCmp)(Fts3SegReader *, Fts3SegReader *)  /* Comparison function */
+){
+  int i;                          /* Iterator variable */
+
+  assert( nSuspect<=nSegment );
+
+  if( nSuspect==nSegment ) nSuspect--;
+  for(i=nSuspect-1; i>=0; i--){
+    int j;
+    for(j=i; j<(nSegment-1); j++){
+      Fts3SegReader *pTmp;
+      if( xCmp(apSegment[j], apSegment[j+1])<0 ) break;
+      pTmp = apSegment[j+1];
+      apSegment[j+1] = apSegment[j];
+      apSegment[j] = pTmp;
+    }
+  }
+
+#ifndef NDEBUG
+  /* Check that the list really is sorted now. */
+  for(i=0; i<(nSuspect-1); i++){
+    assert( xCmp(apSegment[i], apSegment[i+1])<0 );
+  }
+#endif
+}
+
+/* 
+** Insert a record into the %_segments table.
+*/
+static int fts3WriteSegment(
+  Fts3Table *p,                   /* Virtual table handle */
+  sqlite3_int64 iBlock,           /* Block id for new block */
+  char *z,                        /* Pointer to buffer containing block data */
+  int n                           /* Size of buffer z in bytes */
+){
+  sqlite3_stmt *pStmt;
+  int rc = fts3SqlStmt(p, SQL_INSERT_SEGMENTS, &pStmt, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pStmt, 1, iBlock);
+    sqlite3_bind_blob(pStmt, 2, z, n, SQLITE_STATIC);
+    sqlite3_step(pStmt);
+    rc = sqlite3_reset(pStmt);
+  }
+  return rc;
+}
+
+/*
+** Find the largest relative level number in the table. If successful, set
+** *pnMax to this value and return SQLITE_OK. Otherwise, if an error occurs,
+** set *pnMax to zero and return an SQLite error code.
+*/
+SQLITE_PRIVATE int sqlite3Fts3MaxLevel(Fts3Table *p, int *pnMax){
+  int rc;
+  int mxLevel = 0;
+  sqlite3_stmt *pStmt = 0;
+
+  rc = fts3SqlStmt(p, SQL_SELECT_MXLEVEL, &pStmt, 0);
+  if( rc==SQLITE_OK ){
+    if( SQLITE_ROW==sqlite3_step(pStmt) ){
+      mxLevel = sqlite3_column_int(pStmt, 0);
+    }
+    rc = sqlite3_reset(pStmt);
+  }
+  *pnMax = mxLevel;
+  return rc;
+}
+
+/* 
+** Insert a record into the %_segdir table.
+*/
+static int fts3WriteSegdir(
+  Fts3Table *p,                   /* Virtual table handle */
+  sqlite3_int64 iLevel,           /* Value for "level" field (absolute level) */
+  int iIdx,                       /* Value for "idx" field */
+  sqlite3_int64 iStartBlock,      /* Value for "start_block" field */
+  sqlite3_int64 iLeafEndBlock,    /* Value for "leaves_end_block" field */
+  sqlite3_int64 iEndBlock,        /* Value for "end_block" field */
+  sqlite3_int64 nLeafData,        /* Bytes of leaf data in segment */
+  char *zRoot,                    /* Blob value for "root" field */
+  int nRoot                       /* Number of bytes in buffer zRoot */
+){
+  sqlite3_stmt *pStmt;
+  int rc = fts3SqlStmt(p, SQL_INSERT_SEGDIR, &pStmt, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pStmt, 1, iLevel);
+    sqlite3_bind_int(pStmt, 2, iIdx);
+    sqlite3_bind_int64(pStmt, 3, iStartBlock);
+    sqlite3_bind_int64(pStmt, 4, iLeafEndBlock);
+    if( nLeafData==0 ){
+      sqlite3_bind_int64(pStmt, 5, iEndBlock);
+    }else{
+      char *zEnd = sqlite3_mprintf("%lld %lld", iEndBlock, nLeafData);
+      if( !zEnd ) return SQLITE_NOMEM;
+      sqlite3_bind_text(pStmt, 5, zEnd, -1, sqlite3_free);
+    }
+    sqlite3_bind_blob(pStmt, 6, zRoot, nRoot, SQLITE_STATIC);
+    sqlite3_step(pStmt);
+    rc = sqlite3_reset(pStmt);
+  }
+  return rc;
+}
+
+/*
+** Return the size of the common prefix (if any) shared by zPrev and
+** zNext, in bytes. For example, 
+**
+**   fts3PrefixCompress("abc", 3, "abcdef", 6)   // returns 3
+**   fts3PrefixCompress("abX", 3, "abcdef", 6)   // returns 2
+**   fts3PrefixCompress("abX", 3, "Xbcdef", 6)   // returns 0
+*/
+static int fts3PrefixCompress(
+  const char *zPrev,              /* Buffer containing previous term */
+  int nPrev,                      /* Size of buffer zPrev in bytes */
+  const char *zNext,              /* Buffer containing next term */
+  int nNext                       /* Size of buffer zNext in bytes */
+){
+  int n;
+  UNUSED_PARAMETER(nNext);
+  for(n=0; n<nPrev && zPrev[n]==zNext[n]; n++);
+  return n;
+}
+
+/*
+** Add term zTerm to the SegmentNode. It is guaranteed that zTerm is larger
+** (according to memcmp) than the previous term.
+*/
+static int fts3NodeAddTerm(
+  Fts3Table *p,                   /* Virtual table handle */
+  SegmentNode **ppTree,           /* IN/OUT: SegmentNode handle */ 
+  int isCopyTerm,                 /* True if zTerm/nTerm is transient */
+  const char *zTerm,              /* Pointer to buffer containing term */
+  int nTerm                       /* Size of term in bytes */
+){
+  SegmentNode *pTree = *ppTree;
+  int rc;
+  SegmentNode *pNew;
+
+  /* First try to append the term to the current node. Return early if 
+  ** this is possible.
+  */
+  if( pTree ){
+    int nData = pTree->nData;     /* Current size of node in bytes */
+    int nReq = nData;             /* Required space after adding zTerm */
+    int nPrefix;                  /* Number of bytes of prefix compression */
+    int nSuffix;                  /* Suffix length */
+
+    nPrefix = fts3PrefixCompress(pTree->zTerm, pTree->nTerm, zTerm, nTerm);
+    nSuffix = nTerm-nPrefix;
+
+    nReq += sqlite3Fts3VarintLen(nPrefix)+sqlite3Fts3VarintLen(nSuffix)+nSuffix;
+    if( nReq<=p->nNodeSize || !pTree->zTerm ){
+
+      if( nReq>p->nNodeSize ){
+        /* An unusual case: this is the first term to be added to the node
+        ** and the static node buffer (p->nNodeSize bytes) is not large
+        ** enough. Use a separately malloced buffer instead This wastes
+        ** p->nNodeSize bytes, but since this scenario only comes about when
+        ** the database contain two terms that share a prefix of almost 2KB, 
+        ** this is not expected to be a serious problem. 
+        */
+        assert( pTree->aData==(char *)&pTree[1] );
+        pTree->aData = (char *)sqlite3_malloc(nReq);
+        if( !pTree->aData ){
+          return SQLITE_NOMEM;
+        }
+      }
+
+      if( pTree->zTerm ){
+        /* There is no prefix-length field for first term in a node */
+        nData += sqlite3Fts3PutVarint(&pTree->aData[nData], nPrefix);
+      }
+
+      nData += sqlite3Fts3PutVarint(&pTree->aData[nData], nSuffix);
+      memcpy(&pTree->aData[nData], &zTerm[nPrefix], nSuffix);
+      pTree->nData = nData + nSuffix;
+      pTree->nEntry++;
+
+      if( isCopyTerm ){
+        if( pTree->nMalloc<nTerm ){
+          char *zNew = sqlite3_realloc(pTree->zMalloc, nTerm*2);
+          if( !zNew ){
+            return SQLITE_NOMEM;
+          }
+          pTree->nMalloc = nTerm*2;
+          pTree->zMalloc = zNew;
+        }
+        pTree->zTerm = pTree->zMalloc;
+        memcpy(pTree->zTerm, zTerm, nTerm);
+        pTree->nTerm = nTerm;
+      }else{
+        pTree->zTerm = (char *)zTerm;
+        pTree->nTerm = nTerm;
+      }
+      return SQLITE_OK;
+    }
+  }
+
+  /* If control flows to here, it was not possible to append zTerm to the
+  ** current node. Create a new node (a right-sibling of the current node).
+  ** If this is the first node in the tree, the term is added to it.
+  **
+  ** Otherwise, the term is not added to the new node, it is left empty for
+  ** now. Instead, the term is inserted into the parent of pTree. If pTree 
+  ** has no parent, one is created here.
+  */
+  pNew = (SegmentNode *)sqlite3_malloc(sizeof(SegmentNode) + p->nNodeSize);
+  if( !pNew ){
+    return SQLITE_NOMEM;
+  }
+  memset(pNew, 0, sizeof(SegmentNode));
+  pNew->nData = 1 + FTS3_VARINT_MAX;
+  pNew->aData = (char *)&pNew[1];
+
+  if( pTree ){
+    SegmentNode *pParent = pTree->pParent;
+    rc = fts3NodeAddTerm(p, &pParent, isCopyTerm, zTerm, nTerm);
+    if( pTree->pParent==0 ){
+      pTree->pParent = pParent;
+    }
+    pTree->pRight = pNew;
+    pNew->pLeftmost = pTree->pLeftmost;
+    pNew->pParent = pParent;
+    pNew->zMalloc = pTree->zMalloc;
+    pNew->nMalloc = pTree->nMalloc;
+    pTree->zMalloc = 0;
+  }else{
+    pNew->pLeftmost = pNew;
+    rc = fts3NodeAddTerm(p, &pNew, isCopyTerm, zTerm, nTerm); 
+  }
+
+  *ppTree = pNew;
+  return rc;
+}
+
+/*
+** Helper function for fts3NodeWrite().
+*/
+static int fts3TreeFinishNode(
+  SegmentNode *pTree, 
+  int iHeight, 
+  sqlite3_int64 iLeftChild
+){
+  int nStart;
+  assert( iHeight>=1 && iHeight<128 );
+  nStart = FTS3_VARINT_MAX - sqlite3Fts3VarintLen(iLeftChild);
+  pTree->aData[nStart] = (char)iHeight;
+  sqlite3Fts3PutVarint(&pTree->aData[nStart+1], iLeftChild);
+  return nStart;
+}
+
+/*
+** Write the buffer for the segment node pTree and all of its peers to the
+** database. Then call this function recursively to write the parent of 
+** pTree and its peers to the database. 
+**
+** Except, if pTree is a root node, do not write it to the database. Instead,
+** set output variables *paRoot and *pnRoot to contain the root node.
+**
+** If successful, SQLITE_OK is returned and output variable *piLast is
+** set to the largest blockid written to the database (or zero if no
+** blocks were written to the db). Otherwise, an SQLite error code is 
+** returned.
+*/
+static int fts3NodeWrite(
+  Fts3Table *p,                   /* Virtual table handle */
+  SegmentNode *pTree,             /* SegmentNode handle */
+  int iHeight,                    /* Height of this node in tree */
+  sqlite3_int64 iLeaf,            /* Block id of first leaf node */
+  sqlite3_int64 iFree,            /* Block id of next free slot in %_segments */
+  sqlite3_int64 *piLast,          /* OUT: Block id of last entry written */
+  char **paRoot,                  /* OUT: Data for root node */
+  int *pnRoot                     /* OUT: Size of root node in bytes */
+){
+  int rc = SQLITE_OK;
+
+  if( !pTree->pParent ){
+    /* Root node of the tree. */
+    int nStart = fts3TreeFinishNode(pTree, iHeight, iLeaf);
+    *piLast = iFree-1;
+    *pnRoot = pTree->nData - nStart;
+    *paRoot = &pTree->aData[nStart];
+  }else{
+    SegmentNode *pIter;
+    sqlite3_int64 iNextFree = iFree;
+    sqlite3_int64 iNextLeaf = iLeaf;
+    for(pIter=pTree->pLeftmost; pIter && rc==SQLITE_OK; pIter=pIter->pRight){
+      int nStart = fts3TreeFinishNode(pIter, iHeight, iNextLeaf);
+      int nWrite = pIter->nData - nStart;
+  
+      rc = fts3WriteSegment(p, iNextFree, &pIter->aData[nStart], nWrite);
+      iNextFree++;
+      iNextLeaf += (pIter->nEntry+1);
+    }
+    if( rc==SQLITE_OK ){
+      assert( iNextLeaf==iFree );
+      rc = fts3NodeWrite(
+          p, pTree->pParent, iHeight+1, iFree, iNextFree, piLast, paRoot, pnRoot
+      );
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Free all memory allocations associated with the tree pTree.
+*/
+static void fts3NodeFree(SegmentNode *pTree){
+  if( pTree ){
+    SegmentNode *p = pTree->pLeftmost;
+    fts3NodeFree(p->pParent);
+    while( p ){
+      SegmentNode *pRight = p->pRight;
+      if( p->aData!=(char *)&p[1] ){
+        sqlite3_free(p->aData);
+      }
+      assert( pRight==0 || p->zMalloc==0 );
+      sqlite3_free(p->zMalloc);
+      sqlite3_free(p);
+      p = pRight;
+    }
+  }
+}
+
+/*
+** Add a term to the segment being constructed by the SegmentWriter object
+** *ppWriter. When adding the first term to a segment, *ppWriter should
+** be passed NULL. This function will allocate a new SegmentWriter object
+** and return it via the input/output variable *ppWriter in this case.
+**
+** If successful, SQLITE_OK is returned. Otherwise, an SQLite error code.
+*/
+static int fts3SegWriterAdd(
+  Fts3Table *p,                   /* Virtual table handle */
+  SegmentWriter **ppWriter,       /* IN/OUT: SegmentWriter handle */ 
+  int isCopyTerm,                 /* True if buffer zTerm must be copied */
+  const char *zTerm,              /* Pointer to buffer containing term */
+  int nTerm,                      /* Size of term in bytes */
+  const char *aDoclist,           /* Pointer to buffer containing doclist */
+  int nDoclist                    /* Size of doclist in bytes */
+){
+  int nPrefix;                    /* Size of term prefix in bytes */
+  int nSuffix;                    /* Size of term suffix in bytes */
+  int nReq;                       /* Number of bytes required on leaf page */
+  int nData;
+  SegmentWriter *pWriter = *ppWriter;
+
+  if( !pWriter ){
+    int rc;
+    sqlite3_stmt *pStmt;
+
+    /* Allocate the SegmentWriter structure */
+    pWriter = (SegmentWriter *)sqlite3_malloc(sizeof(SegmentWriter));
+    if( !pWriter ) return SQLITE_NOMEM;
+    memset(pWriter, 0, sizeof(SegmentWriter));
+    *ppWriter = pWriter;
+
+    /* Allocate a buffer in which to accumulate data */
+    pWriter->aData = (char *)sqlite3_malloc(p->nNodeSize);
+    if( !pWriter->aData ) return SQLITE_NOMEM;
+    pWriter->nSize = p->nNodeSize;
+
+    /* Find the next free blockid in the %_segments table */
+    rc = fts3SqlStmt(p, SQL_NEXT_SEGMENTS_ID, &pStmt, 0);
+    if( rc!=SQLITE_OK ) return rc;
+    if( SQLITE_ROW==sqlite3_step(pStmt) ){
+      pWriter->iFree = sqlite3_column_int64(pStmt, 0);
+      pWriter->iFirst = pWriter->iFree;
+    }
+    rc = sqlite3_reset(pStmt);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+  nData = pWriter->nData;
+
+  nPrefix = fts3PrefixCompress(pWriter->zTerm, pWriter->nTerm, zTerm, nTerm);
+  nSuffix = nTerm-nPrefix;
+
+  /* Figure out how many bytes are required by this new entry */
+  nReq = sqlite3Fts3VarintLen(nPrefix) +    /* varint containing prefix size */
+    sqlite3Fts3VarintLen(nSuffix) +         /* varint containing suffix size */
+    nSuffix +                               /* Term suffix */
+    sqlite3Fts3VarintLen(nDoclist) +        /* Size of doclist */
+    nDoclist;                               /* Doclist data */
+
+  if( nData>0 && nData+nReq>p->nNodeSize ){
+    int rc;
+
+    /* The current leaf node is full. Write it out to the database. */
+    rc = fts3WriteSegment(p, pWriter->iFree++, pWriter->aData, nData);
+    if( rc!=SQLITE_OK ) return rc;
+    p->nLeafAdd++;
+
+    /* Add the current term to the interior node tree. The term added to
+    ** the interior tree must:
+    **
+    **   a) be greater than the largest term on the leaf node just written
+    **      to the database (still available in pWriter->zTerm), and
+    **
+    **   b) be less than or equal to the term about to be added to the new
+    **      leaf node (zTerm/nTerm).
+    **
+    ** In other words, it must be the prefix of zTerm 1 byte longer than
+    ** the common prefix (if any) of zTerm and pWriter->zTerm.
+    */
+    assert( nPrefix<nTerm );
+    rc = fts3NodeAddTerm(p, &pWriter->pTree, isCopyTerm, zTerm, nPrefix+1);
+    if( rc!=SQLITE_OK ) return rc;
+
+    nData = 0;
+    pWriter->nTerm = 0;
+
+    nPrefix = 0;
+    nSuffix = nTerm;
+    nReq = 1 +                              /* varint containing prefix size */
+      sqlite3Fts3VarintLen(nTerm) +         /* varint containing suffix size */
+      nTerm +                               /* Term suffix */
+      sqlite3Fts3VarintLen(nDoclist) +      /* Size of doclist */
+      nDoclist;                             /* Doclist data */
+  }
+
+  /* Increase the total number of bytes written to account for the new entry. */
+  pWriter->nLeafData += nReq;
+
+  /* If the buffer currently allocated is too small for this entry, realloc
+  ** the buffer to make it large enough.
+  */
+  if( nReq>pWriter->nSize ){
+    char *aNew = sqlite3_realloc(pWriter->aData, nReq);
+    if( !aNew ) return SQLITE_NOMEM;
+    pWriter->aData = aNew;
+    pWriter->nSize = nReq;
+  }
+  assert( nData+nReq<=pWriter->nSize );
+
+  /* Append the prefix-compressed term and doclist to the buffer. */
+  nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nPrefix);
+  nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nSuffix);
+  memcpy(&pWriter->aData[nData], &zTerm[nPrefix], nSuffix);
+  nData += nSuffix;
+  nData += sqlite3Fts3PutVarint(&pWriter->aData[nData], nDoclist);
+  memcpy(&pWriter->aData[nData], aDoclist, nDoclist);
+  pWriter->nData = nData + nDoclist;
+
+  /* Save the current term so that it can be used to prefix-compress the next.
+  ** If the isCopyTerm parameter is true, then the buffer pointed to by
+  ** zTerm is transient, so take a copy of the term data. Otherwise, just
+  ** store a copy of the pointer.
+  */
+  if( isCopyTerm ){
+    if( nTerm>pWriter->nMalloc ){
+      char *zNew = sqlite3_realloc(pWriter->zMalloc, nTerm*2);
+      if( !zNew ){
+        return SQLITE_NOMEM;
+      }
+      pWriter->nMalloc = nTerm*2;
+      pWriter->zMalloc = zNew;
+      pWriter->zTerm = zNew;
+    }
+    assert( pWriter->zTerm==pWriter->zMalloc );
+    memcpy(pWriter->zTerm, zTerm, nTerm);
+  }else{
+    pWriter->zTerm = (char *)zTerm;
+  }
+  pWriter->nTerm = nTerm;
+
+  return SQLITE_OK;
+}
+
+/*
+** Flush all data associated with the SegmentWriter object pWriter to the
+** database. This function must be called after all terms have been added
+** to the segment using fts3SegWriterAdd(). If successful, SQLITE_OK is
+** returned. Otherwise, an SQLite error code.
+*/
+static int fts3SegWriterFlush(
+  Fts3Table *p,                   /* Virtual table handle */
+  SegmentWriter *pWriter,         /* SegmentWriter to flush to the db */
+  sqlite3_int64 iLevel,           /* Value for 'level' column of %_segdir */
+  int iIdx                        /* Value for 'idx' column of %_segdir */
+){
+  int rc;                         /* Return code */
+  if( pWriter->pTree ){
+    sqlite3_int64 iLast = 0;      /* Largest block id written to database */
+    sqlite3_int64 iLastLeaf;      /* Largest leaf block id written to db */
+    char *zRoot = NULL;           /* Pointer to buffer containing root node */
+    int nRoot = 0;                /* Size of buffer zRoot */
+
+    iLastLeaf = pWriter->iFree;
+    rc = fts3WriteSegment(p, pWriter->iFree++, pWriter->aData, pWriter->nData);
+    if( rc==SQLITE_OK ){
+      rc = fts3NodeWrite(p, pWriter->pTree, 1,
+          pWriter->iFirst, pWriter->iFree, &iLast, &zRoot, &nRoot);
+    }
+    if( rc==SQLITE_OK ){
+      rc = fts3WriteSegdir(p, iLevel, iIdx, 
+          pWriter->iFirst, iLastLeaf, iLast, pWriter->nLeafData, zRoot, nRoot);
+    }
+  }else{
+    /* The entire tree fits on the root node. Write it to the segdir table. */
+    rc = fts3WriteSegdir(p, iLevel, iIdx, 
+        0, 0, 0, pWriter->nLeafData, pWriter->aData, pWriter->nData);
+  }
+  p->nLeafAdd++;
+  return rc;
+}
+
+/*
+** Release all memory held by the SegmentWriter object passed as the 
+** first argument.
+*/
+static void fts3SegWriterFree(SegmentWriter *pWriter){
+  if( pWriter ){
+    sqlite3_free(pWriter->aData);
+    sqlite3_free(pWriter->zMalloc);
+    fts3NodeFree(pWriter->pTree);
+    sqlite3_free(pWriter);
+  }
+}
+
+/*
+** The first value in the apVal[] array is assumed to contain an integer.
+** This function tests if there exist any documents with docid values that
+** are different from that integer. i.e. if deleting the document with docid
+** pRowid would mean the FTS3 table were empty.
+**
+** If successful, *pisEmpty is set to true if the table is empty except for
+** document pRowid, or false otherwise, and SQLITE_OK is returned. If an
+** error occurs, an SQLite error code is returned.
+*/
+static int fts3IsEmpty(Fts3Table *p, sqlite3_value *pRowid, int *pisEmpty){
+  sqlite3_stmt *pStmt;
+  int rc;
+  if( p->zContentTbl ){
+    /* If using the content=xxx option, assume the table is never empty */
+    *pisEmpty = 0;
+    rc = SQLITE_OK;
+  }else{
+    rc = fts3SqlStmt(p, SQL_IS_EMPTY, &pStmt, &pRowid);
+    if( rc==SQLITE_OK ){
+      if( SQLITE_ROW==sqlite3_step(pStmt) ){
+        *pisEmpty = sqlite3_column_int(pStmt, 0);
+      }
+      rc = sqlite3_reset(pStmt);
+    }
+  }
+  return rc;
+}
+
+/*
+** Set *pnMax to the largest segment level in the database for the index
+** iIndex.
+**
+** Segment levels are stored in the 'level' column of the %_segdir table.
+**
+** Return SQLITE_OK if successful, or an SQLite error code if not.
+*/
+static int fts3SegmentMaxLevel(
+  Fts3Table *p, 
+  int iLangid,
+  int iIndex, 
+  sqlite3_int64 *pnMax
+){
+  sqlite3_stmt *pStmt;
+  int rc;
+  assert( iIndex>=0 && iIndex<p->nIndex );
+
+  /* Set pStmt to the compiled version of:
+  **
+  **   SELECT max(level) FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?
+  **
+  ** (1024 is actually the value of macro FTS3_SEGDIR_PREFIXLEVEL_STR).
+  */
+  rc = fts3SqlStmt(p, SQL_SELECT_SEGDIR_MAX_LEVEL, &pStmt, 0);
+  if( rc!=SQLITE_OK ) return rc;
+  sqlite3_bind_int64(pStmt, 1, getAbsoluteLevel(p, iLangid, iIndex, 0));
+  sqlite3_bind_int64(pStmt, 2, 
+      getAbsoluteLevel(p, iLangid, iIndex, FTS3_SEGDIR_MAXLEVEL-1)
+  );
+  if( SQLITE_ROW==sqlite3_step(pStmt) ){
+    *pnMax = sqlite3_column_int64(pStmt, 0);
+  }
+  return sqlite3_reset(pStmt);
+}
+
+/*
+** iAbsLevel is an absolute level that may be assumed to exist within
+** the database. This function checks if it is the largest level number
+** within its index. Assuming no error occurs, *pbMax is set to 1 if
+** iAbsLevel is indeed the largest level, or 0 otherwise, and SQLITE_OK
+** is returned. If an error occurs, an error code is returned and the
+** final value of *pbMax is undefined.
+*/
+static int fts3SegmentIsMaxLevel(Fts3Table *p, i64 iAbsLevel, int *pbMax){
+
+  /* Set pStmt to the compiled version of:
+  **
+  **   SELECT max(level) FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?
+  **
+  ** (1024 is actually the value of macro FTS3_SEGDIR_PREFIXLEVEL_STR).
+  */
+  sqlite3_stmt *pStmt;
+  int rc = fts3SqlStmt(p, SQL_SELECT_SEGDIR_MAX_LEVEL, &pStmt, 0);
+  if( rc!=SQLITE_OK ) return rc;
+  sqlite3_bind_int64(pStmt, 1, iAbsLevel+1);
+  sqlite3_bind_int64(pStmt, 2, 
+      ((iAbsLevel/FTS3_SEGDIR_MAXLEVEL)+1) * FTS3_SEGDIR_MAXLEVEL
+  );
+
+  *pbMax = 0;
+  if( SQLITE_ROW==sqlite3_step(pStmt) ){
+    *pbMax = sqlite3_column_type(pStmt, 0)==SQLITE_NULL;
+  }
+  return sqlite3_reset(pStmt);
+}
+
+/*
+** Delete all entries in the %_segments table associated with the segment
+** opened with seg-reader pSeg. This function does not affect the contents
+** of the %_segdir table.
+*/
+static int fts3DeleteSegment(
+  Fts3Table *p,                   /* FTS table handle */
+  Fts3SegReader *pSeg             /* Segment to delete */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  if( pSeg->iStartBlock ){
+    sqlite3_stmt *pDelete;        /* SQL statement to delete rows */
+    rc = fts3SqlStmt(p, SQL_DELETE_SEGMENTS_RANGE, &pDelete, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pDelete, 1, pSeg->iStartBlock);
+      sqlite3_bind_int64(pDelete, 2, pSeg->iEndBlock);
+      sqlite3_step(pDelete);
+      rc = sqlite3_reset(pDelete);
+    }
+  }
+  return rc;
+}
+
+/*
+** This function is used after merging multiple segments into a single large
+** segment to delete the old, now redundant, segment b-trees. Specifically,
+** it:
+** 
+**   1) Deletes all %_segments entries for the segments associated with 
+**      each of the SegReader objects in the array passed as the third 
+**      argument, and
+**
+**   2) deletes all %_segdir entries with level iLevel, or all %_segdir
+**      entries regardless of level if (iLevel<0).
+**
+** SQLITE_OK is returned if successful, otherwise an SQLite error code.
+*/
+static int fts3DeleteSegdir(
+  Fts3Table *p,                   /* Virtual table handle */
+  int iLangid,                    /* Language id */
+  int iIndex,                     /* Index for p->aIndex */
+  int iLevel,                     /* Level of %_segdir entries to delete */
+  Fts3SegReader **apSegment,      /* Array of SegReader objects */
+  int nReader                     /* Size of array apSegment */
+){
+  int rc = SQLITE_OK;             /* Return Code */
+  int i;                          /* Iterator variable */
+  sqlite3_stmt *pDelete = 0;      /* SQL statement to delete rows */
+
+  for(i=0; rc==SQLITE_OK && i<nReader; i++){
+    rc = fts3DeleteSegment(p, apSegment[i]);
+  }
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  assert( iLevel>=0 || iLevel==FTS3_SEGCURSOR_ALL );
+  if( iLevel==FTS3_SEGCURSOR_ALL ){
+    rc = fts3SqlStmt(p, SQL_DELETE_SEGDIR_RANGE, &pDelete, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pDelete, 1, getAbsoluteLevel(p, iLangid, iIndex, 0));
+      sqlite3_bind_int64(pDelete, 2, 
+          getAbsoluteLevel(p, iLangid, iIndex, FTS3_SEGDIR_MAXLEVEL-1)
+      );
+    }
+  }else{
+    rc = fts3SqlStmt(p, SQL_DELETE_SEGDIR_LEVEL, &pDelete, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(
+          pDelete, 1, getAbsoluteLevel(p, iLangid, iIndex, iLevel)
+      );
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    sqlite3_step(pDelete);
+    rc = sqlite3_reset(pDelete);
+  }
+
+  return rc;
+}
+
+/*
+** When this function is called, buffer *ppList (size *pnList bytes) contains 
+** a position list that may (or may not) feature multiple columns. This
+** function adjusts the pointer *ppList and the length *pnList so that they
+** identify the subset of the position list that corresponds to column iCol.
+**
+** If there are no entries in the input position list for column iCol, then
+** *pnList is set to zero before returning.
+**
+** If parameter bZero is non-zero, then any part of the input list following
+** the end of the output list is zeroed before returning.
+*/
+static void fts3ColumnFilter(
+  int iCol,                       /* Column to filter on */
+  int bZero,                      /* Zero out anything following *ppList */
+  char **ppList,                  /* IN/OUT: Pointer to position list */
+  int *pnList                     /* IN/OUT: Size of buffer *ppList in bytes */
+){
+  char *pList = *ppList;
+  int nList = *pnList;
+  char *pEnd = &pList[nList];
+  int iCurrent = 0;
+  char *p = pList;
+
+  assert( iCol>=0 );
+  while( 1 ){
+    char c = 0;
+    while( p<pEnd && (c | *p)&0xFE ) c = *p++ & 0x80;
+  
+    if( iCol==iCurrent ){
+      nList = (int)(p - pList);
+      break;
+    }
+
+    nList -= (int)(p - pList);
+    pList = p;
+    if( nList==0 ){
+      break;
+    }
+    p = &pList[1];
+    p += fts3GetVarint32(p, &iCurrent);
+  }
+
+  if( bZero && &pList[nList]!=pEnd ){
+    memset(&pList[nList], 0, pEnd - &pList[nList]);
+  }
+  *ppList = pList;
+  *pnList = nList;
+}
+
+/*
+** Cache data in the Fts3MultiSegReader.aBuffer[] buffer (overwriting any
+** existing data). Grow the buffer if required.
+**
+** If successful, return SQLITE_OK. Otherwise, if an OOM error is encountered
+** trying to resize the buffer, return SQLITE_NOMEM.
+*/
+static int fts3MsrBufferData(
+  Fts3MultiSegReader *pMsr,       /* Multi-segment-reader handle */
+  char *pList,
+  int nList
+){
+  if( nList>pMsr->nBuffer ){
+    char *pNew;
+    pMsr->nBuffer = nList*2;
+    pNew = (char *)sqlite3_realloc(pMsr->aBuffer, pMsr->nBuffer);
+    if( !pNew ) return SQLITE_NOMEM;
+    pMsr->aBuffer = pNew;
+  }
+
+  memcpy(pMsr->aBuffer, pList, nList);
+  return SQLITE_OK;
+}
+
+SQLITE_PRIVATE int sqlite3Fts3MsrIncrNext(
+  Fts3Table *p,                   /* Virtual table handle */
+  Fts3MultiSegReader *pMsr,       /* Multi-segment-reader handle */
+  sqlite3_int64 *piDocid,         /* OUT: Docid value */
+  char **paPoslist,               /* OUT: Pointer to position list */
+  int *pnPoslist                  /* OUT: Size of position list in bytes */
+){
+  int nMerge = pMsr->nAdvance;
+  Fts3SegReader **apSegment = pMsr->apSegment;
+  int (*xCmp)(Fts3SegReader *, Fts3SegReader *) = (
+    p->bDescIdx ? fts3SegReaderDoclistCmpRev : fts3SegReaderDoclistCmp
+  );
+
+  if( nMerge==0 ){
+    *paPoslist = 0;
+    return SQLITE_OK;
+  }
+
+  while( 1 ){
+    Fts3SegReader *pSeg;
+    pSeg = pMsr->apSegment[0];
+
+    if( pSeg->pOffsetList==0 ){
+      *paPoslist = 0;
+      break;
+    }else{
+      int rc;
+      char *pList;
+      int nList;
+      int j;
+      sqlite3_int64 iDocid = apSegment[0]->iDocid;
+
+      rc = fts3SegReaderNextDocid(p, apSegment[0], &pList, &nList);
+      j = 1;
+      while( rc==SQLITE_OK 
+        && j<nMerge
+        && apSegment[j]->pOffsetList
+        && apSegment[j]->iDocid==iDocid
+      ){
+        rc = fts3SegReaderNextDocid(p, apSegment[j], 0, 0);
+        j++;
+      }
+      if( rc!=SQLITE_OK ) return rc;
+      fts3SegReaderSort(pMsr->apSegment, nMerge, j, xCmp);
+
+      if( nList>0 && fts3SegReaderIsPending(apSegment[0]) ){
+        rc = fts3MsrBufferData(pMsr, pList, nList+1);
+        if( rc!=SQLITE_OK ) return rc;
+        assert( (pMsr->aBuffer[nList] & 0xFE)==0x00 );
+        pList = pMsr->aBuffer;
+      }
+
+      if( pMsr->iColFilter>=0 ){
+        fts3ColumnFilter(pMsr->iColFilter, 1, &pList, &nList);
+      }
+
+      if( nList>0 ){
+        *paPoslist = pList;
+        *piDocid = iDocid;
+        *pnPoslist = nList;
+        break;
+      }
+    }
+  }
+
+  return SQLITE_OK;
+}
+
+static int fts3SegReaderStart(
+  Fts3Table *p,                   /* Virtual table handle */
+  Fts3MultiSegReader *pCsr,       /* Cursor object */
+  const char *zTerm,              /* Term searched for (or NULL) */
+  int nTerm                       /* Length of zTerm in bytes */
+){
+  int i;
+  int nSeg = pCsr->nSegment;
+
+  /* If the Fts3SegFilter defines a specific term (or term prefix) to search 
+  ** for, then advance each segment iterator until it points to a term of
+  ** equal or greater value than the specified term. This prevents many
+  ** unnecessary merge/sort operations for the case where single segment
+  ** b-tree leaf nodes contain more than one term.
+  */
+  for(i=0; pCsr->bRestart==0 && i<pCsr->nSegment; i++){
+    int res = 0;
+    Fts3SegReader *pSeg = pCsr->apSegment[i];
+    do {
+      int rc = fts3SegReaderNext(p, pSeg, 0);
+      if( rc!=SQLITE_OK ) return rc;
+    }while( zTerm && (res = fts3SegReaderTermCmp(pSeg, zTerm, nTerm))<0 );
+
+    if( pSeg->bLookup && res!=0 ){
+      fts3SegReaderSetEof(pSeg);
+    }
+  }
+  fts3SegReaderSort(pCsr->apSegment, nSeg, nSeg, fts3SegReaderCmp);
+
+  return SQLITE_OK;
+}
+
+SQLITE_PRIVATE int sqlite3Fts3SegReaderStart(
+  Fts3Table *p,                   /* Virtual table handle */
+  Fts3MultiSegReader *pCsr,       /* Cursor object */
+  Fts3SegFilter *pFilter          /* Restrictions on range of iteration */
+){
+  pCsr->pFilter = pFilter;
+  return fts3SegReaderStart(p, pCsr, pFilter->zTerm, pFilter->nTerm);
+}
+
+SQLITE_PRIVATE int sqlite3Fts3MsrIncrStart(
+  Fts3Table *p,                   /* Virtual table handle */
+  Fts3MultiSegReader *pCsr,       /* Cursor object */
+  int iCol,                       /* Column to match on. */
+  const char *zTerm,              /* Term to iterate through a doclist for */
+  int nTerm                       /* Number of bytes in zTerm */
+){
+  int i;
+  int rc;
+  int nSegment = pCsr->nSegment;
+  int (*xCmp)(Fts3SegReader *, Fts3SegReader *) = (
+    p->bDescIdx ? fts3SegReaderDoclistCmpRev : fts3SegReaderDoclistCmp
+  );
+
+  assert( pCsr->pFilter==0 );
+  assert( zTerm && nTerm>0 );
+
+  /* Advance each segment iterator until it points to the term zTerm/nTerm. */
+  rc = fts3SegReaderStart(p, pCsr, zTerm, nTerm);
+  if( rc!=SQLITE_OK ) return rc;
+
+  /* Determine how many of the segments actually point to zTerm/nTerm. */
+  for(i=0; i<nSegment; i++){
+    Fts3SegReader *pSeg = pCsr->apSegment[i];
+    if( !pSeg->aNode || fts3SegReaderTermCmp(pSeg, zTerm, nTerm) ){
+      break;
+    }
+  }
+  pCsr->nAdvance = i;
+
+  /* Advance each of the segments to point to the first docid. */
+  for(i=0; i<pCsr->nAdvance; i++){
+    rc = fts3SegReaderFirstDocid(p, pCsr->apSegment[i]);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+  fts3SegReaderSort(pCsr->apSegment, i, i, xCmp);
+
+  assert( iCol<0 || iCol<p->nColumn );
+  pCsr->iColFilter = iCol;
+
+  return SQLITE_OK;
+}
+
+/*
+** This function is called on a MultiSegReader that has been started using
+** sqlite3Fts3MsrIncrStart(). One or more calls to MsrIncrNext() may also
+** have been made. Calling this function puts the MultiSegReader in such
+** a state that if the next two calls are:
+**
+**   sqlite3Fts3SegReaderStart()
+**   sqlite3Fts3SegReaderStep()
+**
+** then the entire doclist for the term is available in 
+** MultiSegReader.aDoclist/nDoclist.
+*/
+SQLITE_PRIVATE int sqlite3Fts3MsrIncrRestart(Fts3MultiSegReader *pCsr){
+  int i;                          /* Used to iterate through segment-readers */
+
+  assert( pCsr->zTerm==0 );
+  assert( pCsr->nTerm==0 );
+  assert( pCsr->aDoclist==0 );
+  assert( pCsr->nDoclist==0 );
+
+  pCsr->nAdvance = 0;
+  pCsr->bRestart = 1;
+  for(i=0; i<pCsr->nSegment; i++){
+    pCsr->apSegment[i]->pOffsetList = 0;
+    pCsr->apSegment[i]->nOffsetList = 0;
+    pCsr->apSegment[i]->iDocid = 0;
+  }
+
+  return SQLITE_OK;
+}
+
+
+SQLITE_PRIVATE int sqlite3Fts3SegReaderStep(
+  Fts3Table *p,                   /* Virtual table handle */
+  Fts3MultiSegReader *pCsr        /* Cursor object */
+){
+  int rc = SQLITE_OK;
+
+  int isIgnoreEmpty =  (pCsr->pFilter->flags & FTS3_SEGMENT_IGNORE_EMPTY);
+  int isRequirePos =   (pCsr->pFilter->flags & FTS3_SEGMENT_REQUIRE_POS);
+  int isColFilter =    (pCsr->pFilter->flags & FTS3_SEGMENT_COLUMN_FILTER);
+  int isPrefix =       (pCsr->pFilter->flags & FTS3_SEGMENT_PREFIX);
+  int isScan =         (pCsr->pFilter->flags & FTS3_SEGMENT_SCAN);
+  int isFirst =        (pCsr->pFilter->flags & FTS3_SEGMENT_FIRST);
+
+  Fts3SegReader **apSegment = pCsr->apSegment;
+  int nSegment = pCsr->nSegment;
+  Fts3SegFilter *pFilter = pCsr->pFilter;
+  int (*xCmp)(Fts3SegReader *, Fts3SegReader *) = (
+    p->bDescIdx ? fts3SegReaderDoclistCmpRev : fts3SegReaderDoclistCmp
+  );
+
+  if( pCsr->nSegment==0 ) return SQLITE_OK;
+
+  do {
+    int nMerge;
+    int i;
+  
+    /* Advance the first pCsr->nAdvance entries in the apSegment[] array
+    ** forward. Then sort the list in order of current term again.  
+    */
+    for(i=0; i<pCsr->nAdvance; i++){
+      Fts3SegReader *pSeg = apSegment[i];
+      if( pSeg->bLookup ){
+        fts3SegReaderSetEof(pSeg);
+      }else{
+        rc = fts3SegReaderNext(p, pSeg, 0);
+      }
+      if( rc!=SQLITE_OK ) return rc;
+    }
+    fts3SegReaderSort(apSegment, nSegment, pCsr->nAdvance, fts3SegReaderCmp);
+    pCsr->nAdvance = 0;
+
+    /* If all the seg-readers are at EOF, we're finished. return SQLITE_OK. */
+    assert( rc==SQLITE_OK );
+    if( apSegment[0]->aNode==0 ) break;
+
+    pCsr->nTerm = apSegment[0]->nTerm;
+    pCsr->zTerm = apSegment[0]->zTerm;
+
+    /* If this is a prefix-search, and if the term that apSegment[0] points
+    ** to does not share a suffix with pFilter->zTerm/nTerm, then all 
+    ** required callbacks have been made. In this case exit early.
+    **
+    ** Similarly, if this is a search for an exact match, and the first term
+    ** of segment apSegment[0] is not a match, exit early.
+    */
+    if( pFilter->zTerm && !isScan ){
+      if( pCsr->nTerm<pFilter->nTerm 
+       || (!isPrefix && pCsr->nTerm>pFilter->nTerm)
+       || memcmp(pCsr->zTerm, pFilter->zTerm, pFilter->nTerm) 
+      ){
+        break;
+      }
+    }
+
+    nMerge = 1;
+    while( nMerge<nSegment 
+        && apSegment[nMerge]->aNode
+        && apSegment[nMerge]->nTerm==pCsr->nTerm 
+        && 0==memcmp(pCsr->zTerm, apSegment[nMerge]->zTerm, pCsr->nTerm)
+    ){
+      nMerge++;
+    }
+
+    assert( isIgnoreEmpty || (isRequirePos && !isColFilter) );
+    if( nMerge==1 
+     && !isIgnoreEmpty 
+     && !isFirst 
+     && (p->bDescIdx==0 || fts3SegReaderIsPending(apSegment[0])==0)
+    ){
+      pCsr->nDoclist = apSegment[0]->nDoclist;
+      if( fts3SegReaderIsPending(apSegment[0]) ){
+        rc = fts3MsrBufferData(pCsr, apSegment[0]->aDoclist, pCsr->nDoclist);
+        pCsr->aDoclist = pCsr->aBuffer;
+      }else{
+        pCsr->aDoclist = apSegment[0]->aDoclist;
+      }
+      if( rc==SQLITE_OK ) rc = SQLITE_ROW;
+    }else{
+      int nDoclist = 0;           /* Size of doclist */
+      sqlite3_int64 iPrev = 0;    /* Previous docid stored in doclist */
+
+      /* The current term of the first nMerge entries in the array
+      ** of Fts3SegReader objects is the same. The doclists must be merged
+      ** and a single term returned with the merged doclist.
+      */
+      for(i=0; i<nMerge; i++){
+        fts3SegReaderFirstDocid(p, apSegment[i]);
+      }
+      fts3SegReaderSort(apSegment, nMerge, nMerge, xCmp);
+      while( apSegment[0]->pOffsetList ){
+        int j;                    /* Number of segments that share a docid */
+        char *pList = 0;
+        int nList = 0;
+        int nByte;
+        sqlite3_int64 iDocid = apSegment[0]->iDocid;
+        fts3SegReaderNextDocid(p, apSegment[0], &pList, &nList);
+        j = 1;
+        while( j<nMerge
+            && apSegment[j]->pOffsetList
+            && apSegment[j]->iDocid==iDocid
+        ){
+          fts3SegReaderNextDocid(p, apSegment[j], 0, 0);
+          j++;
+        }
+
+        if( isColFilter ){
+          fts3ColumnFilter(pFilter->iCol, 0, &pList, &nList);
+        }
+
+        if( !isIgnoreEmpty || nList>0 ){
+
+          /* Calculate the 'docid' delta value to write into the merged 
+          ** doclist. */
+          sqlite3_int64 iDelta;
+          if( p->bDescIdx && nDoclist>0 ){
+            iDelta = iPrev - iDocid;
+          }else{
+            iDelta = iDocid - iPrev;
+          }
+          assert( iDelta>0 || (nDoclist==0 && iDelta==iDocid) );
+          assert( nDoclist>0 || iDelta==iDocid );
+
+          nByte = sqlite3Fts3VarintLen(iDelta) + (isRequirePos?nList+1:0);
+          if( nDoclist+nByte>pCsr->nBuffer ){
+            char *aNew;
+            pCsr->nBuffer = (nDoclist+nByte)*2;
+            aNew = sqlite3_realloc(pCsr->aBuffer, pCsr->nBuffer);
+            if( !aNew ){
+              return SQLITE_NOMEM;
+            }
+            pCsr->aBuffer = aNew;
+          }
+
+          if( isFirst ){
+            char *a = &pCsr->aBuffer[nDoclist];
+            int nWrite;
+           
+            nWrite = sqlite3Fts3FirstFilter(iDelta, pList, nList, a);
+            if( nWrite ){
+              iPrev = iDocid;
+              nDoclist += nWrite;
+            }
+          }else{
+            nDoclist += sqlite3Fts3PutVarint(&pCsr->aBuffer[nDoclist], iDelta);
+            iPrev = iDocid;
+            if( isRequirePos ){
+              memcpy(&pCsr->aBuffer[nDoclist], pList, nList);
+              nDoclist += nList;
+              pCsr->aBuffer[nDoclist++] = '\0';
+            }
+          }
+        }
+
+        fts3SegReaderSort(apSegment, nMerge, j, xCmp);
+      }
+      if( nDoclist>0 ){
+        pCsr->aDoclist = pCsr->aBuffer;
+        pCsr->nDoclist = nDoclist;
+        rc = SQLITE_ROW;
+      }
+    }
+    pCsr->nAdvance = nMerge;
+  }while( rc==SQLITE_OK );
+
+  return rc;
+}
+
+
+SQLITE_PRIVATE void sqlite3Fts3SegReaderFinish(
+  Fts3MultiSegReader *pCsr       /* Cursor object */
+){
+  if( pCsr ){
+    int i;
+    for(i=0; i<pCsr->nSegment; i++){
+      sqlite3Fts3SegReaderFree(pCsr->apSegment[i]);
+    }
+    sqlite3_free(pCsr->apSegment);
+    sqlite3_free(pCsr->aBuffer);
+
+    pCsr->nSegment = 0;
+    pCsr->apSegment = 0;
+    pCsr->aBuffer = 0;
+  }
+}
+
+/*
+** Decode the "end_block" field, selected by column iCol of the SELECT 
+** statement passed as the first argument. 
+**
+** The "end_block" field may contain either an integer, or a text field
+** containing the text representation of two non-negative integers separated 
+** by one or more space (0x20) characters. In the first case, set *piEndBlock 
+** to the integer value and *pnByte to zero before returning. In the second, 
+** set *piEndBlock to the first value and *pnByte to the second.
+*/
+static void fts3ReadEndBlockField(
+  sqlite3_stmt *pStmt, 
+  int iCol, 
+  i64 *piEndBlock,
+  i64 *pnByte
+){
+  const unsigned char *zText = sqlite3_column_text(pStmt, iCol);
+  if( zText ){
+    int i;
+    int iMul = 1;
+    i64 iVal = 0;
+    for(i=0; zText[i]>='0' && zText[i]<='9'; i++){
+      iVal = iVal*10 + (zText[i] - '0');
+    }
+    *piEndBlock = iVal;
+    while( zText[i]==' ' ) i++;
+    iVal = 0;
+    if( zText[i]=='-' ){
+      i++;
+      iMul = -1;
+    }
+    for(/* no-op */; zText[i]>='0' && zText[i]<='9'; i++){
+      iVal = iVal*10 + (zText[i] - '0');
+    }
+    *pnByte = (iVal * (i64)iMul);
+  }
+}
+
+
+/*
+** A segment of size nByte bytes has just been written to absolute level
+** iAbsLevel. Promote any segments that should be promoted as a result.
+*/
+static int fts3PromoteSegments(
+  Fts3Table *p,                   /* FTS table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute level just updated */
+  sqlite3_int64 nByte             /* Size of new segment at iAbsLevel */
+){
+  int rc = SQLITE_OK;
+  sqlite3_stmt *pRange;
+
+  rc = fts3SqlStmt(p, SQL_SELECT_LEVEL_RANGE2, &pRange, 0);
+
+  if( rc==SQLITE_OK ){
+    int bOk = 0;
+    i64 iLast = (iAbsLevel/FTS3_SEGDIR_MAXLEVEL + 1) * FTS3_SEGDIR_MAXLEVEL - 1;
+    i64 nLimit = (nByte*3)/2;
+
+    /* Loop through all entries in the %_segdir table corresponding to 
+    ** segments in this index on levels greater than iAbsLevel. If there is
+    ** at least one such segment, and it is possible to determine that all 
+    ** such segments are smaller than nLimit bytes in size, they will be 
+    ** promoted to level iAbsLevel.  */
+    sqlite3_bind_int64(pRange, 1, iAbsLevel+1);
+    sqlite3_bind_int64(pRange, 2, iLast);
+    while( SQLITE_ROW==sqlite3_step(pRange) ){
+      i64 nSize = 0, dummy;
+      fts3ReadEndBlockField(pRange, 2, &dummy, &nSize);
+      if( nSize<=0 || nSize>nLimit ){
+        /* If nSize==0, then the %_segdir.end_block field does not not 
+        ** contain a size value. This happens if it was written by an
+        ** old version of FTS. In this case it is not possible to determine
+        ** the size of the segment, and so segment promotion does not
+        ** take place.  */
+        bOk = 0;
+        break;
+      }
+      bOk = 1;
+    }
+    rc = sqlite3_reset(pRange);
+
+    if( bOk ){
+      int iIdx = 0;
+      sqlite3_stmt *pUpdate1 = 0;
+      sqlite3_stmt *pUpdate2 = 0;
+
+      if( rc==SQLITE_OK ){
+        rc = fts3SqlStmt(p, SQL_UPDATE_LEVEL_IDX, &pUpdate1, 0);
+      }
+      if( rc==SQLITE_OK ){
+        rc = fts3SqlStmt(p, SQL_UPDATE_LEVEL, &pUpdate2, 0);
+      }
+
+      if( rc==SQLITE_OK ){
+
+        /* Loop through all %_segdir entries for segments in this index with
+        ** levels equal to or greater than iAbsLevel. As each entry is visited,
+        ** updated it to set (level = -1) and (idx = N), where N is 0 for the
+        ** oldest segment in the range, 1 for the next oldest, and so on.
+        **
+        ** In other words, move all segments being promoted to level -1,
+        ** setting the "idx" fields as appropriate to keep them in the same
+        ** order. The contents of level -1 (which is never used, except
+        ** transiently here), will be moved back to level iAbsLevel below.  */
+        sqlite3_bind_int64(pRange, 1, iAbsLevel);
+        while( SQLITE_ROW==sqlite3_step(pRange) ){
+          sqlite3_bind_int(pUpdate1, 1, iIdx++);
+          sqlite3_bind_int(pUpdate1, 2, sqlite3_column_int(pRange, 0));
+          sqlite3_bind_int(pUpdate1, 3, sqlite3_column_int(pRange, 1));
+          sqlite3_step(pUpdate1);
+          rc = sqlite3_reset(pUpdate1);
+          if( rc!=SQLITE_OK ){
+            sqlite3_reset(pRange);
+            break;
+          }
+        }
+      }
+      if( rc==SQLITE_OK ){
+        rc = sqlite3_reset(pRange);
+      }
+
+      /* Move level -1 to level iAbsLevel */
+      if( rc==SQLITE_OK ){
+        sqlite3_bind_int64(pUpdate2, 1, iAbsLevel);
+        sqlite3_step(pUpdate2);
+        rc = sqlite3_reset(pUpdate2);
+      }
+    }
+  }
+
+
+  return rc;
+}
+
+/*
+** Merge all level iLevel segments in the database into a single 
+** iLevel+1 segment. Or, if iLevel<0, merge all segments into a
+** single segment with a level equal to the numerically largest level 
+** currently present in the database.
+**
+** If this function is called with iLevel<0, but there is only one
+** segment in the database, SQLITE_DONE is returned immediately. 
+** Otherwise, if successful, SQLITE_OK is returned. If an error occurs, 
+** an SQLite error code is returned.
+*/
+static int fts3SegmentMerge(
+  Fts3Table *p, 
+  int iLangid,                    /* Language id to merge */
+  int iIndex,                     /* Index in p->aIndex[] to merge */
+  int iLevel                      /* Level to merge */
+){
+  int rc;                         /* Return code */
+  int iIdx = 0;                   /* Index of new segment */
+  sqlite3_int64 iNewLevel = 0;    /* Level/index to create new segment at */
+  SegmentWriter *pWriter = 0;     /* Used to write the new, merged, segment */
+  Fts3SegFilter filter;           /* Segment term filter condition */
+  Fts3MultiSegReader csr;         /* Cursor to iterate through level(s) */
+  int bIgnoreEmpty = 0;           /* True to ignore empty segments */
+  i64 iMaxLevel = 0;              /* Max level number for this index/langid */
+
+  assert( iLevel==FTS3_SEGCURSOR_ALL
+       || iLevel==FTS3_SEGCURSOR_PENDING
+       || iLevel>=0
+  );
+  assert( iLevel<FTS3_SEGDIR_MAXLEVEL );
+  assert( iIndex>=0 && iIndex<p->nIndex );
+
+  rc = sqlite3Fts3SegReaderCursor(p, iLangid, iIndex, iLevel, 0, 0, 1, 0, &csr);
+  if( rc!=SQLITE_OK || csr.nSegment==0 ) goto finished;
+
+  if( iLevel!=FTS3_SEGCURSOR_PENDING ){
+    rc = fts3SegmentMaxLevel(p, iLangid, iIndex, &iMaxLevel);
+    if( rc!=SQLITE_OK ) goto finished;
+  }
+
+  if( iLevel==FTS3_SEGCURSOR_ALL ){
+    /* This call is to merge all segments in the database to a single
+    ** segment. The level of the new segment is equal to the numerically
+    ** greatest segment level currently present in the database for this
+    ** index. The idx of the new segment is always 0.  */
+    if( csr.nSegment==1 ){
+      rc = SQLITE_DONE;
+      goto finished;
+    }
+    iNewLevel = iMaxLevel;
+    bIgnoreEmpty = 1;
+
+  }else{
+    /* This call is to merge all segments at level iLevel. find the next
+    ** available segment index at level iLevel+1. The call to
+    ** fts3AllocateSegdirIdx() will merge the segments at level iLevel+1 to 
+    ** a single iLevel+2 segment if necessary.  */
+    assert( FTS3_SEGCURSOR_PENDING==-1 );
+    iNewLevel = getAbsoluteLevel(p, iLangid, iIndex, iLevel+1);
+    rc = fts3AllocateSegdirIdx(p, iLangid, iIndex, iLevel+1, &iIdx);
+    bIgnoreEmpty = (iLevel!=FTS3_SEGCURSOR_PENDING) && (iNewLevel>iMaxLevel);
+  }
+  if( rc!=SQLITE_OK ) goto finished;
+
+  assert( csr.nSegment>0 );
+  assert( iNewLevel>=getAbsoluteLevel(p, iLangid, iIndex, 0) );
+  assert( iNewLevel<getAbsoluteLevel(p, iLangid, iIndex,FTS3_SEGDIR_MAXLEVEL) );
+
+  memset(&filter, 0, sizeof(Fts3SegFilter));
+  filter.flags = FTS3_SEGMENT_REQUIRE_POS;
+  filter.flags |= (bIgnoreEmpty ? FTS3_SEGMENT_IGNORE_EMPTY : 0);
+
+  rc = sqlite3Fts3SegReaderStart(p, &csr, &filter);
+  while( SQLITE_OK==rc ){
+    rc = sqlite3Fts3SegReaderStep(p, &csr);
+    if( rc!=SQLITE_ROW ) break;
+    rc = fts3SegWriterAdd(p, &pWriter, 1, 
+        csr.zTerm, csr.nTerm, csr.aDoclist, csr.nDoclist);
+  }
+  if( rc!=SQLITE_OK ) goto finished;
+  assert( pWriter || bIgnoreEmpty );
+
+  if( iLevel!=FTS3_SEGCURSOR_PENDING ){
+    rc = fts3DeleteSegdir(
+        p, iLangid, iIndex, iLevel, csr.apSegment, csr.nSegment
+    );
+    if( rc!=SQLITE_OK ) goto finished;
+  }
+  if( pWriter ){
+    rc = fts3SegWriterFlush(p, pWriter, iNewLevel, iIdx);
+    if( rc==SQLITE_OK ){
+      if( iLevel==FTS3_SEGCURSOR_PENDING || iNewLevel<iMaxLevel ){
+        rc = fts3PromoteSegments(p, iNewLevel, pWriter->nLeafData);
+      }
+    }
+  }
+
+ finished:
+  fts3SegWriterFree(pWriter);
+  sqlite3Fts3SegReaderFinish(&csr);
+  return rc;
+}
+
+
+/* 
+** Flush the contents of pendingTerms to level 0 segments. 
+*/
+SQLITE_PRIVATE int sqlite3Fts3PendingTermsFlush(Fts3Table *p){
+  int rc = SQLITE_OK;
+  int i;
+        
+  for(i=0; rc==SQLITE_OK && i<p->nIndex; i++){
+    rc = fts3SegmentMerge(p, p->iPrevLangid, i, FTS3_SEGCURSOR_PENDING);
+    if( rc==SQLITE_DONE ) rc = SQLITE_OK;
+  }
+  sqlite3Fts3PendingTermsClear(p);
+
+  /* Determine the auto-incr-merge setting if unknown.  If enabled,
+  ** estimate the number of leaf blocks of content to be written
+  */
+  if( rc==SQLITE_OK && p->bHasStat
+   && p->nAutoincrmerge==0xff && p->nLeafAdd>0
+  ){
+    sqlite3_stmt *pStmt = 0;
+    rc = fts3SqlStmt(p, SQL_SELECT_STAT, &pStmt, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int(pStmt, 1, FTS_STAT_AUTOINCRMERGE);
+      rc = sqlite3_step(pStmt);
+      if( rc==SQLITE_ROW ){
+        p->nAutoincrmerge = sqlite3_column_int(pStmt, 0);
+        if( p->nAutoincrmerge==1 ) p->nAutoincrmerge = 8;
+      }else if( rc==SQLITE_DONE ){
+        p->nAutoincrmerge = 0;
+      }
+      rc = sqlite3_reset(pStmt);
+    }
+  }
+  return rc;
+}
+
+/*
+** Encode N integers as varints into a blob.
+*/
+static void fts3EncodeIntArray(
+  int N,             /* The number of integers to encode */
+  u32 *a,            /* The integer values */
+  char *zBuf,        /* Write the BLOB here */
+  int *pNBuf         /* Write number of bytes if zBuf[] used here */
+){
+  int i, j;
+  for(i=j=0; i<N; i++){
+    j += sqlite3Fts3PutVarint(&zBuf[j], (sqlite3_int64)a[i]);
+  }
+  *pNBuf = j;
+}
+
+/*
+** Decode a blob of varints into N integers
+*/
+static void fts3DecodeIntArray(
+  int N,             /* The number of integers to decode */
+  u32 *a,            /* Write the integer values */
+  const char *zBuf,  /* The BLOB containing the varints */
+  int nBuf           /* size of the BLOB */
+){
+  int i, j;
+  UNUSED_PARAMETER(nBuf);
+  for(i=j=0; i<N; i++){
+    sqlite3_int64 x;
+    j += sqlite3Fts3GetVarint(&zBuf[j], &x);
+    assert(j<=nBuf);
+    a[i] = (u32)(x & 0xffffffff);
+  }
+}
+
+/*
+** Insert the sizes (in tokens) for each column of the document
+** with docid equal to p->iPrevDocid.  The sizes are encoded as
+** a blob of varints.
+*/
+static void fts3InsertDocsize(
+  int *pRC,                       /* Result code */
+  Fts3Table *p,                   /* Table into which to insert */
+  u32 *aSz                        /* Sizes of each column, in tokens */
+){
+  char *pBlob;             /* The BLOB encoding of the document size */
+  int nBlob;               /* Number of bytes in the BLOB */
+  sqlite3_stmt *pStmt;     /* Statement used to insert the encoding */
+  int rc;                  /* Result code from subfunctions */
+
+  if( *pRC ) return;
+  pBlob = sqlite3_malloc( 10*p->nColumn );
+  if( pBlob==0 ){
+    *pRC = SQLITE_NOMEM;
+    return;
+  }
+  fts3EncodeIntArray(p->nColumn, aSz, pBlob, &nBlob);
+  rc = fts3SqlStmt(p, SQL_REPLACE_DOCSIZE, &pStmt, 0);
+  if( rc ){
+    sqlite3_free(pBlob);
+    *pRC = rc;
+    return;
+  }
+  sqlite3_bind_int64(pStmt, 1, p->iPrevDocid);
+  sqlite3_bind_blob(pStmt, 2, pBlob, nBlob, sqlite3_free);
+  sqlite3_step(pStmt);
+  *pRC = sqlite3_reset(pStmt);
+}
+
+/*
+** Record 0 of the %_stat table contains a blob consisting of N varints,
+** where N is the number of user defined columns in the fts3 table plus
+** two. If nCol is the number of user defined columns, then values of the 
+** varints are set as follows:
+**
+**   Varint 0:       Total number of rows in the table.
+**
+**   Varint 1..nCol: For each column, the total number of tokens stored in
+**                   the column for all rows of the table.
+**
+**   Varint 1+nCol:  The total size, in bytes, of all text values in all
+**                   columns of all rows of the table.
+**
+*/
+static void fts3UpdateDocTotals(
+  int *pRC,                       /* The result code */
+  Fts3Table *p,                   /* Table being updated */
+  u32 *aSzIns,                    /* Size increases */
+  u32 *aSzDel,                    /* Size decreases */
+  int nChng                       /* Change in the number of documents */
+){
+  char *pBlob;             /* Storage for BLOB written into %_stat */
+  int nBlob;               /* Size of BLOB written into %_stat */
+  u32 *a;                  /* Array of integers that becomes the BLOB */
+  sqlite3_stmt *pStmt;     /* Statement for reading and writing */
+  int i;                   /* Loop counter */
+  int rc;                  /* Result code from subfunctions */
+
+  const int nStat = p->nColumn+2;
+
+  if( *pRC ) return;
+  a = sqlite3_malloc( (sizeof(u32)+10)*nStat );
+  if( a==0 ){
+    *pRC = SQLITE_NOMEM;
+    return;
+  }
+  pBlob = (char*)&a[nStat];
+  rc = fts3SqlStmt(p, SQL_SELECT_STAT, &pStmt, 0);
+  if( rc ){
+    sqlite3_free(a);
+    *pRC = rc;
+    return;
+  }
+  sqlite3_bind_int(pStmt, 1, FTS_STAT_DOCTOTAL);
+  if( sqlite3_step(pStmt)==SQLITE_ROW ){
+    fts3DecodeIntArray(nStat, a,
+         sqlite3_column_blob(pStmt, 0),
+         sqlite3_column_bytes(pStmt, 0));
+  }else{
+    memset(a, 0, sizeof(u32)*(nStat) );
+  }
+  rc = sqlite3_reset(pStmt);
+  if( rc!=SQLITE_OK ){
+    sqlite3_free(a);
+    *pRC = rc;
+    return;
+  }
+  if( nChng<0 && a[0]<(u32)(-nChng) ){
+    a[0] = 0;
+  }else{
+    a[0] += nChng;
+  }
+  for(i=0; i<p->nColumn+1; i++){
+    u32 x = a[i+1];
+    if( x+aSzIns[i] < aSzDel[i] ){
+      x = 0;
+    }else{
+      x = x + aSzIns[i] - aSzDel[i];
+    }
+    a[i+1] = x;
+  }
+  fts3EncodeIntArray(nStat, a, pBlob, &nBlob);
+  rc = fts3SqlStmt(p, SQL_REPLACE_STAT, &pStmt, 0);
+  if( rc ){
+    sqlite3_free(a);
+    *pRC = rc;
+    return;
+  }
+  sqlite3_bind_int(pStmt, 1, FTS_STAT_DOCTOTAL);
+  sqlite3_bind_blob(pStmt, 2, pBlob, nBlob, SQLITE_STATIC);
+  sqlite3_step(pStmt);
+  *pRC = sqlite3_reset(pStmt);
+  sqlite3_free(a);
+}
+
+/*
+** Merge the entire database so that there is one segment for each 
+** iIndex/iLangid combination.
+*/
+static int fts3DoOptimize(Fts3Table *p, int bReturnDone){
+  int bSeenDone = 0;
+  int rc;
+  sqlite3_stmt *pAllLangid = 0;
+
+  rc = fts3SqlStmt(p, SQL_SELECT_ALL_LANGID, &pAllLangid, 0);
+  if( rc==SQLITE_OK ){
+    int rc2;
+    sqlite3_bind_int(pAllLangid, 1, p->iPrevLangid);
+    sqlite3_bind_int(pAllLangid, 2, p->nIndex);
+    while( sqlite3_step(pAllLangid)==SQLITE_ROW ){
+      int i;
+      int iLangid = sqlite3_column_int(pAllLangid, 0);
+      for(i=0; rc==SQLITE_OK && i<p->nIndex; i++){
+        rc = fts3SegmentMerge(p, iLangid, i, FTS3_SEGCURSOR_ALL);
+        if( rc==SQLITE_DONE ){
+          bSeenDone = 1;
+          rc = SQLITE_OK;
+        }
+      }
+    }
+    rc2 = sqlite3_reset(pAllLangid);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  sqlite3Fts3SegmentsClose(p);
+  sqlite3Fts3PendingTermsClear(p);
+
+  return (rc==SQLITE_OK && bReturnDone && bSeenDone) ? SQLITE_DONE : rc;
+}
+
+/*
+** This function is called when the user executes the following statement:
+**
+**     INSERT INTO <tbl>(<tbl>) VALUES('rebuild');
+**
+** The entire FTS index is discarded and rebuilt. If the table is one 
+** created using the content=xxx option, then the new index is based on
+** the current contents of the xxx table. Otherwise, it is rebuilt based
+** on the contents of the %_content table.
+*/
+static int fts3DoRebuild(Fts3Table *p){
+  int rc;                         /* Return Code */
+
+  rc = fts3DeleteAll(p, 0);
+  if( rc==SQLITE_OK ){
+    u32 *aSz = 0;
+    u32 *aSzIns = 0;
+    u32 *aSzDel = 0;
+    sqlite3_stmt *pStmt = 0;
+    int nEntry = 0;
+
+    /* Compose and prepare an SQL statement to loop through the content table */
+    char *zSql = sqlite3_mprintf("SELECT %s" , p->zReadExprlist);
+    if( !zSql ){
+      rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3_prepare_v2(p->db, zSql, -1, &pStmt, 0);
+      sqlite3_free(zSql);
+    }
+
+    if( rc==SQLITE_OK ){
+      int nByte = sizeof(u32) * (p->nColumn+1)*3;
+      aSz = (u32 *)sqlite3_malloc(nByte);
+      if( aSz==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        memset(aSz, 0, nByte);
+        aSzIns = &aSz[p->nColumn+1];
+        aSzDel = &aSzIns[p->nColumn+1];
+      }
+    }
+
+    while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pStmt) ){
+      int iCol;
+      int iLangid = langidFromSelect(p, pStmt);
+      rc = fts3PendingTermsDocid(p, 0, iLangid, sqlite3_column_int64(pStmt, 0));
+      memset(aSz, 0, sizeof(aSz[0]) * (p->nColumn+1));
+      for(iCol=0; rc==SQLITE_OK && iCol<p->nColumn; iCol++){
+        if( p->abNotindexed[iCol]==0 ){
+          const char *z = (const char *) sqlite3_column_text(pStmt, iCol+1);
+          rc = fts3PendingTermsAdd(p, iLangid, z, iCol, &aSz[iCol]);
+          aSz[p->nColumn] += sqlite3_column_bytes(pStmt, iCol+1);
+        }
+      }
+      if( p->bHasDocsize ){
+        fts3InsertDocsize(&rc, p, aSz);
+      }
+      if( rc!=SQLITE_OK ){
+        sqlite3_finalize(pStmt);
+        pStmt = 0;
+      }else{
+        nEntry++;
+        for(iCol=0; iCol<=p->nColumn; iCol++){
+          aSzIns[iCol] += aSz[iCol];
+        }
+      }
+    }
+    if( p->bFts4 ){
+      fts3UpdateDocTotals(&rc, p, aSzIns, aSzDel, nEntry);
+    }
+    sqlite3_free(aSz);
+
+    if( pStmt ){
+      int rc2 = sqlite3_finalize(pStmt);
+      if( rc==SQLITE_OK ){
+        rc = rc2;
+      }
+    }
+  }
+
+  return rc;
+}
+
+
+/*
+** This function opens a cursor used to read the input data for an 
+** incremental merge operation. Specifically, it opens a cursor to scan
+** the oldest nSeg segments (idx=0 through idx=(nSeg-1)) in absolute 
+** level iAbsLevel.
+*/
+static int fts3IncrmergeCsr(
+  Fts3Table *p,                   /* FTS3 table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute level to open */
+  int nSeg,                       /* Number of segments to merge */
+  Fts3MultiSegReader *pCsr        /* Cursor object to populate */
+){
+  int rc;                         /* Return Code */
+  sqlite3_stmt *pStmt = 0;        /* Statement used to read %_segdir entry */  
+  int nByte;                      /* Bytes allocated at pCsr->apSegment[] */
+
+  /* Allocate space for the Fts3MultiSegReader.aCsr[] array */
+  memset(pCsr, 0, sizeof(*pCsr));
+  nByte = sizeof(Fts3SegReader *) * nSeg;
+  pCsr->apSegment = (Fts3SegReader **)sqlite3_malloc(nByte);
+
+  if( pCsr->apSegment==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    memset(pCsr->apSegment, 0, nByte);
+    rc = fts3SqlStmt(p, SQL_SELECT_LEVEL, &pStmt, 0);
+  }
+  if( rc==SQLITE_OK ){
+    int i;
+    int rc2;
+    sqlite3_bind_int64(pStmt, 1, iAbsLevel);
+    assert( pCsr->nSegment==0 );
+    for(i=0; rc==SQLITE_OK && sqlite3_step(pStmt)==SQLITE_ROW && i<nSeg; i++){
+      rc = sqlite3Fts3SegReaderNew(i, 0,
+          sqlite3_column_int64(pStmt, 1),        /* segdir.start_block */
+          sqlite3_column_int64(pStmt, 2),        /* segdir.leaves_end_block */
+          sqlite3_column_int64(pStmt, 3),        /* segdir.end_block */
+          sqlite3_column_blob(pStmt, 4),         /* segdir.root */
+          sqlite3_column_bytes(pStmt, 4),        /* segdir.root */
+          &pCsr->apSegment[i]
+      );
+      pCsr->nSegment++;
+    }
+    rc2 = sqlite3_reset(pStmt);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  return rc;
+}
+
+typedef struct IncrmergeWriter IncrmergeWriter;
+typedef struct NodeWriter NodeWriter;
+typedef struct Blob Blob;
+typedef struct NodeReader NodeReader;
+
+/*
+** An instance of the following structure is used as a dynamic buffer
+** to build up nodes or other blobs of data in.
+**
+** The function blobGrowBuffer() is used to extend the allocation.
+*/
+struct Blob {
+  char *a;                        /* Pointer to allocation */
+  int n;                          /* Number of valid bytes of data in a[] */
+  int nAlloc;                     /* Allocated size of a[] (nAlloc>=n) */
+};
+
+/*
+** This structure is used to build up buffers containing segment b-tree 
+** nodes (blocks).
+*/
+struct NodeWriter {
+  sqlite3_int64 iBlock;           /* Current block id */
+  Blob key;                       /* Last key written to the current block */
+  Blob block;                     /* Current block image */
+};
+
+/*
+** An object of this type contains the state required to create or append
+** to an appendable b-tree segment.
+*/
+struct IncrmergeWriter {
+  int nLeafEst;                   /* Space allocated for leaf blocks */
+  int nWork;                      /* Number of leaf pages flushed */
+  sqlite3_int64 iAbsLevel;        /* Absolute level of input segments */
+  int iIdx;                       /* Index of *output* segment in iAbsLevel+1 */
+  sqlite3_int64 iStart;           /* Block number of first allocated block */
+  sqlite3_int64 iEnd;             /* Block number of last allocated block */
+  sqlite3_int64 nLeafData;        /* Bytes of leaf page data so far */
+  u8 bNoLeafData;                 /* If true, store 0 for segment size */
+  NodeWriter aNodeWriter[FTS_MAX_APPENDABLE_HEIGHT];
+};
+
+/*
+** An object of the following type is used to read data from a single
+** FTS segment node. See the following functions:
+**
+**     nodeReaderInit()
+**     nodeReaderNext()
+**     nodeReaderRelease()
+*/
+struct NodeReader {
+  const char *aNode;
+  int nNode;
+  int iOff;                       /* Current offset within aNode[] */
+
+  /* Output variables. Containing the current node entry. */
+  sqlite3_int64 iChild;           /* Pointer to child node */
+  Blob term;                      /* Current term */
+  const char *aDoclist;           /* Pointer to doclist */
+  int nDoclist;                   /* Size of doclist in bytes */
+};
+
+/*
+** If *pRc is not SQLITE_OK when this function is called, it is a no-op.
+** Otherwise, if the allocation at pBlob->a is not already at least nMin
+** bytes in size, extend (realloc) it to be so.
+**
+** If an OOM error occurs, set *pRc to SQLITE_NOMEM and leave pBlob->a
+** unmodified. Otherwise, if the allocation succeeds, update pBlob->nAlloc
+** to reflect the new size of the pBlob->a[] buffer.
+*/
+static void blobGrowBuffer(Blob *pBlob, int nMin, int *pRc){
+  if( *pRc==SQLITE_OK && nMin>pBlob->nAlloc ){
+    int nAlloc = nMin;
+    char *a = (char *)sqlite3_realloc(pBlob->a, nAlloc);
+    if( a ){
+      pBlob->nAlloc = nAlloc;
+      pBlob->a = a;
+    }else{
+      *pRc = SQLITE_NOMEM;
+    }
+  }
+}
+
+/*
+** Attempt to advance the node-reader object passed as the first argument to
+** the next entry on the node. 
+**
+** Return an error code if an error occurs (SQLITE_NOMEM is possible). 
+** Otherwise return SQLITE_OK. If there is no next entry on the node
+** (e.g. because the current entry is the last) set NodeReader->aNode to
+** NULL to indicate EOF. Otherwise, populate the NodeReader structure output 
+** variables for the new entry.
+*/
+static int nodeReaderNext(NodeReader *p){
+  int bFirst = (p->term.n==0);    /* True for first term on the node */
+  int nPrefix = 0;                /* Bytes to copy from previous term */
+  int nSuffix = 0;                /* Bytes to append to the prefix */
+  int rc = SQLITE_OK;             /* Return code */
+
+  assert( p->aNode );
+  if( p->iChild && bFirst==0 ) p->iChild++;
+  if( p->iOff>=p->nNode ){
+    /* EOF */
+    p->aNode = 0;
+  }else{
+    if( bFirst==0 ){
+      p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix);
+    }
+    p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix);
+
+    blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc);
+    if( rc==SQLITE_OK ){
+      memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
+      p->term.n = nPrefix+nSuffix;
+      p->iOff += nSuffix;
+      if( p->iChild==0 ){
+        p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist);
+        p->aDoclist = &p->aNode[p->iOff];
+        p->iOff += p->nDoclist;
+      }
+    }
+  }
+
+  assert( p->iOff<=p->nNode );
+
+  return rc;
+}
+
+/*
+** Release all dynamic resources held by node-reader object *p.
+*/
+static void nodeReaderRelease(NodeReader *p){
+  sqlite3_free(p->term.a);
+}
+
+/*
+** Initialize a node-reader object to read the node in buffer aNode/nNode.
+**
+** If successful, SQLITE_OK is returned and the NodeReader object set to 
+** point to the first entry on the node (if any). Otherwise, an SQLite
+** error code is returned.
+*/
+static int nodeReaderInit(NodeReader *p, const char *aNode, int nNode){
+  memset(p, 0, sizeof(NodeReader));
+  p->aNode = aNode;
+  p->nNode = nNode;
+
+  /* Figure out if this is a leaf or an internal node. */
+  if( p->aNode[0] ){
+    /* An internal node. */
+    p->iOff = 1 + sqlite3Fts3GetVarint(&p->aNode[1], &p->iChild);
+  }else{
+    p->iOff = 1;
+  }
+
+  return nodeReaderNext(p);
+}
+
+/*
+** This function is called while writing an FTS segment each time a leaf o
+** node is finished and written to disk. The key (zTerm/nTerm) is guaranteed
+** to be greater than the largest key on the node just written, but smaller
+** than or equal to the first key that will be written to the next leaf
+** node.
+**
+** The block id of the leaf node just written to disk may be found in
+** (pWriter->aNodeWriter[0].iBlock) when this function is called.
+*/
+static int fts3IncrmergePush(
+  Fts3Table *p,                   /* Fts3 table handle */
+  IncrmergeWriter *pWriter,       /* Writer object */
+  const char *zTerm,              /* Term to write to internal node */
+  int nTerm                       /* Bytes at zTerm */
+){
+  sqlite3_int64 iPtr = pWriter->aNodeWriter[0].iBlock;
+  int iLayer;
+
+  assert( nTerm>0 );
+  for(iLayer=1; ALWAYS(iLayer<FTS_MAX_APPENDABLE_HEIGHT); iLayer++){
+    sqlite3_int64 iNextPtr = 0;
+    NodeWriter *pNode = &pWriter->aNodeWriter[iLayer];
+    int rc = SQLITE_OK;
+    int nPrefix;
+    int nSuffix;
+    int nSpace;
+
+    /* Figure out how much space the key will consume if it is written to
+    ** the current node of layer iLayer. Due to the prefix compression, 
+    ** the space required changes depending on which node the key is to
+    ** be added to.  */
+    nPrefix = fts3PrefixCompress(pNode->key.a, pNode->key.n, zTerm, nTerm);
+    nSuffix = nTerm - nPrefix;
+    nSpace  = sqlite3Fts3VarintLen(nPrefix);
+    nSpace += sqlite3Fts3VarintLen(nSuffix) + nSuffix;
+
+    if( pNode->key.n==0 || (pNode->block.n + nSpace)<=p->nNodeSize ){ 
+      /* If the current node of layer iLayer contains zero keys, or if adding
+      ** the key to it will not cause it to grow to larger than nNodeSize 
+      ** bytes in size, write the key here.  */
+
+      Blob *pBlk = &pNode->block;
+      if( pBlk->n==0 ){
+        blobGrowBuffer(pBlk, p->nNodeSize, &rc);
+        if( rc==SQLITE_OK ){
+          pBlk->a[0] = (char)iLayer;
+          pBlk->n = 1 + sqlite3Fts3PutVarint(&pBlk->a[1], iPtr);
+        }
+      }
+      blobGrowBuffer(pBlk, pBlk->n + nSpace, &rc);
+      blobGrowBuffer(&pNode->key, nTerm, &rc);
+
+      if( rc==SQLITE_OK ){
+        if( pNode->key.n ){
+          pBlk->n += sqlite3Fts3PutVarint(&pBlk->a[pBlk->n], nPrefix);
+        }
+        pBlk->n += sqlite3Fts3PutVarint(&pBlk->a[pBlk->n], nSuffix);
+        memcpy(&pBlk->a[pBlk->n], &zTerm[nPrefix], nSuffix);
+        pBlk->n += nSuffix;
+
+        memcpy(pNode->key.a, zTerm, nTerm);
+        pNode->key.n = nTerm;
+      }
+    }else{
+      /* Otherwise, flush the current node of layer iLayer to disk.
+      ** Then allocate a new, empty sibling node. The key will be written
+      ** into the parent of this node. */
+      rc = fts3WriteSegment(p, pNode->iBlock, pNode->block.a, pNode->block.n);
+
+      assert( pNode->block.nAlloc>=p->nNodeSize );
+      pNode->block.a[0] = (char)iLayer;
+      pNode->block.n = 1 + sqlite3Fts3PutVarint(&pNode->block.a[1], iPtr+1);
+
+      iNextPtr = pNode->iBlock;
+      pNode->iBlock++;
+      pNode->key.n = 0;
+    }
+
+    if( rc!=SQLITE_OK || iNextPtr==0 ) return rc;
+    iPtr = iNextPtr;
+  }
+
+  assert( 0 );
+  return 0;
+}
+
+/*
+** Append a term and (optionally) doclist to the FTS segment node currently
+** stored in blob *pNode. The node need not contain any terms, but the
+** header must be written before this function is called.
+**
+** A node header is a single 0x00 byte for a leaf node, or a height varint
+** followed by the left-hand-child varint for an internal node.
+**
+** The term to be appended is passed via arguments zTerm/nTerm. For a 
+** leaf node, the doclist is passed as aDoclist/nDoclist. For an internal
+** node, both aDoclist and nDoclist must be passed 0.
+**
+** If the size of the value in blob pPrev is zero, then this is the first
+** term written to the node. Otherwise, pPrev contains a copy of the 
+** previous term. Before this function returns, it is updated to contain a
+** copy of zTerm/nTerm.
+**
+** It is assumed that the buffer associated with pNode is already large
+** enough to accommodate the new entry. The buffer associated with pPrev
+** is extended by this function if requrired.
+**
+** If an error (i.e. OOM condition) occurs, an SQLite error code is
+** returned. Otherwise, SQLITE_OK.
+*/
+static int fts3AppendToNode(
+  Blob *pNode,                    /* Current node image to append to */
+  Blob *pPrev,                    /* Buffer containing previous term written */
+  const char *zTerm,              /* New term to write */
+  int nTerm,                      /* Size of zTerm in bytes */
+  const char *aDoclist,           /* Doclist (or NULL) to write */
+  int nDoclist                    /* Size of aDoclist in bytes */ 
+){
+  int rc = SQLITE_OK;             /* Return code */
+  int bFirst = (pPrev->n==0);     /* True if this is the first term written */
+  int nPrefix;                    /* Size of term prefix in bytes */
+  int nSuffix;                    /* Size of term suffix in bytes */
+
+  /* Node must have already been started. There must be a doclist for a
+  ** leaf node, and there must not be a doclist for an internal node.  */
+  assert( pNode->n>0 );
+  assert( (pNode->a[0]=='\0')==(aDoclist!=0) );
+
+  blobGrowBuffer(pPrev, nTerm, &rc);
+  if( rc!=SQLITE_OK ) return rc;
+
+  nPrefix = fts3PrefixCompress(pPrev->a, pPrev->n, zTerm, nTerm);
+  nSuffix = nTerm - nPrefix;
+  memcpy(pPrev->a, zTerm, nTerm);
+  pPrev->n = nTerm;
+
+  if( bFirst==0 ){
+    pNode->n += sqlite3Fts3PutVarint(&pNode->a[pNode->n], nPrefix);
+  }
+  pNode->n += sqlite3Fts3PutVarint(&pNode->a[pNode->n], nSuffix);
+  memcpy(&pNode->a[pNode->n], &zTerm[nPrefix], nSuffix);
+  pNode->n += nSuffix;
+
+  if( aDoclist ){
+    pNode->n += sqlite3Fts3PutVarint(&pNode->a[pNode->n], nDoclist);
+    memcpy(&pNode->a[pNode->n], aDoclist, nDoclist);
+    pNode->n += nDoclist;
+  }
+
+  assert( pNode->n<=pNode->nAlloc );
+
+  return SQLITE_OK;
+}
+
+/*
+** Append the current term and doclist pointed to by cursor pCsr to the
+** appendable b-tree segment opened for writing by pWriter.
+**
+** Return SQLITE_OK if successful, or an SQLite error code otherwise.
+*/
+static int fts3IncrmergeAppend(
+  Fts3Table *p,                   /* Fts3 table handle */
+  IncrmergeWriter *pWriter,       /* Writer object */
+  Fts3MultiSegReader *pCsr        /* Cursor containing term and doclist */
+){
+  const char *zTerm = pCsr->zTerm;
+  int nTerm = pCsr->nTerm;
+  const char *aDoclist = pCsr->aDoclist;
+  int nDoclist = pCsr->nDoclist;
+  int rc = SQLITE_OK;           /* Return code */
+  int nSpace;                   /* Total space in bytes required on leaf */
+  int nPrefix;                  /* Size of prefix shared with previous term */
+  int nSuffix;                  /* Size of suffix (nTerm - nPrefix) */
+  NodeWriter *pLeaf;            /* Object used to write leaf nodes */
+
+  pLeaf = &pWriter->aNodeWriter[0];
+  nPrefix = fts3PrefixCompress(pLeaf->key.a, pLeaf->key.n, zTerm, nTerm);
+  nSuffix = nTerm - nPrefix;
+
+  nSpace  = sqlite3Fts3VarintLen(nPrefix);
+  nSpace += sqlite3Fts3VarintLen(nSuffix) + nSuffix;
+  nSpace += sqlite3Fts3VarintLen(nDoclist) + nDoclist;
+
+  /* If the current block is not empty, and if adding this term/doclist
+  ** to the current block would make it larger than Fts3Table.nNodeSize
+  ** bytes, write this block out to the database. */
+  if( pLeaf->block.n>0 && (pLeaf->block.n + nSpace)>p->nNodeSize ){
+    rc = fts3WriteSegment(p, pLeaf->iBlock, pLeaf->block.a, pLeaf->block.n);
+    pWriter->nWork++;
+
+    /* Add the current term to the parent node. The term added to the 
+    ** parent must:
+    **
+    **   a) be greater than the largest term on the leaf node just written
+    **      to the database (still available in pLeaf->key), and
+    **
+    **   b) be less than or equal to the term about to be added to the new
+    **      leaf node (zTerm/nTerm).
+    **
+    ** In other words, it must be the prefix of zTerm 1 byte longer than
+    ** the common prefix (if any) of zTerm and pWriter->zTerm.
+    */
+    if( rc==SQLITE_OK ){
+      rc = fts3IncrmergePush(p, pWriter, zTerm, nPrefix+1);
+    }
+
+    /* Advance to the next output block */
+    pLeaf->iBlock++;
+    pLeaf->key.n = 0;
+    pLeaf->block.n = 0;
+
+    nSuffix = nTerm;
+    nSpace  = 1;
+    nSpace += sqlite3Fts3VarintLen(nSuffix) + nSuffix;
+    nSpace += sqlite3Fts3VarintLen(nDoclist) + nDoclist;
+  }
+
+  pWriter->nLeafData += nSpace;
+  blobGrowBuffer(&pLeaf->block, pLeaf->block.n + nSpace, &rc);
+  if( rc==SQLITE_OK ){
+    if( pLeaf->block.n==0 ){
+      pLeaf->block.n = 1;
+      pLeaf->block.a[0] = '\0';
+    }
+    rc = fts3AppendToNode(
+        &pLeaf->block, &pLeaf->key, zTerm, nTerm, aDoclist, nDoclist
+    );
+  }
+
+  return rc;
+}
+
+/*
+** This function is called to release all dynamic resources held by the
+** merge-writer object pWriter, and if no error has occurred, to flush
+** all outstanding node buffers held by pWriter to disk.
+**
+** If *pRc is not SQLITE_OK when this function is called, then no attempt
+** is made to write any data to disk. Instead, this function serves only
+** to release outstanding resources.
+**
+** Otherwise, if *pRc is initially SQLITE_OK and an error occurs while
+** flushing buffers to disk, *pRc is set to an SQLite error code before
+** returning.
+*/
+static void fts3IncrmergeRelease(
+  Fts3Table *p,                   /* FTS3 table handle */
+  IncrmergeWriter *pWriter,       /* Merge-writer object */
+  int *pRc                        /* IN/OUT: Error code */
+){
+  int i;                          /* Used to iterate through non-root layers */
+  int iRoot;                      /* Index of root in pWriter->aNodeWriter */
+  NodeWriter *pRoot;              /* NodeWriter for root node */
+  int rc = *pRc;                  /* Error code */
+
+  /* Set iRoot to the index in pWriter->aNodeWriter[] of the output segment 
+  ** root node. If the segment fits entirely on a single leaf node, iRoot
+  ** will be set to 0. If the root node is the parent of the leaves, iRoot
+  ** will be 1. And so on.  */
+  for(iRoot=FTS_MAX_APPENDABLE_HEIGHT-1; iRoot>=0; iRoot--){
+    NodeWriter *pNode = &pWriter->aNodeWriter[iRoot];
+    if( pNode->block.n>0 ) break;
+    assert( *pRc || pNode->block.nAlloc==0 );
+    assert( *pRc || pNode->key.nAlloc==0 );
+    sqlite3_free(pNode->block.a);
+    sqlite3_free(pNode->key.a);
+  }
+
+  /* Empty output segment. This is a no-op. */
+  if( iRoot<0 ) return;
+
+  /* The entire output segment fits on a single node. Normally, this means
+  ** the node would be stored as a blob in the "root" column of the %_segdir
+  ** table. However, this is not permitted in this case. The problem is that 
+  ** space has already been reserved in the %_segments table, and so the 
+  ** start_block and end_block fields of the %_segdir table must be populated. 
+  ** And, by design or by accident, released versions of FTS cannot handle 
+  ** segments that fit entirely on the root node with start_block!=0.
+  **
+  ** Instead, create a synthetic root node that contains nothing but a 
+  ** pointer to the single content node. So that the segment consists of a
+  ** single leaf and a single interior (root) node.
+  **
+  ** Todo: Better might be to defer allocating space in the %_segments 
+  ** table until we are sure it is needed.
+  */
+  if( iRoot==0 ){
+    Blob *pBlock = &pWriter->aNodeWriter[1].block;
+    blobGrowBuffer(pBlock, 1 + FTS3_VARINT_MAX, &rc);
+    if( rc==SQLITE_OK ){
+      pBlock->a[0] = 0x01;
+      pBlock->n = 1 + sqlite3Fts3PutVarint(
+          &pBlock->a[1], pWriter->aNodeWriter[0].iBlock
+      );
+    }
+    iRoot = 1;
+  }
+  pRoot = &pWriter->aNodeWriter[iRoot];
+
+  /* Flush all currently outstanding nodes to disk. */
+  for(i=0; i<iRoot; i++){
+    NodeWriter *pNode = &pWriter->aNodeWriter[i];
+    if( pNode->block.n>0 && rc==SQLITE_OK ){
+      rc = fts3WriteSegment(p, pNode->iBlock, pNode->block.a, pNode->block.n);
+    }
+    sqlite3_free(pNode->block.a);
+    sqlite3_free(pNode->key.a);
+  }
+
+  /* Write the %_segdir record. */
+  if( rc==SQLITE_OK ){
+    rc = fts3WriteSegdir(p, 
+        pWriter->iAbsLevel+1,               /* level */
+        pWriter->iIdx,                      /* idx */
+        pWriter->iStart,                    /* start_block */
+        pWriter->aNodeWriter[0].iBlock,     /* leaves_end_block */
+        pWriter->iEnd,                      /* end_block */
+        (pWriter->bNoLeafData==0 ? pWriter->nLeafData : 0),   /* end_block */
+        pRoot->block.a, pRoot->block.n      /* root */
+    );
+  }
+  sqlite3_free(pRoot->block.a);
+  sqlite3_free(pRoot->key.a);
+
+  *pRc = rc;
+}
+
+/*
+** Compare the term in buffer zLhs (size in bytes nLhs) with that in
+** zRhs (size in bytes nRhs) using memcmp. If one term is a prefix of
+** the other, it is considered to be smaller than the other.
+**
+** Return -ve if zLhs is smaller than zRhs, 0 if it is equal, or +ve
+** if it is greater.
+*/
+static int fts3TermCmp(
+  const char *zLhs, int nLhs,     /* LHS of comparison */
+  const char *zRhs, int nRhs      /* RHS of comparison */
+){
+  int nCmp = MIN(nLhs, nRhs);
+  int res;
+
+  res = memcmp(zLhs, zRhs, nCmp);
+  if( res==0 ) res = nLhs - nRhs;
+
+  return res;
+}
+
+
+/*
+** Query to see if the entry in the %_segments table with blockid iEnd is 
+** NULL. If no error occurs and the entry is NULL, set *pbRes 1 before
+** returning. Otherwise, set *pbRes to 0. 
+**
+** Or, if an error occurs while querying the database, return an SQLite 
+** error code. The final value of *pbRes is undefined in this case.
+**
+** This is used to test if a segment is an "appendable" segment. If it
+** is, then a NULL entry has been inserted into the %_segments table
+** with blockid %_segdir.end_block.
+*/
+static int fts3IsAppendable(Fts3Table *p, sqlite3_int64 iEnd, int *pbRes){
+  int bRes = 0;                   /* Result to set *pbRes to */
+  sqlite3_stmt *pCheck = 0;       /* Statement to query database with */
+  int rc;                         /* Return code */
+
+  rc = fts3SqlStmt(p, SQL_SEGMENT_IS_APPENDABLE, &pCheck, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pCheck, 1, iEnd);
+    if( SQLITE_ROW==sqlite3_step(pCheck) ) bRes = 1;
+    rc = sqlite3_reset(pCheck);
+  }
+  
+  *pbRes = bRes;
+  return rc;
+}
+
+/*
+** This function is called when initializing an incremental-merge operation.
+** It checks if the existing segment with index value iIdx at absolute level 
+** (iAbsLevel+1) can be appended to by the incremental merge. If it can, the
+** merge-writer object *pWriter is initialized to write to it.
+**
+** An existing segment can be appended to by an incremental merge if:
+**
+**   * It was initially created as an appendable segment (with all required
+**     space pre-allocated), and
+**
+**   * The first key read from the input (arguments zKey and nKey) is 
+**     greater than the largest key currently stored in the potential
+**     output segment.
+*/
+static int fts3IncrmergeLoad(
+  Fts3Table *p,                   /* Fts3 table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute level of input segments */
+  int iIdx,                       /* Index of candidate output segment */
+  const char *zKey,               /* First key to write */
+  int nKey,                       /* Number of bytes in nKey */
+  IncrmergeWriter *pWriter        /* Populate this object */
+){
+  int rc;                         /* Return code */
+  sqlite3_stmt *pSelect = 0;      /* SELECT to read %_segdir entry */
+
+  rc = fts3SqlStmt(p, SQL_SELECT_SEGDIR, &pSelect, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_int64 iStart = 0;     /* Value of %_segdir.start_block */
+    sqlite3_int64 iLeafEnd = 0;   /* Value of %_segdir.leaves_end_block */
+    sqlite3_int64 iEnd = 0;       /* Value of %_segdir.end_block */
+    const char *aRoot = 0;        /* Pointer to %_segdir.root buffer */
+    int nRoot = 0;                /* Size of aRoot[] in bytes */
+    int rc2;                      /* Return code from sqlite3_reset() */
+    int bAppendable = 0;          /* Set to true if segment is appendable */
+
+    /* Read the %_segdir entry for index iIdx absolute level (iAbsLevel+1) */
+    sqlite3_bind_int64(pSelect, 1, iAbsLevel+1);
+    sqlite3_bind_int(pSelect, 2, iIdx);
+    if( sqlite3_step(pSelect)==SQLITE_ROW ){
+      iStart = sqlite3_column_int64(pSelect, 1);
+      iLeafEnd = sqlite3_column_int64(pSelect, 2);
+      fts3ReadEndBlockField(pSelect, 3, &iEnd, &pWriter->nLeafData);
+      if( pWriter->nLeafData<0 ){
+        pWriter->nLeafData = pWriter->nLeafData * -1;
+      }
+      pWriter->bNoLeafData = (pWriter->nLeafData==0);
+      nRoot = sqlite3_column_bytes(pSelect, 4);
+      aRoot = sqlite3_column_blob(pSelect, 4);
+    }else{
+      return sqlite3_reset(pSelect);
+    }
+
+    /* Check for the zero-length marker in the %_segments table */
+    rc = fts3IsAppendable(p, iEnd, &bAppendable);
+
+    /* Check that zKey/nKey is larger than the largest key the candidate */
+    if( rc==SQLITE_OK && bAppendable ){
+      char *aLeaf = 0;
+      int nLeaf = 0;
+
+      rc = sqlite3Fts3ReadBlock(p, iLeafEnd, &aLeaf, &nLeaf, 0);
+      if( rc==SQLITE_OK ){
+        NodeReader reader;
+        for(rc = nodeReaderInit(&reader, aLeaf, nLeaf);
+            rc==SQLITE_OK && reader.aNode;
+            rc = nodeReaderNext(&reader)
+        ){
+          assert( reader.aNode );
+        }
+        if( fts3TermCmp(zKey, nKey, reader.term.a, reader.term.n)<=0 ){
+          bAppendable = 0;
+        }
+        nodeReaderRelease(&reader);
+      }
+      sqlite3_free(aLeaf);
+    }
+
+    if( rc==SQLITE_OK && bAppendable ){
+      /* It is possible to append to this segment. Set up the IncrmergeWriter
+      ** object to do so.  */
+      int i;
+      int nHeight = (int)aRoot[0];
+      NodeWriter *pNode;
+
+      pWriter->nLeafEst = (int)((iEnd - iStart) + 1)/FTS_MAX_APPENDABLE_HEIGHT;
+      pWriter->iStart = iStart;
+      pWriter->iEnd = iEnd;
+      pWriter->iAbsLevel = iAbsLevel;
+      pWriter->iIdx = iIdx;
+
+      for(i=nHeight+1; i<FTS_MAX_APPENDABLE_HEIGHT; i++){
+        pWriter->aNodeWriter[i].iBlock = pWriter->iStart + i*pWriter->nLeafEst;
+      }
+
+      pNode = &pWriter->aNodeWriter[nHeight];
+      pNode->iBlock = pWriter->iStart + pWriter->nLeafEst*nHeight;
+      blobGrowBuffer(&pNode->block, MAX(nRoot, p->nNodeSize), &rc);
+      if( rc==SQLITE_OK ){
+        memcpy(pNode->block.a, aRoot, nRoot);
+        pNode->block.n = nRoot;
+      }
+
+      for(i=nHeight; i>=0 && rc==SQLITE_OK; i--){
+        NodeReader reader;
+        pNode = &pWriter->aNodeWriter[i];
+
+        rc = nodeReaderInit(&reader, pNode->block.a, pNode->block.n);
+        while( reader.aNode && rc==SQLITE_OK ) rc = nodeReaderNext(&reader);
+        blobGrowBuffer(&pNode->key, reader.term.n, &rc);
+        if( rc==SQLITE_OK ){
+          memcpy(pNode->key.a, reader.term.a, reader.term.n);
+          pNode->key.n = reader.term.n;
+          if( i>0 ){
+            char *aBlock = 0;
+            int nBlock = 0;
+            pNode = &pWriter->aNodeWriter[i-1];
+            pNode->iBlock = reader.iChild;
+            rc = sqlite3Fts3ReadBlock(p, reader.iChild, &aBlock, &nBlock, 0);
+            blobGrowBuffer(&pNode->block, MAX(nBlock, p->nNodeSize), &rc);
+            if( rc==SQLITE_OK ){
+              memcpy(pNode->block.a, aBlock, nBlock);
+              pNode->block.n = nBlock;
+            }
+            sqlite3_free(aBlock);
+          }
+        }
+        nodeReaderRelease(&reader);
+      }
+    }
+
+    rc2 = sqlite3_reset(pSelect);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  return rc;
+}
+
+/*
+** Determine the largest segment index value that exists within absolute
+** level iAbsLevel+1. If no error occurs, set *piIdx to this value plus
+** one before returning SQLITE_OK. Or, if there are no segments at all 
+** within level iAbsLevel, set *piIdx to zero.
+**
+** If an error occurs, return an SQLite error code. The final value of
+** *piIdx is undefined in this case.
+*/
+static int fts3IncrmergeOutputIdx( 
+  Fts3Table *p,                   /* FTS Table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute index of input segments */
+  int *piIdx                      /* OUT: Next free index at iAbsLevel+1 */
+){
+  int rc;
+  sqlite3_stmt *pOutputIdx = 0;   /* SQL used to find output index */
+
+  rc = fts3SqlStmt(p, SQL_NEXT_SEGMENT_INDEX, &pOutputIdx, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pOutputIdx, 1, iAbsLevel+1);
+    sqlite3_step(pOutputIdx);
+    *piIdx = sqlite3_column_int(pOutputIdx, 0);
+    rc = sqlite3_reset(pOutputIdx);
+  }
+
+  return rc;
+}
+
+/* 
+** Allocate an appendable output segment on absolute level iAbsLevel+1
+** with idx value iIdx.
+**
+** In the %_segdir table, a segment is defined by the values in three
+** columns:
+**
+**     start_block
+**     leaves_end_block
+**     end_block
+**
+** When an appendable segment is allocated, it is estimated that the
+** maximum number of leaf blocks that may be required is the sum of the
+** number of leaf blocks consumed by the input segments, plus the number
+** of input segments, multiplied by two. This value is stored in stack 
+** variable nLeafEst.
+**
+** A total of 16*nLeafEst blocks are allocated when an appendable segment
+** is created ((1 + end_block - start_block)==16*nLeafEst). The contiguous
+** array of leaf nodes starts at the first block allocated. The array
+** of interior nodes that are parents of the leaf nodes start at block
+** (start_block + (1 + end_block - start_block) / 16). And so on.
+**
+** In the actual code below, the value "16" is replaced with the 
+** pre-processor macro FTS_MAX_APPENDABLE_HEIGHT.
+*/
+static int fts3IncrmergeWriter( 
+  Fts3Table *p,                   /* Fts3 table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute level of input segments */
+  int iIdx,                       /* Index of new output segment */
+  Fts3MultiSegReader *pCsr,       /* Cursor that data will be read from */
+  IncrmergeWriter *pWriter        /* Populate this object */
+){
+  int rc;                         /* Return Code */
+  int i;                          /* Iterator variable */
+  int nLeafEst = 0;               /* Blocks allocated for leaf nodes */
+  sqlite3_stmt *pLeafEst = 0;     /* SQL used to determine nLeafEst */
+  sqlite3_stmt *pFirstBlock = 0;  /* SQL used to determine first block */
+
+  /* Calculate nLeafEst. */
+  rc = fts3SqlStmt(p, SQL_MAX_LEAF_NODE_ESTIMATE, &pLeafEst, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pLeafEst, 1, iAbsLevel);
+    sqlite3_bind_int64(pLeafEst, 2, pCsr->nSegment);
+    if( SQLITE_ROW==sqlite3_step(pLeafEst) ){
+      nLeafEst = sqlite3_column_int(pLeafEst, 0);
+    }
+    rc = sqlite3_reset(pLeafEst);
+  }
+  if( rc!=SQLITE_OK ) return rc;
+
+  /* Calculate the first block to use in the output segment */
+  rc = fts3SqlStmt(p, SQL_NEXT_SEGMENTS_ID, &pFirstBlock, 0);
+  if( rc==SQLITE_OK ){
+    if( SQLITE_ROW==sqlite3_step(pFirstBlock) ){
+      pWriter->iStart = sqlite3_column_int64(pFirstBlock, 0);
+      pWriter->iEnd = pWriter->iStart - 1;
+      pWriter->iEnd += nLeafEst * FTS_MAX_APPENDABLE_HEIGHT;
+    }
+    rc = sqlite3_reset(pFirstBlock);
+  }
+  if( rc!=SQLITE_OK ) return rc;
+
+  /* Insert the marker in the %_segments table to make sure nobody tries
+  ** to steal the space just allocated. This is also used to identify 
+  ** appendable segments.  */
+  rc = fts3WriteSegment(p, pWriter->iEnd, 0, 0);
+  if( rc!=SQLITE_OK ) return rc;
+
+  pWriter->iAbsLevel = iAbsLevel;
+  pWriter->nLeafEst = nLeafEst;
+  pWriter->iIdx = iIdx;
+
+  /* Set up the array of NodeWriter objects */
+  for(i=0; i<FTS_MAX_APPENDABLE_HEIGHT; i++){
+    pWriter->aNodeWriter[i].iBlock = pWriter->iStart + i*pWriter->nLeafEst;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Remove an entry from the %_segdir table. This involves running the 
+** following two statements:
+**
+**   DELETE FROM %_segdir WHERE level = :iAbsLevel AND idx = :iIdx
+**   UPDATE %_segdir SET idx = idx - 1 WHERE level = :iAbsLevel AND idx > :iIdx
+**
+** The DELETE statement removes the specific %_segdir level. The UPDATE 
+** statement ensures that the remaining segments have contiguously allocated
+** idx values.
+*/
+static int fts3RemoveSegdirEntry(
+  Fts3Table *p,                   /* FTS3 table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute level to delete from */
+  int iIdx                        /* Index of %_segdir entry to delete */
+){
+  int rc;                         /* Return code */
+  sqlite3_stmt *pDelete = 0;      /* DELETE statement */
+
+  rc = fts3SqlStmt(p, SQL_DELETE_SEGDIR_ENTRY, &pDelete, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pDelete, 1, iAbsLevel);
+    sqlite3_bind_int(pDelete, 2, iIdx);
+    sqlite3_step(pDelete);
+    rc = sqlite3_reset(pDelete);
+  }
+
+  return rc;
+}
+
+/*
+** One or more segments have just been removed from absolute level iAbsLevel.
+** Update the 'idx' values of the remaining segments in the level so that
+** the idx values are a contiguous sequence starting from 0.
+*/
+static int fts3RepackSegdirLevel(
+  Fts3Table *p,                   /* FTS3 table handle */
+  sqlite3_int64 iAbsLevel         /* Absolute level to repack */
+){
+  int rc;                         /* Return code */
+  int *aIdx = 0;                  /* Array of remaining idx values */
+  int nIdx = 0;                   /* Valid entries in aIdx[] */
+  int nAlloc = 0;                 /* Allocated size of aIdx[] */
+  int i;                          /* Iterator variable */
+  sqlite3_stmt *pSelect = 0;      /* Select statement to read idx values */
+  sqlite3_stmt *pUpdate = 0;      /* Update statement to modify idx values */
+
+  rc = fts3SqlStmt(p, SQL_SELECT_INDEXES, &pSelect, 0);
+  if( rc==SQLITE_OK ){
+    int rc2;
+    sqlite3_bind_int64(pSelect, 1, iAbsLevel);
+    while( SQLITE_ROW==sqlite3_step(pSelect) ){
+      if( nIdx>=nAlloc ){
+        int *aNew;
+        nAlloc += 16;
+        aNew = sqlite3_realloc(aIdx, nAlloc*sizeof(int));
+        if( !aNew ){
+          rc = SQLITE_NOMEM;
+          break;
+        }
+        aIdx = aNew;
+      }
+      aIdx[nIdx++] = sqlite3_column_int(pSelect, 0);
+    }
+    rc2 = sqlite3_reset(pSelect);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = fts3SqlStmt(p, SQL_SHIFT_SEGDIR_ENTRY, &pUpdate, 0);
+  }
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pUpdate, 2, iAbsLevel);
+  }
+
+  assert( p->bIgnoreSavepoint==0 );
+  p->bIgnoreSavepoint = 1;
+  for(i=0; rc==SQLITE_OK && i<nIdx; i++){
+    if( aIdx[i]!=i ){
+      sqlite3_bind_int(pUpdate, 3, aIdx[i]);
+      sqlite3_bind_int(pUpdate, 1, i);
+      sqlite3_step(pUpdate);
+      rc = sqlite3_reset(pUpdate);
+    }
+  }
+  p->bIgnoreSavepoint = 0;
+
+  sqlite3_free(aIdx);
+  return rc;
+}
+
+static void fts3StartNode(Blob *pNode, int iHeight, sqlite3_int64 iChild){
+  pNode->a[0] = (char)iHeight;
+  if( iChild ){
+    assert( pNode->nAlloc>=1+sqlite3Fts3VarintLen(iChild) );
+    pNode->n = 1 + sqlite3Fts3PutVarint(&pNode->a[1], iChild);
+  }else{
+    assert( pNode->nAlloc>=1 );
+    pNode->n = 1;
+  }
+}
+
+/*
+** The first two arguments are a pointer to and the size of a segment b-tree
+** node. The node may be a leaf or an internal node.
+**
+** This function creates a new node image in blob object *pNew by copying
+** all terms that are greater than or equal to zTerm/nTerm (for leaf nodes)
+** or greater than zTerm/nTerm (for internal nodes) from aNode/nNode.
+*/
+static int fts3TruncateNode(
+  const char *aNode,              /* Current node image */
+  int nNode,                      /* Size of aNode in bytes */
+  Blob *pNew,                     /* OUT: Write new node image here */
+  const char *zTerm,              /* Omit all terms smaller than this */
+  int nTerm,                      /* Size of zTerm in bytes */
+  sqlite3_int64 *piBlock          /* OUT: Block number in next layer down */
+){
+  NodeReader reader;              /* Reader object */
+  Blob prev = {0, 0, 0};          /* Previous term written to new node */
+  int rc = SQLITE_OK;             /* Return code */
+  int bLeaf = aNode[0]=='\0';     /* True for a leaf node */
+
+  /* Allocate required output space */
+  blobGrowBuffer(pNew, nNode, &rc);
+  if( rc!=SQLITE_OK ) return rc;
+  pNew->n = 0;
+
+  /* Populate new node buffer */
+  for(rc = nodeReaderInit(&reader, aNode, nNode); 
+      rc==SQLITE_OK && reader.aNode; 
+      rc = nodeReaderNext(&reader)
+  ){
+    if( pNew->n==0 ){
+      int res = fts3TermCmp(reader.term.a, reader.term.n, zTerm, nTerm);
+      if( res<0 || (bLeaf==0 && res==0) ) continue;
+      fts3StartNode(pNew, (int)aNode[0], reader.iChild);
+      *piBlock = reader.iChild;
+    }
+    rc = fts3AppendToNode(
+        pNew, &prev, reader.term.a, reader.term.n,
+        reader.aDoclist, reader.nDoclist
+    );
+    if( rc!=SQLITE_OK ) break;
+  }
+  if( pNew->n==0 ){
+    fts3StartNode(pNew, (int)aNode[0], reader.iChild);
+    *piBlock = reader.iChild;
+  }
+  assert( pNew->n<=pNew->nAlloc );
+
+  nodeReaderRelease(&reader);
+  sqlite3_free(prev.a);
+  return rc;
+}
+
+/*
+** Remove all terms smaller than zTerm/nTerm from segment iIdx in absolute 
+** level iAbsLevel. This may involve deleting entries from the %_segments
+** table, and modifying existing entries in both the %_segments and %_segdir
+** tables.
+**
+** SQLITE_OK is returned if the segment is updated successfully. Or an
+** SQLite error code otherwise.
+*/
+static int fts3TruncateSegment(
+  Fts3Table *p,                   /* FTS3 table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute level of segment to modify */
+  int iIdx,                       /* Index within level of segment to modify */
+  const char *zTerm,              /* Remove terms smaller than this */
+  int nTerm                      /* Number of bytes in buffer zTerm */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  Blob root = {0,0,0};            /* New root page image */
+  Blob block = {0,0,0};           /* Buffer used for any other block */
+  sqlite3_int64 iBlock = 0;       /* Block id */
+  sqlite3_int64 iNewStart = 0;    /* New value for iStartBlock */
+  sqlite3_int64 iOldStart = 0;    /* Old value for iStartBlock */
+  sqlite3_stmt *pFetch = 0;       /* Statement used to fetch segdir */
+
+  rc = fts3SqlStmt(p, SQL_SELECT_SEGDIR, &pFetch, 0);
+  if( rc==SQLITE_OK ){
+    int rc2;                      /* sqlite3_reset() return code */
+    sqlite3_bind_int64(pFetch, 1, iAbsLevel);
+    sqlite3_bind_int(pFetch, 2, iIdx);
+    if( SQLITE_ROW==sqlite3_step(pFetch) ){
+      const char *aRoot = sqlite3_column_blob(pFetch, 4);
+      int nRoot = sqlite3_column_bytes(pFetch, 4);
+      iOldStart = sqlite3_column_int64(pFetch, 1);
+      rc = fts3TruncateNode(aRoot, nRoot, &root, zTerm, nTerm, &iBlock);
+    }
+    rc2 = sqlite3_reset(pFetch);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  while( rc==SQLITE_OK && iBlock ){
+    char *aBlock = 0;
+    int nBlock = 0;
+    iNewStart = iBlock;
+
+    rc = sqlite3Fts3ReadBlock(p, iBlock, &aBlock, &nBlock, 0);
+    if( rc==SQLITE_OK ){
+      rc = fts3TruncateNode(aBlock, nBlock, &block, zTerm, nTerm, &iBlock);
+    }
+    if( rc==SQLITE_OK ){
+      rc = fts3WriteSegment(p, iNewStart, block.a, block.n);
+    }
+    sqlite3_free(aBlock);
+  }
+
+  /* Variable iNewStart now contains the first valid leaf node. */
+  if( rc==SQLITE_OK && iNewStart ){
+    sqlite3_stmt *pDel = 0;
+    rc = fts3SqlStmt(p, SQL_DELETE_SEGMENTS_RANGE, &pDel, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pDel, 1, iOldStart);
+      sqlite3_bind_int64(pDel, 2, iNewStart-1);
+      sqlite3_step(pDel);
+      rc = sqlite3_reset(pDel);
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    sqlite3_stmt *pChomp = 0;
+    rc = fts3SqlStmt(p, SQL_CHOMP_SEGDIR, &pChomp, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pChomp, 1, iNewStart);
+      sqlite3_bind_blob(pChomp, 2, root.a, root.n, SQLITE_STATIC);
+      sqlite3_bind_int64(pChomp, 3, iAbsLevel);
+      sqlite3_bind_int(pChomp, 4, iIdx);
+      sqlite3_step(pChomp);
+      rc = sqlite3_reset(pChomp);
+    }
+  }
+
+  sqlite3_free(root.a);
+  sqlite3_free(block.a);
+  return rc;
+}
+
+/*
+** This function is called after an incrmental-merge operation has run to
+** merge (or partially merge) two or more segments from absolute level
+** iAbsLevel.
+**
+** Each input segment is either removed from the db completely (if all of
+** its data was copied to the output segment by the incrmerge operation)
+** or modified in place so that it no longer contains those entries that
+** have been duplicated in the output segment.
+*/
+static int fts3IncrmergeChomp(
+  Fts3Table *p,                   /* FTS table handle */
+  sqlite3_int64 iAbsLevel,        /* Absolute level containing segments */
+  Fts3MultiSegReader *pCsr,       /* Chomp all segments opened by this cursor */
+  int *pnRem                      /* Number of segments not deleted */
+){
+  int i;
+  int nRem = 0;
+  int rc = SQLITE_OK;
+
+  for(i=pCsr->nSegment-1; i>=0 && rc==SQLITE_OK; i--){
+    Fts3SegReader *pSeg = 0;
+    int j;
+
+    /* Find the Fts3SegReader object with Fts3SegReader.iIdx==i. It is hiding
+    ** somewhere in the pCsr->apSegment[] array.  */
+    for(j=0; ALWAYS(j<pCsr->nSegment); j++){
+      pSeg = pCsr->apSegment[j];
+      if( pSeg->iIdx==i ) break;
+    }
+    assert( j<pCsr->nSegment && pSeg->iIdx==i );
+
+    if( pSeg->aNode==0 ){
+      /* Seg-reader is at EOF. Remove the entire input segment. */
+      rc = fts3DeleteSegment(p, pSeg);
+      if( rc==SQLITE_OK ){
+        rc = fts3RemoveSegdirEntry(p, iAbsLevel, pSeg->iIdx);
+      }
+      *pnRem = 0;
+    }else{
+      /* The incremental merge did not copy all the data from this 
+      ** segment to the upper level. The segment is modified in place
+      ** so that it contains no keys smaller than zTerm/nTerm. */ 
+      const char *zTerm = pSeg->zTerm;
+      int nTerm = pSeg->nTerm;
+      rc = fts3TruncateSegment(p, iAbsLevel, pSeg->iIdx, zTerm, nTerm);
+      nRem++;
+    }
+  }
+
+  if( rc==SQLITE_OK && nRem!=pCsr->nSegment ){
+    rc = fts3RepackSegdirLevel(p, iAbsLevel);
+  }
+
+  *pnRem = nRem;
+  return rc;
+}
+
+/*
+** Store an incr-merge hint in the database.
+*/
+static int fts3IncrmergeHintStore(Fts3Table *p, Blob *pHint){
+  sqlite3_stmt *pReplace = 0;
+  int rc;                         /* Return code */
+
+  rc = fts3SqlStmt(p, SQL_REPLACE_STAT, &pReplace, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int(pReplace, 1, FTS_STAT_INCRMERGEHINT);
+    sqlite3_bind_blob(pReplace, 2, pHint->a, pHint->n, SQLITE_STATIC);
+    sqlite3_step(pReplace);
+    rc = sqlite3_reset(pReplace);
+  }
+
+  return rc;
+}
+
+/*
+** Load an incr-merge hint from the database. The incr-merge hint, if one 
+** exists, is stored in the rowid==1 row of the %_stat table.
+**
+** If successful, populate blob *pHint with the value read from the %_stat
+** table and return SQLITE_OK. Otherwise, if an error occurs, return an
+** SQLite error code.
+*/
+static int fts3IncrmergeHintLoad(Fts3Table *p, Blob *pHint){
+  sqlite3_stmt *pSelect = 0;
+  int rc;
+
+  pHint->n = 0;
+  rc = fts3SqlStmt(p, SQL_SELECT_STAT, &pSelect, 0);
+  if( rc==SQLITE_OK ){
+    int rc2;
+    sqlite3_bind_int(pSelect, 1, FTS_STAT_INCRMERGEHINT);
+    if( SQLITE_ROW==sqlite3_step(pSelect) ){
+      const char *aHint = sqlite3_column_blob(pSelect, 0);
+      int nHint = sqlite3_column_bytes(pSelect, 0);
+      if( aHint ){
+        blobGrowBuffer(pHint, nHint, &rc);
+        if( rc==SQLITE_OK ){
+          memcpy(pHint->a, aHint, nHint);
+          pHint->n = nHint;
+        }
+      }
+    }
+    rc2 = sqlite3_reset(pSelect);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  return rc;
+}
+
+/*
+** If *pRc is not SQLITE_OK when this function is called, it is a no-op.
+** Otherwise, append an entry to the hint stored in blob *pHint. Each entry
+** consists of two varints, the absolute level number of the input segments 
+** and the number of input segments.
+**
+** If successful, leave *pRc set to SQLITE_OK and return. If an error occurs,
+** set *pRc to an SQLite error code before returning.
+*/
+static void fts3IncrmergeHintPush(
+  Blob *pHint,                    /* Hint blob to append to */
+  i64 iAbsLevel,                  /* First varint to store in hint */
+  int nInput,                     /* Second varint to store in hint */
+  int *pRc                        /* IN/OUT: Error code */
+){
+  blobGrowBuffer(pHint, pHint->n + 2*FTS3_VARINT_MAX, pRc);
+  if( *pRc==SQLITE_OK ){
+    pHint->n += sqlite3Fts3PutVarint(&pHint->a[pHint->n], iAbsLevel);
+    pHint->n += sqlite3Fts3PutVarint(&pHint->a[pHint->n], (i64)nInput);
+  }
+}
+
+/*
+** Read the last entry (most recently pushed) from the hint blob *pHint
+** and then remove the entry. Write the two values read to *piAbsLevel and 
+** *pnInput before returning.
+**
+** If no error occurs, return SQLITE_OK. If the hint blob in *pHint does
+** not contain at least two valid varints, return SQLITE_CORRUPT_VTAB.
+*/
+static int fts3IncrmergeHintPop(Blob *pHint, i64 *piAbsLevel, int *pnInput){
+  const int nHint = pHint->n;
+  int i;
+
+  i = pHint->n-2;
+  while( i>0 && (pHint->a[i-1] & 0x80) ) i--;
+  while( i>0 && (pHint->a[i-1] & 0x80) ) i--;
+
+  pHint->n = i;
+  i += sqlite3Fts3GetVarint(&pHint->a[i], piAbsLevel);
+  i += fts3GetVarint32(&pHint->a[i], pnInput);
+  if( i!=nHint ) return FTS_CORRUPT_VTAB;
+
+  return SQLITE_OK;
+}
+
+
+/*
+** Attempt an incremental merge that writes nMerge leaf blocks.
+**
+** Incremental merges happen nMin segments at a time. The segments 
+** to be merged are the nMin oldest segments (the ones with the smallest 
+** values for the _segdir.idx field) in the highest level that contains 
+** at least nMin segments. Multiple merges might occur in an attempt to 
+** write the quota of nMerge leaf blocks.
+*/
+SQLITE_PRIVATE int sqlite3Fts3Incrmerge(Fts3Table *p, int nMerge, int nMin){
+  int rc;                         /* Return code */
+  int nRem = nMerge;              /* Number of leaf pages yet to  be written */
+  Fts3MultiSegReader *pCsr;       /* Cursor used to read input data */
+  Fts3SegFilter *pFilter;         /* Filter used with cursor pCsr */
+  IncrmergeWriter *pWriter;       /* Writer object */
+  int nSeg = 0;                   /* Number of input segments */
+  sqlite3_int64 iAbsLevel = 0;    /* Absolute level number to work on */
+  Blob hint = {0, 0, 0};          /* Hint read from %_stat table */
+  int bDirtyHint = 0;             /* True if blob 'hint' has been modified */
+
+  /* Allocate space for the cursor, filter and writer objects */
+  const int nAlloc = sizeof(*pCsr) + sizeof(*pFilter) + sizeof(*pWriter);
+  pWriter = (IncrmergeWriter *)sqlite3_malloc(nAlloc);
+  if( !pWriter ) return SQLITE_NOMEM;
+  pFilter = (Fts3SegFilter *)&pWriter[1];
+  pCsr = (Fts3MultiSegReader *)&pFilter[1];
+
+  rc = fts3IncrmergeHintLoad(p, &hint);
+  while( rc==SQLITE_OK && nRem>0 ){
+    const i64 nMod = FTS3_SEGDIR_MAXLEVEL * p->nIndex;
+    sqlite3_stmt *pFindLevel = 0; /* SQL used to determine iAbsLevel */
+    int bUseHint = 0;             /* True if attempting to append */
+    int iIdx = 0;                 /* Largest idx in level (iAbsLevel+1) */
+
+    /* Search the %_segdir table for the absolute level with the smallest
+    ** relative level number that contains at least nMin segments, if any.
+    ** If one is found, set iAbsLevel to the absolute level number and
+    ** nSeg to nMin. If no level with at least nMin segments can be found, 
+    ** set nSeg to -1.
+    */
+    rc = fts3SqlStmt(p, SQL_FIND_MERGE_LEVEL, &pFindLevel, 0);
+    sqlite3_bind_int(pFindLevel, 1, nMin);
+    if( sqlite3_step(pFindLevel)==SQLITE_ROW ){
+      iAbsLevel = sqlite3_column_int64(pFindLevel, 0);
+      nSeg = nMin;
+    }else{
+      nSeg = -1;
+    }
+    rc = sqlite3_reset(pFindLevel);
+
+    /* If the hint read from the %_stat table is not empty, check if the
+    ** last entry in it specifies a relative level smaller than or equal
+    ** to the level identified by the block above (if any). If so, this 
+    ** iteration of the loop will work on merging at the hinted level.
+    */
+    if( rc==SQLITE_OK && hint.n ){
+      int nHint = hint.n;
+      sqlite3_int64 iHintAbsLevel = 0;      /* Hint level */
+      int nHintSeg = 0;                     /* Hint number of segments */
+
+      rc = fts3IncrmergeHintPop(&hint, &iHintAbsLevel, &nHintSeg);
+      if( nSeg<0 || (iAbsLevel % nMod) >= (iHintAbsLevel % nMod) ){
+        iAbsLevel = iHintAbsLevel;
+        nSeg = nHintSeg;
+        bUseHint = 1;
+        bDirtyHint = 1;
+      }else{
+        /* This undoes the effect of the HintPop() above - so that no entry
+        ** is removed from the hint blob.  */
+        hint.n = nHint;
+      }
+    }
+
+    /* If nSeg is less that zero, then there is no level with at least
+    ** nMin segments and no hint in the %_stat table. No work to do.
+    ** Exit early in this case.  */
+    if( nSeg<0 ) break;
+
+    /* Open a cursor to iterate through the contents of the oldest nSeg 
+    ** indexes of absolute level iAbsLevel. If this cursor is opened using 
+    ** the 'hint' parameters, it is possible that there are less than nSeg
+    ** segments available in level iAbsLevel. In this case, no work is
+    ** done on iAbsLevel - fall through to the next iteration of the loop 
+    ** to start work on some other level.  */
+    memset(pWriter, 0, nAlloc);
+    pFilter->flags = FTS3_SEGMENT_REQUIRE_POS;
+
+    if( rc==SQLITE_OK ){
+      rc = fts3IncrmergeOutputIdx(p, iAbsLevel, &iIdx);
+      assert( bUseHint==1 || bUseHint==0 );
+      if( iIdx==0 || (bUseHint && iIdx==1) ){
+        int bIgnore = 0;
+        rc = fts3SegmentIsMaxLevel(p, iAbsLevel+1, &bIgnore);
+        if( bIgnore ){
+          pFilter->flags |= FTS3_SEGMENT_IGNORE_EMPTY;
+        }
+      }
+    }
+
+    if( rc==SQLITE_OK ){
+      rc = fts3IncrmergeCsr(p, iAbsLevel, nSeg, pCsr);
+    }
+    if( SQLITE_OK==rc && pCsr->nSegment==nSeg
+     && SQLITE_OK==(rc = sqlite3Fts3SegReaderStart(p, pCsr, pFilter))
+     && SQLITE_ROW==(rc = sqlite3Fts3SegReaderStep(p, pCsr))
+    ){
+      if( bUseHint && iIdx>0 ){
+        const char *zKey = pCsr->zTerm;
+        int nKey = pCsr->nTerm;
+        rc = fts3IncrmergeLoad(p, iAbsLevel, iIdx-1, zKey, nKey, pWriter);
+      }else{
+        rc = fts3IncrmergeWriter(p, iAbsLevel, iIdx, pCsr, pWriter);
+      }
+
+      if( rc==SQLITE_OK && pWriter->nLeafEst ){
+        fts3LogMerge(nSeg, iAbsLevel);
+        do {
+          rc = fts3IncrmergeAppend(p, pWriter, pCsr);
+          if( rc==SQLITE_OK ) rc = sqlite3Fts3SegReaderStep(p, pCsr);
+          if( pWriter->nWork>=nRem && rc==SQLITE_ROW ) rc = SQLITE_OK;
+        }while( rc==SQLITE_ROW );
+
+        /* Update or delete the input segments */
+        if( rc==SQLITE_OK ){
+          nRem -= (1 + pWriter->nWork);
+          rc = fts3IncrmergeChomp(p, iAbsLevel, pCsr, &nSeg);
+          if( nSeg!=0 ){
+            bDirtyHint = 1;
+            fts3IncrmergeHintPush(&hint, iAbsLevel, nSeg, &rc);
+          }
+        }
+      }
+
+      if( nSeg!=0 ){
+        pWriter->nLeafData = pWriter->nLeafData * -1;
+      }
+      fts3IncrmergeRelease(p, pWriter, &rc);
+      if( nSeg==0 && pWriter->bNoLeafData==0 ){
+        fts3PromoteSegments(p, iAbsLevel+1, pWriter->nLeafData);
+      }
+    }
+
+    sqlite3Fts3SegReaderFinish(pCsr);
+  }
+
+  /* Write the hint values into the %_stat table for the next incr-merger */
+  if( bDirtyHint && rc==SQLITE_OK ){
+    rc = fts3IncrmergeHintStore(p, &hint);
+  }
+
+  sqlite3_free(pWriter);
+  sqlite3_free(hint.a);
+  return rc;
+}
+
+/*
+** Convert the text beginning at *pz into an integer and return
+** its value.  Advance *pz to point to the first character past
+** the integer.
+*/
+static int fts3Getint(const char **pz){
+  const char *z = *pz;
+  int i = 0;
+  while( (*z)>='0' && (*z)<='9' ) i = 10*i + *(z++) - '0';
+  *pz = z;
+  return i;
+}
+
+/*
+** Process statements of the form:
+**
+**    INSERT INTO table(table) VALUES('merge=A,B');
+**
+** A and B are integers that decode to be the number of leaf pages
+** written for the merge, and the minimum number of segments on a level
+** before it will be selected for a merge, respectively.
+*/
+static int fts3DoIncrmerge(
+  Fts3Table *p,                   /* FTS3 table handle */
+  const char *zParam              /* Nul-terminated string containing "A,B" */
+){
+  int rc;
+  int nMin = (FTS3_MERGE_COUNT / 2);
+  int nMerge = 0;
+  const char *z = zParam;
+
+  /* Read the first integer value */
+  nMerge = fts3Getint(&z);
+
+  /* If the first integer value is followed by a ',',  read the second
+  ** integer value. */
+  if( z[0]==',' && z[1]!='\0' ){
+    z++;
+    nMin = fts3Getint(&z);
+  }
+
+  if( z[0]!='\0' || nMin<2 ){
+    rc = SQLITE_ERROR;
+  }else{
+    rc = SQLITE_OK;
+    if( !p->bHasStat ){
+      assert( p->bFts4==0 );
+      sqlite3Fts3CreateStatTable(&rc, p);
+    }
+    if( rc==SQLITE_OK ){
+      rc = sqlite3Fts3Incrmerge(p, nMerge, nMin);
+    }
+    sqlite3Fts3SegmentsClose(p);
+  }
+  return rc;
+}
+
+/*
+** Process statements of the form:
+**
+**    INSERT INTO table(table) VALUES('automerge=X');
+**
+** where X is an integer.  X==0 means to turn automerge off.  X!=0 means
+** turn it on.  The setting is persistent.
+*/
+static int fts3DoAutoincrmerge(
+  Fts3Table *p,                   /* FTS3 table handle */
+  const char *zParam              /* Nul-terminated string containing boolean */
+){
+  int rc = SQLITE_OK;
+  sqlite3_stmt *pStmt = 0;
+  p->nAutoincrmerge = fts3Getint(&zParam);
+  if( p->nAutoincrmerge==1 || p->nAutoincrmerge>FTS3_MERGE_COUNT ){
+    p->nAutoincrmerge = 8;
+  }
+  if( !p->bHasStat ){
+    assert( p->bFts4==0 );
+    sqlite3Fts3CreateStatTable(&rc, p);
+    if( rc ) return rc;
+  }
+  rc = fts3SqlStmt(p, SQL_REPLACE_STAT, &pStmt, 0);
+  if( rc ) return rc;
+  sqlite3_bind_int(pStmt, 1, FTS_STAT_AUTOINCRMERGE);
+  sqlite3_bind_int(pStmt, 2, p->nAutoincrmerge);
+  sqlite3_step(pStmt);
+  rc = sqlite3_reset(pStmt);
+  return rc;
+}
+
+/*
+** Return a 64-bit checksum for the FTS index entry specified by the
+** arguments to this function.
+*/
+static u64 fts3ChecksumEntry(
+  const char *zTerm,              /* Pointer to buffer containing term */
+  int nTerm,                      /* Size of zTerm in bytes */
+  int iLangid,                    /* Language id for current row */
+  int iIndex,                     /* Index (0..Fts3Table.nIndex-1) */
+  i64 iDocid,                     /* Docid for current row. */
+  int iCol,                       /* Column number */
+  int iPos                        /* Position */
+){
+  int i;
+  u64 ret = (u64)iDocid;
+
+  ret += (ret<<3) + iLangid;
+  ret += (ret<<3) + iIndex;
+  ret += (ret<<3) + iCol;
+  ret += (ret<<3) + iPos;
+  for(i=0; i<nTerm; i++) ret += (ret<<3) + zTerm[i];
+
+  return ret;
+}
+
+/*
+** Return a checksum of all entries in the FTS index that correspond to
+** language id iLangid. The checksum is calculated by XORing the checksums
+** of each individual entry (see fts3ChecksumEntry()) together.
+**
+** If successful, the checksum value is returned and *pRc set to SQLITE_OK.
+** Otherwise, if an error occurs, *pRc is set to an SQLite error code. The
+** return value is undefined in this case.
+*/
+static u64 fts3ChecksumIndex(
+  Fts3Table *p,                   /* FTS3 table handle */
+  int iLangid,                    /* Language id to return cksum for */
+  int iIndex,                     /* Index to cksum (0..p->nIndex-1) */
+  int *pRc                        /* OUT: Return code */
+){
+  Fts3SegFilter filter;
+  Fts3MultiSegReader csr;
+  int rc;
+  u64 cksum = 0;
+
+  assert( *pRc==SQLITE_OK );
+
+  memset(&filter, 0, sizeof(filter));
+  memset(&csr, 0, sizeof(csr));
+  filter.flags =  FTS3_SEGMENT_REQUIRE_POS|FTS3_SEGMENT_IGNORE_EMPTY;
+  filter.flags |= FTS3_SEGMENT_SCAN;
+
+  rc = sqlite3Fts3SegReaderCursor(
+      p, iLangid, iIndex, FTS3_SEGCURSOR_ALL, 0, 0, 0, 1,&csr
+  );
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts3SegReaderStart(p, &csr, &filter);
+  }
+
+  if( rc==SQLITE_OK ){
+    while( SQLITE_ROW==(rc = sqlite3Fts3SegReaderStep(p, &csr)) ){
+      char *pCsr = csr.aDoclist;
+      char *pEnd = &pCsr[csr.nDoclist];
+
+      i64 iDocid = 0;
+      i64 iCol = 0;
+      i64 iPos = 0;
+
+      pCsr += sqlite3Fts3GetVarint(pCsr, &iDocid);
+      while( pCsr<pEnd ){
+        i64 iVal = 0;
+        pCsr += sqlite3Fts3GetVarint(pCsr, &iVal);
+        if( pCsr<pEnd ){
+          if( iVal==0 || iVal==1 ){
+            iCol = 0;
+            iPos = 0;
+            if( iVal ){
+              pCsr += sqlite3Fts3GetVarint(pCsr, &iCol);
+            }else{
+              pCsr += sqlite3Fts3GetVarint(pCsr, &iVal);
+              iDocid += iVal;
+            }
+          }else{
+            iPos += (iVal - 2);
+            cksum = cksum ^ fts3ChecksumEntry(
+                csr.zTerm, csr.nTerm, iLangid, iIndex, iDocid,
+                (int)iCol, (int)iPos
+            );
+          }
+        }
+      }
+    }
+  }
+  sqlite3Fts3SegReaderFinish(&csr);
+
+  *pRc = rc;
+  return cksum;
+}
+
+/*
+** Check if the contents of the FTS index match the current contents of the
+** content table. If no error occurs and the contents do match, set *pbOk
+** to true and return SQLITE_OK. Or if the contents do not match, set *pbOk
+** to false before returning.
+**
+** If an error occurs (e.g. an OOM or IO error), return an SQLite error 
+** code. The final value of *pbOk is undefined in this case.
+*/
+static int fts3IntegrityCheck(Fts3Table *p, int *pbOk){
+  int rc = SQLITE_OK;             /* Return code */
+  u64 cksum1 = 0;                 /* Checksum based on FTS index contents */
+  u64 cksum2 = 0;                 /* Checksum based on %_content contents */
+  sqlite3_stmt *pAllLangid = 0;   /* Statement to return all language-ids */
+
+  /* This block calculates the checksum according to the FTS index. */
+  rc = fts3SqlStmt(p, SQL_SELECT_ALL_LANGID, &pAllLangid, 0);
+  if( rc==SQLITE_OK ){
+    int rc2;
+    sqlite3_bind_int(pAllLangid, 1, p->iPrevLangid);
+    sqlite3_bind_int(pAllLangid, 2, p->nIndex);
+    while( rc==SQLITE_OK && sqlite3_step(pAllLangid)==SQLITE_ROW ){
+      int iLangid = sqlite3_column_int(pAllLangid, 0);
+      int i;
+      for(i=0; i<p->nIndex; i++){
+        cksum1 = cksum1 ^ fts3ChecksumIndex(p, iLangid, i, &rc);
+      }
+    }
+    rc2 = sqlite3_reset(pAllLangid);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  /* This block calculates the checksum according to the %_content table */
+  if( rc==SQLITE_OK ){
+    sqlite3_tokenizer_module const *pModule = p->pTokenizer->pModule;
+    sqlite3_stmt *pStmt = 0;
+    char *zSql;
+   
+    zSql = sqlite3_mprintf("SELECT %s" , p->zReadExprlist);
+    if( !zSql ){
+      rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3_prepare_v2(p->db, zSql, -1, &pStmt, 0);
+      sqlite3_free(zSql);
+    }
+
+    while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pStmt) ){
+      i64 iDocid = sqlite3_column_int64(pStmt, 0);
+      int iLang = langidFromSelect(p, pStmt);
+      int iCol;
+
+      for(iCol=0; rc==SQLITE_OK && iCol<p->nColumn; iCol++){
+        if( p->abNotindexed[iCol]==0 ){
+          const char *zText = (const char *)sqlite3_column_text(pStmt, iCol+1);
+          int nText = sqlite3_column_bytes(pStmt, iCol+1);
+          sqlite3_tokenizer_cursor *pT = 0;
+
+          rc = sqlite3Fts3OpenTokenizer(p->pTokenizer, iLang, zText, nText,&pT);
+          while( rc==SQLITE_OK ){
+            char const *zToken;       /* Buffer containing token */
+            int nToken = 0;           /* Number of bytes in token */
+            int iDum1 = 0, iDum2 = 0; /* Dummy variables */
+            int iPos = 0;             /* Position of token in zText */
+
+            rc = pModule->xNext(pT, &zToken, &nToken, &iDum1, &iDum2, &iPos);
+            if( rc==SQLITE_OK ){
+              int i;
+              cksum2 = cksum2 ^ fts3ChecksumEntry(
+                  zToken, nToken, iLang, 0, iDocid, iCol, iPos
+              );
+              for(i=1; i<p->nIndex; i++){
+                if( p->aIndex[i].nPrefix<=nToken ){
+                  cksum2 = cksum2 ^ fts3ChecksumEntry(
+                      zToken, p->aIndex[i].nPrefix, iLang, i, iDocid, iCol, iPos
+                  );
+                }
+              }
+            }
+          }
+          if( pT ) pModule->xClose(pT);
+          if( rc==SQLITE_DONE ) rc = SQLITE_OK;
+        }
+      }
+    }
+
+    sqlite3_finalize(pStmt);
+  }
+
+  *pbOk = (cksum1==cksum2);
+  return rc;
+}
+
+/*
+** Run the integrity-check. If no error occurs and the current contents of
+** the FTS index are correct, return SQLITE_OK. Or, if the contents of the
+** FTS index are incorrect, return SQLITE_CORRUPT_VTAB.
+**
+** Or, if an error (e.g. an OOM or IO error) occurs, return an SQLite 
+** error code.
+**
+** The integrity-check works as follows. For each token and indexed token
+** prefix in the document set, a 64-bit checksum is calculated (by code
+** in fts3ChecksumEntry()) based on the following:
+**
+**     + The index number (0 for the main index, 1 for the first prefix
+**       index etc.),
+**     + The token (or token prefix) text itself, 
+**     + The language-id of the row it appears in,
+**     + The docid of the row it appears in,
+**     + The column it appears in, and
+**     + The tokens position within that column.
+**
+** The checksums for all entries in the index are XORed together to create
+** a single checksum for the entire index.
+**
+** The integrity-check code calculates the same checksum in two ways:
+**
+**     1. By scanning the contents of the FTS index, and 
+**     2. By scanning and tokenizing the content table.
+**
+** If the two checksums are identical, the integrity-check is deemed to have
+** passed.
+*/
+static int fts3DoIntegrityCheck(
+  Fts3Table *p                    /* FTS3 table handle */
+){
+  int rc;
+  int bOk = 0;
+  rc = fts3IntegrityCheck(p, &bOk);
+  if( rc==SQLITE_OK && bOk==0 ) rc = FTS_CORRUPT_VTAB;
+  return rc;
+}
+
+/*
+** Handle a 'special' INSERT of the form:
+**
+**   "INSERT INTO tbl(tbl) VALUES(<expr>)"
+**
+** Argument pVal contains the result of <expr>. Currently the only 
+** meaningful value to insert is the text 'optimize'.
+*/
+static int fts3SpecialInsert(Fts3Table *p, sqlite3_value *pVal){
+  int rc;                         /* Return Code */
+  const char *zVal = (const char *)sqlite3_value_text(pVal);
+  int nVal = sqlite3_value_bytes(pVal);
+
+  if( !zVal ){
+    return SQLITE_NOMEM;
+  }else if( nVal==8 && 0==sqlite3_strnicmp(zVal, "optimize", 8) ){
+    rc = fts3DoOptimize(p, 0);
+  }else if( nVal==7 && 0==sqlite3_strnicmp(zVal, "rebuild", 7) ){
+    rc = fts3DoRebuild(p);
+  }else if( nVal==15 && 0==sqlite3_strnicmp(zVal, "integrity-check", 15) ){
+    rc = fts3DoIntegrityCheck(p);
+  }else if( nVal>6 && 0==sqlite3_strnicmp(zVal, "merge=", 6) ){
+    rc = fts3DoIncrmerge(p, &zVal[6]);
+  }else if( nVal>10 && 0==sqlite3_strnicmp(zVal, "automerge=", 10) ){
+    rc = fts3DoAutoincrmerge(p, &zVal[10]);
+#ifdef SQLITE_TEST
+  }else if( nVal>9 && 0==sqlite3_strnicmp(zVal, "nodesize=", 9) ){
+    p->nNodeSize = atoi(&zVal[9]);
+    rc = SQLITE_OK;
+  }else if( nVal>11 && 0==sqlite3_strnicmp(zVal, "maxpending=", 9) ){
+    p->nMaxPendingData = atoi(&zVal[11]);
+    rc = SQLITE_OK;
+  }else if( nVal>21 && 0==sqlite3_strnicmp(zVal, "test-no-incr-doclist=", 21) ){
+    p->bNoIncrDoclist = atoi(&zVal[21]);
+    rc = SQLITE_OK;
+#endif
+  }else{
+    rc = SQLITE_ERROR;
+  }
+
+  return rc;
+}
+
+#ifndef SQLITE_DISABLE_FTS4_DEFERRED
+/*
+** Delete all cached deferred doclists. Deferred doclists are cached
+** (allocated) by the sqlite3Fts3CacheDeferredDoclists() function.
+*/
+SQLITE_PRIVATE void sqlite3Fts3FreeDeferredDoclists(Fts3Cursor *pCsr){
+  Fts3DeferredToken *pDef;
+  for(pDef=pCsr->pDeferred; pDef; pDef=pDef->pNext){
+    fts3PendingListDelete(pDef->pList);
+    pDef->pList = 0;
+  }
+}
+
+/*
+** Free all entries in the pCsr->pDeffered list. Entries are added to 
+** this list using sqlite3Fts3DeferToken().
+*/
+SQLITE_PRIVATE void sqlite3Fts3FreeDeferredTokens(Fts3Cursor *pCsr){
+  Fts3DeferredToken *pDef;
+  Fts3DeferredToken *pNext;
+  for(pDef=pCsr->pDeferred; pDef; pDef=pNext){
+    pNext = pDef->pNext;
+    fts3PendingListDelete(pDef->pList);
+    sqlite3_free(pDef);
+  }
+  pCsr->pDeferred = 0;
+}
+
+/*
+** Generate deferred-doclists for all tokens in the pCsr->pDeferred list
+** based on the row that pCsr currently points to.
+**
+** A deferred-doclist is like any other doclist with position information
+** included, except that it only contains entries for a single row of the
+** table, not for all rows.
+*/
+SQLITE_PRIVATE int sqlite3Fts3CacheDeferredDoclists(Fts3Cursor *pCsr){
+  int rc = SQLITE_OK;             /* Return code */
+  if( pCsr->pDeferred ){
+    int i;                        /* Used to iterate through table columns */
+    sqlite3_int64 iDocid;         /* Docid of the row pCsr points to */
+    Fts3DeferredToken *pDef;      /* Used to iterate through deferred tokens */
+  
+    Fts3Table *p = (Fts3Table *)pCsr->base.pVtab;
+    sqlite3_tokenizer *pT = p->pTokenizer;
+    sqlite3_tokenizer_module const *pModule = pT->pModule;
+   
+    assert( pCsr->isRequireSeek==0 );
+    iDocid = sqlite3_column_int64(pCsr->pStmt, 0);
+  
+    for(i=0; i<p->nColumn && rc==SQLITE_OK; i++){
+      if( p->abNotindexed[i]==0 ){
+        const char *zText = (const char *)sqlite3_column_text(pCsr->pStmt, i+1);
+        sqlite3_tokenizer_cursor *pTC = 0;
+
+        rc = sqlite3Fts3OpenTokenizer(pT, pCsr->iLangid, zText, -1, &pTC);
+        while( rc==SQLITE_OK ){
+          char const *zToken;       /* Buffer containing token */
+          int nToken = 0;           /* Number of bytes in token */
+          int iDum1 = 0, iDum2 = 0; /* Dummy variables */
+          int iPos = 0;             /* Position of token in zText */
+
+          rc = pModule->xNext(pTC, &zToken, &nToken, &iDum1, &iDum2, &iPos);
+          for(pDef=pCsr->pDeferred; pDef && rc==SQLITE_OK; pDef=pDef->pNext){
+            Fts3PhraseToken *pPT = pDef->pToken;
+            if( (pDef->iCol>=p->nColumn || pDef->iCol==i)
+                && (pPT->bFirst==0 || iPos==0)
+                && (pPT->n==nToken || (pPT->isPrefix && pPT->n<nToken))
+                && (0==memcmp(zToken, pPT->z, pPT->n))
+              ){
+              fts3PendingListAppend(&pDef->pList, iDocid, i, iPos, &rc);
+            }
+          }
+        }
+        if( pTC ) pModule->xClose(pTC);
+        if( rc==SQLITE_DONE ) rc = SQLITE_OK;
+      }
+    }
+
+    for(pDef=pCsr->pDeferred; pDef && rc==SQLITE_OK; pDef=pDef->pNext){
+      if( pDef->pList ){
+        rc = fts3PendingListAppendVarint(&pDef->pList, 0);
+      }
+    }
+  }
+
+  return rc;
+}
+
+SQLITE_PRIVATE int sqlite3Fts3DeferredTokenList(
+  Fts3DeferredToken *p, 
+  char **ppData, 
+  int *pnData
+){
+  char *pRet;
+  int nSkip;
+  sqlite3_int64 dummy;
+
+  *ppData = 0;
+  *pnData = 0;
+
+  if( p->pList==0 ){
+    return SQLITE_OK;
+  }
+
+  pRet = (char *)sqlite3_malloc(p->pList->nData);
+  if( !pRet ) return SQLITE_NOMEM;
+
+  nSkip = sqlite3Fts3GetVarint(p->pList->aData, &dummy);
+  *pnData = p->pList->nData - nSkip;
+  *ppData = pRet;
+  
+  memcpy(pRet, &p->pList->aData[nSkip], *pnData);
+  return SQLITE_OK;
+}
+
+/*
+** Add an entry for token pToken to the pCsr->pDeferred list.
+*/
+SQLITE_PRIVATE int sqlite3Fts3DeferToken(
+  Fts3Cursor *pCsr,               /* Fts3 table cursor */
+  Fts3PhraseToken *pToken,        /* Token to defer */
+  int iCol                        /* Column that token must appear in (or -1) */
+){
+  Fts3DeferredToken *pDeferred;
+  pDeferred = sqlite3_malloc(sizeof(*pDeferred));
+  if( !pDeferred ){
+    return SQLITE_NOMEM;
+  }
+  memset(pDeferred, 0, sizeof(*pDeferred));
+  pDeferred->pToken = pToken;
+  pDeferred->pNext = pCsr->pDeferred; 
+  pDeferred->iCol = iCol;
+  pCsr->pDeferred = pDeferred;
+
+  assert( pToken->pDeferred==0 );
+  pToken->pDeferred = pDeferred;
+
+  return SQLITE_OK;
+}
+#endif
+
+/*
+** SQLite value pRowid contains the rowid of a row that may or may not be
+** present in the FTS3 table. If it is, delete it and adjust the contents
+** of subsiduary data structures accordingly.
+*/
+static int fts3DeleteByRowid(
+  Fts3Table *p, 
+  sqlite3_value *pRowid, 
+  int *pnChng,                    /* IN/OUT: Decrement if row is deleted */
+  u32 *aSzDel
+){
+  int rc = SQLITE_OK;             /* Return code */
+  int bFound = 0;                 /* True if *pRowid really is in the table */
+
+  fts3DeleteTerms(&rc, p, pRowid, aSzDel, &bFound);
+  if( bFound && rc==SQLITE_OK ){
+    int isEmpty = 0;              /* Deleting *pRowid leaves the table empty */
+    rc = fts3IsEmpty(p, pRowid, &isEmpty);
+    if( rc==SQLITE_OK ){
+      if( isEmpty ){
+        /* Deleting this row means the whole table is empty. In this case
+        ** delete the contents of all three tables and throw away any
+        ** data in the pendingTerms hash table.  */
+        rc = fts3DeleteAll(p, 1);
+        *pnChng = 0;
+        memset(aSzDel, 0, sizeof(u32) * (p->nColumn+1) * 2);
+      }else{
+        *pnChng = *pnChng - 1;
+        if( p->zContentTbl==0 ){
+          fts3SqlExec(&rc, p, SQL_DELETE_CONTENT, &pRowid);
+        }
+        if( p->bHasDocsize ){
+          fts3SqlExec(&rc, p, SQL_DELETE_DOCSIZE, &pRowid);
+        }
+      }
+    }
+  }
+
+  return rc;
+}
+
+/*
+** This function does the work for the xUpdate method of FTS3 virtual
+** tables. The schema of the virtual table being:
+**
+**     CREATE TABLE <table name>( 
+**       <user columns>,
+**       <table name> HIDDEN, 
+**       docid HIDDEN, 
+**       <langid> HIDDEN
+**     );
+**
+** 
+*/
+SQLITE_PRIVATE int sqlite3Fts3UpdateMethod(
+  sqlite3_vtab *pVtab,            /* FTS3 vtab object */
+  int nArg,                       /* Size of argument array */
+  sqlite3_value **apVal,          /* Array of arguments */
+  sqlite_int64 *pRowid            /* OUT: The affected (or effected) rowid */
+){
+  Fts3Table *p = (Fts3Table *)pVtab;
+  int rc = SQLITE_OK;             /* Return Code */
+  int isRemove = 0;               /* True for an UPDATE or DELETE */
+  u32 *aSzIns = 0;                /* Sizes of inserted documents */
+  u32 *aSzDel = 0;                /* Sizes of deleted documents */
+  int nChng = 0;                  /* Net change in number of documents */
+  int bInsertDone = 0;
+
+  /* At this point it must be known if the %_stat table exists or not.
+  ** So bHasStat may not be 2.  */
+  assert( p->bHasStat==0 || p->bHasStat==1 );
+
+  assert( p->pSegments==0 );
+  assert( 
+      nArg==1                     /* DELETE operations */
+   || nArg==(2 + p->nColumn + 3)  /* INSERT or UPDATE operations */
+  );
+
+  /* Check for a "special" INSERT operation. One of the form:
+  **
+  **   INSERT INTO xyz(xyz) VALUES('command');
+  */
+  if( nArg>1 
+   && sqlite3_value_type(apVal[0])==SQLITE_NULL 
+   && sqlite3_value_type(apVal[p->nColumn+2])!=SQLITE_NULL 
+  ){
+    rc = fts3SpecialInsert(p, apVal[p->nColumn+2]);
+    goto update_out;
+  }
+
+  if( nArg>1 && sqlite3_value_int(apVal[2 + p->nColumn + 2])<0 ){
+    rc = SQLITE_CONSTRAINT;
+    goto update_out;
+  }
+
+  /* Allocate space to hold the change in document sizes */
+  aSzDel = sqlite3_malloc( sizeof(aSzDel[0])*(p->nColumn+1)*2 );
+  if( aSzDel==0 ){
+    rc = SQLITE_NOMEM;
+    goto update_out;
+  }
+  aSzIns = &aSzDel[p->nColumn+1];
+  memset(aSzDel, 0, sizeof(aSzDel[0])*(p->nColumn+1)*2);
+
+  rc = fts3Writelock(p);
+  if( rc!=SQLITE_OK ) goto update_out;
+
+  /* If this is an INSERT operation, or an UPDATE that modifies the rowid
+  ** value, then this operation requires constraint handling.
+  **
+  ** If the on-conflict mode is REPLACE, this means that the existing row
+  ** should be deleted from the database before inserting the new row. Or,
+  ** if the on-conflict mode is other than REPLACE, then this method must
+  ** detect the conflict and return SQLITE_CONSTRAINT before beginning to
+  ** modify the database file.
+  */
+  if( nArg>1 && p->zContentTbl==0 ){
+    /* Find the value object that holds the new rowid value. */
+    sqlite3_value *pNewRowid = apVal[3+p->nColumn];
+    if( sqlite3_value_type(pNewRowid)==SQLITE_NULL ){
+      pNewRowid = apVal[1];
+    }
+
+    if( sqlite3_value_type(pNewRowid)!=SQLITE_NULL && ( 
+        sqlite3_value_type(apVal[0])==SQLITE_NULL
+     || sqlite3_value_int64(apVal[0])!=sqlite3_value_int64(pNewRowid)
+    )){
+      /* The new rowid is not NULL (in this case the rowid will be
+      ** automatically assigned and there is no chance of a conflict), and 
+      ** the statement is either an INSERT or an UPDATE that modifies the
+      ** rowid column. So if the conflict mode is REPLACE, then delete any
+      ** existing row with rowid=pNewRowid. 
+      **
+      ** Or, if the conflict mode is not REPLACE, insert the new record into 
+      ** the %_content table. If we hit the duplicate rowid constraint (or any
+      ** other error) while doing so, return immediately.
+      **
+      ** This branch may also run if pNewRowid contains a value that cannot
+      ** be losslessly converted to an integer. In this case, the eventual 
+      ** call to fts3InsertData() (either just below or further on in this
+      ** function) will return SQLITE_MISMATCH. If fts3DeleteByRowid is 
+      ** invoked, it will delete zero rows (since no row will have
+      ** docid=$pNewRowid if $pNewRowid is not an integer value).
+      */
+      if( sqlite3_vtab_on_conflict(p->db)==SQLITE_REPLACE ){
+        rc = fts3DeleteByRowid(p, pNewRowid, &nChng, aSzDel);
+      }else{
+        rc = fts3InsertData(p, apVal, pRowid);
+        bInsertDone = 1;
+      }
+    }
+  }
+  if( rc!=SQLITE_OK ){
+    goto update_out;
+  }
+
+  /* If this is a DELETE or UPDATE operation, remove the old record. */
+  if( sqlite3_value_type(apVal[0])!=SQLITE_NULL ){
+    assert( sqlite3_value_type(apVal[0])==SQLITE_INTEGER );
+    rc = fts3DeleteByRowid(p, apVal[0], &nChng, aSzDel);
+    isRemove = 1;
+  }
+  
+  /* If this is an INSERT or UPDATE operation, insert the new record. */
+  if( nArg>1 && rc==SQLITE_OK ){
+    int iLangid = sqlite3_value_int(apVal[2 + p->nColumn + 2]);
+    if( bInsertDone==0 ){
+      rc = fts3InsertData(p, apVal, pRowid);
+      if( rc==SQLITE_CONSTRAINT && p->zContentTbl==0 ){
+        rc = FTS_CORRUPT_VTAB;
+      }
+    }
+    if( rc==SQLITE_OK && (!isRemove || *pRowid!=p->iPrevDocid ) ){
+      rc = fts3PendingTermsDocid(p, 0, iLangid, *pRowid);
+    }
+    if( rc==SQLITE_OK ){
+      assert( p->iPrevDocid==*pRowid );
+      rc = fts3InsertTerms(p, iLangid, apVal, aSzIns);
+    }
+    if( p->bHasDocsize ){
+      fts3InsertDocsize(&rc, p, aSzIns);
+    }
+    nChng++;
+  }
+
+  if( p->bFts4 ){
+    fts3UpdateDocTotals(&rc, p, aSzIns, aSzDel, nChng);
+  }
+
+ update_out:
+  sqlite3_free(aSzDel);
+  sqlite3Fts3SegmentsClose(p);
+  return rc;
+}
+
+/* 
+** Flush any data in the pending-terms hash table to disk. If successful,
+** merge all segments in the database (including the new segment, if 
+** there was any data to flush) into a single segment. 
+*/
+SQLITE_PRIVATE int sqlite3Fts3Optimize(Fts3Table *p){
+  int rc;
+  rc = sqlite3_exec(p->db, "SAVEPOINT fts3", 0, 0, 0);
+  if( rc==SQLITE_OK ){
+    rc = fts3DoOptimize(p, 1);
+    if( rc==SQLITE_OK || rc==SQLITE_DONE ){
+      int rc2 = sqlite3_exec(p->db, "RELEASE fts3", 0, 0, 0);
+      if( rc2!=SQLITE_OK ) rc = rc2;
+    }else{
+      sqlite3_exec(p->db, "ROLLBACK TO fts3", 0, 0, 0);
+      sqlite3_exec(p->db, "RELEASE fts3", 0, 0, 0);
+    }
+  }
+  sqlite3Fts3SegmentsClose(p);
+  return rc;
+}
+
+#endif
+
+/************** End of fts3_write.c ******************************************/
+/************** Begin file fts3_snippet.c ************************************/
+/*
+** 2009 Oct 23
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+*/
+
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <string.h> */
+/* #include <assert.h> */
+
+/*
+** Characters that may appear in the second argument to matchinfo().
+*/
+#define FTS3_MATCHINFO_NPHRASE   'p'        /* 1 value */
+#define FTS3_MATCHINFO_NCOL      'c'        /* 1 value */
+#define FTS3_MATCHINFO_NDOC      'n'        /* 1 value */
+#define FTS3_MATCHINFO_AVGLENGTH 'a'        /* nCol values */
+#define FTS3_MATCHINFO_LENGTH    'l'        /* nCol values */
+#define FTS3_MATCHINFO_LCS       's'        /* nCol values */
+#define FTS3_MATCHINFO_HITS      'x'        /* 3*nCol*nPhrase values */
+#define FTS3_MATCHINFO_LHITS     'y'        /* nCol*nPhrase values */
+#define FTS3_MATCHINFO_LHITS_BM  'b'        /* nCol*nPhrase values */
+
+/*
+** The default value for the second argument to matchinfo(). 
+*/
+#define FTS3_MATCHINFO_DEFAULT   "pcx"
+
+
+/*
+** Used as an fts3ExprIterate() context when loading phrase doclists to
+** Fts3Expr.aDoclist[]/nDoclist.
+*/
+typedef struct LoadDoclistCtx LoadDoclistCtx;
+struct LoadDoclistCtx {
+  Fts3Cursor *pCsr;               /* FTS3 Cursor */
+  int nPhrase;                    /* Number of phrases seen so far */
+  int nToken;                     /* Number of tokens seen so far */
+};
+
+/*
+** The following types are used as part of the implementation of the 
+** fts3BestSnippet() routine.
+*/
+typedef struct SnippetIter SnippetIter;
+typedef struct SnippetPhrase SnippetPhrase;
+typedef struct SnippetFragment SnippetFragment;
+
+struct SnippetIter {
+  Fts3Cursor *pCsr;               /* Cursor snippet is being generated from */
+  int iCol;                       /* Extract snippet from this column */
+  int nSnippet;                   /* Requested snippet length (in tokens) */
+  int nPhrase;                    /* Number of phrases in query */
+  SnippetPhrase *aPhrase;         /* Array of size nPhrase */
+  int iCurrent;                   /* First token of current snippet */
+};
+
+struct SnippetPhrase {
+  int nToken;                     /* Number of tokens in phrase */
+  char *pList;                    /* Pointer to start of phrase position list */
+  int iHead;                      /* Next value in position list */
+  char *pHead;                    /* Position list data following iHead */
+  int iTail;                      /* Next value in trailing position list */
+  char *pTail;                    /* Position list data following iTail */
+};
+
+struct SnippetFragment {
+  int iCol;                       /* Column snippet is extracted from */
+  int iPos;                       /* Index of first token in snippet */
+  u64 covered;                    /* Mask of query phrases covered */
+  u64 hlmask;                     /* Mask of snippet terms to highlight */
+};
+
+/*
+** This type is used as an fts3ExprIterate() context object while 
+** accumulating the data returned by the matchinfo() function.
+*/
+typedef struct MatchInfo MatchInfo;
+struct MatchInfo {
+  Fts3Cursor *pCursor;            /* FTS3 Cursor */
+  int nCol;                       /* Number of columns in table */
+  int nPhrase;                    /* Number of matchable phrases in query */
+  sqlite3_int64 nDoc;             /* Number of docs in database */
+  char flag;
+  u32 *aMatchinfo;                /* Pre-allocated buffer */
+};
+
+/*
+** An instance of this structure is used to manage a pair of buffers, each
+** (nElem * sizeof(u32)) bytes in size. See the MatchinfoBuffer code below
+** for details.
+*/
+struct MatchinfoBuffer {
+  u8 aRef[3];
+  int nElem;
+  int bGlobal;                    /* Set if global data is loaded */
+  char *zMatchinfo;
+  u32 aMatchinfo[1];
+};
+
+
+/*
+** The snippet() and offsets() functions both return text values. An instance
+** of the following structure is used to accumulate those values while the
+** functions are running. See fts3StringAppend() for details.
+*/
+typedef struct StrBuffer StrBuffer;
+struct StrBuffer {
+  char *z;                        /* Pointer to buffer containing string */
+  int n;                          /* Length of z in bytes (excl. nul-term) */
+  int nAlloc;                     /* Allocated size of buffer z in bytes */
+};
+
+
+/*************************************************************************
+** Start of MatchinfoBuffer code.
+*/
+
+/*
+** Allocate a two-slot MatchinfoBuffer object.
+*/
+static MatchinfoBuffer *fts3MIBufferNew(int nElem, const char *zMatchinfo){
+  MatchinfoBuffer *pRet;
+  int nByte = sizeof(u32) * (2*nElem + 1) + sizeof(MatchinfoBuffer);
+  int nStr = (int)strlen(zMatchinfo);
+
+  pRet = sqlite3_malloc(nByte + nStr+1);
+  if( pRet ){
+    memset(pRet, 0, nByte);
+    pRet->aMatchinfo[0] = (u8*)(&pRet->aMatchinfo[1]) - (u8*)pRet;
+    pRet->aMatchinfo[1+nElem] = pRet->aMatchinfo[0] + sizeof(u32)*(nElem+1);
+    pRet->nElem = nElem;
+    pRet->zMatchinfo = ((char*)pRet) + nByte;
+    memcpy(pRet->zMatchinfo, zMatchinfo, nStr+1);
+    pRet->aRef[0] = 1;
+  }
+
+  return pRet;
+}
+
+static void fts3MIBufferFree(void *p){
+  MatchinfoBuffer *pBuf = (MatchinfoBuffer*)((u8*)p - ((u32*)p)[-1]);
+
+  assert( (u32*)p==&pBuf->aMatchinfo[1] 
+       || (u32*)p==&pBuf->aMatchinfo[pBuf->nElem+2] 
+  );
+  if( (u32*)p==&pBuf->aMatchinfo[1] ){
+    pBuf->aRef[1] = 0;
+  }else{
+    pBuf->aRef[2] = 0;
+  }
+
+  if( pBuf->aRef[0]==0 && pBuf->aRef[1]==0 && pBuf->aRef[2]==0 ){
+    sqlite3_free(pBuf);
+  }
+}
+
+static void (*fts3MIBufferAlloc(MatchinfoBuffer *p, u32 **paOut))(void*){
+  void (*xRet)(void*) = 0;
+  u32 *aOut = 0;
+
+  if( p->aRef[1]==0 ){
+    p->aRef[1] = 1;
+    aOut = &p->aMatchinfo[1];
+    xRet = fts3MIBufferFree;
+  }
+  else if( p->aRef[2]==0 ){
+    p->aRef[2] = 1;
+    aOut = &p->aMatchinfo[p->nElem+2];
+    xRet = fts3MIBufferFree;
+  }else{
+    aOut = (u32*)sqlite3_malloc(p->nElem * sizeof(u32));
+    if( aOut ){
+      xRet = sqlite3_free;
+      if( p->bGlobal ) memcpy(aOut, &p->aMatchinfo[1], p->nElem*sizeof(u32));
+    }
+  }
+
+  *paOut = aOut;
+  return xRet;
+}
+
+static void fts3MIBufferSetGlobal(MatchinfoBuffer *p){
+  p->bGlobal = 1;
+  memcpy(&p->aMatchinfo[2+p->nElem], &p->aMatchinfo[1], p->nElem*sizeof(u32));
+}
+
+/*
+** Free a MatchinfoBuffer object allocated using fts3MIBufferNew()
+*/
+SQLITE_PRIVATE void sqlite3Fts3MIBufferFree(MatchinfoBuffer *p){
+  if( p ){
+    assert( p->aRef[0]==1 );
+    p->aRef[0] = 0;
+    if( p->aRef[0]==0 && p->aRef[1]==0 && p->aRef[2]==0 ){
+      sqlite3_free(p);
+    }
+  }
+}
+
+/* 
+** End of MatchinfoBuffer code.
+*************************************************************************/
+
+
+/*
+** This function is used to help iterate through a position-list. A position
+** list is a list of unique integers, sorted from smallest to largest. Each
+** element of the list is represented by an FTS3 varint that takes the value
+** of the difference between the current element and the previous one plus
+** two. For example, to store the position-list:
+**
+**     4 9 113
+**
+** the three varints:
+**
+**     6 7 106
+**
+** are encoded.
+**
+** When this function is called, *pp points to the start of an element of
+** the list. *piPos contains the value of the previous entry in the list.
+** After it returns, *piPos contains the value of the next element of the
+** list and *pp is advanced to the following varint.
+*/
+static void fts3GetDeltaPosition(char **pp, int *piPos){
+  int iVal;
+  *pp += fts3GetVarint32(*pp, &iVal);
+  *piPos += (iVal-2);
+}
+
+/*
+** Helper function for fts3ExprIterate() (see below).
+*/
+static int fts3ExprIterate2(
+  Fts3Expr *pExpr,                /* Expression to iterate phrases of */
+  int *piPhrase,                  /* Pointer to phrase counter */
+  int (*x)(Fts3Expr*,int,void*),  /* Callback function to invoke for phrases */
+  void *pCtx                      /* Second argument to pass to callback */
+){
+  int rc;                         /* Return code */
+  int eType = pExpr->eType;     /* Type of expression node pExpr */
+
+  if( eType!=FTSQUERY_PHRASE ){
+    assert( pExpr->pLeft && pExpr->pRight );
+    rc = fts3ExprIterate2(pExpr->pLeft, piPhrase, x, pCtx);
+    if( rc==SQLITE_OK && eType!=FTSQUERY_NOT ){
+      rc = fts3ExprIterate2(pExpr->pRight, piPhrase, x, pCtx);
+    }
+  }else{
+    rc = x(pExpr, *piPhrase, pCtx);
+    (*piPhrase)++;
+  }
+  return rc;
+}
+
+/*
+** Iterate through all phrase nodes in an FTS3 query, except those that
+** are part of a sub-tree that is the right-hand-side of a NOT operator.
+** For each phrase node found, the supplied callback function is invoked.
+**
+** If the callback function returns anything other than SQLITE_OK, 
+** the iteration is abandoned and the error code returned immediately.
+** Otherwise, SQLITE_OK is returned after a callback has been made for
+** all eligible phrase nodes.
+*/
+static int fts3ExprIterate(
+  Fts3Expr *pExpr,                /* Expression to iterate phrases of */
+  int (*x)(Fts3Expr*,int,void*),  /* Callback function to invoke for phrases */
+  void *pCtx                      /* Second argument to pass to callback */
+){
+  int iPhrase = 0;                /* Variable used as the phrase counter */
+  return fts3ExprIterate2(pExpr, &iPhrase, x, pCtx);
+}
+
+
+/*
+** This is an fts3ExprIterate() callback used while loading the doclists
+** for each phrase into Fts3Expr.aDoclist[]/nDoclist. See also
+** fts3ExprLoadDoclists().
+*/
+static int fts3ExprLoadDoclistsCb(Fts3Expr *pExpr, int iPhrase, void *ctx){
+  int rc = SQLITE_OK;
+  Fts3Phrase *pPhrase = pExpr->pPhrase;
+  LoadDoclistCtx *p = (LoadDoclistCtx *)ctx;
+
+  UNUSED_PARAMETER(iPhrase);
+
+  p->nPhrase++;
+  p->nToken += pPhrase->nToken;
+
+  return rc;
+}
+
+/*
+** Load the doclists for each phrase in the query associated with FTS3 cursor
+** pCsr. 
+**
+** If pnPhrase is not NULL, then *pnPhrase is set to the number of matchable 
+** phrases in the expression (all phrases except those directly or 
+** indirectly descended from the right-hand-side of a NOT operator). If 
+** pnToken is not NULL, then it is set to the number of tokens in all
+** matchable phrases of the expression.
+*/
+static int fts3ExprLoadDoclists(
+  Fts3Cursor *pCsr,               /* Fts3 cursor for current query */
+  int *pnPhrase,                  /* OUT: Number of phrases in query */
+  int *pnToken                    /* OUT: Number of tokens in query */
+){
+  int rc;                         /* Return Code */
+  LoadDoclistCtx sCtx = {0,0,0};  /* Context for fts3ExprIterate() */
+  sCtx.pCsr = pCsr;
+  rc = fts3ExprIterate(pCsr->pExpr, fts3ExprLoadDoclistsCb, (void *)&sCtx);
+  if( pnPhrase ) *pnPhrase = sCtx.nPhrase;
+  if( pnToken ) *pnToken = sCtx.nToken;
+  return rc;
+}
+
+static int fts3ExprPhraseCountCb(Fts3Expr *pExpr, int iPhrase, void *ctx){
+  (*(int *)ctx)++;
+  pExpr->iPhrase = iPhrase;
+  return SQLITE_OK;
+}
+static int fts3ExprPhraseCount(Fts3Expr *pExpr){
+  int nPhrase = 0;
+  (void)fts3ExprIterate(pExpr, fts3ExprPhraseCountCb, (void *)&nPhrase);
+  return nPhrase;
+}
+
+/*
+** Advance the position list iterator specified by the first two 
+** arguments so that it points to the first element with a value greater
+** than or equal to parameter iNext.
+*/
+static void fts3SnippetAdvance(char **ppIter, int *piIter, int iNext){
+  char *pIter = *ppIter;
+  if( pIter ){
+    int iIter = *piIter;
+
+    while( iIter<iNext ){
+      if( 0==(*pIter & 0xFE) ){
+        iIter = -1;
+        pIter = 0;
+        break;
+      }
+      fts3GetDeltaPosition(&pIter, &iIter);
+    }
+
+    *piIter = iIter;
+    *ppIter = pIter;
+  }
+}
+
+/*
+** Advance the snippet iterator to the next candidate snippet.
+*/
+static int fts3SnippetNextCandidate(SnippetIter *pIter){
+  int i;                          /* Loop counter */
+
+  if( pIter->iCurrent<0 ){
+    /* The SnippetIter object has just been initialized. The first snippet
+    ** candidate always starts at offset 0 (even if this candidate has a
+    ** score of 0.0).
+    */
+    pIter->iCurrent = 0;
+
+    /* Advance the 'head' iterator of each phrase to the first offset that
+    ** is greater than or equal to (iNext+nSnippet).
+    */
+    for(i=0; i<pIter->nPhrase; i++){
+      SnippetPhrase *pPhrase = &pIter->aPhrase[i];
+      fts3SnippetAdvance(&pPhrase->pHead, &pPhrase->iHead, pIter->nSnippet);
+    }
+  }else{
+    int iStart;
+    int iEnd = 0x7FFFFFFF;
+
+    for(i=0; i<pIter->nPhrase; i++){
+      SnippetPhrase *pPhrase = &pIter->aPhrase[i];
+      if( pPhrase->pHead && pPhrase->iHead<iEnd ){
+        iEnd = pPhrase->iHead;
+      }
+    }
+    if( iEnd==0x7FFFFFFF ){
+      return 1;
+    }
+
+    pIter->iCurrent = iStart = iEnd - pIter->nSnippet + 1;
+    for(i=0; i<pIter->nPhrase; i++){
+      SnippetPhrase *pPhrase = &pIter->aPhrase[i];
+      fts3SnippetAdvance(&pPhrase->pHead, &pPhrase->iHead, iEnd+1);
+      fts3SnippetAdvance(&pPhrase->pTail, &pPhrase->iTail, iStart);
+    }
+  }
+
+  return 0;
+}
+
+/*
+** Retrieve information about the current candidate snippet of snippet 
+** iterator pIter.
+*/
+static void fts3SnippetDetails(
+  SnippetIter *pIter,             /* Snippet iterator */
+  u64 mCovered,                   /* Bitmask of phrases already covered */
+  int *piToken,                   /* OUT: First token of proposed snippet */
+  int *piScore,                   /* OUT: "Score" for this snippet */
+  u64 *pmCover,                   /* OUT: Bitmask of phrases covered */
+  u64 *pmHighlight                /* OUT: Bitmask of terms to highlight */
+){
+  int iStart = pIter->iCurrent;   /* First token of snippet */
+  int iScore = 0;                 /* Score of this snippet */
+  int i;                          /* Loop counter */
+  u64 mCover = 0;                 /* Mask of phrases covered by this snippet */
+  u64 mHighlight = 0;             /* Mask of tokens to highlight in snippet */
+
+  for(i=0; i<pIter->nPhrase; i++){
+    SnippetPhrase *pPhrase = &pIter->aPhrase[i];
+    if( pPhrase->pTail ){
+      char *pCsr = pPhrase->pTail;
+      int iCsr = pPhrase->iTail;
+
+      while( iCsr<(iStart+pIter->nSnippet) ){
+        int j;
+        u64 mPhrase = (u64)1 << i;
+        u64 mPos = (u64)1 << (iCsr - iStart);
+        assert( iCsr>=iStart );
+        if( (mCover|mCovered)&mPhrase ){
+          iScore++;
+        }else{
+          iScore += 1000;
+        }
+        mCover |= mPhrase;
+
+        for(j=0; j<pPhrase->nToken; j++){
+          mHighlight |= (mPos>>j);
+        }
+
+        if( 0==(*pCsr & 0x0FE) ) break;
+        fts3GetDeltaPosition(&pCsr, &iCsr);
+      }
+    }
+  }
+
+  /* Set the output variables before returning. */
+  *piToken = iStart;
+  *piScore = iScore;
+  *pmCover = mCover;
+  *pmHighlight = mHighlight;
+}
+
+/*
+** This function is an fts3ExprIterate() callback used by fts3BestSnippet().
+** Each invocation populates an element of the SnippetIter.aPhrase[] array.
+*/
+static int fts3SnippetFindPositions(Fts3Expr *pExpr, int iPhrase, void *ctx){
+  SnippetIter *p = (SnippetIter *)ctx;
+  SnippetPhrase *pPhrase = &p->aPhrase[iPhrase];
+  char *pCsr;
+  int rc;
+
+  pPhrase->nToken = pExpr->pPhrase->nToken;
+  rc = sqlite3Fts3EvalPhrasePoslist(p->pCsr, pExpr, p->iCol, &pCsr);
+  assert( rc==SQLITE_OK || pCsr==0 );
+  if( pCsr ){
+    int iFirst = 0;
+    pPhrase->pList = pCsr;
+    fts3GetDeltaPosition(&pCsr, &iFirst);
+    assert( iFirst>=0 );
+    pPhrase->pHead = pCsr;
+    pPhrase->pTail = pCsr;
+    pPhrase->iHead = iFirst;
+    pPhrase->iTail = iFirst;
+  }else{
+    assert( rc!=SQLITE_OK || (
+       pPhrase->pList==0 && pPhrase->pHead==0 && pPhrase->pTail==0 
+    ));
+  }
+
+  return rc;
+}
+
+/*
+** Select the fragment of text consisting of nFragment contiguous tokens 
+** from column iCol that represent the "best" snippet. The best snippet
+** is the snippet with the highest score, where scores are calculated
+** by adding:
+**
+**   (a) +1 point for each occurrence of a matchable phrase in the snippet.
+**
+**   (b) +1000 points for the first occurrence of each matchable phrase in 
+**       the snippet for which the corresponding mCovered bit is not set.
+**
+** The selected snippet parameters are stored in structure *pFragment before
+** returning. The score of the selected snippet is stored in *piScore
+** before returning.
+*/
+static int fts3BestSnippet(
+  int nSnippet,                   /* Desired snippet length */
+  Fts3Cursor *pCsr,               /* Cursor to create snippet for */
+  int iCol,                       /* Index of column to create snippet from */
+  u64 mCovered,                   /* Mask of phrases already covered */
+  u64 *pmSeen,                    /* IN/OUT: Mask of phrases seen */
+  SnippetFragment *pFragment,     /* OUT: Best snippet found */
+  int *piScore                    /* OUT: Score of snippet pFragment */
+){
+  int rc;                         /* Return Code */
+  int nList;                      /* Number of phrases in expression */
+  SnippetIter sIter;              /* Iterates through snippet candidates */
+  int nByte;                      /* Number of bytes of space to allocate */
+  int iBestScore = -1;            /* Best snippet score found so far */
+  int i;                          /* Loop counter */
+
+  memset(&sIter, 0, sizeof(sIter));
+
+  /* Iterate through the phrases in the expression to count them. The same
+  ** callback makes sure the doclists are loaded for each phrase.
+  */
+  rc = fts3ExprLoadDoclists(pCsr, &nList, 0);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  /* Now that it is known how many phrases there are, allocate and zero
+  ** the required space using malloc().
+  */
+  nByte = sizeof(SnippetPhrase) * nList;
+  sIter.aPhrase = (SnippetPhrase *)sqlite3_malloc(nByte);
+  if( !sIter.aPhrase ){
+    return SQLITE_NOMEM;
+  }
+  memset(sIter.aPhrase, 0, nByte);
+
+  /* Initialize the contents of the SnippetIter object. Then iterate through
+  ** the set of phrases in the expression to populate the aPhrase[] array.
+  */
+  sIter.pCsr = pCsr;
+  sIter.iCol = iCol;
+  sIter.nSnippet = nSnippet;
+  sIter.nPhrase = nList;
+  sIter.iCurrent = -1;
+  rc = fts3ExprIterate(pCsr->pExpr, fts3SnippetFindPositions, (void*)&sIter);
+  if( rc==SQLITE_OK ){
+
+    /* Set the *pmSeen output variable. */
+    for(i=0; i<nList; i++){
+      if( sIter.aPhrase[i].pHead ){
+        *pmSeen |= (u64)1 << i;
+      }
+    }
+
+    /* Loop through all candidate snippets. Store the best snippet in 
+     ** *pFragment. Store its associated 'score' in iBestScore.
+     */
+    pFragment->iCol = iCol;
+    while( !fts3SnippetNextCandidate(&sIter) ){
+      int iPos;
+      int iScore;
+      u64 mCover;
+      u64 mHighlite;
+      fts3SnippetDetails(&sIter, mCovered, &iPos, &iScore, &mCover,&mHighlite);
+      assert( iScore>=0 );
+      if( iScore>iBestScore ){
+        pFragment->iPos = iPos;
+        pFragment->hlmask = mHighlite;
+        pFragment->covered = mCover;
+        iBestScore = iScore;
+      }
+    }
+
+    *piScore = iBestScore;
+  }
+  sqlite3_free(sIter.aPhrase);
+  return rc;
+}
+
+
+/*
+** Append a string to the string-buffer passed as the first argument.
+**
+** If nAppend is negative, then the length of the string zAppend is
+** determined using strlen().
+*/
+static int fts3StringAppend(
+  StrBuffer *pStr,                /* Buffer to append to */
+  const char *zAppend,            /* Pointer to data to append to buffer */
+  int nAppend                     /* Size of zAppend in bytes (or -1) */
+){
+  if( nAppend<0 ){
+    nAppend = (int)strlen(zAppend);
+  }
+
+  /* If there is insufficient space allocated at StrBuffer.z, use realloc()
+  ** to grow the buffer until so that it is big enough to accomadate the
+  ** appended data.
+  */
+  if( pStr->n+nAppend+1>=pStr->nAlloc ){
+    int nAlloc = pStr->nAlloc+nAppend+100;
+    char *zNew = sqlite3_realloc(pStr->z, nAlloc);
+    if( !zNew ){
+      return SQLITE_NOMEM;
+    }
+    pStr->z = zNew;
+    pStr->nAlloc = nAlloc;
+  }
+  assert( pStr->z!=0 && (pStr->nAlloc >= pStr->n+nAppend+1) );
+
+  /* Append the data to the string buffer. */
+  memcpy(&pStr->z[pStr->n], zAppend, nAppend);
+  pStr->n += nAppend;
+  pStr->z[pStr->n] = '\0';
+
+  return SQLITE_OK;
+}
+
+/*
+** The fts3BestSnippet() function often selects snippets that end with a
+** query term. That is, the final term of the snippet is always a term
+** that requires highlighting. For example, if 'X' is a highlighted term
+** and '.' is a non-highlighted term, BestSnippet() may select:
+**
+**     ........X.....X
+**
+** This function "shifts" the beginning of the snippet forward in the 
+** document so that there are approximately the same number of 
+** non-highlighted terms to the right of the final highlighted term as there
+** are to the left of the first highlighted term. For example, to this:
+**
+**     ....X.....X....
+**
+** This is done as part of extracting the snippet text, not when selecting
+** the snippet. Snippet selection is done based on doclists only, so there
+** is no way for fts3BestSnippet() to know whether or not the document 
+** actually contains terms that follow the final highlighted term. 
+*/
+static int fts3SnippetShift(
+  Fts3Table *pTab,                /* FTS3 table snippet comes from */
+  int iLangid,                    /* Language id to use in tokenizing */
+  int nSnippet,                   /* Number of tokens desired for snippet */
+  const char *zDoc,               /* Document text to extract snippet from */
+  int nDoc,                       /* Size of buffer zDoc in bytes */
+  int *piPos,                     /* IN/OUT: First token of snippet */
+  u64 *pHlmask                    /* IN/OUT: Mask of tokens to highlight */
+){
+  u64 hlmask = *pHlmask;          /* Local copy of initial highlight-mask */
+
+  if( hlmask ){
+    int nLeft;                    /* Tokens to the left of first highlight */
+    int nRight;                   /* Tokens to the right of last highlight */
+    int nDesired;                 /* Ideal number of tokens to shift forward */
+
+    for(nLeft=0; !(hlmask & ((u64)1 << nLeft)); nLeft++);
+    for(nRight=0; !(hlmask & ((u64)1 << (nSnippet-1-nRight))); nRight++);
+    nDesired = (nLeft-nRight)/2;
+
+    /* Ideally, the start of the snippet should be pushed forward in the
+    ** document nDesired tokens. This block checks if there are actually
+    ** nDesired tokens to the right of the snippet. If so, *piPos and
+    ** *pHlMask are updated to shift the snippet nDesired tokens to the
+    ** right. Otherwise, the snippet is shifted by the number of tokens
+    ** available.
+    */
+    if( nDesired>0 ){
+      int nShift;                 /* Number of tokens to shift snippet by */
+      int iCurrent = 0;           /* Token counter */
+      int rc;                     /* Return Code */
+      sqlite3_tokenizer_module *pMod;
+      sqlite3_tokenizer_cursor *pC;
+      pMod = (sqlite3_tokenizer_module *)pTab->pTokenizer->pModule;
+
+      /* Open a cursor on zDoc/nDoc. Check if there are (nSnippet+nDesired)
+      ** or more tokens in zDoc/nDoc.
+      */
+      rc = sqlite3Fts3OpenTokenizer(pTab->pTokenizer, iLangid, zDoc, nDoc, &pC);
+      if( rc!=SQLITE_OK ){
+        return rc;
+      }
+      while( rc==SQLITE_OK && iCurrent<(nSnippet+nDesired) ){
+        const char *ZDUMMY; int DUMMY1 = 0, DUMMY2 = 0, DUMMY3 = 0;
+        rc = pMod->xNext(pC, &ZDUMMY, &DUMMY1, &DUMMY2, &DUMMY3, &iCurrent);
+      }
+      pMod->xClose(pC);
+      if( rc!=SQLITE_OK && rc!=SQLITE_DONE ){ return rc; }
+
+      nShift = (rc==SQLITE_DONE)+iCurrent-nSnippet;
+      assert( nShift<=nDesired );
+      if( nShift>0 ){
+        *piPos += nShift;
+        *pHlmask = hlmask >> nShift;
+      }
+    }
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Extract the snippet text for fragment pFragment from cursor pCsr and
+** append it to string buffer pOut.
+*/
+static int fts3SnippetText(
+  Fts3Cursor *pCsr,               /* FTS3 Cursor */
+  SnippetFragment *pFragment,     /* Snippet to extract */
+  int iFragment,                  /* Fragment number */
+  int isLast,                     /* True for final fragment in snippet */
+  int nSnippet,                   /* Number of tokens in extracted snippet */
+  const char *zOpen,              /* String inserted before highlighted term */
+  const char *zClose,             /* String inserted after highlighted term */
+  const char *zEllipsis,          /* String inserted between snippets */
+  StrBuffer *pOut                 /* Write output here */
+){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int rc;                         /* Return code */
+  const char *zDoc;               /* Document text to extract snippet from */
+  int nDoc;                       /* Size of zDoc in bytes */
+  int iCurrent = 0;               /* Current token number of document */
+  int iEnd = 0;                   /* Byte offset of end of current token */
+  int isShiftDone = 0;            /* True after snippet is shifted */
+  int iPos = pFragment->iPos;     /* First token of snippet */
+  u64 hlmask = pFragment->hlmask; /* Highlight-mask for snippet */
+  int iCol = pFragment->iCol+1;   /* Query column to extract text from */
+  sqlite3_tokenizer_module *pMod; /* Tokenizer module methods object */
+  sqlite3_tokenizer_cursor *pC;   /* Tokenizer cursor open on zDoc/nDoc */
+  
+  zDoc = (const char *)sqlite3_column_text(pCsr->pStmt, iCol);
+  if( zDoc==0 ){
+    if( sqlite3_column_type(pCsr->pStmt, iCol)!=SQLITE_NULL ){
+      return SQLITE_NOMEM;
+    }
+    return SQLITE_OK;
+  }
+  nDoc = sqlite3_column_bytes(pCsr->pStmt, iCol);
+
+  /* Open a token cursor on the document. */
+  pMod = (sqlite3_tokenizer_module *)pTab->pTokenizer->pModule;
+  rc = sqlite3Fts3OpenTokenizer(pTab->pTokenizer, pCsr->iLangid, zDoc,nDoc,&pC);
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  while( rc==SQLITE_OK ){
+    const char *ZDUMMY;           /* Dummy argument used with tokenizer */
+    int DUMMY1 = -1;              /* Dummy argument used with tokenizer */
+    int iBegin = 0;               /* Offset in zDoc of start of token */
+    int iFin = 0;                 /* Offset in zDoc of end of token */
+    int isHighlight = 0;          /* True for highlighted terms */
+
+    /* Variable DUMMY1 is initialized to a negative value above. Elsewhere
+    ** in the FTS code the variable that the third argument to xNext points to
+    ** is initialized to zero before the first (*but not necessarily
+    ** subsequent*) call to xNext(). This is done for a particular application
+    ** that needs to know whether or not the tokenizer is being used for
+    ** snippet generation or for some other purpose.
+    **
+    ** Extreme care is required when writing code to depend on this
+    ** initialization. It is not a documented part of the tokenizer interface.
+    ** If a tokenizer is used directly by any code outside of FTS, this
+    ** convention might not be respected.  */
+    rc = pMod->xNext(pC, &ZDUMMY, &DUMMY1, &iBegin, &iFin, &iCurrent);
+    if( rc!=SQLITE_OK ){
+      if( rc==SQLITE_DONE ){
+        /* Special case - the last token of the snippet is also the last token
+        ** of the column. Append any punctuation that occurred between the end
+        ** of the previous token and the end of the document to the output. 
+        ** Then break out of the loop. */
+        rc = fts3StringAppend(pOut, &zDoc[iEnd], -1);
+      }
+      break;
+    }
+    if( iCurrent<iPos ){ continue; }
+
+    if( !isShiftDone ){
+      int n = nDoc - iBegin;
+      rc = fts3SnippetShift(
+          pTab, pCsr->iLangid, nSnippet, &zDoc[iBegin], n, &iPos, &hlmask
+      );
+      isShiftDone = 1;
+
+      /* Now that the shift has been done, check if the initial "..." are
+      ** required. They are required if (a) this is not the first fragment,
+      ** or (b) this fragment does not begin at position 0 of its column. 
+      */
+      if( rc==SQLITE_OK ){
+        if( iPos>0 || iFragment>0 ){
+          rc = fts3StringAppend(pOut, zEllipsis, -1);
+        }else if( iBegin ){
+          rc = fts3StringAppend(pOut, zDoc, iBegin);
+        }
+      }
+      if( rc!=SQLITE_OK || iCurrent<iPos ) continue;
+    }
+
+    if( iCurrent>=(iPos+nSnippet) ){
+      if( isLast ){
+        rc = fts3StringAppend(pOut, zEllipsis, -1);
+      }
+      break;
+    }
+
+    /* Set isHighlight to true if this term should be highlighted. */
+    isHighlight = (hlmask & ((u64)1 << (iCurrent-iPos)))!=0;
+
+    if( iCurrent>iPos ) rc = fts3StringAppend(pOut, &zDoc[iEnd], iBegin-iEnd);
+    if( rc==SQLITE_OK && isHighlight ) rc = fts3StringAppend(pOut, zOpen, -1);
+    if( rc==SQLITE_OK ) rc = fts3StringAppend(pOut, &zDoc[iBegin], iFin-iBegin);
+    if( rc==SQLITE_OK && isHighlight ) rc = fts3StringAppend(pOut, zClose, -1);
+
+    iEnd = iFin;
+  }
+
+  pMod->xClose(pC);
+  return rc;
+}
+
+
+/*
+** This function is used to count the entries in a column-list (a 
+** delta-encoded list of term offsets within a single column of a single 
+** row). When this function is called, *ppCollist should point to the
+** beginning of the first varint in the column-list (the varint that
+** contains the position of the first matching term in the column data).
+** Before returning, *ppCollist is set to point to the first byte after
+** the last varint in the column-list (either the 0x00 signifying the end
+** of the position-list, or the 0x01 that precedes the column number of
+** the next column in the position-list).
+**
+** The number of elements in the column-list is returned.
+*/
+static int fts3ColumnlistCount(char **ppCollist){
+  char *pEnd = *ppCollist;
+  char c = 0;
+  int nEntry = 0;
+
+  /* A column-list is terminated by either a 0x01 or 0x00. */
+  while( 0xFE & (*pEnd | c) ){
+    c = *pEnd++ & 0x80;
+    if( !c ) nEntry++;
+  }
+
+  *ppCollist = pEnd;
+  return nEntry;
+}
+
+/*
+** This function gathers 'y' or 'b' data for a single phrase.
+*/
+static void fts3ExprLHits(
+  Fts3Expr *pExpr,                /* Phrase expression node */
+  MatchInfo *p                    /* Matchinfo context */
+){
+  Fts3Table *pTab = (Fts3Table *)p->pCursor->base.pVtab;
+  int iStart;
+  Fts3Phrase *pPhrase = pExpr->pPhrase;
+  char *pIter = pPhrase->doclist.pList;
+  int iCol = 0;
+
+  assert( p->flag==FTS3_MATCHINFO_LHITS_BM || p->flag==FTS3_MATCHINFO_LHITS );
+  if( p->flag==FTS3_MATCHINFO_LHITS ){
+    iStart = pExpr->iPhrase * p->nCol;
+  }else{
+    iStart = pExpr->iPhrase * ((p->nCol + 31) / 32);
+  }
+
+  while( 1 ){
+    int nHit = fts3ColumnlistCount(&pIter);
+    if( (pPhrase->iColumn>=pTab->nColumn || pPhrase->iColumn==iCol) ){
+      if( p->flag==FTS3_MATCHINFO_LHITS ){
+        p->aMatchinfo[iStart + iCol] = (u32)nHit;
+      }else if( nHit ){
+        p->aMatchinfo[iStart + (iCol+1)/32] |= (1 << (iCol&0x1F));
+      }
+    }
+    assert( *pIter==0x00 || *pIter==0x01 );
+    if( *pIter!=0x01 ) break;
+    pIter++;
+    pIter += fts3GetVarint32(pIter, &iCol);
+  }
+}
+
+/*
+** Gather the results for matchinfo directives 'y' and 'b'.
+*/
+static void fts3ExprLHitGather(
+  Fts3Expr *pExpr,
+  MatchInfo *p
+){
+  assert( (pExpr->pLeft==0)==(pExpr->pRight==0) );
+  if( pExpr->bEof==0 && pExpr->iDocid==p->pCursor->iPrevId ){
+    if( pExpr->pLeft ){
+      fts3ExprLHitGather(pExpr->pLeft, p);
+      fts3ExprLHitGather(pExpr->pRight, p);
+    }else{
+      fts3ExprLHits(pExpr, p);
+    }
+  }
+}
+
+/*
+** fts3ExprIterate() callback used to collect the "global" matchinfo stats
+** for a single query. 
+**
+** fts3ExprIterate() callback to load the 'global' elements of a
+** FTS3_MATCHINFO_HITS matchinfo array. The global stats are those elements 
+** of the matchinfo array that are constant for all rows returned by the 
+** current query.
+**
+** Argument pCtx is actually a pointer to a struct of type MatchInfo. This
+** function populates Matchinfo.aMatchinfo[] as follows:
+**
+**   for(iCol=0; iCol<nCol; iCol++){
+**     aMatchinfo[3*iPhrase*nCol + 3*iCol + 1] = X;
+**     aMatchinfo[3*iPhrase*nCol + 3*iCol + 2] = Y;
+**   }
+**
+** where X is the number of matches for phrase iPhrase is column iCol of all
+** rows of the table. Y is the number of rows for which column iCol contains
+** at least one instance of phrase iPhrase.
+**
+** If the phrase pExpr consists entirely of deferred tokens, then all X and
+** Y values are set to nDoc, where nDoc is the number of documents in the 
+** file system. This is done because the full-text index doclist is required
+** to calculate these values properly, and the full-text index doclist is
+** not available for deferred tokens.
+*/
+static int fts3ExprGlobalHitsCb(
+  Fts3Expr *pExpr,                /* Phrase expression node */
+  int iPhrase,                    /* Phrase number (numbered from zero) */
+  void *pCtx                      /* Pointer to MatchInfo structure */
+){
+  MatchInfo *p = (MatchInfo *)pCtx;
+  return sqlite3Fts3EvalPhraseStats(
+      p->pCursor, pExpr, &p->aMatchinfo[3*iPhrase*p->nCol]
+  );
+}
+
+/*
+** fts3ExprIterate() callback used to collect the "local" part of the
+** FTS3_MATCHINFO_HITS array. The local stats are those elements of the 
+** array that are different for each row returned by the query.
+*/
+static int fts3ExprLocalHitsCb(
+  Fts3Expr *pExpr,                /* Phrase expression node */
+  int iPhrase,                    /* Phrase number */
+  void *pCtx                      /* Pointer to MatchInfo structure */
+){
+  int rc = SQLITE_OK;
+  MatchInfo *p = (MatchInfo *)pCtx;
+  int iStart = iPhrase * p->nCol * 3;
+  int i;
+
+  for(i=0; i<p->nCol && rc==SQLITE_OK; i++){
+    char *pCsr;
+    rc = sqlite3Fts3EvalPhrasePoslist(p->pCursor, pExpr, i, &pCsr);
+    if( pCsr ){
+      p->aMatchinfo[iStart+i*3] = fts3ColumnlistCount(&pCsr);
+    }else{
+      p->aMatchinfo[iStart+i*3] = 0;
+    }
+  }
+
+  return rc;
+}
+
+static int fts3MatchinfoCheck(
+  Fts3Table *pTab, 
+  char cArg,
+  char **pzErr
+){
+  if( (cArg==FTS3_MATCHINFO_NPHRASE)
+   || (cArg==FTS3_MATCHINFO_NCOL)
+   || (cArg==FTS3_MATCHINFO_NDOC && pTab->bFts4)
+   || (cArg==FTS3_MATCHINFO_AVGLENGTH && pTab->bFts4)
+   || (cArg==FTS3_MATCHINFO_LENGTH && pTab->bHasDocsize)
+   || (cArg==FTS3_MATCHINFO_LCS)
+   || (cArg==FTS3_MATCHINFO_HITS)
+   || (cArg==FTS3_MATCHINFO_LHITS)
+   || (cArg==FTS3_MATCHINFO_LHITS_BM)
+  ){
+    return SQLITE_OK;
+  }
+  sqlite3Fts3ErrMsg(pzErr, "unrecognized matchinfo request: %c", cArg);
+  return SQLITE_ERROR;
+}
+
+static int fts3MatchinfoSize(MatchInfo *pInfo, char cArg){
+  int nVal;                       /* Number of integers output by cArg */
+
+  switch( cArg ){
+    case FTS3_MATCHINFO_NDOC:
+    case FTS3_MATCHINFO_NPHRASE: 
+    case FTS3_MATCHINFO_NCOL: 
+      nVal = 1;
+      break;
+
+    case FTS3_MATCHINFO_AVGLENGTH:
+    case FTS3_MATCHINFO_LENGTH:
+    case FTS3_MATCHINFO_LCS:
+      nVal = pInfo->nCol;
+      break;
+
+    case FTS3_MATCHINFO_LHITS:
+      nVal = pInfo->nCol * pInfo->nPhrase;
+      break;
+
+    case FTS3_MATCHINFO_LHITS_BM:
+      nVal = pInfo->nPhrase * ((pInfo->nCol + 31) / 32);
+      break;
+
+    default:
+      assert( cArg==FTS3_MATCHINFO_HITS );
+      nVal = pInfo->nCol * pInfo->nPhrase * 3;
+      break;
+  }
+
+  return nVal;
+}
+
+static int fts3MatchinfoSelectDoctotal(
+  Fts3Table *pTab,
+  sqlite3_stmt **ppStmt,
+  sqlite3_int64 *pnDoc,
+  const char **paLen
+){
+  sqlite3_stmt *pStmt;
+  const char *a;
+  sqlite3_int64 nDoc;
+
+  if( !*ppStmt ){
+    int rc = sqlite3Fts3SelectDoctotal(pTab, ppStmt);
+    if( rc!=SQLITE_OK ) return rc;
+  }
+  pStmt = *ppStmt;
+  assert( sqlite3_data_count(pStmt)==1 );
+
+  a = sqlite3_column_blob(pStmt, 0);
+  a += sqlite3Fts3GetVarint(a, &nDoc);
+  if( nDoc==0 ) return FTS_CORRUPT_VTAB;
+  *pnDoc = (u32)nDoc;
+
+  if( paLen ) *paLen = a;
+  return SQLITE_OK;
+}
+
+/*
+** An instance of the following structure is used to store state while 
+** iterating through a multi-column position-list corresponding to the
+** hits for a single phrase on a single row in order to calculate the
+** values for a matchinfo() FTS3_MATCHINFO_LCS request.
+*/
+typedef struct LcsIterator LcsIterator;
+struct LcsIterator {
+  Fts3Expr *pExpr;                /* Pointer to phrase expression */
+  int iPosOffset;                 /* Tokens count up to end of this phrase */
+  char *pRead;                    /* Cursor used to iterate through aDoclist */
+  int iPos;                       /* Current position */
+};
+
+/* 
+** If LcsIterator.iCol is set to the following value, the iterator has
+** finished iterating through all offsets for all columns.
+*/
+#define LCS_ITERATOR_FINISHED 0x7FFFFFFF;
+
+static int fts3MatchinfoLcsCb(
+  Fts3Expr *pExpr,                /* Phrase expression node */
+  int iPhrase,                    /* Phrase number (numbered from zero) */
+  void *pCtx                      /* Pointer to MatchInfo structure */
+){
+  LcsIterator *aIter = (LcsIterator *)pCtx;
+  aIter[iPhrase].pExpr = pExpr;
+  return SQLITE_OK;
+}
+
+/*
+** Advance the iterator passed as an argument to the next position. Return
+** 1 if the iterator is at EOF or if it now points to the start of the
+** position list for the next column.
+*/
+static int fts3LcsIteratorAdvance(LcsIterator *pIter){
+  char *pRead = pIter->pRead;
+  sqlite3_int64 iRead;
+  int rc = 0;
+
+  pRead += sqlite3Fts3GetVarint(pRead, &iRead);
+  if( iRead==0 || iRead==1 ){
+    pRead = 0;
+    rc = 1;
+  }else{
+    pIter->iPos += (int)(iRead-2);
+  }
+
+  pIter->pRead = pRead;
+  return rc;
+}
+  
+/*
+** This function implements the FTS3_MATCHINFO_LCS matchinfo() flag. 
+**
+** If the call is successful, the longest-common-substring lengths for each
+** column are written into the first nCol elements of the pInfo->aMatchinfo[] 
+** array before returning. SQLITE_OK is returned in this case.
+**
+** Otherwise, if an error occurs, an SQLite error code is returned and the
+** data written to the first nCol elements of pInfo->aMatchinfo[] is 
+** undefined.
+*/
+static int fts3MatchinfoLcs(Fts3Cursor *pCsr, MatchInfo *pInfo){
+  LcsIterator *aIter;
+  int i;
+  int iCol;
+  int nToken = 0;
+
+  /* Allocate and populate the array of LcsIterator objects. The array
+  ** contains one element for each matchable phrase in the query.
+  **/
+  aIter = sqlite3_malloc(sizeof(LcsIterator) * pCsr->nPhrase);
+  if( !aIter ) return SQLITE_NOMEM;
+  memset(aIter, 0, sizeof(LcsIterator) * pCsr->nPhrase);
+  (void)fts3ExprIterate(pCsr->pExpr, fts3MatchinfoLcsCb, (void*)aIter);
+
+  for(i=0; i<pInfo->nPhrase; i++){
+    LcsIterator *pIter = &aIter[i];
+    nToken -= pIter->pExpr->pPhrase->nToken;
+    pIter->iPosOffset = nToken;
+  }
+
+  for(iCol=0; iCol<pInfo->nCol; iCol++){
+    int nLcs = 0;                 /* LCS value for this column */
+    int nLive = 0;                /* Number of iterators in aIter not at EOF */
+
+    for(i=0; i<pInfo->nPhrase; i++){
+      int rc;
+      LcsIterator *pIt = &aIter[i];
+      rc = sqlite3Fts3EvalPhrasePoslist(pCsr, pIt->pExpr, iCol, &pIt->pRead);
+      if( rc!=SQLITE_OK ) return rc;
+      if( pIt->pRead ){
+        pIt->iPos = pIt->iPosOffset;
+        fts3LcsIteratorAdvance(&aIter[i]);
+        nLive++;
+      }
+    }
+
+    while( nLive>0 ){
+      LcsIterator *pAdv = 0;      /* The iterator to advance by one position */
+      int nThisLcs = 0;           /* LCS for the current iterator positions */
+
+      for(i=0; i<pInfo->nPhrase; i++){
+        LcsIterator *pIter = &aIter[i];
+        if( pIter->pRead==0 ){
+          /* This iterator is already at EOF for this column. */
+          nThisLcs = 0;
+        }else{
+          if( pAdv==0 || pIter->iPos<pAdv->iPos ){
+            pAdv = pIter;
+          }
+          if( nThisLcs==0 || pIter->iPos==pIter[-1].iPos ){
+            nThisLcs++;
+          }else{
+            nThisLcs = 1;
+          }
+          if( nThisLcs>nLcs ) nLcs = nThisLcs;
+        }
+      }
+      if( fts3LcsIteratorAdvance(pAdv) ) nLive--;
+    }
+
+    pInfo->aMatchinfo[iCol] = nLcs;
+  }
+
+  sqlite3_free(aIter);
+  return SQLITE_OK;
+}
+
+/*
+** Populate the buffer pInfo->aMatchinfo[] with an array of integers to
+** be returned by the matchinfo() function. Argument zArg contains the 
+** format string passed as the second argument to matchinfo (or the
+** default value "pcx" if no second argument was specified). The format
+** string has already been validated and the pInfo->aMatchinfo[] array
+** is guaranteed to be large enough for the output.
+**
+** If bGlobal is true, then populate all fields of the matchinfo() output.
+** If it is false, then assume that those fields that do not change between
+** rows (i.e. FTS3_MATCHINFO_NPHRASE, NCOL, NDOC, AVGLENGTH and part of HITS)
+** have already been populated.
+**
+** Return SQLITE_OK if successful, or an SQLite error code if an error 
+** occurs. If a value other than SQLITE_OK is returned, the state the
+** pInfo->aMatchinfo[] buffer is left in is undefined.
+*/
+static int fts3MatchinfoValues(
+  Fts3Cursor *pCsr,               /* FTS3 cursor object */
+  int bGlobal,                    /* True to grab the global stats */
+  MatchInfo *pInfo,               /* Matchinfo context object */
+  const char *zArg                /* Matchinfo format string */
+){
+  int rc = SQLITE_OK;
+  int i;
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  sqlite3_stmt *pSelect = 0;
+
+  for(i=0; rc==SQLITE_OK && zArg[i]; i++){
+    pInfo->flag = zArg[i];
+    switch( zArg[i] ){
+      case FTS3_MATCHINFO_NPHRASE:
+        if( bGlobal ) pInfo->aMatchinfo[0] = pInfo->nPhrase;
+        break;
+
+      case FTS3_MATCHINFO_NCOL:
+        if( bGlobal ) pInfo->aMatchinfo[0] = pInfo->nCol;
+        break;
+        
+      case FTS3_MATCHINFO_NDOC:
+        if( bGlobal ){
+          sqlite3_int64 nDoc = 0;
+          rc = fts3MatchinfoSelectDoctotal(pTab, &pSelect, &nDoc, 0);
+          pInfo->aMatchinfo[0] = (u32)nDoc;
+        }
+        break;
+
+      case FTS3_MATCHINFO_AVGLENGTH: 
+        if( bGlobal ){
+          sqlite3_int64 nDoc;     /* Number of rows in table */
+          const char *a;          /* Aggregate column length array */
+
+          rc = fts3MatchinfoSelectDoctotal(pTab, &pSelect, &nDoc, &a);
+          if( rc==SQLITE_OK ){
+            int iCol;
+            for(iCol=0; iCol<pInfo->nCol; iCol++){
+              u32 iVal;
+              sqlite3_int64 nToken;
+              a += sqlite3Fts3GetVarint(a, &nToken);
+              iVal = (u32)(((u32)(nToken&0xffffffff)+nDoc/2)/nDoc);
+              pInfo->aMatchinfo[iCol] = iVal;
+            }
+          }
+        }
+        break;
+
+      case FTS3_MATCHINFO_LENGTH: {
+        sqlite3_stmt *pSelectDocsize = 0;
+        rc = sqlite3Fts3SelectDocsize(pTab, pCsr->iPrevId, &pSelectDocsize);
+        if( rc==SQLITE_OK ){
+          int iCol;
+          const char *a = sqlite3_column_blob(pSelectDocsize, 0);
+          for(iCol=0; iCol<pInfo->nCol; iCol++){
+            sqlite3_int64 nToken;
+            a += sqlite3Fts3GetVarint(a, &nToken);
+            pInfo->aMatchinfo[iCol] = (u32)nToken;
+          }
+        }
+        sqlite3_reset(pSelectDocsize);
+        break;
+      }
+
+      case FTS3_MATCHINFO_LCS:
+        rc = fts3ExprLoadDoclists(pCsr, 0, 0);
+        if( rc==SQLITE_OK ){
+          rc = fts3MatchinfoLcs(pCsr, pInfo);
+        }
+        break;
+
+      case FTS3_MATCHINFO_LHITS_BM:
+      case FTS3_MATCHINFO_LHITS: {
+        int nZero = fts3MatchinfoSize(pInfo, zArg[i]) * sizeof(u32);
+        memset(pInfo->aMatchinfo, 0, nZero);
+        fts3ExprLHitGather(pCsr->pExpr, pInfo);
+        break;
+      }
+
+      default: {
+        Fts3Expr *pExpr;
+        assert( zArg[i]==FTS3_MATCHINFO_HITS );
+        pExpr = pCsr->pExpr;
+        rc = fts3ExprLoadDoclists(pCsr, 0, 0);
+        if( rc!=SQLITE_OK ) break;
+        if( bGlobal ){
+          if( pCsr->pDeferred ){
+            rc = fts3MatchinfoSelectDoctotal(pTab, &pSelect, &pInfo->nDoc, 0);
+            if( rc!=SQLITE_OK ) break;
+          }
+          rc = fts3ExprIterate(pExpr, fts3ExprGlobalHitsCb,(void*)pInfo);
+          sqlite3Fts3EvalTestDeferred(pCsr, &rc);
+          if( rc!=SQLITE_OK ) break;
+        }
+        (void)fts3ExprIterate(pExpr, fts3ExprLocalHitsCb,(void*)pInfo);
+        break;
+      }
+    }
+
+    pInfo->aMatchinfo += fts3MatchinfoSize(pInfo, zArg[i]);
+  }
+
+  sqlite3_reset(pSelect);
+  return rc;
+}
+
+
+/*
+** Populate pCsr->aMatchinfo[] with data for the current row. The 
+** 'matchinfo' data is an array of 32-bit unsigned integers (C type u32).
+*/
+static void fts3GetMatchinfo(
+  sqlite3_context *pCtx,        /* Return results here */
+  Fts3Cursor *pCsr,               /* FTS3 Cursor object */
+  const char *zArg                /* Second argument to matchinfo() function */
+){
+  MatchInfo sInfo;
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int rc = SQLITE_OK;
+  int bGlobal = 0;                /* Collect 'global' stats as well as local */
+
+  u32 *aOut = 0;
+  void (*xDestroyOut)(void*) = 0;
+
+  memset(&sInfo, 0, sizeof(MatchInfo));
+  sInfo.pCursor = pCsr;
+  sInfo.nCol = pTab->nColumn;
+
+  /* If there is cached matchinfo() data, but the format string for the 
+  ** cache does not match the format string for this request, discard 
+  ** the cached data. */
+  if( pCsr->pMIBuffer && strcmp(pCsr->pMIBuffer->zMatchinfo, zArg) ){
+    sqlite3Fts3MIBufferFree(pCsr->pMIBuffer);
+    pCsr->pMIBuffer = 0;
+  }
+
+  /* If Fts3Cursor.pMIBuffer is NULL, then this is the first time the
+  ** matchinfo function has been called for this query. In this case 
+  ** allocate the array used to accumulate the matchinfo data and
+  ** initialize those elements that are constant for every row.
+  */
+  if( pCsr->pMIBuffer==0 ){
+    int nMatchinfo = 0;           /* Number of u32 elements in match-info */
+    int i;                        /* Used to iterate through zArg */
+
+    /* Determine the number of phrases in the query */
+    pCsr->nPhrase = fts3ExprPhraseCount(pCsr->pExpr);
+    sInfo.nPhrase = pCsr->nPhrase;
+
+    /* Determine the number of integers in the buffer returned by this call. */
+    for(i=0; zArg[i]; i++){
+      char *zErr = 0;
+      if( fts3MatchinfoCheck(pTab, zArg[i], &zErr) ){
+        sqlite3_result_error(pCtx, zErr, -1);
+        sqlite3_free(zErr);
+        return;
+      }
+      nMatchinfo += fts3MatchinfoSize(&sInfo, zArg[i]);
+    }
+
+    /* Allocate space for Fts3Cursor.aMatchinfo[] and Fts3Cursor.zMatchinfo. */
+    pCsr->pMIBuffer = fts3MIBufferNew(nMatchinfo, zArg);
+    if( !pCsr->pMIBuffer ) rc = SQLITE_NOMEM;
+
+    pCsr->isMatchinfoNeeded = 1;
+    bGlobal = 1;
+  }
+
+  if( rc==SQLITE_OK ){
+    xDestroyOut = fts3MIBufferAlloc(pCsr->pMIBuffer, &aOut);
+    if( xDestroyOut==0 ){
+      rc = SQLITE_NOMEM;
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    sInfo.aMatchinfo = aOut;
+    sInfo.nPhrase = pCsr->nPhrase;
+    rc = fts3MatchinfoValues(pCsr, bGlobal, &sInfo, zArg);
+    if( bGlobal ){
+      fts3MIBufferSetGlobal(pCsr->pMIBuffer);
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    sqlite3_result_error_code(pCtx, rc);
+    if( xDestroyOut ) xDestroyOut(aOut);
+  }else{
+    int n = pCsr->pMIBuffer->nElem * sizeof(u32);
+    sqlite3_result_blob(pCtx, aOut, n, xDestroyOut);
+  }
+}
+
+/*
+** Implementation of snippet() function.
+*/
+SQLITE_PRIVATE void sqlite3Fts3Snippet(
+  sqlite3_context *pCtx,          /* SQLite function call context */
+  Fts3Cursor *pCsr,               /* Cursor object */
+  const char *zStart,             /* Snippet start text - "<b>" */
+  const char *zEnd,               /* Snippet end text - "</b>" */
+  const char *zEllipsis,          /* Snippet ellipsis text - "<b>...</b>" */
+  int iCol,                       /* Extract snippet from this column */
+  int nToken                      /* Approximate number of tokens in snippet */
+){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  int rc = SQLITE_OK;
+  int i;
+  StrBuffer res = {0, 0, 0};
+
+  /* The returned text includes up to four fragments of text extracted from
+  ** the data in the current row. The first iteration of the for(...) loop
+  ** below attempts to locate a single fragment of text nToken tokens in 
+  ** size that contains at least one instance of all phrases in the query
+  ** expression that appear in the current row. If such a fragment of text
+  ** cannot be found, the second iteration of the loop attempts to locate
+  ** a pair of fragments, and so on.
+  */
+  int nSnippet = 0;               /* Number of fragments in this snippet */
+  SnippetFragment aSnippet[4];    /* Maximum of 4 fragments per snippet */
+  int nFToken = -1;               /* Number of tokens in each fragment */
+
+  if( !pCsr->pExpr ){
+    sqlite3_result_text(pCtx, "", 0, SQLITE_STATIC);
+    return;
+  }
+
+  for(nSnippet=1; 1; nSnippet++){
+
+    int iSnip;                    /* Loop counter 0..nSnippet-1 */
+    u64 mCovered = 0;             /* Bitmask of phrases covered by snippet */
+    u64 mSeen = 0;                /* Bitmask of phrases seen by BestSnippet() */
+
+    if( nToken>=0 ){
+      nFToken = (nToken+nSnippet-1) / nSnippet;
+    }else{
+      nFToken = -1 * nToken;
+    }
+
+    for(iSnip=0; iSnip<nSnippet; iSnip++){
+      int iBestScore = -1;        /* Best score of columns checked so far */
+      int iRead;                  /* Used to iterate through columns */
+      SnippetFragment *pFragment = &aSnippet[iSnip];
+
+      memset(pFragment, 0, sizeof(*pFragment));
+
+      /* Loop through all columns of the table being considered for snippets.
+      ** If the iCol argument to this function was negative, this means all
+      ** columns of the FTS3 table. Otherwise, only column iCol is considered.
+      */
+      for(iRead=0; iRead<pTab->nColumn; iRead++){
+        SnippetFragment sF = {0, 0, 0, 0};
+        int iS = 0;
+        if( iCol>=0 && iRead!=iCol ) continue;
+
+        /* Find the best snippet of nFToken tokens in column iRead. */
+        rc = fts3BestSnippet(nFToken, pCsr, iRead, mCovered, &mSeen, &sF, &iS);
+        if( rc!=SQLITE_OK ){
+          goto snippet_out;
+        }
+        if( iS>iBestScore ){
+          *pFragment = sF;
+          iBestScore = iS;
+        }
+      }
+
+      mCovered |= pFragment->covered;
+    }
+
+    /* If all query phrases seen by fts3BestSnippet() are present in at least
+    ** one of the nSnippet snippet fragments, break out of the loop.
+    */
+    assert( (mCovered&mSeen)==mCovered );
+    if( mSeen==mCovered || nSnippet==SizeofArray(aSnippet) ) break;
+  }
+
+  assert( nFToken>0 );
+
+  for(i=0; i<nSnippet && rc==SQLITE_OK; i++){
+    rc = fts3SnippetText(pCsr, &aSnippet[i], 
+        i, (i==nSnippet-1), nFToken, zStart, zEnd, zEllipsis, &res
+    );
+  }
+
+ snippet_out:
+  sqlite3Fts3SegmentsClose(pTab);
+  if( rc!=SQLITE_OK ){
+    sqlite3_result_error_code(pCtx, rc);
+    sqlite3_free(res.z);
+  }else{
+    sqlite3_result_text(pCtx, res.z, -1, sqlite3_free);
+  }
+}
+
+
+typedef struct TermOffset TermOffset;
+typedef struct TermOffsetCtx TermOffsetCtx;
+
+struct TermOffset {
+  char *pList;                    /* Position-list */
+  int iPos;                       /* Position just read from pList */
+  int iOff;                       /* Offset of this term from read positions */
+};
+
+struct TermOffsetCtx {
+  Fts3Cursor *pCsr;
+  int iCol;                       /* Column of table to populate aTerm for */
+  int iTerm;
+  sqlite3_int64 iDocid;
+  TermOffset *aTerm;
+};
+
+/*
+** This function is an fts3ExprIterate() callback used by sqlite3Fts3Offsets().
+*/
+static int fts3ExprTermOffsetInit(Fts3Expr *pExpr, int iPhrase, void *ctx){
+  TermOffsetCtx *p = (TermOffsetCtx *)ctx;
+  int nTerm;                      /* Number of tokens in phrase */
+  int iTerm;                      /* For looping through nTerm phrase terms */
+  char *pList;                    /* Pointer to position list for phrase */
+  int iPos = 0;                   /* First position in position-list */
+  int rc;
+
+  UNUSED_PARAMETER(iPhrase);
+  rc = sqlite3Fts3EvalPhrasePoslist(p->pCsr, pExpr, p->iCol, &pList);
+  nTerm = pExpr->pPhrase->nToken;
+  if( pList ){
+    fts3GetDeltaPosition(&pList, &iPos);
+    assert( iPos>=0 );
+  }
+
+  for(iTerm=0; iTerm<nTerm; iTerm++){
+    TermOffset *pT = &p->aTerm[p->iTerm++];
+    pT->iOff = nTerm-iTerm-1;
+    pT->pList = pList;
+    pT->iPos = iPos;
+  }
+
+  return rc;
+}
+
+/*
+** Implementation of offsets() function.
+*/
+SQLITE_PRIVATE void sqlite3Fts3Offsets(
+  sqlite3_context *pCtx,          /* SQLite function call context */
+  Fts3Cursor *pCsr                /* Cursor object */
+){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  sqlite3_tokenizer_module const *pMod = pTab->pTokenizer->pModule;
+  int rc;                         /* Return Code */
+  int nToken;                     /* Number of tokens in query */
+  int iCol;                       /* Column currently being processed */
+  StrBuffer res = {0, 0, 0};      /* Result string */
+  TermOffsetCtx sCtx;             /* Context for fts3ExprTermOffsetInit() */
+
+  if( !pCsr->pExpr ){
+    sqlite3_result_text(pCtx, "", 0, SQLITE_STATIC);
+    return;
+  }
+
+  memset(&sCtx, 0, sizeof(sCtx));
+  assert( pCsr->isRequireSeek==0 );
+
+  /* Count the number of terms in the query */
+  rc = fts3ExprLoadDoclists(pCsr, 0, &nToken);
+  if( rc!=SQLITE_OK ) goto offsets_out;
+
+  /* Allocate the array of TermOffset iterators. */
+  sCtx.aTerm = (TermOffset *)sqlite3_malloc(sizeof(TermOffset)*nToken);
+  if( 0==sCtx.aTerm ){
+    rc = SQLITE_NOMEM;
+    goto offsets_out;
+  }
+  sCtx.iDocid = pCsr->iPrevId;
+  sCtx.pCsr = pCsr;
+
+  /* Loop through the table columns, appending offset information to 
+  ** string-buffer res for each column.
+  */
+  for(iCol=0; iCol<pTab->nColumn; iCol++){
+    sqlite3_tokenizer_cursor *pC; /* Tokenizer cursor */
+    const char *ZDUMMY;           /* Dummy argument used with xNext() */
+    int NDUMMY = 0;               /* Dummy argument used with xNext() */
+    int iStart = 0;
+    int iEnd = 0;
+    int iCurrent = 0;
+    const char *zDoc;
+    int nDoc;
+
+    /* Initialize the contents of sCtx.aTerm[] for column iCol. There is 
+    ** no way that this operation can fail, so the return code from
+    ** fts3ExprIterate() can be discarded.
+    */
+    sCtx.iCol = iCol;
+    sCtx.iTerm = 0;
+    (void)fts3ExprIterate(pCsr->pExpr, fts3ExprTermOffsetInit, (void*)&sCtx);
+
+    /* Retreive the text stored in column iCol. If an SQL NULL is stored 
+    ** in column iCol, jump immediately to the next iteration of the loop.
+    ** If an OOM occurs while retrieving the data (this can happen if SQLite
+    ** needs to transform the data from utf-16 to utf-8), return SQLITE_NOMEM 
+    ** to the caller. 
+    */
+    zDoc = (const char *)sqlite3_column_text(pCsr->pStmt, iCol+1);
+    nDoc = sqlite3_column_bytes(pCsr->pStmt, iCol+1);
+    if( zDoc==0 ){
+      if( sqlite3_column_type(pCsr->pStmt, iCol+1)==SQLITE_NULL ){
+        continue;
+      }
+      rc = SQLITE_NOMEM;
+      goto offsets_out;
+    }
+
+    /* Initialize a tokenizer iterator to iterate through column iCol. */
+    rc = sqlite3Fts3OpenTokenizer(pTab->pTokenizer, pCsr->iLangid,
+        zDoc, nDoc, &pC
+    );
+    if( rc!=SQLITE_OK ) goto offsets_out;
+
+    rc = pMod->xNext(pC, &ZDUMMY, &NDUMMY, &iStart, &iEnd, &iCurrent);
+    while( rc==SQLITE_OK ){
+      int i;                      /* Used to loop through terms */
+      int iMinPos = 0x7FFFFFFF;   /* Position of next token */
+      TermOffset *pTerm = 0;      /* TermOffset associated with next token */
+
+      for(i=0; i<nToken; i++){
+        TermOffset *pT = &sCtx.aTerm[i];
+        if( pT->pList && (pT->iPos-pT->iOff)<iMinPos ){
+          iMinPos = pT->iPos-pT->iOff;
+          pTerm = pT;
+        }
+      }
+
+      if( !pTerm ){
+        /* All offsets for this column have been gathered. */
+        rc = SQLITE_DONE;
+      }else{
+        assert( iCurrent<=iMinPos );
+        if( 0==(0xFE&*pTerm->pList) ){
+          pTerm->pList = 0;
+        }else{
+          fts3GetDeltaPosition(&pTerm->pList, &pTerm->iPos);
+        }
+        while( rc==SQLITE_OK && iCurrent<iMinPos ){
+          rc = pMod->xNext(pC, &ZDUMMY, &NDUMMY, &iStart, &iEnd, &iCurrent);
+        }
+        if( rc==SQLITE_OK ){
+          char aBuffer[64];
+          sqlite3_snprintf(sizeof(aBuffer), aBuffer, 
+              "%d %d %d %d ", iCol, pTerm-sCtx.aTerm, iStart, iEnd-iStart
+          );
+          rc = fts3StringAppend(&res, aBuffer, -1);
+        }else if( rc==SQLITE_DONE && pTab->zContentTbl==0 ){
+          rc = FTS_CORRUPT_VTAB;
+        }
+      }
+    }
+    if( rc==SQLITE_DONE ){
+      rc = SQLITE_OK;
+    }
+
+    pMod->xClose(pC);
+    if( rc!=SQLITE_OK ) goto offsets_out;
+  }
+
+ offsets_out:
+  sqlite3_free(sCtx.aTerm);
+  assert( rc!=SQLITE_DONE );
+  sqlite3Fts3SegmentsClose(pTab);
+  if( rc!=SQLITE_OK ){
+    sqlite3_result_error_code(pCtx,  rc);
+    sqlite3_free(res.z);
+  }else{
+    sqlite3_result_text(pCtx, res.z, res.n-1, sqlite3_free);
+  }
+  return;
+}
+
+/*
+** Implementation of matchinfo() function.
+*/
+SQLITE_PRIVATE void sqlite3Fts3Matchinfo(
+  sqlite3_context *pContext,      /* Function call context */
+  Fts3Cursor *pCsr,               /* FTS3 table cursor */
+  const char *zArg                /* Second arg to matchinfo() function */
+){
+  Fts3Table *pTab = (Fts3Table *)pCsr->base.pVtab;
+  const char *zFormat;
+
+  if( zArg ){
+    zFormat = zArg;
+  }else{
+    zFormat = FTS3_MATCHINFO_DEFAULT;
+  }
+
+  if( !pCsr->pExpr ){
+    sqlite3_result_blob(pContext, "", 0, SQLITE_STATIC);
+    return;
+  }else{
+    /* Retrieve matchinfo() data. */
+    fts3GetMatchinfo(pContext, pCsr, zFormat);
+    sqlite3Fts3SegmentsClose(pTab);
+  }
+}
+
+#endif
+
+/************** End of fts3_snippet.c ****************************************/
+/************** Begin file fts3_unicode.c ************************************/
+/*
+** 2012 May 24
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** Implementation of the "unicode" full-text-search tokenizer.
+*/
+
+#ifndef SQLITE_DISABLE_FTS3_UNICODE
+
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+
+/* #include <assert.h> */
+/* #include <stdlib.h> */
+/* #include <stdio.h> */
+/* #include <string.h> */
+
+/* #include "fts3_tokenizer.h" */
+
+/*
+** The following two macros - READ_UTF8 and WRITE_UTF8 - have been copied
+** from the sqlite3 source file utf.c. If this file is compiled as part
+** of the amalgamation, they are not required.
+*/
+#ifndef SQLITE_AMALGAMATION
+
+static const unsigned char sqlite3Utf8Trans1[] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x00, 0x01, 0x02, 0x03, 0x00, 0x01, 0x00, 0x00,
+};
+
+#define READ_UTF8(zIn, zTerm, c)                           \
+  c = *(zIn++);                                            \
+  if( c>=0xc0 ){                                           \
+    c = sqlite3Utf8Trans1[c-0xc0];                         \
+    while( zIn!=zTerm && (*zIn & 0xc0)==0x80 ){            \
+      c = (c<<6) + (0x3f & *(zIn++));                      \
+    }                                                      \
+    if( c<0x80                                             \
+        || (c&0xFFFFF800)==0xD800                          \
+        || (c&0xFFFFFFFE)==0xFFFE ){  c = 0xFFFD; }        \
+  }
+
+#define WRITE_UTF8(zOut, c) {                          \
+  if( c<0x00080 ){                                     \
+    *zOut++ = (u8)(c&0xFF);                            \
+  }                                                    \
+  else if( c<0x00800 ){                                \
+    *zOut++ = 0xC0 + (u8)((c>>6)&0x1F);                \
+    *zOut++ = 0x80 + (u8)(c & 0x3F);                   \
+  }                                                    \
+  else if( c<0x10000 ){                                \
+    *zOut++ = 0xE0 + (u8)((c>>12)&0x0F);               \
+    *zOut++ = 0x80 + (u8)((c>>6) & 0x3F);              \
+    *zOut++ = 0x80 + (u8)(c & 0x3F);                   \
+  }else{                                               \
+    *zOut++ = 0xF0 + (u8)((c>>18) & 0x07);             \
+    *zOut++ = 0x80 + (u8)((c>>12) & 0x3F);             \
+    *zOut++ = 0x80 + (u8)((c>>6) & 0x3F);              \
+    *zOut++ = 0x80 + (u8)(c & 0x3F);                   \
+  }                                                    \
+}
+
+#endif /* ifndef SQLITE_AMALGAMATION */
+
+typedef struct unicode_tokenizer unicode_tokenizer;
+typedef struct unicode_cursor unicode_cursor;
+
+struct unicode_tokenizer {
+  sqlite3_tokenizer base;
+  int bRemoveDiacritic;
+  int nException;
+  int *aiException;
+};
+
+struct unicode_cursor {
+  sqlite3_tokenizer_cursor base;
+  const unsigned char *aInput;    /* Input text being tokenized */
+  int nInput;                     /* Size of aInput[] in bytes */
+  int iOff;                       /* Current offset within aInput[] */
+  int iToken;                     /* Index of next token to be returned */
+  char *zToken;                   /* storage for current token */
+  int nAlloc;                     /* space allocated at zToken */
+};
+
+
+/*
+** Destroy a tokenizer allocated by unicodeCreate().
+*/
+static int unicodeDestroy(sqlite3_tokenizer *pTokenizer){
+  if( pTokenizer ){
+    unicode_tokenizer *p = (unicode_tokenizer *)pTokenizer;
+    sqlite3_free(p->aiException);
+    sqlite3_free(p);
+  }
+  return SQLITE_OK;
+}
+
+/*
+** As part of a tokenchars= or separators= option, the CREATE VIRTUAL TABLE
+** statement has specified that the tokenizer for this table shall consider
+** all characters in string zIn/nIn to be separators (if bAlnum==0) or
+** token characters (if bAlnum==1).
+**
+** For each codepoint in the zIn/nIn string, this function checks if the
+** sqlite3FtsUnicodeIsalnum() function already returns the desired result.
+** If so, no action is taken. Otherwise, the codepoint is added to the 
+** unicode_tokenizer.aiException[] array. For the purposes of tokenization,
+** the return value of sqlite3FtsUnicodeIsalnum() is inverted for all
+** codepoints in the aiException[] array.
+**
+** If a standalone diacritic mark (one that sqlite3FtsUnicodeIsdiacritic()
+** identifies as a diacritic) occurs in the zIn/nIn string it is ignored.
+** It is not possible to change the behavior of the tokenizer with respect
+** to these codepoints.
+*/
+static int unicodeAddExceptions(
+  unicode_tokenizer *p,           /* Tokenizer to add exceptions to */
+  int bAlnum,                     /* Replace Isalnum() return value with this */
+  const char *zIn,                /* Array of characters to make exceptions */
+  int nIn                         /* Length of z in bytes */
+){
+  const unsigned char *z = (const unsigned char *)zIn;
+  const unsigned char *zTerm = &z[nIn];
+  int iCode;
+  int nEntry = 0;
+
+  assert( bAlnum==0 || bAlnum==1 );
+
+  while( z<zTerm ){
+    READ_UTF8(z, zTerm, iCode);
+    assert( (sqlite3FtsUnicodeIsalnum(iCode) & 0xFFFFFFFE)==0 );
+    if( sqlite3FtsUnicodeIsalnum(iCode)!=bAlnum 
+     && sqlite3FtsUnicodeIsdiacritic(iCode)==0 
+    ){
+      nEntry++;
+    }
+  }
+
+  if( nEntry ){
+    int *aNew;                    /* New aiException[] array */
+    int nNew;                     /* Number of valid entries in array aNew[] */
+
+    aNew = sqlite3_realloc(p->aiException, (p->nException+nEntry)*sizeof(int));
+    if( aNew==0 ) return SQLITE_NOMEM;
+    nNew = p->nException;
+
+    z = (const unsigned char *)zIn;
+    while( z<zTerm ){
+      READ_UTF8(z, zTerm, iCode);
+      if( sqlite3FtsUnicodeIsalnum(iCode)!=bAlnum 
+       && sqlite3FtsUnicodeIsdiacritic(iCode)==0
+      ){
+        int i, j;
+        for(i=0; i<nNew && aNew[i]<iCode; i++);
+        for(j=nNew; j>i; j--) aNew[j] = aNew[j-1];
+        aNew[i] = iCode;
+        nNew++;
+      }
+    }
+    p->aiException = aNew;
+    p->nException = nNew;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Return true if the p->aiException[] array contains the value iCode.
+*/
+static int unicodeIsException(unicode_tokenizer *p, int iCode){
+  if( p->nException>0 ){
+    int *a = p->aiException;
+    int iLo = 0;
+    int iHi = p->nException-1;
+
+    while( iHi>=iLo ){
+      int iTest = (iHi + iLo) / 2;
+      if( iCode==a[iTest] ){
+        return 1;
+      }else if( iCode>a[iTest] ){
+        iLo = iTest+1;
+      }else{
+        iHi = iTest-1;
+      }
+    }
+  }
+
+  return 0;
+}
+
+/*
+** Return true if, for the purposes of tokenization, codepoint iCode is
+** considered a token character (not a separator).
+*/
+static int unicodeIsAlnum(unicode_tokenizer *p, int iCode){
+  assert( (sqlite3FtsUnicodeIsalnum(iCode) & 0xFFFFFFFE)==0 );
+  return sqlite3FtsUnicodeIsalnum(iCode) ^ unicodeIsException(p, iCode);
+}
+
+/*
+** Create a new tokenizer instance.
+*/
+static int unicodeCreate(
+  int nArg,                       /* Size of array argv[] */
+  const char * const *azArg,      /* Tokenizer creation arguments */
+  sqlite3_tokenizer **pp          /* OUT: New tokenizer handle */
+){
+  unicode_tokenizer *pNew;        /* New tokenizer object */
+  int i;
+  int rc = SQLITE_OK;
+
+  pNew = (unicode_tokenizer *) sqlite3_malloc(sizeof(unicode_tokenizer));
+  if( pNew==NULL ) return SQLITE_NOMEM;
+  memset(pNew, 0, sizeof(unicode_tokenizer));
+  pNew->bRemoveDiacritic = 1;
+
+  for(i=0; rc==SQLITE_OK && i<nArg; i++){
+    const char *z = azArg[i];
+    int n = (int)strlen(z);
+
+    if( n==19 && memcmp("remove_diacritics=1", z, 19)==0 ){
+      pNew->bRemoveDiacritic = 1;
+    }
+    else if( n==19 && memcmp("remove_diacritics=0", z, 19)==0 ){
+      pNew->bRemoveDiacritic = 0;
+    }
+    else if( n>=11 && memcmp("tokenchars=", z, 11)==0 ){
+      rc = unicodeAddExceptions(pNew, 1, &z[11], n-11);
+    }
+    else if( n>=11 && memcmp("separators=", z, 11)==0 ){
+      rc = unicodeAddExceptions(pNew, 0, &z[11], n-11);
+    }
+    else{
+      /* Unrecognized argument */
+      rc  = SQLITE_ERROR;
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    unicodeDestroy((sqlite3_tokenizer *)pNew);
+    pNew = 0;
+  }
+  *pp = (sqlite3_tokenizer *)pNew;
+  return rc;
+}
+
+/*
+** Prepare to begin tokenizing a particular string.  The input
+** string to be tokenized is pInput[0..nBytes-1].  A cursor
+** used to incrementally tokenize this string is returned in 
+** *ppCursor.
+*/
+static int unicodeOpen(
+  sqlite3_tokenizer *p,           /* The tokenizer */
+  const char *aInput,             /* Input string */
+  int nInput,                     /* Size of string aInput in bytes */
+  sqlite3_tokenizer_cursor **pp   /* OUT: New cursor object */
+){
+  unicode_cursor *pCsr;
+
+  pCsr = (unicode_cursor *)sqlite3_malloc(sizeof(unicode_cursor));
+  if( pCsr==0 ){
+    return SQLITE_NOMEM;
+  }
+  memset(pCsr, 0, sizeof(unicode_cursor));
+
+  pCsr->aInput = (const unsigned char *)aInput;
+  if( aInput==0 ){
+    pCsr->nInput = 0;
+  }else if( nInput<0 ){
+    pCsr->nInput = (int)strlen(aInput);
+  }else{
+    pCsr->nInput = nInput;
+  }
+
+  *pp = &pCsr->base;
+  UNUSED_PARAMETER(p);
+  return SQLITE_OK;
+}
+
+/*
+** Close a tokenization cursor previously opened by a call to
+** simpleOpen() above.
+*/
+static int unicodeClose(sqlite3_tokenizer_cursor *pCursor){
+  unicode_cursor *pCsr = (unicode_cursor *) pCursor;
+  sqlite3_free(pCsr->zToken);
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+/*
+** Extract the next token from a tokenization cursor.  The cursor must
+** have been opened by a prior call to simpleOpen().
+*/
+static int unicodeNext(
+  sqlite3_tokenizer_cursor *pC,   /* Cursor returned by simpleOpen */
+  const char **paToken,           /* OUT: Token text */
+  int *pnToken,                   /* OUT: Number of bytes at *paToken */
+  int *piStart,                   /* OUT: Starting offset of token */
+  int *piEnd,                     /* OUT: Ending offset of token */
+  int *piPos                      /* OUT: Position integer of token */
+){
+  unicode_cursor *pCsr = (unicode_cursor *)pC;
+  unicode_tokenizer *p = ((unicode_tokenizer *)pCsr->base.pTokenizer);
+  int iCode = 0;
+  char *zOut;
+  const unsigned char *z = &pCsr->aInput[pCsr->iOff];
+  const unsigned char *zStart = z;
+  const unsigned char *zEnd;
+  const unsigned char *zTerm = &pCsr->aInput[pCsr->nInput];
+
+  /* Scan past any delimiter characters before the start of the next token.
+  ** Return SQLITE_DONE early if this takes us all the way to the end of 
+  ** the input.  */
+  while( z<zTerm ){
+    READ_UTF8(z, zTerm, iCode);
+    if( unicodeIsAlnum(p, iCode) ) break;
+    zStart = z;
+  }
+  if( zStart>=zTerm ) return SQLITE_DONE;
+
+  zOut = pCsr->zToken;
+  do {
+    int iOut;
+
+    /* Grow the output buffer if required. */
+    if( (zOut-pCsr->zToken)>=(pCsr->nAlloc-4) ){
+      char *zNew = sqlite3_realloc(pCsr->zToken, pCsr->nAlloc+64);
+      if( !zNew ) return SQLITE_NOMEM;
+      zOut = &zNew[zOut - pCsr->zToken];
+      pCsr->zToken = zNew;
+      pCsr->nAlloc += 64;
+    }
+
+    /* Write the folded case of the last character read to the output */
+    zEnd = z;
+    iOut = sqlite3FtsUnicodeFold(iCode, p->bRemoveDiacritic);
+    if( iOut ){
+      WRITE_UTF8(zOut, iOut);
+    }
+
+    /* If the cursor is not at EOF, read the next character */
+    if( z>=zTerm ) break;
+    READ_UTF8(z, zTerm, iCode);
+  }while( unicodeIsAlnum(p, iCode) 
+       || sqlite3FtsUnicodeIsdiacritic(iCode)
+  );
+
+  /* Set the output variables and return. */
+  pCsr->iOff = (int)(z - pCsr->aInput);
+  *paToken = pCsr->zToken;
+  *pnToken = (int)(zOut - pCsr->zToken);
+  *piStart = (int)(zStart - pCsr->aInput);
+  *piEnd = (int)(zEnd - pCsr->aInput);
+  *piPos = pCsr->iToken++;
+  return SQLITE_OK;
+}
+
+/*
+** Set *ppModule to a pointer to the sqlite3_tokenizer_module 
+** structure for the unicode tokenizer.
+*/
+SQLITE_PRIVATE void sqlite3Fts3UnicodeTokenizer(sqlite3_tokenizer_module const **ppModule){
+  static const sqlite3_tokenizer_module module = {
+    0,
+    unicodeCreate,
+    unicodeDestroy,
+    unicodeOpen,
+    unicodeClose,
+    unicodeNext,
+    0,
+  };
+  *ppModule = &module;
+}
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+#endif /* ifndef SQLITE_DISABLE_FTS3_UNICODE */
+
+/************** End of fts3_unicode.c ****************************************/
+/************** Begin file fts3_unicode2.c ***********************************/
+/*
+** 2012 May 25
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+*/
+
+/*
+** DO NOT EDIT THIS MACHINE GENERATED FILE.
+*/
+
+#ifndef SQLITE_DISABLE_FTS3_UNICODE
+#if defined(SQLITE_ENABLE_FTS3) || defined(SQLITE_ENABLE_FTS4)
+
+/* #include <assert.h> */
+
+/*
+** Return true if the argument corresponds to a unicode codepoint
+** classified as either a letter or a number. Otherwise false.
+**
+** The results are undefined if the value passed to this function
+** is less than zero.
+*/
+SQLITE_PRIVATE int sqlite3FtsUnicodeIsalnum(int c){
+  /* Each unsigned integer in the following array corresponds to a contiguous
+  ** range of unicode codepoints that are not either letters or numbers (i.e.
+  ** codepoints for which this function should return 0).
+  **
+  ** The most significant 22 bits in each 32-bit value contain the first 
+  ** codepoint in the range. The least significant 10 bits are used to store
+  ** the size of the range (always at least 1). In other words, the value 
+  ** ((C<<22) + N) represents a range of N codepoints starting with codepoint 
+  ** C. It is not possible to represent a range larger than 1023 codepoints 
+  ** using this format.
+  */
+  static const unsigned int aEntry[] = {
+    0x00000030, 0x0000E807, 0x00016C06, 0x0001EC2F, 0x0002AC07,
+    0x0002D001, 0x0002D803, 0x0002EC01, 0x0002FC01, 0x00035C01,
+    0x0003DC01, 0x000B0804, 0x000B480E, 0x000B9407, 0x000BB401,
+    0x000BBC81, 0x000DD401, 0x000DF801, 0x000E1002, 0x000E1C01,
+    0x000FD801, 0x00120808, 0x00156806, 0x00162402, 0x00163C01,
+    0x00164437, 0x0017CC02, 0x00180005, 0x00181816, 0x00187802,
+    0x00192C15, 0x0019A804, 0x0019C001, 0x001B5001, 0x001B580F,
+    0x001B9C07, 0x001BF402, 0x001C000E, 0x001C3C01, 0x001C4401,
+    0x001CC01B, 0x001E980B, 0x001FAC09, 0x001FD804, 0x00205804,
+    0x00206C09, 0x00209403, 0x0020A405, 0x0020C00F, 0x00216403,
+    0x00217801, 0x0023901B, 0x00240004, 0x0024E803, 0x0024F812,
+    0x00254407, 0x00258804, 0x0025C001, 0x00260403, 0x0026F001,
+    0x0026F807, 0x00271C02, 0x00272C03, 0x00275C01, 0x00278802,
+    0x0027C802, 0x0027E802, 0x00280403, 0x0028F001, 0x0028F805,
+    0x00291C02, 0x00292C03, 0x00294401, 0x0029C002, 0x0029D401,
+    0x002A0403, 0x002AF001, 0x002AF808, 0x002B1C03, 0x002B2C03,
+    0x002B8802, 0x002BC002, 0x002C0403, 0x002CF001, 0x002CF807,
+    0x002D1C02, 0x002D2C03, 0x002D5802, 0x002D8802, 0x002DC001,
+    0x002E0801, 0x002EF805, 0x002F1803, 0x002F2804, 0x002F5C01,
+    0x002FCC08, 0x00300403, 0x0030F807, 0x00311803, 0x00312804,
+    0x00315402, 0x00318802, 0x0031FC01, 0x00320802, 0x0032F001,
+    0x0032F807, 0x00331803, 0x00332804, 0x00335402, 0x00338802,
+    0x00340802, 0x0034F807, 0x00351803, 0x00352804, 0x00355C01,
+    0x00358802, 0x0035E401, 0x00360802, 0x00372801, 0x00373C06,
+    0x00375801, 0x00376008, 0x0037C803, 0x0038C401, 0x0038D007,
+    0x0038FC01, 0x00391C09, 0x00396802, 0x003AC401, 0x003AD006,
+    0x003AEC02, 0x003B2006, 0x003C041F, 0x003CD00C, 0x003DC417,
+    0x003E340B, 0x003E6424, 0x003EF80F, 0x003F380D, 0x0040AC14,
+    0x00412806, 0x00415804, 0x00417803, 0x00418803, 0x00419C07,
+    0x0041C404, 0x0042080C, 0x00423C01, 0x00426806, 0x0043EC01,
+    0x004D740C, 0x004E400A, 0x00500001, 0x0059B402, 0x005A0001,
+    0x005A6C02, 0x005BAC03, 0x005C4803, 0x005CC805, 0x005D4802,
+    0x005DC802, 0x005ED023, 0x005F6004, 0x005F7401, 0x0060000F,
+    0x0062A401, 0x0064800C, 0x0064C00C, 0x00650001, 0x00651002,
+    0x0066C011, 0x00672002, 0x00677822, 0x00685C05, 0x00687802,
+    0x0069540A, 0x0069801D, 0x0069FC01, 0x006A8007, 0x006AA006,
+    0x006C0005, 0x006CD011, 0x006D6823, 0x006E0003, 0x006E840D,
+    0x006F980E, 0x006FF004, 0x00709014, 0x0070EC05, 0x0071F802,
+    0x00730008, 0x00734019, 0x0073B401, 0x0073C803, 0x00770027,
+    0x0077F004, 0x007EF401, 0x007EFC03, 0x007F3403, 0x007F7403,
+    0x007FB403, 0x007FF402, 0x00800065, 0x0081A806, 0x0081E805,
+    0x00822805, 0x0082801A, 0x00834021, 0x00840002, 0x00840C04,
+    0x00842002, 0x00845001, 0x00845803, 0x00847806, 0x00849401,
+    0x00849C01, 0x0084A401, 0x0084B801, 0x0084E802, 0x00850005,
+    0x00852804, 0x00853C01, 0x00864264, 0x00900027, 0x0091000B,
+    0x0092704E, 0x00940200, 0x009C0475, 0x009E53B9, 0x00AD400A,
+    0x00B39406, 0x00B3BC03, 0x00B3E404, 0x00B3F802, 0x00B5C001,
+    0x00B5FC01, 0x00B7804F, 0x00B8C00C, 0x00BA001A, 0x00BA6C59,
+    0x00BC00D6, 0x00BFC00C, 0x00C00005, 0x00C02019, 0x00C0A807,
+    0x00C0D802, 0x00C0F403, 0x00C26404, 0x00C28001, 0x00C3EC01,
+    0x00C64002, 0x00C6580A, 0x00C70024, 0x00C8001F, 0x00C8A81E,
+    0x00C94001, 0x00C98020, 0x00CA2827, 0x00CB003F, 0x00CC0100,
+    0x01370040, 0x02924037, 0x0293F802, 0x02983403, 0x0299BC10,
+    0x029A7C01, 0x029BC008, 0x029C0017, 0x029C8002, 0x029E2402,
+    0x02A00801, 0x02A01801, 0x02A02C01, 0x02A08C09, 0x02A0D804,
+    0x02A1D004, 0x02A20002, 0x02A2D011, 0x02A33802, 0x02A38012,
+    0x02A3E003, 0x02A4980A, 0x02A51C0D, 0x02A57C01, 0x02A60004,
+    0x02A6CC1B, 0x02A77802, 0x02A8A40E, 0x02A90C01, 0x02A93002,
+    0x02A97004, 0x02A9DC03, 0x02A9EC01, 0x02AAC001, 0x02AAC803,
+    0x02AADC02, 0x02AAF802, 0x02AB0401, 0x02AB7802, 0x02ABAC07,
+    0x02ABD402, 0x02AF8C0B, 0x03600001, 0x036DFC02, 0x036FFC02,
+    0x037FFC01, 0x03EC7801, 0x03ECA401, 0x03EEC810, 0x03F4F802,
+    0x03F7F002, 0x03F8001A, 0x03F88007, 0x03F8C023, 0x03F95013,
+    0x03F9A004, 0x03FBFC01, 0x03FC040F, 0x03FC6807, 0x03FCEC06,
+    0x03FD6C0B, 0x03FF8007, 0x03FFA007, 0x03FFE405, 0x04040003,
+    0x0404DC09, 0x0405E411, 0x0406400C, 0x0407402E, 0x040E7C01,
+    0x040F4001, 0x04215C01, 0x04247C01, 0x0424FC01, 0x04280403,
+    0x04281402, 0x04283004, 0x0428E003, 0x0428FC01, 0x04294009,
+    0x0429FC01, 0x042CE407, 0x04400003, 0x0440E016, 0x04420003,
+    0x0442C012, 0x04440003, 0x04449C0E, 0x04450004, 0x04460003,
+    0x0446CC0E, 0x04471404, 0x045AAC0D, 0x0491C004, 0x05BD442E,
+    0x05BE3C04, 0x074000F6, 0x07440027, 0x0744A4B5, 0x07480046,
+    0x074C0057, 0x075B0401, 0x075B6C01, 0x075BEC01, 0x075C5401,
+    0x075CD401, 0x075D3C01, 0x075DBC01, 0x075E2401, 0x075EA401,
+    0x075F0C01, 0x07BBC002, 0x07C0002C, 0x07C0C064, 0x07C2800F,
+    0x07C2C40E, 0x07C3040F, 0x07C3440F, 0x07C4401F, 0x07C4C03C,
+    0x07C5C02B, 0x07C7981D, 0x07C8402B, 0x07C90009, 0x07C94002,
+    0x07CC0021, 0x07CCC006, 0x07CCDC46, 0x07CE0014, 0x07CE8025,
+    0x07CF1805, 0x07CF8011, 0x07D0003F, 0x07D10001, 0x07D108B6,
+    0x07D3E404, 0x07D4003E, 0x07D50004, 0x07D54018, 0x07D7EC46,
+    0x07D9140B, 0x07DA0046, 0x07DC0074, 0x38000401, 0x38008060,
+    0x380400F0,
+  };
+  static const unsigned int aAscii[4] = {
+    0xFFFFFFFF, 0xFC00FFFF, 0xF8000001, 0xF8000001,
+  };
+
+  if( c<128 ){
+    return ( (aAscii[c >> 5] & (1 << (c & 0x001F)))==0 );
+  }else if( c<(1<<22) ){
+    unsigned int key = (((unsigned int)c)<<10) | 0x000003FF;
+    int iRes = 0;
+    int iHi = sizeof(aEntry)/sizeof(aEntry[0]) - 1;
+    int iLo = 0;
+    while( iHi>=iLo ){
+      int iTest = (iHi + iLo) / 2;
+      if( key >= aEntry[iTest] ){
+        iRes = iTest;
+        iLo = iTest+1;
+      }else{
+        iHi = iTest-1;
+      }
+    }
+    assert( aEntry[0]<key );
+    assert( key>=aEntry[iRes] );
+    return (((unsigned int)c) >= ((aEntry[iRes]>>10) + (aEntry[iRes]&0x3FF)));
+  }
+  return 1;
+}
+
+
+/*
+** If the argument is a codepoint corresponding to a lowercase letter
+** in the ASCII range with a diacritic added, return the codepoint
+** of the ASCII letter only. For example, if passed 235 - "LATIN
+** SMALL LETTER E WITH DIAERESIS" - return 65 ("LATIN SMALL LETTER
+** E"). The resuls of passing a codepoint that corresponds to an
+** uppercase letter are undefined.
+*/
+static int remove_diacritic(int c){
+  unsigned short aDia[] = {
+        0,  1797,  1848,  1859,  1891,  1928,  1940,  1995, 
+     2024,  2040,  2060,  2110,  2168,  2206,  2264,  2286, 
+     2344,  2383,  2472,  2488,  2516,  2596,  2668,  2732, 
+     2782,  2842,  2894,  2954,  2984,  3000,  3028,  3336, 
+     3456,  3696,  3712,  3728,  3744,  3896,  3912,  3928, 
+     3968,  4008,  4040,  4106,  4138,  4170,  4202,  4234, 
+     4266,  4296,  4312,  4344,  4408,  4424,  4472,  4504, 
+     6148,  6198,  6264,  6280,  6360,  6429,  6505,  6529, 
+    61448, 61468, 61534, 61592, 61642, 61688, 61704, 61726, 
+    61784, 61800, 61836, 61880, 61914, 61948, 61998, 62122, 
+    62154, 62200, 62218, 62302, 62364, 62442, 62478, 62536, 
+    62554, 62584, 62604, 62640, 62648, 62656, 62664, 62730, 
+    62924, 63050, 63082, 63274, 63390, 
+  };
+  char aChar[] = {
+    '\0', 'a',  'c',  'e',  'i',  'n',  'o',  'u',  'y',  'y',  'a',  'c',  
+    'd',  'e',  'e',  'g',  'h',  'i',  'j',  'k',  'l',  'n',  'o',  'r',  
+    's',  't',  'u',  'u',  'w',  'y',  'z',  'o',  'u',  'a',  'i',  'o',  
+    'u',  'g',  'k',  'o',  'j',  'g',  'n',  'a',  'e',  'i',  'o',  'r',  
+    'u',  's',  't',  'h',  'a',  'e',  'o',  'y',  '\0', '\0', '\0', '\0', 
+    '\0', '\0', '\0', '\0', 'a',  'b',  'd',  'd',  'e',  'f',  'g',  'h',  
+    'h',  'i',  'k',  'l',  'l',  'm',  'n',  'p',  'r',  'r',  's',  't',  
+    'u',  'v',  'w',  'w',  'x',  'y',  'z',  'h',  't',  'w',  'y',  'a',  
+    'e',  'i',  'o',  'u',  'y',  
+  };
+
+  unsigned int key = (((unsigned int)c)<<3) | 0x00000007;
+  int iRes = 0;
+  int iHi = sizeof(aDia)/sizeof(aDia[0]) - 1;
+  int iLo = 0;
+  while( iHi>=iLo ){
+    int iTest = (iHi + iLo) / 2;
+    if( key >= aDia[iTest] ){
+      iRes = iTest;
+      iLo = iTest+1;
+    }else{
+      iHi = iTest-1;
+    }
+  }
+  assert( key>=aDia[iRes] );
+  return ((c > (aDia[iRes]>>3) + (aDia[iRes]&0x07)) ? c : (int)aChar[iRes]);
+}
+
+
+/*
+** Return true if the argument interpreted as a unicode codepoint
+** is a diacritical modifier character.
+*/
+SQLITE_PRIVATE int sqlite3FtsUnicodeIsdiacritic(int c){
+  unsigned int mask0 = 0x08029FDF;
+  unsigned int mask1 = 0x000361F8;
+  if( c<768 || c>817 ) return 0;
+  return (c < 768+32) ?
+      (mask0 & (1 << (c-768))) :
+      (mask1 & (1 << (c-768-32)));
+}
+
+
+/*
+** Interpret the argument as a unicode codepoint. If the codepoint
+** is an upper case character that has a lower case equivalent,
+** return the codepoint corresponding to the lower case version.
+** Otherwise, return a copy of the argument.
+**
+** The results are undefined if the value passed to this function
+** is less than zero.
+*/
+SQLITE_PRIVATE int sqlite3FtsUnicodeFold(int c, int bRemoveDiacritic){
+  /* Each entry in the following array defines a rule for folding a range
+  ** of codepoints to lower case. The rule applies to a range of nRange
+  ** codepoints starting at codepoint iCode.
+  **
+  ** If the least significant bit in flags is clear, then the rule applies
+  ** to all nRange codepoints (i.e. all nRange codepoints are upper case and
+  ** need to be folded). Or, if it is set, then the rule only applies to
+  ** every second codepoint in the range, starting with codepoint C.
+  **
+  ** The 7 most significant bits in flags are an index into the aiOff[]
+  ** array. If a specific codepoint C does require folding, then its lower
+  ** case equivalent is ((C + aiOff[flags>>1]) & 0xFFFF).
+  **
+  ** The contents of this array are generated by parsing the CaseFolding.txt
+  ** file distributed as part of the "Unicode Character Database". See
+  ** http://www.unicode.org for details.
+  */
+  static const struct TableEntry {
+    unsigned short iCode;
+    unsigned char flags;
+    unsigned char nRange;
+  } aEntry[] = {
+    {65, 14, 26},          {181, 64, 1},          {192, 14, 23},
+    {216, 14, 7},          {256, 1, 48},          {306, 1, 6},
+    {313, 1, 16},          {330, 1, 46},          {376, 116, 1},
+    {377, 1, 6},           {383, 104, 1},         {385, 50, 1},
+    {386, 1, 4},           {390, 44, 1},          {391, 0, 1},
+    {393, 42, 2},          {395, 0, 1},           {398, 32, 1},
+    {399, 38, 1},          {400, 40, 1},          {401, 0, 1},
+    {403, 42, 1},          {404, 46, 1},          {406, 52, 1},
+    {407, 48, 1},          {408, 0, 1},           {412, 52, 1},
+    {413, 54, 1},          {415, 56, 1},          {416, 1, 6},
+    {422, 60, 1},          {423, 0, 1},           {425, 60, 1},
+    {428, 0, 1},           {430, 60, 1},          {431, 0, 1},
+    {433, 58, 2},          {435, 1, 4},           {439, 62, 1},
+    {440, 0, 1},           {444, 0, 1},           {452, 2, 1},
+    {453, 0, 1},           {455, 2, 1},           {456, 0, 1},
+    {458, 2, 1},           {459, 1, 18},          {478, 1, 18},
+    {497, 2, 1},           {498, 1, 4},           {502, 122, 1},
+    {503, 134, 1},         {504, 1, 40},          {544, 110, 1},
+    {546, 1, 18},          {570, 70, 1},          {571, 0, 1},
+    {573, 108, 1},         {574, 68, 1},          {577, 0, 1},
+    {579, 106, 1},         {580, 28, 1},          {581, 30, 1},
+    {582, 1, 10},          {837, 36, 1},          {880, 1, 4},
+    {886, 0, 1},           {902, 18, 1},          {904, 16, 3},
+    {908, 26, 1},          {910, 24, 2},          {913, 14, 17},
+    {931, 14, 9},          {962, 0, 1},           {975, 4, 1},
+    {976, 140, 1},         {977, 142, 1},         {981, 146, 1},
+    {982, 144, 1},         {984, 1, 24},          {1008, 136, 1},
+    {1009, 138, 1},        {1012, 130, 1},        {1013, 128, 1},
+    {1015, 0, 1},          {1017, 152, 1},        {1018, 0, 1},
+    {1021, 110, 3},        {1024, 34, 16},        {1040, 14, 32},
+    {1120, 1, 34},         {1162, 1, 54},         {1216, 6, 1},
+    {1217, 1, 14},         {1232, 1, 88},         {1329, 22, 38},
+    {4256, 66, 38},        {4295, 66, 1},         {4301, 66, 1},
+    {7680, 1, 150},        {7835, 132, 1},        {7838, 96, 1},
+    {7840, 1, 96},         {7944, 150, 8},        {7960, 150, 6},
+    {7976, 150, 8},        {7992, 150, 8},        {8008, 150, 6},
+    {8025, 151, 8},        {8040, 150, 8},        {8072, 150, 8},
+    {8088, 150, 8},        {8104, 150, 8},        {8120, 150, 2},
+    {8122, 126, 2},        {8124, 148, 1},        {8126, 100, 1},
+    {8136, 124, 4},        {8140, 148, 1},        {8152, 150, 2},
+    {8154, 120, 2},        {8168, 150, 2},        {8170, 118, 2},
+    {8172, 152, 1},        {8184, 112, 2},        {8186, 114, 2},
+    {8188, 148, 1},        {8486, 98, 1},         {8490, 92, 1},
+    {8491, 94, 1},         {8498, 12, 1},         {8544, 8, 16},
+    {8579, 0, 1},          {9398, 10, 26},        {11264, 22, 47},
+    {11360, 0, 1},         {11362, 88, 1},        {11363, 102, 1},
+    {11364, 90, 1},        {11367, 1, 6},         {11373, 84, 1},
+    {11374, 86, 1},        {11375, 80, 1},        {11376, 82, 1},
+    {11378, 0, 1},         {11381, 0, 1},         {11390, 78, 2},
+    {11392, 1, 100},       {11499, 1, 4},         {11506, 0, 1},
+    {42560, 1, 46},        {42624, 1, 24},        {42786, 1, 14},
+    {42802, 1, 62},        {42873, 1, 4},         {42877, 76, 1},
+    {42878, 1, 10},        {42891, 0, 1},         {42893, 74, 1},
+    {42896, 1, 4},         {42912, 1, 10},        {42922, 72, 1},
+    {65313, 14, 26},       
+  };
+  static const unsigned short aiOff[] = {
+   1,     2,     8,     15,    16,    26,    28,    32,    
+   37,    38,    40,    48,    63,    64,    69,    71,    
+   79,    80,    116,   202,   203,   205,   206,   207,   
+   209,   210,   211,   213,   214,   217,   218,   219,   
+   775,   7264,  10792, 10795, 23228, 23256, 30204, 54721, 
+   54753, 54754, 54756, 54787, 54793, 54809, 57153, 57274, 
+   57921, 58019, 58363, 61722, 65268, 65341, 65373, 65406, 
+   65408, 65410, 65415, 65424, 65436, 65439, 65450, 65462, 
+   65472, 65476, 65478, 65480, 65482, 65488, 65506, 65511, 
+   65514, 65521, 65527, 65528, 65529, 
+  };
+
+  int ret = c;
+
+  assert( c>=0 );
+  assert( sizeof(unsigned short)==2 && sizeof(unsigned char)==1 );
+
+  if( c<128 ){
+    if( c>='A' && c<='Z' ) ret = c + ('a' - 'A');
+  }else if( c<65536 ){
+    int iHi = sizeof(aEntry)/sizeof(aEntry[0]) - 1;
+    int iLo = 0;
+    int iRes = -1;
+
+    while( iHi>=iLo ){
+      int iTest = (iHi + iLo) / 2;
+      int cmp = (c - aEntry[iTest].iCode);
+      if( cmp>=0 ){
+        iRes = iTest;
+        iLo = iTest+1;
+      }else{
+        iHi = iTest-1;
+      }
+    }
+    assert( iRes<0 || c>=aEntry[iRes].iCode );
+
+    if( iRes>=0 ){
+      const struct TableEntry *p = &aEntry[iRes];
+      if( c<(p->iCode + p->nRange) && 0==(0x01 & p->flags & (p->iCode ^ c)) ){
+        ret = (c + (aiOff[p->flags>>1])) & 0x0000FFFF;
+        assert( ret>0 );
+      }
+    }
+
+    if( bRemoveDiacritic ) ret = remove_diacritic(ret);
+  }
+  
+  else if( c>=66560 && c<66600 ){
+    ret = c + 40;
+  }
+
+  return ret;
+}
+#endif /* defined(SQLITE_ENABLE_FTS3) || defined(SQLITE_ENABLE_FTS4) */
+#endif /* !defined(SQLITE_DISABLE_FTS3_UNICODE) */
+
+/************** End of fts3_unicode2.c ***************************************/
+/************** Begin file rtree.c *******************************************/
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file contains code for implementations of the r-tree and r*-tree
+** algorithms packaged as an SQLite virtual table module.
+*/
+
+/*
+** Database Format of R-Tree Tables
+** --------------------------------
+**
+** The data structure for a single virtual r-tree table is stored in three 
+** native SQLite tables declared as follows. In each case, the '%' character
+** in the table name is replaced with the user-supplied name of the r-tree
+** table.
+**
+**   CREATE TABLE %_node(nodeno INTEGER PRIMARY KEY, data BLOB)
+**   CREATE TABLE %_parent(nodeno INTEGER PRIMARY KEY, parentnode INTEGER)
+**   CREATE TABLE %_rowid(rowid INTEGER PRIMARY KEY, nodeno INTEGER)
+**
+** The data for each node of the r-tree structure is stored in the %_node
+** table. For each node that is not the root node of the r-tree, there is
+** an entry in the %_parent table associating the node with its parent.
+** And for each row of data in the table, there is an entry in the %_rowid
+** table that maps from the entries rowid to the id of the node that it
+** is stored on.
+**
+** The root node of an r-tree always exists, even if the r-tree table is
+** empty. The nodeno of the root node is always 1. All other nodes in the
+** table must be the same size as the root node. The content of each node
+** is formatted as follows:
+**
+**   1. If the node is the root node (node 1), then the first 2 bytes
+**      of the node contain the tree depth as a big-endian integer.
+**      For non-root nodes, the first 2 bytes are left unused.
+**
+**   2. The next 2 bytes contain the number of entries currently 
+**      stored in the node.
+**
+**   3. The remainder of the node contains the node entries. Each entry
+**      consists of a single 8-byte integer followed by an even number
+**      of 4-byte coordinates. For leaf nodes the integer is the rowid
+**      of a record. For internal nodes it is the node number of a
+**      child page.
+*/
+
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_RTREE)
+
+#ifndef SQLITE_CORE
+/*   #include "sqlite3ext.h" */
+  SQLITE_EXTENSION_INIT1
+#else
+/*   #include "sqlite3.h" */
+#endif
+
+/* #include <string.h> */
+/* #include <assert.h> */
+/* #include <stdio.h> */
+
+#ifndef SQLITE_AMALGAMATION
+#include "sqlite3rtree.h"
+typedef sqlite3_int64 i64;
+typedef unsigned char u8;
+typedef unsigned short u16;
+typedef unsigned int u32;
+#endif
+
+/*  The following macro is used to suppress compiler warnings.
+*/
+#ifndef UNUSED_PARAMETER
+# define UNUSED_PARAMETER(x) (void)(x)
+#endif
+
+typedef struct Rtree Rtree;
+typedef struct RtreeCursor RtreeCursor;
+typedef struct RtreeNode RtreeNode;
+typedef struct RtreeCell RtreeCell;
+typedef struct RtreeConstraint RtreeConstraint;
+typedef struct RtreeMatchArg RtreeMatchArg;
+typedef struct RtreeGeomCallback RtreeGeomCallback;
+typedef union RtreeCoord RtreeCoord;
+typedef struct RtreeSearchPoint RtreeSearchPoint;
+
+/* The rtree may have between 1 and RTREE_MAX_DIMENSIONS dimensions. */
+#define RTREE_MAX_DIMENSIONS 5
+
+/* Size of hash table Rtree.aHash. This hash table is not expected to
+** ever contain very many entries, so a fixed number of buckets is 
+** used.
+*/
+#define HASHSIZE 97
+
+/* The xBestIndex method of this virtual table requires an estimate of
+** the number of rows in the virtual table to calculate the costs of
+** various strategies. If possible, this estimate is loaded from the
+** sqlite_stat1 table (with RTREE_MIN_ROWEST as a hard-coded minimum).
+** Otherwise, if no sqlite_stat1 entry is available, use 
+** RTREE_DEFAULT_ROWEST.
+*/
+#define RTREE_DEFAULT_ROWEST 1048576
+#define RTREE_MIN_ROWEST         100
+
+/* 
+** An rtree virtual-table object.
+*/
+struct Rtree {
+  sqlite3_vtab base;          /* Base class.  Must be first */
+  sqlite3 *db;                /* Host database connection */
+  int iNodeSize;              /* Size in bytes of each node in the node table */
+  u8 nDim;                    /* Number of dimensions */
+  u8 eCoordType;              /* RTREE_COORD_REAL32 or RTREE_COORD_INT32 */
+  u8 nBytesPerCell;           /* Bytes consumed per cell */
+  int iDepth;                 /* Current depth of the r-tree structure */
+  char *zDb;                  /* Name of database containing r-tree table */
+  char *zName;                /* Name of r-tree table */ 
+  int nBusy;                  /* Current number of users of this structure */
+  i64 nRowEst;                /* Estimated number of rows in this table */
+
+  /* List of nodes removed during a CondenseTree operation. List is
+  ** linked together via the pointer normally used for hash chains -
+  ** RtreeNode.pNext. RtreeNode.iNode stores the depth of the sub-tree 
+  ** headed by the node (leaf nodes have RtreeNode.iNode==0).
+  */
+  RtreeNode *pDeleted;
+  int iReinsertHeight;        /* Height of sub-trees Reinsert() has run on */
+
+  /* Statements to read/write/delete a record from xxx_node */
+  sqlite3_stmt *pReadNode;
+  sqlite3_stmt *pWriteNode;
+  sqlite3_stmt *pDeleteNode;
+
+  /* Statements to read/write/delete a record from xxx_rowid */
+  sqlite3_stmt *pReadRowid;
+  sqlite3_stmt *pWriteRowid;
+  sqlite3_stmt *pDeleteRowid;
+
+  /* Statements to read/write/delete a record from xxx_parent */
+  sqlite3_stmt *pReadParent;
+  sqlite3_stmt *pWriteParent;
+  sqlite3_stmt *pDeleteParent;
+
+  RtreeNode *aHash[HASHSIZE]; /* Hash table of in-memory nodes. */ 
+};
+
+/* Possible values for Rtree.eCoordType: */
+#define RTREE_COORD_REAL32 0
+#define RTREE_COORD_INT32  1
+
+/*
+** If SQLITE_RTREE_INT_ONLY is defined, then this virtual table will
+** only deal with integer coordinates.  No floating point operations
+** will be done.
+*/
+#ifdef SQLITE_RTREE_INT_ONLY
+  typedef sqlite3_int64 RtreeDValue;       /* High accuracy coordinate */
+  typedef int RtreeValue;                  /* Low accuracy coordinate */
+# define RTREE_ZERO 0
+#else
+  typedef double RtreeDValue;              /* High accuracy coordinate */
+  typedef float RtreeValue;                /* Low accuracy coordinate */
+# define RTREE_ZERO 0.0
+#endif
+
+/*
+** When doing a search of an r-tree, instances of the following structure
+** record intermediate results from the tree walk.
+**
+** The id is always a node-id.  For iLevel>=1 the id is the node-id of
+** the node that the RtreeSearchPoint represents.  When iLevel==0, however,
+** the id is of the parent node and the cell that RtreeSearchPoint
+** represents is the iCell-th entry in the parent node.
+*/
+struct RtreeSearchPoint {
+  RtreeDValue rScore;    /* The score for this node.  Smallest goes first. */
+  sqlite3_int64 id;      /* Node ID */
+  u8 iLevel;             /* 0=entries.  1=leaf node.  2+ for higher */
+  u8 eWithin;            /* PARTLY_WITHIN or FULLY_WITHIN */
+  u8 iCell;              /* Cell index within the node */
+};
+
+/*
+** The minimum number of cells allowed for a node is a third of the 
+** maximum. In Gutman's notation:
+**
+**     m = M/3
+**
+** If an R*-tree "Reinsert" operation is required, the same number of
+** cells are removed from the overfull node and reinserted into the tree.
+*/
+#define RTREE_MINCELLS(p) ((((p)->iNodeSize-4)/(p)->nBytesPerCell)/3)
+#define RTREE_REINSERT(p) RTREE_MINCELLS(p)
+#define RTREE_MAXCELLS 51
+
+/*
+** The smallest possible node-size is (512-64)==448 bytes. And the largest
+** supported cell size is 48 bytes (8 byte rowid + ten 4 byte coordinates).
+** Therefore all non-root nodes must contain at least 3 entries. Since 
+** 2^40 is greater than 2^64, an r-tree structure always has a depth of
+** 40 or less.
+*/
+#define RTREE_MAX_DEPTH 40
+
+
+/*
+** Number of entries in the cursor RtreeNode cache.  The first entry is
+** used to cache the RtreeNode for RtreeCursor.sPoint.  The remaining
+** entries cache the RtreeNode for the first elements of the priority queue.
+*/
+#define RTREE_CACHE_SZ  5
+
+/* 
+** An rtree cursor object.
+*/
+struct RtreeCursor {
+  sqlite3_vtab_cursor base;         /* Base class.  Must be first */
+  u8 atEOF;                         /* True if at end of search */
+  u8 bPoint;                        /* True if sPoint is valid */
+  int iStrategy;                    /* Copy of idxNum search parameter */
+  int nConstraint;                  /* Number of entries in aConstraint */
+  RtreeConstraint *aConstraint;     /* Search constraints. */
+  int nPointAlloc;                  /* Number of slots allocated for aPoint[] */
+  int nPoint;                       /* Number of slots used in aPoint[] */
+  int mxLevel;                      /* iLevel value for root of the tree */
+  RtreeSearchPoint *aPoint;         /* Priority queue for search points */
+  RtreeSearchPoint sPoint;          /* Cached next search point */
+  RtreeNode *aNode[RTREE_CACHE_SZ]; /* Rtree node cache */
+  u32 anQueue[RTREE_MAX_DEPTH+1];   /* Number of queued entries by iLevel */
+};
+
+/* Return the Rtree of a RtreeCursor */
+#define RTREE_OF_CURSOR(X)   ((Rtree*)((X)->base.pVtab))
+
+/*
+** A coordinate can be either a floating point number or a integer.  All
+** coordinates within a single R-Tree are always of the same time.
+*/
+union RtreeCoord {
+  RtreeValue f;      /* Floating point value */
+  int i;             /* Integer value */
+  u32 u;             /* Unsigned for byte-order conversions */
+};
+
+/*
+** The argument is an RtreeCoord. Return the value stored within the RtreeCoord
+** formatted as a RtreeDValue (double or int64). This macro assumes that local
+** variable pRtree points to the Rtree structure associated with the
+** RtreeCoord.
+*/
+#ifdef SQLITE_RTREE_INT_ONLY
+# define DCOORD(coord) ((RtreeDValue)coord.i)
+#else
+# define DCOORD(coord) (                           \
+    (pRtree->eCoordType==RTREE_COORD_REAL32) ?      \
+      ((double)coord.f) :                           \
+      ((double)coord.i)                             \
+  )
+#endif
+
+/*
+** A search constraint.
+*/
+struct RtreeConstraint {
+  int iCoord;                     /* Index of constrained coordinate */
+  int op;                         /* Constraining operation */
+  union {
+    RtreeDValue rValue;             /* Constraint value. */
+    int (*xGeom)(sqlite3_rtree_geometry*,int,RtreeDValue*,int*);
+    int (*xQueryFunc)(sqlite3_rtree_query_info*);
+  } u;
+  sqlite3_rtree_query_info *pInfo;  /* xGeom and xQueryFunc argument */
+};
+
+/* Possible values for RtreeConstraint.op */
+#define RTREE_EQ    0x41  /* A */
+#define RTREE_LE    0x42  /* B */
+#define RTREE_LT    0x43  /* C */
+#define RTREE_GE    0x44  /* D */
+#define RTREE_GT    0x45  /* E */
+#define RTREE_MATCH 0x46  /* F: Old-style sqlite3_rtree_geometry_callback() */
+#define RTREE_QUERY 0x47  /* G: New-style sqlite3_rtree_query_callback() */
+
+
+/* 
+** An rtree structure node.
+*/
+struct RtreeNode {
+  RtreeNode *pParent;         /* Parent node */
+  i64 iNode;                  /* The node number */
+  int nRef;                   /* Number of references to this node */
+  int isDirty;                /* True if the node needs to be written to disk */
+  u8 *zData;                  /* Content of the node, as should be on disk */
+  RtreeNode *pNext;           /* Next node in this hash collision chain */
+};
+
+/* Return the number of cells in a node  */
+#define NCELL(pNode) readInt16(&(pNode)->zData[2])
+
+/* 
+** A single cell from a node, deserialized
+*/
+struct RtreeCell {
+  i64 iRowid;                                 /* Node or entry ID */
+  RtreeCoord aCoord[RTREE_MAX_DIMENSIONS*2];  /* Bounding box coordinates */
+};
+
+
+/*
+** This object becomes the sqlite3_user_data() for the SQL functions
+** that are created by sqlite3_rtree_geometry_callback() and
+** sqlite3_rtree_query_callback() and which appear on the right of MATCH
+** operators in order to constrain a search.
+**
+** xGeom and xQueryFunc are the callback functions.  Exactly one of 
+** xGeom and xQueryFunc fields is non-NULL, depending on whether the
+** SQL function was created using sqlite3_rtree_geometry_callback() or
+** sqlite3_rtree_query_callback().
+** 
+** This object is deleted automatically by the destructor mechanism in
+** sqlite3_create_function_v2().
+*/
+struct RtreeGeomCallback {
+  int (*xGeom)(sqlite3_rtree_geometry*, int, RtreeDValue*, int*);
+  int (*xQueryFunc)(sqlite3_rtree_query_info*);
+  void (*xDestructor)(void*);
+  void *pContext;
+};
+
+
+/*
+** Value for the first field of every RtreeMatchArg object. The MATCH
+** operator tests that the first field of a blob operand matches this
+** value to avoid operating on invalid blobs (which could cause a segfault).
+*/
+#define RTREE_GEOMETRY_MAGIC 0x891245AB
+
+/*
+** An instance of this structure (in the form of a BLOB) is returned by
+** the SQL functions that sqlite3_rtree_geometry_callback() and
+** sqlite3_rtree_query_callback() create, and is read as the right-hand
+** operand to the MATCH operator of an R-Tree.
+*/
+struct RtreeMatchArg {
+  u32 magic;                  /* Always RTREE_GEOMETRY_MAGIC */
+  RtreeGeomCallback cb;       /* Info about the callback functions */
+  int nParam;                 /* Number of parameters to the SQL function */
+  sqlite3_value **apSqlParam; /* Original SQL parameter values */
+  RtreeDValue aParam[1];      /* Values for parameters to the SQL function */
+};
+
+#ifndef MAX
+# define MAX(x,y) ((x) < (y) ? (y) : (x))
+#endif
+#ifndef MIN
+# define MIN(x,y) ((x) > (y) ? (y) : (x))
+#endif
+
+/*
+** Functions to deserialize a 16 bit integer, 32 bit real number and
+** 64 bit integer. The deserialized value is returned.
+*/
+static int readInt16(u8 *p){
+  return (p[0]<<8) + p[1];
+}
+static void readCoord(u8 *p, RtreeCoord *pCoord){
+  pCoord->u = (
+    (((u32)p[0]) << 24) + 
+    (((u32)p[1]) << 16) + 
+    (((u32)p[2]) <<  8) + 
+    (((u32)p[3]) <<  0)
+  );
+}
+static i64 readInt64(u8 *p){
+  return (
+    (((i64)p[0]) << 56) + 
+    (((i64)p[1]) << 48) + 
+    (((i64)p[2]) << 40) + 
+    (((i64)p[3]) << 32) + 
+    (((i64)p[4]) << 24) + 
+    (((i64)p[5]) << 16) + 
+    (((i64)p[6]) <<  8) + 
+    (((i64)p[7]) <<  0)
+  );
+}
+
+/*
+** Functions to serialize a 16 bit integer, 32 bit real number and
+** 64 bit integer. The value returned is the number of bytes written
+** to the argument buffer (always 2, 4 and 8 respectively).
+*/
+static int writeInt16(u8 *p, int i){
+  p[0] = (i>> 8)&0xFF;
+  p[1] = (i>> 0)&0xFF;
+  return 2;
+}
+static int writeCoord(u8 *p, RtreeCoord *pCoord){
+  u32 i;
+  assert( sizeof(RtreeCoord)==4 );
+  assert( sizeof(u32)==4 );
+  i = pCoord->u;
+  p[0] = (i>>24)&0xFF;
+  p[1] = (i>>16)&0xFF;
+  p[2] = (i>> 8)&0xFF;
+  p[3] = (i>> 0)&0xFF;
+  return 4;
+}
+static int writeInt64(u8 *p, i64 i){
+  p[0] = (i>>56)&0xFF;
+  p[1] = (i>>48)&0xFF;
+  p[2] = (i>>40)&0xFF;
+  p[3] = (i>>32)&0xFF;
+  p[4] = (i>>24)&0xFF;
+  p[5] = (i>>16)&0xFF;
+  p[6] = (i>> 8)&0xFF;
+  p[7] = (i>> 0)&0xFF;
+  return 8;
+}
+
+/*
+** Increment the reference count of node p.
+*/
+static void nodeReference(RtreeNode *p){
+  if( p ){
+    p->nRef++;
+  }
+}
+
+/*
+** Clear the content of node p (set all bytes to 0x00).
+*/
+static void nodeZero(Rtree *pRtree, RtreeNode *p){
+  memset(&p->zData[2], 0, pRtree->iNodeSize-2);
+  p->isDirty = 1;
+}
+
+/*
+** Given a node number iNode, return the corresponding key to use
+** in the Rtree.aHash table.
+*/
+static int nodeHash(i64 iNode){
+  return iNode % HASHSIZE;
+}
+
+/*
+** Search the node hash table for node iNode. If found, return a pointer
+** to it. Otherwise, return 0.
+*/
+static RtreeNode *nodeHashLookup(Rtree *pRtree, i64 iNode){
+  RtreeNode *p;
+  for(p=pRtree->aHash[nodeHash(iNode)]; p && p->iNode!=iNode; p=p->pNext);
+  return p;
+}
+
+/*
+** Add node pNode to the node hash table.
+*/
+static void nodeHashInsert(Rtree *pRtree, RtreeNode *pNode){
+  int iHash;
+  assert( pNode->pNext==0 );
+  iHash = nodeHash(pNode->iNode);
+  pNode->pNext = pRtree->aHash[iHash];
+  pRtree->aHash[iHash] = pNode;
+}
+
+/*
+** Remove node pNode from the node hash table.
+*/
+static void nodeHashDelete(Rtree *pRtree, RtreeNode *pNode){
+  RtreeNode **pp;
+  if( pNode->iNode!=0 ){
+    pp = &pRtree->aHash[nodeHash(pNode->iNode)];
+    for( ; (*pp)!=pNode; pp = &(*pp)->pNext){ assert(*pp); }
+    *pp = pNode->pNext;
+    pNode->pNext = 0;
+  }
+}
+
+/*
+** Allocate and return new r-tree node. Initially, (RtreeNode.iNode==0),
+** indicating that node has not yet been assigned a node number. It is
+** assigned a node number when nodeWrite() is called to write the
+** node contents out to the database.
+*/
+static RtreeNode *nodeNew(Rtree *pRtree, RtreeNode *pParent){
+  RtreeNode *pNode;
+  pNode = (RtreeNode *)sqlite3_malloc(sizeof(RtreeNode) + pRtree->iNodeSize);
+  if( pNode ){
+    memset(pNode, 0, sizeof(RtreeNode) + pRtree->iNodeSize);
+    pNode->zData = (u8 *)&pNode[1];
+    pNode->nRef = 1;
+    pNode->pParent = pParent;
+    pNode->isDirty = 1;
+    nodeReference(pParent);
+  }
+  return pNode;
+}
+
+/*
+** Obtain a reference to an r-tree node.
+*/
+static int nodeAcquire(
+  Rtree *pRtree,             /* R-tree structure */
+  i64 iNode,                 /* Node number to load */
+  RtreeNode *pParent,        /* Either the parent node or NULL */
+  RtreeNode **ppNode         /* OUT: Acquired node */
+){
+  int rc;
+  int rc2 = SQLITE_OK;
+  RtreeNode *pNode;
+
+  /* Check if the requested node is already in the hash table. If so,
+  ** increase its reference count and return it.
+  */
+  if( (pNode = nodeHashLookup(pRtree, iNode)) ){
+    assert( !pParent || !pNode->pParent || pNode->pParent==pParent );
+    if( pParent && !pNode->pParent ){
+      nodeReference(pParent);
+      pNode->pParent = pParent;
+    }
+    pNode->nRef++;
+    *ppNode = pNode;
+    return SQLITE_OK;
+  }
+
+  sqlite3_bind_int64(pRtree->pReadNode, 1, iNode);
+  rc = sqlite3_step(pRtree->pReadNode);
+  if( rc==SQLITE_ROW ){
+    const u8 *zBlob = sqlite3_column_blob(pRtree->pReadNode, 0);
+    if( pRtree->iNodeSize==sqlite3_column_bytes(pRtree->pReadNode, 0) ){
+      pNode = (RtreeNode *)sqlite3_malloc(sizeof(RtreeNode)+pRtree->iNodeSize);
+      if( !pNode ){
+        rc2 = SQLITE_NOMEM;
+      }else{
+        pNode->pParent = pParent;
+        pNode->zData = (u8 *)&pNode[1];
+        pNode->nRef = 1;
+        pNode->iNode = iNode;
+        pNode->isDirty = 0;
+        pNode->pNext = 0;
+        memcpy(pNode->zData, zBlob, pRtree->iNodeSize);
+        nodeReference(pParent);
+      }
+    }
+  }
+  rc = sqlite3_reset(pRtree->pReadNode);
+  if( rc==SQLITE_OK ) rc = rc2;
+
+  /* If the root node was just loaded, set pRtree->iDepth to the height
+  ** of the r-tree structure. A height of zero means all data is stored on
+  ** the root node. A height of one means the children of the root node
+  ** are the leaves, and so on. If the depth as specified on the root node
+  ** is greater than RTREE_MAX_DEPTH, the r-tree structure must be corrupt.
+  */
+  if( pNode && iNode==1 ){
+    pRtree->iDepth = readInt16(pNode->zData);
+    if( pRtree->iDepth>RTREE_MAX_DEPTH ){
+      rc = SQLITE_CORRUPT_VTAB;
+    }
+  }
+
+  /* If no error has occurred so far, check if the "number of entries"
+  ** field on the node is too large. If so, set the return code to 
+  ** SQLITE_CORRUPT_VTAB.
+  */
+  if( pNode && rc==SQLITE_OK ){
+    if( NCELL(pNode)>((pRtree->iNodeSize-4)/pRtree->nBytesPerCell) ){
+      rc = SQLITE_CORRUPT_VTAB;
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    if( pNode!=0 ){
+      nodeHashInsert(pRtree, pNode);
+    }else{
+      rc = SQLITE_CORRUPT_VTAB;
+    }
+    *ppNode = pNode;
+  }else{
+    sqlite3_free(pNode);
+    *ppNode = 0;
+  }
+
+  return rc;
+}
+
+/*
+** Overwrite cell iCell of node pNode with the contents of pCell.
+*/
+static void nodeOverwriteCell(
+  Rtree *pRtree,             /* The overall R-Tree */
+  RtreeNode *pNode,          /* The node into which the cell is to be written */
+  RtreeCell *pCell,          /* The cell to write */
+  int iCell                  /* Index into pNode into which pCell is written */
+){
+  int ii;
+  u8 *p = &pNode->zData[4 + pRtree->nBytesPerCell*iCell];
+  p += writeInt64(p, pCell->iRowid);
+  for(ii=0; ii<(pRtree->nDim*2); ii++){
+    p += writeCoord(p, &pCell->aCoord[ii]);
+  }
+  pNode->isDirty = 1;
+}
+
+/*
+** Remove the cell with index iCell from node pNode.
+*/
+static void nodeDeleteCell(Rtree *pRtree, RtreeNode *pNode, int iCell){
+  u8 *pDst = &pNode->zData[4 + pRtree->nBytesPerCell*iCell];
+  u8 *pSrc = &pDst[pRtree->nBytesPerCell];
+  int nByte = (NCELL(pNode) - iCell - 1) * pRtree->nBytesPerCell;
+  memmove(pDst, pSrc, nByte);
+  writeInt16(&pNode->zData[2], NCELL(pNode)-1);
+  pNode->isDirty = 1;
+}
+
+/*
+** Insert the contents of cell pCell into node pNode. If the insert
+** is successful, return SQLITE_OK.
+**
+** If there is not enough free space in pNode, return SQLITE_FULL.
+*/
+static int nodeInsertCell(
+  Rtree *pRtree,                /* The overall R-Tree */
+  RtreeNode *pNode,             /* Write new cell into this node */
+  RtreeCell *pCell              /* The cell to be inserted */
+){
+  int nCell;                    /* Current number of cells in pNode */
+  int nMaxCell;                 /* Maximum number of cells for pNode */
+
+  nMaxCell = (pRtree->iNodeSize-4)/pRtree->nBytesPerCell;
+  nCell = NCELL(pNode);
+
+  assert( nCell<=nMaxCell );
+  if( nCell<nMaxCell ){
+    nodeOverwriteCell(pRtree, pNode, pCell, nCell);
+    writeInt16(&pNode->zData[2], nCell+1);
+    pNode->isDirty = 1;
+  }
+
+  return (nCell==nMaxCell);
+}
+
+/*
+** If the node is dirty, write it out to the database.
+*/
+static int nodeWrite(Rtree *pRtree, RtreeNode *pNode){
+  int rc = SQLITE_OK;
+  if( pNode->isDirty ){
+    sqlite3_stmt *p = pRtree->pWriteNode;
+    if( pNode->iNode ){
+      sqlite3_bind_int64(p, 1, pNode->iNode);
+    }else{
+      sqlite3_bind_null(p, 1);
+    }
+    sqlite3_bind_blob(p, 2, pNode->zData, pRtree->iNodeSize, SQLITE_STATIC);
+    sqlite3_step(p);
+    pNode->isDirty = 0;
+    rc = sqlite3_reset(p);
+    if( pNode->iNode==0 && rc==SQLITE_OK ){
+      pNode->iNode = sqlite3_last_insert_rowid(pRtree->db);
+      nodeHashInsert(pRtree, pNode);
+    }
+  }
+  return rc;
+}
+
+/*
+** Release a reference to a node. If the node is dirty and the reference
+** count drops to zero, the node data is written to the database.
+*/
+static int nodeRelease(Rtree *pRtree, RtreeNode *pNode){
+  int rc = SQLITE_OK;
+  if( pNode ){
+    assert( pNode->nRef>0 );
+    pNode->nRef--;
+    if( pNode->nRef==0 ){
+      if( pNode->iNode==1 ){
+        pRtree->iDepth = -1;
+      }
+      if( pNode->pParent ){
+        rc = nodeRelease(pRtree, pNode->pParent);
+      }
+      if( rc==SQLITE_OK ){
+        rc = nodeWrite(pRtree, pNode);
+      }
+      nodeHashDelete(pRtree, pNode);
+      sqlite3_free(pNode);
+    }
+  }
+  return rc;
+}
+
+/*
+** Return the 64-bit integer value associated with cell iCell of
+** node pNode. If pNode is a leaf node, this is a rowid. If it is
+** an internal node, then the 64-bit integer is a child page number.
+*/
+static i64 nodeGetRowid(
+  Rtree *pRtree,       /* The overall R-Tree */
+  RtreeNode *pNode,    /* The node from which to extract the ID */
+  int iCell            /* The cell index from which to extract the ID */
+){
+  assert( iCell<NCELL(pNode) );
+  return readInt64(&pNode->zData[4 + pRtree->nBytesPerCell*iCell]);
+}
+
+/*
+** Return coordinate iCoord from cell iCell in node pNode.
+*/
+static void nodeGetCoord(
+  Rtree *pRtree,               /* The overall R-Tree */
+  RtreeNode *pNode,            /* The node from which to extract a coordinate */
+  int iCell,                   /* The index of the cell within the node */
+  int iCoord,                  /* Which coordinate to extract */
+  RtreeCoord *pCoord           /* OUT: Space to write result to */
+){
+  readCoord(&pNode->zData[12 + pRtree->nBytesPerCell*iCell + 4*iCoord], pCoord);
+}
+
+/*
+** Deserialize cell iCell of node pNode. Populate the structure pointed
+** to by pCell with the results.
+*/
+static void nodeGetCell(
+  Rtree *pRtree,               /* The overall R-Tree */
+  RtreeNode *pNode,            /* The node containing the cell to be read */
+  int iCell,                   /* Index of the cell within the node */
+  RtreeCell *pCell             /* OUT: Write the cell contents here */
+){
+  u8 *pData;
+  RtreeCoord *pCoord;
+  int ii;
+  pCell->iRowid = nodeGetRowid(pRtree, pNode, iCell);
+  pData = pNode->zData + (12 + pRtree->nBytesPerCell*iCell);
+  pCoord = pCell->aCoord;
+  for(ii=0; ii<pRtree->nDim*2; ii++){
+    readCoord(&pData[ii*4], &pCoord[ii]);
+  }
+}
+
+
+/* Forward declaration for the function that does the work of
+** the virtual table module xCreate() and xConnect() methods.
+*/
+static int rtreeInit(
+  sqlite3 *, void *, int, const char *const*, sqlite3_vtab **, char **, int
+);
+
+/* 
+** Rtree virtual table module xCreate method.
+*/
+static int rtreeCreate(
+  sqlite3 *db,
+  void *pAux,
+  int argc, const char *const*argv,
+  sqlite3_vtab **ppVtab,
+  char **pzErr
+){
+  return rtreeInit(db, pAux, argc, argv, ppVtab, pzErr, 1);
+}
+
+/* 
+** Rtree virtual table module xConnect method.
+*/
+static int rtreeConnect(
+  sqlite3 *db,
+  void *pAux,
+  int argc, const char *const*argv,
+  sqlite3_vtab **ppVtab,
+  char **pzErr
+){
+  return rtreeInit(db, pAux, argc, argv, ppVtab, pzErr, 0);
+}
+
+/*
+** Increment the r-tree reference count.
+*/
+static void rtreeReference(Rtree *pRtree){
+  pRtree->nBusy++;
+}
+
+/*
+** Decrement the r-tree reference count. When the reference count reaches
+** zero the structure is deleted.
+*/
+static void rtreeRelease(Rtree *pRtree){
+  pRtree->nBusy--;
+  if( pRtree->nBusy==0 ){
+    sqlite3_finalize(pRtree->pReadNode);
+    sqlite3_finalize(pRtree->pWriteNode);
+    sqlite3_finalize(pRtree->pDeleteNode);
+    sqlite3_finalize(pRtree->pReadRowid);
+    sqlite3_finalize(pRtree->pWriteRowid);
+    sqlite3_finalize(pRtree->pDeleteRowid);
+    sqlite3_finalize(pRtree->pReadParent);
+    sqlite3_finalize(pRtree->pWriteParent);
+    sqlite3_finalize(pRtree->pDeleteParent);
+    sqlite3_free(pRtree);
+  }
+}
+
+/* 
+** Rtree virtual table module xDisconnect method.
+*/
+static int rtreeDisconnect(sqlite3_vtab *pVtab){
+  rtreeRelease((Rtree *)pVtab);
+  return SQLITE_OK;
+}
+
+/* 
+** Rtree virtual table module xDestroy method.
+*/
+static int rtreeDestroy(sqlite3_vtab *pVtab){
+  Rtree *pRtree = (Rtree *)pVtab;
+  int rc;
+  char *zCreate = sqlite3_mprintf(
+    "DROP TABLE '%q'.'%q_node';"
+    "DROP TABLE '%q'.'%q_rowid';"
+    "DROP TABLE '%q'.'%q_parent';",
+    pRtree->zDb, pRtree->zName, 
+    pRtree->zDb, pRtree->zName,
+    pRtree->zDb, pRtree->zName
+  );
+  if( !zCreate ){
+    rc = SQLITE_NOMEM;
+  }else{
+    rc = sqlite3_exec(pRtree->db, zCreate, 0, 0, 0);
+    sqlite3_free(zCreate);
+  }
+  if( rc==SQLITE_OK ){
+    rtreeRelease(pRtree);
+  }
+
+  return rc;
+}
+
+/* 
+** Rtree virtual table module xOpen method.
+*/
+static int rtreeOpen(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor){
+  int rc = SQLITE_NOMEM;
+  RtreeCursor *pCsr;
+
+  pCsr = (RtreeCursor *)sqlite3_malloc(sizeof(RtreeCursor));
+  if( pCsr ){
+    memset(pCsr, 0, sizeof(RtreeCursor));
+    pCsr->base.pVtab = pVTab;
+    rc = SQLITE_OK;
+  }
+  *ppCursor = (sqlite3_vtab_cursor *)pCsr;
+
+  return rc;
+}
+
+
+/*
+** Free the RtreeCursor.aConstraint[] array and its contents.
+*/
+static void freeCursorConstraints(RtreeCursor *pCsr){
+  if( pCsr->aConstraint ){
+    int i;                        /* Used to iterate through constraint array */
+    for(i=0; i<pCsr->nConstraint; i++){
+      sqlite3_rtree_query_info *pInfo = pCsr->aConstraint[i].pInfo;
+      if( pInfo ){
+        if( pInfo->xDelUser ) pInfo->xDelUser(pInfo->pUser);
+        sqlite3_free(pInfo);
+      }
+    }
+    sqlite3_free(pCsr->aConstraint);
+    pCsr->aConstraint = 0;
+  }
+}
+
+/* 
+** Rtree virtual table module xClose method.
+*/
+static int rtreeClose(sqlite3_vtab_cursor *cur){
+  Rtree *pRtree = (Rtree *)(cur->pVtab);
+  int ii;
+  RtreeCursor *pCsr = (RtreeCursor *)cur;
+  freeCursorConstraints(pCsr);
+  sqlite3_free(pCsr->aPoint);
+  for(ii=0; ii<RTREE_CACHE_SZ; ii++) nodeRelease(pRtree, pCsr->aNode[ii]);
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+/*
+** Rtree virtual table module xEof method.
+**
+** Return non-zero if the cursor does not currently point to a valid 
+** record (i.e if the scan has finished), or zero otherwise.
+*/
+static int rtreeEof(sqlite3_vtab_cursor *cur){
+  RtreeCursor *pCsr = (RtreeCursor *)cur;
+  return pCsr->atEOF;
+}
+
+/*
+** Convert raw bits from the on-disk RTree record into a coordinate value.
+** The on-disk format is big-endian and needs to be converted for little-
+** endian platforms.  The on-disk record stores integer coordinates if
+** eInt is true and it stores 32-bit floating point records if eInt is
+** false.  a[] is the four bytes of the on-disk record to be decoded.
+** Store the results in "r".
+**
+** There are three versions of this macro, one each for little-endian and
+** big-endian processors and a third generic implementation.  The endian-
+** specific implementations are much faster and are preferred if the
+** processor endianness is known at compile-time.  The SQLITE_BYTEORDER
+** macro is part of sqliteInt.h and hence the endian-specific
+** implementation will only be used if this module is compiled as part
+** of the amalgamation.
+*/
+#if defined(SQLITE_BYTEORDER) && SQLITE_BYTEORDER==1234
+#define RTREE_DECODE_COORD(eInt, a, r) {                        \
+    RtreeCoord c;    /* Coordinate decoded */                   \
+    memcpy(&c.u,a,4);                                           \
+    c.u = ((c.u>>24)&0xff)|((c.u>>8)&0xff00)|                   \
+          ((c.u&0xff)<<24)|((c.u&0xff00)<<8);                   \
+    r = eInt ? (sqlite3_rtree_dbl)c.i : (sqlite3_rtree_dbl)c.f; \
+}
+#elif defined(SQLITE_BYTEORDER) && SQLITE_BYTEORDER==4321
+#define RTREE_DECODE_COORD(eInt, a, r) {                        \
+    RtreeCoord c;    /* Coordinate decoded */                   \
+    memcpy(&c.u,a,4);                                           \
+    r = eInt ? (sqlite3_rtree_dbl)c.i : (sqlite3_rtree_dbl)c.f; \
+}
+#else
+#define RTREE_DECODE_COORD(eInt, a, r) {                        \
+    RtreeCoord c;    /* Coordinate decoded */                   \
+    c.u = ((u32)a[0]<<24) + ((u32)a[1]<<16)                     \
+           +((u32)a[2]<<8) + a[3];                              \
+    r = eInt ? (sqlite3_rtree_dbl)c.i : (sqlite3_rtree_dbl)c.f; \
+}
+#endif
+
+/*
+** Check the RTree node or entry given by pCellData and p against the MATCH
+** constraint pConstraint.  
+*/
+static int rtreeCallbackConstraint(
+  RtreeConstraint *pConstraint,  /* The constraint to test */
+  int eInt,                      /* True if RTree holding integer coordinates */
+  u8 *pCellData,                 /* Raw cell content */
+  RtreeSearchPoint *pSearch,     /* Container of this cell */
+  sqlite3_rtree_dbl *prScore,    /* OUT: score for the cell */
+  int *peWithin                  /* OUT: visibility of the cell */
+){
+  int i;                                                /* Loop counter */
+  sqlite3_rtree_query_info *pInfo = pConstraint->pInfo; /* Callback info */
+  int nCoord = pInfo->nCoord;                           /* No. of coordinates */
+  int rc;                                             /* Callback return code */
+  sqlite3_rtree_dbl aCoord[RTREE_MAX_DIMENSIONS*2];   /* Decoded coordinates */
+
+  assert( pConstraint->op==RTREE_MATCH || pConstraint->op==RTREE_QUERY );
+  assert( nCoord==2 || nCoord==4 || nCoord==6 || nCoord==8 || nCoord==10 );
+
+  if( pConstraint->op==RTREE_QUERY && pSearch->iLevel==1 ){
+    pInfo->iRowid = readInt64(pCellData);
+  }
+  pCellData += 8;
+  for(i=0; i<nCoord; i++, pCellData += 4){
+    RTREE_DECODE_COORD(eInt, pCellData, aCoord[i]);
+  }
+  if( pConstraint->op==RTREE_MATCH ){
+    rc = pConstraint->u.xGeom((sqlite3_rtree_geometry*)pInfo,
+                              nCoord, aCoord, &i);
+    if( i==0 ) *peWithin = NOT_WITHIN;
+    *prScore = RTREE_ZERO;
+  }else{
+    pInfo->aCoord = aCoord;
+    pInfo->iLevel = pSearch->iLevel - 1;
+    pInfo->rScore = pInfo->rParentScore = pSearch->rScore;
+    pInfo->eWithin = pInfo->eParentWithin = pSearch->eWithin;
+    rc = pConstraint->u.xQueryFunc(pInfo);
+    if( pInfo->eWithin<*peWithin ) *peWithin = pInfo->eWithin;
+    if( pInfo->rScore<*prScore || *prScore<RTREE_ZERO ){
+      *prScore = pInfo->rScore;
+    }
+  }
+  return rc;
+}
+
+/* 
+** Check the internal RTree node given by pCellData against constraint p.
+** If this constraint cannot be satisfied by any child within the node,
+** set *peWithin to NOT_WITHIN.
+*/
+static void rtreeNonleafConstraint(
+  RtreeConstraint *p,        /* The constraint to test */
+  int eInt,                  /* True if RTree holds integer coordinates */
+  u8 *pCellData,             /* Raw cell content as appears on disk */
+  int *peWithin              /* Adjust downward, as appropriate */
+){
+  sqlite3_rtree_dbl val;     /* Coordinate value convert to a double */
+
+  /* p->iCoord might point to either a lower or upper bound coordinate
+  ** in a coordinate pair.  But make pCellData point to the lower bound.
+  */
+  pCellData += 8 + 4*(p->iCoord&0xfe);
+
+  assert(p->op==RTREE_LE || p->op==RTREE_LT || p->op==RTREE_GE 
+      || p->op==RTREE_GT || p->op==RTREE_EQ );
+  switch( p->op ){
+    case RTREE_LE:
+    case RTREE_LT:
+    case RTREE_EQ:
+      RTREE_DECODE_COORD(eInt, pCellData, val);
+      /* val now holds the lower bound of the coordinate pair */
+      if( p->u.rValue>=val ) return;
+      if( p->op!=RTREE_EQ ) break;  /* RTREE_LE and RTREE_LT end here */
+      /* Fall through for the RTREE_EQ case */
+
+    default: /* RTREE_GT or RTREE_GE,  or fallthrough of RTREE_EQ */
+      pCellData += 4;
+      RTREE_DECODE_COORD(eInt, pCellData, val);
+      /* val now holds the upper bound of the coordinate pair */
+      if( p->u.rValue<=val ) return;
+  }
+  *peWithin = NOT_WITHIN;
+}
+
+/*
+** Check the leaf RTree cell given by pCellData against constraint p.
+** If this constraint is not satisfied, set *peWithin to NOT_WITHIN.
+** If the constraint is satisfied, leave *peWithin unchanged.
+**
+** The constraint is of the form:  xN op $val
+**
+** The op is given by p->op.  The xN is p->iCoord-th coordinate in
+** pCellData.  $val is given by p->u.rValue.
+*/
+static void rtreeLeafConstraint(
+  RtreeConstraint *p,        /* The constraint to test */
+  int eInt,                  /* True if RTree holds integer coordinates */
+  u8 *pCellData,             /* Raw cell content as appears on disk */
+  int *peWithin              /* Adjust downward, as appropriate */
+){
+  RtreeDValue xN;      /* Coordinate value converted to a double */
+
+  assert(p->op==RTREE_LE || p->op==RTREE_LT || p->op==RTREE_GE 
+      || p->op==RTREE_GT || p->op==RTREE_EQ );
+  pCellData += 8 + p->iCoord*4;
+  RTREE_DECODE_COORD(eInt, pCellData, xN);
+  switch( p->op ){
+    case RTREE_LE: if( xN <= p->u.rValue ) return;  break;
+    case RTREE_LT: if( xN <  p->u.rValue ) return;  break;
+    case RTREE_GE: if( xN >= p->u.rValue ) return;  break;
+    case RTREE_GT: if( xN >  p->u.rValue ) return;  break;
+    default:       if( xN == p->u.rValue ) return;  break;
+  }
+  *peWithin = NOT_WITHIN;
+}
+
+/*
+** One of the cells in node pNode is guaranteed to have a 64-bit 
+** integer value equal to iRowid. Return the index of this cell.
+*/
+static int nodeRowidIndex(
+  Rtree *pRtree, 
+  RtreeNode *pNode, 
+  i64 iRowid,
+  int *piIndex
+){
+  int ii;
+  int nCell = NCELL(pNode);
+  assert( nCell<200 );
+  for(ii=0; ii<nCell; ii++){
+    if( nodeGetRowid(pRtree, pNode, ii)==iRowid ){
+      *piIndex = ii;
+      return SQLITE_OK;
+    }
+  }
+  return SQLITE_CORRUPT_VTAB;
+}
+
+/*
+** Return the index of the cell containing a pointer to node pNode
+** in its parent. If pNode is the root node, return -1.
+*/
+static int nodeParentIndex(Rtree *pRtree, RtreeNode *pNode, int *piIndex){
+  RtreeNode *pParent = pNode->pParent;
+  if( pParent ){
+    return nodeRowidIndex(pRtree, pParent, pNode->iNode, piIndex);
+  }
+  *piIndex = -1;
+  return SQLITE_OK;
+}
+
+/*
+** Compare two search points.  Return negative, zero, or positive if the first
+** is less than, equal to, or greater than the second.
+**
+** The rScore is the primary key.  Smaller rScore values come first.
+** If the rScore is a tie, then use iLevel as the tie breaker with smaller
+** iLevel values coming first.  In this way, if rScore is the same for all
+** SearchPoints, then iLevel becomes the deciding factor and the result
+** is a depth-first search, which is the desired default behavior.
+*/
+static int rtreeSearchPointCompare(
+  const RtreeSearchPoint *pA,
+  const RtreeSearchPoint *pB
+){
+  if( pA->rScore<pB->rScore ) return -1;
+  if( pA->rScore>pB->rScore ) return +1;
+  if( pA->iLevel<pB->iLevel ) return -1;
+  if( pA->iLevel>pB->iLevel ) return +1;
+  return 0;
+}
+
+/*
+** Interchange to search points in a cursor.
+*/
+static void rtreeSearchPointSwap(RtreeCursor *p, int i, int j){
+  RtreeSearchPoint t = p->aPoint[i];
+  assert( i<j );
+  p->aPoint[i] = p->aPoint[j];
+  p->aPoint[j] = t;
+  i++; j++;
+  if( i<RTREE_CACHE_SZ ){
+    if( j>=RTREE_CACHE_SZ ){
+      nodeRelease(RTREE_OF_CURSOR(p), p->aNode[i]);
+      p->aNode[i] = 0;
+    }else{
+      RtreeNode *pTemp = p->aNode[i];
+      p->aNode[i] = p->aNode[j];
+      p->aNode[j] = pTemp;
+    }
+  }
+}
+
+/*
+** Return the search point with the lowest current score.
+*/
+static RtreeSearchPoint *rtreeSearchPointFirst(RtreeCursor *pCur){
+  return pCur->bPoint ? &pCur->sPoint : pCur->nPoint ? pCur->aPoint : 0;
+}
+
+/*
+** Get the RtreeNode for the search point with the lowest score.
+*/
+static RtreeNode *rtreeNodeOfFirstSearchPoint(RtreeCursor *pCur, int *pRC){
+  sqlite3_int64 id;
+  int ii = 1 - pCur->bPoint;
+  assert( ii==0 || ii==1 );
+  assert( pCur->bPoint || pCur->nPoint );
+  if( pCur->aNode[ii]==0 ){
+    assert( pRC!=0 );
+    id = ii ? pCur->aPoint[0].id : pCur->sPoint.id;
+    *pRC = nodeAcquire(RTREE_OF_CURSOR(pCur), id, 0, &pCur->aNode[ii]);
+  }
+  return pCur->aNode[ii];
+}
+
+/*
+** Push a new element onto the priority queue
+*/
+static RtreeSearchPoint *rtreeEnqueue(
+  RtreeCursor *pCur,    /* The cursor */
+  RtreeDValue rScore,   /* Score for the new search point */
+  u8 iLevel             /* Level for the new search point */
+){
+  int i, j;
+  RtreeSearchPoint *pNew;
+  if( pCur->nPoint>=pCur->nPointAlloc ){
+    int nNew = pCur->nPointAlloc*2 + 8;
+    pNew = sqlite3_realloc(pCur->aPoint, nNew*sizeof(pCur->aPoint[0]));
+    if( pNew==0 ) return 0;
+    pCur->aPoint = pNew;
+    pCur->nPointAlloc = nNew;
+  }
+  i = pCur->nPoint++;
+  pNew = pCur->aPoint + i;
+  pNew->rScore = rScore;
+  pNew->iLevel = iLevel;
+  assert( iLevel<=RTREE_MAX_DEPTH );
+  while( i>0 ){
+    RtreeSearchPoint *pParent;
+    j = (i-1)/2;
+    pParent = pCur->aPoint + j;
+    if( rtreeSearchPointCompare(pNew, pParent)>=0 ) break;
+    rtreeSearchPointSwap(pCur, j, i);
+    i = j;
+    pNew = pParent;
+  }
+  return pNew;
+}
+
+/*
+** Allocate a new RtreeSearchPoint and return a pointer to it.  Return
+** NULL if malloc fails.
+*/
+static RtreeSearchPoint *rtreeSearchPointNew(
+  RtreeCursor *pCur,    /* The cursor */
+  RtreeDValue rScore,   /* Score for the new search point */
+  u8 iLevel             /* Level for the new search point */
+){
+  RtreeSearchPoint *pNew, *pFirst;
+  pFirst = rtreeSearchPointFirst(pCur);
+  pCur->anQueue[iLevel]++;
+  if( pFirst==0
+   || pFirst->rScore>rScore 
+   || (pFirst->rScore==rScore && pFirst->iLevel>iLevel)
+  ){
+    if( pCur->bPoint ){
+      int ii;
+      pNew = rtreeEnqueue(pCur, rScore, iLevel);
+      if( pNew==0 ) return 0;
+      ii = (int)(pNew - pCur->aPoint) + 1;
+      if( ii<RTREE_CACHE_SZ ){
+        assert( pCur->aNode[ii]==0 );
+        pCur->aNode[ii] = pCur->aNode[0];
+       }else{
+        nodeRelease(RTREE_OF_CURSOR(pCur), pCur->aNode[0]);
+      }
+      pCur->aNode[0] = 0;
+      *pNew = pCur->sPoint;
+    }
+    pCur->sPoint.rScore = rScore;
+    pCur->sPoint.iLevel = iLevel;
+    pCur->bPoint = 1;
+    return &pCur->sPoint;
+  }else{
+    return rtreeEnqueue(pCur, rScore, iLevel);
+  }
+}
+
+#if 0
+/* Tracing routines for the RtreeSearchPoint queue */
+static void tracePoint(RtreeSearchPoint *p, int idx, RtreeCursor *pCur){
+  if( idx<0 ){ printf(" s"); }else{ printf("%2d", idx); }
+  printf(" %d.%05lld.%02d %g %d",
+    p->iLevel, p->id, p->iCell, p->rScore, p->eWithin
+  );
+  idx++;
+  if( idx<RTREE_CACHE_SZ ){
+    printf(" %p\n", pCur->aNode[idx]);
+  }else{
+    printf("\n");
+  }
+}
+static void traceQueue(RtreeCursor *pCur, const char *zPrefix){
+  int ii;
+  printf("=== %9s ", zPrefix);
+  if( pCur->bPoint ){
+    tracePoint(&pCur->sPoint, -1, pCur);
+  }
+  for(ii=0; ii<pCur->nPoint; ii++){
+    if( ii>0 || pCur->bPoint ) printf("              ");
+    tracePoint(&pCur->aPoint[ii], ii, pCur);
+  }
+}
+# define RTREE_QUEUE_TRACE(A,B) traceQueue(A,B)
+#else
+# define RTREE_QUEUE_TRACE(A,B)   /* no-op */
+#endif
+
+/* Remove the search point with the lowest current score.
+*/
+static void rtreeSearchPointPop(RtreeCursor *p){
+  int i, j, k, n;
+  i = 1 - p->bPoint;
+  assert( i==0 || i==1 );
+  if( p->aNode[i] ){
+    nodeRelease(RTREE_OF_CURSOR(p), p->aNode[i]);
+    p->aNode[i] = 0;
+  }
+  if( p->bPoint ){
+    p->anQueue[p->sPoint.iLevel]--;
+    p->bPoint = 0;
+  }else if( p->nPoint ){
+    p->anQueue[p->aPoint[0].iLevel]--;
+    n = --p->nPoint;
+    p->aPoint[0] = p->aPoint[n];
+    if( n<RTREE_CACHE_SZ-1 ){
+      p->aNode[1] = p->aNode[n+1];
+      p->aNode[n+1] = 0;
+    }
+    i = 0;
+    while( (j = i*2+1)<n ){
+      k = j+1;
+      if( k<n && rtreeSearchPointCompare(&p->aPoint[k], &p->aPoint[j])<0 ){
+        if( rtreeSearchPointCompare(&p->aPoint[k], &p->aPoint[i])<0 ){
+          rtreeSearchPointSwap(p, i, k);
+          i = k;
+        }else{
+          break;
+        }
+      }else{
+        if( rtreeSearchPointCompare(&p->aPoint[j], &p->aPoint[i])<0 ){
+          rtreeSearchPointSwap(p, i, j);
+          i = j;
+        }else{
+          break;
+        }
+      }
+    }
+  }
+}
+
+
+/*
+** Continue the search on cursor pCur until the front of the queue
+** contains an entry suitable for returning as a result-set row,
+** or until the RtreeSearchPoint queue is empty, indicating that the
+** query has completed.
+*/
+static int rtreeStepToLeaf(RtreeCursor *pCur){
+  RtreeSearchPoint *p;
+  Rtree *pRtree = RTREE_OF_CURSOR(pCur);
+  RtreeNode *pNode;
+  int eWithin;
+  int rc = SQLITE_OK;
+  int nCell;
+  int nConstraint = pCur->nConstraint;
+  int ii;
+  int eInt;
+  RtreeSearchPoint x;
+
+  eInt = pRtree->eCoordType==RTREE_COORD_INT32;
+  while( (p = rtreeSearchPointFirst(pCur))!=0 && p->iLevel>0 ){
+    pNode = rtreeNodeOfFirstSearchPoint(pCur, &rc);
+    if( rc ) return rc;
+    nCell = NCELL(pNode);
+    assert( nCell<200 );
+    while( p->iCell<nCell ){
+      sqlite3_rtree_dbl rScore = (sqlite3_rtree_dbl)-1;
+      u8 *pCellData = pNode->zData + (4+pRtree->nBytesPerCell*p->iCell);
+      eWithin = FULLY_WITHIN;
+      for(ii=0; ii<nConstraint; ii++){
+        RtreeConstraint *pConstraint = pCur->aConstraint + ii;
+        if( pConstraint->op>=RTREE_MATCH ){
+          rc = rtreeCallbackConstraint(pConstraint, eInt, pCellData, p,
+                                       &rScore, &eWithin);
+          if( rc ) return rc;
+        }else if( p->iLevel==1 ){
+          rtreeLeafConstraint(pConstraint, eInt, pCellData, &eWithin);
+        }else{
+          rtreeNonleafConstraint(pConstraint, eInt, pCellData, &eWithin);
+        }
+        if( eWithin==NOT_WITHIN ) break;
+      }
+      p->iCell++;
+      if( eWithin==NOT_WITHIN ) continue;
+      x.iLevel = p->iLevel - 1;
+      if( x.iLevel ){
+        x.id = readInt64(pCellData);
+        x.iCell = 0;
+      }else{
+        x.id = p->id;
+        x.iCell = p->iCell - 1;
+      }
+      if( p->iCell>=nCell ){
+        RTREE_QUEUE_TRACE(pCur, "POP-S:");
+        rtreeSearchPointPop(pCur);
+      }
+      if( rScore<RTREE_ZERO ) rScore = RTREE_ZERO;
+      p = rtreeSearchPointNew(pCur, rScore, x.iLevel);
+      if( p==0 ) return SQLITE_NOMEM;
+      p->eWithin = eWithin;
+      p->id = x.id;
+      p->iCell = x.iCell;
+      RTREE_QUEUE_TRACE(pCur, "PUSH-S:");
+      break;
+    }
+    if( p->iCell>=nCell ){
+      RTREE_QUEUE_TRACE(pCur, "POP-Se:");
+      rtreeSearchPointPop(pCur);
+    }
+  }
+  pCur->atEOF = p==0;
+  return SQLITE_OK;
+}
+
+/* 
+** Rtree virtual table module xNext method.
+*/
+static int rtreeNext(sqlite3_vtab_cursor *pVtabCursor){
+  RtreeCursor *pCsr = (RtreeCursor *)pVtabCursor;
+  int rc = SQLITE_OK;
+
+  /* Move to the next entry that matches the configured constraints. */
+  RTREE_QUEUE_TRACE(pCsr, "POP-Nx:");
+  rtreeSearchPointPop(pCsr);
+  rc = rtreeStepToLeaf(pCsr);
+  return rc;
+}
+
+/* 
+** Rtree virtual table module xRowid method.
+*/
+static int rtreeRowid(sqlite3_vtab_cursor *pVtabCursor, sqlite_int64 *pRowid){
+  RtreeCursor *pCsr = (RtreeCursor *)pVtabCursor;
+  RtreeSearchPoint *p = rtreeSearchPointFirst(pCsr);
+  int rc = SQLITE_OK;
+  RtreeNode *pNode = rtreeNodeOfFirstSearchPoint(pCsr, &rc);
+  if( rc==SQLITE_OK && p ){
+    *pRowid = nodeGetRowid(RTREE_OF_CURSOR(pCsr), pNode, p->iCell);
+  }
+  return rc;
+}
+
+/* 
+** Rtree virtual table module xColumn method.
+*/
+static int rtreeColumn(sqlite3_vtab_cursor *cur, sqlite3_context *ctx, int i){
+  Rtree *pRtree = (Rtree *)cur->pVtab;
+  RtreeCursor *pCsr = (RtreeCursor *)cur;
+  RtreeSearchPoint *p = rtreeSearchPointFirst(pCsr);
+  RtreeCoord c;
+  int rc = SQLITE_OK;
+  RtreeNode *pNode = rtreeNodeOfFirstSearchPoint(pCsr, &rc);
+
+  if( rc ) return rc;
+  if( p==0 ) return SQLITE_OK;
+  if( i==0 ){
+    sqlite3_result_int64(ctx, nodeGetRowid(pRtree, pNode, p->iCell));
+  }else{
+    if( rc ) return rc;
+    nodeGetCoord(pRtree, pNode, p->iCell, i-1, &c);
+#ifndef SQLITE_RTREE_INT_ONLY
+    if( pRtree->eCoordType==RTREE_COORD_REAL32 ){
+      sqlite3_result_double(ctx, c.f);
+    }else
+#endif
+    {
+      assert( pRtree->eCoordType==RTREE_COORD_INT32 );
+      sqlite3_result_int(ctx, c.i);
+    }
+  }
+  return SQLITE_OK;
+}
+
+/* 
+** Use nodeAcquire() to obtain the leaf node containing the record with 
+** rowid iRowid. If successful, set *ppLeaf to point to the node and
+** return SQLITE_OK. If there is no such record in the table, set
+** *ppLeaf to 0 and return SQLITE_OK. If an error occurs, set *ppLeaf
+** to zero and return an SQLite error code.
+*/
+static int findLeafNode(
+  Rtree *pRtree,              /* RTree to search */
+  i64 iRowid,                 /* The rowid searching for */
+  RtreeNode **ppLeaf,         /* Write the node here */
+  sqlite3_int64 *piNode       /* Write the node-id here */
+){
+  int rc;
+  *ppLeaf = 0;
+  sqlite3_bind_int64(pRtree->pReadRowid, 1, iRowid);
+  if( sqlite3_step(pRtree->pReadRowid)==SQLITE_ROW ){
+    i64 iNode = sqlite3_column_int64(pRtree->pReadRowid, 0);
+    if( piNode ) *piNode = iNode;
+    rc = nodeAcquire(pRtree, iNode, 0, ppLeaf);
+    sqlite3_reset(pRtree->pReadRowid);
+  }else{
+    rc = sqlite3_reset(pRtree->pReadRowid);
+  }
+  return rc;
+}
+
+/*
+** This function is called to configure the RtreeConstraint object passed
+** as the second argument for a MATCH constraint. The value passed as the
+** first argument to this function is the right-hand operand to the MATCH
+** operator.
+*/
+static int deserializeGeometry(sqlite3_value *pValue, RtreeConstraint *pCons){
+  RtreeMatchArg *pBlob;              /* BLOB returned by geometry function */
+  sqlite3_rtree_query_info *pInfo;   /* Callback information */
+  int nBlob;                         /* Size of the geometry function blob */
+  int nExpected;                     /* Expected size of the BLOB */
+
+  /* Check that value is actually a blob. */
+  if( sqlite3_value_type(pValue)!=SQLITE_BLOB ) return SQLITE_ERROR;
+
+  /* Check that the blob is roughly the right size. */
+  nBlob = sqlite3_value_bytes(pValue);
+  if( nBlob<(int)sizeof(RtreeMatchArg) ){
+    return SQLITE_ERROR;
+  }
+
+  pInfo = (sqlite3_rtree_query_info*)sqlite3_malloc( sizeof(*pInfo)+nBlob );
+  if( !pInfo ) return SQLITE_NOMEM;
+  memset(pInfo, 0, sizeof(*pInfo));
+  pBlob = (RtreeMatchArg*)&pInfo[1];
+
+  memcpy(pBlob, sqlite3_value_blob(pValue), nBlob);
+  nExpected = (int)(sizeof(RtreeMatchArg) +
+                    pBlob->nParam*sizeof(sqlite3_value*) +
+                    (pBlob->nParam-1)*sizeof(RtreeDValue));
+  if( pBlob->magic!=RTREE_GEOMETRY_MAGIC || nBlob!=nExpected ){
+    sqlite3_free(pInfo);
+    return SQLITE_ERROR;
+  }
+  pInfo->pContext = pBlob->cb.pContext;
+  pInfo->nParam = pBlob->nParam;
+  pInfo->aParam = pBlob->aParam;
+  pInfo->apSqlParam = pBlob->apSqlParam;
+
+  if( pBlob->cb.xGeom ){
+    pCons->u.xGeom = pBlob->cb.xGeom;
+  }else{
+    pCons->op = RTREE_QUERY;
+    pCons->u.xQueryFunc = pBlob->cb.xQueryFunc;
+  }
+  pCons->pInfo = pInfo;
+  return SQLITE_OK;
+}
+
+/* 
+** Rtree virtual table module xFilter method.
+*/
+static int rtreeFilter(
+  sqlite3_vtab_cursor *pVtabCursor, 
+  int idxNum, const char *idxStr,
+  int argc, sqlite3_value **argv
+){
+  Rtree *pRtree = (Rtree *)pVtabCursor->pVtab;
+  RtreeCursor *pCsr = (RtreeCursor *)pVtabCursor;
+  RtreeNode *pRoot = 0;
+  int ii;
+  int rc = SQLITE_OK;
+  int iCell = 0;
+
+  rtreeReference(pRtree);
+
+  /* Reset the cursor to the same state as rtreeOpen() leaves it in. */
+  freeCursorConstraints(pCsr);
+  sqlite3_free(pCsr->aPoint);
+  memset(pCsr, 0, sizeof(RtreeCursor));
+  pCsr->base.pVtab = (sqlite3_vtab*)pRtree;
+
+  pCsr->iStrategy = idxNum;
+  if( idxNum==1 ){
+    /* Special case - lookup by rowid. */
+    RtreeNode *pLeaf;        /* Leaf on which the required cell resides */
+    RtreeSearchPoint *p;     /* Search point for the the leaf */
+    i64 iRowid = sqlite3_value_int64(argv[0]);
+    i64 iNode = 0;
+    rc = findLeafNode(pRtree, iRowid, &pLeaf, &iNode);
+    if( rc==SQLITE_OK && pLeaf!=0 ){
+      p = rtreeSearchPointNew(pCsr, RTREE_ZERO, 0);
+      assert( p!=0 );  /* Always returns pCsr->sPoint */
+      pCsr->aNode[0] = pLeaf;
+      p->id = iNode;
+      p->eWithin = PARTLY_WITHIN;
+      rc = nodeRowidIndex(pRtree, pLeaf, iRowid, &iCell);
+      p->iCell = iCell;
+      RTREE_QUEUE_TRACE(pCsr, "PUSH-F1:");
+    }else{
+      pCsr->atEOF = 1;
+    }
+  }else{
+    /* Normal case - r-tree scan. Set up the RtreeCursor.aConstraint array 
+    ** with the configured constraints. 
+    */
+    rc = nodeAcquire(pRtree, 1, 0, &pRoot);
+    if( rc==SQLITE_OK && argc>0 ){
+      pCsr->aConstraint = sqlite3_malloc(sizeof(RtreeConstraint)*argc);
+      pCsr->nConstraint = argc;
+      if( !pCsr->aConstraint ){
+        rc = SQLITE_NOMEM;
+      }else{
+        memset(pCsr->aConstraint, 0, sizeof(RtreeConstraint)*argc);
+        memset(pCsr->anQueue, 0, sizeof(u32)*(pRtree->iDepth + 1));
+        assert( (idxStr==0 && argc==0)
+                || (idxStr && (int)strlen(idxStr)==argc*2) );
+        for(ii=0; ii<argc; ii++){
+          RtreeConstraint *p = &pCsr->aConstraint[ii];
+          p->op = idxStr[ii*2];
+          p->iCoord = idxStr[ii*2+1]-'0';
+          if( p->op>=RTREE_MATCH ){
+            /* A MATCH operator. The right-hand-side must be a blob that
+            ** can be cast into an RtreeMatchArg object. One created using
+            ** an sqlite3_rtree_geometry_callback() SQL user function.
+            */
+            rc = deserializeGeometry(argv[ii], p);
+            if( rc!=SQLITE_OK ){
+              break;
+            }
+            p->pInfo->nCoord = pRtree->nDim*2;
+            p->pInfo->anQueue = pCsr->anQueue;
+            p->pInfo->mxLevel = pRtree->iDepth + 1;
+          }else{
+#ifdef SQLITE_RTREE_INT_ONLY
+            p->u.rValue = sqlite3_value_int64(argv[ii]);
+#else
+            p->u.rValue = sqlite3_value_double(argv[ii]);
+#endif
+          }
+        }
+      }
+    }
+    if( rc==SQLITE_OK ){
+      RtreeSearchPoint *pNew;
+      pNew = rtreeSearchPointNew(pCsr, RTREE_ZERO, pRtree->iDepth+1);
+      if( pNew==0 ) return SQLITE_NOMEM;
+      pNew->id = 1;
+      pNew->iCell = 0;
+      pNew->eWithin = PARTLY_WITHIN;
+      assert( pCsr->bPoint==1 );
+      pCsr->aNode[0] = pRoot;
+      pRoot = 0;
+      RTREE_QUEUE_TRACE(pCsr, "PUSH-Fm:");
+      rc = rtreeStepToLeaf(pCsr);
+    }
+  }
+
+  nodeRelease(pRtree, pRoot);
+  rtreeRelease(pRtree);
+  return rc;
+}
+
+/*
+** Set the pIdxInfo->estimatedRows variable to nRow. Unless this
+** extension is currently being used by a version of SQLite too old to
+** support estimatedRows. In that case this function is a no-op.
+*/
+static void setEstimatedRows(sqlite3_index_info *pIdxInfo, i64 nRow){
+#if SQLITE_VERSION_NUMBER>=3008002
+  if( sqlite3_libversion_number()>=3008002 ){
+    pIdxInfo->estimatedRows = nRow;
+  }
+#endif
+}
+
+/*
+** Rtree virtual table module xBestIndex method. There are three
+** table scan strategies to choose from (in order from most to 
+** least desirable):
+**
+**   idxNum     idxStr        Strategy
+**   ------------------------------------------------
+**     1        Unused        Direct lookup by rowid.
+**     2        See below     R-tree query or full-table scan.
+**   ------------------------------------------------
+**
+** If strategy 1 is used, then idxStr is not meaningful. If strategy
+** 2 is used, idxStr is formatted to contain 2 bytes for each 
+** constraint used. The first two bytes of idxStr correspond to 
+** the constraint in sqlite3_index_info.aConstraintUsage[] with
+** (argvIndex==1) etc.
+**
+** The first of each pair of bytes in idxStr identifies the constraint
+** operator as follows:
+**
+**   Operator    Byte Value
+**   ----------------------
+**      =        0x41 ('A')
+**     <=        0x42 ('B')
+**      <        0x43 ('C')
+**     >=        0x44 ('D')
+**      >        0x45 ('E')
+**   MATCH       0x46 ('F')
+**   ----------------------
+**
+** The second of each pair of bytes identifies the coordinate column
+** to which the constraint applies. The leftmost coordinate column
+** is 'a', the second from the left 'b' etc.
+*/
+static int rtreeBestIndex(sqlite3_vtab *tab, sqlite3_index_info *pIdxInfo){
+  Rtree *pRtree = (Rtree*)tab;
+  int rc = SQLITE_OK;
+  int ii;
+  int bMatch = 0;                 /* True if there exists a MATCH constraint */
+  i64 nRow;                       /* Estimated rows returned by this scan */
+
+  int iIdx = 0;
+  char zIdxStr[RTREE_MAX_DIMENSIONS*8+1];
+  memset(zIdxStr, 0, sizeof(zIdxStr));
+
+  /* Check if there exists a MATCH constraint - even an unusable one. If there
+  ** is, do not consider the lookup-by-rowid plan as using such a plan would
+  ** require the VDBE to evaluate the MATCH constraint, which is not currently
+  ** possible. */
+  for(ii=0; ii<pIdxInfo->nConstraint; ii++){
+    if( pIdxInfo->aConstraint[ii].op==SQLITE_INDEX_CONSTRAINT_MATCH ){
+      bMatch = 1;
+    }
+  }
+
+  assert( pIdxInfo->idxStr==0 );
+  for(ii=0; ii<pIdxInfo->nConstraint && iIdx<(int)(sizeof(zIdxStr)-1); ii++){
+    struct sqlite3_index_constraint *p = &pIdxInfo->aConstraint[ii];
+
+    if( bMatch==0 && p->usable 
+     && p->iColumn==0 && p->op==SQLITE_INDEX_CONSTRAINT_EQ 
+    ){
+      /* We have an equality constraint on the rowid. Use strategy 1. */
+      int jj;
+      for(jj=0; jj<ii; jj++){
+        pIdxInfo->aConstraintUsage[jj].argvIndex = 0;
+        pIdxInfo->aConstraintUsage[jj].omit = 0;
+      }
+      pIdxInfo->idxNum = 1;
+      pIdxInfo->aConstraintUsage[ii].argvIndex = 1;
+      pIdxInfo->aConstraintUsage[jj].omit = 1;
+
+      /* This strategy involves a two rowid lookups on an B-Tree structures
+      ** and then a linear search of an R-Tree node. This should be 
+      ** considered almost as quick as a direct rowid lookup (for which 
+      ** sqlite uses an internal cost of 0.0). It is expected to return
+      ** a single row.
+      */ 
+      pIdxInfo->estimatedCost = 30.0;
+      setEstimatedRows(pIdxInfo, 1);
+      return SQLITE_OK;
+    }
+
+    if( p->usable && (p->iColumn>0 || p->op==SQLITE_INDEX_CONSTRAINT_MATCH) ){
+      u8 op;
+      switch( p->op ){
+        case SQLITE_INDEX_CONSTRAINT_EQ: op = RTREE_EQ; break;
+        case SQLITE_INDEX_CONSTRAINT_GT: op = RTREE_GT; break;
+        case SQLITE_INDEX_CONSTRAINT_LE: op = RTREE_LE; break;
+        case SQLITE_INDEX_CONSTRAINT_LT: op = RTREE_LT; break;
+        case SQLITE_INDEX_CONSTRAINT_GE: op = RTREE_GE; break;
+        default:
+          assert( p->op==SQLITE_INDEX_CONSTRAINT_MATCH );
+          op = RTREE_MATCH; 
+          break;
+      }
+      zIdxStr[iIdx++] = op;
+      zIdxStr[iIdx++] = p->iColumn - 1 + '0';
+      pIdxInfo->aConstraintUsage[ii].argvIndex = (iIdx/2);
+      pIdxInfo->aConstraintUsage[ii].omit = 1;
+    }
+  }
+
+  pIdxInfo->idxNum = 2;
+  pIdxInfo->needToFreeIdxStr = 1;
+  if( iIdx>0 && 0==(pIdxInfo->idxStr = sqlite3_mprintf("%s", zIdxStr)) ){
+    return SQLITE_NOMEM;
+  }
+
+  nRow = pRtree->nRowEst / (iIdx + 1);
+  pIdxInfo->estimatedCost = (double)6.0 * (double)nRow;
+  setEstimatedRows(pIdxInfo, nRow);
+
+  return rc;
+}
+
+/*
+** Return the N-dimensional volumn of the cell stored in *p.
+*/
+static RtreeDValue cellArea(Rtree *pRtree, RtreeCell *p){
+  RtreeDValue area = (RtreeDValue)1;
+  int ii;
+  for(ii=0; ii<(pRtree->nDim*2); ii+=2){
+    area = (area * (DCOORD(p->aCoord[ii+1]) - DCOORD(p->aCoord[ii])));
+  }
+  return area;
+}
+
+/*
+** Return the margin length of cell p. The margin length is the sum
+** of the objects size in each dimension.
+*/
+static RtreeDValue cellMargin(Rtree *pRtree, RtreeCell *p){
+  RtreeDValue margin = (RtreeDValue)0;
+  int ii;
+  for(ii=0; ii<(pRtree->nDim*2); ii+=2){
+    margin += (DCOORD(p->aCoord[ii+1]) - DCOORD(p->aCoord[ii]));
+  }
+  return margin;
+}
+
+/*
+** Store the union of cells p1 and p2 in p1.
+*/
+static void cellUnion(Rtree *pRtree, RtreeCell *p1, RtreeCell *p2){
+  int ii;
+  if( pRtree->eCoordType==RTREE_COORD_REAL32 ){
+    for(ii=0; ii<(pRtree->nDim*2); ii+=2){
+      p1->aCoord[ii].f = MIN(p1->aCoord[ii].f, p2->aCoord[ii].f);
+      p1->aCoord[ii+1].f = MAX(p1->aCoord[ii+1].f, p2->aCoord[ii+1].f);
+    }
+  }else{
+    for(ii=0; ii<(pRtree->nDim*2); ii+=2){
+      p1->aCoord[ii].i = MIN(p1->aCoord[ii].i, p2->aCoord[ii].i);
+      p1->aCoord[ii+1].i = MAX(p1->aCoord[ii+1].i, p2->aCoord[ii+1].i);
+    }
+  }
+}
+
+/*
+** Return true if the area covered by p2 is a subset of the area covered
+** by p1. False otherwise.
+*/
+static int cellContains(Rtree *pRtree, RtreeCell *p1, RtreeCell *p2){
+  int ii;
+  int isInt = (pRtree->eCoordType==RTREE_COORD_INT32);
+  for(ii=0; ii<(pRtree->nDim*2); ii+=2){
+    RtreeCoord *a1 = &p1->aCoord[ii];
+    RtreeCoord *a2 = &p2->aCoord[ii];
+    if( (!isInt && (a2[0].f<a1[0].f || a2[1].f>a1[1].f)) 
+     || ( isInt && (a2[0].i<a1[0].i || a2[1].i>a1[1].i)) 
+    ){
+      return 0;
+    }
+  }
+  return 1;
+}
+
+/*
+** Return the amount cell p would grow by if it were unioned with pCell.
+*/
+static RtreeDValue cellGrowth(Rtree *pRtree, RtreeCell *p, RtreeCell *pCell){
+  RtreeDValue area;
+  RtreeCell cell;
+  memcpy(&cell, p, sizeof(RtreeCell));
+  area = cellArea(pRtree, &cell);
+  cellUnion(pRtree, &cell, pCell);
+  return (cellArea(pRtree, &cell)-area);
+}
+
+static RtreeDValue cellOverlap(
+  Rtree *pRtree, 
+  RtreeCell *p, 
+  RtreeCell *aCell, 
+  int nCell
+){
+  int ii;
+  RtreeDValue overlap = RTREE_ZERO;
+  for(ii=0; ii<nCell; ii++){
+    int jj;
+    RtreeDValue o = (RtreeDValue)1;
+    for(jj=0; jj<(pRtree->nDim*2); jj+=2){
+      RtreeDValue x1, x2;
+      x1 = MAX(DCOORD(p->aCoord[jj]), DCOORD(aCell[ii].aCoord[jj]));
+      x2 = MIN(DCOORD(p->aCoord[jj+1]), DCOORD(aCell[ii].aCoord[jj+1]));
+      if( x2<x1 ){
+        o = (RtreeDValue)0;
+        break;
+      }else{
+        o = o * (x2-x1);
+      }
+    }
+    overlap += o;
+  }
+  return overlap;
+}
+
+
+/*
+** This function implements the ChooseLeaf algorithm from Gutman[84].
+** ChooseSubTree in r*tree terminology.
+*/
+static int ChooseLeaf(
+  Rtree *pRtree,               /* Rtree table */
+  RtreeCell *pCell,            /* Cell to insert into rtree */
+  int iHeight,                 /* Height of sub-tree rooted at pCell */
+  RtreeNode **ppLeaf           /* OUT: Selected leaf page */
+){
+  int rc;
+  int ii;
+  RtreeNode *pNode;
+  rc = nodeAcquire(pRtree, 1, 0, &pNode);
+
+  for(ii=0; rc==SQLITE_OK && ii<(pRtree->iDepth-iHeight); ii++){
+    int iCell;
+    sqlite3_int64 iBest = 0;
+
+    RtreeDValue fMinGrowth = RTREE_ZERO;
+    RtreeDValue fMinArea = RTREE_ZERO;
+
+    int nCell = NCELL(pNode);
+    RtreeCell cell;
+    RtreeNode *pChild;
+
+    RtreeCell *aCell = 0;
+
+    /* Select the child node which will be enlarged the least if pCell
+    ** is inserted into it. Resolve ties by choosing the entry with
+    ** the smallest area.
+    */
+    for(iCell=0; iCell<nCell; iCell++){
+      int bBest = 0;
+      RtreeDValue growth;
+      RtreeDValue area;
+      nodeGetCell(pRtree, pNode, iCell, &cell);
+      growth = cellGrowth(pRtree, &cell, pCell);
+      area = cellArea(pRtree, &cell);
+      if( iCell==0||growth<fMinGrowth||(growth==fMinGrowth && area<fMinArea) ){
+        bBest = 1;
+      }
+      if( bBest ){
+        fMinGrowth = growth;
+        fMinArea = area;
+        iBest = cell.iRowid;
+      }
+    }
+
+    sqlite3_free(aCell);
+    rc = nodeAcquire(pRtree, iBest, pNode, &pChild);
+    nodeRelease(pRtree, pNode);
+    pNode = pChild;
+  }
+
+  *ppLeaf = pNode;
+  return rc;
+}
+
+/*
+** A cell with the same content as pCell has just been inserted into
+** the node pNode. This function updates the bounding box cells in
+** all ancestor elements.
+*/
+static int AdjustTree(
+  Rtree *pRtree,                    /* Rtree table */
+  RtreeNode *pNode,                 /* Adjust ancestry of this node. */
+  RtreeCell *pCell                  /* This cell was just inserted */
+){
+  RtreeNode *p = pNode;
+  while( p->pParent ){
+    RtreeNode *pParent = p->pParent;
+    RtreeCell cell;
+    int iCell;
+
+    if( nodeParentIndex(pRtree, p, &iCell) ){
+      return SQLITE_CORRUPT_VTAB;
+    }
+
+    nodeGetCell(pRtree, pParent, iCell, &cell);
+    if( !cellContains(pRtree, &cell, pCell) ){
+      cellUnion(pRtree, &cell, pCell);
+      nodeOverwriteCell(pRtree, pParent, &cell, iCell);
+    }
+ 
+    p = pParent;
+  }
+  return SQLITE_OK;
+}
+
+/*
+** Write mapping (iRowid->iNode) to the <rtree>_rowid table.
+*/
+static int rowidWrite(Rtree *pRtree, sqlite3_int64 iRowid, sqlite3_int64 iNode){
+  sqlite3_bind_int64(pRtree->pWriteRowid, 1, iRowid);
+  sqlite3_bind_int64(pRtree->pWriteRowid, 2, iNode);
+  sqlite3_step(pRtree->pWriteRowid);
+  return sqlite3_reset(pRtree->pWriteRowid);
+}
+
+/*
+** Write mapping (iNode->iPar) to the <rtree>_parent table.
+*/
+static int parentWrite(Rtree *pRtree, sqlite3_int64 iNode, sqlite3_int64 iPar){
+  sqlite3_bind_int64(pRtree->pWriteParent, 1, iNode);
+  sqlite3_bind_int64(pRtree->pWriteParent, 2, iPar);
+  sqlite3_step(pRtree->pWriteParent);
+  return sqlite3_reset(pRtree->pWriteParent);
+}
+
+static int rtreeInsertCell(Rtree *, RtreeNode *, RtreeCell *, int);
+
+
+/*
+** Arguments aIdx, aDistance and aSpare all point to arrays of size
+** nIdx. The aIdx array contains the set of integers from 0 to 
+** (nIdx-1) in no particular order. This function sorts the values
+** in aIdx according to the indexed values in aDistance. For
+** example, assuming the inputs:
+**
+**   aIdx      = { 0,   1,   2,   3 }
+**   aDistance = { 5.0, 2.0, 7.0, 6.0 }
+**
+** this function sets the aIdx array to contain:
+**
+**   aIdx      = { 0,   1,   2,   3 }
+**
+** The aSpare array is used as temporary working space by the
+** sorting algorithm.
+*/
+static void SortByDistance(
+  int *aIdx, 
+  int nIdx, 
+  RtreeDValue *aDistance, 
+  int *aSpare
+){
+  if( nIdx>1 ){
+    int iLeft = 0;
+    int iRight = 0;
+
+    int nLeft = nIdx/2;
+    int nRight = nIdx-nLeft;
+    int *aLeft = aIdx;
+    int *aRight = &aIdx[nLeft];
+
+    SortByDistance(aLeft, nLeft, aDistance, aSpare);
+    SortByDistance(aRight, nRight, aDistance, aSpare);
+
+    memcpy(aSpare, aLeft, sizeof(int)*nLeft);
+    aLeft = aSpare;
+
+    while( iLeft<nLeft || iRight<nRight ){
+      if( iLeft==nLeft ){
+        aIdx[iLeft+iRight] = aRight[iRight];
+        iRight++;
+      }else if( iRight==nRight ){
+        aIdx[iLeft+iRight] = aLeft[iLeft];
+        iLeft++;
+      }else{
+        RtreeDValue fLeft = aDistance[aLeft[iLeft]];
+        RtreeDValue fRight = aDistance[aRight[iRight]];
+        if( fLeft<fRight ){
+          aIdx[iLeft+iRight] = aLeft[iLeft];
+          iLeft++;
+        }else{
+          aIdx[iLeft+iRight] = aRight[iRight];
+          iRight++;
+        }
+      }
+    }
+
+#if 0
+    /* Check that the sort worked */
+    {
+      int jj;
+      for(jj=1; jj<nIdx; jj++){
+        RtreeDValue left = aDistance[aIdx[jj-1]];
+        RtreeDValue right = aDistance[aIdx[jj]];
+        assert( left<=right );
+      }
+    }
+#endif
+  }
+}
+
+/*
+** Arguments aIdx, aCell and aSpare all point to arrays of size
+** nIdx. The aIdx array contains the set of integers from 0 to 
+** (nIdx-1) in no particular order. This function sorts the values
+** in aIdx according to dimension iDim of the cells in aCell. The
+** minimum value of dimension iDim is considered first, the
+** maximum used to break ties.
+**
+** The aSpare array is used as temporary working space by the
+** sorting algorithm.
+*/
+static void SortByDimension(
+  Rtree *pRtree,
+  int *aIdx, 
+  int nIdx, 
+  int iDim, 
+  RtreeCell *aCell, 
+  int *aSpare
+){
+  if( nIdx>1 ){
+
+    int iLeft = 0;
+    int iRight = 0;
+
+    int nLeft = nIdx/2;
+    int nRight = nIdx-nLeft;
+    int *aLeft = aIdx;
+    int *aRight = &aIdx[nLeft];
+
+    SortByDimension(pRtree, aLeft, nLeft, iDim, aCell, aSpare);
+    SortByDimension(pRtree, aRight, nRight, iDim, aCell, aSpare);
+
+    memcpy(aSpare, aLeft, sizeof(int)*nLeft);
+    aLeft = aSpare;
+    while( iLeft<nLeft || iRight<nRight ){
+      RtreeDValue xleft1 = DCOORD(aCell[aLeft[iLeft]].aCoord[iDim*2]);
+      RtreeDValue xleft2 = DCOORD(aCell[aLeft[iLeft]].aCoord[iDim*2+1]);
+      RtreeDValue xright1 = DCOORD(aCell[aRight[iRight]].aCoord[iDim*2]);
+      RtreeDValue xright2 = DCOORD(aCell[aRight[iRight]].aCoord[iDim*2+1]);
+      if( (iLeft!=nLeft) && ((iRight==nRight)
+       || (xleft1<xright1)
+       || (xleft1==xright1 && xleft2<xright2)
+      )){
+        aIdx[iLeft+iRight] = aLeft[iLeft];
+        iLeft++;
+      }else{
+        aIdx[iLeft+iRight] = aRight[iRight];
+        iRight++;
+      }
+    }
+
+#if 0
+    /* Check that the sort worked */
+    {
+      int jj;
+      for(jj=1; jj<nIdx; jj++){
+        RtreeDValue xleft1 = aCell[aIdx[jj-1]].aCoord[iDim*2];
+        RtreeDValue xleft2 = aCell[aIdx[jj-1]].aCoord[iDim*2+1];
+        RtreeDValue xright1 = aCell[aIdx[jj]].aCoord[iDim*2];
+        RtreeDValue xright2 = aCell[aIdx[jj]].aCoord[iDim*2+1];
+        assert( xleft1<=xright1 && (xleft1<xright1 || xleft2<=xright2) );
+      }
+    }
+#endif
+  }
+}
+
+/*
+** Implementation of the R*-tree variant of SplitNode from Beckman[1990].
+*/
+static int splitNodeStartree(
+  Rtree *pRtree,
+  RtreeCell *aCell,
+  int nCell,
+  RtreeNode *pLeft,
+  RtreeNode *pRight,
+  RtreeCell *pBboxLeft,
+  RtreeCell *pBboxRight
+){
+  int **aaSorted;
+  int *aSpare;
+  int ii;
+
+  int iBestDim = 0;
+  int iBestSplit = 0;
+  RtreeDValue fBestMargin = RTREE_ZERO;
+
+  int nByte = (pRtree->nDim+1)*(sizeof(int*)+nCell*sizeof(int));
+
+  aaSorted = (int **)sqlite3_malloc(nByte);
+  if( !aaSorted ){
+    return SQLITE_NOMEM;
+  }
+
+  aSpare = &((int *)&aaSorted[pRtree->nDim])[pRtree->nDim*nCell];
+  memset(aaSorted, 0, nByte);
+  for(ii=0; ii<pRtree->nDim; ii++){
+    int jj;
+    aaSorted[ii] = &((int *)&aaSorted[pRtree->nDim])[ii*nCell];
+    for(jj=0; jj<nCell; jj++){
+      aaSorted[ii][jj] = jj;
+    }
+    SortByDimension(pRtree, aaSorted[ii], nCell, ii, aCell, aSpare);
+  }
+
+  for(ii=0; ii<pRtree->nDim; ii++){
+    RtreeDValue margin = RTREE_ZERO;
+    RtreeDValue fBestOverlap = RTREE_ZERO;
+    RtreeDValue fBestArea = RTREE_ZERO;
+    int iBestLeft = 0;
+    int nLeft;
+
+    for(
+      nLeft=RTREE_MINCELLS(pRtree); 
+      nLeft<=(nCell-RTREE_MINCELLS(pRtree)); 
+      nLeft++
+    ){
+      RtreeCell left;
+      RtreeCell right;
+      int kk;
+      RtreeDValue overlap;
+      RtreeDValue area;
+
+      memcpy(&left, &aCell[aaSorted[ii][0]], sizeof(RtreeCell));
+      memcpy(&right, &aCell[aaSorted[ii][nCell-1]], sizeof(RtreeCell));
+      for(kk=1; kk<(nCell-1); kk++){
+        if( kk<nLeft ){
+          cellUnion(pRtree, &left, &aCell[aaSorted[ii][kk]]);
+        }else{
+          cellUnion(pRtree, &right, &aCell[aaSorted[ii][kk]]);
+        }
+      }
+      margin += cellMargin(pRtree, &left);
+      margin += cellMargin(pRtree, &right);
+      overlap = cellOverlap(pRtree, &left, &right, 1);
+      area = cellArea(pRtree, &left) + cellArea(pRtree, &right);
+      if( (nLeft==RTREE_MINCELLS(pRtree))
+       || (overlap<fBestOverlap)
+       || (overlap==fBestOverlap && area<fBestArea)
+      ){
+        iBestLeft = nLeft;
+        fBestOverlap = overlap;
+        fBestArea = area;
+      }
+    }
+
+    if( ii==0 || margin<fBestMargin ){
+      iBestDim = ii;
+      fBestMargin = margin;
+      iBestSplit = iBestLeft;
+    }
+  }
+
+  memcpy(pBboxLeft, &aCell[aaSorted[iBestDim][0]], sizeof(RtreeCell));
+  memcpy(pBboxRight, &aCell[aaSorted[iBestDim][iBestSplit]], sizeof(RtreeCell));
+  for(ii=0; ii<nCell; ii++){
+    RtreeNode *pTarget = (ii<iBestSplit)?pLeft:pRight;
+    RtreeCell *pBbox = (ii<iBestSplit)?pBboxLeft:pBboxRight;
+    RtreeCell *pCell = &aCell[aaSorted[iBestDim][ii]];
+    nodeInsertCell(pRtree, pTarget, pCell);
+    cellUnion(pRtree, pBbox, pCell);
+  }
+
+  sqlite3_free(aaSorted);
+  return SQLITE_OK;
+}
+
+
+static int updateMapping(
+  Rtree *pRtree, 
+  i64 iRowid, 
+  RtreeNode *pNode, 
+  int iHeight
+){
+  int (*xSetMapping)(Rtree *, sqlite3_int64, sqlite3_int64);
+  xSetMapping = ((iHeight==0)?rowidWrite:parentWrite);
+  if( iHeight>0 ){
+    RtreeNode *pChild = nodeHashLookup(pRtree, iRowid);
+    if( pChild ){
+      nodeRelease(pRtree, pChild->pParent);
+      nodeReference(pNode);
+      pChild->pParent = pNode;
+    }
+  }
+  return xSetMapping(pRtree, iRowid, pNode->iNode);
+}
+
+static int SplitNode(
+  Rtree *pRtree,
+  RtreeNode *pNode,
+  RtreeCell *pCell,
+  int iHeight
+){
+  int i;
+  int newCellIsRight = 0;
+
+  int rc = SQLITE_OK;
+  int nCell = NCELL(pNode);
+  RtreeCell *aCell;
+  int *aiUsed;
+
+  RtreeNode *pLeft = 0;
+  RtreeNode *pRight = 0;
+
+  RtreeCell leftbbox;
+  RtreeCell rightbbox;
+
+  /* Allocate an array and populate it with a copy of pCell and 
+  ** all cells from node pLeft. Then zero the original node.
+  */
+  aCell = sqlite3_malloc((sizeof(RtreeCell)+sizeof(int))*(nCell+1));
+  if( !aCell ){
+    rc = SQLITE_NOMEM;
+    goto splitnode_out;
+  }
+  aiUsed = (int *)&aCell[nCell+1];
+  memset(aiUsed, 0, sizeof(int)*(nCell+1));
+  for(i=0; i<nCell; i++){
+    nodeGetCell(pRtree, pNode, i, &aCell[i]);
+  }
+  nodeZero(pRtree, pNode);
+  memcpy(&aCell[nCell], pCell, sizeof(RtreeCell));
+  nCell++;
+
+  if( pNode->iNode==1 ){
+    pRight = nodeNew(pRtree, pNode);
+    pLeft = nodeNew(pRtree, pNode);
+    pRtree->iDepth++;
+    pNode->isDirty = 1;
+    writeInt16(pNode->zData, pRtree->iDepth);
+  }else{
+    pLeft = pNode;
+    pRight = nodeNew(pRtree, pLeft->pParent);
+    nodeReference(pLeft);
+  }
+
+  if( !pLeft || !pRight ){
+    rc = SQLITE_NOMEM;
+    goto splitnode_out;
+  }
+
+  memset(pLeft->zData, 0, pRtree->iNodeSize);
+  memset(pRight->zData, 0, pRtree->iNodeSize);
+
+  rc = splitNodeStartree(pRtree, aCell, nCell, pLeft, pRight,
+                         &leftbbox, &rightbbox);
+  if( rc!=SQLITE_OK ){
+    goto splitnode_out;
+  }
+
+  /* Ensure both child nodes have node numbers assigned to them by calling
+  ** nodeWrite(). Node pRight always needs a node number, as it was created
+  ** by nodeNew() above. But node pLeft sometimes already has a node number.
+  ** In this case avoid the all to nodeWrite().
+  */
+  if( SQLITE_OK!=(rc = nodeWrite(pRtree, pRight))
+   || (0==pLeft->iNode && SQLITE_OK!=(rc = nodeWrite(pRtree, pLeft)))
+  ){
+    goto splitnode_out;
+  }
+
+  rightbbox.iRowid = pRight->iNode;
+  leftbbox.iRowid = pLeft->iNode;
+
+  if( pNode->iNode==1 ){
+    rc = rtreeInsertCell(pRtree, pLeft->pParent, &leftbbox, iHeight+1);
+    if( rc!=SQLITE_OK ){
+      goto splitnode_out;
+    }
+  }else{
+    RtreeNode *pParent = pLeft->pParent;
+    int iCell;
+    rc = nodeParentIndex(pRtree, pLeft, &iCell);
+    if( rc==SQLITE_OK ){
+      nodeOverwriteCell(pRtree, pParent, &leftbbox, iCell);
+      rc = AdjustTree(pRtree, pParent, &leftbbox);
+    }
+    if( rc!=SQLITE_OK ){
+      goto splitnode_out;
+    }
+  }
+  if( (rc = rtreeInsertCell(pRtree, pRight->pParent, &rightbbox, iHeight+1)) ){
+    goto splitnode_out;
+  }
+
+  for(i=0; i<NCELL(pRight); i++){
+    i64 iRowid = nodeGetRowid(pRtree, pRight, i);
+    rc = updateMapping(pRtree, iRowid, pRight, iHeight);
+    if( iRowid==pCell->iRowid ){
+      newCellIsRight = 1;
+    }
+    if( rc!=SQLITE_OK ){
+      goto splitnode_out;
+    }
+  }
+  if( pNode->iNode==1 ){
+    for(i=0; i<NCELL(pLeft); i++){
+      i64 iRowid = nodeGetRowid(pRtree, pLeft, i);
+      rc = updateMapping(pRtree, iRowid, pLeft, iHeight);
+      if( rc!=SQLITE_OK ){
+        goto splitnode_out;
+      }
+    }
+  }else if( newCellIsRight==0 ){
+    rc = updateMapping(pRtree, pCell->iRowid, pLeft, iHeight);
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = nodeRelease(pRtree, pRight);
+    pRight = 0;
+  }
+  if( rc==SQLITE_OK ){
+    rc = nodeRelease(pRtree, pLeft);
+    pLeft = 0;
+  }
+
+splitnode_out:
+  nodeRelease(pRtree, pRight);
+  nodeRelease(pRtree, pLeft);
+  sqlite3_free(aCell);
+  return rc;
+}
+
+/*
+** If node pLeaf is not the root of the r-tree and its pParent pointer is 
+** still NULL, load all ancestor nodes of pLeaf into memory and populate
+** the pLeaf->pParent chain all the way up to the root node.
+**
+** This operation is required when a row is deleted (or updated - an update
+** is implemented as a delete followed by an insert). SQLite provides the
+** rowid of the row to delete, which can be used to find the leaf on which
+** the entry resides (argument pLeaf). Once the leaf is located, this 
+** function is called to determine its ancestry.
+*/
+static int fixLeafParent(Rtree *pRtree, RtreeNode *pLeaf){
+  int rc = SQLITE_OK;
+  RtreeNode *pChild = pLeaf;
+  while( rc==SQLITE_OK && pChild->iNode!=1 && pChild->pParent==0 ){
+    int rc2 = SQLITE_OK;          /* sqlite3_reset() return code */
+    sqlite3_bind_int64(pRtree->pReadParent, 1, pChild->iNode);
+    rc = sqlite3_step(pRtree->pReadParent);
+    if( rc==SQLITE_ROW ){
+      RtreeNode *pTest;           /* Used to test for reference loops */
+      i64 iNode;                  /* Node number of parent node */
+
+      /* Before setting pChild->pParent, test that we are not creating a
+      ** loop of references (as we would if, say, pChild==pParent). We don't
+      ** want to do this as it leads to a memory leak when trying to delete
+      ** the referenced counted node structures.
+      */
+      iNode = sqlite3_column_int64(pRtree->pReadParent, 0);
+      for(pTest=pLeaf; pTest && pTest->iNode!=iNode; pTest=pTest->pParent);
+      if( !pTest ){
+        rc2 = nodeAcquire(pRtree, iNode, 0, &pChild->pParent);
+      }
+    }
+    rc = sqlite3_reset(pRtree->pReadParent);
+    if( rc==SQLITE_OK ) rc = rc2;
+    if( rc==SQLITE_OK && !pChild->pParent ) rc = SQLITE_CORRUPT_VTAB;
+    pChild = pChild->pParent;
+  }
+  return rc;
+}
+
+static int deleteCell(Rtree *, RtreeNode *, int, int);
+
+static int removeNode(Rtree *pRtree, RtreeNode *pNode, int iHeight){
+  int rc;
+  int rc2;
+  RtreeNode *pParent = 0;
+  int iCell;
+
+  assert( pNode->nRef==1 );
+
+  /* Remove the entry in the parent cell. */
+  rc = nodeParentIndex(pRtree, pNode, &iCell);
+  if( rc==SQLITE_OK ){
+    pParent = pNode->pParent;
+    pNode->pParent = 0;
+    rc = deleteCell(pRtree, pParent, iCell, iHeight+1);
+  }
+  rc2 = nodeRelease(pRtree, pParent);
+  if( rc==SQLITE_OK ){
+    rc = rc2;
+  }
+  if( rc!=SQLITE_OK ){
+    return rc;
+  }
+
+  /* Remove the xxx_node entry. */
+  sqlite3_bind_int64(pRtree->pDeleteNode, 1, pNode->iNode);
+  sqlite3_step(pRtree->pDeleteNode);
+  if( SQLITE_OK!=(rc = sqlite3_reset(pRtree->pDeleteNode)) ){
+    return rc;
+  }
+
+  /* Remove the xxx_parent entry. */
+  sqlite3_bind_int64(pRtree->pDeleteParent, 1, pNode->iNode);
+  sqlite3_step(pRtree->pDeleteParent);
+  if( SQLITE_OK!=(rc = sqlite3_reset(pRtree->pDeleteParent)) ){
+    return rc;
+  }
+  
+  /* Remove the node from the in-memory hash table and link it into
+  ** the Rtree.pDeleted list. Its contents will be re-inserted later on.
+  */
+  nodeHashDelete(pRtree, pNode);
+  pNode->iNode = iHeight;
+  pNode->pNext = pRtree->pDeleted;
+  pNode->nRef++;
+  pRtree->pDeleted = pNode;
+
+  return SQLITE_OK;
+}
+
+static int fixBoundingBox(Rtree *pRtree, RtreeNode *pNode){
+  RtreeNode *pParent = pNode->pParent;
+  int rc = SQLITE_OK; 
+  if( pParent ){
+    int ii; 
+    int nCell = NCELL(pNode);
+    RtreeCell box;                            /* Bounding box for pNode */
+    nodeGetCell(pRtree, pNode, 0, &box);
+    for(ii=1; ii<nCell; ii++){
+      RtreeCell cell;
+      nodeGetCell(pRtree, pNode, ii, &cell);
+      cellUnion(pRtree, &box, &cell);
+    }
+    box.iRowid = pNode->iNode;
+    rc = nodeParentIndex(pRtree, pNode, &ii);
+    if( rc==SQLITE_OK ){
+      nodeOverwriteCell(pRtree, pParent, &box, ii);
+      rc = fixBoundingBox(pRtree, pParent);
+    }
+  }
+  return rc;
+}
+
+/*
+** Delete the cell at index iCell of node pNode. After removing the
+** cell, adjust the r-tree data structure if required.
+*/
+static int deleteCell(Rtree *pRtree, RtreeNode *pNode, int iCell, int iHeight){
+  RtreeNode *pParent;
+  int rc;
+
+  if( SQLITE_OK!=(rc = fixLeafParent(pRtree, pNode)) ){
+    return rc;
+  }
+
+  /* Remove the cell from the node. This call just moves bytes around
+  ** the in-memory node image, so it cannot fail.
+  */
+  nodeDeleteCell(pRtree, pNode, iCell);
+
+  /* If the node is not the tree root and now has less than the minimum
+  ** number of cells, remove it from the tree. Otherwise, update the
+  ** cell in the parent node so that it tightly contains the updated
+  ** node.
+  */
+  pParent = pNode->pParent;
+  assert( pParent || pNode->iNode==1 );
+  if( pParent ){
+    if( NCELL(pNode)<RTREE_MINCELLS(pRtree) ){
+      rc = removeNode(pRtree, pNode, iHeight);
+    }else{
+      rc = fixBoundingBox(pRtree, pNode);
+    }
+  }
+
+  return rc;
+}
+
+static int Reinsert(
+  Rtree *pRtree, 
+  RtreeNode *pNode, 
+  RtreeCell *pCell, 
+  int iHeight
+){
+  int *aOrder;
+  int *aSpare;
+  RtreeCell *aCell;
+  RtreeDValue *aDistance;
+  int nCell;
+  RtreeDValue aCenterCoord[RTREE_MAX_DIMENSIONS];
+  int iDim;
+  int ii;
+  int rc = SQLITE_OK;
+  int n;
+
+  memset(aCenterCoord, 0, sizeof(RtreeDValue)*RTREE_MAX_DIMENSIONS);
+
+  nCell = NCELL(pNode)+1;
+  n = (nCell+1)&(~1);
+
+  /* Allocate the buffers used by this operation. The allocation is
+  ** relinquished before this function returns.
+  */
+  aCell = (RtreeCell *)sqlite3_malloc(n * (
+    sizeof(RtreeCell)     +         /* aCell array */
+    sizeof(int)           +         /* aOrder array */
+    sizeof(int)           +         /* aSpare array */
+    sizeof(RtreeDValue)             /* aDistance array */
+  ));
+  if( !aCell ){
+    return SQLITE_NOMEM;
+  }
+  aOrder    = (int *)&aCell[n];
+  aSpare    = (int *)&aOrder[n];
+  aDistance = (RtreeDValue *)&aSpare[n];
+
+  for(ii=0; ii<nCell; ii++){
+    if( ii==(nCell-1) ){
+      memcpy(&aCell[ii], pCell, sizeof(RtreeCell));
+    }else{
+      nodeGetCell(pRtree, pNode, ii, &aCell[ii]);
+    }
+    aOrder[ii] = ii;
+    for(iDim=0; iDim<pRtree->nDim; iDim++){
+      aCenterCoord[iDim] += DCOORD(aCell[ii].aCoord[iDim*2]);
+      aCenterCoord[iDim] += DCOORD(aCell[ii].aCoord[iDim*2+1]);
+    }
+  }
+  for(iDim=0; iDim<pRtree->nDim; iDim++){
+    aCenterCoord[iDim] = (aCenterCoord[iDim]/(nCell*(RtreeDValue)2));
+  }
+
+  for(ii=0; ii<nCell; ii++){
+    aDistance[ii] = RTREE_ZERO;
+    for(iDim=0; iDim<pRtree->nDim; iDim++){
+      RtreeDValue coord = (DCOORD(aCell[ii].aCoord[iDim*2+1]) - 
+                               DCOORD(aCell[ii].aCoord[iDim*2]));
+      aDistance[ii] += (coord-aCenterCoord[iDim])*(coord-aCenterCoord[iDim]);
+    }
+  }
+
+  SortByDistance(aOrder, nCell, aDistance, aSpare);
+  nodeZero(pRtree, pNode);
+
+  for(ii=0; rc==SQLITE_OK && ii<(nCell-(RTREE_MINCELLS(pRtree)+1)); ii++){
+    RtreeCell *p = &aCell[aOrder[ii]];
+    nodeInsertCell(pRtree, pNode, p);
+    if( p->iRowid==pCell->iRowid ){
+      if( iHeight==0 ){
+        rc = rowidWrite(pRtree, p->iRowid, pNode->iNode);
+      }else{
+        rc = parentWrite(pRtree, p->iRowid, pNode->iNode);
+      }
+    }
+  }
+  if( rc==SQLITE_OK ){
+    rc = fixBoundingBox(pRtree, pNode);
+  }
+  for(; rc==SQLITE_OK && ii<nCell; ii++){
+    /* Find a node to store this cell in. pNode->iNode currently contains
+    ** the height of the sub-tree headed by the cell.
+    */
+    RtreeNode *pInsert;
+    RtreeCell *p = &aCell[aOrder[ii]];
+    rc = ChooseLeaf(pRtree, p, iHeight, &pInsert);
+    if( rc==SQLITE_OK ){
+      int rc2;
+      rc = rtreeInsertCell(pRtree, pInsert, p, iHeight);
+      rc2 = nodeRelease(pRtree, pInsert);
+      if( rc==SQLITE_OK ){
+        rc = rc2;
+      }
+    }
+  }
+
+  sqlite3_free(aCell);
+  return rc;
+}
+
+/*
+** Insert cell pCell into node pNode. Node pNode is the head of a 
+** subtree iHeight high (leaf nodes have iHeight==0).
+*/
+static int rtreeInsertCell(
+  Rtree *pRtree,
+  RtreeNode *pNode,
+  RtreeCell *pCell,
+  int iHeight
+){
+  int rc = SQLITE_OK;
+  if( iHeight>0 ){
+    RtreeNode *pChild = nodeHashLookup(pRtree, pCell->iRowid);
+    if( pChild ){
+      nodeRelease(pRtree, pChild->pParent);
+      nodeReference(pNode);
+      pChild->pParent = pNode;
+    }
+  }
+  if( nodeInsertCell(pRtree, pNode, pCell) ){
+    if( iHeight<=pRtree->iReinsertHeight || pNode->iNode==1){
+      rc = SplitNode(pRtree, pNode, pCell, iHeight);
+    }else{
+      pRtree->iReinsertHeight = iHeight;
+      rc = Reinsert(pRtree, pNode, pCell, iHeight);
+    }
+  }else{
+    rc = AdjustTree(pRtree, pNode, pCell);
+    if( rc==SQLITE_OK ){
+      if( iHeight==0 ){
+        rc = rowidWrite(pRtree, pCell->iRowid, pNode->iNode);
+      }else{
+        rc = parentWrite(pRtree, pCell->iRowid, pNode->iNode);
+      }
+    }
+  }
+  return rc;
+}
+
+static int reinsertNodeContent(Rtree *pRtree, RtreeNode *pNode){
+  int ii;
+  int rc = SQLITE_OK;
+  int nCell = NCELL(pNode);
+
+  for(ii=0; rc==SQLITE_OK && ii<nCell; ii++){
+    RtreeNode *pInsert;
+    RtreeCell cell;
+    nodeGetCell(pRtree, pNode, ii, &cell);
+
+    /* Find a node to store this cell in. pNode->iNode currently contains
+    ** the height of the sub-tree headed by the cell.
+    */
+    rc = ChooseLeaf(pRtree, &cell, (int)pNode->iNode, &pInsert);
+    if( rc==SQLITE_OK ){
+      int rc2;
+      rc = rtreeInsertCell(pRtree, pInsert, &cell, (int)pNode->iNode);
+      rc2 = nodeRelease(pRtree, pInsert);
+      if( rc==SQLITE_OK ){
+        rc = rc2;
+      }
+    }
+  }
+  return rc;
+}
+
+/*
+** Select a currently unused rowid for a new r-tree record.
+*/
+static int newRowid(Rtree *pRtree, i64 *piRowid){
+  int rc;
+  sqlite3_bind_null(pRtree->pWriteRowid, 1);
+  sqlite3_bind_null(pRtree->pWriteRowid, 2);
+  sqlite3_step(pRtree->pWriteRowid);
+  rc = sqlite3_reset(pRtree->pWriteRowid);
+  *piRowid = sqlite3_last_insert_rowid(pRtree->db);
+  return rc;
+}
+
+/*
+** Remove the entry with rowid=iDelete from the r-tree structure.
+*/
+static int rtreeDeleteRowid(Rtree *pRtree, sqlite3_int64 iDelete){
+  int rc;                         /* Return code */
+  RtreeNode *pLeaf = 0;           /* Leaf node containing record iDelete */
+  int iCell;                      /* Index of iDelete cell in pLeaf */
+  RtreeNode *pRoot;               /* Root node of rtree structure */
+
+
+  /* Obtain a reference to the root node to initialize Rtree.iDepth */
+  rc = nodeAcquire(pRtree, 1, 0, &pRoot);
+
+  /* Obtain a reference to the leaf node that contains the entry 
+  ** about to be deleted. 
+  */
+  if( rc==SQLITE_OK ){
+    rc = findLeafNode(pRtree, iDelete, &pLeaf, 0);
+  }
+
+  /* Delete the cell in question from the leaf node. */
+  if( rc==SQLITE_OK ){
+    int rc2;
+    rc = nodeRowidIndex(pRtree, pLeaf, iDelete, &iCell);
+    if( rc==SQLITE_OK ){
+      rc = deleteCell(pRtree, pLeaf, iCell, 0);
+    }
+    rc2 = nodeRelease(pRtree, pLeaf);
+    if( rc==SQLITE_OK ){
+      rc = rc2;
+    }
+  }
+
+  /* Delete the corresponding entry in the <rtree>_rowid table. */
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_int64(pRtree->pDeleteRowid, 1, iDelete);
+    sqlite3_step(pRtree->pDeleteRowid);
+    rc = sqlite3_reset(pRtree->pDeleteRowid);
+  }
+
+  /* Check if the root node now has exactly one child. If so, remove
+  ** it, schedule the contents of the child for reinsertion and 
+  ** reduce the tree height by one.
+  **
+  ** This is equivalent to copying the contents of the child into
+  ** the root node (the operation that Gutman's paper says to perform 
+  ** in this scenario).
+  */
+  if( rc==SQLITE_OK && pRtree->iDepth>0 && NCELL(pRoot)==1 ){
+    int rc2;
+    RtreeNode *pChild;
+    i64 iChild = nodeGetRowid(pRtree, pRoot, 0);
+    rc = nodeAcquire(pRtree, iChild, pRoot, &pChild);
+    if( rc==SQLITE_OK ){
+      rc = removeNode(pRtree, pChild, pRtree->iDepth-1);
+    }
+    rc2 = nodeRelease(pRtree, pChild);
+    if( rc==SQLITE_OK ) rc = rc2;
+    if( rc==SQLITE_OK ){
+      pRtree->iDepth--;
+      writeInt16(pRoot->zData, pRtree->iDepth);
+      pRoot->isDirty = 1;
+    }
+  }
+
+  /* Re-insert the contents of any underfull nodes removed from the tree. */
+  for(pLeaf=pRtree->pDeleted; pLeaf; pLeaf=pRtree->pDeleted){
+    if( rc==SQLITE_OK ){
+      rc = reinsertNodeContent(pRtree, pLeaf);
+    }
+    pRtree->pDeleted = pLeaf->pNext;
+    sqlite3_free(pLeaf);
+  }
+
+  /* Release the reference to the root node. */
+  if( rc==SQLITE_OK ){
+    rc = nodeRelease(pRtree, pRoot);
+  }else{
+    nodeRelease(pRtree, pRoot);
+  }
+
+  return rc;
+}
+
+/*
+** Rounding constants for float->double conversion.
+*/
+#define RNDTOWARDS  (1.0 - 1.0/8388608.0)  /* Round towards zero */
+#define RNDAWAY     (1.0 + 1.0/8388608.0)  /* Round away from zero */
+
+#if !defined(SQLITE_RTREE_INT_ONLY)
+/*
+** Convert an sqlite3_value into an RtreeValue (presumably a float)
+** while taking care to round toward negative or positive, respectively.
+*/
+static RtreeValue rtreeValueDown(sqlite3_value *v){
+  double d = sqlite3_value_double(v);
+  float f = (float)d;
+  if( f>d ){
+    f = (float)(d*(d<0 ? RNDAWAY : RNDTOWARDS));
+  }
+  return f;
+}
+static RtreeValue rtreeValueUp(sqlite3_value *v){
+  double d = sqlite3_value_double(v);
+  float f = (float)d;
+  if( f<d ){
+    f = (float)(d*(d<0 ? RNDTOWARDS : RNDAWAY));
+  }
+  return f;
+}
+#endif /* !defined(SQLITE_RTREE_INT_ONLY) */
+
+
+/*
+** The xUpdate method for rtree module virtual tables.
+*/
+static int rtreeUpdate(
+  sqlite3_vtab *pVtab, 
+  int nData, 
+  sqlite3_value **azData, 
+  sqlite_int64 *pRowid
+){
+  Rtree *pRtree = (Rtree *)pVtab;
+  int rc = SQLITE_OK;
+  RtreeCell cell;                 /* New cell to insert if nData>1 */
+  int bHaveRowid = 0;             /* Set to 1 after new rowid is determined */
+
+  rtreeReference(pRtree);
+  assert(nData>=1);
+
+  cell.iRowid = 0;  /* Used only to suppress a compiler warning */
+
+  /* Constraint handling. A write operation on an r-tree table may return
+  ** SQLITE_CONSTRAINT for two reasons:
+  **
+  **   1. A duplicate rowid value, or
+  **   2. The supplied data violates the "x2>=x1" constraint.
+  **
+  ** In the first case, if the conflict-handling mode is REPLACE, then
+  ** the conflicting row can be removed before proceeding. In the second
+  ** case, SQLITE_CONSTRAINT must be returned regardless of the
+  ** conflict-handling mode specified by the user.
+  */
+  if( nData>1 ){
+    int ii;
+
+    /* Populate the cell.aCoord[] array. The first coordinate is azData[3].
+    **
+    ** NB: nData can only be less than nDim*2+3 if the rtree is mis-declared
+    ** with "column" that are interpreted as table constraints.
+    ** Example:  CREATE VIRTUAL TABLE bad USING rtree(x,y,CHECK(y>5));
+    ** This problem was discovered after years of use, so we silently ignore
+    ** these kinds of misdeclared tables to avoid breaking any legacy.
+    */
+    assert( nData<=(pRtree->nDim*2 + 3) );
+
+#ifndef SQLITE_RTREE_INT_ONLY
+    if( pRtree->eCoordType==RTREE_COORD_REAL32 ){
+      for(ii=0; ii<nData-4; ii+=2){
+        cell.aCoord[ii].f = rtreeValueDown(azData[ii+3]);
+        cell.aCoord[ii+1].f = rtreeValueUp(azData[ii+4]);
+        if( cell.aCoord[ii].f>cell.aCoord[ii+1].f ){
+          rc = SQLITE_CONSTRAINT;
+          goto constraint;
+        }
+      }
+    }else
+#endif
+    {
+      for(ii=0; ii<nData-4; ii+=2){
+        cell.aCoord[ii].i = sqlite3_value_int(azData[ii+3]);
+        cell.aCoord[ii+1].i = sqlite3_value_int(azData[ii+4]);
+        if( cell.aCoord[ii].i>cell.aCoord[ii+1].i ){
+          rc = SQLITE_CONSTRAINT;
+          goto constraint;
+        }
+      }
+    }
+
+    /* If a rowid value was supplied, check if it is already present in 
+    ** the table. If so, the constraint has failed. */
+    if( sqlite3_value_type(azData[2])!=SQLITE_NULL ){
+      cell.iRowid = sqlite3_value_int64(azData[2]);
+      if( sqlite3_value_type(azData[0])==SQLITE_NULL
+       || sqlite3_value_int64(azData[0])!=cell.iRowid
+      ){
+        int steprc;
+        sqlite3_bind_int64(pRtree->pReadRowid, 1, cell.iRowid);
+        steprc = sqlite3_step(pRtree->pReadRowid);
+        rc = sqlite3_reset(pRtree->pReadRowid);
+        if( SQLITE_ROW==steprc ){
+          if( sqlite3_vtab_on_conflict(pRtree->db)==SQLITE_REPLACE ){
+            rc = rtreeDeleteRowid(pRtree, cell.iRowid);
+          }else{
+            rc = SQLITE_CONSTRAINT;
+            goto constraint;
+          }
+        }
+      }
+      bHaveRowid = 1;
+    }
+  }
+
+  /* If azData[0] is not an SQL NULL value, it is the rowid of a
+  ** record to delete from the r-tree table. The following block does
+  ** just that.
+  */
+  if( sqlite3_value_type(azData[0])!=SQLITE_NULL ){
+    rc = rtreeDeleteRowid(pRtree, sqlite3_value_int64(azData[0]));
+  }
+
+  /* If the azData[] array contains more than one element, elements
+  ** (azData[2]..azData[argc-1]) contain a new record to insert into
+  ** the r-tree structure.
+  */
+  if( rc==SQLITE_OK && nData>1 ){
+    /* Insert the new record into the r-tree */
+    RtreeNode *pLeaf = 0;
+
+    /* Figure out the rowid of the new row. */
+    if( bHaveRowid==0 ){
+      rc = newRowid(pRtree, &cell.iRowid);
+    }
+    *pRowid = cell.iRowid;
+
+    if( rc==SQLITE_OK ){
+      rc = ChooseLeaf(pRtree, &cell, 0, &pLeaf);
+    }
+    if( rc==SQLITE_OK ){
+      int rc2;
+      pRtree->iReinsertHeight = -1;
+      rc = rtreeInsertCell(pRtree, pLeaf, &cell, 0);
+      rc2 = nodeRelease(pRtree, pLeaf);
+      if( rc==SQLITE_OK ){
+        rc = rc2;
+      }
+    }
+  }
+
+constraint:
+  rtreeRelease(pRtree);
+  return rc;
+}
+
+/*
+** The xRename method for rtree module virtual tables.
+*/
+static int rtreeRename(sqlite3_vtab *pVtab, const char *zNewName){
+  Rtree *pRtree = (Rtree *)pVtab;
+  int rc = SQLITE_NOMEM;
+  char *zSql = sqlite3_mprintf(
+    "ALTER TABLE %Q.'%q_node'   RENAME TO \"%w_node\";"
+    "ALTER TABLE %Q.'%q_parent' RENAME TO \"%w_parent\";"
+    "ALTER TABLE %Q.'%q_rowid'  RENAME TO \"%w_rowid\";"
+    , pRtree->zDb, pRtree->zName, zNewName 
+    , pRtree->zDb, pRtree->zName, zNewName 
+    , pRtree->zDb, pRtree->zName, zNewName
+  );
+  if( zSql ){
+    rc = sqlite3_exec(pRtree->db, zSql, 0, 0, 0);
+    sqlite3_free(zSql);
+  }
+  return rc;
+}
+
+/*
+** This function populates the pRtree->nRowEst variable with an estimate
+** of the number of rows in the virtual table. If possible, this is based
+** on sqlite_stat1 data. Otherwise, use RTREE_DEFAULT_ROWEST.
+*/
+static int rtreeQueryStat1(sqlite3 *db, Rtree *pRtree){
+  const char *zFmt = "SELECT stat FROM %Q.sqlite_stat1 WHERE tbl = '%q_rowid'";
+  char *zSql;
+  sqlite3_stmt *p;
+  int rc;
+  i64 nRow = 0;
+
+  zSql = sqlite3_mprintf(zFmt, pRtree->zDb, pRtree->zName);
+  if( zSql==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    rc = sqlite3_prepare_v2(db, zSql, -1, &p, 0);
+    if( rc==SQLITE_OK ){
+      if( sqlite3_step(p)==SQLITE_ROW ) nRow = sqlite3_column_int64(p, 0);
+      rc = sqlite3_finalize(p);
+    }else if( rc!=SQLITE_NOMEM ){
+      rc = SQLITE_OK;
+    }
+
+    if( rc==SQLITE_OK ){
+      if( nRow==0 ){
+        pRtree->nRowEst = RTREE_DEFAULT_ROWEST;
+      }else{
+        pRtree->nRowEst = MAX(nRow, RTREE_MIN_ROWEST);
+      }
+    }
+    sqlite3_free(zSql);
+  }
+
+  return rc;
+}
+
+static sqlite3_module rtreeModule = {
+  0,                          /* iVersion */
+  rtreeCreate,                /* xCreate - create a table */
+  rtreeConnect,               /* xConnect - connect to an existing table */
+  rtreeBestIndex,             /* xBestIndex - Determine search strategy */
+  rtreeDisconnect,            /* xDisconnect - Disconnect from a table */
+  rtreeDestroy,               /* xDestroy - Drop a table */
+  rtreeOpen,                  /* xOpen - open a cursor */
+  rtreeClose,                 /* xClose - close a cursor */
+  rtreeFilter,                /* xFilter - configure scan constraints */
+  rtreeNext,                  /* xNext - advance a cursor */
+  rtreeEof,                   /* xEof */
+  rtreeColumn,                /* xColumn - read data */
+  rtreeRowid,                 /* xRowid - read data */
+  rtreeUpdate,                /* xUpdate - write data */
+  0,                          /* xBegin - begin transaction */
+  0,                          /* xSync - sync transaction */
+  0,                          /* xCommit - commit transaction */
+  0,                          /* xRollback - rollback transaction */
+  0,                          /* xFindFunction - function overloading */
+  rtreeRename,                /* xRename - rename the table */
+  0,                          /* xSavepoint */
+  0,                          /* xRelease */
+  0                           /* xRollbackTo */
+};
+
+static int rtreeSqlInit(
+  Rtree *pRtree, 
+  sqlite3 *db, 
+  const char *zDb, 
+  const char *zPrefix, 
+  int isCreate
+){
+  int rc = SQLITE_OK;
+
+  #define N_STATEMENT 9
+  static const char *azSql[N_STATEMENT] = {
+    /* Read and write the xxx_node table */
+    "SELECT data FROM '%q'.'%q_node' WHERE nodeno = :1",
+    "INSERT OR REPLACE INTO '%q'.'%q_node' VALUES(:1, :2)",
+    "DELETE FROM '%q'.'%q_node' WHERE nodeno = :1",
+
+    /* Read and write the xxx_rowid table */
+    "SELECT nodeno FROM '%q'.'%q_rowid' WHERE rowid = :1",
+    "INSERT OR REPLACE INTO '%q'.'%q_rowid' VALUES(:1, :2)",
+    "DELETE FROM '%q'.'%q_rowid' WHERE rowid = :1",
+
+    /* Read and write the xxx_parent table */
+    "SELECT parentnode FROM '%q'.'%q_parent' WHERE nodeno = :1",
+    "INSERT OR REPLACE INTO '%q'.'%q_parent' VALUES(:1, :2)",
+    "DELETE FROM '%q'.'%q_parent' WHERE nodeno = :1"
+  };
+  sqlite3_stmt **appStmt[N_STATEMENT];
+  int i;
+
+  pRtree->db = db;
+
+  if( isCreate ){
+    char *zCreate = sqlite3_mprintf(
+"CREATE TABLE \"%w\".\"%w_node\"(nodeno INTEGER PRIMARY KEY, data BLOB);"
+"CREATE TABLE \"%w\".\"%w_rowid\"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);"
+"CREATE TABLE \"%w\".\"%w_parent\"(nodeno INTEGER PRIMARY KEY,"
+                                  " parentnode INTEGER);"
+"INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))",
+      zDb, zPrefix, zDb, zPrefix, zDb, zPrefix, zDb, zPrefix, pRtree->iNodeSize
+    );
+    if( !zCreate ){
+      return SQLITE_NOMEM;
+    }
+    rc = sqlite3_exec(db, zCreate, 0, 0, 0);
+    sqlite3_free(zCreate);
+    if( rc!=SQLITE_OK ){
+      return rc;
+    }
+  }
+
+  appStmt[0] = &pRtree->pReadNode;
+  appStmt[1] = &pRtree->pWriteNode;
+  appStmt[2] = &pRtree->pDeleteNode;
+  appStmt[3] = &pRtree->pReadRowid;
+  appStmt[4] = &pRtree->pWriteRowid;
+  appStmt[5] = &pRtree->pDeleteRowid;
+  appStmt[6] = &pRtree->pReadParent;
+  appStmt[7] = &pRtree->pWriteParent;
+  appStmt[8] = &pRtree->pDeleteParent;
+
+  rc = rtreeQueryStat1(db, pRtree);
+  for(i=0; i<N_STATEMENT && rc==SQLITE_OK; i++){
+    char *zSql = sqlite3_mprintf(azSql[i], zDb, zPrefix);
+    if( zSql ){
+      rc = sqlite3_prepare_v2(db, zSql, -1, appStmt[i], 0); 
+    }else{
+      rc = SQLITE_NOMEM;
+    }
+    sqlite3_free(zSql);
+  }
+
+  return rc;
+}
+
+/*
+** The second argument to this function contains the text of an SQL statement
+** that returns a single integer value. The statement is compiled and executed
+** using database connection db. If successful, the integer value returned
+** is written to *piVal and SQLITE_OK returned. Otherwise, an SQLite error
+** code is returned and the value of *piVal after returning is not defined.
+*/
+static int getIntFromStmt(sqlite3 *db, const char *zSql, int *piVal){
+  int rc = SQLITE_NOMEM;
+  if( zSql ){
+    sqlite3_stmt *pStmt = 0;
+    rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
+    if( rc==SQLITE_OK ){
+      if( SQLITE_ROW==sqlite3_step(pStmt) ){
+        *piVal = sqlite3_column_int(pStmt, 0);
+      }
+      rc = sqlite3_finalize(pStmt);
+    }
+  }
+  return rc;
+}
+
+/*
+** This function is called from within the xConnect() or xCreate() method to
+** determine the node-size used by the rtree table being created or connected
+** to. If successful, pRtree->iNodeSize is populated and SQLITE_OK returned.
+** Otherwise, an SQLite error code is returned.
+**
+** If this function is being called as part of an xConnect(), then the rtree
+** table already exists. In this case the node-size is determined by inspecting
+** the root node of the tree.
+**
+** Otherwise, for an xCreate(), use 64 bytes less than the database page-size. 
+** This ensures that each node is stored on a single database page. If the 
+** database page-size is so large that more than RTREE_MAXCELLS entries 
+** would fit in a single node, use a smaller node-size.
+*/
+static int getNodeSize(
+  sqlite3 *db,                    /* Database handle */
+  Rtree *pRtree,                  /* Rtree handle */
+  int isCreate,                   /* True for xCreate, false for xConnect */
+  char **pzErr                    /* OUT: Error message, if any */
+){
+  int rc;
+  char *zSql;
+  if( isCreate ){
+    int iPageSize = 0;
+    zSql = sqlite3_mprintf("PRAGMA %Q.page_size", pRtree->zDb);
+    rc = getIntFromStmt(db, zSql, &iPageSize);
+    if( rc==SQLITE_OK ){
+      pRtree->iNodeSize = iPageSize-64;
+      if( (4+pRtree->nBytesPerCell*RTREE_MAXCELLS)<pRtree->iNodeSize ){
+        pRtree->iNodeSize = 4+pRtree->nBytesPerCell*RTREE_MAXCELLS;
+      }
+    }else{
+      *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+    }
+  }else{
+    zSql = sqlite3_mprintf(
+        "SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1",
+        pRtree->zDb, pRtree->zName
+    );
+    rc = getIntFromStmt(db, zSql, &pRtree->iNodeSize);
+    if( rc!=SQLITE_OK ){
+      *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+    }
+  }
+
+  sqlite3_free(zSql);
+  return rc;
+}
+
+/* 
+** This function is the implementation of both the xConnect and xCreate
+** methods of the r-tree virtual table.
+**
+**   argv[0]   -> module name
+**   argv[1]   -> database name
+**   argv[2]   -> table name
+**   argv[...] -> column names...
+*/
+static int rtreeInit(
+  sqlite3 *db,                        /* Database connection */
+  void *pAux,                         /* One of the RTREE_COORD_* constants */
+  int argc, const char *const*argv,   /* Parameters to CREATE TABLE statement */
+  sqlite3_vtab **ppVtab,              /* OUT: New virtual table */
+  char **pzErr,                       /* OUT: Error message, if any */
+  int isCreate                        /* True for xCreate, false for xConnect */
+){
+  int rc = SQLITE_OK;
+  Rtree *pRtree;
+  int nDb;              /* Length of string argv[1] */
+  int nName;            /* Length of string argv[2] */
+  int eCoordType = (pAux ? RTREE_COORD_INT32 : RTREE_COORD_REAL32);
+
+  const char *aErrMsg[] = {
+    0,                                                    /* 0 */
+    "Wrong number of columns for an rtree table",         /* 1 */
+    "Too few columns for an rtree table",                 /* 2 */
+    "Too many columns for an rtree table"                 /* 3 */
+  };
+
+  int iErr = (argc<6) ? 2 : argc>(RTREE_MAX_DIMENSIONS*2+4) ? 3 : argc%2;
+  if( aErrMsg[iErr] ){
+    *pzErr = sqlite3_mprintf("%s", aErrMsg[iErr]);
+    return SQLITE_ERROR;
+  }
+
+  sqlite3_vtab_config(db, SQLITE_VTAB_CONSTRAINT_SUPPORT, 1);
+
+  /* Allocate the sqlite3_vtab structure */
+  nDb = (int)strlen(argv[1]);
+  nName = (int)strlen(argv[2]);
+  pRtree = (Rtree *)sqlite3_malloc(sizeof(Rtree)+nDb+nName+2);
+  if( !pRtree ){
+    return SQLITE_NOMEM;
+  }
+  memset(pRtree, 0, sizeof(Rtree)+nDb+nName+2);
+  pRtree->nBusy = 1;
+  pRtree->base.pModule = &rtreeModule;
+  pRtree->zDb = (char *)&pRtree[1];
+  pRtree->zName = &pRtree->zDb[nDb+1];
+  pRtree->nDim = (argc-4)/2;
+  pRtree->nBytesPerCell = 8 + pRtree->nDim*4*2;
+  pRtree->eCoordType = eCoordType;
+  memcpy(pRtree->zDb, argv[1], nDb);
+  memcpy(pRtree->zName, argv[2], nName);
+
+  /* Figure out the node size to use. */
+  rc = getNodeSize(db, pRtree, isCreate, pzErr);
+
+  /* Create/Connect to the underlying relational database schema. If
+  ** that is successful, call sqlite3_declare_vtab() to configure
+  ** the r-tree table schema.
+  */
+  if( rc==SQLITE_OK ){
+    if( (rc = rtreeSqlInit(pRtree, db, argv[1], argv[2], isCreate)) ){
+      *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+    }else{
+      char *zSql = sqlite3_mprintf("CREATE TABLE x(%s", argv[3]);
+      char *zTmp;
+      int ii;
+      for(ii=4; zSql && ii<argc; ii++){
+        zTmp = zSql;
+        zSql = sqlite3_mprintf("%s, %s", zTmp, argv[ii]);
+        sqlite3_free(zTmp);
+      }
+      if( zSql ){
+        zTmp = zSql;
+        zSql = sqlite3_mprintf("%s);", zTmp);
+        sqlite3_free(zTmp);
+      }
+      if( !zSql ){
+        rc = SQLITE_NOMEM;
+      }else if( SQLITE_OK!=(rc = sqlite3_declare_vtab(db, zSql)) ){
+        *pzErr = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+      }
+      sqlite3_free(zSql);
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    *ppVtab = (sqlite3_vtab *)pRtree;
+  }else{
+    assert( *ppVtab==0 );
+    assert( pRtree->nBusy==1 );
+    rtreeRelease(pRtree);
+  }
+  return rc;
+}
+
+
+/*
+** Implementation of a scalar function that decodes r-tree nodes to
+** human readable strings. This can be used for debugging and analysis.
+**
+** The scalar function takes two arguments: (1) the number of dimensions
+** to the rtree (between 1 and 5, inclusive) and (2) a blob of data containing
+** an r-tree node.  For a two-dimensional r-tree structure called "rt", to
+** deserialize all nodes, a statement like:
+**
+**   SELECT rtreenode(2, data) FROM rt_node;
+**
+** The human readable string takes the form of a Tcl list with one
+** entry for each cell in the r-tree node. Each entry is itself a
+** list, containing the 8-byte rowid/pageno followed by the 
+** <num-dimension>*2 coordinates.
+*/
+static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
+  char *zText = 0;
+  RtreeNode node;
+  Rtree tree;
+  int ii;
+
+  UNUSED_PARAMETER(nArg);
+  memset(&node, 0, sizeof(RtreeNode));
+  memset(&tree, 0, sizeof(Rtree));
+  tree.nDim = sqlite3_value_int(apArg[0]);
+  tree.nBytesPerCell = 8 + 8 * tree.nDim;
+  node.zData = (u8 *)sqlite3_value_blob(apArg[1]);
+
+  for(ii=0; ii<NCELL(&node); ii++){
+    char zCell[512];
+    int nCell = 0;
+    RtreeCell cell;
+    int jj;
+
+    nodeGetCell(&tree, &node, ii, &cell);
+    sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid);
+    nCell = (int)strlen(zCell);
+    for(jj=0; jj<tree.nDim*2; jj++){
+#ifndef SQLITE_RTREE_INT_ONLY
+      sqlite3_snprintf(512-nCell,&zCell[nCell], " %g",
+                       (double)cell.aCoord[jj].f);
+#else
+      sqlite3_snprintf(512-nCell,&zCell[nCell], " %d",
+                       cell.aCoord[jj].i);
+#endif
+      nCell = (int)strlen(zCell);
+    }
+
+    if( zText ){
+      char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell);
+      sqlite3_free(zText);
+      zText = zTextNew;
+    }else{
+      zText = sqlite3_mprintf("{%s}", zCell);
+    }
+  }
+  
+  sqlite3_result_text(ctx, zText, -1, sqlite3_free);
+}
+
+/* This routine implements an SQL function that returns the "depth" parameter
+** from the front of a blob that is an r-tree node.  For example:
+**
+**     SELECT rtreedepth(data) FROM rt_node WHERE nodeno=1;
+**
+** The depth value is 0 for all nodes other than the root node, and the root
+** node always has nodeno=1, so the example above is the primary use for this
+** routine.  This routine is intended for testing and analysis only.
+*/
+static void rtreedepth(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){
+  UNUSED_PARAMETER(nArg);
+  if( sqlite3_value_type(apArg[0])!=SQLITE_BLOB 
+   || sqlite3_value_bytes(apArg[0])<2
+  ){
+    sqlite3_result_error(ctx, "Invalid argument to rtreedepth()", -1); 
+  }else{
+    u8 *zBlob = (u8 *)sqlite3_value_blob(apArg[0]);
+    sqlite3_result_int(ctx, readInt16(zBlob));
+  }
+}
+
+/*
+** Register the r-tree module with database handle db. This creates the
+** virtual table module "rtree" and the debugging/analysis scalar 
+** function "rtreenode".
+*/
+SQLITE_PRIVATE int sqlite3RtreeInit(sqlite3 *db){
+  const int utf8 = SQLITE_UTF8;
+  int rc;
+
+  rc = sqlite3_create_function(db, "rtreenode", 2, utf8, 0, rtreenode, 0, 0);
+  if( rc==SQLITE_OK ){
+    rc = sqlite3_create_function(db, "rtreedepth", 1, utf8, 0,rtreedepth, 0, 0);
+  }
+  if( rc==SQLITE_OK ){
+#ifdef SQLITE_RTREE_INT_ONLY
+    void *c = (void *)RTREE_COORD_INT32;
+#else
+    void *c = (void *)RTREE_COORD_REAL32;
+#endif
+    rc = sqlite3_create_module_v2(db, "rtree", &rtreeModule, c, 0);
+  }
+  if( rc==SQLITE_OK ){
+    void *c = (void *)RTREE_COORD_INT32;
+    rc = sqlite3_create_module_v2(db, "rtree_i32", &rtreeModule, c, 0);
+  }
+
+  return rc;
+}
+
+/*
+** This routine deletes the RtreeGeomCallback object that was attached
+** one of the SQL functions create by sqlite3_rtree_geometry_callback()
+** or sqlite3_rtree_query_callback().  In other words, this routine is the
+** destructor for an RtreeGeomCallback objecct.  This routine is called when
+** the corresponding SQL function is deleted.
+*/
+static void rtreeFreeCallback(void *p){
+  RtreeGeomCallback *pInfo = (RtreeGeomCallback*)p;
+  if( pInfo->xDestructor ) pInfo->xDestructor(pInfo->pContext);
+  sqlite3_free(p);
+}
+
+/*
+** This routine frees the BLOB that is returned by geomCallback().
+*/
+static void rtreeMatchArgFree(void *pArg){
+  int i;
+  RtreeMatchArg *p = (RtreeMatchArg*)pArg;
+  for(i=0; i<p->nParam; i++){
+    sqlite3_value_free(p->apSqlParam[i]);
+  }
+  sqlite3_free(p);
+}
+
+/*
+** Each call to sqlite3_rtree_geometry_callback() or
+** sqlite3_rtree_query_callback() creates an ordinary SQLite
+** scalar function that is implemented by this routine.
+**
+** All this function does is construct an RtreeMatchArg object that
+** contains the geometry-checking callback routines and a list of
+** parameters to this function, then return that RtreeMatchArg object
+** as a BLOB.
+**
+** The R-Tree MATCH operator will read the returned BLOB, deserialize
+** the RtreeMatchArg object, and use the RtreeMatchArg object to figure
+** out which elements of the R-Tree should be returned by the query.
+*/
+static void geomCallback(sqlite3_context *ctx, int nArg, sqlite3_value **aArg){
+  RtreeGeomCallback *pGeomCtx = (RtreeGeomCallback *)sqlite3_user_data(ctx);
+  RtreeMatchArg *pBlob;
+  int nBlob;
+  int memErr = 0;
+
+  nBlob = sizeof(RtreeMatchArg) + (nArg-1)*sizeof(RtreeDValue)
+           + nArg*sizeof(sqlite3_value*);
+  pBlob = (RtreeMatchArg *)sqlite3_malloc(nBlob);
+  if( !pBlob ){
+    sqlite3_result_error_nomem(ctx);
+  }else{
+    int i;
+    pBlob->magic = RTREE_GEOMETRY_MAGIC;
+    pBlob->cb = pGeomCtx[0];
+    pBlob->apSqlParam = (sqlite3_value**)&pBlob->aParam[nArg];
+    pBlob->nParam = nArg;
+    for(i=0; i<nArg; i++){
+      pBlob->apSqlParam[i] = sqlite3_value_dup(aArg[i]);
+      if( pBlob->apSqlParam[i]==0 ) memErr = 1;
+#ifdef SQLITE_RTREE_INT_ONLY
+      pBlob->aParam[i] = sqlite3_value_int64(aArg[i]);
+#else
+      pBlob->aParam[i] = sqlite3_value_double(aArg[i]);
+#endif
+    }
+    if( memErr ){
+      sqlite3_result_error_nomem(ctx);
+      rtreeMatchArgFree(pBlob);
+    }else{
+      sqlite3_result_blob(ctx, pBlob, nBlob, rtreeMatchArgFree);
+    }
+  }
+}
+
+/*
+** Register a new geometry function for use with the r-tree MATCH operator.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rtree_geometry_callback(
+  sqlite3 *db,                  /* Register SQL function on this connection */
+  const char *zGeom,            /* Name of the new SQL function */
+  int (*xGeom)(sqlite3_rtree_geometry*,int,RtreeDValue*,int*), /* Callback */
+  void *pContext                /* Extra data associated with the callback */
+){
+  RtreeGeomCallback *pGeomCtx;      /* Context object for new user-function */
+
+  /* Allocate and populate the context object. */
+  pGeomCtx = (RtreeGeomCallback *)sqlite3_malloc(sizeof(RtreeGeomCallback));
+  if( !pGeomCtx ) return SQLITE_NOMEM;
+  pGeomCtx->xGeom = xGeom;
+  pGeomCtx->xQueryFunc = 0;
+  pGeomCtx->xDestructor = 0;
+  pGeomCtx->pContext = pContext;
+  return sqlite3_create_function_v2(db, zGeom, -1, SQLITE_ANY, 
+      (void *)pGeomCtx, geomCallback, 0, 0, rtreeFreeCallback
+  );
+}
+
+/*
+** Register a new 2nd-generation geometry function for use with the
+** r-tree MATCH operator.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rtree_query_callback(
+  sqlite3 *db,                 /* Register SQL function on this connection */
+  const char *zQueryFunc,      /* Name of new SQL function */
+  int (*xQueryFunc)(sqlite3_rtree_query_info*), /* Callback */
+  void *pContext,              /* Extra data passed into the callback */
+  void (*xDestructor)(void*)   /* Destructor for the extra data */
+){
+  RtreeGeomCallback *pGeomCtx;      /* Context object for new user-function */
+
+  /* Allocate and populate the context object. */
+  pGeomCtx = (RtreeGeomCallback *)sqlite3_malloc(sizeof(RtreeGeomCallback));
+  if( !pGeomCtx ) return SQLITE_NOMEM;
+  pGeomCtx->xGeom = 0;
+  pGeomCtx->xQueryFunc = xQueryFunc;
+  pGeomCtx->xDestructor = xDestructor;
+  pGeomCtx->pContext = pContext;
+  return sqlite3_create_function_v2(db, zQueryFunc, -1, SQLITE_ANY, 
+      (void *)pGeomCtx, geomCallback, 0, 0, rtreeFreeCallback
+  );
+}
+
+#if !SQLITE_CORE
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+SQLITE_API int SQLITE_STDCALL sqlite3_rtree_init(
+  sqlite3 *db,
+  char **pzErrMsg,
+  const sqlite3_api_routines *pApi
+){
+  SQLITE_EXTENSION_INIT2(pApi)
+  return sqlite3RtreeInit(db);
+}
+#endif
+
+#endif
+
+/************** End of rtree.c ***********************************************/
+/************** Begin file icu.c *********************************************/
+/*
+** 2007 May 6
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** $Id: icu.c,v 1.7 2007/12/13 21:54:11 drh Exp $
+**
+** This file implements an integration between the ICU library 
+** ("International Components for Unicode", an open-source library 
+** for handling unicode data) and SQLite. The integration uses 
+** ICU to provide the following to SQLite:
+**
+**   * An implementation of the SQL regexp() function (and hence REGEXP
+**     operator) using the ICU uregex_XX() APIs.
+**
+**   * Implementations of the SQL scalar upper() and lower() functions
+**     for case mapping.
+**
+**   * Integration of ICU and SQLite collation sequences.
+**
+**   * An implementation of the LIKE operator that uses ICU to 
+**     provide case-independent matching.
+*/
+
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_ICU)
+
+/* Include ICU headers */
+#include <unicode/utypes.h>
+#include <unicode/uregex.h>
+#include <unicode/ustring.h>
+#include <unicode/ucol.h>
+
+/* #include <assert.h> */
+
+#ifndef SQLITE_CORE
+/*   #include "sqlite3ext.h" */
+  SQLITE_EXTENSION_INIT1
+#else
+/*   #include "sqlite3.h" */
+#endif
+
+/*
+** Maximum length (in bytes) of the pattern in a LIKE or GLOB
+** operator.
+*/
+#ifndef SQLITE_MAX_LIKE_PATTERN_LENGTH
+# define SQLITE_MAX_LIKE_PATTERN_LENGTH 50000
+#endif
+
+/*
+** Version of sqlite3_free() that is always a function, never a macro.
+*/
+static void xFree(void *p){
+  sqlite3_free(p);
+}
+
+/*
+** Compare two UTF-8 strings for equality where the first string is
+** a "LIKE" expression. Return true (1) if they are the same and 
+** false (0) if they are different.
+*/
+static int icuLikeCompare(
+  const uint8_t *zPattern,   /* LIKE pattern */
+  const uint8_t *zString,    /* The UTF-8 string to compare against */
+  const UChar32 uEsc         /* The escape character */
+){
+  static const int MATCH_ONE = (UChar32)'_';
+  static const int MATCH_ALL = (UChar32)'%';
+
+  int iPattern = 0;       /* Current byte index in zPattern */
+  int iString = 0;        /* Current byte index in zString */
+
+  int prevEscape = 0;     /* True if the previous character was uEsc */
+
+  while( zPattern[iPattern]!=0 ){
+
+    /* Read (and consume) the next character from the input pattern. */
+    UChar32 uPattern;
+    U8_NEXT_UNSAFE(zPattern, iPattern, uPattern);
+
+    /* There are now 4 possibilities:
+    **
+    **     1. uPattern is an unescaped match-all character "%",
+    **     2. uPattern is an unescaped match-one character "_",
+    **     3. uPattern is an unescaped escape character, or
+    **     4. uPattern is to be handled as an ordinary character
+    */
+    if( !prevEscape && uPattern==MATCH_ALL ){
+      /* Case 1. */
+      uint8_t c;
+
+      /* Skip any MATCH_ALL or MATCH_ONE characters that follow a
+      ** MATCH_ALL. For each MATCH_ONE, skip one character in the 
+      ** test string.
+      */
+      while( (c=zPattern[iPattern]) == MATCH_ALL || c == MATCH_ONE ){
+        if( c==MATCH_ONE ){
+          if( zString[iString]==0 ) return 0;
+          U8_FWD_1_UNSAFE(zString, iString);
+        }
+        iPattern++;
+      }
+
+      if( zPattern[iPattern]==0 ) return 1;
+
+      while( zString[iString] ){
+        if( icuLikeCompare(&zPattern[iPattern], &zString[iString], uEsc) ){
+          return 1;
+        }
+        U8_FWD_1_UNSAFE(zString, iString);
+      }
+      return 0;
+
+    }else if( !prevEscape && uPattern==MATCH_ONE ){
+      /* Case 2. */
+      if( zString[iString]==0 ) return 0;
+      U8_FWD_1_UNSAFE(zString, iString);
+
+    }else if( !prevEscape && uPattern==uEsc){
+      /* Case 3. */
+      prevEscape = 1;
+
+    }else{
+      /* Case 4. */
+      UChar32 uString;
+      U8_NEXT_UNSAFE(zString, iString, uString);
+      uString = u_foldCase(uString, U_FOLD_CASE_DEFAULT);
+      uPattern = u_foldCase(uPattern, U_FOLD_CASE_DEFAULT);
+      if( uString!=uPattern ){
+        return 0;
+      }
+      prevEscape = 0;
+    }
+  }
+
+  return zString[iString]==0;
+}
+
+/*
+** Implementation of the like() SQL function.  This function implements
+** the build-in LIKE operator.  The first argument to the function is the
+** pattern and the second argument is the string.  So, the SQL statements:
+**
+**       A LIKE B
+**
+** is implemented as like(B, A). If there is an escape character E, 
+**
+**       A LIKE B ESCAPE E
+**
+** is mapped to like(B, A, E).
+*/
+static void icuLikeFunc(
+  sqlite3_context *context, 
+  int argc, 
+  sqlite3_value **argv
+){
+  const unsigned char *zA = sqlite3_value_text(argv[0]);
+  const unsigned char *zB = sqlite3_value_text(argv[1]);
+  UChar32 uEsc = 0;
+
+  /* Limit the length of the LIKE or GLOB pattern to avoid problems
+  ** of deep recursion and N*N behavior in patternCompare().
+  */
+  if( sqlite3_value_bytes(argv[0])>SQLITE_MAX_LIKE_PATTERN_LENGTH ){
+    sqlite3_result_error(context, "LIKE or GLOB pattern too complex", -1);
+    return;
+  }
+
+
+  if( argc==3 ){
+    /* The escape character string must consist of a single UTF-8 character.
+    ** Otherwise, return an error.
+    */
+    int nE= sqlite3_value_bytes(argv[2]);
+    const unsigned char *zE = sqlite3_value_text(argv[2]);
+    int i = 0;
+    if( zE==0 ) return;
+    U8_NEXT(zE, i, nE, uEsc);
+    if( i!=nE){
+      sqlite3_result_error(context, 
+          "ESCAPE expression must be a single character", -1);
+      return;
+    }
+  }
+
+  if( zA && zB ){
+    sqlite3_result_int(context, icuLikeCompare(zA, zB, uEsc));
+  }
+}
+
+/*
+** This function is called when an ICU function called from within
+** the implementation of an SQL scalar function returns an error.
+**
+** The scalar function context passed as the first argument is 
+** loaded with an error message based on the following two args.
+*/
+static void icuFunctionError(
+  sqlite3_context *pCtx,       /* SQLite scalar function context */
+  const char *zName,           /* Name of ICU function that failed */
+  UErrorCode e                 /* Error code returned by ICU function */
+){
+  char zBuf[128];
+  sqlite3_snprintf(128, zBuf, "ICU error: %s(): %s", zName, u_errorName(e));
+  zBuf[127] = '\0';
+  sqlite3_result_error(pCtx, zBuf, -1);
+}
+
+/*
+** Function to delete compiled regexp objects. Registered as
+** a destructor function with sqlite3_set_auxdata().
+*/
+static void icuRegexpDelete(void *p){
+  URegularExpression *pExpr = (URegularExpression *)p;
+  uregex_close(pExpr);
+}
+
+/*
+** Implementation of SQLite REGEXP operator. This scalar function takes
+** two arguments. The first is a regular expression pattern to compile
+** the second is a string to match against that pattern. If either 
+** argument is an SQL NULL, then NULL Is returned. Otherwise, the result
+** is 1 if the string matches the pattern, or 0 otherwise.
+**
+** SQLite maps the regexp() function to the regexp() operator such
+** that the following two are equivalent:
+**
+**     zString REGEXP zPattern
+**     regexp(zPattern, zString)
+**
+** Uses the following ICU regexp APIs:
+**
+**     uregex_open()
+**     uregex_matches()
+**     uregex_close()
+*/
+static void icuRegexpFunc(sqlite3_context *p, int nArg, sqlite3_value **apArg){
+  UErrorCode status = U_ZERO_ERROR;
+  URegularExpression *pExpr;
+  UBool res;
+  const UChar *zString = sqlite3_value_text16(apArg[1]);
+
+  (void)nArg;  /* Unused parameter */
+
+  /* If the left hand side of the regexp operator is NULL, 
+  ** then the result is also NULL. 
+  */
+  if( !zString ){
+    return;
+  }
+
+  pExpr = sqlite3_get_auxdata(p, 0);
+  if( !pExpr ){
+    const UChar *zPattern = sqlite3_value_text16(apArg[0]);
+    if( !zPattern ){
+      return;
+    }
+    pExpr = uregex_open(zPattern, -1, 0, 0, &status);
+
+    if( U_SUCCESS(status) ){
+      sqlite3_set_auxdata(p, 0, pExpr, icuRegexpDelete);
+    }else{
+      assert(!pExpr);
+      icuFunctionError(p, "uregex_open", status);
+      return;
+    }
+  }
+
+  /* Configure the text that the regular expression operates on. */
+  uregex_setText(pExpr, zString, -1, &status);
+  if( !U_SUCCESS(status) ){
+    icuFunctionError(p, "uregex_setText", status);
+    return;
+  }
+
+  /* Attempt the match */
+  res = uregex_matches(pExpr, 0, &status);
+  if( !U_SUCCESS(status) ){
+    icuFunctionError(p, "uregex_matches", status);
+    return;
+  }
+
+  /* Set the text that the regular expression operates on to a NULL
+  ** pointer. This is not really necessary, but it is tidier than 
+  ** leaving the regular expression object configured with an invalid
+  ** pointer after this function returns.
+  */
+  uregex_setText(pExpr, 0, 0, &status);
+
+  /* Return 1 or 0. */
+  sqlite3_result_int(p, res ? 1 : 0);
+}
+
+/*
+** Implementations of scalar functions for case mapping - upper() and 
+** lower(). Function upper() converts its input to upper-case (ABC).
+** Function lower() converts to lower-case (abc).
+**
+** ICU provides two types of case mapping, "general" case mapping and
+** "language specific". Refer to ICU documentation for the differences
+** between the two.
+**
+** To utilise "general" case mapping, the upper() or lower() scalar 
+** functions are invoked with one argument:
+**
+**     upper('ABC') -> 'abc'
+**     lower('abc') -> 'ABC'
+**
+** To access ICU "language specific" case mapping, upper() or lower()
+** should be invoked with two arguments. The second argument is the name
+** of the locale to use. Passing an empty string ("") or SQL NULL value
+** as the second argument is the same as invoking the 1 argument version
+** of upper() or lower().
+**
+**     lower('I', 'en_us') -> 'i'
+**     lower('I', 'tr_tr') -> 'ı' (small dotless i)
+**
+** http://www.icu-project.org/userguide/posix.html#case_mappings
+*/
+static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){
+  const UChar *zInput;
+  UChar *zOutput;
+  int nInput;
+  int nOutput;
+
+  UErrorCode status = U_ZERO_ERROR;
+  const char *zLocale = 0;
+
+  assert(nArg==1 || nArg==2);
+  if( nArg==2 ){
+    zLocale = (const char *)sqlite3_value_text(apArg[1]);
+  }
+
+  zInput = sqlite3_value_text16(apArg[0]);
+  if( !zInput ){
+    return;
+  }
+  nInput = sqlite3_value_bytes16(apArg[0]);
+
+  nOutput = nInput * 2 + 2;
+  zOutput = sqlite3_malloc(nOutput);
+  if( !zOutput ){
+    return;
+  }
+
+  if( sqlite3_user_data(p) ){
+    u_strToUpper(zOutput, nOutput/2, zInput, nInput/2, zLocale, &status);
+  }else{
+    u_strToLower(zOutput, nOutput/2, zInput, nInput/2, zLocale, &status);
+  }
+
+  if( !U_SUCCESS(status) ){
+    icuFunctionError(p, "u_strToLower()/u_strToUpper", status);
+    return;
+  }
+
+  sqlite3_result_text16(p, zOutput, -1, xFree);
+}
+
+/*
+** Collation sequence destructor function. The pCtx argument points to
+** a UCollator structure previously allocated using ucol_open().
+*/
+static void icuCollationDel(void *pCtx){
+  UCollator *p = (UCollator *)pCtx;
+  ucol_close(p);
+}
+
+/*
+** Collation sequence comparison function. The pCtx argument points to
+** a UCollator structure previously allocated using ucol_open().
+*/
+static int icuCollationColl(
+  void *pCtx,
+  int nLeft,
+  const void *zLeft,
+  int nRight,
+  const void *zRight
+){
+  UCollationResult res;
+  UCollator *p = (UCollator *)pCtx;
+  res = ucol_strcoll(p, (UChar *)zLeft, nLeft/2, (UChar *)zRight, nRight/2);
+  switch( res ){
+    case UCOL_LESS:    return -1;
+    case UCOL_GREATER: return +1;
+    case UCOL_EQUAL:   return 0;
+  }
+  assert(!"Unexpected return value from ucol_strcoll()");
+  return 0;
+}
+
+/*
+** Implementation of the scalar function icu_load_collation().
+**
+** This scalar function is used to add ICU collation based collation 
+** types to an SQLite database connection. It is intended to be called
+** as follows:
+**
+**     SELECT icu_load_collation(<locale>, <collation-name>);
+**
+** Where <locale> is a string containing an ICU locale identifier (i.e.
+** "en_AU", "tr_TR" etc.) and <collation-name> is the name of the
+** collation sequence to create.
+*/
+static void icuLoadCollation(
+  sqlite3_context *p, 
+  int nArg, 
+  sqlite3_value **apArg
+){
+  sqlite3 *db = (sqlite3 *)sqlite3_user_data(p);
+  UErrorCode status = U_ZERO_ERROR;
+  const char *zLocale;      /* Locale identifier - (eg. "jp_JP") */
+  const char *zName;        /* SQL Collation sequence name (eg. "japanese") */
+  UCollator *pUCollator;    /* ICU library collation object */
+  int rc;                   /* Return code from sqlite3_create_collation_x() */
+
+  assert(nArg==2);
+  (void)nArg; /* Unused parameter */
+  zLocale = (const char *)sqlite3_value_text(apArg[0]);
+  zName = (const char *)sqlite3_value_text(apArg[1]);
+
+  if( !zLocale || !zName ){
+    return;
+  }
+
+  pUCollator = ucol_open(zLocale, &status);
+  if( !U_SUCCESS(status) ){
+    icuFunctionError(p, "ucol_open", status);
+    return;
+  }
+  assert(p);
+
+  rc = sqlite3_create_collation_v2(db, zName, SQLITE_UTF16, (void *)pUCollator, 
+      icuCollationColl, icuCollationDel
+  );
+  if( rc!=SQLITE_OK ){
+    ucol_close(pUCollator);
+    sqlite3_result_error(p, "Error registering collation function", -1);
+  }
+}
+
+/*
+** Register the ICU extension functions with database db.
+*/
+SQLITE_PRIVATE int sqlite3IcuInit(sqlite3 *db){
+  struct IcuScalar {
+    const char *zName;                        /* Function name */
+    int nArg;                                 /* Number of arguments */
+    int enc;                                  /* Optimal text encoding */
+    void *pContext;                           /* sqlite3_user_data() context */
+    void (*xFunc)(sqlite3_context*,int,sqlite3_value**);
+  } scalars[] = {
+    {"regexp", 2, SQLITE_ANY,          0, icuRegexpFunc},
+
+    {"lower",  1, SQLITE_UTF16,        0, icuCaseFunc16},
+    {"lower",  2, SQLITE_UTF16,        0, icuCaseFunc16},
+    {"upper",  1, SQLITE_UTF16, (void*)1, icuCaseFunc16},
+    {"upper",  2, SQLITE_UTF16, (void*)1, icuCaseFunc16},
+
+    {"lower",  1, SQLITE_UTF8,         0, icuCaseFunc16},
+    {"lower",  2, SQLITE_UTF8,         0, icuCaseFunc16},
+    {"upper",  1, SQLITE_UTF8,  (void*)1, icuCaseFunc16},
+    {"upper",  2, SQLITE_UTF8,  (void*)1, icuCaseFunc16},
+
+    {"like",   2, SQLITE_UTF8,         0, icuLikeFunc},
+    {"like",   3, SQLITE_UTF8,         0, icuLikeFunc},
+
+    {"icu_load_collation",  2, SQLITE_UTF8, (void*)db, icuLoadCollation},
+  };
+
+  int rc = SQLITE_OK;
+  int i;
+
+  for(i=0; rc==SQLITE_OK && i<(int)(sizeof(scalars)/sizeof(scalars[0])); i++){
+    struct IcuScalar *p = &scalars[i];
+    rc = sqlite3_create_function(
+        db, p->zName, p->nArg, p->enc, p->pContext, p->xFunc, 0, 0
+    );
+  }
+
+  return rc;
+}
+
+#if !SQLITE_CORE
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+SQLITE_API int SQLITE_STDCALL sqlite3_icu_init(
+  sqlite3 *db, 
+  char **pzErrMsg,
+  const sqlite3_api_routines *pApi
+){
+  SQLITE_EXTENSION_INIT2(pApi)
+  return sqlite3IcuInit(db);
+}
+#endif
+
+#endif
+
+/************** End of icu.c *************************************************/
+/************** Begin file fts3_icu.c ****************************************/
+/*
+** 2007 June 22
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This file implements a tokenizer for fts3 based on the ICU library.
+*/
+/* #include "fts3Int.h" */
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3)
+#ifdef SQLITE_ENABLE_ICU
+
+/* #include <assert.h> */
+/* #include <string.h> */
+/* #include "fts3_tokenizer.h" */
+
+#include <unicode/ubrk.h>
+/* #include <unicode/ucol.h> */
+/* #include <unicode/ustring.h> */
+#include <unicode/utf16.h>
+
+typedef struct IcuTokenizer IcuTokenizer;
+typedef struct IcuCursor IcuCursor;
+
+struct IcuTokenizer {
+  sqlite3_tokenizer base;
+  char *zLocale;
+};
+
+struct IcuCursor {
+  sqlite3_tokenizer_cursor base;
+
+  UBreakIterator *pIter;      /* ICU break-iterator object */
+  int nChar;                  /* Number of UChar elements in pInput */
+  UChar *aChar;               /* Copy of input using utf-16 encoding */
+  int *aOffset;               /* Offsets of each character in utf-8 input */
+
+  int nBuffer;
+  char *zBuffer;
+
+  int iToken;
+};
+
+/*
+** Create a new tokenizer instance.
+*/
+static int icuCreate(
+  int argc,                            /* Number of entries in argv[] */
+  const char * const *argv,            /* Tokenizer creation arguments */
+  sqlite3_tokenizer **ppTokenizer      /* OUT: Created tokenizer */
+){
+  IcuTokenizer *p;
+  int n = 0;
+
+  if( argc>0 ){
+    n = strlen(argv[0])+1;
+  }
+  p = (IcuTokenizer *)sqlite3_malloc(sizeof(IcuTokenizer)+n);
+  if( !p ){
+    return SQLITE_NOMEM;
+  }
+  memset(p, 0, sizeof(IcuTokenizer));
+
+  if( n ){
+    p->zLocale = (char *)&p[1];
+    memcpy(p->zLocale, argv[0], n);
+  }
+
+  *ppTokenizer = (sqlite3_tokenizer *)p;
+
+  return SQLITE_OK;
+}
+
+/*
+** Destroy a tokenizer
+*/
+static int icuDestroy(sqlite3_tokenizer *pTokenizer){
+  IcuTokenizer *p = (IcuTokenizer *)pTokenizer;
+  sqlite3_free(p);
+  return SQLITE_OK;
+}
+
+/*
+** Prepare to begin tokenizing a particular string.  The input
+** string to be tokenized is pInput[0..nBytes-1].  A cursor
+** used to incrementally tokenize this string is returned in 
+** *ppCursor.
+*/
+static int icuOpen(
+  sqlite3_tokenizer *pTokenizer,         /* The tokenizer */
+  const char *zInput,                    /* Input string */
+  int nInput,                            /* Length of zInput in bytes */
+  sqlite3_tokenizer_cursor **ppCursor    /* OUT: Tokenization cursor */
+){
+  IcuTokenizer *p = (IcuTokenizer *)pTokenizer;
+  IcuCursor *pCsr;
+
+  const int32_t opt = U_FOLD_CASE_DEFAULT;
+  UErrorCode status = U_ZERO_ERROR;
+  int nChar;
+
+  UChar32 c;
+  int iInput = 0;
+  int iOut = 0;
+
+  *ppCursor = 0;
+
+  if( zInput==0 ){
+    nInput = 0;
+    zInput = "";
+  }else if( nInput<0 ){
+    nInput = strlen(zInput);
+  }
+  nChar = nInput+1;
+  pCsr = (IcuCursor *)sqlite3_malloc(
+      sizeof(IcuCursor) +                /* IcuCursor */
+      ((nChar+3)&~3) * sizeof(UChar) +   /* IcuCursor.aChar[] */
+      (nChar+1) * sizeof(int)            /* IcuCursor.aOffset[] */
+  );
+  if( !pCsr ){
+    return SQLITE_NOMEM;
+  }
+  memset(pCsr, 0, sizeof(IcuCursor));
+  pCsr->aChar = (UChar *)&pCsr[1];
+  pCsr->aOffset = (int *)&pCsr->aChar[(nChar+3)&~3];
+
+  pCsr->aOffset[iOut] = iInput;
+  U8_NEXT(zInput, iInput, nInput, c); 
+  while( c>0 ){
+    int isError = 0;
+    c = u_foldCase(c, opt);
+    U16_APPEND(pCsr->aChar, iOut, nChar, c, isError);
+    if( isError ){
+      sqlite3_free(pCsr);
+      return SQLITE_ERROR;
+    }
+    pCsr->aOffset[iOut] = iInput;
+
+    if( iInput<nInput ){
+      U8_NEXT(zInput, iInput, nInput, c);
+    }else{
+      c = 0;
+    }
+  }
+
+  pCsr->pIter = ubrk_open(UBRK_WORD, p->zLocale, pCsr->aChar, iOut, &status);
+  if( !U_SUCCESS(status) ){
+    sqlite3_free(pCsr);
+    return SQLITE_ERROR;
+  }
+  pCsr->nChar = iOut;
+
+  ubrk_first(pCsr->pIter);
+  *ppCursor = (sqlite3_tokenizer_cursor *)pCsr;
+  return SQLITE_OK;
+}
+
+/*
+** Close a tokenization cursor previously opened by a call to icuOpen().
+*/
+static int icuClose(sqlite3_tokenizer_cursor *pCursor){
+  IcuCursor *pCsr = (IcuCursor *)pCursor;
+  ubrk_close(pCsr->pIter);
+  sqlite3_free(pCsr->zBuffer);
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+/*
+** Extract the next token from a tokenization cursor.
+*/
+static int icuNext(
+  sqlite3_tokenizer_cursor *pCursor,  /* Cursor returned by simpleOpen */
+  const char **ppToken,               /* OUT: *ppToken is the token text */
+  int *pnBytes,                       /* OUT: Number of bytes in token */
+  int *piStartOffset,                 /* OUT: Starting offset of token */
+  int *piEndOffset,                   /* OUT: Ending offset of token */
+  int *piPosition                     /* OUT: Position integer of token */
+){
+  IcuCursor *pCsr = (IcuCursor *)pCursor;
+
+  int iStart = 0;
+  int iEnd = 0;
+  int nByte = 0;
+
+  while( iStart==iEnd ){
+    UChar32 c;
+
+    iStart = ubrk_current(pCsr->pIter);
+    iEnd = ubrk_next(pCsr->pIter);
+    if( iEnd==UBRK_DONE ){
+      return SQLITE_DONE;
+    }
+
+    while( iStart<iEnd ){
+      int iWhite = iStart;
+      U16_NEXT(pCsr->aChar, iWhite, pCsr->nChar, c);
+      if( u_isspace(c) ){
+        iStart = iWhite;
+      }else{
+        break;
+      }
+    }
+    assert(iStart<=iEnd);
+  }
+
+  do {
+    UErrorCode status = U_ZERO_ERROR;
+    if( nByte ){
+      char *zNew = sqlite3_realloc(pCsr->zBuffer, nByte);
+      if( !zNew ){
+        return SQLITE_NOMEM;
+      }
+      pCsr->zBuffer = zNew;
+      pCsr->nBuffer = nByte;
+    }
+
+    u_strToUTF8(
+        pCsr->zBuffer, pCsr->nBuffer, &nByte,    /* Output vars */
+        &pCsr->aChar[iStart], iEnd-iStart,       /* Input vars */
+        &status                                  /* Output success/failure */
+    );
+  } while( nByte>pCsr->nBuffer );
+
+  *ppToken = pCsr->zBuffer;
+  *pnBytes = nByte;
+  *piStartOffset = pCsr->aOffset[iStart];
+  *piEndOffset = pCsr->aOffset[iEnd];
+  *piPosition = pCsr->iToken++;
+
+  return SQLITE_OK;
+}
+
+/*
+** The set of routines that implement the simple tokenizer
+*/
+static const sqlite3_tokenizer_module icuTokenizerModule = {
+  0,                           /* iVersion    */
+  icuCreate,                   /* xCreate     */
+  icuDestroy,                  /* xCreate     */
+  icuOpen,                     /* xOpen       */
+  icuClose,                    /* xClose      */
+  icuNext,                     /* xNext       */
+  0,                           /* xLanguageid */
+};
+
+/*
+** Set *ppModule to point at the implementation of the ICU tokenizer.
+*/
+SQLITE_PRIVATE void sqlite3Fts3IcuTokenizerModule(
+  sqlite3_tokenizer_module const**ppModule
+){
+  *ppModule = &icuTokenizerModule;
+}
+
+#endif /* defined(SQLITE_ENABLE_ICU) */
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS3) */
+
+/************** End of fts3_icu.c ********************************************/
+/************** Begin file sqlite3rbu.c **************************************/
+/*
+** 2014 August 30
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+**
+** OVERVIEW 
+**
+**  The RBU extension requires that the RBU update be packaged as an
+**  SQLite database. The tables it expects to find are described in
+**  sqlite3rbu.h.  Essentially, for each table xyz in the target database
+**  that the user wishes to write to, a corresponding data_xyz table is
+**  created in the RBU database and populated with one row for each row to
+**  update, insert or delete from the target table.
+** 
+**  The update proceeds in three stages:
+** 
+**  1) The database is updated. The modified database pages are written
+**     to a *-oal file. A *-oal file is just like a *-wal file, except
+**     that it is named "<database>-oal" instead of "<database>-wal".
+**     Because regular SQLite clients do not look for file named
+**     "<database>-oal", they go on using the original database in
+**     rollback mode while the *-oal file is being generated.
+** 
+**     During this stage RBU does not update the database by writing
+**     directly to the target tables. Instead it creates "imposter"
+**     tables using the SQLITE_TESTCTRL_IMPOSTER interface that it uses
+**     to update each b-tree individually. All updates required by each
+**     b-tree are completed before moving on to the next, and all
+**     updates are done in sorted key order.
+** 
+**  2) The "<database>-oal" file is moved to the equivalent "<database>-wal"
+**     location using a call to rename(2). Before doing this the RBU
+**     module takes an EXCLUSIVE lock on the database file, ensuring
+**     that there are no other active readers.
+** 
+**     Once the EXCLUSIVE lock is released, any other database readers
+**     detect the new *-wal file and read the database in wal mode. At
+**     this point they see the new version of the database - including
+**     the updates made as part of the RBU update.
+** 
+**  3) The new *-wal file is checkpointed. This proceeds in the same way 
+**     as a regular database checkpoint, except that a single frame is
+**     checkpointed each time sqlite3rbu_step() is called. If the RBU
+**     handle is closed before the entire *-wal file is checkpointed,
+**     the checkpoint progress is saved in the RBU database and the
+**     checkpoint can be resumed by another RBU client at some point in
+**     the future.
+**
+** POTENTIAL PROBLEMS
+** 
+**  The rename() call might not be portable. And RBU is not currently
+**  syncing the directory after renaming the file.
+**
+**  When state is saved, any commit to the *-oal file and the commit to
+**  the RBU update database are not atomic. So if the power fails at the
+**  wrong moment they might get out of sync. As the main database will be
+**  committed before the RBU update database this will likely either just
+**  pass unnoticed, or result in SQLITE_CONSTRAINT errors (due to UNIQUE
+**  constraint violations).
+**
+**  If some client does modify the target database mid RBU update, or some
+**  other error occurs, the RBU extension will keep throwing errors. It's
+**  not really clear how to get out of this state. The system could just
+**  by delete the RBU update database and *-oal file and have the device
+**  download the update again and start over.
+**
+**  At present, for an UPDATE, both the new.* and old.* records are
+**  collected in the rbu_xyz table. And for both UPDATEs and DELETEs all
+**  fields are collected.  This means we're probably writing a lot more
+**  data to disk when saving the state of an ongoing update to the RBU
+**  update database than is strictly necessary.
+** 
+*/
+
+/* #include <assert.h> */
+/* #include <string.h> */
+/* #include <stdio.h> */
+
+/* #include "sqlite3.h" */
+
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_RBU)
+/************** Include sqlite3rbu.h in the middle of sqlite3rbu.c ***********/
+/************** Begin file sqlite3rbu.h **************************************/
+/*
+** 2014 August 30
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+**
+** This file contains the public interface for the RBU extension. 
+*/
+
+/*
+** SUMMARY
+**
+** Writing a transaction containing a large number of operations on 
+** b-tree indexes that are collectively larger than the available cache
+** memory can be very inefficient. 
+**
+** The problem is that in order to update a b-tree, the leaf page (at least)
+** containing the entry being inserted or deleted must be modified. If the
+** working set of leaves is larger than the available cache memory, then a 
+** single leaf that is modified more than once as part of the transaction 
+** may be loaded from or written to the persistent media multiple times.
+** Additionally, because the index updates are likely to be applied in
+** random order, access to pages within the database is also likely to be in 
+** random order, which is itself quite inefficient.
+**
+** One way to improve the situation is to sort the operations on each index
+** by index key before applying them to the b-tree. This leads to an IO
+** pattern that resembles a single linear scan through the index b-tree,
+** and all but guarantees each modified leaf page is loaded and stored 
+** exactly once. SQLite uses this trick to improve the performance of
+** CREATE INDEX commands. This extension allows it to be used to improve
+** the performance of large transactions on existing databases.
+**
+** Additionally, this extension allows the work involved in writing the 
+** large transaction to be broken down into sub-transactions performed 
+** sequentially by separate processes. This is useful if the system cannot 
+** guarantee that a single update process will run for long enough to apply 
+** the entire update, for example because the update is being applied on a 
+** mobile device that is frequently rebooted. Even after the writer process 
+** has committed one or more sub-transactions, other database clients continue
+** to read from the original database snapshot. In other words, partially 
+** applied transactions are not visible to other clients. 
+**
+** "RBU" stands for "Resumable Bulk Update". As in a large database update
+** transmitted via a wireless network to a mobile device. A transaction
+** applied using this extension is hence refered to as an "RBU update".
+**
+**
+** LIMITATIONS
+**
+** An "RBU update" transaction is subject to the following limitations:
+**
+**   * The transaction must consist of INSERT, UPDATE and DELETE operations
+**     only.
+**
+**   * INSERT statements may not use any default values.
+**
+**   * UPDATE and DELETE statements must identify their target rows by 
+**     non-NULL PRIMARY KEY values. Rows with NULL values stored in PRIMARY
+**     KEY fields may not be updated or deleted. If the table being written 
+**     has no PRIMARY KEY, affected rows must be identified by rowid.
+**
+**   * UPDATE statements may not modify PRIMARY KEY columns.
+**
+**   * No triggers will be fired.
+**
+**   * No foreign key violations are detected or reported.
+**
+**   * CHECK constraints are not enforced.
+**
+**   * No constraint handling mode except for "OR ROLLBACK" is supported.
+**
+**
+** PREPARATION
+**
+** An "RBU update" is stored as a separate SQLite database. A database
+** containing an RBU update is an "RBU database". For each table in the 
+** target database to be updated, the RBU database should contain a table
+** named "data_<target name>" containing the same set of columns as the
+** target table, and one more - "rbu_control". The data_% table should 
+** have no PRIMARY KEY or UNIQUE constraints, but each column should have
+** the same type as the corresponding column in the target database.
+** The "rbu_control" column should have no type at all. For example, if
+** the target database contains:
+**
+**   CREATE TABLE t1(a INTEGER PRIMARY KEY, b TEXT, c UNIQUE);
+**
+** Then the RBU database should contain:
+**
+**   CREATE TABLE data_t1(a INTEGER, b TEXT, c, rbu_control);
+**
+** The order of the columns in the data_% table does not matter.
+**
+** Instead of a regular table, the RBU database may also contain virtual
+** tables or view named using the data_<target> naming scheme. 
+**
+** Instead of the plain data_<target> naming scheme, RBU database tables 
+** may also be named data<integer>_<target>, where <integer> is any sequence
+** of zero or more numeric characters (0-9). This can be significant because
+** tables within the RBU database are always processed in order sorted by 
+** name. By judicious selection of the the <integer> portion of the names
+** of the RBU tables the user can therefore control the order in which they
+** are processed. This can be useful, for example, to ensure that "external
+** content" FTS4 tables are updated before their underlying content tables.
+**
+** If the target database table is a virtual table or a table that has no
+** PRIMARY KEY declaration, the data_% table must also contain a column 
+** named "rbu_rowid". This column is mapped to the tables implicit primary 
+** key column - "rowid". Virtual tables for which the "rowid" column does 
+** not function like a primary key value cannot be updated using RBU. For 
+** example, if the target db contains either of the following:
+**
+**   CREATE VIRTUAL TABLE x1 USING fts3(a, b);
+**   CREATE TABLE x1(a, b)
+**
+** then the RBU database should contain:
+**
+**   CREATE TABLE data_x1(a, b, rbu_rowid, rbu_control);
+**
+** All non-hidden columns (i.e. all columns matched by "SELECT *") of the
+** target table must be present in the input table. For virtual tables,
+** hidden columns are optional - they are updated by RBU if present in
+** the input table, or not otherwise. For example, to write to an fts4
+** table with a hidden languageid column such as:
+**
+**   CREATE VIRTUAL TABLE ft1 USING fts4(a, b, languageid='langid');
+**
+** Either of the following input table schemas may be used:
+**
+**   CREATE TABLE data_ft1(a, b, langid, rbu_rowid, rbu_control);
+**   CREATE TABLE data_ft1(a, b, rbu_rowid, rbu_control);
+**
+** For each row to INSERT into the target database as part of the RBU 
+** update, the corresponding data_% table should contain a single record
+** with the "rbu_control" column set to contain integer value 0. The
+** other columns should be set to the values that make up the new record 
+** to insert. 
+**
+** If the target database table has an INTEGER PRIMARY KEY, it is not 
+** possible to insert a NULL value into the IPK column. Attempting to 
+** do so results in an SQLITE_MISMATCH error.
+**
+** For each row to DELETE from the target database as part of the RBU 
+** update, the corresponding data_% table should contain a single record
+** with the "rbu_control" column set to contain integer value 1. The
+** real primary key values of the row to delete should be stored in the
+** corresponding columns of the data_% table. The values stored in the
+** other columns are not used.
+**
+** For each row to UPDATE from the target database as part of the RBU 
+** update, the corresponding data_% table should contain a single record
+** with the "rbu_control" column set to contain a value of type text.
+** The real primary key values identifying the row to update should be 
+** stored in the corresponding columns of the data_% table row, as should
+** the new values of all columns being update. The text value in the 
+** "rbu_control" column must contain the same number of characters as
+** there are columns in the target database table, and must consist entirely
+** of 'x' and '.' characters (or in some special cases 'd' - see below). For 
+** each column that is being updated, the corresponding character is set to
+** 'x'. For those that remain as they are, the corresponding character of the
+** rbu_control value should be set to '.'. For example, given the tables 
+** above, the update statement:
+**
+**   UPDATE t1 SET c = 'usa' WHERE a = 4;
+**
+** is represented by the data_t1 row created by:
+**
+**   INSERT INTO data_t1(a, b, c, rbu_control) VALUES(4, NULL, 'usa', '..x');
+**
+** Instead of an 'x' character, characters of the rbu_control value specified
+** for UPDATEs may also be set to 'd'. In this case, instead of updating the
+** target table with the value stored in the corresponding data_% column, the
+** user-defined SQL function "rbu_delta()" is invoked and the result stored in
+** the target table column. rbu_delta() is invoked with two arguments - the
+** original value currently stored in the target table column and the 
+** value specified in the data_xxx table.
+**
+** For example, this row:
+**
+**   INSERT INTO data_t1(a, b, c, rbu_control) VALUES(4, NULL, 'usa', '..d');
+**
+** is similar to an UPDATE statement such as: 
+**
+**   UPDATE t1 SET c = rbu_delta(c, 'usa') WHERE a = 4;
+**
+** Finally, if an 'f' character appears in place of a 'd' or 's' in an 
+** ota_control string, the contents of the data_xxx table column is assumed
+** to be a "fossil delta" - a patch to be applied to a blob value in the
+** format used by the fossil source-code management system. In this case
+** the existing value within the target database table must be of type BLOB. 
+** It is replaced by the result of applying the specified fossil delta to
+** itself.
+**
+** If the target database table is a virtual table or a table with no PRIMARY
+** KEY, the rbu_control value should not include a character corresponding 
+** to the rbu_rowid value. For example, this:
+**
+**   INSERT INTO data_ft1(a, b, rbu_rowid, rbu_control) 
+**       VALUES(NULL, 'usa', 12, '.x');
+**
+** causes a result similar to:
+**
+**   UPDATE ft1 SET b = 'usa' WHERE rowid = 12;
+**
+** The data_xxx tables themselves should have no PRIMARY KEY declarations.
+** However, RBU is more efficient if reading the rows in from each data_xxx
+** table in "rowid" order is roughly the same as reading them sorted by
+** the PRIMARY KEY of the corresponding target database table. In other 
+** words, rows should be sorted using the destination table PRIMARY KEY 
+** fields before they are inserted into the data_xxx tables.
+**
+** USAGE
+**
+** The API declared below allows an application to apply an RBU update 
+** stored on disk to an existing target database. Essentially, the 
+** application:
+**
+**     1) Opens an RBU handle using the sqlite3rbu_open() function.
+**
+**     2) Registers any required virtual table modules with the database
+**        handle returned by sqlite3rbu_db(). Also, if required, register
+**        the rbu_delta() implementation.
+**
+**     3) Calls the sqlite3rbu_step() function one or more times on
+**        the new handle. Each call to sqlite3rbu_step() performs a single
+**        b-tree operation, so thousands of calls may be required to apply 
+**        a complete update.
+**
+**     4) Calls sqlite3rbu_close() to close the RBU update handle. If
+**        sqlite3rbu_step() has been called enough times to completely
+**        apply the update to the target database, then the RBU database
+**        is marked as fully applied. Otherwise, the state of the RBU 
+**        update application is saved in the RBU database for later 
+**        resumption.
+**
+** See comments below for more detail on APIs.
+**
+** If an update is only partially applied to the target database by the
+** time sqlite3rbu_close() is called, various state information is saved 
+** within the RBU database. This allows subsequent processes to automatically
+** resume the RBU update from where it left off.
+**
+** To remove all RBU extension state information, returning an RBU database 
+** to its original contents, it is sufficient to drop all tables that begin
+** with the prefix "rbu_"
+**
+** DATABASE LOCKING
+**
+** An RBU update may not be applied to a database in WAL mode. Attempting
+** to do so is an error (SQLITE_ERROR).
+**
+** While an RBU handle is open, a SHARED lock may be held on the target
+** database file. This means it is possible for other clients to read the
+** database, but not to write it.
+**
+** If an RBU update is started and then suspended before it is completed,
+** then an external client writes to the database, then attempting to resume
+** the suspended RBU update is also an error (SQLITE_BUSY).
+*/
+
+#ifndef _SQLITE3RBU_H
+#define _SQLITE3RBU_H
+
+/* #include "sqlite3.h"              ** Required for error code definitions ** */
+
+#if 0
+extern "C" {
+#endif
+
+typedef struct sqlite3rbu sqlite3rbu;
+
+/*
+** Open an RBU handle.
+**
+** Argument zTarget is the path to the target database. Argument zRbu is
+** the path to the RBU database. Each call to this function must be matched
+** by a call to sqlite3rbu_close(). When opening the databases, RBU passes
+** the SQLITE_CONFIG_URI flag to sqlite3_open_v2(). So if either zTarget
+** or zRbu begin with "file:", it will be interpreted as an SQLite 
+** database URI, not a regular file name.
+**
+** If the zState argument is passed a NULL value, the RBU extension stores 
+** the current state of the update (how many rows have been updated, which 
+** indexes are yet to be updated etc.) within the RBU database itself. This
+** can be convenient, as it means that the RBU application does not need to
+** organize removing a separate state file after the update is concluded. 
+** Or, if zState is non-NULL, it must be a path to a database file in which 
+** the RBU extension can store the state of the update.
+**
+** When resuming an RBU update, the zState argument must be passed the same
+** value as when the RBU update was started.
+**
+** Once the RBU update is finished, the RBU extension does not 
+** automatically remove any zState database file, even if it created it.
+**
+** By default, RBU uses the default VFS to access the files on disk. To
+** use a VFS other than the default, an SQLite "file:" URI containing a
+** "vfs=..." option may be passed as the zTarget option.
+**
+** IMPORTANT NOTE FOR ZIPVFS USERS: The RBU extension works with all of
+** SQLite's built-in VFSs, including the multiplexor VFS. However it does
+** not work out of the box with zipvfs. Refer to the comment describing
+** the zipvfs_create_vfs() API below for details on using RBU with zipvfs.
+*/
+SQLITE_API sqlite3rbu *SQLITE_STDCALL sqlite3rbu_open(
+  const char *zTarget, 
+  const char *zRbu,
+  const char *zState
+);
+
+/*
+** Internally, each RBU connection uses a separate SQLite database 
+** connection to access the target and rbu update databases. This
+** API allows the application direct access to these database handles.
+**
+** The first argument passed to this function must be a valid, open, RBU
+** handle. The second argument should be passed zero to access the target
+** database handle, or non-zero to access the rbu update database handle.
+** Accessing the underlying database handles may be useful in the
+** following scenarios:
+**
+**   * If any target tables are virtual tables, it may be necessary to
+**     call sqlite3_create_module() on the target database handle to 
+**     register the required virtual table implementations.
+**
+**   * If the data_xxx tables in the RBU source database are virtual 
+**     tables, the application may need to call sqlite3_create_module() on
+**     the rbu update db handle to any required virtual table
+**     implementations.
+**
+**   * If the application uses the "rbu_delta()" feature described above,
+**     it must use sqlite3_create_function() or similar to register the
+**     rbu_delta() implementation with the target database handle.
+**
+** If an error has occurred, either while opening or stepping the RBU object,
+** this function may return NULL. The error code and message may be collected
+** when sqlite3rbu_close() is called.
+**
+** Database handles returned by this function remain valid until the next
+** call to any sqlite3rbu_xxx() function other than sqlite3rbu_db().
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3rbu_db(sqlite3rbu*, int bRbu);
+
+/*
+** Do some work towards applying the RBU update to the target db. 
+**
+** Return SQLITE_DONE if the update has been completely applied, or 
+** SQLITE_OK if no error occurs but there remains work to do to apply
+** the RBU update. If an error does occur, some other error code is 
+** returned. 
+**
+** Once a call to sqlite3rbu_step() has returned a value other than
+** SQLITE_OK, all subsequent calls on the same RBU handle are no-ops
+** that immediately return the same value.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_step(sqlite3rbu *pRbu);
+
+/*
+** Force RBU to save its state to disk.
+**
+** If a power failure or application crash occurs during an update, following
+** system recovery RBU may resume the update from the point at which the state
+** was last saved. In other words, from the most recent successful call to 
+** sqlite3rbu_close() or this function.
+**
+** SQLITE_OK is returned if successful, or an SQLite error code otherwise.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_savestate(sqlite3rbu *pRbu);
+
+/*
+** Close an RBU handle. 
+**
+** If the RBU update has been completely applied, mark the RBU database
+** as fully applied. Otherwise, assuming no error has occurred, save the
+** current state of the RBU update appliation to the RBU database.
+**
+** If an error has already occurred as part of an sqlite3rbu_step()
+** or sqlite3rbu_open() call, or if one occurs within this function, an
+** SQLite error code is returned. Additionally, *pzErrmsg may be set to
+** point to a buffer containing a utf-8 formatted English language error
+** message. It is the responsibility of the caller to eventually free any 
+** such buffer using sqlite3_free().
+**
+** Otherwise, if no error occurs, this function returns SQLITE_OK if the
+** update has been partially applied, or SQLITE_DONE if it has been 
+** completely applied.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_close(sqlite3rbu *pRbu, char **pzErrmsg);
+
+/*
+** Return the total number of key-value operations (inserts, deletes or 
+** updates) that have been performed on the target database since the
+** current RBU update was started.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3rbu_progress(sqlite3rbu *pRbu);
+
+/*
+** Create an RBU VFS named zName that accesses the underlying file-system
+** via existing VFS zParent. Or, if the zParent parameter is passed NULL, 
+** then the new RBU VFS uses the default system VFS to access the file-system.
+** The new object is registered as a non-default VFS with SQLite before 
+** returning.
+**
+** Part of the RBU implementation uses a custom VFS object. Usually, this
+** object is created and deleted automatically by RBU. 
+**
+** The exception is for applications that also use zipvfs. In this case,
+** the custom VFS must be explicitly created by the user before the RBU
+** handle is opened. The RBU VFS should be installed so that the zipvfs
+** VFS uses the RBU VFS, which in turn uses any other VFS layers in use 
+** (for example multiplexor) to access the file-system. For example,
+** to assemble an RBU enabled VFS stack that uses both zipvfs and 
+** multiplexor (error checking omitted):
+**
+**     // Create a VFS named "multiplex" (not the default).
+**     sqlite3_multiplex_initialize(0, 0);
+**
+**     // Create an rbu VFS named "rbu" that uses multiplexor. If the
+**     // second argument were replaced with NULL, the "rbu" VFS would
+**     // access the file-system via the system default VFS, bypassing the
+**     // multiplexor.
+**     sqlite3rbu_create_vfs("rbu", "multiplex");
+**
+**     // Create a zipvfs VFS named "zipvfs" that uses rbu.
+**     zipvfs_create_vfs_v3("zipvfs", "rbu", 0, xCompressorAlgorithmDetector);
+**
+**     // Make zipvfs the default VFS.
+**     sqlite3_vfs_register(sqlite3_vfs_find("zipvfs"), 1);
+**
+** Because the default VFS created above includes a RBU functionality, it
+** may be used by RBU clients. Attempting to use RBU with a zipvfs VFS stack
+** that does not include the RBU layer results in an error.
+**
+** The overhead of adding the "rbu" VFS to the system is negligible for 
+** non-RBU users. There is no harm in an application accessing the 
+** file-system via "rbu" all the time, even if it only uses RBU functionality 
+** occasionally.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_create_vfs(const char *zName, const char *zParent);
+
+/*
+** Deregister and destroy an RBU vfs created by an earlier call to
+** sqlite3rbu_create_vfs().
+**
+** VFS objects are not reference counted. If a VFS object is destroyed
+** before all database handles that use it have been closed, the results
+** are undefined.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3rbu_destroy_vfs(const char *zName);
+
+#if 0
+}  /* end of the 'extern "C"' block */
+#endif
+
+#endif /* _SQLITE3RBU_H */
+
+/************** End of sqlite3rbu.h ******************************************/
+/************** Continuing where we left off in sqlite3rbu.c *****************/
+
+#if defined(_WIN32_WCE)
+/* #include "windows.h" */
+#endif
+
+/* Maximum number of prepared UPDATE statements held by this module */
+#define SQLITE_RBU_UPDATE_CACHESIZE 16
+
+/*
+** Swap two objects of type TYPE.
+*/
+#if !defined(SQLITE_AMALGAMATION)
+# define SWAP(TYPE,A,B) {TYPE t=A; A=B; B=t;}
+#endif
+
+/*
+** The rbu_state table is used to save the state of a partially applied
+** update so that it can be resumed later. The table consists of integer
+** keys mapped to values as follows:
+**
+** RBU_STATE_STAGE:
+**   May be set to integer values 1, 2, 4 or 5. As follows:
+**       1: the *-rbu file is currently under construction.
+**       2: the *-rbu file has been constructed, but not yet moved 
+**          to the *-wal path.
+**       4: the checkpoint is underway.
+**       5: the rbu update has been checkpointed.
+**
+** RBU_STATE_TBL:
+**   Only valid if STAGE==1. The target database name of the table 
+**   currently being written.
+**
+** RBU_STATE_IDX:
+**   Only valid if STAGE==1. The target database name of the index 
+**   currently being written, or NULL if the main table is currently being
+**   updated.
+**
+** RBU_STATE_ROW:
+**   Only valid if STAGE==1. Number of rows already processed for the current
+**   table/index.
+**
+** RBU_STATE_PROGRESS:
+**   Trbul number of sqlite3rbu_step() calls made so far as part of this
+**   rbu update.
+**
+** RBU_STATE_CKPT:
+**   Valid if STAGE==4. The 64-bit checksum associated with the wal-index
+**   header created by recovering the *-wal file. This is used to detect
+**   cases when another client appends frames to the *-wal file in the
+**   middle of an incremental checkpoint (an incremental checkpoint cannot
+**   be continued if this happens).
+**
+** RBU_STATE_COOKIE:
+**   Valid if STAGE==1. The current change-counter cookie value in the 
+**   target db file.
+**
+** RBU_STATE_OALSZ:
+**   Valid if STAGE==1. The size in bytes of the *-oal file.
+*/
+#define RBU_STATE_STAGE       1
+#define RBU_STATE_TBL         2
+#define RBU_STATE_IDX         3
+#define RBU_STATE_ROW         4
+#define RBU_STATE_PROGRESS    5
+#define RBU_STATE_CKPT        6
+#define RBU_STATE_COOKIE      7
+#define RBU_STATE_OALSZ       8
+
+#define RBU_STAGE_OAL         1
+#define RBU_STAGE_MOVE        2
+#define RBU_STAGE_CAPTURE     3
+#define RBU_STAGE_CKPT        4
+#define RBU_STAGE_DONE        5
+
+
+#define RBU_CREATE_STATE \
+  "CREATE TABLE IF NOT EXISTS %s.rbu_state(k INTEGER PRIMARY KEY, v)"
+
+typedef struct RbuFrame RbuFrame;
+typedef struct RbuObjIter RbuObjIter;
+typedef struct RbuState RbuState;
+typedef struct rbu_vfs rbu_vfs;
+typedef struct rbu_file rbu_file;
+typedef struct RbuUpdateStmt RbuUpdateStmt;
+
+#if !defined(SQLITE_AMALGAMATION)
+typedef unsigned int u32;
+typedef unsigned char u8;
+typedef sqlite3_int64 i64;
+#endif
+
+/*
+** These values must match the values defined in wal.c for the equivalent
+** locks. These are not magic numbers as they are part of the SQLite file
+** format.
+*/
+#define WAL_LOCK_WRITE  0
+#define WAL_LOCK_CKPT   1
+#define WAL_LOCK_READ0  3
+
+/*
+** A structure to store values read from the rbu_state table in memory.
+*/
+struct RbuState {
+  int eStage;
+  char *zTbl;
+  char *zIdx;
+  i64 iWalCksum;
+  int nRow;
+  i64 nProgress;
+  u32 iCookie;
+  i64 iOalSz;
+};
+
+struct RbuUpdateStmt {
+  char *zMask;                    /* Copy of update mask used with pUpdate */
+  sqlite3_stmt *pUpdate;          /* Last update statement (or NULL) */
+  RbuUpdateStmt *pNext;
+};
+
+/*
+** An iterator of this type is used to iterate through all objects in
+** the target database that require updating. For each such table, the
+** iterator visits, in order:
+**
+**     * the table itself, 
+**     * each index of the table (zero or more points to visit), and
+**     * a special "cleanup table" state.
+**
+** abIndexed:
+**   If the table has no indexes on it, abIndexed is set to NULL. Otherwise,
+**   it points to an array of flags nTblCol elements in size. The flag is
+**   set for each column that is either a part of the PK or a part of an
+**   index. Or clear otherwise.
+**   
+*/
+struct RbuObjIter {
+  sqlite3_stmt *pTblIter;         /* Iterate through tables */
+  sqlite3_stmt *pIdxIter;         /* Index iterator */
+  int nTblCol;                    /* Size of azTblCol[] array */
+  char **azTblCol;                /* Array of unquoted target column names */
+  char **azTblType;               /* Array of target column types */
+  int *aiSrcOrder;                /* src table col -> target table col */
+  u8 *abTblPk;                    /* Array of flags, set on target PK columns */
+  u8 *abNotNull;                  /* Array of flags, set on NOT NULL columns */
+  u8 *abIndexed;                  /* Array of flags, set on indexed & PK cols */
+  int eType;                      /* Table type - an RBU_PK_XXX value */
+
+  /* Output variables. zTbl==0 implies EOF. */
+  int bCleanup;                   /* True in "cleanup" state */
+  const char *zTbl;               /* Name of target db table */
+  const char *zDataTbl;           /* Name of rbu db table (or null) */
+  const char *zIdx;               /* Name of target db index (or null) */
+  int iTnum;                      /* Root page of current object */
+  int iPkTnum;                    /* If eType==EXTERNAL, root of PK index */
+  int bUnique;                    /* Current index is unique */
+
+  /* Statements created by rbuObjIterPrepareAll() */
+  int nCol;                       /* Number of columns in current object */
+  sqlite3_stmt *pSelect;          /* Source data */
+  sqlite3_stmt *pInsert;          /* Statement for INSERT operations */
+  sqlite3_stmt *pDelete;          /* Statement for DELETE ops */
+  sqlite3_stmt *pTmpInsert;       /* Insert into rbu_tmp_$zDataTbl */
+
+  /* Last UPDATE used (for PK b-tree updates only), or NULL. */
+  RbuUpdateStmt *pRbuUpdate;
+};
+
+/*
+** Values for RbuObjIter.eType
+**
+**     0: Table does not exist (error)
+**     1: Table has an implicit rowid.
+**     2: Table has an explicit IPK column.
+**     3: Table has an external PK index.
+**     4: Table is WITHOUT ROWID.
+**     5: Table is a virtual table.
+*/
+#define RBU_PK_NOTABLE        0
+#define RBU_PK_NONE           1
+#define RBU_PK_IPK            2
+#define RBU_PK_EXTERNAL       3
+#define RBU_PK_WITHOUT_ROWID  4
+#define RBU_PK_VTAB           5
+
+
+/*
+** Within the RBU_STAGE_OAL stage, each call to sqlite3rbu_step() performs
+** one of the following operations.
+*/
+#define RBU_INSERT     1          /* Insert on a main table b-tree */
+#define RBU_DELETE     2          /* Delete a row from a main table b-tree */
+#define RBU_IDX_DELETE 3          /* Delete a row from an aux. index b-tree */
+#define RBU_IDX_INSERT 4          /* Insert on an aux. index b-tree */
+#define RBU_UPDATE     5          /* Update a row in a main table b-tree */
+
+
+/*
+** A single step of an incremental checkpoint - frame iWalFrame of the wal
+** file should be copied to page iDbPage of the database file.
+*/
+struct RbuFrame {
+  u32 iDbPage;
+  u32 iWalFrame;
+};
+
+/*
+** RBU handle.
+*/
+struct sqlite3rbu {
+  int eStage;                     /* Value of RBU_STATE_STAGE field */
+  sqlite3 *dbMain;                /* target database handle */
+  sqlite3 *dbRbu;                 /* rbu database handle */
+  char *zTarget;                  /* Path to target db */
+  char *zRbu;                     /* Path to rbu db */
+  char *zState;                   /* Path to state db (or NULL if zRbu) */
+  char zStateDb[5];               /* Db name for state ("stat" or "main") */
+  int rc;                         /* Value returned by last rbu_step() call */
+  char *zErrmsg;                  /* Error message if rc!=SQLITE_OK */
+  int nStep;                      /* Rows processed for current object */
+  int nProgress;                  /* Rows processed for all objects */
+  RbuObjIter objiter;             /* Iterator for skipping through tbl/idx */
+  const char *zVfsName;           /* Name of automatically created rbu vfs */
+  rbu_file *pTargetFd;            /* File handle open on target db */
+  i64 iOalSz;
+
+  /* The following state variables are used as part of the incremental
+  ** checkpoint stage (eStage==RBU_STAGE_CKPT). See comments surrounding
+  ** function rbuSetupCheckpoint() for details.  */
+  u32 iMaxFrame;                  /* Largest iWalFrame value in aFrame[] */
+  u32 mLock;
+  int nFrame;                     /* Entries in aFrame[] array */
+  int nFrameAlloc;                /* Allocated size of aFrame[] array */
+  RbuFrame *aFrame;
+  int pgsz;
+  u8 *aBuf;
+  i64 iWalCksum;
+};
+
+/*
+** An rbu VFS is implemented using an instance of this structure.
+*/
+struct rbu_vfs {
+  sqlite3_vfs base;               /* rbu VFS shim methods */
+  sqlite3_vfs *pRealVfs;          /* Underlying VFS */
+  sqlite3_mutex *mutex;           /* Mutex to protect pMain */
+  rbu_file *pMain;                /* Linked list of main db files */
+};
+
+/*
+** Each file opened by an rbu VFS is represented by an instance of
+** the following structure.
+*/
+struct rbu_file {
+  sqlite3_file base;              /* sqlite3_file methods */
+  sqlite3_file *pReal;            /* Underlying file handle */
+  rbu_vfs *pRbuVfs;               /* Pointer to the rbu_vfs object */
+  sqlite3rbu *pRbu;               /* Pointer to rbu object (rbu target only) */
+
+  int openFlags;                  /* Flags this file was opened with */
+  u32 iCookie;                    /* Cookie value for main db files */
+  u8 iWriteVer;                   /* "write-version" value for main db files */
+
+  int nShm;                       /* Number of entries in apShm[] array */
+  char **apShm;                   /* Array of mmap'd *-shm regions */
+  char *zDel;                     /* Delete this when closing file */
+
+  const char *zWal;               /* Wal filename for this main db file */
+  rbu_file *pWalFd;               /* Wal file descriptor for this main db */
+  rbu_file *pMainNext;            /* Next MAIN_DB file */
+};
+
+
+/*************************************************************************
+** The following three functions, found below:
+**
+**   rbuDeltaGetInt()
+**   rbuDeltaChecksum()
+**   rbuDeltaApply()
+**
+** are lifted from the fossil source code (http://fossil-scm.org). They
+** are used to implement the scalar SQL function rbu_fossil_delta().
+*/
+
+/*
+** Read bytes from *pz and convert them into a positive integer.  When
+** finished, leave *pz pointing to the first character past the end of
+** the integer.  The *pLen parameter holds the length of the string
+** in *pz and is decremented once for each character in the integer.
+*/
+static unsigned int rbuDeltaGetInt(const char **pz, int *pLen){
+  static const signed char zValue[] = {
+    -1, -1, -1, -1, -1, -1, -1, -1,   -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,   -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,   -1, -1, -1, -1, -1, -1, -1, -1,
+     0,  1,  2,  3,  4,  5,  6,  7,    8,  9, -1, -1, -1, -1, -1, -1,
+    -1, 10, 11, 12, 13, 14, 15, 16,   17, 18, 19, 20, 21, 22, 23, 24,
+    25, 26, 27, 28, 29, 30, 31, 32,   33, 34, 35, -1, -1, -1, -1, 36,
+    -1, 37, 38, 39, 40, 41, 42, 43,   44, 45, 46, 47, 48, 49, 50, 51,
+    52, 53, 54, 55, 56, 57, 58, 59,   60, 61, 62, -1, -1, -1, 63, -1,
+  };
+  unsigned int v = 0;
+  int c;
+  unsigned char *z = (unsigned char*)*pz;
+  unsigned char *zStart = z;
+  while( (c = zValue[0x7f&*(z++)])>=0 ){
+     v = (v<<6) + c;
+  }
+  z--;
+  *pLen -= z - zStart;
+  *pz = (char*)z;
+  return v;
+}
+
+/*
+** Compute a 32-bit checksum on the N-byte buffer.  Return the result.
+*/
+static unsigned int rbuDeltaChecksum(const char *zIn, size_t N){
+  const unsigned char *z = (const unsigned char *)zIn;
+  unsigned sum0 = 0;
+  unsigned sum1 = 0;
+  unsigned sum2 = 0;
+  unsigned sum3 = 0;
+  while(N >= 16){
+    sum0 += ((unsigned)z[0] + z[4] + z[8] + z[12]);
+    sum1 += ((unsigned)z[1] + z[5] + z[9] + z[13]);
+    sum2 += ((unsigned)z[2] + z[6] + z[10]+ z[14]);
+    sum3 += ((unsigned)z[3] + z[7] + z[11]+ z[15]);
+    z += 16;
+    N -= 16;
+  }
+  while(N >= 4){
+    sum0 += z[0];
+    sum1 += z[1];
+    sum2 += z[2];
+    sum3 += z[3];
+    z += 4;
+    N -= 4;
+  }
+  sum3 += (sum2 << 8) + (sum1 << 16) + (sum0 << 24);
+  switch(N){
+    case 3:   sum3 += (z[2] << 8);
+    case 2:   sum3 += (z[1] << 16);
+    case 1:   sum3 += (z[0] << 24);
+    default:  ;
+  }
+  return sum3;
+}
+
+/*
+** Apply a delta.
+**
+** The output buffer should be big enough to hold the whole output
+** file and a NUL terminator at the end.  The delta_output_size()
+** routine will determine this size for you.
+**
+** The delta string should be null-terminated.  But the delta string
+** may contain embedded NUL characters (if the input and output are
+** binary files) so we also have to pass in the length of the delta in
+** the lenDelta parameter.
+**
+** This function returns the size of the output file in bytes (excluding
+** the final NUL terminator character).  Except, if the delta string is
+** malformed or intended for use with a source file other than zSrc,
+** then this routine returns -1.
+**
+** Refer to the delta_create() documentation above for a description
+** of the delta file format.
+*/
+static int rbuDeltaApply(
+  const char *zSrc,      /* The source or pattern file */
+  int lenSrc,            /* Length of the source file */
+  const char *zDelta,    /* Delta to apply to the pattern */
+  int lenDelta,          /* Length of the delta */
+  char *zOut             /* Write the output into this preallocated buffer */
+){
+  unsigned int limit;
+  unsigned int total = 0;
+#ifndef FOSSIL_OMIT_DELTA_CKSUM_TEST
+  char *zOrigOut = zOut;
+#endif
+
+  limit = rbuDeltaGetInt(&zDelta, &lenDelta);
+  if( *zDelta!='\n' ){
+    /* ERROR: size integer not terminated by "\n" */
+    return -1;
+  }
+  zDelta++; lenDelta--;
+  while( *zDelta && lenDelta>0 ){
+    unsigned int cnt, ofst;
+    cnt = rbuDeltaGetInt(&zDelta, &lenDelta);
+    switch( zDelta[0] ){
+      case '@': {
+        zDelta++; lenDelta--;
+        ofst = rbuDeltaGetInt(&zDelta, &lenDelta);
+        if( lenDelta>0 && zDelta[0]!=',' ){
+          /* ERROR: copy command not terminated by ',' */
+          return -1;
+        }
+        zDelta++; lenDelta--;
+        total += cnt;
+        if( total>limit ){
+          /* ERROR: copy exceeds output file size */
+          return -1;
+        }
+        if( (int)(ofst+cnt) > lenSrc ){
+          /* ERROR: copy extends past end of input */
+          return -1;
+        }
+        memcpy(zOut, &zSrc[ofst], cnt);
+        zOut += cnt;
+        break;
+      }
+      case ':': {
+        zDelta++; lenDelta--;
+        total += cnt;
+        if( total>limit ){
+          /* ERROR:  insert command gives an output larger than predicted */
+          return -1;
+        }
+        if( (int)cnt>lenDelta ){
+          /* ERROR: insert count exceeds size of delta */
+          return -1;
+        }
+        memcpy(zOut, zDelta, cnt);
+        zOut += cnt;
+        zDelta += cnt;
+        lenDelta -= cnt;
+        break;
+      }
+      case ';': {
+        zDelta++; lenDelta--;
+        zOut[0] = 0;
+#ifndef FOSSIL_OMIT_DELTA_CKSUM_TEST
+        if( cnt!=rbuDeltaChecksum(zOrigOut, total) ){
+          /* ERROR:  bad checksum */
+          return -1;
+        }
+#endif
+        if( total!=limit ){
+          /* ERROR: generated size does not match predicted size */
+          return -1;
+        }
+        return total;
+      }
+      default: {
+        /* ERROR: unknown delta operator */
+        return -1;
+      }
+    }
+  }
+  /* ERROR: unterminated delta */
+  return -1;
+}
+
+static int rbuDeltaOutputSize(const char *zDelta, int lenDelta){
+  int size;
+  size = rbuDeltaGetInt(&zDelta, &lenDelta);
+  if( *zDelta!='\n' ){
+    /* ERROR: size integer not terminated by "\n" */
+    return -1;
+  }
+  return size;
+}
+
+/*
+** End of code taken from fossil.
+*************************************************************************/
+
+/*
+** Implementation of SQL scalar function rbu_fossil_delta().
+**
+** This function applies a fossil delta patch to a blob. Exactly two
+** arguments must be passed to this function. The first is the blob to
+** patch and the second the patch to apply. If no error occurs, this
+** function returns the patched blob.
+*/
+static void rbuFossilDeltaFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const char *aDelta;
+  int nDelta;
+  const char *aOrig;
+  int nOrig;
+
+  int nOut;
+  int nOut2;
+  char *aOut;
+
+  assert( argc==2 );
+
+  nOrig = sqlite3_value_bytes(argv[0]);
+  aOrig = (const char*)sqlite3_value_blob(argv[0]);
+  nDelta = sqlite3_value_bytes(argv[1]);
+  aDelta = (const char*)sqlite3_value_blob(argv[1]);
+
+  /* Figure out the size of the output */
+  nOut = rbuDeltaOutputSize(aDelta, nDelta);
+  if( nOut<0 ){
+    sqlite3_result_error(context, "corrupt fossil delta", -1);
+    return;
+  }
+
+  aOut = sqlite3_malloc(nOut+1);
+  if( aOut==0 ){
+    sqlite3_result_error_nomem(context);
+  }else{
+    nOut2 = rbuDeltaApply(aOrig, nOrig, aDelta, nDelta, aOut);
+    if( nOut2!=nOut ){
+      sqlite3_result_error(context, "corrupt fossil delta", -1);
+    }else{
+      sqlite3_result_blob(context, aOut, nOut, sqlite3_free);
+    }
+  }
+}
+
+
+/*
+** Prepare the SQL statement in buffer zSql against database handle db.
+** If successful, set *ppStmt to point to the new statement and return
+** SQLITE_OK. 
+**
+** Otherwise, if an error does occur, set *ppStmt to NULL and return
+** an SQLite error code. Additionally, set output variable *pzErrmsg to
+** point to a buffer containing an error message. It is the responsibility
+** of the caller to (eventually) free this buffer using sqlite3_free().
+*/
+static int prepareAndCollectError(
+  sqlite3 *db, 
+  sqlite3_stmt **ppStmt,
+  char **pzErrmsg,
+  const char *zSql
+){
+  int rc = sqlite3_prepare_v2(db, zSql, -1, ppStmt, 0);
+  if( rc!=SQLITE_OK ){
+    *pzErrmsg = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+    *ppStmt = 0;
+  }
+  return rc;
+}
+
+/*
+** Reset the SQL statement passed as the first argument. Return a copy
+** of the value returned by sqlite3_reset().
+**
+** If an error has occurred, then set *pzErrmsg to point to a buffer
+** containing an error message. It is the responsibility of the caller
+** to eventually free this buffer using sqlite3_free().
+*/
+static int resetAndCollectError(sqlite3_stmt *pStmt, char **pzErrmsg){
+  int rc = sqlite3_reset(pStmt);
+  if( rc!=SQLITE_OK ){
+    *pzErrmsg = sqlite3_mprintf("%s", sqlite3_errmsg(sqlite3_db_handle(pStmt)));
+  }
+  return rc;
+}
+
+/*
+** Unless it is NULL, argument zSql points to a buffer allocated using
+** sqlite3_malloc containing an SQL statement. This function prepares the SQL
+** statement against database db and frees the buffer. If statement 
+** compilation is successful, *ppStmt is set to point to the new statement 
+** handle and SQLITE_OK is returned. 
+**
+** Otherwise, if an error occurs, *ppStmt is set to NULL and an error code
+** returned. In this case, *pzErrmsg may also be set to point to an error
+** message. It is the responsibility of the caller to free this error message
+** buffer using sqlite3_free().
+**
+** If argument zSql is NULL, this function assumes that an OOM has occurred.
+** In this case SQLITE_NOMEM is returned and *ppStmt set to NULL.
+*/
+static int prepareFreeAndCollectError(
+  sqlite3 *db, 
+  sqlite3_stmt **ppStmt,
+  char **pzErrmsg,
+  char *zSql
+){
+  int rc;
+  assert( *pzErrmsg==0 );
+  if( zSql==0 ){
+    rc = SQLITE_NOMEM;
+    *ppStmt = 0;
+  }else{
+    rc = prepareAndCollectError(db, ppStmt, pzErrmsg, zSql);
+    sqlite3_free(zSql);
+  }
+  return rc;
+}
+
+/*
+** Free the RbuObjIter.azTblCol[] and RbuObjIter.abTblPk[] arrays allocated
+** by an earlier call to rbuObjIterCacheTableInfo().
+*/
+static void rbuObjIterFreeCols(RbuObjIter *pIter){
+  int i;
+  for(i=0; i<pIter->nTblCol; i++){
+    sqlite3_free(pIter->azTblCol[i]);
+    sqlite3_free(pIter->azTblType[i]);
+  }
+  sqlite3_free(pIter->azTblCol);
+  pIter->azTblCol = 0;
+  pIter->azTblType = 0;
+  pIter->aiSrcOrder = 0;
+  pIter->abTblPk = 0;
+  pIter->abNotNull = 0;
+  pIter->nTblCol = 0;
+  pIter->eType = 0;               /* Invalid value */
+}
+
+/*
+** Finalize all statements and free all allocations that are specific to
+** the current object (table/index pair).
+*/
+static void rbuObjIterClearStatements(RbuObjIter *pIter){
+  RbuUpdateStmt *pUp;
+
+  sqlite3_finalize(pIter->pSelect);
+  sqlite3_finalize(pIter->pInsert);
+  sqlite3_finalize(pIter->pDelete);
+  sqlite3_finalize(pIter->pTmpInsert);
+  pUp = pIter->pRbuUpdate;
+  while( pUp ){
+    RbuUpdateStmt *pTmp = pUp->pNext;
+    sqlite3_finalize(pUp->pUpdate);
+    sqlite3_free(pUp);
+    pUp = pTmp;
+  }
+  
+  pIter->pSelect = 0;
+  pIter->pInsert = 0;
+  pIter->pDelete = 0;
+  pIter->pRbuUpdate = 0;
+  pIter->pTmpInsert = 0;
+  pIter->nCol = 0;
+}
+
+/*
+** Clean up any resources allocated as part of the iterator object passed
+** as the only argument.
+*/
+static void rbuObjIterFinalize(RbuObjIter *pIter){
+  rbuObjIterClearStatements(pIter);
+  sqlite3_finalize(pIter->pTblIter);
+  sqlite3_finalize(pIter->pIdxIter);
+  rbuObjIterFreeCols(pIter);
+  memset(pIter, 0, sizeof(RbuObjIter));
+}
+
+/*
+** Advance the iterator to the next position.
+**
+** If no error occurs, SQLITE_OK is returned and the iterator is left 
+** pointing to the next entry. Otherwise, an error code and message is 
+** left in the RBU handle passed as the first argument. A copy of the 
+** error code is returned.
+*/
+static int rbuObjIterNext(sqlite3rbu *p, RbuObjIter *pIter){
+  int rc = p->rc;
+  if( rc==SQLITE_OK ){
+
+    /* Free any SQLite statements used while processing the previous object */ 
+    rbuObjIterClearStatements(pIter);
+    if( pIter->zIdx==0 ){
+      rc = sqlite3_exec(p->dbMain,
+          "DROP TRIGGER IF EXISTS temp.rbu_insert_tr;"
+          "DROP TRIGGER IF EXISTS temp.rbu_update1_tr;"
+          "DROP TRIGGER IF EXISTS temp.rbu_update2_tr;"
+          "DROP TRIGGER IF EXISTS temp.rbu_delete_tr;"
+          , 0, 0, &p->zErrmsg
+      );
+    }
+
+    if( rc==SQLITE_OK ){
+      if( pIter->bCleanup ){
+        rbuObjIterFreeCols(pIter);
+        pIter->bCleanup = 0;
+        rc = sqlite3_step(pIter->pTblIter);
+        if( rc!=SQLITE_ROW ){
+          rc = resetAndCollectError(pIter->pTblIter, &p->zErrmsg);
+          pIter->zTbl = 0;
+        }else{
+          pIter->zTbl = (const char*)sqlite3_column_text(pIter->pTblIter, 0);
+          pIter->zDataTbl = (const char*)sqlite3_column_text(pIter->pTblIter,1);
+          rc = (pIter->zDataTbl && pIter->zTbl) ? SQLITE_OK : SQLITE_NOMEM;
+        }
+      }else{
+        if( pIter->zIdx==0 ){
+          sqlite3_stmt *pIdx = pIter->pIdxIter;
+          rc = sqlite3_bind_text(pIdx, 1, pIter->zTbl, -1, SQLITE_STATIC);
+        }
+        if( rc==SQLITE_OK ){
+          rc = sqlite3_step(pIter->pIdxIter);
+          if( rc!=SQLITE_ROW ){
+            rc = resetAndCollectError(pIter->pIdxIter, &p->zErrmsg);
+            pIter->bCleanup = 1;
+            pIter->zIdx = 0;
+          }else{
+            pIter->zIdx = (const char*)sqlite3_column_text(pIter->pIdxIter, 0);
+            pIter->iTnum = sqlite3_column_int(pIter->pIdxIter, 1);
+            pIter->bUnique = sqlite3_column_int(pIter->pIdxIter, 2);
+            rc = pIter->zIdx ? SQLITE_OK : SQLITE_NOMEM;
+          }
+        }
+      }
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    rbuObjIterFinalize(pIter);
+    p->rc = rc;
+  }
+  return rc;
+}
+
+
+/*
+** The implementation of the rbu_target_name() SQL function. This function
+** accepts one argument - the name of a table in the RBU database. If the
+** table name matches the pattern:
+**
+**     data[0-9]_<name>
+**
+** where <name> is any sequence of 1 or more characters, <name> is returned.
+** Otherwise, if the only argument does not match the above pattern, an SQL
+** NULL is returned.
+**
+**     "data_t1"     -> "t1"
+**     "data0123_t2" -> "t2"
+**     "dataAB_t3"   -> NULL
+*/
+static void rbuTargetNameFunc(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  const char *zIn;
+  assert( argc==1 );
+
+  zIn = (const char*)sqlite3_value_text(argv[0]);
+  if( zIn && strlen(zIn)>4 && memcmp("data", zIn, 4)==0 ){
+    int i;
+    for(i=4; zIn[i]>='0' && zIn[i]<='9'; i++);
+    if( zIn[i]=='_' && zIn[i+1] ){
+      sqlite3_result_text(context, &zIn[i+1], -1, SQLITE_STATIC);
+    }
+  }
+}
+
+/*
+** Initialize the iterator structure passed as the second argument.
+**
+** If no error occurs, SQLITE_OK is returned and the iterator is left 
+** pointing to the first entry. Otherwise, an error code and message is 
+** left in the RBU handle passed as the first argument. A copy of the 
+** error code is returned.
+*/
+static int rbuObjIterFirst(sqlite3rbu *p, RbuObjIter *pIter){
+  int rc;
+  memset(pIter, 0, sizeof(RbuObjIter));
+
+  rc = prepareAndCollectError(p->dbRbu, &pIter->pTblIter, &p->zErrmsg, 
+      "SELECT rbu_target_name(name) AS target, name FROM sqlite_master "
+      "WHERE type IN ('table', 'view') AND target IS NOT NULL "
+      "ORDER BY name"
+  );
+
+  if( rc==SQLITE_OK ){
+    rc = prepareAndCollectError(p->dbMain, &pIter->pIdxIter, &p->zErrmsg,
+        "SELECT name, rootpage, sql IS NULL OR substr(8, 6)=='UNIQUE' "
+        "  FROM main.sqlite_master "
+        "  WHERE type='index' AND tbl_name = ?"
+    );
+  }
+
+  pIter->bCleanup = 1;
+  p->rc = rc;
+  return rbuObjIterNext(p, pIter);
+}
+
+/*
+** This is a wrapper around "sqlite3_mprintf(zFmt, ...)". If an OOM occurs,
+** an error code is stored in the RBU handle passed as the first argument.
+**
+** If an error has already occurred (p->rc is already set to something other
+** than SQLITE_OK), then this function returns NULL without modifying the
+** stored error code. In this case it still calls sqlite3_free() on any 
+** printf() parameters associated with %z conversions.
+*/
+static char *rbuMPrintf(sqlite3rbu *p, const char *zFmt, ...){
+  char *zSql = 0;
+  va_list ap;
+  va_start(ap, zFmt);
+  zSql = sqlite3_vmprintf(zFmt, ap);
+  if( p->rc==SQLITE_OK ){
+    if( zSql==0 ) p->rc = SQLITE_NOMEM;
+  }else{
+    sqlite3_free(zSql);
+    zSql = 0;
+  }
+  va_end(ap);
+  return zSql;
+}
+
+/*
+** Argument zFmt is a sqlite3_mprintf() style format string. The trailing
+** arguments are the usual subsitution values. This function performs
+** the printf() style substitutions and executes the result as an SQL
+** statement on the RBU handles database.
+**
+** If an error occurs, an error code and error message is stored in the
+** RBU handle. If an error has already occurred when this function is
+** called, it is a no-op.
+*/
+static int rbuMPrintfExec(sqlite3rbu *p, sqlite3 *db, const char *zFmt, ...){
+  va_list ap;
+  char *zSql;
+  va_start(ap, zFmt);
+  zSql = sqlite3_vmprintf(zFmt, ap);
+  if( p->rc==SQLITE_OK ){
+    if( zSql==0 ){
+      p->rc = SQLITE_NOMEM;
+    }else{
+      p->rc = sqlite3_exec(db, zSql, 0, 0, &p->zErrmsg);
+    }
+  }
+  sqlite3_free(zSql);
+  va_end(ap);
+  return p->rc;
+}
+
+/*
+** Attempt to allocate and return a pointer to a zeroed block of nByte 
+** bytes. 
+**
+** If an error (i.e. an OOM condition) occurs, return NULL and leave an 
+** error code in the rbu handle passed as the first argument. Or, if an 
+** error has already occurred when this function is called, return NULL 
+** immediately without attempting the allocation or modifying the stored
+** error code.
+*/
+static void *rbuMalloc(sqlite3rbu *p, int nByte){
+  void *pRet = 0;
+  if( p->rc==SQLITE_OK ){
+    assert( nByte>0 );
+    pRet = sqlite3_malloc(nByte);
+    if( pRet==0 ){
+      p->rc = SQLITE_NOMEM;
+    }else{
+      memset(pRet, 0, nByte);
+    }
+  }
+  return pRet;
+}
+
+
+/*
+** Allocate and zero the pIter->azTblCol[] and abTblPk[] arrays so that
+** there is room for at least nCol elements. If an OOM occurs, store an
+** error code in the RBU handle passed as the first argument.
+*/
+static void rbuAllocateIterArrays(sqlite3rbu *p, RbuObjIter *pIter, int nCol){
+  int nByte = (2*sizeof(char*) + sizeof(int) + 3*sizeof(u8)) * nCol;
+  char **azNew;
+
+  azNew = (char**)rbuMalloc(p, nByte);
+  if( azNew ){
+    pIter->azTblCol = azNew;
+    pIter->azTblType = &azNew[nCol];
+    pIter->aiSrcOrder = (int*)&pIter->azTblType[nCol];
+    pIter->abTblPk = (u8*)&pIter->aiSrcOrder[nCol];
+    pIter->abNotNull = (u8*)&pIter->abTblPk[nCol];
+    pIter->abIndexed = (u8*)&pIter->abNotNull[nCol];
+  }
+}
+
+/*
+** The first argument must be a nul-terminated string. This function
+** returns a copy of the string in memory obtained from sqlite3_malloc().
+** It is the responsibility of the caller to eventually free this memory
+** using sqlite3_free().
+**
+** If an OOM condition is encountered when attempting to allocate memory,
+** output variable (*pRc) is set to SQLITE_NOMEM before returning. Otherwise,
+** if the allocation succeeds, (*pRc) is left unchanged.
+*/
+static char *rbuStrndup(const char *zStr, int *pRc){
+  char *zRet = 0;
+
+  assert( *pRc==SQLITE_OK );
+  if( zStr ){
+    int nCopy = strlen(zStr) + 1;
+    zRet = (char*)sqlite3_malloc(nCopy);
+    if( zRet ){
+      memcpy(zRet, zStr, nCopy);
+    }else{
+      *pRc = SQLITE_NOMEM;
+    }
+  }
+
+  return zRet;
+}
+
+/*
+** Finalize the statement passed as the second argument.
+**
+** If the sqlite3_finalize() call indicates that an error occurs, and the
+** rbu handle error code is not already set, set the error code and error
+** message accordingly.
+*/
+static void rbuFinalize(sqlite3rbu *p, sqlite3_stmt *pStmt){
+  sqlite3 *db = sqlite3_db_handle(pStmt);
+  int rc = sqlite3_finalize(pStmt);
+  if( p->rc==SQLITE_OK && rc!=SQLITE_OK ){
+    p->rc = rc;
+    p->zErrmsg = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+  }
+}
+
+/* Determine the type of a table.
+**
+**   peType is of type (int*), a pointer to an output parameter of type
+**   (int). This call sets the output parameter as follows, depending
+**   on the type of the table specified by parameters dbName and zTbl.
+**
+**     RBU_PK_NOTABLE:       No such table.
+**     RBU_PK_NONE:          Table has an implicit rowid.
+**     RBU_PK_IPK:           Table has an explicit IPK column.
+**     RBU_PK_EXTERNAL:      Table has an external PK index.
+**     RBU_PK_WITHOUT_ROWID: Table is WITHOUT ROWID.
+**     RBU_PK_VTAB:          Table is a virtual table.
+**
+**   Argument *piPk is also of type (int*), and also points to an output
+**   parameter. Unless the table has an external primary key index 
+**   (i.e. unless *peType is set to 3), then *piPk is set to zero. Or,
+**   if the table does have an external primary key index, then *piPk
+**   is set to the root page number of the primary key index before
+**   returning.
+**
+** ALGORITHM:
+**
+**   if( no entry exists in sqlite_master ){
+**     return RBU_PK_NOTABLE
+**   }else if( sql for the entry starts with "CREATE VIRTUAL" ){
+**     return RBU_PK_VTAB
+**   }else if( "PRAGMA index_list()" for the table contains a "pk" index ){
+**     if( the index that is the pk exists in sqlite_master ){
+**       *piPK = rootpage of that index.
+**       return RBU_PK_EXTERNAL
+**     }else{
+**       return RBU_PK_WITHOUT_ROWID
+**     }
+**   }else if( "PRAGMA table_info()" lists one or more "pk" columns ){
+**     return RBU_PK_IPK
+**   }else{
+**     return RBU_PK_NONE
+**   }
+*/
+static void rbuTableType(
+  sqlite3rbu *p,
+  const char *zTab,
+  int *peType,
+  int *piTnum,
+  int *piPk
+){
+  /*
+  ** 0) SELECT count(*) FROM sqlite_master where name=%Q AND IsVirtual(%Q)
+  ** 1) PRAGMA index_list = ?
+  ** 2) SELECT count(*) FROM sqlite_master where name=%Q 
+  ** 3) PRAGMA table_info = ?
+  */
+  sqlite3_stmt *aStmt[4] = {0, 0, 0, 0};
+
+  *peType = RBU_PK_NOTABLE;
+  *piPk = 0;
+
+  assert( p->rc==SQLITE_OK );
+  p->rc = prepareFreeAndCollectError(p->dbMain, &aStmt[0], &p->zErrmsg, 
+    sqlite3_mprintf(
+          "SELECT (sql LIKE 'create virtual%%'), rootpage"
+          "  FROM sqlite_master"
+          " WHERE name=%Q", zTab
+  ));
+  if( p->rc!=SQLITE_OK || sqlite3_step(aStmt[0])!=SQLITE_ROW ){
+    /* Either an error, or no such table. */
+    goto rbuTableType_end;
+  }
+  if( sqlite3_column_int(aStmt[0], 0) ){
+    *peType = RBU_PK_VTAB;                     /* virtual table */
+    goto rbuTableType_end;
+  }
+  *piTnum = sqlite3_column_int(aStmt[0], 1);
+
+  p->rc = prepareFreeAndCollectError(p->dbMain, &aStmt[1], &p->zErrmsg, 
+    sqlite3_mprintf("PRAGMA index_list=%Q",zTab)
+  );
+  if( p->rc ) goto rbuTableType_end;
+  while( sqlite3_step(aStmt[1])==SQLITE_ROW ){
+    const u8 *zOrig = sqlite3_column_text(aStmt[1], 3);
+    const u8 *zIdx = sqlite3_column_text(aStmt[1], 1);
+    if( zOrig && zIdx && zOrig[0]=='p' ){
+      p->rc = prepareFreeAndCollectError(p->dbMain, &aStmt[2], &p->zErrmsg, 
+          sqlite3_mprintf(
+            "SELECT rootpage FROM sqlite_master WHERE name = %Q", zIdx
+      ));
+      if( p->rc==SQLITE_OK ){
+        if( sqlite3_step(aStmt[2])==SQLITE_ROW ){
+          *piPk = sqlite3_column_int(aStmt[2], 0);
+          *peType = RBU_PK_EXTERNAL;
+        }else{
+          *peType = RBU_PK_WITHOUT_ROWID;
+        }
+      }
+      goto rbuTableType_end;
+    }
+  }
+
+  p->rc = prepareFreeAndCollectError(p->dbMain, &aStmt[3], &p->zErrmsg, 
+    sqlite3_mprintf("PRAGMA table_info=%Q",zTab)
+  );
+  if( p->rc==SQLITE_OK ){
+    while( sqlite3_step(aStmt[3])==SQLITE_ROW ){
+      if( sqlite3_column_int(aStmt[3],5)>0 ){
+        *peType = RBU_PK_IPK;                /* explicit IPK column */
+        goto rbuTableType_end;
+      }
+    }
+    *peType = RBU_PK_NONE;
+  }
+
+rbuTableType_end: {
+    unsigned int i;
+    for(i=0; i<sizeof(aStmt)/sizeof(aStmt[0]); i++){
+      rbuFinalize(p, aStmt[i]);
+    }
+  }
+}
+
+/*
+** This is a helper function for rbuObjIterCacheTableInfo(). It populates
+** the pIter->abIndexed[] array.
+*/
+static void rbuObjIterCacheIndexedCols(sqlite3rbu *p, RbuObjIter *pIter){
+  sqlite3_stmt *pList = 0;
+  int bIndex = 0;
+
+  if( p->rc==SQLITE_OK ){
+    memcpy(pIter->abIndexed, pIter->abTblPk, sizeof(u8)*pIter->nTblCol);
+    p->rc = prepareFreeAndCollectError(p->dbMain, &pList, &p->zErrmsg,
+        sqlite3_mprintf("PRAGMA main.index_list = %Q", pIter->zTbl)
+    );
+  }
+
+  while( p->rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pList) ){
+    const char *zIdx = (const char*)sqlite3_column_text(pList, 1);
+    sqlite3_stmt *pXInfo = 0;
+    if( zIdx==0 ) break;
+    p->rc = prepareFreeAndCollectError(p->dbMain, &pXInfo, &p->zErrmsg,
+        sqlite3_mprintf("PRAGMA main.index_xinfo = %Q", zIdx)
+    );
+    while( p->rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pXInfo) ){
+      int iCid = sqlite3_column_int(pXInfo, 1);
+      if( iCid>=0 ) pIter->abIndexed[iCid] = 1;
+    }
+    rbuFinalize(p, pXInfo);
+    bIndex = 1;
+  }
+
+  rbuFinalize(p, pList);
+  if( bIndex==0 ) pIter->abIndexed = 0;
+}
+
+
+/*
+** If they are not already populated, populate the pIter->azTblCol[],
+** pIter->abTblPk[], pIter->nTblCol and pIter->bRowid variables according to
+** the table (not index) that the iterator currently points to.
+**
+** Return SQLITE_OK if successful, or an SQLite error code otherwise. If
+** an error does occur, an error code and error message are also left in 
+** the RBU handle.
+*/
+static int rbuObjIterCacheTableInfo(sqlite3rbu *p, RbuObjIter *pIter){
+  if( pIter->azTblCol==0 ){
+    sqlite3_stmt *pStmt = 0;
+    int nCol = 0;
+    int i;                        /* for() loop iterator variable */
+    int bRbuRowid = 0;            /* If input table has column "rbu_rowid" */
+    int iOrder = 0;
+    int iTnum = 0;
+
+    /* Figure out the type of table this step will deal with. */
+    assert( pIter->eType==0 );
+    rbuTableType(p, pIter->zTbl, &pIter->eType, &iTnum, &pIter->iPkTnum);
+    if( p->rc==SQLITE_OK && pIter->eType==RBU_PK_NOTABLE ){
+      p->rc = SQLITE_ERROR;
+      p->zErrmsg = sqlite3_mprintf("no such table: %s", pIter->zTbl);
+    }
+    if( p->rc ) return p->rc;
+    if( pIter->zIdx==0 ) pIter->iTnum = iTnum;
+
+    assert( pIter->eType==RBU_PK_NONE || pIter->eType==RBU_PK_IPK 
+         || pIter->eType==RBU_PK_EXTERNAL || pIter->eType==RBU_PK_WITHOUT_ROWID
+         || pIter->eType==RBU_PK_VTAB
+    );
+
+    /* Populate the azTblCol[] and nTblCol variables based on the columns
+    ** of the input table. Ignore any input table columns that begin with
+    ** "rbu_".  */
+    p->rc = prepareFreeAndCollectError(p->dbRbu, &pStmt, &p->zErrmsg, 
+        sqlite3_mprintf("SELECT * FROM '%q'", pIter->zDataTbl)
+    );
+    if( p->rc==SQLITE_OK ){
+      nCol = sqlite3_column_count(pStmt);
+      rbuAllocateIterArrays(p, pIter, nCol);
+    }
+    for(i=0; p->rc==SQLITE_OK && i<nCol; i++){
+      const char *zName = (const char*)sqlite3_column_name(pStmt, i);
+      if( sqlite3_strnicmp("rbu_", zName, 4) ){
+        char *zCopy = rbuStrndup(zName, &p->rc);
+        pIter->aiSrcOrder[pIter->nTblCol] = pIter->nTblCol;
+        pIter->azTblCol[pIter->nTblCol++] = zCopy;
+      }
+      else if( 0==sqlite3_stricmp("rbu_rowid", zName) ){
+        bRbuRowid = 1;
+      }
+    }
+    sqlite3_finalize(pStmt);
+    pStmt = 0;
+
+    if( p->rc==SQLITE_OK
+     && bRbuRowid!=(pIter->eType==RBU_PK_VTAB || pIter->eType==RBU_PK_NONE)
+    ){
+      p->rc = SQLITE_ERROR;
+      p->zErrmsg = sqlite3_mprintf(
+          "table %q %s rbu_rowid column", pIter->zDataTbl,
+          (bRbuRowid ? "may not have" : "requires")
+      );
+    }
+
+    /* Check that all non-HIDDEN columns in the destination table are also
+    ** present in the input table. Populate the abTblPk[], azTblType[] and
+    ** aiTblOrder[] arrays at the same time.  */
+    if( p->rc==SQLITE_OK ){
+      p->rc = prepareFreeAndCollectError(p->dbMain, &pStmt, &p->zErrmsg, 
+          sqlite3_mprintf("PRAGMA table_info(%Q)", pIter->zTbl)
+      );
+    }
+    while( p->rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pStmt) ){
+      const char *zName = (const char*)sqlite3_column_text(pStmt, 1);
+      if( zName==0 ) break;  /* An OOM - finalize() below returns S_NOMEM */
+      for(i=iOrder; i<pIter->nTblCol; i++){
+        if( 0==strcmp(zName, pIter->azTblCol[i]) ) break;
+      }
+      if( i==pIter->nTblCol ){
+        p->rc = SQLITE_ERROR;
+        p->zErrmsg = sqlite3_mprintf("column missing from %q: %s",
+            pIter->zDataTbl, zName
+        );
+      }else{
+        int iPk = sqlite3_column_int(pStmt, 5);
+        int bNotNull = sqlite3_column_int(pStmt, 3);
+        const char *zType = (const char*)sqlite3_column_text(pStmt, 2);
+
+        if( i!=iOrder ){
+          SWAP(int, pIter->aiSrcOrder[i], pIter->aiSrcOrder[iOrder]);
+          SWAP(char*, pIter->azTblCol[i], pIter->azTblCol[iOrder]);
+        }
+
+        pIter->azTblType[iOrder] = rbuStrndup(zType, &p->rc);
+        pIter->abTblPk[iOrder] = (iPk!=0);
+        pIter->abNotNull[iOrder] = (u8)bNotNull || (iPk!=0);
+        iOrder++;
+      }
+    }
+
+    rbuFinalize(p, pStmt);
+    rbuObjIterCacheIndexedCols(p, pIter);
+    assert( pIter->eType!=RBU_PK_VTAB || pIter->abIndexed==0 );
+  }
+
+  return p->rc;
+}
+
+/*
+** This function constructs and returns a pointer to a nul-terminated 
+** string containing some SQL clause or list based on one or more of the 
+** column names currently stored in the pIter->azTblCol[] array.
+*/
+static char *rbuObjIterGetCollist(
+  sqlite3rbu *p,                  /* RBU object */
+  RbuObjIter *pIter               /* Object iterator for column names */
+){
+  char *zList = 0;
+  const char *zSep = "";
+  int i;
+  for(i=0; i<pIter->nTblCol; i++){
+    const char *z = pIter->azTblCol[i];
+    zList = rbuMPrintf(p, "%z%s\"%w\"", zList, zSep, z);
+    zSep = ", ";
+  }
+  return zList;
+}
+
+/*
+** This function is used to create a SELECT list (the list of SQL 
+** expressions that follows a SELECT keyword) for a SELECT statement 
+** used to read from an data_xxx or rbu_tmp_xxx table while updating the 
+** index object currently indicated by the iterator object passed as the 
+** second argument. A "PRAGMA index_xinfo = <idxname>" statement is used 
+** to obtain the required information.
+**
+** If the index is of the following form:
+**
+**   CREATE INDEX i1 ON t1(c, b COLLATE nocase);
+**
+** and "t1" is a table with an explicit INTEGER PRIMARY KEY column 
+** "ipk", the returned string is:
+**
+**   "`c` COLLATE 'BINARY', `b` COLLATE 'NOCASE', `ipk` COLLATE 'BINARY'"
+**
+** As well as the returned string, three other malloc'd strings are 
+** returned via output parameters. As follows:
+**
+**   pzImposterCols: ...
+**   pzImposterPk: ...
+**   pzWhere: ...
+*/
+static char *rbuObjIterGetIndexCols(
+  sqlite3rbu *p,                  /* RBU object */
+  RbuObjIter *pIter,              /* Object iterator for column names */
+  char **pzImposterCols,          /* OUT: Columns for imposter table */
+  char **pzImposterPk,            /* OUT: Imposter PK clause */
+  char **pzWhere,                 /* OUT: WHERE clause */
+  int *pnBind                     /* OUT: Trbul number of columns */
+){
+  int rc = p->rc;                 /* Error code */
+  int rc2;                        /* sqlite3_finalize() return code */
+  char *zRet = 0;                 /* String to return */
+  char *zImpCols = 0;             /* String to return via *pzImposterCols */
+  char *zImpPK = 0;               /* String to return via *pzImposterPK */
+  char *zWhere = 0;               /* String to return via *pzWhere */
+  int nBind = 0;                  /* Value to return via *pnBind */
+  const char *zCom = "";          /* Set to ", " later on */
+  const char *zAnd = "";          /* Set to " AND " later on */
+  sqlite3_stmt *pXInfo = 0;       /* PRAGMA index_xinfo = ? */
+
+  if( rc==SQLITE_OK ){
+    assert( p->zErrmsg==0 );
+    rc = prepareFreeAndCollectError(p->dbMain, &pXInfo, &p->zErrmsg,
+        sqlite3_mprintf("PRAGMA main.index_xinfo = %Q", pIter->zIdx)
+    );
+  }
+
+  while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pXInfo) ){
+    int iCid = sqlite3_column_int(pXInfo, 1);
+    int bDesc = sqlite3_column_int(pXInfo, 3);
+    const char *zCollate = (const char*)sqlite3_column_text(pXInfo, 4);
+    const char *zCol;
+    const char *zType;
+
+    if( iCid<0 ){
+      /* An integer primary key. If the table has an explicit IPK, use
+      ** its name. Otherwise, use "rbu_rowid".  */
+      if( pIter->eType==RBU_PK_IPK ){
+        int i;
+        for(i=0; pIter->abTblPk[i]==0; i++);
+        assert( i<pIter->nTblCol );
+        zCol = pIter->azTblCol[i];
+      }else{
+        zCol = "rbu_rowid";
+      }
+      zType = "INTEGER";
+    }else{
+      zCol = pIter->azTblCol[iCid];
+      zType = pIter->azTblType[iCid];
+    }
+
+    zRet = sqlite3_mprintf("%z%s\"%w\" COLLATE %Q", zRet, zCom, zCol, zCollate);
+    if( pIter->bUnique==0 || sqlite3_column_int(pXInfo, 5) ){
+      const char *zOrder = (bDesc ? " DESC" : "");
+      zImpPK = sqlite3_mprintf("%z%s\"rbu_imp_%d%w\"%s", 
+          zImpPK, zCom, nBind, zCol, zOrder
+      );
+    }
+    zImpCols = sqlite3_mprintf("%z%s\"rbu_imp_%d%w\" %s COLLATE %Q", 
+        zImpCols, zCom, nBind, zCol, zType, zCollate
+    );
+    zWhere = sqlite3_mprintf(
+        "%z%s\"rbu_imp_%d%w\" IS ?", zWhere, zAnd, nBind, zCol
+    );
+    if( zRet==0 || zImpPK==0 || zImpCols==0 || zWhere==0 ) rc = SQLITE_NOMEM;
+    zCom = ", ";
+    zAnd = " AND ";
+    nBind++;
+  }
+
+  rc2 = sqlite3_finalize(pXInfo);
+  if( rc==SQLITE_OK ) rc = rc2;
+
+  if( rc!=SQLITE_OK ){
+    sqlite3_free(zRet);
+    sqlite3_free(zImpCols);
+    sqlite3_free(zImpPK);
+    sqlite3_free(zWhere);
+    zRet = 0;
+    zImpCols = 0;
+    zImpPK = 0;
+    zWhere = 0;
+    p->rc = rc;
+  }
+
+  *pzImposterCols = zImpCols;
+  *pzImposterPk = zImpPK;
+  *pzWhere = zWhere;
+  *pnBind = nBind;
+  return zRet;
+}
+
+/*
+** Assuming the current table columns are "a", "b" and "c", and the zObj
+** paramter is passed "old", return a string of the form:
+**
+**     "old.a, old.b, old.b"
+**
+** With the column names escaped.
+**
+** For tables with implicit rowids - RBU_PK_EXTERNAL and RBU_PK_NONE, append
+** the text ", old._rowid_" to the returned value.
+*/
+static char *rbuObjIterGetOldlist(
+  sqlite3rbu *p, 
+  RbuObjIter *pIter,
+  const char *zObj
+){
+  char *zList = 0;
+  if( p->rc==SQLITE_OK && pIter->abIndexed ){
+    const char *zS = "";
+    int i;
+    for(i=0; i<pIter->nTblCol; i++){
+      if( pIter->abIndexed[i] ){
+        const char *zCol = pIter->azTblCol[i];
+        zList = sqlite3_mprintf("%z%s%s.\"%w\"", zList, zS, zObj, zCol);
+      }else{
+        zList = sqlite3_mprintf("%z%sNULL", zList, zS);
+      }
+      zS = ", ";
+      if( zList==0 ){
+        p->rc = SQLITE_NOMEM;
+        break;
+      }
+    }
+
+    /* For a table with implicit rowids, append "old._rowid_" to the list. */
+    if( pIter->eType==RBU_PK_EXTERNAL || pIter->eType==RBU_PK_NONE ){
+      zList = rbuMPrintf(p, "%z, %s._rowid_", zList, zObj);
+    }
+  }
+  return zList;
+}
+
+/*
+** Return an expression that can be used in a WHERE clause to match the
+** primary key of the current table. For example, if the table is:
+**
+**   CREATE TABLE t1(a, b, c, PRIMARY KEY(b, c));
+**
+** Return the string:
+**
+**   "b = ?1 AND c = ?2"
+*/
+static char *rbuObjIterGetWhere(
+  sqlite3rbu *p, 
+  RbuObjIter *pIter
+){
+  char *zList = 0;
+  if( pIter->eType==RBU_PK_VTAB || pIter->eType==RBU_PK_NONE ){
+    zList = rbuMPrintf(p, "_rowid_ = ?%d", pIter->nTblCol+1);
+  }else if( pIter->eType==RBU_PK_EXTERNAL ){
+    const char *zSep = "";
+    int i;
+    for(i=0; i<pIter->nTblCol; i++){
+      if( pIter->abTblPk[i] ){
+        zList = rbuMPrintf(p, "%z%sc%d=?%d", zList, zSep, i, i+1);
+        zSep = " AND ";
+      }
+    }
+    zList = rbuMPrintf(p, 
+        "_rowid_ = (SELECT id FROM rbu_imposter2 WHERE %z)", zList
+    );
+
+  }else{
+    const char *zSep = "";
+    int i;
+    for(i=0; i<pIter->nTblCol; i++){
+      if( pIter->abTblPk[i] ){
+        const char *zCol = pIter->azTblCol[i];
+        zList = rbuMPrintf(p, "%z%s\"%w\"=?%d", zList, zSep, zCol, i+1);
+        zSep = " AND ";
+      }
+    }
+  }
+  return zList;
+}
+
+/*
+** The SELECT statement iterating through the keys for the current object
+** (p->objiter.pSelect) currently points to a valid row. However, there
+** is something wrong with the rbu_control value in the rbu_control value
+** stored in the (p->nCol+1)'th column. Set the error code and error message
+** of the RBU handle to something reflecting this.
+*/
+static void rbuBadControlError(sqlite3rbu *p){
+  p->rc = SQLITE_ERROR;
+  p->zErrmsg = sqlite3_mprintf("invalid rbu_control value");
+}
+
+
+/*
+** Return a nul-terminated string containing the comma separated list of
+** assignments that should be included following the "SET" keyword of
+** an UPDATE statement used to update the table object that the iterator
+** passed as the second argument currently points to if the rbu_control
+** column of the data_xxx table entry is set to zMask.
+**
+** The memory for the returned string is obtained from sqlite3_malloc().
+** It is the responsibility of the caller to eventually free it using
+** sqlite3_free(). 
+**
+** If an OOM error is encountered when allocating space for the new
+** string, an error code is left in the rbu handle passed as the first
+** argument and NULL is returned. Or, if an error has already occurred
+** when this function is called, NULL is returned immediately, without
+** attempting the allocation or modifying the stored error code.
+*/
+static char *rbuObjIterGetSetlist(
+  sqlite3rbu *p,
+  RbuObjIter *pIter,
+  const char *zMask
+){
+  char *zList = 0;
+  if( p->rc==SQLITE_OK ){
+    int i;
+
+    if( (int)strlen(zMask)!=pIter->nTblCol ){
+      rbuBadControlError(p);
+    }else{
+      const char *zSep = "";
+      for(i=0; i<pIter->nTblCol; i++){
+        char c = zMask[pIter->aiSrcOrder[i]];
+        if( c=='x' ){
+          zList = rbuMPrintf(p, "%z%s\"%w\"=?%d", 
+              zList, zSep, pIter->azTblCol[i], i+1
+          );
+          zSep = ", ";
+        }
+        else if( c=='d' ){
+          zList = rbuMPrintf(p, "%z%s\"%w\"=rbu_delta(\"%w\", ?%d)", 
+              zList, zSep, pIter->azTblCol[i], pIter->azTblCol[i], i+1
+          );
+          zSep = ", ";
+        }
+        else if( c=='f' ){
+          zList = rbuMPrintf(p, "%z%s\"%w\"=rbu_fossil_delta(\"%w\", ?%d)", 
+              zList, zSep, pIter->azTblCol[i], pIter->azTblCol[i], i+1
+          );
+          zSep = ", ";
+        }
+      }
+    }
+  }
+  return zList;
+}
+
+/*
+** Return a nul-terminated string consisting of nByte comma separated
+** "?" expressions. For example, if nByte is 3, return a pointer to
+** a buffer containing the string "?,?,?".
+**
+** The memory for the returned string is obtained from sqlite3_malloc().
+** It is the responsibility of the caller to eventually free it using
+** sqlite3_free(). 
+**
+** If an OOM error is encountered when allocating space for the new
+** string, an error code is left in the rbu handle passed as the first
+** argument and NULL is returned. Or, if an error has already occurred
+** when this function is called, NULL is returned immediately, without
+** attempting the allocation or modifying the stored error code.
+*/
+static char *rbuObjIterGetBindlist(sqlite3rbu *p, int nBind){
+  char *zRet = 0;
+  int nByte = nBind*2 + 1;
+
+  zRet = (char*)rbuMalloc(p, nByte);
+  if( zRet ){
+    int i;
+    for(i=0; i<nBind; i++){
+      zRet[i*2] = '?';
+      zRet[i*2+1] = (i+1==nBind) ? '\0' : ',';
+    }
+  }
+  return zRet;
+}
+
+/*
+** The iterator currently points to a table (not index) of type 
+** RBU_PK_WITHOUT_ROWID. This function creates the PRIMARY KEY 
+** declaration for the corresponding imposter table. For example,
+** if the iterator points to a table created as:
+**
+**   CREATE TABLE t1(a, b, c, PRIMARY KEY(b, a DESC)) WITHOUT ROWID
+**
+** this function returns:
+**
+**   PRIMARY KEY("b", "a" DESC)
+*/
+static char *rbuWithoutRowidPK(sqlite3rbu *p, RbuObjIter *pIter){
+  char *z = 0;
+  assert( pIter->zIdx==0 );
+  if( p->rc==SQLITE_OK ){
+    const char *zSep = "PRIMARY KEY(";
+    sqlite3_stmt *pXList = 0;     /* PRAGMA index_list = (pIter->zTbl) */
+    sqlite3_stmt *pXInfo = 0;     /* PRAGMA index_xinfo = <pk-index> */
+   
+    p->rc = prepareFreeAndCollectError(p->dbMain, &pXList, &p->zErrmsg,
+        sqlite3_mprintf("PRAGMA main.index_list = %Q", pIter->zTbl)
+    );
+    while( p->rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pXList) ){
+      const char *zOrig = (const char*)sqlite3_column_text(pXList,3);
+      if( zOrig && strcmp(zOrig, "pk")==0 ){
+        const char *zIdx = (const char*)sqlite3_column_text(pXList,1);
+        if( zIdx ){
+          p->rc = prepareFreeAndCollectError(p->dbMain, &pXInfo, &p->zErrmsg,
+              sqlite3_mprintf("PRAGMA main.index_xinfo = %Q", zIdx)
+          );
+        }
+        break;
+      }
+    }
+    rbuFinalize(p, pXList);
+
+    while( p->rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pXInfo) ){
+      if( sqlite3_column_int(pXInfo, 5) ){
+        /* int iCid = sqlite3_column_int(pXInfo, 0); */
+        const char *zCol = (const char*)sqlite3_column_text(pXInfo, 2);
+        const char *zDesc = sqlite3_column_int(pXInfo, 3) ? " DESC" : "";
+        z = rbuMPrintf(p, "%z%s\"%w\"%s", z, zSep, zCol, zDesc);
+        zSep = ", ";
+      }
+    }
+    z = rbuMPrintf(p, "%z)", z);
+    rbuFinalize(p, pXInfo);
+  }
+  return z;
+}
+
+/*
+** This function creates the second imposter table used when writing to
+** a table b-tree where the table has an external primary key. If the
+** iterator passed as the second argument does not currently point to
+** a table (not index) with an external primary key, this function is a
+** no-op. 
+**
+** Assuming the iterator does point to a table with an external PK, this
+** function creates a WITHOUT ROWID imposter table named "rbu_imposter2"
+** used to access that PK index. For example, if the target table is
+** declared as follows:
+**
+**   CREATE TABLE t1(a, b TEXT, c REAL, PRIMARY KEY(b, c));
+**
+** then the imposter table schema is:
+**
+**   CREATE TABLE rbu_imposter2(c1 TEXT, c2 REAL, id INTEGER) WITHOUT ROWID;
+**
+*/
+static void rbuCreateImposterTable2(sqlite3rbu *p, RbuObjIter *pIter){
+  if( p->rc==SQLITE_OK && pIter->eType==RBU_PK_EXTERNAL ){
+    int tnum = pIter->iPkTnum;    /* Root page of PK index */
+    sqlite3_stmt *pQuery = 0;     /* SELECT name ... WHERE rootpage = $tnum */
+    const char *zIdx = 0;         /* Name of PK index */
+    sqlite3_stmt *pXInfo = 0;     /* PRAGMA main.index_xinfo = $zIdx */
+    const char *zComma = "";
+    char *zCols = 0;              /* Used to build up list of table cols */
+    char *zPk = 0;                /* Used to build up table PK declaration */
+
+    /* Figure out the name of the primary key index for the current table.
+    ** This is needed for the argument to "PRAGMA index_xinfo". Set
+    ** zIdx to point to a nul-terminated string containing this name. */
+    p->rc = prepareAndCollectError(p->dbMain, &pQuery, &p->zErrmsg, 
+        "SELECT name FROM sqlite_master WHERE rootpage = ?"
+    );
+    if( p->rc==SQLITE_OK ){
+      sqlite3_bind_int(pQuery, 1, tnum);
+      if( SQLITE_ROW==sqlite3_step(pQuery) ){
+        zIdx = (const char*)sqlite3_column_text(pQuery, 0);
+      }
+    }
+    if( zIdx ){
+      p->rc = prepareFreeAndCollectError(p->dbMain, &pXInfo, &p->zErrmsg,
+          sqlite3_mprintf("PRAGMA main.index_xinfo = %Q", zIdx)
+      );
+    }
+    rbuFinalize(p, pQuery);
+
+    while( p->rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pXInfo) ){
+      int bKey = sqlite3_column_int(pXInfo, 5);
+      if( bKey ){
+        int iCid = sqlite3_column_int(pXInfo, 1);
+        int bDesc = sqlite3_column_int(pXInfo, 3);
+        const char *zCollate = (const char*)sqlite3_column_text(pXInfo, 4);
+        zCols = rbuMPrintf(p, "%z%sc%d %s COLLATE %s", zCols, zComma, 
+            iCid, pIter->azTblType[iCid], zCollate
+        );
+        zPk = rbuMPrintf(p, "%z%sc%d%s", zPk, zComma, iCid, bDesc?" DESC":"");
+        zComma = ", ";
+      }
+    }
+    zCols = rbuMPrintf(p, "%z, id INTEGER", zCols);
+    rbuFinalize(p, pXInfo);
+
+    sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 1, tnum);
+    rbuMPrintfExec(p, p->dbMain,
+        "CREATE TABLE rbu_imposter2(%z, PRIMARY KEY(%z)) WITHOUT ROWID", 
+        zCols, zPk
+    );
+    sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 0, 0);
+  }
+}
+
+/*
+** If an error has already occurred when this function is called, it 
+** immediately returns zero (without doing any work). Or, if an error
+** occurs during the execution of this function, it sets the error code
+** in the sqlite3rbu object indicated by the first argument and returns
+** zero.
+**
+** The iterator passed as the second argument is guaranteed to point to
+** a table (not an index) when this function is called. This function
+** attempts to create any imposter table required to write to the main
+** table b-tree of the table before returning. Non-zero is returned if
+** an imposter table are created, or zero otherwise.
+**
+** An imposter table is required in all cases except RBU_PK_VTAB. Only
+** virtual tables are written to directly. The imposter table has the 
+** same schema as the actual target table (less any UNIQUE constraints). 
+** More precisely, the "same schema" means the same columns, types, 
+** collation sequences. For tables that do not have an external PRIMARY
+** KEY, it also means the same PRIMARY KEY declaration.
+*/
+static void rbuCreateImposterTable(sqlite3rbu *p, RbuObjIter *pIter){
+  if( p->rc==SQLITE_OK && pIter->eType!=RBU_PK_VTAB ){
+    int tnum = pIter->iTnum;
+    const char *zComma = "";
+    char *zSql = 0;
+    int iCol;
+    sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 0, 1);
+
+    for(iCol=0; p->rc==SQLITE_OK && iCol<pIter->nTblCol; iCol++){
+      const char *zPk = "";
+      const char *zCol = pIter->azTblCol[iCol];
+      const char *zColl = 0;
+
+      p->rc = sqlite3_table_column_metadata(
+          p->dbMain, "main", pIter->zTbl, zCol, 0, &zColl, 0, 0, 0
+      );
+
+      if( pIter->eType==RBU_PK_IPK && pIter->abTblPk[iCol] ){
+        /* If the target table column is an "INTEGER PRIMARY KEY", add
+        ** "PRIMARY KEY" to the imposter table column declaration. */
+        zPk = "PRIMARY KEY ";
+      }
+      zSql = rbuMPrintf(p, "%z%s\"%w\" %s %sCOLLATE %s%s", 
+          zSql, zComma, zCol, pIter->azTblType[iCol], zPk, zColl,
+          (pIter->abNotNull[iCol] ? " NOT NULL" : "")
+      );
+      zComma = ", ";
+    }
+
+    if( pIter->eType==RBU_PK_WITHOUT_ROWID ){
+      char *zPk = rbuWithoutRowidPK(p, pIter);
+      if( zPk ){
+        zSql = rbuMPrintf(p, "%z, %z", zSql, zPk);
+      }
+    }
+
+    sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 1, tnum);
+    rbuMPrintfExec(p, p->dbMain, "CREATE TABLE \"rbu_imp_%w\"(%z)%s", 
+        pIter->zTbl, zSql, 
+        (pIter->eType==RBU_PK_WITHOUT_ROWID ? " WITHOUT ROWID" : "")
+    );
+    sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 0, 0);
+  }
+}
+
+/*
+** Prepare a statement used to insert rows into the "rbu_tmp_xxx" table.
+** Specifically a statement of the form:
+**
+**     INSERT INTO rbu_tmp_xxx VALUES(?, ?, ? ...);
+**
+** The number of bound variables is equal to the number of columns in
+** the target table, plus one (for the rbu_control column), plus one more 
+** (for the rbu_rowid column) if the target table is an implicit IPK or 
+** virtual table.
+*/
+static void rbuObjIterPrepareTmpInsert(
+  sqlite3rbu *p, 
+  RbuObjIter *pIter,
+  const char *zCollist,
+  const char *zRbuRowid
+){
+  int bRbuRowid = (pIter->eType==RBU_PK_EXTERNAL || pIter->eType==RBU_PK_NONE);
+  char *zBind = rbuObjIterGetBindlist(p, pIter->nTblCol + 1 + bRbuRowid);
+  if( zBind ){
+    assert( pIter->pTmpInsert==0 );
+    p->rc = prepareFreeAndCollectError(
+        p->dbRbu, &pIter->pTmpInsert, &p->zErrmsg, sqlite3_mprintf(
+          "INSERT INTO %s.'rbu_tmp_%q'(rbu_control,%s%s) VALUES(%z)", 
+          p->zStateDb, pIter->zDataTbl, zCollist, zRbuRowid, zBind
+    ));
+  }
+}
+
+static void rbuTmpInsertFunc(
+  sqlite3_context *pCtx, 
+  int nVal,
+  sqlite3_value **apVal
+){
+  sqlite3rbu *p = sqlite3_user_data(pCtx);
+  int rc = SQLITE_OK;
+  int i;
+
+  for(i=0; rc==SQLITE_OK && i<nVal; i++){
+    rc = sqlite3_bind_value(p->objiter.pTmpInsert, i+1, apVal[i]);
+  }
+  if( rc==SQLITE_OK ){
+    sqlite3_step(p->objiter.pTmpInsert);
+    rc = sqlite3_reset(p->objiter.pTmpInsert);
+  }
+
+  if( rc!=SQLITE_OK ){
+    sqlite3_result_error_code(pCtx, rc);
+  }
+}
+
+/*
+** Ensure that the SQLite statement handles required to update the 
+** target database object currently indicated by the iterator passed 
+** as the second argument are available.
+*/
+static int rbuObjIterPrepareAll(
+  sqlite3rbu *p, 
+  RbuObjIter *pIter,
+  int nOffset                     /* Add "LIMIT -1 OFFSET $nOffset" to SELECT */
+){
+  assert( pIter->bCleanup==0 );
+  if( pIter->pSelect==0 && rbuObjIterCacheTableInfo(p, pIter)==SQLITE_OK ){
+    const int tnum = pIter->iTnum;
+    char *zCollist = 0;           /* List of indexed columns */
+    char **pz = &p->zErrmsg;
+    const char *zIdx = pIter->zIdx;
+    char *zLimit = 0;
+
+    if( nOffset ){
+      zLimit = sqlite3_mprintf(" LIMIT -1 OFFSET %d", nOffset);
+      if( !zLimit ) p->rc = SQLITE_NOMEM;
+    }
+
+    if( zIdx ){
+      const char *zTbl = pIter->zTbl;
+      char *zImposterCols = 0;    /* Columns for imposter table */
+      char *zImposterPK = 0;      /* Primary key declaration for imposter */
+      char *zWhere = 0;           /* WHERE clause on PK columns */
+      char *zBind = 0;
+      int nBind = 0;
+
+      assert( pIter->eType!=RBU_PK_VTAB );
+      zCollist = rbuObjIterGetIndexCols(
+          p, pIter, &zImposterCols, &zImposterPK, &zWhere, &nBind
+      );
+      zBind = rbuObjIterGetBindlist(p, nBind);
+
+      /* Create the imposter table used to write to this index. */
+      sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 0, 1);
+      sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 1,tnum);
+      rbuMPrintfExec(p, p->dbMain,
+          "CREATE TABLE \"rbu_imp_%w\"( %s, PRIMARY KEY( %s ) ) WITHOUT ROWID",
+          zTbl, zImposterCols, zImposterPK
+      );
+      sqlite3_test_control(SQLITE_TESTCTRL_IMPOSTER, p->dbMain, "main", 0, 0);
+
+      /* Create the statement to insert index entries */
+      pIter->nCol = nBind;
+      if( p->rc==SQLITE_OK ){
+        p->rc = prepareFreeAndCollectError(
+            p->dbMain, &pIter->pInsert, &p->zErrmsg,
+          sqlite3_mprintf("INSERT INTO \"rbu_imp_%w\" VALUES(%s)", zTbl, zBind)
+        );
+      }
+
+      /* And to delete index entries */
+      if( p->rc==SQLITE_OK ){
+        p->rc = prepareFreeAndCollectError(
+            p->dbMain, &pIter->pDelete, &p->zErrmsg,
+          sqlite3_mprintf("DELETE FROM \"rbu_imp_%w\" WHERE %s", zTbl, zWhere)
+        );
+      }
+
+      /* Create the SELECT statement to read keys in sorted order */
+      if( p->rc==SQLITE_OK ){
+        char *zSql;
+        if( pIter->eType==RBU_PK_EXTERNAL || pIter->eType==RBU_PK_NONE ){
+          zSql = sqlite3_mprintf(
+              "SELECT %s, rbu_control FROM %s.'rbu_tmp_%q' ORDER BY %s%s",
+              zCollist, p->zStateDb, pIter->zDataTbl,
+              zCollist, zLimit
+          );
+        }else{
+          zSql = sqlite3_mprintf(
+              "SELECT %s, rbu_control FROM '%q' "
+              "WHERE typeof(rbu_control)='integer' AND rbu_control!=1 "
+              "UNION ALL "
+              "SELECT %s, rbu_control FROM %s.'rbu_tmp_%q' "
+              "ORDER BY %s%s",
+              zCollist, pIter->zDataTbl, 
+              zCollist, p->zStateDb, pIter->zDataTbl, 
+              zCollist, zLimit
+          );
+        }
+        p->rc = prepareFreeAndCollectError(p->dbRbu, &pIter->pSelect, pz, zSql);
+      }
+
+      sqlite3_free(zImposterCols);
+      sqlite3_free(zImposterPK);
+      sqlite3_free(zWhere);
+      sqlite3_free(zBind);
+    }else{
+      int bRbuRowid = (pIter->eType==RBU_PK_VTAB || pIter->eType==RBU_PK_NONE);
+      const char *zTbl = pIter->zTbl;       /* Table this step applies to */
+      const char *zWrite;                   /* Imposter table name */
+
+      char *zBindings = rbuObjIterGetBindlist(p, pIter->nTblCol + bRbuRowid);
+      char *zWhere = rbuObjIterGetWhere(p, pIter);
+      char *zOldlist = rbuObjIterGetOldlist(p, pIter, "old");
+      char *zNewlist = rbuObjIterGetOldlist(p, pIter, "new");
+
+      zCollist = rbuObjIterGetCollist(p, pIter);
+      pIter->nCol = pIter->nTblCol;
+
+      /* Create the imposter table or tables (if required). */
+      rbuCreateImposterTable(p, pIter);
+      rbuCreateImposterTable2(p, pIter);
+      zWrite = (pIter->eType==RBU_PK_VTAB ? "" : "rbu_imp_");
+
+      /* Create the INSERT statement to write to the target PK b-tree */
+      if( p->rc==SQLITE_OK ){
+        p->rc = prepareFreeAndCollectError(p->dbMain, &pIter->pInsert, pz,
+            sqlite3_mprintf(
+              "INSERT INTO \"%s%w\"(%s%s) VALUES(%s)", 
+              zWrite, zTbl, zCollist, (bRbuRowid ? ", _rowid_" : ""), zBindings
+            )
+        );
+      }
+
+      /* Create the DELETE statement to write to the target PK b-tree */
+      if( p->rc==SQLITE_OK ){
+        p->rc = prepareFreeAndCollectError(p->dbMain, &pIter->pDelete, pz,
+            sqlite3_mprintf(
+              "DELETE FROM \"%s%w\" WHERE %s", zWrite, zTbl, zWhere
+            )
+        );
+      }
+
+      if( pIter->abIndexed ){
+        const char *zRbuRowid = "";
+        if( pIter->eType==RBU_PK_EXTERNAL || pIter->eType==RBU_PK_NONE ){
+          zRbuRowid = ", rbu_rowid";
+        }
+
+        /* Create the rbu_tmp_xxx table and the triggers to populate it. */
+        rbuMPrintfExec(p, p->dbRbu,
+            "CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS "
+            "SELECT *%s FROM '%q' WHERE 0;"
+            , p->zStateDb, pIter->zDataTbl
+            , (pIter->eType==RBU_PK_EXTERNAL ? ", 0 AS rbu_rowid" : "")
+            , pIter->zDataTbl
+        );
+
+        rbuMPrintfExec(p, p->dbMain,
+            "CREATE TEMP TRIGGER rbu_delete_tr BEFORE DELETE ON \"%s%w\" "
+            "BEGIN "
+            "  SELECT rbu_tmp_insert(2, %s);"
+            "END;"
+
+            "CREATE TEMP TRIGGER rbu_update1_tr BEFORE UPDATE ON \"%s%w\" "
+            "BEGIN "
+            "  SELECT rbu_tmp_insert(2, %s);"
+            "END;"
+
+            "CREATE TEMP TRIGGER rbu_update2_tr AFTER UPDATE ON \"%s%w\" "
+            "BEGIN "
+            "  SELECT rbu_tmp_insert(3, %s);"
+            "END;",
+            zWrite, zTbl, zOldlist,
+            zWrite, zTbl, zOldlist,
+            zWrite, zTbl, zNewlist
+        );
+
+        if( pIter->eType==RBU_PK_EXTERNAL || pIter->eType==RBU_PK_NONE ){
+          rbuMPrintfExec(p, p->dbMain,
+              "CREATE TEMP TRIGGER rbu_insert_tr AFTER INSERT ON \"%s%w\" "
+              "BEGIN "
+              "  SELECT rbu_tmp_insert(0, %s);"
+              "END;",
+              zWrite, zTbl, zNewlist
+          );
+        }
+
+        rbuObjIterPrepareTmpInsert(p, pIter, zCollist, zRbuRowid);
+      }
+
+      /* Create the SELECT statement to read keys from data_xxx */
+      if( p->rc==SQLITE_OK ){
+        p->rc = prepareFreeAndCollectError(p->dbRbu, &pIter->pSelect, pz,
+            sqlite3_mprintf(
+              "SELECT %s, rbu_control%s FROM '%q'%s", 
+              zCollist, (bRbuRowid ? ", rbu_rowid" : ""), 
+              pIter->zDataTbl, zLimit
+            )
+        );
+      }
+
+      sqlite3_free(zWhere);
+      sqlite3_free(zOldlist);
+      sqlite3_free(zNewlist);
+      sqlite3_free(zBindings);
+    }
+    sqlite3_free(zCollist);
+    sqlite3_free(zLimit);
+  }
+  
+  return p->rc;
+}
+
+/*
+** Set output variable *ppStmt to point to an UPDATE statement that may
+** be used to update the imposter table for the main table b-tree of the
+** table object that pIter currently points to, assuming that the 
+** rbu_control column of the data_xyz table contains zMask.
+** 
+** If the zMask string does not specify any columns to update, then this
+** is not an error. Output variable *ppStmt is set to NULL in this case.
+*/
+static int rbuGetUpdateStmt(
+  sqlite3rbu *p,                  /* RBU handle */
+  RbuObjIter *pIter,              /* Object iterator */
+  const char *zMask,              /* rbu_control value ('x.x.') */
+  sqlite3_stmt **ppStmt           /* OUT: UPDATE statement handle */
+){
+  RbuUpdateStmt **pp;
+  RbuUpdateStmt *pUp = 0;
+  int nUp = 0;
+
+  /* In case an error occurs */
+  *ppStmt = 0;
+
+  /* Search for an existing statement. If one is found, shift it to the front
+  ** of the LRU queue and return immediately. Otherwise, leave nUp pointing
+  ** to the number of statements currently in the cache and pUp to the
+  ** last object in the list.  */
+  for(pp=&pIter->pRbuUpdate; *pp; pp=&((*pp)->pNext)){
+    pUp = *pp;
+    if( strcmp(pUp->zMask, zMask)==0 ){
+      *pp = pUp->pNext;
+      pUp->pNext = pIter->pRbuUpdate;
+      pIter->pRbuUpdate = pUp;
+      *ppStmt = pUp->pUpdate; 
+      return SQLITE_OK;
+    }
+    nUp++;
+  }
+  assert( pUp==0 || pUp->pNext==0 );
+
+  if( nUp>=SQLITE_RBU_UPDATE_CACHESIZE ){
+    for(pp=&pIter->pRbuUpdate; *pp!=pUp; pp=&((*pp)->pNext));
+    *pp = 0;
+    sqlite3_finalize(pUp->pUpdate);
+    pUp->pUpdate = 0;
+  }else{
+    pUp = (RbuUpdateStmt*)rbuMalloc(p, sizeof(RbuUpdateStmt)+pIter->nTblCol+1);
+  }
+
+  if( pUp ){
+    char *zWhere = rbuObjIterGetWhere(p, pIter);
+    char *zSet = rbuObjIterGetSetlist(p, pIter, zMask);
+    char *zUpdate = 0;
+
+    pUp->zMask = (char*)&pUp[1];
+    memcpy(pUp->zMask, zMask, pIter->nTblCol);
+    pUp->pNext = pIter->pRbuUpdate;
+    pIter->pRbuUpdate = pUp;
+
+    if( zSet ){
+      const char *zPrefix = "";
+
+      if( pIter->eType!=RBU_PK_VTAB ) zPrefix = "rbu_imp_";
+      zUpdate = sqlite3_mprintf("UPDATE \"%s%w\" SET %s WHERE %s", 
+          zPrefix, pIter->zTbl, zSet, zWhere
+      );
+      p->rc = prepareFreeAndCollectError(
+          p->dbMain, &pUp->pUpdate, &p->zErrmsg, zUpdate
+      );
+      *ppStmt = pUp->pUpdate;
+    }
+    sqlite3_free(zWhere);
+    sqlite3_free(zSet);
+  }
+
+  return p->rc;
+}
+
+static sqlite3 *rbuOpenDbhandle(sqlite3rbu *p, const char *zName){
+  sqlite3 *db = 0;
+  if( p->rc==SQLITE_OK ){
+    const int flags = SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_URI;
+    p->rc = sqlite3_open_v2(zName, &db, flags, p->zVfsName);
+    if( p->rc ){
+      p->zErrmsg = sqlite3_mprintf("%s", sqlite3_errmsg(db));
+      sqlite3_close(db);
+      db = 0;
+    }
+  }
+  return db;
+}
+
+/*
+** Open the database handle and attach the RBU database as "rbu". If an
+** error occurs, leave an error code and message in the RBU handle.
+*/
+static void rbuOpenDatabase(sqlite3rbu *p){
+  assert( p->rc==SQLITE_OK );
+  assert( p->dbMain==0 && p->dbRbu==0 );
+
+  p->eStage = 0;
+  p->dbMain = rbuOpenDbhandle(p, p->zTarget);
+  p->dbRbu = rbuOpenDbhandle(p, p->zRbu);
+
+  /* If using separate RBU and state databases, attach the state database to
+  ** the RBU db handle now.  */
+  if( p->zState ){
+    rbuMPrintfExec(p, p->dbRbu, "ATTACH %Q AS stat", p->zState);
+    memcpy(p->zStateDb, "stat", 4);
+  }else{
+    memcpy(p->zStateDb, "main", 4);
+  }
+
+  if( p->rc==SQLITE_OK ){
+    p->rc = sqlite3_create_function(p->dbMain, 
+        "rbu_tmp_insert", -1, SQLITE_UTF8, (void*)p, rbuTmpInsertFunc, 0, 0
+    );
+  }
+
+  if( p->rc==SQLITE_OK ){
+    p->rc = sqlite3_create_function(p->dbMain, 
+        "rbu_fossil_delta", 2, SQLITE_UTF8, 0, rbuFossilDeltaFunc, 0, 0
+    );
+  }
+
+  if( p->rc==SQLITE_OK ){
+    p->rc = sqlite3_create_function(p->dbRbu, 
+        "rbu_target_name", 1, SQLITE_UTF8, (void*)p, rbuTargetNameFunc, 0, 0
+    );
+  }
+
+  if( p->rc==SQLITE_OK ){
+    p->rc = sqlite3_file_control(p->dbMain, "main", SQLITE_FCNTL_RBU, (void*)p);
+  }
+  rbuMPrintfExec(p, p->dbMain, "SELECT * FROM sqlite_master");
+
+  /* Mark the database file just opened as an RBU target database. If 
+  ** this call returns SQLITE_NOTFOUND, then the RBU vfs is not in use.
+  ** This is an error.  */
+  if( p->rc==SQLITE_OK ){
+    p->rc = sqlite3_file_control(p->dbMain, "main", SQLITE_FCNTL_RBU, (void*)p);
+  }
+
+  if( p->rc==SQLITE_NOTFOUND ){
+    p->rc = SQLITE_ERROR;
+    p->zErrmsg = sqlite3_mprintf("rbu vfs not found");
+  }
+}
+
+/*
+** This routine is a copy of the sqlite3FileSuffix3() routine from the core.
+** It is a no-op unless SQLITE_ENABLE_8_3_NAMES is defined.
+**
+** If SQLITE_ENABLE_8_3_NAMES is set at compile-time and if the database
+** filename in zBaseFilename is a URI with the "8_3_names=1" parameter and
+** if filename in z[] has a suffix (a.k.a. "extension") that is longer than
+** three characters, then shorten the suffix on z[] to be the last three
+** characters of the original suffix.
+**
+** If SQLITE_ENABLE_8_3_NAMES is set to 2 at compile-time, then always
+** do the suffix shortening regardless of URI parameter.
+**
+** Examples:
+**
+**     test.db-journal    =>   test.nal
+**     test.db-wal        =>   test.wal
+**     test.db-shm        =>   test.shm
+**     test.db-mj7f3319fa =>   test.9fa
+*/
+static void rbuFileSuffix3(const char *zBase, char *z){
+#ifdef SQLITE_ENABLE_8_3_NAMES
+#if SQLITE_ENABLE_8_3_NAMES<2
+  if( sqlite3_uri_boolean(zBase, "8_3_names", 0) )
+#endif
+  {
+    int i, sz;
+    sz = sqlite3Strlen30(z);
+    for(i=sz-1; i>0 && z[i]!='/' && z[i]!='.'; i--){}
+    if( z[i]=='.' && ALWAYS(sz>i+4) ) memmove(&z[i+1], &z[sz-3], 4);
+  }
+#endif
+}
+
+/*
+** Return the current wal-index header checksum for the target database 
+** as a 64-bit integer.
+**
+** The checksum is store in the first page of xShmMap memory as an 8-byte 
+** blob starting at byte offset 40.
+*/
+static i64 rbuShmChecksum(sqlite3rbu *p){
+  i64 iRet = 0;
+  if( p->rc==SQLITE_OK ){
+    sqlite3_file *pDb = p->pTargetFd->pReal;
+    u32 volatile *ptr;
+    p->rc = pDb->pMethods->xShmMap(pDb, 0, 32*1024, 0, (void volatile**)&ptr);
+    if( p->rc==SQLITE_OK ){
+      iRet = ((i64)ptr[10] << 32) + ptr[11];
+    }
+  }
+  return iRet;
+}
+
+/*
+** This function is called as part of initializing or reinitializing an
+** incremental checkpoint. 
+**
+** It populates the sqlite3rbu.aFrame[] array with the set of 
+** (wal frame -> db page) copy operations required to checkpoint the 
+** current wal file, and obtains the set of shm locks required to safely 
+** perform the copy operations directly on the file-system.
+**
+** If argument pState is not NULL, then the incremental checkpoint is
+** being resumed. In this case, if the checksum of the wal-index-header
+** following recovery is not the same as the checksum saved in the RbuState
+** object, then the rbu handle is set to DONE state. This occurs if some
+** other client appends a transaction to the wal file in the middle of
+** an incremental checkpoint.
+*/
+static void rbuSetupCheckpoint(sqlite3rbu *p, RbuState *pState){
+
+  /* If pState is NULL, then the wal file may not have been opened and
+  ** recovered. Running a read-statement here to ensure that doing so
+  ** does not interfere with the "capture" process below.  */
+  if( pState==0 ){
+    p->eStage = 0;
+    if( p->rc==SQLITE_OK ){
+      p->rc = sqlite3_exec(p->dbMain, "SELECT * FROM sqlite_master", 0, 0, 0);
+    }
+  }
+
+  /* Assuming no error has occurred, run a "restart" checkpoint with the
+  ** sqlite3rbu.eStage variable set to CAPTURE. This turns on the following
+  ** special behaviour in the rbu VFS:
+  **
+  **   * If the exclusive shm WRITER or READ0 lock cannot be obtained,
+  **     the checkpoint fails with SQLITE_BUSY (normally SQLite would
+  **     proceed with running a passive checkpoint instead of failing).
+  **
+  **   * Attempts to read from the *-wal file or write to the database file
+  **     do not perform any IO. Instead, the frame/page combinations that
+  **     would be read/written are recorded in the sqlite3rbu.aFrame[]
+  **     array.
+  **
+  **   * Calls to xShmLock(UNLOCK) to release the exclusive shm WRITER, 
+  **     READ0 and CHECKPOINT locks taken as part of the checkpoint are
+  **     no-ops. These locks will not be released until the connection
+  **     is closed.
+  **
+  **   * Attempting to xSync() the database file causes an SQLITE_INTERNAL 
+  **     error.
+  **
+  ** As a result, unless an error (i.e. OOM or SQLITE_BUSY) occurs, the
+  ** checkpoint below fails with SQLITE_INTERNAL, and leaves the aFrame[]
+  ** array populated with a set of (frame -> page) mappings. Because the 
+  ** WRITER, CHECKPOINT and READ0 locks are still held, it is safe to copy 
+  ** data from the wal file into the database file according to the 
+  ** contents of aFrame[].
+  */
+  if( p->rc==SQLITE_OK ){
+    int rc2;
+    p->eStage = RBU_STAGE_CAPTURE;
+    rc2 = sqlite3_exec(p->dbMain, "PRAGMA main.wal_checkpoint=restart", 0, 0,0);
+    if( rc2!=SQLITE_INTERNAL ) p->rc = rc2;
+  }
+
+  if( p->rc==SQLITE_OK ){
+    p->eStage = RBU_STAGE_CKPT;
+    p->nStep = (pState ? pState->nRow : 0);
+    p->aBuf = rbuMalloc(p, p->pgsz);
+    p->iWalCksum = rbuShmChecksum(p);
+  }
+
+  if( p->rc==SQLITE_OK && pState && pState->iWalCksum!=p->iWalCksum ){
+    p->rc = SQLITE_DONE;
+    p->eStage = RBU_STAGE_DONE;
+  }
+}
+
+/*
+** Called when iAmt bytes are read from offset iOff of the wal file while
+** the rbu object is in capture mode. Record the frame number of the frame
+** being read in the aFrame[] array.
+*/
+static int rbuCaptureWalRead(sqlite3rbu *pRbu, i64 iOff, int iAmt){
+  const u32 mReq = (1<<WAL_LOCK_WRITE)|(1<<WAL_LOCK_CKPT)|(1<<WAL_LOCK_READ0);
+  u32 iFrame;
+
+  if( pRbu->mLock!=mReq ){
+    pRbu->rc = SQLITE_BUSY;
+    return SQLITE_INTERNAL;
+  }
+
+  pRbu->pgsz = iAmt;
+  if( pRbu->nFrame==pRbu->nFrameAlloc ){
+    int nNew = (pRbu->nFrameAlloc ? pRbu->nFrameAlloc : 64) * 2;
+    RbuFrame *aNew;
+    aNew = (RbuFrame*)sqlite3_realloc(pRbu->aFrame, nNew * sizeof(RbuFrame));
+    if( aNew==0 ) return SQLITE_NOMEM;
+    pRbu->aFrame = aNew;
+    pRbu->nFrameAlloc = nNew;
+  }
+
+  iFrame = (u32)((iOff-32) / (i64)(iAmt+24)) + 1;
+  if( pRbu->iMaxFrame<iFrame ) pRbu->iMaxFrame = iFrame;
+  pRbu->aFrame[pRbu->nFrame].iWalFrame = iFrame;
+  pRbu->aFrame[pRbu->nFrame].iDbPage = 0;
+  pRbu->nFrame++;
+  return SQLITE_OK;
+}
+
+/*
+** Called when a page of data is written to offset iOff of the database
+** file while the rbu handle is in capture mode. Record the page number 
+** of the page being written in the aFrame[] array.
+*/
+static int rbuCaptureDbWrite(sqlite3rbu *pRbu, i64 iOff){
+  pRbu->aFrame[pRbu->nFrame-1].iDbPage = (u32)(iOff / pRbu->pgsz) + 1;
+  return SQLITE_OK;
+}
+
+/*
+** This is called as part of an incremental checkpoint operation. Copy
+** a single frame of data from the wal file into the database file, as
+** indicated by the RbuFrame object.
+*/
+static void rbuCheckpointFrame(sqlite3rbu *p, RbuFrame *pFrame){
+  sqlite3_file *pWal = p->pTargetFd->pWalFd->pReal;
+  sqlite3_file *pDb = p->pTargetFd->pReal;
+  i64 iOff;
+
+  assert( p->rc==SQLITE_OK );
+  iOff = (i64)(pFrame->iWalFrame-1) * (p->pgsz + 24) + 32 + 24;
+  p->rc = pWal->pMethods->xRead(pWal, p->aBuf, p->pgsz, iOff);
+  if( p->rc ) return;
+
+  iOff = (i64)(pFrame->iDbPage-1) * p->pgsz;
+  p->rc = pDb->pMethods->xWrite(pDb, p->aBuf, p->pgsz, iOff);
+}
+
+
+/*
+** Take an EXCLUSIVE lock on the database file.
+*/
+static void rbuLockDatabase(sqlite3rbu *p){
+  sqlite3_file *pReal = p->pTargetFd->pReal;
+  assert( p->rc==SQLITE_OK );
+  p->rc = pReal->pMethods->xLock(pReal, SQLITE_LOCK_SHARED);
+  if( p->rc==SQLITE_OK ){
+    p->rc = pReal->pMethods->xLock(pReal, SQLITE_LOCK_EXCLUSIVE);
+  }
+}
+
+#if defined(_WIN32_WCE)
+static LPWSTR rbuWinUtf8ToUnicode(const char *zFilename){
+  int nChar;
+  LPWSTR zWideFilename;
+
+  nChar = MultiByteToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0);
+  if( nChar==0 ){
+    return 0;
+  }
+  zWideFilename = sqlite3_malloc( nChar*sizeof(zWideFilename[0]) );
+  if( zWideFilename==0 ){
+    return 0;
+  }
+  memset(zWideFilename, 0, nChar*sizeof(zWideFilename[0]));
+  nChar = MultiByteToWideChar(CP_UTF8, 0, zFilename, -1, zWideFilename,
+                                nChar);
+  if( nChar==0 ){
+    sqlite3_free(zWideFilename);
+    zWideFilename = 0;
+  }
+  return zWideFilename;
+}
+#endif
+
+/*
+** The RBU handle is currently in RBU_STAGE_OAL state, with a SHARED lock
+** on the database file. This proc moves the *-oal file to the *-wal path,
+** then reopens the database file (this time in vanilla, non-oal, WAL mode).
+** If an error occurs, leave an error code and error message in the rbu 
+** handle.
+*/
+static void rbuMoveOalFile(sqlite3rbu *p){
+  const char *zBase = sqlite3_db_filename(p->dbMain, "main");
+
+  char *zWal = sqlite3_mprintf("%s-wal", zBase);
+  char *zOal = sqlite3_mprintf("%s-oal", zBase);
+
+  assert( p->eStage==RBU_STAGE_MOVE );
+  assert( p->rc==SQLITE_OK && p->zErrmsg==0 );
+  if( zWal==0 || zOal==0 ){
+    p->rc = SQLITE_NOMEM;
+  }else{
+    /* Move the *-oal file to *-wal. At this point connection p->db is
+    ** holding a SHARED lock on the target database file (because it is
+    ** in WAL mode). So no other connection may be writing the db. 
+    **
+    ** In order to ensure that there are no database readers, an EXCLUSIVE
+    ** lock is obtained here before the *-oal is moved to *-wal.
+    */
+    rbuLockDatabase(p);
+    if( p->rc==SQLITE_OK ){
+      rbuFileSuffix3(zBase, zWal);
+      rbuFileSuffix3(zBase, zOal);
+
+      /* Re-open the databases. */
+      rbuObjIterFinalize(&p->objiter);
+      sqlite3_close(p->dbMain);
+      sqlite3_close(p->dbRbu);
+      p->dbMain = 0;
+      p->dbRbu = 0;
+
+#if defined(_WIN32_WCE)
+      {
+        LPWSTR zWideOal;
+        LPWSTR zWideWal;
+
+        zWideOal = rbuWinUtf8ToUnicode(zOal);
+        if( zWideOal ){
+          zWideWal = rbuWinUtf8ToUnicode(zWal);
+          if( zWideWal ){
+            if( MoveFileW(zWideOal, zWideWal) ){
+              p->rc = SQLITE_OK;
+            }else{
+              p->rc = SQLITE_IOERR;
+            }
+            sqlite3_free(zWideWal);
+          }else{
+            p->rc = SQLITE_IOERR_NOMEM;
+          }
+          sqlite3_free(zWideOal);
+        }else{
+          p->rc = SQLITE_IOERR_NOMEM;
+        }
+      }
+#else
+      p->rc = rename(zOal, zWal) ? SQLITE_IOERR : SQLITE_OK;
+#endif
+
+      if( p->rc==SQLITE_OK ){
+        rbuOpenDatabase(p);
+        rbuSetupCheckpoint(p, 0);
+      }
+    }
+  }
+
+  sqlite3_free(zWal);
+  sqlite3_free(zOal);
+}
+
+/*
+** The SELECT statement iterating through the keys for the current object
+** (p->objiter.pSelect) currently points to a valid row. This function
+** determines the type of operation requested by this row and returns
+** one of the following values to indicate the result:
+**
+**     * RBU_INSERT
+**     * RBU_DELETE
+**     * RBU_IDX_DELETE
+**     * RBU_UPDATE
+**
+** If RBU_UPDATE is returned, then output variable *pzMask is set to
+** point to the text value indicating the columns to update.
+**
+** If the rbu_control field contains an invalid value, an error code and
+** message are left in the RBU handle and zero returned.
+*/
+static int rbuStepType(sqlite3rbu *p, const char **pzMask){
+  int iCol = p->objiter.nCol;     /* Index of rbu_control column */
+  int res = 0;                    /* Return value */
+
+  switch( sqlite3_column_type(p->objiter.pSelect, iCol) ){
+    case SQLITE_INTEGER: {
+      int iVal = sqlite3_column_int(p->objiter.pSelect, iCol);
+      if( iVal==0 ){
+        res = RBU_INSERT;
+      }else if( iVal==1 ){
+        res = RBU_DELETE;
+      }else if( iVal==2 ){
+        res = RBU_IDX_DELETE;
+      }else if( iVal==3 ){
+        res = RBU_IDX_INSERT;
+      }
+      break;
+    }
+
+    case SQLITE_TEXT: {
+      const unsigned char *z = sqlite3_column_text(p->objiter.pSelect, iCol);
+      if( z==0 ){
+        p->rc = SQLITE_NOMEM;
+      }else{
+        *pzMask = (const char*)z;
+      }
+      res = RBU_UPDATE;
+
+      break;
+    }
+
+    default:
+      break;
+  }
+
+  if( res==0 ){
+    rbuBadControlError(p);
+  }
+  return res;
+}
+
+#ifdef SQLITE_DEBUG
+/*
+** Assert that column iCol of statement pStmt is named zName.
+*/
+static void assertColumnName(sqlite3_stmt *pStmt, int iCol, const char *zName){
+  const char *zCol = sqlite3_column_name(pStmt, iCol);
+  assert( 0==sqlite3_stricmp(zName, zCol) );
+}
+#else
+# define assertColumnName(x,y,z)
+#endif
+
+/*
+** This function does the work for an sqlite3rbu_step() call.
+**
+** The object-iterator (p->objiter) currently points to a valid object,
+** and the input cursor (p->objiter.pSelect) currently points to a valid
+** input row. Perform whatever processing is required and return.
+**
+** If no  error occurs, SQLITE_OK is returned. Otherwise, an error code
+** and message is left in the RBU handle and a copy of the error code
+** returned.
+*/
+static int rbuStep(sqlite3rbu *p){
+  RbuObjIter *pIter = &p->objiter;
+  const char *zMask = 0;
+  int i;
+  int eType = rbuStepType(p, &zMask);
+
+  if( eType ){
+    assert( eType!=RBU_UPDATE || pIter->zIdx==0 );
+
+    if( pIter->zIdx==0 && eType==RBU_IDX_DELETE ){
+      rbuBadControlError(p);
+    }
+    else if( 
+        eType==RBU_INSERT 
+     || eType==RBU_DELETE
+     || eType==RBU_IDX_DELETE 
+     || eType==RBU_IDX_INSERT
+    ){
+      sqlite3_value *pVal;
+      sqlite3_stmt *pWriter;
+
+      assert( eType!=RBU_UPDATE );
+      assert( eType!=RBU_DELETE || pIter->zIdx==0 );
+
+      if( eType==RBU_IDX_DELETE || eType==RBU_DELETE ){
+        pWriter = pIter->pDelete;
+      }else{
+        pWriter = pIter->pInsert;
+      }
+
+      for(i=0; i<pIter->nCol; i++){
+        /* If this is an INSERT into a table b-tree and the table has an
+        ** explicit INTEGER PRIMARY KEY, check that this is not an attempt
+        ** to write a NULL into the IPK column. That is not permitted.  */
+        if( eType==RBU_INSERT 
+         && pIter->zIdx==0 && pIter->eType==RBU_PK_IPK && pIter->abTblPk[i] 
+         && sqlite3_column_type(pIter->pSelect, i)==SQLITE_NULL
+        ){
+          p->rc = SQLITE_MISMATCH;
+          p->zErrmsg = sqlite3_mprintf("datatype mismatch");
+          goto step_out;
+        }
+
+        if( eType==RBU_DELETE && pIter->abTblPk[i]==0 ){
+          continue;
+        }
+
+        pVal = sqlite3_column_value(pIter->pSelect, i);
+        p->rc = sqlite3_bind_value(pWriter, i+1, pVal);
+        if( p->rc ) goto step_out;
+      }
+      if( pIter->zIdx==0
+       && (pIter->eType==RBU_PK_VTAB || pIter->eType==RBU_PK_NONE) 
+      ){
+        /* For a virtual table, or a table with no primary key, the 
+        ** SELECT statement is:
+        **
+        **   SELECT <cols>, rbu_control, rbu_rowid FROM ....
+        **
+        ** Hence column_value(pIter->nCol+1).
+        */
+        assertColumnName(pIter->pSelect, pIter->nCol+1, "rbu_rowid");
+        pVal = sqlite3_column_value(pIter->pSelect, pIter->nCol+1);
+        p->rc = sqlite3_bind_value(pWriter, pIter->nCol+1, pVal);
+      }
+      if( p->rc==SQLITE_OK ){
+        sqlite3_step(pWriter);
+        p->rc = resetAndCollectError(pWriter, &p->zErrmsg);
+      }
+    }else{
+      sqlite3_value *pVal;
+      sqlite3_stmt *pUpdate = 0;
+      assert( eType==RBU_UPDATE );
+      rbuGetUpdateStmt(p, pIter, zMask, &pUpdate);
+      if( pUpdate ){
+        for(i=0; p->rc==SQLITE_OK && i<pIter->nCol; i++){
+          char c = zMask[pIter->aiSrcOrder[i]];
+          pVal = sqlite3_column_value(pIter->pSelect, i);
+          if( pIter->abTblPk[i] || c!='.' ){
+            p->rc = sqlite3_bind_value(pUpdate, i+1, pVal);
+          }
+        }
+        if( p->rc==SQLITE_OK 
+         && (pIter->eType==RBU_PK_VTAB || pIter->eType==RBU_PK_NONE) 
+        ){
+          /* Bind the rbu_rowid value to column _rowid_ */
+          assertColumnName(pIter->pSelect, pIter->nCol+1, "rbu_rowid");
+          pVal = sqlite3_column_value(pIter->pSelect, pIter->nCol+1);
+          p->rc = sqlite3_bind_value(pUpdate, pIter->nCol+1, pVal);
+        }
+        if( p->rc==SQLITE_OK ){
+          sqlite3_step(pUpdate);
+          p->rc = resetAndCollectError(pUpdate, &p->zErrmsg);
+        }
+      }
+    }
+  }
+
+ step_out:
+  return p->rc;
+}
+
+/*
+** Increment the schema cookie of the main database opened by p->dbMain.
+*/
+static void rbuIncrSchemaCookie(sqlite3rbu *p){
+  if( p->rc==SQLITE_OK ){
+    int iCookie = 1000000;
+    sqlite3_stmt *pStmt;
+
+    p->rc = prepareAndCollectError(p->dbMain, &pStmt, &p->zErrmsg, 
+        "PRAGMA schema_version"
+    );
+    if( p->rc==SQLITE_OK ){
+      /* Coverage: it may be that this sqlite3_step() cannot fail. There
+      ** is already a transaction open, so the prepared statement cannot
+      ** throw an SQLITE_SCHEMA exception. The only database page the
+      ** statement reads is page 1, which is guaranteed to be in the cache.
+      ** And no memory allocations are required.  */
+      if( SQLITE_ROW==sqlite3_step(pStmt) ){
+        iCookie = sqlite3_column_int(pStmt, 0);
+      }
+      rbuFinalize(p, pStmt);
+    }
+    if( p->rc==SQLITE_OK ){
+      rbuMPrintfExec(p, p->dbMain, "PRAGMA schema_version = %d", iCookie+1);
+    }
+  }
+}
+
+/*
+** Update the contents of the rbu_state table within the rbu database. The
+** value stored in the RBU_STATE_STAGE column is eStage. All other values
+** are determined by inspecting the rbu handle passed as the first argument.
+*/
+static void rbuSaveState(sqlite3rbu *p, int eStage){
+  if( p->rc==SQLITE_OK || p->rc==SQLITE_DONE ){
+    sqlite3_stmt *pInsert = 0;
+    int rc;
+
+    assert( p->zErrmsg==0 );
+    rc = prepareFreeAndCollectError(p->dbRbu, &pInsert, &p->zErrmsg, 
+        sqlite3_mprintf(
+          "INSERT OR REPLACE INTO %s.rbu_state(k, v) VALUES "
+          "(%d, %d), "
+          "(%d, %Q), "
+          "(%d, %Q), "
+          "(%d, %d), "
+          "(%d, %d), "
+          "(%d, %lld), "
+          "(%d, %lld), "
+          "(%d, %lld) ",
+          p->zStateDb,
+          RBU_STATE_STAGE, eStage,
+          RBU_STATE_TBL, p->objiter.zTbl, 
+          RBU_STATE_IDX, p->objiter.zIdx, 
+          RBU_STATE_ROW, p->nStep, 
+          RBU_STATE_PROGRESS, p->nProgress,
+          RBU_STATE_CKPT, p->iWalCksum,
+          RBU_STATE_COOKIE, (i64)p->pTargetFd->iCookie,
+          RBU_STATE_OALSZ, p->iOalSz
+      )
+    );
+    assert( pInsert==0 || rc==SQLITE_OK );
+
+    if( rc==SQLITE_OK ){
+      sqlite3_step(pInsert);
+      rc = sqlite3_finalize(pInsert);
+    }
+    if( rc!=SQLITE_OK ) p->rc = rc;
+  }
+}
+
+
+/*
+** Step the RBU object.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_step(sqlite3rbu *p){
+  if( p ){
+    switch( p->eStage ){
+      case RBU_STAGE_OAL: {
+        RbuObjIter *pIter = &p->objiter;
+        while( p->rc==SQLITE_OK && pIter->zTbl ){
+
+          if( pIter->bCleanup ){
+            /* Clean up the rbu_tmp_xxx table for the previous table. It 
+            ** cannot be dropped as there are currently active SQL statements.
+            ** But the contents can be deleted.  */
+            if( pIter->abIndexed ){
+              rbuMPrintfExec(p, p->dbRbu, 
+                  "DELETE FROM %s.'rbu_tmp_%q'", p->zStateDb, pIter->zDataTbl
+              );
+            }
+          }else{
+            rbuObjIterPrepareAll(p, pIter, 0);
+
+            /* Advance to the next row to process. */
+            if( p->rc==SQLITE_OK ){
+              int rc = sqlite3_step(pIter->pSelect);
+              if( rc==SQLITE_ROW ){
+                p->nProgress++;
+                p->nStep++;
+                return rbuStep(p);
+              }
+              p->rc = sqlite3_reset(pIter->pSelect);
+              p->nStep = 0;
+            }
+          }
+
+          rbuObjIterNext(p, pIter);
+        }
+
+        if( p->rc==SQLITE_OK ){
+          assert( pIter->zTbl==0 );
+          rbuSaveState(p, RBU_STAGE_MOVE);
+          rbuIncrSchemaCookie(p);
+          if( p->rc==SQLITE_OK ){
+            p->rc = sqlite3_exec(p->dbMain, "COMMIT", 0, 0, &p->zErrmsg);
+          }
+          if( p->rc==SQLITE_OK ){
+            p->rc = sqlite3_exec(p->dbRbu, "COMMIT", 0, 0, &p->zErrmsg);
+          }
+          p->eStage = RBU_STAGE_MOVE;
+        }
+        break;
+      }
+
+      case RBU_STAGE_MOVE: {
+        if( p->rc==SQLITE_OK ){
+          rbuMoveOalFile(p);
+          p->nProgress++;
+        }
+        break;
+      }
+
+      case RBU_STAGE_CKPT: {
+        if( p->rc==SQLITE_OK ){
+          if( p->nStep>=p->nFrame ){
+            sqlite3_file *pDb = p->pTargetFd->pReal;
+  
+            /* Sync the db file */
+            p->rc = pDb->pMethods->xSync(pDb, SQLITE_SYNC_NORMAL);
+  
+            /* Update nBackfill */
+            if( p->rc==SQLITE_OK ){
+              void volatile *ptr;
+              p->rc = pDb->pMethods->xShmMap(pDb, 0, 32*1024, 0, &ptr);
+              if( p->rc==SQLITE_OK ){
+                ((u32 volatile*)ptr)[24] = p->iMaxFrame;
+              }
+            }
+  
+            if( p->rc==SQLITE_OK ){
+              p->eStage = RBU_STAGE_DONE;
+              p->rc = SQLITE_DONE;
+            }
+          }else{
+            RbuFrame *pFrame = &p->aFrame[p->nStep];
+            rbuCheckpointFrame(p, pFrame);
+            p->nStep++;
+          }
+          p->nProgress++;
+        }
+        break;
+      }
+
+      default:
+        break;
+    }
+    return p->rc;
+  }else{
+    return SQLITE_NOMEM;
+  }
+}
+
+/*
+** Free an RbuState object allocated by rbuLoadState().
+*/
+static void rbuFreeState(RbuState *p){
+  if( p ){
+    sqlite3_free(p->zTbl);
+    sqlite3_free(p->zIdx);
+    sqlite3_free(p);
+  }
+}
+
+/*
+** Allocate an RbuState object and load the contents of the rbu_state 
+** table into it. Return a pointer to the new object. It is the 
+** responsibility of the caller to eventually free the object using
+** sqlite3_free().
+**
+** If an error occurs, leave an error code and message in the rbu handle
+** and return NULL.
+*/
+static RbuState *rbuLoadState(sqlite3rbu *p){
+  RbuState *pRet = 0;
+  sqlite3_stmt *pStmt = 0;
+  int rc;
+  int rc2;
+
+  pRet = (RbuState*)rbuMalloc(p, sizeof(RbuState));
+  if( pRet==0 ) return 0;
+
+  rc = prepareFreeAndCollectError(p->dbRbu, &pStmt, &p->zErrmsg, 
+      sqlite3_mprintf("SELECT k, v FROM %s.rbu_state", p->zStateDb)
+  );
+  while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pStmt) ){
+    switch( sqlite3_column_int(pStmt, 0) ){
+      case RBU_STATE_STAGE:
+        pRet->eStage = sqlite3_column_int(pStmt, 1);
+        if( pRet->eStage!=RBU_STAGE_OAL
+         && pRet->eStage!=RBU_STAGE_MOVE
+         && pRet->eStage!=RBU_STAGE_CKPT
+        ){
+          p->rc = SQLITE_CORRUPT;
+        }
+        break;
+
+      case RBU_STATE_TBL:
+        pRet->zTbl = rbuStrndup((char*)sqlite3_column_text(pStmt, 1), &rc);
+        break;
+
+      case RBU_STATE_IDX:
+        pRet->zIdx = rbuStrndup((char*)sqlite3_column_text(pStmt, 1), &rc);
+        break;
+
+      case RBU_STATE_ROW:
+        pRet->nRow = sqlite3_column_int(pStmt, 1);
+        break;
+
+      case RBU_STATE_PROGRESS:
+        pRet->nProgress = sqlite3_column_int64(pStmt, 1);
+        break;
+
+      case RBU_STATE_CKPT:
+        pRet->iWalCksum = sqlite3_column_int64(pStmt, 1);
+        break;
+
+      case RBU_STATE_COOKIE:
+        pRet->iCookie = (u32)sqlite3_column_int64(pStmt, 1);
+        break;
+
+      case RBU_STATE_OALSZ:
+        pRet->iOalSz = (u32)sqlite3_column_int64(pStmt, 1);
+        break;
+
+      default:
+        rc = SQLITE_CORRUPT;
+        break;
+    }
+  }
+  rc2 = sqlite3_finalize(pStmt);
+  if( rc==SQLITE_OK ) rc = rc2;
+
+  p->rc = rc;
+  return pRet;
+}
+
+/*
+** Compare strings z1 and z2, returning 0 if they are identical, or non-zero
+** otherwise. Either or both argument may be NULL. Two NULL values are
+** considered equal, and NULL is considered distinct from all other values.
+*/
+static int rbuStrCompare(const char *z1, const char *z2){
+  if( z1==0 && z2==0 ) return 0;
+  if( z1==0 || z2==0 ) return 1;
+  return (sqlite3_stricmp(z1, z2)!=0);
+}
+
+/*
+** This function is called as part of sqlite3rbu_open() when initializing
+** an rbu handle in OAL stage. If the rbu update has not started (i.e.
+** the rbu_state table was empty) it is a no-op. Otherwise, it arranges
+** things so that the next call to sqlite3rbu_step() continues on from
+** where the previous rbu handle left off.
+**
+** If an error occurs, an error code and error message are left in the
+** rbu handle passed as the first argument.
+*/
+static void rbuSetupOal(sqlite3rbu *p, RbuState *pState){
+  assert( p->rc==SQLITE_OK );
+  if( pState->zTbl ){
+    RbuObjIter *pIter = &p->objiter;
+    int rc = SQLITE_OK;
+
+    while( rc==SQLITE_OK && pIter->zTbl && (pIter->bCleanup 
+       || rbuStrCompare(pIter->zIdx, pState->zIdx)
+       || rbuStrCompare(pIter->zTbl, pState->zTbl) 
+    )){
+      rc = rbuObjIterNext(p, pIter);
+    }
+
+    if( rc==SQLITE_OK && !pIter->zTbl ){
+      rc = SQLITE_ERROR;
+      p->zErrmsg = sqlite3_mprintf("rbu_state mismatch error");
+    }
+
+    if( rc==SQLITE_OK ){
+      p->nStep = pState->nRow;
+      rc = rbuObjIterPrepareAll(p, &p->objiter, p->nStep);
+    }
+
+    p->rc = rc;
+  }
+}
+
+/*
+** If there is a "*-oal" file in the file-system corresponding to the
+** target database in the file-system, delete it. If an error occurs,
+** leave an error code and error message in the rbu handle.
+*/
+static void rbuDeleteOalFile(sqlite3rbu *p){
+  char *zOal = rbuMPrintf(p, "%s-oal", p->zTarget);
+  if( zOal ){
+    sqlite3_vfs *pVfs = sqlite3_vfs_find(0);
+    assert( pVfs && p->rc==SQLITE_OK && p->zErrmsg==0 );
+    pVfs->xDelete(pVfs, zOal, 0);
+    sqlite3_free(zOal);
+  }
+}
+
+/*
+** Allocate a private rbu VFS for the rbu handle passed as the only
+** argument. This VFS will be used unless the call to sqlite3rbu_open()
+** specified a URI with a vfs=? option in place of a target database
+** file name.
+*/
+static void rbuCreateVfs(sqlite3rbu *p){
+  int rnd;
+  char zRnd[64];
+
+  assert( p->rc==SQLITE_OK );
+  sqlite3_randomness(sizeof(int), (void*)&rnd);
+  sqlite3_snprintf(sizeof(zRnd), zRnd, "rbu_vfs_%d", rnd);
+  p->rc = sqlite3rbu_create_vfs(zRnd, 0);
+  if( p->rc==SQLITE_OK ){
+    sqlite3_vfs *pVfs = sqlite3_vfs_find(zRnd);
+    assert( pVfs );
+    p->zVfsName = pVfs->zName;
+  }
+}
+
+/*
+** Destroy the private VFS created for the rbu handle passed as the only
+** argument by an earlier call to rbuCreateVfs().
+*/
+static void rbuDeleteVfs(sqlite3rbu *p){
+  if( p->zVfsName ){
+    sqlite3rbu_destroy_vfs(p->zVfsName);
+    p->zVfsName = 0;
+  }
+}
+
+/*
+** Open and return a new RBU handle. 
+*/
+SQLITE_API sqlite3rbu *SQLITE_STDCALL sqlite3rbu_open(
+  const char *zTarget, 
+  const char *zRbu,
+  const char *zState
+){
+  sqlite3rbu *p;
+  int nTarget = strlen(zTarget);
+  int nRbu = strlen(zRbu);
+  int nState = zState ? strlen(zState) : 0;
+
+  p = (sqlite3rbu*)sqlite3_malloc(sizeof(sqlite3rbu)+nTarget+1+nRbu+1+nState+1);
+  if( p ){
+    RbuState *pState = 0;
+
+    /* Create the custom VFS. */
+    memset(p, 0, sizeof(sqlite3rbu));
+    rbuCreateVfs(p);
+
+    /* Open the target database */
+    if( p->rc==SQLITE_OK ){
+      p->zTarget = (char*)&p[1];
+      memcpy(p->zTarget, zTarget, nTarget+1);
+      p->zRbu = &p->zTarget[nTarget+1];
+      memcpy(p->zRbu, zRbu, nRbu+1);
+      if( zState ){
+        p->zState = &p->zRbu[nRbu+1];
+        memcpy(p->zState, zState, nState+1);
+      }
+      rbuOpenDatabase(p);
+    }
+
+    /* If it has not already been created, create the rbu_state table */
+    rbuMPrintfExec(p, p->dbRbu, RBU_CREATE_STATE, p->zStateDb);
+
+    if( p->rc==SQLITE_OK ){
+      pState = rbuLoadState(p);
+      assert( pState || p->rc!=SQLITE_OK );
+      if( p->rc==SQLITE_OK ){
+
+        if( pState->eStage==0 ){ 
+          rbuDeleteOalFile(p);
+          p->eStage = RBU_STAGE_OAL;
+        }else{
+          p->eStage = pState->eStage;
+        }
+        p->nProgress = pState->nProgress;
+        p->iOalSz = pState->iOalSz;
+      }
+    }
+    assert( p->rc!=SQLITE_OK || p->eStage!=0 );
+
+    if( p->rc==SQLITE_OK && p->pTargetFd->pWalFd ){
+      if( p->eStage==RBU_STAGE_OAL ){
+        p->rc = SQLITE_ERROR;
+        p->zErrmsg = sqlite3_mprintf("cannot update wal mode database");
+      }else if( p->eStage==RBU_STAGE_MOVE ){
+        p->eStage = RBU_STAGE_CKPT;
+        p->nStep = 0;
+      }
+    }
+
+    if( p->rc==SQLITE_OK
+     && (p->eStage==RBU_STAGE_OAL || p->eStage==RBU_STAGE_MOVE)
+     && pState->eStage!=0 && p->pTargetFd->iCookie!=pState->iCookie
+    ){   
+      /* At this point (pTargetFd->iCookie) contains the value of the
+      ** change-counter cookie (the thing that gets incremented when a 
+      ** transaction is committed in rollback mode) currently stored on 
+      ** page 1 of the database file. */
+      p->rc = SQLITE_BUSY;
+      p->zErrmsg = sqlite3_mprintf("database modified during rbu update");
+    }
+
+    if( p->rc==SQLITE_OK ){
+      if( p->eStage==RBU_STAGE_OAL ){
+        sqlite3 *db = p->dbMain;
+
+        /* Open transactions both databases. The *-oal file is opened or
+        ** created at this point. */
+        p->rc = sqlite3_exec(db, "BEGIN IMMEDIATE", 0, 0, &p->zErrmsg);
+        if( p->rc==SQLITE_OK ){
+          p->rc = sqlite3_exec(p->dbRbu, "BEGIN IMMEDIATE", 0, 0, &p->zErrmsg);
+        }
+
+        /* Check if the main database is a zipvfs db. If it is, set the upper
+        ** level pager to use "journal_mode=off". This prevents it from 
+        ** generating a large journal using a temp file.  */
+        if( p->rc==SQLITE_OK ){
+          int frc = sqlite3_file_control(db, "main", SQLITE_FCNTL_ZIPVFS, 0);
+          if( frc==SQLITE_OK ){
+            p->rc = sqlite3_exec(db, "PRAGMA journal_mode=off",0,0,&p->zErrmsg);
+          }
+        }
+
+        /* Point the object iterator at the first object */
+        if( p->rc==SQLITE_OK ){
+          p->rc = rbuObjIterFirst(p, &p->objiter);
+        }
+
+        /* If the RBU database contains no data_xxx tables, declare the RBU
+        ** update finished.  */
+        if( p->rc==SQLITE_OK && p->objiter.zTbl==0 ){
+          p->rc = SQLITE_DONE;
+        }
+
+        if( p->rc==SQLITE_OK ){
+          rbuSetupOal(p, pState);
+        }
+
+      }else if( p->eStage==RBU_STAGE_MOVE ){
+        /* no-op */
+      }else if( p->eStage==RBU_STAGE_CKPT ){
+        rbuSetupCheckpoint(p, pState);
+      }else if( p->eStage==RBU_STAGE_DONE ){
+        p->rc = SQLITE_DONE;
+      }else{
+        p->rc = SQLITE_CORRUPT;
+      }
+    }
+
+    rbuFreeState(pState);
+  }
+
+  return p;
+}
+
+
+/*
+** Return the database handle used by pRbu.
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3rbu_db(sqlite3rbu *pRbu, int bRbu){
+  sqlite3 *db = 0;
+  if( pRbu ){
+    db = (bRbu ? pRbu->dbRbu : pRbu->dbMain);
+  }
+  return db;
+}
+
+
+/*
+** If the error code currently stored in the RBU handle is SQLITE_CONSTRAINT,
+** then edit any error message string so as to remove all occurrences of
+** the pattern "rbu_imp_[0-9]*".
+*/
+static void rbuEditErrmsg(sqlite3rbu *p){
+  if( p->rc==SQLITE_CONSTRAINT && p->zErrmsg ){
+    int i;
+    int nErrmsg = strlen(p->zErrmsg);
+    for(i=0; i<(nErrmsg-8); i++){
+      if( memcmp(&p->zErrmsg[i], "rbu_imp_", 8)==0 ){
+        int nDel = 8;
+        while( p->zErrmsg[i+nDel]>='0' && p->zErrmsg[i+nDel]<='9' ) nDel++;
+        memmove(&p->zErrmsg[i], &p->zErrmsg[i+nDel], nErrmsg + 1 - i - nDel);
+        nErrmsg -= nDel;
+      }
+    }
+  }
+}
+
+/*
+** Close the RBU handle.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_close(sqlite3rbu *p, char **pzErrmsg){
+  int rc;
+  if( p ){
+
+    /* Commit the transaction to the *-oal file. */
+    if( p->rc==SQLITE_OK && p->eStage==RBU_STAGE_OAL ){
+      p->rc = sqlite3_exec(p->dbMain, "COMMIT", 0, 0, &p->zErrmsg);
+    }
+
+    rbuSaveState(p, p->eStage);
+
+    if( p->rc==SQLITE_OK && p->eStage==RBU_STAGE_OAL ){
+      p->rc = sqlite3_exec(p->dbRbu, "COMMIT", 0, 0, &p->zErrmsg);
+    }
+
+    /* Close any open statement handles. */
+    rbuObjIterFinalize(&p->objiter);
+
+    /* Close the open database handle and VFS object. */
+    sqlite3_close(p->dbMain);
+    sqlite3_close(p->dbRbu);
+    rbuDeleteVfs(p);
+    sqlite3_free(p->aBuf);
+    sqlite3_free(p->aFrame);
+
+    rbuEditErrmsg(p);
+    rc = p->rc;
+    *pzErrmsg = p->zErrmsg;
+    sqlite3_free(p);
+  }else{
+    rc = SQLITE_NOMEM;
+    *pzErrmsg = 0;
+  }
+  return rc;
+}
+
+/*
+** Return the total number of key-value operations (inserts, deletes or 
+** updates) that have been performed on the target database since the
+** current RBU update was started.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3rbu_progress(sqlite3rbu *pRbu){
+  return pRbu->nProgress;
+}
+
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_savestate(sqlite3rbu *p){
+  int rc = p->rc;
+  
+  if( rc==SQLITE_DONE ) return SQLITE_OK;
+
+  assert( p->eStage>=RBU_STAGE_OAL && p->eStage<=RBU_STAGE_DONE );
+  if( p->eStage==RBU_STAGE_OAL ){
+    assert( rc!=SQLITE_DONE );
+    if( rc==SQLITE_OK ) rc = sqlite3_exec(p->dbMain, "COMMIT", 0, 0, 0);
+  }
+
+  p->rc = rc;
+  rbuSaveState(p, p->eStage);
+  rc = p->rc;
+
+  if( p->eStage==RBU_STAGE_OAL ){
+    assert( rc!=SQLITE_DONE );
+    if( rc==SQLITE_OK ) rc = sqlite3_exec(p->dbRbu, "COMMIT", 0, 0, 0);
+    if( rc==SQLITE_OK ) rc = sqlite3_exec(p->dbRbu, "BEGIN IMMEDIATE", 0, 0, 0);
+    if( rc==SQLITE_OK ) rc = sqlite3_exec(p->dbMain, "BEGIN IMMEDIATE", 0, 0,0);
+  }
+
+  p->rc = rc;
+  return rc;
+}
+
+/**************************************************************************
+** Beginning of RBU VFS shim methods. The VFS shim modifies the behaviour
+** of a standard VFS in the following ways:
+**
+** 1. Whenever the first page of a main database file is read or 
+**    written, the value of the change-counter cookie is stored in
+**    rbu_file.iCookie. Similarly, the value of the "write-version"
+**    database header field is stored in rbu_file.iWriteVer. This ensures
+**    that the values are always trustworthy within an open transaction.
+**
+** 2. Whenever an SQLITE_OPEN_WAL file is opened, the (rbu_file.pWalFd)
+**    member variable of the associated database file descriptor is set
+**    to point to the new file. A mutex protected linked list of all main 
+**    db fds opened using a particular RBU VFS is maintained at 
+**    rbu_vfs.pMain to facilitate this.
+**
+** 3. Using a new file-control "SQLITE_FCNTL_RBU", a main db rbu_file 
+**    object can be marked as the target database of an RBU update. This
+**    turns on the following extra special behaviour:
+**
+** 3a. If xAccess() is called to check if there exists a *-wal file 
+**     associated with an RBU target database currently in RBU_STAGE_OAL
+**     stage (preparing the *-oal file), the following special handling
+**     applies:
+**
+**      * if the *-wal file does exist, return SQLITE_CANTOPEN. An RBU
+**        target database may not be in wal mode already.
+**
+**      * if the *-wal file does not exist, set the output parameter to
+**        non-zero (to tell SQLite that it does exist) anyway.
+**
+**     Then, when xOpen() is called to open the *-wal file associated with
+**     the RBU target in RBU_STAGE_OAL stage, instead of opening the *-wal
+**     file, the rbu vfs opens the corresponding *-oal file instead. 
+**
+** 3b. The *-shm pages returned by xShmMap() for a target db file in
+**     RBU_STAGE_OAL mode are actually stored in heap memory. This is to
+**     avoid creating a *-shm file on disk. Additionally, xShmLock() calls
+**     are no-ops on target database files in RBU_STAGE_OAL mode. This is
+**     because assert() statements in some VFS implementations fail if 
+**     xShmLock() is called before xShmMap().
+**
+** 3c. If an EXCLUSIVE lock is attempted on a target database file in any
+**     mode except RBU_STAGE_DONE (all work completed and checkpointed), it 
+**     fails with an SQLITE_BUSY error. This is to stop RBU connections
+**     from automatically checkpointing a *-wal (or *-oal) file from within
+**     sqlite3_close().
+**
+** 3d. In RBU_STAGE_CAPTURE mode, all xRead() calls on the wal file, and
+**     all xWrite() calls on the target database file perform no IO. 
+**     Instead the frame and page numbers that would be read and written
+**     are recorded. Additionally, successful attempts to obtain exclusive
+**     xShmLock() WRITER, CHECKPOINTER and READ0 locks on the target 
+**     database file are recorded. xShmLock() calls to unlock the same
+**     locks are no-ops (so that once obtained, these locks are never
+**     relinquished). Finally, calls to xSync() on the target database
+**     file fail with SQLITE_INTERNAL errors.
+*/
+
+static void rbuUnlockShm(rbu_file *p){
+  if( p->pRbu ){
+    int (*xShmLock)(sqlite3_file*,int,int,int) = p->pReal->pMethods->xShmLock;
+    int i;
+    for(i=0; i<SQLITE_SHM_NLOCK;i++){
+      if( (1<<i) & p->pRbu->mLock ){
+        xShmLock(p->pReal, i, 1, SQLITE_SHM_UNLOCK|SQLITE_SHM_EXCLUSIVE);
+      }
+    }
+    p->pRbu->mLock = 0;
+  }
+}
+
+/*
+** Close an rbu file.
+*/
+static int rbuVfsClose(sqlite3_file *pFile){
+  rbu_file *p = (rbu_file*)pFile;
+  int rc;
+  int i;
+
+  /* Free the contents of the apShm[] array. And the array itself. */
+  for(i=0; i<p->nShm; i++){
+    sqlite3_free(p->apShm[i]);
+  }
+  sqlite3_free(p->apShm);
+  p->apShm = 0;
+  sqlite3_free(p->zDel);
+
+  if( p->openFlags & SQLITE_OPEN_MAIN_DB ){
+    rbu_file **pp;
+    sqlite3_mutex_enter(p->pRbuVfs->mutex);
+    for(pp=&p->pRbuVfs->pMain; *pp!=p; pp=&((*pp)->pMainNext));
+    *pp = p->pMainNext;
+    sqlite3_mutex_leave(p->pRbuVfs->mutex);
+    rbuUnlockShm(p);
+    p->pReal->pMethods->xShmUnmap(p->pReal, 0);
+  }
+
+  /* Close the underlying file handle */
+  rc = p->pReal->pMethods->xClose(p->pReal);
+  return rc;
+}
+
+
+/*
+** Read and return an unsigned 32-bit big-endian integer from the buffer 
+** passed as the only argument.
+*/
+static u32 rbuGetU32(u8 *aBuf){
+  return ((u32)aBuf[0] << 24)
+       + ((u32)aBuf[1] << 16)
+       + ((u32)aBuf[2] <<  8)
+       + ((u32)aBuf[3]);
+}
+
+/*
+** Read data from an rbuVfs-file.
+*/
+static int rbuVfsRead(
+  sqlite3_file *pFile, 
+  void *zBuf, 
+  int iAmt, 
+  sqlite_int64 iOfst
+){
+  rbu_file *p = (rbu_file*)pFile;
+  sqlite3rbu *pRbu = p->pRbu;
+  int rc;
+
+  if( pRbu && pRbu->eStage==RBU_STAGE_CAPTURE ){
+    assert( p->openFlags & SQLITE_OPEN_WAL );
+    rc = rbuCaptureWalRead(p->pRbu, iOfst, iAmt);
+  }else{
+    if( pRbu && pRbu->eStage==RBU_STAGE_OAL 
+     && (p->openFlags & SQLITE_OPEN_WAL) 
+     && iOfst>=pRbu->iOalSz 
+    ){
+      rc = SQLITE_OK;
+      memset(zBuf, 0, iAmt);
+    }else{
+      rc = p->pReal->pMethods->xRead(p->pReal, zBuf, iAmt, iOfst);
+    }
+    if( rc==SQLITE_OK && iOfst==0 && (p->openFlags & SQLITE_OPEN_MAIN_DB) ){
+      /* These look like magic numbers. But they are stable, as they are part
+       ** of the definition of the SQLite file format, which may not change. */
+      u8 *pBuf = (u8*)zBuf;
+      p->iCookie = rbuGetU32(&pBuf[24]);
+      p->iWriteVer = pBuf[19];
+    }
+  }
+  return rc;
+}
+
+/*
+** Write data to an rbuVfs-file.
+*/
+static int rbuVfsWrite(
+  sqlite3_file *pFile, 
+  const void *zBuf, 
+  int iAmt, 
+  sqlite_int64 iOfst
+){
+  rbu_file *p = (rbu_file*)pFile;
+  sqlite3rbu *pRbu = p->pRbu;
+  int rc;
+
+  if( pRbu && pRbu->eStage==RBU_STAGE_CAPTURE ){
+    assert( p->openFlags & SQLITE_OPEN_MAIN_DB );
+    rc = rbuCaptureDbWrite(p->pRbu, iOfst);
+  }else{
+    if( pRbu && pRbu->eStage==RBU_STAGE_OAL 
+     && (p->openFlags & SQLITE_OPEN_WAL) 
+     && iOfst>=pRbu->iOalSz
+    ){
+      pRbu->iOalSz = iAmt + iOfst;
+    }
+    rc = p->pReal->pMethods->xWrite(p->pReal, zBuf, iAmt, iOfst);
+    if( rc==SQLITE_OK && iOfst==0 && (p->openFlags & SQLITE_OPEN_MAIN_DB) ){
+      /* These look like magic numbers. But they are stable, as they are part
+      ** of the definition of the SQLite file format, which may not change. */
+      u8 *pBuf = (u8*)zBuf;
+      p->iCookie = rbuGetU32(&pBuf[24]);
+      p->iWriteVer = pBuf[19];
+    }
+  }
+  return rc;
+}
+
+/*
+** Truncate an rbuVfs-file.
+*/
+static int rbuVfsTruncate(sqlite3_file *pFile, sqlite_int64 size){
+  rbu_file *p = (rbu_file*)pFile;
+  return p->pReal->pMethods->xTruncate(p->pReal, size);
+}
+
+/*
+** Sync an rbuVfs-file.
+*/
+static int rbuVfsSync(sqlite3_file *pFile, int flags){
+  rbu_file *p = (rbu_file *)pFile;
+  if( p->pRbu && p->pRbu->eStage==RBU_STAGE_CAPTURE ){
+    if( p->openFlags & SQLITE_OPEN_MAIN_DB ){
+      return SQLITE_INTERNAL;
+    }
+    return SQLITE_OK;
+  }
+  return p->pReal->pMethods->xSync(p->pReal, flags);
+}
+
+/*
+** Return the current file-size of an rbuVfs-file.
+*/
+static int rbuVfsFileSize(sqlite3_file *pFile, sqlite_int64 *pSize){
+  rbu_file *p = (rbu_file *)pFile;
+  return p->pReal->pMethods->xFileSize(p->pReal, pSize);
+}
+
+/*
+** Lock an rbuVfs-file.
+*/
+static int rbuVfsLock(sqlite3_file *pFile, int eLock){
+  rbu_file *p = (rbu_file*)pFile;
+  sqlite3rbu *pRbu = p->pRbu;
+  int rc = SQLITE_OK;
+
+  assert( p->openFlags & (SQLITE_OPEN_MAIN_DB|SQLITE_OPEN_TEMP_DB) );
+  if( pRbu && eLock==SQLITE_LOCK_EXCLUSIVE && pRbu->eStage!=RBU_STAGE_DONE ){
+    /* Do not allow EXCLUSIVE locks. Preventing SQLite from taking this 
+    ** prevents it from checkpointing the database from sqlite3_close(). */
+    rc = SQLITE_BUSY;
+  }else{
+    rc = p->pReal->pMethods->xLock(p->pReal, eLock);
+  }
+
+  return rc;
+}
+
+/*
+** Unlock an rbuVfs-file.
+*/
+static int rbuVfsUnlock(sqlite3_file *pFile, int eLock){
+  rbu_file *p = (rbu_file *)pFile;
+  return p->pReal->pMethods->xUnlock(p->pReal, eLock);
+}
+
+/*
+** Check if another file-handle holds a RESERVED lock on an rbuVfs-file.
+*/
+static int rbuVfsCheckReservedLock(sqlite3_file *pFile, int *pResOut){
+  rbu_file *p = (rbu_file *)pFile;
+  return p->pReal->pMethods->xCheckReservedLock(p->pReal, pResOut);
+}
+
+/*
+** File control method. For custom operations on an rbuVfs-file.
+*/
+static int rbuVfsFileControl(sqlite3_file *pFile, int op, void *pArg){
+  rbu_file *p = (rbu_file *)pFile;
+  int (*xControl)(sqlite3_file*,int,void*) = p->pReal->pMethods->xFileControl;
+  int rc;
+
+  assert( p->openFlags & (SQLITE_OPEN_MAIN_DB|SQLITE_OPEN_TEMP_DB)
+       || p->openFlags & (SQLITE_OPEN_TRANSIENT_DB|SQLITE_OPEN_TEMP_JOURNAL)
+  );
+  if( op==SQLITE_FCNTL_RBU ){
+    sqlite3rbu *pRbu = (sqlite3rbu*)pArg;
+
+    /* First try to find another RBU vfs lower down in the vfs stack. If
+    ** one is found, this vfs will operate in pass-through mode. The lower
+    ** level vfs will do the special RBU handling.  */
+    rc = xControl(p->pReal, op, pArg);
+
+    if( rc==SQLITE_NOTFOUND ){
+      /* Now search for a zipvfs instance lower down in the VFS stack. If
+      ** one is found, this is an error.  */
+      void *dummy = 0;
+      rc = xControl(p->pReal, SQLITE_FCNTL_ZIPVFS, &dummy);
+      if( rc==SQLITE_OK ){
+        rc = SQLITE_ERROR;
+        pRbu->zErrmsg = sqlite3_mprintf("rbu/zipvfs setup error");
+      }else if( rc==SQLITE_NOTFOUND ){
+        pRbu->pTargetFd = p;
+        p->pRbu = pRbu;
+        if( p->pWalFd ) p->pWalFd->pRbu = pRbu;
+        rc = SQLITE_OK;
+      }
+    }
+    return rc;
+  }
+
+  rc = xControl(p->pReal, op, pArg);
+  if( rc==SQLITE_OK && op==SQLITE_FCNTL_VFSNAME ){
+    rbu_vfs *pRbuVfs = p->pRbuVfs;
+    char *zIn = *(char**)pArg;
+    char *zOut = sqlite3_mprintf("rbu(%s)/%z", pRbuVfs->base.zName, zIn);
+    *(char**)pArg = zOut;
+    if( zOut==0 ) rc = SQLITE_NOMEM;
+  }
+
+  return rc;
+}
+
+/*
+** Return the sector-size in bytes for an rbuVfs-file.
+*/
+static int rbuVfsSectorSize(sqlite3_file *pFile){
+  rbu_file *p = (rbu_file *)pFile;
+  return p->pReal->pMethods->xSectorSize(p->pReal);
+}
+
+/*
+** Return the device characteristic flags supported by an rbuVfs-file.
+*/
+static int rbuVfsDeviceCharacteristics(sqlite3_file *pFile){
+  rbu_file *p = (rbu_file *)pFile;
+  return p->pReal->pMethods->xDeviceCharacteristics(p->pReal);
+}
+
+/*
+** Take or release a shared-memory lock.
+*/
+static int rbuVfsShmLock(sqlite3_file *pFile, int ofst, int n, int flags){
+  rbu_file *p = (rbu_file*)pFile;
+  sqlite3rbu *pRbu = p->pRbu;
+  int rc = SQLITE_OK;
+
+#ifdef SQLITE_AMALGAMATION
+    assert( WAL_CKPT_LOCK==1 );
+#endif
+
+  assert( p->openFlags & (SQLITE_OPEN_MAIN_DB|SQLITE_OPEN_TEMP_DB) );
+  if( pRbu && (pRbu->eStage==RBU_STAGE_OAL || pRbu->eStage==RBU_STAGE_MOVE) ){
+    /* Magic number 1 is the WAL_CKPT_LOCK lock. Preventing SQLite from
+    ** taking this lock also prevents any checkpoints from occurring. 
+    ** todo: really, it's not clear why this might occur, as 
+    ** wal_autocheckpoint ought to be turned off.  */
+    if( ofst==WAL_LOCK_CKPT && n==1 ) rc = SQLITE_BUSY;
+  }else{
+    int bCapture = 0;
+    if( n==1 && (flags & SQLITE_SHM_EXCLUSIVE)
+     && pRbu && pRbu->eStage==RBU_STAGE_CAPTURE
+     && (ofst==WAL_LOCK_WRITE || ofst==WAL_LOCK_CKPT || ofst==WAL_LOCK_READ0)
+    ){
+      bCapture = 1;
+    }
+
+    if( bCapture==0 || 0==(flags & SQLITE_SHM_UNLOCK) ){
+      rc = p->pReal->pMethods->xShmLock(p->pReal, ofst, n, flags);
+      if( bCapture && rc==SQLITE_OK ){
+        pRbu->mLock |= (1 << ofst);
+      }
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Obtain a pointer to a mapping of a single 32KiB page of the *-shm file.
+*/
+static int rbuVfsShmMap(
+  sqlite3_file *pFile, 
+  int iRegion, 
+  int szRegion, 
+  int isWrite, 
+  void volatile **pp
+){
+  rbu_file *p = (rbu_file*)pFile;
+  int rc = SQLITE_OK;
+  int eStage = (p->pRbu ? p->pRbu->eStage : 0);
+
+  /* If not in RBU_STAGE_OAL, allow this call to pass through. Or, if this
+  ** rbu is in the RBU_STAGE_OAL state, use heap memory for *-shm space 
+  ** instead of a file on disk.  */
+  assert( p->openFlags & (SQLITE_OPEN_MAIN_DB|SQLITE_OPEN_TEMP_DB) );
+  if( eStage==RBU_STAGE_OAL || eStage==RBU_STAGE_MOVE ){
+    if( iRegion<=p->nShm ){
+      int nByte = (iRegion+1) * sizeof(char*);
+      char **apNew = (char**)sqlite3_realloc(p->apShm, nByte);
+      if( apNew==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        memset(&apNew[p->nShm], 0, sizeof(char*) * (1 + iRegion - p->nShm));
+        p->apShm = apNew;
+        p->nShm = iRegion+1;
+      }
+    }
+
+    if( rc==SQLITE_OK && p->apShm[iRegion]==0 ){
+      char *pNew = (char*)sqlite3_malloc(szRegion);
+      if( pNew==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        memset(pNew, 0, szRegion);
+        p->apShm[iRegion] = pNew;
+      }
+    }
+
+    if( rc==SQLITE_OK ){
+      *pp = p->apShm[iRegion];
+    }else{
+      *pp = 0;
+    }
+  }else{
+    assert( p->apShm==0 );
+    rc = p->pReal->pMethods->xShmMap(p->pReal, iRegion, szRegion, isWrite, pp);
+  }
+
+  return rc;
+}
+
+/*
+** Memory barrier.
+*/
+static void rbuVfsShmBarrier(sqlite3_file *pFile){
+  rbu_file *p = (rbu_file *)pFile;
+  p->pReal->pMethods->xShmBarrier(p->pReal);
+}
+
+/*
+** The xShmUnmap method.
+*/
+static int rbuVfsShmUnmap(sqlite3_file *pFile, int delFlag){
+  rbu_file *p = (rbu_file*)pFile;
+  int rc = SQLITE_OK;
+  int eStage = (p->pRbu ? p->pRbu->eStage : 0);
+
+  assert( p->openFlags & (SQLITE_OPEN_MAIN_DB|SQLITE_OPEN_TEMP_DB) );
+  if( eStage==RBU_STAGE_OAL || eStage==RBU_STAGE_MOVE ){
+    /* no-op */
+  }else{
+    /* Release the checkpointer and writer locks */
+    rbuUnlockShm(p);
+    rc = p->pReal->pMethods->xShmUnmap(p->pReal, delFlag);
+  }
+  return rc;
+}
+
+/*
+** Given that zWal points to a buffer containing a wal file name passed to 
+** either the xOpen() or xAccess() VFS method, return a pointer to the
+** file-handle opened by the same database connection on the corresponding
+** database file.
+*/
+static rbu_file *rbuFindMaindb(rbu_vfs *pRbuVfs, const char *zWal){
+  rbu_file *pDb;
+  sqlite3_mutex_enter(pRbuVfs->mutex);
+  for(pDb=pRbuVfs->pMain; pDb && pDb->zWal!=zWal; pDb=pDb->pMainNext);
+  sqlite3_mutex_leave(pRbuVfs->mutex);
+  return pDb;
+}
+
+/*
+** Open an rbu file handle.
+*/
+static int rbuVfsOpen(
+  sqlite3_vfs *pVfs,
+  const char *zName,
+  sqlite3_file *pFile,
+  int flags,
+  int *pOutFlags
+){
+  static sqlite3_io_methods rbuvfs_io_methods = {
+    2,                            /* iVersion */
+    rbuVfsClose,                  /* xClose */
+    rbuVfsRead,                   /* xRead */
+    rbuVfsWrite,                  /* xWrite */
+    rbuVfsTruncate,               /* xTruncate */
+    rbuVfsSync,                   /* xSync */
+    rbuVfsFileSize,               /* xFileSize */
+    rbuVfsLock,                   /* xLock */
+    rbuVfsUnlock,                 /* xUnlock */
+    rbuVfsCheckReservedLock,      /* xCheckReservedLock */
+    rbuVfsFileControl,            /* xFileControl */
+    rbuVfsSectorSize,             /* xSectorSize */
+    rbuVfsDeviceCharacteristics,  /* xDeviceCharacteristics */
+    rbuVfsShmMap,                 /* xShmMap */
+    rbuVfsShmLock,                /* xShmLock */
+    rbuVfsShmBarrier,             /* xShmBarrier */
+    rbuVfsShmUnmap,               /* xShmUnmap */
+    0, 0                          /* xFetch, xUnfetch */
+  };
+  rbu_vfs *pRbuVfs = (rbu_vfs*)pVfs;
+  sqlite3_vfs *pRealVfs = pRbuVfs->pRealVfs;
+  rbu_file *pFd = (rbu_file *)pFile;
+  int rc = SQLITE_OK;
+  const char *zOpen = zName;
+
+  memset(pFd, 0, sizeof(rbu_file));
+  pFd->pReal = (sqlite3_file*)&pFd[1];
+  pFd->pRbuVfs = pRbuVfs;
+  pFd->openFlags = flags;
+  if( zName ){
+    if( flags & SQLITE_OPEN_MAIN_DB ){
+      /* A main database has just been opened. The following block sets
+      ** (pFd->zWal) to point to a buffer owned by SQLite that contains
+      ** the name of the *-wal file this db connection will use. SQLite
+      ** happens to pass a pointer to this buffer when using xAccess()
+      ** or xOpen() to operate on the *-wal file.  */
+      int n = strlen(zName);
+      const char *z = &zName[n];
+      if( flags & SQLITE_OPEN_URI ){
+        int odd = 0;
+        while( 1 ){
+          if( z[0]==0 ){
+            odd = 1 - odd;
+            if( odd && z[1]==0 ) break;
+          }
+          z++;
+        }
+        z += 2;
+      }else{
+        while( *z==0 ) z++;
+      }
+      z += (n + 8 + 1);
+      pFd->zWal = z;
+    }
+    else if( flags & SQLITE_OPEN_WAL ){
+      rbu_file *pDb = rbuFindMaindb(pRbuVfs, zName);
+      if( pDb ){
+        if( pDb->pRbu && pDb->pRbu->eStage==RBU_STAGE_OAL ){
+          /* This call is to open a *-wal file. Intead, open the *-oal. This
+          ** code ensures that the string passed to xOpen() is terminated by a
+          ** pair of '\0' bytes in case the VFS attempts to extract a URI 
+          ** parameter from it.  */
+          int nCopy = strlen(zName);
+          char *zCopy = sqlite3_malloc(nCopy+2);
+          if( zCopy ){
+            memcpy(zCopy, zName, nCopy);
+            zCopy[nCopy-3] = 'o';
+            zCopy[nCopy] = '\0';
+            zCopy[nCopy+1] = '\0';
+            zOpen = (const char*)(pFd->zDel = zCopy);
+          }else{
+            rc = SQLITE_NOMEM;
+          }
+          pFd->pRbu = pDb->pRbu;
+        }
+        pDb->pWalFd = pFd;
+      }
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = pRealVfs->xOpen(pRealVfs, zOpen, pFd->pReal, flags, pOutFlags);
+  }
+  if( pFd->pReal->pMethods ){
+    /* The xOpen() operation has succeeded. Set the sqlite3_file.pMethods
+    ** pointer and, if the file is a main database file, link it into the
+    ** mutex protected linked list of all such files.  */
+    pFile->pMethods = &rbuvfs_io_methods;
+    if( flags & SQLITE_OPEN_MAIN_DB ){
+      sqlite3_mutex_enter(pRbuVfs->mutex);
+      pFd->pMainNext = pRbuVfs->pMain;
+      pRbuVfs->pMain = pFd;
+      sqlite3_mutex_leave(pRbuVfs->mutex);
+    }
+  }else{
+    sqlite3_free(pFd->zDel);
+  }
+
+  return rc;
+}
+
+/*
+** Delete the file located at zPath.
+*/
+static int rbuVfsDelete(sqlite3_vfs *pVfs, const char *zPath, int dirSync){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  return pRealVfs->xDelete(pRealVfs, zPath, dirSync);
+}
+
+/*
+** Test for access permissions. Return true if the requested permission
+** is available, or false otherwise.
+*/
+static int rbuVfsAccess(
+  sqlite3_vfs *pVfs, 
+  const char *zPath, 
+  int flags, 
+  int *pResOut
+){
+  rbu_vfs *pRbuVfs = (rbu_vfs*)pVfs;
+  sqlite3_vfs *pRealVfs = pRbuVfs->pRealVfs;
+  int rc;
+
+  rc = pRealVfs->xAccess(pRealVfs, zPath, flags, pResOut);
+
+  /* If this call is to check if a *-wal file associated with an RBU target
+  ** database connection exists, and the RBU update is in RBU_STAGE_OAL,
+  ** the following special handling is activated:
+  **
+  **   a) if the *-wal file does exist, return SQLITE_CANTOPEN. This
+  **      ensures that the RBU extension never tries to update a database
+  **      in wal mode, even if the first page of the database file has
+  **      been damaged. 
+  **
+  **   b) if the *-wal file does not exist, claim that it does anyway,
+  **      causing SQLite to call xOpen() to open it. This call will also
+  **      be intercepted (see the rbuVfsOpen() function) and the *-oal
+  **      file opened instead.
+  */
+  if( rc==SQLITE_OK && flags==SQLITE_ACCESS_EXISTS ){
+    rbu_file *pDb = rbuFindMaindb(pRbuVfs, zPath);
+    if( pDb && pDb->pRbu && pDb->pRbu->eStage==RBU_STAGE_OAL ){
+      if( *pResOut ){
+        rc = SQLITE_CANTOPEN;
+      }else{
+        *pResOut = 1;
+      }
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Populate buffer zOut with the full canonical pathname corresponding
+** to the pathname in zPath. zOut is guaranteed to point to a buffer
+** of at least (DEVSYM_MAX_PATHNAME+1) bytes.
+*/
+static int rbuVfsFullPathname(
+  sqlite3_vfs *pVfs, 
+  const char *zPath, 
+  int nOut, 
+  char *zOut
+){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  return pRealVfs->xFullPathname(pRealVfs, zPath, nOut, zOut);
+}
+
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+/*
+** Open the dynamic library located at zPath and return a handle.
+*/
+static void *rbuVfsDlOpen(sqlite3_vfs *pVfs, const char *zPath){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  return pRealVfs->xDlOpen(pRealVfs, zPath);
+}
+
+/*
+** Populate the buffer zErrMsg (size nByte bytes) with a human readable
+** utf-8 string describing the most recent error encountered associated 
+** with dynamic libraries.
+*/
+static void rbuVfsDlError(sqlite3_vfs *pVfs, int nByte, char *zErrMsg){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  pRealVfs->xDlError(pRealVfs, nByte, zErrMsg);
+}
+
+/*
+** Return a pointer to the symbol zSymbol in the dynamic library pHandle.
+*/
+static void (*rbuVfsDlSym(
+  sqlite3_vfs *pVfs, 
+  void *pArg, 
+  const char *zSym
+))(void){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  return pRealVfs->xDlSym(pRealVfs, pArg, zSym);
+}
+
+/*
+** Close the dynamic library handle pHandle.
+*/
+static void rbuVfsDlClose(sqlite3_vfs *pVfs, void *pHandle){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  pRealVfs->xDlClose(pRealVfs, pHandle);
+}
+#endif /* SQLITE_OMIT_LOAD_EXTENSION */
+
+/*
+** Populate the buffer pointed to by zBufOut with nByte bytes of 
+** random data.
+*/
+static int rbuVfsRandomness(sqlite3_vfs *pVfs, int nByte, char *zBufOut){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  return pRealVfs->xRandomness(pRealVfs, nByte, zBufOut);
+}
+
+/*
+** Sleep for nMicro microseconds. Return the number of microseconds 
+** actually slept.
+*/
+static int rbuVfsSleep(sqlite3_vfs *pVfs, int nMicro){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  return pRealVfs->xSleep(pRealVfs, nMicro);
+}
+
+/*
+** Return the current time as a Julian Day number in *pTimeOut.
+*/
+static int rbuVfsCurrentTime(sqlite3_vfs *pVfs, double *pTimeOut){
+  sqlite3_vfs *pRealVfs = ((rbu_vfs*)pVfs)->pRealVfs;
+  return pRealVfs->xCurrentTime(pRealVfs, pTimeOut);
+}
+
+/*
+** No-op.
+*/
+static int rbuVfsGetLastError(sqlite3_vfs *pVfs, int a, char *b){
+  return 0;
+}
+
+/*
+** Deregister and destroy an RBU vfs created by an earlier call to
+** sqlite3rbu_create_vfs().
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3rbu_destroy_vfs(const char *zName){
+  sqlite3_vfs *pVfs = sqlite3_vfs_find(zName);
+  if( pVfs && pVfs->xOpen==rbuVfsOpen ){
+    sqlite3_mutex_free(((rbu_vfs*)pVfs)->mutex);
+    sqlite3_vfs_unregister(pVfs);
+    sqlite3_free(pVfs);
+  }
+}
+
+/*
+** Create an RBU VFS named zName that accesses the underlying file-system
+** via existing VFS zParent. The new object is registered as a non-default
+** VFS with SQLite before returning.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3rbu_create_vfs(const char *zName, const char *zParent){
+
+  /* Template for VFS */
+  static sqlite3_vfs vfs_template = {
+    1,                            /* iVersion */
+    0,                            /* szOsFile */
+    0,                            /* mxPathname */
+    0,                            /* pNext */
+    0,                            /* zName */
+    0,                            /* pAppData */
+    rbuVfsOpen,                   /* xOpen */
+    rbuVfsDelete,                 /* xDelete */
+    rbuVfsAccess,                 /* xAccess */
+    rbuVfsFullPathname,           /* xFullPathname */
+
+#ifndef SQLITE_OMIT_LOAD_EXTENSION
+    rbuVfsDlOpen,                 /* xDlOpen */
+    rbuVfsDlError,                /* xDlError */
+    rbuVfsDlSym,                  /* xDlSym */
+    rbuVfsDlClose,                /* xDlClose */
+#else
+    0, 0, 0, 0,
+#endif
+
+    rbuVfsRandomness,             /* xRandomness */
+    rbuVfsSleep,                  /* xSleep */
+    rbuVfsCurrentTime,            /* xCurrentTime */
+    rbuVfsGetLastError,           /* xGetLastError */
+    0,                            /* xCurrentTimeInt64 (version 2) */
+    0, 0, 0                       /* Unimplemented version 3 methods */
+  };
+
+  rbu_vfs *pNew = 0;              /* Newly allocated VFS */
+  int nName;
+  int rc = SQLITE_OK;
+
+  int nByte;
+  nName = strlen(zName);
+  nByte = sizeof(rbu_vfs) + nName + 1;
+  pNew = (rbu_vfs*)sqlite3_malloc(nByte);
+  if( pNew==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    sqlite3_vfs *pParent;           /* Parent VFS */
+    memset(pNew, 0, nByte);
+    pParent = sqlite3_vfs_find(zParent);
+    if( pParent==0 ){
+      rc = SQLITE_NOTFOUND;
+    }else{
+      char *zSpace;
+      memcpy(&pNew->base, &vfs_template, sizeof(sqlite3_vfs));
+      pNew->base.mxPathname = pParent->mxPathname;
+      pNew->base.szOsFile = sizeof(rbu_file) + pParent->szOsFile;
+      pNew->pRealVfs = pParent;
+      pNew->base.zName = (const char*)(zSpace = (char*)&pNew[1]);
+      memcpy(zSpace, zName, nName);
+
+      /* Allocate the mutex and register the new VFS (not as the default) */
+      pNew->mutex = sqlite3_mutex_alloc(SQLITE_MUTEX_RECURSIVE);
+      if( pNew->mutex==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        rc = sqlite3_vfs_register(&pNew->base, 0);
+      }
+    }
+
+    if( rc!=SQLITE_OK ){
+      sqlite3_mutex_free(pNew->mutex);
+      sqlite3_free(pNew);
+    }
+  }
+
+  return rc;
+}
+
+
+/**************************************************************************/
+
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_RBU) */
+
+/************** End of sqlite3rbu.c ******************************************/
+/************** Begin file dbstat.c ******************************************/
+/*
+** 2010 July 12
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This file contains an implementation of the "dbstat" virtual table.
+**
+** The dbstat virtual table is used to extract low-level formatting
+** information from an SQLite database in order to implement the
+** "sqlite3_analyzer" utility.  See the ../tool/spaceanal.tcl script
+** for an example implementation.
+**
+** Additional information is available on the "dbstat.html" page of the
+** official SQLite documentation.
+*/
+
+/* #include "sqliteInt.h"   ** Requires access to internal data structures ** */
+#if (defined(SQLITE_ENABLE_DBSTAT_VTAB) || defined(SQLITE_TEST)) \
+    && !defined(SQLITE_OMIT_VIRTUALTABLE)
+
+/*
+** Page paths:
+** 
+**   The value of the 'path' column describes the path taken from the 
+**   root-node of the b-tree structure to each page. The value of the 
+**   root-node path is '/'.
+**
+**   The value of the path for the left-most child page of the root of
+**   a b-tree is '/000/'. (Btrees store content ordered from left to right
+**   so the pages to the left have smaller keys than the pages to the right.)
+**   The next to left-most child of the root page is
+**   '/001', and so on, each sibling page identified by a 3-digit hex 
+**   value. The children of the 451st left-most sibling have paths such
+**   as '/1c2/000/, '/1c2/001/' etc.
+**
+**   Overflow pages are specified by appending a '+' character and a 
+**   six-digit hexadecimal value to the path to the cell they are linked
+**   from. For example, the three overflow pages in a chain linked from 
+**   the left-most cell of the 450th child of the root page are identified
+**   by the paths:
+**
+**      '/1c2/000+000000'         // First page in overflow chain
+**      '/1c2/000+000001'         // Second page in overflow chain
+**      '/1c2/000+000002'         // Third page in overflow chain
+**
+**   If the paths are sorted using the BINARY collation sequence, then
+**   the overflow pages associated with a cell will appear earlier in the
+**   sort-order than its child page:
+**
+**      '/1c2/000/'               // Left-most child of 451st child of root
+*/
+#define VTAB_SCHEMA                                                         \
+  "CREATE TABLE xx( "                                                       \
+  "  name       STRING,           /* Name of table or index */"             \
+  "  path       INTEGER,          /* Path to page from root */"             \
+  "  pageno     INTEGER,          /* Page number */"                        \
+  "  pagetype   STRING,           /* 'internal', 'leaf' or 'overflow' */"   \
+  "  ncell      INTEGER,          /* Cells on page (0 for overflow) */"     \
+  "  payload    INTEGER,          /* Bytes of payload on this page */"      \
+  "  unused     INTEGER,          /* Bytes of unused space on this page */" \
+  "  mx_payload INTEGER,          /* Largest payload size of all cells */"  \
+  "  pgoffset   INTEGER,          /* Offset of page in file */"             \
+  "  pgsize     INTEGER,          /* Size of the page */"                   \
+  "  schema     TEXT HIDDEN       /* Database schema being analyzed */"     \
+  ");"
+
+
+typedef struct StatTable StatTable;
+typedef struct StatCursor StatCursor;
+typedef struct StatPage StatPage;
+typedef struct StatCell StatCell;
+
+struct StatCell {
+  int nLocal;                     /* Bytes of local payload */
+  u32 iChildPg;                   /* Child node (or 0 if this is a leaf) */
+  int nOvfl;                      /* Entries in aOvfl[] */
+  u32 *aOvfl;                     /* Array of overflow page numbers */
+  int nLastOvfl;                  /* Bytes of payload on final overflow page */
+  int iOvfl;                      /* Iterates through aOvfl[] */
+};
+
+struct StatPage {
+  u32 iPgno;
+  DbPage *pPg;
+  int iCell;
+
+  char *zPath;                    /* Path to this page */
+
+  /* Variables populated by statDecodePage(): */
+  u8 flags;                       /* Copy of flags byte */
+  int nCell;                      /* Number of cells on page */
+  int nUnused;                    /* Number of unused bytes on page */
+  StatCell *aCell;                /* Array of parsed cells */
+  u32 iRightChildPg;              /* Right-child page number (or 0) */
+  int nMxPayload;                 /* Largest payload of any cell on this page */
+};
+
+struct StatCursor {
+  sqlite3_vtab_cursor base;
+  sqlite3_stmt *pStmt;            /* Iterates through set of root pages */
+  int isEof;                      /* After pStmt has returned SQLITE_DONE */
+  int iDb;                        /* Schema used for this query */
+
+  StatPage aPage[32];
+  int iPage;                      /* Current entry in aPage[] */
+
+  /* Values to return. */
+  char *zName;                    /* Value of 'name' column */
+  char *zPath;                    /* Value of 'path' column */
+  u32 iPageno;                    /* Value of 'pageno' column */
+  char *zPagetype;                /* Value of 'pagetype' column */
+  int nCell;                      /* Value of 'ncell' column */
+  int nPayload;                   /* Value of 'payload' column */
+  int nUnused;                    /* Value of 'unused' column */
+  int nMxPayload;                 /* Value of 'mx_payload' column */
+  i64 iOffset;                    /* Value of 'pgOffset' column */
+  int szPage;                     /* Value of 'pgSize' column */
+};
+
+struct StatTable {
+  sqlite3_vtab base;
+  sqlite3 *db;
+  int iDb;                        /* Index of database to analyze */
+};
+
+#ifndef get2byte
+# define get2byte(x)   ((x)[0]<<8 | (x)[1])
+#endif
+
+/*
+** Connect to or create a statvfs virtual table.
+*/
+static int statConnect(
+  sqlite3 *db,
+  void *pAux,
+  int argc, const char *const*argv,
+  sqlite3_vtab **ppVtab,
+  char **pzErr
+){
+  StatTable *pTab = 0;
+  int rc = SQLITE_OK;
+  int iDb;
+
+  if( argc>=4 ){
+    iDb = sqlite3FindDbName(db, argv[3]);
+    if( iDb<0 ){
+      *pzErr = sqlite3_mprintf("no such database: %s", argv[3]);
+      return SQLITE_ERROR;
+    }
+  }else{
+    iDb = 0;
+  }
+  rc = sqlite3_declare_vtab(db, VTAB_SCHEMA);
+  if( rc==SQLITE_OK ){
+    pTab = (StatTable *)sqlite3_malloc64(sizeof(StatTable));
+    if( pTab==0 ) rc = SQLITE_NOMEM;
+  }
+
+  assert( rc==SQLITE_OK || pTab==0 );
+  if( rc==SQLITE_OK ){
+    memset(pTab, 0, sizeof(StatTable));
+    pTab->db = db;
+    pTab->iDb = iDb;
+  }
+
+  *ppVtab = (sqlite3_vtab*)pTab;
+  return rc;
+}
+
+/*
+** Disconnect from or destroy a statvfs virtual table.
+*/
+static int statDisconnect(sqlite3_vtab *pVtab){
+  sqlite3_free(pVtab);
+  return SQLITE_OK;
+}
+
+/*
+** There is no "best-index". This virtual table always does a linear
+** scan.  However, a schema=? constraint should cause this table to
+** operate on a different database schema, so check for it.
+**
+** idxNum is normally 0, but will be 1 if a schema=? constraint exists.
+*/
+static int statBestIndex(sqlite3_vtab *tab, sqlite3_index_info *pIdxInfo){
+  int i;
+
+  pIdxInfo->estimatedCost = 1.0e6;  /* Initial cost estimate */
+
+  /* Look for a valid schema=? constraint.  If found, change the idxNum to
+  ** 1 and request the value of that constraint be sent to xFilter.  And
+  ** lower the cost estimate to encourage the constrained version to be
+  ** used.
+  */
+  for(i=0; i<pIdxInfo->nConstraint; i++){
+    if( pIdxInfo->aConstraint[i].usable==0 ) continue;
+    if( pIdxInfo->aConstraint[i].op!=SQLITE_INDEX_CONSTRAINT_EQ ) continue;
+    if( pIdxInfo->aConstraint[i].iColumn!=10 ) continue;
+    pIdxInfo->idxNum = 1;
+    pIdxInfo->estimatedCost = 1.0;
+    pIdxInfo->aConstraintUsage[i].argvIndex = 1;
+    pIdxInfo->aConstraintUsage[i].omit = 1;
+    break;
+  }
+
+
+  /* Records are always returned in ascending order of (name, path). 
+  ** If this will satisfy the client, set the orderByConsumed flag so that 
+  ** SQLite does not do an external sort.
+  */
+  if( ( pIdxInfo->nOrderBy==1
+     && pIdxInfo->aOrderBy[0].iColumn==0
+     && pIdxInfo->aOrderBy[0].desc==0
+     ) ||
+      ( pIdxInfo->nOrderBy==2
+     && pIdxInfo->aOrderBy[0].iColumn==0
+     && pIdxInfo->aOrderBy[0].desc==0
+     && pIdxInfo->aOrderBy[1].iColumn==1
+     && pIdxInfo->aOrderBy[1].desc==0
+     )
+  ){
+    pIdxInfo->orderByConsumed = 1;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Open a new statvfs cursor.
+*/
+static int statOpen(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor){
+  StatTable *pTab = (StatTable *)pVTab;
+  StatCursor *pCsr;
+
+  pCsr = (StatCursor *)sqlite3_malloc64(sizeof(StatCursor));
+  if( pCsr==0 ){
+    return SQLITE_NOMEM;
+  }else{
+    memset(pCsr, 0, sizeof(StatCursor));
+    pCsr->base.pVtab = pVTab;
+    pCsr->iDb = pTab->iDb;
+  }
+
+  *ppCursor = (sqlite3_vtab_cursor *)pCsr;
+  return SQLITE_OK;
+}
+
+static void statClearPage(StatPage *p){
+  int i;
+  if( p->aCell ){
+    for(i=0; i<p->nCell; i++){
+      sqlite3_free(p->aCell[i].aOvfl);
+    }
+    sqlite3_free(p->aCell);
+  }
+  sqlite3PagerUnref(p->pPg);
+  sqlite3_free(p->zPath);
+  memset(p, 0, sizeof(StatPage));
+}
+
+static void statResetCsr(StatCursor *pCsr){
+  int i;
+  sqlite3_reset(pCsr->pStmt);
+  for(i=0; i<ArraySize(pCsr->aPage); i++){
+    statClearPage(&pCsr->aPage[i]);
+  }
+  pCsr->iPage = 0;
+  sqlite3_free(pCsr->zPath);
+  pCsr->zPath = 0;
+  pCsr->isEof = 0;
+}
+
+/*
+** Close a statvfs cursor.
+*/
+static int statClose(sqlite3_vtab_cursor *pCursor){
+  StatCursor *pCsr = (StatCursor *)pCursor;
+  statResetCsr(pCsr);
+  sqlite3_finalize(pCsr->pStmt);
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+static void getLocalPayload(
+  int nUsable,                    /* Usable bytes per page */
+  u8 flags,                       /* Page flags */
+  int nTotal,                     /* Total record (payload) size */
+  int *pnLocal                    /* OUT: Bytes stored locally */
+){
+  int nLocal;
+  int nMinLocal;
+  int nMaxLocal;
+ 
+  if( flags==0x0D ){              /* Table leaf node */
+    nMinLocal = (nUsable - 12) * 32 / 255 - 23;
+    nMaxLocal = nUsable - 35;
+  }else{                          /* Index interior and leaf nodes */
+    nMinLocal = (nUsable - 12) * 32 / 255 - 23;
+    nMaxLocal = (nUsable - 12) * 64 / 255 - 23;
+  }
+
+  nLocal = nMinLocal + (nTotal - nMinLocal) % (nUsable - 4);
+  if( nLocal>nMaxLocal ) nLocal = nMinLocal;
+  *pnLocal = nLocal;
+}
+
+static int statDecodePage(Btree *pBt, StatPage *p){
+  int nUnused;
+  int iOff;
+  int nHdr;
+  int isLeaf;
+  int szPage;
+
+  u8 *aData = sqlite3PagerGetData(p->pPg);
+  u8 *aHdr = &aData[p->iPgno==1 ? 100 : 0];
+
+  p->flags = aHdr[0];
+  p->nCell = get2byte(&aHdr[3]);
+  p->nMxPayload = 0;
+
+  isLeaf = (p->flags==0x0A || p->flags==0x0D);
+  nHdr = 12 - isLeaf*4 + (p->iPgno==1)*100;
+
+  nUnused = get2byte(&aHdr[5]) - nHdr - 2*p->nCell;
+  nUnused += (int)aHdr[7];
+  iOff = get2byte(&aHdr[1]);
+  while( iOff ){
+    nUnused += get2byte(&aData[iOff+2]);
+    iOff = get2byte(&aData[iOff]);
+  }
+  p->nUnused = nUnused;
+  p->iRightChildPg = isLeaf ? 0 : sqlite3Get4byte(&aHdr[8]);
+  szPage = sqlite3BtreeGetPageSize(pBt);
+
+  if( p->nCell ){
+    int i;                        /* Used to iterate through cells */
+    int nUsable;                  /* Usable bytes per page */
+
+    sqlite3BtreeEnter(pBt);
+    nUsable = szPage - sqlite3BtreeGetReserveNoMutex(pBt);
+    sqlite3BtreeLeave(pBt);
+    p->aCell = sqlite3_malloc64((p->nCell+1) * sizeof(StatCell));
+    if( p->aCell==0 ) return SQLITE_NOMEM;
+    memset(p->aCell, 0, (p->nCell+1) * sizeof(StatCell));
+
+    for(i=0; i<p->nCell; i++){
+      StatCell *pCell = &p->aCell[i];
+
+      iOff = get2byte(&aData[nHdr+i*2]);
+      if( !isLeaf ){
+        pCell->iChildPg = sqlite3Get4byte(&aData[iOff]);
+        iOff += 4;
+      }
+      if( p->flags==0x05 ){
+        /* A table interior node. nPayload==0. */
+      }else{
+        u32 nPayload;             /* Bytes of payload total (local+overflow) */
+        int nLocal;               /* Bytes of payload stored locally */
+        iOff += getVarint32(&aData[iOff], nPayload);
+        if( p->flags==0x0D ){
+          u64 dummy;
+          iOff += sqlite3GetVarint(&aData[iOff], &dummy);
+        }
+        if( nPayload>(u32)p->nMxPayload ) p->nMxPayload = nPayload;
+        getLocalPayload(nUsable, p->flags, nPayload, &nLocal);
+        pCell->nLocal = nLocal;
+        assert( nLocal>=0 );
+        assert( nPayload>=(u32)nLocal );
+        assert( nLocal<=(nUsable-35) );
+        if( nPayload>(u32)nLocal ){
+          int j;
+          int nOvfl = ((nPayload - nLocal) + nUsable-4 - 1) / (nUsable - 4);
+          pCell->nLastOvfl = (nPayload-nLocal) - (nOvfl-1) * (nUsable-4);
+          pCell->nOvfl = nOvfl;
+          pCell->aOvfl = sqlite3_malloc64(sizeof(u32)*nOvfl);
+          if( pCell->aOvfl==0 ) return SQLITE_NOMEM;
+          pCell->aOvfl[0] = sqlite3Get4byte(&aData[iOff+nLocal]);
+          for(j=1; j<nOvfl; j++){
+            int rc;
+            u32 iPrev = pCell->aOvfl[j-1];
+            DbPage *pPg = 0;
+            rc = sqlite3PagerGet(sqlite3BtreePager(pBt), iPrev, &pPg, 0);
+            if( rc!=SQLITE_OK ){
+              assert( pPg==0 );
+              return rc;
+            } 
+            pCell->aOvfl[j] = sqlite3Get4byte(sqlite3PagerGetData(pPg));
+            sqlite3PagerUnref(pPg);
+          }
+        }
+      }
+    }
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** Populate the pCsr->iOffset and pCsr->szPage member variables. Based on
+** the current value of pCsr->iPageno.
+*/
+static void statSizeAndOffset(StatCursor *pCsr){
+  StatTable *pTab = (StatTable *)((sqlite3_vtab_cursor *)pCsr)->pVtab;
+  Btree *pBt = pTab->db->aDb[pTab->iDb].pBt;
+  Pager *pPager = sqlite3BtreePager(pBt);
+  sqlite3_file *fd;
+  sqlite3_int64 x[2];
+
+  /* The default page size and offset */
+  pCsr->szPage = sqlite3BtreeGetPageSize(pBt);
+  pCsr->iOffset = (i64)pCsr->szPage * (pCsr->iPageno - 1);
+
+  /* If connected to a ZIPVFS backend, override the page size and
+  ** offset with actual values obtained from ZIPVFS.
+  */
+  fd = sqlite3PagerFile(pPager);
+  x[0] = pCsr->iPageno;
+  if( fd->pMethods!=0 && sqlite3OsFileControl(fd, 230440, &x)==SQLITE_OK ){
+    pCsr->iOffset = x[0];
+    pCsr->szPage = (int)x[1];
+  }
+}
+
+/*
+** Move a statvfs cursor to the next entry in the file.
+*/
+static int statNext(sqlite3_vtab_cursor *pCursor){
+  int rc;
+  int nPayload;
+  char *z;
+  StatCursor *pCsr = (StatCursor *)pCursor;
+  StatTable *pTab = (StatTable *)pCursor->pVtab;
+  Btree *pBt = pTab->db->aDb[pCsr->iDb].pBt;
+  Pager *pPager = sqlite3BtreePager(pBt);
+
+  sqlite3_free(pCsr->zPath);
+  pCsr->zPath = 0;
+
+statNextRestart:
+  if( pCsr->aPage[0].pPg==0 ){
+    rc = sqlite3_step(pCsr->pStmt);
+    if( rc==SQLITE_ROW ){
+      int nPage;
+      u32 iRoot = (u32)sqlite3_column_int64(pCsr->pStmt, 1);
+      sqlite3PagerPagecount(pPager, &nPage);
+      if( nPage==0 ){
+        pCsr->isEof = 1;
+        return sqlite3_reset(pCsr->pStmt);
+      }
+      rc = sqlite3PagerGet(pPager, iRoot, &pCsr->aPage[0].pPg, 0);
+      pCsr->aPage[0].iPgno = iRoot;
+      pCsr->aPage[0].iCell = 0;
+      pCsr->aPage[0].zPath = z = sqlite3_mprintf("/");
+      pCsr->iPage = 0;
+      if( z==0 ) rc = SQLITE_NOMEM;
+    }else{
+      pCsr->isEof = 1;
+      return sqlite3_reset(pCsr->pStmt);
+    }
+  }else{
+
+    /* Page p itself has already been visited. */
+    StatPage *p = &pCsr->aPage[pCsr->iPage];
+
+    while( p->iCell<p->nCell ){
+      StatCell *pCell = &p->aCell[p->iCell];
+      if( pCell->iOvfl<pCell->nOvfl ){
+        int nUsable;
+        sqlite3BtreeEnter(pBt);
+        nUsable = sqlite3BtreeGetPageSize(pBt) - 
+                        sqlite3BtreeGetReserveNoMutex(pBt);
+        sqlite3BtreeLeave(pBt);
+        pCsr->zName = (char *)sqlite3_column_text(pCsr->pStmt, 0);
+        pCsr->iPageno = pCell->aOvfl[pCell->iOvfl];
+        pCsr->zPagetype = "overflow";
+        pCsr->nCell = 0;
+        pCsr->nMxPayload = 0;
+        pCsr->zPath = z = sqlite3_mprintf(
+            "%s%.3x+%.6x", p->zPath, p->iCell, pCell->iOvfl
+        );
+        if( pCell->iOvfl<pCell->nOvfl-1 ){
+          pCsr->nUnused = 0;
+          pCsr->nPayload = nUsable - 4;
+        }else{
+          pCsr->nPayload = pCell->nLastOvfl;
+          pCsr->nUnused = nUsable - 4 - pCsr->nPayload;
+        }
+        pCell->iOvfl++;
+        statSizeAndOffset(pCsr);
+        return z==0 ? SQLITE_NOMEM : SQLITE_OK;
+      }
+      if( p->iRightChildPg ) break;
+      p->iCell++;
+    }
+
+    if( !p->iRightChildPg || p->iCell>p->nCell ){
+      statClearPage(p);
+      if( pCsr->iPage==0 ) return statNext(pCursor);
+      pCsr->iPage--;
+      goto statNextRestart; /* Tail recursion */
+    }
+    pCsr->iPage++;
+    assert( p==&pCsr->aPage[pCsr->iPage-1] );
+
+    if( p->iCell==p->nCell ){
+      p[1].iPgno = p->iRightChildPg;
+    }else{
+      p[1].iPgno = p->aCell[p->iCell].iChildPg;
+    }
+    rc = sqlite3PagerGet(pPager, p[1].iPgno, &p[1].pPg, 0);
+    p[1].iCell = 0;
+    p[1].zPath = z = sqlite3_mprintf("%s%.3x/", p->zPath, p->iCell);
+    p->iCell++;
+    if( z==0 ) rc = SQLITE_NOMEM;
+  }
+
+
+  /* Populate the StatCursor fields with the values to be returned
+  ** by the xColumn() and xRowid() methods.
+  */
+  if( rc==SQLITE_OK ){
+    int i;
+    StatPage *p = &pCsr->aPage[pCsr->iPage];
+    pCsr->zName = (char *)sqlite3_column_text(pCsr->pStmt, 0);
+    pCsr->iPageno = p->iPgno;
+
+    rc = statDecodePage(pBt, p);
+    if( rc==SQLITE_OK ){
+      statSizeAndOffset(pCsr);
+
+      switch( p->flags ){
+        case 0x05:             /* table internal */
+        case 0x02:             /* index internal */
+          pCsr->zPagetype = "internal";
+          break;
+        case 0x0D:             /* table leaf */
+        case 0x0A:             /* index leaf */
+          pCsr->zPagetype = "leaf";
+          break;
+        default:
+          pCsr->zPagetype = "corrupted";
+          break;
+      }
+      pCsr->nCell = p->nCell;
+      pCsr->nUnused = p->nUnused;
+      pCsr->nMxPayload = p->nMxPayload;
+      pCsr->zPath = z = sqlite3_mprintf("%s", p->zPath);
+      if( z==0 ) rc = SQLITE_NOMEM;
+      nPayload = 0;
+      for(i=0; i<p->nCell; i++){
+        nPayload += p->aCell[i].nLocal;
+      }
+      pCsr->nPayload = nPayload;
+    }
+  }
+
+  return rc;
+}
+
+static int statEof(sqlite3_vtab_cursor *pCursor){
+  StatCursor *pCsr = (StatCursor *)pCursor;
+  return pCsr->isEof;
+}
+
+static int statFilter(
+  sqlite3_vtab_cursor *pCursor, 
+  int idxNum, const char *idxStr,
+  int argc, sqlite3_value **argv
+){
+  StatCursor *pCsr = (StatCursor *)pCursor;
+  StatTable *pTab = (StatTable*)(pCursor->pVtab);
+  char *zSql;
+  int rc = SQLITE_OK;
+  char *zMaster;
+
+  if( idxNum==1 ){
+    const char *zDbase = (const char*)sqlite3_value_text(argv[0]);
+    pCsr->iDb = sqlite3FindDbName(pTab->db, zDbase);
+    if( pCsr->iDb<0 ){
+      sqlite3_free(pCursor->pVtab->zErrMsg);
+      pCursor->pVtab->zErrMsg = sqlite3_mprintf("no such schema: %s", zDbase);
+      return pCursor->pVtab->zErrMsg ? SQLITE_ERROR : SQLITE_NOMEM;
+    }
+  }else{
+    pCsr->iDb = pTab->iDb;
+  }
+  statResetCsr(pCsr);
+  sqlite3_finalize(pCsr->pStmt);
+  pCsr->pStmt = 0;
+  zMaster = pCsr->iDb==1 ? "sqlite_temp_master" : "sqlite_master";
+  zSql = sqlite3_mprintf(
+      "SELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type"
+      "  UNION ALL  "
+      "SELECT name, rootpage, type"
+      "  FROM \"%w\".%s WHERE rootpage!=0"
+      "  ORDER BY name", pTab->db->aDb[pCsr->iDb].zName, zMaster);
+  if( zSql==0 ){
+    return SQLITE_NOMEM;
+  }else{
+    rc = sqlite3_prepare_v2(pTab->db, zSql, -1, &pCsr->pStmt, 0);
+    sqlite3_free(zSql);
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = statNext(pCursor);
+  }
+  return rc;
+}
+
+static int statColumn(
+  sqlite3_vtab_cursor *pCursor, 
+  sqlite3_context *ctx, 
+  int i
+){
+  StatCursor *pCsr = (StatCursor *)pCursor;
+  switch( i ){
+    case 0:            /* name */
+      sqlite3_result_text(ctx, pCsr->zName, -1, SQLITE_TRANSIENT);
+      break;
+    case 1:            /* path */
+      sqlite3_result_text(ctx, pCsr->zPath, -1, SQLITE_TRANSIENT);
+      break;
+    case 2:            /* pageno */
+      sqlite3_result_int64(ctx, pCsr->iPageno);
+      break;
+    case 3:            /* pagetype */
+      sqlite3_result_text(ctx, pCsr->zPagetype, -1, SQLITE_STATIC);
+      break;
+    case 4:            /* ncell */
+      sqlite3_result_int(ctx, pCsr->nCell);
+      break;
+    case 5:            /* payload */
+      sqlite3_result_int(ctx, pCsr->nPayload);
+      break;
+    case 6:            /* unused */
+      sqlite3_result_int(ctx, pCsr->nUnused);
+      break;
+    case 7:            /* mx_payload */
+      sqlite3_result_int(ctx, pCsr->nMxPayload);
+      break;
+    case 8:            /* pgoffset */
+      sqlite3_result_int64(ctx, pCsr->iOffset);
+      break;
+    case 9:            /* pgsize */
+      sqlite3_result_int(ctx, pCsr->szPage);
+      break;
+    default: {          /* schema */
+      sqlite3 *db = sqlite3_context_db_handle(ctx);
+      int iDb = pCsr->iDb;
+      sqlite3_result_text(ctx, db->aDb[iDb].zName, -1, SQLITE_STATIC);
+      break;
+    }
+  }
+  return SQLITE_OK;
+}
+
+static int statRowid(sqlite3_vtab_cursor *pCursor, sqlite_int64 *pRowid){
+  StatCursor *pCsr = (StatCursor *)pCursor;
+  *pRowid = pCsr->iPageno;
+  return SQLITE_OK;
+}
+
+/*
+** Invoke this routine to register the "dbstat" virtual table module
+*/
+SQLITE_PRIVATE int sqlite3DbstatRegister(sqlite3 *db){
+  static sqlite3_module dbstat_module = {
+    0,                            /* iVersion */
+    statConnect,                  /* xCreate */
+    statConnect,                  /* xConnect */
+    statBestIndex,                /* xBestIndex */
+    statDisconnect,               /* xDisconnect */
+    statDisconnect,               /* xDestroy */
+    statOpen,                     /* xOpen - open a cursor */
+    statClose,                    /* xClose - close a cursor */
+    statFilter,                   /* xFilter - configure scan constraints */
+    statNext,                     /* xNext - advance a cursor */
+    statEof,                      /* xEof - check for end of scan */
+    statColumn,                   /* xColumn - read data */
+    statRowid,                    /* xRowid - read data */
+    0,                            /* xUpdate */
+    0,                            /* xBegin */
+    0,                            /* xSync */
+    0,                            /* xCommit */
+    0,                            /* xRollback */
+    0,                            /* xFindMethod */
+    0,                            /* xRename */
+  };
+  return sqlite3_create_module(db, "dbstat", &dbstat_module, 0);
+}
+#elif defined(SQLITE_ENABLE_DBSTAT_VTAB)
+SQLITE_PRIVATE int sqlite3DbstatRegister(sqlite3 *db){ return SQLITE_OK; }
+#endif /* SQLITE_ENABLE_DBSTAT_VTAB */
+
+/************** End of dbstat.c **********************************************/
+/************** Begin file json1.c *******************************************/
+/*
+** 2015-08-12
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This SQLite extension implements JSON functions.  The interface is
+** modeled after MySQL JSON functions:
+**
+**     https://dev.mysql.com/doc/refman/5.7/en/json.html
+**
+** For the time being, all JSON is stored as pure text.  (We might add
+** a JSONB type in the future which stores a binary encoding of JSON in
+** a BLOB, but there is no support for JSONB in the current implementation.
+** This implementation parses JSON text at 250 MB/s, so it is hard to see
+** how JSONB might improve on that.)
+*/
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_JSON1)
+#if !defined(_SQLITEINT_H_)
+/* #include "sqlite3ext.h" */
+#endif
+SQLITE_EXTENSION_INIT1
+/* #include <assert.h> */
+/* #include <string.h> */
+/* #include <stdlib.h> */
+/* #include <stdarg.h> */
+
+#define UNUSED_PARAM(X)  (void)(X)
+
+#ifndef LARGEST_INT64
+# define LARGEST_INT64  (0xffffffff|(((sqlite3_int64)0x7fffffff)<<32))
+# define SMALLEST_INT64 (((sqlite3_int64)-1) - LARGEST_INT64)
+#endif
+
+/*
+** Versions of isspace(), isalnum() and isdigit() to which it is safe
+** to pass signed char values.
+*/
+#ifdef sqlite3Isdigit
+   /* Use the SQLite core versions if this routine is part of the
+   ** SQLite amalgamation */
+#  define safe_isdigit(x) sqlite3Isdigit(x)
+#  define safe_isalnum(x) sqlite3Isalnum(x)
+#else
+   /* Use the standard library for separate compilation */
+#include <ctype.h>  /* amalgamator: keep */
+#  define safe_isdigit(x) isdigit((unsigned char)(x))
+#  define safe_isalnum(x) isalnum((unsigned char)(x))
+#endif
+
+/*
+** Growing our own isspace() routine this way is twice as fast as
+** the library isspace() function, resulting in a 7% overall performance
+** increase for the parser.  (Ubuntu14.10 gcc 4.8.4 x64 with -Os).
+*/
+static const char jsonIsSpace[] = {
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 1, 1, 0, 0, 1, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  1, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0,     0, 0, 0, 0, 0, 0, 0, 0,
+};
+#define safe_isspace(x) (jsonIsSpace[(unsigned char)x])
+
+#ifndef SQLITE_AMALGAMATION
+  /* Unsigned integer types.  These are already defined in the sqliteInt.h,
+  ** but the definitions need to be repeated for separate compilation. */
+  typedef sqlite3_uint64 u64;
+  typedef unsigned int u32;
+  typedef unsigned char u8;
+#endif
+
+/* Objects */
+typedef struct JsonString JsonString;
+typedef struct JsonNode JsonNode;
+typedef struct JsonParse JsonParse;
+
+/* An instance of this object represents a JSON string
+** under construction.  Really, this is a generic string accumulator
+** that can be and is used to create strings other than JSON.
+*/
+struct JsonString {
+  sqlite3_context *pCtx;   /* Function context - put error messages here */
+  char *zBuf;              /* Append JSON content here */
+  u64 nAlloc;              /* Bytes of storage available in zBuf[] */
+  u64 nUsed;               /* Bytes of zBuf[] currently used */
+  u8 bStatic;              /* True if zBuf is static space */
+  u8 bErr;                 /* True if an error has been encountered */
+  char zSpace[100];        /* Initial static space */
+};
+
+/* JSON type values
+*/
+#define JSON_NULL     0
+#define JSON_TRUE     1
+#define JSON_FALSE    2
+#define JSON_INT      3
+#define JSON_REAL     4
+#define JSON_STRING   5
+#define JSON_ARRAY    6
+#define JSON_OBJECT   7
+
+/* The "subtype" set for JSON values */
+#define JSON_SUBTYPE  74    /* Ascii for "J" */
+
+/*
+** Names of the various JSON types:
+*/
+static const char * const jsonType[] = {
+  "null", "true", "false", "integer", "real", "text", "array", "object"
+};
+
+/* Bit values for the JsonNode.jnFlag field
+*/
+#define JNODE_RAW     0x01         /* Content is raw, not JSON encoded */
+#define JNODE_ESCAPE  0x02         /* Content is text with \ escapes */
+#define JNODE_REMOVE  0x04         /* Do not output */
+#define JNODE_REPLACE 0x08         /* Replace with JsonNode.iVal */
+#define JNODE_APPEND  0x10         /* More ARRAY/OBJECT entries at u.iAppend */
+#define JNODE_LABEL   0x20         /* Is a label of an object */
+
+
+/* A single node of parsed JSON
+*/
+struct JsonNode {
+  u8 eType;              /* One of the JSON_ type values */
+  u8 jnFlags;            /* JNODE flags */
+  u8 iVal;               /* Replacement value when JNODE_REPLACE */
+  u32 n;                 /* Bytes of content, or number of sub-nodes */
+  union {
+    const char *zJContent; /* Content for INT, REAL, and STRING */
+    u32 iAppend;           /* More terms for ARRAY and OBJECT */
+    u32 iKey;              /* Key for ARRAY objects in json_tree() */
+  } u;
+};
+
+/* A completely parsed JSON string
+*/
+struct JsonParse {
+  u32 nNode;         /* Number of slots of aNode[] used */
+  u32 nAlloc;        /* Number of slots of aNode[] allocated */
+  JsonNode *aNode;   /* Array of nodes containing the parse */
+  const char *zJson; /* Original JSON string */
+  u32 *aUp;          /* Index of parent of each node */
+  u8 oom;            /* Set to true if out of memory */
+  u8 nErr;           /* Number of errors seen */
+};
+
+/**************************************************************************
+** Utility routines for dealing with JsonString objects
+**************************************************************************/
+
+/* Set the JsonString object to an empty string
+*/
+static void jsonZero(JsonString *p){
+  p->zBuf = p->zSpace;
+  p->nAlloc = sizeof(p->zSpace);
+  p->nUsed = 0;
+  p->bStatic = 1;
+}
+
+/* Initialize the JsonString object
+*/
+static void jsonInit(JsonString *p, sqlite3_context *pCtx){
+  p->pCtx = pCtx;
+  p->bErr = 0;
+  jsonZero(p);
+}
+
+
+/* Free all allocated memory and reset the JsonString object back to its
+** initial state.
+*/
+static void jsonReset(JsonString *p){
+  if( !p->bStatic ) sqlite3_free(p->zBuf);
+  jsonZero(p);
+}
+
+
+/* Report an out-of-memory (OOM) condition 
+*/
+static void jsonOom(JsonString *p){
+  p->bErr = 1;
+  sqlite3_result_error_nomem(p->pCtx);
+  jsonReset(p);
+}
+
+/* Enlarge pJson->zBuf so that it can hold at least N more bytes.
+** Return zero on success.  Return non-zero on an OOM error
+*/
+static int jsonGrow(JsonString *p, u32 N){
+  u64 nTotal = N<p->nAlloc ? p->nAlloc*2 : p->nAlloc+N+10;
+  char *zNew;
+  if( p->bStatic ){
+    if( p->bErr ) return 1;
+    zNew = sqlite3_malloc64(nTotal);
+    if( zNew==0 ){
+      jsonOom(p);
+      return SQLITE_NOMEM;
+    }
+    memcpy(zNew, p->zBuf, (size_t)p->nUsed);
+    p->zBuf = zNew;
+    p->bStatic = 0;
+  }else{
+    zNew = sqlite3_realloc64(p->zBuf, nTotal);
+    if( zNew==0 ){
+      jsonOom(p);
+      return SQLITE_NOMEM;
+    }
+    p->zBuf = zNew;
+  }
+  p->nAlloc = nTotal;
+  return SQLITE_OK;
+}
+
+/* Append N bytes from zIn onto the end of the JsonString string.
+*/
+static void jsonAppendRaw(JsonString *p, const char *zIn, u32 N){
+  if( (N+p->nUsed >= p->nAlloc) && jsonGrow(p,N)!=0 ) return;
+  memcpy(p->zBuf+p->nUsed, zIn, N);
+  p->nUsed += N;
+}
+
+/* Append formatted text (not to exceed N bytes) to the JsonString.
+*/
+static void jsonPrintf(int N, JsonString *p, const char *zFormat, ...){
+  va_list ap;
+  if( (p->nUsed + N >= p->nAlloc) && jsonGrow(p, N) ) return;
+  va_start(ap, zFormat);
+  sqlite3_vsnprintf(N, p->zBuf+p->nUsed, zFormat, ap);
+  va_end(ap);
+  p->nUsed += (int)strlen(p->zBuf+p->nUsed);
+}
+
+/* Append a single character
+*/
+static void jsonAppendChar(JsonString *p, char c){
+  if( p->nUsed>=p->nAlloc && jsonGrow(p,1)!=0 ) return;
+  p->zBuf[p->nUsed++] = c;
+}
+
+/* Append a comma separator to the output buffer, if the previous
+** character is not '[' or '{'.
+*/
+static void jsonAppendSeparator(JsonString *p){
+  char c;
+  if( p->nUsed==0 ) return;
+  c = p->zBuf[p->nUsed-1];
+  if( c!='[' && c!='{' ) jsonAppendChar(p, ',');
+}
+
+/* Append the N-byte string in zIn to the end of the JsonString string
+** under construction.  Enclose the string in "..." and escape
+** any double-quotes or backslash characters contained within the
+** string.
+*/
+static void jsonAppendString(JsonString *p, const char *zIn, u32 N){
+  u32 i;
+  if( (N+p->nUsed+2 >= p->nAlloc) && jsonGrow(p,N+2)!=0 ) return;
+  p->zBuf[p->nUsed++] = '"';
+  for(i=0; i<N; i++){
+    char c = zIn[i];
+    if( c=='"' || c=='\\' ){
+      if( (p->nUsed+N+3-i > p->nAlloc) && jsonGrow(p,N+3-i)!=0 ) return;
+      p->zBuf[p->nUsed++] = '\\';
+    }
+    p->zBuf[p->nUsed++] = c;
+  }
+  p->zBuf[p->nUsed++] = '"';
+  assert( p->nUsed<p->nAlloc );
+}
+
+/*
+** Append a function parameter value to the JSON string under 
+** construction.
+*/
+static void jsonAppendValue(
+  JsonString *p,                 /* Append to this JSON string */
+  sqlite3_value *pValue          /* Value to append */
+){
+  switch( sqlite3_value_type(pValue) ){
+    case SQLITE_NULL: {
+      jsonAppendRaw(p, "null", 4);
+      break;
+    }
+    case SQLITE_INTEGER:
+    case SQLITE_FLOAT: {
+      const char *z = (const char*)sqlite3_value_text(pValue);
+      u32 n = (u32)sqlite3_value_bytes(pValue);
+      jsonAppendRaw(p, z, n);
+      break;
+    }
+    case SQLITE_TEXT: {
+      const char *z = (const char*)sqlite3_value_text(pValue);
+      u32 n = (u32)sqlite3_value_bytes(pValue);
+      if( sqlite3_value_subtype(pValue)==JSON_SUBTYPE ){
+        jsonAppendRaw(p, z, n);
+      }else{
+        jsonAppendString(p, z, n);
+      }
+      break;
+    }
+    default: {
+      if( p->bErr==0 ){
+        sqlite3_result_error(p->pCtx, "JSON cannot hold BLOB values", -1);
+        p->bErr = 1;
+        jsonReset(p);
+      }
+      break;
+    }
+  }
+}
+
+
+/* Make the JSON in p the result of the SQL function.
+*/
+static void jsonResult(JsonString *p){
+  if( p->bErr==0 ){
+    sqlite3_result_text64(p->pCtx, p->zBuf, p->nUsed, 
+                          p->bStatic ? SQLITE_TRANSIENT : sqlite3_free,
+                          SQLITE_UTF8);
+    jsonZero(p);
+  }
+  assert( p->bStatic );
+}
+
+/**************************************************************************
+** Utility routines for dealing with JsonNode and JsonParse objects
+**************************************************************************/
+
+/*
+** Return the number of consecutive JsonNode slots need to represent
+** the parsed JSON at pNode.  The minimum answer is 1.  For ARRAY and
+** OBJECT types, the number might be larger.
+**
+** Appended elements are not counted.  The value returned is the number
+** by which the JsonNode counter should increment in order to go to the
+** next peer value.
+*/
+static u32 jsonNodeSize(JsonNode *pNode){
+  return pNode->eType>=JSON_ARRAY ? pNode->n+1 : 1;
+}
+
+/*
+** Reclaim all memory allocated by a JsonParse object.  But do not
+** delete the JsonParse object itself.
+*/
+static void jsonParseReset(JsonParse *pParse){
+  sqlite3_free(pParse->aNode);
+  pParse->aNode = 0;
+  pParse->nNode = 0;
+  pParse->nAlloc = 0;
+  sqlite3_free(pParse->aUp);
+  pParse->aUp = 0;
+}
+
+/*
+** Convert the JsonNode pNode into a pure JSON string and
+** append to pOut.  Subsubstructure is also included.  Return
+** the number of JsonNode objects that are encoded.
+*/
+static void jsonRenderNode(
+  JsonNode *pNode,               /* The node to render */
+  JsonString *pOut,              /* Write JSON here */
+  sqlite3_value **aReplace       /* Replacement values */
+){
+  switch( pNode->eType ){
+    default: {
+      assert( pNode->eType==JSON_NULL );
+      jsonAppendRaw(pOut, "null", 4);
+      break;
+    }
+    case JSON_TRUE: {
+      jsonAppendRaw(pOut, "true", 4);
+      break;
+    }
+    case JSON_FALSE: {
+      jsonAppendRaw(pOut, "false", 5);
+      break;
+    }
+    case JSON_STRING: {
+      if( pNode->jnFlags & JNODE_RAW ){
+        jsonAppendString(pOut, pNode->u.zJContent, pNode->n);
+        break;
+      }
+      /* Fall through into the next case */
+    }
+    case JSON_REAL:
+    case JSON_INT: {
+      jsonAppendRaw(pOut, pNode->u.zJContent, pNode->n);
+      break;
+    }
+    case JSON_ARRAY: {
+      u32 j = 1;
+      jsonAppendChar(pOut, '[');
+      for(;;){
+        while( j<=pNode->n ){
+          if( pNode[j].jnFlags & (JNODE_REMOVE|JNODE_REPLACE) ){
+            if( pNode[j].jnFlags & JNODE_REPLACE ){
+              jsonAppendSeparator(pOut);
+              jsonAppendValue(pOut, aReplace[pNode[j].iVal]);
+            }
+          }else{
+            jsonAppendSeparator(pOut);
+            jsonRenderNode(&pNode[j], pOut, aReplace);
+          }
+          j += jsonNodeSize(&pNode[j]);
+        }
+        if( (pNode->jnFlags & JNODE_APPEND)==0 ) break;
+        pNode = &pNode[pNode->u.iAppend];
+        j = 1;
+      }
+      jsonAppendChar(pOut, ']');
+      break;
+    }
+    case JSON_OBJECT: {
+      u32 j = 1;
+      jsonAppendChar(pOut, '{');
+      for(;;){
+        while( j<=pNode->n ){
+          if( (pNode[j+1].jnFlags & JNODE_REMOVE)==0 ){
+            jsonAppendSeparator(pOut);
+            jsonRenderNode(&pNode[j], pOut, aReplace);
+            jsonAppendChar(pOut, ':');
+            if( pNode[j+1].jnFlags & JNODE_REPLACE ){
+              jsonAppendValue(pOut, aReplace[pNode[j+1].iVal]);
+            }else{
+              jsonRenderNode(&pNode[j+1], pOut, aReplace);
+            }
+          }
+          j += 1 + jsonNodeSize(&pNode[j+1]);
+        }
+        if( (pNode->jnFlags & JNODE_APPEND)==0 ) break;
+        pNode = &pNode[pNode->u.iAppend];
+        j = 1;
+      }
+      jsonAppendChar(pOut, '}');
+      break;
+    }
+  }
+}
+
+/*
+** Return a JsonNode and all its descendents as a JSON string.
+*/
+static void jsonReturnJson(
+  JsonNode *pNode,            /* Node to return */
+  sqlite3_context *pCtx,      /* Return value for this function */
+  sqlite3_value **aReplace    /* Array of replacement values */
+){
+  JsonString s;
+  jsonInit(&s, pCtx);
+  jsonRenderNode(pNode, &s, aReplace);
+  jsonResult(&s);
+  sqlite3_result_subtype(pCtx, JSON_SUBTYPE);
+}
+
+/*
+** Make the JsonNode the return value of the function.
+*/
+static void jsonReturn(
+  JsonNode *pNode,            /* Node to return */
+  sqlite3_context *pCtx,      /* Return value for this function */
+  sqlite3_value **aReplace    /* Array of replacement values */
+){
+  switch( pNode->eType ){
+    default: {
+      assert( pNode->eType==JSON_NULL );
+      sqlite3_result_null(pCtx);
+      break;
+    }
+    case JSON_TRUE: {
+      sqlite3_result_int(pCtx, 1);
+      break;
+    }
+    case JSON_FALSE: {
+      sqlite3_result_int(pCtx, 0);
+      break;
+    }
+    case JSON_INT: {
+      sqlite3_int64 i = 0;
+      const char *z = pNode->u.zJContent;
+      if( z[0]=='-' ){ z++; }
+      while( z[0]>='0' && z[0]<='9' ){
+        unsigned v = *(z++) - '0';
+        if( i>=LARGEST_INT64/10 ){
+          if( i>LARGEST_INT64/10 ) goto int_as_real;
+          if( z[0]>='0' && z[0]<='9' ) goto int_as_real;
+          if( v==9 ) goto int_as_real;
+          if( v==8 ){
+            if( pNode->u.zJContent[0]=='-' ){
+              sqlite3_result_int64(pCtx, SMALLEST_INT64);
+              goto int_done;
+            }else{
+              goto int_as_real;
+            }
+          }
+        }
+        i = i*10 + v;
+      }
+      if( pNode->u.zJContent[0]=='-' ){ i = -i; }
+      sqlite3_result_int64(pCtx, i);
+      int_done:
+      break;
+      int_as_real: /* fall through to real */;
+    }
+    case JSON_REAL: {
+      double r;
+#ifdef SQLITE_AMALGAMATION
+      const char *z = pNode->u.zJContent;
+      sqlite3AtoF(z, &r, sqlite3Strlen30(z), SQLITE_UTF8);
+#else
+      r = strtod(pNode->u.zJContent, 0);
+#endif
+      sqlite3_result_double(pCtx, r);
+      break;
+    }
+    case JSON_STRING: {
+#if 0 /* Never happens because JNODE_RAW is only set by json_set(),
+      ** json_insert() and json_replace() and those routines do not
+      ** call jsonReturn() */
+      if( pNode->jnFlags & JNODE_RAW ){
+        sqlite3_result_text(pCtx, pNode->u.zJContent, pNode->n,
+                            SQLITE_TRANSIENT);
+      }else 
+#endif
+      assert( (pNode->jnFlags & JNODE_RAW)==0 );
+      if( (pNode->jnFlags & JNODE_ESCAPE)==0 ){
+        /* JSON formatted without any backslash-escapes */
+        sqlite3_result_text(pCtx, pNode->u.zJContent+1, pNode->n-2,
+                            SQLITE_TRANSIENT);
+      }else{
+        /* Translate JSON formatted string into raw text */
+        u32 i;
+        u32 n = pNode->n;
+        const char *z = pNode->u.zJContent;
+        char *zOut;
+        u32 j;
+        zOut = sqlite3_malloc( n+1 );
+        if( zOut==0 ){
+          sqlite3_result_error_nomem(pCtx);
+          break;
+        }
+        for(i=1, j=0; i<n-1; i++){
+          char c = z[i];
+          if( c!='\\' ){
+            zOut[j++] = c;
+          }else{
+            c = z[++i];
+            if( c=='u' ){
+              u32 v = 0, k;
+              for(k=0; k<4 && i<n-2; i++, k++){
+                c = z[i+1];
+                if( c>='0' && c<='9' ) v = v*16 + c - '0';
+                else if( c>='A' && c<='F' ) v = v*16 + c - 'A' + 10;
+                else if( c>='a' && c<='f' ) v = v*16 + c - 'a' + 10;
+                else break;
+              }
+              if( v==0 ) break;
+              if( v<=0x7f ){
+                zOut[j++] = (char)v;
+              }else if( v<=0x7ff ){
+                zOut[j++] = (char)(0xc0 | (v>>6));
+                zOut[j++] = 0x80 | (v&0x3f);
+              }else{
+                zOut[j++] = (char)(0xe0 | (v>>12));
+                zOut[j++] = 0x80 | ((v>>6)&0x3f);
+                zOut[j++] = 0x80 | (v&0x3f);
+              }
+            }else{
+              if( c=='b' ){
+                c = '\b';
+              }else if( c=='f' ){
+                c = '\f';
+              }else if( c=='n' ){
+                c = '\n';
+              }else if( c=='r' ){
+                c = '\r';
+              }else if( c=='t' ){
+                c = '\t';
+              }
+              zOut[j++] = c;
+            }
+          }
+        }
+        zOut[j] = 0;
+        sqlite3_result_text(pCtx, zOut, j, sqlite3_free);
+      }
+      break;
+    }
+    case JSON_ARRAY:
+    case JSON_OBJECT: {
+      jsonReturnJson(pNode, pCtx, aReplace);
+      break;
+    }
+  }
+}
+
+/* Forward reference */
+static int jsonParseAddNode(JsonParse*,u32,u32,const char*);
+
+/*
+** A macro to hint to the compiler that a function should not be
+** inlined.
+*/
+#if defined(__GNUC__)
+#  define JSON_NOINLINE  __attribute__((noinline))
+#elif defined(_MSC_VER) && _MSC_VER>=1310
+#  define JSON_NOINLINE  __declspec(noinline)
+#else
+#  define JSON_NOINLINE
+#endif
+
+
+static JSON_NOINLINE int jsonParseAddNodeExpand(
+  JsonParse *pParse,        /* Append the node to this object */
+  u32 eType,                /* Node type */
+  u32 n,                    /* Content size or sub-node count */
+  const char *zContent      /* Content */
+){
+  u32 nNew;
+  JsonNode *pNew;
+  assert( pParse->nNode>=pParse->nAlloc );
+  if( pParse->oom ) return -1;
+  nNew = pParse->nAlloc*2 + 10;
+  pNew = sqlite3_realloc(pParse->aNode, sizeof(JsonNode)*nNew);
+  if( pNew==0 ){
+    pParse->oom = 1;
+    return -1;
+  }
+  pParse->nAlloc = nNew;
+  pParse->aNode = pNew;
+  assert( pParse->nNode<pParse->nAlloc );
+  return jsonParseAddNode(pParse, eType, n, zContent);
+}
+
+/*
+** Create a new JsonNode instance based on the arguments and append that
+** instance to the JsonParse.  Return the index in pParse->aNode[] of the
+** new node, or -1 if a memory allocation fails.
+*/
+static int jsonParseAddNode(
+  JsonParse *pParse,        /* Append the node to this object */
+  u32 eType,                /* Node type */
+  u32 n,                    /* Content size or sub-node count */
+  const char *zContent      /* Content */
+){
+  JsonNode *p;
+  if( pParse->nNode>=pParse->nAlloc ){
+    return jsonParseAddNodeExpand(pParse, eType, n, zContent);
+  }
+  p = &pParse->aNode[pParse->nNode];
+  p->eType = (u8)eType;
+  p->jnFlags = 0;
+  p->iVal = 0;
+  p->n = n;
+  p->u.zJContent = zContent;
+  return pParse->nNode++;
+}
+
+/*
+** Parse a single JSON value which begins at pParse->zJson[i].  Return the
+** index of the first character past the end of the value parsed.
+**
+** Return negative for a syntax error.  Special cases:  return -2 if the
+** first non-whitespace character is '}' and return -3 if the first
+** non-whitespace character is ']'.
+*/
+static int jsonParseValue(JsonParse *pParse, u32 i){
+  char c;
+  u32 j;
+  int iThis;
+  int x;
+  JsonNode *pNode;
+  while( safe_isspace(pParse->zJson[i]) ){ i++; }
+  if( (c = pParse->zJson[i])=='{' ){
+    /* Parse object */
+    iThis = jsonParseAddNode(pParse, JSON_OBJECT, 0, 0);
+    if( iThis<0 ) return -1;
+    for(j=i+1;;j++){
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
+      x = jsonParseValue(pParse, j);
+      if( x<0 ){
+        if( x==(-2) && pParse->nNode==(u32)iThis+1 ) return j+1;
+        return -1;
+      }
+      if( pParse->oom ) return -1;
+      pNode = &pParse->aNode[pParse->nNode-1];
+      if( pNode->eType!=JSON_STRING ) return -1;
+      pNode->jnFlags |= JNODE_LABEL;
+      j = x;
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
+      if( pParse->zJson[j]!=':' ) return -1;
+      j++;
+      x = jsonParseValue(pParse, j);
+      if( x<0 ) return -1;
+      j = x;
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
+      c = pParse->zJson[j];
+      if( c==',' ) continue;
+      if( c!='}' ) return -1;
+      break;
+    }
+    pParse->aNode[iThis].n = pParse->nNode - (u32)iThis - 1;
+    return j+1;
+  }else if( c=='[' ){
+    /* Parse array */
+    iThis = jsonParseAddNode(pParse, JSON_ARRAY, 0, 0);
+    if( iThis<0 ) return -1;
+    for(j=i+1;;j++){
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
+      x = jsonParseValue(pParse, j);
+      if( x<0 ){
+        if( x==(-3) && pParse->nNode==(u32)iThis+1 ) return j+1;
+        return -1;
+      }
+      j = x;
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
+      c = pParse->zJson[j];
+      if( c==',' ) continue;
+      if( c!=']' ) return -1;
+      break;
+    }
+    pParse->aNode[iThis].n = pParse->nNode - (u32)iThis - 1;
+    return j+1;
+  }else if( c=='"' ){
+    /* Parse string */
+    u8 jnFlags = 0;
+    j = i+1;
+    for(;;){
+      c = pParse->zJson[j];
+      if( c==0 ) return -1;
+      if( c=='\\' ){
+        c = pParse->zJson[++j];
+        if( c==0 ) return -1;
+        jnFlags = JNODE_ESCAPE;
+      }else if( c=='"' ){
+        break;
+      }
+      j++;
+    }
+    jsonParseAddNode(pParse, JSON_STRING, j+1-i, &pParse->zJson[i]);
+    if( !pParse->oom ) pParse->aNode[pParse->nNode-1].jnFlags = jnFlags;
+    return j+1;
+  }else if( c=='n'
+         && strncmp(pParse->zJson+i,"null",4)==0
+         && !safe_isalnum(pParse->zJson[i+4]) ){
+    jsonParseAddNode(pParse, JSON_NULL, 0, 0);
+    return i+4;
+  }else if( c=='t'
+         && strncmp(pParse->zJson+i,"true",4)==0
+         && !safe_isalnum(pParse->zJson[i+4]) ){
+    jsonParseAddNode(pParse, JSON_TRUE, 0, 0);
+    return i+4;
+  }else if( c=='f'
+         && strncmp(pParse->zJson+i,"false",5)==0
+         && !safe_isalnum(pParse->zJson[i+5]) ){
+    jsonParseAddNode(pParse, JSON_FALSE, 0, 0);
+    return i+5;
+  }else if( c=='-' || (c>='0' && c<='9') ){
+    /* Parse number */
+    u8 seenDP = 0;
+    u8 seenE = 0;
+    j = i+1;
+    for(;; j++){
+      c = pParse->zJson[j];
+      if( c>='0' && c<='9' ) continue;
+      if( c=='.' ){
+        if( pParse->zJson[j-1]=='-' ) return -1;
+        if( seenDP ) return -1;
+        seenDP = 1;
+        continue;
+      }
+      if( c=='e' || c=='E' ){
+        if( pParse->zJson[j-1]<'0' ) return -1;
+        if( seenE ) return -1;
+        seenDP = seenE = 1;
+        c = pParse->zJson[j+1];
+        if( c=='+' || c=='-' ){
+          j++;
+          c = pParse->zJson[j+1];
+        }
+        if( c<'0' || c>'9' ) return -1;
+        continue;
+      }
+      break;
+    }
+    if( pParse->zJson[j-1]<'0' ) return -1;
+    jsonParseAddNode(pParse, seenDP ? JSON_REAL : JSON_INT,
+                        j - i, &pParse->zJson[i]);
+    return j;
+  }else if( c=='}' ){
+    return -2;  /* End of {...} */
+  }else if( c==']' ){
+    return -3;  /* End of [...] */
+  }else if( c==0 ){
+    return 0;   /* End of file */
+  }else{
+    return -1;  /* Syntax error */
+  }
+}
+
+/*
+** Parse a complete JSON string.  Return 0 on success or non-zero if there
+** are any errors.  If an error occurs, free all memory associated with
+** pParse.
+**
+** pParse is uninitialized when this routine is called.
+*/
+static int jsonParse(
+  JsonParse *pParse,           /* Initialize and fill this JsonParse object */
+  sqlite3_context *pCtx,       /* Report errors here */
+  const char *zJson            /* Input JSON text to be parsed */
+){
+  int i;
+  memset(pParse, 0, sizeof(*pParse));
+  if( zJson==0 ) return 1;
+  pParse->zJson = zJson;
+  i = jsonParseValue(pParse, 0);
+  if( pParse->oom ) i = -1;
+  if( i>0 ){
+    while( safe_isspace(zJson[i]) ) i++;
+    if( zJson[i] ) i = -1;
+  }
+  if( i<=0 ){
+    if( pCtx!=0 ){
+      if( pParse->oom ){
+        sqlite3_result_error_nomem(pCtx);
+      }else{
+        sqlite3_result_error(pCtx, "malformed JSON", -1);
+      }
+    }
+    jsonParseReset(pParse);
+    return 1;
+  }
+  return 0;
+}
+
+/* Mark node i of pParse as being a child of iParent.  Call recursively
+** to fill in all the descendants of node i.
+*/
+static void jsonParseFillInParentage(JsonParse *pParse, u32 i, u32 iParent){
+  JsonNode *pNode = &pParse->aNode[i];
+  u32 j;
+  pParse->aUp[i] = iParent;
+  switch( pNode->eType ){
+    case JSON_ARRAY: {
+      for(j=1; j<=pNode->n; j += jsonNodeSize(pNode+j)){
+        jsonParseFillInParentage(pParse, i+j, i);
+      }
+      break;
+    }
+    case JSON_OBJECT: {
+      for(j=1; j<=pNode->n; j += jsonNodeSize(pNode+j+1)+1){
+        pParse->aUp[i+j] = i;
+        jsonParseFillInParentage(pParse, i+j+1, i);
+      }
+      break;
+    }
+    default: {
+      break;
+    }
+  }
+}
+
+/*
+** Compute the parentage of all nodes in a completed parse.
+*/
+static int jsonParseFindParents(JsonParse *pParse){
+  u32 *aUp;
+  assert( pParse->aUp==0 );
+  aUp = pParse->aUp = sqlite3_malloc( sizeof(u32)*pParse->nNode );
+  if( aUp==0 ){
+    pParse->oom = 1;
+    return SQLITE_NOMEM;
+  }
+  jsonParseFillInParentage(pParse, 0, 0);
+  return SQLITE_OK;
+}
+
+/*
+** Compare the OBJECT label at pNode against zKey,nKey.  Return true on
+** a match.
+*/
+static int jsonLabelCompare(JsonNode *pNode, const char *zKey, u32 nKey){
+  if( pNode->jnFlags & JNODE_RAW ){
+    if( pNode->n!=nKey ) return 0;
+    return strncmp(pNode->u.zJContent, zKey, nKey)==0;
+  }else{
+    if( pNode->n!=nKey+2 ) return 0;
+    return strncmp(pNode->u.zJContent+1, zKey, nKey)==0;
+  }
+}
+
+/* forward declaration */
+static JsonNode *jsonLookupAppend(JsonParse*,const char*,int*,const char**);
+
+/*
+** Search along zPath to find the node specified.  Return a pointer
+** to that node, or NULL if zPath is malformed or if there is no such
+** node.
+**
+** If pApnd!=0, then try to append new nodes to complete zPath if it is
+** possible to do so and if no existing node corresponds to zPath.  If
+** new nodes are appended *pApnd is set to 1.
+*/
+static JsonNode *jsonLookupStep(
+  JsonParse *pParse,      /* The JSON to search */
+  u32 iRoot,              /* Begin the search at this node */
+  const char *zPath,      /* The path to search */
+  int *pApnd,             /* Append nodes to complete path if not NULL */
+  const char **pzErr      /* Make *pzErr point to any syntax error in zPath */
+){
+  u32 i, j, nKey;
+  const char *zKey;
+  JsonNode *pRoot = &pParse->aNode[iRoot];
+  if( zPath[0]==0 ) return pRoot;
+  if( zPath[0]=='.' ){
+    if( pRoot->eType!=JSON_OBJECT ) return 0;
+    zPath++;
+    if( zPath[0]=='"' ){
+      zKey = zPath + 1;
+      for(i=1; zPath[i] && zPath[i]!='"'; i++){}
+      nKey = i-1;
+      if( zPath[i] ){
+        i++;
+      }else{
+        *pzErr = zPath;
+        return 0;
+      }
+    }else{
+      zKey = zPath;
+      for(i=0; zPath[i] && zPath[i]!='.' && zPath[i]!='['; i++){}
+      nKey = i;
+    }
+    if( nKey==0 ){
+      *pzErr = zPath;
+      return 0;
+    }
+    j = 1;
+    for(;;){
+      while( j<=pRoot->n ){
+        if( jsonLabelCompare(pRoot+j, zKey, nKey) ){
+          return jsonLookupStep(pParse, iRoot+j+1, &zPath[i], pApnd, pzErr);
+        }
+        j++;
+        j += jsonNodeSize(&pRoot[j]);
+      }
+      if( (pRoot->jnFlags & JNODE_APPEND)==0 ) break;
+      iRoot += pRoot->u.iAppend;
+      pRoot = &pParse->aNode[iRoot];
+      j = 1;
+    }
+    if( pApnd ){
+      u32 iStart, iLabel;
+      JsonNode *pNode;
+      iStart = jsonParseAddNode(pParse, JSON_OBJECT, 2, 0);
+      iLabel = jsonParseAddNode(pParse, JSON_STRING, i, zPath);
+      zPath += i;
+      pNode = jsonLookupAppend(pParse, zPath, pApnd, pzErr);
+      if( pParse->oom ) return 0;
+      if( pNode ){
+        pRoot = &pParse->aNode[iRoot];
+        pRoot->u.iAppend = iStart - iRoot;
+        pRoot->jnFlags |= JNODE_APPEND;
+        pParse->aNode[iLabel].jnFlags |= JNODE_RAW;
+      }
+      return pNode;
+    }
+  }else if( zPath[0]=='[' && safe_isdigit(zPath[1]) ){
+    if( pRoot->eType!=JSON_ARRAY ) return 0;
+    i = 0;
+    j = 1;
+    while( safe_isdigit(zPath[j]) ){
+      i = i*10 + zPath[j] - '0';
+      j++;
+    }
+    if( zPath[j]!=']' ){
+      *pzErr = zPath;
+      return 0;
+    }
+    zPath += j + 1;
+    j = 1;
+    for(;;){
+      while( j<=pRoot->n && (i>0 || (pRoot[j].jnFlags & JNODE_REMOVE)!=0) ){
+        if( (pRoot[j].jnFlags & JNODE_REMOVE)==0 ) i--;
+        j += jsonNodeSize(&pRoot[j]);
+      }
+      if( (pRoot->jnFlags & JNODE_APPEND)==0 ) break;
+      iRoot += pRoot->u.iAppend;
+      pRoot = &pParse->aNode[iRoot];
+      j = 1;
+    }
+    if( j<=pRoot->n ){
+      return jsonLookupStep(pParse, iRoot+j, zPath, pApnd, pzErr);
+    }
+    if( i==0 && pApnd ){
+      u32 iStart;
+      JsonNode *pNode;
+      iStart = jsonParseAddNode(pParse, JSON_ARRAY, 1, 0);
+      pNode = jsonLookupAppend(pParse, zPath, pApnd, pzErr);
+      if( pParse->oom ) return 0;
+      if( pNode ){
+        pRoot = &pParse->aNode[iRoot];
+        pRoot->u.iAppend = iStart - iRoot;
+        pRoot->jnFlags |= JNODE_APPEND;
+      }
+      return pNode;
+    }
+  }else{
+    *pzErr = zPath;
+  }
+  return 0;
+}
+
+/*
+** Append content to pParse that will complete zPath.  Return a pointer
+** to the inserted node, or return NULL if the append fails.
+*/
+static JsonNode *jsonLookupAppend(
+  JsonParse *pParse,     /* Append content to the JSON parse */
+  const char *zPath,     /* Description of content to append */
+  int *pApnd,            /* Set this flag to 1 */
+  const char **pzErr     /* Make this point to any syntax error */
+){
+  *pApnd = 1;
+  if( zPath[0]==0 ){
+    jsonParseAddNode(pParse, JSON_NULL, 0, 0);
+    return pParse->oom ? 0 : &pParse->aNode[pParse->nNode-1];
+  }
+  if( zPath[0]=='.' ){
+    jsonParseAddNode(pParse, JSON_OBJECT, 0, 0);
+  }else if( strncmp(zPath,"[0]",3)==0 ){
+    jsonParseAddNode(pParse, JSON_ARRAY, 0, 0);
+  }else{
+    return 0;
+  }
+  if( pParse->oom ) return 0;
+  return jsonLookupStep(pParse, pParse->nNode-1, zPath, pApnd, pzErr);
+}
+
+/*
+** Return the text of a syntax error message on a JSON path.  Space is
+** obtained from sqlite3_malloc().
+*/
+static char *jsonPathSyntaxError(const char *zErr){
+  return sqlite3_mprintf("JSON path error near '%q'", zErr);
+}
+
+/*
+** Do a node lookup using zPath.  Return a pointer to the node on success.
+** Return NULL if not found or if there is an error.
+**
+** On an error, write an error message into pCtx and increment the
+** pParse->nErr counter.
+**
+** If pApnd!=NULL then try to append missing nodes and set *pApnd = 1 if
+** nodes are appended.
+*/
+static JsonNode *jsonLookup(
+  JsonParse *pParse,      /* The JSON to search */
+  const char *zPath,      /* The path to search */
+  int *pApnd,             /* Append nodes to complete path if not NULL */
+  sqlite3_context *pCtx   /* Report errors here, if not NULL */
+){
+  const char *zErr = 0;
+  JsonNode *pNode = 0;
+  char *zMsg;
+
+  if( zPath==0 ) return 0;
+  if( zPath[0]!='$' ){
+    zErr = zPath;
+    goto lookup_err;
+  }
+  zPath++;
+  pNode = jsonLookupStep(pParse, 0, zPath, pApnd, &zErr);
+  if( zErr==0 ) return pNode;
+
+lookup_err:
+  pParse->nErr++;
+  assert( zErr!=0 && pCtx!=0 );
+  zMsg = jsonPathSyntaxError(zErr);
+  if( zMsg ){
+    sqlite3_result_error(pCtx, zMsg, -1);
+    sqlite3_free(zMsg);
+  }else{
+    sqlite3_result_error_nomem(pCtx);
+  }
+  return 0;
+}
+
+
+/*
+** Report the wrong number of arguments for json_insert(), json_replace()
+** or json_set().
+*/
+static void jsonWrongNumArgs(
+  sqlite3_context *pCtx,
+  const char *zFuncName
+){
+  char *zMsg = sqlite3_mprintf("json_%s() needs an odd number of arguments",
+                               zFuncName);
+  sqlite3_result_error(pCtx, zMsg, -1);
+  sqlite3_free(zMsg);     
+}
+
+
+/****************************************************************************
+** SQL functions used for testing and debugging
+****************************************************************************/
+
+#ifdef SQLITE_DEBUG
+/*
+** The json_parse(JSON) function returns a string which describes
+** a parse of the JSON provided.  Or it returns NULL if JSON is not
+** well-formed.
+*/
+static void jsonParseFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonString s;       /* Output string - not real JSON */
+  JsonParse x;        /* The parse */
+  u32 i;
+
+  assert( argc==1 );
+  if( jsonParse(&x, ctx, (const char*)sqlite3_value_text(argv[0])) ) return;
+  jsonParseFindParents(&x);
+  jsonInit(&s, ctx);
+  for(i=0; i<x.nNode; i++){
+    const char *zType;
+    if( x.aNode[i].jnFlags & JNODE_LABEL ){
+      assert( x.aNode[i].eType==JSON_STRING );
+      zType = "label";
+    }else{
+      zType = jsonType[x.aNode[i].eType];
+    }
+    jsonPrintf(100, &s,"node %3u: %7s n=%-4d up=%-4d",
+               i, zType, x.aNode[i].n, x.aUp[i]);
+    if( x.aNode[i].u.zJContent!=0 ){
+      jsonAppendRaw(&s, " ", 1);
+      jsonAppendRaw(&s, x.aNode[i].u.zJContent, x.aNode[i].n);
+    }
+    jsonAppendRaw(&s, "\n", 1);
+  }
+  jsonParseReset(&x);
+  jsonResult(&s);
+}
+
+/*
+** The json_test1(JSON) function return true (1) if the input is JSON
+** text generated by another json function.  It returns (0) if the input
+** is not known to be JSON.
+*/
+static void jsonTest1Func(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  UNUSED_PARAM(argc);
+  sqlite3_result_int(ctx, sqlite3_value_subtype(argv[0])==JSON_SUBTYPE);
+}
+#endif /* SQLITE_DEBUG */
+
+/****************************************************************************
+** Scalar SQL function implementations
+****************************************************************************/
+
+/*
+** Implementation of the json_array(VALUE,...) function.  Return a JSON
+** array that contains all values given in arguments.  Or if any argument
+** is a BLOB, throw an error.
+*/
+static void jsonArrayFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  int i;
+  JsonString jx;
+
+  jsonInit(&jx, ctx);
+  jsonAppendChar(&jx, '[');
+  for(i=0; i<argc; i++){
+    jsonAppendSeparator(&jx);
+    jsonAppendValue(&jx, argv[i]);
+  }
+  jsonAppendChar(&jx, ']');
+  jsonResult(&jx);
+  sqlite3_result_subtype(ctx, JSON_SUBTYPE);
+}
+
+
+/*
+** json_array_length(JSON)
+** json_array_length(JSON, PATH)
+**
+** Return the number of elements in the top-level JSON array.  
+** Return 0 if the input is not a well-formed JSON array.
+*/
+static void jsonArrayLengthFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonParse x;          /* The parse */
+  sqlite3_int64 n = 0;
+  u32 i;
+  JsonNode *pNode;
+
+  if( jsonParse(&x, ctx, (const char*)sqlite3_value_text(argv[0])) ) return;
+  assert( x.nNode );
+  if( argc==2 ){
+    const char *zPath = (const char*)sqlite3_value_text(argv[1]);
+    pNode = jsonLookup(&x, zPath, 0, ctx);
+  }else{
+    pNode = x.aNode;
+  }
+  if( pNode==0 ){
+    x.nErr = 1;
+  }else if( pNode->eType==JSON_ARRAY ){
+    assert( (pNode->jnFlags & JNODE_APPEND)==0 );
+    for(i=1; i<=pNode->n; n++){
+      i += jsonNodeSize(&pNode[i]);
+    }
+  }
+  if( x.nErr==0 ) sqlite3_result_int64(ctx, n);
+  jsonParseReset(&x);
+}
+
+/*
+** json_extract(JSON, PATH, ...)
+**
+** Return the element described by PATH.  Return NULL if there is no
+** PATH element.  If there are multiple PATHs, then return a JSON array
+** with the result from each path.  Throw an error if the JSON or any PATH
+** is malformed.
+*/
+static void jsonExtractFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonParse x;          /* The parse */
+  JsonNode *pNode;
+  const char *zPath;
+  JsonString jx;
+  int i;
+
+  if( argc<2 ) return;
+  if( jsonParse(&x, ctx, (const char*)sqlite3_value_text(argv[0])) ) return;
+  jsonInit(&jx, ctx);
+  jsonAppendChar(&jx, '[');
+  for(i=1; i<argc; i++){
+    zPath = (const char*)sqlite3_value_text(argv[i]);
+    pNode = jsonLookup(&x, zPath, 0, ctx);
+    if( x.nErr ) break;
+    if( argc>2 ){
+      jsonAppendSeparator(&jx);
+      if( pNode ){
+        jsonRenderNode(pNode, &jx, 0);
+      }else{
+        jsonAppendRaw(&jx, "null", 4);
+      }
+    }else if( pNode ){
+      jsonReturn(pNode, ctx, 0);
+    }
+  }
+  if( argc>2 && i==argc ){
+    jsonAppendChar(&jx, ']');
+    jsonResult(&jx);
+    sqlite3_result_subtype(ctx, JSON_SUBTYPE);
+  }
+  jsonReset(&jx);
+  jsonParseReset(&x);
+}
+
+/*
+** Implementation of the json_object(NAME,VALUE,...) function.  Return a JSON
+** object that contains all name/value given in arguments.  Or if any name
+** is not a string or if any value is a BLOB, throw an error.
+*/
+static void jsonObjectFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  int i;
+  JsonString jx;
+  const char *z;
+  u32 n;
+
+  if( argc&1 ){
+    sqlite3_result_error(ctx, "json_object() requires an even number "
+                                  "of arguments", -1);
+    return;
+  }
+  jsonInit(&jx, ctx);
+  jsonAppendChar(&jx, '{');
+  for(i=0; i<argc; i+=2){
+    if( sqlite3_value_type(argv[i])!=SQLITE_TEXT ){
+      sqlite3_result_error(ctx, "json_object() labels must be TEXT", -1);
+      jsonReset(&jx);
+      return;
+    }
+    jsonAppendSeparator(&jx);
+    z = (const char*)sqlite3_value_text(argv[i]);
+    n = (u32)sqlite3_value_bytes(argv[i]);
+    jsonAppendString(&jx, z, n);
+    jsonAppendChar(&jx, ':');
+    jsonAppendValue(&jx, argv[i+1]);
+  }
+  jsonAppendChar(&jx, '}');
+  jsonResult(&jx);
+  sqlite3_result_subtype(ctx, JSON_SUBTYPE);
+}
+
+
+/*
+** json_remove(JSON, PATH, ...)
+**
+** Remove the named elements from JSON and return the result.  malformed
+** JSON or PATH arguments result in an error.
+*/
+static void jsonRemoveFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonParse x;          /* The parse */
+  JsonNode *pNode;
+  const char *zPath;
+  u32 i;
+
+  if( argc<1 ) return;
+  if( jsonParse(&x, ctx, (const char*)sqlite3_value_text(argv[0])) ) return;
+  assert( x.nNode );
+  for(i=1; i<(u32)argc; i++){
+    zPath = (const char*)sqlite3_value_text(argv[i]);
+    if( zPath==0 ) goto remove_done;
+    pNode = jsonLookup(&x, zPath, 0, ctx);
+    if( x.nErr ) goto remove_done;
+    if( pNode ) pNode->jnFlags |= JNODE_REMOVE;
+  }
+  if( (x.aNode[0].jnFlags & JNODE_REMOVE)==0 ){
+    jsonReturnJson(x.aNode, ctx, 0);
+  }
+remove_done:
+  jsonParseReset(&x);
+}
+
+/*
+** json_replace(JSON, PATH, VALUE, ...)
+**
+** Replace the value at PATH with VALUE.  If PATH does not already exist,
+** this routine is a no-op.  If JSON or PATH is malformed, throw an error.
+*/
+static void jsonReplaceFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonParse x;          /* The parse */
+  JsonNode *pNode;
+  const char *zPath;
+  u32 i;
+
+  if( argc<1 ) return;
+  if( (argc&1)==0 ) {
+    jsonWrongNumArgs(ctx, "replace");
+    return;
+  }
+  if( jsonParse(&x, ctx, (const char*)sqlite3_value_text(argv[0])) ) return;
+  assert( x.nNode );
+  for(i=1; i<(u32)argc; i+=2){
+    zPath = (const char*)sqlite3_value_text(argv[i]);
+    pNode = jsonLookup(&x, zPath, 0, ctx);
+    if( x.nErr ) goto replace_err;
+    if( pNode ){
+      pNode->jnFlags |= (u8)JNODE_REPLACE;
+      pNode->iVal = (u8)(i+1);
+    }
+  }
+  if( x.aNode[0].jnFlags & JNODE_REPLACE ){
+    sqlite3_result_value(ctx, argv[x.aNode[0].iVal]);
+  }else{
+    jsonReturnJson(x.aNode, ctx, argv);
+  }
+replace_err:
+  jsonParseReset(&x);
+}
+
+/*
+** json_set(JSON, PATH, VALUE, ...)
+**
+** Set the value at PATH to VALUE.  Create the PATH if it does not already
+** exist.  Overwrite existing values that do exist.
+** If JSON or PATH is malformed, throw an error.
+**
+** json_insert(JSON, PATH, VALUE, ...)
+**
+** Create PATH and initialize it to VALUE.  If PATH already exists, this
+** routine is a no-op.  If JSON or PATH is malformed, throw an error.
+*/
+static void jsonSetFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonParse x;          /* The parse */
+  JsonNode *pNode;
+  const char *zPath;
+  u32 i;
+  int bApnd;
+  int bIsSet = *(int*)sqlite3_user_data(ctx);
+
+  if( argc<1 ) return;
+  if( (argc&1)==0 ) {
+    jsonWrongNumArgs(ctx, bIsSet ? "set" : "insert");
+    return;
+  }
+  if( jsonParse(&x, ctx, (const char*)sqlite3_value_text(argv[0])) ) return;
+  assert( x.nNode );
+  for(i=1; i<(u32)argc; i+=2){
+    zPath = (const char*)sqlite3_value_text(argv[i]);
+    bApnd = 0;
+    pNode = jsonLookup(&x, zPath, &bApnd, ctx);
+    if( x.oom ){
+      sqlite3_result_error_nomem(ctx);
+      goto jsonSetDone;
+    }else if( x.nErr ){
+      goto jsonSetDone;
+    }else if( pNode && (bApnd || bIsSet) ){
+      pNode->jnFlags |= (u8)JNODE_REPLACE;
+      pNode->iVal = (u8)(i+1);
+    }
+  }
+  if( x.aNode[0].jnFlags & JNODE_REPLACE ){
+    sqlite3_result_value(ctx, argv[x.aNode[0].iVal]);
+  }else{
+    jsonReturnJson(x.aNode, ctx, argv);
+  }
+jsonSetDone:
+  jsonParseReset(&x);
+}
+
+/*
+** json_type(JSON)
+** json_type(JSON, PATH)
+**
+** Return the top-level "type" of a JSON string.  Throw an error if
+** either the JSON or PATH inputs are not well-formed.
+*/
+static void jsonTypeFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonParse x;          /* The parse */
+  const char *zPath;
+  JsonNode *pNode;
+
+  if( jsonParse(&x, ctx, (const char*)sqlite3_value_text(argv[0])) ) return;
+  assert( x.nNode );
+  if( argc==2 ){
+    zPath = (const char*)sqlite3_value_text(argv[1]);
+    pNode = jsonLookup(&x, zPath, 0, ctx);
+  }else{
+    pNode = x.aNode;
+  }
+  if( pNode ){
+    sqlite3_result_text(ctx, jsonType[pNode->eType], -1, SQLITE_STATIC);
+  }
+  jsonParseReset(&x);
+}
+
+/*
+** json_valid(JSON)
+**
+** Return 1 if JSON is a well-formed JSON string according to RFC-7159.
+** Return 0 otherwise.
+*/
+static void jsonValidFunc(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonParse x;          /* The parse */
+  int rc = 0;
+
+  UNUSED_PARAM(argc);
+  if( jsonParse(&x, 0, (const char*)sqlite3_value_text(argv[0]))==0 ){
+    rc = 1;
+  }
+  jsonParseReset(&x);
+  sqlite3_result_int(ctx, rc);
+}
+
+
+/****************************************************************************
+** Aggregate SQL function implementations
+****************************************************************************/
+/*
+** json_group_array(VALUE)
+**
+** Return a JSON array composed of all values in the aggregate.
+*/
+static void jsonArrayStep(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonString *pStr;
+  pStr = (JsonString*)sqlite3_aggregate_context(ctx, sizeof(*pStr));
+  if( pStr ){
+    if( pStr->zBuf==0 ){
+      jsonInit(pStr, ctx);
+      jsonAppendChar(pStr, '[');
+    }else{
+      jsonAppendChar(pStr, ',');
+      pStr->pCtx = ctx;
+    }
+    jsonAppendValue(pStr, argv[0]);
+  }
+}
+static void jsonArrayFinal(sqlite3_context *ctx){
+  JsonString *pStr;
+  pStr = (JsonString*)sqlite3_aggregate_context(ctx, 0);
+  if( pStr ){
+    pStr->pCtx = ctx;
+    jsonAppendChar(pStr, ']');
+    if( pStr->bErr ){
+      sqlite3_result_error_nomem(ctx);
+      assert( pStr->bStatic );
+    }else{
+      sqlite3_result_text(ctx, pStr->zBuf, pStr->nUsed,
+                          pStr->bStatic ? SQLITE_TRANSIENT : sqlite3_free);
+      pStr->bStatic = 1;
+    }
+  }else{
+    sqlite3_result_text(ctx, "[]", 2, SQLITE_STATIC);
+  }
+  sqlite3_result_subtype(ctx, JSON_SUBTYPE);
+}
+
+/*
+** json_group_obj(NAME,VALUE)
+**
+** Return a JSON object composed of all names and values in the aggregate.
+*/
+static void jsonObjectStep(
+  sqlite3_context *ctx,
+  int argc,
+  sqlite3_value **argv
+){
+  JsonString *pStr;
+  const char *z;
+  u32 n;
+  pStr = (JsonString*)sqlite3_aggregate_context(ctx, sizeof(*pStr));
+  if( pStr ){
+    if( pStr->zBuf==0 ){
+      jsonInit(pStr, ctx);
+      jsonAppendChar(pStr, '{');
+    }else{
+      jsonAppendChar(pStr, ',');
+      pStr->pCtx = ctx;
+    }
+    z = (const char*)sqlite3_value_text(argv[0]);
+    n = (u32)sqlite3_value_bytes(argv[0]);
+    jsonAppendString(pStr, z, n);
+    jsonAppendChar(pStr, ':');
+    jsonAppendValue(pStr, argv[1]);
+  }
+}
+static void jsonObjectFinal(sqlite3_context *ctx){
+  JsonString *pStr;
+  pStr = (JsonString*)sqlite3_aggregate_context(ctx, 0);
+  if( pStr ){
+    jsonAppendChar(pStr, '}');
+    if( pStr->bErr ){
+      sqlite3_result_error_nomem(ctx);
+      assert( pStr->bStatic );
+    }else{
+      sqlite3_result_text(ctx, pStr->zBuf, pStr->nUsed,
+                          pStr->bStatic ? SQLITE_TRANSIENT : sqlite3_free);
+      pStr->bStatic = 1;
+    }
+  }else{
+    sqlite3_result_text(ctx, "{}", 2, SQLITE_STATIC);
+  }
+  sqlite3_result_subtype(ctx, JSON_SUBTYPE);
+}
+
+
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+/****************************************************************************
+** The json_each virtual table
+****************************************************************************/
+typedef struct JsonEachCursor JsonEachCursor;
+struct JsonEachCursor {
+  sqlite3_vtab_cursor base;  /* Base class - must be first */
+  u32 iRowid;                /* The rowid */
+  u32 iBegin;                /* The first node of the scan */
+  u32 i;                     /* Index in sParse.aNode[] of current row */
+  u32 iEnd;                  /* EOF when i equals or exceeds this value */
+  u8 eType;                  /* Type of top-level element */
+  u8 bRecursive;             /* True for json_tree().  False for json_each() */
+  char *zJson;               /* Input JSON */
+  char *zRoot;               /* Path by which to filter zJson */
+  JsonParse sParse;          /* Parse of the input JSON */
+};
+
+/* Constructor for the json_each virtual table */
+static int jsonEachConnect(
+  sqlite3 *db,
+  void *pAux,
+  int argc, const char *const*argv,
+  sqlite3_vtab **ppVtab,
+  char **pzErr
+){
+  sqlite3_vtab *pNew;
+  int rc;
+
+/* Column numbers */
+#define JEACH_KEY     0
+#define JEACH_VALUE   1
+#define JEACH_TYPE    2
+#define JEACH_ATOM    3
+#define JEACH_ID      4
+#define JEACH_PARENT  5
+#define JEACH_FULLKEY 6
+#define JEACH_PATH    7
+#define JEACH_JSON    8
+#define JEACH_ROOT    9
+
+  UNUSED_PARAM(pzErr);
+  UNUSED_PARAM(argv);
+  UNUSED_PARAM(argc);
+  UNUSED_PARAM(pAux);
+  rc = sqlite3_declare_vtab(db, 
+     "CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,"
+                    "json HIDDEN,root HIDDEN)");
+  if( rc==SQLITE_OK ){
+    pNew = *ppVtab = sqlite3_malloc( sizeof(*pNew) );
+    if( pNew==0 ) return SQLITE_NOMEM;
+    memset(pNew, 0, sizeof(*pNew));
+  }
+  return rc;
+}
+
+/* destructor for json_each virtual table */
+static int jsonEachDisconnect(sqlite3_vtab *pVtab){
+  sqlite3_free(pVtab);
+  return SQLITE_OK;
+}
+
+/* constructor for a JsonEachCursor object for json_each(). */
+static int jsonEachOpenEach(sqlite3_vtab *p, sqlite3_vtab_cursor **ppCursor){
+  JsonEachCursor *pCur;
+
+  UNUSED_PARAM(p);
+  pCur = sqlite3_malloc( sizeof(*pCur) );
+  if( pCur==0 ) return SQLITE_NOMEM;
+  memset(pCur, 0, sizeof(*pCur));
+  *ppCursor = &pCur->base;
+  return SQLITE_OK;
+}
+
+/* constructor for a JsonEachCursor object for json_tree(). */
+static int jsonEachOpenTree(sqlite3_vtab *p, sqlite3_vtab_cursor **ppCursor){
+  int rc = jsonEachOpenEach(p, ppCursor);
+  if( rc==SQLITE_OK ){
+    JsonEachCursor *pCur = (JsonEachCursor*)*ppCursor;
+    pCur->bRecursive = 1;
+  }
+  return rc;
+}
+
+/* Reset a JsonEachCursor back to its original state.  Free any memory
+** held. */
+static void jsonEachCursorReset(JsonEachCursor *p){
+  sqlite3_free(p->zJson);
+  sqlite3_free(p->zRoot);
+  jsonParseReset(&p->sParse);
+  p->iRowid = 0;
+  p->i = 0;
+  p->iEnd = 0;
+  p->eType = 0;
+  p->zJson = 0;
+  p->zRoot = 0;
+}
+
+/* Destructor for a jsonEachCursor object */
+static int jsonEachClose(sqlite3_vtab_cursor *cur){
+  JsonEachCursor *p = (JsonEachCursor*)cur;
+  jsonEachCursorReset(p);
+  sqlite3_free(cur);
+  return SQLITE_OK;
+}
+
+/* Return TRUE if the jsonEachCursor object has been advanced off the end
+** of the JSON object */
+static int jsonEachEof(sqlite3_vtab_cursor *cur){
+  JsonEachCursor *p = (JsonEachCursor*)cur;
+  return p->i >= p->iEnd;
+}
+
+/* Advance the cursor to the next element for json_tree() */
+static int jsonEachNext(sqlite3_vtab_cursor *cur){
+  JsonEachCursor *p = (JsonEachCursor*)cur;
+  if( p->bRecursive ){
+    if( p->sParse.aNode[p->i].jnFlags & JNODE_LABEL ) p->i++;
+    p->i++;
+    p->iRowid++;
+    if( p->i<p->iEnd ){
+      u32 iUp = p->sParse.aUp[p->i];
+      JsonNode *pUp = &p->sParse.aNode[iUp];
+      p->eType = pUp->eType;
+      if( pUp->eType==JSON_ARRAY ){
+        if( iUp==p->i-1 ){
+          pUp->u.iKey = 0;
+        }else{
+          pUp->u.iKey++;
+        }
+      }
+    }
+  }else{
+    switch( p->eType ){
+      case JSON_ARRAY: {
+        p->i += jsonNodeSize(&p->sParse.aNode[p->i]);
+        p->iRowid++;
+        break;
+      }
+      case JSON_OBJECT: {
+        p->i += 1 + jsonNodeSize(&p->sParse.aNode[p->i+1]);
+        p->iRowid++;
+        break;
+      }
+      default: {
+        p->i = p->iEnd;
+        break;
+      }
+    }
+  }
+  return SQLITE_OK;
+}
+
+/* Append the name of the path for element i to pStr
+*/
+static void jsonEachComputePath(
+  JsonEachCursor *p,       /* The cursor */
+  JsonString *pStr,        /* Write the path here */
+  u32 i                    /* Path to this element */
+){
+  JsonNode *pNode, *pUp;
+  u32 iUp;
+  if( i==0 ){
+    jsonAppendChar(pStr, '$');
+    return;
+  }
+  iUp = p->sParse.aUp[i];
+  jsonEachComputePath(p, pStr, iUp);
+  pNode = &p->sParse.aNode[i];
+  pUp = &p->sParse.aNode[iUp];
+  if( pUp->eType==JSON_ARRAY ){
+    jsonPrintf(30, pStr, "[%d]", pUp->u.iKey);
+  }else{
+    assert( pUp->eType==JSON_OBJECT );
+    if( (pNode->jnFlags & JNODE_LABEL)==0 ) pNode--;
+    assert( pNode->eType==JSON_STRING );
+    assert( pNode->jnFlags & JNODE_LABEL );
+    jsonPrintf(pNode->n+1, pStr, ".%.*s", pNode->n-2, pNode->u.zJContent+1);
+  }
+}
+
+/* Return the value of a column */
+static int jsonEachColumn(
+  sqlite3_vtab_cursor *cur,   /* The cursor */
+  sqlite3_context *ctx,       /* First argument to sqlite3_result_...() */
+  int i                       /* Which column to return */
+){
+  JsonEachCursor *p = (JsonEachCursor*)cur;
+  JsonNode *pThis = &p->sParse.aNode[p->i];
+  switch( i ){
+    case JEACH_KEY: {
+      if( p->i==0 ) break;
+      if( p->eType==JSON_OBJECT ){
+        jsonReturn(pThis, ctx, 0);
+      }else if( p->eType==JSON_ARRAY ){
+        u32 iKey;
+        if( p->bRecursive ){
+          if( p->iRowid==0 ) break;
+          iKey = p->sParse.aNode[p->sParse.aUp[p->i]].u.iKey;
+        }else{
+          iKey = p->iRowid;
+        }
+        sqlite3_result_int64(ctx, (sqlite3_int64)iKey);
+      }
+      break;
+    }
+    case JEACH_VALUE: {
+      if( pThis->jnFlags & JNODE_LABEL ) pThis++;
+      jsonReturn(pThis, ctx, 0);
+      break;
+    }
+    case JEACH_TYPE: {
+      if( pThis->jnFlags & JNODE_LABEL ) pThis++;
+      sqlite3_result_text(ctx, jsonType[pThis->eType], -1, SQLITE_STATIC);
+      break;
+    }
+    case JEACH_ATOM: {
+      if( pThis->jnFlags & JNODE_LABEL ) pThis++;
+      if( pThis->eType>=JSON_ARRAY ) break;
+      jsonReturn(pThis, ctx, 0);
+      break;
+    }
+    case JEACH_ID: {
+      sqlite3_result_int64(ctx, 
+         (sqlite3_int64)p->i + ((pThis->jnFlags & JNODE_LABEL)!=0));
+      break;
+    }
+    case JEACH_PARENT: {
+      if( p->i>p->iBegin && p->bRecursive ){
+        sqlite3_result_int64(ctx, (sqlite3_int64)p->sParse.aUp[p->i]);
+      }
+      break;
+    }
+    case JEACH_FULLKEY: {
+      JsonString x;
+      jsonInit(&x, ctx);
+      if( p->bRecursive ){
+        jsonEachComputePath(p, &x, p->i);
+      }else{
+        if( p->zRoot ){
+          jsonAppendRaw(&x, p->zRoot, (int)strlen(p->zRoot));
+        }else{
+          jsonAppendChar(&x, '$');
+        }
+        if( p->eType==JSON_ARRAY ){
+          jsonPrintf(30, &x, "[%d]", p->iRowid);
+        }else{
+          jsonPrintf(pThis->n, &x, ".%.*s", pThis->n-2, pThis->u.zJContent+1);
+        }
+      }
+      jsonResult(&x);
+      break;
+    }
+    case JEACH_PATH: {
+      if( p->bRecursive ){
+        JsonString x;
+        jsonInit(&x, ctx);
+        jsonEachComputePath(p, &x, p->sParse.aUp[p->i]);
+        jsonResult(&x);
+        break;
+      }
+      /* For json_each() path and root are the same so fall through
+      ** into the root case */
+    }
+    case JEACH_ROOT: {
+      const char *zRoot = p->zRoot;
+       if( zRoot==0 ) zRoot = "$";
+      sqlite3_result_text(ctx, zRoot, -1, SQLITE_STATIC);
+      break;
+    }
+    case JEACH_JSON: {
+      assert( i==JEACH_JSON );
+      sqlite3_result_text(ctx, p->sParse.zJson, -1, SQLITE_STATIC);
+      break;
+    }
+  }
+  return SQLITE_OK;
+}
+
+/* Return the current rowid value */
+static int jsonEachRowid(sqlite3_vtab_cursor *cur, sqlite_int64 *pRowid){
+  JsonEachCursor *p = (JsonEachCursor*)cur;
+  *pRowid = p->iRowid;
+  return SQLITE_OK;
+}
+
+/* The query strategy is to look for an equality constraint on the json
+** column.  Without such a constraint, the table cannot operate.  idxNum is
+** 1 if the constraint is found, 3 if the constraint and zRoot are found,
+** and 0 otherwise.
+*/
+static int jsonEachBestIndex(
+  sqlite3_vtab *tab,
+  sqlite3_index_info *pIdxInfo
+){
+  int i;
+  int jsonIdx = -1;
+  int rootIdx = -1;
+  const struct sqlite3_index_constraint *pConstraint;
+
+  UNUSED_PARAM(tab);
+  pConstraint = pIdxInfo->aConstraint;
+  for(i=0; i<pIdxInfo->nConstraint; i++, pConstraint++){
+    if( pConstraint->usable==0 ) continue;
+    if( pConstraint->op!=SQLITE_INDEX_CONSTRAINT_EQ ) continue;
+    switch( pConstraint->iColumn ){
+      case JEACH_JSON:   jsonIdx = i;    break;
+      case JEACH_ROOT:   rootIdx = i;    break;
+      default:           /* no-op */     break;
+    }
+  }
+  if( jsonIdx<0 ){
+    pIdxInfo->idxNum = 0;
+    pIdxInfo->estimatedCost = 1e99;
+  }else{
+    pIdxInfo->estimatedCost = 1.0;
+    pIdxInfo->aConstraintUsage[jsonIdx].argvIndex = 1;
+    pIdxInfo->aConstraintUsage[jsonIdx].omit = 1;
+    if( rootIdx<0 ){
+      pIdxInfo->idxNum = 1;
+    }else{
+      pIdxInfo->aConstraintUsage[rootIdx].argvIndex = 2;
+      pIdxInfo->aConstraintUsage[rootIdx].omit = 1;
+      pIdxInfo->idxNum = 3;
+    }
+  }
+  return SQLITE_OK;
+}
+
+/* Start a search on a new JSON string */
+static int jsonEachFilter(
+  sqlite3_vtab_cursor *cur,
+  int idxNum, const char *idxStr,
+  int argc, sqlite3_value **argv
+){
+  JsonEachCursor *p = (JsonEachCursor*)cur;
+  const char *z;
+  const char *zRoot = 0;
+  sqlite3_int64 n;
+
+  UNUSED_PARAM(idxStr);
+  UNUSED_PARAM(argc);
+  jsonEachCursorReset(p);
+  if( idxNum==0 ) return SQLITE_OK;
+  z = (const char*)sqlite3_value_text(argv[0]);
+  if( z==0 ) return SQLITE_OK;
+  n = sqlite3_value_bytes(argv[0]);
+  p->zJson = sqlite3_malloc64( n+1 );
+  if( p->zJson==0 ) return SQLITE_NOMEM;
+  memcpy(p->zJson, z, (size_t)n+1);
+  if( jsonParse(&p->sParse, 0, p->zJson) ){
+    int rc = SQLITE_NOMEM;
+    if( p->sParse.oom==0 ){
+      sqlite3_free(cur->pVtab->zErrMsg);
+      cur->pVtab->zErrMsg = sqlite3_mprintf("malformed JSON");
+      if( cur->pVtab->zErrMsg ) rc = SQLITE_ERROR;
+    }
+    jsonEachCursorReset(p);
+    return rc;
+  }else if( p->bRecursive && jsonParseFindParents(&p->sParse) ){
+    jsonEachCursorReset(p);
+    return SQLITE_NOMEM;
+  }else{
+    JsonNode *pNode = 0;
+    if( idxNum==3 ){
+      const char *zErr = 0;
+      zRoot = (const char*)sqlite3_value_text(argv[1]);
+      if( zRoot==0 ) return SQLITE_OK;
+      n = sqlite3_value_bytes(argv[1]);
+      p->zRoot = sqlite3_malloc64( n+1 );
+      if( p->zRoot==0 ) return SQLITE_NOMEM;
+      memcpy(p->zRoot, zRoot, (size_t)n+1);
+      if( zRoot[0]!='$' ){
+        zErr = zRoot;
+      }else{
+        pNode = jsonLookupStep(&p->sParse, 0, p->zRoot+1, 0, &zErr);
+      }
+      if( zErr ){
+        sqlite3_free(cur->pVtab->zErrMsg);
+        cur->pVtab->zErrMsg = jsonPathSyntaxError(zErr);
+        jsonEachCursorReset(p);
+        return cur->pVtab->zErrMsg ? SQLITE_ERROR : SQLITE_NOMEM;
+      }else if( pNode==0 ){
+        return SQLITE_OK;
+      }
+    }else{
+      pNode = p->sParse.aNode;
+    }
+    p->iBegin = p->i = (int)(pNode - p->sParse.aNode);
+    p->eType = pNode->eType;
+    if( p->eType>=JSON_ARRAY ){
+      pNode->u.iKey = 0;
+      p->iEnd = p->i + pNode->n + 1;
+      if( p->bRecursive ){
+        p->eType = p->sParse.aNode[p->sParse.aUp[p->i]].eType;
+        if( p->i>0 && (p->sParse.aNode[p->i-1].jnFlags & JNODE_LABEL)!=0 ){
+          p->i--;
+        }
+      }else{
+        p->i++;
+      }
+    }else{
+      p->iEnd = p->i+1;
+    }
+  }
+  return SQLITE_OK;
+}
+
+/* The methods of the json_each virtual table */
+static sqlite3_module jsonEachModule = {
+  0,                         /* iVersion */
+  0,                         /* xCreate */
+  jsonEachConnect,           /* xConnect */
+  jsonEachBestIndex,         /* xBestIndex */
+  jsonEachDisconnect,        /* xDisconnect */
+  0,                         /* xDestroy */
+  jsonEachOpenEach,          /* xOpen - open a cursor */
+  jsonEachClose,             /* xClose - close a cursor */
+  jsonEachFilter,            /* xFilter - configure scan constraints */
+  jsonEachNext,              /* xNext - advance a cursor */
+  jsonEachEof,               /* xEof - check for end of scan */
+  jsonEachColumn,            /* xColumn - read data */
+  jsonEachRowid,             /* xRowid - read data */
+  0,                         /* xUpdate */
+  0,                         /* xBegin */
+  0,                         /* xSync */
+  0,                         /* xCommit */
+  0,                         /* xRollback */
+  0,                         /* xFindMethod */
+  0,                         /* xRename */
+  0,                         /* xSavepoint */
+  0,                         /* xRelease */
+  0                          /* xRollbackTo */
+};
+
+/* The methods of the json_tree virtual table. */
+static sqlite3_module jsonTreeModule = {
+  0,                         /* iVersion */
+  0,                         /* xCreate */
+  jsonEachConnect,           /* xConnect */
+  jsonEachBestIndex,         /* xBestIndex */
+  jsonEachDisconnect,        /* xDisconnect */
+  0,                         /* xDestroy */
+  jsonEachOpenTree,          /* xOpen - open a cursor */
+  jsonEachClose,             /* xClose - close a cursor */
+  jsonEachFilter,            /* xFilter - configure scan constraints */
+  jsonEachNext,              /* xNext - advance a cursor */
+  jsonEachEof,               /* xEof - check for end of scan */
+  jsonEachColumn,            /* xColumn - read data */
+  jsonEachRowid,             /* xRowid - read data */
+  0,                         /* xUpdate */
+  0,                         /* xBegin */
+  0,                         /* xSync */
+  0,                         /* xCommit */
+  0,                         /* xRollback */
+  0,                         /* xFindMethod */
+  0,                         /* xRename */
+  0,                         /* xSavepoint */
+  0,                         /* xRelease */
+  0                          /* xRollbackTo */
+};
+#endif /* SQLITE_OMIT_VIRTUALTABLE */
+
+/****************************************************************************
+** The following routines are the only publically visible identifiers in this
+** file.  Call the following routines in order to register the various SQL
+** functions and the virtual table implemented by this file.
+****************************************************************************/
+
+SQLITE_PRIVATE int sqlite3Json1Init(sqlite3 *db){
+  int rc = SQLITE_OK;
+  unsigned int i;
+  static const struct {
+     const char *zName;
+     int nArg;
+     int flag;
+     void (*xFunc)(sqlite3_context*,int,sqlite3_value**);
+  } aFunc[] = {
+    { "json",                 1, 0,   jsonRemoveFunc        },
+    { "json_array",          -1, 0,   jsonArrayFunc         },
+    { "json_array_length",    1, 0,   jsonArrayLengthFunc   },
+    { "json_array_length",    2, 0,   jsonArrayLengthFunc   },
+    { "json_extract",        -1, 0,   jsonExtractFunc       },
+    { "json_insert",         -1, 0,   jsonSetFunc           },
+    { "json_object",         -1, 0,   jsonObjectFunc        },
+    { "json_remove",         -1, 0,   jsonRemoveFunc        },
+    { "json_replace",        -1, 0,   jsonReplaceFunc       },
+    { "json_set",            -1, 1,   jsonSetFunc           },
+    { "json_type",            1, 0,   jsonTypeFunc          },
+    { "json_type",            2, 0,   jsonTypeFunc          },
+    { "json_valid",           1, 0,   jsonValidFunc         },
+
+#if SQLITE_DEBUG
+    /* DEBUG and TESTING functions */
+    { "json_parse",           1, 0,   jsonParseFunc         },
+    { "json_test1",           1, 0,   jsonTest1Func         },
+#endif
+  };
+  static const struct {
+     const char *zName;
+     int nArg;
+     void (*xStep)(sqlite3_context*,int,sqlite3_value**);
+     void (*xFinal)(sqlite3_context*);
+  } aAgg[] = {
+    { "json_group_array",     1,   jsonArrayStep,   jsonArrayFinal  },
+    { "json_group_object",    2,   jsonObjectStep,  jsonObjectFinal },
+  };
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  static const struct {
+     const char *zName;
+     sqlite3_module *pModule;
+  } aMod[] = {
+    { "json_each",            &jsonEachModule               },
+    { "json_tree",            &jsonTreeModule               },
+  };
+#endif
+  for(i=0; i<sizeof(aFunc)/sizeof(aFunc[0]) && rc==SQLITE_OK; i++){
+    rc = sqlite3_create_function(db, aFunc[i].zName, aFunc[i].nArg,
+                                 SQLITE_UTF8 | SQLITE_DETERMINISTIC, 
+                                 (void*)&aFunc[i].flag,
+                                 aFunc[i].xFunc, 0, 0);
+  }
+  for(i=0; i<sizeof(aAgg)/sizeof(aAgg[0]) && rc==SQLITE_OK; i++){
+    rc = sqlite3_create_function(db, aAgg[i].zName, aAgg[i].nArg,
+                                 SQLITE_UTF8 | SQLITE_DETERMINISTIC, 0,
+                                 0, aAgg[i].xStep, aAgg[i].xFinal);
+  }
+#ifndef SQLITE_OMIT_VIRTUALTABLE
+  for(i=0; i<sizeof(aMod)/sizeof(aMod[0]) && rc==SQLITE_OK; i++){
+    rc = sqlite3_create_module(db, aMod[i].zName, aMod[i].pModule, 0);
+  }
+#endif
+  return rc;
+}
+
+
+#ifndef SQLITE_CORE
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+SQLITE_API int SQLITE_STDCALL sqlite3_json_init(
+  sqlite3 *db, 
+  char **pzErrMsg, 
+  const sqlite3_api_routines *pApi
+){
+  SQLITE_EXTENSION_INIT2(pApi);
+  (void)pzErrMsg;  /* Unused parameter */
+  return sqlite3Json1Init(db);
+}
+#endif
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_JSON1) */
+
+/************** End of json1.c ***********************************************/
+/************** Begin file fts5.c ********************************************/
+
+
+#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS5) 
+
+#if !defined(NDEBUG) && !defined(SQLITE_DEBUG) 
+# define NDEBUG 1
+#endif
+#if defined(NDEBUG) && defined(SQLITE_DEBUG)
+# undef NDEBUG
+#endif
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** Interfaces to extend FTS5. Using the interfaces defined in this file, 
+** FTS5 may be extended with:
+**
+**     * custom tokenizers, and
+**     * custom auxiliary functions.
+*/
+
+
+#ifndef _FTS5_H
+#define _FTS5_H
+
+/* #include "sqlite3.h" */
+
+#if 0
+extern "C" {
+#endif
+
+/*************************************************************************
+** CUSTOM AUXILIARY FUNCTIONS
+**
+** Virtual table implementations may overload SQL functions by implementing
+** the sqlite3_module.xFindFunction() method.
+*/
+
+typedef struct Fts5ExtensionApi Fts5ExtensionApi;
+typedef struct Fts5Context Fts5Context;
+typedef struct Fts5PhraseIter Fts5PhraseIter;
+
+typedef void (*fts5_extension_function)(
+  const Fts5ExtensionApi *pApi,   /* API offered by current FTS version */
+  Fts5Context *pFts,              /* First arg to pass to pApi functions */
+  sqlite3_context *pCtx,          /* Context for returning result/error */
+  int nVal,                       /* Number of values in apVal[] array */
+  sqlite3_value **apVal           /* Array of trailing arguments */
+);
+
+struct Fts5PhraseIter {
+  const unsigned char *a;
+  const unsigned char *b;
+};
+
+/*
+** EXTENSION API FUNCTIONS
+**
+** xUserData(pFts):
+**   Return a copy of the context pointer the extension function was 
+**   registered with.
+**
+** xColumnTotalSize(pFts, iCol, pnToken):
+**   If parameter iCol is less than zero, set output variable *pnToken
+**   to the total number of tokens in the FTS5 table. Or, if iCol is
+**   non-negative but less than the number of columns in the table, return
+**   the total number of tokens in column iCol, considering all rows in 
+**   the FTS5 table.
+**
+**   If parameter iCol is greater than or equal to the number of columns
+**   in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g.
+**   an OOM condition or IO error), an appropriate SQLite error code is 
+**   returned.
+**
+** xColumnCount(pFts):
+**   Return the number of columns in the table.
+**
+** xColumnSize(pFts, iCol, pnToken):
+**   If parameter iCol is less than zero, set output variable *pnToken
+**   to the total number of tokens in the current row. Or, if iCol is
+**   non-negative but less than the number of columns in the table, set
+**   *pnToken to the number of tokens in column iCol of the current row.
+**
+**   If parameter iCol is greater than or equal to the number of columns
+**   in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g.
+**   an OOM condition or IO error), an appropriate SQLite error code is 
+**   returned.
+**
+** xColumnText:
+**   This function attempts to retrieve the text of column iCol of the
+**   current document. If successful, (*pz) is set to point to a buffer
+**   containing the text in utf-8 encoding, (*pn) is set to the size in bytes
+**   (not characters) of the buffer and SQLITE_OK is returned. Otherwise,
+**   if an error occurs, an SQLite error code is returned and the final values
+**   of (*pz) and (*pn) are undefined.
+**
+** xPhraseCount:
+**   Returns the number of phrases in the current query expression.
+**
+** xPhraseSize:
+**   Returns the number of tokens in phrase iPhrase of the query. Phrases
+**   are numbered starting from zero.
+**
+** xInstCount:
+**   Set *pnInst to the total number of occurrences of all phrases within
+**   the query within the current row. Return SQLITE_OK if successful, or
+**   an error code (i.e. SQLITE_NOMEM) if an error occurs.
+**
+** xInst:
+**   Query for the details of phrase match iIdx within the current row.
+**   Phrase matches are numbered starting from zero, so the iIdx argument
+**   should be greater than or equal to zero and smaller than the value
+**   output by xInstCount().
+**
+**   Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) 
+**   if an error occurs.
+**
+** xRowid:
+**   Returns the rowid of the current row.
+**
+** xTokenize:
+**   Tokenize text using the tokenizer belonging to the FTS5 table.
+**
+** xQueryPhrase(pFts5, iPhrase, pUserData, xCallback):
+**   This API function is used to query the FTS table for phrase iPhrase
+**   of the current query. Specifically, a query equivalent to:
+**
+**       ... FROM ftstable WHERE ftstable MATCH $p ORDER BY rowid
+**
+**   with $p set to a phrase equivalent to the phrase iPhrase of the
+**   current query is executed. For each row visited, the callback function
+**   passed as the fourth argument is invoked. The context and API objects 
+**   passed to the callback function may be used to access the properties of
+**   each matched row. Invoking Api.xUserData() returns a copy of the pointer
+**   passed as the third argument to pUserData.
+**
+**   If the callback function returns any value other than SQLITE_OK, the
+**   query is abandoned and the xQueryPhrase function returns immediately.
+**   If the returned value is SQLITE_DONE, xQueryPhrase returns SQLITE_OK.
+**   Otherwise, the error code is propagated upwards.
+**
+**   If the query runs to completion without incident, SQLITE_OK is returned.
+**   Or, if some error occurs before the query completes or is aborted by
+**   the callback, an SQLite error code is returned.
+**
+**
+** xSetAuxdata(pFts5, pAux, xDelete)
+**
+**   Save the pointer passed as the second argument as the extension functions 
+**   "auxiliary data". The pointer may then be retrieved by the current or any
+**   future invocation of the same fts5 extension function made as part of
+**   of the same MATCH query using the xGetAuxdata() API.
+**
+**   Each extension function is allocated a single auxiliary data slot for
+**   each FTS query (MATCH expression). If the extension function is invoked 
+**   more than once for a single FTS query, then all invocations share a 
+**   single auxiliary data context.
+**
+**   If there is already an auxiliary data pointer when this function is
+**   invoked, then it is replaced by the new pointer. If an xDelete callback
+**   was specified along with the original pointer, it is invoked at this
+**   point.
+**
+**   The xDelete callback, if one is specified, is also invoked on the
+**   auxiliary data pointer after the FTS5 query has finished.
+**
+**   If an error (e.g. an OOM condition) occurs within this function, an
+**   the auxiliary data is set to NULL and an error code returned. If the
+**   xDelete parameter was not NULL, it is invoked on the auxiliary data
+**   pointer before returning.
+**
+**
+** xGetAuxdata(pFts5, bClear)
+**
+**   Returns the current auxiliary data pointer for the fts5 extension 
+**   function. See the xSetAuxdata() method for details.
+**
+**   If the bClear argument is non-zero, then the auxiliary data is cleared
+**   (set to NULL) before this function returns. In this case the xDelete,
+**   if any, is not invoked.
+**
+**
+** xRowCount(pFts5, pnRow)
+**
+**   This function is used to retrieve the total number of rows in the table.
+**   In other words, the same value that would be returned by:
+**
+**        SELECT count(*) FROM ftstable;
+**
+** xPhraseFirst()
+**   This function is used, along with type Fts5PhraseIter and the xPhraseNext
+**   method, to iterate through all instances of a single query phrase within
+**   the current row. This is the same information as is accessible via the
+**   xInstCount/xInst APIs. While the xInstCount/xInst APIs are more convenient
+**   to use, this API may be faster under some circumstances. To iterate 
+**   through instances of phrase iPhrase, use the following code:
+**
+**       Fts5PhraseIter iter;
+**       int iCol, iOff;
+**       for(pApi->xPhraseFirst(pFts, iPhrase, &iter, &iCol, &iOff);
+**           iOff>=0;
+**           pApi->xPhraseNext(pFts, &iter, &iCol, &iOff)
+**       ){
+**         // An instance of phrase iPhrase at offset iOff of column iCol
+**       }
+**
+**   The Fts5PhraseIter structure is defined above. Applications should not
+**   modify this structure directly - it should only be used as shown above
+**   with the xPhraseFirst() and xPhraseNext() API methods.
+**
+** xPhraseNext()
+**   See xPhraseFirst above.
+*/
+struct Fts5ExtensionApi {
+  int iVersion;                   /* Currently always set to 1 */
+
+  void *(*xUserData)(Fts5Context*);
+
+  int (*xColumnCount)(Fts5Context*);
+  int (*xRowCount)(Fts5Context*, sqlite3_int64 *pnRow);
+  int (*xColumnTotalSize)(Fts5Context*, int iCol, sqlite3_int64 *pnToken);
+
+  int (*xTokenize)(Fts5Context*, 
+    const char *pText, int nText, /* Text to tokenize */
+    void *pCtx,                   /* Context passed to xToken() */
+    int (*xToken)(void*, int, const char*, int, int, int)       /* Callback */
+  );
+
+  int (*xPhraseCount)(Fts5Context*);
+  int (*xPhraseSize)(Fts5Context*, int iPhrase);
+
+  int (*xInstCount)(Fts5Context*, int *pnInst);
+  int (*xInst)(Fts5Context*, int iIdx, int *piPhrase, int *piCol, int *piOff);
+
+  sqlite3_int64 (*xRowid)(Fts5Context*);
+  int (*xColumnText)(Fts5Context*, int iCol, const char **pz, int *pn);
+  int (*xColumnSize)(Fts5Context*, int iCol, int *pnToken);
+
+  int (*xQueryPhrase)(Fts5Context*, int iPhrase, void *pUserData,
+    int(*)(const Fts5ExtensionApi*,Fts5Context*,void*)
+  );
+  int (*xSetAuxdata)(Fts5Context*, void *pAux, void(*xDelete)(void*));
+  void *(*xGetAuxdata)(Fts5Context*, int bClear);
+
+  void (*xPhraseFirst)(Fts5Context*, int iPhrase, Fts5PhraseIter*, int*, int*);
+  void (*xPhraseNext)(Fts5Context*, Fts5PhraseIter*, int *piCol, int *piOff);
+};
+
+/* 
+** CUSTOM AUXILIARY FUNCTIONS
+*************************************************************************/
+
+/*************************************************************************
+** CUSTOM TOKENIZERS
+**
+** Applications may also register custom tokenizer types. A tokenizer 
+** is registered by providing fts5 with a populated instance of the 
+** following structure. All structure methods must be defined, setting
+** any member of the fts5_tokenizer struct to NULL leads to undefined
+** behaviour. The structure methods are expected to function as follows:
+**
+** xCreate:
+**   This function is used to allocate and inititalize a tokenizer instance.
+**   A tokenizer instance is required to actually tokenize text.
+**
+**   The first argument passed to this function is a copy of the (void*)
+**   pointer provided by the application when the fts5_tokenizer object
+**   was registered with FTS5 (the third argument to xCreateTokenizer()). 
+**   The second and third arguments are an array of nul-terminated strings
+**   containing the tokenizer arguments, if any, specified following the
+**   tokenizer name as part of the CREATE VIRTUAL TABLE statement used
+**   to create the FTS5 table.
+**
+**   The final argument is an output variable. If successful, (*ppOut) 
+**   should be set to point to the new tokenizer handle and SQLITE_OK
+**   returned. If an error occurs, some value other than SQLITE_OK should
+**   be returned. In this case, fts5 assumes that the final value of *ppOut 
+**   is undefined.
+**
+** xDelete:
+**   This function is invoked to delete a tokenizer handle previously
+**   allocated using xCreate(). Fts5 guarantees that this function will
+**   be invoked exactly once for each successful call to xCreate().
+**
+** xTokenize:
+**   This function is expected to tokenize the nText byte string indicated 
+**   by argument pText. pText may or may not be nul-terminated. The first
+**   argument passed to this function is a pointer to an Fts5Tokenizer object
+**   returned by an earlier call to xCreate().
+**
+**   The second argument indicates the reason that FTS5 is requesting
+**   tokenization of the supplied text. This is always one of the following
+**   four values:
+**
+**   <ul><li> <b>FTS5_TOKENIZE_DOCUMENT</b> - A document is being inserted into
+**            or removed from the FTS table. The tokenizer is being invoked to
+**            determine the set of tokens to add to (or delete from) the
+**            FTS index.
+**
+**       <li> <b>FTS5_TOKENIZE_QUERY</b> - A MATCH query is being executed 
+**            against the FTS index. The tokenizer is being called to tokenize 
+**            a bareword or quoted string specified as part of the query.
+**
+**       <li> <b>(FTS5_TOKENIZE_QUERY | FTS5_TOKENIZE_PREFIX)</b> - Same as
+**            FTS5_TOKENIZE_QUERY, except that the bareword or quoted string is
+**            followed by a "*" character, indicating that the last token
+**            returned by the tokenizer will be treated as a token prefix.
+**
+**       <li> <b>FTS5_TOKENIZE_AUX</b> - The tokenizer is being invoked to 
+**            satisfy an fts5_api.xTokenize() request made by an auxiliary
+**            function. Or an fts5_api.xColumnSize() request made by the same
+**            on a columnsize=0 database.  
+**   </ul>
+**
+**   For each token in the input string, the supplied callback xToken() must
+**   be invoked. The first argument to it should be a copy of the pointer
+**   passed as the second argument to xTokenize(). The third and fourth
+**   arguments are a pointer to a buffer containing the token text, and the
+**   size of the token in bytes. The 4th and 5th arguments are the byte offsets
+**   of the first byte of and first byte immediately following the text from
+**   which the token is derived within the input.
+**
+**   The second argument passed to the xToken() callback ("tflags") should
+**   normally be set to 0. The exception is if the tokenizer supports 
+**   synonyms. In this case see the discussion below for details.
+**
+**   FTS5 assumes the xToken() callback is invoked for each token in the 
+**   order that they occur within the input text.
+**
+**   If an xToken() callback returns any value other than SQLITE_OK, then
+**   the tokenization should be abandoned and the xTokenize() method should
+**   immediately return a copy of the xToken() return value. Or, if the
+**   input buffer is exhausted, xTokenize() should return SQLITE_OK. Finally,
+**   if an error occurs with the xTokenize() implementation itself, it
+**   may abandon the tokenization and return any error code other than
+**   SQLITE_OK or SQLITE_DONE.
+**
+** SYNONYM SUPPORT
+**
+**   Custom tokenizers may also support synonyms. Consider a case in which a
+**   user wishes to query for a phrase such as "first place". Using the 
+**   built-in tokenizers, the FTS5 query 'first + place' will match instances
+**   of "first place" within the document set, but not alternative forms
+**   such as "1st place". In some applications, it would be better to match
+**   all instances of "first place" or "1st place" regardless of which form
+**   the user specified in the MATCH query text.
+**
+**   There are several ways to approach this in FTS5:
+**
+**   <ol><li> By mapping all synonyms to a single token. In this case, the 
+**            In the above example, this means that the tokenizer returns the
+**            same token for inputs "first" and "1st". Say that token is in
+**            fact "first", so that when the user inserts the document "I won
+**            1st place" entries are added to the index for tokens "i", "won",
+**            "first" and "place". If the user then queries for '1st + place',
+**            the tokenizer substitutes "first" for "1st" and the query works
+**            as expected.
+**
+**       <li> By adding multiple synonyms for a single term to the FTS index.
+**            In this case, when tokenizing query text, the tokenizer may 
+**            provide multiple synonyms for a single term within the document.
+**            FTS5 then queries the index for each synonym individually. For
+**            example, faced with the query:
+**
+**   <codeblock>
+**     ... MATCH 'first place'</codeblock>
+**
+**            the tokenizer offers both "1st" and "first" as synonyms for the
+**            first token in the MATCH query and FTS5 effectively runs a query 
+**            similar to:
+**
+**   <codeblock>
+**     ... MATCH '(first OR 1st) place'</codeblock>
+**
+**            except that, for the purposes of auxiliary functions, the query
+**            still appears to contain just two phrases - "(first OR 1st)" 
+**            being treated as a single phrase.
+**
+**       <li> By adding multiple synonyms for a single term to the FTS index.
+**            Using this method, when tokenizing document text, the tokenizer
+**            provides multiple synonyms for each token. So that when a 
+**            document such as "I won first place" is tokenized, entries are
+**            added to the FTS index for "i", "won", "first", "1st" and
+**            "place".
+**
+**            This way, even if the tokenizer does not provide synonyms
+**            when tokenizing query text (it should not - to do would be
+**            inefficient), it doesn't matter if the user queries for 
+**            'first + place' or '1st + place', as there are entires in the
+**            FTS index corresponding to both forms of the first token.
+**   </ol>
+**
+**   Whether it is parsing document or query text, any call to xToken that
+**   specifies a <i>tflags</i> argument with the FTS5_TOKEN_COLOCATED bit
+**   is considered to supply a synonym for the previous token. For example,
+**   when parsing the document "I won first place", a tokenizer that supports
+**   synonyms would call xToken() 5 times, as follows:
+**
+**   <codeblock>
+**       xToken(pCtx, 0, "i",                      1,  0,  1);
+**       xToken(pCtx, 0, "won",                    3,  2,  5);
+**       xToken(pCtx, 0, "first",                  5,  6, 11);
+**       xToken(pCtx, FTS5_TOKEN_COLOCATED, "1st", 3,  6, 11);
+**       xToken(pCtx, 0, "place",                  5, 12, 17);
+**</codeblock>
+**
+**   It is an error to specify the FTS5_TOKEN_COLOCATED flag the first time
+**   xToken() is called. Multiple synonyms may be specified for a single token
+**   by making multiple calls to xToken(FTS5_TOKEN_COLOCATED) in sequence. 
+**   There is no limit to the number of synonyms that may be provided for a
+**   single token.
+**
+**   In many cases, method (1) above is the best approach. It does not add 
+**   extra data to the FTS index or require FTS5 to query for multiple terms,
+**   so it is efficient in terms of disk space and query speed. However, it
+**   does not support prefix queries very well. If, as suggested above, the
+**   token "first" is subsituted for "1st" by the tokenizer, then the query:
+**
+**   <codeblock>
+**     ... MATCH '1s*'</codeblock>
+**
+**   will not match documents that contain the token "1st" (as the tokenizer
+**   will probably not map "1s" to any prefix of "first").
+**
+**   For full prefix support, method (3) may be preferred. In this case, 
+**   because the index contains entries for both "first" and "1st", prefix
+**   queries such as 'fi*' or '1s*' will match correctly. However, because
+**   extra entries are added to the FTS index, this method uses more space
+**   within the database.
+**
+**   Method (2) offers a midpoint between (1) and (3). Using this method,
+**   a query such as '1s*' will match documents that contain the literal 
+**   token "1st", but not "first" (assuming the tokenizer is not able to
+**   provide synonyms for prefixes). However, a non-prefix query like '1st'
+**   will match against "1st" and "first". This method does not require
+**   extra disk space, as no extra entries are added to the FTS index. 
+**   On the other hand, it may require more CPU cycles to run MATCH queries,
+**   as separate queries of the FTS index are required for each synonym.
+**
+**   When using methods (2) or (3), it is important that the tokenizer only
+**   provide synonyms when tokenizing document text (method (2)) or query
+**   text (method (3)), not both. Doing so will not cause any errors, but is
+**   inefficient.
+*/
+typedef struct Fts5Tokenizer Fts5Tokenizer;
+typedef struct fts5_tokenizer fts5_tokenizer;
+struct fts5_tokenizer {
+  int (*xCreate)(void*, const char **azArg, int nArg, Fts5Tokenizer **ppOut);
+  void (*xDelete)(Fts5Tokenizer*);
+  int (*xTokenize)(Fts5Tokenizer*, 
+      void *pCtx,
+      int flags,            /* Mask of FTS5_TOKENIZE_* flags */
+      const char *pText, int nText, 
+      int (*xToken)(
+        void *pCtx,         /* Copy of 2nd argument to xTokenize() */
+        int tflags,         /* Mask of FTS5_TOKEN_* flags */
+        const char *pToken, /* Pointer to buffer containing token */
+        int nToken,         /* Size of token in bytes */
+        int iStart,         /* Byte offset of token within input text */
+        int iEnd            /* Byte offset of end of token within input text */
+      )
+  );
+};
+
+/* Flags that may be passed as the third argument to xTokenize() */
+#define FTS5_TOKENIZE_QUERY     0x0001
+#define FTS5_TOKENIZE_PREFIX    0x0002
+#define FTS5_TOKENIZE_DOCUMENT  0x0004
+#define FTS5_TOKENIZE_AUX       0x0008
+
+/* Flags that may be passed by the tokenizer implementation back to FTS5
+** as the third argument to the supplied xToken callback. */
+#define FTS5_TOKEN_COLOCATED    0x0001      /* Same position as prev. token */
+
+/*
+** END OF CUSTOM TOKENIZERS
+*************************************************************************/
+
+/*************************************************************************
+** FTS5 EXTENSION REGISTRATION API
+*/
+typedef struct fts5_api fts5_api;
+struct fts5_api {
+  int iVersion;                   /* Currently always set to 2 */
+
+  /* Create a new tokenizer */
+  int (*xCreateTokenizer)(
+    fts5_api *pApi,
+    const char *zName,
+    void *pContext,
+    fts5_tokenizer *pTokenizer,
+    void (*xDestroy)(void*)
+  );
+
+  /* Find an existing tokenizer */
+  int (*xFindTokenizer)(
+    fts5_api *pApi,
+    const char *zName,
+    void **ppContext,
+    fts5_tokenizer *pTokenizer
+  );
+
+  /* Create a new auxiliary function */
+  int (*xCreateFunction)(
+    fts5_api *pApi,
+    const char *zName,
+    void *pContext,
+    fts5_extension_function xFunction,
+    void (*xDestroy)(void*)
+  );
+};
+
+/*
+** END OF REGISTRATION API
+*************************************************************************/
+
+#if 0
+}  /* end of the 'extern "C"' block */
+#endif
+
+#endif /* _FTS5_H */
+
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+*/
+#ifndef _FTS5INT_H
+#define _FTS5INT_H
+
+/* #include "fts5.h" */
+/* #include "sqlite3ext.h" */
+SQLITE_EXTENSION_INIT1
+
+/* #include <string.h> */
+/* #include <assert.h> */
+
+#ifndef SQLITE_AMALGAMATION
+
+typedef unsigned char  u8;
+typedef unsigned int   u32;
+typedef unsigned short u16;
+typedef sqlite3_int64 i64;
+typedef sqlite3_uint64 u64;
+
+#define ArraySize(x) (sizeof(x) / sizeof(x[0]))
+
+#define testcase(x)
+#define ALWAYS(x) 1
+#define NEVER(x) 0
+
+#define MIN(x,y) (((x) < (y)) ? (x) : (y))
+#define MAX(x,y) (((x) > (y)) ? (x) : (y))
+
+/*
+** Constants for the largest and smallest possible 64-bit signed integers.
+*/
+# define LARGEST_INT64  (0xffffffff|(((i64)0x7fffffff)<<32))
+# define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64)
+
+#endif
+
+
+/*
+** Maximum number of prefix indexes on single FTS5 table. This must be
+** less than 32. If it is set to anything large than that, an #error
+** directive in fts5_index.c will cause the build to fail.
+*/
+#define FTS5_MAX_PREFIX_INDEXES 31
+
+#define FTS5_DEFAULT_NEARDIST 10
+#define FTS5_DEFAULT_RANK     "bm25"
+
+/* Name of rank and rowid columns */
+#define FTS5_RANK_NAME "rank"
+#define FTS5_ROWID_NAME "rowid"
+
+#ifdef SQLITE_DEBUG
+# define FTS5_CORRUPT sqlite3Fts5Corrupt()
+static int sqlite3Fts5Corrupt(void);
+#else
+# define FTS5_CORRUPT SQLITE_CORRUPT_VTAB
+#endif
+
+/*
+** The assert_nc() macro is similar to the assert() macro, except that it
+** is used for assert() conditions that are true only if it can be 
+** guranteed that the database is not corrupt.
+*/
+#ifdef SQLITE_DEBUG
+SQLITE_API extern int sqlite3_fts5_may_be_corrupt;
+# define assert_nc(x) assert(sqlite3_fts5_may_be_corrupt || (x))
+#else
+# define assert_nc(x) assert(x)
+#endif
+
+typedef struct Fts5Global Fts5Global;
+typedef struct Fts5Colset Fts5Colset;
+
+/* If a NEAR() clump or phrase may only match a specific set of columns, 
+** then an object of the following type is used to record the set of columns.
+** Each entry in the aiCol[] array is a column that may be matched.
+**
+** This object is used by fts5_expr.c and fts5_index.c.
+*/
+struct Fts5Colset {
+  int nCol;
+  int aiCol[1];
+};
+
+
+
+/**************************************************************************
+** Interface to code in fts5_config.c. fts5_config.c contains contains code
+** to parse the arguments passed to the CREATE VIRTUAL TABLE statement.
+*/
+
+typedef struct Fts5Config Fts5Config;
+
+/*
+** An instance of the following structure encodes all information that can
+** be gleaned from the CREATE VIRTUAL TABLE statement.
+**
+** And all information loaded from the %_config table.
+**
+** nAutomerge:
+**   The minimum number of segments that an auto-merge operation should
+**   attempt to merge together. A value of 1 sets the object to use the 
+**   compile time default. Zero disables auto-merge altogether.
+**
+** zContent:
+**
+** zContentRowid:
+**   The value of the content_rowid= option, if one was specified. Or 
+**   the string "rowid" otherwise. This text is not quoted - if it is
+**   used as part of an SQL statement it needs to be quoted appropriately.
+**
+** zContentExprlist:
+**
+** pzErrmsg:
+**   This exists in order to allow the fts5_index.c module to return a 
+**   decent error message if it encounters a file-format version it does
+**   not understand.
+**
+** bColumnsize:
+**   True if the %_docsize table is created.
+**
+** bPrefixIndex:
+**   This is only used for debugging. If set to false, any prefix indexes
+**   are ignored. This value is configured using:
+**
+**       INSERT INTO tbl(tbl, rank) VALUES('prefix-index', $bPrefixIndex);
+**
+*/
+struct Fts5Config {
+  sqlite3 *db;                    /* Database handle */
+  char *zDb;                      /* Database holding FTS index (e.g. "main") */
+  char *zName;                    /* Name of FTS index */
+  int nCol;                       /* Number of columns */
+  char **azCol;                   /* Column names */
+  u8 *abUnindexed;                /* True for unindexed columns */
+  int nPrefix;                    /* Number of prefix indexes */
+  int *aPrefix;                   /* Sizes in bytes of nPrefix prefix indexes */
+  int eContent;                   /* An FTS5_CONTENT value */
+  char *zContent;                 /* content table */ 
+  char *zContentRowid;            /* "content_rowid=" option value */ 
+  int bColumnsize;                /* "columnsize=" option value (dflt==1) */
+  char *zContentExprlist;
+  Fts5Tokenizer *pTok;
+  fts5_tokenizer *pTokApi;
+
+  /* Values loaded from the %_config table */
+  int iCookie;                    /* Incremented when %_config is modified */
+  int pgsz;                       /* Approximate page size used in %_data */
+  int nAutomerge;                 /* 'automerge' setting */
+  int nCrisisMerge;               /* Maximum allowed segments per level */
+  int nHashSize;                  /* Bytes of memory for in-memory hash */
+  char *zRank;                    /* Name of rank function */
+  char *zRankArgs;                /* Arguments to rank function */
+
+  /* If non-NULL, points to sqlite3_vtab.base.zErrmsg. Often NULL. */
+  char **pzErrmsg;
+
+#ifdef SQLITE_DEBUG
+  int bPrefixIndex;               /* True to use prefix-indexes */
+#endif
+};
+
+/* Current expected value of %_config table 'version' field */
+#define FTS5_CURRENT_VERSION 4
+
+#define FTS5_CONTENT_NORMAL   0
+#define FTS5_CONTENT_NONE     1
+#define FTS5_CONTENT_EXTERNAL 2
+
+
+
+
+static int sqlite3Fts5ConfigParse(
+    Fts5Global*, sqlite3*, int, const char **, Fts5Config**, char**
+);
+static void sqlite3Fts5ConfigFree(Fts5Config*);
+
+static int sqlite3Fts5ConfigDeclareVtab(Fts5Config *pConfig);
+
+static int sqlite3Fts5Tokenize(
+  Fts5Config *pConfig,            /* FTS5 Configuration object */
+  int flags,                      /* FTS5_TOKENIZE_* flags */
+  const char *pText, int nText,   /* Text to tokenize */
+  void *pCtx,                     /* Context passed to xToken() */
+  int (*xToken)(void*, int, const char*, int, int, int)    /* Callback */
+);
+
+static void sqlite3Fts5Dequote(char *z);
+
+/* Load the contents of the %_config table */
+static int sqlite3Fts5ConfigLoad(Fts5Config*, int);
+
+/* Set the value of a single config attribute */
+static int sqlite3Fts5ConfigSetValue(Fts5Config*, const char*, sqlite3_value*, int*);
+
+static int sqlite3Fts5ConfigParseRank(const char*, char**, char**);
+
+/*
+** End of interface to code in fts5_config.c.
+**************************************************************************/
+
+/**************************************************************************
+** Interface to code in fts5_buffer.c.
+*/
+
+/*
+** Buffer object for the incremental building of string data.
+*/
+typedef struct Fts5Buffer Fts5Buffer;
+struct Fts5Buffer {
+  u8 *p;
+  int n;
+  int nSpace;
+};
+
+static int sqlite3Fts5BufferSize(int*, Fts5Buffer*, int);
+static void sqlite3Fts5BufferAppendVarint(int*, Fts5Buffer*, i64);
+static void sqlite3Fts5BufferAppendBlob(int*, Fts5Buffer*, int, const u8*);
+static void sqlite3Fts5BufferAppendString(int *, Fts5Buffer*, const char*);
+static void sqlite3Fts5BufferFree(Fts5Buffer*);
+static void sqlite3Fts5BufferZero(Fts5Buffer*);
+static void sqlite3Fts5BufferSet(int*, Fts5Buffer*, int, const u8*);
+static void sqlite3Fts5BufferAppendPrintf(int *, Fts5Buffer*, char *zFmt, ...);
+
+static char *sqlite3Fts5Mprintf(int *pRc, const char *zFmt, ...);
+
+#define fts5BufferZero(x)             sqlite3Fts5BufferZero(x)
+#define fts5BufferAppendVarint(a,b,c) sqlite3Fts5BufferAppendVarint(a,b,c)
+#define fts5BufferFree(a)             sqlite3Fts5BufferFree(a)
+#define fts5BufferAppendBlob(a,b,c,d) sqlite3Fts5BufferAppendBlob(a,b,c,d)
+#define fts5BufferSet(a,b,c,d)        sqlite3Fts5BufferSet(a,b,c,d)
+
+#define fts5BufferGrow(pRc,pBuf,nn) ( \
+  (pBuf)->n + (nn) <= (pBuf)->nSpace ? 0 : \
+    sqlite3Fts5BufferSize((pRc),(pBuf),(nn)+(pBuf)->n) \
+)
+
+/* Write and decode big-endian 32-bit integer values */
+static void sqlite3Fts5Put32(u8*, int);
+static int sqlite3Fts5Get32(const u8*);
+
+#define FTS5_POS2COLUMN(iPos) (int)(iPos >> 32)
+#define FTS5_POS2OFFSET(iPos) (int)(iPos & 0xFFFFFFFF)
+
+typedef struct Fts5PoslistReader Fts5PoslistReader;
+struct Fts5PoslistReader {
+  /* Variables used only by sqlite3Fts5PoslistIterXXX() functions. */
+  const u8 *a;                    /* Position list to iterate through */
+  int n;                          /* Size of buffer at a[] in bytes */
+  int i;                          /* Current offset in a[] */
+
+  u8 bFlag;                       /* For client use (any custom purpose) */
+
+  /* Output variables */
+  u8 bEof;                        /* Set to true at EOF */
+  i64 iPos;                       /* (iCol<<32) + iPos */
+};
+static int sqlite3Fts5PoslistReaderInit(
+  const u8 *a, int n,             /* Poslist buffer to iterate through */
+  Fts5PoslistReader *pIter        /* Iterator object to initialize */
+);
+static int sqlite3Fts5PoslistReaderNext(Fts5PoslistReader*);
+
+typedef struct Fts5PoslistWriter Fts5PoslistWriter;
+struct Fts5PoslistWriter {
+  i64 iPrev;
+};
+static int sqlite3Fts5PoslistWriterAppend(Fts5Buffer*, Fts5PoslistWriter*, i64);
+
+static int sqlite3Fts5PoslistNext64(
+  const u8 *a, int n,             /* Buffer containing poslist */
+  int *pi,                        /* IN/OUT: Offset within a[] */
+  i64 *piOff                      /* IN/OUT: Current offset */
+);
+
+/* Malloc utility */
+static void *sqlite3Fts5MallocZero(int *pRc, int nByte);
+static char *sqlite3Fts5Strndup(int *pRc, const char *pIn, int nIn);
+
+/* Character set tests (like isspace(), isalpha() etc.) */
+static int sqlite3Fts5IsBareword(char t);
+
+/*
+** End of interface to code in fts5_buffer.c.
+**************************************************************************/
+
+/**************************************************************************
+** Interface to code in fts5_index.c. fts5_index.c contains contains code
+** to access the data stored in the %_data table.
+*/
+
+typedef struct Fts5Index Fts5Index;
+typedef struct Fts5IndexIter Fts5IndexIter;
+
+/*
+** Values used as part of the flags argument passed to IndexQuery().
+*/
+#define FTS5INDEX_QUERY_PREFIX     0x0001   /* Prefix query */
+#define FTS5INDEX_QUERY_DESC       0x0002   /* Docs in descending rowid order */
+#define FTS5INDEX_QUERY_TEST_NOIDX 0x0004   /* Do not use prefix index */
+#define FTS5INDEX_QUERY_SCAN       0x0008   /* Scan query (fts5vocab) */
+
+/*
+** Create/destroy an Fts5Index object.
+*/
+static int sqlite3Fts5IndexOpen(Fts5Config *pConfig, int bCreate, Fts5Index**, char**);
+static int sqlite3Fts5IndexClose(Fts5Index *p);
+
+/*
+** for(
+**   sqlite3Fts5IndexQuery(p, "token", 5, 0, 0, &pIter);
+**   0==sqlite3Fts5IterEof(pIter);
+**   sqlite3Fts5IterNext(pIter)
+** ){
+**   i64 iRowid = sqlite3Fts5IterRowid(pIter);
+** }
+*/
+
+/*
+** Open a new iterator to iterate though all rowids that match the 
+** specified token or token prefix.
+*/
+static int sqlite3Fts5IndexQuery(
+  Fts5Index *p,                   /* FTS index to query */
+  const char *pToken, int nToken, /* Token (or prefix) to query for */
+  int flags,                      /* Mask of FTS5INDEX_QUERY_X flags */
+  Fts5Colset *pColset,            /* Match these columns only */
+  Fts5IndexIter **ppIter          /* OUT: New iterator object */
+);
+
+/*
+** The various operations on open token or token prefix iterators opened
+** using sqlite3Fts5IndexQuery().
+*/
+static int sqlite3Fts5IterEof(Fts5IndexIter*);
+static int sqlite3Fts5IterNext(Fts5IndexIter*);
+static int sqlite3Fts5IterNextFrom(Fts5IndexIter*, i64 iMatch);
+static i64 sqlite3Fts5IterRowid(Fts5IndexIter*);
+static int sqlite3Fts5IterPoslist(Fts5IndexIter*,Fts5Colset*, const u8**, int*, i64*);
+static int sqlite3Fts5IterPoslistBuffer(Fts5IndexIter *pIter, Fts5Buffer *pBuf);
+
+/*
+** Close an iterator opened by sqlite3Fts5IndexQuery().
+*/
+static void sqlite3Fts5IterClose(Fts5IndexIter*);
+
+/*
+** This interface is used by the fts5vocab module.
+*/
+static const char *sqlite3Fts5IterTerm(Fts5IndexIter*, int*);
+static int sqlite3Fts5IterNextScan(Fts5IndexIter*);
+
+
+/*
+** Insert or remove data to or from the index. Each time a document is 
+** added to or removed from the index, this function is called one or more
+** times.
+**
+** For an insert, it must be called once for each token in the new document.
+** If the operation is a delete, it must be called (at least) once for each
+** unique token in the document with an iCol value less than zero. The iPos
+** argument is ignored for a delete.
+*/
+static int sqlite3Fts5IndexWrite(
+  Fts5Index *p,                   /* Index to write to */
+  int iCol,                       /* Column token appears in (-ve -> delete) */
+  int iPos,                       /* Position of token within column */
+  const char *pToken, int nToken  /* Token to add or remove to or from index */
+);
+
+/*
+** Indicate that subsequent calls to sqlite3Fts5IndexWrite() pertain to
+** document iDocid.
+*/
+static int sqlite3Fts5IndexBeginWrite(
+  Fts5Index *p,                   /* Index to write to */
+  int bDelete,                    /* True if current operation is a delete */
+  i64 iDocid                      /* Docid to add or remove data from */
+);
+
+/*
+** Flush any data stored in the in-memory hash tables to the database.
+** If the bCommit flag is true, also close any open blob handles.
+*/
+static int sqlite3Fts5IndexSync(Fts5Index *p, int bCommit);
+
+/*
+** Discard any data stored in the in-memory hash tables. Do not write it
+** to the database. Additionally, assume that the contents of the %_data
+** table may have changed on disk. So any in-memory caches of %_data 
+** records must be invalidated.
+*/
+static int sqlite3Fts5IndexRollback(Fts5Index *p);
+
+/*
+** Get or set the "averages" values.
+*/
+static int sqlite3Fts5IndexGetAverages(Fts5Index *p, i64 *pnRow, i64 *anSize);
+static int sqlite3Fts5IndexSetAverages(Fts5Index *p, const u8*, int);
+
+/*
+** Functions called by the storage module as part of integrity-check.
+*/
+static u64 sqlite3Fts5IndexCksum(Fts5Config*,i64,int,int,const char*,int);
+static int sqlite3Fts5IndexIntegrityCheck(Fts5Index*, u64 cksum);
+
+/* 
+** Called during virtual module initialization to register UDF 
+** fts5_decode() with SQLite 
+*/
+static int sqlite3Fts5IndexInit(sqlite3*);
+
+static int sqlite3Fts5IndexSetCookie(Fts5Index*, int);
+
+/*
+** Return the total number of entries read from the %_data table by 
+** this connection since it was created.
+*/
+static int sqlite3Fts5IndexReads(Fts5Index *p);
+
+static int sqlite3Fts5IndexReinit(Fts5Index *p);
+static int sqlite3Fts5IndexOptimize(Fts5Index *p);
+static int sqlite3Fts5IndexMerge(Fts5Index *p, int nMerge);
+
+static int sqlite3Fts5IndexLoadConfig(Fts5Index *p);
+
+/*
+** End of interface to code in fts5_index.c.
+**************************************************************************/
+
+/**************************************************************************
+** Interface to code in fts5_varint.c. 
+*/
+static int sqlite3Fts5GetVarint32(const unsigned char *p, u32 *v);
+static int sqlite3Fts5GetVarintLen(u32 iVal);
+static u8 sqlite3Fts5GetVarint(const unsigned char*, u64*);
+static int sqlite3Fts5PutVarint(unsigned char *p, u64 v);
+
+#define fts5GetVarint32(a,b) sqlite3Fts5GetVarint32(a,(u32*)&b)
+#define fts5GetVarint    sqlite3Fts5GetVarint
+
+#define fts5FastGetVarint32(a, iOff, nVal) {      \
+  nVal = (a)[iOff++];                             \
+  if( nVal & 0x80 ){                              \
+    iOff--;                                       \
+    iOff += fts5GetVarint32(&(a)[iOff], nVal);    \
+  }                                               \
+}
+
+
+/*
+** End of interface to code in fts5_varint.c.
+**************************************************************************/
+
+
+/**************************************************************************
+** Interface to code in fts5.c. 
+*/
+
+static int sqlite3Fts5GetTokenizer(
+  Fts5Global*, 
+  const char **azArg,
+  int nArg,
+  Fts5Tokenizer**,
+  fts5_tokenizer**,
+  char **pzErr
+);
+
+static Fts5Index *sqlite3Fts5IndexFromCsrid(Fts5Global*, i64, Fts5Config **);
+
+/*
+** End of interface to code in fts5.c.
+**************************************************************************/
+
+/**************************************************************************
+** Interface to code in fts5_hash.c. 
+*/
+typedef struct Fts5Hash Fts5Hash;
+
+/*
+** Create a hash table, free a hash table.
+*/
+static int sqlite3Fts5HashNew(Fts5Hash**, int *pnSize);
+static void sqlite3Fts5HashFree(Fts5Hash*);
+
+static int sqlite3Fts5HashWrite(
+  Fts5Hash*,
+  i64 iRowid,                     /* Rowid for this entry */
+  int iCol,                       /* Column token appears in (-ve -> delete) */
+  int iPos,                       /* Position of token within column */
+  char bByte,
+  const char *pToken, int nToken  /* Token to add or remove to or from index */
+);
+
+/*
+** Empty (but do not delete) a hash table.
+*/
+static void sqlite3Fts5HashClear(Fts5Hash*);
+
+static int sqlite3Fts5HashQuery(
+  Fts5Hash*,                      /* Hash table to query */
+  const char *pTerm, int nTerm,   /* Query term */
+  const u8 **ppDoclist,           /* OUT: Pointer to doclist for pTerm */
+  int *pnDoclist                  /* OUT: Size of doclist in bytes */
+);
+
+static int sqlite3Fts5HashScanInit(
+  Fts5Hash*,                      /* Hash table to query */
+  const char *pTerm, int nTerm    /* Query prefix */
+);
+static void sqlite3Fts5HashScanNext(Fts5Hash*);
+static int sqlite3Fts5HashScanEof(Fts5Hash*);
+static void sqlite3Fts5HashScanEntry(Fts5Hash *,
+  const char **pzTerm,            /* OUT: term (nul-terminated) */
+  const u8 **ppDoclist,           /* OUT: pointer to doclist */
+  int *pnDoclist                  /* OUT: size of doclist in bytes */
+);
+
+
+/*
+** End of interface to code in fts5_hash.c.
+**************************************************************************/
+
+/**************************************************************************
+** Interface to code in fts5_storage.c. fts5_storage.c contains contains 
+** code to access the data stored in the %_content and %_docsize tables.
+*/
+
+#define FTS5_STMT_SCAN_ASC  0     /* SELECT rowid, * FROM ... ORDER BY 1 ASC */
+#define FTS5_STMT_SCAN_DESC 1     /* SELECT rowid, * FROM ... ORDER BY 1 DESC */
+#define FTS5_STMT_LOOKUP    2     /* SELECT rowid, * FROM ... WHERE rowid=? */
+
+typedef struct Fts5Storage Fts5Storage;
+
+static int sqlite3Fts5StorageOpen(Fts5Config*, Fts5Index*, int, Fts5Storage**, char**);
+static int sqlite3Fts5StorageClose(Fts5Storage *p);
+static int sqlite3Fts5StorageRename(Fts5Storage*, const char *zName);
+
+static int sqlite3Fts5DropAll(Fts5Config*);
+static int sqlite3Fts5CreateTable(Fts5Config*, const char*, const char*, int, char **);
+
+static int sqlite3Fts5StorageDelete(Fts5Storage *p, i64);
+static int sqlite3Fts5StorageContentInsert(Fts5Storage *p, sqlite3_value**, i64*);
+static int sqlite3Fts5StorageIndexInsert(Fts5Storage *p, sqlite3_value**, i64);
+
+static int sqlite3Fts5StorageIntegrity(Fts5Storage *p);
+
+static int sqlite3Fts5StorageStmt(Fts5Storage *p, int eStmt, sqlite3_stmt**, char**);
+static void sqlite3Fts5StorageStmtRelease(Fts5Storage *p, int eStmt, sqlite3_stmt*);
+
+static int sqlite3Fts5StorageDocsize(Fts5Storage *p, i64 iRowid, int *aCol);
+static int sqlite3Fts5StorageSize(Fts5Storage *p, int iCol, i64 *pnAvg);
+static int sqlite3Fts5StorageRowCount(Fts5Storage *p, i64 *pnRow);
+
+static int sqlite3Fts5StorageSync(Fts5Storage *p, int bCommit);
+static int sqlite3Fts5StorageRollback(Fts5Storage *p);
+
+static int sqlite3Fts5StorageConfigValue(
+    Fts5Storage *p, const char*, sqlite3_value*, int
+);
+
+static int sqlite3Fts5StorageSpecialDelete(Fts5Storage *p, i64 iDel, sqlite3_value**);
+
+static int sqlite3Fts5StorageDeleteAll(Fts5Storage *p);
+static int sqlite3Fts5StorageRebuild(Fts5Storage *p);
+static int sqlite3Fts5StorageOptimize(Fts5Storage *p);
+static int sqlite3Fts5StorageMerge(Fts5Storage *p, int nMerge);
+
+/*
+** End of interface to code in fts5_storage.c.
+**************************************************************************/
+
+
+/**************************************************************************
+** Interface to code in fts5_expr.c. 
+*/
+typedef struct Fts5Expr Fts5Expr;
+typedef struct Fts5ExprNode Fts5ExprNode;
+typedef struct Fts5Parse Fts5Parse;
+typedef struct Fts5Token Fts5Token;
+typedef struct Fts5ExprPhrase Fts5ExprPhrase;
+typedef struct Fts5ExprNearset Fts5ExprNearset;
+
+struct Fts5Token {
+  const char *p;                  /* Token text (not NULL terminated) */
+  int n;                          /* Size of buffer p in bytes */
+};
+
+/* Parse a MATCH expression. */
+static int sqlite3Fts5ExprNew(
+  Fts5Config *pConfig, 
+  const char *zExpr,
+  Fts5Expr **ppNew, 
+  char **pzErr
+);
+
+/*
+** for(rc = sqlite3Fts5ExprFirst(pExpr, pIdx, bDesc);
+**     rc==SQLITE_OK && 0==sqlite3Fts5ExprEof(pExpr);
+**     rc = sqlite3Fts5ExprNext(pExpr)
+** ){
+**   // The document with rowid iRowid matches the expression!
+**   i64 iRowid = sqlite3Fts5ExprRowid(pExpr);
+** }
+*/
+static int sqlite3Fts5ExprFirst(Fts5Expr*, Fts5Index *pIdx, i64 iMin, int bDesc);
+static int sqlite3Fts5ExprNext(Fts5Expr*, i64 iMax);
+static int sqlite3Fts5ExprEof(Fts5Expr*);
+static i64 sqlite3Fts5ExprRowid(Fts5Expr*);
+
+static void sqlite3Fts5ExprFree(Fts5Expr*);
+
+/* Called during startup to register a UDF with SQLite */
+static int sqlite3Fts5ExprInit(Fts5Global*, sqlite3*);
+
+static int sqlite3Fts5ExprPhraseCount(Fts5Expr*);
+static int sqlite3Fts5ExprPhraseSize(Fts5Expr*, int iPhrase);
+static int sqlite3Fts5ExprPoslist(Fts5Expr*, int, const u8 **);
+
+static int sqlite3Fts5ExprClonePhrase(Fts5Config*, Fts5Expr*, int, Fts5Expr**);
+
+/*******************************************
+** The fts5_expr.c API above this point is used by the other hand-written
+** C code in this module. The interfaces below this point are called by
+** the parser code in fts5parse.y.  */
+
+static void sqlite3Fts5ParseError(Fts5Parse *pParse, const char *zFmt, ...);
+
+static Fts5ExprNode *sqlite3Fts5ParseNode(
+  Fts5Parse *pParse,
+  int eType,
+  Fts5ExprNode *pLeft,
+  Fts5ExprNode *pRight,
+  Fts5ExprNearset *pNear
+);
+
+static Fts5ExprPhrase *sqlite3Fts5ParseTerm(
+  Fts5Parse *pParse, 
+  Fts5ExprPhrase *pPhrase, 
+  Fts5Token *pToken,
+  int bPrefix
+);
+
+static Fts5ExprNearset *sqlite3Fts5ParseNearset(
+  Fts5Parse*, 
+  Fts5ExprNearset*,
+  Fts5ExprPhrase* 
+);
+
+static Fts5Colset *sqlite3Fts5ParseColset(
+  Fts5Parse*, 
+  Fts5Colset*, 
+  Fts5Token *
+);
+
+static void sqlite3Fts5ParsePhraseFree(Fts5ExprPhrase*);
+static void sqlite3Fts5ParseNearsetFree(Fts5ExprNearset*);
+static void sqlite3Fts5ParseNodeFree(Fts5ExprNode*);
+
+static void sqlite3Fts5ParseSetDistance(Fts5Parse*, Fts5ExprNearset*, Fts5Token*);
+static void sqlite3Fts5ParseSetColset(Fts5Parse*, Fts5ExprNearset*, Fts5Colset*);
+static void sqlite3Fts5ParseFinished(Fts5Parse *pParse, Fts5ExprNode *p);
+static void sqlite3Fts5ParseNear(Fts5Parse *pParse, Fts5Token*);
+
+/*
+** End of interface to code in fts5_expr.c.
+**************************************************************************/
+
+
+
+/**************************************************************************
+** Interface to code in fts5_aux.c. 
+*/
+
+static int sqlite3Fts5AuxInit(fts5_api*);
+/*
+** End of interface to code in fts5_aux.c.
+**************************************************************************/
+
+/**************************************************************************
+** Interface to code in fts5_tokenizer.c. 
+*/
+
+static int sqlite3Fts5TokenizerInit(fts5_api*);
+/*
+** End of interface to code in fts5_tokenizer.c.
+**************************************************************************/
+
+/**************************************************************************
+** Interface to code in fts5_vocab.c. 
+*/
+
+static int sqlite3Fts5VocabInit(Fts5Global*, sqlite3*);
+
+/*
+** End of interface to code in fts5_vocab.c.
+**************************************************************************/
+
+
+/**************************************************************************
+** Interface to automatically generated code in fts5_unicode2.c. 
+*/
+static int sqlite3Fts5UnicodeIsalnum(int c);
+static int sqlite3Fts5UnicodeIsdiacritic(int c);
+static int sqlite3Fts5UnicodeFold(int c, int bRemoveDiacritic);
+/*
+** End of interface to code in fts5_unicode2.c.
+**************************************************************************/
+
+#endif
+
+#define FTS5_OR                               1
+#define FTS5_AND                              2
+#define FTS5_NOT                              3
+#define FTS5_TERM                             4
+#define FTS5_COLON                            5
+#define FTS5_LP                               6
+#define FTS5_RP                               7
+#define FTS5_LCP                              8
+#define FTS5_RCP                              9
+#define FTS5_STRING                          10
+#define FTS5_COMMA                           11
+#define FTS5_PLUS                            12
+#define FTS5_STAR                            13
+
+/*
+** 2000-05-29
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** Driver template for the LEMON parser generator.
+**
+** The "lemon" program processes an LALR(1) input grammar file, then uses
+** this template to construct a parser.  The "lemon" program inserts text
+** at each "%%" line.  Also, any "P-a-r-s-e" identifer prefix (without the
+** interstitial "-" characters) contained in this template is changed into
+** the value of the %name directive from the grammar.  Otherwise, the content
+** of this template is copied straight through into the generate parser
+** source file.
+**
+** The following is the concatenation of all %include directives from the
+** input grammar file:
+*/
+/* #include <stdio.h> */
+/************ Begin %include sections from the grammar ************************/
+
+/* #include "fts5Int.h" */
+/* #include "fts5parse.h" */
+
+/*
+** Disable all error recovery processing in the parser push-down
+** automaton.
+*/
+#define fts5YYNOERRORRECOVERY 1
+
+/*
+** Make fts5yytestcase() the same as testcase()
+*/
+#define fts5yytestcase(X) testcase(X)
+
+/*
+** Indicate that sqlite3ParserFree() will never be called with a null
+** pointer.
+*/
+#define fts5YYPARSEFREENOTNULL 1
+
+/*
+** Alternative datatype for the argument to the malloc() routine passed
+** into sqlite3ParserAlloc().  The default is size_t.
+*/
+#define fts5YYMALLOCARGTYPE  u64
+
+/**************** End of %include directives **********************************/
+/* These constants specify the various numeric values for terminal symbols
+** in a format understandable to "makeheaders".  This section is blank unless
+** "lemon" is run with the "-m" command-line option.
+***************** Begin makeheaders token definitions *************************/
+/**************** End makeheaders token definitions ***************************/
+
+/* The next sections is a series of control #defines.
+** various aspects of the generated parser.
+**    fts5YYCODETYPE         is the data type used to store the integer codes
+**                       that represent terminal and non-terminal symbols.
+**                       "unsigned char" is used if there are fewer than
+**                       256 symbols.  Larger types otherwise.
+**    fts5YYNOCODE           is a number of type fts5YYCODETYPE that is not used for
+**                       any terminal or nonterminal symbol.
+**    fts5YYFALLBACK         If defined, this indicates that one or more tokens
+**                       (also known as: "terminal symbols") have fall-back
+**                       values which should be used if the original symbol
+**                       would not parse.  This permits keywords to sometimes
+**                       be used as identifiers, for example.
+**    fts5YYACTIONTYPE       is the data type used for "action codes" - numbers
+**                       that indicate what to do in response to the next
+**                       token.
+**    sqlite3Fts5ParserFTS5TOKENTYPE     is the data type used for minor type for terminal
+**                       symbols.  Background: A "minor type" is a semantic
+**                       value associated with a terminal or non-terminal
+**                       symbols.  For example, for an "ID" terminal symbol,
+**                       the minor type might be the name of the identifier.
+**                       Each non-terminal can have a different minor type.
+**                       Terminal symbols all have the same minor type, though.
+**                       This macros defines the minor type for terminal 
+**                       symbols.
+**    fts5YYMINORTYPE        is the data type used for all minor types.
+**                       This is typically a union of many types, one of
+**                       which is sqlite3Fts5ParserFTS5TOKENTYPE.  The entry in the union
+**                       for terminal symbols is called "fts5yy0".
+**    fts5YYSTACKDEPTH       is the maximum depth of the parser's stack.  If
+**                       zero the stack is dynamically sized using realloc()
+**    sqlite3Fts5ParserARG_SDECL     A static variable declaration for the %extra_argument
+**    sqlite3Fts5ParserARG_PDECL     A parameter declaration for the %extra_argument
+**    sqlite3Fts5ParserARG_STORE     Code to store %extra_argument into fts5yypParser
+**    sqlite3Fts5ParserARG_FETCH     Code to extract %extra_argument from fts5yypParser
+**    fts5YYERRORSYMBOL      is the code number of the error symbol.  If not
+**                       defined, then do no error processing.
+**    fts5YYNSTATE           the combined number of states.
+**    fts5YYNRULE            the number of rules in the grammar
+**    fts5YY_MAX_SHIFT       Maximum value for shift actions
+**    fts5YY_MIN_SHIFTREDUCE Minimum value for shift-reduce actions
+**    fts5YY_MAX_SHIFTREDUCE Maximum value for shift-reduce actions
+**    fts5YY_MIN_REDUCE      Maximum value for reduce actions
+**    fts5YY_ERROR_ACTION    The fts5yy_action[] code for syntax error
+**    fts5YY_ACCEPT_ACTION   The fts5yy_action[] code for accept
+**    fts5YY_NO_ACTION       The fts5yy_action[] code for no-op
+*/
+#ifndef INTERFACE
+# define INTERFACE 1
+#endif
+/************* Begin control #defines *****************************************/
+#define fts5YYCODETYPE unsigned char
+#define fts5YYNOCODE 27
+#define fts5YYACTIONTYPE unsigned char
+#define sqlite3Fts5ParserFTS5TOKENTYPE Fts5Token
+typedef union {
+  int fts5yyinit;
+  sqlite3Fts5ParserFTS5TOKENTYPE fts5yy0;
+  Fts5Colset* fts5yy3;
+  Fts5ExprPhrase* fts5yy11;
+  Fts5ExprNode* fts5yy18;
+  int fts5yy20;
+  Fts5ExprNearset* fts5yy26;
+} fts5YYMINORTYPE;
+#ifndef fts5YYSTACKDEPTH
+#define fts5YYSTACKDEPTH 100
+#endif
+#define sqlite3Fts5ParserARG_SDECL Fts5Parse *pParse;
+#define sqlite3Fts5ParserARG_PDECL ,Fts5Parse *pParse
+#define sqlite3Fts5ParserARG_FETCH Fts5Parse *pParse = fts5yypParser->pParse
+#define sqlite3Fts5ParserARG_STORE fts5yypParser->pParse = pParse
+#define fts5YYNSTATE             26
+#define fts5YYNRULE              24
+#define fts5YY_MAX_SHIFT         25
+#define fts5YY_MIN_SHIFTREDUCE   40
+#define fts5YY_MAX_SHIFTREDUCE   63
+#define fts5YY_MIN_REDUCE        64
+#define fts5YY_MAX_REDUCE        87
+#define fts5YY_ERROR_ACTION      88
+#define fts5YY_ACCEPT_ACTION     89
+#define fts5YY_NO_ACTION         90
+/************* End control #defines *******************************************/
+
+/* The fts5yyzerominor constant is used to initialize instances of
+** fts5YYMINORTYPE objects to zero. */
+static const fts5YYMINORTYPE fts5yyzerominor = { 0 };
+
+/* Define the fts5yytestcase() macro to be a no-op if is not already defined
+** otherwise.
+**
+** Applications can choose to define fts5yytestcase() in the %include section
+** to a macro that can assist in verifying code coverage.  For production
+** code the fts5yytestcase() macro should be turned off.  But it is useful
+** for testing.
+*/
+#ifndef fts5yytestcase
+# define fts5yytestcase(X)
+#endif
+
+
+/* Next are the tables used to determine what action to take based on the
+** current state and lookahead token.  These tables are used to implement
+** functions that take a state number and lookahead value and return an
+** action integer.  
+**
+** Suppose the action integer is N.  Then the action is determined as
+** follows
+**
+**   0 <= N <= fts5YY_MAX_SHIFT             Shift N.  That is, push the lookahead
+**                                      token onto the stack and goto state N.
+**
+**   N between fts5YY_MIN_SHIFTREDUCE       Shift to an arbitrary state then
+**     and fts5YY_MAX_SHIFTREDUCE           reduce by rule N-fts5YY_MIN_SHIFTREDUCE.
+**
+**   N between fts5YY_MIN_REDUCE            Reduce by rule N-fts5YY_MIN_REDUCE
+**     and fts5YY_MAX_REDUCE
+
+**   N == fts5YY_ERROR_ACTION               A syntax error has occurred.
+**
+**   N == fts5YY_ACCEPT_ACTION              The parser accepts its input.
+**
+**   N == fts5YY_NO_ACTION                  No such action.  Denotes unused
+**                                      slots in the fts5yy_action[] table.
+**
+** The action table is constructed as a single large table named fts5yy_action[].
+** Given state S and lookahead X, the action is computed as
+**
+**      fts5yy_action[ fts5yy_shift_ofst[S] + X ]
+**
+** If the index value fts5yy_shift_ofst[S]+X is out of range or if the value
+** fts5yy_lookahead[fts5yy_shift_ofst[S]+X] is not equal to X or if fts5yy_shift_ofst[S]
+** is equal to fts5YY_SHIFT_USE_DFLT, it means that the action is not in the table
+** and that fts5yy_default[S] should be used instead.  
+**
+** The formula above is for computing the action when the lookahead is
+** a terminal symbol.  If the lookahead is a non-terminal (as occurs after
+** a reduce action) then the fts5yy_reduce_ofst[] array is used in place of
+** the fts5yy_shift_ofst[] array and fts5YY_REDUCE_USE_DFLT is used in place of
+** fts5YY_SHIFT_USE_DFLT.
+**
+** The following are the tables generated in this section:
+**
+**  fts5yy_action[]        A single table containing all actions.
+**  fts5yy_lookahead[]     A table containing the lookahead for each entry in
+**                     fts5yy_action.  Used to detect hash collisions.
+**  fts5yy_shift_ofst[]    For each state, the offset into fts5yy_action for
+**                     shifting terminals.
+**  fts5yy_reduce_ofst[]   For each state, the offset into fts5yy_action for
+**                     shifting non-terminals after a reduce.
+**  fts5yy_default[]       Default action for each state.
+**
+*********** Begin parsing tables **********************************************/
+#define fts5YY_ACTTAB_COUNT (78)
+static const fts5YYACTIONTYPE fts5yy_action[] = {
+ /*     0 */    89,   15,   46,    5,   48,   24,   12,   19,   23,   14,
+ /*    10 */    46,    5,   48,   24,   20,   21,   23,   43,   46,    5,
+ /*    20 */    48,   24,    6,   18,   23,   17,   46,    5,   48,   24,
+ /*    30 */    75,    7,   23,   25,   46,    5,   48,   24,   62,   47,
+ /*    40 */    23,   48,   24,    7,   11,   23,    9,    3,    4,    2,
+ /*    50 */    62,   50,   52,   44,   64,    3,    4,    2,   49,    4,
+ /*    60 */     2,    1,   23,   11,   16,    9,   12,    2,   10,   61,
+ /*    70 */    53,   59,   62,   60,   22,   13,   55,    8,
+};
+static const fts5YYCODETYPE fts5yy_lookahead[] = {
+ /*     0 */    15,   16,   17,   18,   19,   20,   10,   11,   23,   16,
+ /*    10 */    17,   18,   19,   20,   23,   24,   23,   16,   17,   18,
+ /*    20 */    19,   20,   22,   23,   23,   16,   17,   18,   19,   20,
+ /*    30 */     5,    6,   23,   16,   17,   18,   19,   20,   13,   17,
+ /*    40 */    23,   19,   20,    6,    8,   23,   10,    1,    2,    3,
+ /*    50 */    13,    9,   10,    7,    0,    1,    2,    3,   19,    2,
+ /*    60 */     3,    6,   23,    8,   21,   10,   10,    3,   10,   25,
+ /*    70 */    10,   10,   13,   25,   12,   10,    7,    5,
+};
+#define fts5YY_SHIFT_USE_DFLT (-5)
+#define fts5YY_SHIFT_COUNT (25)
+#define fts5YY_SHIFT_MIN   (-4)
+#define fts5YY_SHIFT_MAX   (72)
+static const signed char fts5yy_shift_ofst[] = {
+ /*     0 */    55,   55,   55,   55,   55,   36,   -4,   56,   58,   25,
+ /*    10 */    37,   60,   59,   59,   46,   54,   42,   57,   62,   61,
+ /*    20 */    62,   69,   65,   62,   72,   64,
+};
+#define fts5YY_REDUCE_USE_DFLT (-16)
+#define fts5YY_REDUCE_COUNT (13)
+#define fts5YY_REDUCE_MIN   (-15)
+#define fts5YY_REDUCE_MAX   (48)
+static const signed char fts5yy_reduce_ofst[] = {
+ /*     0 */   -15,   -7,    1,    9,   17,   22,   -9,    0,   39,   44,
+ /*    10 */    44,   43,   44,   48,
+};
+static const fts5YYACTIONTYPE fts5yy_default[] = {
+ /*     0 */    88,   88,   88,   88,   88,   69,   82,   88,   88,   87,
+ /*    10 */    87,   88,   87,   87,   88,   88,   88,   66,   80,   88,
+ /*    20 */    81,   88,   88,   78,   88,   65,
+};
+/********** End of lemon-generated parsing tables *****************************/
+
+/* The next table maps tokens (terminal symbols) into fallback tokens.  
+** If a construct like the following:
+** 
+**      %fallback ID X Y Z.
+**
+** appears in the grammar, then ID becomes a fallback token for X, Y,
+** and Z.  Whenever one of the tokens X, Y, or Z is input to the parser
+** but it does not parse, the type of the token is changed to ID and
+** the parse is retried before an error is thrown.
+**
+** This feature can be used, for example, to cause some keywords in a language
+** to revert to identifiers if they keyword does not apply in the context where
+** it appears.
+*/
+#ifdef fts5YYFALLBACK
+static const fts5YYCODETYPE fts5yyFallback[] = {
+};
+#endif /* fts5YYFALLBACK */
+
+/* The following structure represents a single element of the
+** parser's stack.  Information stored includes:
+**
+**   +  The state number for the parser at this level of the stack.
+**
+**   +  The value of the token stored at this level of the stack.
+**      (In other words, the "major" token.)
+**
+**   +  The semantic value stored at this level of the stack.  This is
+**      the information used by the action routines in the grammar.
+**      It is sometimes called the "minor" token.
+**
+** After the "shift" half of a SHIFTREDUCE action, the stateno field
+** actually contains the reduce action for the second half of the
+** SHIFTREDUCE.
+*/
+struct fts5yyStackEntry {
+  fts5YYACTIONTYPE stateno;  /* The state-number, or reduce action in SHIFTREDUCE */
+  fts5YYCODETYPE major;      /* The major token value.  This is the code
+                         ** number for the token at this stack level */
+  fts5YYMINORTYPE minor;     /* The user-supplied minor token value.  This
+                         ** is the value of the token  */
+};
+typedef struct fts5yyStackEntry fts5yyStackEntry;
+
+/* The state of the parser is completely contained in an instance of
+** the following structure */
+struct fts5yyParser {
+  int fts5yyidx;                    /* Index of top element in stack */
+#ifdef fts5YYTRACKMAXSTACKDEPTH
+  int fts5yyidxMax;                 /* Maximum value of fts5yyidx */
+#endif
+  int fts5yyerrcnt;                 /* Shifts left before out of the error */
+  sqlite3Fts5ParserARG_SDECL                /* A place to hold %extra_argument */
+#if fts5YYSTACKDEPTH<=0
+  int fts5yystksz;                  /* Current side of the stack */
+  fts5yyStackEntry *fts5yystack;        /* The parser's stack */
+#else
+  fts5yyStackEntry fts5yystack[fts5YYSTACKDEPTH];  /* The parser's stack */
+#endif
+};
+typedef struct fts5yyParser fts5yyParser;
+
+#ifndef NDEBUG
+/* #include <stdio.h> */
+static FILE *fts5yyTraceFILE = 0;
+static char *fts5yyTracePrompt = 0;
+#endif /* NDEBUG */
+
+#ifndef NDEBUG
+/* 
+** Turn parser tracing on by giving a stream to which to write the trace
+** and a prompt to preface each trace message.  Tracing is turned off
+** by making either argument NULL 
+**
+** Inputs:
+** <ul>
+** <li> A FILE* to which trace output should be written.
+**      If NULL, then tracing is turned off.
+** <li> A prefix string written at the beginning of every
+**      line of trace output.  If NULL, then tracing is
+**      turned off.
+** </ul>
+**
+** Outputs:
+** None.
+*/
+static void sqlite3Fts5ParserTrace(FILE *TraceFILE, char *zTracePrompt){
+  fts5yyTraceFILE = TraceFILE;
+  fts5yyTracePrompt = zTracePrompt;
+  if( fts5yyTraceFILE==0 ) fts5yyTracePrompt = 0;
+  else if( fts5yyTracePrompt==0 ) fts5yyTraceFILE = 0;
+}
+#endif /* NDEBUG */
+
+#ifndef NDEBUG
+/* For tracing shifts, the names of all terminals and nonterminals
+** are required.  The following table supplies these names */
+static const char *const fts5yyTokenName[] = { 
+  "$",             "OR",            "AND",           "NOT",         
+  "TERM",          "COLON",         "LP",            "RP",          
+  "LCP",           "RCP",           "STRING",        "COMMA",       
+  "PLUS",          "STAR",          "error",         "input",       
+  "expr",          "cnearset",      "exprlist",      "nearset",     
+  "colset",        "colsetlist",    "nearphrases",   "phrase",      
+  "neardist_opt",  "star_opt",    
+};
+#endif /* NDEBUG */
+
+#ifndef NDEBUG
+/* For tracing reduce actions, the names of all rules are required.
+*/
+static const char *const fts5yyRuleName[] = {
+ /*   0 */ "input ::= expr",
+ /*   1 */ "expr ::= expr AND expr",
+ /*   2 */ "expr ::= expr OR expr",
+ /*   3 */ "expr ::= expr NOT expr",
+ /*   4 */ "expr ::= LP expr RP",
+ /*   5 */ "expr ::= exprlist",
+ /*   6 */ "exprlist ::= cnearset",
+ /*   7 */ "exprlist ::= exprlist cnearset",
+ /*   8 */ "cnearset ::= nearset",
+ /*   9 */ "cnearset ::= colset COLON nearset",
+ /*  10 */ "colset ::= LCP colsetlist RCP",
+ /*  11 */ "colset ::= STRING",
+ /*  12 */ "colsetlist ::= colsetlist STRING",
+ /*  13 */ "colsetlist ::= STRING",
+ /*  14 */ "nearset ::= phrase",
+ /*  15 */ "nearset ::= STRING LP nearphrases neardist_opt RP",
+ /*  16 */ "nearphrases ::= phrase",
+ /*  17 */ "nearphrases ::= nearphrases phrase",
+ /*  18 */ "neardist_opt ::=",
+ /*  19 */ "neardist_opt ::= COMMA STRING",
+ /*  20 */ "phrase ::= phrase PLUS STRING star_opt",
+ /*  21 */ "phrase ::= STRING star_opt",
+ /*  22 */ "star_opt ::= STAR",
+ /*  23 */ "star_opt ::=",
+};
+#endif /* NDEBUG */
+
+
+#if fts5YYSTACKDEPTH<=0
+/*
+** Try to increase the size of the parser stack.
+*/
+static void fts5yyGrowStack(fts5yyParser *p){
+  int newSize;
+  fts5yyStackEntry *pNew;
+
+  newSize = p->fts5yystksz*2 + 100;
+  pNew = realloc(p->fts5yystack, newSize*sizeof(pNew[0]));
+  if( pNew ){
+    p->fts5yystack = pNew;
+    p->fts5yystksz = newSize;
+#ifndef NDEBUG
+    if( fts5yyTraceFILE ){
+      fprintf(fts5yyTraceFILE,"%sStack grows to %d entries!\n",
+              fts5yyTracePrompt, p->fts5yystksz);
+    }
+#endif
+  }
+}
+#endif
+
+/* Datatype of the argument to the memory allocated passed as the
+** second argument to sqlite3Fts5ParserAlloc() below.  This can be changed by
+** putting an appropriate #define in the %include section of the input
+** grammar.
+*/
+#ifndef fts5YYMALLOCARGTYPE
+# define fts5YYMALLOCARGTYPE size_t
+#endif
+
+/* 
+** This function allocates a new parser.
+** The only argument is a pointer to a function which works like
+** malloc.
+**
+** Inputs:
+** A pointer to the function used to allocate memory.
+**
+** Outputs:
+** A pointer to a parser.  This pointer is used in subsequent calls
+** to sqlite3Fts5Parser and sqlite3Fts5ParserFree.
+*/
+static void *sqlite3Fts5ParserAlloc(void *(*mallocProc)(fts5YYMALLOCARGTYPE)){
+  fts5yyParser *pParser;
+  pParser = (fts5yyParser*)(*mallocProc)( (fts5YYMALLOCARGTYPE)sizeof(fts5yyParser) );
+  if( pParser ){
+    pParser->fts5yyidx = -1;
+#ifdef fts5YYTRACKMAXSTACKDEPTH
+    pParser->fts5yyidxMax = 0;
+#endif
+#if fts5YYSTACKDEPTH<=0
+    pParser->fts5yystack = NULL;
+    pParser->fts5yystksz = 0;
+    fts5yyGrowStack(pParser);
+#endif
+  }
+  return pParser;
+}
+
+/* The following function deletes the "minor type" or semantic value
+** associated with a symbol.  The symbol can be either a terminal
+** or nonterminal. "fts5yymajor" is the symbol code, and "fts5yypminor" is
+** a pointer to the value to be deleted.  The code used to do the 
+** deletions is derived from the %destructor and/or %token_destructor
+** directives of the input grammar.
+*/
+static void fts5yy_destructor(
+  fts5yyParser *fts5yypParser,    /* The parser */
+  fts5YYCODETYPE fts5yymajor,     /* Type code for object to destroy */
+  fts5YYMINORTYPE *fts5yypminor   /* The object to be destroyed */
+){
+  sqlite3Fts5ParserARG_FETCH;
+  switch( fts5yymajor ){
+    /* Here is inserted the actions which take place when a
+    ** terminal or non-terminal is destroyed.  This can happen
+    ** when the symbol is popped from the stack during a
+    ** reduce or during error processing or when a parser is 
+    ** being destroyed before it is finished parsing.
+    **
+    ** Note: during a reduce, the only symbols destroyed are those
+    ** which appear on the RHS of the rule, but which are *not* used
+    ** inside the C code.
+    */
+/********* Begin destructor definitions ***************************************/
+    case 15: /* input */
+{
+ (void)pParse; 
+}
+      break;
+    case 16: /* expr */
+    case 17: /* cnearset */
+    case 18: /* exprlist */
+{
+ sqlite3Fts5ParseNodeFree((fts5yypminor->fts5yy18)); 
+}
+      break;
+    case 19: /* nearset */
+    case 22: /* nearphrases */
+{
+ sqlite3Fts5ParseNearsetFree((fts5yypminor->fts5yy26)); 
+}
+      break;
+    case 20: /* colset */
+    case 21: /* colsetlist */
+{
+ sqlite3_free((fts5yypminor->fts5yy3)); 
+}
+      break;
+    case 23: /* phrase */
+{
+ sqlite3Fts5ParsePhraseFree((fts5yypminor->fts5yy11)); 
+}
+      break;
+/********* End destructor definitions *****************************************/
+    default:  break;   /* If no destructor action specified: do nothing */
+  }
+}
+
+/*
+** Pop the parser's stack once.
+**
+** If there is a destructor routine associated with the token which
+** is popped from the stack, then call it.
+*/
+static void fts5yy_pop_parser_stack(fts5yyParser *pParser){
+  fts5yyStackEntry *fts5yytos;
+  assert( pParser->fts5yyidx>=0 );
+  fts5yytos = &pParser->fts5yystack[pParser->fts5yyidx--];
+#ifndef NDEBUG
+  if( fts5yyTraceFILE ){
+    fprintf(fts5yyTraceFILE,"%sPopping %s\n",
+      fts5yyTracePrompt,
+      fts5yyTokenName[fts5yytos->major]);
+  }
+#endif
+  fts5yy_destructor(pParser, fts5yytos->major, &fts5yytos->minor);
+}
+
+/* 
+** Deallocate and destroy a parser.  Destructors are called for
+** all stack elements before shutting the parser down.
+**
+** If the fts5YYPARSEFREENEVERNULL macro exists (for example because it
+** is defined in a %include section of the input grammar) then it is
+** assumed that the input pointer is never NULL.
+*/
+static void sqlite3Fts5ParserFree(
+  void *p,                    /* The parser to be deleted */
+  void (*freeProc)(void*)     /* Function used to reclaim memory */
+){
+  fts5yyParser *pParser = (fts5yyParser*)p;
+#ifndef fts5YYPARSEFREENEVERNULL
+  if( pParser==0 ) return;
+#endif
+  while( pParser->fts5yyidx>=0 ) fts5yy_pop_parser_stack(pParser);
+#if fts5YYSTACKDEPTH<=0
+  free(pParser->fts5yystack);
+#endif
+  (*freeProc)((void*)pParser);
+}
+
+/*
+** Return the peak depth of the stack for a parser.
+*/
+#ifdef fts5YYTRACKMAXSTACKDEPTH
+static int sqlite3Fts5ParserStackPeak(void *p){
+  fts5yyParser *pParser = (fts5yyParser*)p;
+  return pParser->fts5yyidxMax;
+}
+#endif
+
+/*
+** Find the appropriate action for a parser given the terminal
+** look-ahead token iLookAhead.
+*/
+static int fts5yy_find_shift_action(
+  fts5yyParser *pParser,        /* The parser */
+  fts5YYCODETYPE iLookAhead     /* The look-ahead token */
+){
+  int i;
+  int stateno = pParser->fts5yystack[pParser->fts5yyidx].stateno;
+ 
+  if( stateno>=fts5YY_MIN_REDUCE ) return stateno;
+  assert( stateno <= fts5YY_SHIFT_COUNT );
+  do{
+    i = fts5yy_shift_ofst[stateno];
+    if( i==fts5YY_SHIFT_USE_DFLT ) return fts5yy_default[stateno];
+    assert( iLookAhead!=fts5YYNOCODE );
+    i += iLookAhead;
+    if( i<0 || i>=fts5YY_ACTTAB_COUNT || fts5yy_lookahead[i]!=iLookAhead ){
+      if( iLookAhead>0 ){
+#ifdef fts5YYFALLBACK
+        fts5YYCODETYPE iFallback;            /* Fallback token */
+        if( iLookAhead<sizeof(fts5yyFallback)/sizeof(fts5yyFallback[0])
+               && (iFallback = fts5yyFallback[iLookAhead])!=0 ){
+#ifndef NDEBUG
+          if( fts5yyTraceFILE ){
+            fprintf(fts5yyTraceFILE, "%sFALLBACK %s => %s\n",
+               fts5yyTracePrompt, fts5yyTokenName[iLookAhead], fts5yyTokenName[iFallback]);
+          }
+#endif
+          assert( fts5yyFallback[iFallback]==0 ); /* Fallback loop must terminate */
+          iLookAhead = iFallback;
+          continue;
+        }
+#endif
+#ifdef fts5YYWILDCARD
+        {
+          int j = i - iLookAhead + fts5YYWILDCARD;
+          if( 
+#if fts5YY_SHIFT_MIN+fts5YYWILDCARD<0
+            j>=0 &&
+#endif
+#if fts5YY_SHIFT_MAX+fts5YYWILDCARD>=fts5YY_ACTTAB_COUNT
+            j<fts5YY_ACTTAB_COUNT &&
+#endif
+            fts5yy_lookahead[j]==fts5YYWILDCARD
+          ){
+#ifndef NDEBUG
+            if( fts5yyTraceFILE ){
+              fprintf(fts5yyTraceFILE, "%sWILDCARD %s => %s\n",
+                 fts5yyTracePrompt, fts5yyTokenName[iLookAhead],
+                 fts5yyTokenName[fts5YYWILDCARD]);
+            }
+#endif /* NDEBUG */
+            return fts5yy_action[j];
+          }
+        }
+#endif /* fts5YYWILDCARD */
+      }
+      return fts5yy_default[stateno];
+    }else{
+      return fts5yy_action[i];
+    }
+  }while(1);
+}
+
+/*
+** Find the appropriate action for a parser given the non-terminal
+** look-ahead token iLookAhead.
+*/
+static int fts5yy_find_reduce_action(
+  int stateno,              /* Current state number */
+  fts5YYCODETYPE iLookAhead     /* The look-ahead token */
+){
+  int i;
+#ifdef fts5YYERRORSYMBOL
+  if( stateno>fts5YY_REDUCE_COUNT ){
+    return fts5yy_default[stateno];
+  }
+#else
+  assert( stateno<=fts5YY_REDUCE_COUNT );
+#endif
+  i = fts5yy_reduce_ofst[stateno];
+  assert( i!=fts5YY_REDUCE_USE_DFLT );
+  assert( iLookAhead!=fts5YYNOCODE );
+  i += iLookAhead;
+#ifdef fts5YYERRORSYMBOL
+  if( i<0 || i>=fts5YY_ACTTAB_COUNT || fts5yy_lookahead[i]!=iLookAhead ){
+    return fts5yy_default[stateno];
+  }
+#else
+  assert( i>=0 && i<fts5YY_ACTTAB_COUNT );
+  assert( fts5yy_lookahead[i]==iLookAhead );
+#endif
+  return fts5yy_action[i];
+}
+
+/*
+** The following routine is called if the stack overflows.
+*/
+static void fts5yyStackOverflow(fts5yyParser *fts5yypParser, fts5YYMINORTYPE *fts5yypMinor){
+   sqlite3Fts5ParserARG_FETCH;
+   fts5yypParser->fts5yyidx--;
+#ifndef NDEBUG
+   if( fts5yyTraceFILE ){
+     fprintf(fts5yyTraceFILE,"%sStack Overflow!\n",fts5yyTracePrompt);
+   }
+#endif
+   while( fts5yypParser->fts5yyidx>=0 ) fts5yy_pop_parser_stack(fts5yypParser);
+   /* Here code is inserted which will execute if the parser
+   ** stack every overflows */
+/******** Begin %stack_overflow code ******************************************/
+
+  assert( 0 );
+/******** End %stack_overflow code ********************************************/
+   sqlite3Fts5ParserARG_STORE; /* Suppress warning about unused %extra_argument var */
+}
+
+/*
+** Print tracing information for a SHIFT action
+*/
+#ifndef NDEBUG
+static void fts5yyTraceShift(fts5yyParser *fts5yypParser, int fts5yyNewState){
+  if( fts5yyTraceFILE ){
+    if( fts5yyNewState<fts5YYNSTATE ){
+      fprintf(fts5yyTraceFILE,"%sShift '%s', go to state %d\n",
+         fts5yyTracePrompt,fts5yyTokenName[fts5yypParser->fts5yystack[fts5yypParser->fts5yyidx].major],
+         fts5yyNewState);
+    }else{
+      fprintf(fts5yyTraceFILE,"%sShift '%s'\n",
+         fts5yyTracePrompt,fts5yyTokenName[fts5yypParser->fts5yystack[fts5yypParser->fts5yyidx].major]);
+    }
+  }
+}
+#else
+# define fts5yyTraceShift(X,Y)
+#endif
+
+/*
+** Perform a shift action.
+*/
+static void fts5yy_shift(
+  fts5yyParser *fts5yypParser,          /* The parser to be shifted */
+  int fts5yyNewState,               /* The new state to shift in */
+  int fts5yyMajor,                  /* The major token to shift in */
+  fts5YYMINORTYPE *fts5yypMinor         /* Pointer to the minor token to shift in */
+){
+  fts5yyStackEntry *fts5yytos;
+  fts5yypParser->fts5yyidx++;
+#ifdef fts5YYTRACKMAXSTACKDEPTH
+  if( fts5yypParser->fts5yyidx>fts5yypParser->fts5yyidxMax ){
+    fts5yypParser->fts5yyidxMax = fts5yypParser->fts5yyidx;
+  }
+#endif
+#if fts5YYSTACKDEPTH>0 
+  if( fts5yypParser->fts5yyidx>=fts5YYSTACKDEPTH ){
+    fts5yyStackOverflow(fts5yypParser, fts5yypMinor);
+    return;
+  }
+#else
+  if( fts5yypParser->fts5yyidx>=fts5yypParser->fts5yystksz ){
+    fts5yyGrowStack(fts5yypParser);
+    if( fts5yypParser->fts5yyidx>=fts5yypParser->fts5yystksz ){
+      fts5yyStackOverflow(fts5yypParser, fts5yypMinor);
+      return;
+    }
+  }
+#endif
+  fts5yytos = &fts5yypParser->fts5yystack[fts5yypParser->fts5yyidx];
+  fts5yytos->stateno = (fts5YYACTIONTYPE)fts5yyNewState;
+  fts5yytos->major = (fts5YYCODETYPE)fts5yyMajor;
+  fts5yytos->minor = *fts5yypMinor;
+  fts5yyTraceShift(fts5yypParser, fts5yyNewState);
+}
+
+/* The following table contains information about every rule that
+** is used during the reduce.
+*/
+static const struct {
+  fts5YYCODETYPE lhs;         /* Symbol on the left-hand side of the rule */
+  unsigned char nrhs;     /* Number of right-hand side symbols in the rule */
+} fts5yyRuleInfo[] = {
+  { 15, 1 },
+  { 16, 3 },
+  { 16, 3 },
+  { 16, 3 },
+  { 16, 3 },
+  { 16, 1 },
+  { 18, 1 },
+  { 18, 2 },
+  { 17, 1 },
+  { 17, 3 },
+  { 20, 3 },
+  { 20, 1 },
+  { 21, 2 },
+  { 21, 1 },
+  { 19, 1 },
+  { 19, 5 },
+  { 22, 1 },
+  { 22, 2 },
+  { 24, 0 },
+  { 24, 2 },
+  { 23, 4 },
+  { 23, 2 },
+  { 25, 1 },
+  { 25, 0 },
+};
+
+static void fts5yy_accept(fts5yyParser*);  /* Forward Declaration */
+
+/*
+** Perform a reduce action and the shift that must immediately
+** follow the reduce.
+*/
+static void fts5yy_reduce(
+  fts5yyParser *fts5yypParser,         /* The parser */
+  int fts5yyruleno                 /* Number of the rule by which to reduce */
+){
+  int fts5yygoto;                     /* The next state */
+  int fts5yyact;                      /* The next action */
+  fts5YYMINORTYPE fts5yygotominor;        /* The LHS of the rule reduced */
+  fts5yyStackEntry *fts5yymsp;            /* The top of the parser's stack */
+  int fts5yysize;                     /* Amount to pop the stack */
+  sqlite3Fts5ParserARG_FETCH;
+  fts5yymsp = &fts5yypParser->fts5yystack[fts5yypParser->fts5yyidx];
+#ifndef NDEBUG
+  if( fts5yyTraceFILE && fts5yyruleno>=0 
+        && fts5yyruleno<(int)(sizeof(fts5yyRuleName)/sizeof(fts5yyRuleName[0])) ){
+    fts5yysize = fts5yyRuleInfo[fts5yyruleno].nrhs;
+    fprintf(fts5yyTraceFILE, "%sReduce [%s], go to state %d.\n", fts5yyTracePrompt,
+      fts5yyRuleName[fts5yyruleno], fts5yymsp[-fts5yysize].stateno);
+  }
+#endif /* NDEBUG */
+  fts5yygotominor = fts5yyzerominor;
+
+  switch( fts5yyruleno ){
+  /* Beginning here are the reduction cases.  A typical example
+  ** follows:
+  **   case 0:
+  **  #line <lineno> <grammarfile>
+  **     { ... }           // User supplied code
+  **  #line <lineno> <thisfile>
+  **     break;
+  */
+/********** Begin reduce actions **********************************************/
+      case 0: /* input ::= expr */
+{ sqlite3Fts5ParseFinished(pParse, fts5yymsp[0].minor.fts5yy18); }
+        break;
+      case 1: /* expr ::= expr AND expr */
+{
+  fts5yygotominor.fts5yy18 = sqlite3Fts5ParseNode(pParse, FTS5_AND, fts5yymsp[-2].minor.fts5yy18, fts5yymsp[0].minor.fts5yy18, 0);
+}
+        break;
+      case 2: /* expr ::= expr OR expr */
+{
+  fts5yygotominor.fts5yy18 = sqlite3Fts5ParseNode(pParse, FTS5_OR, fts5yymsp[-2].minor.fts5yy18, fts5yymsp[0].minor.fts5yy18, 0);
+}
+        break;
+      case 3: /* expr ::= expr NOT expr */
+{
+  fts5yygotominor.fts5yy18 = sqlite3Fts5ParseNode(pParse, FTS5_NOT, fts5yymsp[-2].minor.fts5yy18, fts5yymsp[0].minor.fts5yy18, 0);
+}
+        break;
+      case 4: /* expr ::= LP expr RP */
+{fts5yygotominor.fts5yy18 = fts5yymsp[-1].minor.fts5yy18;}
+        break;
+      case 5: /* expr ::= exprlist */
+      case 6: /* exprlist ::= cnearset */ fts5yytestcase(fts5yyruleno==6);
+{fts5yygotominor.fts5yy18 = fts5yymsp[0].minor.fts5yy18;}
+        break;
+      case 7: /* exprlist ::= exprlist cnearset */
+{
+  fts5yygotominor.fts5yy18 = sqlite3Fts5ParseNode(pParse, FTS5_AND, fts5yymsp[-1].minor.fts5yy18, fts5yymsp[0].minor.fts5yy18, 0);
+}
+        break;
+      case 8: /* cnearset ::= nearset */
+{ 
+  fts5yygotominor.fts5yy18 = sqlite3Fts5ParseNode(pParse, FTS5_STRING, 0, 0, fts5yymsp[0].minor.fts5yy26); 
+}
+        break;
+      case 9: /* cnearset ::= colset COLON nearset */
+{ 
+  sqlite3Fts5ParseSetColset(pParse, fts5yymsp[0].minor.fts5yy26, fts5yymsp[-2].minor.fts5yy3);
+  fts5yygotominor.fts5yy18 = sqlite3Fts5ParseNode(pParse, FTS5_STRING, 0, 0, fts5yymsp[0].minor.fts5yy26); 
+}
+        break;
+      case 10: /* colset ::= LCP colsetlist RCP */
+{ fts5yygotominor.fts5yy3 = fts5yymsp[-1].minor.fts5yy3; }
+        break;
+      case 11: /* colset ::= STRING */
+{
+  fts5yygotominor.fts5yy3 = sqlite3Fts5ParseColset(pParse, 0, &fts5yymsp[0].minor.fts5yy0);
+}
+        break;
+      case 12: /* colsetlist ::= colsetlist STRING */
+{ 
+  fts5yygotominor.fts5yy3 = sqlite3Fts5ParseColset(pParse, fts5yymsp[-1].minor.fts5yy3, &fts5yymsp[0].minor.fts5yy0); }
+        break;
+      case 13: /* colsetlist ::= STRING */
+{ 
+  fts5yygotominor.fts5yy3 = sqlite3Fts5ParseColset(pParse, 0, &fts5yymsp[0].minor.fts5yy0); 
+}
+        break;
+      case 14: /* nearset ::= phrase */
+{ fts5yygotominor.fts5yy26 = sqlite3Fts5ParseNearset(pParse, 0, fts5yymsp[0].minor.fts5yy11); }
+        break;
+      case 15: /* nearset ::= STRING LP nearphrases neardist_opt RP */
+{
+  sqlite3Fts5ParseNear(pParse, &fts5yymsp[-4].minor.fts5yy0);
+  sqlite3Fts5ParseSetDistance(pParse, fts5yymsp[-2].minor.fts5yy26, &fts5yymsp[-1].minor.fts5yy0);
+  fts5yygotominor.fts5yy26 = fts5yymsp[-2].minor.fts5yy26;
+}
+        break;
+      case 16: /* nearphrases ::= phrase */
+{ 
+  fts5yygotominor.fts5yy26 = sqlite3Fts5ParseNearset(pParse, 0, fts5yymsp[0].minor.fts5yy11); 
+}
+        break;
+      case 17: /* nearphrases ::= nearphrases phrase */
+{
+  fts5yygotominor.fts5yy26 = sqlite3Fts5ParseNearset(pParse, fts5yymsp[-1].minor.fts5yy26, fts5yymsp[0].minor.fts5yy11);
+}
+        break;
+      case 18: /* neardist_opt ::= */
+{ fts5yygotominor.fts5yy0.p = 0; fts5yygotominor.fts5yy0.n = 0; }
+        break;
+      case 19: /* neardist_opt ::= COMMA STRING */
+{ fts5yygotominor.fts5yy0 = fts5yymsp[0].minor.fts5yy0; }
+        break;
+      case 20: /* phrase ::= phrase PLUS STRING star_opt */
+{ 
+  fts5yygotominor.fts5yy11 = sqlite3Fts5ParseTerm(pParse, fts5yymsp[-3].minor.fts5yy11, &fts5yymsp[-1].minor.fts5yy0, fts5yymsp[0].minor.fts5yy20);
+}
+        break;
+      case 21: /* phrase ::= STRING star_opt */
+{ 
+  fts5yygotominor.fts5yy11 = sqlite3Fts5ParseTerm(pParse, 0, &fts5yymsp[-1].minor.fts5yy0, fts5yymsp[0].minor.fts5yy20);
+}
+        break;
+      case 22: /* star_opt ::= STAR */
+{ fts5yygotominor.fts5yy20 = 1; }
+        break;
+      case 23: /* star_opt ::= */
+{ fts5yygotominor.fts5yy20 = 0; }
+        break;
+      default:
+        break;
+/********** End reduce actions ************************************************/
+  };
+  assert( fts5yyruleno>=0 && fts5yyruleno<sizeof(fts5yyRuleInfo)/sizeof(fts5yyRuleInfo[0]) );
+  fts5yygoto = fts5yyRuleInfo[fts5yyruleno].lhs;
+  fts5yysize = fts5yyRuleInfo[fts5yyruleno].nrhs;
+  fts5yypParser->fts5yyidx -= fts5yysize;
+  fts5yyact = fts5yy_find_reduce_action(fts5yymsp[-fts5yysize].stateno,(fts5YYCODETYPE)fts5yygoto);
+  if( fts5yyact <= fts5YY_MAX_SHIFTREDUCE ){
+    if( fts5yyact>fts5YY_MAX_SHIFT ) fts5yyact += fts5YY_MIN_REDUCE - fts5YY_MIN_SHIFTREDUCE;
+    /* If the reduce action popped at least
+    ** one element off the stack, then we can push the new element back
+    ** onto the stack here, and skip the stack overflow test in fts5yy_shift().
+    ** That gives a significant speed improvement. */
+    if( fts5yysize ){
+      fts5yypParser->fts5yyidx++;
+      fts5yymsp -= fts5yysize-1;
+      fts5yymsp->stateno = (fts5YYACTIONTYPE)fts5yyact;
+      fts5yymsp->major = (fts5YYCODETYPE)fts5yygoto;
+      fts5yymsp->minor = fts5yygotominor;
+      fts5yyTraceShift(fts5yypParser, fts5yyact);
+    }else{
+      fts5yy_shift(fts5yypParser,fts5yyact,fts5yygoto,&fts5yygotominor);
+    }
+  }else{
+    assert( fts5yyact == fts5YY_ACCEPT_ACTION );
+    fts5yy_accept(fts5yypParser);
+  }
+}
+
+/*
+** The following code executes when the parse fails
+*/
+#ifndef fts5YYNOERRORRECOVERY
+static void fts5yy_parse_failed(
+  fts5yyParser *fts5yypParser           /* The parser */
+){
+  sqlite3Fts5ParserARG_FETCH;
+#ifndef NDEBUG
+  if( fts5yyTraceFILE ){
+    fprintf(fts5yyTraceFILE,"%sFail!\n",fts5yyTracePrompt);
+  }
+#endif
+  while( fts5yypParser->fts5yyidx>=0 ) fts5yy_pop_parser_stack(fts5yypParser);
+  /* Here code is inserted which will be executed whenever the
+  ** parser fails */
+/************ Begin %parse_failure code ***************************************/
+/************ End %parse_failure code *****************************************/
+  sqlite3Fts5ParserARG_STORE; /* Suppress warning about unused %extra_argument variable */
+}
+#endif /* fts5YYNOERRORRECOVERY */
+
+/*
+** The following code executes when a syntax error first occurs.
+*/
+static void fts5yy_syntax_error(
+  fts5yyParser *fts5yypParser,           /* The parser */
+  int fts5yymajor,                   /* The major type of the error token */
+  fts5YYMINORTYPE fts5yyminor            /* The minor type of the error token */
+){
+  sqlite3Fts5ParserARG_FETCH;
+#define FTS5TOKEN (fts5yyminor.fts5yy0)
+/************ Begin %syntax_error code ****************************************/
+
+  sqlite3Fts5ParseError(
+    pParse, "fts5: syntax error near \"%.*s\"",FTS5TOKEN.n,FTS5TOKEN.p
+  );
+/************ End %syntax_error code ******************************************/
+  sqlite3Fts5ParserARG_STORE; /* Suppress warning about unused %extra_argument variable */
+}
+
+/*
+** The following is executed when the parser accepts
+*/
+static void fts5yy_accept(
+  fts5yyParser *fts5yypParser           /* The parser */
+){
+  sqlite3Fts5ParserARG_FETCH;
+#ifndef NDEBUG
+  if( fts5yyTraceFILE ){
+    fprintf(fts5yyTraceFILE,"%sAccept!\n",fts5yyTracePrompt);
+  }
+#endif
+  while( fts5yypParser->fts5yyidx>=0 ) fts5yy_pop_parser_stack(fts5yypParser);
+  /* Here code is inserted which will be executed whenever the
+  ** parser accepts */
+/*********** Begin %parse_accept code *****************************************/
+/*********** End %parse_accept code *******************************************/
+  sqlite3Fts5ParserARG_STORE; /* Suppress warning about unused %extra_argument variable */
+}
+
+/* The main parser program.
+** The first argument is a pointer to a structure obtained from
+** "sqlite3Fts5ParserAlloc" which describes the current state of the parser.
+** The second argument is the major token number.  The third is
+** the minor token.  The fourth optional argument is whatever the
+** user wants (and specified in the grammar) and is available for
+** use by the action routines.
+**
+** Inputs:
+** <ul>
+** <li> A pointer to the parser (an opaque structure.)
+** <li> The major token number.
+** <li> The minor token number.
+** <li> An option argument of a grammar-specified type.
+** </ul>
+**
+** Outputs:
+** None.
+*/
+static void sqlite3Fts5Parser(
+  void *fts5yyp,                   /* The parser */
+  int fts5yymajor,                 /* The major token code number */
+  sqlite3Fts5ParserFTS5TOKENTYPE fts5yyminor       /* The value for the token */
+  sqlite3Fts5ParserARG_PDECL               /* Optional %extra_argument parameter */
+){
+  fts5YYMINORTYPE fts5yyminorunion;
+  int fts5yyact;            /* The parser action. */
+#if !defined(fts5YYERRORSYMBOL) && !defined(fts5YYNOERRORRECOVERY)
+  int fts5yyendofinput;     /* True if we are at the end of input */
+#endif
+#ifdef fts5YYERRORSYMBOL
+  int fts5yyerrorhit = 0;   /* True if fts5yymajor has invoked an error */
+#endif
+  fts5yyParser *fts5yypParser;  /* The parser */
+
+  /* (re)initialize the parser, if necessary */
+  fts5yypParser = (fts5yyParser*)fts5yyp;
+  if( fts5yypParser->fts5yyidx<0 ){
+#if fts5YYSTACKDEPTH<=0
+    if( fts5yypParser->fts5yystksz <=0 ){
+      /*memset(&fts5yyminorunion, 0, sizeof(fts5yyminorunion));*/
+      fts5yyminorunion = fts5yyzerominor;
+      fts5yyStackOverflow(fts5yypParser, &fts5yyminorunion);
+      return;
+    }
+#endif
+    fts5yypParser->fts5yyidx = 0;
+    fts5yypParser->fts5yyerrcnt = -1;
+    fts5yypParser->fts5yystack[0].stateno = 0;
+    fts5yypParser->fts5yystack[0].major = 0;
+#ifndef NDEBUG
+    if( fts5yyTraceFILE ){
+      fprintf(fts5yyTraceFILE,"%sInitialize. Empty stack. State 0\n",
+              fts5yyTracePrompt);
+    }
+#endif
+  }
+  fts5yyminorunion.fts5yy0 = fts5yyminor;
+#if !defined(fts5YYERRORSYMBOL) && !defined(fts5YYNOERRORRECOVERY)
+  fts5yyendofinput = (fts5yymajor==0);
+#endif
+  sqlite3Fts5ParserARG_STORE;
+
+#ifndef NDEBUG
+  if( fts5yyTraceFILE ){
+    fprintf(fts5yyTraceFILE,"%sInput '%s'\n",fts5yyTracePrompt,fts5yyTokenName[fts5yymajor]);
+  }
+#endif
+
+  do{
+    fts5yyact = fts5yy_find_shift_action(fts5yypParser,(fts5YYCODETYPE)fts5yymajor);
+    if( fts5yyact <= fts5YY_MAX_SHIFTREDUCE ){
+      if( fts5yyact > fts5YY_MAX_SHIFT ) fts5yyact += fts5YY_MIN_REDUCE - fts5YY_MIN_SHIFTREDUCE;
+      fts5yy_shift(fts5yypParser,fts5yyact,fts5yymajor,&fts5yyminorunion);
+      fts5yypParser->fts5yyerrcnt--;
+      fts5yymajor = fts5YYNOCODE;
+    }else if( fts5yyact <= fts5YY_MAX_REDUCE ){
+      fts5yy_reduce(fts5yypParser,fts5yyact-fts5YY_MIN_REDUCE);
+    }else{
+      assert( fts5yyact == fts5YY_ERROR_ACTION );
+#ifdef fts5YYERRORSYMBOL
+      int fts5yymx;
+#endif
+#ifndef NDEBUG
+      if( fts5yyTraceFILE ){
+        fprintf(fts5yyTraceFILE,"%sSyntax Error!\n",fts5yyTracePrompt);
+      }
+#endif
+#ifdef fts5YYERRORSYMBOL
+      /* A syntax error has occurred.
+      ** The response to an error depends upon whether or not the
+      ** grammar defines an error token "ERROR".  
+      **
+      ** This is what we do if the grammar does define ERROR:
+      **
+      **  * Call the %syntax_error function.
+      **
+      **  * Begin popping the stack until we enter a state where
+      **    it is legal to shift the error symbol, then shift
+      **    the error symbol.
+      **
+      **  * Set the error count to three.
+      **
+      **  * Begin accepting and shifting new tokens.  No new error
+      **    processing will occur until three tokens have been
+      **    shifted successfully.
+      **
+      */
+      if( fts5yypParser->fts5yyerrcnt<0 ){
+        fts5yy_syntax_error(fts5yypParser,fts5yymajor,fts5yyminorunion);
+      }
+      fts5yymx = fts5yypParser->fts5yystack[fts5yypParser->fts5yyidx].major;
+      if( fts5yymx==fts5YYERRORSYMBOL || fts5yyerrorhit ){
+#ifndef NDEBUG
+        if( fts5yyTraceFILE ){
+          fprintf(fts5yyTraceFILE,"%sDiscard input token %s\n",
+             fts5yyTracePrompt,fts5yyTokenName[fts5yymajor]);
+        }
+#endif
+        fts5yy_destructor(fts5yypParser, (fts5YYCODETYPE)fts5yymajor,&fts5yyminorunion);
+        fts5yymajor = fts5YYNOCODE;
+      }else{
+         while(
+          fts5yypParser->fts5yyidx >= 0 &&
+          fts5yymx != fts5YYERRORSYMBOL &&
+          (fts5yyact = fts5yy_find_reduce_action(
+                        fts5yypParser->fts5yystack[fts5yypParser->fts5yyidx].stateno,
+                        fts5YYERRORSYMBOL)) >= fts5YY_MIN_REDUCE
+        ){
+          fts5yy_pop_parser_stack(fts5yypParser);
+        }
+        if( fts5yypParser->fts5yyidx < 0 || fts5yymajor==0 ){
+          fts5yy_destructor(fts5yypParser,(fts5YYCODETYPE)fts5yymajor,&fts5yyminorunion);
+          fts5yy_parse_failed(fts5yypParser);
+          fts5yymajor = fts5YYNOCODE;
+        }else if( fts5yymx!=fts5YYERRORSYMBOL ){
+          fts5YYMINORTYPE u2;
+          u2.fts5YYERRSYMDT = 0;
+          fts5yy_shift(fts5yypParser,fts5yyact,fts5YYERRORSYMBOL,&u2);
+        }
+      }
+      fts5yypParser->fts5yyerrcnt = 3;
+      fts5yyerrorhit = 1;
+#elif defined(fts5YYNOERRORRECOVERY)
+      /* If the fts5YYNOERRORRECOVERY macro is defined, then do not attempt to
+      ** do any kind of error recovery.  Instead, simply invoke the syntax
+      ** error routine and continue going as if nothing had happened.
+      **
+      ** Applications can set this macro (for example inside %include) if
+      ** they intend to abandon the parse upon the first syntax error seen.
+      */
+      fts5yy_syntax_error(fts5yypParser,fts5yymajor,fts5yyminorunion);
+      fts5yy_destructor(fts5yypParser,(fts5YYCODETYPE)fts5yymajor,&fts5yyminorunion);
+      fts5yymajor = fts5YYNOCODE;
+      
+#else  /* fts5YYERRORSYMBOL is not defined */
+      /* This is what we do if the grammar does not define ERROR:
+      **
+      **  * Report an error message, and throw away the input token.
+      **
+      **  * If the input token is $, then fail the parse.
+      **
+      ** As before, subsequent error messages are suppressed until
+      ** three input tokens have been successfully shifted.
+      */
+      if( fts5yypParser->fts5yyerrcnt<=0 ){
+        fts5yy_syntax_error(fts5yypParser,fts5yymajor,fts5yyminorunion);
+      }
+      fts5yypParser->fts5yyerrcnt = 3;
+      fts5yy_destructor(fts5yypParser,(fts5YYCODETYPE)fts5yymajor,&fts5yyminorunion);
+      if( fts5yyendofinput ){
+        fts5yy_parse_failed(fts5yypParser);
+      }
+      fts5yymajor = fts5YYNOCODE;
+#endif
+    }
+  }while( fts5yymajor!=fts5YYNOCODE && fts5yypParser->fts5yyidx>=0 );
+#ifndef NDEBUG
+  if( fts5yyTraceFILE ){
+    int i;
+    fprintf(fts5yyTraceFILE,"%sReturn. Stack=",fts5yyTracePrompt);
+    for(i=1; i<=fts5yypParser->fts5yyidx; i++)
+      fprintf(fts5yyTraceFILE,"%c%s", i==1 ? '[' : ' ', 
+              fts5yyTokenName[fts5yypParser->fts5yystack[i].major]);
+    fprintf(fts5yyTraceFILE,"]\n");
+  }
+#endif
+  return;
+}
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+*/
+
+
+/* #include "fts5Int.h" */
+#include <math.h>                 /* amalgamator: keep */
+
+/*
+** Object used to iterate through all "coalesced phrase instances" in 
+** a single column of the current row. If the phrase instances in the
+** column being considered do not overlap, this object simply iterates
+** through them. Or, if they do overlap (share one or more tokens in
+** common), each set of overlapping instances is treated as a single
+** match. See documentation for the highlight() auxiliary function for
+** details.
+**
+** Usage is:
+**
+**   for(rc = fts5CInstIterNext(pApi, pFts, iCol, &iter);
+**      (rc==SQLITE_OK && 0==fts5CInstIterEof(&iter);
+**      rc = fts5CInstIterNext(&iter)
+**   ){
+**     printf("instance starts at %d, ends at %d\n", iter.iStart, iter.iEnd);
+**   }
+**
+*/
+typedef struct CInstIter CInstIter;
+struct CInstIter {
+  const Fts5ExtensionApi *pApi;   /* API offered by current FTS version */
+  Fts5Context *pFts;              /* First arg to pass to pApi functions */
+  int iCol;                       /* Column to search */
+  int iInst;                      /* Next phrase instance index */
+  int nInst;                      /* Total number of phrase instances */
+
+  /* Output variables */
+  int iStart;                     /* First token in coalesced phrase instance */
+  int iEnd;                       /* Last token in coalesced phrase instance */
+};
+
+/*
+** Advance the iterator to the next coalesced phrase instance. Return
+** an SQLite error code if an error occurs, or SQLITE_OK otherwise.
+*/
+static int fts5CInstIterNext(CInstIter *pIter){
+  int rc = SQLITE_OK;
+  pIter->iStart = -1;
+  pIter->iEnd = -1;
+
+  while( rc==SQLITE_OK && pIter->iInst<pIter->nInst ){
+    int ip; int ic; int io;
+    rc = pIter->pApi->xInst(pIter->pFts, pIter->iInst, &ip, &ic, &io);
+    if( rc==SQLITE_OK ){
+      if( ic==pIter->iCol ){
+        int iEnd = io - 1 + pIter->pApi->xPhraseSize(pIter->pFts, ip);
+        if( pIter->iStart<0 ){
+          pIter->iStart = io;
+          pIter->iEnd = iEnd;
+        }else if( io<=pIter->iEnd ){
+          if( iEnd>pIter->iEnd ) pIter->iEnd = iEnd;
+        }else{
+          break;
+        }
+      }
+      pIter->iInst++;
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Initialize the iterator object indicated by the final parameter to 
+** iterate through coalesced phrase instances in column iCol.
+*/
+static int fts5CInstIterInit(
+  const Fts5ExtensionApi *pApi,
+  Fts5Context *pFts,
+  int iCol,
+  CInstIter *pIter
+){
+  int rc;
+
+  memset(pIter, 0, sizeof(CInstIter));
+  pIter->pApi = pApi;
+  pIter->pFts = pFts;
+  pIter->iCol = iCol;
+  rc = pApi->xInstCount(pFts, &pIter->nInst);
+
+  if( rc==SQLITE_OK ){
+    rc = fts5CInstIterNext(pIter);
+  }
+
+  return rc;
+}
+
+
+
+/*************************************************************************
+** Start of highlight() implementation.
+*/
+typedef struct HighlightContext HighlightContext;
+struct HighlightContext {
+  CInstIter iter;                 /* Coalesced Instance Iterator */
+  int iPos;                       /* Current token offset in zIn[] */
+  int iRangeStart;                /* First token to include */
+  int iRangeEnd;                  /* If non-zero, last token to include */
+  const char *zOpen;              /* Opening highlight */
+  const char *zClose;             /* Closing highlight */
+  const char *zIn;                /* Input text */
+  int nIn;                        /* Size of input text in bytes */
+  int iOff;                       /* Current offset within zIn[] */
+  char *zOut;                     /* Output value */
+};
+
+/*
+** Append text to the HighlightContext output string - p->zOut. Argument
+** z points to a buffer containing n bytes of text to append. If n is 
+** negative, everything up until the first '\0' is appended to the output.
+**
+** If *pRc is set to any value other than SQLITE_OK when this function is 
+** called, it is a no-op. If an error (i.e. an OOM condition) is encountered, 
+** *pRc is set to an error code before returning. 
+*/
+static void fts5HighlightAppend(
+  int *pRc, 
+  HighlightContext *p, 
+  const char *z, int n
+){
+  if( *pRc==SQLITE_OK ){
+    if( n<0 ) n = (int)strlen(z);
+    p->zOut = sqlite3_mprintf("%z%.*s", p->zOut, n, z);
+    if( p->zOut==0 ) *pRc = SQLITE_NOMEM;
+  }
+}
+
+/*
+** Tokenizer callback used by implementation of highlight() function.
+*/
+static int fts5HighlightCb(
+  void *pContext,                 /* Pointer to HighlightContext object */
+  int tflags,                     /* Mask of FTS5_TOKEN_* flags */
+  const char *pToken,             /* Buffer containing token */
+  int nToken,                     /* Size of token in bytes */
+  int iStartOff,                  /* Start offset of token */
+  int iEndOff                     /* End offset of token */
+){
+  HighlightContext *p = (HighlightContext*)pContext;
+  int rc = SQLITE_OK;
+  int iPos;
+
+  if( tflags & FTS5_TOKEN_COLOCATED ) return SQLITE_OK;
+  iPos = p->iPos++;
+
+  if( p->iRangeEnd>0 ){
+    if( iPos<p->iRangeStart || iPos>p->iRangeEnd ) return SQLITE_OK;
+    if( p->iRangeStart && iPos==p->iRangeStart ) p->iOff = iStartOff;
+  }
+
+  if( iPos==p->iter.iStart ){
+    fts5HighlightAppend(&rc, p, &p->zIn[p->iOff], iStartOff - p->iOff);
+    fts5HighlightAppend(&rc, p, p->zOpen, -1);
+    p->iOff = iStartOff;
+  }
+
+  if( iPos==p->iter.iEnd ){
+    if( p->iRangeEnd && p->iter.iStart<p->iRangeStart ){
+      fts5HighlightAppend(&rc, p, p->zOpen, -1);
+    }
+    fts5HighlightAppend(&rc, p, &p->zIn[p->iOff], iEndOff - p->iOff);
+    fts5HighlightAppend(&rc, p, p->zClose, -1);
+    p->iOff = iEndOff;
+    if( rc==SQLITE_OK ){
+      rc = fts5CInstIterNext(&p->iter);
+    }
+  }
+
+  if( p->iRangeEnd>0 && iPos==p->iRangeEnd ){
+    fts5HighlightAppend(&rc, p, &p->zIn[p->iOff], iEndOff - p->iOff);
+    p->iOff = iEndOff;
+    if( iPos<p->iter.iEnd ){
+      fts5HighlightAppend(&rc, p, p->zClose, -1);
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Implementation of highlight() function.
+*/
+static void fts5HighlightFunction(
+  const Fts5ExtensionApi *pApi,   /* API offered by current FTS version */
+  Fts5Context *pFts,              /* First arg to pass to pApi functions */
+  sqlite3_context *pCtx,          /* Context for returning result/error */
+  int nVal,                       /* Number of values in apVal[] array */
+  sqlite3_value **apVal           /* Array of trailing arguments */
+){
+  HighlightContext ctx;
+  int rc;
+  int iCol;
+
+  if( nVal!=3 ){
+    const char *zErr = "wrong number of arguments to function highlight()";
+    sqlite3_result_error(pCtx, zErr, -1);
+    return;
+  }
+
+  iCol = sqlite3_value_int(apVal[0]);
+  memset(&ctx, 0, sizeof(HighlightContext));
+  ctx.zOpen = (const char*)sqlite3_value_text(apVal[1]);
+  ctx.zClose = (const char*)sqlite3_value_text(apVal[2]);
+  rc = pApi->xColumnText(pFts, iCol, &ctx.zIn, &ctx.nIn);
+
+  if( ctx.zIn ){
+    if( rc==SQLITE_OK ){
+      rc = fts5CInstIterInit(pApi, pFts, iCol, &ctx.iter);
+    }
+
+    if( rc==SQLITE_OK ){
+      rc = pApi->xTokenize(pFts, ctx.zIn, ctx.nIn, (void*)&ctx,fts5HighlightCb);
+    }
+    fts5HighlightAppend(&rc, &ctx, &ctx.zIn[ctx.iOff], ctx.nIn - ctx.iOff);
+
+    if( rc==SQLITE_OK ){
+      sqlite3_result_text(pCtx, (const char*)ctx.zOut, -1, SQLITE_TRANSIENT);
+    }
+    sqlite3_free(ctx.zOut);
+  }
+  if( rc!=SQLITE_OK ){
+    sqlite3_result_error_code(pCtx, rc);
+  }
+}
+/*
+** End of highlight() implementation.
+**************************************************************************/
+
+/*
+** Implementation of snippet() function.
+*/
+static void fts5SnippetFunction(
+  const Fts5ExtensionApi *pApi,   /* API offered by current FTS version */
+  Fts5Context *pFts,              /* First arg to pass to pApi functions */
+  sqlite3_context *pCtx,          /* Context for returning result/error */
+  int nVal,                       /* Number of values in apVal[] array */
+  sqlite3_value **apVal           /* Array of trailing arguments */
+){
+  HighlightContext ctx;
+  int rc = SQLITE_OK;             /* Return code */
+  int iCol;                       /* 1st argument to snippet() */
+  const char *zEllips;            /* 4th argument to snippet() */
+  int nToken;                     /* 5th argument to snippet() */
+  int nInst = 0;                  /* Number of instance matches this row */
+  int i;                          /* Used to iterate through instances */
+  int nPhrase;                    /* Number of phrases in query */
+  unsigned char *aSeen;           /* Array of "seen instance" flags */
+  int iBestCol;                   /* Column containing best snippet */
+  int iBestStart = 0;             /* First token of best snippet */
+  int iBestLast;                  /* Last token of best snippet */
+  int nBestScore = 0;             /* Score of best snippet */
+  int nColSize = 0;               /* Total size of iBestCol in tokens */
+
+  if( nVal!=5 ){
+    const char *zErr = "wrong number of arguments to function snippet()";
+    sqlite3_result_error(pCtx, zErr, -1);
+    return;
+  }
+
+  memset(&ctx, 0, sizeof(HighlightContext));
+  iCol = sqlite3_value_int(apVal[0]);
+  ctx.zOpen = (const char*)sqlite3_value_text(apVal[1]);
+  ctx.zClose = (const char*)sqlite3_value_text(apVal[2]);
+  zEllips = (const char*)sqlite3_value_text(apVal[3]);
+  nToken = sqlite3_value_int(apVal[4]);
+  iBestLast = nToken-1;
+
+  iBestCol = (iCol>=0 ? iCol : 0);
+  nPhrase = pApi->xPhraseCount(pFts);
+  aSeen = sqlite3_malloc(nPhrase);
+  if( aSeen==0 ){
+    rc = SQLITE_NOMEM;
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = pApi->xInstCount(pFts, &nInst);
+  }
+  for(i=0; rc==SQLITE_OK && i<nInst; i++){
+    int ip, iSnippetCol, iStart;
+    memset(aSeen, 0, nPhrase);
+    rc = pApi->xInst(pFts, i, &ip, &iSnippetCol, &iStart);
+    if( rc==SQLITE_OK && (iCol<0 || iSnippetCol==iCol) ){
+      int nScore = 1000;
+      int iLast = iStart - 1 + pApi->xPhraseSize(pFts, ip);
+      int j;
+      aSeen[ip] = 1;
+
+      for(j=i+1; rc==SQLITE_OK && j<nInst; j++){
+        int ic; int io; int iFinal;
+        rc = pApi->xInst(pFts, j, &ip, &ic, &io);
+        iFinal = io + pApi->xPhraseSize(pFts, ip) - 1;
+        if( rc==SQLITE_OK && ic==iSnippetCol && iLast<iStart+nToken ){
+          nScore += aSeen[ip] ? 1000 : 1;
+          aSeen[ip] = 1;
+          if( iFinal>iLast ) iLast = iFinal;
+        }
+      }
+
+      if( rc==SQLITE_OK && nScore>nBestScore ){
+        iBestCol = iSnippetCol;
+        iBestStart = iStart;
+        iBestLast = iLast;
+        nBestScore = nScore;
+      }
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = pApi->xColumnSize(pFts, iBestCol, &nColSize);
+  }
+  if( rc==SQLITE_OK ){
+    rc = pApi->xColumnText(pFts, iBestCol, &ctx.zIn, &ctx.nIn);
+  }
+  if( ctx.zIn ){
+    if( rc==SQLITE_OK ){
+      rc = fts5CInstIterInit(pApi, pFts, iBestCol, &ctx.iter);
+    }
+
+    if( (iBestStart+nToken-1)>iBestLast ){
+      iBestStart -= (iBestStart+nToken-1-iBestLast) / 2;
+    }
+    if( iBestStart+nToken>nColSize ){
+      iBestStart = nColSize - nToken;
+    }
+    if( iBestStart<0 ) iBestStart = 0;
+
+    ctx.iRangeStart = iBestStart;
+    ctx.iRangeEnd = iBestStart + nToken - 1;
+
+    if( iBestStart>0 ){
+      fts5HighlightAppend(&rc, &ctx, zEllips, -1);
+    }
+    if( rc==SQLITE_OK ){
+      rc = pApi->xTokenize(pFts, ctx.zIn, ctx.nIn, (void*)&ctx,fts5HighlightCb);
+    }
+    if( ctx.iRangeEnd>=(nColSize-1) ){
+      fts5HighlightAppend(&rc, &ctx, &ctx.zIn[ctx.iOff], ctx.nIn - ctx.iOff);
+    }else{
+      fts5HighlightAppend(&rc, &ctx, zEllips, -1);
+    }
+
+    if( rc==SQLITE_OK ){
+      sqlite3_result_text(pCtx, (const char*)ctx.zOut, -1, SQLITE_TRANSIENT);
+    }else{
+      sqlite3_result_error_code(pCtx, rc);
+    }
+    sqlite3_free(ctx.zOut);
+  }
+  sqlite3_free(aSeen);
+}
+
+/************************************************************************/
+
+/*
+** The first time the bm25() function is called for a query, an instance
+** of the following structure is allocated and populated.
+*/
+typedef struct Fts5Bm25Data Fts5Bm25Data;
+struct Fts5Bm25Data {
+  int nPhrase;                    /* Number of phrases in query */
+  double avgdl;                   /* Average number of tokens in each row */
+  double *aIDF;                   /* IDF for each phrase */
+  double *aFreq;                  /* Array used to calculate phrase freq. */
+};
+
+/*
+** Callback used by fts5Bm25GetData() to count the number of rows in the
+** table matched by each individual phrase within the query.
+*/
+static int fts5CountCb(
+  const Fts5ExtensionApi *pApi, 
+  Fts5Context *pFts,
+  void *pUserData                 /* Pointer to sqlite3_int64 variable */
+){
+  sqlite3_int64 *pn = (sqlite3_int64*)pUserData;
+  (*pn)++;
+  return SQLITE_OK;
+}
+
+/*
+** Set *ppData to point to the Fts5Bm25Data object for the current query. 
+** If the object has not already been allocated, allocate and populate it
+** now.
+*/
+static int fts5Bm25GetData(
+  const Fts5ExtensionApi *pApi, 
+  Fts5Context *pFts,
+  Fts5Bm25Data **ppData           /* OUT: bm25-data object for this query */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  Fts5Bm25Data *p;                /* Object to return */
+
+  p = pApi->xGetAuxdata(pFts, 0);
+  if( p==0 ){
+    int nPhrase;                  /* Number of phrases in query */
+    sqlite3_int64 nRow = 0;       /* Number of rows in table */
+    sqlite3_int64 nToken = 0;     /* Number of tokens in table */
+    int nByte;                    /* Bytes of space to allocate */
+    int i;
+
+    /* Allocate the Fts5Bm25Data object */
+    nPhrase = pApi->xPhraseCount(pFts);
+    nByte = sizeof(Fts5Bm25Data) + nPhrase*2*sizeof(double);
+    p = (Fts5Bm25Data*)sqlite3_malloc(nByte);
+    if( p==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      memset(p, 0, nByte);
+      p->nPhrase = nPhrase;
+      p->aIDF = (double*)&p[1];
+      p->aFreq = &p->aIDF[nPhrase];
+    }
+
+    /* Calculate the average document length for this FTS5 table */
+    if( rc==SQLITE_OK ) rc = pApi->xRowCount(pFts, &nRow);
+    if( rc==SQLITE_OK ) rc = pApi->xColumnTotalSize(pFts, -1, &nToken);
+    if( rc==SQLITE_OK ) p->avgdl = (double)nToken  / (double)nRow;
+
+    /* Calculate an IDF for each phrase in the query */
+    for(i=0; rc==SQLITE_OK && i<nPhrase; i++){
+      sqlite3_int64 nHit = 0;
+      rc = pApi->xQueryPhrase(pFts, i, (void*)&nHit, fts5CountCb);
+      if( rc==SQLITE_OK ){
+        /* Calculate the IDF (Inverse Document Frequency) for phrase i.
+        ** This is done using the standard BM25 formula as found on wikipedia:
+        **
+        **   IDF = log( (N - nHit + 0.5) / (nHit + 0.5) )
+        **
+        ** where "N" is the total number of documents in the set and nHit
+        ** is the number that contain at least one instance of the phrase
+        ** under consideration.
+        **
+        ** The problem with this is that if (N < 2*nHit), the IDF is 
+        ** negative. Which is undesirable. So the mimimum allowable IDF is
+        ** (1e-6) - roughly the same as a term that appears in just over
+        ** half of set of 5,000,000 documents.  */
+        double idf = log( (nRow - nHit + 0.5) / (nHit + 0.5) );
+        if( idf<=0.0 ) idf = 1e-6;
+        p->aIDF[i] = idf;
+      }
+    }
+
+    if( rc!=SQLITE_OK ){
+      sqlite3_free(p);
+    }else{
+      rc = pApi->xSetAuxdata(pFts, p, sqlite3_free);
+    }
+    if( rc!=SQLITE_OK ) p = 0;
+  }
+  *ppData = p;
+  return rc;
+}
+
+/*
+** Implementation of bm25() function.
+*/
+static void fts5Bm25Function(
+  const Fts5ExtensionApi *pApi,   /* API offered by current FTS version */
+  Fts5Context *pFts,              /* First arg to pass to pApi functions */
+  sqlite3_context *pCtx,          /* Context for returning result/error */
+  int nVal,                       /* Number of values in apVal[] array */
+  sqlite3_value **apVal           /* Array of trailing arguments */
+){
+  const double k1 = 1.2;          /* Constant "k1" from BM25 formula */
+  const double b = 0.75;          /* Constant "b" from BM25 formula */
+  int rc = SQLITE_OK;             /* Error code */
+  double score = 0.0;             /* SQL function return value */
+  Fts5Bm25Data *pData;            /* Values allocated/calculated once only */
+  int i;                          /* Iterator variable */
+  int nInst = 0;                  /* Value returned by xInstCount() */
+  double D = 0.0;                 /* Total number of tokens in row */
+  double *aFreq = 0;              /* Array of phrase freq. for current row */
+
+  /* Calculate the phrase frequency (symbol "f(qi,D)" in the documentation)
+  ** for each phrase in the query for the current row. */
+  rc = fts5Bm25GetData(pApi, pFts, &pData);
+  if( rc==SQLITE_OK ){
+    aFreq = pData->aFreq;
+    memset(aFreq, 0, sizeof(double) * pData->nPhrase);
+    rc = pApi->xInstCount(pFts, &nInst);
+  }
+  for(i=0; rc==SQLITE_OK && i<nInst; i++){
+    int ip; int ic; int io;
+    rc = pApi->xInst(pFts, i, &ip, &ic, &io);
+    if( rc==SQLITE_OK ){
+      double w = (nVal > ic) ? sqlite3_value_double(apVal[ic]) : 1.0;
+      aFreq[ip] += w;
+    }
+  }
+
+  /* Figure out the total size of the current row in tokens. */
+  if( rc==SQLITE_OK ){
+    int nTok;
+    rc = pApi->xColumnSize(pFts, -1, &nTok);
+    D = (double)nTok;
+  }
+
+  /* Determine the BM25 score for the current row. */
+  for(i=0; rc==SQLITE_OK && i<pData->nPhrase; i++){
+    score += pData->aIDF[i] * (
+      ( aFreq[i] * (k1 + 1.0) ) / 
+      ( aFreq[i] + k1 * (1 - b + b * D / pData->avgdl) )
+    );
+  }
+  
+  /* If no error has occurred, return the calculated score. Otherwise,
+  ** throw an SQL exception.  */
+  if( rc==SQLITE_OK ){
+    sqlite3_result_double(pCtx, -1.0 * score);
+  }else{
+    sqlite3_result_error_code(pCtx, rc);
+  }
+}
+
+static int sqlite3Fts5AuxInit(fts5_api *pApi){
+  struct Builtin {
+    const char *zFunc;            /* Function name (nul-terminated) */
+    void *pUserData;              /* User-data pointer */
+    fts5_extension_function xFunc;/* Callback function */
+    void (*xDestroy)(void*);      /* Destructor function */
+  } aBuiltin [] = {
+    { "snippet",   0, fts5SnippetFunction, 0 },
+    { "highlight", 0, fts5HighlightFunction, 0 },
+    { "bm25",      0, fts5Bm25Function,    0 },
+  };
+  int rc = SQLITE_OK;             /* Return code */
+  int i;                          /* To iterate through builtin functions */
+
+  for(i=0; rc==SQLITE_OK && i<(int)ArraySize(aBuiltin); i++){
+    rc = pApi->xCreateFunction(pApi,
+        aBuiltin[i].zFunc,
+        aBuiltin[i].pUserData,
+        aBuiltin[i].xFunc,
+        aBuiltin[i].xDestroy
+    );
+  }
+
+  return rc;
+}
+
+
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+*/
+
+
+
+/* #include "fts5Int.h" */
+
+static int sqlite3Fts5BufferSize(int *pRc, Fts5Buffer *pBuf, int nByte){
+  int nNew = pBuf->nSpace ? pBuf->nSpace*2 : 64;
+  u8 *pNew;
+  while( nNew<nByte ){
+    nNew = nNew * 2;
+  }
+  pNew = sqlite3_realloc(pBuf->p, nNew);
+  if( pNew==0 ){
+    *pRc = SQLITE_NOMEM;
+    return 1;
+  }else{
+    pBuf->nSpace = nNew;
+    pBuf->p = pNew;
+  }
+  return 0;
+}
+
+
+/*
+** Encode value iVal as an SQLite varint and append it to the buffer object
+** pBuf. If an OOM error occurs, set the error code in p.
+*/
+static void sqlite3Fts5BufferAppendVarint(int *pRc, Fts5Buffer *pBuf, i64 iVal){
+  if( fts5BufferGrow(pRc, pBuf, 9) ) return;
+  pBuf->n += sqlite3Fts5PutVarint(&pBuf->p[pBuf->n], iVal);
+}
+
+static void sqlite3Fts5Put32(u8 *aBuf, int iVal){
+  aBuf[0] = (iVal>>24) & 0x00FF;
+  aBuf[1] = (iVal>>16) & 0x00FF;
+  aBuf[2] = (iVal>> 8) & 0x00FF;
+  aBuf[3] = (iVal>> 0) & 0x00FF;
+}
+
+static int sqlite3Fts5Get32(const u8 *aBuf){
+  return (aBuf[0] << 24) + (aBuf[1] << 16) + (aBuf[2] << 8) + aBuf[3];
+}
+
+/*
+** Append buffer nData/pData to buffer pBuf. If an OOM error occurs, set 
+** the error code in p. If an error has already occurred when this function
+** is called, it is a no-op.
+*/
+static void sqlite3Fts5BufferAppendBlob(
+  int *pRc,
+  Fts5Buffer *pBuf, 
+  int nData, 
+  const u8 *pData
+){
+  assert( *pRc || nData>=0 );
+  if( fts5BufferGrow(pRc, pBuf, nData) ) return;
+  memcpy(&pBuf->p[pBuf->n], pData, nData);
+  pBuf->n += nData;
+}
+
+/*
+** Append the nul-terminated string zStr to the buffer pBuf. This function
+** ensures that the byte following the buffer data is set to 0x00, even 
+** though this byte is not included in the pBuf->n count.
+*/
+static void sqlite3Fts5BufferAppendString(
+  int *pRc,
+  Fts5Buffer *pBuf, 
+  const char *zStr
+){
+  int nStr = (int)strlen(zStr);
+  sqlite3Fts5BufferAppendBlob(pRc, pBuf, nStr+1, (const u8*)zStr);
+  pBuf->n--;
+}
+
+/*
+** Argument zFmt is a printf() style format string. This function performs
+** the printf() style processing, then appends the results to buffer pBuf.
+**
+** Like sqlite3Fts5BufferAppendString(), this function ensures that the byte 
+** following the buffer data is set to 0x00, even though this byte is not
+** included in the pBuf->n count.
+*/ 
+static void sqlite3Fts5BufferAppendPrintf(
+  int *pRc,
+  Fts5Buffer *pBuf, 
+  char *zFmt, ...
+){
+  if( *pRc==SQLITE_OK ){
+    char *zTmp;
+    va_list ap;
+    va_start(ap, zFmt);
+    zTmp = sqlite3_vmprintf(zFmt, ap);
+    va_end(ap);
+
+    if( zTmp==0 ){
+      *pRc = SQLITE_NOMEM;
+    }else{
+      sqlite3Fts5BufferAppendString(pRc, pBuf, zTmp);
+      sqlite3_free(zTmp);
+    }
+  }
+}
+
+static char *sqlite3Fts5Mprintf(int *pRc, const char *zFmt, ...){
+  char *zRet = 0;
+  if( *pRc==SQLITE_OK ){
+    va_list ap;
+    va_start(ap, zFmt);
+    zRet = sqlite3_vmprintf(zFmt, ap);
+    va_end(ap);
+    if( zRet==0 ){
+      *pRc = SQLITE_NOMEM; 
+    }
+  }
+  return zRet;
+}
+ 
+
+/*
+** Free any buffer allocated by pBuf. Zero the structure before returning.
+*/
+static void sqlite3Fts5BufferFree(Fts5Buffer *pBuf){
+  sqlite3_free(pBuf->p);
+  memset(pBuf, 0, sizeof(Fts5Buffer));
+}
+
+/*
+** Zero the contents of the buffer object. But do not free the associated 
+** memory allocation.
+*/
+static void sqlite3Fts5BufferZero(Fts5Buffer *pBuf){
+  pBuf->n = 0;
+}
+
+/*
+** Set the buffer to contain nData/pData. If an OOM error occurs, leave an
+** the error code in p. If an error has already occurred when this function
+** is called, it is a no-op.
+*/
+static void sqlite3Fts5BufferSet(
+  int *pRc,
+  Fts5Buffer *pBuf, 
+  int nData, 
+  const u8 *pData
+){
+  pBuf->n = 0;
+  sqlite3Fts5BufferAppendBlob(pRc, pBuf, nData, pData);
+}
+
+static int sqlite3Fts5PoslistNext64(
+  const u8 *a, int n,             /* Buffer containing poslist */
+  int *pi,                        /* IN/OUT: Offset within a[] */
+  i64 *piOff                      /* IN/OUT: Current offset */
+){
+  int i = *pi;
+  if( i>=n ){
+    /* EOF */
+    *piOff = -1;
+    return 1;  
+  }else{
+    i64 iOff = *piOff;
+    int iVal;
+    fts5FastGetVarint32(a, i, iVal);
+    if( iVal==1 ){
+      fts5FastGetVarint32(a, i, iVal);
+      iOff = ((i64)iVal) << 32;
+      fts5FastGetVarint32(a, i, iVal);
+    }
+    *piOff = iOff + (iVal-2);
+    *pi = i;
+    return 0;
+  }
+}
+
+
+/*
+** Advance the iterator object passed as the only argument. Return true
+** if the iterator reaches EOF, or false otherwise.
+*/
+static int sqlite3Fts5PoslistReaderNext(Fts5PoslistReader *pIter){
+  if( sqlite3Fts5PoslistNext64(pIter->a, pIter->n, &pIter->i, &pIter->iPos) ){
+    pIter->bEof = 1;
+  }
+  return pIter->bEof;
+}
+
+static int sqlite3Fts5PoslistReaderInit(
+  const u8 *a, int n,             /* Poslist buffer to iterate through */
+  Fts5PoslistReader *pIter        /* Iterator object to initialize */
+){
+  memset(pIter, 0, sizeof(*pIter));
+  pIter->a = a;
+  pIter->n = n;
+  sqlite3Fts5PoslistReaderNext(pIter);
+  return pIter->bEof;
+}
+
+static int sqlite3Fts5PoslistWriterAppend(
+  Fts5Buffer *pBuf, 
+  Fts5PoslistWriter *pWriter,
+  i64 iPos
+){
+  static const i64 colmask = ((i64)(0x7FFFFFFF)) << 32;
+  int rc = SQLITE_OK;
+  if( 0==fts5BufferGrow(&rc, pBuf, 5+5+5) ){
+    if( (iPos & colmask) != (pWriter->iPrev & colmask) ){
+      pBuf->p[pBuf->n++] = 1;
+      pBuf->n += sqlite3Fts5PutVarint(&pBuf->p[pBuf->n], (iPos>>32));
+      pWriter->iPrev = (iPos & colmask);
+    }
+    pBuf->n += sqlite3Fts5PutVarint(&pBuf->p[pBuf->n], (iPos-pWriter->iPrev)+2);
+    pWriter->iPrev = iPos;
+  }
+  return rc;
+}
+
+static void *sqlite3Fts5MallocZero(int *pRc, int nByte){
+  void *pRet = 0;
+  if( *pRc==SQLITE_OK ){
+    pRet = sqlite3_malloc(nByte);
+    if( pRet==0 && nByte>0 ){
+      *pRc = SQLITE_NOMEM;
+    }else{
+      memset(pRet, 0, nByte);
+    }
+  }
+  return pRet;
+}
+
+/*
+** Return a nul-terminated copy of the string indicated by pIn. If nIn
+** is non-negative, then it is the length of the string in bytes. Otherwise,
+** the length of the string is determined using strlen().
+**
+** It is the responsibility of the caller to eventually free the returned
+** buffer using sqlite3_free(). If an OOM error occurs, NULL is returned. 
+*/
+static char *sqlite3Fts5Strndup(int *pRc, const char *pIn, int nIn){
+  char *zRet = 0;
+  if( *pRc==SQLITE_OK ){
+    if( nIn<0 ){
+      nIn = (int)strlen(pIn);
+    }
+    zRet = (char*)sqlite3_malloc(nIn+1);
+    if( zRet ){
+      memcpy(zRet, pIn, nIn);
+      zRet[nIn] = '\0';
+    }else{
+      *pRc = SQLITE_NOMEM;
+    }
+  }
+  return zRet;
+}
+
+
+/*
+** Return true if character 't' may be part of an FTS5 bareword, or false
+** otherwise. Characters that may be part of barewords:
+**
+**   * All non-ASCII characters,
+**   * The 52 upper and lower case ASCII characters, and
+**   * The 10 integer ASCII characters.
+**   * The underscore character "_" (0x5F).
+**   * The unicode "subsitute" character (0x1A).
+*/
+static int sqlite3Fts5IsBareword(char t){
+  u8 aBareword[128] = {
+    0, 0, 0, 0, 0, 0, 0, 0,    0, 0, 0, 0, 0, 0, 0, 0,   /* 0x00 .. 0x0F */
+    0, 0, 0, 0, 0, 0, 0, 0,    0, 0, 1, 0, 0, 0, 0, 0,   /* 0x10 .. 0x1F */
+    0, 0, 0, 0, 0, 0, 0, 0,    0, 0, 0, 0, 0, 0, 0, 0,   /* 0x20 .. 0x2F */
+    1, 1, 1, 1, 1, 1, 1, 1,    1, 1, 0, 0, 0, 0, 0, 0,   /* 0x30 .. 0x3F */
+    0, 1, 1, 1, 1, 1, 1, 1,    1, 1, 1, 1, 1, 1, 1, 1,   /* 0x40 .. 0x4F */
+    1, 1, 1, 1, 1, 1, 1, 1,    1, 1, 1, 0, 0, 0, 0, 1,   /* 0x50 .. 0x5F */
+    0, 1, 1, 1, 1, 1, 1, 1,    1, 1, 1, 1, 1, 1, 1, 1,   /* 0x60 .. 0x6F */
+    1, 1, 1, 1, 1, 1, 1, 1,    1, 1, 1, 0, 0, 0, 0, 0    /* 0x70 .. 0x7F */
+  };
+
+  return (t & 0x80) || aBareword[(int)t];
+}
+
+
+
+/*
+** 2014 Jun 09
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This is an SQLite module implementing full-text search.
+*/
+
+
+
+/* #include "fts5Int.h" */
+
+#define FTS5_DEFAULT_PAGE_SIZE   4050
+#define FTS5_DEFAULT_AUTOMERGE      4
+#define FTS5_DEFAULT_CRISISMERGE   16
+#define FTS5_DEFAULT_HASHSIZE    (1024*1024)
+
+/* Maximum allowed page size */
+#define FTS5_MAX_PAGE_SIZE (128*1024)
+
+static int fts5_iswhitespace(char x){
+  return (x==' ');
+}
+
+static int fts5_isopenquote(char x){
+  return (x=='"' || x=='\'' || x=='[' || x=='`');
+}
+
+/*
+** Argument pIn points to a character that is part of a nul-terminated 
+** string. Return a pointer to the first character following *pIn in 
+** the string that is not a white-space character.
+*/
+static const char *fts5ConfigSkipWhitespace(const char *pIn){
+  const char *p = pIn;
+  if( p ){
+    while( fts5_iswhitespace(*p) ){ p++; }
+  }
+  return p;
+}
+
+/*
+** Argument pIn points to a character that is part of a nul-terminated 
+** string. Return a pointer to the first character following *pIn in 
+** the string that is not a "bareword" character.
+*/
+static const char *fts5ConfigSkipBareword(const char *pIn){
+  const char *p = pIn;
+  while ( sqlite3Fts5IsBareword(*p) ) p++;
+  if( p==pIn ) p = 0;
+  return p;
+}
+
+static int fts5_isdigit(char a){
+  return (a>='0' && a<='9');
+}
+
+
+
+static const char *fts5ConfigSkipLiteral(const char *pIn){
+  const char *p = pIn;
+  switch( *p ){
+    case 'n': case 'N':
+      if( sqlite3_strnicmp("null", p, 4)==0 ){
+        p = &p[4];
+      }else{
+        p = 0;
+      }
+      break;
+
+    case 'x': case 'X':
+      p++;
+      if( *p=='\'' ){
+        p++;
+        while( (*p>='a' && *p<='f') 
+            || (*p>='A' && *p<='F') 
+            || (*p>='0' && *p<='9') 
+            ){
+          p++;
+        }
+        if( *p=='\'' && 0==((p-pIn)%2) ){
+          p++;
+        }else{
+          p = 0;
+        }
+      }else{
+        p = 0;
+      }
+      break;
+
+    case '\'':
+      p++;
+      while( p ){
+        if( *p=='\'' ){
+          p++;
+          if( *p!='\'' ) break;
+        }
+        p++;
+        if( *p==0 ) p = 0;
+      }
+      break;
+
+    default:
+      /* maybe a number */
+      if( *p=='+' || *p=='-' ) p++;
+      while( fts5_isdigit(*p) ) p++;
+
+      /* At this point, if the literal was an integer, the parse is 
+      ** finished. Or, if it is a floating point value, it may continue
+      ** with either a decimal point or an 'E' character. */
+      if( *p=='.' && fts5_isdigit(p[1]) ){
+        p += 2;
+        while( fts5_isdigit(*p) ) p++;
+      }
+      if( p==pIn ) p = 0;
+
+      break;
+  }
+
+  return p;
+}
+
+/*
+** The first character of the string pointed to by argument z is guaranteed
+** to be an open-quote character (see function fts5_isopenquote()).
+**
+** This function searches for the corresponding close-quote character within
+** the string and, if found, dequotes the string in place and adds a new
+** nul-terminator byte.
+**
+** If the close-quote is found, the value returned is the byte offset of
+** the character immediately following it. Or, if the close-quote is not 
+** found, -1 is returned. If -1 is returned, the buffer is left in an 
+** undefined state.
+*/
+static int fts5Dequote(char *z){
+  char q;
+  int iIn = 1;
+  int iOut = 0;
+  q = z[0];
+
+  /* Set stack variable q to the close-quote character */
+  assert( q=='[' || q=='\'' || q=='"' || q=='`' );
+  if( q=='[' ) q = ']';  
+
+  while( ALWAYS(z[iIn]) ){
+    if( z[iIn]==q ){
+      if( z[iIn+1]!=q ){
+        /* Character iIn was the close quote. */
+        iIn++;
+        break;
+      }else{
+        /* Character iIn and iIn+1 form an escaped quote character. Skip
+        ** the input cursor past both and copy a single quote character 
+        ** to the output buffer. */
+        iIn += 2;
+        z[iOut++] = q;
+      }
+    }else{
+      z[iOut++] = z[iIn++];
+    }
+  }
+
+  z[iOut] = '\0';
+  return iIn;
+}
+
+/*
+** Convert an SQL-style quoted string into a normal string by removing
+** the quote characters.  The conversion is done in-place.  If the
+** input does not begin with a quote character, then this routine
+** is a no-op.
+**
+** Examples:
+**
+**     "abc"   becomes   abc
+**     'xyz'   becomes   xyz
+**     [pqr]   becomes   pqr
+**     `mno`   becomes   mno
+*/
+static void sqlite3Fts5Dequote(char *z){
+  char quote;                     /* Quote character (if any ) */
+
+  assert( 0==fts5_iswhitespace(z[0]) );
+  quote = z[0];
+  if( quote=='[' || quote=='\'' || quote=='"' || quote=='`' ){
+    fts5Dequote(z);
+  }
+}
+
+/*
+** Parse a "special" CREATE VIRTUAL TABLE directive and update
+** configuration object pConfig as appropriate.
+**
+** If successful, object pConfig is updated and SQLITE_OK returned. If
+** an error occurs, an SQLite error code is returned and an error message
+** may be left in *pzErr. It is the responsibility of the caller to
+** eventually free any such error message using sqlite3_free().
+*/
+static int fts5ConfigParseSpecial(
+  Fts5Global *pGlobal,
+  Fts5Config *pConfig,            /* Configuration object to update */
+  const char *zCmd,               /* Special command to parse */
+  const char *zArg,               /* Argument to parse */
+  char **pzErr                    /* OUT: Error message */
+){
+  int rc = SQLITE_OK;
+  int nCmd = (int)strlen(zCmd);
+  if( sqlite3_strnicmp("prefix", zCmd, nCmd)==0 ){
+    const int nByte = sizeof(int) * FTS5_MAX_PREFIX_INDEXES;
+    const char *p;
+    int bFirst = 1;
+    if( pConfig->aPrefix==0 ){
+      pConfig->aPrefix = sqlite3Fts5MallocZero(&rc, nByte);
+      if( rc ) return rc;
+    }
+
+    p = zArg;
+    while( 1 ){
+      int nPre = 0;
+
+      while( p[0]==' ' ) p++;
+      if( bFirst==0 && p[0]==',' ){
+        p++;
+        while( p[0]==' ' ) p++;
+      }else if( p[0]=='\0' ){
+        break;
+      }
+      if( p[0]<'0' || p[0]>'9' ){
+        *pzErr = sqlite3_mprintf("malformed prefix=... directive");
+        rc = SQLITE_ERROR;
+        break;
+      }
+
+      if( pConfig->nPrefix==FTS5_MAX_PREFIX_INDEXES ){
+        *pzErr = sqlite3_mprintf(
+            "too many prefix indexes (max %d)", FTS5_MAX_PREFIX_INDEXES
+        );
+        rc = SQLITE_ERROR;
+        break;
+      }
+
+      while( p[0]>='0' && p[0]<='9' && nPre<1000 ){
+        nPre = nPre*10 + (p[0] - '0');
+        p++;
+      }
+
+      if( rc==SQLITE_OK && (nPre<=0 || nPre>=1000) ){
+        *pzErr = sqlite3_mprintf("prefix length out of range (max 999)");
+        rc = SQLITE_ERROR;
+        break;
+      }
+
+      pConfig->aPrefix[pConfig->nPrefix] = nPre;
+      pConfig->nPrefix++;
+      bFirst = 0;
+    }
+    assert( pConfig->nPrefix<=FTS5_MAX_PREFIX_INDEXES );
+    return rc;
+  }
+
+  if( sqlite3_strnicmp("tokenize", zCmd, nCmd)==0 ){
+    const char *p = (const char*)zArg;
+    int nArg = (int)strlen(zArg) + 1;
+    char **azArg = sqlite3Fts5MallocZero(&rc, sizeof(char*) * nArg);
+    char *pDel = sqlite3Fts5MallocZero(&rc, nArg * 2);
+    char *pSpace = pDel;
+
+    if( azArg && pSpace ){
+      if( pConfig->pTok ){
+        *pzErr = sqlite3_mprintf("multiple tokenize=... directives");
+        rc = SQLITE_ERROR;
+      }else{
+        for(nArg=0; p && *p; nArg++){
+          const char *p2 = fts5ConfigSkipWhitespace(p);
+          if( *p2=='\'' ){
+            p = fts5ConfigSkipLiteral(p2);
+          }else{
+            p = fts5ConfigSkipBareword(p2);
+          }
+          if( p ){
+            memcpy(pSpace, p2, p-p2);
+            azArg[nArg] = pSpace;
+            sqlite3Fts5Dequote(pSpace);
+            pSpace += (p - p2) + 1;
+            p = fts5ConfigSkipWhitespace(p);
+          }
+        }
+        if( p==0 ){
+          *pzErr = sqlite3_mprintf("parse error in tokenize directive");
+          rc = SQLITE_ERROR;
+        }else{
+          rc = sqlite3Fts5GetTokenizer(pGlobal, 
+              (const char**)azArg, nArg, &pConfig->pTok, &pConfig->pTokApi,
+              pzErr
+          );
+        }
+      }
+    }
+
+    sqlite3_free(azArg);
+    sqlite3_free(pDel);
+    return rc;
+  }
+
+  if( sqlite3_strnicmp("content", zCmd, nCmd)==0 ){
+    if( pConfig->eContent!=FTS5_CONTENT_NORMAL ){
+      *pzErr = sqlite3_mprintf("multiple content=... directives");
+      rc = SQLITE_ERROR;
+    }else{
+      if( zArg[0] ){
+        pConfig->eContent = FTS5_CONTENT_EXTERNAL;
+        pConfig->zContent = sqlite3Fts5Mprintf(&rc, "%Q.%Q", pConfig->zDb,zArg);
+      }else{
+        pConfig->eContent = FTS5_CONTENT_NONE;
+      }
+    }
+    return rc;
+  }
+
+  if( sqlite3_strnicmp("content_rowid", zCmd, nCmd)==0 ){
+    if( pConfig->zContentRowid ){
+      *pzErr = sqlite3_mprintf("multiple content_rowid=... directives");
+      rc = SQLITE_ERROR;
+    }else{
+      pConfig->zContentRowid = sqlite3Fts5Strndup(&rc, zArg, -1);
+    }
+    return rc;
+  }
+
+  if( sqlite3_strnicmp("columnsize", zCmd, nCmd)==0 ){
+    if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1]!='\0' ){
+      *pzErr = sqlite3_mprintf("malformed columnsize=... directive");
+      rc = SQLITE_ERROR;
+    }else{
+      pConfig->bColumnsize = (zArg[0]=='1');
+    }
+    return rc;
+  }
+
+  *pzErr = sqlite3_mprintf("unrecognized option: \"%.*s\"", nCmd, zCmd);
+  return SQLITE_ERROR;
+}
+
+/*
+** Allocate an instance of the default tokenizer ("simple") at 
+** Fts5Config.pTokenizer. Return SQLITE_OK if successful, or an SQLite error
+** code if an error occurs.
+*/
+static int fts5ConfigDefaultTokenizer(Fts5Global *pGlobal, Fts5Config *pConfig){
+  assert( pConfig->pTok==0 && pConfig->pTokApi==0 );
+  return sqlite3Fts5GetTokenizer(
+      pGlobal, 0, 0, &pConfig->pTok, &pConfig->pTokApi, 0
+  );
+}
+
+/*
+** Gobble up the first bareword or quoted word from the input buffer zIn.
+** Return a pointer to the character immediately following the last in
+** the gobbled word if successful, or a NULL pointer otherwise (failed
+** to find close-quote character).
+**
+** Before returning, set pzOut to point to a new buffer containing a
+** nul-terminated, dequoted copy of the gobbled word. If the word was
+** quoted, *pbQuoted is also set to 1 before returning.
+**
+** If *pRc is other than SQLITE_OK when this function is called, it is
+** a no-op (NULL is returned). Otherwise, if an OOM occurs within this
+** function, *pRc is set to SQLITE_NOMEM before returning. *pRc is *not*
+** set if a parse error (failed to find close quote) occurs.
+*/
+static const char *fts5ConfigGobbleWord(
+  int *pRc,                       /* IN/OUT: Error code */
+  const char *zIn,                /* Buffer to gobble string/bareword from */
+  char **pzOut,                   /* OUT: malloc'd buffer containing str/bw */
+  int *pbQuoted                   /* OUT: Set to true if dequoting required */
+){
+  const char *zRet = 0;
+
+  int nIn = (int)strlen(zIn);
+  char *zOut = sqlite3_malloc(nIn+1);
+
+  assert( *pRc==SQLITE_OK );
+  *pbQuoted = 0;
+  *pzOut = 0;
+
+  if( zOut==0 ){
+    *pRc = SQLITE_NOMEM;
+  }else{
+    memcpy(zOut, zIn, nIn+1);
+    if( fts5_isopenquote(zOut[0]) ){
+      int ii = fts5Dequote(zOut);
+      zRet = &zIn[ii];
+      *pbQuoted = 1;
+    }else{
+      zRet = fts5ConfigSkipBareword(zIn);
+      zOut[zRet-zIn] = '\0';
+    }
+  }
+
+  if( zRet==0 ){
+    sqlite3_free(zOut);
+  }else{
+    *pzOut = zOut;
+  }
+
+  return zRet;
+}
+
+static int fts5ConfigParseColumn(
+  Fts5Config *p, 
+  char *zCol, 
+  char *zArg, 
+  char **pzErr
+){
+  int rc = SQLITE_OK;
+  if( 0==sqlite3_stricmp(zCol, FTS5_RANK_NAME) 
+   || 0==sqlite3_stricmp(zCol, FTS5_ROWID_NAME) 
+  ){
+    *pzErr = sqlite3_mprintf("reserved fts5 column name: %s", zCol);
+    rc = SQLITE_ERROR;
+  }else if( zArg ){
+    if( 0==sqlite3_stricmp(zArg, "unindexed") ){
+      p->abUnindexed[p->nCol] = 1;
+    }else{
+      *pzErr = sqlite3_mprintf("unrecognized column option: %s", zArg);
+      rc = SQLITE_ERROR;
+    }
+  }
+
+  p->azCol[p->nCol++] = zCol;
+  return rc;
+}
+
+/*
+** Populate the Fts5Config.zContentExprlist string.
+*/
+static int fts5ConfigMakeExprlist(Fts5Config *p){
+  int i;
+  int rc = SQLITE_OK;
+  Fts5Buffer buf = {0, 0, 0};
+
+  sqlite3Fts5BufferAppendPrintf(&rc, &buf, "T.%Q", p->zContentRowid);
+  if( p->eContent!=FTS5_CONTENT_NONE ){
+    for(i=0; i<p->nCol; i++){
+      if( p->eContent==FTS5_CONTENT_EXTERNAL ){
+        sqlite3Fts5BufferAppendPrintf(&rc, &buf, ", T.%Q", p->azCol[i]);
+      }else{
+        sqlite3Fts5BufferAppendPrintf(&rc, &buf, ", T.c%d", i);
+      }
+    }
+  }
+
+  assert( p->zContentExprlist==0 );
+  p->zContentExprlist = (char*)buf.p;
+  return rc;
+}
+
+/*
+** Arguments nArg/azArg contain the string arguments passed to the xCreate
+** or xConnect method of the virtual table. This function attempts to 
+** allocate an instance of Fts5Config containing the results of parsing
+** those arguments.
+**
+** If successful, SQLITE_OK is returned and *ppOut is set to point to the
+** new Fts5Config object. If an error occurs, an SQLite error code is 
+** returned, *ppOut is set to NULL and an error message may be left in
+** *pzErr. It is the responsibility of the caller to eventually free any 
+** such error message using sqlite3_free().
+*/
+static int sqlite3Fts5ConfigParse(
+  Fts5Global *pGlobal,
+  sqlite3 *db,
+  int nArg,                       /* Number of arguments */
+  const char **azArg,             /* Array of nArg CREATE VIRTUAL TABLE args */
+  Fts5Config **ppOut,             /* OUT: Results of parse */
+  char **pzErr                    /* OUT: Error message */
+){
+  int rc = SQLITE_OK;             /* Return code */
+  Fts5Config *pRet;               /* New object to return */
+  int i;
+  int nByte;
+
+  *ppOut = pRet = (Fts5Config*)sqlite3_malloc(sizeof(Fts5Config));
+  if( pRet==0 ) return SQLITE_NOMEM;
+  memset(pRet, 0, sizeof(Fts5Config));
+  pRet->db = db;
+  pRet->iCookie = -1;
+
+  nByte = nArg * (sizeof(char*) + sizeof(u8));
+  pRet->azCol = (char**)sqlite3Fts5MallocZero(&rc, nByte);
+  pRet->abUnindexed = (u8*)&pRet->azCol[nArg];
+  pRet->zDb = sqlite3Fts5Strndup(&rc, azArg[1], -1);
+  pRet->zName = sqlite3Fts5Strndup(&rc, azArg[2], -1);
+  pRet->bColumnsize = 1;
+#ifdef SQLITE_DEBUG
+  pRet->bPrefixIndex = 1;
+#endif
+  if( rc==SQLITE_OK && sqlite3_stricmp(pRet->zName, FTS5_RANK_NAME)==0 ){
+    *pzErr = sqlite3_mprintf("reserved fts5 table name: %s", pRet->zName);
+    rc = SQLITE_ERROR;
+  }
+
+  for(i=3; rc==SQLITE_OK && i<nArg; i++){
+    const char *zOrig = azArg[i];
+    const char *z;
+    char *zOne = 0;
+    char *zTwo = 0;
+    int bOption = 0;
+    int bMustBeCol = 0;
+
+    z = fts5ConfigGobbleWord(&rc, zOrig, &zOne, &bMustBeCol);
+    z = fts5ConfigSkipWhitespace(z);
+    if( z && *z=='=' ){
+      bOption = 1;
+      z++;
+      if( bMustBeCol ) z = 0;
+    }
+    z = fts5ConfigSkipWhitespace(z);
+    if( z && z[0] ){
+      int bDummy;
+      z = fts5ConfigGobbleWord(&rc, z, &zTwo, &bDummy);
+      if( z && z[0] ) z = 0;
+    }
+
+    if( rc==SQLITE_OK ){
+      if( z==0 ){
+        *pzErr = sqlite3_mprintf("parse error in \"%s\"", zOrig);
+        rc = SQLITE_ERROR;
+      }else{
+        if( bOption ){
+          rc = fts5ConfigParseSpecial(pGlobal, pRet, zOne, zTwo?zTwo:"", pzErr);
+        }else{
+          rc = fts5ConfigParseColumn(pRet, zOne, zTwo, pzErr);
+          zOne = 0;
+        }
+      }
+    }
+
+    sqlite3_free(zOne);
+    sqlite3_free(zTwo);
+  }
+
+  /* If a tokenizer= option was successfully parsed, the tokenizer has
+  ** already been allocated. Otherwise, allocate an instance of the default
+  ** tokenizer (unicode61) now.  */
+  if( rc==SQLITE_OK && pRet->pTok==0 ){
+    rc = fts5ConfigDefaultTokenizer(pGlobal, pRet);
+  }
+
+  /* If no zContent option was specified, fill in the default values. */
+  if( rc==SQLITE_OK && pRet->zContent==0 ){
+    const char *zTail = 0;
+    assert( pRet->eContent==FTS5_CONTENT_NORMAL 
+         || pRet->eContent==FTS5_CONTENT_NONE 
+    );
+    if( pRet->eContent==FTS5_CONTENT_NORMAL ){
+      zTail = "content";
+    }else if( pRet->bColumnsize ){
+      zTail = "docsize";
+    }
+
+    if( zTail ){
+      pRet->zContent = sqlite3Fts5Mprintf(
+          &rc, "%Q.'%q_%s'", pRet->zDb, pRet->zName, zTail
+      );
+    }
+  }
+
+  if( rc==SQLITE_OK && pRet->zContentRowid==0 ){
+    pRet->zContentRowid = sqlite3Fts5Strndup(&rc, "rowid", -1);
+  }
+
+  /* Formulate the zContentExprlist text */
+  if( rc==SQLITE_OK ){
+    rc = fts5ConfigMakeExprlist(pRet);
+  }
+
+  if( rc!=SQLITE_OK ){
+    sqlite3Fts5ConfigFree(pRet);
+    *ppOut = 0;
+  }
+  return rc;
+}
+
+/*
+** Free the configuration object passed as the only argument.
+*/
+static void sqlite3Fts5ConfigFree(Fts5Config *pConfig){
+  if( pConfig ){
+    int i;
+    if( pConfig->pTok ){
+      pConfig->pTokApi->xDelete(pConfig->pTok);
+    }
+    sqlite3_free(pConfig->zDb);
+    sqlite3_free(pConfig->zName);
+    for(i=0; i<pConfig->nCol; i++){
+      sqlite3_free(pConfig->azCol[i]);
+    }
+    sqlite3_free(pConfig->azCol);
+    sqlite3_free(pConfig->aPrefix);
+    sqlite3_free(pConfig->zRank);
+    sqlite3_free(pConfig->zRankArgs);
+    sqlite3_free(pConfig->zContent);
+    sqlite3_free(pConfig->zContentRowid);
+    sqlite3_free(pConfig->zContentExprlist);
+    sqlite3_free(pConfig);
+  }
+}
+
+/*
+** Call sqlite3_declare_vtab() based on the contents of the configuration
+** object passed as the only argument. Return SQLITE_OK if successful, or
+** an SQLite error code if an error occurs.
+*/
+static int sqlite3Fts5ConfigDeclareVtab(Fts5Config *pConfig){
+  int i;
+  int rc = SQLITE_OK;
+  char *zSql;
+
+  zSql = sqlite3Fts5Mprintf(&rc, "CREATE TABLE x(");
+  for(i=0; zSql && i<pConfig->nCol; i++){
+    const char *zSep = (i==0?"":", ");
+    zSql = sqlite3Fts5Mprintf(&rc, "%z%s%Q", zSql, zSep, pConfig->azCol[i]);
+  }
+  zSql = sqlite3Fts5Mprintf(&rc, "%z, %Q HIDDEN, %s HIDDEN)", 
+      zSql, pConfig->zName, FTS5_RANK_NAME
+  );
+
+  assert( zSql || rc==SQLITE_NOMEM );
+  if( zSql ){
+    rc = sqlite3_declare_vtab(pConfig->db, zSql);
+    sqlite3_free(zSql);
+  }
+  
+  return rc;
+}
+
+/*
+** Tokenize the text passed via the second and third arguments.
+**
+** The callback is invoked once for each token in the input text. The
+** arguments passed to it are, in order:
+**
+**     void *pCtx          // Copy of 4th argument to sqlite3Fts5Tokenize()
+**     const char *pToken  // Pointer to buffer containing token
+**     int nToken          // Size of token in bytes
+**     int iStart          // Byte offset of start of token within input text
+**     int iEnd            // Byte offset of end of token within input text
+**     int iPos            // Position of token in input (first token is 0)
+**
+** If the callback returns a non-zero value the tokenization is abandoned
+** and no further callbacks are issued. 
+**
+** This function returns SQLITE_OK if successful or an SQLite error code
+** if an error occurs. If the tokenization was abandoned early because
+** the callback returned SQLITE_DONE, this is not an error and this function
+** still returns SQLITE_OK. Or, if the tokenization was abandoned early
+** because the callback returned another non-zero value, it is assumed
+** to be an SQLite error code and returned to the caller.
+*/
+static int sqlite3Fts5Tokenize(
+  Fts5Config *pConfig,            /* FTS5 Configuration object */
+  int flags,                      /* FTS5_TOKENIZE_* flags */
+  const char *pText, int nText,   /* Text to tokenize */
+  void *pCtx,                     /* Context passed to xToken() */
+  int (*xToken)(void*, int, const char*, int, int, int)    /* Callback */
+){
+  if( pText==0 ) return SQLITE_OK;
+  return pConfig->pTokApi->xTokenize(
+      pConfig->pTok, pCtx, flags, pText, nText, xToken
+  );
+}
+
+/*
+** Argument pIn points to the first character in what is expected to be
+** a comma-separated list of SQL literals followed by a ')' character.
+** If it actually is this, return a pointer to the ')'. Otherwise, return
+** NULL to indicate a parse error.
+*/
+static const char *fts5ConfigSkipArgs(const char *pIn){
+  const char *p = pIn;
+  
+  while( 1 ){
+    p = fts5ConfigSkipWhitespace(p);
+    p = fts5ConfigSkipLiteral(p);
+    p = fts5ConfigSkipWhitespace(p);
+    if( p==0 || *p==')' ) break;
+    if( *p!=',' ){
+      p = 0;
+      break;
+    }
+    p++;
+  }
+
+  return p;
+}
+
+/*
+** Parameter zIn contains a rank() function specification. The format of 
+** this is:
+**
+**   + Bareword (function name)
+**   + Open parenthesis - "("
+**   + Zero or more SQL literals in a comma separated list
+**   + Close parenthesis - ")"
+*/
+static int sqlite3Fts5ConfigParseRank(
+  const char *zIn,                /* Input string */
+  char **pzRank,                  /* OUT: Rank function name */
+  char **pzRankArgs               /* OUT: Rank function arguments */
+){
+  const char *p = zIn;
+  const char *pRank;
+  char *zRank = 0;
+  char *zRankArgs = 0;
+  int rc = SQLITE_OK;
+
+  *pzRank = 0;
+  *pzRankArgs = 0;
+
+  if( p==0 ){
+    rc = SQLITE_ERROR;
+  }else{
+    p = fts5ConfigSkipWhitespace(p);
+    pRank = p;
+    p = fts5ConfigSkipBareword(p);
+
+    if( p ){
+      zRank = sqlite3Fts5MallocZero(&rc, 1 + p - pRank);
+      if( zRank ) memcpy(zRank, pRank, p-pRank);
+    }else{
+      rc = SQLITE_ERROR;
+    }
+
+    if( rc==SQLITE_OK ){
+      p = fts5ConfigSkipWhitespace(p);
+      if( *p!='(' ) rc = SQLITE_ERROR;
+      p++;
+    }
+    if( rc==SQLITE_OK ){
+      const char *pArgs; 
+      p = fts5ConfigSkipWhitespace(p);
+      pArgs = p;
+      if( *p!=')' ){
+        p = fts5ConfigSkipArgs(p);
+        if( p==0 ){
+          rc = SQLITE_ERROR;
+        }else{
+          zRankArgs = sqlite3Fts5MallocZero(&rc, 1 + p - pArgs);
+          if( zRankArgs ) memcpy(zRankArgs, pArgs, p-pArgs);
+        }
+      }
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    sqlite3_free(zRank);
+    assert( zRankArgs==0 );
+  }else{
+    *pzRank = zRank;
+    *pzRankArgs = zRankArgs;
+  }
+  return rc;
+}
+
+static int sqlite3Fts5ConfigSetValue(
+  Fts5Config *pConfig, 
+  const char *zKey, 
+  sqlite3_value *pVal,
+  int *pbBadkey
+){
+  int rc = SQLITE_OK;
+
+  if( 0==sqlite3_stricmp(zKey, "pgsz") ){
+    int pgsz = 0;
+    if( SQLITE_INTEGER==sqlite3_value_numeric_type(pVal) ){
+      pgsz = sqlite3_value_int(pVal);
+    }
+    if( pgsz<=0 || pgsz>FTS5_MAX_PAGE_SIZE ){
+      *pbBadkey = 1;
+    }else{
+      pConfig->pgsz = pgsz;
+    }
+  }
+
+  else if( 0==sqlite3_stricmp(zKey, "hashsize") ){
+    int nHashSize = -1;
+    if( SQLITE_INTEGER==sqlite3_value_numeric_type(pVal) ){
+      nHashSize = sqlite3_value_int(pVal);
+    }
+    if( nHashSize<=0 ){
+      *pbBadkey = 1;
+    }else{
+      pConfig->nHashSize = nHashSize;
+    }
+  }
+
+  else if( 0==sqlite3_stricmp(zKey, "automerge") ){
+    int nAutomerge = -1;
+    if( SQLITE_INTEGER==sqlite3_value_numeric_type(pVal) ){
+      nAutomerge = sqlite3_value_int(pVal);
+    }
+    if( nAutomerge<0 || nAutomerge>64 ){
+      *pbBadkey = 1;
+    }else{
+      if( nAutomerge==1 ) nAutomerge = FTS5_DEFAULT_AUTOMERGE;
+      pConfig->nAutomerge = nAutomerge;
+    }
+  }
+
+  else if( 0==sqlite3_stricmp(zKey, "crisismerge") ){
+    int nCrisisMerge = -1;
+    if( SQLITE_INTEGER==sqlite3_value_numeric_type(pVal) ){
+      nCrisisMerge = sqlite3_value_int(pVal);
+    }
+    if( nCrisisMerge<0 ){
+      *pbBadkey = 1;
+    }else{
+      if( nCrisisMerge<=1 ) nCrisisMerge = FTS5_DEFAULT_CRISISMERGE;
+      pConfig->nCrisisMerge = nCrisisMerge;
+    }
+  }
+
+  else if( 0==sqlite3_stricmp(zKey, "rank") ){
+    const char *zIn = (const char*)sqlite3_value_text(pVal);
+    char *zRank;
+    char *zRankArgs;
+    rc = sqlite3Fts5ConfigParseRank(zIn, &zRank, &zRankArgs);
+    if( rc==SQLITE_OK ){
+      sqlite3_free(pConfig->zRank);
+      sqlite3_free(pConfig->zRankArgs);
+      pConfig->zRank = zRank;
+      pConfig->zRankArgs = zRankArgs;
+    }else if( rc==SQLITE_ERROR ){
+      rc = SQLITE_OK;
+      *pbBadkey = 1;
+    }
+  }else{
+    *pbBadkey = 1;
+  }
+  return rc;
+}
+
+/*
+** Load the contents of the %_config table into memory.
+*/
+static int sqlite3Fts5ConfigLoad(Fts5Config *pConfig, int iCookie){
+  const char *zSelect = "SELECT k, v FROM %Q.'%q_config'";
+  char *zSql;
+  sqlite3_stmt *p = 0;
+  int rc = SQLITE_OK;
+  int iVersion = 0;
+
+  /* Set default values */
+  pConfig->pgsz = FTS5_DEFAULT_PAGE_SIZE;
+  pConfig->nAutomerge = FTS5_DEFAULT_AUTOMERGE;
+  pConfig->nCrisisMerge = FTS5_DEFAULT_CRISISMERGE;
+  pConfig->nHashSize = FTS5_DEFAULT_HASHSIZE;
+
+  zSql = sqlite3Fts5Mprintf(&rc, zSelect, pConfig->zDb, pConfig->zName);
+  if( zSql ){
+    rc = sqlite3_prepare_v2(pConfig->db, zSql, -1, &p, 0);
+    sqlite3_free(zSql);
+  }
+
+  assert( rc==SQLITE_OK || p==0 );
+  if( rc==SQLITE_OK ){
+    while( SQLITE_ROW==sqlite3_step(p) ){
+      const char *zK = (const char*)sqlite3_column_text(p, 0);
+      sqlite3_value *pVal = sqlite3_column_value(p, 1);
+      if( 0==sqlite3_stricmp(zK, "version") ){
+        iVersion = sqlite3_value_int(pVal);
+      }else{
+        int bDummy = 0;
+        sqlite3Fts5ConfigSetValue(pConfig, zK, pVal, &bDummy);
+      }
+    }
+    rc = sqlite3_finalize(p);
+  }
+  
+  if( rc==SQLITE_OK && iVersion!=FTS5_CURRENT_VERSION ){
+    rc = SQLITE_ERROR;
+    if( pConfig->pzErrmsg ){
+      assert( 0==*pConfig->pzErrmsg );
+      *pConfig->pzErrmsg = sqlite3_mprintf(
+          "invalid fts5 file format (found %d, expected %d) - run 'rebuild'",
+          iVersion, FTS5_CURRENT_VERSION
+      );
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    pConfig->iCookie = iCookie;
+  }
+  return rc;
+}
+
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+*/
+
+
+
+/* #include "fts5Int.h" */
+/* #include "fts5parse.h" */
+
+/*
+** All token types in the generated fts5parse.h file are greater than 0.
+*/
+#define FTS5_EOF 0
+
+#define FTS5_LARGEST_INT64  (0xffffffff|(((i64)0x7fffffff)<<32))
+
+typedef struct Fts5ExprTerm Fts5ExprTerm;
+
+/*
+** Functions generated by lemon from fts5parse.y.
+*/
+static void *sqlite3Fts5ParserAlloc(void *(*mallocProc)(u64));
+static void sqlite3Fts5ParserFree(void*, void (*freeProc)(void*));
+static void sqlite3Fts5Parser(void*, int, Fts5Token, Fts5Parse*);
+#ifndef NDEBUG
+/* #include <stdio.h> */
+static void sqlite3Fts5ParserTrace(FILE*, char*);
+#endif
+
+
+struct Fts5Expr {
+  Fts5Index *pIndex;
+  Fts5ExprNode *pRoot;
+  int bDesc;                      /* Iterate in descending rowid order */
+  int nPhrase;                    /* Number of phrases in expression */
+  Fts5ExprPhrase **apExprPhrase;  /* Pointers to phrase objects */
+};
+
+/*
+** eType:
+**   Expression node type. Always one of:
+**
+**       FTS5_AND                 (nChild, apChild valid)
+**       FTS5_OR                  (nChild, apChild valid)
+**       FTS5_NOT                 (nChild, apChild valid)
+**       FTS5_STRING              (pNear valid)
+**       FTS5_TERM                (pNear valid)
+*/
+struct Fts5ExprNode {
+  int eType;                      /* Node type */
+  int bEof;                       /* True at EOF */
+  int bNomatch;                   /* True if entry is not a match */
+
+  i64 iRowid;                     /* Current rowid */
+  Fts5ExprNearset *pNear;         /* For FTS5_STRING - cluster of phrases */
+
+  /* Child nodes. For a NOT node, this array always contains 2 entries. For 
+  ** AND or OR nodes, it contains 2 or more entries.  */
+  int nChild;                     /* Number of child nodes */
+  Fts5ExprNode *apChild[1];       /* Array of child nodes */
+};
+
+#define Fts5NodeIsString(p) ((p)->eType==FTS5_TERM || (p)->eType==FTS5_STRING)
+
+/*
+** An instance of the following structure represents a single search term
+** or term prefix.
+*/
+struct Fts5ExprTerm {
+  int bPrefix;                    /* True for a prefix term */
+  char *zTerm;                    /* nul-terminated term */
+  Fts5IndexIter *pIter;           /* Iterator for this term */
+  Fts5ExprTerm *pSynonym;         /* Pointer to first in list of synonyms */
+};
+
+/*
+** A phrase. One or more terms that must appear in a contiguous sequence
+** within a document for it to match.
+*/
+struct Fts5ExprPhrase {
+  Fts5ExprNode *pNode;            /* FTS5_STRING node this phrase is part of */
+  Fts5Buffer poslist;             /* Current position list */
+  int nTerm;                      /* Number of entries in aTerm[] */
+  Fts5ExprTerm aTerm[1];          /* Terms that make up this phrase */
+};
+
+/*
+** One or more phrases that must appear within a certain token distance of
+** each other within each matching document.
+*/
+struct Fts5ExprNearset {
+  int nNear;                      /* NEAR parameter */
+  Fts5Colset *pColset;            /* Columns to search (NULL -> all columns) */
+  int nPhrase;                    /* Number of entries in aPhrase[] array */
+  Fts5ExprPhrase *apPhrase[1];    /* Array of phrase pointers */
+};
+
+
+/*
+** Parse context.
+*/
+struct Fts5Parse {
+  Fts5Config *pConfig;
+  char *zErr;
+  int rc;
+  int nPhrase;                    /* Size of apPhrase array */
+  Fts5ExprPhrase **apPhrase;      /* Array of all phrases */
+  Fts5ExprNode *pExpr;            /* Result of a successful parse */
+};
+
+static void sqlite3Fts5ParseError(Fts5Parse *pParse, const char *zFmt, ...){
+  va_list ap;
+  va_start(ap, zFmt);
+  if( pParse->rc==SQLITE_OK ){
+    pParse->zErr = sqlite3_vmprintf(zFmt, ap);
+    pParse->rc = SQLITE_ERROR;
+  }
+  va_end(ap);
+}
+
+static int fts5ExprIsspace(char t){
+  return t==' ' || t=='\t' || t=='\n' || t=='\r';
+}
+
+/*
+** Read the first token from the nul-terminated string at *pz.
+*/
+static int fts5ExprGetToken(
+  Fts5Parse *pParse, 
+  const char **pz,                /* IN/OUT: Pointer into buffer */
+  Fts5Token *pToken
+){
+  const char *z = *pz;
+  int tok;
+
+  /* Skip past any whitespace */
+  while( fts5ExprIsspace(*z) ) z++;
+
+  pToken->p = z;
+  pToken->n = 1;
+  switch( *z ){
+    case '(':  tok = FTS5_LP;    break;
+    case ')':  tok = FTS5_RP;    break;
+    case '{':  tok = FTS5_LCP;   break;
+    case '}':  tok = FTS5_RCP;   break;
+    case ':':  tok = FTS5_COLON; break;
+    case ',':  tok = FTS5_COMMA; break;
+    case '+':  tok = FTS5_PLUS;  break;
+    case '*':  tok = FTS5_STAR;  break;
+    case '\0': tok = FTS5_EOF;   break;
+
+    case '"': {
+      const char *z2;
+      tok = FTS5_STRING;
+
+      for(z2=&z[1]; 1; z2++){
+        if( z2[0]=='"' ){
+          z2++;
+          if( z2[0]!='"' ) break;
+        }
+        if( z2[0]=='\0' ){
+          sqlite3Fts5ParseError(pParse, "unterminated string");
+          return FTS5_EOF;
+        }
+      }
+      pToken->n = (z2 - z);
+      break;
+    }
+
+    default: {
+      const char *z2;
+      if( sqlite3Fts5IsBareword(z[0])==0 ){
+        sqlite3Fts5ParseError(pParse, "fts5: syntax error near \"%.1s\"", z);
+        return FTS5_EOF;
+      }
+      tok = FTS5_STRING;
+      for(z2=&z[1]; sqlite3Fts5IsBareword(*z2); z2++);
+      pToken->n = (z2 - z);
+      if( pToken->n==2 && memcmp(pToken->p, "OR", 2)==0 )  tok = FTS5_OR;
+      if( pToken->n==3 && memcmp(pToken->p, "NOT", 3)==0 ) tok = FTS5_NOT;
+      if( pToken->n==3 && memcmp(pToken->p, "AND", 3)==0 ) tok = FTS5_AND;
+      break;
+    }
+  }
+
+  *pz = &pToken->p[pToken->n];
+  return tok;
+}
+
+static void *fts5ParseAlloc(u64 t){ return sqlite3_malloc((int)t); }
+static void fts5ParseFree(void *p){ sqlite3_free(p); }
+
+static int sqlite3Fts5ExprNew(
+  Fts5Config *pConfig,            /* FTS5 Configuration */
+  const char *zExpr,              /* Expression text */
+  Fts5Expr **ppNew, 
+  char **pzErr
+){
+  Fts5Parse sParse;
+  Fts5Token token;
+  const char *z = zExpr;
+  int t;                          /* Next token type */
+  void *pEngine;
+  Fts5Expr *pNew;
+
+  *ppNew = 0;
+  *pzErr = 0;
+  memset(&sParse, 0, sizeof(sParse));
+  pEngine = sqlite3Fts5ParserAlloc(fts5ParseAlloc);
+  if( pEngine==0 ){ return SQLITE_NOMEM; }
+  sParse.pConfig = pConfig;
+
+  do {
+    t = fts5ExprGetToken(&sParse, &z, &token);
+    sqlite3Fts5Parser(pEngine, t, token, &sParse);
+  }while( sParse.rc==SQLITE_OK && t!=FTS5_EOF );
+  sqlite3Fts5ParserFree(pEngine, fts5ParseFree);
+
+  assert( sParse.rc!=SQLITE_OK || sParse.zErr==0 );
+  if( sParse.rc==SQLITE_OK ){
+    *ppNew = pNew = sqlite3_malloc(sizeof(Fts5Expr));
+    if( pNew==0 ){
+      sParse.rc = SQLITE_NOMEM;
+      sqlite3Fts5ParseNodeFree(sParse.pExpr);
+    }else{
+      pNew->pRoot = sParse.pExpr;
+      pNew->pIndex = 0;
+      pNew->apExprPhrase = sParse.apPhrase;
+      pNew->nPhrase = sParse.nPhrase;
+      sParse.apPhrase = 0;
+    }
+  }
+
+  sqlite3_free(sParse.apPhrase);
+  *pzErr = sParse.zErr;
+  return sParse.rc;
+}
+
+/*
+** Free the expression node object passed as the only argument.
+*/
+static void sqlite3Fts5ParseNodeFree(Fts5ExprNode *p){
+  if( p ){
+    int i;
+    for(i=0; i<p->nChild; i++){
+      sqlite3Fts5ParseNodeFree(p->apChild[i]);
+    }
+    sqlite3Fts5ParseNearsetFree(p->pNear);
+    sqlite3_free(p);
+  }
+}
+
+/*
+** Free the expression object passed as the only argument.
+*/
+static void sqlite3Fts5ExprFree(Fts5Expr *p){
+  if( p ){
+    sqlite3Fts5ParseNodeFree(p->pRoot);
+    sqlite3_free(p->apExprPhrase);
+    sqlite3_free(p);
+  }
+}
+
+/*
+** Argument pTerm must be a synonym iterator. Return the current rowid
+** that it points to.
+*/
+static i64 fts5ExprSynonymRowid(Fts5ExprTerm *pTerm, int bDesc, int *pbEof){
+  i64 iRet = 0;
+  int bRetValid = 0;
+  Fts5ExprTerm *p;
+
+  assert( pTerm->pSynonym );
+  assert( bDesc==0 || bDesc==1 );
+  for(p=pTerm; p; p=p->pSynonym){
+    if( 0==sqlite3Fts5IterEof(p->pIter) ){
+      i64 iRowid = sqlite3Fts5IterRowid(p->pIter);
+      if( bRetValid==0 || (bDesc!=(iRowid<iRet)) ){
+        iRet = iRowid;
+        bRetValid = 1;
+      }
+    }
+  }
+
+  if( pbEof && bRetValid==0 ) *pbEof = 1;
+  return iRet;
+}
+
+/*
+** Argument pTerm must be a synonym iterator.
+*/
+static int fts5ExprSynonymPoslist(
+  Fts5ExprTerm *pTerm, 
+  Fts5Colset *pColset,
+  i64 iRowid,
+  int *pbDel,                     /* OUT: Caller should sqlite3_free(*pa) */
+  u8 **pa, int *pn
+){
+  Fts5PoslistReader aStatic[4];
+  Fts5PoslistReader *aIter = aStatic;
+  int nIter = 0;
+  int nAlloc = 4;
+  int rc = SQLITE_OK;
+  Fts5ExprTerm *p;
+
+  assert( pTerm->pSynonym );
+  for(p=pTerm; p; p=p->pSynonym){
+    Fts5IndexIter *pIter = p->pIter;
+    if( sqlite3Fts5IterEof(pIter)==0 && sqlite3Fts5IterRowid(pIter)==iRowid ){
+      const u8 *a;
+      int n;
+      i64 dummy;
+      rc = sqlite3Fts5IterPoslist(pIter, pColset, &a, &n, &dummy);
+      if( rc!=SQLITE_OK ) goto synonym_poslist_out;
+      if( nIter==nAlloc ){
+        int nByte = sizeof(Fts5PoslistReader) * nAlloc * 2;
+        Fts5PoslistReader *aNew = (Fts5PoslistReader*)sqlite3_malloc(nByte);
+        if( aNew==0 ){
+          rc = SQLITE_NOMEM;
+          goto synonym_poslist_out;
+        }
+        memcpy(aNew, aIter, sizeof(Fts5PoslistReader) * nIter);
+        nAlloc = nAlloc*2;
+        if( aIter!=aStatic ) sqlite3_free(aIter);
+        aIter = aNew;
+      }
+      sqlite3Fts5PoslistReaderInit(a, n, &aIter[nIter]);
+      assert( aIter[nIter].bEof==0 );
+      nIter++;
+    }
+  }
+
+  assert( *pbDel==0 );
+  if( nIter==1 ){
+    *pa = (u8*)aIter[0].a;
+    *pn = aIter[0].n;
+  }else{
+    Fts5PoslistWriter writer = {0};
+    Fts5Buffer buf = {0,0,0};
+    i64 iPrev = -1;
+    while( 1 ){
+      int i;
+      i64 iMin = FTS5_LARGEST_INT64;
+      for(i=0; i<nIter; i++){
+        if( aIter[i].bEof==0 ){
+          if( aIter[i].iPos==iPrev ){
+            if( sqlite3Fts5PoslistReaderNext(&aIter[i]) ) continue;
+          }
+          if( aIter[i].iPos<iMin ){
+            iMin = aIter[i].iPos;
+          }
+        }
+      }
+      if( iMin==FTS5_LARGEST_INT64 || rc!=SQLITE_OK ) break;
+      rc = sqlite3Fts5PoslistWriterAppend(&buf, &writer, iMin);
+      iPrev = iMin;
+    }
+    if( rc ){
+      sqlite3_free(buf.p);
+    }else{
+      *pa = buf.p;
+      *pn = buf.n;
+      *pbDel = 1;
+    }
+  }
+
+ synonym_poslist_out:
+  if( aIter!=aStatic ) sqlite3_free(aIter);
+  return rc;
+}
+
+
+/*
+** All individual term iterators in pPhrase are guaranteed to be valid and
+** pointing to the same rowid when this function is called. This function 
+** checks if the current rowid really is a match, and if so populates
+** the pPhrase->poslist buffer accordingly. Output parameter *pbMatch
+** is set to true if this is really a match, or false otherwise.
+**
+** SQLITE_OK is returned if an error occurs, or an SQLite error code 
+** otherwise. It is not considered an error code if the current rowid is 
+** not a match.
+*/
+static int fts5ExprPhraseIsMatch(
+  Fts5ExprNode *pNode,            /* Node pPhrase belongs to */
+  Fts5Colset *pColset,            /* Restrict matches to these columns */
+  Fts5ExprPhrase *pPhrase,        /* Phrase object to initialize */
+  int *pbMatch                    /* OUT: Set to true if really a match */
+){
+  Fts5PoslistWriter writer = {0};
+  Fts5PoslistReader aStatic[4];
+  Fts5PoslistReader *aIter = aStatic;
+  int i;
+  int rc = SQLITE_OK;
+  
+  fts5BufferZero(&pPhrase->poslist);
+
+  /* If the aStatic[] array is not large enough, allocate a large array
+  ** using sqlite3_malloc(). This approach could be improved upon. */
+  if( pPhrase->nTerm>(int)ArraySize(aStatic) ){
+    int nByte = sizeof(Fts5PoslistReader) * pPhrase->nTerm;
+    aIter = (Fts5PoslistReader*)sqlite3_malloc(nByte);
+    if( !aIter ) return SQLITE_NOMEM;
+  }
+  memset(aIter, 0, sizeof(Fts5PoslistReader) * pPhrase->nTerm);
+
+  /* Initialize a term iterator for each term in the phrase */
+  for(i=0; i<pPhrase->nTerm; i++){
+    Fts5ExprTerm *pTerm = &pPhrase->aTerm[i];
+    i64 dummy;
+    int n = 0;
+    int bFlag = 0;
+    const u8 *a = 0;
+    if( pTerm->pSynonym ){
+      rc = fts5ExprSynonymPoslist(
+          pTerm, pColset, pNode->iRowid, &bFlag, (u8**)&a, &n
+      );
+    }else{
+      rc = sqlite3Fts5IterPoslist(pTerm->pIter, pColset, &a, &n, &dummy);
+    }
+    if( rc!=SQLITE_OK ) goto ismatch_out;
+    sqlite3Fts5PoslistReaderInit(a, n, &aIter[i]);
+    aIter[i].bFlag = (u8)bFlag;
+    if( aIter[i].bEof ) goto ismatch_out;
+  }
+
+  while( 1 ){
+    int bMatch;
+    i64 iPos = aIter[0].iPos;
+    do {
+      bMatch = 1;
+      for(i=0; i<pPhrase->nTerm; i++){
+        Fts5PoslistReader *pPos = &aIter[i];
+        i64 iAdj = iPos + i;
+        if( pPos->iPos!=iAdj ){
+          bMatch = 0;
+          while( pPos->iPos<iAdj ){
+            if( sqlite3Fts5PoslistReaderNext(pPos) ) goto ismatch_out;
+          }
+          if( pPos->iPos>iAdj ) iPos = pPos->iPos-i;
+        }
+      }
+    }while( bMatch==0 );
+
+    /* Append position iPos to the output */
+    rc = sqlite3Fts5PoslistWriterAppend(&pPhrase->poslist, &writer, iPos);
+    if( rc!=SQLITE_OK ) goto ismatch_out;
+
+    for(i=0; i<pPhrase->nTerm; i++){
+      if( sqlite3Fts5PoslistReaderNext(&aIter[i]) ) goto ismatch_out;
+    }
+  }
+
+ ismatch_out:
+  *pbMatch = (pPhrase->poslist.n>0);
+  for(i=0; i<pPhrase->nTerm; i++){
+    if( aIter[i].bFlag ) sqlite3_free((u8*)aIter[i].a);
+  }
+  if( aIter!=aStatic ) sqlite3_free(aIter);
+  return rc;
+}
+
+typedef struct Fts5LookaheadReader Fts5LookaheadReader;
+struct Fts5LookaheadReader {
+  const u8 *a;                    /* Buffer containing position list */
+  int n;                          /* Size of buffer a[] in bytes */
+  int i;                          /* Current offset in position list */
+  i64 iPos;                       /* Current position */
+  i64 iLookahead;                 /* Next position */
+};
+
+#define FTS5_LOOKAHEAD_EOF (((i64)1) << 62)
+
+static int fts5LookaheadReaderNext(Fts5LookaheadReader *p){
+  p->iPos = p->iLookahead;
+  if( sqlite3Fts5PoslistNext64(p->a, p->n, &p->i, &p->iLookahead) ){
+    p->iLookahead = FTS5_LOOKAHEAD_EOF;
+  }
+  return (p->iPos==FTS5_LOOKAHEAD_EOF);
+}
+
+static int fts5LookaheadReaderInit(
+  const u8 *a, int n,             /* Buffer to read position list from */
+  Fts5LookaheadReader *p          /* Iterator object to initialize */
+){
+  memset(p, 0, sizeof(Fts5LookaheadReader));
+  p->a = a;
+  p->n = n;
+  fts5LookaheadReaderNext(p);
+  return fts5LookaheadReaderNext(p);
+}
+
+#if 0
+static int fts5LookaheadReaderEof(Fts5LookaheadReader *p){
+  return (p->iPos==FTS5_LOOKAHEAD_EOF);
+}
+#endif
+
+typedef struct Fts5NearTrimmer Fts5NearTrimmer;
+struct Fts5NearTrimmer {
+  Fts5LookaheadReader reader;     /* Input iterator */
+  Fts5PoslistWriter writer;       /* Writer context */
+  Fts5Buffer *pOut;               /* Output poslist */
+};
+
+/*
+** The near-set object passed as the first argument contains more than
+** one phrase. All phrases currently point to the same row. The
+** Fts5ExprPhrase.poslist buffers are populated accordingly. This function
+** tests if the current row contains instances of each phrase sufficiently
+** close together to meet the NEAR constraint. Non-zero is returned if it
+** does, or zero otherwise.
+**
+** If in/out parameter (*pRc) is set to other than SQLITE_OK when this
+** function is called, it is a no-op. Or, if an error (e.g. SQLITE_NOMEM)
+** occurs within this function (*pRc) is set accordingly before returning.
+** The return value is undefined in both these cases.
+** 
+** If no error occurs and non-zero (a match) is returned, the position-list
+** of each phrase object is edited to contain only those entries that
+** meet the constraint before returning.
+*/
+static int fts5ExprNearIsMatch(int *pRc, Fts5ExprNearset *pNear){
+  Fts5NearTrimmer aStatic[4];
+  Fts5NearTrimmer *a = aStatic;
+  Fts5ExprPhrase **apPhrase = pNear->apPhrase;
+
+  int i;
+  int rc = *pRc;
+  int bMatch;
+
+  assert( pNear->nPhrase>1 );
+
+  /* If the aStatic[] array is not large enough, allocate a large array
+  ** using sqlite3_malloc(). This approach could be improved upon. */
+  if( pNear->nPhrase>(int)ArraySize(aStatic) ){
+    int nByte = sizeof(Fts5NearTrimmer) * pNear->nPhrase;
+    a = (Fts5NearTrimmer*)sqlite3Fts5MallocZero(&rc, nByte);
+  }else{
+    memset(aStatic, 0, sizeof(aStatic));
+  }
+  if( rc!=SQLITE_OK ){
+    *pRc = rc;
+    return 0;
+  }
+
+  /* Initialize a lookahead iterator for each phrase. After passing the
+  ** buffer and buffer size to the lookaside-reader init function, zero
+  ** the phrase poslist buffer. The new poslist for the phrase (containing
+  ** the same entries as the original with some entries removed on account 
+  ** of the NEAR constraint) is written over the original even as it is
+  ** being read. This is safe as the entries for the new poslist are a
+  ** subset of the old, so it is not possible for data yet to be read to
+  ** be overwritten.  */
+  for(i=0; i<pNear->nPhrase; i++){
+    Fts5Buffer *pPoslist = &apPhrase[i]->poslist;
+    fts5LookaheadReaderInit(pPoslist->p, pPoslist->n, &a[i].reader);
+    pPoslist->n = 0;
+    a[i].pOut = pPoslist;
+  }
+
+  while( 1 ){
+    int iAdv;
+    i64 iMin;
+    i64 iMax;
+
+    /* This block advances the phrase iterators until they point to a set of
+    ** entries that together comprise a match.  */
+    iMax = a[0].reader.iPos;
+    do {
+      bMatch = 1;
+      for(i=0; i<pNear->nPhrase; i++){
+        Fts5LookaheadReader *pPos = &a[i].reader;
+        iMin = iMax - pNear->apPhrase[i]->nTerm - pNear->nNear;
+        if( pPos->iPos<iMin || pPos->iPos>iMax ){
+          bMatch = 0;
+          while( pPos->iPos<iMin ){
+            if( fts5LookaheadReaderNext(pPos) ) goto ismatch_out;
+          }
+          if( pPos->iPos>iMax ) iMax = pPos->iPos;
+        }
+      }
+    }while( bMatch==0 );
+
+    /* Add an entry to each output position list */
+    for(i=0; i<pNear->nPhrase; i++){
+      i64 iPos = a[i].reader.iPos;
+      Fts5PoslistWriter *pWriter = &a[i].writer;
+      if( a[i].pOut->n==0 || iPos!=pWriter->iPrev ){
+        sqlite3Fts5PoslistWriterAppend(a[i].pOut, pWriter, iPos);
+      }
+    }
+
+    iAdv = 0;
+    iMin = a[0].reader.iLookahead;
+    for(i=0; i<pNear->nPhrase; i++){
+      if( a[i].reader.iLookahead < iMin ){
+        iMin = a[i].reader.iLookahead;
+        iAdv = i;
+      }
+    }
+    if( fts5LookaheadReaderNext(&a[iAdv].reader) ) goto ismatch_out;
+  }
+
+  ismatch_out: {
+    int bRet = a[0].pOut->n>0;
+    *pRc = rc;
+    if( a!=aStatic ) sqlite3_free(a);
+    return bRet;
+  }
+}
+
+/*
+** Advance the first term iterator in the first phrase of pNear. Set output
+** variable *pbEof to true if it reaches EOF or if an error occurs.
+**
+** Return SQLITE_OK if successful, or an SQLite error code if an error
+** occurs.
+*/
+static int fts5ExprNearAdvanceFirst(
+  Fts5Expr *pExpr,                /* Expression pPhrase belongs to */
+  Fts5ExprNode *pNode,            /* FTS5_STRING or FTS5_TERM node */
+  int bFromValid,
+  i64 iFrom 
+){
+  Fts5ExprTerm *pTerm = &pNode->pNear->apPhrase[0]->aTerm[0];
+  int rc = SQLITE_OK;
+
+  if( pTerm->pSynonym ){
+    int bEof = 1;
+    Fts5ExprTerm *p;
+
+    /* Find the firstest rowid any synonym points to. */
+    i64 iRowid = fts5ExprSynonymRowid(pTerm, pExpr->bDesc, 0);
+
+    /* Advance each iterator that currently points to iRowid. Or, if iFrom
+    ** is valid - each iterator that points to a rowid before iFrom.  */
+    for(p=pTerm; p; p=p->pSynonym){
+      if( sqlite3Fts5IterEof(p->pIter)==0 ){
+        i64 ii = sqlite3Fts5IterRowid(p->pIter);
+        if( ii==iRowid 
+         || (bFromValid && ii!=iFrom && (ii>iFrom)==pExpr->bDesc) 
+        ){
+          if( bFromValid ){
+            rc = sqlite3Fts5IterNextFrom(p->pIter, iFrom);
+          }else{
+            rc = sqlite3Fts5IterNext(p->pIter);
+          }
+          if( rc!=SQLITE_OK ) break;
+          if( sqlite3Fts5IterEof(p->pIter)==0 ){
+            bEof = 0;
+          }
+        }else{
+          bEof = 0;
+        }
+      }
+    }
+
+    /* Set the EOF flag if either all synonym iterators are at EOF or an
+    ** error has occurred.  */
+    pNode->bEof = (rc || bEof);
+  }else{
+    Fts5IndexIter *pIter = pTerm->pIter;
+
+    assert( Fts5NodeIsString(pNode) );
+    if( bFromValid ){
+      rc = sqlite3Fts5IterNextFrom(pIter, iFrom);
+    }else{
+      rc = sqlite3Fts5IterNext(pIter);
+    }
+
+    pNode->bEof = (rc || sqlite3Fts5IterEof(pIter));
+  }
+
+  return rc;
+}
+
+/*
+** Advance iterator pIter until it points to a value equal to or laster
+** than the initial value of *piLast. If this means the iterator points
+** to a value laster than *piLast, update *piLast to the new lastest value.
+**
+** If the iterator reaches EOF, set *pbEof to true before returning. If
+** an error occurs, set *pRc to an error code. If either *pbEof or *pRc
+** are set, return a non-zero value. Otherwise, return zero.
+*/
+static int fts5ExprAdvanceto(
+  Fts5IndexIter *pIter,           /* Iterator to advance */
+  int bDesc,                      /* True if iterator is "rowid DESC" */
+  i64 *piLast,                    /* IN/OUT: Lastest rowid seen so far */
+  int *pRc,                       /* OUT: Error code */
+  int *pbEof                      /* OUT: Set to true if EOF */
+){
+  i64 iLast = *piLast;
+  i64 iRowid;
+
+  iRowid = sqlite3Fts5IterRowid(pIter);
+  if( (bDesc==0 && iLast>iRowid) || (bDesc && iLast<iRowid) ){
+    int rc = sqlite3Fts5IterNextFrom(pIter, iLast);
+    if( rc || sqlite3Fts5IterEof(pIter) ){
+      *pRc = rc;
+      *pbEof = 1;
+      return 1;
+    }
+    iRowid = sqlite3Fts5IterRowid(pIter);
+    assert( (bDesc==0 && iRowid>=iLast) || (bDesc==1 && iRowid<=iLast) );
+  }
+  *piLast = iRowid;
+
+  return 0;
+}
+
+static int fts5ExprSynonymAdvanceto(
+  Fts5ExprTerm *pTerm,            /* Term iterator to advance */
+  int bDesc,                      /* True if iterator is "rowid DESC" */
+  i64 *piLast,                    /* IN/OUT: Lastest rowid seen so far */
+  int *pRc                        /* OUT: Error code */
+){
+  int rc = SQLITE_OK;
+  i64 iLast = *piLast;
+  Fts5ExprTerm *p;
+  int bEof = 0;
+
+  for(p=pTerm; rc==SQLITE_OK && p; p=p->pSynonym){
+    if( sqlite3Fts5IterEof(p->pIter)==0 ){
+      i64 iRowid = sqlite3Fts5IterRowid(p->pIter);
+      if( (bDesc==0 && iLast>iRowid) || (bDesc && iLast<iRowid) ){
+        rc = sqlite3Fts5IterNextFrom(p->pIter, iLast);
+      }
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    *pRc = rc;
+    bEof = 1;
+  }else{
+    *piLast = fts5ExprSynonymRowid(pTerm, bDesc, &bEof);
+  }
+  return bEof;
+}
+
+
+static int fts5ExprNearTest(
+  int *pRc,
+  Fts5Expr *pExpr,                /* Expression that pNear is a part of */
+  Fts5ExprNode *pNode             /* The "NEAR" node (FTS5_STRING) */
+){
+  Fts5ExprNearset *pNear = pNode->pNear;
+  int rc = *pRc;
+  int i;
+
+  /* Check that each phrase in the nearset matches the current row.
+  ** Populate the pPhrase->poslist buffers at the same time. If any
+  ** phrase is not a match, break out of the loop early.  */
+  for(i=0; rc==SQLITE_OK && i<pNear->nPhrase; i++){
+    Fts5ExprPhrase *pPhrase = pNear->apPhrase[i];
+    if( pPhrase->nTerm>1 || pPhrase->aTerm[0].pSynonym || pNear->pColset ){
+      int bMatch = 0;
+      rc = fts5ExprPhraseIsMatch(pNode, pNear->pColset, pPhrase, &bMatch);
+      if( bMatch==0 ) break;
+    }else{
+      rc = sqlite3Fts5IterPoslistBuffer(
+          pPhrase->aTerm[0].pIter, &pPhrase->poslist
+      );
+    }
+  }
+
+  *pRc = rc;
+  if( i==pNear->nPhrase && (i==1 || fts5ExprNearIsMatch(pRc, pNear)) ){
+    return 1;
+  }
+
+  return 0;
+}
+
+static int fts5ExprTokenTest(
+  Fts5Expr *pExpr,                /* Expression that pNear is a part of */
+  Fts5ExprNode *pNode             /* The "NEAR" node (FTS5_TERM) */
+){
+  /* As this "NEAR" object is actually a single phrase that consists 
+  ** of a single term only, grab pointers into the poslist managed by the
+  ** fts5_index.c iterator object. This is much faster than synthesizing 
+  ** a new poslist the way we have to for more complicated phrase or NEAR
+  ** expressions.  */
+  Fts5ExprNearset *pNear = pNode->pNear;
+  Fts5ExprPhrase *pPhrase = pNear->apPhrase[0];
+  Fts5IndexIter *pIter = pPhrase->aTerm[0].pIter;
+  Fts5Colset *pColset = pNear->pColset;
+  int rc;
+
+  assert( pNode->eType==FTS5_TERM );
+  assert( pNear->nPhrase==1 && pPhrase->nTerm==1 );
+  assert( pPhrase->aTerm[0].pSynonym==0 );
+
+  rc = sqlite3Fts5IterPoslist(pIter, pColset, 
+      (const u8**)&pPhrase->poslist.p, &pPhrase->poslist.n, &pNode->iRowid
+  );
+  pNode->bNomatch = (pPhrase->poslist.n==0);
+  return rc;
+}
+
+/*
+** All individual term iterators in pNear are guaranteed to be valid when
+** this function is called. This function checks if all term iterators
+** point to the same rowid, and if not, advances them until they do.
+** If an EOF is reached before this happens, *pbEof is set to true before
+** returning.
+**
+** SQLITE_OK is returned if an error occurs, or an SQLite error code 
+** otherwise. It is not considered an error code if an iterator reaches
+** EOF.
+*/
+static int fts5ExprNearNextMatch(
+  Fts5Expr *pExpr,                /* Expression pPhrase belongs to */
+  Fts5ExprNode *pNode
+){
+  Fts5ExprNearset *pNear = pNode->pNear;
+  Fts5ExprPhrase *pLeft = pNear->apPhrase[0];
+  int rc = SQLITE_OK;
+  i64 iLast;                      /* Lastest rowid any iterator points to */
+  int i, j;                       /* Phrase and token index, respectively */
+  int bMatch;                     /* True if all terms are at the same rowid */
+  const int bDesc = pExpr->bDesc;
+
+  /* Check that this node should not be FTS5_TERM */
+  assert( pNear->nPhrase>1 
+       || pNear->apPhrase[0]->nTerm>1 
+       || pNear->apPhrase[0]->aTerm[0].pSynonym
+  );
+
+  /* Initialize iLast, the "lastest" rowid any iterator points to. If the
+  ** iterator skips through rowids in the default ascending order, this means
+  ** the maximum rowid. Or, if the iterator is "ORDER BY rowid DESC", then it
+  ** means the minimum rowid.  */
+  if( pLeft->aTerm[0].pSynonym ){
+    iLast = fts5ExprSynonymRowid(&pLeft->aTerm[0], bDesc, 0);
+  }else{
+    iLast = sqlite3Fts5IterRowid(pLeft->aTerm[0].pIter);
+  }
+
+  do {
+    bMatch = 1;
+    for(i=0; i<pNear->nPhrase; i++){
+      Fts5ExprPhrase *pPhrase = pNear->apPhrase[i];
+      for(j=0; j<pPhrase->nTerm; j++){
+        Fts5ExprTerm *pTerm = &pPhrase->aTerm[j];
+        if( pTerm->pSynonym ){
+          i64 iRowid = fts5ExprSynonymRowid(pTerm, bDesc, 0);
+          if( iRowid==iLast ) continue;
+          bMatch = 0;
+          if( fts5ExprSynonymAdvanceto(pTerm, bDesc, &iLast, &rc) ){
+            pNode->bEof = 1;
+            return rc;
+          }
+        }else{
+          Fts5IndexIter *pIter = pPhrase->aTerm[j].pIter;
+          i64 iRowid = sqlite3Fts5IterRowid(pIter);
+          if( iRowid==iLast ) continue;
+          bMatch = 0;
+          if( fts5ExprAdvanceto(pIter, bDesc, &iLast, &rc, &pNode->bEof) ){
+            return rc;
+          }
+        }
+      }
+    }
+  }while( bMatch==0 );
+
+  pNode->iRowid = iLast;
+  pNode->bNomatch = (0==fts5ExprNearTest(&rc, pExpr, pNode));
+
+  return rc;
+}
+
+/*
+** Initialize all term iterators in the pNear object. If any term is found
+** to match no documents at all, return immediately without initializing any
+** further iterators.
+*/
+static int fts5ExprNearInitAll(
+  Fts5Expr *pExpr,
+  Fts5ExprNode *pNode
+){
+  Fts5ExprNearset *pNear = pNode->pNear;
+  int i, j;
+  int rc = SQLITE_OK;
+
+  for(i=0; rc==SQLITE_OK && i<pNear->nPhrase; i++){
+    Fts5ExprPhrase *pPhrase = pNear->apPhrase[i];
+    for(j=0; j<pPhrase->nTerm; j++){
+      Fts5ExprTerm *pTerm = &pPhrase->aTerm[j];
+      Fts5ExprTerm *p;
+      int bEof = 1;
+
+      for(p=pTerm; p && rc==SQLITE_OK; p=p->pSynonym){
+        if( p->pIter ){
+          sqlite3Fts5IterClose(p->pIter);
+          p->pIter = 0;
+        }
+        rc = sqlite3Fts5IndexQuery(
+            pExpr->pIndex, p->zTerm, (int)strlen(p->zTerm),
+            (pTerm->bPrefix ? FTS5INDEX_QUERY_PREFIX : 0) |
+            (pExpr->bDesc ? FTS5INDEX_QUERY_DESC : 0),
+            pNear->pColset,
+            &p->pIter
+        );
+        assert( rc==SQLITE_OK || p->pIter==0 );
+        if( p->pIter && 0==sqlite3Fts5IterEof(p->pIter) ){
+          bEof = 0;
+        }
+      }
+
+      if( bEof ){
+        pNode->bEof = 1;
+        return rc;
+      }
+    }
+  }
+
+  return rc;
+}
+
+/* fts5ExprNodeNext() calls fts5ExprNodeNextMatch(). And vice-versa. */
+static int fts5ExprNodeNextMatch(Fts5Expr*, Fts5ExprNode*);
+
+
+/*
+** If pExpr is an ASC iterator, this function returns a value with the
+** same sign as:
+**
+**   (iLhs - iRhs)
+**
+** Otherwise, if this is a DESC iterator, the opposite is returned:
+**
+**   (iRhs - iLhs)
+*/
+static int fts5RowidCmp(
+  Fts5Expr *pExpr,
+  i64 iLhs,
+  i64 iRhs
+){
+  assert( pExpr->bDesc==0 || pExpr->bDesc==1 );
+  if( pExpr->bDesc==0 ){
+    if( iLhs<iRhs ) return -1;
+    return (iLhs > iRhs);
+  }else{
+    if( iLhs>iRhs ) return -1;
+    return (iLhs < iRhs);
+  }
+}
+
+static void fts5ExprSetEof(Fts5ExprNode *pNode){
+  int i;
+  pNode->bEof = 1;
+  for(i=0; i<pNode->nChild; i++){
+    fts5ExprSetEof(pNode->apChild[i]);
+  }
+}
+
+static void fts5ExprNodeZeroPoslist(Fts5ExprNode *pNode){
+  if( pNode->eType==FTS5_STRING || pNode->eType==FTS5_TERM ){
+    Fts5ExprNearset *pNear = pNode->pNear;
+    int i;
+    for(i=0; i<pNear->nPhrase; i++){
+      Fts5ExprPhrase *pPhrase = pNear->apPhrase[i];
+      pPhrase->poslist.n = 0;
+    }
+  }else{
+    int i;
+    for(i=0; i<pNode->nChild; i++){
+      fts5ExprNodeZeroPoslist(pNode->apChild[i]);
+    }
+  }
+}
+
+
+static int fts5ExprNodeNext(Fts5Expr*, Fts5ExprNode*, int, i64);
+
+/*
+** Argument pNode is an FTS5_AND node.
+*/
+static int fts5ExprAndNextRowid(
+  Fts5Expr *pExpr,                /* Expression pPhrase belongs to */
+  Fts5ExprNode *pAnd              /* FTS5_AND node to advance */
+){
+  int iChild;
+  i64 iLast = pAnd->iRowid;
+  int rc = SQLITE_OK;
+  int bMatch;
+
+  assert( pAnd->bEof==0 );
+  do {
+    pAnd->bNomatch = 0;
+    bMatch = 1;
+    for(iChild=0; iChild<pAnd->nChild; iChild++){
+      Fts5ExprNode *pChild = pAnd->apChild[iChild];
+      if( 0 && pChild->eType==FTS5_STRING ){
+        /* TODO */
+      }else{
+        int cmp = fts5RowidCmp(pExpr, iLast, pChild->iRowid);
+        if( cmp>0 ){
+          /* Advance pChild until it points to iLast or laster */
+          rc = fts5ExprNodeNext(pExpr, pChild, 1, iLast);
+          if( rc!=SQLITE_OK ) return rc;
+        }
+      }
+
+      /* If the child node is now at EOF, so is the parent AND node. Otherwise,
+      ** the child node is guaranteed to have advanced at least as far as
+      ** rowid iLast. So if it is not at exactly iLast, pChild->iRowid is the
+      ** new lastest rowid seen so far.  */
+      assert( pChild->bEof || fts5RowidCmp(pExpr, iLast, pChild->iRowid)<=0 );
+      if( pChild->bEof ){
+        fts5ExprSetEof(pAnd);
+        bMatch = 1;
+        break;
+      }else if( iLast!=pChild->iRowid ){
+        bMatch = 0;
+        iLast = pChild->iRowid;
+      }
+
+      if( pChild->bNomatch ){
+        pAnd->bNomatch = 1;
+      }
+    }
+  }while( bMatch==0 );
+
+  if( pAnd->bNomatch && pAnd!=pExpr->pRoot ){
+    fts5ExprNodeZeroPoslist(pAnd);
+  }
+  pAnd->iRowid = iLast;
+  return SQLITE_OK;
+}
+
+
+/*
+** Compare the values currently indicated by the two nodes as follows:
+**
+**    res = (*p1) - (*p2)
+**
+** Nodes that point to values that come later in the iteration order are
+** considered to be larger. Nodes at EOF are the largest of all.
+**
+** This means that if the iteration order is ASC, then numerically larger
+** rowids are considered larger. Or if it is the default DESC, numerically
+** smaller rowids are larger.
+*/
+static int fts5NodeCompare(
+  Fts5Expr *pExpr,
+  Fts5ExprNode *p1, 
+  Fts5ExprNode *p2
+){
+  if( p2->bEof ) return -1;
+  if( p1->bEof ) return +1;
+  return fts5RowidCmp(pExpr, p1->iRowid, p2->iRowid);
+}
+
+/*
+** Advance node iterator pNode, part of expression pExpr. If argument
+** bFromValid is zero, then pNode is advanced exactly once. Or, if argument
+** bFromValid is non-zero, then pNode is advanced until it is at or past
+** rowid value iFrom. Whether "past" means "less than" or "greater than"
+** depends on whether this is an ASC or DESC iterator.
+*/
+static int fts5ExprNodeNext(
+  Fts5Expr *pExpr, 
+  Fts5ExprNode *pNode,
+  int bFromValid,
+  i64 iFrom
+){
+  int rc = SQLITE_OK;
+
+  if( pNode->bEof==0 ){
+    switch( pNode->eType ){
+      case FTS5_STRING: {
+        rc = fts5ExprNearAdvanceFirst(pExpr, pNode, bFromValid, iFrom);
+        break;
+      };
+
+      case FTS5_TERM: {
+        Fts5IndexIter *pIter = pNode->pNear->apPhrase[0]->aTerm[0].pIter;
+        if( bFromValid ){
+          rc = sqlite3Fts5IterNextFrom(pIter, iFrom);
+        }else{
+          rc = sqlite3Fts5IterNext(pIter);
+        }
+        if( rc==SQLITE_OK && sqlite3Fts5IterEof(pIter)==0 ){
+          assert( rc==SQLITE_OK );
+          rc = fts5ExprTokenTest(pExpr, pNode);
+        }else{
+          pNode->bEof = 1;
+        }
+        return rc;
+      };
+
+      case FTS5_AND: {
+        Fts5ExprNode *pLeft = pNode->apChild[0];
+        rc = fts5ExprNodeNext(pExpr, pLeft, bFromValid, iFrom);
+        break;
+      }
+
+      case FTS5_OR: {
+        int i;
+        i64 iLast = pNode->iRowid;
+
+        for(i=0; rc==SQLITE_OK && i<pNode->nChild; i++){
+          Fts5ExprNode *p1 = pNode->apChild[i];
+          assert( p1->bEof || fts5RowidCmp(pExpr, p1->iRowid, iLast)>=0 );
+          if( p1->bEof==0 ){
+            if( (p1->iRowid==iLast) 
+             || (bFromValid && fts5RowidCmp(pExpr, p1->iRowid, iFrom)<0)
+            ){
+              rc = fts5ExprNodeNext(pExpr, p1, bFromValid, iFrom);
+            }
+          }
+        }
+
+        break;
+      }
+
+      default: assert( pNode->eType==FTS5_NOT ); {
+        assert( pNode->nChild==2 );
+        rc = fts5ExprNodeNext(pExpr, pNode->apChild[0], bFromValid, iFrom);
+        break;
+      }
+    }
+
+    if( rc==SQLITE_OK ){
+      rc = fts5ExprNodeNextMatch(pExpr, pNode);
+    }
+  }
+
+  /* Assert that if bFromValid was true, either:
+  **
+  **   a) an error occurred, or
+  **   b) the node is now at EOF, or
+  **   c) the node is now at or past rowid iFrom.
+  */
+  assert( bFromValid==0 
+      || rc!=SQLITE_OK                                                  /* a */
+      || pNode->bEof                                                    /* b */
+      || pNode->iRowid==iFrom || pExpr->bDesc==(pNode->iRowid<iFrom)    /* c */
+  );
+
+  return rc;
+}
+
+
+/*
+** If pNode currently points to a match, this function returns SQLITE_OK
+** without modifying it. Otherwise, pNode is advanced until it does point
+** to a match or EOF is reached.
+*/
+static int fts5ExprNodeNextMatch(
+  Fts5Expr *pExpr,                /* Expression of which pNode is a part */
+  Fts5ExprNode *pNode             /* Expression node to test */
+){
+  int rc = SQLITE_OK;
+  if( pNode->bEof==0 ){
+    switch( pNode->eType ){
+
+      case FTS5_STRING: {
+        /* Advance the iterators until they all point to the same rowid */
+        rc = fts5ExprNearNextMatch(pExpr, pNode);
+        break;
+      }
+
+      case FTS5_TERM: {
+        rc = fts5ExprTokenTest(pExpr, pNode);
+        break;
+      }
+
+      case FTS5_AND: {
+        rc = fts5ExprAndNextRowid(pExpr, pNode);
+        break;
+      }
+
+      case FTS5_OR: {
+        Fts5ExprNode *pNext = pNode->apChild[0];
+        int i;
+
+        for(i=1; i<pNode->nChild; i++){
+          Fts5ExprNode *pChild = pNode->apChild[i];
+          int cmp = fts5NodeCompare(pExpr, pNext, pChild);
+          if( cmp>0 || (cmp==0 && pChild->bNomatch==0) ){
+            pNext = pChild;
+          }
+        }
+        pNode->iRowid = pNext->iRowid;
+        pNode->bEof = pNext->bEof;
+        pNode->bNomatch = pNext->bNomatch;
+        break;
+      }
+
+      default: assert( pNode->eType==FTS5_NOT ); {
+        Fts5ExprNode *p1 = pNode->apChild[0];
+        Fts5ExprNode *p2 = pNode->apChild[1];
+        assert( pNode->nChild==2 );
+
+        while( rc==SQLITE_OK && p1->bEof==0 ){
+          int cmp = fts5NodeCompare(pExpr, p1, p2);
+          if( cmp>0 ){
+            rc = fts5ExprNodeNext(pExpr, p2, 1, p1->iRowid);
+            cmp = fts5NodeCompare(pExpr, p1, p2);
+          }
+          assert( rc!=SQLITE_OK || cmp<=0 );
+          if( cmp || p2->bNomatch ) break;
+          rc = fts5ExprNodeNext(pExpr, p1, 0, 0);
+        }
+        pNode->bEof = p1->bEof;
+        pNode->iRowid = p1->iRowid;
+        break;
+      }
+    }
+  }
+  return rc;
+}
+
+ 
+/*
+** Set node pNode, which is part of expression pExpr, to point to the first
+** match. If there are no matches, set the Node.bEof flag to indicate EOF.
+**
+** Return an SQLite error code if an error occurs, or SQLITE_OK otherwise.
+** It is not an error if there are no matches.
+*/
+static int fts5ExprNodeFirst(Fts5Expr *pExpr, Fts5ExprNode *pNode){
+  int rc = SQLITE_OK;
+  pNode->bEof = 0;
+
+  if( Fts5NodeIsString(pNode) ){
+    /* Initialize all term iterators in the NEAR object. */
+    rc = fts5ExprNearInitAll(pExpr, pNode);
+  }else{
+    int i;
+    for(i=0; i<pNode->nChild && rc==SQLITE_OK; i++){
+      rc = fts5ExprNodeFirst(pExpr, pNode->apChild[i]);
+    }
+    pNode->iRowid = pNode->apChild[0]->iRowid;
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = fts5ExprNodeNextMatch(pExpr, pNode);
+  }
+  return rc;
+}
+
+
+/*
+** Begin iterating through the set of documents in index pIdx matched by
+** the MATCH expression passed as the first argument. If the "bDesc" 
+** parameter is passed a non-zero value, iteration is in descending rowid 
+** order. Or, if it is zero, in ascending order.
+**
+** If iterating in ascending rowid order (bDesc==0), the first document
+** visited is that with the smallest rowid that is larger than or equal
+** to parameter iFirst. Or, if iterating in ascending order (bDesc==1),
+** then the first document visited must have a rowid smaller than or
+** equal to iFirst.
+**
+** Return SQLITE_OK if successful, or an SQLite error code otherwise. It
+** is not considered an error if the query does not match any documents.
+*/
+static int sqlite3Fts5ExprFirst(Fts5Expr *p, Fts5Index *pIdx, i64 iFirst, int bDesc){
+  Fts5ExprNode *pRoot = p->pRoot;
+  int rc = SQLITE_OK;
+  if( pRoot ){
+    p->pIndex = pIdx;
+    p->bDesc = bDesc;
+    rc = fts5ExprNodeFirst(p, pRoot);
+
+    /* If not at EOF but the current rowid occurs earlier than iFirst in
+    ** the iteration order, move to document iFirst or later. */
+    if( pRoot->bEof==0 && fts5RowidCmp(p, pRoot->iRowid, iFirst)<0 ){
+      rc = fts5ExprNodeNext(p, pRoot, 1, iFirst);
+    }
+
+    /* If the iterator is not at a real match, skip forward until it is. */
+    while( pRoot->bNomatch && rc==SQLITE_OK && pRoot->bEof==0 ){
+      rc = fts5ExprNodeNext(p, pRoot, 0, 0);
+    }
+  }
+  return rc;
+}
+
+/*
+** Move to the next document 
+**
+** Return SQLITE_OK if successful, or an SQLite error code otherwise. It
+** is not considered an error if the query does not match any documents.
+*/
+static int sqlite3Fts5ExprNext(Fts5Expr *p, i64 iLast){
+  int rc;
+  Fts5ExprNode *pRoot = p->pRoot;
+  do {
+    rc = fts5ExprNodeNext(p, pRoot, 0, 0);
+  }while( pRoot->bNomatch && pRoot->bEof==0 && rc==SQLITE_OK );
+  if( fts5RowidCmp(p, pRoot->iRowid, iLast)>0 ){
+    pRoot->bEof = 1;
+  }
+  return rc;
+}
+
+static int sqlite3Fts5ExprEof(Fts5Expr *p){
+  return (p->pRoot==0 || p->pRoot->bEof);
+}
+
+static i64 sqlite3Fts5ExprRowid(Fts5Expr *p){
+  return p->pRoot->iRowid;
+}
+
+static int fts5ParseStringFromToken(Fts5Token *pToken, char **pz){
+  int rc = SQLITE_OK;
+  *pz = sqlite3Fts5Strndup(&rc, pToken->p, pToken->n);
+  return rc;
+}
+
+/*
+** Free the phrase object passed as the only argument.
+*/
+static void fts5ExprPhraseFree(Fts5ExprPhrase *pPhrase){
+  if( pPhrase ){
+    int i;
+    for(i=0; i<pPhrase->nTerm; i++){
+      Fts5ExprTerm *pSyn;
+      Fts5ExprTerm *pNext;
+      Fts5ExprTerm *pTerm = &pPhrase->aTerm[i];
+      sqlite3_free(pTerm->zTerm);
+      sqlite3Fts5IterClose(pTerm->pIter);
+
+      for(pSyn=pTerm->pSynonym; pSyn; pSyn=pNext){
+        pNext = pSyn->pSynonym;
+        sqlite3Fts5IterClose(pSyn->pIter);
+        sqlite3_free(pSyn);
+      }
+    }
+    if( pPhrase->poslist.nSpace>0 ) fts5BufferFree(&pPhrase->poslist);
+    sqlite3_free(pPhrase);
+  }
+}
+
+/*
+** If argument pNear is NULL, then a new Fts5ExprNearset object is allocated
+** and populated with pPhrase. Or, if pNear is not NULL, phrase pPhrase is
+** appended to it and the results returned.
+**
+** If an OOM error occurs, both the pNear and pPhrase objects are freed and
+** NULL returned.
+*/
+static Fts5ExprNearset *sqlite3Fts5ParseNearset(
+  Fts5Parse *pParse,              /* Parse context */
+  Fts5ExprNearset *pNear,         /* Existing nearset, or NULL */
+  Fts5ExprPhrase *pPhrase         /* Recently parsed phrase */
+){
+  const int SZALLOC = 8;
+  Fts5ExprNearset *pRet = 0;
+
+  if( pParse->rc==SQLITE_OK ){
+    if( pPhrase==0 ){
+      return pNear;
+    }
+    if( pNear==0 ){
+      int nByte = sizeof(Fts5ExprNearset) + SZALLOC * sizeof(Fts5ExprPhrase*);
+      pRet = sqlite3_malloc(nByte);
+      if( pRet==0 ){
+        pParse->rc = SQLITE_NOMEM;
+      }else{
+        memset(pRet, 0, nByte);
+      }
+    }else if( (pNear->nPhrase % SZALLOC)==0 ){
+      int nNew = pNear->nPhrase + SZALLOC;
+      int nByte = sizeof(Fts5ExprNearset) + nNew * sizeof(Fts5ExprPhrase*);
+
+      pRet = (Fts5ExprNearset*)sqlite3_realloc(pNear, nByte);
+      if( pRet==0 ){
+        pParse->rc = SQLITE_NOMEM;
+      }
+    }else{
+      pRet = pNear;
+    }
+  }
+
+  if( pRet==0 ){
+    assert( pParse->rc!=SQLITE_OK );
+    sqlite3Fts5ParseNearsetFree(pNear);
+    sqlite3Fts5ParsePhraseFree(pPhrase);
+  }else{
+    pRet->apPhrase[pRet->nPhrase++] = pPhrase;
+  }
+  return pRet;
+}
+
+typedef struct TokenCtx TokenCtx;
+struct TokenCtx {
+  Fts5ExprPhrase *pPhrase;
+  int rc;
+};
+
+/*
+** Callback for tokenizing terms used by ParseTerm().
+*/
+static int fts5ParseTokenize(
+  void *pContext,                 /* Pointer to Fts5InsertCtx object */
+  int tflags,                     /* Mask of FTS5_TOKEN_* flags */
+  const char *pToken,             /* Buffer containing token */
+  int nToken,                     /* Size of token in bytes */
+  int iUnused1,                   /* Start offset of token */
+  int iUnused2                    /* End offset of token */
+){
+  int rc = SQLITE_OK;
+  const int SZALLOC = 8;
+  TokenCtx *pCtx = (TokenCtx*)pContext;
+  Fts5ExprPhrase *pPhrase = pCtx->pPhrase;
+
+  /* If an error has already occurred, this is a no-op */
+  if( pCtx->rc!=SQLITE_OK ) return pCtx->rc;
+
+  assert( pPhrase==0 || pPhrase->nTerm>0 );
+  if( pPhrase && (tflags & FTS5_TOKEN_COLOCATED) ){
+    Fts5ExprTerm *pSyn;
+    int nByte = sizeof(Fts5ExprTerm) + nToken+1;
+    pSyn = (Fts5ExprTerm*)sqlite3_malloc(nByte);
+    if( pSyn==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      memset(pSyn, 0, nByte);
+      pSyn->zTerm = (char*)&pSyn[1];
+      memcpy(pSyn->zTerm, pToken, nToken);
+      pSyn->pSynonym = pPhrase->aTerm[pPhrase->nTerm-1].pSynonym;
+      pPhrase->aTerm[pPhrase->nTerm-1].pSynonym = pSyn;
+    }
+  }else{
+    Fts5ExprTerm *pTerm;
+    if( pPhrase==0 || (pPhrase->nTerm % SZALLOC)==0 ){
+      Fts5ExprPhrase *pNew;
+      int nNew = SZALLOC + (pPhrase ? pPhrase->nTerm : 0);
+
+      pNew = (Fts5ExprPhrase*)sqlite3_realloc(pPhrase, 
+          sizeof(Fts5ExprPhrase) + sizeof(Fts5ExprTerm) * nNew
+      );
+      if( pNew==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        if( pPhrase==0 ) memset(pNew, 0, sizeof(Fts5ExprPhrase));
+        pCtx->pPhrase = pPhrase = pNew;
+        pNew->nTerm = nNew - SZALLOC;
+      }
+    }
+
+    if( rc==SQLITE_OK ){
+      pTerm = &pPhrase->aTerm[pPhrase->nTerm++];
+      memset(pTerm, 0, sizeof(Fts5ExprTerm));
+      pTerm->zTerm = sqlite3Fts5Strndup(&rc, pToken, nToken);
+    }
+  }
+
+  pCtx->rc = rc;
+  return rc;
+}
+
+
+/*
+** Free the phrase object passed as the only argument.
+*/
+static void sqlite3Fts5ParsePhraseFree(Fts5ExprPhrase *pPhrase){
+  fts5ExprPhraseFree(pPhrase);
+}
+
+/*
+** Free the phrase object passed as the second argument.
+*/
+static void sqlite3Fts5ParseNearsetFree(Fts5ExprNearset *pNear){
+  if( pNear ){
+    int i;
+    for(i=0; i<pNear->nPhrase; i++){
+      fts5ExprPhraseFree(pNear->apPhrase[i]);
+    }
+    sqlite3_free(pNear->pColset);
+    sqlite3_free(pNear);
+  }
+}
+
+static void sqlite3Fts5ParseFinished(Fts5Parse *pParse, Fts5ExprNode *p){
+  assert( pParse->pExpr==0 );
+  pParse->pExpr = p;
+}
+
+/*
+** This function is called by the parser to process a string token. The
+** string may or may not be quoted. In any case it is tokenized and a
+** phrase object consisting of all tokens returned.
+*/
+static Fts5ExprPhrase *sqlite3Fts5ParseTerm(
+  Fts5Parse *pParse,              /* Parse context */
+  Fts5ExprPhrase *pAppend,        /* Phrase to append to */
+  Fts5Token *pToken,              /* String to tokenize */
+  int bPrefix                     /* True if there is a trailing "*" */
+){
+  Fts5Config *pConfig = pParse->pConfig;
+  TokenCtx sCtx;                  /* Context object passed to callback */
+  int rc;                         /* Tokenize return code */
+  char *z = 0;
+
+  memset(&sCtx, 0, sizeof(TokenCtx));
+  sCtx.pPhrase = pAppend;
+
+  rc = fts5ParseStringFromToken(pToken, &z);
+  if( rc==SQLITE_OK ){
+    int flags = FTS5_TOKENIZE_QUERY | (bPrefix ? FTS5_TOKENIZE_QUERY : 0);
+    int n;
+    sqlite3Fts5Dequote(z);
+    n = (int)strlen(z);
+    rc = sqlite3Fts5Tokenize(pConfig, flags, z, n, &sCtx, fts5ParseTokenize);
+  }
+  sqlite3_free(z);
+  if( rc || (rc = sCtx.rc) ){
+    pParse->rc = rc;
+    fts5ExprPhraseFree(sCtx.pPhrase);
+    sCtx.pPhrase = 0;
+  }else if( sCtx.pPhrase ){
+
+    if( pAppend==0 ){
+      if( (pParse->nPhrase % 8)==0 ){
+        int nByte = sizeof(Fts5ExprPhrase*) * (pParse->nPhrase + 8);
+        Fts5ExprPhrase **apNew;
+        apNew = (Fts5ExprPhrase**)sqlite3_realloc(pParse->apPhrase, nByte);
+        if( apNew==0 ){
+          pParse->rc = SQLITE_NOMEM;
+          fts5ExprPhraseFree(sCtx.pPhrase);
+          return 0;
+        }
+        pParse->apPhrase = apNew;
+      }
+      pParse->nPhrase++;
+    }
+
+    pParse->apPhrase[pParse->nPhrase-1] = sCtx.pPhrase;
+    assert( sCtx.pPhrase->nTerm>0 );
+    sCtx.pPhrase->aTerm[sCtx.pPhrase->nTerm-1].bPrefix = bPrefix;
+  }
+
+  return sCtx.pPhrase;
+}
+
+/*
+** Create a new FTS5 expression by cloning phrase iPhrase of the
+** expression passed as the second argument.
+*/
+static int sqlite3Fts5ExprClonePhrase(
+  Fts5Config *pConfig,
+  Fts5Expr *pExpr, 
+  int iPhrase, 
+  Fts5Expr **ppNew
+){
+  int rc = SQLITE_OK;             /* Return code */
+  Fts5ExprPhrase *pOrig;          /* The phrase extracted from pExpr */
+  int i;                          /* Used to iterate through phrase terms */
+
+  Fts5Expr *pNew = 0;             /* Expression to return via *ppNew */
+
+  TokenCtx sCtx = {0,0};          /* Context object for fts5ParseTokenize */
+
+
+  pOrig = pExpr->apExprPhrase[iPhrase];
+
+  pNew = (Fts5Expr*)sqlite3Fts5MallocZero(&rc, sizeof(Fts5Expr));
+  if( rc==SQLITE_OK ){
+    pNew->apExprPhrase = (Fts5ExprPhrase**)sqlite3Fts5MallocZero(&rc, 
+        sizeof(Fts5ExprPhrase*));
+  }
+  if( rc==SQLITE_OK ){
+    pNew->pRoot = (Fts5ExprNode*)sqlite3Fts5MallocZero(&rc, 
+        sizeof(Fts5ExprNode));
+  }
+  if( rc==SQLITE_OK ){
+    pNew->pRoot->pNear = (Fts5ExprNearset*)sqlite3Fts5MallocZero(&rc, 
+        sizeof(Fts5ExprNearset) + sizeof(Fts5ExprPhrase*));
+  }
+
+  for(i=0; rc==SQLITE_OK && i<pOrig->nTerm; i++){
+    int tflags = 0;
+    Fts5ExprTerm *p;
+    for(p=&pOrig->aTerm[i]; p && rc==SQLITE_OK; p=p->pSynonym){
+      const char *zTerm = p->zTerm;
+      rc = fts5ParseTokenize((void*)&sCtx, tflags, zTerm, (int)strlen(zTerm),
+          0, 0);
+      tflags = FTS5_TOKEN_COLOCATED;
+    }
+    if( rc==SQLITE_OK ){
+      sCtx.pPhrase->aTerm[i].bPrefix = pOrig->aTerm[i].bPrefix;
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    /* All the allocations succeeded. Put the expression object together. */
+    pNew->pIndex = pExpr->pIndex;
+    pNew->nPhrase = 1;
+    pNew->apExprPhrase[0] = sCtx.pPhrase;
+    pNew->pRoot->pNear->apPhrase[0] = sCtx.pPhrase;
+    pNew->pRoot->pNear->nPhrase = 1;
+    sCtx.pPhrase->pNode = pNew->pRoot;
+
+    if( pOrig->nTerm==1 && pOrig->aTerm[0].pSynonym==0 ){
+      pNew->pRoot->eType = FTS5_TERM;
+    }else{
+      pNew->pRoot->eType = FTS5_STRING;
+    }
+  }else{
+    sqlite3Fts5ExprFree(pNew);
+    fts5ExprPhraseFree(sCtx.pPhrase);
+    pNew = 0;
+  }
+
+  *ppNew = pNew;
+  return rc;
+}
+
+
+/*
+** Token pTok has appeared in a MATCH expression where the NEAR operator
+** is expected. If token pTok does not contain "NEAR", store an error
+** in the pParse object.
+*/
+static void sqlite3Fts5ParseNear(Fts5Parse *pParse, Fts5Token *pTok){
+  if( pTok->n!=4 || memcmp("NEAR", pTok->p, 4) ){
+    sqlite3Fts5ParseError(
+        pParse, "fts5: syntax error near \"%.*s\"", pTok->n, pTok->p
+    );
+  }
+}
+
+static void sqlite3Fts5ParseSetDistance(
+  Fts5Parse *pParse, 
+  Fts5ExprNearset *pNear,
+  Fts5Token *p
+){
+  int nNear = 0;
+  int i;
+  if( p->n ){
+    for(i=0; i<p->n; i++){
+      char c = (char)p->p[i];
+      if( c<'0' || c>'9' ){
+        sqlite3Fts5ParseError(
+            pParse, "expected integer, got \"%.*s\"", p->n, p->p
+        );
+        return;
+      }
+      nNear = nNear * 10 + (p->p[i] - '0');
+    }
+  }else{
+    nNear = FTS5_DEFAULT_NEARDIST;
+  }
+  pNear->nNear = nNear;
+}
+
+/*
+** The second argument passed to this function may be NULL, or it may be
+** an existing Fts5Colset object. This function returns a pointer to
+** a new colset object containing the contents of (p) with new value column
+** number iCol appended. 
+**
+** If an OOM error occurs, store an error code in pParse and return NULL.
+** The old colset object (if any) is not freed in this case.
+*/
+static Fts5Colset *fts5ParseColset(
+  Fts5Parse *pParse,              /* Store SQLITE_NOMEM here if required */
+  Fts5Colset *p,                  /* Existing colset object */
+  int iCol                        /* New column to add to colset object */
+){
+  int nCol = p ? p->nCol : 0;     /* Num. columns already in colset object */
+  Fts5Colset *pNew;               /* New colset object to return */
+
+  assert( pParse->rc==SQLITE_OK );
+  assert( iCol>=0 && iCol<pParse->pConfig->nCol );
+
+  pNew = sqlite3_realloc(p, sizeof(Fts5Colset) + sizeof(int)*nCol);
+  if( pNew==0 ){
+    pParse->rc = SQLITE_NOMEM;
+  }else{
+    int *aiCol = pNew->aiCol;
+    int i, j;
+    for(i=0; i<nCol; i++){
+      if( aiCol[i]==iCol ) return pNew;
+      if( aiCol[i]>iCol ) break;
+    }
+    for(j=nCol; j>i; j--){
+      aiCol[j] = aiCol[j-1];
+    }
+    aiCol[i] = iCol;
+    pNew->nCol = nCol+1;
+
+#ifndef NDEBUG
+    /* Check that the array is in order and contains no duplicate entries. */
+    for(i=1; i<pNew->nCol; i++) assert( pNew->aiCol[i]>pNew->aiCol[i-1] );
+#endif
+  }
+
+  return pNew;
+}
+
+static Fts5Colset *sqlite3Fts5ParseColset(
+  Fts5Parse *pParse,              /* Store SQLITE_NOMEM here if required */
+  Fts5Colset *pColset,            /* Existing colset object */
+  Fts5Token *p
+){
+  Fts5Colset *pRet = 0;
+  int iCol;
+  char *z;                        /* Dequoted copy of token p */
+
+  z = sqlite3Fts5Strndup(&pParse->rc, p->p, p->n);
+  if( pParse->rc==SQLITE_OK ){
+    Fts5Config *pConfig = pParse->pConfig;
+    sqlite3Fts5Dequote(z);
+    for(iCol=0; iCol<pConfig->nCol; iCol++){
+      if( 0==sqlite3_stricmp(pConfig->azCol[iCol], z) ) break;
+    }
+    if( iCol==pConfig->nCol ){
+      sqlite3Fts5ParseError(pParse, "no such column: %s", z);
+    }else{
+      pRet = fts5ParseColset(pParse, pColset, iCol);
+    }
+    sqlite3_free(z);
+  }
+
+  if( pRet==0 ){
+    assert( pParse->rc!=SQLITE_OK );
+    sqlite3_free(pColset);
+  }
+
+  return pRet;
+}
+
+static void sqlite3Fts5ParseSetColset(
+  Fts5Parse *pParse, 
+  Fts5ExprNearset *pNear, 
+  Fts5Colset *pColset 
+){
+  if( pNear ){
+    pNear->pColset = pColset;
+  }else{
+    sqlite3_free(pColset);
+  }
+}
+
+static void fts5ExprAddChildren(Fts5ExprNode *p, Fts5ExprNode *pSub){
+  if( p->eType!=FTS5_NOT && pSub->eType==p->eType ){
+    int nByte = sizeof(Fts5ExprNode*) * pSub->nChild;
+    memcpy(&p->apChild[p->nChild], pSub->apChild, nByte);
+    p->nChild += pSub->nChild;
+    sqlite3_free(pSub);
+  }else{
+    p->apChild[p->nChild++] = pSub;
+  }
+}
+
+/*
+** Allocate and return a new expression object. If anything goes wrong (i.e.
+** OOM error), leave an error code in pParse and return NULL.
+*/
+static Fts5ExprNode *sqlite3Fts5ParseNode(
+  Fts5Parse *pParse,              /* Parse context */
+  int eType,                      /* FTS5_STRING, AND, OR or NOT */
+  Fts5ExprNode *pLeft,            /* Left hand child expression */
+  Fts5ExprNode *pRight,           /* Right hand child expression */
+  Fts5ExprNearset *pNear          /* For STRING expressions, the near cluster */
+){
+  Fts5ExprNode *pRet = 0;
+
+  if( pParse->rc==SQLITE_OK ){
+    int nChild = 0;               /* Number of children of returned node */
+    int nByte;                    /* Bytes of space to allocate for this node */
+ 
+    assert( (eType!=FTS5_STRING && !pNear)
+         || (eType==FTS5_STRING && !pLeft && !pRight)
+    );
+    if( eType==FTS5_STRING && pNear==0 ) return 0;
+    if( eType!=FTS5_STRING && pLeft==0 ) return pRight;
+    if( eType!=FTS5_STRING && pRight==0 ) return pLeft;
+
+    if( eType==FTS5_NOT ){
+      nChild = 2;
+    }else if( eType==FTS5_AND || eType==FTS5_OR ){
+      nChild = 2;
+      if( pLeft->eType==eType ) nChild += pLeft->nChild-1;
+      if( pRight->eType==eType ) nChild += pRight->nChild-1;
+    }
+
+    nByte = sizeof(Fts5ExprNode) + sizeof(Fts5ExprNode*)*(nChild-1);
+    pRet = (Fts5ExprNode*)sqlite3Fts5MallocZero(&pParse->rc, nByte);
+
+    if( pRet ){
+      pRet->eType = eType;
+      pRet->pNear = pNear;
+      if( eType==FTS5_STRING ){
+        int iPhrase;
+        for(iPhrase=0; iPhrase<pNear->nPhrase; iPhrase++){
+          pNear->apPhrase[iPhrase]->pNode = pRet;
+        }
+        if( pNear->nPhrase==1 
+         && pNear->apPhrase[0]->nTerm==1 
+         && pNear->apPhrase[0]->aTerm[0].pSynonym==0
+        ){
+          pRet->eType = FTS5_TERM;
+        }
+      }else{
+        fts5ExprAddChildren(pRet, pLeft);
+        fts5ExprAddChildren(pRet, pRight);
+      }
+    }
+  }
+
+  if( pRet==0 ){
+    assert( pParse->rc!=SQLITE_OK );
+    sqlite3Fts5ParseNodeFree(pLeft);
+    sqlite3Fts5ParseNodeFree(pRight);
+    sqlite3Fts5ParseNearsetFree(pNear);
+  }
+  return pRet;
+}
+
+static char *fts5ExprTermPrint(Fts5ExprTerm *pTerm){
+  int nByte = 0;
+  Fts5ExprTerm *p;
+  char *zQuoted;
+
+  /* Determine the maximum amount of space required. */
+  for(p=pTerm; p; p=p->pSynonym){
+    nByte += (int)strlen(pTerm->zTerm) * 2 + 3 + 2;
+  }
+  zQuoted = sqlite3_malloc(nByte);
+
+  if( zQuoted ){
+    int i = 0;
+    for(p=pTerm; p; p=p->pSynonym){
+      char *zIn = p->zTerm;
+      zQuoted[i++] = '"';
+      while( *zIn ){
+        if( *zIn=='"' ) zQuoted[i++] = '"';
+        zQuoted[i++] = *zIn++;
+      }
+      zQuoted[i++] = '"';
+      if( p->pSynonym ) zQuoted[i++] = '|';
+    }
+    if( pTerm->bPrefix ){
+      zQuoted[i++] = ' ';
+      zQuoted[i++] = '*';
+    }
+    zQuoted[i++] = '\0';
+  }
+  return zQuoted;
+}
+
+static char *fts5PrintfAppend(char *zApp, const char *zFmt, ...){
+  char *zNew;
+  va_list ap;
+  va_start(ap, zFmt);
+  zNew = sqlite3_vmprintf(zFmt, ap);
+  va_end(ap);
+  if( zApp && zNew ){
+    char *zNew2 = sqlite3_mprintf("%s%s", zApp, zNew);
+    sqlite3_free(zNew);
+    zNew = zNew2;
+  }
+  sqlite3_free(zApp);
+  return zNew;
+}
+
+/*
+** Compose a tcl-readable representation of expression pExpr. Return a 
+** pointer to a buffer containing that representation. It is the 
+** responsibility of the caller to at some point free the buffer using 
+** sqlite3_free().
+*/
+static char *fts5ExprPrintTcl(
+  Fts5Config *pConfig, 
+  const char *zNearsetCmd,
+  Fts5ExprNode *pExpr
+){
+  char *zRet = 0;
+  if( pExpr->eType==FTS5_STRING || pExpr->eType==FTS5_TERM ){
+    Fts5ExprNearset *pNear = pExpr->pNear;
+    int i; 
+    int iTerm;
+
+    zRet = fts5PrintfAppend(zRet, "%s ", zNearsetCmd);
+    if( zRet==0 ) return 0;
+    if( pNear->pColset ){
+      int *aiCol = pNear->pColset->aiCol;
+      int nCol = pNear->pColset->nCol;
+      if( nCol==1 ){
+        zRet = fts5PrintfAppend(zRet, "-col %d ", aiCol[0]);
+      }else{
+        zRet = fts5PrintfAppend(zRet, "-col {%d", aiCol[0]);
+        for(i=1; i<pNear->pColset->nCol; i++){
+          zRet = fts5PrintfAppend(zRet, " %d", aiCol[i]);
+        }
+        zRet = fts5PrintfAppend(zRet, "} ");
+      }
+      if( zRet==0 ) return 0;
+    }
+
+    if( pNear->nPhrase>1 ){
+      zRet = fts5PrintfAppend(zRet, "-near %d ", pNear->nNear);
+      if( zRet==0 ) return 0;
+    }
+
+    zRet = fts5PrintfAppend(zRet, "--");
+    if( zRet==0 ) return 0;
+
+    for(i=0; i<pNear->nPhrase; i++){
+      Fts5ExprPhrase *pPhrase = pNear->apPhrase[i];
+
+      zRet = fts5PrintfAppend(zRet, " {");
+      for(iTerm=0; zRet && iTerm<pPhrase->nTerm; iTerm++){
+        char *zTerm = pPhrase->aTerm[iTerm].zTerm;
+        zRet = fts5PrintfAppend(zRet, "%s%s", iTerm==0?"":" ", zTerm);
+      }
+
+      if( zRet ) zRet = fts5PrintfAppend(zRet, "}");
+      if( zRet==0 ) return 0;
+    }
+
+  }else{
+    char const *zOp = 0;
+    int i;
+    switch( pExpr->eType ){
+      case FTS5_AND: zOp = "AND"; break;
+      case FTS5_NOT: zOp = "NOT"; break;
+      default: 
+        assert( pExpr->eType==FTS5_OR );
+        zOp = "OR"; 
+        break;
+    }
+
+    zRet = sqlite3_mprintf("%s", zOp);
+    for(i=0; zRet && i<pExpr->nChild; i++){
+      char *z = fts5ExprPrintTcl(pConfig, zNearsetCmd, pExpr->apChild[i]);
+      if( !z ){
+        sqlite3_free(zRet);
+        zRet = 0;
+      }else{
+        zRet = fts5PrintfAppend(zRet, " [%z]", z);
+      }
+    }
+  }
+
+  return zRet;
+}
+
+static char *fts5ExprPrint(Fts5Config *pConfig, Fts5ExprNode *pExpr){
+  char *zRet = 0;
+  if( pExpr->eType==FTS5_STRING || pExpr->eType==FTS5_TERM ){
+    Fts5ExprNearset *pNear = pExpr->pNear;
+    int i; 
+    int iTerm;
+
+    if( pNear->pColset ){
+      int iCol = pNear->pColset->aiCol[0];
+      zRet = fts5PrintfAppend(zRet, "%s : ", pConfig->azCol[iCol]);
+      if( zRet==0 ) return 0;
+    }
+
+    if( pNear->nPhrase>1 ){
+      zRet = fts5PrintfAppend(zRet, "NEAR(");
+      if( zRet==0 ) return 0;
+    }
+
+    for(i=0; i<pNear->nPhrase; i++){
+      Fts5ExprPhrase *pPhrase = pNear->apPhrase[i];
+      if( i!=0 ){
+        zRet = fts5PrintfAppend(zRet, " ");
+        if( zRet==0 ) return 0;
+      }
+      for(iTerm=0; iTerm<pPhrase->nTerm; iTerm++){
+        char *zTerm = fts5ExprTermPrint(&pPhrase->aTerm[iTerm]);
+        if( zTerm ){
+          zRet = fts5PrintfAppend(zRet, "%s%s", iTerm==0?"":" + ", zTerm);
+          sqlite3_free(zTerm);
+        }
+        if( zTerm==0 || zRet==0 ){
+          sqlite3_free(zRet);
+          return 0;
+        }
+      }
+    }
+
+    if( pNear->nPhrase>1 ){
+      zRet = fts5PrintfAppend(zRet, ", %d)", pNear->nNear);
+      if( zRet==0 ) return 0;
+    }
+
+  }else{
+    char const *zOp = 0;
+    int i;
+
+    switch( pExpr->eType ){
+      case FTS5_AND: zOp = " AND "; break;
+      case FTS5_NOT: zOp = " NOT "; break;
+      default:  
+        assert( pExpr->eType==FTS5_OR );
+        zOp = " OR "; 
+        break;
+    }
+
+    for(i=0; i<pExpr->nChild; i++){
+      char *z = fts5ExprPrint(pConfig, pExpr->apChild[i]);
+      if( z==0 ){
+        sqlite3_free(zRet);
+        zRet = 0;
+      }else{
+        int e = pExpr->apChild[i]->eType;
+        int b = (e!=FTS5_STRING && e!=FTS5_TERM);
+        zRet = fts5PrintfAppend(zRet, "%s%s%z%s", 
+            (i==0 ? "" : zOp),
+            (b?"(":""), z, (b?")":"")
+        );
+      }
+      if( zRet==0 ) break;
+    }
+  }
+
+  return zRet;
+}
+
+/*
+** The implementation of user-defined scalar functions fts5_expr() (bTcl==0)
+** and fts5_expr_tcl() (bTcl!=0).
+*/
+static void fts5ExprFunction(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args */
+  sqlite3_value **apVal,          /* Function arguments */
+  int bTcl
+){
+  Fts5Global *pGlobal = (Fts5Global*)sqlite3_user_data(pCtx);
+  sqlite3 *db = sqlite3_context_db_handle(pCtx);
+  const char *zExpr = 0;
+  char *zErr = 0;
+  Fts5Expr *pExpr = 0;
+  int rc;
+  int i;
+
+  const char **azConfig;          /* Array of arguments for Fts5Config */
+  const char *zNearsetCmd = "nearset";
+  int nConfig;                    /* Size of azConfig[] */
+  Fts5Config *pConfig = 0;
+  int iArg = 1;
+
+  if( nArg<1 ){
+    zErr = sqlite3_mprintf("wrong number of arguments to function %s",
+        bTcl ? "fts5_expr_tcl" : "fts5_expr"
+    );
+    sqlite3_result_error(pCtx, zErr, -1);
+    sqlite3_free(zErr);
+    return;
+  }
+
+  if( bTcl && nArg>1 ){
+    zNearsetCmd = (const char*)sqlite3_value_text(apVal[1]);
+    iArg = 2;
+  }
+
+  nConfig = 3 + (nArg-iArg);
+  azConfig = (const char**)sqlite3_malloc(sizeof(char*) * nConfig);
+  if( azConfig==0 ){
+    sqlite3_result_error_nomem(pCtx);
+    return;
+  }
+  azConfig[0] = 0;
+  azConfig[1] = "main";
+  azConfig[2] = "tbl";
+  for(i=3; iArg<nArg; iArg++){
+    azConfig[i++] = (const char*)sqlite3_value_text(apVal[iArg]);
+  }
+
+  zExpr = (const char*)sqlite3_value_text(apVal[0]);
+
+  rc = sqlite3Fts5ConfigParse(pGlobal, db, nConfig, azConfig, &pConfig, &zErr);
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5ExprNew(pConfig, zExpr, &pExpr, &zErr);
+  }
+  if( rc==SQLITE_OK ){
+    char *zText;
+    if( pExpr->pRoot==0 ){
+      zText = sqlite3_mprintf("");
+    }else if( bTcl ){
+      zText = fts5ExprPrintTcl(pConfig, zNearsetCmd, pExpr->pRoot);
+    }else{
+      zText = fts5ExprPrint(pConfig, pExpr->pRoot);
+    }
+    if( zText==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      sqlite3_result_text(pCtx, zText, -1, SQLITE_TRANSIENT);
+      sqlite3_free(zText);
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    if( zErr ){
+      sqlite3_result_error(pCtx, zErr, -1);
+      sqlite3_free(zErr);
+    }else{
+      sqlite3_result_error_code(pCtx, rc);
+    }
+  }
+  sqlite3_free((void *)azConfig);
+  sqlite3Fts5ConfigFree(pConfig);
+  sqlite3Fts5ExprFree(pExpr);
+}
+
+static void fts5ExprFunctionHr(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  fts5ExprFunction(pCtx, nArg, apVal, 0);
+}
+static void fts5ExprFunctionTcl(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  fts5ExprFunction(pCtx, nArg, apVal, 1);
+}
+
+/*
+** The implementation of an SQLite user-defined-function that accepts a
+** single integer as an argument. If the integer is an alpha-numeric 
+** unicode code point, 1 is returned. Otherwise 0.
+*/
+static void fts5ExprIsAlnum(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  int iCode;
+  if( nArg!=1 ){
+    sqlite3_result_error(pCtx, 
+        "wrong number of arguments to function fts5_isalnum", -1
+    );
+    return;
+  }
+  iCode = sqlite3_value_int(apVal[0]);
+  sqlite3_result_int(pCtx, sqlite3Fts5UnicodeIsalnum(iCode));
+}
+
+static void fts5ExprFold(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  if( nArg!=1 && nArg!=2 ){
+    sqlite3_result_error(pCtx, 
+        "wrong number of arguments to function fts5_fold", -1
+    );
+  }else{
+    int iCode;
+    int bRemoveDiacritics = 0;
+    iCode = sqlite3_value_int(apVal[0]);
+    if( nArg==2 ) bRemoveDiacritics = sqlite3_value_int(apVal[1]);
+    sqlite3_result_int(pCtx, sqlite3Fts5UnicodeFold(iCode, bRemoveDiacritics));
+  }
+}
+
+/*
+** This is called during initialization to register the fts5_expr() scalar
+** UDF with the SQLite handle passed as the only argument.
+*/
+static int sqlite3Fts5ExprInit(Fts5Global *pGlobal, sqlite3 *db){
+  struct Fts5ExprFunc {
+    const char *z;
+    void (*x)(sqlite3_context*,int,sqlite3_value**);
+  } aFunc[] = {
+    { "fts5_expr",     fts5ExprFunctionHr },
+    { "fts5_expr_tcl", fts5ExprFunctionTcl },
+    { "fts5_isalnum",  fts5ExprIsAlnum },
+    { "fts5_fold",     fts5ExprFold },
+  };
+  int i;
+  int rc = SQLITE_OK;
+  void *pCtx = (void*)pGlobal;
+
+  for(i=0; rc==SQLITE_OK && i<(int)ArraySize(aFunc); i++){
+    struct Fts5ExprFunc *p = &aFunc[i];
+    rc = sqlite3_create_function(db, p->z, -1, SQLITE_UTF8, pCtx, p->x, 0, 0);
+  }
+
+  /* Avoid a warning indicating that sqlite3Fts5ParserTrace() is unused */
+#ifndef NDEBUG
+  (void)sqlite3Fts5ParserTrace;
+#endif
+
+  return rc;
+}
+
+/*
+** Return the number of phrases in expression pExpr.
+*/
+static int sqlite3Fts5ExprPhraseCount(Fts5Expr *pExpr){
+  return (pExpr ? pExpr->nPhrase : 0);
+}
+
+/*
+** Return the number of terms in the iPhrase'th phrase in pExpr.
+*/
+static int sqlite3Fts5ExprPhraseSize(Fts5Expr *pExpr, int iPhrase){
+  if( iPhrase<0 || iPhrase>=pExpr->nPhrase ) return 0;
+  return pExpr->apExprPhrase[iPhrase]->nTerm;
+}
+
+/*
+** This function is used to access the current position list for phrase
+** iPhrase.
+*/
+static int sqlite3Fts5ExprPoslist(Fts5Expr *pExpr, int iPhrase, const u8 **pa){
+  int nRet;
+  Fts5ExprPhrase *pPhrase = pExpr->apExprPhrase[iPhrase];
+  Fts5ExprNode *pNode = pPhrase->pNode;
+  if( pNode->bEof==0 && pNode->iRowid==pExpr->pRoot->iRowid ){
+    *pa = pPhrase->poslist.p;
+    nRet = pPhrase->poslist.n;
+  }else{
+    *pa = 0;
+    nRet = 0;
+  }
+  return nRet;
+}
+
+/*
+** 2014 August 11
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+*/
+
+
+
+/* #include "fts5Int.h" */
+
+typedef struct Fts5HashEntry Fts5HashEntry;
+
+/*
+** This file contains the implementation of an in-memory hash table used
+** to accumuluate "term -> doclist" content before it is flused to a level-0
+** segment.
+*/
+
+
+struct Fts5Hash {
+  int *pnByte;                    /* Pointer to bytes counter */
+  int nEntry;                     /* Number of entries currently in hash */
+  int nSlot;                      /* Size of aSlot[] array */
+  Fts5HashEntry *pScan;           /* Current ordered scan item */
+  Fts5HashEntry **aSlot;          /* Array of hash slots */
+};
+
+/*
+** Each entry in the hash table is represented by an object of the 
+** following type. Each object, its key (zKey[]) and its current data
+** are stored in a single memory allocation. The position list data 
+** immediately follows the key data in memory.
+**
+** The data that follows the key is in a similar, but not identical format
+** to the doclist data stored in the database. It is:
+**
+**   * Rowid, as a varint
+**   * Position list, without 0x00 terminator.
+**   * Size of previous position list and rowid, as a 4 byte
+**     big-endian integer.
+**
+** iRowidOff:
+**   Offset of last rowid written to data area. Relative to first byte of
+**   structure.
+**
+** nData:
+**   Bytes of data written since iRowidOff.
+*/
+struct Fts5HashEntry {
+  Fts5HashEntry *pHashNext;       /* Next hash entry with same hash-key */
+  Fts5HashEntry *pScanNext;       /* Next entry in sorted order */
+  
+  int nAlloc;                     /* Total size of allocation */
+  int iSzPoslist;                 /* Offset of space for 4-byte poslist size */
+  int nData;                      /* Total bytes of data (incl. structure) */
+  u8 bDel;                        /* Set delete-flag @ iSzPoslist */
+
+  int iCol;                       /* Column of last value written */
+  int iPos;                       /* Position of last value written */
+  i64 iRowid;                     /* Rowid of last value written */
+  char zKey[8];                   /* Nul-terminated entry key */
+};
+
+/*
+** Size of Fts5HashEntry without the zKey[] array.
+*/
+#define FTS5_HASHENTRYSIZE (sizeof(Fts5HashEntry)-8)
+
+
+
+/*
+** Allocate a new hash table.
+*/
+static int sqlite3Fts5HashNew(Fts5Hash **ppNew, int *pnByte){
+  int rc = SQLITE_OK;
+  Fts5Hash *pNew;
+
+  *ppNew = pNew = (Fts5Hash*)sqlite3_malloc(sizeof(Fts5Hash));
+  if( pNew==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    int nByte;
+    memset(pNew, 0, sizeof(Fts5Hash));
+    pNew->pnByte = pnByte;
+
+    pNew->nSlot = 1024;
+    nByte = sizeof(Fts5HashEntry*) * pNew->nSlot;
+    pNew->aSlot = (Fts5HashEntry**)sqlite3_malloc(nByte);
+    if( pNew->aSlot==0 ){
+      sqlite3_free(pNew);
+      *ppNew = 0;
+      rc = SQLITE_NOMEM;
+    }else{
+      memset(pNew->aSlot, 0, nByte);
+    }
+  }
+  return rc;
+}
+
+/*
+** Free a hash table object.
+*/
+static void sqlite3Fts5HashFree(Fts5Hash *pHash){
+  if( pHash ){
+    sqlite3Fts5HashClear(pHash);
+    sqlite3_free(pHash->aSlot);
+    sqlite3_free(pHash);
+  }
+}
+
+/*
+** Empty (but do not delete) a hash table.
+*/
+static void sqlite3Fts5HashClear(Fts5Hash *pHash){
+  int i;
+  for(i=0; i<pHash->nSlot; i++){
+    Fts5HashEntry *pNext;
+    Fts5HashEntry *pSlot;
+    for(pSlot=pHash->aSlot[i]; pSlot; pSlot=pNext){
+      pNext = pSlot->pHashNext;
+      sqlite3_free(pSlot);
+    }
+  }
+  memset(pHash->aSlot, 0, pHash->nSlot * sizeof(Fts5HashEntry*));
+  pHash->nEntry = 0;
+}
+
+static unsigned int fts5HashKey(int nSlot, const u8 *p, int n){
+  int i;
+  unsigned int h = 13;
+  for(i=n-1; i>=0; i--){
+    h = (h << 3) ^ h ^ p[i];
+  }
+  return (h % nSlot);
+}
+
+static unsigned int fts5HashKey2(int nSlot, u8 b, const u8 *p, int n){
+  int i;
+  unsigned int h = 13;
+  for(i=n-1; i>=0; i--){
+    h = (h << 3) ^ h ^ p[i];
+  }
+  h = (h << 3) ^ h ^ b;
+  return (h % nSlot);
+}
+
+/*
+** Resize the hash table by doubling the number of slots.
+*/
+static int fts5HashResize(Fts5Hash *pHash){
+  int nNew = pHash->nSlot*2;
+  int i;
+  Fts5HashEntry **apNew;
+  Fts5HashEntry **apOld = pHash->aSlot;
+
+  apNew = (Fts5HashEntry**)sqlite3_malloc(nNew*sizeof(Fts5HashEntry*));
+  if( !apNew ) return SQLITE_NOMEM;
+  memset(apNew, 0, nNew*sizeof(Fts5HashEntry*));
+
+  for(i=0; i<pHash->nSlot; i++){
+    while( apOld[i] ){
+      int iHash;
+      Fts5HashEntry *p = apOld[i];
+      apOld[i] = p->pHashNext;
+      iHash = fts5HashKey(nNew, (u8*)p->zKey, (int)strlen(p->zKey));
+      p->pHashNext = apNew[iHash];
+      apNew[iHash] = p;
+    }
+  }
+
+  sqlite3_free(apOld);
+  pHash->nSlot = nNew;
+  pHash->aSlot = apNew;
+  return SQLITE_OK;
+}
+
+static void fts5HashAddPoslistSize(Fts5HashEntry *p){
+  if( p->iSzPoslist ){
+    u8 *pPtr = (u8*)p;
+    int nSz = (p->nData - p->iSzPoslist - 1);         /* Size in bytes */
+    int nPos = nSz*2 + p->bDel;                       /* Value of nPos field */
+
+    assert( p->bDel==0 || p->bDel==1 );
+    if( nPos<=127 ){
+      pPtr[p->iSzPoslist] = (u8)nPos;
+    }else{
+      int nByte = sqlite3Fts5GetVarintLen((u32)nPos);
+      memmove(&pPtr[p->iSzPoslist + nByte], &pPtr[p->iSzPoslist + 1], nSz);
+      sqlite3Fts5PutVarint(&pPtr[p->iSzPoslist], nPos);
+      p->nData += (nByte-1);
+    }
+    p->bDel = 0;
+    p->iSzPoslist = 0;
+  }
+}
+
+static int sqlite3Fts5HashWrite(
+  Fts5Hash *pHash,
+  i64 iRowid,                     /* Rowid for this entry */
+  int iCol,                       /* Column token appears in (-ve -> delete) */
+  int iPos,                       /* Position of token within column */
+  char bByte,                     /* First byte of token */
+  const char *pToken, int nToken  /* Token to add or remove to or from index */
+){
+  unsigned int iHash;
+  Fts5HashEntry *p;
+  u8 *pPtr;
+  int nIncr = 0;                  /* Amount to increment (*pHash->pnByte) by */
+
+  /* Attempt to locate an existing hash entry */
+  iHash = fts5HashKey2(pHash->nSlot, (u8)bByte, (const u8*)pToken, nToken);
+  for(p=pHash->aSlot[iHash]; p; p=p->pHashNext){
+    if( p->zKey[0]==bByte 
+     && memcmp(&p->zKey[1], pToken, nToken)==0 
+     && p->zKey[nToken+1]==0 
+    ){
+      break;
+    }
+  }
+
+  /* If an existing hash entry cannot be found, create a new one. */
+  if( p==0 ){
+    int nByte = FTS5_HASHENTRYSIZE + (nToken+1) + 1 + 64;
+    if( nByte<128 ) nByte = 128;
+
+    if( (pHash->nEntry*2)>=pHash->nSlot ){
+      int rc = fts5HashResize(pHash);
+      if( rc!=SQLITE_OK ) return rc;
+      iHash = fts5HashKey2(pHash->nSlot, (u8)bByte, (const u8*)pToken, nToken);
+    }
+
+    p = (Fts5HashEntry*)sqlite3_malloc(nByte);
+    if( !p ) return SQLITE_NOMEM;
+    memset(p, 0, FTS5_HASHENTRYSIZE);
+    p->nAlloc = nByte;
+    p->zKey[0] = bByte;
+    memcpy(&p->zKey[1], pToken, nToken);
+    assert( iHash==fts5HashKey(pHash->nSlot, (u8*)p->zKey, nToken+1) );
+    p->zKey[nToken+1] = '\0';
+    p->nData = nToken+1 + 1 + FTS5_HASHENTRYSIZE;
+    p->nData += sqlite3Fts5PutVarint(&((u8*)p)[p->nData], iRowid);
+    p->iSzPoslist = p->nData;
+    p->nData += 1;
+    p->iRowid = iRowid;
+    p->pHashNext = pHash->aSlot[iHash];
+    pHash->aSlot[iHash] = p;
+    pHash->nEntry++;
+    nIncr += p->nData;
+  }
+
+  /* Check there is enough space to append a new entry. Worst case scenario
+  ** is:
+  **
+  **     + 9 bytes for a new rowid,
+  **     + 4 byte reserved for the "poslist size" varint.
+  **     + 1 byte for a "new column" byte,
+  **     + 3 bytes for a new column number (16-bit max) as a varint,
+  **     + 5 bytes for the new position offset (32-bit max).
+  */
+  if( (p->nAlloc - p->nData) < (9 + 4 + 1 + 3 + 5) ){
+    int nNew = p->nAlloc * 2;
+    Fts5HashEntry *pNew;
+    Fts5HashEntry **pp;
+    pNew = (Fts5HashEntry*)sqlite3_realloc(p, nNew);
+    if( pNew==0 ) return SQLITE_NOMEM;
+    pNew->nAlloc = nNew;
+    for(pp=&pHash->aSlot[iHash]; *pp!=p; pp=&(*pp)->pHashNext);
+    *pp = pNew;
+    p = pNew;
+  }
+  pPtr = (u8*)p;
+  nIncr -= p->nData;
+
+  /* If this is a new rowid, append the 4-byte size field for the previous
+  ** entry, and the new rowid for this entry.  */
+  if( iRowid!=p->iRowid ){
+    fts5HashAddPoslistSize(p);
+    p->nData += sqlite3Fts5PutVarint(&pPtr[p->nData], iRowid - p->iRowid);
+    p->iSzPoslist = p->nData;
+    p->nData += 1;
+    p->iCol = 0;
+    p->iPos = 0;
+    p->iRowid = iRowid;
+  }
+
+  if( iCol>=0 ){
+    /* Append a new column value, if necessary */
+    assert( iCol>=p->iCol );
+    if( iCol!=p->iCol ){
+      pPtr[p->nData++] = 0x01;
+      p->nData += sqlite3Fts5PutVarint(&pPtr[p->nData], iCol);
+      p->iCol = iCol;
+      p->iPos = 0;
+    }
+
+    /* Append the new position offset */
+    p->nData += sqlite3Fts5PutVarint(&pPtr[p->nData], iPos - p->iPos + 2);
+    p->iPos = iPos;
+  }else{
+    /* This is a delete. Set the delete flag. */
+    p->bDel = 1;
+  }
+  nIncr += p->nData;
+
+  *pHash->pnByte += nIncr;
+  return SQLITE_OK;
+}
+
+
+/*
+** Arguments pLeft and pRight point to linked-lists of hash-entry objects,
+** each sorted in key order. This function merges the two lists into a
+** single list and returns a pointer to its first element.
+*/
+static Fts5HashEntry *fts5HashEntryMerge(
+  Fts5HashEntry *pLeft,
+  Fts5HashEntry *pRight
+){
+  Fts5HashEntry *p1 = pLeft;
+  Fts5HashEntry *p2 = pRight;
+  Fts5HashEntry *pRet = 0;
+  Fts5HashEntry **ppOut = &pRet;
+
+  while( p1 || p2 ){
+    if( p1==0 ){
+      *ppOut = p2;
+      p2 = 0;
+    }else if( p2==0 ){
+      *ppOut = p1;
+      p1 = 0;
+    }else{
+      int i = 0;
+      while( p1->zKey[i]==p2->zKey[i] ) i++;
+
+      if( ((u8)p1->zKey[i])>((u8)p2->zKey[i]) ){
+        /* p2 is smaller */
+        *ppOut = p2;
+        ppOut = &p2->pScanNext;
+        p2 = p2->pScanNext;
+      }else{
+        /* p1 is smaller */
+        *ppOut = p1;
+        ppOut = &p1->pScanNext;
+        p1 = p1->pScanNext;
+      }
+      *ppOut = 0;
+    }
+  }
+
+  return pRet;
+}
+
+/*
+** Extract all tokens from hash table iHash and link them into a list
+** in sorted order. The hash table is cleared before returning. It is
+** the responsibility of the caller to free the elements of the returned
+** list.
+*/
+static int fts5HashEntrySort(
+  Fts5Hash *pHash, 
+  const char *pTerm, int nTerm,   /* Query prefix, if any */
+  Fts5HashEntry **ppSorted
+){
+  const int nMergeSlot = 32;
+  Fts5HashEntry **ap;
+  Fts5HashEntry *pList;
+  int iSlot;
+  int i;
+
+  *ppSorted = 0;
+  ap = sqlite3_malloc(sizeof(Fts5HashEntry*) * nMergeSlot);
+  if( !ap ) return SQLITE_NOMEM;
+  memset(ap, 0, sizeof(Fts5HashEntry*) * nMergeSlot);
+
+  for(iSlot=0; iSlot<pHash->nSlot; iSlot++){
+    Fts5HashEntry *pIter;
+    for(pIter=pHash->aSlot[iSlot]; pIter; pIter=pIter->pHashNext){
+      if( pTerm==0 || 0==memcmp(pIter->zKey, pTerm, nTerm) ){
+        Fts5HashEntry *pEntry = pIter;
+        pEntry->pScanNext = 0;
+        for(i=0; ap[i]; i++){
+          pEntry = fts5HashEntryMerge(pEntry, ap[i]);
+          ap[i] = 0;
+        }
+        ap[i] = pEntry;
+      }
+    }
+  }
+
+  pList = 0;
+  for(i=0; i<nMergeSlot; i++){
+    pList = fts5HashEntryMerge(pList, ap[i]);
+  }
+
+  pHash->nEntry = 0;
+  sqlite3_free(ap);
+  *ppSorted = pList;
+  return SQLITE_OK;
+}
+
+/*
+** Query the hash table for a doclist associated with term pTerm/nTerm.
+*/
+static int sqlite3Fts5HashQuery(
+  Fts5Hash *pHash,                /* Hash table to query */
+  const char *pTerm, int nTerm,   /* Query term */
+  const u8 **ppDoclist,           /* OUT: Pointer to doclist for pTerm */
+  int *pnDoclist                  /* OUT: Size of doclist in bytes */
+){
+  unsigned int iHash = fts5HashKey(pHash->nSlot, (const u8*)pTerm, nTerm);
+  Fts5HashEntry *p;
+
+  for(p=pHash->aSlot[iHash]; p; p=p->pHashNext){
+    if( memcmp(p->zKey, pTerm, nTerm)==0 && p->zKey[nTerm]==0 ) break;
+  }
+
+  if( p ){
+    fts5HashAddPoslistSize(p);
+    *ppDoclist = (const u8*)&p->zKey[nTerm+1];
+    *pnDoclist = p->nData - (FTS5_HASHENTRYSIZE + nTerm + 1);
+  }else{
+    *ppDoclist = 0;
+    *pnDoclist = 0;
+  }
+
+  return SQLITE_OK;
+}
+
+static int sqlite3Fts5HashScanInit(
+  Fts5Hash *p,                    /* Hash table to query */
+  const char *pTerm, int nTerm    /* Query prefix */
+){
+  return fts5HashEntrySort(p, pTerm, nTerm, &p->pScan);
+}
+
+static void sqlite3Fts5HashScanNext(Fts5Hash *p){
+  assert( !sqlite3Fts5HashScanEof(p) );
+  p->pScan = p->pScan->pScanNext;
+}
+
+static int sqlite3Fts5HashScanEof(Fts5Hash *p){
+  return (p->pScan==0);
+}
+
+static void sqlite3Fts5HashScanEntry(
+  Fts5Hash *pHash,
+  const char **pzTerm,            /* OUT: term (nul-terminated) */
+  const u8 **ppDoclist,           /* OUT: pointer to doclist */
+  int *pnDoclist                  /* OUT: size of doclist in bytes */
+){
+  Fts5HashEntry *p;
+  if( (p = pHash->pScan) ){
+    int nTerm = (int)strlen(p->zKey);
+    fts5HashAddPoslistSize(p);
+    *pzTerm = p->zKey;
+    *ppDoclist = (const u8*)&p->zKey[nTerm+1];
+    *pnDoclist = p->nData - (FTS5_HASHENTRYSIZE + nTerm + 1);
+  }else{
+    *pzTerm = 0;
+    *ppDoclist = 0;
+    *pnDoclist = 0;
+  }
+}
+
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** Low level access to the FTS index stored in the database file. The 
+** routines in this file file implement all read and write access to the
+** %_data table. Other parts of the system access this functionality via
+** the interface defined in fts5Int.h.
+*/
+
+
+/* #include "fts5Int.h" */
+
+/*
+** Overview:
+**
+** The %_data table contains all the FTS indexes for an FTS5 virtual table.
+** As well as the main term index, there may be up to 31 prefix indexes.
+** The format is similar to FTS3/4, except that:
+**
+**   * all segment b-tree leaf data is stored in fixed size page records 
+**     (e.g. 1000 bytes). A single doclist may span multiple pages. Care is 
+**     taken to ensure it is possible to iterate in either direction through 
+**     the entries in a doclist, or to seek to a specific entry within a 
+**     doclist, without loading it into memory.
+**
+**   * large doclists that span many pages have associated "doclist index"
+**     records that contain a copy of the first rowid on each page spanned by
+**     the doclist. This is used to speed up seek operations, and merges of
+**     large doclists with very small doclists.
+**
+**   * extra fields in the "structure record" record the state of ongoing
+**     incremental merge operations.
+**
+*/
+
+
+#define FTS5_OPT_WORK_UNIT  1000  /* Number of leaf pages per optimize step */
+#define FTS5_WORK_UNIT      64    /* Number of leaf pages in unit of work */
+
+#define FTS5_MIN_DLIDX_SIZE 4     /* Add dlidx if this many empty pages */
+
+#define FTS5_MAIN_PREFIX '0'
+
+#if FTS5_MAX_PREFIX_INDEXES > 31
+# error "FTS5_MAX_PREFIX_INDEXES is too large"
+#endif
+
+/*
+** Details:
+**
+** The %_data table managed by this module,
+**
+**     CREATE TABLE %_data(id INTEGER PRIMARY KEY, block BLOB);
+**
+** , contains the following 5 types of records. See the comments surrounding
+** the FTS5_*_ROWID macros below for a description of how %_data rowids are 
+** assigned to each fo them.
+**
+** 1. Structure Records:
+**
+**   The set of segments that make up an index - the index structure - are
+**   recorded in a single record within the %_data table. The record consists
+**   of a single 32-bit configuration cookie value followed by a list of 
+**   SQLite varints. If the FTS table features more than one index (because
+**   there are one or more prefix indexes), it is guaranteed that all share
+**   the same cookie value.
+**
+**   Immediately following the configuration cookie, the record begins with
+**   three varints:
+**
+**     + number of levels,
+**     + total number of segments on all levels,
+**     + value of write counter.
+**
+**   Then, for each level from 0 to nMax:
+**
+**     + number of input segments in ongoing merge.
+**     + total number of segments in level.
+**     + for each segment from oldest to newest:
+**         + segment id (always > 0)
+**         + first leaf page number (often 1, always greater than 0)
+**         + final leaf page number
+**
+** 2. The Averages Record:
+**
+**   A single record within the %_data table. The data is a list of varints.
+**   The first value is the number of rows in the index. Then, for each column
+**   from left to right, the total number of tokens in the column for all
+**   rows of the table.
+**
+** 3. Segment leaves:
+**
+**   TERM/DOCLIST FORMAT:
+**
+**     Most of each segment leaf is taken up by term/doclist data. The 
+**     general format of term/doclist, starting with the first term
+**     on the leaf page, is:
+**
+**         varint : size of first term
+**         blob:    first term data
+**         doclist: first doclist
+**         zero-or-more {
+**           varint:  number of bytes in common with previous term
+**           varint:  number of bytes of new term data (nNew)
+**           blob:    nNew bytes of new term data
+**           doclist: next doclist
+**         }
+**
+**     doclist format:
+**
+**         varint:  first rowid
+**         poslist: first poslist
+**         zero-or-more {
+**           varint:  rowid delta (always > 0)
+**           poslist: next poslist
+**         }
+**
+**     poslist format:
+**
+**         varint: size of poslist in bytes multiplied by 2, not including
+**                 this field. Plus 1 if this entry carries the "delete" flag.
+**         collist: collist for column 0
+**         zero-or-more {
+**           0x01 byte
+**           varint: column number (I)
+**           collist: collist for column I
+**         }
+**
+**     collist format:
+**
+**         varint: first offset + 2
+**         zero-or-more {
+**           varint: offset delta + 2
+**         }
+**
+**   PAGE FORMAT
+**
+**     Each leaf page begins with a 4-byte header containing 2 16-bit 
+**     unsigned integer fields in big-endian format. They are:
+**
+**       * The byte offset of the first rowid on the page, if it exists
+**         and occurs before the first term (otherwise 0).
+**
+**       * The byte offset of the start of the page footer. If the page
+**         footer is 0 bytes in size, then this field is the same as the
+**         size of the leaf page in bytes.
+**
+**     The page footer consists of a single varint for each term located
+**     on the page. Each varint is the byte offset of the current term
+**     within the page, delta-compressed against the previous value. In
+**     other words, the first varint in the footer is the byte offset of
+**     the first term, the second is the byte offset of the second less that
+**     of the first, and so on.
+**
+**     The term/doclist format described above is accurate if the entire
+**     term/doclist data fits on a single leaf page. If this is not the case,
+**     the format is changed in two ways:
+**
+**       + if the first rowid on a page occurs before the first term, it
+**         is stored as a literal value:
+**
+**             varint:  first rowid
+**
+**       + the first term on each page is stored in the same way as the
+**         very first term of the segment:
+**
+**             varint : size of first term
+**             blob:    first term data
+**
+** 5. Segment doclist indexes:
+**
+**   Doclist indexes are themselves b-trees, however they usually consist of
+**   a single leaf record only. The format of each doclist index leaf page 
+**   is:
+**
+**     * Flags byte. Bits are:
+**         0x01: Clear if leaf is also the root page, otherwise set.
+**
+**     * Page number of fts index leaf page. As a varint.
+**
+**     * First rowid on page indicated by previous field. As a varint.
+**
+**     * A list of varints, one for each subsequent termless page. A 
+**       positive delta if the termless page contains at least one rowid, 
+**       or an 0x00 byte otherwise.
+**
+**   Internal doclist index nodes are:
+**
+**     * Flags byte. Bits are:
+**         0x01: Clear for root page, otherwise set.
+**
+**     * Page number of first child page. As a varint.
+**
+**     * Copy of first rowid on page indicated by previous field. As a varint.
+**
+**     * A list of delta-encoded varints - the first rowid on each subsequent
+**       child page. 
+**
+*/
+
+/*
+** Rowids for the averages and structure records in the %_data table.
+*/
+#define FTS5_AVERAGES_ROWID     1    /* Rowid used for the averages record */
+#define FTS5_STRUCTURE_ROWID   10    /* The structure record */
+
+/*
+** Macros determining the rowids used by segment leaves and dlidx leaves
+** and nodes. All nodes and leaves are stored in the %_data table with large
+** positive rowids.
+**
+** Each segment has a unique non-zero 16-bit id.
+**
+** The rowid for each segment leaf is found by passing the segment id and 
+** the leaf page number to the FTS5_SEGMENT_ROWID macro. Leaves are numbered
+** sequentially starting from 1.
+*/
+#define FTS5_DATA_ID_B     16     /* Max seg id number 65535 */
+#define FTS5_DATA_DLI_B     1     /* Doclist-index flag (1 bit) */
+#define FTS5_DATA_HEIGHT_B  5     /* Max dlidx tree height of 32 */
+#define FTS5_DATA_PAGE_B   31     /* Max page number of 2147483648 */
+
+#define fts5_dri(segid, dlidx, height, pgno) (                                 \
+ ((i64)(segid)  << (FTS5_DATA_PAGE_B+FTS5_DATA_HEIGHT_B+FTS5_DATA_DLI_B)) +    \
+ ((i64)(dlidx)  << (FTS5_DATA_PAGE_B + FTS5_DATA_HEIGHT_B)) +                  \
+ ((i64)(height) << (FTS5_DATA_PAGE_B)) +                                       \
+ ((i64)(pgno))                                                                 \
+)
+
+#define FTS5_SEGMENT_ROWID(segid, pgno)       fts5_dri(segid, 0, 0, pgno)
+#define FTS5_DLIDX_ROWID(segid, height, pgno) fts5_dri(segid, 1, height, pgno)
+
+/*
+** Maximum segments permitted in a single index 
+*/
+#define FTS5_MAX_SEGMENT 2000
+
+#ifdef SQLITE_DEBUG
+static int sqlite3Fts5Corrupt() { return SQLITE_CORRUPT_VTAB; }
+#endif
+
+
+/*
+** Each time a blob is read from the %_data table, it is padded with this
+** many zero bytes. This makes it easier to decode the various record formats
+** without overreading if the records are corrupt.
+*/
+#define FTS5_DATA_ZERO_PADDING 8
+#define FTS5_DATA_PADDING 20
+
+typedef struct Fts5Data Fts5Data;
+typedef struct Fts5DlidxIter Fts5DlidxIter;
+typedef struct Fts5DlidxLvl Fts5DlidxLvl;
+typedef struct Fts5DlidxWriter Fts5DlidxWriter;
+typedef struct Fts5PageWriter Fts5PageWriter;
+typedef struct Fts5SegIter Fts5SegIter;
+typedef struct Fts5DoclistIter Fts5DoclistIter;
+typedef struct Fts5SegWriter Fts5SegWriter;
+typedef struct Fts5Structure Fts5Structure;
+typedef struct Fts5StructureLevel Fts5StructureLevel;
+typedef struct Fts5StructureSegment Fts5StructureSegment;
+
+struct Fts5Data {
+  u8 *p;                          /* Pointer to buffer containing record */
+  int nn;                         /* Size of record in bytes */
+  int szLeaf;                     /* Size of leaf without page-index */
+};
+
+/*
+** One object per %_data table.
+*/
+struct Fts5Index {
+  Fts5Config *pConfig;            /* Virtual table configuration */
+  char *zDataTbl;                 /* Name of %_data table */
+  int nWorkUnit;                  /* Leaf pages in a "unit" of work */
+
+  /*
+  ** Variables related to the accumulation of tokens and doclists within the
+  ** in-memory hash tables before they are flushed to disk.
+  */
+  Fts5Hash *pHash;                /* Hash table for in-memory data */
+  int nPendingData;               /* Current bytes of pending data */
+  i64 iWriteRowid;                /* Rowid for current doc being written */
+  int bDelete;                    /* Current write is a delete */
+
+  /* Error state. */
+  int rc;                         /* Current error code */
+
+  /* State used by the fts5DataXXX() functions. */
+  sqlite3_blob *pReader;          /* RO incr-blob open on %_data table */
+  sqlite3_stmt *pWriter;          /* "INSERT ... %_data VALUES(?,?)" */
+  sqlite3_stmt *pDeleter;         /* "DELETE FROM %_data ... id>=? AND id<=?" */
+  sqlite3_stmt *pIdxWriter;       /* "INSERT ... %_idx VALUES(?,?,?,?)" */
+  sqlite3_stmt *pIdxDeleter;      /* "DELETE FROM %_idx WHERE segid=? */
+  sqlite3_stmt *pIdxSelect;
+  int nRead;                      /* Total number of blocks read */
+};
+
+struct Fts5DoclistIter {
+  u8 *aEof;                       /* Pointer to 1 byte past end of doclist */
+
+  /* Output variables. aPoslist==0 at EOF */
+  i64 iRowid;
+  u8 *aPoslist;
+  int nPoslist;
+  int nSize;
+};
+
+/*
+** The contents of the "structure" record for each index are represented
+** using an Fts5Structure record in memory. Which uses instances of the 
+** other Fts5StructureXXX types as components.
+*/
+struct Fts5StructureSegment {
+  int iSegid;                     /* Segment id */
+  int pgnoFirst;                  /* First leaf page number in segment */
+  int pgnoLast;                   /* Last leaf page number in segment */
+};
+struct Fts5StructureLevel {
+  int nMerge;                     /* Number of segments in incr-merge */
+  int nSeg;                       /* Total number of segments on level */
+  Fts5StructureSegment *aSeg;     /* Array of segments. aSeg[0] is oldest. */
+};
+struct Fts5Structure {
+  int nRef;                       /* Object reference count */
+  u64 nWriteCounter;              /* Total leaves written to level 0 */
+  int nSegment;                   /* Total segments in this structure */
+  int nLevel;                     /* Number of levels in this index */
+  Fts5StructureLevel aLevel[1];   /* Array of nLevel level objects */
+};
+
+/*
+** An object of type Fts5SegWriter is used to write to segments.
+*/
+struct Fts5PageWriter {
+  int pgno;                       /* Page number for this page */
+  int iPrevPgidx;                 /* Previous value written into pgidx */
+  Fts5Buffer buf;                 /* Buffer containing leaf data */
+  Fts5Buffer pgidx;               /* Buffer containing page-index */
+  Fts5Buffer term;                /* Buffer containing previous term on page */
+};
+struct Fts5DlidxWriter {
+  int pgno;                       /* Page number for this page */
+  int bPrevValid;                 /* True if iPrev is valid */
+  i64 iPrev;                      /* Previous rowid value written to page */
+  Fts5Buffer buf;                 /* Buffer containing page data */
+};
+struct Fts5SegWriter {
+  int iSegid;                     /* Segid to write to */
+  Fts5PageWriter writer;          /* PageWriter object */
+  i64 iPrevRowid;                 /* Previous rowid written to current leaf */
+  u8 bFirstRowidInDoclist;        /* True if next rowid is first in doclist */
+  u8 bFirstRowidInPage;           /* True if next rowid is first in page */
+  /* TODO1: Can use (writer.pgidx.n==0) instead of bFirstTermInPage */
+  u8 bFirstTermInPage;            /* True if next term will be first in leaf */
+  int nLeafWritten;               /* Number of leaf pages written */
+  int nEmpty;                     /* Number of contiguous term-less nodes */
+
+  int nDlidx;                     /* Allocated size of aDlidx[] array */
+  Fts5DlidxWriter *aDlidx;        /* Array of Fts5DlidxWriter objects */
+
+  /* Values to insert into the %_idx table */
+  Fts5Buffer btterm;              /* Next term to insert into %_idx table */
+  int iBtPage;                    /* Page number corresponding to btterm */
+};
+
+typedef struct Fts5CResult Fts5CResult;
+struct Fts5CResult {
+  u16 iFirst;                     /* aSeg[] index of firstest iterator */
+  u8 bTermEq;                     /* True if the terms are equal */
+};
+
+/*
+** Object for iterating through a single segment, visiting each term/rowid
+** pair in the segment.
+**
+** pSeg:
+**   The segment to iterate through.
+**
+** iLeafPgno:
+**   Current leaf page number within segment.
+**
+** iLeafOffset:
+**   Byte offset within the current leaf that is the first byte of the 
+**   position list data (one byte passed the position-list size field).
+**   rowid field of the current entry. Usually this is the size field of the
+**   position list data. The exception is if the rowid for the current entry 
+**   is the last thing on the leaf page.
+**
+** pLeaf:
+**   Buffer containing current leaf page data. Set to NULL at EOF.
+**
+** iTermLeafPgno, iTermLeafOffset:
+**   Leaf page number containing the last term read from the segment. And
+**   the offset immediately following the term data.
+**
+** flags:
+**   Mask of FTS5_SEGITER_XXX values. Interpreted as follows:
+**
+**   FTS5_SEGITER_ONETERM:
+**     If set, set the iterator to point to EOF after the current doclist 
+**     has been exhausted. Do not proceed to the next term in the segment.
+**
+**   FTS5_SEGITER_REVERSE:
+**     This flag is only ever set if FTS5_SEGITER_ONETERM is also set. If
+**     it is set, iterate through rowid in descending order instead of the
+**     default ascending order.
+**
+** iRowidOffset/nRowidOffset/aRowidOffset:
+**     These are used if the FTS5_SEGITER_REVERSE flag is set.
+**
+**     For each rowid on the page corresponding to the current term, the
+**     corresponding aRowidOffset[] entry is set to the byte offset of the
+**     start of the "position-list-size" field within the page.
+**
+** iTermIdx:
+**     Index of current term on iTermLeafPgno.
+*/
+struct Fts5SegIter {
+  Fts5StructureSegment *pSeg;     /* Segment to iterate through */
+  int flags;                      /* Mask of configuration flags */
+  int iLeafPgno;                  /* Current leaf page number */
+  Fts5Data *pLeaf;                /* Current leaf data */
+  Fts5Data *pNextLeaf;            /* Leaf page (iLeafPgno+1) */
+  int iLeafOffset;                /* Byte offset within current leaf */
+
+  /* The page and offset from which the current term was read. The offset 
+  ** is the offset of the first rowid in the current doclist.  */
+  int iTermLeafPgno;
+  int iTermLeafOffset;
+
+  int iPgidxOff;                  /* Next offset in pgidx */
+  int iEndofDoclist;
+
+  /* The following are only used if the FTS5_SEGITER_REVERSE flag is set. */
+  int iRowidOffset;               /* Current entry in aRowidOffset[] */
+  int nRowidOffset;               /* Allocated size of aRowidOffset[] array */
+  int *aRowidOffset;              /* Array of offset to rowid fields */
+
+  Fts5DlidxIter *pDlidx;          /* If there is a doclist-index */
+
+  /* Variables populated based on current entry. */
+  Fts5Buffer term;                /* Current term */
+  i64 iRowid;                     /* Current rowid */
+  int nPos;                       /* Number of bytes in current position list */
+  int bDel;                       /* True if the delete flag is set */
+};
+
+/*
+** Argument is a pointer to an Fts5Data structure that contains a 
+** leaf page.
+*/
+#define ASSERT_SZLEAF_OK(x) assert( \
+    (x)->szLeaf==(x)->nn || (x)->szLeaf==fts5GetU16(&(x)->p[2]) \
+)
+
+#define FTS5_SEGITER_ONETERM 0x01
+#define FTS5_SEGITER_REVERSE 0x02
+
+
+/* 
+** Argument is a pointer to an Fts5Data structure that contains a leaf
+** page. This macro evaluates to true if the leaf contains no terms, or
+** false if it contains at least one term.
+*/
+#define fts5LeafIsTermless(x) ((x)->szLeaf >= (x)->nn)
+
+#define fts5LeafTermOff(x, i) (fts5GetU16(&(x)->p[(x)->szLeaf + (i)*2]))
+
+#define fts5LeafFirstRowidOff(x) (fts5GetU16((x)->p))
+
+/*
+** Object for iterating through the merged results of one or more segments,
+** visiting each term/rowid pair in the merged data.
+**
+** nSeg is always a power of two greater than or equal to the number of
+** segments that this object is merging data from. Both the aSeg[] and
+** aFirst[] arrays are sized at nSeg entries. The aSeg[] array is padded
+** with zeroed objects - these are handled as if they were iterators opened
+** on empty segments.
+**
+** The results of comparing segments aSeg[N] and aSeg[N+1], where N is an
+** even number, is stored in aFirst[(nSeg+N)/2]. The "result" of the 
+** comparison in this context is the index of the iterator that currently
+** points to the smaller term/rowid combination. Iterators at EOF are
+** considered to be greater than all other iterators.
+**
+** aFirst[1] contains the index in aSeg[] of the iterator that points to
+** the smallest key overall. aFirst[0] is unused. 
+**
+** poslist:
+**   Used by sqlite3Fts5IterPoslist() when the poslist needs to be buffered.
+**   There is no way to tell if this is populated or not.
+*/
+struct Fts5IndexIter {
+  Fts5Index *pIndex;              /* Index that owns this iterator */
+  Fts5Structure *pStruct;         /* Database structure for this iterator */
+  Fts5Buffer poslist;             /* Buffer containing current poslist */
+
+  int nSeg;                       /* Size of aSeg[] array */
+  int bRev;                       /* True to iterate in reverse order */
+  u8 bSkipEmpty;                  /* True to skip deleted entries */
+  u8 bEof;                        /* True at EOF */
+  u8 bFiltered;                   /* True if column-filter already applied */
+
+  i64 iSwitchRowid;               /* Firstest rowid of other than aFirst[1] */
+  Fts5CResult *aFirst;            /* Current merge state (see above) */
+  Fts5SegIter aSeg[1];            /* Array of segment iterators */
+};
+
+
+/*
+** An instance of the following type is used to iterate through the contents
+** of a doclist-index record.
+**
+** pData:
+**   Record containing the doclist-index data.
+**
+** bEof:
+**   Set to true once iterator has reached EOF.
+**
+** iOff:
+**   Set to the current offset within record pData.
+*/
+struct Fts5DlidxLvl {
+  Fts5Data *pData;              /* Data for current page of this level */
+  int iOff;                     /* Current offset into pData */
+  int bEof;                     /* At EOF already */
+  int iFirstOff;                /* Used by reverse iterators */
+
+  /* Output variables */
+  int iLeafPgno;                /* Page number of current leaf page */
+  i64 iRowid;                   /* First rowid on leaf iLeafPgno */
+};
+struct Fts5DlidxIter {
+  int nLvl;
+  int iSegid;
+  Fts5DlidxLvl aLvl[1];
+};
+
+static void fts5PutU16(u8 *aOut, u16 iVal){
+  aOut[0] = (iVal>>8);
+  aOut[1] = (iVal&0xFF);
+}
+
+static u16 fts5GetU16(const u8 *aIn){
+  return ((u16)aIn[0] << 8) + aIn[1];
+} 
+
+/*
+** Allocate and return a buffer at least nByte bytes in size.
+**
+** If an OOM error is encountered, return NULL and set the error code in
+** the Fts5Index handle passed as the first argument.
+*/
+static void *fts5IdxMalloc(Fts5Index *p, int nByte){
+  return sqlite3Fts5MallocZero(&p->rc, nByte);
+}
+
+/*
+** Compare the contents of the pLeft buffer with the pRight/nRight blob.
+**
+** Return -ve if pLeft is smaller than pRight, 0 if they are equal or
+** +ve if pRight is smaller than pLeft. In other words:
+**
+**     res = *pLeft - *pRight
+*/
+#ifdef SQLITE_DEBUG
+static int fts5BufferCompareBlob(
+  Fts5Buffer *pLeft,              /* Left hand side of comparison */
+  const u8 *pRight, int nRight    /* Right hand side of comparison */
+){
+  int nCmp = MIN(pLeft->n, nRight);
+  int res = memcmp(pLeft->p, pRight, nCmp);
+  return (res==0 ? (pLeft->n - nRight) : res);
+}
+#endif
+
+/*
+** Compare the contents of the two buffers using memcmp(). If one buffer
+** is a prefix of the other, it is considered the lesser.
+**
+** Return -ve if pLeft is smaller than pRight, 0 if they are equal or
+** +ve if pRight is smaller than pLeft. In other words:
+**
+**     res = *pLeft - *pRight
+*/
+static int fts5BufferCompare(Fts5Buffer *pLeft, Fts5Buffer *pRight){
+  int nCmp = MIN(pLeft->n, pRight->n);
+  int res = memcmp(pLeft->p, pRight->p, nCmp);
+  return (res==0 ? (pLeft->n - pRight->n) : res);
+}
+
+#ifdef SQLITE_DEBUG
+static int fts5BlobCompare(
+  const u8 *pLeft, int nLeft, 
+  const u8 *pRight, int nRight
+){
+  int nCmp = MIN(nLeft, nRight);
+  int res = memcmp(pLeft, pRight, nCmp);
+  return (res==0 ? (nLeft - nRight) : res);
+}
+#endif
+
+static int fts5LeafFirstTermOff(Fts5Data *pLeaf){
+  int ret;
+  fts5GetVarint32(&pLeaf->p[pLeaf->szLeaf], ret);
+  return ret;
+}
+
+/*
+** Close the read-only blob handle, if it is open.
+*/
+static void fts5CloseReader(Fts5Index *p){
+  if( p->pReader ){
+    sqlite3_blob *pReader = p->pReader;
+    p->pReader = 0;
+    sqlite3_blob_close(pReader);
+  }
+}
+
+
+/*
+** Retrieve a record from the %_data table.
+**
+** If an error occurs, NULL is returned and an error left in the 
+** Fts5Index object.
+*/
+static Fts5Data *fts5DataRead(Fts5Index *p, i64 iRowid){
+  Fts5Data *pRet = 0;
+  if( p->rc==SQLITE_OK ){
+    int rc = SQLITE_OK;
+
+    if( p->pReader ){
+      /* This call may return SQLITE_ABORT if there has been a savepoint
+      ** rollback since it was last used. In this case a new blob handle
+      ** is required.  */
+      sqlite3_blob *pBlob = p->pReader;
+      p->pReader = 0;
+      rc = sqlite3_blob_reopen(pBlob, iRowid);
+      assert( p->pReader==0 );
+      p->pReader = pBlob;
+      if( rc!=SQLITE_OK ){
+        fts5CloseReader(p);
+      }
+      if( rc==SQLITE_ABORT ) rc = SQLITE_OK;
+    }
+
+    /* If the blob handle is not open at this point, open it and seek 
+    ** to the requested entry.  */
+    if( p->pReader==0 && rc==SQLITE_OK ){
+      Fts5Config *pConfig = p->pConfig;
+      rc = sqlite3_blob_open(pConfig->db, 
+          pConfig->zDb, p->zDataTbl, "block", iRowid, 0, &p->pReader
+      );
+    }
+
+    /* If either of the sqlite3_blob_open() or sqlite3_blob_reopen() calls
+    ** above returned SQLITE_ERROR, return SQLITE_CORRUPT_VTAB instead.
+    ** All the reasons those functions might return SQLITE_ERROR - missing
+    ** table, missing row, non-blob/text in block column - indicate 
+    ** backing store corruption.  */
+    if( rc==SQLITE_ERROR ) rc = FTS5_CORRUPT;
+
+    if( rc==SQLITE_OK ){
+      u8 *aOut = 0;               /* Read blob data into this buffer */
+      int nByte = sqlite3_blob_bytes(p->pReader);
+      int nAlloc = sizeof(Fts5Data) + nByte + FTS5_DATA_PADDING;
+      pRet = (Fts5Data*)sqlite3_malloc(nAlloc);
+      if( pRet ){
+        pRet->nn = nByte;
+        aOut = pRet->p = (u8*)&pRet[1];
+      }else{
+        rc = SQLITE_NOMEM;
+      }
+
+      if( rc==SQLITE_OK ){
+        rc = sqlite3_blob_read(p->pReader, aOut, nByte, 0);
+      }
+      if( rc!=SQLITE_OK ){
+        sqlite3_free(pRet);
+        pRet = 0;
+      }else{
+        /* TODO1: Fix this */
+        pRet->szLeaf = fts5GetU16(&pRet->p[2]);
+      }
+    }
+    p->rc = rc;
+    p->nRead++;
+  }
+
+  assert( (pRet==0)==(p->rc!=SQLITE_OK) );
+  return pRet;
+}
+
+/*
+** Release a reference to data record returned by an earlier call to
+** fts5DataRead().
+*/
+static void fts5DataRelease(Fts5Data *pData){
+  sqlite3_free(pData);
+}
+
+static int fts5IndexPrepareStmt(
+  Fts5Index *p,
+  sqlite3_stmt **ppStmt,
+  char *zSql
+){
+  if( p->rc==SQLITE_OK ){
+    if( zSql ){
+      p->rc = sqlite3_prepare_v2(p->pConfig->db, zSql, -1, ppStmt, 0);
+    }else{
+      p->rc = SQLITE_NOMEM;
+    }
+  }
+  sqlite3_free(zSql);
+  return p->rc;
+}
+
+
+/*
+** INSERT OR REPLACE a record into the %_data table.
+*/
+static void fts5DataWrite(Fts5Index *p, i64 iRowid, const u8 *pData, int nData){
+  if( p->rc!=SQLITE_OK ) return;
+
+  if( p->pWriter==0 ){
+    Fts5Config *pConfig = p->pConfig;
+    fts5IndexPrepareStmt(p, &p->pWriter, sqlite3_mprintf(
+          "REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)", 
+          pConfig->zDb, pConfig->zName
+    ));
+    if( p->rc ) return;
+  }
+
+  sqlite3_bind_int64(p->pWriter, 1, iRowid);
+  sqlite3_bind_blob(p->pWriter, 2, pData, nData, SQLITE_STATIC);
+  sqlite3_step(p->pWriter);
+  p->rc = sqlite3_reset(p->pWriter);
+}
+
+/*
+** Execute the following SQL:
+**
+**     DELETE FROM %_data WHERE id BETWEEN $iFirst AND $iLast
+*/
+static void fts5DataDelete(Fts5Index *p, i64 iFirst, i64 iLast){
+  if( p->rc!=SQLITE_OK ) return;
+
+  if( p->pDeleter==0 ){
+    int rc;
+    Fts5Config *pConfig = p->pConfig;
+    char *zSql = sqlite3_mprintf(
+        "DELETE FROM '%q'.'%q_data' WHERE id>=? AND id<=?", 
+          pConfig->zDb, pConfig->zName
+    );
+    if( zSql==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3_prepare_v2(pConfig->db, zSql, -1, &p->pDeleter, 0);
+      sqlite3_free(zSql);
+    }
+    if( rc!=SQLITE_OK ){
+      p->rc = rc;
+      return;
+    }
+  }
+
+  sqlite3_bind_int64(p->pDeleter, 1, iFirst);
+  sqlite3_bind_int64(p->pDeleter, 2, iLast);
+  sqlite3_step(p->pDeleter);
+  p->rc = sqlite3_reset(p->pDeleter);
+}
+
+/*
+** Remove all records associated with segment iSegid.
+*/
+static void fts5DataRemoveSegment(Fts5Index *p, int iSegid){
+  i64 iFirst = FTS5_SEGMENT_ROWID(iSegid, 0);
+  i64 iLast = FTS5_SEGMENT_ROWID(iSegid+1, 0)-1;
+  fts5DataDelete(p, iFirst, iLast);
+  if( p->pIdxDeleter==0 ){
+    Fts5Config *pConfig = p->pConfig;
+    fts5IndexPrepareStmt(p, &p->pIdxDeleter, sqlite3_mprintf(
+          "DELETE FROM '%q'.'%q_idx' WHERE segid=?",
+          pConfig->zDb, pConfig->zName
+    ));
+  }
+  if( p->rc==SQLITE_OK ){
+    sqlite3_bind_int(p->pIdxDeleter, 1, iSegid);
+    sqlite3_step(p->pIdxDeleter);
+    p->rc = sqlite3_reset(p->pIdxDeleter);
+  }
+}
+
+/*
+** Release a reference to an Fts5Structure object returned by an earlier 
+** call to fts5StructureRead() or fts5StructureDecode().
+*/
+static void fts5StructureRelease(Fts5Structure *pStruct){
+  if( pStruct && 0>=(--pStruct->nRef) ){
+    int i;
+    assert( pStruct->nRef==0 );
+    for(i=0; i<pStruct->nLevel; i++){
+      sqlite3_free(pStruct->aLevel[i].aSeg);
+    }
+    sqlite3_free(pStruct);
+  }
+}
+
+static void fts5StructureRef(Fts5Structure *pStruct){
+  pStruct->nRef++;
+}
+
+/*
+** Deserialize and return the structure record currently stored in serialized
+** form within buffer pData/nData.
+**
+** The Fts5Structure.aLevel[] and each Fts5StructureLevel.aSeg[] array
+** are over-allocated by one slot. This allows the structure contents
+** to be more easily edited.
+**
+** If an error occurs, *ppOut is set to NULL and an SQLite error code
+** returned. Otherwise, *ppOut is set to point to the new object and
+** SQLITE_OK returned.
+*/
+static int fts5StructureDecode(
+  const u8 *pData,                /* Buffer containing serialized structure */
+  int nData,                      /* Size of buffer pData in bytes */
+  int *piCookie,                  /* Configuration cookie value */
+  Fts5Structure **ppOut           /* OUT: Deserialized object */
+){
+  int rc = SQLITE_OK;
+  int i = 0;
+  int iLvl;
+  int nLevel = 0;
+  int nSegment = 0;
+  int nByte;                      /* Bytes of space to allocate at pRet */
+  Fts5Structure *pRet = 0;        /* Structure object to return */
+
+  /* Grab the cookie value */
+  if( piCookie ) *piCookie = sqlite3Fts5Get32(pData);
+  i = 4;
+
+  /* Read the total number of levels and segments from the start of the
+  ** structure record.  */
+  i += fts5GetVarint32(&pData[i], nLevel);
+  i += fts5GetVarint32(&pData[i], nSegment);
+  nByte = (
+      sizeof(Fts5Structure) +                    /* Main structure */
+      sizeof(Fts5StructureLevel) * (nLevel-1)    /* aLevel[] array */
+  );
+  pRet = (Fts5Structure*)sqlite3Fts5MallocZero(&rc, nByte);
+
+  if( pRet ){
+    pRet->nRef = 1;
+    pRet->nLevel = nLevel;
+    pRet->nSegment = nSegment;
+    i += sqlite3Fts5GetVarint(&pData[i], &pRet->nWriteCounter);
+
+    for(iLvl=0; rc==SQLITE_OK && iLvl<nLevel; iLvl++){
+      Fts5StructureLevel *pLvl = &pRet->aLevel[iLvl];
+      int nTotal;
+      int iSeg;
+
+      i += fts5GetVarint32(&pData[i], pLvl->nMerge);
+      i += fts5GetVarint32(&pData[i], nTotal);
+      assert( nTotal>=pLvl->nMerge );
+      pLvl->aSeg = (Fts5StructureSegment*)sqlite3Fts5MallocZero(&rc, 
+          nTotal * sizeof(Fts5StructureSegment)
+      );
+
+      if( rc==SQLITE_OK ){
+        pLvl->nSeg = nTotal;
+        for(iSeg=0; iSeg<nTotal; iSeg++){
+          i += fts5GetVarint32(&pData[i], pLvl->aSeg[iSeg].iSegid);
+          i += fts5GetVarint32(&pData[i], pLvl->aSeg[iSeg].pgnoFirst);
+          i += fts5GetVarint32(&pData[i], pLvl->aSeg[iSeg].pgnoLast);
+        }
+      }else{
+        fts5StructureRelease(pRet);
+        pRet = 0;
+      }
+    }
+  }
+
+  *ppOut = pRet;
+  return rc;
+}
+
+/*
+**
+*/
+static void fts5StructureAddLevel(int *pRc, Fts5Structure **ppStruct){
+  if( *pRc==SQLITE_OK ){
+    Fts5Structure *pStruct = *ppStruct;
+    int nLevel = pStruct->nLevel;
+    int nByte = (
+        sizeof(Fts5Structure) +                  /* Main structure */
+        sizeof(Fts5StructureLevel) * (nLevel+1)  /* aLevel[] array */
+    );
+
+    pStruct = sqlite3_realloc(pStruct, nByte);
+    if( pStruct ){
+      memset(&pStruct->aLevel[nLevel], 0, sizeof(Fts5StructureLevel));
+      pStruct->nLevel++;
+      *ppStruct = pStruct;
+    }else{
+      *pRc = SQLITE_NOMEM;
+    }
+  }
+}
+
+/*
+** Extend level iLvl so that there is room for at least nExtra more
+** segments.
+*/
+static void fts5StructureExtendLevel(
+  int *pRc, 
+  Fts5Structure *pStruct, 
+  int iLvl, 
+  int nExtra, 
+  int bInsert
+){
+  if( *pRc==SQLITE_OK ){
+    Fts5StructureLevel *pLvl = &pStruct->aLevel[iLvl];
+    Fts5StructureSegment *aNew;
+    int nByte;
+
+    nByte = (pLvl->nSeg + nExtra) * sizeof(Fts5StructureSegment);
+    aNew = sqlite3_realloc(pLvl->aSeg, nByte);
+    if( aNew ){
+      if( bInsert==0 ){
+        memset(&aNew[pLvl->nSeg], 0, sizeof(Fts5StructureSegment) * nExtra);
+      }else{
+        int nMove = pLvl->nSeg * sizeof(Fts5StructureSegment);
+        memmove(&aNew[nExtra], aNew, nMove);
+        memset(aNew, 0, sizeof(Fts5StructureSegment) * nExtra);
+      }
+      pLvl->aSeg = aNew;
+    }else{
+      *pRc = SQLITE_NOMEM;
+    }
+  }
+}
+
+/*
+** Read, deserialize and return the structure record.
+**
+** The Fts5Structure.aLevel[] and each Fts5StructureLevel.aSeg[] array
+** are over-allocated as described for function fts5StructureDecode() 
+** above.
+**
+** If an error occurs, NULL is returned and an error code left in the
+** Fts5Index handle. If an error has already occurred when this function
+** is called, it is a no-op.
+*/
+static Fts5Structure *fts5StructureRead(Fts5Index *p){
+  Fts5Config *pConfig = p->pConfig;
+  Fts5Structure *pRet = 0;        /* Object to return */
+  int iCookie;                    /* Configuration cookie */
+  Fts5Data *pData;
+
+  pData = fts5DataRead(p, FTS5_STRUCTURE_ROWID);
+  if( p->rc ) return 0;
+  /* TODO: Do we need this if the leaf-index is appended? Probably... */
+  memset(&pData->p[pData->nn], 0, FTS5_DATA_PADDING);
+  p->rc = fts5StructureDecode(pData->p, pData->nn, &iCookie, &pRet);
+  if( p->rc==SQLITE_OK && pConfig->iCookie!=iCookie ){
+    p->rc = sqlite3Fts5ConfigLoad(pConfig, iCookie);
+  }
+
+  fts5DataRelease(pData);
+  if( p->rc!=SQLITE_OK ){
+    fts5StructureRelease(pRet);
+    pRet = 0;
+  }
+  return pRet;
+}
+
+/*
+** Return the total number of segments in index structure pStruct. This
+** function is only ever used as part of assert() conditions.
+*/
+#ifdef SQLITE_DEBUG
+static int fts5StructureCountSegments(Fts5Structure *pStruct){
+  int nSegment = 0;               /* Total number of segments */
+  if( pStruct ){
+    int iLvl;                     /* Used to iterate through levels */
+    for(iLvl=0; iLvl<pStruct->nLevel; iLvl++){
+      nSegment += pStruct->aLevel[iLvl].nSeg;
+    }
+  }
+
+  return nSegment;
+}
+#endif
+
+#define fts5BufferSafeAppendBlob(pBuf, pBlob, nBlob) {     \
+  assert( (pBuf)->nSpace>=((pBuf)->n+nBlob) );             \
+  memcpy(&(pBuf)->p[(pBuf)->n], pBlob, nBlob);             \
+  (pBuf)->n += nBlob;                                      \
+}
+
+#define fts5BufferSafeAppendVarint(pBuf, iVal) {                \
+  (pBuf)->n += sqlite3Fts5PutVarint(&(pBuf)->p[(pBuf)->n], (iVal));  \
+  assert( (pBuf)->nSpace>=(pBuf)->n );                          \
+}
+
+
+/*
+** Serialize and store the "structure" record.
+**
+** If an error occurs, leave an error code in the Fts5Index object. If an
+** error has already occurred, this function is a no-op.
+*/
+static void fts5StructureWrite(Fts5Index *p, Fts5Structure *pStruct){
+  if( p->rc==SQLITE_OK ){
+    Fts5Buffer buf;               /* Buffer to serialize record into */
+    int iLvl;                     /* Used to iterate through levels */
+    int iCookie;                  /* Cookie value to store */
+
+    assert( pStruct->nSegment==fts5StructureCountSegments(pStruct) );
+    memset(&buf, 0, sizeof(Fts5Buffer));
+
+    /* Append the current configuration cookie */
+    iCookie = p->pConfig->iCookie;
+    if( iCookie<0 ) iCookie = 0;
+
+    if( 0==sqlite3Fts5BufferSize(&p->rc, &buf, 4+9+9+9) ){
+      sqlite3Fts5Put32(buf.p, iCookie);
+      buf.n = 4;
+      fts5BufferSafeAppendVarint(&buf, pStruct->nLevel);
+      fts5BufferSafeAppendVarint(&buf, pStruct->nSegment);
+      fts5BufferSafeAppendVarint(&buf, (i64)pStruct->nWriteCounter);
+    }
+
+    for(iLvl=0; iLvl<pStruct->nLevel; iLvl++){
+      int iSeg;                     /* Used to iterate through segments */
+      Fts5StructureLevel *pLvl = &pStruct->aLevel[iLvl];
+      fts5BufferAppendVarint(&p->rc, &buf, pLvl->nMerge);
+      fts5BufferAppendVarint(&p->rc, &buf, pLvl->nSeg);
+      assert( pLvl->nMerge<=pLvl->nSeg );
+
+      for(iSeg=0; iSeg<pLvl->nSeg; iSeg++){
+        fts5BufferAppendVarint(&p->rc, &buf, pLvl->aSeg[iSeg].iSegid);
+        fts5BufferAppendVarint(&p->rc, &buf, pLvl->aSeg[iSeg].pgnoFirst);
+        fts5BufferAppendVarint(&p->rc, &buf, pLvl->aSeg[iSeg].pgnoLast);
+      }
+    }
+
+    fts5DataWrite(p, FTS5_STRUCTURE_ROWID, buf.p, buf.n);
+    fts5BufferFree(&buf);
+  }
+}
+
+#if 0
+static void fts5DebugStructure(int*,Fts5Buffer*,Fts5Structure*);
+static void fts5PrintStructure(const char *zCaption, Fts5Structure *pStruct){
+  int rc = SQLITE_OK;
+  Fts5Buffer buf;
+  memset(&buf, 0, sizeof(buf));
+  fts5DebugStructure(&rc, &buf, pStruct);
+  fprintf(stdout, "%s: %s\n", zCaption, buf.p);
+  fflush(stdout);
+  fts5BufferFree(&buf);
+}
+#else
+# define fts5PrintStructure(x,y)
+#endif
+
+static int fts5SegmentSize(Fts5StructureSegment *pSeg){
+  return 1 + pSeg->pgnoLast - pSeg->pgnoFirst;
+}
+
+/*
+** Return a copy of index structure pStruct. Except, promote as many 
+** segments as possible to level iPromote. If an OOM occurs, NULL is 
+** returned.
+*/
+static void fts5StructurePromoteTo(
+  Fts5Index *p,
+  int iPromote,
+  int szPromote,
+  Fts5Structure *pStruct
+){
+  int il, is;
+  Fts5StructureLevel *pOut = &pStruct->aLevel[iPromote];
+
+  if( pOut->nMerge==0 ){
+    for(il=iPromote+1; il<pStruct->nLevel; il++){
+      Fts5StructureLevel *pLvl = &pStruct->aLevel[il];
+      if( pLvl->nMerge ) return;
+      for(is=pLvl->nSeg-1; is>=0; is--){
+        int sz = fts5SegmentSize(&pLvl->aSeg[is]);
+        if( sz>szPromote ) return;
+        fts5StructureExtendLevel(&p->rc, pStruct, iPromote, 1, 1);
+        if( p->rc ) return;
+        memcpy(pOut->aSeg, &pLvl->aSeg[is], sizeof(Fts5StructureSegment));
+        pOut->nSeg++;
+        pLvl->nSeg--;
+      }
+    }
+  }
+}
+
+/*
+** A new segment has just been written to level iLvl of index structure
+** pStruct. This function determines if any segments should be promoted
+** as a result. Segments are promoted in two scenarios:
+**
+**   a) If the segment just written is smaller than one or more segments
+**      within the previous populated level, it is promoted to the previous
+**      populated level.
+**
+**   b) If the segment just written is larger than the newest segment on
+**      the next populated level, then that segment, and any other adjacent
+**      segments that are also smaller than the one just written, are 
+**      promoted. 
+**
+** If one or more segments are promoted, the structure object is updated
+** to reflect this.
+*/
+static void fts5StructurePromote(
+  Fts5Index *p,                   /* FTS5 backend object */
+  int iLvl,                       /* Index level just updated */
+  Fts5Structure *pStruct          /* Index structure */
+){
+  if( p->rc==SQLITE_OK ){
+    int iTst;
+    int iPromote = -1;
+    int szPromote = 0;            /* Promote anything this size or smaller */
+    Fts5StructureSegment *pSeg;   /* Segment just written */
+    int szSeg;                    /* Size of segment just written */
+    int nSeg = pStruct->aLevel[iLvl].nSeg;
+
+    if( nSeg==0 ) return;
+    pSeg = &pStruct->aLevel[iLvl].aSeg[pStruct->aLevel[iLvl].nSeg-1];
+    szSeg = (1 + pSeg->pgnoLast - pSeg->pgnoFirst);
+
+    /* Check for condition (a) */
+    for(iTst=iLvl-1; iTst>=0 && pStruct->aLevel[iTst].nSeg==0; iTst--);
+    if( iTst>=0 ){
+      int i;
+      int szMax = 0;
+      Fts5StructureLevel *pTst = &pStruct->aLevel[iTst];
+      assert( pTst->nMerge==0 );
+      for(i=0; i<pTst->nSeg; i++){
+        int sz = pTst->aSeg[i].pgnoLast - pTst->aSeg[i].pgnoFirst + 1;
+        if( sz>szMax ) szMax = sz;
+      }
+      if( szMax>=szSeg ){
+        /* Condition (a) is true. Promote the newest segment on level 
+        ** iLvl to level iTst.  */
+        iPromote = iTst;
+        szPromote = szMax;
+      }
+    }
+
+    /* If condition (a) is not met, assume (b) is true. StructurePromoteTo()
+    ** is a no-op if it is not.  */
+    if( iPromote<0 ){
+      iPromote = iLvl;
+      szPromote = szSeg;
+    }
+    fts5StructurePromoteTo(p, iPromote, szPromote, pStruct);
+  }
+}
+
+
+/*
+** Advance the iterator passed as the only argument. If the end of the 
+** doclist-index page is reached, return non-zero.
+*/
+static int fts5DlidxLvlNext(Fts5DlidxLvl *pLvl){
+  Fts5Data *pData = pLvl->pData;
+
+  if( pLvl->iOff==0 ){
+    assert( pLvl->bEof==0 );
+    pLvl->iOff = 1;
+    pLvl->iOff += fts5GetVarint32(&pData->p[1], pLvl->iLeafPgno);
+    pLvl->iOff += fts5GetVarint(&pData->p[pLvl->iOff], (u64*)&pLvl->iRowid);
+    pLvl->iFirstOff = pLvl->iOff;
+  }else{
+    int iOff;
+    for(iOff=pLvl->iOff; iOff<pData->nn; iOff++){
+      if( pData->p[iOff] ) break; 
+    }
+
+    if( iOff<pData->nn ){
+      i64 iVal;
+      pLvl->iLeafPgno += (iOff - pLvl->iOff) + 1;
+      iOff += fts5GetVarint(&pData->p[iOff], (u64*)&iVal);
+      pLvl->iRowid += iVal;
+      pLvl->iOff = iOff;
+    }else{
+      pLvl->bEof = 1;
+    }
+  }
+
+  return pLvl->bEof;
+}
+
+/*
+** Advance the iterator passed as the only argument.
+*/
+static int fts5DlidxIterNextR(Fts5Index *p, Fts5DlidxIter *pIter, int iLvl){
+  Fts5DlidxLvl *pLvl = &pIter->aLvl[iLvl];
+
+  assert( iLvl<pIter->nLvl );
+  if( fts5DlidxLvlNext(pLvl) ){
+    if( (iLvl+1) < pIter->nLvl ){
+      fts5DlidxIterNextR(p, pIter, iLvl+1);
+      if( pLvl[1].bEof==0 ){
+        fts5DataRelease(pLvl->pData);
+        memset(pLvl, 0, sizeof(Fts5DlidxLvl));
+        pLvl->pData = fts5DataRead(p, 
+            FTS5_DLIDX_ROWID(pIter->iSegid, iLvl, pLvl[1].iLeafPgno)
+        );
+        if( pLvl->pData ) fts5DlidxLvlNext(pLvl);
+      }
+    }
+  }
+
+  return pIter->aLvl[0].bEof;
+}
+static int fts5DlidxIterNext(Fts5Index *p, Fts5DlidxIter *pIter){
+  return fts5DlidxIterNextR(p, pIter, 0);
+}
+
+/*
+** The iterator passed as the first argument has the following fields set
+** as follows. This function sets up the rest of the iterator so that it
+** points to the first rowid in the doclist-index.
+**
+**   pData:
+**     pointer to doclist-index record, 
+**
+** When this function is called pIter->iLeafPgno is the page number the
+** doclist is associated with (the one featuring the term).
+*/
+static int fts5DlidxIterFirst(Fts5DlidxIter *pIter){
+  int i;
+  for(i=0; i<pIter->nLvl; i++){
+    fts5DlidxLvlNext(&pIter->aLvl[i]);
+  }
+  return pIter->aLvl[0].bEof;
+}
+
+
+static int fts5DlidxIterEof(Fts5Index *p, Fts5DlidxIter *pIter){
+  return p->rc!=SQLITE_OK || pIter->aLvl[0].bEof;
+}
+
+static void fts5DlidxIterLast(Fts5Index *p, Fts5DlidxIter *pIter){
+  int i;
+
+  /* Advance each level to the last entry on the last page */
+  for(i=pIter->nLvl-1; p->rc==SQLITE_OK && i>=0; i--){
+    Fts5DlidxLvl *pLvl = &pIter->aLvl[i];
+    while( fts5DlidxLvlNext(pLvl)==0 );
+    pLvl->bEof = 0;
+
+    if( i>0 ){
+      Fts5DlidxLvl *pChild = &pLvl[-1];
+      fts5DataRelease(pChild->pData);
+      memset(pChild, 0, sizeof(Fts5DlidxLvl));
+      pChild->pData = fts5DataRead(p, 
+          FTS5_DLIDX_ROWID(pIter->iSegid, i-1, pLvl->iLeafPgno)
+      );
+    }
+  }
+}
+
+/*
+** Move the iterator passed as the only argument to the previous entry.
+*/
+static int fts5DlidxLvlPrev(Fts5DlidxLvl *pLvl){
+  int iOff = pLvl->iOff;
+
+  assert( pLvl->bEof==0 );
+  if( iOff<=pLvl->iFirstOff ){
+    pLvl->bEof = 1;
+  }else{
+    u8 *a = pLvl->pData->p;
+    i64 iVal;
+    int iLimit;
+    int ii;
+    int nZero = 0;
+
+    /* Currently iOff points to the first byte of a varint. This block 
+    ** decrements iOff until it points to the first byte of the previous 
+    ** varint. Taking care not to read any memory locations that occur
+    ** before the buffer in memory.  */
+    iLimit = (iOff>9 ? iOff-9 : 0);
+    for(iOff--; iOff>iLimit; iOff--){
+      if( (a[iOff-1] & 0x80)==0 ) break;
+    }
+
+    fts5GetVarint(&a[iOff], (u64*)&iVal);
+    pLvl->iRowid -= iVal;
+    pLvl->iLeafPgno--;
+
+    /* Skip backwards past any 0x00 varints. */
+    for(ii=iOff-1; ii>=pLvl->iFirstOff && a[ii]==0x00; ii--){
+      nZero++;
+    }
+    if( ii>=pLvl->iFirstOff && (a[ii] & 0x80) ){
+      /* The byte immediately before the last 0x00 byte has the 0x80 bit
+      ** set. So the last 0x00 is only a varint 0 if there are 8 more 0x80
+      ** bytes before a[ii]. */
+      int bZero = 0;              /* True if last 0x00 counts */
+      if( (ii-8)>=pLvl->iFirstOff ){
+        int j;
+        for(j=1; j<=8 && (a[ii-j] & 0x80); j++);
+        bZero = (j>8);
+      }
+      if( bZero==0 ) nZero--;
+    }
+    pLvl->iLeafPgno -= nZero;
+    pLvl->iOff = iOff - nZero;
+  }
+
+  return pLvl->bEof;
+}
+
+static int fts5DlidxIterPrevR(Fts5Index *p, Fts5DlidxIter *pIter, int iLvl){
+  Fts5DlidxLvl *pLvl = &pIter->aLvl[iLvl];
+
+  assert( iLvl<pIter->nLvl );
+  if( fts5DlidxLvlPrev(pLvl) ){
+    if( (iLvl+1) < pIter->nLvl ){
+      fts5DlidxIterPrevR(p, pIter, iLvl+1);
+      if( pLvl[1].bEof==0 ){
+        fts5DataRelease(pLvl->pData);
+        memset(pLvl, 0, sizeof(Fts5DlidxLvl));
+        pLvl->pData = fts5DataRead(p, 
+            FTS5_DLIDX_ROWID(pIter->iSegid, iLvl, pLvl[1].iLeafPgno)
+        );
+        if( pLvl->pData ){
+          while( fts5DlidxLvlNext(pLvl)==0 );
+          pLvl->bEof = 0;
+        }
+      }
+    }
+  }
+
+  return pIter->aLvl[0].bEof;
+}
+static int fts5DlidxIterPrev(Fts5Index *p, Fts5DlidxIter *pIter){
+  return fts5DlidxIterPrevR(p, pIter, 0);
+}
+
+/*
+** Free a doclist-index iterator object allocated by fts5DlidxIterInit().
+*/
+static void fts5DlidxIterFree(Fts5DlidxIter *pIter){
+  if( pIter ){
+    int i;
+    for(i=0; i<pIter->nLvl; i++){
+      fts5DataRelease(pIter->aLvl[i].pData);
+    }
+    sqlite3_free(pIter);
+  }
+}
+
+static Fts5DlidxIter *fts5DlidxIterInit(
+  Fts5Index *p,                   /* Fts5 Backend to iterate within */
+  int bRev,                       /* True for ORDER BY ASC */
+  int iSegid,                     /* Segment id */
+  int iLeafPg                     /* Leaf page number to load dlidx for */
+){
+  Fts5DlidxIter *pIter = 0;
+  int i;
+  int bDone = 0;
+
+  for(i=0; p->rc==SQLITE_OK && bDone==0; i++){
+    int nByte = sizeof(Fts5DlidxIter) + i * sizeof(Fts5DlidxLvl);
+    Fts5DlidxIter *pNew;
+
+    pNew = (Fts5DlidxIter*)sqlite3_realloc(pIter, nByte);
+    if( pNew==0 ){
+      p->rc = SQLITE_NOMEM;
+    }else{
+      i64 iRowid = FTS5_DLIDX_ROWID(iSegid, i, iLeafPg);
+      Fts5DlidxLvl *pLvl = &pNew->aLvl[i];
+      pIter = pNew;
+      memset(pLvl, 0, sizeof(Fts5DlidxLvl));
+      pLvl->pData = fts5DataRead(p, iRowid);
+      if( pLvl->pData && (pLvl->pData->p[0] & 0x0001)==0 ){
+        bDone = 1;
+      }
+      pIter->nLvl = i+1;
+    }
+  }
+
+  if( p->rc==SQLITE_OK ){
+    pIter->iSegid = iSegid;
+    if( bRev==0 ){
+      fts5DlidxIterFirst(pIter);
+    }else{
+      fts5DlidxIterLast(p, pIter);
+    }
+  }
+
+  if( p->rc!=SQLITE_OK ){
+    fts5DlidxIterFree(pIter);
+    pIter = 0;
+  }
+
+  return pIter;
+}
+
+static i64 fts5DlidxIterRowid(Fts5DlidxIter *pIter){
+  return pIter->aLvl[0].iRowid;
+}
+static int fts5DlidxIterPgno(Fts5DlidxIter *pIter){
+  return pIter->aLvl[0].iLeafPgno;
+}
+
+/*
+** Load the next leaf page into the segment iterator.
+*/
+static void fts5SegIterNextPage(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5SegIter *pIter              /* Iterator to advance to next page */
+){
+  Fts5Data *pLeaf;
+  Fts5StructureSegment *pSeg = pIter->pSeg;
+  fts5DataRelease(pIter->pLeaf);
+  pIter->iLeafPgno++;
+  if( pIter->pNextLeaf ){
+    pIter->pLeaf = pIter->pNextLeaf;
+    pIter->pNextLeaf = 0;
+  }else if( pIter->iLeafPgno<=pSeg->pgnoLast ){
+    pIter->pLeaf = fts5DataRead(p, 
+        FTS5_SEGMENT_ROWID(pSeg->iSegid, pIter->iLeafPgno)
+    );
+  }else{
+    pIter->pLeaf = 0;
+  }
+  pLeaf = pIter->pLeaf;
+
+  if( pLeaf ){
+    pIter->iPgidxOff = pLeaf->szLeaf;
+    if( fts5LeafIsTermless(pLeaf) ){
+      pIter->iEndofDoclist = pLeaf->nn+1;
+    }else{
+      pIter->iPgidxOff += fts5GetVarint32(&pLeaf->p[pIter->iPgidxOff],
+          pIter->iEndofDoclist
+      );
+    }
+  }
+}
+
+/*
+** Argument p points to a buffer containing a varint to be interpreted as a
+** position list size field. Read the varint and return the number of bytes
+** read. Before returning, set *pnSz to the number of bytes in the position
+** list, and *pbDel to true if the delete flag is set, or false otherwise.
+*/
+static int fts5GetPoslistSize(const u8 *p, int *pnSz, int *pbDel){
+  int nSz;
+  int n = 0;
+  fts5FastGetVarint32(p, n, nSz);
+  assert_nc( nSz>=0 );
+  *pnSz = nSz/2;
+  *pbDel = nSz & 0x0001;
+  return n;
+}
+
+/*
+** Fts5SegIter.iLeafOffset currently points to the first byte of a
+** position-list size field. Read the value of the field and store it
+** in the following variables:
+**
+**   Fts5SegIter.nPos
+**   Fts5SegIter.bDel
+**
+** Leave Fts5SegIter.iLeafOffset pointing to the first byte of the 
+** position list content (if any).
+*/
+static void fts5SegIterLoadNPos(Fts5Index *p, Fts5SegIter *pIter){
+  if( p->rc==SQLITE_OK ){
+    int iOff = pIter->iLeafOffset;  /* Offset to read at */
+    int nSz;
+    ASSERT_SZLEAF_OK(pIter->pLeaf);
+    fts5FastGetVarint32(pIter->pLeaf->p, iOff, nSz);
+    pIter->bDel = (nSz & 0x0001);
+    pIter->nPos = nSz>>1;
+    pIter->iLeafOffset = iOff;
+    assert_nc( pIter->nPos>=0 );
+  }
+}
+
+static void fts5SegIterLoadRowid(Fts5Index *p, Fts5SegIter *pIter){
+  u8 *a = pIter->pLeaf->p;        /* Buffer to read data from */
+  int iOff = pIter->iLeafOffset;
+
+  ASSERT_SZLEAF_OK(pIter->pLeaf);
+  if( iOff>=pIter->pLeaf->szLeaf ){
+    fts5SegIterNextPage(p, pIter);
+    if( pIter->pLeaf==0 ){
+      if( p->rc==SQLITE_OK ) p->rc = FTS5_CORRUPT;
+      return;
+    }
+    iOff = 4;
+    a = pIter->pLeaf->p;
+  }
+  iOff += sqlite3Fts5GetVarint(&a[iOff], (u64*)&pIter->iRowid);
+  pIter->iLeafOffset = iOff;
+}
+
+/*
+** Fts5SegIter.iLeafOffset currently points to the first byte of the 
+** "nSuffix" field of a term. Function parameter nKeep contains the value
+** of the "nPrefix" field (if there was one - it is passed 0 if this is
+** the first term in the segment).
+**
+** This function populates:
+**
+**   Fts5SegIter.term
+**   Fts5SegIter.rowid
+**
+** accordingly and leaves (Fts5SegIter.iLeafOffset) set to the content of
+** the first position list. The position list belonging to document 
+** (Fts5SegIter.iRowid).
+*/
+static void fts5SegIterLoadTerm(Fts5Index *p, Fts5SegIter *pIter, int nKeep){
+  u8 *a = pIter->pLeaf->p;        /* Buffer to read data from */
+  int iOff = pIter->iLeafOffset;  /* Offset to read at */
+  int nNew;                       /* Bytes of new data */
+
+  iOff += fts5GetVarint32(&a[iOff], nNew);
+  pIter->term.n = nKeep;
+  fts5BufferAppendBlob(&p->rc, &pIter->term, nNew, &a[iOff]);
+  iOff += nNew;
+  pIter->iTermLeafOffset = iOff;
+  pIter->iTermLeafPgno = pIter->iLeafPgno;
+  pIter->iLeafOffset = iOff;
+
+  if( pIter->iPgidxOff>=pIter->pLeaf->nn ){
+    pIter->iEndofDoclist = pIter->pLeaf->nn+1;
+  }else{
+    int nExtra;
+    pIter->iPgidxOff += fts5GetVarint32(&a[pIter->iPgidxOff], nExtra);
+    pIter->iEndofDoclist += nExtra;
+  }
+
+  fts5SegIterLoadRowid(p, pIter);
+}
+
+/*
+** Initialize the iterator object pIter to iterate through the entries in
+** segment pSeg. The iterator is left pointing to the first entry when 
+** this function returns.
+**
+** If an error occurs, Fts5Index.rc is set to an appropriate error code. If 
+** an error has already occurred when this function is called, it is a no-op.
+*/
+static void fts5SegIterInit(
+  Fts5Index *p,                   /* FTS index object */
+  Fts5StructureSegment *pSeg,     /* Description of segment */
+  Fts5SegIter *pIter              /* Object to populate */
+){
+  if( pSeg->pgnoFirst==0 ){
+    /* This happens if the segment is being used as an input to an incremental
+    ** merge and all data has already been "trimmed". See function
+    ** fts5TrimSegments() for details. In this case leave the iterator empty.
+    ** The caller will see the (pIter->pLeaf==0) and assume the iterator is
+    ** at EOF already. */
+    assert( pIter->pLeaf==0 );
+    return;
+  }
+
+  if( p->rc==SQLITE_OK ){
+    memset(pIter, 0, sizeof(*pIter));
+    pIter->pSeg = pSeg;
+    pIter->iLeafPgno = pSeg->pgnoFirst-1;
+    fts5SegIterNextPage(p, pIter);
+  }
+
+  if( p->rc==SQLITE_OK ){
+    pIter->iLeafOffset = 4;
+    assert_nc( pIter->pLeaf->nn>4 );
+    assert( fts5LeafFirstTermOff(pIter->pLeaf)==4 );
+    pIter->iPgidxOff = pIter->pLeaf->szLeaf+1;
+    fts5SegIterLoadTerm(p, pIter, 0);
+    fts5SegIterLoadNPos(p, pIter);
+  }
+}
+
+/*
+** This function is only ever called on iterators created by calls to
+** Fts5IndexQuery() with the FTS5INDEX_QUERY_DESC flag set.
+**
+** The iterator is in an unusual state when this function is called: the
+** Fts5SegIter.iLeafOffset variable is set to the offset of the start of
+** the position-list size field for the first relevant rowid on the page.
+** Fts5SegIter.rowid is set, but nPos and bDel are not.
+**
+** This function advances the iterator so that it points to the last 
+** relevant rowid on the page and, if necessary, initializes the 
+** aRowidOffset[] and iRowidOffset variables. At this point the iterator
+** is in its regular state - Fts5SegIter.iLeafOffset points to the first
+** byte of the position list content associated with said rowid.
+*/
+static void fts5SegIterReverseInitPage(Fts5Index *p, Fts5SegIter *pIter){
+  int n = pIter->pLeaf->szLeaf;
+  int i = pIter->iLeafOffset;
+  u8 *a = pIter->pLeaf->p;
+  int iRowidOffset = 0;
+
+  if( n>pIter->iEndofDoclist ){
+    n = pIter->iEndofDoclist;
+  }
+
+  ASSERT_SZLEAF_OK(pIter->pLeaf);
+  while( 1 ){
+    i64 iDelta = 0;
+    int nPos;
+    int bDummy;
+
+    i += fts5GetPoslistSize(&a[i], &nPos, &bDummy);
+    i += nPos;
+    if( i>=n ) break;
+    i += fts5GetVarint(&a[i], (u64*)&iDelta);
+    pIter->iRowid += iDelta;
+
+    if( iRowidOffset>=pIter->nRowidOffset ){
+      int nNew = pIter->nRowidOffset + 8;
+      int *aNew = (int*)sqlite3_realloc(pIter->aRowidOffset, nNew*sizeof(int));
+      if( aNew==0 ){
+        p->rc = SQLITE_NOMEM;
+        break;
+      }
+      pIter->aRowidOffset = aNew;
+      pIter->nRowidOffset = nNew;
+    }
+
+    pIter->aRowidOffset[iRowidOffset++] = pIter->iLeafOffset;
+    pIter->iLeafOffset = i;
+  }
+  pIter->iRowidOffset = iRowidOffset;
+  fts5SegIterLoadNPos(p, pIter);
+}
+
+/*
+**
+*/
+static void fts5SegIterReverseNewPage(Fts5Index *p, Fts5SegIter *pIter){
+  assert( pIter->flags & FTS5_SEGITER_REVERSE );
+  assert( pIter->flags & FTS5_SEGITER_ONETERM );
+
+  fts5DataRelease(pIter->pLeaf);
+  pIter->pLeaf = 0;
+  while( p->rc==SQLITE_OK && pIter->iLeafPgno>pIter->iTermLeafPgno ){
+    Fts5Data *pNew;
+    pIter->iLeafPgno--;
+    pNew = fts5DataRead(p, FTS5_SEGMENT_ROWID(
+          pIter->pSeg->iSegid, pIter->iLeafPgno
+    ));
+    if( pNew ){
+      /* iTermLeafOffset may be equal to szLeaf if the term is the last
+      ** thing on the page - i.e. the first rowid is on the following page.
+      ** In this case leave pIter->pLeaf==0, this iterator is at EOF. */
+      if( pIter->iLeafPgno==pIter->iTermLeafPgno ){
+        assert( pIter->pLeaf==0 );
+        if( pIter->iTermLeafOffset<pNew->szLeaf ){
+          pIter->pLeaf = pNew;
+          pIter->iLeafOffset = pIter->iTermLeafOffset;
+        }
+      }else{
+        int iRowidOff;
+        iRowidOff = fts5LeafFirstRowidOff(pNew);
+        if( iRowidOff ){
+          pIter->pLeaf = pNew;
+          pIter->iLeafOffset = iRowidOff;
+        }
+      }
+
+      if( pIter->pLeaf ){
+        u8 *a = &pIter->pLeaf->p[pIter->iLeafOffset];
+        pIter->iLeafOffset += fts5GetVarint(a, (u64*)&pIter->iRowid);
+        break;
+      }else{
+        fts5DataRelease(pNew);
+      }
+    }
+  }
+
+  if( pIter->pLeaf ){
+    pIter->iEndofDoclist = pIter->pLeaf->nn+1;
+    fts5SegIterReverseInitPage(p, pIter);
+  }
+}
+
+/*
+** Return true if the iterator passed as the second argument currently
+** points to a delete marker. A delete marker is an entry with a 0 byte
+** position-list.
+*/
+static int fts5MultiIterIsEmpty(Fts5Index *p, Fts5IndexIter *pIter){
+  Fts5SegIter *pSeg = &pIter->aSeg[pIter->aFirst[1].iFirst];
+  return (p->rc==SQLITE_OK && pSeg->pLeaf && pSeg->nPos==0);
+}
+
+/*
+** Advance iterator pIter to the next entry. 
+**
+** If an error occurs, Fts5Index.rc is set to an appropriate error code. It 
+** is not considered an error if the iterator reaches EOF. If an error has 
+** already occurred when this function is called, it is a no-op.
+*/
+static void fts5SegIterNext(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5SegIter *pIter,             /* Iterator to advance */
+  int *pbNewTerm                  /* OUT: Set for new term */
+){
+  assert( pbNewTerm==0 || *pbNewTerm==0 );
+  if( p->rc==SQLITE_OK ){
+    if( pIter->flags & FTS5_SEGITER_REVERSE ){
+      assert( pIter->pNextLeaf==0 );
+      if( pIter->iRowidOffset>0 ){
+        u8 *a = pIter->pLeaf->p;
+        int iOff;
+        int nPos;
+        int bDummy;
+        i64 iDelta;
+
+        pIter->iRowidOffset--;
+        pIter->iLeafOffset = iOff = pIter->aRowidOffset[pIter->iRowidOffset];
+        iOff += fts5GetPoslistSize(&a[iOff], &nPos, &bDummy);
+        iOff += nPos;
+        fts5GetVarint(&a[iOff], (u64*)&iDelta);
+        pIter->iRowid -= iDelta;
+        fts5SegIterLoadNPos(p, pIter);
+      }else{
+        fts5SegIterReverseNewPage(p, pIter);
+      }
+    }else{
+      Fts5Data *pLeaf = pIter->pLeaf;
+      int iOff;
+      int bNewTerm = 0;
+      int nKeep = 0;
+
+      /* Search for the end of the position list within the current page. */
+      u8 *a = pLeaf->p;
+      int n = pLeaf->szLeaf;
+
+      ASSERT_SZLEAF_OK(pLeaf);
+      iOff = pIter->iLeafOffset + pIter->nPos;
+
+      if( iOff<n ){
+        /* The next entry is on the current page. */
+        assert_nc( iOff<=pIter->iEndofDoclist );
+        if( iOff>=pIter->iEndofDoclist ){
+          bNewTerm = 1;
+          if( iOff!=fts5LeafFirstTermOff(pLeaf) ){
+            iOff += fts5GetVarint32(&a[iOff], nKeep);
+          }
+        }else{
+          u64 iDelta;
+          iOff += sqlite3Fts5GetVarint(&a[iOff], &iDelta);
+          pIter->iRowid += iDelta;
+          assert_nc( iDelta>0 );
+        }
+        pIter->iLeafOffset = iOff;
+
+      }else if( pIter->pSeg==0 ){
+        const u8 *pList = 0;
+        const char *zTerm = 0;
+        int nList = 0;
+        assert( (pIter->flags & FTS5_SEGITER_ONETERM) || pbNewTerm );
+        if( 0==(pIter->flags & FTS5_SEGITER_ONETERM) ){
+          sqlite3Fts5HashScanNext(p->pHash);
+          sqlite3Fts5HashScanEntry(p->pHash, &zTerm, &pList, &nList);
+        }
+        if( pList==0 ){
+          fts5DataRelease(pIter->pLeaf);
+          pIter->pLeaf = 0;
+        }else{
+          pIter->pLeaf->p = (u8*)pList;
+          pIter->pLeaf->nn = nList;
+          pIter->pLeaf->szLeaf = nList;
+          pIter->iEndofDoclist = nList+1;
+          sqlite3Fts5BufferSet(&p->rc, &pIter->term, (int)strlen(zTerm),
+              (u8*)zTerm);
+          pIter->iLeafOffset = fts5GetVarint(pList, (u64*)&pIter->iRowid);
+          *pbNewTerm = 1;
+        }
+      }else{
+        iOff = 0;
+        /* Next entry is not on the current page */
+        while( iOff==0 ){
+          fts5SegIterNextPage(p, pIter);
+          pLeaf = pIter->pLeaf;
+          if( pLeaf==0 ) break;
+          ASSERT_SZLEAF_OK(pLeaf);
+          if( (iOff = fts5LeafFirstRowidOff(pLeaf)) && iOff<pLeaf->szLeaf ){
+            iOff += sqlite3Fts5GetVarint(&pLeaf->p[iOff], (u64*)&pIter->iRowid);
+            pIter->iLeafOffset = iOff;
+
+            if( pLeaf->nn>pLeaf->szLeaf ){
+              pIter->iPgidxOff = pLeaf->szLeaf + fts5GetVarint32(
+                  &pLeaf->p[pLeaf->szLeaf], pIter->iEndofDoclist
+              );
+            }
+
+          }
+          else if( pLeaf->nn>pLeaf->szLeaf ){
+            pIter->iPgidxOff = pLeaf->szLeaf + fts5GetVarint32(
+                &pLeaf->p[pLeaf->szLeaf], iOff
+            );
+            pIter->iLeafOffset = iOff;
+            pIter->iEndofDoclist = iOff;
+            bNewTerm = 1;
+          }
+          if( iOff>=pLeaf->szLeaf ){
+            p->rc = FTS5_CORRUPT;
+            return;
+          }
+        }
+      }
+
+      /* Check if the iterator is now at EOF. If so, return early. */
+      if( pIter->pLeaf ){
+        if( bNewTerm ){
+          if( pIter->flags & FTS5_SEGITER_ONETERM ){
+            fts5DataRelease(pIter->pLeaf);
+            pIter->pLeaf = 0;
+          }else{
+            fts5SegIterLoadTerm(p, pIter, nKeep);
+            fts5SegIterLoadNPos(p, pIter);
+            if( pbNewTerm ) *pbNewTerm = 1;
+          }
+        }else{
+          /* The following could be done by calling fts5SegIterLoadNPos(). But
+          ** this block is particularly performance critical, so equivalent
+          ** code is inlined. */
+          int nSz;
+          assert( p->rc==SQLITE_OK );
+          fts5FastGetVarint32(pIter->pLeaf->p, pIter->iLeafOffset, nSz);
+          pIter->bDel = (nSz & 0x0001);
+          pIter->nPos = nSz>>1;
+          assert_nc( pIter->nPos>=0 );
+        }
+      }
+    }
+  }
+}
+
+#define SWAPVAL(T, a, b) { T tmp; tmp=a; a=b; b=tmp; }
+
+/*
+** Iterator pIter currently points to the first rowid in a doclist. This
+** function sets the iterator up so that iterates in reverse order through
+** the doclist.
+*/
+static void fts5SegIterReverse(Fts5Index *p, Fts5SegIter *pIter){
+  Fts5DlidxIter *pDlidx = pIter->pDlidx;
+  Fts5Data *pLast = 0;
+  int pgnoLast = 0;
+
+  if( pDlidx ){
+    int iSegid = pIter->pSeg->iSegid;
+    pgnoLast = fts5DlidxIterPgno(pDlidx);
+    pLast = fts5DataRead(p, FTS5_SEGMENT_ROWID(iSegid, pgnoLast));
+  }else{
+    Fts5Data *pLeaf = pIter->pLeaf;         /* Current leaf data */
+
+    /* Currently, Fts5SegIter.iLeafOffset points to the first byte of
+    ** position-list content for the current rowid. Back it up so that it
+    ** points to the start of the position-list size field. */
+    pIter->iLeafOffset -= sqlite3Fts5GetVarintLen(pIter->nPos*2+pIter->bDel);
+
+    /* If this condition is true then the largest rowid for the current
+    ** term may not be stored on the current page. So search forward to
+    ** see where said rowid really is.  */
+    if( pIter->iEndofDoclist>=pLeaf->szLeaf ){
+      int pgno;
+      Fts5StructureSegment *pSeg = pIter->pSeg;
+
+      /* The last rowid in the doclist may not be on the current page. Search
+      ** forward to find the page containing the last rowid.  */
+      for(pgno=pIter->iLeafPgno+1; !p->rc && pgno<=pSeg->pgnoLast; pgno++){
+        i64 iAbs = FTS5_SEGMENT_ROWID(pSeg->iSegid, pgno);
+        Fts5Data *pNew = fts5DataRead(p, iAbs);
+        if( pNew ){
+          int iRowid, bTermless;
+          iRowid = fts5LeafFirstRowidOff(pNew);
+          bTermless = fts5LeafIsTermless(pNew);
+          if( iRowid ){
+            SWAPVAL(Fts5Data*, pNew, pLast);
+            pgnoLast = pgno;
+          }
+          fts5DataRelease(pNew);
+          if( bTermless==0 ) break;
+        }
+      }
+    }
+  }
+
+  /* If pLast is NULL at this point, then the last rowid for this doclist
+  ** lies on the page currently indicated by the iterator. In this case 
+  ** pIter->iLeafOffset is already set to point to the position-list size
+  ** field associated with the first relevant rowid on the page.
+  **
+  ** Or, if pLast is non-NULL, then it is the page that contains the last
+  ** rowid. In this case configure the iterator so that it points to the
+  ** first rowid on this page.
+  */
+  if( pLast ){
+    int iOff;
+    fts5DataRelease(pIter->pLeaf);
+    pIter->pLeaf = pLast;
+    pIter->iLeafPgno = pgnoLast;
+    iOff = fts5LeafFirstRowidOff(pLast);
+    iOff += fts5GetVarint(&pLast->p[iOff], (u64*)&pIter->iRowid);
+    pIter->iLeafOffset = iOff;
+
+    if( fts5LeafIsTermless(pLast) ){
+      pIter->iEndofDoclist = pLast->nn+1;
+    }else{
+      pIter->iEndofDoclist = fts5LeafFirstTermOff(pLast);
+    }
+
+  }
+
+  fts5SegIterReverseInitPage(p, pIter);
+}
+
+/*
+** Iterator pIter currently points to the first rowid of a doclist.
+** There is a doclist-index associated with the final term on the current 
+** page. If the current term is the last term on the page, load the 
+** doclist-index from disk and initialize an iterator at (pIter->pDlidx).
+*/
+static void fts5SegIterLoadDlidx(Fts5Index *p, Fts5SegIter *pIter){
+  int iSeg = pIter->pSeg->iSegid;
+  int bRev = (pIter->flags & FTS5_SEGITER_REVERSE);
+  Fts5Data *pLeaf = pIter->pLeaf; /* Current leaf data */
+
+  assert( pIter->flags & FTS5_SEGITER_ONETERM );
+  assert( pIter->pDlidx==0 );
+
+  /* Check if the current doclist ends on this page. If it does, return
+  ** early without loading the doclist-index (as it belongs to a different
+  ** term. */
+  if( pIter->iTermLeafPgno==pIter->iLeafPgno 
+   && pIter->iEndofDoclist<pLeaf->szLeaf 
+  ){
+    return;
+  }
+
+  pIter->pDlidx = fts5DlidxIterInit(p, bRev, iSeg, pIter->iTermLeafPgno);
+}
+
+#define fts5IndexSkipVarint(a, iOff) {            \
+  int iEnd = iOff+9;                              \
+  while( (a[iOff++] & 0x80) && iOff<iEnd );       \
+}
+
+/*
+** The iterator object passed as the second argument currently contains
+** no valid values except for the Fts5SegIter.pLeaf member variable. This
+** function searches the leaf page for a term matching (pTerm/nTerm).
+**
+** If the specified term is found on the page, then the iterator is left
+** pointing to it. If argument bGe is zero and the term is not found,
+** the iterator is left pointing at EOF.
+**
+** If bGe is non-zero and the specified term is not found, then the
+** iterator is left pointing to the smallest term in the segment that
+** is larger than the specified term, even if this term is not on the
+** current page.
+*/
+static void fts5LeafSeek(
+  Fts5Index *p,                   /* Leave any error code here */
+  int bGe,                        /* True for a >= search */
+  Fts5SegIter *pIter,             /* Iterator to seek */
+  const u8 *pTerm, int nTerm      /* Term to search for */
+){
+  int iOff;
+  const u8 *a = pIter->pLeaf->p;
+  int szLeaf = pIter->pLeaf->szLeaf;
+  int n = pIter->pLeaf->nn;
+
+  int nMatch = 0;
+  int nKeep = 0;
+  int nNew = 0;
+  int iTermOff;
+  int iPgidx;                     /* Current offset in pgidx */
+  int bEndOfPage = 0;
+
+  assert( p->rc==SQLITE_OK );
+
+  iPgidx = szLeaf;
+  iPgidx += fts5GetVarint32(&a[iPgidx], iTermOff);
+  iOff = iTermOff;
+
+  while( 1 ){
+
+    /* Figure out how many new bytes are in this term */
+    fts5FastGetVarint32(a, iOff, nNew);
+    if( nKeep<nMatch ){
+      goto search_failed;
+    }
+
+    assert( nKeep>=nMatch );
+    if( nKeep==nMatch ){
+      int nCmp;
+      int i;
+      nCmp = MIN(nNew, nTerm-nMatch);
+      for(i=0; i<nCmp; i++){
+        if( a[iOff+i]!=pTerm[nMatch+i] ) break;
+      }
+      nMatch += i;
+
+      if( nTerm==nMatch ){
+        if( i==nNew ){
+          goto search_success;
+        }else{
+          goto search_failed;
+        }
+      }else if( i<nNew && a[iOff+i]>pTerm[nMatch] ){
+        goto search_failed;
+      }
+    }
+
+    if( iPgidx>=n ){
+      bEndOfPage = 1;
+      break;
+    }
+
+    iPgidx += fts5GetVarint32(&a[iPgidx], nKeep);
+    iTermOff += nKeep;
+    iOff = iTermOff;
+
+    /* Read the nKeep field of the next term. */
+    fts5FastGetVarint32(a, iOff, nKeep);
+  }
+
+ search_failed:
+  if( bGe==0 ){
+    fts5DataRelease(pIter->pLeaf);
+    pIter->pLeaf = 0;
+    return;
+  }else if( bEndOfPage ){
+    do {
+      fts5SegIterNextPage(p, pIter);
+      if( pIter->pLeaf==0 ) return;
+      a = pIter->pLeaf->p;
+      if( fts5LeafIsTermless(pIter->pLeaf)==0 ){
+        iPgidx = pIter->pLeaf->szLeaf;
+        iPgidx += fts5GetVarint32(&pIter->pLeaf->p[iPgidx], iOff);
+        if( iOff<4 || iOff>=pIter->pLeaf->szLeaf ){
+          p->rc = FTS5_CORRUPT;
+        }else{
+          nKeep = 0;
+          iTermOff = iOff;
+          n = pIter->pLeaf->nn;
+          iOff += fts5GetVarint32(&a[iOff], nNew);
+          break;
+        }
+      }
+    }while( 1 );
+  }
+
+ search_success:
+
+  pIter->iLeafOffset = iOff + nNew;
+  pIter->iTermLeafOffset = pIter->iLeafOffset;
+  pIter->iTermLeafPgno = pIter->iLeafPgno;
+
+  fts5BufferSet(&p->rc, &pIter->term, nKeep, pTerm);
+  fts5BufferAppendBlob(&p->rc, &pIter->term, nNew, &a[iOff]);
+
+  if( iPgidx>=n ){
+    pIter->iEndofDoclist = pIter->pLeaf->nn+1;
+  }else{
+    int nExtra;
+    iPgidx += fts5GetVarint32(&a[iPgidx], nExtra);
+    pIter->iEndofDoclist = iTermOff + nExtra;
+  }
+  pIter->iPgidxOff = iPgidx;
+
+  fts5SegIterLoadRowid(p, pIter);
+  fts5SegIterLoadNPos(p, pIter);
+}
+
+/*
+** Initialize the object pIter to point to term pTerm/nTerm within segment
+** pSeg. If there is no such term in the index, the iterator is set to EOF.
+**
+** If an error occurs, Fts5Index.rc is set to an appropriate error code. If 
+** an error has already occurred when this function is called, it is a no-op.
+*/
+static void fts5SegIterSeekInit(
+  Fts5Index *p,                   /* FTS5 backend */
+  Fts5Buffer *pBuf,               /* Buffer to use for loading pages */
+  const u8 *pTerm, int nTerm,     /* Term to seek to */
+  int flags,                      /* Mask of FTS5INDEX_XXX flags */
+  Fts5StructureSegment *pSeg,     /* Description of segment */
+  Fts5SegIter *pIter              /* Object to populate */
+){
+  int iPg = 1;
+  int bGe = (flags & FTS5INDEX_QUERY_SCAN);
+  int bDlidx = 0;                 /* True if there is a doclist-index */
+
+  static int nCall = 0;
+  nCall++;
+
+  assert( bGe==0 || (flags & FTS5INDEX_QUERY_DESC)==0 );
+  assert( pTerm && nTerm );
+  memset(pIter, 0, sizeof(*pIter));
+  pIter->pSeg = pSeg;
+
+  /* This block sets stack variable iPg to the leaf page number that may
+  ** contain term (pTerm/nTerm), if it is present in the segment. */
+  if( p->pIdxSelect==0 ){
+    Fts5Config *pConfig = p->pConfig;
+    fts5IndexPrepareStmt(p, &p->pIdxSelect, sqlite3_mprintf(
+          "SELECT pgno FROM '%q'.'%q_idx' WHERE "
+          "segid=? AND term<=? ORDER BY term DESC LIMIT 1",
+          pConfig->zDb, pConfig->zName
+    ));
+  }
+  if( p->rc ) return;
+  sqlite3_bind_int(p->pIdxSelect, 1, pSeg->iSegid);
+  sqlite3_bind_blob(p->pIdxSelect, 2, pTerm, nTerm, SQLITE_STATIC);
+  if( SQLITE_ROW==sqlite3_step(p->pIdxSelect) ){
+    i64 val = sqlite3_column_int(p->pIdxSelect, 0);
+    iPg = (int)(val>>1);
+    bDlidx = (val & 0x0001);
+  }
+  p->rc = sqlite3_reset(p->pIdxSelect);
+
+  if( iPg<pSeg->pgnoFirst ){
+    iPg = pSeg->pgnoFirst;
+    bDlidx = 0;
+  }
+
+  pIter->iLeafPgno = iPg - 1;
+  fts5SegIterNextPage(p, pIter);
+
+  if( pIter->pLeaf ){
+    fts5LeafSeek(p, bGe, pIter, pTerm, nTerm);
+  }
+
+  if( p->rc==SQLITE_OK && bGe==0 ){
+    pIter->flags |= FTS5_SEGITER_ONETERM;
+    if( pIter->pLeaf ){
+      if( flags & FTS5INDEX_QUERY_DESC ){
+        pIter->flags |= FTS5_SEGITER_REVERSE;
+      }
+      if( bDlidx ){
+        fts5SegIterLoadDlidx(p, pIter);
+      }
+      if( flags & FTS5INDEX_QUERY_DESC ){
+        fts5SegIterReverse(p, pIter);
+      }
+    }
+  }
+
+  /* Either:
+  **
+  **   1) an error has occurred, or
+  **   2) the iterator points to EOF, or
+  **   3) the iterator points to an entry with term (pTerm/nTerm), or
+  **   4) the FTS5INDEX_QUERY_SCAN flag was set and the iterator points
+  **      to an entry with a term greater than or equal to (pTerm/nTerm).
+  */
+  assert( p->rc!=SQLITE_OK                                          /* 1 */
+   || pIter->pLeaf==0                                               /* 2 */
+   || fts5BufferCompareBlob(&pIter->term, pTerm, nTerm)==0          /* 3 */
+   || (bGe && fts5BufferCompareBlob(&pIter->term, pTerm, nTerm)>0)  /* 4 */
+  );
+}
+
+/*
+** Initialize the object pIter to point to term pTerm/nTerm within the
+** in-memory hash table. If there is no such term in the hash-table, the 
+** iterator is set to EOF.
+**
+** If an error occurs, Fts5Index.rc is set to an appropriate error code. If 
+** an error has already occurred when this function is called, it is a no-op.
+*/
+static void fts5SegIterHashInit(
+  Fts5Index *p,                   /* FTS5 backend */
+  const u8 *pTerm, int nTerm,     /* Term to seek to */
+  int flags,                      /* Mask of FTS5INDEX_XXX flags */
+  Fts5SegIter *pIter              /* Object to populate */
+){
+  const u8 *pList = 0;
+  int nList = 0;
+  const u8 *z = 0;
+  int n = 0;
+
+  assert( p->pHash );
+  assert( p->rc==SQLITE_OK );
+
+  if( pTerm==0 || (flags & FTS5INDEX_QUERY_SCAN) ){
+    p->rc = sqlite3Fts5HashScanInit(p->pHash, (const char*)pTerm, nTerm);
+    sqlite3Fts5HashScanEntry(p->pHash, (const char**)&z, &pList, &nList);
+    n = (z ? (int)strlen((const char*)z) : 0);
+  }else{
+    pIter->flags |= FTS5_SEGITER_ONETERM;
+    sqlite3Fts5HashQuery(p->pHash, (const char*)pTerm, nTerm, &pList, &nList);
+    z = pTerm;
+    n = nTerm;
+  }
+
+  if( pList ){
+    Fts5Data *pLeaf;
+    sqlite3Fts5BufferSet(&p->rc, &pIter->term, n, z);
+    pLeaf = fts5IdxMalloc(p, sizeof(Fts5Data));
+    if( pLeaf==0 ) return;
+    pLeaf->p = (u8*)pList;
+    pLeaf->nn = pLeaf->szLeaf = nList;
+    pIter->pLeaf = pLeaf;
+    pIter->iLeafOffset = fts5GetVarint(pLeaf->p, (u64*)&pIter->iRowid);
+    pIter->iEndofDoclist = pLeaf->nn+1;
+
+    if( flags & FTS5INDEX_QUERY_DESC ){
+      pIter->flags |= FTS5_SEGITER_REVERSE;
+      fts5SegIterReverseInitPage(p, pIter);
+    }else{
+      fts5SegIterLoadNPos(p, pIter);
+    }
+  }
+}
+
+/*
+** Zero the iterator passed as the only argument.
+*/
+static void fts5SegIterClear(Fts5SegIter *pIter){
+  fts5BufferFree(&pIter->term);
+  fts5DataRelease(pIter->pLeaf);
+  fts5DataRelease(pIter->pNextLeaf);
+  fts5DlidxIterFree(pIter->pDlidx);
+  sqlite3_free(pIter->aRowidOffset);
+  memset(pIter, 0, sizeof(Fts5SegIter));
+}
+
+#ifdef SQLITE_DEBUG
+
+/*
+** This function is used as part of the big assert() procedure implemented by
+** fts5AssertMultiIterSetup(). It ensures that the result currently stored
+** in *pRes is the correct result of comparing the current positions of the
+** two iterators.
+*/
+static void fts5AssertComparisonResult(
+  Fts5IndexIter *pIter, 
+  Fts5SegIter *p1,
+  Fts5SegIter *p2,
+  Fts5CResult *pRes
+){
+  int i1 = p1 - pIter->aSeg;
+  int i2 = p2 - pIter->aSeg;
+
+  if( p1->pLeaf || p2->pLeaf ){
+    if( p1->pLeaf==0 ){
+      assert( pRes->iFirst==i2 );
+    }else if( p2->pLeaf==0 ){
+      assert( pRes->iFirst==i1 );
+    }else{
+      int nMin = MIN(p1->term.n, p2->term.n);
+      int res = memcmp(p1->term.p, p2->term.p, nMin);
+      if( res==0 ) res = p1->term.n - p2->term.n;
+
+      if( res==0 ){
+        assert( pRes->bTermEq==1 );
+        assert( p1->iRowid!=p2->iRowid );
+        res = ((p1->iRowid > p2->iRowid)==pIter->bRev) ? -1 : 1;
+      }else{
+        assert( pRes->bTermEq==0 );
+      }
+
+      if( res<0 ){
+        assert( pRes->iFirst==i1 );
+      }else{
+        assert( pRes->iFirst==i2 );
+      }
+    }
+  }
+}
+
+/*
+** This function is a no-op unless SQLITE_DEBUG is defined when this module
+** is compiled. In that case, this function is essentially an assert() 
+** statement used to verify that the contents of the pIter->aFirst[] array
+** are correct.
+*/
+static void fts5AssertMultiIterSetup(Fts5Index *p, Fts5IndexIter *pIter){
+  if( p->rc==SQLITE_OK ){
+    Fts5SegIter *pFirst = &pIter->aSeg[ pIter->aFirst[1].iFirst ];
+    int i;
+
+    assert( (pFirst->pLeaf==0)==pIter->bEof );
+
+    /* Check that pIter->iSwitchRowid is set correctly. */
+    for(i=0; i<pIter->nSeg; i++){
+      Fts5SegIter *p1 = &pIter->aSeg[i];
+      assert( p1==pFirst 
+           || p1->pLeaf==0 
+           || fts5BufferCompare(&pFirst->term, &p1->term) 
+           || p1->iRowid==pIter->iSwitchRowid
+           || (p1->iRowid<pIter->iSwitchRowid)==pIter->bRev
+      );
+    }
+
+    for(i=0; i<pIter->nSeg; i+=2){
+      Fts5SegIter *p1 = &pIter->aSeg[i];
+      Fts5SegIter *p2 = &pIter->aSeg[i+1];
+      Fts5CResult *pRes = &pIter->aFirst[(pIter->nSeg + i) / 2];
+      fts5AssertComparisonResult(pIter, p1, p2, pRes);
+    }
+
+    for(i=1; i<(pIter->nSeg / 2); i+=2){
+      Fts5SegIter *p1 = &pIter->aSeg[ pIter->aFirst[i*2].iFirst ];
+      Fts5SegIter *p2 = &pIter->aSeg[ pIter->aFirst[i*2+1].iFirst ];
+      Fts5CResult *pRes = &pIter->aFirst[i];
+      fts5AssertComparisonResult(pIter, p1, p2, pRes);
+    }
+  }
+}
+#else
+# define fts5AssertMultiIterSetup(x,y)
+#endif
+
+/*
+** Do the comparison necessary to populate pIter->aFirst[iOut].
+**
+** If the returned value is non-zero, then it is the index of an entry
+** in the pIter->aSeg[] array that is (a) not at EOF, and (b) pointing
+** to a key that is a duplicate of another, higher priority, 
+** segment-iterator in the pSeg->aSeg[] array.
+*/
+static int fts5MultiIterDoCompare(Fts5IndexIter *pIter, int iOut){
+  int i1;                         /* Index of left-hand Fts5SegIter */
+  int i2;                         /* Index of right-hand Fts5SegIter */
+  int iRes;
+  Fts5SegIter *p1;                /* Left-hand Fts5SegIter */
+  Fts5SegIter *p2;                /* Right-hand Fts5SegIter */
+  Fts5CResult *pRes = &pIter->aFirst[iOut];
+
+  assert( iOut<pIter->nSeg && iOut>0 );
+  assert( pIter->bRev==0 || pIter->bRev==1 );
+
+  if( iOut>=(pIter->nSeg/2) ){
+    i1 = (iOut - pIter->nSeg/2) * 2;
+    i2 = i1 + 1;
+  }else{
+    i1 = pIter->aFirst[iOut*2].iFirst;
+    i2 = pIter->aFirst[iOut*2+1].iFirst;
+  }
+  p1 = &pIter->aSeg[i1];
+  p2 = &pIter->aSeg[i2];
+
+  pRes->bTermEq = 0;
+  if( p1->pLeaf==0 ){           /* If p1 is at EOF */
+    iRes = i2;
+  }else if( p2->pLeaf==0 ){     /* If p2 is at EOF */
+    iRes = i1;
+  }else{
+    int res = fts5BufferCompare(&p1->term, &p2->term);
+    if( res==0 ){
+      assert( i2>i1 );
+      assert( i2!=0 );
+      pRes->bTermEq = 1;
+      if( p1->iRowid==p2->iRowid ){
+        p1->bDel = p2->bDel;
+        return i2;
+      }
+      res = ((p1->iRowid > p2->iRowid)==pIter->bRev) ? -1 : +1;
+    }
+    assert( res!=0 );
+    if( res<0 ){
+      iRes = i1;
+    }else{
+      iRes = i2;
+    }
+  }
+
+  pRes->iFirst = (u16)iRes;
+  return 0;
+}
+
+/*
+** Move the seg-iter so that it points to the first rowid on page iLeafPgno.
+** It is an error if leaf iLeafPgno does not exist or contains no rowids.
+*/
+static void fts5SegIterGotoPage(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5SegIter *pIter,             /* Iterator to advance */
+  int iLeafPgno
+){
+  assert( iLeafPgno>pIter->iLeafPgno );
+
+  if( iLeafPgno>pIter->pSeg->pgnoLast ){
+    p->rc = FTS5_CORRUPT;
+  }else{
+    fts5DataRelease(pIter->pNextLeaf);
+    pIter->pNextLeaf = 0;
+    pIter->iLeafPgno = iLeafPgno-1;
+    fts5SegIterNextPage(p, pIter);
+    assert( p->rc!=SQLITE_OK || pIter->iLeafPgno==iLeafPgno );
+
+    if( p->rc==SQLITE_OK ){
+      int iOff;
+      u8 *a = pIter->pLeaf->p;
+      int n = pIter->pLeaf->szLeaf;
+
+      iOff = fts5LeafFirstRowidOff(pIter->pLeaf);
+      if( iOff<4 || iOff>=n ){
+        p->rc = FTS5_CORRUPT;
+      }else{
+        iOff += fts5GetVarint(&a[iOff], (u64*)&pIter->iRowid);
+        pIter->iLeafOffset = iOff;
+        fts5SegIterLoadNPos(p, pIter);
+      }
+    }
+  }
+}
+
+/*
+** Advance the iterator passed as the second argument until it is at or 
+** past rowid iFrom. Regardless of the value of iFrom, the iterator is
+** always advanced at least once.
+*/
+static void fts5SegIterNextFrom(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5SegIter *pIter,             /* Iterator to advance */
+  i64 iMatch                      /* Advance iterator at least this far */
+){
+  int bRev = (pIter->flags & FTS5_SEGITER_REVERSE);
+  Fts5DlidxIter *pDlidx = pIter->pDlidx;
+  int iLeafPgno = pIter->iLeafPgno;
+  int bMove = 1;
+
+  assert( pIter->flags & FTS5_SEGITER_ONETERM );
+  assert( pIter->pDlidx );
+  assert( pIter->pLeaf );
+
+  if( bRev==0 ){
+    while( !fts5DlidxIterEof(p, pDlidx) && iMatch>fts5DlidxIterRowid(pDlidx) ){
+      iLeafPgno = fts5DlidxIterPgno(pDlidx);
+      fts5DlidxIterNext(p, pDlidx);
+    }
+    assert_nc( iLeafPgno>=pIter->iLeafPgno || p->rc );
+    if( iLeafPgno>pIter->iLeafPgno ){
+      fts5SegIterGotoPage(p, pIter, iLeafPgno);
+      bMove = 0;
+    }
+  }else{
+    assert( pIter->pNextLeaf==0 );
+    assert( iMatch<pIter->iRowid );
+    while( !fts5DlidxIterEof(p, pDlidx) && iMatch<fts5DlidxIterRowid(pDlidx) ){
+      fts5DlidxIterPrev(p, pDlidx);
+    }
+    iLeafPgno = fts5DlidxIterPgno(pDlidx);
+
+    assert( fts5DlidxIterEof(p, pDlidx) || iLeafPgno<=pIter->iLeafPgno );
+
+    if( iLeafPgno<pIter->iLeafPgno ){
+      pIter->iLeafPgno = iLeafPgno+1;
+      fts5SegIterReverseNewPage(p, pIter);
+      bMove = 0;
+    }
+  }
+
+  do{
+    if( bMove ) fts5SegIterNext(p, pIter, 0);
+    if( pIter->pLeaf==0 ) break;
+    if( bRev==0 && pIter->iRowid>=iMatch ) break;
+    if( bRev!=0 && pIter->iRowid<=iMatch ) break;
+    bMove = 1;
+  }while( p->rc==SQLITE_OK );
+}
+
+
+/*
+** Free the iterator object passed as the second argument.
+*/
+static void fts5MultiIterFree(Fts5Index *p, Fts5IndexIter *pIter){
+  if( pIter ){
+    int i;
+    for(i=0; i<pIter->nSeg; i++){
+      fts5SegIterClear(&pIter->aSeg[i]);
+    }
+    fts5StructureRelease(pIter->pStruct);
+    fts5BufferFree(&pIter->poslist);
+    sqlite3_free(pIter);
+  }
+}
+
+static void fts5MultiIterAdvanced(
+  Fts5Index *p,                   /* FTS5 backend to iterate within */
+  Fts5IndexIter *pIter,           /* Iterator to update aFirst[] array for */
+  int iChanged,                   /* Index of sub-iterator just advanced */
+  int iMinset                     /* Minimum entry in aFirst[] to set */
+){
+  int i;
+  for(i=(pIter->nSeg+iChanged)/2; i>=iMinset && p->rc==SQLITE_OK; i=i/2){
+    int iEq;
+    if( (iEq = fts5MultiIterDoCompare(pIter, i)) ){
+      fts5SegIterNext(p, &pIter->aSeg[iEq], 0);
+      i = pIter->nSeg + iEq;
+    }
+  }
+}
+
+/*
+** Sub-iterator iChanged of iterator pIter has just been advanced. It still
+** points to the same term though - just a different rowid. This function
+** attempts to update the contents of the pIter->aFirst[] accordingly.
+** If it does so successfully, 0 is returned. Otherwise 1.
+**
+** If non-zero is returned, the caller should call fts5MultiIterAdvanced()
+** on the iterator instead. That function does the same as this one, except
+** that it deals with more complicated cases as well.
+*/ 
+static int fts5MultiIterAdvanceRowid(
+  Fts5Index *p,                   /* FTS5 backend to iterate within */
+  Fts5IndexIter *pIter,           /* Iterator to update aFirst[] array for */
+  int iChanged                    /* Index of sub-iterator just advanced */
+){
+  Fts5SegIter *pNew = &pIter->aSeg[iChanged];
+
+  if( pNew->iRowid==pIter->iSwitchRowid
+   || (pNew->iRowid<pIter->iSwitchRowid)==pIter->bRev
+  ){
+    int i;
+    Fts5SegIter *pOther = &pIter->aSeg[iChanged ^ 0x0001];
+    pIter->iSwitchRowid = pIter->bRev ? SMALLEST_INT64 : LARGEST_INT64;
+    for(i=(pIter->nSeg+iChanged)/2; 1; i=i/2){
+      Fts5CResult *pRes = &pIter->aFirst[i];
+
+      assert( pNew->pLeaf );
+      assert( pRes->bTermEq==0 || pOther->pLeaf );
+
+      if( pRes->bTermEq ){
+        if( pNew->iRowid==pOther->iRowid ){
+          return 1;
+        }else if( (pOther->iRowid>pNew->iRowid)==pIter->bRev ){
+          pIter->iSwitchRowid = pOther->iRowid;
+          pNew = pOther;
+        }else if( (pOther->iRowid>pIter->iSwitchRowid)==pIter->bRev ){
+          pIter->iSwitchRowid = pOther->iRowid;
+        }
+      }
+      pRes->iFirst = (u16)(pNew - pIter->aSeg);
+      if( i==1 ) break;
+
+      pOther = &pIter->aSeg[ pIter->aFirst[i ^ 0x0001].iFirst ];
+    }
+  }
+
+  return 0;
+}
+
+/*
+** Set the pIter->bEof variable based on the state of the sub-iterators.
+*/
+static void fts5MultiIterSetEof(Fts5IndexIter *pIter){
+  Fts5SegIter *pSeg = &pIter->aSeg[ pIter->aFirst[1].iFirst ];
+  pIter->bEof = pSeg->pLeaf==0;
+  pIter->iSwitchRowid = pSeg->iRowid;
+}
+
+/*
+** Move the iterator to the next entry. 
+**
+** If an error occurs, an error code is left in Fts5Index.rc. It is not 
+** considered an error if the iterator reaches EOF, or if it is already at 
+** EOF when this function is called.
+*/
+static void fts5MultiIterNext(
+  Fts5Index *p, 
+  Fts5IndexIter *pIter,
+  int bFrom,                      /* True if argument iFrom is valid */
+  i64 iFrom                       /* Advance at least as far as this */
+){
+  if( p->rc==SQLITE_OK ){
+    int bUseFrom = bFrom;
+    do {
+      int iFirst = pIter->aFirst[1].iFirst;
+      int bNewTerm = 0;
+      Fts5SegIter *pSeg = &pIter->aSeg[iFirst];
+      assert( p->rc==SQLITE_OK );
+      if( bUseFrom && pSeg->pDlidx ){
+        fts5SegIterNextFrom(p, pSeg, iFrom);
+      }else{
+        fts5SegIterNext(p, pSeg, &bNewTerm);
+      }
+
+      if( pSeg->pLeaf==0 || bNewTerm 
+       || fts5MultiIterAdvanceRowid(p, pIter, iFirst)
+      ){
+        fts5MultiIterAdvanced(p, pIter, iFirst, 1);
+        fts5MultiIterSetEof(pIter);
+      }
+      fts5AssertMultiIterSetup(p, pIter);
+
+      bUseFrom = 0;
+    }while( pIter->bSkipEmpty && fts5MultiIterIsEmpty(p, pIter) );
+  }
+}
+
+static void fts5MultiIterNext2(
+  Fts5Index *p, 
+  Fts5IndexIter *pIter,
+  int *pbNewTerm                  /* OUT: True if *might* be new term */
+){
+  assert( pIter->bSkipEmpty );
+  if( p->rc==SQLITE_OK ){
+    do {
+      int iFirst = pIter->aFirst[1].iFirst;
+      Fts5SegIter *pSeg = &pIter->aSeg[iFirst];
+      int bNewTerm = 0;
+
+      fts5SegIterNext(p, pSeg, &bNewTerm);
+      if( pSeg->pLeaf==0 || bNewTerm 
+       || fts5MultiIterAdvanceRowid(p, pIter, iFirst)
+      ){
+        fts5MultiIterAdvanced(p, pIter, iFirst, 1);
+        fts5MultiIterSetEof(pIter);
+        *pbNewTerm = 1;
+      }else{
+        *pbNewTerm = 0;
+      }
+      fts5AssertMultiIterSetup(p, pIter);
+
+    }while( fts5MultiIterIsEmpty(p, pIter) );
+  }
+}
+
+
+static Fts5IndexIter *fts5MultiIterAlloc(
+  Fts5Index *p,                   /* FTS5 backend to iterate within */
+  int nSeg
+){
+  Fts5IndexIter *pNew;
+  int nSlot;                      /* Power of two >= nSeg */
+
+  for(nSlot=2; nSlot<nSeg; nSlot=nSlot*2);
+  pNew = fts5IdxMalloc(p, 
+      sizeof(Fts5IndexIter) +             /* pNew */
+      sizeof(Fts5SegIter) * (nSlot-1) +   /* pNew->aSeg[] */
+      sizeof(Fts5CResult) * nSlot         /* pNew->aFirst[] */
+  );
+  if( pNew ){
+    pNew->nSeg = nSlot;
+    pNew->aFirst = (Fts5CResult*)&pNew->aSeg[nSlot];
+    pNew->pIndex = p;
+  }
+  return pNew;
+}
+
+/*
+** Allocate a new Fts5IndexIter object.
+**
+** The new object will be used to iterate through data in structure pStruct.
+** If iLevel is -ve, then all data in all segments is merged. Or, if iLevel
+** is zero or greater, data from the first nSegment segments on level iLevel
+** is merged.
+**
+** The iterator initially points to the first term/rowid entry in the 
+** iterated data.
+*/
+static void fts5MultiIterNew(
+  Fts5Index *p,                   /* FTS5 backend to iterate within */
+  Fts5Structure *pStruct,         /* Structure of specific index */
+  int bSkipEmpty,                 /* True to ignore delete-keys */
+  int flags,                      /* FTS5INDEX_QUERY_XXX flags */
+  const u8 *pTerm, int nTerm,     /* Term to seek to (or NULL/0) */
+  int iLevel,                     /* Level to iterate (-1 for all) */
+  int nSegment,                   /* Number of segments to merge (iLevel>=0) */
+  Fts5IndexIter **ppOut           /* New object */
+){
+  int nSeg = 0;                   /* Number of segment-iters in use */
+  int iIter = 0;                  /* */
+  int iSeg;                       /* Used to iterate through segments */
+  Fts5Buffer buf = {0,0,0};       /* Buffer used by fts5SegIterSeekInit() */
+  Fts5StructureLevel *pLvl;
+  Fts5IndexIter *pNew;
+
+  assert( (pTerm==0 && nTerm==0) || iLevel<0 );
+
+  /* Allocate space for the new multi-seg-iterator. */
+  if( p->rc==SQLITE_OK ){
+    if( iLevel<0 ){
+      assert( pStruct->nSegment==fts5StructureCountSegments(pStruct) );
+      nSeg = pStruct->nSegment;
+      nSeg += (p->pHash ? 1 : 0);
+    }else{
+      nSeg = MIN(pStruct->aLevel[iLevel].nSeg, nSegment);
+    }
+  }
+  *ppOut = pNew = fts5MultiIterAlloc(p, nSeg);
+  if( pNew==0 ) return;
+  pNew->bRev = (0!=(flags & FTS5INDEX_QUERY_DESC));
+  pNew->bSkipEmpty = (u8)bSkipEmpty;
+  pNew->pStruct = pStruct;
+  fts5StructureRef(pStruct);
+
+  /* Initialize each of the component segment iterators. */
+  if( iLevel<0 ){
+    Fts5StructureLevel *pEnd = &pStruct->aLevel[pStruct->nLevel];
+    if( p->pHash ){
+      /* Add a segment iterator for the current contents of the hash table. */
+      Fts5SegIter *pIter = &pNew->aSeg[iIter++];
+      fts5SegIterHashInit(p, pTerm, nTerm, flags, pIter);
+    }
+    for(pLvl=&pStruct->aLevel[0]; pLvl<pEnd; pLvl++){
+      for(iSeg=pLvl->nSeg-1; iSeg>=0; iSeg--){
+        Fts5StructureSegment *pSeg = &pLvl->aSeg[iSeg];
+        Fts5SegIter *pIter = &pNew->aSeg[iIter++];
+        if( pTerm==0 ){
+          fts5SegIterInit(p, pSeg, pIter);
+        }else{
+          fts5SegIterSeekInit(p, &buf, pTerm, nTerm, flags, pSeg, pIter);
+        }
+      }
+    }
+  }else{
+    pLvl = &pStruct->aLevel[iLevel];
+    for(iSeg=nSeg-1; iSeg>=0; iSeg--){
+      fts5SegIterInit(p, &pLvl->aSeg[iSeg], &pNew->aSeg[iIter++]);
+    }
+  }
+  assert( iIter==nSeg );
+
+  /* If the above was successful, each component iterators now points 
+  ** to the first entry in its segment. In this case initialize the 
+  ** aFirst[] array. Or, if an error has occurred, free the iterator
+  ** object and set the output variable to NULL.  */
+  if( p->rc==SQLITE_OK ){
+    for(iIter=pNew->nSeg-1; iIter>0; iIter--){
+      int iEq;
+      if( (iEq = fts5MultiIterDoCompare(pNew, iIter)) ){
+        fts5SegIterNext(p, &pNew->aSeg[iEq], 0);
+        fts5MultiIterAdvanced(p, pNew, iEq, iIter);
+      }
+    }
+    fts5MultiIterSetEof(pNew);
+    fts5AssertMultiIterSetup(p, pNew);
+
+    if( pNew->bSkipEmpty && fts5MultiIterIsEmpty(p, pNew) ){
+      fts5MultiIterNext(p, pNew, 0, 0);
+    }
+  }else{
+    fts5MultiIterFree(p, pNew);
+    *ppOut = 0;
+  }
+  fts5BufferFree(&buf);
+}
+
+/*
+** Create an Fts5IndexIter that iterates through the doclist provided
+** as the second argument.
+*/
+static void fts5MultiIterNew2(
+  Fts5Index *p,                   /* FTS5 backend to iterate within */
+  Fts5Data *pData,                /* Doclist to iterate through */
+  int bDesc,                      /* True for descending rowid order */
+  Fts5IndexIter **ppOut           /* New object */
+){
+  Fts5IndexIter *pNew;
+  pNew = fts5MultiIterAlloc(p, 2);
+  if( pNew ){
+    Fts5SegIter *pIter = &pNew->aSeg[1];
+
+    pNew->bFiltered = 1;
+    pIter->flags = FTS5_SEGITER_ONETERM;
+    if( pData->szLeaf>0 ){
+      pIter->pLeaf = pData;
+      pIter->iLeafOffset = fts5GetVarint(pData->p, (u64*)&pIter->iRowid);
+      pIter->iEndofDoclist = pData->nn;
+      pNew->aFirst[1].iFirst = 1;
+      if( bDesc ){
+        pNew->bRev = 1;
+        pIter->flags |= FTS5_SEGITER_REVERSE;
+        fts5SegIterReverseInitPage(p, pIter);
+      }else{
+        fts5SegIterLoadNPos(p, pIter);
+      }
+      pData = 0;
+    }else{
+      pNew->bEof = 1;
+    }
+
+    *ppOut = pNew;
+  }
+
+  fts5DataRelease(pData);
+}
+
+/*
+** Return true if the iterator is at EOF or if an error has occurred. 
+** False otherwise.
+*/
+static int fts5MultiIterEof(Fts5Index *p, Fts5IndexIter *pIter){
+  assert( p->rc 
+      || (pIter->aSeg[ pIter->aFirst[1].iFirst ].pLeaf==0)==pIter->bEof 
+  );
+  return (p->rc || pIter->bEof);
+}
+
+/*
+** Return the rowid of the entry that the iterator currently points
+** to. If the iterator points to EOF when this function is called the
+** results are undefined.
+*/
+static i64 fts5MultiIterRowid(Fts5IndexIter *pIter){
+  assert( pIter->aSeg[ pIter->aFirst[1].iFirst ].pLeaf );
+  return pIter->aSeg[ pIter->aFirst[1].iFirst ].iRowid;
+}
+
+/*
+** Move the iterator to the next entry at or following iMatch.
+*/
+static void fts5MultiIterNextFrom(
+  Fts5Index *p, 
+  Fts5IndexIter *pIter, 
+  i64 iMatch
+){
+  while( 1 ){
+    i64 iRowid;
+    fts5MultiIterNext(p, pIter, 1, iMatch);
+    if( fts5MultiIterEof(p, pIter) ) break;
+    iRowid = fts5MultiIterRowid(pIter);
+    if( pIter->bRev==0 && iRowid>=iMatch ) break;
+    if( pIter->bRev!=0 && iRowid<=iMatch ) break;
+  }
+}
+
+/*
+** Return a pointer to a buffer containing the term associated with the 
+** entry that the iterator currently points to.
+*/
+static const u8 *fts5MultiIterTerm(Fts5IndexIter *pIter, int *pn){
+  Fts5SegIter *p = &pIter->aSeg[ pIter->aFirst[1].iFirst ];
+  *pn = p->term.n;
+  return p->term.p;
+}
+
+static void fts5ChunkIterate(
+  Fts5Index *p,                   /* Index object */
+  Fts5SegIter *pSeg,              /* Poslist of this iterator */
+  void *pCtx,                     /* Context pointer for xChunk callback */
+  void (*xChunk)(Fts5Index*, void*, const u8*, int)
+){
+  int nRem = pSeg->nPos;          /* Number of bytes still to come */
+  Fts5Data *pData = 0;
+  u8 *pChunk = &pSeg->pLeaf->p[pSeg->iLeafOffset];
+  int nChunk = MIN(nRem, pSeg->pLeaf->szLeaf - pSeg->iLeafOffset);
+  int pgno = pSeg->iLeafPgno;
+  int pgnoSave = 0;
+
+  if( (pSeg->flags & FTS5_SEGITER_REVERSE)==0 ){
+    pgnoSave = pgno+1;
+  }
+
+  while( 1 ){
+    xChunk(p, pCtx, pChunk, nChunk);
+    nRem -= nChunk;
+    fts5DataRelease(pData);
+    if( nRem<=0 ){
+      break;
+    }else{
+      pgno++;
+      pData = fts5DataRead(p, FTS5_SEGMENT_ROWID(pSeg->pSeg->iSegid, pgno));
+      if( pData==0 ) break;
+      pChunk = &pData->p[4];
+      nChunk = MIN(nRem, pData->szLeaf - 4);
+      if( pgno==pgnoSave ){
+        assert( pSeg->pNextLeaf==0 );
+        pSeg->pNextLeaf = pData;
+        pData = 0;
+      }
+    }
+  }
+}
+
+
+
+/*
+** Allocate a new segment-id for the structure pStruct. The new segment
+** id must be between 1 and 65335 inclusive, and must not be used by 
+** any currently existing segment. If a free segment id cannot be found,
+** SQLITE_FULL is returned.
+**
+** If an error has already occurred, this function is a no-op. 0 is 
+** returned in this case.
+*/
+static int fts5AllocateSegid(Fts5Index *p, Fts5Structure *pStruct){
+  int iSegid = 0;
+
+  if( p->rc==SQLITE_OK ){
+    if( pStruct->nSegment>=FTS5_MAX_SEGMENT ){
+      p->rc = SQLITE_FULL;
+    }else{
+      while( iSegid==0 ){
+        int iLvl, iSeg;
+        sqlite3_randomness(sizeof(u32), (void*)&iSegid);
+        iSegid = iSegid & ((1 << FTS5_DATA_ID_B)-1);
+        for(iLvl=0; iLvl<pStruct->nLevel; iLvl++){
+          for(iSeg=0; iSeg<pStruct->aLevel[iLvl].nSeg; iSeg++){
+            if( iSegid==pStruct->aLevel[iLvl].aSeg[iSeg].iSegid ){
+              iSegid = 0;
+            }
+          }
+        }
+      }
+    }
+  }
+
+  return iSegid;
+}
+
+/*
+** Discard all data currently cached in the hash-tables.
+*/
+static void fts5IndexDiscardData(Fts5Index *p){
+  assert( p->pHash || p->nPendingData==0 );
+  if( p->pHash ){
+    sqlite3Fts5HashClear(p->pHash);
+    p->nPendingData = 0;
+  }
+}
+
+/*
+** Return the size of the prefix, in bytes, that buffer (nNew/pNew) shares
+** with buffer (nOld/pOld).
+*/
+static int fts5PrefixCompress(
+  int nOld, const u8 *pOld,
+  int nNew, const u8 *pNew
+){
+  int i;
+  assert( fts5BlobCompare(pOld, nOld, pNew, nNew)<0 );
+  for(i=0; i<nOld; i++){
+    if( pOld[i]!=pNew[i] ) break;
+  }
+  return i;
+}
+
+static void fts5WriteDlidxClear(
+  Fts5Index *p, 
+  Fts5SegWriter *pWriter,
+  int bFlush                      /* If true, write dlidx to disk */
+){
+  int i;
+  assert( bFlush==0 || (pWriter->nDlidx>0 && pWriter->aDlidx[0].buf.n>0) );
+  for(i=0; i<pWriter->nDlidx; i++){
+    Fts5DlidxWriter *pDlidx = &pWriter->aDlidx[i];
+    if( pDlidx->buf.n==0 ) break;
+    if( bFlush ){
+      assert( pDlidx->pgno!=0 );
+      fts5DataWrite(p, 
+          FTS5_DLIDX_ROWID(pWriter->iSegid, i, pDlidx->pgno),
+          pDlidx->buf.p, pDlidx->buf.n
+      );
+    }
+    sqlite3Fts5BufferZero(&pDlidx->buf);
+    pDlidx->bPrevValid = 0;
+  }
+}
+
+/*
+** Grow the pWriter->aDlidx[] array to at least nLvl elements in size.
+** Any new array elements are zeroed before returning.
+*/
+static int fts5WriteDlidxGrow(
+  Fts5Index *p,
+  Fts5SegWriter *pWriter,
+  int nLvl
+){
+  if( p->rc==SQLITE_OK && nLvl>=pWriter->nDlidx ){
+    Fts5DlidxWriter *aDlidx = (Fts5DlidxWriter*)sqlite3_realloc(
+        pWriter->aDlidx, sizeof(Fts5DlidxWriter) * nLvl
+    );
+    if( aDlidx==0 ){
+      p->rc = SQLITE_NOMEM;
+    }else{
+      int nByte = sizeof(Fts5DlidxWriter) * (nLvl - pWriter->nDlidx);
+      memset(&aDlidx[pWriter->nDlidx], 0, nByte);
+      pWriter->aDlidx = aDlidx;
+      pWriter->nDlidx = nLvl;
+    }
+  }
+  return p->rc;
+}
+
+/*
+** If the current doclist-index accumulating in pWriter->aDlidx[] is large
+** enough, flush it to disk and return 1. Otherwise discard it and return
+** zero.
+*/
+static int fts5WriteFlushDlidx(Fts5Index *p, Fts5SegWriter *pWriter){
+  int bFlag = 0;
+
+  /* If there were FTS5_MIN_DLIDX_SIZE or more empty leaf pages written
+  ** to the database, also write the doclist-index to disk.  */
+  if( pWriter->aDlidx[0].buf.n>0 && pWriter->nEmpty>=FTS5_MIN_DLIDX_SIZE ){
+    bFlag = 1;
+  }
+  fts5WriteDlidxClear(p, pWriter, bFlag);
+  pWriter->nEmpty = 0;
+  return bFlag;
+}
+
+/*
+** This function is called whenever processing of the doclist for the 
+** last term on leaf page (pWriter->iBtPage) is completed. 
+**
+** The doclist-index for that term is currently stored in-memory within the
+** Fts5SegWriter.aDlidx[] array. If it is large enough, this function
+** writes it out to disk. Or, if it is too small to bother with, discards
+** it.
+**
+** Fts5SegWriter.btterm currently contains the first term on page iBtPage.
+*/
+static void fts5WriteFlushBtree(Fts5Index *p, Fts5SegWriter *pWriter){
+  int bFlag;
+
+  assert( pWriter->iBtPage || pWriter->nEmpty==0 );
+  if( pWriter->iBtPage==0 ) return;
+  bFlag = fts5WriteFlushDlidx(p, pWriter);
+
+  if( p->rc==SQLITE_OK ){
+    const char *z = (pWriter->btterm.n>0?(const char*)pWriter->btterm.p:"");
+    /* The following was already done in fts5WriteInit(): */
+    /* sqlite3_bind_int(p->pIdxWriter, 1, pWriter->iSegid); */
+    sqlite3_bind_blob(p->pIdxWriter, 2, z, pWriter->btterm.n, SQLITE_STATIC);
+    sqlite3_bind_int64(p->pIdxWriter, 3, bFlag + ((i64)pWriter->iBtPage<<1));
+    sqlite3_step(p->pIdxWriter);
+    p->rc = sqlite3_reset(p->pIdxWriter);
+  }
+  pWriter->iBtPage = 0;
+}
+
+/*
+** This is called once for each leaf page except the first that contains
+** at least one term. Argument (nTerm/pTerm) is the split-key - a term that
+** is larger than all terms written to earlier leaves, and equal to or
+** smaller than the first term on the new leaf.
+**
+** If an error occurs, an error code is left in Fts5Index.rc. If an error
+** has already occurred when this function is called, it is a no-op.
+*/
+static void fts5WriteBtreeTerm(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5SegWriter *pWriter,         /* Writer object */
+  int nTerm, const u8 *pTerm      /* First term on new page */
+){
+  fts5WriteFlushBtree(p, pWriter);
+  fts5BufferSet(&p->rc, &pWriter->btterm, nTerm, pTerm);
+  pWriter->iBtPage = pWriter->writer.pgno;
+}
+
+/*
+** This function is called when flushing a leaf page that contains no
+** terms at all to disk.
+*/
+static void fts5WriteBtreeNoTerm(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5SegWriter *pWriter          /* Writer object */
+){
+  /* If there were no rowids on the leaf page either and the doclist-index
+  ** has already been started, append an 0x00 byte to it.  */
+  if( pWriter->bFirstRowidInPage && pWriter->aDlidx[0].buf.n>0 ){
+    Fts5DlidxWriter *pDlidx = &pWriter->aDlidx[0];
+    assert( pDlidx->bPrevValid );
+    sqlite3Fts5BufferAppendVarint(&p->rc, &pDlidx->buf, 0);
+  }
+
+  /* Increment the "number of sequential leaves without a term" counter. */
+  pWriter->nEmpty++;
+}
+
+static i64 fts5DlidxExtractFirstRowid(Fts5Buffer *pBuf){
+  i64 iRowid;
+  int iOff;
+
+  iOff = 1 + fts5GetVarint(&pBuf->p[1], (u64*)&iRowid);
+  fts5GetVarint(&pBuf->p[iOff], (u64*)&iRowid);
+  return iRowid;
+}
+
+/*
+** Rowid iRowid has just been appended to the current leaf page. It is the
+** first on the page. This function appends an appropriate entry to the current
+** doclist-index.
+*/
+static void fts5WriteDlidxAppend(
+  Fts5Index *p, 
+  Fts5SegWriter *pWriter, 
+  i64 iRowid
+){
+  int i;
+  int bDone = 0;
+
+  for(i=0; p->rc==SQLITE_OK && bDone==0; i++){
+    i64 iVal;
+    Fts5DlidxWriter *pDlidx = &pWriter->aDlidx[i];
+
+    if( pDlidx->buf.n>=p->pConfig->pgsz ){
+      /* The current doclist-index page is full. Write it to disk and push
+      ** a copy of iRowid (which will become the first rowid on the next
+      ** doclist-index leaf page) up into the next level of the b-tree 
+      ** hierarchy. If the node being flushed is currently the root node,
+      ** also push its first rowid upwards. */
+      pDlidx->buf.p[0] = 0x01;    /* Not the root node */
+      fts5DataWrite(p, 
+          FTS5_DLIDX_ROWID(pWriter->iSegid, i, pDlidx->pgno),
+          pDlidx->buf.p, pDlidx->buf.n
+      );
+      fts5WriteDlidxGrow(p, pWriter, i+2);
+      pDlidx = &pWriter->aDlidx[i];
+      if( p->rc==SQLITE_OK && pDlidx[1].buf.n==0 ){
+        i64 iFirst = fts5DlidxExtractFirstRowid(&pDlidx->buf);
+
+        /* This was the root node. Push its first rowid up to the new root. */
+        pDlidx[1].pgno = pDlidx->pgno;
+        sqlite3Fts5BufferAppendVarint(&p->rc, &pDlidx[1].buf, 0);
+        sqlite3Fts5BufferAppendVarint(&p->rc, &pDlidx[1].buf, pDlidx->pgno);
+        sqlite3Fts5BufferAppendVarint(&p->rc, &pDlidx[1].buf, iFirst);
+        pDlidx[1].bPrevValid = 1;
+        pDlidx[1].iPrev = iFirst;
+      }
+
+      sqlite3Fts5BufferZero(&pDlidx->buf);
+      pDlidx->bPrevValid = 0;
+      pDlidx->pgno++;
+    }else{
+      bDone = 1;
+    }
+
+    if( pDlidx->bPrevValid ){
+      iVal = iRowid - pDlidx->iPrev;
+    }else{
+      i64 iPgno = (i==0 ? pWriter->writer.pgno : pDlidx[-1].pgno);
+      assert( pDlidx->buf.n==0 );
+      sqlite3Fts5BufferAppendVarint(&p->rc, &pDlidx->buf, !bDone);
+      sqlite3Fts5BufferAppendVarint(&p->rc, &pDlidx->buf, iPgno);
+      iVal = iRowid;
+    }
+
+    sqlite3Fts5BufferAppendVarint(&p->rc, &pDlidx->buf, iVal);
+    pDlidx->bPrevValid = 1;
+    pDlidx->iPrev = iRowid;
+  }
+}
+
+static void fts5WriteFlushLeaf(Fts5Index *p, Fts5SegWriter *pWriter){
+  static const u8 zero[] = { 0x00, 0x00, 0x00, 0x00 };
+  Fts5PageWriter *pPage = &pWriter->writer;
+  i64 iRowid;
+
+  assert( (pPage->pgidx.n==0)==(pWriter->bFirstTermInPage) );
+
+  /* Set the szLeaf header field. */
+  assert( 0==fts5GetU16(&pPage->buf.p[2]) );
+  fts5PutU16(&pPage->buf.p[2], (u16)pPage->buf.n);
+
+  if( pWriter->bFirstTermInPage ){
+    /* No term was written to this page. */
+    assert( pPage->pgidx.n==0 );
+    fts5WriteBtreeNoTerm(p, pWriter);
+  }else{
+    /* Append the pgidx to the page buffer. Set the szLeaf header field. */
+    fts5BufferAppendBlob(&p->rc, &pPage->buf, pPage->pgidx.n, pPage->pgidx.p);
+  }
+
+  /* Write the page out to disk */
+  iRowid = FTS5_SEGMENT_ROWID(pWriter->iSegid, pPage->pgno);
+  fts5DataWrite(p, iRowid, pPage->buf.p, pPage->buf.n);
+
+  /* Initialize the next page. */
+  fts5BufferZero(&pPage->buf);
+  fts5BufferZero(&pPage->pgidx);
+  fts5BufferAppendBlob(&p->rc, &pPage->buf, 4, zero);
+  pPage->iPrevPgidx = 0;
+  pPage->pgno++;
+
+  /* Increase the leaves written counter */
+  pWriter->nLeafWritten++;
+
+  /* The new leaf holds no terms or rowids */
+  pWriter->bFirstTermInPage = 1;
+  pWriter->bFirstRowidInPage = 1;
+}
+
+/*
+** Append term pTerm/nTerm to the segment being written by the writer passed
+** as the second argument.
+**
+** If an error occurs, set the Fts5Index.rc error code. If an error has 
+** already occurred, this function is a no-op.
+*/
+static void fts5WriteAppendTerm(
+  Fts5Index *p, 
+  Fts5SegWriter *pWriter,
+  int nTerm, const u8 *pTerm 
+){
+  int nPrefix;                    /* Bytes of prefix compression for term */
+  Fts5PageWriter *pPage = &pWriter->writer;
+  Fts5Buffer *pPgidx = &pWriter->writer.pgidx;
+
+  assert( p->rc==SQLITE_OK );
+  assert( pPage->buf.n>=4 );
+  assert( pPage->buf.n>4 || pWriter->bFirstTermInPage );
+
+  /* If the current leaf page is full, flush it to disk. */
+  if( (pPage->buf.n + pPgidx->n + nTerm + 2)>=p->pConfig->pgsz ){
+    if( pPage->buf.n>4 ){
+      fts5WriteFlushLeaf(p, pWriter);
+    }
+    fts5BufferGrow(&p->rc, &pPage->buf, nTerm+FTS5_DATA_PADDING);
+  }
+  
+  /* TODO1: Updating pgidx here. */
+  pPgidx->n += sqlite3Fts5PutVarint(
+      &pPgidx->p[pPgidx->n], pPage->buf.n - pPage->iPrevPgidx
+  );
+  pPage->iPrevPgidx = pPage->buf.n;
+#if 0
+  fts5PutU16(&pPgidx->p[pPgidx->n], pPage->buf.n);
+  pPgidx->n += 2;
+#endif
+
+  if( pWriter->bFirstTermInPage ){
+    nPrefix = 0;
+    if( pPage->pgno!=1 ){
+      /* This is the first term on a leaf that is not the leftmost leaf in
+      ** the segment b-tree. In this case it is necessary to add a term to
+      ** the b-tree hierarchy that is (a) larger than the largest term 
+      ** already written to the segment and (b) smaller than or equal to
+      ** this term. In other words, a prefix of (pTerm/nTerm) that is one
+      ** byte longer than the longest prefix (pTerm/nTerm) shares with the
+      ** previous term. 
+      **
+      ** Usually, the previous term is available in pPage->term. The exception
+      ** is if this is the first term written in an incremental-merge step.
+      ** In this case the previous term is not available, so just write a
+      ** copy of (pTerm/nTerm) into the parent node. This is slightly
+      ** inefficient, but still correct.  */
+      int n = nTerm;
+      if( pPage->term.n ){
+        n = 1 + fts5PrefixCompress(pPage->term.n, pPage->term.p, nTerm, pTerm);
+      }
+      fts5WriteBtreeTerm(p, pWriter, n, pTerm);
+      pPage = &pWriter->writer;
+    }
+  }else{
+    nPrefix = fts5PrefixCompress(pPage->term.n, pPage->term.p, nTerm, pTerm);
+    fts5BufferAppendVarint(&p->rc, &pPage->buf, nPrefix);
+  }
+
+  /* Append the number of bytes of new data, then the term data itself
+  ** to the page. */
+  fts5BufferAppendVarint(&p->rc, &pPage->buf, nTerm - nPrefix);
+  fts5BufferAppendBlob(&p->rc, &pPage->buf, nTerm - nPrefix, &pTerm[nPrefix]);
+
+  /* Update the Fts5PageWriter.term field. */
+  fts5BufferSet(&p->rc, &pPage->term, nTerm, pTerm);
+  pWriter->bFirstTermInPage = 0;
+
+  pWriter->bFirstRowidInPage = 0;
+  pWriter->bFirstRowidInDoclist = 1;
+
+  assert( p->rc || (pWriter->nDlidx>0 && pWriter->aDlidx[0].buf.n==0) );
+  pWriter->aDlidx[0].pgno = pPage->pgno;
+}
+
+/*
+** Append a rowid and position-list size field to the writers output. 
+*/
+static void fts5WriteAppendRowid(
+  Fts5Index *p, 
+  Fts5SegWriter *pWriter,
+  i64 iRowid,
+  int nPos
+){
+  if( p->rc==SQLITE_OK ){
+    Fts5PageWriter *pPage = &pWriter->writer;
+
+    if( (pPage->buf.n + pPage->pgidx.n)>=p->pConfig->pgsz ){
+      fts5WriteFlushLeaf(p, pWriter);
+    }
+
+    /* If this is to be the first rowid written to the page, set the 
+    ** rowid-pointer in the page-header. Also append a value to the dlidx
+    ** buffer, in case a doclist-index is required.  */
+    if( pWriter->bFirstRowidInPage ){
+      fts5PutU16(pPage->buf.p, (u16)pPage->buf.n);
+      fts5WriteDlidxAppend(p, pWriter, iRowid);
+    }
+
+    /* Write the rowid. */
+    if( pWriter->bFirstRowidInDoclist || pWriter->bFirstRowidInPage ){
+      fts5BufferAppendVarint(&p->rc, &pPage->buf, iRowid);
+    }else{
+      assert( p->rc || iRowid>pWriter->iPrevRowid );
+      fts5BufferAppendVarint(&p->rc, &pPage->buf, iRowid - pWriter->iPrevRowid);
+    }
+    pWriter->iPrevRowid = iRowid;
+    pWriter->bFirstRowidInDoclist = 0;
+    pWriter->bFirstRowidInPage = 0;
+
+    fts5BufferAppendVarint(&p->rc, &pPage->buf, nPos);
+  }
+}
+
+static void fts5WriteAppendPoslistData(
+  Fts5Index *p, 
+  Fts5SegWriter *pWriter, 
+  const u8 *aData, 
+  int nData
+){
+  Fts5PageWriter *pPage = &pWriter->writer;
+  const u8 *a = aData;
+  int n = nData;
+  
+  assert( p->pConfig->pgsz>0 );
+  while( p->rc==SQLITE_OK 
+     && (pPage->buf.n + pPage->pgidx.n + n)>=p->pConfig->pgsz 
+  ){
+    int nReq = p->pConfig->pgsz - pPage->buf.n - pPage->pgidx.n;
+    int nCopy = 0;
+    while( nCopy<nReq ){
+      i64 dummy;
+      nCopy += fts5GetVarint(&a[nCopy], (u64*)&dummy);
+    }
+    fts5BufferAppendBlob(&p->rc, &pPage->buf, nCopy, a);
+    a += nCopy;
+    n -= nCopy;
+    fts5WriteFlushLeaf(p, pWriter);
+  }
+  if( n>0 ){
+    fts5BufferAppendBlob(&p->rc, &pPage->buf, n, a);
+  }
+}
+
+/*
+** Flush any data cached by the writer object to the database. Free any
+** allocations associated with the writer.
+*/
+static void fts5WriteFinish(
+  Fts5Index *p, 
+  Fts5SegWriter *pWriter,         /* Writer object */
+  int *pnLeaf                     /* OUT: Number of leaf pages in b-tree */
+){
+  int i;
+  Fts5PageWriter *pLeaf = &pWriter->writer;
+  if( p->rc==SQLITE_OK ){
+    assert( pLeaf->pgno>=1 );
+    if( pLeaf->buf.n>4 ){
+      fts5WriteFlushLeaf(p, pWriter);
+    }
+    *pnLeaf = pLeaf->pgno-1;
+    fts5WriteFlushBtree(p, pWriter);
+  }
+  fts5BufferFree(&pLeaf->term);
+  fts5BufferFree(&pLeaf->buf);
+  fts5BufferFree(&pLeaf->pgidx);
+  fts5BufferFree(&pWriter->btterm);
+
+  for(i=0; i<pWriter->nDlidx; i++){
+    sqlite3Fts5BufferFree(&pWriter->aDlidx[i].buf);
+  }
+  sqlite3_free(pWriter->aDlidx);
+}
+
+static void fts5WriteInit(
+  Fts5Index *p, 
+  Fts5SegWriter *pWriter, 
+  int iSegid
+){
+  const int nBuffer = p->pConfig->pgsz + FTS5_DATA_PADDING;
+
+  memset(pWriter, 0, sizeof(Fts5SegWriter));
+  pWriter->iSegid = iSegid;
+
+  fts5WriteDlidxGrow(p, pWriter, 1);
+  pWriter->writer.pgno = 1;
+  pWriter->bFirstTermInPage = 1;
+  pWriter->iBtPage = 1;
+
+  assert( pWriter->writer.buf.n==0 );
+  assert( pWriter->writer.pgidx.n==0 );
+
+  /* Grow the two buffers to pgsz + padding bytes in size. */
+  sqlite3Fts5BufferSize(&p->rc, &pWriter->writer.pgidx, nBuffer);
+  sqlite3Fts5BufferSize(&p->rc, &pWriter->writer.buf, nBuffer);
+
+  if( p->pIdxWriter==0 ){
+    Fts5Config *pConfig = p->pConfig;
+    fts5IndexPrepareStmt(p, &p->pIdxWriter, sqlite3_mprintf(
+          "INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?)", 
+          pConfig->zDb, pConfig->zName
+    ));
+  }
+
+  if( p->rc==SQLITE_OK ){
+    /* Initialize the 4-byte leaf-page header to 0x00. */
+    memset(pWriter->writer.buf.p, 0, 4);
+    pWriter->writer.buf.n = 4;
+
+    /* Bind the current output segment id to the index-writer. This is an
+    ** optimization over binding the same value over and over as rows are
+    ** inserted into %_idx by the current writer.  */
+    sqlite3_bind_int(p->pIdxWriter, 1, pWriter->iSegid);
+  }
+}
+
+/*
+** Iterator pIter was used to iterate through the input segments of on an
+** incremental merge operation. This function is called if the incremental
+** merge step has finished but the input has not been completely exhausted.
+*/
+static void fts5TrimSegments(Fts5Index *p, Fts5IndexIter *pIter){
+  int i;
+  Fts5Buffer buf;
+  memset(&buf, 0, sizeof(Fts5Buffer));
+  for(i=0; i<pIter->nSeg; i++){
+    Fts5SegIter *pSeg = &pIter->aSeg[i];
+    if( pSeg->pSeg==0 ){
+      /* no-op */
+    }else if( pSeg->pLeaf==0 ){
+      /* All keys from this input segment have been transfered to the output.
+      ** Set both the first and last page-numbers to 0 to indicate that the
+      ** segment is now empty. */
+      pSeg->pSeg->pgnoLast = 0;
+      pSeg->pSeg->pgnoFirst = 0;
+    }else{
+      int iOff = pSeg->iTermLeafOffset;     /* Offset on new first leaf page */
+      i64 iLeafRowid;
+      Fts5Data *pData;
+      int iId = pSeg->pSeg->iSegid;
+      u8 aHdr[4] = {0x00, 0x00, 0x00, 0x00};
+
+      iLeafRowid = FTS5_SEGMENT_ROWID(iId, pSeg->iTermLeafPgno);
+      pData = fts5DataRead(p, iLeafRowid);
+      if( pData ){
+        fts5BufferZero(&buf);
+        fts5BufferGrow(&p->rc, &buf, pData->nn);
+        fts5BufferAppendBlob(&p->rc, &buf, sizeof(aHdr), aHdr);
+        fts5BufferAppendVarint(&p->rc, &buf, pSeg->term.n);
+        fts5BufferAppendBlob(&p->rc, &buf, pSeg->term.n, pSeg->term.p);
+        fts5BufferAppendBlob(&p->rc, &buf, pData->szLeaf-iOff, &pData->p[iOff]);
+        if( p->rc==SQLITE_OK ){
+          /* Set the szLeaf field */
+          fts5PutU16(&buf.p[2], (u16)buf.n);
+        }
+
+        /* Set up the new page-index array */
+        fts5BufferAppendVarint(&p->rc, &buf, 4);
+        if( pSeg->iLeafPgno==pSeg->iTermLeafPgno 
+         && pSeg->iEndofDoclist<pData->szLeaf 
+        ){
+          int nDiff = pData->szLeaf - pSeg->iEndofDoclist;
+          fts5BufferAppendVarint(&p->rc, &buf, buf.n - 1 - nDiff - 4);
+          fts5BufferAppendBlob(&p->rc, &buf, 
+              pData->nn - pSeg->iPgidxOff, &pData->p[pSeg->iPgidxOff]
+          );
+        }
+
+        fts5DataRelease(pData);
+        pSeg->pSeg->pgnoFirst = pSeg->iTermLeafPgno;
+        fts5DataDelete(p, FTS5_SEGMENT_ROWID(iId, 1), iLeafRowid);
+        fts5DataWrite(p, iLeafRowid, buf.p, buf.n);
+      }
+    }
+  }
+  fts5BufferFree(&buf);
+}
+
+static void fts5MergeChunkCallback(
+  Fts5Index *p, 
+  void *pCtx, 
+  const u8 *pChunk, int nChunk
+){
+  Fts5SegWriter *pWriter = (Fts5SegWriter*)pCtx;
+  fts5WriteAppendPoslistData(p, pWriter, pChunk, nChunk);
+}
+
+/*
+**
+*/
+static void fts5IndexMergeLevel(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5Structure **ppStruct,       /* IN/OUT: Stucture of index */
+  int iLvl,                       /* Level to read input from */
+  int *pnRem                      /* Write up to this many output leaves */
+){
+  Fts5Structure *pStruct = *ppStruct;
+  Fts5StructureLevel *pLvl = &pStruct->aLevel[iLvl];
+  Fts5StructureLevel *pLvlOut;
+  Fts5IndexIter *pIter = 0;       /* Iterator to read input data */
+  int nRem = pnRem ? *pnRem : 0;  /* Output leaf pages left to write */
+  int nInput;                     /* Number of input segments */
+  Fts5SegWriter writer;           /* Writer object */
+  Fts5StructureSegment *pSeg;     /* Output segment */
+  Fts5Buffer term;
+  int bOldest;                    /* True if the output segment is the oldest */
+
+  assert( iLvl<pStruct->nLevel );
+  assert( pLvl->nMerge<=pLvl->nSeg );
+
+  memset(&writer, 0, sizeof(Fts5SegWriter));
+  memset(&term, 0, sizeof(Fts5Buffer));
+  if( pLvl->nMerge ){
+    pLvlOut = &pStruct->aLevel[iLvl+1];
+    assert( pLvlOut->nSeg>0 );
+    nInput = pLvl->nMerge;
+    pSeg = &pLvlOut->aSeg[pLvlOut->nSeg-1];
+
+    fts5WriteInit(p, &writer, pSeg->iSegid);
+    writer.writer.pgno = pSeg->pgnoLast+1;
+    writer.iBtPage = 0;
+  }else{
+    int iSegid = fts5AllocateSegid(p, pStruct);
+
+    /* Extend the Fts5Structure object as required to ensure the output
+    ** segment exists. */
+    if( iLvl==pStruct->nLevel-1 ){
+      fts5StructureAddLevel(&p->rc, ppStruct);
+      pStruct = *ppStruct;
+    }
+    fts5StructureExtendLevel(&p->rc, pStruct, iLvl+1, 1, 0);
+    if( p->rc ) return;
+    pLvl = &pStruct->aLevel[iLvl];
+    pLvlOut = &pStruct->aLevel[iLvl+1];
+
+    fts5WriteInit(p, &writer, iSegid);
+
+    /* Add the new segment to the output level */
+    pSeg = &pLvlOut->aSeg[pLvlOut->nSeg];
+    pLvlOut->nSeg++;
+    pSeg->pgnoFirst = 1;
+    pSeg->iSegid = iSegid;
+    pStruct->nSegment++;
+
+    /* Read input from all segments in the input level */
+    nInput = pLvl->nSeg;
+  }
+  bOldest = (pLvlOut->nSeg==1 && pStruct->nLevel==iLvl+2);
+
+  assert( iLvl>=0 );
+  for(fts5MultiIterNew(p, pStruct, 0, 0, 0, 0, iLvl, nInput, &pIter);
+      fts5MultiIterEof(p, pIter)==0;
+      fts5MultiIterNext(p, pIter, 0, 0)
+  ){
+    Fts5SegIter *pSegIter = &pIter->aSeg[ pIter->aFirst[1].iFirst ];
+    int nPos;                     /* position-list size field value */
+    int nTerm;
+    const u8 *pTerm;
+
+    /* Check for key annihilation. */
+    if( pSegIter->nPos==0 && (bOldest || pSegIter->bDel==0) ) continue;
+
+    pTerm = fts5MultiIterTerm(pIter, &nTerm);
+    if( nTerm!=term.n || memcmp(pTerm, term.p, nTerm) ){
+      if( pnRem && writer.nLeafWritten>nRem ){
+        break;
+      }
+
+      /* This is a new term. Append a term to the output segment. */
+      fts5WriteAppendTerm(p, &writer, nTerm, pTerm);
+      fts5BufferSet(&p->rc, &term, nTerm, pTerm);
+    }
+
+    /* Append the rowid to the output */
+    /* WRITEPOSLISTSIZE */
+    nPos = pSegIter->nPos*2 + pSegIter->bDel;
+    fts5WriteAppendRowid(p, &writer, fts5MultiIterRowid(pIter), nPos);
+
+    /* Append the position-list data to the output */
+    fts5ChunkIterate(p, pSegIter, (void*)&writer, fts5MergeChunkCallback);
+  }
+
+  /* Flush the last leaf page to disk. Set the output segment b-tree height
+  ** and last leaf page number at the same time.  */
+  fts5WriteFinish(p, &writer, &pSeg->pgnoLast);
+
+  if( fts5MultiIterEof(p, pIter) ){
+    int i;
+
+    /* Remove the redundant segments from the %_data table */
+    for(i=0; i<nInput; i++){
+      fts5DataRemoveSegment(p, pLvl->aSeg[i].iSegid);
+    }
+
+    /* Remove the redundant segments from the input level */
+    if( pLvl->nSeg!=nInput ){
+      int nMove = (pLvl->nSeg - nInput) * sizeof(Fts5StructureSegment);
+      memmove(pLvl->aSeg, &pLvl->aSeg[nInput], nMove);
+    }
+    pStruct->nSegment -= nInput;
+    pLvl->nSeg -= nInput;
+    pLvl->nMerge = 0;
+    if( pSeg->pgnoLast==0 ){
+      pLvlOut->nSeg--;
+      pStruct->nSegment--;
+    }
+  }else{
+    assert( pSeg->pgnoLast>0 );
+    fts5TrimSegments(p, pIter);
+    pLvl->nMerge = nInput;
+  }
+
+  fts5MultiIterFree(p, pIter);
+  fts5BufferFree(&term);
+  if( pnRem ) *pnRem -= writer.nLeafWritten;
+}
+
+/*
+** Do up to nPg pages of automerge work on the index.
+*/
+static void fts5IndexMerge(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5Structure **ppStruct,       /* IN/OUT: Current structure of index */
+  int nPg                         /* Pages of work to do */
+){
+  int nRem = nPg;
+  Fts5Structure *pStruct = *ppStruct;
+  while( nRem>0 && p->rc==SQLITE_OK ){
+    int iLvl;                   /* To iterate through levels */
+    int iBestLvl = 0;           /* Level offering the most input segments */
+    int nBest = 0;              /* Number of input segments on best level */
+
+    /* Set iBestLvl to the level to read input segments from. */
+    assert( pStruct->nLevel>0 );
+    for(iLvl=0; iLvl<pStruct->nLevel; iLvl++){
+      Fts5StructureLevel *pLvl = &pStruct->aLevel[iLvl];
+      if( pLvl->nMerge ){
+        if( pLvl->nMerge>nBest ){
+          iBestLvl = iLvl;
+          nBest = pLvl->nMerge;
+        }
+        break;
+      }
+      if( pLvl->nSeg>nBest ){
+        nBest = pLvl->nSeg;
+        iBestLvl = iLvl;
+      }
+    }
+
+    /* If nBest is still 0, then the index must be empty. */
+#ifdef SQLITE_DEBUG
+    for(iLvl=0; nBest==0 && iLvl<pStruct->nLevel; iLvl++){
+      assert( pStruct->aLevel[iLvl].nSeg==0 );
+    }
+#endif
+
+    if( nBest<p->pConfig->nAutomerge 
+        && pStruct->aLevel[iBestLvl].nMerge==0 
+      ){
+      break;
+    }
+    fts5IndexMergeLevel(p, &pStruct, iBestLvl, &nRem);
+    if( p->rc==SQLITE_OK && pStruct->aLevel[iBestLvl].nMerge==0 ){
+      fts5StructurePromote(p, iBestLvl+1, pStruct);
+    }
+  }
+  *ppStruct = pStruct;
+}
+
+/*
+** A total of nLeaf leaf pages of data has just been flushed to a level-0
+** segment. This function updates the write-counter accordingly and, if
+** necessary, performs incremental merge work.
+**
+** If an error occurs, set the Fts5Index.rc error code. If an error has 
+** already occurred, this function is a no-op.
+*/
+static void fts5IndexAutomerge(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5Structure **ppStruct,       /* IN/OUT: Current structure of index */
+  int nLeaf                       /* Number of output leaves just written */
+){
+  if( p->rc==SQLITE_OK && p->pConfig->nAutomerge>0 ){
+    Fts5Structure *pStruct = *ppStruct;
+    u64 nWrite;                   /* Initial value of write-counter */
+    int nWork;                    /* Number of work-quanta to perform */
+    int nRem;                     /* Number of leaf pages left to write */
+
+    /* Update the write-counter. While doing so, set nWork. */
+    nWrite = pStruct->nWriteCounter;
+    nWork = (int)(((nWrite + nLeaf) / p->nWorkUnit) - (nWrite / p->nWorkUnit));
+    pStruct->nWriteCounter += nLeaf;
+    nRem = (int)(p->nWorkUnit * nWork * pStruct->nLevel);
+
+    fts5IndexMerge(p, ppStruct, nRem);
+  }
+}
+
+static void fts5IndexCrisismerge(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5Structure **ppStruct        /* IN/OUT: Current structure of index */
+){
+  const int nCrisis = p->pConfig->nCrisisMerge;
+  Fts5Structure *pStruct = *ppStruct;
+  int iLvl = 0;
+
+  assert( p->rc!=SQLITE_OK || pStruct->nLevel>0 );
+  while( p->rc==SQLITE_OK && pStruct->aLevel[iLvl].nSeg>=nCrisis ){
+    fts5IndexMergeLevel(p, &pStruct, iLvl, 0);
+    assert( p->rc!=SQLITE_OK || pStruct->nLevel>(iLvl+1) );
+    fts5StructurePromote(p, iLvl+1, pStruct);
+    iLvl++;
+  }
+  *ppStruct = pStruct;
+}
+
+static int fts5IndexReturn(Fts5Index *p){
+  int rc = p->rc;
+  p->rc = SQLITE_OK;
+  return rc;
+}
+
+typedef struct Fts5FlushCtx Fts5FlushCtx;
+struct Fts5FlushCtx {
+  Fts5Index *pIdx;
+  Fts5SegWriter writer; 
+};
+
+/*
+** Buffer aBuf[] contains a list of varints, all small enough to fit
+** in a 32-bit integer. Return the size of the largest prefix of this 
+** list nMax bytes or less in size.
+*/
+static int fts5PoslistPrefix(const u8 *aBuf, int nMax){
+  int ret;
+  u32 dummy;
+  ret = fts5GetVarint32(aBuf, dummy);
+  if( ret<nMax ){
+    while( 1 ){
+      int i = fts5GetVarint32(&aBuf[ret], dummy);
+      if( (ret + i) > nMax ) break;
+      ret += i;
+    }
+  }
+  return ret;
+}
+
+/*
+** Flush the contents of in-memory hash table iHash to a new level-0 
+** segment on disk. Also update the corresponding structure record.
+**
+** If an error occurs, set the Fts5Index.rc error code. If an error has 
+** already occurred, this function is a no-op.
+*/
+static void fts5FlushOneHash(Fts5Index *p){
+  Fts5Hash *pHash = p->pHash;
+  Fts5Structure *pStruct;
+  int iSegid;
+  int pgnoLast = 0;                 /* Last leaf page number in segment */
+
+  /* Obtain a reference to the index structure and allocate a new segment-id
+  ** for the new level-0 segment.  */
+  pStruct = fts5StructureRead(p);
+  iSegid = fts5AllocateSegid(p, pStruct);
+
+  if( iSegid ){
+    const int pgsz = p->pConfig->pgsz;
+
+    Fts5StructureSegment *pSeg;   /* New segment within pStruct */
+    Fts5Buffer *pBuf;             /* Buffer in which to assemble leaf page */
+    Fts5Buffer *pPgidx;           /* Buffer in which to assemble pgidx */
+
+    Fts5SegWriter writer;
+    fts5WriteInit(p, &writer, iSegid);
+
+    pBuf = &writer.writer.buf;
+    pPgidx = &writer.writer.pgidx;
+
+    /* fts5WriteInit() should have initialized the buffers to (most likely)
+    ** the maximum space required. */
+    assert( p->rc || pBuf->nSpace>=(pgsz + FTS5_DATA_PADDING) );
+    assert( p->rc || pPgidx->nSpace>=(pgsz + FTS5_DATA_PADDING) );
+
+    /* Begin scanning through hash table entries. This loop runs once for each
+    ** term/doclist currently stored within the hash table. */
+    if( p->rc==SQLITE_OK ){
+      p->rc = sqlite3Fts5HashScanInit(pHash, 0, 0);
+    }
+    while( p->rc==SQLITE_OK && 0==sqlite3Fts5HashScanEof(pHash) ){
+      const char *zTerm;          /* Buffer containing term */
+      const u8 *pDoclist;         /* Pointer to doclist for this term */
+      int nDoclist;               /* Size of doclist in bytes */
+
+      /* Write the term for this entry to disk. */
+      sqlite3Fts5HashScanEntry(pHash, &zTerm, &pDoclist, &nDoclist);
+      fts5WriteAppendTerm(p, &writer, (int)strlen(zTerm), (const u8*)zTerm);
+
+      assert( writer.bFirstRowidInPage==0 );
+      if( pgsz>=(pBuf->n + pPgidx->n + nDoclist + 1) ){
+        /* The entire doclist will fit on the current leaf. */
+        fts5BufferSafeAppendBlob(pBuf, pDoclist, nDoclist);
+      }else{
+        i64 iRowid = 0;
+        i64 iDelta = 0;
+        int iOff = 0;
+
+        /* The entire doclist will not fit on this leaf. The following 
+        ** loop iterates through the poslists that make up the current 
+        ** doclist.  */
+        while( p->rc==SQLITE_OK && iOff<nDoclist ){
+          int nPos;
+          int nCopy;
+          int bDummy;
+          iOff += fts5GetVarint(&pDoclist[iOff], (u64*)&iDelta);
+          nCopy = fts5GetPoslistSize(&pDoclist[iOff], &nPos, &bDummy);
+          nCopy += nPos;
+          iRowid += iDelta;
+          
+          if( writer.bFirstRowidInPage ){
+            fts5PutU16(&pBuf->p[0], (u16)pBuf->n);   /* first rowid on page */
+            pBuf->n += sqlite3Fts5PutVarint(&pBuf->p[pBuf->n], iRowid);
+            writer.bFirstRowidInPage = 0;
+            fts5WriteDlidxAppend(p, &writer, iRowid);
+          }else{
+            pBuf->n += sqlite3Fts5PutVarint(&pBuf->p[pBuf->n], iDelta);
+          }
+          assert( pBuf->n<=pBuf->nSpace );
+
+          if( (pBuf->n + pPgidx->n + nCopy) <= pgsz ){
+            /* The entire poslist will fit on the current leaf. So copy
+            ** it in one go. */
+            fts5BufferSafeAppendBlob(pBuf, &pDoclist[iOff], nCopy);
+          }else{
+            /* The entire poslist will not fit on this leaf. So it needs
+            ** to be broken into sections. The only qualification being
+            ** that each varint must be stored contiguously.  */
+            const u8 *pPoslist = &pDoclist[iOff];
+            int iPos = 0;
+            while( p->rc==SQLITE_OK ){
+              int nSpace = pgsz - pBuf->n - pPgidx->n;
+              int n = 0;
+              if( (nCopy - iPos)<=nSpace ){
+                n = nCopy - iPos;
+              }else{
+                n = fts5PoslistPrefix(&pPoslist[iPos], nSpace);
+              }
+              assert( n>0 );
+              fts5BufferSafeAppendBlob(pBuf, &pPoslist[iPos], n);
+              iPos += n;
+              if( (pBuf->n + pPgidx->n)>=pgsz ){
+                fts5WriteFlushLeaf(p, &writer);
+              }
+              if( iPos>=nCopy ) break;
+            }
+          }
+          iOff += nCopy;
+        }
+      }
+
+      /* TODO2: Doclist terminator written here. */
+      /* pBuf->p[pBuf->n++] = '\0'; */
+      assert( pBuf->n<=pBuf->nSpace );
+      sqlite3Fts5HashScanNext(pHash);
+    }
+    sqlite3Fts5HashClear(pHash);
+    fts5WriteFinish(p, &writer, &pgnoLast);
+
+    /* Update the Fts5Structure. It is written back to the database by the
+    ** fts5StructureRelease() call below.  */
+    if( pStruct->nLevel==0 ){
+      fts5StructureAddLevel(&p->rc, &pStruct);
+    }
+    fts5StructureExtendLevel(&p->rc, pStruct, 0, 1, 0);
+    if( p->rc==SQLITE_OK ){
+      pSeg = &pStruct->aLevel[0].aSeg[ pStruct->aLevel[0].nSeg++ ];
+      pSeg->iSegid = iSegid;
+      pSeg->pgnoFirst = 1;
+      pSeg->pgnoLast = pgnoLast;
+      pStruct->nSegment++;
+    }
+    fts5StructurePromote(p, 0, pStruct);
+  }
+
+  fts5IndexAutomerge(p, &pStruct, pgnoLast);
+  fts5IndexCrisismerge(p, &pStruct);
+  fts5StructureWrite(p, pStruct);
+  fts5StructureRelease(pStruct);
+}
+
+/*
+** Flush any data stored in the in-memory hash tables to the database.
+*/
+static void fts5IndexFlush(Fts5Index *p){
+  /* Unless it is empty, flush the hash table to disk */
+  if( p->nPendingData ){
+    assert( p->pHash );
+    p->nPendingData = 0;
+    fts5FlushOneHash(p);
+  }
+}
+
+
+static int sqlite3Fts5IndexOptimize(Fts5Index *p){
+  Fts5Structure *pStruct;
+  Fts5Structure *pNew = 0;
+  int nSeg = 0;
+
+  assert( p->rc==SQLITE_OK );
+  fts5IndexFlush(p);
+  pStruct = fts5StructureRead(p);
+
+  if( pStruct ){
+    assert( pStruct->nSegment==fts5StructureCountSegments(pStruct) );
+    nSeg = pStruct->nSegment;
+    if( nSeg>1 ){
+      int nByte = sizeof(Fts5Structure);
+      nByte += (pStruct->nLevel+1) * sizeof(Fts5StructureLevel);
+      pNew = (Fts5Structure*)sqlite3Fts5MallocZero(&p->rc, nByte);
+    }
+  }
+  if( pNew ){
+    Fts5StructureLevel *pLvl;
+    int nByte = nSeg * sizeof(Fts5StructureSegment);
+    pNew->nLevel = pStruct->nLevel+1;
+    pNew->nRef = 1;
+    pNew->nWriteCounter = pStruct->nWriteCounter;
+    pLvl = &pNew->aLevel[pStruct->nLevel];
+    pLvl->aSeg = (Fts5StructureSegment*)sqlite3Fts5MallocZero(&p->rc, nByte);
+    if( pLvl->aSeg ){
+      int iLvl, iSeg;
+      int iSegOut = 0;
+      for(iLvl=0; iLvl<pStruct->nLevel; iLvl++){
+        for(iSeg=0; iSeg<pStruct->aLevel[iLvl].nSeg; iSeg++){
+          pLvl->aSeg[iSegOut] = pStruct->aLevel[iLvl].aSeg[iSeg];
+          iSegOut++;
+        }
+      }
+      pNew->nSegment = pLvl->nSeg = nSeg;
+    }else{
+      sqlite3_free(pNew);
+      pNew = 0;
+    }
+  }
+
+  if( pNew ){
+    int iLvl = pNew->nLevel-1;
+    while( p->rc==SQLITE_OK && pNew->aLevel[iLvl].nSeg>0 ){
+      int nRem = FTS5_OPT_WORK_UNIT;
+      fts5IndexMergeLevel(p, &pNew, iLvl, &nRem);
+    }
+
+    fts5StructureWrite(p, pNew);
+    fts5StructureRelease(pNew);
+  }
+
+  fts5StructureRelease(pStruct);
+  return fts5IndexReturn(p); 
+}
+
+static int sqlite3Fts5IndexMerge(Fts5Index *p, int nMerge){
+  Fts5Structure *pStruct;
+
+  pStruct = fts5StructureRead(p);
+  if( pStruct && pStruct->nLevel ){
+    fts5IndexMerge(p, &pStruct, nMerge);
+    fts5StructureWrite(p, pStruct);
+  }
+  fts5StructureRelease(pStruct);
+
+  return fts5IndexReturn(p);
+}
+
+static void fts5PoslistCallback(
+  Fts5Index *p, 
+  void *pContext, 
+  const u8 *pChunk, int nChunk
+){
+  assert_nc( nChunk>=0 );
+  if( nChunk>0 ){
+    fts5BufferSafeAppendBlob((Fts5Buffer*)pContext, pChunk, nChunk);
+  }
+}
+
+typedef struct PoslistCallbackCtx PoslistCallbackCtx;
+struct PoslistCallbackCtx {
+  Fts5Buffer *pBuf;               /* Append to this buffer */
+  Fts5Colset *pColset;            /* Restrict matches to this column */
+  int eState;                     /* See above */
+};
+
+/*
+** TODO: Make this more efficient!
+*/
+static int fts5IndexColsetTest(Fts5Colset *pColset, int iCol){
+  int i;
+  for(i=0; i<pColset->nCol; i++){
+    if( pColset->aiCol[i]==iCol ) return 1;
+  }
+  return 0;
+}
+
+static void fts5PoslistFilterCallback(
+  Fts5Index *p, 
+  void *pContext, 
+  const u8 *pChunk, int nChunk
+){
+  PoslistCallbackCtx *pCtx = (PoslistCallbackCtx*)pContext;
+  assert_nc( nChunk>=0 );
+  if( nChunk>0 ){
+    /* Search through to find the first varint with value 1. This is the
+    ** start of the next columns hits. */
+    int i = 0;
+    int iStart = 0;
+
+    if( pCtx->eState==2 ){
+      int iCol;
+      fts5FastGetVarint32(pChunk, i, iCol);
+      if( fts5IndexColsetTest(pCtx->pColset, iCol) ){
+        pCtx->eState = 1;
+        fts5BufferSafeAppendVarint(pCtx->pBuf, 1);
+      }else{
+        pCtx->eState = 0;
+      }
+    }
+
+    do {
+      while( i<nChunk && pChunk[i]!=0x01 ){
+        while( pChunk[i] & 0x80 ) i++;
+        i++;
+      }
+      if( pCtx->eState ){
+        fts5BufferSafeAppendBlob(pCtx->pBuf, &pChunk[iStart], i-iStart);
+      }
+      if( i<nChunk ){
+        int iCol;
+        iStart = i;
+        i++;
+        if( i>=nChunk ){
+          pCtx->eState = 2;
+        }else{
+          fts5FastGetVarint32(pChunk, i, iCol);
+          pCtx->eState = fts5IndexColsetTest(pCtx->pColset, iCol);
+          if( pCtx->eState ){
+            fts5BufferSafeAppendBlob(pCtx->pBuf, &pChunk[iStart], i-iStart);
+            iStart = i;
+          }
+        }
+      }
+    }while( i<nChunk );
+  }
+}
+
+/*
+** Iterator pIter currently points to a valid entry (not EOF). This
+** function appends the position list data for the current entry to
+** buffer pBuf. It does not make a copy of the position-list size
+** field.
+*/
+static void fts5SegiterPoslist(
+  Fts5Index *p,
+  Fts5SegIter *pSeg,
+  Fts5Colset *pColset,
+  Fts5Buffer *pBuf
+){
+  if( 0==fts5BufferGrow(&p->rc, pBuf, pSeg->nPos) ){
+    if( pColset==0 ){
+      fts5ChunkIterate(p, pSeg, (void*)pBuf, fts5PoslistCallback);
+    }else{
+      PoslistCallbackCtx sCtx;
+      sCtx.pBuf = pBuf;
+      sCtx.pColset = pColset;
+      sCtx.eState = fts5IndexColsetTest(pColset, 0);
+      assert( sCtx.eState==0 || sCtx.eState==1 );
+      fts5ChunkIterate(p, pSeg, (void*)&sCtx, fts5PoslistFilterCallback);
+    }
+  }
+}
+
+/*
+** IN/OUT parameter (*pa) points to a position list n bytes in size. If
+** the position list contains entries for column iCol, then (*pa) is set
+** to point to the sub-position-list for that column and the number of
+** bytes in it returned. Or, if the argument position list does not
+** contain any entries for column iCol, return 0.
+*/
+static int fts5IndexExtractCol(
+  const u8 **pa,                  /* IN/OUT: Pointer to poslist */
+  int n,                          /* IN: Size of poslist in bytes */
+  int iCol                        /* Column to extract from poslist */
+){
+  int iCurrent = 0;               /* Anything before the first 0x01 is col 0 */
+  const u8 *p = *pa;
+  const u8 *pEnd = &p[n];         /* One byte past end of position list */
+  u8 prev = 0;
+
+  while( iCol>iCurrent ){
+    /* Advance pointer p until it points to pEnd or an 0x01 byte that is
+    ** not part of a varint */
+    while( (prev & 0x80) || *p!=0x01 ){
+      prev = *p++;
+      if( p==pEnd ) return 0;
+    }
+    *pa = p++;
+    p += fts5GetVarint32(p, iCurrent);
+  }
+  if( iCol!=iCurrent ) return 0;
+
+  /* Advance pointer p until it points to pEnd or an 0x01 byte that is
+  ** not part of a varint */
+  assert( (prev & 0x80)==0 );
+  while( p<pEnd && ((prev & 0x80) || *p!=0x01) ){
+    prev = *p++;
+  }
+  return p - (*pa);
+}
+
+
+/*
+** Iterator pMulti currently points to a valid entry (not EOF). This
+** function appends the following to buffer pBuf:
+**
+**   * The varint iDelta, and
+**   * the position list that currently points to, including the size field.
+**
+** If argument pColset is NULL, then the position list is filtered according
+** to pColset before being appended to the buffer. If this means there are
+** no entries in the position list, nothing is appended to the buffer (not
+** even iDelta).
+**
+** If an error occurs, an error code is left in p->rc. 
+*/
+static int fts5AppendPoslist(
+  Fts5Index *p,
+  i64 iDelta,
+  Fts5IndexIter *pMulti,
+  Fts5Colset *pColset,
+  Fts5Buffer *pBuf
+){
+  if( p->rc==SQLITE_OK ){
+    Fts5SegIter *pSeg = &pMulti->aSeg[ pMulti->aFirst[1].iFirst ];
+    assert( fts5MultiIterEof(p, pMulti)==0 );
+    assert( pSeg->nPos>0 );
+    if( 0==fts5BufferGrow(&p->rc, pBuf, pSeg->nPos+9+9) ){
+
+      if( pSeg->iLeafOffset+pSeg->nPos<=pSeg->pLeaf->szLeaf 
+       && (pColset==0 || pColset->nCol==1)
+      ){
+        const u8 *pPos = &pSeg->pLeaf->p[pSeg->iLeafOffset];
+        int nPos;
+        if( pColset ){
+          nPos = fts5IndexExtractCol(&pPos, pSeg->nPos, pColset->aiCol[0]);
+          if( nPos==0 ) return 1;
+        }else{
+          nPos = pSeg->nPos;
+        }
+        assert( nPos>0 );
+        fts5BufferSafeAppendVarint(pBuf, iDelta);
+        fts5BufferSafeAppendVarint(pBuf, nPos*2);
+        fts5BufferSafeAppendBlob(pBuf, pPos, nPos);
+      }else{
+        int iSv1;
+        int iSv2;
+        int iData;
+
+        /* Append iDelta */
+        iSv1 = pBuf->n;
+        fts5BufferSafeAppendVarint(pBuf, iDelta);
+
+        /* WRITEPOSLISTSIZE */
+        iSv2 = pBuf->n;
+        fts5BufferSafeAppendVarint(pBuf, pSeg->nPos*2);
+        iData = pBuf->n;
+
+        fts5SegiterPoslist(p, pSeg, pColset, pBuf);
+
+        if( pColset ){
+          int nActual = pBuf->n - iData;
+          if( nActual!=pSeg->nPos ){
+            if( nActual==0 ){
+              pBuf->n = iSv1;
+              return 1;
+            }else{
+              int nReq = sqlite3Fts5GetVarintLen((u32)(nActual*2));
+              while( iSv2<(iData-nReq) ){ pBuf->p[iSv2++] = 0x80; }
+              sqlite3Fts5PutVarint(&pBuf->p[iSv2], nActual*2);
+            }
+          }
+        }
+      }
+
+    }
+  }
+
+  return 0;
+}
+
+static void fts5DoclistIterNext(Fts5DoclistIter *pIter){
+  u8 *p = pIter->aPoslist + pIter->nSize + pIter->nPoslist;
+
+  assert( pIter->aPoslist );
+  if( p>=pIter->aEof ){
+    pIter->aPoslist = 0;
+  }else{
+    i64 iDelta;
+
+    p += fts5GetVarint(p, (u64*)&iDelta);
+    pIter->iRowid += iDelta;
+
+    /* Read position list size */
+    if( p[0] & 0x80 ){
+      int nPos;
+      pIter->nSize = fts5GetVarint32(p, nPos);
+      pIter->nPoslist = (nPos>>1);
+    }else{
+      pIter->nPoslist = ((int)(p[0])) >> 1;
+      pIter->nSize = 1;
+    }
+
+    pIter->aPoslist = p;
+  }
+}
+
+static void fts5DoclistIterInit(
+  Fts5Buffer *pBuf, 
+  Fts5DoclistIter *pIter
+){
+  memset(pIter, 0, sizeof(*pIter));
+  pIter->aPoslist = pBuf->p;
+  pIter->aEof = &pBuf->p[pBuf->n];
+  fts5DoclistIterNext(pIter);
+}
+
+#if 0
+/*
+** Append a doclist to buffer pBuf.
+**
+** This function assumes that space within the buffer has already been
+** allocated.
+*/
+static void fts5MergeAppendDocid(
+  Fts5Buffer *pBuf,               /* Buffer to write to */
+  i64 *piLastRowid,               /* IN/OUT: Previous rowid written (if any) */
+  i64 iRowid                      /* Rowid to append */
+){
+  assert( pBuf->n!=0 || (*piLastRowid)==0 );
+  fts5BufferSafeAppendVarint(pBuf, iRowid - *piLastRowid);
+  *piLastRowid = iRowid;
+}
+#endif
+
+#define fts5MergeAppendDocid(pBuf, iLastRowid, iRowid) {       \
+  assert( (pBuf)->n!=0 || (iLastRowid)==0 );                   \
+  fts5BufferSafeAppendVarint((pBuf), (iRowid) - (iLastRowid)); \
+  (iLastRowid) = (iRowid);                                     \
+}
+
+/*
+** Buffers p1 and p2 contain doclists. This function merges the content
+** of the two doclists together and sets buffer p1 to the result before
+** returning.
+**
+** If an error occurs, an error code is left in p->rc. If an error has
+** already occurred, this function is a no-op.
+*/
+static void fts5MergePrefixLists(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5Buffer *p1,                 /* First list to merge */
+  Fts5Buffer *p2                  /* Second list to merge */
+){
+  if( p2->n ){
+    i64 iLastRowid = 0;
+    Fts5DoclistIter i1;
+    Fts5DoclistIter i2;
+    Fts5Buffer out;
+    Fts5Buffer tmp;
+    memset(&out, 0, sizeof(out));
+    memset(&tmp, 0, sizeof(tmp));
+
+    sqlite3Fts5BufferSize(&p->rc, &out, p1->n + p2->n);
+    fts5DoclistIterInit(p1, &i1);
+    fts5DoclistIterInit(p2, &i2);
+    while( p->rc==SQLITE_OK && (i1.aPoslist!=0 || i2.aPoslist!=0) ){
+      if( i2.aPoslist==0 || (i1.aPoslist && i1.iRowid<i2.iRowid) ){
+        /* Copy entry from i1 */
+        fts5MergeAppendDocid(&out, iLastRowid, i1.iRowid);
+        fts5BufferSafeAppendBlob(&out, i1.aPoslist, i1.nPoslist+i1.nSize);
+        fts5DoclistIterNext(&i1);
+      }
+      else if( i1.aPoslist==0 || i2.iRowid!=i1.iRowid ){
+        /* Copy entry from i2 */
+        fts5MergeAppendDocid(&out, iLastRowid, i2.iRowid);
+        fts5BufferSafeAppendBlob(&out, i2.aPoslist, i2.nPoslist+i2.nSize);
+        fts5DoclistIterNext(&i2);
+      }
+      else{
+        i64 iPos1 = 0;
+        i64 iPos2 = 0;
+        int iOff1 = 0;
+        int iOff2 = 0;
+        u8 *a1 = &i1.aPoslist[i1.nSize];
+        u8 *a2 = &i2.aPoslist[i2.nSize];
+
+        Fts5PoslistWriter writer;
+        memset(&writer, 0, sizeof(writer));
+
+        /* Merge the two position lists. */ 
+        fts5MergeAppendDocid(&out, iLastRowid, i2.iRowid);
+        fts5BufferZero(&tmp);
+
+        sqlite3Fts5PoslistNext64(a1, i1.nPoslist, &iOff1, &iPos1);
+        sqlite3Fts5PoslistNext64(a2, i2.nPoslist, &iOff2, &iPos2);
+
+        while( p->rc==SQLITE_OK && (iPos1>=0 || iPos2>=0) ){
+          i64 iNew;
+          if( iPos2<0 || (iPos1>=0 && iPos1<iPos2) ){
+            iNew = iPos1;
+            sqlite3Fts5PoslistNext64(a1, i1.nPoslist, &iOff1, &iPos1);
+          }else{
+            iNew = iPos2;
+            sqlite3Fts5PoslistNext64(a2, i2.nPoslist, &iOff2, &iPos2);
+            if( iPos1==iPos2 ){
+              sqlite3Fts5PoslistNext64(a1, i1.nPoslist, &iOff1,&iPos1);
+            }
+          }
+          p->rc = sqlite3Fts5PoslistWriterAppend(&tmp, &writer, iNew);
+        }
+
+        /* WRITEPOSLISTSIZE */
+        fts5BufferSafeAppendVarint(&out, tmp.n * 2);
+        fts5BufferSafeAppendBlob(&out, tmp.p, tmp.n);
+        fts5DoclistIterNext(&i1);
+        fts5DoclistIterNext(&i2);
+      }
+    }
+
+    fts5BufferSet(&p->rc, p1, out.n, out.p);
+    fts5BufferFree(&tmp);
+    fts5BufferFree(&out);
+  }
+}
+
+static void fts5BufferSwap(Fts5Buffer *p1, Fts5Buffer *p2){
+  Fts5Buffer tmp = *p1;
+  *p1 = *p2;
+  *p2 = tmp;
+}
+
+static void fts5SetupPrefixIter(
+  Fts5Index *p,                   /* Index to read from */
+  int bDesc,                      /* True for "ORDER BY rowid DESC" */
+  const u8 *pToken,               /* Buffer containing prefix to match */
+  int nToken,                     /* Size of buffer pToken in bytes */
+  Fts5Colset *pColset,            /* Restrict matches to these columns */
+  Fts5IndexIter **ppIter          /* OUT: New iterator */
+){
+  Fts5Structure *pStruct;
+  Fts5Buffer *aBuf;
+  const int nBuf = 32;
+
+  aBuf = (Fts5Buffer*)fts5IdxMalloc(p, sizeof(Fts5Buffer)*nBuf);
+  pStruct = fts5StructureRead(p);
+
+  if( aBuf && pStruct ){
+    const int flags = FTS5INDEX_QUERY_SCAN;
+    int i;
+    i64 iLastRowid = 0;
+    Fts5IndexIter *p1 = 0;     /* Iterator used to gather data from index */
+    Fts5Data *pData;
+    Fts5Buffer doclist;
+    int bNewTerm = 1;
+
+    memset(&doclist, 0, sizeof(doclist));
+    for(fts5MultiIterNew(p, pStruct, 1, flags, pToken, nToken, -1, 0, &p1);
+        fts5MultiIterEof(p, p1)==0;
+        fts5MultiIterNext2(p, p1, &bNewTerm)
+    ){
+      i64 iRowid = fts5MultiIterRowid(p1);
+      int nTerm;
+      const u8 *pTerm = fts5MultiIterTerm(p1, &nTerm);
+      assert_nc( memcmp(pToken, pTerm, MIN(nToken, nTerm))<=0 );
+      if( bNewTerm ){
+        if( nTerm<nToken || memcmp(pToken, pTerm, nToken) ) break;
+      }
+
+      if( doclist.n>0 && iRowid<=iLastRowid ){
+        for(i=0; p->rc==SQLITE_OK && doclist.n; i++){
+          assert( i<nBuf );
+          if( aBuf[i].n==0 ){
+            fts5BufferSwap(&doclist, &aBuf[i]);
+            fts5BufferZero(&doclist);
+          }else{
+            fts5MergePrefixLists(p, &doclist, &aBuf[i]);
+            fts5BufferZero(&aBuf[i]);
+          }
+        }
+        iLastRowid = 0;
+      }
+
+      if( !fts5AppendPoslist(p, iRowid-iLastRowid, p1, pColset, &doclist) ){
+        iLastRowid = iRowid;
+      }
+    }
+
+    for(i=0; i<nBuf; i++){
+      if( p->rc==SQLITE_OK ){
+        fts5MergePrefixLists(p, &doclist, &aBuf[i]);
+      }
+      fts5BufferFree(&aBuf[i]);
+    }
+    fts5MultiIterFree(p, p1);
+
+    pData = fts5IdxMalloc(p, sizeof(Fts5Data) + doclist.n);
+    if( pData ){
+      pData->p = (u8*)&pData[1];
+      pData->nn = pData->szLeaf = doclist.n;
+      memcpy(pData->p, doclist.p, doclist.n);
+      fts5MultiIterNew2(p, pData, bDesc, ppIter);
+    }
+    fts5BufferFree(&doclist);
+  }
+
+  fts5StructureRelease(pStruct);
+  sqlite3_free(aBuf);
+}
+
+
+/*
+** Indicate that all subsequent calls to sqlite3Fts5IndexWrite() pertain
+** to the document with rowid iRowid.
+*/
+static int sqlite3Fts5IndexBeginWrite(Fts5Index *p, int bDelete, i64 iRowid){
+  assert( p->rc==SQLITE_OK );
+
+  /* Allocate the hash table if it has not already been allocated */
+  if( p->pHash==0 ){
+    p->rc = sqlite3Fts5HashNew(&p->pHash, &p->nPendingData);
+  }
+
+  /* Flush the hash table to disk if required */
+  if( iRowid<p->iWriteRowid 
+   || (iRowid==p->iWriteRowid && p->bDelete==0)
+   || (p->nPendingData > p->pConfig->nHashSize) 
+  ){
+    fts5IndexFlush(p);
+  }
+
+  p->iWriteRowid = iRowid;
+  p->bDelete = bDelete;
+  return fts5IndexReturn(p);
+}
+
+/*
+** Commit data to disk.
+*/
+static int sqlite3Fts5IndexSync(Fts5Index *p, int bCommit){
+  assert( p->rc==SQLITE_OK );
+  fts5IndexFlush(p);
+  if( bCommit ) fts5CloseReader(p);
+  return fts5IndexReturn(p);
+}
+
+/*
+** Discard any data stored in the in-memory hash tables. Do not write it
+** to the database. Additionally, assume that the contents of the %_data
+** table may have changed on disk. So any in-memory caches of %_data 
+** records must be invalidated.
+*/
+static int sqlite3Fts5IndexRollback(Fts5Index *p){
+  fts5CloseReader(p);
+  fts5IndexDiscardData(p);
+  assert( p->rc==SQLITE_OK );
+  return SQLITE_OK;
+}
+
+/*
+** The %_data table is completely empty when this function is called. This
+** function populates it with the initial structure objects for each index,
+** and the initial version of the "averages" record (a zero-byte blob).
+*/
+static int sqlite3Fts5IndexReinit(Fts5Index *p){
+  Fts5Structure s;
+  memset(&s, 0, sizeof(Fts5Structure));
+  fts5DataWrite(p, FTS5_AVERAGES_ROWID, (const u8*)"", 0);
+  fts5StructureWrite(p, &s);
+  return fts5IndexReturn(p);
+}
+
+/*
+** Open a new Fts5Index handle. If the bCreate argument is true, create
+** and initialize the underlying %_data table.
+**
+** If successful, set *pp to point to the new object and return SQLITE_OK.
+** Otherwise, set *pp to NULL and return an SQLite error code.
+*/
+static int sqlite3Fts5IndexOpen(
+  Fts5Config *pConfig, 
+  int bCreate, 
+  Fts5Index **pp,
+  char **pzErr
+){
+  int rc = SQLITE_OK;
+  Fts5Index *p;                   /* New object */
+
+  *pp = p = (Fts5Index*)sqlite3Fts5MallocZero(&rc, sizeof(Fts5Index));
+  if( rc==SQLITE_OK ){
+    p->pConfig = pConfig;
+    p->nWorkUnit = FTS5_WORK_UNIT;
+    p->zDataTbl = sqlite3Fts5Mprintf(&rc, "%s_data", pConfig->zName);
+    if( p->zDataTbl && bCreate ){
+      rc = sqlite3Fts5CreateTable(
+          pConfig, "data", "id INTEGER PRIMARY KEY, block BLOB", 0, pzErr
+      );
+      if( rc==SQLITE_OK ){
+        rc = sqlite3Fts5CreateTable(pConfig, "idx", 
+            "segid, term, pgno, PRIMARY KEY(segid, term)", 
+            1, pzErr
+        );
+      }
+      if( rc==SQLITE_OK ){
+        rc = sqlite3Fts5IndexReinit(p);
+      }
+    }
+  }
+
+  assert( rc!=SQLITE_OK || p->rc==SQLITE_OK );
+  if( rc ){
+    sqlite3Fts5IndexClose(p);
+    *pp = 0;
+  }
+  return rc;
+}
+
+/*
+** Close a handle opened by an earlier call to sqlite3Fts5IndexOpen().
+*/
+static int sqlite3Fts5IndexClose(Fts5Index *p){
+  int rc = SQLITE_OK;
+  if( p ){
+    assert( p->pReader==0 );
+    sqlite3_finalize(p->pWriter);
+    sqlite3_finalize(p->pDeleter);
+    sqlite3_finalize(p->pIdxWriter);
+    sqlite3_finalize(p->pIdxDeleter);
+    sqlite3_finalize(p->pIdxSelect);
+    sqlite3Fts5HashFree(p->pHash);
+    sqlite3_free(p->zDataTbl);
+    sqlite3_free(p);
+  }
+  return rc;
+}
+
+/*
+** Argument p points to a buffer containing utf-8 text that is n bytes in 
+** size. Return the number of bytes in the nChar character prefix of the
+** buffer, or 0 if there are less than nChar characters in total.
+*/
+static int fts5IndexCharlenToBytelen(const char *p, int nByte, int nChar){
+  int n = 0;
+  int i;
+  for(i=0; i<nChar; i++){
+    if( n>=nByte ) return 0;      /* Input contains fewer than nChar chars */
+    if( (unsigned char)p[n++]>=0xc0 ){
+      while( (p[n] & 0xc0)==0x80 ) n++;
+    }
+  }
+  return n;
+}
+
+/*
+** pIn is a UTF-8 encoded string, nIn bytes in size. Return the number of
+** unicode characters in the string.
+*/
+static int fts5IndexCharlen(const char *pIn, int nIn){
+  int nChar = 0;            
+  int i = 0;
+  while( i<nIn ){
+    if( (unsigned char)pIn[i++]>=0xc0 ){
+      while( i<nIn && (pIn[i] & 0xc0)==0x80 ) i++;
+    }
+    nChar++;
+  }
+  return nChar;
+}
+
+/*
+** Insert or remove data to or from the index. Each time a document is 
+** added to or removed from the index, this function is called one or more
+** times.
+**
+** For an insert, it must be called once for each token in the new document.
+** If the operation is a delete, it must be called (at least) once for each
+** unique token in the document with an iCol value less than zero. The iPos
+** argument is ignored for a delete.
+*/
+static int sqlite3Fts5IndexWrite(
+  Fts5Index *p,                   /* Index to write to */
+  int iCol,                       /* Column token appears in (-ve -> delete) */
+  int iPos,                       /* Position of token within column */
+  const char *pToken, int nToken  /* Token to add or remove to or from index */
+){
+  int i;                          /* Used to iterate through indexes */
+  int rc = SQLITE_OK;             /* Return code */
+  Fts5Config *pConfig = p->pConfig;
+
+  assert( p->rc==SQLITE_OK );
+  assert( (iCol<0)==p->bDelete );
+
+  /* Add the entry to the main terms index. */
+  rc = sqlite3Fts5HashWrite(
+      p->pHash, p->iWriteRowid, iCol, iPos, FTS5_MAIN_PREFIX, pToken, nToken
+  );
+
+  for(i=0; i<pConfig->nPrefix && rc==SQLITE_OK; i++){
+    int nByte = fts5IndexCharlenToBytelen(pToken, nToken, pConfig->aPrefix[i]);
+    if( nByte ){
+      rc = sqlite3Fts5HashWrite(p->pHash, 
+          p->iWriteRowid, iCol, iPos, (char)(FTS5_MAIN_PREFIX+i+1), pToken,
+          nByte
+      );
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Open a new iterator to iterate though all rowid that match the 
+** specified token or token prefix.
+*/
+static int sqlite3Fts5IndexQuery(
+  Fts5Index *p,                   /* FTS index to query */
+  const char *pToken, int nToken, /* Token (or prefix) to query for */
+  int flags,                      /* Mask of FTS5INDEX_QUERY_X flags */
+  Fts5Colset *pColset,            /* Match these columns only */
+  Fts5IndexIter **ppIter          /* OUT: New iterator object */
+){
+  Fts5Config *pConfig = p->pConfig;
+  Fts5IndexIter *pRet = 0;
+  int iIdx = 0;
+  Fts5Buffer buf = {0, 0, 0};
+
+  /* If the QUERY_SCAN flag is set, all other flags must be clear. */
+  assert( (flags & FTS5INDEX_QUERY_SCAN)==0 || flags==FTS5INDEX_QUERY_SCAN );
+
+  if( sqlite3Fts5BufferSize(&p->rc, &buf, nToken+1)==0 ){
+    memcpy(&buf.p[1], pToken, nToken);
+
+#ifdef SQLITE_DEBUG
+    /* If the QUERY_TEST_NOIDX flag was specified, then this must be a
+    ** prefix-query. Instead of using a prefix-index (if one exists), 
+    ** evaluate the prefix query using the main FTS index. This is used
+    ** for internal sanity checking by the integrity-check in debug 
+    ** mode only.  */
+    if( pConfig->bPrefixIndex==0 || (flags & FTS5INDEX_QUERY_TEST_NOIDX) ){
+      assert( flags & FTS5INDEX_QUERY_PREFIX );
+      iIdx = 1+pConfig->nPrefix;
+    }else
+#endif
+    if( flags & FTS5INDEX_QUERY_PREFIX ){
+      int nChar = fts5IndexCharlen(pToken, nToken);
+      for(iIdx=1; iIdx<=pConfig->nPrefix; iIdx++){
+        if( pConfig->aPrefix[iIdx-1]==nChar ) break;
+      }
+    }
+
+    if( iIdx<=pConfig->nPrefix ){
+      Fts5Structure *pStruct = fts5StructureRead(p);
+      buf.p[0] = (u8)(FTS5_MAIN_PREFIX + iIdx);
+      if( pStruct ){
+        fts5MultiIterNew(p, pStruct, 1, flags, buf.p, nToken+1, -1, 0, &pRet);
+        fts5StructureRelease(pStruct);
+      }
+    }else{
+      int bDesc = (flags & FTS5INDEX_QUERY_DESC)!=0;
+      buf.p[0] = FTS5_MAIN_PREFIX;
+      fts5SetupPrefixIter(p, bDesc, buf.p, nToken+1, pColset, &pRet);
+    }
+
+    if( p->rc ){
+      sqlite3Fts5IterClose(pRet);
+      pRet = 0;
+      fts5CloseReader(p);
+    }
+    *ppIter = pRet;
+    sqlite3Fts5BufferFree(&buf);
+  }
+  return fts5IndexReturn(p);
+}
+
+/*
+** Return true if the iterator passed as the only argument is at EOF.
+*/
+static int sqlite3Fts5IterEof(Fts5IndexIter *pIter){
+  assert( pIter->pIndex->rc==SQLITE_OK );
+  return pIter->bEof;
+}
+
+/*
+** Move to the next matching rowid. 
+*/
+static int sqlite3Fts5IterNext(Fts5IndexIter *pIter){
+  assert( pIter->pIndex->rc==SQLITE_OK );
+  fts5MultiIterNext(pIter->pIndex, pIter, 0, 0);
+  return fts5IndexReturn(pIter->pIndex);
+}
+
+/*
+** Move to the next matching term/rowid. Used by the fts5vocab module.
+*/
+static int sqlite3Fts5IterNextScan(Fts5IndexIter *pIter){
+  Fts5Index *p = pIter->pIndex;
+
+  assert( pIter->pIndex->rc==SQLITE_OK );
+
+  fts5MultiIterNext(p, pIter, 0, 0);
+  if( p->rc==SQLITE_OK ){
+    Fts5SegIter *pSeg = &pIter->aSeg[ pIter->aFirst[1].iFirst ];
+    if( pSeg->pLeaf && pSeg->term.p[0]!=FTS5_MAIN_PREFIX ){
+      fts5DataRelease(pSeg->pLeaf);
+      pSeg->pLeaf = 0;
+      pIter->bEof = 1;
+    }
+  }
+
+  return fts5IndexReturn(pIter->pIndex);
+}
+
+/*
+** Move to the next matching rowid that occurs at or after iMatch. The
+** definition of "at or after" depends on whether this iterator iterates
+** in ascending or descending rowid order.
+*/
+static int sqlite3Fts5IterNextFrom(Fts5IndexIter *pIter, i64 iMatch){
+  fts5MultiIterNextFrom(pIter->pIndex, pIter, iMatch);
+  return fts5IndexReturn(pIter->pIndex);
+}
+
+/*
+** Return the current rowid.
+*/
+static i64 sqlite3Fts5IterRowid(Fts5IndexIter *pIter){
+  return fts5MultiIterRowid(pIter);
+}
+
+/*
+** Return the current term.
+*/
+static const char *sqlite3Fts5IterTerm(Fts5IndexIter *pIter, int *pn){
+  int n;
+  const char *z = (const char*)fts5MultiIterTerm(pIter, &n);
+  *pn = n-1;
+  return &z[1];
+}
+
+
+static int fts5IndexExtractColset (
+  Fts5Colset *pColset,            /* Colset to filter on */
+  const u8 *pPos, int nPos,       /* Position list */
+  Fts5Buffer *pBuf                /* Output buffer */
+){
+  int rc = SQLITE_OK;
+  int i;
+
+  fts5BufferZero(pBuf);
+  for(i=0; i<pColset->nCol; i++){
+    const u8 *pSub = pPos;
+    int nSub = fts5IndexExtractCol(&pSub, nPos, pColset->aiCol[i]);
+    if( nSub ){
+      fts5BufferAppendBlob(&rc, pBuf, nSub, pSub);
+    }
+  }
+  return rc;
+}
+
+
+/*
+** Return a pointer to a buffer containing a copy of the position list for
+** the current entry. Output variable *pn is set to the size of the buffer 
+** in bytes before returning.
+**
+** The returned position list does not include the "number of bytes" varint
+** field that starts the position list on disk.
+*/
+static int sqlite3Fts5IterPoslist(
+  Fts5IndexIter *pIter, 
+  Fts5Colset *pColset,            /* Column filter (or NULL) */
+  const u8 **pp,                  /* OUT: Pointer to position-list data */
+  int *pn,                        /* OUT: Size of position-list in bytes */
+  i64 *piRowid                    /* OUT: Current rowid */
+){
+  Fts5SegIter *pSeg = &pIter->aSeg[ pIter->aFirst[1].iFirst ];
+  assert( pIter->pIndex->rc==SQLITE_OK );
+  *piRowid = pSeg->iRowid;
+  if( pSeg->iLeafOffset+pSeg->nPos<=pSeg->pLeaf->szLeaf ){
+    u8 *pPos = &pSeg->pLeaf->p[pSeg->iLeafOffset];
+    if( pColset==0 || pIter->bFiltered ){
+      *pn = pSeg->nPos;
+      *pp = pPos;
+    }else if( pColset->nCol==1 ){
+      *pp = pPos;
+      *pn = fts5IndexExtractCol(pp, pSeg->nPos, pColset->aiCol[0]);
+    }else{
+      fts5BufferZero(&pIter->poslist);
+      fts5IndexExtractColset(pColset, pPos, pSeg->nPos, &pIter->poslist);
+      *pp = pIter->poslist.p;
+      *pn = pIter->poslist.n;
+    }
+  }else{
+    fts5BufferZero(&pIter->poslist);
+    fts5SegiterPoslist(pIter->pIndex, pSeg, pColset, &pIter->poslist);
+    *pp = pIter->poslist.p;
+    *pn = pIter->poslist.n;
+  }
+  return fts5IndexReturn(pIter->pIndex);
+}
+
+/*
+** This function is similar to sqlite3Fts5IterPoslist(), except that it
+** copies the position list into the buffer supplied as the second 
+** argument.
+*/
+static int sqlite3Fts5IterPoslistBuffer(Fts5IndexIter *pIter, Fts5Buffer *pBuf){
+  Fts5Index *p = pIter->pIndex;
+  Fts5SegIter *pSeg = &pIter->aSeg[ pIter->aFirst[1].iFirst ];
+  assert( p->rc==SQLITE_OK );
+  fts5BufferZero(pBuf);
+  fts5SegiterPoslist(p, pSeg, 0, pBuf);
+  return fts5IndexReturn(p);
+}
+
+/*
+** Close an iterator opened by an earlier call to sqlite3Fts5IndexQuery().
+*/
+static void sqlite3Fts5IterClose(Fts5IndexIter *pIter){
+  if( pIter ){
+    Fts5Index *pIndex = pIter->pIndex;
+    fts5MultiIterFree(pIter->pIndex, pIter);
+    fts5CloseReader(pIndex);
+  }
+}
+
+/*
+** Read and decode the "averages" record from the database. 
+**
+** Parameter anSize must point to an array of size nCol, where nCol is
+** the number of user defined columns in the FTS table.
+*/
+static int sqlite3Fts5IndexGetAverages(Fts5Index *p, i64 *pnRow, i64 *anSize){
+  int nCol = p->pConfig->nCol;
+  Fts5Data *pData;
+
+  *pnRow = 0;
+  memset(anSize, 0, sizeof(i64) * nCol);
+  pData = fts5DataRead(p, FTS5_AVERAGES_ROWID);
+  if( p->rc==SQLITE_OK && pData->nn ){
+    int i = 0;
+    int iCol;
+    i += fts5GetVarint(&pData->p[i], (u64*)pnRow);
+    for(iCol=0; i<pData->nn && iCol<nCol; iCol++){
+      i += fts5GetVarint(&pData->p[i], (u64*)&anSize[iCol]);
+    }
+  }
+
+  fts5DataRelease(pData);
+  return fts5IndexReturn(p);
+}
+
+/*
+** Replace the current "averages" record with the contents of the buffer 
+** supplied as the second argument.
+*/
+static int sqlite3Fts5IndexSetAverages(Fts5Index *p, const u8 *pData, int nData){
+  assert( p->rc==SQLITE_OK );
+  fts5DataWrite(p, FTS5_AVERAGES_ROWID, pData, nData);
+  return fts5IndexReturn(p);
+}
+
+/*
+** Return the total number of blocks this module has read from the %_data
+** table since it was created.
+*/
+static int sqlite3Fts5IndexReads(Fts5Index *p){
+  return p->nRead;
+}
+
+/*
+** Set the 32-bit cookie value stored at the start of all structure 
+** records to the value passed as the second argument.
+**
+** Return SQLITE_OK if successful, or an SQLite error code if an error
+** occurs.
+*/
+static int sqlite3Fts5IndexSetCookie(Fts5Index *p, int iNew){
+  int rc;                              /* Return code */
+  Fts5Config *pConfig = p->pConfig;    /* Configuration object */
+  u8 aCookie[4];                       /* Binary representation of iNew */
+  sqlite3_blob *pBlob = 0;
+
+  assert( p->rc==SQLITE_OK );
+  sqlite3Fts5Put32(aCookie, iNew);
+
+  rc = sqlite3_blob_open(pConfig->db, pConfig->zDb, p->zDataTbl, 
+      "block", FTS5_STRUCTURE_ROWID, 1, &pBlob
+  );
+  if( rc==SQLITE_OK ){
+    sqlite3_blob_write(pBlob, aCookie, 4, 0);
+    rc = sqlite3_blob_close(pBlob);
+  }
+
+  return rc;
+}
+
+static int sqlite3Fts5IndexLoadConfig(Fts5Index *p){
+  Fts5Structure *pStruct;
+  pStruct = fts5StructureRead(p);
+  fts5StructureRelease(pStruct);
+  return fts5IndexReturn(p);
+}
+
+
+/*************************************************************************
+**************************************************************************
+** Below this point is the implementation of the integrity-check 
+** functionality.
+*/
+
+/*
+** Return a simple checksum value based on the arguments.
+*/
+static u64 fts5IndexEntryCksum(
+  i64 iRowid, 
+  int iCol, 
+  int iPos, 
+  int iIdx,
+  const char *pTerm,
+  int nTerm
+){
+  int i;
+  u64 ret = iRowid;
+  ret += (ret<<3) + iCol;
+  ret += (ret<<3) + iPos;
+  if( iIdx>=0 ) ret += (ret<<3) + (FTS5_MAIN_PREFIX + iIdx);
+  for(i=0; i<nTerm; i++) ret += (ret<<3) + pTerm[i];
+  return ret;
+}
+
+#ifdef SQLITE_DEBUG
+/*
+** This function is purely an internal test. It does not contribute to 
+** FTS functionality, or even the integrity-check, in any way.
+**
+** Instead, it tests that the same set of pgno/rowid combinations are 
+** visited regardless of whether the doclist-index identified by parameters
+** iSegid/iLeaf is iterated in forwards or reverse order.
+*/
+static void fts5TestDlidxReverse(
+  Fts5Index *p, 
+  int iSegid,                     /* Segment id to load from */
+  int iLeaf                       /* Load doclist-index for this leaf */
+){
+  Fts5DlidxIter *pDlidx = 0;
+  u64 cksum1 = 13;
+  u64 cksum2 = 13;
+
+  for(pDlidx=fts5DlidxIterInit(p, 0, iSegid, iLeaf);
+      fts5DlidxIterEof(p, pDlidx)==0;
+      fts5DlidxIterNext(p, pDlidx)
+  ){
+    i64 iRowid = fts5DlidxIterRowid(pDlidx);
+    int pgno = fts5DlidxIterPgno(pDlidx);
+    assert( pgno>iLeaf );
+    cksum1 += iRowid + ((i64)pgno<<32);
+  }
+  fts5DlidxIterFree(pDlidx);
+  pDlidx = 0;
+
+  for(pDlidx=fts5DlidxIterInit(p, 1, iSegid, iLeaf);
+      fts5DlidxIterEof(p, pDlidx)==0;
+      fts5DlidxIterPrev(p, pDlidx)
+  ){
+    i64 iRowid = fts5DlidxIterRowid(pDlidx);
+    int pgno = fts5DlidxIterPgno(pDlidx);
+    assert( fts5DlidxIterPgno(pDlidx)>iLeaf );
+    cksum2 += iRowid + ((i64)pgno<<32);
+  }
+  fts5DlidxIterFree(pDlidx);
+  pDlidx = 0;
+
+  if( p->rc==SQLITE_OK && cksum1!=cksum2 ) p->rc = FTS5_CORRUPT;
+}
+
+static int fts5QueryCksum(
+  Fts5Index *p,                   /* Fts5 index object */
+  int iIdx,
+  const char *z,                  /* Index key to query for */
+  int n,                          /* Size of index key in bytes */
+  int flags,                      /* Flags for Fts5IndexQuery */
+  u64 *pCksum                     /* IN/OUT: Checksum value */
+){
+  u64 cksum = *pCksum;
+  Fts5IndexIter *pIdxIter = 0;
+  int rc = sqlite3Fts5IndexQuery(p, z, n, flags, 0, &pIdxIter);
+
+  while( rc==SQLITE_OK && 0==sqlite3Fts5IterEof(pIdxIter) ){
+    i64 dummy;
+    const u8 *pPos;
+    int nPos;
+    i64 rowid = sqlite3Fts5IterRowid(pIdxIter);
+    rc = sqlite3Fts5IterPoslist(pIdxIter, 0, &pPos, &nPos, &dummy);
+    if( rc==SQLITE_OK ){
+      Fts5PoslistReader sReader;
+      for(sqlite3Fts5PoslistReaderInit(pPos, nPos, &sReader);
+          sReader.bEof==0;
+          sqlite3Fts5PoslistReaderNext(&sReader)
+      ){
+        int iCol = FTS5_POS2COLUMN(sReader.iPos);
+        int iOff = FTS5_POS2OFFSET(sReader.iPos);
+        cksum ^= fts5IndexEntryCksum(rowid, iCol, iOff, iIdx, z, n);
+      }
+      rc = sqlite3Fts5IterNext(pIdxIter);
+    }
+  }
+  sqlite3Fts5IterClose(pIdxIter);
+
+  *pCksum = cksum;
+  return rc;
+}
+
+
+/*
+** This function is also purely an internal test. It does not contribute to 
+** FTS functionality, or even the integrity-check, in any way.
+*/
+static void fts5TestTerm(
+  Fts5Index *p, 
+  Fts5Buffer *pPrev,              /* Previous term */
+  const char *z, int n,           /* Possibly new term to test */
+  u64 expected,
+  u64 *pCksum
+){
+  int rc = p->rc;
+  if( pPrev->n==0 ){
+    fts5BufferSet(&rc, pPrev, n, (const u8*)z);
+  }else
+  if( rc==SQLITE_OK && (pPrev->n!=n || memcmp(pPrev->p, z, n)) ){
+    u64 cksum3 = *pCksum;
+    const char *zTerm = (const char*)&pPrev->p[1];  /* term sans prefix-byte */
+    int nTerm = pPrev->n-1;            /* Size of zTerm in bytes */
+    int iIdx = (pPrev->p[0] - FTS5_MAIN_PREFIX);
+    int flags = (iIdx==0 ? 0 : FTS5INDEX_QUERY_PREFIX);
+    u64 ck1 = 0;
+    u64 ck2 = 0;
+
+    /* Check that the results returned for ASC and DESC queries are
+    ** the same. If not, call this corruption.  */
+    rc = fts5QueryCksum(p, iIdx, zTerm, nTerm, flags, &ck1);
+    if( rc==SQLITE_OK ){
+      int f = flags|FTS5INDEX_QUERY_DESC;
+      rc = fts5QueryCksum(p, iIdx, zTerm, nTerm, f, &ck2);
+    }
+    if( rc==SQLITE_OK && ck1!=ck2 ) rc = FTS5_CORRUPT;
+
+    /* If this is a prefix query, check that the results returned if the
+    ** the index is disabled are the same. In both ASC and DESC order. 
+    **
+    ** This check may only be performed if the hash table is empty. This
+    ** is because the hash table only supports a single scan query at
+    ** a time, and the multi-iter loop from which this function is called
+    ** is already performing such a scan. */
+    if( p->nPendingData==0 ){
+      if( iIdx>0 && rc==SQLITE_OK ){
+        int f = flags|FTS5INDEX_QUERY_TEST_NOIDX;
+        ck2 = 0;
+        rc = fts5QueryCksum(p, iIdx, zTerm, nTerm, f, &ck2);
+        if( rc==SQLITE_OK && ck1!=ck2 ) rc = FTS5_CORRUPT;
+      }
+      if( iIdx>0 && rc==SQLITE_OK ){
+        int f = flags|FTS5INDEX_QUERY_TEST_NOIDX|FTS5INDEX_QUERY_DESC;
+        ck2 = 0;
+        rc = fts5QueryCksum(p, iIdx, zTerm, nTerm, f, &ck2);
+        if( rc==SQLITE_OK && ck1!=ck2 ) rc = FTS5_CORRUPT;
+      }
+    }
+
+    cksum3 ^= ck1;
+    fts5BufferSet(&rc, pPrev, n, (const u8*)z);
+
+    if( rc==SQLITE_OK && cksum3!=expected ){
+      rc = FTS5_CORRUPT;
+    }
+    *pCksum = cksum3;
+  }
+  p->rc = rc;
+}
+ 
+#else
+# define fts5TestDlidxReverse(x,y,z)
+# define fts5TestTerm(u,v,w,x,y,z)
+#endif
+
+/*
+** Check that:
+**
+**   1) All leaves of pSeg between iFirst and iLast (inclusive) exist and
+**      contain zero terms.
+**   2) All leaves of pSeg between iNoRowid and iLast (inclusive) exist and
+**      contain zero rowids.
+*/
+static void fts5IndexIntegrityCheckEmpty(
+  Fts5Index *p,
+  Fts5StructureSegment *pSeg,     /* Segment to check internal consistency */
+  int iFirst,
+  int iNoRowid,
+  int iLast
+){
+  int i;
+
+  /* Now check that the iter.nEmpty leaves following the current leaf
+  ** (a) exist and (b) contain no terms. */
+  for(i=iFirst; p->rc==SQLITE_OK && i<=iLast; i++){
+    Fts5Data *pLeaf = fts5DataRead(p, FTS5_SEGMENT_ROWID(pSeg->iSegid, i));
+    if( pLeaf ){
+      if( !fts5LeafIsTermless(pLeaf) ) p->rc = FTS5_CORRUPT;
+      if( i>=iNoRowid && 0!=fts5LeafFirstRowidOff(pLeaf) ) p->rc = FTS5_CORRUPT;
+    }
+    fts5DataRelease(pLeaf);
+  }
+}
+
+static void fts5IntegrityCheckPgidx(Fts5Index *p, Fts5Data *pLeaf){
+  int iTermOff = 0;
+  int ii;
+
+  Fts5Buffer buf1 = {0,0,0};
+  Fts5Buffer buf2 = {0,0,0};
+
+  ii = pLeaf->szLeaf;
+  while( ii<pLeaf->nn && p->rc==SQLITE_OK ){
+    int res;
+    int iOff;
+    int nIncr;
+
+    ii += fts5GetVarint32(&pLeaf->p[ii], nIncr);
+    iTermOff += nIncr;
+    iOff = iTermOff;
+
+    if( iOff>=pLeaf->szLeaf ){
+      p->rc = FTS5_CORRUPT;
+    }else if( iTermOff==nIncr ){
+      int nByte;
+      iOff += fts5GetVarint32(&pLeaf->p[iOff], nByte);
+      if( (iOff+nByte)>pLeaf->szLeaf ){
+        p->rc = FTS5_CORRUPT;
+      }else{
+        fts5BufferSet(&p->rc, &buf1, nByte, &pLeaf->p[iOff]);
+      }
+    }else{
+      int nKeep, nByte;
+      iOff += fts5GetVarint32(&pLeaf->p[iOff], nKeep);
+      iOff += fts5GetVarint32(&pLeaf->p[iOff], nByte);
+      if( nKeep>buf1.n || (iOff+nByte)>pLeaf->szLeaf ){
+        p->rc = FTS5_CORRUPT;
+      }else{
+        buf1.n = nKeep;
+        fts5BufferAppendBlob(&p->rc, &buf1, nByte, &pLeaf->p[iOff]);
+      }
+
+      if( p->rc==SQLITE_OK ){
+        res = fts5BufferCompare(&buf1, &buf2);
+        if( res<=0 ) p->rc = FTS5_CORRUPT;
+      }
+    }
+    fts5BufferSet(&p->rc, &buf2, buf1.n, buf1.p);
+  }
+
+  fts5BufferFree(&buf1);
+  fts5BufferFree(&buf2);
+}
+
+static void fts5IndexIntegrityCheckSegment(
+  Fts5Index *p,                   /* FTS5 backend object */
+  Fts5StructureSegment *pSeg      /* Segment to check internal consistency */
+){
+  Fts5Config *pConfig = p->pConfig;
+  sqlite3_stmt *pStmt = 0;
+  int rc2;
+  int iIdxPrevLeaf = pSeg->pgnoFirst-1;
+  int iDlidxPrevLeaf = pSeg->pgnoLast;
+
+  if( pSeg->pgnoFirst==0 ) return;
+
+  fts5IndexPrepareStmt(p, &pStmt, sqlite3_mprintf(
+      "SELECT segid, term, (pgno>>1), (pgno&1) FROM %Q.'%q_idx' WHERE segid=%d",
+      pConfig->zDb, pConfig->zName, pSeg->iSegid
+  ));
+
+  /* Iterate through the b-tree hierarchy.  */
+  while( p->rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pStmt) ){
+    i64 iRow;                     /* Rowid for this leaf */
+    Fts5Data *pLeaf;              /* Data for this leaf */
+
+    int nIdxTerm = sqlite3_column_bytes(pStmt, 1);
+    const char *zIdxTerm = (const char*)sqlite3_column_text(pStmt, 1);
+    int iIdxLeaf = sqlite3_column_int(pStmt, 2);
+    int bIdxDlidx = sqlite3_column_int(pStmt, 3);
+
+    /* If the leaf in question has already been trimmed from the segment, 
+    ** ignore this b-tree entry. Otherwise, load it into memory. */
+    if( iIdxLeaf<pSeg->pgnoFirst ) continue;
+    iRow = FTS5_SEGMENT_ROWID(pSeg->iSegid, iIdxLeaf);
+    pLeaf = fts5DataRead(p, iRow);
+    if( pLeaf==0 ) break;
+
+    /* Check that the leaf contains at least one term, and that it is equal
+    ** to or larger than the split-key in zIdxTerm.  Also check that if there
+    ** is also a rowid pointer within the leaf page header, it points to a
+    ** location before the term.  */
+    if( pLeaf->nn<=pLeaf->szLeaf ){
+      p->rc = FTS5_CORRUPT;
+    }else{
+      int iOff;                   /* Offset of first term on leaf */
+      int iRowidOff;              /* Offset of first rowid on leaf */
+      int nTerm;                  /* Size of term on leaf in bytes */
+      int res;                    /* Comparison of term and split-key */
+
+      iOff = fts5LeafFirstTermOff(pLeaf);
+      iRowidOff = fts5LeafFirstRowidOff(pLeaf);
+      if( iRowidOff>=iOff ){
+        p->rc = FTS5_CORRUPT;
+      }else{
+        iOff += fts5GetVarint32(&pLeaf->p[iOff], nTerm);
+        res = memcmp(&pLeaf->p[iOff], zIdxTerm, MIN(nTerm, nIdxTerm));
+        if( res==0 ) res = nTerm - nIdxTerm;
+        if( res<0 ) p->rc = FTS5_CORRUPT;
+      }
+
+      fts5IntegrityCheckPgidx(p, pLeaf);
+    }
+    fts5DataRelease(pLeaf);
+    if( p->rc ) break;
+
+    /* Now check that the iter.nEmpty leaves following the current leaf
+    ** (a) exist and (b) contain no terms. */
+    fts5IndexIntegrityCheckEmpty(
+        p, pSeg, iIdxPrevLeaf+1, iDlidxPrevLeaf+1, iIdxLeaf-1
+    );
+    if( p->rc ) break;
+
+    /* If there is a doclist-index, check that it looks right. */
+    if( bIdxDlidx ){
+      Fts5DlidxIter *pDlidx = 0;  /* For iterating through doclist index */
+      int iPrevLeaf = iIdxLeaf;
+      int iSegid = pSeg->iSegid;
+      int iPg = 0;
+      i64 iKey;
+
+      for(pDlidx=fts5DlidxIterInit(p, 0, iSegid, iIdxLeaf);
+          fts5DlidxIterEof(p, pDlidx)==0;
+          fts5DlidxIterNext(p, pDlidx)
+      ){
+
+        /* Check any rowid-less pages that occur before the current leaf. */
+        for(iPg=iPrevLeaf+1; iPg<fts5DlidxIterPgno(pDlidx); iPg++){
+          iKey = FTS5_SEGMENT_ROWID(iSegid, iPg);
+          pLeaf = fts5DataRead(p, iKey);
+          if( pLeaf ){
+            if( fts5LeafFirstRowidOff(pLeaf)!=0 ) p->rc = FTS5_CORRUPT;
+            fts5DataRelease(pLeaf);
+          }
+        }
+        iPrevLeaf = fts5DlidxIterPgno(pDlidx);
+
+        /* Check that the leaf page indicated by the iterator really does
+        ** contain the rowid suggested by the same. */
+        iKey = FTS5_SEGMENT_ROWID(iSegid, iPrevLeaf);
+        pLeaf = fts5DataRead(p, iKey);
+        if( pLeaf ){
+          i64 iRowid;
+          int iRowidOff = fts5LeafFirstRowidOff(pLeaf);
+          ASSERT_SZLEAF_OK(pLeaf);
+          if( iRowidOff>=pLeaf->szLeaf ){
+            p->rc = FTS5_CORRUPT;
+          }else{
+            fts5GetVarint(&pLeaf->p[iRowidOff], (u64*)&iRowid);
+            if( iRowid!=fts5DlidxIterRowid(pDlidx) ) p->rc = FTS5_CORRUPT;
+          }
+          fts5DataRelease(pLeaf);
+        }
+      }
+
+      iDlidxPrevLeaf = iPg;
+      fts5DlidxIterFree(pDlidx);
+      fts5TestDlidxReverse(p, iSegid, iIdxLeaf);
+    }else{
+      iDlidxPrevLeaf = pSeg->pgnoLast;
+      /* TODO: Check there is no doclist index */
+    }
+
+    iIdxPrevLeaf = iIdxLeaf;
+  }
+
+  rc2 = sqlite3_finalize(pStmt);
+  if( p->rc==SQLITE_OK ) p->rc = rc2;
+
+  /* Page iter.iLeaf must now be the rightmost leaf-page in the segment */
+#if 0
+  if( p->rc==SQLITE_OK && iter.iLeaf!=pSeg->pgnoLast ){
+    p->rc = FTS5_CORRUPT;
+  }
+#endif
+}
+
+
+/*
+** Run internal checks to ensure that the FTS index (a) is internally 
+** consistent and (b) contains entries for which the XOR of the checksums
+** as calculated by fts5IndexEntryCksum() is cksum.
+**
+** Return SQLITE_CORRUPT if any of the internal checks fail, or if the
+** checksum does not match. Return SQLITE_OK if all checks pass without
+** error, or some other SQLite error code if another error (e.g. OOM)
+** occurs.
+*/
+static int sqlite3Fts5IndexIntegrityCheck(Fts5Index *p, u64 cksum){
+  u64 cksum2 = 0;                 /* Checksum based on contents of indexes */
+  Fts5Buffer poslist = {0,0,0};   /* Buffer used to hold a poslist */
+  Fts5IndexIter *pIter;           /* Used to iterate through entire index */
+  Fts5Structure *pStruct;         /* Index structure */
+
+#ifdef SQLITE_DEBUG
+  /* Used by extra internal tests only run if NDEBUG is not defined */
+  u64 cksum3 = 0;                 /* Checksum based on contents of indexes */
+  Fts5Buffer term = {0,0,0};      /* Buffer used to hold most recent term */
+#endif
+  
+  /* Load the FTS index structure */
+  pStruct = fts5StructureRead(p);
+
+  /* Check that the internal nodes of each segment match the leaves */
+  if( pStruct ){
+    int iLvl, iSeg;
+    for(iLvl=0; iLvl<pStruct->nLevel; iLvl++){
+      for(iSeg=0; iSeg<pStruct->aLevel[iLvl].nSeg; iSeg++){
+        Fts5StructureSegment *pSeg = &pStruct->aLevel[iLvl].aSeg[iSeg];
+        fts5IndexIntegrityCheckSegment(p, pSeg);
+      }
+    }
+  }
+
+  /* The cksum argument passed to this function is a checksum calculated
+  ** based on all expected entries in the FTS index (including prefix index
+  ** entries). This block checks that a checksum calculated based on the
+  ** actual contents of FTS index is identical.
+  **
+  ** Two versions of the same checksum are calculated. The first (stack
+  ** variable cksum2) based on entries extracted from the full-text index
+  ** while doing a linear scan of each individual index in turn. 
+  **
+  ** As each term visited by the linear scans, a separate query for the
+  ** same term is performed. cksum3 is calculated based on the entries
+  ** extracted by these queries.
+  */
+  for(fts5MultiIterNew(p, pStruct, 0, 0, 0, 0, -1, 0, &pIter);
+      fts5MultiIterEof(p, pIter)==0;
+      fts5MultiIterNext(p, pIter, 0, 0)
+  ){
+    int n;                      /* Size of term in bytes */
+    i64 iPos = 0;               /* Position read from poslist */
+    int iOff = 0;               /* Offset within poslist */
+    i64 iRowid = fts5MultiIterRowid(pIter);
+    char *z = (char*)fts5MultiIterTerm(pIter, &n);
+
+    /* If this is a new term, query for it. Update cksum3 with the results. */
+    fts5TestTerm(p, &term, z, n, cksum2, &cksum3);
+
+    poslist.n = 0;
+    fts5SegiterPoslist(p, &pIter->aSeg[pIter->aFirst[1].iFirst] , 0, &poslist);
+    while( 0==sqlite3Fts5PoslistNext64(poslist.p, poslist.n, &iOff, &iPos) ){
+      int iCol = FTS5_POS2COLUMN(iPos);
+      int iTokOff = FTS5_POS2OFFSET(iPos);
+      cksum2 ^= fts5IndexEntryCksum(iRowid, iCol, iTokOff, -1, z, n);
+    }
+  }
+  fts5TestTerm(p, &term, 0, 0, cksum2, &cksum3);
+
+  fts5MultiIterFree(p, pIter);
+  if( p->rc==SQLITE_OK && cksum!=cksum2 ) p->rc = FTS5_CORRUPT;
+
+  fts5StructureRelease(pStruct);
+#ifdef SQLITE_DEBUG
+  fts5BufferFree(&term);
+#endif
+  fts5BufferFree(&poslist);
+  return fts5IndexReturn(p);
+}
+
+
+/*
+** Calculate and return a checksum that is the XOR of the index entry
+** checksum of all entries that would be generated by the token specified
+** by the final 5 arguments.
+*/
+static u64 sqlite3Fts5IndexCksum(
+  Fts5Config *pConfig,            /* Configuration object */
+  i64 iRowid,                     /* Document term appears in */
+  int iCol,                       /* Column term appears in */
+  int iPos,                       /* Position term appears in */
+  const char *pTerm, int nTerm    /* Term at iPos */
+){
+  u64 ret = 0;                    /* Return value */
+  int iIdx;                       /* For iterating through indexes */
+
+  ret = fts5IndexEntryCksum(iRowid, iCol, iPos, 0, pTerm, nTerm);
+
+  for(iIdx=0; iIdx<pConfig->nPrefix; iIdx++){
+    int nByte = fts5IndexCharlenToBytelen(pTerm, nTerm, pConfig->aPrefix[iIdx]);
+    if( nByte ){
+      ret ^= fts5IndexEntryCksum(iRowid, iCol, iPos, iIdx+1, pTerm, nByte);
+    }
+  }
+
+  return ret;
+}
+
+/*************************************************************************
+**************************************************************************
+** Below this point is the implementation of the fts5_decode() scalar
+** function only.
+*/
+
+/*
+** Decode a segment-data rowid from the %_data table. This function is
+** the opposite of macro FTS5_SEGMENT_ROWID().
+*/
+static void fts5DecodeRowid(
+  i64 iRowid,                     /* Rowid from %_data table */
+  int *piSegid,                   /* OUT: Segment id */
+  int *pbDlidx,                   /* OUT: Dlidx flag */
+  int *piHeight,                  /* OUT: Height */
+  int *piPgno                     /* OUT: Page number */
+){
+  *piPgno = (int)(iRowid & (((i64)1 << FTS5_DATA_PAGE_B) - 1));
+  iRowid >>= FTS5_DATA_PAGE_B;
+
+  *piHeight = (int)(iRowid & (((i64)1 << FTS5_DATA_HEIGHT_B) - 1));
+  iRowid >>= FTS5_DATA_HEIGHT_B;
+
+  *pbDlidx = (int)(iRowid & 0x0001);
+  iRowid >>= FTS5_DATA_DLI_B;
+
+  *piSegid = (int)(iRowid & (((i64)1 << FTS5_DATA_ID_B) - 1));
+}
+
+static void fts5DebugRowid(int *pRc, Fts5Buffer *pBuf, i64 iKey){
+  int iSegid, iHeight, iPgno, bDlidx;       /* Rowid compenents */
+  fts5DecodeRowid(iKey, &iSegid, &bDlidx, &iHeight, &iPgno);
+
+  if( iSegid==0 ){
+    if( iKey==FTS5_AVERAGES_ROWID ){
+      sqlite3Fts5BufferAppendPrintf(pRc, pBuf, "{averages} ");
+    }else{
+      sqlite3Fts5BufferAppendPrintf(pRc, pBuf, "{structure}");
+    }
+  }
+  else{
+    sqlite3Fts5BufferAppendPrintf(pRc, pBuf, "{%ssegid=%d h=%d pgno=%d}",
+        bDlidx ? "dlidx " : "", iSegid, iHeight, iPgno
+    );
+  }
+}
+
+static void fts5DebugStructure(
+  int *pRc,                       /* IN/OUT: error code */
+  Fts5Buffer *pBuf,
+  Fts5Structure *p
+){
+  int iLvl, iSeg;                 /* Iterate through levels, segments */
+
+  for(iLvl=0; iLvl<p->nLevel; iLvl++){
+    Fts5StructureLevel *pLvl = &p->aLevel[iLvl];
+    sqlite3Fts5BufferAppendPrintf(pRc, pBuf, 
+        " {lvl=%d nMerge=%d nSeg=%d", iLvl, pLvl->nMerge, pLvl->nSeg
+    );
+    for(iSeg=0; iSeg<pLvl->nSeg; iSeg++){
+      Fts5StructureSegment *pSeg = &pLvl->aSeg[iSeg];
+      sqlite3Fts5BufferAppendPrintf(pRc, pBuf, " {id=%d leaves=%d..%d}", 
+          pSeg->iSegid, pSeg->pgnoFirst, pSeg->pgnoLast
+      );
+    }
+    sqlite3Fts5BufferAppendPrintf(pRc, pBuf, "}");
+  }
+}
+
+/*
+** This is part of the fts5_decode() debugging aid.
+**
+** Arguments pBlob/nBlob contain a serialized Fts5Structure object. This
+** function appends a human-readable representation of the same object
+** to the buffer passed as the second argument. 
+*/
+static void fts5DecodeStructure(
+  int *pRc,                       /* IN/OUT: error code */
+  Fts5Buffer *pBuf,
+  const u8 *pBlob, int nBlob
+){
+  int rc;                         /* Return code */
+  Fts5Structure *p = 0;           /* Decoded structure object */
+
+  rc = fts5StructureDecode(pBlob, nBlob, 0, &p);
+  if( rc!=SQLITE_OK ){
+    *pRc = rc;
+    return;
+  }
+
+  fts5DebugStructure(pRc, pBuf, p);
+  fts5StructureRelease(p);
+}
+
+/*
+** This is part of the fts5_decode() debugging aid.
+**
+** Arguments pBlob/nBlob contain an "averages" record. This function 
+** appends a human-readable representation of record to the buffer passed 
+** as the second argument. 
+*/
+static void fts5DecodeAverages(
+  int *pRc,                       /* IN/OUT: error code */
+  Fts5Buffer *pBuf,
+  const u8 *pBlob, int nBlob
+){
+  int i = 0;
+  const char *zSpace = "";
+
+  while( i<nBlob ){
+    u64 iVal;
+    i += sqlite3Fts5GetVarint(&pBlob[i], &iVal);
+    sqlite3Fts5BufferAppendPrintf(pRc, pBuf, "%s%d", zSpace, (int)iVal);
+    zSpace = " ";
+  }
+}
+
+/*
+** Buffer (a/n) is assumed to contain a list of serialized varints. Read
+** each varint and append its string representation to buffer pBuf. Return
+** after either the input buffer is exhausted or a 0 value is read.
+**
+** The return value is the number of bytes read from the input buffer.
+*/
+static int fts5DecodePoslist(int *pRc, Fts5Buffer *pBuf, const u8 *a, int n){
+  int iOff = 0;
+  while( iOff<n ){
+    int iVal;
+    iOff += fts5GetVarint32(&a[iOff], iVal);
+    sqlite3Fts5BufferAppendPrintf(pRc, pBuf, " %d", iVal);
+  }
+  return iOff;
+}
+
+/*
+** The start of buffer (a/n) contains the start of a doclist. The doclist
+** may or may not finish within the buffer. This function appends a text
+** representation of the part of the doclist that is present to buffer
+** pBuf. 
+**
+** The return value is the number of bytes read from the input buffer.
+*/
+static int fts5DecodeDoclist(int *pRc, Fts5Buffer *pBuf, const u8 *a, int n){
+  i64 iDocid = 0;
+  int iOff = 0;
+
+  if( n>0 ){
+    iOff = sqlite3Fts5GetVarint(a, (u64*)&iDocid);
+    sqlite3Fts5BufferAppendPrintf(pRc, pBuf, " id=%lld", iDocid);
+  }
+  while( iOff<n ){
+    int nPos;
+    int bDel;
+    iOff += fts5GetPoslistSize(&a[iOff], &nPos, &bDel);
+    sqlite3Fts5BufferAppendPrintf(pRc, pBuf, " nPos=%d%s", nPos, bDel?"*":"");
+    iOff += fts5DecodePoslist(pRc, pBuf, &a[iOff], MIN(n-iOff, nPos));
+    if( iOff<n ){
+      i64 iDelta;
+      iOff += sqlite3Fts5GetVarint(&a[iOff], (u64*)&iDelta);
+      iDocid += iDelta;
+      sqlite3Fts5BufferAppendPrintf(pRc, pBuf, " id=%lld", iDocid);
+    }
+  }
+
+  return iOff;
+}
+
+/*
+** The implementation of user-defined scalar function fts5_decode().
+*/
+static void fts5DecodeFunction(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args (always 2) */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  i64 iRowid;                     /* Rowid for record being decoded */
+  int iSegid,iHeight,iPgno,bDlidx;/* Rowid components */
+  const u8 *aBlob; int n;         /* Record to decode */
+  u8 *a = 0;
+  Fts5Buffer s;                   /* Build up text to return here */
+  int rc = SQLITE_OK;             /* Return code */
+  int nSpace = 0;
+
+  assert( nArg==2 );
+  memset(&s, 0, sizeof(Fts5Buffer));
+  iRowid = sqlite3_value_int64(apVal[0]);
+
+  /* Make a copy of the second argument (a blob) in aBlob[]. The aBlob[]
+  ** copy is followed by FTS5_DATA_ZERO_PADDING 0x00 bytes, which prevents
+  ** buffer overreads even if the record is corrupt.  */
+  n = sqlite3_value_bytes(apVal[1]);
+  aBlob = sqlite3_value_blob(apVal[1]);
+  nSpace = n + FTS5_DATA_ZERO_PADDING;
+  a = (u8*)sqlite3Fts5MallocZero(&rc, nSpace);
+  if( a==0 ) goto decode_out;
+  memcpy(a, aBlob, n);
+
+
+  fts5DecodeRowid(iRowid, &iSegid, &bDlidx, &iHeight, &iPgno);
+
+  fts5DebugRowid(&rc, &s, iRowid);
+  if( bDlidx ){
+    Fts5Data dlidx;
+    Fts5DlidxLvl lvl;
+
+    dlidx.p = a;
+    dlidx.nn = n;
+
+    memset(&lvl, 0, sizeof(Fts5DlidxLvl));
+    lvl.pData = &dlidx;
+    lvl.iLeafPgno = iPgno;
+
+    for(fts5DlidxLvlNext(&lvl); lvl.bEof==0; fts5DlidxLvlNext(&lvl)){
+      sqlite3Fts5BufferAppendPrintf(&rc, &s, 
+          " %d(%lld)", lvl.iLeafPgno, lvl.iRowid
+      );
+    }
+  }else if( iSegid==0 ){
+    if( iRowid==FTS5_AVERAGES_ROWID ){
+      fts5DecodeAverages(&rc, &s, a, n);
+    }else{
+      fts5DecodeStructure(&rc, &s, a, n);
+    }
+  }else{
+    Fts5Buffer term;              /* Current term read from page */
+    int szLeaf;                   /* Offset of pgidx in a[] */
+    int iPgidxOff;
+    int iPgidxPrev = 0;           /* Previous value read from pgidx */
+    int iTermOff = 0;
+    int iRowidOff = 0;
+    int iOff;
+    int nDoclist;
+
+    memset(&term, 0, sizeof(Fts5Buffer));
+
+    if( n<4 ){
+      sqlite3Fts5BufferSet(&rc, &s, 7, (const u8*)"corrupt");
+      goto decode_out;
+    }else{
+      iRowidOff = fts5GetU16(&a[0]);
+      iPgidxOff = szLeaf = fts5GetU16(&a[2]);
+      if( iPgidxOff<n ){
+        fts5GetVarint32(&a[iPgidxOff], iTermOff);
+      }
+    }
+
+    /* Decode the position list tail at the start of the page */
+    if( iRowidOff!=0 ){
+      iOff = iRowidOff;
+    }else if( iTermOff!=0 ){
+      iOff = iTermOff;
+    }else{
+      iOff = szLeaf;
+    }
+    fts5DecodePoslist(&rc, &s, &a[4], iOff-4);
+
+    /* Decode any more doclist data that appears on the page before the
+    ** first term. */
+    nDoclist = (iTermOff ? iTermOff : szLeaf) - iOff;
+    fts5DecodeDoclist(&rc, &s, &a[iOff], nDoclist);
+
+    while( iPgidxOff<n ){
+      int bFirst = (iPgidxOff==szLeaf);     /* True for first term on page */
+      int nByte;                            /* Bytes of data */
+      int iEnd;
+      
+      iPgidxOff += fts5GetVarint32(&a[iPgidxOff], nByte);
+      iPgidxPrev += nByte;
+      iOff = iPgidxPrev;
+
+      if( iPgidxOff<n ){
+        fts5GetVarint32(&a[iPgidxOff], nByte);
+        iEnd = iPgidxPrev + nByte;
+      }else{
+        iEnd = szLeaf;
+      }
+
+      if( bFirst==0 ){
+        iOff += fts5GetVarint32(&a[iOff], nByte);
+        term.n = nByte;
+      }
+      iOff += fts5GetVarint32(&a[iOff], nByte);
+      fts5BufferAppendBlob(&rc, &term, nByte, &a[iOff]);
+      iOff += nByte;
+
+      sqlite3Fts5BufferAppendPrintf(
+          &rc, &s, " term=%.*s", term.n, (const char*)term.p
+      );
+      iOff += fts5DecodeDoclist(&rc, &s, &a[iOff], iEnd-iOff);
+    }
+
+    fts5BufferFree(&term);
+  }
+  
+ decode_out:
+  sqlite3_free(a);
+  if( rc==SQLITE_OK ){
+    sqlite3_result_text(pCtx, (const char*)s.p, s.n, SQLITE_TRANSIENT);
+  }else{
+    sqlite3_result_error_code(pCtx, rc);
+  }
+  fts5BufferFree(&s);
+}
+
+/*
+** The implementation of user-defined scalar function fts5_rowid().
+*/
+static void fts5RowidFunction(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args (always 2) */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  const char *zArg;
+  if( nArg==0 ){
+    sqlite3_result_error(pCtx, "should be: fts5_rowid(subject, ....)", -1);
+  }else{
+    zArg = (const char*)sqlite3_value_text(apVal[0]);
+    if( 0==sqlite3_stricmp(zArg, "segment") ){
+      i64 iRowid;
+      int segid, pgno;
+      if( nArg!=3 ){
+        sqlite3_result_error(pCtx, 
+            "should be: fts5_rowid('segment', segid, pgno))", -1
+        );
+      }else{
+        segid = sqlite3_value_int(apVal[1]);
+        pgno = sqlite3_value_int(apVal[2]);
+        iRowid = FTS5_SEGMENT_ROWID(segid, pgno);
+        sqlite3_result_int64(pCtx, iRowid);
+      }
+    }else{
+      sqlite3_result_error(pCtx, 
+        "first arg to fts5_rowid() must be 'segment'" , -1
+      );
+    }
+  }
+}
+
+/*
+** This is called as part of registering the FTS5 module with database
+** connection db. It registers several user-defined scalar functions useful
+** with FTS5.
+**
+** If successful, SQLITE_OK is returned. If an error occurs, some other
+** SQLite error code is returned instead.
+*/
+static int sqlite3Fts5IndexInit(sqlite3 *db){
+  int rc = sqlite3_create_function(
+      db, "fts5_decode", 2, SQLITE_UTF8, 0, fts5DecodeFunction, 0, 0
+  );
+  if( rc==SQLITE_OK ){
+    rc = sqlite3_create_function(
+        db, "fts5_rowid", -1, SQLITE_UTF8, 0, fts5RowidFunction, 0, 0
+    );
+  }
+  return rc;
+}
+
+
+/*
+** 2014 Jun 09
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This is an SQLite module implementing full-text search.
+*/
+
+
+/* #include "fts5Int.h" */
+
+/*
+** This variable is set to false when running tests for which the on disk
+** structures should not be corrupt. Otherwise, true. If it is false, extra
+** assert() conditions in the fts5 code are activated - conditions that are
+** only true if it is guaranteed that the fts5 database is not corrupt.
+*/
+SQLITE_API int sqlite3_fts5_may_be_corrupt = 1;
+
+
+typedef struct Fts5Auxdata Fts5Auxdata;
+typedef struct Fts5Auxiliary Fts5Auxiliary;
+typedef struct Fts5Cursor Fts5Cursor;
+typedef struct Fts5Sorter Fts5Sorter;
+typedef struct Fts5Table Fts5Table;
+typedef struct Fts5TokenizerModule Fts5TokenizerModule;
+
+/*
+** NOTES ON TRANSACTIONS: 
+**
+** SQLite invokes the following virtual table methods as transactions are 
+** opened and closed by the user:
+**
+**     xBegin():    Start of a new transaction.
+**     xSync():     Initial part of two-phase commit.
+**     xCommit():   Final part of two-phase commit.
+**     xRollback(): Rollback the transaction.
+**
+** Anything that is required as part of a commit that may fail is performed
+** in the xSync() callback. Current versions of SQLite ignore any errors 
+** returned by xCommit().
+**
+** And as sub-transactions are opened/closed:
+**
+**     xSavepoint(int S):  Open savepoint S.
+**     xRelease(int S):    Commit and close savepoint S.
+**     xRollbackTo(int S): Rollback to start of savepoint S.
+**
+** During a write-transaction the fts5_index.c module may cache some data 
+** in-memory. It is flushed to disk whenever xSync(), xRelease() or
+** xSavepoint() is called. And discarded whenever xRollback() or xRollbackTo() 
+** is called.
+**
+** Additionally, if SQLITE_DEBUG is defined, an instance of the following
+** structure is used to record the current transaction state. This information
+** is not required, but it is used in the assert() statements executed by
+** function fts5CheckTransactionState() (see below).
+*/
+struct Fts5TransactionState {
+  int eState;                     /* 0==closed, 1==open, 2==synced */
+  int iSavepoint;                 /* Number of open savepoints (0 -> none) */
+};
+
+/*
+** A single object of this type is allocated when the FTS5 module is 
+** registered with a database handle. It is used to store pointers to
+** all registered FTS5 extensions - tokenizers and auxiliary functions.
+*/
+struct Fts5Global {
+  fts5_api api;                   /* User visible part of object (see fts5.h) */
+  sqlite3 *db;                    /* Associated database connection */ 
+  i64 iNextId;                    /* Used to allocate unique cursor ids */
+  Fts5Auxiliary *pAux;            /* First in list of all aux. functions */
+  Fts5TokenizerModule *pTok;      /* First in list of all tokenizer modules */
+  Fts5TokenizerModule *pDfltTok;  /* Default tokenizer module */
+  Fts5Cursor *pCsr;               /* First in list of all open cursors */
+};
+
+/*
+** Each auxiliary function registered with the FTS5 module is represented
+** by an object of the following type. All such objects are stored as part
+** of the Fts5Global.pAux list.
+*/
+struct Fts5Auxiliary {
+  Fts5Global *pGlobal;            /* Global context for this function */
+  char *zFunc;                    /* Function name (nul-terminated) */
+  void *pUserData;                /* User-data pointer */
+  fts5_extension_function xFunc;  /* Callback function */
+  void (*xDestroy)(void*);        /* Destructor function */
+  Fts5Auxiliary *pNext;           /* Next registered auxiliary function */
+};
+
+/*
+** Each tokenizer module registered with the FTS5 module is represented
+** by an object of the following type. All such objects are stored as part
+** of the Fts5Global.pTok list.
+*/
+struct Fts5TokenizerModule {
+  char *zName;                    /* Name of tokenizer */
+  void *pUserData;                /* User pointer passed to xCreate() */
+  fts5_tokenizer x;               /* Tokenizer functions */
+  void (*xDestroy)(void*);        /* Destructor function */
+  Fts5TokenizerModule *pNext;     /* Next registered tokenizer module */
+};
+
+/*
+** Virtual-table object.
+*/
+struct Fts5Table {
+  sqlite3_vtab base;              /* Base class used by SQLite core */
+  Fts5Config *pConfig;            /* Virtual table configuration */
+  Fts5Index *pIndex;              /* Full-text index */
+  Fts5Storage *pStorage;          /* Document store */
+  Fts5Global *pGlobal;            /* Global (connection wide) data */
+  Fts5Cursor *pSortCsr;           /* Sort data from this cursor */
+#ifdef SQLITE_DEBUG
+  struct Fts5TransactionState ts;
+#endif
+};
+
+struct Fts5MatchPhrase {
+  Fts5Buffer *pPoslist;           /* Pointer to current poslist */
+  int nTerm;                      /* Size of phrase in terms */
+};
+
+/*
+** pStmt:
+**   SELECT rowid, <fts> FROM <fts> ORDER BY +rank;
+**
+** aIdx[]:
+**   There is one entry in the aIdx[] array for each phrase in the query,
+**   the value of which is the offset within aPoslist[] following the last 
+**   byte of the position list for the corresponding phrase.
+*/
+struct Fts5Sorter {
+  sqlite3_stmt *pStmt;
+  i64 iRowid;                     /* Current rowid */
+  const u8 *aPoslist;             /* Position lists for current row */
+  int nIdx;                       /* Number of entries in aIdx[] */
+  int aIdx[1];                    /* Offsets into aPoslist for current row */
+};
+
+
+/*
+** Virtual-table cursor object.
+**
+** iSpecial:
+**   If this is a 'special' query (refer to function fts5SpecialMatch()), 
+**   then this variable contains the result of the query. 
+**
+** iFirstRowid, iLastRowid:
+**   These variables are only used for FTS5_PLAN_MATCH cursors. Assuming the
+**   cursor iterates in ascending order of rowids, iFirstRowid is the lower
+**   limit of rowids to return, and iLastRowid the upper. In other words, the
+**   WHERE clause in the user's query might have been:
+**
+**       <tbl> MATCH <expr> AND rowid BETWEEN $iFirstRowid AND $iLastRowid
+**
+**   If the cursor iterates in descending order of rowid, iFirstRowid
+**   is the upper limit (i.e. the "first" rowid visited) and iLastRowid
+**   the lower.
+*/
+struct Fts5Cursor {
+  sqlite3_vtab_cursor base;       /* Base class used by SQLite core */
+  Fts5Cursor *pNext;              /* Next cursor in Fts5Cursor.pCsr list */
+  int *aColumnSize;               /* Values for xColumnSize() */
+  i64 iCsrId;                     /* Cursor id */
+
+  /* Zero from this point onwards on cursor reset */
+  int ePlan;                      /* FTS5_PLAN_XXX value */
+  int bDesc;                      /* True for "ORDER BY rowid DESC" queries */
+  i64 iFirstRowid;                /* Return no rowids earlier than this */
+  i64 iLastRowid;                 /* Return no rowids later than this */
+  sqlite3_stmt *pStmt;            /* Statement used to read %_content */
+  Fts5Expr *pExpr;                /* Expression for MATCH queries */
+  Fts5Sorter *pSorter;            /* Sorter for "ORDER BY rank" queries */
+  int csrflags;                   /* Mask of cursor flags (see below) */
+  i64 iSpecial;                   /* Result of special query */
+
+  /* "rank" function. Populated on demand from vtab.xColumn(). */
+  char *zRank;                    /* Custom rank function */
+  char *zRankArgs;                /* Custom rank function args */
+  Fts5Auxiliary *pRank;           /* Rank callback (or NULL) */
+  int nRankArg;                   /* Number of trailing arguments for rank() */
+  sqlite3_value **apRankArg;      /* Array of trailing arguments */
+  sqlite3_stmt *pRankArgStmt;     /* Origin of objects in apRankArg[] */
+
+  /* Auxiliary data storage */
+  Fts5Auxiliary *pAux;            /* Currently executing extension function */
+  Fts5Auxdata *pAuxdata;          /* First in linked list of saved aux-data */
+
+  /* Cache used by auxiliary functions xInst() and xInstCount() */
+  Fts5PoslistReader *aInstIter;   /* One for each phrase */
+  int nInstAlloc;                 /* Size of aInst[] array (entries / 3) */
+  int nInstCount;                 /* Number of phrase instances */
+  int *aInst;                     /* 3 integers per phrase instance */
+};
+
+/*
+** Bits that make up the "idxNum" parameter passed indirectly by 
+** xBestIndex() to xFilter().
+*/
+#define FTS5_BI_MATCH        0x0001         /* <tbl> MATCH ? */
+#define FTS5_BI_RANK         0x0002         /* rank MATCH ? */
+#define FTS5_BI_ROWID_EQ     0x0004         /* rowid == ? */
+#define FTS5_BI_ROWID_LE     0x0008         /* rowid <= ? */
+#define FTS5_BI_ROWID_GE     0x0010         /* rowid >= ? */
+
+#define FTS5_BI_ORDER_RANK   0x0020
+#define FTS5_BI_ORDER_ROWID  0x0040
+#define FTS5_BI_ORDER_DESC   0x0080
+
+/*
+** Values for Fts5Cursor.csrflags
+*/
+#define FTS5CSR_REQUIRE_CONTENT   0x01
+#define FTS5CSR_REQUIRE_DOCSIZE   0x02
+#define FTS5CSR_REQUIRE_INST      0x04
+#define FTS5CSR_EOF               0x08
+#define FTS5CSR_FREE_ZRANK        0x10
+#define FTS5CSR_REQUIRE_RESEEK    0x20
+
+#define BitFlagAllTest(x,y) (((x) & (y))==(y))
+#define BitFlagTest(x,y)    (((x) & (y))!=0)
+
+
+/*
+** Macros to Set(), Clear() and Test() cursor flags.
+*/
+#define CsrFlagSet(pCsr, flag)   ((pCsr)->csrflags |= (flag))
+#define CsrFlagClear(pCsr, flag) ((pCsr)->csrflags &= ~(flag))
+#define CsrFlagTest(pCsr, flag)  ((pCsr)->csrflags & (flag))
+
+struct Fts5Auxdata {
+  Fts5Auxiliary *pAux;            /* Extension to which this belongs */
+  void *pPtr;                     /* Pointer value */
+  void(*xDelete)(void*);          /* Destructor */
+  Fts5Auxdata *pNext;             /* Next object in linked list */
+};
+
+#ifdef SQLITE_DEBUG
+#define FTS5_BEGIN      1
+#define FTS5_SYNC       2
+#define FTS5_COMMIT     3
+#define FTS5_ROLLBACK   4
+#define FTS5_SAVEPOINT  5
+#define FTS5_RELEASE    6
+#define FTS5_ROLLBACKTO 7
+static void fts5CheckTransactionState(Fts5Table *p, int op, int iSavepoint){
+  switch( op ){
+    case FTS5_BEGIN:
+      assert( p->ts.eState==0 );
+      p->ts.eState = 1;
+      p->ts.iSavepoint = -1;
+      break;
+
+    case FTS5_SYNC:
+      assert( p->ts.eState==1 );
+      p->ts.eState = 2;
+      break;
+
+    case FTS5_COMMIT:
+      assert( p->ts.eState==2 );
+      p->ts.eState = 0;
+      break;
+
+    case FTS5_ROLLBACK:
+      assert( p->ts.eState==1 || p->ts.eState==2 || p->ts.eState==0 );
+      p->ts.eState = 0;
+      break;
+
+    case FTS5_SAVEPOINT:
+      assert( p->ts.eState==1 );
+      assert( iSavepoint>=0 );
+      assert( iSavepoint>p->ts.iSavepoint );
+      p->ts.iSavepoint = iSavepoint;
+      break;
+      
+    case FTS5_RELEASE:
+      assert( p->ts.eState==1 );
+      assert( iSavepoint>=0 );
+      assert( iSavepoint<=p->ts.iSavepoint );
+      p->ts.iSavepoint = iSavepoint-1;
+      break;
+
+    case FTS5_ROLLBACKTO:
+      assert( p->ts.eState==1 );
+      assert( iSavepoint>=0 );
+      assert( iSavepoint<=p->ts.iSavepoint );
+      p->ts.iSavepoint = iSavepoint;
+      break;
+  }
+}
+#else
+# define fts5CheckTransactionState(x,y,z)
+#endif
+
+/*
+** Return true if pTab is a contentless table.
+*/
+static int fts5IsContentless(Fts5Table *pTab){
+  return pTab->pConfig->eContent==FTS5_CONTENT_NONE;
+}
+
+/*
+** Delete a virtual table handle allocated by fts5InitVtab(). 
+*/
+static void fts5FreeVtab(Fts5Table *pTab){
+  if( pTab ){
+    sqlite3Fts5IndexClose(pTab->pIndex);
+    sqlite3Fts5StorageClose(pTab->pStorage);
+    sqlite3Fts5ConfigFree(pTab->pConfig);
+    sqlite3_free(pTab);
+  }
+}
+
+/*
+** The xDisconnect() virtual table method.
+*/
+static int fts5DisconnectMethod(sqlite3_vtab *pVtab){
+  fts5FreeVtab((Fts5Table*)pVtab);
+  return SQLITE_OK;
+}
+
+/*
+** The xDestroy() virtual table method.
+*/
+static int fts5DestroyMethod(sqlite3_vtab *pVtab){
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  int rc = sqlite3Fts5DropAll(pTab->pConfig);
+  if( rc==SQLITE_OK ){
+    fts5FreeVtab((Fts5Table*)pVtab);
+  }
+  return rc;
+}
+
+/*
+** This function is the implementation of both the xConnect and xCreate
+** methods of the FTS3 virtual table.
+**
+** The argv[] array contains the following:
+**
+**   argv[0]   -> module name  ("fts5")
+**   argv[1]   -> database name
+**   argv[2]   -> table name
+**   argv[...] -> "column name" and other module argument fields.
+*/
+static int fts5InitVtab(
+  int bCreate,                    /* True for xCreate, false for xConnect */
+  sqlite3 *db,                    /* The SQLite database connection */
+  void *pAux,                     /* Hash table containing tokenizers */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVTab,          /* Write the resulting vtab structure here */
+  char **pzErr                    /* Write any error message here */
+){
+  Fts5Global *pGlobal = (Fts5Global*)pAux;
+  const char **azConfig = (const char**)argv;
+  int rc = SQLITE_OK;             /* Return code */
+  Fts5Config *pConfig = 0;        /* Results of parsing argc/argv */
+  Fts5Table *pTab = 0;            /* New virtual table object */
+
+  /* Allocate the new vtab object and parse the configuration */
+  pTab = (Fts5Table*)sqlite3Fts5MallocZero(&rc, sizeof(Fts5Table));
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5ConfigParse(pGlobal, db, argc, azConfig, &pConfig, pzErr);
+    assert( (rc==SQLITE_OK && *pzErr==0) || pConfig==0 );
+  }
+  if( rc==SQLITE_OK ){
+    pTab->pConfig = pConfig;
+    pTab->pGlobal = pGlobal;
+  }
+
+  /* Open the index sub-system */
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5IndexOpen(pConfig, bCreate, &pTab->pIndex, pzErr);
+  }
+
+  /* Open the storage sub-system */
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5StorageOpen(
+        pConfig, pTab->pIndex, bCreate, &pTab->pStorage, pzErr
+    );
+  }
+
+  /* Call sqlite3_declare_vtab() */
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5ConfigDeclareVtab(pConfig);
+  }
+
+  /* Load the initial configuration */
+  if( rc==SQLITE_OK ){
+    assert( pConfig->pzErrmsg==0 );
+    pConfig->pzErrmsg = pzErr;
+    rc = sqlite3Fts5IndexLoadConfig(pTab->pIndex);
+    sqlite3Fts5IndexRollback(pTab->pIndex);
+    pConfig->pzErrmsg = 0;
+  }
+
+  if( rc!=SQLITE_OK ){
+    fts5FreeVtab(pTab);
+    pTab = 0;
+  }else if( bCreate ){
+    fts5CheckTransactionState(pTab, FTS5_BEGIN, 0);
+  }
+  *ppVTab = (sqlite3_vtab*)pTab;
+  return rc;
+}
+
+/*
+** The xConnect() and xCreate() methods for the virtual table. All the
+** work is done in function fts5InitVtab().
+*/
+static int fts5ConnectMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pAux,                     /* Pointer to tokenizer hash table */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  return fts5InitVtab(0, db, pAux, argc, argv, ppVtab, pzErr);
+}
+static int fts5CreateMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pAux,                     /* Pointer to tokenizer hash table */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  return fts5InitVtab(1, db, pAux, argc, argv, ppVtab, pzErr);
+}
+
+/*
+** The different query plans.
+*/
+#define FTS5_PLAN_MATCH          1       /* (<tbl> MATCH ?) */
+#define FTS5_PLAN_SOURCE         2       /* A source cursor for SORTED_MATCH */
+#define FTS5_PLAN_SPECIAL        3       /* An internal query */
+#define FTS5_PLAN_SORTED_MATCH   4       /* (<tbl> MATCH ? ORDER BY rank) */
+#define FTS5_PLAN_SCAN           5       /* No usable constraint */
+#define FTS5_PLAN_ROWID          6       /* (rowid = ?) */
+
+/*
+** Set the SQLITE_INDEX_SCAN_UNIQUE flag in pIdxInfo->flags. Unless this
+** extension is currently being used by a version of SQLite too old to
+** support index-info flags. In that case this function is a no-op.
+*/
+static void fts5SetUniqueFlag(sqlite3_index_info *pIdxInfo){
+#if SQLITE_VERSION_NUMBER>=3008012
+#ifndef SQLITE_CORE
+  if( sqlite3_libversion_number()>=3008012 )
+#endif
+  {
+    pIdxInfo->idxFlags |= SQLITE_INDEX_SCAN_UNIQUE;
+  }
+#endif
+}
+
+/*
+** Implementation of the xBestIndex method for FTS5 tables. Within the 
+** WHERE constraint, it searches for the following:
+**
+**   1. A MATCH constraint against the special column.
+**   2. A MATCH constraint against the "rank" column.
+**   3. An == constraint against the rowid column.
+**   4. A < or <= constraint against the rowid column.
+**   5. A > or >= constraint against the rowid column.
+**
+** Within the ORDER BY, either:
+**
+**   5. ORDER BY rank [ASC|DESC]
+**   6. ORDER BY rowid [ASC|DESC]
+**
+** Costs are assigned as follows:
+**
+**  a) If an unusable MATCH operator is present in the WHERE clause, the
+**     cost is unconditionally set to 1e50 (a really big number).
+**
+**  a) If a MATCH operator is present, the cost depends on the other
+**     constraints also present. As follows:
+**
+**       * No other constraints:         cost=1000.0
+**       * One rowid range constraint:   cost=750.0
+**       * Both rowid range constraints: cost=500.0
+**       * An == rowid constraint:       cost=100.0
+**
+**  b) Otherwise, if there is no MATCH:
+**
+**       * No other constraints:         cost=1000000.0
+**       * One rowid range constraint:   cost=750000.0
+**       * Both rowid range constraints: cost=250000.0
+**       * An == rowid constraint:       cost=10.0
+**
+** Costs are not modified by the ORDER BY clause.
+*/
+static int fts5BestIndexMethod(sqlite3_vtab *pVTab, sqlite3_index_info *pInfo){
+  Fts5Table *pTab = (Fts5Table*)pVTab;
+  Fts5Config *pConfig = pTab->pConfig;
+  int idxFlags = 0;               /* Parameter passed through to xFilter() */
+  int bHasMatch;
+  int iNext;
+  int i;
+
+  struct Constraint {
+    int op;                       /* Mask against sqlite3_index_constraint.op */
+    int fts5op;                   /* FTS5 mask for idxFlags */
+    int iCol;                     /* 0==rowid, 1==tbl, 2==rank */
+    int omit;                     /* True to omit this if found */
+    int iConsIndex;               /* Index in pInfo->aConstraint[] */
+  } aConstraint[] = {
+    {SQLITE_INDEX_CONSTRAINT_MATCH|SQLITE_INDEX_CONSTRAINT_EQ, 
+                                    FTS5_BI_MATCH,    1, 1, -1},
+    {SQLITE_INDEX_CONSTRAINT_MATCH|SQLITE_INDEX_CONSTRAINT_EQ, 
+                                    FTS5_BI_RANK,     2, 1, -1},
+    {SQLITE_INDEX_CONSTRAINT_EQ,    FTS5_BI_ROWID_EQ, 0, 0, -1},
+    {SQLITE_INDEX_CONSTRAINT_LT|SQLITE_INDEX_CONSTRAINT_LE, 
+                                    FTS5_BI_ROWID_LE, 0, 0, -1},
+    {SQLITE_INDEX_CONSTRAINT_GT|SQLITE_INDEX_CONSTRAINT_GE, 
+                                    FTS5_BI_ROWID_GE, 0, 0, -1},
+  };
+
+  int aColMap[3];
+  aColMap[0] = -1;
+  aColMap[1] = pConfig->nCol;
+  aColMap[2] = pConfig->nCol+1;
+
+  /* Set idxFlags flags for all WHERE clause terms that will be used. */
+  for(i=0; i<pInfo->nConstraint; i++){
+    struct sqlite3_index_constraint *p = &pInfo->aConstraint[i];
+    int j;
+    for(j=0; j<(int)ArraySize(aConstraint); j++){
+      struct Constraint *pC = &aConstraint[j];
+      if( p->iColumn==aColMap[pC->iCol] && p->op & pC->op ){
+        if( p->usable ){
+          pC->iConsIndex = i;
+          idxFlags |= pC->fts5op;
+        }else if( j==0 ){
+          /* As there exists an unusable MATCH constraint this is an 
+          ** unusable plan. Set a prohibitively high cost. */
+          pInfo->estimatedCost = 1e50;
+          return SQLITE_OK;
+        }
+      }
+    }
+  }
+
+  /* Set idxFlags flags for the ORDER BY clause */
+  if( pInfo->nOrderBy==1 ){
+    int iSort = pInfo->aOrderBy[0].iColumn;
+    if( iSort==(pConfig->nCol+1) && BitFlagTest(idxFlags, FTS5_BI_MATCH) ){
+      idxFlags |= FTS5_BI_ORDER_RANK;
+    }else if( iSort==-1 ){
+      idxFlags |= FTS5_BI_ORDER_ROWID;
+    }
+    if( BitFlagTest(idxFlags, FTS5_BI_ORDER_RANK|FTS5_BI_ORDER_ROWID) ){
+      pInfo->orderByConsumed = 1;
+      if( pInfo->aOrderBy[0].desc ){
+        idxFlags |= FTS5_BI_ORDER_DESC;
+      }
+    }
+  }
+
+  /* Calculate the estimated cost based on the flags set in idxFlags. */
+  bHasMatch = BitFlagTest(idxFlags, FTS5_BI_MATCH);
+  if( BitFlagTest(idxFlags, FTS5_BI_ROWID_EQ) ){
+    pInfo->estimatedCost = bHasMatch ? 100.0 : 10.0;
+    if( bHasMatch==0 ) fts5SetUniqueFlag(pInfo);
+  }else if( BitFlagAllTest(idxFlags, FTS5_BI_ROWID_LE|FTS5_BI_ROWID_GE) ){
+    pInfo->estimatedCost = bHasMatch ? 500.0 : 250000.0;
+  }else if( BitFlagTest(idxFlags, FTS5_BI_ROWID_LE|FTS5_BI_ROWID_GE) ){
+    pInfo->estimatedCost = bHasMatch ? 750.0 : 750000.0;
+  }else{
+    pInfo->estimatedCost = bHasMatch ? 1000.0 : 1000000.0;
+  }
+
+  /* Assign argvIndex values to each constraint in use. */
+  iNext = 1;
+  for(i=0; i<(int)ArraySize(aConstraint); i++){
+    struct Constraint *pC = &aConstraint[i];
+    if( pC->iConsIndex>=0 ){
+      pInfo->aConstraintUsage[pC->iConsIndex].argvIndex = iNext++;
+      pInfo->aConstraintUsage[pC->iConsIndex].omit = (unsigned char)pC->omit;
+    }
+  }
+
+  pInfo->idxNum = idxFlags;
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of xOpen method.
+*/
+static int fts5OpenMethod(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCsr){
+  Fts5Table *pTab = (Fts5Table*)pVTab;
+  Fts5Config *pConfig = pTab->pConfig;
+  Fts5Cursor *pCsr;               /* New cursor object */
+  int nByte;                      /* Bytes of space to allocate */
+  int rc = SQLITE_OK;             /* Return code */
+
+  nByte = sizeof(Fts5Cursor) + pConfig->nCol * sizeof(int);
+  pCsr = (Fts5Cursor*)sqlite3_malloc(nByte);
+  if( pCsr ){
+    Fts5Global *pGlobal = pTab->pGlobal;
+    memset(pCsr, 0, nByte);
+    pCsr->aColumnSize = (int*)&pCsr[1];
+    pCsr->pNext = pGlobal->pCsr;
+    pGlobal->pCsr = pCsr;
+    pCsr->iCsrId = ++pGlobal->iNextId;
+  }else{
+    rc = SQLITE_NOMEM;
+  }
+  *ppCsr = (sqlite3_vtab_cursor*)pCsr;
+  return rc;
+}
+
+static int fts5StmtType(Fts5Cursor *pCsr){
+  if( pCsr->ePlan==FTS5_PLAN_SCAN ){
+    return (pCsr->bDesc) ? FTS5_STMT_SCAN_DESC : FTS5_STMT_SCAN_ASC;
+  }
+  return FTS5_STMT_LOOKUP;
+}
+
+/*
+** This function is called after the cursor passed as the only argument
+** is moved to point at a different row. It clears all cached data 
+** specific to the previous row stored by the cursor object.
+*/
+static void fts5CsrNewrow(Fts5Cursor *pCsr){
+  CsrFlagSet(pCsr, 
+      FTS5CSR_REQUIRE_CONTENT 
+    | FTS5CSR_REQUIRE_DOCSIZE 
+    | FTS5CSR_REQUIRE_INST 
+  );
+}
+
+static void fts5FreeCursorComponents(Fts5Cursor *pCsr){
+  Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+  Fts5Auxdata *pData;
+  Fts5Auxdata *pNext;
+
+  sqlite3_free(pCsr->aInstIter);
+  sqlite3_free(pCsr->aInst);
+  if( pCsr->pStmt ){
+    int eStmt = fts5StmtType(pCsr);
+    sqlite3Fts5StorageStmtRelease(pTab->pStorage, eStmt, pCsr->pStmt);
+  }
+  if( pCsr->pSorter ){
+    Fts5Sorter *pSorter = pCsr->pSorter;
+    sqlite3_finalize(pSorter->pStmt);
+    sqlite3_free(pSorter);
+  }
+
+  if( pCsr->ePlan!=FTS5_PLAN_SOURCE ){
+    sqlite3Fts5ExprFree(pCsr->pExpr);
+  }
+
+  for(pData=pCsr->pAuxdata; pData; pData=pNext){
+    pNext = pData->pNext;
+    if( pData->xDelete ) pData->xDelete(pData->pPtr);
+    sqlite3_free(pData);
+  }
+
+  sqlite3_finalize(pCsr->pRankArgStmt);
+  sqlite3_free(pCsr->apRankArg);
+
+  if( CsrFlagTest(pCsr, FTS5CSR_FREE_ZRANK) ){
+    sqlite3_free(pCsr->zRank);
+    sqlite3_free(pCsr->zRankArgs);
+  }
+
+  memset(&pCsr->ePlan, 0, sizeof(Fts5Cursor) - ((u8*)&pCsr->ePlan - (u8*)pCsr));
+}
+
+
+/*
+** Close the cursor.  For additional information see the documentation
+** on the xClose method of the virtual table interface.
+*/
+static int fts5CloseMethod(sqlite3_vtab_cursor *pCursor){
+  if( pCursor ){
+    Fts5Table *pTab = (Fts5Table*)(pCursor->pVtab);
+    Fts5Cursor *pCsr = (Fts5Cursor*)pCursor;
+    Fts5Cursor **pp;
+
+    fts5FreeCursorComponents(pCsr);
+    /* Remove the cursor from the Fts5Global.pCsr list */
+    for(pp=&pTab->pGlobal->pCsr; (*pp)!=pCsr; pp=&(*pp)->pNext);
+    *pp = pCsr->pNext;
+
+    sqlite3_free(pCsr);
+  }
+  return SQLITE_OK;
+}
+
+static int fts5SorterNext(Fts5Cursor *pCsr){
+  Fts5Sorter *pSorter = pCsr->pSorter;
+  int rc;
+
+  rc = sqlite3_step(pSorter->pStmt);
+  if( rc==SQLITE_DONE ){
+    rc = SQLITE_OK;
+    CsrFlagSet(pCsr, FTS5CSR_EOF);
+  }else if( rc==SQLITE_ROW ){
+    const u8 *a;
+    const u8 *aBlob;
+    int nBlob;
+    int i;
+    int iOff = 0;
+    rc = SQLITE_OK;
+
+    pSorter->iRowid = sqlite3_column_int64(pSorter->pStmt, 0);
+    nBlob = sqlite3_column_bytes(pSorter->pStmt, 1);
+    aBlob = a = sqlite3_column_blob(pSorter->pStmt, 1);
+
+    for(i=0; i<(pSorter->nIdx-1); i++){
+      int iVal;
+      a += fts5GetVarint32(a, iVal);
+      iOff += iVal;
+      pSorter->aIdx[i] = iOff;
+    }
+    pSorter->aIdx[i] = &aBlob[nBlob] - a;
+
+    pSorter->aPoslist = a;
+    fts5CsrNewrow(pCsr);
+  }
+
+  return rc;
+}
+
+
+/*
+** Set the FTS5CSR_REQUIRE_RESEEK flag on all FTS5_PLAN_MATCH cursors 
+** open on table pTab.
+*/
+static void fts5TripCursors(Fts5Table *pTab){
+  Fts5Cursor *pCsr;
+  for(pCsr=pTab->pGlobal->pCsr; pCsr; pCsr=pCsr->pNext){
+    if( pCsr->ePlan==FTS5_PLAN_MATCH
+     && pCsr->base.pVtab==(sqlite3_vtab*)pTab 
+    ){
+      CsrFlagSet(pCsr, FTS5CSR_REQUIRE_RESEEK);
+    }
+  }
+}
+
+/*
+** If the REQUIRE_RESEEK flag is set on the cursor passed as the first
+** argument, close and reopen all Fts5IndexIter iterators that the cursor 
+** is using. Then attempt to move the cursor to a rowid equal to or laster
+** (in the cursors sort order - ASC or DESC) than the current rowid. 
+**
+** If the new rowid is not equal to the old, set output parameter *pbSkip
+** to 1 before returning. Otherwise, leave it unchanged.
+**
+** Return SQLITE_OK if successful or if no reseek was required, or an 
+** error code if an error occurred.
+*/
+static int fts5CursorReseek(Fts5Cursor *pCsr, int *pbSkip){
+  int rc = SQLITE_OK;
+  assert( *pbSkip==0 );
+  if( CsrFlagTest(pCsr, FTS5CSR_REQUIRE_RESEEK) ){
+    Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+    int bDesc = pCsr->bDesc;
+    i64 iRowid = sqlite3Fts5ExprRowid(pCsr->pExpr);
+
+    rc = sqlite3Fts5ExprFirst(pCsr->pExpr, pTab->pIndex, iRowid, bDesc);
+    if( rc==SQLITE_OK && iRowid!=sqlite3Fts5ExprRowid(pCsr->pExpr) ){
+      *pbSkip = 1;
+    }
+
+    CsrFlagClear(pCsr, FTS5CSR_REQUIRE_RESEEK);
+    fts5CsrNewrow(pCsr);
+    if( sqlite3Fts5ExprEof(pCsr->pExpr) ){
+      CsrFlagSet(pCsr, FTS5CSR_EOF);
+    }
+  }
+  return rc;
+}
+
+
+/*
+** Advance the cursor to the next row in the table that matches the 
+** search criteria.
+**
+** Return SQLITE_OK if nothing goes wrong.  SQLITE_OK is returned
+** even if we reach end-of-file.  The fts5EofMethod() will be called
+** subsequently to determine whether or not an EOF was hit.
+*/
+static int fts5NextMethod(sqlite3_vtab_cursor *pCursor){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCursor;
+  int rc = SQLITE_OK;
+
+  assert( (pCsr->ePlan<3)==
+          (pCsr->ePlan==FTS5_PLAN_MATCH || pCsr->ePlan==FTS5_PLAN_SOURCE) 
+  );
+
+  if( pCsr->ePlan<3 ){
+    int bSkip = 0;
+    if( (rc = fts5CursorReseek(pCsr, &bSkip)) || bSkip ) return rc;
+    rc = sqlite3Fts5ExprNext(pCsr->pExpr, pCsr->iLastRowid);
+    if( sqlite3Fts5ExprEof(pCsr->pExpr) ){
+      CsrFlagSet(pCsr, FTS5CSR_EOF);
+    }
+    fts5CsrNewrow(pCsr);
+  }else{
+    switch( pCsr->ePlan ){
+      case FTS5_PLAN_SPECIAL: {
+        CsrFlagSet(pCsr, FTS5CSR_EOF);
+        break;
+      }
+  
+      case FTS5_PLAN_SORTED_MATCH: {
+        rc = fts5SorterNext(pCsr);
+        break;
+      }
+  
+      default:
+        rc = sqlite3_step(pCsr->pStmt);
+        if( rc!=SQLITE_ROW ){
+          CsrFlagSet(pCsr, FTS5CSR_EOF);
+          rc = sqlite3_reset(pCsr->pStmt);
+        }else{
+          rc = SQLITE_OK;
+        }
+        break;
+    }
+  }
+  
+  return rc;
+}
+
+
+static sqlite3_stmt *fts5PrepareStatement(
+  int *pRc,
+  Fts5Config *pConfig, 
+  const char *zFmt,
+  ...
+){
+  sqlite3_stmt *pRet = 0;
+  va_list ap;
+  va_start(ap, zFmt);
+
+  if( *pRc==SQLITE_OK ){
+    int rc;
+    char *zSql = sqlite3_vmprintf(zFmt, ap);
+    if( zSql==0 ){
+      rc = SQLITE_NOMEM; 
+    }else{
+      rc = sqlite3_prepare_v2(pConfig->db, zSql, -1, &pRet, 0);
+      if( rc!=SQLITE_OK ){
+        *pConfig->pzErrmsg = sqlite3_mprintf("%s", sqlite3_errmsg(pConfig->db));
+      }
+      sqlite3_free(zSql);
+    }
+    *pRc = rc;
+  }
+
+  va_end(ap);
+  return pRet;
+} 
+
+static int fts5CursorFirstSorted(Fts5Table *pTab, Fts5Cursor *pCsr, int bDesc){
+  Fts5Config *pConfig = pTab->pConfig;
+  Fts5Sorter *pSorter;
+  int nPhrase;
+  int nByte;
+  int rc = SQLITE_OK;
+  const char *zRank = pCsr->zRank;
+  const char *zRankArgs = pCsr->zRankArgs;
+  
+  nPhrase = sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
+  nByte = sizeof(Fts5Sorter) + sizeof(int) * (nPhrase-1);
+  pSorter = (Fts5Sorter*)sqlite3_malloc(nByte);
+  if( pSorter==0 ) return SQLITE_NOMEM;
+  memset(pSorter, 0, nByte);
+  pSorter->nIdx = nPhrase;
+
+  /* TODO: It would be better to have some system for reusing statement
+  ** handles here, rather than preparing a new one for each query. But that
+  ** is not possible as SQLite reference counts the virtual table objects.
+  ** And since the statement required here reads from this very virtual 
+  ** table, saving it creates a circular reference.
+  **
+  ** If SQLite a built-in statement cache, this wouldn't be a problem. */
+  pSorter->pStmt = fts5PrepareStatement(&rc, pConfig,
+      "SELECT rowid, rank FROM %Q.%Q ORDER BY %s(%s%s%s) %s",
+      pConfig->zDb, pConfig->zName, zRank, pConfig->zName,
+      (zRankArgs ? ", " : ""),
+      (zRankArgs ? zRankArgs : ""),
+      bDesc ? "DESC" : "ASC"
+  );
+
+  pCsr->pSorter = pSorter;
+  if( rc==SQLITE_OK ){
+    assert( pTab->pSortCsr==0 );
+    pTab->pSortCsr = pCsr;
+    rc = fts5SorterNext(pCsr);
+    pTab->pSortCsr = 0;
+  }
+
+  if( rc!=SQLITE_OK ){
+    sqlite3_finalize(pSorter->pStmt);
+    sqlite3_free(pSorter);
+    pCsr->pSorter = 0;
+  }
+
+  return rc;
+}
+
+static int fts5CursorFirst(Fts5Table *pTab, Fts5Cursor *pCsr, int bDesc){
+  int rc;
+  Fts5Expr *pExpr = pCsr->pExpr;
+  rc = sqlite3Fts5ExprFirst(pExpr, pTab->pIndex, pCsr->iFirstRowid, bDesc);
+  if( sqlite3Fts5ExprEof(pExpr) ){
+    CsrFlagSet(pCsr, FTS5CSR_EOF);
+  }
+  fts5CsrNewrow(pCsr);
+  return rc;
+}
+
+/*
+** Process a "special" query. A special query is identified as one with a
+** MATCH expression that begins with a '*' character. The remainder of
+** the text passed to the MATCH operator are used as  the special query
+** parameters.
+*/
+static int fts5SpecialMatch(
+  Fts5Table *pTab, 
+  Fts5Cursor *pCsr, 
+  const char *zQuery
+){
+  int rc = SQLITE_OK;             /* Return code */
+  const char *z = zQuery;         /* Special query text */
+  int n;                          /* Number of bytes in text at z */
+
+  while( z[0]==' ' ) z++;
+  for(n=0; z[n] && z[n]!=' '; n++);
+
+  assert( pTab->base.zErrMsg==0 );
+  pCsr->ePlan = FTS5_PLAN_SPECIAL;
+
+  if( 0==sqlite3_strnicmp("reads", z, n) ){
+    pCsr->iSpecial = sqlite3Fts5IndexReads(pTab->pIndex);
+  }
+  else if( 0==sqlite3_strnicmp("id", z, n) ){
+    pCsr->iSpecial = pCsr->iCsrId;
+  }
+  else{
+    /* An unrecognized directive. Return an error message. */
+    pTab->base.zErrMsg = sqlite3_mprintf("unknown special query: %.*s", n, z);
+    rc = SQLITE_ERROR;
+  }
+
+  return rc;
+}
+
+/*
+** Search for an auxiliary function named zName that can be used with table
+** pTab. If one is found, return a pointer to the corresponding Fts5Auxiliary
+** structure. Otherwise, if no such function exists, return NULL.
+*/
+static Fts5Auxiliary *fts5FindAuxiliary(Fts5Table *pTab, const char *zName){
+  Fts5Auxiliary *pAux;
+
+  for(pAux=pTab->pGlobal->pAux; pAux; pAux=pAux->pNext){
+    if( sqlite3_stricmp(zName, pAux->zFunc)==0 ) return pAux;
+  }
+
+  /* No function of the specified name was found. Return 0. */
+  return 0;
+}
+
+
+static int fts5FindRankFunction(Fts5Cursor *pCsr){
+  Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+  Fts5Config *pConfig = pTab->pConfig;
+  int rc = SQLITE_OK;
+  Fts5Auxiliary *pAux = 0;
+  const char *zRank = pCsr->zRank;
+  const char *zRankArgs = pCsr->zRankArgs;
+
+  if( zRankArgs ){
+    char *zSql = sqlite3Fts5Mprintf(&rc, "SELECT %s", zRankArgs);
+    if( zSql ){
+      sqlite3_stmt *pStmt = 0;
+      rc = sqlite3_prepare_v2(pConfig->db, zSql, -1, &pStmt, 0);
+      sqlite3_free(zSql);
+      assert( rc==SQLITE_OK || pCsr->pRankArgStmt==0 );
+      if( rc==SQLITE_OK ){
+        if( SQLITE_ROW==sqlite3_step(pStmt) ){
+          int nByte;
+          pCsr->nRankArg = sqlite3_column_count(pStmt);
+          nByte = sizeof(sqlite3_value*)*pCsr->nRankArg;
+          pCsr->apRankArg = (sqlite3_value**)sqlite3Fts5MallocZero(&rc, nByte);
+          if( rc==SQLITE_OK ){
+            int i;
+            for(i=0; i<pCsr->nRankArg; i++){
+              pCsr->apRankArg[i] = sqlite3_column_value(pStmt, i);
+            }
+          }
+          pCsr->pRankArgStmt = pStmt;
+        }else{
+          rc = sqlite3_finalize(pStmt);
+          assert( rc!=SQLITE_OK );
+        }
+      }
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    pAux = fts5FindAuxiliary(pTab, zRank);
+    if( pAux==0 ){
+      assert( pTab->base.zErrMsg==0 );
+      pTab->base.zErrMsg = sqlite3_mprintf("no such function: %s", zRank);
+      rc = SQLITE_ERROR;
+    }
+  }
+
+  pCsr->pRank = pAux;
+  return rc;
+}
+
+
+static int fts5CursorParseRank(
+  Fts5Config *pConfig,
+  Fts5Cursor *pCsr, 
+  sqlite3_value *pRank
+){
+  int rc = SQLITE_OK;
+  if( pRank ){
+    const char *z = (const char*)sqlite3_value_text(pRank);
+    char *zRank = 0;
+    char *zRankArgs = 0;
+
+    if( z==0 ){
+      if( sqlite3_value_type(pRank)==SQLITE_NULL ) rc = SQLITE_ERROR;
+    }else{
+      rc = sqlite3Fts5ConfigParseRank(z, &zRank, &zRankArgs);
+    }
+    if( rc==SQLITE_OK ){
+      pCsr->zRank = zRank;
+      pCsr->zRankArgs = zRankArgs;
+      CsrFlagSet(pCsr, FTS5CSR_FREE_ZRANK);
+    }else if( rc==SQLITE_ERROR ){
+      pCsr->base.pVtab->zErrMsg = sqlite3_mprintf(
+          "parse error in rank function: %s", z
+      );
+    }
+  }else{
+    if( pConfig->zRank ){
+      pCsr->zRank = (char*)pConfig->zRank;
+      pCsr->zRankArgs = (char*)pConfig->zRankArgs;
+    }else{
+      pCsr->zRank = (char*)FTS5_DEFAULT_RANK;
+      pCsr->zRankArgs = 0;
+    }
+  }
+  return rc;
+}
+
+static i64 fts5GetRowidLimit(sqlite3_value *pVal, i64 iDefault){
+  if( pVal ){
+    int eType = sqlite3_value_numeric_type(pVal);
+    if( eType==SQLITE_INTEGER ){
+      return sqlite3_value_int64(pVal);
+    }
+  }
+  return iDefault;
+}
+
+/*
+** This is the xFilter interface for the virtual table.  See
+** the virtual table xFilter method documentation for additional
+** information.
+** 
+** There are three possible query strategies:
+**
+**   1. Full-text search using a MATCH operator.
+**   2. A by-rowid lookup.
+**   3. A full-table scan.
+*/
+static int fts5FilterMethod(
+  sqlite3_vtab_cursor *pCursor,   /* The cursor used for this query */
+  int idxNum,                     /* Strategy index */
+  const char *idxStr,             /* Unused */
+  int nVal,                       /* Number of elements in apVal */
+  sqlite3_value **apVal           /* Arguments for the indexing scheme */
+){
+  Fts5Table *pTab = (Fts5Table*)(pCursor->pVtab);
+  Fts5Config *pConfig = pTab->pConfig;
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCursor;
+  int rc = SQLITE_OK;             /* Error code */
+  int iVal = 0;                   /* Counter for apVal[] */
+  int bDesc;                      /* True if ORDER BY [rank|rowid] DESC */
+  int bOrderByRank;               /* True if ORDER BY rank */
+  sqlite3_value *pMatch = 0;      /* <tbl> MATCH ? expression (or NULL) */
+  sqlite3_value *pRank = 0;       /* rank MATCH ? expression (or NULL) */
+  sqlite3_value *pRowidEq = 0;    /* rowid = ? expression (or NULL) */
+  sqlite3_value *pRowidLe = 0;    /* rowid <= ? expression (or NULL) */
+  sqlite3_value *pRowidGe = 0;    /* rowid >= ? expression (or NULL) */
+  char **pzErrmsg = pConfig->pzErrmsg;
+
+  if( pCsr->ePlan ){
+    fts5FreeCursorComponents(pCsr);
+    memset(&pCsr->ePlan, 0, sizeof(Fts5Cursor) - ((u8*)&pCsr->ePlan-(u8*)pCsr));
+  }
+
+  assert( pCsr->pStmt==0 );
+  assert( pCsr->pExpr==0 );
+  assert( pCsr->csrflags==0 );
+  assert( pCsr->pRank==0 );
+  assert( pCsr->zRank==0 );
+  assert( pCsr->zRankArgs==0 );
+
+  assert( pzErrmsg==0 || pzErrmsg==&pTab->base.zErrMsg );
+  pConfig->pzErrmsg = &pTab->base.zErrMsg;
+
+  /* Decode the arguments passed through to this function.
+  **
+  ** Note: The following set of if(...) statements must be in the same
+  ** order as the corresponding entries in the struct at the top of
+  ** fts5BestIndexMethod().  */
+  if( BitFlagTest(idxNum, FTS5_BI_MATCH) ) pMatch = apVal[iVal++];
+  if( BitFlagTest(idxNum, FTS5_BI_RANK) ) pRank = apVal[iVal++];
+  if( BitFlagTest(idxNum, FTS5_BI_ROWID_EQ) ) pRowidEq = apVal[iVal++];
+  if( BitFlagTest(idxNum, FTS5_BI_ROWID_LE) ) pRowidLe = apVal[iVal++];
+  if( BitFlagTest(idxNum, FTS5_BI_ROWID_GE) ) pRowidGe = apVal[iVal++];
+  assert( iVal==nVal );
+  bOrderByRank = ((idxNum & FTS5_BI_ORDER_RANK) ? 1 : 0);
+  pCsr->bDesc = bDesc = ((idxNum & FTS5_BI_ORDER_DESC) ? 1 : 0);
+
+  /* Set the cursor upper and lower rowid limits. Only some strategies 
+  ** actually use them. This is ok, as the xBestIndex() method leaves the
+  ** sqlite3_index_constraint.omit flag clear for range constraints
+  ** on the rowid field.  */
+  if( pRowidEq ){
+    pRowidLe = pRowidGe = pRowidEq;
+  }
+  if( bDesc ){
+    pCsr->iFirstRowid = fts5GetRowidLimit(pRowidLe, LARGEST_INT64);
+    pCsr->iLastRowid = fts5GetRowidLimit(pRowidGe, SMALLEST_INT64);
+  }else{
+    pCsr->iLastRowid = fts5GetRowidLimit(pRowidLe, LARGEST_INT64);
+    pCsr->iFirstRowid = fts5GetRowidLimit(pRowidGe, SMALLEST_INT64);
+  }
+
+  if( pTab->pSortCsr ){
+    /* If pSortCsr is non-NULL, then this call is being made as part of 
+    ** processing for a "... MATCH <expr> ORDER BY rank" query (ePlan is
+    ** set to FTS5_PLAN_SORTED_MATCH). pSortCsr is the cursor that will
+    ** return results to the user for this query. The current cursor 
+    ** (pCursor) is used to execute the query issued by function 
+    ** fts5CursorFirstSorted() above.  */
+    assert( pRowidEq==0 && pRowidLe==0 && pRowidGe==0 && pRank==0 );
+    assert( nVal==0 && pMatch==0 && bOrderByRank==0 && bDesc==0 );
+    assert( pCsr->iLastRowid==LARGEST_INT64 );
+    assert( pCsr->iFirstRowid==SMALLEST_INT64 );
+    pCsr->ePlan = FTS5_PLAN_SOURCE;
+    pCsr->pExpr = pTab->pSortCsr->pExpr;
+    rc = fts5CursorFirst(pTab, pCsr, bDesc);
+  }else if( pMatch ){
+    const char *zExpr = (const char*)sqlite3_value_text(apVal[0]);
+    if( zExpr==0 ) zExpr = "";
+
+    rc = fts5CursorParseRank(pConfig, pCsr, pRank);
+    if( rc==SQLITE_OK ){
+      if( zExpr[0]=='*' ){
+        /* The user has issued a query of the form "MATCH '*...'". This
+        ** indicates that the MATCH expression is not a full text query,
+        ** but a request for an internal parameter.  */
+        rc = fts5SpecialMatch(pTab, pCsr, &zExpr[1]);
+      }else{
+        char **pzErr = &pTab->base.zErrMsg;
+        rc = sqlite3Fts5ExprNew(pConfig, zExpr, &pCsr->pExpr, pzErr);
+        if( rc==SQLITE_OK ){
+          if( bOrderByRank ){
+            pCsr->ePlan = FTS5_PLAN_SORTED_MATCH;
+            rc = fts5CursorFirstSorted(pTab, pCsr, bDesc);
+          }else{
+            pCsr->ePlan = FTS5_PLAN_MATCH;
+            rc = fts5CursorFirst(pTab, pCsr, bDesc);
+          }
+        }
+      }
+    }
+  }else if( pConfig->zContent==0 ){
+    *pConfig->pzErrmsg = sqlite3_mprintf(
+        "%s: table does not support scanning", pConfig->zName
+    );
+    rc = SQLITE_ERROR;
+  }else{
+    /* This is either a full-table scan (ePlan==FTS5_PLAN_SCAN) or a lookup
+    ** by rowid (ePlan==FTS5_PLAN_ROWID).  */
+    pCsr->ePlan = (pRowidEq ? FTS5_PLAN_ROWID : FTS5_PLAN_SCAN);
+    rc = sqlite3Fts5StorageStmt(
+        pTab->pStorage, fts5StmtType(pCsr), &pCsr->pStmt, &pTab->base.zErrMsg
+    );
+    if( rc==SQLITE_OK ){
+      if( pCsr->ePlan==FTS5_PLAN_ROWID ){
+        sqlite3_bind_value(pCsr->pStmt, 1, apVal[0]);
+      }else{
+        sqlite3_bind_int64(pCsr->pStmt, 1, pCsr->iFirstRowid);
+        sqlite3_bind_int64(pCsr->pStmt, 2, pCsr->iLastRowid);
+      }
+      rc = fts5NextMethod(pCursor);
+    }
+  }
+
+  pConfig->pzErrmsg = pzErrmsg;
+  return rc;
+}
+
+/* 
+** This is the xEof method of the virtual table. SQLite calls this 
+** routine to find out if it has reached the end of a result set.
+*/
+static int fts5EofMethod(sqlite3_vtab_cursor *pCursor){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCursor;
+  return (CsrFlagTest(pCsr, FTS5CSR_EOF) ? 1 : 0);
+}
+
+/*
+** Return the rowid that the cursor currently points to.
+*/
+static i64 fts5CursorRowid(Fts5Cursor *pCsr){
+  assert( pCsr->ePlan==FTS5_PLAN_MATCH 
+       || pCsr->ePlan==FTS5_PLAN_SORTED_MATCH 
+       || pCsr->ePlan==FTS5_PLAN_SOURCE 
+  );
+  if( pCsr->pSorter ){
+    return pCsr->pSorter->iRowid;
+  }else{
+    return sqlite3Fts5ExprRowid(pCsr->pExpr);
+  }
+}
+
+/* 
+** This is the xRowid method. The SQLite core calls this routine to
+** retrieve the rowid for the current row of the result set. fts5
+** exposes %_content.rowid as the rowid for the virtual table. The
+** rowid should be written to *pRowid.
+*/
+static int fts5RowidMethod(sqlite3_vtab_cursor *pCursor, sqlite_int64 *pRowid){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCursor;
+  int ePlan = pCsr->ePlan;
+  
+  assert( CsrFlagTest(pCsr, FTS5CSR_EOF)==0 );
+  switch( ePlan ){
+    case FTS5_PLAN_SPECIAL:
+      *pRowid = 0;
+      break;
+
+    case FTS5_PLAN_SOURCE:
+    case FTS5_PLAN_MATCH:
+    case FTS5_PLAN_SORTED_MATCH:
+      *pRowid = fts5CursorRowid(pCsr);
+      break;
+
+    default:
+      *pRowid = sqlite3_column_int64(pCsr->pStmt, 0);
+      break;
+  }
+
+  return SQLITE_OK;
+}
+
+/*
+** If the cursor requires seeking (bSeekRequired flag is set), seek it.
+** Return SQLITE_OK if no error occurs, or an SQLite error code otherwise.
+**
+** If argument bErrormsg is true and an error occurs, an error message may
+** be left in sqlite3_vtab.zErrMsg.
+*/
+static int fts5SeekCursor(Fts5Cursor *pCsr, int bErrormsg){
+  int rc = SQLITE_OK;
+
+  /* If the cursor does not yet have a statement handle, obtain one now. */ 
+  if( pCsr->pStmt==0 ){
+    Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+    int eStmt = fts5StmtType(pCsr);
+    rc = sqlite3Fts5StorageStmt(
+        pTab->pStorage, eStmt, &pCsr->pStmt, (bErrormsg?&pTab->base.zErrMsg:0)
+    );
+    assert( rc!=SQLITE_OK || pTab->base.zErrMsg==0 );
+    assert( CsrFlagTest(pCsr, FTS5CSR_REQUIRE_CONTENT) );
+  }
+
+  if( rc==SQLITE_OK && CsrFlagTest(pCsr, FTS5CSR_REQUIRE_CONTENT) ){
+    assert( pCsr->pExpr );
+    sqlite3_reset(pCsr->pStmt);
+    sqlite3_bind_int64(pCsr->pStmt, 1, fts5CursorRowid(pCsr));
+    rc = sqlite3_step(pCsr->pStmt);
+    if( rc==SQLITE_ROW ){
+      rc = SQLITE_OK;
+      CsrFlagClear(pCsr, FTS5CSR_REQUIRE_CONTENT);
+    }else{
+      rc = sqlite3_reset(pCsr->pStmt);
+      if( rc==SQLITE_OK ){
+        rc = FTS5_CORRUPT;
+      }
+    }
+  }
+  return rc;
+}
+
+static void fts5SetVtabError(Fts5Table *p, const char *zFormat, ...){
+  va_list ap;                     /* ... printf arguments */
+  va_start(ap, zFormat);
+  assert( p->base.zErrMsg==0 );
+  p->base.zErrMsg = sqlite3_vmprintf(zFormat, ap);
+  va_end(ap);
+}
+
+/*
+** This function is called to handle an FTS INSERT command. In other words,
+** an INSERT statement of the form:
+**
+**     INSERT INTO fts(fts) VALUES($pCmd)
+**     INSERT INTO fts(fts, rank) VALUES($pCmd, $pVal)
+**
+** Argument pVal is the value assigned to column "fts" by the INSERT 
+** statement. This function returns SQLITE_OK if successful, or an SQLite
+** error code if an error occurs.
+**
+** The commands implemented by this function are documented in the "Special
+** INSERT Directives" section of the documentation. It should be updated if
+** more commands are added to this function.
+*/
+static int fts5SpecialInsert(
+  Fts5Table *pTab,                /* Fts5 table object */
+  const char *zCmd,               /* Text inserted into table-name column */
+  sqlite3_value *pVal             /* Value inserted into rank column */
+){
+  Fts5Config *pConfig = pTab->pConfig;
+  int rc = SQLITE_OK;
+  int bError = 0;
+
+  if( 0==sqlite3_stricmp("delete-all", zCmd) ){
+    if( pConfig->eContent==FTS5_CONTENT_NORMAL ){
+      fts5SetVtabError(pTab, 
+          "'delete-all' may only be used with a "
+          "contentless or external content fts5 table"
+      );
+      rc = SQLITE_ERROR;
+    }else{
+      rc = sqlite3Fts5StorageDeleteAll(pTab->pStorage);
+    }
+  }else if( 0==sqlite3_stricmp("rebuild", zCmd) ){
+    if( pConfig->eContent==FTS5_CONTENT_NONE ){
+      fts5SetVtabError(pTab, 
+          "'rebuild' may not be used with a contentless fts5 table"
+      );
+      rc = SQLITE_ERROR;
+    }else{
+      rc = sqlite3Fts5StorageRebuild(pTab->pStorage);
+    }
+  }else if( 0==sqlite3_stricmp("optimize", zCmd) ){
+    rc = sqlite3Fts5StorageOptimize(pTab->pStorage);
+  }else if( 0==sqlite3_stricmp("merge", zCmd) ){
+    int nMerge = sqlite3_value_int(pVal);
+    rc = sqlite3Fts5StorageMerge(pTab->pStorage, nMerge);
+  }else if( 0==sqlite3_stricmp("integrity-check", zCmd) ){
+    rc = sqlite3Fts5StorageIntegrity(pTab->pStorage);
+#ifdef SQLITE_DEBUG
+  }else if( 0==sqlite3_stricmp("prefix-index", zCmd) ){
+    pConfig->bPrefixIndex = sqlite3_value_int(pVal);
+#endif
+  }else{
+    rc = sqlite3Fts5IndexLoadConfig(pTab->pIndex);
+    if( rc==SQLITE_OK ){
+      rc = sqlite3Fts5ConfigSetValue(pTab->pConfig, zCmd, pVal, &bError);
+    }
+    if( rc==SQLITE_OK ){
+      if( bError ){
+        rc = SQLITE_ERROR;
+      }else{
+        rc = sqlite3Fts5StorageConfigValue(pTab->pStorage, zCmd, pVal, 0);
+      }
+    }
+  }
+  return rc;
+}
+
+static int fts5SpecialDelete(
+  Fts5Table *pTab, 
+  sqlite3_value **apVal, 
+  sqlite3_int64 *piRowid
+){
+  int rc = SQLITE_OK;
+  int eType1 = sqlite3_value_type(apVal[1]);
+  if( eType1==SQLITE_INTEGER ){
+    sqlite3_int64 iDel = sqlite3_value_int64(apVal[1]);
+    rc = sqlite3Fts5StorageSpecialDelete(pTab->pStorage, iDel, &apVal[2]);
+  }
+  return rc;
+}
+
+static void fts5StorageInsert(
+  int *pRc, 
+  Fts5Table *pTab, 
+  sqlite3_value **apVal, 
+  i64 *piRowid
+){
+  int rc = *pRc;
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5StorageContentInsert(pTab->pStorage, apVal, piRowid);
+  }
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5StorageIndexInsert(pTab->pStorage, apVal, *piRowid);
+  }
+  *pRc = rc;
+}
+
+/* 
+** This function is the implementation of the xUpdate callback used by 
+** FTS3 virtual tables. It is invoked by SQLite each time a row is to be
+** inserted, updated or deleted.
+**
+** A delete specifies a single argument - the rowid of the row to remove.
+** 
+** Update and insert operations pass:
+**
+**   1. The "old" rowid, or NULL.
+**   2. The "new" rowid.
+**   3. Values for each of the nCol matchable columns.
+**   4. Values for the two hidden columns (<tablename> and "rank").
+*/
+static int fts5UpdateMethod(
+  sqlite3_vtab *pVtab,            /* Virtual table handle */
+  int nArg,                       /* Size of argument array */
+  sqlite3_value **apVal,          /* Array of arguments */
+  sqlite_int64 *pRowid            /* OUT: The affected (or effected) rowid */
+){
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  Fts5Config *pConfig = pTab->pConfig;
+  int eType0;                     /* value_type() of apVal[0] */
+  int rc = SQLITE_OK;             /* Return code */
+
+  /* A transaction must be open when this is called. */
+  assert( pTab->ts.eState==1 );
+
+  assert( pVtab->zErrMsg==0 );
+  assert( nArg==1 || nArg==(2+pConfig->nCol+2) );
+  assert( nArg==1 
+      || sqlite3_value_type(apVal[1])==SQLITE_INTEGER 
+      || sqlite3_value_type(apVal[1])==SQLITE_NULL 
+  );
+  assert( pTab->pConfig->pzErrmsg==0 );
+  pTab->pConfig->pzErrmsg = &pTab->base.zErrMsg;
+
+  /* Put any active cursors into REQUIRE_SEEK state. */
+  fts5TripCursors(pTab);
+
+  eType0 = sqlite3_value_type(apVal[0]);
+  if( eType0==SQLITE_NULL 
+   && sqlite3_value_type(apVal[2+pConfig->nCol])!=SQLITE_NULL 
+  ){
+    /* A "special" INSERT op. These are handled separately. */
+    const char *z = (const char*)sqlite3_value_text(apVal[2+pConfig->nCol]);
+    if( pConfig->eContent!=FTS5_CONTENT_NORMAL 
+      && 0==sqlite3_stricmp("delete", z) 
+    ){
+      rc = fts5SpecialDelete(pTab, apVal, pRowid);
+    }else{
+      rc = fts5SpecialInsert(pTab, z, apVal[2 + pConfig->nCol + 1]);
+    }
+  }else{
+    /* A regular INSERT, UPDATE or DELETE statement. The trick here is that
+    ** any conflict on the rowid value must be detected before any 
+    ** modifications are made to the database file. There are 4 cases:
+    **
+    **   1) DELETE
+    **   2) UPDATE (rowid not modified)
+    **   3) UPDATE (rowid modified)
+    **   4) INSERT
+    **
+    ** Cases 3 and 4 may violate the rowid constraint.
+    */
+    int eConflict = SQLITE_ABORT;
+    if( pConfig->eContent==FTS5_CONTENT_NORMAL ){
+      eConflict = sqlite3_vtab_on_conflict(pConfig->db);
+    }
+
+    assert( eType0==SQLITE_INTEGER || eType0==SQLITE_NULL );
+    assert( nArg!=1 || eType0==SQLITE_INTEGER );
+
+    /* Filter out attempts to run UPDATE or DELETE on contentless tables.
+    ** This is not suported.  */
+    if( eType0==SQLITE_INTEGER && fts5IsContentless(pTab) ){
+      pTab->base.zErrMsg = sqlite3_mprintf(
+          "cannot %s contentless fts5 table: %s", 
+          (nArg>1 ? "UPDATE" : "DELETE from"), pConfig->zName
+      );
+      rc = SQLITE_ERROR;
+    }
+
+    /* Case 1: DELETE */
+    else if( nArg==1 ){
+      i64 iDel = sqlite3_value_int64(apVal[0]);  /* Rowid to delete */
+      rc = sqlite3Fts5StorageDelete(pTab->pStorage, iDel);
+    }
+
+    /* Case 2: INSERT */
+    else if( eType0!=SQLITE_INTEGER ){     
+      /* If this is a REPLACE, first remove the current entry (if any) */
+      if( eConflict==SQLITE_REPLACE 
+       && sqlite3_value_type(apVal[1])==SQLITE_INTEGER 
+      ){
+        i64 iNew = sqlite3_value_int64(apVal[1]);  /* Rowid to delete */
+        rc = sqlite3Fts5StorageDelete(pTab->pStorage, iNew);
+      }
+      fts5StorageInsert(&rc, pTab, apVal, pRowid);
+    }
+
+    /* Case 2: UPDATE */
+    else{
+      i64 iOld = sqlite3_value_int64(apVal[0]);  /* Old rowid */
+      i64 iNew = sqlite3_value_int64(apVal[1]);  /* New rowid */
+      if( iOld!=iNew ){
+        if( eConflict==SQLITE_REPLACE ){
+          rc = sqlite3Fts5StorageDelete(pTab->pStorage, iOld);
+          if( rc==SQLITE_OK ){
+            rc = sqlite3Fts5StorageDelete(pTab->pStorage, iNew);
+          }
+          fts5StorageInsert(&rc, pTab, apVal, pRowid);
+        }else{
+          rc = sqlite3Fts5StorageContentInsert(pTab->pStorage, apVal, pRowid);
+          if( rc==SQLITE_OK ){
+            rc = sqlite3Fts5StorageDelete(pTab->pStorage, iOld);
+          }
+          if( rc==SQLITE_OK ){
+            rc = sqlite3Fts5StorageIndexInsert(pTab->pStorage, apVal, *pRowid);
+          }
+        }
+      }else{
+        rc = sqlite3Fts5StorageDelete(pTab->pStorage, iOld);
+        fts5StorageInsert(&rc, pTab, apVal, pRowid);
+      }
+    }
+  }
+
+  pTab->pConfig->pzErrmsg = 0;
+  return rc;
+}
+
+/*
+** Implementation of xSync() method. 
+*/
+static int fts5SyncMethod(sqlite3_vtab *pVtab){
+  int rc;
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  fts5CheckTransactionState(pTab, FTS5_SYNC, 0);
+  pTab->pConfig->pzErrmsg = &pTab->base.zErrMsg;
+  fts5TripCursors(pTab);
+  rc = sqlite3Fts5StorageSync(pTab->pStorage, 1);
+  pTab->pConfig->pzErrmsg = 0;
+  return rc;
+}
+
+/*
+** Implementation of xBegin() method. 
+*/
+static int fts5BeginMethod(sqlite3_vtab *pVtab){
+  fts5CheckTransactionState((Fts5Table*)pVtab, FTS5_BEGIN, 0);
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of xCommit() method. This is a no-op. The contents of
+** the pending-terms hash-table have already been flushed into the database
+** by fts5SyncMethod().
+*/
+static int fts5CommitMethod(sqlite3_vtab *pVtab){
+  fts5CheckTransactionState((Fts5Table*)pVtab, FTS5_COMMIT, 0);
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of xRollback(). Discard the contents of the pending-terms
+** hash-table. Any changes made to the database are reverted by SQLite.
+*/
+static int fts5RollbackMethod(sqlite3_vtab *pVtab){
+  int rc;
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  fts5CheckTransactionState(pTab, FTS5_ROLLBACK, 0);
+  rc = sqlite3Fts5StorageRollback(pTab->pStorage);
+  return rc;
+}
+
+static void *fts5ApiUserData(Fts5Context *pCtx){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  return pCsr->pAux->pUserData;
+}
+
+static int fts5ApiColumnCount(Fts5Context *pCtx){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  return ((Fts5Table*)(pCsr->base.pVtab))->pConfig->nCol;
+}
+
+static int fts5ApiColumnTotalSize(
+  Fts5Context *pCtx, 
+  int iCol, 
+  sqlite3_int64 *pnToken
+){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+  return sqlite3Fts5StorageSize(pTab->pStorage, iCol, pnToken);
+}
+
+static int fts5ApiRowCount(Fts5Context *pCtx, i64 *pnRow){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+  return sqlite3Fts5StorageRowCount(pTab->pStorage, pnRow);
+}
+
+static int fts5ApiTokenize(
+  Fts5Context *pCtx, 
+  const char *pText, int nText, 
+  void *pUserData,
+  int (*xToken)(void*, int, const char*, int, int, int)
+){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+  return sqlite3Fts5Tokenize(
+      pTab->pConfig, FTS5_TOKENIZE_AUX, pText, nText, pUserData, xToken
+  );
+}
+
+static int fts5ApiPhraseCount(Fts5Context *pCtx){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  return sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
+}
+
+static int fts5ApiPhraseSize(Fts5Context *pCtx, int iPhrase){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  return sqlite3Fts5ExprPhraseSize(pCsr->pExpr, iPhrase);
+}
+
+static int fts5CsrPoslist(Fts5Cursor *pCsr, int iPhrase, const u8 **pa){
+  int n;
+  if( pCsr->pSorter ){
+    Fts5Sorter *pSorter = pCsr->pSorter;
+    int i1 = (iPhrase==0 ? 0 : pSorter->aIdx[iPhrase-1]);
+    n = pSorter->aIdx[iPhrase] - i1;
+    *pa = &pSorter->aPoslist[i1];
+  }else{
+    n = sqlite3Fts5ExprPoslist(pCsr->pExpr, iPhrase, pa);
+  }
+  return n;
+}
+
+/*
+** Ensure that the Fts5Cursor.nInstCount and aInst[] variables are populated
+** correctly for the current view. Return SQLITE_OK if successful, or an
+** SQLite error code otherwise.
+*/
+static int fts5CacheInstArray(Fts5Cursor *pCsr){
+  int rc = SQLITE_OK;
+  Fts5PoslistReader *aIter;       /* One iterator for each phrase */
+  int nIter;                      /* Number of iterators/phrases */
+  
+  nIter = sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
+  if( pCsr->aInstIter==0 ){
+    int nByte = sizeof(Fts5PoslistReader) * nIter;
+    pCsr->aInstIter = (Fts5PoslistReader*)sqlite3Fts5MallocZero(&rc, nByte);
+  }
+  aIter = pCsr->aInstIter;
+
+  if( aIter ){
+    int nInst = 0;                /* Number instances seen so far */
+    int i;
+
+    /* Initialize all iterators */
+    for(i=0; i<nIter; i++){
+      const u8 *a;
+      int n = fts5CsrPoslist(pCsr, i, &a);
+      sqlite3Fts5PoslistReaderInit(a, n, &aIter[i]);
+    }
+
+    while( 1 ){
+      int *aInst;
+      int iBest = -1;
+      for(i=0; i<nIter; i++){
+        if( (aIter[i].bEof==0) 
+         && (iBest<0 || aIter[i].iPos<aIter[iBest].iPos) 
+        ){
+          iBest = i;
+        }
+      }
+      if( iBest<0 ) break;
+
+      nInst++;
+      if( nInst>=pCsr->nInstAlloc ){
+        pCsr->nInstAlloc = pCsr->nInstAlloc ? pCsr->nInstAlloc*2 : 32;
+        aInst = (int*)sqlite3_realloc(
+            pCsr->aInst, pCsr->nInstAlloc*sizeof(int)*3
+        );
+        if( aInst ){
+          pCsr->aInst = aInst;
+        }else{
+          rc = SQLITE_NOMEM;
+          break;
+        }
+      }
+
+      aInst = &pCsr->aInst[3 * (nInst-1)];
+      aInst[0] = iBest;
+      aInst[1] = FTS5_POS2COLUMN(aIter[iBest].iPos);
+      aInst[2] = FTS5_POS2OFFSET(aIter[iBest].iPos);
+      sqlite3Fts5PoslistReaderNext(&aIter[iBest]);
+    }
+
+    pCsr->nInstCount = nInst;
+    CsrFlagClear(pCsr, FTS5CSR_REQUIRE_INST);
+  }
+  return rc;
+}
+
+static int fts5ApiInstCount(Fts5Context *pCtx, int *pnInst){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  int rc = SQLITE_OK;
+  if( CsrFlagTest(pCsr, FTS5CSR_REQUIRE_INST)==0 
+   || SQLITE_OK==(rc = fts5CacheInstArray(pCsr)) ){
+    *pnInst = pCsr->nInstCount;
+  }
+  return rc;
+}
+
+static int fts5ApiInst(
+  Fts5Context *pCtx, 
+  int iIdx, 
+  int *piPhrase, 
+  int *piCol, 
+  int *piOff
+){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  int rc = SQLITE_OK;
+  if( CsrFlagTest(pCsr, FTS5CSR_REQUIRE_INST)==0 
+   || SQLITE_OK==(rc = fts5CacheInstArray(pCsr)) 
+  ){
+    if( iIdx<0 || iIdx>=pCsr->nInstCount ){
+      rc = SQLITE_RANGE;
+    }else{
+      *piPhrase = pCsr->aInst[iIdx*3];
+      *piCol = pCsr->aInst[iIdx*3 + 1];
+      *piOff = pCsr->aInst[iIdx*3 + 2];
+    }
+  }
+  return rc;
+}
+
+static sqlite3_int64 fts5ApiRowid(Fts5Context *pCtx){
+  return fts5CursorRowid((Fts5Cursor*)pCtx);
+}
+
+static int fts5ApiColumnText(
+  Fts5Context *pCtx, 
+  int iCol, 
+  const char **pz, 
+  int *pn
+){
+  int rc = SQLITE_OK;
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  if( fts5IsContentless((Fts5Table*)(pCsr->base.pVtab)) ){
+    *pz = 0;
+    *pn = 0;
+  }else{
+    rc = fts5SeekCursor(pCsr, 0);
+    if( rc==SQLITE_OK ){
+      *pz = (const char*)sqlite3_column_text(pCsr->pStmt, iCol+1);
+      *pn = sqlite3_column_bytes(pCsr->pStmt, iCol+1);
+    }
+  }
+  return rc;
+}
+
+static int fts5ColumnSizeCb(
+  void *pContext,                 /* Pointer to int */
+  int tflags,
+  const char *pToken,             /* Buffer containing token */
+  int nToken,                     /* Size of token in bytes */
+  int iStart,                     /* Start offset of token */
+  int iEnd                        /* End offset of token */
+){
+  int *pCnt = (int*)pContext;
+  if( (tflags & FTS5_TOKEN_COLOCATED)==0 ){
+    (*pCnt)++;
+  }
+  return SQLITE_OK;
+}
+
+static int fts5ApiColumnSize(Fts5Context *pCtx, int iCol, int *pnToken){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+  Fts5Config *pConfig = pTab->pConfig;
+  int rc = SQLITE_OK;
+
+  if( CsrFlagTest(pCsr, FTS5CSR_REQUIRE_DOCSIZE) ){
+    if( pConfig->bColumnsize ){
+      i64 iRowid = fts5CursorRowid(pCsr);
+      rc = sqlite3Fts5StorageDocsize(pTab->pStorage, iRowid, pCsr->aColumnSize);
+    }else if( pConfig->zContent==0 ){
+      int i;
+      for(i=0; i<pConfig->nCol; i++){
+        if( pConfig->abUnindexed[i]==0 ){
+          pCsr->aColumnSize[i] = -1;
+        }
+      }
+    }else{
+      int i;
+      for(i=0; rc==SQLITE_OK && i<pConfig->nCol; i++){
+        if( pConfig->abUnindexed[i]==0 ){
+          const char *z; int n;
+          void *p = (void*)(&pCsr->aColumnSize[i]);
+          pCsr->aColumnSize[i] = 0;
+          rc = fts5ApiColumnText(pCtx, i, &z, &n);
+          if( rc==SQLITE_OK ){
+            rc = sqlite3Fts5Tokenize(
+                pConfig, FTS5_TOKENIZE_AUX, z, n, p, fts5ColumnSizeCb
+            );
+          }
+        }
+      }
+    }
+    CsrFlagClear(pCsr, FTS5CSR_REQUIRE_DOCSIZE);
+  }
+  if( iCol<0 ){
+    int i;
+    *pnToken = 0;
+    for(i=0; i<pConfig->nCol; i++){
+      *pnToken += pCsr->aColumnSize[i];
+    }
+  }else if( iCol<pConfig->nCol ){
+    *pnToken = pCsr->aColumnSize[iCol];
+  }else{
+    *pnToken = 0;
+    rc = SQLITE_RANGE;
+  }
+  return rc;
+}
+
+/*
+** Implementation of the xSetAuxdata() method.
+*/
+static int fts5ApiSetAuxdata(
+  Fts5Context *pCtx,              /* Fts5 context */
+  void *pPtr,                     /* Pointer to save as auxdata */
+  void(*xDelete)(void*)           /* Destructor for pPtr (or NULL) */
+){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  Fts5Auxdata *pData;
+
+  /* Search through the cursors list of Fts5Auxdata objects for one that
+  ** corresponds to the currently executing auxiliary function.  */
+  for(pData=pCsr->pAuxdata; pData; pData=pData->pNext){
+    if( pData->pAux==pCsr->pAux ) break;
+  }
+
+  if( pData ){
+    if( pData->xDelete ){
+      pData->xDelete(pData->pPtr);
+    }
+  }else{
+    int rc = SQLITE_OK;
+    pData = (Fts5Auxdata*)sqlite3Fts5MallocZero(&rc, sizeof(Fts5Auxdata));
+    if( pData==0 ){
+      if( xDelete ) xDelete(pPtr);
+      return rc;
+    }
+    pData->pAux = pCsr->pAux;
+    pData->pNext = pCsr->pAuxdata;
+    pCsr->pAuxdata = pData;
+  }
+
+  pData->xDelete = xDelete;
+  pData->pPtr = pPtr;
+  return SQLITE_OK;
+}
+
+static void *fts5ApiGetAuxdata(Fts5Context *pCtx, int bClear){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  Fts5Auxdata *pData;
+  void *pRet = 0;
+
+  for(pData=pCsr->pAuxdata; pData; pData=pData->pNext){
+    if( pData->pAux==pCsr->pAux ) break;
+  }
+
+  if( pData ){
+    pRet = pData->pPtr;
+    if( bClear ){
+      pData->pPtr = 0;
+      pData->xDelete = 0;
+    }
+  }
+
+  return pRet;
+}
+
+static void fts5ApiPhraseNext(
+  Fts5Context *pCtx, 
+  Fts5PhraseIter *pIter, 
+  int *piCol, int *piOff
+){
+  if( pIter->a>=pIter->b ){
+    *piCol = -1;
+    *piOff = -1;
+  }else{
+    int iVal;
+    pIter->a += fts5GetVarint32(pIter->a, iVal);
+    if( iVal==1 ){
+      pIter->a += fts5GetVarint32(pIter->a, iVal);
+      *piCol = iVal;
+      *piOff = 0;
+      pIter->a += fts5GetVarint32(pIter->a, iVal);
+    }
+    *piOff += (iVal-2);
+  }
+}
+
+static void fts5ApiPhraseFirst(
+  Fts5Context *pCtx, 
+  int iPhrase, 
+  Fts5PhraseIter *pIter, 
+  int *piCol, int *piOff
+){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  int n = fts5CsrPoslist(pCsr, iPhrase, &pIter->a);
+  pIter->b = &pIter->a[n];
+  *piCol = 0;
+  *piOff = 0;
+  fts5ApiPhraseNext(pCtx, pIter, piCol, piOff);
+}
+
+static int fts5ApiQueryPhrase(Fts5Context*, int, void*, 
+    int(*)(const Fts5ExtensionApi*, Fts5Context*, void*)
+);
+
+static const Fts5ExtensionApi sFts5Api = {
+  2,                            /* iVersion */
+  fts5ApiUserData,
+  fts5ApiColumnCount,
+  fts5ApiRowCount,
+  fts5ApiColumnTotalSize,
+  fts5ApiTokenize,
+  fts5ApiPhraseCount,
+  fts5ApiPhraseSize,
+  fts5ApiInstCount,
+  fts5ApiInst,
+  fts5ApiRowid,
+  fts5ApiColumnText,
+  fts5ApiColumnSize,
+  fts5ApiQueryPhrase,
+  fts5ApiSetAuxdata,
+  fts5ApiGetAuxdata,
+  fts5ApiPhraseFirst,
+  fts5ApiPhraseNext,
+};
+
+
+/*
+** Implementation of API function xQueryPhrase().
+*/
+static int fts5ApiQueryPhrase(
+  Fts5Context *pCtx, 
+  int iPhrase, 
+  void *pUserData,
+  int(*xCallback)(const Fts5ExtensionApi*, Fts5Context*, void*)
+){
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCtx;
+  Fts5Table *pTab = (Fts5Table*)(pCsr->base.pVtab);
+  int rc;
+  Fts5Cursor *pNew = 0;
+
+  rc = fts5OpenMethod(pCsr->base.pVtab, (sqlite3_vtab_cursor**)&pNew);
+  if( rc==SQLITE_OK ){
+    Fts5Config *pConf = pTab->pConfig;
+    pNew->ePlan = FTS5_PLAN_MATCH;
+    pNew->iFirstRowid = SMALLEST_INT64;
+    pNew->iLastRowid = LARGEST_INT64;
+    pNew->base.pVtab = (sqlite3_vtab*)pTab;
+    rc = sqlite3Fts5ExprClonePhrase(pConf, pCsr->pExpr, iPhrase, &pNew->pExpr);
+  }
+
+  if( rc==SQLITE_OK ){
+    for(rc = fts5CursorFirst(pTab, pNew, 0);
+        rc==SQLITE_OK && CsrFlagTest(pNew, FTS5CSR_EOF)==0;
+        rc = fts5NextMethod((sqlite3_vtab_cursor*)pNew)
+    ){
+      rc = xCallback(&sFts5Api, (Fts5Context*)pNew, pUserData);
+      if( rc!=SQLITE_OK ){
+        if( rc==SQLITE_DONE ) rc = SQLITE_OK;
+        break;
+      }
+    }
+  }
+
+  fts5CloseMethod((sqlite3_vtab_cursor*)pNew);
+  return rc;
+}
+
+static void fts5ApiInvoke(
+  Fts5Auxiliary *pAux,
+  Fts5Cursor *pCsr,
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+  assert( pCsr->pAux==0 );
+  pCsr->pAux = pAux;
+  pAux->xFunc(&sFts5Api, (Fts5Context*)pCsr, context, argc, argv);
+  pCsr->pAux = 0;
+}
+
+static Fts5Cursor *fts5CursorFromCsrid(Fts5Global *pGlobal, i64 iCsrId){
+  Fts5Cursor *pCsr;
+  for(pCsr=pGlobal->pCsr; pCsr; pCsr=pCsr->pNext){
+    if( pCsr->iCsrId==iCsrId ) break;
+  }
+  return pCsr;
+}
+
+static void fts5ApiCallback(
+  sqlite3_context *context,
+  int argc,
+  sqlite3_value **argv
+){
+
+  Fts5Auxiliary *pAux;
+  Fts5Cursor *pCsr;
+  i64 iCsrId;
+
+  assert( argc>=1 );
+  pAux = (Fts5Auxiliary*)sqlite3_user_data(context);
+  iCsrId = sqlite3_value_int64(argv[0]);
+
+  pCsr = fts5CursorFromCsrid(pAux->pGlobal, iCsrId);
+  if( pCsr==0 ){
+    char *zErr = sqlite3_mprintf("no such cursor: %lld", iCsrId);
+    sqlite3_result_error(context, zErr, -1);
+    sqlite3_free(zErr);
+  }else{
+    fts5ApiInvoke(pAux, pCsr, context, argc-1, &argv[1]);
+  }
+}
+
+
+/*
+** Given cursor id iId, return a pointer to the corresponding Fts5Index 
+** object. Or NULL If the cursor id does not exist.
+**
+** If successful, set *ppConfig to point to the associated config object 
+** before returning.
+*/
+static Fts5Index *sqlite3Fts5IndexFromCsrid(
+  Fts5Global *pGlobal,            /* FTS5 global context for db handle */
+  i64 iCsrId,                     /* Id of cursor to find */
+  Fts5Config **ppConfig           /* OUT: Configuration object */
+){
+  Fts5Cursor *pCsr;
+  Fts5Table *pTab;
+
+  pCsr = fts5CursorFromCsrid(pGlobal, iCsrId);
+  pTab = (Fts5Table*)pCsr->base.pVtab;
+  *ppConfig = pTab->pConfig;
+
+  return pTab->pIndex;
+}
+
+/*
+** Return a "position-list blob" corresponding to the current position of
+** cursor pCsr via sqlite3_result_blob(). A position-list blob contains
+** the current position-list for each phrase in the query associated with
+** cursor pCsr.
+**
+** A position-list blob begins with (nPhrase-1) varints, where nPhrase is
+** the number of phrases in the query. Following the varints are the
+** concatenated position lists for each phrase, in order.
+**
+** The first varint (if it exists) contains the size of the position list
+** for phrase 0. The second (same disclaimer) contains the size of position
+** list 1. And so on. There is no size field for the final position list,
+** as it can be derived from the total size of the blob.
+*/
+static int fts5PoslistBlob(sqlite3_context *pCtx, Fts5Cursor *pCsr){
+  int i;
+  int rc = SQLITE_OK;
+  int nPhrase = sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
+  Fts5Buffer val;
+
+  memset(&val, 0, sizeof(Fts5Buffer));
+
+  /* Append the varints */
+  for(i=0; i<(nPhrase-1); i++){
+    const u8 *dummy;
+    int nByte = sqlite3Fts5ExprPoslist(pCsr->pExpr, i, &dummy);
+    sqlite3Fts5BufferAppendVarint(&rc, &val, nByte);
+  }
+
+  /* Append the position lists */
+  for(i=0; i<nPhrase; i++){
+    const u8 *pPoslist;
+    int nPoslist;
+    nPoslist = sqlite3Fts5ExprPoslist(pCsr->pExpr, i, &pPoslist);
+    sqlite3Fts5BufferAppendBlob(&rc, &val, nPoslist, pPoslist);
+  }
+
+  sqlite3_result_blob(pCtx, val.p, val.n, sqlite3_free);
+  return rc;
+}
+
+/* 
+** This is the xColumn method, called by SQLite to request a value from
+** the row that the supplied cursor currently points to.
+*/
+static int fts5ColumnMethod(
+  sqlite3_vtab_cursor *pCursor,   /* Cursor to retrieve value from */
+  sqlite3_context *pCtx,          /* Context for sqlite3_result_xxx() calls */
+  int iCol                        /* Index of column to read value from */
+){
+  Fts5Table *pTab = (Fts5Table*)(pCursor->pVtab);
+  Fts5Config *pConfig = pTab->pConfig;
+  Fts5Cursor *pCsr = (Fts5Cursor*)pCursor;
+  int rc = SQLITE_OK;
+  
+  assert( CsrFlagTest(pCsr, FTS5CSR_EOF)==0 );
+
+  if( pCsr->ePlan==FTS5_PLAN_SPECIAL ){
+    if( iCol==pConfig->nCol ){
+      sqlite3_result_int64(pCtx, pCsr->iSpecial);
+    }
+  }else
+
+  if( iCol==pConfig->nCol ){
+    /* User is requesting the value of the special column with the same name
+    ** as the table. Return the cursor integer id number. This value is only
+    ** useful in that it may be passed as the first argument to an FTS5
+    ** auxiliary function.  */
+    sqlite3_result_int64(pCtx, pCsr->iCsrId);
+  }else if( iCol==pConfig->nCol+1 ){
+
+    /* The value of the "rank" column. */
+    if( pCsr->ePlan==FTS5_PLAN_SOURCE ){
+      fts5PoslistBlob(pCtx, pCsr);
+    }else if( 
+        pCsr->ePlan==FTS5_PLAN_MATCH
+     || pCsr->ePlan==FTS5_PLAN_SORTED_MATCH
+    ){
+      if( pCsr->pRank || SQLITE_OK==(rc = fts5FindRankFunction(pCsr)) ){
+        fts5ApiInvoke(pCsr->pRank, pCsr, pCtx, pCsr->nRankArg, pCsr->apRankArg);
+      }
+    }
+  }else if( !fts5IsContentless(pTab) ){
+    rc = fts5SeekCursor(pCsr, 1);
+    if( rc==SQLITE_OK ){
+      sqlite3_result_value(pCtx, sqlite3_column_value(pCsr->pStmt, iCol+1));
+    }
+  }
+  return rc;
+}
+
+
+/*
+** This routine implements the xFindFunction method for the FTS3
+** virtual table.
+*/
+static int fts5FindFunctionMethod(
+  sqlite3_vtab *pVtab,            /* Virtual table handle */
+  int nArg,                       /* Number of SQL function arguments */
+  const char *zName,              /* Name of SQL function */
+  void (**pxFunc)(sqlite3_context*,int,sqlite3_value**), /* OUT: Result */
+  void **ppArg                    /* OUT: User data for *pxFunc */
+){
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  Fts5Auxiliary *pAux;
+
+  pAux = fts5FindAuxiliary(pTab, zName);
+  if( pAux ){
+    *pxFunc = fts5ApiCallback;
+    *ppArg = (void*)pAux;
+    return 1;
+  }
+
+  /* No function of the specified name was found. Return 0. */
+  return 0;
+}
+
+/*
+** Implementation of FTS5 xRename method. Rename an fts5 table.
+*/
+static int fts5RenameMethod(
+  sqlite3_vtab *pVtab,            /* Virtual table handle */
+  const char *zName               /* New name of table */
+){
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  return sqlite3Fts5StorageRename(pTab->pStorage, zName);
+}
+
+/*
+** The xSavepoint() method.
+**
+** Flush the contents of the pending-terms table to disk.
+*/
+static int fts5SavepointMethod(sqlite3_vtab *pVtab, int iSavepoint){
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  fts5CheckTransactionState(pTab, FTS5_SAVEPOINT, iSavepoint);
+  fts5TripCursors(pTab);
+  return sqlite3Fts5StorageSync(pTab->pStorage, 0);
+}
+
+/*
+** The xRelease() method.
+**
+** This is a no-op.
+*/
+static int fts5ReleaseMethod(sqlite3_vtab *pVtab, int iSavepoint){
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  fts5CheckTransactionState(pTab, FTS5_RELEASE, iSavepoint);
+  fts5TripCursors(pTab);
+  return sqlite3Fts5StorageSync(pTab->pStorage, 0);
+}
+
+/*
+** The xRollbackTo() method.
+**
+** Discard the contents of the pending terms table.
+*/
+static int fts5RollbackToMethod(sqlite3_vtab *pVtab, int iSavepoint){
+  Fts5Table *pTab = (Fts5Table*)pVtab;
+  fts5CheckTransactionState(pTab, FTS5_ROLLBACKTO, iSavepoint);
+  fts5TripCursors(pTab);
+  return sqlite3Fts5StorageRollback(pTab->pStorage);
+}
+
+/*
+** Register a new auxiliary function with global context pGlobal.
+*/
+static int fts5CreateAux(
+  fts5_api *pApi,                 /* Global context (one per db handle) */
+  const char *zName,              /* Name of new function */
+  void *pUserData,                /* User data for aux. function */
+  fts5_extension_function xFunc,  /* Aux. function implementation */
+  void(*xDestroy)(void*)          /* Destructor for pUserData */
+){
+  Fts5Global *pGlobal = (Fts5Global*)pApi;
+  int rc = sqlite3_overload_function(pGlobal->db, zName, -1);
+  if( rc==SQLITE_OK ){
+    Fts5Auxiliary *pAux;
+    int nName;                      /* Size of zName in bytes, including \0 */
+    int nByte;                      /* Bytes of space to allocate */
+
+    nName = (int)strlen(zName) + 1;
+    nByte = sizeof(Fts5Auxiliary) + nName;
+    pAux = (Fts5Auxiliary*)sqlite3_malloc(nByte);
+    if( pAux ){
+      memset(pAux, 0, nByte);
+      pAux->zFunc = (char*)&pAux[1];
+      memcpy(pAux->zFunc, zName, nName);
+      pAux->pGlobal = pGlobal;
+      pAux->pUserData = pUserData;
+      pAux->xFunc = xFunc;
+      pAux->xDestroy = xDestroy;
+      pAux->pNext = pGlobal->pAux;
+      pGlobal->pAux = pAux;
+    }else{
+      rc = SQLITE_NOMEM;
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Register a new tokenizer. This is the implementation of the 
+** fts5_api.xCreateTokenizer() method.
+*/
+static int fts5CreateTokenizer(
+  fts5_api *pApi,                 /* Global context (one per db handle) */
+  const char *zName,              /* Name of new function */
+  void *pUserData,                /* User data for aux. function */
+  fts5_tokenizer *pTokenizer,     /* Tokenizer implementation */
+  void(*xDestroy)(void*)          /* Destructor for pUserData */
+){
+  Fts5Global *pGlobal = (Fts5Global*)pApi;
+  Fts5TokenizerModule *pNew;
+  int nName;                      /* Size of zName and its \0 terminator */
+  int nByte;                      /* Bytes of space to allocate */
+  int rc = SQLITE_OK;
+
+  nName = (int)strlen(zName) + 1;
+  nByte = sizeof(Fts5TokenizerModule) + nName;
+  pNew = (Fts5TokenizerModule*)sqlite3_malloc(nByte);
+  if( pNew ){
+    memset(pNew, 0, nByte);
+    pNew->zName = (char*)&pNew[1];
+    memcpy(pNew->zName, zName, nName);
+    pNew->pUserData = pUserData;
+    pNew->x = *pTokenizer;
+    pNew->xDestroy = xDestroy;
+    pNew->pNext = pGlobal->pTok;
+    pGlobal->pTok = pNew;
+    if( pNew->pNext==0 ){
+      pGlobal->pDfltTok = pNew;
+    }
+  }else{
+    rc = SQLITE_NOMEM;
+  }
+
+  return rc;
+}
+
+static Fts5TokenizerModule *fts5LocateTokenizer(
+  Fts5Global *pGlobal, 
+  const char *zName
+){
+  Fts5TokenizerModule *pMod = 0;
+
+  if( zName==0 ){
+    pMod = pGlobal->pDfltTok;
+  }else{
+    for(pMod=pGlobal->pTok; pMod; pMod=pMod->pNext){
+      if( sqlite3_stricmp(zName, pMod->zName)==0 ) break;
+    }
+  }
+
+  return pMod;
+}
+
+/*
+** Find a tokenizer. This is the implementation of the 
+** fts5_api.xFindTokenizer() method.
+*/
+static int fts5FindTokenizer(
+  fts5_api *pApi,                 /* Global context (one per db handle) */
+  const char *zName,              /* Name of new function */
+  void **ppUserData,
+  fts5_tokenizer *pTokenizer      /* Populate this object */
+){
+  int rc = SQLITE_OK;
+  Fts5TokenizerModule *pMod;
+
+  pMod = fts5LocateTokenizer((Fts5Global*)pApi, zName);
+  if( pMod ){
+    *pTokenizer = pMod->x;
+    *ppUserData = pMod->pUserData;
+  }else{
+    memset(pTokenizer, 0, sizeof(fts5_tokenizer));
+    rc = SQLITE_ERROR;
+  }
+
+  return rc;
+}
+
+static int sqlite3Fts5GetTokenizer(
+  Fts5Global *pGlobal, 
+  const char **azArg,
+  int nArg,
+  Fts5Tokenizer **ppTok,
+  fts5_tokenizer **ppTokApi,
+  char **pzErr
+){
+  Fts5TokenizerModule *pMod;
+  int rc = SQLITE_OK;
+
+  pMod = fts5LocateTokenizer(pGlobal, nArg==0 ? 0 : azArg[0]);
+  if( pMod==0 ){
+    assert( nArg>0 );
+    rc = SQLITE_ERROR;
+    *pzErr = sqlite3_mprintf("no such tokenizer: %s", azArg[0]);
+  }else{
+    rc = pMod->x.xCreate(pMod->pUserData, &azArg[1], (nArg?nArg-1:0), ppTok);
+    *ppTokApi = &pMod->x;
+    if( rc!=SQLITE_OK && pzErr ){
+      *pzErr = sqlite3_mprintf("error in tokenizer constructor");
+    }
+  }
+
+  if( rc!=SQLITE_OK ){
+    *ppTokApi = 0;
+    *ppTok = 0;
+  }
+
+  return rc;
+}
+
+static void fts5ModuleDestroy(void *pCtx){
+  Fts5TokenizerModule *pTok, *pNextTok;
+  Fts5Auxiliary *pAux, *pNextAux;
+  Fts5Global *pGlobal = (Fts5Global*)pCtx;
+
+  for(pAux=pGlobal->pAux; pAux; pAux=pNextAux){
+    pNextAux = pAux->pNext;
+    if( pAux->xDestroy ) pAux->xDestroy(pAux->pUserData);
+    sqlite3_free(pAux);
+  }
+
+  for(pTok=pGlobal->pTok; pTok; pTok=pNextTok){
+    pNextTok = pTok->pNext;
+    if( pTok->xDestroy ) pTok->xDestroy(pTok->pUserData);
+    sqlite3_free(pTok);
+  }
+
+  sqlite3_free(pGlobal);
+}
+
+static void fts5Fts5Func(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  Fts5Global *pGlobal = (Fts5Global*)sqlite3_user_data(pCtx);
+  char buf[8];
+  assert( nArg==0 );
+  assert( sizeof(buf)>=sizeof(pGlobal) );
+  memcpy(buf, (void*)&pGlobal, sizeof(pGlobal));
+  sqlite3_result_blob(pCtx, buf, sizeof(pGlobal), SQLITE_TRANSIENT);
+}
+
+/*
+** Implementation of fts5_source_id() function.
+*/
+static void fts5SourceIdFunc(
+  sqlite3_context *pCtx,          /* Function call context */
+  int nArg,                       /* Number of args */
+  sqlite3_value **apVal           /* Function arguments */
+){
+  assert( nArg==0 );
+  sqlite3_result_text(pCtx, "fts5: 2016-01-20 15:27:19 17efb4209f97fb4971656086b138599a91a75ff9", -1, SQLITE_TRANSIENT);
+}
+
+static int fts5Init(sqlite3 *db){
+  static const sqlite3_module fts5Mod = {
+    /* iVersion      */ 2,
+    /* xCreate       */ fts5CreateMethod,
+    /* xConnect      */ fts5ConnectMethod,
+    /* xBestIndex    */ fts5BestIndexMethod,
+    /* xDisconnect   */ fts5DisconnectMethod,
+    /* xDestroy      */ fts5DestroyMethod,
+    /* xOpen         */ fts5OpenMethod,
+    /* xClose        */ fts5CloseMethod,
+    /* xFilter       */ fts5FilterMethod,
+    /* xNext         */ fts5NextMethod,
+    /* xEof          */ fts5EofMethod,
+    /* xColumn       */ fts5ColumnMethod,
+    /* xRowid        */ fts5RowidMethod,
+    /* xUpdate       */ fts5UpdateMethod,
+    /* xBegin        */ fts5BeginMethod,
+    /* xSync         */ fts5SyncMethod,
+    /* xCommit       */ fts5CommitMethod,
+    /* xRollback     */ fts5RollbackMethod,
+    /* xFindFunction */ fts5FindFunctionMethod,
+    /* xRename       */ fts5RenameMethod,
+    /* xSavepoint    */ fts5SavepointMethod,
+    /* xRelease      */ fts5ReleaseMethod,
+    /* xRollbackTo   */ fts5RollbackToMethod,
+  };
+
+  int rc;
+  Fts5Global *pGlobal = 0;
+
+  pGlobal = (Fts5Global*)sqlite3_malloc(sizeof(Fts5Global));
+  if( pGlobal==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    void *p = (void*)pGlobal;
+    memset(pGlobal, 0, sizeof(Fts5Global));
+    pGlobal->db = db;
+    pGlobal->api.iVersion = 2;
+    pGlobal->api.xCreateFunction = fts5CreateAux;
+    pGlobal->api.xCreateTokenizer = fts5CreateTokenizer;
+    pGlobal->api.xFindTokenizer = fts5FindTokenizer;
+    rc = sqlite3_create_module_v2(db, "fts5", &fts5Mod, p, fts5ModuleDestroy);
+    if( rc==SQLITE_OK ) rc = sqlite3Fts5IndexInit(db);
+    if( rc==SQLITE_OK ) rc = sqlite3Fts5ExprInit(pGlobal, db);
+    if( rc==SQLITE_OK ) rc = sqlite3Fts5AuxInit(&pGlobal->api);
+    if( rc==SQLITE_OK ) rc = sqlite3Fts5TokenizerInit(&pGlobal->api);
+    if( rc==SQLITE_OK ) rc = sqlite3Fts5VocabInit(pGlobal, db);
+    if( rc==SQLITE_OK ){
+      rc = sqlite3_create_function(
+          db, "fts5", 0, SQLITE_UTF8, p, fts5Fts5Func, 0, 0
+      );
+    }
+    if( rc==SQLITE_OK ){
+      rc = sqlite3_create_function(
+          db, "fts5_source_id", 0, SQLITE_UTF8, p, fts5SourceIdFunc, 0, 0
+      );
+    }
+  }
+  return rc;
+}
+
+/*
+** The following functions are used to register the module with SQLite. If
+** this module is being built as part of the SQLite core (SQLITE_CORE is
+** defined), then sqlite3_open() will call sqlite3Fts5Init() directly.
+**
+** Or, if this module is being built as a loadable extension, 
+** sqlite3Fts5Init() is omitted and the two standard entry points
+** sqlite3_fts_init() and sqlite3_fts5_init() defined instead.
+*/
+#ifndef SQLITE_CORE
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+SQLITE_API int SQLITE_STDCALL sqlite3_fts_init(
+  sqlite3 *db,
+  char **pzErrMsg,
+  const sqlite3_api_routines *pApi
+){
+  SQLITE_EXTENSION_INIT2(pApi);
+  (void)pzErrMsg;  /* Unused parameter */
+  return fts5Init(db);
+}
+
+#ifdef _WIN32
+__declspec(dllexport)
+#endif
+SQLITE_API int SQLITE_STDCALL sqlite3_fts5_init(
+  sqlite3 *db,
+  char **pzErrMsg,
+  const sqlite3_api_routines *pApi
+){
+  SQLITE_EXTENSION_INIT2(pApi);
+  (void)pzErrMsg;  /* Unused parameter */
+  return fts5Init(db);
+}
+#else
+SQLITE_PRIVATE int sqlite3Fts5Init(sqlite3 *db){
+  return fts5Init(db);
+}
+#endif
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+*/
+
+
+
+/* #include "fts5Int.h" */
+
+struct Fts5Storage {
+  Fts5Config *pConfig;
+  Fts5Index *pIndex;
+  int bTotalsValid;               /* True if nTotalRow/aTotalSize[] are valid */
+  i64 nTotalRow;                  /* Total number of rows in FTS table */
+  i64 *aTotalSize;                /* Total sizes of each column */ 
+  sqlite3_stmt *aStmt[11];
+};
+
+
+#if FTS5_STMT_SCAN_ASC!=0 
+# error "FTS5_STMT_SCAN_ASC mismatch" 
+#endif
+#if FTS5_STMT_SCAN_DESC!=1 
+# error "FTS5_STMT_SCAN_DESC mismatch" 
+#endif
+#if FTS5_STMT_LOOKUP!=2
+# error "FTS5_STMT_LOOKUP mismatch" 
+#endif
+
+#define FTS5_STMT_INSERT_CONTENT  3
+#define FTS5_STMT_REPLACE_CONTENT 4
+#define FTS5_STMT_DELETE_CONTENT  5
+#define FTS5_STMT_REPLACE_DOCSIZE  6
+#define FTS5_STMT_DELETE_DOCSIZE  7
+#define FTS5_STMT_LOOKUP_DOCSIZE  8
+#define FTS5_STMT_REPLACE_CONFIG 9
+#define FTS5_STMT_SCAN 10
+
+/*
+** Prepare the two insert statements - Fts5Storage.pInsertContent and
+** Fts5Storage.pInsertDocsize - if they have not already been prepared.
+** Return SQLITE_OK if successful, or an SQLite error code if an error
+** occurs.
+*/
+static int fts5StorageGetStmt(
+  Fts5Storage *p,                 /* Storage handle */
+  int eStmt,                      /* FTS5_STMT_XXX constant */
+  sqlite3_stmt **ppStmt,          /* OUT: Prepared statement handle */
+  char **pzErrMsg                 /* OUT: Error message (if any) */
+){
+  int rc = SQLITE_OK;
+
+  /* If there is no %_docsize table, there should be no requests for 
+  ** statements to operate on it.  */
+  assert( p->pConfig->bColumnsize || (
+        eStmt!=FTS5_STMT_REPLACE_DOCSIZE 
+     && eStmt!=FTS5_STMT_DELETE_DOCSIZE 
+     && eStmt!=FTS5_STMT_LOOKUP_DOCSIZE 
+  ));
+
+  assert( eStmt>=0 && eStmt<ArraySize(p->aStmt) );
+  if( p->aStmt[eStmt]==0 ){
+    const char *azStmt[] = {
+      "SELECT %s FROM %s T WHERE T.%Q >= ? AND T.%Q <= ? ORDER BY T.%Q ASC",
+      "SELECT %s FROM %s T WHERE T.%Q <= ? AND T.%Q >= ? ORDER BY T.%Q DESC",
+      "SELECT %s FROM %s T WHERE T.%Q=?",               /* LOOKUP  */
+
+      "INSERT INTO %Q.'%q_content' VALUES(%s)",         /* INSERT_CONTENT  */
+      "REPLACE INTO %Q.'%q_content' VALUES(%s)",        /* REPLACE_CONTENT */
+      "DELETE FROM %Q.'%q_content' WHERE id=?",         /* DELETE_CONTENT  */
+      "REPLACE INTO %Q.'%q_docsize' VALUES(?,?)",       /* REPLACE_DOCSIZE  */
+      "DELETE FROM %Q.'%q_docsize' WHERE id=?",         /* DELETE_DOCSIZE  */
+
+      "SELECT sz FROM %Q.'%q_docsize' WHERE id=?",      /* LOOKUP_DOCSIZE  */
+
+      "REPLACE INTO %Q.'%q_config' VALUES(?,?)",        /* REPLACE_CONFIG */
+      "SELECT %s FROM %s AS T",                         /* SCAN */
+    };
+    Fts5Config *pC = p->pConfig;
+    char *zSql = 0;
+
+    switch( eStmt ){
+      case FTS5_STMT_SCAN:
+        zSql = sqlite3_mprintf(azStmt[eStmt], 
+            pC->zContentExprlist, pC->zContent
+        );
+        break;
+
+      case FTS5_STMT_SCAN_ASC:
+      case FTS5_STMT_SCAN_DESC:
+        zSql = sqlite3_mprintf(azStmt[eStmt], pC->zContentExprlist, 
+            pC->zContent, pC->zContentRowid, pC->zContentRowid,
+            pC->zContentRowid
+        );
+        break;
+
+      case FTS5_STMT_LOOKUP:
+        zSql = sqlite3_mprintf(azStmt[eStmt], 
+            pC->zContentExprlist, pC->zContent, pC->zContentRowid
+        );
+        break;
+
+      case FTS5_STMT_INSERT_CONTENT: 
+      case FTS5_STMT_REPLACE_CONTENT: {
+        int nCol = pC->nCol + 1;
+        char *zBind;
+        int i;
+
+        zBind = sqlite3_malloc(1 + nCol*2);
+        if( zBind ){
+          for(i=0; i<nCol; i++){
+            zBind[i*2] = '?';
+            zBind[i*2 + 1] = ',';
+          }
+          zBind[i*2-1] = '\0';
+          zSql = sqlite3_mprintf(azStmt[eStmt], pC->zDb, pC->zName, zBind);
+          sqlite3_free(zBind);
+        }
+        break;
+      }
+
+      default:
+        zSql = sqlite3_mprintf(azStmt[eStmt], pC->zDb, pC->zName);
+        break;
+    }
+
+    if( zSql==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      rc = sqlite3_prepare_v2(pC->db, zSql, -1, &p->aStmt[eStmt], 0);
+      sqlite3_free(zSql);
+      if( rc!=SQLITE_OK && pzErrMsg ){
+        *pzErrMsg = sqlite3_mprintf("%s", sqlite3_errmsg(pC->db));
+      }
+    }
+  }
+
+  *ppStmt = p->aStmt[eStmt];
+  return rc;
+}
+
+
+static int fts5ExecPrintf(
+  sqlite3 *db,
+  char **pzErr,
+  const char *zFormat,
+  ...
+){
+  int rc;
+  va_list ap;                     /* ... printf arguments */
+  char *zSql;
+
+  va_start(ap, zFormat);
+  zSql = sqlite3_vmprintf(zFormat, ap);
+
+  if( zSql==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    rc = sqlite3_exec(db, zSql, 0, 0, pzErr);
+    sqlite3_free(zSql);
+  }
+
+  va_end(ap);
+  return rc;
+}
+
+/*
+** Drop all shadow tables. Return SQLITE_OK if successful or an SQLite error
+** code otherwise.
+*/
+static int sqlite3Fts5DropAll(Fts5Config *pConfig){
+  int rc = fts5ExecPrintf(pConfig->db, 0, 
+      "DROP TABLE IF EXISTS %Q.'%q_data';"
+      "DROP TABLE IF EXISTS %Q.'%q_idx';"
+      "DROP TABLE IF EXISTS %Q.'%q_config';",
+      pConfig->zDb, pConfig->zName,
+      pConfig->zDb, pConfig->zName,
+      pConfig->zDb, pConfig->zName
+  );
+  if( rc==SQLITE_OK && pConfig->bColumnsize ){
+    rc = fts5ExecPrintf(pConfig->db, 0, 
+        "DROP TABLE IF EXISTS %Q.'%q_docsize';",
+        pConfig->zDb, pConfig->zName
+    );
+  }
+  if( rc==SQLITE_OK && pConfig->eContent==FTS5_CONTENT_NORMAL ){
+    rc = fts5ExecPrintf(pConfig->db, 0, 
+        "DROP TABLE IF EXISTS %Q.'%q_content';",
+        pConfig->zDb, pConfig->zName
+    );
+  }
+  return rc;
+}
+
+static void fts5StorageRenameOne(
+  Fts5Config *pConfig,            /* Current FTS5 configuration */
+  int *pRc,                       /* IN/OUT: Error code */
+  const char *zTail,              /* Tail of table name e.g. "data", "config" */
+  const char *zName               /* New name of FTS5 table */
+){
+  if( *pRc==SQLITE_OK ){
+    *pRc = fts5ExecPrintf(pConfig->db, 0, 
+        "ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';",
+        pConfig->zDb, pConfig->zName, zTail, zName, zTail
+    );
+  }
+}
+
+static int sqlite3Fts5StorageRename(Fts5Storage *pStorage, const char *zName){
+  Fts5Config *pConfig = pStorage->pConfig;
+  int rc = sqlite3Fts5StorageSync(pStorage, 1);
+
+  fts5StorageRenameOne(pConfig, &rc, "data", zName);
+  fts5StorageRenameOne(pConfig, &rc, "idx", zName);
+  fts5StorageRenameOne(pConfig, &rc, "config", zName);
+  if( pConfig->bColumnsize ){
+    fts5StorageRenameOne(pConfig, &rc, "docsize", zName);
+  }
+  if( pConfig->eContent==FTS5_CONTENT_NORMAL ){
+    fts5StorageRenameOne(pConfig, &rc, "content", zName);
+  }
+  return rc;
+}
+
+/*
+** Create the shadow table named zPost, with definition zDefn. Return
+** SQLITE_OK if successful, or an SQLite error code otherwise.
+*/
+static int sqlite3Fts5CreateTable(
+  Fts5Config *pConfig,            /* FTS5 configuration */
+  const char *zPost,              /* Shadow table to create (e.g. "content") */
+  const char *zDefn,              /* Columns etc. for shadow table */
+  int bWithout,                   /* True for without rowid */
+  char **pzErr                    /* OUT: Error message */
+){
+  int rc;
+  char *zErr = 0;
+
+  rc = fts5ExecPrintf(pConfig->db, &zErr, "CREATE TABLE %Q.'%q_%q'(%s)%s",
+      pConfig->zDb, pConfig->zName, zPost, zDefn, bWithout?" WITHOUT ROWID":""
+  );
+  if( zErr ){
+    *pzErr = sqlite3_mprintf(
+        "fts5: error creating shadow table %q_%s: %s", 
+        pConfig->zName, zPost, zErr
+    );
+    sqlite3_free(zErr);
+  }
+
+  return rc;
+}
+
+/*
+** Open a new Fts5Index handle. If the bCreate argument is true, create
+** and initialize the underlying tables 
+**
+** If successful, set *pp to point to the new object and return SQLITE_OK.
+** Otherwise, set *pp to NULL and return an SQLite error code.
+*/
+static int sqlite3Fts5StorageOpen(
+  Fts5Config *pConfig, 
+  Fts5Index *pIndex, 
+  int bCreate, 
+  Fts5Storage **pp,
+  char **pzErr                    /* OUT: Error message */
+){
+  int rc = SQLITE_OK;
+  Fts5Storage *p;                 /* New object */
+  int nByte;                      /* Bytes of space to allocate */
+
+  nByte = sizeof(Fts5Storage)               /* Fts5Storage object */
+        + pConfig->nCol * sizeof(i64);      /* Fts5Storage.aTotalSize[] */
+  *pp = p = (Fts5Storage*)sqlite3_malloc(nByte);
+  if( !p ) return SQLITE_NOMEM;
+
+  memset(p, 0, nByte);
+  p->aTotalSize = (i64*)&p[1];
+  p->pConfig = pConfig;
+  p->pIndex = pIndex;
+
+  if( bCreate ){
+    if( pConfig->eContent==FTS5_CONTENT_NORMAL ){
+      int nDefn = 32 + pConfig->nCol*10;
+      char *zDefn = sqlite3_malloc(32 + pConfig->nCol * 10);
+      if( zDefn==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        int i;
+        int iOff;
+        sqlite3_snprintf(nDefn, zDefn, "id INTEGER PRIMARY KEY");
+        iOff = (int)strlen(zDefn);
+        for(i=0; i<pConfig->nCol; i++){
+          sqlite3_snprintf(nDefn-iOff, &zDefn[iOff], ", c%d", i);
+          iOff += (int)strlen(&zDefn[iOff]);
+        }
+        rc = sqlite3Fts5CreateTable(pConfig, "content", zDefn, 0, pzErr);
+      }
+      sqlite3_free(zDefn);
+    }
+
+    if( rc==SQLITE_OK && pConfig->bColumnsize ){
+      rc = sqlite3Fts5CreateTable(
+          pConfig, "docsize", "id INTEGER PRIMARY KEY, sz BLOB", 0, pzErr
+      );
+    }
+    if( rc==SQLITE_OK ){
+      rc = sqlite3Fts5CreateTable(
+          pConfig, "config", "k PRIMARY KEY, v", 1, pzErr
+      );
+    }
+    if( rc==SQLITE_OK ){
+      rc = sqlite3Fts5StorageConfigValue(p, "version", 0, FTS5_CURRENT_VERSION);
+    }
+  }
+
+  if( rc ){
+    sqlite3Fts5StorageClose(p);
+    *pp = 0;
+  }
+  return rc;
+}
+
+/*
+** Close a handle opened by an earlier call to sqlite3Fts5StorageOpen().
+*/
+static int sqlite3Fts5StorageClose(Fts5Storage *p){
+  int rc = SQLITE_OK;
+  if( p ){
+    int i;
+
+    /* Finalize all SQL statements */
+    for(i=0; i<(int)ArraySize(p->aStmt); i++){
+      sqlite3_finalize(p->aStmt[i]);
+    }
+
+    sqlite3_free(p);
+  }
+  return rc;
+}
+
+typedef struct Fts5InsertCtx Fts5InsertCtx;
+struct Fts5InsertCtx {
+  Fts5Storage *pStorage;
+  int iCol;
+  int szCol;                      /* Size of column value in tokens */
+};
+
+/*
+** Tokenization callback used when inserting tokens into the FTS index.
+*/
+static int fts5StorageInsertCallback(
+  void *pContext,                 /* Pointer to Fts5InsertCtx object */
+  int tflags,
+  const char *pToken,             /* Buffer containing token */
+  int nToken,                     /* Size of token in bytes */
+  int iStart,                     /* Start offset of token */
+  int iEnd                        /* End offset of token */
+){
+  Fts5InsertCtx *pCtx = (Fts5InsertCtx*)pContext;
+  Fts5Index *pIdx = pCtx->pStorage->pIndex;
+  if( (tflags & FTS5_TOKEN_COLOCATED)==0 || pCtx->szCol==0 ){
+    pCtx->szCol++;
+  }
+  return sqlite3Fts5IndexWrite(pIdx, pCtx->iCol, pCtx->szCol-1, pToken, nToken);
+}
+
+/*
+** If a row with rowid iDel is present in the %_content table, add the
+** delete-markers to the FTS index necessary to delete it. Do not actually
+** remove the %_content row at this time though.
+*/
+static int fts5StorageDeleteFromIndex(Fts5Storage *p, i64 iDel){
+  Fts5Config *pConfig = p->pConfig;
+  sqlite3_stmt *pSeek;            /* SELECT to read row iDel from %_data */
+  int rc;                         /* Return code */
+
+  rc = fts5StorageGetStmt(p, FTS5_STMT_LOOKUP, &pSeek, 0);
+  if( rc==SQLITE_OK ){
+    int rc2;
+    sqlite3_bind_int64(pSeek, 1, iDel);
+    if( sqlite3_step(pSeek)==SQLITE_ROW ){
+      int iCol;
+      Fts5InsertCtx ctx;
+      ctx.pStorage = p;
+      ctx.iCol = -1;
+      rc = sqlite3Fts5IndexBeginWrite(p->pIndex, 1, iDel);
+      for(iCol=1; rc==SQLITE_OK && iCol<=pConfig->nCol; iCol++){
+        if( pConfig->abUnindexed[iCol-1] ) continue;
+        ctx.szCol = 0;
+        rc = sqlite3Fts5Tokenize(pConfig, 
+            FTS5_TOKENIZE_DOCUMENT,
+            (const char*)sqlite3_column_text(pSeek, iCol),
+            sqlite3_column_bytes(pSeek, iCol),
+            (void*)&ctx,
+            fts5StorageInsertCallback
+        );
+        p->aTotalSize[iCol-1] -= (i64)ctx.szCol;
+      }
+      p->nTotalRow--;
+    }
+    rc2 = sqlite3_reset(pSeek);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  return rc;
+}
+
+
+/*
+** Insert a record into the %_docsize table. Specifically, do:
+**
+**   INSERT OR REPLACE INTO %_docsize(id, sz) VALUES(iRowid, pBuf);
+**
+** If there is no %_docsize table (as happens if the columnsize=0 option
+** is specified when the FTS5 table is created), this function is a no-op.
+*/
+static int fts5StorageInsertDocsize(
+  Fts5Storage *p,                 /* Storage module to write to */
+  i64 iRowid,                     /* id value */
+  Fts5Buffer *pBuf                /* sz value */
+){
+  int rc = SQLITE_OK;
+  if( p->pConfig->bColumnsize ){
+    sqlite3_stmt *pReplace = 0;
+    rc = fts5StorageGetStmt(p, FTS5_STMT_REPLACE_DOCSIZE, &pReplace, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pReplace, 1, iRowid);
+      sqlite3_bind_blob(pReplace, 2, pBuf->p, pBuf->n, SQLITE_STATIC);
+      sqlite3_step(pReplace);
+      rc = sqlite3_reset(pReplace);
+    }
+  }
+  return rc;
+}
+
+/*
+** Load the contents of the "averages" record from disk into the 
+** p->nTotalRow and p->aTotalSize[] variables. If successful, and if
+** argument bCache is true, set the p->bTotalsValid flag to indicate
+** that the contents of aTotalSize[] and nTotalRow are valid until
+** further notice.
+**
+** Return SQLITE_OK if successful, or an SQLite error code if an error
+** occurs.
+*/
+static int fts5StorageLoadTotals(Fts5Storage *p, int bCache){
+  int rc = SQLITE_OK;
+  if( p->bTotalsValid==0 ){
+    rc = sqlite3Fts5IndexGetAverages(p->pIndex, &p->nTotalRow, p->aTotalSize);
+    p->bTotalsValid = bCache;
+  }
+  return rc;
+}
+
+/*
+** Store the current contents of the p->nTotalRow and p->aTotalSize[] 
+** variables in the "averages" record on disk.
+**
+** Return SQLITE_OK if successful, or an SQLite error code if an error
+** occurs.
+*/
+static int fts5StorageSaveTotals(Fts5Storage *p){
+  int nCol = p->pConfig->nCol;
+  int i;
+  Fts5Buffer buf;
+  int rc = SQLITE_OK;
+  memset(&buf, 0, sizeof(buf));
+
+  sqlite3Fts5BufferAppendVarint(&rc, &buf, p->nTotalRow);
+  for(i=0; i<nCol; i++){
+    sqlite3Fts5BufferAppendVarint(&rc, &buf, p->aTotalSize[i]);
+  }
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5IndexSetAverages(p->pIndex, buf.p, buf.n);
+  }
+  sqlite3_free(buf.p);
+
+  return rc;
+}
+
+/*
+** Remove a row from the FTS table.
+*/
+static int sqlite3Fts5StorageDelete(Fts5Storage *p, i64 iDel){
+  Fts5Config *pConfig = p->pConfig;
+  int rc;
+  sqlite3_stmt *pDel = 0;
+
+  rc = fts5StorageLoadTotals(p, 1);
+
+  /* Delete the index records */
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageDeleteFromIndex(p, iDel);
+  }
+
+  /* Delete the %_docsize record */
+  if( rc==SQLITE_OK && pConfig->bColumnsize ){
+    rc = fts5StorageGetStmt(p, FTS5_STMT_DELETE_DOCSIZE, &pDel, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pDel, 1, iDel);
+      sqlite3_step(pDel);
+      rc = sqlite3_reset(pDel);
+    }
+  }
+
+  /* Delete the %_content record */
+  if( pConfig->eContent==FTS5_CONTENT_NORMAL ){
+    if( rc==SQLITE_OK ){
+      rc = fts5StorageGetStmt(p, FTS5_STMT_DELETE_CONTENT, &pDel, 0);
+    }
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pDel, 1, iDel);
+      sqlite3_step(pDel);
+      rc = sqlite3_reset(pDel);
+    }
+  }
+
+  /* Write the averages record */
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageSaveTotals(p);
+  }
+
+  return rc;
+}
+
+static int sqlite3Fts5StorageSpecialDelete(
+  Fts5Storage *p, 
+  i64 iDel, 
+  sqlite3_value **apVal
+){
+  Fts5Config *pConfig = p->pConfig;
+  int rc;
+  sqlite3_stmt *pDel = 0;
+
+  assert( pConfig->eContent!=FTS5_CONTENT_NORMAL );
+  rc = fts5StorageLoadTotals(p, 1);
+
+  /* Delete the index records */
+  if( rc==SQLITE_OK ){
+    int iCol;
+    Fts5InsertCtx ctx;
+    ctx.pStorage = p;
+    ctx.iCol = -1;
+
+    rc = sqlite3Fts5IndexBeginWrite(p->pIndex, 1, iDel);
+    for(iCol=0; rc==SQLITE_OK && iCol<pConfig->nCol; iCol++){
+      if( pConfig->abUnindexed[iCol] ) continue;
+      ctx.szCol = 0;
+      rc = sqlite3Fts5Tokenize(pConfig, 
+        FTS5_TOKENIZE_DOCUMENT,
+        (const char*)sqlite3_value_text(apVal[iCol]),
+        sqlite3_value_bytes(apVal[iCol]),
+        (void*)&ctx,
+        fts5StorageInsertCallback
+      );
+      p->aTotalSize[iCol] -= (i64)ctx.szCol;
+    }
+    p->nTotalRow--;
+  }
+
+  /* Delete the %_docsize record */
+  if( pConfig->bColumnsize ){
+    if( rc==SQLITE_OK ){
+      rc = fts5StorageGetStmt(p, FTS5_STMT_DELETE_DOCSIZE, &pDel, 0);
+    }
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_int64(pDel, 1, iDel);
+      sqlite3_step(pDel);
+      rc = sqlite3_reset(pDel);
+    }
+  }
+
+  /* Write the averages record */
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageSaveTotals(p);
+  }
+
+  return rc;
+}
+
+/*
+** Delete all entries in the FTS5 index.
+*/
+static int sqlite3Fts5StorageDeleteAll(Fts5Storage *p){
+  Fts5Config *pConfig = p->pConfig;
+  int rc;
+
+  /* Delete the contents of the %_data and %_docsize tables. */
+  rc = fts5ExecPrintf(pConfig->db, 0,
+      "DELETE FROM %Q.'%q_data';" 
+      "DELETE FROM %Q.'%q_idx';",
+      pConfig->zDb, pConfig->zName,
+      pConfig->zDb, pConfig->zName
+  );
+  if( rc==SQLITE_OK && pConfig->bColumnsize ){
+    rc = fts5ExecPrintf(pConfig->db, 0,
+        "DELETE FROM %Q.'%q_docsize';",
+        pConfig->zDb, pConfig->zName
+    );
+  }
+
+  /* Reinitialize the %_data table. This call creates the initial structure
+  ** and averages records.  */
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5IndexReinit(p->pIndex);
+  }
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5StorageConfigValue(p, "version", 0, FTS5_CURRENT_VERSION);
+  }
+  return rc;
+}
+
+static int sqlite3Fts5StorageRebuild(Fts5Storage *p){
+  Fts5Buffer buf = {0,0,0};
+  Fts5Config *pConfig = p->pConfig;
+  sqlite3_stmt *pScan = 0;
+  Fts5InsertCtx ctx;
+  int rc;
+
+  memset(&ctx, 0, sizeof(Fts5InsertCtx));
+  ctx.pStorage = p;
+  rc = sqlite3Fts5StorageDeleteAll(p);
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageLoadTotals(p, 1);
+  }
+
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageGetStmt(p, FTS5_STMT_SCAN, &pScan, 0);
+  }
+
+  while( rc==SQLITE_OK && SQLITE_ROW==sqlite3_step(pScan) ){
+    i64 iRowid = sqlite3_column_int64(pScan, 0);
+
+    sqlite3Fts5BufferZero(&buf);
+    rc = sqlite3Fts5IndexBeginWrite(p->pIndex, 0, iRowid);
+    for(ctx.iCol=0; rc==SQLITE_OK && ctx.iCol<pConfig->nCol; ctx.iCol++){
+      ctx.szCol = 0;
+      if( pConfig->abUnindexed[ctx.iCol]==0 ){
+        rc = sqlite3Fts5Tokenize(pConfig, 
+            FTS5_TOKENIZE_DOCUMENT,
+            (const char*)sqlite3_column_text(pScan, ctx.iCol+1),
+            sqlite3_column_bytes(pScan, ctx.iCol+1),
+            (void*)&ctx,
+            fts5StorageInsertCallback
+        );
+      }
+      sqlite3Fts5BufferAppendVarint(&rc, &buf, ctx.szCol);
+      p->aTotalSize[ctx.iCol] += (i64)ctx.szCol;
+    }
+    p->nTotalRow++;
+
+    if( rc==SQLITE_OK ){
+      rc = fts5StorageInsertDocsize(p, iRowid, &buf);
+    }
+  }
+  sqlite3_free(buf.p);
+
+  /* Write the averages record */
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageSaveTotals(p);
+  }
+  return rc;
+}
+
+static int sqlite3Fts5StorageOptimize(Fts5Storage *p){
+  return sqlite3Fts5IndexOptimize(p->pIndex);
+}
+
+static int sqlite3Fts5StorageMerge(Fts5Storage *p, int nMerge){
+  return sqlite3Fts5IndexMerge(p->pIndex, nMerge);
+}
+
+/*
+** Allocate a new rowid. This is used for "external content" tables when
+** a NULL value is inserted into the rowid column. The new rowid is allocated
+** by inserting a dummy row into the %_docsize table. The dummy will be
+** overwritten later.
+**
+** If the %_docsize table does not exist, SQLITE_MISMATCH is returned. In
+** this case the user is required to provide a rowid explicitly.
+*/
+static int fts5StorageNewRowid(Fts5Storage *p, i64 *piRowid){
+  int rc = SQLITE_MISMATCH;
+  if( p->pConfig->bColumnsize ){
+    sqlite3_stmt *pReplace = 0;
+    rc = fts5StorageGetStmt(p, FTS5_STMT_REPLACE_DOCSIZE, &pReplace, 0);
+    if( rc==SQLITE_OK ){
+      sqlite3_bind_null(pReplace, 1);
+      sqlite3_bind_null(pReplace, 2);
+      sqlite3_step(pReplace);
+      rc = sqlite3_reset(pReplace);
+    }
+    if( rc==SQLITE_OK ){
+      *piRowid = sqlite3_last_insert_rowid(p->pConfig->db);
+    }
+  }
+  return rc;
+}
+
+/*
+** Insert a new row into the FTS content table.
+*/
+static int sqlite3Fts5StorageContentInsert(
+  Fts5Storage *p, 
+  sqlite3_value **apVal, 
+  i64 *piRowid
+){
+  Fts5Config *pConfig = p->pConfig;
+  int rc = SQLITE_OK;
+
+  /* Insert the new row into the %_content table. */
+  if( pConfig->eContent!=FTS5_CONTENT_NORMAL ){
+    if( sqlite3_value_type(apVal[1])==SQLITE_INTEGER ){
+      *piRowid = sqlite3_value_int64(apVal[1]);
+    }else{
+      rc = fts5StorageNewRowid(p, piRowid);
+    }
+  }else{
+    sqlite3_stmt *pInsert = 0;    /* Statement to write %_content table */
+    int i;                        /* Counter variable */
+    rc = fts5StorageGetStmt(p, FTS5_STMT_INSERT_CONTENT, &pInsert, 0);
+    for(i=1; rc==SQLITE_OK && i<=pConfig->nCol+1; i++){
+      rc = sqlite3_bind_value(pInsert, i, apVal[i]);
+    }
+    if( rc==SQLITE_OK ){
+      sqlite3_step(pInsert);
+      rc = sqlite3_reset(pInsert);
+    }
+    *piRowid = sqlite3_last_insert_rowid(pConfig->db);
+  }
+
+  return rc;
+}
+
+/*
+** Insert new entries into the FTS index and %_docsize table.
+*/
+static int sqlite3Fts5StorageIndexInsert(
+  Fts5Storage *p, 
+  sqlite3_value **apVal, 
+  i64 iRowid
+){
+  Fts5Config *pConfig = p->pConfig;
+  int rc = SQLITE_OK;             /* Return code */
+  Fts5InsertCtx ctx;              /* Tokenization callback context object */
+  Fts5Buffer buf;                 /* Buffer used to build up %_docsize blob */
+
+  memset(&buf, 0, sizeof(Fts5Buffer));
+  ctx.pStorage = p;
+  rc = fts5StorageLoadTotals(p, 1);
+
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5IndexBeginWrite(p->pIndex, 0, iRowid);
+  }
+  for(ctx.iCol=0; rc==SQLITE_OK && ctx.iCol<pConfig->nCol; ctx.iCol++){
+    ctx.szCol = 0;
+    if( pConfig->abUnindexed[ctx.iCol]==0 ){
+      rc = sqlite3Fts5Tokenize(pConfig, 
+          FTS5_TOKENIZE_DOCUMENT,
+          (const char*)sqlite3_value_text(apVal[ctx.iCol+2]),
+          sqlite3_value_bytes(apVal[ctx.iCol+2]),
+          (void*)&ctx,
+          fts5StorageInsertCallback
+      );
+    }
+    sqlite3Fts5BufferAppendVarint(&rc, &buf, ctx.szCol);
+    p->aTotalSize[ctx.iCol] += (i64)ctx.szCol;
+  }
+  p->nTotalRow++;
+
+  /* Write the %_docsize record */
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageInsertDocsize(p, iRowid, &buf);
+  }
+  sqlite3_free(buf.p);
+
+  /* Write the averages record */
+  if( rc==SQLITE_OK ){
+    rc = fts5StorageSaveTotals(p);
+  }
+
+  return rc;
+}
+
+static int fts5StorageCount(Fts5Storage *p, const char *zSuffix, i64 *pnRow){
+  Fts5Config *pConfig = p->pConfig;
+  char *zSql;
+  int rc;
+
+  zSql = sqlite3_mprintf("SELECT count(*) FROM %Q.'%q_%s'", 
+      pConfig->zDb, pConfig->zName, zSuffix
+  );
+  if( zSql==0 ){
+    rc = SQLITE_NOMEM;
+  }else{
+    sqlite3_stmt *pCnt = 0;
+    rc = sqlite3_prepare_v2(pConfig->db, zSql, -1, &pCnt, 0);
+    if( rc==SQLITE_OK ){
+      if( SQLITE_ROW==sqlite3_step(pCnt) ){
+        *pnRow = sqlite3_column_int64(pCnt, 0);
+      }
+      rc = sqlite3_finalize(pCnt);
+    }
+  }
+
+  sqlite3_free(zSql);
+  return rc;
+}
+
+/*
+** Context object used by sqlite3Fts5StorageIntegrity().
+*/
+typedef struct Fts5IntegrityCtx Fts5IntegrityCtx;
+struct Fts5IntegrityCtx {
+  i64 iRowid;
+  int iCol;
+  int szCol;
+  u64 cksum;
+  Fts5Config *pConfig;
+};
+
+/*
+** Tokenization callback used by integrity check.
+*/
+static int fts5StorageIntegrityCallback(
+  void *pContext,                 /* Pointer to Fts5InsertCtx object */
+  int tflags,
+  const char *pToken,             /* Buffer containing token */
+  int nToken,                     /* Size of token in bytes */
+  int iStart,                     /* Start offset of token */
+  int iEnd                        /* End offset of token */
+){
+  Fts5IntegrityCtx *pCtx = (Fts5IntegrityCtx*)pContext;
+  if( (tflags & FTS5_TOKEN_COLOCATED)==0 || pCtx->szCol==0 ){
+    pCtx->szCol++;
+  }
+  pCtx->cksum ^= sqlite3Fts5IndexCksum(
+      pCtx->pConfig, pCtx->iRowid, pCtx->iCol, pCtx->szCol-1, pToken, nToken
+  );
+  return SQLITE_OK;
+}
+
+/*
+** Check that the contents of the FTS index match that of the %_content
+** table. Return SQLITE_OK if they do, or SQLITE_CORRUPT if not. Return
+** some other SQLite error code if an error occurs while attempting to
+** determine this.
+*/
+static int sqlite3Fts5StorageIntegrity(Fts5Storage *p){
+  Fts5Config *pConfig = p->pConfig;
+  int rc;                         /* Return code */
+  int *aColSize;                  /* Array of size pConfig->nCol */
+  i64 *aTotalSize;                /* Array of size pConfig->nCol */
+  Fts5IntegrityCtx ctx;
+  sqlite3_stmt *pScan;
+
+  memset(&ctx, 0, sizeof(Fts5IntegrityCtx));
+  ctx.pConfig = p->pConfig;
+  aTotalSize = (i64*)sqlite3_malloc(pConfig->nCol * (sizeof(int)+sizeof(i64)));
+  if( !aTotalSize ) return SQLITE_NOMEM;
+  aColSize = (int*)&aTotalSize[pConfig->nCol];
+  memset(aTotalSize, 0, sizeof(i64) * pConfig->nCol);
+
+  /* Generate the expected index checksum based on the contents of the
+  ** %_content table. This block stores the checksum in ctx.cksum. */
+  rc = fts5StorageGetStmt(p, FTS5_STMT_SCAN, &pScan, 0);
+  if( rc==SQLITE_OK ){
+    int rc2;
+    while( SQLITE_ROW==sqlite3_step(pScan) ){
+      int i;
+      ctx.iRowid = sqlite3_column_int64(pScan, 0);
+      ctx.szCol = 0;
+      if( pConfig->bColumnsize ){
+        rc = sqlite3Fts5StorageDocsize(p, ctx.iRowid, aColSize);
+      }
+      for(i=0; rc==SQLITE_OK && i<pConfig->nCol; i++){
+        if( pConfig->abUnindexed[i] ) continue;
+        ctx.iCol = i;
+        ctx.szCol = 0;
+        rc = sqlite3Fts5Tokenize(pConfig, 
+            FTS5_TOKENIZE_DOCUMENT,
+            (const char*)sqlite3_column_text(pScan, i+1),
+            sqlite3_column_bytes(pScan, i+1),
+            (void*)&ctx,
+            fts5StorageIntegrityCallback
+        );
+        if( pConfig->bColumnsize && ctx.szCol!=aColSize[i] ){
+          rc = FTS5_CORRUPT;
+        }
+        aTotalSize[i] += ctx.szCol;
+      }
+      if( rc!=SQLITE_OK ) break;
+    }
+    rc2 = sqlite3_reset(pScan);
+    if( rc==SQLITE_OK ) rc = rc2;
+  }
+
+  /* Test that the "totals" (sometimes called "averages") record looks Ok */
+  if( rc==SQLITE_OK ){
+    int i;
+    rc = fts5StorageLoadTotals(p, 0);
+    for(i=0; rc==SQLITE_OK && i<pConfig->nCol; i++){
+      if( p->aTotalSize[i]!=aTotalSize[i] ) rc = FTS5_CORRUPT;
+    }
+  }
+
+  /* Check that the %_docsize and %_content tables contain the expected
+  ** number of rows.  */
+  if( rc==SQLITE_OK && pConfig->eContent==FTS5_CONTENT_NORMAL ){
+    i64 nRow = 0;
+    rc = fts5StorageCount(p, "content", &nRow);
+    if( rc==SQLITE_OK && nRow!=p->nTotalRow ) rc = FTS5_CORRUPT;
+  }
+  if( rc==SQLITE_OK && pConfig->bColumnsize ){
+    i64 nRow = 0;
+    rc = fts5StorageCount(p, "docsize", &nRow);
+    if( rc==SQLITE_OK && nRow!=p->nTotalRow ) rc = FTS5_CORRUPT;
+  }
+
+  /* Pass the expected checksum down to the FTS index module. It will
+  ** verify, amongst other things, that it matches the checksum generated by
+  ** inspecting the index itself.  */
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5IndexIntegrityCheck(p->pIndex, ctx.cksum);
+  }
+
+  sqlite3_free(aTotalSize);
+  return rc;
+}
+
+/*
+** Obtain an SQLite statement handle that may be used to read data from the
+** %_content table.
+*/
+static int sqlite3Fts5StorageStmt(
+  Fts5Storage *p, 
+  int eStmt, 
+  sqlite3_stmt **pp, 
+  char **pzErrMsg
+){
+  int rc;
+  assert( eStmt==FTS5_STMT_SCAN_ASC 
+       || eStmt==FTS5_STMT_SCAN_DESC
+       || eStmt==FTS5_STMT_LOOKUP
+  );
+  rc = fts5StorageGetStmt(p, eStmt, pp, pzErrMsg);
+  if( rc==SQLITE_OK ){
+    assert( p->aStmt[eStmt]==*pp );
+    p->aStmt[eStmt] = 0;
+  }
+  return rc;
+}
+
+/*
+** Release an SQLite statement handle obtained via an earlier call to
+** sqlite3Fts5StorageStmt(). The eStmt parameter passed to this function
+** must match that passed to the sqlite3Fts5StorageStmt() call.
+*/
+static void sqlite3Fts5StorageStmtRelease(
+  Fts5Storage *p, 
+  int eStmt, 
+  sqlite3_stmt *pStmt
+){
+  assert( eStmt==FTS5_STMT_SCAN_ASC
+       || eStmt==FTS5_STMT_SCAN_DESC
+       || eStmt==FTS5_STMT_LOOKUP
+  );
+  if( p->aStmt[eStmt]==0 ){
+    sqlite3_reset(pStmt);
+    p->aStmt[eStmt] = pStmt;
+  }else{
+    sqlite3_finalize(pStmt);
+  }
+}
+
+static int fts5StorageDecodeSizeArray(
+  int *aCol, int nCol,            /* Array to populate */
+  const u8 *aBlob, int nBlob      /* Record to read varints from */
+){
+  int i;
+  int iOff = 0;
+  for(i=0; i<nCol; i++){
+    if( iOff>=nBlob ) return 1;
+    iOff += fts5GetVarint32(&aBlob[iOff], aCol[i]);
+  }
+  return (iOff!=nBlob);
+}
+
+/*
+** Argument aCol points to an array of integers containing one entry for
+** each table column. This function reads the %_docsize record for the
+** specified rowid and populates aCol[] with the results.
+**
+** An SQLite error code is returned if an error occurs, or SQLITE_OK
+** otherwise.
+*/
+static int sqlite3Fts5StorageDocsize(Fts5Storage *p, i64 iRowid, int *aCol){
+  int nCol = p->pConfig->nCol;    /* Number of user columns in table */
+  sqlite3_stmt *pLookup = 0;      /* Statement to query %_docsize */
+  int rc;                         /* Return Code */
+
+  assert( p->pConfig->bColumnsize );
+  rc = fts5StorageGetStmt(p, FTS5_STMT_LOOKUP_DOCSIZE, &pLookup, 0);
+  if( rc==SQLITE_OK ){
+    int bCorrupt = 1;
+    sqlite3_bind_int64(pLookup, 1, iRowid);
+    if( SQLITE_ROW==sqlite3_step(pLookup) ){
+      const u8 *aBlob = sqlite3_column_blob(pLookup, 0);
+      int nBlob = sqlite3_column_bytes(pLookup, 0);
+      if( 0==fts5StorageDecodeSizeArray(aCol, nCol, aBlob, nBlob) ){
+        bCorrupt = 0;
+      }
+    }
+    rc = sqlite3_reset(pLookup);
+    if( bCorrupt && rc==SQLITE_OK ){
+      rc = FTS5_CORRUPT;
+    }
+  }
+
+  return rc;
+}
+
+static int sqlite3Fts5StorageSize(Fts5Storage *p, int iCol, i64 *pnToken){
+  int rc = fts5StorageLoadTotals(p, 0);
+  if( rc==SQLITE_OK ){
+    *pnToken = 0;
+    if( iCol<0 ){
+      int i;
+      for(i=0; i<p->pConfig->nCol; i++){
+        *pnToken += p->aTotalSize[i];
+      }
+    }else if( iCol<p->pConfig->nCol ){
+      *pnToken = p->aTotalSize[iCol];
+    }else{
+      rc = SQLITE_RANGE;
+    }
+  }
+  return rc;
+}
+
+static int sqlite3Fts5StorageRowCount(Fts5Storage *p, i64 *pnRow){
+  int rc = fts5StorageLoadTotals(p, 0);
+  if( rc==SQLITE_OK ){
+    *pnRow = p->nTotalRow;
+  }
+  return rc;
+}
+
+/*
+** Flush any data currently held in-memory to disk.
+*/
+static int sqlite3Fts5StorageSync(Fts5Storage *p, int bCommit){
+  if( bCommit && p->bTotalsValid ){
+    int rc = fts5StorageSaveTotals(p);
+    p->bTotalsValid = 0;
+    if( rc!=SQLITE_OK ) return rc;
+  }
+  return sqlite3Fts5IndexSync(p->pIndex, bCommit);
+}
+
+static int sqlite3Fts5StorageRollback(Fts5Storage *p){
+  p->bTotalsValid = 0;
+  return sqlite3Fts5IndexRollback(p->pIndex);
+}
+
+static int sqlite3Fts5StorageConfigValue(
+  Fts5Storage *p, 
+  const char *z,
+  sqlite3_value *pVal,
+  int iVal
+){
+  sqlite3_stmt *pReplace = 0;
+  int rc = fts5StorageGetStmt(p, FTS5_STMT_REPLACE_CONFIG, &pReplace, 0);
+  if( rc==SQLITE_OK ){
+    sqlite3_bind_text(pReplace, 1, z, -1, SQLITE_STATIC);
+    if( pVal ){
+      sqlite3_bind_value(pReplace, 2, pVal);
+    }else{
+      sqlite3_bind_int(pReplace, 2, iVal);
+    }
+    sqlite3_step(pReplace);
+    rc = sqlite3_reset(pReplace);
+  }
+  if( rc==SQLITE_OK && pVal ){
+    int iNew = p->pConfig->iCookie + 1;
+    rc = sqlite3Fts5IndexSetCookie(p->pIndex, iNew);
+    if( rc==SQLITE_OK ){
+      p->pConfig->iCookie = iNew;
+    }
+  }
+  return rc;
+}
+
+
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+*/
+
+
+/* #include "fts5Int.h" */
+
+/**************************************************************************
+** Start of ascii tokenizer implementation.
+*/
+
+/*
+** For tokenizers with no "unicode" modifier, the set of token characters
+** is the same as the set of ASCII range alphanumeric characters. 
+*/
+static unsigned char aAsciiTokenChar[128] = {
+  0, 0, 0, 0, 0, 0, 0, 0,   0, 0, 0, 0, 0, 0, 0, 0,   /* 0x00..0x0F */
+  0, 0, 0, 0, 0, 0, 0, 0,   0, 0, 0, 0, 0, 0, 0, 0,   /* 0x10..0x1F */
+  0, 0, 0, 0, 0, 0, 0, 0,   0, 0, 0, 0, 0, 0, 0, 0,   /* 0x20..0x2F */
+  1, 1, 1, 1, 1, 1, 1, 1,   1, 1, 0, 0, 0, 0, 0, 0,   /* 0x30..0x3F */
+  0, 1, 1, 1, 1, 1, 1, 1,   1, 1, 1, 1, 1, 1, 1, 1,   /* 0x40..0x4F */
+  1, 1, 1, 1, 1, 1, 1, 1,   1, 1, 1, 0, 0, 0, 0, 0,   /* 0x50..0x5F */
+  0, 1, 1, 1, 1, 1, 1, 1,   1, 1, 1, 1, 1, 1, 1, 1,   /* 0x60..0x6F */
+  1, 1, 1, 1, 1, 1, 1, 1,   1, 1, 1, 0, 0, 0, 0, 0,   /* 0x70..0x7F */
+};
+
+typedef struct AsciiTokenizer AsciiTokenizer;
+struct AsciiTokenizer {
+  unsigned char aTokenChar[128];
+};
+
+static void fts5AsciiAddExceptions(
+  AsciiTokenizer *p, 
+  const char *zArg, 
+  int bTokenChars
+){
+  int i;
+  for(i=0; zArg[i]; i++){
+    if( (zArg[i] & 0x80)==0 ){
+      p->aTokenChar[(int)zArg[i]] = (unsigned char)bTokenChars;
+    }
+  }
+}
+
+/*
+** Delete a "ascii" tokenizer.
+*/
+static void fts5AsciiDelete(Fts5Tokenizer *p){
+  sqlite3_free(p);
+}
+
+/*
+** Create an "ascii" tokenizer.
+*/
+static int fts5AsciiCreate(
+  void *pCtx, 
+  const char **azArg, int nArg,
+  Fts5Tokenizer **ppOut
+){
+  int rc = SQLITE_OK;
+  AsciiTokenizer *p = 0;
+  if( nArg%2 ){
+    rc = SQLITE_ERROR;
+  }else{
+    p = sqlite3_malloc(sizeof(AsciiTokenizer));
+    if( p==0 ){
+      rc = SQLITE_NOMEM;
+    }else{
+      int i;
+      memset(p, 0, sizeof(AsciiTokenizer));
+      memcpy(p->aTokenChar, aAsciiTokenChar, sizeof(aAsciiTokenChar));
+      for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
+        const char *zArg = azArg[i+1];
+        if( 0==sqlite3_stricmp(azArg[i], "tokenchars") ){
+          fts5AsciiAddExceptions(p, zArg, 1);
+        }else
+        if( 0==sqlite3_stricmp(azArg[i], "separators") ){
+          fts5AsciiAddExceptions(p, zArg, 0);
+        }else{
+          rc = SQLITE_ERROR;
+        }
+      }
+      if( rc!=SQLITE_OK ){
+        fts5AsciiDelete((Fts5Tokenizer*)p);
+        p = 0;
+      }
+    }
+  }
+
+  *ppOut = (Fts5Tokenizer*)p;
+  return rc;
+}
+
+
+static void asciiFold(char *aOut, const char *aIn, int nByte){
+  int i;
+  for(i=0; i<nByte; i++){
+    char c = aIn[i];
+    if( c>='A' && c<='Z' ) c += 32;
+    aOut[i] = c;
+  }
+}
+
+/*
+** Tokenize some text using the ascii tokenizer.
+*/
+static int fts5AsciiTokenize(
+  Fts5Tokenizer *pTokenizer,
+  void *pCtx,
+  int flags,
+  const char *pText, int nText,
+  int (*xToken)(void*, int, const char*, int nToken, int iStart, int iEnd)
+){
+  AsciiTokenizer *p = (AsciiTokenizer*)pTokenizer;
+  int rc = SQLITE_OK;
+  int ie;
+  int is = 0;
+
+  char aFold[64];
+  int nFold = sizeof(aFold);
+  char *pFold = aFold;
+  unsigned char *a = p->aTokenChar;
+
+  while( is<nText && rc==SQLITE_OK ){
+    int nByte;
+
+    /* Skip any leading divider characters. */
+    while( is<nText && ((pText[is]&0x80)==0 && a[(int)pText[is]]==0) ){
+      is++;
+    }
+    if( is==nText ) break;
+
+    /* Count the token characters */
+    ie = is+1;
+    while( ie<nText && ((pText[ie]&0x80) || a[(int)pText[ie]] ) ){
+      ie++;
+    }
+
+    /* Fold to lower case */
+    nByte = ie-is;
+    if( nByte>nFold ){
+      if( pFold!=aFold ) sqlite3_free(pFold);
+      pFold = sqlite3_malloc(nByte*2);
+      if( pFold==0 ){
+        rc = SQLITE_NOMEM;
+        break;
+      }
+      nFold = nByte*2;
+    }
+    asciiFold(pFold, &pText[is], nByte);
+
+    /* Invoke the token callback */
+    rc = xToken(pCtx, 0, pFold, nByte, is, ie);
+    is = ie+1;
+  }
+  
+  if( pFold!=aFold ) sqlite3_free(pFold);
+  if( rc==SQLITE_DONE ) rc = SQLITE_OK;
+  return rc;
+}
+
+/**************************************************************************
+** Start of unicode61 tokenizer implementation.
+*/
+
+
+/*
+** The following two macros - READ_UTF8 and WRITE_UTF8 - have been copied
+** from the sqlite3 source file utf.c. If this file is compiled as part
+** of the amalgamation, they are not required.
+*/
+#ifndef SQLITE_AMALGAMATION
+
+static const unsigned char sqlite3Utf8Trans1[] = {
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+  0x00, 0x01, 0x02, 0x03, 0x00, 0x01, 0x00, 0x00,
+};
+
+#define READ_UTF8(zIn, zTerm, c)                           \
+  c = *(zIn++);                                            \
+  if( c>=0xc0 ){                                           \
+    c = sqlite3Utf8Trans1[c-0xc0];                         \
+    while( zIn!=zTerm && (*zIn & 0xc0)==0x80 ){            \
+      c = (c<<6) + (0x3f & *(zIn++));                      \
+    }                                                      \
+    if( c<0x80                                             \
+        || (c&0xFFFFF800)==0xD800                          \
+        || (c&0xFFFFFFFE)==0xFFFE ){  c = 0xFFFD; }        \
+  }
+
+
+#define WRITE_UTF8(zOut, c) {                          \
+  if( c<0x00080 ){                                     \
+    *zOut++ = (unsigned char)(c&0xFF);                 \
+  }                                                    \
+  else if( c<0x00800 ){                                \
+    *zOut++ = 0xC0 + (unsigned char)((c>>6)&0x1F);     \
+    *zOut++ = 0x80 + (unsigned char)(c & 0x3F);        \
+  }                                                    \
+  else if( c<0x10000 ){                                \
+    *zOut++ = 0xE0 + (unsigned char)((c>>12)&0x0F);    \
+    *zOut++ = 0x80 + (unsigned char)((c>>6) & 0x3F);   \
+    *zOut++ = 0x80 + (unsigned char)(c & 0x3F);        \
+  }else{                                               \
+    *zOut++ = 0xF0 + (unsigned char)((c>>18) & 0x07);  \
+    *zOut++ = 0x80 + (unsigned char)((c>>12) & 0x3F);  \
+    *zOut++ = 0x80 + (unsigned char)((c>>6) & 0x3F);   \
+    *zOut++ = 0x80 + (unsigned char)(c & 0x3F);        \
+  }                                                    \
+}
+
+#endif /* ifndef SQLITE_AMALGAMATION */
+
+typedef struct Unicode61Tokenizer Unicode61Tokenizer;
+struct Unicode61Tokenizer {
+  unsigned char aTokenChar[128];  /* ASCII range token characters */
+  char *aFold;                    /* Buffer to fold text into */
+  int nFold;                      /* Size of aFold[] in bytes */
+  int bRemoveDiacritic;           /* True if remove_diacritics=1 is set */
+  int nException;
+  int *aiException;
+};
+
+static int fts5UnicodeAddExceptions(
+  Unicode61Tokenizer *p,          /* Tokenizer object */
+  const char *z,                  /* Characters to treat as exceptions */
+  int bTokenChars                 /* 1 for 'tokenchars', 0 for 'separators' */
+){
+  int rc = SQLITE_OK;
+  int n = (int)strlen(z);
+  int *aNew;
+
+  if( n>0 ){
+    aNew = (int*)sqlite3_realloc(p->aiException, (n+p->nException)*sizeof(int));
+    if( aNew ){
+      int nNew = p->nException;
+      const unsigned char *zCsr = (const unsigned char*)z;
+      const unsigned char *zTerm = (const unsigned char*)&z[n];
+      while( zCsr<zTerm ){
+        int iCode;
+        int bToken;
+        READ_UTF8(zCsr, zTerm, iCode);
+        if( iCode<128 ){
+          p->aTokenChar[iCode] = (unsigned char)bTokenChars;
+        }else{
+          bToken = sqlite3Fts5UnicodeIsalnum(iCode);
+          assert( (bToken==0 || bToken==1) ); 
+          assert( (bTokenChars==0 || bTokenChars==1) );
+          if( bToken!=bTokenChars && sqlite3Fts5UnicodeIsdiacritic(iCode)==0 ){
+            int i;
+            for(i=0; i<nNew; i++){
+              if( aNew[i]>iCode ) break;
+            }
+            memmove(&aNew[i+1], &aNew[i], (nNew-i)*sizeof(int));
+            aNew[i] = iCode;
+            nNew++;
+          }
+        }
+      }
+      p->aiException = aNew;
+      p->nException = nNew;
+    }else{
+      rc = SQLITE_NOMEM;
+    }
+  }
+
+  return rc;
+}
+
+/*
+** Return true if the p->aiException[] array contains the value iCode.
+*/
+static int fts5UnicodeIsException(Unicode61Tokenizer *p, int iCode){
+  if( p->nException>0 ){
+    int *a = p->aiException;
+    int iLo = 0;
+    int iHi = p->nException-1;
+
+    while( iHi>=iLo ){
+      int iTest = (iHi + iLo) / 2;
+      if( iCode==a[iTest] ){
+        return 1;
+      }else if( iCode>a[iTest] ){
+        iLo = iTest+1;
+      }else{
+        iHi = iTest-1;
+      }
+    }
+  }
+
+  return 0;
+}
+
+/*
+** Delete a "unicode61" tokenizer.
+*/
+static void fts5UnicodeDelete(Fts5Tokenizer *pTok){
+  if( pTok ){
+    Unicode61Tokenizer *p = (Unicode61Tokenizer*)pTok;
+    sqlite3_free(p->aiException);
+    sqlite3_free(p->aFold);
+    sqlite3_free(p);
+  }
+  return;
+}
+
+/*
+** Create a "unicode61" tokenizer.
+*/
+static int fts5UnicodeCreate(
+  void *pCtx, 
+  const char **azArg, int nArg,
+  Fts5Tokenizer **ppOut
+){
+  int rc = SQLITE_OK;             /* Return code */
+  Unicode61Tokenizer *p = 0;      /* New tokenizer object */ 
+
+  if( nArg%2 ){
+    rc = SQLITE_ERROR;
+  }else{
+    p = (Unicode61Tokenizer*)sqlite3_malloc(sizeof(Unicode61Tokenizer));
+    if( p ){
+      int i;
+      memset(p, 0, sizeof(Unicode61Tokenizer));
+      memcpy(p->aTokenChar, aAsciiTokenChar, sizeof(aAsciiTokenChar));
+      p->bRemoveDiacritic = 1;
+      p->nFold = 64;
+      p->aFold = sqlite3_malloc(p->nFold * sizeof(char));
+      if( p->aFold==0 ){
+        rc = SQLITE_NOMEM;
+      }
+      for(i=0; rc==SQLITE_OK && i<nArg; i+=2){
+        const char *zArg = azArg[i+1];
+        if( 0==sqlite3_stricmp(azArg[i], "remove_diacritics") ){
+          if( (zArg[0]!='0' && zArg[0]!='1') || zArg[1] ){
+            rc = SQLITE_ERROR;
+          }
+          p->bRemoveDiacritic = (zArg[0]=='1');
+        }else
+        if( 0==sqlite3_stricmp(azArg[i], "tokenchars") ){
+          rc = fts5UnicodeAddExceptions(p, zArg, 1);
+        }else
+        if( 0==sqlite3_stricmp(azArg[i], "separators") ){
+          rc = fts5UnicodeAddExceptions(p, zArg, 0);
+        }else{
+          rc = SQLITE_ERROR;
+        }
+      }
+    }else{
+      rc = SQLITE_NOMEM;
+    }
+    if( rc!=SQLITE_OK ){
+      fts5UnicodeDelete((Fts5Tokenizer*)p);
+      p = 0;
+    }
+    *ppOut = (Fts5Tokenizer*)p;
+  }
+  return rc;
+}
+
+/*
+** Return true if, for the purposes of tokenizing with the tokenizer
+** passed as the first argument, codepoint iCode is considered a token 
+** character (not a separator).
+*/
+static int fts5UnicodeIsAlnum(Unicode61Tokenizer *p, int iCode){
+  assert( (sqlite3Fts5UnicodeIsalnum(iCode) & 0xFFFFFFFE)==0 );
+  return sqlite3Fts5UnicodeIsalnum(iCode) ^ fts5UnicodeIsException(p, iCode);
+}
+
+static int fts5UnicodeTokenize(
+  Fts5Tokenizer *pTokenizer,
+  void *pCtx,
+  int flags,
+  const char *pText, int nText,
+  int (*xToken)(void*, int, const char*, int nToken, int iStart, int iEnd)
+){
+  Unicode61Tokenizer *p = (Unicode61Tokenizer*)pTokenizer;
+  int rc = SQLITE_OK;
+  unsigned char *a = p->aTokenChar;
+
+  unsigned char *zTerm = (unsigned char*)&pText[nText];
+  unsigned char *zCsr = (unsigned char *)pText;
+
+  /* Output buffer */
+  char *aFold = p->aFold;
+  int nFold = p->nFold;
+  const char *pEnd = &aFold[nFold-6];
+
+  /* Each iteration of this loop gobbles up a contiguous run of separators,
+  ** then the next token.  */
+  while( rc==SQLITE_OK ){
+    int iCode;                    /* non-ASCII codepoint read from input */
+    char *zOut = aFold;
+    int is;
+    int ie;
+
+    /* Skip any separator characters. */
+    while( 1 ){
+      if( zCsr>=zTerm ) goto tokenize_done;
+      if( *zCsr & 0x80 ) {
+        /* A character outside of the ascii range. Skip past it if it is
+        ** a separator character. Or break out of the loop if it is not. */
+        is = zCsr - (unsigned char*)pText;
+        READ_UTF8(zCsr, zTerm, iCode);
+        if( fts5UnicodeIsAlnum(p, iCode) ){
+          goto non_ascii_tokenchar;
+        }
+      }else{
+        if( a[*zCsr] ){
+          is = zCsr - (unsigned char*)pText;
+          goto ascii_tokenchar;
+        }
+        zCsr++;
+      }
+    }
+
+    /* Run through the tokenchars. Fold them into the output buffer along
+    ** the way.  */
+    while( zCsr<zTerm ){
+
+      /* Grow the output buffer so that there is sufficient space to fit the
+      ** largest possible utf-8 character.  */
+      if( zOut>pEnd ){
+        aFold = sqlite3_malloc(nFold*2);
+        if( aFold==0 ){
+          rc = SQLITE_NOMEM;
+          goto tokenize_done;
+        }
+        zOut = &aFold[zOut - p->aFold];
+        memcpy(aFold, p->aFold, nFold);
+        sqlite3_free(p->aFold);
+        p->aFold = aFold;
+        p->nFold = nFold = nFold*2;
+        pEnd = &aFold[nFold-6];
+      }
+
+      if( *zCsr & 0x80 ){
+        /* An non-ascii-range character. Fold it into the output buffer if
+        ** it is a token character, or break out of the loop if it is not. */
+        READ_UTF8(zCsr, zTerm, iCode);
+        if( fts5UnicodeIsAlnum(p,iCode)||sqlite3Fts5UnicodeIsdiacritic(iCode) ){
+ non_ascii_tokenchar:
+          iCode = sqlite3Fts5UnicodeFold(iCode, p->bRemoveDiacritic);
+          if( iCode ) WRITE_UTF8(zOut, iCode);
+        }else{
+          break;
+        }
+      }else if( a[*zCsr]==0 ){
+        /* An ascii-range separator character. End of token. */
+        break; 
+      }else{
+ ascii_tokenchar:
+        if( *zCsr>='A' && *zCsr<='Z' ){
+          *zOut++ = *zCsr + 32;
+        }else{
+          *zOut++ = *zCsr;
+        }
+        zCsr++;
+      }
+      ie = zCsr - (unsigned char*)pText;
+    }
+
+    /* Invoke the token callback */
+    rc = xToken(pCtx, 0, aFold, zOut-aFold, is, ie); 
+  }
+  
+ tokenize_done:
+  if( rc==SQLITE_DONE ) rc = SQLITE_OK;
+  return rc;
+}
+
+/**************************************************************************
+** Start of porter stemmer implementation.
+*/
+
+/* Any tokens larger than this (in bytes) are passed through without
+** stemming. */
+#define FTS5_PORTER_MAX_TOKEN 64
+
+typedef struct PorterTokenizer PorterTokenizer;
+struct PorterTokenizer {
+  fts5_tokenizer tokenizer;       /* Parent tokenizer module */
+  Fts5Tokenizer *pTokenizer;      /* Parent tokenizer instance */
+  char aBuf[FTS5_PORTER_MAX_TOKEN + 64];
+};
+
+/*
+** Delete a "porter" tokenizer.
+*/
+static void fts5PorterDelete(Fts5Tokenizer *pTok){
+  if( pTok ){
+    PorterTokenizer *p = (PorterTokenizer*)pTok;
+    if( p->pTokenizer ){
+      p->tokenizer.xDelete(p->pTokenizer);
+    }
+    sqlite3_free(p);
+  }
+}
+
+/*
+** Create a "porter" tokenizer.
+*/
+static int fts5PorterCreate(
+  void *pCtx, 
+  const char **azArg, int nArg,
+  Fts5Tokenizer **ppOut
+){
+  fts5_api *pApi = (fts5_api*)pCtx;
+  int rc = SQLITE_OK;
+  PorterTokenizer *pRet;
+  void *pUserdata = 0;
+  const char *zBase = "unicode61";
+
+  if( nArg>0 ){
+    zBase = azArg[0];
+  }
+
+  pRet = (PorterTokenizer*)sqlite3_malloc(sizeof(PorterTokenizer));
+  if( pRet ){
+    memset(pRet, 0, sizeof(PorterTokenizer));
+    rc = pApi->xFindTokenizer(pApi, zBase, &pUserdata, &pRet->tokenizer);
+  }else{
+    rc = SQLITE_NOMEM;
+  }
+  if( rc==SQLITE_OK ){
+    int nArg2 = (nArg>0 ? nArg-1 : 0);
+    const char **azArg2 = (nArg2 ? &azArg[1] : 0);
+    rc = pRet->tokenizer.xCreate(pUserdata, azArg2, nArg2, &pRet->pTokenizer);
+  }
+
+  if( rc!=SQLITE_OK ){
+    fts5PorterDelete((Fts5Tokenizer*)pRet);
+    pRet = 0;
+  }
+  *ppOut = (Fts5Tokenizer*)pRet;
+  return rc;
+}
+
+typedef struct PorterContext PorterContext;
+struct PorterContext {
+  void *pCtx;
+  int (*xToken)(void*, int, const char*, int, int, int);
+  char *aBuf;
+};
+
+typedef struct PorterRule PorterRule;
+struct PorterRule {
+  const char *zSuffix;
+  int nSuffix;
+  int (*xCond)(char *zStem, int nStem);
+  const char *zOutput;
+  int nOutput;
+};
+
+#if 0
+static int fts5PorterApply(char *aBuf, int *pnBuf, PorterRule *aRule){
+  int ret = -1;
+  int nBuf = *pnBuf;
+  PorterRule *p;
+
+  for(p=aRule; p->zSuffix; p++){
+    assert( strlen(p->zSuffix)==p->nSuffix );
+    assert( strlen(p->zOutput)==p->nOutput );
+    if( nBuf<p->nSuffix ) continue;
+    if( 0==memcmp(&aBuf[nBuf - p->nSuffix], p->zSuffix, p->nSuffix) ) break;
+  }
+
+  if( p->zSuffix ){
+    int nStem = nBuf - p->nSuffix;
+    if( p->xCond==0 || p->xCond(aBuf, nStem) ){
+      memcpy(&aBuf[nStem], p->zOutput, p->nOutput);
+      *pnBuf = nStem + p->nOutput;
+      ret = p - aRule;
+    }
+  }
+
+  return ret;
+}
+#endif
+
+static int fts5PorterIsVowel(char c, int bYIsVowel){
+  return (
+      c=='a' || c=='e' || c=='i' || c=='o' || c=='u' || (bYIsVowel && c=='y')
+  );
+}
+
+static int fts5PorterGobbleVC(char *zStem, int nStem, int bPrevCons){
+  int i;
+  int bCons = bPrevCons;
+
+  /* Scan for a vowel */
+  for(i=0; i<nStem; i++){
+    if( 0==(bCons = !fts5PorterIsVowel(zStem[i], bCons)) ) break;
+  }
+
+  /* Scan for a consonent */
+  for(i++; i<nStem; i++){
+    if( (bCons = !fts5PorterIsVowel(zStem[i], bCons)) ) return i+1;
+  }
+  return 0;
+}
+
+/* porter rule condition: (m > 0) */
+static int fts5Porter_MGt0(char *zStem, int nStem){
+  return !!fts5PorterGobbleVC(zStem, nStem, 0);
+}
+
+/* porter rule condition: (m > 1) */
+static int fts5Porter_MGt1(char *zStem, int nStem){
+  int n;
+  n = fts5PorterGobbleVC(zStem, nStem, 0);
+  if( n && fts5PorterGobbleVC(&zStem[n], nStem-n, 1) ){
+    return 1;
+  }
+  return 0;
+}
+
+/* porter rule condition: (m = 1) */
+static int fts5Porter_MEq1(char *zStem, int nStem){
+  int n;
+  n = fts5PorterGobbleVC(zStem, nStem, 0);
+  if( n && 0==fts5PorterGobbleVC(&zStem[n], nStem-n, 1) ){
+    return 1;
+  }
+  return 0;
+}
+
+/* porter rule condition: (*o) */
+static int fts5Porter_Ostar(char *zStem, int nStem){
+  if( zStem[nStem-1]=='w' || zStem[nStem-1]=='x' || zStem[nStem-1]=='y' ){
+    return 0;
+  }else{
+    int i;
+    int mask = 0;
+    int bCons = 0;
+    for(i=0; i<nStem; i++){
+      bCons = !fts5PorterIsVowel(zStem[i], bCons);
+      assert( bCons==0 || bCons==1 );
+      mask = (mask << 1) + bCons;
+    }
+    return ((mask & 0x0007)==0x0005);
+  }
+}
+
+/* porter rule condition: (m > 1 and (*S or *T)) */
+static int fts5Porter_MGt1_and_S_or_T(char *zStem, int nStem){
+  assert( nStem>0 );
+  return (zStem[nStem-1]=='s' || zStem[nStem-1]=='t') 
+      && fts5Porter_MGt1(zStem, nStem);
+}
+
+/* porter rule condition: (*v*) */
+static int fts5Porter_Vowel(char *zStem, int nStem){
+  int i;
+  for(i=0; i<nStem; i++){
+    if( fts5PorterIsVowel(zStem[i], i>0) ){
+      return 1;
+    }
+  }
+  return 0;
+}
+
+
+/**************************************************************************
+***************************************************************************
+** GENERATED CODE STARTS HERE (mkportersteps.tcl)
+*/
+
+static int fts5PorterStep4(char *aBuf, int *pnBuf){
+  int ret = 0;
+  int nBuf = *pnBuf;
+  switch( aBuf[nBuf-2] ){
+    
+    case 'a': 
+      if( nBuf>2 && 0==memcmp("al", &aBuf[nBuf-2], 2) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-2) ){
+          *pnBuf = nBuf - 2;
+        }
+      }
+      break;
+  
+    case 'c': 
+      if( nBuf>4 && 0==memcmp("ance", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-4) ){
+          *pnBuf = nBuf - 4;
+        }
+      }else if( nBuf>4 && 0==memcmp("ence", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-4) ){
+          *pnBuf = nBuf - 4;
+        }
+      }
+      break;
+  
+    case 'e': 
+      if( nBuf>2 && 0==memcmp("er", &aBuf[nBuf-2], 2) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-2) ){
+          *pnBuf = nBuf - 2;
+        }
+      }
+      break;
+  
+    case 'i': 
+      if( nBuf>2 && 0==memcmp("ic", &aBuf[nBuf-2], 2) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-2) ){
+          *pnBuf = nBuf - 2;
+        }
+      }
+      break;
+  
+    case 'l': 
+      if( nBuf>4 && 0==memcmp("able", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-4) ){
+          *pnBuf = nBuf - 4;
+        }
+      }else if( nBuf>4 && 0==memcmp("ible", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-4) ){
+          *pnBuf = nBuf - 4;
+        }
+      }
+      break;
+  
+    case 'n': 
+      if( nBuf>3 && 0==memcmp("ant", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }else if( nBuf>5 && 0==memcmp("ement", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-5) ){
+          *pnBuf = nBuf - 5;
+        }
+      }else if( nBuf>4 && 0==memcmp("ment", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-4) ){
+          *pnBuf = nBuf - 4;
+        }
+      }else if( nBuf>3 && 0==memcmp("ent", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }
+      break;
+  
+    case 'o': 
+      if( nBuf>3 && 0==memcmp("ion", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1_and_S_or_T(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }else if( nBuf>2 && 0==memcmp("ou", &aBuf[nBuf-2], 2) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-2) ){
+          *pnBuf = nBuf - 2;
+        }
+      }
+      break;
+  
+    case 's': 
+      if( nBuf>3 && 0==memcmp("ism", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }
+      break;
+  
+    case 't': 
+      if( nBuf>3 && 0==memcmp("ate", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }else if( nBuf>3 && 0==memcmp("iti", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }
+      break;
+  
+    case 'u': 
+      if( nBuf>3 && 0==memcmp("ous", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }
+      break;
+  
+    case 'v': 
+      if( nBuf>3 && 0==memcmp("ive", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }
+      break;
+  
+    case 'z': 
+      if( nBuf>3 && 0==memcmp("ize", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt1(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }
+      break;
+  
+  }
+  return ret;
+}
+  
+
+static int fts5PorterStep1B2(char *aBuf, int *pnBuf){
+  int ret = 0;
+  int nBuf = *pnBuf;
+  switch( aBuf[nBuf-2] ){
+    
+    case 'a': 
+      if( nBuf>2 && 0==memcmp("at", &aBuf[nBuf-2], 2) ){
+        memcpy(&aBuf[nBuf-2], "ate", 3);
+        *pnBuf = nBuf - 2 + 3;
+        ret = 1;
+      }
+      break;
+  
+    case 'b': 
+      if( nBuf>2 && 0==memcmp("bl", &aBuf[nBuf-2], 2) ){
+        memcpy(&aBuf[nBuf-2], "ble", 3);
+        *pnBuf = nBuf - 2 + 3;
+        ret = 1;
+      }
+      break;
+  
+    case 'i': 
+      if( nBuf>2 && 0==memcmp("iz", &aBuf[nBuf-2], 2) ){
+        memcpy(&aBuf[nBuf-2], "ize", 3);
+        *pnBuf = nBuf - 2 + 3;
+        ret = 1;
+      }
+      break;
+  
+  }
+  return ret;
+}
+  
+
+static int fts5PorterStep2(char *aBuf, int *pnBuf){
+  int ret = 0;
+  int nBuf = *pnBuf;
+  switch( aBuf[nBuf-2] ){
+    
+    case 'a': 
+      if( nBuf>7 && 0==memcmp("ational", &aBuf[nBuf-7], 7) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-7) ){
+          memcpy(&aBuf[nBuf-7], "ate", 3);
+          *pnBuf = nBuf - 7 + 3;
+        }
+      }else if( nBuf>6 && 0==memcmp("tional", &aBuf[nBuf-6], 6) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-6) ){
+          memcpy(&aBuf[nBuf-6], "tion", 4);
+          *pnBuf = nBuf - 6 + 4;
+        }
+      }
+      break;
+  
+    case 'c': 
+      if( nBuf>4 && 0==memcmp("enci", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          memcpy(&aBuf[nBuf-4], "ence", 4);
+          *pnBuf = nBuf - 4 + 4;
+        }
+      }else if( nBuf>4 && 0==memcmp("anci", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          memcpy(&aBuf[nBuf-4], "ance", 4);
+          *pnBuf = nBuf - 4 + 4;
+        }
+      }
+      break;
+  
+    case 'e': 
+      if( nBuf>4 && 0==memcmp("izer", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          memcpy(&aBuf[nBuf-4], "ize", 3);
+          *pnBuf = nBuf - 4 + 3;
+        }
+      }
+      break;
+  
+    case 'g': 
+      if( nBuf>4 && 0==memcmp("logi", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          memcpy(&aBuf[nBuf-4], "log", 3);
+          *pnBuf = nBuf - 4 + 3;
+        }
+      }
+      break;
+  
+    case 'l': 
+      if( nBuf>3 && 0==memcmp("bli", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-3) ){
+          memcpy(&aBuf[nBuf-3], "ble", 3);
+          *pnBuf = nBuf - 3 + 3;
+        }
+      }else if( nBuf>4 && 0==memcmp("alli", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          memcpy(&aBuf[nBuf-4], "al", 2);
+          *pnBuf = nBuf - 4 + 2;
+        }
+      }else if( nBuf>5 && 0==memcmp("entli", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "ent", 3);
+          *pnBuf = nBuf - 5 + 3;
+        }
+      }else if( nBuf>3 && 0==memcmp("eli", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-3) ){
+          memcpy(&aBuf[nBuf-3], "e", 1);
+          *pnBuf = nBuf - 3 + 1;
+        }
+      }else if( nBuf>5 && 0==memcmp("ousli", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "ous", 3);
+          *pnBuf = nBuf - 5 + 3;
+        }
+      }
+      break;
+  
+    case 'o': 
+      if( nBuf>7 && 0==memcmp("ization", &aBuf[nBuf-7], 7) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-7) ){
+          memcpy(&aBuf[nBuf-7], "ize", 3);
+          *pnBuf = nBuf - 7 + 3;
+        }
+      }else if( nBuf>5 && 0==memcmp("ation", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "ate", 3);
+          *pnBuf = nBuf - 5 + 3;
+        }
+      }else if( nBuf>4 && 0==memcmp("ator", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          memcpy(&aBuf[nBuf-4], "ate", 3);
+          *pnBuf = nBuf - 4 + 3;
+        }
+      }
+      break;
+  
+    case 's': 
+      if( nBuf>5 && 0==memcmp("alism", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "al", 2);
+          *pnBuf = nBuf - 5 + 2;
+        }
+      }else if( nBuf>7 && 0==memcmp("iveness", &aBuf[nBuf-7], 7) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-7) ){
+          memcpy(&aBuf[nBuf-7], "ive", 3);
+          *pnBuf = nBuf - 7 + 3;
+        }
+      }else if( nBuf>7 && 0==memcmp("fulness", &aBuf[nBuf-7], 7) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-7) ){
+          memcpy(&aBuf[nBuf-7], "ful", 3);
+          *pnBuf = nBuf - 7 + 3;
+        }
+      }else if( nBuf>7 && 0==memcmp("ousness", &aBuf[nBuf-7], 7) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-7) ){
+          memcpy(&aBuf[nBuf-7], "ous", 3);
+          *pnBuf = nBuf - 7 + 3;
+        }
+      }
+      break;
+  
+    case 't': 
+      if( nBuf>5 && 0==memcmp("aliti", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "al", 2);
+          *pnBuf = nBuf - 5 + 2;
+        }
+      }else if( nBuf>5 && 0==memcmp("iviti", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "ive", 3);
+          *pnBuf = nBuf - 5 + 3;
+        }
+      }else if( nBuf>6 && 0==memcmp("biliti", &aBuf[nBuf-6], 6) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-6) ){
+          memcpy(&aBuf[nBuf-6], "ble", 3);
+          *pnBuf = nBuf - 6 + 3;
+        }
+      }
+      break;
+  
+  }
+  return ret;
+}
+  
+
+static int fts5PorterStep3(char *aBuf, int *pnBuf){
+  int ret = 0;
+  int nBuf = *pnBuf;
+  switch( aBuf[nBuf-2] ){
+    
+    case 'a': 
+      if( nBuf>4 && 0==memcmp("ical", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          memcpy(&aBuf[nBuf-4], "ic", 2);
+          *pnBuf = nBuf - 4 + 2;
+        }
+      }
+      break;
+  
+    case 's': 
+      if( nBuf>4 && 0==memcmp("ness", &aBuf[nBuf-4], 4) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-4) ){
+          *pnBuf = nBuf - 4;
+        }
+      }
+      break;
+  
+    case 't': 
+      if( nBuf>5 && 0==memcmp("icate", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "ic", 2);
+          *pnBuf = nBuf - 5 + 2;
+        }
+      }else if( nBuf>5 && 0==memcmp("iciti", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "ic", 2);
+          *pnBuf = nBuf - 5 + 2;
+        }
+      }
+      break;
+  
+    case 'u': 
+      if( nBuf>3 && 0==memcmp("ful", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+        }
+      }
+      break;
+  
+    case 'v': 
+      if( nBuf>5 && 0==memcmp("ative", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          *pnBuf = nBuf - 5;
+        }
+      }
+      break;
+  
+    case 'z': 
+      if( nBuf>5 && 0==memcmp("alize", &aBuf[nBuf-5], 5) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-5) ){
+          memcpy(&aBuf[nBuf-5], "al", 2);
+          *pnBuf = nBuf - 5 + 2;
+        }
+      }
+      break;
+  
+  }
+  return ret;
+}
+  
+
+static int fts5PorterStep1B(char *aBuf, int *pnBuf){
+  int ret = 0;
+  int nBuf = *pnBuf;
+  switch( aBuf[nBuf-2] ){
+    
+    case 'e': 
+      if( nBuf>3 && 0==memcmp("eed", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_MGt0(aBuf, nBuf-3) ){
+          memcpy(&aBuf[nBuf-3], "ee", 2);
+          *pnBuf = nBuf - 3 + 2;
+        }
+      }else if( nBuf>2 && 0==memcmp("ed", &aBuf[nBuf-2], 2) ){
+        if( fts5Porter_Vowel(aBuf, nBuf-2) ){
+          *pnBuf = nBuf - 2;
+          ret = 1;
+        }
+      }
+      break;
+  
+    case 'n': 
+      if( nBuf>3 && 0==memcmp("ing", &aBuf[nBuf-3], 3) ){
+        if( fts5Porter_Vowel(aBuf, nBuf-3) ){
+          *pnBuf = nBuf - 3;
+          ret = 1;
+        }
+      }
+      break;
+  
+  }
+  return ret;
+}
+  
+/* 
+** GENERATED CODE ENDS HERE (mkportersteps.tcl)
+***************************************************************************
+**************************************************************************/
+
+static void fts5PorterStep1A(char *aBuf, int *pnBuf){
+  int nBuf = *pnBuf;
+  if( aBuf[nBuf-1]=='s' ){
+    if( aBuf[nBuf-2]=='e' ){
+      if( (nBuf>4 && aBuf[nBuf-4]=='s' && aBuf[nBuf-3]=='s') 
+       || (nBuf>3 && aBuf[nBuf-3]=='i' )
+      ){
+        *pnBuf = nBuf-2;
+      }else{
+        *pnBuf = nBuf-1;
+      }
+    }
+    else if( aBuf[nBuf-2]!='s' ){
+      *pnBuf = nBuf-1;
+    }
+  }
+}
+
+static int fts5PorterCb(
+  void *pCtx, 
+  int tflags,
+  const char *pToken, 
+  int nToken, 
+  int iStart, 
+  int iEnd
+){
+  PorterContext *p = (PorterContext*)pCtx;
+
+  char *aBuf;
+  int nBuf;
+
+  if( nToken>FTS5_PORTER_MAX_TOKEN || nToken<3 ) goto pass_through;
+  aBuf = p->aBuf;
+  nBuf = nToken;
+  memcpy(aBuf, pToken, nBuf);
+
+  /* Step 1. */
+  fts5PorterStep1A(aBuf, &nBuf);
+  if( fts5PorterStep1B(aBuf, &nBuf) ){
+    if( fts5PorterStep1B2(aBuf, &nBuf)==0 ){
+      char c = aBuf[nBuf-1];
+      if( fts5PorterIsVowel(c, 0)==0 
+       && c!='l' && c!='s' && c!='z' && c==aBuf[nBuf-2] 
+      ){
+        nBuf--;
+      }else if( fts5Porter_MEq1(aBuf, nBuf) && fts5Porter_Ostar(aBuf, nBuf) ){
+        aBuf[nBuf++] = 'e';
+      }
+    }
+  }
+
+  /* Step 1C. */
+  if( aBuf[nBuf-1]=='y' && fts5Porter_Vowel(aBuf, nBuf-1) ){
+    aBuf[nBuf-1] = 'i';
+  }
+
+  /* Steps 2 through 4. */
+  fts5PorterStep2(aBuf, &nBuf);
+  fts5PorterStep3(aBuf, &nBuf);
+  fts5PorterStep4(aBuf, &nBuf);
+
+  /* Step 5a. */
+  assert( nBuf>0 );
+  if( aBuf[nBuf-1]=='e' ){
+    if( fts5Porter_MGt1(aBuf, nBuf-1) 
+     || (fts5Porter_MEq1(aBuf, nBuf-1) && !fts5Porter_Ostar(aBuf, nBuf-1))
+    ){
+      nBuf--;
+    }
+  }
+
+  /* Step 5b. */
+  if( nBuf>1 && aBuf[nBuf-1]=='l' 
+   && aBuf[nBuf-2]=='l' && fts5Porter_MGt1(aBuf, nBuf-1) 
+  ){
+    nBuf--;
+  }
+
+  return p->xToken(p->pCtx, tflags, aBuf, nBuf, iStart, iEnd);
+
+ pass_through:
+  return p->xToken(p->pCtx, tflags, pToken, nToken, iStart, iEnd);
+}
+
+/*
+** Tokenize using the porter tokenizer.
+*/
+static int fts5PorterTokenize(
+  Fts5Tokenizer *pTokenizer,
+  void *pCtx,
+  int flags,
+  const char *pText, int nText,
+  int (*xToken)(void*, int, const char*, int nToken, int iStart, int iEnd)
+){
+  PorterTokenizer *p = (PorterTokenizer*)pTokenizer;
+  PorterContext sCtx;
+  sCtx.xToken = xToken;
+  sCtx.pCtx = pCtx;
+  sCtx.aBuf = p->aBuf;
+  return p->tokenizer.xTokenize(
+      p->pTokenizer, (void*)&sCtx, flags, pText, nText, fts5PorterCb
+  );
+}
+
+/*
+** Register all built-in tokenizers with FTS5.
+*/
+static int sqlite3Fts5TokenizerInit(fts5_api *pApi){
+  struct BuiltinTokenizer {
+    const char *zName;
+    fts5_tokenizer x;
+  } aBuiltin[] = {
+    { "unicode61", {fts5UnicodeCreate, fts5UnicodeDelete, fts5UnicodeTokenize}},
+    { "ascii",     {fts5AsciiCreate, fts5AsciiDelete, fts5AsciiTokenize }},
+    { "porter",    {fts5PorterCreate, fts5PorterDelete, fts5PorterTokenize }},
+  };
+  
+  int rc = SQLITE_OK;             /* Return code */
+  int i;                          /* To iterate through builtin functions */
+
+  for(i=0; rc==SQLITE_OK && i<(int)ArraySize(aBuiltin); i++){
+    rc = pApi->xCreateTokenizer(pApi,
+        aBuiltin[i].zName,
+        (void*)pApi,
+        &aBuiltin[i].x,
+        0
+    );
+  }
+
+  return rc;
+}
+
+
+
+/*
+** 2012 May 25
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+*/
+
+/*
+** DO NOT EDIT THIS MACHINE GENERATED FILE.
+*/
+
+
+/* #include <assert.h> */
+
+/*
+** Return true if the argument corresponds to a unicode codepoint
+** classified as either a letter or a number. Otherwise false.
+**
+** The results are undefined if the value passed to this function
+** is less than zero.
+*/
+static int sqlite3Fts5UnicodeIsalnum(int c){
+  /* Each unsigned integer in the following array corresponds to a contiguous
+  ** range of unicode codepoints that are not either letters or numbers (i.e.
+  ** codepoints for which this function should return 0).
+  **
+  ** The most significant 22 bits in each 32-bit value contain the first 
+  ** codepoint in the range. The least significant 10 bits are used to store
+  ** the size of the range (always at least 1). In other words, the value 
+  ** ((C<<22) + N) represents a range of N codepoints starting with codepoint 
+  ** C. It is not possible to represent a range larger than 1023 codepoints 
+  ** using this format.
+  */
+  static const unsigned int aEntry[] = {
+    0x00000030, 0x0000E807, 0x00016C06, 0x0001EC2F, 0x0002AC07,
+    0x0002D001, 0x0002D803, 0x0002EC01, 0x0002FC01, 0x00035C01,
+    0x0003DC01, 0x000B0804, 0x000B480E, 0x000B9407, 0x000BB401,
+    0x000BBC81, 0x000DD401, 0x000DF801, 0x000E1002, 0x000E1C01,
+    0x000FD801, 0x00120808, 0x00156806, 0x00162402, 0x00163C01,
+    0x00164437, 0x0017CC02, 0x00180005, 0x00181816, 0x00187802,
+    0x00192C15, 0x0019A804, 0x0019C001, 0x001B5001, 0x001B580F,
+    0x001B9C07, 0x001BF402, 0x001C000E, 0x001C3C01, 0x001C4401,
+    0x001CC01B, 0x001E980B, 0x001FAC09, 0x001FD804, 0x00205804,
+    0x00206C09, 0x00209403, 0x0020A405, 0x0020C00F, 0x00216403,
+    0x00217801, 0x0023901B, 0x00240004, 0x0024E803, 0x0024F812,
+    0x00254407, 0x00258804, 0x0025C001, 0x00260403, 0x0026F001,
+    0x0026F807, 0x00271C02, 0x00272C03, 0x00275C01, 0x00278802,
+    0x0027C802, 0x0027E802, 0x00280403, 0x0028F001, 0x0028F805,
+    0x00291C02, 0x00292C03, 0x00294401, 0x0029C002, 0x0029D401,
+    0x002A0403, 0x002AF001, 0x002AF808, 0x002B1C03, 0x002B2C03,
+    0x002B8802, 0x002BC002, 0x002C0403, 0x002CF001, 0x002CF807,
+    0x002D1C02, 0x002D2C03, 0x002D5802, 0x002D8802, 0x002DC001,
+    0x002E0801, 0x002EF805, 0x002F1803, 0x002F2804, 0x002F5C01,
+    0x002FCC08, 0x00300403, 0x0030F807, 0x00311803, 0x00312804,
+    0x00315402, 0x00318802, 0x0031FC01, 0x00320802, 0x0032F001,
+    0x0032F807, 0x00331803, 0x00332804, 0x00335402, 0x00338802,
+    0x00340802, 0x0034F807, 0x00351803, 0x00352804, 0x00355C01,
+    0x00358802, 0x0035E401, 0x00360802, 0x00372801, 0x00373C06,
+    0x00375801, 0x00376008, 0x0037C803, 0x0038C401, 0x0038D007,
+    0x0038FC01, 0x00391C09, 0x00396802, 0x003AC401, 0x003AD006,
+    0x003AEC02, 0x003B2006, 0x003C041F, 0x003CD00C, 0x003DC417,
+    0x003E340B, 0x003E6424, 0x003EF80F, 0x003F380D, 0x0040AC14,
+    0x00412806, 0x00415804, 0x00417803, 0x00418803, 0x00419C07,
+    0x0041C404, 0x0042080C, 0x00423C01, 0x00426806, 0x0043EC01,
+    0x004D740C, 0x004E400A, 0x00500001, 0x0059B402, 0x005A0001,
+    0x005A6C02, 0x005BAC03, 0x005C4803, 0x005CC805, 0x005D4802,
+    0x005DC802, 0x005ED023, 0x005F6004, 0x005F7401, 0x0060000F,
+    0x0062A401, 0x0064800C, 0x0064C00C, 0x00650001, 0x00651002,
+    0x0066C011, 0x00672002, 0x00677822, 0x00685C05, 0x00687802,
+    0x0069540A, 0x0069801D, 0x0069FC01, 0x006A8007, 0x006AA006,
+    0x006C0005, 0x006CD011, 0x006D6823, 0x006E0003, 0x006E840D,
+    0x006F980E, 0x006FF004, 0x00709014, 0x0070EC05, 0x0071F802,
+    0x00730008, 0x00734019, 0x0073B401, 0x0073C803, 0x00770027,
+    0x0077F004, 0x007EF401, 0x007EFC03, 0x007F3403, 0x007F7403,
+    0x007FB403, 0x007FF402, 0x00800065, 0x0081A806, 0x0081E805,
+    0x00822805, 0x0082801A, 0x00834021, 0x00840002, 0x00840C04,
+    0x00842002, 0x00845001, 0x00845803, 0x00847806, 0x00849401,
+    0x00849C01, 0x0084A401, 0x0084B801, 0x0084E802, 0x00850005,
+    0x00852804, 0x00853C01, 0x00864264, 0x00900027, 0x0091000B,
+    0x0092704E, 0x00940200, 0x009C0475, 0x009E53B9, 0x00AD400A,
+    0x00B39406, 0x00B3BC03, 0x00B3E404, 0x00B3F802, 0x00B5C001,
+    0x00B5FC01, 0x00B7804F, 0x00B8C00C, 0x00BA001A, 0x00BA6C59,
+    0x00BC00D6, 0x00BFC00C, 0x00C00005, 0x00C02019, 0x00C0A807,
+    0x00C0D802, 0x00C0F403, 0x00C26404, 0x00C28001, 0x00C3EC01,
+    0x00C64002, 0x00C6580A, 0x00C70024, 0x00C8001F, 0x00C8A81E,
+    0x00C94001, 0x00C98020, 0x00CA2827, 0x00CB003F, 0x00CC0100,
+    0x01370040, 0x02924037, 0x0293F802, 0x02983403, 0x0299BC10,
+    0x029A7C01, 0x029BC008, 0x029C0017, 0x029C8002, 0x029E2402,
+    0x02A00801, 0x02A01801, 0x02A02C01, 0x02A08C09, 0x02A0D804,
+    0x02A1D004, 0x02A20002, 0x02A2D011, 0x02A33802, 0x02A38012,
+    0x02A3E003, 0x02A4980A, 0x02A51C0D, 0x02A57C01, 0x02A60004,
+    0x02A6CC1B, 0x02A77802, 0x02A8A40E, 0x02A90C01, 0x02A93002,
+    0x02A97004, 0x02A9DC03, 0x02A9EC01, 0x02AAC001, 0x02AAC803,
+    0x02AADC02, 0x02AAF802, 0x02AB0401, 0x02AB7802, 0x02ABAC07,
+    0x02ABD402, 0x02AF8C0B, 0x03600001, 0x036DFC02, 0x036FFC02,
+    0x037FFC01, 0x03EC7801, 0x03ECA401, 0x03EEC810, 0x03F4F802,
+    0x03F7F002, 0x03F8001A, 0x03F88007, 0x03F8C023, 0x03F95013,
+    0x03F9A004, 0x03FBFC01, 0x03FC040F, 0x03FC6807, 0x03FCEC06,
+    0x03FD6C0B, 0x03FF8007, 0x03FFA007, 0x03FFE405, 0x04040003,
+    0x0404DC09, 0x0405E411, 0x0406400C, 0x0407402E, 0x040E7C01,
+    0x040F4001, 0x04215C01, 0x04247C01, 0x0424FC01, 0x04280403,
+    0x04281402, 0x04283004, 0x0428E003, 0x0428FC01, 0x04294009,
+    0x0429FC01, 0x042CE407, 0x04400003, 0x0440E016, 0x04420003,
+    0x0442C012, 0x04440003, 0x04449C0E, 0x04450004, 0x04460003,
+    0x0446CC0E, 0x04471404, 0x045AAC0D, 0x0491C004, 0x05BD442E,
+    0x05BE3C04, 0x074000F6, 0x07440027, 0x0744A4B5, 0x07480046,
+    0x074C0057, 0x075B0401, 0x075B6C01, 0x075BEC01, 0x075C5401,
+    0x075CD401, 0x075D3C01, 0x075DBC01, 0x075E2401, 0x075EA401,
+    0x075F0C01, 0x07BBC002, 0x07C0002C, 0x07C0C064, 0x07C2800F,
+    0x07C2C40E, 0x07C3040F, 0x07C3440F, 0x07C4401F, 0x07C4C03C,
+    0x07C5C02B, 0x07C7981D, 0x07C8402B, 0x07C90009, 0x07C94002,
+    0x07CC0021, 0x07CCC006, 0x07CCDC46, 0x07CE0014, 0x07CE8025,
+    0x07CF1805, 0x07CF8011, 0x07D0003F, 0x07D10001, 0x07D108B6,
+    0x07D3E404, 0x07D4003E, 0x07D50004, 0x07D54018, 0x07D7EC46,
+    0x07D9140B, 0x07DA0046, 0x07DC0074, 0x38000401, 0x38008060,
+    0x380400F0,
+  };
+  static const unsigned int aAscii[4] = {
+    0xFFFFFFFF, 0xFC00FFFF, 0xF8000001, 0xF8000001,
+  };
+
+  if( c<128 ){
+    return ( (aAscii[c >> 5] & (1 << (c & 0x001F)))==0 );
+  }else if( c<(1<<22) ){
+    unsigned int key = (((unsigned int)c)<<10) | 0x000003FF;
+    int iRes = 0;
+    int iHi = sizeof(aEntry)/sizeof(aEntry[0]) - 1;
+    int iLo = 0;
+    while( iHi>=iLo ){
+      int iTest = (iHi + iLo) / 2;
+      if( key >= aEntry[iTest] ){
+        iRes = iTest;
+        iLo = iTest+1;
+      }else{
+        iHi = iTest-1;
+      }
+    }
+    assert( aEntry[0]<key );
+    assert( key>=aEntry[iRes] );
+    return (((unsigned int)c) >= ((aEntry[iRes]>>10) + (aEntry[iRes]&0x3FF)));
+  }
+  return 1;
+}
+
+
+/*
+** If the argument is a codepoint corresponding to a lowercase letter
+** in the ASCII range with a diacritic added, return the codepoint
+** of the ASCII letter only. For example, if passed 235 - "LATIN
+** SMALL LETTER E WITH DIAERESIS" - return 65 ("LATIN SMALL LETTER
+** E"). The resuls of passing a codepoint that corresponds to an
+** uppercase letter are undefined.
+*/
+static int fts5_remove_diacritic(int c){
+  unsigned short aDia[] = {
+        0,  1797,  1848,  1859,  1891,  1928,  1940,  1995, 
+     2024,  2040,  2060,  2110,  2168,  2206,  2264,  2286, 
+     2344,  2383,  2472,  2488,  2516,  2596,  2668,  2732, 
+     2782,  2842,  2894,  2954,  2984,  3000,  3028,  3336, 
+     3456,  3696,  3712,  3728,  3744,  3896,  3912,  3928, 
+     3968,  4008,  4040,  4106,  4138,  4170,  4202,  4234, 
+     4266,  4296,  4312,  4344,  4408,  4424,  4472,  4504, 
+     6148,  6198,  6264,  6280,  6360,  6429,  6505,  6529, 
+    61448, 61468, 61534, 61592, 61642, 61688, 61704, 61726, 
+    61784, 61800, 61836, 61880, 61914, 61948, 61998, 62122, 
+    62154, 62200, 62218, 62302, 62364, 62442, 62478, 62536, 
+    62554, 62584, 62604, 62640, 62648, 62656, 62664, 62730, 
+    62924, 63050, 63082, 63274, 63390, 
+  };
+  char aChar[] = {
+    '\0', 'a',  'c',  'e',  'i',  'n',  'o',  'u',  'y',  'y',  'a',  'c',  
+    'd',  'e',  'e',  'g',  'h',  'i',  'j',  'k',  'l',  'n',  'o',  'r',  
+    's',  't',  'u',  'u',  'w',  'y',  'z',  'o',  'u',  'a',  'i',  'o',  
+    'u',  'g',  'k',  'o',  'j',  'g',  'n',  'a',  'e',  'i',  'o',  'r',  
+    'u',  's',  't',  'h',  'a',  'e',  'o',  'y',  '\0', '\0', '\0', '\0', 
+    '\0', '\0', '\0', '\0', 'a',  'b',  'd',  'd',  'e',  'f',  'g',  'h',  
+    'h',  'i',  'k',  'l',  'l',  'm',  'n',  'p',  'r',  'r',  's',  't',  
+    'u',  'v',  'w',  'w',  'x',  'y',  'z',  'h',  't',  'w',  'y',  'a',  
+    'e',  'i',  'o',  'u',  'y',  
+  };
+
+  unsigned int key = (((unsigned int)c)<<3) | 0x00000007;
+  int iRes = 0;
+  int iHi = sizeof(aDia)/sizeof(aDia[0]) - 1;
+  int iLo = 0;
+  while( iHi>=iLo ){
+    int iTest = (iHi + iLo) / 2;
+    if( key >= aDia[iTest] ){
+      iRes = iTest;
+      iLo = iTest+1;
+    }else{
+      iHi = iTest-1;
+    }
+  }
+  assert( key>=aDia[iRes] );
+  return ((c > (aDia[iRes]>>3) + (aDia[iRes]&0x07)) ? c : (int)aChar[iRes]);
+}
+
+
+/*
+** Return true if the argument interpreted as a unicode codepoint
+** is a diacritical modifier character.
+*/
+static int sqlite3Fts5UnicodeIsdiacritic(int c){
+  unsigned int mask0 = 0x08029FDF;
+  unsigned int mask1 = 0x000361F8;
+  if( c<768 || c>817 ) return 0;
+  return (c < 768+32) ?
+      (mask0 & (1 << (c-768))) :
+      (mask1 & (1 << (c-768-32)));
+}
+
+
+/*
+** Interpret the argument as a unicode codepoint. If the codepoint
+** is an upper case character that has a lower case equivalent,
+** return the codepoint corresponding to the lower case version.
+** Otherwise, return a copy of the argument.
+**
+** The results are undefined if the value passed to this function
+** is less than zero.
+*/
+static int sqlite3Fts5UnicodeFold(int c, int bRemoveDiacritic){
+  /* Each entry in the following array defines a rule for folding a range
+  ** of codepoints to lower case. The rule applies to a range of nRange
+  ** codepoints starting at codepoint iCode.
+  **
+  ** If the least significant bit in flags is clear, then the rule applies
+  ** to all nRange codepoints (i.e. all nRange codepoints are upper case and
+  ** need to be folded). Or, if it is set, then the rule only applies to
+  ** every second codepoint in the range, starting with codepoint C.
+  **
+  ** The 7 most significant bits in flags are an index into the aiOff[]
+  ** array. If a specific codepoint C does require folding, then its lower
+  ** case equivalent is ((C + aiOff[flags>>1]) & 0xFFFF).
+  **
+  ** The contents of this array are generated by parsing the CaseFolding.txt
+  ** file distributed as part of the "Unicode Character Database". See
+  ** http://www.unicode.org for details.
+  */
+  static const struct TableEntry {
+    unsigned short iCode;
+    unsigned char flags;
+    unsigned char nRange;
+  } aEntry[] = {
+    {65, 14, 26},          {181, 64, 1},          {192, 14, 23},
+    {216, 14, 7},          {256, 1, 48},          {306, 1, 6},
+    {313, 1, 16},          {330, 1, 46},          {376, 116, 1},
+    {377, 1, 6},           {383, 104, 1},         {385, 50, 1},
+    {386, 1, 4},           {390, 44, 1},          {391, 0, 1},
+    {393, 42, 2},          {395, 0, 1},           {398, 32, 1},
+    {399, 38, 1},          {400, 40, 1},          {401, 0, 1},
+    {403, 42, 1},          {404, 46, 1},          {406, 52, 1},
+    {407, 48, 1},          {408, 0, 1},           {412, 52, 1},
+    {413, 54, 1},          {415, 56, 1},          {416, 1, 6},
+    {422, 60, 1},          {423, 0, 1},           {425, 60, 1},
+    {428, 0, 1},           {430, 60, 1},          {431, 0, 1},
+    {433, 58, 2},          {435, 1, 4},           {439, 62, 1},
+    {440, 0, 1},           {444, 0, 1},           {452, 2, 1},
+    {453, 0, 1},           {455, 2, 1},           {456, 0, 1},
+    {458, 2, 1},           {459, 1, 18},          {478, 1, 18},
+    {497, 2, 1},           {498, 1, 4},           {502, 122, 1},
+    {503, 134, 1},         {504, 1, 40},          {544, 110, 1},
+    {546, 1, 18},          {570, 70, 1},          {571, 0, 1},
+    {573, 108, 1},         {574, 68, 1},          {577, 0, 1},
+    {579, 106, 1},         {580, 28, 1},          {581, 30, 1},
+    {582, 1, 10},          {837, 36, 1},          {880, 1, 4},
+    {886, 0, 1},           {902, 18, 1},          {904, 16, 3},
+    {908, 26, 1},          {910, 24, 2},          {913, 14, 17},
+    {931, 14, 9},          {962, 0, 1},           {975, 4, 1},
+    {976, 140, 1},         {977, 142, 1},         {981, 146, 1},
+    {982, 144, 1},         {984, 1, 24},          {1008, 136, 1},
+    {1009, 138, 1},        {1012, 130, 1},        {1013, 128, 1},
+    {1015, 0, 1},          {1017, 152, 1},        {1018, 0, 1},
+    {1021, 110, 3},        {1024, 34, 16},        {1040, 14, 32},
+    {1120, 1, 34},         {1162, 1, 54},         {1216, 6, 1},
+    {1217, 1, 14},         {1232, 1, 88},         {1329, 22, 38},
+    {4256, 66, 38},        {4295, 66, 1},         {4301, 66, 1},
+    {7680, 1, 150},        {7835, 132, 1},        {7838, 96, 1},
+    {7840, 1, 96},         {7944, 150, 8},        {7960, 150, 6},
+    {7976, 150, 8},        {7992, 150, 8},        {8008, 150, 6},
+    {8025, 151, 8},        {8040, 150, 8},        {8072, 150, 8},
+    {8088, 150, 8},        {8104, 150, 8},        {8120, 150, 2},
+    {8122, 126, 2},        {8124, 148, 1},        {8126, 100, 1},
+    {8136, 124, 4},        {8140, 148, 1},        {8152, 150, 2},
+    {8154, 120, 2},        {8168, 150, 2},        {8170, 118, 2},
+    {8172, 152, 1},        {8184, 112, 2},        {8186, 114, 2},
+    {8188, 148, 1},        {8486, 98, 1},         {8490, 92, 1},
+    {8491, 94, 1},         {8498, 12, 1},         {8544, 8, 16},
+    {8579, 0, 1},          {9398, 10, 26},        {11264, 22, 47},
+    {11360, 0, 1},         {11362, 88, 1},        {11363, 102, 1},
+    {11364, 90, 1},        {11367, 1, 6},         {11373, 84, 1},
+    {11374, 86, 1},        {11375, 80, 1},        {11376, 82, 1},
+    {11378, 0, 1},         {11381, 0, 1},         {11390, 78, 2},
+    {11392, 1, 100},       {11499, 1, 4},         {11506, 0, 1},
+    {42560, 1, 46},        {42624, 1, 24},        {42786, 1, 14},
+    {42802, 1, 62},        {42873, 1, 4},         {42877, 76, 1},
+    {42878, 1, 10},        {42891, 0, 1},         {42893, 74, 1},
+    {42896, 1, 4},         {42912, 1, 10},        {42922, 72, 1},
+    {65313, 14, 26},       
+  };
+  static const unsigned short aiOff[] = {
+   1,     2,     8,     15,    16,    26,    28,    32,    
+   37,    38,    40,    48,    63,    64,    69,    71,    
+   79,    80,    116,   202,   203,   205,   206,   207,   
+   209,   210,   211,   213,   214,   217,   218,   219,   
+   775,   7264,  10792, 10795, 23228, 23256, 30204, 54721, 
+   54753, 54754, 54756, 54787, 54793, 54809, 57153, 57274, 
+   57921, 58019, 58363, 61722, 65268, 65341, 65373, 65406, 
+   65408, 65410, 65415, 65424, 65436, 65439, 65450, 65462, 
+   65472, 65476, 65478, 65480, 65482, 65488, 65506, 65511, 
+   65514, 65521, 65527, 65528, 65529, 
+  };
+
+  int ret = c;
+
+  assert( sizeof(unsigned short)==2 && sizeof(unsigned char)==1 );
+
+  if( c<128 ){
+    if( c>='A' && c<='Z' ) ret = c + ('a' - 'A');
+  }else if( c<65536 ){
+    const struct TableEntry *p;
+    int iHi = sizeof(aEntry)/sizeof(aEntry[0]) - 1;
+    int iLo = 0;
+    int iRes = -1;
+
+    assert( c>aEntry[0].iCode );
+    while( iHi>=iLo ){
+      int iTest = (iHi + iLo) / 2;
+      int cmp = (c - aEntry[iTest].iCode);
+      if( cmp>=0 ){
+        iRes = iTest;
+        iLo = iTest+1;
+      }else{
+        iHi = iTest-1;
+      }
+    }
+
+    assert( iRes>=0 && c>=aEntry[iRes].iCode );
+    p = &aEntry[iRes];
+    if( c<(p->iCode + p->nRange) && 0==(0x01 & p->flags & (p->iCode ^ c)) ){
+      ret = (c + (aiOff[p->flags>>1])) & 0x0000FFFF;
+      assert( ret>0 );
+    }
+
+    if( bRemoveDiacritic ) ret = fts5_remove_diacritic(ret);
+  }
+  
+  else if( c>=66560 && c<66600 ){
+    ret = c + 40;
+  }
+
+  return ret;
+}
+
+/*
+** 2015 May 30
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** Routines for varint serialization and deserialization.
+*/
+
+
+/* #include "fts5Int.h" */
+
+/*
+** This is a copy of the sqlite3GetVarint32() routine from the SQLite core.
+** Except, this version does handle the single byte case that the core
+** version depends on being handled before its function is called.
+*/
+static int sqlite3Fts5GetVarint32(const unsigned char *p, u32 *v){
+  u32 a,b;
+
+  /* The 1-byte case. Overwhelmingly the most common. */
+  a = *p;
+  /* a: p0 (unmasked) */
+  if (!(a&0x80))
+  {
+    /* Values between 0 and 127 */
+    *v = a;
+    return 1;
+  }
+
+  /* The 2-byte case */
+  p++;
+  b = *p;
+  /* b: p1 (unmasked) */
+  if (!(b&0x80))
+  {
+    /* Values between 128 and 16383 */
+    a &= 0x7f;
+    a = a<<7;
+    *v = a | b;
+    return 2;
+  }
+
+  /* The 3-byte case */
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p0<<14 | p2 (unmasked) */
+  if (!(a&0x80))
+  {
+    /* Values between 16384 and 2097151 */
+    a &= (0x7f<<14)|(0x7f);
+    b &= 0x7f;
+    b = b<<7;
+    *v = a | b;
+    return 3;
+  }
+
+  /* A 32-bit varint is used to store size information in btrees.
+  ** Objects are rarely larger than 2MiB limit of a 3-byte varint.
+  ** A 3-byte varint is sufficient, for example, to record the size
+  ** of a 1048569-byte BLOB or string.
+  **
+  ** We only unroll the first 1-, 2-, and 3- byte cases.  The very
+  ** rare larger cases can be handled by the slower 64-bit varint
+  ** routine.
+  */
+  {
+    u64 v64;
+    u8 n;
+    p -= 2;
+    n = sqlite3Fts5GetVarint(p, &v64);
+    *v = (u32)v64;
+    assert( n>3 && n<=9 );
+    return n;
+  }
+}
+
+
+/*
+** Bitmasks used by sqlite3GetVarint().  These precomputed constants
+** are defined here rather than simply putting the constant expressions
+** inline in order to work around bugs in the RVT compiler.
+**
+** SLOT_2_0     A mask for  (0x7f<<14) | 0x7f
+**
+** SLOT_4_2_0   A mask for  (0x7f<<28) | SLOT_2_0
+*/
+#define SLOT_2_0     0x001fc07f
+#define SLOT_4_2_0   0xf01fc07f
+
+/*
+** Read a 64-bit variable-length integer from memory starting at p[0].
+** Return the number of bytes read.  The value is stored in *v.
+*/
+static u8 sqlite3Fts5GetVarint(const unsigned char *p, u64 *v){
+  u32 a,b,s;
+
+  a = *p;
+  /* a: p0 (unmasked) */
+  if (!(a&0x80))
+  {
+    *v = a;
+    return 1;
+  }
+
+  p++;
+  b = *p;
+  /* b: p1 (unmasked) */
+  if (!(b&0x80))
+  {
+    a &= 0x7f;
+    a = a<<7;
+    a |= b;
+    *v = a;
+    return 2;
+  }
+
+  /* Verify that constants are precomputed correctly */
+  assert( SLOT_2_0 == ((0x7f<<14) | (0x7f)) );
+  assert( SLOT_4_2_0 == ((0xfU<<28) | (0x7f<<14) | (0x7f)) );
+
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p0<<14 | p2 (unmasked) */
+  if (!(a&0x80))
+  {
+    a &= SLOT_2_0;
+    b &= 0x7f;
+    b = b<<7;
+    a |= b;
+    *v = a;
+    return 3;
+  }
+
+  /* CSE1 from below */
+  a &= SLOT_2_0;
+  p++;
+  b = b<<14;
+  b |= *p;
+  /* b: p1<<14 | p3 (unmasked) */
+  if (!(b&0x80))
+  {
+    b &= SLOT_2_0;
+    /* moved CSE1 up */
+    /* a &= (0x7f<<14)|(0x7f); */
+    a = a<<7;
+    a |= b;
+    *v = a;
+    return 4;
+  }
+
+  /* a: p0<<14 | p2 (masked) */
+  /* b: p1<<14 | p3 (unmasked) */
+  /* 1:save off p0<<21 | p1<<14 | p2<<7 | p3 (masked) */
+  /* moved CSE1 up */
+  /* a &= (0x7f<<14)|(0x7f); */
+  b &= SLOT_2_0;
+  s = a;
+  /* s: p0<<14 | p2 (masked) */
+
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p0<<28 | p2<<14 | p4 (unmasked) */
+  if (!(a&0x80))
+  {
+    /* we can skip these cause they were (effectively) done above in calc'ing s */
+    /* a &= (0x7f<<28)|(0x7f<<14)|(0x7f); */
+    /* b &= (0x7f<<14)|(0x7f); */
+    b = b<<7;
+    a |= b;
+    s = s>>18;
+    *v = ((u64)s)<<32 | a;
+    return 5;
+  }
+
+  /* 2:save off p0<<21 | p1<<14 | p2<<7 | p3 (masked) */
+  s = s<<7;
+  s |= b;
+  /* s: p0<<21 | p1<<14 | p2<<7 | p3 (masked) */
+
+  p++;
+  b = b<<14;
+  b |= *p;
+  /* b: p1<<28 | p3<<14 | p5 (unmasked) */
+  if (!(b&0x80))
+  {
+    /* we can skip this cause it was (effectively) done above in calc'ing s */
+    /* b &= (0x7f<<28)|(0x7f<<14)|(0x7f); */
+    a &= SLOT_2_0;
+    a = a<<7;
+    a |= b;
+    s = s>>18;
+    *v = ((u64)s)<<32 | a;
+    return 6;
+  }
+
+  p++;
+  a = a<<14;
+  a |= *p;
+  /* a: p2<<28 | p4<<14 | p6 (unmasked) */
+  if (!(a&0x80))
+  {
+    a &= SLOT_4_2_0;
+    b &= SLOT_2_0;
+    b = b<<7;
+    a |= b;
+    s = s>>11;
+    *v = ((u64)s)<<32 | a;
+    return 7;
+  }
+
+  /* CSE2 from below */
+  a &= SLOT_2_0;
+  p++;
+  b = b<<14;
+  b |= *p;
+  /* b: p3<<28 | p5<<14 | p7 (unmasked) */
+  if (!(b&0x80))
+  {
+    b &= SLOT_4_2_0;
+    /* moved CSE2 up */
+    /* a &= (0x7f<<14)|(0x7f); */
+    a = a<<7;
+    a |= b;
+    s = s>>4;
+    *v = ((u64)s)<<32 | a;
+    return 8;
+  }
+
+  p++;
+  a = a<<15;
+  a |= *p;
+  /* a: p4<<29 | p6<<15 | p8 (unmasked) */
+
+  /* moved CSE2 up */
+  /* a &= (0x7f<<29)|(0x7f<<15)|(0xff); */
+  b &= SLOT_2_0;
+  b = b<<8;
+  a |= b;
+
+  s = s<<4;
+  b = p[-4];
+  b &= 0x7f;
+  b = b>>3;
+  s |= b;
+
+  *v = ((u64)s)<<32 | a;
+
+  return 9;
+}
+
+/*
+** The variable-length integer encoding is as follows:
+**
+** KEY:
+**         A = 0xxxxxxx    7 bits of data and one flag bit
+**         B = 1xxxxxxx    7 bits of data and one flag bit
+**         C = xxxxxxxx    8 bits of data
+**
+**  7 bits - A
+** 14 bits - BA
+** 21 bits - BBA
+** 28 bits - BBBA
+** 35 bits - BBBBA
+** 42 bits - BBBBBA
+** 49 bits - BBBBBBA
+** 56 bits - BBBBBBBA
+** 64 bits - BBBBBBBBC
+*/
+
+#ifdef SQLITE_NOINLINE
+# define FTS5_NOINLINE SQLITE_NOINLINE
+#else
+# define FTS5_NOINLINE
+#endif
+
+/*
+** Write a 64-bit variable-length integer to memory starting at p[0].
+** The length of data write will be between 1 and 9 bytes.  The number
+** of bytes written is returned.
+**
+** A variable-length integer consists of the lower 7 bits of each byte
+** for all bytes that have the 8th bit set and one byte with the 8th
+** bit clear.  Except, if we get to the 9th byte, it stores the full
+** 8 bits and is the last byte.
+*/
+static int FTS5_NOINLINE fts5PutVarint64(unsigned char *p, u64 v){
+  int i, j, n;
+  u8 buf[10];
+  if( v & (((u64)0xff000000)<<32) ){
+    p[8] = (u8)v;
+    v >>= 8;
+    for(i=7; i>=0; i--){
+      p[i] = (u8)((v & 0x7f) | 0x80);
+      v >>= 7;
+    }
+    return 9;
+  }    
+  n = 0;
+  do{
+    buf[n++] = (u8)((v & 0x7f) | 0x80);
+    v >>= 7;
+  }while( v!=0 );
+  buf[0] &= 0x7f;
+  assert( n<=9 );
+  for(i=0, j=n-1; j>=0; j--, i++){
+    p[i] = buf[j];
+  }
+  return n;
+}
+
+static int sqlite3Fts5PutVarint(unsigned char *p, u64 v){
+  if( v<=0x7f ){
+    p[0] = v&0x7f;
+    return 1;
+  }
+  if( v<=0x3fff ){
+    p[0] = ((v>>7)&0x7f)|0x80;
+    p[1] = v&0x7f;
+    return 2;
+  }
+  return fts5PutVarint64(p,v);
+}
+
+
+static int sqlite3Fts5GetVarintLen(u32 iVal){
+  if( iVal<(1 << 7 ) ) return 1;
+  if( iVal<(1 << 14) ) return 2;
+  if( iVal<(1 << 21) ) return 3;
+  if( iVal<(1 << 28) ) return 4;
+  return 5;
+}
+
+
+/*
+** 2015 May 08
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** This is an SQLite virtual table module implementing direct access to an
+** existing FTS5 index. The module may create several different types of 
+** tables:
+**
+** col:
+**     CREATE TABLE vocab(term, col, doc, cnt, PRIMARY KEY(term, col));
+**
+**   One row for each term/column combination. The value of $doc is set to
+**   the number of fts5 rows that contain at least one instance of term
+**   $term within column $col. Field $cnt is set to the total number of 
+**   instances of term $term in column $col (in any row of the fts5 table). 
+**
+** row:
+**     CREATE TABLE vocab(term, doc, cnt, PRIMARY KEY(term));
+**
+**   One row for each term in the database. The value of $doc is set to
+**   the number of fts5 rows that contain at least one instance of term
+**   $term. Field $cnt is set to the total number of instances of term 
+**   $term in the database.
+*/
+
+
+/* #include "fts5Int.h" */
+
+
+typedef struct Fts5VocabTable Fts5VocabTable;
+typedef struct Fts5VocabCursor Fts5VocabCursor;
+
+struct Fts5VocabTable {
+  sqlite3_vtab base;
+  char *zFts5Tbl;                 /* Name of fts5 table */
+  char *zFts5Db;                  /* Db containing fts5 table */
+  sqlite3 *db;                    /* Database handle */
+  Fts5Global *pGlobal;            /* FTS5 global object for this database */
+  int eType;                      /* FTS5_VOCAB_COL or ROW */
+};
+
+struct Fts5VocabCursor {
+  sqlite3_vtab_cursor base;
+  sqlite3_stmt *pStmt;            /* Statement holding lock on pIndex */
+  Fts5Index *pIndex;              /* Associated FTS5 index */
+
+  int bEof;                       /* True if this cursor is at EOF */
+  Fts5IndexIter *pIter;           /* Term/rowid iterator object */
+
+  int nLeTerm;                    /* Size of zLeTerm in bytes */
+  char *zLeTerm;                  /* (term <= $zLeTerm) paramater, or NULL */
+
+  /* These are used by 'col' tables only */
+  Fts5Config *pConfig;            /* Fts5 table configuration */
+  int iCol;
+  i64 *aCnt;
+  i64 *aDoc;
+
+  /* Output values used by 'row' and 'col' tables */
+  i64 rowid;                      /* This table's current rowid value */
+  Fts5Buffer term;                /* Current value of 'term' column */
+};
+
+#define FTS5_VOCAB_COL    0
+#define FTS5_VOCAB_ROW    1
+
+#define FTS5_VOCAB_COL_SCHEMA  "term, col, doc, cnt"
+#define FTS5_VOCAB_ROW_SCHEMA  "term, doc, cnt"
+
+/*
+** Bits for the mask used as the idxNum value by xBestIndex/xFilter.
+*/
+#define FTS5_VOCAB_TERM_EQ 0x01
+#define FTS5_VOCAB_TERM_GE 0x02
+#define FTS5_VOCAB_TERM_LE 0x04
+
+
+/*
+** Translate a string containing an fts5vocab table type to an 
+** FTS5_VOCAB_XXX constant. If successful, set *peType to the output
+** value and return SQLITE_OK. Otherwise, set *pzErr to an error message
+** and return SQLITE_ERROR.
+*/
+static int fts5VocabTableType(const char *zType, char **pzErr, int *peType){
+  int rc = SQLITE_OK;
+  char *zCopy = sqlite3Fts5Strndup(&rc, zType, -1);
+  if( rc==SQLITE_OK ){
+    sqlite3Fts5Dequote(zCopy);
+    if( sqlite3_stricmp(zCopy, "col")==0 ){
+      *peType = FTS5_VOCAB_COL;
+    }else
+
+    if( sqlite3_stricmp(zCopy, "row")==0 ){
+      *peType = FTS5_VOCAB_ROW;
+    }else
+    {
+      *pzErr = sqlite3_mprintf("fts5vocab: unknown table type: %Q", zCopy);
+      rc = SQLITE_ERROR;
+    }
+    sqlite3_free(zCopy);
+  }
+
+  return rc;
+}
+
+
+/*
+** The xDisconnect() virtual table method.
+*/
+static int fts5VocabDisconnectMethod(sqlite3_vtab *pVtab){
+  Fts5VocabTable *pTab = (Fts5VocabTable*)pVtab;
+  sqlite3_free(pTab);
+  return SQLITE_OK;
+}
+
+/*
+** The xDestroy() virtual table method.
+*/
+static int fts5VocabDestroyMethod(sqlite3_vtab *pVtab){
+  Fts5VocabTable *pTab = (Fts5VocabTable*)pVtab;
+  sqlite3_free(pTab);
+  return SQLITE_OK;
+}
+
+/*
+** This function is the implementation of both the xConnect and xCreate
+** methods of the FTS3 virtual table.
+**
+** The argv[] array contains the following:
+**
+**   argv[0]   -> module name  ("fts5vocab")
+**   argv[1]   -> database name
+**   argv[2]   -> table name
+**
+** then:
+**
+**   argv[3]   -> name of fts5 table
+**   argv[4]   -> type of fts5vocab table
+**
+** or, for tables in the TEMP schema only.
+**
+**   argv[3]   -> name of fts5 tables database
+**   argv[4]   -> name of fts5 table
+**   argv[5]   -> type of fts5vocab table
+*/
+static int fts5VocabInitVtab(
+  sqlite3 *db,                    /* The SQLite database connection */
+  void *pAux,                     /* Pointer to Fts5Global object */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVTab,          /* Write the resulting vtab structure here */
+  char **pzErr                    /* Write any error message here */
+){
+  const char *azSchema[] = { 
+    "CREATE TABlE vocab(" FTS5_VOCAB_COL_SCHEMA  ")", 
+    "CREATE TABlE vocab(" FTS5_VOCAB_ROW_SCHEMA  ")"
+  };
+
+  Fts5VocabTable *pRet = 0;
+  int rc = SQLITE_OK;             /* Return code */
+  int bDb;
+
+  bDb = (argc==6 && strlen(argv[1])==4 && memcmp("temp", argv[1], 4)==0);
+
+  if( argc!=5 && bDb==0 ){
+    *pzErr = sqlite3_mprintf("wrong number of vtable arguments");
+    rc = SQLITE_ERROR;
+  }else{
+    int nByte;                      /* Bytes of space to allocate */
+    const char *zDb = bDb ? argv[3] : argv[1];
+    const char *zTab = bDb ? argv[4] : argv[3];
+    const char *zType = bDb ? argv[5] : argv[4];
+    int nDb = (int)strlen(zDb)+1; 
+    int nTab = (int)strlen(zTab)+1;
+    int eType = 0;
+    
+    rc = fts5VocabTableType(zType, pzErr, &eType);
+    if( rc==SQLITE_OK ){
+      assert( eType>=0 && eType<sizeof(azSchema)/sizeof(azSchema[0]) );
+      rc = sqlite3_declare_vtab(db, azSchema[eType]);
+    }
+
+    nByte = sizeof(Fts5VocabTable) + nDb + nTab;
+    pRet = sqlite3Fts5MallocZero(&rc, nByte);
+    if( pRet ){
+      pRet->pGlobal = (Fts5Global*)pAux;
+      pRet->eType = eType;
+      pRet->db = db;
+      pRet->zFts5Tbl = (char*)&pRet[1];
+      pRet->zFts5Db = &pRet->zFts5Tbl[nTab];
+      memcpy(pRet->zFts5Tbl, zTab, nTab);
+      memcpy(pRet->zFts5Db, zDb, nDb);
+      sqlite3Fts5Dequote(pRet->zFts5Tbl);
+      sqlite3Fts5Dequote(pRet->zFts5Db);
+    }
+  }
+
+  *ppVTab = (sqlite3_vtab*)pRet;
+  return rc;
+}
+
+
+/*
+** The xConnect() and xCreate() methods for the virtual table. All the
+** work is done in function fts5VocabInitVtab().
+*/
+static int fts5VocabConnectMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pAux,                     /* Pointer to tokenizer hash table */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  return fts5VocabInitVtab(db, pAux, argc, argv, ppVtab, pzErr);
+}
+static int fts5VocabCreateMethod(
+  sqlite3 *db,                    /* Database connection */
+  void *pAux,                     /* Pointer to tokenizer hash table */
+  int argc,                       /* Number of elements in argv array */
+  const char * const *argv,       /* xCreate/xConnect argument array */
+  sqlite3_vtab **ppVtab,          /* OUT: New sqlite3_vtab object */
+  char **pzErr                    /* OUT: sqlite3_malloc'd error message */
+){
+  return fts5VocabInitVtab(db, pAux, argc, argv, ppVtab, pzErr);
+}
+
+/* 
+** Implementation of the xBestIndex method.
+*/
+static int fts5VocabBestIndexMethod(
+  sqlite3_vtab *pVTab, 
+  sqlite3_index_info *pInfo
+){
+  int i;
+  int iTermEq = -1;
+  int iTermGe = -1;
+  int iTermLe = -1;
+  int idxNum = 0;
+  int nArg = 0;
+
+  for(i=0; i<pInfo->nConstraint; i++){
+    struct sqlite3_index_constraint *p = &pInfo->aConstraint[i];
+    if( p->usable==0 ) continue;
+    if( p->iColumn==0 ){          /* term column */
+      if( p->op==SQLITE_INDEX_CONSTRAINT_EQ ) iTermEq = i;
+      if( p->op==SQLITE_INDEX_CONSTRAINT_LE ) iTermLe = i;
+      if( p->op==SQLITE_INDEX_CONSTRAINT_LT ) iTermLe = i;
+      if( p->op==SQLITE_INDEX_CONSTRAINT_GE ) iTermGe = i;
+      if( p->op==SQLITE_INDEX_CONSTRAINT_GT ) iTermGe = i;
+    }
+  }
+
+  if( iTermEq>=0 ){
+    idxNum |= FTS5_VOCAB_TERM_EQ;
+    pInfo->aConstraintUsage[iTermEq].argvIndex = ++nArg;
+    pInfo->estimatedCost = 100;
+  }else{
+    pInfo->estimatedCost = 1000000;
+    if( iTermGe>=0 ){
+      idxNum |= FTS5_VOCAB_TERM_GE;
+      pInfo->aConstraintUsage[iTermGe].argvIndex = ++nArg;
+      pInfo->estimatedCost = pInfo->estimatedCost / 2;
+    }
+    if( iTermLe>=0 ){
+      idxNum |= FTS5_VOCAB_TERM_LE;
+      pInfo->aConstraintUsage[iTermLe].argvIndex = ++nArg;
+      pInfo->estimatedCost = pInfo->estimatedCost / 2;
+    }
+  }
+
+  pInfo->idxNum = idxNum;
+
+  return SQLITE_OK;
+}
+
+/*
+** Implementation of xOpen method.
+*/
+static int fts5VocabOpenMethod(
+  sqlite3_vtab *pVTab, 
+  sqlite3_vtab_cursor **ppCsr
+){
+  Fts5VocabTable *pTab = (Fts5VocabTable*)pVTab;
+  Fts5Index *pIndex = 0;
+  Fts5Config *pConfig = 0;
+  Fts5VocabCursor *pCsr = 0;
+  int rc = SQLITE_OK;
+  sqlite3_stmt *pStmt = 0;
+  char *zSql = 0;
+
+  zSql = sqlite3Fts5Mprintf(&rc,
+      "SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id'",
+      pTab->zFts5Tbl, pTab->zFts5Db, pTab->zFts5Tbl, pTab->zFts5Tbl
+  );
+  if( zSql ){
+    rc = sqlite3_prepare_v2(pTab->db, zSql, -1, &pStmt, 0);
+  }
+  sqlite3_free(zSql);
+  assert( rc==SQLITE_OK || pStmt==0 );
+  if( rc==SQLITE_ERROR ) rc = SQLITE_OK;
+
+  if( pStmt && sqlite3_step(pStmt)==SQLITE_ROW ){
+    i64 iId = sqlite3_column_int64(pStmt, 0);
+    pIndex = sqlite3Fts5IndexFromCsrid(pTab->pGlobal, iId, &pConfig);
+  }
+
+  if( rc==SQLITE_OK && pIndex==0 ){
+    rc = sqlite3_finalize(pStmt);
+    pStmt = 0;
+    if( rc==SQLITE_OK ){
+      pVTab->zErrMsg = sqlite3_mprintf(
+          "no such fts5 table: %s.%s", pTab->zFts5Db, pTab->zFts5Tbl
+      );
+      rc = SQLITE_ERROR;
+    }
+  }
+
+  if( rc==SQLITE_OK ){
+    int nByte = pConfig->nCol * sizeof(i64) * 2 + sizeof(Fts5VocabCursor);
+    pCsr = (Fts5VocabCursor*)sqlite3Fts5MallocZero(&rc, nByte);
+  }
+
+  if( pCsr ){
+    pCsr->pIndex = pIndex;
+    pCsr->pStmt = pStmt;
+    pCsr->pConfig = pConfig;
+    pCsr->aCnt = (i64*)&pCsr[1];
+    pCsr->aDoc = &pCsr->aCnt[pConfig->nCol];
+  }else{
+    sqlite3_finalize(pStmt);
+  }
+
+  *ppCsr = (sqlite3_vtab_cursor*)pCsr;
+  return rc;
+}
+
+static void fts5VocabResetCursor(Fts5VocabCursor *pCsr){
+  pCsr->rowid = 0;
+  sqlite3Fts5IterClose(pCsr->pIter);
+  pCsr->pIter = 0;
+  sqlite3_free(pCsr->zLeTerm);
+  pCsr->nLeTerm = -1;
+  pCsr->zLeTerm = 0;
+}
+
+/*
+** Close the cursor.  For additional information see the documentation
+** on the xClose method of the virtual table interface.
+*/
+static int fts5VocabCloseMethod(sqlite3_vtab_cursor *pCursor){
+  Fts5VocabCursor *pCsr = (Fts5VocabCursor*)pCursor;
+  fts5VocabResetCursor(pCsr);
+  sqlite3Fts5BufferFree(&pCsr->term);
+  sqlite3_finalize(pCsr->pStmt);
+  sqlite3_free(pCsr);
+  return SQLITE_OK;
+}
+
+
+/*
+** Advance the cursor to the next row in the table.
+*/
+static int fts5VocabNextMethod(sqlite3_vtab_cursor *pCursor){
+  Fts5VocabCursor *pCsr = (Fts5VocabCursor*)pCursor;
+  Fts5VocabTable *pTab = (Fts5VocabTable*)pCursor->pVtab;
+  int rc = SQLITE_OK;
+  int nCol = pCsr->pConfig->nCol;
+
+  pCsr->rowid++;
+
+  if( pTab->eType==FTS5_VOCAB_COL ){
+    for(pCsr->iCol++; pCsr->iCol<nCol; pCsr->iCol++){
+      if( pCsr->aCnt[pCsr->iCol] ) break;
+    }
+  }
+
+  if( pTab->eType==FTS5_VOCAB_ROW || pCsr->iCol>=nCol ){
+    if( sqlite3Fts5IterEof(pCsr->pIter) ){
+      pCsr->bEof = 1;
+    }else{
+      const char *zTerm;
+      int nTerm;
+
+      zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);
+      if( pCsr->nLeTerm>=0 ){
+        int nCmp = MIN(nTerm, pCsr->nLeTerm);
+        int bCmp = memcmp(pCsr->zLeTerm, zTerm, nCmp);
+        if( bCmp<0 || (bCmp==0 && pCsr->nLeTerm<nTerm) ){
+          pCsr->bEof = 1;
+          return SQLITE_OK;
+        }
+      }
+
+      sqlite3Fts5BufferSet(&rc, &pCsr->term, nTerm, (const u8*)zTerm);
+      memset(pCsr->aCnt, 0, nCol * sizeof(i64));
+      memset(pCsr->aDoc, 0, nCol * sizeof(i64));
+      pCsr->iCol = 0;
+
+      assert( pTab->eType==FTS5_VOCAB_COL || pTab->eType==FTS5_VOCAB_ROW );
+      while( rc==SQLITE_OK ){
+        i64 dummy;
+        const u8 *pPos; int nPos;   /* Position list */
+        i64 iPos = 0;               /* 64-bit position read from poslist */
+        int iOff = 0;               /* Current offset within position list */
+
+        rc = sqlite3Fts5IterPoslist(pCsr->pIter, 0, &pPos, &nPos, &dummy);
+        if( rc==SQLITE_OK ){
+          if( pTab->eType==FTS5_VOCAB_ROW ){
+            while( 0==sqlite3Fts5PoslistNext64(pPos, nPos, &iOff, &iPos) ){
+              pCsr->aCnt[0]++;
+            }
+            pCsr->aDoc[0]++;
+          }else{
+            int iCol = -1;
+            while( 0==sqlite3Fts5PoslistNext64(pPos, nPos, &iOff, &iPos) ){
+              int ii = FTS5_POS2COLUMN(iPos);
+              pCsr->aCnt[ii]++;
+              if( iCol!=ii ){
+                pCsr->aDoc[ii]++;
+                iCol = ii;
+              }
+            }
+          }
+          rc = sqlite3Fts5IterNextScan(pCsr->pIter);
+        }
+
+        if( rc==SQLITE_OK ){
+          zTerm = sqlite3Fts5IterTerm(pCsr->pIter, &nTerm);
+          if( nTerm!=pCsr->term.n || memcmp(zTerm, pCsr->term.p, nTerm) ){
+            break;
+          }
+          if( sqlite3Fts5IterEof(pCsr->pIter) ) break;
+        }
+      }
+    }
+  }
+
+  if( pCsr->bEof==0 && pTab->eType==FTS5_VOCAB_COL ){
+    while( pCsr->aCnt[pCsr->iCol]==0 ) pCsr->iCol++;
+    assert( pCsr->iCol<pCsr->pConfig->nCol );
+  }
+  return rc;
+}
+
+/*
+** This is the xFilter implementation for the virtual table.
+*/
+static int fts5VocabFilterMethod(
+  sqlite3_vtab_cursor *pCursor,   /* The cursor used for this query */
+  int idxNum,                     /* Strategy index */
+  const char *idxStr,             /* Unused */
+  int nVal,                       /* Number of elements in apVal */
+  sqlite3_value **apVal           /* Arguments for the indexing scheme */
+){
+  Fts5VocabCursor *pCsr = (Fts5VocabCursor*)pCursor;
+  int rc = SQLITE_OK;
+
+  int iVal = 0;
+  int f = FTS5INDEX_QUERY_SCAN;
+  const char *zTerm = 0;
+  int nTerm = 0;
+
+  sqlite3_value *pEq = 0;
+  sqlite3_value *pGe = 0;
+  sqlite3_value *pLe = 0;
+
+  fts5VocabResetCursor(pCsr);
+  if( idxNum & FTS5_VOCAB_TERM_EQ ) pEq = apVal[iVal++];
+  if( idxNum & FTS5_VOCAB_TERM_GE ) pGe = apVal[iVal++];
+  if( idxNum & FTS5_VOCAB_TERM_LE ) pLe = apVal[iVal++];
+
+  if( pEq ){
+    zTerm = (const char *)sqlite3_value_text(pEq);
+    nTerm = sqlite3_value_bytes(pEq);
+    f = 0;
+  }else{
+    if( pGe ){
+      zTerm = (const char *)sqlite3_value_text(pGe);
+      nTerm = sqlite3_value_bytes(pGe);
+    }
+    if( pLe ){
+      const char *zCopy = (const char *)sqlite3_value_text(pLe);
+      pCsr->nLeTerm = sqlite3_value_bytes(pLe);
+      pCsr->zLeTerm = sqlite3_malloc(pCsr->nLeTerm+1);
+      if( pCsr->zLeTerm==0 ){
+        rc = SQLITE_NOMEM;
+      }else{
+        memcpy(pCsr->zLeTerm, zCopy, pCsr->nLeTerm+1);
+      }
+    }
+  }
+
+
+  if( rc==SQLITE_OK ){
+    rc = sqlite3Fts5IndexQuery(pCsr->pIndex, zTerm, nTerm, f, 0, &pCsr->pIter);
+  }
+  if( rc==SQLITE_OK ){
+    rc = fts5VocabNextMethod(pCursor);
+  }
+
+  return rc;
+}
+
+/* 
+** This is the xEof method of the virtual table. SQLite calls this 
+** routine to find out if it has reached the end of a result set.
+*/
+static int fts5VocabEofMethod(sqlite3_vtab_cursor *pCursor){
+  Fts5VocabCursor *pCsr = (Fts5VocabCursor*)pCursor;
+  return pCsr->bEof;
+}
+
+static int fts5VocabColumnMethod(
+  sqlite3_vtab_cursor *pCursor,   /* Cursor to retrieve value from */
+  sqlite3_context *pCtx,          /* Context for sqlite3_result_xxx() calls */
+  int iCol                        /* Index of column to read value from */
+){
+  Fts5VocabCursor *pCsr = (Fts5VocabCursor*)pCursor;
+
+  if( iCol==0 ){
+    sqlite3_result_text(
+        pCtx, (const char*)pCsr->term.p, pCsr->term.n, SQLITE_TRANSIENT
+    );
+  }
+  else if( ((Fts5VocabTable*)(pCursor->pVtab))->eType==FTS5_VOCAB_COL ){
+    assert( iCol==1 || iCol==2 || iCol==3 );
+    if( iCol==1 ){
+      const char *z = pCsr->pConfig->azCol[pCsr->iCol];
+      sqlite3_result_text(pCtx, z, -1, SQLITE_STATIC);
+    }else if( iCol==2 ){
+      sqlite3_result_int64(pCtx, pCsr->aDoc[pCsr->iCol]);
+    }else{
+      sqlite3_result_int64(pCtx, pCsr->aCnt[pCsr->iCol]);
+    }
+  }else{
+    assert( iCol==1 || iCol==2 );
+    if( iCol==1 ){
+      sqlite3_result_int64(pCtx, pCsr->aDoc[0]);
+    }else{
+      sqlite3_result_int64(pCtx, pCsr->aCnt[0]);
+    }
+  }
+  return SQLITE_OK;
+}
+
+/* 
+** This is the xRowid method. The SQLite core calls this routine to
+** retrieve the rowid for the current row of the result set. The
+** rowid should be written to *pRowid.
+*/
+static int fts5VocabRowidMethod(
+  sqlite3_vtab_cursor *pCursor, 
+  sqlite_int64 *pRowid
+){
+  Fts5VocabCursor *pCsr = (Fts5VocabCursor*)pCursor;
+  *pRowid = pCsr->rowid;
+  return SQLITE_OK;
+}
+
+static int sqlite3Fts5VocabInit(Fts5Global *pGlobal, sqlite3 *db){
+  static const sqlite3_module fts5Vocab = {
+    /* iVersion      */ 2,
+    /* xCreate       */ fts5VocabCreateMethod,
+    /* xConnect      */ fts5VocabConnectMethod,
+    /* xBestIndex    */ fts5VocabBestIndexMethod,
+    /* xDisconnect   */ fts5VocabDisconnectMethod,
+    /* xDestroy      */ fts5VocabDestroyMethod,
+    /* xOpen         */ fts5VocabOpenMethod,
+    /* xClose        */ fts5VocabCloseMethod,
+    /* xFilter       */ fts5VocabFilterMethod,
+    /* xNext         */ fts5VocabNextMethod,
+    /* xEof          */ fts5VocabEofMethod,
+    /* xColumn       */ fts5VocabColumnMethod,
+    /* xRowid        */ fts5VocabRowidMethod,
+    /* xUpdate       */ 0,
+    /* xBegin        */ 0,
+    /* xSync         */ 0,
+    /* xCommit       */ 0,
+    /* xRollback     */ 0,
+    /* xFindFunction */ 0,
+    /* xRename       */ 0,
+    /* xSavepoint    */ 0,
+    /* xRelease      */ 0,
+    /* xRollbackTo   */ 0,
+  };
+  void *p = (void*)pGlobal;
+
+  return sqlite3_create_module_v2(db, "fts5vocab", &fts5Vocab, p, 0);
+}
+
+
+
+
+    
+#endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_FTS5) */
+
+/************** End of fts5.c ************************************************/
diff --git a/nss/lib/sqlite/sqlite3.h b/nss/lib/sqlite/sqlite3.h
new file mode 100644
index 0000000..c6d1e0f
--- /dev/null
+++ b/nss/lib/sqlite/sqlite3.h
@@ -0,0 +1,8630 @@
+/*
+** 2001 September 15
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+** This header file defines the interface that the SQLite library
+** presents to client programs.  If a C-function, structure, datatype,
+** or constant definition does not appear in this file, then it is
+** not a published API of SQLite, is subject to change without
+** notice, and should not be referenced by programs that use SQLite.
+**
+** Some of the definitions that are in this file are marked as
+** "experimental".  Experimental interfaces are normally new
+** features recently added to SQLite.  We do not anticipate changes
+** to experimental interfaces but reserve the right to make minor changes
+** if experience from use "in the wild" suggest such changes are prudent.
+**
+** The official C-language API documentation for SQLite is derived
+** from comments in this file.  This file is the authoritative source
+** on how SQLite interfaces are supposed to operate.
+**
+** The name of this file under configuration management is "sqlite.h.in".
+** The makefile makes some minor changes to this file (such as inserting
+** the version number) and changes its name to "sqlite3.h" as
+** part of the build process.
+*/
+#ifndef _SQLITE3_H_
+#define _SQLITE3_H_
+#include <stdarg.h>     /* Needed for the definition of va_list */
+
+/*
+** Make sure we can call this stuff from C++.
+*/
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/*
+** Provide the ability to override linkage features of the interface.
+*/
+#ifndef SQLITE_EXTERN
+# define SQLITE_EXTERN extern
+#endif
+#ifndef SQLITE_API
+# define SQLITE_API
+#endif
+#ifndef SQLITE_CDECL
+# define SQLITE_CDECL
+#endif
+#ifndef SQLITE_STDCALL
+# define SQLITE_STDCALL
+#endif
+
+/*
+** These no-op macros are used in front of interfaces to mark those
+** interfaces as either deprecated or experimental.  New applications
+** should not use deprecated interfaces - they are supported for backwards
+** compatibility only.  Application writers should be aware that
+** experimental interfaces are subject to change in point releases.
+**
+** These macros used to resolve to various kinds of compiler magic that
+** would generate warning messages when they were used.  But that
+** compiler magic ended up generating such a flurry of bug reports
+** that we have taken it all out and gone back to using simple
+** noop macros.
+*/
+#define SQLITE_DEPRECATED
+#define SQLITE_EXPERIMENTAL
+
+/*
+** Ensure these symbols were not defined by some previous header file.
+*/
+#ifdef SQLITE_VERSION
+# undef SQLITE_VERSION
+#endif
+#ifdef SQLITE_VERSION_NUMBER
+# undef SQLITE_VERSION_NUMBER
+#endif
+
+/*
+** CAPI3REF: Compile-Time Library Version Numbers
+**
+** ^(The [SQLITE_VERSION] C preprocessor macro in the sqlite3.h header
+** evaluates to a string literal that is the SQLite version in the
+** format "X.Y.Z" where X is the major version number (always 3 for
+** SQLite3) and Y is the minor version number and Z is the release number.)^
+** ^(The [SQLITE_VERSION_NUMBER] C preprocessor macro resolves to an integer
+** with the value (X*1000000 + Y*1000 + Z) where X, Y, and Z are the same
+** numbers used in [SQLITE_VERSION].)^
+** The SQLITE_VERSION_NUMBER for any given release of SQLite will also
+** be larger than the release from which it is derived.  Either Y will
+** be held constant and Z will be incremented or else Y will be incremented
+** and Z will be reset to zero.
+**
+** Since version 3.6.18, SQLite source code has been stored in the
+** <a href="http://www.fossil-scm.org/">Fossil configuration management
+** system</a>.  ^The SQLITE_SOURCE_ID macro evaluates to
+** a string which identifies a particular check-in of SQLite
+** within its configuration management system.  ^The SQLITE_SOURCE_ID
+** string contains the date and time of the check-in (UTC) and an SHA1
+** hash of the entire source tree.
+**
+** See also: [sqlite3_libversion()],
+** [sqlite3_libversion_number()], [sqlite3_sourceid()],
+** [sqlite_version()] and [sqlite_source_id()].
+*/
+#define SQLITE_VERSION        "3.10.2"
+#define SQLITE_VERSION_NUMBER 3010002
+#define SQLITE_SOURCE_ID      "2016-01-20 15:27:19 17efb4209f97fb4971656086b138599a91a75ff9"
+
+/*
+** CAPI3REF: Run-Time Library Version Numbers
+** KEYWORDS: sqlite3_version, sqlite3_sourceid
+**
+** These interfaces provide the same information as the [SQLITE_VERSION],
+** [SQLITE_VERSION_NUMBER], and [SQLITE_SOURCE_ID] C preprocessor macros
+** but are associated with the library instead of the header file.  ^(Cautious
+** programmers might include assert() statements in their application to
+** verify that values returned by these interfaces match the macros in
+** the header, and thus ensure that the application is
+** compiled with matching library and header files.
+**
+** <blockquote><pre>
+** assert( sqlite3_libversion_number()==SQLITE_VERSION_NUMBER );
+** assert( strcmp(sqlite3_sourceid(),SQLITE_SOURCE_ID)==0 );
+** assert( strcmp(sqlite3_libversion(),SQLITE_VERSION)==0 );
+** </pre></blockquote>)^
+**
+** ^The sqlite3_version[] string constant contains the text of [SQLITE_VERSION]
+** macro.  ^The sqlite3_libversion() function returns a pointer to the
+** to the sqlite3_version[] string constant.  The sqlite3_libversion()
+** function is provided for use in DLLs since DLL users usually do not have
+** direct access to string constants within the DLL.  ^The
+** sqlite3_libversion_number() function returns an integer equal to
+** [SQLITE_VERSION_NUMBER].  ^The sqlite3_sourceid() function returns 
+** a pointer to a string constant whose value is the same as the 
+** [SQLITE_SOURCE_ID] C preprocessor macro.
+**
+** See also: [sqlite_version()] and [sqlite_source_id()].
+*/
+SQLITE_API SQLITE_EXTERN const char sqlite3_version[];
+SQLITE_API const char *SQLITE_STDCALL sqlite3_libversion(void);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_sourceid(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_libversion_number(void);
+
+/*
+** CAPI3REF: Run-Time Library Compilation Options Diagnostics
+**
+** ^The sqlite3_compileoption_used() function returns 0 or 1 
+** indicating whether the specified option was defined at 
+** compile time.  ^The SQLITE_ prefix may be omitted from the 
+** option name passed to sqlite3_compileoption_used().  
+**
+** ^The sqlite3_compileoption_get() function allows iterating
+** over the list of options that were defined at compile time by
+** returning the N-th compile time option string.  ^If N is out of range,
+** sqlite3_compileoption_get() returns a NULL pointer.  ^The SQLITE_ 
+** prefix is omitted from any strings returned by 
+** sqlite3_compileoption_get().
+**
+** ^Support for the diagnostic functions sqlite3_compileoption_used()
+** and sqlite3_compileoption_get() may be omitted by specifying the 
+** [SQLITE_OMIT_COMPILEOPTION_DIAGS] option at compile time.
+**
+** See also: SQL functions [sqlite_compileoption_used()] and
+** [sqlite_compileoption_get()] and the [compile_options pragma].
+*/
+#ifndef SQLITE_OMIT_COMPILEOPTION_DIAGS
+SQLITE_API int SQLITE_STDCALL sqlite3_compileoption_used(const char *zOptName);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_compileoption_get(int N);
+#endif
+
+/*
+** CAPI3REF: Test To See If The Library Is Threadsafe
+**
+** ^The sqlite3_threadsafe() function returns zero if and only if
+** SQLite was compiled with mutexing code omitted due to the
+** [SQLITE_THREADSAFE] compile-time option being set to 0.
+**
+** SQLite can be compiled with or without mutexes.  When
+** the [SQLITE_THREADSAFE] C preprocessor macro is 1 or 2, mutexes
+** are enabled and SQLite is threadsafe.  When the
+** [SQLITE_THREADSAFE] macro is 0, 
+** the mutexes are omitted.  Without the mutexes, it is not safe
+** to use SQLite concurrently from more than one thread.
+**
+** Enabling mutexes incurs a measurable performance penalty.
+** So if speed is of utmost importance, it makes sense to disable
+** the mutexes.  But for maximum safety, mutexes should be enabled.
+** ^The default behavior is for mutexes to be enabled.
+**
+** This interface can be used by an application to make sure that the
+** version of SQLite that it is linking against was compiled with
+** the desired setting of the [SQLITE_THREADSAFE] macro.
+**
+** This interface only reports on the compile-time mutex setting
+** of the [SQLITE_THREADSAFE] flag.  If SQLite is compiled with
+** SQLITE_THREADSAFE=1 or =2 then mutexes are enabled by default but
+** can be fully or partially disabled using a call to [sqlite3_config()]
+** with the verbs [SQLITE_CONFIG_SINGLETHREAD], [SQLITE_CONFIG_MULTITHREAD],
+** or [SQLITE_CONFIG_SERIALIZED].  ^(The return value of the
+** sqlite3_threadsafe() function shows only the compile-time setting of
+** thread safety, not any run-time changes to that setting made by
+** sqlite3_config(). In other words, the return value from sqlite3_threadsafe()
+** is unchanged by calls to sqlite3_config().)^
+**
+** See the [threading mode] documentation for additional information.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_threadsafe(void);
+
+/*
+** CAPI3REF: Database Connection Handle
+** KEYWORDS: {database connection} {database connections}
+**
+** Each open SQLite database is represented by a pointer to an instance of
+** the opaque structure named "sqlite3".  It is useful to think of an sqlite3
+** pointer as an object.  The [sqlite3_open()], [sqlite3_open16()], and
+** [sqlite3_open_v2()] interfaces are its constructors, and [sqlite3_close()]
+** and [sqlite3_close_v2()] are its destructors.  There are many other
+** interfaces (such as
+** [sqlite3_prepare_v2()], [sqlite3_create_function()], and
+** [sqlite3_busy_timeout()] to name but three) that are methods on an
+** sqlite3 object.
+*/
+typedef struct sqlite3 sqlite3;
+
+/*
+** CAPI3REF: 64-Bit Integer Types
+** KEYWORDS: sqlite_int64 sqlite_uint64
+**
+** Because there is no cross-platform way to specify 64-bit integer types
+** SQLite includes typedefs for 64-bit signed and unsigned integers.
+**
+** The sqlite3_int64 and sqlite3_uint64 are the preferred type definitions.
+** The sqlite_int64 and sqlite_uint64 types are supported for backwards
+** compatibility only.
+**
+** ^The sqlite3_int64 and sqlite_int64 types can store integer values
+** between -9223372036854775808 and +9223372036854775807 inclusive.  ^The
+** sqlite3_uint64 and sqlite_uint64 types can store integer values 
+** between 0 and +18446744073709551615 inclusive.
+*/
+#ifdef SQLITE_INT64_TYPE
+  typedef SQLITE_INT64_TYPE sqlite_int64;
+  typedef unsigned SQLITE_INT64_TYPE sqlite_uint64;
+#elif defined(_MSC_VER) || defined(__BORLANDC__)
+  typedef __int64 sqlite_int64;
+  typedef unsigned __int64 sqlite_uint64;
+#else
+  typedef long long int sqlite_int64;
+  typedef unsigned long long int sqlite_uint64;
+#endif
+typedef sqlite_int64 sqlite3_int64;
+typedef sqlite_uint64 sqlite3_uint64;
+
+/*
+** If compiling for a processor that lacks floating point support,
+** substitute integer for floating-point.
+*/
+#ifdef SQLITE_OMIT_FLOATING_POINT
+# define double sqlite3_int64
+#endif
+
+/*
+** CAPI3REF: Closing A Database Connection
+** DESTRUCTOR: sqlite3
+**
+** ^The sqlite3_close() and sqlite3_close_v2() routines are destructors
+** for the [sqlite3] object.
+** ^Calls to sqlite3_close() and sqlite3_close_v2() return [SQLITE_OK] if
+** the [sqlite3] object is successfully destroyed and all associated
+** resources are deallocated.
+**
+** ^If the database connection is associated with unfinalized prepared
+** statements or unfinished sqlite3_backup objects then sqlite3_close()
+** will leave the database connection open and return [SQLITE_BUSY].
+** ^If sqlite3_close_v2() is called with unfinalized prepared statements
+** and/or unfinished sqlite3_backups, then the database connection becomes
+** an unusable "zombie" which will automatically be deallocated when the
+** last prepared statement is finalized or the last sqlite3_backup is
+** finished.  The sqlite3_close_v2() interface is intended for use with
+** host languages that are garbage collected, and where the order in which
+** destructors are called is arbitrary.
+**
+** Applications should [sqlite3_finalize | finalize] all [prepared statements],
+** [sqlite3_blob_close | close] all [BLOB handles], and 
+** [sqlite3_backup_finish | finish] all [sqlite3_backup] objects associated
+** with the [sqlite3] object prior to attempting to close the object.  ^If
+** sqlite3_close_v2() is called on a [database connection] that still has
+** outstanding [prepared statements], [BLOB handles], and/or
+** [sqlite3_backup] objects then it returns [SQLITE_OK] and the deallocation
+** of resources is deferred until all [prepared statements], [BLOB handles],
+** and [sqlite3_backup] objects are also destroyed.
+**
+** ^If an [sqlite3] object is destroyed while a transaction is open,
+** the transaction is automatically rolled back.
+**
+** The C parameter to [sqlite3_close(C)] and [sqlite3_close_v2(C)]
+** must be either a NULL
+** pointer or an [sqlite3] object pointer obtained
+** from [sqlite3_open()], [sqlite3_open16()], or
+** [sqlite3_open_v2()], and not previously closed.
+** ^Calling sqlite3_close() or sqlite3_close_v2() with a NULL pointer
+** argument is a harmless no-op.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_close(sqlite3*);
+SQLITE_API int SQLITE_STDCALL sqlite3_close_v2(sqlite3*);
+
+/*
+** The type for a callback function.
+** This is legacy and deprecated.  It is included for historical
+** compatibility and is not documented.
+*/
+typedef int (*sqlite3_callback)(void*,int,char**, char**);
+
+/*
+** CAPI3REF: One-Step Query Execution Interface
+** METHOD: sqlite3
+**
+** The sqlite3_exec() interface is a convenience wrapper around
+** [sqlite3_prepare_v2()], [sqlite3_step()], and [sqlite3_finalize()],
+** that allows an application to run multiple statements of SQL
+** without having to use a lot of C code. 
+**
+** ^The sqlite3_exec() interface runs zero or more UTF-8 encoded,
+** semicolon-separate SQL statements passed into its 2nd argument,
+** in the context of the [database connection] passed in as its 1st
+** argument.  ^If the callback function of the 3rd argument to
+** sqlite3_exec() is not NULL, then it is invoked for each result row
+** coming out of the evaluated SQL statements.  ^The 4th argument to
+** sqlite3_exec() is relayed through to the 1st argument of each
+** callback invocation.  ^If the callback pointer to sqlite3_exec()
+** is NULL, then no callback is ever invoked and result rows are
+** ignored.
+**
+** ^If an error occurs while evaluating the SQL statements passed into
+** sqlite3_exec(), then execution of the current statement stops and
+** subsequent statements are skipped.  ^If the 5th parameter to sqlite3_exec()
+** is not NULL then any error message is written into memory obtained
+** from [sqlite3_malloc()] and passed back through the 5th parameter.
+** To avoid memory leaks, the application should invoke [sqlite3_free()]
+** on error message strings returned through the 5th parameter of
+** of sqlite3_exec() after the error message string is no longer needed.
+** ^If the 5th parameter to sqlite3_exec() is not NULL and no errors
+** occur, then sqlite3_exec() sets the pointer in its 5th parameter to
+** NULL before returning.
+**
+** ^If an sqlite3_exec() callback returns non-zero, the sqlite3_exec()
+** routine returns SQLITE_ABORT without invoking the callback again and
+** without running any subsequent SQL statements.
+**
+** ^The 2nd argument to the sqlite3_exec() callback function is the
+** number of columns in the result.  ^The 3rd argument to the sqlite3_exec()
+** callback is an array of pointers to strings obtained as if from
+** [sqlite3_column_text()], one for each column.  ^If an element of a
+** result row is NULL then the corresponding string pointer for the
+** sqlite3_exec() callback is a NULL pointer.  ^The 4th argument to the
+** sqlite3_exec() callback is an array of pointers to strings where each
+** entry represents the name of corresponding result column as obtained
+** from [sqlite3_column_name()].
+**
+** ^If the 2nd parameter to sqlite3_exec() is a NULL pointer, a pointer
+** to an empty string, or a pointer that contains only whitespace and/or 
+** SQL comments, then no SQL statements are evaluated and the database
+** is not changed.
+**
+** Restrictions:
+**
+** <ul>
+** <li> The application must ensure that the 1st parameter to sqlite3_exec()
+**      is a valid and open [database connection].
+** <li> The application must not close the [database connection] specified by
+**      the 1st parameter to sqlite3_exec() while sqlite3_exec() is running.
+** <li> The application must not modify the SQL statement text passed into
+**      the 2nd parameter of sqlite3_exec() while sqlite3_exec() is running.
+** </ul>
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_exec(
+  sqlite3*,                                  /* An open database */
+  const char *sql,                           /* SQL to be evaluated */
+  int (*callback)(void*,int,char**,char**),  /* Callback function */
+  void *,                                    /* 1st argument to callback */
+  char **errmsg                              /* Error msg written here */
+);
+
+/*
+** CAPI3REF: Result Codes
+** KEYWORDS: {result code definitions}
+**
+** Many SQLite functions return an integer result code from the set shown
+** here in order to indicate success or failure.
+**
+** New error codes may be added in future versions of SQLite.
+**
+** See also: [extended result code definitions]
+*/
+#define SQLITE_OK           0   /* Successful result */
+/* beginning-of-error-codes */
+#define SQLITE_ERROR        1   /* SQL error or missing database */
+#define SQLITE_INTERNAL     2   /* Internal logic error in SQLite */
+#define SQLITE_PERM         3   /* Access permission denied */
+#define SQLITE_ABORT        4   /* Callback routine requested an abort */
+#define SQLITE_BUSY         5   /* The database file is locked */
+#define SQLITE_LOCKED       6   /* A table in the database is locked */
+#define SQLITE_NOMEM        7   /* A malloc() failed */
+#define SQLITE_READONLY     8   /* Attempt to write a readonly database */
+#define SQLITE_INTERRUPT    9   /* Operation terminated by sqlite3_interrupt()*/
+#define SQLITE_IOERR       10   /* Some kind of disk I/O error occurred */
+#define SQLITE_CORRUPT     11   /* The database disk image is malformed */
+#define SQLITE_NOTFOUND    12   /* Unknown opcode in sqlite3_file_control() */
+#define SQLITE_FULL        13   /* Insertion failed because database is full */
+#define SQLITE_CANTOPEN    14   /* Unable to open the database file */
+#define SQLITE_PROTOCOL    15   /* Database lock protocol error */
+#define SQLITE_EMPTY       16   /* Database is empty */
+#define SQLITE_SCHEMA      17   /* The database schema changed */
+#define SQLITE_TOOBIG      18   /* String or BLOB exceeds size limit */
+#define SQLITE_CONSTRAINT  19   /* Abort due to constraint violation */
+#define SQLITE_MISMATCH    20   /* Data type mismatch */
+#define SQLITE_MISUSE      21   /* Library used incorrectly */
+#define SQLITE_NOLFS       22   /* Uses OS features not supported on host */
+#define SQLITE_AUTH        23   /* Authorization denied */
+#define SQLITE_FORMAT      24   /* Auxiliary database format error */
+#define SQLITE_RANGE       25   /* 2nd parameter to sqlite3_bind out of range */
+#define SQLITE_NOTADB      26   /* File opened that is not a database file */
+#define SQLITE_NOTICE      27   /* Notifications from sqlite3_log() */
+#define SQLITE_WARNING     28   /* Warnings from sqlite3_log() */
+#define SQLITE_ROW         100  /* sqlite3_step() has another row ready */
+#define SQLITE_DONE        101  /* sqlite3_step() has finished executing */
+/* end-of-error-codes */
+
+/*
+** CAPI3REF: Extended Result Codes
+** KEYWORDS: {extended result code definitions}
+**
+** In its default configuration, SQLite API routines return one of 30 integer
+** [result codes].  However, experience has shown that many of
+** these result codes are too coarse-grained.  They do not provide as
+** much information about problems as programmers might like.  In an effort to
+** address this, newer versions of SQLite (version 3.3.8 and later) include
+** support for additional result codes that provide more detailed information
+** about errors. These [extended result codes] are enabled or disabled
+** on a per database connection basis using the
+** [sqlite3_extended_result_codes()] API.  Or, the extended code for
+** the most recent error can be obtained using
+** [sqlite3_extended_errcode()].
+*/
+#define SQLITE_IOERR_READ              (SQLITE_IOERR | (1<<8))
+#define SQLITE_IOERR_SHORT_READ        (SQLITE_IOERR | (2<<8))
+#define SQLITE_IOERR_WRITE             (SQLITE_IOERR | (3<<8))
+#define SQLITE_IOERR_FSYNC             (SQLITE_IOERR | (4<<8))
+#define SQLITE_IOERR_DIR_FSYNC         (SQLITE_IOERR | (5<<8))
+#define SQLITE_IOERR_TRUNCATE          (SQLITE_IOERR | (6<<8))
+#define SQLITE_IOERR_FSTAT             (SQLITE_IOERR | (7<<8))
+#define SQLITE_IOERR_UNLOCK            (SQLITE_IOERR | (8<<8))
+#define SQLITE_IOERR_RDLOCK            (SQLITE_IOERR | (9<<8))
+#define SQLITE_IOERR_DELETE            (SQLITE_IOERR | (10<<8))
+#define SQLITE_IOERR_BLOCKED           (SQLITE_IOERR | (11<<8))
+#define SQLITE_IOERR_NOMEM             (SQLITE_IOERR | (12<<8))
+#define SQLITE_IOERR_ACCESS            (SQLITE_IOERR | (13<<8))
+#define SQLITE_IOERR_CHECKRESERVEDLOCK (SQLITE_IOERR | (14<<8))
+#define SQLITE_IOERR_LOCK              (SQLITE_IOERR | (15<<8))
+#define SQLITE_IOERR_CLOSE             (SQLITE_IOERR | (16<<8))
+#define SQLITE_IOERR_DIR_CLOSE         (SQLITE_IOERR | (17<<8))
+#define SQLITE_IOERR_SHMOPEN           (SQLITE_IOERR | (18<<8))
+#define SQLITE_IOERR_SHMSIZE           (SQLITE_IOERR | (19<<8))
+#define SQLITE_IOERR_SHMLOCK           (SQLITE_IOERR | (20<<8))
+#define SQLITE_IOERR_SHMMAP            (SQLITE_IOERR | (21<<8))
+#define SQLITE_IOERR_SEEK              (SQLITE_IOERR | (22<<8))
+#define SQLITE_IOERR_DELETE_NOENT      (SQLITE_IOERR | (23<<8))
+#define SQLITE_IOERR_MMAP              (SQLITE_IOERR | (24<<8))
+#define SQLITE_IOERR_GETTEMPPATH       (SQLITE_IOERR | (25<<8))
+#define SQLITE_IOERR_CONVPATH          (SQLITE_IOERR | (26<<8))
+#define SQLITE_IOERR_VNODE             (SQLITE_IOERR | (27<<8))
+#define SQLITE_IOERR_AUTH              (SQLITE_IOERR | (28<<8))
+#define SQLITE_LOCKED_SHAREDCACHE      (SQLITE_LOCKED |  (1<<8))
+#define SQLITE_BUSY_RECOVERY           (SQLITE_BUSY   |  (1<<8))
+#define SQLITE_BUSY_SNAPSHOT           (SQLITE_BUSY   |  (2<<8))
+#define SQLITE_CANTOPEN_NOTEMPDIR      (SQLITE_CANTOPEN | (1<<8))
+#define SQLITE_CANTOPEN_ISDIR          (SQLITE_CANTOPEN | (2<<8))
+#define SQLITE_CANTOPEN_FULLPATH       (SQLITE_CANTOPEN | (3<<8))
+#define SQLITE_CANTOPEN_CONVPATH       (SQLITE_CANTOPEN | (4<<8))
+#define SQLITE_CORRUPT_VTAB            (SQLITE_CORRUPT | (1<<8))
+#define SQLITE_READONLY_RECOVERY       (SQLITE_READONLY | (1<<8))
+#define SQLITE_READONLY_CANTLOCK       (SQLITE_READONLY | (2<<8))
+#define SQLITE_READONLY_ROLLBACK       (SQLITE_READONLY | (3<<8))
+#define SQLITE_READONLY_DBMOVED        (SQLITE_READONLY | (4<<8))
+#define SQLITE_ABORT_ROLLBACK          (SQLITE_ABORT | (2<<8))
+#define SQLITE_CONSTRAINT_CHECK        (SQLITE_CONSTRAINT | (1<<8))
+#define SQLITE_CONSTRAINT_COMMITHOOK   (SQLITE_CONSTRAINT | (2<<8))
+#define SQLITE_CONSTRAINT_FOREIGNKEY   (SQLITE_CONSTRAINT | (3<<8))
+#define SQLITE_CONSTRAINT_FUNCTION     (SQLITE_CONSTRAINT | (4<<8))
+#define SQLITE_CONSTRAINT_NOTNULL      (SQLITE_CONSTRAINT | (5<<8))
+#define SQLITE_CONSTRAINT_PRIMARYKEY   (SQLITE_CONSTRAINT | (6<<8))
+#define SQLITE_CONSTRAINT_TRIGGER      (SQLITE_CONSTRAINT | (7<<8))
+#define SQLITE_CONSTRAINT_UNIQUE       (SQLITE_CONSTRAINT | (8<<8))
+#define SQLITE_CONSTRAINT_VTAB         (SQLITE_CONSTRAINT | (9<<8))
+#define SQLITE_CONSTRAINT_ROWID        (SQLITE_CONSTRAINT |(10<<8))
+#define SQLITE_NOTICE_RECOVER_WAL      (SQLITE_NOTICE | (1<<8))
+#define SQLITE_NOTICE_RECOVER_ROLLBACK (SQLITE_NOTICE | (2<<8))
+#define SQLITE_WARNING_AUTOINDEX       (SQLITE_WARNING | (1<<8))
+#define SQLITE_AUTH_USER               (SQLITE_AUTH | (1<<8))
+
+/*
+** CAPI3REF: Flags For File Open Operations
+**
+** These bit values are intended for use in the
+** 3rd parameter to the [sqlite3_open_v2()] interface and
+** in the 4th parameter to the [sqlite3_vfs.xOpen] method.
+*/
+#define SQLITE_OPEN_READONLY         0x00000001  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_READWRITE        0x00000002  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_CREATE           0x00000004  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_DELETEONCLOSE    0x00000008  /* VFS only */
+#define SQLITE_OPEN_EXCLUSIVE        0x00000010  /* VFS only */
+#define SQLITE_OPEN_AUTOPROXY        0x00000020  /* VFS only */
+#define SQLITE_OPEN_URI              0x00000040  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_MEMORY           0x00000080  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_MAIN_DB          0x00000100  /* VFS only */
+#define SQLITE_OPEN_TEMP_DB          0x00000200  /* VFS only */
+#define SQLITE_OPEN_TRANSIENT_DB     0x00000400  /* VFS only */
+#define SQLITE_OPEN_MAIN_JOURNAL     0x00000800  /* VFS only */
+#define SQLITE_OPEN_TEMP_JOURNAL     0x00001000  /* VFS only */
+#define SQLITE_OPEN_SUBJOURNAL       0x00002000  /* VFS only */
+#define SQLITE_OPEN_MASTER_JOURNAL   0x00004000  /* VFS only */
+#define SQLITE_OPEN_NOMUTEX          0x00008000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_FULLMUTEX        0x00010000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_SHAREDCACHE      0x00020000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_PRIVATECACHE     0x00040000  /* Ok for sqlite3_open_v2() */
+#define SQLITE_OPEN_WAL              0x00080000  /* VFS only */
+
+/* Reserved:                         0x00F00000 */
+
+/*
+** CAPI3REF: Device Characteristics
+**
+** The xDeviceCharacteristics method of the [sqlite3_io_methods]
+** object returns an integer which is a vector of these
+** bit values expressing I/O characteristics of the mass storage
+** device that holds the file that the [sqlite3_io_methods]
+** refers to.
+**
+** The SQLITE_IOCAP_ATOMIC property means that all writes of
+** any size are atomic.  The SQLITE_IOCAP_ATOMICnnn values
+** mean that writes of blocks that are nnn bytes in size and
+** are aligned to an address which is an integer multiple of
+** nnn are atomic.  The SQLITE_IOCAP_SAFE_APPEND value means
+** that when data is appended to a file, the data is appended
+** first then the size of the file is extended, never the other
+** way around.  The SQLITE_IOCAP_SEQUENTIAL property means that
+** information is written to disk in the same order as calls
+** to xWrite().  The SQLITE_IOCAP_POWERSAFE_OVERWRITE property means that
+** after reboot following a crash or power loss, the only bytes in a
+** file that were written at the application level might have changed
+** and that adjacent bytes, even bytes within the same sector are
+** guaranteed to be unchanged.  The SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN
+** flag indicate that a file cannot be deleted when open.  The
+** SQLITE_IOCAP_IMMUTABLE flag indicates that the file is on
+** read-only media and cannot be changed even by processes with
+** elevated privileges.
+*/
+#define SQLITE_IOCAP_ATOMIC                 0x00000001
+#define SQLITE_IOCAP_ATOMIC512              0x00000002
+#define SQLITE_IOCAP_ATOMIC1K               0x00000004
+#define SQLITE_IOCAP_ATOMIC2K               0x00000008
+#define SQLITE_IOCAP_ATOMIC4K               0x00000010
+#define SQLITE_IOCAP_ATOMIC8K               0x00000020
+#define SQLITE_IOCAP_ATOMIC16K              0x00000040
+#define SQLITE_IOCAP_ATOMIC32K              0x00000080
+#define SQLITE_IOCAP_ATOMIC64K              0x00000100
+#define SQLITE_IOCAP_SAFE_APPEND            0x00000200
+#define SQLITE_IOCAP_SEQUENTIAL             0x00000400
+#define SQLITE_IOCAP_UNDELETABLE_WHEN_OPEN  0x00000800
+#define SQLITE_IOCAP_POWERSAFE_OVERWRITE    0x00001000
+#define SQLITE_IOCAP_IMMUTABLE              0x00002000
+
+/*
+** CAPI3REF: File Locking Levels
+**
+** SQLite uses one of these integer values as the second
+** argument to calls it makes to the xLock() and xUnlock() methods
+** of an [sqlite3_io_methods] object.
+*/
+#define SQLITE_LOCK_NONE          0
+#define SQLITE_LOCK_SHARED        1
+#define SQLITE_LOCK_RESERVED      2
+#define SQLITE_LOCK_PENDING       3
+#define SQLITE_LOCK_EXCLUSIVE     4
+
+/*
+** CAPI3REF: Synchronization Type Flags
+**
+** When SQLite invokes the xSync() method of an
+** [sqlite3_io_methods] object it uses a combination of
+** these integer values as the second argument.
+**
+** When the SQLITE_SYNC_DATAONLY flag is used, it means that the
+** sync operation only needs to flush data to mass storage.  Inode
+** information need not be flushed. If the lower four bits of the flag
+** equal SQLITE_SYNC_NORMAL, that means to use normal fsync() semantics.
+** If the lower four bits equal SQLITE_SYNC_FULL, that means
+** to use Mac OS X style fullsync instead of fsync().
+**
+** Do not confuse the SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags
+** with the [PRAGMA synchronous]=NORMAL and [PRAGMA synchronous]=FULL
+** settings.  The [synchronous pragma] determines when calls to the
+** xSync VFS method occur and applies uniformly across all platforms.
+** The SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL flags determine how
+** energetic or rigorous or forceful the sync operations are and
+** only make a difference on Mac OSX for the default SQLite code.
+** (Third-party VFS implementations might also make the distinction
+** between SQLITE_SYNC_NORMAL and SQLITE_SYNC_FULL, but among the
+** operating systems natively supported by SQLite, only Mac OSX
+** cares about the difference.)
+*/
+#define SQLITE_SYNC_NORMAL        0x00002
+#define SQLITE_SYNC_FULL          0x00003
+#define SQLITE_SYNC_DATAONLY      0x00010
+
+/*
+** CAPI3REF: OS Interface Open File Handle
+**
+** An [sqlite3_file] object represents an open file in the 
+** [sqlite3_vfs | OS interface layer].  Individual OS interface
+** implementations will
+** want to subclass this object by appending additional fields
+** for their own use.  The pMethods entry is a pointer to an
+** [sqlite3_io_methods] object that defines methods for performing
+** I/O operations on the open file.
+*/
+typedef struct sqlite3_file sqlite3_file;
+struct sqlite3_file {
+  const struct sqlite3_io_methods *pMethods;  /* Methods for an open file */
+};
+
+/*
+** CAPI3REF: OS Interface File Virtual Methods Object
+**
+** Every file opened by the [sqlite3_vfs.xOpen] method populates an
+** [sqlite3_file] object (or, more commonly, a subclass of the
+** [sqlite3_file] object) with a pointer to an instance of this object.
+** This object defines the methods used to perform various operations
+** against the open file represented by the [sqlite3_file] object.
+**
+** If the [sqlite3_vfs.xOpen] method sets the sqlite3_file.pMethods element 
+** to a non-NULL pointer, then the sqlite3_io_methods.xClose method
+** may be invoked even if the [sqlite3_vfs.xOpen] reported that it failed.  The
+** only way to prevent a call to xClose following a failed [sqlite3_vfs.xOpen]
+** is for the [sqlite3_vfs.xOpen] to set the sqlite3_file.pMethods element
+** to NULL.
+**
+** The flags argument to xSync may be one of [SQLITE_SYNC_NORMAL] or
+** [SQLITE_SYNC_FULL].  The first choice is the normal fsync().
+** The second choice is a Mac OS X style fullsync.  The [SQLITE_SYNC_DATAONLY]
+** flag may be ORed in to indicate that only the data of the file
+** and not its inode needs to be synced.
+**
+** The integer values to xLock() and xUnlock() are one of
+** <ul>
+** <li> [SQLITE_LOCK_NONE],
+** <li> [SQLITE_LOCK_SHARED],
+** <li> [SQLITE_LOCK_RESERVED],
+** <li> [SQLITE_LOCK_PENDING], or
+** <li> [SQLITE_LOCK_EXCLUSIVE].
+** </ul>
+** xLock() increases the lock. xUnlock() decreases the lock.
+** The xCheckReservedLock() method checks whether any database connection,
+** either in this process or in some other process, is holding a RESERVED,
+** PENDING, or EXCLUSIVE lock on the file.  It returns true
+** if such a lock exists and false otherwise.
+**
+** The xFileControl() method is a generic interface that allows custom
+** VFS implementations to directly control an open file using the
+** [sqlite3_file_control()] interface.  The second "op" argument is an
+** integer opcode.  The third argument is a generic pointer intended to
+** point to a structure that may contain arguments or space in which to
+** write return values.  Potential uses for xFileControl() might be
+** functions to enable blocking locks with timeouts, to change the
+** locking strategy (for example to use dot-file locks), to inquire
+** about the status of a lock, or to break stale locks.  The SQLite
+** core reserves all opcodes less than 100 for its own use.
+** A [file control opcodes | list of opcodes] less than 100 is available.
+** Applications that define a custom xFileControl method should use opcodes
+** greater than 100 to avoid conflicts.  VFS implementations should
+** return [SQLITE_NOTFOUND] for file control opcodes that they do not
+** recognize.
+**
+** The xSectorSize() method returns the sector size of the
+** device that underlies the file.  The sector size is the
+** minimum write that can be performed without disturbing
+** other bytes in the file.  The xDeviceCharacteristics()
+** method returns a bit vector describing behaviors of the
+** underlying device:
+**
+** <ul>
+** <li> [SQLITE_IOCAP_ATOMIC]
+** <li> [SQLITE_IOCAP_ATOMIC512]
+** <li> [SQLITE_IOCAP_ATOMIC1K]
+** <li> [SQLITE_IOCAP_ATOMIC2K]
+** <li> [SQLITE_IOCAP_ATOMIC4K]
+** <li> [SQLITE_IOCAP_ATOMIC8K]
+** <li> [SQLITE_IOCAP_ATOMIC16K]
+** <li> [SQLITE_IOCAP_ATOMIC32K]
+** <li> [SQLITE_IOCAP_ATOMIC64K]
+** <li> [SQLITE_IOCAP_SAFE_APPEND]
+** <li> [SQLITE_IOCAP_SEQUENTIAL]
+** </ul>
+**
+** The SQLITE_IOCAP_ATOMIC property means that all writes of
+** any size are atomic.  The SQLITE_IOCAP_ATOMICnnn values
+** mean that writes of blocks that are nnn bytes in size and
+** are aligned to an address which is an integer multiple of
+** nnn are atomic.  The SQLITE_IOCAP_SAFE_APPEND value means
+** that when data is appended to a file, the data is appended
+** first then the size of the file is extended, never the other
+** way around.  The SQLITE_IOCAP_SEQUENTIAL property means that
+** information is written to disk in the same order as calls
+** to xWrite().
+**
+** If xRead() returns SQLITE_IOERR_SHORT_READ it must also fill
+** in the unread portions of the buffer with zeros.  A VFS that
+** fails to zero-fill short reads might seem to work.  However,
+** failure to zero-fill short reads will eventually lead to
+** database corruption.
+*/
+typedef struct sqlite3_io_methods sqlite3_io_methods;
+struct sqlite3_io_methods {
+  int iVersion;
+  int (*xClose)(sqlite3_file*);
+  int (*xRead)(sqlite3_file*, void*, int iAmt, sqlite3_int64 iOfst);
+  int (*xWrite)(sqlite3_file*, const void*, int iAmt, sqlite3_int64 iOfst);
+  int (*xTruncate)(sqlite3_file*, sqlite3_int64 size);
+  int (*xSync)(sqlite3_file*, int flags);
+  int (*xFileSize)(sqlite3_file*, sqlite3_int64 *pSize);
+  int (*xLock)(sqlite3_file*, int);
+  int (*xUnlock)(sqlite3_file*, int);
+  int (*xCheckReservedLock)(sqlite3_file*, int *pResOut);
+  int (*xFileControl)(sqlite3_file*, int op, void *pArg);
+  int (*xSectorSize)(sqlite3_file*);
+  int (*xDeviceCharacteristics)(sqlite3_file*);
+  /* Methods above are valid for version 1 */
+  int (*xShmMap)(sqlite3_file*, int iPg, int pgsz, int, void volatile**);
+  int (*xShmLock)(sqlite3_file*, int offset, int n, int flags);
+  void (*xShmBarrier)(sqlite3_file*);
+  int (*xShmUnmap)(sqlite3_file*, int deleteFlag);
+  /* Methods above are valid for version 2 */
+  int (*xFetch)(sqlite3_file*, sqlite3_int64 iOfst, int iAmt, void **pp);
+  int (*xUnfetch)(sqlite3_file*, sqlite3_int64 iOfst, void *p);
+  /* Methods above are valid for version 3 */
+  /* Additional methods may be added in future releases */
+};
+
+/*
+** CAPI3REF: Standard File Control Opcodes
+** KEYWORDS: {file control opcodes} {file control opcode}
+**
+** These integer constants are opcodes for the xFileControl method
+** of the [sqlite3_io_methods] object and for the [sqlite3_file_control()]
+** interface.
+**
+** <ul>
+** <li>[[SQLITE_FCNTL_LOCKSTATE]]
+** The [SQLITE_FCNTL_LOCKSTATE] opcode is used for debugging.  This
+** opcode causes the xFileControl method to write the current state of
+** the lock (one of [SQLITE_LOCK_NONE], [SQLITE_LOCK_SHARED],
+** [SQLITE_LOCK_RESERVED], [SQLITE_LOCK_PENDING], or [SQLITE_LOCK_EXCLUSIVE])
+** into an integer that the pArg argument points to. This capability
+** is used during testing and is only available when the SQLITE_TEST
+** compile-time option is used.
+**
+** <li>[[SQLITE_FCNTL_SIZE_HINT]]
+** The [SQLITE_FCNTL_SIZE_HINT] opcode is used by SQLite to give the VFS
+** layer a hint of how large the database file will grow to be during the
+** current transaction.  This hint is not guaranteed to be accurate but it
+** is often close.  The underlying VFS might choose to preallocate database
+** file space based on this hint in order to help writes to the database
+** file run faster.
+**
+** <li>[[SQLITE_FCNTL_CHUNK_SIZE]]
+** The [SQLITE_FCNTL_CHUNK_SIZE] opcode is used to request that the VFS
+** extends and truncates the database file in chunks of a size specified
+** by the user. The fourth argument to [sqlite3_file_control()] should 
+** point to an integer (type int) containing the new chunk-size to use
+** for the nominated database. Allocating database file space in large
+** chunks (say 1MB at a time), may reduce file-system fragmentation and
+** improve performance on some systems.
+**
+** <li>[[SQLITE_FCNTL_FILE_POINTER]]
+** The [SQLITE_FCNTL_FILE_POINTER] opcode is used to obtain a pointer
+** to the [sqlite3_file] object associated with a particular database
+** connection.  See also [SQLITE_FCNTL_JOURNAL_POINTER].
+**
+** <li>[[SQLITE_FCNTL_JOURNAL_POINTER]]
+** The [SQLITE_FCNTL_JOURNAL_POINTER] opcode is used to obtain a pointer
+** to the [sqlite3_file] object associated with the journal file (either
+** the [rollback journal] or the [write-ahead log]) for a particular database
+** connection.  See also [SQLITE_FCNTL_FILE_POINTER].
+**
+** <li>[[SQLITE_FCNTL_SYNC_OMITTED]]
+** No longer in use.
+**
+** <li>[[SQLITE_FCNTL_SYNC]]
+** The [SQLITE_FCNTL_SYNC] opcode is generated internally by SQLite and
+** sent to the VFS immediately before the xSync method is invoked on a
+** database file descriptor. Or, if the xSync method is not invoked 
+** because the user has configured SQLite with 
+** [PRAGMA synchronous | PRAGMA synchronous=OFF] it is invoked in place 
+** of the xSync method. In most cases, the pointer argument passed with
+** this file-control is NULL. However, if the database file is being synced
+** as part of a multi-database commit, the argument points to a nul-terminated
+** string containing the transactions master-journal file name. VFSes that 
+** do not need this signal should silently ignore this opcode. Applications 
+** should not call [sqlite3_file_control()] with this opcode as doing so may 
+** disrupt the operation of the specialized VFSes that do require it.  
+**
+** <li>[[SQLITE_FCNTL_COMMIT_PHASETWO]]
+** The [SQLITE_FCNTL_COMMIT_PHASETWO] opcode is generated internally by SQLite
+** and sent to the VFS after a transaction has been committed immediately
+** but before the database is unlocked. VFSes that do not need this signal
+** should silently ignore this opcode. Applications should not call
+** [sqlite3_file_control()] with this opcode as doing so may disrupt the 
+** operation of the specialized VFSes that do require it.  
+**
+** <li>[[SQLITE_FCNTL_WIN32_AV_RETRY]]
+** ^The [SQLITE_FCNTL_WIN32_AV_RETRY] opcode is used to configure automatic
+** retry counts and intervals for certain disk I/O operations for the
+** windows [VFS] in order to provide robustness in the presence of
+** anti-virus programs.  By default, the windows VFS will retry file read,
+** file write, and file delete operations up to 10 times, with a delay
+** of 25 milliseconds before the first retry and with the delay increasing
+** by an additional 25 milliseconds with each subsequent retry.  This
+** opcode allows these two values (10 retries and 25 milliseconds of delay)
+** to be adjusted.  The values are changed for all database connections
+** within the same process.  The argument is a pointer to an array of two
+** integers where the first integer i the new retry count and the second
+** integer is the delay.  If either integer is negative, then the setting
+** is not changed but instead the prior value of that setting is written
+** into the array entry, allowing the current retry settings to be
+** interrogated.  The zDbName parameter is ignored.
+**
+** <li>[[SQLITE_FCNTL_PERSIST_WAL]]
+** ^The [SQLITE_FCNTL_PERSIST_WAL] opcode is used to set or query the
+** persistent [WAL | Write Ahead Log] setting.  By default, the auxiliary
+** write ahead log and shared memory files used for transaction control
+** are automatically deleted when the latest connection to the database
+** closes.  Setting persistent WAL mode causes those files to persist after
+** close.  Persisting the files is useful when other processes that do not
+** have write permission on the directory containing the database file want
+** to read the database file, as the WAL and shared memory files must exist
+** in order for the database to be readable.  The fourth parameter to
+** [sqlite3_file_control()] for this opcode should be a pointer to an integer.
+** That integer is 0 to disable persistent WAL mode or 1 to enable persistent
+** WAL mode.  If the integer is -1, then it is overwritten with the current
+** WAL persistence setting.
+**
+** <li>[[SQLITE_FCNTL_POWERSAFE_OVERWRITE]]
+** ^The [SQLITE_FCNTL_POWERSAFE_OVERWRITE] opcode is used to set or query the
+** persistent "powersafe-overwrite" or "PSOW" setting.  The PSOW setting
+** determines the [SQLITE_IOCAP_POWERSAFE_OVERWRITE] bit of the
+** xDeviceCharacteristics methods. The fourth parameter to
+** [sqlite3_file_control()] for this opcode should be a pointer to an integer.
+** That integer is 0 to disable zero-damage mode or 1 to enable zero-damage
+** mode.  If the integer is -1, then it is overwritten with the current
+** zero-damage mode setting.
+**
+** <li>[[SQLITE_FCNTL_OVERWRITE]]
+** ^The [SQLITE_FCNTL_OVERWRITE] opcode is invoked by SQLite after opening
+** a write transaction to indicate that, unless it is rolled back for some
+** reason, the entire database file will be overwritten by the current 
+** transaction. This is used by VACUUM operations.
+**
+** <li>[[SQLITE_FCNTL_VFSNAME]]
+** ^The [SQLITE_FCNTL_VFSNAME] opcode can be used to obtain the names of
+** all [VFSes] in the VFS stack.  The names are of all VFS shims and the
+** final bottom-level VFS are written into memory obtained from 
+** [sqlite3_malloc()] and the result is stored in the char* variable
+** that the fourth parameter of [sqlite3_file_control()] points to.
+** The caller is responsible for freeing the memory when done.  As with
+** all file-control actions, there is no guarantee that this will actually
+** do anything.  Callers should initialize the char* variable to a NULL
+** pointer in case this file-control is not implemented.  This file-control
+** is intended for diagnostic use only.
+**
+** <li>[[SQLITE_FCNTL_VFS_POINTER]]
+** ^The [SQLITE_FCNTL_VFS_POINTER] opcode finds a pointer to the top-level
+** [VFSes] currently in use.  ^(The argument X in
+** sqlite3_file_control(db,SQLITE_FCNTL_VFS_POINTER,X) must be
+** of type "[sqlite3_vfs] **".  This opcodes will set *X
+** to a pointer to the top-level VFS.)^
+** ^When there are multiple VFS shims in the stack, this opcode finds the
+** upper-most shim only.
+**
+** <li>[[SQLITE_FCNTL_PRAGMA]]
+** ^Whenever a [PRAGMA] statement is parsed, an [SQLITE_FCNTL_PRAGMA] 
+** file control is sent to the open [sqlite3_file] object corresponding
+** to the database file to which the pragma statement refers. ^The argument
+** to the [SQLITE_FCNTL_PRAGMA] file control is an array of
+** pointers to strings (char**) in which the second element of the array
+** is the name of the pragma and the third element is the argument to the
+** pragma or NULL if the pragma has no argument.  ^The handler for an
+** [SQLITE_FCNTL_PRAGMA] file control can optionally make the first element
+** of the char** argument point to a string obtained from [sqlite3_mprintf()]
+** or the equivalent and that string will become the result of the pragma or
+** the error message if the pragma fails. ^If the
+** [SQLITE_FCNTL_PRAGMA] file control returns [SQLITE_NOTFOUND], then normal 
+** [PRAGMA] processing continues.  ^If the [SQLITE_FCNTL_PRAGMA]
+** file control returns [SQLITE_OK], then the parser assumes that the
+** VFS has handled the PRAGMA itself and the parser generates a no-op
+** prepared statement if result string is NULL, or that returns a copy
+** of the result string if the string is non-NULL.
+** ^If the [SQLITE_FCNTL_PRAGMA] file control returns
+** any result code other than [SQLITE_OK] or [SQLITE_NOTFOUND], that means
+** that the VFS encountered an error while handling the [PRAGMA] and the
+** compilation of the PRAGMA fails with an error.  ^The [SQLITE_FCNTL_PRAGMA]
+** file control occurs at the beginning of pragma statement analysis and so
+** it is able to override built-in [PRAGMA] statements.
+**
+** <li>[[SQLITE_FCNTL_BUSYHANDLER]]
+** ^The [SQLITE_FCNTL_BUSYHANDLER]
+** file-control may be invoked by SQLite on the database file handle
+** shortly after it is opened in order to provide a custom VFS with access
+** to the connections busy-handler callback. The argument is of type (void **)
+** - an array of two (void *) values. The first (void *) actually points
+** to a function of type (int (*)(void *)). In order to invoke the connections
+** busy-handler, this function should be invoked with the second (void *) in
+** the array as the only argument. If it returns non-zero, then the operation
+** should be retried. If it returns zero, the custom VFS should abandon the
+** current operation.
+**
+** <li>[[SQLITE_FCNTL_TEMPFILENAME]]
+** ^Application can invoke the [SQLITE_FCNTL_TEMPFILENAME] file-control
+** to have SQLite generate a
+** temporary filename using the same algorithm that is followed to generate
+** temporary filenames for TEMP tables and other internal uses.  The
+** argument should be a char** which will be filled with the filename
+** written into memory obtained from [sqlite3_malloc()].  The caller should
+** invoke [sqlite3_free()] on the result to avoid a memory leak.
+**
+** <li>[[SQLITE_FCNTL_MMAP_SIZE]]
+** The [SQLITE_FCNTL_MMAP_SIZE] file control is used to query or set the
+** maximum number of bytes that will be used for memory-mapped I/O.
+** The argument is a pointer to a value of type sqlite3_int64 that
+** is an advisory maximum number of bytes in the file to memory map.  The
+** pointer is overwritten with the old value.  The limit is not changed if
+** the value originally pointed to is negative, and so the current limit 
+** can be queried by passing in a pointer to a negative number.  This
+** file-control is used internally to implement [PRAGMA mmap_size].
+**
+** <li>[[SQLITE_FCNTL_TRACE]]
+** The [SQLITE_FCNTL_TRACE] file control provides advisory information
+** to the VFS about what the higher layers of the SQLite stack are doing.
+** This file control is used by some VFS activity tracing [shims].
+** The argument is a zero-terminated string.  Higher layers in the
+** SQLite stack may generate instances of this file control if
+** the [SQLITE_USE_FCNTL_TRACE] compile-time option is enabled.
+**
+** <li>[[SQLITE_FCNTL_HAS_MOVED]]
+** The [SQLITE_FCNTL_HAS_MOVED] file control interprets its argument as a
+** pointer to an integer and it writes a boolean into that integer depending
+** on whether or not the file has been renamed, moved, or deleted since it
+** was first opened.
+**
+** <li>[[SQLITE_FCNTL_WIN32_SET_HANDLE]]
+** The [SQLITE_FCNTL_WIN32_SET_HANDLE] opcode is used for debugging.  This
+** opcode causes the xFileControl method to swap the file handle with the one
+** pointed to by the pArg argument.  This capability is used during testing
+** and only needs to be supported when SQLITE_TEST is defined.
+**
+** <li>[[SQLITE_FCNTL_WAL_BLOCK]]
+** The [SQLITE_FCNTL_WAL_BLOCK] is a signal to the VFS layer that it might
+** be advantageous to block on the next WAL lock if the lock is not immediately
+** available.  The WAL subsystem issues this signal during rare
+** circumstances in order to fix a problem with priority inversion.
+** Applications should <em>not</em> use this file-control.
+**
+** <li>[[SQLITE_FCNTL_ZIPVFS]]
+** The [SQLITE_FCNTL_ZIPVFS] opcode is implemented by zipvfs only. All other
+** VFS should return SQLITE_NOTFOUND for this opcode.
+**
+** <li>[[SQLITE_FCNTL_RBU]]
+** The [SQLITE_FCNTL_RBU] opcode is implemented by the special VFS used by
+** the RBU extension only.  All other VFS should return SQLITE_NOTFOUND for
+** this opcode.  
+** </ul>
+*/
+#define SQLITE_FCNTL_LOCKSTATE               1
+#define SQLITE_FCNTL_GET_LOCKPROXYFILE       2
+#define SQLITE_FCNTL_SET_LOCKPROXYFILE       3
+#define SQLITE_FCNTL_LAST_ERRNO              4
+#define SQLITE_FCNTL_SIZE_HINT               5
+#define SQLITE_FCNTL_CHUNK_SIZE              6
+#define SQLITE_FCNTL_FILE_POINTER            7
+#define SQLITE_FCNTL_SYNC_OMITTED            8
+#define SQLITE_FCNTL_WIN32_AV_RETRY          9
+#define SQLITE_FCNTL_PERSIST_WAL            10
+#define SQLITE_FCNTL_OVERWRITE              11
+#define SQLITE_FCNTL_VFSNAME                12
+#define SQLITE_FCNTL_POWERSAFE_OVERWRITE    13
+#define SQLITE_FCNTL_PRAGMA                 14
+#define SQLITE_FCNTL_BUSYHANDLER            15
+#define SQLITE_FCNTL_TEMPFILENAME           16
+#define SQLITE_FCNTL_MMAP_SIZE              18
+#define SQLITE_FCNTL_TRACE                  19
+#define SQLITE_FCNTL_HAS_MOVED              20
+#define SQLITE_FCNTL_SYNC                   21
+#define SQLITE_FCNTL_COMMIT_PHASETWO        22
+#define SQLITE_FCNTL_WIN32_SET_HANDLE       23
+#define SQLITE_FCNTL_WAL_BLOCK              24
+#define SQLITE_FCNTL_ZIPVFS                 25
+#define SQLITE_FCNTL_RBU                    26
+#define SQLITE_FCNTL_VFS_POINTER            27
+#define SQLITE_FCNTL_JOURNAL_POINTER        28
+
+/* deprecated names */
+#define SQLITE_GET_LOCKPROXYFILE      SQLITE_FCNTL_GET_LOCKPROXYFILE
+#define SQLITE_SET_LOCKPROXYFILE      SQLITE_FCNTL_SET_LOCKPROXYFILE
+#define SQLITE_LAST_ERRNO             SQLITE_FCNTL_LAST_ERRNO
+
+
+/*
+** CAPI3REF: Mutex Handle
+**
+** The mutex module within SQLite defines [sqlite3_mutex] to be an
+** abstract type for a mutex object.  The SQLite core never looks
+** at the internal representation of an [sqlite3_mutex].  It only
+** deals with pointers to the [sqlite3_mutex] object.
+**
+** Mutexes are created using [sqlite3_mutex_alloc()].
+*/
+typedef struct sqlite3_mutex sqlite3_mutex;
+
+/*
+** CAPI3REF: OS Interface Object
+**
+** An instance of the sqlite3_vfs object defines the interface between
+** the SQLite core and the underlying operating system.  The "vfs"
+** in the name of the object stands for "virtual file system".  See
+** the [VFS | VFS documentation] for further information.
+**
+** The value of the iVersion field is initially 1 but may be larger in
+** future versions of SQLite.  Additional fields may be appended to this
+** object when the iVersion value is increased.  Note that the structure
+** of the sqlite3_vfs object changes in the transaction between
+** SQLite version 3.5.9 and 3.6.0 and yet the iVersion field was not
+** modified.
+**
+** The szOsFile field is the size of the subclassed [sqlite3_file]
+** structure used by this VFS.  mxPathname is the maximum length of
+** a pathname in this VFS.
+**
+** Registered sqlite3_vfs objects are kept on a linked list formed by
+** the pNext pointer.  The [sqlite3_vfs_register()]
+** and [sqlite3_vfs_unregister()] interfaces manage this list
+** in a thread-safe way.  The [sqlite3_vfs_find()] interface
+** searches the list.  Neither the application code nor the VFS
+** implementation should use the pNext pointer.
+**
+** The pNext field is the only field in the sqlite3_vfs
+** structure that SQLite will ever modify.  SQLite will only access
+** or modify this field while holding a particular static mutex.
+** The application should never modify anything within the sqlite3_vfs
+** object once the object has been registered.
+**
+** The zName field holds the name of the VFS module.  The name must
+** be unique across all VFS modules.
+**
+** [[sqlite3_vfs.xOpen]]
+** ^SQLite guarantees that the zFilename parameter to xOpen
+** is either a NULL pointer or string obtained
+** from xFullPathname() with an optional suffix added.
+** ^If a suffix is added to the zFilename parameter, it will
+** consist of a single "-" character followed by no more than
+** 11 alphanumeric and/or "-" characters.
+** ^SQLite further guarantees that
+** the string will be valid and unchanged until xClose() is
+** called. Because of the previous sentence,
+** the [sqlite3_file] can safely store a pointer to the
+** filename if it needs to remember the filename for some reason.
+** If the zFilename parameter to xOpen is a NULL pointer then xOpen
+** must invent its own temporary name for the file.  ^Whenever the 
+** xFilename parameter is NULL it will also be the case that the
+** flags parameter will include [SQLITE_OPEN_DELETEONCLOSE].
+**
+** The flags argument to xOpen() includes all bits set in
+** the flags argument to [sqlite3_open_v2()].  Or if [sqlite3_open()]
+** or [sqlite3_open16()] is used, then flags includes at least
+** [SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]. 
+** If xOpen() opens a file read-only then it sets *pOutFlags to
+** include [SQLITE_OPEN_READONLY].  Other bits in *pOutFlags may be set.
+**
+** ^(SQLite will also add one of the following flags to the xOpen()
+** call, depending on the object being opened:
+**
+** <ul>
+** <li>  [SQLITE_OPEN_MAIN_DB]
+** <li>  [SQLITE_OPEN_MAIN_JOURNAL]
+** <li>  [SQLITE_OPEN_TEMP_DB]
+** <li>  [SQLITE_OPEN_TEMP_JOURNAL]
+** <li>  [SQLITE_OPEN_TRANSIENT_DB]
+** <li>  [SQLITE_OPEN_SUBJOURNAL]
+** <li>  [SQLITE_OPEN_MASTER_JOURNAL]
+** <li>  [SQLITE_OPEN_WAL]
+** </ul>)^
+**
+** The file I/O implementation can use the object type flags to
+** change the way it deals with files.  For example, an application
+** that does not care about crash recovery or rollback might make
+** the open of a journal file a no-op.  Writes to this journal would
+** also be no-ops, and any attempt to read the journal would return
+** SQLITE_IOERR.  Or the implementation might recognize that a database
+** file will be doing page-aligned sector reads and writes in a random
+** order and set up its I/O subsystem accordingly.
+**
+** SQLite might also add one of the following flags to the xOpen method:
+**
+** <ul>
+** <li> [SQLITE_OPEN_DELETEONCLOSE]
+** <li> [SQLITE_OPEN_EXCLUSIVE]
+** </ul>
+**
+** The [SQLITE_OPEN_DELETEONCLOSE] flag means the file should be
+** deleted when it is closed.  ^The [SQLITE_OPEN_DELETEONCLOSE]
+** will be set for TEMP databases and their journals, transient
+** databases, and subjournals.
+**
+** ^The [SQLITE_OPEN_EXCLUSIVE] flag is always used in conjunction
+** with the [SQLITE_OPEN_CREATE] flag, which are both directly
+** analogous to the O_EXCL and O_CREAT flags of the POSIX open()
+** API.  The SQLITE_OPEN_EXCLUSIVE flag, when paired with the 
+** SQLITE_OPEN_CREATE, is used to indicate that file should always
+** be created, and that it is an error if it already exists.
+** It is <i>not</i> used to indicate the file should be opened 
+** for exclusive access.
+**
+** ^At least szOsFile bytes of memory are allocated by SQLite
+** to hold the  [sqlite3_file] structure passed as the third
+** argument to xOpen.  The xOpen method does not have to
+** allocate the structure; it should just fill it in.  Note that
+** the xOpen method must set the sqlite3_file.pMethods to either
+** a valid [sqlite3_io_methods] object or to NULL.  xOpen must do
+** this even if the open fails.  SQLite expects that the sqlite3_file.pMethods
+** element will be valid after xOpen returns regardless of the success
+** or failure of the xOpen call.
+**
+** [[sqlite3_vfs.xAccess]]
+** ^The flags argument to xAccess() may be [SQLITE_ACCESS_EXISTS]
+** to test for the existence of a file, or [SQLITE_ACCESS_READWRITE] to
+** test whether a file is readable and writable, or [SQLITE_ACCESS_READ]
+** to test whether a file is at least readable.   The file can be a
+** directory.
+**
+** ^SQLite will always allocate at least mxPathname+1 bytes for the
+** output buffer xFullPathname.  The exact size of the output buffer
+** is also passed as a parameter to both  methods. If the output buffer
+** is not large enough, [SQLITE_CANTOPEN] should be returned. Since this is
+** handled as a fatal error by SQLite, vfs implementations should endeavor
+** to prevent this by setting mxPathname to a sufficiently large value.
+**
+** The xRandomness(), xSleep(), xCurrentTime(), and xCurrentTimeInt64()
+** interfaces are not strictly a part of the filesystem, but they are
+** included in the VFS structure for completeness.
+** The xRandomness() function attempts to return nBytes bytes
+** of good-quality randomness into zOut.  The return value is
+** the actual number of bytes of randomness obtained.
+** The xSleep() method causes the calling thread to sleep for at
+** least the number of microseconds given.  ^The xCurrentTime()
+** method returns a Julian Day Number for the current date and time as
+** a floating point value.
+** ^The xCurrentTimeInt64() method returns, as an integer, the Julian
+** Day Number multiplied by 86400000 (the number of milliseconds in 
+** a 24-hour day).  
+** ^SQLite will use the xCurrentTimeInt64() method to get the current
+** date and time if that method is available (if iVersion is 2 or 
+** greater and the function pointer is not NULL) and will fall back
+** to xCurrentTime() if xCurrentTimeInt64() is unavailable.
+**
+** ^The xSetSystemCall(), xGetSystemCall(), and xNestSystemCall() interfaces
+** are not used by the SQLite core.  These optional interfaces are provided
+** by some VFSes to facilitate testing of the VFS code. By overriding 
+** system calls with functions under its control, a test program can
+** simulate faults and error conditions that would otherwise be difficult
+** or impossible to induce.  The set of system calls that can be overridden
+** varies from one VFS to another, and from one version of the same VFS to the
+** next.  Applications that use these interfaces must be prepared for any
+** or all of these interfaces to be NULL or for their behavior to change
+** from one release to the next.  Applications must not attempt to access
+** any of these methods if the iVersion of the VFS is less than 3.
+*/
+typedef struct sqlite3_vfs sqlite3_vfs;
+typedef void (*sqlite3_syscall_ptr)(void);
+struct sqlite3_vfs {
+  int iVersion;            /* Structure version number (currently 3) */
+  int szOsFile;            /* Size of subclassed sqlite3_file */
+  int mxPathname;          /* Maximum file pathname length */
+  sqlite3_vfs *pNext;      /* Next registered VFS */
+  const char *zName;       /* Name of this virtual file system */
+  void *pAppData;          /* Pointer to application-specific data */
+  int (*xOpen)(sqlite3_vfs*, const char *zName, sqlite3_file*,
+               int flags, int *pOutFlags);
+  int (*xDelete)(sqlite3_vfs*, const char *zName, int syncDir);
+  int (*xAccess)(sqlite3_vfs*, const char *zName, int flags, int *pResOut);
+  int (*xFullPathname)(sqlite3_vfs*, const char *zName, int nOut, char *zOut);
+  void *(*xDlOpen)(sqlite3_vfs*, const char *zFilename);
+  void (*xDlError)(sqlite3_vfs*, int nByte, char *zErrMsg);
+  void (*(*xDlSym)(sqlite3_vfs*,void*, const char *zSymbol))(void);
+  void (*xDlClose)(sqlite3_vfs*, void*);
+  int (*xRandomness)(sqlite3_vfs*, int nByte, char *zOut);
+  int (*xSleep)(sqlite3_vfs*, int microseconds);
+  int (*xCurrentTime)(sqlite3_vfs*, double*);
+  int (*xGetLastError)(sqlite3_vfs*, int, char *);
+  /*
+  ** The methods above are in version 1 of the sqlite_vfs object
+  ** definition.  Those that follow are added in version 2 or later
+  */
+  int (*xCurrentTimeInt64)(sqlite3_vfs*, sqlite3_int64*);
+  /*
+  ** The methods above are in versions 1 and 2 of the sqlite_vfs object.
+  ** Those below are for version 3 and greater.
+  */
+  int (*xSetSystemCall)(sqlite3_vfs*, const char *zName, sqlite3_syscall_ptr);
+  sqlite3_syscall_ptr (*xGetSystemCall)(sqlite3_vfs*, const char *zName);
+  const char *(*xNextSystemCall)(sqlite3_vfs*, const char *zName);
+  /*
+  ** The methods above are in versions 1 through 3 of the sqlite_vfs object.
+  ** New fields may be appended in figure versions.  The iVersion
+  ** value will increment whenever this happens. 
+  */
+};
+
+/*
+** CAPI3REF: Flags for the xAccess VFS method
+**
+** These integer constants can be used as the third parameter to
+** the xAccess method of an [sqlite3_vfs] object.  They determine
+** what kind of permissions the xAccess method is looking for.
+** With SQLITE_ACCESS_EXISTS, the xAccess method
+** simply checks whether the file exists.
+** With SQLITE_ACCESS_READWRITE, the xAccess method
+** checks whether the named directory is both readable and writable
+** (in other words, if files can be added, removed, and renamed within
+** the directory).
+** The SQLITE_ACCESS_READWRITE constant is currently used only by the
+** [temp_store_directory pragma], though this could change in a future
+** release of SQLite.
+** With SQLITE_ACCESS_READ, the xAccess method
+** checks whether the file is readable.  The SQLITE_ACCESS_READ constant is
+** currently unused, though it might be used in a future release of
+** SQLite.
+*/
+#define SQLITE_ACCESS_EXISTS    0
+#define SQLITE_ACCESS_READWRITE 1   /* Used by PRAGMA temp_store_directory */
+#define SQLITE_ACCESS_READ      2   /* Unused */
+
+/*
+** CAPI3REF: Flags for the xShmLock VFS method
+**
+** These integer constants define the various locking operations
+** allowed by the xShmLock method of [sqlite3_io_methods].  The
+** following are the only legal combinations of flags to the
+** xShmLock method:
+**
+** <ul>
+** <li>  SQLITE_SHM_LOCK | SQLITE_SHM_SHARED
+** <li>  SQLITE_SHM_LOCK | SQLITE_SHM_EXCLUSIVE
+** <li>  SQLITE_SHM_UNLOCK | SQLITE_SHM_SHARED
+** <li>  SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE
+** </ul>
+**
+** When unlocking, the same SHARED or EXCLUSIVE flag must be supplied as
+** was given on the corresponding lock.  
+**
+** The xShmLock method can transition between unlocked and SHARED or
+** between unlocked and EXCLUSIVE.  It cannot transition between SHARED
+** and EXCLUSIVE.
+*/
+#define SQLITE_SHM_UNLOCK       1
+#define SQLITE_SHM_LOCK         2
+#define SQLITE_SHM_SHARED       4
+#define SQLITE_SHM_EXCLUSIVE    8
+
+/*
+** CAPI3REF: Maximum xShmLock index
+**
+** The xShmLock method on [sqlite3_io_methods] may use values
+** between 0 and this upper bound as its "offset" argument.
+** The SQLite core will never attempt to acquire or release a
+** lock outside of this range
+*/
+#define SQLITE_SHM_NLOCK        8
+
+
+/*
+** CAPI3REF: Initialize The SQLite Library
+**
+** ^The sqlite3_initialize() routine initializes the
+** SQLite library.  ^The sqlite3_shutdown() routine
+** deallocates any resources that were allocated by sqlite3_initialize().
+** These routines are designed to aid in process initialization and
+** shutdown on embedded systems.  Workstation applications using
+** SQLite normally do not need to invoke either of these routines.
+**
+** A call to sqlite3_initialize() is an "effective" call if it is
+** the first time sqlite3_initialize() is invoked during the lifetime of
+** the process, or if it is the first time sqlite3_initialize() is invoked
+** following a call to sqlite3_shutdown().  ^(Only an effective call
+** of sqlite3_initialize() does any initialization.  All other calls
+** are harmless no-ops.)^
+**
+** A call to sqlite3_shutdown() is an "effective" call if it is the first
+** call to sqlite3_shutdown() since the last sqlite3_initialize().  ^(Only
+** an effective call to sqlite3_shutdown() does any deinitialization.
+** All other valid calls to sqlite3_shutdown() are harmless no-ops.)^
+**
+** The sqlite3_initialize() interface is threadsafe, but sqlite3_shutdown()
+** is not.  The sqlite3_shutdown() interface must only be called from a
+** single thread.  All open [database connections] must be closed and all
+** other SQLite resources must be deallocated prior to invoking
+** sqlite3_shutdown().
+**
+** Among other things, ^sqlite3_initialize() will invoke
+** sqlite3_os_init().  Similarly, ^sqlite3_shutdown()
+** will invoke sqlite3_os_end().
+**
+** ^The sqlite3_initialize() routine returns [SQLITE_OK] on success.
+** ^If for some reason, sqlite3_initialize() is unable to initialize
+** the library (perhaps it is unable to allocate a needed resource such
+** as a mutex) it returns an [error code] other than [SQLITE_OK].
+**
+** ^The sqlite3_initialize() routine is called internally by many other
+** SQLite interfaces so that an application usually does not need to
+** invoke sqlite3_initialize() directly.  For example, [sqlite3_open()]
+** calls sqlite3_initialize() so the SQLite library will be automatically
+** initialized when [sqlite3_open()] is called if it has not be initialized
+** already.  ^However, if SQLite is compiled with the [SQLITE_OMIT_AUTOINIT]
+** compile-time option, then the automatic calls to sqlite3_initialize()
+** are omitted and the application must call sqlite3_initialize() directly
+** prior to using any other SQLite interface.  For maximum portability,
+** it is recommended that applications always invoke sqlite3_initialize()
+** directly prior to using any other SQLite interface.  Future releases
+** of SQLite may require this.  In other words, the behavior exhibited
+** when SQLite is compiled with [SQLITE_OMIT_AUTOINIT] might become the
+** default behavior in some future release of SQLite.
+**
+** The sqlite3_os_init() routine does operating-system specific
+** initialization of the SQLite library.  The sqlite3_os_end()
+** routine undoes the effect of sqlite3_os_init().  Typical tasks
+** performed by these routines include allocation or deallocation
+** of static resources, initialization of global variables,
+** setting up a default [sqlite3_vfs] module, or setting up
+** a default configuration using [sqlite3_config()].
+**
+** The application should never invoke either sqlite3_os_init()
+** or sqlite3_os_end() directly.  The application should only invoke
+** sqlite3_initialize() and sqlite3_shutdown().  The sqlite3_os_init()
+** interface is called automatically by sqlite3_initialize() and
+** sqlite3_os_end() is called by sqlite3_shutdown().  Appropriate
+** implementations for sqlite3_os_init() and sqlite3_os_end()
+** are built into SQLite when it is compiled for Unix, Windows, or OS/2.
+** When [custom builds | built for other platforms]
+** (using the [SQLITE_OS_OTHER=1] compile-time
+** option) the application must supply a suitable implementation for
+** sqlite3_os_init() and sqlite3_os_end().  An application-supplied
+** implementation of sqlite3_os_init() or sqlite3_os_end()
+** must return [SQLITE_OK] on success and some other [error code] upon
+** failure.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_initialize(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_shutdown(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_os_init(void);
+SQLITE_API int SQLITE_STDCALL sqlite3_os_end(void);
+
+/*
+** CAPI3REF: Configuring The SQLite Library
+**
+** The sqlite3_config() interface is used to make global configuration
+** changes to SQLite in order to tune SQLite to the specific needs of
+** the application.  The default configuration is recommended for most
+** applications and so this routine is usually not necessary.  It is
+** provided to support rare applications with unusual needs.
+**
+** <b>The sqlite3_config() interface is not threadsafe. The application
+** must ensure that no other SQLite interfaces are invoked by other
+** threads while sqlite3_config() is running.</b>
+**
+** The sqlite3_config() interface
+** may only be invoked prior to library initialization using
+** [sqlite3_initialize()] or after shutdown by [sqlite3_shutdown()].
+** ^If sqlite3_config() is called after [sqlite3_initialize()] and before
+** [sqlite3_shutdown()] then it will return SQLITE_MISUSE.
+** Note, however, that ^sqlite3_config() can be called as part of the
+** implementation of an application-defined [sqlite3_os_init()].
+**
+** The first argument to sqlite3_config() is an integer
+** [configuration option] that determines
+** what property of SQLite is to be configured.  Subsequent arguments
+** vary depending on the [configuration option]
+** in the first argument.
+**
+** ^When a configuration option is set, sqlite3_config() returns [SQLITE_OK].
+** ^If the option is unknown or SQLite is unable to set the option
+** then this routine returns a non-zero [error code].
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_config(int, ...);
+
+/*
+** CAPI3REF: Configure database connections
+** METHOD: sqlite3
+**
+** The sqlite3_db_config() interface is used to make configuration
+** changes to a [database connection].  The interface is similar to
+** [sqlite3_config()] except that the changes apply to a single
+** [database connection] (specified in the first argument).
+**
+** The second argument to sqlite3_db_config(D,V,...)  is the
+** [SQLITE_DBCONFIG_LOOKASIDE | configuration verb] - an integer code 
+** that indicates what aspect of the [database connection] is being configured.
+** Subsequent arguments vary depending on the configuration verb.
+**
+** ^Calls to sqlite3_db_config() return SQLITE_OK if and only if
+** the call is considered successful.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_db_config(sqlite3*, int op, ...);
+
+/*
+** CAPI3REF: Memory Allocation Routines
+**
+** An instance of this object defines the interface between SQLite
+** and low-level memory allocation routines.
+**
+** This object is used in only one place in the SQLite interface.
+** A pointer to an instance of this object is the argument to
+** [sqlite3_config()] when the configuration option is
+** [SQLITE_CONFIG_MALLOC] or [SQLITE_CONFIG_GETMALLOC].  
+** By creating an instance of this object
+** and passing it to [sqlite3_config]([SQLITE_CONFIG_MALLOC])
+** during configuration, an application can specify an alternative
+** memory allocation subsystem for SQLite to use for all of its
+** dynamic memory needs.
+**
+** Note that SQLite comes with several [built-in memory allocators]
+** that are perfectly adequate for the overwhelming majority of applications
+** and that this object is only useful to a tiny minority of applications
+** with specialized memory allocation requirements.  This object is
+** also used during testing of SQLite in order to specify an alternative
+** memory allocator that simulates memory out-of-memory conditions in
+** order to verify that SQLite recovers gracefully from such
+** conditions.
+**
+** The xMalloc, xRealloc, and xFree methods must work like the
+** malloc(), realloc() and free() functions from the standard C library.
+** ^SQLite guarantees that the second argument to
+** xRealloc is always a value returned by a prior call to xRoundup.
+**
+** xSize should return the allocated size of a memory allocation
+** previously obtained from xMalloc or xRealloc.  The allocated size
+** is always at least as big as the requested size but may be larger.
+**
+** The xRoundup method returns what would be the allocated size of
+** a memory allocation given a particular requested size.  Most memory
+** allocators round up memory allocations at least to the next multiple
+** of 8.  Some allocators round up to a larger multiple or to a power of 2.
+** Every memory allocation request coming in through [sqlite3_malloc()]
+** or [sqlite3_realloc()] first calls xRoundup.  If xRoundup returns 0, 
+** that causes the corresponding memory allocation to fail.
+**
+** The xInit method initializes the memory allocator.  For example,
+** it might allocate any require mutexes or initialize internal data
+** structures.  The xShutdown method is invoked (indirectly) by
+** [sqlite3_shutdown()] and should deallocate any resources acquired
+** by xInit.  The pAppData pointer is used as the only parameter to
+** xInit and xShutdown.
+**
+** SQLite holds the [SQLITE_MUTEX_STATIC_MASTER] mutex when it invokes
+** the xInit method, so the xInit method need not be threadsafe.  The
+** xShutdown method is only called from [sqlite3_shutdown()] so it does
+** not need to be threadsafe either.  For all other methods, SQLite
+** holds the [SQLITE_MUTEX_STATIC_MEM] mutex as long as the
+** [SQLITE_CONFIG_MEMSTATUS] configuration option is turned on (which
+** it is by default) and so the methods are automatically serialized.
+** However, if [SQLITE_CONFIG_MEMSTATUS] is disabled, then the other
+** methods must be threadsafe or else make their own arrangements for
+** serialization.
+**
+** SQLite will never invoke xInit() more than once without an intervening
+** call to xShutdown().
+*/
+typedef struct sqlite3_mem_methods sqlite3_mem_methods;
+struct sqlite3_mem_methods {
+  void *(*xMalloc)(int);         /* Memory allocation function */
+  void (*xFree)(void*);          /* Free a prior allocation */
+  void *(*xRealloc)(void*,int);  /* Resize an allocation */
+  int (*xSize)(void*);           /* Return the size of an allocation */
+  int (*xRoundup)(int);          /* Round up request size to allocation size */
+  int (*xInit)(void*);           /* Initialize the memory allocator */
+  void (*xShutdown)(void*);      /* Deinitialize the memory allocator */
+  void *pAppData;                /* Argument to xInit() and xShutdown() */
+};
+
+/*
+** CAPI3REF: Configuration Options
+** KEYWORDS: {configuration option}
+**
+** These constants are the available integer configuration options that
+** can be passed as the first argument to the [sqlite3_config()] interface.
+**
+** New configuration options may be added in future releases of SQLite.
+** Existing configuration options might be discontinued.  Applications
+** should check the return code from [sqlite3_config()] to make sure that
+** the call worked.  The [sqlite3_config()] interface will return a
+** non-zero [error code] if a discontinued or unsupported configuration option
+** is invoked.
+**
+** <dl>
+** [[SQLITE_CONFIG_SINGLETHREAD]] <dt>SQLITE_CONFIG_SINGLETHREAD</dt>
+** <dd>There are no arguments to this option.  ^This option sets the
+** [threading mode] to Single-thread.  In other words, it disables
+** all mutexing and puts SQLite into a mode where it can only be used
+** by a single thread.   ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** it is not possible to change the [threading mode] from its default
+** value of Single-thread and so [sqlite3_config()] will return 
+** [SQLITE_ERROR] if called with the SQLITE_CONFIG_SINGLETHREAD
+** configuration option.</dd>
+**
+** [[SQLITE_CONFIG_MULTITHREAD]] <dt>SQLITE_CONFIG_MULTITHREAD</dt>
+** <dd>There are no arguments to this option.  ^This option sets the
+** [threading mode] to Multi-thread.  In other words, it disables
+** mutexing on [database connection] and [prepared statement] objects.
+** The application is responsible for serializing access to
+** [database connections] and [prepared statements].  But other mutexes
+** are enabled so that SQLite will be safe to use in a multi-threaded
+** environment as long as no two threads attempt to use the same
+** [database connection] at the same time.  ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** it is not possible to set the Multi-thread [threading mode] and
+** [sqlite3_config()] will return [SQLITE_ERROR] if called with the
+** SQLITE_CONFIG_MULTITHREAD configuration option.</dd>
+**
+** [[SQLITE_CONFIG_SERIALIZED]] <dt>SQLITE_CONFIG_SERIALIZED</dt>
+** <dd>There are no arguments to this option.  ^This option sets the
+** [threading mode] to Serialized. In other words, this option enables
+** all mutexes including the recursive
+** mutexes on [database connection] and [prepared statement] objects.
+** In this mode (which is the default when SQLite is compiled with
+** [SQLITE_THREADSAFE=1]) the SQLite library will itself serialize access
+** to [database connections] and [prepared statements] so that the
+** application is free to use the same [database connection] or the
+** same [prepared statement] in different threads at the same time.
+** ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** it is not possible to set the Serialized [threading mode] and
+** [sqlite3_config()] will return [SQLITE_ERROR] if called with the
+** SQLITE_CONFIG_SERIALIZED configuration option.</dd>
+**
+** [[SQLITE_CONFIG_MALLOC]] <dt>SQLITE_CONFIG_MALLOC</dt>
+** <dd> ^(The SQLITE_CONFIG_MALLOC option takes a single argument which is 
+** a pointer to an instance of the [sqlite3_mem_methods] structure.
+** The argument specifies
+** alternative low-level memory allocation routines to be used in place of
+** the memory allocation routines built into SQLite.)^ ^SQLite makes
+** its own private copy of the content of the [sqlite3_mem_methods] structure
+** before the [sqlite3_config()] call returns.</dd>
+**
+** [[SQLITE_CONFIG_GETMALLOC]] <dt>SQLITE_CONFIG_GETMALLOC</dt>
+** <dd> ^(The SQLITE_CONFIG_GETMALLOC option takes a single argument which
+** is a pointer to an instance of the [sqlite3_mem_methods] structure.
+** The [sqlite3_mem_methods]
+** structure is filled with the currently defined memory allocation routines.)^
+** This option can be used to overload the default memory allocation
+** routines with a wrapper that simulations memory allocation failure or
+** tracks memory usage, for example. </dd>
+**
+** [[SQLITE_CONFIG_MEMSTATUS]] <dt>SQLITE_CONFIG_MEMSTATUS</dt>
+** <dd> ^The SQLITE_CONFIG_MEMSTATUS option takes single argument of type int,
+** interpreted as a boolean, which enables or disables the collection of
+** memory allocation statistics. ^(When memory allocation statistics are
+** disabled, the following SQLite interfaces become non-operational:
+**   <ul>
+**   <li> [sqlite3_memory_used()]
+**   <li> [sqlite3_memory_highwater()]
+**   <li> [sqlite3_soft_heap_limit64()]
+**   <li> [sqlite3_status64()]
+**   </ul>)^
+** ^Memory allocation statistics are enabled by default unless SQLite is
+** compiled with [SQLITE_DEFAULT_MEMSTATUS]=0 in which case memory
+** allocation statistics are disabled by default.
+** </dd>
+**
+** [[SQLITE_CONFIG_SCRATCH]] <dt>SQLITE_CONFIG_SCRATCH</dt>
+** <dd> ^The SQLITE_CONFIG_SCRATCH option specifies a static memory buffer
+** that SQLite can use for scratch memory.  ^(There are three arguments
+** to SQLITE_CONFIG_SCRATCH:  A pointer an 8-byte
+** aligned memory buffer from which the scratch allocations will be
+** drawn, the size of each scratch allocation (sz),
+** and the maximum number of scratch allocations (N).)^
+** The first argument must be a pointer to an 8-byte aligned buffer
+** of at least sz*N bytes of memory.
+** ^SQLite will not use more than one scratch buffers per thread.
+** ^SQLite will never request a scratch buffer that is more than 6
+** times the database page size.
+** ^If SQLite needs needs additional
+** scratch memory beyond what is provided by this configuration option, then 
+** [sqlite3_malloc()] will be used to obtain the memory needed.<p>
+** ^When the application provides any amount of scratch memory using
+** SQLITE_CONFIG_SCRATCH, SQLite avoids unnecessary large
+** [sqlite3_malloc|heap allocations].
+** This can help [Robson proof|prevent memory allocation failures] due to heap
+** fragmentation in low-memory embedded systems.
+** </dd>
+**
+** [[SQLITE_CONFIG_PAGECACHE]] <dt>SQLITE_CONFIG_PAGECACHE</dt>
+** <dd> ^The SQLITE_CONFIG_PAGECACHE option specifies a memory pool
+** that SQLite can use for the database page cache with the default page
+** cache implementation.  
+** This configuration option is a no-op if an application-define page
+** cache implementation is loaded using the [SQLITE_CONFIG_PCACHE2].
+** ^There are three arguments to SQLITE_CONFIG_PAGECACHE: A pointer to
+** 8-byte aligned memory (pMem), the size of each page cache line (sz),
+** and the number of cache lines (N).
+** The sz argument should be the size of the largest database page
+** (a power of two between 512 and 65536) plus some extra bytes for each
+** page header.  ^The number of extra bytes needed by the page header
+** can be determined using [SQLITE_CONFIG_PCACHE_HDRSZ].
+** ^It is harmless, apart from the wasted memory,
+** for the sz parameter to be larger than necessary.  The pMem
+** argument must be either a NULL pointer or a pointer to an 8-byte
+** aligned block of memory of at least sz*N bytes, otherwise
+** subsequent behavior is undefined.
+** ^When pMem is not NULL, SQLite will strive to use the memory provided
+** to satisfy page cache needs, falling back to [sqlite3_malloc()] if
+** a page cache line is larger than sz bytes or if all of the pMem buffer
+** is exhausted.
+** ^If pMem is NULL and N is non-zero, then each database connection
+** does an initial bulk allocation for page cache memory
+** from [sqlite3_malloc()] sufficient for N cache lines if N is positive or
+** of -1024*N bytes if N is negative, . ^If additional
+** page cache memory is needed beyond what is provided by the initial
+** allocation, then SQLite goes to [sqlite3_malloc()] separately for each
+** additional cache line. </dd>
+**
+** [[SQLITE_CONFIG_HEAP]] <dt>SQLITE_CONFIG_HEAP</dt>
+** <dd> ^The SQLITE_CONFIG_HEAP option specifies a static memory buffer 
+** that SQLite will use for all of its dynamic memory allocation needs
+** beyond those provided for by [SQLITE_CONFIG_SCRATCH] and
+** [SQLITE_CONFIG_PAGECACHE].
+** ^The SQLITE_CONFIG_HEAP option is only available if SQLite is compiled
+** with either [SQLITE_ENABLE_MEMSYS3] or [SQLITE_ENABLE_MEMSYS5] and returns
+** [SQLITE_ERROR] if invoked otherwise.
+** ^There are three arguments to SQLITE_CONFIG_HEAP:
+** An 8-byte aligned pointer to the memory,
+** the number of bytes in the memory buffer, and the minimum allocation size.
+** ^If the first pointer (the memory pointer) is NULL, then SQLite reverts
+** to using its default memory allocator (the system malloc() implementation),
+** undoing any prior invocation of [SQLITE_CONFIG_MALLOC].  ^If the
+** memory pointer is not NULL then the alternative memory
+** allocator is engaged to handle all of SQLites memory allocation needs.
+** The first pointer (the memory pointer) must be aligned to an 8-byte
+** boundary or subsequent behavior of SQLite will be undefined.
+** The minimum allocation size is capped at 2**12. Reasonable values
+** for the minimum allocation size are 2**5 through 2**8.</dd>
+**
+** [[SQLITE_CONFIG_MUTEX]] <dt>SQLITE_CONFIG_MUTEX</dt>
+** <dd> ^(The SQLITE_CONFIG_MUTEX option takes a single argument which is a
+** pointer to an instance of the [sqlite3_mutex_methods] structure.
+** The argument specifies alternative low-level mutex routines to be used
+** in place the mutex routines built into SQLite.)^  ^SQLite makes a copy of
+** the content of the [sqlite3_mutex_methods] structure before the call to
+** [sqlite3_config()] returns. ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** the entire mutexing subsystem is omitted from the build and hence calls to
+** [sqlite3_config()] with the SQLITE_CONFIG_MUTEX configuration option will
+** return [SQLITE_ERROR].</dd>
+**
+** [[SQLITE_CONFIG_GETMUTEX]] <dt>SQLITE_CONFIG_GETMUTEX</dt>
+** <dd> ^(The SQLITE_CONFIG_GETMUTEX option takes a single argument which
+** is a pointer to an instance of the [sqlite3_mutex_methods] structure.  The
+** [sqlite3_mutex_methods]
+** structure is filled with the currently defined mutex routines.)^
+** This option can be used to overload the default mutex allocation
+** routines with a wrapper used to track mutex usage for performance
+** profiling or testing, for example.   ^If SQLite is compiled with
+** the [SQLITE_THREADSAFE | SQLITE_THREADSAFE=0] compile-time option then
+** the entire mutexing subsystem is omitted from the build and hence calls to
+** [sqlite3_config()] with the SQLITE_CONFIG_GETMUTEX configuration option will
+** return [SQLITE_ERROR].</dd>
+**
+** [[SQLITE_CONFIG_LOOKASIDE]] <dt>SQLITE_CONFIG_LOOKASIDE</dt>
+** <dd> ^(The SQLITE_CONFIG_LOOKASIDE option takes two arguments that determine
+** the default size of lookaside memory on each [database connection].
+** The first argument is the
+** size of each lookaside buffer slot and the second is the number of
+** slots allocated to each database connection.)^  ^(SQLITE_CONFIG_LOOKASIDE
+** sets the <i>default</i> lookaside size. The [SQLITE_DBCONFIG_LOOKASIDE]
+** option to [sqlite3_db_config()] can be used to change the lookaside
+** configuration on individual connections.)^ </dd>
+**
+** [[SQLITE_CONFIG_PCACHE2]] <dt>SQLITE_CONFIG_PCACHE2</dt>
+** <dd> ^(The SQLITE_CONFIG_PCACHE2 option takes a single argument which is 
+** a pointer to an [sqlite3_pcache_methods2] object.  This object specifies
+** the interface to a custom page cache implementation.)^
+** ^SQLite makes a copy of the [sqlite3_pcache_methods2] object.</dd>
+**
+** [[SQLITE_CONFIG_GETPCACHE2]] <dt>SQLITE_CONFIG_GETPCACHE2</dt>
+** <dd> ^(The SQLITE_CONFIG_GETPCACHE2 option takes a single argument which
+** is a pointer to an [sqlite3_pcache_methods2] object.  SQLite copies of
+** the current page cache implementation into that object.)^ </dd>
+**
+** [[SQLITE_CONFIG_LOG]] <dt>SQLITE_CONFIG_LOG</dt>
+** <dd> The SQLITE_CONFIG_LOG option is used to configure the SQLite
+** global [error log].
+** (^The SQLITE_CONFIG_LOG option takes two arguments: a pointer to a
+** function with a call signature of void(*)(void*,int,const char*), 
+** and a pointer to void. ^If the function pointer is not NULL, it is
+** invoked by [sqlite3_log()] to process each logging event.  ^If the
+** function pointer is NULL, the [sqlite3_log()] interface becomes a no-op.
+** ^The void pointer that is the second argument to SQLITE_CONFIG_LOG is
+** passed through as the first parameter to the application-defined logger
+** function whenever that function is invoked.  ^The second parameter to
+** the logger function is a copy of the first parameter to the corresponding
+** [sqlite3_log()] call and is intended to be a [result code] or an
+** [extended result code].  ^The third parameter passed to the logger is
+** log message after formatting via [sqlite3_snprintf()].
+** The SQLite logging interface is not reentrant; the logger function
+** supplied by the application must not invoke any SQLite interface.
+** In a multi-threaded application, the application-defined logger
+** function must be threadsafe. </dd>
+**
+** [[SQLITE_CONFIG_URI]] <dt>SQLITE_CONFIG_URI
+** <dd>^(The SQLITE_CONFIG_URI option takes a single argument of type int.
+** If non-zero, then URI handling is globally enabled. If the parameter is zero,
+** then URI handling is globally disabled.)^ ^If URI handling is globally
+** enabled, all filenames passed to [sqlite3_open()], [sqlite3_open_v2()],
+** [sqlite3_open16()] or
+** specified as part of [ATTACH] commands are interpreted as URIs, regardless
+** of whether or not the [SQLITE_OPEN_URI] flag is set when the database
+** connection is opened. ^If it is globally disabled, filenames are
+** only interpreted as URIs if the SQLITE_OPEN_URI flag is set when the
+** database connection is opened. ^(By default, URI handling is globally
+** disabled. The default value may be changed by compiling with the
+** [SQLITE_USE_URI] symbol defined.)^
+**
+** [[SQLITE_CONFIG_COVERING_INDEX_SCAN]] <dt>SQLITE_CONFIG_COVERING_INDEX_SCAN
+** <dd>^The SQLITE_CONFIG_COVERING_INDEX_SCAN option takes a single integer
+** argument which is interpreted as a boolean in order to enable or disable
+** the use of covering indices for full table scans in the query optimizer.
+** ^The default setting is determined
+** by the [SQLITE_ALLOW_COVERING_INDEX_SCAN] compile-time option, or is "on"
+** if that compile-time option is omitted.
+** The ability to disable the use of covering indices for full table scans
+** is because some incorrectly coded legacy applications might malfunction
+** when the optimization is enabled.  Providing the ability to
+** disable the optimization allows the older, buggy application code to work
+** without change even with newer versions of SQLite.
+**
+** [[SQLITE_CONFIG_PCACHE]] [[SQLITE_CONFIG_GETPCACHE]]
+** <dt>SQLITE_CONFIG_PCACHE and SQLITE_CONFIG_GETPCACHE
+** <dd> These options are obsolete and should not be used by new code.
+** They are retained for backwards compatibility but are now no-ops.
+** </dd>
+**
+** [[SQLITE_CONFIG_SQLLOG]]
+** <dt>SQLITE_CONFIG_SQLLOG
+** <dd>This option is only available if sqlite is compiled with the
+** [SQLITE_ENABLE_SQLLOG] pre-processor macro defined. The first argument should
+** be a pointer to a function of type void(*)(void*,sqlite3*,const char*, int).
+** The second should be of type (void*). The callback is invoked by the library
+** in three separate circumstances, identified by the value passed as the
+** fourth parameter. If the fourth parameter is 0, then the database connection
+** passed as the second argument has just been opened. The third argument
+** points to a buffer containing the name of the main database file. If the
+** fourth parameter is 1, then the SQL statement that the third parameter
+** points to has just been executed. Or, if the fourth parameter is 2, then
+** the connection being passed as the second parameter is being closed. The
+** third parameter is passed NULL In this case.  An example of using this
+** configuration option can be seen in the "test_sqllog.c" source file in
+** the canonical SQLite source tree.</dd>
+**
+** [[SQLITE_CONFIG_MMAP_SIZE]]
+** <dt>SQLITE_CONFIG_MMAP_SIZE
+** <dd>^SQLITE_CONFIG_MMAP_SIZE takes two 64-bit integer (sqlite3_int64) values
+** that are the default mmap size limit (the default setting for
+** [PRAGMA mmap_size]) and the maximum allowed mmap size limit.
+** ^The default setting can be overridden by each database connection using
+** either the [PRAGMA mmap_size] command, or by using the
+** [SQLITE_FCNTL_MMAP_SIZE] file control.  ^(The maximum allowed mmap size
+** will be silently truncated if necessary so that it does not exceed the
+** compile-time maximum mmap size set by the
+** [SQLITE_MAX_MMAP_SIZE] compile-time option.)^
+** ^If either argument to this option is negative, then that argument is
+** changed to its compile-time default.
+**
+** [[SQLITE_CONFIG_WIN32_HEAPSIZE]]
+** <dt>SQLITE_CONFIG_WIN32_HEAPSIZE
+** <dd>^The SQLITE_CONFIG_WIN32_HEAPSIZE option is only available if SQLite is
+** compiled for Windows with the [SQLITE_WIN32_MALLOC] pre-processor macro
+** defined. ^SQLITE_CONFIG_WIN32_HEAPSIZE takes a 32-bit unsigned integer value
+** that specifies the maximum size of the created heap.
+**
+** [[SQLITE_CONFIG_PCACHE_HDRSZ]]
+** <dt>SQLITE_CONFIG_PCACHE_HDRSZ
+** <dd>^The SQLITE_CONFIG_PCACHE_HDRSZ option takes a single parameter which
+** is a pointer to an integer and writes into that integer the number of extra
+** bytes per page required for each page in [SQLITE_CONFIG_PAGECACHE].
+** The amount of extra space required can change depending on the compiler,
+** target platform, and SQLite version.
+**
+** [[SQLITE_CONFIG_PMASZ]]
+** <dt>SQLITE_CONFIG_PMASZ
+** <dd>^The SQLITE_CONFIG_PMASZ option takes a single parameter which
+** is an unsigned integer and sets the "Minimum PMA Size" for the multithreaded
+** sorter to that integer.  The default minimum PMA Size is set by the
+** [SQLITE_SORTER_PMASZ] compile-time option.  New threads are launched
+** to help with sort operations when multithreaded sorting
+** is enabled (using the [PRAGMA threads] command) and the amount of content
+** to be sorted exceeds the page size times the minimum of the
+** [PRAGMA cache_size] setting and this value.
+** </dl>
+*/
+#define SQLITE_CONFIG_SINGLETHREAD  1  /* nil */
+#define SQLITE_CONFIG_MULTITHREAD   2  /* nil */
+#define SQLITE_CONFIG_SERIALIZED    3  /* nil */
+#define SQLITE_CONFIG_MALLOC        4  /* sqlite3_mem_methods* */
+#define SQLITE_CONFIG_GETMALLOC     5  /* sqlite3_mem_methods* */
+#define SQLITE_CONFIG_SCRATCH       6  /* void*, int sz, int N */
+#define SQLITE_CONFIG_PAGECACHE     7  /* void*, int sz, int N */
+#define SQLITE_CONFIG_HEAP          8  /* void*, int nByte, int min */
+#define SQLITE_CONFIG_MEMSTATUS     9  /* boolean */
+#define SQLITE_CONFIG_MUTEX        10  /* sqlite3_mutex_methods* */
+#define SQLITE_CONFIG_GETMUTEX     11  /* sqlite3_mutex_methods* */
+/* previously SQLITE_CONFIG_CHUNKALLOC 12 which is now unused. */ 
+#define SQLITE_CONFIG_LOOKASIDE    13  /* int int */
+#define SQLITE_CONFIG_PCACHE       14  /* no-op */
+#define SQLITE_CONFIG_GETPCACHE    15  /* no-op */
+#define SQLITE_CONFIG_LOG          16  /* xFunc, void* */
+#define SQLITE_CONFIG_URI          17  /* int */
+#define SQLITE_CONFIG_PCACHE2      18  /* sqlite3_pcache_methods2* */
+#define SQLITE_CONFIG_GETPCACHE2   19  /* sqlite3_pcache_methods2* */
+#define SQLITE_CONFIG_COVERING_INDEX_SCAN 20  /* int */
+#define SQLITE_CONFIG_SQLLOG       21  /* xSqllog, void* */
+#define SQLITE_CONFIG_MMAP_SIZE    22  /* sqlite3_int64, sqlite3_int64 */
+#define SQLITE_CONFIG_WIN32_HEAPSIZE      23  /* int nByte */
+#define SQLITE_CONFIG_PCACHE_HDRSZ        24  /* int *psz */
+#define SQLITE_CONFIG_PMASZ               25  /* unsigned int szPma */
+
+/*
+** CAPI3REF: Database Connection Configuration Options
+**
+** These constants are the available integer configuration options that
+** can be passed as the second argument to the [sqlite3_db_config()] interface.
+**
+** New configuration options may be added in future releases of SQLite.
+** Existing configuration options might be discontinued.  Applications
+** should check the return code from [sqlite3_db_config()] to make sure that
+** the call worked.  ^The [sqlite3_db_config()] interface will return a
+** non-zero [error code] if a discontinued or unsupported configuration option
+** is invoked.
+**
+** <dl>
+** <dt>SQLITE_DBCONFIG_LOOKASIDE</dt>
+** <dd> ^This option takes three additional arguments that determine the 
+** [lookaside memory allocator] configuration for the [database connection].
+** ^The first argument (the third parameter to [sqlite3_db_config()] is a
+** pointer to a memory buffer to use for lookaside memory.
+** ^The first argument after the SQLITE_DBCONFIG_LOOKASIDE verb
+** may be NULL in which case SQLite will allocate the
+** lookaside buffer itself using [sqlite3_malloc()]. ^The second argument is the
+** size of each lookaside buffer slot.  ^The third argument is the number of
+** slots.  The size of the buffer in the first argument must be greater than
+** or equal to the product of the second and third arguments.  The buffer
+** must be aligned to an 8-byte boundary.  ^If the second argument to
+** SQLITE_DBCONFIG_LOOKASIDE is not a multiple of 8, it is internally
+** rounded down to the next smaller multiple of 8.  ^(The lookaside memory
+** configuration for a database connection can only be changed when that
+** connection is not currently using lookaside memory, or in other words
+** when the "current value" returned by
+** [sqlite3_db_status](D,[SQLITE_CONFIG_LOOKASIDE],...) is zero.
+** Any attempt to change the lookaside memory configuration when lookaside
+** memory is in use leaves the configuration unchanged and returns 
+** [SQLITE_BUSY].)^</dd>
+**
+** <dt>SQLITE_DBCONFIG_ENABLE_FKEY</dt>
+** <dd> ^This option is used to enable or disable the enforcement of
+** [foreign key constraints].  There should be two additional arguments.
+** The first argument is an integer which is 0 to disable FK enforcement,
+** positive to enable FK enforcement or negative to leave FK enforcement
+** unchanged.  The second parameter is a pointer to an integer into which
+** is written 0 or 1 to indicate whether FK enforcement is off or on
+** following this call.  The second parameter may be a NULL pointer, in
+** which case the FK enforcement setting is not reported back. </dd>
+**
+** <dt>SQLITE_DBCONFIG_ENABLE_TRIGGER</dt>
+** <dd> ^This option is used to enable or disable [CREATE TRIGGER | triggers].
+** There should be two additional arguments.
+** The first argument is an integer which is 0 to disable triggers,
+** positive to enable triggers or negative to leave the setting unchanged.
+** The second parameter is a pointer to an integer into which
+** is written 0 or 1 to indicate whether triggers are disabled or enabled
+** following this call.  The second parameter may be a NULL pointer, in
+** which case the trigger setting is not reported back. </dd>
+**
+** </dl>
+*/
+#define SQLITE_DBCONFIG_LOOKASIDE       1001  /* void* int int */
+#define SQLITE_DBCONFIG_ENABLE_FKEY     1002  /* int int* */
+#define SQLITE_DBCONFIG_ENABLE_TRIGGER  1003  /* int int* */
+
+
+/*
+** CAPI3REF: Enable Or Disable Extended Result Codes
+** METHOD: sqlite3
+**
+** ^The sqlite3_extended_result_codes() routine enables or disables the
+** [extended result codes] feature of SQLite. ^The extended result
+** codes are disabled by default for historical compatibility.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_extended_result_codes(sqlite3*, int onoff);
+
+/*
+** CAPI3REF: Last Insert Rowid
+** METHOD: sqlite3
+**
+** ^Each entry in most SQLite tables (except for [WITHOUT ROWID] tables)
+** has a unique 64-bit signed
+** integer key called the [ROWID | "rowid"]. ^The rowid is always available
+** as an undeclared column named ROWID, OID, or _ROWID_ as long as those
+** names are not also used by explicitly declared columns. ^If
+** the table has a column of type [INTEGER PRIMARY KEY] then that column
+** is another alias for the rowid.
+**
+** ^The sqlite3_last_insert_rowid(D) interface returns the [rowid] of the 
+** most recent successful [INSERT] into a rowid table or [virtual table]
+** on database connection D.
+** ^Inserts into [WITHOUT ROWID] tables are not recorded.
+** ^If no successful [INSERT]s into rowid tables
+** have ever occurred on the database connection D, 
+** then sqlite3_last_insert_rowid(D) returns zero.
+**
+** ^(If an [INSERT] occurs within a trigger or within a [virtual table]
+** method, then this routine will return the [rowid] of the inserted
+** row as long as the trigger or virtual table method is running.
+** But once the trigger or virtual table method ends, the value returned 
+** by this routine reverts to what it was before the trigger or virtual
+** table method began.)^
+**
+** ^An [INSERT] that fails due to a constraint violation is not a
+** successful [INSERT] and does not change the value returned by this
+** routine.  ^Thus INSERT OR FAIL, INSERT OR IGNORE, INSERT OR ROLLBACK,
+** and INSERT OR ABORT make no changes to the return value of this
+** routine when their insertion fails.  ^(When INSERT OR REPLACE
+** encounters a constraint violation, it does not fail.  The
+** INSERT continues to completion after deleting rows that caused
+** the constraint problem so INSERT OR REPLACE will always change
+** the return value of this interface.)^
+**
+** ^For the purposes of this routine, an [INSERT] is considered to
+** be successful even if it is subsequently rolled back.
+**
+** This function is accessible to SQL statements via the
+** [last_insert_rowid() SQL function].
+**
+** If a separate thread performs a new [INSERT] on the same
+** database connection while the [sqlite3_last_insert_rowid()]
+** function is running and thus changes the last insert [rowid],
+** then the value returned by [sqlite3_last_insert_rowid()] is
+** unpredictable and might not equal either the old or the new
+** last insert [rowid].
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_last_insert_rowid(sqlite3*);
+
+/*
+** CAPI3REF: Count The Number Of Rows Modified
+** METHOD: sqlite3
+**
+** ^This function returns the number of rows modified, inserted or
+** deleted by the most recently completed INSERT, UPDATE or DELETE
+** statement on the database connection specified by the only parameter.
+** ^Executing any other type of SQL statement does not modify the value
+** returned by this function.
+**
+** ^Only changes made directly by the INSERT, UPDATE or DELETE statement are
+** considered - auxiliary changes caused by [CREATE TRIGGER | triggers], 
+** [foreign key actions] or [REPLACE] constraint resolution are not counted.
+** 
+** Changes to a view that are intercepted by 
+** [INSTEAD OF trigger | INSTEAD OF triggers] are not counted. ^The value 
+** returned by sqlite3_changes() immediately after an INSERT, UPDATE or 
+** DELETE statement run on a view is always zero. Only changes made to real 
+** tables are counted.
+**
+** Things are more complicated if the sqlite3_changes() function is
+** executed while a trigger program is running. This may happen if the
+** program uses the [changes() SQL function], or if some other callback
+** function invokes sqlite3_changes() directly. Essentially:
+** 
+** <ul>
+**   <li> ^(Before entering a trigger program the value returned by
+**        sqlite3_changes() function is saved. After the trigger program 
+**        has finished, the original value is restored.)^
+** 
+**   <li> ^(Within a trigger program each INSERT, UPDATE and DELETE 
+**        statement sets the value returned by sqlite3_changes() 
+**        upon completion as normal. Of course, this value will not include 
+**        any changes performed by sub-triggers, as the sqlite3_changes() 
+**        value will be saved and restored after each sub-trigger has run.)^
+** </ul>
+** 
+** ^This means that if the changes() SQL function (or similar) is used
+** by the first INSERT, UPDATE or DELETE statement within a trigger, it 
+** returns the value as set when the calling statement began executing.
+** ^If it is used by the second or subsequent such statement within a trigger 
+** program, the value returned reflects the number of rows modified by the 
+** previous INSERT, UPDATE or DELETE statement within the same trigger.
+**
+** See also the [sqlite3_total_changes()] interface, the
+** [count_changes pragma], and the [changes() SQL function].
+**
+** If a separate thread makes changes on the same database connection
+** while [sqlite3_changes()] is running then the value returned
+** is unpredictable and not meaningful.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_changes(sqlite3*);
+
+/*
+** CAPI3REF: Total Number Of Rows Modified
+** METHOD: sqlite3
+**
+** ^This function returns the total number of rows inserted, modified or
+** deleted by all [INSERT], [UPDATE] or [DELETE] statements completed
+** since the database connection was opened, including those executed as
+** part of trigger programs. ^Executing any other type of SQL statement
+** does not affect the value returned by sqlite3_total_changes().
+** 
+** ^Changes made as part of [foreign key actions] are included in the
+** count, but those made as part of REPLACE constraint resolution are
+** not. ^Changes to a view that are intercepted by INSTEAD OF triggers 
+** are not counted.
+** 
+** See also the [sqlite3_changes()] interface, the
+** [count_changes pragma], and the [total_changes() SQL function].
+**
+** If a separate thread makes changes on the same database connection
+** while [sqlite3_total_changes()] is running then the value
+** returned is unpredictable and not meaningful.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_total_changes(sqlite3*);
+
+/*
+** CAPI3REF: Interrupt A Long-Running Query
+** METHOD: sqlite3
+**
+** ^This function causes any pending database operation to abort and
+** return at its earliest opportunity. This routine is typically
+** called in response to a user action such as pressing "Cancel"
+** or Ctrl-C where the user wants a long query operation to halt
+** immediately.
+**
+** ^It is safe to call this routine from a thread different from the
+** thread that is currently running the database operation.  But it
+** is not safe to call this routine with a [database connection] that
+** is closed or might close before sqlite3_interrupt() returns.
+**
+** ^If an SQL operation is very nearly finished at the time when
+** sqlite3_interrupt() is called, then it might not have an opportunity
+** to be interrupted and might continue to completion.
+**
+** ^An SQL operation that is interrupted will return [SQLITE_INTERRUPT].
+** ^If the interrupted SQL operation is an INSERT, UPDATE, or DELETE
+** that is inside an explicit transaction, then the entire transaction
+** will be rolled back automatically.
+**
+** ^The sqlite3_interrupt(D) call is in effect until all currently running
+** SQL statements on [database connection] D complete.  ^Any new SQL statements
+** that are started after the sqlite3_interrupt() call and before the 
+** running statements reaches zero are interrupted as if they had been
+** running prior to the sqlite3_interrupt() call.  ^New SQL statements
+** that are started after the running statement count reaches zero are
+** not effected by the sqlite3_interrupt().
+** ^A call to sqlite3_interrupt(D) that occurs when there are no running
+** SQL statements is a no-op and has no effect on SQL statements
+** that are started after the sqlite3_interrupt() call returns.
+**
+** If the database connection closes while [sqlite3_interrupt()]
+** is running then bad things will likely happen.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_interrupt(sqlite3*);
+
+/*
+** CAPI3REF: Determine If An SQL Statement Is Complete
+**
+** These routines are useful during command-line input to determine if the
+** currently entered text seems to form a complete SQL statement or
+** if additional input is needed before sending the text into
+** SQLite for parsing.  ^These routines return 1 if the input string
+** appears to be a complete SQL statement.  ^A statement is judged to be
+** complete if it ends with a semicolon token and is not a prefix of a
+** well-formed CREATE TRIGGER statement.  ^Semicolons that are embedded within
+** string literals or quoted identifier names or comments are not
+** independent tokens (they are part of the token in which they are
+** embedded) and thus do not count as a statement terminator.  ^Whitespace
+** and comments that follow the final semicolon are ignored.
+**
+** ^These routines return 0 if the statement is incomplete.  ^If a
+** memory allocation fails, then SQLITE_NOMEM is returned.
+**
+** ^These routines do not parse the SQL statements thus
+** will not detect syntactically incorrect SQL.
+**
+** ^(If SQLite has not been initialized using [sqlite3_initialize()] prior 
+** to invoking sqlite3_complete16() then sqlite3_initialize() is invoked
+** automatically by sqlite3_complete16().  If that initialization fails,
+** then the return value from sqlite3_complete16() will be non-zero
+** regardless of whether or not the input SQL is complete.)^
+**
+** The input to [sqlite3_complete()] must be a zero-terminated
+** UTF-8 string.
+**
+** The input to [sqlite3_complete16()] must be a zero-terminated
+** UTF-16 string in native byte order.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_complete(const char *sql);
+SQLITE_API int SQLITE_STDCALL sqlite3_complete16(const void *sql);
+
+/*
+** CAPI3REF: Register A Callback To Handle SQLITE_BUSY Errors
+** KEYWORDS: {busy-handler callback} {busy handler}
+** METHOD: sqlite3
+**
+** ^The sqlite3_busy_handler(D,X,P) routine sets a callback function X
+** that might be invoked with argument P whenever
+** an attempt is made to access a database table associated with
+** [database connection] D when another thread
+** or process has the table locked.
+** The sqlite3_busy_handler() interface is used to implement
+** [sqlite3_busy_timeout()] and [PRAGMA busy_timeout].
+**
+** ^If the busy callback is NULL, then [SQLITE_BUSY]
+** is returned immediately upon encountering the lock.  ^If the busy callback
+** is not NULL, then the callback might be invoked with two arguments.
+**
+** ^The first argument to the busy handler is a copy of the void* pointer which
+** is the third argument to sqlite3_busy_handler().  ^The second argument to
+** the busy handler callback is the number of times that the busy handler has
+** been invoked previously for the same locking event.  ^If the
+** busy callback returns 0, then no additional attempts are made to
+** access the database and [SQLITE_BUSY] is returned
+** to the application.
+** ^If the callback returns non-zero, then another attempt
+** is made to access the database and the cycle repeats.
+**
+** The presence of a busy handler does not guarantee that it will be invoked
+** when there is lock contention. ^If SQLite determines that invoking the busy
+** handler could result in a deadlock, it will go ahead and return [SQLITE_BUSY]
+** to the application instead of invoking the 
+** busy handler.
+** Consider a scenario where one process is holding a read lock that
+** it is trying to promote to a reserved lock and
+** a second process is holding a reserved lock that it is trying
+** to promote to an exclusive lock.  The first process cannot proceed
+** because it is blocked by the second and the second process cannot
+** proceed because it is blocked by the first.  If both processes
+** invoke the busy handlers, neither will make any progress.  Therefore,
+** SQLite returns [SQLITE_BUSY] for the first process, hoping that this
+** will induce the first process to release its read lock and allow
+** the second process to proceed.
+**
+** ^The default busy callback is NULL.
+**
+** ^(There can only be a single busy handler defined for each
+** [database connection].  Setting a new busy handler clears any
+** previously set handler.)^  ^Note that calling [sqlite3_busy_timeout()]
+** or evaluating [PRAGMA busy_timeout=N] will change the
+** busy handler and thus clear any previously set busy handler.
+**
+** The busy callback should not take any actions which modify the
+** database connection that invoked the busy handler.  In other words,
+** the busy handler is not reentrant.  Any such actions
+** result in undefined behavior.
+** 
+** A busy handler must not close the database connection
+** or [prepared statement] that invoked the busy handler.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_busy_handler(sqlite3*, int(*)(void*,int), void*);
+
+/*
+** CAPI3REF: Set A Busy Timeout
+** METHOD: sqlite3
+**
+** ^This routine sets a [sqlite3_busy_handler | busy handler] that sleeps
+** for a specified amount of time when a table is locked.  ^The handler
+** will sleep multiple times until at least "ms" milliseconds of sleeping
+** have accumulated.  ^After at least "ms" milliseconds of sleeping,
+** the handler returns 0 which causes [sqlite3_step()] to return
+** [SQLITE_BUSY].
+**
+** ^Calling this routine with an argument less than or equal to zero
+** turns off all busy handlers.
+**
+** ^(There can only be a single busy handler for a particular
+** [database connection] at any given moment.  If another busy handler
+** was defined  (using [sqlite3_busy_handler()]) prior to calling
+** this routine, that other busy handler is cleared.)^
+**
+** See also:  [PRAGMA busy_timeout]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_busy_timeout(sqlite3*, int ms);
+
+/*
+** CAPI3REF: Convenience Routines For Running Queries
+** METHOD: sqlite3
+**
+** This is a legacy interface that is preserved for backwards compatibility.
+** Use of this interface is not recommended.
+**
+** Definition: A <b>result table</b> is memory data structure created by the
+** [sqlite3_get_table()] interface.  A result table records the
+** complete query results from one or more queries.
+**
+** The table conceptually has a number of rows and columns.  But
+** these numbers are not part of the result table itself.  These
+** numbers are obtained separately.  Let N be the number of rows
+** and M be the number of columns.
+**
+** A result table is an array of pointers to zero-terminated UTF-8 strings.
+** There are (N+1)*M elements in the array.  The first M pointers point
+** to zero-terminated strings that  contain the names of the columns.
+** The remaining entries all point to query results.  NULL values result
+** in NULL pointers.  All other values are in their UTF-8 zero-terminated
+** string representation as returned by [sqlite3_column_text()].
+**
+** A result table might consist of one or more memory allocations.
+** It is not safe to pass a result table directly to [sqlite3_free()].
+** A result table should be deallocated using [sqlite3_free_table()].
+**
+** ^(As an example of the result table format, suppose a query result
+** is as follows:
+**
+** <blockquote><pre>
+**        Name        | Age
+**        -----------------------
+**        Alice       | 43
+**        Bob         | 28
+**        Cindy       | 21
+** </pre></blockquote>
+**
+** There are two column (M==2) and three rows (N==3).  Thus the
+** result table has 8 entries.  Suppose the result table is stored
+** in an array names azResult.  Then azResult holds this content:
+**
+** <blockquote><pre>
+**        azResult&#91;0] = "Name";
+**        azResult&#91;1] = "Age";
+**        azResult&#91;2] = "Alice";
+**        azResult&#91;3] = "43";
+**        azResult&#91;4] = "Bob";
+**        azResult&#91;5] = "28";
+**        azResult&#91;6] = "Cindy";
+**        azResult&#91;7] = "21";
+** </pre></blockquote>)^
+**
+** ^The sqlite3_get_table() function evaluates one or more
+** semicolon-separated SQL statements in the zero-terminated UTF-8
+** string of its 2nd parameter and returns a result table to the
+** pointer given in its 3rd parameter.
+**
+** After the application has finished with the result from sqlite3_get_table(),
+** it must pass the result table pointer to sqlite3_free_table() in order to
+** release the memory that was malloced.  Because of the way the
+** [sqlite3_malloc()] happens within sqlite3_get_table(), the calling
+** function must not try to call [sqlite3_free()] directly.  Only
+** [sqlite3_free_table()] is able to release the memory properly and safely.
+**
+** The sqlite3_get_table() interface is implemented as a wrapper around
+** [sqlite3_exec()].  The sqlite3_get_table() routine does not have access
+** to any internal data structures of SQLite.  It uses only the public
+** interface defined here.  As a consequence, errors that occur in the
+** wrapper layer outside of the internal [sqlite3_exec()] call are not
+** reflected in subsequent calls to [sqlite3_errcode()] or
+** [sqlite3_errmsg()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_get_table(
+  sqlite3 *db,          /* An open database */
+  const char *zSql,     /* SQL to be evaluated */
+  char ***pazResult,    /* Results of the query */
+  int *pnRow,           /* Number of result rows written here */
+  int *pnColumn,        /* Number of result columns written here */
+  char **pzErrmsg       /* Error msg written here */
+);
+SQLITE_API void SQLITE_STDCALL sqlite3_free_table(char **result);
+
+/*
+** CAPI3REF: Formatted String Printing Functions
+**
+** These routines are work-alikes of the "printf()" family of functions
+** from the standard C library.
+** These routines understand most of the common K&R formatting options,
+** plus some additional non-standard formats, detailed below.
+** Note that some of the more obscure formatting options from recent
+** C-library standards are omitted from this implementation.
+**
+** ^The sqlite3_mprintf() and sqlite3_vmprintf() routines write their
+** results into memory obtained from [sqlite3_malloc()].
+** The strings returned by these two routines should be
+** released by [sqlite3_free()].  ^Both routines return a
+** NULL pointer if [sqlite3_malloc()] is unable to allocate enough
+** memory to hold the resulting string.
+**
+** ^(The sqlite3_snprintf() routine is similar to "snprintf()" from
+** the standard C library.  The result is written into the
+** buffer supplied as the second parameter whose size is given by
+** the first parameter. Note that the order of the
+** first two parameters is reversed from snprintf().)^  This is an
+** historical accident that cannot be fixed without breaking
+** backwards compatibility.  ^(Note also that sqlite3_snprintf()
+** returns a pointer to its buffer instead of the number of
+** characters actually written into the buffer.)^  We admit that
+** the number of characters written would be a more useful return
+** value but we cannot change the implementation of sqlite3_snprintf()
+** now without breaking compatibility.
+**
+** ^As long as the buffer size is greater than zero, sqlite3_snprintf()
+** guarantees that the buffer is always zero-terminated.  ^The first
+** parameter "n" is the total size of the buffer, including space for
+** the zero terminator.  So the longest string that can be completely
+** written will be n-1 characters.
+**
+** ^The sqlite3_vsnprintf() routine is a varargs version of sqlite3_snprintf().
+**
+** These routines all implement some additional formatting
+** options that are useful for constructing SQL statements.
+** All of the usual printf() formatting options apply.  In addition, there
+** is are "%q", "%Q", "%w" and "%z" options.
+**
+** ^(The %q option works like %s in that it substitutes a nul-terminated
+** string from the argument list.  But %q also doubles every '\'' character.
+** %q is designed for use inside a string literal.)^  By doubling each '\''
+** character it escapes that character and allows it to be inserted into
+** the string.
+**
+** For example, assume the string variable zText contains text as follows:
+**
+** <blockquote><pre>
+**  char *zText = "It's a happy day!";
+** </pre></blockquote>
+**
+** One can use this text in an SQL statement as follows:
+**
+** <blockquote><pre>
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES('%q')", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+** </pre></blockquote>
+**
+** Because the %q format string is used, the '\'' character in zText
+** is escaped and the SQL generated is as follows:
+**
+** <blockquote><pre>
+**  INSERT INTO table1 VALUES('It''s a happy day!')
+** </pre></blockquote>
+**
+** This is correct.  Had we used %s instead of %q, the generated SQL
+** would have looked like this:
+**
+** <blockquote><pre>
+**  INSERT INTO table1 VALUES('It's a happy day!');
+** </pre></blockquote>
+**
+** This second example is an SQL syntax error.  As a general rule you should
+** always use %q instead of %s when inserting text into a string literal.
+**
+** ^(The %Q option works like %q except it also adds single quotes around
+** the outside of the total string.  Additionally, if the parameter in the
+** argument list is a NULL pointer, %Q substitutes the text "NULL" (without
+** single quotes).)^  So, for example, one could say:
+**
+** <blockquote><pre>
+**  char *zSQL = sqlite3_mprintf("INSERT INTO table VALUES(%Q)", zText);
+**  sqlite3_exec(db, zSQL, 0, 0, 0);
+**  sqlite3_free(zSQL);
+** </pre></blockquote>
+**
+** The code above will render a correct SQL statement in the zSQL
+** variable even if the zText variable is a NULL pointer.
+**
+** ^(The "%w" formatting option is like "%q" except that it expects to
+** be contained within double-quotes instead of single quotes, and it
+** escapes the double-quote character instead of the single-quote
+** character.)^  The "%w" formatting option is intended for safely inserting
+** table and column names into a constructed SQL statement.
+**
+** ^(The "%z" formatting option works like "%s" but with the
+** addition that after the string has been read and copied into
+** the result, [sqlite3_free()] is called on the input string.)^
+*/
+SQLITE_API char *SQLITE_CDECL sqlite3_mprintf(const char*,...);
+SQLITE_API char *SQLITE_STDCALL sqlite3_vmprintf(const char*, va_list);
+SQLITE_API char *SQLITE_CDECL sqlite3_snprintf(int,char*,const char*, ...);
+SQLITE_API char *SQLITE_STDCALL sqlite3_vsnprintf(int,char*,const char*, va_list);
+
+/*
+** CAPI3REF: Memory Allocation Subsystem
+**
+** The SQLite core uses these three routines for all of its own
+** internal memory allocation needs. "Core" in the previous sentence
+** does not include operating-system specific VFS implementation.  The
+** Windows VFS uses native malloc() and free() for some operations.
+**
+** ^The sqlite3_malloc() routine returns a pointer to a block
+** of memory at least N bytes in length, where N is the parameter.
+** ^If sqlite3_malloc() is unable to obtain sufficient free
+** memory, it returns a NULL pointer.  ^If the parameter N to
+** sqlite3_malloc() is zero or negative then sqlite3_malloc() returns
+** a NULL pointer.
+**
+** ^The sqlite3_malloc64(N) routine works just like
+** sqlite3_malloc(N) except that N is an unsigned 64-bit integer instead
+** of a signed 32-bit integer.
+**
+** ^Calling sqlite3_free() with a pointer previously returned
+** by sqlite3_malloc() or sqlite3_realloc() releases that memory so
+** that it might be reused.  ^The sqlite3_free() routine is
+** a no-op if is called with a NULL pointer.  Passing a NULL pointer
+** to sqlite3_free() is harmless.  After being freed, memory
+** should neither be read nor written.  Even reading previously freed
+** memory might result in a segmentation fault or other severe error.
+** Memory corruption, a segmentation fault, or other severe error
+** might result if sqlite3_free() is called with a non-NULL pointer that
+** was not obtained from sqlite3_malloc() or sqlite3_realloc().
+**
+** ^The sqlite3_realloc(X,N) interface attempts to resize a
+** prior memory allocation X to be at least N bytes.
+** ^If the X parameter to sqlite3_realloc(X,N)
+** is a NULL pointer then its behavior is identical to calling
+** sqlite3_malloc(N).
+** ^If the N parameter to sqlite3_realloc(X,N) is zero or
+** negative then the behavior is exactly the same as calling
+** sqlite3_free(X).
+** ^sqlite3_realloc(X,N) returns a pointer to a memory allocation
+** of at least N bytes in size or NULL if insufficient memory is available.
+** ^If M is the size of the prior allocation, then min(N,M) bytes
+** of the prior allocation are copied into the beginning of buffer returned
+** by sqlite3_realloc(X,N) and the prior allocation is freed.
+** ^If sqlite3_realloc(X,N) returns NULL and N is positive, then the
+** prior allocation is not freed.
+**
+** ^The sqlite3_realloc64(X,N) interfaces works the same as
+** sqlite3_realloc(X,N) except that N is a 64-bit unsigned integer instead
+** of a 32-bit signed integer.
+**
+** ^If X is a memory allocation previously obtained from sqlite3_malloc(),
+** sqlite3_malloc64(), sqlite3_realloc(), or sqlite3_realloc64(), then
+** sqlite3_msize(X) returns the size of that memory allocation in bytes.
+** ^The value returned by sqlite3_msize(X) might be larger than the number
+** of bytes requested when X was allocated.  ^If X is a NULL pointer then
+** sqlite3_msize(X) returns zero.  If X points to something that is not
+** the beginning of memory allocation, or if it points to a formerly
+** valid memory allocation that has now been freed, then the behavior
+** of sqlite3_msize(X) is undefined and possibly harmful.
+**
+** ^The memory returned by sqlite3_malloc(), sqlite3_realloc(),
+** sqlite3_malloc64(), and sqlite3_realloc64()
+** is always aligned to at least an 8 byte boundary, or to a
+** 4 byte boundary if the [SQLITE_4_BYTE_ALIGNED_MALLOC] compile-time
+** option is used.
+**
+** In SQLite version 3.5.0 and 3.5.1, it was possible to define
+** the SQLITE_OMIT_MEMORY_ALLOCATION which would cause the built-in
+** implementation of these routines to be omitted.  That capability
+** is no longer provided.  Only built-in memory allocators can be used.
+**
+** Prior to SQLite version 3.7.10, the Windows OS interface layer called
+** the system malloc() and free() directly when converting
+** filenames between the UTF-8 encoding used by SQLite
+** and whatever filename encoding is used by the particular Windows
+** installation.  Memory allocation errors were detected, but
+** they were reported back as [SQLITE_CANTOPEN] or
+** [SQLITE_IOERR] rather than [SQLITE_NOMEM].
+**
+** The pointer arguments to [sqlite3_free()] and [sqlite3_realloc()]
+** must be either NULL or else pointers obtained from a prior
+** invocation of [sqlite3_malloc()] or [sqlite3_realloc()] that have
+** not yet been released.
+**
+** The application must not read or write any part of
+** a block of memory after it has been released using
+** [sqlite3_free()] or [sqlite3_realloc()].
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_malloc(int);
+SQLITE_API void *SQLITE_STDCALL sqlite3_malloc64(sqlite3_uint64);
+SQLITE_API void *SQLITE_STDCALL sqlite3_realloc(void*, int);
+SQLITE_API void *SQLITE_STDCALL sqlite3_realloc64(void*, sqlite3_uint64);
+SQLITE_API void SQLITE_STDCALL sqlite3_free(void*);
+SQLITE_API sqlite3_uint64 SQLITE_STDCALL sqlite3_msize(void*);
+
+/*
+** CAPI3REF: Memory Allocator Statistics
+**
+** SQLite provides these two interfaces for reporting on the status
+** of the [sqlite3_malloc()], [sqlite3_free()], and [sqlite3_realloc()]
+** routines, which form the built-in memory allocation subsystem.
+**
+** ^The [sqlite3_memory_used()] routine returns the number of bytes
+** of memory currently outstanding (malloced but not freed).
+** ^The [sqlite3_memory_highwater()] routine returns the maximum
+** value of [sqlite3_memory_used()] since the high-water mark
+** was last reset.  ^The values returned by [sqlite3_memory_used()] and
+** [sqlite3_memory_highwater()] include any overhead
+** added by SQLite in its implementation of [sqlite3_malloc()],
+** but not overhead added by the any underlying system library
+** routines that [sqlite3_malloc()] may call.
+**
+** ^The memory high-water mark is reset to the current value of
+** [sqlite3_memory_used()] if and only if the parameter to
+** [sqlite3_memory_highwater()] is true.  ^The value returned
+** by [sqlite3_memory_highwater(1)] is the high-water mark
+** prior to the reset.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_memory_used(void);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_memory_highwater(int resetFlag);
+
+/*
+** CAPI3REF: Pseudo-Random Number Generator
+**
+** SQLite contains a high-quality pseudo-random number generator (PRNG) used to
+** select random [ROWID | ROWIDs] when inserting new records into a table that
+** already uses the largest possible [ROWID].  The PRNG is also used for
+** the build-in random() and randomblob() SQL functions.  This interface allows
+** applications to access the same PRNG for other purposes.
+**
+** ^A call to this routine stores N bytes of randomness into buffer P.
+** ^The P parameter can be a NULL pointer.
+**
+** ^If this routine has not been previously called or if the previous
+** call had N less than one or a NULL pointer for P, then the PRNG is
+** seeded using randomness obtained from the xRandomness method of
+** the default [sqlite3_vfs] object.
+** ^If the previous call to this routine had an N of 1 or more and a
+** non-NULL P then the pseudo-randomness is generated
+** internally and without recourse to the [sqlite3_vfs] xRandomness
+** method.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_randomness(int N, void *P);
+
+/*
+** CAPI3REF: Compile-Time Authorization Callbacks
+** METHOD: sqlite3
+**
+** ^This routine registers an authorizer callback with a particular
+** [database connection], supplied in the first argument.
+** ^The authorizer callback is invoked as SQL statements are being compiled
+** by [sqlite3_prepare()] or its variants [sqlite3_prepare_v2()],
+** [sqlite3_prepare16()] and [sqlite3_prepare16_v2()].  ^At various
+** points during the compilation process, as logic is being created
+** to perform various actions, the authorizer callback is invoked to
+** see if those actions are allowed.  ^The authorizer callback should
+** return [SQLITE_OK] to allow the action, [SQLITE_IGNORE] to disallow the
+** specific action but allow the SQL statement to continue to be
+** compiled, or [SQLITE_DENY] to cause the entire SQL statement to be
+** rejected with an error.  ^If the authorizer callback returns
+** any value other than [SQLITE_IGNORE], [SQLITE_OK], or [SQLITE_DENY]
+** then the [sqlite3_prepare_v2()] or equivalent call that triggered
+** the authorizer will fail with an error message.
+**
+** When the callback returns [SQLITE_OK], that means the operation
+** requested is ok.  ^When the callback returns [SQLITE_DENY], the
+** [sqlite3_prepare_v2()] or equivalent call that triggered the
+** authorizer will fail with an error message explaining that
+** access is denied. 
+**
+** ^The first parameter to the authorizer callback is a copy of the third
+** parameter to the sqlite3_set_authorizer() interface. ^The second parameter
+** to the callback is an integer [SQLITE_COPY | action code] that specifies
+** the particular action to be authorized. ^The third through sixth parameters
+** to the callback are zero-terminated strings that contain additional
+** details about the action to be authorized.
+**
+** ^If the action code is [SQLITE_READ]
+** and the callback returns [SQLITE_IGNORE] then the
+** [prepared statement] statement is constructed to substitute
+** a NULL value in place of the table column that would have
+** been read if [SQLITE_OK] had been returned.  The [SQLITE_IGNORE]
+** return can be used to deny an untrusted user access to individual
+** columns of a table.
+** ^If the action code is [SQLITE_DELETE] and the callback returns
+** [SQLITE_IGNORE] then the [DELETE] operation proceeds but the
+** [truncate optimization] is disabled and all rows are deleted individually.
+**
+** An authorizer is used when [sqlite3_prepare | preparing]
+** SQL statements from an untrusted source, to ensure that the SQL statements
+** do not try to access data they are not allowed to see, or that they do not
+** try to execute malicious statements that damage the database.  For
+** example, an application may allow a user to enter arbitrary
+** SQL queries for evaluation by a database.  But the application does
+** not want the user to be able to make arbitrary changes to the
+** database.  An authorizer could then be put in place while the
+** user-entered SQL is being [sqlite3_prepare | prepared] that
+** disallows everything except [SELECT] statements.
+**
+** Applications that need to process SQL from untrusted sources
+** might also consider lowering resource limits using [sqlite3_limit()]
+** and limiting database size using the [max_page_count] [PRAGMA]
+** in addition to using an authorizer.
+**
+** ^(Only a single authorizer can be in place on a database connection
+** at a time.  Each call to sqlite3_set_authorizer overrides the
+** previous call.)^  ^Disable the authorizer by installing a NULL callback.
+** The authorizer is disabled by default.
+**
+** The authorizer callback must not do anything that will modify
+** the database connection that invoked the authorizer callback.
+** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their
+** database connections for the meaning of "modify" in this paragraph.
+**
+** ^When [sqlite3_prepare_v2()] is used to prepare a statement, the
+** statement might be re-prepared during [sqlite3_step()] due to a 
+** schema change.  Hence, the application should ensure that the
+** correct authorizer callback remains in place during the [sqlite3_step()].
+**
+** ^Note that the authorizer callback is invoked only during
+** [sqlite3_prepare()] or its variants.  Authorization is not
+** performed during statement evaluation in [sqlite3_step()], unless
+** as stated in the previous paragraph, sqlite3_step() invokes
+** sqlite3_prepare_v2() to reprepare a statement after a schema change.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_set_authorizer(
+  sqlite3*,
+  int (*xAuth)(void*,int,const char*,const char*,const char*,const char*),
+  void *pUserData
+);
+
+/*
+** CAPI3REF: Authorizer Return Codes
+**
+** The [sqlite3_set_authorizer | authorizer callback function] must
+** return either [SQLITE_OK] or one of these two constants in order
+** to signal SQLite whether or not the action is permitted.  See the
+** [sqlite3_set_authorizer | authorizer documentation] for additional
+** information.
+**
+** Note that SQLITE_IGNORE is also used as a [conflict resolution mode]
+** returned from the [sqlite3_vtab_on_conflict()] interface.
+*/
+#define SQLITE_DENY   1   /* Abort the SQL statement with an error */
+#define SQLITE_IGNORE 2   /* Don't allow access, but don't generate an error */
+
+/*
+** CAPI3REF: Authorizer Action Codes
+**
+** The [sqlite3_set_authorizer()] interface registers a callback function
+** that is invoked to authorize certain SQL statement actions.  The
+** second parameter to the callback is an integer code that specifies
+** what action is being authorized.  These are the integer action codes that
+** the authorizer callback may be passed.
+**
+** These action code values signify what kind of operation is to be
+** authorized.  The 3rd and 4th parameters to the authorization
+** callback function will be parameters or NULL depending on which of these
+** codes is used as the second parameter.  ^(The 5th parameter to the
+** authorizer callback is the name of the database ("main", "temp",
+** etc.) if applicable.)^  ^The 6th parameter to the authorizer callback
+** is the name of the inner-most trigger or view that is responsible for
+** the access attempt or NULL if this access attempt is directly from
+** top-level SQL code.
+*/
+/******************************************* 3rd ************ 4th ***********/
+#define SQLITE_CREATE_INDEX          1   /* Index Name      Table Name      */
+#define SQLITE_CREATE_TABLE          2   /* Table Name      NULL            */
+#define SQLITE_CREATE_TEMP_INDEX     3   /* Index Name      Table Name      */
+#define SQLITE_CREATE_TEMP_TABLE     4   /* Table Name      NULL            */
+#define SQLITE_CREATE_TEMP_TRIGGER   5   /* Trigger Name    Table Name      */
+#define SQLITE_CREATE_TEMP_VIEW      6   /* View Name       NULL            */
+#define SQLITE_CREATE_TRIGGER        7   /* Trigger Name    Table Name      */
+#define SQLITE_CREATE_VIEW           8   /* View Name       NULL            */
+#define SQLITE_DELETE                9   /* Table Name      NULL            */
+#define SQLITE_DROP_INDEX           10   /* Index Name      Table Name      */
+#define SQLITE_DROP_TABLE           11   /* Table Name      NULL            */
+#define SQLITE_DROP_TEMP_INDEX      12   /* Index Name      Table Name      */
+#define SQLITE_DROP_TEMP_TABLE      13   /* Table Name      NULL            */
+#define SQLITE_DROP_TEMP_TRIGGER    14   /* Trigger Name    Table Name      */
+#define SQLITE_DROP_TEMP_VIEW       15   /* View Name       NULL            */
+#define SQLITE_DROP_TRIGGER         16   /* Trigger Name    Table Name      */
+#define SQLITE_DROP_VIEW            17   /* View Name       NULL            */
+#define SQLITE_INSERT               18   /* Table Name      NULL            */
+#define SQLITE_PRAGMA               19   /* Pragma Name     1st arg or NULL */
+#define SQLITE_READ                 20   /* Table Name      Column Name     */
+#define SQLITE_SELECT               21   /* NULL            NULL            */
+#define SQLITE_TRANSACTION          22   /* Operation       NULL            */
+#define SQLITE_UPDATE               23   /* Table Name      Column Name     */
+#define SQLITE_ATTACH               24   /* Filename        NULL            */
+#define SQLITE_DETACH               25   /* Database Name   NULL            */
+#define SQLITE_ALTER_TABLE          26   /* Database Name   Table Name      */
+#define SQLITE_REINDEX              27   /* Index Name      NULL            */
+#define SQLITE_ANALYZE              28   /* Table Name      NULL            */
+#define SQLITE_CREATE_VTABLE        29   /* Table Name      Module Name     */
+#define SQLITE_DROP_VTABLE          30   /* Table Name      Module Name     */
+#define SQLITE_FUNCTION             31   /* NULL            Function Name   */
+#define SQLITE_SAVEPOINT            32   /* Operation       Savepoint Name  */
+#define SQLITE_COPY                  0   /* No longer used */
+#define SQLITE_RECURSIVE            33   /* NULL            NULL            */
+
+/*
+** CAPI3REF: Tracing And Profiling Functions
+** METHOD: sqlite3
+**
+** These routines register callback functions that can be used for
+** tracing and profiling the execution of SQL statements.
+**
+** ^The callback function registered by sqlite3_trace() is invoked at
+** various times when an SQL statement is being run by [sqlite3_step()].
+** ^The sqlite3_trace() callback is invoked with a UTF-8 rendering of the
+** SQL statement text as the statement first begins executing.
+** ^(Additional sqlite3_trace() callbacks might occur
+** as each triggered subprogram is entered.  The callbacks for triggers
+** contain a UTF-8 SQL comment that identifies the trigger.)^
+**
+** The [SQLITE_TRACE_SIZE_LIMIT] compile-time option can be used to limit
+** the length of [bound parameter] expansion in the output of sqlite3_trace().
+**
+** ^The callback function registered by sqlite3_profile() is invoked
+** as each SQL statement finishes.  ^The profile callback contains
+** the original statement text and an estimate of wall-clock time
+** of how long that statement took to run.  ^The profile callback
+** time is in units of nanoseconds, however the current implementation
+** is only capable of millisecond resolution so the six least significant
+** digits in the time are meaningless.  Future versions of SQLite
+** might provide greater resolution on the profiler callback.  The
+** sqlite3_profile() function is considered experimental and is
+** subject to change in future versions of SQLite.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_trace(sqlite3*, void(*xTrace)(void*,const char*), void*);
+SQLITE_API SQLITE_EXPERIMENTAL void *SQLITE_STDCALL sqlite3_profile(sqlite3*,
+   void(*xProfile)(void*,const char*,sqlite3_uint64), void*);
+
+/*
+** CAPI3REF: Query Progress Callbacks
+** METHOD: sqlite3
+**
+** ^The sqlite3_progress_handler(D,N,X,P) interface causes the callback
+** function X to be invoked periodically during long running calls to
+** [sqlite3_exec()], [sqlite3_step()] and [sqlite3_get_table()] for
+** database connection D.  An example use for this
+** interface is to keep a GUI updated during a large query.
+**
+** ^The parameter P is passed through as the only parameter to the 
+** callback function X.  ^The parameter N is the approximate number of 
+** [virtual machine instructions] that are evaluated between successive
+** invocations of the callback X.  ^If N is less than one then the progress
+** handler is disabled.
+**
+** ^Only a single progress handler may be defined at one time per
+** [database connection]; setting a new progress handler cancels the
+** old one.  ^Setting parameter X to NULL disables the progress handler.
+** ^The progress handler is also disabled by setting N to a value less
+** than 1.
+**
+** ^If the progress callback returns non-zero, the operation is
+** interrupted.  This feature can be used to implement a
+** "Cancel" button on a GUI progress dialog box.
+**
+** The progress handler callback must not do anything that will modify
+** the database connection that invoked the progress handler.
+** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their
+** database connections for the meaning of "modify" in this paragraph.
+**
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_progress_handler(sqlite3*, int, int(*)(void*), void*);
+
+/*
+** CAPI3REF: Opening A New Database Connection
+** CONSTRUCTOR: sqlite3
+**
+** ^These routines open an SQLite database file as specified by the 
+** filename argument. ^The filename argument is interpreted as UTF-8 for
+** sqlite3_open() and sqlite3_open_v2() and as UTF-16 in the native byte
+** order for sqlite3_open16(). ^(A [database connection] handle is usually
+** returned in *ppDb, even if an error occurs.  The only exception is that
+** if SQLite is unable to allocate memory to hold the [sqlite3] object,
+** a NULL will be written into *ppDb instead of a pointer to the [sqlite3]
+** object.)^ ^(If the database is opened (and/or created) successfully, then
+** [SQLITE_OK] is returned.  Otherwise an [error code] is returned.)^ ^The
+** [sqlite3_errmsg()] or [sqlite3_errmsg16()] routines can be used to obtain
+** an English language description of the error following a failure of any
+** of the sqlite3_open() routines.
+**
+** ^The default encoding will be UTF-8 for databases created using
+** sqlite3_open() or sqlite3_open_v2().  ^The default encoding for databases
+** created using sqlite3_open16() will be UTF-16 in the native byte order.
+**
+** Whether or not an error occurs when it is opened, resources
+** associated with the [database connection] handle should be released by
+** passing it to [sqlite3_close()] when it is no longer required.
+**
+** The sqlite3_open_v2() interface works like sqlite3_open()
+** except that it accepts two additional parameters for additional control
+** over the new database connection.  ^(The flags parameter to
+** sqlite3_open_v2() can take one of
+** the following three values, optionally combined with the 
+** [SQLITE_OPEN_NOMUTEX], [SQLITE_OPEN_FULLMUTEX], [SQLITE_OPEN_SHAREDCACHE],
+** [SQLITE_OPEN_PRIVATECACHE], and/or [SQLITE_OPEN_URI] flags:)^
+**
+** <dl>
+** ^(<dt>[SQLITE_OPEN_READONLY]</dt>
+** <dd>The database is opened in read-only mode.  If the database does not
+** already exist, an error is returned.</dd>)^
+**
+** ^(<dt>[SQLITE_OPEN_READWRITE]</dt>
+** <dd>The database is opened for reading and writing if possible, or reading
+** only if the file is write protected by the operating system.  In either
+** case the database must already exist, otherwise an error is returned.</dd>)^
+**
+** ^(<dt>[SQLITE_OPEN_READWRITE] | [SQLITE_OPEN_CREATE]</dt>
+** <dd>The database is opened for reading and writing, and is created if
+** it does not already exist. This is the behavior that is always used for
+** sqlite3_open() and sqlite3_open16().</dd>)^
+** </dl>
+**
+** If the 3rd parameter to sqlite3_open_v2() is not one of the
+** combinations shown above optionally combined with other
+** [SQLITE_OPEN_READONLY | SQLITE_OPEN_* bits]
+** then the behavior is undefined.
+**
+** ^If the [SQLITE_OPEN_NOMUTEX] flag is set, then the database connection
+** opens in the multi-thread [threading mode] as long as the single-thread
+** mode has not been set at compile-time or start-time.  ^If the
+** [SQLITE_OPEN_FULLMUTEX] flag is set then the database connection opens
+** in the serialized [threading mode] unless single-thread was
+** previously selected at compile-time or start-time.
+** ^The [SQLITE_OPEN_SHAREDCACHE] flag causes the database connection to be
+** eligible to use [shared cache mode], regardless of whether or not shared
+** cache is enabled using [sqlite3_enable_shared_cache()].  ^The
+** [SQLITE_OPEN_PRIVATECACHE] flag causes the database connection to not
+** participate in [shared cache mode] even if it is enabled.
+**
+** ^The fourth parameter to sqlite3_open_v2() is the name of the
+** [sqlite3_vfs] object that defines the operating system interface that
+** the new database connection should use.  ^If the fourth parameter is
+** a NULL pointer then the default [sqlite3_vfs] object is used.
+**
+** ^If the filename is ":memory:", then a private, temporary in-memory database
+** is created for the connection.  ^This in-memory database will vanish when
+** the database connection is closed.  Future versions of SQLite might
+** make use of additional special filenames that begin with the ":" character.
+** It is recommended that when a database filename actually does begin with
+** a ":" character you should prefix the filename with a pathname such as
+** "./" to avoid ambiguity.
+**
+** ^If the filename is an empty string, then a private, temporary
+** on-disk database will be created.  ^This private database will be
+** automatically deleted as soon as the database connection is closed.
+**
+** [[URI filenames in sqlite3_open()]] <h3>URI Filenames</h3>
+**
+** ^If [URI filename] interpretation is enabled, and the filename argument
+** begins with "file:", then the filename is interpreted as a URI. ^URI
+** filename interpretation is enabled if the [SQLITE_OPEN_URI] flag is
+** set in the fourth argument to sqlite3_open_v2(), or if it has
+** been enabled globally using the [SQLITE_CONFIG_URI] option with the
+** [sqlite3_config()] method or by the [SQLITE_USE_URI] compile-time option.
+** As of SQLite version 3.7.7, URI filename interpretation is turned off
+** by default, but future releases of SQLite might enable URI filename
+** interpretation by default.  See "[URI filenames]" for additional
+** information.
+**
+** URI filenames are parsed according to RFC 3986. ^If the URI contains an
+** authority, then it must be either an empty string or the string 
+** "localhost". ^If the authority is not an empty string or "localhost", an 
+** error is returned to the caller. ^The fragment component of a URI, if 
+** present, is ignored.
+**
+** ^SQLite uses the path component of the URI as the name of the disk file
+** which contains the database. ^If the path begins with a '/' character, 
+** then it is interpreted as an absolute path. ^If the path does not begin 
+** with a '/' (meaning that the authority section is omitted from the URI)
+** then the path is interpreted as a relative path. 
+** ^(On windows, the first component of an absolute path 
+** is a drive specification (e.g. "C:").)^
+**
+** [[core URI query parameters]]
+** The query component of a URI may contain parameters that are interpreted
+** either by SQLite itself, or by a [VFS | custom VFS implementation].
+** SQLite and its built-in [VFSes] interpret the
+** following query parameters:
+**
+** <ul>
+**   <li> <b>vfs</b>: ^The "vfs" parameter may be used to specify the name of
+**     a VFS object that provides the operating system interface that should
+**     be used to access the database file on disk. ^If this option is set to
+**     an empty string the default VFS object is used. ^Specifying an unknown
+**     VFS is an error. ^If sqlite3_open_v2() is used and the vfs option is
+**     present, then the VFS specified by the option takes precedence over
+**     the value passed as the fourth parameter to sqlite3_open_v2().
+**
+**   <li> <b>mode</b>: ^(The mode parameter may be set to either "ro", "rw",
+**     "rwc", or "memory". Attempting to set it to any other value is
+**     an error)^. 
+**     ^If "ro" is specified, then the database is opened for read-only 
+**     access, just as if the [SQLITE_OPEN_READONLY] flag had been set in the 
+**     third argument to sqlite3_open_v2(). ^If the mode option is set to 
+**     "rw", then the database is opened for read-write (but not create) 
+**     access, as if SQLITE_OPEN_READWRITE (but not SQLITE_OPEN_CREATE) had 
+**     been set. ^Value "rwc" is equivalent to setting both 
+**     SQLITE_OPEN_READWRITE and SQLITE_OPEN_CREATE.  ^If the mode option is
+**     set to "memory" then a pure [in-memory database] that never reads
+**     or writes from disk is used. ^It is an error to specify a value for
+**     the mode parameter that is less restrictive than that specified by
+**     the flags passed in the third parameter to sqlite3_open_v2().
+**
+**   <li> <b>cache</b>: ^The cache parameter may be set to either "shared" or
+**     "private". ^Setting it to "shared" is equivalent to setting the
+**     SQLITE_OPEN_SHAREDCACHE bit in the flags argument passed to
+**     sqlite3_open_v2(). ^Setting the cache parameter to "private" is 
+**     equivalent to setting the SQLITE_OPEN_PRIVATECACHE bit.
+**     ^If sqlite3_open_v2() is used and the "cache" parameter is present in
+**     a URI filename, its value overrides any behavior requested by setting
+**     SQLITE_OPEN_PRIVATECACHE or SQLITE_OPEN_SHAREDCACHE flag.
+**
+**  <li> <b>psow</b>: ^The psow parameter indicates whether or not the
+**     [powersafe overwrite] property does or does not apply to the
+**     storage media on which the database file resides.
+**
+**  <li> <b>nolock</b>: ^The nolock parameter is a boolean query parameter
+**     which if set disables file locking in rollback journal modes.  This
+**     is useful for accessing a database on a filesystem that does not
+**     support locking.  Caution:  Database corruption might result if two
+**     or more processes write to the same database and any one of those
+**     processes uses nolock=1.
+**
+**  <li> <b>immutable</b>: ^The immutable parameter is a boolean query
+**     parameter that indicates that the database file is stored on
+**     read-only media.  ^When immutable is set, SQLite assumes that the
+**     database file cannot be changed, even by a process with higher
+**     privilege, and so the database is opened read-only and all locking
+**     and change detection is disabled.  Caution: Setting the immutable
+**     property on a database file that does in fact change can result
+**     in incorrect query results and/or [SQLITE_CORRUPT] errors.
+**     See also: [SQLITE_IOCAP_IMMUTABLE].
+**       
+** </ul>
+**
+** ^Specifying an unknown parameter in the query component of a URI is not an
+** error.  Future versions of SQLite might understand additional query
+** parameters.  See "[query parameters with special meaning to SQLite]" for
+** additional information.
+**
+** [[URI filename examples]] <h3>URI filename examples</h3>
+**
+** <table border="1" align=center cellpadding=5>
+** <tr><th> URI filenames <th> Results
+** <tr><td> file:data.db <td> 
+**          Open the file "data.db" in the current directory.
+** <tr><td> file:/home/fred/data.db<br>
+**          file:///home/fred/data.db <br> 
+**          file://localhost/home/fred/data.db <br> <td> 
+**          Open the database file "/home/fred/data.db".
+** <tr><td> file://darkstar/home/fred/data.db <td> 
+**          An error. "darkstar" is not a recognized authority.
+** <tr><td style="white-space:nowrap"> 
+**          file:///C:/Documents%20and%20Settings/fred/Desktop/data.db
+**     <td> Windows only: Open the file "data.db" on fred's desktop on drive
+**          C:. Note that the %20 escaping in this example is not strictly 
+**          necessary - space characters can be used literally
+**          in URI filenames.
+** <tr><td> file:data.db?mode=ro&cache=private <td> 
+**          Open file "data.db" in the current directory for read-only access.
+**          Regardless of whether or not shared-cache mode is enabled by
+**          default, use a private cache.
+** <tr><td> file:/home/fred/data.db?vfs=unix-dotfile <td>
+**          Open file "/home/fred/data.db". Use the special VFS "unix-dotfile"
+**          that uses dot-files in place of posix advisory locking.
+** <tr><td> file:data.db?mode=readonly <td> 
+**          An error. "readonly" is not a valid option for the "mode" parameter.
+** </table>
+**
+** ^URI hexadecimal escape sequences (%HH) are supported within the path and
+** query components of a URI. A hexadecimal escape sequence consists of a
+** percent sign - "%" - followed by exactly two hexadecimal digits 
+** specifying an octet value. ^Before the path or query components of a
+** URI filename are interpreted, they are encoded using UTF-8 and all 
+** hexadecimal escape sequences replaced by a single byte containing the
+** corresponding octet. If this process generates an invalid UTF-8 encoding,
+** the results are undefined.
+**
+** <b>Note to Windows users:</b>  The encoding used for the filename argument
+** of sqlite3_open() and sqlite3_open_v2() must be UTF-8, not whatever
+** codepage is currently defined.  Filenames containing international
+** characters must be converted to UTF-8 prior to passing them into
+** sqlite3_open() or sqlite3_open_v2().
+**
+** <b>Note to Windows Runtime users:</b>  The temporary directory must be set
+** prior to calling sqlite3_open() or sqlite3_open_v2().  Otherwise, various
+** features that require the use of temporary files may fail.
+**
+** See also: [sqlite3_temp_directory]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_open(
+  const char *filename,   /* Database filename (UTF-8) */
+  sqlite3 **ppDb          /* OUT: SQLite db handle */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_open16(
+  const void *filename,   /* Database filename (UTF-16) */
+  sqlite3 **ppDb          /* OUT: SQLite db handle */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_open_v2(
+  const char *filename,   /* Database filename (UTF-8) */
+  sqlite3 **ppDb,         /* OUT: SQLite db handle */
+  int flags,              /* Flags */
+  const char *zVfs        /* Name of VFS module to use */
+);
+
+/*
+** CAPI3REF: Obtain Values For URI Parameters
+**
+** These are utility routines, useful to VFS implementations, that check
+** to see if a database file was a URI that contained a specific query 
+** parameter, and if so obtains the value of that query parameter.
+**
+** If F is the database filename pointer passed into the xOpen() method of 
+** a VFS implementation when the flags parameter to xOpen() has one or 
+** more of the [SQLITE_OPEN_URI] or [SQLITE_OPEN_MAIN_DB] bits set and
+** P is the name of the query parameter, then
+** sqlite3_uri_parameter(F,P) returns the value of the P
+** parameter if it exists or a NULL pointer if P does not appear as a 
+** query parameter on F.  If P is a query parameter of F
+** has no explicit value, then sqlite3_uri_parameter(F,P) returns
+** a pointer to an empty string.
+**
+** The sqlite3_uri_boolean(F,P,B) routine assumes that P is a boolean
+** parameter and returns true (1) or false (0) according to the value
+** of P.  The sqlite3_uri_boolean(F,P,B) routine returns true (1) if the
+** value of query parameter P is one of "yes", "true", or "on" in any
+** case or if the value begins with a non-zero number.  The 
+** sqlite3_uri_boolean(F,P,B) routines returns false (0) if the value of
+** query parameter P is one of "no", "false", or "off" in any case or
+** if the value begins with a numeric zero.  If P is not a query
+** parameter on F or if the value of P is does not match any of the
+** above, then sqlite3_uri_boolean(F,P,B) returns (B!=0).
+**
+** The sqlite3_uri_int64(F,P,D) routine converts the value of P into a
+** 64-bit signed integer and returns that integer, or D if P does not
+** exist.  If the value of P is something other than an integer, then
+** zero is returned.
+** 
+** If F is a NULL pointer, then sqlite3_uri_parameter(F,P) returns NULL and
+** sqlite3_uri_boolean(F,P,B) returns B.  If F is not a NULL pointer and
+** is not a database file pathname pointer that SQLite passed into the xOpen
+** VFS method, then the behavior of this routine is undefined and probably
+** undesirable.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_uri_parameter(const char *zFilename, const char *zParam);
+SQLITE_API int SQLITE_STDCALL sqlite3_uri_boolean(const char *zFile, const char *zParam, int bDefault);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_uri_int64(const char*, const char*, sqlite3_int64);
+
+
+/*
+** CAPI3REF: Error Codes And Messages
+** METHOD: sqlite3
+**
+** ^If the most recent sqlite3_* API call associated with 
+** [database connection] D failed, then the sqlite3_errcode(D) interface
+** returns the numeric [result code] or [extended result code] for that
+** API call.
+** If the most recent API call was successful,
+** then the return value from sqlite3_errcode() is undefined.
+** ^The sqlite3_extended_errcode()
+** interface is the same except that it always returns the 
+** [extended result code] even when extended result codes are
+** disabled.
+**
+** ^The sqlite3_errmsg() and sqlite3_errmsg16() return English-language
+** text that describes the error, as either UTF-8 or UTF-16 respectively.
+** ^(Memory to hold the error message string is managed internally.
+** The application does not need to worry about freeing the result.
+** However, the error string might be overwritten or deallocated by
+** subsequent calls to other SQLite interface functions.)^
+**
+** ^The sqlite3_errstr() interface returns the English-language text
+** that describes the [result code], as UTF-8.
+** ^(Memory to hold the error message string is managed internally
+** and must not be freed by the application)^.
+**
+** When the serialized [threading mode] is in use, it might be the
+** case that a second error occurs on a separate thread in between
+** the time of the first error and the call to these interfaces.
+** When that happens, the second error will be reported since these
+** interfaces always report the most recent result.  To avoid
+** this, each thread can obtain exclusive use of the [database connection] D
+** by invoking [sqlite3_mutex_enter]([sqlite3_db_mutex](D)) before beginning
+** to use D and invoking [sqlite3_mutex_leave]([sqlite3_db_mutex](D)) after
+** all calls to the interfaces listed here are completed.
+**
+** If an interface fails with SQLITE_MISUSE, that means the interface
+** was invoked incorrectly by the application.  In that case, the
+** error code and message may or may not be set.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_errcode(sqlite3 *db);
+SQLITE_API int SQLITE_STDCALL sqlite3_extended_errcode(sqlite3 *db);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_errmsg(sqlite3*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_errmsg16(sqlite3*);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_errstr(int);
+
+/*
+** CAPI3REF: Prepared Statement Object
+** KEYWORDS: {prepared statement} {prepared statements}
+**
+** An instance of this object represents a single SQL statement that
+** has been compiled into binary form and is ready to be evaluated.
+**
+** Think of each SQL statement as a separate computer program.  The
+** original SQL text is source code.  A prepared statement object 
+** is the compiled object code.  All SQL must be converted into a
+** prepared statement before it can be run.
+**
+** The life-cycle of a prepared statement object usually goes like this:
+**
+** <ol>
+** <li> Create the prepared statement object using [sqlite3_prepare_v2()].
+** <li> Bind values to [parameters] using the sqlite3_bind_*()
+**      interfaces.
+** <li> Run the SQL by calling [sqlite3_step()] one or more times.
+** <li> Reset the prepared statement using [sqlite3_reset()] then go back
+**      to step 2.  Do this zero or more times.
+** <li> Destroy the object using [sqlite3_finalize()].
+** </ol>
+*/
+typedef struct sqlite3_stmt sqlite3_stmt;
+
+/*
+** CAPI3REF: Run-time Limits
+** METHOD: sqlite3
+**
+** ^(This interface allows the size of various constructs to be limited
+** on a connection by connection basis.  The first parameter is the
+** [database connection] whose limit is to be set or queried.  The
+** second parameter is one of the [limit categories] that define a
+** class of constructs to be size limited.  The third parameter is the
+** new limit for that construct.)^
+**
+** ^If the new limit is a negative number, the limit is unchanged.
+** ^(For each limit category SQLITE_LIMIT_<i>NAME</i> there is a 
+** [limits | hard upper bound]
+** set at compile-time by a C preprocessor macro called
+** [limits | SQLITE_MAX_<i>NAME</i>].
+** (The "_LIMIT_" in the name is changed to "_MAX_".))^
+** ^Attempts to increase a limit above its hard upper bound are
+** silently truncated to the hard upper bound.
+**
+** ^Regardless of whether or not the limit was changed, the 
+** [sqlite3_limit()] interface returns the prior value of the limit.
+** ^Hence, to find the current value of a limit without changing it,
+** simply invoke this interface with the third parameter set to -1.
+**
+** Run-time limits are intended for use in applications that manage
+** both their own internal database and also databases that are controlled
+** by untrusted external sources.  An example application might be a
+** web browser that has its own databases for storing history and
+** separate databases controlled by JavaScript applications downloaded
+** off the Internet.  The internal databases can be given the
+** large, default limits.  Databases managed by external sources can
+** be given much smaller limits designed to prevent a denial of service
+** attack.  Developers might also want to use the [sqlite3_set_authorizer()]
+** interface to further control untrusted SQL.  The size of the database
+** created by an untrusted script can be contained using the
+** [max_page_count] [PRAGMA].
+**
+** New run-time limit categories may be added in future releases.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_limit(sqlite3*, int id, int newVal);
+
+/*
+** CAPI3REF: Run-Time Limit Categories
+** KEYWORDS: {limit category} {*limit categories}
+**
+** These constants define various performance limits
+** that can be lowered at run-time using [sqlite3_limit()].
+** The synopsis of the meanings of the various limits is shown below.
+** Additional information is available at [limits | Limits in SQLite].
+**
+** <dl>
+** [[SQLITE_LIMIT_LENGTH]] ^(<dt>SQLITE_LIMIT_LENGTH</dt>
+** <dd>The maximum size of any string or BLOB or table row, in bytes.<dd>)^
+**
+** [[SQLITE_LIMIT_SQL_LENGTH]] ^(<dt>SQLITE_LIMIT_SQL_LENGTH</dt>
+** <dd>The maximum length of an SQL statement, in bytes.</dd>)^
+**
+** [[SQLITE_LIMIT_COLUMN]] ^(<dt>SQLITE_LIMIT_COLUMN</dt>
+** <dd>The maximum number of columns in a table definition or in the
+** result set of a [SELECT] or the maximum number of columns in an index
+** or in an ORDER BY or GROUP BY clause.</dd>)^
+**
+** [[SQLITE_LIMIT_EXPR_DEPTH]] ^(<dt>SQLITE_LIMIT_EXPR_DEPTH</dt>
+** <dd>The maximum depth of the parse tree on any expression.</dd>)^
+**
+** [[SQLITE_LIMIT_COMPOUND_SELECT]] ^(<dt>SQLITE_LIMIT_COMPOUND_SELECT</dt>
+** <dd>The maximum number of terms in a compound SELECT statement.</dd>)^
+**
+** [[SQLITE_LIMIT_VDBE_OP]] ^(<dt>SQLITE_LIMIT_VDBE_OP</dt>
+** <dd>The maximum number of instructions in a virtual machine program
+** used to implement an SQL statement.  This limit is not currently
+** enforced, though that might be added in some future release of
+** SQLite.</dd>)^
+**
+** [[SQLITE_LIMIT_FUNCTION_ARG]] ^(<dt>SQLITE_LIMIT_FUNCTION_ARG</dt>
+** <dd>The maximum number of arguments on a function.</dd>)^
+**
+** [[SQLITE_LIMIT_ATTACHED]] ^(<dt>SQLITE_LIMIT_ATTACHED</dt>
+** <dd>The maximum number of [ATTACH | attached databases].)^</dd>
+**
+** [[SQLITE_LIMIT_LIKE_PATTERN_LENGTH]]
+** ^(<dt>SQLITE_LIMIT_LIKE_PATTERN_LENGTH</dt>
+** <dd>The maximum length of the pattern argument to the [LIKE] or
+** [GLOB] operators.</dd>)^
+**
+** [[SQLITE_LIMIT_VARIABLE_NUMBER]]
+** ^(<dt>SQLITE_LIMIT_VARIABLE_NUMBER</dt>
+** <dd>The maximum index number of any [parameter] in an SQL statement.)^
+**
+** [[SQLITE_LIMIT_TRIGGER_DEPTH]] ^(<dt>SQLITE_LIMIT_TRIGGER_DEPTH</dt>
+** <dd>The maximum depth of recursion for triggers.</dd>)^
+**
+** [[SQLITE_LIMIT_WORKER_THREADS]] ^(<dt>SQLITE_LIMIT_WORKER_THREADS</dt>
+** <dd>The maximum number of auxiliary worker threads that a single
+** [prepared statement] may start.</dd>)^
+** </dl>
+*/
+#define SQLITE_LIMIT_LENGTH                    0
+#define SQLITE_LIMIT_SQL_LENGTH                1
+#define SQLITE_LIMIT_COLUMN                    2
+#define SQLITE_LIMIT_EXPR_DEPTH                3
+#define SQLITE_LIMIT_COMPOUND_SELECT           4
+#define SQLITE_LIMIT_VDBE_OP                   5
+#define SQLITE_LIMIT_FUNCTION_ARG              6
+#define SQLITE_LIMIT_ATTACHED                  7
+#define SQLITE_LIMIT_LIKE_PATTERN_LENGTH       8
+#define SQLITE_LIMIT_VARIABLE_NUMBER           9
+#define SQLITE_LIMIT_TRIGGER_DEPTH            10
+#define SQLITE_LIMIT_WORKER_THREADS           11
+
+/*
+** CAPI3REF: Compiling An SQL Statement
+** KEYWORDS: {SQL statement compiler}
+** METHOD: sqlite3
+** CONSTRUCTOR: sqlite3_stmt
+**
+** To execute an SQL query, it must first be compiled into a byte-code
+** program using one of these routines.
+**
+** The first argument, "db", is a [database connection] obtained from a
+** prior successful call to [sqlite3_open()], [sqlite3_open_v2()] or
+** [sqlite3_open16()].  The database connection must not have been closed.
+**
+** The second argument, "zSql", is the statement to be compiled, encoded
+** as either UTF-8 or UTF-16.  The sqlite3_prepare() and sqlite3_prepare_v2()
+** interfaces use UTF-8, and sqlite3_prepare16() and sqlite3_prepare16_v2()
+** use UTF-16.
+**
+** ^If the nByte argument is negative, then zSql is read up to the
+** first zero terminator. ^If nByte is positive, then it is the
+** number of bytes read from zSql.  ^If nByte is zero, then no prepared
+** statement is generated.
+** If the caller knows that the supplied string is nul-terminated, then
+** there is a small performance advantage to passing an nByte parameter that
+** is the number of bytes in the input string <i>including</i>
+** the nul-terminator.
+**
+** ^If pzTail is not NULL then *pzTail is made to point to the first byte
+** past the end of the first SQL statement in zSql.  These routines only
+** compile the first statement in zSql, so *pzTail is left pointing to
+** what remains uncompiled.
+**
+** ^*ppStmt is left pointing to a compiled [prepared statement] that can be
+** executed using [sqlite3_step()].  ^If there is an error, *ppStmt is set
+** to NULL.  ^If the input text contains no SQL (if the input is an empty
+** string or a comment) then *ppStmt is set to NULL.
+** The calling procedure is responsible for deleting the compiled
+** SQL statement using [sqlite3_finalize()] after it has finished with it.
+** ppStmt may not be NULL.
+**
+** ^On success, the sqlite3_prepare() family of routines return [SQLITE_OK];
+** otherwise an [error code] is returned.
+**
+** The sqlite3_prepare_v2() and sqlite3_prepare16_v2() interfaces are
+** recommended for all new programs. The two older interfaces are retained
+** for backwards compatibility, but their use is discouraged.
+** ^In the "v2" interfaces, the prepared statement
+** that is returned (the [sqlite3_stmt] object) contains a copy of the
+** original SQL text. This causes the [sqlite3_step()] interface to
+** behave differently in three ways:
+**
+** <ol>
+** <li>
+** ^If the database schema changes, instead of returning [SQLITE_SCHEMA] as it
+** always used to do, [sqlite3_step()] will automatically recompile the SQL
+** statement and try to run it again. As many as [SQLITE_MAX_SCHEMA_RETRY]
+** retries will occur before sqlite3_step() gives up and returns an error.
+** </li>
+**
+** <li>
+** ^When an error occurs, [sqlite3_step()] will return one of the detailed
+** [error codes] or [extended error codes].  ^The legacy behavior was that
+** [sqlite3_step()] would only return a generic [SQLITE_ERROR] result code
+** and the application would have to make a second call to [sqlite3_reset()]
+** in order to find the underlying cause of the problem. With the "v2" prepare
+** interfaces, the underlying reason for the error is returned immediately.
+** </li>
+**
+** <li>
+** ^If the specific value bound to [parameter | host parameter] in the 
+** WHERE clause might influence the choice of query plan for a statement,
+** then the statement will be automatically recompiled, as if there had been 
+** a schema change, on the first  [sqlite3_step()] call following any change
+** to the [sqlite3_bind_text | bindings] of that [parameter]. 
+** ^The specific value of WHERE-clause [parameter] might influence the 
+** choice of query plan if the parameter is the left-hand side of a [LIKE]
+** or [GLOB] operator or if the parameter is compared to an indexed column
+** and the [SQLITE_ENABLE_STAT3] compile-time option is enabled.
+** </li>
+** </ol>
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare(
+  sqlite3 *db,            /* Database handle */
+  const char *zSql,       /* SQL statement, UTF-8 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const char **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare_v2(
+  sqlite3 *db,            /* Database handle */
+  const char *zSql,       /* SQL statement, UTF-8 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const char **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare16(
+  sqlite3 *db,            /* Database handle */
+  const void *zSql,       /* SQL statement, UTF-16 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const void **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_prepare16_v2(
+  sqlite3 *db,            /* Database handle */
+  const void *zSql,       /* SQL statement, UTF-16 encoded */
+  int nByte,              /* Maximum length of zSql in bytes. */
+  sqlite3_stmt **ppStmt,  /* OUT: Statement handle */
+  const void **pzTail     /* OUT: Pointer to unused portion of zSql */
+);
+
+/*
+** CAPI3REF: Retrieving Statement SQL
+** METHOD: sqlite3_stmt
+**
+** ^This interface can be used to retrieve a saved copy of the original
+** SQL text used to create a [prepared statement] if that statement was
+** compiled using either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()].
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_sql(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Determine If An SQL Statement Writes The Database
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_stmt_readonly(X) interface returns true (non-zero) if
+** and only if the [prepared statement] X makes no direct changes to
+** the content of the database file.
+**
+** Note that [application-defined SQL functions] or
+** [virtual tables] might change the database indirectly as a side effect.  
+** ^(For example, if an application defines a function "eval()" that 
+** calls [sqlite3_exec()], then the following SQL statement would
+** change the database file through side-effects:
+**
+** <blockquote><pre>
+**    SELECT eval('DELETE FROM t1') FROM t2;
+** </pre></blockquote>
+**
+** But because the [SELECT] statement does not change the database file
+** directly, sqlite3_stmt_readonly() would still return true.)^
+**
+** ^Transaction control statements such as [BEGIN], [COMMIT], [ROLLBACK],
+** [SAVEPOINT], and [RELEASE] cause sqlite3_stmt_readonly() to return true,
+** since the statements themselves do not actually modify the database but
+** rather they control the timing of when other statements modify the 
+** database.  ^The [ATTACH] and [DETACH] statements also cause
+** sqlite3_stmt_readonly() to return true since, while those statements
+** change the configuration of a database connection, they do not make 
+** changes to the content of the database files on disk.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_readonly(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Determine If A Prepared Statement Has Been Reset
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_stmt_busy(S) interface returns true (non-zero) if the
+** [prepared statement] S has been stepped at least once using 
+** [sqlite3_step(S)] but has neither run to completion (returned
+** [SQLITE_DONE] from [sqlite3_step(S)]) nor
+** been reset using [sqlite3_reset(S)].  ^The sqlite3_stmt_busy(S)
+** interface returns false if S is a NULL pointer.  If S is not a 
+** NULL pointer and is not a pointer to a valid [prepared statement]
+** object, then the behavior is undefined and probably undesirable.
+**
+** This interface can be used in combination [sqlite3_next_stmt()]
+** to locate all prepared statements associated with a database 
+** connection that are in need of being reset.  This can be used,
+** for example, in diagnostic routines to search for prepared 
+** statements that are holding a transaction open.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_busy(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Dynamically Typed Value Object
+** KEYWORDS: {protected sqlite3_value} {unprotected sqlite3_value}
+**
+** SQLite uses the sqlite3_value object to represent all values
+** that can be stored in a database table. SQLite uses dynamic typing
+** for the values it stores.  ^Values stored in sqlite3_value objects
+** can be integers, floating point values, strings, BLOBs, or NULL.
+**
+** An sqlite3_value object may be either "protected" or "unprotected".
+** Some interfaces require a protected sqlite3_value.  Other interfaces
+** will accept either a protected or an unprotected sqlite3_value.
+** Every interface that accepts sqlite3_value arguments specifies
+** whether or not it requires a protected sqlite3_value.  The
+** [sqlite3_value_dup()] interface can be used to construct a new 
+** protected sqlite3_value from an unprotected sqlite3_value.
+**
+** The terms "protected" and "unprotected" refer to whether or not
+** a mutex is held.  An internal mutex is held for a protected
+** sqlite3_value object but no mutex is held for an unprotected
+** sqlite3_value object.  If SQLite is compiled to be single-threaded
+** (with [SQLITE_THREADSAFE=0] and with [sqlite3_threadsafe()] returning 0)
+** or if SQLite is run in one of reduced mutex modes 
+** [SQLITE_CONFIG_SINGLETHREAD] or [SQLITE_CONFIG_MULTITHREAD]
+** then there is no distinction between protected and unprotected
+** sqlite3_value objects and they can be used interchangeably.  However,
+** for maximum code portability it is recommended that applications
+** still make the distinction between protected and unprotected
+** sqlite3_value objects even when not strictly required.
+**
+** ^The sqlite3_value objects that are passed as parameters into the
+** implementation of [application-defined SQL functions] are protected.
+** ^The sqlite3_value object returned by
+** [sqlite3_column_value()] is unprotected.
+** Unprotected sqlite3_value objects may only be used with
+** [sqlite3_result_value()] and [sqlite3_bind_value()].
+** The [sqlite3_value_blob | sqlite3_value_type()] family of
+** interfaces require protected sqlite3_value objects.
+*/
+typedef struct Mem sqlite3_value;
+
+/*
+** CAPI3REF: SQL Function Context Object
+**
+** The context in which an SQL function executes is stored in an
+** sqlite3_context object.  ^A pointer to an sqlite3_context object
+** is always first parameter to [application-defined SQL functions].
+** The application-defined SQL function implementation will pass this
+** pointer through into calls to [sqlite3_result_int | sqlite3_result()],
+** [sqlite3_aggregate_context()], [sqlite3_user_data()],
+** [sqlite3_context_db_handle()], [sqlite3_get_auxdata()],
+** and/or [sqlite3_set_auxdata()].
+*/
+typedef struct sqlite3_context sqlite3_context;
+
+/*
+** CAPI3REF: Binding Values To Prepared Statements
+** KEYWORDS: {host parameter} {host parameters} {host parameter name}
+** KEYWORDS: {SQL parameter} {SQL parameters} {parameter binding}
+** METHOD: sqlite3_stmt
+**
+** ^(In the SQL statement text input to [sqlite3_prepare_v2()] and its variants,
+** literals may be replaced by a [parameter] that matches one of following
+** templates:
+**
+** <ul>
+** <li>  ?
+** <li>  ?NNN
+** <li>  :VVV
+** <li>  @VVV
+** <li>  $VVV
+** </ul>
+**
+** In the templates above, NNN represents an integer literal,
+** and VVV represents an alphanumeric identifier.)^  ^The values of these
+** parameters (also called "host parameter names" or "SQL parameters")
+** can be set using the sqlite3_bind_*() routines defined here.
+**
+** ^The first argument to the sqlite3_bind_*() routines is always
+** a pointer to the [sqlite3_stmt] object returned from
+** [sqlite3_prepare_v2()] or its variants.
+**
+** ^The second argument is the index of the SQL parameter to be set.
+** ^The leftmost SQL parameter has an index of 1.  ^When the same named
+** SQL parameter is used more than once, second and subsequent
+** occurrences have the same index as the first occurrence.
+** ^The index for named parameters can be looked up using the
+** [sqlite3_bind_parameter_index()] API if desired.  ^The index
+** for "?NNN" parameters is the value of NNN.
+** ^The NNN value must be between 1 and the [sqlite3_limit()]
+** parameter [SQLITE_LIMIT_VARIABLE_NUMBER] (default value: 999).
+**
+** ^The third argument is the value to bind to the parameter.
+** ^If the third parameter to sqlite3_bind_text() or sqlite3_bind_text16()
+** or sqlite3_bind_blob() is a NULL pointer then the fourth parameter
+** is ignored and the end result is the same as sqlite3_bind_null().
+**
+** ^(In those routines that have a fourth argument, its value is the
+** number of bytes in the parameter.  To be clear: the value is the
+** number of <u>bytes</u> in the value, not the number of characters.)^
+** ^If the fourth parameter to sqlite3_bind_text() or sqlite3_bind_text16()
+** is negative, then the length of the string is
+** the number of bytes up to the first zero terminator.
+** If the fourth parameter to sqlite3_bind_blob() is negative, then
+** the behavior is undefined.
+** If a non-negative fourth parameter is provided to sqlite3_bind_text()
+** or sqlite3_bind_text16() or sqlite3_bind_text64() then
+** that parameter must be the byte offset
+** where the NUL terminator would occur assuming the string were NUL
+** terminated.  If any NUL characters occur at byte offsets less than 
+** the value of the fourth parameter then the resulting string value will
+** contain embedded NULs.  The result of expressions involving strings
+** with embedded NULs is undefined.
+**
+** ^The fifth argument to the BLOB and string binding interfaces
+** is a destructor used to dispose of the BLOB or
+** string after SQLite has finished with it.  ^The destructor is called
+** to dispose of the BLOB or string even if the call to bind API fails.
+** ^If the fifth argument is
+** the special value [SQLITE_STATIC], then SQLite assumes that the
+** information is in static, unmanaged space and does not need to be freed.
+** ^If the fifth argument has the value [SQLITE_TRANSIENT], then
+** SQLite makes its own private copy of the data immediately, before
+** the sqlite3_bind_*() routine returns.
+**
+** ^The sixth argument to sqlite3_bind_text64() must be one of
+** [SQLITE_UTF8], [SQLITE_UTF16], [SQLITE_UTF16BE], or [SQLITE_UTF16LE]
+** to specify the encoding of the text in the third parameter.  If
+** the sixth argument to sqlite3_bind_text64() is not one of the
+** allowed values shown above, or if the text encoding is different
+** from the encoding specified by the sixth parameter, then the behavior
+** is undefined.
+**
+** ^The sqlite3_bind_zeroblob() routine binds a BLOB of length N that
+** is filled with zeroes.  ^A zeroblob uses a fixed amount of memory
+** (just an integer to hold its size) while it is being processed.
+** Zeroblobs are intended to serve as placeholders for BLOBs whose
+** content is later written using
+** [sqlite3_blob_open | incremental BLOB I/O] routines.
+** ^A negative value for the zeroblob results in a zero-length BLOB.
+**
+** ^If any of the sqlite3_bind_*() routines are called with a NULL pointer
+** for the [prepared statement] or with a prepared statement for which
+** [sqlite3_step()] has been called more recently than [sqlite3_reset()],
+** then the call will return [SQLITE_MISUSE].  If any sqlite3_bind_()
+** routine is passed a [prepared statement] that has been finalized, the
+** result is undefined and probably harmful.
+**
+** ^Bindings are not cleared by the [sqlite3_reset()] routine.
+** ^Unbound parameters are interpreted as NULL.
+**
+** ^The sqlite3_bind_* routines return [SQLITE_OK] on success or an
+** [error code] if anything goes wrong.
+** ^[SQLITE_TOOBIG] might be returned if the size of a string or BLOB
+** exceeds limits imposed by [sqlite3_limit]([SQLITE_LIMIT_LENGTH]) or
+** [SQLITE_MAX_LENGTH].
+** ^[SQLITE_RANGE] is returned if the parameter
+** index is out of range.  ^[SQLITE_NOMEM] is returned if malloc() fails.
+**
+** See also: [sqlite3_bind_parameter_count()],
+** [sqlite3_bind_parameter_name()], and [sqlite3_bind_parameter_index()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_blob(sqlite3_stmt*, int, const void*, int n, void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_blob64(sqlite3_stmt*, int, const void*, sqlite3_uint64,
+                        void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_double(sqlite3_stmt*, int, double);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_int(sqlite3_stmt*, int, int);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_int64(sqlite3_stmt*, int, sqlite3_int64);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_null(sqlite3_stmt*, int);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text(sqlite3_stmt*,int,const char*,int,void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text16(sqlite3_stmt*, int, const void*, int, void(*)(void*));
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_text64(sqlite3_stmt*, int, const char*, sqlite3_uint64,
+                         void(*)(void*), unsigned char encoding);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_value(sqlite3_stmt*, int, const sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_zeroblob(sqlite3_stmt*, int, int n);
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_zeroblob64(sqlite3_stmt*, int, sqlite3_uint64);
+
+/*
+** CAPI3REF: Number Of SQL Parameters
+** METHOD: sqlite3_stmt
+**
+** ^This routine can be used to find the number of [SQL parameters]
+** in a [prepared statement].  SQL parameters are tokens of the
+** form "?", "?NNN", ":AAA", "$AAA", or "@AAA" that serve as
+** placeholders for values that are [sqlite3_bind_blob | bound]
+** to the parameters at a later time.
+**
+** ^(This routine actually returns the index of the largest (rightmost)
+** parameter. For all forms except ?NNN, this will correspond to the
+** number of unique parameters.  If parameters of the ?NNN form are used,
+** there may be gaps in the list.)^
+**
+** See also: [sqlite3_bind_blob|sqlite3_bind()],
+** [sqlite3_bind_parameter_name()], and
+** [sqlite3_bind_parameter_index()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_parameter_count(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Name Of A Host Parameter
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_bind_parameter_name(P,N) interface returns
+** the name of the N-th [SQL parameter] in the [prepared statement] P.
+** ^(SQL parameters of the form "?NNN" or ":AAA" or "@AAA" or "$AAA"
+** have a name which is the string "?NNN" or ":AAA" or "@AAA" or "$AAA"
+** respectively.
+** In other words, the initial ":" or "$" or "@" or "?"
+** is included as part of the name.)^
+** ^Parameters of the form "?" without a following integer have no name
+** and are referred to as "nameless" or "anonymous parameters".
+**
+** ^The first host parameter has an index of 1, not 0.
+**
+** ^If the value N is out of range or if the N-th parameter is
+** nameless, then NULL is returned.  ^The returned string is
+** always in UTF-8 encoding even if the named parameter was
+** originally specified as UTF-16 in [sqlite3_prepare16()] or
+** [sqlite3_prepare16_v2()].
+**
+** See also: [sqlite3_bind_blob|sqlite3_bind()],
+** [sqlite3_bind_parameter_count()], and
+** [sqlite3_bind_parameter_index()].
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_bind_parameter_name(sqlite3_stmt*, int);
+
+/*
+** CAPI3REF: Index Of A Parameter With A Given Name
+** METHOD: sqlite3_stmt
+**
+** ^Return the index of an SQL parameter given its name.  ^The
+** index value returned is suitable for use as the second
+** parameter to [sqlite3_bind_blob|sqlite3_bind()].  ^A zero
+** is returned if no matching parameter is found.  ^The parameter
+** name must be given in UTF-8 even if the original statement
+** was prepared from UTF-16 text using [sqlite3_prepare16_v2()].
+**
+** See also: [sqlite3_bind_blob|sqlite3_bind()],
+** [sqlite3_bind_parameter_count()], and
+** [sqlite3_bind_parameter_name()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_bind_parameter_index(sqlite3_stmt*, const char *zName);
+
+/*
+** CAPI3REF: Reset All Bindings On A Prepared Statement
+** METHOD: sqlite3_stmt
+**
+** ^Contrary to the intuition of many, [sqlite3_reset()] does not reset
+** the [sqlite3_bind_blob | bindings] on a [prepared statement].
+** ^Use this routine to reset all host parameters to NULL.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_clear_bindings(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Number Of Columns In A Result Set
+** METHOD: sqlite3_stmt
+**
+** ^Return the number of columns in the result set returned by the
+** [prepared statement]. ^This routine returns 0 if pStmt is an SQL
+** statement that does not return data (for example an [UPDATE]).
+**
+** See also: [sqlite3_data_count()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_column_count(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Column Names In A Result Set
+** METHOD: sqlite3_stmt
+**
+** ^These routines return the name assigned to a particular column
+** in the result set of a [SELECT] statement.  ^The sqlite3_column_name()
+** interface returns a pointer to a zero-terminated UTF-8 string
+** and sqlite3_column_name16() returns a pointer to a zero-terminated
+** UTF-16 string.  ^The first parameter is the [prepared statement]
+** that implements the [SELECT] statement. ^The second parameter is the
+** column number.  ^The leftmost column is number 0.
+**
+** ^The returned string pointer is valid until either the [prepared statement]
+** is destroyed by [sqlite3_finalize()] or until the statement is automatically
+** reprepared by the first call to [sqlite3_step()] for a particular run
+** or until the next call to
+** sqlite3_column_name() or sqlite3_column_name16() on the same column.
+**
+** ^If sqlite3_malloc() fails during the processing of either routine
+** (for example during a conversion from UTF-8 to UTF-16) then a
+** NULL pointer is returned.
+**
+** ^The name of a result column is the value of the "AS" clause for
+** that column, if there is an AS clause.  If there is no AS clause
+** then the name of the column is unspecified and may change from
+** one release of SQLite to the next.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_name(sqlite3_stmt*, int N);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_name16(sqlite3_stmt*, int N);
+
+/*
+** CAPI3REF: Source Of Data In A Query Result
+** METHOD: sqlite3_stmt
+**
+** ^These routines provide a means to determine the database, table, and
+** table column that is the origin of a particular result column in
+** [SELECT] statement.
+** ^The name of the database or table or column can be returned as
+** either a UTF-8 or UTF-16 string.  ^The _database_ routines return
+** the database name, the _table_ routines return the table name, and
+** the origin_ routines return the column name.
+** ^The returned string is valid until the [prepared statement] is destroyed
+** using [sqlite3_finalize()] or until the statement is automatically
+** reprepared by the first call to [sqlite3_step()] for a particular run
+** or until the same information is requested
+** again in a different encoding.
+**
+** ^The names returned are the original un-aliased names of the
+** database, table, and column.
+**
+** ^The first argument to these interfaces is a [prepared statement].
+** ^These functions return information about the Nth result column returned by
+** the statement, where N is the second function argument.
+** ^The left-most column is column 0 for these routines.
+**
+** ^If the Nth column returned by the statement is an expression or
+** subquery and is not a column value, then all of these functions return
+** NULL.  ^These routine might also return NULL if a memory allocation error
+** occurs.  ^Otherwise, they return the name of the attached database, table,
+** or column that query result column was extracted from.
+**
+** ^As with all other SQLite APIs, those whose names end with "16" return
+** UTF-16 encoded strings and the other functions return UTF-8.
+**
+** ^These APIs are only available if the library was compiled with the
+** [SQLITE_ENABLE_COLUMN_METADATA] C-preprocessor symbol.
+**
+** If two or more threads call one or more of these routines against the same
+** prepared statement and column at the same time then the results are
+** undefined.
+**
+** If two or more threads call one or more
+** [sqlite3_column_database_name | column metadata interfaces]
+** for the same [prepared statement] and result column
+** at the same time then the results are undefined.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_database_name(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_database_name16(sqlite3_stmt*,int);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_table_name(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_table_name16(sqlite3_stmt*,int);
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_origin_name(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_origin_name16(sqlite3_stmt*,int);
+
+/*
+** CAPI3REF: Declared Datatype Of A Query Result
+** METHOD: sqlite3_stmt
+**
+** ^(The first parameter is a [prepared statement].
+** If this statement is a [SELECT] statement and the Nth column of the
+** returned result set of that [SELECT] is a table column (not an
+** expression or subquery) then the declared type of the table
+** column is returned.)^  ^If the Nth column of the result set is an
+** expression or subquery, then a NULL pointer is returned.
+** ^The returned string is always UTF-8 encoded.
+**
+** ^(For example, given the database schema:
+**
+** CREATE TABLE t1(c1 VARIANT);
+**
+** and the following statement to be compiled:
+**
+** SELECT c1 + 1, c1 FROM t1;
+**
+** this routine would return the string "VARIANT" for the second result
+** column (i==1), and a NULL pointer for the first result column (i==0).)^
+**
+** ^SQLite uses dynamic run-time typing.  ^So just because a column
+** is declared to contain a particular type does not mean that the
+** data stored in that column is of the declared type.  SQLite is
+** strongly typed, but the typing is dynamic not static.  ^Type
+** is associated with individual values, not with the containers
+** used to hold those values.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_column_decltype(sqlite3_stmt*,int);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_decltype16(sqlite3_stmt*,int);
+
+/*
+** CAPI3REF: Evaluate An SQL Statement
+** METHOD: sqlite3_stmt
+**
+** After a [prepared statement] has been prepared using either
+** [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] or one of the legacy
+** interfaces [sqlite3_prepare()] or [sqlite3_prepare16()], this function
+** must be called one or more times to evaluate the statement.
+**
+** The details of the behavior of the sqlite3_step() interface depend
+** on whether the statement was prepared using the newer "v2" interface
+** [sqlite3_prepare_v2()] and [sqlite3_prepare16_v2()] or the older legacy
+** interface [sqlite3_prepare()] and [sqlite3_prepare16()].  The use of the
+** new "v2" interface is recommended for new applications but the legacy
+** interface will continue to be supported.
+**
+** ^In the legacy interface, the return value will be either [SQLITE_BUSY],
+** [SQLITE_DONE], [SQLITE_ROW], [SQLITE_ERROR], or [SQLITE_MISUSE].
+** ^With the "v2" interface, any of the other [result codes] or
+** [extended result codes] might be returned as well.
+**
+** ^[SQLITE_BUSY] means that the database engine was unable to acquire the
+** database locks it needs to do its job.  ^If the statement is a [COMMIT]
+** or occurs outside of an explicit transaction, then you can retry the
+** statement.  If the statement is not a [COMMIT] and occurs within an
+** explicit transaction then you should rollback the transaction before
+** continuing.
+**
+** ^[SQLITE_DONE] means that the statement has finished executing
+** successfully.  sqlite3_step() should not be called again on this virtual
+** machine without first calling [sqlite3_reset()] to reset the virtual
+** machine back to its initial state.
+**
+** ^If the SQL statement being executed returns any data, then [SQLITE_ROW]
+** is returned each time a new row of data is ready for processing by the
+** caller. The values may be accessed using the [column access functions].
+** sqlite3_step() is called again to retrieve the next row of data.
+**
+** ^[SQLITE_ERROR] means that a run-time error (such as a constraint
+** violation) has occurred.  sqlite3_step() should not be called again on
+** the VM. More information may be found by calling [sqlite3_errmsg()].
+** ^With the legacy interface, a more specific error code (for example,
+** [SQLITE_INTERRUPT], [SQLITE_SCHEMA], [SQLITE_CORRUPT], and so forth)
+** can be obtained by calling [sqlite3_reset()] on the
+** [prepared statement].  ^In the "v2" interface,
+** the more specific error code is returned directly by sqlite3_step().
+**
+** [SQLITE_MISUSE] means that the this routine was called inappropriately.
+** Perhaps it was called on a [prepared statement] that has
+** already been [sqlite3_finalize | finalized] or on one that had
+** previously returned [SQLITE_ERROR] or [SQLITE_DONE].  Or it could
+** be the case that the same database connection is being used by two or
+** more threads at the same moment in time.
+**
+** For all versions of SQLite up to and including 3.6.23.1, a call to
+** [sqlite3_reset()] was required after sqlite3_step() returned anything
+** other than [SQLITE_ROW] before any subsequent invocation of
+** sqlite3_step().  Failure to reset the prepared statement using 
+** [sqlite3_reset()] would result in an [SQLITE_MISUSE] return from
+** sqlite3_step().  But after version 3.6.23.1, sqlite3_step() began
+** calling [sqlite3_reset()] automatically in this circumstance rather
+** than returning [SQLITE_MISUSE].  This is not considered a compatibility
+** break because any application that ever receives an SQLITE_MISUSE error
+** is broken by definition.  The [SQLITE_OMIT_AUTORESET] compile-time option
+** can be used to restore the legacy behavior.
+**
+** <b>Goofy Interface Alert:</b> In the legacy interface, the sqlite3_step()
+** API always returns a generic error code, [SQLITE_ERROR], following any
+** error other than [SQLITE_BUSY] and [SQLITE_MISUSE].  You must call
+** [sqlite3_reset()] or [sqlite3_finalize()] in order to find one of the
+** specific [error codes] that better describes the error.
+** We admit that this is a goofy design.  The problem has been fixed
+** with the "v2" interface.  If you prepare all of your SQL statements
+** using either [sqlite3_prepare_v2()] or [sqlite3_prepare16_v2()] instead
+** of the legacy [sqlite3_prepare()] and [sqlite3_prepare16()] interfaces,
+** then the more specific [error codes] are returned directly
+** by sqlite3_step().  The use of the "v2" interface is recommended.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_step(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Number of columns in a result set
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_data_count(P) interface returns the number of columns in the
+** current row of the result set of [prepared statement] P.
+** ^If prepared statement P does not have results ready to return
+** (via calls to the [sqlite3_column_int | sqlite3_column_*()] of
+** interfaces) then sqlite3_data_count(P) returns 0.
+** ^The sqlite3_data_count(P) routine also returns 0 if P is a NULL pointer.
+** ^The sqlite3_data_count(P) routine returns 0 if the previous call to
+** [sqlite3_step](P) returned [SQLITE_DONE].  ^The sqlite3_data_count(P)
+** will return non-zero if previous call to [sqlite3_step](P) returned
+** [SQLITE_ROW], except in the case of the [PRAGMA incremental_vacuum]
+** where it always returns zero since each step of that multi-step
+** pragma returns 0 columns of data.
+**
+** See also: [sqlite3_column_count()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_data_count(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Fundamental Datatypes
+** KEYWORDS: SQLITE_TEXT
+**
+** ^(Every value in SQLite has one of five fundamental datatypes:
+**
+** <ul>
+** <li> 64-bit signed integer
+** <li> 64-bit IEEE floating point number
+** <li> string
+** <li> BLOB
+** <li> NULL
+** </ul>)^
+**
+** These constants are codes for each of those types.
+**
+** Note that the SQLITE_TEXT constant was also used in SQLite version 2
+** for a completely different meaning.  Software that links against both
+** SQLite version 2 and SQLite version 3 should use SQLITE3_TEXT, not
+** SQLITE_TEXT.
+*/
+#define SQLITE_INTEGER  1
+#define SQLITE_FLOAT    2
+#define SQLITE_BLOB     4
+#define SQLITE_NULL     5
+#ifdef SQLITE_TEXT
+# undef SQLITE_TEXT
+#else
+# define SQLITE_TEXT     3
+#endif
+#define SQLITE3_TEXT     3
+
+/*
+** CAPI3REF: Result Values From A Query
+** KEYWORDS: {column access functions}
+** METHOD: sqlite3_stmt
+**
+** ^These routines return information about a single column of the current
+** result row of a query.  ^In every case the first argument is a pointer
+** to the [prepared statement] that is being evaluated (the [sqlite3_stmt*]
+** that was returned from [sqlite3_prepare_v2()] or one of its variants)
+** and the second argument is the index of the column for which information
+** should be returned. ^The leftmost column of the result set has the index 0.
+** ^The number of columns in the result can be determined using
+** [sqlite3_column_count()].
+**
+** If the SQL statement does not currently point to a valid row, or if the
+** column index is out of range, the result is undefined.
+** These routines may only be called when the most recent call to
+** [sqlite3_step()] has returned [SQLITE_ROW] and neither
+** [sqlite3_reset()] nor [sqlite3_finalize()] have been called subsequently.
+** If any of these routines are called after [sqlite3_reset()] or
+** [sqlite3_finalize()] or after [sqlite3_step()] has returned
+** something other than [SQLITE_ROW], the results are undefined.
+** If [sqlite3_step()] or [sqlite3_reset()] or [sqlite3_finalize()]
+** are called from a different thread while any of these routines
+** are pending, then the results are undefined.
+**
+** ^The sqlite3_column_type() routine returns the
+** [SQLITE_INTEGER | datatype code] for the initial data type
+** of the result column.  ^The returned value is one of [SQLITE_INTEGER],
+** [SQLITE_FLOAT], [SQLITE_TEXT], [SQLITE_BLOB], or [SQLITE_NULL].  The value
+** returned by sqlite3_column_type() is only meaningful if no type
+** conversions have occurred as described below.  After a type conversion,
+** the value returned by sqlite3_column_type() is undefined.  Future
+** versions of SQLite may change the behavior of sqlite3_column_type()
+** following a type conversion.
+**
+** ^If the result is a BLOB or UTF-8 string then the sqlite3_column_bytes()
+** routine returns the number of bytes in that BLOB or string.
+** ^If the result is a UTF-16 string, then sqlite3_column_bytes() converts
+** the string to UTF-8 and then returns the number of bytes.
+** ^If the result is a numeric value then sqlite3_column_bytes() uses
+** [sqlite3_snprintf()] to convert that value to a UTF-8 string and returns
+** the number of bytes in that string.
+** ^If the result is NULL, then sqlite3_column_bytes() returns zero.
+**
+** ^If the result is a BLOB or UTF-16 string then the sqlite3_column_bytes16()
+** routine returns the number of bytes in that BLOB or string.
+** ^If the result is a UTF-8 string, then sqlite3_column_bytes16() converts
+** the string to UTF-16 and then returns the number of bytes.
+** ^If the result is a numeric value then sqlite3_column_bytes16() uses
+** [sqlite3_snprintf()] to convert that value to a UTF-16 string and returns
+** the number of bytes in that string.
+** ^If the result is NULL, then sqlite3_column_bytes16() returns zero.
+**
+** ^The values returned by [sqlite3_column_bytes()] and 
+** [sqlite3_column_bytes16()] do not include the zero terminators at the end
+** of the string.  ^For clarity: the values returned by
+** [sqlite3_column_bytes()] and [sqlite3_column_bytes16()] are the number of
+** bytes in the string, not the number of characters.
+**
+** ^Strings returned by sqlite3_column_text() and sqlite3_column_text16(),
+** even empty strings, are always zero-terminated.  ^The return
+** value from sqlite3_column_blob() for a zero-length BLOB is a NULL pointer.
+**
+** <b>Warning:</b> ^The object returned by [sqlite3_column_value()] is an
+** [unprotected sqlite3_value] object.  In a multithreaded environment,
+** an unprotected sqlite3_value object may only be used safely with
+** [sqlite3_bind_value()] and [sqlite3_result_value()].
+** If the [unprotected sqlite3_value] object returned by
+** [sqlite3_column_value()] is used in any other way, including calls
+** to routines like [sqlite3_value_int()], [sqlite3_value_text()],
+** or [sqlite3_value_bytes()], the behavior is not threadsafe.
+**
+** These routines attempt to convert the value where appropriate.  ^For
+** example, if the internal representation is FLOAT and a text result
+** is requested, [sqlite3_snprintf()] is used internally to perform the
+** conversion automatically.  ^(The following table details the conversions
+** that are applied:
+**
+** <blockquote>
+** <table border="1">
+** <tr><th> Internal<br>Type <th> Requested<br>Type <th>  Conversion
+**
+** <tr><td>  NULL    <td> INTEGER   <td> Result is 0
+** <tr><td>  NULL    <td>  FLOAT    <td> Result is 0.0
+** <tr><td>  NULL    <td>   TEXT    <td> Result is a NULL pointer
+** <tr><td>  NULL    <td>   BLOB    <td> Result is a NULL pointer
+** <tr><td> INTEGER  <td>  FLOAT    <td> Convert from integer to float
+** <tr><td> INTEGER  <td>   TEXT    <td> ASCII rendering of the integer
+** <tr><td> INTEGER  <td>   BLOB    <td> Same as INTEGER->TEXT
+** <tr><td>  FLOAT   <td> INTEGER   <td> [CAST] to INTEGER
+** <tr><td>  FLOAT   <td>   TEXT    <td> ASCII rendering of the float
+** <tr><td>  FLOAT   <td>   BLOB    <td> [CAST] to BLOB
+** <tr><td>  TEXT    <td> INTEGER   <td> [CAST] to INTEGER
+** <tr><td>  TEXT    <td>  FLOAT    <td> [CAST] to REAL
+** <tr><td>  TEXT    <td>   BLOB    <td> No change
+** <tr><td>  BLOB    <td> INTEGER   <td> [CAST] to INTEGER
+** <tr><td>  BLOB    <td>  FLOAT    <td> [CAST] to REAL
+** <tr><td>  BLOB    <td>   TEXT    <td> Add a zero terminator if needed
+** </table>
+** </blockquote>)^
+**
+** Note that when type conversions occur, pointers returned by prior
+** calls to sqlite3_column_blob(), sqlite3_column_text(), and/or
+** sqlite3_column_text16() may be invalidated.
+** Type conversions and pointer invalidations might occur
+** in the following cases:
+**
+** <ul>
+** <li> The initial content is a BLOB and sqlite3_column_text() or
+**      sqlite3_column_text16() is called.  A zero-terminator might
+**      need to be added to the string.</li>
+** <li> The initial content is UTF-8 text and sqlite3_column_bytes16() or
+**      sqlite3_column_text16() is called.  The content must be converted
+**      to UTF-16.</li>
+** <li> The initial content is UTF-16 text and sqlite3_column_bytes() or
+**      sqlite3_column_text() is called.  The content must be converted
+**      to UTF-8.</li>
+** </ul>
+**
+** ^Conversions between UTF-16be and UTF-16le are always done in place and do
+** not invalidate a prior pointer, though of course the content of the buffer
+** that the prior pointer references will have been modified.  Other kinds
+** of conversion are done in place when it is possible, but sometimes they
+** are not possible and in those cases prior pointers are invalidated.
+**
+** The safest policy is to invoke these routines
+** in one of the following ways:
+**
+** <ul>
+**  <li>sqlite3_column_text() followed by sqlite3_column_bytes()</li>
+**  <li>sqlite3_column_blob() followed by sqlite3_column_bytes()</li>
+**  <li>sqlite3_column_text16() followed by sqlite3_column_bytes16()</li>
+** </ul>
+**
+** In other words, you should call sqlite3_column_text(),
+** sqlite3_column_blob(), or sqlite3_column_text16() first to force the result
+** into the desired format, then invoke sqlite3_column_bytes() or
+** sqlite3_column_bytes16() to find the size of the result.  Do not mix calls
+** to sqlite3_column_text() or sqlite3_column_blob() with calls to
+** sqlite3_column_bytes16(), and do not mix calls to sqlite3_column_text16()
+** with calls to sqlite3_column_bytes().
+**
+** ^The pointers returned are valid until a type conversion occurs as
+** described above, or until [sqlite3_step()] or [sqlite3_reset()] or
+** [sqlite3_finalize()] is called.  ^The memory space used to hold strings
+** and BLOBs is freed automatically.  Do <em>not</em> pass the pointers returned
+** from [sqlite3_column_blob()], [sqlite3_column_text()], etc. into
+** [sqlite3_free()].
+**
+** ^(If a memory allocation error occurs during the evaluation of any
+** of these routines, a default value is returned.  The default value
+** is either the integer 0, the floating point number 0.0, or a NULL
+** pointer.  Subsequent calls to [sqlite3_errcode()] will return
+** [SQLITE_NOMEM].)^
+*/
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_blob(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_bytes(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_bytes16(sqlite3_stmt*, int iCol);
+SQLITE_API double SQLITE_STDCALL sqlite3_column_double(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_int(sqlite3_stmt*, int iCol);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_column_int64(sqlite3_stmt*, int iCol);
+SQLITE_API const unsigned char *SQLITE_STDCALL sqlite3_column_text(sqlite3_stmt*, int iCol);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_column_text16(sqlite3_stmt*, int iCol);
+SQLITE_API int SQLITE_STDCALL sqlite3_column_type(sqlite3_stmt*, int iCol);
+SQLITE_API sqlite3_value *SQLITE_STDCALL sqlite3_column_value(sqlite3_stmt*, int iCol);
+
+/*
+** CAPI3REF: Destroy A Prepared Statement Object
+** DESTRUCTOR: sqlite3_stmt
+**
+** ^The sqlite3_finalize() function is called to delete a [prepared statement].
+** ^If the most recent evaluation of the statement encountered no errors
+** or if the statement is never been evaluated, then sqlite3_finalize() returns
+** SQLITE_OK.  ^If the most recent evaluation of statement S failed, then
+** sqlite3_finalize(S) returns the appropriate [error code] or
+** [extended error code].
+**
+** ^The sqlite3_finalize(S) routine can be called at any point during
+** the life cycle of [prepared statement] S:
+** before statement S is ever evaluated, after
+** one or more calls to [sqlite3_reset()], or after any call
+** to [sqlite3_step()] regardless of whether or not the statement has
+** completed execution.
+**
+** ^Invoking sqlite3_finalize() on a NULL pointer is a harmless no-op.
+**
+** The application must finalize every [prepared statement] in order to avoid
+** resource leaks.  It is a grievous error for the application to try to use
+** a prepared statement after it has been finalized.  Any use of a prepared
+** statement after it has been finalized can result in undefined and
+** undesirable behavior such as segfaults and heap corruption.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_finalize(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Reset A Prepared Statement Object
+** METHOD: sqlite3_stmt
+**
+** The sqlite3_reset() function is called to reset a [prepared statement]
+** object back to its initial state, ready to be re-executed.
+** ^Any SQL statement variables that had values bound to them using
+** the [sqlite3_bind_blob | sqlite3_bind_*() API] retain their values.
+** Use [sqlite3_clear_bindings()] to reset the bindings.
+**
+** ^The [sqlite3_reset(S)] interface resets the [prepared statement] S
+** back to the beginning of its program.
+**
+** ^If the most recent call to [sqlite3_step(S)] for the
+** [prepared statement] S returned [SQLITE_ROW] or [SQLITE_DONE],
+** or if [sqlite3_step(S)] has never before been called on S,
+** then [sqlite3_reset(S)] returns [SQLITE_OK].
+**
+** ^If the most recent call to [sqlite3_step(S)] for the
+** [prepared statement] S indicated an error, then
+** [sqlite3_reset(S)] returns an appropriate [error code].
+**
+** ^The [sqlite3_reset(S)] interface does not change the values
+** of any [sqlite3_bind_blob|bindings] on the [prepared statement] S.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_reset(sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Create Or Redefine SQL Functions
+** KEYWORDS: {function creation routines}
+** KEYWORDS: {application-defined SQL function}
+** KEYWORDS: {application-defined SQL functions}
+** METHOD: sqlite3
+**
+** ^These functions (collectively known as "function creation routines")
+** are used to add SQL functions or aggregates or to redefine the behavior
+** of existing SQL functions or aggregates.  The only differences between
+** these routines are the text encoding expected for
+** the second parameter (the name of the function being created)
+** and the presence or absence of a destructor callback for
+** the application data pointer.
+**
+** ^The first parameter is the [database connection] to which the SQL
+** function is to be added.  ^If an application uses more than one database
+** connection then application-defined SQL functions must be added
+** to each database connection separately.
+**
+** ^The second parameter is the name of the SQL function to be created or
+** redefined.  ^The length of the name is limited to 255 bytes in a UTF-8
+** representation, exclusive of the zero-terminator.  ^Note that the name
+** length limit is in UTF-8 bytes, not characters nor UTF-16 bytes.  
+** ^Any attempt to create a function with a longer name
+** will result in [SQLITE_MISUSE] being returned.
+**
+** ^The third parameter (nArg)
+** is the number of arguments that the SQL function or
+** aggregate takes. ^If this parameter is -1, then the SQL function or
+** aggregate may take any number of arguments between 0 and the limit
+** set by [sqlite3_limit]([SQLITE_LIMIT_FUNCTION_ARG]).  If the third
+** parameter is less than -1 or greater than 127 then the behavior is
+** undefined.
+**
+** ^The fourth parameter, eTextRep, specifies what
+** [SQLITE_UTF8 | text encoding] this SQL function prefers for
+** its parameters.  The application should set this parameter to
+** [SQLITE_UTF16LE] if the function implementation invokes 
+** [sqlite3_value_text16le()] on an input, or [SQLITE_UTF16BE] if the
+** implementation invokes [sqlite3_value_text16be()] on an input, or
+** [SQLITE_UTF16] if [sqlite3_value_text16()] is used, or [SQLITE_UTF8]
+** otherwise.  ^The same SQL function may be registered multiple times using
+** different preferred text encodings, with different implementations for
+** each encoding.
+** ^When multiple implementations of the same function are available, SQLite
+** will pick the one that involves the least amount of data conversion.
+**
+** ^The fourth parameter may optionally be ORed with [SQLITE_DETERMINISTIC]
+** to signal that the function will always return the same result given
+** the same inputs within a single SQL statement.  Most SQL functions are
+** deterministic.  The built-in [random()] SQL function is an example of a
+** function that is not deterministic.  The SQLite query planner is able to
+** perform additional optimizations on deterministic functions, so use
+** of the [SQLITE_DETERMINISTIC] flag is recommended where possible.
+**
+** ^(The fifth parameter is an arbitrary pointer.  The implementation of the
+** function can gain access to this pointer using [sqlite3_user_data()].)^
+**
+** ^The sixth, seventh and eighth parameters, xFunc, xStep and xFinal, are
+** pointers to C-language functions that implement the SQL function or
+** aggregate. ^A scalar SQL function requires an implementation of the xFunc
+** callback only; NULL pointers must be passed as the xStep and xFinal
+** parameters. ^An aggregate SQL function requires an implementation of xStep
+** and xFinal and NULL pointer must be passed for xFunc. ^To delete an existing
+** SQL function or aggregate, pass NULL pointers for all three function
+** callbacks.
+**
+** ^(If the ninth parameter to sqlite3_create_function_v2() is not NULL,
+** then it is destructor for the application data pointer. 
+** The destructor is invoked when the function is deleted, either by being
+** overloaded or when the database connection closes.)^
+** ^The destructor is also invoked if the call to
+** sqlite3_create_function_v2() fails.
+** ^When the destructor callback of the tenth parameter is invoked, it
+** is passed a single argument which is a copy of the application data 
+** pointer which was the fifth parameter to sqlite3_create_function_v2().
+**
+** ^It is permitted to register multiple implementations of the same
+** functions with the same name but with either differing numbers of
+** arguments or differing preferred text encodings.  ^SQLite will use
+** the implementation that most closely matches the way in which the
+** SQL function is used.  ^A function implementation with a non-negative
+** nArg parameter is a better match than a function implementation with
+** a negative nArg.  ^A function where the preferred text encoding
+** matches the database encoding is a better
+** match than a function where the encoding is different.  
+** ^A function where the encoding difference is between UTF16le and UTF16be
+** is a closer match than a function where the encoding difference is
+** between UTF8 and UTF16.
+**
+** ^Built-in functions may be overloaded by new application-defined functions.
+**
+** ^An application-defined function is permitted to call other
+** SQLite interfaces.  However, such calls must not
+** close the database connection nor finalize or reset the prepared
+** statement in which the function is running.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function(
+  sqlite3 *db,
+  const char *zFunctionName,
+  int nArg,
+  int eTextRep,
+  void *pApp,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+  void (*xFinal)(sqlite3_context*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function16(
+  sqlite3 *db,
+  const void *zFunctionName,
+  int nArg,
+  int eTextRep,
+  void *pApp,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+  void (*xFinal)(sqlite3_context*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_function_v2(
+  sqlite3 *db,
+  const char *zFunctionName,
+  int nArg,
+  int eTextRep,
+  void *pApp,
+  void (*xFunc)(sqlite3_context*,int,sqlite3_value**),
+  void (*xStep)(sqlite3_context*,int,sqlite3_value**),
+  void (*xFinal)(sqlite3_context*),
+  void(*xDestroy)(void*)
+);
+
+/*
+** CAPI3REF: Text Encodings
+**
+** These constant define integer codes that represent the various
+** text encodings supported by SQLite.
+*/
+#define SQLITE_UTF8           1    /* IMP: R-37514-35566 */
+#define SQLITE_UTF16LE        2    /* IMP: R-03371-37637 */
+#define SQLITE_UTF16BE        3    /* IMP: R-51971-34154 */
+#define SQLITE_UTF16          4    /* Use native byte order */
+#define SQLITE_ANY            5    /* Deprecated */
+#define SQLITE_UTF16_ALIGNED  8    /* sqlite3_create_collation only */
+
+/*
+** CAPI3REF: Function Flags
+**
+** These constants may be ORed together with the 
+** [SQLITE_UTF8 | preferred text encoding] as the fourth argument
+** to [sqlite3_create_function()], [sqlite3_create_function16()], or
+** [sqlite3_create_function_v2()].
+*/
+#define SQLITE_DETERMINISTIC    0x800
+
+/*
+** CAPI3REF: Deprecated Functions
+** DEPRECATED
+**
+** These functions are [deprecated].  In order to maintain
+** backwards compatibility with older code, these functions continue 
+** to be supported.  However, new applications should avoid
+** the use of these functions.  To encourage programmers to avoid
+** these functions, we will not explain what they do.
+*/
+#ifndef SQLITE_OMIT_DEPRECATED
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_aggregate_count(sqlite3_context*);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_expired(sqlite3_stmt*);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_transfer_bindings(sqlite3_stmt*, sqlite3_stmt*);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_global_recover(void);
+SQLITE_API SQLITE_DEPRECATED void SQLITE_STDCALL sqlite3_thread_cleanup(void);
+SQLITE_API SQLITE_DEPRECATED int SQLITE_STDCALL sqlite3_memory_alarm(void(*)(void*,sqlite3_int64,int),
+                      void*,sqlite3_int64);
+#endif
+
+/*
+** CAPI3REF: Obtaining SQL Values
+** METHOD: sqlite3_value
+**
+** The C-language implementation of SQL functions and aggregates uses
+** this set of interface routines to access the parameter values on
+** the function or aggregate.  
+**
+** The xFunc (for scalar functions) or xStep (for aggregates) parameters
+** to [sqlite3_create_function()] and [sqlite3_create_function16()]
+** define callbacks that implement the SQL functions and aggregates.
+** The 3rd parameter to these callbacks is an array of pointers to
+** [protected sqlite3_value] objects.  There is one [sqlite3_value] object for
+** each parameter to the SQL function.  These routines are used to
+** extract values from the [sqlite3_value] objects.
+**
+** These routines work only with [protected sqlite3_value] objects.
+** Any attempt to use these routines on an [unprotected sqlite3_value]
+** object results in undefined behavior.
+**
+** ^These routines work just like the corresponding [column access functions]
+** except that these routines take a single [protected sqlite3_value] object
+** pointer instead of a [sqlite3_stmt*] pointer and an integer column number.
+**
+** ^The sqlite3_value_text16() interface extracts a UTF-16 string
+** in the native byte-order of the host machine.  ^The
+** sqlite3_value_text16be() and sqlite3_value_text16le() interfaces
+** extract UTF-16 strings as big-endian and little-endian respectively.
+**
+** ^(The sqlite3_value_numeric_type() interface attempts to apply
+** numeric affinity to the value.  This means that an attempt is
+** made to convert the value to an integer or floating point.  If
+** such a conversion is possible without loss of information (in other
+** words, if the value is a string that looks like a number)
+** then the conversion is performed.  Otherwise no conversion occurs.
+** The [SQLITE_INTEGER | datatype] after conversion is returned.)^
+**
+** Please pay particular attention to the fact that the pointer returned
+** from [sqlite3_value_blob()], [sqlite3_value_text()], or
+** [sqlite3_value_text16()] can be invalidated by a subsequent call to
+** [sqlite3_value_bytes()], [sqlite3_value_bytes16()], [sqlite3_value_text()],
+** or [sqlite3_value_text16()].
+**
+** These routines must be called from the same thread as
+** the SQL function that supplied the [sqlite3_value*] parameters.
+*/
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_blob(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_bytes(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_bytes16(sqlite3_value*);
+SQLITE_API double SQLITE_STDCALL sqlite3_value_double(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_int(sqlite3_value*);
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_value_int64(sqlite3_value*);
+SQLITE_API const unsigned char *SQLITE_STDCALL sqlite3_value_text(sqlite3_value*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16(sqlite3_value*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16le(sqlite3_value*);
+SQLITE_API const void *SQLITE_STDCALL sqlite3_value_text16be(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_type(sqlite3_value*);
+SQLITE_API int SQLITE_STDCALL sqlite3_value_numeric_type(sqlite3_value*);
+
+/*
+** CAPI3REF: Finding The Subtype Of SQL Values
+** METHOD: sqlite3_value
+**
+** The sqlite3_value_subtype(V) function returns the subtype for
+** an [application-defined SQL function] argument V.  The subtype
+** information can be used to pass a limited amount of context from
+** one SQL function to another.  Use the [sqlite3_result_subtype()]
+** routine to set the subtype for the return value of an SQL function.
+**
+** SQLite makes no use of subtype itself.  It merely passes the subtype
+** from the result of one [application-defined SQL function] into the
+** input of another.
+*/
+SQLITE_API unsigned int SQLITE_STDCALL sqlite3_value_subtype(sqlite3_value*);
+
+/*
+** CAPI3REF: Copy And Free SQL Values
+** METHOD: sqlite3_value
+**
+** ^The sqlite3_value_dup(V) interface makes a copy of the [sqlite3_value]
+** object D and returns a pointer to that copy.  ^The [sqlite3_value] returned
+** is a [protected sqlite3_value] object even if the input is not.
+** ^The sqlite3_value_dup(V) interface returns NULL if V is NULL or if a
+** memory allocation fails.
+**
+** ^The sqlite3_value_free(V) interface frees an [sqlite3_value] object
+** previously obtained from [sqlite3_value_dup()].  ^If V is a NULL pointer
+** then sqlite3_value_free(V) is a harmless no-op.
+*/
+SQLITE_API sqlite3_value *SQLITE_STDCALL sqlite3_value_dup(const sqlite3_value*);
+SQLITE_API void SQLITE_STDCALL sqlite3_value_free(sqlite3_value*);
+
+/*
+** CAPI3REF: Obtain Aggregate Function Context
+** METHOD: sqlite3_context
+**
+** Implementations of aggregate SQL functions use this
+** routine to allocate memory for storing their state.
+**
+** ^The first time the sqlite3_aggregate_context(C,N) routine is called 
+** for a particular aggregate function, SQLite
+** allocates N of memory, zeroes out that memory, and returns a pointer
+** to the new memory. ^On second and subsequent calls to
+** sqlite3_aggregate_context() for the same aggregate function instance,
+** the same buffer is returned.  Sqlite3_aggregate_context() is normally
+** called once for each invocation of the xStep callback and then one
+** last time when the xFinal callback is invoked.  ^(When no rows match
+** an aggregate query, the xStep() callback of the aggregate function
+** implementation is never called and xFinal() is called exactly once.
+** In those cases, sqlite3_aggregate_context() might be called for the
+** first time from within xFinal().)^
+**
+** ^The sqlite3_aggregate_context(C,N) routine returns a NULL pointer 
+** when first called if N is less than or equal to zero or if a memory
+** allocate error occurs.
+**
+** ^(The amount of space allocated by sqlite3_aggregate_context(C,N) is
+** determined by the N parameter on first successful call.  Changing the
+** value of N in subsequent call to sqlite3_aggregate_context() within
+** the same aggregate function instance will not resize the memory
+** allocation.)^  Within the xFinal callback, it is customary to set
+** N=0 in calls to sqlite3_aggregate_context(C,N) so that no 
+** pointless memory allocations occur.
+**
+** ^SQLite automatically frees the memory allocated by 
+** sqlite3_aggregate_context() when the aggregate query concludes.
+**
+** The first parameter must be a copy of the
+** [sqlite3_context | SQL function context] that is the first parameter
+** to the xStep or xFinal callback routine that implements the aggregate
+** function.
+**
+** This routine must be called from the same thread in which
+** the aggregate SQL function is running.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_aggregate_context(sqlite3_context*, int nBytes);
+
+/*
+** CAPI3REF: User Data For Functions
+** METHOD: sqlite3_context
+**
+** ^The sqlite3_user_data() interface returns a copy of
+** the pointer that was the pUserData parameter (the 5th parameter)
+** of the [sqlite3_create_function()]
+** and [sqlite3_create_function16()] routines that originally
+** registered the application defined function.
+**
+** This routine must be called from the same thread in which
+** the application-defined function is running.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_user_data(sqlite3_context*);
+
+/*
+** CAPI3REF: Database Connection For Functions
+** METHOD: sqlite3_context
+**
+** ^The sqlite3_context_db_handle() interface returns a copy of
+** the pointer to the [database connection] (the 1st parameter)
+** of the [sqlite3_create_function()]
+** and [sqlite3_create_function16()] routines that originally
+** registered the application defined function.
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3_context_db_handle(sqlite3_context*);
+
+/*
+** CAPI3REF: Function Auxiliary Data
+** METHOD: sqlite3_context
+**
+** These functions may be used by (non-aggregate) SQL functions to
+** associate metadata with argument values. If the same value is passed to
+** multiple invocations of the same SQL function during query execution, under
+** some circumstances the associated metadata may be preserved.  An example
+** of where this might be useful is in a regular-expression matching
+** function. The compiled version of the regular expression can be stored as
+** metadata associated with the pattern string.  
+** Then as long as the pattern string remains the same,
+** the compiled regular expression can be reused on multiple
+** invocations of the same function.
+**
+** ^The sqlite3_get_auxdata() interface returns a pointer to the metadata
+** associated by the sqlite3_set_auxdata() function with the Nth argument
+** value to the application-defined function. ^If there is no metadata
+** associated with the function argument, this sqlite3_get_auxdata() interface
+** returns a NULL pointer.
+**
+** ^The sqlite3_set_auxdata(C,N,P,X) interface saves P as metadata for the N-th
+** argument of the application-defined function.  ^Subsequent
+** calls to sqlite3_get_auxdata(C,N) return P from the most recent
+** sqlite3_set_auxdata(C,N,P,X) call if the metadata is still valid or
+** NULL if the metadata has been discarded.
+** ^After each call to sqlite3_set_auxdata(C,N,P,X) where X is not NULL,
+** SQLite will invoke the destructor function X with parameter P exactly
+** once, when the metadata is discarded.
+** SQLite is free to discard the metadata at any time, including: <ul>
+** <li> when the corresponding function parameter changes, or
+** <li> when [sqlite3_reset()] or [sqlite3_finalize()] is called for the
+**      SQL statement, or
+** <li> when sqlite3_set_auxdata() is invoked again on the same parameter, or
+** <li> during the original sqlite3_set_auxdata() call when a memory 
+**      allocation error occurs. </ul>)^
+**
+** Note the last bullet in particular.  The destructor X in 
+** sqlite3_set_auxdata(C,N,P,X) might be called immediately, before the
+** sqlite3_set_auxdata() interface even returns.  Hence sqlite3_set_auxdata()
+** should be called near the end of the function implementation and the
+** function implementation should not make any use of P after
+** sqlite3_set_auxdata() has been called.
+**
+** ^(In practice, metadata is preserved between function calls for
+** function parameters that are compile-time constants, including literal
+** values and [parameters] and expressions composed from the same.)^
+**
+** These routines must be called from the same thread in which
+** the SQL function is running.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_get_auxdata(sqlite3_context*, int N);
+SQLITE_API void SQLITE_STDCALL sqlite3_set_auxdata(sqlite3_context*, int N, void*, void (*)(void*));
+
+
+/*
+** CAPI3REF: Constants Defining Special Destructor Behavior
+**
+** These are special values for the destructor that is passed in as the
+** final argument to routines like [sqlite3_result_blob()].  ^If the destructor
+** argument is SQLITE_STATIC, it means that the content pointer is constant
+** and will never change.  It does not need to be destroyed.  ^The
+** SQLITE_TRANSIENT value means that the content will likely change in
+** the near future and that SQLite should make its own private copy of
+** the content before returning.
+**
+** The typedef is necessary to work around problems in certain
+** C++ compilers.
+*/
+typedef void (*sqlite3_destructor_type)(void*);
+#define SQLITE_STATIC      ((sqlite3_destructor_type)0)
+#define SQLITE_TRANSIENT   ((sqlite3_destructor_type)-1)
+
+/*
+** CAPI3REF: Setting The Result Of An SQL Function
+** METHOD: sqlite3_context
+**
+** These routines are used by the xFunc or xFinal callbacks that
+** implement SQL functions and aggregates.  See
+** [sqlite3_create_function()] and [sqlite3_create_function16()]
+** for additional information.
+**
+** These functions work very much like the [parameter binding] family of
+** functions used to bind values to host parameters in prepared statements.
+** Refer to the [SQL parameter] documentation for additional information.
+**
+** ^The sqlite3_result_blob() interface sets the result from
+** an application-defined function to be the BLOB whose content is pointed
+** to by the second parameter and which is N bytes long where N is the
+** third parameter.
+**
+** ^The sqlite3_result_zeroblob(C,N) and sqlite3_result_zeroblob64(C,N)
+** interfaces set the result of the application-defined function to be
+** a BLOB containing all zero bytes and N bytes in size.
+**
+** ^The sqlite3_result_double() interface sets the result from
+** an application-defined function to be a floating point value specified
+** by its 2nd argument.
+**
+** ^The sqlite3_result_error() and sqlite3_result_error16() functions
+** cause the implemented SQL function to throw an exception.
+** ^SQLite uses the string pointed to by the
+** 2nd parameter of sqlite3_result_error() or sqlite3_result_error16()
+** as the text of an error message.  ^SQLite interprets the error
+** message string from sqlite3_result_error() as UTF-8. ^SQLite
+** interprets the string from sqlite3_result_error16() as UTF-16 in native
+** byte order.  ^If the third parameter to sqlite3_result_error()
+** or sqlite3_result_error16() is negative then SQLite takes as the error
+** message all text up through the first zero character.
+** ^If the third parameter to sqlite3_result_error() or
+** sqlite3_result_error16() is non-negative then SQLite takes that many
+** bytes (not characters) from the 2nd parameter as the error message.
+** ^The sqlite3_result_error() and sqlite3_result_error16()
+** routines make a private copy of the error message text before
+** they return.  Hence, the calling function can deallocate or
+** modify the text after they return without harm.
+** ^The sqlite3_result_error_code() function changes the error code
+** returned by SQLite as a result of an error in a function.  ^By default,
+** the error code is SQLITE_ERROR.  ^A subsequent call to sqlite3_result_error()
+** or sqlite3_result_error16() resets the error code to SQLITE_ERROR.
+**
+** ^The sqlite3_result_error_toobig() interface causes SQLite to throw an
+** error indicating that a string or BLOB is too long to represent.
+**
+** ^The sqlite3_result_error_nomem() interface causes SQLite to throw an
+** error indicating that a memory allocation failed.
+**
+** ^The sqlite3_result_int() interface sets the return value
+** of the application-defined function to be the 32-bit signed integer
+** value given in the 2nd argument.
+** ^The sqlite3_result_int64() interface sets the return value
+** of the application-defined function to be the 64-bit signed integer
+** value given in the 2nd argument.
+**
+** ^The sqlite3_result_null() interface sets the return value
+** of the application-defined function to be NULL.
+**
+** ^The sqlite3_result_text(), sqlite3_result_text16(),
+** sqlite3_result_text16le(), and sqlite3_result_text16be() interfaces
+** set the return value of the application-defined function to be
+** a text string which is represented as UTF-8, UTF-16 native byte order,
+** UTF-16 little endian, or UTF-16 big endian, respectively.
+** ^The sqlite3_result_text64() interface sets the return value of an
+** application-defined function to be a text string in an encoding
+** specified by the fifth (and last) parameter, which must be one
+** of [SQLITE_UTF8], [SQLITE_UTF16], [SQLITE_UTF16BE], or [SQLITE_UTF16LE].
+** ^SQLite takes the text result from the application from
+** the 2nd parameter of the sqlite3_result_text* interfaces.
+** ^If the 3rd parameter to the sqlite3_result_text* interfaces
+** is negative, then SQLite takes result text from the 2nd parameter
+** through the first zero character.
+** ^If the 3rd parameter to the sqlite3_result_text* interfaces
+** is non-negative, then as many bytes (not characters) of the text
+** pointed to by the 2nd parameter are taken as the application-defined
+** function result.  If the 3rd parameter is non-negative, then it
+** must be the byte offset into the string where the NUL terminator would
+** appear if the string where NUL terminated.  If any NUL characters occur
+** in the string at a byte offset that is less than the value of the 3rd
+** parameter, then the resulting string will contain embedded NULs and the
+** result of expressions operating on strings with embedded NULs is undefined.
+** ^If the 4th parameter to the sqlite3_result_text* interfaces
+** or sqlite3_result_blob is a non-NULL pointer, then SQLite calls that
+** function as the destructor on the text or BLOB result when it has
+** finished using that result.
+** ^If the 4th parameter to the sqlite3_result_text* interfaces or to
+** sqlite3_result_blob is the special constant SQLITE_STATIC, then SQLite
+** assumes that the text or BLOB result is in constant space and does not
+** copy the content of the parameter nor call a destructor on the content
+** when it has finished using that result.
+** ^If the 4th parameter to the sqlite3_result_text* interfaces
+** or sqlite3_result_blob is the special constant SQLITE_TRANSIENT
+** then SQLite makes a copy of the result into space obtained from
+** from [sqlite3_malloc()] before it returns.
+**
+** ^The sqlite3_result_value() interface sets the result of
+** the application-defined function to be a copy of the
+** [unprotected sqlite3_value] object specified by the 2nd parameter.  ^The
+** sqlite3_result_value() interface makes a copy of the [sqlite3_value]
+** so that the [sqlite3_value] specified in the parameter may change or
+** be deallocated after sqlite3_result_value() returns without harm.
+** ^A [protected sqlite3_value] object may always be used where an
+** [unprotected sqlite3_value] object is required, so either
+** kind of [sqlite3_value] object can be used with this interface.
+**
+** If these routines are called from within the different thread
+** than the one containing the application-defined function that received
+** the [sqlite3_context] pointer, the results are undefined.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_result_blob(sqlite3_context*, const void*, int, void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_blob64(sqlite3_context*,const void*,
+                           sqlite3_uint64,void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_double(sqlite3_context*, double);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error(sqlite3_context*, const char*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error16(sqlite3_context*, const void*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_toobig(sqlite3_context*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_nomem(sqlite3_context*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_error_code(sqlite3_context*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_int(sqlite3_context*, int);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_int64(sqlite3_context*, sqlite3_int64);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_null(sqlite3_context*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text(sqlite3_context*, const char*, int, void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text64(sqlite3_context*, const char*,sqlite3_uint64,
+                           void(*)(void*), unsigned char encoding);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16(sqlite3_context*, const void*, int, void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16le(sqlite3_context*, const void*, int,void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_text16be(sqlite3_context*, const void*, int,void(*)(void*));
+SQLITE_API void SQLITE_STDCALL sqlite3_result_value(sqlite3_context*, sqlite3_value*);
+SQLITE_API void SQLITE_STDCALL sqlite3_result_zeroblob(sqlite3_context*, int n);
+SQLITE_API int SQLITE_STDCALL sqlite3_result_zeroblob64(sqlite3_context*, sqlite3_uint64 n);
+
+
+/*
+** CAPI3REF: Setting The Subtype Of An SQL Function
+** METHOD: sqlite3_context
+**
+** The sqlite3_result_subtype(C,T) function causes the subtype of
+** the result from the [application-defined SQL function] with 
+** [sqlite3_context] C to be the value T.  Only the lower 8 bits 
+** of the subtype T are preserved in current versions of SQLite;
+** higher order bits are discarded.
+** The number of subtype bytes preserved by SQLite might increase
+** in future releases of SQLite.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_result_subtype(sqlite3_context*,unsigned int);
+
+/*
+** CAPI3REF: Define New Collating Sequences
+** METHOD: sqlite3
+**
+** ^These functions add, remove, or modify a [collation] associated
+** with the [database connection] specified as the first argument.
+**
+** ^The name of the collation is a UTF-8 string
+** for sqlite3_create_collation() and sqlite3_create_collation_v2()
+** and a UTF-16 string in native byte order for sqlite3_create_collation16().
+** ^Collation names that compare equal according to [sqlite3_strnicmp()] are
+** considered to be the same name.
+**
+** ^(The third argument (eTextRep) must be one of the constants:
+** <ul>
+** <li> [SQLITE_UTF8],
+** <li> [SQLITE_UTF16LE],
+** <li> [SQLITE_UTF16BE],
+** <li> [SQLITE_UTF16], or
+** <li> [SQLITE_UTF16_ALIGNED].
+** </ul>)^
+** ^The eTextRep argument determines the encoding of strings passed
+** to the collating function callback, xCallback.
+** ^The [SQLITE_UTF16] and [SQLITE_UTF16_ALIGNED] values for eTextRep
+** force strings to be UTF16 with native byte order.
+** ^The [SQLITE_UTF16_ALIGNED] value for eTextRep forces strings to begin
+** on an even byte address.
+**
+** ^The fourth argument, pArg, is an application data pointer that is passed
+** through as the first argument to the collating function callback.
+**
+** ^The fifth argument, xCallback, is a pointer to the collating function.
+** ^Multiple collating functions can be registered using the same name but
+** with different eTextRep parameters and SQLite will use whichever
+** function requires the least amount of data transformation.
+** ^If the xCallback argument is NULL then the collating function is
+** deleted.  ^When all collating functions having the same name are deleted,
+** that collation is no longer usable.
+**
+** ^The collating function callback is invoked with a copy of the pArg 
+** application data pointer and with two strings in the encoding specified
+** by the eTextRep argument.  The collating function must return an
+** integer that is negative, zero, or positive
+** if the first string is less than, equal to, or greater than the second,
+** respectively.  A collating function must always return the same answer
+** given the same inputs.  If two or more collating functions are registered
+** to the same collation name (using different eTextRep values) then all
+** must give an equivalent answer when invoked with equivalent strings.
+** The collating function must obey the following properties for all
+** strings A, B, and C:
+**
+** <ol>
+** <li> If A==B then B==A.
+** <li> If A==B and B==C then A==C.
+** <li> If A&lt;B THEN B&gt;A.
+** <li> If A&lt;B and B&lt;C then A&lt;C.
+** </ol>
+**
+** If a collating function fails any of the above constraints and that
+** collating function is  registered and used, then the behavior of SQLite
+** is undefined.
+**
+** ^The sqlite3_create_collation_v2() works like sqlite3_create_collation()
+** with the addition that the xDestroy callback is invoked on pArg when
+** the collating function is deleted.
+** ^Collating functions are deleted when they are overridden by later
+** calls to the collation creation functions or when the
+** [database connection] is closed using [sqlite3_close()].
+**
+** ^The xDestroy callback is <u>not</u> called if the 
+** sqlite3_create_collation_v2() function fails.  Applications that invoke
+** sqlite3_create_collation_v2() with a non-NULL xDestroy argument should 
+** check the return code and dispose of the application data pointer
+** themselves rather than expecting SQLite to deal with it for them.
+** This is different from every other SQLite interface.  The inconsistency 
+** is unfortunate but cannot be changed without breaking backwards 
+** compatibility.
+**
+** See also:  [sqlite3_collation_needed()] and [sqlite3_collation_needed16()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation(
+  sqlite3*, 
+  const char *zName, 
+  int eTextRep, 
+  void *pArg,
+  int(*xCompare)(void*,int,const void*,int,const void*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation_v2(
+  sqlite3*, 
+  const char *zName, 
+  int eTextRep, 
+  void *pArg,
+  int(*xCompare)(void*,int,const void*,int,const void*),
+  void(*xDestroy)(void*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_collation16(
+  sqlite3*, 
+  const void *zName,
+  int eTextRep, 
+  void *pArg,
+  int(*xCompare)(void*,int,const void*,int,const void*)
+);
+
+/*
+** CAPI3REF: Collation Needed Callbacks
+** METHOD: sqlite3
+**
+** ^To avoid having to register all collation sequences before a database
+** can be used, a single callback function may be registered with the
+** [database connection] to be invoked whenever an undefined collation
+** sequence is required.
+**
+** ^If the function is registered using the sqlite3_collation_needed() API,
+** then it is passed the names of undefined collation sequences as strings
+** encoded in UTF-8. ^If sqlite3_collation_needed16() is used,
+** the names are passed as UTF-16 in machine native byte order.
+** ^A call to either function replaces the existing collation-needed callback.
+**
+** ^(When the callback is invoked, the first argument passed is a copy
+** of the second argument to sqlite3_collation_needed() or
+** sqlite3_collation_needed16().  The second argument is the database
+** connection.  The third argument is one of [SQLITE_UTF8], [SQLITE_UTF16BE],
+** or [SQLITE_UTF16LE], indicating the most desirable form of the collation
+** sequence function required.  The fourth parameter is the name of the
+** required collation sequence.)^
+**
+** The callback function should register the desired collation using
+** [sqlite3_create_collation()], [sqlite3_create_collation16()], or
+** [sqlite3_create_collation_v2()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_collation_needed(
+  sqlite3*, 
+  void*, 
+  void(*)(void*,sqlite3*,int eTextRep,const char*)
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_collation_needed16(
+  sqlite3*, 
+  void*,
+  void(*)(void*,sqlite3*,int eTextRep,const void*)
+);
+
+#ifdef SQLITE_HAS_CODEC
+/*
+** Specify the key for an encrypted database.  This routine should be
+** called right after sqlite3_open().
+**
+** The code to implement this API is not available in the public release
+** of SQLite.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_key(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const void *pKey, int nKey     /* The key */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_key_v2(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const char *zDbName,           /* Name of the database */
+  const void *pKey, int nKey     /* The key */
+);
+
+/*
+** Change the key on an open database.  If the current database is not
+** encrypted, this routine will encrypt it.  If pNew==0 or nNew==0, the
+** database is decrypted.
+**
+** The code to implement this API is not available in the public release
+** of SQLite.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rekey(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const void *pKey, int nKey     /* The new key */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_rekey_v2(
+  sqlite3 *db,                   /* Database to be rekeyed */
+  const char *zDbName,           /* Name of the database */
+  const void *pKey, int nKey     /* The new key */
+);
+
+/*
+** Specify the activation key for a SEE database.  Unless 
+** activated, none of the SEE routines will work.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_activate_see(
+  const char *zPassPhrase        /* Activation phrase */
+);
+#endif
+
+#ifdef SQLITE_ENABLE_CEROD
+/*
+** Specify the activation key for a CEROD database.  Unless 
+** activated, none of the CEROD routines will work.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_activate_cerod(
+  const char *zPassPhrase        /* Activation phrase */
+);
+#endif
+
+/*
+** CAPI3REF: Suspend Execution For A Short Time
+**
+** The sqlite3_sleep() function causes the current thread to suspend execution
+** for at least a number of milliseconds specified in its parameter.
+**
+** If the operating system does not support sleep requests with
+** millisecond time resolution, then the time will be rounded up to
+** the nearest second. The number of milliseconds of sleep actually
+** requested from the operating system is returned.
+**
+** ^SQLite implements this interface by calling the xSleep()
+** method of the default [sqlite3_vfs] object.  If the xSleep() method
+** of the default VFS is not implemented correctly, or not implemented at
+** all, then the behavior of sqlite3_sleep() may deviate from the description
+** in the previous paragraphs.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_sleep(int);
+
+/*
+** CAPI3REF: Name Of The Folder Holding Temporary Files
+**
+** ^(If this global variable is made to point to a string which is
+** the name of a folder (a.k.a. directory), then all temporary files
+** created by SQLite when using a built-in [sqlite3_vfs | VFS]
+** will be placed in that directory.)^  ^If this variable
+** is a NULL pointer, then SQLite performs a search for an appropriate
+** temporary file directory.
+**
+** Applications are strongly discouraged from using this global variable.
+** It is required to set a temporary folder on Windows Runtime (WinRT).
+** But for all other platforms, it is highly recommended that applications
+** neither read nor write this variable.  This global variable is a relic
+** that exists for backwards compatibility of legacy applications and should
+** be avoided in new projects.
+**
+** It is not safe to read or modify this variable in more than one
+** thread at a time.  It is not safe to read or modify this variable
+** if a [database connection] is being used at the same time in a separate
+** thread.
+** It is intended that this variable be set once
+** as part of process initialization and before any SQLite interface
+** routines have been called and that this variable remain unchanged
+** thereafter.
+**
+** ^The [temp_store_directory pragma] may modify this variable and cause
+** it to point to memory obtained from [sqlite3_malloc].  ^Furthermore,
+** the [temp_store_directory pragma] always assumes that any string
+** that this variable points to is held in memory obtained from 
+** [sqlite3_malloc] and the pragma may attempt to free that memory
+** using [sqlite3_free].
+** Hence, if this variable is modified directly, either it should be
+** made NULL or made to point to memory obtained from [sqlite3_malloc]
+** or else the use of the [temp_store_directory pragma] should be avoided.
+** Except when requested by the [temp_store_directory pragma], SQLite
+** does not free the memory that sqlite3_temp_directory points to.  If
+** the application wants that memory to be freed, it must do
+** so itself, taking care to only do so after all [database connection]
+** objects have been destroyed.
+**
+** <b>Note to Windows Runtime users:</b>  The temporary directory must be set
+** prior to calling [sqlite3_open] or [sqlite3_open_v2].  Otherwise, various
+** features that require the use of temporary files may fail.  Here is an
+** example of how to do this using C++ with the Windows Runtime:
+**
+** <blockquote><pre>
+** LPCWSTR zPath = Windows::Storage::ApplicationData::Current->
+** &nbsp;     TemporaryFolder->Path->Data();
+** char zPathBuf&#91;MAX_PATH + 1&#93;;
+** memset(zPathBuf, 0, sizeof(zPathBuf));
+** WideCharToMultiByte(CP_UTF8, 0, zPath, -1, zPathBuf, sizeof(zPathBuf),
+** &nbsp;     NULL, NULL);
+** sqlite3_temp_directory = sqlite3_mprintf("%s", zPathBuf);
+** </pre></blockquote>
+*/
+SQLITE_API SQLITE_EXTERN char *sqlite3_temp_directory;
+
+/*
+** CAPI3REF: Name Of The Folder Holding Database Files
+**
+** ^(If this global variable is made to point to a string which is
+** the name of a folder (a.k.a. directory), then all database files
+** specified with a relative pathname and created or accessed by
+** SQLite when using a built-in windows [sqlite3_vfs | VFS] will be assumed
+** to be relative to that directory.)^ ^If this variable is a NULL
+** pointer, then SQLite assumes that all database files specified
+** with a relative pathname are relative to the current directory
+** for the process.  Only the windows VFS makes use of this global
+** variable; it is ignored by the unix VFS.
+**
+** Changing the value of this variable while a database connection is
+** open can result in a corrupt database.
+**
+** It is not safe to read or modify this variable in more than one
+** thread at a time.  It is not safe to read or modify this variable
+** if a [database connection] is being used at the same time in a separate
+** thread.
+** It is intended that this variable be set once
+** as part of process initialization and before any SQLite interface
+** routines have been called and that this variable remain unchanged
+** thereafter.
+**
+** ^The [data_store_directory pragma] may modify this variable and cause
+** it to point to memory obtained from [sqlite3_malloc].  ^Furthermore,
+** the [data_store_directory pragma] always assumes that any string
+** that this variable points to is held in memory obtained from 
+** [sqlite3_malloc] and the pragma may attempt to free that memory
+** using [sqlite3_free].
+** Hence, if this variable is modified directly, either it should be
+** made NULL or made to point to memory obtained from [sqlite3_malloc]
+** or else the use of the [data_store_directory pragma] should be avoided.
+*/
+SQLITE_API SQLITE_EXTERN char *sqlite3_data_directory;
+
+/*
+** CAPI3REF: Test For Auto-Commit Mode
+** KEYWORDS: {autocommit mode}
+** METHOD: sqlite3
+**
+** ^The sqlite3_get_autocommit() interface returns non-zero or
+** zero if the given database connection is or is not in autocommit mode,
+** respectively.  ^Autocommit mode is on by default.
+** ^Autocommit mode is disabled by a [BEGIN] statement.
+** ^Autocommit mode is re-enabled by a [COMMIT] or [ROLLBACK].
+**
+** If certain kinds of errors occur on a statement within a multi-statement
+** transaction (errors including [SQLITE_FULL], [SQLITE_IOERR],
+** [SQLITE_NOMEM], [SQLITE_BUSY], and [SQLITE_INTERRUPT]) then the
+** transaction might be rolled back automatically.  The only way to
+** find out whether SQLite automatically rolled back the transaction after
+** an error is to use this function.
+**
+** If another thread changes the autocommit status of the database
+** connection while this routine is running, then the return value
+** is undefined.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_get_autocommit(sqlite3*);
+
+/*
+** CAPI3REF: Find The Database Handle Of A Prepared Statement
+** METHOD: sqlite3_stmt
+**
+** ^The sqlite3_db_handle interface returns the [database connection] handle
+** to which a [prepared statement] belongs.  ^The [database connection]
+** returned by sqlite3_db_handle is the same [database connection]
+** that was the first argument
+** to the [sqlite3_prepare_v2()] call (or its variants) that was used to
+** create the statement in the first place.
+*/
+SQLITE_API sqlite3 *SQLITE_STDCALL sqlite3_db_handle(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Return The Filename For A Database Connection
+** METHOD: sqlite3
+**
+** ^The sqlite3_db_filename(D,N) interface returns a pointer to a filename
+** associated with database N of connection D.  ^The main database file
+** has the name "main".  If there is no attached database N on the database
+** connection D, or if database N is a temporary or in-memory database, then
+** a NULL pointer is returned.
+**
+** ^The filename returned by this function is the output of the
+** xFullPathname method of the [VFS].  ^In other words, the filename
+** will be an absolute pathname, even if the filename used
+** to open the database originally was a URI or relative pathname.
+*/
+SQLITE_API const char *SQLITE_STDCALL sqlite3_db_filename(sqlite3 *db, const char *zDbName);
+
+/*
+** CAPI3REF: Determine if a database is read-only
+** METHOD: sqlite3
+**
+** ^The sqlite3_db_readonly(D,N) interface returns 1 if the database N
+** of connection D is read-only, 0 if it is read/write, or -1 if N is not
+** the name of a database on connection D.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_readonly(sqlite3 *db, const char *zDbName);
+
+/*
+** CAPI3REF: Find the next prepared statement
+** METHOD: sqlite3
+**
+** ^This interface returns a pointer to the next [prepared statement] after
+** pStmt associated with the [database connection] pDb.  ^If pStmt is NULL
+** then this interface returns a pointer to the first prepared statement
+** associated with the database connection pDb.  ^If no prepared statement
+** satisfies the conditions of this routine, it returns NULL.
+**
+** The [database connection] pointer D in a call to
+** [sqlite3_next_stmt(D,S)] must refer to an open database
+** connection and in particular must not be a NULL pointer.
+*/
+SQLITE_API sqlite3_stmt *SQLITE_STDCALL sqlite3_next_stmt(sqlite3 *pDb, sqlite3_stmt *pStmt);
+
+/*
+** CAPI3REF: Commit And Rollback Notification Callbacks
+** METHOD: sqlite3
+**
+** ^The sqlite3_commit_hook() interface registers a callback
+** function to be invoked whenever a transaction is [COMMIT | committed].
+** ^Any callback set by a previous call to sqlite3_commit_hook()
+** for the same database connection is overridden.
+** ^The sqlite3_rollback_hook() interface registers a callback
+** function to be invoked whenever a transaction is [ROLLBACK | rolled back].
+** ^Any callback set by a previous call to sqlite3_rollback_hook()
+** for the same database connection is overridden.
+** ^The pArg argument is passed through to the callback.
+** ^If the callback on a commit hook function returns non-zero,
+** then the commit is converted into a rollback.
+**
+** ^The sqlite3_commit_hook(D,C,P) and sqlite3_rollback_hook(D,C,P) functions
+** return the P argument from the previous call of the same function
+** on the same [database connection] D, or NULL for
+** the first call for each function on D.
+**
+** The commit and rollback hook callbacks are not reentrant.
+** The callback implementation must not do anything that will modify
+** the database connection that invoked the callback.  Any actions
+** to modify the database connection must be deferred until after the
+** completion of the [sqlite3_step()] call that triggered the commit
+** or rollback hook in the first place.
+** Note that running any other SQL statements, including SELECT statements,
+** or merely calling [sqlite3_prepare_v2()] and [sqlite3_step()] will modify
+** the database connections for the meaning of "modify" in this paragraph.
+**
+** ^Registering a NULL function disables the callback.
+**
+** ^When the commit hook callback routine returns zero, the [COMMIT]
+** operation is allowed to continue normally.  ^If the commit hook
+** returns non-zero, then the [COMMIT] is converted into a [ROLLBACK].
+** ^The rollback hook is invoked on a rollback that results from a commit
+** hook returning non-zero, just as it would be with any other rollback.
+**
+** ^For the purposes of this API, a transaction is said to have been
+** rolled back if an explicit "ROLLBACK" statement is executed, or
+** an error or constraint causes an implicit rollback to occur.
+** ^The rollback callback is not invoked if a transaction is
+** automatically rolled back because the database connection is closed.
+**
+** See also the [sqlite3_update_hook()] interface.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_commit_hook(sqlite3*, int(*)(void*), void*);
+SQLITE_API void *SQLITE_STDCALL sqlite3_rollback_hook(sqlite3*, void(*)(void *), void*);
+
+/*
+** CAPI3REF: Data Change Notification Callbacks
+** METHOD: sqlite3
+**
+** ^The sqlite3_update_hook() interface registers a callback function
+** with the [database connection] identified by the first argument
+** to be invoked whenever a row is updated, inserted or deleted in
+** a rowid table.
+** ^Any callback set by a previous call to this function
+** for the same database connection is overridden.
+**
+** ^The second argument is a pointer to the function to invoke when a
+** row is updated, inserted or deleted in a rowid table.
+** ^The first argument to the callback is a copy of the third argument
+** to sqlite3_update_hook().
+** ^The second callback argument is one of [SQLITE_INSERT], [SQLITE_DELETE],
+** or [SQLITE_UPDATE], depending on the operation that caused the callback
+** to be invoked.
+** ^The third and fourth arguments to the callback contain pointers to the
+** database and table name containing the affected row.
+** ^The final callback parameter is the [rowid] of the row.
+** ^In the case of an update, this is the [rowid] after the update takes place.
+**
+** ^(The update hook is not invoked when internal system tables are
+** modified (i.e. sqlite_master and sqlite_sequence).)^
+** ^The update hook is not invoked when [WITHOUT ROWID] tables are modified.
+**
+** ^In the current implementation, the update hook
+** is not invoked when duplication rows are deleted because of an
+** [ON CONFLICT | ON CONFLICT REPLACE] clause.  ^Nor is the update hook
+** invoked when rows are deleted using the [truncate optimization].
+** The exceptions defined in this paragraph might change in a future
+** release of SQLite.
+**
+** The update hook implementation must not do anything that will modify
+** the database connection that invoked the update hook.  Any actions
+** to modify the database connection must be deferred until after the
+** completion of the [sqlite3_step()] call that triggered the update hook.
+** Note that [sqlite3_prepare_v2()] and [sqlite3_step()] both modify their
+** database connections for the meaning of "modify" in this paragraph.
+**
+** ^The sqlite3_update_hook(D,C,P) function
+** returns the P argument from the previous call
+** on the same [database connection] D, or NULL for
+** the first call on D.
+**
+** See also the [sqlite3_commit_hook()] and [sqlite3_rollback_hook()]
+** interfaces.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_update_hook(
+  sqlite3*, 
+  void(*)(void *,int ,char const *,char const *,sqlite3_int64),
+  void*
+);
+
+/*
+** CAPI3REF: Enable Or Disable Shared Pager Cache
+**
+** ^(This routine enables or disables the sharing of the database cache
+** and schema data structures between [database connection | connections]
+** to the same database. Sharing is enabled if the argument is true
+** and disabled if the argument is false.)^
+**
+** ^Cache sharing is enabled and disabled for an entire process.
+** This is a change as of SQLite version 3.5.0. In prior versions of SQLite,
+** sharing was enabled or disabled for each thread separately.
+**
+** ^(The cache sharing mode set by this interface effects all subsequent
+** calls to [sqlite3_open()], [sqlite3_open_v2()], and [sqlite3_open16()].
+** Existing database connections continue use the sharing mode
+** that was in effect at the time they were opened.)^
+**
+** ^(This routine returns [SQLITE_OK] if shared cache was enabled or disabled
+** successfully.  An [error code] is returned otherwise.)^
+**
+** ^Shared cache is disabled by default. But this might change in
+** future releases of SQLite.  Applications that care about shared
+** cache setting should set it explicitly.
+**
+** Note: This method is disabled on MacOS X 10.7 and iOS version 5.0
+** and will always return SQLITE_MISUSE. On those systems, 
+** shared cache mode should be enabled per-database connection via 
+** [sqlite3_open_v2()] with [SQLITE_OPEN_SHAREDCACHE].
+**
+** This interface is threadsafe on processors where writing a
+** 32-bit integer is atomic.
+**
+** See Also:  [SQLite Shared-Cache Mode]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_enable_shared_cache(int);
+
+/*
+** CAPI3REF: Attempt To Free Heap Memory
+**
+** ^The sqlite3_release_memory() interface attempts to free N bytes
+** of heap memory by deallocating non-essential memory allocations
+** held by the database library.   Memory used to cache database
+** pages to improve performance is an example of non-essential memory.
+** ^sqlite3_release_memory() returns the number of bytes actually freed,
+** which might be more or less than the amount requested.
+** ^The sqlite3_release_memory() routine is a no-op returning zero
+** if SQLite is not compiled with [SQLITE_ENABLE_MEMORY_MANAGEMENT].
+**
+** See also: [sqlite3_db_release_memory()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_release_memory(int);
+
+/*
+** CAPI3REF: Free Memory Used By A Database Connection
+** METHOD: sqlite3
+**
+** ^The sqlite3_db_release_memory(D) interface attempts to free as much heap
+** memory as possible from database connection D. Unlike the
+** [sqlite3_release_memory()] interface, this interface is in effect even
+** when the [SQLITE_ENABLE_MEMORY_MANAGEMENT] compile-time option is
+** omitted.
+**
+** See also: [sqlite3_release_memory()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_release_memory(sqlite3*);
+
+/*
+** CAPI3REF: Impose A Limit On Heap Size
+**
+** ^The sqlite3_soft_heap_limit64() interface sets and/or queries the
+** soft limit on the amount of heap memory that may be allocated by SQLite.
+** ^SQLite strives to keep heap memory utilization below the soft heap
+** limit by reducing the number of pages held in the page cache
+** as heap memory usages approaches the limit.
+** ^The soft heap limit is "soft" because even though SQLite strives to stay
+** below the limit, it will exceed the limit rather than generate
+** an [SQLITE_NOMEM] error.  In other words, the soft heap limit 
+** is advisory only.
+**
+** ^The return value from sqlite3_soft_heap_limit64() is the size of
+** the soft heap limit prior to the call, or negative in the case of an
+** error.  ^If the argument N is negative
+** then no change is made to the soft heap limit.  Hence, the current
+** size of the soft heap limit can be determined by invoking
+** sqlite3_soft_heap_limit64() with a negative argument.
+**
+** ^If the argument N is zero then the soft heap limit is disabled.
+**
+** ^(The soft heap limit is not enforced in the current implementation
+** if one or more of following conditions are true:
+**
+** <ul>
+** <li> The soft heap limit is set to zero.
+** <li> Memory accounting is disabled using a combination of the
+**      [sqlite3_config]([SQLITE_CONFIG_MEMSTATUS],...) start-time option and
+**      the [SQLITE_DEFAULT_MEMSTATUS] compile-time option.
+** <li> An alternative page cache implementation is specified using
+**      [sqlite3_config]([SQLITE_CONFIG_PCACHE2],...).
+** <li> The page cache allocates from its own memory pool supplied
+**      by [sqlite3_config]([SQLITE_CONFIG_PAGECACHE],...) rather than
+**      from the heap.
+** </ul>)^
+**
+** Beginning with SQLite version 3.7.3, the soft heap limit is enforced
+** regardless of whether or not the [SQLITE_ENABLE_MEMORY_MANAGEMENT]
+** compile-time option is invoked.  With [SQLITE_ENABLE_MEMORY_MANAGEMENT],
+** the soft heap limit is enforced on every memory allocation.  Without
+** [SQLITE_ENABLE_MEMORY_MANAGEMENT], the soft heap limit is only enforced
+** when memory is allocated by the page cache.  Testing suggests that because
+** the page cache is the predominate memory user in SQLite, most
+** applications will achieve adequate soft heap limit enforcement without
+** the use of [SQLITE_ENABLE_MEMORY_MANAGEMENT].
+**
+** The circumstances under which SQLite will enforce the soft heap limit may
+** changes in future releases of SQLite.
+*/
+SQLITE_API sqlite3_int64 SQLITE_STDCALL sqlite3_soft_heap_limit64(sqlite3_int64 N);
+
+/*
+** CAPI3REF: Deprecated Soft Heap Limit Interface
+** DEPRECATED
+**
+** This is a deprecated version of the [sqlite3_soft_heap_limit64()]
+** interface.  This routine is provided for historical compatibility
+** only.  All new applications should use the
+** [sqlite3_soft_heap_limit64()] interface rather than this one.
+*/
+SQLITE_API SQLITE_DEPRECATED void SQLITE_STDCALL sqlite3_soft_heap_limit(int N);
+
+
+/*
+** CAPI3REF: Extract Metadata About A Column Of A Table
+** METHOD: sqlite3
+**
+** ^(The sqlite3_table_column_metadata(X,D,T,C,....) routine returns
+** information about column C of table T in database D
+** on [database connection] X.)^  ^The sqlite3_table_column_metadata()
+** interface returns SQLITE_OK and fills in the non-NULL pointers in
+** the final five arguments with appropriate values if the specified
+** column exists.  ^The sqlite3_table_column_metadata() interface returns
+** SQLITE_ERROR and if the specified column does not exist.
+** ^If the column-name parameter to sqlite3_table_column_metadata() is a
+** NULL pointer, then this routine simply checks for the existance of the
+** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
+** does not.
+**
+** ^The column is identified by the second, third and fourth parameters to
+** this function. ^(The second parameter is either the name of the database
+** (i.e. "main", "temp", or an attached database) containing the specified
+** table or NULL.)^ ^If it is NULL, then all attached databases are searched
+** for the table using the same algorithm used by the database engine to
+** resolve unqualified table references.
+**
+** ^The third and fourth parameters to this function are the table and column
+** name of the desired column, respectively.
+**
+** ^Metadata is returned by writing to the memory locations passed as the 5th
+** and subsequent parameters to this function. ^Any of these arguments may be
+** NULL, in which case the corresponding element of metadata is omitted.
+**
+** ^(<blockquote>
+** <table border="1">
+** <tr><th> Parameter <th> Output<br>Type <th>  Description
+**
+** <tr><td> 5th <td> const char* <td> Data type
+** <tr><td> 6th <td> const char* <td> Name of default collation sequence
+** <tr><td> 7th <td> int         <td> True if column has a NOT NULL constraint
+** <tr><td> 8th <td> int         <td> True if column is part of the PRIMARY KEY
+** <tr><td> 9th <td> int         <td> True if column is [AUTOINCREMENT]
+** </table>
+** </blockquote>)^
+**
+** ^The memory pointed to by the character pointers returned for the
+** declaration type and collation sequence is valid until the next
+** call to any SQLite API function.
+**
+** ^If the specified table is actually a view, an [error code] is returned.
+**
+** ^If the specified column is "rowid", "oid" or "_rowid_" and the table 
+** is not a [WITHOUT ROWID] table and an
+** [INTEGER PRIMARY KEY] column has been explicitly declared, then the output
+** parameters are set for the explicitly declared column. ^(If there is no
+** [INTEGER PRIMARY KEY] column, then the outputs
+** for the [rowid] are set as follows:
+**
+** <pre>
+**     data type: "INTEGER"
+**     collation sequence: "BINARY"
+**     not null: 0
+**     primary key: 1
+**     auto increment: 0
+** </pre>)^
+**
+** ^This function causes all database schemas to be read from disk and
+** parsed, if that has not already been done, and returns an error if
+** any errors are encountered while loading the schema.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_table_column_metadata(
+  sqlite3 *db,                /* Connection handle */
+  const char *zDbName,        /* Database name or NULL */
+  const char *zTableName,     /* Table name */
+  const char *zColumnName,    /* Column name */
+  char const **pzDataType,    /* OUTPUT: Declared data type */
+  char const **pzCollSeq,     /* OUTPUT: Collation sequence name */
+  int *pNotNull,              /* OUTPUT: True if NOT NULL constraint exists */
+  int *pPrimaryKey,           /* OUTPUT: True if column part of PK */
+  int *pAutoinc               /* OUTPUT: True if column is auto-increment */
+);
+
+/*
+** CAPI3REF: Load An Extension
+** METHOD: sqlite3
+**
+** ^This interface loads an SQLite extension library from the named file.
+**
+** ^The sqlite3_load_extension() interface attempts to load an
+** [SQLite extension] library contained in the file zFile.  If
+** the file cannot be loaded directly, attempts are made to load
+** with various operating-system specific extensions added.
+** So for example, if "samplelib" cannot be loaded, then names like
+** "samplelib.so" or "samplelib.dylib" or "samplelib.dll" might
+** be tried also.
+**
+** ^The entry point is zProc.
+** ^(zProc may be 0, in which case SQLite will try to come up with an
+** entry point name on its own.  It first tries "sqlite3_extension_init".
+** If that does not work, it constructs a name "sqlite3_X_init" where the
+** X is consists of the lower-case equivalent of all ASCII alphabetic
+** characters in the filename from the last "/" to the first following
+** "." and omitting any initial "lib".)^
+** ^The sqlite3_load_extension() interface returns
+** [SQLITE_OK] on success and [SQLITE_ERROR] if something goes wrong.
+** ^If an error occurs and pzErrMsg is not 0, then the
+** [sqlite3_load_extension()] interface shall attempt to
+** fill *pzErrMsg with error message text stored in memory
+** obtained from [sqlite3_malloc()]. The calling function
+** should free this memory by calling [sqlite3_free()].
+**
+** ^Extension loading must be enabled using
+** [sqlite3_enable_load_extension()] prior to calling this API,
+** otherwise an error will be returned.
+**
+** See also the [load_extension() SQL function].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_load_extension(
+  sqlite3 *db,          /* Load the extension into this database connection */
+  const char *zFile,    /* Name of the shared library containing extension */
+  const char *zProc,    /* Entry point.  Derived from zFile if 0 */
+  char **pzErrMsg       /* Put error message here if not 0 */
+);
+
+/*
+** CAPI3REF: Enable Or Disable Extension Loading
+** METHOD: sqlite3
+**
+** ^So as not to open security holes in older applications that are
+** unprepared to deal with [extension loading], and as a means of disabling
+** [extension loading] while evaluating user-entered SQL, the following API
+** is provided to turn the [sqlite3_load_extension()] mechanism on and off.
+**
+** ^Extension loading is off by default.
+** ^Call the sqlite3_enable_load_extension() routine with onoff==1
+** to turn extension loading on and call it with onoff==0 to turn
+** it back off again.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_enable_load_extension(sqlite3 *db, int onoff);
+
+/*
+** CAPI3REF: Automatically Load Statically Linked Extensions
+**
+** ^This interface causes the xEntryPoint() function to be invoked for
+** each new [database connection] that is created.  The idea here is that
+** xEntryPoint() is the entry point for a statically linked [SQLite extension]
+** that is to be automatically loaded into all new database connections.
+**
+** ^(Even though the function prototype shows that xEntryPoint() takes
+** no arguments and returns void, SQLite invokes xEntryPoint() with three
+** arguments and expects and integer result as if the signature of the
+** entry point where as follows:
+**
+** <blockquote><pre>
+** &nbsp;  int xEntryPoint(
+** &nbsp;    sqlite3 *db,
+** &nbsp;    const char **pzErrMsg,
+** &nbsp;    const struct sqlite3_api_routines *pThunk
+** &nbsp;  );
+** </pre></blockquote>)^
+**
+** If the xEntryPoint routine encounters an error, it should make *pzErrMsg
+** point to an appropriate error message (obtained from [sqlite3_mprintf()])
+** and return an appropriate [error code].  ^SQLite ensures that *pzErrMsg
+** is NULL before calling the xEntryPoint().  ^SQLite will invoke
+** [sqlite3_free()] on *pzErrMsg after xEntryPoint() returns.  ^If any
+** xEntryPoint() returns an error, the [sqlite3_open()], [sqlite3_open16()],
+** or [sqlite3_open_v2()] call that provoked the xEntryPoint() will fail.
+**
+** ^Calling sqlite3_auto_extension(X) with an entry point X that is already
+** on the list of automatic extensions is a harmless no-op. ^No entry point
+** will be called more than once for each database connection that is opened.
+**
+** See also: [sqlite3_reset_auto_extension()]
+** and [sqlite3_cancel_auto_extension()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_auto_extension(void (*xEntryPoint)(void));
+
+/*
+** CAPI3REF: Cancel Automatic Extension Loading
+**
+** ^The [sqlite3_cancel_auto_extension(X)] interface unregisters the
+** initialization routine X that was registered using a prior call to
+** [sqlite3_auto_extension(X)].  ^The [sqlite3_cancel_auto_extension(X)]
+** routine returns 1 if initialization routine X was successfully 
+** unregistered and it returns 0 if X was not on the list of initialization
+** routines.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_cancel_auto_extension(void (*xEntryPoint)(void));
+
+/*
+** CAPI3REF: Reset Automatic Extension Loading
+**
+** ^This interface disables all automatic extensions previously
+** registered using [sqlite3_auto_extension()].
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_reset_auto_extension(void);
+
+/*
+** The interface to the virtual-table mechanism is currently considered
+** to be experimental.  The interface might change in incompatible ways.
+** If this is a problem for you, do not use the interface at this time.
+**
+** When the virtual-table mechanism stabilizes, we will declare the
+** interface fixed, support it indefinitely, and remove this comment.
+*/
+
+/*
+** Structures used by the virtual table interface
+*/
+typedef struct sqlite3_vtab sqlite3_vtab;
+typedef struct sqlite3_index_info sqlite3_index_info;
+typedef struct sqlite3_vtab_cursor sqlite3_vtab_cursor;
+typedef struct sqlite3_module sqlite3_module;
+
+/*
+** CAPI3REF: Virtual Table Object
+** KEYWORDS: sqlite3_module {virtual table module}
+**
+** This structure, sometimes called a "virtual table module", 
+** defines the implementation of a [virtual tables].  
+** This structure consists mostly of methods for the module.
+**
+** ^A virtual table module is created by filling in a persistent
+** instance of this structure and passing a pointer to that instance
+** to [sqlite3_create_module()] or [sqlite3_create_module_v2()].
+** ^The registration remains valid until it is replaced by a different
+** module or until the [database connection] closes.  The content
+** of this structure must not change while it is registered with
+** any database connection.
+*/
+struct sqlite3_module {
+  int iVersion;
+  int (*xCreate)(sqlite3*, void *pAux,
+               int argc, const char *const*argv,
+               sqlite3_vtab **ppVTab, char**);
+  int (*xConnect)(sqlite3*, void *pAux,
+               int argc, const char *const*argv,
+               sqlite3_vtab **ppVTab, char**);
+  int (*xBestIndex)(sqlite3_vtab *pVTab, sqlite3_index_info*);
+  int (*xDisconnect)(sqlite3_vtab *pVTab);
+  int (*xDestroy)(sqlite3_vtab *pVTab);
+  int (*xOpen)(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor);
+  int (*xClose)(sqlite3_vtab_cursor*);
+  int (*xFilter)(sqlite3_vtab_cursor*, int idxNum, const char *idxStr,
+                int argc, sqlite3_value **argv);
+  int (*xNext)(sqlite3_vtab_cursor*);
+  int (*xEof)(sqlite3_vtab_cursor*);
+  int (*xColumn)(sqlite3_vtab_cursor*, sqlite3_context*, int);
+  int (*xRowid)(sqlite3_vtab_cursor*, sqlite3_int64 *pRowid);
+  int (*xUpdate)(sqlite3_vtab *, int, sqlite3_value **, sqlite3_int64 *);
+  int (*xBegin)(sqlite3_vtab *pVTab);
+  int (*xSync)(sqlite3_vtab *pVTab);
+  int (*xCommit)(sqlite3_vtab *pVTab);
+  int (*xRollback)(sqlite3_vtab *pVTab);
+  int (*xFindFunction)(sqlite3_vtab *pVtab, int nArg, const char *zName,
+                       void (**pxFunc)(sqlite3_context*,int,sqlite3_value**),
+                       void **ppArg);
+  int (*xRename)(sqlite3_vtab *pVtab, const char *zNew);
+  /* The methods above are in version 1 of the sqlite_module object. Those 
+  ** below are for version 2 and greater. */
+  int (*xSavepoint)(sqlite3_vtab *pVTab, int);
+  int (*xRelease)(sqlite3_vtab *pVTab, int);
+  int (*xRollbackTo)(sqlite3_vtab *pVTab, int);
+};
+
+/*
+** CAPI3REF: Virtual Table Indexing Information
+** KEYWORDS: sqlite3_index_info
+**
+** The sqlite3_index_info structure and its substructures is used as part
+** of the [virtual table] interface to
+** pass information into and receive the reply from the [xBestIndex]
+** method of a [virtual table module].  The fields under **Inputs** are the
+** inputs to xBestIndex and are read-only.  xBestIndex inserts its
+** results into the **Outputs** fields.
+**
+** ^(The aConstraint[] array records WHERE clause constraints of the form:
+**
+** <blockquote>column OP expr</blockquote>
+**
+** where OP is =, &lt;, &lt;=, &gt;, or &gt;=.)^  ^(The particular operator is
+** stored in aConstraint[].op using one of the
+** [SQLITE_INDEX_CONSTRAINT_EQ | SQLITE_INDEX_CONSTRAINT_ values].)^
+** ^(The index of the column is stored in
+** aConstraint[].iColumn.)^  ^(aConstraint[].usable is TRUE if the
+** expr on the right-hand side can be evaluated (and thus the constraint
+** is usable) and false if it cannot.)^
+**
+** ^The optimizer automatically inverts terms of the form "expr OP column"
+** and makes other simplifications to the WHERE clause in an attempt to
+** get as many WHERE clause terms into the form shown above as possible.
+** ^The aConstraint[] array only reports WHERE clause terms that are
+** relevant to the particular virtual table being queried.
+**
+** ^Information about the ORDER BY clause is stored in aOrderBy[].
+** ^Each term of aOrderBy records a column of the ORDER BY clause.
+**
+** The colUsed field indicates which columns of the virtual table may be
+** required by the current scan. Virtual table columns are numbered from
+** zero in the order in which they appear within the CREATE TABLE statement
+** passed to sqlite3_declare_vtab(). For the first 63 columns (columns 0-62),
+** the corresponding bit is set within the colUsed mask if the column may be
+** required by SQLite. If the table has at least 64 columns and any column
+** to the right of the first 63 is required, then bit 63 of colUsed is also
+** set. In other words, column iCol may be required if the expression
+** (colUsed & ((sqlite3_uint64)1 << (iCol>=63 ? 63 : iCol))) evaluates to 
+** non-zero.
+**
+** The [xBestIndex] method must fill aConstraintUsage[] with information
+** about what parameters to pass to xFilter.  ^If argvIndex>0 then
+** the right-hand side of the corresponding aConstraint[] is evaluated
+** and becomes the argvIndex-th entry in argv.  ^(If aConstraintUsage[].omit
+** is true, then the constraint is assumed to be fully handled by the
+** virtual table and is not checked again by SQLite.)^
+**
+** ^The idxNum and idxPtr values are recorded and passed into the
+** [xFilter] method.
+** ^[sqlite3_free()] is used to free idxPtr if and only if
+** needToFreeIdxPtr is true.
+**
+** ^The orderByConsumed means that output from [xFilter]/[xNext] will occur in
+** the correct order to satisfy the ORDER BY clause so that no separate
+** sorting step is required.
+**
+** ^The estimatedCost value is an estimate of the cost of a particular
+** strategy. A cost of N indicates that the cost of the strategy is similar
+** to a linear scan of an SQLite table with N rows. A cost of log(N) 
+** indicates that the expense of the operation is similar to that of a
+** binary search on a unique indexed field of an SQLite table with N rows.
+**
+** ^The estimatedRows value is an estimate of the number of rows that
+** will be returned by the strategy.
+**
+** The xBestIndex method may optionally populate the idxFlags field with a 
+** mask of SQLITE_INDEX_SCAN_* flags. Currently there is only one such flag -
+** SQLITE_INDEX_SCAN_UNIQUE. If the xBestIndex method sets this flag, SQLite
+** assumes that the strategy may visit at most one row. 
+**
+** Additionally, if xBestIndex sets the SQLITE_INDEX_SCAN_UNIQUE flag, then
+** SQLite also assumes that if a call to the xUpdate() method is made as
+** part of the same statement to delete or update a virtual table row and the
+** implementation returns SQLITE_CONSTRAINT, then there is no need to rollback
+** any database changes. In other words, if the xUpdate() returns
+** SQLITE_CONSTRAINT, the database contents must be exactly as they were
+** before xUpdate was called. By contrast, if SQLITE_INDEX_SCAN_UNIQUE is not
+** set and xUpdate returns SQLITE_CONSTRAINT, any database changes made by
+** the xUpdate method are automatically rolled back by SQLite.
+**
+** IMPORTANT: The estimatedRows field was added to the sqlite3_index_info
+** structure for SQLite version 3.8.2. If a virtual table extension is
+** used with an SQLite version earlier than 3.8.2, the results of attempting 
+** to read or write the estimatedRows field are undefined (but are likely 
+** to included crashing the application). The estimatedRows field should
+** therefore only be used if [sqlite3_libversion_number()] returns a
+** value greater than or equal to 3008002. Similarly, the idxFlags field
+** was added for version 3.9.0. It may therefore only be used if
+** sqlite3_libversion_number() returns a value greater than or equal to
+** 3009000.
+*/
+struct sqlite3_index_info {
+  /* Inputs */
+  int nConstraint;           /* Number of entries in aConstraint */
+  struct sqlite3_index_constraint {
+     int iColumn;              /* Column on left-hand side of constraint */
+     unsigned char op;         /* Constraint operator */
+     unsigned char usable;     /* True if this constraint is usable */
+     int iTermOffset;          /* Used internally - xBestIndex should ignore */
+  } *aConstraint;            /* Table of WHERE clause constraints */
+  int nOrderBy;              /* Number of terms in the ORDER BY clause */
+  struct sqlite3_index_orderby {
+     int iColumn;              /* Column number */
+     unsigned char desc;       /* True for DESC.  False for ASC. */
+  } *aOrderBy;               /* The ORDER BY clause */
+  /* Outputs */
+  struct sqlite3_index_constraint_usage {
+    int argvIndex;           /* if >0, constraint is part of argv to xFilter */
+    unsigned char omit;      /* Do not code a test for this constraint */
+  } *aConstraintUsage;
+  int idxNum;                /* Number used to identify the index */
+  char *idxStr;              /* String, possibly obtained from sqlite3_malloc */
+  int needToFreeIdxStr;      /* Free idxStr using sqlite3_free() if true */
+  int orderByConsumed;       /* True if output is already ordered */
+  double estimatedCost;           /* Estimated cost of using this index */
+  /* Fields below are only available in SQLite 3.8.2 and later */
+  sqlite3_int64 estimatedRows;    /* Estimated number of rows returned */
+  /* Fields below are only available in SQLite 3.9.0 and later */
+  int idxFlags;              /* Mask of SQLITE_INDEX_SCAN_* flags */
+  /* Fields below are only available in SQLite 3.10.0 and later */
+  sqlite3_uint64 colUsed;    /* Input: Mask of columns used by statement */
+};
+
+/*
+** CAPI3REF: Virtual Table Scan Flags
+*/
+#define SQLITE_INDEX_SCAN_UNIQUE      1     /* Scan visits at most 1 row */
+
+/*
+** CAPI3REF: Virtual Table Constraint Operator Codes
+**
+** These macros defined the allowed values for the
+** [sqlite3_index_info].aConstraint[].op field.  Each value represents
+** an operator that is part of a constraint term in the wHERE clause of
+** a query that uses a [virtual table].
+*/
+#define SQLITE_INDEX_CONSTRAINT_EQ      2
+#define SQLITE_INDEX_CONSTRAINT_GT      4
+#define SQLITE_INDEX_CONSTRAINT_LE      8
+#define SQLITE_INDEX_CONSTRAINT_LT     16
+#define SQLITE_INDEX_CONSTRAINT_GE     32
+#define SQLITE_INDEX_CONSTRAINT_MATCH  64
+#define SQLITE_INDEX_CONSTRAINT_LIKE   65
+#define SQLITE_INDEX_CONSTRAINT_GLOB   66
+#define SQLITE_INDEX_CONSTRAINT_REGEXP 67
+
+/*
+** CAPI3REF: Register A Virtual Table Implementation
+** METHOD: sqlite3
+**
+** ^These routines are used to register a new [virtual table module] name.
+** ^Module names must be registered before
+** creating a new [virtual table] using the module and before using a
+** preexisting [virtual table] for the module.
+**
+** ^The module name is registered on the [database connection] specified
+** by the first parameter.  ^The name of the module is given by the 
+** second parameter.  ^The third parameter is a pointer to
+** the implementation of the [virtual table module].   ^The fourth
+** parameter is an arbitrary client data pointer that is passed through
+** into the [xCreate] and [xConnect] methods of the virtual table module
+** when a new virtual table is be being created or reinitialized.
+**
+** ^The sqlite3_create_module_v2() interface has a fifth parameter which
+** is a pointer to a destructor for the pClientData.  ^SQLite will
+** invoke the destructor function (if it is not NULL) when SQLite
+** no longer needs the pClientData pointer.  ^The destructor will also
+** be invoked if the call to sqlite3_create_module_v2() fails.
+** ^The sqlite3_create_module()
+** interface is equivalent to sqlite3_create_module_v2() with a NULL
+** destructor.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_create_module(
+  sqlite3 *db,               /* SQLite connection to register module with */
+  const char *zName,         /* Name of the module */
+  const sqlite3_module *p,   /* Methods for the module */
+  void *pClientData          /* Client data for xCreate/xConnect */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_create_module_v2(
+  sqlite3 *db,               /* SQLite connection to register module with */
+  const char *zName,         /* Name of the module */
+  const sqlite3_module *p,   /* Methods for the module */
+  void *pClientData,         /* Client data for xCreate/xConnect */
+  void(*xDestroy)(void*)     /* Module destructor function */
+);
+
+/*
+** CAPI3REF: Virtual Table Instance Object
+** KEYWORDS: sqlite3_vtab
+**
+** Every [virtual table module] implementation uses a subclass
+** of this object to describe a particular instance
+** of the [virtual table].  Each subclass will
+** be tailored to the specific needs of the module implementation.
+** The purpose of this superclass is to define certain fields that are
+** common to all module implementations.
+**
+** ^Virtual tables methods can set an error message by assigning a
+** string obtained from [sqlite3_mprintf()] to zErrMsg.  The method should
+** take care that any prior string is freed by a call to [sqlite3_free()]
+** prior to assigning a new string to zErrMsg.  ^After the error message
+** is delivered up to the client application, the string will be automatically
+** freed by sqlite3_free() and the zErrMsg field will be zeroed.
+*/
+struct sqlite3_vtab {
+  const sqlite3_module *pModule;  /* The module for this virtual table */
+  int nRef;                       /* Number of open cursors */
+  char *zErrMsg;                  /* Error message from sqlite3_mprintf() */
+  /* Virtual table implementations will typically add additional fields */
+};
+
+/*
+** CAPI3REF: Virtual Table Cursor Object
+** KEYWORDS: sqlite3_vtab_cursor {virtual table cursor}
+**
+** Every [virtual table module] implementation uses a subclass of the
+** following structure to describe cursors that point into the
+** [virtual table] and are used
+** to loop through the virtual table.  Cursors are created using the
+** [sqlite3_module.xOpen | xOpen] method of the module and are destroyed
+** by the [sqlite3_module.xClose | xClose] method.  Cursors are used
+** by the [xFilter], [xNext], [xEof], [xColumn], and [xRowid] methods
+** of the module.  Each module implementation will define
+** the content of a cursor structure to suit its own needs.
+**
+** This superclass exists in order to define fields of the cursor that
+** are common to all implementations.
+*/
+struct sqlite3_vtab_cursor {
+  sqlite3_vtab *pVtab;      /* Virtual table of this cursor */
+  /* Virtual table implementations will typically add additional fields */
+};
+
+/*
+** CAPI3REF: Declare The Schema Of A Virtual Table
+**
+** ^The [xCreate] and [xConnect] methods of a
+** [virtual table module] call this interface
+** to declare the format (the names and datatypes of the columns) of
+** the virtual tables they implement.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_declare_vtab(sqlite3*, const char *zSQL);
+
+/*
+** CAPI3REF: Overload A Function For A Virtual Table
+** METHOD: sqlite3
+**
+** ^(Virtual tables can provide alternative implementations of functions
+** using the [xFindFunction] method of the [virtual table module].  
+** But global versions of those functions
+** must exist in order to be overloaded.)^
+**
+** ^(This API makes sure a global version of a function with a particular
+** name and number of parameters exists.  If no such function exists
+** before this API is called, a new function is created.)^  ^The implementation
+** of the new function always causes an exception to be thrown.  So
+** the new function is not good for anything by itself.  Its only
+** purpose is to be a placeholder function that can be overloaded
+** by a [virtual table].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_overload_function(sqlite3*, const char *zFuncName, int nArg);
+
+/*
+** The interface to the virtual-table mechanism defined above (back up
+** to a comment remarkably similar to this one) is currently considered
+** to be experimental.  The interface might change in incompatible ways.
+** If this is a problem for you, do not use the interface at this time.
+**
+** When the virtual-table mechanism stabilizes, we will declare the
+** interface fixed, support it indefinitely, and remove this comment.
+*/
+
+/*
+** CAPI3REF: A Handle To An Open BLOB
+** KEYWORDS: {BLOB handle} {BLOB handles}
+**
+** An instance of this object represents an open BLOB on which
+** [sqlite3_blob_open | incremental BLOB I/O] can be performed.
+** ^Objects of this type are created by [sqlite3_blob_open()]
+** and destroyed by [sqlite3_blob_close()].
+** ^The [sqlite3_blob_read()] and [sqlite3_blob_write()] interfaces
+** can be used to read or write small subsections of the BLOB.
+** ^The [sqlite3_blob_bytes()] interface returns the size of the BLOB in bytes.
+*/
+typedef struct sqlite3_blob sqlite3_blob;
+
+/*
+** CAPI3REF: Open A BLOB For Incremental I/O
+** METHOD: sqlite3
+** CONSTRUCTOR: sqlite3_blob
+**
+** ^(This interfaces opens a [BLOB handle | handle] to the BLOB located
+** in row iRow, column zColumn, table zTable in database zDb;
+** in other words, the same BLOB that would be selected by:
+**
+** <pre>
+**     SELECT zColumn FROM zDb.zTable WHERE [rowid] = iRow;
+** </pre>)^
+**
+** ^(Parameter zDb is not the filename that contains the database, but 
+** rather the symbolic name of the database. For attached databases, this is
+** the name that appears after the AS keyword in the [ATTACH] statement.
+** For the main database file, the database name is "main". For TEMP
+** tables, the database name is "temp".)^
+**
+** ^If the flags parameter is non-zero, then the BLOB is opened for read
+** and write access. ^If the flags parameter is zero, the BLOB is opened for
+** read-only access.
+**
+** ^(On success, [SQLITE_OK] is returned and the new [BLOB handle] is stored
+** in *ppBlob. Otherwise an [error code] is returned and, unless the error
+** code is SQLITE_MISUSE, *ppBlob is set to NULL.)^ ^This means that, provided
+** the API is not misused, it is always safe to call [sqlite3_blob_close()] 
+** on *ppBlob after this function it returns.
+**
+** This function fails with SQLITE_ERROR if any of the following are true:
+** <ul>
+**   <li> ^(Database zDb does not exist)^, 
+**   <li> ^(Table zTable does not exist within database zDb)^, 
+**   <li> ^(Table zTable is a WITHOUT ROWID table)^, 
+**   <li> ^(Column zColumn does not exist)^,
+**   <li> ^(Row iRow is not present in the table)^,
+**   <li> ^(The specified column of row iRow contains a value that is not
+**         a TEXT or BLOB value)^,
+**   <li> ^(Column zColumn is part of an index, PRIMARY KEY or UNIQUE 
+**         constraint and the blob is being opened for read/write access)^,
+**   <li> ^([foreign key constraints | Foreign key constraints] are enabled, 
+**         column zColumn is part of a [child key] definition and the blob is
+**         being opened for read/write access)^.
+** </ul>
+**
+** ^Unless it returns SQLITE_MISUSE, this function sets the 
+** [database connection] error code and message accessible via 
+** [sqlite3_errcode()] and [sqlite3_errmsg()] and related functions. 
+**
+**
+** ^(If the row that a BLOB handle points to is modified by an
+** [UPDATE], [DELETE], or by [ON CONFLICT] side-effects
+** then the BLOB handle is marked as "expired".
+** This is true if any column of the row is changed, even a column
+** other than the one the BLOB handle is open on.)^
+** ^Calls to [sqlite3_blob_read()] and [sqlite3_blob_write()] for
+** an expired BLOB handle fail with a return code of [SQLITE_ABORT].
+** ^(Changes written into a BLOB prior to the BLOB expiring are not
+** rolled back by the expiration of the BLOB.  Such changes will eventually
+** commit if the transaction continues to completion.)^
+**
+** ^Use the [sqlite3_blob_bytes()] interface to determine the size of
+** the opened blob.  ^The size of a blob may not be changed by this
+** interface.  Use the [UPDATE] SQL command to change the size of a
+** blob.
+**
+** ^The [sqlite3_bind_zeroblob()] and [sqlite3_result_zeroblob()] interfaces
+** and the built-in [zeroblob] SQL function may be used to create a 
+** zero-filled blob to read or write using the incremental-blob interface.
+**
+** To avoid a resource leak, every open [BLOB handle] should eventually
+** be released by a call to [sqlite3_blob_close()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_open(
+  sqlite3*,
+  const char *zDb,
+  const char *zTable,
+  const char *zColumn,
+  sqlite3_int64 iRow,
+  int flags,
+  sqlite3_blob **ppBlob
+);
+
+/*
+** CAPI3REF: Move a BLOB Handle to a New Row
+** METHOD: sqlite3_blob
+**
+** ^This function is used to move an existing blob handle so that it points
+** to a different row of the same database table. ^The new row is identified
+** by the rowid value passed as the second argument. Only the row can be
+** changed. ^The database, table and column on which the blob handle is open
+** remain the same. Moving an existing blob handle to a new row can be
+** faster than closing the existing handle and opening a new one.
+**
+** ^(The new row must meet the same criteria as for [sqlite3_blob_open()] -
+** it must exist and there must be either a blob or text value stored in
+** the nominated column.)^ ^If the new row is not present in the table, or if
+** it does not contain a blob or text value, or if another error occurs, an
+** SQLite error code is returned and the blob handle is considered aborted.
+** ^All subsequent calls to [sqlite3_blob_read()], [sqlite3_blob_write()] or
+** [sqlite3_blob_reopen()] on an aborted blob handle immediately return
+** SQLITE_ABORT. ^Calling [sqlite3_blob_bytes()] on an aborted blob handle
+** always returns zero.
+**
+** ^This function sets the database handle error code and message.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_reopen(sqlite3_blob *, sqlite3_int64);
+
+/*
+** CAPI3REF: Close A BLOB Handle
+** DESTRUCTOR: sqlite3_blob
+**
+** ^This function closes an open [BLOB handle]. ^(The BLOB handle is closed
+** unconditionally.  Even if this routine returns an error code, the 
+** handle is still closed.)^
+**
+** ^If the blob handle being closed was opened for read-write access, and if
+** the database is in auto-commit mode and there are no other open read-write
+** blob handles or active write statements, the current transaction is
+** committed. ^If an error occurs while committing the transaction, an error
+** code is returned and the transaction rolled back.
+**
+** Calling this function with an argument that is not a NULL pointer or an
+** open blob handle results in undefined behaviour. ^Calling this routine 
+** with a null pointer (such as would be returned by a failed call to 
+** [sqlite3_blob_open()]) is a harmless no-op. ^Otherwise, if this function
+** is passed a valid open blob handle, the values returned by the 
+** sqlite3_errcode() and sqlite3_errmsg() functions are set before returning.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_close(sqlite3_blob *);
+
+/*
+** CAPI3REF: Return The Size Of An Open BLOB
+** METHOD: sqlite3_blob
+**
+** ^Returns the size in bytes of the BLOB accessible via the 
+** successfully opened [BLOB handle] in its only argument.  ^The
+** incremental blob I/O routines can only read or overwriting existing
+** blob content; they cannot change the size of a blob.
+**
+** This routine only works on a [BLOB handle] which has been created
+** by a prior successful call to [sqlite3_blob_open()] and which has not
+** been closed by [sqlite3_blob_close()].  Passing any other pointer in
+** to this routine results in undefined and probably undesirable behavior.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_bytes(sqlite3_blob *);
+
+/*
+** CAPI3REF: Read Data From A BLOB Incrementally
+** METHOD: sqlite3_blob
+**
+** ^(This function is used to read data from an open [BLOB handle] into a
+** caller-supplied buffer. N bytes of data are copied into buffer Z
+** from the open BLOB, starting at offset iOffset.)^
+**
+** ^If offset iOffset is less than N bytes from the end of the BLOB,
+** [SQLITE_ERROR] is returned and no data is read.  ^If N or iOffset is
+** less than zero, [SQLITE_ERROR] is returned and no data is read.
+** ^The size of the blob (and hence the maximum value of N+iOffset)
+** can be determined using the [sqlite3_blob_bytes()] interface.
+**
+** ^An attempt to read from an expired [BLOB handle] fails with an
+** error code of [SQLITE_ABORT].
+**
+** ^(On success, sqlite3_blob_read() returns SQLITE_OK.
+** Otherwise, an [error code] or an [extended error code] is returned.)^
+**
+** This routine only works on a [BLOB handle] which has been created
+** by a prior successful call to [sqlite3_blob_open()] and which has not
+** been closed by [sqlite3_blob_close()].  Passing any other pointer in
+** to this routine results in undefined and probably undesirable behavior.
+**
+** See also: [sqlite3_blob_write()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_read(sqlite3_blob *, void *Z, int N, int iOffset);
+
+/*
+** CAPI3REF: Write Data Into A BLOB Incrementally
+** METHOD: sqlite3_blob
+**
+** ^(This function is used to write data into an open [BLOB handle] from a
+** caller-supplied buffer. N bytes of data are copied from the buffer Z
+** into the open BLOB, starting at offset iOffset.)^
+**
+** ^(On success, sqlite3_blob_write() returns SQLITE_OK.
+** Otherwise, an  [error code] or an [extended error code] is returned.)^
+** ^Unless SQLITE_MISUSE is returned, this function sets the 
+** [database connection] error code and message accessible via 
+** [sqlite3_errcode()] and [sqlite3_errmsg()] and related functions. 
+**
+** ^If the [BLOB handle] passed as the first argument was not opened for
+** writing (the flags parameter to [sqlite3_blob_open()] was zero),
+** this function returns [SQLITE_READONLY].
+**
+** This function may only modify the contents of the BLOB; it is
+** not possible to increase the size of a BLOB using this API.
+** ^If offset iOffset is less than N bytes from the end of the BLOB,
+** [SQLITE_ERROR] is returned and no data is written. The size of the 
+** BLOB (and hence the maximum value of N+iOffset) can be determined 
+** using the [sqlite3_blob_bytes()] interface. ^If N or iOffset are less 
+** than zero [SQLITE_ERROR] is returned and no data is written.
+**
+** ^An attempt to write to an expired [BLOB handle] fails with an
+** error code of [SQLITE_ABORT].  ^Writes to the BLOB that occurred
+** before the [BLOB handle] expired are not rolled back by the
+** expiration of the handle, though of course those changes might
+** have been overwritten by the statement that expired the BLOB handle
+** or by other independent statements.
+**
+** This routine only works on a [BLOB handle] which has been created
+** by a prior successful call to [sqlite3_blob_open()] and which has not
+** been closed by [sqlite3_blob_close()].  Passing any other pointer in
+** to this routine results in undefined and probably undesirable behavior.
+**
+** See also: [sqlite3_blob_read()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_blob_write(sqlite3_blob *, const void *z, int n, int iOffset);
+
+/*
+** CAPI3REF: Virtual File System Objects
+**
+** A virtual filesystem (VFS) is an [sqlite3_vfs] object
+** that SQLite uses to interact
+** with the underlying operating system.  Most SQLite builds come with a
+** single default VFS that is appropriate for the host computer.
+** New VFSes can be registered and existing VFSes can be unregistered.
+** The following interfaces are provided.
+**
+** ^The sqlite3_vfs_find() interface returns a pointer to a VFS given its name.
+** ^Names are case sensitive.
+** ^Names are zero-terminated UTF-8 strings.
+** ^If there is no match, a NULL pointer is returned.
+** ^If zVfsName is NULL then the default VFS is returned.
+**
+** ^New VFSes are registered with sqlite3_vfs_register().
+** ^Each new VFS becomes the default VFS if the makeDflt flag is set.
+** ^The same VFS can be registered multiple times without injury.
+** ^To make an existing VFS into the default VFS, register it again
+** with the makeDflt flag set.  If two different VFSes with the
+** same name are registered, the behavior is undefined.  If a
+** VFS is registered with a name that is NULL or an empty string,
+** then the behavior is undefined.
+**
+** ^Unregister a VFS with the sqlite3_vfs_unregister() interface.
+** ^(If the default VFS is unregistered, another VFS is chosen as
+** the default.  The choice for the new VFS is arbitrary.)^
+*/
+SQLITE_API sqlite3_vfs *SQLITE_STDCALL sqlite3_vfs_find(const char *zVfsName);
+SQLITE_API int SQLITE_STDCALL sqlite3_vfs_register(sqlite3_vfs*, int makeDflt);
+SQLITE_API int SQLITE_STDCALL sqlite3_vfs_unregister(sqlite3_vfs*);
+
+/*
+** CAPI3REF: Mutexes
+**
+** The SQLite core uses these routines for thread
+** synchronization. Though they are intended for internal
+** use by SQLite, code that links against SQLite is
+** permitted to use any of these routines.
+**
+** The SQLite source code contains multiple implementations
+** of these mutex routines.  An appropriate implementation
+** is selected automatically at compile-time.  The following
+** implementations are available in the SQLite core:
+**
+** <ul>
+** <li>   SQLITE_MUTEX_PTHREADS
+** <li>   SQLITE_MUTEX_W32
+** <li>   SQLITE_MUTEX_NOOP
+** </ul>
+**
+** The SQLITE_MUTEX_NOOP implementation is a set of routines
+** that does no real locking and is appropriate for use in
+** a single-threaded application.  The SQLITE_MUTEX_PTHREADS and
+** SQLITE_MUTEX_W32 implementations are appropriate for use on Unix
+** and Windows.
+**
+** If SQLite is compiled with the SQLITE_MUTEX_APPDEF preprocessor
+** macro defined (with "-DSQLITE_MUTEX_APPDEF=1"), then no mutex
+** implementation is included with the library. In this case the
+** application must supply a custom mutex implementation using the
+** [SQLITE_CONFIG_MUTEX] option of the sqlite3_config() function
+** before calling sqlite3_initialize() or any other public sqlite3_
+** function that calls sqlite3_initialize().
+**
+** ^The sqlite3_mutex_alloc() routine allocates a new
+** mutex and returns a pointer to it. ^The sqlite3_mutex_alloc()
+** routine returns NULL if it is unable to allocate the requested
+** mutex.  The argument to sqlite3_mutex_alloc() must one of these
+** integer constants:
+**
+** <ul>
+** <li>  SQLITE_MUTEX_FAST
+** <li>  SQLITE_MUTEX_RECURSIVE
+** <li>  SQLITE_MUTEX_STATIC_MASTER
+** <li>  SQLITE_MUTEX_STATIC_MEM
+** <li>  SQLITE_MUTEX_STATIC_OPEN
+** <li>  SQLITE_MUTEX_STATIC_PRNG
+** <li>  SQLITE_MUTEX_STATIC_LRU
+** <li>  SQLITE_MUTEX_STATIC_PMEM
+** <li>  SQLITE_MUTEX_STATIC_APP1
+** <li>  SQLITE_MUTEX_STATIC_APP2
+** <li>  SQLITE_MUTEX_STATIC_APP3
+** <li>  SQLITE_MUTEX_STATIC_VFS1
+** <li>  SQLITE_MUTEX_STATIC_VFS2
+** <li>  SQLITE_MUTEX_STATIC_VFS3
+** </ul>
+**
+** ^The first two constants (SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE)
+** cause sqlite3_mutex_alloc() to create
+** a new mutex.  ^The new mutex is recursive when SQLITE_MUTEX_RECURSIVE
+** is used but not necessarily so when SQLITE_MUTEX_FAST is used.
+** The mutex implementation does not need to make a distinction
+** between SQLITE_MUTEX_RECURSIVE and SQLITE_MUTEX_FAST if it does
+** not want to.  SQLite will only request a recursive mutex in
+** cases where it really needs one.  If a faster non-recursive mutex
+** implementation is available on the host platform, the mutex subsystem
+** might return such a mutex in response to SQLITE_MUTEX_FAST.
+**
+** ^The other allowed parameters to sqlite3_mutex_alloc() (anything other
+** than SQLITE_MUTEX_FAST and SQLITE_MUTEX_RECURSIVE) each return
+** a pointer to a static preexisting mutex.  ^Nine static mutexes are
+** used by the current version of SQLite.  Future versions of SQLite
+** may add additional static mutexes.  Static mutexes are for internal
+** use by SQLite only.  Applications that use SQLite mutexes should
+** use only the dynamic mutexes returned by SQLITE_MUTEX_FAST or
+** SQLITE_MUTEX_RECURSIVE.
+**
+** ^Note that if one of the dynamic mutex parameters (SQLITE_MUTEX_FAST
+** or SQLITE_MUTEX_RECURSIVE) is used then sqlite3_mutex_alloc()
+** returns a different mutex on every call.  ^For the static
+** mutex types, the same mutex is returned on every call that has
+** the same type number.
+**
+** ^The sqlite3_mutex_free() routine deallocates a previously
+** allocated dynamic mutex.  Attempting to deallocate a static
+** mutex results in undefined behavior.
+**
+** ^The sqlite3_mutex_enter() and sqlite3_mutex_try() routines attempt
+** to enter a mutex.  ^If another thread is already within the mutex,
+** sqlite3_mutex_enter() will block and sqlite3_mutex_try() will return
+** SQLITE_BUSY.  ^The sqlite3_mutex_try() interface returns [SQLITE_OK]
+** upon successful entry.  ^(Mutexes created using
+** SQLITE_MUTEX_RECURSIVE can be entered multiple times by the same thread.
+** In such cases, the
+** mutex must be exited an equal number of times before another thread
+** can enter.)^  If the same thread tries to enter any mutex other
+** than an SQLITE_MUTEX_RECURSIVE more than once, the behavior is undefined.
+**
+** ^(Some systems (for example, Windows 95) do not support the operation
+** implemented by sqlite3_mutex_try().  On those systems, sqlite3_mutex_try()
+** will always return SQLITE_BUSY. The SQLite core only ever uses
+** sqlite3_mutex_try() as an optimization so this is acceptable 
+** behavior.)^
+**
+** ^The sqlite3_mutex_leave() routine exits a mutex that was
+** previously entered by the same thread.   The behavior
+** is undefined if the mutex is not currently entered by the
+** calling thread or is not currently allocated.
+**
+** ^If the argument to sqlite3_mutex_enter(), sqlite3_mutex_try(), or
+** sqlite3_mutex_leave() is a NULL pointer, then all three routines
+** behave as no-ops.
+**
+** See also: [sqlite3_mutex_held()] and [sqlite3_mutex_notheld()].
+*/
+SQLITE_API sqlite3_mutex *SQLITE_STDCALL sqlite3_mutex_alloc(int);
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_free(sqlite3_mutex*);
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_enter(sqlite3_mutex*);
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_try(sqlite3_mutex*);
+SQLITE_API void SQLITE_STDCALL sqlite3_mutex_leave(sqlite3_mutex*);
+
+/*
+** CAPI3REF: Mutex Methods Object
+**
+** An instance of this structure defines the low-level routines
+** used to allocate and use mutexes.
+**
+** Usually, the default mutex implementations provided by SQLite are
+** sufficient, however the application has the option of substituting a custom
+** implementation for specialized deployments or systems for which SQLite
+** does not provide a suitable implementation. In this case, the application
+** creates and populates an instance of this structure to pass
+** to sqlite3_config() along with the [SQLITE_CONFIG_MUTEX] option.
+** Additionally, an instance of this structure can be used as an
+** output variable when querying the system for the current mutex
+** implementation, using the [SQLITE_CONFIG_GETMUTEX] option.
+**
+** ^The xMutexInit method defined by this structure is invoked as
+** part of system initialization by the sqlite3_initialize() function.
+** ^The xMutexInit routine is called by SQLite exactly once for each
+** effective call to [sqlite3_initialize()].
+**
+** ^The xMutexEnd method defined by this structure is invoked as
+** part of system shutdown by the sqlite3_shutdown() function. The
+** implementation of this method is expected to release all outstanding
+** resources obtained by the mutex methods implementation, especially
+** those obtained by the xMutexInit method.  ^The xMutexEnd()
+** interface is invoked exactly once for each call to [sqlite3_shutdown()].
+**
+** ^(The remaining seven methods defined by this structure (xMutexAlloc,
+** xMutexFree, xMutexEnter, xMutexTry, xMutexLeave, xMutexHeld and
+** xMutexNotheld) implement the following interfaces (respectively):
+**
+** <ul>
+**   <li>  [sqlite3_mutex_alloc()] </li>
+**   <li>  [sqlite3_mutex_free()] </li>
+**   <li>  [sqlite3_mutex_enter()] </li>
+**   <li>  [sqlite3_mutex_try()] </li>
+**   <li>  [sqlite3_mutex_leave()] </li>
+**   <li>  [sqlite3_mutex_held()] </li>
+**   <li>  [sqlite3_mutex_notheld()] </li>
+** </ul>)^
+**
+** The only difference is that the public sqlite3_XXX functions enumerated
+** above silently ignore any invocations that pass a NULL pointer instead
+** of a valid mutex handle. The implementations of the methods defined
+** by this structure are not required to handle this case, the results
+** of passing a NULL pointer instead of a valid mutex handle are undefined
+** (i.e. it is acceptable to provide an implementation that segfaults if
+** it is passed a NULL pointer).
+**
+** The xMutexInit() method must be threadsafe.  It must be harmless to
+** invoke xMutexInit() multiple times within the same process and without
+** intervening calls to xMutexEnd().  Second and subsequent calls to
+** xMutexInit() must be no-ops.
+**
+** xMutexInit() must not use SQLite memory allocation ([sqlite3_malloc()]
+** and its associates).  Similarly, xMutexAlloc() must not use SQLite memory
+** allocation for a static mutex.  ^However xMutexAlloc() may use SQLite
+** memory allocation for a fast or recursive mutex.
+**
+** ^SQLite will invoke the xMutexEnd() method when [sqlite3_shutdown()] is
+** called, but only if the prior call to xMutexInit returned SQLITE_OK.
+** If xMutexInit fails in any way, it is expected to clean up after itself
+** prior to returning.
+*/
+typedef struct sqlite3_mutex_methods sqlite3_mutex_methods;
+struct sqlite3_mutex_methods {
+  int (*xMutexInit)(void);
+  int (*xMutexEnd)(void);
+  sqlite3_mutex *(*xMutexAlloc)(int);
+  void (*xMutexFree)(sqlite3_mutex *);
+  void (*xMutexEnter)(sqlite3_mutex *);
+  int (*xMutexTry)(sqlite3_mutex *);
+  void (*xMutexLeave)(sqlite3_mutex *);
+  int (*xMutexHeld)(sqlite3_mutex *);
+  int (*xMutexNotheld)(sqlite3_mutex *);
+};
+
+/*
+** CAPI3REF: Mutex Verification Routines
+**
+** The sqlite3_mutex_held() and sqlite3_mutex_notheld() routines
+** are intended for use inside assert() statements.  The SQLite core
+** never uses these routines except inside an assert() and applications
+** are advised to follow the lead of the core.  The SQLite core only
+** provides implementations for these routines when it is compiled
+** with the SQLITE_DEBUG flag.  External mutex implementations
+** are only required to provide these routines if SQLITE_DEBUG is
+** defined and if NDEBUG is not defined.
+**
+** These routines should return true if the mutex in their argument
+** is held or not held, respectively, by the calling thread.
+**
+** The implementation is not required to provide versions of these
+** routines that actually work. If the implementation does not provide working
+** versions of these routines, it should at least provide stubs that always
+** return true so that one does not get spurious assertion failures.
+**
+** If the argument to sqlite3_mutex_held() is a NULL pointer then
+** the routine should return 1.   This seems counter-intuitive since
+** clearly the mutex cannot be held if it does not exist.  But
+** the reason the mutex does not exist is because the build is not
+** using mutexes.  And we do not want the assert() containing the
+** call to sqlite3_mutex_held() to fail, so a non-zero return is
+** the appropriate thing to do.  The sqlite3_mutex_notheld()
+** interface should also return 1 when given a NULL pointer.
+*/
+#ifndef NDEBUG
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_held(sqlite3_mutex*);
+SQLITE_API int SQLITE_STDCALL sqlite3_mutex_notheld(sqlite3_mutex*);
+#endif
+
+/*
+** CAPI3REF: Mutex Types
+**
+** The [sqlite3_mutex_alloc()] interface takes a single argument
+** which is one of these integer constants.
+**
+** The set of static mutexes may change from one SQLite release to the
+** next.  Applications that override the built-in mutex logic must be
+** prepared to accommodate additional static mutexes.
+*/
+#define SQLITE_MUTEX_FAST             0
+#define SQLITE_MUTEX_RECURSIVE        1
+#define SQLITE_MUTEX_STATIC_MASTER    2
+#define SQLITE_MUTEX_STATIC_MEM       3  /* sqlite3_malloc() */
+#define SQLITE_MUTEX_STATIC_MEM2      4  /* NOT USED */
+#define SQLITE_MUTEX_STATIC_OPEN      4  /* sqlite3BtreeOpen() */
+#define SQLITE_MUTEX_STATIC_PRNG      5  /* sqlite3_random() */
+#define SQLITE_MUTEX_STATIC_LRU       6  /* lru page list */
+#define SQLITE_MUTEX_STATIC_LRU2      7  /* NOT USED */
+#define SQLITE_MUTEX_STATIC_PMEM      7  /* sqlite3PageMalloc() */
+#define SQLITE_MUTEX_STATIC_APP1      8  /* For use by application */
+#define SQLITE_MUTEX_STATIC_APP2      9  /* For use by application */
+#define SQLITE_MUTEX_STATIC_APP3     10  /* For use by application */
+#define SQLITE_MUTEX_STATIC_VFS1     11  /* For use by built-in VFS */
+#define SQLITE_MUTEX_STATIC_VFS2     12  /* For use by extension VFS */
+#define SQLITE_MUTEX_STATIC_VFS3     13  /* For use by application VFS */
+
+/*
+** CAPI3REF: Retrieve the mutex for a database connection
+** METHOD: sqlite3
+**
+** ^This interface returns a pointer the [sqlite3_mutex] object that 
+** serializes access to the [database connection] given in the argument
+** when the [threading mode] is Serialized.
+** ^If the [threading mode] is Single-thread or Multi-thread then this
+** routine returns a NULL pointer.
+*/
+SQLITE_API sqlite3_mutex *SQLITE_STDCALL sqlite3_db_mutex(sqlite3*);
+
+/*
+** CAPI3REF: Low-Level Control Of Database Files
+** METHOD: sqlite3
+**
+** ^The [sqlite3_file_control()] interface makes a direct call to the
+** xFileControl method for the [sqlite3_io_methods] object associated
+** with a particular database identified by the second argument. ^The
+** name of the database is "main" for the main database or "temp" for the
+** TEMP database, or the name that appears after the AS keyword for
+** databases that are added using the [ATTACH] SQL command.
+** ^A NULL pointer can be used in place of "main" to refer to the
+** main database file.
+** ^The third and fourth parameters to this routine
+** are passed directly through to the second and third parameters of
+** the xFileControl method.  ^The return value of the xFileControl
+** method becomes the return value of this routine.
+**
+** ^The SQLITE_FCNTL_FILE_POINTER value for the op parameter causes
+** a pointer to the underlying [sqlite3_file] object to be written into
+** the space pointed to by the 4th parameter.  ^The SQLITE_FCNTL_FILE_POINTER
+** case is a short-circuit path which does not actually invoke the
+** underlying sqlite3_io_methods.xFileControl method.
+**
+** ^If the second parameter (zDbName) does not match the name of any
+** open database file, then SQLITE_ERROR is returned.  ^This error
+** code is not remembered and will not be recalled by [sqlite3_errcode()]
+** or [sqlite3_errmsg()].  The underlying xFileControl method might
+** also return SQLITE_ERROR.  There is no way to distinguish between
+** an incorrect zDbName and an SQLITE_ERROR return from the underlying
+** xFileControl method.
+**
+** See also: [SQLITE_FCNTL_LOCKSTATE]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_file_control(sqlite3*, const char *zDbName, int op, void*);
+
+/*
+** CAPI3REF: Testing Interface
+**
+** ^The sqlite3_test_control() interface is used to read out internal
+** state of SQLite and to inject faults into SQLite for testing
+** purposes.  ^The first parameter is an operation code that determines
+** the number, meaning, and operation of all subsequent parameters.
+**
+** This interface is not for use by applications.  It exists solely
+** for verifying the correct operation of the SQLite library.  Depending
+** on how the SQLite library is compiled, this interface might not exist.
+**
+** The details of the operation codes, their meanings, the parameters
+** they take, and what they do are all subject to change without notice.
+** Unlike most of the SQLite API, this function is not guaranteed to
+** operate consistently from one release to the next.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_test_control(int op, ...);
+
+/*
+** CAPI3REF: Testing Interface Operation Codes
+**
+** These constants are the valid operation code parameters used
+** as the first argument to [sqlite3_test_control()].
+**
+** These parameters and their meanings are subject to change
+** without notice.  These values are for testing purposes only.
+** Applications should not use any of these parameters or the
+** [sqlite3_test_control()] interface.
+*/
+#define SQLITE_TESTCTRL_FIRST                    5
+#define SQLITE_TESTCTRL_PRNG_SAVE                5
+#define SQLITE_TESTCTRL_PRNG_RESTORE             6
+#define SQLITE_TESTCTRL_PRNG_RESET               7
+#define SQLITE_TESTCTRL_BITVEC_TEST              8
+#define SQLITE_TESTCTRL_FAULT_INSTALL            9
+#define SQLITE_TESTCTRL_BENIGN_MALLOC_HOOKS     10
+#define SQLITE_TESTCTRL_PENDING_BYTE            11
+#define SQLITE_TESTCTRL_ASSERT                  12
+#define SQLITE_TESTCTRL_ALWAYS                  13
+#define SQLITE_TESTCTRL_RESERVE                 14
+#define SQLITE_TESTCTRL_OPTIMIZATIONS           15
+#define SQLITE_TESTCTRL_ISKEYWORD               16
+#define SQLITE_TESTCTRL_SCRATCHMALLOC           17
+#define SQLITE_TESTCTRL_LOCALTIME_FAULT         18
+#define SQLITE_TESTCTRL_EXPLAIN_STMT            19  /* NOT USED */
+#define SQLITE_TESTCTRL_NEVER_CORRUPT           20
+#define SQLITE_TESTCTRL_VDBE_COVERAGE           21
+#define SQLITE_TESTCTRL_BYTEORDER               22
+#define SQLITE_TESTCTRL_ISINIT                  23
+#define SQLITE_TESTCTRL_SORTER_MMAP             24
+#define SQLITE_TESTCTRL_IMPOSTER                25
+#define SQLITE_TESTCTRL_LAST                    25
+
+/*
+** CAPI3REF: SQLite Runtime Status
+**
+** ^These interfaces are used to retrieve runtime status information
+** about the performance of SQLite, and optionally to reset various
+** highwater marks.  ^The first argument is an integer code for
+** the specific parameter to measure.  ^(Recognized integer codes
+** are of the form [status parameters | SQLITE_STATUS_...].)^
+** ^The current value of the parameter is returned into *pCurrent.
+** ^The highest recorded value is returned in *pHighwater.  ^If the
+** resetFlag is true, then the highest record value is reset after
+** *pHighwater is written.  ^(Some parameters do not record the highest
+** value.  For those parameters
+** nothing is written into *pHighwater and the resetFlag is ignored.)^
+** ^(Other parameters record only the highwater mark and not the current
+** value.  For these latter parameters nothing is written into *pCurrent.)^
+**
+** ^The sqlite3_status() and sqlite3_status64() routines return
+** SQLITE_OK on success and a non-zero [error code] on failure.
+**
+** If either the current value or the highwater mark is too large to
+** be represented by a 32-bit integer, then the values returned by
+** sqlite3_status() are undefined.
+**
+** See also: [sqlite3_db_status()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_status(int op, int *pCurrent, int *pHighwater, int resetFlag);
+SQLITE_API int SQLITE_STDCALL sqlite3_status64(
+  int op,
+  sqlite3_int64 *pCurrent,
+  sqlite3_int64 *pHighwater,
+  int resetFlag
+);
+
+
+/*
+** CAPI3REF: Status Parameters
+** KEYWORDS: {status parameters}
+**
+** These integer constants designate various run-time status parameters
+** that can be returned by [sqlite3_status()].
+**
+** <dl>
+** [[SQLITE_STATUS_MEMORY_USED]] ^(<dt>SQLITE_STATUS_MEMORY_USED</dt>
+** <dd>This parameter is the current amount of memory checked out
+** using [sqlite3_malloc()], either directly or indirectly.  The
+** figure includes calls made to [sqlite3_malloc()] by the application
+** and internal memory usage by the SQLite library.  Scratch memory
+** controlled by [SQLITE_CONFIG_SCRATCH] and auxiliary page-cache
+** memory controlled by [SQLITE_CONFIG_PAGECACHE] is not included in
+** this parameter.  The amount returned is the sum of the allocation
+** sizes as reported by the xSize method in [sqlite3_mem_methods].</dd>)^
+**
+** [[SQLITE_STATUS_MALLOC_SIZE]] ^(<dt>SQLITE_STATUS_MALLOC_SIZE</dt>
+** <dd>This parameter records the largest memory allocation request
+** handed to [sqlite3_malloc()] or [sqlite3_realloc()] (or their
+** internal equivalents).  Only the value returned in the
+** *pHighwater parameter to [sqlite3_status()] is of interest.  
+** The value written into the *pCurrent parameter is undefined.</dd>)^
+**
+** [[SQLITE_STATUS_MALLOC_COUNT]] ^(<dt>SQLITE_STATUS_MALLOC_COUNT</dt>
+** <dd>This parameter records the number of separate memory allocations
+** currently checked out.</dd>)^
+**
+** [[SQLITE_STATUS_PAGECACHE_USED]] ^(<dt>SQLITE_STATUS_PAGECACHE_USED</dt>
+** <dd>This parameter returns the number of pages used out of the
+** [pagecache memory allocator] that was configured using 
+** [SQLITE_CONFIG_PAGECACHE].  The
+** value returned is in pages, not in bytes.</dd>)^
+**
+** [[SQLITE_STATUS_PAGECACHE_OVERFLOW]] 
+** ^(<dt>SQLITE_STATUS_PAGECACHE_OVERFLOW</dt>
+** <dd>This parameter returns the number of bytes of page cache
+** allocation which could not be satisfied by the [SQLITE_CONFIG_PAGECACHE]
+** buffer and where forced to overflow to [sqlite3_malloc()].  The
+** returned value includes allocations that overflowed because they
+** where too large (they were larger than the "sz" parameter to
+** [SQLITE_CONFIG_PAGECACHE]) and allocations that overflowed because
+** no space was left in the page cache.</dd>)^
+**
+** [[SQLITE_STATUS_PAGECACHE_SIZE]] ^(<dt>SQLITE_STATUS_PAGECACHE_SIZE</dt>
+** <dd>This parameter records the largest memory allocation request
+** handed to [pagecache memory allocator].  Only the value returned in the
+** *pHighwater parameter to [sqlite3_status()] is of interest.  
+** The value written into the *pCurrent parameter is undefined.</dd>)^
+**
+** [[SQLITE_STATUS_SCRATCH_USED]] ^(<dt>SQLITE_STATUS_SCRATCH_USED</dt>
+** <dd>This parameter returns the number of allocations used out of the
+** [scratch memory allocator] configured using
+** [SQLITE_CONFIG_SCRATCH].  The value returned is in allocations, not
+** in bytes.  Since a single thread may only have one scratch allocation
+** outstanding at time, this parameter also reports the number of threads
+** using scratch memory at the same time.</dd>)^
+**
+** [[SQLITE_STATUS_SCRATCH_OVERFLOW]] ^(<dt>SQLITE_STATUS_SCRATCH_OVERFLOW</dt>
+** <dd>This parameter returns the number of bytes of scratch memory
+** allocation which could not be satisfied by the [SQLITE_CONFIG_SCRATCH]
+** buffer and where forced to overflow to [sqlite3_malloc()].  The values
+** returned include overflows because the requested allocation was too
+** larger (that is, because the requested allocation was larger than the
+** "sz" parameter to [SQLITE_CONFIG_SCRATCH]) and because no scratch buffer
+** slots were available.
+** </dd>)^
+**
+** [[SQLITE_STATUS_SCRATCH_SIZE]] ^(<dt>SQLITE_STATUS_SCRATCH_SIZE</dt>
+** <dd>This parameter records the largest memory allocation request
+** handed to [scratch memory allocator].  Only the value returned in the
+** *pHighwater parameter to [sqlite3_status()] is of interest.  
+** The value written into the *pCurrent parameter is undefined.</dd>)^
+**
+** [[SQLITE_STATUS_PARSER_STACK]] ^(<dt>SQLITE_STATUS_PARSER_STACK</dt>
+** <dd>The *pHighwater parameter records the deepest parser stack. 
+** The *pCurrent value is undefined.  The *pHighwater value is only
+** meaningful if SQLite is compiled with [YYTRACKMAXSTACKDEPTH].</dd>)^
+** </dl>
+**
+** New status parameters may be added from time to time.
+*/
+#define SQLITE_STATUS_MEMORY_USED          0
+#define SQLITE_STATUS_PAGECACHE_USED       1
+#define SQLITE_STATUS_PAGECACHE_OVERFLOW   2
+#define SQLITE_STATUS_SCRATCH_USED         3
+#define SQLITE_STATUS_SCRATCH_OVERFLOW     4
+#define SQLITE_STATUS_MALLOC_SIZE          5
+#define SQLITE_STATUS_PARSER_STACK         6
+#define SQLITE_STATUS_PAGECACHE_SIZE       7
+#define SQLITE_STATUS_SCRATCH_SIZE         8
+#define SQLITE_STATUS_MALLOC_COUNT         9
+
+/*
+** CAPI3REF: Database Connection Status
+** METHOD: sqlite3
+**
+** ^This interface is used to retrieve runtime status information 
+** about a single [database connection].  ^The first argument is the
+** database connection object to be interrogated.  ^The second argument
+** is an integer constant, taken from the set of
+** [SQLITE_DBSTATUS options], that
+** determines the parameter to interrogate.  The set of 
+** [SQLITE_DBSTATUS options] is likely
+** to grow in future releases of SQLite.
+**
+** ^The current value of the requested parameter is written into *pCur
+** and the highest instantaneous value is written into *pHiwtr.  ^If
+** the resetFlg is true, then the highest instantaneous value is
+** reset back down to the current value.
+**
+** ^The sqlite3_db_status() routine returns SQLITE_OK on success and a
+** non-zero [error code] on failure.
+**
+** See also: [sqlite3_status()] and [sqlite3_stmt_status()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_status(sqlite3*, int op, int *pCur, int *pHiwtr, int resetFlg);
+
+/*
+** CAPI3REF: Status Parameters for database connections
+** KEYWORDS: {SQLITE_DBSTATUS options}
+**
+** These constants are the available integer "verbs" that can be passed as
+** the second argument to the [sqlite3_db_status()] interface.
+**
+** New verbs may be added in future releases of SQLite. Existing verbs
+** might be discontinued. Applications should check the return code from
+** [sqlite3_db_status()] to make sure that the call worked.
+** The [sqlite3_db_status()] interface will return a non-zero error code
+** if a discontinued or unsupported verb is invoked.
+**
+** <dl>
+** [[SQLITE_DBSTATUS_LOOKASIDE_USED]] ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_USED</dt>
+** <dd>This parameter returns the number of lookaside memory slots currently
+** checked out.</dd>)^
+**
+** [[SQLITE_DBSTATUS_LOOKASIDE_HIT]] ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_HIT</dt>
+** <dd>This parameter returns the number malloc attempts that were 
+** satisfied using lookaside memory. Only the high-water value is meaningful;
+** the current value is always zero.)^
+**
+** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE]]
+** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE</dt>
+** <dd>This parameter returns the number malloc attempts that might have
+** been satisfied using lookaside memory but failed due to the amount of
+** memory requested being larger than the lookaside slot size.
+** Only the high-water value is meaningful;
+** the current value is always zero.)^
+**
+** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL]]
+** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL</dt>
+** <dd>This parameter returns the number malloc attempts that might have
+** been satisfied using lookaside memory but failed due to all lookaside
+** memory already being in use.
+** Only the high-water value is meaningful;
+** the current value is always zero.)^
+**
+** [[SQLITE_DBSTATUS_CACHE_USED]] ^(<dt>SQLITE_DBSTATUS_CACHE_USED</dt>
+** <dd>This parameter returns the approximate number of bytes of heap
+** memory used by all pager caches associated with the database connection.)^
+** ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_USED is always 0.
+**
+** [[SQLITE_DBSTATUS_SCHEMA_USED]] ^(<dt>SQLITE_DBSTATUS_SCHEMA_USED</dt>
+** <dd>This parameter returns the approximate number of bytes of heap
+** memory used to store the schema for all databases associated
+** with the connection - main, temp, and any [ATTACH]-ed databases.)^ 
+** ^The full amount of memory used by the schemas is reported, even if the
+** schema memory is shared with other database connections due to
+** [shared cache mode] being enabled.
+** ^The highwater mark associated with SQLITE_DBSTATUS_SCHEMA_USED is always 0.
+**
+** [[SQLITE_DBSTATUS_STMT_USED]] ^(<dt>SQLITE_DBSTATUS_STMT_USED</dt>
+** <dd>This parameter returns the approximate number of bytes of heap
+** and lookaside memory used by all prepared statements associated with
+** the database connection.)^
+** ^The highwater mark associated with SQLITE_DBSTATUS_STMT_USED is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_CACHE_HIT]] ^(<dt>SQLITE_DBSTATUS_CACHE_HIT</dt>
+** <dd>This parameter returns the number of pager cache hits that have
+** occurred.)^ ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_HIT 
+** is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_CACHE_MISS]] ^(<dt>SQLITE_DBSTATUS_CACHE_MISS</dt>
+** <dd>This parameter returns the number of pager cache misses that have
+** occurred.)^ ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_MISS 
+** is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_CACHE_WRITE]] ^(<dt>SQLITE_DBSTATUS_CACHE_WRITE</dt>
+** <dd>This parameter returns the number of dirty cache entries that have
+** been written to disk. Specifically, the number of pages written to the
+** wal file in wal mode databases, or the number of pages written to the
+** database file in rollback mode databases. Any pages written as part of
+** transaction rollback or database recovery operations are not included.
+** If an IO or other error occurs while writing a page to disk, the effect
+** on subsequent SQLITE_DBSTATUS_CACHE_WRITE requests is undefined.)^ ^The
+** highwater mark associated with SQLITE_DBSTATUS_CACHE_WRITE is always 0.
+** </dd>
+**
+** [[SQLITE_DBSTATUS_DEFERRED_FKS]] ^(<dt>SQLITE_DBSTATUS_DEFERRED_FKS</dt>
+** <dd>This parameter returns zero for the current value if and only if
+** all foreign key constraints (deferred or immediate) have been
+** resolved.)^  ^The highwater mark is always 0.
+** </dd>
+** </dl>
+*/
+#define SQLITE_DBSTATUS_LOOKASIDE_USED       0
+#define SQLITE_DBSTATUS_CACHE_USED           1
+#define SQLITE_DBSTATUS_SCHEMA_USED          2
+#define SQLITE_DBSTATUS_STMT_USED            3
+#define SQLITE_DBSTATUS_LOOKASIDE_HIT        4
+#define SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE  5
+#define SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL  6
+#define SQLITE_DBSTATUS_CACHE_HIT            7
+#define SQLITE_DBSTATUS_CACHE_MISS           8
+#define SQLITE_DBSTATUS_CACHE_WRITE          9
+#define SQLITE_DBSTATUS_DEFERRED_FKS        10
+#define SQLITE_DBSTATUS_MAX                 10   /* Largest defined DBSTATUS */
+
+
+/*
+** CAPI3REF: Prepared Statement Status
+** METHOD: sqlite3_stmt
+**
+** ^(Each prepared statement maintains various
+** [SQLITE_STMTSTATUS counters] that measure the number
+** of times it has performed specific operations.)^  These counters can
+** be used to monitor the performance characteristics of the prepared
+** statements.  For example, if the number of table steps greatly exceeds
+** the number of table searches or result rows, that would tend to indicate
+** that the prepared statement is using a full table scan rather than
+** an index.  
+**
+** ^(This interface is used to retrieve and reset counter values from
+** a [prepared statement].  The first argument is the prepared statement
+** object to be interrogated.  The second argument
+** is an integer code for a specific [SQLITE_STMTSTATUS counter]
+** to be interrogated.)^
+** ^The current value of the requested counter is returned.
+** ^If the resetFlg is true, then the counter is reset to zero after this
+** interface call returns.
+**
+** See also: [sqlite3_status()] and [sqlite3_db_status()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_status(sqlite3_stmt*, int op,int resetFlg);
+
+/*
+** CAPI3REF: Status Parameters for prepared statements
+** KEYWORDS: {SQLITE_STMTSTATUS counter} {SQLITE_STMTSTATUS counters}
+**
+** These preprocessor macros define integer codes that name counter
+** values associated with the [sqlite3_stmt_status()] interface.
+** The meanings of the various counters are as follows:
+**
+** <dl>
+** [[SQLITE_STMTSTATUS_FULLSCAN_STEP]] <dt>SQLITE_STMTSTATUS_FULLSCAN_STEP</dt>
+** <dd>^This is the number of times that SQLite has stepped forward in
+** a table as part of a full table scan.  Large numbers for this counter
+** may indicate opportunities for performance improvement through 
+** careful use of indices.</dd>
+**
+** [[SQLITE_STMTSTATUS_SORT]] <dt>SQLITE_STMTSTATUS_SORT</dt>
+** <dd>^This is the number of sort operations that have occurred.
+** A non-zero value in this counter may indicate an opportunity to
+** improvement performance through careful use of indices.</dd>
+**
+** [[SQLITE_STMTSTATUS_AUTOINDEX]] <dt>SQLITE_STMTSTATUS_AUTOINDEX</dt>
+** <dd>^This is the number of rows inserted into transient indices that
+** were created automatically in order to help joins run faster.
+** A non-zero value in this counter may indicate an opportunity to
+** improvement performance by adding permanent indices that do not
+** need to be reinitialized each time the statement is run.</dd>
+**
+** [[SQLITE_STMTSTATUS_VM_STEP]] <dt>SQLITE_STMTSTATUS_VM_STEP</dt>
+** <dd>^This is the number of virtual machine operations executed
+** by the prepared statement if that number is less than or equal
+** to 2147483647.  The number of virtual machine operations can be 
+** used as a proxy for the total work done by the prepared statement.
+** If the number of virtual machine operations exceeds 2147483647
+** then the value returned by this statement status code is undefined.
+** </dd>
+** </dl>
+*/
+#define SQLITE_STMTSTATUS_FULLSCAN_STEP     1
+#define SQLITE_STMTSTATUS_SORT              2
+#define SQLITE_STMTSTATUS_AUTOINDEX         3
+#define SQLITE_STMTSTATUS_VM_STEP           4
+
+/*
+** CAPI3REF: Custom Page Cache Object
+**
+** The sqlite3_pcache type is opaque.  It is implemented by
+** the pluggable module.  The SQLite core has no knowledge of
+** its size or internal structure and never deals with the
+** sqlite3_pcache object except by holding and passing pointers
+** to the object.
+**
+** See [sqlite3_pcache_methods2] for additional information.
+*/
+typedef struct sqlite3_pcache sqlite3_pcache;
+
+/*
+** CAPI3REF: Custom Page Cache Object
+**
+** The sqlite3_pcache_page object represents a single page in the
+** page cache.  The page cache will allocate instances of this
+** object.  Various methods of the page cache use pointers to instances
+** of this object as parameters or as their return value.
+**
+** See [sqlite3_pcache_methods2] for additional information.
+*/
+typedef struct sqlite3_pcache_page sqlite3_pcache_page;
+struct sqlite3_pcache_page {
+  void *pBuf;        /* The content of the page */
+  void *pExtra;      /* Extra information associated with the page */
+};
+
+/*
+** CAPI3REF: Application Defined Page Cache.
+** KEYWORDS: {page cache}
+**
+** ^(The [sqlite3_config]([SQLITE_CONFIG_PCACHE2], ...) interface can
+** register an alternative page cache implementation by passing in an 
+** instance of the sqlite3_pcache_methods2 structure.)^
+** In many applications, most of the heap memory allocated by 
+** SQLite is used for the page cache.
+** By implementing a 
+** custom page cache using this API, an application can better control
+** the amount of memory consumed by SQLite, the way in which 
+** that memory is allocated and released, and the policies used to 
+** determine exactly which parts of a database file are cached and for 
+** how long.
+**
+** The alternative page cache mechanism is an
+** extreme measure that is only needed by the most demanding applications.
+** The built-in page cache is recommended for most uses.
+**
+** ^(The contents of the sqlite3_pcache_methods2 structure are copied to an
+** internal buffer by SQLite within the call to [sqlite3_config].  Hence
+** the application may discard the parameter after the call to
+** [sqlite3_config()] returns.)^
+**
+** [[the xInit() page cache method]]
+** ^(The xInit() method is called once for each effective 
+** call to [sqlite3_initialize()])^
+** (usually only once during the lifetime of the process). ^(The xInit()
+** method is passed a copy of the sqlite3_pcache_methods2.pArg value.)^
+** The intent of the xInit() method is to set up global data structures 
+** required by the custom page cache implementation. 
+** ^(If the xInit() method is NULL, then the 
+** built-in default page cache is used instead of the application defined
+** page cache.)^
+**
+** [[the xShutdown() page cache method]]
+** ^The xShutdown() method is called by [sqlite3_shutdown()].
+** It can be used to clean up 
+** any outstanding resources before process shutdown, if required.
+** ^The xShutdown() method may be NULL.
+**
+** ^SQLite automatically serializes calls to the xInit method,
+** so the xInit method need not be threadsafe.  ^The
+** xShutdown method is only called from [sqlite3_shutdown()] so it does
+** not need to be threadsafe either.  All other methods must be threadsafe
+** in multithreaded applications.
+**
+** ^SQLite will never invoke xInit() more than once without an intervening
+** call to xShutdown().
+**
+** [[the xCreate() page cache methods]]
+** ^SQLite invokes the xCreate() method to construct a new cache instance.
+** SQLite will typically create one cache instance for each open database file,
+** though this is not guaranteed. ^The
+** first parameter, szPage, is the size in bytes of the pages that must
+** be allocated by the cache.  ^szPage will always a power of two.  ^The
+** second parameter szExtra is a number of bytes of extra storage 
+** associated with each page cache entry.  ^The szExtra parameter will
+** a number less than 250.  SQLite will use the
+** extra szExtra bytes on each page to store metadata about the underlying
+** database page on disk.  The value passed into szExtra depends
+** on the SQLite version, the target platform, and how SQLite was compiled.
+** ^The third argument to xCreate(), bPurgeable, is true if the cache being
+** created will be used to cache database pages of a file stored on disk, or
+** false if it is used for an in-memory database. The cache implementation
+** does not have to do anything special based with the value of bPurgeable;
+** it is purely advisory.  ^On a cache where bPurgeable is false, SQLite will
+** never invoke xUnpin() except to deliberately delete a page.
+** ^In other words, calls to xUnpin() on a cache with bPurgeable set to
+** false will always have the "discard" flag set to true.  
+** ^Hence, a cache created with bPurgeable false will
+** never contain any unpinned pages.
+**
+** [[the xCachesize() page cache method]]
+** ^(The xCachesize() method may be called at any time by SQLite to set the
+** suggested maximum cache-size (number of pages stored by) the cache
+** instance passed as the first argument. This is the value configured using
+** the SQLite "[PRAGMA cache_size]" command.)^  As with the bPurgeable
+** parameter, the implementation is not required to do anything with this
+** value; it is advisory only.
+**
+** [[the xPagecount() page cache methods]]
+** The xPagecount() method must return the number of pages currently
+** stored in the cache, both pinned and unpinned.
+** 
+** [[the xFetch() page cache methods]]
+** The xFetch() method locates a page in the cache and returns a pointer to 
+** an sqlite3_pcache_page object associated with that page, or a NULL pointer.
+** The pBuf element of the returned sqlite3_pcache_page object will be a
+** pointer to a buffer of szPage bytes used to store the content of a 
+** single database page.  The pExtra element of sqlite3_pcache_page will be
+** a pointer to the szExtra bytes of extra storage that SQLite has requested
+** for each entry in the page cache.
+**
+** The page to be fetched is determined by the key. ^The minimum key value
+** is 1.  After it has been retrieved using xFetch, the page is considered
+** to be "pinned".
+**
+** If the requested page is already in the page cache, then the page cache
+** implementation must return a pointer to the page buffer with its content
+** intact.  If the requested page is not already in the cache, then the
+** cache implementation should use the value of the createFlag
+** parameter to help it determined what action to take:
+**
+** <table border=1 width=85% align=center>
+** <tr><th> createFlag <th> Behavior when page is not already in cache
+** <tr><td> 0 <td> Do not allocate a new page.  Return NULL.
+** <tr><td> 1 <td> Allocate a new page if it easy and convenient to do so.
+**                 Otherwise return NULL.
+** <tr><td> 2 <td> Make every effort to allocate a new page.  Only return
+**                 NULL if allocating a new page is effectively impossible.
+** </table>
+**
+** ^(SQLite will normally invoke xFetch() with a createFlag of 0 or 1.  SQLite
+** will only use a createFlag of 2 after a prior call with a createFlag of 1
+** failed.)^  In between the to xFetch() calls, SQLite may
+** attempt to unpin one or more cache pages by spilling the content of
+** pinned pages to disk and synching the operating system disk cache.
+**
+** [[the xUnpin() page cache method]]
+** ^xUnpin() is called by SQLite with a pointer to a currently pinned page
+** as its second argument.  If the third parameter, discard, is non-zero,
+** then the page must be evicted from the cache.
+** ^If the discard parameter is
+** zero, then the page may be discarded or retained at the discretion of
+** page cache implementation. ^The page cache implementation
+** may choose to evict unpinned pages at any time.
+**
+** The cache must not perform any reference counting. A single 
+** call to xUnpin() unpins the page regardless of the number of prior calls 
+** to xFetch().
+**
+** [[the xRekey() page cache methods]]
+** The xRekey() method is used to change the key value associated with the
+** page passed as the second argument. If the cache
+** previously contains an entry associated with newKey, it must be
+** discarded. ^Any prior cache entry associated with newKey is guaranteed not
+** to be pinned.
+**
+** When SQLite calls the xTruncate() method, the cache must discard all
+** existing cache entries with page numbers (keys) greater than or equal
+** to the value of the iLimit parameter passed to xTruncate(). If any
+** of these pages are pinned, they are implicitly unpinned, meaning that
+** they can be safely discarded.
+**
+** [[the xDestroy() page cache method]]
+** ^The xDestroy() method is used to delete a cache allocated by xCreate().
+** All resources associated with the specified cache should be freed. ^After
+** calling the xDestroy() method, SQLite considers the [sqlite3_pcache*]
+** handle invalid, and will not use it with any other sqlite3_pcache_methods2
+** functions.
+**
+** [[the xShrink() page cache method]]
+** ^SQLite invokes the xShrink() method when it wants the page cache to
+** free up as much of heap memory as possible.  The page cache implementation
+** is not obligated to free any memory, but well-behaved implementations should
+** do their best.
+*/
+typedef struct sqlite3_pcache_methods2 sqlite3_pcache_methods2;
+struct sqlite3_pcache_methods2 {
+  int iVersion;
+  void *pArg;
+  int (*xInit)(void*);
+  void (*xShutdown)(void*);
+  sqlite3_pcache *(*xCreate)(int szPage, int szExtra, int bPurgeable);
+  void (*xCachesize)(sqlite3_pcache*, int nCachesize);
+  int (*xPagecount)(sqlite3_pcache*);
+  sqlite3_pcache_page *(*xFetch)(sqlite3_pcache*, unsigned key, int createFlag);
+  void (*xUnpin)(sqlite3_pcache*, sqlite3_pcache_page*, int discard);
+  void (*xRekey)(sqlite3_pcache*, sqlite3_pcache_page*, 
+      unsigned oldKey, unsigned newKey);
+  void (*xTruncate)(sqlite3_pcache*, unsigned iLimit);
+  void (*xDestroy)(sqlite3_pcache*);
+  void (*xShrink)(sqlite3_pcache*);
+};
+
+/*
+** This is the obsolete pcache_methods object that has now been replaced
+** by sqlite3_pcache_methods2.  This object is not used by SQLite.  It is
+** retained in the header file for backwards compatibility only.
+*/
+typedef struct sqlite3_pcache_methods sqlite3_pcache_methods;
+struct sqlite3_pcache_methods {
+  void *pArg;
+  int (*xInit)(void*);
+  void (*xShutdown)(void*);
+  sqlite3_pcache *(*xCreate)(int szPage, int bPurgeable);
+  void (*xCachesize)(sqlite3_pcache*, int nCachesize);
+  int (*xPagecount)(sqlite3_pcache*);
+  void *(*xFetch)(sqlite3_pcache*, unsigned key, int createFlag);
+  void (*xUnpin)(sqlite3_pcache*, void*, int discard);
+  void (*xRekey)(sqlite3_pcache*, void*, unsigned oldKey, unsigned newKey);
+  void (*xTruncate)(sqlite3_pcache*, unsigned iLimit);
+  void (*xDestroy)(sqlite3_pcache*);
+};
+
+
+/*
+** CAPI3REF: Online Backup Object
+**
+** The sqlite3_backup object records state information about an ongoing
+** online backup operation.  ^The sqlite3_backup object is created by
+** a call to [sqlite3_backup_init()] and is destroyed by a call to
+** [sqlite3_backup_finish()].
+**
+** See Also: [Using the SQLite Online Backup API]
+*/
+typedef struct sqlite3_backup sqlite3_backup;
+
+/*
+** CAPI3REF: Online Backup API.
+**
+** The backup API copies the content of one database into another.
+** It is useful either for creating backups of databases or
+** for copying in-memory databases to or from persistent files. 
+**
+** See Also: [Using the SQLite Online Backup API]
+**
+** ^SQLite holds a write transaction open on the destination database file
+** for the duration of the backup operation.
+** ^The source database is read-locked only while it is being read;
+** it is not locked continuously for the entire backup operation.
+** ^Thus, the backup may be performed on a live source database without
+** preventing other database connections from
+** reading or writing to the source database while the backup is underway.
+** 
+** ^(To perform a backup operation: 
+**   <ol>
+**     <li><b>sqlite3_backup_init()</b> is called once to initialize the
+**         backup, 
+**     <li><b>sqlite3_backup_step()</b> is called one or more times to transfer 
+**         the data between the two databases, and finally
+**     <li><b>sqlite3_backup_finish()</b> is called to release all resources 
+**         associated with the backup operation. 
+**   </ol>)^
+** There should be exactly one call to sqlite3_backup_finish() for each
+** successful call to sqlite3_backup_init().
+**
+** [[sqlite3_backup_init()]] <b>sqlite3_backup_init()</b>
+**
+** ^The D and N arguments to sqlite3_backup_init(D,N,S,M) are the 
+** [database connection] associated with the destination database 
+** and the database name, respectively.
+** ^The database name is "main" for the main database, "temp" for the
+** temporary database, or the name specified after the AS keyword in
+** an [ATTACH] statement for an attached database.
+** ^The S and M arguments passed to 
+** sqlite3_backup_init(D,N,S,M) identify the [database connection]
+** and database name of the source database, respectively.
+** ^The source and destination [database connections] (parameters S and D)
+** must be different or else sqlite3_backup_init(D,N,S,M) will fail with
+** an error.
+**
+** ^A call to sqlite3_backup_init() will fail, returning SQLITE_ERROR, if 
+** there is already a read or read-write transaction open on the 
+** destination database.
+**
+** ^If an error occurs within sqlite3_backup_init(D,N,S,M), then NULL is
+** returned and an error code and error message are stored in the
+** destination [database connection] D.
+** ^The error code and message for the failed call to sqlite3_backup_init()
+** can be retrieved using the [sqlite3_errcode()], [sqlite3_errmsg()], and/or
+** [sqlite3_errmsg16()] functions.
+** ^A successful call to sqlite3_backup_init() returns a pointer to an
+** [sqlite3_backup] object.
+** ^The [sqlite3_backup] object may be used with the sqlite3_backup_step() and
+** sqlite3_backup_finish() functions to perform the specified backup 
+** operation.
+**
+** [[sqlite3_backup_step()]] <b>sqlite3_backup_step()</b>
+**
+** ^Function sqlite3_backup_step(B,N) will copy up to N pages between 
+** the source and destination databases specified by [sqlite3_backup] object B.
+** ^If N is negative, all remaining source pages are copied. 
+** ^If sqlite3_backup_step(B,N) successfully copies N pages and there
+** are still more pages to be copied, then the function returns [SQLITE_OK].
+** ^If sqlite3_backup_step(B,N) successfully finishes copying all pages
+** from source to destination, then it returns [SQLITE_DONE].
+** ^If an error occurs while running sqlite3_backup_step(B,N),
+** then an [error code] is returned. ^As well as [SQLITE_OK] and
+** [SQLITE_DONE], a call to sqlite3_backup_step() may return [SQLITE_READONLY],
+** [SQLITE_NOMEM], [SQLITE_BUSY], [SQLITE_LOCKED], or an
+** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX] extended error code.
+**
+** ^(The sqlite3_backup_step() might return [SQLITE_READONLY] if
+** <ol>
+** <li> the destination database was opened read-only, or
+** <li> the destination database is using write-ahead-log journaling
+** and the destination and source page sizes differ, or
+** <li> the destination database is an in-memory database and the
+** destination and source page sizes differ.
+** </ol>)^
+**
+** ^If sqlite3_backup_step() cannot obtain a required file-system lock, then
+** the [sqlite3_busy_handler | busy-handler function]
+** is invoked (if one is specified). ^If the 
+** busy-handler returns non-zero before the lock is available, then 
+** [SQLITE_BUSY] is returned to the caller. ^In this case the call to
+** sqlite3_backup_step() can be retried later. ^If the source
+** [database connection]
+** is being used to write to the source database when sqlite3_backup_step()
+** is called, then [SQLITE_LOCKED] is returned immediately. ^Again, in this
+** case the call to sqlite3_backup_step() can be retried later on. ^(If
+** [SQLITE_IOERR_ACCESS | SQLITE_IOERR_XXX], [SQLITE_NOMEM], or
+** [SQLITE_READONLY] is returned, then 
+** there is no point in retrying the call to sqlite3_backup_step(). These 
+** errors are considered fatal.)^  The application must accept 
+** that the backup operation has failed and pass the backup operation handle 
+** to the sqlite3_backup_finish() to release associated resources.
+**
+** ^The first call to sqlite3_backup_step() obtains an exclusive lock
+** on the destination file. ^The exclusive lock is not released until either 
+** sqlite3_backup_finish() is called or the backup operation is complete 
+** and sqlite3_backup_step() returns [SQLITE_DONE].  ^Every call to
+** sqlite3_backup_step() obtains a [shared lock] on the source database that
+** lasts for the duration of the sqlite3_backup_step() call.
+** ^Because the source database is not locked between calls to
+** sqlite3_backup_step(), the source database may be modified mid-way
+** through the backup process.  ^If the source database is modified by an
+** external process or via a database connection other than the one being
+** used by the backup operation, then the backup will be automatically
+** restarted by the next call to sqlite3_backup_step(). ^If the source 
+** database is modified by the using the same database connection as is used
+** by the backup operation, then the backup database is automatically
+** updated at the same time.
+**
+** [[sqlite3_backup_finish()]] <b>sqlite3_backup_finish()</b>
+**
+** When sqlite3_backup_step() has returned [SQLITE_DONE], or when the 
+** application wishes to abandon the backup operation, the application
+** should destroy the [sqlite3_backup] by passing it to sqlite3_backup_finish().
+** ^The sqlite3_backup_finish() interfaces releases all
+** resources associated with the [sqlite3_backup] object. 
+** ^If sqlite3_backup_step() has not yet returned [SQLITE_DONE], then any
+** active write-transaction on the destination database is rolled back.
+** The [sqlite3_backup] object is invalid
+** and may not be used following a call to sqlite3_backup_finish().
+**
+** ^The value returned by sqlite3_backup_finish is [SQLITE_OK] if no
+** sqlite3_backup_step() errors occurred, regardless or whether or not
+** sqlite3_backup_step() completed.
+** ^If an out-of-memory condition or IO error occurred during any prior
+** sqlite3_backup_step() call on the same [sqlite3_backup] object, then
+** sqlite3_backup_finish() returns the corresponding [error code].
+**
+** ^A return of [SQLITE_BUSY] or [SQLITE_LOCKED] from sqlite3_backup_step()
+** is not a permanent error and does not affect the return value of
+** sqlite3_backup_finish().
+**
+** [[sqlite3_backup_remaining()]] [[sqlite3_backup_pagecount()]]
+** <b>sqlite3_backup_remaining() and sqlite3_backup_pagecount()</b>
+**
+** ^The sqlite3_backup_remaining() routine returns the number of pages still
+** to be backed up at the conclusion of the most recent sqlite3_backup_step().
+** ^The sqlite3_backup_pagecount() routine returns the total number of pages
+** in the source database at the conclusion of the most recent
+** sqlite3_backup_step().
+** ^(The values returned by these functions are only updated by
+** sqlite3_backup_step(). If the source database is modified in a way that
+** changes the size of the source database or the number of pages remaining,
+** those changes are not reflected in the output of sqlite3_backup_pagecount()
+** and sqlite3_backup_remaining() until after the next
+** sqlite3_backup_step().)^
+**
+** <b>Concurrent Usage of Database Handles</b>
+**
+** ^The source [database connection] may be used by the application for other
+** purposes while a backup operation is underway or being initialized.
+** ^If SQLite is compiled and configured to support threadsafe database
+** connections, then the source database connection may be used concurrently
+** from within other threads.
+**
+** However, the application must guarantee that the destination 
+** [database connection] is not passed to any other API (by any thread) after 
+** sqlite3_backup_init() is called and before the corresponding call to
+** sqlite3_backup_finish().  SQLite does not currently check to see
+** if the application incorrectly accesses the destination [database connection]
+** and so no error code is reported, but the operations may malfunction
+** nevertheless.  Use of the destination database connection while a
+** backup is in progress might also also cause a mutex deadlock.
+**
+** If running in [shared cache mode], the application must
+** guarantee that the shared cache used by the destination database
+** is not accessed while the backup is running. In practice this means
+** that the application must guarantee that the disk file being 
+** backed up to is not accessed by any connection within the process,
+** not just the specific connection that was passed to sqlite3_backup_init().
+**
+** The [sqlite3_backup] object itself is partially threadsafe. Multiple 
+** threads may safely make multiple concurrent calls to sqlite3_backup_step().
+** However, the sqlite3_backup_remaining() and sqlite3_backup_pagecount()
+** APIs are not strictly speaking threadsafe. If they are invoked at the
+** same time as another thread is invoking sqlite3_backup_step() it is
+** possible that they return invalid values.
+*/
+SQLITE_API sqlite3_backup *SQLITE_STDCALL sqlite3_backup_init(
+  sqlite3 *pDest,                        /* Destination database handle */
+  const char *zDestName,                 /* Destination database name */
+  sqlite3 *pSource,                      /* Source database handle */
+  const char *zSourceName                /* Source database name */
+);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_step(sqlite3_backup *p, int nPage);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_finish(sqlite3_backup *p);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_remaining(sqlite3_backup *p);
+SQLITE_API int SQLITE_STDCALL sqlite3_backup_pagecount(sqlite3_backup *p);
+
+/*
+** CAPI3REF: Unlock Notification
+** METHOD: sqlite3
+**
+** ^When running in shared-cache mode, a database operation may fail with
+** an [SQLITE_LOCKED] error if the required locks on the shared-cache or
+** individual tables within the shared-cache cannot be obtained. See
+** [SQLite Shared-Cache Mode] for a description of shared-cache locking. 
+** ^This API may be used to register a callback that SQLite will invoke 
+** when the connection currently holding the required lock relinquishes it.
+** ^This API is only available if the library was compiled with the
+** [SQLITE_ENABLE_UNLOCK_NOTIFY] C-preprocessor symbol defined.
+**
+** See Also: [Using the SQLite Unlock Notification Feature].
+**
+** ^Shared-cache locks are released when a database connection concludes
+** its current transaction, either by committing it or rolling it back. 
+**
+** ^When a connection (known as the blocked connection) fails to obtain a
+** shared-cache lock and SQLITE_LOCKED is returned to the caller, the
+** identity of the database connection (the blocking connection) that
+** has locked the required resource is stored internally. ^After an 
+** application receives an SQLITE_LOCKED error, it may call the
+** sqlite3_unlock_notify() method with the blocked connection handle as 
+** the first argument to register for a callback that will be invoked
+** when the blocking connections current transaction is concluded. ^The
+** callback is invoked from within the [sqlite3_step] or [sqlite3_close]
+** call that concludes the blocking connections transaction.
+**
+** ^(If sqlite3_unlock_notify() is called in a multi-threaded application,
+** there is a chance that the blocking connection will have already
+** concluded its transaction by the time sqlite3_unlock_notify() is invoked.
+** If this happens, then the specified callback is invoked immediately,
+** from within the call to sqlite3_unlock_notify().)^
+**
+** ^If the blocked connection is attempting to obtain a write-lock on a
+** shared-cache table, and more than one other connection currently holds
+** a read-lock on the same table, then SQLite arbitrarily selects one of 
+** the other connections to use as the blocking connection.
+**
+** ^(There may be at most one unlock-notify callback registered by a 
+** blocked connection. If sqlite3_unlock_notify() is called when the
+** blocked connection already has a registered unlock-notify callback,
+** then the new callback replaces the old.)^ ^If sqlite3_unlock_notify() is
+** called with a NULL pointer as its second argument, then any existing
+** unlock-notify callback is canceled. ^The blocked connections 
+** unlock-notify callback may also be canceled by closing the blocked
+** connection using [sqlite3_close()].
+**
+** The unlock-notify callback is not reentrant. If an application invokes
+** any sqlite3_xxx API functions from within an unlock-notify callback, a
+** crash or deadlock may be the result.
+**
+** ^Unless deadlock is detected (see below), sqlite3_unlock_notify() always
+** returns SQLITE_OK.
+**
+** <b>Callback Invocation Details</b>
+**
+** When an unlock-notify callback is registered, the application provides a 
+** single void* pointer that is passed to the callback when it is invoked.
+** However, the signature of the callback function allows SQLite to pass
+** it an array of void* context pointers. The first argument passed to
+** an unlock-notify callback is a pointer to an array of void* pointers,
+** and the second is the number of entries in the array.
+**
+** When a blocking connections transaction is concluded, there may be
+** more than one blocked connection that has registered for an unlock-notify
+** callback. ^If two or more such blocked connections have specified the
+** same callback function, then instead of invoking the callback function
+** multiple times, it is invoked once with the set of void* context pointers
+** specified by the blocked connections bundled together into an array.
+** This gives the application an opportunity to prioritize any actions 
+** related to the set of unblocked database connections.
+**
+** <b>Deadlock Detection</b>
+**
+** Assuming that after registering for an unlock-notify callback a 
+** database waits for the callback to be issued before taking any further
+** action (a reasonable assumption), then using this API may cause the
+** application to deadlock. For example, if connection X is waiting for
+** connection Y's transaction to be concluded, and similarly connection
+** Y is waiting on connection X's transaction, then neither connection
+** will proceed and the system may remain deadlocked indefinitely.
+**
+** To avoid this scenario, the sqlite3_unlock_notify() performs deadlock
+** detection. ^If a given call to sqlite3_unlock_notify() would put the
+** system in a deadlocked state, then SQLITE_LOCKED is returned and no
+** unlock-notify callback is registered. The system is said to be in
+** a deadlocked state if connection A has registered for an unlock-notify
+** callback on the conclusion of connection B's transaction, and connection
+** B has itself registered for an unlock-notify callback when connection
+** A's transaction is concluded. ^Indirect deadlock is also detected, so
+** the system is also considered to be deadlocked if connection B has
+** registered for an unlock-notify callback on the conclusion of connection
+** C's transaction, where connection C is waiting on connection A. ^Any
+** number of levels of indirection are allowed.
+**
+** <b>The "DROP TABLE" Exception</b>
+**
+** When a call to [sqlite3_step()] returns SQLITE_LOCKED, it is almost 
+** always appropriate to call sqlite3_unlock_notify(). There is however,
+** one exception. When executing a "DROP TABLE" or "DROP INDEX" statement,
+** SQLite checks if there are any currently executing SELECT statements
+** that belong to the same connection. If there are, SQLITE_LOCKED is
+** returned. In this case there is no "blocking connection", so invoking
+** sqlite3_unlock_notify() results in the unlock-notify callback being
+** invoked immediately. If the application then re-attempts the "DROP TABLE"
+** or "DROP INDEX" query, an infinite loop might be the result.
+**
+** One way around this problem is to check the extended error code returned
+** by an sqlite3_step() call. ^(If there is a blocking connection, then the
+** extended error code is set to SQLITE_LOCKED_SHAREDCACHE. Otherwise, in
+** the special "DROP TABLE/INDEX" case, the extended error code is just 
+** SQLITE_LOCKED.)^
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_unlock_notify(
+  sqlite3 *pBlocked,                          /* Waiting connection */
+  void (*xNotify)(void **apArg, int nArg),    /* Callback function to invoke */
+  void *pNotifyArg                            /* Argument to pass to xNotify */
+);
+
+
+/*
+** CAPI3REF: String Comparison
+**
+** ^The [sqlite3_stricmp()] and [sqlite3_strnicmp()] APIs allow applications
+** and extensions to compare the contents of two buffers containing UTF-8
+** strings in a case-independent fashion, using the same definition of "case
+** independence" that SQLite uses internally when comparing identifiers.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stricmp(const char *, const char *);
+SQLITE_API int SQLITE_STDCALL sqlite3_strnicmp(const char *, const char *, int);
+
+/*
+** CAPI3REF: String Globbing
+*
+** ^The [sqlite3_strglob(P,X)] interface returns zero if and only if
+** string X matches the [GLOB] pattern P.
+** ^The definition of [GLOB] pattern matching used in
+** [sqlite3_strglob(P,X)] is the same as for the "X GLOB P" operator in the
+** SQL dialect understood by SQLite.  ^The [sqlite3_strglob(P,X)] function
+** is case sensitive.
+**
+** Note that this routine returns zero on a match and non-zero if the strings
+** do not match, the same as [sqlite3_stricmp()] and [sqlite3_strnicmp()].
+**
+** See also: [sqlite3_strlike()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_strglob(const char *zGlob, const char *zStr);
+
+/*
+** CAPI3REF: String LIKE Matching
+*
+** ^The [sqlite3_strlike(P,X,E)] interface returns zero if and only if
+** string X matches the [LIKE] pattern P with escape character E.
+** ^The definition of [LIKE] pattern matching used in
+** [sqlite3_strlike(P,X,E)] is the same as for the "X LIKE P ESCAPE E"
+** operator in the SQL dialect understood by SQLite.  ^For "X LIKE P" without
+** the ESCAPE clause, set the E parameter of [sqlite3_strlike(P,X,E)] to 0.
+** ^As with the LIKE operator, the [sqlite3_strlike(P,X,E)] function is case
+** insensitive - equivalent upper and lower case ASCII characters match
+** one another.
+**
+** ^The [sqlite3_strlike(P,X,E)] function matches Unicode characters, though
+** only ASCII characters are case folded.
+**
+** Note that this routine returns zero on a match and non-zero if the strings
+** do not match, the same as [sqlite3_stricmp()] and [sqlite3_strnicmp()].
+**
+** See also: [sqlite3_strglob()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_strlike(const char *zGlob, const char *zStr, unsigned int cEsc);
+
+/*
+** CAPI3REF: Error Logging Interface
+**
+** ^The [sqlite3_log()] interface writes a message into the [error log]
+** established by the [SQLITE_CONFIG_LOG] option to [sqlite3_config()].
+** ^If logging is enabled, the zFormat string and subsequent arguments are
+** used with [sqlite3_snprintf()] to generate the final output string.
+**
+** The sqlite3_log() interface is intended for use by extensions such as
+** virtual tables, collating functions, and SQL functions.  While there is
+** nothing to prevent an application from calling sqlite3_log(), doing so
+** is considered bad form.
+**
+** The zFormat string must not be NULL.
+**
+** To avoid deadlocks and other threading problems, the sqlite3_log() routine
+** will not use dynamically allocated memory.  The log message is stored in
+** a fixed-length buffer on the stack.  If the log message is longer than
+** a few hundred characters, it will be truncated to the length of the
+** buffer.
+*/
+SQLITE_API void SQLITE_CDECL sqlite3_log(int iErrCode, const char *zFormat, ...);
+
+/*
+** CAPI3REF: Write-Ahead Log Commit Hook
+** METHOD: sqlite3
+**
+** ^The [sqlite3_wal_hook()] function is used to register a callback that
+** is invoked each time data is committed to a database in wal mode.
+**
+** ^(The callback is invoked by SQLite after the commit has taken place and 
+** the associated write-lock on the database released)^, so the implementation 
+** may read, write or [checkpoint] the database as required.
+**
+** ^The first parameter passed to the callback function when it is invoked
+** is a copy of the third parameter passed to sqlite3_wal_hook() when
+** registering the callback. ^The second is a copy of the database handle.
+** ^The third parameter is the name of the database that was written to -
+** either "main" or the name of an [ATTACH]-ed database. ^The fourth parameter
+** is the number of pages currently in the write-ahead log file,
+** including those that were just committed.
+**
+** The callback function should normally return [SQLITE_OK].  ^If an error
+** code is returned, that error will propagate back up through the
+** SQLite code base to cause the statement that provoked the callback
+** to report an error, though the commit will have still occurred. If the
+** callback returns [SQLITE_ROW] or [SQLITE_DONE], or if it returns a value
+** that does not correspond to any valid SQLite error code, the results
+** are undefined.
+**
+** A single database handle may have at most a single write-ahead log callback 
+** registered at one time. ^Calling [sqlite3_wal_hook()] replaces any
+** previously registered write-ahead log callback. ^Note that the
+** [sqlite3_wal_autocheckpoint()] interface and the
+** [wal_autocheckpoint pragma] both invoke [sqlite3_wal_hook()] and will
+** those overwrite any prior [sqlite3_wal_hook()] settings.
+*/
+SQLITE_API void *SQLITE_STDCALL sqlite3_wal_hook(
+  sqlite3*, 
+  int(*)(void *,sqlite3*,const char*,int),
+  void*
+);
+
+/*
+** CAPI3REF: Configure an auto-checkpoint
+** METHOD: sqlite3
+**
+** ^The [sqlite3_wal_autocheckpoint(D,N)] is a wrapper around
+** [sqlite3_wal_hook()] that causes any database on [database connection] D
+** to automatically [checkpoint]
+** after committing a transaction if there are N or
+** more frames in the [write-ahead log] file.  ^Passing zero or 
+** a negative value as the nFrame parameter disables automatic
+** checkpoints entirely.
+**
+** ^The callback registered by this function replaces any existing callback
+** registered using [sqlite3_wal_hook()].  ^Likewise, registering a callback
+** using [sqlite3_wal_hook()] disables the automatic checkpoint mechanism
+** configured by this function.
+**
+** ^The [wal_autocheckpoint pragma] can be used to invoke this interface
+** from SQL.
+**
+** ^Checkpoints initiated by this mechanism are
+** [sqlite3_wal_checkpoint_v2|PASSIVE].
+**
+** ^Every new [database connection] defaults to having the auto-checkpoint
+** enabled with a threshold of 1000 or [SQLITE_DEFAULT_WAL_AUTOCHECKPOINT]
+** pages.  The use of this interface
+** is only necessary if the default setting is found to be suboptimal
+** for a particular application.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_autocheckpoint(sqlite3 *db, int N);
+
+/*
+** CAPI3REF: Checkpoint a database
+** METHOD: sqlite3
+**
+** ^(The sqlite3_wal_checkpoint(D,X) is equivalent to
+** [sqlite3_wal_checkpoint_v2](D,X,[SQLITE_CHECKPOINT_PASSIVE],0,0).)^
+**
+** In brief, sqlite3_wal_checkpoint(D,X) causes the content in the 
+** [write-ahead log] for database X on [database connection] D to be
+** transferred into the database file and for the write-ahead log to
+** be reset.  See the [checkpointing] documentation for addition
+** information.
+**
+** This interface used to be the only way to cause a checkpoint to
+** occur.  But then the newer and more powerful [sqlite3_wal_checkpoint_v2()]
+** interface was added.  This interface is retained for backwards
+** compatibility and as a convenience for applications that need to manually
+** start a callback but which do not need the full power (and corresponding
+** complication) of [sqlite3_wal_checkpoint_v2()].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_checkpoint(sqlite3 *db, const char *zDb);
+
+/*
+** CAPI3REF: Checkpoint a database
+** METHOD: sqlite3
+**
+** ^(The sqlite3_wal_checkpoint_v2(D,X,M,L,C) interface runs a checkpoint
+** operation on database X of [database connection] D in mode M.  Status
+** information is written back into integers pointed to by L and C.)^
+** ^(The M parameter must be a valid [checkpoint mode]:)^
+**
+** <dl>
+** <dt>SQLITE_CHECKPOINT_PASSIVE<dd>
+**   ^Checkpoint as many frames as possible without waiting for any database 
+**   readers or writers to finish, then sync the database file if all frames 
+**   in the log were checkpointed. ^The [busy-handler callback]
+**   is never invoked in the SQLITE_CHECKPOINT_PASSIVE mode.  
+**   ^On the other hand, passive mode might leave the checkpoint unfinished
+**   if there are concurrent readers or writers.
+**
+** <dt>SQLITE_CHECKPOINT_FULL<dd>
+**   ^This mode blocks (it invokes the
+**   [sqlite3_busy_handler|busy-handler callback]) until there is no
+**   database writer and all readers are reading from the most recent database
+**   snapshot. ^It then checkpoints all frames in the log file and syncs the
+**   database file. ^This mode blocks new database writers while it is pending,
+**   but new database readers are allowed to continue unimpeded.
+**
+** <dt>SQLITE_CHECKPOINT_RESTART<dd>
+**   ^This mode works the same way as SQLITE_CHECKPOINT_FULL with the addition
+**   that after checkpointing the log file it blocks (calls the 
+**   [busy-handler callback])
+**   until all readers are reading from the database file only. ^This ensures 
+**   that the next writer will restart the log file from the beginning.
+**   ^Like SQLITE_CHECKPOINT_FULL, this mode blocks new
+**   database writer attempts while it is pending, but does not impede readers.
+**
+** <dt>SQLITE_CHECKPOINT_TRUNCATE<dd>
+**   ^This mode works the same way as SQLITE_CHECKPOINT_RESTART with the
+**   addition that it also truncates the log file to zero bytes just prior
+**   to a successful return.
+** </dl>
+**
+** ^If pnLog is not NULL, then *pnLog is set to the total number of frames in
+** the log file or to -1 if the checkpoint could not run because
+** of an error or because the database is not in [WAL mode]. ^If pnCkpt is not
+** NULL,then *pnCkpt is set to the total number of checkpointed frames in the
+** log file (including any that were already checkpointed before the function
+** was called) or to -1 if the checkpoint could not run due to an error or
+** because the database is not in WAL mode. ^Note that upon successful
+** completion of an SQLITE_CHECKPOINT_TRUNCATE, the log file will have been
+** truncated to zero bytes and so both *pnLog and *pnCkpt will be set to zero.
+**
+** ^All calls obtain an exclusive "checkpoint" lock on the database file. ^If
+** any other process is running a checkpoint operation at the same time, the 
+** lock cannot be obtained and SQLITE_BUSY is returned. ^Even if there is a 
+** busy-handler configured, it will not be invoked in this case.
+**
+** ^The SQLITE_CHECKPOINT_FULL, RESTART and TRUNCATE modes also obtain the 
+** exclusive "writer" lock on the database file. ^If the writer lock cannot be
+** obtained immediately, and a busy-handler is configured, it is invoked and
+** the writer lock retried until either the busy-handler returns 0 or the lock
+** is successfully obtained. ^The busy-handler is also invoked while waiting for
+** database readers as described above. ^If the busy-handler returns 0 before
+** the writer lock is obtained or while waiting for database readers, the
+** checkpoint operation proceeds from that point in the same way as 
+** SQLITE_CHECKPOINT_PASSIVE - checkpointing as many frames as possible 
+** without blocking any further. ^SQLITE_BUSY is returned in this case.
+**
+** ^If parameter zDb is NULL or points to a zero length string, then the
+** specified operation is attempted on all WAL databases [attached] to 
+** [database connection] db.  In this case the
+** values written to output parameters *pnLog and *pnCkpt are undefined. ^If 
+** an SQLITE_BUSY error is encountered when processing one or more of the 
+** attached WAL databases, the operation is still attempted on any remaining 
+** attached databases and SQLITE_BUSY is returned at the end. ^If any other 
+** error occurs while processing an attached database, processing is abandoned 
+** and the error code is returned to the caller immediately. ^If no error 
+** (SQLITE_BUSY or otherwise) is encountered while processing the attached 
+** databases, SQLITE_OK is returned.
+**
+** ^If database zDb is the name of an attached database that is not in WAL
+** mode, SQLITE_OK is returned and both *pnLog and *pnCkpt set to -1. ^If
+** zDb is not NULL (or a zero length string) and is not the name of any
+** attached database, SQLITE_ERROR is returned to the caller.
+**
+** ^Unless it returns SQLITE_MISUSE,
+** the sqlite3_wal_checkpoint_v2() interface
+** sets the error information that is queried by
+** [sqlite3_errcode()] and [sqlite3_errmsg()].
+**
+** ^The [PRAGMA wal_checkpoint] command can be used to invoke this interface
+** from SQL.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_wal_checkpoint_v2(
+  sqlite3 *db,                    /* Database handle */
+  const char *zDb,                /* Name of attached database (or NULL) */
+  int eMode,                      /* SQLITE_CHECKPOINT_* value */
+  int *pnLog,                     /* OUT: Size of WAL log in frames */
+  int *pnCkpt                     /* OUT: Total number of frames checkpointed */
+);
+
+/*
+** CAPI3REF: Checkpoint Mode Values
+** KEYWORDS: {checkpoint mode}
+**
+** These constants define all valid values for the "checkpoint mode" passed
+** as the third parameter to the [sqlite3_wal_checkpoint_v2()] interface.
+** See the [sqlite3_wal_checkpoint_v2()] documentation for details on the
+** meaning of each of these checkpoint modes.
+*/
+#define SQLITE_CHECKPOINT_PASSIVE  0  /* Do as much as possible w/o blocking */
+#define SQLITE_CHECKPOINT_FULL     1  /* Wait for writers, then checkpoint */
+#define SQLITE_CHECKPOINT_RESTART  2  /* Like FULL but wait for for readers */
+#define SQLITE_CHECKPOINT_TRUNCATE 3  /* Like RESTART but also truncate WAL */
+
+/*
+** CAPI3REF: Virtual Table Interface Configuration
+**
+** This function may be called by either the [xConnect] or [xCreate] method
+** of a [virtual table] implementation to configure
+** various facets of the virtual table interface.
+**
+** If this interface is invoked outside the context of an xConnect or
+** xCreate virtual table method then the behavior is undefined.
+**
+** At present, there is only one option that may be configured using
+** this function. (See [SQLITE_VTAB_CONSTRAINT_SUPPORT].)  Further options
+** may be added in the future.
+*/
+SQLITE_API int SQLITE_CDECL sqlite3_vtab_config(sqlite3*, int op, ...);
+
+/*
+** CAPI3REF: Virtual Table Configuration Options
+**
+** These macros define the various options to the
+** [sqlite3_vtab_config()] interface that [virtual table] implementations
+** can use to customize and optimize their behavior.
+**
+** <dl>
+** <dt>SQLITE_VTAB_CONSTRAINT_SUPPORT
+** <dd>Calls of the form
+** [sqlite3_vtab_config](db,SQLITE_VTAB_CONSTRAINT_SUPPORT,X) are supported,
+** where X is an integer.  If X is zero, then the [virtual table] whose
+** [xCreate] or [xConnect] method invoked [sqlite3_vtab_config()] does not
+** support constraints.  In this configuration (which is the default) if
+** a call to the [xUpdate] method returns [SQLITE_CONSTRAINT], then the entire
+** statement is rolled back as if [ON CONFLICT | OR ABORT] had been
+** specified as part of the users SQL statement, regardless of the actual
+** ON CONFLICT mode specified.
+**
+** If X is non-zero, then the virtual table implementation guarantees
+** that if [xUpdate] returns [SQLITE_CONSTRAINT], it will do so before
+** any modifications to internal or persistent data structures have been made.
+** If the [ON CONFLICT] mode is ABORT, FAIL, IGNORE or ROLLBACK, SQLite 
+** is able to roll back a statement or database transaction, and abandon
+** or continue processing the current SQL statement as appropriate. 
+** If the ON CONFLICT mode is REPLACE and the [xUpdate] method returns
+** [SQLITE_CONSTRAINT], SQLite handles this as if the ON CONFLICT mode
+** had been ABORT.
+**
+** Virtual table implementations that are required to handle OR REPLACE
+** must do so within the [xUpdate] method. If a call to the 
+** [sqlite3_vtab_on_conflict()] function indicates that the current ON 
+** CONFLICT policy is REPLACE, the virtual table implementation should 
+** silently replace the appropriate rows within the xUpdate callback and
+** return SQLITE_OK. Or, if this is not possible, it may return
+** SQLITE_CONSTRAINT, in which case SQLite falls back to OR ABORT 
+** constraint handling.
+** </dl>
+*/
+#define SQLITE_VTAB_CONSTRAINT_SUPPORT 1
+
+/*
+** CAPI3REF: Determine The Virtual Table Conflict Policy
+**
+** This function may only be called from within a call to the [xUpdate] method
+** of a [virtual table] implementation for an INSERT or UPDATE operation. ^The
+** value returned is one of [SQLITE_ROLLBACK], [SQLITE_IGNORE], [SQLITE_FAIL],
+** [SQLITE_ABORT], or [SQLITE_REPLACE], according to the [ON CONFLICT] mode
+** of the SQL statement that triggered the call to the [xUpdate] method of the
+** [virtual table].
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_vtab_on_conflict(sqlite3 *);
+
+/*
+** CAPI3REF: Conflict resolution modes
+** KEYWORDS: {conflict resolution mode}
+**
+** These constants are returned by [sqlite3_vtab_on_conflict()] to
+** inform a [virtual table] implementation what the [ON CONFLICT] mode
+** is for the SQL statement being evaluated.
+**
+** Note that the [SQLITE_IGNORE] constant is also used as a potential
+** return value from the [sqlite3_set_authorizer()] callback and that
+** [SQLITE_ABORT] is also a [result code].
+*/
+#define SQLITE_ROLLBACK 1
+/* #define SQLITE_IGNORE 2 // Also used by sqlite3_authorizer() callback */
+#define SQLITE_FAIL     3
+/* #define SQLITE_ABORT 4  // Also an error code */
+#define SQLITE_REPLACE  5
+
+/*
+** CAPI3REF: Prepared Statement Scan Status Opcodes
+** KEYWORDS: {scanstatus options}
+**
+** The following constants can be used for the T parameter to the
+** [sqlite3_stmt_scanstatus(S,X,T,V)] interface.  Each constant designates a
+** different metric for sqlite3_stmt_scanstatus() to return.
+**
+** When the value returned to V is a string, space to hold that string is
+** managed by the prepared statement S and will be automatically freed when
+** S is finalized.
+**
+** <dl>
+** [[SQLITE_SCANSTAT_NLOOP]] <dt>SQLITE_SCANSTAT_NLOOP</dt>
+** <dd>^The [sqlite3_int64] variable pointed to by the T parameter will be
+** set to the total number of times that the X-th loop has run.</dd>
+**
+** [[SQLITE_SCANSTAT_NVISIT]] <dt>SQLITE_SCANSTAT_NVISIT</dt>
+** <dd>^The [sqlite3_int64] variable pointed to by the T parameter will be set
+** to the total number of rows examined by all iterations of the X-th loop.</dd>
+**
+** [[SQLITE_SCANSTAT_EST]] <dt>SQLITE_SCANSTAT_EST</dt>
+** <dd>^The "double" variable pointed to by the T parameter will be set to the
+** query planner's estimate for the average number of rows output from each
+** iteration of the X-th loop.  If the query planner's estimates was accurate,
+** then this value will approximate the quotient NVISIT/NLOOP and the
+** product of this value for all prior loops with the same SELECTID will
+** be the NLOOP value for the current loop.
+**
+** [[SQLITE_SCANSTAT_NAME]] <dt>SQLITE_SCANSTAT_NAME</dt>
+** <dd>^The "const char *" variable pointed to by the T parameter will be set
+** to a zero-terminated UTF-8 string containing the name of the index or table
+** used for the X-th loop.
+**
+** [[SQLITE_SCANSTAT_EXPLAIN]] <dt>SQLITE_SCANSTAT_EXPLAIN</dt>
+** <dd>^The "const char *" variable pointed to by the T parameter will be set
+** to a zero-terminated UTF-8 string containing the [EXPLAIN QUERY PLAN]
+** description for the X-th loop.
+**
+** [[SQLITE_SCANSTAT_SELECTID]] <dt>SQLITE_SCANSTAT_SELECT</dt>
+** <dd>^The "int" variable pointed to by the T parameter will be set to the
+** "select-id" for the X-th loop.  The select-id identifies which query or
+** subquery the loop is part of.  The main query has a select-id of zero.
+** The select-id is the same value as is output in the first column
+** of an [EXPLAIN QUERY PLAN] query.
+** </dl>
+*/
+#define SQLITE_SCANSTAT_NLOOP    0
+#define SQLITE_SCANSTAT_NVISIT   1
+#define SQLITE_SCANSTAT_EST      2
+#define SQLITE_SCANSTAT_NAME     3
+#define SQLITE_SCANSTAT_EXPLAIN  4
+#define SQLITE_SCANSTAT_SELECTID 5
+
+/*
+** CAPI3REF: Prepared Statement Scan Status
+** METHOD: sqlite3_stmt
+**
+** This interface returns information about the predicted and measured
+** performance for pStmt.  Advanced applications can use this
+** interface to compare the predicted and the measured performance and
+** issue warnings and/or rerun [ANALYZE] if discrepancies are found.
+**
+** Since this interface is expected to be rarely used, it is only
+** available if SQLite is compiled using the [SQLITE_ENABLE_STMT_SCANSTATUS]
+** compile-time option.
+**
+** The "iScanStatusOp" parameter determines which status information to return.
+** The "iScanStatusOp" must be one of the [scanstatus options] or the behavior
+** of this interface is undefined.
+** ^The requested measurement is written into a variable pointed to by
+** the "pOut" parameter.
+** Parameter "idx" identifies the specific loop to retrieve statistics for.
+** Loops are numbered starting from zero. ^If idx is out of range - less than
+** zero or greater than or equal to the total number of loops used to implement
+** the statement - a non-zero value is returned and the variable that pOut
+** points to is unchanged.
+**
+** ^Statistics might not be available for all loops in all statements. ^In cases
+** where there exist loops with no available statistics, this function behaves
+** as if the loop did not exist - it returns non-zero and leave the variable
+** that pOut points to unchanged.
+**
+** See also: [sqlite3_stmt_scanstatus_reset()]
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_stmt_scanstatus(
+  sqlite3_stmt *pStmt,      /* Prepared statement for which info desired */
+  int idx,                  /* Index of loop to report on */
+  int iScanStatusOp,        /* Information desired.  SQLITE_SCANSTAT_* */
+  void *pOut                /* Result written here */
+);     
+
+/*
+** CAPI3REF: Zero Scan-Status Counters
+** METHOD: sqlite3_stmt
+**
+** ^Zero all [sqlite3_stmt_scanstatus()] related event counters.
+**
+** This API is only available if the library is built with pre-processor
+** symbol [SQLITE_ENABLE_STMT_SCANSTATUS] defined.
+*/
+SQLITE_API void SQLITE_STDCALL sqlite3_stmt_scanstatus_reset(sqlite3_stmt*);
+
+/*
+** CAPI3REF: Flush caches to disk mid-transaction
+**
+** ^If a write-transaction is open on [database connection] D when the
+** [sqlite3_db_cacheflush(D)] interface invoked, any dirty
+** pages in the pager-cache that are not currently in use are written out 
+** to disk. A dirty page may be in use if a database cursor created by an
+** active SQL statement is reading from it, or if it is page 1 of a database
+** file (page 1 is always "in use").  ^The [sqlite3_db_cacheflush(D)]
+** interface flushes caches for all schemas - "main", "temp", and
+** any [attached] databases.
+**
+** ^If this function needs to obtain extra database locks before dirty pages 
+** can be flushed to disk, it does so. ^If those locks cannot be obtained 
+** immediately and there is a busy-handler callback configured, it is invoked
+** in the usual manner. ^If the required lock still cannot be obtained, then
+** the database is skipped and an attempt made to flush any dirty pages
+** belonging to the next (if any) database. ^If any databases are skipped
+** because locks cannot be obtained, but no other error occurs, this
+** function returns SQLITE_BUSY.
+**
+** ^If any other error occurs while flushing dirty pages to disk (for
+** example an IO error or out-of-memory condition), then processing is
+** abandoned and an SQLite [error code] is returned to the caller immediately.
+**
+** ^Otherwise, if no error occurs, [sqlite3_db_cacheflush()] returns SQLITE_OK.
+**
+** ^This function does not set the database handle error code or message
+** returned by the [sqlite3_errcode()] and [sqlite3_errmsg()] functions.
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_db_cacheflush(sqlite3*);
+
+/*
+** CAPI3REF: Database Snapshot
+** KEYWORDS: {snapshot}
+** EXPERIMENTAL
+**
+** An instance of the snapshot object records the state of a [WAL mode]
+** database for some specific point in history.
+**
+** In [WAL mode], multiple [database connections] that are open on the
+** same database file can each be reading a different historical version
+** of the database file.  When a [database connection] begins a read
+** transaction, that connection sees an unchanging copy of the database
+** as it existed for the point in time when the transaction first started.
+** Subsequent changes to the database from other connections are not seen
+** by the reader until a new read transaction is started.
+**
+** The sqlite3_snapshot object records state information about an historical
+** version of the database file so that it is possible to later open a new read
+** transaction that sees that historical version of the database rather than
+** the most recent version.
+**
+** The constructor for this object is [sqlite3_snapshot_get()].  The
+** [sqlite3_snapshot_open()] method causes a fresh read transaction to refer
+** to an historical snapshot (if possible).  The destructor for 
+** sqlite3_snapshot objects is [sqlite3_snapshot_free()].
+*/
+typedef struct sqlite3_snapshot sqlite3_snapshot;
+
+/*
+** CAPI3REF: Record A Database Snapshot
+** EXPERIMENTAL
+**
+** ^The [sqlite3_snapshot_get(D,S,P)] interface attempts to make a
+** new [sqlite3_snapshot] object that records the current state of
+** schema S in database connection D.  ^On success, the
+** [sqlite3_snapshot_get(D,S,P)] interface writes a pointer to the newly
+** created [sqlite3_snapshot] object into *P and returns SQLITE_OK.
+** ^If schema S of [database connection] D is not a [WAL mode] database
+** that is in a read transaction, then [sqlite3_snapshot_get(D,S,P)]
+** leaves the *P value unchanged and returns an appropriate [error code].
+**
+** The [sqlite3_snapshot] object returned from a successful call to
+** [sqlite3_snapshot_get()] must be freed using [sqlite3_snapshot_free()]
+** to avoid a memory leak.
+**
+** The [sqlite3_snapshot_get()] interface is only available when the
+** SQLITE_ENABLE_SNAPSHOT compile-time option is used.
+*/
+SQLITE_API SQLITE_EXPERIMENTAL int SQLITE_STDCALL sqlite3_snapshot_get(
+  sqlite3 *db,
+  const char *zSchema,
+  sqlite3_snapshot **ppSnapshot
+);
+
+/*
+** CAPI3REF: Start a read transaction on an historical snapshot
+** EXPERIMENTAL
+**
+** ^The [sqlite3_snapshot_open(D,S,P)] interface attempts to move the
+** read transaction that is currently open on schema S of
+** [database connection] D so that it refers to historical [snapshot] P.
+** ^The [sqlite3_snapshot_open()] interface returns SQLITE_OK on success
+** or an appropriate [error code] if it fails.
+**
+** ^In order to succeed, a call to [sqlite3_snapshot_open(D,S,P)] must be
+** the first operation, apart from other sqlite3_snapshot_open() calls,
+** following the [BEGIN] that starts a new read transaction.
+** ^A [snapshot] will fail to open if it has been overwritten by a 
+** [checkpoint].  
+**
+** The [sqlite3_snapshot_open()] interface is only available when the
+** SQLITE_ENABLE_SNAPSHOT compile-time option is used.
+*/
+SQLITE_API SQLITE_EXPERIMENTAL int SQLITE_STDCALL sqlite3_snapshot_open(
+  sqlite3 *db,
+  const char *zSchema,
+  sqlite3_snapshot *pSnapshot
+);
+
+/*
+** CAPI3REF: Destroy a snapshot
+** EXPERIMENTAL
+**
+** ^The [sqlite3_snapshot_free(P)] interface destroys [sqlite3_snapshot] P.
+** The application must eventually free every [sqlite3_snapshot] object
+** using this routine to avoid a memory leak.
+**
+** The [sqlite3_snapshot_free()] interface is only available when the
+** SQLITE_ENABLE_SNAPSHOT compile-time option is used.
+*/
+SQLITE_API SQLITE_EXPERIMENTAL void SQLITE_STDCALL sqlite3_snapshot_free(sqlite3_snapshot*);
+
+/*
+** Undo the hack that converts floating point types to integer for
+** builds on processors without floating point support.
+*/
+#ifdef SQLITE_OMIT_FLOATING_POINT
+# undef double
+#endif
+
+#ifdef __cplusplus
+}  /* End of the 'extern "C"' block */
+#endif
+#endif /* _SQLITE3_H_ */
+
+/*
+** 2010 August 30
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+*************************************************************************
+*/
+
+#ifndef _SQLITE3RTREE_H_
+#define _SQLITE3RTREE_H_
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct sqlite3_rtree_geometry sqlite3_rtree_geometry;
+typedef struct sqlite3_rtree_query_info sqlite3_rtree_query_info;
+
+/* The double-precision datatype used by RTree depends on the
+** SQLITE_RTREE_INT_ONLY compile-time option.
+*/
+#ifdef SQLITE_RTREE_INT_ONLY
+  typedef sqlite3_int64 sqlite3_rtree_dbl;
+#else
+  typedef double sqlite3_rtree_dbl;
+#endif
+
+/*
+** Register a geometry callback named zGeom that can be used as part of an
+** R-Tree geometry query as follows:
+**
+**   SELECT ... FROM <rtree> WHERE <rtree col> MATCH $zGeom(... params ...)
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rtree_geometry_callback(
+  sqlite3 *db,
+  const char *zGeom,
+  int (*xGeom)(sqlite3_rtree_geometry*, int, sqlite3_rtree_dbl*,int*),
+  void *pContext
+);
+
+
+/*
+** A pointer to a structure of the following type is passed as the first
+** argument to callbacks registered using rtree_geometry_callback().
+*/
+struct sqlite3_rtree_geometry {
+  void *pContext;                 /* Copy of pContext passed to s_r_g_c() */
+  int nParam;                     /* Size of array aParam[] */
+  sqlite3_rtree_dbl *aParam;      /* Parameters passed to SQL geom function */
+  void *pUser;                    /* Callback implementation user data */
+  void (*xDelUser)(void *);       /* Called by SQLite to clean up pUser */
+};
+
+/*
+** Register a 2nd-generation geometry callback named zScore that can be 
+** used as part of an R-Tree geometry query as follows:
+**
+**   SELECT ... FROM <rtree> WHERE <rtree col> MATCH $zQueryFunc(... params ...)
+*/
+SQLITE_API int SQLITE_STDCALL sqlite3_rtree_query_callback(
+  sqlite3 *db,
+  const char *zQueryFunc,
+  int (*xQueryFunc)(sqlite3_rtree_query_info*),
+  void *pContext,
+  void (*xDestructor)(void*)
+);
+
+
+/*
+** A pointer to a structure of the following type is passed as the 
+** argument to scored geometry callback registered using
+** sqlite3_rtree_query_callback().
+**
+** Note that the first 5 fields of this structure are identical to
+** sqlite3_rtree_geometry.  This structure is a subclass of
+** sqlite3_rtree_geometry.
+*/
+struct sqlite3_rtree_query_info {
+  void *pContext;                   /* pContext from when function registered */
+  int nParam;                       /* Number of function parameters */
+  sqlite3_rtree_dbl *aParam;        /* value of function parameters */
+  void *pUser;                      /* callback can use this, if desired */
+  void (*xDelUser)(void*);          /* function to free pUser */
+  sqlite3_rtree_dbl *aCoord;        /* Coordinates of node or entry to check */
+  unsigned int *anQueue;            /* Number of pending entries in the queue */
+  int nCoord;                       /* Number of coordinates */
+  int iLevel;                       /* Level of current node or entry */
+  int mxLevel;                      /* The largest iLevel value in the tree */
+  sqlite3_int64 iRowid;             /* Rowid for current entry */
+  sqlite3_rtree_dbl rParentScore;   /* Score of parent node */
+  int eParentWithin;                /* Visibility of parent node */
+  int eWithin;                      /* OUT: Visiblity */
+  sqlite3_rtree_dbl rScore;         /* OUT: Write the score here */
+  /* The following fields are only available in 3.8.11 and later */
+  sqlite3_value **apSqlParam;       /* Original SQL values of parameters */
+};
+
+/*
+** Allowed values for sqlite3_rtree_query.eWithin and .eParentWithin.
+*/
+#define NOT_WITHIN       0   /* Object completely outside of query region */
+#define PARTLY_WITHIN    1   /* Object partially overlaps query region */
+#define FULLY_WITHIN     2   /* Object fully contained within query region */
+
+
+#ifdef __cplusplus
+}  /* end of the 'extern "C"' block */
+#endif
+
+#endif  /* ifndef _SQLITE3RTREE_H_ */
+
+/*
+** 2014 May 31
+**
+** The author disclaims copyright to this source code.  In place of
+** a legal notice, here is a blessing:
+**
+**    May you do good and not evil.
+**    May you find forgiveness for yourself and forgive others.
+**    May you share freely, never taking more than you give.
+**
+******************************************************************************
+**
+** Interfaces to extend FTS5. Using the interfaces defined in this file, 
+** FTS5 may be extended with:
+**
+**     * custom tokenizers, and
+**     * custom auxiliary functions.
+*/
+
+
+#ifndef _FTS5_H
+#define _FTS5_H
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*************************************************************************
+** CUSTOM AUXILIARY FUNCTIONS
+**
+** Virtual table implementations may overload SQL functions by implementing
+** the sqlite3_module.xFindFunction() method.
+*/
+
+typedef struct Fts5ExtensionApi Fts5ExtensionApi;
+typedef struct Fts5Context Fts5Context;
+typedef struct Fts5PhraseIter Fts5PhraseIter;
+
+typedef void (*fts5_extension_function)(
+  const Fts5ExtensionApi *pApi,   /* API offered by current FTS version */
+  Fts5Context *pFts,              /* First arg to pass to pApi functions */
+  sqlite3_context *pCtx,          /* Context for returning result/error */
+  int nVal,                       /* Number of values in apVal[] array */
+  sqlite3_value **apVal           /* Array of trailing arguments */
+);
+
+struct Fts5PhraseIter {
+  const unsigned char *a;
+  const unsigned char *b;
+};
+
+/*
+** EXTENSION API FUNCTIONS
+**
+** xUserData(pFts):
+**   Return a copy of the context pointer the extension function was 
+**   registered with.
+**
+** xColumnTotalSize(pFts, iCol, pnToken):
+**   If parameter iCol is less than zero, set output variable *pnToken
+**   to the total number of tokens in the FTS5 table. Or, if iCol is
+**   non-negative but less than the number of columns in the table, return
+**   the total number of tokens in column iCol, considering all rows in 
+**   the FTS5 table.
+**
+**   If parameter iCol is greater than or equal to the number of columns
+**   in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g.
+**   an OOM condition or IO error), an appropriate SQLite error code is 
+**   returned.
+**
+** xColumnCount(pFts):
+**   Return the number of columns in the table.
+**
+** xColumnSize(pFts, iCol, pnToken):
+**   If parameter iCol is less than zero, set output variable *pnToken
+**   to the total number of tokens in the current row. Or, if iCol is
+**   non-negative but less than the number of columns in the table, set
+**   *pnToken to the number of tokens in column iCol of the current row.
+**
+**   If parameter iCol is greater than or equal to the number of columns
+**   in the table, SQLITE_RANGE is returned. Or, if an error occurs (e.g.
+**   an OOM condition or IO error), an appropriate SQLite error code is 
+**   returned.
+**
+** xColumnText:
+**   This function attempts to retrieve the text of column iCol of the
+**   current document. If successful, (*pz) is set to point to a buffer
+**   containing the text in utf-8 encoding, (*pn) is set to the size in bytes
+**   (not characters) of the buffer and SQLITE_OK is returned. Otherwise,
+**   if an error occurs, an SQLite error code is returned and the final values
+**   of (*pz) and (*pn) are undefined.
+**
+** xPhraseCount:
+**   Returns the number of phrases in the current query expression.
+**
+** xPhraseSize:
+**   Returns the number of tokens in phrase iPhrase of the query. Phrases
+**   are numbered starting from zero.
+**
+** xInstCount:
+**   Set *pnInst to the total number of occurrences of all phrases within
+**   the query within the current row. Return SQLITE_OK if successful, or
+**   an error code (i.e. SQLITE_NOMEM) if an error occurs.
+**
+** xInst:
+**   Query for the details of phrase match iIdx within the current row.
+**   Phrase matches are numbered starting from zero, so the iIdx argument
+**   should be greater than or equal to zero and smaller than the value
+**   output by xInstCount().
+**
+**   Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) 
+**   if an error occurs.
+**
+** xRowid:
+**   Returns the rowid of the current row.
+**
+** xTokenize:
+**   Tokenize text using the tokenizer belonging to the FTS5 table.
+**
+** xQueryPhrase(pFts5, iPhrase, pUserData, xCallback):
+**   This API function is used to query the FTS table for phrase iPhrase
+**   of the current query. Specifically, a query equivalent to:
+**
+**       ... FROM ftstable WHERE ftstable MATCH $p ORDER BY rowid
+**
+**   with $p set to a phrase equivalent to the phrase iPhrase of the
+**   current query is executed. For each row visited, the callback function
+**   passed as the fourth argument is invoked. The context and API objects 
+**   passed to the callback function may be used to access the properties of
+**   each matched row. Invoking Api.xUserData() returns a copy of the pointer
+**   passed as the third argument to pUserData.
+**
+**   If the callback function returns any value other than SQLITE_OK, the
+**   query is abandoned and the xQueryPhrase function returns immediately.
+**   If the returned value is SQLITE_DONE, xQueryPhrase returns SQLITE_OK.
+**   Otherwise, the error code is propagated upwards.
+**
+**   If the query runs to completion without incident, SQLITE_OK is returned.
+**   Or, if some error occurs before the query completes or is aborted by
+**   the callback, an SQLite error code is returned.
+**
+**
+** xSetAuxdata(pFts5, pAux, xDelete)
+**
+**   Save the pointer passed as the second argument as the extension functions 
+**   "auxiliary data". The pointer may then be retrieved by the current or any
+**   future invocation of the same fts5 extension function made as part of
+**   of the same MATCH query using the xGetAuxdata() API.
+**
+**   Each extension function is allocated a single auxiliary data slot for
+**   each FTS query (MATCH expression). If the extension function is invoked 
+**   more than once for a single FTS query, then all invocations share a 
+**   single auxiliary data context.
+**
+**   If there is already an auxiliary data pointer when this function is
+**   invoked, then it is replaced by the new pointer. If an xDelete callback
+**   was specified along with the original pointer, it is invoked at this
+**   point.
+**
+**   The xDelete callback, if one is specified, is also invoked on the
+**   auxiliary data pointer after the FTS5 query has finished.
+**
+**   If an error (e.g. an OOM condition) occurs within this function, an
+**   the auxiliary data is set to NULL and an error code returned. If the
+**   xDelete parameter was not NULL, it is invoked on the auxiliary data
+**   pointer before returning.
+**
+**
+** xGetAuxdata(pFts5, bClear)
+**
+**   Returns the current auxiliary data pointer for the fts5 extension 
+**   function. See the xSetAuxdata() method for details.
+**
+**   If the bClear argument is non-zero, then the auxiliary data is cleared
+**   (set to NULL) before this function returns. In this case the xDelete,
+**   if any, is not invoked.
+**
+**
+** xRowCount(pFts5, pnRow)
+**
+**   This function is used to retrieve the total number of rows in the table.
+**   In other words, the same value that would be returned by:
+**
+**        SELECT count(*) FROM ftstable;
+**
+** xPhraseFirst()
+**   This function is used, along with type Fts5PhraseIter and the xPhraseNext
+**   method, to iterate through all instances of a single query phrase within
+**   the current row. This is the same information as is accessible via the
+**   xInstCount/xInst APIs. While the xInstCount/xInst APIs are more convenient
+**   to use, this API may be faster under some circumstances. To iterate 
+**   through instances of phrase iPhrase, use the following code:
+**
+**       Fts5PhraseIter iter;
+**       int iCol, iOff;
+**       for(pApi->xPhraseFirst(pFts, iPhrase, &iter, &iCol, &iOff);
+**           iOff>=0;
+**           pApi->xPhraseNext(pFts, &iter, &iCol, &iOff)
+**       ){
+**         // An instance of phrase iPhrase at offset iOff of column iCol
+**       }
+**
+**   The Fts5PhraseIter structure is defined above. Applications should not
+**   modify this structure directly - it should only be used as shown above
+**   with the xPhraseFirst() and xPhraseNext() API methods.
+**
+** xPhraseNext()
+**   See xPhraseFirst above.
+*/
+struct Fts5ExtensionApi {
+  int iVersion;                   /* Currently always set to 1 */
+
+  void *(*xUserData)(Fts5Context*);
+
+  int (*xColumnCount)(Fts5Context*);
+  int (*xRowCount)(Fts5Context*, sqlite3_int64 *pnRow);
+  int (*xColumnTotalSize)(Fts5Context*, int iCol, sqlite3_int64 *pnToken);
+
+  int (*xTokenize)(Fts5Context*, 
+    const char *pText, int nText, /* Text to tokenize */
+    void *pCtx,                   /* Context passed to xToken() */
+    int (*xToken)(void*, int, const char*, int, int, int)       /* Callback */
+  );
+
+  int (*xPhraseCount)(Fts5Context*);
+  int (*xPhraseSize)(Fts5Context*, int iPhrase);
+
+  int (*xInstCount)(Fts5Context*, int *pnInst);
+  int (*xInst)(Fts5Context*, int iIdx, int *piPhrase, int *piCol, int *piOff);
+
+  sqlite3_int64 (*xRowid)(Fts5Context*);
+  int (*xColumnText)(Fts5Context*, int iCol, const char **pz, int *pn);
+  int (*xColumnSize)(Fts5Context*, int iCol, int *pnToken);
+
+  int (*xQueryPhrase)(Fts5Context*, int iPhrase, void *pUserData,
+    int(*)(const Fts5ExtensionApi*,Fts5Context*,void*)
+  );
+  int (*xSetAuxdata)(Fts5Context*, void *pAux, void(*xDelete)(void*));
+  void *(*xGetAuxdata)(Fts5Context*, int bClear);
+
+  void (*xPhraseFirst)(Fts5Context*, int iPhrase, Fts5PhraseIter*, int*, int*);
+  void (*xPhraseNext)(Fts5Context*, Fts5PhraseIter*, int *piCol, int *piOff);
+};
+
+/* 
+** CUSTOM AUXILIARY FUNCTIONS
+*************************************************************************/
+
+/*************************************************************************
+** CUSTOM TOKENIZERS
+**
+** Applications may also register custom tokenizer types. A tokenizer 
+** is registered by providing fts5 with a populated instance of the 
+** following structure. All structure methods must be defined, setting
+** any member of the fts5_tokenizer struct to NULL leads to undefined
+** behaviour. The structure methods are expected to function as follows:
+**
+** xCreate:
+**   This function is used to allocate and inititalize a tokenizer instance.
+**   A tokenizer instance is required to actually tokenize text.
+**
+**   The first argument passed to this function is a copy of the (void*)
+**   pointer provided by the application when the fts5_tokenizer object
+**   was registered with FTS5 (the third argument to xCreateTokenizer()). 
+**   The second and third arguments are an array of nul-terminated strings
+**   containing the tokenizer arguments, if any, specified following the
+**   tokenizer name as part of the CREATE VIRTUAL TABLE statement used
+**   to create the FTS5 table.
+**
+**   The final argument is an output variable. If successful, (*ppOut) 
+**   should be set to point to the new tokenizer handle and SQLITE_OK
+**   returned. If an error occurs, some value other than SQLITE_OK should
+**   be returned. In this case, fts5 assumes that the final value of *ppOut 
+**   is undefined.
+**
+** xDelete:
+**   This function is invoked to delete a tokenizer handle previously
+**   allocated using xCreate(). Fts5 guarantees that this function will
+**   be invoked exactly once for each successful call to xCreate().
+**
+** xTokenize:
+**   This function is expected to tokenize the nText byte string indicated 
+**   by argument pText. pText may or may not be nul-terminated. The first
+**   argument passed to this function is a pointer to an Fts5Tokenizer object
+**   returned by an earlier call to xCreate().
+**
+**   The second argument indicates the reason that FTS5 is requesting
+**   tokenization of the supplied text. This is always one of the following
+**   four values:
+**
+**   <ul><li> <b>FTS5_TOKENIZE_DOCUMENT</b> - A document is being inserted into
+**            or removed from the FTS table. The tokenizer is being invoked to
+**            determine the set of tokens to add to (or delete from) the
+**            FTS index.
+**
+**       <li> <b>FTS5_TOKENIZE_QUERY</b> - A MATCH query is being executed 
+**            against the FTS index. The tokenizer is being called to tokenize 
+**            a bareword or quoted string specified as part of the query.
+**
+**       <li> <b>(FTS5_TOKENIZE_QUERY | FTS5_TOKENIZE_PREFIX)</b> - Same as
+**            FTS5_TOKENIZE_QUERY, except that the bareword or quoted string is
+**            followed by a "*" character, indicating that the last token
+**            returned by the tokenizer will be treated as a token prefix.
+**
+**       <li> <b>FTS5_TOKENIZE_AUX</b> - The tokenizer is being invoked to 
+**            satisfy an fts5_api.xTokenize() request made by an auxiliary
+**            function. Or an fts5_api.xColumnSize() request made by the same
+**            on a columnsize=0 database.  
+**   </ul>
+**
+**   For each token in the input string, the supplied callback xToken() must
+**   be invoked. The first argument to it should be a copy of the pointer
+**   passed as the second argument to xTokenize(). The third and fourth
+**   arguments are a pointer to a buffer containing the token text, and the
+**   size of the token in bytes. The 4th and 5th arguments are the byte offsets
+**   of the first byte of and first byte immediately following the text from
+**   which the token is derived within the input.
+**
+**   The second argument passed to the xToken() callback ("tflags") should
+**   normally be set to 0. The exception is if the tokenizer supports 
+**   synonyms. In this case see the discussion below for details.
+**
+**   FTS5 assumes the xToken() callback is invoked for each token in the 
+**   order that they occur within the input text.
+**
+**   If an xToken() callback returns any value other than SQLITE_OK, then
+**   the tokenization should be abandoned and the xTokenize() method should
+**   immediately return a copy of the xToken() return value. Or, if the
+**   input buffer is exhausted, xTokenize() should return SQLITE_OK. Finally,
+**   if an error occurs with the xTokenize() implementation itself, it
+**   may abandon the tokenization and return any error code other than
+**   SQLITE_OK or SQLITE_DONE.
+**
+** SYNONYM SUPPORT
+**
+**   Custom tokenizers may also support synonyms. Consider a case in which a
+**   user wishes to query for a phrase such as "first place". Using the 
+**   built-in tokenizers, the FTS5 query 'first + place' will match instances
+**   of "first place" within the document set, but not alternative forms
+**   such as "1st place". In some applications, it would be better to match
+**   all instances of "first place" or "1st place" regardless of which form
+**   the user specified in the MATCH query text.
+**
+**   There are several ways to approach this in FTS5:
+**
+**   <ol><li> By mapping all synonyms to a single token. In this case, the 
+**            In the above example, this means that the tokenizer returns the
+**            same token for inputs "first" and "1st". Say that token is in
+**            fact "first", so that when the user inserts the document "I won
+**            1st place" entries are added to the index for tokens "i", "won",
+**            "first" and "place". If the user then queries for '1st + place',
+**            the tokenizer substitutes "first" for "1st" and the query works
+**            as expected.
+**
+**       <li> By adding multiple synonyms for a single term to the FTS index.
+**            In this case, when tokenizing query text, the tokenizer may 
+**            provide multiple synonyms for a single term within the document.
+**            FTS5 then queries the index for each synonym individually. For
+**            example, faced with the query:
+**
+**   <codeblock>
+**     ... MATCH 'first place'</codeblock>
+**
+**            the tokenizer offers both "1st" and "first" as synonyms for the
+**            first token in the MATCH query and FTS5 effectively runs a query 
+**            similar to:
+**
+**   <codeblock>
+**     ... MATCH '(first OR 1st) place'</codeblock>
+**
+**            except that, for the purposes of auxiliary functions, the query
+**            still appears to contain just two phrases - "(first OR 1st)" 
+**            being treated as a single phrase.
+**
+**       <li> By adding multiple synonyms for a single term to the FTS index.
+**            Using this method, when tokenizing document text, the tokenizer
+**            provides multiple synonyms for each token. So that when a 
+**            document such as "I won first place" is tokenized, entries are
+**            added to the FTS index for "i", "won", "first", "1st" and
+**            "place".
+**
+**            This way, even if the tokenizer does not provide synonyms
+**            when tokenizing query text (it should not - to do would be
+**            inefficient), it doesn't matter if the user queries for 
+**            'first + place' or '1st + place', as there are entires in the
+**            FTS index corresponding to both forms of the first token.
+**   </ol>
+**
+**   Whether it is parsing document or query text, any call to xToken that
+**   specifies a <i>tflags</i> argument with the FTS5_TOKEN_COLOCATED bit
+**   is considered to supply a synonym for the previous token. For example,
+**   when parsing the document "I won first place", a tokenizer that supports
+**   synonyms would call xToken() 5 times, as follows:
+**
+**   <codeblock>
+**       xToken(pCtx, 0, "i",                      1,  0,  1);
+**       xToken(pCtx, 0, "won",                    3,  2,  5);
+**       xToken(pCtx, 0, "first",                  5,  6, 11);
+**       xToken(pCtx, FTS5_TOKEN_COLOCATED, "1st", 3,  6, 11);
+**       xToken(pCtx, 0, "place",                  5, 12, 17);
+**</codeblock>
+**
+**   It is an error to specify the FTS5_TOKEN_COLOCATED flag the first time
+**   xToken() is called. Multiple synonyms may be specified for a single token
+**   by making multiple calls to xToken(FTS5_TOKEN_COLOCATED) in sequence. 
+**   There is no limit to the number of synonyms that may be provided for a
+**   single token.
+**
+**   In many cases, method (1) above is the best approach. It does not add 
+**   extra data to the FTS index or require FTS5 to query for multiple terms,
+**   so it is efficient in terms of disk space and query speed. However, it
+**   does not support prefix queries very well. If, as suggested above, the
+**   token "first" is subsituted for "1st" by the tokenizer, then the query:
+**
+**   <codeblock>
+**     ... MATCH '1s*'</codeblock>
+**
+**   will not match documents that contain the token "1st" (as the tokenizer
+**   will probably not map "1s" to any prefix of "first").
+**
+**   For full prefix support, method (3) may be preferred. In this case, 
+**   because the index contains entries for both "first" and "1st", prefix
+**   queries such as 'fi*' or '1s*' will match correctly. However, because
+**   extra entries are added to the FTS index, this method uses more space
+**   within the database.
+**
+**   Method (2) offers a midpoint between (1) and (3). Using this method,
+**   a query such as '1s*' will match documents that contain the literal 
+**   token "1st", but not "first" (assuming the tokenizer is not able to
+**   provide synonyms for prefixes). However, a non-prefix query like '1st'
+**   will match against "1st" and "first". This method does not require
+**   extra disk space, as no extra entries are added to the FTS index. 
+**   On the other hand, it may require more CPU cycles to run MATCH queries,
+**   as separate queries of the FTS index are required for each synonym.
+**
+**   When using methods (2) or (3), it is important that the tokenizer only
+**   provide synonyms when tokenizing document text (method (2)) or query
+**   text (method (3)), not both. Doing so will not cause any errors, but is
+**   inefficient.
+*/
+typedef struct Fts5Tokenizer Fts5Tokenizer;
+typedef struct fts5_tokenizer fts5_tokenizer;
+struct fts5_tokenizer {
+  int (*xCreate)(void*, const char **azArg, int nArg, Fts5Tokenizer **ppOut);
+  void (*xDelete)(Fts5Tokenizer*);
+  int (*xTokenize)(Fts5Tokenizer*, 
+      void *pCtx,
+      int flags,            /* Mask of FTS5_TOKENIZE_* flags */
+      const char *pText, int nText, 
+      int (*xToken)(
+        void *pCtx,         /* Copy of 2nd argument to xTokenize() */
+        int tflags,         /* Mask of FTS5_TOKEN_* flags */
+        const char *pToken, /* Pointer to buffer containing token */
+        int nToken,         /* Size of token in bytes */
+        int iStart,         /* Byte offset of token within input text */
+        int iEnd            /* Byte offset of end of token within input text */
+      )
+  );
+};
+
+/* Flags that may be passed as the third argument to xTokenize() */
+#define FTS5_TOKENIZE_QUERY     0x0001
+#define FTS5_TOKENIZE_PREFIX    0x0002
+#define FTS5_TOKENIZE_DOCUMENT  0x0004
+#define FTS5_TOKENIZE_AUX       0x0008
+
+/* Flags that may be passed by the tokenizer implementation back to FTS5
+** as the third argument to the supplied xToken callback. */
+#define FTS5_TOKEN_COLOCATED    0x0001      /* Same position as prev. token */
+
+/*
+** END OF CUSTOM TOKENIZERS
+*************************************************************************/
+
+/*************************************************************************
+** FTS5 EXTENSION REGISTRATION API
+*/
+typedef struct fts5_api fts5_api;
+struct fts5_api {
+  int iVersion;                   /* Currently always set to 2 */
+
+  /* Create a new tokenizer */
+  int (*xCreateTokenizer)(
+    fts5_api *pApi,
+    const char *zName,
+    void *pContext,
+    fts5_tokenizer *pTokenizer,
+    void (*xDestroy)(void*)
+  );
+
+  /* Find an existing tokenizer */
+  int (*xFindTokenizer)(
+    fts5_api *pApi,
+    const char *zName,
+    void **ppContext,
+    fts5_tokenizer *pTokenizer
+  );
+
+  /* Create a new auxiliary function */
+  int (*xCreateFunction)(
+    fts5_api *pApi,
+    const char *zName,
+    void *pContext,
+    fts5_extension_function xFunction,
+    void (*xDestroy)(void*)
+  );
+};
+
+/*
+** END OF REGISTRATION API
+*************************************************************************/
+
+#ifdef __cplusplus
+}  /* end of the 'extern "C"' block */
+#endif
+
+#endif /* _FTS5_H */
+
+
diff --git a/nss/lib/ssl/Makefile b/nss/lib/ssl/Makefile
new file mode 100644
index 0000000..783df66
--- /dev/null
+++ b/nss/lib/ssl/Makefile
@@ -0,0 +1,67 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+######################################################################
+#
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+CSRCS	+= win32err.c
+DEFINES += -DIN_LIBSSL
+else
+ifeq ($(OS_TARGET),OS2)
+CSRCS	+= os2_err.c
+else
+CSRCS	+= unix_err.c
+endif
+endif
+
+OS_LIBS	+= -lfreebl -lm
+
+# Enable key logging by default in debug builds, but not opt builds.
+# Logging still needs to be enabled at runtime through env vars.
+NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
+ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
+DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
+endif
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
diff --git a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
new file mode 100644
index 0000000..8e1cd16
--- /dev/null
+++ b/nss/lib/ssl/SSLerrs.h
@@ -0,0 +1,510 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#define UNUSED_ERROR(x) ER3(SSL_ERROR_UNUSED_##x, (SSL_ERROR_BASE + x), \
+                            "Unrecognized SSL error_code.")
+
+/* SSL-specific security error codes  */
+/* caller must include "sslerr.h" */
+
+ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0,
+    "Unable to communicate securely.  Peer does not support high-grade encryption.")
+
+ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1,
+    "Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
+
+ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2,
+    "Cannot communicate securely with peer: no common encryption algorithm(s).")
+
+ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3,
+    "Unable to find the certificate or key necessary for authentication.")
+
+ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4,
+    "Unable to communicate securely with peer: peers's certificate was rejected.")
+
+UNUSED_ERROR(5)
+
+ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6,
+    "The server has encountered bad data from the client.")
+
+ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7,
+    "The client has encountered bad data from the server.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8,
+    "Unsupported certificate type.")
+
+ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9,
+    "Peer using unsupported version of security protocol.")
+
+UNUSED_ERROR(10)
+
+ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11,
+    "Client authentication failed: private key in key database does not match public key in certificate database.")
+
+ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12,
+    "Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
+
+ER3(SSL_ERROR_POST_WARNING, SSL_ERROR_BASE + 13,
+    "Unrecognized SSL error code.")
+
+ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14),
+    "Peer only supports SSL version 2, which is locally disabled.")
+
+ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15),
+    "SSL received a record with an incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16),
+    "SSL peer reports incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17),
+    "SSL peer cannot verify your certificate.")
+
+ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18),
+    "SSL peer rejected your certificate as revoked.")
+
+ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
+    "SSL peer rejected your certificate as expired.")
+
+ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
+    "Cannot connect: SSL is disabled.")
+
+ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
+    "Cannot connect: SSL peer is in another FORTEZZA domain.")
+
+ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE, (SSL_ERROR_BASE + 22),
+    "An unknown SSL cipher suite has been requested.")
+
+ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED, (SSL_ERROR_BASE + 23),
+    "No cipher suites are present and enabled in this program.")
+
+ER3(SSL_ERROR_BAD_BLOCK_PADDING, (SSL_ERROR_BASE + 24),
+    "SSL received a record with bad block padding.")
+
+ER3(SSL_ERROR_RX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 25),
+    "SSL received a record that exceeded the maximum permissible length.")
+
+ER3(SSL_ERROR_TX_RECORD_TOO_LONG, (SSL_ERROR_BASE + 26),
+    "SSL attempted to send a record that exceeded the maximum permissible length.")
+
+/*
+ * Received a malformed (too long or short or invalid content) SSL handshake.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST, (SSL_ERROR_BASE + 27),
+    "SSL received a malformed Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, (SSL_ERROR_BASE + 28),
+    "SSL received a malformed Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, (SSL_ERROR_BASE + 29),
+    "SSL received a malformed Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE, (SSL_ERROR_BASE + 30),
+    "SSL received a malformed Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 31),
+    "SSL received a malformed Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST, (SSL_ERROR_BASE + 32),
+    "SSL received a malformed Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE, (SSL_ERROR_BASE + 33),
+    "SSL received a malformed Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY, (SSL_ERROR_BASE + 34),
+    "SSL received a malformed Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 35),
+    "SSL received a malformed Client Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_FINISHED, (SSL_ERROR_BASE + 36),
+    "SSL received a malformed Finished handshake message.")
+
+/*
+ * Received a malformed (too long or short) SSL record.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER, (SSL_ERROR_BASE + 37),
+    "SSL received a malformed Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_ALERT, (SSL_ERROR_BASE + 38),
+    "SSL received a malformed Alert record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE, (SSL_ERROR_BASE + 39),
+    "SSL received a malformed Handshake record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA, (SSL_ERROR_BASE + 40),
+    "SSL received a malformed Application Data record.")
+
+/*
+ * Received an SSL handshake that was inappropriate for the state we're in.
+ * E.g. Server received message from server, or wrong state in state machine.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST, (SSL_ERROR_BASE + 41),
+    "SSL received an unexpected Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO, (SSL_ERROR_BASE + 42),
+    "SSL received an unexpected Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO, (SSL_ERROR_BASE + 43),
+    "SSL received an unexpected Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE, (SSL_ERROR_BASE + 44),
+    "SSL received an unexpected Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH, (SSL_ERROR_BASE + 45),
+    "SSL received an unexpected Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST, (SSL_ERROR_BASE + 46),
+    "SSL received an unexpected Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE, (SSL_ERROR_BASE + 47),
+    "SSL received an unexpected Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY, (SSL_ERROR_BASE + 48),
+    "SSL received an unexpected Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH, (SSL_ERROR_BASE + 49),
+    "SSL received an unexpected Client Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED, (SSL_ERROR_BASE + 50),
+    "SSL received an unexpected Finished handshake message.")
+
+/*
+ * Received an SSL record that was inappropriate for the state we're in.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER, (SSL_ERROR_BASE + 51),
+    "SSL received an unexpected Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 52),
+    "SSL received an unexpected Alert record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE, (SSL_ERROR_BASE + 53),
+    "SSL received an unexpected Handshake record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
+    "SSL received an unexpected Application Data record.")
+
+/*
+ * Received record/message with unknown discriminant.
+ */
+ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE, (SSL_ERROR_BASE + 55),
+    "SSL received a record with an unknown content type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE, (SSL_ERROR_BASE + 56),
+    "SSL received a handshake message with an unknown message type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_ALERT, (SSL_ERROR_BASE + 57),
+    "SSL received an alert record with an unknown alert description.")
+
+/*
+ * Received an alert reporting what we did wrong.  (more alerts above)
+ */
+ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT, (SSL_ERROR_BASE + 58),
+    "SSL peer has closed this connection.")
+
+ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT, (SSL_ERROR_BASE + 59),
+    "SSL peer was not expecting a handshake message it received.")
+
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT, (SSL_ERROR_BASE + 60),
+    "SSL peer was unable to successfully decompress an SSL record it received.")
+
+ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT, (SSL_ERROR_BASE + 61),
+    "SSL peer was unable to negotiate an acceptable set of security parameters.")
+
+ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, (SSL_ERROR_BASE + 62),
+    "SSL peer rejected a handshake message for unacceptable content.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT, (SSL_ERROR_BASE + 63),
+    "SSL peer does not support certificates of the type it received.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT, (SSL_ERROR_BASE + 64),
+    "SSL peer had some unspecified issue with the certificate it received.")
+
+ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE, (SSL_ERROR_BASE + 65),
+    "SSL experienced a failure of its random number generator.")
+
+ER3(SSL_ERROR_SIGN_HASHES_FAILURE, (SSL_ERROR_BASE + 66),
+    "Unable to digitally sign data required to verify your certificate.")
+
+ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE, (SSL_ERROR_BASE + 67),
+    "SSL was unable to extract the public key from the peer's certificate.")
+
+ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 68),
+    "Unspecified failure while processing SSL Server Key Exchange handshake.")
+
+ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 69),
+    "Unspecified failure while processing SSL Client Key Exchange handshake.")
+
+ER3(SSL_ERROR_ENCRYPTION_FAILURE, (SSL_ERROR_BASE + 70),
+    "Bulk data encryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILURE, (SSL_ERROR_BASE + 71),
+    "Bulk data decryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_SOCKET_WRITE_FAILURE, (SSL_ERROR_BASE + 72),
+    "Attempt to write encrypted data to underlying socket failed.")
+
+ER3(SSL_ERROR_MD5_DIGEST_FAILURE, (SSL_ERROR_BASE + 73),
+    "MD5 digest function failed.")
+
+ER3(SSL_ERROR_SHA_DIGEST_FAILURE, (SSL_ERROR_BASE + 74),
+    "SHA-1 digest function failed.")
+
+ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE, (SSL_ERROR_BASE + 75),
+    "MAC computation failed.")
+
+ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE, (SSL_ERROR_BASE + 76),
+    "Failure to create Symmetric Key context.")
+
+ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE, (SSL_ERROR_BASE + 77),
+    "Failure to unwrap the Symmetric key in Client Key Exchange message.")
+
+ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED, (SSL_ERROR_BASE + 78),
+    "SSL Server attempted to use domestic-grade public key with export cipher suite.")
+
+ER3(SSL_ERROR_IV_PARAM_FAILURE, (SSL_ERROR_BASE + 79),
+    "PKCS11 code failed to translate an IV into a param.")
+
+ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE, (SSL_ERROR_BASE + 80),
+    "Failed to initialize the selected cipher suite.")
+
+ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE, (SSL_ERROR_BASE + 81),
+    "Client failed to generate session keys for SSL session.")
+
+ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG, (SSL_ERROR_BASE + 82),
+    "Server has no key for the attempted key exchange algorithm.")
+
+ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL, (SSL_ERROR_BASE + 83),
+    "PKCS#11 token was inserted or removed while operation was in progress.")
+
+ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND, (SSL_ERROR_BASE + 84),
+    "No PKCS#11 token could be found to do a required operation.")
+
+ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP, (SSL_ERROR_BASE + 85),
+    "Cannot communicate securely with peer: no common compression algorithm(s).")
+
+ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED, (SSL_ERROR_BASE + 86),
+    "Cannot perform the operation until the handshake is complete.")
+
+ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE, (SSL_ERROR_BASE + 87),
+    "Received incorrect handshakes hash values from peer.")
+
+ER3(SSL_ERROR_CERT_KEA_MISMATCH, (SSL_ERROR_BASE + 88),
+    "The certificate provided cannot be used with the selected authentication type.")
+
+ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA, (SSL_ERROR_BASE + 89),
+    "No certificate authority is trusted for SSL client authentication.")
+
+ER3(SSL_ERROR_SESSION_NOT_FOUND, (SSL_ERROR_BASE + 90),
+    "Client's SSL session ID not found in server's session cache.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT, (SSL_ERROR_BASE + 91),
+    "Peer was unable to decrypt an SSL record it received.")
+
+ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT, (SSL_ERROR_BASE + 92),
+    "Peer received an SSL record that was longer than is permitted.")
+
+ER3(SSL_ERROR_UNKNOWN_CA_ALERT, (SSL_ERROR_BASE + 93),
+    "Peer does not recognize and trust the CA that issued your certificate.")
+
+ER3(SSL_ERROR_ACCESS_DENIED_ALERT, (SSL_ERROR_BASE + 94),
+    "Peer received a valid certificate, but access was denied.")
+
+ER3(SSL_ERROR_DECODE_ERROR_ALERT, (SSL_ERROR_BASE + 95),
+    "Peer could not decode an SSL handshake message.")
+
+ER3(SSL_ERROR_DECRYPT_ERROR_ALERT, (SSL_ERROR_BASE + 96),
+    "Peer reports failure of signature verification or key exchange.")
+
+ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT, (SSL_ERROR_BASE + 97),
+    "Peer reports negotiation not in compliance with export regulations.")
+
+ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT, (SSL_ERROR_BASE + 98),
+    "Peer reports incompatible or unsupported protocol version.")
+
+ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT, (SSL_ERROR_BASE + 99),
+    "Server requires ciphers more secure than those supported by client.")
+
+ER3(SSL_ERROR_INTERNAL_ERROR_ALERT, (SSL_ERROR_BASE + 100),
+    "Peer reports it experienced an internal error.")
+
+ER3(SSL_ERROR_USER_CANCELED_ALERT, (SSL_ERROR_BASE + 101),
+    "Peer user canceled handshake.")
+
+ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT, (SSL_ERROR_BASE + 102),
+    "Peer does not permit renegotiation of SSL security parameters.")
+
+ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED, (SSL_ERROR_BASE + 103),
+    "SSL server cache not configured and not disabled for this socket.")
+
+ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT, (SSL_ERROR_BASE + 104),
+    "SSL peer does not support requested TLS hello extension.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT, (SSL_ERROR_BASE + 105),
+    "SSL peer could not obtain your certificate from the supplied URL.")
+
+ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT, (SSL_ERROR_BASE + 106),
+    "SSL peer has no certificate for the requested DNS name.")
+
+ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT, (SSL_ERROR_BASE + 107),
+    "SSL peer was unable to get an OCSP response for its certificate.")
+
+ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT, (SSL_ERROR_BASE + 108),
+    "SSL peer reported bad certificate hash value.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109),
+    "SSL received an unexpected New Session Ticket handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110),
+    "SSL received a malformed New Session Ticket handshake message.")
+
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111),
+    "SSL received a compressed record that could not be decompressed.")
+
+ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112),
+    "Renegotiation is not allowed on this SSL socket.")
+
+ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113),
+    "Peer attempted old style (potentially vulnerable) handshake.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114),
+    "SSL received an unexpected uncompressed record.")
+
+ER3(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY, (SSL_ERROR_BASE + 115),
+    "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID, (SSL_ERROR_BASE + 116),
+    "SSL received invalid NPN extension data.")
+
+ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2, (SSL_ERROR_BASE + 117),
+    "SSL feature not supported for SSL 2.0 connections.")
+
+ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS, (SSL_ERROR_BASE + 118),
+    "SSL feature not supported for servers.")
+
+ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS, (SSL_ERROR_BASE + 119),
+    "SSL feature not supported for clients.")
+
+ER3(SSL_ERROR_INVALID_VERSION_RANGE, (SSL_ERROR_BASE + 120),
+    "SSL version range is not valid.")
+
+ER3(SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 121),
+    "SSL peer selected a cipher suite disallowed for the selected protocol version.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 122),
+    "SSL received a malformed Hello Verify Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST, (SSL_ERROR_BASE + 123),
+    "SSL received an unexpected Hello Verify Request handshake message.")
+
+ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124),
+    "SSL feature not supported for the protocol version.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125),
+    "SSL received an unexpected Certificate Status handshake message.")
+
+ER3(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, (SSL_ERROR_BASE + 126),
+    "Unsupported hash algorithm used by TLS peer.")
+
+ER3(SSL_ERROR_DIGEST_FAILURE, (SSL_ERROR_BASE + 127),
+    "Digest function failed.")
+
+ER3(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 128),
+    "Incorrect signature algorithm specified in a digitally-signed element.")
+
+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK, (SSL_ERROR_BASE + 129),
+    "The next protocol negotiation extension was enabled, but the callback was cleared prior to being needed.")
+
+ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130),
+    "The server supports no protocols that the client advertises in the ALPN extension.")
+
+ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131),
+    "The server rejected the handshake because the client downgraded to a lower "
+    "TLS version than the server supports.")
+
+ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132),
+    "The server certificate included a public key that was too weak.")
+
+ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133),
+    "Not enough room in buffer for DTLS record.")
+
+ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134),
+    "No supported TLS signature algorithm was configured.")
+
+ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135),
+    "The peer used an unsupported combination of signature and hash algorithm.")
+
+ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136),
+    "The peer tried to resume without a correct extended_master_secret extension")
+
+ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137),
+    "The peer tried to resume with an unexpected extended_master_secret extension")
+
+ER3(SSL_ERROR_RX_MALFORMED_KEY_SHARE, (SSL_ERROR_BASE + 138),
+    "SSL received a malformed Key Share extension.")
+
+ER3(SSL_ERROR_MISSING_KEY_SHARE, (SSL_ERROR_BASE + 139),
+    "SSL expected a Key Share extension.")
+
+ER3(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE, (SSL_ERROR_BASE + 140),
+    "SSL received a malformed ECDHE key share handshake extension.")
+
+ER3(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE, (SSL_ERROR_BASE + 141),
+    "SSL received a malformed DHE key share handshake extension.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 142),
+    "SSL received an unexpected Encrypted Extensions handshake message.")
+
+ER3(SSL_ERROR_MISSING_EXTENSION_ALERT, (SSL_ERROR_BASE + 143),
+    "SSL received a missing_extension alert.")
+
+ER3(SSL_ERROR_KEY_EXCHANGE_FAILURE, (SSL_ERROR_BASE + 144),
+    "SSL had an error performing key exchange.")
+
+ER3(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION, (SSL_ERROR_BASE + 145),
+    "SSL received an extension that is not permitted for this version.")
+
+ER3(SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS, (SSL_ERROR_BASE + 146),
+    "SSL received a malformed Encrypted Extensions handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_PRE_SHARED_KEY, (SSL_ERROR_BASE + 147),
+    "SSL received an invalid PreSharedKey extension.")
+
+ER3(SSL_ERROR_RX_MALFORMED_EARLY_DATA, (SSL_ERROR_BASE + 148),
+    "SSL received an invalid EarlyData extension.")
+
+ER3(SSL_ERROR_END_OF_EARLY_DATA_ALERT, (SSL_ERROR_BASE + 149),
+    "SSL received an unexpected end of early data alert.")
+
+ER3(SSL_ERROR_MISSING_ALPN_EXTENSION, (SSL_ERROR_BASE + 150),
+    "SSL didn't receive an expected ALPN extension.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_EXTENSION, (SSL_ERROR_BASE + 151),
+    "SSL received an unexpected extension.")
+
+ER3(SSL_ERROR_MISSING_SUPPORTED_GROUPS, (SSL_ERROR_BASE + 152),
+    "SSL expected a supported groups extension.")
+
+ER3(SSL_ERROR_TOO_MANY_RECORDS, (SSL_ERROR_BASE + 153),
+    "SSL sent or received too many records with the same symmetric key.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST, (SSL_ERROR_BASE + 154),
+    "SSL received an unexpected Hello Retry Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST, (SSL_ERROR_BASE + 155),
+    "SSL received a malformed Hello Retry Request handshake message.")
+
+ER3(SSL_ERROR_BAD_2ND_CLIENT_HELLO, (SSL_ERROR_BASE + 156),
+    "SSL received a second Client Hello message without a usable key share.")
+
+ER3(SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION, (SSL_ERROR_BASE + 157),
+    "SSL expected a signature algorithms extension.")
+
+ER3(SSL_ERROR_MALFORMED_PSK_KEY_EXCHANGE_MODES, (SSL_ERROR_BASE + 158),
+    "SSL received a malformed PSK key exchange modes extension.")
+
+ER3(SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES, (SSL_ERROR_BASE + 159),
+    "SSL expected a PSK key exchange modes extension.")
+
+ER3(SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA, (SSL_ERROR_BASE + 160),
+    "SSL got a pre-TLS 1.3 version even though we sent early data.")
diff --git a/nss/lib/ssl/authcert.c b/nss/lib/ssl/authcert.c
new file mode 100644
index 0000000..88c7c08
--- /dev/null
+++ b/nss/lib/ssl/authcert.c
@@ -0,0 +1,89 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+#include "prerror.h"
+#include "secitem.h"
+#include "prnetdb.h"
+#include "cert.h"
+#include "nspr.h"
+#include "secder.h"
+#include "key.h"
+#include "nss.h"
+#include "ssl.h"
+#include "pk11func.h" /* for PK11_ function calls */
+
+/*
+ * This callback used by SSL to pull client sertificate upon
+ * server request
+ */
+SECStatus
+NSS_GetClientAuthData(void *arg,
+                      PRFileDesc *socket,
+                      struct CERTDistNamesStr *caNames,
+                      struct CERTCertificateStr **pRetCert,
+                      struct SECKEYPrivateKeyStr **pRetKey)
+{
+    CERTCertificate *cert = NULL;
+    SECKEYPrivateKey *privkey = NULL;
+    char *chosenNickName = (char *)arg; /* CONST */
+    void *proto_win = NULL;
+    SECStatus rv = SECFailure;
+
+    proto_win = SSL_RevealPinArg(socket);
+
+    if (chosenNickName) {
+        cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                        chosenNickName, certUsageSSLClient,
+                                        PR_FALSE, proto_win);
+        if (cert) {
+            privkey = PK11_FindKeyByAnyCert(cert, proto_win);
+            if (privkey) {
+                rv = SECSuccess;
+            } else {
+                CERT_DestroyCertificate(cert);
+            }
+        }
+    } else { /* no name given, automatically find the right cert. */
+        CERTCertNicknames *names;
+        int i;
+
+        names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+                                      SEC_CERT_NICKNAMES_USER, proto_win);
+        if (names != NULL) {
+            for (i = 0; i < names->numnicknames; i++) {
+                cert = CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                names->nicknames[i], certUsageSSLClient,
+                                                PR_FALSE, proto_win);
+                if (!cert)
+                    continue;
+                /* Only check unexpired certs */
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) !=
+                    secCertTimeValid) {
+                    CERT_DestroyCertificate(cert);
+                    continue;
+                }
+                rv = NSS_CmpCertChainWCANames(cert, caNames);
+                if (rv == SECSuccess) {
+                    privkey =
+                        PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privkey)
+                        break;
+                }
+                rv = SECFailure;
+                CERT_DestroyCertificate(cert);
+            }
+            CERT_FreeNicknames(names);
+        }
+    }
+    if (rv == SECSuccess) {
+        *pRetCert = cert;
+        *pRetKey = privkey;
+    }
+    return rv;
+}
diff --git a/nss/lib/ssl/cmpcert.c b/nss/lib/ssl/cmpcert.c
new file mode 100644
index 0000000..e6edbee
--- /dev/null
+++ b/nss/lib/ssl/cmpcert.c
@@ -0,0 +1,89 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+#include <string.h>
+#include "prerror.h"
+#include "secitem.h"
+#include "prnetdb.h"
+#include "cert.h"
+#include "nspr.h"
+#include "secder.h"
+#include "key.h"
+#include "nss.h"
+
+/*
+ * Look to see if any of the signers in the cert chain for "cert" are found
+ * in the list of caNames.
+ * Returns SECSuccess if so, SECFailure if not.
+ */
+SECStatus
+NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
+{
+    SECItem *caname;
+    CERTCertificate *curcert;
+    CERTCertificate *oldcert;
+    PRInt32 contentlen;
+    int j;
+    int headerlen;
+    int depth;
+    SECStatus rv;
+    SECItem issuerName;
+    SECItem compatIssuerName;
+
+    if (!cert || !caNames || !caNames->nnames || !caNames->names ||
+        !caNames->names->data)
+        return SECFailure;
+    depth = 0;
+    curcert = CERT_DupCertificate(cert);
+
+    while (curcert) {
+        issuerName = curcert->derIssuer;
+
+        /* compute an alternate issuer name for compatibility with 2.0
+         * enterprise server, which send the CA names without
+         * the outer layer of DER header
+         */
+        rv = DER_Lengths(&issuerName, &headerlen, (PRUint32 *)&contentlen);
+        if (rv == SECSuccess) {
+            compatIssuerName.data = &issuerName.data[headerlen];
+            compatIssuerName.len = issuerName.len - headerlen;
+        } else {
+            compatIssuerName.data = NULL;
+            compatIssuerName.len = 0;
+        }
+
+        for (j = 0; j < caNames->nnames; j++) {
+            caname = &caNames->names[j];
+            if (SECITEM_CompareItem(&issuerName, caname) == SECEqual) {
+                rv = SECSuccess;
+                CERT_DestroyCertificate(curcert);
+                goto done;
+            } else if (SECITEM_CompareItem(&compatIssuerName, caname) == SECEqual) {
+                rv = SECSuccess;
+                CERT_DestroyCertificate(curcert);
+                goto done;
+            }
+        }
+        if ((depth <= 20) &&
+            (SECITEM_CompareItem(&curcert->derIssuer, &curcert->derSubject) !=
+             SECEqual)) {
+            oldcert = curcert;
+            curcert = CERT_FindCertByName(curcert->dbhandle,
+                                          &curcert->derIssuer);
+            CERT_DestroyCertificate(oldcert);
+            depth++;
+        } else {
+            CERT_DestroyCertificate(curcert);
+            curcert = NULL;
+        }
+    }
+    rv = SECFailure;
+
+done:
+    return rv;
+}
diff --git a/nss/lib/ssl/config.mk b/nss/lib/ssl/config.mk
new file mode 100644
index 0000000..c8b053c
--- /dev/null
+++ b/nss/lib/ssl/config.mk
@@ -0,0 +1,67 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+ifdef NISCC_TEST
+DEFINES += -DNISCC_TEST
+endif
+
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/ssl.res
+RESNAME = ssl.rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-lnss3 \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(DIST)/lib/nss3.lib \
+	$(DIST)/lib/nssutil3.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-lnss3 \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+ifeq ($(OS_ARCH), BeOS)
+EXTRA_SHARED_LIBS += -lbe
+endif
+
+endif
+
+ifdef NSS_SSL_ENABLE_ZLIB
+DEFINES += -DNSS_SSL_ENABLE_ZLIB
+include $(CORE_DEPTH)/coreconf/zlib.mk
+endif
+
+ifdef NSS_DISABLE_TLS_1_3
+DEFINES += -DNSS_DISABLE_TLS_1_3
+endif
diff --git a/nss/lib/ssl/derive.c b/nss/lib/ssl/derive.c
new file mode 100644
index 0000000..c39bc86
--- /dev/null
+++ b/nss/lib/ssl/derive.c
@@ -0,0 +1,885 @@
+/*
+ * Key Derivation that doesn't use PKCS11
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"    /* prereq to sslimpl.h */
+#include "certt.h"  /* prereq to sslimpl.h */
+#include "keythi.h" /* prereq to sslimpl.h */
+#include "sslimpl.h"
+#ifndef NO_PKCS11_BYPASS
+#include "blapi.h"
+#endif
+
+#include "keyhi.h"
+#include "pk11func.h"
+#include "secasn1.h"
+#include "cert.h"
+#include "secmodt.h"
+
+#include "sslproto.h"
+#include "sslerr.h"
+
+#ifndef NO_PKCS11_BYPASS
+/* make this a macro! */
+#ifdef NOT_A_MACRO
+static void
+buildSSLKey(unsigned char *keyBlock, unsigned int keyLen, SECItem *result,
+            const char *label)
+{
+    result->type = siBuffer;
+    result->data = keyBlock;
+    result->len = keyLen;
+    PRINT_BUF(100, (NULL, label, keyBlock, keyLen));
+}
+#else
+#define buildSSLKey(keyBlock, keyLen, result, label)     \
+    {                                                    \
+        (result)->type = siBuffer;                       \
+        (result)->data = keyBlock;                       \
+        (result)->len = keyLen;                          \
+        PRINT_BUF(100, (NULL, label, keyBlock, keyLen)); \
+    }
+#endif
+
+/*
+ * SSL Key generation given pre master secret
+ */
+#ifndef NUM_MIXERS
+#define NUM_MIXERS 9
+#endif
+static const char *const mixers[NUM_MIXERS] = {
+    "A",
+    "BB",
+    "CCC",
+    "DDDD",
+    "EEEEE",
+    "FFFFFF",
+    "GGGGGGG",
+    "HHHHHHHH",
+    "IIIIIIIII"
+};
+
+SECStatus
+ssl3_KeyAndMacDeriveBypass(
+    ssl3CipherSpec *pwSpec,
+    const unsigned char *cr,
+    const unsigned char *sr,
+    PRBool isTLS,
+    HASH_HashType tls12HashType,
+    PRBool isExport)
+{
+    const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
+    unsigned char *key_block = pwSpec->key_block;
+    unsigned char *key_block2 = NULL;
+    unsigned int block_bytes = 0;
+    unsigned int block_needed = 0;
+    unsigned int i;
+    unsigned int keySize;    /* actual    size of cipher keys */
+    unsigned int effKeySize; /* effective size of cipher keys */
+    unsigned int macSize;    /* size of MAC secret */
+    unsigned int IVSize;     /* size of IV */
+    PRBool explicitIV = PR_FALSE;
+    SECStatus rv = SECFailure;
+    SECStatus status = SECSuccess;
+    PRBool isFIPS = PR_FALSE;
+    PRBool isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
+
+    SECItem srcr;
+    SECItem crsr;
+
+    unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2];
+    unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
+    PRUint64 md5buf[22];
+    PRUint64 shabuf[40];
+
+#define md5Ctx ((MD5Context *)md5buf)
+#define shaCtx ((SHA1Context *)shabuf)
+
+    static const SECItem zed = { siBuffer, NULL, 0 };
+
+    if (pwSpec->msItem.data == NULL ||
+        pwSpec->msItem.len != SSL3_MASTER_SECRET_LENGTH) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return rv;
+    }
+
+    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
+                    pwSpec->msItem.len));
+
+    /* figure out how much is needed */
+    macSize = pwSpec->mac_size;
+    keySize = cipher_def->key_size;
+    effKeySize = cipher_def->secret_key_size;
+    IVSize = cipher_def->iv_size;
+    if (keySize == 0) {
+        effKeySize = IVSize = 0; /* only MACing */
+    }
+    if (cipher_def->type == type_block &&
+        pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */
+        explicitIV = PR_TRUE;
+    }
+    block_needed =
+        2 * (macSize + effKeySize + ((!isExport && !explicitIV) * IVSize));
+
+    /*
+     * clear out our returned keys so we can recover on failure
+     */
+    pwSpec->client.write_key_item = zed;
+    pwSpec->client.write_mac_key_item = zed;
+    pwSpec->server.write_key_item = zed;
+    pwSpec->server.write_mac_key_item = zed;
+
+    /* initialize the server random, client random block */
+    srcr.type = siBuffer;
+    srcr.data = srcrdata;
+    srcr.len = sizeof srcrdata;
+    PORT_Memcpy(srcrdata, sr, SSL3_RANDOM_LENGTH);
+    PORT_Memcpy(srcrdata + SSL3_RANDOM_LENGTH, cr, SSL3_RANDOM_LENGTH);
+
+    /* initialize the client random, server random block */
+    crsr.type = siBuffer;
+    crsr.data = crsrdata;
+    crsr.len = sizeof crsrdata;
+    PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
+    PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
+    PRINT_BUF(100, (NULL, "Key & MAC CRSR", crsr.data, crsr.len));
+
+    /*
+     * generate the key material:
+     */
+    if (isTLS) {
+        SECItem keyblk;
+
+        keyblk.type = siBuffer;
+        keyblk.data = key_block;
+        keyblk.len = block_needed;
+
+        if (isTLS12) {
+            status = TLS_P_hash(tls12HashType, &pwSpec->msItem,
+                                "key expansion", &srcr, &keyblk, isFIPS);
+        } else {
+            status = TLS_PRF(&pwSpec->msItem, "key expansion", &srcr, &keyblk,
+                             isFIPS);
+        }
+        if (status != SECSuccess) {
+            goto key_and_mac_derive_fail;
+        }
+        block_bytes = keyblk.len;
+    } else {
+        /* key_block =
+        *     MD5(master_secret + SHA('A' + master_secret +
+        *                      ServerHello.random + ClientHello.random)) +
+        *     MD5(master_secret + SHA('BB' + master_secret +
+        *                      ServerHello.random + ClientHello.random)) +
+        *     MD5(master_secret + SHA('CCC' + master_secret +
+        *                      ServerHello.random + ClientHello.random)) +
+        *     [...];
+        */
+        unsigned int made = 0;
+        for (i = 0; made < block_needed && i < NUM_MIXERS; ++i) {
+            unsigned int outLen;
+            unsigned char sha_out[SHA1_LENGTH];
+
+            SHA1_Begin(shaCtx);
+            SHA1_Update(shaCtx, (unsigned char *)(mixers[i]), i + 1);
+            SHA1_Update(shaCtx, pwSpec->msItem.data, pwSpec->msItem.len);
+            SHA1_Update(shaCtx, srcr.data, srcr.len);
+            SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
+            PORT_Assert(outLen == SHA1_LENGTH);
+
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, pwSpec->msItem.data, pwSpec->msItem.len);
+            MD5_Update(md5Ctx, sha_out, outLen);
+            MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
+            PORT_Assert(outLen == MD5_LENGTH);
+            made += MD5_LENGTH;
+        }
+        block_bytes = made;
+    }
+    PORT_Assert(block_bytes >= block_needed);
+    PORT_Assert(block_bytes <= sizeof pwSpec->key_block);
+    PRINT_BUF(100, (NULL, "key block", key_block, block_bytes));
+
+    /*
+     * Put the key material where it goes.
+     */
+    key_block2 = key_block + block_bytes;
+    i = 0; /* now shows how much consumed */
+
+    /*
+     * The key_block is partitioned as follows:
+     * client_write_MAC_secret[CipherSpec.hash_size]
+     */
+    buildSSLKey(&key_block[i], macSize, &pwSpec->client.write_mac_key_item,
+                "Client Write MAC Secret");
+    i += macSize;
+
+    /*
+     * server_write_MAC_secret[CipherSpec.hash_size]
+     */
+    buildSSLKey(&key_block[i], macSize, &pwSpec->server.write_mac_key_item,
+                "Server Write MAC Secret");
+    i += macSize;
+
+    if (!keySize) {
+        /* only MACing */
+        buildSSLKey(NULL, 0, &pwSpec->client.write_key_item,
+                    "Client Write Key (MAC only)");
+        buildSSLKey(NULL, 0, &pwSpec->server.write_key_item,
+                    "Server Write Key (MAC only)");
+        buildSSLKey(NULL, 0, &pwSpec->client.write_iv_item,
+                    "Client Write IV (MAC only)");
+        buildSSLKey(NULL, 0, &pwSpec->server.write_iv_item,
+                    "Server Write IV (MAC only)");
+    } else if (!isExport) {
+        /*
+        ** Generate Domestic write keys and IVs.
+        ** client_write_key[CipherSpec.key_material]
+        */
+        buildSSLKey(&key_block[i], keySize, &pwSpec->client.write_key_item,
+                    "Domestic Client Write Key");
+        i += keySize;
+
+        /*
+        ** server_write_key[CipherSpec.key_material]
+        */
+        buildSSLKey(&key_block[i], keySize, &pwSpec->server.write_key_item,
+                    "Domestic Server Write Key");
+        i += keySize;
+
+        if (IVSize > 0) {
+            if (explicitIV) {
+                static unsigned char zero_block[32];
+                PORT_Assert(IVSize <= sizeof zero_block);
+                buildSSLKey(&zero_block[0], IVSize,
+                            &pwSpec->client.write_iv_item,
+                            "Domestic Client Write IV");
+                buildSSLKey(&zero_block[0], IVSize,
+                            &pwSpec->server.write_iv_item,
+                            "Domestic Server Write IV");
+            } else {
+                /*
+                ** client_write_IV[CipherSpec.IV_size]
+                */
+                buildSSLKey(&key_block[i], IVSize,
+                            &pwSpec->client.write_iv_item,
+                            "Domestic Client Write IV");
+                i += IVSize;
+
+                /*
+                ** server_write_IV[CipherSpec.IV_size]
+                */
+                buildSSLKey(&key_block[i], IVSize,
+                            &pwSpec->server.write_iv_item,
+                            "Domestic Server Write IV");
+                i += IVSize;
+            }
+        }
+        PORT_Assert(i <= block_bytes);
+    } else if (!isTLS) {
+        /*
+        ** Generate SSL3 Export write keys and IVs.
+        */
+        unsigned int outLen;
+
+        /*
+        ** client_write_key[CipherSpec.key_material]
+        ** final_client_write_key = MD5(client_write_key +
+        **                   ClientHello.random + ServerHello.random);
+        */
+        MD5_Begin(md5Ctx);
+        MD5_Update(md5Ctx, &key_block[i], effKeySize);
+        MD5_Update(md5Ctx, crsr.data, crsr.len);
+        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+        i += effKeySize;
+        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
+                    "SSL3 Export Client Write Key");
+        key_block2 += keySize;
+
+        /*
+        ** server_write_key[CipherSpec.key_material]
+        ** final_server_write_key = MD5(server_write_key +
+        **                    ServerHello.random + ClientHello.random);
+        */
+        MD5_Begin(md5Ctx);
+        MD5_Update(md5Ctx, &key_block[i], effKeySize);
+        MD5_Update(md5Ctx, srcr.data, srcr.len);
+        MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+        i += effKeySize;
+        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
+                    "SSL3 Export Server Write Key");
+        key_block2 += keySize;
+        PORT_Assert(i <= block_bytes);
+
+        if (IVSize) {
+            /*
+            ** client_write_IV =
+            **  MD5(ClientHello.random + ServerHello.random);
+            */
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, crsr.data, crsr.len);
+            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+            buildSSLKey(key_block2, IVSize, &pwSpec->client.write_iv_item,
+                        "SSL3 Export Client Write IV");
+            key_block2 += IVSize;
+
+            /*
+            ** server_write_IV =
+            **  MD5(ServerHello.random + ClientHello.random);
+            */
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, srcr.data, srcr.len);
+            MD5_End(md5Ctx, key_block2, &outLen, MD5_LENGTH);
+            buildSSLKey(key_block2, IVSize, &pwSpec->server.write_iv_item,
+                        "SSL3 Export Server Write IV");
+            key_block2 += IVSize;
+        }
+
+        PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
+    } else {
+        /*
+        ** Generate TLS Export write keys and IVs.
+        */
+        SECItem secret;
+        SECItem keyblk;
+
+        secret.type = siBuffer;
+        keyblk.type = siBuffer;
+        /*
+        ** client_write_key[CipherSpec.key_material]
+        ** final_client_write_key = PRF(client_write_key,
+        **                              "client write key",
+        **                              client_random + server_random);
+        */
+        secret.data = &key_block[i];
+        secret.len = effKeySize;
+        i += effKeySize;
+        keyblk.data = key_block2;
+        keyblk.len = keySize;
+        status = TLS_PRF(&secret, "client write key", &crsr, &keyblk, isFIPS);
+        if (status != SECSuccess) {
+            goto key_and_mac_derive_fail;
+        }
+        buildSSLKey(key_block2, keySize, &pwSpec->client.write_key_item,
+                    "TLS Export Client Write Key");
+        key_block2 += keySize;
+
+        /*
+        ** server_write_key[CipherSpec.key_material]
+        ** final_server_write_key = PRF(server_write_key,
+        **                              "server write key",
+        **                              client_random + server_random);
+        */
+        secret.data = &key_block[i];
+        secret.len = effKeySize;
+        keyblk.data = key_block2;
+        keyblk.len = keySize;
+        status = TLS_PRF(&secret, "server write key", &crsr, &keyblk, isFIPS);
+        if (status != SECSuccess) {
+            goto key_and_mac_derive_fail;
+        }
+        buildSSLKey(key_block2, keySize, &pwSpec->server.write_key_item,
+                    "TLS Export Server Write Key");
+        key_block2 += keySize;
+
+        /*
+        ** iv_block = PRF("", "IV block", client_random + server_random);
+        ** client_write_IV[SecurityParameters.IV_size]
+        ** server_write_IV[SecurityParameters.IV_size]
+        */
+        if (IVSize) {
+            secret.data = NULL;
+            secret.len = 0;
+            keyblk.data = key_block2;
+            keyblk.len = 2 * IVSize;
+            status = TLS_PRF(&secret, "IV block", &crsr, &keyblk, isFIPS);
+            if (status != SECSuccess) {
+                goto key_and_mac_derive_fail;
+            }
+            buildSSLKey(key_block2, IVSize,
+                        &pwSpec->client.write_iv_item,
+                        "TLS Export Client Write IV");
+            buildSSLKey(key_block2 + IVSize, IVSize,
+                        &pwSpec->server.write_iv_item,
+                        "TLS Export Server Write IV");
+            key_block2 += 2 * IVSize;
+        }
+        PORT_Assert(key_block2 - key_block <= sizeof pwSpec->key_block);
+    }
+    rv = SECSuccess;
+
+key_and_mac_derive_fail:
+
+    MD5_DestroyContext(md5Ctx, PR_FALSE);
+    SHA1_DestroyContext(shaCtx, PR_FALSE);
+
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+    }
+
+    return rv;
+}
+
+/* derive the Master Secret from the PMS */
+/* Presently, this is only done wtih RSA PMS, and only on the server side,
+ * so isRSA is always true.
+ */
+SECStatus
+ssl3_MasterSecretDeriveBypass(
+    ssl3CipherSpec *pwSpec,
+    const unsigned char *cr,
+    const unsigned char *sr,
+    const SECItem *pms,
+    PRBool isTLS,
+    HASH_HashType tls12HashType,
+    PRBool isRSA)
+{
+    unsigned char *key_block = pwSpec->key_block;
+    SECStatus rv = SECSuccess;
+    PRBool isFIPS = PR_FALSE;
+    PRBool isTLS12 = pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2;
+
+    SECItem crsr;
+
+    unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2];
+    PRUint64 md5buf[22];
+    PRUint64 shabuf[40];
+
+#define md5Ctx ((MD5Context *)md5buf)
+#define shaCtx ((SHA1Context *)shabuf)
+
+    /* first do the consistancy checks */
+    if (isRSA) {
+        PORT_Assert(pms->len == SSL3_RSA_PMS_LENGTH);
+        if (pms->len != SSL3_RSA_PMS_LENGTH) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        /* caller must test PMS version for rollback */
+    }
+
+    /* initialize the client random, server random block */
+    crsr.type = siBuffer;
+    crsr.data = crsrdata;
+    crsr.len = sizeof crsrdata;
+    PORT_Memcpy(crsrdata, cr, SSL3_RANDOM_LENGTH);
+    PORT_Memcpy(crsrdata + SSL3_RANDOM_LENGTH, sr, SSL3_RANDOM_LENGTH);
+    PRINT_BUF(100, (NULL, "Master Secret CRSR", crsr.data, crsr.len));
+
+    /* finally do the key gen */
+    if (isTLS) {
+        SECItem master = { siBuffer, NULL, 0 };
+
+        master.data = key_block;
+        master.len = SSL3_MASTER_SECRET_LENGTH;
+
+        if (isTLS12) {
+            rv = TLS_P_hash(tls12HashType, pms, "master secret", &crsr,
+                            &master, isFIPS);
+        } else {
+            rv = TLS_PRF(pms, "master secret", &crsr, &master, isFIPS);
+        }
+        if (rv != SECSuccess) {
+            PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        }
+    } else {
+        int i;
+        unsigned int made = 0;
+        for (i = 0; i < 3; i++) {
+            unsigned int outLen;
+            unsigned char sha_out[SHA1_LENGTH];
+
+            SHA1_Begin(shaCtx);
+            SHA1_Update(shaCtx, (unsigned char *)mixers[i], i + 1);
+            SHA1_Update(shaCtx, pms->data, pms->len);
+            SHA1_Update(shaCtx, crsr.data, crsr.len);
+            SHA1_End(shaCtx, sha_out, &outLen, SHA1_LENGTH);
+            PORT_Assert(outLen == SHA1_LENGTH);
+
+            MD5_Begin(md5Ctx);
+            MD5_Update(md5Ctx, pms->data, pms->len);
+            MD5_Update(md5Ctx, sha_out, outLen);
+            MD5_End(md5Ctx, key_block + made, &outLen, MD5_LENGTH);
+            PORT_Assert(outLen == MD5_LENGTH);
+            made += outLen;
+        }
+    }
+
+    /* store the results */
+    PORT_Memcpy(pwSpec->raw_master_secret, key_block,
+                SSL3_MASTER_SECRET_LENGTH);
+    pwSpec->msItem.data = pwSpec->raw_master_secret;
+    pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH;
+    PRINT_BUF(100, (NULL, "Master Secret", pwSpec->msItem.data,
+                    pwSpec->msItem.len));
+
+    return rv;
+}
+
+static SECStatus
+ssl_canExtractMS(PK11SymKey *pms, PRBool isTLS, PRBool isDH, PRBool *pcbp)
+{
+    SECStatus rv;
+    PK11SymKey *ms = NULL;
+    SECItem params = { siBuffer, NULL, 0 };
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params;
+    unsigned char rand[SSL3_RANDOM_LENGTH];
+    CK_VERSION pms_version;
+    CK_MECHANISM_TYPE master_derive;
+    CK_MECHANISM_TYPE key_derive;
+    CK_FLAGS keyFlags;
+
+    if (pms == NULL)
+        return (SECFailure);
+
+    PORT_Memset(rand, 0, SSL3_RANDOM_LENGTH);
+
+    if (isTLS) {
+        if (isDH)
+            master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
+        else
+            master_derive = CKM_TLS_MASTER_KEY_DERIVE;
+        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+        keyFlags = CKF_SIGN | CKF_VERIFY;
+    } else {
+        if (isDH)
+            master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        else
+            master_derive = CKM_SSL3_MASTER_KEY_DERIVE;
+        key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
+        keyFlags = 0;
+    }
+
+    master_params.pVersion = &pms_version;
+    master_params.RandomInfo.pClientRandom = rand;
+    master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
+    master_params.RandomInfo.pServerRandom = rand;
+    master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
+
+    params.data = (unsigned char *)&master_params;
+    params.len = sizeof master_params;
+
+    ms = PK11_DeriveWithFlags(pms, master_derive, &params, key_derive,
+                              CKA_DERIVE, 0, keyFlags);
+    if (ms == NULL)
+        return (SECFailure);
+
+    rv = PK11_ExtractKeyValue(ms);
+    *pcbp = (rv == SECSuccess);
+    PK11_FreeSymKey(ms);
+
+    return (rv);
+}
+#endif /* !NO_PKCS11_BYPASS */
+
+/* Check the key exchange algorithm for each cipher in the list to see if
+ * a master secret key can be extracted. If the KEA will use keys from the
+ * specified cert make sure the extract operation is attempted from the slot
+ * where the private key resides.
+ * If MS can be extracted for all ciphers, (*pcanbypass) is set to TRUE and
+ * SECSuccess is returned. In all other cases but one (*pcanbypass) is
+ * set to FALSE and SECFailure is returned.
+ * In that last case Derive() has been called successfully but the MS is null,
+ * CanBypass sets (*pcanbypass) to FALSE and returns SECSuccess indicating the
+ * arguments were all valid but the slot cannot be bypassed.
+ */
+
+/* XXX Add SSL_CBP_TLS1_1 and test it in protocolmask when setting isTLS. */
+
+SECStatus
+SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
+              PRUint32 protocolmask, PRUint16 *ciphersuites, int nsuites,
+              PRBool *pcanbypass, void *pwArg)
+{
+#ifdef NO_PKCS11_BYPASS
+    if (!pcanbypass) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    *pcanbypass = PR_FALSE;
+    return SECSuccess;
+#else
+    SECStatus rv = SECFailure;
+    int i;
+    PRUint16 suite;
+    PK11SymKey *pms = NULL;
+    SECKEYPublicKey *srvPubkey = NULL;
+    KeyType privKeytype;
+    PK11SlotInfo *slot = NULL;
+    SECItem param;
+    CK_VERSION version;
+    CK_MECHANISM_TYPE mechanism_array[2];
+    SECItem enc_pms = { siBuffer, NULL, 0 };
+    PRBool isTLS = PR_FALSE;
+    SSLCipherSuiteInfo csdef;
+    PRBool testrsa = PR_FALSE;
+    PRBool testrsa_export = PR_FALSE;
+    PRBool testecdh = PR_FALSE;
+    PRBool testecdhe = PR_FALSE;
+    SECKEYECParams ecParams = { siBuffer, NULL, 0 };
+
+    if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    srvPubkey = CERT_ExtractPublicKey(cert);
+    if (!srvPubkey)
+        return SECFailure;
+
+    *pcanbypass = PR_TRUE;
+
+    /* determine which KEAs to test */
+    /* 0 (TLS_NULL_WITH_NULL_NULL) is used as a list terminator because
+     * SSL3 and TLS specs forbid negotiating that cipher suite number.
+     */
+    for (i = 0; i < nsuites && (suite = *ciphersuites++) != 0; i++) {
+        /* skip cipher suites NSS doesn't support */
+        if (SSL_GetCipherSuiteInfo(suite, &csdef, sizeof(csdef)) != SECSuccess)
+            continue;
+        switch (csdef.keaType) {
+            case ssl_kea_rsa:
+                switch (csdef.cipherSuite) {
+                    case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA:
+                    case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA:
+                    case TLS_RSA_EXPORT_WITH_RC4_40_MD5:
+                    case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+                        testrsa_export = PR_TRUE;
+                }
+                if (!testrsa_export)
+                    testrsa = PR_TRUE;
+                break;
+            case ssl_kea_ecdh:
+                if (strcmp(csdef.keaTypeName, "ECDHE") == 0) /* ephemeral? */
+                    testecdhe = PR_TRUE;
+                else
+                    testecdh = PR_TRUE;
+                break;
+            case ssl_kea_dh:
+            /* this is actually DHE */
+            default:
+                continue;
+        }
+    }
+
+    /* For each protocol try to derive and extract an MS.
+     * Failure of function any function except MS extract means
+     * continue with the next cipher test. Stop testing when the list is
+     * exhausted or when the first MS extract--not derive--fails.
+     */
+    privKeytype = SECKEY_GetPrivateKeyType(srvPrivkey);
+    protocolmask &= SSL_CBP_SSL3 | SSL_CBP_TLS1_0;
+    while (protocolmask) {
+        if (protocolmask & SSL_CBP_SSL3) {
+            isTLS = PR_FALSE;
+            protocolmask ^= SSL_CBP_SSL3;
+        } else {
+            isTLS = PR_TRUE;
+            protocolmask ^= SSL_CBP_TLS1_0;
+        }
+
+        if (privKeytype == rsaKey && testrsa_export) {
+            if (PK11_GetPrivateModulusLen(srvPrivkey) > EXPORT_RSA_KEY_LENGTH) {
+                *pcanbypass = PR_FALSE;
+                break;
+            } else
+                testrsa = PR_TRUE;
+        }
+        for (; privKeytype == rsaKey && testrsa;) {
+            /* TLS_RSA */
+            unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH];
+            unsigned int outLen = 0;
+            CK_MECHANISM_TYPE target;
+            SECStatus irv;
+
+            mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
+            mechanism_array[1] = CKM_RSA_PKCS;
+
+            slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
+            if (slot == NULL) {
+                PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
+                break;
+            }
+
+            /* Generate the pre-master secret ...  (client side) */
+            version.major = 3 /*MSB(clientHelloVersion)*/;
+            version.minor = 0 /*LSB(clientHelloVersion)*/;
+            param.data = (unsigned char *)&version;
+            param.len = sizeof version;
+            pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
+            PK11_FreeSlot(slot);
+            if (!pms)
+                break;
+            /* now wrap it */
+            enc_pms.len = SECKEY_PublicKeyStrength(srvPubkey);
+            enc_pms.data = (unsigned char *)PORT_Alloc(enc_pms.len);
+            if (enc_pms.data == NULL) {
+                PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
+                break;
+            }
+            irv = PK11_PubWrapSymKey(CKM_RSA_PKCS, srvPubkey, pms, &enc_pms);
+            if (irv != SECSuccess)
+                break;
+            PK11_FreeSymKey(pms);
+            pms = NULL;
+            /* now do the server side--check the triple bypass first */
+            rv = PK11_PrivDecryptPKCS1(srvPrivkey, rsaPmsBuf, &outLen,
+                                       sizeof rsaPmsBuf,
+                                       (unsigned char *)enc_pms.data,
+                                       enc_pms.len);
+            /* if decrypt worked we're done with the RSA test */
+            if (rv == SECSuccess) {
+                *pcanbypass = PR_TRUE;
+                break;
+            }
+            /* check for fallback to double bypass */
+            target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE
+                           : CKM_SSL3_MASTER_KEY_DERIVE;
+            pms = PK11_PubUnwrapSymKey(srvPrivkey, &enc_pms,
+                                       target, CKA_DERIVE, 0);
+            rv = ssl_canExtractMS(pms, isTLS, PR_FALSE, pcanbypass);
+            if (rv == SECSuccess && *pcanbypass == PR_FALSE)
+                goto done;
+            break;
+        }
+
+        /* Check for NULL to avoid double free.
+         * SECItem_FreeItem sets data NULL in secitem.c#265
+         */
+        if (enc_pms.data != NULL) {
+            SECITEM_FreeItem(&enc_pms, PR_FALSE);
+        }
+        for (; (privKeytype == ecKey && (testecdh || testecdhe)) ||
+               (privKeytype == rsaKey && testecdhe);) {
+            CK_MECHANISM_TYPE target;
+            SECKEYPublicKey *keapub = NULL;
+            SECKEYPrivateKey *keapriv;
+            SECKEYPublicKey *cpub = NULL; /* client's ephemeral ECDH keys */
+            SECKEYPrivateKey *cpriv = NULL;
+            SECKEYECParams *pecParams = NULL;
+
+            if (privKeytype == ecKey && testecdhe) {
+                /* TLS_ECDHE_ECDSA */
+                pecParams = &srvPubkey->u.ec.DEREncodedParams;
+            } else if (privKeytype == rsaKey && testecdhe) {
+                /* TLS_ECDHE_RSA */
+                const namedGroupDef *ecGroup;
+                int serverKeyStrengthInBits;
+                int signatureKeyStrength;
+                int requiredECCbits;
+
+                /* find a curve of equivalent strength to the RSA key's */
+                requiredECCbits = PK11_GetPrivateModulusLen(srvPrivkey);
+                if (requiredECCbits < 0)
+                    break;
+                requiredECCbits *= BPB;
+                serverKeyStrengthInBits = srvPubkey->u.rsa.modulus.len;
+                if (srvPubkey->u.rsa.modulus.data[0] == 0) {
+                    serverKeyStrengthInBits--;
+                }
+                /* convert to strength in bits */
+                serverKeyStrengthInBits *= BPB;
+
+                signatureKeyStrength =
+                    SSL_RSASTRENGTH_TO_ECSTRENGTH(serverKeyStrengthInBits);
+
+                if (requiredECCbits > signatureKeyStrength)
+                    requiredECCbits = signatureKeyStrength;
+
+                ecGroup = ssl_GetECGroupWithStrength(NULL, requiredECCbits);
+                rv = ssl_NamedGroup2ECParams(NULL, ecGroup, &ecParams);
+                if (rv == SECFailure) {
+                    break;
+                }
+                pecParams = &ecParams;
+            }
+
+            if (testecdhe) {
+                /* generate server's ephemeral keys */
+                keapriv = SECKEY_CreateECPrivateKey(pecParams, &keapub, NULL);
+                if (!keapriv || !keapub) {
+                    if (keapriv)
+                        SECKEY_DestroyPrivateKey(keapriv);
+                    if (keapub)
+                        SECKEY_DestroyPublicKey(keapub);
+                    PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
+                    rv = SECFailure;
+                    goto done;
+                }
+            } else {
+                /* TLS_ECDH_ECDSA */
+                keapub = srvPubkey;
+                keapriv = srvPrivkey;
+                pecParams = &srvPubkey->u.ec.DEREncodedParams;
+            }
+
+            /* perform client side ops */
+            /* generate a pair of ephemeral keys using server's parms */
+            cpriv = SECKEY_CreateECPrivateKey(pecParams, &cpub, NULL);
+            if (!cpriv || !cpub) {
+                if (testecdhe) {
+                    SECKEY_DestroyPrivateKey(keapriv);
+                    SECKEY_DestroyPublicKey(keapub);
+                }
+                PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
+                rv = SECFailure;
+                goto done;
+            }
+            /* now do the server side */
+            /* determine the PMS using client's public value */
+            target = isTLS ? CKM_TLS_MASTER_KEY_DERIVE_DH
+                           : CKM_SSL3_MASTER_KEY_DERIVE_DH;
+            pms = PK11_PubDeriveWithKDF(keapriv, cpub, PR_FALSE, NULL, NULL,
+                                        CKM_ECDH1_DERIVE,
+                                        target,
+                                        CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
+            rv = ssl_canExtractMS(pms, isTLS, PR_TRUE, pcanbypass);
+            SECKEY_DestroyPrivateKey(cpriv);
+            SECKEY_DestroyPublicKey(cpub);
+            if (testecdhe) {
+                SECKEY_DestroyPrivateKey(keapriv);
+                SECKEY_DestroyPublicKey(keapub);
+            }
+            if (rv == SECSuccess && *pcanbypass == PR_FALSE)
+                goto done;
+            break;
+        }
+        /* Check for NULL to avoid double free. */
+        if (ecParams.data != NULL) {
+            PORT_Free(ecParams.data);
+            ecParams.data = NULL;
+        }
+        if (pms)
+            PK11_FreeSymKey(pms);
+    }
+
+    /* *pcanbypass has been set */
+    rv = SECSuccess;
+
+done:
+    if (pms)
+        PK11_FreeSymKey(pms);
+
+    /* Check for NULL to avoid double free.
+     * SECItem_FreeItem sets data NULL in secitem.c#265
+     */
+    if (enc_pms.data != NULL) {
+        SECITEM_FreeItem(&enc_pms, PR_FALSE);
+    }
+    if (ecParams.data != NULL) {
+        PORT_Free(ecParams.data);
+        ecParams.data = NULL;
+    }
+
+    if (srvPubkey) {
+        SECKEY_DestroyPublicKey(srvPubkey);
+        srvPubkey = NULL;
+    }
+
+    return rv;
+#endif /* NO_PKCS11_BYPASS */
+}
diff --git a/nss/lib/ssl/dhe-param.c b/nss/lib/ssl/dhe-param.c
new file mode 100644
index 0000000..ad87cc4
--- /dev/null
+++ b/nss/lib/ssl/dhe-param.c
@@ -0,0 +1,418 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+static const unsigned char ff_dhe_g2[] = { 2 };
+
+static const unsigned char ff_dhe_2048_p[] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_2048_params = {
+    ssl_grp_ffdhe_2048,
+    { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) },
+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_3072_p[] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_3072_params = {
+    ssl_grp_ffdhe_3072,
+    { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) },
+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_4096_p[] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_4096_params = {
+    ssl_grp_ffdhe_4096,
+    { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) },
+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_6144_p[] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
+    0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
+    0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
+    0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
+    0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
+    0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
+    0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
+    0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
+    0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
+    0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
+    0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
+    0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
+    0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
+    0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
+    0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
+    0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
+    0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
+    0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
+    0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
+    0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
+    0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
+    0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
+    0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
+    0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
+    0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
+    0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
+    0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
+    0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
+    0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
+    0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
+    0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
+    0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
+    0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_6144_params = {
+    ssl_grp_ffdhe_6144,
+    { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) },
+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
+
+static const unsigned char ff_dhe_8192_p[] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A,
+    0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1,
+    0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95,
+    0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB,
+    0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9,
+    0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8,
+    0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A,
+    0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61,
+    0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0,
+    0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3,
+    0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35,
+    0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77,
+    0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72,
+    0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35,
+    0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A,
+    0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61,
+    0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB,
+    0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68,
+    0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4,
+    0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19,
+    0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70,
+    0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC,
+    0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61,
+    0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF,
+    0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83,
+    0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73,
+    0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05,
+    0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2,
+    0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA,
+    0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC,
+    0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B,
+    0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38,
+    0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07,
+    0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE,
+    0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C,
+    0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70,
+    0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44,
+    0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3,
+    0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF,
+    0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E,
+    0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D,
+    0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA,
+    0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E,
+    0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF,
+    0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C,
+    0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1,
+    0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB,
+    0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6,
+    0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18,
+    0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04,
+    0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A,
+    0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A,
+    0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32,
+    0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4,
+    0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38,
+    0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A,
+    0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C,
+    0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC,
+    0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF,
+    0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B,
+    0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1,
+    0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02,
+    0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A,
+    0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A,
+    0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6,
+    0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8,
+    0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C,
+    0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A,
+    0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71,
+    0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F,
+    0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77,
+    0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10,
+    0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8,
+    0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3,
+    0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E,
+    0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3,
+    0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4,
+    0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1,
+    0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92,
+    0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6,
+    0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82,
+    0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE,
+    0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C,
+    0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E,
+    0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46,
+    0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A,
+    0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17,
+    0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03,
+    0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04,
+    0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6,
+    0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69,
+    0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1,
+    0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4,
+    0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA,
+    0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38,
+    0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64,
+    0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43,
+    0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E,
+    0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF,
+    0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29,
+    0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65,
+    0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02,
+    0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4,
+    0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82,
+    0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C,
+    0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51,
+    0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22,
+    0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74,
+    0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE,
+    0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C,
+    0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC,
+    0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B,
+    0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9,
+    0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0,
+    0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31,
+    0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57,
+    0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8,
+    0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E,
+    0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30,
+    0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E,
+    0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE,
+    0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D,
+    0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D,
+    0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E,
+    0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C,
+    0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const ssl3DHParams ff_dhe_8192_params = {
+    ssl_grp_ffdhe_8192,
+    { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) },
+    { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) },
+};
diff --git a/nss/lib/ssl/dtlscon.c b/nss/lib/ssl/dtlscon.c
new file mode 100644
index 0000000..b33dc2a
--- /dev/null
+++ b/nss/lib/ssl/dtlscon.c
@@ -0,0 +1,1208 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * DTLS Protocol
+ */
+
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+
+#ifndef PR_ARRAY_SIZE
+#define PR_ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
+#endif
+
+static SECStatus dtls_TransmitMessageFlight(sslSocket *ss);
+static SECStatus dtls_StartRetransmitTimer(sslSocket *ss);
+static void dtls_RetransmitTimerExpiredCb(sslSocket *ss);
+static SECStatus dtls_SendSavedWriteData(sslSocket *ss);
+static void dtls_FinishedTimerCb(sslSocket *ss);
+
+/* -28 adjusts for the IP/UDP header */
+static const PRUint16 COMMON_MTU_VALUES[] = {
+    1500 - 28, /* Ethernet MTU */
+    1280 - 28, /* IPv6 minimum MTU */
+    576 - 28,  /* Common assumption */
+    256 - 28   /* We're in serious trouble now */
+};
+
+#define DTLS_COOKIE_BYTES 32
+
+/* List copied from ssl3con.c:cipherSuites */
+static const ssl3CipherSuite nonDTLSSuites[] = {
+    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+    TLS_DHE_DSS_WITH_RC4_128_SHA,
+    TLS_ECDH_RSA_WITH_RC4_128_SHA,
+    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
+    TLS_RSA_WITH_RC4_128_SHA,
+    0 /* End of list marker */
+};
+
+/* Map back and forth between TLS and DTLS versions in wire format.
+ * Mapping table is:
+ *
+ * TLS             DTLS
+ * 1.1 (0302)      1.0 (feff)
+ * 1.2 (0303)      1.2 (fefd)
+ * 1.3 (0304)      1.3 (fefc)
+ */
+SSL3ProtocolVersion
+dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv)
+{
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_1) {
+        return SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
+    }
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_2) {
+        return SSL_LIBRARY_VERSION_DTLS_1_2_WIRE;
+    }
+    if (tlsv == SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SSL_LIBRARY_VERSION_DTLS_1_3_WIRE;
+    }
+
+    /* Anything other than TLS 1.1 or 1.2 is an error, so return
+     * the invalid version 0xffff. */
+    return 0xffff;
+}
+
+/* Map known DTLS versions to known TLS versions.
+ * - Invalid versions (< 1.0) return a version of 0
+ * - Versions > known return a version one higher than we know of
+ * to accomodate a theoretically newer version */
+SSL3ProtocolVersion
+dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv)
+{
+    if (MSB(dtlsv) == 0xff) {
+        return 0;
+    }
+
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_0_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_1;
+    }
+    /* Handle the skipped version of DTLS 1.1 by returning
+     * an error. */
+    if (dtlsv == ((~0x0101) & 0xffff)) {
+        return 0;
+    }
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_2_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_2;
+    }
+    if (dtlsv == SSL_LIBRARY_VERSION_DTLS_1_3_WIRE) {
+        return SSL_LIBRARY_VERSION_TLS_1_3;
+    }
+
+    /* Return a fictional higher version than we know of */
+    return SSL_LIBRARY_VERSION_MAX_SUPPORTED + 1;
+}
+
+/* On this socket, Disable non-DTLS cipher suites in the argument's list */
+SECStatus
+ssl3_DisableNonDTLSSuites(sslSocket *ss)
+{
+    const ssl3CipherSuite *suite;
+
+    for (suite = nonDTLSSuites; *suite; ++suite) {
+        PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
+    }
+    return SECSuccess;
+}
+
+/* Allocate a DTLSQueuedMessage.
+ *
+ * Called from dtls_QueueMessage()
+ */
+static DTLSQueuedMessage *
+dtls_AllocQueuedMessage(ssl3CipherSpec *cwSpec, SSL3ContentType type,
+                        const unsigned char *data, PRUint32 len)
+{
+    DTLSQueuedMessage *msg = NULL;
+
+    msg = PORT_ZAlloc(sizeof(DTLSQueuedMessage));
+    if (!msg)
+        return NULL;
+
+    msg->data = PORT_Alloc(len);
+    if (!msg->data) {
+        PORT_Free(msg);
+        return NULL;
+    }
+    PORT_Memcpy(msg->data, data, len);
+
+    msg->len = len;
+    msg->cwSpec = cwSpec;
+    msg->type = type;
+    /* Safe if we are < 1.3, since the refct is
+     * already very high. */
+    tls13_CipherSpecAddRef(cwSpec);
+
+    return msg;
+}
+
+/*
+ * Free a handshake message
+ *
+ * Called from dtls_FreeHandshakeMessages()
+ */
+void
+dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg)
+{
+    if (!msg)
+        return;
+
+    /* Safe if we are < 1.3, since the refct is
+     * already very high. */
+    tls13_CipherSpecRelease(msg->cwSpec);
+    PORT_ZFree(msg->data, msg->len);
+    PORT_Free(msg);
+}
+
+/*
+ * Free a list of handshake messages
+ *
+ * Called from:
+ *              dtls_HandleHandshake()
+ *              ssl3_DestroySSL3Info()
+ */
+void
+dtls_FreeHandshakeMessages(PRCList *list)
+{
+    PRCList *cur_p;
+
+    while (!PR_CLIST_IS_EMPTY(list)) {
+        cur_p = PR_LIST_TAIL(list);
+        PR_REMOVE_LINK(cur_p);
+        dtls_FreeHandshakeMessage((DTLSQueuedMessage *)cur_p);
+    }
+}
+
+/* Called by dtls_HandleHandshake() and dtls_MaybeRetransmitHandshake() if a
+ * handshake message retransmission is detected. */
+static SECStatus
+dtls_RetransmitDetected(sslSocket *ss)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.hs.rtTimerCb == dtls_RetransmitTimerExpiredCb) {
+        /* Check to see if we retransmitted recently. If so,
+         * suppress the triggered retransmit. This avoids
+         * retransmit wars after packet loss.
+         * This is not in RFC 5346 but it should be.
+         */
+        if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
+            (ss->ssl3.hs.rtTimeoutMs / 4)) {
+            SSL_TRC(30,
+                    ("%d: SSL3[%d]: Shortcutting retransmit timer",
+                     SSL_GETPID(), ss->fd));
+
+            /* Cancel the timer and call the CB,
+             * which re-arms the timer */
+            dtls_CancelTimer(ss);
+            dtls_RetransmitTimerExpiredCb(ss);
+        } else {
+            SSL_TRC(30,
+                    ("%d: SSL3[%d]: Ignoring retransmission: "
+                     "last retransmission %dms ago, suppressed for %dms",
+                     SSL_GETPID(), ss->fd,
+                     PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted,
+                     ss->ssl3.hs.rtTimeoutMs / 4));
+        }
+
+    } else if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb) {
+        SSL_TRC(30, ("%d: SSL3[%d]: Retransmit detected in holddown",
+                     SSL_GETPID(), ss->fd));
+        /* Retransmit the messages and re-arm the timer
+         * Note that we are not backing off the timer here.
+         * The spec isn't clear and my reasoning is that this
+         * may be a re-ordered packet rather than slowness,
+         * so let's be aggressive. */
+        dtls_CancelTimer(ss);
+        rv = dtls_TransmitMessageFlight(ss);
+        if (rv == SECSuccess) {
+            rv = dtls_StartHolddownTimer(ss);
+        }
+
+    } else {
+        PORT_Assert(ss->ssl3.hs.rtTimerCb == NULL);
+        /* ... and ignore it. */
+    }
+    return rv;
+}
+
+static SECStatus
+dtls_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *data, PRBool last)
+{
+
+    /* At this point we are advancing our state machine, so we can free our last
+     * flight of messages. */
+    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+    ss->ssl3.hs.recvdHighWater = -1;
+
+    /* Reset the timer to the initial value if the retry counter
+     * is 0, per Sec. 4.2.4.1 */
+    dtls_CancelTimer(ss);
+    if (ss->ssl3.hs.rtRetries == 0) {
+        ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_INITIAL_MS;
+    }
+
+    return ssl3_HandleHandshakeMessage(ss, data, ss->ssl3.hs.msg_len,
+                                       last);
+}
+
+/* Called only from ssl3_HandleRecord, for each (deciphered) DTLS record.
+ * origBuf is the decrypted ssl record content and is expected to contain
+ * complete handshake records
+ * Caller must hold the handshake and RecvBuf locks.
+ *
+ * Note that this code uses msg_len for two purposes:
+ *
+ * (1) To pass the length to ssl3_HandleHandshakeMessage()
+ * (2) To carry the length of a message currently being reassembled
+ *
+ * However, unlike ssl3_HandleHandshake(), it is not used to carry
+ * the state of reassembly (i.e., whether one is in progress). That
+ * is carried in recvdHighWater and recvdFragments.
+ */
+#define OFFSET_BYTE(o) (o / 8)
+#define OFFSET_MASK(o) (1 << (o % 8))
+
+SECStatus
+dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
+{
+    /* XXX OK for now.
+     * This doesn't work properly with asynchronous certificate validation.
+     * because that returns a WOULDBLOCK error. The current DTLS
+     * applications do not need asynchronous validation, but in the
+     * future we will need to add this.
+     */
+    sslBuffer buf = *origBuf;
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    while (buf.len > 0) {
+        PRUint8 type;
+        PRUint32 message_length;
+        PRUint16 message_seq;
+        PRUint32 fragment_offset;
+        PRUint32 fragment_length;
+        PRUint32 offset;
+
+        if (buf.len < 12) {
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+            rv = SECFailure;
+            break;
+        }
+
+        /* Parse the header */
+        type = buf.buf[0];
+        message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
+        message_seq = (buf.buf[4] << 8) | buf.buf[5];
+        fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
+        fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
+
+#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
+        if (message_length > MAX_HANDSHAKE_MSG_LEN) {
+            (void)ssl3_DecodeError(ss);
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+            return SECFailure;
+        }
+#undef MAX_HANDSHAKE_MSG_LEN
+
+        buf.buf += 12;
+        buf.len -= 12;
+
+        /* This fragment must be complete */
+        if (buf.len < fragment_length) {
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+            rv = SECFailure;
+            break;
+        }
+
+        /* Sanity check the packet contents */
+        if ((fragment_length + fragment_offset) > message_length) {
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+            rv = SECFailure;
+            break;
+        }
+
+        /* There are three ways we could not be ready for this packet.
+         *
+         * 1. It's a partial next message.
+         * 2. It's a partial or complete message beyond the next
+         * 3. It's a message we've already seen
+         *
+         * If it's the complete next message we accept it right away.
+         * This is the common case for short messages
+         */
+        if ((message_seq == ss->ssl3.hs.recvMessageSeq) &&
+            (fragment_offset == 0) &&
+            (fragment_length == message_length)) {
+            /* Complete next message. Process immediately */
+            ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
+            ss->ssl3.hs.msg_len = message_length;
+
+            rv = dtls_HandleHandshakeMessage(ss, buf.buf,
+                                             buf.len == fragment_length);
+            if (rv == SECFailure) {
+                break; /* Discard the remainder of the record. */
+            }
+        } else {
+            if (message_seq < ss->ssl3.hs.recvMessageSeq) {
+                /* Case 3: we do an immediate retransmit if we're
+                 * in a waiting state. */
+                rv = dtls_RetransmitDetected(ss);
+                break;
+            } else if (message_seq > ss->ssl3.hs.recvMessageSeq) {
+                /* Case 2
+                 *
+                 * Ignore this message. This means we don't handle out of
+                 * order complete messages that well, but we're still
+                 * compliant and this probably does not happen often
+                 *
+                 * XXX OK for now. Maybe do something smarter at some point?
+                 */
+            } else {
+                /* Case 1
+                 *
+                 * Buffer the fragment for reassembly
+                 */
+                /* Make room for the message */
+                if (ss->ssl3.hs.recvdHighWater == -1) {
+                    PRUint32 map_length = OFFSET_BYTE(message_length) + 1;
+
+                    rv = sslBuffer_Grow(&ss->ssl3.hs.msg_body, message_length);
+                    if (rv != SECSuccess)
+                        break;
+                    /* Make room for the fragment map */
+                    rv = sslBuffer_Grow(&ss->ssl3.hs.recvdFragments,
+                                        map_length);
+                    if (rv != SECSuccess)
+                        break;
+
+                    /* Reset the reassembly map */
+                    ss->ssl3.hs.recvdHighWater = 0;
+                    PORT_Memset(ss->ssl3.hs.recvdFragments.buf, 0,
+                                ss->ssl3.hs.recvdFragments.space);
+                    ss->ssl3.hs.msg_type = (SSL3HandshakeType)type;
+                    ss->ssl3.hs.msg_len = message_length;
+                }
+
+                /* If we have a message length mismatch, abandon the reassembly
+                 * in progress and hope that the next retransmit will give us
+                 * something sane
+                 */
+                if (message_length != ss->ssl3.hs.msg_len) {
+                    ss->ssl3.hs.recvdHighWater = -1;
+                    PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+                    rv = SECFailure;
+                    break;
+                }
+
+                /* Now copy this fragment into the buffer */
+                PORT_Assert((fragment_offset + fragment_length) <=
+                            ss->ssl3.hs.msg_body.space);
+                PORT_Memcpy(ss->ssl3.hs.msg_body.buf + fragment_offset,
+                            buf.buf, fragment_length);
+
+                /* This logic is a bit tricky. We have two values for
+                 * reassembly state:
+                 *
+                 * - recvdHighWater contains the highest contiguous number of
+                 *   bytes received
+                 * - recvdFragments contains a bitmask of packets received
+                 *   above recvdHighWater
+                 *
+                 * This avoids having to fill in the bitmask in the common
+                 * case of adjacent fragments received in sequence
+                 */
+                if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
+                    /* Either this is the adjacent fragment or an overlapping
+                     * fragment */
+                    ss->ssl3.hs.recvdHighWater = fragment_offset +
+                                                 fragment_length;
+                } else {
+                    for (offset = fragment_offset;
+                         offset < fragment_offset + fragment_length;
+                         offset++) {
+                        ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] |=
+                            OFFSET_MASK(offset);
+                    }
+                }
+
+                /* Now figure out the new high water mark if appropriate */
+                for (offset = ss->ssl3.hs.recvdHighWater;
+                     offset < ss->ssl3.hs.msg_len; offset++) {
+                    /* Note that this loop is not efficient, since it counts
+                     * bit by bit. If we have a lot of out-of-order packets,
+                     * we should optimize this */
+                    if (ss->ssl3.hs.recvdFragments.buf[OFFSET_BYTE(offset)] &
+                        OFFSET_MASK(offset)) {
+                        ss->ssl3.hs.recvdHighWater++;
+                    } else {
+                        break;
+                    }
+                }
+
+                /* If we have all the bytes, then we are good to go */
+                if (ss->ssl3.hs.recvdHighWater == ss->ssl3.hs.msg_len) {
+                    rv = dtls_HandleHandshakeMessage(ss, ss->ssl3.hs.msg_body.buf,
+                                                     buf.len == fragment_length);
+
+                    if (rv == SECFailure) {
+                        break; /* Discard the rest of the record. */
+                    }
+                }
+            }
+        }
+
+        buf.buf += fragment_length;
+        buf.len -= fragment_length;
+    }
+
+    origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
+
+    /* XXX OK for now. In future handle rv == SECWouldBlock safely in order
+     * to deal with asynchronous certificate verification */
+    return rv;
+}
+
+/* Enqueue a message (either handshake or CCS)
+ *
+ * Called from:
+ *              dtls_StageHandshakeMessage()
+ *              ssl3_SendChangeCipherSpecs()
+ */
+SECStatus
+dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
+                  const SSL3Opaque *pIn, PRInt32 nIn)
+{
+    SECStatus rv = SECSuccess;
+    DTLSQueuedMessage *msg = NULL;
+    ssl3CipherSpec *spec;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    spec = ss->ssl3.cwSpec;
+    msg = dtls_AllocQueuedMessage(spec, type, pIn, nIn);
+
+    if (!msg) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        rv = SECFailure;
+    } else {
+        PR_APPEND_LINK(&msg->link, &ss->ssl3.hs.lastMessageFlight);
+    }
+
+    return rv;
+}
+
+/* Add DTLS handshake message to the pending queue
+ * Empty the sendBuf buffer.
+ * This function returns SECSuccess or SECFailure, never SECWouldBlock.
+ * Always set sendBuf.len to 0, even when returning SECFailure.
+ *
+ * Called from:
+ *              ssl3_AppendHandshakeHeader()
+ *              dtls_FlushHandshake()
+ */
+SECStatus
+dtls_StageHandshakeMessage(sslSocket *ss)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    /* This function is sometimes called when no data is actually to
+     * be staged, so just return SECSuccess. */
+    if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
+        return rv;
+
+    rv = dtls_QueueMessage(ss, content_handshake,
+                           ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len);
+
+    /* Whether we succeeded or failed, toss the old handshake data. */
+    ss->sec.ci.sendBuf.len = 0;
+    return rv;
+}
+
+/* Enqueue the handshake message in sendBuf (if any) and then
+ * transmit the resulting flight of handshake messages.
+ *
+ * Called from:
+ *              ssl3_FlushHandshake()
+ */
+SECStatus
+dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    rv = dtls_StageHandshakeMessage(ss);
+    if (rv != SECSuccess)
+        return rv;
+
+    if (!(flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
+        rv = dtls_TransmitMessageFlight(ss);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+
+        if (!(flags & ssl_SEND_FLAG_NO_RETRANSMIT)) {
+            rv = dtls_StartRetransmitTimer(ss);
+        }
+    }
+
+    return rv;
+}
+
+/* The callback for when the retransmit timer expires
+ *
+ * Called from:
+ *              dtls_CheckTimer()
+ *              dtls_HandleHandshake()
+ */
+static void
+dtls_RetransmitTimerExpiredCb(sslSocket *ss)
+{
+    SECStatus rv;
+
+    ss->ssl3.hs.rtRetries++;
+
+    if (!(ss->ssl3.hs.rtRetries % 3)) {
+        /* If one of the messages was potentially greater than > MTU,
+         * then downgrade. Do this every time we have retransmitted a
+         * message twice, per RFC 6347 Sec. 4.1.1 */
+        dtls_SetMTU(ss, ss->ssl3.hs.maxMessageSent - 1);
+    }
+
+    rv = dtls_TransmitMessageFlight(ss);
+    if (rv == SECSuccess) {
+        /* Re-arm the timer */
+        ss->ssl3.hs.rtTimeoutMs *= 2;
+        if (ss->ssl3.hs.rtTimeoutMs > DTLS_RETRANSMIT_MAX_MS) {
+            ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_MAX_MS;
+        }
+
+        ss->ssl3.hs.rtTimerStarted = PR_IntervalNow();
+        ss->ssl3.hs.rtTimerCb = dtls_RetransmitTimerExpiredCb;
+
+        SSL_TRC(30,
+                ("%d: SSL3[%d]: Retransmit #%d, next in %d",
+                 SSL_GETPID(), ss->fd,
+                 ss->ssl3.hs.rtRetries, ss->ssl3.hs.rtTimeoutMs));
+    }
+    /* else: OK for now. In future maybe signal the stack that we couldn't
+     * transmit. For now, let the read handle any real network errors */
+}
+
+/* Transmit a flight of handshake messages, stuffing them
+ * into as few records as seems reasonable
+ *
+ * Called from:
+ *             dtls_FlushHandshake()
+ *             dtls_RetransmitTimerExpiredCb()
+ */
+static SECStatus
+dtls_TransmitMessageFlight(sslSocket *ss)
+{
+    SECStatus rv = SECSuccess;
+    PRCList *msg_p;
+    PRUint16 room_left = ss->ssl3.mtu;
+    PRInt32 sent;
+
+    ssl_GetXmitBufLock(ss);
+    ssl_GetSpecReadLock(ss);
+
+    /* DTLS does not buffer its handshake messages in
+     * ss->pendingBuf, but rather in the lastMessageFlight
+     * structure. This is just a sanity check that
+     * some programming error hasn't inadvertantly
+     * stuffed something in ss->pendingBuf
+     */
+    PORT_Assert(!ss->pendingBuf.len);
+    for (msg_p = PR_LIST_HEAD(&ss->ssl3.hs.lastMessageFlight);
+         msg_p != &ss->ssl3.hs.lastMessageFlight;
+         msg_p = PR_NEXT_LINK(msg_p)) {
+        DTLSQueuedMessage *msg = (DTLSQueuedMessage *)msg_p;
+
+        /* The logic here is:
+         *
+         * 1. If this is a message that will not fit into the remaining
+         *    space, then flush.
+         * 2. If the message will now fit into the remaining space,
+         *    encrypt, buffer, and loop.
+         * 3. If the message will not fit, then fragment.
+         *
+         * At the end of the function, flush.
+         */
+        if ((msg->len + SSL3_BUFFER_FUDGE) > room_left) {
+            /* The message will not fit into the remaining space, so flush */
+            rv = dtls_SendSavedWriteData(ss);
+            if (rv != SECSuccess)
+                break;
+
+            room_left = ss->ssl3.mtu;
+        }
+
+        if ((msg->len + SSL3_BUFFER_FUDGE) <= room_left) {
+            /* The message will fit, so encrypt and then continue with the
+             * next packet */
+            sent = ssl3_SendRecord(ss, msg->cwSpec, msg->type,
+                                   msg->data, msg->len,
+                                   ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+            if (sent != msg->len) {
+                rv = SECFailure;
+                if (sent != -1) {
+                    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                }
+                break;
+            }
+
+            room_left = ss->ssl3.mtu - ss->pendingBuf.len;
+        } else {
+            /* The message will not fit, so fragment.
+             *
+             * XXX OK for now. Arrange to coalesce the last fragment
+             * of this message with the next message if possible.
+             * That would be more efficient.
+             */
+            PRUint32 fragment_offset = 0;
+            unsigned char fragment[DTLS_MAX_MTU]; /* >= than largest
+                                                   * plausible MTU */
+
+            /* Assert that we have already flushed */
+            PORT_Assert(room_left == ss->ssl3.mtu);
+
+            /* Case 3: We now need to fragment this message
+             * DTLS only supports fragmenting handshaking messages */
+            PORT_Assert(msg->type == content_handshake);
+
+            /* The headers consume 12 bytes so the smalles possible
+             *  message (i.e., an empty one) is 12 bytes
+             */
+            PORT_Assert(msg->len >= 12);
+
+            while ((fragment_offset + 12) < msg->len) {
+                PRUint32 fragment_len;
+                const unsigned char *content = msg->data + 12;
+                PRUint32 content_len = msg->len - 12;
+
+                /* The reason we use 8 here is that that's the length of
+                 * the new DTLS data that we add to the header */
+                fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8),
+                                      content_len - fragment_offset);
+                PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
+                /* Make totally sure that we are within the buffer.
+                 * Note that the only way that fragment len could get
+                 * adjusted here is if
+                 *
+                 * (a) we are in release mode so the PORT_Assert is compiled out
+                 * (b) either the MTU table is inconsistent with DTLS_MAX_MTU
+                 * or ss->ssl3.mtu has become corrupt.
+                 */
+                fragment_len = PR_MIN(fragment_len, DTLS_MAX_MTU - 12);
+
+                /* Construct an appropriate-sized fragment */
+                /* Type, length, sequence */
+                PORT_Memcpy(fragment, msg->data, 6);
+
+                /* Offset */
+                fragment[6] = (fragment_offset >> 16) & 0xff;
+                fragment[7] = (fragment_offset >> 8) & 0xff;
+                fragment[8] = (fragment_offset)&0xff;
+
+                /* Fragment length */
+                fragment[9] = (fragment_len >> 16) & 0xff;
+                fragment[10] = (fragment_len >> 8) & 0xff;
+                fragment[11] = (fragment_len)&0xff;
+
+                PORT_Memcpy(fragment + 12, content + fragment_offset,
+                            fragment_len);
+
+                /*
+                 *  Send the record. We do this in two stages
+                 * 1. Encrypt
+                 */
+                sent = ssl3_SendRecord(ss, msg->cwSpec, msg->type,
+                                       fragment, fragment_len + 12,
+                                       ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+                if (sent != (fragment_len + 12)) {
+                    rv = SECFailure;
+                    if (sent != -1) {
+                        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                    }
+                    break;
+                }
+
+                /* 2. Flush */
+                rv = dtls_SendSavedWriteData(ss);
+                if (rv != SECSuccess)
+                    break;
+
+                fragment_offset += fragment_len;
+            }
+        }
+    }
+
+    /* Finally, we need to flush */
+    if (rv == SECSuccess)
+        rv = dtls_SendSavedWriteData(ss);
+
+    /* Give up the locks */
+    ssl_ReleaseSpecReadLock(ss);
+    ssl_ReleaseXmitBufLock(ss);
+
+    return rv;
+}
+
+/* Flush the data in the pendingBuf and update the max message sent
+ * so we can adjust the MTU estimate if we need to.
+ * Wrapper for ssl_SendSavedWriteData.
+ *
+ * Called from dtls_TransmitMessageFlight()
+ */
+static SECStatus
+dtls_SendSavedWriteData(sslSocket *ss)
+{
+    PRInt32 sent;
+
+    sent = ssl_SendSavedWriteData(ss);
+    if (sent < 0)
+        return SECFailure;
+
+    /* We should always have complete writes b/c datagram sockets
+     * don't really block */
+    if (ss->pendingBuf.len > 0) {
+        ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
+        return SECFailure;
+    }
+
+    /* Update the largest message sent so we can adjust the MTU
+     * estimate if necessary */
+    if (sent > ss->ssl3.hs.maxMessageSent)
+        ss->ssl3.hs.maxMessageSent = sent;
+
+    return SECSuccess;
+}
+
+static SECStatus
+dtls_StartTimer(sslSocket *ss, PRUint32 time, DTLSTimerCb cb)
+{
+    PORT_Assert(ss->ssl3.hs.rtTimerCb == NULL);
+
+    ss->ssl3.hs.rtRetries = 0;
+    ss->ssl3.hs.rtTimerStarted = PR_IntervalNow();
+    ss->ssl3.hs.rtTimeoutMs = time;
+    ss->ssl3.hs.rtTimerCb = cb;
+    return SECSuccess;
+}
+
+/* Start a timer for retransmission. */
+static SECStatus
+dtls_StartRetransmitTimer(sslSocket *ss)
+{
+    return dtls_StartTimer(ss, DTLS_RETRANSMIT_INITIAL_MS,
+                           dtls_RetransmitTimerExpiredCb);
+}
+
+/* Start a timer for holding an old cipher spec. */
+SECStatus
+dtls_StartHolddownTimer(sslSocket *ss)
+{
+    return dtls_StartTimer(ss, DTLS_RETRANSMIT_FINISHED_MS,
+                           dtls_FinishedTimerCb);
+}
+
+/* Cancel a pending timer
+ *
+ * Called from:
+ *              dtls_HandleHandshake()
+ *              dtls_CheckTimer()
+ */
+void
+dtls_CancelTimer(sslSocket *ss)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+
+    ss->ssl3.hs.rtTimerCb = NULL;
+}
+
+/* Check the pending timer and fire the callback if it expired
+ *
+ * Called from ssl3_GatherCompleteHandshake()
+ */
+void
+dtls_CheckTimer(sslSocket *ss)
+{
+    ssl_GetSSL3HandshakeLock(ss);
+    if (!ss->ssl3.hs.rtTimerCb) {
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        return;
+    }
+
+    if ((PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted) >
+        PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs)) {
+        /* Timer has expired */
+        DTLSTimerCb cb = ss->ssl3.hs.rtTimerCb;
+
+        /* Cancel the timer so that we can call the CB safely */
+        dtls_CancelTimer(ss);
+
+        /* Now call the CB */
+        cb(ss);
+    }
+    ssl_ReleaseSSL3HandshakeLock(ss);
+}
+
+/* The callback to fire when the holddown timer for the Finished
+ * message expires and we can delete it
+ *
+ * Called from dtls_CheckTimer()
+ */
+static void
+dtls_FinishedTimerCb(sslSocket *ss)
+{
+    dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE);
+    }
+}
+
+/* Cancel the Finished hold-down timer and destroy the
+ * pending cipher spec. Note that this means that
+ * successive rehandshakes will fail if the Finished is
+ * lost.
+ *
+ * XXX OK for now. Figure out how to handle the combination
+ * of Finished lost and rehandshake
+ */
+void
+dtls_RehandshakeCleanup(sslSocket *ss)
+{
+    /* Skip this if we are handling a second ClientHello. */
+    if (ss->ssl3.hs.helloRetry) {
+        return;
+    }
+    PORT_Assert((ss->version < SSL_LIBRARY_VERSION_TLS_1_3));
+    dtls_CancelTimer(ss);
+    ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE);
+    ss->ssl3.hs.sendMessageSeq = 0;
+    ss->ssl3.hs.recvMessageSeq = 0;
+}
+
+/* Set the MTU to the next step less than or equal to the
+ * advertised value. Also used to downgrade the MTU by
+ * doing dtls_SetMTU(ss, biggest packet set).
+ *
+ * Passing 0 means set this to the largest MTU known
+ * (effectively resetting the PMTU backoff value).
+ *
+ * Called by:
+ *            ssl3_InitState()
+ *            dtls_RetransmitTimerExpiredCb()
+ */
+void
+dtls_SetMTU(sslSocket *ss, PRUint16 advertised)
+{
+    int i;
+
+    if (advertised == 0) {
+        ss->ssl3.mtu = COMMON_MTU_VALUES[0];
+        SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+        return;
+    }
+
+    for (i = 0; i < PR_ARRAY_SIZE(COMMON_MTU_VALUES); i++) {
+        if (COMMON_MTU_VALUES[i] <= advertised) {
+            ss->ssl3.mtu = COMMON_MTU_VALUES[i];
+            SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+            return;
+        }
+    }
+
+    /* Fallback */
+    ss->ssl3.mtu = COMMON_MTU_VALUES[PR_ARRAY_SIZE(COMMON_MTU_VALUES) - 1];
+    SSL_TRC(30, ("Resetting MTU to %d", ss->ssl3.mtu));
+}
+
+/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a
+ * DTLS hello_verify_request
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+SECStatus
+dtls_HandleHelloVerifyRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    int errCode = SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST;
+    SECStatus rv;
+    SSL3ProtocolVersion temp;
+    SSL3AlertDescription desc = illegal_parameter;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle hello_verify_request handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.hs.ws != wait_server_hello) {
+        errCode = SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST;
+        desc = unexpected_message;
+        goto alert_loser;
+    }
+
+    /* The version.
+     *
+     * RFC 4347 required that you verify that the server versions
+     * match (Section 4.2.1) in the HelloVerifyRequest and the
+     * ServerHello.
+     *
+     * RFC 6347 suggests (SHOULD) that servers always use 1.0 in
+     * HelloVerifyRequest and allows the versions not to match,
+     * especially when 1.2 is being negotiated.
+     *
+     * Therefore we do not do anything to enforce a match, just
+     * read and check that this value is sane.
+     */
+    rv = ssl_ClientReadVersion(ss, &b, &length, &temp);
+    if (rv != SECSuccess) {
+        goto loser; /* alert has been sent */
+    }
+
+    /* Read the cookie.
+     * IMPORTANT: The value of ss->ssl3.hs.cookie is only valid while the
+     * HelloVerifyRequest message remains valid. */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &ss->ssl3.hs.cookie, 1, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* alert has been sent */
+    }
+    if (ss->ssl3.hs.cookie.len > DTLS_COOKIE_BYTES) {
+        desc = decode_error;
+        goto alert_loser; /* malformed. */
+    }
+
+    ssl_GetXmitBufLock(ss); /*******************************/
+
+    /* Now re-send the client hello */
+    rv = ssl3_SendClientHello(ss, client_hello_retransmit);
+
+    ssl_ReleaseXmitBufLock(ss); /*******************************/
+
+    if (rv == SECSuccess)
+        return rv;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+
+loser:
+    ssl_MapLowLevelError(errCode);
+    return SECFailure;
+}
+
+/* Initialize the DTLS anti-replay window
+ *
+ * Called from:
+ *              ssl3_SetupPendingCipherSpec()
+ *              ssl3_InitCipherSpec()
+ */
+void
+dtls_InitRecvdRecords(DTLSRecvdRecords *records)
+{
+    PORT_Memset(records->data, 0, sizeof(records->data));
+    records->left = 0;
+    records->right = DTLS_RECVD_RECORDS_WINDOW - 1;
+}
+
+/*
+ * Has this DTLS record been received? Return values are:
+ * -1 -- out of range to the left
+ *  0 -- not received yet
+ *  1 -- replay
+ *
+ *  Called from: ssl3_HandleRecord()
+ */
+int
+dtls_RecordGetRecvd(const DTLSRecvdRecords *records, sslSequenceNumber seq)
+{
+    PRUint64 offset;
+
+    /* Out of range to the left */
+    if (seq < records->left) {
+        return -1;
+    }
+
+    /* Out of range to the right; since we advance the window on
+     * receipt, that means that this packet has not been received
+     * yet */
+    if (seq > records->right)
+        return 0;
+
+    offset = seq % DTLS_RECVD_RECORDS_WINDOW;
+
+    return !!(records->data[offset / 8] & (1 << (offset % 8)));
+}
+
+/* Update the DTLS anti-replay window
+ *
+ * Called from ssl3_HandleRecord()
+ */
+void
+dtls_RecordSetRecvd(DTLSRecvdRecords *records, sslSequenceNumber seq)
+{
+    PRUint64 offset;
+
+    if (seq < records->left)
+        return;
+
+    if (seq > records->right) {
+        sslSequenceNumber new_left;
+        sslSequenceNumber new_right;
+        sslSequenceNumber right;
+
+        /* Slide to the right; this is the tricky part
+         *
+         * 1. new_top is set to have room for seq, on the
+         *    next byte boundary by setting the right 8
+         *    bits of seq
+         * 2. new_left is set to compensate.
+         * 3. Zero all bits between top and new_top. Since
+         *    this is a ring, this zeroes everything as-yet
+         *    unseen. Because we always operate on byte
+         *    boundaries, we can zero one byte at a time
+         */
+        new_right = seq | 0x07;
+        new_left = (new_right - DTLS_RECVD_RECORDS_WINDOW) + 1;
+
+        if (new_right > records->right + DTLS_RECVD_RECORDS_WINDOW) {
+            PORT_Memset(records->data, 0, sizeof(records->data));
+        } else {
+            for (right = records->right + 8; right <= new_right; right += 8) {
+                offset = right % DTLS_RECVD_RECORDS_WINDOW;
+                records->data[offset / 8] = 0;
+            }
+        }
+
+        records->right = new_right;
+        records->left = new_left;
+    }
+
+    offset = seq % DTLS_RECVD_RECORDS_WINDOW;
+
+    records->data[offset / 8] |= (1 << (offset % 8));
+}
+
+SECStatus
+DTLS_GetHandshakeTimeout(PRFileDesc *socket, PRIntervalTime *timeout)
+{
+    sslSocket *ss = NULL;
+    PRIntervalTime elapsed;
+    PRIntervalTime desired;
+
+    ss = ssl_FindSocket(socket);
+
+    if (!ss)
+        return SECFailure;
+
+    if (!IS_DTLS(ss))
+        return SECFailure;
+
+    if (!ss->ssl3.hs.rtTimerCb)
+        return SECFailure;
+
+    elapsed = PR_IntervalNow() - ss->ssl3.hs.rtTimerStarted;
+    desired = PR_MillisecondsToInterval(ss->ssl3.hs.rtTimeoutMs);
+    if (elapsed > desired) {
+        /* Timer expired */
+        *timeout = PR_INTERVAL_NO_WAIT;
+    } else {
+        *timeout = desired - elapsed;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * DTLS relevance checks:
+ * Note that this code currently ignores all out-of-epoch packets,
+ * which means we lose some in the case of rehandshake +
+ * loss/reordering. Since DTLS is explicitly unreliable, this
+ * seems like a good tradeoff for implementation effort and is
+ * consistent with the guidance of RFC 6347 Sections 4.1 and 4.2.4.1.
+ *
+ * If the packet is not relevant, this function returns PR_FALSE.
+ * If the packet is relevant, this function returns PR_TRUE
+ * and sets |*seqNum| to the packet sequence number.
+ */
+PRBool
+dtls_IsRelevant(sslSocket *ss, const SSL3Ciphertext *cText,
+                PRBool *sameEpoch, PRUint64 *seqNum)
+{
+    const ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
+    DTLSEpoch epoch;
+    sslSequenceNumber dtls_seq_num;
+
+    epoch = cText->seq_num >> 48;
+    *sameEpoch = crSpec->epoch == epoch;
+    if (!*sameEpoch) {
+        SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, received packet "
+                 "from irrelevant epoch %d",
+                 SSL_GETPID(), ss->fd, epoch));
+        return PR_FALSE;
+    }
+
+    dtls_seq_num = cText->seq_num & RECORD_SEQ_MAX;
+    if (dtls_RecordGetRecvd(&crSpec->recvdRecords, dtls_seq_num) != 0) {
+        SSL_DBG(("%d: SSL3[%d]: dtls_IsRelevant, rejecting "
+                 "potentially replayed packet",
+                 SSL_GETPID(), ss->fd));
+        return PR_FALSE;
+    }
+
+    *seqNum = dtls_seq_num;
+    return PR_TRUE;
+}
+
+/* In TLS 1.3, a client that receives a retransmission of the server's first
+ * flight will reject that message and discard it (see dtls_IsRelevant() above).
+ * However, we need to trigger retransmission to prevent loss of the client's
+ * last flight from causing the connection to fail.
+ *
+ * This only triggers for a retransmitted ServerHello.  Other (encrypted)
+ * handshake messages do not trigger retransmission, so we are a little more
+ * exposed to loss than is ideal.
+ *
+ * Note: This isn't an issue in earlier versions because the second-to-last
+ * flight (sent by the server) includes the Finished message, which is not
+ * dropped because it has the same epoch that the client currently expects.
+ */
+SECStatus
+dtls_MaybeRetransmitHandshake(sslSocket *ss, const SSL3Ciphertext *cText,
+                              PRBool sameEpoch)
+{
+    SECStatus rv = SECSuccess;
+    DTLSEpoch messageEpoch = cText->seq_num >> 48;
+
+    /* Drop messages from other epochs if we are ignoring things. */
+    if (!sameEpoch && ss->ssl3.hs.zeroRttIgnore != ssl_0rtt_ignore_none) {
+        return SECSuccess;
+    }
+
+    if (!ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
+        messageEpoch == 0 && cText->type == content_handshake) {
+        ssl_GetSSL3HandshakeLock(ss);
+        if (ss->ssl3.hs.rtTimerCb == dtls_FinishedTimerCb &&
+            ss->ssl3.hs.ws == idle_handshake) {
+            rv = dtls_RetransmitDetected(ss);
+        }
+        ssl_ReleaseSSL3HandshakeLock(ss);
+    }
+    return rv;
+}
diff --git a/nss/lib/ssl/exports.gyp b/nss/lib/ssl/exports.gyp
new file mode 100644
index 0000000..e2123af
--- /dev/null
+++ b/nss/lib/ssl/exports.gyp
@@ -0,0 +1,29 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_ssl_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'preenc.h',
+            'ssl.h',
+            'sslerr.h',
+            'sslproto.h',
+            'sslt.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/ssl/manifest.mn b/nss/lib/ssl/manifest.mn
new file mode 100644
index 0000000..de5a7c1
--- /dev/null
+++ b/nss/lib/ssl/manifest.mn
@@ -0,0 +1,59 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+# DEFINES = -DTRACE
+
+EXPORTS = \
+        ssl.h \
+        sslt.h \
+        sslerr.h \
+        sslproto.h \
+        tlsproofstr.h \
+        preenc.h \
+        $(NULL)
+
+MODULE = nss
+MAPFILE = $(OBJDIR)/ssl.def
+
+CSRCS = \
+        dtlscon.c \
+        prelib.c \
+        ssl3con.c \
+        ssl3gthr.c \
+        sslauth.c \
+        sslcon.c \
+        ssldef.c \
+        sslenum.c \
+        sslerr.c \
+        sslerrstrs.c \
+        sslinit.c \
+        ssl3ext.c \
+        ssl3exthandle.c \
+        sslmutex.c \
+        sslnonce.c \
+        sslreveal.c \
+        sslsecur.c \
+        sslsnce.c \
+        sslsock.c \
+        ssltrace.c \
+        sslver.c \
+        authcert.c \
+        cmpcert.c \
+        sslinfo.c \
+        ssl3ecc.c \
+        tls13con.c \
+        tls13exthandle.c \
+        tls13hkdf.c \
+        sslcert.c \
+        sslgrp.c \
+        tlsproof.c \
+        $(NULL)
+
+LIBRARY_NAME = ssl
+LIBRARY_VERSION = 3
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/ssl/notes.txt b/nss/lib/ssl/notes.txt
new file mode 100644
index 0000000..7a8998a
--- /dev/null
+++ b/nss/lib/ssl/notes.txt
@@ -0,0 +1,104 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SSL's Buffers: enumerated and explained.
+
+---------------------------------------------------------------------------
+incoming:
+
+gs = ss->gather
+hs = ss->ssl3->hs
+
+gs->inbuf   incoming (encrypted) ssl records are placed here,
+        and then decrypted (or copied) to gs->buf.
+
+gs->buf     ssl3_HandleHandshake puts decrypted ssl records here.
+
+hs.msg_body When an incoming handshake message spans more
+        than one ssl record, the first part(s) of it are accumulated
+        here until it all arrives.
+
+hs.msgState an alternative set of pointers/lengths for gs->buf.
+        Used only when a handleHandshake function returns SECWouldBlock.
+        ssl3_HandleHandshake remembers how far it previously got by
+        using these pointers instead of gs->buf when it is called
+        after a previous SECWouldBlock return.
+
+---------------------------------------------------------------------------
+outgoing:
+
+sec = ss->sec
+ci  = ss->sec->ci   /* connect info */
+
+ci->sendBuf Outgoing handshake messages are appended to this buffer.
+        This buffer will then be sent as a single SSL record.
+
+sec->writeBuf   outgoing ssl records are constructed here and encrypted in
+        place before being written or copied to pendingBuf.
+
+ss->pendingBuf  contains outgoing ciphertext that was saved after a write
+        attempt to the socket failed, e.g. EWouldBlock.
+        Generally empty with blocking sockets (should be no incomplete
+        writes).
+
+ss->saveBuf Used only by socks code.  Intended to be used to buffer
+        outgoing data until a socks handshake completes.  However,
+        this buffer is always empty.  There is no code to put
+        anything into it.
+
+---------------------------------------------------------------------------
+
+SECWouldBlock means that the function cannot make progress because it is
+waiting for some event OTHER THAN socket I/O completion (e.g. waiting for
+user dialog to finish).  It is not the same as EWOULDBLOCK.
+
+---------------------------------------------------------------------------
+
+Rank (order) of locks
+
+recvLock ->\ firstHandshake -> recvbuf -> ssl3Handshake -> xmitbuf -> "spec"
+sendLock ->/
+
+crypto and hash Data that must be protected while turning plaintext into
+ciphertext:
+
+SSl3:   (in ssl3_SendPlainText)
+    ss->ssl3            (the pointer)
+    ss->ssl3->current_write*    (the pointer and the data in the spec
+                     and any data referenced by the spec.
+
+    ss->sec->isServer
+    ss->sec->writebuf* (ptr & content) locked by xmitBufLock
+    "buf"                  locked by xmitBufLock
+
+crypto and hash data that must be protected while turning ciphertext into
+plaintext:
+
+SSL3:   (in ssl3_HandleRecord )
+    ssl3->current_read* (the pointer and all data refernced)
+    ss->sec->isServer
+
+
+Data that must be protected while being used by a "writer":
+
+ss->pendingBuf.*
+ss->saveBuf.*       (which is dead)
+
+in ssl3_sendPlainText
+
+ss->ssl3->current_write-> (spec)
+ss->sec->writeBuf.*
+ss->sec->isServer
+
+in SendBlock
+
+ss->sec->writeBuf.*
+ss->pendingBuf
+
+--------------------------------------------------------------------------
+
+Data variables (not const) protected by the "sslGlobalDataLock".
+Note, this really should be a reader/writer lock.
+
+cipherSuites[]      ssl3con.c
diff --git a/nss/lib/ssl/os2_err.c b/nss/lib/ssl/os2_err.c
new file mode 100644
index 0000000..6e3d423
--- /dev/null
+++ b/nss/lib/ssl/os2_err.c
@@ -0,0 +1,330 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * This file essentially replicates NSPR's source for the functions that
+ * map system-specific error codes to NSPR error codes.  We would use
+ * NSPR's functions, instead of duplicating them, but they're private.
+ * As long as SSL's server session cache code must do platform native I/O
+ * to accomplish its job, and NSPR's error mapping functions remain private,
+ * this code will continue to need to be replicated.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prerror.h"
+#include "prlog.h"
+#include <errno.h>
+
+/*
+ * Based on win32err.c
+ * OS2TODO Stub everything for now to build. HCT
+ */
+
+/* forward declaration. */
+void nss_MD_os2_map_default_error(PRInt32 err);
+
+void
+nss_MD_os2_map_opendir_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_closedir_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_readdir_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_delete_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+/* The error code for stat() is in errno. */
+void
+nss_MD_os2_map_stat_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_fstat_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_rename_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+/* The error code for access() is in errno. */
+void
+nss_MD_os2_map_access_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_mkdir_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_rmdir_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_read_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_transmitfile_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_write_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_lseek_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_fsync_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+/*
+ * For both CloseHandle() and closesocket().
+ */
+void
+nss_MD_os2_map_close_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_socket_error(PRInt32 err)
+{
+    //  PR_ASSERT(err != WSANOTINITIALISED);
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_recv_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_recvfrom_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_send_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //     case WSAEMSGSIZE:  prError = PR_INVALID_ARGUMENT_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_sendto_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //    case WSAEMSGSIZE:     prError = PR_INVALID_ARGUMENT_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_accept_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
+        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_acceptex_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_connect_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //    case WSAEWOULDBLOCK: prError = PR_IN_PROGRESS_ERROR; break;
+        //    case WSAEINVAL:   prError = PR_ALREADY_INITIATED_ERROR; break;
+        //    case WSAETIMEDOUT:    prError = PR_IO_TIMEOUT_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_bind_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //  case WSAEINVAL:     prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_listen_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //    case WSAEOPNOTSUPP: prError = PR_NOT_TCP_SOCKET_ERROR; break;
+        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_shutdown_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_getsockname_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //    case WSAEINVAL:   prError = PR_INVALID_STATE_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_getpeername_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_getsockopt_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_setsockopt_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_open_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_gethostname_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+/* Win32 select() only works on sockets.  So in this
+** context, WSAENOTSOCK is equivalent to EBADF on Unix.
+*/
+void
+nss_MD_os2_map_select_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        //    case WSAENOTSOCK: prError = PR_BAD_DESCRIPTOR_ERROR; break;
+        default:
+            nss_MD_os2_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_os2_map_lockf_error(PRInt32 err)
+{
+    nss_MD_os2_map_default_error(err);
+}
+
+void
+nss_MD_os2_map_default_error(PRInt32 err)
+{
+    PRErrorCode prError;
+
+    switch (err) {
+//    case ENOENT:      prError = PR_FILE_NOT_FOUND_ERROR; break;
+//    case ERROR_ACCESS_DENIED:     prError = PR_NO_ACCESS_RIGHTS_ERROR; break;
+//    case ERROR_ALREADY_EXISTS:    prError = PR_FILE_EXISTS_ERROR; break;
+//    case ERROR_DISK_CORRUPT:  prError = PR_IO_ERROR; break;
+//    case ERROR_DISK_FULL:     prError = PR_NO_DEVICE_SPACE_ERROR; break;
+//    case ERROR_DISK_OPERATION_FAILED: prError = PR_IO_ERROR; break;
+//    case ERROR_DRIVE_LOCKED:  prError = PR_FILE_IS_LOCKED_ERROR; break;
+//    case ERROR_FILENAME_EXCED_RANGE: prError = PR_NAME_TOO_LONG_ERROR; break;
+//    case ERROR_FILE_CORRUPT:  prError = PR_IO_ERROR; break;
+//    case ERROR_FILE_EXISTS:   prError = PR_FILE_EXISTS_ERROR; break;
+//    case ERROR_FILE_INVALID:  prError = PR_BAD_DESCRIPTOR_ERROR; break;
+#if ERROR_FILE_NOT_FOUND != ENOENT
+//    case ERROR_FILE_NOT_FOUND:    prError = PR_FILE_NOT_FOUND_ERROR; break;
+#endif
+        default:
+            prError = PR_UNKNOWN_ERROR;
+            break;
+    }
+    PR_SetError(prError, err);
+}
diff --git a/nss/lib/ssl/os2_err.h b/nss/lib/ssl/os2_err.h
new file mode 100644
index 0000000..15e4741
--- /dev/null
+++ b/nss/lib/ssl/os2_err.h
@@ -0,0 +1,53 @@
+/*
+ * This file essentially replicates NSPR's source for the functions that
+ * map system-specific error codes to NSPR error codes.  We would use
+ * NSPR's functions, instead of duplicating them, but they're private.
+ * As long as SSL's server session cache code must do platform native I/O
+ * to accomplish its job, and NSPR's error mapping functions remain private,
+ * This code will continue to need to be replicated.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*  NSPR doesn't make these functions public, so we have to duplicate
+**  them in NSS.
+*/
+
+//HCT  Based on Win32err.h
+extern void nss_MD_os2_map_accept_error(PRInt32 err);
+extern void nss_MD_os2_map_acceptex_error(PRInt32 err);
+extern void nss_MD_os2_map_access_error(PRInt32 err);
+extern void nss_MD_os2_map_bind_error(PRInt32 err);
+extern void nss_MD_os2_map_close_error(PRInt32 err);
+extern void nss_MD_os2_map_closedir_error(PRInt32 err);
+extern void nss_MD_os2_map_connect_error(PRInt32 err);
+extern void nss_MD_os2_map_default_error(PRInt32 err);
+extern void nss_MD_os2_map_delete_error(PRInt32 err);
+extern void nss_MD_os2_map_fstat_error(PRInt32 err);
+extern void nss_MD_os2_map_fsync_error(PRInt32 err);
+extern void nss_MD_os2_map_gethostname_error(PRInt32 err);
+extern void nss_MD_os2_map_getpeername_error(PRInt32 err);
+extern void nss_MD_os2_map_getsockname_error(PRInt32 err);
+extern void nss_MD_os2_map_getsockopt_error(PRInt32 err);
+extern void nss_MD_os2_map_listen_error(PRInt32 err);
+extern void nss_MD_os2_map_lockf_error(PRInt32 err);
+extern void nss_MD_os2_map_lseek_error(PRInt32 err);
+extern void nss_MD_os2_map_mkdir_error(PRInt32 err);
+extern void nss_MD_os2_map_open_error(PRInt32 err);
+extern void nss_MD_os2_map_opendir_error(PRInt32 err);
+extern void nss_MD_os2_map_read_error(PRInt32 err);
+extern void nss_MD_os2_map_readdir_error(PRInt32 err);
+extern void nss_MD_os2_map_recv_error(PRInt32 err);
+extern void nss_MD_os2_map_recvfrom_error(PRInt32 err);
+extern void nss_MD_os2_map_rename_error(PRInt32 err);
+extern void nss_MD_os2_map_rmdir_error(PRInt32 err);
+extern void nss_MD_os2_map_select_error(PRInt32 err);
+extern void nss_MD_os2_map_send_error(PRInt32 err);
+extern void nss_MD_os2_map_sendto_error(PRInt32 err);
+extern void nss_MD_os2_map_setsockopt_error(PRInt32 err);
+extern void nss_MD_os2_map_shutdown_error(PRInt32 err);
+extern void nss_MD_os2_map_socket_error(PRInt32 err);
+extern void nss_MD_os2_map_stat_error(PRInt32 err);
+extern void nss_MD_os2_map_transmitfile_error(PRInt32 err);
+extern void nss_MD_os2_map_write_error(PRInt32 err);
diff --git a/nss/lib/ssl/preenc.h b/nss/lib/ssl/preenc.h
new file mode 100644
index 0000000..bebff89
--- /dev/null
+++ b/nss/lib/ssl/preenc.h
@@ -0,0 +1,113 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
+
+/*
+ * Fortezza support is removed.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Fortezza support is removed.
+ * This file remains so that old programs will continue to compile,
+ * But this functionality is no longer supported or implemented.
+ */
+
+#include "seccomon.h"
+#include "prio.h"
+
+typedef struct PEHeaderStr PEHeader;
+
+#define PE_MIME_TYPE "application/pre-encrypted"
+
+typedef struct PEFortezzaHeaderStr PEFortezzaHeader;
+typedef struct PEFortezzaGeneratedHeaderStr PEFortezzaGeneratedHeader;
+typedef struct PEFixedKeyHeaderStr PEFixedKeyHeader;
+typedef struct PERSAKeyHeaderStr PERSAKeyHeader;
+
+struct PEFortezzaHeaderStr {
+    unsigned char key[12];
+    unsigned char iv[24];
+    unsigned char hash[20];
+    unsigned char serial[8];
+};
+
+struct PEFortezzaGeneratedHeaderStr {
+    unsigned char key[12];
+    unsigned char iv[24];
+    unsigned char hash[20];
+    unsigned char Ra[128];
+    unsigned char Y[128];
+};
+
+struct PEFixedKeyHeaderStr {
+    unsigned char pkcs11Mech[4];
+    unsigned char labelLen[2];
+    unsigned char keyIDLen[2];
+    unsigned char ivLen[2];
+    unsigned char keyLen[2];
+    unsigned char data[1];
+};
+
+struct PERSAKeyHeaderStr {
+    unsigned char pkcs11Mech[4];
+    unsigned char issuerLen[2];
+    unsigned char serialLen[2];
+    unsigned char ivLen[2];
+    unsigned char keyLen[2];
+    unsigned char data[1];
+};
+
+#define PEFIXED_Label(header) (header->data)
+#define PEFIXED_KeyID(header) (&header->data[GetInt2(header->labelLen)])
+#define PEFIXED_IV(header) (&header->data[GetInt2(header->labelLen) + \
+                                          GetInt2(header->keyIDLen)])
+#define PEFIXED_Key(header) (&header->data[GetInt2(header->labelLen) + \
+                                           GetInt2(header->keyIDLen) + \
+                                           GetInt2(header->keyLen)])
+#define PERSA_Issuer(header) (header->data)
+#define PERSA_Serial(header) (&header->data[GetInt2(header->issuerLen)])
+#define PERSA_IV(header) (&header->data[GetInt2(header->issuerLen) + \
+                                        GetInt2(header->serialLen)])
+#define PERSA_Key(header) (&header->data[GetInt2(header->issuerLen) + \
+                                         GetInt2(header->serialLen) + \
+                                         GetInt2(header->keyLen)])
+struct PEHeaderStr {
+    unsigned char magic[2];
+    unsigned char len[2];
+    unsigned char type[2];
+    unsigned char version[2];
+    union {
+        PEFortezzaHeader fortezza;
+        PEFortezzaGeneratedHeader g_fortezza;
+        PEFixedKeyHeader fixed;
+        PERSAKeyHeader rsa;
+    } u;
+};
+
+#define PE_CRYPT_INTRO_LEN 8
+#define PE_INTRO_LEN 4
+#define PE_BASE_HEADER_LEN 8
+
+#define PRE_BLOCK_SIZE 8
+
+#define GetInt2(c) ((c[0] << 8) | c[1])
+#define GetInt4(c) (((unsigned long)c[0] << 24) | ((unsigned long)c[1] << 16) | \
+                    ((unsigned long)c[2] << 8) | ((unsigned long)c[3]))
+#define PutInt2(c, i) ((c[1] = (i)&0xff), (c[0] = ((i) >> 8) & 0xff))
+#define PutInt4(c, i) ((c[0] = ((i) >> 24) & 0xff), (c[1] = ((i) >> 16) & 0xff), \
+                       (c[2] = ((i) >> 8) & 0xff), (c[3] = (i)&0xff))
+
+#define PRE_MAGIC 0xc0de
+#define PRE_VERSION 0x1010
+#define PRE_FORTEZZA_FILE 0x00ff
+#define PRE_FORTEZZA_STREAM 0x00f5
+#define PRE_FORTEZZA_GEN_STREAM 0x00f6
+#define PRE_FIXED_FILE 0x000f
+#define PRE_RSA_FILE 0x001f
+#define PRE_FIXED_STREAM 0x0005
+
+PEHeader *SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *,
+                                       int *headerSize);
+
+PEHeader *SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *,
+                                       int *headerSize);
diff --git a/nss/lib/ssl/prelib.c b/nss/lib/ssl/prelib.c
new file mode 100644
index 0000000..4db9ffe
--- /dev/null
+++ b/nss/lib/ssl/prelib.c
@@ -0,0 +1,34 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil -*- */
+
+/*
+ * Functions used by https servers to send (download) pre-encrypted files
+ * over SSL connections that use Fortezza ciphersuites.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "ssl.h"
+#include "keyhi.h"
+#include "secitem.h"
+#include "sslimpl.h"
+#include "pkcs11t.h"
+#include "preenc.h"
+#include "pk11func.h"
+
+PEHeader *
+SSL_PreencryptedStreamToFile(PRFileDesc *fd, PEHeader *inHeader,
+                             int *headerSize)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+}
+
+PEHeader *
+SSL_PreencryptedFileToStream(PRFileDesc *fd, PEHeader *header,
+                             int *headerSize)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return NULL;
+}
diff --git a/nss/lib/ssl/ssl.def b/nss/lib/ssl/ssl.def
new file mode 100644
index 0000000..4ce62f0
--- /dev/null
+++ b/nss/lib/ssl/ssl.def
@@ -0,0 +1,242 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any
+;+#     line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+
+;+NSS_3.2 {       # NSS 3.2 release
+;+    global:
+LIBRARY ssl3 ;-
+EXPORTS ;-
+SSL_ImplementedCiphers DATA ;
+SSL_NumImplementedCiphers DATA ;
+NSS_CmpCertChainWCANames;
+NSS_FindCertKEAType;
+NSS_GetClientAuthData;
+NSS_SetDomesticPolicy;
+NSS_SetExportPolicy;
+NSS_SetFrancePolicy;
+SSL_AuthCertificate;
+SSL_AuthCertificateHook;
+SSL_BadCertHook;
+SSL_CertDBHandleSet;
+SSL_CipherPolicyGet;
+SSL_CipherPolicySet;
+SSL_CipherPrefGet;
+SSL_CipherPrefGetDefault;
+SSL_CipherPrefSet;
+SSL_CipherPrefSetDefault;
+SSL_ClearSessionCache;
+SSL_ConfigMPServerSIDCache;
+SSL_ConfigSecureServer;
+SSL_ConfigServerSessionIDCache;
+SSL_DataPending;
+SSL_ForceHandshake;
+SSL_GetClientAuthDataHook;
+SSL_GetSessionID;
+SSL_GetStatistics;
+SSL_HandshakeCallback;
+SSL_ImportFD;
+SSL_InheritMPServerSIDCache;
+SSL_InvalidateSession;
+SSL_OptionGet;
+SSL_OptionGetDefault;
+SSL_OptionSet;
+SSL_OptionSetDefault;
+SSL_PeerCertificate;
+SSL_PreencryptedFileToStream;
+SSL_PreencryptedStreamToFile;
+SSL_ReHandshake;
+SSL_ResetHandshake;
+SSL_RestartHandshakeAfterCertReq;
+SSL_RestartHandshakeAfterServerCert;
+SSL_RevealCert;
+SSL_RevealPinArg;
+SSL_RevealURL;
+SSL_SecurityStatus;
+SSL_SetPKCS11PinArg;
+SSL_SetSockPeerID;
+SSL_SetURL;
+;+    local:
+;+*;
+;+};
+;+NSS_3.2.1 {       # NSS 3.2.1 release
+;+    global:
+NSSSSL_VersionCheck;
+;+    local:
+;+*;
+;+};
+;+NSS_3.4 {         # NSS 3.4   release
+;+    global:
+SSL_GetChannelInfo;
+SSL_GetCipherSuiteInfo;
+SSL_GetMaxServerCacheLocks;
+SSL_LocalCertificate;
+SSL_SetMaxServerCacheLocks;
+;+    local:
+;+*;
+;+};
+;+NSS_3.7.4 {       # NSS 3.7.4 release
+;+    global:
+SSL_ShutdownServerSessionIDCache;
+;+    local:
+;+*;
+;+};
+;+NSS_3.11.4 {      # NSS 3.11.4 release
+;+    global:
+SSL_ForceHandshakeWithTimeout;
+SSL_ReHandshakeWithTimeout;
+;+    local:
+;+*;
+;+};
+;+NSS_3.11.8 {      # NSS 3.11.8 release
+;+    global:
+SSL_CanBypass;
+;+    local:
+;+*;
+;+};
+;+NSS_3.12.6 {      # NSS 3.12.6 release
+;+    global:
+SSL_ConfigServerSessionIDCacheWithOpt;
+SSL_GetImplementedCiphers;
+SSL_GetNegotiatedHostInfo;
+SSL_GetNumImplementedCiphers;
+SSL_HandshakeNegotiatedExtension;
+SSL_ReconfigFD;
+SSL_SetTrustAnchors;
+SSL_SNISocketConfigHook;
+;+    local:
+;+*;
+;+};
+;+NSS_3.12.10 {      # NSS 3.12.10 release
+;+    global:
+SSL_ConfigSecureServerWithCertChain;
+;+    local:
+;+*;
+;+};
+;+NSS_3.13 {    # NSS 3.13 release
+;+    global:
+NSSSSL_GetVersion;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.13.2 {    # NSS 3.13.2 release
+;+    global:
+SSL_SetNextProtoCallback;
+SSL_SetNextProtoNego;
+SSL_GetNextProto;
+SSL_AuthCertificateComplete;
+;+    local:
+;+       *;
+;+};
+;+NSS_3.14 {      # NSS 3.14 release
+;+    global:
+DTLS_GetHandshakeTimeout;
+DTLS_ImportFD;
+SSL_ExportKeyingMaterial;
+SSL_VersionRangeGet;
+SSL_VersionRangeGetDefault;
+SSL_VersionRangeGetSupported;
+SSL_VersionRangeSet;
+SSL_VersionRangeSetDefault;
+SSL_GetSRTPCipher;
+SSL_SetSRTPCiphers;
+;+    local:
+;+*;
+;+};
+;+NSS_3.15 {      # NSS 3.15 release
+;+    global:
+SSL_PeerStapledOCSPResponses;
+SSL_SetStapledOCSPResponses;
+;+    local:
+;+*;
+;+};
+;+NSS_3.15.4 {    # NSS 3.15.4 release
+;+    global:
+SSL_PeerCertificateChain;
+SSL_RecommendedCanFalseStart;
+SSL_SetCanFalseStartCallback;
+;+    local:
+;+*;
+;+};
+;+NSS_3.20 {    # NSS 3.20 release
+;+    global:
+SSL_DHEGroupPrefSet;
+SSL_EnableWeakDHEPrimeGroup;
+;+    local:
+;+*;
+;+};
+;+NSS_3.21 {    # NSS 3.21 release
+;+    global:
+SSL_GetPreliminaryChannelInfo;
+SSL_SignaturePrefSet;
+SSL_SignaturePrefGet;
+SSL_SignatureMaxCount;
+;+    local:
+;+*;
+;+};
+;+NSS_3.22 {    # NSS 3.22 release
+;+    global:
+SSL_PeerSignedCertTimestamps;
+SSL_SetSignedCertTimestamps;
+;+    local:
+;+*;
+;+};
+;+NSS_3.23 {    # NSS 3.23 release
+;+    global:
+SSL_SetDowngradeCheckVersion;
+;+    local:
+;+*;
+;+};
+;+NSS_3.24 {    # NSS 3.24 release
+;+    global:
+SSL_ConfigServerCert;
+;+    local:
+;+*;
+;+};
+;+NSS_3.27 {    # NSS 3.27 release
+;+    global:
+SSL_NamedGroupConfig;
+;+    local:
+;+*;
+;+};
+;+NSS_3.28 {    # NSS 3.28 release
+;+    global:
+SSL_ExportEarlyKeyingMaterial;
+SSL_SendAdditionalKeyShares;
+SSL_SignatureSchemePrefSet;
+SSL_SignatureSchemePrefGet;
+;+    local:
+;+*;
+;+};
+;+NSS_3.30 {    # NSS 3.30 release
+;+    global:
+SSL_SetSessionTicketKeyPair;
+;+    local:
+;+*;
+;+};
+;+NSS_3.30.0.1 { # Additional symbols for NSS 3.30 release
+;+    global:
+SSL_AlertReceivedCallback;
+SSL_AlertSentCallback;
+SSL_TLSProofCheckProof;
+SSL_TLSProofIsNegociated;
+SSL_TLSProofRequestProof;
+SSL_TLSProofSetReturnCallBack;
+SSL_TLSProofSetSaltSize;
+SSL_TLSProofSetChunkSize;
+;+    local:
+;+*;
+;+};
diff --git a/nss/lib/ssl/ssl.gyp b/nss/lib/ssl/ssl.gyp
new file mode 100644
index 0000000..31f4005
--- /dev/null
+++ b/nss/lib/ssl/ssl.gyp
@@ -0,0 +1,103 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'ssl',
+      'type': 'static_library',
+      'sources': [
+        'authcert.c',
+        'cmpcert.c',
+        'dtlscon.c',
+        'prelib.c',
+        'ssl3con.c',
+        'ssl3ecc.c',
+        'ssl3ext.c',
+        'ssl3exthandle.c',
+        'ssl3gthr.c',
+        'sslauth.c',
+        'sslcert.c',
+        'sslcon.c',
+        'ssldef.c',
+        'sslenum.c',
+        'sslerr.c',
+        'sslerrstrs.c',
+        'sslgrp.c',
+        'sslinfo.c',
+        'sslinit.c',
+        'sslmutex.c',
+        'sslnonce.c',
+        'sslreveal.c',
+        'sslsecur.c',
+        'sslsnce.c',
+        'sslsock.c',
+        'ssltrace.c',
+        'sslver.c',
+        'tls13con.c',
+        'tls13exthandle.c',
+        'tls13hkdf.c',
+      ],
+      'conditions': [
+        [ 'OS=="win"', {
+          'sources': [
+            'win32err.c',
+          ],
+          'defines': [
+            'IN_LIBSSL',
+          ],
+        }, {
+          # Not Windows.
+          'sources': [
+            'unix_err.c'
+          ],
+        }],
+        [ 'ssl_enable_zlib==1', {
+          'dependencies': [
+            '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
+          ],
+          'defines': [
+            'NSS_SSL_ENABLE_ZLIB',
+          ],
+        }],
+        [ 'fuzz_tls==1', {
+          'defines': [
+            'UNSAFE_FUZZER_MODE',
+          ],
+        }],
+        [ 'mozilla_client==1', {
+          'defines': [
+            'NSS_ENABLE_TLS13_SHORT_HEADERS',
+          ],
+        }],
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ],
+    },
+    {
+      'target_name': 'ssl3',
+      'type': 'shared_library',
+      'dependencies': [
+        'ssl',
+        '<(DEPTH)/lib/nss/nss.gyp:nss3',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3',
+        '<(DEPTH)/lib/freebl/freebl.gyp:freebl',
+      ],
+      'variables': {
+        'mapfile': 'ssl.def'
+      }
+    }
+  ],
+  'target_defaults': {
+    'defines': [
+      'NSS_ALLOW_SSLKEYLOGFILE=1'
+    ]
+  },
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
new file mode 100644
index 0000000..6403caf
--- /dev/null
+++ b/nss/lib/ssl/ssl.h
@@ -0,0 +1,1405 @@
+/*
+ * This file contains prototypes for the public SSL functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ssl_h_
+#define __ssl_h_
+
+#include "prtypes.h"
+#include "prerror.h"
+#include "prio.h"
+#include "seccomon.h"
+#include "cert.h"
+#include "keyt.h"
+
+#include "sslt.h" /* public ssl data types */
+
+#if defined(_WIN32) && !defined(IN_LIBSSL) && !defined(NSS_USE_STATIC_LIBS)
+#define SSL_IMPORT extern __declspec(dllimport)
+#else
+#define SSL_IMPORT extern
+#endif
+
+SEC_BEGIN_PROTOS
+
+/* constant table enumerating all implemented cipher suites. */
+SSL_IMPORT const PRUint16 SSL_ImplementedCiphers[];
+
+/* the same as the above, but is a function */
+SSL_IMPORT const PRUint16 *SSL_GetImplementedCiphers(void);
+
+/* number of entries in the above table. */
+SSL_IMPORT const PRUint16 SSL_NumImplementedCiphers;
+
+/* the same as the above, but is a function */
+SSL_IMPORT PRUint16 SSL_GetNumImplementedCiphers(void);
+
+/* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */
+#define SSL_IS_SSL2_CIPHER(which) (((which)&0xfff0) == 0xff00)
+
+/*
+** Imports fd into SSL, returning a new socket.  Copies SSL configuration
+** from model.
+*/
+SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
+
+/*
+** Imports fd into DTLS, returning a new socket.  Copies DTLS configuration
+** from model.
+*/
+SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
+
+/*
+** Enable/disable an ssl mode
+**
+**  SSL_SECURITY:
+**    enable/disable use of SSL security protocol before connect
+**
+**  SSL_SOCKS:
+**    enable/disable use of socks before connect
+**    (No longer supported).
+**
+**  SSL_REQUEST_CERTIFICATE:
+**    require a certificate during secure connect
+*/
+/* options */
+#define SSL_SECURITY 1            /* (on by default) */
+#define SSL_SOCKS 2               /* (off by default) */
+#define SSL_REQUEST_CERTIFICATE 3 /* (off by default) */
+#define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */
+                                  /* (off by default) */
+#define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */
+                                  /* (off by default) */
+
+/* OBSOLETE: SSL v2 is obsolete and may be removed soon. */
+#define SSL_ENABLE_SSL2 7 /* enable ssl v2 (off by default) */
+
+/* OBSOLETE: See "SSL Version Range API" below for the replacement and a
+** description of the non-obvious semantics of using SSL_ENABLE_SSL3.
+*/
+#define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */
+
+#define SSL_NO_CACHE 9             /* don't use the session cache */
+                                   /* (off by default) */
+#define SSL_REQUIRE_CERTIFICATE 10 /* (SSL_REQUIRE_FIRST_HANDSHAKE */
+                                   /* by default) */
+#define SSL_ENABLE_FDX 11          /* permit simultaneous read/write */
+                                   /* (off by default) */
+
+/* OBSOLETE: SSL v2 compatible hellos are not accepted by some TLS servers
+** and cannot negotiate extensions. SSL v2 is obsolete. This option may be
+** removed soon.
+*/
+#define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */
+                                   /* (off by default) */
+
+/* OBSOLETE: See "SSL Version Range API" below for the replacement and a
+** description of the non-obvious semantics of using SSL_ENABLE_TLS.
+*/
+#define SSL_ENABLE_TLS 13 /* enable TLS (on by default) */
+
+#define SSL_ROLLBACK_DETECTION 14       /* for compatibility, default: on */
+#define SSL_NO_STEP_DOWN 15             /* (unsupported, deprecated, off) */
+#define SSL_BYPASS_PKCS11 16            /* (unsupported, deprecated, off) */
+#define SSL_NO_LOCKS 17                 /* Don't use locks for protection */
+#define SSL_ENABLE_SESSION_TICKETS 18   /* Enable TLS SessionTicket       */
+                                        /* extension (off by default)     */
+#define SSL_ENABLE_DEFLATE 19           /* Enable TLS compression with    */
+                                        /* DEFLATE (off by default)       */
+#define SSL_ENABLE_RENEGOTIATION 20     /* Values below (default: never)  */
+#define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling       */
+                                        /* Cipher Suite Value (SCSV) or   */
+                                        /* Renegotiation  Info (RI)       */
+                                        /* extension in ALL handshakes.   */
+                                        /* default: off                   */
+#define SSL_ENABLE_FALSE_START 22       /* Enable SSL false start (off by */
+                                        /* default, applies only to       */
+                                        /* clients). False start is a     */
+/* mode where an SSL client will start sending application data before
+ * verifying the server's Finished message. This means that we could end up
+ * sending data to an imposter. However, the data will be encrypted and
+ * only the true server can derive the session key. Thus, so long as the
+ * cipher isn't broken this is safe. The advantage of false start is that
+ * it saves a round trip for client-speaks-first protocols when performing a
+ * full handshake.
+ *
+ * In addition to enabling this option, the application must register a
+ * callback using the SSL_SetCanFalseStartCallback function.
+ */
+
+/* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks
+ * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting
+ * non-empty application_data records into two records; the first record has
+ * only the first byte of plaintext, and the second has the rest.
+ *
+ * This only prevents the attack in the sending direction; the connection may
+ * still be vulnerable to such attacks if the peer does not implement a similar
+ * countermeasure.
+ *
+ * This protection mechanism is on by default; the default can be overridden by
+ * setting NSS_SSL_CBC_RANDOM_IV=0 in the environment prior to execution,
+ * and/or by the application setting the option SSL_CBC_RANDOM_IV to PR_FALSE.
+ *
+ * The per-record IV in TLS 1.1 and later adds one block of overhead per
+ * record, whereas this hack will add at least two blocks of overhead per
+ * record, so TLS 1.1+ will always be more efficient.
+ *
+ * Other implementations (e.g. some versions of OpenSSL, in some
+ * configurations) prevent the same attack by prepending an empty
+ * application_data record to every application_data record they send; we do
+ * not do that because some implementations cannot handle empty
+ * application_data records. Also, we only split application_data records and
+ * not other types of records, because some implementations will not accept
+ * fragmented records of some other types (e.g. some versions of NSS do not
+ * accept fragmented alerts).
+ */
+#define SSL_CBC_RANDOM_IV 23
+#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
+
+/* SSL_ENABLE_NPN controls whether the NPN extension is enabled for the initial
+ * handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoCallback or SSL_SetNextProtoNego must be used to control the
+ * application layer protocol negotiation; otherwise, the NPN extension will
+ * not be negotiated. SSL_ENABLE_NPN is currently enabled by default but this
+ * may change in future versions.
+ */
+#define SSL_ENABLE_NPN 25
+
+/* SSL_ENABLE_ALPN controls whether the ALPN extension is enabled for the
+ * initial handshake when application layer protocol negotiation is used.
+ * SSL_SetNextProtoNego (not SSL_SetNextProtoCallback) must be used to control
+ * the application layer protocol negotiation; otherwise, the ALPN extension
+ * will not be negotiated. ALPN is not negotiated for renegotiation handshakes,
+ * even though the ALPN specification defines a way to use ALPN during
+ * renegotiations. SSL_ENABLE_ALPN is currently disabled by default, but this
+ * may change in future versions.
+ */
+#define SSL_ENABLE_ALPN 26
+
+/* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is
+ * reused for multiple handshakes or generated each time.
+ * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default.
+ * This socket option is for ECDHE, only. It is unrelated to DHE.
+ */
+#define SSL_REUSE_SERVER_ECDHE_KEY 27
+
+#define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in \
+                                     * handshakes. */
+
+/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket.
+ */
+#define SSL_ENABLE_SERVER_DHE 29
+
+/* Use draft-ietf-tls-session-hash. Controls whether we offer the
+ * extended_master_secret extension which, when accepted, hashes
+ * the handshake transcript into the master secret. This option is
+ * disabled by default.
+ */
+#define SSL_ENABLE_EXTENDED_MASTER_SECRET 30
+
+/* Request Signed Certificate Timestamps via TLS extension (client) */
+#define SSL_ENABLE_SIGNED_CERT_TIMESTAMPS 31
+
+/* Ordinarily, when negotiating a TLS_DHE_* cipher suite the server picks the
+ * group.  draft-ietf-tls-negotiated-ff-dhe changes this to use supported_groups
+ * (formerly supported_curves) to signal which pre-defined groups are OK.
+ *
+ * This option causes an NSS client to use this extension and demand that those
+ * groups be used.  A client will signal any enabled DHE groups in the
+ * supported_groups extension and reject groups that don't match what it has
+ * enabled.  A server will only negotiate TLS_DHE_* cipher suites if the
+ * client includes the extension.
+ *
+ * See SSL_NamedGroupConfig() for how to control which groups are enabled.
+ *
+ * This option cannot be enabled if NSS is not compiled with ECC support.
+ */
+#define SSL_REQUIRE_DH_NAMED_GROUPS 32
+
+/* Allow 0-RTT data (for TLS 1.3).
+ *
+ * When this option is set, the server's session tickets will contain
+ * a flag indicating that it accepts 0-RTT. When resuming such a
+ * session, PR_Write() on the client will be allowed immediately after
+ * starting the handshake and PR_Read() on the server will be allowed
+ * on the server to read that data. Calls to
+ * SSL_GetPreliminaryChannelInfo() and SSL_GetNextProto()
+ * can be made used during this period to learn about the channel
+ * parameters.
+ *
+ * The transition between the 0-RTT and 1-RTT modes is marked by the
+ * handshake callback.
+ *
+ * WARNING: 0-RTT data has different anti-replay and PFS properties than
+ * the rest of the TLS data. See [draft-ietf-tls-tls13; Section 6.2.3]
+ * for more details.
+ */
+#define SSL_ENABLE_0RTT_DATA 33
+
+/*Option to set to use the TLS proof extension for non-repudiable data
+ * It's activation for a server means that the server will accept the TLS proof extension from a client.
+ * For a client it means that it will try to negotiate to activate TLS Proof by sending the extension during
+ * the handshake. If the negociation is successfull the server is willing to reply to signature request.
+ * And the client can send signature request.
+ */
+#define SSL_ENABLE_TLS_PROOF 34
+
+#ifdef SSL_DEPRECATED_FUNCTION
+/* Old deprecated function names */
+SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
+SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
+#endif
+
+/* New function names */
+SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
+SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
+SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
+SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
+SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
+
+/* SSLNextProtoCallback is called during the handshake for the client, when a
+ * Next Protocol Negotiation (NPN) extension has been received from the server.
+ * |protos| and |protosLen| define a buffer which contains the server's
+ * advertisement. This data is guaranteed to be well formed per the NPN spec.
+ * |protoOut| is a buffer provided by the caller, of length 255 (the maximum
+ * allowed by the protocol). On successful return, the protocol to be announced
+ * to the server will be in |protoOut| and its length in |*protoOutLen|.
+ *
+ * The callback must return SECFailure or SECSuccess (not SECWouldBlock).
+ */
+typedef SECStatus(PR_CALLBACK *SSLNextProtoCallback)(
+    void *arg,
+    PRFileDesc *fd,
+    const unsigned char *protos,
+    unsigned int protosLen,
+    unsigned char *protoOut,
+    unsigned int *protoOutLen,
+    unsigned int protoMaxOut);
+
+/* SSL_SetNextProtoCallback sets a callback function to handle Next Protocol
+ * Negotiation. It causes a client to advertise NPN. */
+SSL_IMPORT SECStatus SSL_SetNextProtoCallback(PRFileDesc *fd,
+                                              SSLNextProtoCallback callback,
+                                              void *arg);
+
+/* SSL_SetNextProtoNego can be used as an alternative to
+ * SSL_SetNextProtoCallback. It also causes a client to advertise NPN and
+ * installs a default callback function which selects the first supported
+ * protocol in server-preference order. If no matching protocol is found it
+ * selects the first supported protocol.
+ *
+ * Using this function also allows the client to transparently support ALPN.
+ * The same set of protocols will be advertised via ALPN and, if the server
+ * uses ALPN to select a protocol, SSL_GetNextProto will return
+ * SSL_NEXT_PROTO_SELECTED as the state.
+ *
+ * Since NPN uses the first protocol as the fallback protocol, when sending an
+ * ALPN extension, the first protocol is moved to the end of the list. This
+ * indicates that the fallback protocol is the least preferred. The other
+ * protocols should be in preference order.
+ *
+ * The supported protocols are specified in |data| in wire-format (8-bit
+ * length-prefixed). For example: "\010http/1.1\006spdy/2". */
+SSL_IMPORT SECStatus SSL_SetNextProtoNego(PRFileDesc *fd,
+                                          const unsigned char *data,
+                                          unsigned int length);
+
+typedef enum SSLNextProtoState {
+    SSL_NEXT_PROTO_NO_SUPPORT = 0, /* No peer support                   */
+    SSL_NEXT_PROTO_NEGOTIATED = 1, /* Mutual agreement                  */
+    SSL_NEXT_PROTO_NO_OVERLAP = 2, /* No protocol overlap found         */
+    SSL_NEXT_PROTO_SELECTED = 3,   /* Server selected proto (ALPN)      */
+    SSL_NEXT_PROTO_EARLY_VALUE = 4 /* We are in 0-RTT using this value. */
+} SSLNextProtoState;
+
+/* SSL_GetNextProto can be used in the HandshakeCallback or any time after
+ * a handshake to retrieve the result of the Next Protocol negotiation.
+ *
+ * The length of the negotiated protocol, if any, is written into *bufLen.
+ * If the negotiated protocol is longer than bufLenMax, then SECFailure is
+ * returned. Otherwise, the negotiated protocol, if any, is written into buf,
+ * and SECSuccess is returned. */
+SSL_IMPORT SECStatus SSL_GetNextProto(PRFileDesc *fd,
+                                      SSLNextProtoState *state,
+                                      unsigned char *buf,
+                                      unsigned int *bufLen,
+                                      unsigned int bufLenMax);
+
+/*
+** Control ciphers that SSL uses. If on is non-zero then the named cipher
+** is enabled, otherwise it is disabled.
+** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).
+** EnableCipher records user preferences.
+** SetPolicy sets the policy according to the policy module.
+*/
+#ifdef SSL_DEPRECATED_FUNCTION
+/* Old deprecated function names */
+SSL_IMPORT SECStatus SSL_EnableCipher(long which, PRBool enabled);
+SSL_IMPORT SECStatus SSL_SetPolicy(long which, int policy);
+#endif
+
+/* New function names */
+SSL_IMPORT SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool enabled);
+SSL_IMPORT SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *enabled);
+SSL_IMPORT SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
+SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);
+SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
+SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
+
+/*
+** Control for TLS signature schemes for TLS 1.2 and 1.3.
+**
+** This governs what signature schemes (or algorithms) are sent by a client in
+** the signature_algorithms extension.  A client will not accept a signature
+** from a server unless it uses an enabled algorithm.
+**
+** This also governs what the server sends in the supported_signature_algorithms
+** field of a CertificateRequest.
+**
+** This changes what the server uses to sign ServerKeyExchange and
+** CertificateVerify messages.  An endpoint uses the first entry from this list
+** that is compatible with both its certificate and its peer's supported
+** values.
+**
+** This configuration affects TLS 1.2, but the combination of EC group and hash
+** algorithm is interpreted loosely to be compatible with other implementations.
+** For TLS 1.2, NSS will ignore the curve group when generating or verifying
+** ECDSA signatures.  For example, a P-384 ECDSA certificate is used with
+** SHA-256 if ssl_sig_ecdsa_secp256r1_sha256 is enabled.
+**
+** Omitting SHA-256 schemes from this list might be foolish.  Support is
+** mandatory in TLS 1.2 and 1.3 and there might be interoperability issues.
+*/
+SSL_IMPORT SECStatus SSL_SignatureSchemePrefSet(
+    PRFileDesc *fd, const SSLSignatureScheme *schemes, unsigned int count);
+
+/* Deprecated, use SSL_SignatureSchemePrefSet() instead. */
+SSL_IMPORT SECStatus SSL_SignaturePrefSet(
+    PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
+    unsigned int count);
+
+/*
+** Get the currently configured signature schemes.
+**
+** The schemes are written to |schemes| but not if there are more than
+** |maxCount| values configured.  The number of schemes that are in use are
+** written to |count|.  This fails if |maxCount| is insufficiently large.
+*/
+SSL_IMPORT SECStatus SSL_SignatureSchemePrefGet(
+    PRFileDesc *fd, SSLSignatureScheme *algorithms, unsigned int *count,
+    unsigned int maxCount);
+
+/* Deprecated, use SSL_SignatureSchemePrefGet() instead. */
+SSL_IMPORT SECStatus SSL_SignaturePrefGet(
+    PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, unsigned int *count,
+    unsigned int maxCount);
+
+/*
+** Returns the maximum number of signature algorithms that are supported and
+** can be set or retrieved using SSL_SignatureSchemePrefSet or
+** SSL_SignatureSchemePrefGet.
+*/
+SSL_IMPORT unsigned int SSL_SignatureMaxCount();
+
+/*
+** Define custom priorities for EC and FF groups used in DH key exchange and EC
+** groups for ECDSA. This only changes the order of enabled lists (and thus
+** their priorities) and enables all groups in |groups| while disabling all other
+** groups.
+*/
+SSL_IMPORT SECStatus SSL_NamedGroupConfig(PRFileDesc *fd,
+                                          const SSLNamedGroup *groups,
+                                          unsigned int num_groups);
+
+/*
+** Configure the socket to configure additional key shares.  Normally when a TLS
+** 1.3 ClientHello is sent, just one key share is included using the first
+** preference group (as set by SSL_NamedGroupConfig).  If the server decides to
+** pick a different group for key exchange, it is forced to send a
+** HelloRetryRequest, which adds an entire round trip of latency.
+**
+** This function can be used to configure libssl to generate additional key
+** shares when sending a TLS 1.3 ClientHello.  If |count| is set to a non-zero
+** value, then additional key shares are generated.  Shares are added in the
+** preference order set in SSL_NamedGroupConfig.  |count| can be set to any
+** value; NSS limits the number of shares to the number of supported groups.
+*/
+SSL_IMPORT SECStatus SSL_SendAdditionalKeyShares(PRFileDesc *fd,
+                                                 unsigned int count);
+
+/* Deprecated: use SSL_NamedGroupConfig() instead.
+** SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group
+** parameters that can be used by NSS for the given server socket.
+** The first item in the array is used as the default group, if no other
+** selection criteria can be used by NSS.
+** The set is provided as an array of identifiers as defined by SSLDHEGroupType.
+** If more than one group identifier is provided, NSS will select the one to use.
+** For example, a TLS extension sent by the client might indicate a preference.
+*/
+SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd,
+                                         const SSLDHEGroupType *groups,
+                                         PRUint16 num_groups);
+
+/* Enable the use of a DHE group that's smaller than the library default,
+** for backwards compatibility reasons. The DH parameters will be created
+** at the time this function is called, which might take a very long time.
+** The function will block until generation is completed.
+** The intention is to enforce that fresh and safe parameters are generated
+** each time a process is started.
+** At the time this API was initially implemented, the API will enable the
+** use of 1024 bit DHE parameters. This value might get increased in future
+** versions of NSS.
+**
+** It is allowed to call this API will a NULL value for parameter fd,
+** which will prepare the global parameters that NSS will reuse for the remainder
+** of the process lifetime. This can be used early after startup of a process,
+** to avoid a delay when handling incoming client connections.
+** This preparation with a NULL for parameter fd will NOT enable the weak group
+** on sockets. The function needs to be called again for every socket that
+** should use the weak group.
+**
+** It is allowed to use this API in combination with the SSL_NamedGroupConfig API.
+** If both APIs have been called, the weakest group will be used, unless it is
+** certain that the client supports larger group parameters. The weak group will
+** be used as the default group for TLS <= 1.2, overriding the preference for
+** the first group potentially set with a call to SSL_NamedGroupConfig.
+*/
+SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled);
+
+/* SSL Version Range API
+**
+** This API should be used to control SSL 3.0 & TLS support instead of the
+** older SSL_Option* API; however, the SSL_Option* API MUST still be used to
+** control SSL 2.0 support. In this version of libssl, SSL 3.0 and TLS 1.0 are
+** enabled by default. Future versions of libssl may change which versions of
+** the protocol are enabled by default.
+**
+** The SSLProtocolVariant enum indicates whether the protocol is of type
+** stream or datagram. This must be provided to the functions that do not
+** take an fd. Functions which take an fd will get the variant from the fd,
+** which is typed.
+**
+** Using the new version range API in conjunction with the older
+** SSL_OptionSet-based API for controlling the enabled protocol versions may
+** cause unexpected results. Going forward, we guarantee only the following:
+**
+** SSL_OptionGet(SSL_ENABLE_TLS) will return PR_TRUE if *ANY* versions of TLS
+** are enabled.
+**
+** SSL_OptionSet(SSL_ENABLE_TLS, PR_FALSE) will disable *ALL* versions of TLS,
+** including TLS 1.0 and later.
+**
+** The above two properties provide compatibility for applications that use
+** SSL_OptionSet to implement the insecure fallback from TLS 1.x to SSL 3.0.
+**
+** SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) will enable TLS 1.0, and may also
+** enable some later versions of TLS, if it is necessary to do so in order to
+** keep the set of enabled versions contiguous. For example, if TLS 1.2 is
+** enabled, then after SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE), TLS 1.0,
+** TLS 1.1, and TLS 1.2 will be enabled, and the call will have no effect on
+** whether SSL 3.0 is enabled. If no later versions of TLS are enabled at the
+** time SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) is called, then no later
+** versions of TLS will be enabled by the call.
+**
+** SSL_OptionSet(SSL_ENABLE_SSL3, PR_FALSE) will disable SSL 3.0, and will not
+** change the set of TLS versions that are enabled.
+**
+** SSL_OptionSet(SSL_ENABLE_SSL3, PR_TRUE) will enable SSL 3.0, and may also
+** enable some versions of TLS if TLS 1.1 or later is enabled at the time of
+** the call, the same way SSL_OptionSet(SSL_ENABLE_TLS, PR_TRUE) works, in
+** order to keep the set of enabled versions contiguous.
+*/
+
+/* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the
+** given protocol variant by the version of libssl linked-to at runtime.
+*/
+SSL_IMPORT SECStatus SSL_VersionRangeGetSupported(
+    SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
+
+/* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by default
+** for the given protocol variant.
+*/
+SSL_IMPORT SECStatus SSL_VersionRangeGetDefault(
+    SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);
+
+/* Sets the range of enabled-by-default SSL3/TLS versions for the given
+** protocol variant to |*vrange|.
+*/
+SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
+    SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);
+
+/* Returns, in |*vrange|, the range of enabled SSL3/TLS versions for |fd|. */
+SSL_IMPORT SECStatus SSL_VersionRangeGet(PRFileDesc *fd,
+                                         SSLVersionRange *vrange);
+
+/* Sets the range of enabled SSL3/TLS versions for |fd| to |*vrange|. */
+SSL_IMPORT SECStatus SSL_VersionRangeSet(PRFileDesc *fd,
+                                         const SSLVersionRange *vrange);
+
+/* Sets the version to check the server random against for the
+ * fallback check defined in [draft-ietf-tls-tls13-11 Section 6.3.1.1].
+ * This function is provided to allow for detection of forced downgrade
+ * attacks against client-side reconnect-and-fallback outside of TLS
+ * by setting |version| to be that of the original connection, rather
+ * than that of the new connection.
+ *
+ * The default, which can also be enabled by setting |version| to
+ * zero, is just to check against the max version in the
+ * version range (see SSL_VersionRangeSet). */
+SSL_IMPORT SECStatus SSL_SetDowngradeCheckVersion(PRFileDesc *fd,
+                                                  PRUint16 version);
+
+/* Values for "policy" argument to SSL_CipherPolicySet */
+/* Values returned by SSL_CipherPolicyGet. */
+#define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */
+#define SSL_ALLOWED 1
+#define SSL_RESTRICTED 2 /* only with "Step-Up" certs. */
+
+/* Values for "on" with SSL_REQUIRE_CERTIFICATE. */
+#define SSL_REQUIRE_NEVER ((PRBool)0)
+#define SSL_REQUIRE_ALWAYS ((PRBool)1)
+#define SSL_REQUIRE_FIRST_HANDSHAKE ((PRBool)2)
+#define SSL_REQUIRE_NO_ERROR ((PRBool)3)
+
+/* Values for "on" with SSL_ENABLE_RENEGOTIATION */
+/* Never renegotiate at all.                                               */
+#define SSL_RENEGOTIATE_NEVER ((PRBool)0)
+/* Renegotiate without restriction, whether or not the peer's client hello */
+/* bears the renegotiation info extension.  Vulnerable, as in the past.    */
+#define SSL_RENEGOTIATE_UNRESTRICTED ((PRBool)1)
+/* Only renegotiate if the peer's hello bears the TLS renegotiation_info   */
+/* extension. This is safe renegotiation.                                  */
+#define SSL_RENEGOTIATE_REQUIRES_XTN ((PRBool)2)
+/* Disallow unsafe renegotiation in server sockets only, but allow clients */
+/* to continue to renegotiate with vulnerable servers.                     */
+/* This value should only be used during the transition period when few    */
+/* servers have been upgraded.                                             */
+#define SSL_RENEGOTIATE_TRANSITIONAL ((PRBool)3)
+
+/*
+** Reset the handshake state for fd. This will make the complete SSL
+** handshake protocol execute from the ground up on the next i/o
+** operation.
+*/
+SSL_IMPORT SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer);
+
+/*
+** Force the handshake for fd to complete immediately.  This blocks until
+** the complete SSL handshake protocol is finished.
+*/
+SSL_IMPORT SECStatus SSL_ForceHandshake(PRFileDesc *fd);
+
+/*
+** Same as above, but with an I/O timeout.
+ */
+SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
+                                                   PRIntervalTime timeout);
+
+/*
+** Query security status of socket. *on is set to one if security is
+** enabled. *keySize will contain the stream key size used. *issuer will
+** contain the RFC1485 verison of the name of the issuer of the
+** certificate at the other end of the connection. For a client, this is
+** the issuer of the server's certificate; for a server, this is the
+** issuer of the client's certificate (if any). Subject is the subject of
+** the other end's certificate. The pointers can be zero if the desired
+** data is not needed.  All strings returned by this function are owned
+** by the caller, and need to be freed with PORT_Free.
+*/
+SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
+                                        int *keySize, int *secretKeySize,
+                                        char **issuer, char **subject);
+
+/* Values for "on" */
+#define SSL_SECURITY_STATUS_NOOPT -1
+#define SSL_SECURITY_STATUS_OFF 0
+#define SSL_SECURITY_STATUS_ON_HIGH 1
+#define SSL_SECURITY_STATUS_ON_LOW 2
+#define SSL_SECURITY_STATUS_FORTEZZA 3 /* NO LONGER SUPPORTED */
+
+/*
+** Return the certificate for our SSL peer. If the client calls this
+** it will always return the server's certificate. If the server calls
+** this, it may return NULL if client authentication is not enabled or
+** if the client had no certificate when asked.
+**  "fd" the socket "file" descriptor
+*/
+SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
+
+/*
+** Return the certificates presented by the SSL peer. If the SSL peer
+** did not present certificates, return NULL with the
+** SSL_ERROR_NO_CERTIFICATE error. On failure, return NULL with an error
+** code other than SSL_ERROR_NO_CERTIFICATE.
+**  "fd" the socket "file" descriptor
+*/
+SSL_IMPORT CERTCertList *SSL_PeerCertificateChain(PRFileDesc *fd);
+
+/* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
+ * by the TLS server. The return value is a pointer to an internal SECItemArray
+ * that contains the returned OCSP responses; it is only valid until the
+ * callback function that calls SSL_PeerStapledOCSPResponses returns.
+ *
+ * If no OCSP responses were given by the server then the result will be empty.
+ * If there was an error, then the result will be NULL.
+ *
+ * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling.
+ * to be provided by a server.
+ *
+ * libssl does not do any validation of the OCSP response itself; the
+ * authenticate certificate hook is responsible for doing so. The default
+ * authenticate certificate hook, SSL_AuthCertificate, does not implement
+ * any OCSP stapling funtionality, but this may change in future versions.
+ */
+SSL_IMPORT const SECItemArray *SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
+
+/* SSL_PeerSignedCertTimestamps returns the signed_certificate_timestamp
+ * extension data provided by the TLS server. The return value is a pointer
+ * to an internal SECItem that contains the returned response (as a serialized
+ * SignedCertificateTimestampList, see RFC 6962). The returned pointer is only
+ * valid until the callback function that calls SSL_PeerSignedCertTimestamps
+ * (e.g. the authenticate certificate hook, or the handshake callback) returns.
+ *
+ * If no Signed Certificate Timestamps were given by the server then the result
+ * will be empty. If there was an error, then the result will be NULL.
+ *
+ * You must set the SSL_ENABLE_SIGNED_CERT_TIMESTAMPS option to indicate support
+ * for Signed Certificate Timestamps to a server.
+ *
+ * libssl does not do any parsing or validation of the response itself.
+ */
+SSL_IMPORT const SECItem *SSL_PeerSignedCertTimestamps(PRFileDesc *fd);
+
+/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
+ * in the fd's data, which may be sent as part of a server side cert_status
+ * handshake message. Parameter |responses| is for the server certificate of
+ * the key exchange type |kea|.
+ * The function will duplicate the responses array.
+ *
+ * Deprecated: see SSL_ConfigSecureServer for details.
+ */
+SSL_IMPORT SECStatus
+SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
+                            SSLKEAType kea);
+
+/*
+ * SSL_SetSignedCertTimestamps stores serialized signed_certificate_timestamp
+ * extension data in the fd. The signed_certificate_timestamp data is sent
+ * during the handshake (if requested by the client). Parameter |scts|
+ * is for the server certificate of the key exchange type |kea|.
+ * The function will duplicate the provided data item. To clear previously
+ * set data for a given key exchange type |kea|, pass NULL to |scts|.
+ *
+ * Deprecated: see SSL_ConfigSecureServer for details.
+ */
+SSL_IMPORT SECStatus
+SSL_SetSignedCertTimestamps(PRFileDesc *fd, const SECItem *scts,
+                            SSLKEAType kea);
+
+/*
+** Authenticate certificate hook. Called when a certificate comes in
+** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
+** certificate.
+**
+** The authenticate certificate hook must return SECSuccess to indicate the
+** certificate is valid, SECFailure to indicate the certificate is invalid,
+** or SECWouldBlock if the application will authenticate the certificate
+** asynchronously. SECWouldBlock is only supported for non-blocking sockets.
+**
+** If the authenticate certificate hook returns SECFailure, then the bad cert
+** hook will be called. The bad cert handler is NEVER called if the
+** authenticate certificate hook returns SECWouldBlock. If the application
+** needs to handle and/or override a bad cert, it should do so before it
+** calls SSL_AuthCertificateComplete (modifying the error it passes to
+** SSL_AuthCertificateComplete as needed).
+**
+** See the documentation for SSL_AuthCertificateComplete for more information
+** about the asynchronous behavior that occurs when the authenticate
+** certificate hook returns SECWouldBlock.
+**
+** RFC 6066 says that clients should send the bad_certificate_status_response
+** alert when they encounter an error processing the stapled OCSP response.
+** libssl does not provide a way for the authenticate certificate hook to
+** indicate that an OCSP error (SEC_ERROR_OCSP_*) that it returns is an error
+** in the stapled OCSP response or an error in some other OCSP response.
+** Further, NSS does not provide a convenient way to control or determine
+** which OCSP response(s) were used to validate a certificate chain.
+** Consequently, the current version of libssl does not ever send the
+** bad_certificate_status_response alert. This may change in future releases.
+*/
+typedef SECStatus(PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd,
+                                                   PRBool checkSig,
+                                                   PRBool isServer);
+
+SSL_IMPORT SECStatus SSL_AuthCertificateHook(PRFileDesc *fd,
+                                             SSLAuthCertificate f,
+                                             void *arg);
+
+/* An implementation of the certificate authentication hook */
+SSL_IMPORT SECStatus SSL_AuthCertificate(void *arg, PRFileDesc *fd,
+                                         PRBool checkSig, PRBool isServer);
+
+/*
+ * Prototype for SSL callback to get client auth data from the application.
+ *  arg - application passed argument
+ *  caNames - pointer to distinguished names of CAs that the server likes
+ *  pRetCert - pointer to pointer to cert, for return of cert
+ *  pRetKey - pointer to key pointer, for return of key
+ */
+typedef SECStatus(PR_CALLBACK *SSLGetClientAuthData)(void *arg,
+                                                     PRFileDesc *fd,
+                                                     CERTDistNames *caNames,
+                                                     CERTCertificate **pRetCert,  /*return */
+                                                     SECKEYPrivateKey **pRetKey); /* return */
+
+/*
+ * Set the client side callback for SSL to retrieve user's private key
+ * and certificate.
+ *  fd - the file descriptor for the connection in question
+ *  f - the application's callback that delivers the key and cert
+ *  a - application specific data
+ */
+SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd,
+                                               SSLGetClientAuthData f, void *a);
+
+/*
+** SNI extension processing callback function.
+** It is called when SSL socket receives SNI extension in ClientHello message.
+** Upon this callback invocation, application is responsible to reconfigure the
+** socket with the data for a particular server name.
+** There are three potential outcomes of this function invocation:
+**    * application does not recognize the name or the type and wants the
+**    "unrecognized_name" alert be sent to the client. In this case the callback
+**    function must return SSL_SNI_SEND_ALERT status.
+**    * application does not recognize  the name, but wants to continue with
+**    the handshake using the current socket configuration. In this case,
+**    no socket reconfiguration is needed and the function should return
+**    SSL_SNI_CURRENT_CONFIG_IS_USED.
+**    * application recognizes the name and reconfigures the socket with
+**    appropriate certs, key, etc. There are many ways to reconfigure. NSS
+**    provides SSL_ReconfigFD function that can be used to update the socket
+**    data from model socket. To continue with the rest of the handshake, the
+**    implementation function should return an index of a name it has chosen.
+** LibSSL will ignore any SNI extension received in a ClientHello message
+** if application does not register a SSLSNISocketConfig callback.
+** Each type field of SECItem indicates the name type.
+** NOTE: currently RFC3546 defines only one name type: sni_host_name.
+** Client is allowed to send only one name per known type. LibSSL will
+** send an "unrecognized_name" alert if SNI extension name list contains more
+** then one name of a type.
+*/
+typedef PRInt32(PR_CALLBACK *SSLSNISocketConfig)(PRFileDesc *fd,
+                                                 const SECItem *srvNameArr,
+                                                 PRUint32 srvNameArrSize,
+                                                 void *arg);
+
+/*
+** SSLSNISocketConfig should return an index within 0 and srvNameArrSize-1
+** when it has reconfigured the socket fd to use certs and keys, etc
+** for a specific name. There are two other allowed return values. One
+** tells libSSL to use the default cert and key.  The other tells libSSL
+** to send the "unrecognized_name" alert.  These values are:
+**/
+#define SSL_SNI_CURRENT_CONFIG_IS_USED -1
+#define SSL_SNI_SEND_ALERT -2
+
+/*
+** Set application implemented SNISocketConfig callback.
+*/
+SSL_IMPORT SECStatus SSL_SNISocketConfigHook(PRFileDesc *fd,
+                                             SSLSNISocketConfig f,
+                                             void *arg);
+
+/*
+** Reconfigure fd SSL socket with model socket parameters. Sets
+** server certs and keys, list of trust anchor, socket options
+** and all SSL socket call backs and parameters.
+*/
+SSL_IMPORT PRFileDesc *SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd);
+
+/*
+ * Set the client side argument for SSL to retrieve PKCS #11 pin.
+ *  fd - the file descriptor for the connection in question
+ *  a - pkcs11 application specific data
+ */
+SSL_IMPORT SECStatus SSL_SetPKCS11PinArg(PRFileDesc *fd, void *a);
+
+/*
+** These are callbacks for dealing with SSL alerts.
+ */
+
+typedef PRUint8 SSLAlertLevel;
+typedef PRUint8 SSLAlertDescription;
+
+typedef struct {
+    SSLAlertLevel level;
+    SSLAlertDescription description;
+} SSLAlert;
+
+typedef void(PR_CALLBACK *SSLAlertCallback)(const PRFileDesc *fd, void *arg,
+                                            const SSLAlert *alert);
+
+SSL_IMPORT SECStatus SSL_AlertReceivedCallback(PRFileDesc *fd, SSLAlertCallback cb,
+                                               void *arg);
+SSL_IMPORT SECStatus SSL_AlertSentCallback(PRFileDesc *fd, SSLAlertCallback cb,
+                                           void *arg);
+/*
+** This is a callback for dealing with server certs that are not authenticated
+** by the client.  The client app can decide that it actually likes the
+** cert by some external means and restart the connection.
+**
+** The bad cert hook must return SECSuccess to override the result of the
+** authenticate certificate hook, SECFailure if the certificate should still be
+** considered invalid, or SECWouldBlock if the application will authenticate
+** the certificate asynchronously. SECWouldBlock is only supported for
+** non-blocking sockets.
+**
+** See the documentation for SSL_AuthCertificateComplete for more information
+** about the asynchronous behavior that occurs when the bad cert hook returns
+** SECWouldBlock.
+*/
+typedef SECStatus(PR_CALLBACK *SSLBadCertHandler)(void *arg, PRFileDesc *fd);
+SSL_IMPORT SECStatus SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f,
+                                     void *arg);
+
+/*
+** Configure SSL socket for running a secure server. Needs the
+** certificate for the server and the servers private key. The arguments
+** are copied.
+**
+** This method should be used in preference to SSL_ConfigSecureServer,
+** SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
+** SSL_SetSignedCertTimestamps.
+**
+** The authentication method is determined from the certificate and private key
+** based on how libssl authenticates peers. Primarily, this uses the value of
+** the SSLAuthType enum and is derived from the type of public key in the
+** certificate.  For example, different RSA certificates might be saved for
+** signing (ssl_auth_rsa_sign) and key encipherment
+** (ssl_auth_rsa_decrypt). Unique to RSA, the same certificate can be used for
+** both usages. Additional information about the authentication method is also
+** used: EC keys with different curves are separately stored.
+**
+** Only one certificate is stored for each authentication method.
+**
+** The optional |data| argument contains additional information about the
+** certificate:
+**
+** - |authType| (with a value other than ssl_auth_null) limits the
+**   authentication method; this is primarily useful in limiting the use of an
+**   RSA certificate to one particular key usage (either signing or key
+**   encipherment) when its key usages indicate support for both.
+**
+** - |certChain| provides an explicit certificate chain, rather than relying on
+**   NSS functions for finding a certificate chain.
+**
+** - |stapledOCSPResponses| provides a response for OCSP stapling.
+**
+** - |signedCertTimestamps| provides a value for the
+**   signed_certificate_timestamp extension used in certificate transparency.
+**
+** The |data_len| argument provides the length of the data.  This should be set
+** to |sizeof(data)|.
+**
+** This function allows an application to provide certificates with narrow key
+** usages attached to them.  For instance, RSA keys can be provided that are
+** limited to signing or decryption only.  Multiple EC certificates with keys on
+** different named curves can be provided.
+**
+** Unlike SSL_ConfigSecureServer(WithCertChain), this function does not accept
+** NULL for the |cert| and |key| arguments.  It will replace certificates that
+** have the same type, but it cannot be used to remove certificates that have
+** already been configured.
+*/
+SSL_IMPORT SECStatus SSL_ConfigServerCert(
+    PRFileDesc *fd, CERTCertificate *cert, SECKEYPrivateKey *key,
+    const SSLExtraServerCertData *data, unsigned int data_len);
+
+/*
+** Deprecated variant of SSL_ConfigServerCert.
+**
+** This uses values from the SSLKEAType to identify the type of |key| that the
+** |cert| contains.  This is incorrect, since key exchange and authentication
+** are separated in some cipher suites (in particular, ECDHE_RSA_* suites).
+**
+** Providing a |kea| parameter of ssl_kea_ecdh (or kt_ecdh) is interpreted as
+** providing both ECDH and ECDSA certificates.
+*/
+SSL_IMPORT SECStatus SSL_ConfigSecureServer(
+    PRFileDesc *fd, CERTCertificate *cert,
+    SECKEYPrivateKey *key, SSLKEAType kea);
+
+/*
+** Deprecated variant of SSL_ConfigSecureServerCert.  The |data| argument to
+** SSL_ConfigSecureServerCert can be used to pass a certificate chain.
+*/
+SSL_IMPORT SECStatus
+SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
+                                    const CERTCertificateList *certChainOpt,
+                                    SECKEYPrivateKey *key, SSLKEAType kea);
+
+/*
+** SSL_SetSessionTicketKeyPair configures an asymmetric key pair for use in
+** wrapping session ticket keys, used by the server.  This function currently
+** only accepts an RSA public/private key pair.
+**
+** Prior to the existence of this function, NSS used an RSA private key
+** associated with a configured certificate to perform session ticket
+** encryption.  If this function isn't used, the keys provided with a configured
+** RSA certificate are used for wrapping session ticket keys.
+*/
+SSL_IMPORT SECStatus
+SSL_SetSessionTicketKeyPair(SECKEYPublicKey *pubKey, SECKEYPrivateKey *privKey);
+
+/*
+** Configure a secure server's session-id cache. Define the maximum number
+** of entries in the cache, the longevity of the entires, and the directory
+** where the cache files will be placed.  These values can be zero, and
+** if so, the implementation will choose defaults.
+** This version of the function is for use in applications that have only one
+** process that uses the cache (even if that process has multiple threads).
+*/
+SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCache(int maxCacheEntries,
+                                                    PRUint32 timeout,
+                                                    PRUint32 ssl3_timeout,
+                                                    const char *directory);
+
+/* Configure a secure server's session-id cache. Depends on value of
+ * enableMPCache, configures malti-proc or single proc cache. */
+SSL_IMPORT SECStatus SSL_ConfigServerSessionIDCacheWithOpt(
+    PRUint32 timeout,
+    PRUint32 ssl3_timeout,
+    const char *directory,
+    int maxCacheEntries,
+    int maxCertCacheEntries,
+    int maxSrvNameCacheEntries,
+    PRBool enableMPCache);
+
+/*
+** Like SSL_ConfigServerSessionIDCache, with one important difference.
+** If the application will run multiple processes (as opposed to, or in
+** addition to multiple threads), then it must call this function, instead
+** of calling SSL_ConfigServerSessionIDCache().
+** This has nothing to do with the number of processORs, only processEs.
+** This function sets up a Server Session ID (SID) cache that is safe for
+** access by multiple processes on the same system.
+*/
+SSL_IMPORT SECStatus SSL_ConfigMPServerSIDCache(int maxCacheEntries,
+                                                PRUint32 timeout,
+                                                PRUint32 ssl3_timeout,
+                                                const char *directory);
+
+/* Get and set the configured maximum number of mutexes used for the
+** server's store of SSL sessions.  This value is used by the server
+** session ID cache initialization functions shown above.  Note that on
+** some platforms, these mutexes are actually implemented with POSIX
+** semaphores, or with unnamed pipes.  The default value varies by platform.
+** An attempt to set a too-low maximum will return an error and the
+** configured value will not be changed.
+*/
+SSL_IMPORT PRUint32 SSL_GetMaxServerCacheLocks(void);
+SSL_IMPORT SECStatus SSL_SetMaxServerCacheLocks(PRUint32 maxLocks);
+
+/* environment variable set by SSL_ConfigMPServerSIDCache, and queried by
+ * SSL_InheritMPServerSIDCache when envString is NULL.
+ */
+#define SSL_ENV_VAR_NAME "SSL_INHERITANCE"
+
+/* called in child to inherit SID Cache variables.
+ * If envString is NULL, this function will use the value of the environment
+ * variable "SSL_INHERITANCE", otherwise the string value passed in will be
+ * used.
+ */
+SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char *envString);
+
+/*
+** Set the callback that gets called when a TLS handshake is complete. The
+** handshake callback is called after verifying the peer's Finished message and
+** before processing incoming application data.
+**
+** For the initial handshake: If the handshake false started (see
+** SSL_ENABLE_FALSE_START), then application data may already have been sent
+** before the handshake callback is called. If we did not false start then the
+** callback will get called before any application data is sent.
+*/
+typedef void(PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd,
+                                                void *client_data);
+SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd,
+                                           SSLHandshakeCallback cb, void *client_data);
+
+/* Applications that wish to enable TLS false start must set this callback
+** function. NSS will invoke the functon to determine if a particular
+** connection should use false start or not. SECSuccess indicates that the
+** callback completed successfully, and if so *canFalseStart indicates if false
+** start can be used. If the callback does not return SECSuccess then the
+** handshake will be canceled. NSS's recommended criteria can be evaluated by
+** calling SSL_RecommendedCanFalseStart.
+**
+** If no false start callback is registered then false start will never be
+** done, even if the SSL_ENABLE_FALSE_START option is enabled.
+**/
+typedef SECStatus(PR_CALLBACK *SSLCanFalseStartCallback)(
+    PRFileDesc *fd, void *arg, PRBool *canFalseStart);
+
+SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback(
+    PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg);
+
+/* This function sets *canFalseStart according to the recommended criteria for
+** false start. These criteria may change from release to release and may depend
+** on which handshake features have been negotiated and/or properties of the
+** certifciates/keys used on the connection.
+*/
+SSL_IMPORT SECStatus SSL_RecommendedCanFalseStart(PRFileDesc *fd,
+                                                  PRBool *canFalseStart);
+
+/*
+** For the server, request a new handshake.  For the client, begin a new
+** handshake.  If flushCache is non-zero, the SSL3 cache entry will be
+** flushed first, ensuring that a full SSL handshake will be done.
+** If flushCache is zero, and an SSL connection is established, it will
+** do the much faster session restart handshake.  This will change the
+** session keys without doing another private key operation.
+*/
+SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache);
+
+/*
+** Same as above, but with an I/O timeout.
+ */
+SSL_IMPORT SECStatus SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
+                                                PRBool flushCache,
+                                                PRIntervalTime timeout);
+
+#ifdef SSL_DEPRECATED_FUNCTION
+/* deprecated!
+** For the server, request a new handshake.  For the client, begin a new
+** handshake.  Flushes SSL3 session cache entry first, ensuring that a
+** full handshake will be done.
+** This call is equivalent to SSL_ReHandshake(fd, PR_TRUE)
+*/
+SSL_IMPORT SECStatus SSL_RedoHandshake(PRFileDesc *fd);
+#endif
+
+/*
+ * Allow the application to pass a URL or hostname into the SSL library.
+ */
+SSL_IMPORT SECStatus SSL_SetURL(PRFileDesc *fd, const char *url);
+
+/*
+ * Allow an application to define a set of trust anchors for peer
+ * cert validation.
+ */
+SSL_IMPORT SECStatus SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *list);
+
+/*
+** Return the number of bytes that SSL has waiting in internal buffers.
+** Return 0 if security is not enabled.
+*/
+SSL_IMPORT int SSL_DataPending(PRFileDesc *fd);
+
+/*
+** Invalidate the SSL session associated with fd.
+*/
+SSL_IMPORT SECStatus SSL_InvalidateSession(PRFileDesc *fd);
+
+/*
+** Return a SECItem containing the SSL session ID associated with the fd.
+*/
+SSL_IMPORT SECItem *SSL_GetSessionID(PRFileDesc *fd);
+
+/*
+** Clear out the client's SSL session cache, not the server's session cache.
+*/
+SSL_IMPORT void SSL_ClearSessionCache(void);
+
+/*
+** Close the server's SSL session cache.
+*/
+SSL_IMPORT SECStatus SSL_ShutdownServerSessionIDCache(void);
+
+/*
+** Set peer information so we can correctly look up SSL session later.
+** You only have to do this if you're tunneling through a proxy.
+*/
+SSL_IMPORT SECStatus SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID);
+
+/*
+** Reveal the security information for the peer.
+*/
+SSL_IMPORT CERTCertificate *SSL_RevealCert(PRFileDesc *socket);
+SSL_IMPORT void *SSL_RevealPinArg(PRFileDesc *socket);
+SSL_IMPORT char *SSL_RevealURL(PRFileDesc *socket);
+
+/* This callback may be passed to the SSL library via a call to
+ * SSL_GetClientAuthDataHook() for each SSL client socket.
+ * It will be invoked when SSL needs to know what certificate and private key
+ * (if any) to use to respond to a request for client authentication.
+ * If arg is non-NULL, it is a pointer to a NULL-terminated string containing
+ * the nickname of the cert/key pair to use.
+ * If arg is NULL, this function will search the cert and key databases for
+ * a suitable match and send it if one is found.
+ */
+SSL_IMPORT SECStatus
+NSS_GetClientAuthData(void *arg,
+                      PRFileDesc *socket,
+                      struct CERTDistNamesStr *caNames,
+                      struct CERTCertificateStr **pRetCert,
+                      struct SECKEYPrivateKeyStr **pRetKey);
+
+/*
+** Configure DTLS-SRTP (RFC 5764) cipher suite preferences.
+** Input is a list of ciphers in descending preference order and a length
+** of the list. As a side effect, this causes the use_srtp extension to be
+** negotiated.
+**
+** Invalid or unimplemented cipher suites in |ciphers| are ignored. If at
+** least one cipher suite in |ciphers| is implemented, returns SECSuccess.
+** Otherwise returns SECFailure.
+*/
+SSL_IMPORT SECStatus SSL_SetSRTPCiphers(PRFileDesc *fd,
+                                        const PRUint16 *ciphers,
+                                        unsigned int numCiphers);
+
+/*
+** Get the selected DTLS-SRTP cipher suite (if any).
+** To be called after the handshake completes.
+** Returns SECFailure if not negotiated.
+*/
+SSL_IMPORT SECStatus SSL_GetSRTPCipher(PRFileDesc *fd,
+                                       PRUint16 *cipher);
+
+/*
+ * Look to see if any of the signers in the cert chain for "cert" are found
+ * in the list of caNames.
+ * Returns SECSuccess if so, SECFailure if not.
+ * Used by NSS_GetClientAuthData.  May be used by other callback functions.
+ */
+SSL_IMPORT SECStatus NSS_CmpCertChainWCANames(CERTCertificate *cert,
+                                              CERTDistNames *caNames);
+
+/* Deprecated.  This reports a misleading value for certificates that might
+ * be used for signing rather than key exchange.
+ * Returns key exchange type of the keys in an SSL server certificate.
+ */
+SSL_IMPORT SSLKEAType NSS_FindCertKEAType(CERTCertificate *cert);
+
+/* Set cipher policies to a predefined Domestic (U.S.A.) policy.
+ * This essentially allows all supported ciphers.
+ */
+SSL_IMPORT SECStatus NSS_SetDomesticPolicy(void);
+
+/* Set cipher policies to a predefined Policy that is exportable from the USA
+ *   according to present U.S. policies as we understand them.
+ * It is the same as NSS_SetDomesticPolicy now.
+ */
+SSL_IMPORT SECStatus NSS_SetExportPolicy(void);
+
+/* Set cipher policies to a predefined Policy that is exportable from the USA
+ *   according to present U.S. policies as we understand them, and that the
+ *   nation of France will permit to be imported into their country.
+ * It is the same as NSS_SetDomesticPolicy now.
+ */
+SSL_IMPORT SECStatus NSS_SetFrancePolicy(void);
+
+SSL_IMPORT SSL3Statistics *SSL_GetStatistics(void);
+
+/* Report more information than SSL_SecurityStatus.
+ * Caller supplies the info struct.  This function fills it in.  Caller should
+ * pass sizeof(SSLChannelInfo) as the |len| argument.
+ *
+ * The information here will be zeroed prior to details being confirmed.  The
+ * details are confirmed either when a Finished message is received, or - for a
+ * client - when the second flight of messages have been sent.  This function
+ * therefore produces unreliable results prior to receiving the
+ * SSLHandshakeCallback or the SSLCanFalseStartCallback.
+ */
+SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info,
+                                        PRUintn len);
+/* Get preliminary information about a channel.
+ * Caller supplies the info struct.  This function fills it in.  Caller should
+ * pass sizeof(SSLPreliminaryChannelInfo) as the |len| argument.
+ *
+ * This function can be called prior to handshake details being confirmed (see
+ * SSL_GetChannelInfo above for what that means).  Thus, information provided by
+ * this function is available to SSLAuthCertificate, SSLGetClientAuthData,
+ * SSLSNISocketConfig, and other callbacks that might be called during the
+ * processing of the first flight of client of server handshake messages.
+ * Values are marked as being unavailable when renegotiation is initiated.
+ */
+SSL_IMPORT SECStatus
+SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
+                              SSLPreliminaryChannelInfo *info,
+                              PRUintn len);
+/* Get information about cipher suite with id of |cipherSuite|.
+ * Caller supplies the info struct.  This function fills it in.  Caller should
+ * pass sizeof(SSLCipherSuiteInfo) as the |len| argument.
+ */
+SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
+                                            SSLCipherSuiteInfo *info, PRUintn len);
+
+/* Returnes negotiated through SNI host info. */
+SSL_IMPORT SECItem *SSL_GetNegotiatedHostInfo(PRFileDesc *fd);
+
+/* Export keying material according to RFC 5705.
+** fd must correspond to a TLS 1.0 or higher socket and out must
+** already be allocated. If hasContext is false, it uses the no-context
+** construction from the RFC and ignores the context and contextLen
+** arguments.
+*/
+SSL_IMPORT SECStatus SSL_ExportKeyingMaterial(PRFileDesc *fd,
+                                              const char *label,
+                                              unsigned int labelLen,
+                                              PRBool hasContext,
+                                              const unsigned char *context,
+                                              unsigned int contextLen,
+                                              unsigned char *out,
+                                              unsigned int outLen);
+
+/* Early exporters are used if 0-RTT is enabled.  This is TLS 1.3 only.  Note
+ * that in TLS 1.3, an empty context is equivalent to an absent context. */
+SSL_IMPORT SECStatus SSL_ExportEarlyKeyingMaterial(PRFileDesc *fd,
+                                                   const char *label,
+                                                   unsigned int labelLen,
+                                                   const unsigned char *context,
+                                                   unsigned int contextLen,
+                                                   unsigned char *out,
+                                                   unsigned int outLen);
+
+/*
+** Return a new reference to the certificate that was most recently sent
+** to the peer on this SSL/TLS connection, or NULL if none has been sent.
+*/
+SSL_IMPORT CERTCertificate *SSL_LocalCertificate(PRFileDesc *fd);
+
+#define SSL_CBP_SSL3 0x0001   /* (deprecated) */
+#define SSL_CBP_TLS1_0 0x0002 /* (deprecated) */
+
+/* DEPRECATED: The PKCS#11 bypass has been removed.
+**             This function will now always return false. */
+SSL_IMPORT SECStatus SSL_CanBypass(CERTCertificate *cert,
+                                   SECKEYPrivateKey *privKey,
+                                   PRUint32 protocolmask,
+                                   PRUint16 *ciphers, int nciphers,
+                                   PRBool *pcanbypass, void *pwArg);
+
+/*
+** Did the handshake with the peer negotiate the given extension?
+** Output parameter valid only if function returns SECSuccess
+*/
+SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
+                                                      SSLExtensionType extId,
+                                                      PRBool *yes);
+
+/*
+** How long should we wait before retransmitting the next flight of
+** the DTLS handshake? Returns SECFailure if not DTLS or not in a
+** handshake.
+*/
+SSL_IMPORT SECStatus DTLS_GetHandshakeTimeout(PRFileDesc *socket,
+                                              PRIntervalTime *timeout);
+
+/*
+ * Return a boolean that indicates whether the underlying library
+ * will perform as the caller expects.
+ *
+ * The only argument is a string, which should be the version
+ * identifier of the NSS library. That string will be compared
+ * against a string that represents the actual build version of
+ * the SSL library.
+ */
+extern PRBool NSSSSL_VersionCheck(const char *importedVersion);
+
+/*
+ * Returns a const string of the SSL library version.
+ */
+extern const char *NSSSSL_GetVersion(void);
+
+/* Restart an SSL connection that was paused to do asynchronous certificate
+ * chain validation (when the auth certificate hook or bad cert handler
+ * returned SECWouldBlock).
+ *
+ * This function only works for non-blocking sockets; Do not use it for
+ * blocking sockets. Currently, this function works only for the client role of
+ * a connection; it does not work for the server role.
+ *
+ * The application must call SSL_AuthCertificateComplete with 0 as the value of
+ * the error parameter after it has successfully validated the peer's
+ * certificate, in order to continue the SSL handshake.
+ *
+ * The application may call SSL_AuthCertificateComplete with a non-zero value
+ * for error (e.g. SEC_ERROR_REVOKED_CERTIFICATE) when certificate validation
+ * fails, before it closes the connection. If the application does so, an
+ * alert corresponding to the error (e.g. certificate_revoked) will be sent to
+ * the peer. See the source code of the internal function
+ * ssl3_SendAlertForCertError for the current mapping of error to alert. This
+ * mapping may change in future versions of libssl.
+ *
+ * This function will not complete the entire handshake. The application must
+ * call SSL_ForceHandshake, PR_Recv, PR_Send, etc. after calling this function
+ * to force the handshake to complete.
+ *
+ * On the first handshake of a connection, libssl will wait for the peer's
+ * certificate to be authenticated before calling the handshake callback,
+ * sending a client certificate, sending any application data, or returning
+ * any application data to the application. On subsequent (renegotiation)
+ * handshakes, libssl will block the handshake unconditionally while the
+ * certificate is being validated.
+ *
+ * libssl may send and receive handshake messages while waiting for the
+ * application to call SSL_AuthCertificateComplete, and it may call other
+ * callbacks (e.g, the client auth data hook) before
+ * SSL_AuthCertificateComplete has been called.
+ *
+ * An application that uses this asynchronous mechanism will usually have lower
+ * handshake latency if it has to do public key operations on the certificate
+ * chain and/or CRL/OCSP/cert fetching during the authentication, especially if
+ * it does so in parallel on another thread. However, if the application can
+ * authenticate the peer's certificate quickly then it may be more efficient
+ * to use the synchronous mechanism (i.e. returning SECFailure/SECSuccess
+ * instead of SECWouldBlock from the authenticate certificate hook).
+ *
+ * Be careful about converting an application from synchronous cert validation
+ * to asynchronous certificate validation. A naive conversion is likely to
+ * result in deadlocks; e.g. the application will wait in PR_Poll for network
+ * I/O on the connection while all network I/O on the connection is blocked
+ * waiting for this function to be called.
+ *
+ * Returns SECFailure on failure, SECSuccess on success. Never returns
+ * SECWouldBlock. Note that SSL_AuthCertificateComplete will (usually) return
+ * SECSuccess; do not interpret the return value of SSL_AuthCertificateComplete
+ * as an indicator of whether it is OK to continue using the connection. For
+ * example, SSL_AuthCertificateComplete(fd, SEC_ERROR_REVOKED_CERTIFICATE) will
+ * return SECSuccess (normally), but that does not mean that the application
+ * should continue using the connection. If the application passes a non-zero
+ * value for second argument (error), or if SSL_AuthCertificateComplete returns
+ * anything other than SECSuccess, then the application should close the
+ * connection.
+ */
+SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
+                                                 PRErrorCode error);
+/*
+ * TLS Proof functions
+ */
+
+/*Set *val to TRUE if the negotiation was succsessfull or set *val to FALSE if
+ * the negotiation failed*/
+SSL_IMPORT SECStatus SSL_TLSProofIsNegociated(PRFileDesc *fd, PRBool *val);
+/*Call by a client to trigger the signature generation and sending from the server*/
+SSL_IMPORT SECStatus SSL_TLSProofRequestProof(PRFileDesc *fd);
+/*Definition of the callback function pointer that will be called when client
+ * receive the signature from the server*/
+typedef SECStatus(PR_CALLBACK * SSLTLSProofReturnCallBack)(unsigned char *proof, unsigned int length);
+/*Function to set the previous callback*/
+SSL_IMPORT SECStatus SSL_TLSProofSetReturnCallBack(PRFileDesc *fd, SSLTLSProofReturnCallBack callback, PRUint8 tlsProofType);
+// Set proposed salt size by client
+SSL_IMPORT SECStatus SSL_TLSProofSetSaltSize(PRFileDesc *fd, PRUint16 client_prop_salt_size);
+// Set proposed chunk size by client
+SSL_IMPORT SECStatus SSL_TLSProofSetChunkSize(PRFileDesc *fd, PRUint16 client_prop_chunk_size);
+// Function to verify the proof
+SSL_IMPORT SECStatus SSL_TLSProofCheckProof(unsigned char *proof_str, unsigned int proof_size);
+
+SEC_END_PROTOS
+
+#endif /* __ssl_h_ */
diff --git a/nss/lib/ssl/ssl.rc b/nss/lib/ssl/ssl.rc
new file mode 100644
index 0000000..809a07e
--- /dev/null
+++ b/nss/lib/ssl/ssl.rc
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include <winver.h>
+
+#define MY_LIBNAME "ssl"
+#define MY_FILEDESCRIPTION "NSS SSL Library"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define NSS_VMAJOR_STR STRINGIZE2(NSS_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if NSS_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME NSS_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
+ PRODUCTVERSION NSS_VMAJOR,NSS_VMINOR,NSS_VPATCH,NSS_VBUILD
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", NSS_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", NSS_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
new file mode 100644
index 0000000..4bc89cd
--- /dev/null
+++ b/nss/lib/ssl/ssl3con.c
@@ -0,0 +1,13432 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * SSL3 Protocol
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
+
+#include "cert.h"
+#include "ssl.h"
+#include "cryptohi.h" /* for DSAU_ stuff */
+#include "keyhi.h"
+#include "secder.h"
+#include "secitem.h"
+#include "sechash.h"
+
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "sslerr.h"
+#include "ssl3ext.h"
+#include "ssl3exthandle.h"
+#include "prtime.h"
+#include "prinrval.h"
+#include "prerror.h"
+#include "pratom.h"
+#include "prthread.h"
+#include "nss.h"
+#include "nssoptions.h"
+
+#include "pk11func.h"
+#include "secmod.h"
+#include "blapi.h"
+
+#include <stdio.h>
+#ifdef NSS_SSL_ENABLE_ZLIB
+#include "zlib.h"
+#endif
+
+#ifndef PK11_SETATTRS
+#define PK11_SETATTRS(x, id, v, l) \
+    (x)->type = (id);              \
+    (x)->pValue = (v);             \
+    (x)->ulValueLen = (l);
+#endif
+
+static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
+                                       PK11SlotInfo *serverKeySlot);
+static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
+static SECStatus ssl3_DeriveConnectionKeys(sslSocket *ss);
+static SECStatus ssl3_HandshakeFailure(sslSocket *ss);
+static SECStatus ssl3_SendCertificate(sslSocket *ss);
+static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
+static SECStatus ssl3_SendNextProto(sslSocket *ss);
+static SECStatus ssl3_SendFinished(sslSocket *ss, PRInt32 flags);
+static SECStatus ssl3_SendServerHelloDone(sslSocket *ss);
+static SECStatus ssl3_SendServerKeyExchange(sslSocket *ss);
+static SECStatus ssl3_HandleClientHelloPart2(sslSocket *ss,
+                                             SECItem *suites,
+                                             SECItem *comps,
+                                             sslSessionID *sid);
+static SECStatus ssl3_HandleServerHelloPart2(sslSocket *ss,
+                                             const SECItem *sidBytes,
+                                             int *retErrCode);
+static SECStatus ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss,
+                                                      SSL3Opaque *b,
+                                                      PRUint32 length,
+                                                      SSL3Hashes *hashesPtr);
+static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
+
+static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen,
+                             int maxOutputLen, const unsigned char *input,
+                             int inputLen);
+
+static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType);
+static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash);
+PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme);
+
+#define MAX_SEND_BUF_LENGTH 32000 /* watch for 16-bit integer overflow */
+#define MIN_SEND_BUF_LENGTH 4000
+
+/* This list of SSL3 cipher suites is sorted in descending order of
+ * precedence (desirability).  It only includes cipher suites we implement.
+ * This table is modified by SSL3_SetPolicy(). The ordering of cipher suites
+ * in this table must match the ordering in SSL_ImplementedCiphers (sslenum.c)
+ *
+ * Important: See bug 946147 before enabling, reordering, or adding any cipher
+ * suites to this list.
+ */
+/* clang-format off */
+static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
+   /*      cipher_suite                     policy       enabled   isPresent */
+ /* Special TLS 1.3 suites. */
+ { TLS_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
+ { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE },
+ { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE },
+
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+   /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
+    * bug 946147.
+    */
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
+
+ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,       SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_DHE_DSS_WITH_RC4_128_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+
+ { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_ECDSA_WITH_RC4_128_SHA,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_RSA_WITH_RC4_128_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
+
+ /* RSA */
+ { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_AES_256_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_AES_256_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,       SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_SEED_CBC_SHA,               SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_3DES_EDE_CBC_SHA,           SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_SHA,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+ { TLS_RSA_WITH_RC4_128_MD5,                SSL_ALLOWED, PR_TRUE,  PR_FALSE},
+
+ /* 56-bit DES "domestic" cipher suites */
+ { TLS_DHE_RSA_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_DHE_DSS_WITH_DES_CBC_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_DES_CBC_SHA,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
+
+ /* ciphersuites with no encryption */
+ { TLS_ECDHE_ECDSA_WITH_NULL_SHA,           SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDHE_RSA_WITH_NULL_SHA,             SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_RSA_WITH_NULL_SHA,              SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_ECDH_ECDSA_WITH_NULL_SHA,            SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_SHA,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_SHA256,                SSL_ALLOWED, PR_FALSE, PR_FALSE},
+ { TLS_RSA_WITH_NULL_MD5,                   SSL_ALLOWED, PR_FALSE, PR_FALSE},
+};
+/* clang-format on */
+
+/* This is the default supported set of signature schemes.  The order of the
+ * hashes here is all that is important, since that will (sometimes) determine
+ * which hash we use.  The key pair (i.e., cert) is the primary thing that
+ * determines what we use and this doesn't affect how we select key pairs.  The
+ * order of signature types is based on the same rules for ordering we use for
+ * cipher suites just for consistency.
+ */
+static const SSLSignatureScheme defaultSignatureSchemes[] = {
+    ssl_sig_ecdsa_secp256r1_sha256,
+    ssl_sig_ecdsa_secp384r1_sha384,
+    ssl_sig_ecdsa_secp521r1_sha512,
+    ssl_sig_ecdsa_sha1,
+    ssl_sig_rsa_pss_sha256,
+    ssl_sig_rsa_pss_sha384,
+    ssl_sig_rsa_pss_sha512,
+    ssl_sig_rsa_pkcs1_sha256,
+    ssl_sig_rsa_pkcs1_sha384,
+    ssl_sig_rsa_pkcs1_sha512,
+    ssl_sig_rsa_pkcs1_sha1,
+    ssl_sig_dsa_sha256,
+    ssl_sig_dsa_sha384,
+    ssl_sig_dsa_sha512,
+    ssl_sig_dsa_sha1
+};
+PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureSchemes) <=
+                 MAX_SIGNATURE_SCHEMES);
+
+/* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order.
+ */
+#ifdef DEBUG
+void
+ssl3_CheckCipherSuiteOrderConsistency()
+{
+    unsigned int i;
+
+    PORT_Assert(SSL_NumImplementedCiphers == PR_ARRAY_SIZE(cipherSuites));
+
+    for (i = 0; i < PR_ARRAY_SIZE(cipherSuites); ++i) {
+        PORT_Assert(SSL_ImplementedCiphers[i] == cipherSuites[i].cipher_suite);
+    }
+}
+#endif
+
+/* This list of SSL3 compression methods is sorted in descending order of
+ * precedence (desirability).  It only includes compression methods we
+ * implement.
+ */
+static const SSLCompressionMethod ssl_compression_methods[] = {
+#ifdef NSS_SSL_ENABLE_ZLIB
+    ssl_compression_deflate,
+#endif
+    ssl_compression_null
+};
+
+static const unsigned int ssl_compression_method_count =
+    PR_ARRAY_SIZE(ssl_compression_methods);
+
+/* compressionEnabled returns true iff the compression algorithm is enabled
+ * for the given SSL socket. */
+static PRBool
+ssl_CompressionEnabled(sslSocket *ss, SSLCompressionMethod compression)
+{
+    SSL3ProtocolVersion version;
+
+    if (compression == ssl_compression_null) {
+        return PR_TRUE; /* Always enabled */
+    }
+    if (ss->sec.isServer) {
+        /* We can't easily check that the client didn't attempt TLS 1.3,
+         * so this will have to do. */
+        PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
+        version = ss->version;
+    } else {
+        version = ss->vrange.max;
+    }
+    if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        return PR_FALSE;
+    }
+#ifdef NSS_SSL_ENABLE_ZLIB
+    if (compression == ssl_compression_deflate) {
+        if (IS_DTLS(ss)) {
+            return PR_FALSE;
+        }
+        return ss->opt.enableDeflate;
+    }
+#endif
+    return PR_FALSE;
+}
+
+static const /*SSL3ClientCertificateType */ PRUint8 certificate_types[] = {
+    ct_RSA_sign,
+    ct_ECDSA_sign,
+    ct_DSS_sign,
+};
+
+static SSL3Statistics ssl3stats;
+
+/* Record protection algorithms, indexed by SSL3BulkCipher.
+ *
+ * The |max_records| field (|mr| below) is set to a number that is higher than
+ * recommended in some literature (esp. TLS 1.3) because we currently abort the
+ * connection when this limit is reached and we want to ensure that we only
+ * rarely hit this limit.  See bug 1268745 for details.
+ */
+#define MR_MAX RECORD_SEQ_MAX  /* 2^48-1 */
+#define MR_128 (0x5aULL << 28) /* For AES and similar. */
+#define MR_LOW (1ULL << 20)    /* For weak ciphers. */
+/* clang-format off */
+static const ssl3BulkCipherDef bulk_cipher_defs[] = {
+    /*                                    |--------- Lengths ---------| */
+    /* cipher             calg            :  s                        : */
+    /*                                    :  e                  b     n */
+    /* oid                short_name mr   :                     l     o */
+    /*                                    k  r                  o  t  n */
+    /*                                    e  e               i  c  a  c */
+    /*                                    y  t  type         v  k  g  e */
+    {cipher_null,         calg_null,      0, 0, type_stream, 0, 0, 0, 0,
+     SEC_OID_NULL_CIPHER, "NULL", MR_MAX},
+    {cipher_rc4,          calg_rc4,      16,16, type_stream, 0, 0, 0, 0,
+     SEC_OID_RC4,         "RC4", MR_LOW},
+    {cipher_des,          calg_des,       8, 8, type_block,  8, 8, 0, 0,
+     SEC_OID_DES_CBC,     "DES-CBC", MR_LOW},
+    {cipher_3des,         calg_3des,     24,24, type_block,  8, 8, 0, 0,
+     SEC_OID_DES_EDE3_CBC, "3DES-EDE-CBC", MR_LOW},
+    {cipher_aes_128,      calg_aes,      16,16, type_block, 16,16, 0, 0,
+     SEC_OID_AES_128_CBC, "AES-128", MR_128},
+    {cipher_aes_256,      calg_aes,      32,32, type_block, 16,16, 0, 0,
+     SEC_OID_AES_256_CBC, "AES-256", MR_128},
+    {cipher_camellia_128, calg_camellia, 16,16, type_block, 16,16, 0, 0,
+     SEC_OID_CAMELLIA_128_CBC, "Camellia-128", MR_128},
+    {cipher_camellia_256, calg_camellia, 32,32, type_block, 16,16, 0, 0,
+     SEC_OID_CAMELLIA_256_CBC, "Camellia-256", MR_128},
+    {cipher_seed,         calg_seed,     16,16, type_block, 16,16, 0, 0,
+     SEC_OID_SEED_CBC,    "SEED-CBC", MR_128},
+    {cipher_aes_128_gcm,  calg_aes_gcm,  16,16, type_aead,   4, 0,16, 8,
+     SEC_OID_AES_128_GCM, "AES-128-GCM", MR_128},
+    {cipher_aes_256_gcm,  calg_aes_gcm,  32,32, type_aead,   4, 0,16, 8,
+     SEC_OID_AES_256_GCM, "AES-256-GCM", MR_128},
+    {cipher_chacha20,     calg_chacha20, 32,32, type_aead,  12, 0,16, 0,
+     SEC_OID_CHACHA20_POLY1305, "ChaCha20-Poly1305", MR_MAX},
+    {cipher_missing,      calg_null,      0, 0, type_stream, 0, 0, 0, 0,
+     SEC_OID_UNKNOWN,     "missing", 0U},
+};
+
+static const ssl3KEADef kea_defs[] =
+{ /* indexed by SSL3KeyExchangeAlgorithm */
+    /* kea            exchKeyType signKeyType authKeyType ephemeral  oid */
+    {kea_null,           ssl_kea_null, nullKey, ssl_auth_null, PR_FALSE, 0},
+    {kea_rsa,            ssl_kea_rsa,  nullKey, ssl_auth_rsa_decrypt, PR_FALSE, SEC_OID_TLS_RSA},
+    {kea_dh_dss,         ssl_kea_dh,   dsaKey, ssl_auth_dsa, PR_FALSE, SEC_OID_TLS_DH_DSS},
+    {kea_dh_rsa,         ssl_kea_dh,   rsaKey, ssl_auth_rsa_sign, PR_FALSE, SEC_OID_TLS_DH_RSA},
+    {kea_dhe_dss,        ssl_kea_dh,   dsaKey, ssl_auth_dsa, PR_TRUE,  SEC_OID_TLS_DHE_DSS},
+    {kea_dhe_rsa,        ssl_kea_dh,   rsaKey, ssl_auth_rsa_sign, PR_TRUE,  SEC_OID_TLS_DHE_RSA},
+    {kea_dh_anon,        ssl_kea_dh,   nullKey, ssl_auth_null, PR_TRUE,  SEC_OID_TLS_DH_ANON},
+    {kea_ecdh_ecdsa,     ssl_kea_ecdh, nullKey, ssl_auth_ecdh_ecdsa, PR_FALSE, SEC_OID_TLS_ECDH_ECDSA},
+    {kea_ecdhe_ecdsa,    ssl_kea_ecdh, ecKey, ssl_auth_ecdsa, PR_TRUE,  SEC_OID_TLS_ECDHE_ECDSA},
+    {kea_ecdh_rsa,       ssl_kea_ecdh, nullKey, ssl_auth_ecdh_rsa, PR_FALSE, SEC_OID_TLS_ECDH_RSA},
+    {kea_ecdhe_rsa,      ssl_kea_ecdh, rsaKey, ssl_auth_rsa_sign, PR_TRUE,  SEC_OID_TLS_ECDHE_RSA},
+    {kea_ecdh_anon,      ssl_kea_ecdh, nullKey, ssl_auth_null, PR_TRUE,  SEC_OID_TLS_ECDH_ANON},
+    {kea_ecdhe_psk,      ssl_kea_ecdh_psk, nullKey, ssl_auth_psk, PR_TRUE, SEC_OID_TLS_ECDHE_PSK},
+    {kea_dhe_psk,      ssl_kea_dh_psk, nullKey, ssl_auth_psk, PR_TRUE, SEC_OID_TLS_DHE_PSK},
+    {kea_tls13_any,      ssl_kea_tls13_any, nullKey, ssl_auth_tls13_any, PR_TRUE, SEC_OID_TLS13_KEA_ANY},
+};
+
+/* must use ssl_LookupCipherSuiteDef to access */
+static const ssl3CipherSuiteDef cipher_suite_defs[] =
+{
+/*  cipher_suite                    bulk_cipher_alg mac_alg key_exchange_alg prf_hash */
+/*  Note that the prf_hash_alg is the hash function used by the PRF, see sslimpl.h.  */
+
+    {TLS_NULL_WITH_NULL_NULL,       cipher_null,   mac_null, kea_null, ssl_hash_none},
+    {TLS_RSA_WITH_NULL_MD5,         cipher_null,   mac_md5, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_NULL_SHA,         cipher_null,   mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_NULL_SHA256,      cipher_null,   hmac_sha256, kea_rsa, ssl_hash_sha256},
+    {TLS_RSA_WITH_RC4_128_MD5,      cipher_rc4,    mac_md5, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_RC4_128_SHA,      cipher_rc4,    mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_DES_CBC_SHA,      cipher_des,    mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,   mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+                                    cipher_3des,   mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_RC4_128_SHA,  cipher_rc4,    mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_DES_CBC_SHA,  cipher_des,    mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+                                    cipher_3des,   mac_sha, kea_dhe_rsa, ssl_hash_none},
+
+
+/* New TLS cipher suites */
+    {TLS_RSA_WITH_AES_128_CBC_SHA,      cipher_aes_128, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_AES_128_CBC_SHA256,   cipher_aes_128, hmac_sha256, kea_rsa, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_rsa, ssl_hash_sha256},
+    {TLS_RSA_WITH_AES_256_CBC_SHA,      cipher_aes_256, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_AES_256_CBC_SHA256,   cipher_aes_256, hmac_sha256, kea_rsa, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_rsa, ssl_hash_sha256},
+    {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, ssl_hash_sha384},
+
+    {TLS_RSA_WITH_SEED_CBC_SHA,     cipher_seed,   mac_sha, kea_rsa, ssl_hash_none},
+
+    {TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, cipher_camellia_128, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     cipher_camellia_128, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     cipher_camellia_128, mac_sha, kea_dhe_rsa, ssl_hash_none},
+    {TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, cipher_camellia_256, mac_sha, kea_rsa, ssl_hash_none},
+    {TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     cipher_camellia_256, mac_sha, kea_dhe_dss, ssl_hash_none},
+    {TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     cipher_camellia_256, mac_sha, kea_dhe_rsa, ssl_hash_none},
+
+    {TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa, ssl_hash_sha256},
+    {TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa, ssl_hash_sha256},
+
+    {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384},
+    {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha384},
+    {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_ecdsa, ssl_hash_sha384},
+    {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, cipher_aes_256, hmac_sha384, kea_ecdhe_rsa, ssl_hash_sha384},
+    {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss, ssl_hash_sha256},
+    {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha384},
+    {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, ssl_hash_sha384},
+
+    {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa, ssl_hash_sha256},
+
+    {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha256},
+
+    {TLS_ECDH_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+    {TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdh_ecdsa, ssl_hash_none},
+
+    {TLS_ECDHE_ECDSA_WITH_NULL_SHA,        cipher_null, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,      cipher_rc4, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, cipher_aes_128, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+    {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_ecdsa, ssl_hash_sha256},
+    {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, cipher_aes_256, mac_sha, kea_ecdhe_ecdsa, ssl_hash_none},
+
+    {TLS_ECDH_RSA_WITH_NULL_SHA,         cipher_null,    mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_RC4_128_SHA,      cipher_rc4,     mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,    mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdh_rsa, ssl_hash_none},
+    {TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdh_rsa, ssl_hash_none},
+
+    {TLS_ECDHE_RSA_WITH_NULL_SHA,         cipher_null,    mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_RC4_128_SHA,      cipher_rc4,     mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, cipher_3des,    mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,  cipher_aes_128, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+    {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_ecdhe_rsa, ssl_hash_sha256},
+    {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,  cipher_aes_256, mac_sha, kea_ecdhe_rsa, ssl_hash_none},
+
+    {TLS_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_tls13_any, ssl_hash_sha256},
+    {TLS_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_tls13_any, ssl_hash_sha256},
+    {TLS_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_tls13_any, ssl_hash_sha384},
+};
+/* clang-format on */
+
+static const CK_MECHANISM_TYPE auth_alg_defs[] = {
+    CKM_INVALID_MECHANISM, /* ssl_auth_null */
+    CKM_RSA_PKCS,          /* ssl_auth_rsa_decrypt */
+    CKM_DSA, /* ? _SHA1 */ /* ssl_auth_dsa */
+    CKM_INVALID_MECHANISM, /* ssl_auth_kea (unused) */
+    CKM_ECDSA,             /* ssl_auth_ecdsa */
+    CKM_ECDH1_DERIVE,      /* ssl_auth_ecdh_rsa */
+    CKM_ECDH1_DERIVE,      /* ssl_auth_ecdh_ecdsa */
+    CKM_RSA_PKCS,          /* ssl_auth_rsa_sign */
+    CKM_RSA_PKCS_PSS,      /* ssl_auth_rsa_pss */
+    CKM_NSS_HKDF_SHA256,   /* ssl_auth_psk (just check for HKDF) */
+    CKM_INVALID_MECHANISM  /* ssl_auth_tls13_any */
+};
+PR_STATIC_ASSERT(PR_ARRAY_SIZE(auth_alg_defs) == ssl_auth_size);
+
+static const CK_MECHANISM_TYPE kea_alg_defs[] = {
+    CKM_INVALID_MECHANISM, /* ssl_kea_null */
+    CKM_RSA_PKCS,          /* ssl_kea_rsa */
+    CKM_DH_PKCS_DERIVE,    /* ssl_kea_dh */
+    CKM_INVALID_MECHANISM, /* ssl_kea_fortezza (unused) */
+    CKM_ECDH1_DERIVE,      /* ssl_kea_ecdh */
+    CKM_ECDH1_DERIVE,      /* ssl_kea_ecdh_psk */
+    CKM_DH_PKCS_DERIVE,    /* ssl_kea_dh_psk */
+    CKM_INVALID_MECHANISM, /* ssl_kea_tls13_any */
+};
+PR_STATIC_ASSERT(PR_ARRAY_SIZE(kea_alg_defs) == ssl_kea_size);
+
+typedef struct SSLCipher2MechStr {
+    SSLCipherAlgorithm calg;
+    CK_MECHANISM_TYPE cmech;
+} SSLCipher2Mech;
+
+/* indexed by type SSLCipherAlgorithm */
+static const SSLCipher2Mech alg2Mech[] = {
+    /* calg,          cmech  */
+    { calg_null, (CK_MECHANISM_TYPE)0x80000000L },
+    { calg_rc4, CKM_RC4 },
+    { calg_rc2, CKM_RC2_CBC },
+    { calg_des, CKM_DES_CBC },
+    { calg_3des, CKM_DES3_CBC },
+    { calg_idea, CKM_IDEA_CBC },
+    { calg_fortezza, CKM_SKIPJACK_CBC64 },
+    { calg_aes, CKM_AES_CBC },
+    { calg_camellia, CKM_CAMELLIA_CBC },
+    { calg_seed, CKM_SEED_CBC },
+    { calg_aes_gcm, CKM_AES_GCM },
+    { calg_chacha20, CKM_NSS_CHACHA20_POLY1305 },
+    /*  { calg_init     , (CK_MECHANISM_TYPE)0x7fffffffL    }  */
+};
+
+#define mmech_invalid (CK_MECHANISM_TYPE)0x80000000L
+#define mmech_md5 CKM_SSL3_MD5_MAC
+#define mmech_sha CKM_SSL3_SHA1_MAC
+#define mmech_md5_hmac CKM_MD5_HMAC
+#define mmech_sha_hmac CKM_SHA_1_HMAC
+#define mmech_sha256_hmac CKM_SHA256_HMAC
+#define mmech_sha384_hmac CKM_SHA384_HMAC
+
+/* clang-format off */
+static const ssl3MACDef mac_defs[] = { /* indexed by SSL3MACAlgorithm */
+    /* pad_size is only used for SSL 3.0 MAC. See RFC 6101 Sec. 5.2.3.1. */
+    /* mac      mmech       pad_size  mac_size                       */
+    { mac_null, mmech_invalid,    0,  0         ,  0},
+    { mac_md5,  mmech_md5,       48,  MD5_LENGTH,  SEC_OID_HMAC_MD5 },
+    { mac_sha,  mmech_sha,       40,  SHA1_LENGTH, SEC_OID_HMAC_SHA1},
+    {hmac_md5,  mmech_md5_hmac,   0,  MD5_LENGTH,  SEC_OID_HMAC_MD5},
+    {hmac_sha,  mmech_sha_hmac,   0,  SHA1_LENGTH, SEC_OID_HMAC_SHA1},
+    {hmac_sha256, mmech_sha256_hmac, 0, SHA256_LENGTH, SEC_OID_HMAC_SHA256},
+    { mac_aead, mmech_invalid,    0,  0, 0 },
+    {hmac_sha384, mmech_sha384_hmac, 0, SHA384_LENGTH, SEC_OID_HMAC_SHA384}
+};
+/* clang-format on */
+
+const PRUint8 tls13_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
+                                           0x47, 0x52, 0x44, 0x01 };
+const PRUint8 tls12_downgrade_random[] = { 0x44, 0x4F, 0x57, 0x4E,
+                                           0x47, 0x52, 0x44, 0x00 };
+PR_STATIC_ASSERT(sizeof(tls13_downgrade_random) ==
+                 sizeof(tls13_downgrade_random));
+
+/* The ECCWrappedKeyInfo structure defines how various pieces of
+ * information are laid out within wrappedSymmetricWrappingkey
+ * for ECDH key exchange. Since wrappedSymmetricWrappingkey is
+ * a 512-byte buffer (see sslimpl.h), the variable length field
+ * in ECCWrappedKeyInfo can be at most (512 - 8) = 504 bytes.
+ *
+ * XXX For now, NSS only supports named elliptic curves of size 571 bits
+ * or smaller. The public value will fit within 145 bytes and EC params
+ * will fit within 12 bytes. We'll need to revisit this when NSS
+ * supports arbitrary curves.
+ */
+#define MAX_EC_WRAPPED_KEY_BUFLEN 504
+
+typedef struct ECCWrappedKeyInfoStr {
+    PRUint16 size;                          /* EC public key size in bits */
+    PRUint16 encodedParamLen;               /* length (in bytes) of DER encoded EC params */
+    PRUint16 pubValueLen;                   /* length (in bytes) of EC public value */
+    PRUint16 wrappedKeyLen;                 /* length (in bytes) of the wrapped key */
+    PRUint8 var[MAX_EC_WRAPPED_KEY_BUFLEN]; /* this buffer contains the */
+    /* EC public-key params, the EC public value and the wrapped key  */
+} ECCWrappedKeyInfo;
+
+CK_MECHANISM_TYPE
+ssl3_Alg2Mech(SSLCipherAlgorithm calg)
+{
+    PORT_Assert(alg2Mech[calg].calg == calg);
+    return alg2Mech[calg].cmech;
+}
+
+#if defined(TRACE)
+
+static char *
+ssl3_DecodeHandshakeType(int msgType)
+{
+    char *rv;
+    static char line[40];
+
+    switch (msgType) {
+        case hello_request:
+            rv = "hello_request (0)";
+            break;
+        case client_hello:
+            rv = "client_hello  (1)";
+            break;
+        case server_hello:
+            rv = "server_hello  (2)";
+            break;
+        case hello_verify_request:
+            rv = "hello_verify_request (3)";
+            break;
+        case new_session_ticket:
+            rv = "session_ticket (4)";
+            break;
+        case hello_retry_request:
+            rv = "hello_retry_request (6)";
+            break;
+        case encrypted_extensions:
+            rv = "encrypted_extensions (8)";
+            break;
+        case certificate:
+            rv = "certificate  (11)";
+            break;
+        case server_key_exchange:
+            rv = "server_key_exchange (12)";
+            break;
+        case certificate_request:
+            rv = "certificate_request (13)";
+            break;
+        case server_hello_done:
+            rv = "server_hello_done   (14)";
+            break;
+        case certificate_verify:
+            rv = "certificate_verify  (15)";
+            break;
+        case client_key_exchange:
+            rv = "client_key_exchange (16)";
+            break;
+        case finished:
+            rv = "finished     (20)";
+            break;
+        default:
+            sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType);
+            rv = line;
+    }
+    return rv;
+}
+
+static char *
+ssl3_DecodeContentType(int msgType)
+{
+    char *rv;
+    static char line[40];
+
+    switch (msgType) {
+        case content_change_cipher_spec:
+            rv = "change_cipher_spec (20)";
+            break;
+        case content_alert:
+            rv = "alert      (21)";
+            break;
+        case content_handshake:
+            rv = "handshake  (22)";
+            break;
+        case content_application_data:
+            rv = "application_data (23)";
+            break;
+        default:
+            sprintf(line, "*UNKNOWN* record type! (%d)", msgType);
+            rv = line;
+    }
+    return rv;
+}
+
+#endif
+
+SSL3Statistics *
+SSL_GetStatistics(void)
+{
+    return &ssl3stats;
+}
+
+typedef struct tooLongStr {
+#if defined(IS_LITTLE_ENDIAN)
+    PRInt32 low;
+    PRInt32 high;
+#else
+    PRInt32 high;
+    PRInt32 low;
+#endif
+} tooLong;
+
+void
+SSL_AtomicIncrementLong(long *x)
+{
+    if ((sizeof *x) == sizeof(PRInt32)) {
+        PR_ATOMIC_INCREMENT((PRInt32 *)x);
+    } else {
+        tooLong *tl = (tooLong *)x;
+        if (PR_ATOMIC_INCREMENT(&tl->low) == 0)
+            PR_ATOMIC_INCREMENT(&tl->high);
+    }
+}
+
+static PRBool
+ssl3_CipherSuiteAllowedForVersionRange(
+    ssl3CipherSuite cipherSuite,
+    const SSLVersionRange *vrange)
+{
+    switch (cipherSuite) {
+        case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
+        case TLS_RSA_WITH_AES_256_CBC_SHA256:
+        case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
+        case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
+        case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
+        case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
+        case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
+        case TLS_RSA_WITH_AES_128_CBC_SHA256:
+        case TLS_RSA_WITH_AES_128_GCM_SHA256:
+        case TLS_RSA_WITH_AES_256_GCM_SHA384:
+        case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
+        case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
+        case TLS_RSA_WITH_NULL_SHA256:
+        case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
+        case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
+        case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
+        case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+        case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+        case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
+        case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
+        case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
+        case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:
+        case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+        case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256:
+            return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2 &&
+                   vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
+
+        /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and
+         * point formats.*/
+        case TLS_ECDH_ECDSA_WITH_NULL_SHA:
+        case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+        case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+        case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+        case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+        case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+        case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+        case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+        case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+        case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+        case TLS_ECDH_RSA_WITH_NULL_SHA:
+        case TLS_ECDH_RSA_WITH_RC4_128_SHA:
+        case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+        case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+        case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+        case TLS_ECDHE_RSA_WITH_NULL_SHA:
+        case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+        case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+        case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+        case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+            return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_0 &&
+                   vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
+
+        case TLS_AES_128_GCM_SHA256:
+        case TLS_AES_256_GCM_SHA384:
+        case TLS_CHACHA20_POLY1305_SHA256:
+            return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3;
+
+        default:
+            return vrange->min < SSL_LIBRARY_VERSION_TLS_1_3;
+    }
+}
+
+/* return pointer to ssl3CipherSuiteDef for suite, or NULL */
+/* XXX This does a linear search.  A binary search would be better. */
+const ssl3CipherSuiteDef *
+ssl_LookupCipherSuiteDef(ssl3CipherSuite suite)
+{
+    int cipher_suite_def_len =
+        sizeof(cipher_suite_defs) / sizeof(cipher_suite_defs[0]);
+    int i;
+
+    for (i = 0; i < cipher_suite_def_len; i++) {
+        if (cipher_suite_defs[i].cipher_suite == suite)
+            return &cipher_suite_defs[i];
+    }
+    PORT_Assert(PR_FALSE); /* We should never get here. */
+    PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
+    return NULL;
+}
+
+/* Find the cipher configuration struct associate with suite */
+/* XXX This does a linear search.  A binary search would be better. */
+static ssl3CipherSuiteCfg *
+ssl_LookupCipherSuiteCfgMutable(ssl3CipherSuite suite,
+                                ssl3CipherSuiteCfg *suites)
+{
+    int i;
+
+    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
+        if (suites[i].cipher_suite == suite)
+            return &suites[i];
+    }
+    /* return NULL and let the caller handle it.  */
+    PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
+    return NULL;
+}
+
+const static ssl3CipherSuiteCfg *
+ssl_LookupCipherSuiteCfg(ssl3CipherSuite suite, const ssl3CipherSuiteCfg *suites)
+{
+    return ssl_LookupCipherSuiteCfgMutable(suite,
+                                           CONST_CAST(ssl3CipherSuiteCfg, suites));
+}
+
+static PRBool
+ssl_NamedGroupTypeEnabled(const sslSocket *ss, SSLKEAType keaType)
+{
+    unsigned int i;
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        if (ss->namedGroupPreferences[i] &&
+            ss->namedGroupPreferences[i]->keaType == keaType) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+static PRBool
+ssl_KEAEnabled(const sslSocket *ss, SSLKEAType keaType)
+{
+    switch (keaType) {
+        case ssl_kea_rsa:
+            return PR_TRUE;
+
+        case ssl_kea_dh:
+        case ssl_kea_dh_psk: {
+            if (ss->sec.isServer && !ss->opt.enableServerDhe) {
+                return PR_FALSE;
+            }
+
+            if (ss->sec.isServer) {
+                /* If the server requires named FFDHE groups, then the client
+                 * must have included an FFDHE group. peerSupportsFfdheGroups
+                 * is set to true in ssl_HandleSupportedGroupsXtn(). */
+                if (ss->opt.requireDHENamedGroups &&
+                    !ss->xtnData.peerSupportsFfdheGroups) {
+                    return PR_FALSE;
+                }
+
+                /* We can use the weak DH group if all of these are true:
+                 * 1. We don't require named groups.
+                 * 2. The peer doesn't support named groups.
+                 * 3. This isn't TLS 1.3.
+                 * 4. The weak group is enabled. */
+                if (!ss->opt.requireDHENamedGroups &&
+                    !ss->xtnData.peerSupportsFfdheGroups &&
+                    ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
+                    ss->ssl3.dheWeakGroupEnabled) {
+                    return PR_TRUE;
+                }
+            } else {
+                if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
+                    !ss->opt.requireDHENamedGroups) {
+                    /* The client enables DHE cipher suites even if no DHE groups
+                     * are enabled. Only if this isn't TLS 1.3 and named groups
+                     * are not required. */
+                    return PR_TRUE;
+                }
+            }
+            return ssl_NamedGroupTypeEnabled(ss, ssl_kea_dh);
+        }
+
+        case ssl_kea_ecdh:
+        case ssl_kea_ecdh_psk:
+            return ssl_NamedGroupTypeEnabled(ss, ssl_kea_ecdh);
+
+        case ssl_kea_tls13_any:
+            return PR_TRUE;
+
+        case ssl_kea_fortezza:
+        default:
+            PORT_Assert(0);
+    }
+    return PR_FALSE;
+}
+
+static PRBool
+ssl_HasCert(const sslSocket *ss, SSLAuthType authType)
+{
+    PRCList *cursor;
+    if (authType == ssl_auth_null || authType == ssl_auth_psk || authType == ssl_auth_tls13_any) {
+        return PR_TRUE;
+    }
+    for (cursor = PR_NEXT_LINK(&ss->serverCerts);
+         cursor != &ss->serverCerts;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslServerCert *cert = (sslServerCert *)cursor;
+        if (!cert->serverKeyPair ||
+            !cert->serverKeyPair->privKey ||
+            !cert->serverCertChain ||
+            !SSL_CERT_IS(cert, authType)) {
+            continue;
+        }
+        /* When called from ssl3_config_match_init(), all the EC curves will be
+         * enabled, so this will essentially do nothing (unless we implement
+         * curve configuration).  However, once we have seen the
+         * supported_groups extension and this is called from config_match(),
+         * this will filter out certificates with an unsupported curve. */
+        if ((authType == ssl_auth_ecdsa ||
+             authType == ssl_auth_ecdh_ecdsa ||
+             authType == ssl_auth_ecdh_rsa) &&
+            !ssl_NamedGroupEnabled(ss, cert->namedCurve)) {
+            continue;
+        }
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+const ssl3BulkCipherDef *
+ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def)
+{
+    PORT_Assert(cipher_def->bulk_cipher_alg < PR_ARRAY_SIZE(bulk_cipher_defs));
+    PORT_Assert(bulk_cipher_defs[cipher_def->bulk_cipher_alg].cipher == cipher_def->bulk_cipher_alg);
+    return &bulk_cipher_defs[cipher_def->bulk_cipher_alg];
+}
+
+/* Initialize the suite->isPresent value for config_match
+ * Returns count of enabled ciphers supported by extant tokens,
+ * regardless of policy or user preference.
+ * If this returns zero, the user cannot do SSL v3.
+ */
+int
+ssl3_config_match_init(sslSocket *ss)
+{
+    ssl3CipherSuiteCfg *suite;
+    const ssl3CipherSuiteDef *cipher_def;
+    SSLCipherAlgorithm cipher_alg;
+    CK_MECHANISM_TYPE cipher_mech;
+    SSLAuthType authType;
+    SSLKEAType keaType;
+    int i;
+    int numPresent = 0;
+    int numEnabled = 0;
+
+    PORT_Assert(ss);
+    if (!ss) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return 0;
+    }
+    if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+        return 0;
+    }
+
+    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
+        suite = &ss->cipherSuites[i];
+        if (suite->enabled) {
+            ++numEnabled;
+            /* We need the cipher defs to see if we have a token that can handle
+             * this cipher.  It isn't part of the static definition.
+             */
+            cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
+            if (!cipher_def) {
+                suite->isPresent = PR_FALSE;
+                continue;
+            }
+            cipher_alg = ssl_GetBulkCipherDef(cipher_def)->calg;
+            cipher_mech = ssl3_Alg2Mech(cipher_alg);
+
+            /* Mark the suites that are backed by real tokens, certs and keys */
+            suite->isPresent = PR_TRUE;
+
+            authType = kea_defs[cipher_def->key_exchange_alg].authKeyType;
+            if (authType != ssl_auth_null && authType != ssl_auth_tls13_any) {
+                if (ss->sec.isServer && !ssl_HasCert(ss, authType)) {
+                    suite->isPresent = PR_FALSE;
+                }
+                if (!PK11_TokenExists(auth_alg_defs[authType])) {
+                    suite->isPresent = PR_FALSE;
+                }
+            }
+
+            keaType = kea_defs[cipher_def->key_exchange_alg].exchKeyType;
+            if (keaType != ssl_kea_null &&
+                keaType != ssl_kea_tls13_any &&
+                !PK11_TokenExists(kea_alg_defs[keaType])) {
+                suite->isPresent = PR_FALSE;
+            }
+
+            if (cipher_alg != calg_null &&
+                !PK11_TokenExists(cipher_mech)) {
+                suite->isPresent = PR_FALSE;
+            }
+
+            if (suite->isPresent) {
+                ++numPresent;
+            }
+        }
+    }
+    PORT_Assert(numPresent > 0 || numEnabled == 0);
+    if (numPresent <= 0) {
+        PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED);
+    }
+    return numPresent;
+}
+
+/* Return PR_TRUE if suite is usable.  This if the suite is permitted by policy,
+ * enabled, has a certificate (as needed), has a viable key agreement method, is
+ * usable with the negotiated TLS version, and is otherwise usable. */
+static PRBool
+config_match(const ssl3CipherSuiteCfg *suite, int policy,
+             const SSLVersionRange *vrange, const sslSocket *ss)
+{
+    const ssl3CipherSuiteDef *cipher_def;
+    const ssl3KEADef *kea_def;
+
+    PORT_Assert(policy != SSL_NOT_ALLOWED);
+    if (policy == SSL_NOT_ALLOWED)
+        return PR_FALSE;
+
+    if (!suite->enabled || !suite->isPresent)
+        return PR_FALSE;
+
+    if ((suite->policy == SSL_NOT_ALLOWED) ||
+        (suite->policy > policy))
+        return PR_FALSE;
+
+    PORT_Assert(ss != NULL);
+    cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite);
+    PORT_Assert(cipher_def != NULL);
+    kea_def = &kea_defs[cipher_def->key_exchange_alg];
+    PORT_Assert(kea_def != NULL);
+    if (!ssl_KEAEnabled(ss, kea_def->exchKeyType)) {
+        return PR_FALSE;
+    }
+
+    if (ss->sec.isServer && !ssl_HasCert(ss, kea_def->authKeyType)) {
+        return PR_FALSE;
+    }
+
+    return ssl3_CipherSuiteAllowedForVersionRange(suite->cipher_suite, vrange);
+}
+
+/* Return the number of cipher suites that are usable. */
+/* called from ssl3_SendClientHello */
+static int
+count_cipher_suites(sslSocket *ss, int policy)
+{
+    int i, count = 0;
+
+    if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+        return 0;
+    }
+    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
+        if (config_match(&ss->cipherSuites[i], policy, &ss->vrange, ss))
+            count++;
+    }
+    if (count <= 0) {
+        PORT_SetError(SSL_ERROR_SSL_DISABLED);
+    }
+    return count;
+}
+
+/*
+ * Null compression, mac and encryption functions
+ */
+static SECStatus
+Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen,
+            const unsigned char *input, int inputLen)
+{
+    if (inputLen > maxOutputLen) {
+        *outputLen = 0; /* Match PK11_CipherOp in setting outputLen */
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    *outputLen = inputLen;
+    if (inputLen > 0 && input != output) {
+        PORT_Memcpy(output, input, inputLen);
+    }
+    return SECSuccess;
+}
+
+/*
+ * SSL3 Utility functions
+ */
+
+/* allowLargerPeerVersion controls whether the function will select the
+ * highest enabled SSL version or fail when peerVersion is greater than the
+ * highest enabled version.
+ *
+ * If allowLargerPeerVersion is true, peerVersion is the peer's highest
+ * enabled version rather than the peer's selected version.
+ */
+SECStatus
+ssl3_NegotiateVersion(sslSocket *ss, SSL3ProtocolVersion peerVersion,
+                      PRBool allowLargerPeerVersion)
+{
+    if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+        PORT_SetError(SSL_ERROR_SSL_DISABLED);
+        return SECFailure;
+    }
+
+    if (peerVersion < ss->vrange.min ||
+        (peerVersion > ss->vrange.max && !allowLargerPeerVersion)) {
+        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
+        return SECFailure;
+    }
+
+    ss->version = PR_MIN(peerVersion, ss->vrange.max);
+    PORT_Assert(ssl3_VersionIsSupported(ss->protocolVariant, ss->version));
+
+    return SECSuccess;
+}
+
+/* Used by the client when the server produces a version number.
+ * This reads, validates, and normalizes the value. */
+SECStatus
+ssl_ClientReadVersion(sslSocket *ss, SSL3Opaque **b, unsigned int *len,
+                      SSL3ProtocolVersion *version)
+{
+    SSL3ProtocolVersion v;
+    PRUint32 temp;
+    SECStatus rv;
+
+    rv = ssl3_ConsumeHandshakeNumber(ss, &temp, 2, b, len);
+    if (rv != SECSuccess) {
+        return SECFailure; /* alert has been sent */
+    }
+
+#ifdef TLS_1_3_DRAFT_VERSION
+    if (temp == SSL_LIBRARY_VERSION_TLS_1_3) {
+        (void)SSL3_SendAlert(ss, alert_fatal, protocol_version);
+        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
+        return SECFailure;
+    }
+    if (temp == tls13_EncodeDraftVersion(SSL_LIBRARY_VERSION_TLS_1_3)) {
+        v = SSL_LIBRARY_VERSION_TLS_1_3;
+    } else {
+        v = (SSL3ProtocolVersion)temp;
+    }
+#else
+    v = (SSL3ProtocolVersion)temp;
+#endif
+
+    if (IS_DTLS(ss)) {
+        /* If this fails, we get 0 back and the next check to fails. */
+        v = dtls_DTLSVersionToTLSVersion(v);
+    }
+
+    PORT_Assert(!SSL_ALL_VERSIONS_DISABLED(&ss->vrange));
+    if (ss->vrange.min > v || ss->vrange.max < v) {
+        (void)SSL3_SendAlert(ss, alert_fatal,
+                             (v > SSL_LIBRARY_VERSION_3_0) ? protocol_version
+                                                           : handshake_failure);
+        PORT_SetError(SSL_ERROR_UNSUPPORTED_VERSION);
+        return SECFailure;
+    }
+    *version = v;
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_GetNewRandom(SSL3Random *random)
+{
+    SECStatus rv;
+
+    rv = PK11_GenerateRandom(random->rand, SSL3_RANDOM_LENGTH);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
+    }
+    return rv;
+}
+
+/* Called by ssl3_SendServerKeyExchange and ssl3_SendCertificateVerify */
+SECStatus
+ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash, SECKEYPrivateKey *key,
+                SECItem *buf)
+{
+    SECStatus rv = SECFailure;
+    PRBool doDerEncode = PR_FALSE;
+    PRBool isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+    PRBool useRsaPss = ssl_IsRsaPssSignatureScheme(ss->ssl3.hs.signatureScheme);
+    SECItem hashItem;
+
+    buf->data = NULL;
+
+    switch (SECKEY_GetPrivateKeyType(key)) {
+        case rsaKey:
+            hashItem.data = hash->u.raw;
+            hashItem.len = hash->len;
+            break;
+        case dsaKey:
+            doDerEncode = isTLS;
+            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
+             * In that case, we use just the SHA1 part. */
+            if (hash->hashAlg == ssl_hash_none) {
+                hashItem.data = hash->u.s.sha;
+                hashItem.len = sizeof(hash->u.s.sha);
+            } else {
+                hashItem.data = hash->u.raw;
+                hashItem.len = hash->len;
+            }
+            break;
+        case ecKey:
+            doDerEncode = PR_TRUE;
+            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
+             * In that case, we use just the SHA1 part. */
+            if (hash->hashAlg == ssl_hash_none) {
+                hashItem.data = hash->u.s.sha;
+                hashItem.len = sizeof(hash->u.s.sha);
+            } else {
+                hashItem.data = hash->u.raw;
+                hashItem.len = hash->len;
+            }
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_KEY);
+            goto done;
+    }
+    PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
+
+    if (useRsaPss || hash->hashAlg == ssl_hash_none) {
+        CK_MECHANISM_TYPE mech = PK11_MapSignKeyType(key->keyType);
+        int signatureLen = PK11_SignatureLen(key);
+
+        SECItem *params = NULL;
+        CK_RSA_PKCS_PSS_PARAMS pssParams;
+        SECItem pssParamsItem = { siBuffer,
+                                  (unsigned char *)&pssParams,
+                                  sizeof(pssParams) };
+
+        if (signatureLen <= 0) {
+            PORT_SetError(SEC_ERROR_INVALID_KEY);
+            goto done;
+        }
+
+        buf->len = (unsigned)signatureLen;
+        buf->data = (unsigned char *)PORT_Alloc(signatureLen);
+        if (!buf->data)
+            goto done; /* error code was set. */
+
+        if (useRsaPss) {
+            pssParams.hashAlg = ssl3_GetHashMechanismByHashType(hash->hashAlg);
+            pssParams.mgf = ssl3_GetMgfMechanismByHashType(hash->hashAlg);
+            pssParams.sLen = hashItem.len;
+            params = &pssParamsItem;
+            mech = CKM_RSA_PKCS_PSS;
+        }
+
+        rv = PK11_SignWithMechanism(key, mech, params, buf, &hashItem);
+    } else {
+        SECOidTag hashOID = ssl3_HashTypeToOID(hash->hashAlg);
+        rv = SGN_Digest(key, hashOID, buf, &hashItem);
+    }
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
+    } else if (doDerEncode) {
+        SECItem derSig = { siBuffer, NULL, 0 };
+
+        /* This also works for an ECDSA signature */
+        rv = DSAU_EncodeDerSigWithLen(&derSig, buf, buf->len);
+        if (rv == SECSuccess) {
+            PORT_Free(buf->data); /* discard unencoded signature. */
+            *buf = derSig;        /* give caller encoded signature. */
+        } else if (derSig.data) {
+            PORT_Free(derSig.data);
+        }
+    }
+
+    if (ss->sec.isServer) {
+        ss->sec.signatureScheme = ss->ssl3.hs.signatureScheme;
+    }
+    PRINT_BUF(60, (NULL, "signed hashes", (unsigned char *)buf->data, buf->len));
+done:
+    if (rv != SECSuccess && buf->data) {
+        PORT_Free(buf->data);
+        buf->data = NULL;
+    }
+    return rv;
+}
+
+/* Called from ssl3_HandleServerKeyExchange, ssl3_HandleCertificateVerify */
+SECStatus
+ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme, SSL3Hashes *hash,
+                        SECItem *buf)
+{
+    SECKEYPublicKey *key;
+    SECItem *signature = NULL;
+    SECStatus rv = SECFailure;
+    SECItem hashItem;
+    SECOidTag encAlg;
+    SECOidTag hashAlg;
+    void *pwArg = ss->pkcs11PinArg;
+    PRBool isRsaPssScheme = ssl_IsRsaPssSignatureScheme(scheme);
+
+    PRINT_BUF(60, (NULL, "check signed hashes",
+                   buf->data, buf->len));
+
+    key = CERT_ExtractPublicKey(ss->sec.peerCert);
+    if (key == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
+        return SECFailure;
+    }
+
+    hashAlg = ssl3_HashTypeToOID(hash->hashAlg);
+    switch (SECKEY_GetPublicKeyType(key)) {
+        case rsaKey:
+            encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION;
+            hashItem.data = hash->u.raw;
+            hashItem.len = hash->len;
+            if (scheme == ssl_sig_none) {
+                scheme = ssl_sig_rsa_pkcs1_sha1md5;
+            }
+            break;
+        case dsaKey:
+            encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE;
+            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
+             * In that case, we use just the SHA1 part. */
+            if (hash->hashAlg == ssl_hash_none) {
+                hashItem.data = hash->u.s.sha;
+                hashItem.len = sizeof(hash->u.s.sha);
+            } else {
+                hashItem.data = hash->u.raw;
+                hashItem.len = hash->len;
+            }
+            /* Allow DER encoded DSA signatures in SSL 3.0 */
+            if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0 ||
+                buf->len != SECKEY_SignatureLen(key)) {
+                signature = DSAU_DecodeDerSigToLen(buf, SECKEY_SignatureLen(key));
+                if (!signature) {
+                    PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+                    goto loser;
+                }
+                buf = signature;
+            }
+            if (scheme == ssl_sig_none) {
+                scheme = ssl_sig_dsa_sha1;
+            }
+            break;
+
+        case ecKey:
+            encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+            /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash.
+             * In that case, we use just the SHA1 part.
+             * ECDSA signatures always encode the integers r and s using ASN.1
+             * (unlike DSA where ASN.1 encoding is used with TLS but not with
+             * SSL3). So we can use VFY_VerifyDigestDirect for ECDSA.
+             */
+            if (hash->hashAlg == ssl_hash_none) {
+                hashAlg = SEC_OID_SHA1;
+                hashItem.data = hash->u.s.sha;
+                hashItem.len = sizeof(hash->u.s.sha);
+            } else {
+                hashItem.data = hash->u.raw;
+                hashItem.len = hash->len;
+            }
+            if (scheme == ssl_sig_none) {
+                scheme = ssl_sig_ecdsa_sha1;
+            }
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+            goto loser;
+    }
+
+    PRINT_BUF(60, (NULL, "hash(es) to be verified",
+                   hashItem.data, hashItem.len));
+
+    if (isRsaPssScheme ||
+        hashAlg == SEC_OID_UNKNOWN ||
+        SECKEY_GetPublicKeyType(key) == dsaKey) {
+        /* VFY_VerifyDigestDirect requires DSA signatures to be DER-encoded.
+         * DSA signatures are DER-encoded in TLS but not in SSL3 and the code
+         * above always removes the DER encoding of DSA signatures when
+         * present. Thus DSA signatures are always verified with PK11_Verify.
+         */
+        CK_MECHANISM_TYPE mech = PK11_MapSignKeyType(key->keyType);
+
+        SECItem *params = NULL;
+        CK_RSA_PKCS_PSS_PARAMS pssParams;
+        SECItem pssParamsItem = { siBuffer,
+                                  (unsigned char *)&pssParams,
+                                  sizeof(pssParams) };
+
+        if (isRsaPssScheme) {
+            pssParams.hashAlg = ssl3_GetHashMechanismByHashType(hash->hashAlg);
+            pssParams.mgf = ssl3_GetMgfMechanismByHashType(hash->hashAlg);
+            pssParams.sLen = hashItem.len;
+            params = &pssParamsItem;
+            mech = CKM_RSA_PKCS_PSS;
+        }
+
+        rv = PK11_VerifyWithMechanism(key, mech, params, buf, &hashItem, pwArg);
+    } else {
+        rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg,
+                                    pwArg);
+    }
+    if (signature) {
+        SECITEM_FreeItem(signature, PR_TRUE);
+    }
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+    }
+    if (!ss->sec.isServer) {
+        ss->sec.signatureScheme = scheme;
+    }
+
+loser:
+    SECKEY_DestroyPublicKey(key);
+#ifdef UNSAFE_FUZZER_MODE
+    rv = SECSuccess;
+    PORT_SetError(0);
+#endif
+    return rv;
+}
+
+/* Caller must set hiLevel error code. */
+/* Called from ssl3_ComputeDHKeyHash
+ * which are called from ssl3_HandleServerKeyExchange.
+ *
+ * hashAlg: ssl_hash_none indicates the pre-1.2, MD5/SHA1 combination hash.
+ */
+SECStatus
+ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
+                          PRUint8 *hashBuf, unsigned int bufLen,
+                          SSL3Hashes *hashes)
+{
+    SECStatus rv;
+    SECOidTag hashOID;
+
+    if (hashAlg == ssl_hash_none) {
+        rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+            return rv;
+        }
+        rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            return rv;
+        }
+        hashes->len = MD5_LENGTH + SHA1_LENGTH;
+    } else {
+        hashOID = ssl3_HashTypeToOID(hashAlg);
+        hashes->len = HASH_ResultLenByOidTag(hashOID);
+        if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) {
+            ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
+            return SECFailure;
+        }
+        rv = PK11_HashBuf(hashOID, hashes->u.raw, hashBuf, bufLen);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+            return rv;
+        }
+    }
+    hashes->hashAlg = hashAlg;
+    return SECSuccess;
+}
+
+/* Caller must set hiLevel error code. */
+/* Called from ssl3_HandleServerKeyExchange. */
+static SECStatus
+ssl3_ComputeDHKeyHash(sslSocket *ss, SSLHashType hashAlg, SSL3Hashes *hashes,
+                      SECItem dh_p, SECItem dh_g, SECItem dh_Ys, PRBool padY)
+{
+    PRUint8 *hashBuf;
+    PRUint8 *pBuf;
+    SECStatus rv = SECSuccess;
+    unsigned int bufLen, yLen;
+    PRUint8 buf[2 * SSL3_RANDOM_LENGTH + 2 + 4096 / 8 + 2 + 4096 / 8];
+
+    PORT_Assert(dh_p.data);
+    PORT_Assert(dh_g.data);
+    PORT_Assert(dh_Ys.data);
+
+    yLen = padY ? dh_p.len : dh_Ys.len;
+    bufLen = 2 * SSL3_RANDOM_LENGTH +
+             2 + dh_p.len +
+             2 + dh_g.len +
+             2 + yLen;
+    if (bufLen <= sizeof buf) {
+        hashBuf = buf;
+    } else {
+        hashBuf = PORT_Alloc(bufLen);
+        if (!hashBuf) {
+            return SECFailure;
+        }
+    }
+
+    memcpy(hashBuf, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH);
+    pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+    memcpy(pBuf, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
+    pBuf += SSL3_RANDOM_LENGTH;
+    pBuf = ssl_EncodeUintX(dh_p.len, 2, pBuf);
+    memcpy(pBuf, dh_p.data, dh_p.len);
+    pBuf += dh_p.len;
+    pBuf = ssl_EncodeUintX(dh_g.len, 2, pBuf);
+    memcpy(pBuf, dh_g.data, dh_g.len);
+    pBuf += dh_g.len;
+    pBuf = ssl_EncodeUintX(yLen, 2, pBuf);
+    if (padY && dh_p.len > dh_Ys.len) {
+        memset(pBuf, 0, dh_p.len - dh_Ys.len);
+        pBuf += dh_p.len - dh_Ys.len;
+    }
+    /* If we're padding Y, dh_Ys can't be longer than dh_p. */
+    PORT_Assert(!padY || dh_p.len >= dh_Ys.len);
+    memcpy(pBuf, dh_Ys.data, dh_Ys.len);
+    pBuf += dh_Ys.len;
+    PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
+
+    rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes);
+
+    PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen));
+    if (rv == SECSuccess) {
+        if (hashAlg == ssl_hash_none) {
+            PRINT_BUF(95, (NULL, "DHkey hash: MD5 result",
+                           hashes->u.s.md5, MD5_LENGTH));
+            PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result",
+                           hashes->u.s.sha, SHA1_LENGTH));
+        } else {
+            PRINT_BUF(95, (NULL, "DHkey hash: result",
+                           hashes->u.raw, hashes->len));
+        }
+    }
+
+    if (hashBuf != buf && hashBuf != NULL)
+        PORT_Free(hashBuf);
+    return rv;
+}
+
+/* Called twice, only from ssl3_DestroyCipherSpec (immediately below). */
+static void
+ssl3_CleanupKeyMaterial(ssl3KeyMaterial *mat)
+{
+    if (mat->write_key != NULL) {
+        PK11_FreeSymKey(mat->write_key);
+        mat->write_key = NULL;
+    }
+    if (mat->write_mac_key != NULL) {
+        PK11_FreeSymKey(mat->write_mac_key);
+        mat->write_mac_key = NULL;
+    }
+    if (mat->write_mac_context != NULL) {
+        PK11_DestroyContext(mat->write_mac_context, PR_TRUE);
+        mat->write_mac_context = NULL;
+    }
+}
+
+/* Called from ssl3_SendChangeCipherSpecs() and
+**         ssl3_HandleChangeCipherSpecs()
+**             ssl3_DestroySSL3Info
+** Caller must hold SpecWriteLock.
+*/
+void
+ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName)
+{
+    /*  PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); Don't have ss! */
+    if (spec->encodeContext) {
+        PK11_DestroyContext(spec->encodeContext, PR_TRUE);
+        spec->encodeContext = NULL;
+    }
+    if (spec->decodeContext) {
+        PK11_DestroyContext(spec->decodeContext, PR_TRUE);
+        spec->decodeContext = NULL;
+    }
+    if (spec->destroyCompressContext && spec->compressContext) {
+        spec->destroyCompressContext(spec->compressContext, 1);
+        spec->compressContext = NULL;
+    }
+    if (spec->destroyDecompressContext && spec->decompressContext) {
+        spec->destroyDecompressContext(spec->decompressContext, 1);
+        spec->decompressContext = NULL;
+    }
+    if (spec->master_secret != NULL) {
+        PK11_FreeSymKey(spec->master_secret);
+        spec->master_secret = NULL;
+    }
+    spec->msItem.data = NULL;
+    spec->msItem.len = 0;
+    ssl3_CleanupKeyMaterial(&spec->client);
+    ssl3_CleanupKeyMaterial(&spec->server);
+    spec->destroyCompressContext = NULL;
+    spec->destroyDecompressContext = NULL;
+}
+
+/* Fill in the pending cipher spec with info from the selected ciphersuite.
+** This is as much initialization as we can do without having key material.
+** Called from ssl3_HandleServerHello(), ssl3_SendServerHello()
+** Caller must hold the ssl3 handshake lock.
+** Acquires & releases SpecWriteLock.
+*/
+SECStatus
+ssl3_SetupPendingCipherSpec(sslSocket *ss)
+{
+    ssl3CipherSpec *pwSpec;
+    ssl3CipherSpec *cwSpec;
+    ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
+    SSL3MACAlgorithm mac;
+    SSL3KeyExchangeAlgorithm kea;
+    const ssl3CipherSuiteDef *suite_def;
+    PRBool isTLS;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
+
+    ssl_GetSpecWriteLock(ss); /*******************************/
+
+    pwSpec = ss->ssl3.pwSpec;
+    PORT_Assert(pwSpec == ss->ssl3.prSpec);
+
+    /* This hack provides maximal interoperability with SSL 3 servers. */
+    cwSpec = ss->ssl3.cwSpec;
+    if (cwSpec->mac_def->mac == mac_null) {
+        /* SSL records are not being MACed. */
+        cwSpec->version = ss->version;
+    }
+
+    pwSpec->version = ss->version;
+    isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    SSL_TRC(3, ("%d: SSL3[%d]: Set XXX Pending Cipher Suite to 0x%04x",
+                SSL_GETPID(), ss->fd, suite));
+
+    suite_def = ssl_LookupCipherSuiteDef(suite);
+    if (suite_def == NULL) {
+        ssl_ReleaseSpecWriteLock(ss);
+        return SECFailure; /* error code set by ssl_LookupCipherSuiteDef */
+    }
+
+    if (IS_DTLS(ss)) {
+        /* Double-check that we did not pick an RC4 suite */
+        PORT_Assert(suite_def->bulk_cipher_alg != cipher_rc4);
+    }
+
+    kea = suite_def->key_exchange_alg;
+    mac = suite_def->mac_alg;
+    if (mac <= ssl_mac_sha && mac != ssl_mac_null && isTLS)
+        mac += 2;
+
+    ss->ssl3.hs.suite_def = suite_def;
+    ss->ssl3.hs.kea_def = &kea_defs[kea];
+    PORT_Assert(ss->ssl3.hs.kea_def->kea == kea);
+
+    pwSpec->cipher_def = ssl_GetBulkCipherDef(suite_def);
+
+    pwSpec->mac_def = &mac_defs[mac];
+    PORT_Assert(pwSpec->mac_def->mac == mac);
+
+    pwSpec->encodeContext = NULL;
+    pwSpec->decodeContext = NULL;
+
+    pwSpec->mac_size = pwSpec->mac_def->mac_size;
+
+    pwSpec->compression_method = ss->ssl3.hs.compression;
+    pwSpec->compressContext = NULL;
+    pwSpec->decompressContext = NULL;
+
+    ssl_ReleaseSpecWriteLock(ss); /*******************************/
+    return SECSuccess;
+}
+
+#ifdef NSS_SSL_ENABLE_ZLIB
+#define SSL3_DEFLATE_CONTEXT_SIZE sizeof(z_stream)
+
+static SECStatus
+ssl3_MapZlibError(int zlib_error)
+{
+    switch (zlib_error) {
+        case Z_OK:
+            return SECSuccess;
+        default:
+            return SECFailure;
+    }
+}
+
+static SECStatus
+ssl3_DeflateInit(void *void_context)
+{
+    z_stream *context = void_context;
+    context->zalloc = NULL;
+    context->zfree = NULL;
+    context->opaque = NULL;
+
+    return ssl3_MapZlibError(deflateInit(context, Z_DEFAULT_COMPRESSION));
+}
+
+static SECStatus
+ssl3_InflateInit(void *void_context)
+{
+    z_stream *context = void_context;
+    context->zalloc = NULL;
+    context->zfree = NULL;
+    context->opaque = NULL;
+    context->next_in = NULL;
+    context->avail_in = 0;
+
+    return ssl3_MapZlibError(inflateInit(context));
+}
+
+static SECStatus
+ssl3_DeflateCompress(void *void_context, unsigned char *out, int *out_len,
+                     int maxout, const unsigned char *in, int inlen)
+{
+    z_stream *context = void_context;
+
+    if (!inlen) {
+        *out_len = 0;
+        return SECSuccess;
+    }
+
+    context->next_in = (unsigned char *)in;
+    context->avail_in = inlen;
+    context->next_out = out;
+    context->avail_out = maxout;
+    if (deflate(context, Z_SYNC_FLUSH) != Z_OK) {
+        return SECFailure;
+    }
+    if (context->avail_out == 0) {
+        /* We ran out of space! */
+        SSL_TRC(3, ("%d: SSL3[%d] Ran out of buffer while compressing",
+                    SSL_GETPID()));
+        return SECFailure;
+    }
+
+    *out_len = maxout - context->avail_out;
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_DeflateDecompress(void *void_context, unsigned char *out, int *out_len,
+                       int maxout, const unsigned char *in, int inlen)
+{
+    z_stream *context = void_context;
+
+    if (!inlen) {
+        *out_len = 0;
+        return SECSuccess;
+    }
+
+    context->next_in = (unsigned char *)in;
+    context->avail_in = inlen;
+    context->next_out = out;
+    context->avail_out = maxout;
+    if (inflate(context, Z_SYNC_FLUSH) != Z_OK) {
+        PORT_SetError(SSL_ERROR_DECOMPRESSION_FAILURE);
+        return SECFailure;
+    }
+
+    *out_len = maxout - context->avail_out;
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_DestroyCompressContext(void *void_context, PRBool unused)
+{
+    deflateEnd(void_context);
+    PORT_Free(void_context);
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_DestroyDecompressContext(void *void_context, PRBool unused)
+{
+    inflateEnd(void_context);
+    PORT_Free(void_context);
+    return SECSuccess;
+}
+
+#endif /* NSS_SSL_ENABLE_ZLIB */
+
+/* Initialize the compression functions and contexts for the given
+ * CipherSpec.  */
+static SECStatus
+ssl3_InitCompressionContext(ssl3CipherSpec *pwSpec)
+{
+    /* Setup the compression functions */
+    switch (pwSpec->compression_method) {
+        case ssl_compression_null:
+            pwSpec->compressor = NULL;
+            pwSpec->decompressor = NULL;
+            pwSpec->compressContext = NULL;
+            pwSpec->decompressContext = NULL;
+            pwSpec->destroyCompressContext = NULL;
+            pwSpec->destroyDecompressContext = NULL;
+            break;
+#ifdef NSS_SSL_ENABLE_ZLIB
+        case ssl_compression_deflate:
+            pwSpec->compressor = ssl3_DeflateCompress;
+            pwSpec->decompressor = ssl3_DeflateDecompress;
+            pwSpec->compressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
+            pwSpec->decompressContext = PORT_Alloc(SSL3_DEFLATE_CONTEXT_SIZE);
+            pwSpec->destroyCompressContext = ssl3_DestroyCompressContext;
+            pwSpec->destroyDecompressContext = ssl3_DestroyDecompressContext;
+            ssl3_DeflateInit(pwSpec->compressContext);
+            ssl3_InflateInit(pwSpec->decompressContext);
+            break;
+#endif /* NSS_SSL_ENABLE_ZLIB */
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* This function should probably be moved to pk11wrap and be named
+ * PK11_ParamFromIVAndEffectiveKeyBits
+ */
+static SECItem *
+ssl3_ParamFromIV(CK_MECHANISM_TYPE mtype, SECItem *iv, CK_ULONG ulEffectiveBits)
+{
+    SECItem *param = PK11_ParamFromIV(mtype, iv);
+    if (param && param->data && param->len >= sizeof(CK_RC2_PARAMS)) {
+        switch (mtype) {
+            case CKM_RC2_KEY_GEN:
+            case CKM_RC2_ECB:
+            case CKM_RC2_CBC:
+            case CKM_RC2_MAC:
+            case CKM_RC2_MAC_GENERAL:
+            case CKM_RC2_CBC_PAD:
+                *(CK_RC2_PARAMS *)param->data = ulEffectiveBits;
+            default:
+                break;
+        }
+    }
+    return param;
+}
+
+/* ssl3_BuildRecordPseudoHeader writes the SSL/TLS pseudo-header (the data
+ * which is included in the MAC or AEAD additional data) to |out| and returns
+ * its length. See https://tools.ietf.org/html/rfc5246#section-6.2.3.3 for the
+ * definition of the AEAD additional data.
+ *
+ * TLS pseudo-header includes the record's version field, SSL's doesn't. Which
+ * pseudo-header defintiion to use should be decided based on the version of
+ * the protocol that was negotiated when the cipher spec became current, NOT
+ * based on the version value in the record itself, and the decision is passed
+ * to this function as the |includesVersion| argument. But, the |version|
+ * argument should be the record's version value.
+ */
+static unsigned int
+ssl3_BuildRecordPseudoHeader(unsigned char *out,
+                             sslSequenceNumber seq_num,
+                             SSL3ContentType type,
+                             PRBool includesVersion,
+                             SSL3ProtocolVersion version,
+                             PRBool isDTLS,
+                             int length)
+{
+    out[0] = (unsigned char)(seq_num >> 56);
+    out[1] = (unsigned char)(seq_num >> 48);
+    out[2] = (unsigned char)(seq_num >> 40);
+    out[3] = (unsigned char)(seq_num >> 32);
+    out[4] = (unsigned char)(seq_num >> 24);
+    out[5] = (unsigned char)(seq_num >> 16);
+    out[6] = (unsigned char)(seq_num >> 8);
+    out[7] = (unsigned char)(seq_num >> 0);
+    out[8] = type;
+
+    /* SSL3 MAC doesn't include the record's version field. */
+    if (!includesVersion) {
+        out[9] = MSB(length);
+        out[10] = LSB(length);
+        return 11;
+    }
+
+    /* TLS MAC and AEAD additional data include version. */
+    if (isDTLS) {
+        SSL3ProtocolVersion dtls_version;
+
+        dtls_version = dtls_TLSVersionToDTLSVersion(version);
+        out[9] = MSB(dtls_version);
+        out[10] = LSB(dtls_version);
+    } else {
+        out[9] = MSB(version);
+        out[10] = LSB(version);
+    }
+    out[11] = MSB(length);
+    out[12] = LSB(length);
+    return 13;
+}
+
+static SECStatus
+ssl3_AESGCM(ssl3KeyMaterial *keys,
+            PRBool doDecrypt,
+            unsigned char *out,
+            int *outlen,
+            int maxout,
+            const unsigned char *in,
+            int inlen,
+            const unsigned char *additionalData,
+            int additionalDataLen)
+{
+    SECItem param;
+    SECStatus rv = SECFailure;
+    unsigned char nonce[12];
+    unsigned int uOutLen;
+    CK_GCM_PARAMS gcmParams;
+
+    const int tagSize = bulk_cipher_defs[cipher_aes_128_gcm].tag_size;
+    const int explicitNonceLen =
+        bulk_cipher_defs[cipher_aes_128_gcm].explicit_nonce_size;
+
+    /* See https://tools.ietf.org/html/rfc5288#section-3 for details of how the
+     * nonce is formed. */
+    memcpy(nonce, keys->write_iv, 4);
+    if (doDecrypt) {
+        memcpy(nonce + 4, in, explicitNonceLen);
+        in += explicitNonceLen;
+        inlen -= explicitNonceLen;
+        *outlen = 0;
+    } else {
+        if (maxout < explicitNonceLen) {
+            PORT_SetError(SEC_ERROR_INPUT_LEN);
+            return SECFailure;
+        }
+        /* Use the 64-bit sequence number as the explicit nonce. */
+        memcpy(nonce + 4, additionalData, explicitNonceLen);
+        memcpy(out, additionalData, explicitNonceLen);
+        out += explicitNonceLen;
+        maxout -= explicitNonceLen;
+        *outlen = explicitNonceLen;
+    }
+
+    param.type = siBuffer;
+    param.data = (unsigned char *)&gcmParams;
+    param.len = sizeof(gcmParams);
+    gcmParams.pIv = nonce;
+    gcmParams.ulIvLen = sizeof(nonce);
+    gcmParams.pAAD = (unsigned char *)additionalData; /* const cast */
+    gcmParams.ulAADLen = additionalDataLen;
+    gcmParams.ulTagBits = tagSize * 8;
+
+    if (doDecrypt) {
+        rv = PK11_Decrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
+                          maxout, in, inlen);
+    } else {
+        rv = PK11_Encrypt(keys->write_key, CKM_AES_GCM, &param, out, &uOutLen,
+                          maxout, in, inlen);
+    }
+    *outlen += (int)uOutLen;
+
+    return rv;
+}
+
+static SECStatus
+ssl3_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt,
+                      unsigned char *out, int *outlen, int maxout,
+                      const unsigned char *in, int inlen,
+                      const unsigned char *additionalData,
+                      int additionalDataLen)
+{
+    size_t i;
+    SECItem param;
+    SECStatus rv = SECFailure;
+    unsigned int uOutLen;
+    unsigned char nonce[12];
+    CK_NSS_AEAD_PARAMS aeadParams;
+
+    const int tagSize = bulk_cipher_defs[cipher_chacha20].tag_size;
+
+    /* See
+     * https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04#section-2
+     * for details of how the nonce is formed. */
+    PORT_Memcpy(nonce, keys->write_iv, 12);
+
+    /* XOR the last 8 bytes of the IV with the sequence number. */
+    PORT_Assert(additionalDataLen >= 8);
+    for (i = 0; i < 8; ++i) {
+        nonce[4 + i] ^= additionalData[i];
+    }
+
+    param.type = siBuffer;
+    param.len = sizeof(aeadParams);
+    param.data = (unsigned char *)&aeadParams;
+    memset(&aeadParams, 0, sizeof(aeadParams));
+    aeadParams.pNonce = nonce;
+    aeadParams.ulNonceLen = sizeof(nonce);
+    aeadParams.pAAD = (unsigned char *)additionalData;
+    aeadParams.ulAADLen = additionalDataLen;
+    aeadParams.ulTagLen = tagSize;
+
+    if (doDecrypt) {
+        rv = PK11_Decrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
+                          out, &uOutLen, maxout, in, inlen);
+    } else {
+        rv = PK11_Encrypt(keys->write_key, CKM_NSS_CHACHA20_POLY1305, &param,
+                          out, &uOutLen, maxout, in, inlen);
+    }
+    *outlen = (int)uOutLen;
+
+    return rv;
+}
+
+/* Initialize encryption and MAC contexts for pending spec.
+ * Master Secret already is derived.
+ * Caller holds Spec write lock.
+ */
+static SECStatus
+ssl3_InitPendingContexts(sslSocket *ss)
+{
+    ssl3CipherSpec *pwSpec;
+    const ssl3BulkCipherDef *cipher_def;
+    PK11Context *serverContext = NULL;
+    PK11Context *clientContext = NULL;
+    SECItem *param;
+    CK_MECHANISM_TYPE mechanism;
+    CK_MECHANISM_TYPE mac_mech;
+    CK_ULONG macLength;
+    CK_ULONG effKeyBits;
+    SECItem iv;
+    SECItem mac_param;
+    SSLCipherAlgorithm calg;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+    pwSpec = ss->ssl3.pwSpec;
+    cipher_def = pwSpec->cipher_def;
+    macLength = pwSpec->mac_size;
+    calg = cipher_def->calg;
+    PORT_Assert(alg2Mech[calg].calg == calg);
+
+    pwSpec->client.write_mac_context = NULL;
+    pwSpec->server.write_mac_context = NULL;
+
+    if (cipher_def->type == type_aead) {
+        pwSpec->encode = NULL;
+        pwSpec->decode = NULL;
+        pwSpec->encodeContext = NULL;
+        pwSpec->decodeContext = NULL;
+        switch (calg) {
+            case calg_aes_gcm:
+                pwSpec->aead = ssl3_AESGCM;
+                break;
+            case calg_chacha20:
+                pwSpec->aead = ssl3_ChaCha20Poly1305;
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                return SECFailure;
+        }
+        return SECSuccess;
+    }
+
+    /*
+    ** Now setup the MAC contexts,
+    **   crypto contexts are setup below.
+    */
+
+    mac_mech = pwSpec->mac_def->mmech;
+    mac_param.data = (unsigned char *)&macLength;
+    mac_param.len = sizeof(macLength);
+    mac_param.type = 0;
+
+    pwSpec->client.write_mac_context = PK11_CreateContextBySymKey(
+        mac_mech, CKA_SIGN, pwSpec->client.write_mac_key, &mac_param);
+    if (pwSpec->client.write_mac_context == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+        goto fail;
+    }
+    pwSpec->server.write_mac_context = PK11_CreateContextBySymKey(
+        mac_mech, CKA_SIGN, pwSpec->server.write_mac_key, &mac_param);
+    if (pwSpec->server.write_mac_context == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+        goto fail;
+    }
+
+    /*
+    ** Now setup the crypto contexts.
+    */
+
+    if (calg == calg_null) {
+        pwSpec->encode = Null_Cipher;
+        pwSpec->decode = Null_Cipher;
+        return SECSuccess;
+    }
+    mechanism = ssl3_Alg2Mech(calg);
+    effKeyBits = cipher_def->key_size * BPB;
+
+    /*
+     * build the server context
+     */
+    iv.data = pwSpec->server.write_iv;
+    iv.len = cipher_def->iv_size;
+    param = ssl3_ParamFromIV(mechanism, &iv, effKeyBits);
+    if (param == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
+        goto fail;
+    }
+    serverContext = PK11_CreateContextBySymKey(mechanism,
+                                               (ss->sec.isServer ? CKA_ENCRYPT
+                                                                 : CKA_DECRYPT),
+                                               pwSpec->server.write_key, param);
+    iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
+    if (iv.data)
+        PORT_Memcpy(pwSpec->server.write_iv, iv.data, iv.len);
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (serverContext == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+        goto fail;
+    }
+
+    /*
+     * build the client context
+     */
+    iv.data = pwSpec->client.write_iv;
+    iv.len = cipher_def->iv_size;
+
+    param = ssl3_ParamFromIV(mechanism, &iv, effKeyBits);
+    if (param == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
+        goto fail;
+    }
+    clientContext = PK11_CreateContextBySymKey(mechanism,
+                                               (ss->sec.isServer ? CKA_DECRYPT
+                                                                 : CKA_ENCRYPT),
+                                               pwSpec->client.write_key, param);
+    iv.data = PK11_IVFromParam(mechanism, param, (int *)&iv.len);
+    if (iv.data)
+        PORT_Memcpy(pwSpec->client.write_iv, iv.data, iv.len);
+    SECITEM_FreeItem(param, PR_TRUE);
+    if (clientContext == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+        goto fail;
+    }
+    pwSpec->encode = (SSLCipher)PK11_CipherOp;
+    pwSpec->decode = (SSLCipher)PK11_CipherOp;
+
+    pwSpec->encodeContext = (ss->sec.isServer) ? serverContext : clientContext;
+    pwSpec->decodeContext = (ss->sec.isServer) ? clientContext : serverContext;
+
+    serverContext = NULL;
+    clientContext = NULL;
+
+    ssl3_InitCompressionContext(pwSpec);
+
+    return SECSuccess;
+
+fail:
+    if (serverContext != NULL)
+        PK11_DestroyContext(serverContext, PR_TRUE);
+    if (pwSpec->client.write_mac_context != NULL) {
+        PK11_DestroyContext(pwSpec->client.write_mac_context, PR_TRUE);
+        pwSpec->client.write_mac_context = NULL;
+    }
+    if (pwSpec->server.write_mac_context != NULL) {
+        PK11_DestroyContext(pwSpec->server.write_mac_context, PR_TRUE);
+        pwSpec->server.write_mac_context = NULL;
+    }
+
+    return SECFailure;
+}
+
+HASH_HashType
+ssl3_GetTls12HashType(sslSocket *ss)
+{
+    if (ss->ssl3.pwSpec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
+        return HASH_AlgNULL;
+    }
+
+    switch (ss->ssl3.hs.suite_def->prf_hash) {
+        case ssl_hash_sha384:
+            return HASH_AlgSHA384;
+        case ssl_hash_sha256:
+        case ssl_hash_none:
+            /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */
+            return HASH_AlgSHA256;
+        default:
+            PORT_Assert(0);
+    }
+    return HASH_AlgSHA256;
+}
+
+/* Complete the initialization of all keys, ciphers, MACs and their contexts
+ * for the pending Cipher Spec.
+ * Called from: ssl3_SendClientKeyExchange  (for Full handshake)
+ *              ssl3_HandleRSAClientKeyExchange (for Full handshake)
+ *              ssl3_HandleServerHello      (for session restart)
+ *              ssl3_HandleClientHello      (for session restart)
+ * Sets error code, but caller probably should override to disambiguate.
+ * NULL pms means re-use old master_secret.
+ *
+ *  If the old master secret is reused, pms is NULL and the master secret is
+ *  already in pwSpec->master_secret.
+ */
+SECStatus
+ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms)
+{
+    ssl3CipherSpec *pwSpec;
+    ssl3CipherSpec *cwSpec;
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    ssl_GetSpecWriteLock(ss); /**************************************/
+
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+    pwSpec = ss->ssl3.pwSpec;
+    cwSpec = ss->ssl3.cwSpec;
+
+    if (pms || (!pwSpec->msItem.len && !pwSpec->master_secret)) {
+        rv = ssl3_DeriveMasterSecret(ss, pms);
+        if (rv != SECSuccess) {
+            goto done; /* err code set by ssl3_DeriveMasterSecret */
+        }
+    }
+    if (pwSpec->master_secret) {
+        rv = ssl3_DeriveConnectionKeys(ss);
+        if (rv == SECSuccess) {
+            rv = ssl3_InitPendingContexts(ss);
+        }
+    } else {
+        PORT_Assert(pwSpec->master_secret);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
+    }
+    if (rv != SECSuccess) {
+        goto done;
+    }
+
+    /* Generic behaviors -- common to all crypto methods */
+    if (!IS_DTLS(ss)) {
+        pwSpec->read_seq_num = pwSpec->write_seq_num = 0;
+    } else {
+        if (cwSpec->epoch == PR_UINT16_MAX) {
+            /* The problem here is that we have rehandshaked too many
+             * times (you are not allowed to wrap the epoch). The
+             * spec says you should be discarding the connection
+             * and start over, so not much we can do here. */
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            rv = SECFailure;
+            goto done;
+        }
+        /* The sequence number has the high 16 bits as the epoch. */
+        pwSpec->epoch = cwSpec->epoch + 1;
+        pwSpec->read_seq_num = pwSpec->write_seq_num =
+            (sslSequenceNumber)pwSpec->epoch << 48;
+
+        dtls_InitRecvdRecords(&pwSpec->recvdRecords);
+    }
+
+done:
+    ssl_ReleaseSpecWriteLock(ss); /******************************/
+    if (rv != SECSuccess)
+        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+    return rv;
+}
+
+/*
+ * 60 bytes is 3 times the maximum length MAC size that is supported.
+ */
+static const unsigned char mac_pad_1[60] = {
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36
+};
+static const unsigned char mac_pad_2[60] = {
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c
+};
+
+/* Called from: ssl3_SendRecord()
+** Caller must already hold the SpecReadLock. (wish we could assert that!)
+*/
+static SECStatus
+ssl3_ComputeRecordMAC(
+    ssl3CipherSpec *spec,
+    PRBool useServerMacKey,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const SSL3Opaque *input,
+    int inputLength,
+    unsigned char *outbuf,
+    unsigned int *outLength)
+{
+    const ssl3MACDef *mac_def;
+    SECStatus rv;
+
+    PRINT_BUF(95, (NULL, "frag hash1: header", header, headerLen));
+    PRINT_BUF(95, (NULL, "frag hash1: input", input, inputLength));
+
+    mac_def = spec->mac_def;
+    if (mac_def->mac == mac_null) {
+        *outLength = 0;
+        return SECSuccess;
+    }
+
+    PK11Context *mac_context =
+        (useServerMacKey ? spec->server.write_mac_context
+                         : spec->client.write_mac_context);
+    rv = PK11_DigestBegin(mac_context);
+    rv |= PK11_DigestOp(mac_context, header, headerLen);
+    rv |= PK11_DigestOp(mac_context, input, inputLength);
+    rv |= PK11_DigestFinal(mac_context, outbuf, outLength, spec->mac_size);
+    PORT_Assert(rv != SECSuccess || *outLength == (unsigned)spec->mac_size);
+
+    PRINT_BUF(95, (NULL, "frag hash2: result", outbuf, *outLength));
+
+    if (rv != SECSuccess) {
+        rv = SECFailure;
+        ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
+    }
+    return rv;
+}
+
+/* Called from: ssl3_HandleRecord()
+ * Caller must already hold the SpecReadLock. (wish we could assert that!)
+ *
+ * On entry:
+ *   originalLen >= inputLen >= MAC size
+*/
+static SECStatus
+ssl3_ComputeRecordMACConstantTime(
+    ssl3CipherSpec *spec,
+    PRBool useServerMacKey,
+    const unsigned char *header,
+    unsigned int headerLen,
+    const SSL3Opaque *input,
+    int inputLen,
+    int originalLen,
+    unsigned char *outbuf,
+    unsigned int *outLen)
+{
+    CK_MECHANISM_TYPE macType;
+    CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
+    SECItem param, inputItem, outputItem;
+    SECStatus rv;
+    PK11SymKey *key;
+
+    PORT_Assert(inputLen >= spec->mac_size);
+    PORT_Assert(originalLen >= inputLen);
+
+    if (spec->mac_def->mac == mac_null) {
+        *outLen = 0;
+        return SECSuccess;
+    }
+
+    macType = CKM_NSS_HMAC_CONSTANT_TIME;
+    if (spec->version == SSL_LIBRARY_VERSION_3_0) {
+        macType = CKM_NSS_SSL3_MAC_CONSTANT_TIME;
+    }
+
+    params.macAlg = spec->mac_def->mmech;
+    params.ulBodyTotalLen = originalLen;
+    params.pHeader = (unsigned char *)header; /* const cast */
+    params.ulHeaderLen = headerLen;
+
+    param.data = (unsigned char *)&params;
+    param.len = sizeof(params);
+    param.type = 0;
+
+    inputItem.data = (unsigned char *)input;
+    inputItem.len = inputLen;
+    inputItem.type = 0;
+
+    outputItem.data = outbuf;
+    outputItem.len = *outLen;
+    outputItem.type = 0;
+
+    key = spec->server.write_mac_key;
+    if (!useServerMacKey) {
+        key = spec->client.write_mac_key;
+    }
+
+    rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
+    if (rv != SECSuccess) {
+        if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
+            /* ssl3_ComputeRecordMAC() expects the MAC to have been removed
+             * from the input length already. */
+            return ssl3_ComputeRecordMAC(spec, useServerMacKey,
+                                         header, headerLen,
+                                         input, inputLen - spec->mac_size,
+                                         outbuf, outLen);
+        }
+
+        *outLen = 0;
+        rv = SECFailure;
+        ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
+        return rv;
+    }
+
+    PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
+    *outLen = outputItem.len;
+
+    return rv;
+}
+
+static PRBool
+ssl3_ClientAuthTokenPresent(sslSessionID *sid)
+{
+    PK11SlotInfo *slot = NULL;
+    PRBool isPresent = PR_TRUE;
+
+    /* we only care if we are doing client auth */
+    if (!sid || !sid->u.ssl3.clAuthValid) {
+        return PR_TRUE;
+    }
+
+    /* get the slot */
+    slot = SECMOD_LookupSlot(sid->u.ssl3.clAuthModuleID,
+                             sid->u.ssl3.clAuthSlotID);
+    if (slot == NULL ||
+        !PK11_IsPresent(slot) ||
+        sid->u.ssl3.clAuthSeries != PK11_GetSlotSeries(slot) ||
+        sid->u.ssl3.clAuthSlotID != PK11_GetSlotID(slot) ||
+        sid->u.ssl3.clAuthModuleID != PK11_GetModuleID(slot) ||
+        (PK11_NeedLogin(slot) && !PK11_IsLoggedIn(slot, NULL))) {
+        isPresent = PR_FALSE;
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    return isPresent;
+}
+
+/* Caller must hold the spec read lock. */
+SECStatus
+ssl3_CompressMACEncryptRecord(ssl3CipherSpec *cwSpec,
+                              PRBool isServer,
+                              PRBool isDTLS,
+                              PRBool capRecordVersion,
+                              SSL3ContentType type,
+                              const SSL3Opaque *pIn,
+                              PRUint32 contentLen,
+                              sslBuffer *wrBuf)
+{
+    const ssl3BulkCipherDef *cipher_def;
+    SECStatus rv;
+    PRUint32 macLen = 0;
+    PRUint32 fragLen;
+    PRUint32 p1Len, p2Len, oddLen = 0;
+    unsigned int ivLen = 0;
+    unsigned char pseudoHeader[13];
+    unsigned int pseudoHeaderLen;
+
+    cipher_def = cwSpec->cipher_def;
+
+    if (cipher_def->type == type_block &&
+        cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        /* Prepend the per-record explicit IV using technique 2b from
+         * RFC 4346 section 6.2.3.2: The IV is a cryptographically
+         * strong random number XORed with the CBC residue from the previous
+         * record.
+         */
+        ivLen = cipher_def->iv_size;
+        if (ivLen > wrBuf->space) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+        rv = PK11_GenerateRandom(wrBuf->buf, ivLen);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
+            return rv;
+        }
+        rv = cwSpec->encode(cwSpec->encodeContext,
+                            wrBuf->buf,         /* output */
+                            (int *)&wrBuf->len, /* outlen */
+                            ivLen,              /* max outlen */
+                            wrBuf->buf,         /* input */
+                            ivLen);             /* input len */
+        if (rv != SECSuccess || wrBuf->len != ivLen) {
+            PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
+            return SECFailure;
+        }
+    }
+
+    if (cwSpec->compressor) {
+        int outlen;
+        rv = cwSpec->compressor(cwSpec->compressContext, wrBuf->buf + ivLen,
+                                &outlen, wrBuf->space - ivLen, pIn, contentLen);
+        if (rv != SECSuccess)
+            return rv;
+        pIn = wrBuf->buf + ivLen;
+        contentLen = outlen;
+    }
+
+    pseudoHeaderLen = ssl3_BuildRecordPseudoHeader(
+        pseudoHeader, cwSpec->write_seq_num, type,
+        cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_0, cwSpec->version,
+        isDTLS, contentLen);
+    PORT_Assert(pseudoHeaderLen <= sizeof(pseudoHeader));
+    if (cipher_def->type == type_aead) {
+        const int nonceLen = cipher_def->explicit_nonce_size;
+        const int tagLen = cipher_def->tag_size;
+
+        if (nonceLen + contentLen + tagLen > wrBuf->space) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+
+        rv = cwSpec->aead(
+            isServer ? &cwSpec->server : &cwSpec->client,
+            PR_FALSE,           /* do encrypt */
+            wrBuf->buf,         /* output  */
+            (int *)&wrBuf->len, /* out len */
+            wrBuf->space,       /* max out */
+            pIn, contentLen,    /* input   */
+            pseudoHeader, pseudoHeaderLen);
+        if (rv != SECSuccess) {
+            PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
+            return SECFailure;
+        }
+    } else {
+        /*
+         * Add the MAC
+         */
+        rv = ssl3_ComputeRecordMAC(cwSpec, isServer, pseudoHeader,
+                                   pseudoHeaderLen, pIn, contentLen,
+                                   wrBuf->buf + ivLen + contentLen, &macLen);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
+            return SECFailure;
+        }
+        p1Len = contentLen;
+        p2Len = macLen;
+        fragLen = contentLen + macLen; /* needs to be encrypted */
+        PORT_Assert(fragLen <= MAX_FRAGMENT_LENGTH + 1024);
+
+        /*
+         * Pad the text (if we're doing a block cipher)
+         * then Encrypt it
+         */
+        if (cipher_def->type == type_block) {
+            unsigned char *pBuf;
+            int padding_length;
+            int i;
+
+            oddLen = contentLen % cipher_def->block_size;
+            /* Assume blockSize is a power of two */
+            padding_length = cipher_def->block_size - 1 - ((fragLen) & (cipher_def->block_size - 1));
+            fragLen += padding_length + 1;
+            PORT_Assert((fragLen % cipher_def->block_size) == 0);
+
+            /* Pad according to TLS rules (also acceptable to SSL3). */
+            pBuf = &wrBuf->buf[ivLen + fragLen - 1];
+            for (i = padding_length + 1; i > 0; --i) {
+                *pBuf-- = padding_length;
+            }
+            /* now, if contentLen is not a multiple of block size, fix it */
+            p2Len = fragLen - p1Len;
+        }
+        if (p1Len < 256) {
+            oddLen = p1Len;
+            p1Len = 0;
+        } else {
+            p1Len -= oddLen;
+        }
+        if (oddLen) {
+            p2Len += oddLen;
+            PORT_Assert((cipher_def->block_size < 2) ||
+                        (p2Len % cipher_def->block_size) == 0);
+            memmove(wrBuf->buf + ivLen + p1Len, pIn + p1Len, oddLen);
+        }
+        if (p1Len > 0) {
+            int cipherBytesPart1 = -1;
+            rv = cwSpec->encode(cwSpec->encodeContext,
+                                wrBuf->buf + ivLen, /* output */
+                                &cipherBytesPart1,  /* actual outlen */
+                                p1Len,              /* max outlen */
+                                pIn,
+                                p1Len); /* input, and inputlen */
+            PORT_Assert(rv == SECSuccess && cipherBytesPart1 == (int)p1Len);
+            if (rv != SECSuccess || cipherBytesPart1 != (int)p1Len) {
+                PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
+                return SECFailure;
+            }
+            wrBuf->len += cipherBytesPart1;
+        }
+        if (p2Len > 0) {
+            int cipherBytesPart2 = -1;
+            rv = cwSpec->encode(cwSpec->encodeContext,
+                                wrBuf->buf + ivLen + p1Len,
+                                &cipherBytesPart2, /* output and actual outLen */
+                                p2Len,             /* max outlen */
+                                wrBuf->buf + ivLen + p1Len,
+                                p2Len); /* input and inputLen*/
+            PORT_Assert(rv == SECSuccess && cipherBytesPart2 == (int)p2Len);
+            if (rv != SECSuccess || cipherBytesPart2 != (int)p2Len) {
+                PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
+                return SECFailure;
+            }
+            wrBuf->len += cipherBytesPart2;
+        }
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+ssl_ProtectRecord(sslSocket *ss, ssl3CipherSpec *cwSpec,
+                  PRBool capRecordVersion, SSL3ContentType type,
+                  const SSL3Opaque *pIn, PRUint32 contentLen, sslBuffer *wrBuf)
+{
+    const ssl3BulkCipherDef *cipher_def = cwSpec->cipher_def;
+    PRUint16 headerLen;
+    sslBuffer protBuf;
+    SSL3ProtocolVersion version = cwSpec->version;
+    PRBool isTLS13;
+    PRUint8 *ptr = wrBuf->buf;
+    SECStatus rv;
+
+    if (ss->ssl3.hs.shortHeaders) {
+        PORT_Assert(!IS_DTLS(ss));
+        PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+        headerLen = TLS13_RECORD_HEADER_LENGTH_SHORT;
+    } else {
+        headerLen = IS_DTLS(ss) ? DTLS_RECORD_HEADER_LENGTH : SSL3_RECORD_HEADER_LENGTH;
+    }
+    protBuf.buf = wrBuf->buf + headerLen;
+    protBuf.len = 0;
+    protBuf.space = wrBuf->space - headerLen;
+
+    PORT_Assert(cipher_def->max_records <= RECORD_SEQ_MAX);
+    if ((cwSpec->write_seq_num & RECORD_SEQ_MAX) >= cipher_def->max_records) {
+        SSL_TRC(3, ("%d: SSL[-]: write sequence number at limit 0x%0llx",
+                    SSL_GETPID(), cwSpec->write_seq_num));
+        PORT_SetError(SSL_ERROR_TOO_MANY_RECORDS);
+        return SECFailure;
+    }
+
+    isTLS13 = (PRBool)(cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+
+#ifdef UNSAFE_FUZZER_MODE
+    rv = Null_Cipher(NULL, protBuf.buf, (int *)&protBuf.len, protBuf.space,
+                     pIn, contentLen);
+#else
+    if (isTLS13) {
+        rv = tls13_ProtectRecord(ss, cwSpec, type, pIn, contentLen, &protBuf);
+    } else {
+        rv = ssl3_CompressMACEncryptRecord(cwSpec, ss->sec.isServer,
+                                           IS_DTLS(ss), capRecordVersion, type,
+                                           pIn, contentLen, &protBuf);
+    }
+#endif
+    if (rv != SECSuccess) {
+        return SECFailure; /* error was set */
+    }
+
+    PORT_Assert(protBuf.len <= MAX_FRAGMENT_LENGTH + (isTLS13 ? 256 : 1024));
+    wrBuf->len = protBuf.len + headerLen;
+
+    if (ss->ssl3.hs.shortHeaders) {
+        PORT_Assert(!IS_DTLS(ss)); /* Decoder not yet implemented. */
+        (void)ssl_EncodeUintX(0x8000 | protBuf.len, 2, ptr);
+    } else {
+#ifndef UNSAFE_FUZZER_MODE
+        if (isTLS13 && cipher_def->calg != ssl_calg_null) {
+            *ptr++ = content_application_data;
+        } else
+#endif
+        {
+            *ptr++ = type;
+        }
+
+        if (IS_DTLS(ss)) {
+            version = isTLS13 ? SSL_LIBRARY_VERSION_TLS_1_1 : version;
+            version = dtls_TLSVersionToDTLSVersion(version);
+
+            ptr = ssl_EncodeUintX(version, 2, ptr);
+            ptr = ssl_EncodeUintX(cwSpec->write_seq_num, 8, ptr);
+        } else {
+            if (capRecordVersion || isTLS13) {
+                version = PR_MIN(SSL_LIBRARY_VERSION_TLS_1_0, version);
+            }
+            ptr = ssl_EncodeUintX(version, 2, ptr);
+        }
+        (void)ssl_EncodeUintX(protBuf.len, 2, ptr);
+    }
+    ++cwSpec->write_seq_num;
+
+    return SECSuccess;
+}
+
+/* Process the plain text before sending it.
+ * Returns the number of bytes of plaintext that were successfully sent
+ *  plus the number of bytes of plaintext that were copied into the
+ *  output (write) buffer.
+ * Returns SECFailure on a hard IO error, memory error, or crypto error.
+ * Does NOT return SECWouldBlock.
+ *
+ * Notes on the use of the private ssl flags:
+ * (no private SSL flags)
+ *    Attempt to make and send SSL records for all plaintext
+ *    If non-blocking and a send gets WOULD_BLOCK,
+ *    or if the pending (ciphertext) buffer is not empty,
+ *    then buffer remaining bytes of ciphertext into pending buf,
+ *    and continue to do that for all succssive records until all
+ *    bytes are used.
+ * ssl_SEND_FLAG_FORCE_INTO_BUFFER
+ *    As above, except this suppresses all write attempts, and forces
+ *    all ciphertext into the pending ciphertext buffer.
+ * ssl_SEND_FLAG_USE_EPOCH (for DTLS)
+ *    Forces the use of the provided epoch
+ * ssl_SEND_FLAG_CAP_RECORD_VERSION
+ *    Caps the record layer version number of TLS ClientHello to { 3, 1 }
+ *    (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore
+ *    ClientHello.client_version and use the record layer version number
+ *    (TLSPlaintext.version) instead when negotiating protocol versions. In
+ *    addition, if the record layer version number of ClientHello is { 3, 2 }
+ *    (TLS 1.1) or higher, these servers reset the TCP connections. Lastly,
+ *    some F5 BIG-IP servers hang if a record containing a ClientHello has a
+ *    version greater than { 3, 1 } and a length greater than 255. Set this
+ *    flag to work around such servers.
+ */
+PRInt32
+ssl3_SendRecord(sslSocket *ss,
+                ssl3CipherSpec *cwSpec, /* non-NULL for DTLS retransmits */
+                SSL3ContentType type,
+                const SSL3Opaque *pIn, /* input buffer */
+                PRInt32 nIn,           /* bytes of input */
+                PRInt32 flags)
+{
+    sslBuffer *wrBuf = &ss->sec.writeBuf;
+    SECStatus rv;
+    PRInt32 totalSent = 0;
+    PRBool capRecordVersion;
+    ssl3CipherSpec *spec;
+
+    SSL_TRC(3, ("%d: SSL3[%d] SendRecord type: %s nIn=%d",
+                SSL_GETPID(), ss->fd, ssl3_DecodeContentType(type),
+                nIn));
+    PRINT_BUF(50, (ss, "Send record (plain text)", pIn, nIn));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    if (ss->ssl3.fatalAlertSent) {
+        SSL_TRC(3, ("%d: SSL3[%d] Suppress write, fatal alert already sent",
+                    SSL_GETPID(), ss->fd));
+        return SECFailure;
+    }
+
+    capRecordVersion = ((flags & ssl_SEND_FLAG_CAP_RECORD_VERSION) != 0);
+
+    if (capRecordVersion) {
+        /* ssl_SEND_FLAG_CAP_RECORD_VERSION can only be used with the
+         * TLS initial ClientHello. */
+        PORT_Assert(!IS_DTLS(ss));
+        PORT_Assert(!ss->firstHsDone);
+        PORT_Assert(type == content_handshake);
+        PORT_Assert(ss->ssl3.hs.ws == wait_server_hello);
+    }
+
+    if (ss->ssl3.initialized == PR_FALSE) {
+        /* This can happen on a server if the very first incoming record
+        ** looks like a defective ssl3 record (e.g. too long), and we're
+        ** trying to send an alert.
+        */
+        PR_ASSERT(type == content_alert);
+        rv = ssl3_InitState(ss);
+        if (rv != SECSuccess) {
+            return SECFailure; /* ssl3_InitState has set the error code. */
+        }
+    }
+
+    /* check for Token Presence */
+    if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
+        PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
+        return SECFailure;
+    }
+
+    while (nIn > 0) {
+        PRUint32 contentLen = PR_MIN(nIn, MAX_FRAGMENT_LENGTH);
+        unsigned int spaceNeeded;
+        unsigned int numRecords;
+
+        ssl_GetSpecReadLock(ss); /********************************/
+
+        if (nIn > 1 && ss->opt.cbcRandomIV &&
+            ss->ssl3.cwSpec->version < SSL_LIBRARY_VERSION_TLS_1_1 &&
+            type == content_application_data &&
+            ss->ssl3.cwSpec->cipher_def->type == type_block /* CBC mode */) {
+            /* We will split the first byte of the record into its own record,
+             * as explained in the documentation for SSL_CBC_RANDOM_IV in ssl.h
+             */
+            numRecords = 2;
+        } else {
+            numRecords = 1;
+        }
+
+        spaceNeeded = contentLen + (numRecords * SSL3_BUFFER_FUDGE);
+        if (ss->ssl3.cwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
+            ss->ssl3.cwSpec->cipher_def->type == type_block) {
+            spaceNeeded += ss->ssl3.cwSpec->cipher_def->iv_size;
+        }
+        if (spaceNeeded > wrBuf->space) {
+            rv = sslBuffer_Grow(wrBuf, spaceNeeded);
+            if (rv != SECSuccess) {
+                SSL_DBG(("%d: SSL3[%d]: SendRecord, tried to get %d bytes",
+                         SSL_GETPID(), ss->fd, spaceNeeded));
+                goto spec_locked_loser; /* sslBuffer_Grow set error code. */
+            }
+        }
+
+        if (numRecords == 2) {
+            sslBuffer secondRecord;
+            rv = ssl_ProtectRecord(ss, ss->ssl3.cwSpec, capRecordVersion, type,
+                                   pIn, 1, wrBuf);
+            if (rv != SECSuccess)
+                goto spec_locked_loser;
+
+            PRINT_BUF(50, (ss, "send (encrypted) record data [1/2]:",
+                           wrBuf->buf, wrBuf->len));
+
+            secondRecord.buf = wrBuf->buf + wrBuf->len;
+            secondRecord.len = 0;
+            secondRecord.space = wrBuf->space - wrBuf->len;
+
+            rv = ssl_ProtectRecord(ss, ss->ssl3.cwSpec, capRecordVersion, type,
+                                   pIn + 1, contentLen - 1, &secondRecord);
+            if (rv == SECSuccess) {
+                PRINT_BUF(50, (ss, "send (encrypted) record data [2/2]:",
+                               secondRecord.buf, secondRecord.len));
+                wrBuf->len += secondRecord.len;
+            }
+        } else {
+            if (cwSpec) {
+                /* cwSpec can only be set for retransmissions of DTLS handshake
+                 * messages. */
+                PORT_Assert(IS_DTLS(ss) &&
+                            (type == content_handshake ||
+                             type == content_change_cipher_spec));
+                spec = cwSpec;
+            } else {
+                spec = ss->ssl3.cwSpec;
+            }
+
+            rv = ssl_ProtectRecord(ss, spec, !IS_DTLS(ss) && capRecordVersion,
+                                   type, pIn, contentLen, wrBuf);
+            if (rv == SECSuccess) {
+                PRINT_BUF(50, (ss, "send (encrypted) record data:",
+                               wrBuf->buf, wrBuf->len));
+            }
+        }
+
+    spec_locked_loser:
+        ssl_ReleaseSpecReadLock(ss); /************************************/
+
+        if (rv != SECSuccess)
+            return SECFailure;
+
+        pIn += contentLen;
+        nIn -= contentLen;
+        PORT_Assert(nIn >= 0);
+
+        /* If there's still some previously saved ciphertext,
+         * or the caller doesn't want us to send the data yet,
+         * then add all our new ciphertext to the amount previously saved.
+         */
+        if ((ss->pendingBuf.len > 0) ||
+            (flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
+
+            rv = ssl_SaveWriteData(ss, wrBuf->buf, wrBuf->len);
+            if (rv != SECSuccess) {
+                /* presumably a memory error, SEC_ERROR_NO_MEMORY */
+                return SECFailure;
+            }
+            wrBuf->len = 0; /* All cipher text is saved away. */
+
+            if (!(flags & ssl_SEND_FLAG_FORCE_INTO_BUFFER)) {
+                PRInt32 sent;
+                ss->handshakeBegun = 1;
+                sent = ssl_SendSavedWriteData(ss);
+                if (sent < 0 && PR_GetError() != PR_WOULD_BLOCK_ERROR) {
+                    ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
+                    return SECFailure;
+                }
+                if (ss->pendingBuf.len) {
+                    flags |= ssl_SEND_FLAG_FORCE_INTO_BUFFER;
+                }
+            }
+        } else if (wrBuf->len > 0) {
+            PRInt32 sent;
+            ss->handshakeBegun = 1;
+            sent = ssl_DefSend(ss, wrBuf->buf, wrBuf->len,
+                               flags & ~ssl_SEND_FLAG_MASK);
+            if (sent < 0) {
+                if (PR_GetError() != PR_WOULD_BLOCK_ERROR) {
+                    ssl_MapLowLevelError(SSL_ERROR_SOCKET_WRITE_FAILURE);
+                    return SECFailure;
+                }
+                /* we got PR_WOULD_BLOCK_ERROR, which means none was sent. */
+                sent = 0;
+            }
+            wrBuf->len -= sent;
+            if (wrBuf->len) {
+                if (IS_DTLS(ss)) {
+                    /* DTLS just says no in this case. No buffering */
+                    PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+                    return SECFailure;
+                }
+                /* now take all the remaining unsent new ciphertext and
+                 * append it to the buffer of previously unsent ciphertext.
+                 */
+                rv = ssl_SaveWriteData(ss, wrBuf->buf + sent, wrBuf->len);
+                if (rv != SECSuccess) {
+                    /* presumably a memory error, SEC_ERROR_NO_MEMORY */
+                    return SECFailure;
+                }
+            }
+        }
+        totalSent += contentLen;
+    }
+    return totalSent;
+}
+
+#define SSL3_PENDING_HIGH_WATER 1024
+
+/* Attempt to send the content of "in" in an SSL application_data record.
+ * Returns "len" or SECFailure,   never SECWouldBlock, nor SECSuccess.
+ */
+int
+ssl3_SendApplicationData(sslSocket *ss, const unsigned char *in,
+                         PRInt32 len, PRInt32 flags)
+{
+    PRInt32 totalSent = 0;
+    PRInt32 discarded = 0;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    /* These flags for internal use only */
+    PORT_Assert(!(flags & ssl_SEND_FLAG_NO_RETRANSMIT));
+    if (len < 0 || !in) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    if (ss->pendingBuf.len > SSL3_PENDING_HIGH_WATER &&
+        !ssl_SocketIsBlocking(ss)) {
+        PORT_Assert(!ssl_SocketIsBlocking(ss));
+        PORT_SetError(PR_WOULD_BLOCK_ERROR);
+        return SECFailure;
+    }
+
+    if (ss->appDataBuffered && len) {
+        PORT_Assert(in[0] == (unsigned char)(ss->appDataBuffered));
+        if (in[0] != (unsigned char)(ss->appDataBuffered)) {
+            PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+            return SECFailure;
+        }
+        in++;
+        len--;
+        discarded = 1;
+    }
+    while (len > totalSent) {
+        PRInt32 sent, toSend;
+
+        if (totalSent > 0) {
+            /*
+             * The thread yield is intended to give the reader thread a
+             * chance to get some cycles while the writer thread is in
+             * the middle of a large application data write.  (See
+             * Bugzilla bug 127740, comment #1.)
+             */
+            ssl_ReleaseXmitBufLock(ss);
+            PR_Sleep(PR_INTERVAL_NO_WAIT); /* PR_Yield(); */
+            ssl_GetXmitBufLock(ss);
+        }
+        toSend = PR_MIN(len - totalSent, MAX_FRAGMENT_LENGTH);
+        /*
+         * Note that the 0 epoch is OK because flags will never require
+         * its use, as guaranteed by the PORT_Assert above.
+         */
+        sent = ssl3_SendRecord(ss, NULL, content_application_data,
+                               in + totalSent, toSend, flags);
+        if (sent < 0) {
+            if (totalSent > 0 && PR_GetError() == PR_WOULD_BLOCK_ERROR) {
+                PORT_Assert(ss->lastWriteBlocked);
+                break;
+            }
+            return SECFailure; /* error code set by ssl3_SendRecord */
+        }
+
+		// TLS-N Extension
+        if(ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn)){
+			tlsproof_addMessageToProof(ss, in + totalSent, sent, PR_FALSE);
+        }
+
+        totalSent += sent;
+        if (ss->pendingBuf.len) {
+            /* must be a non-blocking socket */
+            PORT_Assert(!ssl_SocketIsBlocking(ss));
+            PORT_Assert(ss->lastWriteBlocked);
+            break;
+        }
+    }
+    if (ss->pendingBuf.len) {
+        /* Must be non-blocking. */
+        PORT_Assert(!ssl_SocketIsBlocking(ss));
+        if (totalSent > 0) {
+            ss->appDataBuffered = 0x100 | in[totalSent - 1];
+        }
+
+        totalSent = totalSent + discarded - 1;
+        if (totalSent <= 0) {
+            PORT_SetError(PR_WOULD_BLOCK_ERROR);
+            totalSent = SECFailure;
+        }
+        return totalSent;
+    }
+    ss->appDataBuffered = 0;
+    return totalSent + discarded;
+}
+
+/* Attempt to send buffered handshake messages.
+ * This function returns SECSuccess or SECFailure, never SECWouldBlock.
+ * Always set sendBuf.len to 0, even when returning SECFailure.
+ *
+ * Depending on whether we are doing DTLS or not, this either calls
+ *
+ * - ssl3_FlushHandshakeMessages if non-DTLS
+ * - dtls_FlushHandshakeMessages if DTLS
+ *
+ * Called from SSL3_SendAlert(), ssl3_SendChangeCipherSpecs(),
+ *             ssl3_AppendHandshake(), ssl3_SendClientHello(),
+ *             ssl3_SendHelloRequest(), ssl3_SendServerHelloDone(),
+ *             ssl3_SendFinished(),
+ */
+SECStatus
+ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags)
+{
+    if (IS_DTLS(ss)) {
+        return dtls_FlushHandshakeMessages(ss, flags);
+    } else {
+        return ssl3_FlushHandshakeMessages(ss, flags);
+    }
+}
+
+/* Attempt to send the content of sendBuf buffer in an SSL handshake record.
+ * This function returns SECSuccess or SECFailure, never SECWouldBlock.
+ * Always set sendBuf.len to 0, even when returning SECFailure.
+ *
+ * Called from ssl3_FlushHandshake
+ */
+static SECStatus
+ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
+{
+    static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER |
+                                        ssl_SEND_FLAG_CAP_RECORD_VERSION;
+    PRInt32 count = -1;
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    if (!ss->sec.ci.sendBuf.buf || !ss->sec.ci.sendBuf.len)
+        return SECSuccess;
+
+    /* only these flags are allowed */
+    PORT_Assert(!(flags & ~allowedFlags));
+    if ((flags & ~allowedFlags) != 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    count = ssl3_SendRecord(ss, NULL, content_handshake,
+                            ss->sec.ci.sendBuf.buf,
+                            ss->sec.ci.sendBuf.len, flags);
+    if (count < 0) {
+        int err = PORT_GetError();
+        PORT_Assert(err != PR_WOULD_BLOCK_ERROR);
+        if (err == PR_WOULD_BLOCK_ERROR) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        }
+        rv = SECFailure;
+    } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) {
+        /* short write should never happen */
+        PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
+    } else {
+        rv = SECSuccess;
+    }
+
+    /* Whether we succeeded or failed, toss the old handshake data. */
+    ss->sec.ci.sendBuf.len = 0;
+    return rv;
+}
+
+/*
+ * Called from ssl3_HandleAlert and from ssl3_HandleCertificate when
+ * the remote client sends a negative response to our certificate request.
+ * Returns SECFailure if the application has required client auth.
+ *         SECSuccess otherwise.
+ */
+SECStatus
+ssl3_HandleNoCertificate(sslSocket *ss)
+{
+    ssl3_CleanupPeerCerts(ss);
+
+    /* If the server has required client-auth blindly but doesn't
+     * actually look at the certificate it won't know that no
+     * certificate was presented so we shutdown the socket to ensure
+     * an error.  We only do this if we haven't already completed the
+     * first handshake because if we're redoing the handshake we
+     * know the server is paying attention to the certificate.
+     */
+    if ((ss->opt.requireCertificate == SSL_REQUIRE_ALWAYS) ||
+        (!ss->firstHsDone &&
+         (ss->opt.requireCertificate == SSL_REQUIRE_FIRST_HANDSHAKE))) {
+        PRFileDesc *lower;
+
+        if (!ss->opt.noCache) {
+            ss->sec.uncache(ss->sec.ci.sid);
+        }
+        SSL3_SendAlert(ss, alert_fatal, bad_certificate);
+
+        lower = ss->fd->lower;
+#ifdef _WIN32
+        lower->methods->shutdown(lower, PR_SHUTDOWN_SEND);
+#else
+        lower->methods->shutdown(lower, PR_SHUTDOWN_BOTH);
+#endif
+        PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/************************************************************************
+ * Alerts
+ */
+
+/*
+** Acquires both handshake and XmitBuf locks.
+** Called from: ssl3_IllegalParameter   <-
+**              ssl3_HandshakeFailure   <-
+**              ssl3_HandleAlert    <- ssl3_HandleRecord.
+**              ssl3_HandleChangeCipherSpecs <- ssl3_HandleRecord
+**              ssl3_ConsumeHandshakeVariable <-
+**              ssl3_HandleHelloRequest <-
+**              ssl3_HandleServerHello  <-
+**              ssl3_HandleServerKeyExchange <-
+**              ssl3_HandleCertificateRequest <-
+**              ssl3_HandleServerHelloDone <-
+**              ssl3_HandleClientHello  <-
+**              ssl3_HandleV2ClientHello <-
+**              ssl3_HandleCertificateVerify <-
+**              ssl3_HandleClientKeyExchange <-
+**              ssl3_HandleCertificate  <-
+**              ssl3_HandleFinished <-
+**              ssl3_HandleHandshakeMessage <-
+**              ssl3_HandlePostHelloHandshakeMessage <-
+**              ssl3_HandleRecord   <-
+**
+*/
+SECStatus
+SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level, SSL3AlertDescription desc)
+{
+    PRUint8 bytes[2];
+    SECStatus rv;
+    PRBool needHsLock = !ssl_HaveSSL3HandshakeLock(ss);
+
+    /* Check that if I need the HS lock I also need the Xmit lock */
+    PORT_Assert(!needHsLock || !ssl_HaveXmitBufLock(ss));
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send alert record, level=%d desc=%d",
+                SSL_GETPID(), ss->fd, level, desc));
+
+    bytes[0] = level;
+    bytes[1] = desc;
+
+    if (needHsLock) {
+        ssl_GetSSL3HandshakeLock(ss);
+    }
+    if (level == alert_fatal) {
+        if (!ss->opt.noCache && ss->sec.ci.sid) {
+            ss->sec.uncache(ss->sec.ci.sid);
+        }
+    }
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+    if (rv == SECSuccess) {
+        PRInt32 sent;
+        sent = ssl3_SendRecord(ss, NULL, content_alert, bytes, 2,
+                               (desc == no_certificate) ? ssl_SEND_FLAG_FORCE_INTO_BUFFER : 0);
+        rv = (sent >= 0) ? SECSuccess : (SECStatus)sent;
+    }
+    if (level == alert_fatal) {
+        ss->ssl3.fatalAlertSent = PR_TRUE;
+    }
+    ssl_ReleaseXmitBufLock(ss);
+    if (needHsLock) {
+        ssl_ReleaseSSL3HandshakeLock(ss);
+    }
+    if (rv == SECSuccess && ss->alertSentCallback) {
+        SSLAlert alert = { level, desc };
+        ss->alertSentCallback(ss->fd, ss->alertSentCallbackArg, &alert);
+    }
+    return rv; /* error set by ssl3_FlushHandshake or ssl3_SendRecord */
+}
+
+/*
+ * Send illegal_parameter alert.  Set generic error number.
+ */
+static SECStatus
+ssl3_IllegalParameter(sslSocket *ss)
+{
+    (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+    PORT_SetError(ss->sec.isServer ? SSL_ERROR_BAD_CLIENT
+                                   : SSL_ERROR_BAD_SERVER);
+    return SECFailure;
+}
+
+/*
+ * Send handshake_Failure alert.  Set generic error number.
+ */
+static SECStatus
+ssl3_HandshakeFailure(sslSocket *ss)
+{
+    (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+    PORT_SetError(ss->sec.isServer ? SSL_ERROR_BAD_CLIENT
+                                   : SSL_ERROR_BAD_SERVER);
+    return SECFailure;
+}
+
+void
+ssl3_SendAlertForCertError(sslSocket *ss, PRErrorCode errCode)
+{
+    SSL3AlertDescription desc = bad_certificate;
+    PRBool isTLS = ss->version >= SSL_LIBRARY_VERSION_3_1_TLS;
+
+    switch (errCode) {
+        case SEC_ERROR_LIBRARY_FAILURE:
+            desc = unsupported_certificate;
+            break;
+        case SEC_ERROR_EXPIRED_CERTIFICATE:
+            desc = certificate_expired;
+            break;
+        case SEC_ERROR_REVOKED_CERTIFICATE:
+            desc = certificate_revoked;
+            break;
+        case SEC_ERROR_INADEQUATE_KEY_USAGE:
+        case SEC_ERROR_INADEQUATE_CERT_TYPE:
+            desc = certificate_unknown;
+            break;
+        case SEC_ERROR_UNTRUSTED_CERT:
+            desc = isTLS ? access_denied : certificate_unknown;
+            break;
+        case SEC_ERROR_UNKNOWN_ISSUER:
+        case SEC_ERROR_UNTRUSTED_ISSUER:
+            desc = isTLS ? unknown_ca : certificate_unknown;
+            break;
+        case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+            desc = isTLS ? unknown_ca : certificate_expired;
+            break;
+
+        case SEC_ERROR_CERT_NOT_IN_NAME_SPACE:
+        case SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID:
+        case SEC_ERROR_CA_CERT_INVALID:
+        case SEC_ERROR_BAD_SIGNATURE:
+        default:
+            desc = bad_certificate;
+            break;
+    }
+    SSL_DBG(("%d: SSL3[%d]: peer certificate is no good: error=%d",
+             SSL_GETPID(), ss->fd, errCode));
+
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+}
+
+/*
+ * Send decode_error alert.  Set generic error number.
+ */
+SECStatus
+ssl3_DecodeError(sslSocket *ss)
+{
+    (void)SSL3_SendAlert(ss, alert_fatal,
+                         ss->version > SSL_LIBRARY_VERSION_3_0 ? decode_error
+                                                               : illegal_parameter);
+    PORT_SetError(ss->sec.isServer ? SSL_ERROR_BAD_CLIENT
+                                   : SSL_ERROR_BAD_SERVER);
+    return SECFailure;
+}
+
+/* Called from ssl3_HandleRecord.
+** Caller must hold both RecvBuf and Handshake locks.
+*/
+static SECStatus
+ssl3_HandleAlert(sslSocket *ss, sslBuffer *buf)
+{
+    SSL3AlertLevel level;
+    SSL3AlertDescription desc;
+    int error;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle alert record", SSL_GETPID(), ss->fd));
+
+    if (buf->len != 2) {
+        (void)ssl3_DecodeError(ss);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_ALERT);
+        return SECFailure;
+    }
+    level = (SSL3AlertLevel)buf->buf[0];
+    desc = (SSL3AlertDescription)buf->buf[1];
+    buf->len = 0;
+    SSL_TRC(5, ("%d: SSL3[%d] received alert, level = %d, description = %d",
+                SSL_GETPID(), ss->fd, level, desc));
+
+    if (ss->alertReceivedCallback) {
+        SSLAlert alert = { level, desc };
+        ss->alertReceivedCallback(ss->fd, ss->alertReceivedCallbackArg, &alert);
+    }
+
+    switch (desc) {
+        case close_notify:
+            ss->recvdCloseNotify = 1;
+            error = SSL_ERROR_CLOSE_NOTIFY_ALERT;
+            break;
+        case unexpected_message:
+            error = SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT;
+            break;
+        case bad_record_mac:
+            error = SSL_ERROR_BAD_MAC_ALERT;
+            break;
+        case decryption_failed_RESERVED:
+            error = SSL_ERROR_DECRYPTION_FAILED_ALERT;
+            break;
+        case record_overflow:
+            error = SSL_ERROR_RECORD_OVERFLOW_ALERT;
+            break;
+        case decompression_failure:
+            error = SSL_ERROR_DECOMPRESSION_FAILURE_ALERT;
+            break;
+        case handshake_failure:
+            error = SSL_ERROR_HANDSHAKE_FAILURE_ALERT;
+            break;
+        case no_certificate:
+            error = SSL_ERROR_NO_CERTIFICATE;
+            break;
+        case bad_certificate:
+            error = SSL_ERROR_BAD_CERT_ALERT;
+            break;
+        case unsupported_certificate:
+            error = SSL_ERROR_UNSUPPORTED_CERT_ALERT;
+            break;
+        case certificate_revoked:
+            error = SSL_ERROR_REVOKED_CERT_ALERT;
+            break;
+        case certificate_expired:
+            error = SSL_ERROR_EXPIRED_CERT_ALERT;
+            break;
+        case certificate_unknown:
+            error = SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT;
+            break;
+        case illegal_parameter:
+            error = SSL_ERROR_ILLEGAL_PARAMETER_ALERT;
+            break;
+        case inappropriate_fallback:
+            error = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
+            break;
+
+        /* All alerts below are TLS only. */
+        case unknown_ca:
+            error = SSL_ERROR_UNKNOWN_CA_ALERT;
+            break;
+        case access_denied:
+            error = SSL_ERROR_ACCESS_DENIED_ALERT;
+            break;
+        case decode_error:
+            error = SSL_ERROR_DECODE_ERROR_ALERT;
+            break;
+        case decrypt_error:
+            error = SSL_ERROR_DECRYPT_ERROR_ALERT;
+            break;
+        case export_restriction:
+            error = SSL_ERROR_EXPORT_RESTRICTION_ALERT;
+            break;
+        case protocol_version:
+            error = SSL_ERROR_PROTOCOL_VERSION_ALERT;
+            break;
+        case insufficient_security:
+            error = SSL_ERROR_INSUFFICIENT_SECURITY_ALERT;
+            break;
+        case internal_error:
+            error = SSL_ERROR_INTERNAL_ERROR_ALERT;
+            break;
+        case user_canceled:
+            error = SSL_ERROR_USER_CANCELED_ALERT;
+            break;
+        case no_renegotiation:
+            error = SSL_ERROR_NO_RENEGOTIATION_ALERT;
+            break;
+
+        /* Alerts for TLS client hello extensions */
+        case missing_extension:
+            error = SSL_ERROR_MISSING_EXTENSION_ALERT;
+            break;
+        case unsupported_extension:
+            error = SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT;
+            break;
+        case certificate_unobtainable:
+            error = SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT;
+            break;
+        case unrecognized_name:
+            error = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
+            break;
+        case bad_certificate_status_response:
+            error = SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT;
+            break;
+        case bad_certificate_hash_value:
+            error = SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT;
+            break;
+        case end_of_early_data:
+            error = SSL_ERROR_END_OF_EARLY_DATA_ALERT;
+            break;
+        default:
+            error = SSL_ERROR_RX_UNKNOWN_ALERT;
+            break;
+    }
+    if ((ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) &&
+        (ss->ssl3.hs.ws != wait_server_hello)) {
+        /* TLS 1.3 requires all but "end of data" alerts to be
+         * treated as fatal. */
+        switch (desc) {
+            case close_notify:
+            case user_canceled:
+            case end_of_early_data:
+                break;
+            default:
+                level = alert_fatal;
+        }
+    }
+    if (level == alert_fatal) {
+        if (!ss->opt.noCache) {
+            ss->sec.uncache(ss->sec.ci.sid);
+        }
+        if ((ss->ssl3.hs.ws == wait_server_hello) &&
+            (desc == handshake_failure)) {
+            /* XXX This is a hack.  We're assuming that any handshake failure
+             * XXX on the client hello is a failure to match ciphers.
+             */
+            error = SSL_ERROR_NO_CYPHER_OVERLAP;
+        }
+        PORT_SetError(error);
+        return SECFailure;
+    }
+    if (desc == end_of_early_data) {
+        return tls13_HandleEndOfEarlyData(ss);
+    }
+    if ((desc == no_certificate) && (ss->ssl3.hs.ws == wait_client_cert)) {
+        /* I'm a server. I've requested a client cert. He hasn't got one. */
+        SECStatus rv;
+
+        PORT_Assert(ss->sec.isServer);
+        ss->ssl3.hs.ws = wait_client_key;
+        rv = ssl3_HandleNoCertificate(ss);
+        return rv;
+    }
+    return SECSuccess;
+}
+
+/*
+ * Change Cipher Specs
+ * Called from ssl3_HandleServerHelloDone,
+ *             ssl3_HandleClientHello,
+ * and         ssl3_HandleFinished
+ *
+ * Acquires and releases spec write lock, to protect switching the current
+ * and pending write spec pointers.
+ */
+
+static SECStatus
+ssl3_SendChangeCipherSpecs(sslSocket *ss)
+{
+    PRUint8 change = change_cipher_spec_choice;
+    ssl3CipherSpec *pwSpec;
+    SECStatus rv;
+    PRInt32 sent;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send change_cipher_spec record",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by ssl3_FlushHandshake */
+    }
+    if (!IS_DTLS(ss)) {
+        sent = ssl3_SendRecord(ss, NULL, content_change_cipher_spec, &change, 1,
+                               ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+        if (sent < 0) {
+            return (SECStatus)sent; /* error code set by ssl3_SendRecord */
+        }
+    } else {
+        rv = dtls_QueueMessage(ss, content_change_cipher_spec, &change, 1);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+
+    /* swap the pending and current write specs. */
+    ssl_GetSpecWriteLock(ss); /**************************************/
+    pwSpec = ss->ssl3.pwSpec;
+
+    ss->ssl3.pwSpec = ss->ssl3.cwSpec;
+    ss->ssl3.cwSpec = pwSpec;
+
+    SSL_TRC(3, ("%d: SSL3[%d] Set Current Write Cipher Suite to Pending",
+                SSL_GETPID(), ss->fd));
+
+    /* We need to free up the contexts, keys and certs ! */
+    /* If we are really through with the old cipher spec
+     * (Both the read and write sides have changed) destroy it.
+     */
+    if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
+        if (!IS_DTLS(ss)) {
+            ssl3_DestroyCipherSpec(ss->ssl3.pwSpec, PR_FALSE /*freeSrvName*/);
+        } else {
+            /* With DTLS, we need to set a holddown timer in case the final
+             * message got lost */
+            rv = dtls_StartHolddownTimer(ss);
+        }
+    }
+    ssl_ReleaseSpecWriteLock(ss); /**************************************/
+
+    return rv;
+}
+
+/* Called from ssl3_HandleRecord.
+** Caller must hold both RecvBuf and Handshake locks.
+ *
+ * Acquires and releases spec write lock, to protect switching the current
+ * and pending write spec pointers.
+*/
+static SECStatus
+ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf)
+{
+    ssl3CipherSpec *prSpec;
+    SSL3WaitState ws = ss->ssl3.hs.ws;
+    SSL3ChangeCipherSpecChoice change;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle change_cipher_spec record",
+                SSL_GETPID(), ss->fd));
+
+    if (ws != wait_change_cipher) {
+        if (IS_DTLS(ss)) {
+            /* Ignore this because it's out of order. */
+            SSL_TRC(3, ("%d: SSL3[%d]: discard out of order "
+                        "DTLS change_cipher_spec",
+                        SSL_GETPID(), ss->fd));
+            buf->len = 0;
+            return SECSuccess;
+        }
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
+        return SECFailure;
+    }
+    /* Handshake messages should not span ChangeCipherSpec. */
+    if (ss->ssl3.hs.header_bytes) {
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
+        return SECFailure;
+    }
+    if (buf->len != 1) {
+        (void)ssl3_DecodeError(ss);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
+        return SECFailure;
+    }
+    change = (SSL3ChangeCipherSpecChoice)buf->buf[0];
+    if (change != change_cipher_spec_choice) {
+        /* illegal_parameter is correct here for both SSL3 and TLS. */
+        (void)ssl3_IllegalParameter(ss);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
+        return SECFailure;
+    }
+    buf->len = 0;
+
+    /* Swap the pending and current read specs. */
+    ssl_GetSpecWriteLock(ss); /*************************************/
+    prSpec = ss->ssl3.prSpec;
+
+    ss->ssl3.prSpec = ss->ssl3.crSpec;
+    ss->ssl3.crSpec = prSpec;
+    ss->ssl3.hs.ws = wait_finished;
+
+    SSL_TRC(3, ("%d: SSL3[%d] Set Current Read Cipher Suite to Pending",
+                SSL_GETPID(), ss->fd));
+
+    /* If we are really through with the old cipher prSpec
+     * (Both the read and write sides have changed) destroy it.
+     */
+    if (ss->ssl3.prSpec == ss->ssl3.pwSpec) {
+        ssl3_DestroyCipherSpec(ss->ssl3.prSpec, PR_FALSE /*freeSrvName*/);
+    }
+    ssl_ReleaseSpecWriteLock(ss); /*************************************/
+    return SECSuccess;
+}
+
+static CK_MECHANISM_TYPE
+ssl3_GetMgfMechanismByHashType(SSLHashType hash)
+{
+    switch (hash) {
+        case ssl_hash_sha256:
+            return CKG_MGF1_SHA256;
+        case ssl_hash_sha384:
+            return CKG_MGF1_SHA384;
+        case ssl_hash_sha512:
+            return CKG_MGF1_SHA512;
+        default:
+            PORT_Assert(0);
+    }
+    return CKG_MGF1_SHA256;
+}
+
+/* Function valid for >= TLS 1.2, only. */
+static CK_MECHANISM_TYPE
+ssl3_GetHashMechanismByHashType(SSLHashType hashType)
+{
+    switch (hashType) {
+        case ssl_hash_sha512:
+            return CKM_SHA512;
+        case ssl_hash_sha384:
+            return CKM_SHA384;
+        case ssl_hash_sha256:
+        case ssl_hash_none:
+            /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */
+            return CKM_SHA256;
+        case ssl_hash_sha1:
+            return CKM_SHA_1;
+        default:
+            PORT_Assert(0);
+    }
+    return CKM_SHA256;
+}
+
+/* Function valid for >= TLS 1.2, only. */
+static CK_MECHANISM_TYPE
+ssl3_GetPrfHashMechanism(sslSocket *ss)
+{
+    return ssl3_GetHashMechanismByHashType(ss->ssl3.hs.suite_def->prf_hash);
+}
+
+static SSLHashType
+ssl3_GetSuitePrfHash(sslSocket *ss)
+{
+    /* ssl_hash_none is for pre-1.2 suites, which use SHA-256. */
+    if (ss->ssl3.hs.suite_def->prf_hash == ssl_hash_none) {
+        return ssl_hash_sha256;
+    }
+    return ss->ssl3.hs.suite_def->prf_hash;
+}
+
+/* This method completes the derivation of the MS from the PMS.
+**
+** 1. Derive the MS, if possible, else return an error.
+**
+** 2. Check the version if |pms_version| is non-zero and if wrong,
+**    return an error.
+**
+** 3. If |msp| is nonzero, return MS in |*msp|.
+
+** Called from:
+**   ssl3_ComputeMasterSecretInt
+**   tls_ComputeExtendedMasterSecretInt
+*/
+static SECStatus
+ssl3_ComputeMasterSecretFinish(sslSocket *ss,
+                               CK_MECHANISM_TYPE master_derive,
+                               CK_MECHANISM_TYPE key_derive,
+                               CK_VERSION *pms_version,
+                               SECItem *params, CK_FLAGS keyFlags,
+                               PK11SymKey *pms, PK11SymKey **msp)
+{
+    PK11SymKey *ms = NULL;
+
+    ms = PK11_DeriveWithFlags(pms, master_derive,
+                              params, key_derive,
+                              CKA_DERIVE, 0, keyFlags);
+    if (!ms) {
+        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        return SECFailure;
+    }
+
+    if (pms_version && ss->opt.detectRollBack) {
+        SSL3ProtocolVersion client_version;
+        client_version = pms_version->major << 8 | pms_version->minor;
+
+        if (IS_DTLS(ss)) {
+            client_version = dtls_DTLSVersionToTLSVersion(client_version);
+        }
+
+        if (client_version != ss->clientHelloVersion) {
+            /* Destroy MS.  Version roll-back detected. */
+            PK11_FreeSymKey(ms);
+            ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+            return SECFailure;
+        }
+    }
+
+    if (msp) {
+        *msp = ms;
+    } else {
+        PK11_FreeSymKey(ms);
+    }
+
+    return SECSuccess;
+}
+
+/*  Compute the ordinary (pre draft-ietf-tls-session-hash) master
+ ** secret and return it in |*msp|.
+ **
+ ** Called from: ssl3_ComputeMasterSecret
+ */
+static SECStatus
+ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
+                            PK11SymKey **msp)
+{
+    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+    unsigned char *cr = (unsigned char *)&ss->ssl3.hs.client_random;
+    unsigned char *sr = (unsigned char *)&ss->ssl3.hs.server_random;
+    PRBool isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+    PRBool isTLS12 =
+        (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    /*
+     * Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH
+     * which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size
+     * data into a 48-byte value, and does not expect to return the version.
+     */
+    PRBool isDH = (PRBool)((ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh) ||
+                           (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh));
+    CK_MECHANISM_TYPE master_derive;
+    CK_MECHANISM_TYPE key_derive;
+    SECItem params;
+    CK_FLAGS keyFlags;
+    CK_VERSION pms_version;
+    CK_VERSION *pms_version_ptr = NULL;
+    /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params;
+    unsigned int master_params_len;
+
+    if (isTLS12) {
+        if (isDH)
+            master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+        else
+            master_derive = CKM_TLS12_MASTER_KEY_DERIVE;
+        key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
+        keyFlags = CKF_SIGN | CKF_VERIFY;
+    } else if (isTLS) {
+        if (isDH)
+            master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH;
+        else
+            master_derive = CKM_TLS_MASTER_KEY_DERIVE;
+        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+        keyFlags = CKF_SIGN | CKF_VERIFY;
+    } else {
+        if (isDH)
+            master_derive = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+        else
+            master_derive = CKM_SSL3_MASTER_KEY_DERIVE;
+        key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
+        keyFlags = 0;
+    }
+
+    if (!isDH) {
+        pms_version_ptr = &pms_version;
+    }
+
+    master_params.pVersion = pms_version_ptr;
+    master_params.RandomInfo.pClientRandom = cr;
+    master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
+    master_params.RandomInfo.pServerRandom = sr;
+    master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
+    if (isTLS12) {
+        master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
+        master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS);
+    } else {
+        /* prfHashMechanism is not relevant with this PRF */
+        master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS);
+    }
+
+    params.data = (unsigned char *)&master_params;
+    params.len = master_params_len;
+
+    return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
+                                          pms_version_ptr, &params,
+                                          keyFlags, pms, msp);
+}
+
+/* Compute the draft-ietf-tls-session-hash master
+** secret and return it in |*msp|.
+**
+** Called from: ssl3_ComputeMasterSecret
+*/
+static SECStatus
+tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms,
+                                   PK11SymKey **msp)
+{
+    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+    CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS extended_master_params;
+    SSL3Hashes hashes;
+    /*
+     * Determine whether to use the DH/ECDH or RSA derivation modes.
+     */
+    /*
+     * TODO(ekr@rtfm.com): Verify that the slot can handle this key expansion
+     * mode. Bug 1198298 */
+    PRBool isDH = (PRBool)((ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh) ||
+                           (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh));
+    CK_MECHANISM_TYPE master_derive;
+    CK_MECHANISM_TYPE key_derive;
+    SECItem params;
+    const CK_FLAGS keyFlags = CKF_SIGN | CKF_VERIFY;
+    CK_VERSION pms_version;
+    CK_VERSION *pms_version_ptr = NULL;
+    SECStatus rv;
+
+    rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0);
+    if (rv != SECSuccess) {
+        PORT_Assert(0); /* Should never fail */
+        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        return SECFailure;
+    }
+
+    if (isDH) {
+        master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH;
+    } else {
+        master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE;
+        pms_version_ptr = &pms_version;
+    }
+
+    if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+        /* TLS 1.2+ */
+        extended_master_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
+        key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
+    } else {
+        /* TLS < 1.2 */
+        extended_master_params.prfHashMechanism = CKM_TLS_PRF;
+        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+    }
+
+    extended_master_params.pVersion = pms_version_ptr;
+    extended_master_params.pSessionHash = hashes.u.raw;
+    extended_master_params.ulSessionHashLen = hashes.len;
+
+    params.data = (unsigned char *)&extended_master_params;
+    params.len = sizeof extended_master_params;
+
+    return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive,
+                                          pms_version_ptr, &params,
+                                          keyFlags, pms, msp);
+}
+
+/* Wrapper method to compute the master secret and return it in |*msp|.
+**
+** Called from ssl3_ComputeMasterSecret
+*/
+static SECStatus
+ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms,
+                         PK11SymKey **msp)
+{
+    PORT_Assert(pms != NULL);
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+        return tls_ComputeExtendedMasterSecretInt(ss, pms, msp);
+    } else {
+        return ssl3_ComputeMasterSecretInt(ss, pms, msp);
+    }
+}
+
+/* This method uses PKCS11 to derive the MS from the PMS, where PMS
+** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the
+** computations and then modify the pwSpec->state as a side effect.
+**
+** This is used in all cases except the "triple bypass" with RSA key
+** exchange.
+**
+** Called from ssl3_InitPendingCipherSpec.   prSpec is pwSpec.
+*/
+static SECStatus
+ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms)
+{
+    SECStatus rv;
+    PK11SymKey *ms = NULL;
+    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+    if (pms) {
+        rv = ssl3_ComputeMasterSecret(ss, pms, &ms);
+        pwSpec->master_secret = ms;
+        if (rv != SECSuccess)
+            return rv;
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Derive encryption and MAC Keys (and IVs) from master secret
+ * Sets a useful error code when returning SECFailure.
+ *
+ * Called only from ssl3_InitPendingCipherSpec(),
+ * which in turn is called from
+ *              ssl3_SendRSAClientKeyExchange    (for Full handshake)
+ *              ssl3_SendDHClientKeyExchange     (for Full handshake)
+ *              ssl3_HandleClientKeyExchange    (for Full handshake)
+ *              ssl3_HandleServerHello          (for session restart)
+ *              ssl3_HandleClientHello          (for session restart)
+ * Caller MUST hold the specWriteLock, and SSL3HandshakeLock.
+ * ssl3_InitPendingCipherSpec does that.
+ *
+ */
+static SECStatus
+ssl3_DeriveConnectionKeys(sslSocket *ss)
+{
+    ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+    unsigned char *cr = (unsigned char *)&ss->ssl3.hs.client_random;
+    unsigned char *sr = (unsigned char *)&ss->ssl3.hs.server_random;
+    PRBool isTLS = (PRBool)(pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+    PRBool isTLS12 =
+        (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    const ssl3BulkCipherDef *cipher_def = pwSpec->cipher_def;
+    PK11SlotInfo *slot = NULL;
+    PK11SymKey *symKey = NULL;
+    void *pwArg = ss->pkcs11PinArg;
+    int keySize;
+    CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a
+                                                  * CK_SSL3_KEY_MAT_PARAMS */
+    unsigned int key_material_params_len;
+    CK_SSL3_KEY_MAT_OUT returnedKeys;
+    CK_MECHANISM_TYPE key_derive;
+    CK_MECHANISM_TYPE bulk_mechanism;
+    SSLCipherAlgorithm calg;
+    SECItem params;
+    PRBool skipKeysAndIVs = (PRBool)(cipher_def->calg == calg_null);
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+    if (!pwSpec->master_secret) {
+        PORT_SetError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        return SECFailure;
+    }
+    /*
+     * generate the key material
+     */
+    key_material_params.ulMacSizeInBits = pwSpec->mac_size * BPB;
+    key_material_params.ulKeySizeInBits = cipher_def->secret_key_size * BPB;
+    key_material_params.ulIVSizeInBits = cipher_def->iv_size * BPB;
+    if (cipher_def->type == type_block &&
+        pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        /* Block ciphers in >= TLS 1.1 use a per-record, explicit IV. */
+        key_material_params.ulIVSizeInBits = 0;
+        memset(pwSpec->client.write_iv, 0, cipher_def->iv_size);
+        memset(pwSpec->server.write_iv, 0, cipher_def->iv_size);
+    }
+
+    key_material_params.bIsExport = PR_FALSE;
+    key_material_params.RandomInfo.pClientRandom = cr;
+    key_material_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH;
+    key_material_params.RandomInfo.pServerRandom = sr;
+    key_material_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH;
+    key_material_params.pReturnedKeyMaterial = &returnedKeys;
+
+    returnedKeys.pIVClient = pwSpec->client.write_iv;
+    returnedKeys.pIVServer = pwSpec->server.write_iv;
+    keySize = cipher_def->key_size;
+
+    if (skipKeysAndIVs) {
+        keySize = 0;
+        key_material_params.ulKeySizeInBits = 0;
+        key_material_params.ulIVSizeInBits = 0;
+        returnedKeys.pIVClient = NULL;
+        returnedKeys.pIVServer = NULL;
+    }
+
+    calg = cipher_def->calg;
+    bulk_mechanism = ssl3_Alg2Mech(calg);
+
+    if (isTLS12) {
+        key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE;
+        key_material_params.prfHashMechanism = ssl3_GetPrfHashMechanism(ss);
+        key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS);
+    } else if (isTLS) {
+        key_derive = CKM_TLS_KEY_AND_MAC_DERIVE;
+        key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
+    } else {
+        key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE;
+        key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS);
+    }
+
+    params.data = (unsigned char *)&key_material_params;
+    params.len = key_material_params_len;
+
+    /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and
+     * DERIVE by DEFAULT */
+    symKey = PK11_Derive(pwSpec->master_secret, key_derive, &params,
+                         bulk_mechanism, CKA_ENCRYPT, keySize);
+    if (!symKey) {
+        ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+        return SECFailure;
+    }
+    /* we really should use the actual mac'ing mechanism here, but we
+     * don't because these types are used to map keytype anyway and both
+     * mac's map to the same keytype.
+     */
+    slot = PK11_GetSlotFromKey(symKey);
+
+    PK11_FreeSlot(slot); /* slot is held until the key is freed */
+    pwSpec->client.write_mac_key =
+        PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                              CKM_SSL3_SHA1_MAC, returnedKeys.hClientMacSecret, PR_TRUE, pwArg);
+    if (pwSpec->client.write_mac_key == NULL) {
+        goto loser; /* loser sets err */
+    }
+    pwSpec->server.write_mac_key =
+        PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                              CKM_SSL3_SHA1_MAC, returnedKeys.hServerMacSecret, PR_TRUE, pwArg);
+    if (pwSpec->server.write_mac_key == NULL) {
+        goto loser; /* loser sets err */
+    }
+    if (!skipKeysAndIVs) {
+        pwSpec->client.write_key =
+            PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                                  bulk_mechanism, returnedKeys.hClientKey, PR_TRUE, pwArg);
+        if (pwSpec->client.write_key == NULL) {
+            goto loser; /* loser sets err */
+        }
+        pwSpec->server.write_key =
+            PK11_SymKeyFromHandle(slot, symKey, PK11_OriginDerive,
+                                  bulk_mechanism, returnedKeys.hServerKey, PR_TRUE, pwArg);
+        if (pwSpec->server.write_key == NULL) {
+            goto loser; /* loser sets err */
+        }
+    }
+    PK11_FreeSymKey(symKey);
+    return SECSuccess;
+
+loser:
+    if (symKey)
+        PK11_FreeSymKey(symKey);
+    ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE);
+    return SECFailure;
+}
+
+/* ssl3_InitHandshakeHashes creates handshake hash contexts and hashes in
+ * buffered messages in ss->ssl3.hs.messages. Called from
+ * ssl3_NegotiateCipherSuite(), tls13_HandleClientHelloPart2(),
+ * and ssl3_HandleServerHello. */
+SECStatus
+ssl3_InitHandshakeHashes(sslSocket *ss)
+{
+    SSL_TRC(30, ("%d: SSL3[%d]: start handshake hashes", SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_unknown);
+    if (ss->version == SSL_LIBRARY_VERSION_TLS_1_2) {
+        ss->ssl3.hs.hashType = handshake_hash_record;
+    } else {
+        PORT_Assert(!ss->ssl3.hs.md5 && !ss->ssl3.hs.sha);
+        /*
+         * note: We should probably lookup an SSL3 slot for these
+         * handshake hashes in hopes that we wind up with the same slots
+         * that the master secret will wind up in ...
+         */
+        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+            /* determine the hash from the prf */
+            const SECOidData *hash_oid =
+                SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss));
+
+            /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_hash)
+             * Convert that to the OidTag. We can then use that OidTag to create our
+             * PK11Context */
+            PORT_Assert(hash_oid != NULL);
+            if (hash_oid == NULL) {
+                ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+                return SECFailure;
+            }
+
+            ss->ssl3.hs.sha = PK11_CreateDigestContext(hash_oid->offset);
+            if (ss->ssl3.hs.sha == NULL) {
+                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+                return SECFailure;
+            }
+            ss->ssl3.hs.hashType = handshake_hash_single;
+
+            if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+                return SECFailure;
+            }
+        } else {
+            /* Both ss->ssl3.hs.md5 and ss->ssl3.hs.sha should be NULL or
+             * created successfully. */
+            ss->ssl3.hs.md5 = PK11_CreateDigestContext(SEC_OID_MD5);
+            if (ss->ssl3.hs.md5 == NULL) {
+                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+                return SECFailure;
+            }
+            ss->ssl3.hs.sha = PK11_CreateDigestContext(SEC_OID_SHA1);
+            if (ss->ssl3.hs.sha == NULL) {
+                PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);
+                ss->ssl3.hs.md5 = NULL;
+                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+                return SECFailure;
+            }
+            ss->ssl3.hs.hashType = handshake_hash_combo;
+
+            if (PK11_DigestBegin(ss->ssl3.hs.md5) != SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+                return SECFailure;
+            }
+            if (PK11_DigestBegin(ss->ssl3.hs.sha) != SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+                return SECFailure;
+            }
+        }
+    }
+
+    if (ss->ssl3.hs.hashType != handshake_hash_record &&
+        ss->ssl3.hs.messages.len > 0) {
+        if (ssl3_UpdateHandshakeHashes(ss, ss->ssl3.hs.messages.buf,
+                                       ss->ssl3.hs.messages.len) != SECSuccess) {
+            return SECFailure;
+        }
+        sslBuffer_Clear(&ss->ssl3.hs.messages);
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_RestartHandshakeHashes(sslSocket *ss)
+{
+    SECStatus rv = SECSuccess;
+
+    SSL_TRC(30, ("%d: SSL3[%d]: reset handshake hashes",
+                 SSL_GETPID(), ss->fd));
+    ss->ssl3.hs.hashType = handshake_hash_unknown;
+    ss->ssl3.hs.messages.len = 0;
+    if (ss->ssl3.hs.md5) {
+        PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);
+        ss->ssl3.hs.md5 = NULL;
+    }
+    if (ss->ssl3.hs.sha) {
+        PK11_DestroyContext(ss->ssl3.hs.sha, PR_TRUE);
+        ss->ssl3.hs.sha = NULL;
+    }
+    return rv;
+}
+
+/*
+ * Handshake messages
+ */
+/* Called from  ssl3_InitHandshakeHashes()
+**      ssl3_AppendHandshake()
+**      ssl3_HandleV2ClientHello()
+**      ssl3_HandleHandshakeMessage()
+** Caller must hold the ssl3Handshake lock.
+*/
+SECStatus
+ssl3_UpdateHandshakeHashes(sslSocket *ss, const unsigned char *b, unsigned int l)
+{
+    SECStatus rv = SECSuccess;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    /* With TLS 1.3, and versions TLS.1.1 and older, we keep the hash(es)
+     * always up to date. However, we must initially buffer the handshake
+     * messages, until we know what to do.
+     * If ss->ssl3.hs.hashType != handshake_hash_unknown,
+     * it means we know what to do. We calculate (hash our input),
+     * and we stop appending to the buffer.
+     *
+     * With TLS 1.2, we always append all handshake messages,
+     * and never update the hash, because the hash function we must use for
+     * certificate_verify might be different from the hash function we use
+     * when signing other handshake hashes. */
+
+    if (ss->ssl3.hs.hashType == handshake_hash_unknown ||
+        ss->ssl3.hs.hashType == handshake_hash_record) {
+        return sslBuffer_Append(&ss->ssl3.hs.messages, b, l);
+    }
+
+    PRINT_BUF(90, (NULL, "handshake hash input:", b, l));
+
+    if (ss->ssl3.hs.hashType == handshake_hash_single) {
+        PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+        rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+            return rv;
+        }
+    } else if (ss->ssl3.hs.hashType == handshake_hash_combo) {
+        rv = PK11_DigestOp(ss->ssl3.hs.md5, b, l);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+            return rv;
+        }
+        rv = PK11_DigestOp(ss->ssl3.hs.sha, b, l);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            return rv;
+        }
+    }
+    return rv;
+}
+
+/**************************************************************************
+ * Append Handshake functions.
+ * All these functions set appropriate error codes.
+ * Most rely on ssl3_AppendHandshake to set the error code.
+ **************************************************************************/
+SECStatus
+ssl3_AppendHandshake(sslSocket *ss, const void *void_src, PRInt32 bytes)
+{
+    unsigned char *src = (unsigned char *)void_src;
+    int room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); /* protects sendBuf. */
+
+    if (!bytes)
+        return SECSuccess;
+    if (ss->sec.ci.sendBuf.space < MAX_SEND_BUF_LENGTH && room < bytes) {
+        rv = sslBuffer_Grow(&ss->sec.ci.sendBuf, PR_MAX(MIN_SEND_BUF_LENGTH,
+                                                        PR_MIN(MAX_SEND_BUF_LENGTH, ss->sec.ci.sendBuf.len + bytes)));
+        if (rv != SECSuccess)
+            return rv; /* sslBuffer_Grow has set a memory error code. */
+        room = ss->sec.ci.sendBuf.space - ss->sec.ci.sendBuf.len;
+    }
+
+    PRINT_BUF(60, (ss, "Append to Handshake", (unsigned char *)void_src, bytes));
+    rv = ssl3_UpdateHandshakeHashes(ss, src, bytes);
+    if (rv != SECSuccess)
+        return rv; /* error code set by ssl3_UpdateHandshakeHashes */
+
+    while (bytes > room) {
+        if (room > 0)
+            PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src,
+                        room);
+        ss->sec.ci.sendBuf.len += room;
+        rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+        if (rv != SECSuccess) {
+            return rv; /* error code set by ssl3_FlushHandshake */
+        }
+        bytes -= room;
+        src += room;
+        room = ss->sec.ci.sendBuf.space;
+        PORT_Assert(ss->sec.ci.sendBuf.len == 0);
+    }
+    PORT_Memcpy(ss->sec.ci.sendBuf.buf + ss->sec.ci.sendBuf.len, src, bytes);
+    ss->sec.ci.sendBuf.len += bytes;
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize)
+{
+    SECStatus rv;
+    PRUint8 b[4];
+    PRUint8 *p = b;
+
+    PORT_Assert(lenSize <= 4 && lenSize > 0);
+    if (lenSize < 4 && num >= (1L << (lenSize * 8))) {
+        PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG);
+        return SECFailure;
+    }
+
+    switch (lenSize) {
+        case 4:
+            *p++ = (num >> 24) & 0xff;
+        case 3:
+            *p++ = (num >> 16) & 0xff;
+        case 2:
+            *p++ = (num >> 8) & 0xff;
+        case 1:
+            *p = num & 0xff;
+    }
+    SSL_TRC(60, ("%d: number:", SSL_GETPID()));
+    rv = ssl3_AppendHandshake(ss, &b[0], lenSize);
+    return rv; /* error code set by AppendHandshake, if applicable. */
+}
+
+SECStatus
+ssl3_AppendHandshakeVariable(
+    sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize)
+{
+    SECStatus rv;
+
+    PORT_Assert((bytes < (1 << 8) && lenSize == 1) ||
+                (bytes < (1L << 16) && lenSize == 2) ||
+                (bytes < (1L << 24) && lenSize == 3));
+
+    SSL_TRC(60, ("%d: append variable:", SSL_GETPID()));
+    rv = ssl3_AppendHandshakeNumber(ss, bytes, lenSize);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by AppendHandshake, if applicable. */
+    }
+    SSL_TRC(60, ("data:"));
+    rv = ssl3_AppendHandshake(ss, src, bytes);
+    return rv; /* error code set by AppendHandshake, if applicable. */
+}
+
+SECStatus
+ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length)
+{
+    SECStatus rv;
+
+    /* If we already have a message in place, we need to enqueue it.
+     * This empties the buffer. This is a convenient place to call
+     * dtls_StageHandshakeMessage to mark the message boundary.
+     */
+    if (IS_DTLS(ss)) {
+        rv = dtls_StageHandshakeMessage(ss);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+
+    SSL_TRC(30, ("%d: SSL3[%d]: append handshake header: type %s",
+                 SSL_GETPID(), ss->fd, ssl3_DecodeHandshakeType(t)));
+
+    rv = ssl3_AppendHandshakeNumber(ss, t, 1);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by AppendHandshake, if applicable. */
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, length, 3);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by AppendHandshake, if applicable. */
+    }
+
+    if (IS_DTLS(ss)) {
+        /* Note that we make an unfragmented message here. We fragment in the
+         * transmission code, if necessary */
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.sendMessageSeq, 2);
+        if (rv != SECSuccess) {
+            return rv; /* error code set by AppendHandshake, if applicable. */
+        }
+        ss->ssl3.hs.sendMessageSeq++;
+
+        /* 0 is the fragment offset, because it's not fragmented yet */
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 3);
+        if (rv != SECSuccess) {
+            return rv; /* error code set by AppendHandshake, if applicable. */
+        }
+
+        /* Fragment length -- set to the packet length because not fragmented */
+        rv = ssl3_AppendHandshakeNumber(ss, length, 3);
+        if (rv != SECSuccess) {
+            return rv; /* error code set by AppendHandshake, if applicable. */
+        }
+    }
+
+    return rv; /* error code set by AppendHandshake, if applicable. */
+}
+
+/**************************************************************************
+ * Consume Handshake functions.
+ *
+ * All data used in these functions is protected by two locks,
+ * the RecvBufLock and the SSL3HandshakeLock
+ **************************************************************************/
+
+/* Read up the next "bytes" number of bytes from the (decrypted) input
+ * stream "b" (which is *length bytes long). Copy them into buffer "v".
+ * Reduces *length by bytes.  Advances *b by bytes.
+ *
+ * If this function returns SECFailure, it has already sent an alert,
+ * and has set a generic error code.  The caller should probably
+ * override the generic error code by setting another.
+ */
+SECStatus
+ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes, SSL3Opaque **b,
+                      PRUint32 *length)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if ((PRUint32)bytes > *length) {
+        return ssl3_DecodeError(ss);
+    }
+    PORT_Memcpy(v, *b, bytes);
+    PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));
+    *b += bytes;
+    *length -= bytes;
+    return SECSuccess;
+}
+
+/* Read up the next "bytes" number of bytes from the (decrypted) input
+ * stream "b" (which is *length bytes long), and interpret them as an
+ * integer in network byte order.  Sets *num to the received value.
+ * Reduces *length by bytes.  Advances *b by bytes.
+ *
+ * On error, an alert has been sent, and a generic error code has been set.
+ */
+SECStatus
+ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num, PRUint32 bytes,
+                            SSL3Opaque **b, PRUint32 *length)
+{
+    PRUint8 *buf = *b;
+    int i;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    *num = 0;
+    if (bytes > *length || bytes > sizeof(*num)) {
+        return ssl3_DecodeError(ss);
+    }
+    PRINT_BUF(60, (ss, "consume bytes:", *b, bytes));
+
+    for (i = 0; i < bytes; i++) {
+        *num = (*num << 8) + buf[i];
+    }
+    *b += bytes;
+    *length -= bytes;
+    return SECSuccess;
+}
+
+/* Read in two values from the incoming decrypted byte stream "b", which is
+ * *length bytes long.  The first value is a number whose size is "bytes"
+ * bytes long.  The second value is a byte-string whose size is the value
+ * of the first number received.  The latter byte-string, and its length,
+ * is returned in the SECItem i.
+ *
+ * Returns SECFailure (-1) on failure.
+ * On error, an alert has been sent, and a generic error code has been set.
+ *
+ * RADICAL CHANGE for NSS 3.11.  All callers of this function make copies
+ * of the data returned in the SECItem *i, so making a copy of it here
+ * is simply wasteful.  So, This function now just sets SECItem *i to
+ * point to the values in the buffer **b.
+ */
+SECStatus
+ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRUint32 bytes,
+                              SSL3Opaque **b, PRUint32 *length)
+{
+    PRUint32 count;
+    SECStatus rv;
+
+    PORT_Assert(bytes <= 3);
+    i->len = 0;
+    i->data = NULL;
+    i->type = siBuffer;
+    rv = ssl3_ConsumeHandshakeNumber(ss, &count, bytes, b, length);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    if (count > 0) {
+        if (count > *length) {
+            return ssl3_DecodeError(ss);
+        }
+        i->data = *b;
+        i->len = count;
+        *b += count;
+        *length -= count;
+    }
+    return SECSuccess;
+}
+
+/* Helper function to encode an unsigned integer into a buffer. */
+PRUint8 *
+ssl_EncodeUintX(PRUint64 value, unsigned int bytes, PRUint8 *to)
+{
+    PRUint64 encoded;
+
+    PORT_Assert(bytes > 0 && bytes <= sizeof(encoded));
+
+    encoded = PR_htonll(value);
+    memcpy(to, ((unsigned char *)(&encoded)) + (sizeof(encoded) - bytes), bytes);
+    return to + bytes;
+}
+
+/* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value.
+ * If the hash is not recognised, SEC_OID_UNKNOWN is returned.
+ *
+ * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+SECOidTag
+ssl3_HashTypeToOID(SSLHashType hashType)
+{
+    switch (hashType) {
+        case ssl_hash_sha1:
+            return SEC_OID_SHA1;
+        case ssl_hash_sha256:
+            return SEC_OID_SHA256;
+        case ssl_hash_sha384:
+            return SEC_OID_SHA384;
+        case ssl_hash_sha512:
+            return SEC_OID_SHA512;
+        default:
+            break;
+    }
+    return SEC_OID_UNKNOWN;
+}
+
+SSLHashType
+ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme)
+{
+    switch (scheme) {
+        case ssl_sig_rsa_pkcs1_sha1:
+        case ssl_sig_dsa_sha1:
+        case ssl_sig_ecdsa_sha1:
+            return ssl_hash_sha1;
+        case ssl_sig_rsa_pkcs1_sha256:
+        case ssl_sig_ecdsa_secp256r1_sha256:
+        case ssl_sig_rsa_pss_sha256:
+        case ssl_sig_dsa_sha256:
+            return ssl_hash_sha256;
+        case ssl_sig_rsa_pkcs1_sha384:
+        case ssl_sig_ecdsa_secp384r1_sha384:
+        case ssl_sig_rsa_pss_sha384:
+        case ssl_sig_dsa_sha384:
+            return ssl_hash_sha384;
+        case ssl_sig_rsa_pkcs1_sha512:
+        case ssl_sig_ecdsa_secp521r1_sha512:
+        case ssl_sig_rsa_pss_sha512:
+        case ssl_sig_dsa_sha512:
+            return ssl_hash_sha512;
+        case ssl_sig_rsa_pkcs1_sha1md5:
+            return ssl_hash_none; /* Special for TLS 1.0/1.1. */
+        case ssl_sig_none:
+        case ssl_sig_ed25519:
+        case ssl_sig_ed448:
+            break;
+    }
+    PORT_Assert(0);
+    return ssl_hash_none;
+}
+
+KeyType
+ssl_SignatureSchemeToKeyType(SSLSignatureScheme scheme)
+{
+    switch (scheme) {
+        case ssl_sig_rsa_pkcs1_sha256:
+        case ssl_sig_rsa_pkcs1_sha384:
+        case ssl_sig_rsa_pkcs1_sha512:
+        case ssl_sig_rsa_pkcs1_sha1:
+        case ssl_sig_rsa_pss_sha256:
+        case ssl_sig_rsa_pss_sha384:
+        case ssl_sig_rsa_pss_sha512:
+        case ssl_sig_rsa_pkcs1_sha1md5:
+            return rsaKey;
+        case ssl_sig_ecdsa_secp256r1_sha256:
+        case ssl_sig_ecdsa_secp384r1_sha384:
+        case ssl_sig_ecdsa_secp521r1_sha512:
+        case ssl_sig_ecdsa_sha1:
+            return ecKey;
+        case ssl_sig_dsa_sha256:
+        case ssl_sig_dsa_sha384:
+        case ssl_sig_dsa_sha512:
+        case ssl_sig_dsa_sha1:
+            return dsaKey;
+        case ssl_sig_none:
+        case ssl_sig_ed25519:
+        case ssl_sig_ed448:
+            break;
+    }
+    PORT_Assert(0);
+    return nullKey;
+}
+
+static SSLNamedGroup
+ssl_NamedGroupForSignatureScheme(SSLSignatureScheme scheme)
+{
+    switch (scheme) {
+        case ssl_sig_ecdsa_secp256r1_sha256:
+            return ssl_grp_ec_secp256r1;
+        case ssl_sig_ecdsa_secp384r1_sha384:
+            return ssl_grp_ec_secp384r1;
+        case ssl_sig_ecdsa_secp521r1_sha512:
+            return ssl_grp_ec_secp521r1;
+        default:
+            break;
+    }
+    PORT_Assert(0);
+    return 0;
+}
+
+/* Validate that the signature scheme works for the given key.
+ * If |allowSha1| is set, we allow the use of SHA-1.
+ * If |matchGroup| is set, we also check that the group and hash match. */
+static PRBool
+ssl_SignatureSchemeValidForKey(PRBool allowSha1, PRBool matchGroup,
+                               KeyType keyType,
+                               const sslNamedGroupDef *ecGroup,
+                               SSLSignatureScheme scheme)
+{
+    if (!ssl_IsSupportedSignatureScheme(scheme)) {
+        return PR_FALSE;
+    }
+    if (keyType != ssl_SignatureSchemeToKeyType(scheme)) {
+        return PR_FALSE;
+    }
+    if (!allowSha1 && ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) {
+        return PR_FALSE;
+    }
+    if (keyType != ecKey) {
+        return PR_TRUE;
+    }
+    if (!ecGroup) {
+        return PR_FALSE;
+    }
+    /* If |allowSha1| is present and the scheme is ssl_sig_ecdsa_sha1, it's OK.
+     * This scheme isn't bound to a specific group. */
+    if (allowSha1 && (scheme == ssl_sig_ecdsa_sha1)) {
+        return PR_TRUE;
+    }
+    if (!matchGroup) {
+        return PR_TRUE;
+    }
+    return ecGroup->name == ssl_NamedGroupForSignatureScheme(scheme);
+}
+
+/* ssl3_CheckSignatureSchemeConsistency checks that the signature
+ * algorithm identifier in |sigAndHash| is consistent with the public key in
+ * |cert|. It also checks the hash algorithm against the configured signature
+ * algorithms.  If all the tests pass, SECSuccess is returned. Otherwise,
+ * PORT_SetError is called and SECFailure is returned. */
+SECStatus
+ssl_CheckSignatureSchemeConsistency(
+    sslSocket *ss, SSLSignatureScheme scheme, CERTCertificate *cert)
+{
+    unsigned int i;
+    const sslNamedGroupDef *group = NULL;
+    SECKEYPublicKey *key;
+    KeyType keyType;
+    PRBool isTLS13 = ss->version == SSL_LIBRARY_VERSION_TLS_1_3;
+
+    key = CERT_ExtractPublicKey(cert);
+    if (key == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
+        return SECFailure;
+    }
+
+    keyType = SECKEY_GetPublicKeyType(key);
+    if (keyType == ecKey) {
+        group = ssl_ECPubKey2NamedGroup(key);
+    }
+    SECKEY_DestroyPublicKey(key);
+
+    /* If we're a client, check that the signature algorithm matches the signing
+     * key type of the cipher suite. */
+    if (!isTLS13 &&
+        !ss->sec.isServer &&
+        ss->ssl3.hs.kea_def->signKeyType != keyType) {
+        PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
+        return SECFailure;
+    }
+
+    /* Verify that the signature scheme matches the signing key. */
+    if (!ssl_SignatureSchemeValidForKey(!isTLS13 /* allowSha1 */,
+                                        isTLS13 /* matchGroup */,
+                                        keyType, group, scheme)) {
+        PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM);
+        return SECFailure;
+    }
+
+    for (i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
+        if (scheme == ss->ssl3.signatureSchemes[i]) {
+            return SECSuccess;
+        }
+    }
+    PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+    return SECFailure;
+}
+
+PRBool
+ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme)
+{
+    switch (scheme) {
+        case ssl_sig_rsa_pkcs1_sha1:
+        case ssl_sig_rsa_pkcs1_sha256:
+        case ssl_sig_rsa_pkcs1_sha384:
+        case ssl_sig_rsa_pkcs1_sha512:
+        case ssl_sig_rsa_pss_sha256:
+        case ssl_sig_rsa_pss_sha384:
+        case ssl_sig_rsa_pss_sha512:
+        case ssl_sig_ecdsa_secp256r1_sha256:
+        case ssl_sig_ecdsa_secp384r1_sha384:
+        case ssl_sig_ecdsa_secp521r1_sha512:
+        case ssl_sig_dsa_sha1:
+        case ssl_sig_dsa_sha256:
+        case ssl_sig_dsa_sha384:
+        case ssl_sig_dsa_sha512:
+        case ssl_sig_ecdsa_sha1:
+            return PR_TRUE;
+
+        case ssl_sig_rsa_pkcs1_sha1md5:
+        case ssl_sig_none:
+        case ssl_sig_ed25519:
+        case ssl_sig_ed448:
+            return PR_FALSE;
+    }
+    return PR_FALSE;
+}
+
+PRBool
+ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme)
+{
+    switch (scheme) {
+        case ssl_sig_rsa_pss_sha256:
+        case ssl_sig_rsa_pss_sha384:
+        case ssl_sig_rsa_pss_sha512:
+            return PR_TRUE;
+
+        default:
+            return PR_FALSE;
+    }
+    return PR_FALSE;
+}
+
+/* ssl_ConsumeSignatureScheme reads a SSLSignatureScheme (formerly
+ * SignatureAndHashAlgorithm) structure from |b| and puts the resulting value
+ * into |out|. |b| and |length| are updated accordingly.
+ *
+ * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+SECStatus
+ssl_ConsumeSignatureScheme(sslSocket *ss, SSL3Opaque **b,
+                           PRUint32 *length, SSLSignatureScheme *out)
+{
+    PRUint32 tmp;
+    SECStatus rv;
+
+    rv = ssl3_ConsumeHandshakeNumber(ss, &tmp, 2, b, length);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Error code set already. */
+    }
+    if (!ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) {
+        PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+        return SECFailure;
+    }
+    *out = (SSLSignatureScheme)tmp;
+    return SECSuccess;
+}
+
+/**************************************************************************
+ * end of Consume Handshake functions.
+ **************************************************************************/
+
+static SECStatus
+ssl3_ComputeHandshakeHash(unsigned char *buf, unsigned int len,
+                          SSLHashType hashAlg, SSL3Hashes *hashes)
+{
+    SECStatus rv = SECFailure;
+    PK11Context *hashContext = PK11_CreateDigestContext(
+        ssl3_HashTypeToOID(hashAlg));
+
+    if (!hashContext) {
+        return rv;
+    }
+    rv = PK11_DigestBegin(hashContext);
+    if (rv == SECSuccess) {
+        rv = PK11_DigestOp(hashContext, buf, len);
+    }
+    if (rv == SECSuccess) {
+        rv = PK11_DigestFinal(hashContext, hashes->u.raw, &hashes->len,
+                              sizeof(hashes->u.raw));
+    }
+    if (rv == SECSuccess) {
+        hashes->hashAlg = hashAlg;
+    }
+    PK11_DestroyContext(hashContext, PR_TRUE);
+    return rv;
+}
+
+/* Extract the hashes of handshake messages to this point.
+ * Called from ssl3_SendCertificateVerify
+ *             ssl3_SendFinished
+ *             ssl3_HandleHandshakeMessage
+ *
+ * Caller must hold the SSL3HandshakeLock.
+ * Caller must hold a read or write lock on the Spec R/W lock.
+ *  (There is presently no way to assert on a Read lock.)
+ */
+SECStatus
+ssl3_ComputeHandshakeHashes(sslSocket *ss,
+                            ssl3CipherSpec *spec, /* uses ->master_secret */
+                            SSL3Hashes *hashes,   /* output goes here. */
+                            PRUint32 sender)
+{
+    SECStatus rv = SECSuccess;
+    PRBool isTLS = (PRBool)(spec->version > SSL_LIBRARY_VERSION_3_0);
+    unsigned int outLength;
+    SSL3Opaque md5_inner[MAX_MAC_LENGTH];
+    SSL3Opaque sha_inner[MAX_MAC_LENGTH];
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    hashes->hashAlg = ssl_hash_none;
+
+    if (ss->ssl3.hs.hashType == handshake_hash_single) {
+        PK11Context *h;
+        unsigned int stateLen;
+        unsigned char stackBuf[1024];
+        unsigned char *stateBuf = NULL;
+
+        h = ss->ssl3.hs.sha;
+        stateBuf = PK11_SaveContextAlloc(h, stackBuf,
+                                         sizeof(stackBuf), &stateLen);
+        if (stateBuf == NULL) {
+            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+            goto tls12_loser;
+        }
+        rv |= PK11_DigestFinal(h, hashes->u.raw, &hashes->len,
+                               sizeof(hashes->u.raw));
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+            rv = SECFailure;
+            goto tls12_loser;
+        }
+
+        hashes->hashAlg = ssl3_GetSuitePrfHash(ss);
+        rv = SECSuccess;
+
+    tls12_loser:
+        if (stateBuf) {
+            if (PK11_RestoreContext(h, stateBuf, stateLen) != SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+                rv = SECFailure;
+            }
+            if (stateBuf != stackBuf) {
+                PORT_ZFree(stateBuf, stateLen);
+            }
+        }
+    } else if (ss->ssl3.hs.hashType == handshake_hash_record) {
+        rv = ssl3_ComputeHandshakeHash(ss->ssl3.hs.messages.buf,
+                                       ss->ssl3.hs.messages.len,
+                                       ssl3_GetSuitePrfHash(ss),
+                                       hashes);
+    } else {
+        PK11Context *md5;
+        PK11Context *sha = NULL;
+        unsigned char *md5StateBuf = NULL;
+        unsigned char *shaStateBuf = NULL;
+        unsigned int md5StateLen, shaStateLen;
+        unsigned char md5StackBuf[256];
+        unsigned char shaStackBuf[512];
+
+        md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf,
+                                            sizeof md5StackBuf, &md5StateLen);
+        if (md5StateBuf == NULL) {
+            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+            goto loser;
+        }
+        md5 = ss->ssl3.hs.md5;
+
+        shaStateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.sha, shaStackBuf,
+                                            sizeof shaStackBuf, &shaStateLen);
+        if (shaStateBuf == NULL) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            goto loser;
+        }
+        sha = ss->ssl3.hs.sha;
+
+        if (!isTLS) {
+            /* compute hashes for SSL3. */
+            unsigned char s[4];
+
+            if (!spec->master_secret) {
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+                rv = SECFailure;
+                goto loser;
+            }
+
+            s[0] = (unsigned char)(sender >> 24);
+            s[1] = (unsigned char)(sender >> 16);
+            s[2] = (unsigned char)(sender >> 8);
+            s[3] = (unsigned char)sender;
+
+            if (sender != 0) {
+                rv |= PK11_DigestOp(md5, s, 4);
+                PRINT_BUF(95, (NULL, "MD5 inner: sender", s, 4));
+            }
+
+            PRINT_BUF(95, (NULL, "MD5 inner: MAC Pad 1", mac_pad_1,
+                           mac_defs[mac_md5].pad_size));
+
+            rv |= PK11_DigestKey(md5, spec->master_secret);
+            rv |= PK11_DigestOp(md5, mac_pad_1, mac_defs[mac_md5].pad_size);
+            rv |= PK11_DigestFinal(md5, md5_inner, &outLength, MD5_LENGTH);
+            PORT_Assert(rv != SECSuccess || outLength == MD5_LENGTH);
+            if (rv != SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+                rv = SECFailure;
+                goto loser;
+            }
+
+            PRINT_BUF(95, (NULL, "MD5 inner: result", md5_inner, outLength));
+
+            if (sender != 0) {
+                rv |= PK11_DigestOp(sha, s, 4);
+                PRINT_BUF(95, (NULL, "SHA inner: sender", s, 4));
+            }
+
+            PRINT_BUF(95, (NULL, "SHA inner: MAC Pad 1", mac_pad_1,
+                           mac_defs[mac_sha].pad_size));
+
+            rv |= PK11_DigestKey(sha, spec->master_secret);
+            rv |= PK11_DigestOp(sha, mac_pad_1, mac_defs[mac_sha].pad_size);
+            rv |= PK11_DigestFinal(sha, sha_inner, &outLength, SHA1_LENGTH);
+            PORT_Assert(rv != SECSuccess || outLength == SHA1_LENGTH);
+            if (rv != SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+                rv = SECFailure;
+                goto loser;
+            }
+
+            PRINT_BUF(95, (NULL, "SHA inner: result", sha_inner, outLength));
+
+            PRINT_BUF(95, (NULL, "MD5 outer: MAC Pad 2", mac_pad_2,
+                           mac_defs[mac_md5].pad_size));
+            PRINT_BUF(95, (NULL, "MD5 outer: MD5 inner", md5_inner, MD5_LENGTH));
+
+            rv |= PK11_DigestBegin(md5);
+            rv |= PK11_DigestKey(md5, spec->master_secret);
+            rv |= PK11_DigestOp(md5, mac_pad_2, mac_defs[mac_md5].pad_size);
+            rv |= PK11_DigestOp(md5, md5_inner, MD5_LENGTH);
+        }
+        rv |= PK11_DigestFinal(md5, hashes->u.s.md5, &outLength, MD5_LENGTH);
+        PORT_Assert(rv != SECSuccess || outLength == MD5_LENGTH);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+            rv = SECFailure;
+            goto loser;
+        }
+
+        PRINT_BUF(60, (NULL, "MD5 outer: result", hashes->u.s.md5, MD5_LENGTH));
+
+        if (!isTLS) {
+            PRINT_BUF(95, (NULL, "SHA outer: MAC Pad 2", mac_pad_2,
+                           mac_defs[mac_sha].pad_size));
+            PRINT_BUF(95, (NULL, "SHA outer: SHA inner", sha_inner, SHA1_LENGTH));
+
+            rv |= PK11_DigestBegin(sha);
+            rv |= PK11_DigestKey(sha, spec->master_secret);
+            rv |= PK11_DigestOp(sha, mac_pad_2, mac_defs[mac_sha].pad_size);
+            rv |= PK11_DigestOp(sha, sha_inner, SHA1_LENGTH);
+        }
+        rv |= PK11_DigestFinal(sha, hashes->u.s.sha, &outLength, SHA1_LENGTH);
+        PORT_Assert(rv != SECSuccess || outLength == SHA1_LENGTH);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            rv = SECFailure;
+            goto loser;
+        }
+
+        PRINT_BUF(60, (NULL, "SHA outer: result", hashes->u.s.sha, SHA1_LENGTH));
+
+        hashes->len = MD5_LENGTH + SHA1_LENGTH;
+        rv = SECSuccess;
+
+    loser:
+        if (md5StateBuf) {
+            if (PK11_RestoreContext(ss->ssl3.hs.md5, md5StateBuf, md5StateLen) !=
+                SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE);
+                rv = SECFailure;
+            }
+            if (md5StateBuf != md5StackBuf) {
+                PORT_ZFree(md5StateBuf, md5StateLen);
+            }
+        }
+        if (shaStateBuf) {
+            if (PK11_RestoreContext(ss->ssl3.hs.sha, shaStateBuf, shaStateLen) !=
+                SECSuccess) {
+                ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+                rv = SECFailure;
+            }
+            if (shaStateBuf != shaStackBuf) {
+                PORT_ZFree(shaStateBuf, shaStateLen);
+            }
+        }
+    }
+    return rv;
+}
+
+/**************************************************************************
+ * end of Handshake Hash functions.
+ * Begin Send and Handle functions for handshakes.
+ **************************************************************************/
+
+#ifdef TRACE
+#define CHTYPE(t)          \
+    case client_hello_##t: \
+        return #t;
+
+static const char *
+ssl_ClientHelloTypeName(sslClientHelloType type)
+{
+    switch (type) {
+        CHTYPE(initial);
+        CHTYPE(retry);
+        CHTYPE(retransmit);    /* DTLS only */
+        CHTYPE(renegotiation); /* TLS <= 1.2 only */
+    }
+    PORT_Assert(0);
+    return NULL;
+}
+#undef CHTYPE
+#endif
+
+/* Called from ssl3_HandleHelloRequest(),
+ *             ssl3_RedoHandshake()
+ *             ssl_BeginClientHandshake (when resuming ssl3 session)
+ *             dtls_HandleHelloVerifyRequest(with resending=PR_TRUE)
+ *
+ * The |type| argument indicates what is going on here:
+ * - client_hello_initial is set for the very first ClientHello
+ * - client_hello_retry indicates that this is a second attempt after receiving
+ *   a HelloRetryRequest (in TLS 1.3)
+ * - client_hello_retransmit is used in DTLS when resending
+ * - client_hello_renegotiation is used to renegotiate (in TLS <1.3)
+ */
+SECStatus
+ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
+{
+    sslSessionID *sid;
+    ssl3CipherSpec *cwSpec;
+    SECStatus rv;
+    int i;
+    int length;
+    int num_suites;
+    int actual_count = 0;
+    PRBool isTLS = PR_FALSE;
+    PRBool requestingResume = PR_FALSE, fallbackSCSV = PR_FALSE;
+    PRInt32 total_exten_len = 0;
+    unsigned paddingExtensionLen;
+    unsigned numCompressionMethods;
+    PRUint16 version;
+    PRInt32 flags;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send %s ClientHello handshake", SSL_GETPID(),
+                ss->fd, ssl_ClientHelloTypeName(type)));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    /* shouldn't get here if SSL3 is disabled, but ... */
+    if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+        PR_NOT_REACHED("No versions of SSL 3.0 or later are enabled");
+        PORT_SetError(SSL_ERROR_SSL_DISABLED);
+        return SECFailure;
+    }
+
+    /* If we are responding to a HelloRetryRequest, don't reinitialize. We need
+     * to maintain the handshake hashes. */
+    if (ss->ssl3.hs.helloRetry) {
+        PORT_Assert(type == client_hello_retry);
+    } else {
+        rv = ssl3_InitState(ss);
+        if (rv != SECSuccess) {
+            return rv; /* ssl3_InitState has set the error code. */
+        }
+
+        rv = ssl3_RestartHandshakeHashes(ss);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+
+    /* These must be reset every handshake. */
+    ss->ssl3.hs.sendingSCSV = PR_FALSE;
+    ss->ssl3.hs.preliminaryInfo = 0;
+    PORT_Assert(IS_DTLS(ss) || type != client_hello_retransmit);
+    SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
+    ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
+    ssl3_ResetExtensionData(&ss->xtnData);
+
+    /* How many suites does our PKCS11 support (regardless of policy)? */
+    num_suites = ssl3_config_match_init(ss);
+    if (!num_suites) {
+        return SECFailure; /* ssl3_config_match_init has set error code. */
+    }
+
+    /*
+     * During a renegotiation, ss->clientHelloVersion will be used again to
+     * work around a Windows SChannel bug. Ensure that it is still enabled.
+     */
+    if (ss->firstHsDone) {
+        PORT_Assert(type != client_hello_initial);
+        if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+            PORT_SetError(SSL_ERROR_SSL_DISABLED);
+            return SECFailure;
+        }
+
+        if (ss->clientHelloVersion < ss->vrange.min ||
+            ss->clientHelloVersion > ss->vrange.max) {
+            PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+            return SECFailure;
+        }
+    }
+
+    /* We ignore ss->sec.ci.sid here, and use ssl_Lookup because Lookup
+     * handles expired entries and other details.
+     * XXX If we've been called from ssl_BeginClientHandshake, then
+     * this lookup is duplicative and wasteful.
+     */
+    sid = (ss->opt.noCache) ? NULL
+                            : ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID, ss->url);
+
+    /* We can't resume based on a different token. If the sid exists,
+     * make sure the token that holds the master secret still exists ...
+     * If we previously did client-auth, make sure that the token that holds
+     * the private key still exists, is logged in, hasn't been removed, etc.
+     */
+    if (sid) {
+        PRBool sidOK = PR_TRUE;
+        const ssl3CipherSuiteCfg *suite;
+
+        /* Check that the cipher suite we need is enabled. */
+        suite = ssl_LookupCipherSuiteCfg(sid->u.ssl3.cipherSuite,
+                                         ss->cipherSuites);
+        PORT_Assert(suite);
+        if (!suite || !config_match(suite, ss->ssl3.policy, &ss->vrange, ss)) {
+            sidOK = PR_FALSE;
+        }
+
+        /* Check that we can recover the master secret. */
+        if (sidOK && sid->u.ssl3.keys.msIsWrapped) {
+            PK11SlotInfo *slot = NULL;
+            if (sid->u.ssl3.masterValid) {
+                slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
+                                         sid->u.ssl3.masterSlotID);
+            }
+            if (slot == NULL) {
+                sidOK = PR_FALSE;
+            } else {
+                PK11SymKey *wrapKey = NULL;
+                if (!PK11_IsPresent(slot) ||
+                    ((wrapKey = PK11_GetWrapKey(slot,
+                                                sid->u.ssl3.masterWrapIndex,
+                                                sid->u.ssl3.masterWrapMech,
+                                                sid->u.ssl3.masterWrapSeries,
+                                                ss->pkcs11PinArg)) == NULL)) {
+                    sidOK = PR_FALSE;
+                }
+                if (wrapKey)
+                    PK11_FreeSymKey(wrapKey);
+                PK11_FreeSlot(slot);
+                slot = NULL;
+            }
+        }
+        /* If we previously did client-auth, make sure that the token that
+        ** holds the private key still exists, is logged in, hasn't been
+        ** removed, etc.
+        */
+        if (sidOK && !ssl3_ClientAuthTokenPresent(sid)) {
+            sidOK = PR_FALSE;
+        }
+
+        if (sidOK) {
+            /* Set version based on the sid. */
+            if (ss->firstHsDone) {
+                /*
+                 * Windows SChannel compares the client_version inside the RSA
+                 * EncryptedPreMasterSecret of a renegotiation with the
+                 * client_version of the initial ClientHello rather than the
+                 * ClientHello in the renegotiation. To work around this bug, we
+                 * continue to use the client_version used in the initial
+                 * ClientHello when renegotiating.
+                 *
+                 * The client_version of the initial ClientHello is still
+                 * available in ss->clientHelloVersion. Ensure that
+                 * sid->version is bounded within
+                 * [ss->vrange.min, ss->clientHelloVersion], otherwise we
+                 * can't use sid.
+                 */
+                if (sid->version >= ss->vrange.min &&
+                    sid->version <= ss->clientHelloVersion) {
+                    version = ss->clientHelloVersion;
+                } else {
+                    sidOK = PR_FALSE;
+                }
+            } else {
+                /*
+                 * Check sid->version is OK first.
+                 * Previously, we would cap the version based on sid->version,
+                 * but that prevents negotiation of a higher version if the
+                 * previous session was reduced (e.g., with version fallback)
+                 */
+                if (sid->version < ss->vrange.min ||
+                    sid->version > ss->vrange.max) {
+                    sidOK = PR_FALSE;
+                } else {
+                    version = ss->vrange.max;
+                }
+            }
+        }
+
+        if (!sidOK) {
+            SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_not_ok);
+            ss->sec.uncache(sid);
+            ssl_FreeSID(sid);
+            sid = NULL;
+        }
+    }
+
+    if (sid) {
+        requestingResume = PR_TRUE;
+        SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_hits);
+
+        PRINT_BUF(4, (ss, "client, found session-id:", sid->u.ssl3.sessionID,
+                      sid->u.ssl3.sessionIDLength));
+
+        ss->ssl3.policy = sid->u.ssl3.policy;
+    } else {
+        SSL_AtomicIncrementLong(&ssl3stats.sch_sid_cache_misses);
+
+        /*
+         * Windows SChannel compares the client_version inside the RSA
+         * EncryptedPreMasterSecret of a renegotiation with the
+         * client_version of the initial ClientHello rather than the
+         * ClientHello in the renegotiation. To work around this bug, we
+         * continue to use the client_version used in the initial
+         * ClientHello when renegotiating.
+         */
+        if (ss->firstHsDone) {
+            version = ss->clientHelloVersion;
+        } else {
+            version = ss->vrange.max;
+        }
+
+        sid = ssl3_NewSessionID(ss, PR_FALSE);
+        if (!sid) {
+            return SECFailure; /* memory error is set */
+        }
+        /* ss->version isn't set yet, but the sid needs a sane value. */
+        sid->version = version;
+    }
+
+    isTLS = (version > SSL_LIBRARY_VERSION_3_0);
+    ssl_GetSpecWriteLock(ss);
+    cwSpec = ss->ssl3.cwSpec;
+    if (cwSpec->mac_def->mac == mac_null) {
+        /* SSL records are not being MACed. */
+        cwSpec->version = version;
+    }
+    ssl_ReleaseSpecWriteLock(ss);
+
+    if (ss->sec.ci.sid != NULL) {
+        ssl_FreeSID(ss->sec.ci.sid); /* decrement ref count, free if zero */
+    }
+    ss->sec.ci.sid = sid;
+
+    /* HACK for SCSV in SSL 3.0.  On initial handshake, prepend SCSV,
+     * only if TLS is disabled.
+     */
+    if (!ss->firstHsDone && !isTLS) {
+        /* Must set this before calling Hello Extension Senders,
+         * to suppress sending of empty RI extension.
+         */
+        ss->ssl3.hs.sendingSCSV = PR_TRUE;
+    }
+
+    /* When we attempt session resumption (only), we must lock the sid to
+     * prevent races with other resumption connections that receive a
+     * NewSessionTicket that will cause the ticket in the sid to be replaced.
+     * Once we've copied the session ticket into our ClientHello message, it
+     * is OK for the ticket to change, so we just need to make sure we hold
+     * the lock across the calls to ssl3_CallHelloExtensionSenders.
+     */
+    if (sid->u.ssl3.lock) {
+        PR_RWLock_Rlock(sid->u.ssl3.lock);
+    }
+
+    if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3 &&
+        type == client_hello_initial) {
+        rv = tls13_SetupClientHello(ss);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+    if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
+        PRUint32 maxBytes = 65535; /* 2^16 - 1 */
+        PRInt32 extLen;
+
+        extLen = ssl3_CallHelloExtensionSenders(ss, PR_FALSE, maxBytes, NULL);
+        if (extLen < 0) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return SECFailure;
+        }
+        total_exten_len += extLen;
+
+        if (total_exten_len > 0)
+            total_exten_len += 2;
+    }
+
+    if (IS_DTLS(ss)) {
+        ssl3_DisableNonDTLSSuites(ss);
+    }
+
+    /* how many suites are permitted by policy and user preference? */
+    num_suites = count_cipher_suites(ss, ss->ssl3.policy);
+    if (!num_suites) {
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return SECFailure; /* count_cipher_suites has set error code. */
+    }
+
+    fallbackSCSV = ss->opt.enableFallbackSCSV && (!requestingResume ||
+                                                  version < sid->version);
+    /* make room for SCSV */
+    if (ss->ssl3.hs.sendingSCSV) {
+        ++num_suites;
+    }
+    if (fallbackSCSV) {
+        ++num_suites;
+    }
+
+    /* count compression methods */
+    numCompressionMethods = 0;
+    for (i = 0; i < ssl_compression_method_count; i++) {
+        if (ssl_CompressionEnabled(ss, ssl_compression_methods[i]))
+            numCompressionMethods++;
+    }
+
+    length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH +
+             1 + (sid->version >= SSL_LIBRARY_VERSION_TLS_1_3
+                      ? 0
+                      : sid->u.ssl3.sessionIDLength) +
+             2 + num_suites * sizeof(ssl3CipherSuite) +
+             1 + numCompressionMethods + total_exten_len;
+    if (IS_DTLS(ss)) {
+        length += 1 + ss->ssl3.hs.cookie.len;
+    }
+
+    /* A padding extension may be included to ensure that the record containing
+     * the ClientHello doesn't have a length between 256 and 511 bytes
+     * (inclusive). Initial, ClientHello records with such lengths trigger bugs
+     * in F5 devices.
+     *
+     * This is not done for DTLS, for renegotiation, or when there are no
+     * extensions. */
+    if (!IS_DTLS(ss) && isTLS && !ss->firstHsDone && total_exten_len) {
+        paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
+        total_exten_len += paddingExtensionLen;
+        length += paddingExtensionLen;
+    } else {
+        paddingExtensionLen = 0;
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
+    if (rv != SECSuccess) {
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
+    }
+
+    if (ss->firstHsDone) {
+        /* The client hello version must stay unchanged to work around
+         * the Windows SChannel bug described above. */
+        PORT_Assert(version == ss->clientHelloVersion);
+    }
+    ss->clientHelloVersion = PR_MIN(version, SSL_LIBRARY_VERSION_TLS_1_2);
+    if (IS_DTLS(ss)) {
+        PRUint16 dtlsVersion;
+
+        dtlsVersion = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion);
+        rv = ssl3_AppendHandshakeNumber(ss, dtlsVersion, 2);
+    } else {
+        rv = ssl3_AppendHandshakeNumber(ss, ss->clientHelloVersion, 2);
+    }
+    if (rv != SECSuccess) {
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
+    }
+
+    /* Generate a new random if this is the first attempt. */
+    if (type == client_hello_initial) {
+        rv = ssl3_GetNewRandom(&ss->ssl3.hs.client_random);
+        if (rv != SECSuccess) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by GetNewRandom. */
+        }
+    }
+    rv = ssl3_AppendHandshake(ss, &ss->ssl3.hs.client_random,
+                              SSL3_RANDOM_LENGTH);
+    if (rv != SECSuccess) {
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
+    }
+
+    if (sid->version < SSL_LIBRARY_VERSION_TLS_1_3)
+        rv = ssl3_AppendHandshakeVariable(
+            ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
+    else
+        rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
+    if (rv != SECSuccess) {
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
+    }
+
+    if (IS_DTLS(ss)) {
+        rv = ssl3_AppendHandshakeVariable(
+            ss, ss->ssl3.hs.cookie.data, ss->ssl3.hs.cookie.len, 1);
+        if (rv != SECSuccess) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
+        }
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, num_suites * sizeof(ssl3CipherSuite), 2);
+    if (rv != SECSuccess) {
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
+    }
+
+    if (ss->ssl3.hs.sendingSCSV) {
+        /* Add the actual SCSV */
+        rv = ssl3_AppendHandshakeNumber(ss, TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
+                                        sizeof(ssl3CipherSuite));
+        if (rv != SECSuccess) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
+        }
+        actual_count++;
+    }
+    if (fallbackSCSV) {
+        rv = ssl3_AppendHandshakeNumber(ss, TLS_FALLBACK_SCSV,
+                                        sizeof(ssl3CipherSuite));
+        if (rv != SECSuccess) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
+        }
+        actual_count++;
+    }
+    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
+        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
+        if (config_match(suite, ss->ssl3.policy, &ss->vrange, ss)) {
+            actual_count++;
+            if (actual_count > num_suites) {
+                if (sid->u.ssl3.lock) {
+                    PR_RWLock_Unlock(sid->u.ssl3.lock);
+                }
+                /* set error card removal/insertion error */
+                PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
+                return SECFailure;
+            }
+            rv = ssl3_AppendHandshakeNumber(ss, suite->cipher_suite,
+                                            sizeof(ssl3CipherSuite));
+            if (rv != SECSuccess) {
+                if (sid->u.ssl3.lock) {
+                    PR_RWLock_Unlock(sid->u.ssl3.lock);
+                }
+                return rv; /* err set by ssl3_AppendHandshake* */
+            }
+        }
+    }
+
+    /* if cards were removed or inserted between count_cipher_suites and
+     * generating our list, detect the error here rather than send it off to
+     * the server.. */
+    if (actual_count != num_suites) {
+        /* Card removal/insertion error */
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
+        return SECFailure;
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, numCompressionMethods, 1);
+    if (rv != SECSuccess) {
+        if (sid->u.ssl3.lock) {
+            PR_RWLock_Unlock(sid->u.ssl3.lock);
+        }
+        return rv; /* err set by ssl3_AppendHandshake* */
+    }
+    for (i = 0; i < ssl_compression_method_count; i++) {
+        if (!ssl_CompressionEnabled(ss, ssl_compression_methods[i]))
+            continue;
+        rv = ssl3_AppendHandshakeNumber(ss, ssl_compression_methods[i], 1);
+        if (rv != SECSuccess) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by ssl3_AppendHandshake* */
+        }
+    }
+
+    if (total_exten_len) {
+        PRUint32 maxBytes = total_exten_len - 2;
+        PRInt32 extLen;
+
+        rv = ssl3_AppendHandshakeNumber(ss, maxBytes, 2);
+        if (rv != SECSuccess) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return rv; /* err set by AppendHandshake. */
+        }
+
+        extLen = ssl3_AppendPaddingExtension(ss, paddingExtensionLen, maxBytes);
+        if (extLen < 0) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return SECFailure;
+        }
+        maxBytes -= extLen;
+
+        extLen = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, maxBytes, NULL);
+        if (extLen < 0) {
+            if (sid->u.ssl3.lock) {
+                PR_RWLock_Unlock(sid->u.ssl3.lock);
+            }
+            return SECFailure;
+        }
+        maxBytes -= extLen;
+
+        PORT_Assert(!maxBytes);
+    }
+
+    if (sid->u.ssl3.lock) {
+        PR_RWLock_Unlock(sid->u.ssl3.lock);
+    }
+
+    if (ss->xtnData.sentSessionTicketInClientHello) {
+        SSL_AtomicIncrementLong(&ssl3stats.sch_sid_stateless_resumes);
+    }
+
+    if (ss->ssl3.hs.sendingSCSV) {
+        /* Since we sent the SCSV, pretend we sent empty RI extension. */
+        TLSExtensionData *xtnData = &ss->xtnData;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_renegotiation_info_xtn;
+    }
+
+    flags = 0;
+    if (!ss->firstHsDone && !IS_DTLS(ss)) {
+        flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;
+    }
+    rv = ssl3_FlushHandshake(ss, flags);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by ssl3_FlushHandshake */
+    }
+
+    if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = tls13_MaybeDo0RTTHandshake(ss);
+        if (rv != SECSuccess) {
+            return SECFailure; /* error code set already. */
+        }
+    }
+
+    ss->ssl3.hs.ws = wait_server_hello;
+    return SECSuccess;
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered a
+ * complete ssl3 Hello Request.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleHelloRequest(sslSocket *ss)
+{
+    sslSessionID *sid = ss->sec.ci.sid;
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle hello_request handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
+
+    if (ss->ssl3.hs.ws == wait_server_hello)
+        return SECSuccess;
+    if (ss->ssl3.hs.ws != idle_handshake || ss->sec.isServer) {
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
+        return SECFailure;
+    }
+    if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
+        (void)SSL3_SendAlert(ss, alert_warning, no_renegotiation);
+        PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+        return SECFailure;
+    }
+
+    if (sid) {
+        ss->sec.uncache(sid);
+        ssl_FreeSID(sid);
+        ss->sec.ci.sid = NULL;
+    }
+
+    if (IS_DTLS(ss)) {
+        dtls_RehandshakeCleanup(ss);
+    }
+
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_SendClientHello(ss, client_hello_renegotiation);
+    ssl_ReleaseXmitBufLock(ss);
+
+    return rv;
+}
+
+static const CK_MECHANISM_TYPE wrapMechanismList[SSL_NUM_WRAP_MECHS] = {
+    CKM_DES3_ECB,
+    CKM_CAST5_ECB,
+    CKM_DES_ECB,
+    CKM_KEY_WRAP_LYNKS,
+    CKM_IDEA_ECB,
+    CKM_CAST3_ECB,
+    CKM_CAST_ECB,
+    CKM_RC5_ECB,
+    CKM_RC2_ECB,
+    CKM_CDMF_ECB,
+    CKM_SKIPJACK_WRAP,
+    CKM_SKIPJACK_CBC64,
+    CKM_AES_ECB,
+    CKM_CAMELLIA_ECB,
+    CKM_SEED_ECB
+};
+
+static SECStatus
+ssl_FindIndexByWrapMechanism(CK_MECHANISM_TYPE mech, unsigned int *wrapMechIndex)
+{
+    unsigned int i;
+    for (i = 0; i < SSL_NUM_WRAP_MECHS; ++i) {
+        if (wrapMechanismList[i] == mech) {
+            *wrapMechIndex = i;
+            return SECSuccess;
+        }
+    }
+    PORT_Assert(0);
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+}
+
+/* Each process sharing the server session ID cache has its own array of SymKey
+ * pointers for the symmetric wrapping keys that are used to wrap the master
+ * secrets.  There is one key for each authentication type.  These Symkeys
+ * correspond to the wrapped SymKeys kept in the server session cache.
+ */
+const SSLAuthType ssl_wrap_key_auth_type[SSL_NUM_WRAP_KEYS] = {
+    ssl_auth_rsa_decrypt,
+    ssl_auth_rsa_sign,
+    ssl_auth_rsa_pss,
+    ssl_auth_ecdsa,
+    ssl_auth_ecdh_rsa,
+    ssl_auth_ecdh_ecdsa
+};
+
+static SECStatus
+ssl_FindIndexByWrapKey(const sslServerCert *serverCert, unsigned int *wrapKeyIndex)
+{
+    unsigned int i;
+    for (i = 0; i < SSL_NUM_WRAP_KEYS; ++i) {
+        if (SSL_CERT_IS(serverCert, ssl_wrap_key_auth_type[i])) {
+            *wrapKeyIndex = i;
+            return SECSuccess;
+        }
+    }
+    /* Can't assert here because we still get people using DSA certificates. */
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+}
+
+static PK11SymKey *
+ssl_UnwrapSymWrappingKey(
+    SSLWrappedSymWrappingKey *pWswk,
+    SECKEYPrivateKey *svrPrivKey,
+    unsigned int wrapKeyIndex,
+    CK_MECHANISM_TYPE masterWrapMech,
+    void *pwArg)
+{
+    PK11SymKey *unwrappedWrappingKey = NULL;
+    SECItem wrappedKey;
+    PK11SymKey *Ks;
+    SECKEYPublicKey pubWrapKey;
+    ECCWrappedKeyInfo *ecWrapped;
+
+    /* found the wrapping key on disk. */
+    PORT_Assert(pWswk->symWrapMechanism == masterWrapMech);
+    PORT_Assert(pWswk->wrapKeyIndex == wrapKeyIndex);
+    if (pWswk->symWrapMechanism != masterWrapMech ||
+        pWswk->wrapKeyIndex != wrapKeyIndex) {
+        goto loser;
+    }
+    wrappedKey.type = siBuffer;
+    wrappedKey.data = pWswk->wrappedSymmetricWrappingkey;
+    wrappedKey.len = pWswk->wrappedSymKeyLen;
+    PORT_Assert(wrappedKey.len <= sizeof pWswk->wrappedSymmetricWrappingkey);
+
+    switch (ssl_wrap_key_auth_type[wrapKeyIndex]) {
+
+        case ssl_auth_rsa_decrypt:
+        case ssl_auth_rsa_sign: /* bad: see Bug 1248320 */
+            unwrappedWrappingKey =
+                PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
+                                     masterWrapMech, CKA_UNWRAP, 0);
+            break;
+
+        case ssl_auth_ecdsa:
+        case ssl_auth_ecdh_rsa:
+        case ssl_auth_ecdh_ecdsa:
+            /*
+             * For ssl_auth_ecd*, we first create an EC public key based on
+             * data stored with the wrappedSymmetricWrappingkey. Next,
+             * we do an ECDH computation involving this public key and
+             * the SSL server's (long-term) EC private key. The resulting
+             * shared secret is treated the same way as Fortezza's Ks, i.e.,
+             * it is used to recover the symmetric wrapping key.
+             *
+             * The data in wrappedSymmetricWrappingkey is laid out as defined
+             * in the ECCWrappedKeyInfo structure.
+             */
+            ecWrapped = (ECCWrappedKeyInfo *)pWswk->wrappedSymmetricWrappingkey;
+
+            PORT_Assert(ecWrapped->encodedParamLen + ecWrapped->pubValueLen +
+                            ecWrapped->wrappedKeyLen <=
+                        MAX_EC_WRAPPED_KEY_BUFLEN);
+
+            if (ecWrapped->encodedParamLen + ecWrapped->pubValueLen +
+                    ecWrapped->wrappedKeyLen >
+                MAX_EC_WRAPPED_KEY_BUFLEN) {
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                goto loser;
+            }
+
+            pubWrapKey.keyType = ecKey;
+            pubWrapKey.u.ec.size = ecWrapped->size;
+            pubWrapKey.u.ec.DEREncodedParams.len = ecWrapped->encodedParamLen;
+            pubWrapKey.u.ec.DEREncodedParams.data = ecWrapped->var;
+            pubWrapKey.u.ec.publicValue.len = ecWrapped->pubValueLen;
+            pubWrapKey.u.ec.publicValue.data = ecWrapped->var +
+                                               ecWrapped->encodedParamLen;
+
+            wrappedKey.len = ecWrapped->wrappedKeyLen;
+            wrappedKey.data = ecWrapped->var + ecWrapped->encodedParamLen +
+                              ecWrapped->pubValueLen;
+
+            /* Derive Ks using ECDH */
+            Ks = PK11_PubDeriveWithKDF(svrPrivKey, &pubWrapKey, PR_FALSE, NULL,
+                                       NULL, CKM_ECDH1_DERIVE, masterWrapMech,
+                                       CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
+            if (Ks == NULL) {
+                goto loser;
+            }
+
+            /*  Use Ks to unwrap the wrapping key */
+            unwrappedWrappingKey = PK11_UnwrapSymKey(Ks, masterWrapMech, NULL,
+                                                     &wrappedKey, masterWrapMech,
+                                                     CKA_UNWRAP, 0);
+            PK11_FreeSymKey(Ks);
+
+            break;
+
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            goto loser;
+    }
+loser:
+    return unwrappedWrappingKey;
+}
+
+typedef struct {
+    PK11SymKey *symWrapKey[SSL_NUM_WRAP_KEYS];
+} ssl3SymWrapKey;
+
+static PZLock *symWrapKeysLock = NULL;
+static ssl3SymWrapKey symWrapKeys[SSL_NUM_WRAP_MECHS];
+
+SECStatus
+ssl_FreeSymWrapKeysLock(void)
+{
+    if (symWrapKeysLock) {
+        PZ_DestroyLock(symWrapKeysLock);
+        symWrapKeysLock = NULL;
+        return SECSuccess;
+    }
+    PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+    return SECFailure;
+}
+
+SECStatus
+SSL3_ShutdownServerCache(void)
+{
+    int i, j;
+
+    if (!symWrapKeysLock)
+        return SECSuccess; /* lock was never initialized */
+    PZ_Lock(symWrapKeysLock);
+    /* get rid of all symWrapKeys */
+    for (i = 0; i < SSL_NUM_WRAP_MECHS; ++i) {
+        for (j = 0; j < SSL_NUM_WRAP_KEYS; ++j) {
+            PK11SymKey **pSymWrapKey;
+            pSymWrapKey = &symWrapKeys[i].symWrapKey[j];
+            if (*pSymWrapKey) {
+                PK11_FreeSymKey(*pSymWrapKey);
+                *pSymWrapKey = NULL;
+            }
+        }
+    }
+
+    PZ_Unlock(symWrapKeysLock);
+    ssl_FreeSessionCacheLocks();
+    return SECSuccess;
+}
+
+SECStatus
+ssl_InitSymWrapKeysLock(void)
+{
+    symWrapKeysLock = PZ_NewLock(nssILockOther);
+    return symWrapKeysLock ? SECSuccess : SECFailure;
+}
+
+/* Try to get wrapping key for mechanism from in-memory array.
+ * If that fails, look for one on disk.
+ * If that fails, generate a new one, put the new one on disk,
+ * Put the new key in the in-memory array.
+ *
+ * Note that this function performs some fairly inadvisable functions with
+ * certificate private keys.  ECDSA keys are used with ECDH; similarly, RSA
+ * signing keys are used to encrypt.  Bug 1248320.
+ */
+PK11SymKey *
+ssl3_GetWrappingKey(sslSocket *ss,
+                    PK11SlotInfo *masterSecretSlot,
+                    CK_MECHANISM_TYPE masterWrapMech,
+                    void *pwArg)
+{
+    SSLAuthType authType;
+    SECKEYPrivateKey *svrPrivKey;
+    SECKEYPublicKey *svrPubKey = NULL;
+    PK11SymKey *unwrappedWrappingKey = NULL;
+    PK11SymKey **pSymWrapKey;
+    CK_MECHANISM_TYPE asymWrapMechanism = CKM_INVALID_MECHANISM;
+    int length;
+    unsigned int wrapMechIndex;
+    unsigned int wrapKeyIndex;
+    SECStatus rv;
+    SECItem wrappedKey;
+    SSLWrappedSymWrappingKey wswk;
+    PK11SymKey *Ks = NULL;
+    SECKEYPublicKey *pubWrapKey = NULL;
+    SECKEYPrivateKey *privWrapKey = NULL;
+    ECCWrappedKeyInfo *ecWrapped;
+    const sslServerCert *serverCert = ss->sec.serverCert;
+
+    PORT_Assert(serverCert);
+    PORT_Assert(serverCert->serverKeyPair);
+    PORT_Assert(serverCert->serverKeyPair->privKey);
+    PORT_Assert(serverCert->serverKeyPair->pubKey);
+    if (!serverCert || !serverCert->serverKeyPair ||
+        !serverCert->serverKeyPair->privKey ||
+        !serverCert->serverKeyPair->pubKey) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL; /* hmm */
+    }
+
+    rv = ssl_FindIndexByWrapKey(serverCert, &wrapKeyIndex);
+    if (rv != SECSuccess)
+        return NULL; /* unusable wrapping key. */
+
+    rv = ssl_FindIndexByWrapMechanism(masterWrapMech, &wrapMechIndex);
+    if (rv != SECSuccess)
+        return NULL; /* invalid masterWrapMech. */
+
+    authType = ssl_wrap_key_auth_type[wrapKeyIndex];
+    svrPrivKey = serverCert->serverKeyPair->privKey;
+    pSymWrapKey = &symWrapKeys[wrapMechIndex].symWrapKey[wrapKeyIndex];
+
+    ssl_InitSessionCacheLocks(PR_TRUE);
+
+    PZ_Lock(symWrapKeysLock);
+
+    unwrappedWrappingKey = *pSymWrapKey;
+    if (unwrappedWrappingKey != NULL) {
+        if (PK11_VerifyKeyOK(unwrappedWrappingKey)) {
+            unwrappedWrappingKey = PK11_ReferenceSymKey(unwrappedWrappingKey);
+            goto done;
+        }
+        /* slot series has changed, so this key is no good any more. */
+        PK11_FreeSymKey(unwrappedWrappingKey);
+        *pSymWrapKey = unwrappedWrappingKey = NULL;
+    }
+
+    /* Try to get wrapped SymWrapping key out of the (disk) cache. */
+    /* Following call fills in wswk on success. */
+    rv = ssl_GetWrappingKey(wrapMechIndex, wrapKeyIndex, &wswk);
+    if (rv == SECSuccess) {
+        /* found the wrapped sym wrapping key on disk. */
+        unwrappedWrappingKey =
+            ssl_UnwrapSymWrappingKey(&wswk, svrPrivKey, wrapKeyIndex,
+                                     masterWrapMech, pwArg);
+        if (unwrappedWrappingKey) {
+            goto install;
+        }
+    }
+
+    if (!masterSecretSlot) /* caller doesn't want to create a new one. */
+        goto loser;
+
+    length = PK11_GetBestKeyLength(masterSecretSlot, masterWrapMech);
+    /* Zero length means fixed key length algorithm, or error.
+     * It's ambiguous.
+     */
+    unwrappedWrappingKey = PK11_KeyGen(masterSecretSlot, masterWrapMech, NULL,
+                                       length, pwArg);
+    if (!unwrappedWrappingKey) {
+        goto loser;
+    }
+
+    /* Prepare the buffer to receive the wrappedWrappingKey,
+     * the symmetric wrapping key wrapped using the server's pub key.
+     */
+    PORT_Memset(&wswk, 0, sizeof wswk); /* eliminate UMRs. */
+
+    svrPubKey = serverCert->serverKeyPair->pubKey;
+    wrappedKey.type = siBuffer;
+    wrappedKey.len = SECKEY_PublicKeyStrength(svrPubKey);
+    wrappedKey.data = wswk.wrappedSymmetricWrappingkey;
+
+    PORT_Assert(wrappedKey.len <= sizeof wswk.wrappedSymmetricWrappingkey);
+    if (wrappedKey.len > sizeof wswk.wrappedSymmetricWrappingkey)
+        goto loser;
+
+    /* wrap symmetric wrapping key in server's public key. */
+    switch (authType) {
+        case ssl_auth_rsa_decrypt:
+        case ssl_auth_rsa_sign: /* bad: see Bug 1248320 */
+            asymWrapMechanism = CKM_RSA_PKCS;
+            rv = PK11_PubWrapSymKey(asymWrapMechanism, svrPubKey,
+                                    unwrappedWrappingKey, &wrappedKey);
+            break;
+
+        case ssl_auth_ecdsa:
+        case ssl_auth_ecdh_rsa:
+        case ssl_auth_ecdh_ecdsa:
+            /*
+             * We generate an ephemeral EC key pair. Perform an ECDH
+             * computation involving this ephemeral EC public key and
+             * the SSL server's (long-term) EC private key. The resulting
+             * shared secret is treated in the same way as Fortezza's Ks,
+             * i.e., it is used to wrap the wrapping key. To facilitate
+             * unwrapping in ssl_UnwrapWrappingKey, we also store all
+             * relevant info about the ephemeral EC public key in
+             * wswk.wrappedSymmetricWrappingkey and lay it out as
+             * described in the ECCWrappedKeyInfo structure.
+             */
+            PORT_Assert(SECKEY_GetPublicKeyType(svrPubKey) == ecKey);
+            if (SECKEY_GetPublicKeyType(svrPubKey) != ecKey) {
+                /* something is wrong in sslsecur.c if this isn't an ecKey */
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                rv = SECFailure;
+                goto ec_cleanup;
+            }
+
+            privWrapKey = SECKEY_CreateECPrivateKey(
+                &svrPubKey->u.ec.DEREncodedParams, &pubWrapKey, NULL);
+            if ((privWrapKey == NULL) || (pubWrapKey == NULL)) {
+                rv = SECFailure;
+                goto ec_cleanup;
+            }
+
+            /* Set the key size in bits */
+            if (pubWrapKey->u.ec.size == 0) {
+                pubWrapKey->u.ec.size = SECKEY_PublicKeyStrengthInBits(svrPubKey);
+            }
+
+            PORT_Assert(pubWrapKey->u.ec.DEREncodedParams.len +
+                            pubWrapKey->u.ec.publicValue.len <
+                        MAX_EC_WRAPPED_KEY_BUFLEN);
+            if (pubWrapKey->u.ec.DEREncodedParams.len +
+                    pubWrapKey->u.ec.publicValue.len >=
+                MAX_EC_WRAPPED_KEY_BUFLEN) {
+                PORT_SetError(SEC_ERROR_INVALID_KEY);
+                rv = SECFailure;
+                goto ec_cleanup;
+            }
+
+            /* Derive Ks using ECDH */
+            Ks = PK11_PubDeriveWithKDF(svrPrivKey, pubWrapKey, PR_FALSE, NULL,
+                                       NULL, CKM_ECDH1_DERIVE, masterWrapMech,
+                                       CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
+            if (Ks == NULL) {
+                rv = SECFailure;
+                goto ec_cleanup;
+            }
+
+            ecWrapped = (ECCWrappedKeyInfo *)(wswk.wrappedSymmetricWrappingkey);
+            ecWrapped->size = pubWrapKey->u.ec.size;
+            ecWrapped->encodedParamLen = pubWrapKey->u.ec.DEREncodedParams.len;
+            PORT_Memcpy(ecWrapped->var, pubWrapKey->u.ec.DEREncodedParams.data,
+                        pubWrapKey->u.ec.DEREncodedParams.len);
+
+            ecWrapped->pubValueLen = pubWrapKey->u.ec.publicValue.len;
+            PORT_Memcpy(ecWrapped->var + ecWrapped->encodedParamLen,
+                        pubWrapKey->u.ec.publicValue.data,
+                        pubWrapKey->u.ec.publicValue.len);
+
+            wrappedKey.len = MAX_EC_WRAPPED_KEY_BUFLEN -
+                             (ecWrapped->encodedParamLen + ecWrapped->pubValueLen);
+            wrappedKey.data = ecWrapped->var + ecWrapped->encodedParamLen +
+                              ecWrapped->pubValueLen;
+
+            /* wrap symmetricWrapping key with the local Ks */
+            rv = PK11_WrapSymKey(masterWrapMech, NULL, Ks,
+                                 unwrappedWrappingKey, &wrappedKey);
+
+            if (rv != SECSuccess) {
+                goto ec_cleanup;
+            }
+
+            /* Write down the length of wrapped key in the buffer
+             * wswk.wrappedSymmetricWrappingkey at the appropriate offset
+             */
+            ecWrapped->wrappedKeyLen = wrappedKey.len;
+
+        ec_cleanup:
+            if (privWrapKey)
+                SECKEY_DestroyPrivateKey(privWrapKey);
+            if (pubWrapKey)
+                SECKEY_DestroyPublicKey(pubWrapKey);
+            if (Ks)
+                PK11_FreeSymKey(Ks);
+            asymWrapMechanism = masterWrapMech;
+            break;
+
+        default:
+            rv = SECFailure;
+            break;
+    }
+
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    PORT_Assert(asymWrapMechanism != CKM_INVALID_MECHANISM);
+
+    wswk.symWrapMechanism = masterWrapMech;
+    wswk.asymWrapMechanism = asymWrapMechanism;
+    wswk.wrapMechIndex = wrapMechIndex;
+    wswk.wrapKeyIndex = wrapKeyIndex;
+    wswk.wrappedSymKeyLen = wrappedKey.len;
+
+    /* put it on disk. */
+    /* If the wrapping key for this KEA type has already been set,
+     * then abandon the value we just computed and
+     * use the one we got from the disk.
+     */
+    rv = ssl_SetWrappingKey(&wswk);
+    if (rv == SECSuccess) {
+        /* somebody beat us to it.  The original contents of our wswk
+         * has been replaced with the content on disk.  Now, discard
+         * the key we just created and unwrap this new one.
+         */
+        PK11_FreeSymKey(unwrappedWrappingKey);
+
+        unwrappedWrappingKey =
+            ssl_UnwrapSymWrappingKey(&wswk, svrPrivKey, wrapKeyIndex,
+                                     masterWrapMech, pwArg);
+    }
+
+install:
+    if (unwrappedWrappingKey) {
+        *pSymWrapKey = PK11_ReferenceSymKey(unwrappedWrappingKey);
+    }
+
+loser:
+done:
+    PZ_Unlock(symWrapKeysLock);
+    return unwrappedWrappingKey;
+}
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+/* hexEncode hex encodes |length| bytes from |in| and writes it as |length*2|
+ * bytes to |out|. */
+static void
+hexEncode(char *out, const unsigned char *in, unsigned int length)
+{
+    static const char hextable[] = "0123456789abcdef";
+    unsigned int i;
+
+    for (i = 0; i < length; i++) {
+        *(out++) = hextable[in[i] >> 4];
+        *(out++) = hextable[in[i] & 15];
+    }
+}
+#endif
+
+/* Called from ssl3_SendClientKeyExchange(). */
+static SECStatus
+ssl3_SendRSAClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
+{
+    PK11SymKey *pms = NULL;
+    SECStatus rv = SECFailure;
+    SECItem enc_pms = { siBuffer, NULL, 0 };
+    PRBool isTLS;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    /* Generate the pre-master secret ...  */
+    ssl_GetSpecWriteLock(ss);
+    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.pwSpec, NULL);
+    ssl_ReleaseSpecWriteLock(ss);
+    if (pms == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    /* Get the wrapped (encrypted) pre-master secret, enc_pms */
+    enc_pms.len = SECKEY_PublicKeyStrength(svrPubKey);
+    enc_pms.data = (unsigned char *)PORT_Alloc(enc_pms.len);
+    if (enc_pms.data == NULL) {
+        goto loser; /* err set by PORT_Alloc */
+    }
+
+    /* wrap pre-master secret in server's public key. */
+    rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, pms, &enc_pms);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+    if (ssl_keylog_iob) {
+        SECStatus extractRV = PK11_ExtractKeyValue(pms);
+        if (extractRV == SECSuccess) {
+            SECItem *keyData = PK11_GetKeyData(pms);
+            if (keyData && keyData->data && keyData->len) {
+#ifdef TRACE
+                if (ssl_trace >= 100) {
+                    ssl_PrintBuf(ss, "Pre-Master Secret",
+                                 keyData->data, keyData->len);
+                }
+#endif
+                if (ssl_keylog_iob && enc_pms.len >= 8 && keyData->len == 48) {
+                    /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
+
+                    /* There could be multiple, concurrent writers to the
+                     * keylog, so we have to do everything in a single call to
+                     * fwrite. */
+                    char buf[4 + 8 * 2 + 1 + 48 * 2 + 1];
+
+                    strcpy(buf, "RSA ");
+                    hexEncode(buf + 4, enc_pms.data, 8);
+                    buf[20] = ' ';
+                    hexEncode(buf + 21, keyData->data, 48);
+                    buf[sizeof(buf) - 1] = '\n';
+
+                    fwrite(buf, sizeof(buf), 1, ssl_keylog_iob);
+                    fflush(ssl_keylog_iob);
+                }
+            }
+        }
+    }
+#endif
+
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
+                                    isTLS ? enc_pms.len + 2
+                                          : enc_pms.len);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by ssl3_AppendHandshake* */
+    }
+    if (isTLS) {
+        rv = ssl3_AppendHandshakeVariable(ss, enc_pms.data, enc_pms.len, 2);
+    } else {
+        rv = ssl3_AppendHandshake(ss, enc_pms.data, enc_pms.len);
+    }
+    if (rv != SECSuccess) {
+        goto loser; /* err set by ssl3_AppendHandshake* */
+    }
+
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
+    PK11_FreeSymKey(pms);
+    pms = NULL;
+
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    rv = SECSuccess;
+
+loser:
+    if (enc_pms.data != NULL) {
+        PORT_Free(enc_pms.data);
+    }
+    if (pms != NULL) {
+        PK11_FreeSymKey(pms);
+    }
+    return rv;
+}
+
+/* DH shares need to be padded to the size of their prime.  Some implementations
+ * require this.  TLS 1.3 also requires this. */
+SECStatus
+ssl_AppendPaddedDHKeyShare(const sslSocket *ss, const SECKEYPublicKey *pubKey,
+                           PRBool appendLength)
+{
+    SECStatus rv;
+    unsigned int pad = pubKey->u.dh.prime.len - pubKey->u.dh.publicValue.len;
+
+    if (appendLength) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, pubKey->u.dh.prime.len, 2);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+    while (pad) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 1);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+        --pad;
+    }
+    rv = ssl3_ExtAppendHandshake(ss, pubKey->u.dh.publicValue.data,
+                                 pubKey->u.dh.publicValue.len);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    return SECSuccess;
+}
+
+/* Called from ssl3_SendClientKeyExchange(). */
+static SECStatus
+ssl3_SendDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
+{
+    PK11SymKey *pms = NULL;
+    SECStatus rv;
+    PRBool isTLS;
+    CK_MECHANISM_TYPE target;
+
+    const ssl3DHParams *params;
+    ssl3DHParams customParams;
+    const sslNamedGroupDef *groupDef;
+    static const sslNamedGroupDef customGroupDef = {
+        ssl_grp_ffdhe_custom, 0, ssl_kea_dh, SEC_OID_TLS_DHE_CUSTOM, PR_FALSE
+    };
+    sslEphemeralKeyPair *keyPair = NULL;
+    SECKEYPublicKey *pubKey;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    /* Copy DH parameters from server key */
+
+    if (SECKEY_GetPublicKeyType(svrPubKey) != dhKey) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
+    /* Work out the parameters. */
+    rv = ssl_ValidateDHENamedGroup(ss, &svrPubKey->u.dh.prime,
+                                   &svrPubKey->u.dh.base,
+                                   &groupDef, &params);
+    if (rv != SECSuccess) {
+        /* If we require named groups, we will have already validated the group
+         * in ssl_HandleDHServerKeyExchange() */
+        PORT_Assert(!ss->opt.requireDHENamedGroups &&
+                    !ss->xtnData.peerSupportsFfdheGroups);
+
+        customParams.name = ssl_grp_ffdhe_custom;
+        customParams.prime.data = svrPubKey->u.dh.prime.data;
+        customParams.prime.len = svrPubKey->u.dh.prime.len;
+        customParams.base.data = svrPubKey->u.dh.base.data;
+        customParams.base.len = svrPubKey->u.dh.base.len;
+        params = &customParams;
+        groupDef = &customGroupDef;
+    }
+    ss->sec.keaGroup = groupDef;
+
+    rv = ssl_CreateDHEKeyPair(groupDef, params, &keyPair);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        goto loser;
+    }
+    pubKey = keyPair->keys->pubKey;
+    PRINT_BUF(50, (ss, "DH public value:",
+                   pubKey->u.dh.publicValue.data,
+                   pubKey->u.dh.publicValue.len));
+
+    if (isTLS)
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+    else
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+
+    /* Determine the PMS */
+    pms = PK11_PubDerive(keyPair->keys->privKey, svrPubKey,
+                         PR_FALSE, NULL, NULL, CKM_DH_PKCS_DERIVE,
+                         target, CKA_DERIVE, 0, NULL);
+
+    if (pms == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    /* Note: send the DH share padded to avoid triggering bugs. */
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
+                                    params->prime.len + 2);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by ssl3_AppendHandshake* */
+    }
+    rv = ssl_AppendPaddedDHKeyShare(ss, pubKey, PR_TRUE);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by ssl_AppendPaddedDHKeyShare */
+    }
+
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    PK11_FreeSymKey(pms);
+    ssl_FreeEphemeralKeyPair(keyPair);
+    return SECSuccess;
+
+loser:
+    if (pms)
+        PK11_FreeSymKey(pms);
+    if (keyPair)
+        ssl_FreeEphemeralKeyPair(keyPair);
+    return SECFailure;
+}
+
+/* Called from ssl3_HandleServerHelloDone(). */
+static SECStatus
+ssl3_SendClientKeyExchange(sslSocket *ss)
+{
+    SECKEYPublicKey *serverKey = NULL;
+    SECStatus rv = SECFailure;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send client_key_exchange handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->sec.peerKey == NULL) {
+        serverKey = CERT_ExtractPublicKey(ss->sec.peerCert);
+        if (serverKey == NULL) {
+            ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE);
+            return SECFailure;
+        }
+    } else {
+        serverKey = ss->sec.peerKey;
+        ss->sec.peerKey = NULL; /* we're done with it now */
+    }
+
+    ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
+    ss->sec.keaKeyBits = SECKEY_PublicKeyStrengthInBits(serverKey);
+
+    switch (ss->ssl3.hs.kea_def->exchKeyType) {
+        case ssl_kea_rsa:
+            rv = ssl3_SendRSAClientKeyExchange(ss, serverKey);
+            break;
+
+        case ssl_kea_dh:
+            rv = ssl3_SendDHClientKeyExchange(ss, serverKey);
+            break;
+
+        case ssl_kea_ecdh:
+            rv = ssl3_SendECDHClientKeyExchange(ss, serverKey);
+            break;
+
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            break;
+    }
+
+    SSL_TRC(3, ("%d: SSL3[%d]: DONE sending client_key_exchange",
+                SSL_GETPID(), ss->fd));
+
+    SECKEY_DestroyPublicKey(serverKey);
+    return rv; /* err code already set. */
+}
+
+SECStatus
+ssl_PickSignatureScheme(sslSocket *ss,
+                        SECKEYPublicKey *pubKey,
+                        SECKEYPrivateKey *privKey,
+                        const SSLSignatureScheme *peerSchemes,
+                        unsigned int peerSchemeCount,
+                        PRBool requireSha1)
+{
+    unsigned int i, j;
+    const sslNamedGroupDef *group = NULL;
+    KeyType keyType;
+    PK11SlotInfo *slot;
+    PRBool slotDoesPss;
+    PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
+
+    /* We can't require SHA-1 in TLS 1.3. */
+    PORT_Assert(!(requireSha1 && isTLS13));
+    if (!pubKey || !privKey) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    slot = PK11_GetSlotFromPrivateKey(privKey);
+    if (!slot) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    slotDoesPss = PK11_DoesMechanism(slot, auth_alg_defs[ssl_auth_rsa_pss]);
+    PK11_FreeSlot(slot);
+
+    keyType = SECKEY_GetPublicKeyType(pubKey);
+    if (keyType == ecKey) {
+        group = ssl_ECPubKey2NamedGroup(pubKey);
+    }
+
+    /* Here we look for the first local preference that the client has
+     * indicated support for in their signature_algorithms extension. */
+    for (i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
+        SSLHashType hashType;
+        SECOidTag hashOID;
+        SSLSignatureScheme preferred = ss->ssl3.signatureSchemes[i];
+        PRUint32 policy;
+
+        if (!ssl_SignatureSchemeValidForKey(!isTLS13 /* allowSha1 */,
+                                            isTLS13 /* matchGroup */,
+                                            keyType, group, preferred)) {
+            continue;
+        }
+
+        /* Skip RSA-PSS schemes when the certificate's private key slot does
+         * not support this signature mechanism. */
+        if (ssl_IsRsaPssSignatureScheme(preferred) && !slotDoesPss) {
+            continue;
+        }
+
+        hashType = ssl_SignatureSchemeToHashType(preferred);
+        if (requireSha1 && (hashType != ssl_hash_sha1)) {
+            continue;
+        }
+        hashOID = ssl3_HashTypeToOID(hashType);
+        if ((NSS_GetAlgorithmPolicy(hashOID, &policy) == SECSuccess) &&
+            !(policy & NSS_USE_ALG_IN_SSL_KX)) {
+            /* we ignore hashes we don't support */
+            continue;
+        }
+
+        for (j = 0; j < peerSchemeCount; j++) {
+            if (peerSchemes[j] == preferred) {
+                ss->ssl3.hs.signatureScheme = preferred;
+                return SECSuccess;
+            }
+        }
+    }
+
+    PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+    return SECFailure;
+}
+
+static SECStatus
+ssl_PickFallbackSignatureScheme(sslSocket *ss, SECKEYPublicKey *pubKey)
+{
+    PRBool isTLS12 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_2;
+
+    switch (SECKEY_GetPublicKeyType(pubKey)) {
+        case rsaKey:
+            if (isTLS12) {
+                ss->ssl3.hs.signatureScheme = ssl_sig_rsa_pkcs1_sha1;
+            } else {
+                ss->ssl3.hs.signatureScheme = ssl_sig_rsa_pkcs1_sha1md5;
+            }
+            break;
+        case ecKey:
+            ss->ssl3.hs.signatureScheme = ssl_sig_ecdsa_sha1;
+            break;
+        case dsaKey:
+            ss->ssl3.hs.signatureScheme = ssl_sig_dsa_sha1;
+            break;
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_INVALID_KEY);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* ssl3_PickServerSignatureScheme selects a signature scheme for signing the
+ * handshake.  Most of this is determined by the key pair we are using.
+ * Prior to TLS 1.2, the MD5/SHA1 combination is always used. With TLS 1.2, a
+ * client may advertise its support for signature and hash combinations. */
+static SECStatus
+ssl3_PickServerSignatureScheme(sslSocket *ss)
+{
+    sslKeyPair *keyPair = ss->sec.serverCert->serverKeyPair;
+    PRBool isTLS12 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_2;
+
+    if (!isTLS12 || !ssl3_ExtensionNegotiated(ss, ssl_signature_algorithms_xtn)) {
+        /* If the client didn't provide any signature_algorithms extension then
+         * we can assume that they support SHA-1: RFC5246, Section 7.4.1.4.1. */
+        return ssl_PickFallbackSignatureScheme(ss, keyPair->pubKey);
+    }
+
+    /* Sets error code, if needed. */
+    return ssl_PickSignatureScheme(ss, keyPair->pubKey, keyPair->privKey,
+                                   ss->xtnData.clientSigSchemes,
+                                   ss->xtnData.numClientSigScheme,
+                                   PR_FALSE /* requireSha1 */);
+}
+
+static SECStatus
+ssl_PickClientSignatureScheme(sslSocket *ss, const SSLSignatureScheme *schemes,
+                              unsigned int numSchemes)
+{
+    SECKEYPrivateKey *privKey = ss->ssl3.clientPrivateKey;
+    SECKEYPublicKey *pubKey;
+    SECStatus rv;
+
+    PRBool isTLS13 = (PRBool)ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
+    pubKey = CERT_ExtractPublicKey(ss->ssl3.clientCertificate);
+    PORT_Assert(pubKey);
+
+    if (!isTLS13 && numSchemes == 0) {
+        /* If the server didn't provide any signature algorithms
+         * then let's assume they support SHA-1. */
+        rv = ssl_PickFallbackSignatureScheme(ss, pubKey);
+        SECKEY_DestroyPublicKey(pubKey);
+        return rv;
+    }
+
+    PORT_Assert(schemes && numSchemes > 0);
+
+    if (!isTLS13 &&
+        (SECKEY_GetPublicKeyType(pubKey) == rsaKey ||
+         SECKEY_GetPublicKeyType(pubKey) == dsaKey) &&
+        SECKEY_PublicKeyStrengthInBits(pubKey) <= 1024) {
+        /* If the key is a 1024-bit RSA or DSA key, assume conservatively that
+         * it may be unable to sign SHA-256 hashes. This is the case for older
+         * Estonian ID cards that have 1024-bit RSA keys. In FIPS 186-2 and
+         * older, DSA key size is at most 1024 bits and the hash function must
+         * be SHA-1.
+         */
+        rv = ssl_PickSignatureScheme(ss, pubKey, privKey, schemes, numSchemes,
+                                     PR_TRUE /* requireSha1 */);
+        if (rv == SECSuccess) {
+            SECKEY_DestroyPublicKey(pubKey);
+            return SECSuccess;
+        }
+        /* If this fails, that's because the peer doesn't advertise SHA-1,
+         * so fall back to the full negotiation. */
+    }
+    rv = ssl_PickSignatureScheme(ss, pubKey, privKey, schemes, numSchemes,
+                                 PR_FALSE /* requireSha1 */);
+    SECKEY_DestroyPublicKey(pubKey);
+    return rv;
+}
+
+/* Called from ssl3_HandleServerHelloDone(). */
+static SECStatus
+ssl3_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey)
+{
+    SECStatus rv = SECFailure;
+    PRBool isTLS12;
+    SECItem buf = { siBuffer, NULL, 0 };
+    SSL3Hashes hashes;
+    unsigned int len;
+    SSLHashType hashAlg;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send certificate_verify handshake",
+                SSL_GETPID(), ss->fd));
+
+    ssl_GetSpecReadLock(ss);
+
+    if (ss->ssl3.hs.hashType == handshake_hash_record) {
+        hashAlg = ssl_SignatureSchemeToHashType(ss->ssl3.hs.signatureScheme);
+    } else {
+        /* Use ssl_hash_none to represent the MD5+SHA1 combo. */
+        hashAlg = ssl_hash_none;
+    }
+    if (ss->ssl3.hs.hashType == handshake_hash_record &&
+        hashAlg != ssl3_GetSuitePrfHash(ss)) {
+        rv = ssl3_ComputeHandshakeHash(ss->ssl3.hs.messages.buf,
+                                       ss->ssl3.hs.messages.len,
+                                       hashAlg, &hashes);
+        if (rv != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+        }
+    } else {
+        rv = ssl3_ComputeHandshakeHashes(ss, ss->ssl3.pwSpec, &hashes, 0);
+    }
+    ssl_ReleaseSpecReadLock(ss);
+    if (rv != SECSuccess) {
+        goto done; /* err code was set by ssl3_ComputeHandshakeHash(es) */
+    }
+
+    isTLS12 = (PRBool)(ss->version == SSL_LIBRARY_VERSION_TLS_1_2);
+    PORT_Assert(ss->version <= SSL_LIBRARY_VERSION_TLS_1_2);
+
+    rv = ssl3_SignHashes(ss, &hashes, privKey, &buf);
+    if (rv == SECSuccess && !ss->sec.isServer) {
+        /* Remember the info about the slot that did the signing.
+        ** Later, when doing an SSL restart handshake, verify this.
+        ** These calls are mere accessors, and can't fail.
+        */
+        PK11SlotInfo *slot;
+        sslSessionID *sid = ss->sec.ci.sid;
+
+        slot = PK11_GetSlotFromPrivateKey(privKey);
+        sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
+        sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
+        sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
+        sid->u.ssl3.clAuthValid = PR_TRUE;
+        PK11_FreeSlot(slot);
+    }
+    if (rv != SECSuccess) {
+        goto done; /* err code was set by ssl3_SignHashes */
+    }
+
+    len = buf.len + 2 + (isTLS12 ? 2 : 0);
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, len);
+    if (rv != SECSuccess) {
+        goto done; /* error code set by AppendHandshake */
+    }
+    if (isTLS12) {
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.signatureScheme, 2);
+        if (rv != SECSuccess) {
+            goto done; /* err set by AppendHandshake. */
+        }
+    }
+    rv = ssl3_AppendHandshakeVariable(ss, buf.data, buf.len, 2);
+    if (rv != SECSuccess) {
+        goto done; /* error code set by AppendHandshake */
+    }
+
+done:
+    if (buf.data)
+        PORT_Free(buf.data);
+    return rv;
+}
+
+/* Once a cipher suite has been selected, make sure that the necessary secondary
+ * information is properly set. */
+SECStatus
+ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite,
+                    PRBool initHashes)
+{
+    ss->ssl3.hs.cipher_suite = chosenSuite;
+    ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(chosenSuite);
+    if (!ss->ssl3.hs.suite_def) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    ss->ssl3.hs.kea_def = &kea_defs[ss->ssl3.hs.suite_def->key_exchange_alg];
+    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite;
+
+    if (!initHashes) {
+        return SECSuccess;
+    }
+    /* Now we've have a cipher suite, initialize the handshake hashes. */
+    return ssl3_InitHandshakeHashes(ss);
+}
+
+/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
+ * ssl3 ServerHello message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    PRUint32 temp;
+    PRBool suite_found = PR_FALSE;
+    int i;
+    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
+    SECStatus rv;
+    SECItem sidBytes = { siBuffer, NULL, 0 };
+    PRBool isTLS = PR_FALSE;
+    SSL3AlertDescription desc = illegal_parameter;
+#ifndef TLS_1_3_DRAFT_VERSION
+    SSL3ProtocolVersion downgradeCheckVersion;
+#endif
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.initialized);
+
+    if (ss->ssl3.hs.ws != wait_server_hello) {
+        errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO;
+        desc = unexpected_message;
+        goto alert_loser;
+    }
+
+    /* clean up anything left from previous handshake. */
+    if (ss->ssl3.clientCertChain != NULL) {
+        CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
+        ss->ssl3.clientCertChain = NULL;
+    }
+    if (ss->ssl3.clientCertificate != NULL) {
+        CERT_DestroyCertificate(ss->ssl3.clientCertificate);
+        ss->ssl3.clientCertificate = NULL;
+    }
+    if (ss->ssl3.clientPrivateKey != NULL) {
+        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+        ss->ssl3.clientPrivateKey = NULL;
+    }
+
+    rv = ssl_ClientReadVersion(ss, &b, &length, &ss->version);
+    if (rv != SECSuccess) {
+        goto loser; /* alert has been sent */
+    }
+
+    /* The server didn't pick 1.3 although we either received a
+     * HelloRetryRequest, or we prepared to send early app data. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        if (ss->ssl3.hs.helloRetry) {
+            /* SSL3_SendAlert() will uncache the SID. */
+            desc = illegal_parameter;
+            errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
+            goto alert_loser;
+        }
+        if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) {
+            /* SSL3_SendAlert() will uncache the SID. */
+            desc = illegal_parameter;
+            errCode = SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA;
+            goto alert_loser;
+        }
+    }
+
+    /* Check that the server negotiated the same version as it did
+     * in the first handshake. This isn't really the best place for
+     * us to be getting this version number, but it's what we have.
+     * (1294697). */
+    if (ss->firstHsDone && (ss->version != ss->ssl3.crSpec->version)) {
+        desc = illegal_parameter;
+        errCode = SSL_ERROR_UNSUPPORTED_VERSION;
+        goto alert_loser;
+    }
+    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
+    isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0);
+
+    rv = ssl3_ConsumeHandshake(
+        ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* alert has been sent */
+    }
+
+#ifndef TLS_1_3_DRAFT_VERSION
+    /* Check the ServerHello.random per
+     * [draft-ietf-tls-tls13-11 Section 6.3.1.1].
+     *
+     * TLS 1.3 clients receiving a TLS 1.2 or below ServerHello MUST check
+     * that the top eight octets are not equal to either of these values.
+     * TLS 1.2 clients SHOULD also perform this check if the ServerHello
+     * indicates TLS 1.1 or below.  If a match is found the client MUST
+     * abort the handshake with a fatal "illegal_parameter" alert.
+     *
+     * Disable this test during the TLS 1.3 draft version period.
+     */
+    downgradeCheckVersion = ss->ssl3.downgradeCheckVersion ? ss->ssl3.downgradeCheckVersion
+                                                           : ss->vrange.max;
+
+    if (downgradeCheckVersion >= SSL_LIBRARY_VERSION_TLS_1_2 &&
+        downgradeCheckVersion > ss->version) {
+        /* Both sections use the same sentinel region. */
+        unsigned char *downgrade_sentinel =
+            ss->ssl3.hs.server_random.rand +
+            SSL3_RANDOM_LENGTH - sizeof(tls13_downgrade_random);
+        if (!PORT_Memcmp(downgrade_sentinel,
+                         tls13_downgrade_random,
+                         sizeof(tls13_downgrade_random)) ||
+            !PORT_Memcmp(downgrade_sentinel,
+                         tls12_downgrade_random,
+                         sizeof(tls12_downgrade_random))) {
+            desc = illegal_parameter;
+            errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
+            goto alert_loser;
+        }
+    }
+#endif
+
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
+        if (rv != SECSuccess) {
+            goto loser; /* alert has been sent */
+        }
+        if (sidBytes.len > SSL3_SESSIONID_BYTES) {
+            if (isTLS)
+                desc = decode_error;
+            goto alert_loser; /* malformed. */
+        }
+    }
+
+    /* find selected cipher suite in our list. */
+    rv = ssl3_ConsumeHandshakeNumber(ss, &temp, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* alert has been sent */
+    }
+    i = ssl3_config_match_init(ss);
+    PORT_Assert(i > 0);
+    if (i <= 0) {
+        errCode = PORT_GetError();
+        goto loser;
+    }
+    for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
+        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i];
+        if (temp == suite->cipher_suite) {
+            SSLVersionRange vrange = { ss->version, ss->version };
+            if (!config_match(suite, ss->ssl3.policy, &vrange, ss)) {
+                /* config_match already checks whether the cipher suite is
+                 * acceptable for the version, but the check is repeated here
+                 * in order to give a more precise error code. */
+                if (!ssl3_CipherSuiteAllowedForVersionRange(temp, &vrange)) {
+                    desc = handshake_failure;
+                    errCode = SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION;
+                    goto alert_loser;
+                }
+
+                break; /* failure */
+            }
+
+            suite_found = PR_TRUE;
+            break; /* success */
+        }
+    }
+    if (!suite_found) {
+        desc = handshake_failure;
+        errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+        goto alert_loser;
+    }
+
+    rv = ssl3_SetCipherSuite(ss, (ssl3CipherSuite)temp, PR_TRUE);
+    if (rv != SECSuccess) {
+        desc = internal_error;
+        errCode = PORT_GetError();
+        goto alert_loser;
+    }
+
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        /* find selected compression method in our list. */
+        rv = ssl3_ConsumeHandshakeNumber(ss, &temp, 1, &b, &length);
+        if (rv != SECSuccess) {
+            goto loser; /* alert has been sent */
+        }
+        suite_found = PR_FALSE;
+        for (i = 0; i < ssl_compression_method_count; i++) {
+            if (temp == ssl_compression_methods[i]) {
+                if (!ssl_CompressionEnabled(ss, ssl_compression_methods[i])) {
+                    break; /* failure */
+                }
+                suite_found = PR_TRUE;
+                break; /* success */
+            }
+        }
+        if (!suite_found) {
+            desc = handshake_failure;
+            errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
+            goto alert_loser;
+        }
+        ss->ssl3.hs.compression = (SSLCompressionMethod)temp;
+    } else {
+        ss->ssl3.hs.compression = ssl_compression_null;
+    }
+
+    /* Note that if !isTLS and the extra stuff is not extensions, we
+     * do NOT goto alert_loser.
+     * There are some old SSL 3.0 implementations that do send stuff
+     * after the end of the server hello, and we deliberately ignore
+     * such stuff in the interest of maximal interoperability (being
+     * "generous in what you accept").
+     * Update: Starting in NSS 3.12.6, we handle the renegotiation_info
+     * extension in SSL 3.0.
+     */
+    if (length != 0) {
+        SECItem extensions;
+        rv = ssl3_ConsumeHandshakeVariable(ss, &extensions, 2, &b, &length);
+        if (rv != SECSuccess || length != 0) {
+            if (isTLS)
+                goto alert_loser;
+        } else {
+            rv = ssl3_HandleExtensions(ss, &extensions.data,
+                                       &extensions.len, server_hello);
+            if (rv != SECSuccess)
+                goto alert_loser;
+        }
+    }
+
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = tls13_HandleServerHelloPart2(ss);
+        if (rv != SECSuccess) {
+            errCode = PORT_GetError();
+            goto loser;
+        }
+    } else {
+        rv = ssl3_HandleServerHelloPart2(ss, &sidBytes, &errCode);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    return SECSuccess;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+
+loser:
+    /* Clean up the temporary pointer to the handshake buffer. */
+    ss->xtnData.signedCertTimestamps.len = 0;
+    ssl_MapLowLevelError(errCode);
+    return SECFailure;
+}
+
+static SECStatus
+ssl3_HandleServerHelloPart2(sslSocket *ss, const SECItem *sidBytes,
+                            int *retErrCode)
+{
+    SSL3AlertDescription desc = handshake_failure;
+    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
+    SECStatus rv;
+    PRBool sid_match;
+    sslSessionID *sid = ss->sec.ci.sid;
+
+    if ((ss->opt.requireSafeNegotiation ||
+         (ss->firstHsDone && (ss->peerRequestedProtection ||
+                              ss->opt.enableRenegotiation ==
+                                  SSL_RENEGOTIATE_REQUIRES_XTN))) &&
+        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
+        desc = handshake_failure;
+        errCode = ss->firstHsDone ? SSL_ERROR_RENEGOTIATION_NOT_ALLOWED
+                                  : SSL_ERROR_UNSAFE_NEGOTIATION;
+        goto alert_loser;
+    }
+
+    /* Any errors after this point are not "malformed" errors. */
+    desc = handshake_failure;
+
+    /* we need to call ssl3_SetupPendingCipherSpec here so we can check the
+     * key exchange algorithm. */
+    rv = ssl3_SetupPendingCipherSpec(ss);
+    if (rv != SECSuccess) {
+        goto alert_loser; /* error code is set. */
+    }
+
+    /* We may or may not have sent a session id, we may get one back or
+     * not and if so it may match the one we sent.
+     * Attempt to restore the master secret to see if this is so...
+     * Don't consider failure to find a matching SID an error.
+     */
+    sid_match = (PRBool)(sidBytes->len > 0 &&
+                         sidBytes->len ==
+                             sid->u.ssl3.sessionIDLength &&
+                         !PORT_Memcmp(sid->u.ssl3.sessionID,
+                                      sidBytes->data, sidBytes->len));
+
+    if (sid_match) {
+        if (sid->version != ss->version ||
+            sid->u.ssl3.cipherSuite != ss->ssl3.hs.cipher_suite) {
+            errCode = SSL_ERROR_RX_MALFORMED_SERVER_HELLO;
+            goto alert_loser;
+        }
+        do {
+            ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec;
+
+            SECItem wrappedMS; /* wrapped master secret. */
+
+            /* [draft-ietf-tls-session-hash-06; Section 5.3]
+             *
+             * o  If the original session did not use the "extended_master_secret"
+             *    extension but the new ServerHello contains the extension, the
+             *    client MUST abort the handshake.
+             */
+            if (!sid->u.ssl3.keys.extendedMasterSecretUsed &&
+                ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+                errCode = SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET;
+                goto alert_loser;
+            }
+
+            /*
+             *   o  If the original session used an extended master secret but the new
+             *      ServerHello does not contain the "extended_master_secret"
+             *      extension, the client SHOULD abort the handshake.
+             *
+             * TODO(ekr@rtfm.com): Add option to refuse to resume when EMS is not
+             * used at all (bug 1176526).
+             */
+            if (sid->u.ssl3.keys.extendedMasterSecretUsed &&
+                !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+                errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
+                goto alert_loser;
+            }
+
+            ss->sec.authType = sid->authType;
+            ss->sec.authKeyBits = sid->authKeyBits;
+            ss->sec.keaType = sid->keaType;
+            ss->sec.keaKeyBits = sid->keaKeyBits;
+
+            if (sid->u.ssl3.keys.msIsWrapped) {
+                PK11SlotInfo *slot;
+                PK11SymKey *wrapKey; /* wrapping key */
+                CK_FLAGS keyFlags = 0;
+
+                /* unwrap master secret */
+                slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
+                                         sid->u.ssl3.masterSlotID);
+                if (slot == NULL) {
+                    break; /* not considered an error. */
+                }
+                if (!PK11_IsPresent(slot)) {
+                    PK11_FreeSlot(slot);
+                    break; /* not considered an error. */
+                }
+                wrapKey = PK11_GetWrapKey(slot, sid->u.ssl3.masterWrapIndex,
+                                          sid->u.ssl3.masterWrapMech,
+                                          sid->u.ssl3.masterWrapSeries,
+                                          ss->pkcs11PinArg);
+                PK11_FreeSlot(slot);
+                if (wrapKey == NULL) {
+                    break; /* not considered an error. */
+                }
+
+                if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
+                    keyFlags =
+                        CKF_SIGN | CKF_VERIFY;
+                }
+
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+                pwSpec->master_secret =
+                    PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
+                                               NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
+                                               CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
+                errCode = PORT_GetError();
+                PK11_FreeSymKey(wrapKey);
+                if (pwSpec->master_secret == NULL) {
+                    break; /* errorCode set just after call to UnwrapSymKey. */
+                }
+            } else {
+                /* need to import the raw master secret to session object */
+                PK11SlotInfo *slot = PK11_GetInternalSlot();
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+                pwSpec->master_secret =
+                    PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
+                                      PK11_OriginUnwrap, CKA_ENCRYPT,
+                                      &wrappedMS, NULL);
+                PK11_FreeSlot(slot);
+                if (pwSpec->master_secret == NULL) {
+                    break;
+                }
+            }
+
+            /* Got a Match */
+            SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_cache_hits);
+
+            /* If we sent a session ticket, then this is a stateless resume. */
+            if (ss->xtnData.sentSessionTicketInClientHello)
+                SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_stateless_resumes);
+
+            if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
+                ss->ssl3.hs.ws = wait_new_session_ticket;
+            else
+                ss->ssl3.hs.ws = wait_change_cipher;
+
+            ss->ssl3.hs.isResuming = PR_TRUE;
+
+            /* copy the peer cert from the SID */
+            if (sid->peerCert != NULL) {
+                ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
+            }
+
+            /* NULL value for PMS because we are reusing the old MS */
+            rv = ssl3_InitPendingCipherSpec(ss, NULL);
+            if (rv != SECSuccess) {
+                goto alert_loser; /* err code was set */
+            }
+            return SECSuccess;
+        } while (0);
+    }
+
+    if (sid_match)
+        SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_cache_not_ok);
+    else
+        SSL_AtomicIncrementLong(&ssl3stats.hsh_sid_cache_misses);
+
+    /* We tried to resume a 1.3 session but the server negotiated 1.2. */
+    if (ss->statelessResume) {
+        PORT_Assert(sid->version == SSL_LIBRARY_VERSION_TLS_1_3);
+        PORT_Assert(ss->ssl3.hs.currentSecret);
+
+        /* Reset resumption state, only used by 1.3 code. */
+        ss->statelessResume = PR_FALSE;
+
+        /* Clear TLS 1.3 early data traffic key. */
+        PK11_FreeSymKey(ss->ssl3.hs.currentSecret);
+        ss->ssl3.hs.currentSecret = NULL;
+    }
+
+    /* throw the old one away */
+    sid->u.ssl3.keys.resumable = PR_FALSE;
+    ss->sec.uncache(sid);
+    ssl_FreeSID(sid);
+
+    /* get a new sid */
+    ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE);
+    if (sid == NULL) {
+        goto alert_loser; /* memory error is set. */
+    }
+
+    sid->version = ss->version;
+    sid->u.ssl3.sessionIDLength = sidBytes->len;
+    if (sidBytes->len > 0) {
+        PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes->data, sidBytes->len);
+    }
+
+    sid->u.ssl3.keys.extendedMasterSecretUsed =
+        ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
+
+    /* Copy Signed Certificate Timestamps, if any. */
+    if (ss->xtnData.signedCertTimestamps.len) {
+        rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
+                              &ss->xtnData.signedCertTimestamps);
+        ss->xtnData.signedCertTimestamps.len = 0;
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    ss->ssl3.hs.isResuming = PR_FALSE;
+    if (ss->ssl3.hs.kea_def->authKeyType != ssl_auth_null) {
+        /* All current cipher suites other than those with ssl_auth_null (i.e.,
+         * (EC)DH_anon_* suites) require a certificate, so use that signal. */
+        ss->ssl3.hs.ws = wait_server_cert;
+    } else {
+        /* All the remaining cipher suites must be (EC)DH_anon_* and so
+         * must be ephemeral. Note, if we ever add PSK this might
+         * change. */
+        PORT_Assert(ss->ssl3.hs.kea_def->ephemeral);
+        ss->ssl3.hs.ws = wait_server_key;
+    }
+    return SECSuccess;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+
+loser:
+    *retErrCode = errCode;
+    return SECFailure;
+}
+
+static SECStatus
+ssl_HandleDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
+    SSL3AlertDescription desc = illegal_parameter;
+    SSLHashType hashAlg;
+    PRBool isTLS = ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0;
+    SSLSignatureScheme sigScheme;
+
+    SECItem dh_p = { siBuffer, NULL, 0 };
+    SECItem dh_g = { siBuffer, NULL, 0 };
+    SECItem dh_Ys = { siBuffer, NULL, 0 };
+    unsigned dh_p_bits;
+    unsigned dh_g_bits;
+    PRInt32 minDH;
+
+    SSL3Hashes hashes;
+    SECItem signature = { siBuffer, NULL, 0 };
+    PLArenaPool *arena = NULL;
+    SECKEYPublicKey *peerKey = NULL;
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+
+    rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
+    if (rv != SECSuccess) {
+        minDH = SSL_DH_MIN_P_BITS;
+    }
+    dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
+    if (dh_p_bits < minDH) {
+        errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
+        goto alert_loser;
+    }
+    rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+    /* Abort if dh_g is 0, 1, or obviously too big. */
+    dh_g_bits = SECKEY_BigIntegerBitLength(&dh_g);
+    if (dh_g_bits > dh_p_bits || dh_g_bits <= 1) {
+        goto alert_loser;
+    }
+    if (ss->opt.requireDHENamedGroups) {
+        /* If we're doing named groups, make sure it's good. */
+        rv = ssl_ValidateDHENamedGroup(ss, &dh_p, &dh_g, NULL, NULL);
+        if (rv != SECSuccess) {
+            errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
+            goto alert_loser;
+        }
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+    if (!ssl_IsValidDHEShare(&dh_p, &dh_Ys)) {
+        errCode = SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE;
+        goto alert_loser;
+    }
+
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+        rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
+        if (rv != SECSuccess) {
+            goto loser; /* malformed or unsupported. */
+        }
+        rv = ssl_CheckSignatureSchemeConsistency(ss, sigScheme,
+                                                 ss->sec.peerCert);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
+    } else {
+        /* Use ssl_hash_none to represent the MD5+SHA1 combo. */
+        hashAlg = ssl_hash_none;
+        sigScheme = ssl_sig_none;
+    }
+    rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+    if (length != 0) {
+        if (isTLS) {
+            desc = decode_error;
+        }
+        goto alert_loser; /* malformed. */
+    }
+
+    PRINT_BUF(60, (NULL, "Server DH p", dh_p.data, dh_p.len));
+    PRINT_BUF(60, (NULL, "Server DH g", dh_g.data, dh_g.len));
+    PRINT_BUF(60, (NULL, "Server DH Ys", dh_Ys.data, dh_Ys.len));
+
+    /* failures after this point are not malformed handshakes. */
+    /* TLS: send decrypt_error if signature failed. */
+    desc = isTLS ? decrypt_error : handshake_failure;
+
+    /*
+     * Check to make sure the hash is signed by right guy.
+     */
+    rv = ssl3_ComputeDHKeyHash(ss, hashAlg, &hashes,
+                               dh_p, dh_g, dh_Ys, PR_FALSE /* padY */);
+    if (rv != SECSuccess) {
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
+    }
+    rv = ssl3_VerifySignedHashes(ss, sigScheme, &hashes, &signature);
+    if (rv != SECSuccess) {
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
+    }
+
+    /*
+     * we really need to build a new key here because we can no longer
+     * ignore calling SECKEY_DestroyPublicKey. Using the key may allocate
+     * pkcs11 slots and ID's.
+     */
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        errCode = SEC_ERROR_NO_MEMORY;
+        goto loser;
+    }
+
+    peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
+    if (peerKey == NULL) {
+        errCode = SEC_ERROR_NO_MEMORY;
+        goto loser;
+    }
+
+    peerKey->arena = arena;
+    peerKey->keyType = dhKey;
+    peerKey->pkcs11Slot = NULL;
+    peerKey->pkcs11ID = CK_INVALID_HANDLE;
+
+    if (SECITEM_CopyItem(arena, &peerKey->u.dh.prime, &dh_p) ||
+        SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) ||
+        SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) {
+        errCode = SEC_ERROR_NO_MEMORY;
+        goto loser;
+    }
+    ss->sec.peerKey = peerKey;
+    return SECSuccess;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    PORT_SetError(ssl_MapLowLevelError(errCode));
+    return SECFailure;
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered a
+ * complete ssl3 ServerKeyExchange message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.hs.ws != wait_server_key) {
+        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+        return SECFailure;
+    }
+
+    switch (ss->ssl3.hs.kea_def->exchKeyType) {
+        case ssl_kea_dh:
+            rv = ssl_HandleDHServerKeyExchange(ss, b, length);
+            break;
+
+        case ssl_kea_ecdh:
+            rv = ssl3_HandleECDHServerKeyExchange(ss, b, length);
+            break;
+
+        default:
+            SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+            rv = SECFailure;
+            break;
+    }
+
+    if (rv == SECSuccess) {
+        ss->ssl3.hs.ws = wait_cert_request;
+    }
+    /* All Handle*ServerKeyExchange functions set the error code. */
+    return rv;
+}
+
+typedef struct dnameNode {
+    struct dnameNode *next;
+    SECItem name;
+} dnameNode;
+
+/*
+ * Parse the ca_list structure in a CertificateRequest.
+ *
+ * Called from:
+ * ssl3_HandleCertificateRequest
+ * tls13_HandleCertificateRequest
+ */
+SECStatus
+ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b, PRUint32 *length,
+                                PLArenaPool *arena, CERTDistNames *ca_list)
+{
+    PRUint32 remaining;
+    int nnames = 0;
+    dnameNode *node;
+    SECStatus rv;
+    int i;
+
+    rv = ssl3_ConsumeHandshakeNumber(ss, &remaining, 2, b, length);
+    if (rv != SECSuccess)
+        return SECFailure; /* malformed, alert has been sent */
+
+    if (remaining > *length)
+        goto alert_loser;
+
+    ca_list->head = node = PORT_ArenaZNew(arena, dnameNode);
+    if (node == NULL)
+        goto no_mem;
+
+    while (remaining > 0) {
+        PRUint32 len;
+
+        if (remaining < 2)
+            goto alert_loser; /* malformed */
+
+        rv = ssl3_ConsumeHandshakeNumber(ss, &len, 2, b, length);
+        if (rv != SECSuccess)
+            return SECFailure; /* malformed, alert has been sent */
+        if (len == 0 || remaining < len + 2)
+            goto alert_loser; /* malformed */
+
+        remaining -= 2;
+        node->name.len = len;
+        node->name.data = *b;
+        *b += len;
+        *length -= len;
+        remaining -= len;
+        nnames++;
+        if (remaining <= 0)
+            break; /* success */
+
+        node->next = PORT_ArenaZNew(arena, dnameNode);
+        node = node->next;
+        if (node == NULL)
+            goto no_mem;
+    }
+
+    ca_list->nnames = nnames;
+    ca_list->names = PORT_ArenaNewArray(arena, SECItem, nnames);
+    if (nnames > 0 && ca_list->names == NULL)
+        goto no_mem;
+
+    for (i = 0, node = (dnameNode *)ca_list->head;
+         i < nnames;
+         i++, node = node->next) {
+        ca_list->names[i] = node->name;
+    }
+
+    return SECSuccess;
+
+no_mem:
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    return SECFailure;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal,
+                         ss->version < SSL_LIBRARY_VERSION_TLS_1_0 ? illegal_parameter
+                                                                   : decode_error);
+    PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_REQUEST);
+    return SECFailure;
+}
+
+SECStatus
+ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena,
+                          SSLSignatureScheme **schemesOut,
+                          unsigned int *numSchemesOut,
+                          unsigned char **b, unsigned int *len)
+{
+    SECStatus rv;
+    SECItem buf;
+    SSLSignatureScheme *schemes = NULL;
+    unsigned int numSchemes = 0;
+    unsigned int max;
+
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &buf, 2, b, len);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    /* An odd-length value is invalid. */
+    if ((buf.len & 1) != 0) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        return SECFailure;
+    }
+
+    /* Let the caller decide whether to alert here. */
+    if (buf.len == 0) {
+        goto done;
+    }
+
+    /* Limit the number of schemes we read. */
+    max = PR_MIN(buf.len / 2, MAX_SIGNATURE_SCHEMES);
+
+    if (arena) {
+        schemes = PORT_ArenaZNewArray(arena, SSLSignatureScheme, max);
+    } else {
+        schemes = PORT_ZNewArray(SSLSignatureScheme, max);
+    }
+    if (!schemes) {
+        ssl3_ExtSendAlert(ss, alert_fatal, internal_error);
+        return SECFailure;
+    }
+
+    for (; max; --max) {
+        PRUint32 tmp;
+        rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2, &buf.data, &buf.len);
+        if (rv != SECSuccess) {
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+        if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) {
+            schemes[numSchemes++] = (SSLSignatureScheme)tmp;
+        }
+    }
+
+    if (!numSchemes) {
+        if (!arena) {
+            PORT_Free(schemes);
+        }
+        schemes = NULL;
+    }
+
+done:
+    *schemesOut = schemes;
+    *numSchemesOut = numSchemes;
+    return SECSuccess;
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
+ * a complete ssl3 Certificate Request message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    PLArenaPool *arena = NULL;
+    PRBool isTLS = PR_FALSE;
+    PRBool isTLS12 = PR_FALSE;
+    int errCode = SSL_ERROR_RX_MALFORMED_CERT_REQUEST;
+    SECStatus rv;
+    SSL3AlertDescription desc = illegal_parameter;
+    SECItem cert_types = { siBuffer, NULL, 0 };
+    SSLSignatureScheme *signatureSchemes = NULL;
+    unsigned int signatureSchemeCount = 0;
+    CERTDistNames ca_list;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.hs.ws != wait_cert_request) {
+        desc = unexpected_message;
+        errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST;
+        goto alert_loser;
+    }
+
+    PORT_Assert(ss->ssl3.clientCertChain == NULL);
+    PORT_Assert(ss->ssl3.clientCertificate == NULL);
+    PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
+
+    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+    isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+    rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
+    if (rv != SECSuccess)
+        goto loser; /* malformed, alert has been sent */
+
+    arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL)
+        goto no_mem;
+
+    if (isTLS12) {
+        rv = ssl_ParseSignatureSchemes(ss, arena,
+                                       &signatureSchemes,
+                                       &signatureSchemeCount,
+                                       &b, &length);
+        if (rv != SECSuccess) {
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_REQUEST);
+            goto loser; /* malformed, alert has been sent */
+        }
+    }
+
+    rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, arena, &ca_list);
+    if (rv != SECSuccess)
+        goto done; /* alert sent in ssl3_ParseCertificateRequestCAs */
+
+    if (length != 0)
+        goto alert_loser; /* malformed */
+
+    ss->ssl3.hs.ws = wait_hello_done;
+
+    rv = ssl3_CompleteHandleCertificateRequest(ss, signatureSchemes,
+                                               signatureSchemeCount, &ca_list);
+    if (rv == SECFailure) {
+        PORT_Assert(0);
+        errCode = SEC_ERROR_LIBRARY_FAILURE;
+        desc = internal_error;
+        goto alert_loser;
+    }
+    goto done;
+
+no_mem:
+    rv = SECFailure;
+    PORT_SetError(SEC_ERROR_NO_MEMORY);
+    goto done;
+
+alert_loser:
+    if (isTLS && desc == illegal_parameter)
+        desc = decode_error;
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+loser:
+    PORT_SetError(errCode);
+    rv = SECFailure;
+done:
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_FALSE);
+    return rv;
+}
+
+SECStatus
+ssl3_CompleteHandleCertificateRequest(sslSocket *ss,
+                                      const SSLSignatureScheme *signatureSchemes,
+                                      unsigned int signatureSchemeCount,
+                                      CERTDistNames *ca_list)
+{
+    SECStatus rv;
+
+    if (ss->getClientAuthData != NULL) {
+        PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+                    ssl_preinfo_all);
+        /* XXX Should pass cert_types and algorithms in this call!! */
+        rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
+                                                 ss->fd, ca_list,
+                                                 &ss->ssl3.clientCertificate,
+                                                 &ss->ssl3.clientPrivateKey);
+    } else {
+        rv = SECFailure; /* force it to send a no_certificate alert */
+    }
+    switch (rv) {
+        case SECWouldBlock: /* getClientAuthData has put up a dialog box. */
+            ssl3_SetAlwaysBlock(ss);
+            break; /* not an error */
+
+        case SECSuccess:
+            /* check what the callback function returned */
+            if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
+                /* we are missing either the key or cert */
+                if (ss->ssl3.clientCertificate) {
+                    /* got a cert, but no key - free it */
+                    CERT_DestroyCertificate(ss->ssl3.clientCertificate);
+                    ss->ssl3.clientCertificate = NULL;
+                }
+                if (ss->ssl3.clientPrivateKey) {
+                    /* got a key, but no cert - free it */
+                    SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+                    ss->ssl3.clientPrivateKey = NULL;
+                }
+                goto send_no_certificate;
+            }
+            /* Setting ssl3.clientCertChain non-NULL will cause
+             * ssl3_HandleServerHelloDone to call SendCertificate.
+             */
+            ss->ssl3.clientCertChain = CERT_CertChainFromCert(
+                ss->ssl3.clientCertificate,
+                certUsageSSLClient, PR_FALSE);
+            if (ss->ssl3.clientCertChain == NULL) {
+                CERT_DestroyCertificate(ss->ssl3.clientCertificate);
+                ss->ssl3.clientCertificate = NULL;
+                SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+                ss->ssl3.clientPrivateKey = NULL;
+                goto send_no_certificate;
+            }
+            if (ss->ssl3.hs.hashType == handshake_hash_record ||
+                ss->ssl3.hs.hashType == handshake_hash_single) {
+                rv = ssl_PickClientSignatureScheme(ss, signatureSchemes,
+                                                   signatureSchemeCount);
+            }
+            break; /* not an error */
+
+        case SECFailure:
+        default:
+        send_no_certificate:
+            if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) {
+                ss->ssl3.sendEmptyCert = PR_TRUE;
+            } else {
+                (void)SSL3_SendAlert(ss, alert_warning, no_certificate);
+            }
+            rv = SECSuccess;
+            break;
+    }
+
+    return rv;
+}
+
+static SECStatus
+ssl3_CheckFalseStart(sslSocket *ss)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(!ss->ssl3.hs.authCertificatePending);
+    PORT_Assert(!ss->ssl3.hs.canFalseStart);
+
+    if (!ss->canFalseStartCallback) {
+        SSL_TRC(3, ("%d: SSL[%d]: no false start callback so no false start",
+                    SSL_GETPID(), ss->fd));
+    } else {
+        PRBool maybeFalseStart;
+        SECStatus rv;
+
+        /* An attacker can control the selected ciphersuite so we only wish to
+         * do False Start in the case that the selected ciphersuite is
+         * sufficiently strong that the attack can gain no advantage.
+         * Therefore we always require an 80-bit cipher. */
+        ssl_GetSpecReadLock(ss);
+        maybeFalseStart = ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10;
+        ssl_ReleaseSpecReadLock(ss);
+
+        if (!maybeFalseStart) {
+            SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher",
+                        SSL_GETPID(), ss->fd));
+        } else {
+            PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+                        ssl_preinfo_all);
+            rv = (ss->canFalseStartCallback)(ss->fd,
+                                             ss->canFalseStartCallbackData,
+                                             &ss->ssl3.hs.canFalseStart);
+            if (rv == SECSuccess) {
+                SSL_TRC(3, ("%d: SSL[%d]: false start callback returned %s",
+                            SSL_GETPID(), ss->fd,
+                            ss->ssl3.hs.canFalseStart ? "TRUE"
+                                                      : "FALSE"));
+            } else {
+                SSL_TRC(3, ("%d: SSL[%d]: false start callback failed (%s)",
+                            SSL_GETPID(), ss->fd,
+                            PR_ErrorToName(PR_GetError())));
+            }
+            return rv;
+        }
+    }
+
+    ss->ssl3.hs.canFalseStart = PR_FALSE;
+    return SECSuccess;
+}
+
+PRBool
+ssl3_WaitingForServerSecondRound(sslSocket *ss)
+{
+    PRBool result;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    switch (ss->ssl3.hs.ws) {
+        case wait_new_session_ticket:
+        case wait_change_cipher:
+        case wait_finished:
+            result = PR_TRUE;
+            break;
+        default:
+            result = PR_FALSE;
+            break;
+    }
+
+    return result;
+}
+
+static SECStatus ssl3_SendClientSecondRound(sslSocket *ss);
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
+ * a complete ssl3 Server Hello Done message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleServerHelloDone(sslSocket *ss)
+{
+    SECStatus rv;
+    SSL3WaitState ws = ss->ssl3.hs.ws;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle server_hello_done handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    /* Skipping CertificateRequest is always permitted. */
+    if (ws != wait_hello_done &&
+        ws != wait_cert_request) {
+        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+        return SECFailure;
+    }
+
+    rv = ssl3_SendClientSecondRound(ss);
+
+    return rv;
+}
+
+/* Called from ssl3_HandleServerHelloDone and ssl3_AuthCertificateComplete.
+ *
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_SendClientSecondRound(sslSocket *ss)
+{
+    SECStatus rv;
+    PRBool sendClientCert;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    sendClientCert = !ss->ssl3.sendEmptyCert &&
+                     ss->ssl3.clientCertChain != NULL &&
+                     ss->ssl3.clientPrivateKey != NULL;
+
+    /* We must wait for the server's certificate to be authenticated before
+     * sending the client certificate in order to disclosing the client
+     * certificate to an attacker that does not have a valid cert for the
+     * domain we are connecting to.
+     *
+     * XXX: We should do the same for the NPN extension, but for that we
+     * need an option to give the application the ability to leak the NPN
+     * information to get better performance.
+     *
+     * During the initial handshake on a connection, we never send/receive
+     * application data until we have authenticated the server's certificate;
+     * i.e. we have fully authenticated the handshake before using the cipher
+     * specs agreed upon for that handshake. During a renegotiation, we may
+     * continue sending and receiving application data during the handshake
+     * interleaved with the handshake records. If we were to send the client's
+     * second round for a renegotiation before the server's certificate was
+     * authenticated, then the application data sent/received after this point
+     * would be using cipher spec that hadn't been authenticated. By waiting
+     * until the server's certificate has been authenticated during
+     * renegotiations, we ensure that renegotiations have the same property
+     * as initial handshakes; i.e. we have fully authenticated the handshake
+     * before using the cipher specs agreed upon for that handshake for
+     * application data.
+     */
+    if (ss->ssl3.hs.restartTarget) {
+        PR_NOT_REACHED("unexpected ss->ssl3.hs.restartTarget");
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (ss->ssl3.hs.authCertificatePending &&
+        (sendClientCert || ss->ssl3.sendEmptyCert || ss->firstHsDone)) {
+        SSL_TRC(3, ("%d: SSL3[%p]: deferring ssl3_SendClientSecondRound because"
+                    " certificate authentication is still pending.",
+                    SSL_GETPID(), ss->fd));
+        ss->ssl3.hs.restartTarget = ssl3_SendClientSecondRound;
+        return SECWouldBlock;
+    }
+
+    ssl_GetXmitBufLock(ss); /*******************************/
+
+    if (ss->ssl3.sendEmptyCert) {
+        ss->ssl3.sendEmptyCert = PR_FALSE;
+        rv = ssl3_SendEmptyCertificate(ss);
+        /* Don't send verify */
+        if (rv != SECSuccess) {
+            goto loser; /* error code is set. */
+        }
+    } else if (sendClientCert) {
+        rv = ssl3_SendCertificate(ss);
+        if (rv != SECSuccess) {
+            goto loser; /* error code is set. */
+        }
+    }
+
+    rv = ssl3_SendClientKeyExchange(ss);
+    if (rv != SECSuccess) {
+        goto loser; /* err is set. */
+    }
+
+    if (sendClientCert) {
+        rv = ssl3_SendCertificateVerify(ss, ss->ssl3.clientPrivateKey);
+        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+        ss->ssl3.clientPrivateKey = NULL;
+        if (rv != SECSuccess) {
+            goto loser; /* err is set. */
+        }
+    }
+
+    rv = ssl3_SendChangeCipherSpecs(ss);
+    if (rv != SECSuccess) {
+        goto loser; /* err code was set. */
+    }
+
+    /* This must be done after we've set ss->ssl3.cwSpec in
+     * ssl3_SendChangeCipherSpecs because SSL_GetChannelInfo uses information
+     * from cwSpec. This must be done before we call ssl3_CheckFalseStart
+     * because the false start callback (if any) may need the information from
+     * the functions that depend on this being set.
+     */
+    ss->enoughFirstHsDone = PR_TRUE;
+
+    if (!ss->firstHsDone) {
+        /* XXX: If the server's certificate hasn't been authenticated by this
+         * point, then we may be leaking this NPN message to an attacker.
+         */
+        rv = ssl3_SendNextProto(ss);
+        if (rv != SECSuccess) {
+            goto loser; /* err code was set. */
+        }
+
+        if (ss->opt.enableFalseStart) {
+            if (!ss->ssl3.hs.authCertificatePending) {
+                /* When we fix bug 589047, we will need to know whether we are
+                 * false starting before we try to flush the client second
+                 * round to the network. With that in mind, we purposefully
+                 * call ssl3_CheckFalseStart before calling ssl3_SendFinished,
+                 * which includes a call to ssl3_FlushHandshake, so that
+                 * no application develops a reliance on such flushing being
+                 * done before its false start callback is called.
+                 */
+                ssl_ReleaseXmitBufLock(ss);
+                rv = ssl3_CheckFalseStart(ss);
+                ssl_GetXmitBufLock(ss);
+                if (rv != SECSuccess) {
+                    goto loser;
+                }
+            } else {
+                /* The certificate authentication and the server's Finished
+                 * message are racing each other. If the certificate
+                 * authentication wins, then we will try to false start in
+                 * ssl3_AuthCertificateComplete.
+                 */
+                SSL_TRC(3, ("%d: SSL3[%p]: deferring false start check because"
+                            " certificate authentication is still pending.",
+                            SSL_GETPID(), ss->fd));
+            }
+        }
+    }
+
+    rv = ssl3_SendFinished(ss, 0);
+    if (rv != SECSuccess) {
+        goto loser; /* err code was set. */
+    }
+
+    ssl_ReleaseXmitBufLock(ss); /*******************************/
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn))
+        ss->ssl3.hs.ws = wait_new_session_ticket;
+    else
+        ss->ssl3.hs.ws = wait_change_cipher;
+
+    PORT_Assert(ssl3_WaitingForServerSecondRound(ss));
+
+    return SECSuccess;
+
+loser:
+    ssl_ReleaseXmitBufLock(ss);
+    return rv;
+}
+
+/*
+ * Routines used by servers
+ */
+static SECStatus
+ssl3_SendHelloRequest(sslSocket *ss)
+{
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send hello_request handshake", SSL_GETPID(),
+                ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    rv = ssl3_AppendHandshakeHeader(ss, hello_request, 0);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake */
+    }
+    rv = ssl3_FlushHandshake(ss, 0);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by ssl3_FlushHandshake */
+    }
+    ss->ssl3.hs.ws = wait_client_hello;
+    return SECSuccess;
+}
+
+/*
+ * Called from:
+ *  ssl3_HandleClientHello()
+ */
+static SECComparison
+ssl3_ServerNameCompare(const SECItem *name1, const SECItem *name2)
+{
+    if (!name1 != !name2) {
+        return SECLessThan;
+    }
+    if (!name1) {
+        return SECEqual;
+    }
+    if (name1->type != name2->type) {
+        return SECLessThan;
+    }
+    return SECITEM_CompareItem(name1, name2);
+}
+
+/* Sets memory error when returning NULL.
+ * Called from:
+ *  ssl3_SendClientHello()
+ *  ssl3_HandleServerHello()
+ *  ssl3_HandleClientHello()
+ *  ssl3_HandleV2ClientHello()
+ */
+sslSessionID *
+ssl3_NewSessionID(sslSocket *ss, PRBool is_server)
+{
+    sslSessionID *sid;
+
+    sid = PORT_ZNew(sslSessionID);
+    if (sid == NULL)
+        return sid;
+
+    if (is_server) {
+        const SECItem *srvName;
+        SECStatus rv = SECSuccess;
+
+        ssl_GetSpecReadLock(ss); /********************************/
+        srvName = &ss->ssl3.hs.srvVirtName;
+        if (srvName->len && srvName->data) {
+            rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.srvName, srvName);
+        }
+        ssl_ReleaseSpecReadLock(ss); /************************************/
+        if (rv != SECSuccess) {
+            PORT_Free(sid);
+            return NULL;
+        }
+    }
+    sid->peerID = (ss->peerID == NULL) ? NULL : PORT_Strdup(ss->peerID);
+    sid->urlSvrName = (ss->url == NULL) ? NULL : PORT_Strdup(ss->url);
+    sid->addr = ss->sec.ci.peer;
+    sid->port = ss->sec.ci.port;
+    sid->references = 1;
+    sid->cached = never_cached;
+    sid->version = ss->version;
+
+    sid->u.ssl3.keys.resumable = PR_TRUE;
+    sid->u.ssl3.policy = SSL_ALLOWED;
+    sid->u.ssl3.clientWriteKey = NULL;
+    sid->u.ssl3.serverWriteKey = NULL;
+    sid->u.ssl3.keys.extendedMasterSecretUsed = PR_FALSE;
+
+    if (is_server) {
+        SECStatus rv;
+        int pid = SSL_GETPID();
+
+        sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES;
+        sid->u.ssl3.sessionID[0] = (pid >> 8) & 0xff;
+        sid->u.ssl3.sessionID[1] = pid & 0xff;
+        rv = PK11_GenerateRandom(sid->u.ssl3.sessionID + 2,
+                                 SSL3_SESSIONID_BYTES - 2);
+        if (rv != SECSuccess) {
+            ssl_FreeSID(sid);
+            ssl_MapLowLevelError(SSL_ERROR_GENERATE_RANDOM_FAILURE);
+            return NULL;
+        }
+    }
+    return sid;
+}
+
+/* Called from:  ssl3_HandleClientHello, ssl3_HandleV2ClientHello */
+static SECStatus
+ssl3_SendServerHelloSequence(sslSocket *ss)
+{
+    const ssl3KEADef *kea_def;
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: begin send server_hello sequence",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    rv = ssl3_SendServerHello(ss);
+    if (rv != SECSuccess) {
+        return rv; /* err code is set. */
+    }
+    rv = ssl3_SendCertificate(ss);
+    if (rv != SECSuccess) {
+        return rv; /* error code is set. */
+    }
+    rv = ssl3_SendCertificateStatus(ss);
+    if (rv != SECSuccess) {
+        return rv; /* error code is set. */
+    }
+    /* We have to do this after the call to ssl3_SendServerHello,
+     * because kea_def is set up by ssl3_SendServerHello().
+     */
+    kea_def = ss->ssl3.hs.kea_def;
+
+    if (kea_def->ephemeral) {
+        rv = ssl3_SendServerKeyExchange(ss);
+        if (rv != SECSuccess) {
+            return rv; /* err code was set. */
+        }
+    }
+
+    if (ss->opt.requestCertificate) {
+        rv = ssl3_SendCertificateRequest(ss);
+        if (rv != SECSuccess) {
+            return rv; /* err code is set. */
+        }
+    }
+    rv = ssl3_SendServerHelloDone(ss);
+    if (rv != SECSuccess) {
+        return rv; /* err code is set. */
+    }
+
+    ss->ssl3.hs.ws = (ss->opt.requestCertificate) ? wait_client_cert
+                                                  : wait_client_key;
+    return SECSuccess;
+}
+
+/* An empty TLS Renegotiation Info (RI) extension */
+static const PRUint8 emptyRIext[5] = { 0xff, 0x01, 0x00, 0x01, 0x00 };
+
+static PRBool
+ssl3_KEASupportsTickets(const ssl3KEADef *kea_def)
+{
+    if (kea_def->signKeyType == dsaKey) {
+        /* TODO: Fix session tickets for DSS. The server code rejects the
+         * session ticket received from the client. Bug 1174677 */
+        return PR_FALSE;
+    }
+    return PR_TRUE;
+}
+
+/* Select a cipher suite.
+**
+** NOTE: This suite selection algorithm should be the same as the one in
+** ssl3_HandleV2ClientHello().
+**
+** If TLS 1.0 is enabled, we could handle the case where the client
+** offered TLS 1.1 but offered only export cipher suites by choosing TLS
+** 1.0 and selecting one of those export cipher suites. However, a secure
+** TLS 1.1 client should not have export cipher suites enabled at all,
+** and a TLS 1.1 client should definitely not be offering *only* export
+** cipher suites. Therefore, we refuse to negotiate export cipher suites
+** with any client that indicates support for TLS 1.1 or higher when we
+** (the server) have TLS 1.1 support enabled.
+*/
+SECStatus
+ssl3_NegotiateCipherSuite(sslSocket *ss, const SECItem *suites,
+                          PRBool initHashes)
+{
+    int j;
+    int i;
+
+    for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
+        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
+        SSLVersionRange vrange = { ss->version, ss->version };
+        if (!config_match(suite, ss->ssl3.policy, &vrange, ss)) {
+            continue;
+        }
+        for (i = 0; i + 1 < suites->len; i += 2) {
+            PRUint16 suite_i = (suites->data[i] << 8) | suites->data[i + 1];
+            if (suite_i == suite->cipher_suite) {
+                return ssl3_SetCipherSuite(ss, suite_i, initHashes);
+            }
+        }
+    }
+    return SECFailure;
+}
+
+/*
+ * Call the SNI config hook.
+ *
+ * Called from:
+ *   ssl3_HandleClientHello
+ *   tls13_HandleClientHelloPart2
+ */
+SECStatus
+ssl3_ServerCallSNICallback(sslSocket *ss)
+{
+    int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
+    SSL3AlertDescription desc = illegal_parameter;
+    int ret = 0;
+
+#ifdef SSL_SNI_ALLOW_NAME_CHANGE_2HS
+#error("No longer allowed to set SSL_SNI_ALLOW_NAME_CHANGE_2HS")
+#endif
+    if (!ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) {
+        if (ss->firstHsDone) {
+            /* Check that we don't have the name is current spec
+             * if this extension was not negotiated on the 2d hs. */
+            PRBool passed = PR_TRUE;
+            ssl_GetSpecReadLock(ss); /*******************************/
+            if (ss->ssl3.hs.srvVirtName.data) {
+                passed = PR_FALSE;
+            }
+            ssl_ReleaseSpecReadLock(ss); /***************************/
+            if (!passed) {
+                errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
+                desc = handshake_failure;
+                goto alert_loser;
+            }
+        }
+        return SECSuccess;
+    }
+
+    if (ss->sniSocketConfig)
+        do { /* not a loop */
+            PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+                        ssl_preinfo_all);
+
+            ret = SSL_SNI_SEND_ALERT;
+            /* If extension is negotiated, the len of names should > 0. */
+            if (ss->xtnData.sniNameArrSize) {
+                /* Calling client callback to reconfigure the socket. */
+                ret = (SECStatus)(*ss->sniSocketConfig)(ss->fd,
+                                                        ss->xtnData.sniNameArr,
+                                                        ss->xtnData.sniNameArrSize,
+                                                        ss->sniSocketConfigArg);
+            }
+            if (ret <= SSL_SNI_SEND_ALERT) {
+                /* Application does not know the name or was not able to
+                 * properly reconfigure the socket. */
+                errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
+                desc = unrecognized_name;
+                break;
+            } else if (ret == SSL_SNI_CURRENT_CONFIG_IS_USED) {
+                SECStatus rv = SECSuccess;
+                SECItem pwsNameBuf = { 0, NULL, 0 };
+                SECItem *pwsName = &pwsNameBuf;
+                SECItem *cwsName;
+
+                ssl_GetSpecWriteLock(ss); /*******************************/
+                cwsName = &ss->ssl3.hs.srvVirtName;
+                /* not allow name change on the 2d HS */
+                if (ss->firstHsDone) {
+                    if (ssl3_ServerNameCompare(pwsName, cwsName)) {
+                        ssl_ReleaseSpecWriteLock(ss); /******************/
+                        errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
+                        desc = handshake_failure;
+                        ret = SSL_SNI_SEND_ALERT;
+                        break;
+                    }
+                }
+                if (pwsName->data) {
+                    SECITEM_FreeItem(pwsName, PR_FALSE);
+                }
+                if (cwsName->data) {
+                    rv = SECITEM_CopyItem(NULL, pwsName, cwsName);
+                }
+                ssl_ReleaseSpecWriteLock(ss); /**************************/
+                if (rv != SECSuccess) {
+                    errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
+                    desc = internal_error;
+                    ret = SSL_SNI_SEND_ALERT;
+                    break;
+                }
+            } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) {
+                /* Application has configured new socket info. Lets check it
+                 * and save the name. */
+                SECStatus rv;
+                SECItem *name = &ss->xtnData.sniNameArr[ret];
+                int configedCiphers;
+                SECItem *pwsName;
+
+                /* get rid of the old name and save the newly picked. */
+                /* This code is protected by ssl3HandshakeLock. */
+                ssl_GetSpecWriteLock(ss); /*******************************/
+                /* not allow name change on the 2d HS */
+                if (ss->firstHsDone) {
+                    SECItem *cwsName = &ss->ssl3.hs.srvVirtName;
+                    if (ssl3_ServerNameCompare(name, cwsName)) {
+                        ssl_ReleaseSpecWriteLock(ss); /******************/
+                        errCode = SSL_ERROR_UNRECOGNIZED_NAME_ALERT;
+                        desc = handshake_failure;
+                        ret = SSL_SNI_SEND_ALERT;
+                        break;
+                    }
+                }
+                pwsName = &ss->ssl3.hs.srvVirtName;
+                if (pwsName->data) {
+                    SECITEM_FreeItem(pwsName, PR_FALSE);
+                }
+                rv = SECITEM_CopyItem(NULL, pwsName, name);
+                ssl_ReleaseSpecWriteLock(ss); /***************************/
+                if (rv != SECSuccess) {
+                    errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
+                    desc = internal_error;
+                    ret = SSL_SNI_SEND_ALERT;
+                    break;
+                }
+                configedCiphers = ssl3_config_match_init(ss);
+                if (configedCiphers <= 0) {
+                    /* no ciphers are working/supported */
+                    errCode = PORT_GetError();
+                    desc = handshake_failure;
+                    ret = SSL_SNI_SEND_ALERT;
+                    break;
+                }
+                /* Need to tell the client that application has picked
+                 * the name from the offered list and reconfigured the socket.
+                 */
+                ssl3_RegisterExtensionSender(ss, &ss->xtnData, ssl_server_name_xtn,
+                                             ssl3_SendServerNameXtn);
+            } else {
+                /* Callback returned index outside of the boundary. */
+                PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize);
+                errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
+                desc = internal_error;
+                ret = SSL_SNI_SEND_ALERT;
+                break;
+            }
+        } while (0);
+    ssl3_FreeSniNameArray(&ss->xtnData);
+    if (ret <= SSL_SNI_SEND_ALERT) {
+        /* desc and errCode should be set. */
+        goto alert_loser;
+    }
+
+    return SECSuccess;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+    PORT_SetError(errCode);
+    return SECFailure;
+}
+
+SECStatus
+ssl3_SelectServerCert(sslSocket *ss)
+{
+    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
+    PRCList *cursor;
+
+    /* If the client didn't include the supported groups extension, assume just
+     * P-256 support and disable all the other ECDHE groups.  This also affects
+     * ECDHE group selection, but this function is called first. */
+    if (!ssl3_ExtensionNegotiated(ss, ssl_supported_groups_xtn)) {
+        unsigned int i;
+        for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+            if (ss->namedGroupPreferences[i] &&
+                ss->namedGroupPreferences[i]->keaType == ssl_kea_ecdh &&
+                ss->namedGroupPreferences[i]->name != ssl_grp_ec_secp256r1) {
+                ss->namedGroupPreferences[i] = NULL;
+            }
+        }
+    }
+
+    /* This picks the first certificate that has:
+     * a) the right authentication method, and
+     * b) the right named curve (EC only)
+     *
+     * We might want to do some sort of ranking here later.  For now, it's all
+     * based on what order they are configured in. */
+    for (cursor = PR_NEXT_LINK(&ss->serverCerts);
+         cursor != &ss->serverCerts;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslServerCert *cert = (sslServerCert *)cursor;
+        if (!SSL_CERT_IS(cert, kea_def->authKeyType)) {
+            continue;
+        }
+        if (SSL_CERT_IS_EC(cert) &&
+            !ssl_NamedGroupEnabled(ss, cert->namedCurve)) {
+            continue;
+        }
+
+        /* Found one. */
+        ss->sec.serverCert = cert;
+        ss->sec.authType = kea_def->authKeyType;
+        ss->sec.authKeyBits = cert->serverKeyBits;
+
+        /* Don't pick a signature scheme if we aren't going to use it. */
+        if (kea_def->signKeyType == nullKey) {
+            return SECSuccess;
+        }
+        return ssl3_PickServerSignatureScheme(ss);
+    }
+
+    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+    return SECFailure;
+}
+
+/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
+ * ssl3 Client Hello message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    sslSessionID *sid = NULL;
+    PRUint32 tmp;
+    unsigned int i;
+    SECStatus rv;
+    int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
+    SSL3AlertDescription desc = illegal_parameter;
+    SSL3AlertLevel level = alert_fatal;
+    SSL3ProtocolVersion version;
+    TLSExtension *versionExtension;
+    SECItem sidBytes = { siBuffer, NULL, 0 };
+    SECItem cookieBytes = { siBuffer, NULL, 0 };
+    SECItem suites = { siBuffer, NULL, 0 };
+    SECItem comps = { siBuffer, NULL, 0 };
+    PRBool isTLS13;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.initialized);
+    ss->ssl3.hs.preliminaryInfo = 0;
+
+    if (!ss->sec.isServer ||
+        (ss->ssl3.hs.ws != wait_client_hello &&
+         ss->ssl3.hs.ws != idle_handshake)) {
+        desc = unexpected_message;
+        errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
+        goto alert_loser;
+    }
+    if (ss->ssl3.hs.ws == idle_handshake) {
+        /* Refuse re-handshake when we have already negotiated TLS 1.3. */
+        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+            desc = unexpected_message;
+            errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
+            goto alert_loser;
+        }
+        if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) {
+            desc = no_renegotiation;
+            level = alert_warning;
+            errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
+            goto alert_loser;
+        }
+    }
+
+    /* Get peer name of client */
+    rv = ssl_GetPeerInfo(ss);
+    if (rv != SECSuccess) {
+        return rv; /* error code is set. */
+    }
+
+    /* We might be starting session renegotiation in which case we should
+     * clear previous state.
+     */
+    ssl3_ResetExtensionData(&ss->xtnData);
+    ss->statelessResume = PR_FALSE;
+
+    if (IS_DTLS(ss)) {
+        dtls_RehandshakeCleanup(ss);
+    }
+
+    rv = ssl3_ConsumeHandshakeNumber(ss, &tmp, 2, &b, &length);
+    if (rv != SECSuccess)
+        goto loser; /* malformed, alert already sent */
+
+    /* Translate the version. */
+    if (IS_DTLS(ss)) {
+        ss->clientHelloVersion = version =
+            dtls_DTLSVersionToTLSVersion((SSL3ProtocolVersion)tmp);
+    } else {
+        ss->clientHelloVersion = version = (SSL3ProtocolVersion)tmp;
+    }
+
+    /* Grab the client random data. */
+    rv = ssl3_ConsumeHandshake(
+        ss, &ss->ssl3.hs.client_random, SSL3_RANDOM_LENGTH, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed */
+    }
+
+    /* Grab the client's SID, if present. */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &sidBytes, 1, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed */
+    }
+
+    /* Grab the client's cookie, if present. */
+    if (IS_DTLS(ss)) {
+        rv = ssl3_ConsumeHandshakeVariable(ss, &cookieBytes, 1, &b, &length);
+        if (rv != SECSuccess) {
+            goto loser; /* malformed */
+        }
+    }
+
+    /* Grab the list of cipher suites. */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &suites, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed */
+    }
+
+    /* Grab the list of compression methods. */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &comps, 1, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed */
+    }
+
+    /* Handle TLS hello extensions for SSL3 & TLS. We do not know if
+     * we are restarting a previous session until extensions have been
+     * parsed, since we might have received a SessionTicket extension.
+     * Note: we allow extensions even when negotiating SSL3 for the sake
+     * of interoperability (and backwards compatibility).
+     */
+
+    if (length) {
+        /* Get length of hello extensions */
+        PRUint32 extension_length;
+        rv = ssl3_ConsumeHandshakeNumber(ss, &extension_length, 2, &b, &length);
+        if (rv != SECSuccess) {
+            goto loser; /* alert already sent */
+        }
+        if (extension_length != length) {
+            ssl3_DecodeError(ss); /* send alert */
+            goto loser;
+        }
+
+        rv = ssl3_ParseExtensions(ss, &b, &length);
+        if (rv != SECSuccess) {
+            goto loser; /* malformed */
+        }
+    }
+
+    versionExtension = ssl3_FindExtension(ss, ssl_tls13_supported_versions_xtn);
+    if (versionExtension) {
+        rv = tls13_NegotiateVersion(ss, versionExtension);
+        if (rv != SECSuccess) {
+            errCode = PORT_GetError();
+            desc = (errCode == SSL_ERROR_UNSUPPORTED_VERSION) ? protocol_version : illegal_parameter;
+            goto alert_loser;
+        }
+    } else {
+        /* The PR_MIN here ensures that we never negotiate 1.3 if the
+         * peer didn't offer "supported_versions". */
+        rv = ssl3_NegotiateVersion(ss,
+                                   PR_MIN(version,
+                                          SSL_LIBRARY_VERSION_TLS_1_2),
+                                   PR_TRUE);
+        if (rv != SECSuccess) {
+            desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
+                                                       : handshake_failure;
+            errCode = SSL_ERROR_UNSUPPORTED_VERSION;
+            goto alert_loser;
+        }
+    }
+    isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
+    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
+
+    /* You can't resume TLS 1.3 like this. */
+    if (isTLS13 && sidBytes.len) {
+        goto alert_loser;
+    }
+
+    /* Generate the Server Random now so it is available
+     * when we process the ClientKeyShare in TLS 1.3 */
+    rv = ssl3_GetNewRandom(&ss->ssl3.hs.server_random);
+    if (rv != SECSuccess) {
+        errCode = SSL_ERROR_GENERATE_RANDOM_FAILURE;
+        goto loser;
+    }
+
+#ifndef TLS_1_3_DRAFT_VERSION
+    /*
+     * [draft-ietf-tls-tls13-11 Section 6.3.1.1].
+     * TLS 1.3 server implementations which respond to a ClientHello with a
+     * client_version indicating TLS 1.2 or below MUST set the last eight
+     * bytes of their Random value to the bytes:
+     *
+     * 44 4F 57 4E 47 52 44 01
+     *
+     * TLS 1.2 server implementations which respond to a ClientHello with a
+     * client_version indicating TLS 1.1 or below SHOULD set the last eight
+     * bytes of their Random value to the bytes:
+     *
+     * 44 4F 57 4E 47 52 44 00
+     *
+     * TODO(ekr@rtfm.com): Note this change was not added in the SSLv2
+     * compat processing code since that will most likely be removed before
+     * we ship the final version of TLS 1.3. Bug 1306672.
+     */
+    if (ss->vrange.max > ss->version) {
+        unsigned char *downgrade_sentinel =
+            ss->ssl3.hs.server_random.rand +
+            SSL3_RANDOM_LENGTH - sizeof(tls13_downgrade_random);
+
+        switch (ss->vrange.max) {
+            case SSL_LIBRARY_VERSION_TLS_1_3:
+                PORT_Memcpy(downgrade_sentinel,
+                            tls13_downgrade_random,
+                            sizeof(tls13_downgrade_random));
+                break;
+            case SSL_LIBRARY_VERSION_TLS_1_2:
+                PORT_Memcpy(downgrade_sentinel,
+                            tls12_downgrade_random,
+                            sizeof(tls12_downgrade_random));
+                break;
+            default:
+                /* Do not change random. */
+                break;
+        }
+    }
+#endif
+
+    /* Now parse the rest of the extensions. */
+    rv = ssl3_HandleParsedExtensions(ss, client_hello);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed */
+    }
+
+    /* If the ClientHello version is less than our maximum version, check for a
+     * TLS_FALLBACK_SCSV and reject the connection if found. */
+    if (ss->vrange.max > ss->version) {
+        for (i = 0; i + 1 < suites.len; i += 2) {
+            PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
+            if (suite_i != TLS_FALLBACK_SCSV)
+                continue;
+            desc = inappropriate_fallback;
+            errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
+            goto alert_loser;
+        }
+    }
+
+    /* TLS 1.3 requires that compression only include null. */
+    if (isTLS13) {
+        if (comps.len != 1 || comps.data[0] != ssl_compression_null) {
+            goto alert_loser;
+        }
+    }
+
+    if (!ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
+        /* If we didn't receive an RI extension, look for the SCSV,
+         * and if found, treat it just like an empty RI extension
+         * by processing a local copy of an empty RI extension.
+         */
+        for (i = 0; i + 1 < suites.len; i += 2) {
+            PRUint16 suite_i = (suites.data[i] << 8) | suites.data[i + 1];
+            if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
+                SSL3Opaque *b2 = (SSL3Opaque *)emptyRIext;
+                PRUint32 L2 = sizeof emptyRIext;
+                (void)ssl3_HandleExtensions(ss, &b2, &L2, client_hello);
+                break;
+            }
+        }
+    }
+    /* This is a second check for TLS 1.3 and re-handshake to stop us
+     * from re-handshake up to TLS 1.3, so it happens after version
+     * negotiation. */
+    if (ss->firstHsDone && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        desc = unexpected_message;
+        errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
+        goto alert_loser;
+    }
+    if (ss->firstHsDone &&
+        (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_REQUIRES_XTN ||
+         ss->opt.enableRenegotiation == SSL_RENEGOTIATE_TRANSITIONAL) &&
+        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
+        desc = no_renegotiation;
+        level = alert_warning;
+        errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED;
+        goto alert_loser;
+    }
+    if ((ss->opt.requireSafeNegotiation ||
+         (ss->firstHsDone && ss->peerRequestedProtection)) &&
+        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
+        desc = handshake_failure;
+        errCode = SSL_ERROR_UNSAFE_NEGOTIATION;
+        goto alert_loser;
+    }
+
+    /* We do stateful resumes only if we are in TLS < 1.3 and
+     * either of the following conditions are satisfied:
+     * (1) the client does not support the session ticket extension, or
+     * (2) the client support the session ticket extension, but sent an
+     * empty ticket.
+     */
+    if ((ss->version < SSL_LIBRARY_VERSION_TLS_1_3) &&
+        (!ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) ||
+         ss->xtnData.emptySessionTicket)) {
+        if (sidBytes.len > 0 && !ss->opt.noCache) {
+            SSL_TRC(7, ("%d: SSL3[%d]: server, lookup client session-id for 0x%08x%08x%08x%08x",
+                        SSL_GETPID(), ss->fd, ss->sec.ci.peer.pr_s6_addr32[0],
+                        ss->sec.ci.peer.pr_s6_addr32[1],
+                        ss->sec.ci.peer.pr_s6_addr32[2],
+                        ss->sec.ci.peer.pr_s6_addr32[3]));
+            if (ssl_sid_lookup) {
+                sid = (*ssl_sid_lookup)(&ss->sec.ci.peer, sidBytes.data,
+                                        sidBytes.len, ss->dbHandle);
+            } else {
+                errCode = SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED;
+                goto loser;
+            }
+        }
+    } else if (ss->statelessResume) {
+        /* Fill in the client's session ID if doing a stateless resume.
+         * (When doing stateless resumes, server echos client's SessionID.)
+         * This branch also handles TLS 1.3 resumption-PSK.
+         */
+        sid = ss->sec.ci.sid;
+        PORT_Assert(sid != NULL); /* Should have already been filled in.*/
+
+        if (sidBytes.len > 0 && sidBytes.len <= SSL3_SESSIONID_BYTES) {
+            sid->u.ssl3.sessionIDLength = sidBytes.len;
+            PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data,
+                        sidBytes.len);
+            sid->u.ssl3.sessionIDLength = sidBytes.len;
+        } else {
+            sid->u.ssl3.sessionIDLength = 0;
+        }
+        ss->sec.ci.sid = NULL;
+    }
+
+    /* Free a potentially leftover session ID from a previous handshake. */
+    if (ss->sec.ci.sid) {
+        ssl_FreeSID(ss->sec.ci.sid);
+        ss->sec.ci.sid = NULL;
+    }
+
+    if (sid != NULL) {
+        /* We've found a session cache entry for this client.
+         * Now, if we're going to require a client-auth cert,
+         * and we don't already have this client's cert in the session cache,
+         * and this is the first handshake on this connection (not a redo),
+         * then drop this old cache entry and start a new session.
+         */
+        if ((sid->peerCert == NULL) && ss->opt.requestCertificate &&
+            ((ss->opt.requireCertificate == SSL_REQUIRE_ALWAYS) ||
+             (ss->opt.requireCertificate == SSL_REQUIRE_NO_ERROR) ||
+             ((ss->opt.requireCertificate == SSL_REQUIRE_FIRST_HANDSHAKE) &&
+              !ss->firstHsDone))) {
+
+            SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_not_ok);
+            ss->sec.uncache(sid);
+            ssl_FreeSID(sid);
+            sid = NULL;
+        }
+    }
+
+    if (IS_DTLS(ss)) {
+        ssl3_DisableNonDTLSSuites(ss);
+    }
+
+#ifdef PARANOID
+    /* Look for a matching cipher suite. */
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) {                  /* no ciphers are working/supported by PK11 */
+        errCode = PORT_GetError(); /* error code is already set. */
+        goto alert_loser;
+    }
+#endif
+
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = tls13_HandleClientHelloPart2(ss, &suites, sid);
+    } else {
+        rv = ssl3_HandleClientHelloPart2(ss, &suites, &comps, sid);
+    }
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        goto loser;
+    }
+    return SECSuccess;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, level, desc);
+/* FALLTHRU */
+loser:
+    PORT_SetError(errCode);
+    return SECFailure;
+}
+
+static SECStatus
+ssl3_HandleClientHelloPart2(sslSocket *ss,
+                            SECItem *suites,
+                            SECItem *comps,
+                            sslSessionID *sid)
+{
+    PRBool haveSpecWriteLock = PR_FALSE;
+    PRBool haveXmitBufLock = PR_FALSE;
+    int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
+    SSL3AlertDescription desc = illegal_parameter;
+    SECStatus rv;
+    unsigned int i;
+    int j;
+
+    /* If we already have a session for this client, be sure to pick the
+    ** same cipher suite and compression method we picked before.
+    ** This is not a loop, despite appearances.
+    */
+    if (sid)
+        do {
+            ssl3CipherSuiteCfg *suite;
+#ifdef PARANOID
+            SSLVersionRange vrange = { ss->version, ss->version };
+#endif
+
+            /* Check that the cached compression method is still enabled. */
+            if (!ssl_CompressionEnabled(ss, sid->u.ssl3.compression))
+                break;
+
+            /* Check that the cached compression method is in the client's list */
+            for (i = 0; i < comps->len; i++) {
+                if (comps->data[i] == sid->u.ssl3.compression)
+                    break;
+            }
+            if (i == comps->len)
+                break;
+
+            suite = ss->cipherSuites;
+            /* Find the entry for the cipher suite used in the cached session. */
+            for (j = ssl_V3_SUITES_IMPLEMENTED; j > 0; --j, ++suite) {
+                if (suite->cipher_suite == sid->u.ssl3.cipherSuite)
+                    break;
+            }
+            PORT_Assert(j > 0);
+            if (j <= 0)
+                break;
+#ifdef PARANOID
+            /* Double check that the cached cipher suite is still enabled,
+             * implemented, and allowed by policy.  Might have been disabled.
+             * The product policy won't change during the process lifetime.
+             * Implemented ("isPresent") shouldn't change for servers.
+             */
+            if (!config_match(suite, ss->ssl3.policy, &vrange, ss))
+                break;
+#else
+            if (!suite->enabled)
+                break;
+#endif
+            /* Double check that the cached cipher suite is in the client's
+             * list.  If it isn't, fall through and start a new session. */
+            for (i = 0; i + 1 < suites->len; i += 2) {
+                PRUint16 suite_i = (suites->data[i] << 8) | suites->data[i + 1];
+                if (suite_i == suite->cipher_suite) {
+                    rv = ssl3_SetCipherSuite(ss, suite_i, PR_TRUE);
+                    if (rv != SECSuccess) {
+                        desc = internal_error;
+                        errCode = PORT_GetError();
+                        goto alert_loser;
+                    }
+
+                    /* Use the cached compression method. */
+                    ss->ssl3.hs.compression =
+                        sid->u.ssl3.compression;
+                    goto compression_found;
+                }
+            }
+        } while (0);
+/* START A NEW SESSION */
+
+#ifndef PARANOID
+    /* Look for a matching cipher suite. */
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) { /* no ciphers are working/supported by PK11 */
+        desc = internal_error;
+        errCode = PORT_GetError(); /* error code is already set. */
+        goto alert_loser;
+    }
+#endif
+
+    rv = ssl3_NegotiateCipherSuite(ss, suites, PR_TRUE);
+    if (rv != SECSuccess) {
+        desc = handshake_failure;
+        errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+        goto alert_loser;
+    }
+
+    /* Select a compression algorithm. */
+    for (i = 0; i < comps->len; i++) {
+        SSLCompressionMethod method = (SSLCompressionMethod)comps->data[i];
+        if (!ssl_CompressionEnabled(ss, method))
+            continue;
+        for (j = 0; j < ssl_compression_method_count; j++) {
+            if (method == ssl_compression_methods[j]) {
+                ss->ssl3.hs.compression = ssl_compression_methods[j];
+                goto compression_found;
+            }
+        }
+    }
+    errCode = SSL_ERROR_NO_COMPRESSION_OVERLAP;
+    /* null compression must be supported */
+    goto alert_loser;
+
+compression_found:
+    suites->data = NULL;
+    comps->data = NULL;
+
+    /* If there are any failures while processing the old sid,
+     * we don't consider them to be errors.  Instead, We just behave
+     * as if the client had sent us no sid to begin with, and make a new one.
+     * The exception here is attempts to resume extended_master_secret
+     * sessions without the extension, which causes an alert.
+     */
+    if (sid != NULL)
+        do {
+            ssl3CipherSpec *pwSpec;
+            SECItem wrappedMS; /* wrapped key */
+
+            if (sid->version != ss->version ||
+                sid->u.ssl3.cipherSuite != ss->ssl3.hs.cipher_suite ||
+                sid->u.ssl3.compression != ss->ssl3.hs.compression) {
+                break; /* not an error */
+            }
+
+            /* server sids don't remember the server cert we previously sent,
+            ** but they do remember the slot we originally used, so we
+            ** can locate it again, provided that the current ssl socket
+            ** has had its server certs configured the same as the previous one.
+            */
+            ss->sec.serverCert = ssl_FindServerCert(ss, sid->authType, sid->namedCurve);
+            if (!ss->sec.serverCert || !ss->sec.serverCert->serverCert) {
+                /* A compatible certificate must not have been configured.  It
+                 * might not be the same certificate, but we only find that out
+                 * when the ticket fails to decrypt. */
+                break;
+            }
+
+            /* [draft-ietf-tls-session-hash-06; Section 5.3]
+             * o  If the original session did not use the "extended_master_secret"
+             *    extension but the new ClientHello contains the extension, then the
+             *    server MUST NOT perform the abbreviated handshake.  Instead, it
+             *    SHOULD continue with a full handshake (as described in
+             *    Section 5.2) to negotiate a new session.
+             *
+             * o  If the original session used the "extended_master_secret"
+             *    extension but the new ClientHello does not contain the extension,
+             *    the server MUST abort the abbreviated handshake.
+             */
+            if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) {
+                if (!sid->u.ssl3.keys.extendedMasterSecretUsed) {
+                    break; /* not an error */
+                }
+            } else {
+                if (sid->u.ssl3.keys.extendedMasterSecretUsed) {
+                    /* Note: we do not destroy the session */
+                    desc = handshake_failure;
+                    errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET;
+                    goto alert_loser;
+                }
+            }
+
+            if (ss->sec.ci.sid) {
+                ss->sec.uncache(ss->sec.ci.sid);
+                PORT_Assert(ss->sec.ci.sid != sid); /* should be impossible, but ... */
+                if (ss->sec.ci.sid != sid) {
+                    ssl_FreeSID(ss->sec.ci.sid);
+                }
+                ss->sec.ci.sid = NULL;
+            }
+            /* we need to resurrect the master secret.... */
+
+            ssl_GetSpecWriteLock(ss);
+            haveSpecWriteLock = PR_TRUE;
+            pwSpec = ss->ssl3.pwSpec;
+            if (sid->u.ssl3.keys.msIsWrapped) {
+                PK11SymKey *wrapKey; /* wrapping key */
+                CK_FLAGS keyFlags = 0;
+
+                wrapKey = ssl3_GetWrappingKey(ss, NULL,
+                                              sid->u.ssl3.masterWrapMech,
+                                              ss->pkcs11PinArg);
+                if (!wrapKey) {
+                    /* we have a SID cache entry, but no wrapping key for it??? */
+                    break;
+                }
+
+                if (ss->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
+                    keyFlags = CKF_SIGN | CKF_VERIFY;
+                }
+
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+
+                /* unwrap the master secret. */
+                pwSpec->master_secret =
+                    PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech,
+                                               NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE,
+                                               CKA_DERIVE, sizeof(SSL3MasterSecret), keyFlags);
+                PK11_FreeSymKey(wrapKey);
+                if (pwSpec->master_secret == NULL) {
+                    break; /* not an error */
+                }
+            } else {
+                /* need to import the raw master secret to session object */
+                PK11SlotInfo *slot;
+                wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+                wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+                slot = PK11_GetInternalSlot();
+                pwSpec->master_secret =
+                    PK11_ImportSymKey(slot, CKM_SSL3_MASTER_KEY_DERIVE,
+                                      PK11_OriginUnwrap, CKA_ENCRYPT, &wrappedMS,
+                                      NULL);
+                PK11_FreeSlot(slot);
+                if (pwSpec->master_secret == NULL) {
+                    break; /* not an error */
+                }
+            }
+            ss->sec.ci.sid = sid;
+            if (sid->peerCert != NULL) {
+                ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
+            }
+
+            /*
+             * Old SID passed all tests, so resume this old session.
+             *
+             * XXX make sure compression still matches
+             */
+            SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_hits);
+            if (ss->statelessResume)
+                SSL_AtomicIncrementLong(&ssl3stats.hch_sid_stateless_resumes);
+            ss->ssl3.hs.isResuming = PR_TRUE;
+
+            ss->sec.authType = sid->authType;
+            ss->sec.authKeyBits = sid->authKeyBits;
+            ss->sec.keaType = sid->keaType;
+            ss->sec.keaKeyBits = sid->keaKeyBits;
+
+            ss->sec.localCert =
+                CERT_DupCertificate(ss->sec.serverCert->serverCert);
+
+            /* Copy cached name in to pending spec */
+            if (sid != NULL &&
+                sid->version > SSL_LIBRARY_VERSION_3_0 &&
+                sid->u.ssl3.srvName.len && sid->u.ssl3.srvName.data) {
+                /* Set server name from sid */
+                SECItem *sidName = &sid->u.ssl3.srvName;
+                SECItem *pwsName = &ss->ssl3.hs.srvVirtName;
+                if (pwsName->data) {
+                    SECITEM_FreeItem(pwsName, PR_FALSE);
+                }
+                rv = SECITEM_CopyItem(NULL, pwsName, sidName);
+                if (rv != SECSuccess) {
+                    errCode = PORT_GetError();
+                    desc = internal_error;
+                    goto alert_loser;
+                }
+            }
+
+            /* Clean up sni name array */
+            ssl3_FreeSniNameArray(&ss->xtnData);
+
+            ssl_GetXmitBufLock(ss);
+            haveXmitBufLock = PR_TRUE;
+
+            rv = ssl3_SendServerHello(ss);
+            if (rv != SECSuccess) {
+                errCode = PORT_GetError();
+                goto loser;
+            }
+
+            if (haveSpecWriteLock) {
+                ssl_ReleaseSpecWriteLock(ss);
+                haveSpecWriteLock = PR_FALSE;
+            }
+
+            /* NULL value for PMS because we are re-using the old MS */
+            rv = ssl3_InitPendingCipherSpec(ss, NULL);
+            if (rv != SECSuccess) {
+                errCode = PORT_GetError();
+                goto loser;
+            }
+
+            rv = ssl3_SendChangeCipherSpecs(ss);
+            if (rv != SECSuccess) {
+                errCode = PORT_GetError();
+                goto loser;
+            }
+            rv = ssl3_SendFinished(ss, 0);
+            ss->ssl3.hs.ws = wait_change_cipher;
+            if (rv != SECSuccess) {
+                errCode = PORT_GetError();
+                goto loser;
+            }
+
+            if (haveXmitBufLock) {
+                ssl_ReleaseXmitBufLock(ss);
+            }
+
+            return SECSuccess;
+        } while (0);
+
+    if (haveSpecWriteLock) {
+        ssl_ReleaseSpecWriteLock(ss);
+        haveSpecWriteLock = PR_FALSE;
+    }
+
+    if (sid) { /* we had a sid, but it's no longer valid, free it */
+        SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_not_ok);
+        ss->sec.uncache(sid);
+        ssl_FreeSID(sid);
+        sid = NULL;
+    }
+    SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_misses);
+
+    /* We only send a session ticket extension if the client supports
+     * the extension and we are unable to resume.
+     *
+     * TODO: send a session ticket if performing a stateful
+     * resumption.  (As per RFC4507, a server may issue a session
+     * ticket while doing a (stateless or stateful) session resume,
+     * but OpenSSL-0.9.8g does not accept session tickets while
+     * resuming.)
+     */
+    if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
+        ssl3_KEASupportsTickets(ss->ssl3.hs.kea_def)) {
+        ssl3_RegisterExtensionSender(ss, &ss->xtnData,
+                                     ssl_session_ticket_xtn,
+                                     ssl3_SendSessionTicketXtn);
+    }
+
+    rv = ssl3_ServerCallSNICallback(ss);
+    if (rv != SECSuccess) {
+        /* The alert has already been sent. */
+        errCode = PORT_GetError();
+        goto loser;
+    }
+
+    rv = ssl3_SelectServerCert(ss);
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        desc = handshake_failure;
+        goto alert_loser;
+    }
+
+    sid = ssl3_NewSessionID(ss, PR_TRUE);
+    if (sid == NULL) {
+        errCode = PORT_GetError();
+        goto loser; /* memory error is set. */
+    }
+    ss->sec.ci.sid = sid;
+
+    sid->u.ssl3.keys.extendedMasterSecretUsed =
+        ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn);
+    ss->ssl3.hs.isResuming = PR_FALSE;
+
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_SendServerHelloSequence(ss);
+    ssl_ReleaseXmitBufLock(ss);
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        desc = handshake_failure;
+        goto alert_loser;
+    }
+
+    if (haveXmitBufLock) {
+        ssl_ReleaseXmitBufLock(ss);
+    }
+
+    return SECSuccess;
+
+alert_loser:
+    if (haveSpecWriteLock) {
+        ssl_ReleaseSpecWriteLock(ss);
+        haveSpecWriteLock = PR_FALSE;
+    }
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+/* FALLTHRU */
+loser:
+    if (sid && sid != ss->sec.ci.sid) {
+        ss->sec.uncache(sid);
+        ssl_FreeSID(sid);
+    }
+
+    if (haveSpecWriteLock) {
+        ssl_ReleaseSpecWriteLock(ss);
+    }
+
+    if (haveXmitBufLock) {
+        ssl_ReleaseXmitBufLock(ss);
+    }
+
+    PORT_SetError(errCode);
+    return SECFailure;
+}
+
+/*
+ * ssl3_HandleV2ClientHello is used when a V2 formatted hello comes
+ * in asking to use the V3 handshake.
+ */
+SECStatus
+ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length,
+                         PRUint8 padding)
+{
+    sslSessionID *sid = NULL;
+    unsigned char *suites;
+    unsigned char *random;
+    SSL3ProtocolVersion version;
+    SECStatus rv;
+    int i;
+    int j;
+    int sid_length;
+    int suite_length;
+    int rand_length;
+    int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
+    SSL3AlertDescription desc = handshake_failure;
+    unsigned int total = SSL_HL_CLIENT_HELLO_HBYTES;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle v2 client_hello", SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+
+    ssl_GetSSL3HandshakeLock(ss);
+
+    ssl3_ResetExtensionData(&ss->xtnData);
+
+    version = (buffer[1] << 8) | buffer[2];
+    if (version < SSL_LIBRARY_VERSION_3_0) {
+        goto loser;
+    }
+
+    rv = ssl3_InitState(ss);
+    if (rv != SECSuccess) {
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        return rv; /* ssl3_InitState has set the error code. */
+    }
+    rv = ssl3_RestartHandshakeHashes(ss);
+    if (rv != SECSuccess) {
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        return rv;
+    }
+
+    if (ss->ssl3.hs.ws != wait_client_hello) {
+        desc = unexpected_message;
+        errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO;
+        goto alert_loser;
+    }
+
+    total += suite_length = (buffer[3] << 8) | buffer[4];
+    total += sid_length = (buffer[5] << 8) | buffer[6];
+    total += rand_length = (buffer[7] << 8) | buffer[8];
+    total += padding;
+    ss->clientHelloVersion = version;
+
+    if (version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        /* [draft-ietf-tls-tls-11; C.3] forbids sending a TLS 1.3
+         * ClientHello using the backwards-compatible format. */
+        desc = illegal_parameter;
+        errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
+        goto alert_loser;
+    }
+
+    rv = ssl3_NegotiateVersion(ss, version, PR_TRUE);
+    if (rv != SECSuccess) {
+        /* send back which ever alert client will understand. */
+        desc = (version > SSL_LIBRARY_VERSION_3_0) ? protocol_version
+                                                   : handshake_failure;
+        errCode = SSL_ERROR_UNSUPPORTED_VERSION;
+        goto alert_loser;
+    }
+    ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version;
+
+    /* if we get a non-zero SID, just ignore it. */
+    if (length != total) {
+        SSL_DBG(("%d: SSL3[%d]: bad v2 client hello message, len=%d should=%d",
+                 SSL_GETPID(), ss->fd, length, total));
+        desc = illegal_parameter;
+        errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
+        goto alert_loser;
+    }
+
+    suites = buffer + SSL_HL_CLIENT_HELLO_HBYTES;
+    random = suites + suite_length + sid_length;
+
+    if (rand_length < SSL_MIN_CHALLENGE_BYTES ||
+        rand_length > SSL_MAX_CHALLENGE_BYTES) {
+        desc = illegal_parameter;
+        errCode = SSL_ERROR_RX_MALFORMED_CLIENT_HELLO;
+        goto alert_loser;
+    }
+
+    PORT_Assert(SSL_MAX_CHALLENGE_BYTES == SSL3_RANDOM_LENGTH);
+
+    PORT_Memset(&ss->ssl3.hs.client_random, 0, SSL3_RANDOM_LENGTH);
+    PORT_Memcpy(
+        &ss->ssl3.hs.client_random.rand[SSL3_RANDOM_LENGTH - rand_length],
+        random, rand_length);
+
+    PRINT_BUF(60, (ss, "client random:", &ss->ssl3.hs.client_random.rand[0],
+                   SSL3_RANDOM_LENGTH));
+    i = ssl3_config_match_init(ss);
+    if (i <= 0) {
+        errCode = PORT_GetError(); /* error code is already set. */
+        goto alert_loser;
+    }
+
+    /* Select a cipher suite.
+    **
+    ** NOTE: This suite selection algorithm should be the same as the one in
+    ** ssl3_HandleClientHello().
+    **
+    ** See the comments about export cipher suites in ssl3_HandleClientHello().
+    */
+    for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) {
+        ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j];
+        SSLVersionRange vrange = { ss->version, ss->version };
+        if (!config_match(suite, ss->ssl3.policy, &vrange, ss)) {
+            continue;
+        }
+        for (i = 0; i + 2 < suite_length; i += 3) {
+            PRUint32 suite_i = (suites[i] << 16) | (suites[i + 1] << 8) | suites[i + 2];
+            if (suite_i == suite->cipher_suite) {
+                rv = ssl3_SetCipherSuite(ss, suite_i, PR_TRUE);
+                if (rv != SECSuccess) {
+                    desc = internal_error;
+                    errCode = PORT_GetError();
+                    goto alert_loser;
+                }
+                goto suite_found;
+            }
+        }
+    }
+    errCode = SSL_ERROR_NO_CYPHER_OVERLAP;
+    goto alert_loser;
+
+suite_found:
+
+    /* If the ClientHello version is less than our maximum version, check for a
+     * TLS_FALLBACK_SCSV and reject the connection if found. */
+    if (ss->vrange.max > ss->clientHelloVersion) {
+        for (i = 0; i + 2 < suite_length; i += 3) {
+            PRUint16 suite_i = (suites[i] << 16) | (suites[i + 1] << 8) | suites[i + 2];
+            if (suite_i == TLS_FALLBACK_SCSV) {
+                desc = inappropriate_fallback;
+                errCode = SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT;
+                goto alert_loser;
+            }
+        }
+    }
+
+    /* Look for the SCSV, and if found, treat it just like an empty RI
+     * extension by processing a local copy of an empty RI extension.
+     */
+    for (i = 0; i + 2 < suite_length; i += 3) {
+        PRUint32 suite_i = (suites[i] << 16) | (suites[i + 1] << 8) | suites[i + 2];
+        if (suite_i == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) {
+            SSL3Opaque *b2 = (SSL3Opaque *)emptyRIext;
+            PRUint32 L2 = sizeof emptyRIext;
+            (void)ssl3_HandleExtensions(ss, &b2, &L2, client_hello);
+            break;
+        }
+    }
+
+    if (ss->opt.requireSafeNegotiation &&
+        !ssl3_ExtensionNegotiated(ss, ssl_renegotiation_info_xtn)) {
+        desc = handshake_failure;
+        errCode = SSL_ERROR_UNSAFE_NEGOTIATION;
+        goto alert_loser;
+    }
+
+    ss->ssl3.hs.compression = ssl_compression_null;
+
+    rv = ssl3_SelectServerCert(ss);
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        desc = handshake_failure;
+        goto alert_loser;
+    }
+
+    /* we don't even search for a cache hit here.  It's just a miss. */
+    SSL_AtomicIncrementLong(&ssl3stats.hch_sid_cache_misses);
+    sid = ssl3_NewSessionID(ss, PR_TRUE);
+    if (sid == NULL) {
+        errCode = PORT_GetError();
+        goto loser; /* memory error is set. */
+    }
+    ss->sec.ci.sid = sid;
+    /* do not worry about memory leak of sid since it now belongs to ci */
+
+    /* We have to update the handshake hashes before we can send stuff */
+    rv = ssl3_UpdateHandshakeHashes(ss, buffer, length);
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        goto loser;
+    }
+
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_SendServerHelloSequence(ss);
+    ssl_ReleaseXmitBufLock(ss);
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        goto loser;
+    }
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    return SECSuccess;
+
+alert_loser:
+    SSL3_SendAlert(ss, alert_fatal, desc);
+loser:
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    PORT_SetError(errCode);
+    return SECFailure;
+}
+
+/* The negotiated version number has been already placed in ss->version.
+**
+** Called from:  ssl3_HandleClientHello                     (resuming session),
+**  ssl3_SendServerHelloSequence <- ssl3_HandleClientHello   (new session),
+**  ssl3_SendServerHelloSequence <- ssl3_HandleV2ClientHello (new session)
+*/
+SECStatus
+ssl3_SendServerHello(sslSocket *ss)
+{
+    sslSessionID *sid;
+    SECStatus rv;
+    PRUint32 maxBytes = 65535;
+    PRUint32 length;
+    PRInt32 extensions_len = 0;
+    SSL3ProtocolVersion version;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send server_hello handshake", SSL_GETPID(),
+                ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    PORT_Assert(MSB(ss->version) == MSB(SSL_LIBRARY_VERSION_3_0));
+    if (MSB(ss->version) != MSB(SSL_LIBRARY_VERSION_3_0)) {
+        PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+        return SECFailure;
+    }
+
+    sid = ss->sec.ci.sid;
+
+    extensions_len = ssl3_CallHelloExtensionSenders(
+        ss, PR_FALSE, maxBytes, &ss->xtnData.serverHelloSenders[0]);
+    if (extensions_len > 0)
+        extensions_len += 2; /* Add sizeof total extension length */
+
+    /* TLS 1.3 doesn't use the session_id or compression_method
+     * fields in the ServerHello. */
+    length = sizeof(SSL3ProtocolVersion) + SSL3_RANDOM_LENGTH;
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        length += 1 + ((sid == NULL) ? 0 : sid->u.ssl3.sessionIDLength);
+    }
+    length += sizeof(ssl3CipherSuite);
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        length += 1; /* Compression */
+    }
+    length += extensions_len;
+
+    rv = ssl3_AppendHandshakeHeader(ss, server_hello, length);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+
+    if (IS_DTLS(ss) && ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        version = dtls_TLSVersionToDTLSVersion(ss->version);
+    } else {
+        version = tls13_EncodeDraftVersion(ss->version);
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, version, 2);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    /* Random already generated in ssl3_HandleClientHello */
+    rv = ssl3_AppendHandshake(
+        ss, &ss->ssl3.hs.server_random, SSL3_RANDOM_LENGTH);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        if (sid) {
+            rv = ssl3_AppendHandshakeVariable(
+                ss, sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength, 1);
+        } else {
+            rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
+        }
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.cipher_suite, 2);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.compression, 1);
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+    if (extensions_len) {
+        PRInt32 sent_len;
+
+        extensions_len -= 2;
+        rv = ssl3_AppendHandshakeNumber(ss, extensions_len, 2);
+        if (rv != SECSuccess)
+            return rv; /* err set by ssl3_AppendHandshakeNumber */
+        sent_len = ssl3_CallHelloExtensionSenders(ss, PR_TRUE, extensions_len,
+                                                  &ss->xtnData.serverHelloSenders[0]);
+        PORT_Assert(sent_len == extensions_len);
+        if (sent_len != extensions_len) {
+            if (sent_len >= 0)
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+    }
+
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = ssl3_SetupPendingCipherSpec(ss);
+        if (rv != SECSuccess) {
+            return rv; /* err set by ssl3_SetupPendingCipherSpec */
+        }
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+ssl_CreateDHEKeyPair(const sslNamedGroupDef *groupDef,
+                     const ssl3DHParams *params,
+                     sslEphemeralKeyPair **keyPair)
+{
+    SECKEYDHParams dhParam;
+    SECKEYPublicKey *pubKey = NULL;   /* Ephemeral DH key */
+    SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */
+    sslEphemeralKeyPair *pair;
+
+    dhParam.prime.data = params->prime.data;
+    dhParam.prime.len = params->prime.len;
+    dhParam.base.data = params->base.data;
+    dhParam.base.len = params->base.len;
+
+    PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data,
+                   dhParam.prime.len));
+    PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data,
+                   dhParam.base.len));
+
+    /* Generate ephemeral DH keypair */
+    privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL);
+    if (!privKey || !pubKey) {
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        return SECFailure;
+    }
+
+    pair = ssl_NewEphemeralKeyPair(groupDef, privKey, pubKey);
+    if (!pair) {
+        SECKEY_DestroyPrivateKey(privKey);
+        SECKEY_DestroyPublicKey(pubKey);
+
+        return SECFailure;
+    }
+
+    *keyPair = pair;
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_SendDHServerKeyExchange(sslSocket *ss)
+{
+    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
+    SECStatus rv = SECFailure;
+    int length;
+    SECItem signed_hash = { siBuffer, NULL, 0 };
+    SSL3Hashes hashes;
+    SSLHashType hashAlg;
+
+    const ssl3DHParams *params;
+    sslEphemeralKeyPair *keyPair;
+    SECKEYPublicKey *pubKey;
+    SECKEYPrivateKey *certPrivateKey;
+    const sslNamedGroupDef *groupDef;
+
+    if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) {
+        /* TODO: Support DH_anon. It might be sufficient to drop the signature.
+                 See bug 1170510. */
+        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
+    }
+
+    rv = ssl_SelectDHEGroup(ss, &groupDef);
+    if (rv == SECFailure) {
+        PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+        return SECFailure;
+    }
+    ss->sec.keaGroup = groupDef;
+
+    params = ssl_GetDHEParams(groupDef);
+    rv = ssl_CreateDHEKeyPair(groupDef, params, &keyPair);
+    if (rv == SECFailure) {
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        return SECFailure;
+    }
+    PR_APPEND_LINK(&keyPair->link, &ss->ephemeralKeyPairs);
+
+    if (ss->ssl3.pwSpec->version == SSL_LIBRARY_VERSION_TLS_1_2) {
+        hashAlg = ssl_SignatureSchemeToHashType(ss->ssl3.hs.signatureScheme);
+    } else {
+        /* Use ssl_hash_none to represent the MD5+SHA1 combo. */
+        hashAlg = ssl_hash_none;
+    }
+
+    pubKey = keyPair->keys->pubKey;
+    PRINT_BUF(50, (ss, "DH public value:",
+                   pubKey->u.dh.publicValue.data,
+                   pubKey->u.dh.publicValue.len));
+    rv = ssl3_ComputeDHKeyHash(ss, hashAlg, &hashes,
+                               pubKey->u.dh.prime,
+                               pubKey->u.dh.base,
+                               pubKey->u.dh.publicValue,
+                               PR_TRUE /* padY */);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    certPrivateKey = ss->sec.serverCert->serverKeyPair->privKey;
+    rv = ssl3_SignHashes(ss, &hashes, certPrivateKey, &signed_hash);
+    if (rv != SECSuccess) {
+        goto loser; /* ssl3_SignHashes has set err. */
+    }
+
+    length = 2 + pubKey->u.dh.prime.len +
+             2 + pubKey->u.dh.base.len +
+             2 + pubKey->u.dh.prime.len +
+             2 + signed_hash.len;
+
+    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+        length += 2;
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data,
+                                      pubKey->u.dh.prime.len, 2);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data,
+                                      pubKey->u.dh.base.len, 2);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    rv = ssl_AppendPaddedDHKeyShare(ss, pubKey, PR_TRUE);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.signatureScheme, 2);
+        if (rv != SECSuccess) {
+            goto loser; /* err set by AppendHandshake. */
+        }
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
+                                      signed_hash.len, 2);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+    PORT_Free(signed_hash.data);
+    return SECSuccess;
+
+loser:
+    if (signed_hash.data)
+        PORT_Free(signed_hash.data);
+    return SECFailure;
+}
+
+static SECStatus
+ssl3_SendServerKeyExchange(sslSocket *ss)
+{
+    const ssl3KEADef *kea_def = ss->ssl3.hs.kea_def;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    switch (kea_def->exchKeyType) {
+        case ssl_kea_dh: {
+            return ssl3_SendDHServerKeyExchange(ss);
+        }
+
+        case ssl_kea_ecdh: {
+            return ssl3_SendECDHServerKeyExchange(ss);
+        }
+
+        case ssl_kea_rsa:
+        case ssl_kea_null:
+        default:
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            break;
+    }
+
+    return SECFailure;
+}
+
+SECStatus
+ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint8 *buf, unsigned maxLen, PRUint32 *len)
+{
+    unsigned int i;
+    PRUint8 *p = buf;
+
+    PORT_Assert(maxLen >= ss->ssl3.signatureSchemeCount * 2);
+    if (maxLen < ss->ssl3.signatureSchemeCount * 2) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    for (i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
+        PRUint32 policy = 0;
+        SSLHashType hashType = ssl_SignatureSchemeToHashType(
+            ss->ssl3.signatureSchemes[i]);
+        SECOidTag hashOID = ssl3_HashTypeToOID(hashType);
+
+        /* Skip RSA-PSS schemes if there are no tokens to verify them. */
+        if (ssl_IsRsaPssSignatureScheme(ss->ssl3.signatureSchemes[i]) &&
+            !PK11_TokenExists(auth_alg_defs[ssl_auth_rsa_pss])) {
+            continue;
+        }
+
+        if ((NSS_GetAlgorithmPolicy(hashOID, &policy) != SECSuccess) ||
+            (policy & NSS_USE_ALG_IN_SSL_KX)) {
+            p = ssl_EncodeUintX((PRUint32)ss->ssl3.signatureSchemes[i], 2, p);
+        }
+    }
+
+    if (p == buf) {
+        PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+        return SECFailure;
+    }
+    *len = p - buf;
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_SendCertificateRequest(sslSocket *ss)
+{
+    PRBool isTLS12;
+    const PRUint8 *certTypes;
+    SECStatus rv;
+    int length;
+    SECItem *names;
+    unsigned int calen;
+    unsigned int nnames;
+    SECItem *name;
+    int i;
+    int certTypesLength;
+    PRUint8 sigAlgs[MAX_SIGNATURE_SCHEMES * 2];
+    unsigned int sigAlgsLength = 0;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+
+    rv = ssl_GetCertificateRequestCAs(ss, &calen, &names, &nnames);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    certTypes = certificate_types;
+    certTypesLength = sizeof certificate_types;
+
+    length = 1 + certTypesLength + 2 + calen;
+    if (isTLS12) {
+        rv = ssl3_EncodeSigAlgs(ss, sigAlgs, sizeof(sigAlgs), &sigAlgsLength);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+        length += 2 + sigAlgsLength;
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    rv = ssl3_AppendHandshakeVariable(ss, certTypes, certTypesLength, 1);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    if (isTLS12) {
+        rv = ssl3_AppendHandshakeVariable(ss, sigAlgs, sigAlgsLength, 2);
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, calen, 2);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    for (i = 0, name = names; i < nnames; i++, name++) {
+        rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2);
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_SendServerHelloDone(sslSocket *ss)
+{
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send server_hello_done handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    rv = ssl3_AppendHandshakeHeader(ss, server_hello_done, 0);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    rv = ssl3_FlushHandshake(ss, 0);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by ssl3_FlushHandshake */
+    }
+    return SECSuccess;
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
+ * a complete ssl3 Certificate Verify message
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+                             SSL3Hashes *hashes)
+{
+    SECItem signed_hash = { siBuffer, NULL, 0 };
+    SECStatus rv;
+    int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY;
+    SSL3AlertDescription desc = handshake_failure;
+    PRBool isTLS;
+    SSLSignatureScheme sigScheme;
+    SSLHashType hashAlg;
+    SSL3Hashes localHashes;
+    SSL3Hashes *hashesForVerify = NULL;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.hs.ws != wait_cert_verify) {
+        desc = unexpected_message;
+        errCode = SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY;
+        goto alert_loser;
+    }
+
+    /* TLS 1.3 is handled by tls13_HandleCertificateVerify */
+    PORT_Assert(ss->ssl3.prSpec->version <= SSL_LIBRARY_VERSION_TLS_1_2);
+
+    if (!hashes) {
+        PORT_Assert(0);
+        desc = internal_error;
+        errCode = SEC_ERROR_LIBRARY_FAILURE;
+        goto alert_loser;
+    }
+
+    if (ss->ssl3.hs.hashType == handshake_hash_record) {
+        rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
+        if (rv != SECSuccess) {
+            goto loser; /* malformed or unsupported. */
+        }
+        rv = ssl_CheckSignatureSchemeConsistency(ss, sigScheme,
+                                                 ss->sec.peerCert);
+        if (rv != SECSuccess) {
+            errCode = PORT_GetError();
+            desc = decrypt_error;
+            goto alert_loser;
+        }
+
+        hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
+
+        if (hashes->u.pointer_to_hash_input.data) {
+            rv = ssl3_ComputeHandshakeHash(hashes->u.pointer_to_hash_input.data,
+                                           hashes->u.pointer_to_hash_input.len,
+                                           hashAlg, &localHashes);
+        } else {
+            rv = SECFailure;
+        }
+
+        if (rv == SECSuccess) {
+            hashesForVerify = &localHashes;
+        } else {
+            errCode = SSL_ERROR_DIGEST_FAILURE;
+            desc = decrypt_error;
+            goto alert_loser;
+        }
+    } else {
+        hashesForVerify = hashes;
+        sigScheme = ssl_sig_none;
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &signed_hash, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+
+    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    /* XXX verify that the key & kea match */
+    rv = ssl3_VerifySignedHashes(ss, sigScheme, hashesForVerify, &signed_hash);
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        desc = isTLS ? decrypt_error : handshake_failure;
+        goto alert_loser;
+    }
+
+    signed_hash.data = NULL;
+
+    if (length != 0) {
+        desc = isTLS ? decode_error : illegal_parameter;
+        goto alert_loser; /* malformed */
+    }
+    ss->ssl3.hs.ws = wait_change_cipher;
+    return SECSuccess;
+
+alert_loser:
+    SSL3_SendAlert(ss, alert_fatal, desc);
+loser:
+    PORT_SetError(errCode);
+    return SECFailure;
+}
+
+/* find a slot that is able to generate a PMS and wrap it with RSA.
+ * Then generate and return the PMS.
+ * If the serverKeySlot parameter is non-null, this function will use
+ * that slot to do the job, otherwise it will find a slot.
+ *
+ * Called from  ssl3_DeriveConnectionKeys()  (above)
+ *      ssl3_SendRSAClientKeyExchange()     (above)
+ *      ssl3_HandleRSAClientKeyExchange()  (below)
+ * Caller must hold the SpecWriteLock, the SSL3HandshakeLock
+ */
+static PK11SymKey *
+ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
+                    PK11SlotInfo *serverKeySlot)
+{
+    PK11SymKey *pms = NULL;
+    PK11SlotInfo *slot = serverKeySlot;
+    void *pwArg = ss->pkcs11PinArg;
+    SECItem param;
+    CK_VERSION version;
+    CK_MECHANISM_TYPE mechanism_array[3];
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (slot == NULL) {
+        SSLCipherAlgorithm calg;
+        /* The specReadLock would suffice here, but we cannot assert on
+        ** read locks.  Also, all the callers who call with a non-null
+        ** slot already hold the SpecWriteLock.
+        */
+        PORT_Assert(ss->opt.noLocks || ssl_HaveSpecWriteLock(ss));
+        PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+        calg = spec->cipher_def->calg;
+
+        /* First get an appropriate slot.  */
+        mechanism_array[0] = CKM_SSL3_PRE_MASTER_KEY_GEN;
+        mechanism_array[1] = CKM_RSA_PKCS;
+        mechanism_array[2] = ssl3_Alg2Mech(calg);
+
+        slot = PK11_GetBestSlotMultiple(mechanism_array, 3, pwArg);
+        if (slot == NULL) {
+            /* can't find a slot with all three, find a slot with the minimum */
+            slot = PK11_GetBestSlotMultiple(mechanism_array, 2, pwArg);
+            if (slot == NULL) {
+                PORT_SetError(SSL_ERROR_TOKEN_SLOT_NOT_FOUND);
+                return pms; /* which is NULL */
+            }
+        }
+    }
+
+    /* Generate the pre-master secret ...  */
+    if (IS_DTLS(ss)) {
+        SSL3ProtocolVersion temp;
+
+        temp = dtls_TLSVersionToDTLSVersion(ss->clientHelloVersion);
+        version.major = MSB(temp);
+        version.minor = LSB(temp);
+    } else {
+        version.major = MSB(ss->clientHelloVersion);
+        version.minor = LSB(ss->clientHelloVersion);
+    }
+
+    param.data = (unsigned char *)&version;
+    param.len = sizeof version;
+
+    pms = PK11_KeyGen(slot, CKM_SSL3_PRE_MASTER_KEY_GEN, &param, 0, pwArg);
+    if (!serverKeySlot)
+        PK11_FreeSlot(slot);
+    if (pms == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+    }
+    return pms;
+}
+
+/* Note: The Bleichenbacher attack on PKCS#1 necessitates that we NEVER
+ * return any indication of failure of the Client Key Exchange message,
+ * where that failure is caused by the content of the client's message.
+ * This function must not return SECFailure for any reason that is directly
+ * or indirectly caused by the content of the client's encrypted PMS.
+ * We must not send an alert and also not drop the connection.
+ * Instead, we generate a random PMS.  This will cause a failure
+ * in the processing the finished message, which is exactly where
+ * the failure must occur.
+ *
+ * Called from ssl3_HandleClientKeyExchange
+ */
+static SECStatus
+ssl3_HandleRSAClientKeyExchange(sslSocket *ss,
+                                SSL3Opaque *b,
+                                PRUint32 length,
+                                sslKeyPair *serverKeyPair)
+{
+    SECStatus rv;
+    SECItem enc_pms;
+    PK11SymKey *tmpPms[2] = { NULL, NULL };
+    PK11SlotInfo *slot;
+    int useFauxPms = 0;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec);
+
+    enc_pms.data = b;
+    enc_pms.len = length;
+
+    if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */
+        PRUint32 kLen;
+        rv = ssl3_ConsumeHandshakeNumber(ss, &kLen, 2, &enc_pms.data, &enc_pms.len);
+        if (rv != SECSuccess) {
+            PORT_SetError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+            return SECFailure;
+        }
+        if ((unsigned)kLen < enc_pms.len) {
+            enc_pms.len = kLen;
+        }
+    }
+
+#define currentPms tmpPms[!useFauxPms]
+#define unusedPms tmpPms[useFauxPms]
+#define realPms tmpPms[1]
+#define fauxPms tmpPms[0]
+
+    /*
+     * Get as close to algorithm 2 from RFC 5246; Section 7.4.7.1
+     * as we can within the constraints of the PKCS#11 interface.
+     *
+     * 1. Unconditionally generate a bogus PMS (what RFC 5246
+     *    calls R).
+     * 2. Attempt the RSA decryption to recover the PMS (what
+     *    RFC 5246 calls M).
+     * 3. Set PMS = (M == NULL) ? R : M
+     * 4. Use ssl3_ComputeMasterSecret(PMS) to attempt to derive
+     *    the MS from PMS. This includes performing the version
+     *    check and length check.
+     * 5. If either the initial RSA decryption failed or
+     *    ssl3_ComputeMasterSecret(PMS) failed, then discard
+     *    M and set PMS = R. Else, discard R and set PMS = M.
+     *
+     * We do two derivations here because we can't rely on having
+     * a function that only performs the PMS version and length
+     * check. The only redundant cost is that this runs the PRF,
+     * which isn't necessary here.
+     */
+
+    /* Generate the bogus PMS (R) */
+    slot = PK11_GetSlotFromPrivateKey(serverKeyPair->privKey);
+    if (!slot) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    if (!PK11_DoesMechanism(slot, CKM_SSL3_MASTER_KEY_DERIVE)) {
+        PK11_FreeSlot(slot);
+        slot = PK11_GetBestSlot(CKM_SSL3_MASTER_KEY_DERIVE, NULL);
+        if (!slot) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+    }
+
+    ssl_GetSpecWriteLock(ss);
+    fauxPms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot);
+    ssl_ReleaseSpecWriteLock(ss);
+    PK11_FreeSlot(slot);
+
+    if (fauxPms == NULL) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
+    }
+
+    /*
+     * unwrap pms out of the incoming buffer
+     * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do
+     *  the unwrap.  Rather, it is the mechanism with which the
+     *      unwrapped pms will be used.
+     */
+    realPms = PK11_PubUnwrapSymKey(serverKeyPair->privKey, &enc_pms,
+                                   CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0);
+    /* Temporarily use the PMS if unwrapping the real PMS fails. */
+    useFauxPms |= (realPms == NULL);
+
+    /* Attempt to derive the MS from the PMS. This is the only way to
+     * check the version field in the RSA PMS. If this fails, we
+     * then use the faux PMS in place of the PMS. Note that this
+     * operation should never fail if we are using the faux PMS
+     * since it is correctly formatted. */
+    rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL);
+
+    /* If we succeeded, then select the true PMS and discard the
+     * FPMS. Else, select the FPMS and select the true PMS */
+    useFauxPms |= (rv != SECSuccess);
+
+    if (unusedPms) {
+        PK11_FreeSymKey(unusedPms);
+    }
+
+    /* This step will derive the MS from the PMS, among other things. */
+    rv = ssl3_InitPendingCipherSpec(ss, currentPms);
+    PK11_FreeSymKey(currentPms);
+
+    if (rv != SECSuccess) {
+        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+        return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */
+    }
+
+#undef currentPms
+#undef unusedPms
+#undef realPms
+#undef fauxPms
+
+    return SECSuccess;
+}
+
+static SECStatus
+ssl3_HandleDHClientKeyExchange(sslSocket *ss,
+                               SSL3Opaque *b,
+                               PRUint32 length,
+                               sslKeyPair *serverKeyPair)
+{
+    PK11SymKey *pms;
+    SECStatus rv;
+    SECKEYPublicKey clntPubKey;
+    CK_MECHANISM_TYPE target;
+    PRBool isTLS;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    clntPubKey.keyType = dhKey;
+    clntPubKey.u.dh.prime.len = serverKeyPair->pubKey->u.dh.prime.len;
+    clntPubKey.u.dh.prime.data = serverKeyPair->pubKey->u.dh.prime.data;
+    clntPubKey.u.dh.base.len = serverKeyPair->pubKey->u.dh.base.len;
+    clntPubKey.u.dh.base.data = serverKeyPair->pubKey->u.dh.base.data;
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue,
+                                       2, &b, &length);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    if (!ssl_IsValidDHEShare(&serverKeyPair->pubKey->u.dh.prime,
+                             &clntPubKey.u.dh.publicValue)) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+        return SECFailure;
+    }
+
+    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    if (isTLS)
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+    else
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+
+    /* Determine the PMS */
+    pms = PK11_PubDerive(serverKeyPair->privKey, &clntPubKey, PR_FALSE, NULL, NULL,
+                         CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL);
+    if (pms == NULL) {
+        ssl_FreeEphemeralKeyPairs(ss);
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
+    }
+
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
+    PK11_FreeSymKey(pms);
+    ssl_FreeEphemeralKeyPairs(ss);
+    return rv;
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
+ * a complete ssl3 ClientKeyExchange message from the remote client
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    sslKeyPair *serverKeyPair = NULL;
+    SECStatus rv;
+    const ssl3KEADef *kea_def;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.hs.ws != wait_client_key) {
+        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH);
+        return SECFailure;
+    }
+
+    kea_def = ss->ssl3.hs.kea_def;
+
+    if (kea_def->ephemeral) {
+        sslEphemeralKeyPair *keyPair;
+        /* There should be exactly one pair. */
+        PORT_Assert(!PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
+        PORT_Assert(PR_PREV_LINK(&ss->ephemeralKeyPairs) ==
+                    PR_NEXT_LINK(&ss->ephemeralKeyPairs));
+        keyPair = (sslEphemeralKeyPair *)PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+        serverKeyPair = keyPair->keys;
+        ss->sec.keaKeyBits =
+            SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey);
+    } else {
+        serverKeyPair = ss->sec.serverCert->serverKeyPair;
+        ss->sec.keaKeyBits = ss->sec.serverCert->serverKeyBits;
+    }
+
+    if (!serverKeyPair) {
+        SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+        PORT_SetError(SSL_ERROR_NO_SERVER_KEY_FOR_ALG);
+        return SECFailure;
+    }
+    PORT_Assert(serverKeyPair->pubKey);
+    PORT_Assert(serverKeyPair->privKey);
+
+    ss->sec.keaType = kea_def->exchKeyType;
+
+    switch (kea_def->exchKeyType) {
+        case ssl_kea_rsa:
+            rv = ssl3_HandleRSAClientKeyExchange(ss, b, length, serverKeyPair);
+            break;
+
+        case ssl_kea_dh:
+            rv = ssl3_HandleDHClientKeyExchange(ss, b, length, serverKeyPair);
+            break;
+
+        case ssl_kea_ecdh:
+            rv = ssl3_HandleECDHClientKeyExchange(ss, b, length, serverKeyPair);
+            break;
+
+        default:
+            (void)ssl3_HandshakeFailure(ss);
+            PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
+            return SECFailure;
+    }
+    ssl_FreeEphemeralKeyPairs(ss);
+    if (rv == SECSuccess) {
+        ss->ssl3.hs.ws = ss->sec.peerCert ? wait_cert_verify : wait_change_cipher;
+    } else {
+        /* PORT_SetError has been called by all the Handle*ClientKeyExchange
+         * functions above.  However, not all error paths result in an alert, so
+         * this ensures that the server knows about the error.  Note that if an
+         * alert was already sent, SSL3_SendAlert() is a noop. */
+        PRErrorCode errCode = PORT_GetError();
+        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+        PORT_SetError(errCode);
+    }
+    return rv;
+}
+
+/* This is TLS's equivalent of sending a no_certificate alert. */
+SECStatus
+ssl3_SendEmptyCertificate(sslSocket *ss)
+{
+    SECStatus rv;
+    unsigned int len = 0;
+    PRBool isTLS13 = PR_FALSE;
+    const SECItem *context;
+
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        PORT_Assert(ss->ssl3.hs.certificateRequest);
+        context = &ss->ssl3.hs.certificateRequest->context;
+        len = context->len + 1;
+        isTLS13 = PR_TRUE;
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate, len + 3);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    if (isTLS13) {
+        rv = ssl3_AppendHandshakeVariable(ss, context->data, context->len, 1);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+
+    return ssl3_AppendHandshakeNumber(ss, 0, 3);
+}
+
+/*
+ * NewSessionTicket
+ * Called from ssl3_HandleFinished
+ */
+static SECStatus
+ssl3_SendNewSessionTicket(sslSocket *ss)
+{
+    SECItem ticket = { 0, NULL, 0 };
+    SECStatus rv;
+    NewSessionTicket nticket = { 0 };
+
+    rv = ssl3_EncodeSessionTicket(ss, &nticket, &ticket);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Serialize the handshake message. Length =
+     * lifetime (4) + ticket length (2) + ticket. */
+    rv = ssl3_AppendHandshakeHeader(ss, new_session_ticket,
+                                    4 + 2 + ticket.len);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* This is a fixed value. */
+    rv = ssl3_AppendHandshakeNumber(ss, ssl_ticket_lifetime, 4);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Encode the ticket. */
+    rv = ssl3_AppendHandshakeVariable(ss, ticket.data, ticket.len, 2);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = SECSuccess;
+
+loser:
+    if (ticket.data) {
+        SECITEM_FreeItem(&ticket, PR_FALSE);
+    }
+    return rv;
+}
+
+static SECStatus
+ssl3_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+    SECItem ticketData;
+    PRUint32 temp;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle session_ticket handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    PORT_Assert(!ss->ssl3.hs.newSessionTicket.ticket.data);
+    PORT_Assert(!ss->ssl3.hs.receivedNewSessionTicket);
+
+    if (ss->ssl3.hs.ws != wait_new_session_ticket) {
+        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET);
+        return SECFailure;
+    }
+
+    /* RFC5077 Section 3.3: "The client MUST NOT treat the ticket as valid
+     * until it has verified the server's Finished message." See the comment in
+     * ssl3_FinishHandshake for more details.
+     */
+    ss->ssl3.hs.newSessionTicket.received_timestamp = PR_Now();
+    if (length < 4) {
+        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
+        return SECFailure;
+    }
+
+    rv = ssl3_ConsumeHandshakeNumber(ss, &temp, 4, &b, &length);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
+        return SECFailure;
+    }
+    ss->ssl3.hs.newSessionTicket.ticket_lifetime_hint = temp;
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &ticketData, 2, &b, &length);
+    if (rv != SECSuccess || length != 0) {
+        (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
+        return SECFailure; /* malformed */
+    }
+    /* If the server sent a zero-length ticket, ignore it and keep the
+     * existing ticket. */
+    if (ticketData.len != 0) {
+        rv = SECITEM_CopyItem(NULL, &ss->ssl3.hs.newSessionTicket.ticket,
+                              &ticketData);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+        ss->ssl3.hs.receivedNewSessionTicket = PR_TRUE;
+    }
+
+    ss->ssl3.hs.ws = wait_change_cipher;
+    return SECSuccess;
+}
+
+#ifdef NISCC_TEST
+static PRInt32 connNum = 0;
+
+static SECStatus
+get_fake_cert(SECItem *pCertItem, int *pIndex)
+{
+    PRFileDesc *cf;
+    char *testdir;
+    char *startat;
+    char *stopat;
+    const char *extension;
+    int fileNum;
+    PRInt32 numBytes = 0;
+    PRStatus prStatus;
+    PRFileInfo info;
+    char cfn[100];
+
+    pCertItem->data = 0;
+    if ((testdir = PR_GetEnvSecure("NISCC_TEST")) == NULL) {
+        return SECSuccess;
+    }
+    *pIndex = (NULL != strstr(testdir, "root"));
+    extension = (strstr(testdir, "simple") ? "" : ".der");
+    fileNum = PR_ATOMIC_INCREMENT(&connNum) - 1;
+    if ((startat = PR_GetEnvSecure("START_AT")) != NULL) {
+        fileNum += atoi(startat);
+    }
+    if ((stopat = PR_GetEnvSecure("STOP_AT")) != NULL &&
+        fileNum >= atoi(stopat)) {
+        *pIndex = -1;
+        return SECSuccess;
+    }
+    sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension);
+    cf = PR_Open(cfn, PR_RDONLY, 0);
+    if (!cf) {
+        goto loser;
+    }
+    prStatus = PR_GetOpenFileInfo(cf, &info);
+    if (prStatus != PR_SUCCESS) {
+        PR_Close(cf);
+        goto loser;
+    }
+    pCertItem = SECITEM_AllocItem(NULL, pCertItem, info.size);
+    if (pCertItem) {
+        numBytes = PR_Read(cf, pCertItem->data, info.size);
+    }
+    PR_Close(cf);
+    if (numBytes != info.size) {
+        SECITEM_FreeItem(pCertItem, PR_FALSE);
+        PORT_SetError(SEC_ERROR_IO);
+        goto loser;
+    }
+    fprintf(stderr, "using %s\n", cfn);
+    return SECSuccess;
+
+loser:
+    fprintf(stderr, "failed to use %s\n", cfn);
+    *pIndex = -1;
+    return SECFailure;
+}
+#endif
+
+/*
+ * Used by both client and server.
+ * Called from HandleServerHelloDone and from SendServerHelloSequence.
+ */
+static SECStatus
+ssl3_SendCertificate(sslSocket *ss)
+{
+    SECStatus rv;
+    CERTCertificateList *certChain;
+    int certChainLen = 0;
+    int i;
+#ifdef NISCC_TEST
+    SECItem fakeCert;
+    int ndex = -1;
+#endif
+    PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
+    SECItem context = { siBuffer, NULL, 0 };
+    unsigned int contextLen = 0;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send certificate handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->sec.localCert)
+        CERT_DestroyCertificate(ss->sec.localCert);
+    if (ss->sec.isServer) {
+        /* A server certificate is selected in ssl3_HandleClientHello. */
+        PORT_Assert(ss->sec.serverCert);
+
+        certChain = ss->sec.serverCert->serverCertChain;
+        ss->sec.localCert = CERT_DupCertificate(ss->sec.serverCert->serverCert);
+    } else {
+        certChain = ss->ssl3.clientCertChain;
+        ss->sec.localCert = CERT_DupCertificate(ss->ssl3.clientCertificate);
+    }
+
+#ifdef NISCC_TEST
+    rv = get_fake_cert(&fakeCert, &ndex);
+#endif
+
+    if (isTLS13) {
+        contextLen = 1; /* Size of the context length */
+        if (!ss->sec.isServer) {
+            PORT_Assert(ss->ssl3.hs.certificateRequest);
+            context = ss->ssl3.hs.certificateRequest->context;
+            contextLen += context.len;
+        }
+    }
+    if (certChain) {
+        for (i = 0; i < certChain->len; i++) {
+#ifdef NISCC_TEST
+            if (fakeCert.len > 0 && i == ndex) {
+                certChainLen += fakeCert.len + 3;
+            } else {
+                certChainLen += certChain->certs[i].len + 3;
+            }
+#else
+            certChainLen += certChain->certs[i].len + 3;
+#endif
+        }
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate,
+                                    contextLen + certChainLen + 3);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+
+    if (isTLS13) {
+        rv = ssl3_AppendHandshakeVariable(ss, context.data,
+                                          context.len, 1);
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, certChainLen, 3);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    if (certChain) {
+        for (i = 0; i < certChain->len; i++) {
+#ifdef NISCC_TEST
+            if (fakeCert.len > 0 && i == ndex) {
+                rv = ssl3_AppendHandshakeVariable(ss, fakeCert.data,
+                                                  fakeCert.len, 3);
+                SECITEM_FreeItem(&fakeCert, PR_FALSE);
+            } else {
+                rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
+                                                  certChain->certs[i].len, 3);
+            }
+#else
+            rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
+                                              certChain->certs[i].len, 3);
+#endif
+            if (rv != SECSuccess) {
+                return rv; /* err set by AppendHandshake. */
+            }
+        }
+    }
+
+    return SECSuccess;
+}
+
+/*
+ * Used by server only.
+ * single-stapling, send only a single cert status
+ */
+SECStatus
+ssl3_SendCertificateStatus(sslSocket *ss)
+{
+    SECStatus rv;
+    int len = 0;
+    SECItemArray *statusToSend = NULL;
+    const sslServerCert *serverCert;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send certificate status handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->sec.isServer);
+
+    if (!ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn))
+        return SECSuccess;
+
+    /* Use certStatus based on the cert being used. */
+    serverCert = ss->sec.serverCert;
+    if (serverCert->certStatusArray && serverCert->certStatusArray->len) {
+        statusToSend = serverCert->certStatusArray;
+    }
+    if (!statusToSend)
+        return SECSuccess;
+
+    /* Use the array's first item only (single stapling) */
+    len = 1 + statusToSend->items[0].len + 3;
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_status, len);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, 1 /*ocsp*/, 1);
+    if (rv != SECSuccess)
+        return rv; /* err set by AppendHandshake. */
+
+    rv = ssl3_AppendHandshakeVariable(ss,
+                                      statusToSend->items[0].data,
+                                      statusToSend->items[0].len,
+                                      3);
+    if (rv != SECSuccess)
+        return rv; /* err set by AppendHandshake. */
+
+    return SECSuccess;
+}
+
+/* This is used to delete the CA certificates in the peer certificate chain
+ * from the cert database after they've been validated.
+ */
+void
+ssl3_CleanupPeerCerts(sslSocket *ss)
+{
+    PLArenaPool *arena = ss->ssl3.peerCertArena;
+    ssl3CertNode *certs = (ssl3CertNode *)ss->ssl3.peerCertChain;
+
+    for (; certs; certs = certs->next) {
+        CERT_DestroyCertificate(certs->cert);
+    }
+    if (arena)
+        PORT_FreeArena(arena, PR_FALSE);
+    ss->ssl3.peerCertArena = NULL;
+    ss->ssl3.peerCertChain = NULL;
+
+    if (ss->sec.peerCert != NULL) {
+        if (ss->sec.peerKey) {
+            SECKEY_DestroyPublicKey(ss->sec.peerKey);
+            ss->sec.peerKey = NULL;
+        }
+        CERT_DestroyCertificate(ss->sec.peerCert);
+        ss->sec.peerCert = NULL;
+    }
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
+ * a complete ssl3 CertificateStatus message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+
+    if (ss->ssl3.hs.ws != wait_certificate_status) {
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
+        return SECFailure;
+    }
+
+    rv = ssl_ReadCertificateStatus(ss, b, length);
+    if (rv != SECSuccess) {
+        return SECFailure; /* code already set */
+    }
+
+    return ssl3_AuthCertificate(ss);
+}
+
+SECStatus
+ssl_ReadCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    PRUint32 status, len;
+    SECStatus rv;
+
+    PORT_Assert(!ss->sec.isServer);
+
+    /* Consume the CertificateStatusType enum */
+    rv = ssl3_ConsumeHandshakeNumber(ss, &status, 1, &b, &length);
+    if (rv != SECSuccess || status != 1 /* ocsp */) {
+        return ssl3_DecodeError(ss);
+    }
+
+    rv = ssl3_ConsumeHandshakeNumber(ss, &len, 3, &b, &length);
+    if (rv != SECSuccess || len != length) {
+        return ssl3_DecodeError(ss);
+    }
+
+#define MAX_CERTSTATUS_LEN 0x1ffff /* 128k - 1 */
+    if (length > MAX_CERTSTATUS_LEN) {
+        ssl3_DecodeError(ss); /* sets error code */
+        return SECFailure;
+    }
+#undef MAX_CERTSTATUS_LEN
+
+    /* Array size 1, because we currently implement single-stapling only */
+    SECITEM_AllocArray(NULL, &ss->sec.ci.sid->peerCertStatus, 1);
+    if (!ss->sec.ci.sid->peerCertStatus.items)
+        return SECFailure; /* code already set */
+
+    ss->sec.ci.sid->peerCertStatus.items[0].data = PORT_Alloc(length);
+
+    if (!ss->sec.ci.sid->peerCertStatus.items[0].data) {
+        SECITEM_FreeArray(&ss->sec.ci.sid->peerCertStatus, PR_FALSE);
+        return SECFailure; /* code already set */
+    }
+
+    PORT_Memcpy(ss->sec.ci.sid->peerCertStatus.items[0].data, b, length);
+    ss->sec.ci.sid->peerCertStatus.items[0].len = length;
+    ss->sec.ci.sid->peerCertStatus.items[0].type = siBuffer;
+    return SECSuccess;
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
+ * a complete ssl3 Certificate message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SSL_TRC(3, ("%d: SSL3[%d]: handle certificate handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if ((ss->sec.isServer && ss->ssl3.hs.ws != wait_client_cert) ||
+        (!ss->sec.isServer && ss->ssl3.hs.ws != wait_server_cert)) {
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE);
+        return SECFailure;
+    }
+
+    return ssl3_CompleteHandleCertificate(ss, b, length);
+}
+
+/* Called from ssl3_HandleCertificate
+ */
+SECStatus
+ssl3_CompleteHandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    ssl3CertNode *c;
+    ssl3CertNode *lastCert = NULL;
+    PRUint32 remaining = 0;
+    PRUint32 size;
+    SECStatus rv;
+    PRBool isServer = ss->sec.isServer;
+    PRBool isTLS;
+    SSL3AlertDescription desc;
+    int errCode = SSL_ERROR_RX_MALFORMED_CERTIFICATE;
+    SECItem certItem;
+
+    ssl3_CleanupPeerCerts(ss);
+    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    /* It is reported that some TLS client sends a Certificate message
+    ** with a zero-length message body.  We'll treat that case like a
+    ** normal no_certificates message to maximize interoperability.
+    */
+    if (length) {
+        rv = ssl3_ConsumeHandshakeNumber(ss, &remaining, 3, &b, &length);
+        if (rv != SECSuccess)
+            goto loser; /* fatal alert already sent by ConsumeHandshake. */
+        if (remaining > length)
+            goto decode_loser;
+    }
+
+    if (!remaining) {
+        if (!(isTLS && isServer)) {
+            desc = bad_certificate;
+            goto alert_loser;
+        }
+        /* This is TLS's version of a no_certificate alert. */
+        /* I'm a server. I've requested a client cert. He hasn't got one. */
+        rv = ssl3_HandleNoCertificate(ss);
+        if (rv != SECSuccess) {
+            errCode = PORT_GetError();
+            goto loser;
+        }
+
+        if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+            ss->ssl3.hs.ws = wait_client_key;
+        } else {
+            TLS13_SET_HS_STATE(ss, wait_finished);
+        }
+        return SECSuccess;
+    }
+
+    ss->ssl3.peerCertArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (ss->ssl3.peerCertArena == NULL) {
+        goto loser; /* don't send alerts on memory errors */
+    }
+
+    /* First get the peer cert. */
+    if (remaining < 3)
+        goto decode_loser;
+
+    remaining -= 3;
+    rv = ssl3_ConsumeHandshakeNumber(ss, &size, 3, &b, &length);
+    if (rv != SECSuccess)
+        goto loser; /* fatal alert already sent by ConsumeHandshake. */
+    if (size == 0 || remaining < size)
+        goto decode_loser;
+
+    certItem.data = b;
+    certItem.len = size;
+    b += size;
+    length -= size;
+    remaining -= size;
+
+    ss->sec.peerCert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
+                                               PR_FALSE, PR_TRUE);
+    if (ss->sec.peerCert == NULL) {
+        /* We should report an alert if the cert was bad, but not if the
+         * problem was just some local problem, like memory error.
+         */
+        goto ambiguous_err;
+    }
+
+    /* Now get all of the CA certs. */
+    while (remaining > 0) {
+        if (remaining < 3)
+            goto decode_loser;
+
+        remaining -= 3;
+        rv = ssl3_ConsumeHandshakeNumber(ss, &size, 3, &b, &length);
+        if (rv != SECSuccess)
+            goto loser; /* fatal alert already sent by ConsumeHandshake. */
+        if (size == 0 || remaining < size)
+            goto decode_loser;
+
+        certItem.data = b;
+        certItem.len = size;
+        b += size;
+        length -= size;
+        remaining -= size;
+
+        c = PORT_ArenaNew(ss->ssl3.peerCertArena, ssl3CertNode);
+        if (c == NULL) {
+            goto loser; /* don't send alerts on memory errors */
+        }
+
+        c->cert = CERT_NewTempCertificate(ss->dbHandle, &certItem, NULL,
+                                          PR_FALSE, PR_TRUE);
+        if (c->cert == NULL) {
+            goto ambiguous_err;
+        }
+
+        c->next = NULL;
+        if (lastCert) {
+            lastCert->next = c;
+        } else {
+            ss->ssl3.peerCertChain = c;
+        }
+        lastCert = c;
+    }
+
+    SECKEY_UpdateCertPQG(ss->sec.peerCert);
+
+    if (!isServer &&
+        ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
+        ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn)) {
+        ss->ssl3.hs.ws = wait_certificate_status;
+        rv = SECSuccess;
+    } else {
+        rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+    }
+
+    return rv;
+
+ambiguous_err:
+    errCode = PORT_GetError();
+    switch (errCode) {
+        case PR_OUT_OF_MEMORY_ERROR:
+        case SEC_ERROR_BAD_DATABASE:
+        case SEC_ERROR_NO_MEMORY:
+            if (isTLS) {
+                desc = internal_error;
+                goto alert_loser;
+            }
+            goto loser;
+    }
+    ssl3_SendAlertForCertError(ss, errCode);
+    goto loser;
+
+decode_loser:
+    desc = isTLS ? decode_error : bad_certificate;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+
+loser:
+    (void)ssl_MapLowLevelError(errCode);
+    return SECFailure;
+}
+
+SECStatus
+ssl3_AuthCertificate(sslSocket *ss)
+{
+    SECStatus rv;
+    PRBool isServer = ss->sec.isServer;
+    int errCode;
+
+    ss->ssl3.hs.authCertificatePending = PR_FALSE;
+
+    PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+                ssl_preinfo_all);
+    /*
+     * Ask caller-supplied callback function to validate cert chain.
+     */
+    rv = (SECStatus)(*ss->authCertificate)(ss->authCertificateArg, ss->fd,
+                                           PR_TRUE, isServer);
+    if (rv != SECSuccess) {
+        errCode = PORT_GetError();
+        if (rv != SECWouldBlock) {
+            if (ss->handleBadCert) {
+                rv = (*ss->handleBadCert)(ss->badCertArg, ss->fd);
+            }
+        }
+
+        if (rv == SECWouldBlock) {
+            if (ss->sec.isServer) {
+                errCode = SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS;
+                goto loser;
+            }
+
+            ss->ssl3.hs.authCertificatePending = PR_TRUE;
+            rv = SECSuccess;
+        }
+
+        if (rv != SECSuccess) {
+            ssl3_SendAlertForCertError(ss, errCode);
+            goto loser;
+        }
+    }
+
+    ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
+
+    if (!ss->sec.isServer) {
+        CERTCertificate *cert = ss->sec.peerCert;
+
+        /* set the server authentication type and size from the value
+        ** in the cert. */
+        SECKEYPublicKey *pubKey = CERT_ExtractPublicKey(cert);
+        if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+            /* These are filled in in tls13_HandleCertificateVerify and
+             * tls13_HandleServerKeyShare. */
+            ss->sec.authType = ss->ssl3.hs.kea_def->authKeyType;
+            ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
+        }
+        if (pubKey) {
+            KeyType pubKeyType;
+            PRInt32 minKey;
+            /* This partly fixes Bug 124230 and may cause problems for
+             * callers which depend on the old (wrong) behavior. */
+            ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey);
+            pubKeyType = SECKEY_GetPublicKeyType(pubKey);
+            minKey = ss->sec.authKeyBits;
+            switch (pubKeyType) {
+                case rsaKey:
+                case rsaPssKey:
+                case rsaOaepKey:
+                    rv =
+                        NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_RSA_MIN_MODULUS_BITS;
+                    }
+                    break;
+                case dsaKey:
+                    rv =
+                        NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_DSA_MIN_P_BITS;
+                    }
+                    break;
+                case dhKey:
+                    rv =
+                        NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey);
+                    if (rv !=
+                        SECSuccess) {
+                        minKey =
+                            SSL_DH_MIN_P_BITS;
+                    }
+                    break;
+                default:
+                    break;
+            }
+
+            /* Too small: not good enough. Send a fatal alert. */
+            /* We aren't checking EC here on the understanding that we only
+             * support curves we like, a decision that might need revisiting. */
+            if (ss->sec.authKeyBits < minKey) {
+                PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
+                (void)SSL3_SendAlert(ss, alert_fatal,
+                                     ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
+                                         ? insufficient_security
+                                         : illegal_parameter);
+                SECKEY_DestroyPublicKey(pubKey);
+                return SECFailure;
+            }
+            SECKEY_DestroyPublicKey(pubKey);
+            pubKey = NULL;
+        }
+
+        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+            TLS13_SET_HS_STATE(ss, wait_cert_verify);
+        } else {
+            /* Ephemeral suites require ServerKeyExchange. */
+            if (ss->ssl3.hs.kea_def->ephemeral) {
+                /* require server_key_exchange */
+                ss->ssl3.hs.ws = wait_server_key;
+            } else {
+                /* disallow server_key_exchange */
+                ss->ssl3.hs.ws = wait_cert_request;
+                /* This is static RSA key exchange so set the key exchange
+                 * details to compensate for that. */
+                ss->sec.keaKeyBits = ss->sec.authKeyBits;
+                ss->sec.signatureScheme = ssl_sig_none;
+                ss->sec.keaGroup = NULL;
+            }
+        }
+    } else {
+        /* Server */
+        if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+            ss->ssl3.hs.ws = wait_client_key;
+        } else {
+            TLS13_SET_HS_STATE(ss, wait_cert_verify);
+        }
+    }
+
+    PORT_Assert(rv == SECSuccess);
+    if (rv != SECSuccess) {
+        errCode = SEC_ERROR_LIBRARY_FAILURE;
+        goto loser;
+    }
+
+    return SECSuccess;
+
+loser:
+    (void)ssl_MapLowLevelError(errCode);
+    return SECFailure;
+}
+
+static SECStatus ssl3_FinishHandshake(sslSocket *ss);
+
+static SECStatus
+ssl3_AlwaysFail(sslSocket *ss)
+{
+    PORT_SetError(PR_INVALID_STATE_ERROR);
+    return SECFailure;
+}
+
+/* Caller must hold 1stHandshakeLock.
+*/
+SECStatus
+ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error)
+{
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+
+    if (ss->sec.isServer) {
+        PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS);
+        return SECFailure;
+    }
+
+    ssl_GetRecvBufLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    if (!ss->ssl3.hs.authCertificatePending) {
+        PORT_SetError(PR_INVALID_STATE_ERROR);
+        rv = SECFailure;
+        goto done;
+    }
+
+    ss->ssl3.hs.authCertificatePending = PR_FALSE;
+
+    if (error != 0) {
+        ss->ssl3.hs.restartTarget = ssl3_AlwaysFail;
+        ssl3_SendAlertForCertError(ss, error);
+        rv = SECSuccess;
+    } else if (ss->ssl3.hs.restartTarget != NULL) {
+        sslRestartTarget target = ss->ssl3.hs.restartTarget;
+        ss->ssl3.hs.restartTarget = NULL;
+
+        if (target == ssl3_FinishHandshake) {
+            SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication lost the race"
+                        " with peer's finished message",
+                        SSL_GETPID(), ss->fd));
+        }
+
+        rv = target(ss);
+        /* Even if we blocked here, we have accomplished enough to claim
+         * success. Any remaining work will be taken care of by subsequent
+         * calls to SSL_ForceHandshake/PR_Send/PR_Read/etc.
+         */
+        if (rv == SECWouldBlock) {
+            rv = SECSuccess;
+        }
+    } else {
+        SSL_TRC(3, ("%d: SSL3[%p]: certificate authentication won the race with"
+                    " peer's finished message",
+                    SSL_GETPID(), ss->fd));
+
+        PORT_Assert(!ss->ssl3.hs.isResuming);
+        PORT_Assert(ss->ssl3.hs.ws != idle_handshake);
+
+        if (ss->opt.enableFalseStart &&
+            !ss->firstHsDone &&
+            !ss->ssl3.hs.isResuming &&
+            ssl3_WaitingForServerSecondRound(ss)) {
+            /* ssl3_SendClientSecondRound deferred the false start check because
+             * certificate authentication was pending, so we do it now if we still
+             * haven't received all of the server's second round yet.
+             */
+            rv = ssl3_CheckFalseStart(ss);
+        } else {
+            rv = SECSuccess;
+        }
+    }
+
+done:
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_ReleaseRecvBufLock(ss);
+
+    return rv;
+}
+
+static SECStatus
+ssl3_ComputeTLSFinished(sslSocket *ss, ssl3CipherSpec *spec,
+                        PRBool isServer,
+                        const SSL3Hashes *hashes,
+                        TLSFinished *tlsFinished)
+{
+    SECStatus rv;
+    CK_TLS_MAC_PARAMS tls_mac_params;
+    SECItem param = { siBuffer, NULL, 0 };
+    PK11Context *prf_context;
+    unsigned int retLen;
+
+    PORT_Assert(spec->master_secret);
+    if (!spec->master_secret) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) {
+        tls_mac_params.prfMechanism = CKM_TLS_PRF;
+    } else {
+        tls_mac_params.prfMechanism = ssl3_GetPrfHashMechanism(ss);
+    }
+    tls_mac_params.ulMacLength = 12;
+    tls_mac_params.ulServerOrClient = isServer ? 1 : 2;
+    param.data = (unsigned char *)&tls_mac_params;
+    param.len = sizeof(tls_mac_params);
+    prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN,
+                                             spec->master_secret, &param);
+    if (!prf_context)
+        return SECFailure;
+
+    rv = PK11_DigestBegin(prf_context);
+    rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len);
+    rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen,
+                           sizeof tlsFinished->verify_data);
+    PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data);
+
+    PK11_DestroyContext(prf_context, PR_TRUE);
+
+    return rv;
+}
+
+/* The calling function must acquire and release the appropriate
+ * lock (e.g., ssl_GetSpecReadLock / ssl_ReleaseSpecReadLock for
+ * ss->ssl3.crSpec).
+ */
+SECStatus
+ssl3_TLSPRFWithMasterSecret(sslSocket *ss, ssl3CipherSpec *spec,
+                            const char *label, unsigned int labelLen,
+                            const unsigned char *val, unsigned int valLen,
+                            unsigned char *out, unsigned int outLen)
+{
+    SECStatus rv = SECSuccess;
+
+    if (spec->master_secret) {
+        SECItem param = { siBuffer, NULL, 0 };
+        CK_MECHANISM_TYPE mech = CKM_TLS_PRF_GENERAL;
+        PK11Context *prf_context;
+        unsigned int retLen;
+
+        if (spec->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
+            /* Bug 1312976 non-SHA256 exporters are broken. */
+            if (ssl3_GetPrfHashMechanism(ss) != CKM_SHA256) {
+                PORT_Assert(0);
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                return SECFailure;
+            }
+            mech = CKM_NSS_TLS_PRF_GENERAL_SHA256;
+        }
+        prf_context = PK11_CreateContextBySymKey(mech, CKA_SIGN,
+                                                 spec->master_secret, &param);
+        if (!prf_context)
+            return SECFailure;
+
+        rv = PK11_DigestBegin(prf_context);
+        rv |= PK11_DigestOp(prf_context, (unsigned char *)label, labelLen);
+        rv |= PK11_DigestOp(prf_context, val, valLen);
+        rv |= PK11_DigestFinal(prf_context, out, &retLen, outLen);
+        PORT_Assert(rv != SECSuccess || retLen == outLen);
+
+        PK11_DestroyContext(prf_context, PR_TRUE);
+    } else {
+        PORT_Assert(spec->master_secret);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/* called from ssl3_SendClientSecondRound
+ *             ssl3_HandleFinished
+ */
+static SECStatus
+ssl3_SendNextProto(sslSocket *ss)
+{
+    SECStatus rv;
+    int padding_len;
+    static const unsigned char padding[32] = { 0 };
+
+    if (ss->xtnData.nextProto.len == 0 ||
+        ss->xtnData.nextProtoState == SSL_NEXT_PROTO_SELECTED) {
+        return SECSuccess;
+    }
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    padding_len = 32 - ((ss->xtnData.nextProto.len + 2) % 32);
+
+    rv = ssl3_AppendHandshakeHeader(ss, next_proto, ss->xtnData.nextProto.len +
+                                                        2 +
+                                                        padding_len);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by AppendHandshakeHeader */
+    }
+    rv = ssl3_AppendHandshakeVariable(ss, ss->xtnData.nextProto.data,
+                                      ss->xtnData.nextProto.len, 1);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by AppendHandshake */
+    }
+    rv = ssl3_AppendHandshakeVariable(ss, padding, padding_len, 1);
+    if (rv != SECSuccess) {
+        return rv; /* error code set by AppendHandshake */
+    }
+    return rv;
+}
+
+/* called from ssl3_SendFinished
+ *
+ * This function is simply a debugging aid and therefore does not return a
+ * SECStatus. */
+static void
+ssl3_RecordKeyLog(sslSocket *ss)
+{
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+    SECStatus rv;
+    SECItem *keyData;
+    char buf[14 /* "CLIENT_RANDOM " */ +
+             SSL3_RANDOM_LENGTH * 2 /* client_random */ +
+             1 /* " " */ +
+             48 * 2 /* master secret */ +
+             1 /* new line */];
+    unsigned int j;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (!ssl_keylog_iob)
+        return;
+
+    rv = PK11_ExtractKeyValue(ss->ssl3.cwSpec->master_secret);
+    if (rv != SECSuccess)
+        return;
+
+    ssl_GetSpecReadLock(ss);
+
+    /* keyData does not need to be freed. */
+    keyData = PK11_GetKeyData(ss->ssl3.cwSpec->master_secret);
+    if (!keyData || !keyData->data || keyData->len != 48) {
+        ssl_ReleaseSpecReadLock(ss);
+        return;
+    }
+
+    /* https://developer.mozilla.org/en/NSS_Key_Log_Format */
+
+    /* There could be multiple, concurrent writers to the
+     * keylog, so we have to do everything in a single call to
+     * fwrite. */
+
+    memcpy(buf, "CLIENT_RANDOM ", 14);
+    j = 14;
+    hexEncode(buf + j, ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
+    j += SSL3_RANDOM_LENGTH * 2;
+    buf[j++] = ' ';
+    hexEncode(buf + j, keyData->data, 48);
+    j += 48 * 2;
+    buf[j++] = '\n';
+
+    PORT_Assert(j == sizeof(buf));
+
+    ssl_ReleaseSpecReadLock(ss);
+
+    if (fwrite(buf, sizeof(buf), 1, ssl_keylog_iob) != 1)
+        return;
+    fflush(ssl_keylog_iob);
+    return;
+#endif
+}
+
+/* called from ssl3_SendClientSecondRound
+ *             ssl3_HandleClientHello
+ *             ssl3_HandleFinished
+ */
+static SECStatus
+ssl3_SendFinished(sslSocket *ss, PRInt32 flags)
+{
+    ssl3CipherSpec *cwSpec;
+    PRBool isTLS;
+    PRBool isServer = ss->sec.isServer;
+    SECStatus rv;
+    SSL3Sender sender = isServer ? sender_server : sender_client;
+    SSL3Hashes hashes;
+    TLSFinished tlsFinished;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send finished handshake", SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    ssl_GetSpecReadLock(ss);
+    cwSpec = ss->ssl3.cwSpec;
+    isTLS = (PRBool)(cwSpec->version > SSL_LIBRARY_VERSION_3_0);
+    rv = ssl3_ComputeHandshakeHashes(ss, cwSpec, &hashes, sender);
+    if (isTLS && rv == SECSuccess) {
+        rv = ssl3_ComputeTLSFinished(ss, cwSpec, isServer, &hashes, &tlsFinished);
+    }
+    ssl_ReleaseSpecReadLock(ss);
+    if (rv != SECSuccess) {
+        goto fail; /* err code was set by ssl3_ComputeHandshakeHashes */
+    }
+
+    if (isTLS) {
+        if (isServer)
+            ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
+        else
+            ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
+        ss->ssl3.hs.finishedBytes = sizeof tlsFinished;
+        rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof tlsFinished);
+        if (rv != SECSuccess)
+            goto fail; /* err set by AppendHandshake. */
+        rv = ssl3_AppendHandshake(ss, &tlsFinished, sizeof tlsFinished);
+        if (rv != SECSuccess)
+            goto fail; /* err set by AppendHandshake. */
+    } else {
+        if (isServer)
+            ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes.u.s;
+        else
+            ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes.u.s;
+        PORT_Assert(hashes.len == sizeof hashes.u.s);
+        ss->ssl3.hs.finishedBytes = sizeof hashes.u.s;
+        rv = ssl3_AppendHandshakeHeader(ss, finished, sizeof hashes.u.s);
+        if (rv != SECSuccess)
+            goto fail; /* err set by AppendHandshake. */
+        rv = ssl3_AppendHandshake(ss, &hashes.u.s, sizeof hashes.u.s);
+        if (rv != SECSuccess)
+            goto fail; /* err set by AppendHandshake. */
+    }
+    rv = ssl3_FlushHandshake(ss, flags);
+    if (rv != SECSuccess) {
+        goto fail; /* error code set by ssl3_FlushHandshake */
+    }
+
+    ssl3_RecordKeyLog(ss);
+
+    return SECSuccess;
+
+fail:
+    return rv;
+}
+
+/* wrap the master secret, and put it into the SID.
+ * Caller holds the Spec read lock.
+ */
+SECStatus
+ssl3_CacheWrappedMasterSecret(sslSocket *ss, sslSessionID *sid,
+                              ssl3CipherSpec *spec)
+{
+    PK11SymKey *wrappingKey = NULL;
+    PK11SlotInfo *symKeySlot;
+    void *pwArg = ss->pkcs11PinArg;
+    SECStatus rv = SECFailure;
+    PRBool isServer = ss->sec.isServer;
+    CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
+
+    symKeySlot = PK11_GetSlotFromKey(spec->master_secret);
+    if (!isServer) {
+        int wrapKeyIndex;
+        int incarnation;
+
+        /* these next few functions are mere accessors and don't fail. */
+        sid->u.ssl3.masterWrapIndex = wrapKeyIndex =
+            PK11_GetCurrentWrapIndex(symKeySlot);
+        PORT_Assert(wrapKeyIndex == 0); /* array has only one entry! */
+
+        sid->u.ssl3.masterWrapSeries = incarnation =
+            PK11_GetSlotSeries(symKeySlot);
+        sid->u.ssl3.masterSlotID = PK11_GetSlotID(symKeySlot);
+        sid->u.ssl3.masterModuleID = PK11_GetModuleID(symKeySlot);
+        sid->u.ssl3.masterValid = PR_TRUE;
+        /* Get the default wrapping key, for wrapping the master secret before
+         * placing it in the SID cache entry. */
+        wrappingKey = PK11_GetWrapKey(symKeySlot, wrapKeyIndex,
+                                      CKM_INVALID_MECHANISM, incarnation,
+                                      pwArg);
+        if (wrappingKey) {
+            mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */
+        } else {
+            int keyLength;
+            /* if the wrappingKey doesn't exist, attempt to create it.
+             * Note: we intentionally ignore errors here.  If we cannot
+             * generate a wrapping key, it is not fatal to this SSL connection,
+             * but we will not be able to restart this session.
+             */
+            mechanism = PK11_GetBestWrapMechanism(symKeySlot);
+            keyLength = PK11_GetBestKeyLength(symKeySlot, mechanism);
+            /* Zero length means fixed key length algorithm, or error.
+             * It's ambiguous.
+             */
+            wrappingKey = PK11_KeyGen(symKeySlot, mechanism, NULL,
+                                      keyLength, pwArg);
+            if (wrappingKey) {
+                PK11_SetWrapKey(symKeySlot, wrapKeyIndex, wrappingKey);
+            }
+        }
+    } else {
+        /* server socket using session cache. */
+        mechanism = PK11_GetBestWrapMechanism(symKeySlot);
+        if (mechanism != CKM_INVALID_MECHANISM) {
+            wrappingKey =
+                ssl3_GetWrappingKey(ss, symKeySlot, mechanism, pwArg);
+            if (wrappingKey) {
+                mechanism = PK11_GetMechanism(wrappingKey); /* can't fail. */
+            }
+        }
+    }
+
+    sid->u.ssl3.masterWrapMech = mechanism;
+    PK11_FreeSlot(symKeySlot);
+
+    if (wrappingKey) {
+        SECItem wmsItem;
+
+        wmsItem.data = sid->u.ssl3.keys.wrapped_master_secret;
+        wmsItem.len = sizeof sid->u.ssl3.keys.wrapped_master_secret;
+        rv = PK11_WrapSymKey(mechanism, NULL, wrappingKey,
+                             spec->master_secret, &wmsItem);
+        /* rv is examined below. */
+        sid->u.ssl3.keys.wrapped_master_secret_len = wmsItem.len;
+        PK11_FreeSymKey(wrappingKey);
+    }
+    return rv;
+}
+
+/* Called from ssl3_HandlePostHelloHandshakeMessage() when it has deciphered
+ * a complete ssl3 Finished message from the peer.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+                    const SSL3Hashes *hashes)
+{
+    sslSessionID *sid = ss->sec.ci.sid;
+    SECStatus rv = SECSuccess;
+    PRBool isServer = ss->sec.isServer;
+    PRBool isTLS;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle finished handshake",
+                SSL_GETPID(), ss->fd));
+
+    if (ss->ssl3.hs.ws != wait_finished) {
+        SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_FINISHED);
+        return SECFailure;
+    }
+
+    if (!hashes) {
+        PORT_Assert(0);
+        SSL3_SendAlert(ss, alert_fatal, internal_error);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
+    if (isTLS) {
+        TLSFinished tlsFinished;
+
+        if (length != sizeof(tlsFinished)) {
+#ifndef UNSAFE_FUZZER_MODE
+            (void)SSL3_SendAlert(ss, alert_fatal, decode_error);
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
+            return SECFailure;
+#endif
+        }
+        rv = ssl3_ComputeTLSFinished(ss, ss->ssl3.crSpec, !isServer,
+                                     hashes, &tlsFinished);
+        if (!isServer)
+            ss->ssl3.hs.finishedMsgs.tFinished[1] = tlsFinished;
+        else
+            ss->ssl3.hs.finishedMsgs.tFinished[0] = tlsFinished;
+        ss->ssl3.hs.finishedBytes = sizeof(tlsFinished);
+        if (rv != SECSuccess ||
+            0 != NSS_SecureMemcmp(&tlsFinished, b,
+                                  PR_MIN(length, ss->ssl3.hs.finishedBytes))) {
+#ifndef UNSAFE_FUZZER_MODE
+            (void)SSL3_SendAlert(ss, alert_fatal, decrypt_error);
+            PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+            return SECFailure;
+#endif
+        }
+    } else {
+        if (length != sizeof(SSL3Finished)) {
+            (void)ssl3_IllegalParameter(ss);
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_FINISHED);
+            return SECFailure;
+        }
+
+        if (!isServer)
+            ss->ssl3.hs.finishedMsgs.sFinished[1] = hashes->u.s;
+        else
+            ss->ssl3.hs.finishedMsgs.sFinished[0] = hashes->u.s;
+        PORT_Assert(hashes->len == sizeof hashes->u.s);
+        ss->ssl3.hs.finishedBytes = sizeof hashes->u.s;
+        if (0 != NSS_SecureMemcmp(&hashes->u.s, b, length)) {
+            (void)ssl3_HandshakeFailure(ss);
+            PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+            return SECFailure;
+        }
+    }
+
+    ssl_GetXmitBufLock(ss); /*************************************/
+
+    if ((isServer && !ss->ssl3.hs.isResuming) ||
+        (!isServer && ss->ssl3.hs.isResuming)) {
+        PRInt32 flags = 0;
+
+        /* Send a NewSessionTicket message if the client sent us
+         * either an empty session ticket, or one that did not verify.
+         * (Note that if either of these conditions was met, then the
+         * server has sent a SessionTicket extension in the
+         * ServerHello message.)
+         */
+        if (isServer && !ss->ssl3.hs.isResuming &&
+            ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) &&
+            ssl3_KEASupportsTickets(ss->ssl3.hs.kea_def)) {
+            /* RFC 5077 Section 3.3: "In the case of a full handshake, the
+             * server MUST verify the client's Finished message before sending
+             * the ticket." Presumably, this also means that the client's
+             * certificate, if any, must be verified beforehand too.
+             */
+            rv = ssl3_SendNewSessionTicket(ss);
+            if (rv != SECSuccess) {
+                goto xmit_loser;
+            }
+        }
+
+        rv = ssl3_SendChangeCipherSpecs(ss);
+        if (rv != SECSuccess) {
+            goto xmit_loser; /* err is set. */
+        }
+        /* If this thread is in SSL_SecureSend (trying to write some data)
+        ** then set the ssl_SEND_FLAG_FORCE_INTO_BUFFER flag, so that the
+        ** last two handshake messages (change cipher spec and finished)
+        ** will be sent in the same send/write call as the application data.
+        */
+        if (ss->writerThread == PR_GetCurrentThread()) {
+            flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
+        }
+
+        if (!isServer && !ss->firstHsDone) {
+            rv = ssl3_SendNextProto(ss);
+            if (rv != SECSuccess) {
+                goto xmit_loser; /* err code was set. */
+            }
+        }
+
+        if (IS_DTLS(ss)) {
+            flags |= ssl_SEND_FLAG_NO_RETRANSMIT;
+        }
+
+        rv = ssl3_SendFinished(ss, flags);
+        if (rv != SECSuccess) {
+            goto xmit_loser; /* err is set. */
+        }
+    }
+
+xmit_loser:
+    ssl_ReleaseXmitBufLock(ss); /*************************************/
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    if (sid->cached == never_cached && !ss->opt.noCache) {
+        rv = ssl3_FillInCachedSID(ss, sid);
+
+        /* If the wrap failed, we don't cache the sid.
+         * The connection continues normally however.
+         */
+        ss->ssl3.hs.cacheSID = rv == SECSuccess;
+    }
+
+    if (ss->ssl3.hs.authCertificatePending) {
+        if (ss->ssl3.hs.restartTarget) {
+            PR_NOT_REACHED("ssl3_HandleFinished: unexpected restartTarget");
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+
+        ss->ssl3.hs.restartTarget = ssl3_FinishHandshake;
+        return SECWouldBlock;
+    }
+
+    rv = ssl3_FinishHandshake(ss);
+    return rv;
+}
+
+SECStatus
+ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid)
+{
+    SECStatus rv;
+
+    /* fill in the sid */
+    sid->u.ssl3.cipherSuite = ss->ssl3.hs.cipher_suite;
+    sid->u.ssl3.compression = ss->ssl3.hs.compression;
+    sid->u.ssl3.policy = ss->ssl3.policy;
+    sid->version = ss->version;
+    sid->authType = ss->sec.authType;
+    sid->authKeyBits = ss->sec.authKeyBits;
+    sid->keaType = ss->sec.keaType;
+    sid->keaKeyBits = ss->sec.keaKeyBits;
+    sid->lastAccessTime = sid->creationTime = ssl_Time();
+    sid->expirationTime = sid->creationTime + ssl3_sid_timeout;
+    sid->localCert = CERT_DupCertificate(ss->sec.localCert);
+    if (ss->sec.isServer) {
+        sid->namedCurve = ss->sec.serverCert->namedCurve;
+    }
+
+    if (ss->xtnData.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
+        ss->xtnData.nextProto.data) {
+        if (SECITEM_CopyItem(
+                NULL, &sid->u.ssl3.alpnSelection, &ss->xtnData.nextProto) != SECSuccess) {
+            return SECFailure; /* error already set. */
+        }
+    }
+
+    ssl_GetSpecReadLock(ss); /*************************************/
+
+    /* Copy the master secret (wrapped or unwrapped) into the sid */
+    if (ss->ssl3.crSpec->msItem.len && ss->ssl3.crSpec->msItem.data) {
+        sid->u.ssl3.keys.wrapped_master_secret_len =
+            ss->ssl3.crSpec->msItem.len;
+        memcpy(sid->u.ssl3.keys.wrapped_master_secret,
+               ss->ssl3.crSpec->msItem.data, ss->ssl3.crSpec->msItem.len);
+        sid->u.ssl3.masterValid = PR_TRUE;
+        sid->u.ssl3.keys.msIsWrapped = PR_FALSE;
+        rv = SECSuccess;
+    } else {
+        rv = ssl3_CacheWrappedMasterSecret(ss, ss->sec.ci.sid,
+                                           ss->ssl3.crSpec);
+        sid->u.ssl3.keys.msIsWrapped = PR_TRUE;
+    }
+    ssl_ReleaseSpecReadLock(ss); /*************************************/
+
+    return rv;
+}
+
+/* The return type is SECStatus instead of void because this function needs
+ * to have type sslRestartTarget.
+ */
+SECStatus
+ssl3_FinishHandshake(sslSocket *ss)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.hs.restartTarget == NULL);
+
+    /* The first handshake is now completed. */
+    ss->handshake = NULL;
+
+    /* RFC 5077 Section 3.3: "The client MUST NOT treat the ticket as valid
+     * until it has verified the server's Finished message." When the server
+     * sends a NewSessionTicket in a resumption handshake, we must wait until
+     * the handshake is finished (we have verified the server's Finished
+     * AND the server's certificate) before we update the ticket in the sid.
+     *
+     * This must be done before we call ss->sec.cache(ss->sec.ci.sid)
+     * because CacheSID requires the session ticket to already be set, and also
+     * because of the lazy lock creation scheme used by CacheSID and
+     * ssl3_SetSIDSessionTicket.
+     */
+    if (ss->ssl3.hs.receivedNewSessionTicket) {
+        PORT_Assert(!ss->sec.isServer);
+        ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &ss->ssl3.hs.newSessionTicket);
+        /* The sid took over the ticket data */
+        PORT_Assert(!ss->ssl3.hs.newSessionTicket.ticket.data);
+        ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
+    }
+
+    if (ss->ssl3.hs.cacheSID) {
+        PORT_Assert(ss->sec.ci.sid->cached == never_cached);
+        ss->sec.cache(ss->sec.ci.sid);
+        ss->ssl3.hs.cacheSID = PR_FALSE;
+    }
+
+    ss->ssl3.hs.canFalseStart = PR_FALSE; /* False Start phase is complete */
+    ss->ssl3.hs.ws = idle_handshake;
+
+    ssl_FinishHandshake(ss);
+
+    return SECSuccess;
+}
+
+/* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
+ * hanshake message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+SECStatus
+ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+                            PRBool endOfRecord)
+{
+    SECStatus rv = SECSuccess;
+    SSL3HandshakeType type = ss->ssl3.hs.msg_type;
+    SSL3Hashes hashes;            /* computed hashes are put here. */
+    SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */
+    PRUint8 hdr[4];
+    PRUint8 dtlsData[8];
+    PRBool computeHashes = PR_FALSE;
+    PRUint16 epoch;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    /*
+     * We have to compute the hashes before we update them with the
+     * current message.
+     */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        if ((type == finished) && (ss->ssl3.hs.ws == wait_finished)) {
+            computeHashes = PR_TRUE;
+        } else if ((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify)) {
+            if (ss->ssl3.hs.hashType == handshake_hash_record) {
+                /* We cannot compute the hash yet. We must wait until we have
+                 * decoded the certificate_verify message in
+                 * ssl3_HandleCertificateVerify, which will tell us which
+                 * hash function we must use.
+                 *
+                 * (ssl3_HandleCertificateVerify cannot simply look at the
+                 * buffer length itself, because at the time we reach it,
+                 * additional handshake messages will have been added to the
+                 * buffer, e.g. the certificate_verify message itself.)
+                 *
+                 * Therefore, we use SSL3Hashes.u.pointer_to_hash_input
+                 * to signal the current state of the buffer.
+                 *
+                 * ssl3_HandleCertificateVerify will detect
+                 *     hashType == handshake_hash_record
+                 * and use that information to calculate the hash.
+                 */
+                hashes.u.pointer_to_hash_input.data = ss->ssl3.hs.messages.buf;
+                hashes.u.pointer_to_hash_input.len = ss->ssl3.hs.messages.len;
+                hashesPtr = &hashes;
+            } else {
+                computeHashes = PR_TRUE;
+            }
+        }
+    } else {
+        if (type == certificate_verify) {
+            computeHashes = TLS13_IN_HS_STATE(ss, wait_cert_verify);
+        } else if (type == finished) {
+            computeHashes =
+                TLS13_IN_HS_STATE(ss, wait_cert_request, wait_finished);
+        }
+    }
+
+    ssl_GetSpecReadLock(ss); /************************************/
+    if (computeHashes) {
+        SSL3Sender sender = (SSL3Sender)0;
+        ssl3CipherSpec *rSpec = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ? ss->ssl3.crSpec
+                                                                           : ss->ssl3.prSpec;
+
+        if (type == finished) {
+            sender = ss->sec.isServer ? sender_client : sender_server;
+            rSpec = ss->ssl3.crSpec;
+        }
+        rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
+        if (rv == SECSuccess) {
+            hashesPtr = &hashes;
+        }
+    }
+    ssl_ReleaseSpecReadLock(ss); /************************************/
+    if (rv != SECSuccess) {
+        return rv; /* error code was set by ssl3_ComputeHandshakeHashes*/
+    }
+    SSL_TRC(30, ("%d: SSL3[%d]: handle handshake message: %s", SSL_GETPID(),
+                 ss->fd, ssl3_DecodeHandshakeType(ss->ssl3.hs.msg_type)));
+
+    hdr[0] = (PRUint8)ss->ssl3.hs.msg_type;
+    hdr[1] = (PRUint8)(length >> 16);
+    hdr[2] = (PRUint8)(length >> 8);
+    hdr[3] = (PRUint8)(length);
+
+    /* Start new handshake hashes when we start a new handshake.  Unless this is
+     * TLS 1.3 and we sent a HelloRetryRequest. */
+    if (ss->ssl3.hs.msg_type == client_hello && !ss->ssl3.hs.helloRetry) {
+        rv = ssl3_RestartHandshakeHashes(ss);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+    /* We should not include hello_request and hello_verify_request messages
+     * in the handshake hashes */
+    if ((ss->ssl3.hs.msg_type != hello_request) &&
+        (ss->ssl3.hs.msg_type != hello_verify_request)) {
+        rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)hdr, 4);
+        if (rv != SECSuccess)
+            return rv; /* err code already set. */
+
+        /* Extra data to simulate a complete DTLS handshake fragment */
+        if (IS_DTLS(ss)) {
+            /* Sequence number */
+            dtlsData[0] = MSB(ss->ssl3.hs.recvMessageSeq);
+            dtlsData[1] = LSB(ss->ssl3.hs.recvMessageSeq);
+
+            /* Fragment offset */
+            dtlsData[2] = 0;
+            dtlsData[3] = 0;
+            dtlsData[4] = 0;
+
+            /* Fragment length */
+            dtlsData[5] = (PRUint8)(length >> 16);
+            dtlsData[6] = (PRUint8)(length >> 8);
+            dtlsData[7] = (PRUint8)(length);
+
+            rv = ssl3_UpdateHandshakeHashes(ss, (unsigned char *)dtlsData,
+                                            sizeof(dtlsData));
+            if (rv != SECSuccess)
+                return rv; /* err code already set. */
+        }
+
+        /* The message body */
+        rv = ssl3_UpdateHandshakeHashes(ss, b, length);
+        if (rv != SECSuccess)
+            return rv; /* err code already set. */
+    }
+
+    PORT_SetError(0); /* each message starts with no error. */
+
+    if (ss->ssl3.hs.ws == wait_certificate_status &&
+        ss->ssl3.hs.msg_type != certificate_status) {
+        /* If we negotiated the certificate_status extension then we deferred
+         * certificate validation until we get the CertificateStatus messsage.
+         * But the CertificateStatus message is optional. If the server did
+         * not send it then we need to validate the certificate now. If the
+         * server does send the CertificateStatus message then we will
+         * authenticate the certificate in ssl3_HandleCertificateStatus.
+         */
+        rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+        PORT_Assert(rv != SECWouldBlock);
+        if (rv != SECSuccess) {
+            return rv;
+        }
+    }
+
+    epoch = ss->ssl3.crSpec->epoch;
+    switch (ss->ssl3.hs.msg_type) {
+        case client_hello:
+            if (!ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO);
+                return SECFailure;
+            }
+            rv = ssl3_HandleClientHello(ss, b, length);
+            break;
+        case server_hello:
+            if (ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO);
+                return SECFailure;
+            }
+            rv = ssl3_HandleServerHello(ss, b, length);
+            break;
+        default:
+            if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+                rv = ssl3_HandlePostHelloHandshakeMessage(ss, b, length, hashesPtr);
+            } else {
+                rv = tls13_HandlePostHelloHandshakeMessage(ss, b, length,
+                                                           hashesPtr);
+            }
+            break;
+    }
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
+        (epoch != ss->ssl3.crSpec->epoch) && !endOfRecord) {
+        /* If we changed read cipher states, there must not be any
+         * data in the input queue. */
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
+        return SECFailure;
+    }
+
+    if (IS_DTLS(ss) && (rv != SECFailure)) {
+        /* Increment the expected sequence number */
+        ss->ssl3.hs.recvMessageSeq++;
+    }
+    return rv;
+}
+
+static SECStatus
+ssl3_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
+                                     PRUint32 length, SSL3Hashes *hashesPtr)
+{
+    SECStatus rv;
+    PORT_Assert(ss->version < SSL_LIBRARY_VERSION_TLS_1_3);
+
+    switch (ss->ssl3.hs.msg_type) {
+        case hello_request:
+            if (length != 0) {
+                (void)ssl3_DecodeError(ss);
+                PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST);
+                return SECFailure;
+            }
+            if (ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST);
+                return SECFailure;
+            }
+            rv = ssl3_HandleHelloRequest(ss);
+            break;
+
+        case hello_retry_request:
+            /* This arrives here because - as a client - we haven't received a
+             * final decision on the version from the server. */
+            rv = tls13_HandleHelloRetryRequest(ss, b, length);
+            break;
+
+        case hello_verify_request:
+            if (!IS_DTLS(ss) || ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST);
+                return SECFailure;
+            }
+            rv = dtls_HandleHelloVerifyRequest(ss, b, length);
+            break;
+        case certificate:
+            rv = ssl3_HandleCertificate(ss, b, length);
+            break;
+        case certificate_status:
+            rv = ssl3_HandleCertificateStatus(ss, b, length);
+            break;
+        case server_key_exchange:
+            if (ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
+                return SECFailure;
+            }
+            rv = ssl3_HandleServerKeyExchange(ss, b, length);
+            break;
+        case certificate_request:
+            if (ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
+                return SECFailure;
+            }
+            rv = ssl3_HandleCertificateRequest(ss, b, length);
+            break;
+        case server_hello_done:
+            if (length != 0) {
+                (void)ssl3_DecodeError(ss);
+                PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_DONE);
+                return SECFailure;
+            }
+            if (ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
+                return SECFailure;
+            }
+            rv = ssl3_HandleServerHelloDone(ss);
+            break;
+        case certificate_verify:
+            if (!ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
+                return SECFailure;
+            }
+            rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr);
+            break;
+        case client_key_exchange:
+            if (!ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH);
+                return SECFailure;
+            }
+            rv = ssl3_HandleClientKeyExchange(ss, b, length);
+            break;
+        case new_session_ticket:
+            if (ss->sec.isServer) {
+                (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET);
+                return SECFailure;
+            }
+            rv = ssl3_HandleNewSessionTicket(ss, b, length);
+            break;
+        case finished:
+            rv = ssl3_HandleFinished(ss, b, length, hashesPtr);
+            break;
+        default:
+            (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+            PORT_SetError(SSL_ERROR_RX_UNKNOWN_HANDSHAKE);
+            rv = SECFailure;
+    }
+
+    return rv;
+}
+
+/* Called only from ssl3_HandleRecord, for each (deciphered) ssl3 record.
+ * origBuf is the decrypted ssl record content.
+ * Caller must hold the handshake and RecvBuf locks.
+ */
+static SECStatus
+ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
+{
+    /*
+     * There may be a partial handshake message already in the handshake
+     * state. The incoming buffer may contain another portion, or a
+     * complete message or several messages followed by another portion.
+     *
+     * Each message is made contiguous before being passed to the actual
+     * message parser.
+     */
+    sslBuffer *buf = &ss->ssl3.hs.msgState; /* do not lose the original buffer pointer */
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (buf->buf == NULL) {
+        *buf = *origBuf;
+    }
+    while (buf->len > 0) {
+        if (ss->ssl3.hs.header_bytes < 4) {
+            PRUint8 t;
+            t = *(buf->buf++);
+            buf->len--;
+            if (ss->ssl3.hs.header_bytes++ == 0)
+                ss->ssl3.hs.msg_type = (SSL3HandshakeType)t;
+            else
+                ss->ssl3.hs.msg_len = (ss->ssl3.hs.msg_len << 8) + t;
+            if (ss->ssl3.hs.header_bytes < 4)
+                continue;
+
+#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
+            if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) {
+                (void)ssl3_DecodeError(ss);
+                PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+                return SECFailure;
+            }
+#undef MAX_HANDSHAKE_MSG_LEN
+
+            /* If msg_len is zero, be sure we fall through,
+            ** even if buf->len is zero.
+            */
+            if (ss->ssl3.hs.msg_len > 0)
+                continue;
+        }
+
+        /*
+         * Header has been gathered and there is at least one byte of new
+         * data available for this message. If it can be done right out
+         * of the original buffer, then use it from there.
+         */
+        if (ss->ssl3.hs.msg_body.len == 0 && buf->len >= ss->ssl3.hs.msg_len) {
+            /* handle it from input buffer */
+            rv = ssl3_HandleHandshakeMessage(ss, buf->buf, ss->ssl3.hs.msg_len,
+                                             buf->len == ss->ssl3.hs.msg_len);
+            if (rv == SECFailure) {
+                /* This test wants to fall through on either
+                 * SECSuccess or SECWouldBlock.
+                 * ssl3_HandleHandshakeMessage MUST set the error code.
+                 */
+                return rv;
+            }
+            buf->buf += ss->ssl3.hs.msg_len;
+            buf->len -= ss->ssl3.hs.msg_len;
+            ss->ssl3.hs.msg_len = 0;
+            ss->ssl3.hs.header_bytes = 0;
+            if (rv != SECSuccess) { /* return if SECWouldBlock. */
+                return rv;
+            }
+        } else {
+            /* must be copied to msg_body and dealt with from there */
+            unsigned int bytes;
+
+            PORT_Assert(ss->ssl3.hs.msg_body.len < ss->ssl3.hs.msg_len);
+            bytes = PR_MIN(buf->len, ss->ssl3.hs.msg_len - ss->ssl3.hs.msg_body.len);
+
+            /* Grow the buffer if needed */
+            rv = sslBuffer_Grow(&ss->ssl3.hs.msg_body, ss->ssl3.hs.msg_len);
+            if (rv != SECSuccess) {
+                /* sslBuffer_Grow has set a memory error code. */
+                return SECFailure;
+            }
+
+            PORT_Memcpy(ss->ssl3.hs.msg_body.buf + ss->ssl3.hs.msg_body.len,
+                        buf->buf, bytes);
+            ss->ssl3.hs.msg_body.len += bytes;
+            buf->buf += bytes;
+            buf->len -= bytes;
+
+            PORT_Assert(ss->ssl3.hs.msg_body.len <= ss->ssl3.hs.msg_len);
+
+            /* if we have a whole message, do it */
+            if (ss->ssl3.hs.msg_body.len == ss->ssl3.hs.msg_len) {
+                rv = ssl3_HandleHandshakeMessage(
+                    ss, ss->ssl3.hs.msg_body.buf, ss->ssl3.hs.msg_len,
+                    buf->len == 0);
+                if (rv == SECFailure) {
+                    /* This test wants to fall through on either
+                     * SECSuccess or SECWouldBlock.
+                     * ssl3_HandleHandshakeMessage MUST set error code.
+                     */
+                    return rv;
+                }
+                ss->ssl3.hs.msg_body.len = 0;
+                ss->ssl3.hs.msg_len = 0;
+                ss->ssl3.hs.header_bytes = 0;
+                if (rv != SECSuccess) { /* return if SECWouldBlock. */
+                    return rv;
+                }
+            } else {
+                PORT_Assert(buf->len == 0);
+                break;
+            }
+        }
+    } /* end loop */
+
+    origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
+    buf->buf = NULL;  /* not a leak. */
+    return SECSuccess;
+}
+
+/* These macros return the given value with the MSB copied to all the other
+ * bits. They use the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to replace
+ * them with something else for odd compilers. */
+#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1)))
+#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
+
+/* SECStatusToMask returns, in constant time, a mask value of all ones if
+ * rv == SECSuccess.  Otherwise it returns zero. */
+static unsigned int
+SECStatusToMask(SECStatus rv)
+{
+    unsigned int good;
+    /* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results
+     * in the MSB being set to one iff it was zero before. */
+    good = rv ^ SECSuccess;
+    good--;
+    return DUPLICATE_MSB_TO_ALL(good);
+}
+
+/* ssl_ConstantTimeGE returns 0xff if a>=b and 0x00 otherwise. */
+static unsigned char
+ssl_ConstantTimeGE(unsigned int a, unsigned int b)
+{
+    a -= b;
+    return DUPLICATE_MSB_TO_ALL(~a);
+}
+
+/* ssl_ConstantTimeEQ8 returns 0xff if a==b and 0x00 otherwise. */
+static unsigned char
+ssl_ConstantTimeEQ8(unsigned char a, unsigned char b)
+{
+    unsigned int c = a ^ b;
+    c--;
+    return DUPLICATE_MSB_TO_ALL_8(c);
+}
+
+/* ssl_constantTimeSelect return a if mask is 0xFF and b if mask is 0x00 */
+static unsigned char
+ssl_constantTimeSelect(unsigned char mask, unsigned char a, unsigned char b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static SECStatus
+ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
+                          unsigned int blockSize,
+                          unsigned int macSize)
+{
+    unsigned int paddingLength, good, t;
+    const unsigned int overhead = 1 /* padding length byte */ + macSize;
+
+    /* These lengths are all public so we can test them in non-constant
+     * time. */
+    if (overhead > plaintext->len) {
+        return SECFailure;
+    }
+
+    paddingLength = plaintext->buf[plaintext->len - 1];
+    /* SSLv3 padding bytes are random and cannot be checked. */
+    t = plaintext->len;
+    t -= paddingLength + overhead;
+    /* If len >= paddingLength+overhead then the MSB of t is zero. */
+    good = DUPLICATE_MSB_TO_ALL(~t);
+    /* SSLv3 requires that the padding is minimal. */
+    t = blockSize - (paddingLength + 1);
+    good &= DUPLICATE_MSB_TO_ALL(~t);
+    plaintext->len -= good & (paddingLength + 1);
+    return (good & SECSuccess) | (~good & SECFailure);
+}
+
+SECStatus
+ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, unsigned int macSize)
+{
+    unsigned int paddingLength, good, t, toCheck, i;
+    const unsigned int overhead = 1 /* padding length byte */ + macSize;
+
+    /* These lengths are all public so we can test them in non-constant
+     * time. */
+    if (overhead > plaintext->len) {
+        return SECFailure;
+    }
+
+    paddingLength = plaintext->buf[plaintext->len - 1];
+    t = plaintext->len;
+    t -= paddingLength + overhead;
+    /* If len >= paddingLength+overhead then the MSB of t is zero. */
+    good = DUPLICATE_MSB_TO_ALL(~t);
+
+    /* The padding consists of a length byte at the end of the record and then
+     * that many bytes of padding, all with the same value as the length byte.
+     * Thus, with the length byte included, there are paddingLength+1 bytes of
+     * padding.
+     *
+     * We can't check just |paddingLength+1| bytes because that leaks
+     * decrypted information. Therefore we always have to check the maximum
+     * amount of padding possible. (Again, the length of the record is
+     * public information so we can use it.) */
+    toCheck = 256; /* maximum amount of padding + 1. */
+    if (toCheck > plaintext->len) {
+        toCheck = plaintext->len;
+    }
+
+    for (i = 0; i < toCheck; i++) {
+        unsigned int t = paddingLength - i;
+        /* If i <= paddingLength then the MSB of t is zero and mask is
+         * 0xff.  Otherwise, mask is 0. */
+        unsigned char mask = DUPLICATE_MSB_TO_ALL(~t);
+        unsigned char b = plaintext->buf[plaintext->len - 1 - i];
+        /* The final |paddingLength+1| bytes should all have the value
+         * |paddingLength|. Therefore the XOR should be zero. */
+        good &= ~(mask & (paddingLength ^ b));
+    }
+
+    /* If any of the final |paddingLength+1| bytes had the wrong value,
+     * one or more of the lower eight bits of |good| will be cleared. We
+     * AND the bottom 8 bits together and duplicate the result to all the
+     * bits. */
+    good &= good >> 4;
+    good &= good >> 2;
+    good &= good >> 1;
+    good <<= sizeof(good) * 8 - 1;
+    good = DUPLICATE_MSB_TO_ALL(good);
+
+    plaintext->len -= good & (paddingLength + 1);
+    return (good & SECSuccess) | (~good & SECFailure);
+}
+
+/* On entry:
+ *   originalLength >= macSize
+ *   macSize <= MAX_MAC_LENGTH
+ *   plaintext->len >= macSize
+ */
+static void
+ssl_CBCExtractMAC(sslBuffer *plaintext,
+                  unsigned int originalLength,
+                  SSL3Opaque *out,
+                  unsigned int macSize)
+{
+    unsigned char rotatedMac[MAX_MAC_LENGTH];
+    /* macEnd is the index of |plaintext->buf| just after the end of the
+     * MAC. */
+    unsigned macEnd = plaintext->len;
+    unsigned macStart = macEnd - macSize;
+    /* scanStart contains the number of bytes that we can ignore because
+     * the MAC's position can only vary by 255 bytes. */
+    unsigned scanStart = 0;
+    unsigned i, j;
+    unsigned char rotateOffset;
+
+    if (originalLength > macSize + 255 + 1) {
+        scanStart = originalLength - (macSize + 255 + 1);
+    }
+
+    /* We want to compute
+     * rotateOffset = (macStart - scanStart) % macSize
+     * But the time to compute this varies based on the amount of padding. Thus
+     * we explicitely handle all mac sizes with (hopefully) constant time modulo
+     * using Barrett reduction:
+     *  q := (rotateOffset * m) >> k
+     *  rotateOffset -= q * n
+     *  if (n <= rotateOffset) rotateOffset -= n
+     */
+    rotateOffset = macStart - scanStart;
+    /* rotateOffset < 255 + 1 + 48 = 304 */
+    if (macSize == 16) {
+        rotateOffset &= 15;
+    } else if (macSize == 20) {
+        /*
+         * Correctness: rotateOffset * ( 1/20 - 25/2^9 ) < 1
+         *              with rotateOffset <= 853
+         */
+        unsigned q = (rotateOffset * 25) >> 9;
+        rotateOffset -= q * 20;
+        rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 20),
+                                               20, 0);
+    } else if (macSize == 32) {
+        rotateOffset &= 31;
+    } else if (macSize == 48) {
+        /*
+         * Correctness: rotateOffset * ( 1/48 - 10/2^9 ) < 1
+         *              with rotateOffset < 768
+         */
+        unsigned q = (rotateOffset * 10) >> 9;
+        rotateOffset -= q * 48;
+        rotateOffset -= ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, 48),
+                                               48, 0);
+    } else {
+        /*
+         * SHA384 (macSize == 48) is the largest we support. We should never
+         * get here.
+         */
+        PORT_Assert(0);
+        rotateOffset = rotateOffset % macSize;
+    }
+
+    memset(rotatedMac, 0, macSize);
+    for (i = scanStart; i < originalLength;) {
+        for (j = 0; j < macSize && i < originalLength; i++, j++) {
+            unsigned char macStarted = ssl_ConstantTimeGE(i, macStart);
+            unsigned char macEnded = ssl_ConstantTimeGE(i, macEnd);
+            unsigned char b = 0;
+            b = plaintext->buf[i];
+            rotatedMac[j] |= b & macStarted & ~macEnded;
+        }
+    }
+
+    /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line
+     * we could line-align |rotatedMac| and rotate in place. */
+    memset(out, 0, macSize);
+    rotateOffset = macSize - rotateOffset;
+    rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize),
+                                          0, rotateOffset);
+    for (i = 0; i < macSize; i++) {
+        for (j = 0; j < macSize; j++) {
+            out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, rotateOffset);
+        }
+        rotateOffset++;
+        rotateOffset = ssl_constantTimeSelect(ssl_ConstantTimeGE(rotateOffset, macSize),
+                                              0, rotateOffset);
+    }
+}
+
+/* Unprotect an SSL3 record and leave the result in plaintext.
+ *
+ * If SECFailure is returned, we:
+ * 1. Set |*alert| to the alert to be sent.
+ * 2. Call PORT_SetError() with an appropriate code.
+ *
+ * Called by ssl3_HandleRecord. Caller must hold the spec read lock.
+ * Therefore, we MUST not call SSL3_SendAlert().
+ *
+ */
+static SECStatus
+ssl3_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
+                     SSL3AlertDescription *alert)
+{
+    ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
+    const ssl3BulkCipherDef *cipher_def = crSpec->cipher_def;
+    PRBool isTLS;
+    unsigned int good;
+    unsigned int ivLen = 0;
+    SSL3ContentType rType;
+    unsigned int minLength;
+    unsigned int originalLen = 0;
+    unsigned char header[13];
+    unsigned int headerLen;
+    SSL3Opaque hash[MAX_MAC_LENGTH];
+    SSL3Opaque givenHashBuf[MAX_MAC_LENGTH];
+    SSL3Opaque *givenHash;
+    unsigned int hashBytes = MAX_MAC_LENGTH + 1;
+    SECStatus rv;
+
+    good = ~0U;
+    minLength = crSpec->mac_size;
+    if (cipher_def->type == type_block) {
+        /* CBC records have a padding length byte at the end. */
+        minLength++;
+        if (crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+            /* With >= TLS 1.1, CBC records have an explicit IV. */
+            minLength += cipher_def->iv_size;
+        }
+    } else if (cipher_def->type == type_aead) {
+        minLength = cipher_def->explicit_nonce_size + cipher_def->tag_size;
+    }
+
+    /* We can perform this test in variable time because the record's total
+     * length and the ciphersuite are both public knowledge. */
+    if (cText->buf->len < minLength) {
+        goto decrypt_loser;
+    }
+
+    if (cipher_def->type == type_block &&
+        crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
+        /* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states
+         * "The receiver decrypts the entire GenericBlockCipher structure and
+         * then discards the first cipher block corresponding to the IV
+         * component." Instead, we decrypt the first cipher block and then
+         * discard it before decrypting the rest.
+         */
+        SSL3Opaque iv[MAX_IV_LENGTH];
+        int decoded;
+
+        ivLen = cipher_def->iv_size;
+        if (ivLen < 8 || ivLen > sizeof(iv)) {
+            *alert = internal_error;
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+
+        PRINT_BUF(80, (ss, "IV (ciphertext):", cText->buf->buf, ivLen));
+
+        /* The decryption result is garbage, but since we just throw away
+         * the block it doesn't matter.  The decryption of the next block
+         * depends only on the ciphertext of the IV block.
+         */
+        rv = crSpec->decode(crSpec->decodeContext, iv, &decoded,
+                            sizeof(iv), cText->buf->buf, ivLen);
+
+        good &= SECStatusToMask(rv);
+    }
+
+    PRINT_BUF(80, (ss, "ciphertext:", cText->buf->buf + ivLen,
+                   cText->buf->len - ivLen));
+
+    isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    if (isTLS && cText->buf->len - ivLen > (MAX_FRAGMENT_LENGTH + 2048)) {
+        *alert = record_overflow;
+        PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+        return SECFailure;
+    }
+
+    rType = cText->type;
+    if (cipher_def->type == type_aead) {
+        /* XXX For many AEAD ciphers, the plaintext is shorter than the
+         * ciphertext by a fixed byte count, but it is not true in general.
+         * Each AEAD cipher should provide a function that returns the
+         * plaintext length for a given ciphertext. */
+        unsigned int decryptedLen =
+            cText->buf->len - cipher_def->explicit_nonce_size -
+            cipher_def->tag_size;
+        headerLen = ssl3_BuildRecordPseudoHeader(
+            header, IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
+            rType, isTLS, cText->version, IS_DTLS(ss), decryptedLen);
+        PORT_Assert(headerLen <= sizeof(header));
+        rv = crSpec->aead(
+            ss->sec.isServer ? &crSpec->client : &crSpec->server,
+            PR_TRUE,                /* do decrypt */
+            plaintext->buf,         /* out */
+            (int *)&plaintext->len, /* outlen */
+            plaintext->space,       /* maxout */
+            cText->buf->buf,        /* in */
+            cText->buf->len,        /* inlen */
+            header, headerLen);
+        if (rv != SECSuccess) {
+            good = 0;
+        }
+    } else {
+        if (cipher_def->type == type_block &&
+            ((cText->buf->len - ivLen) % cipher_def->block_size) != 0) {
+            goto decrypt_loser;
+        }
+
+        /* decrypt from cText buf to plaintext. */
+        rv = crSpec->decode(
+            crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
+            plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
+        if (rv != SECSuccess) {
+            goto decrypt_loser;
+        }
+
+        PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
+
+        originalLen = plaintext->len;
+
+        /* If it's a block cipher, check and strip the padding. */
+        if (cipher_def->type == type_block) {
+            const unsigned int blockSize = cipher_def->block_size;
+            const unsigned int macSize = crSpec->mac_size;
+
+            if (!isTLS) {
+                good &= SECStatusToMask(ssl_RemoveSSLv3CBCPadding(
+                    plaintext, blockSize, macSize));
+            } else {
+                good &= SECStatusToMask(ssl_RemoveTLSCBCPadding(
+                    plaintext, macSize));
+            }
+        }
+
+        /* compute the MAC */
+        headerLen = ssl3_BuildRecordPseudoHeader(
+            header, IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
+            rType, isTLS, cText->version, IS_DTLS(ss),
+            plaintext->len - crSpec->mac_size);
+        PORT_Assert(headerLen <= sizeof(header));
+        if (cipher_def->type == type_block) {
+            rv = ssl3_ComputeRecordMACConstantTime(
+                crSpec, (PRBool)(!ss->sec.isServer), header, headerLen,
+                plaintext->buf, plaintext->len, originalLen,
+                hash, &hashBytes);
+
+            ssl_CBCExtractMAC(plaintext, originalLen, givenHashBuf,
+                              crSpec->mac_size);
+            givenHash = givenHashBuf;
+
+            /* plaintext->len will always have enough space to remove the MAC
+             * because in ssl_Remove{SSLv3|TLS}CBCPadding we only adjust
+             * plaintext->len if the result has enough space for the MAC and we
+             * tested the unadjusted size against minLength, above. */
+            plaintext->len -= crSpec->mac_size;
+        } else {
+            /* This is safe because we checked the minLength above. */
+            plaintext->len -= crSpec->mac_size;
+
+            rv = ssl3_ComputeRecordMAC(
+                crSpec, (PRBool)(!ss->sec.isServer), header, headerLen,
+                plaintext->buf, plaintext->len, hash, &hashBytes);
+
+            /* We can read the MAC directly from the record because its location
+             * is public when a stream cipher is used. */
+            givenHash = plaintext->buf + plaintext->len;
+        }
+
+        good &= SECStatusToMask(rv);
+
+        if (hashBytes != (unsigned)crSpec->mac_size ||
+            NSS_SecureMemcmp(givenHash, hash, crSpec->mac_size) != 0) {
+            /* We're allowed to leak whether or not the MAC check was correct */
+            good = 0;
+        }
+    }
+
+    if (good == 0) {
+    decrypt_loser:
+        /* always log mac error, in case attacker can read server logs. */
+        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+        *alert = bad_record_mac;
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* if cText is non-null, then decipher, check MAC, and decompress the
+ * SSL record from cText->buf (typically gs->inbuf)
+ * into databuf (typically gs->buf), and any previous contents of databuf
+ * is lost.  Then handle databuf according to its SSL record type,
+ * unless it's an application record.
+ *
+ * If cText is NULL, then the ciphertext has previously been deciphered and
+ * checked, and is already sitting in databuf.  It is processed as an SSL
+ * Handshake message.
+ *
+ * DOES NOT process the decrypted/decompressed application data.
+ * On return, databuf contains the decrypted/decompressed record.
+ *
+ * Called from ssl3_GatherCompleteHandshake
+ *             ssl3_RestartHandshakeAfterCertReq
+ *
+ * Caller must hold the RecvBufLock.
+ *
+ * This function aquires and releases the SSL3Handshake Lock, holding the
+ * lock around any calls to functions that handle records other than
+ * Application Data records.
+ */
+SECStatus
+ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
+{
+    SECStatus rv;
+    PRBool isTLS;
+    sslSequenceNumber seq_num = 0;
+    ssl3CipherSpec *crSpec;
+    SSL3ContentType rType;
+    sslBuffer *plaintext;
+    sslBuffer temp_buf;
+    SSL3AlertDescription alert = internal_error;
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+
+    if (!ss->ssl3.initialized) {
+        ssl_GetSSL3HandshakeLock(ss);
+        rv = ssl3_InitState(ss);
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        if (rv != SECSuccess) {
+            return rv; /* ssl3_InitState has set the error code. */
+        }
+    }
+
+    /* check for Token Presence */
+    if (!ssl3_ClientAuthTokenPresent(ss->sec.ci.sid)) {
+        PORT_SetError(SSL_ERROR_TOKEN_INSERTION_REMOVAL);
+        return SECFailure;
+    }
+
+    /* cText is NULL when we're called from ssl3_RestartHandshakeAfterXXX().
+     * This implies that databuf holds a previously deciphered SSL Handshake
+     * message.
+     */
+    if (cText == NULL) {
+        SSL_DBG(("%d: SSL3[%d]: HandleRecord, resuming handshake",
+                 SSL_GETPID(), ss->fd));
+        rType = content_handshake;
+        goto process_it;
+    }
+
+    ssl_GetSpecReadLock(ss); /******************************************/
+    crSpec = ss->ssl3.crSpec;
+    isTLS = (PRBool)(crSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    if (IS_DTLS(ss)) {
+        PRBool sameEpoch;
+        if (!dtls_IsRelevant(ss, cText, &sameEpoch, &seq_num)) {
+            ssl_ReleaseSpecReadLock(ss); /*****************************/
+            databuf->len = 0;            /* Needed to ensure data not left around */
+
+            /* Maybe retransmit if needed. */
+            return dtls_MaybeRetransmitHandshake(ss, cText, sameEpoch);
+        }
+    } else {
+        seq_num = crSpec->read_seq_num + 1;
+    }
+    if (seq_num >= crSpec->cipher_def->max_records) {
+        ssl_ReleaseSpecReadLock(ss); /*****************************/
+        SSL_TRC(3, ("%d: SSL[%d]: read sequence number at limit 0x%0llx",
+                    SSL_GETPID(), ss->fd, seq_num));
+        PORT_SetError(SSL_ERROR_TOO_MANY_RECORDS);
+        return SECFailure;
+    }
+
+    /* If we will be decompressing the buffer we need to decrypt somewhere
+     * other than into databuf */
+    if (crSpec->decompressor) {
+        temp_buf.buf = NULL;
+        temp_buf.space = 0;
+        plaintext = &temp_buf;
+    } else {
+        plaintext = databuf;
+    }
+
+    plaintext->len = 0; /* filled in by Unprotect call below. */
+    if (plaintext->space < MAX_FRAGMENT_LENGTH) {
+        rv = sslBuffer_Grow(plaintext, MAX_FRAGMENT_LENGTH + 2048);
+        if (rv != SECSuccess) {
+            ssl_ReleaseSpecReadLock(ss); /*************************/
+            SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
+                     SSL_GETPID(), ss->fd, MAX_FRAGMENT_LENGTH + 2048));
+            /* sslBuffer_Grow has set a memory error code. */
+            /* Perhaps we should send an alert. (but we have no memory!) */
+            return SECFailure;
+        }
+    }
+
+    /* We're waiting for another ClientHello, which will appear unencrypted.
+     * Use the content type to tell whether this is should be discarded.
+     *
+     * XXX If we decide to remove the content type from encrypted records, this
+     *     will become much more difficult to manage. */
+    if (ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_hrr &&
+        cText->type == content_application_data) {
+        ssl_ReleaseSpecReadLock(ss); /*****************************/
+        PORT_Assert(ss->ssl3.hs.ws == wait_client_hello);
+        databuf->len = 0;
+        return SECSuccess;
+    }
+
+#ifdef UNSAFE_FUZZER_MODE
+    rv = Null_Cipher(NULL, plaintext->buf, (int *)&plaintext->len,
+                     plaintext->space, cText->buf->buf, cText->buf->len);
+#else
+    /* IMPORTANT: Unprotect functions MUST NOT send alerts
+     * because we still hold the spec read lock. Instead, if they
+     * return SECFailure, they set *alert to the alert to be sent. */
+    if (crSpec->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
+        crSpec->cipher_def->calg == ssl_calg_null) {
+        /* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */
+        rv = ssl3_UnprotectRecord(ss, cText, plaintext, &alert);
+    } else {
+        rv = tls13_UnprotectRecord(ss, cText, plaintext, &alert);
+    }
+#endif
+
+    if (rv != SECSuccess) {
+        ssl_ReleaseSpecReadLock(ss); /***************************/
+
+        SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd));
+
+        if (IS_DTLS(ss) ||
+            (ss->sec.isServer &&
+             ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_trial)) {
+            /* Silently drop the packet */
+            databuf->len = 0; /* Needed to ensure data not left around */
+            return SECSuccess;
+        } else {
+            int errCode = PORT_GetError();
+            SSL3_SendAlert(ss, alert_fatal, alert);
+            /* Reset the error code in case SSL3_SendAlert called
+             * PORT_SetError(). */
+            PORT_SetError(errCode);
+            return SECFailure;
+        }
+    }
+
+    /* SECSuccess */
+    crSpec->read_seq_num = seq_num;
+    if (IS_DTLS(ss)) {
+        dtls_RecordSetRecvd(&crSpec->recvdRecords, seq_num);
+    }
+
+    ssl_ReleaseSpecReadLock(ss); /*****************************************/
+
+    /*
+     * The decrypted data is now in plaintext.
+     */
+    rType = cText->type; /* This must go after decryption because TLS 1.3
+                          * has encrypted content types. */
+
+    /* possibly decompress the record. If we aren't using compression then
+     * plaintext == databuf and so the uncompressed data is already in
+     * databuf. */
+    if (crSpec->decompressor) {
+        if (databuf->space < plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION) {
+            rv = sslBuffer_Grow(
+                databuf, plaintext->len + SSL3_COMPRESSION_MAX_EXPANSION);
+            if (rv != SECSuccess) {
+                SSL_DBG(("%d: SSL3[%d]: HandleRecord, tried to get %d bytes",
+                         SSL_GETPID(), ss->fd,
+                         plaintext->len +
+                             SSL3_COMPRESSION_MAX_EXPANSION));
+                /* sslBuffer_Grow has set a memory error code. */
+                /* Perhaps we should send an alert. (but we have no memory!) */
+                PORT_Free(plaintext->buf);
+                return SECFailure;
+            }
+        }
+
+        rv = crSpec->decompressor(crSpec->decompressContext,
+                                  databuf->buf,
+                                  (int *)&databuf->len,
+                                  databuf->space,
+                                  plaintext->buf,
+                                  plaintext->len);
+
+        if (rv != SECSuccess) {
+            int err = ssl_MapLowLevelError(SSL_ERROR_DECOMPRESSION_FAILURE);
+            SSL3_SendAlert(ss, alert_fatal,
+                           isTLS ? decompression_failure
+                                 : bad_record_mac);
+
+            /* There appears to be a bug with (at least) Apache + OpenSSL where
+             * resumed SSLv3 connections don't actually use compression. See
+             * comments 93-95 of
+             * https://bugzilla.mozilla.org/show_bug.cgi?id=275744
+             *
+             * So, if we get a decompression error, and the record appears to
+             * be already uncompressed, then we return a more specific error
+             * code to hopefully save somebody some debugging time in the
+             * future.
+             */
+            if (plaintext->len >= 4) {
+                unsigned int len = ((unsigned int)plaintext->buf[1] << 16) |
+                                   ((unsigned int)plaintext->buf[2] << 8) |
+                                   (unsigned int)plaintext->buf[3];
+                if (len == plaintext->len - 4) {
+                    /* This appears to be uncompressed already */
+                    err = SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD;
+                }
+            }
+
+            PORT_Free(plaintext->buf);
+            PORT_SetError(err);
+            return SECFailure;
+        }
+
+        PORT_Free(plaintext->buf);
+    }
+
+    /*
+    ** Having completed the decompression, check the length again.
+    */
+    if (isTLS && databuf->len > (MAX_FRAGMENT_LENGTH + 1024)) {
+        SSL3_SendAlert(ss, alert_fatal, record_overflow);
+        PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+        return SECFailure;
+    }
+
+    /* Application data records are processed by the caller of this
+    ** function, not by this function.
+    */
+    if (rType == content_application_data) {
+        if (ss->firstHsDone){
+			// TLS-N Extension
+            if(ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn)){
+                rv = tlsproof_addMessageToProof(ss, plaintext->buf, plaintext->len, PR_TRUE);
+                if(rv != SECSuccess){
+                    //TODO Add error message here
+                    return SECFailure;
+                }
+            }
+            return SECSuccess;
+		}
+        if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 &&
+            ss->sec.isServer &&
+            ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
+            return tls13_HandleEarlyApplicationData(ss, databuf);
+        }
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
+        return SECFailure;
+    }
+
+/* It's a record that must be handled by ssl itself, not the application.
+    */
+process_it:
+    /* XXX  Get the xmit lock here.  Odds are very high that we'll be xmiting
+     * data ang getting the xmit lock here prevents deadlocks.
+     */
+    ssl_GetSSL3HandshakeLock(ss);
+
+    /* All the functions called in this switch MUST set error code if
+    ** they return SECFailure or SECWouldBlock.
+    */
+    switch (rType) {
+        case content_change_cipher_spec:
+            rv = ssl3_HandleChangeCipherSpecs(ss, databuf);
+            break;
+        case content_alert:
+            rv = ssl3_HandleAlert(ss, databuf);
+            break;
+        case content_handshake:
+            if (!IS_DTLS(ss)) {
+                rv = ssl3_HandleHandshake(ss, databuf);
+            } else {
+                rv = dtls_HandleHandshake(ss, databuf);
+            }
+            break;
+		// TLS-N Extension
+		case content_tls_proof_message:
+			rv = tlsproof_HandleMessage(ss, databuf);
+			break;
+        /*
+        case content_application_data is handled before this switch
+        */
+        default:
+            SSL_DBG(("%d: SSL3[%d]: bogus content type=%d",
+                     SSL_GETPID(), ss->fd, cText->type));
+            PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE);
+            ssl3_DecodeError(ss);
+            rv = SECFailure;
+            break;
+    }
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    return rv;
+}
+
+/*
+ * Initialization functions
+ */
+
+void
+ssl_InitSecState(sslSecurityInfo *sec)
+{
+    sec->authType = ssl_auth_null;
+    sec->authKeyBits = 0;
+    sec->signatureScheme = ssl_sig_none;
+    sec->keaType = ssl_kea_null;
+    sec->keaKeyBits = 0;
+    sec->keaGroup = NULL;
+}
+
+/* Called from ssl3_InitState, immediately below. */
+/* Caller must hold the SpecWriteLock. */
+void
+ssl3_InitCipherSpec(ssl3CipherSpec *spec)
+{
+    spec->cipher_def = &bulk_cipher_defs[cipher_null];
+    PORT_Assert(spec->cipher_def->cipher == cipher_null);
+    spec->mac_def = &mac_defs[mac_null];
+    PORT_Assert(spec->mac_def->mac == mac_null);
+    spec->encode = Null_Cipher;
+    spec->decode = Null_Cipher;
+    spec->compressor = NULL;
+    spec->decompressor = NULL;
+    spec->destroyCompressContext = NULL;
+    spec->destroyDecompressContext = NULL;
+    spec->mac_size = 0;
+    spec->master_secret = NULL;
+
+    spec->msItem.data = NULL;
+    spec->msItem.len = 0;
+
+    spec->client.write_key = NULL;
+    spec->client.write_mac_key = NULL;
+    spec->client.write_mac_context = NULL;
+
+    spec->server.write_key = NULL;
+    spec->server.write_mac_key = NULL;
+    spec->server.write_mac_context = NULL;
+
+    spec->write_seq_num = 0;
+    spec->read_seq_num = 0;
+    spec->epoch = 0;
+
+    spec->refCt = 128; /* Arbitrarily high number to prevent
+                        * non-TLS 1.3 cipherSpecs from being
+                        * GCed. This will be overwritten with
+                        * a valid refCt for TLS 1.3. */
+    dtls_InitRecvdRecords(&spec->recvdRecords);
+}
+
+/* Called from: ssl3_SendRecord
+**      ssl3_SendClientHello()
+**      ssl3_HandleV2ClientHello()
+**      ssl3_HandleRecord()
+**
+** This function should perhaps acquire and release the SpecWriteLock.
+**
+**
+*/
+SECStatus
+ssl3_InitState(sslSocket *ss)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->ssl3.initialized)
+        return SECSuccess; /* Function should be idempotent */
+
+    ss->ssl3.policy = SSL_ALLOWED;
+
+    ssl_InitSecState(&ss->sec);
+
+    ssl_GetSpecWriteLock(ss);
+    ss->ssl3.crSpec = ss->ssl3.cwSpec = &ss->ssl3.specs[0];
+    ss->ssl3.prSpec = ss->ssl3.pwSpec = &ss->ssl3.specs[1];
+    ssl3_InitCipherSpec(ss->ssl3.crSpec);
+    ssl3_InitCipherSpec(ss->ssl3.prSpec);
+    ss->ssl3.crSpec->version = ss->ssl3.prSpec->version = ss->vrange.max;
+    ssl_ReleaseSpecWriteLock(ss);
+
+    ss->ssl3.hs.sendingSCSV = PR_FALSE;
+    ss->ssl3.hs.preliminaryInfo = 0;
+    ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
+
+    ssl3_ResetExtensionData(&ss->xtnData);
+    PR_INIT_CLIST(&ss->ssl3.hs.remoteExtensions);
+    if (IS_DTLS(ss)) {
+        ss->ssl3.hs.sendMessageSeq = 0;
+        ss->ssl3.hs.recvMessageSeq = 0;
+        ss->ssl3.hs.rtTimeoutMs = DTLS_RETRANSMIT_INITIAL_MS;
+        ss->ssl3.hs.rtRetries = 0;
+        ss->ssl3.hs.recvdHighWater = -1;
+        PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
+        dtls_SetMTU(ss, 0); /* Set the MTU to the highest plateau */
+    }
+
+    ss->ssl3.hs.currentSecret = NULL;
+    ss->ssl3.hs.resumptionMasterSecret = NULL;
+    ss->ssl3.hs.dheSecret = NULL;
+    ss->ssl3.hs.pskBinderKey = NULL;
+    ss->ssl3.hs.clientEarlyTrafficSecret = NULL;
+    ss->ssl3.hs.clientHsTrafficSecret = NULL;
+    ss->ssl3.hs.serverHsTrafficSecret = NULL;
+    ss->ssl3.hs.clientTrafficSecret = NULL;
+    ss->ssl3.hs.serverTrafficSecret = NULL;
+    ss->ssl3.hs.certificateRequest = NULL;
+    PR_INIT_CLIST(&ss->ssl3.hs.cipherSpecs);
+
+    PORT_Assert(!ss->ssl3.hs.messages.buf && !ss->ssl3.hs.messages.space);
+    ss->ssl3.hs.messages.buf = NULL;
+    ss->ssl3.hs.messages.space = 0;
+
+    ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
+    PORT_Memset(&ss->ssl3.hs.newSessionTicket, 0,
+                sizeof(ss->ssl3.hs.newSessionTicket));
+
+    ss->ssl3.hs.zeroRttState = ssl_0rtt_none;
+
+    ssl_FilterSupportedGroups(ss);
+
+    ss->ssl3.initialized = PR_TRUE;
+    return SECSuccess;
+}
+
+/* record the export policy for this cipher suite */
+SECStatus
+ssl3_SetPolicy(ssl3CipherSuite which, int policy)
+{
+    ssl3CipherSuiteCfg *suite;
+
+    suite = ssl_LookupCipherSuiteCfgMutable(which, cipherSuites);
+    if (suite == NULL) {
+        return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
+    }
+    suite->policy = policy;
+
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *oPolicy)
+{
+    const ssl3CipherSuiteCfg *suite;
+    PRInt32 policy;
+    SECStatus rv;
+
+    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
+    if (suite) {
+        policy = suite->policy;
+        rv = SECSuccess;
+    } else {
+        policy = SSL_NOT_ALLOWED;
+        rv = SECFailure; /* err code was set by Lookup. */
+    }
+    *oPolicy = policy;
+    return rv;
+}
+
+/* record the user preference for this suite */
+SECStatus
+ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool enabled)
+{
+    ssl3CipherSuiteCfg *suite;
+
+    suite = ssl_LookupCipherSuiteCfgMutable(which, cipherSuites);
+    if (suite == NULL) {
+        return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
+    }
+    suite->enabled = enabled;
+    return SECSuccess;
+}
+
+/* return the user preference for this suite */
+SECStatus
+ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *enabled)
+{
+    const ssl3CipherSuiteCfg *suite;
+    PRBool pref;
+    SECStatus rv;
+
+    suite = ssl_LookupCipherSuiteCfg(which, cipherSuites);
+    if (suite) {
+        pref = suite->enabled;
+        rv = SECSuccess;
+    } else {
+        pref = SSL_NOT_ALLOWED;
+        rv = SECFailure; /* err code was set by Lookup. */
+    }
+    *enabled = pref;
+    return rv;
+}
+
+SECStatus
+ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool enabled)
+{
+    ssl3CipherSuiteCfg *suite;
+
+    suite = ssl_LookupCipherSuiteCfgMutable(which, ss->cipherSuites);
+    if (suite == NULL) {
+        return SECFailure; /* err code was set by ssl_LookupCipherSuiteCfg */
+    }
+    suite->enabled = enabled;
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_CipherPrefGet(const sslSocket *ss, ssl3CipherSuite which, PRBool *enabled)
+{
+    const ssl3CipherSuiteCfg *suite;
+    PRBool pref;
+    SECStatus rv;
+
+    suite = ssl_LookupCipherSuiteCfg(which, ss->cipherSuites);
+    if (suite) {
+        pref = suite->enabled;
+        rv = SECSuccess;
+    } else {
+        pref = SSL_NOT_ALLOWED;
+        rv = SECFailure; /* err code was set by Lookup. */
+    }
+    *enabled = pref;
+    return rv;
+}
+
+SECStatus
+SSL_SignatureSchemePrefSet(PRFileDesc *fd, const SSLSignatureScheme *schemes,
+                           unsigned int count)
+{
+    sslSocket *ss;
+    unsigned int i;
+    unsigned int supported = 0;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignatureSchemePrefSet",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!count) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    for (i = 0; i < count; ++i) {
+        if (ssl_IsSupportedSignatureScheme(schemes[i])) {
+            ++supported;
+        }
+    }
+    /* We don't check for duplicates, so it's possible to get too many. */
+    if (supported > MAX_SIGNATURE_SCHEMES) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ss->ssl3.signatureSchemeCount = 0;
+    for (i = 0; i < count; ++i) {
+        if (!ssl_IsSupportedSignatureScheme(schemes[i])) {
+            SSL_DBG(("%d: SSL[%d]: invalid signature scheme %d ignored",
+                     SSL_GETPID(), fd, schemes[i]));
+            continue;
+        }
+
+        ss->ssl3.signatureSchemes[ss->ssl3.signatureSchemeCount++] = schemes[i];
+    }
+
+    if (ss->ssl3.signatureSchemeCount == 0) {
+        PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+SSL_SignaturePrefSet(PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms,
+                     unsigned int count)
+{
+    SSLSignatureScheme schemes[MAX_SIGNATURE_SCHEMES];
+    unsigned int i;
+
+    count = PR_MIN(PR_ARRAY_SIZE(schemes), count);
+    for (i = 0; i < count; ++i) {
+        schemes[i] = (algorithms[i].hashAlg << 8) | algorithms[i].sigAlg;
+    }
+    return SSL_SignatureSchemePrefSet(fd, schemes, count);
+}
+
+SECStatus
+SSL_SignatureSchemePrefGet(PRFileDesc *fd, SSLSignatureScheme *schemes,
+                           unsigned int *count, unsigned int maxCount)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignatureSchemePrefGet",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!schemes || !count ||
+        maxCount < ss->ssl3.signatureSchemeCount) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    PORT_Memcpy(schemes, ss->ssl3.signatureSchemes,
+                ss->ssl3.signatureSchemeCount * sizeof(SSLSignatureScheme));
+    *count = ss->ssl3.signatureSchemeCount;
+    return SECSuccess;
+}
+
+SECStatus
+SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms,
+                     unsigned int *count, unsigned int maxCount)
+{
+    sslSocket *ss;
+    unsigned int i;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefGet",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!algorithms || !count ||
+        maxCount < ss->ssl3.signatureSchemeCount) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    for (i = 0; i < ss->ssl3.signatureSchemeCount; ++i) {
+        algorithms[i].hashAlg = (ss->ssl3.signatureSchemes[i] >> 8) & 0xff;
+        algorithms[i].sigAlg = ss->ssl3.signatureSchemes[i] & 0xff;
+    }
+    *count = ss->ssl3.signatureSchemeCount;
+    return SECSuccess;
+}
+
+unsigned int
+SSL_SignatureMaxCount()
+{
+    return MAX_SIGNATURE_SCHEMES;
+}
+
+/* copy global default policy into socket. */
+void
+ssl3_InitSocketPolicy(sslSocket *ss)
+{
+    PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof(cipherSuites));
+    PORT_Memcpy(ss->ssl3.signatureSchemes, defaultSignatureSchemes,
+                sizeof(defaultSignatureSchemes));
+    ss->ssl3.signatureSchemeCount = PR_ARRAY_SIZE(defaultSignatureSchemes);
+}
+
+/*
+** If ssl3 socket has completed the first handshake, and is in idle state,
+** then start a new handshake.
+** If flushCache is true, the SID cache will be flushed first, forcing a
+** "Full" handshake (not a session restart handshake), to be done.
+**
+** called from SSL_RedoHandshake(), which already holds the handshake locks.
+*/
+SECStatus
+ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache)
+{
+    sslSessionID *sid = ss->sec.ci.sid;
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (!ss->firstHsDone ||
+        (ss->ssl3.initialized && (ss->ssl3.hs.ws != idle_handshake))) {
+        PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
+        return SECFailure;
+    }
+
+    if (IS_DTLS(ss)) {
+        dtls_RehandshakeCleanup(ss);
+    }
+
+    if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER ||
+        ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED);
+        return SECFailure;
+    }
+    if (sid && flushCache) {
+        ss->sec.uncache(sid); /* remove it from whichever cache it's in. */
+        ssl_FreeSID(sid);     /* dec ref count and free if zero. */
+        ss->sec.ci.sid = NULL;
+    }
+
+    ssl_GetXmitBufLock(ss); /**************************************/
+
+    /* start off a new handshake. */
+    if (ss->sec.isServer) {
+        rv = ssl3_SendHelloRequest(ss);
+    } else {
+        rv = ssl3_SendClientHello(ss, client_hello_renegotiation);
+    }
+
+    ssl_ReleaseXmitBufLock(ss); /**************************************/
+    return rv;
+}
+
+/* Called from ssl_DestroySocketContents() in sslsock.c */
+void
+ssl3_DestroySSL3Info(sslSocket *ss)
+{
+
+    if (ss->ssl3.clientCertificate != NULL)
+        CERT_DestroyCertificate(ss->ssl3.clientCertificate);
+
+    if (ss->ssl3.clientPrivateKey != NULL)
+        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+
+    if (ss->ssl3.peerCertArena != NULL)
+        ssl3_CleanupPeerCerts(ss);
+
+    if (ss->ssl3.clientCertChain != NULL) {
+        CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
+        ss->ssl3.clientCertChain = NULL;
+    }
+    if (ss->ssl3.ca_list) {
+        CERT_FreeDistNames(ss->ssl3.ca_list);
+    }
+
+    /* clean up handshake */
+    if (ss->ssl3.hs.md5) {
+        PK11_DestroyContext(ss->ssl3.hs.md5, PR_TRUE);
+    }
+    if (ss->ssl3.hs.sha) {
+        PK11_DestroyContext(ss->ssl3.hs.sha, PR_TRUE);
+    }
+    if (ss->ssl3.hs.messages.buf) {
+        sslBuffer_Clear(&ss->ssl3.hs.messages);
+    }
+
+    /* free the SSL3Buffer (msg_body) */
+    PORT_Free(ss->ssl3.hs.msg_body.buf);
+
+    SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE);
+    SECITEM_FreeItem(&ss->ssl3.hs.srvVirtName, PR_FALSE);
+
+    if (ss->ssl3.hs.certificateRequest) {
+        PORT_FreeArena(ss->ssl3.hs.certificateRequest->arena, PR_FALSE);
+        ss->ssl3.hs.certificateRequest = NULL;
+    }
+
+    /* free up the CipherSpecs */
+    ssl3_DestroyCipherSpec(&ss->ssl3.specs[0], PR_TRUE /*freeSrvName*/);
+    ssl3_DestroyCipherSpec(&ss->ssl3.specs[1], PR_TRUE /*freeSrvName*/);
+
+    /* Destroy the DTLS data */
+    if (IS_DTLS(ss)) {
+        dtls_FreeHandshakeMessages(&ss->ssl3.hs.lastMessageFlight);
+        if (ss->ssl3.hs.recvdFragments.buf) {
+            PORT_Free(ss->ssl3.hs.recvdFragments.buf);
+        }
+    }
+
+    /* Destroy remote extensions */
+    ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
+    ssl3_ResetExtensionData(&ss->xtnData);
+
+    /* Destroy TLS 1.3 cipher specs */
+    tls13_DestroyCipherSpecs(&ss->ssl3.hs.cipherSpecs);
+
+    /* Destroy TLS 1.3 keys */
+    if (ss->ssl3.hs.currentSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.currentSecret);
+    if (ss->ssl3.hs.resumptionMasterSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.resumptionMasterSecret);
+    if (ss->ssl3.hs.dheSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.dheSecret);
+    if (ss->ssl3.hs.pskBinderKey)
+        PK11_FreeSymKey(ss->ssl3.hs.pskBinderKey);
+    if (ss->ssl3.hs.clientEarlyTrafficSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.clientEarlyTrafficSecret);
+    if (ss->ssl3.hs.clientHsTrafficSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.clientHsTrafficSecret);
+    if (ss->ssl3.hs.serverHsTrafficSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.serverHsTrafficSecret);
+    if (ss->ssl3.hs.clientTrafficSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.clientTrafficSecret);
+    if (ss->ssl3.hs.serverTrafficSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.serverTrafficSecret);
+    if (ss->ssl3.hs.earlyExporterSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.earlyExporterSecret);
+    if (ss->ssl3.hs.exporterSecret)
+        PK11_FreeSymKey(ss->ssl3.hs.exporterSecret);
+
+    ss->ssl3.hs.zeroRttState = ssl_0rtt_none;
+    /* Destroy TLS 1.3 buffered early data. */
+    tls13_DestroyEarlyData(&ss->ssl3.hs.bufferedEarlyData);
+
+    ss->ssl3.initialized = PR_FALSE;
+}
+
+#define MAP_NULL(x) (((x) != 0) ? (x) : SEC_OID_NULL_CIPHER)
+
+SECStatus
+ssl3_ApplyNSSPolicy(void)
+{
+    unsigned i;
+    SECStatus rv;
+    PRUint32 policy = 0;
+
+    rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
+    if (rv != SECSuccess || !(policy & NSS_USE_POLICY_IN_SSL)) {
+        return SECSuccess; /* do nothing */
+    }
+
+    /* disable every ciphersuite */
+    for (i = 1; i < PR_ARRAY_SIZE(cipher_suite_defs); ++i) {
+        const ssl3CipherSuiteDef *suite = &cipher_suite_defs[i];
+        SECOidTag policyOid;
+
+        policyOid = MAP_NULL(kea_defs[suite->key_exchange_alg].oid);
+        rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
+        if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) {
+            ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
+            ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
+            continue;
+        }
+
+        policyOid = MAP_NULL(ssl_GetBulkCipherDef(suite)->oid);
+        rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
+        if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
+            ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
+            ssl_CipherPolicySet(suite->cipher_suite, SSL_NOT_ALLOWED);
+            continue;
+        }
+
+        if (ssl_GetBulkCipherDef(suite)->type != type_aead) {
+            policyOid = MAP_NULL(mac_defs[suite->mac_alg].oid);
+            rv = NSS_GetAlgorithmPolicy(policyOid, &policy);
+            if (rv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL)) {
+                ssl_CipherPrefSetDefault(suite->cipher_suite, PR_FALSE);
+                ssl_CipherPolicySet(suite->cipher_suite,
+                                    SSL_NOT_ALLOWED);
+                continue;
+            }
+        }
+    }
+
+    rv = ssl3_ConstrainRangeByPolicy();
+
+    return rv;
+}
+
+/* End of ssl3con.c */
diff --git a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
new file mode 100644
index 0000000..418629a
--- /dev/null
+++ b/nss/lib/ssl/ssl3ecc.c
@@ -0,0 +1,1005 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * SSL3 Protocol
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* ECC code moved here from ssl3con.c */
+
+#include "cert.h"
+#include "ssl.h"
+#include "cryptohi.h" /* for DSAU_ stuff */
+#include "keyhi.h"
+#include "secder.h"
+#include "secitem.h"
+
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "sslerr.h"
+#include "ssl3ext.h"
+#include "prtime.h"
+#include "prinrval.h"
+#include "prerror.h"
+#include "pratom.h"
+#include "prthread.h"
+#include "prinit.h"
+
+#include "pk11func.h"
+#include "secmod.h"
+
+#include <stdio.h>
+
+#ifndef PK11_SETATTRS
+#define PK11_SETATTRS(x, id, v, l) \
+    (x)->type = (id);              \
+    (x)->pValue = (v);             \
+    (x)->ulValueLen = (l);
+#endif
+
+SECStatus
+ssl_NamedGroup2ECParams(PLArenaPool *arena, const sslNamedGroupDef *ecGroup,
+                        SECKEYECParams *params)
+{
+    SECOidData *oidData = NULL;
+
+    if (!params) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!ecGroup || ecGroup->keaType != ssl_kea_ecdh ||
+        (oidData = SECOID_FindOIDByTag(ecGroup->oidTag)) == NULL) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+        return SECFailure;
+    }
+
+    if (SECITEM_AllocItem(arena, params, (2 + oidData->oid.len)) == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    /*
+     * params->data needs to contain the ASN encoding of an object ID (OID)
+     * representing the named curve. The actual OID is in
+     * oidData->oid.data so we simply prepend 0x06 and OID length
+     */
+    params->data[0] = SEC_ASN1_OBJECT_ID;
+    params->data[1] = oidData->oid.len;
+    memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
+
+    return SECSuccess;
+}
+
+const sslNamedGroupDef *
+ssl_ECPubKey2NamedGroup(const SECKEYPublicKey *pubKey)
+{
+    SECItem oid = { siBuffer, NULL, 0 };
+    SECOidData *oidData = NULL;
+    PRUint32 policyFlags = 0;
+    unsigned int i;
+    const SECKEYECParams *params;
+
+    if (pubKey->keyType != ecKey) {
+        PORT_Assert(0);
+        return NULL;
+    }
+
+    params = &pubKey->u.ec.DEREncodedParams;
+
+    /*
+     * params->data needs to contain the ASN encoding of an object ID (OID)
+     * representing a named curve. Here, we strip away everything
+     * before the actual OID and use the OID to look up a named curve.
+     */
+    if (params->data[0] != SEC_ASN1_OBJECT_ID)
+        return NULL;
+    oid.len = params->len - 2;
+    oid.data = params->data + 2;
+    if ((oidData = SECOID_FindOID(&oid)) == NULL)
+        return NULL;
+    if ((NSS_GetAlgorithmPolicy(oidData->offset, &policyFlags) ==
+         SECSuccess) &&
+        !(policyFlags & NSS_USE_ALG_IN_SSL_KX)) {
+        return NULL;
+    }
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        if (ssl_named_groups[i].oidTag == oidData->offset) {
+            return &ssl_named_groups[i];
+        }
+    }
+
+    return NULL;
+}
+
+/* Caller must set hiLevel error code. */
+static SECStatus
+ssl3_ComputeECDHKeyHash(SSLHashType hashAlg,
+                        SECItem ec_params, SECItem server_ecpoint,
+                        SSL3Random *client_rand, SSL3Random *server_rand,
+                        SSL3Hashes *hashes)
+{
+    PRUint8 *hashBuf;
+    PRUint8 *pBuf;
+    SECStatus rv = SECSuccess;
+    unsigned int bufLen;
+    /*
+     * We only support named curves (the appropriate checks are made before this
+     * method is called) so ec_params takes up only two bytes. ECPoint needs to
+     * fit in 256 bytes because the spec says the length must fit in one byte.
+     */
+    PRUint8 buf[2 * SSL3_RANDOM_LENGTH + 2 + 1 + 256];
+
+    bufLen = 2 * SSL3_RANDOM_LENGTH + ec_params.len + 1 + server_ecpoint.len;
+    if (bufLen <= sizeof buf) {
+        hashBuf = buf;
+    } else {
+        hashBuf = PORT_Alloc(bufLen);
+        if (!hashBuf) {
+            return SECFailure;
+        }
+    }
+
+    memcpy(hashBuf, client_rand, SSL3_RANDOM_LENGTH);
+    pBuf = hashBuf + SSL3_RANDOM_LENGTH;
+    memcpy(pBuf, server_rand, SSL3_RANDOM_LENGTH);
+    pBuf += SSL3_RANDOM_LENGTH;
+    memcpy(pBuf, ec_params.data, ec_params.len);
+    pBuf += ec_params.len;
+    pBuf[0] = (PRUint8)(server_ecpoint.len);
+    pBuf += 1;
+    memcpy(pBuf, server_ecpoint.data, server_ecpoint.len);
+    pBuf += server_ecpoint.len;
+    PORT_Assert((unsigned int)(pBuf - hashBuf) == bufLen);
+
+    rv = ssl3_ComputeCommonKeyHash(hashAlg, hashBuf, bufLen, hashes);
+
+    PRINT_BUF(95, (NULL, "ECDHkey hash: ", hashBuf, bufLen));
+    PRINT_BUF(95, (NULL, "ECDHkey hash: MD5 result",
+                   hashes->u.s.md5, MD5_LENGTH));
+    PRINT_BUF(95, (NULL, "ECDHkey hash: SHA1 result",
+                   hashes->u.s.sha, SHA1_LENGTH));
+
+    if (hashBuf != buf)
+        PORT_Free(hashBuf);
+    return rv;
+}
+
+/* Called from ssl3_SendClientKeyExchange(). */
+SECStatus
+ssl3_SendECDHClientKeyExchange(sslSocket *ss, SECKEYPublicKey *svrPubKey)
+{
+    PK11SymKey *pms = NULL;
+    SECStatus rv = SECFailure;
+    PRBool isTLS, isTLS12;
+    CK_MECHANISM_TYPE target;
+    const sslNamedGroupDef *groupDef;
+    sslEphemeralKeyPair *keyPair = NULL;
+    SECKEYPublicKey *pubKey;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
+    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+
+    /* Generate ephemeral EC keypair */
+    if (svrPubKey->keyType != ecKey) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        goto loser;
+    }
+    groupDef = ssl_ECPubKey2NamedGroup(svrPubKey);
+    if (!groupDef) {
+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        goto loser;
+    }
+    ss->sec.keaGroup = groupDef;
+    rv = ssl_CreateECDHEphemeralKeyPair(ss, groupDef, &keyPair);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        goto loser;
+    }
+
+    pubKey = keyPair->keys->pubKey;
+    PRINT_BUF(50, (ss, "ECDH public value:",
+                   pubKey->u.ec.publicValue.data,
+                   pubKey->u.ec.publicValue.len));
+
+    if (isTLS12) {
+        target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+    } else if (isTLS) {
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+    } else {
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+    }
+
+    /* Determine the PMS */
+    pms = PK11_PubDeriveWithKDF(keyPair->keys->privKey, svrPubKey,
+                                PR_FALSE, NULL, NULL, CKM_ECDH1_DERIVE, target,
+                                CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
+
+    if (pms == NULL) {
+        (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange,
+                                    pubKey->u.ec.publicValue.len + 1);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by ssl3_AppendHandshake* */
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.ec.publicValue.data,
+                                      pubKey->u.ec.publicValue.len, 1);
+
+    if (rv != SECSuccess) {
+        goto loser; /* err set by ssl3_AppendHandshake* */
+    }
+
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    PK11_FreeSymKey(pms);
+    ssl_FreeEphemeralKeyPair(keyPair);
+    return SECSuccess;
+
+loser:
+    if (pms)
+        PK11_FreeSymKey(pms);
+    if (keyPair)
+        ssl_FreeEphemeralKeyPair(keyPair);
+    return SECFailure;
+}
+
+/* This function returns the size of the key_exchange field in
+ * the KeyShareEntry structure, i.e.:
+ *     opaque point <1..2^8-1>; */
+unsigned int
+tls13_SizeOfECDHEKeyShareKEX(const SECKEYPublicKey *pubKey)
+{
+    PORT_Assert(pubKey->keyType == ecKey);
+    return pubKey->u.ec.publicValue.len;
+}
+
+/* This function encodes the key_exchange field in
+ * the KeyShareEntry structure. */
+SECStatus
+tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss, const SECKEYPublicKey *pubKey)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(pubKey->keyType == ecKey);
+
+    return ssl3_ExtAppendHandshake(ss, pubKey->u.ec.publicValue.data,
+                                   pubKey->u.ec.publicValue.len);
+}
+
+/*
+** Called from ssl3_HandleClientKeyExchange()
+*/
+SECStatus
+ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b,
+                                 PRUint32 length,
+                                 sslKeyPair *serverKeyPair)
+{
+    PK11SymKey *pms;
+    SECStatus rv;
+    SECKEYPublicKey clntPubKey;
+    CK_MECHANISM_TYPE target;
+    PRBool isTLS, isTLS12;
+    int errCode = SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    clntPubKey.keyType = ecKey;
+    clntPubKey.u.ec.DEREncodedParams.len =
+        serverKeyPair->pubKey->u.ec.DEREncodedParams.len;
+    clntPubKey.u.ec.DEREncodedParams.data =
+        serverKeyPair->pubKey->u.ec.DEREncodedParams.data;
+    clntPubKey.u.ec.encoding = ECPoint_Undefined;
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.ec.publicValue,
+                                       1, &b, &length);
+    if (rv != SECSuccess) {
+        PORT_SetError(errCode);
+        return SECFailure;
+    }
+
+    /* we have to catch the case when the client's public key has length 0. */
+    if (!clntPubKey.u.ec.publicValue.len) {
+        (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+        PORT_SetError(errCode);
+        return SECFailure;
+    }
+
+    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+    isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+
+    if (isTLS12) {
+        target = CKM_TLS12_MASTER_KEY_DERIVE_DH;
+    } else if (isTLS) {
+        target = CKM_TLS_MASTER_KEY_DERIVE_DH;
+    } else {
+        target = CKM_SSL3_MASTER_KEY_DERIVE_DH;
+    }
+
+    /*  Determine the PMS */
+    pms = PK11_PubDeriveWithKDF(serverKeyPair->privKey, &clntPubKey,
+                                PR_FALSE, NULL, NULL,
+                                CKM_ECDH1_DERIVE, target, CKA_DERIVE, 0,
+                                CKD_NULL, NULL, NULL);
+
+    if (pms == NULL) {
+        /* last gasp.  */
+        errCode = ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE);
+        PORT_SetError(errCode);
+        return SECFailure;
+    }
+
+    rv = ssl3_InitPendingCipherSpec(ss, pms);
+    PK11_FreeSymKey(pms);
+    if (rv != SECSuccess) {
+        /* error code set by ssl3_InitPendingCipherSpec */
+        return SECFailure;
+    }
+    ss->sec.keaGroup = ssl_ECPubKey2NamedGroup(&clntPubKey);
+    return SECSuccess;
+}
+
+/*
+** Take an encoded key share and make a public key out of it.
+*/
+SECStatus
+ssl_ImportECDHKeyShare(sslSocket *ss, SECKEYPublicKey *peerKey,
+                       SSL3Opaque *b, PRUint32 length,
+                       const sslNamedGroupDef *ecGroup)
+{
+    SECStatus rv;
+    SECItem ecPoint = { siBuffer, NULL, 0 };
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (!length) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE);
+        return SECFailure;
+    }
+
+    /* Fail if the ec point uses compressed representation */
+    if (b[0] != EC_POINT_FORM_UNCOMPRESSED &&
+        ecGroup->name != ssl_grp_ec_curve25519) {
+        PORT_SetError(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM);
+        return SECFailure;
+    }
+
+    peerKey->keyType = ecKey;
+    /* Set up the encoded params */
+    rv = ssl_NamedGroup2ECParams(peerKey->arena, ecGroup,
+                                 &peerKey->u.ec.DEREncodedParams);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE);
+        return SECFailure;
+    }
+    peerKey->u.ec.encoding = ECPoint_Undefined;
+
+    /* copy publicValue in peerKey */
+    ecPoint.data = b;
+    ecPoint.len = length;
+
+    rv = SECITEM_CopyItem(peerKey->arena, &peerKey->u.ec.publicValue, &ecPoint);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+const sslNamedGroupDef *
+ssl_GetECGroupWithStrength(sslSocket *ss, unsigned int requiredECCbits)
+{
+    int i;
+
+    PORT_Assert(ss);
+
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        const sslNamedGroupDef *group = ss->namedGroupPreferences[i];
+        if (group && group->keaType == ssl_kea_ecdh &&
+            group->bits >= requiredECCbits) {
+            return group;
+        }
+    }
+
+    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+    return NULL;
+}
+
+/* Find the "weakest link".  Get the strength of the signature and symmetric
+ * keys and choose a curve based on the weakest of those two. */
+const sslNamedGroupDef *
+ssl_GetECGroupForServerSocket(sslSocket *ss)
+{
+    const sslServerCert *cert = ss->sec.serverCert;
+    unsigned int certKeySize;
+    const ssl3BulkCipherDef *bulkCipher;
+    unsigned int requiredECCbits;
+
+    PORT_Assert(cert);
+    if (!cert || !cert->serverKeyPair || !cert->serverKeyPair->pubKey) {
+        PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+        return NULL;
+    }
+
+    if (SSL_CERT_IS(cert, ssl_auth_rsa_sign) ||
+        SSL_CERT_IS(cert, ssl_auth_rsa_pss)) {
+        certKeySize = SECKEY_PublicKeyStrengthInBits(cert->serverKeyPair->pubKey);
+        certKeySize = SSL_RSASTRENGTH_TO_ECSTRENGTH(certKeySize);
+    } else if (SSL_CERT_IS_EC(cert)) {
+        /* We won't select a certificate unless the named curve has been
+         * negotiated (or supported_curves was absent), double check that. */
+        PORT_Assert(cert->namedCurve->keaType == ssl_kea_ecdh);
+        PORT_Assert(ssl_NamedGroupEnabled(ss, cert->namedCurve));
+        if (!ssl_NamedGroupEnabled(ss, cert->namedCurve)) {
+            return NULL;
+        }
+        certKeySize = cert->namedCurve->bits;
+    } else {
+        PORT_Assert(0);
+        return NULL;
+    }
+    bulkCipher = ssl_GetBulkCipherDef(ss->ssl3.hs.suite_def);
+    requiredECCbits = bulkCipher->key_size * BPB * 2;
+    PORT_Assert(requiredECCbits ||
+                ss->ssl3.hs.suite_def->bulk_cipher_alg == cipher_null);
+    if (requiredECCbits > certKeySize) {
+        requiredECCbits = certKeySize;
+    }
+
+    return ssl_GetECGroupWithStrength(ss, requiredECCbits);
+}
+
+/* Create an ECDHE key pair for a given curve */
+SECStatus
+ssl_CreateECDHEphemeralKeyPair(const sslSocket *ss,
+                               const sslNamedGroupDef *ecGroup,
+                               sslEphemeralKeyPair **keyPair)
+{
+    SECKEYPrivateKey *privKey = NULL;
+    SECKEYPublicKey *pubKey = NULL;
+    SECKEYECParams ecParams = { siBuffer, NULL, 0 };
+    sslEphemeralKeyPair *pair;
+
+    if (ssl_NamedGroup2ECParams(NULL, ecGroup, &ecParams) != SECSuccess) {
+        return SECFailure;
+    }
+    privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, ss->pkcs11PinArg);
+    SECITEM_FreeItem(&ecParams, PR_FALSE);
+
+    if (!privKey || !pubKey ||
+        !(pair = ssl_NewEphemeralKeyPair(ecGroup, privKey, pubKey))) {
+        if (privKey) {
+            SECKEY_DestroyPrivateKey(privKey);
+        }
+        if (pubKey) {
+            SECKEY_DestroyPublicKey(pubKey);
+        }
+        ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
+        return SECFailure;
+    }
+
+    *keyPair = pair;
+    SSL_TRC(50, ("%d: SSL[%d]: Create ECDH ephemeral key %d",
+                 SSL_GETPID(), ss ? ss->fd : NULL, ecGroup->name));
+    PRINT_BUF(50, (ss, "Public Key", pubKey->u.ec.publicValue.data,
+                   pubKey->u.ec.publicValue.len));
+#ifdef TRACE
+    if (ssl_trace >= 50) {
+        SECItem d = { siBuffer, NULL, 0 };
+        SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey,
+                                             CKA_VALUE, &d);
+        if (rv == SECSuccess) {
+            PRINT_BUF(50, (ss, "Private Key", d.data, d.len));
+            SECITEM_FreeItem(&d, PR_FALSE);
+        } else {
+            SSL_TRC(50, ("Error extracting private key"));
+        }
+    }
+#endif
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    PLArenaPool *arena = NULL;
+    SECKEYPublicKey *peerKey = NULL;
+    PRBool isTLS;
+    SECStatus rv;
+    int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH;
+    SSL3AlertDescription desc = illegal_parameter;
+    SSL3Hashes hashes;
+    SECItem signature = { siBuffer, NULL, 0 };
+    SSLHashType hashAlg;
+    SSLSignatureScheme sigScheme;
+
+    SECItem ec_params = { siBuffer, NULL, 0 };
+    SECItem ec_point = { siBuffer, NULL, 0 };
+    unsigned char paramBuf[3];
+    const sslNamedGroupDef *ecGroup;
+
+    isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
+
+    ec_params.len = sizeof paramBuf;
+    ec_params.data = paramBuf;
+    rv = ssl3_ConsumeHandshake(ss, ec_params.data, ec_params.len, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+
+    /* Fail if the curve is not a named curve */
+    if (ec_params.data[0] != ec_type_named) {
+        errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+        desc = handshake_failure;
+        goto alert_loser;
+    }
+    ecGroup = ssl_LookupNamedGroup(ec_params.data[1] << 8 | ec_params.data[2]);
+    if (!ecGroup || ecGroup->keaType != ssl_kea_ecdh) {
+        errCode = SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+        desc = handshake_failure;
+        goto alert_loser;
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &ec_point, 1, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+
+    /* Fail if the provided point has length 0. */
+    if (!ec_point.len) {
+        /* desc and errCode are initialized already */
+        goto alert_loser;
+    }
+
+    /* Fail if the ec point is not uncompressed for any curve that's not 25519. */
+    if (ecGroup->name != ssl_grp_ec_curve25519 &&
+        ec_point.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
+        errCode = SEC_ERROR_UNSUPPORTED_EC_POINT_FORM;
+        desc = handshake_failure;
+        goto alert_loser;
+    }
+
+    PORT_Assert(ss->ssl3.prSpec->version <= SSL_LIBRARY_VERSION_TLS_1_2);
+    if (ss->ssl3.prSpec->version == SSL_LIBRARY_VERSION_TLS_1_2) {
+        rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
+        if (rv != SECSuccess) {
+            goto loser; /* malformed or unsupported. */
+        }
+        rv = ssl_CheckSignatureSchemeConsistency(ss, sigScheme,
+                                                 ss->sec.peerCert);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
+    } else {
+        /* Use ssl_hash_none to represent the MD5+SHA1 combo. */
+        hashAlg = ssl_hash_none;
+        sigScheme = ssl_sig_none;
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* malformed. */
+    }
+
+    if (length != 0) {
+        if (isTLS)
+            desc = decode_error;
+        goto alert_loser; /* malformed. */
+    }
+
+    PRINT_BUF(60, (NULL, "Server EC params", ec_params.data, ec_params.len));
+    PRINT_BUF(60, (NULL, "Server EC point", ec_point.data, ec_point.len));
+
+    /* failures after this point are not malformed handshakes. */
+    /* TLS: send decrypt_error if signature failed. */
+    desc = isTLS ? decrypt_error : handshake_failure;
+
+    /*
+     *  check to make sure the hash is signed by right guy
+     */
+    rv = ssl3_ComputeECDHKeyHash(hashAlg, ec_params, ec_point,
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
+                                 &hashes);
+
+    if (rv != SECSuccess) {
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
+    }
+    rv = ssl3_VerifySignedHashes(ss, sigScheme, &hashes, &signature);
+    if (rv != SECSuccess) {
+        errCode =
+            ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto alert_loser;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        errCode = SEC_ERROR_NO_MEMORY;
+        goto loser;
+    }
+
+    peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
+    if (peerKey == NULL) {
+        errCode = SEC_ERROR_NO_MEMORY;
+        goto loser;
+    }
+    peerKey->arena = arena;
+
+    /* create public key from point data */
+    rv = ssl_ImportECDHKeyShare(ss, peerKey, ec_point.data, ec_point.len,
+                                ecGroup);
+    if (rv != SECSuccess) {
+        /* error code is set */
+        desc = handshake_failure;
+        errCode = PORT_GetError();
+        goto alert_loser;
+    }
+    peerKey->pkcs11Slot = NULL;
+    peerKey->pkcs11ID = CK_INVALID_HANDLE;
+
+    ss->sec.peerKey = peerKey;
+    return SECSuccess;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+loser:
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
+    }
+    PORT_SetError(errCode);
+    return SECFailure;
+}
+
+SECStatus
+ssl3_SendECDHServerKeyExchange(sslSocket *ss)
+{
+    SECStatus rv = SECFailure;
+    int length;
+    PRBool isTLS12;
+    SECItem signed_hash = { siBuffer, NULL, 0 };
+    SSLHashType hashAlg;
+    SSL3Hashes hashes;
+
+    SECItem ec_params = { siBuffer, NULL, 0 };
+    unsigned char paramBuf[3];
+    const sslNamedGroupDef *ecGroup;
+    sslEphemeralKeyPair *keyPair;
+    SECKEYPublicKey *pubKey;
+
+    /* Generate ephemeral ECDH key pair and send the public key */
+    ecGroup = ssl_GetECGroupForServerSocket(ss);
+    if (!ecGroup) {
+        goto loser;
+    }
+
+    PORT_Assert(PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
+    if (ss->opt.reuseServerECDHEKey) {
+        rv = ssl_CreateStaticECDHEKey(ss, ecGroup);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        keyPair = (sslEphemeralKeyPair *)PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+    } else {
+        rv = ssl_CreateECDHEphemeralKeyPair(ss, ecGroup, &keyPair);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        PR_APPEND_LINK(&keyPair->link, &ss->ephemeralKeyPairs);
+    }
+
+    PORT_Assert(keyPair);
+    if (!keyPair) {
+        PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        return SECFailure;
+    }
+
+    ec_params.len = sizeof(paramBuf);
+    ec_params.data = paramBuf;
+    PORT_Assert(keyPair->group);
+    PORT_Assert(keyPair->group->keaType == ssl_kea_ecdh);
+    ec_params.data[0] = ec_type_named;
+    ec_params.data[1] = keyPair->group->name >> 8;
+    ec_params.data[2] = keyPair->group->name & 0xff;
+
+    pubKey = keyPair->keys->pubKey;
+    if (ss->ssl3.pwSpec->version == SSL_LIBRARY_VERSION_TLS_1_2) {
+        hashAlg = ssl_SignatureSchemeToHashType(ss->ssl3.hs.signatureScheme);
+    } else {
+        /* Use ssl_hash_none to represent the MD5+SHA1 combo. */
+        hashAlg = ssl_hash_none;
+    }
+    rv = ssl3_ComputeECDHKeyHash(hashAlg, ec_params,
+                                 pubKey->u.ec.publicValue,
+                                 &ss->ssl3.hs.client_random,
+                                 &ss->ssl3.hs.server_random,
+                                 &hashes);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+
+    isTLS12 = (PRBool)(ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2);
+
+    rv = ssl3_SignHashes(ss, &hashes,
+                         ss->sec.serverCert->serverKeyPair->privKey, &signed_hash);
+    if (rv != SECSuccess) {
+        goto loser; /* ssl3_SignHashes has set err. */
+    }
+
+    length = ec_params.len +
+             1 + pubKey->u.ec.publicValue.len +
+             (isTLS12 ? 2 : 0) + 2 + signed_hash.len;
+
+    rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    rv = ssl3_AppendHandshake(ss, ec_params.data, ec_params.len);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.ec.publicValue.data,
+                                      pubKey->u.ec.publicValue.len, 1);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    if (isTLS12) {
+        rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.signatureScheme, 2);
+        if (rv != SECSuccess) {
+            goto loser; /* err set by AppendHandshake. */
+        }
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data,
+                                      signed_hash.len, 2);
+    if (rv != SECSuccess) {
+        goto loser; /* err set by AppendHandshake. */
+    }
+
+    PORT_Free(signed_hash.data);
+    return SECSuccess;
+
+loser:
+    if (signed_hash.data != NULL)
+        PORT_Free(signed_hash.data);
+    return SECFailure;
+}
+
+/* List of all ECC cipher suites */
+static const ssl3CipherSuite ssl_all_ec_suites[] = {
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    TLS_ECDHE_RSA_WITH_NULL_SHA,
+    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_NULL_SHA,
+    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDH_RSA_WITH_NULL_SHA,
+    TLS_ECDH_RSA_WITH_RC4_128_SHA,
+    0 /* end of list marker */
+};
+
+static const ssl3CipherSuite ssl_dhe_suites[] = {
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_RC4_128_SHA,
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,
+    0
+};
+
+/* Order(N^2).  Yuk. */
+static PRBool
+ssl_IsSuiteEnabled(const sslSocket *ss, const ssl3CipherSuite *list)
+{
+    const ssl3CipherSuite *suite;
+
+    for (suite = list; *suite; ++suite) {
+        PRBool enabled = PR_FALSE;
+        SECStatus rv = ssl3_CipherPrefGet(ss, *suite, &enabled);
+
+        PORT_Assert(rv == SECSuccess); /* else is coding error */
+        if (rv == SECSuccess && enabled)
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+/* Ask: is ANY ECC cipher suite enabled on this socket? */
+PRBool
+ssl_IsECCEnabled(const sslSocket *ss)
+{
+    PK11SlotInfo *slot;
+
+    /* make sure we can do ECC */
+    slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE, ss->pkcs11PinArg);
+    if (!slot) {
+        return PR_FALSE;
+    }
+    PK11_FreeSlot(slot);
+
+    /* make sure an ECC cipher is enabled */
+    return ssl_IsSuiteEnabled(ss, ssl_all_ec_suites);
+}
+
+PRBool
+ssl_IsDHEEnabled(const sslSocket *ss)
+{
+    return ssl_IsSuiteEnabled(ss, ssl_dhe_suites);
+}
+
+/* Send our Supported Groups extension. */
+PRInt32
+ssl_SendSupportedGroupsXtn(const sslSocket *ss,
+                           TLSExtensionData *xtnData,
+                           PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    unsigned char enabledGroups[64];
+    unsigned int enabledGroupsLen = 0;
+    unsigned int i;
+    PRBool ec;
+    PRBool ff = PR_FALSE;
+
+    if (!ss)
+        return 0;
+
+    /* We only send FF supported groups if we require DH named groups
+     * or if TLS 1.3 is a possibility. */
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+        ec = ssl_IsECCEnabled(ss);
+        if (ss->opt.requireDHENamedGroups) {
+            ff = ssl_IsDHEEnabled(ss);
+        }
+        if (!ec && !ff)
+            return 0;
+    } else {
+        ec = ff = PR_TRUE;
+    }
+
+    PORT_Assert(sizeof(enabledGroups) > SSL_NAMED_GROUP_COUNT * 2);
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        const sslNamedGroupDef *group = ss->namedGroupPreferences[i];
+        if (!group) {
+            continue;
+        }
+        if (group->keaType == ssl_kea_ecdh && !ec) {
+            continue;
+        }
+        if (group->keaType == ssl_kea_dh && !ff) {
+            continue;
+        }
+
+        if (append) {
+            (void)ssl_EncodeUintX(group->name, 2, &enabledGroups[enabledGroupsLen]);
+        }
+        enabledGroupsLen += 2;
+    }
+
+    if (enabledGroupsLen == 0) {
+        return 0;
+    }
+
+    extension_length =
+        2 /* extension type */ +
+        2 /* extension length */ +
+        2 /* enabled groups length */ +
+        enabledGroupsLen;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_supported_groups_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeVariable(ss, enabledGroups,
+                                             enabledGroupsLen, 2);
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_supported_groups_xtn;
+        }
+    }
+    return extension_length;
+}
+
+/* Send our "canned" (precompiled) Supported Point Formats extension,
+ * which says that we only support uncompressed points.
+ */
+PRInt32
+ssl3_SendSupportedPointFormatsXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
+{
+    static const PRUint8 ecPtFmt[6] = {
+        0, 11, /* Extension type */
+        0, 2,  /* octets that follow */
+        1,     /* octets that follow */
+        0      /* uncompressed type only */
+    };
+
+    /* No point in doing this unless we have a socket that supports ECC.
+     * Similarly, no point if we are going to do TLS 1.3 only or we have already
+     * picked TLS 1.3 (server) given that it doesn't use point formats. */
+    if (!ss || !ssl_IsECCEnabled(ss) ||
+        ss->vrange.min >= SSL_LIBRARY_VERSION_TLS_1_3 ||
+        (ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3))
+        return 0;
+    if (append && maxBytes >= (sizeof ecPtFmt)) {
+        SECStatus rv = ssl3_ExtAppendHandshake(ss, ecPtFmt, (sizeof ecPtFmt));
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_ec_point_formats_xtn;
+        }
+    }
+    return sizeof(ecPtFmt);
+}
diff --git a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
new file mode 100644
index 0000000..e1bc0f9
--- /dev/null
+++ b/nss/lib/ssl/ssl3ext.c
@@ -0,0 +1,533 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * SSL3 Protocol
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* TLS extension code moved here from ssl3ecc.c */
+
+#include "nssrenam.h"
+#include "nss.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "ssl3exthandle.h"
+#include "tls13exthandle.h"
+
+/* Table of handlers for received TLS hello extensions, one per extension.
+ * In the second generation, this table will be dynamic, and functions
+ * will be registered here.
+ */
+/* This table is used by the server, to handle client hello extensions. */
+static const ssl3ExtensionHandler clientHelloHandlers[] = {
+    { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
+    { ssl_supported_groups_xtn, &ssl_HandleSupportedGroupsXtn },
+    { ssl_ec_point_formats_xtn, &ssl3_HandleSupportedPointFormatsXtn },
+    { ssl_session_ticket_xtn, &ssl3_ServerHandleSessionTicketXtn },
+    { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
+    { ssl_next_proto_nego_xtn, &ssl3_ServerHandleNextProtoNegoXtn },
+    { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
+    { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn },
+    { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
+    { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn },
+    { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
+    { ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },
+    { ssl_tls13_key_share_xtn, &tls13_ServerHandleKeyShareXtn },
+    { ssl_tls13_pre_shared_key_xtn, &tls13_ServerHandlePreSharedKeyXtn },
+    { ssl_tls13_early_data_xtn, &tls13_ServerHandleEarlyDataXtn },
+    { ssl_tls13_psk_key_exchange_modes_xtn,
+      &tls13_ServerHandlePskKeyExchangeModesXtn },
+    { ssl_tls13_short_header_xtn, &tls13_HandleShortHeaderXtn },
+	{ ssl_tls13_tls_proof_xtn, &tls13_ServerHandleTLSProofXtn }, // TLS-N Extension
+    { -1, NULL }
+};
+
+/* These two tables are used by the client, to handle server hello
+ * extensions. */
+static const ssl3ExtensionHandler serverHelloHandlersTLS[] = {
+    { ssl_server_name_xtn, &ssl3_HandleServerNameXtn },
+    /* TODO: add a handler for ssl_ec_point_formats_xtn */
+    { ssl_session_ticket_xtn, &ssl3_ClientHandleSessionTicketXtn },
+    { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
+    { ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
+    { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn },
+    { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn },
+    { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
+    { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
+    { ssl_signed_cert_timestamp_xtn, &ssl3_ClientHandleSignedCertTimestampXtn },
+    { ssl_tls13_key_share_xtn, &tls13_ClientHandleKeyShareXtn },
+    { ssl_tls13_pre_shared_key_xtn, &tls13_ClientHandlePreSharedKeyXtn },
+    { ssl_tls13_early_data_xtn, &tls13_ClientHandleEarlyDataXtn },
+    { ssl_tls13_short_header_xtn, &tls13_HandleShortHeaderXtn },
+    { ssl_tls13_tls_proof_xtn, &tls13_ClientHandleTLSProofXtn }, // TLS-N Extension
+    { -1, NULL }
+};
+
+static const ssl3ExtensionHandler helloRetryRequestHandlers[] = {
+    { ssl_tls13_key_share_xtn, tls13_ClientHandleKeyShareXtnHrr },
+    { ssl_tls13_cookie_xtn, tls13_ClientHandleHrrCookie },
+    { -1, NULL }
+};
+
+static const ssl3ExtensionHandler serverHelloHandlersSSL3[] = {
+    { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
+    { -1, NULL }
+};
+
+static const ssl3ExtensionHandler newSessionTicketHandlers[] = {
+    { ssl_tls13_ticket_early_data_info_xtn,
+      &tls13_ClientHandleTicketEarlyDataInfoXtn },
+    { -1, NULL }
+};
+
+/* This table is used by the client to handle server certificates in TLS 1.3 */
+static const ssl3ExtensionHandler serverCertificateHandlers[] = {
+    { ssl_signed_cert_timestamp_xtn, &ssl3_ClientHandleSignedCertTimestampXtn },
+    { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
+    { -1, NULL }
+};
+
+/* Tables of functions to format TLS hello extensions, one function per
+ * extension.
+ * These static tables are for the formatting of client hello extensions.
+ * The server's table of hello senders is dynamic, in the socket struct,
+ * and sender functions are registered there.
+ * NB: the order of these extensions can have an impact on compatibility. Some
+ * servers (e.g. Tomcat) will terminate the connection if the last extension in
+ * the client hello is empty (for example, the extended master secret
+ * extension, if it were listed last). See bug 1243641.
+ */
+static const ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] =
+    {
+      { ssl_server_name_xtn, &ssl3_SendServerNameXtn },
+      { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn },
+      { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn },
+      { ssl_supported_groups_xtn, &ssl_SendSupportedGroupsXtn },
+      { ssl_ec_point_formats_xtn, &ssl3_SendSupportedPointFormatsXtn },
+      { ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
+      { ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
+      { ssl_app_layer_protocol_xtn, &ssl3_ClientSendAppProtoXtn },
+      { ssl_use_srtp_xtn, &ssl3_ClientSendUseSRTPXtn },
+      { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn },
+      { ssl_signed_cert_timestamp_xtn, &ssl3_ClientSendSignedCertTimestampXtn },
+      { ssl_tls13_key_share_xtn, &tls13_ClientSendKeyShareXtn },
+      { ssl_tls13_early_data_xtn, &tls13_ClientSendEarlyDataXtn },
+      /* Some servers (e.g. WebSphere Application Server 7.0 and Tomcat) will
+       * time out or terminate the connection if the last extension in the
+       * client hello is empty. They are not intolerant of TLS 1.2, so list
+       * signature_algorithms at the end. See bug 1243641. */
+      { ssl_tls13_supported_versions_xtn, &tls13_ClientSendSupportedVersionsXtn },
+      { ssl_tls13_short_header_xtn, &tls13_SendShortHeaderXtn },
+      { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn },
+      { ssl_tls13_cookie_xtn, &tls13_ClientSendHrrCookieXtn },
+      { ssl_tls13_psk_key_exchange_modes_xtn,
+        &tls13_ClientSendPskKeyExchangeModesXtn },
+      /* The pre_shared_key extension MUST be last. */
+      { ssl_tls13_pre_shared_key_xtn, &tls13_ClientSendPreSharedKeyXtn },
+      { ssl_tls13_tls_proof_xtn, &tls13_ClientSendTLSProofXtn} //TLS-N extension
+      /* any extra entries will appear as { 0, NULL }    */
+    };
+
+static const ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
+    { ssl_renegotiation_info_xtn, &ssl3_SendRenegotiationInfoXtn }
+    /* any extra entries will appear as { 0, NULL }    */
+};
+
+static PRBool
+arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
+{
+    unsigned int i;
+    for (i = 0; i < len; i++) {
+        if (ex_type == array[i])
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+PRBool
+ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type)
+{
+    const TLSExtensionData *xtnData = &ss->xtnData;
+    return arrayContainsExtension(xtnData->negotiated,
+                                  xtnData->numNegotiated, ex_type);
+}
+
+PRBool
+ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type)
+{
+    const TLSExtensionData *xtnData = &ss->xtnData;
+    return arrayContainsExtension(xtnData->advertised,
+                                  xtnData->numAdvertised, ex_type);
+}
+
+/* Go through hello extensions in |b| and deserialize
+ * them into the list in |ss->ssl3.hs.remoteExtensions|.
+ * The only checking we do in this point is for duplicates.
+ *
+ * IMPORTANT: This list just contains pointers to the incoming
+ * buffer so they can only be used during ClientHello processing.
+ */
+SECStatus
+ssl3_ParseExtensions(sslSocket *ss, SSL3Opaque **b, PRUint32 *length)
+{
+    /* Clean out the extensions list. */
+    ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
+
+    while (*length) {
+        SECStatus rv;
+        PRUint32 extension_type;
+        SECItem extension_data = { siBuffer, NULL, 0 };
+        TLSExtension *extension;
+        PRCList *cursor;
+
+        /* Get the extension's type field */
+        rv = ssl3_ConsumeHandshakeNumber(ss, &extension_type, 2, b, length);
+        if (rv != SECSuccess) {
+            return SECFailure; /* alert already sent */
+        }
+
+        SSL_TRC(10, ("%d: SSL3[%d]: parsing extension %d",
+                     SSL_GETPID(), ss->fd, extension_type));
+        /* Check whether an extension has been sent multiple times. */
+        for (cursor = PR_NEXT_LINK(&ss->ssl3.hs.remoteExtensions);
+             cursor != &ss->ssl3.hs.remoteExtensions;
+             cursor = PR_NEXT_LINK(cursor)) {
+            if (((TLSExtension *)cursor)->type == extension_type) {
+                (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+                PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
+                return SECFailure;
+            }
+        }
+
+        /* Get the data for this extension, so we can pass it or skip it. */
+        rv = ssl3_ConsumeHandshakeVariable(ss, &extension_data, 2, b, length);
+        if (rv != SECSuccess) {
+            return rv; /* alert already sent */
+        }
+
+        extension = PORT_ZNew(TLSExtension);
+        if (!extension) {
+            return SECFailure;
+        }
+
+        extension->type = (PRUint16)extension_type;
+        extension->data = extension_data;
+        PR_APPEND_LINK(&extension->link, &ss->ssl3.hs.remoteExtensions);
+    }
+
+    return SECSuccess;
+}
+
+TLSExtension *
+ssl3_FindExtension(sslSocket *ss, SSLExtensionType extension_type)
+{
+    PRCList *cursor;
+
+    for (cursor = PR_NEXT_LINK(&ss->ssl3.hs.remoteExtensions);
+         cursor != &ss->ssl3.hs.remoteExtensions;
+         cursor = PR_NEXT_LINK(cursor)) {
+        TLSExtension *extension = (TLSExtension *)cursor;
+
+        if (extension->type == extension_type) {
+            return extension;
+        }
+    }
+
+    return NULL;
+}
+
+/* Go through the hello extensions in |ss->ssl3.hs.remoteExtensions|.
+ * For each one, find the extension handler in the table, and
+ * if present, invoke that handler.
+ * Servers ignore any extensions with unknown extension types.
+ * Clients reject any extensions with unadvertised extension types
+ *
+ * In TLS >= 1.3, the client checks that extensions appear in the
+ * right phase.
+ */
+SECStatus
+ssl3_HandleParsedExtensions(sslSocket *ss,
+                            SSL3HandshakeType handshakeMessage)
+{
+    const ssl3ExtensionHandler *handlers;
+    PRBool isTLS13 = ss->version >= SSL_LIBRARY_VERSION_TLS_1_3;
+    PRCList *cursor;
+
+    switch (handshakeMessage) {
+        case client_hello:
+            handlers = clientHelloHandlers;
+            break;
+        case new_session_ticket:
+            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+            handlers = newSessionTicketHandlers;
+            break;
+        case hello_retry_request:
+            handlers = helloRetryRequestHandlers;
+            break;
+        case encrypted_extensions:
+            PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+        /* fall through */
+        case server_hello:
+            if (ss->version > SSL_LIBRARY_VERSION_3_0) {
+                handlers = serverHelloHandlersTLS;
+            } else {
+                handlers = serverHelloHandlersSSL3;
+            }
+            break;
+        case certificate:
+            PORT_Assert(!ss->sec.isServer);
+            handlers = serverCertificateHandlers;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            PORT_Assert(0);
+            return SECFailure;
+    }
+
+    for (cursor = PR_NEXT_LINK(&ss->ssl3.hs.remoteExtensions);
+         cursor != &ss->ssl3.hs.remoteExtensions;
+         cursor = PR_NEXT_LINK(cursor)) {
+        TLSExtension *extension = (TLSExtension *)cursor;
+        const ssl3ExtensionHandler *handler;
+
+        /* Check whether the server sent an extension which was not advertised
+         * in the ClientHello */
+        if (!ss->sec.isServer &&
+            !ssl3_ClientExtensionAdvertised(ss, extension->type) &&
+            (handshakeMessage != new_session_ticket) &&
+            (extension->type != ssl_tls13_cookie_xtn)) {
+            (void)SSL3_SendAlert(ss, alert_fatal, unsupported_extension);
+            PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
+            return SECFailure;
+        }
+
+        /* Check that this is a legal extension in TLS 1.3 */
+        if (isTLS13 && !tls13_ExtensionAllowed(extension->type, handshakeMessage)) {
+            if (handshakeMessage == client_hello) {
+                /* Skip extensions not used in TLS 1.3 */
+                continue;
+            }
+            tls13_FatalError(ss, SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION,
+                             unsupported_extension);
+            return SECFailure;
+        }
+
+        /* Special check for this being the last extension if it's
+         * PreSharedKey */
+        if (ss->sec.isServer && isTLS13 &&
+            (extension->type == ssl_tls13_pre_shared_key_xtn) &&
+            (PR_NEXT_LINK(cursor) != &ss->ssl3.hs.remoteExtensions)) {
+            tls13_FatalError(ss,
+                             SSL_ERROR_RX_MALFORMED_CLIENT_HELLO,
+                             illegal_parameter);
+            return SECFailure;
+        }
+
+        /* find extension_type in table of Hello Extension Handlers */
+        for (handler = handlers; handler->ex_type >= 0; handler++) {
+            /* if found, call this handler */
+            if (handler->ex_type == extension->type) {
+                SECStatus rv;
+
+                rv = (*handler->ex_handler)(ss, &ss->xtnData,
+                                            (PRUint16)extension->type,
+                                            &extension->data);
+                if (rv != SECSuccess) {
+                    if (!ss->ssl3.fatalAlertSent) {
+                        /* send a generic alert if the handler didn't already */
+                        (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);
+                    }
+                    return SECFailure;
+                }
+            }
+        }
+    }
+    return SECSuccess;
+}
+
+/* Syntactic sugar around ssl3_ParseExtensions and
+ * ssl3_HandleParsedExtensions. */
+SECStatus
+ssl3_HandleExtensions(sslSocket *ss,
+                      SSL3Opaque **b, PRUint32 *length,
+                      SSL3HandshakeType handshakeMessage)
+{
+    SECStatus rv;
+
+    rv = ssl3_ParseExtensions(ss, b, length);
+    if (rv != SECSuccess)
+        return rv;
+
+    rv = ssl3_HandleParsedExtensions(ss, handshakeMessage);
+    if (rv != SECSuccess)
+        return rv;
+
+    ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
+    return SECSuccess;
+}
+
+/* Add a callback function to the table of senders of server hello extensions.
+ */
+SECStatus
+ssl3_RegisterExtensionSender(const sslSocket *ss,
+                             TLSExtensionData *xtnData,
+                             PRUint16 ex_type,
+                             ssl3HelloExtensionSenderFunc cb)
+{
+    int i;
+    ssl3HelloExtensionSender *sender;
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        sender = &xtnData->serverHelloSenders[0];
+    } else {
+        if (tls13_ExtensionAllowed(ex_type, server_hello)) {
+            PORT_Assert(!tls13_ExtensionAllowed(ex_type, encrypted_extensions));
+            sender = &xtnData->serverHelloSenders[0];
+        } else if (tls13_ExtensionAllowed(ex_type, certificate)) {
+            sender = &xtnData->certificateSenders[0];
+        } else {
+            PORT_Assert(tls13_ExtensionAllowed(ex_type, encrypted_extensions));
+            sender = &xtnData->encryptedExtensionsSenders[0];
+        }
+    }
+    for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
+        if (!sender->ex_sender) {
+            sender->ex_type = ex_type;
+            sender->ex_sender = cb;
+            return SECSuccess;
+        }
+        /* detect duplicate senders */
+        PORT_Assert(sender->ex_type != ex_type);
+        if (sender->ex_type == ex_type) {
+            /* duplicate */
+            break;
+        }
+    }
+    PORT_Assert(i < SSL_MAX_EXTENSIONS); /* table needs to grow */
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+}
+
+/* call each of the extension senders and return the accumulated length */
+PRInt32
+ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
+                               const ssl3HelloExtensionSender *sender)
+{
+    PRInt32 total_exten_len = 0;
+    int i;
+
+    if (!sender) {
+        if (ss->vrange.max > SSL_LIBRARY_VERSION_3_0) {
+            sender = &clientHelloSendersTLS[0];
+        } else {
+            sender = &clientHelloSendersSSL3[0];
+        }
+    }
+
+    for (i = 0; i < SSL_MAX_EXTENSIONS; ++i, ++sender) {
+        if (sender->ex_sender) {
+            PRInt32 extLen = (*sender->ex_sender)(ss, &ss->xtnData, append, maxBytes);
+            if (extLen < 0)
+                return -1;
+            maxBytes -= extLen;
+            total_exten_len += extLen;
+        }
+    }
+    return total_exten_len;
+}
+
+void
+ssl3_DestroyRemoteExtensions(PRCList *list)
+{
+    PRCList *cur_p;
+
+    while (!PR_CLIST_IS_EMPTY(list)) {
+        cur_p = PR_LIST_TAIL(list);
+        PR_REMOVE_LINK(cur_p);
+        PORT_Free(cur_p);
+    }
+}
+
+/* Initialize the extension data block. */
+void
+ssl3_InitExtensionData(TLSExtensionData *xtnData)
+{
+    /* Set things up to the right starting state. */
+    PORT_Memset(xtnData, 0, sizeof(*xtnData));
+    xtnData->peerSupportsFfdheGroups = PR_FALSE;
+    PR_INIT_CLIST(&xtnData->remoteKeyShares);
+}
+
+/* Free everything that has been allocated and then reset back to
+ * the starting state. */
+void
+ssl3_ResetExtensionData(TLSExtensionData *xtnData)
+{
+    /* Clean up. */
+    ssl3_FreeSniNameArray(xtnData);
+    PORT_Free(xtnData->clientSigSchemes);
+    SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
+    tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
+
+    /* Now reinit. */
+    ssl3_InitExtensionData(xtnData);
+}
+
+/* Thunks to let extension handlers operate on const sslSocket* objects. */
+SECStatus
+ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
+                        PRInt32 bytes)
+{
+    return ssl3_AppendHandshake((sslSocket *)ss, void_src, bytes);
+}
+
+SECStatus
+ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
+                              PRInt32 lenSize)
+{
+    return ssl3_AppendHandshakeNumber((sslSocket *)ss, num, lenSize);
+}
+
+SECStatus
+ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
+                                const SSL3Opaque *src, PRInt32 bytes,
+                                PRInt32 lenSize)
+{
+    return ssl3_AppendHandshakeVariable((sslSocket *)ss, src, bytes, lenSize);
+}
+
+void
+ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
+                  SSL3AlertDescription desc)
+{
+    (void)SSL3_SendAlert((sslSocket *)ss, level, desc);
+}
+
+void
+ssl3_ExtDecodeError(const sslSocket *ss)
+{
+    (void)ssl3_DecodeError((sslSocket *)ss);
+}
+
+SECStatus
+ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
+                         SSL3Opaque **b, PRUint32 *length)
+{
+    return ssl3_ConsumeHandshake((sslSocket *)ss, v, bytes, b, length);
+}
+
+SECStatus
+ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
+                               PRUint32 bytes, SSL3Opaque **b, PRUint32 *length)
+{
+    return ssl3_ConsumeHandshakeNumber((sslSocket *)ss, num, bytes, b, length);
+}
+
+SECStatus
+ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
+                                 PRUint32 bytes, SSL3Opaque **b,
+                                 PRUint32 *length)
+{
+    return ssl3_ConsumeHandshakeVariable((sslSocket *)ss, i, bytes, b, length);
+}
diff --git a/nss/lib/ssl/ssl3ext.h b/nss/lib/ssl/ssl3ext.h
new file mode 100644
index 0000000..43ea3e9
--- /dev/null
+++ b/nss/lib/ssl/ssl3ext.h
@@ -0,0 +1,161 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is PRIVATE to SSL.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ssl3ext_h_
+#define __ssl3ext_h_
+
+typedef enum {
+    sni_nametype_hostname
+} SNINameType;
+typedef struct TLSExtensionDataStr TLSExtensionData;
+
+/* registerable callback function that either appends extension to buffer
+ * or returns length of data that it would have appended.
+ */
+typedef PRInt32 (*ssl3HelloExtensionSenderFunc)(const sslSocket *ss,
+                                                TLSExtensionData *xtnData,
+                                                PRBool append,
+                                                PRUint32 maxBytes);
+
+/* registerable callback function that handles a received extension,
+ * of the given type.
+ */
+typedef SECStatus (*ssl3ExtensionHandlerFunc)(const sslSocket *ss,
+                                              TLSExtensionData *xtnData,
+                                              PRUint16 ex_type,
+                                              SECItem *data);
+
+/* row in a table of hello extension senders */
+typedef struct {
+    PRInt32 ex_type;
+    ssl3HelloExtensionSenderFunc ex_sender;
+} ssl3HelloExtensionSender;
+
+/* row in a table of hello extension handlers */
+typedef struct {
+    PRInt32 ex_type;
+    ssl3ExtensionHandlerFunc ex_handler;
+} ssl3ExtensionHandler;
+
+struct TLSExtensionDataStr {
+    /* registered callbacks that send server hello extensions */
+    ssl3HelloExtensionSender serverHelloSenders[SSL_MAX_EXTENSIONS];
+    ssl3HelloExtensionSender encryptedExtensionsSenders[SSL_MAX_EXTENSIONS];
+    ssl3HelloExtensionSender certificateSenders[SSL_MAX_EXTENSIONS];
+
+    /* Keep track of the extensions that are negotiated. */
+    PRUint16 numAdvertised;
+    PRUint16 numNegotiated;
+    PRUint16 advertised[SSL_MAX_EXTENSIONS];
+    PRUint16 negotiated[SSL_MAX_EXTENSIONS];
+
+    /* SessionTicket Extension related data. */
+    PRBool ticketTimestampVerified;
+    PRBool emptySessionTicket;
+    PRBool sentSessionTicketInClientHello;
+    SECItem psk_ke_modes;
+    PRUint32 max_early_data_size;
+
+    /* SNI Extension related data
+     * Names data is not coppied from the input buffer. It can not be
+     * used outside the scope where input buffer is defined and that
+     * is beyond ssl3_HandleClientHello function. */
+    SECItem *sniNameArr;
+    PRUint32 sniNameArrSize;
+
+    /* Signed Certificate Timestamps extracted from the TLS extension.
+     * (client only).
+     * This container holds a temporary pointer to the extension data,
+     * until a session structure (the sec.ci.sid of an sslSocket) is setup
+     * that can hold a permanent copy of the data
+     * (in sec.ci.sid.u.ssl3.signedCertTimestamps).
+     * The data pointed to by this structure is neither explicitly allocated
+     * nor copied: the pointer points to the handshake message buffer and is
+     * only valid in the scope of ssl3_HandleServerHello.
+     */
+    SECItem signedCertTimestamps;
+
+    PRBool peerSupportsFfdheGroups; /* if the peer supports named ffdhe groups */
+
+    /* clientSigAndHash contains the contents of the signature_algorithms
+     * extension (if any) from the client. This is only valid for TLS 1.2
+     * or later. */
+    SSLSignatureScheme *clientSigSchemes;
+    unsigned int numClientSigScheme;
+
+    /* In a client: if the server supports Next Protocol Negotiation, then
+     * this is the protocol that was negotiated.
+     */
+    SECItem nextProto;
+    SSLNextProtoState nextProtoState;
+
+    PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
+
+    SECItem pskBinder;                /* The PSK binder for the first PSK (TLS 1.3) */
+    unsigned long pskBinderPrefixLen; /* The length of the binder input. */
+    PRCList remoteKeyShares;          /* The other side's public keys (TLS 1.3) */
+
+	// TLS-N Extension
+    PRUint16 salt_size;
+    PRUint16 chunk_size;	
+};
+
+typedef struct TLSExtensionStr {
+    PRCList link;  /* The linked list link */
+    PRUint16 type; /* Extension type */
+    SECItem data;  /* Pointers into the handshake data. */
+} TLSExtension;
+
+SECStatus ssl3_HandleExtensions(sslSocket *ss,
+                                SSL3Opaque **b, PRUint32 *length,
+                                SSL3HandshakeType handshakeMessage);
+SECStatus ssl3_ParseExtensions(sslSocket *ss,
+                               SSL3Opaque **b, PRUint32 *length);
+SECStatus ssl3_HandleParsedExtensions(sslSocket *ss,
+                                      SSL3HandshakeType handshakeMessage);
+TLSExtension *ssl3_FindExtension(sslSocket *ss,
+                                 SSLExtensionType extension_type);
+void ssl3_DestroyRemoteExtensions(PRCList *list);
+void ssl3_InitExtensionData(TLSExtensionData *xtnData);
+void ssl3_ResetExtensionData(TLSExtensionData *xtnData);
+
+PRBool ssl3_ExtensionNegotiated(const sslSocket *ss, PRUint16 ex_type);
+PRBool ssl3_ClientExtensionAdvertised(const sslSocket *ss, PRUint16 ex_type);
+
+SECStatus ssl3_RegisterExtensionSender(const sslSocket *ss,
+                                       TLSExtensionData *xtnData,
+                                       PRUint16 ex_type,
+                                       ssl3HelloExtensionSenderFunc cb);
+PRInt32 ssl3_CallHelloExtensionSenders(sslSocket *ss, PRBool append, PRUint32 maxBytes,
+                                       const ssl3HelloExtensionSender *sender);
+
+unsigned int ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength);
+PRInt32 ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+                                    PRUint32 maxBytes);
+
+/* Thunks to let us operate on const sslSocket* objects. */
+SECStatus ssl3_ExtAppendHandshake(const sslSocket *ss, const void *void_src,
+                                  PRInt32 bytes);
+SECStatus ssl3_ExtAppendHandshakeNumber(const sslSocket *ss, PRInt32 num,
+                                        PRInt32 lenSize);
+SECStatus ssl3_ExtAppendHandshakeVariable(const sslSocket *ss,
+                                          const SSL3Opaque *src, PRInt32 bytes,
+                                          PRInt32 lenSize);
+void ssl3_ExtSendAlert(const sslSocket *ss, SSL3AlertLevel level,
+                       SSL3AlertDescription desc);
+void ssl3_ExtDecodeError(const sslSocket *ss);
+SECStatus ssl3_ExtConsumeHandshake(const sslSocket *ss, void *v, PRUint32 bytes,
+                                   SSL3Opaque **b, PRUint32 *length);
+SECStatus ssl3_ExtConsumeHandshakeNumber(const sslSocket *ss, PRUint32 *num,
+                                         PRUint32 bytes, SSL3Opaque **b,
+                                         PRUint32 *length);
+SECStatus ssl3_ExtConsumeHandshakeVariable(const sslSocket *ss, SECItem *i,
+                                           PRUint32 bytes, SSL3Opaque **b,
+                                           PRUint32 *length);
+
+#endif
diff --git a/nss/lib/ssl/ssl3exthandle.c b/nss/lib/ssl/ssl3exthandle.c
new file mode 100644
index 0000000..04c8182
--- /dev/null
+++ b/nss/lib/ssl/ssl3exthandle.c
@@ -0,0 +1,2488 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssrenam.h"
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "sslimpl.h"
+#include "pk11pub.h"
+#include "blapit.h"
+#include "prinit.h"
+#include "ssl3ext.h"
+#include "ssl3exthandle.h"
+#include "tls13exthandle.h" /* For tls13_ServerSendStatusRequestXtn. */
+
+static SECStatus ssl3_ParseEncryptedSessionTicket(sslSocket *ss,
+                                                  SECItem *data, EncryptedSessionTicket *enc_session_ticket);
+static SECStatus ssl3_AppendToItem(SECItem *item, const unsigned char *buf,
+                                   PRUint32 bytes);
+static SECStatus ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes);
+static SECStatus ssl3_AppendNumberToItem(SECItem *item, PRUint32 num,
+                                         PRInt32 lenSize);
+static SECStatus ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes);
+
+/*
+ * Write bytes.  Using this function means the SECItem structure
+ * cannot be freed.  The caller is expected to call this function
+ * on a shallow copy of the structure.
+ */
+static SECStatus
+ssl3_AppendToItem(SECItem *item, const unsigned char *buf, PRUint32 bytes)
+{
+    if (bytes > item->len)
+        return SECFailure;
+
+    PORT_Memcpy(item->data, buf, bytes);
+    item->data += bytes;
+    item->len -= bytes;
+    return SECSuccess;
+}
+
+/*
+ * Write a number in network byte order. Using this function means the
+ * SECItem structure cannot be freed.  The caller is expected to call
+ * this function on a shallow copy of the structure.
+ */
+static SECStatus
+ssl3_AppendNumberToItem(SECItem *item, PRUint32 num, PRInt32 lenSize)
+{
+    SECStatus rv;
+    PRUint8 b[4];
+    PRUint8 *p = b;
+
+    switch (lenSize) {
+        case 4:
+            *p++ = (PRUint8)(num >> 24);
+        case 3:
+            *p++ = (PRUint8)(num >> 16);
+        case 2:
+            *p++ = (PRUint8)(num >> 8);
+        case 1:
+            *p = (PRUint8)num;
+    }
+    rv = ssl3_AppendToItem(item, &b[0], lenSize);
+    return rv;
+}
+
+/* Format an SNI extension, using the name from the socket's URL,
+ * unless that name is a dotted decimal string.
+ * Used by client and server.
+ */
+PRInt32
+ssl3_SendServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                       PRUint32 maxBytes)
+{
+    SECStatus rv;
+    if (!ss)
+        return 0;
+    if (!ss->sec.isServer) {
+        PRUint32 len;
+        PRNetAddr netAddr;
+
+        /* must have a hostname */
+        if (!ss->url || !ss->url[0])
+            return 0;
+        /* must not be an IPv4 or IPv6 address */
+        if (PR_SUCCESS == PR_StringToNetAddr(ss->url, &netAddr)) {
+            /* is an IP address (v4 or v6) */
+            return 0;
+        }
+        len = PORT_Strlen(ss->url);
+        if (append && maxBytes >= len + 9) {
+            /* extension_type */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
+            if (rv != SECSuccess)
+                return -1;
+            /* length of extension_data */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, len + 5, 2);
+            if (rv != SECSuccess)
+                return -1;
+            /* length of server_name_list */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, len + 3, 2);
+            if (rv != SECSuccess)
+                return -1;
+            /* Name Type (sni_host_name) */
+            rv = ssl3_ExtAppendHandshake(ss, "\0", 1);
+            if (rv != SECSuccess)
+                return -1;
+            /* HostName (length and value) */
+            rv = ssl3_ExtAppendHandshakeVariable(ss, (PRUint8 *)ss->url, len, 2);
+            if (rv != SECSuccess)
+                return -1;
+            if (!ss->sec.isServer) {
+                xtnData->advertised[xtnData->numAdvertised++] =
+                    ssl_server_name_xtn;
+            }
+        }
+        return len + 9;
+    }
+    /* Server side */
+    if (append && maxBytes >= 4) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_server_name_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+    return 4;
+}
+
+/* Handle an incoming SNI extension. */
+SECStatus
+ssl3_HandleServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECItem *names = NULL;
+    PRUint32 listLenBytes = 0;
+    SECStatus rv;
+
+    if (!ss->sec.isServer) {
+        return SECSuccess; /* ignore extension */
+    }
+
+    /* Server side - consume client data and register server sender. */
+    /* do not parse the data if don't have user extension handling function. */
+    if (!ss->sniSocketConfig) {
+        return SECSuccess;
+    }
+
+    /* length of server_name_list */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &listLenBytes, 2, &data->data, &data->len);
+    if (rv != SECSuccess) {
+        goto loser; /* alert already sent */
+    }
+    if (listLenBytes == 0 || listLenBytes != data->len) {
+        goto alert_loser;
+    }
+
+    /* Read ServerNameList. */
+    while (data->len > 0) {
+        SECItem tmp;
+        PRUint32 type;
+
+        /* Read Name Type. */
+        rv = ssl3_ExtConsumeHandshakeNumber(ss, &type, 1, &data->data, &data->len);
+        if (rv != SECSuccess) {
+            /* alert sent in ConsumeHandshakeNumber */
+            goto loser;
+        }
+
+        /* Read ServerName (length and value). */
+        rv = ssl3_ExtConsumeHandshakeVariable(ss, &tmp, 2, &data->data, &data->len);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        /* Record the value for host_name(0). */
+        if (type == sni_nametype_hostname) {
+            /* Fail if we encounter a second host_name entry. */
+            if (names) {
+                goto alert_loser;
+            }
+
+            /* Create an array for the only supported NameType. */
+            names = PORT_ZNewArray(SECItem, 1);
+            if (!names) {
+                goto loser;
+            }
+
+            /* Copy ServerName into the array. */
+            if (SECITEM_CopyItem(NULL, &names[0], &tmp) != SECSuccess) {
+                goto loser;
+            }
+        }
+
+        /* Even if we don't support NameTypes other than host_name at the
+         * moment, we continue parsing the whole list to check its validity.
+         * We do not check for duplicate entries with NameType != host_name(0).
+         */
+    }
+    if (names) {
+        /* Free old and set the new data. */
+        ssl3_FreeSniNameArray(xtnData);
+        xtnData->sniNameArr = names;
+        xtnData->sniNameArrSize = 1;
+        xtnData->negotiated[xtnData->numNegotiated++] = ssl_server_name_xtn;
+    }
+    return SECSuccess;
+
+alert_loser:
+    ssl3_ExtDecodeError(ss);
+loser:
+    if (names) {
+        PORT_Free(names);
+    }
+    return SECFailure;
+}
+
+/* Frees a given xtnData->sniNameArr and its elements. */
+void
+ssl3_FreeSniNameArray(TLSExtensionData *xtnData)
+{
+    PRUint32 i;
+
+    if (!xtnData->sniNameArr) {
+        return;
+    }
+
+    for (i = 0; i < xtnData->sniNameArrSize; i++) {
+        SECITEM_FreeItem(&xtnData->sniNameArr[i], PR_FALSE);
+    }
+
+    PORT_Free(xtnData->sniNameArr);
+    xtnData->sniNameArr = NULL;
+    xtnData->sniNameArrSize = 0;
+}
+
+/* Called by both clients and servers.
+ * Clients sends a filled in session ticket if one is available, and otherwise
+ * sends an empty ticket.  Servers always send empty tickets.
+ */
+PRInt32
+ssl3_SendSessionTicketXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    NewSessionTicket *session_ticket = NULL;
+    sslSessionID *sid = ss->sec.ci.sid;
+
+    /* Never send an extension with a ticket for TLS 1.3, but
+     * OK to send the empty one in case the server does 1.2. */
+    if (sid->cached == in_client_cache &&
+        sid->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        return 0;
+    }
+
+    /* Ignore the SessionTicket extension if processing is disabled. */
+    if (!ss->opt.enableSessionTickets)
+        return 0;
+
+    /* Empty extension length = extension_type (2-bytes) +
+     * length(extension_data) (2-bytes)
+     */
+    extension_length = 4;
+
+    /* If we are a client then send a session ticket if one is availble.
+     * Servers that support the extension and are willing to negotiate the
+     * the extension always respond with an empty extension.
+     */
+    if (!ss->sec.isServer) {
+        /* The caller must be holding sid->u.ssl3.lock for reading. We cannot
+         * just acquire and release the lock within this function because the
+         * caller will call this function twice, and we need the inputs to be
+         * consistent between the two calls. Note that currently the caller
+         * will only be holding the lock when we are the client and when we're
+         * attempting to resume an existing session.
+         */
+
+        session_ticket = &sid->u.ssl3.locked.sessionTicket;
+        if (session_ticket->ticket.data) {
+            if (xtnData->ticketTimestampVerified) {
+                extension_length += session_ticket->ticket.len;
+            } else if (!append && ssl_TicketTimeValid(session_ticket)) {
+                extension_length += session_ticket->ticket.len;
+                xtnData->ticketTimestampVerified = PR_TRUE;
+            }
+        }
+    }
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        if (session_ticket && session_ticket->ticket.data &&
+            xtnData->ticketTimestampVerified) {
+            rv = ssl3_ExtAppendHandshakeVariable(ss, session_ticket->ticket.data,
+                                                 session_ticket->ticket.len, 2);
+            xtnData->ticketTimestampVerified = PR_FALSE;
+            xtnData->sentSessionTicketInClientHello = PR_TRUE;
+        } else {
+            rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        }
+        if (rv != SECSuccess)
+            goto loser;
+
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_session_ticket_xtn;
+        }
+    }
+    return extension_length;
+
+loser:
+    xtnData->ticketTimestampVerified = PR_FALSE;
+    return -1;
+}
+
+static SECStatus
+ssl3_ParseEncryptedSessionTicket(sslSocket *ss, SECItem *data,
+                                 EncryptedSessionTicket *enc_session_ticket)
+{
+    if (ssl3_ConsumeFromItem(data, &enc_session_ticket->key_name,
+                             SESS_TICKET_KEY_NAME_LEN) !=
+        SECSuccess)
+        return SECFailure;
+    if (ssl3_ConsumeFromItem(data, &enc_session_ticket->iv,
+                             AES_BLOCK_SIZE) !=
+        SECSuccess)
+        return SECFailure;
+    if (ssl3_ConsumeHandshakeVariable(ss, &enc_session_ticket->encrypted_state,
+                                      2, &data->data, &data->len) !=
+        SECSuccess)
+        return SECFailure;
+    if (ssl3_ConsumeFromItem(data, &enc_session_ticket->mac,
+                             TLS_EX_SESS_TICKET_MAC_LENGTH) !=
+        SECSuccess)
+        return SECFailure;
+    if (data->len != 0) /* Make sure that we have consumed all bytes. */
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/* handle an incoming Next Protocol Negotiation extension. */
+SECStatus
+ssl3_ServerHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    if (ss->firstHsDone || data->len != 0) {
+        /* Clients MUST send an empty NPN extension, if any. */
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    /* TODO: server side NPN support would require calling
+     * ssl3_RegisterServerHelloExtensionSender here in order to echo the
+     * extension back to the client. */
+
+    return SECSuccess;
+}
+
+/* ssl3_ValidateNextProtoNego checks that the given block of data is valid: none
+ * of the lengths may be 0 and the sum of the lengths must equal the length of
+ * the block. */
+SECStatus
+ssl3_ValidateNextProtoNego(const unsigned char *data, unsigned int length)
+{
+    unsigned int offset = 0;
+
+    while (offset < length) {
+        unsigned int newOffset = offset + 1 + (unsigned int)data[offset];
+        /* Reject embedded nulls to protect against buggy applications that
+         * store protocol identifiers in null-terminated strings.
+         */
+        if (newOffset > length || data[offset] == 0) {
+            return SECFailure;
+        }
+        offset = newOffset;
+    }
+
+    return SECSuccess;
+}
+
+/* protocol selection handler for ALPN (server side) and NPN (client side) */
+static SECStatus
+ssl3_SelectAppProtocol(const sslSocket *ss, TLSExtensionData *xtnData,
+                       PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+    unsigned char resultBuffer[255];
+    SECItem result = { siBuffer, resultBuffer, 0 };
+
+    rv = ssl3_ValidateNextProtoNego(data->data, data->len);
+    if (rv != SECSuccess) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return rv;
+    }
+
+    PORT_Assert(ss->nextProtoCallback);
+    /* For ALPN, the cipher suite isn't selected yet.  Note that extensions
+     * sometimes affect what cipher suite is selected, e.g., for ECC. */
+    PORT_Assert((ss->ssl3.hs.preliminaryInfo &
+                 ssl_preinfo_all & ~ssl_preinfo_cipher_suite) ==
+                (ssl_preinfo_all & ~ssl_preinfo_cipher_suite));
+    rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len,
+                               result.data, &result.len, sizeof(resultBuffer));
+    if (rv != SECSuccess) {
+        /* Expect callback to call PORT_SetError() */
+        ssl3_ExtSendAlert(ss, alert_fatal, internal_error);
+        return SECFailure;
+    }
+
+    /* If the callback wrote more than allowed to |result| it has corrupted our
+     * stack. */
+    if (result.len > sizeof(resultBuffer)) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        /* TODO: crash */
+        return SECFailure;
+    }
+
+    SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
+
+    if (ex_type == ssl_app_layer_protocol_xtn &&
+        xtnData->nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) {
+        /* The callback might say OK, but then it picks a default value - one
+         * that was not listed.  That's OK for NPN, but not ALPN. */
+        ssl3_ExtSendAlert(ss, alert_fatal, no_application_protocol);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL);
+        return SECFailure;
+    }
+
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    return SECITEM_CopyItem(NULL, &xtnData->nextProto, &result);
+}
+
+/* handle an incoming ALPN extension at the server */
+SECStatus
+ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    PRUint32 count;
+    SECStatus rv;
+
+    /* We expressly don't want to allow ALPN on renegotiation,
+     * despite it being permitted by the spec. */
+    if (ss->firstHsDone || data->len == 0) {
+        /* Clients MUST send a non-empty ALPN extension. */
+        ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    /* Unlike NPN, ALPN has extra redundant length information so that
+     * the extension is the same in both ClientHello and ServerHello. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &count, 2, &data->data, &data->len);
+    if (rv != SECSuccess || count != data->len) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+
+    if (!ss->nextProtoCallback) {
+        /* we're not configured for it */
+        return SECSuccess;
+    }
+
+    rv = ssl3_SelectAppProtocol(ss, xtnData, ex_type, data);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    /* prepare to send back a response, if we negotiated */
+    if (xtnData->nextProtoState == SSL_NEXT_PROTO_NEGOTIATED) {
+        rv = ssl3_RegisterExtensionSender(
+            ss, xtnData, ex_type, ssl3_ServerSendAppProtoXtn);
+        if (rv != SECSuccess) {
+            ssl3_ExtSendAlert(ss, alert_fatal, internal_error);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return rv;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    PORT_Assert(!ss->firstHsDone);
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_app_layer_protocol_xtn)) {
+        /* If the server negotiated ALPN then it has already told us what
+         * protocol to use, so it doesn't make sense for us to try to negotiate
+         * a different one by sending the NPN handshake message. However, if
+         * we've negotiated NPN then we're required to send the NPN handshake
+         * message. Thus, these two extensions cannot both be negotiated on the
+         * same connection. */
+        ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
+        PORT_SetError(SSL_ERROR_BAD_SERVER);
+        return SECFailure;
+    }
+
+    /* We should only get this call if we sent the extension, so
+     * ss->nextProtoCallback needs to be non-NULL.  However, it is possible
+     * that an application erroneously cleared the callback between the time
+     * we sent the ClientHello and now. */
+    if (!ss->nextProtoCallback) {
+        PORT_Assert(0);
+        ssl3_ExtSendAlert(ss, alert_fatal, internal_error);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK);
+        return SECFailure;
+    }
+
+    return ssl3_SelectAppProtocol(ss, xtnData, ex_type, data);
+}
+
+SECStatus
+ssl3_ClientHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+    PRUint32 list_len;
+    SECItem protocol_name;
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /* The extension data from the server has the following format:
+     *   uint16 name_list_len;
+     *   uint8 len;  // where len >= 1
+     *   uint8 protocol_name[len]; */
+    if (data->len < 4 || data->len > 2 + 1 + 255) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &list_len, 2, &data->data,
+                                        &data->len);
+    /* The list has to be the entire extension. */
+    if (rv != SECSuccess || list_len != data->len) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &protocol_name, 1,
+                                          &data->data, &data->len);
+    /* The list must have exactly one value. */
+    if (rv != SECSuccess || data->len != 0) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+        return SECFailure;
+    }
+
+    SECITEM_FreeItem(&xtnData->nextProto, PR_FALSE);
+    xtnData->nextProtoState = SSL_NEXT_PROTO_SELECTED;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    return SECITEM_CopyItem(NULL, &xtnData->nextProto, &protocol_name);
+}
+
+PRInt32
+ssl3_ClientSendNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+
+    /* Renegotiations do not send this extension. */
+    if (!ss->opt.enableNPN || !ss->nextProtoCallback || ss->firstHsDone) {
+        return 0;
+    }
+
+    extension_length = 4;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_next_proto_nego_xtn;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
+}
+
+PRInt32
+ssl3_ClientSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    unsigned char *alpn_protos = NULL;
+
+    /* Renegotiations do not send this extension. */
+    if (!ss->opt.enableALPN || !ss->opt.nextProtoNego.data || ss->firstHsDone) {
+        return 0;
+    }
+
+    extension_length = 2 /* extension type */ + 2 /* extension length */ +
+                       2 /* protocol name list length */ +
+                       ss->opt.nextProtoNego.len;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        /* NPN requires that the client's fallback protocol is first in the
+         * list. However, ALPN sends protocols in preference order. So we
+         * allocate a buffer and move the first protocol to the end of the
+         * list. */
+        SECStatus rv;
+        const unsigned int len = ss->opt.nextProtoNego.len;
+
+        alpn_protos = PORT_Alloc(len);
+        if (alpn_protos == NULL) {
+            return SECFailure;
+        }
+        if (len > 0) {
+            /* Each protocol string is prefixed with a single byte length. */
+            unsigned int i = ss->opt.nextProtoNego.data[0] + 1;
+            if (i <= len) {
+                memcpy(alpn_protos, &ss->opt.nextProtoNego.data[i], len - i);
+                memcpy(alpn_protos + len - i, ss->opt.nextProtoNego.data, i);
+            } else {
+                /* This seems to be invalid data so we'll send as-is. */
+                memcpy(alpn_protos, ss->opt.nextProtoNego.data, len);
+            }
+        }
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = ssl3_ExtAppendHandshakeVariable(ss, alpn_protos, len, 2);
+        PORT_Free(alpn_protos);
+        alpn_protos = NULL;
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_app_layer_protocol_xtn;
+    }
+
+    return extension_length;
+
+loser:
+    if (alpn_protos) {
+        PORT_Free(alpn_protos);
+    }
+    return -1;
+}
+
+PRInt32
+ssl3_ServerSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+
+    /* we're in over our heads if any of these fail */
+    PORT_Assert(ss->opt.enableALPN);
+    PORT_Assert(xtnData->nextProto.data);
+    PORT_Assert(xtnData->nextProto.len > 0);
+    PORT_Assert(xtnData->nextProtoState == SSL_NEXT_PROTO_NEGOTIATED);
+    PORT_Assert(!ss->firstHsDone);
+
+    extension_length = 2 /* extension type */ + 2 /* extension length */ +
+                       2 /* protocol name list */ + 1 /* name length */ +
+                       xtnData->nextProto.len;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, xtnData->nextProto.len + 1, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeVariable(ss, xtnData->nextProto.data,
+                                             xtnData->nextProto.len, 1);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+    }
+
+    return extension_length;
+}
+
+SECStatus
+ssl3_ServerHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    ssl3HelloExtensionSenderFunc sender;
+
+    PORT_Assert(ss->sec.isServer);
+
+    /* remember that we got this extension. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        sender = tls13_ServerSendStatusRequestXtn;
+    } else {
+        sender = ssl3_ServerSendStatusRequestXtn;
+    }
+    return ssl3_RegisterExtensionSender(ss, xtnData, ex_type, sender);
+}
+
+PRInt32
+ssl3_ServerSendStatusRequestXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    const sslServerCert *serverCert = ss->sec.serverCert;
+    SECStatus rv;
+
+    if (!serverCert->certStatusArray ||
+        !serverCert->certStatusArray->len) {
+        return 0;
+    }
+
+    extension_length = 2 + 2;
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* The certificate status data is sent in ssl3_SendCertificateStatus. */
+    }
+
+    return extension_length;
+}
+
+/* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
+ * client side. See RFC 6066 section 8. */
+PRInt32
+ssl3_ClientSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+
+    if (!ss->opt.enableOCSPStapling)
+        return 0;
+
+    /* extension_type (2-bytes) +
+     * length(extension_data) (2-bytes) +
+     * status_type (1) +
+     * responder_id_list length (2) +
+     * request_extensions length (2)
+     */
+    extension_length = 9;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
+        if (rv != SECSuccess)
+            return -1;
+        /* A zero length responder_id_list means that the responders are
+         * implicitly known to the server. */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* A zero length request_extensions means that there are no extensions.
+         * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
+         * means that the server can replay a cached OCSP response to us. */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
+    }
+    return extension_length;
+}
+
+SECStatus
+ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    /* In TLS 1.3, the extension carries the OCSP response. */
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        SECStatus rv;
+        rv = ssl_ReadCertificateStatus(CONST_CAST(sslSocket, ss),
+                                       data->data, data->len);
+        if (rv != SECSuccess) {
+            return SECFailure; /* code already set */
+        }
+    } else if (data->len != 0) {
+        ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+        return SECFailure;
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    return SECSuccess;
+}
+
+PRUint32 ssl_ticket_lifetime = 2 * 24 * 60 * 60; /* 2 days in seconds */
+#define TLS_EX_SESS_TICKET_VERSION (0x0103)
+
+/*
+ * Called from ssl3_SendNewSessionTicket, tls13_SendNewSessionTicket
+ */
+SECStatus
+ssl3_EncodeSessionTicket(sslSocket *ss,
+                         const NewSessionTicket *ticket,
+                         SECItem *ticket_data)
+{
+    PRUint32 i;
+    SECStatus rv;
+    SECItem plaintext;
+    SECItem plaintext_item = { 0, NULL, 0 };
+    SECItem ciphertext = { 0, NULL, 0 };
+    PRUint32 ciphertext_length;
+    SECItem ticket_buf = { 0, NULL, 0 };
+    SECItem ticket_tmp = { 0, NULL, 0 };
+    SECItem macParam = { 0, NULL, 0 };
+    PRBool ms_is_wrapped;
+    unsigned char wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
+    SECItem ms_item = { 0, NULL, 0 };
+    PRUint32 padding_length;
+    PRUint32 ticket_length;
+    PRUint32 cert_length = 0;
+    PRUint8 length_buf[4];
+    PRUint32 now;
+    unsigned char key_name[SESS_TICKET_KEY_NAME_LEN];
+    PK11SymKey *aes_key = NULL;
+    PK11SymKey *mac_key = NULL;
+    CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
+    PK11Context *aes_ctx;
+    CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
+    PK11Context *hmac_ctx = NULL;
+    unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
+    unsigned int computed_mac_length;
+    unsigned char iv[AES_BLOCK_SIZE];
+    SECItem ivItem;
+    SECItem *srvName = NULL;
+    PRUint32 srvNameLen = 0;
+    CK_MECHANISM_TYPE msWrapMech = 0; /* dummy default value,
+                                          * must be >= 0 */
+    ssl3CipherSpec *spec;
+    SECItem alpnSelection = { siBuffer, NULL, 0 };
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send session_ticket handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
+        cert_length = 3 + ss->sec.ci.sid->peerCert->derCert.len;
+    }
+
+    /* Get IV and encryption keys */
+    ivItem.data = iv;
+    ivItem.len = sizeof(iv);
+    rv = PK11_GenerateRandom(iv, sizeof(iv));
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = ssl_GetSessionTicketKeys(ss, key_name, &aes_key, &mac_key);
+    if (rv != SECSuccess)
+        goto loser;
+
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        spec = ss->ssl3.cwSpec;
+    } else {
+        spec = ss->ssl3.pwSpec;
+    }
+    if (spec->msItem.len && spec->msItem.data) {
+        /* The master secret is available unwrapped. */
+        ms_item.data = spec->msItem.data;
+        ms_item.len = spec->msItem.len;
+        ms_is_wrapped = PR_FALSE;
+    } else {
+        /* Extract the master secret wrapped. */
+        sslSessionID sid;
+        PORT_Memset(&sid, 0, sizeof(sslSessionID));
+
+        rv = ssl3_CacheWrappedMasterSecret(ss, &sid, spec);
+        if (rv == SECSuccess) {
+            if (sid.u.ssl3.keys.wrapped_master_secret_len > sizeof(wrapped_ms))
+                goto loser;
+            memcpy(wrapped_ms, sid.u.ssl3.keys.wrapped_master_secret,
+                   sid.u.ssl3.keys.wrapped_master_secret_len);
+            ms_item.data = wrapped_ms;
+            ms_item.len = sid.u.ssl3.keys.wrapped_master_secret_len;
+            msWrapMech = sid.u.ssl3.masterWrapMech;
+        } else {
+            /* TODO: else send an empty ticket. */
+            goto loser;
+        }
+        ms_is_wrapped = PR_TRUE;
+    }
+    /* Prep to send negotiated name */
+    srvName = &ss->sec.ci.sid->u.ssl3.srvName;
+    if (srvName->data && srvName->len) {
+        srvNameLen = 2 + srvName->len; /* len bytes + name len */
+    }
+
+    if (ss->xtnData.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
+        ss->xtnData.nextProto.data) {
+        alpnSelection = ss->xtnData.nextProto;
+    }
+
+    ciphertext_length =
+        sizeof(PRUint16)                       /* ticket_version */
+        + sizeof(SSL3ProtocolVersion)          /* ssl_version */
+        + sizeof(ssl3CipherSuite)              /* ciphersuite */
+        + 1                                    /* compression */
+        + 10                                   /* cipher spec parameters */
+        + 1                                    /* certType arguments */
+        + 1                                    /* SessionTicket.ms_is_wrapped */
+        + 4                                    /* msWrapMech */
+        + 2                                    /* master_secret.length */
+        + ms_item.len                          /* master_secret */
+        + 1                                    /* client_auth_type */
+        + cert_length                          /* cert */
+        + 1                                    /* server name type */
+        + srvNameLen                           /* name len + length field */
+        + 1                                    /* extendedMasterSecretUsed */
+        + sizeof(ticket->ticket_lifetime_hint) /* ticket lifetime hint */
+        + sizeof(ticket->flags)                /* ticket flags */
+        + 1 + alpnSelection.len;               /* npn value + length field. */
+    padding_length = AES_BLOCK_SIZE -
+                     (ciphertext_length %
+                      AES_BLOCK_SIZE);
+    ciphertext_length += padding_length;
+
+    if (SECITEM_AllocItem(NULL, &plaintext_item, ciphertext_length) == NULL)
+        goto loser;
+
+    plaintext = plaintext_item;
+
+    /* ticket_version */
+    rv = ssl3_AppendNumberToItem(&plaintext, TLS_EX_SESS_TICKET_VERSION,
+                                 sizeof(PRUint16));
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* ssl_version */
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->version,
+                                 sizeof(SSL3ProtocolVersion));
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* ciphersuite */
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.cipher_suite,
+                                 sizeof(ssl3CipherSuite));
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* compression */
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->ssl3.hs.compression, 1);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* cipher spec parameters */
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authType, 1);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.authKeyBits, 4);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaType, 1);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendNumberToItem(&plaintext, ss->sec.keaKeyBits, 4);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* certificate type */
+    PORT_Assert(SSL_CERT_IS(ss->sec.serverCert, ss->sec.authType));
+    if (SSL_CERT_IS_EC(ss->sec.serverCert)) {
+        const sslServerCert *cert = ss->sec.serverCert;
+        PORT_Assert(cert->namedCurve);
+        /* EC curves only use the second of the two bytes. */
+        PORT_Assert(cert->namedCurve->name < 256);
+        rv = ssl3_AppendNumberToItem(&plaintext, cert->namedCurve->name, 1);
+    } else {
+        rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
+    }
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* master_secret */
+    rv = ssl3_AppendNumberToItem(&plaintext, ms_is_wrapped, 1);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendNumberToItem(&plaintext, msWrapMech, 4);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendNumberToItem(&plaintext, ms_item.len, 2);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_AppendToItem(&plaintext, ms_item.data, ms_item.len);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* client_identity */
+    if (ss->opt.requestCertificate && ss->sec.ci.sid->peerCert) {
+        rv = ssl3_AppendNumberToItem(&plaintext, CLIENT_AUTH_CERTIFICATE, 1);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendNumberToItem(&plaintext,
+                                     ss->sec.ci.sid->peerCert->derCert.len, 3);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendToItem(&plaintext,
+                               ss->sec.ci.sid->peerCert->derCert.data,
+                               ss->sec.ci.sid->peerCert->derCert.len);
+        if (rv != SECSuccess)
+            goto loser;
+    } else {
+        rv = ssl3_AppendNumberToItem(&plaintext, 0, 1);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    /* timestamp */
+    now = ssl_Time();
+    rv = ssl3_AppendNumberToItem(&plaintext, now,
+                                 sizeof(ticket->ticket_lifetime_hint));
+    if (rv != SECSuccess)
+        goto loser;
+
+    if (srvNameLen) {
+        /* Name Type (sni_host_name) */
+        rv = ssl3_AppendNumberToItem(&plaintext, srvName->type, 1);
+        if (rv != SECSuccess)
+            goto loser;
+        /* HostName (length and value) */
+        rv = ssl3_AppendNumberToItem(&plaintext, srvName->len, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_AppendToItem(&plaintext, srvName->data, srvName->len);
+        if (rv != SECSuccess)
+            goto loser;
+    } else {
+        /* No Name */
+        rv = ssl3_AppendNumberToItem(&plaintext, (char)TLS_STE_NO_SERVER_NAME, 1);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    /* extendedMasterSecretUsed */
+    rv = ssl3_AppendNumberToItem(
+        &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Flags */
+    rv = ssl3_AppendNumberToItem(&plaintext, ticket->flags,
+                                 sizeof(ticket->flags));
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* NPN value. */
+    PORT_Assert(alpnSelection.len < 256);
+    rv = ssl3_AppendNumberToItem(&plaintext, alpnSelection.len, 1);
+    if (rv != SECSuccess)
+        goto loser;
+    if (alpnSelection.len) {
+        rv = ssl3_AppendToItem(&plaintext, alpnSelection.data, alpnSelection.len);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    PORT_Assert(plaintext.len == padding_length);
+    for (i = 0; i < padding_length; i++)
+        plaintext.data[i] = (unsigned char)padding_length;
+
+    if (SECITEM_AllocItem(NULL, &ciphertext, ciphertext_length) == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* Generate encrypted portion of ticket. */
+    PORT_Assert(aes_key);
+    aes_ctx = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT, aes_key, &ivItem);
+    if (!aes_ctx)
+        goto loser;
+
+    rv = PK11_CipherOp(aes_ctx, ciphertext.data,
+                       (int *)&ciphertext.len, ciphertext.len,
+                       plaintext_item.data, plaintext_item.len);
+    PK11_Finalize(aes_ctx);
+    PK11_DestroyContext(aes_ctx, PR_TRUE);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Convert ciphertext length to network order. */
+    length_buf[0] = (ciphertext.len >> 8) & 0xff;
+    length_buf[1] = (ciphertext.len) & 0xff;
+
+    /* Compute MAC. */
+    PORT_Assert(mac_key);
+    hmac_ctx = PK11_CreateContextBySymKey(macMech, CKA_SIGN, mac_key, &macParam);
+    if (!hmac_ctx)
+        goto loser;
+
+    rv = PK11_DigestBegin(hmac_ctx);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = PK11_DigestOp(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = PK11_DigestOp(hmac_ctx, iv, sizeof(iv));
+    if (rv != SECSuccess)
+        goto loser;
+    rv = PK11_DigestOp(hmac_ctx, (unsigned char *)length_buf, 2);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = PK11_DigestOp(hmac_ctx, ciphertext.data, ciphertext.len);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = PK11_DigestFinal(hmac_ctx, computed_mac,
+                          &computed_mac_length, sizeof(computed_mac));
+    if (rv != SECSuccess)
+        goto loser;
+
+    ticket_length =
+        +SESS_TICKET_KEY_NAME_LEN        /* key_name */
+        + AES_BLOCK_SIZE                 /* iv */
+        + 2                              /* length field for NewSessionTicket.ticket.encrypted_state */
+        + ciphertext_length              /* encrypted_state */
+        + TLS_EX_SESS_TICKET_MAC_LENGTH; /* mac */
+
+    if (SECITEM_AllocItem(NULL, &ticket_buf, ticket_length) == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+    ticket_tmp = ticket_buf; /* Shallow copy because AppendToItem is
+                              * destructive. */
+
+    rv = ssl3_AppendToItem(&ticket_tmp, key_name, SESS_TICKET_KEY_NAME_LEN);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = ssl3_AppendToItem(&ticket_tmp, iv, sizeof(iv));
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = ssl3_AppendNumberToItem(&ticket_tmp, ciphertext.len, 2);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = ssl3_AppendToItem(&ticket_tmp, ciphertext.data, ciphertext.len);
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = ssl3_AppendToItem(&ticket_tmp, computed_mac, computed_mac_length);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Give ownership of memory to caller. */
+    *ticket_data = ticket_buf;
+    ticket_buf.data = NULL;
+
+loser:
+    if (hmac_ctx) {
+        PK11_DestroyContext(hmac_ctx, PR_TRUE);
+    }
+    if (plaintext_item.data) {
+        SECITEM_FreeItem(&plaintext_item, PR_FALSE);
+    }
+    if (ciphertext.data) {
+        SECITEM_FreeItem(&ciphertext, PR_FALSE);
+    }
+    if (ticket_buf.data) {
+        SECITEM_FreeItem(&ticket_buf, PR_FALSE);
+    }
+
+    return rv;
+}
+
+/* When a client receives a SessionTicket extension a NewSessionTicket
+ * message is expected during the handshake.
+ */
+SECStatus
+ssl3_ClientHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    if (data->len != 0) {
+        return SECSuccess; /* Ignore the extension. */
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    return SECSuccess;
+}
+
+/* Generic ticket processing code, common to TLS 1.0-1.2 and
+ * TLS 1.3. */
+SECStatus
+ssl3_ProcessSessionTicketCommon(sslSocket *ss, SECItem *data)
+{
+    SECStatus rv;
+    SECItem *decrypted_state = NULL;
+    SessionTicket *parsed_session_ticket = NULL;
+    sslSessionID *sid = NULL;
+    SSL3Statistics *ssl3stats;
+    PRUint32 i;
+    SECItem extension_data;
+    EncryptedSessionTicket enc_session_ticket;
+    unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
+    unsigned int computed_mac_length;
+    unsigned char key_name[SESS_TICKET_KEY_NAME_LEN];
+    PK11SymKey *aes_key = NULL;
+    PK11SymKey *mac_key = NULL;
+    PK11Context *hmac_ctx;
+    CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC;
+    PK11Context *aes_ctx;
+    CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
+    unsigned char *padding;
+    PRUint32 padding_length;
+    unsigned char *buffer;
+    unsigned int buffer_len;
+    PRUint32 temp;
+    SECItem cert_item;
+    PRUint32 nameType;
+    SECItem macParam = { siBuffer, NULL, 0 };
+    SECItem alpn_item;
+    SECItem ivItem;
+
+    /* Turn off stateless session resumption if the client sends a
+     * SessionTicket extension, even if the extension turns out to be
+     * malformed (ss->sec.ci.sid is non-NULL when doing session
+     * renegotiation.)
+     */
+    if (ss->sec.ci.sid != NULL) {
+        ss->sec.uncache(ss->sec.ci.sid);
+        ssl_FreeSID(ss->sec.ci.sid);
+        ss->sec.ci.sid = NULL;
+    }
+
+    extension_data.data = data->data; /* Keep a copy for future use. */
+    extension_data.len = data->len;
+
+    if (ssl3_ParseEncryptedSessionTicket(ss, data, &enc_session_ticket) !=
+        SECSuccess) {
+        return SECSuccess; /* Pretend it isn't there */
+    }
+
+    /* Get session ticket keys. */
+    rv = ssl_GetSessionTicketKeys(ss, key_name, &aes_key, &mac_key);
+    if (rv != SECSuccess) {
+        SSL_DBG(("%d: SSL[%d]: Unable to get/generate session ticket keys.",
+                 SSL_GETPID(), ss->fd));
+        goto loser;
+    }
+
+    /* If the ticket sent by the client was generated under a key different
+     * from the one we have, bypass ticket processing.
+     */
+    if (PORT_Memcmp(enc_session_ticket.key_name, key_name,
+                    SESS_TICKET_KEY_NAME_LEN) != 0) {
+        SSL_DBG(("%d: SSL[%d]: Session ticket key_name sent mismatch.",
+                 SSL_GETPID(), ss->fd));
+        goto no_ticket;
+    }
+
+    /* Verify the MAC on the ticket.  MAC verification may also
+     * fail if the MAC key has been recently refreshed.
+     */
+    PORT_Assert(mac_key);
+    hmac_ctx = PK11_CreateContextBySymKey(macMech, CKA_SIGN, mac_key, &macParam);
+    if (!hmac_ctx) {
+        SSL_DBG(("%d: SSL[%d]: Unable to create HMAC context: %d.",
+                 SSL_GETPID(), ss->fd, PORT_GetError()));
+        goto no_ticket;
+    } else {
+        SSL_DBG(("%d: SSL[%d]: Successfully created HMAC context.",
+                 SSL_GETPID(), ss->fd));
+    }
+    rv = PK11_DigestBegin(hmac_ctx);
+    if (rv != SECSuccess) {
+        PK11_DestroyContext(hmac_ctx, PR_TRUE);
+        goto no_ticket;
+    }
+    rv = PK11_DigestOp(hmac_ctx, extension_data.data,
+                       extension_data.len -
+                           TLS_EX_SESS_TICKET_MAC_LENGTH);
+    if (rv != SECSuccess) {
+        PK11_DestroyContext(hmac_ctx, PR_TRUE);
+        goto no_ticket;
+    }
+    rv = PK11_DigestFinal(hmac_ctx, computed_mac,
+                          &computed_mac_length, sizeof(computed_mac));
+    PK11_DestroyContext(hmac_ctx, PR_TRUE);
+    if (rv != SECSuccess)
+        goto no_ticket;
+
+    if (NSS_SecureMemcmp(computed_mac, enc_session_ticket.mac,
+                         computed_mac_length) !=
+        0) {
+        SSL_DBG(("%d: SSL[%d]: Session ticket MAC mismatch.",
+                 SSL_GETPID(), ss->fd));
+        goto no_ticket;
+    }
+
+    /* We ignore key_name for now.
+     * This is ok as MAC verification succeeded.
+     */
+
+    /* Decrypt the ticket. */
+
+    /* Plaintext is shorter than the ciphertext due to padding. */
+    decrypted_state = SECITEM_AllocItem(NULL, NULL,
+                                        enc_session_ticket.encrypted_state.len);
+
+    PORT_Assert(aes_key);
+    ivItem.data = enc_session_ticket.iv;
+    ivItem.len = AES_BLOCK_SIZE;
+    aes_ctx = PK11_CreateContextBySymKey(cipherMech, CKA_DECRYPT,
+                                         aes_key, &ivItem);
+    if (!aes_ctx) {
+        SSL_DBG(("%d: SSL[%d]: Unable to create AES context.",
+                 SSL_GETPID(), ss->fd));
+        goto no_ticket;
+    }
+
+    rv = PK11_CipherOp(aes_ctx, decrypted_state->data,
+                       (int *)&decrypted_state->len, decrypted_state->len,
+                       enc_session_ticket.encrypted_state.data,
+                       enc_session_ticket.encrypted_state.len);
+    PK11_Finalize(aes_ctx);
+    PK11_DestroyContext(aes_ctx, PR_TRUE);
+    if (rv != SECSuccess)
+        goto no_ticket;
+
+    /* Check padding. */
+    padding_length =
+        (PRUint32)decrypted_state->data[decrypted_state->len - 1];
+    if (padding_length == 0 || padding_length > AES_BLOCK_SIZE)
+        goto no_ticket;
+
+    padding = &decrypted_state->data[decrypted_state->len - padding_length];
+    for (i = 0; i < padding_length; i++, padding++) {
+        if (padding_length != (PRUint32)*padding)
+            goto no_ticket;
+    }
+
+    /* Deserialize session state. */
+    buffer = decrypted_state->data;
+    buffer_len = decrypted_state->len;
+
+    parsed_session_ticket = PORT_ZAlloc(sizeof(SessionTicket));
+    if (parsed_session_ticket == NULL) {
+        rv = SECFailure;
+        goto loser;
+    }
+
+    /* Read ticket_version and reject if the version is wrong */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 2, &buffer, &buffer_len);
+    if (rv != SECSuccess || temp != TLS_EX_SESS_TICKET_VERSION)
+        goto no_ticket;
+
+    parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp;
+
+    /* Read SSLVersion. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 2, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->ssl_version = (SSL3ProtocolVersion)temp;
+
+    /* Read cipher_suite. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 2, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->cipher_suite = (ssl3CipherSuite)temp;
+
+    /* Read compression_method. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->compression_method = (SSLCompressionMethod)temp;
+
+    /* Read cipher spec parameters. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->authType = (SSLAuthType)temp;
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->authKeyBits = temp;
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->keaType = (SSLKEAType)temp;
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->keaKeyBits = temp;
+
+    /* Read the optional named curve. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    if (parsed_session_ticket->authType == ssl_auth_ecdsa ||
+        parsed_session_ticket->authType == ssl_auth_ecdh_rsa ||
+        parsed_session_ticket->authType == ssl_auth_ecdh_ecdsa) {
+        const sslNamedGroupDef *group =
+            ssl_LookupNamedGroup((SSLNamedGroup)temp);
+        if (!group || group->keaType != ssl_kea_ecdh) {
+            goto no_ticket;
+        }
+        parsed_session_ticket->namedCurve = group;
+    }
+
+    /* Read wrapped master_secret. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->ms_is_wrapped = (PRBool)temp;
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->msWrapMech = (CK_MECHANISM_TYPE)temp;
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 2, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->ms_length = (PRUint16)temp;
+    if (parsed_session_ticket->ms_length == 0 || /* sanity check MS. */
+        parsed_session_ticket->ms_length >
+            sizeof(parsed_session_ticket->master_secret))
+        goto no_ticket;
+
+    /* Allow for the wrapped master secret to be longer. */
+    if (buffer_len < parsed_session_ticket->ms_length)
+        goto no_ticket;
+    PORT_Memcpy(parsed_session_ticket->master_secret, buffer,
+                parsed_session_ticket->ms_length);
+    buffer += parsed_session_ticket->ms_length;
+    buffer_len -= parsed_session_ticket->ms_length;
+
+    /* Read client_identity */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->client_identity.client_auth_type =
+        (ClientAuthenticationType)temp;
+    switch (parsed_session_ticket->client_identity.client_auth_type) {
+        case CLIENT_AUTH_ANONYMOUS:
+            break;
+        case CLIENT_AUTH_CERTIFICATE:
+            rv = ssl3_ExtConsumeHandshakeVariable(ss, &cert_item, 3,
+                                                  &buffer, &buffer_len);
+            if (rv != SECSuccess)
+                goto no_ticket;
+            rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->peer_cert,
+                                  &cert_item);
+            if (rv != SECSuccess)
+                goto no_ticket;
+            break;
+        default:
+            goto no_ticket;
+    }
+    /* Read timestamp. */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 4, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->timestamp = temp;
+
+    /* Read server name */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &nameType, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    if ((PRInt8)nameType != TLS_STE_NO_SERVER_NAME) {
+        SECItem name_item;
+        rv = ssl3_ExtConsumeHandshakeVariable(ss, &name_item, 2, &buffer,
+                                              &buffer_len);
+        if (rv != SECSuccess)
+            goto no_ticket;
+        rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->srvName,
+                              &name_item);
+        if (rv != SECSuccess)
+            goto no_ticket;
+        parsed_session_ticket->srvName.type = (PRUint8)nameType;
+    }
+
+    /* Read extendedMasterSecretUsed */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &temp, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    PORT_Assert(temp == PR_TRUE || temp == PR_FALSE);
+    parsed_session_ticket->extendedMasterSecretUsed = (PRBool)temp;
+
+    rv = ssl3_ExtConsumeHandshake(ss, &parsed_session_ticket->flags, 4,
+                                  &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    parsed_session_ticket->flags = PR_ntohl(parsed_session_ticket->flags);
+
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &alpn_item, 1, &buffer, &buffer_len);
+    if (rv != SECSuccess)
+        goto no_ticket;
+    if (alpn_item.len != 0) {
+        rv = SECITEM_CopyItem(NULL, &parsed_session_ticket->alpnSelection,
+                              &alpn_item);
+        if (rv != SECSuccess)
+            goto no_ticket;
+        if (alpn_item.len >= 256)
+            goto no_ticket;
+    }
+
+    /* Done parsing.  Check that all bytes have been consumed. */
+    if (buffer_len != padding_length)
+        goto no_ticket;
+
+    /* Use the ticket if it has not expired, otherwise free the allocated
+     * memory since the ticket is of no use.
+     */
+    if (parsed_session_ticket->timestamp != 0 &&
+        parsed_session_ticket->timestamp + ssl_ticket_lifetime >
+            ssl_Time()) {
+
+        sid = ssl3_NewSessionID(ss, PR_TRUE);
+        if (sid == NULL) {
+            rv = SECFailure;
+            goto loser;
+        }
+
+        /* Copy over parameters. */
+        sid->version = parsed_session_ticket->ssl_version;
+        sid->u.ssl3.cipherSuite = parsed_session_ticket->cipher_suite;
+        sid->u.ssl3.compression = parsed_session_ticket->compression_method;
+        sid->authType = parsed_session_ticket->authType;
+        sid->authKeyBits = parsed_session_ticket->authKeyBits;
+        sid->keaType = parsed_session_ticket->keaType;
+        sid->keaKeyBits = parsed_session_ticket->keaKeyBits;
+        sid->namedCurve = parsed_session_ticket->namedCurve;
+
+        if (SECITEM_CopyItem(NULL, &sid->u.ssl3.locked.sessionTicket.ticket,
+                             &extension_data) != SECSuccess)
+            goto no_ticket;
+        sid->u.ssl3.locked.sessionTicket.flags = parsed_session_ticket->flags;
+
+        if (parsed_session_ticket->ms_length >
+            sizeof(sid->u.ssl3.keys.wrapped_master_secret))
+            goto no_ticket;
+        PORT_Memcpy(sid->u.ssl3.keys.wrapped_master_secret,
+                    parsed_session_ticket->master_secret,
+                    parsed_session_ticket->ms_length);
+        sid->u.ssl3.keys.wrapped_master_secret_len =
+            parsed_session_ticket->ms_length;
+        sid->u.ssl3.masterWrapMech = parsed_session_ticket->msWrapMech;
+        sid->u.ssl3.keys.msIsWrapped =
+            parsed_session_ticket->ms_is_wrapped;
+        sid->u.ssl3.masterValid = PR_TRUE;
+        sid->u.ssl3.keys.resumable = PR_TRUE;
+        sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket->extendedMasterSecretUsed;
+
+        /* Copy over client cert from session ticket if there is one. */
+        if (parsed_session_ticket->peer_cert.data != NULL) {
+            if (sid->peerCert != NULL)
+                CERT_DestroyCertificate(sid->peerCert);
+            sid->peerCert = CERT_NewTempCertificate(ss->dbHandle,
+                                                    &parsed_session_ticket->peer_cert, NULL, PR_FALSE, PR_TRUE);
+            if (sid->peerCert == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+        }
+        if (parsed_session_ticket->srvName.data != NULL) {
+            if (sid->u.ssl3.srvName.data) {
+                SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
+            }
+            sid->u.ssl3.srvName = parsed_session_ticket->srvName;
+            parsed_session_ticket->srvName.data = NULL;
+        }
+        if (parsed_session_ticket->alpnSelection.data != NULL) {
+            sid->u.ssl3.alpnSelection = parsed_session_ticket->alpnSelection;
+            /* So we don't free below. */
+            parsed_session_ticket->alpnSelection.data = NULL;
+        }
+        ss->statelessResume = PR_TRUE;
+        ss->sec.ci.sid = sid;
+    }
+
+    if (0) {
+    no_ticket:
+        SSL_DBG(("%d: SSL[%d]: Session ticket parsing failed.",
+                 SSL_GETPID(), ss->fd));
+        ssl3stats = SSL_GetStatistics();
+        SSL_AtomicIncrementLong(&ssl3stats->hch_sid_ticket_parse_failures);
+    }
+    rv = SECSuccess;
+
+loser:
+    /* ss->sec.ci.sid == sid if it did NOT come here via goto statement
+     * in that case do not free sid
+     */
+    if (sid && (ss->sec.ci.sid != sid)) {
+        ssl_FreeSID(sid);
+        sid = NULL;
+    }
+    if (decrypted_state != NULL) {
+        SECITEM_FreeItem(decrypted_state, PR_TRUE);
+        decrypted_state = NULL;
+    }
+
+    if (parsed_session_ticket != NULL) {
+        if (parsed_session_ticket->peer_cert.data) {
+            SECITEM_FreeItem(&parsed_session_ticket->peer_cert, PR_FALSE);
+        }
+        if (parsed_session_ticket->alpnSelection.data) {
+            SECITEM_FreeItem(&parsed_session_ticket->alpnSelection, PR_FALSE);
+        }
+        if (parsed_session_ticket->srvName.data) {
+            SECITEM_FreeItem(&parsed_session_ticket->srvName, PR_FALSE);
+        }
+        PORT_ZFree(parsed_session_ticket, sizeof(SessionTicket));
+    }
+
+    return rv;
+}
+
+SECStatus
+ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+
+    /* Ignore the SessionTicket extension if processing is disabled. */
+    if (!ss->opt.enableSessionTickets) {
+        return SECSuccess;
+    }
+
+    /* If we are doing TLS 1.3, then ignore this. */
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    /* Parse the received ticket sent in by the client.  We are
+     * lenient about some parse errors, falling back to a fullshake
+     * instead of terminating the current connection.
+     */
+    if (data->len == 0) {
+        xtnData->emptySessionTicket = PR_TRUE;
+        return SECSuccess;
+    }
+
+    return ssl3_ProcessSessionTicketCommon(CONST_CAST(sslSocket, ss), data);
+}
+
+/*
+ * Read bytes.  Using this function means the SECItem structure
+ * cannot be freed.  The caller is expected to call this function
+ * on a shallow copy of the structure.
+ */
+static SECStatus
+ssl3_ConsumeFromItem(SECItem *item, unsigned char **buf, PRUint32 bytes)
+{
+    if (bytes > item->len)
+        return SECFailure;
+
+    *buf = item->data;
+    item->data += bytes;
+    item->len -= bytes;
+    return SECSuccess;
+}
+
+/* Extension format:
+ * Extension number:   2 bytes
+ * Extension length:   2 bytes
+ * Verify Data Length: 1 byte
+ * Verify Data (TLS): 12 bytes (client) or 24 bytes (server)
+ * Verify Data (SSL): 36 bytes (client) or 72 bytes (server)
+ */
+PRInt32
+ssl3_SendRenegotiationInfoXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
+{
+    PRInt32 len = 0;
+    PRInt32 needed;
+
+    /* In draft-ietf-tls-renegotiation-03, it is NOT RECOMMENDED to send
+     * both the SCSV and the empty RI, so when we send SCSV in
+     * the initial handshake, we don't also send RI.
+     */
+    if (!ss || ss->ssl3.hs.sendingSCSV)
+        return 0;
+    if (ss->firstHsDone) {
+        len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
+                               : ss->ssl3.hs.finishedBytes;
+    }
+    needed = 5 + len;
+    if (maxBytes < (PRUint32)needed) {
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, len + 1, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* verify_Data from previous Finished message(s) */
+        rv = ssl3_ExtAppendHandshakeVariable(ss,
+                                             ss->ssl3.hs.finishedMsgs.data, len, 1);
+        if (rv != SECSuccess)
+            return -1;
+        if (!ss->sec.isServer) {
+            xtnData->advertised[xtnData->numAdvertised++] =
+                ssl_renegotiation_info_xtn;
+        }
+    }
+    return needed;
+}
+
+/* This function runs in both the client and server.  */
+SECStatus
+ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv = SECSuccess;
+    PRUint32 len = 0;
+
+    if (ss->firstHsDone) {
+        len = ss->sec.isServer ? ss->ssl3.hs.finishedBytes
+                               : ss->ssl3.hs.finishedBytes * 2;
+    }
+    if (data->len != 1 + len || data->data[0] != len) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+    if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
+                                data->data + 1, len)) {
+        ssl3_ExtSendAlert(ss, alert_fatal, handshake_failure);
+        PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+        return SECFailure;
+    }
+    /* remember that we got this extension and it was correct. */
+    CONST_CAST(sslSocket, ss)
+        ->peerRequestedProtection = 1;
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    if (ss->sec.isServer) {
+        /* prepare to send back the appropriate response */
+        rv = ssl3_RegisterExtensionSender(ss, xtnData, ex_type,
+                                          ssl3_SendRenegotiationInfoXtn);
+    }
+    return rv;
+}
+
+PRInt32
+ssl3_ClientSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    PRUint32 ext_data_len;
+    PRInt16 i;
+    SECStatus rv;
+
+    if (!ss)
+        return 0;
+
+    if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount)
+        return 0; /* Not relevant */
+
+    ext_data_len = 2 + 2 * ss->ssl3.dtlsSRTPCipherCount + 1;
+
+    if (append && maxBytes >= 4 + ext_data_len) {
+        /* Extension type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* Length of extension data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ext_data_len, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* Length of the SRTP cipher list */
+        rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                           2 * ss->ssl3.dtlsSRTPCipherCount,
+                                           2);
+        if (rv != SECSuccess)
+            return -1;
+        /* The SRTP ciphers */
+        for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+            rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                               ss->ssl3.dtlsSRTPCiphers[i],
+                                               2);
+            if (rv != SECSuccess)
+                return -1;
+        }
+        /* Empty MKI value */
+        ssl3_ExtAppendHandshakeVariable(ss, NULL, 0, 1);
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_use_srtp_xtn;
+    }
+
+    return 4 + ext_data_len;
+}
+
+PRInt32
+ssl3_ServerSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    SECStatus rv;
+
+    /* Server side */
+    if (!append || maxBytes < 9) {
+        return 9;
+    }
+
+    /* Extension type */
+    rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_use_srtp_xtn, 2);
+    if (rv != SECSuccess)
+        return -1;
+    /* Length of extension data */
+    rv = ssl3_ExtAppendHandshakeNumber(ss, 5, 2);
+    if (rv != SECSuccess)
+        return -1;
+    /* Length of the SRTP cipher list */
+    rv = ssl3_ExtAppendHandshakeNumber(ss, 2, 2);
+    if (rv != SECSuccess)
+        return -1;
+    /* The selected cipher */
+    rv = ssl3_ExtAppendHandshakeNumber(ss, xtnData->dtlsSRTPCipherSuite, 2);
+    if (rv != SECSuccess)
+        return -1;
+    /* Empty MKI value */
+    ssl3_ExtAppendHandshakeVariable(ss, NULL, 0, 1);
+
+    return 9;
+}
+
+SECStatus
+ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+    SECItem ciphers = { siBuffer, NULL, 0 };
+    PRUint16 i;
+    PRUint16 cipher = 0;
+    PRBool found = PR_FALSE;
+    SECItem litem;
+
+    if (!data->data || !data->len) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+
+    /* Get the cipher list */
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &ciphers, 2,
+                                          &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure; /* fatal alert already sent */
+    }
+    /* Now check that the server has picked just 1 (i.e., len = 2) */
+    if (ciphers.len != 2) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+
+    /* Get the selected cipher */
+    cipher = (ciphers.data[0] << 8) | ciphers.data[1];
+
+    /* Now check that this is one of the ciphers we offered */
+    for (i = 0; i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+        if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+            found = PR_TRUE;
+            break;
+        }
+    }
+
+    if (!found) {
+        ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+        return SECFailure;
+    }
+
+    /* Get the srtp_mki value */
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &litem, 1,
+                                          &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure; /* alert already sent */
+    }
+
+    /* We didn't offer an MKI, so this must be 0 length */
+    if (litem.len != 0) {
+        ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
+        return SECFailure;
+    }
+
+    /* extra trailing bytes */
+    if (data->len != 0) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+
+    /* OK, this looks fine. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ssl_use_srtp_xtn;
+    xtnData->dtlsSRTPCipherSuite = cipher;
+    return SECSuccess;
+}
+
+SECStatus
+ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+    SECItem ciphers = { siBuffer, NULL, 0 };
+    PRUint16 i;
+    unsigned int j;
+    PRUint16 cipher = 0;
+    PRBool found = PR_FALSE;
+    SECItem litem;
+
+    if (!IS_DTLS(ss) || !ss->ssl3.dtlsSRTPCipherCount) {
+        /* Ignore the extension if we aren't doing DTLS or no DTLS-SRTP
+         * preferences have been set. */
+        return SECSuccess;
+    }
+
+    if (!data->data || data->len < 5) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+
+    /* Get the cipher list */
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &ciphers, 2,
+                                          &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure; /* alert already sent */
+    }
+    /* Check that the list is even length */
+    if (ciphers.len % 2) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+
+    /* Walk through the offered list and pick the most preferred of our
+     * ciphers, if any */
+    for (i = 0; !found && i < ss->ssl3.dtlsSRTPCipherCount; i++) {
+        for (j = 0; j + 1 < ciphers.len; j += 2) {
+            cipher = (ciphers.data[j] << 8) | ciphers.data[j + 1];
+            if (cipher == ss->ssl3.dtlsSRTPCiphers[i]) {
+                found = PR_TRUE;
+                break;
+            }
+        }
+    }
+
+    /* Get the srtp_mki value */
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &litem, 1, &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    if (data->len != 0) {
+        ssl3_ExtDecodeError(ss); /* trailing bytes */
+        return SECFailure;
+    }
+
+    /* Now figure out what to do */
+    if (!found) {
+        /* No matching ciphers, pretend we don't support use_srtp */
+        return SECSuccess;
+    }
+
+    /* OK, we have a valid cipher and we've selected it */
+    xtnData->dtlsSRTPCipherSuite = cipher;
+    xtnData->negotiated[xtnData->numNegotiated++] = ssl_use_srtp_xtn;
+
+    return ssl3_RegisterExtensionSender(ss, xtnData,
+                                        ssl_use_srtp_xtn,
+                                        ssl3_ServerSendUseSRTPXtn);
+}
+
+/* ssl3_ServerHandleSigAlgsXtn handles the signature_algorithms extension
+ * from a client.
+ * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+SECStatus
+ssl3_ServerHandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+
+    /* Ignore this extension if we aren't doing TLS 1.2 or greater. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) {
+        return SECSuccess;
+    }
+
+    if (xtnData->clientSigSchemes) {
+        PORT_Free(xtnData->clientSigSchemes);
+        xtnData->clientSigSchemes = NULL;
+    }
+    rv = ssl_ParseSignatureSchemes(ss, NULL,
+                                   &xtnData->clientSigSchemes,
+                                   &xtnData->numClientSigScheme,
+                                   &data->data, &data->len);
+    if (rv != SECSuccess || xtnData->numClientSigScheme == 0) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+        return SECFailure;
+    }
+    /* Check for trailing data. */
+    if (data->len != 0) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+        return SECFailure;
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    return SECSuccess;
+}
+
+/* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS
+ * 1.2 ClientHellos. */
+PRInt32
+ssl3_ClientSendSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    PRUint8 buf[MAX_SIGNATURE_SCHEMES * 2];
+    PRUint32 len;
+    SECStatus rv;
+
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+        return 0;
+    }
+
+    rv = ssl3_EncodeSigAlgs(ss, buf, sizeof(buf), &len);
+    if (rv != SECSuccess) {
+        return -1;
+    }
+
+    extension_length =
+        2 /* extension type */ +
+        2 /* extension length */ +
+        2 /* supported_signature_algorithms length */ +
+        len;
+
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        rv = ssl3_ExtAppendHandshakeNumber(ss, len + 2, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+
+        rv = ssl3_ExtAppendHandshakeVariable(ss, buf, len, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_signature_algorithms_xtn;
+    }
+
+    return extension_length;
+}
+
+/* Takes the size of the ClientHello, less the record header, and determines how
+ * much padding is required. */
+unsigned int
+ssl3_CalculatePaddingExtensionLength(unsigned int clientHelloLength)
+{
+    unsigned int recordLength = 1 /* handshake message type */ +
+                                3 /* handshake message length */ +
+                                clientHelloLength;
+    unsigned int extensionLength;
+
+    if (recordLength < 256 || recordLength >= 512) {
+        return 0;
+    }
+
+    extensionLength = 512 - recordLength;
+    /* Extensions take at least four bytes to encode. Always include at least
+     * one byte of data if including the extension. Some servers (e.g.
+     * WebSphere Application Server 7.0 and Tomcat) will time out or terminate
+     * the connection if the last extension in the client hello is empty. */
+    if (extensionLength < 4 + 1) {
+        extensionLength = 4 + 1;
+    }
+
+    return extensionLength;
+}
+
+/* ssl3_AppendPaddingExtension possibly adds an extension which ensures that a
+ * ClientHello record is either < 256 bytes or is >= 512 bytes. This ensures
+ * that we don't trigger bugs in F5 products. */
+PRInt32
+ssl3_AppendPaddingExtension(sslSocket *ss, unsigned int extensionLen,
+                            PRUint32 maxBytes)
+{
+    unsigned int paddingLen = extensionLen - 4;
+    static unsigned char padding[252];
+
+    if (extensionLen == 0) {
+        return 0;
+    }
+
+    if (extensionLen > maxBytes ||
+        !paddingLen ||
+        paddingLen > sizeof(padding)) {
+        PORT_Assert(0);
+        return -1;
+    }
+
+    if (SECSuccess != ssl3_ExtAppendHandshakeNumber(ss, ssl_padding_xtn, 2))
+        return -1;
+    if (SECSuccess != ssl3_ExtAppendHandshakeVariable(ss, padding, paddingLen, 2))
+        return -1;
+
+    return extensionLen;
+}
+
+PRInt32
+ssl3_SendExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                 PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+
+    if (!ss->opt.enableExtendedMS) {
+        return 0;
+    }
+
+    /* Always send the extension in this function, since the
+     * client always sends it and this function is only called on
+     * the server if we negotiated the extension. */
+    extension_length = 4; /* Type + length (0) */
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_extended_master_secret_xtn;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
+}
+
+SECStatus
+ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                   SECItem *data)
+{
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) {
+        return SECSuccess;
+    }
+
+    if (!ss->opt.enableExtendedMS) {
+        return SECSuccess;
+    }
+
+    if (data->len != 0) {
+        SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension",
+                     SSL_GETPID(), ss->fd));
+        return SECFailure;
+    }
+
+    SSL_DBG(("%d: SSL[%d]: Negotiated extended master secret extension.",
+             SSL_GETPID(), ss->fd));
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    if (ss->sec.isServer) {
+        return ssl3_RegisterExtensionSender(
+            ss, xtnData, ex_type, ssl3_SendExtendedMasterSecretXtn);
+    }
+    return SECSuccess;
+}
+
+/* ssl3_ClientSendSignedCertTimestampXtn sends the signed_certificate_timestamp
+ * extension for TLS ClientHellos. */
+PRInt32
+ssl3_ClientSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                      PRUint32 maxBytes)
+{
+    PRInt32 extension_length = 2 /* extension_type */ +
+                               2 /* length(extension_data) */;
+
+    /* Only send the extension if processing is enabled. */
+    if (!ss->opt.enableSignedCertTimestamps)
+        return 0;
+
+    if (append && maxBytes >= extension_length) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                           ssl_signed_cert_timestamp_xtn,
+                                           2);
+        if (rv != SECSuccess)
+            goto loser;
+        /* zero length */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_signed_cert_timestamp_xtn;
+    } else if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    return extension_length;
+loser:
+    return -1;
+}
+
+SECStatus
+ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                        SECItem *data)
+{
+    /* We do not yet know whether we'll be resuming a session or creating
+     * a new one, so we keep a pointer to the data in the TLSExtensionData
+     * structure. This pointer is only valid in the scope of
+     * ssl3_HandleServerHello, and, if not resuming a session, the data is
+     * copied once a new session structure has been set up.
+     * All parsing is currently left to the application and we accept
+     * everything, including empty data.
+     */
+    SECItem *scts = &xtnData->signedCertTimestamps;
+    PORT_Assert(!scts->data && !scts->len);
+
+    if (!data->len) {
+        /* Empty extension data: RFC 6962 mandates non-empty contents. */
+        return SECFailure;
+    }
+    *scts = *data;
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    return SECSuccess;
+}
+
+PRInt32
+ssl3_ServerSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                      PRBool append,
+                                      PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    const SECItem *scts = &ss->sec.serverCert->signedCertTimestamps;
+
+    if (!scts->len) {
+        /* No timestamps to send */
+        return 0;
+    }
+
+    extension_length = 2 /* extension_type */ +
+                       2 /* length(extension_data) */ +
+                       scts->len;
+
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+    if (append) {
+        SECStatus rv;
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss,
+                                           ssl_signed_cert_timestamp_xtn,
+                                           2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+        /* extension_data */
+        rv = ssl3_ExtAppendHandshakeVariable(ss, scts->data, scts->len, 2);
+        if (rv != SECSuccess) {
+            return -1;
+        }
+    }
+
+    return extension_length;
+}
+
+SECStatus
+ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss,
+                                        TLSExtensionData *xtnData,
+                                        PRUint16 ex_type,
+                                        SECItem *data)
+{
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+    PORT_Assert(ss->sec.isServer);
+    return ssl3_RegisterExtensionSender(
+        ss, xtnData, ex_type, ssl3_ServerSendSignedCertTimestampXtn);
+}
+
+/* Just make sure that the remote client supports uncompressed points,
+ * Since that is all we support.  Disable ECC cipher suites if it doesn't.
+ */
+SECStatus
+ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                    PRUint16 ex_type,
+                                    SECItem *data)
+{
+    int i;
+
+    if (data->len < 2 || data->len > 255 || !data->data ||
+        data->len != (unsigned int)data->data[0] + 1) {
+        ssl3_ExtDecodeError(ss);
+        return SECFailure;
+    }
+    for (i = data->len; --i > 0;) {
+        if (data->data[i] == 0) {
+            /* indicate that we should send a reply */
+            SECStatus rv;
+            rv = ssl3_RegisterExtensionSender(ss, xtnData, ex_type,
+                                              &ssl3_SendSupportedPointFormatsXtn);
+            return rv;
+        }
+    }
+
+    /* Poor client doesn't support uncompressed points. */
+    PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+    return SECFailure;
+}
+
+static SECStatus
+ssl_UpdateSupportedGroups(sslSocket *ss, SECItem *data)
+{
+    SECStatus rv;
+    PRUint32 list_len;
+    unsigned int i;
+    const sslNamedGroupDef *enabled[SSL_NAMED_GROUP_COUNT] = { 0 };
+    PORT_Assert(SSL_NAMED_GROUP_COUNT == PR_ARRAY_SIZE(enabled));
+
+    if (!data->data || data->len < 4) {
+        (void)ssl3_DecodeError(ss);
+        return SECFailure;
+    }
+
+    /* get the length of elliptic_curve_list */
+    rv = ssl3_ConsumeHandshakeNumber(ss, &list_len, 2, &data->data, &data->len);
+    if (rv != SECSuccess || data->len != list_len || (data->len % 2) != 0) {
+        (void)ssl3_DecodeError(ss);
+        return SECFailure;
+    }
+
+    /* disable all groups and remember the enabled groups */
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        enabled[i] = ss->namedGroupPreferences[i];
+        ss->namedGroupPreferences[i] = NULL;
+    }
+
+    /* Read groups from data and enable if in |enabled| */
+    while (data->len) {
+        const sslNamedGroupDef *group;
+        PRUint32 curve_name;
+        rv = ssl3_ConsumeHandshakeNumber(ss, &curve_name, 2, &data->data,
+                                         &data->len);
+        if (rv != SECSuccess) {
+            return SECFailure; /* fatal alert already sent */
+        }
+        group = ssl_LookupNamedGroup(curve_name);
+        if (group) {
+            for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+                if (enabled[i] && group == enabled[i]) {
+                    ss->namedGroupPreferences[i] = enabled[i];
+                    break;
+                }
+            }
+        }
+
+        /* "Codepoints in the NamedCurve registry with a high byte of 0x01 (that
+         * is, between 256 and 511 inclusive) are set aside for FFDHE groups,"
+         * -- https://tools.ietf.org/html/draft-ietf-tls-negotiated-ff-dhe-10
+         */
+        if ((curve_name & 0xff00) == 0x0100) {
+            ss->xtnData.peerSupportsFfdheGroups = PR_TRUE;
+        }
+    }
+
+    /* Note: if ss->opt.requireDHENamedGroups is set, we disable DHE cipher
+     * suites, but we do that in ssl3_config_match(). */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
+        !ss->opt.requireDHENamedGroups && !ss->xtnData.peerSupportsFfdheGroups) {
+        /* If we don't require that DHE use named groups, and no FFDHE was
+         * included, we pretend that they support all the FFDHE groups we do. */
+        for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+            if (enabled[i] && enabled[i]->keaType == ssl_kea_dh) {
+                ss->namedGroupPreferences[i] = enabled[i];
+            }
+        }
+    }
+
+    return SECSuccess;
+}
+
+/* Ensure that the curve in our server cert is one of the ones supported
+ * by the remote client, and disable all ECC cipher suites if not.
+ */
+SECStatus
+ssl_HandleSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                             PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+
+    rv = ssl_UpdateSupportedGroups(CONST_CAST(sslSocket, ss), data);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    /* TLS 1.3 permits the server to send this extension so make it so. */
+    if (ss->sec.isServer && ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = ssl3_RegisterExtensionSender(ss, xtnData, ex_type,
+                                          &ssl_SendSupportedGroupsXtn);
+        if (rv != SECSuccess) {
+            return SECFailure; /* error already set. */
+        }
+    }
+
+    /* Remember that we negotiated this extension. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}
diff --git a/nss/lib/ssl/ssl3exthandle.h b/nss/lib/ssl/ssl3exthandle.h
new file mode 100644
index 0000000..65223d6
--- /dev/null
+++ b/nss/lib/ssl/ssl3exthandle.h
@@ -0,0 +1,95 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is PRIVATE to SSL.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ssl3exthandle_h_
+#define __ssl3exthandle_h_
+
+PRInt32 ssl3_SendRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                      PRBool append, PRUint32 maxBytes);
+SECStatus ssl3_HandleRenegotiationInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                          PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                       PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ServerHandleNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ServerHandleAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                       SECItem *data);
+PRInt32 ssl3_ClientSendNextProtoNegoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                        PRUint32 maxBytes);
+PRInt32 ssl3_ClientSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                   PRUint32 maxBytes);
+PRInt32 ssl3_ServerSendAppProtoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                   PRUint32 maxBytes);
+PRInt32 ssl3_ClientSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                  PRUint32 maxBytes);
+PRInt32 ssl3_ServerSendUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                  PRUint32 maxBytes);
+SECStatus ssl3_ClientHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                      SECItem *data);
+SECStatus ssl3_ServerHandleUseSRTPXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                      SECItem *data);
+PRInt32 ssl3_ServerSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRBool append, PRUint32 maxBytes);
+SECStatus ssl3_ServerHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type,
+                                            SECItem *data);
+PRInt32 ssl3_ClientSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                        PRUint32 maxBytes);
+PRInt32 ssl3_ClientSendSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                  PRUint32 maxBytes);
+SECStatus ssl3_ServerHandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                      SECItem *data);
+
+PRInt32 ssl3_ClientSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                              PRBool append,
+                                              PRUint32 maxBytes);
+SECStatus ssl3_ClientHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                                  PRUint16 ex_type,
+                                                  SECItem *data);
+PRInt32 ssl3_ServerSendSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                              PRBool append,
+                                              PRUint32 maxBytes);
+SECStatus ssl3_ServerHandleSignedCertTimestampXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                                  PRUint16 ex_type,
+                                                  SECItem *data);
+PRInt32 ssl3_SendExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                         PRUint32 maxBytes);
+SECStatus ssl3_HandleExtendedMasterSecretXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                             PRUint16 ex_type,
+                                             SECItem *data);
+SECStatus ssl3_ProcessSessionTicketCommon(sslSocket *ss, SECItem *data);
+PRInt32 ssl3_SendServerNameXtn(const sslSocket *ss,
+                               TLSExtensionData *xtnData,
+                               PRBool append,
+                               PRUint32 maxBytes);
+SECStatus ssl3_HandleServerNameXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                   PRUint16 ex_type, SECItem *data);
+SECStatus ssl_HandleSupportedGroupsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                       PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_HandleSupportedPointFormatsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                              PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ClientHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+SECStatus ssl3_ServerHandleSessionTicketXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type, SECItem *data);
+PRInt32 ssl3_SendSessionTicketXtn(const sslSocket *ss,
+                                  TLSExtensionData *xtnData,
+                                  PRBool append,
+                                  PRUint32 maxBytes);
+
+PRInt32 ssl_SendSupportedGroupsXtn(const sslSocket *ss,
+                                   TLSExtensionData *xtnData,
+                                   PRBool append, PRUint32 maxBytes);
+PRInt32 ssl3_SendSupportedPointFormatsXtn(const sslSocket *ss,
+                                          TLSExtensionData *xtnData,
+                                          PRBool append, PRUint32 maxBytes);
+#endif
diff --git a/nss/lib/ssl/ssl3gthr.c b/nss/lib/ssl/ssl3gthr.c
new file mode 100644
index 0000000..cf6f4cb
--- /dev/null
+++ b/nss/lib/ssl/ssl3gthr.c
@@ -0,0 +1,596 @@
+/*
+ * Gather (Read) entire SSL3 records from socket into buffer.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "ssl3prot.h"
+
+struct ssl2GatherStr {
+    /* true when ssl3_GatherData encounters an SSLv2 handshake */
+    PRBool isV2;
+
+    /* number of bytes of padding appended to the message content */
+    PRUint8 padding;
+};
+
+typedef struct ssl2GatherStr ssl2Gather;
+
+/* Caller should hold RecvBufLock. */
+SECStatus
+ssl3_InitGather(sslGather *gs)
+{
+    SECStatus status;
+
+    gs->state = GS_INIT;
+    gs->writeOffset = 0;
+    gs->readOffset = 0;
+    gs->dtlsPacketOffset = 0;
+    gs->dtlsPacket.len = 0;
+    gs->rejectV2Records = PR_FALSE;
+    status = sslBuffer_Grow(&gs->buf, 4096);
+    return status;
+}
+
+/* Caller must hold RecvBufLock. */
+void
+ssl3_DestroyGather(sslGather *gs)
+{
+    if (gs) { /* the PORT_*Free functions check for NULL pointers. */
+        PORT_ZFree(gs->buf.buf, gs->buf.space);
+        PORT_Free(gs->inbuf.buf);
+        PORT_Free(gs->dtlsPacket.buf);
+    }
+}
+
+/* Checks whether a given buffer is likely an SSLv3 record header.  */
+PRBool
+ssl3_isLikelyV3Hello(const unsigned char *buf)
+{
+    /* Even if this was a V2 record header we couldn't possibly parse it
+     * correctly as the second bit denotes a vaguely-defined security escape. */
+    if (buf[0] & 0x40) {
+        return PR_TRUE;
+    }
+
+    /* Check for a typical V3 record header. */
+    return (PRBool)(buf[0] >= content_change_cipher_spec &&
+                    buf[0] <= content_application_data &&
+                    buf[1] == MSB(SSL_LIBRARY_VERSION_3_0));
+}
+
+/*
+ * Attempt to read in an entire SSL3 record.
+ * Blocks here for blocking sockets, otherwise returns -1 with
+ *  PR_WOULD_BLOCK_ERROR when socket would block.
+ *
+ * returns  1 if received a complete SSL3 record.
+ * returns  0 if recv returns EOF
+ * returns -1 if recv returns < 0
+ *  (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
+ *
+ * Caller must hold the recv buf lock.
+ *
+ * The Gather state machine has 3 states:  GS_INIT, GS_HEADER, GS_DATA.
+ * GS_HEADER: waiting for the 5-byte SSL3 record header to come in.
+ * GS_DATA:   waiting for the body of the SSL3 record   to come in.
+ *
+ * This loop returns when either
+ *      (a) an error or EOF occurs,
+ *  (b) PR_WOULD_BLOCK_ERROR,
+ *  (c) data (entire SSL3 record) has been received.
+ */
+static int
+ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags, ssl2Gather *ssl2gs)
+{
+    unsigned char *bp;
+    unsigned char *lbp;
+    int nb;
+    int err;
+    int rv = 1;
+    PRUint8 v2HdrLength = 0;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    if (gs->state == GS_INIT) {
+        gs->state = GS_HEADER;
+        gs->remainder = ss->ssl3.hs.shortHeaders ? 2 : 5;
+        gs->offset = 0;
+        gs->writeOffset = 0;
+        gs->readOffset = 0;
+        gs->inbuf.len = 0;
+    }
+
+    lbp = gs->inbuf.buf;
+    for (;;) {
+        SSL_TRC(30, ("%d: SSL3[%d]: gather state %d (need %d more)",
+                     SSL_GETPID(), ss->fd, gs->state, gs->remainder));
+        bp = ((gs->state != GS_HEADER) ? lbp : gs->hdr) + gs->offset;
+        nb = ssl_DefRecv(ss, bp, gs->remainder, flags);
+
+        if (nb > 0) {
+            PRINT_BUF(60, (ss, "raw gather data:", bp, nb));
+        } else if (nb == 0) {
+            /* EOF */
+            SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
+            rv = 0;
+            break;
+        } else /* if (nb < 0) */ {
+            SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
+                     PR_GetError()));
+            rv = SECFailure;
+            break;
+        }
+
+        PORT_Assert((unsigned int)nb <= gs->remainder);
+        if ((unsigned int)nb > gs->remainder) {
+            /* ssl_DefRecv is misbehaving!  this error is fatal to SSL. */
+            gs->state = GS_INIT; /* so we don't crash next time */
+            rv = SECFailure;
+            break;
+        }
+
+        gs->offset += nb;
+        gs->remainder -= nb;
+        if (gs->state == GS_DATA)
+            gs->inbuf.len += nb;
+
+        /* if there's more to go, read some more. */
+        if (gs->remainder > 0) {
+            continue;
+        }
+
+        /* have received entire record header, or entire record. */
+        switch (gs->state) {
+            case GS_HEADER:
+                /* Check for SSLv2 handshakes. Always assume SSLv3 on clients,
+                 * support SSLv2 handshakes only when ssl2gs != NULL.
+                 * Always assume v3 after we received the first record. */
+                if (!ssl2gs ||
+                    ss->gs.rejectV2Records ||
+                    ssl3_isLikelyV3Hello(gs->hdr)) {
+                    /* Should have a non-SSLv2 record header in gs->hdr. Extract
+                     * the length of the following encrypted data, and then
+                     * read in the rest of the record into gs->inbuf. */
+                    if (ss->ssl3.hs.shortHeaders) {
+                        PRUint16 len = (gs->hdr[0] << 8) | gs->hdr[1];
+                        if (!(len & 0x8000)) {
+                            SSL_DBG(("%d: SSL3[%d]: incorrectly formatted header"));
+                            SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+                            gs->state = GS_INIT;
+                            PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+                            return SECFailure;
+                        }
+                        gs->remainder = len & ~0x8000;
+                    } else {
+                        gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4];
+                    }
+                } else {
+                    /* Probably an SSLv2 record header. No need to handle any
+                     * security escapes (gs->hdr[0] & 0x40) as we wouldn't get
+                     * here if one was set. See ssl3_isLikelyV3Hello(). */
+                    gs->remainder = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1];
+                    ssl2gs->isV2 = PR_TRUE;
+                    v2HdrLength = 2;
+
+                    /* Is it a 3-byte header with padding? */
+                    if (!(gs->hdr[0] & 0x80)) {
+                        ssl2gs->padding = gs->hdr[2];
+                        v2HdrLength++;
+                    }
+                }
+
+                /* This is the max length for an encrypted SSLv3+ fragment. */
+                if (!v2HdrLength &&
+                    gs->remainder > (MAX_FRAGMENT_LENGTH + 2048)) {
+                    SSL3_SendAlert(ss, alert_fatal, record_overflow);
+                    gs->state = GS_INIT;
+                    PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+                    return SECFailure;
+                }
+
+                gs->state = GS_DATA;
+                gs->offset = 0;
+                gs->inbuf.len = 0;
+
+                if (gs->remainder > gs->inbuf.space) {
+                    err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
+                    if (err) { /* realloc has set error code to no mem. */
+                        return err;
+                    }
+                    lbp = gs->inbuf.buf;
+                }
+
+                /* When we encounter an SSLv2 hello we've read 2 or 3 bytes too
+                 * many into the gs->hdr[] buffer. Copy them over into inbuf so
+                 * that we can properly process the hello record later. */
+                if (v2HdrLength) {
+                    /* Reject v2 records that don't even carry enough data to
+                     * resemble a valid ClientHello header. */
+                    if (gs->remainder < SSL_HL_CLIENT_HELLO_HBYTES) {
+                        SSL3_SendAlert(ss, alert_fatal, illegal_parameter);
+                        PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+                        return SECFailure;
+                    }
+
+                    PORT_Assert(lbp);
+                    gs->inbuf.len = 5 - v2HdrLength;
+                    PORT_Memcpy(lbp, gs->hdr + v2HdrLength, gs->inbuf.len);
+                    gs->remainder -= gs->inbuf.len;
+                    lbp += gs->inbuf.len;
+                }
+
+                if (gs->remainder > 0) {
+                    break; /* End this case.  Continue around the loop. */
+                }
+
+            /* FALL THROUGH if (gs->remainder == 0) as we just received
+                 * an empty record and there's really no point in calling
+                 * ssl_DefRecv() with buf=NULL and len=0. */
+
+            case GS_DATA:
+                /*
+                ** SSL3 record has been completely received.
+                */
+                SSL_TRC(10, ("%d: SSL[%d]: got record of %d bytes",
+                             SSL_GETPID(), ss->fd, gs->inbuf.len));
+
+                /* reject any v2 records from now on */
+                ss->gs.rejectV2Records = PR_TRUE;
+
+                gs->state = GS_INIT;
+                return 1;
+        }
+    }
+
+    return rv;
+}
+
+/*
+ * Read in an entire DTLS record.
+ *
+ * Blocks here for blocking sockets, otherwise returns -1 with
+ *  PR_WOULD_BLOCK_ERROR when socket would block.
+ *
+ * This is simpler than SSL because we are reading on a datagram socket
+ * and datagrams must contain >=1 complete records.
+ *
+ * returns  1 if received a complete DTLS record.
+ * returns  0 if recv returns EOF
+ * returns -1 if recv returns < 0
+ *  (The error value may have already been set to PR_WOULD_BLOCK_ERROR)
+ *
+ * Caller must hold the recv buf lock.
+ *
+ * This loop returns when either
+ *      (a) an error or EOF occurs,
+ *  (b) PR_WOULD_BLOCK_ERROR,
+ *  (c) data (entire DTLS record) has been received.
+ */
+static int
+dtls_GatherData(sslSocket *ss, sslGather *gs, int flags)
+{
+    int nb;
+    int err;
+    int rv = 1;
+
+    SSL_TRC(30, ("dtls_GatherData"));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+
+    gs->state = GS_HEADER;
+    gs->offset = 0;
+
+    if (gs->dtlsPacketOffset == gs->dtlsPacket.len) { /* No data left */
+        gs->dtlsPacketOffset = 0;
+        gs->dtlsPacket.len = 0;
+
+        /* Resize to the maximum possible size so we can fit a full datagram */
+        /* This is the max fragment length for an encrypted fragment
+        ** plus the size of the record header.
+        ** This magic constant is copied from ssl3_GatherData, with 5 changed
+        ** to 13 (the size of the record header).
+        */
+        if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) {
+            err = sslBuffer_Grow(&gs->dtlsPacket,
+                                 MAX_FRAGMENT_LENGTH + 2048 + 13);
+            if (err) { /* realloc has set error code to no mem. */
+                return err;
+            }
+        }
+
+        /* recv() needs to read a full datagram at a time */
+        nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags);
+
+        if (nb > 0) {
+            PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb));
+        } else if (nb == 0) {
+            /* EOF */
+            SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd));
+            rv = 0;
+            return rv;
+        } else /* if (nb < 0) */ {
+            SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd,
+                     PR_GetError()));
+            rv = SECFailure;
+            return rv;
+        }
+
+        gs->dtlsPacket.len = nb;
+    }
+
+    /* At this point we should have >=1 complete records lined up in
+     * dtlsPacket. Read off the header.
+     */
+    if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) {
+        SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet "
+                 "too short to contain header",
+                 SSL_GETPID(), ss->fd));
+        PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+        gs->dtlsPacketOffset = 0;
+        gs->dtlsPacket.len = 0;
+        rv = SECFailure;
+        return rv;
+    }
+    memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13);
+    gs->dtlsPacketOffset += 13;
+
+    /* Have received SSL3 record header in gs->hdr. */
+    gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12];
+
+    if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) {
+        SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short "
+                 "to contain rest of body",
+                 SSL_GETPID(), ss->fd));
+        PR_SetError(PR_WOULD_BLOCK_ERROR, 0);
+        gs->dtlsPacketOffset = 0;
+        gs->dtlsPacket.len = 0;
+        rv = SECFailure;
+        return rv;
+    }
+
+    /* OK, we have at least one complete packet, copy into inbuf */
+    if (gs->remainder > gs->inbuf.space) {
+        err = sslBuffer_Grow(&gs->inbuf, gs->remainder);
+        if (err) { /* realloc has set error code to no mem. */
+            return err;
+        }
+    }
+
+    memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset,
+           gs->remainder);
+    gs->inbuf.len = gs->remainder;
+    gs->offset = gs->remainder;
+    gs->dtlsPacketOffset += gs->remainder;
+    gs->state = GS_INIT;
+
+    return 1;
+}
+
+/* Gather in a record and when complete, Handle that record.
+ * Repeat this until the handshake is complete,
+ * or until application data is available.
+ *
+ * Returns  1 when the handshake is completed without error, or
+ *                 application data is available.
+ * Returns  0 if ssl3_GatherData hits EOF.
+ * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
+ * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
+ *
+ * Called from ssl_GatherRecord1stHandshake       in sslcon.c,
+ *    and from SSL_ForceHandshake in sslsecur.c
+ *    and from ssl3_GatherAppDataRecord below (<- DoRecv in sslsecur.c).
+ *
+ * Caller must hold the recv buf lock.
+ */
+int
+ssl3_GatherCompleteHandshake(sslSocket *ss, int flags)
+{
+    int rv;
+    SSL3Ciphertext cText;
+    PRBool keepGoing = PR_TRUE;
+
+    SSL_TRC(30, ("ssl3_GatherCompleteHandshake"));
+
+    /* ssl3_HandleRecord may end up eventually calling ssl_FinishHandshake,
+     * which requires the 1stHandshakeLock, which must be acquired before the
+     * RecvBufLock.
+     */
+    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+
+    do {
+        PRBool handleRecordNow = PR_FALSE;
+
+        ssl_GetSSL3HandshakeLock(ss);
+
+        /* Without this, we may end up wrongly reporting
+         * SSL_ERROR_RX_UNEXPECTED_* errors if we receive any records from the
+         * peer while we are waiting to be restarted.
+         */
+        if (ss->ssl3.hs.restartTarget) {
+            ssl_ReleaseSSL3HandshakeLock(ss);
+            PORT_SetError(PR_WOULD_BLOCK_ERROR);
+            return (int)SECFailure;
+        }
+
+        /* Treat an empty msgState like a NULL msgState. (Most of the time
+         * when ssl3_HandleHandshake returns SECWouldBlock, it leaves
+         * behind a non-NULL but zero-length msgState).
+         * Test: async_cert_restart_server_sends_hello_request_first_in_separate_record
+         */
+        if (ss->ssl3.hs.msgState.buf) {
+            if (ss->ssl3.hs.msgState.len == 0) {
+                ss->ssl3.hs.msgState.buf = NULL;
+            } else {
+                handleRecordNow = PR_TRUE;
+            }
+        }
+
+        ssl_ReleaseSSL3HandshakeLock(ss);
+
+        if (handleRecordNow) {
+            /* ssl3_HandleHandshake previously returned SECWouldBlock and the
+             * as-yet-unprocessed plaintext of that previous handshake record.
+             * We need to process it now before we overwrite it with the next
+             * handshake record.
+             */
+            rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf);
+        } else {
+            /* State for SSLv2 client hello support. */
+            ssl2Gather ssl2gs = { PR_FALSE, 0 };
+            ssl2Gather *ssl2gs_ptr = NULL;
+
+            /* If we're a server and waiting for a client hello, accept v2. */
+            if (ss->sec.isServer && ss->ssl3.hs.ws == wait_client_hello) {
+                ssl2gs_ptr = &ssl2gs;
+            }
+
+            /* bring in the next sslv3 record. */
+            if (ss->recvdCloseNotify) {
+                /* RFC 5246 Section 7.2.1:
+                 *   Any data received after a closure alert is ignored.
+                 */
+                return 0;
+            }
+
+            if (!IS_DTLS(ss)) {
+                /* If we're a server waiting for a ClientHello then pass
+                 * ssl2gs to support SSLv2 ClientHello messages. */
+                rv = ssl3_GatherData(ss, &ss->gs, flags, ssl2gs_ptr);
+            } else {
+                rv = dtls_GatherData(ss, &ss->gs, flags);
+
+                /* If we got a would block error, that means that no data was
+                 * available, so we check the timer to see if it's time to
+                 * retransmit */
+                if (rv == SECFailure &&
+                    (PORT_GetError() == PR_WOULD_BLOCK_ERROR)) {
+                    dtls_CheckTimer(ss);
+                    /* Restore the error in case something succeeded */
+                    PORT_SetError(PR_WOULD_BLOCK_ERROR);
+                }
+            }
+
+            if (rv <= 0) {
+                return rv;
+            }
+
+            if (ssl2gs.isV2) {
+                rv = ssl3_HandleV2ClientHello(ss, ss->gs.inbuf.buf,
+                                              ss->gs.inbuf.len,
+                                              ssl2gs.padding);
+                if (rv < 0) {
+                    return rv;
+                }
+            } else {
+                /* decipher it, and handle it if it's a handshake.
+                 * If it's application data, ss->gs.buf will not be empty upon return.
+                 * If it's a change cipher spec, alert, or handshake message,
+                 * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess.
+                 */
+                if (ss->ssl3.hs.shortHeaders) {
+                    cText.type = content_application_data;
+                    cText.version = SSL_LIBRARY_VERSION_TLS_1_0;
+                } else {
+                    cText.type = (SSL3ContentType)ss->gs.hdr[0];
+                    cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2];
+                }
+
+                if (IS_DTLS(ss)) {
+                    sslSequenceNumber seq_num;
+
+                    cText.version = dtls_DTLSVersionToTLSVersion(cText.version);
+                    /* DTLS sequence number */
+                    PORT_Memcpy(&seq_num, &ss->gs.hdr[3], sizeof(seq_num));
+                    cText.seq_num = PR_ntohll(seq_num);
+                }
+
+                cText.buf = &ss->gs.inbuf;
+                rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf);
+            }
+        }
+        if (rv < 0) {
+            return ss->recvdCloseNotify ? 0 : rv;
+        }
+        if (ss->gs.buf.len > 0) {
+            /* We have application data to return to the application. This
+             * prioritizes returning application data to the application over
+             * completing any renegotiation handshake we may be doing.
+             */
+            PORT_Assert(ss->firstHsDone);
+            PORT_Assert(cText.type == content_application_data);
+            break;
+        }
+
+        PORT_Assert(keepGoing);
+        ssl_GetSSL3HandshakeLock(ss);
+        if (ss->ssl3.hs.ws == idle_handshake) {
+            /* We are done with the current handshake so stop trying to
+             * handshake. Note that it would be safe to test ss->firstHsDone
+             * instead of ss->ssl3.hs.ws. By testing ss->ssl3.hs.ws instead,
+             * we prioritize completing a renegotiation handshake over sending
+             * application data.
+             */
+            PORT_Assert(ss->firstHsDone);
+            PORT_Assert(!ss->ssl3.hs.canFalseStart);
+            keepGoing = PR_FALSE;
+        } else if (ss->ssl3.hs.canFalseStart) {
+            /* Prioritize sending application data over trying to complete
+             * the handshake if we're false starting.
+             *
+             * If we were to do this check at the beginning of the loop instead
+             * of here, then this function would become be a no-op after
+             * receiving the ServerHelloDone in the false start case, and we
+             * would never complete the handshake.
+             */
+            PORT_Assert(!ss->firstHsDone);
+
+            if (ssl3_WaitingForServerSecondRound(ss)) {
+                keepGoing = PR_FALSE;
+            } else {
+                ss->ssl3.hs.canFalseStart = PR_FALSE;
+            }
+        }
+        ssl_ReleaseSSL3HandshakeLock(ss);
+    } while (keepGoing);
+
+    /* Service the DTLS timer so that the holddown timer eventually fires. */
+    if (IS_DTLS(ss)) {
+        dtls_CheckTimer(ss);
+    }
+    ss->gs.readOffset = 0;
+    ss->gs.writeOffset = ss->gs.buf.len;
+    return 1;
+}
+
+/* Repeatedly gather in a record and when complete, Handle that record.
+ * Repeat this until some application data is received.
+ *
+ * Returns  1 when application data is available.
+ * Returns  0 if ssl3_GatherData hits EOF.
+ * Returns -1 on read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
+ * Returns -2 on SECWouldBlock return from ssl3_HandleRecord.
+ *
+ * Called from DoRecv in sslsecur.c
+ * Caller must hold the recv buf lock.
+ */
+int
+ssl3_GatherAppDataRecord(sslSocket *ss, int flags)
+{
+    int rv;
+
+    /* ssl3_GatherCompleteHandshake requires both of these locks. */
+    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+
+    do {
+        rv = ssl3_GatherCompleteHandshake(ss, flags);
+    } while (rv > 0 && ss->gs.buf.len == 0);
+
+    return rv;
+}
diff --git a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
new file mode 100644
index 0000000..b7230e0
--- /dev/null
+++ b/nss/lib/ssl/ssl3prot.h
@@ -0,0 +1,341 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* Private header file of libSSL.
+ * Various and sundry protocol constants. DON'T CHANGE THESE. These
+ * values are defined by the SSL 3.0 protocol specification.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __ssl3proto_h_
+#define __ssl3proto_h_
+
+typedef PRUint8 SSL3Opaque;
+
+typedef PRUint16 SSL3ProtocolVersion;
+/* version numbers are defined in sslproto.h */
+
+/* The TLS 1.3 draft version. Used to avoid negotiating
+ * between incompatible pre-standard TLS 1.3 drafts.
+ * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */
+#define TLS_1_3_DRAFT_VERSION 18
+
+typedef PRUint16 ssl3CipherSuite;
+/* The cipher suites are defined in sslproto.h */
+
+#define MAX_CERT_TYPES 10
+#define MAX_COMPRESSION_METHODS 10
+#define MAX_MAC_LENGTH 64
+#define MAX_PADDING_LENGTH 64
+#define MAX_KEY_LENGTH 64
+#define EXPORT_KEY_LENGTH 5
+#define SSL3_RANDOM_LENGTH 32
+
+#define SSL3_RECORD_HEADER_LENGTH 5
+#define TLS13_RECORD_HEADER_LENGTH_SHORT 2
+
+/* SSL3_RECORD_HEADER_LENGTH + epoch/sequence_number */
+#define DTLS_RECORD_HEADER_LENGTH 13
+
+#define MAX_FRAGMENT_LENGTH 16384
+
+typedef enum {
+    content_change_cipher_spec = 20,
+    content_alert = 21,
+    content_handshake = 22,
+    content_application_data = 23,
+    content_tls_proof_message = 28 // TLS-N Extension
+} SSL3ContentType;
+
+typedef struct {
+    SSL3ContentType type;
+    SSL3ProtocolVersion version;
+    PRUint16 length;
+    SECItem fragment;
+} SSL3Plaintext;
+
+typedef struct {
+    SSL3ContentType type;
+    SSL3ProtocolVersion version;
+    PRUint16 length;
+    SECItem fragment;
+} SSL3Compressed;
+
+typedef struct {
+    SECItem content;
+    SSL3Opaque MAC[MAX_MAC_LENGTH];
+} SSL3GenericStreamCipher;
+
+typedef struct {
+    SECItem content;
+    SSL3Opaque MAC[MAX_MAC_LENGTH];
+    PRUint8 padding[MAX_PADDING_LENGTH];
+    PRUint8 padding_length;
+} SSL3GenericBlockCipher;
+
+typedef enum { change_cipher_spec_choice = 1 } SSL3ChangeCipherSpecChoice;
+
+typedef struct {
+    SSL3ChangeCipherSpecChoice choice;
+} SSL3ChangeCipherSpec;
+
+typedef enum { alert_warning = 1,
+               alert_fatal = 2 } SSL3AlertLevel;
+
+typedef enum {
+    close_notify = 0,
+    end_of_early_data = 1, /* TLS 1.3 */
+    unexpected_message = 10,
+    bad_record_mac = 20,
+    decryption_failed_RESERVED = 21, /* do not send; see RFC 5246 */
+    record_overflow = 22,            /* TLS only */
+    decompression_failure = 30,
+    handshake_failure = 40,
+    no_certificate = 41, /* SSL3 only, NOT TLS */
+    bad_certificate = 42,
+    unsupported_certificate = 43,
+    certificate_revoked = 44,
+    certificate_expired = 45,
+    certificate_unknown = 46,
+    illegal_parameter = 47,
+
+    /* All alerts below are TLS only. */
+    unknown_ca = 48,
+    access_denied = 49,
+    decode_error = 50,
+    decrypt_error = 51,
+    export_restriction = 60,
+    protocol_version = 70,
+    insufficient_security = 71,
+    internal_error = 80,
+    inappropriate_fallback = 86, /* could also be sent for SSLv3 */
+    user_canceled = 90,
+    no_renegotiation = 100,
+
+    /* Alerts for client hello extensions */
+    missing_extension = 109,
+    unsupported_extension = 110,
+    certificate_unobtainable = 111,
+    unrecognized_name = 112,
+    bad_certificate_status_response = 113,
+    bad_certificate_hash_value = 114,
+    no_application_protocol = 120,
+
+    /* invalid alert */
+    no_alert = 256
+} SSL3AlertDescription;
+
+typedef struct {
+    SSL3AlertLevel level;
+    SSL3AlertDescription description;
+} SSL3Alert;
+
+typedef enum {
+    hello_request = 0,
+    client_hello = 1,
+    server_hello = 2,
+    hello_verify_request = 3,
+    new_session_ticket = 4,
+    hello_retry_request = 6,
+    encrypted_extensions = 8,
+    certificate = 11,
+    server_key_exchange = 12,
+    certificate_request = 13,
+    server_hello_done = 14,
+    certificate_verify = 15,
+    client_key_exchange = 16,
+    finished = 20,
+    certificate_status = 22,
+    next_proto = 67
+} SSL3HandshakeType;
+
+typedef struct {
+    PRUint8 empty;
+} SSL3HelloRequest;
+
+typedef struct {
+    SSL3Opaque rand[SSL3_RANDOM_LENGTH];
+} SSL3Random;
+
+typedef struct {
+    SSL3Opaque id[32];
+    PRUint8 length;
+} SSL3SessionID;
+
+typedef struct {
+    SSL3ProtocolVersion client_version;
+    SSL3Random random;
+    SSL3SessionID session_id;
+    SECItem cipher_suites;
+    PRUint8 cm_count;
+    SSLCompressionMethod compression_methods[MAX_COMPRESSION_METHODS];
+} SSL3ClientHello;
+
+typedef struct {
+    SSL3ProtocolVersion server_version;
+    SSL3Random random;
+    SSL3SessionID session_id;
+    ssl3CipherSuite cipher_suite;
+    SSLCompressionMethod compression_method;
+} SSL3ServerHello;
+
+typedef struct {
+    SECItem list;
+} SSL3Certificate;
+
+/* SSL3SignType moved to ssl.h */
+
+/* The SSL key exchange method used */
+typedef enum {
+    kea_null,
+    kea_rsa,
+    kea_dh_dss,
+    kea_dh_rsa,
+    kea_dhe_dss,
+    kea_dhe_rsa,
+    kea_dh_anon,
+    kea_ecdh_ecdsa,
+    kea_ecdhe_ecdsa,
+    kea_ecdh_rsa,
+    kea_ecdhe_rsa,
+    kea_ecdh_anon,
+    kea_ecdhe_psk,
+    kea_dhe_psk,
+    kea_tls13_any,
+} SSL3KeyExchangeAlgorithm;
+
+typedef struct {
+    SECItem modulus;
+    SECItem exponent;
+} SSL3ServerRSAParams;
+
+typedef struct {
+    SECItem p;
+    SECItem g;
+    SECItem Ys;
+} SSL3ServerDHParams;
+
+typedef struct {
+    union {
+        SSL3ServerDHParams dh;
+        SSL3ServerRSAParams rsa;
+    } u;
+} SSL3ServerParams;
+
+/* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS
+ * prior to 1.2. */
+typedef struct {
+    PRUint8 md5[16];
+    PRUint8 sha[20];
+} SSL3HashesIndividually;
+
+/* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw|
+ * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually
+ * struct. */
+typedef struct {
+    unsigned int len;
+    SSLHashType hashAlg;
+    union {
+        PRUint8 raw[64];
+        SSL3HashesIndividually s;
+        SECItem pointer_to_hash_input;
+    } u;
+} SSL3Hashes;
+
+typedef struct {
+    union {
+        SSL3Opaque anonymous;
+        SSL3Hashes certified;
+    } u;
+} SSL3ServerKeyExchange;
+
+typedef enum {
+    ct_RSA_sign = 1,
+    ct_DSS_sign = 2,
+    ct_RSA_fixed_DH = 3,
+    ct_DSS_fixed_DH = 4,
+    ct_RSA_ephemeral_DH = 5,
+    ct_DSS_ephemeral_DH = 6,
+    ct_ECDSA_sign = 64,
+    ct_RSA_fixed_ECDH = 65,
+    ct_ECDSA_fixed_ECDH = 66
+
+} SSL3ClientCertificateType;
+
+typedef struct {
+    SSL3Opaque client_version[2];
+    SSL3Opaque random[46];
+} SSL3RSAPreMasterSecret;
+
+typedef SSL3Opaque SSL3MasterSecret[48];
+
+typedef enum {
+    sender_client = 0x434c4e54,
+    sender_server = 0x53525652
+} SSL3Sender;
+
+typedef SSL3HashesIndividually SSL3Finished;
+
+typedef struct {
+    SSL3Opaque verify_data[12];
+} TLSFinished;
+
+/*
+ * TLS extension related data structures and constants.
+ */
+
+/* SessionTicket extension related data structures. */
+
+/* NewSessionTicket handshake message. */
+typedef struct {
+    PRTime received_timestamp;
+    PRUint32 ticket_lifetime_hint;
+    PRUint32 flags;
+    PRUint32 ticket_age_add;
+    PRUint32 max_early_data_size;
+    SECItem ticket;
+} NewSessionTicket;
+
+typedef enum {
+    tls13_psk_ke = 0,
+    tls13_psk_dh_ke = 1
+} TLS13PskKEModes;
+
+typedef enum {
+    CLIENT_AUTH_ANONYMOUS = 0,
+    CLIENT_AUTH_CERTIFICATE = 1
+} ClientAuthenticationType;
+
+typedef struct {
+    ClientAuthenticationType client_auth_type;
+    union {
+        SSL3Opaque *certificate_list;
+    } identity;
+} ClientIdentity;
+
+#define SESS_TICKET_KEY_NAME_LEN 16
+#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
+#define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
+#define SESS_TICKET_KEY_VAR_NAME_LEN 12
+
+typedef struct {
+    unsigned char *key_name;
+    unsigned char *iv;
+    SECItem encrypted_state;
+    unsigned char *mac;
+} EncryptedSessionTicket;
+
+#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
+
+#define TLS_STE_NO_SERVER_NAME -1
+
+// TLS-N Extension
+//Definition of the messages sub-types of the tls proof message content type
+typedef enum {
+    tlsproof_message_type_request = 1,
+    tlsproof_message_type_response = 2
+}TLSProofMessageType;
+#define TLS_PROOF_MESSAGE_TYPE_SIZE 1
+
+
+#endif /* __ssl3proto_h_ */
diff --git a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
new file mode 100644
index 0000000..5b5f672
--- /dev/null
+++ b/nss/lib/ssl/sslauth.c
@@ -0,0 +1,292 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "cert.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "pk11func.h"
+#include "ocsp.h"
+
+/* NEED LOCKS IN HERE.  */
+CERTCertificate *
+SSL_PeerCertificate(PRFileDesc *fd)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
+                 SSL_GETPID(), fd));
+        return 0;
+    }
+    if (ss->opt.useSecurity && ss->sec.peerCert) {
+        return CERT_DupCertificate(ss->sec.peerCert);
+    }
+    return 0;
+}
+
+/* NEED LOCKS IN HERE.  */
+CERTCertList *
+SSL_PeerCertificateChain(PRFileDesc *fd)
+{
+    sslSocket *ss;
+    CERTCertList *chain = NULL;
+    CERTCertificate *cert;
+    ssl3CertNode *cur;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificateChain",
+                 SSL_GETPID(), fd));
+        return NULL;
+    }
+    if (!ss->opt.useSecurity || !ss->sec.peerCert) {
+        PORT_SetError(SSL_ERROR_NO_CERTIFICATE);
+        return NULL;
+    }
+    chain = CERT_NewCertList();
+    if (!chain) {
+        return NULL;
+    }
+    cert = CERT_DupCertificate(ss->sec.peerCert);
+    if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
+        goto loser;
+    }
+    for (cur = ss->ssl3.peerCertChain; cur; cur = cur->next) {
+        cert = CERT_DupCertificate(cur->cert);
+        if (CERT_AddCertToListTail(chain, cert) != SECSuccess) {
+            goto loser;
+        }
+    }
+    return chain;
+
+loser:
+    CERT_DestroyCertList(chain);
+    return NULL;
+}
+
+/* NEED LOCKS IN HERE.  */
+CERTCertificate *
+SSL_LocalCertificate(PRFileDesc *fd)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in PeerCertificate",
+                 SSL_GETPID(), fd));
+        return NULL;
+    }
+    if (ss->opt.useSecurity) {
+        if (ss->sec.localCert) {
+            return CERT_DupCertificate(ss->sec.localCert);
+        }
+        if (ss->sec.ci.sid && ss->sec.ci.sid->localCert) {
+            return CERT_DupCertificate(ss->sec.ci.sid->localCert);
+        }
+    }
+    return NULL;
+}
+
+/* NEED LOCKS IN HERE.  */
+SECStatus
+SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
+                   char **ip, char **sp)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SecurityStatus",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (cp)
+        *cp = 0;
+    if (kp0)
+        *kp0 = 0;
+    if (kp1)
+        *kp1 = 0;
+    if (ip)
+        *ip = 0;
+    if (sp)
+        *sp = 0;
+    if (op) {
+        *op = SSL_SECURITY_STATUS_OFF;
+    }
+
+    if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
+        const ssl3BulkCipherDef *bulkCipherDef;
+        PRBool isDes = PR_FALSE;
+
+        bulkCipherDef = ssl_GetBulkCipherDef(ss->ssl3.hs.suite_def);
+        if (cp) {
+            *cp = PORT_Strdup(bulkCipherDef->short_name);
+        }
+        if (PORT_Strstr(bulkCipherDef->short_name, "DES")) {
+            isDes = PR_TRUE;
+        }
+
+        if (kp0) {
+            *kp0 = bulkCipherDef->key_size * 8;
+            if (isDes)
+                *kp0 = (*kp0 * 7) / 8;
+        }
+        if (kp1) {
+            *kp1 = bulkCipherDef->secret_key_size * 8;
+            if (isDes)
+                *kp1 = (*kp1 * 7) / 8;
+        }
+        if (op) {
+            if (bulkCipherDef->key_size == 0) {
+                *op = SSL_SECURITY_STATUS_OFF;
+            } else if (bulkCipherDef->secret_key_size * 8 < 90) {
+                *op = SSL_SECURITY_STATUS_ON_LOW;
+            } else {
+                *op = SSL_SECURITY_STATUS_ON_HIGH;
+            }
+        }
+
+        if (ip || sp) {
+            CERTCertificate *cert;
+
+            cert = ss->sec.peerCert;
+            if (cert) {
+                if (ip) {
+                    *ip = CERT_NameToAscii(&cert->issuer);
+                }
+                if (sp) {
+                    *sp = CERT_NameToAscii(&cert->subject);
+                }
+            } else {
+                if (ip) {
+                    *ip = PORT_Strdup("no certificate");
+                }
+                if (sp) {
+                    *sp = PORT_Strdup("no certificate");
+                }
+            }
+        }
+    }
+
+    return SECSuccess;
+}
+
+/************************************************************************/
+
+/* NEED LOCKS IN HERE.  */
+SECStatus
+SSL_AuthCertificateHook(PRFileDesc *s, SSLAuthCertificate func, void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(s);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in AuthCertificateHook",
+                 SSL_GETPID(), s));
+        return SECFailure;
+    }
+
+    ss->authCertificate = func;
+    ss->authCertificateArg = arg;
+
+    return SECSuccess;
+}
+
+/* NEED LOCKS IN HERE.  */
+SECStatus
+SSL_GetClientAuthDataHook(PRFileDesc *s, SSLGetClientAuthData func,
+                          void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(s);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
+                 SSL_GETPID(), s));
+        return SECFailure;
+    }
+
+    ss->getClientAuthData = func;
+    ss->getClientAuthDataArg = arg;
+    return SECSuccess;
+}
+
+/* NEED LOCKS IN HERE.  */
+SECStatus
+SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(s);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in GetClientAuthDataHook",
+                 SSL_GETPID(), s));
+        return SECFailure;
+    }
+
+    ss->pkcs11PinArg = arg;
+    return SECSuccess;
+}
+
+/* This is the "default" authCert callback function.  It is called when a
+ * certificate message is received from the peer and the local application
+ * has not registered an authCert callback function.
+ */
+SECStatus
+SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
+{
+    SECStatus rv;
+    CERTCertDBHandle *handle;
+    sslSocket *ss;
+    SECCertUsage certUsage;
+    const char *hostname = NULL;
+    PRTime now = PR_Now();
+    SECItemArray *certStatusArray;
+
+    ss = ssl_FindSocket(fd);
+    PORT_Assert(ss != NULL);
+    if (!ss) {
+        return SECFailure;
+    }
+
+    handle = (CERTCertDBHandle *)arg;
+    certStatusArray = &ss->sec.ci.sid->peerCertStatus;
+
+    if (certStatusArray->len) {
+        PORT_SetError(0);
+        if (CERT_CacheOCSPResponseFromSideChannel(handle, ss->sec.peerCert, now,
+                                                  &certStatusArray->items[0],
+                                                  ss->pkcs11PinArg) !=
+            SECSuccess) {
+            PORT_Assert(PR_GetError() != 0);
+        }
+    }
+
+    /* this may seem backwards, but isn't. */
+    certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+
+    rv = CERT_VerifyCert(handle, ss->sec.peerCert, checkSig, certUsage,
+                         now, ss->pkcs11PinArg, NULL);
+
+    if (rv != SECSuccess || isServer)
+        return rv;
+
+    /* cert is OK.  This is the client side of an SSL connection.
+     * Now check the name field in the cert against the desired hostname.
+     * NB: This is our only defense against Man-In-The-Middle (MITM) attacks!
+     */
+    hostname = ss->url;
+    if (hostname && hostname[0])
+        rv = CERT_VerifyCertName(ss->sec.peerCert, hostname);
+    else
+        rv = SECFailure;
+    if (rv != SECSuccess)
+        PORT_SetError(SSL_ERROR_BAD_CERT_DOMAIN);
+
+    return rv;
+}
diff --git a/nss/lib/ssl/sslcert.c b/nss/lib/ssl/sslcert.c
new file mode 100644
index 0000000..388fc09
--- /dev/null
+++ b/nss/lib/ssl/sslcert.c
@@ -0,0 +1,915 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * SSL server certificate configuration functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslimpl.h"
+#include "secoid.h"   /* for SECOID_GetAlgorithmTag */
+#include "pk11func.h" /* for PK11_ReferenceSlot */
+#include "nss.h"      /* for NSS_RegisterShutdown */
+#include "prinit.h"   /* for PR_CallOnceWithArg */
+
+/* This global item is used only in servers.  It is is initialized by
+ * SSL_ConfigSecureServer(), and is used in ssl3_SendCertificateRequest().
+ */
+static struct {
+    PRCallOnceType setup;
+    CERTDistNames *names;
+} ssl_server_ca_list;
+
+static SECStatus
+ssl_ServerCAListShutdown(void *appData, void *nssData)
+{
+    PORT_Assert(ssl_server_ca_list.names);
+    if (ssl_server_ca_list.names) {
+        CERT_FreeDistNames(ssl_server_ca_list.names);
+    }
+    PORT_Memset(&ssl_server_ca_list, 0, sizeof(ssl_server_ca_list));
+    return SECSuccess;
+}
+
+static PRStatus
+ssl_SetupCAListOnce(void *arg)
+{
+    CERTCertDBHandle *dbHandle = (CERTCertDBHandle *)arg;
+    SECStatus rv = NSS_RegisterShutdown(ssl_ServerCAListShutdown, NULL);
+    PORT_Assert(SECSuccess == rv);
+    if (SECSuccess == rv) {
+        ssl_server_ca_list.names = CERT_GetSSLCACerts(dbHandle);
+        return PR_SUCCESS;
+    }
+    return PR_FAILURE;
+}
+
+SECStatus
+ssl_SetupCAList(sslSocket *ss)
+{
+    if (PR_SUCCESS != PR_CallOnceWithArg(&ssl_server_ca_list.setup,
+                                         &ssl_SetupCAListOnce,
+                                         (void *)(ss->dbHandle))) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+ssl_GetCertificateRequestCAs(sslSocket *ss, unsigned int *calen,
+                             SECItem **names, unsigned int *nnames)
+{
+    SECItem *name;
+    CERTDistNames *ca_list;
+    unsigned int i;
+
+    *calen = 0;
+    *names = NULL;
+    *nnames = 0;
+
+    /* ssl3.ca_list is initialized to NULL, and never changed. */
+    ca_list = ss->ssl3.ca_list;
+    if (!ca_list) {
+        if (ssl_SetupCAList(ss) != SECSuccess) {
+            return SECFailure;
+        }
+        ca_list = ssl_server_ca_list.names;
+    }
+
+    if (ca_list != NULL) {
+        *names = ca_list->names;
+        *nnames = ca_list->nnames;
+    }
+
+    for (i = 0, name = *names; i < *nnames; i++, name++) {
+        *calen += 2 + name->len;
+    }
+    return SECSuccess;
+}
+
+sslServerCert *
+ssl_NewServerCert()
+{
+    sslServerCert *sc = PORT_ZNew(sslServerCert);
+    if (!sc) {
+        return NULL;
+    }
+    sc->authTypes = 0;
+    sc->namedCurve = NULL;
+    sc->serverCert = NULL;
+    sc->serverCertChain = NULL;
+    sc->certStatusArray = NULL;
+    sc->signedCertTimestamps.len = 0;
+    return sc;
+}
+
+sslServerCert *
+ssl_CopyServerCert(const sslServerCert *oc)
+{
+    sslServerCert *sc;
+
+    sc = ssl_NewServerCert();
+    if (!sc) {
+        return NULL;
+    }
+
+    sc->authTypes = oc->authTypes;
+    sc->namedCurve = oc->namedCurve;
+
+    if (oc->serverCert && oc->serverCertChain) {
+        sc->serverCert = CERT_DupCertificate(oc->serverCert);
+        if (!sc->serverCert)
+            goto loser;
+        sc->serverCertChain = CERT_DupCertList(oc->serverCertChain);
+        if (!sc->serverCertChain)
+            goto loser;
+    } else {
+        sc->serverCert = NULL;
+        sc->serverCertChain = NULL;
+    }
+
+    if (oc->serverKeyPair) {
+        sc->serverKeyPair = ssl_GetKeyPairRef(oc->serverKeyPair);
+        if (!sc->serverKeyPair)
+            goto loser;
+    } else {
+        sc->serverKeyPair = NULL;
+    }
+    sc->serverKeyBits = oc->serverKeyBits;
+
+    if (oc->certStatusArray) {
+        sc->certStatusArray = SECITEM_DupArray(NULL, oc->certStatusArray);
+        if (!sc->certStatusArray)
+            goto loser;
+    } else {
+        sc->certStatusArray = NULL;
+    }
+
+    if (SECITEM_CopyItem(NULL, &sc->signedCertTimestamps,
+                         &oc->signedCertTimestamps) != SECSuccess)
+        goto loser;
+    return sc;
+loser:
+    ssl_FreeServerCert(sc);
+    return NULL;
+}
+
+void
+ssl_FreeServerCert(sslServerCert *sc)
+{
+    if (!sc) {
+        return;
+    }
+
+    if (sc->serverCert) {
+        CERT_DestroyCertificate(sc->serverCert);
+    }
+    if (sc->serverCertChain) {
+        CERT_DestroyCertificateList(sc->serverCertChain);
+    }
+    if (sc->serverKeyPair) {
+        ssl_FreeKeyPair(sc->serverKeyPair);
+    }
+    if (sc->certStatusArray) {
+        SECITEM_FreeArray(sc->certStatusArray, PR_TRUE);
+    }
+    if (sc->signedCertTimestamps.len) {
+        SECITEM_FreeItem(&sc->signedCertTimestamps, PR_FALSE);
+    }
+    PORT_ZFree(sc, sizeof(*sc));
+}
+
+const sslServerCert *
+ssl_FindServerCert(const sslSocket *ss, SSLAuthType authType,
+                   const sslNamedGroupDef *namedCurve)
+{
+    PRCList *cursor;
+
+    for (cursor = PR_NEXT_LINK(&ss->serverCerts);
+         cursor != &ss->serverCerts;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslServerCert *cert = (sslServerCert *)cursor;
+        if (!SSL_CERT_IS(cert, authType)) {
+            continue;
+        }
+        if (SSL_CERT_IS_EC(cert)) {
+            /* Note: For deprecated APIs, we need to be able to find and
+               match a slot with any named curve. */
+            if (namedCurve && cert->namedCurve != namedCurve) {
+                continue;
+            }
+        }
+        return cert;
+    }
+    return NULL;
+}
+
+static SECStatus
+ssl_PopulateServerCert(sslServerCert *sc, CERTCertificate *cert,
+                       const CERTCertificateList *certChain)
+{
+    if (sc->serverCert) {
+        CERT_DestroyCertificate(sc->serverCert);
+    }
+    if (sc->serverCertChain) {
+        CERT_DestroyCertificateList(sc->serverCertChain);
+    }
+
+    if (!cert) {
+        sc->serverCert = NULL;
+        sc->serverCertChain = NULL;
+        return SECSuccess;
+    }
+
+    sc->serverCert = CERT_DupCertificate(cert);
+    if (certChain) {
+        sc->serverCertChain = CERT_DupCertList(certChain);
+    } else {
+        sc->serverCertChain =
+            CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer,
+                                   PR_TRUE);
+    }
+    return sc->serverCertChain ? SECSuccess : SECFailure;
+}
+
+static SECStatus
+ssl_PopulateKeyPair(sslServerCert *sc, sslKeyPair *keyPair)
+{
+    if (sc->serverKeyPair) {
+        ssl_FreeKeyPair(sc->serverKeyPair);
+        sc->serverKeyPair = NULL;
+    }
+    if (keyPair) {
+        KeyType keyType = SECKEY_GetPublicKeyType(keyPair->pubKey);
+        PORT_Assert(keyType == SECKEY_GetPrivateKeyType(keyPair->privKey));
+
+        if (keyType == ecKey) {
+            sc->namedCurve = ssl_ECPubKey2NamedGroup(keyPair->pubKey);
+            if (!sc->namedCurve) {
+                /* Unsupported curve. */
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                return SECFailure;
+            }
+        }
+
+        /* Get the size of the cert's public key, and remember it. */
+        sc->serverKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->pubKey);
+        if (sc->serverKeyBits == 0) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+
+        SECKEY_CacheStaticFlags(keyPair->privKey);
+        sc->serverKeyPair = ssl_GetKeyPairRef(keyPair);
+
+        if (SSL_CERT_IS(sc, ssl_auth_rsa_decrypt)) {
+            /* This will update the global session ticket key pair with this
+             * key, if a value hasn't been set already. */
+            if (ssl_MaybeSetSessionTicketKeyPair(keyPair) != SECSuccess) {
+                return SECFailure;
+            }
+        }
+    } else {
+        sc->serverKeyPair = NULL;
+        sc->namedCurve = NULL;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+ssl_PopulateOCSPResponses(sslServerCert *sc,
+                          const SECItemArray *stapledOCSPResponses)
+{
+    if (sc->certStatusArray) {
+        SECITEM_FreeArray(sc->certStatusArray, PR_TRUE);
+    }
+    if (stapledOCSPResponses) {
+        sc->certStatusArray = SECITEM_DupArray(NULL, stapledOCSPResponses);
+        return sc->certStatusArray ? SECSuccess : SECFailure;
+    } else {
+        sc->certStatusArray = NULL;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+ssl_PopulateSignedCertTimestamps(sslServerCert *sc,
+                                 const SECItem *signedCertTimestamps)
+{
+    if (sc->signedCertTimestamps.len) {
+        SECITEM_FreeItem(&sc->signedCertTimestamps, PR_FALSE);
+    }
+    if (signedCertTimestamps && signedCertTimestamps->len) {
+        return SECITEM_CopyItem(NULL, &sc->signedCertTimestamps,
+                                signedCertTimestamps);
+    }
+    return SECSuccess;
+}
+
+/* Find any existing certificates that overlap with the new certificate and
+ * either remove any supported authentication types that overlap with the new
+ * certificate or - if they have no types left - remove them entirely. */
+static void
+ssl_ClearMatchingCerts(sslSocket *ss, sslAuthTypeMask authTypes,
+                       const sslNamedGroupDef *namedCurve)
+{
+    PRCList *cursor = PR_NEXT_LINK(&ss->serverCerts);
+
+    while (cursor != &ss->serverCerts) {
+        sslServerCert *sc = (sslServerCert *)cursor;
+        cursor = PR_NEXT_LINK(cursor);
+        if ((sc->authTypes & authTypes) == 0) {
+            continue;
+        }
+        /* namedCurve will be NULL only for legacy functions. */
+        if (namedCurve != NULL && sc->namedCurve != namedCurve) {
+            continue;
+        }
+
+        sc->authTypes &= ~authTypes;
+        if (sc->authTypes == 0) {
+            PR_REMOVE_LINK(&sc->link);
+            ssl_FreeServerCert(sc);
+        }
+    }
+}
+
+static SECStatus
+ssl_ConfigCert(sslSocket *ss, sslAuthTypeMask authTypes,
+               CERTCertificate *cert, sslKeyPair *keyPair,
+               const SSLExtraServerCertData *data)
+{
+    SECStatus rv;
+    sslServerCert *sc = NULL;
+    int error_code = SEC_ERROR_NO_MEMORY;
+
+    PORT_Assert(cert);
+    PORT_Assert(keyPair);
+    PORT_Assert(data);
+    PORT_Assert(authTypes);
+
+    if (!cert || !keyPair || !data || !authTypes) {
+        error_code = SEC_ERROR_INVALID_ARGS;
+        goto loser;
+    }
+
+    sc = ssl_NewServerCert();
+    if (!sc) {
+        goto loser;
+    }
+
+    sc->authTypes = authTypes;
+    rv = ssl_PopulateServerCert(sc, cert, data->certChain);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = ssl_PopulateKeyPair(sc, keyPair);
+    if (rv != SECSuccess) {
+        error_code = PORT_GetError();
+        goto loser;
+    }
+    rv = ssl_PopulateOCSPResponses(sc, data->stapledOCSPResponses);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    rv = ssl_PopulateSignedCertTimestamps(sc, data->signedCertTimestamps);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    ssl_ClearMatchingCerts(ss, sc->authTypes, sc->namedCurve);
+    PR_APPEND_LINK(&sc->link, &ss->serverCerts);
+    return SECSuccess;
+
+loser:
+    ssl_FreeServerCert(sc);
+    PORT_SetError(error_code);
+    return SECFailure;
+}
+
+static SSLAuthType
+ssl_GetEcdhAuthType(CERTCertificate *cert)
+{
+    SECOidTag sigTag = SECOID_GetAlgorithmTag(&cert->signature);
+    switch (sigTag) {
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+            return ssl_auth_ecdh_rsa;
+        case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST:
+        case SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST:
+            return ssl_auth_ecdh_ecdsa;
+        default:
+            return ssl_auth_null;
+    }
+}
+
+/* This function examines the type of certificate and its key usage and
+ * chooses which authTypes apply.  For some certificates
+ * this can mean that multiple authTypes.
+ *
+ * If the targetAuthType is not ssl_auth_null, then only that type will be used.
+ * If that choice is invalid, then this function will fail. */
+static sslAuthTypeMask
+ssl_GetCertificateAuthTypes(CERTCertificate *cert, SSLAuthType targetAuthType)
+{
+    sslAuthTypeMask authTypes = 0;
+    SECOidTag tag;
+
+    tag = SECOID_GetAlgorithmTag(&cert->subjectPublicKeyInfo.algorithm);
+    switch (tag) {
+        case SEC_OID_X500_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            if (cert->keyUsage & KU_DIGITAL_SIGNATURE) {
+                authTypes |= 1 << ssl_auth_rsa_sign;
+                /* This certificate is RSA, assume that it's also PSS. */
+                authTypes |= 1 << ssl_auth_rsa_pss;
+            }
+
+            if (cert->keyUsage & KU_KEY_ENCIPHERMENT) {
+                /* If ku_sig=true we configure signature and encryption slots with the
+                 * same cert. This is bad form, but there are enough dual-usage RSA
+                 * certs that we can't really break by limiting this to one type. */
+                authTypes |= 1 << ssl_auth_rsa_decrypt;
+            }
+            break;
+
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+            if (cert->keyUsage & KU_DIGITAL_SIGNATURE) {
+                authTypes |= 1 << ssl_auth_rsa_pss;
+            }
+            break;
+
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            if (cert->keyUsage & KU_DIGITAL_SIGNATURE) {
+                authTypes |= 1 << ssl_auth_dsa;
+            }
+            break;
+
+        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+            if (cert->keyUsage & KU_DIGITAL_SIGNATURE) {
+                authTypes |= 1 << ssl_auth_ecdsa;
+            }
+            /* Again, bad form to have dual usage and we don't prevent it. */
+            if (cert->keyUsage & KU_KEY_ENCIPHERMENT) {
+                authTypes |= 1 << ssl_GetEcdhAuthType(cert);
+            }
+            break;
+
+        default:
+            break;
+    }
+
+    /* Check that we successfully picked an authType */
+    if (targetAuthType != ssl_auth_null) {
+        authTypes &= 1 << targetAuthType;
+    }
+    return authTypes;
+}
+
+/* This function adopts pubKey and destroys it if things go wrong. */
+static sslKeyPair *
+ssl_MakeKeyPairForCert(SECKEYPrivateKey *key, CERTCertificate *cert)
+{
+    sslKeyPair *keyPair = NULL;
+    SECKEYPublicKey *pubKey = NULL;
+    SECKEYPrivateKey *privKeyCopy = NULL;
+    PK11SlotInfo *bestSlot;
+
+    pubKey = CERT_ExtractPublicKey(cert);
+    if (!pubKey) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    if (SECKEY_GetPublicKeyType(pubKey) != SECKEY_GetPrivateKeyType(key)) {
+        SECKEY_DestroyPublicKey(pubKey);
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (key->pkcs11Slot) {
+        bestSlot = PK11_ReferenceSlot(key->pkcs11Slot);
+        if (bestSlot) {
+            privKeyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
+            PK11_FreeSlot(bestSlot);
+        }
+    }
+    if (!privKeyCopy) {
+        CK_MECHANISM_TYPE keyMech = PK11_MapSignKeyType(key->keyType);
+        /* XXX Maybe should be bestSlotMultiple? */
+        bestSlot = PK11_GetBestSlot(keyMech, NULL /* wincx */);
+        if (bestSlot) {
+            privKeyCopy = PK11_CopyTokenPrivKeyToSessionPrivKey(bestSlot, key);
+            PK11_FreeSlot(bestSlot);
+        }
+    }
+    if (!privKeyCopy) {
+        privKeyCopy = SECKEY_CopyPrivateKey(key);
+    }
+    if (privKeyCopy) {
+        keyPair = ssl_NewKeyPair(privKeyCopy, pubKey);
+    }
+    if (!keyPair) {
+        if (privKeyCopy) {
+            SECKEY_DestroyPrivateKey(privKeyCopy);
+        }
+        SECKEY_DestroyPublicKey(pubKey);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+    return keyPair;
+}
+
+/* Configure a certificate and private key.
+ *
+ * This function examines the certificate and key to determine the type (or
+ * types) of authentication the certificate supports.  As long as certificates
+ * are different (different authTypes and maybe keys in different ec groups),
+ * then this function can be called multiple times.
+ */
+SECStatus
+SSL_ConfigServerCert(PRFileDesc *fd, CERTCertificate *cert,
+                     SECKEYPrivateKey *key,
+                     const SSLExtraServerCertData *data, unsigned int data_len)
+{
+    sslSocket *ss;
+    sslKeyPair *keyPair;
+    SECStatus rv;
+    SSLExtraServerCertData dataCopy = {
+        ssl_auth_null, NULL, NULL, NULL
+    };
+    sslAuthTypeMask authTypes;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        return SECFailure;
+    }
+
+    if (!cert || !key) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (data) {
+        if (data_len > sizeof(dataCopy)) {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+        PORT_Memcpy(&dataCopy, data, data_len);
+    }
+
+    authTypes = ssl_GetCertificateAuthTypes(cert, dataCopy.authType);
+    if (!authTypes) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    keyPair = ssl_MakeKeyPairForCert(key, cert);
+    if (!keyPair) {
+        return SECFailure;
+    }
+
+    rv = ssl_ConfigCert(ss, authTypes, cert, keyPair, &dataCopy);
+    ssl_FreeKeyPair(keyPair);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*******************************************************************/
+/* Deprecated functions.
+ *
+ * The remainder of this file contains deprecated functions for server
+ * certificate configuration.  These configure certificates incorrectly, but in
+ * a way that allows old code to continue working without change.  All these
+ * functions create certificate slots based on SSLKEAType values.  Some values
+ * of SSLKEAType cause multiple certificates to be configured.
+ */
+
+SECStatus
+SSL_ConfigSecureServer(PRFileDesc *fd, CERTCertificate *cert,
+                       SECKEYPrivateKey *key, SSLKEAType kea)
+{
+    return SSL_ConfigSecureServerWithCertChain(fd, cert, NULL, key, kea);
+}
+
+/* This implements a limited check that is consistent with the checks performed
+ * by older versions of NSS.  This is less rigorous than the checks in
+ * ssl_ConfigCertByUsage(), only checking against the type of key and ignoring
+ * things like usage. */
+static PRBool
+ssl_CertSuitableForAuthType(CERTCertificate *cert, sslAuthTypeMask authTypes)
+{
+    SECOidTag tag = SECOID_GetAlgorithmTag(&cert->subjectPublicKeyInfo.algorithm);
+    sslAuthTypeMask mask = 0;
+    switch (tag) {
+        case SEC_OID_X500_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            mask |= 1 << ssl_auth_rsa_decrypt;
+            mask |= 1 << ssl_auth_rsa_sign;
+            break;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE:
+            mask |= 1 << ssl_auth_dsa;
+            break;
+        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+            mask |= 1 << ssl_auth_ecdsa;
+            mask |= 1 << ssl_auth_ecdh_rsa;
+            mask |= 1 << ssl_auth_ecdh_ecdsa;
+            break;
+        default:
+            break;
+    }
+    PORT_Assert(authTypes);
+    /* Simply test that no inappropriate auth types are set. */
+    return (authTypes & ~mask) == 0;
+}
+
+/* Lookup a cert for the legacy configuration functions.  An exact match on
+ * authTypes and ignoring namedCurve will ensure that values configured using
+ * legacy functions are overwritten by other legacy functions. */
+static sslServerCert *
+ssl_FindCertWithMask(sslSocket *ss, sslAuthTypeMask authTypes)
+{
+    PRCList *cursor;
+
+    for (cursor = PR_NEXT_LINK(&ss->serverCerts);
+         cursor != &ss->serverCerts;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslServerCert *cert = (sslServerCert *)cursor;
+        if (cert->authTypes == authTypes) {
+            return cert;
+        }
+    }
+    return NULL;
+}
+
+/* This finds an existing server cert in a matching slot that can be reused.
+ * Failing that, it removes any other certs that might conflict and makes a new
+ * server cert slot of the right type. */
+static sslServerCert *
+ssl_FindOrMakeCert(sslSocket *ss, sslAuthTypeMask authTypes)
+{
+    sslServerCert *sc;
+
+    /* Reuse a perfect match.  Note that there is a problem here with use of
+     * multiple EC certificates that have keys on different curves: these
+     * deprecated functions will match the first found and overwrite that
+     * certificate, potentially leaving the other values with a duplicate curve.
+     * Configuring multiple EC certificates are only possible with the new
+     * functions, so this is not something that is worth fixing.  */
+    sc = ssl_FindCertWithMask(ss, authTypes);
+    if (sc) {
+        PR_REMOVE_LINK(&sc->link);
+        return sc;
+    }
+
+    /* Ignore the namedCurve parameter. Like above, this means that legacy
+     * functions will clobber values set with the new functions blindly. */
+    ssl_ClearMatchingCerts(ss, authTypes, NULL);
+
+    sc = ssl_NewServerCert();
+    if (sc) {
+        sc->authTypes = authTypes;
+    }
+    return sc;
+}
+
+static sslAuthTypeMask
+ssl_KeaTypeToAuthTypeMask(SSLKEAType keaType)
+{
+    switch (keaType) {
+        case ssl_kea_rsa:
+            return (1 << ssl_auth_rsa_decrypt) |
+                   (1 << ssl_auth_rsa_sign);
+
+        case ssl_kea_dh:
+            return 1 << ssl_auth_dsa;
+
+        case ssl_kea_ecdh:
+            return (1 << ssl_auth_ecdsa) |
+                   (1 << ssl_auth_ecdh_rsa) |
+                   (1 << ssl_auth_ecdh_ecdsa);
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    }
+    return 0;
+}
+
+static SECStatus
+ssl_AddCertChain(sslSocket *ss, CERTCertificate *cert,
+                 const CERTCertificateList *certChainOpt,
+                 SECKEYPrivateKey *key, sslAuthTypeMask authTypes)
+{
+    sslServerCert *sc;
+    sslKeyPair *keyPair;
+    SECStatus rv;
+    PRErrorCode err = SEC_ERROR_NO_MEMORY;
+
+    if (!ssl_CertSuitableForAuthType(cert, authTypes)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    sc = ssl_FindOrMakeCert(ss, authTypes);
+    if (!sc) {
+        goto loser;
+    }
+
+    rv = ssl_PopulateServerCert(sc, cert, certChainOpt);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    keyPair = ssl_MakeKeyPairForCert(key, cert);
+    if (!keyPair) {
+        /* Error code is set by ssl_MakeKeyPairForCert */
+        goto loser;
+    }
+    rv = ssl_PopulateKeyPair(sc, keyPair);
+    ssl_FreeKeyPair(keyPair);
+    if (rv != SECSuccess) {
+        err = PORT_GetError();
+        goto loser;
+    }
+
+    PR_APPEND_LINK(&sc->link, &ss->serverCerts);
+    return SECSuccess;
+
+loser:
+    ssl_FreeServerCert(sc);
+    PORT_SetError(err);
+    return SECFailure;
+}
+
+/* Public deprecated function */
+SECStatus
+SSL_ConfigSecureServerWithCertChain(PRFileDesc *fd, CERTCertificate *cert,
+                                    const CERTCertificateList *certChainOpt,
+                                    SECKEYPrivateKey *key, SSLKEAType certType)
+{
+    sslSocket *ss;
+    sslAuthTypeMask authTypes;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        return SECFailure;
+    }
+
+    if (!cert != !key) { /* Configure both, or neither */
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    authTypes = ssl_KeaTypeToAuthTypeMask(certType);
+    if (!authTypes) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!cert) {
+        sslServerCert *sc = ssl_FindCertWithMask(ss, authTypes);
+        if (sc) {
+            (void)ssl_PopulateServerCert(sc, NULL, NULL);
+            (void)ssl_PopulateKeyPair(sc, NULL);
+            /* Leave the entry linked here because the old API expects that.
+             * There might be OCSP stapling values or signed certificate
+             * timestamps still present that will subsequently be used. */
+        }
+        return SECSuccess;
+    }
+
+    return ssl_AddCertChain(ss, cert, certChainOpt, key, authTypes);
+}
+
+/* Public deprecated function */
+SECStatus
+SSL_SetStapledOCSPResponses(PRFileDesc *fd, const SECItemArray *responses,
+                            SSLKEAType certType)
+{
+    sslSocket *ss;
+    sslServerCert *sc;
+    sslAuthTypeMask authTypes;
+    SECStatus rv;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    authTypes = ssl_KeaTypeToAuthTypeMask(certType);
+    if (!authTypes) {
+        SSL_DBG(("%d: SSL[%d]: invalid cert type in SSL_SetStapledOCSPResponses",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!responses) {
+        sc = ssl_FindCertWithMask(ss, authTypes);
+        if (sc) {
+            (void)ssl_PopulateOCSPResponses(sc, NULL);
+        }
+        return SECSuccess;
+    }
+
+    sc = ssl_FindOrMakeCert(ss, authTypes);
+    if (!sc) {
+        return SECFailure;
+    }
+
+    rv = ssl_PopulateOCSPResponses(sc, responses);
+    if (rv == SECSuccess) {
+        PR_APPEND_LINK(&sc->link, &ss->serverCerts);
+    } else {
+        ssl_FreeServerCert(sc);
+    }
+    return rv;
+}
+
+/* Public deprecated function */
+SECStatus
+SSL_SetSignedCertTimestamps(PRFileDesc *fd, const SECItem *scts,
+                            SSLKEAType certType)
+{
+    sslSocket *ss;
+    sslServerCert *sc;
+    sslAuthTypeMask authTypes;
+    SECStatus rv;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSignedCertTimestamps",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    authTypes = ssl_KeaTypeToAuthTypeMask(certType);
+    if (!authTypes) {
+        SSL_DBG(("%d: SSL[%d]: invalid cert type in SSL_SetSignedCertTimestamps",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!scts) {
+        sc = ssl_FindCertWithMask(ss, authTypes);
+        if (sc) {
+            (void)ssl_PopulateSignedCertTimestamps(sc, NULL);
+        }
+        return SECSuccess;
+    }
+
+    sc = ssl_FindOrMakeCert(ss, authTypes);
+    if (!sc) {
+        return SECFailure;
+    }
+
+    rv = ssl_PopulateSignedCertTimestamps(sc, scts);
+    if (rv == SECSuccess) {
+        PR_APPEND_LINK(&sc->link, &ss->serverCerts);
+    } else {
+        ssl_FreeServerCert(sc);
+    }
+    return rv;
+}
+
+/* Public deprecated function. */
+SSLKEAType
+NSS_FindCertKEAType(CERTCertificate *cert)
+{
+    int tag;
+
+    if (!cert)
+        return ssl_kea_null;
+
+    tag = SECOID_GetAlgorithmTag(&(cert->subjectPublicKeyInfo.algorithm));
+    switch (tag) {
+        case SEC_OID_X500_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+            return ssl_kea_rsa;
+        case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */
+        case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+            return ssl_kea_dh;
+        case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+            return ssl_kea_ecdh;
+        default:
+            return ssl_kea_null;
+    }
+}
diff --git a/nss/lib/ssl/sslcert.h b/nss/lib/ssl/sslcert.h
new file mode 100644
index 0000000..fb31d13
--- /dev/null
+++ b/nss/lib/ssl/sslcert.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is PRIVATE to SSL.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __sslcert_h_
+#define __sslcert_h_
+
+#include "cert.h"
+#include "secitem.h"
+#include "keyhi.h"
+
+/* This type is a bitvector that is indexed by SSLAuthType values.  Note that
+ * the bit for ssl_auth_null(0) - the least significant bit - isn't used. */
+typedef PRUint16 sslAuthTypeMask;
+PR_STATIC_ASSERT(sizeof(sslAuthTypeMask) * 8 >= ssl_auth_size);
+
+typedef struct sslServerCertStr {
+    PRCList link; /* The linked list link */
+
+    /* The auth types that this certificate provides. */
+    sslAuthTypeMask authTypes;
+    /* For ssl_auth_ecdsa and ssl_auth_ecdh_*.  This is only the named curve
+     * of the end-entity certificate key.  The keys in other certificates in
+     * the chain aren't directly relevant to the operation of TLS (though it
+     * might make certificate validation difficult, libssl doesn't care). */
+    const sslNamedGroupDef *namedCurve;
+
+    /* Configuration state for server sockets */
+    CERTCertificate *serverCert;
+    CERTCertificateList *serverCertChain;
+    sslKeyPair *serverKeyPair;
+    unsigned int serverKeyBits;
+    /* Each certificate needs its own status. */
+    SECItemArray *certStatusArray;
+    /* Serialized signed certificate timestamps to be sent to the client
+    ** in a TLS extension (server only). Each certificate needs its own
+    ** timestamps item.
+    */
+    SECItem signedCertTimestamps;
+} sslServerCert;
+
+#define SSL_CERT_IS(c, t) ((c)->authTypes & (1 << (t)))
+#define SSL_CERT_IS_ONLY(c, t) ((c)->authTypes == (1 << (t)))
+#define SSL_CERT_IS_EC(c)                         \
+    ((c)->authTypes & ((1 << ssl_auth_ecdsa) |    \
+                       (1 << ssl_auth_ecdh_rsa) | \
+                       (1 << ssl_auth_ecdh_ecdsa)))
+
+extern sslServerCert *ssl_NewServerCert();
+extern sslServerCert *ssl_CopyServerCert(const sslServerCert *oc);
+extern const sslServerCert *ssl_FindServerCert(
+    const sslSocket *ss, SSLAuthType authType,
+    const sslNamedGroupDef *namedCurve);
+extern void ssl_FreeServerCert(sslServerCert *sc);
+
+#endif /* __sslcert_h_ */
diff --git a/nss/lib/ssl/sslcon.c b/nss/lib/ssl/sslcon.c
new file mode 100644
index 0000000..4481706
--- /dev/null
+++ b/nss/lib/ssl/sslcon.c
@@ -0,0 +1,264 @@
+/*
+ * Basic SSL handshake functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssrenam.h"
+#include "cert.h"
+#include "secitem.h"
+#include "sechash.h"
+#include "cryptohi.h" /* for SGN_ funcs */
+#include "keyhi.h"    /* for SECKEY_ high level functions. */
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "ssl3prot.h"
+#include "sslerr.h"
+#include "pk11func.h"
+#include "prinit.h"
+#include "prtime.h" /* for PR_Now() */
+
+/*
+** Put a string tag in the library so that we can examine an executable
+** and see what kind of security it supports.
+*/
+const char *ssl_version = "SECURITY_VERSION:"
+                          " +us"
+                          " +export"
+#ifdef TRACE
+                          " +trace"
+#endif
+#ifdef DEBUG
+                          " +debug"
+#endif
+    ;
+
+/***********************************************************************
+ * Gathers in and handles records/messages until either the handshake is
+ * complete or application data is available.
+ *
+ * Called from ssl_Do1stHandshake() via function pointer ss->handshake.
+ * Caller must hold handshake lock.
+ * This function acquires and releases the RecvBufLock.
+ *
+ * returns SECSuccess for success.
+ * returns SECWouldBlock when that value is returned by
+ *  ssl3_GatherCompleteHandshake().
+ * returns SECFailure on all other errors.
+ *
+ * The gather functions called by ssl_GatherRecord1stHandshake are expected
+ *  to return values interpreted as follows:
+ *  1 : the function completed without error.
+ *  0 : the function read EOF.
+ * -1 : read error, or PR_WOULD_BLOCK_ERROR, or handleRecord error.
+ * -2 : the function wants ssl_GatherRecord1stHandshake to be called again
+ *  immediately, by ssl_Do1stHandshake.
+ *
+ * This code is similar to, and easily confused with, DoRecv() in sslsecur.c
+ *
+ * This function is called from ssl_Do1stHandshake().
+ * The following functions put ssl_GatherRecord1stHandshake into ss->handshake:
+ *  ssl_BeginClientHandshake
+ *  ssl3_RestartHandshakeAfterCertReq
+ *  ssl3_RestartHandshakeAfterServerCert
+ *  ssl_BeginServerHandshake
+ */
+SECStatus
+ssl_GatherRecord1stHandshake(sslSocket *ss)
+{
+    int rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+
+    ssl_GetRecvBufLock(ss);
+
+    /* Wait for handshake to complete, or application data to arrive.  */
+    rv = ssl3_GatherCompleteHandshake(ss, 0);
+    SSL_TRC(10, ("%d: SSL[%d]: handshake gathering, rv=%d",
+                 SSL_GETPID(), ss->fd, rv));
+
+    ssl_ReleaseRecvBufLock(ss);
+
+    if (rv <= 0) {
+        if (rv == SECWouldBlock) {
+            /* Progress is blocked waiting for callback completion.  */
+            SSL_TRC(10, ("%d: SSL[%d]: handshake blocked (need %d)",
+                         SSL_GETPID(), ss->fd, ss->gs.remainder));
+            return SECWouldBlock;
+        }
+        if (rv == 0) {
+            /* EOF. Loser  */
+            PORT_SetError(PR_END_OF_FILE_ERROR);
+        }
+        return SECFailure; /* rv is < 0 here. */
+    }
+
+    ss->handshake = NULL;
+    return SECSuccess;
+}
+
+/* This function is called at the beginning of a handshake to ensure that at
+ * least one SSL/TLS version is enabled. */
+static SECStatus
+ssl_CheckConfigSanity(sslSocket *ss)
+{
+    if (SSL_ALL_VERSIONS_DISABLED(&ss->vrange)) {
+        SSL_DBG(("%d: SSL[%d]: Can't handshake! all versions disabled.",
+                 SSL_GETPID(), ss->fd));
+        PORT_SetError(SSL_ERROR_SSL_DISABLED);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Sends out the initial client Hello message on the connection.
+ * Acquires and releases the socket's xmitBufLock.
+ */
+SECStatus
+ssl_BeginClientHandshake(sslSocket *ss)
+{
+    sslSessionID *sid;
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+
+    ss->sec.isServer = PR_FALSE;
+    ssl_ChooseSessionIDProcs(&ss->sec);
+
+    rv = ssl_CheckConfigSanity(ss);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Get peer name of server */
+    rv = ssl_GetPeerInfo(ss);
+    if (rv < 0) {
+#ifdef HPUX11
+        /*
+         * On some HP-UX B.11.00 systems, getpeername() occasionally
+         * fails with ENOTCONN after a successful completion of
+         * non-blocking connect.  I found that if we do a write()
+         * and then retry getpeername(), it will work.
+         */
+        if (PR_GetError() == PR_NOT_CONNECTED_ERROR) {
+            char dummy;
+            (void)PR_Write(ss->fd->lower, &dummy, 0);
+            rv = ssl_GetPeerInfo(ss);
+            if (rv < 0) {
+                goto loser;
+            }
+        }
+#else
+        goto loser;
+#endif
+    }
+
+    SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd));
+
+    /* Try to find server in our session-id cache */
+    if (ss->opt.noCache) {
+        sid = NULL;
+    } else {
+        sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID,
+                            ss->url);
+    }
+    if (sid) {
+        if (sid->version >= ss->vrange.min && sid->version <= ss->vrange.max) {
+            PORT_Assert(!ss->sec.localCert);
+            ss->sec.localCert = CERT_DupCertificate(sid->localCert);
+        } else {
+            ss->sec.uncache(sid);
+            ssl_FreeSID(sid);
+            sid = NULL;
+        }
+    }
+    if (!sid) {
+        sid = PORT_ZNew(sslSessionID);
+        if (!sid) {
+            goto loser;
+        }
+        sid->references = 1;
+        sid->cached = never_cached;
+        sid->addr = ss->sec.ci.peer;
+        sid->port = ss->sec.ci.port;
+        if (ss->peerID != NULL) {
+            sid->peerID = PORT_Strdup(ss->peerID);
+        }
+        if (ss->url != NULL) {
+            sid->urlSvrName = PORT_Strdup(ss->url);
+        }
+    }
+    ss->sec.ci.sid = sid;
+
+    PORT_Assert(sid != NULL);
+
+    ss->gs.state = GS_INIT;
+    ss->handshake = ssl_GatherRecord1stHandshake;
+
+    /* ssl3_SendClientHello will override this if it succeeds. */
+    ss->version = SSL_LIBRARY_VERSION_3_0;
+
+    ssl_GetSSL3HandshakeLock(ss);
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_SendClientHello(ss, client_hello_initial);
+    ssl_ReleaseXmitBufLock(ss);
+    ssl_ReleaseSSL3HandshakeLock(ss);
+
+    return rv;
+
+loser:
+    return SECFailure;
+}
+
+SECStatus
+ssl_BeginServerHandshake(sslSocket *ss)
+{
+    SECStatus rv;
+
+    ss->sec.isServer = PR_TRUE;
+    ss->ssl3.hs.ws = wait_client_hello;
+    ssl_ChooseSessionIDProcs(&ss->sec);
+
+    rv = ssl_CheckConfigSanity(ss);
+    if (rv != SECSuccess)
+        goto loser;
+
+    ss->handshake = ssl_GatherRecord1stHandshake;
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+
+/* This function doesn't really belong in this file.
+** It's here to keep AIX compilers from optimizing it away,
+** and not including it in the DSO.
+*/
+
+#include "nss.h"
+extern const char __nss_ssl_version[];
+
+PRBool
+NSSSSL_VersionCheck(const char *importedVersion)
+{
+#define NSS_VERSION_VARIABLE __nss_ssl_version
+#include "verref.h"
+
+    /*
+     * This is the secret handshake algorithm.
+     *
+     * This release has a simple version compatibility
+     * check algorithm.  This release is not backward
+     * compatible with previous major releases.  It is
+     * not compatible with future major, minor, or
+     * patch releases.
+     */
+    return NSS_VersionCheck(importedVersion);
+}
+
+const char *
+NSSSSL_GetVersion(void)
+{
+    return NSS_VERSION;
+}
diff --git a/nss/lib/ssl/ssldef.c b/nss/lib/ssl/ssldef.c
new file mode 100644
index 0000000..be5bcb2
--- /dev/null
+++ b/nss/lib/ssl/ssldef.c
@@ -0,0 +1,226 @@
+/*
+ * "Default" SSLSocket methods, used by sockets that do neither SSL nor socks.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "ssl.h"
+#include "sslimpl.h"
+
+#if defined(WIN32)
+#define MAP_ERROR(from, to) \
+    if (err == from) {      \
+        PORT_SetError(to);  \
+    }
+#define DEFINE_ERROR PRErrorCode err = PR_GetError();
+#else
+#define MAP_ERROR(from, to)
+#define DEFINE_ERROR
+#endif
+
+int
+ssl_DefConnect(sslSocket *ss, const PRNetAddr *sa)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    rv = lower->methods->connect(lower, sa, ss->cTimeout);
+    return rv;
+}
+
+int
+ssl_DefBind(sslSocket *ss, const PRNetAddr *addr)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    rv = lower->methods->bind(lower, addr);
+    return rv;
+}
+
+int
+ssl_DefListen(sslSocket *ss, int backlog)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    rv = lower->methods->listen(lower, backlog);
+    return rv;
+}
+
+int
+ssl_DefShutdown(sslSocket *ss, int how)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    rv = lower->methods->shutdown(lower, how);
+    return rv;
+}
+
+int
+ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    PORT_Assert(buf && len > 0);
+
+    rv = lower->methods->recv(lower, (void *)buf, len, flags, ss->rTimeout);
+    if (rv < 0) {
+        DEFINE_ERROR
+        MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
+    } else if (rv > len) {
+        PORT_Assert(rv <= len);
+        PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+/* Default (unencrypted) send.
+ * For blocking sockets, always returns len or SECFailure, no short writes.
+ * For non-blocking sockets:
+ *   Returns positive count if any data was written, else returns SECFailure.
+ *   Short writes may occur.  Does not return SECWouldBlock.
+ */
+int
+ssl_DefSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int sent = 0;
+
+#if NSS_DISABLE_NAGLE_DELAYS
+    /* Although this is overkill, we disable Nagle delays completely for
+    ** SSL sockets.
+    */
+    if (ss->opt.useSecurity && !ss->delayDisabled) {
+        ssl_EnableNagleDelay(ss, PR_FALSE); /* ignore error */
+        ss->delayDisabled = 1;
+    }
+#endif
+    do {
+        int rv = lower->methods->send(lower, (const void *)(buf + sent),
+                                      len - sent, flags, ss->wTimeout);
+        if (rv < 0) {
+            PRErrorCode err = PR_GetError();
+            if (err == PR_WOULD_BLOCK_ERROR) {
+                ss->lastWriteBlocked = 1;
+                return sent ? sent : SECFailure;
+            }
+            ss->lastWriteBlocked = 0;
+            MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR)
+            /* Loser */
+            return rv;
+        }
+        sent += rv;
+
+        if (IS_DTLS(ss) && (len > sent)) {
+            /* We got a partial write so just return it */
+            return sent;
+        }
+    } while (len > sent);
+    ss->lastWriteBlocked = 0;
+    return sent;
+}
+
+int
+ssl_DefRead(sslSocket *ss, unsigned char *buf, int len)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    rv = lower->methods->read(lower, (void *)buf, len);
+    if (rv < 0) {
+        DEFINE_ERROR
+        MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
+    }
+    return rv;
+}
+
+int
+ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int sent = 0;
+
+    do {
+        int rv = lower->methods->write(lower, (const void *)(buf + sent),
+                                       len - sent);
+        if (rv < 0) {
+            PRErrorCode err = PR_GetError();
+            if (err == PR_WOULD_BLOCK_ERROR) {
+                ss->lastWriteBlocked = 1;
+                return sent ? sent : SECFailure;
+            }
+            ss->lastWriteBlocked = 0;
+            MAP_ERROR(PR_CONNECT_ABORTED_ERROR, PR_CONNECT_RESET_ERROR)
+            /* Loser */
+            return rv;
+        }
+        sent += rv;
+    } while (len > sent);
+    ss->lastWriteBlocked = 0;
+    return sent;
+}
+
+int
+ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    rv = lower->methods->getpeername(lower, name);
+    return rv;
+}
+
+int
+ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name)
+{
+    PRFileDesc *lower = ss->fd->lower;
+    int rv;
+
+    rv = lower->methods->getsockname(lower, name);
+    return rv;
+}
+
+int
+ssl_DefClose(sslSocket *ss)
+{
+    PRFileDesc *fd;
+    PRFileDesc *popped;
+    int rv;
+
+    fd = ss->fd;
+
+    /* First, remove the SSL layer PRFileDesc from the socket's stack,
+    ** then invoke the SSL layer's PRFileDesc destructor.
+    ** This must happen before the next layer down is closed.
+    */
+    PORT_Assert(fd->higher == NULL);
+    if (fd->higher) {
+        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+        return SECFailure;
+    }
+    ss->fd = NULL;
+
+    /* PR_PopIOLayer will swap the contents of the top two PRFileDescs on
+    ** the stack, and then remove the second one.  This way, the address
+    ** of the PRFileDesc on the top of the stack doesn't change.
+    */
+    popped = PR_PopIOLayer(fd, PR_TOP_IO_LAYER);
+    popped->dtor(popped);
+
+    /* fd is now the PRFileDesc for the next layer down.
+    ** Now close the underlying socket.
+    */
+    rv = fd->methods->close(fd);
+
+    ssl_FreeSocket(ss);
+
+    SSL_TRC(5, ("%d: SSL[%d]: closing, rv=%d errno=%d",
+                SSL_GETPID(), fd, rv, PORT_GetError()));
+    return rv;
+}
diff --git a/nss/lib/ssl/sslenum.c b/nss/lib/ssl/sslenum.c
new file mode 100644
index 0000000..b5272d4
--- /dev/null
+++ b/nss/lib/ssl/sslenum.c
@@ -0,0 +1,157 @@
+/*
+ * Table enumerating all implemented cipher suites
+ * Part of public API.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ssl.h"
+#include "sslproto.h"
+
+/*
+ * The ordering of cipher suites in this table must match the ordering in
+ * the cipherSuites table in ssl3con.c.
+ *
+ * If new ECC cipher suites are added, also update the ssl3CipherSuite arrays
+ * in ssl3ecc.c.
+ *
+ * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h.
+ *
+ * The ordering is as follows:
+ *    * No-encryption cipher suites last
+ *    * Export/weak/obsolete cipher suites before no-encryption cipher suites
+ *    * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA.
+ *    * Within key agreement sections, prefer AEAD over non-AEAD cipher suites.
+ *    * Within AEAD sections, order by symmetric encryption algorithm which
+ *      integrates message authentication algorithm: AES-128-GCM, then
+ *      ChaCha20-Poly1305, then AES-256-GCM,
+ *    * Within non-AEAD sections, order by symmetric encryption algorithm:
+ *      AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED,
+ *      then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a
+ *      strong cipher internationally, and is often hardware-accelerated.
+ *      Camellia also has wide international support across standards
+ *      organizations. SEED is only recommended by the Korean government. 3DES
+ *      only provides 112 bits of security. RC4 is now deprecated or forbidden
+ *      by many standards organizations.
+ *    * Within non-AEAD symmetric algorithm sections, order by message
+ *      authentication algorithm: HMAC-SHA256, then HMAC-SHA384, then HMAC-SHA1,
+ *      then HMAC-MD5.
+ *    * Within symmetric algorithm sections, order by message authentication
+ *      algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5.
+ *    * Within message authentication algorithm sections, order by asymmetric
+ *      signature algorithm: ECDSA, then RSA, then DSS.
+ *    * As a special case, the PSK ciphers, which are only enabled when
+ *      TLS 1.3 PSK-resumption is in use, come first.
+ *
+ * Exception: Because some servers ignore the high-order byte of the cipher
+ * suite ID, we must be careful about adding cipher suites with IDs larger
+ * than 0x00ff; see bug 946147. For these broken servers, the first three
+ * cipher suites, with the MSB zeroed, look like:
+ *      TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F }
+ *      TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A }
+ *      TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 }
+ * The broken server only supports the third and fourth ones and will select
+ * the third one.
+ */
+const PRUint16 SSL_ImplementedCiphers[] = {
+    TLS_AES_128_GCM_SHA256,
+    TLS_CHACHA20_POLY1305_SHA256,
+    TLS_AES_256_GCM_SHA384,
+
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before
+     * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147.
+     */
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+    TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+    TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+    TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+    TLS_DHE_DSS_WITH_RC4_128_SHA,
+
+    TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+    TLS_ECDH_RSA_WITH_RC4_128_SHA,
+
+    TLS_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_RSA_WITH_AES_128_CBC_SHA,
+    TLS_RSA_WITH_AES_128_CBC_SHA256,
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+    TLS_RSA_WITH_AES_256_CBC_SHA,
+    TLS_RSA_WITH_AES_256_CBC_SHA256,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_RSA_WITH_SEED_CBC_SHA,
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
+
+    /* 56-bit DES "domestic" cipher suites */
+    TLS_DHE_RSA_WITH_DES_CBC_SHA,
+    TLS_DHE_DSS_WITH_DES_CBC_SHA,
+    TLS_RSA_WITH_DES_CBC_SHA,
+
+    /* ciphersuites with no encryption */
+    TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+    TLS_ECDHE_RSA_WITH_NULL_SHA,
+    TLS_ECDH_RSA_WITH_NULL_SHA,
+    TLS_ECDH_ECDSA_WITH_NULL_SHA,
+    TLS_RSA_WITH_NULL_SHA,
+    TLS_RSA_WITH_NULL_SHA256,
+    TLS_RSA_WITH_NULL_MD5,
+
+    0
+};
+
+const PRUint16 SSL_NumImplementedCiphers =
+    (sizeof SSL_ImplementedCiphers) / (sizeof SSL_ImplementedCiphers[0]) - 1;
+
+const PRUint16*
+SSL_GetImplementedCiphers(void)
+{
+    return SSL_ImplementedCiphers;
+}
+
+PRUint16
+SSL_GetNumImplementedCiphers(void)
+{
+    return SSL_NumImplementedCiphers;
+}
diff --git a/nss/lib/ssl/sslerr.c b/nss/lib/ssl/sslerr.c
new file mode 100644
index 0000000..edb9412
--- /dev/null
+++ b/nss/lib/ssl/sslerr.c
@@ -0,0 +1,41 @@
+/*
+ * Function to set error code only when meaningful error has not already
+ * been set.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prerror.h"
+#include "secerr.h"
+#include "sslerr.h"
+#include "seccomon.h"
+
+/* look at the current value of PR_GetError, and evaluate it to see
+ * if it is meaningful or meaningless (out of context).
+ * If it is meaningless, replace it with the hiLevelError.
+ * Returns the chosen error value.
+ */
+int
+ssl_MapLowLevelError(int hiLevelError)
+{
+    int oldErr = PORT_GetError();
+
+    switch (oldErr) {
+
+        case 0:
+        case PR_IO_ERROR:
+        case SEC_ERROR_IO:
+        case SEC_ERROR_BAD_DATA:
+        case SEC_ERROR_LIBRARY_FAILURE:
+        case SEC_ERROR_EXTENSION_NOT_FOUND:
+        case SSL_ERROR_BAD_CLIENT:
+        case SSL_ERROR_BAD_SERVER:
+        case SSL_ERROR_SESSION_NOT_FOUND:
+            PORT_SetError(hiLevelError);
+            return hiLevelError;
+
+        default: /* leave the majority of error codes alone. */
+            return oldErr;
+    }
+}
diff --git a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
new file mode 100644
index 0000000..d05b8d7
--- /dev/null
+++ b/nss/lib/ssl/sslerr.h
@@ -0,0 +1,254 @@
+/*
+ * Enumeration of all SSL-specific error codes.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef __SSL_ERR_H_
+#define __SSL_ERR_H_
+
+/* clang-format off */
+
+#define SSL_ERROR_BASE                          (-0x3000)
+#define SSL_ERROR_LIMIT                         (SSL_ERROR_BASE + 1000)
+
+#define IS_SSL_ERROR(code) \
+    (((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT))
+
+#ifndef NO_SECURITY_ERROR_ENUM
+typedef enum {
+    SSL_ERROR_EXPORT_ONLY_SERVER            = (SSL_ERROR_BASE +  0),
+                                            /* error 0 is obsolete */
+    SSL_ERROR_US_ONLY_SERVER                = (SSL_ERROR_BASE +  1),
+                                            /* error 1 is obsolete */
+    SSL_ERROR_NO_CYPHER_OVERLAP             = (SSL_ERROR_BASE +  2),
+    /*
+     * Received an alert reporting what we did wrong.  (more alerts below)
+     */
+    SSL_ERROR_NO_CERTIFICATE /*_ALERT */    = (SSL_ERROR_BASE +  3),
+    SSL_ERROR_BAD_CERTIFICATE               = (SSL_ERROR_BASE +  4),
+                                            /* error 4 is obsolete */
+    SSL_ERROR_UNUSED_5                      = (SSL_ERROR_BASE +  5),
+                                            /* error 5 is obsolete */
+    SSL_ERROR_BAD_CLIENT                    = (SSL_ERROR_BASE +  6),
+    SSL_ERROR_BAD_SERVER                    = (SSL_ERROR_BASE +  7),
+    SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE  = (SSL_ERROR_BASE +  8),
+                                            /* error 8 is obsolete */
+    SSL_ERROR_UNSUPPORTED_VERSION           = (SSL_ERROR_BASE +  9),
+    SSL_ERROR_UNUSED_10                     = (SSL_ERROR_BASE + 10),
+                                            /* error 10 is obsolete */
+    SSL_ERROR_WRONG_CERTIFICATE             = (SSL_ERROR_BASE + 11),
+                                            /* error 11 is obsolete */
+    SSL_ERROR_BAD_CERT_DOMAIN               = (SSL_ERROR_BASE + 12),
+    SSL_ERROR_POST_WARNING                  = (SSL_ERROR_BASE + 13),
+                                            /* error 13 is obsolete */
+    SSL_ERROR_SSL2_DISABLED                 = (SSL_ERROR_BASE + 14),
+                                            /* error 14 is obsolete */
+    SSL_ERROR_BAD_MAC_READ                  = (SSL_ERROR_BASE + 15),
+    /*
+     * Received an alert reporting what we did wrong.
+     * (two more alerts above, and many more below)
+     */
+    SSL_ERROR_BAD_MAC_ALERT                 = (SSL_ERROR_BASE + 16),
+    SSL_ERROR_BAD_CERT_ALERT                = (SSL_ERROR_BASE + 17),
+    SSL_ERROR_REVOKED_CERT_ALERT            = (SSL_ERROR_BASE + 18),
+    SSL_ERROR_EXPIRED_CERT_ALERT            = (SSL_ERROR_BASE + 19),
+
+    SSL_ERROR_SSL_DISABLED                  = (SSL_ERROR_BASE + 20),
+    SSL_ERROR_FORTEZZA_PQG                  = (SSL_ERROR_BASE + 21),
+                                            /* error 21 is obsolete */
+    SSL_ERROR_UNKNOWN_CIPHER_SUITE          = (SSL_ERROR_BASE + 22),
+    SSL_ERROR_NO_CIPHERS_SUPPORTED          = (SSL_ERROR_BASE + 23),
+    SSL_ERROR_BAD_BLOCK_PADDING             = (SSL_ERROR_BASE + 24),
+    SSL_ERROR_RX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 25),
+    SSL_ERROR_TX_RECORD_TOO_LONG            = (SSL_ERROR_BASE + 26),
+    /*
+     * Received a malformed (too long or short) SSL handshake.
+     */
+    SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    = (SSL_ERROR_BASE + 27),
+    SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     = (SSL_ERROR_BASE + 28),
+    SSL_ERROR_RX_MALFORMED_SERVER_HELLO     = (SSL_ERROR_BASE + 29),
+    SSL_ERROR_RX_MALFORMED_CERTIFICATE      = (SSL_ERROR_BASE + 30),
+    SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  = (SSL_ERROR_BASE + 31),
+    SSL_ERROR_RX_MALFORMED_CERT_REQUEST     = (SSL_ERROR_BASE + 32),
+    SSL_ERROR_RX_MALFORMED_HELLO_DONE       = (SSL_ERROR_BASE + 33),
+    SSL_ERROR_RX_MALFORMED_CERT_VERIFY      = (SSL_ERROR_BASE + 34),
+    SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  = (SSL_ERROR_BASE + 35),
+    SSL_ERROR_RX_MALFORMED_FINISHED         = (SSL_ERROR_BASE + 36),
+    /*
+     * Received a malformed (too long or short) SSL record.
+     */
+    SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    = (SSL_ERROR_BASE + 37),
+    SSL_ERROR_RX_MALFORMED_ALERT            = (SSL_ERROR_BASE + 38),
+    SSL_ERROR_RX_MALFORMED_HANDSHAKE        = (SSL_ERROR_BASE + 39),
+    SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
+    /*
+     * Received an SSL handshake that was inappropriate for the state we're in.
+     * E.g. Server received message from server, or wrong state in state machine.
+     */
+    SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   = (SSL_ERROR_BASE + 41),
+    SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    = (SSL_ERROR_BASE + 42),
+    SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    = (SSL_ERROR_BASE + 43),
+    SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     = (SSL_ERROR_BASE + 44),
+    SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
+    SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    = (SSL_ERROR_BASE + 46),
+    SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      = (SSL_ERROR_BASE + 47),
+    SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     = (SSL_ERROR_BASE + 48),
+    SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
+    SSL_ERROR_RX_UNEXPECTED_FINISHED        = (SSL_ERROR_BASE + 50),
+    /*
+     * Received an SSL record that was inappropriate for the state we're in.
+     */
+    SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   = (SSL_ERROR_BASE + 51),
+    SSL_ERROR_RX_UNEXPECTED_ALERT           = (SSL_ERROR_BASE + 52),
+    SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       = (SSL_ERROR_BASE + 53),
+    SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54),
+    /*
+     * Received record/message with unknown discriminant.
+     */
+    SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        = (SSL_ERROR_BASE + 55),
+    SSL_ERROR_RX_UNKNOWN_HANDSHAKE          = (SSL_ERROR_BASE + 56),
+    SSL_ERROR_RX_UNKNOWN_ALERT              = (SSL_ERROR_BASE + 57),
+    /*
+     * Received an alert reporting what we did wrong.  (more alerts above)
+     */
+    SSL_ERROR_CLOSE_NOTIFY_ALERT            = (SSL_ERROR_BASE + 58),
+    SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    = (SSL_ERROR_BASE + 59),
+    SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   = (SSL_ERROR_BASE + 60),
+    SSL_ERROR_HANDSHAKE_FAILURE_ALERT       = (SSL_ERROR_BASE + 61),
+    SSL_ERROR_ILLEGAL_PARAMETER_ALERT       = (SSL_ERROR_BASE + 62),
+    SSL_ERROR_UNSUPPORTED_CERT_ALERT        = (SSL_ERROR_BASE + 63),
+    SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     = (SSL_ERROR_BASE + 64),
+
+    SSL_ERROR_GENERATE_RANDOM_FAILURE       = (SSL_ERROR_BASE + 65),
+    SSL_ERROR_SIGN_HASHES_FAILURE           = (SSL_ERROR_BASE + 66),
+    SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    = (SSL_ERROR_BASE + 67),
+    SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 68),
+    SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   = (SSL_ERROR_BASE + 69),
+
+    SSL_ERROR_ENCRYPTION_FAILURE            = (SSL_ERROR_BASE + 70),
+    SSL_ERROR_DECRYPTION_FAILURE            = (SSL_ERROR_BASE + 71),
+                                            /* error 71 is obsolete */
+    SSL_ERROR_SOCKET_WRITE_FAILURE          = (SSL_ERROR_BASE + 72),
+
+    SSL_ERROR_MD5_DIGEST_FAILURE            = (SSL_ERROR_BASE + 73),
+    SSL_ERROR_SHA_DIGEST_FAILURE            = (SSL_ERROR_BASE + 74),
+    SSL_ERROR_MAC_COMPUTATION_FAILURE       = (SSL_ERROR_BASE + 75),
+    SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       = (SSL_ERROR_BASE + 76),
+    SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        = (SSL_ERROR_BASE + 77),
+    SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   = (SSL_ERROR_BASE + 78),
+                                            /* error 78 is obsolete */
+    SSL_ERROR_IV_PARAM_FAILURE              = (SSL_ERROR_BASE + 79),
+    SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     = (SSL_ERROR_BASE + 80),
+    SSL_ERROR_SESSION_KEY_GEN_FAILURE       = (SSL_ERROR_BASE + 81),
+    SSL_ERROR_NO_SERVER_KEY_FOR_ALG         = (SSL_ERROR_BASE + 82),
+    SSL_ERROR_TOKEN_INSERTION_REMOVAL       = (SSL_ERROR_BASE + 83),
+    SSL_ERROR_TOKEN_SLOT_NOT_FOUND          = (SSL_ERROR_BASE + 84),
+    SSL_ERROR_NO_COMPRESSION_OVERLAP        = (SSL_ERROR_BASE + 85),
+    SSL_ERROR_HANDSHAKE_NOT_COMPLETED       = (SSL_ERROR_BASE + 86),
+    SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      = (SSL_ERROR_BASE + 87),
+    SSL_ERROR_CERT_KEA_MISMATCH             = (SSL_ERROR_BASE + 88),
+    SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA      = (SSL_ERROR_BASE + 89),
+                                            /* error 89 is obsolete */
+    SSL_ERROR_SESSION_NOT_FOUND             = (SSL_ERROR_BASE + 90),
+
+    SSL_ERROR_DECRYPTION_FAILED_ALERT       = (SSL_ERROR_BASE + 91),
+    SSL_ERROR_RECORD_OVERFLOW_ALERT         = (SSL_ERROR_BASE + 92),
+    SSL_ERROR_UNKNOWN_CA_ALERT              = (SSL_ERROR_BASE + 93),
+    SSL_ERROR_ACCESS_DENIED_ALERT           = (SSL_ERROR_BASE + 94),
+    SSL_ERROR_DECODE_ERROR_ALERT            = (SSL_ERROR_BASE + 95),
+    SSL_ERROR_DECRYPT_ERROR_ALERT           = (SSL_ERROR_BASE + 96),
+    SSL_ERROR_EXPORT_RESTRICTION_ALERT      = (SSL_ERROR_BASE + 97),
+    SSL_ERROR_PROTOCOL_VERSION_ALERT        = (SSL_ERROR_BASE + 98),
+    SSL_ERROR_INSUFFICIENT_SECURITY_ALERT   = (SSL_ERROR_BASE + 99),
+    SSL_ERROR_INTERNAL_ERROR_ALERT          = (SSL_ERROR_BASE + 100),
+    SSL_ERROR_USER_CANCELED_ALERT           = (SSL_ERROR_BASE + 101),
+    SSL_ERROR_NO_RENEGOTIATION_ALERT        = (SSL_ERROR_BASE + 102),
+
+    SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED   = (SSL_ERROR_BASE + 103),
+
+    SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT   = (SSL_ERROR_BASE + 104),
+    SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105),
+    SSL_ERROR_UNRECOGNIZED_NAME_ALERT       = (SSL_ERROR_BASE + 106),
+    SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107),
+    SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT     = (SSL_ERROR_BASE + 108),
+
+    SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 109),
+    SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET = (SSL_ERROR_BASE + 110),
+
+    SSL_ERROR_DECOMPRESSION_FAILURE         = (SSL_ERROR_BASE + 111),
+    SSL_ERROR_RENEGOTIATION_NOT_ALLOWED     = (SSL_ERROR_BASE + 112),
+    SSL_ERROR_UNSAFE_NEGOTIATION            = (SSL_ERROR_BASE + 113),
+
+    SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD = (SSL_ERROR_BASE + 114),
+
+    SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY  = (SSL_ERROR_BASE + 115),
+
+    SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID    = (SSL_ERROR_BASE + 116),
+
+    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2 = (SSL_ERROR_BASE + 117),
+                                             /* error 117 is obsolete */
+    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SERVERS = (SSL_ERROR_BASE + 118),
+    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_CLIENTS = (SSL_ERROR_BASE + 119),
+
+    SSL_ERROR_INVALID_VERSION_RANGE         = (SSL_ERROR_BASE + 120),
+    SSL_ERROR_CIPHER_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 121),
+
+    SSL_ERROR_RX_MALFORMED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 122),
+    SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQUEST = (SSL_ERROR_BASE + 123),
+
+    SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124),
+
+    SSL_ERROR_RX_UNEXPECTED_CERT_STATUS     = (SSL_ERROR_BASE + 125),
+
+    SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM    = (SSL_ERROR_BASE + 126),
+    SSL_ERROR_DIGEST_FAILURE                = (SSL_ERROR_BASE + 127),
+    SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 128),
+
+    SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK     = (SSL_ERROR_BASE + 129),
+    SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL     = (SSL_ERROR_BASE + 130),
+
+    SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT  = (SSL_ERROR_BASE + 131),
+
+    SSL_ERROR_WEAK_SERVER_CERT_KEY          = (SSL_ERROR_BASE + 132),
+
+    SSL_ERROR_RX_SHORT_DTLS_READ            = (SSL_ERROR_BASE + 133),
+
+    SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134),
+    SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135),
+
+    SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136),
+    SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137),
+
+    SSL_ERROR_RX_MALFORMED_KEY_SHARE        = (SSL_ERROR_BASE + 138),
+    SSL_ERROR_MISSING_KEY_SHARE             = (SSL_ERROR_BASE + 139),
+    SSL_ERROR_RX_MALFORMED_ECDHE_KEY_SHARE  = (SSL_ERROR_BASE + 140),
+    SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE    = (SSL_ERROR_BASE + 141),
+
+    SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS = (SSL_ERROR_BASE + 142),
+    SSL_ERROR_MISSING_EXTENSION_ALERT       = (SSL_ERROR_BASE + 143),
+
+    SSL_ERROR_KEY_EXCHANGE_FAILURE          = (SSL_ERROR_BASE + 144),
+    SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION = (SSL_ERROR_BASE + 145),
+    SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS = (SSL_ERROR_BASE + 146),
+    SSL_ERROR_MALFORMED_PRE_SHARED_KEY = (SSL_ERROR_BASE + 147),
+    SSL_ERROR_MALFORMED_EARLY_DATA = (SSL_ERROR_BASE + 148),
+    SSL_ERROR_END_OF_EARLY_DATA_ALERT = (SSL_ERROR_BASE + 149),
+    SSL_ERROR_MISSING_ALPN_EXTENSION = (SSL_ERROR_BASE + 150),
+    SSL_ERROR_RX_UNEXPECTED_EXTENSION = (SSL_ERROR_BASE + 151),
+    SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION = (SSL_ERROR_BASE + 152),
+    SSL_ERROR_TOO_MANY_RECORDS = (SSL_ERROR_BASE + 153),
+    SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST = (SSL_ERROR_BASE + 154),
+    SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST = (SSL_ERROR_BASE + 155),
+    SSL_ERROR_BAD_2ND_CLIENT_HELLO = (SSL_ERROR_BASE + 156),
+    SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION = (SSL_ERROR_BASE + 157),
+    SSL_ERROR_MALFORMED_PSK_KEY_EXCHANGE_MODES = (SSL_ERROR_BASE + 158),
+    SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES = (SSL_ERROR_BASE + 159),
+    SSL_ERROR_DOWNGRADE_WITH_EARLY_DATA = (SSL_ERROR_BASE + 160),
+    SSL_ERROR_END_OF_LIST   /* let the c compiler determine the value of this. */
+} SSLErrorCodes;
+#endif /* NO_SECURITY_ERROR_ENUM */
+
+/* clang-format on */
+
+#endif /* __SSL_ERR_H_ */
diff --git a/nss/lib/ssl/sslerrstrs.c b/nss/lib/ssl/sslerrstrs.c
new file mode 100644
index 0000000..4e3db6d
--- /dev/null
+++ b/nss/lib/ssl/sslerrstrs.c
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "prerror.h"
+#include "sslerr.h"
+#include "prinit.h"
+#include "nssutil.h"
+#include "ssl.h"
+
+#define ER3(name, value, str) { #name, str },
+
+static const struct PRErrorMessage ssltext[] = {
+#include "SSLerrs.h"
+    { 0, 0 }
+};
+
+static const struct PRErrorTable ssl_et = {
+    ssltext, "sslerr", SSL_ERROR_BASE,
+    (sizeof ssltext) / (sizeof ssltext[0])
+};
+
+static PRStatus
+ssl_InitializePRErrorTableOnce(void)
+{
+    return PR_ErrorInstallTable(&ssl_et);
+}
+
+static PRCallOnceType once;
+
+SECStatus
+ssl_InitializePRErrorTable(void)
+{
+    return (PR_SUCCESS == PR_CallOnce(&once, ssl_InitializePRErrorTableOnce))
+               ? SECSuccess
+               : SECFailure;
+}
diff --git a/nss/lib/ssl/sslgrp.c b/nss/lib/ssl/sslgrp.c
new file mode 100644
index 0000000..eb53ad3
--- /dev/null
+++ b/nss/lib/ssl/sslgrp.c
@@ -0,0 +1,164 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file contains prototypes for the public SSL functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include "pk11func.h"
+#include "ssl.h"
+#include "sslimpl.h"
+
+struct {
+    sslEphemeralKeyPair *keyPair;
+    PRCallOnceType once;
+} gECDHEKeyPairs[SSL_NAMED_GROUP_COUNT];
+
+typedef struct sslSocketAndGroupArgStr {
+    const sslNamedGroupDef *group;
+    const sslSocket *ss;
+} sslSocketAndGroupArg;
+
+/* Function to clear out the ECDHE keys. */
+static SECStatus
+ssl_CleanupECDHEKeys(void *appData, void *nssData)
+{
+    unsigned int i;
+
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; i++) {
+        if (gECDHEKeyPairs[i].keyPair) {
+            ssl_FreeEphemeralKeyPair(gECDHEKeyPairs[i].keyPair);
+        }
+    }
+    memset(gECDHEKeyPairs, 0, sizeof(gECDHEKeyPairs));
+    return SECSuccess;
+}
+
+/* Only run the cleanup once. */
+static PRCallOnceType cleanupECDHEKeysOnce;
+static PRStatus
+ssl_SetupCleanupECDHEKeysOnce(void)
+{
+    SECStatus rv = NSS_RegisterShutdown(ssl_CleanupECDHEKeys, NULL);
+    return (rv != SECSuccess) ? PR_FAILURE : PR_SUCCESS;
+}
+
+/* This creates a key pair for each of the supported EC groups.  If that works,
+ * we assume that the token supports that group.  Since this is relatively
+ * expensive, this is only done for the first socket that is used.  That means
+ * that if tokens are added or removed, then this will not pick up any changes.
+ */
+static PRStatus
+ssl_CreateStaticECDHEKeyPair(void *arg)
+{
+    const sslSocketAndGroupArg *typed_arg = (sslSocketAndGroupArg *)arg;
+    const sslNamedGroupDef *group = typed_arg->group;
+    const sslSocket *ss = typed_arg->ss;
+    unsigned int i = group - ssl_named_groups;
+    SECStatus rv;
+
+    PORT_Assert(group->keaType == ssl_kea_ecdh);
+    PORT_Assert(i < SSL_NAMED_GROUP_COUNT);
+    rv = ssl_CreateECDHEphemeralKeyPair(ss, group,
+                                        &gECDHEKeyPairs[i].keyPair);
+    if (rv != SECSuccess) {
+        gECDHEKeyPairs[i].keyPair = NULL;
+        SSL_TRC(5, ("%d: SSL[-]: disabling group %d",
+                    SSL_GETPID(), group->name));
+    }
+
+    return PR_SUCCESS;
+}
+
+void
+ssl_FilterSupportedGroups(sslSocket *ss)
+{
+    unsigned int i;
+    PRStatus prv;
+    sslSocketAndGroupArg arg = { NULL, ss };
+
+    prv = PR_CallOnce(&cleanupECDHEKeysOnce, ssl_SetupCleanupECDHEKeysOnce);
+    PORT_Assert(prv == PR_SUCCESS);
+    if (prv != PR_SUCCESS) {
+        return;
+    }
+
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        PRUint32 policy;
+        SECStatus srv;
+        unsigned int index;
+        const sslNamedGroupDef *group = ss->namedGroupPreferences[i];
+        if (!group) {
+            continue;
+        }
+
+        srv = NSS_GetAlgorithmPolicy(group->oidTag, &policy);
+        if (srv == SECSuccess && !(policy & NSS_USE_ALG_IN_SSL_KX)) {
+            ss->namedGroupPreferences[i] = NULL;
+            continue;
+        }
+
+        if (group->assumeSupported) {
+            continue;
+        }
+
+        /* For EC groups, we have to test that a key pair can be created. This
+         * is gross, and expensive, so only do it once. */
+        index = group - ssl_named_groups;
+        PORT_Assert(index < SSL_NAMED_GROUP_COUNT);
+
+        arg.group = group;
+        prv = PR_CallOnceWithArg(&gECDHEKeyPairs[index].once,
+                                 ssl_CreateStaticECDHEKeyPair,
+                                 (void *)&arg);
+        PORT_Assert(prv == PR_SUCCESS);
+        if (prv != PR_SUCCESS) {
+            continue;
+        }
+
+        if (!gECDHEKeyPairs[index].keyPair) {
+            ss->namedGroupPreferences[i] = NULL;
+        }
+    }
+}
+
+/*
+ * Creates the static "ephemeral" public and private ECDH keys used by server in
+ * ECDHE_RSA and ECDHE_ECDSA handshakes when we reuse the same key.
+ */
+SECStatus
+ssl_CreateStaticECDHEKey(sslSocket *ss, const sslNamedGroupDef *ecGroup)
+{
+    sslEphemeralKeyPair *keyPair;
+    /* We index gECDHEKeyPairs by the named group.  Pointer arithmetic! */
+    unsigned int index = ecGroup - ssl_named_groups;
+    PRStatus prv;
+    sslSocketAndGroupArg arg = { ecGroup, ss };
+
+    prv = PR_CallOnceWithArg(&gECDHEKeyPairs[index].once,
+                             ssl_CreateStaticECDHEKeyPair,
+                             (void *)&arg);
+    PORT_Assert(prv == PR_SUCCESS);
+    if (prv != PR_SUCCESS) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    keyPair = gECDHEKeyPairs[index].keyPair;
+    if (!keyPair) {
+        /* Attempting to use a key pair for an unsupported group. */
+        PORT_Assert(keyPair);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    keyPair = ssl_CopyEphemeralKeyPair(keyPair);
+    if (!keyPair)
+        return SECFailure;
+
+    PORT_Assert(PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
+    PR_APPEND_LINK(&keyPair->link, &ss->ephemeralKeyPairs);
+    return SECSuccess;
+}
diff --git a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
new file mode 100644
index 0000000..a7f7f74
--- /dev/null
+++ b/nss/lib/ssl/sslimpl.h
@@ -0,0 +1,1910 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is PRIVATE to SSL and should be the first thing included by
+ * any SSL implementation file.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __sslimpl_h_
+#define __sslimpl_h_
+
+#ifdef DEBUG
+#undef NDEBUG
+#else
+#undef NDEBUG
+#define NDEBUG
+#endif
+#include "secport.h"
+#include "secerr.h"
+#include "sslerr.h"
+#include "ssl3prot.h"
+#include "hasht.h"
+#include "nssilock.h"
+#include "pkcs11t.h"
+#if defined(XP_UNIX) || defined(XP_BEOS)
+#include "unistd.h"
+#endif
+#include "nssrwlk.h"
+#include "prthread.h"
+#include "prclist.h"
+#include "private/pprthred.h"
+// TLS-N Extension
+#include "tlsproofstr.h"
+
+#include "sslt.h" /* for some formerly private types, now public */
+
+typedef struct sslSocketStr sslSocket;
+typedef struct ssl3CipherSpecStr ssl3CipherSpec;
+#include "ssl3ext.h"
+
+/* to make some of these old enums public without namespace pollution,
+** it was necessary to prepend ssl_ to the names.
+** These #defines preserve compatibility with the old code here in libssl.
+*/
+typedef SSLMACAlgorithm SSL3MACAlgorithm;
+
+#define calg_null ssl_calg_null
+#define calg_rc4 ssl_calg_rc4
+#define calg_rc2 ssl_calg_rc2
+#define calg_des ssl_calg_des
+#define calg_3des ssl_calg_3des
+#define calg_idea ssl_calg_idea
+#define calg_fortezza ssl_calg_fortezza /* deprecated, must preserve */
+#define calg_aes ssl_calg_aes
+#define calg_camellia ssl_calg_camellia
+#define calg_seed ssl_calg_seed
+#define calg_aes_gcm ssl_calg_aes_gcm
+#define calg_chacha20 ssl_calg_chacha20
+
+#define mac_null ssl_mac_null
+#define mac_md5 ssl_mac_md5
+#define mac_sha ssl_mac_sha
+#define hmac_md5 ssl_hmac_md5
+#define hmac_sha ssl_hmac_sha
+#define hmac_sha256 ssl_hmac_sha256
+#define hmac_sha384 ssl_hmac_sha384
+#define mac_aead ssl_mac_aead
+
+#if defined(DEBUG) || defined(TRACE)
+#ifdef __cplusplus
+#define Debug 1
+#else
+extern int Debug;
+#endif
+#else
+#undef Debug
+#endif
+
+#if defined(DEBUG) && !defined(TRACE) && !defined(NISCC_TEST)
+#define TRACE
+#endif
+
+#ifdef TRACE
+#define SSL_TRC(a, b)     \
+    if (ssl_trace >= (a)) \
+    ssl_Trace b
+#define PRINT_BUF(a, b)   \
+    if (ssl_trace >= (a)) \
+    ssl_PrintBuf b
+#define PRINT_KEY(a, b)   \
+    if (ssl_trace >= (a)) \
+    ssl_PrintKey b
+#else
+#define SSL_TRC(a, b)
+#define PRINT_BUF(a, b)
+#define PRINT_KEY(a, b)
+#endif
+
+#ifdef DEBUG
+#define SSL_DBG(b) \
+    if (ssl_debug) \
+    ssl_Trace b
+#else
+#define SSL_DBG(b)
+#endif
+
+#define LSB(x) ((unsigned char)((x)&0xff))
+#define MSB(x) ((unsigned char)(((unsigned)(x)) >> 8))
+
+#define CONST_CAST(T, X) ((T *)(X))
+
+/************************************************************************/
+
+typedef enum { SSLAppOpRead = 0,
+               SSLAppOpWrite,
+               SSLAppOpRDWR,
+               SSLAppOpPost,
+               SSLAppOpHeader
+} SSLAppOperation;
+
+#define SSL3_SESSIONID_BYTES 32
+
+#define SSL_MIN_CHALLENGE_BYTES 16
+#define SSL_MAX_CHALLENGE_BYTES 32
+
+#define SSL3_MASTER_SECRET_LENGTH 48
+
+/* number of wrap mechanisms potentially used to wrap master secrets. */
+#define SSL_NUM_WRAP_MECHS 15
+#define SSL_NUM_WRAP_KEYS 6
+
+/* This makes the cert cache entry exactly 4k. */
+#define SSL_MAX_CACHED_CERT_LEN 4060
+
+#ifndef BPB
+#define BPB 8 /* Bits Per Byte */
+#endif
+
+/* The default value from RFC 4347 is 1s, which is too slow. */
+#define DTLS_RETRANSMIT_INITIAL_MS 50
+/* The maximum time to wait between retransmissions. */
+#define DTLS_RETRANSMIT_MAX_MS 10000
+/* Time to wait in FINISHED state for retransmissions. */
+#define DTLS_RETRANSMIT_FINISHED_MS 30000
+
+/* default number of entries in namedGroupPreferences */
+#define SSL_NAMED_GROUP_COUNT 31
+
+/* Types and names of elliptic curves used in TLS */
+typedef enum {
+    ec_type_explicitPrime = 1,      /* not supported */
+    ec_type_explicitChar2Curve = 2, /* not supported */
+    ec_type_named = 3
+} ECType;
+
+typedef enum {
+    ticket_allow_early_data = 1,
+    ticket_allow_psk_ke = 2,
+    ticket_allow_psk_dhe_ke = 4,
+    ticket_allow_psk_auth = 8,
+    ticket_allow_psk_sign_auth = 16
+} TLS13SessionTicketFlags;
+
+typedef struct {
+    /* The name is the value that is encoded on the wire in TLS. */
+    SSLNamedGroup name;
+    /* The number of bits in the group. */
+    unsigned int bits;
+    /* The key exchange algorithm this group provides. */
+    SSLKEAType keaType;
+    /* The OID that identifies the group to PKCS11.  This also determines
+     * whether the group is enabled in policy. */
+    SECOidTag oidTag;
+    /* Assume that the group is always supported. */
+    PRBool assumeSupported;
+} sslNamedGroupDef;
+
+typedef struct sslBufferStr sslBuffer;
+typedef struct sslConnectInfoStr sslConnectInfo;
+typedef struct sslGatherStr sslGather;
+typedef struct sslSecurityInfoStr sslSecurityInfo;
+typedef struct sslSessionIDStr sslSessionID;
+typedef struct sslSocketOpsStr sslSocketOps;
+
+typedef struct ssl3StateStr ssl3State;
+typedef struct ssl3CertNodeStr ssl3CertNode;
+typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef;
+typedef struct ssl3MACDefStr ssl3MACDef;
+typedef struct sslKeyPairStr sslKeyPair;
+typedef struct ssl3DHParamsStr ssl3DHParams;
+
+struct ssl3CertNodeStr {
+    struct ssl3CertNodeStr *next;
+    CERTCertificate *cert;
+};
+
+typedef SECStatus (*sslHandshakeFunc)(sslSocket *ss);
+
+typedef void (*sslSessionIDCacheFunc)(sslSessionID *sid);
+typedef void (*sslSessionIDUncacheFunc)(sslSessionID *sid);
+typedef sslSessionID *(*sslSessionIDLookupFunc)(const PRIPv6Addr *addr,
+                                                unsigned char *sid,
+                                                unsigned int sidLen,
+                                                CERTCertDBHandle *dbHandle);
+typedef void (*sslCipherSpecChangedFunc)(void *arg,
+                                         PRBool sending,
+                                         ssl3CipherSpec *newSpec);
+
+/* Socket ops */
+struct sslSocketOpsStr {
+    int (*connect)(sslSocket *, const PRNetAddr *);
+    PRFileDesc *(*accept)(sslSocket *, PRNetAddr *);
+    int (*bind)(sslSocket *, const PRNetAddr *);
+    int (*listen)(sslSocket *, int);
+    int (*shutdown)(sslSocket *, int);
+    int (*close)(sslSocket *);
+
+    int (*recv)(sslSocket *, unsigned char *, int, int);
+
+    /* points to the higher-layer send func, e.g. ssl_SecureSend. */
+    int (*send)(sslSocket *, const unsigned char *, int, int);
+    int (*read)(sslSocket *, unsigned char *, int);
+    int (*write)(sslSocket *, const unsigned char *, int);
+
+    int (*getpeername)(sslSocket *, PRNetAddr *);
+    int (*getsockname)(sslSocket *, PRNetAddr *);
+};
+
+/* Flags interpreted by ssl send functions. */
+#define ssl_SEND_FLAG_FORCE_INTO_BUFFER 0x40000000
+#define ssl_SEND_FLAG_NO_BUFFER 0x20000000
+#define ssl_SEND_FLAG_NO_RETRANSMIT 0x08000000 /* DTLS only */
+#define ssl_SEND_FLAG_CAP_RECORD_VERSION \
+    0x04000000 /* TLS only */
+#define ssl_SEND_FLAG_MASK 0x7f000000
+
+/*
+** A buffer object.
+*/
+struct sslBufferStr {
+    unsigned char *buf;
+    unsigned int len;
+    unsigned int space;
+};
+
+/*
+** SSL3 cipher suite policy and preference struct.
+*/
+typedef struct {
+#if !defined(_WIN32)
+    unsigned int cipher_suite : 16;
+    unsigned int policy : 8;
+    unsigned int enabled : 1;
+    unsigned int isPresent : 1;
+#else
+    ssl3CipherSuite cipher_suite;
+    PRUint8 policy;
+    unsigned char enabled : 1;
+    unsigned char isPresent : 1;
+#endif
+} ssl3CipherSuiteCfg;
+
+#define ssl_V3_SUITES_IMPLEMENTED 71
+
+#define MAX_DTLS_SRTP_CIPHER_SUITES 4
+
+/* MAX_SIGNATURE_SCHEMES allows for all the values we support. */
+#define MAX_SIGNATURE_SCHEMES 15
+
+typedef struct sslOptionsStr {
+    /* If SSL_SetNextProtoNego has been called, then this contains the
+     * list of supported protocols. */
+    SECItem nextProtoNego;
+
+    unsigned int useSecurity : 1;
+    unsigned int useSocks : 1;
+    unsigned int requestCertificate : 1;
+    unsigned int requireCertificate : 2;
+    unsigned int handshakeAsClient : 1;
+    unsigned int handshakeAsServer : 1;
+    unsigned int noCache : 1;
+    unsigned int fdx : 1;
+    unsigned int detectRollBack : 1;
+    unsigned int noLocks : 1;
+    unsigned int enableSessionTickets : 1;
+    unsigned int enableDeflate : 1;
+    unsigned int enableRenegotiation : 2;
+    unsigned int requireSafeNegotiation : 1;
+    unsigned int enableFalseStart : 1;
+    unsigned int cbcRandomIV : 1;
+    unsigned int enableOCSPStapling : 1;
+    unsigned int enableNPN : 1;
+    unsigned int enableALPN : 1;
+    unsigned int reuseServerECDHEKey : 1;
+    unsigned int enableFallbackSCSV : 1;
+    unsigned int enableServerDhe : 1;
+    unsigned int enableExtendedMS : 1;
+    unsigned int enableSignedCertTimestamps : 1;
+    unsigned int requireDHENamedGroups : 1;
+    unsigned int enable0RttData : 1;
+    unsigned int enableShortHeaders : 1;
+    unsigned int enableTLSProof : 1; // TLS-N Extension
+} sslOptions;
+
+typedef enum { sslHandshakingUndetermined = 0,
+               sslHandshakingAsClient,
+               sslHandshakingAsServer
+} sslHandshakingType;
+
+#define SSL_LOCK_RANK_SPEC 255
+
+/* These are the valid values for shutdownHow.
+** These values are each 1 greater than the NSPR values, and the code
+** depends on that relation to efficiently convert PR_SHUTDOWN values
+** into ssl_SHUTDOWN values.  These values use one bit for read, and
+** another bit for write, and can be used as bitmasks.
+*/
+#define ssl_SHUTDOWN_NONE 0 /* NOT shutdown at all */
+#define ssl_SHUTDOWN_RCV 1  /* PR_SHUTDOWN_RCV  +1 */
+#define ssl_SHUTDOWN_SEND 2 /* PR_SHUTDOWN_SEND +1 */
+#define ssl_SHUTDOWN_BOTH 3 /* PR_SHUTDOWN_BOTH +1 */
+
+/*
+** A gather object. Used to read some data until a count has been
+** satisfied. Primarily for support of async sockets.
+** Everything in here is protected by the recvBufLock.
+*/
+struct sslGatherStr {
+    int state; /* see GS_ values below. */
+
+    /* "buf" holds received plaintext SSL records, after decrypt and MAC check.
+     * recv'd ciphertext records are put in inbuf (see below), then decrypted
+     * into buf.
+     */
+    sslBuffer buf; /*recvBufLock*/
+
+    /* number of bytes previously read into hdr or inbuf.
+    ** (offset - writeOffset) is the number of ciphertext bytes read in but
+    **     not yet deciphered.
+    */
+    unsigned int offset;
+
+    /* number of bytes to read in next call to ssl_DefRecv (recv) */
+    unsigned int remainder;
+
+    /* DoRecv uses the next two values to extract application data.
+    ** The difference between writeOffset and readOffset is the amount of
+    ** data available to the application.   Note that the actual offset of
+    ** the data in "buf" is recordOffset (above), not readOffset.
+    ** In the current implementation, this is made available before the
+    ** MAC is checked!!
+    */
+    unsigned int readOffset; /* Spot where DATA reader (e.g. application
+                               ** or handshake code) will read next.
+                               ** Always zero for SSl3 application data.
+                               */
+    /* offset in buf/inbuf/hdr into which new data will be read from socket. */
+    unsigned int writeOffset;
+
+    /* Buffer for ssl3 to read (encrypted) data from the socket */
+    sslBuffer inbuf; /*recvBufLock*/
+
+    /* The ssl[23]_GatherData functions read data into this buffer, rather
+    ** than into buf or inbuf, while in the GS_HEADER state.
+    ** The portion of the SSL record header put here always comes off the wire
+    ** as plaintext, never ciphertext.
+    ** For SSL3/TLS, the plaintext portion is 5 bytes long. For DTLS it is 13.
+    */
+    unsigned char hdr[13];
+
+    /* Buffer for DTLS data read off the wire as a single datagram */
+    sslBuffer dtlsPacket;
+
+    /* the start of the buffered DTLS record in dtlsPacket */
+    unsigned int dtlsPacketOffset;
+
+    /* tracks whether we've seen a v3-type record before and must reject
+     * any further v2-type records. */
+    PRBool rejectV2Records;
+};
+
+/* sslGather.state */
+#define GS_INIT 0
+#define GS_HEADER 1
+#define GS_DATA 2
+
+/*
+** ssl3State and CipherSpec structs
+*/
+
+/* The SSL bulk cipher definition */
+typedef enum {
+    cipher_null,
+    cipher_rc4,
+    cipher_des,
+    cipher_3des,
+    cipher_aes_128,
+    cipher_aes_256,
+    cipher_camellia_128,
+    cipher_camellia_256,
+    cipher_seed,
+    cipher_aes_128_gcm,
+    cipher_aes_256_gcm,
+    cipher_chacha20,
+    cipher_missing /* reserved for no such supported cipher */
+    /* This enum must match ssl3_cipherName[] in ssl3con.c.  */
+} SSL3BulkCipher;
+
+typedef enum { type_stream,
+               type_block,
+               type_aead } CipherType;
+
+#define MAX_IV_LENGTH 24
+
+typedef PRUint64 sslSequenceNumber;
+typedef PRUint16 DTLSEpoch;
+
+typedef void (*DTLSTimerCb)(sslSocket *);
+
+typedef struct {
+    SSL3Opaque wrapped_master_secret[48];
+    PRUint16 wrapped_master_secret_len;
+    PRUint8 msIsWrapped;
+    PRUint8 resumable;
+    PRUint8 extendedMasterSecretUsed;
+} ssl3SidKeys; /* 52 bytes */
+
+typedef struct {
+    PK11SymKey *write_key;
+    PK11SymKey *write_mac_key;
+    PK11Context *write_mac_context;
+    SECItem write_key_item;
+    SECItem write_iv_item;
+    SECItem write_mac_key_item;
+    SSL3Opaque write_iv[MAX_IV_LENGTH];
+} ssl3KeyMaterial;
+
+typedef SECStatus (*SSLCipher)(void *context,
+                               unsigned char *out,
+                               int *outlen,
+                               int maxout,
+                               const unsigned char *in,
+                               int inlen);
+typedef SECStatus (*SSLAEADCipher)(
+    ssl3KeyMaterial *keys,
+    PRBool doDecrypt,
+    unsigned char *out,
+    int *outlen,
+    int maxout,
+    const unsigned char *in,
+    int inlen,
+    const unsigned char *additionalData,
+    int additionalDataLen);
+typedef SECStatus (*SSLCompressor)(void *context,
+                                   unsigned char *out,
+                                   int *outlen,
+                                   int maxout,
+                                   const unsigned char *in,
+                                   int inlen);
+typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
+
+/* The DTLS anti-replay window in number of packets. Defined here because we
+ * need it in the cipher spec. Note that this is a ring buffer but left and
+ * right represent the true window, with modular arithmetic used to map them
+ * onto the buffer.
+ */
+#define DTLS_RECVD_RECORDS_WINDOW 1024
+#define RECORD_SEQ_MAX ((1ULL << 48) - 1)
+PR_STATIC_ASSERT(DTLS_RECVD_RECORDS_WINDOW % 8 == 0);
+
+typedef struct DTLSRecvdRecordsStr {
+    unsigned char data[DTLS_RECVD_RECORDS_WINDOW / 8];
+    sslSequenceNumber left;
+    sslSequenceNumber right;
+} DTLSRecvdRecords;
+
+/*
+** These are the "specs" in the "ssl3" struct.
+** Access to the pointers to these specs, and all the specs' contents
+** (direct and indirect) is protected by the reader/writer lock ss->specLock.
+*/
+struct ssl3CipherSpecStr {
+    PRCList link;
+    const ssl3BulkCipherDef *cipher_def;
+    const ssl3MACDef *mac_def;
+    SSLCompressionMethod compression_method;
+    int mac_size;
+    SSLCipher encode;
+    SSLCipher decode;
+    SSLAEADCipher aead;
+    void *encodeContext;
+    void *decodeContext;
+    SSLCompressor compressor;   /* Don't name these fields compress */
+    SSLCompressor decompressor; /* and uncompress because zconf.h   */
+                                /* may define them as macros.       */
+    SSLDestroy destroyCompressContext;
+    void *compressContext;
+    SSLDestroy destroyDecompressContext;
+    void *decompressContext;
+    PK11SymKey *master_secret;
+    sslSequenceNumber write_seq_num;
+    sslSequenceNumber read_seq_num;
+    SSL3ProtocolVersion version;
+    ssl3KeyMaterial client;
+    ssl3KeyMaterial server;
+    SECItem msItem;
+    DTLSEpoch epoch;
+    DTLSRecvdRecords recvdRecords;
+
+    PRUint8 refCt;
+    const char *phase;
+};
+
+typedef enum { never_cached,
+               in_client_cache,
+               in_server_cache,
+               invalid_cache /* no longer in any cache. */
+} Cached;
+
+#include "sslcert.h"
+
+struct sslSessionIDStr {
+    /* The global cache lock must be held when accessing these members when the
+     * sid is in any cache.
+     */
+    sslSessionID *next; /* chain used for client sockets, only */
+    Cached cached;
+    int references;
+    PRUint32 lastAccessTime; /* seconds since Jan 1, 1970 */
+
+    /* The rest of the members, except for the members of u.ssl3.locked, may
+     * be modified only when the sid is not in any cache.
+     */
+
+    CERTCertificate *peerCert;
+    SECItemArray peerCertStatus;        /* client only */
+    const char *peerID;                 /* client only */
+    const char *urlSvrName;             /* client only */
+    const sslNamedGroupDef *namedCurve; /* (server) for certificate lookup */
+    CERTCertificate *localCert;
+
+    PRIPv6Addr addr;
+    PRUint16 port;
+
+    SSL3ProtocolVersion version;
+
+    PRUint32 creationTime;   /* seconds since Jan 1, 1970 */
+    PRUint32 expirationTime; /* seconds since Jan 1, 1970 */
+
+    SSLAuthType authType;
+    PRUint32 authKeyBits;
+    SSLKEAType keaType;
+    PRUint32 keaKeyBits;
+
+    union {
+        struct {
+            /* values that are copied into the server's on-disk SID cache. */
+            PRUint8 sessionIDLength;
+            SSL3Opaque sessionID[SSL3_SESSIONID_BYTES];
+
+            ssl3CipherSuite cipherSuite;
+            SSLCompressionMethod compression;
+            int policy;
+            ssl3SidKeys keys;
+            /* mechanism used to wrap master secret */
+            CK_MECHANISM_TYPE masterWrapMech;
+
+            /* The following values are NOT restored from the server's on-disk
+             * session cache, but are restored from the client's cache.
+             */
+            PK11SymKey *clientWriteKey;
+            PK11SymKey *serverWriteKey;
+
+            /* The following values pertain to the slot that wrapped the
+            ** master secret. (used only in client)
+            */
+            SECMODModuleID masterModuleID;
+            /* what module wrapped the master secret */
+            CK_SLOT_ID masterSlotID;
+            PRUint16 masterWrapIndex;
+            /* what's the key index for the wrapping key */
+            PRUint16 masterWrapSeries;
+            /* keep track of the slot series, so we don't
+             * accidently try to use new keys after the
+             * card gets removed and replaced.*/
+
+            /* The following values pertain to the slot that did the signature
+            ** for client auth.   (used only in client)
+            */
+            SECMODModuleID clAuthModuleID;
+            CK_SLOT_ID clAuthSlotID;
+            PRUint16 clAuthSeries;
+
+            char masterValid;
+            char clAuthValid;
+
+            SECItem srvName;
+
+            /* Signed certificate timestamps received in a TLS extension.
+            ** (used only in client).
+            */
+            SECItem signedCertTimestamps;
+
+            /* The NPN/ALPN value negotiated in the original connection.
+             * Used for TLS 1.3. */
+            SECItem alpnSelection;
+
+            /* This lock is lazily initialized by CacheSID when a sid is first
+             * cached. Before then, there is no need to lock anything because
+             * the sid isn't being shared by anything.
+             */
+            PRRWLock *lock;
+
+            /* The lock must be held while reading or writing these members
+             * because they change while the sid is cached.
+             */
+            struct {
+                /* The session ticket, if we have one, is sent as an extension
+                 * in the ClientHello message. This field is used only by
+                 * clients. It is protected by lock when lock is non-null
+                 * (after the sid has been added to the client session cache).
+                 */
+                NewSessionTicket sessionTicket;
+            } locked;
+        } ssl3;
+    } u;
+};
+
+typedef struct ssl3CipherSuiteDefStr {
+    ssl3CipherSuite cipher_suite;
+    SSL3BulkCipher bulk_cipher_alg;
+    SSL3MACAlgorithm mac_alg;
+    SSL3KeyExchangeAlgorithm key_exchange_alg;
+    SSLHashType prf_hash;
+} ssl3CipherSuiteDef;
+
+/*
+** There are tables of these, all const.
+*/
+typedef struct {
+    /* An identifier for this struct. */
+    SSL3KeyExchangeAlgorithm kea;
+    /* The type of key exchange used by the cipher suite. */
+    SSLKEAType exchKeyType;
+    /* If the cipher suite uses a signature, the type of key used in the
+     * signature. */
+    KeyType signKeyType;
+    /* In most cases, cipher suites depend on their signature type for
+     * authentication, ECDH certificates being the exception. */
+    SSLAuthType authKeyType;
+    /* True if the key exchange for the suite is ephemeral.  Or to be more
+     * precise: true if the ServerKeyExchange message is always required. */
+    PRBool ephemeral;
+    /* An OID describing the key exchange */
+    SECOidTag oid;
+} ssl3KEADef;
+
+/*
+** There are tables of these, all const.
+*/
+struct ssl3BulkCipherDefStr {
+    SSL3BulkCipher cipher;
+    SSLCipherAlgorithm calg;
+    unsigned int key_size;
+    unsigned int secret_key_size;
+    CipherType type;
+    unsigned int iv_size;
+    unsigned int block_size;
+    unsigned int tag_size;            /* for AEAD ciphers. */
+    unsigned int explicit_nonce_size; /* for AEAD ciphers. */
+    SECOidTag oid;
+    const char *short_name;
+    /* The maximum number of records that can be sent/received with the same
+      * symmetric key before the connection will be terminated. */
+    PRUint64 max_records;
+};
+
+/*
+** There are tables of these, all const.
+*/
+struct ssl3MACDefStr {
+    SSL3MACAlgorithm mac;
+    CK_MECHANISM_TYPE mmech;
+    int pad_size;
+    int mac_size;
+    SECOidTag oid;
+};
+
+typedef enum {
+    ssl_0rtt_none,     /* 0-RTT not present */
+    ssl_0rtt_sent,     /* 0-RTT sent (no decision yet) */
+    ssl_0rtt_accepted, /* 0-RTT sent and accepted */
+    ssl_0rtt_ignored,  /* 0-RTT sent but rejected/ignored */
+    ssl_0rtt_done      /* 0-RTT accepted, but finished */
+} sslZeroRttState;
+
+typedef enum {
+    ssl_0rtt_ignore_none,  /* not ignoring */
+    ssl_0rtt_ignore_trial, /* ignoring with trial decryption */
+    ssl_0rtt_ignore_hrr    /* ignoring until ClientHello (due to HRR) */
+} sslZeroRttIgnore;
+
+typedef enum {
+    idle_handshake,
+    wait_client_hello,
+    wait_client_cert,
+    wait_client_key,
+    wait_cert_verify,
+    wait_change_cipher,
+    wait_finished,
+    wait_server_hello,
+    wait_certificate_status,
+    wait_server_cert,
+    wait_server_key,
+    wait_cert_request,
+    wait_hello_done,
+    wait_new_session_ticket,
+    wait_encrypted_extensions,
+    wait_invalid /* Invalid value. There is no handshake message "invalid". */
+} SSL3WaitState;
+
+typedef enum {
+    client_hello_initial,      /* The first attempt. */
+    client_hello_retry,        /* If we receive HelloRetryRequest. */
+    client_hello_retransmit,   /* In DTLS, if we receive HelloVerifyRequest. */
+    client_hello_renegotiation /* A renegotiation attempt. */
+} sslClientHelloType;
+
+typedef struct SessionTicketDataStr SessionTicketData;
+
+typedef SECStatus (*sslRestartTarget)(sslSocket *);
+
+/*
+** A DTLS queued message (potentially to be retransmitted)
+*/
+typedef struct DTLSQueuedMessageStr {
+    PRCList link;           /* The linked list link */
+    ssl3CipherSpec *cwSpec; /* The cipher spec to use, null for none */
+    SSL3ContentType type;   /* The message type */
+    unsigned char *data;    /* The data */
+    PRUint16 len;           /* The data length */
+} DTLSQueuedMessage;
+
+typedef struct TLS13KeyShareEntryStr {
+    PRCList link;                  /* The linked list link */
+    const sslNamedGroupDef *group; /* The group for the entry */
+    SECItem key_exchange;          /* The share itself */
+} TLS13KeyShareEntry;
+
+typedef struct TLS13EarlyDataStr {
+    PRCList link; /* The linked list link */
+    SECItem data; /* The data */
+} TLS13EarlyData;
+
+typedef enum {
+    handshake_hash_unknown = 0,
+    handshake_hash_combo = 1,  /* The MD5/SHA-1 combination */
+    handshake_hash_single = 2, /* A single hash */
+    handshake_hash_record
+} SSL3HandshakeHashType;
+
+/* This holds state for TLS 1.3 CertificateRequest handling. */
+typedef struct TLS13CertificateRequestStr {
+    PLArenaPool *arena;
+    SECItem context;
+    SSLSignatureScheme *signatureSchemes;
+    unsigned int signatureSchemeCount;
+    CERTDistNames ca_list;
+} TLS13CertificateRequest;
+
+/*
+** This is the "hs" member of the "ssl3" struct.
+** This entire struct is protected by ssl3HandshakeLock
+*/
+typedef struct SSL3HandshakeStateStr {
+    SSL3Random server_random;
+    SSL3Random client_random;
+    SSL3WaitState ws; /* May also contain SSL3WaitState | 0x80 for TLS 1.3 */
+
+    /* This group of members is used for handshake running hashes. */
+    SSL3HandshakeHashType hashType;
+    sslBuffer messages; /* Accumulated handshake messages */
+    /* PKCS #11 mode:
+     * SSL 3.0 - TLS 1.1 use both |md5| and |sha|. |md5| is used for MD5 and
+     * |sha| for SHA-1.
+     * TLS 1.2 and later use only |sha|, for SHA-256. */
+    PK11Context *md5;
+    PK11Context *sha;
+    SSLSignatureScheme signatureScheme;
+    const ssl3KEADef *kea_def;
+    ssl3CipherSuite cipher_suite;
+    const ssl3CipherSuiteDef *suite_def;
+    SSLCompressionMethod compression;
+    sslBuffer msg_body; /* protected by recvBufLock */
+                        /* partial handshake message from record layer */
+    unsigned int header_bytes;
+    /* number of bytes consumed from handshake */
+    /* message for message type and header length */
+    SSL3HandshakeType msg_type;
+    unsigned long msg_len;
+    PRBool isResuming;  /* we are resuming (not used in TLS 1.3) */
+    PRBool sendingSCSV; /* instead of empty RI */
+    sslBuffer msgState; /* current state for handshake messages*/
+                        /* protected by recvBufLock */
+
+    /* The session ticket received in a NewSessionTicket message is temporarily
+     * stored in newSessionTicket until the handshake is finished; then it is
+     * moved to the sid.
+     */
+    PRBool receivedNewSessionTicket;
+    NewSessionTicket newSessionTicket;
+
+    PRUint16 finishedBytes; /* size of single finished below */
+    union {
+        TLSFinished tFinished[2]; /* client, then server */
+        SSL3Finished sFinished[2];
+        SSL3Opaque data[72];
+    } finishedMsgs;
+
+    PRBool authCertificatePending;
+    /* Which function should SSL_RestartHandshake* call if we're blocked?
+     * One of NULL, ssl3_SendClientSecondRound, ssl3_FinishHandshake,
+     * or ssl3_AlwaysFail */
+    sslRestartTarget restartTarget;
+    /* Shared state between ssl3_HandleFinished and ssl3_FinishHandshake */
+    PRBool cacheSID;
+
+    PRBool canFalseStart; /* Can/did we False Start */
+    /* Which preliminaryinfo values have been set. */
+    PRUint32 preliminaryInfo;
+
+    /* Parsed extensions */
+    PRCList remoteExtensions; /* Parsed incoming extensions */
+
+    /* This group of values is used for DTLS */
+    PRUint16 sendMessageSeq;       /* The sending message sequence
+                                    * number */
+    PRCList lastMessageFlight;     /* The last message flight we
+                                    * sent */
+    PRUint16 maxMessageSent;       /* The largest message we sent */
+    PRUint16 recvMessageSeq;       /* The receiving message sequence
+                                    * number */
+    sslBuffer recvdFragments;      /* The fragments we have received in
+                                    * a bitmask */
+    PRInt32 recvdHighWater;        /* The high water mark for fragments
+                                    * received. -1 means no reassembly
+                                    * in progress. */
+    SECItem cookie;                /* The Hello(Retry|Verify)Request cookie. */
+    PRIntervalTime rtTimerStarted; /* When the timer was started */
+    DTLSTimerCb rtTimerCb;         /* The function to call on expiry */
+    PRUint32 rtTimeoutMs;          /* The length of the current timeout
+                                    * used for backoff (in ms) */
+    PRUint32 rtRetries;            /* The retry counter */
+    SECItem srvVirtName;           /* for server: name that was negotiated
+                                    * with a client. For client - is
+                                    * always set to NULL.*/
+
+    /* This group of values is used for TLS 1.3 and above */
+    PK11SymKey *currentSecret;            /* The secret down the "left hand side"
+                                           * of the TLS 1.3 key schedule. */
+    PK11SymKey *resumptionMasterSecret;   /* The resumption PSK. */
+    PK11SymKey *dheSecret;                /* The (EC)DHE shared secret. */
+    PK11SymKey *pskBinderKey;             /* Used to compute the PSK binder. */
+    PK11SymKey *clientEarlyTrafficSecret; /* The secret we use for 0-RTT. */
+    PK11SymKey *clientHsTrafficSecret;    /* The source keys for handshake */
+    PK11SymKey *serverHsTrafficSecret;    /* traffic keys. */
+    PK11SymKey *clientTrafficSecret;      /* The source keys for application */
+    PK11SymKey *serverTrafficSecret;      /* traffic keys */
+    PK11SymKey *earlyExporterSecret;      /* for 0-RTT exporters */
+    PK11SymKey *exporterSecret;           /* for exporters */
+    /* The certificate request from the server. */
+    TLS13CertificateRequest *certificateRequest;
+    PRCList cipherSpecs;            /* The cipher specs in the sequence they
+                                     * will be applied. */
+    sslZeroRttState zeroRttState;   /* Are we doing a 0-RTT handshake? */
+    sslZeroRttIgnore zeroRttIgnore; /* Are we ignoring 0-RTT? */
+    ssl3CipherSuite zeroRttSuite;   /* The cipher suite we used for 0-RTT. */
+    PRCList bufferedEarlyData;      /* Buffered TLS 1.3 early data
+                                     * on server.*/
+    PRBool helloRetry;              /* True if HelloRetryRequest has been sent
+                                     * or received. */
+    ssl3KEADef kea_def_mutable;     /* Used to hold the writable kea_def
+                                     * we use for TLS 1.3 */
+    PRBool shortHeaders;            /* Assigned if we are doing short headers. */
+} SSL3HandshakeState;
+
+/*
+** This is the "ssl3" struct, as in "ss->ssl3".
+** note:
+** usually,   crSpec == cwSpec and prSpec == pwSpec.
+** Sometimes, crSpec == pwSpec and prSpec == cwSpec.
+** But there are never more than 2 actual specs.
+** No spec must ever be modified if either "current" pointer points to it.
+*/
+struct ssl3StateStr {
+
+    /*
+    ** The following Specs and Spec pointers must be protected using the
+    ** Spec Lock.
+    */
+    ssl3CipherSpec *crSpec; /* current read spec. */
+    ssl3CipherSpec *prSpec; /* pending read spec. */
+    ssl3CipherSpec *cwSpec; /* current write spec. */
+    ssl3CipherSpec *pwSpec; /* pending write spec. */
+
+    /* Internal callback for when we do a cipher suite change. Used for
+     * debugging in TLS 1.3. This can only be set by non-public functions. */
+    sslCipherSpecChangedFunc changedCipherSpecFunc;
+    void *changedCipherSpecArg;
+
+    CERTCertificate *clientCertificate;   /* used by client */
+    SECKEYPrivateKey *clientPrivateKey;   /* used by client */
+    CERTCertificateList *clientCertChain; /* used by client */
+    PRBool sendEmptyCert;                 /* used by client */
+
+    int policy;
+    /* This says what cipher suites we can do, and should
+     * be either SSL_ALLOWED or SSL_RESTRICTED
+     */
+    PLArenaPool *peerCertArena;
+    /* These are used to keep track of the peer CA */
+    void *peerCertChain;
+    /* chain while we are trying to validate it.   */
+    CERTDistNames *ca_list;
+    /* used by server.  trusted CAs for this socket. */
+    PRBool initialized;
+    SSL3HandshakeState hs;
+    ssl3CipherSpec specs[2]; /* one is current, one is pending. */
+
+    PRUint16 mtu; /* Our estimate of the MTU */
+
+    /* DTLS-SRTP cipher suite preferences (if any) */
+    PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES];
+    PRUint16 dtlsSRTPCipherCount;
+    PRBool fatalAlertSent;
+    PRBool dheWeakGroupEnabled; /* used by server */
+    const sslNamedGroupDef *dhePreferredGroup;
+
+    /* TLS 1.2 introduces separate signature algorithm negotiation.
+     * TLS 1.3 combined signature and hash into a single enum.
+     * This is our preference order. */
+    SSLSignatureScheme signatureSchemes[MAX_SIGNATURE_SCHEMES];
+    unsigned int signatureSchemeCount;
+
+    /* The version to check if we fell back from our highest version
+     * of TLS. Default is 0 in which case we check against the maximum
+     * configured version for this socket. Used only on the client. */
+    SSL3ProtocolVersion downgradeCheckVersion;
+};
+
+/* Ethernet MTU but without subtracting the headers,
+ * so slightly larger than expected */
+#define DTLS_MAX_MTU 1500U
+#define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram)
+
+typedef struct {
+    SSL3ContentType type;
+    SSL3ProtocolVersion version;
+    sslSequenceNumber seq_num; /* DTLS only */
+    sslBuffer *buf;
+} SSL3Ciphertext;
+
+struct sslKeyPairStr {
+    SECKEYPrivateKey *privKey;
+    SECKEYPublicKey *pubKey;
+    PRInt32 refCount; /* use PR_Atomic calls for this. */
+};
+
+typedef struct {
+    PRCList link;
+    const sslNamedGroupDef *group;
+    sslKeyPair *keys;
+} sslEphemeralKeyPair;
+
+struct ssl3DHParamsStr {
+    SSLNamedGroup name;
+    SECItem prime; /* p */
+    SECItem base;  /* g */
+};
+
+typedef struct SSLWrappedSymWrappingKeyStr {
+    SSL3Opaque wrappedSymmetricWrappingkey[512];
+    CK_MECHANISM_TYPE symWrapMechanism;
+    /* unwrapped symmetric wrapping key uses this mechanism */
+    CK_MECHANISM_TYPE asymWrapMechanism;
+    /* mechanism used to wrap the SymmetricWrappingKey using
+     * server's public and/or private keys. */
+    PRInt16 wrapMechIndex;
+    PRUint16 wrapKeyIndex;
+    PRUint16 wrappedSymKeyLen;
+} SSLWrappedSymWrappingKey;
+
+typedef struct SessionTicketStr {
+    PRUint16 ticket_version;
+    SSL3ProtocolVersion ssl_version;
+    ssl3CipherSuite cipher_suite;
+    SSLCompressionMethod compression_method;
+    SSLAuthType authType;
+    PRUint32 authKeyBits;
+    SSLKEAType keaType;
+    PRUint32 keaKeyBits;
+    const sslNamedGroupDef *namedCurve; /* For certificate lookup. */
+
+    /*
+     * msWrapMech contains a meaningful value only if ms_is_wrapped is true.
+     */
+    PRUint8 ms_is_wrapped;
+    CK_MECHANISM_TYPE msWrapMech;
+    PRUint16 ms_length;
+    SSL3Opaque master_secret[48];
+    PRBool extendedMasterSecretUsed;
+    ClientIdentity client_identity;
+    SECItem peer_cert;
+    PRUint32 timestamp;
+    PRUint32 flags;
+    SECItem srvName; /* negotiated server name */
+    SECItem alpnSelection;
+} SessionTicket;
+
+/*
+ * SSL2 buffers used in SSL3.
+ *     writeBuf in the SecurityInfo maintained by sslsecur.c is used
+ *              to hold the data just about to be passed to the kernel
+ *     sendBuf in the ConnectInfo maintained by sslcon.c is used
+ *              to hold handshake messages as they are accumulated
+ */
+
+/*
+** This is "ci", as in "ss->sec.ci".
+**
+** Protection:  All the variables in here are protected by
+** firstHandshakeLock AND ssl3HandshakeLock
+*/
+struct sslConnectInfoStr {
+    /* outgoing handshakes appended to this. */
+    sslBuffer sendBuf; /*xmitBufLock*/
+
+    PRIPv6Addr peer;
+    unsigned short port;
+
+    sslSessionID *sid;
+};
+
+/* Note: The entire content of this struct and whatever it points to gets
+ * blown away by SSL_ResetHandshake().  This is "sec" as in "ss->sec".
+ *
+ * Unless otherwise specified below, the contents of this struct are
+ * protected by firstHandshakeLock AND ssl3HandshakeLock.
+ */
+struct sslSecurityInfoStr {
+
+#define SSL_ROLE(ss) (ss->sec.isServer ? "server" : "client")
+
+    PRBool isServer;
+    sslBuffer writeBuf; /*xmitBufLock*/
+
+    CERTCertificate *localCert;
+    CERTCertificate *peerCert;
+    SECKEYPublicKey *peerKey;
+
+    SSLAuthType authType;
+    PRUint32 authKeyBits;
+    SSLSignatureScheme signatureScheme;
+    SSLKEAType keaType;
+    PRUint32 keaKeyBits;
+    const sslNamedGroupDef *keaGroup;
+    /* The selected certificate (for servers only). */
+    const sslServerCert *serverCert;
+
+    /*
+    ** Procs used for SID cache (nonce) management.
+    ** Different implementations exist for clients/servers
+    ** The lookup proc is only used for servers.  Baloney!
+    */
+    sslSessionIDCacheFunc cache;
+    sslSessionIDUncacheFunc uncache;
+
+    /* These are used during a connection handshake */
+    sslConnectInfo ci;
+};
+
+/*
+** SSL Socket struct
+**
+** Protection:  XXX
+*/
+struct sslSocketStr {
+    PRFileDesc *fd;
+
+    /* Pointer to operations vector for this socket */
+    const sslSocketOps *ops;
+
+    /* SSL socket options */
+    sslOptions opt;
+    /* Enabled version range */
+    SSLVersionRange vrange;
+
+    /* State flags */
+    unsigned long clientAuthRequested;
+    unsigned long delayDisabled;     /* Nagle delay disabled */
+    unsigned long firstHsDone;       /* first handshake is complete. */
+    unsigned long enoughFirstHsDone; /* enough of the first handshake is
+                                      * done for callbacks to be able to
+                                      * retrieve channel security
+                                      * parameters from the SSL socket. */
+    unsigned long handshakeBegun;
+    unsigned long lastWriteBlocked;
+    unsigned long recvdCloseNotify; /* received SSL EOF. */
+    unsigned long TCPconnected;
+    unsigned long appDataBuffered;
+    unsigned long peerRequestedProtection; /* from old renegotiation */
+
+    /* version of the protocol to use */
+    SSL3ProtocolVersion version;
+    SSL3ProtocolVersion clientHelloVersion; /* version sent in client hello. */
+
+    sslSecurityInfo sec; /* not a pointer any more */
+
+    /* protected by firstHandshakeLock AND ssl3HandshakeLock. */
+    const char *url;
+
+    sslHandshakeFunc handshake; /*firstHandshakeLock*/
+
+    /* the following variable is only used with socks or other proxies. */
+    char *peerID; /* String uniquely identifies target server. */
+
+    /* ECDHE and DHE keys: In TLS 1.3, we might have to maintain multiple of
+     * these on the client side.  The server inserts a single value into this
+     * list for all versions. */
+    PRCList /*<sslEphemeralKeyPair>*/ ephemeralKeyPairs;
+
+    /* Callbacks */
+    SSLAuthCertificate authCertificate;
+    void *authCertificateArg;
+    SSLGetClientAuthData getClientAuthData;
+    void *getClientAuthDataArg;
+    SSLSNISocketConfig sniSocketConfig;
+    void *sniSocketConfigArg;
+    SSLAlertCallback alertReceivedCallback;
+    void *alertReceivedCallbackArg;
+    SSLAlertCallback alertSentCallback;
+    void *alertSentCallbackArg;
+    SSLBadCertHandler handleBadCert;
+    void *badCertArg;
+    SSLHandshakeCallback handshakeCallback;
+    void *handshakeCallbackData;
+    SSLCanFalseStartCallback canFalseStartCallback;
+    void *canFalseStartCallbackData;
+    void *pkcs11PinArg;
+    SSLNextProtoCallback nextProtoCallback;
+    void *nextProtoArg;
+	SSLTLSProofReturnCallBack tlsProofReturnCallBack; // TLS-N Extension
+
+    PRIntervalTime rTimeout; /* timeout for NSPR I/O */
+    PRIntervalTime wTimeout; /* timeout for NSPR I/O */
+    PRIntervalTime cTimeout; /* timeout for NSPR I/O */
+
+    PZLock *recvLock; /* lock against multiple reader threads. */
+    PZLock *sendLock; /* lock against multiple sender threads. */
+
+    PZMonitor *recvBufLock; /* locks low level recv buffers. */
+    PZMonitor *xmitBufLock; /* locks low level xmit buffers. */
+
+    /* Only one thread may operate on the socket until the initial handshake
+    ** is complete.  This Monitor ensures that.  Since SSL2 handshake is
+    ** only done once, this is also effectively the SSL2 handshake lock.
+    */
+    PZMonitor *firstHandshakeLock;
+
+    /* This monitor protects the ssl3 handshake state machine data.
+    ** Only one thread (reader or writer) may be in the ssl3 handshake state
+    ** machine at any time.  */
+    PZMonitor *ssl3HandshakeLock;
+
+    /* reader/writer lock, protects the secret data needed to encrypt and MAC
+    ** outgoing records, and to decrypt and MAC check incoming ciphertext
+    ** records.  */
+    NSSRWLock *specLock;
+
+    /* handle to perm cert db (and implicitly to the temp cert db) used
+    ** with this socket.
+    */
+    CERTCertDBHandle *dbHandle;
+
+    PRThread *writerThread; /* thread holds SSL_LOCK_WRITER lock */
+
+    PRUint16 shutdownHow; /* See ssl_SHUTDOWN defines below. */
+
+    sslHandshakingType handshaking;
+
+    /* Gather object used for gathering data */
+    sslGather gs; /*recvBufLock*/
+
+    sslBuffer saveBuf;    /*xmitBufLock*/
+    sslBuffer pendingBuf; /*xmitBufLock*/
+
+    /* Configuration state for server sockets */
+    /* One server cert and key for each authentication type. */
+    PRCList /* <sslServerCert> */ serverCerts;
+
+    ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
+
+    /* A list of groups that are sorted according to user preferences pointing
+     * to entries of ssl_named_groups. By default this list contains pointers
+     * to all elements in ssl_named_groups in the default order.
+     * This list also determines which groups are enabled. This
+     * starts with all being enabled and can be modified either by negotiation
+     * (in which case groups not supported by a peer are masked off), or by
+     * calling SSL_DHEGroupPrefSet().
+     * Note that renegotiation will ignore groups that were disabled in the
+     * first handshake.
+     */
+    const sslNamedGroupDef *namedGroupPreferences[SSL_NAMED_GROUP_COUNT];
+    /* The number of additional shares to generate for the TLS 1.3 ClientHello */
+    unsigned int additionalShares;
+
+    /* SSL3 state info.  Formerly was a pointer */
+    ssl3State ssl3;
+
+    /*
+     * TLS extension related data.
+     */
+    /* True when the current session is a stateless resume. */
+    PRBool statelessResume;
+    TLSExtensionData xtnData;
+
+    /* Whether we are doing stream or datagram mode */
+    SSLProtocolVariant protocolVariant;
+
+
+    /* The root hash for evidence in the TLS Proof to be sign by the server when a proof request is send*/
+	// TLS Proof Server Side
+    unsigned char* tlsproofMerkleRoot; 
+	PRTime tlsproofTimeStampStart;
+	unsigned char* tlsproofOrderingVector;
+	PRUint32 tlsproofOrderingVectorLen;
+
+	// TLS Proof Client Side
+	// Sent Records
+	TLSProofClientRecording* tlsproofClientSent;
+	// Received Records
+	TLSProofClientRecording* tlsproofClientRecv;
+	// Number of sent records
+	PRUint32 tlsproofClientSentLen;
+	// Number of received records
+	PRUint32 tlsproofClientRecvLen;
+	// Client proposal for salt size
+	PRUint16 client_prop_salt_size;
+	// Client proposal for chunk size
+	PRUint16 client_prop_chunk_size;
+
+	// The type of proof requested by the client
+	PRUint8 tlsProofType;
+	PRUint8 tlsproofSentEvidence;
+};
+
+extern char ssl_debug;
+extern char ssl_trace;
+extern FILE *ssl_trace_iob;
+extern FILE *ssl_keylog_iob;
+extern PRUint32 ssl3_sid_timeout;
+extern PRUint32 ssl_ticket_lifetime;
+
+extern const char *const ssl3_cipherName[];
+
+extern sslSessionIDLookupFunc ssl_sid_lookup;
+extern sslSessionIDCacheFunc ssl_sid_cache;
+extern sslSessionIDUncacheFunc ssl_sid_uncache;
+
+extern const sslNamedGroupDef ssl_named_groups[];
+
+/************************************************************************/
+
+SEC_BEGIN_PROTOS
+
+/* Internal initialization and installation of the SSL error tables */
+extern SECStatus ssl_Init(void);
+extern SECStatus ssl_InitializePRErrorTable(void);
+
+/* Implementation of ops for default (non socks, non secure) case */
+extern int ssl_DefConnect(sslSocket *ss, const PRNetAddr *addr);
+extern PRFileDesc *ssl_DefAccept(sslSocket *ss, PRNetAddr *addr);
+extern int ssl_DefBind(sslSocket *ss, const PRNetAddr *addr);
+extern int ssl_DefListen(sslSocket *ss, int backlog);
+extern int ssl_DefShutdown(sslSocket *ss, int how);
+extern int ssl_DefClose(sslSocket *ss);
+extern int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
+extern int ssl_DefSend(sslSocket *ss, const unsigned char *buf,
+                       int len, int flags);
+extern int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len);
+extern int ssl_DefWrite(sslSocket *ss, const unsigned char *buf, int len);
+extern int ssl_DefGetpeername(sslSocket *ss, PRNetAddr *name);
+extern int ssl_DefGetsockname(sslSocket *ss, PRNetAddr *name);
+extern int ssl_DefGetsockopt(sslSocket *ss, PRSockOption optname,
+                             void *optval, PRInt32 *optlen);
+extern int ssl_DefSetsockopt(sslSocket *ss, PRSockOption optname,
+                             const void *optval, PRInt32 optlen);
+
+/* Implementation of ops for socks only case */
+extern int ssl_SocksConnect(sslSocket *ss, const PRNetAddr *addr);
+extern PRFileDesc *ssl_SocksAccept(sslSocket *ss, PRNetAddr *addr);
+extern int ssl_SocksBind(sslSocket *ss, const PRNetAddr *addr);
+extern int ssl_SocksListen(sslSocket *ss, int backlog);
+extern int ssl_SocksGetsockname(sslSocket *ss, PRNetAddr *name);
+extern int ssl_SocksRecv(sslSocket *ss, unsigned char *buf, int len, int flags);
+extern int ssl_SocksSend(sslSocket *ss, const unsigned char *buf,
+                         int len, int flags);
+extern int ssl_SocksRead(sslSocket *ss, unsigned char *buf, int len);
+extern int ssl_SocksWrite(sslSocket *ss, const unsigned char *buf, int len);
+
+/* Implementation of ops for secure only case */
+extern int ssl_SecureConnect(sslSocket *ss, const PRNetAddr *addr);
+extern PRFileDesc *ssl_SecureAccept(sslSocket *ss, PRNetAddr *addr);
+extern int ssl_SecureRecv(sslSocket *ss, unsigned char *buf,
+                          int len, int flags);
+extern int ssl_SecureSend(sslSocket *ss, const unsigned char *buf,
+                          int len, int flags);
+extern int ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len);
+extern int ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len);
+extern int ssl_SecureShutdown(sslSocket *ss, int how);
+extern int ssl_SecureClose(sslSocket *ss);
+
+/* Implementation of ops for secure socks case */
+extern int ssl_SecureSocksConnect(sslSocket *ss, const PRNetAddr *addr);
+extern PRFileDesc *ssl_SecureSocksAccept(sslSocket *ss, PRNetAddr *addr);
+extern PRFileDesc *ssl_FindTop(sslSocket *ss);
+
+/* Gather funcs. */
+extern sslGather *ssl_NewGather(void);
+extern SECStatus ssl3_InitGather(sslGather *gs);
+extern void ssl3_DestroyGather(sslGather *gs);
+extern SECStatus ssl_GatherRecord1stHandshake(sslSocket *ss);
+
+extern SECStatus ssl_CreateSecurityInfo(sslSocket *ss);
+extern SECStatus ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os);
+extern void ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset);
+extern void ssl_DestroySecurityInfo(sslSecurityInfo *sec);
+
+extern void ssl_PrintBuf(const sslSocket *ss, const char *msg, const void *cp,
+                         int len);
+extern void ssl_PrintKey(const sslSocket *ss, const char *msg, PK11SymKey *key);
+
+extern int ssl_SendSavedWriteData(sslSocket *ss);
+extern SECStatus ssl_SaveWriteData(sslSocket *ss,
+                                   const void *p, unsigned int l);
+extern SECStatus ssl_BeginClientHandshake(sslSocket *ss);
+extern SECStatus ssl_BeginServerHandshake(sslSocket *ss);
+extern int ssl_Do1stHandshake(sslSocket *ss);
+
+extern SECStatus sslBuffer_Grow(sslBuffer *b, unsigned int newLen);
+extern SECStatus sslBuffer_Append(sslBuffer *b, const void *data,
+                                  unsigned int len);
+extern void sslBuffer_Clear(sslBuffer *b);
+
+extern void ssl_ChooseSessionIDProcs(sslSecurityInfo *sec);
+
+extern void ssl3_InitCipherSpec(ssl3CipherSpec *spec);
+extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
+extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
+                                   const char *peerID, const char *urlSvrName);
+extern void ssl_FreeSID(sslSessionID *sid);
+
+extern int ssl3_SendApplicationData(sslSocket *ss, const PRUint8 *in,
+                                    int len, int flags);
+
+extern PRBool ssl_FdIsBlocking(PRFileDesc *fd);
+
+extern PRBool ssl_SocketIsBlocking(sslSocket *ss);
+
+extern void ssl3_SetAlwaysBlock(sslSocket *ss);
+
+extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled);
+
+extern void ssl_FinishHandshake(sslSocket *ss);
+
+extern SECStatus ssl_CipherPolicySet(PRInt32 which, PRInt32 policy);
+
+extern SECStatus ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
+
+extern SECStatus ssl3_ConstrainRangeByPolicy(void);
+
+extern SECStatus ssl3_InitState(sslSocket *ss);
+extern SECStatus ssl3_RestartHandshakeHashes(sslSocket *ss);
+extern SECStatus ssl3_UpdateHandshakeHashes(sslSocket *ss,
+                                            const unsigned char *b,
+                                            unsigned int l);
+
+/* Returns PR_TRUE if we are still waiting for the server to complete its
+ * response to our client second round. Once we've received the Finished from
+ * the server then there is no need to check false start.
+ */
+extern PRBool ssl3_WaitingForServerSecondRound(sslSocket *ss);
+
+extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec,
+                               SSL3ContentType type,
+                               const SSL3Opaque *pIn, PRInt32 nIn,
+                               PRInt32 flags);
+
+#ifdef NSS_SSL_ENABLE_ZLIB
+/*
+ * The DEFLATE algorithm can result in an expansion of 0.1% + 12 bytes. For a
+ * maximum TLS record payload of 2**14 bytes, that's 29 bytes.
+ */
+#define SSL3_COMPRESSION_MAX_EXPANSION 29
+#else /* !NSS_SSL_ENABLE_ZLIB */
+#define SSL3_COMPRESSION_MAX_EXPANSION 0
+#endif
+
+/*
+ * make sure there is room in the write buffer for padding and
+ * other compression and cryptographic expansions.
+ */
+#define SSL3_BUFFER_FUDGE 100 + SSL3_COMPRESSION_MAX_EXPANSION
+
+#define SSL_LOCK_READER(ss) \
+    if (ss->recvLock)       \
+    PZ_Lock(ss->recvLock)
+#define SSL_UNLOCK_READER(ss) \
+    if (ss->recvLock)         \
+    PZ_Unlock(ss->recvLock)
+#define SSL_LOCK_WRITER(ss) \
+    if (ss->sendLock)       \
+    PZ_Lock(ss->sendLock)
+#define SSL_UNLOCK_WRITER(ss) \
+    if (ss->sendLock)         \
+    PZ_Unlock(ss->sendLock)
+
+/* firstHandshakeLock -> recvBufLock */
+#define ssl_Get1stHandshakeLock(ss)                               \
+    {                                                             \
+        if (!ss->opt.noLocks) {                                   \
+            PORT_Assert(PZ_InMonitor((ss)->firstHandshakeLock) || \
+                        !ssl_HaveRecvBufLock(ss));                \
+            PZ_EnterMonitor((ss)->firstHandshakeLock);            \
+        }                                                         \
+    }
+#define ssl_Release1stHandshakeLock(ss)               \
+    {                                                 \
+        if (!ss->opt.noLocks)                         \
+            PZ_ExitMonitor((ss)->firstHandshakeLock); \
+    }
+#define ssl_Have1stHandshakeLock(ss) \
+    (PZ_InMonitor((ss)->firstHandshakeLock))
+
+/* ssl3HandshakeLock -> xmitBufLock */
+#define ssl_GetSSL3HandshakeLock(ss)                  \
+    {                                                 \
+        if (!ss->opt.noLocks) {                       \
+            PORT_Assert(!ssl_HaveXmitBufLock(ss));    \
+            PZ_EnterMonitor((ss)->ssl3HandshakeLock); \
+        }                                             \
+    }
+#define ssl_ReleaseSSL3HandshakeLock(ss)             \
+    {                                                \
+        if (!ss->opt.noLocks)                        \
+            PZ_ExitMonitor((ss)->ssl3HandshakeLock); \
+    }
+#define ssl_HaveSSL3HandshakeLock(ss) \
+    (PZ_InMonitor((ss)->ssl3HandshakeLock))
+
+#define ssl_GetSpecReadLock(ss)                 \
+    {                                           \
+        if (!ss->opt.noLocks)                   \
+            NSSRWLock_LockRead((ss)->specLock); \
+    }
+#define ssl_ReleaseSpecReadLock(ss)               \
+    {                                             \
+        if (!ss->opt.noLocks)                     \
+            NSSRWLock_UnlockRead((ss)->specLock); \
+    }
+/* NSSRWLock_HaveReadLock is not exported so there's no
+ * ssl_HaveSpecReadLock macro. */
+
+#define ssl_GetSpecWriteLock(ss)                 \
+    {                                            \
+        if (!ss->opt.noLocks)                    \
+            NSSRWLock_LockWrite((ss)->specLock); \
+    }
+#define ssl_ReleaseSpecWriteLock(ss)               \
+    {                                              \
+        if (!ss->opt.noLocks)                      \
+            NSSRWLock_UnlockWrite((ss)->specLock); \
+    }
+#define ssl_HaveSpecWriteLock(ss) \
+    (NSSRWLock_HaveWriteLock((ss)->specLock))
+
+/* recvBufLock -> ssl3HandshakeLock -> xmitBufLock */
+#define ssl_GetRecvBufLock(ss)                           \
+    {                                                    \
+        if (!ss->opt.noLocks) {                          \
+            PORT_Assert(!ssl_HaveSSL3HandshakeLock(ss)); \
+            PORT_Assert(!ssl_HaveXmitBufLock(ss));       \
+            PZ_EnterMonitor((ss)->recvBufLock);          \
+        }                                                \
+    }
+#define ssl_ReleaseRecvBufLock(ss)             \
+    {                                          \
+        if (!ss->opt.noLocks)                  \
+            PZ_ExitMonitor((ss)->recvBufLock); \
+    }
+#define ssl_HaveRecvBufLock(ss) \
+    (PZ_InMonitor((ss)->recvBufLock))
+
+/* xmitBufLock -> specLock */
+#define ssl_GetXmitBufLock(ss)                  \
+    {                                           \
+        if (!ss->opt.noLocks)                   \
+            PZ_EnterMonitor((ss)->xmitBufLock); \
+    }
+#define ssl_ReleaseXmitBufLock(ss)             \
+    {                                          \
+        if (!ss->opt.noLocks)                  \
+            PZ_ExitMonitor((ss)->xmitBufLock); \
+    }
+#define ssl_HaveXmitBufLock(ss) \
+    (PZ_InMonitor((ss)->xmitBufLock))
+
+/* Placeholder value used in version ranges when SSL 3.0 and all
+ * versions of TLS are disabled.
+ */
+#define SSL_LIBRARY_VERSION_NONE 0
+
+/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version
+ * of libssl supports. Applications should use SSL_VersionRangeGetSupported at
+ * runtime to determine which versions are supported by the version of libssl
+ * in use.
+ */
+#ifndef NSS_DISABLE_TLS_1_3
+#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_3
+#else
+#define SSL_LIBRARY_VERSION_MAX_SUPPORTED SSL_LIBRARY_VERSION_TLS_1_2
+#endif
+
+#define SSL_ALL_VERSIONS_DISABLED(vrange) \
+    ((vrange)->min == SSL_LIBRARY_VERSION_NONE)
+
+extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
+                                      SSL3ProtocolVersion version);
+
+/* These functions are called from secnav, even though they're "private". */
+
+extern int SSL_RestartHandshakeAfterCertReq(struct sslSocketStr *ss,
+                                            CERTCertificate *cert,
+                                            SECKEYPrivateKey *key,
+                                            CERTCertificateList *certChain);
+extern sslSocket *ssl_FindSocket(PRFileDesc *fd);
+extern void ssl_FreeSocket(struct sslSocketStr *ssl);
+extern SECStatus SSL3_SendAlert(sslSocket *ss, SSL3AlertLevel level,
+                                SSL3AlertDescription desc);
+extern SECStatus ssl3_DecodeError(sslSocket *ss);
+
+extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
+
+/*
+ * for dealing with SSL 3.0 clients sending SSL 2.0 format hellos
+ */
+extern SECStatus ssl3_HandleV2ClientHello(
+    sslSocket *ss, unsigned char *buffer, int length, PRUint8 padding);
+
+SECStatus ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type);
+
+/*
+ * input into the SSL3 machinery from the actualy network reading code
+ */
+SECStatus ssl3_HandleRecord(
+    sslSocket *ss, SSL3Ciphertext *cipher, sslBuffer *out);
+SECStatus ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, unsigned int macSize);
+
+int ssl3_GatherAppDataRecord(sslSocket *ss, int flags);
+int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags);
+
+/* Create a new ref counted key pair object from two keys. */
+extern sslKeyPair *ssl_NewKeyPair(SECKEYPrivateKey *privKey,
+                                  SECKEYPublicKey *pubKey);
+
+/* get a new reference (bump ref count) to an ssl3KeyPair. */
+extern sslKeyPair *ssl_GetKeyPairRef(sslKeyPair *keyPair);
+
+/* Decrement keypair's ref count and free if zero. */
+extern void ssl_FreeKeyPair(sslKeyPair *keyPair);
+
+extern sslEphemeralKeyPair *ssl_NewEphemeralKeyPair(
+    const sslNamedGroupDef *group,
+    SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey);
+extern sslEphemeralKeyPair *ssl_CopyEphemeralKeyPair(
+    sslEphemeralKeyPair *keyPair);
+extern void ssl_FreeEphemeralKeyPair(sslEphemeralKeyPair *keyPair);
+extern sslEphemeralKeyPair *ssl_LookupEphemeralKeyPair(
+    sslSocket *ss, const sslNamedGroupDef *groupDef);
+extern PRBool ssl_HaveEphemeralKeyPair(const sslSocket *ss,
+                                       const sslNamedGroupDef *groupDef);
+extern void ssl_FreeEphemeralKeyPairs(sslSocket *ss);
+
+extern SECStatus ssl_AppendPaddedDHKeyShare(const sslSocket *ss,
+                                            const SECKEYPublicKey *pubKey,
+                                            PRBool appendLength);
+extern const ssl3DHParams *ssl_GetDHEParams(const sslNamedGroupDef *groupDef);
+extern SECStatus ssl_SelectDHEGroup(sslSocket *ss,
+                                    const sslNamedGroupDef **groupDef);
+extern SECStatus ssl_CreateDHEKeyPair(const sslNamedGroupDef *groupDef,
+                                      const ssl3DHParams *params,
+                                      sslEphemeralKeyPair **keyPair);
+extern PRBool ssl_IsValidDHEShare(const SECItem *dh_p, const SECItem *dh_Ys);
+extern SECStatus ssl_ValidateDHENamedGroup(sslSocket *ss,
+                                           const SECItem *dh_p,
+                                           const SECItem *dh_g,
+                                           const sslNamedGroupDef **groupDef,
+                                           const ssl3DHParams **dhParams);
+
+extern PRBool ssl_IsECCEnabled(const sslSocket *ss);
+extern PRBool ssl_IsDHEEnabled(const sslSocket *ss);
+
+/* Macro for finding a curve equivalent in strength to RSA key's */
+#define SSL_RSASTRENGTH_TO_ECSTRENGTH(s)                            \
+    ((s <= 1024) ? 160                                              \
+                 : ((s <= 2048) ? 224                               \
+                                : ((s <= 3072) ? 256                \
+                                               : ((s <= 7168) ? 384 \
+                                                              : 521))))
+
+extern const sslNamedGroupDef *ssl_LookupNamedGroup(SSLNamedGroup group);
+extern PRBool ssl_NamedGroupEnabled(const sslSocket *ss, const sslNamedGroupDef *group);
+extern SECStatus ssl_NamedGroup2ECParams(PLArenaPool *arena,
+                                         const sslNamedGroupDef *curve,
+                                         SECKEYECParams *params);
+extern const sslNamedGroupDef *ssl_ECPubKey2NamedGroup(
+    const SECKEYPublicKey *pubKey);
+
+extern const sslNamedGroupDef *ssl_GetECGroupForServerSocket(sslSocket *ss);
+extern void ssl_FilterSupportedGroups(sslSocket *ss);
+
+extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
+extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
+
+extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
+extern SECStatus ssl3_CipherPrefGet(const sslSocket *ss, ssl3CipherSuite which, PRBool *on);
+
+extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
+extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
+
+extern void ssl3_InitSocketPolicy(sslSocket *ss);
+
+extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
+extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
+                                             PRUint32 length,
+                                             PRBool endOfRecord);
+
+extern void ssl3_DestroySSL3Info(sslSocket *ss);
+
+extern SECStatus ssl_ClientReadVersion(sslSocket *ss, SSL3Opaque **b,
+                                       PRUint32 *length,
+                                       SSL3ProtocolVersion *version);
+extern SECStatus ssl3_NegotiateVersion(sslSocket *ss,
+                                       SSL3ProtocolVersion peerVersion,
+                                       PRBool allowLargerPeerVersion);
+
+extern SECStatus ssl_GetPeerInfo(sslSocket *ss);
+
+/* ECDH functions */
+extern SECStatus ssl3_SendECDHClientKeyExchange(sslSocket *ss,
+                                                SECKEYPublicKey *svrPubKey);
+extern SECStatus ssl3_HandleECDHServerKeyExchange(sslSocket *ss,
+                                                  SSL3Opaque *b, PRUint32 length);
+extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss,
+                                                  SSL3Opaque *b, PRUint32 length,
+                                                  sslKeyPair *serverKeys);
+extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
+extern SECStatus ssl_ImportECDHKeyShare(
+    sslSocket *ss, SECKEYPublicKey *peerKey,
+    SSL3Opaque *b, PRUint32 length, const sslNamedGroupDef *curve);
+unsigned int tls13_SizeOfECDHEKeyShareKEX(const SECKEYPublicKey *pubKey);
+SECStatus tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss,
+                                       const SECKEYPublicKey *pubKey);
+
+extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg,
+                                           PRUint8 *hashBuf,
+                                           unsigned int bufLen,
+                                           SSL3Hashes *hashes);
+extern void ssl3_DestroyCipherSpec(ssl3CipherSpec *spec, PRBool freeSrvName);
+extern SECStatus ssl3_InitPendingCipherSpec(sslSocket *ss, PK11SymKey *pms);
+extern SECStatus ssl3_AppendHandshake(sslSocket *ss, const void *void_src,
+                                      PRInt32 bytes);
+extern SECStatus ssl3_AppendHandshakeHeader(sslSocket *ss,
+                                            SSL3HandshakeType t, PRUint32 length);
+extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num,
+                                            PRInt32 lenSize);
+extern SECStatus ssl3_AppendHandshakeVariable(sslSocket *ss,
+                                              const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize);
+extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(
+    sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash);
+extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRUint32 bytes,
+                                       SSL3Opaque **b, PRUint32 *length);
+extern SECStatus ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRUint32 *num,
+                                             PRUint32 bytes, SSL3Opaque **b,
+                                             PRUint32 *length);
+extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i,
+                                               PRUint32 bytes, SSL3Opaque **b,
+                                               PRUint32 *length);
+extern PRUint8 *ssl_EncodeUintX(PRUint64 value, unsigned int bytes,
+                                PRUint8 *to);
+extern PRBool ssl_IsSupportedSignatureScheme(SSLSignatureScheme scheme);
+extern SECStatus ssl_CheckSignatureSchemeConsistency(
+    sslSocket *ss, SSLSignatureScheme scheme, CERTCertificate *cert);
+extern SECStatus ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena,
+                                           SSLSignatureScheme **schemesOut,
+                                           unsigned int *numSchemesOut,
+                                           unsigned char **b,
+                                           unsigned int *len);
+extern SECStatus ssl_ConsumeSignatureScheme(
+    sslSocket *ss, SSL3Opaque **b, PRUint32 *length, SSLSignatureScheme *out);
+extern SECStatus ssl3_SignHashes(sslSocket *ss, SSL3Hashes *hash,
+                                 SECKEYPrivateKey *key, SECItem *buf);
+extern SECStatus ssl3_VerifySignedHashes(sslSocket *ss, SSLSignatureScheme scheme,
+                                         SSL3Hashes *hash, SECItem *buf);
+extern SECStatus ssl3_CacheWrappedMasterSecret(
+    sslSocket *ss, sslSessionID *sid, ssl3CipherSpec *spec);
+extern void ssl3_FreeSniNameArray(TLSExtensionData *xtnData);
+
+/* Hello Extension related routines. */
+extern void ssl3_SetSIDSessionTicket(sslSessionID *sid,
+                                     /*in/out*/ NewSessionTicket *session_ticket);
+SECStatus ssl3_EncodeSessionTicket(sslSocket *ss,
+                                   const NewSessionTicket *ticket_input,
+                                   SECItem *ticket_data);
+SECStatus ssl_MaybeSetSessionTicketKeyPair(const sslKeyPair *keyPair);
+SECStatus ssl_GetSessionTicketKeys(sslSocket *ss, unsigned char *keyName,
+                                   PK11SymKey **encKey, PK11SymKey **macKey);
+void ssl_ResetSessionTicketKeys();
+
+extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char *data,
+                                            unsigned int length);
+
+/* Construct a new NSPR socket for the app to use */
+extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
+extern void ssl_FreePRSocket(PRFileDesc *fd);
+
+/* Internal config function so SSL3 can initialize the present state of
+ * various ciphers */
+extern int ssl3_config_match_init(sslSocket *);
+
+/* calls for accessing wrapping keys across processes. */
+extern SECStatus
+ssl_GetWrappingKey(unsigned int symWrapMechIndex, unsigned int wrapKeyIndex,
+                   SSLWrappedSymWrappingKey *wswk);
+
+/* The caller passes in the new value it wants
+ * to set.  This code tests the wrapped sym key entry in the file on disk.
+ * If it is uninitialized, this function writes the caller's value into
+ * the disk entry, and returns false.
+ * Otherwise, it overwrites the caller's wswk with the value obtained from
+ * the disk, and returns PR_TRUE.
+ * This is all done while holding the locks/semaphores necessary to make
+ * the operation atomic.
+ */
+extern SECStatus
+ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk);
+
+/* get rid of the symmetric wrapping key references. */
+extern SECStatus SSL3_ShutdownServerCache(void);
+
+extern SECStatus ssl_InitSymWrapKeysLock(void);
+
+extern SECStatus ssl_FreeSymWrapKeysLock(void);
+
+extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
+
+extern SECStatus ssl_FreeSessionCacheLocks(void);
+
+/**************** DTLS-specific functions **************/
+extern void dtls_FreeHandshakeMessage(DTLSQueuedMessage *msg);
+extern void dtls_FreeHandshakeMessages(PRCList *lst);
+
+extern SECStatus dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf);
+extern SECStatus dtls_HandleHelloVerifyRequest(sslSocket *ss,
+                                               SSL3Opaque *b, PRUint32 length);
+extern SECStatus dtls_StageHandshakeMessage(sslSocket *ss);
+extern SECStatus dtls_QueueMessage(sslSocket *ss, SSL3ContentType type,
+                                   const SSL3Opaque *pIn, PRInt32 nIn);
+extern SECStatus dtls_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags);
+SECStatus ssl3_DisableNonDTLSSuites(sslSocket *ss);
+extern SECStatus dtls_StartHolddownTimer(sslSocket *ss);
+extern void dtls_CheckTimer(sslSocket *ss);
+extern void dtls_CancelTimer(sslSocket *ss);
+extern void dtls_SetMTU(sslSocket *ss, PRUint16 advertised);
+extern void dtls_InitRecvdRecords(DTLSRecvdRecords *records);
+extern int dtls_RecordGetRecvd(const DTLSRecvdRecords *records,
+                               sslSequenceNumber seq);
+extern void dtls_RecordSetRecvd(DTLSRecvdRecords *records,
+                                sslSequenceNumber seq);
+extern void dtls_RehandshakeCleanup(sslSocket *ss);
+extern SSL3ProtocolVersion
+dtls_TLSVersionToDTLSVersion(SSL3ProtocolVersion tlsv);
+extern SSL3ProtocolVersion
+dtls_DTLSVersionToTLSVersion(SSL3ProtocolVersion dtlsv);
+extern PRBool dtls_IsRelevant(sslSocket *ss, const SSL3Ciphertext *cText,
+                              PRBool *sameEpoch, PRUint64 *seqNum);
+extern SECStatus dtls_MaybeRetransmitHandshake(sslSocket *ss,
+                                               const SSL3Ciphertext *cText,
+                                               PRBool sameEpoch);
+
+CK_MECHANISM_TYPE ssl3_Alg2Mech(SSLCipherAlgorithm calg);
+SECStatus ssl3_NegotiateCipherSuite(sslSocket *ss, const SECItem *suites,
+                                    PRBool initHashes);
+SECStatus ssl3_InitHandshakeHashes(sslSocket *ss);
+SECStatus ssl3_ServerCallSNICallback(sslSocket *ss);
+SECStatus ssl3_SetupPendingCipherSpec(sslSocket *ss);
+SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags);
+SECStatus ssl3_CompleteHandleCertificate(sslSocket *ss,
+                                         SSL3Opaque *b, PRUint32 length);
+void ssl3_SendAlertForCertError(sslSocket *ss, PRErrorCode errCode);
+SECStatus ssl3_HandleNoCertificate(sslSocket *ss);
+SECStatus ssl3_SendEmptyCertificate(sslSocket *ss);
+void ssl3_CleanupPeerCerts(sslSocket *ss);
+SECStatus ssl3_SendCertificateStatus(sslSocket *ss);
+SECStatus ssl3_AuthCertificate(sslSocket *ss);
+SECStatus ssl_ReadCertificateStatus(sslSocket *ss, SSL3Opaque *b,
+                                    PRUint32 length);
+SECStatus ssl3_EncodeSigAlgs(const sslSocket *ss, PRUint8 *buf,
+                             unsigned maxLen, PRUint32 *len);
+SECStatus ssl_GetCertificateRequestCAs(sslSocket *ss, unsigned int *calenp,
+                                       SECItem **namesp, unsigned int *nnamesp);
+SECStatus ssl3_ParseCertificateRequestCAs(sslSocket *ss, SSL3Opaque **b,
+                                          PRUint32 *length, PLArenaPool *arena,
+                                          CERTDistNames *ca_list);
+SECStatus ssl3_CompleteHandleCertificateRequest(
+    sslSocket *ss, const SSLSignatureScheme *signatureSchemes,
+    unsigned int signatureSchemeCount, CERTDistNames *ca_list);
+SECStatus ssl3_SendServerHello(sslSocket *ss);
+SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss,
+                                      ssl3CipherSpec *spec,
+                                      SSL3Hashes *hashes,
+                                      PRUint32 sender);
+SECStatus ssl_CreateECDHEphemeralKeyPair(const sslSocket *ss,
+                                         const sslNamedGroupDef *ecGroup,
+                                         sslEphemeralKeyPair **keyPair);
+SECStatus ssl_CreateStaticECDHEKey(sslSocket *ss,
+                                   const sslNamedGroupDef *ecGroup);
+SECStatus ssl3_FlushHandshake(sslSocket *ss, PRInt32 flags);
+PK11SymKey *ssl3_GetWrappingKey(sslSocket *ss,
+                                PK11SlotInfo *masterSecretSlot,
+                                CK_MECHANISM_TYPE masterWrapMech,
+                                void *pwArg);
+SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid);
+const ssl3CipherSuiteDef *ssl_LookupCipherSuiteDef(ssl3CipherSuite suite);
+const ssl3BulkCipherDef *
+ssl_GetBulkCipherDef(const ssl3CipherSuiteDef *cipher_def);
+SECStatus ssl3_SelectServerCert(sslSocket *ss);
+SECStatus ssl_PickSignatureScheme(sslSocket *ss,
+                                  SECKEYPublicKey *pubKey,
+                                  SECKEYPrivateKey *privKey,
+                                  const SSLSignatureScheme *peerSchemes,
+                                  unsigned int peerSchemeCount,
+                                  PRBool requireSha1);
+SECOidTag ssl3_HashTypeToOID(SSLHashType hashType);
+SSLHashType ssl_SignatureSchemeToHashType(SSLSignatureScheme scheme);
+KeyType ssl_SignatureSchemeToKeyType(SSLSignatureScheme scheme);
+
+SECStatus ssl3_SetCipherSuite(sslSocket *ss, ssl3CipherSuite chosenSuite,
+                              PRBool initHashes);
+
+/* Pull in TLS 1.3 functions */
+#include "tls13con.h"
+
+/********************** misc calls *********************/
+
+#ifdef DEBUG
+extern void ssl3_CheckCipherSuiteOrderConsistency();
+#endif
+
+extern int ssl_MapLowLevelError(int hiLevelError);
+
+extern PRUint32 ssl_Time(void);
+extern PRBool ssl_TicketTimeValid(const NewSessionTicket *ticket);
+
+extern void SSL_AtomicIncrementLong(long *x);
+
+SECStatus ssl3_ApplyNSSPolicy(void);
+
+extern HASH_HashType
+ssl3_GetTls12HashType(sslSocket *ss);
+
+extern SECStatus
+ssl3_TLSPRFWithMasterSecret(sslSocket *ss, ssl3CipherSpec *spec,
+                            const char *label, unsigned int labelLen,
+                            const unsigned char *val, unsigned int valLen,
+                            unsigned char *out, unsigned int outLen);
+
+#ifdef TRACE
+#define SSL_TRACE(msg) ssl_Trace msg
+#else
+#define SSL_TRACE(msg)
+#endif
+
+void ssl_Trace(const char *format, ...);
+
+SEC_END_PROTOS
+
+#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
+#define SSL_GETPID getpid
+#elif defined(WIN32)
+extern int __cdecl _getpid(void);
+#define SSL_GETPID _getpid
+#else
+#define SSL_GETPID() 0
+#endif
+
+// TLS-N Extension
+#include "tlsproof.h"
+#endif /* __sslimpl_h_ */
diff --git a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
new file mode 100644
index 0000000..0bbacad
--- /dev/null
+++ b/nss/lib/ssl/sslinfo.c
@@ -0,0 +1,495 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "tls13hkdf.h"
+
+static const char *
+ssl_GetCompressionMethodName(SSLCompressionMethod compression)
+{
+    switch (compression) {
+        case ssl_compression_null:
+            return "NULL";
+#ifdef NSS_ENABLE_ZLIB
+        case ssl_compression_deflate:
+            return "DEFLATE";
+#endif
+        default:
+            return "???";
+    }
+}
+
+SECStatus
+SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len)
+{
+    sslSocket *ss;
+    SSLChannelInfo inf;
+    sslSessionID *sid;
+
+    /* Check if we can properly return the length of data written and that
+     * we're not asked to return more information than we know how to provide.
+     */
+    if (!info || len < sizeof inf.length || len > sizeof inf) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetChannelInfo",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    memset(&inf, 0, sizeof inf);
+    inf.length = PR_MIN(sizeof inf, len);
+
+    if (ss->opt.useSecurity && ss->enoughFirstHsDone) {
+        sid = ss->sec.ci.sid;
+        inf.protocolVersion = ss->version;
+        inf.authKeyBits = ss->sec.authKeyBits;
+        inf.keaKeyBits = ss->sec.keaKeyBits;
+        if (ss->ssl3.initialized) {
+            SSLCipherSuiteInfo cinfo;
+            SECStatus rv;
+
+            ssl_GetSpecReadLock(ss);
+            /* XXX  The cipher suite should be in the specs and this
+             * function should get it from cwSpec rather than from the "hs".
+             * See bug 275744 comment 69 and bug 766137.
+             */
+            inf.cipherSuite = ss->ssl3.hs.cipher_suite;
+            inf.compressionMethod = ss->ssl3.cwSpec->compression_method;
+            ssl_ReleaseSpecReadLock(ss);
+            inf.compressionMethodName =
+                ssl_GetCompressionMethodName(inf.compressionMethod);
+
+            /* Fill in the cipher details from the cipher suite. */
+            rv = SSL_GetCipherSuiteInfo(inf.cipherSuite,
+                                        &cinfo, sizeof(cinfo));
+            if (rv != SECSuccess) {
+                return SECFailure; /* Error code already set. */
+            }
+            inf.symCipher = cinfo.symCipher;
+            inf.macAlgorithm = cinfo.macAlgorithm;
+            /* Get these fromm |ss->sec| because that is accurate
+             * even with TLS 1.3 disaggregated cipher suites. */
+            inf.keaType = ss->sec.keaType;
+            inf.keaGroup = ss->sec.keaGroup ? ss->sec.keaGroup->name : ssl_grp_none;
+            inf.keaKeyBits = ss->sec.keaKeyBits;
+            inf.authType = ss->sec.authType;
+            inf.authKeyBits = ss->sec.authKeyBits;
+            inf.signatureScheme = ss->sec.signatureScheme;
+        }
+        if (sid) {
+            unsigned int sidLen;
+
+            inf.creationTime = sid->creationTime;
+            inf.lastAccessTime = sid->lastAccessTime;
+            inf.expirationTime = sid->expirationTime;
+            inf.extendedMasterSecretUsed =
+                (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 ||
+                 sid->u.ssl3.keys.extendedMasterSecretUsed)
+                    ? PR_TRUE
+                    : PR_FALSE;
+
+            inf.earlyDataAccepted =
+                (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted ||
+                 ss->ssl3.hs.zeroRttState == ssl_0rtt_done);
+            sidLen = sid->u.ssl3.sessionIDLength;
+            sidLen = PR_MIN(sidLen, sizeof inf.sessionID);
+            inf.sessionIDLength = sidLen;
+            memcpy(inf.sessionID, sid->u.ssl3.sessionID, sidLen);
+        }
+    }
+
+    memcpy(info, &inf, inf.length);
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
+                              SSLPreliminaryChannelInfo *info,
+                              PRUintn len)
+{
+    sslSocket *ss;
+    SSLPreliminaryChannelInfo inf;
+
+    /* Check if we can properly return the length of data written and that
+     * we're not asked to return more information than we know how to provide.
+     */
+    if (!info || len < sizeof inf.length || len > sizeof inf) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    memset(&inf, 0, sizeof(inf));
+    inf.length = PR_MIN(sizeof(inf), len);
+
+    inf.valuesSet = ss->ssl3.hs.preliminaryInfo;
+    inf.protocolVersion = ss->version;
+    inf.cipherSuite = ss->ssl3.hs.cipher_suite;
+    inf.canSendEarlyData = !ss->sec.isServer &&
+                           (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) &&
+                           !ss->firstHsDone;
+
+    memcpy(info, &inf, inf.length);
+    return SECSuccess;
+}
+
+/* name */
+#define CS_(x) x, #x
+#define CS(x) CS_(TLS_##x)
+
+/* legacy values for authAlgorithm */
+#define S_DSA "DSA", ssl_auth_dsa
+/* S_RSA is incorrect for signature-based suites */
+/* ECDH suites incorrectly report S_RSA or S_ECDSA */
+#define S_RSA "RSA", ssl_auth_rsa_decrypt
+#define S_ECDSA "ECDSA", ssl_auth_ecdsa
+#define S_PSK "PSK", ssl_auth_psk
+#define S_ANY "TLS 1.3", ssl_auth_tls13_any
+
+/* real authentication algorithm */
+#define A_DSA ssl_auth_dsa
+#define A_RSAD ssl_auth_rsa_decrypt
+#define A_RSAS ssl_auth_rsa_sign
+#define A_ECDSA ssl_auth_ecdsa
+#define A_ECDH_R ssl_auth_ecdh_rsa
+#define A_ECDH_E ssl_auth_ecdh_ecdsa
+#define A_PSK ssl_auth_psk
+/* Report ssl_auth_null for export suites that can't decide between
+ * ssl_auth_rsa_sign and ssl_auth_rsa_decrypt. */
+#define A_EXP ssl_auth_null
+#define A_ANY ssl_auth_tls13_any
+
+/* key exchange */
+#define K_DHE "DHE", ssl_kea_dh
+#define K_RSA "RSA", ssl_kea_rsa
+#define K_KEA "KEA", ssl_kea_kea
+#define K_ECDH "ECDH", ssl_kea_ecdh
+#define K_ECDHE "ECDHE", ssl_kea_ecdh
+#define K_ECDHE_PSK "ECDHE-PSK", ssl_kea_ecdh_psk
+#define K_DHE_PSK "DHE-PSK", ssl_kea_dh_psk
+#define K_ANY "TLS 1.3", ssl_kea_tls13_any
+
+/* record protection cipher */
+#define C_SEED "SEED", calg_seed
+#define C_CAMELLIA "CAMELLIA", calg_camellia
+#define C_AES "AES", calg_aes
+#define C_RC4 "RC4", calg_rc4
+#define C_RC2 "RC2", calg_rc2
+#define C_DES "DES", calg_des
+#define C_3DES "3DES", calg_3des
+#define C_NULL "NULL", calg_null
+#define C_SJ "SKIPJACK", calg_sj
+#define C_AESGCM "AES-GCM", calg_aes_gcm
+#define C_CHACHA20 "CHACHA20POLY1305", calg_chacha20
+
+/* "block cipher" sizes */
+#define B_256 256, 256, 256
+#define B_128 128, 128, 128
+#define B_3DES 192, 156, 112
+#define B_SJ 96, 80, 80
+#define B_DES 64, 56, 56
+#define B_56 128, 56, 56
+#define B_40 128, 40, 40
+#define B_0 0, 0, 0
+
+/* "mac algorithm" and size */
+#define M_AEAD_128 "AEAD", ssl_mac_aead, 128
+#define M_SHA384 "SHA384", ssl_hmac_sha384, 384
+#define M_SHA256 "SHA256", ssl_hmac_sha256, 256
+#define M_SHA "SHA1", ssl_mac_sha, 160
+#define M_MD5 "MD5", ssl_mac_md5, 128
+#define M_NULL "NULL", ssl_mac_null, 0
+
+/* flags: FIPS, exportable, nonstandard, reserved */
+#define F_FIPS_STD 1, 0, 0, 0
+#define F_FIPS_NSTD 1, 0, 1, 0
+#define F_NFIPS_STD 0, 0, 0, 0
+#define F_NFIPS_NSTD 0, 0, 1, 0 /* i.e., trash */
+#define F_EXPORT 0, 1, 0, 0     /* i.e., trash */
+
+static const SSLCipherSuiteInfo suiteInfo[] = {
+    /* <------ Cipher suite --------------------> <auth> <KEA>  <bulk cipher> <MAC> <FIPS> */
+    { 0, CS_(TLS_AES_128_GCM_SHA256), S_ANY, K_ANY, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_ANY },
+    { 0, CS_(TLS_CHACHA20_POLY1305_SHA256), S_ANY, K_ANY, C_CHACHA20, B_256, M_AEAD_128, F_NFIPS_STD, A_ANY },
+    { 0, CS_(TLS_AES_256_GCM_SHA384), S_ANY, K_ANY, C_AESGCM, B_256, M_AEAD_128, F_NFIPS_STD, A_ANY },
+
+    { 0, CS(RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_RSAD },
+    { 0, CS(DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_DHE, C_CHACHA20, B_256, M_AEAD_128, F_NFIPS_STD, A_RSAS },
+
+    { 0, CS(DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, F_NFIPS_STD, A_RSAS },
+    { 0, CS(DHE_DSS_WITH_CAMELLIA_256_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_256, M_SHA, F_NFIPS_STD, A_DSA },
+    { 0, CS(DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, F_FIPS_STD, A_RSAS },
+    { 0, CS(DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_RSAS },
+    { 0, CS(DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_DSA },
+    { 0, CS(DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, F_FIPS_STD, A_DSA },
+    { 0, CS(RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, F_NFIPS_STD, A_RSAD },
+    { 0, CS(RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, F_FIPS_STD, A_RSAD },
+    { 0, CS(RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, F_FIPS_STD, A_RSAD },
+
+    { 0, CS(DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_128, M_SHA, F_NFIPS_STD, A_RSAS },
+    { 0, CS(DHE_DSS_WITH_CAMELLIA_128_CBC_SHA), S_DSA, K_DHE, C_CAMELLIA, B_128, M_SHA, F_NFIPS_STD, A_DSA },
+    { 0, CS(DHE_DSS_WITH_RC4_128_SHA), S_DSA, K_DHE, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_DSA },
+    { 0, CS(DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, F_FIPS_STD, A_RSAS },
+    { 0, CS(DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_RSAS },
+    { 0, CS(DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, F_FIPS_STD, A_RSAS },
+    { 0, CS(DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_DSA },
+    { 0, CS(DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, F_FIPS_STD, A_DSA },
+    { 0, CS(DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, F_FIPS_STD, A_DSA },
+    { 0, CS(RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED, B_128, M_SHA, F_FIPS_STD, A_RSAD },
+    { 0, CS(RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, F_NFIPS_STD, A_RSAD },
+    { 0, CS(RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_RSAD },
+    { 0, CS(RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, F_NFIPS_STD, A_RSAD },
+    { 0, CS(RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, F_FIPS_STD, A_RSAD },
+    { 0, CS(RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, F_FIPS_STD, A_RSAD },
+
+    { 0, CS(DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_RSAS },
+    { 0, CS(DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_DSA },
+    { 0, CS(RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_RSAD },
+
+    { 0, CS(DHE_RSA_WITH_DES_CBC_SHA), S_RSA, K_DHE, C_DES, B_DES, M_SHA, F_NFIPS_STD, A_RSAS },
+    { 0, CS(DHE_DSS_WITH_DES_CBC_SHA), S_DSA, K_DHE, C_DES, B_DES, M_SHA, F_NFIPS_STD, A_DSA },
+    { 0, CS(RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, F_NFIPS_STD, A_RSAD },
+
+    { 0, CS(RSA_WITH_NULL_SHA256), S_RSA, K_RSA, C_NULL, B_0, M_SHA256, F_EXPORT, A_RSAD },
+    { 0, CS(RSA_WITH_NULL_SHA), S_RSA, K_RSA, C_NULL, B_0, M_SHA, F_EXPORT, A_RSAD },
+    { 0, CS(RSA_WITH_NULL_MD5), S_RSA, K_RSA, C_NULL, B_0, M_MD5, F_EXPORT, A_RSAD },
+
+    /* ECC cipher suites */
+    { 0, CS(ECDHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, F_FIPS_STD, A_ECDSA },
+    { 0, CS(ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, F_NFIPS_STD, A_ECDH_E },
+    { 0, CS(ECDH_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDH, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_ECDH_E },
+    { 0, CS(ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDH, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_ECDH_E },
+    { 0, CS(ECDH_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_128, M_SHA, F_FIPS_STD, A_ECDH_E },
+    { 0, CS(ECDH_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDH, C_AES, B_256, M_SHA, F_FIPS_STD, A_ECDH_E },
+
+    { 0, CS(ECDHE_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDHE, C_NULL, B_0, M_SHA, F_NFIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_ECDSA_WITH_RC4_128_SHA), S_ECDSA, K_ECDHE, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), S_ECDSA, K_ECDHE, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_ECDSA_WITH_AES_128_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA, F_FIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), S_ECDSA, K_ECDHE, C_AES, B_128, M_SHA256, F_FIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_ECDSA_WITH_AES_256_CBC_SHA), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), S_ECDSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, F_NFIPS_STD, A_ECDSA },
+
+    { 0, CS(ECDH_RSA_WITH_NULL_SHA), S_RSA, K_ECDH, C_NULL, B_0, M_SHA, F_NFIPS_STD, A_ECDH_R },
+    { 0, CS(ECDH_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDH, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_ECDH_R },
+    { 0, CS(ECDH_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDH, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_ECDH_R },
+    { 0, CS(ECDH_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDH, C_AES, B_128, M_SHA, F_FIPS_STD, A_ECDH_R },
+    { 0, CS(ECDH_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDH, C_AES, B_256, M_SHA, F_FIPS_STD, A_ECDH_R },
+
+    { 0, CS(ECDHE_RSA_WITH_NULL_SHA), S_RSA, K_ECDHE, C_NULL, B_0, M_SHA, F_NFIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_RSA_WITH_RC4_128_SHA), S_RSA, K_ECDHE, C_RC4, B_128, M_SHA, F_NFIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_ECDHE, C_3DES, B_3DES, M_SHA, F_FIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_128, M_SHA, F_FIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_ECDHE, C_AES, B_128, M_SHA256, F_FIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_ECDHE, C_AES, B_256, M_SHA, F_FIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_ECDHE, C_CHACHA20, B_256, M_AEAD_128, F_NFIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_RSA_WITH_AES_256_CBC_SHA384), S_RSA, K_ECDHE, C_AES, B_256, M_SHA384, F_FIPS_STD, A_RSAS },
+    { 0, CS(ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), S_ECDSA, K_ECDHE, C_AES, B_256, M_SHA384, F_FIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_ECDSA },
+    { 0, CS(ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS },
+
+    { 0, CS(DHE_DSS_WITH_AES_256_GCM_SHA384), S_DSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_DSA },
+    { 0, CS(DHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_DHE, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAS },
+    { 0, CS(RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, F_FIPS_STD, A_RSAD },
+};
+
+#define NUM_SUITEINFOS ((sizeof suiteInfo) / (sizeof suiteInfo[0]))
+
+SECStatus
+SSL_GetCipherSuiteInfo(PRUint16 cipherSuite,
+                       SSLCipherSuiteInfo *info, PRUintn len)
+{
+    unsigned int i;
+
+    /* Check if we can properly return the length of data written and that
+     * we're not asked to return more information than we know how to provide.
+     */
+    if (!info || len < sizeof suiteInfo[0].length ||
+        len > sizeof suiteInfo[0]) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    len = PR_MIN(len, sizeof suiteInfo[0]);
+    for (i = 0; i < NUM_SUITEINFOS; i++) {
+        if (suiteInfo[i].cipherSuite == cipherSuite) {
+            memcpy(info, &suiteInfo[i], len);
+            info->length = len;
+            return SECSuccess;
+        }
+    }
+
+    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+    return SECFailure;
+}
+
+SECItem *
+SSL_GetNegotiatedHostInfo(PRFileDesc *fd)
+{
+    SECItem *sniName = NULL;
+    sslSocket *ss;
+    char *name = NULL;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNegotiatedHostInfo",
+                 SSL_GETPID(), fd));
+        return NULL;
+    }
+
+    if (ss->sec.isServer) {
+        if (ss->version > SSL_LIBRARY_VERSION_3_0 &&
+            ss->ssl3.initialized) { /* TLS */
+            SECItem *crsName;
+            ssl_GetSpecReadLock(ss); /*********************************/
+            crsName = &ss->ssl3.hs.srvVirtName;
+            if (crsName->data) {
+                sniName = SECITEM_DupItem(crsName);
+            }
+            ssl_ReleaseSpecReadLock(ss); /*----------------------------*/
+        }
+        return sniName;
+    }
+    name = SSL_RevealURL(fd);
+    if (name) {
+        sniName = PORT_ZNew(SECItem);
+        if (!sniName) {
+            PORT_Free(name);
+            return NULL;
+        }
+        sniName->data = (void *)name;
+        sniName->len = PORT_Strlen(name);
+    }
+    return sniName;
+}
+
+static SECStatus
+tls13_Exporter(sslSocket *ss, PK11SymKey *secret,
+               const char *label, unsigned int labelLen,
+               const unsigned char *context, unsigned int contextLen,
+               unsigned char *out, unsigned int outLen)
+{
+    if (!secret) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    return tls13_HkdfExpandLabelRaw(secret,
+                                    tls13_GetHash(ss),
+                                    context, contextLen,
+                                    label, labelLen,
+                                    out, outLen);
+}
+
+SECStatus
+SSL_ExportKeyingMaterial(PRFileDesc *fd,
+                         const char *label, unsigned int labelLen,
+                         PRBool hasContext,
+                         const unsigned char *context, unsigned int contextLen,
+                         unsigned char *out, unsigned int outLen)
+{
+    sslSocket *ss;
+    unsigned char *val = NULL;
+    unsigned int valLen, i;
+    SECStatus rv = SECFailure;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in ExportKeyingMaterial",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!label || !labelLen || !out || !outLen ||
+        (hasContext && (!context || !contextLen))) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        return tls13_Exporter(ss, ss->ssl3.hs.exporterSecret,
+                              label, labelLen,
+                              context, hasContext ? contextLen : 0,
+                              out, outLen);
+    }
+
+    /* construct PRF arguments */
+    valLen = SSL3_RANDOM_LENGTH * 2;
+    if (hasContext) {
+        valLen += 2 /* PRUint16 length */ + contextLen;
+    }
+    val = PORT_Alloc(valLen);
+    if (!val) {
+        return SECFailure;
+    }
+    i = 0;
+    PORT_Memcpy(val + i, &ss->ssl3.hs.client_random.rand, SSL3_RANDOM_LENGTH);
+    i += SSL3_RANDOM_LENGTH;
+    PORT_Memcpy(val + i, &ss->ssl3.hs.server_random.rand, SSL3_RANDOM_LENGTH);
+    i += SSL3_RANDOM_LENGTH;
+    if (hasContext) {
+        val[i++] = contextLen >> 8;
+        val[i++] = contextLen;
+        PORT_Memcpy(val + i, context, contextLen);
+        i += contextLen;
+    }
+    PORT_Assert(i == valLen);
+
+    /* Allow TLS keying material to be exported sooner, when the master
+     * secret is available and we have sent ChangeCipherSpec.
+     */
+    ssl_GetSpecReadLock(ss);
+    if (!ss->ssl3.cwSpec->master_secret && !ss->ssl3.cwSpec->msItem.len) {
+        PORT_SetError(SSL_ERROR_HANDSHAKE_NOT_COMPLETED);
+        rv = SECFailure;
+    } else {
+        rv = ssl3_TLSPRFWithMasterSecret(ss, ss->ssl3.cwSpec, label, labelLen,
+                                         val, valLen, out, outLen);
+    }
+    ssl_ReleaseSpecReadLock(ss);
+
+    PORT_ZFree(val, valLen);
+    return rv;
+}
+
+SECStatus
+SSL_ExportEarlyKeyingMaterial(PRFileDesc *fd,
+                              const char *label, unsigned int labelLen,
+                              const unsigned char *context,
+                              unsigned int contextLen,
+                              unsigned char *out, unsigned int outLen)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_ExportEarlyKeyingMaterial",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!label || !labelLen || !out || !outLen ||
+        (!context && contextLen)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    return tls13_Exporter(ss, ss->ssl3.hs.earlyExporterSecret,
+                          label, labelLen, context, contextLen,
+                          out, outLen);
+}
diff --git a/nss/lib/ssl/sslinit.c b/nss/lib/ssl/sslinit.c
new file mode 100644
index 0000000..0f38c0b
--- /dev/null
+++ b/nss/lib/ssl/sslinit.c
@@ -0,0 +1,59 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prtypes.h"
+#include "prinit.h"
+#include "seccomon.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+
+static int ssl_isInited = 0;
+static PRCallOnceType ssl_init = { 0 };
+
+PRStatus
+ssl_InitCallOnce(void *arg)
+{
+    int *error = (int *)arg;
+    SECStatus rv;
+
+    rv = ssl_InitializePRErrorTable();
+    if (rv != SECSuccess) {
+        *error = SEC_ERROR_NO_MEMORY;
+        return PR_FAILURE;
+    }
+#ifdef DEBUG
+    ssl3_CheckCipherSuiteOrderConsistency();
+#endif
+
+    rv = ssl3_ApplyNSSPolicy();
+    if (rv != SECSuccess) {
+        *error = PORT_GetError();
+        return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+}
+
+SECStatus
+ssl_Init(void)
+{
+    PRStatus nrv;
+
+    /* short circuit test if we are already inited */
+    if (!ssl_isInited) {
+        int error;
+        /* only do this once at init time, block all others until we are done */
+        nrv = PR_CallOnceWithArg(&ssl_init, ssl_InitCallOnce, &error);
+        if (nrv != PR_SUCCESS) {
+            PORT_SetError(error);
+            return SECFailure;
+        }
+        ssl_isInited = 1;
+    }
+    return SECSuccess;
+}
diff --git a/nss/lib/ssl/sslmutex.c b/nss/lib/ssl/sslmutex.c
new file mode 100644
index 0000000..10b6cf5
--- /dev/null
+++ b/nss/lib/ssl/sslmutex.c
@@ -0,0 +1,659 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+/* This ifdef should match the one in sslsnce.c */
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_OS2) || defined(XP_BEOS)
+
+#include "sslmutex.h"
+#include "prerr.h"
+
+static SECStatus
+single_process_sslMutex_Init(sslMutex* pMutex)
+{
+    PR_ASSERT(pMutex != 0 && pMutex->u.sslLock == 0);
+
+    pMutex->u.sslLock = PR_NewLock();
+    if (!pMutex->u.sslLock) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+single_process_sslMutex_Destroy(sslMutex* pMutex)
+{
+    PR_ASSERT(pMutex != 0);
+    PR_ASSERT(pMutex->u.sslLock != 0);
+    if (!pMutex->u.sslLock) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    PR_DestroyLock(pMutex->u.sslLock);
+    return SECSuccess;
+}
+
+static SECStatus
+single_process_sslMutex_Unlock(sslMutex* pMutex)
+{
+    PR_ASSERT(pMutex != 0);
+    PR_ASSERT(pMutex->u.sslLock != 0);
+    if (!pMutex->u.sslLock) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    PR_Unlock(pMutex->u.sslLock);
+    return SECSuccess;
+}
+
+static SECStatus
+single_process_sslMutex_Lock(sslMutex* pMutex)
+{
+    PR_ASSERT(pMutex != 0);
+    PR_ASSERT(pMutex->u.sslLock != 0);
+    if (!pMutex->u.sslLock) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    PR_Lock(pMutex->u.sslLock);
+    return SECSuccess;
+}
+
+#if defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || \
+    (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD) || defined(__GLIBC__)
+
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <errno.h>
+#include "unix_err.h"
+#include "pratom.h"
+
+#define SSL_MUTEX_MAGIC 0xfeedfd
+#define NONBLOCKING_POSTS 1 /* maybe this is faster */
+
+#if NONBLOCKING_POSTS
+
+#ifndef FNONBLOCK
+#define FNONBLOCK O_NONBLOCK
+#endif
+
+static int
+setNonBlocking(int fd, int nonBlocking)
+{
+    int flags;
+    int err;
+
+    flags = fcntl(fd, F_GETFL, 0);
+    if (0 > flags)
+        return flags;
+    if (nonBlocking)
+        flags |= FNONBLOCK;
+    else
+        flags &= ~FNONBLOCK;
+    err = fcntl(fd, F_SETFL, flags);
+    return err;
+}
+#endif
+
+SECStatus
+sslMutex_Init(sslMutex* pMutex, int shared)
+{
+    int err;
+    PR_ASSERT(pMutex);
+    pMutex->isMultiProcess = (PRBool)(shared != 0);
+    if (!shared) {
+        return single_process_sslMutex_Init(pMutex);
+    }
+    pMutex->u.pipeStr.mPipes[0] = -1;
+    pMutex->u.pipeStr.mPipes[1] = -1;
+    pMutex->u.pipeStr.mPipes[2] = -1;
+    pMutex->u.pipeStr.nWaiters = 0;
+
+    err = pipe(pMutex->u.pipeStr.mPipes);
+    if (err) {
+        nss_MD_unix_map_default_error(errno);
+        return err;
+    }
+#if NONBLOCKING_POSTS
+    err = setNonBlocking(pMutex->u.pipeStr.mPipes[1], 1);
+    if (err)
+        goto loser;
+#endif
+
+    pMutex->u.pipeStr.mPipes[2] = SSL_MUTEX_MAGIC;
+
+#if defined(LINUX) && defined(i386)
+    /* Pipe starts out empty */
+    return SECSuccess;
+#else
+    /* Pipe starts with one byte. */
+    return sslMutex_Unlock(pMutex);
+#endif
+
+loser:
+    nss_MD_unix_map_default_error(errno);
+    close(pMutex->u.pipeStr.mPipes[0]);
+    close(pMutex->u.pipeStr.mPipes[1]);
+    return SECFailure;
+}
+
+SECStatus
+sslMutex_Destroy(sslMutex* pMutex, PRBool processLocal)
+{
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Destroy(pMutex);
+    }
+    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    close(pMutex->u.pipeStr.mPipes[0]);
+    close(pMutex->u.pipeStr.mPipes[1]);
+
+    if (processLocal) {
+        return SECSuccess;
+    }
+
+    pMutex->u.pipeStr.mPipes[0] = -1;
+    pMutex->u.pipeStr.mPipes[1] = -1;
+    pMutex->u.pipeStr.mPipes[2] = -1;
+    pMutex->u.pipeStr.nWaiters = 0;
+
+    return SECSuccess;
+}
+
+#if defined(LINUX) && defined(i386)
+/* No memory barrier needed for this platform */
+
+/* nWaiters includes the holder of the lock (if any) and the number
+** threads waiting for it.  After incrementing nWaiters, if the count
+** is exactly 1, then you have the lock and may proceed.  If the
+** count is greater than 1, then you must wait on the pipe.
+*/
+
+SECStatus
+sslMutex_Unlock(sslMutex* pMutex)
+{
+    PRInt32 newValue;
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Unlock(pMutex);
+    }
+
+    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    /* Do Memory Barrier here. */
+    newValue = PR_ATOMIC_DECREMENT(&pMutex->u.pipeStr.nWaiters);
+    if (newValue > 0) {
+        int cc;
+        char c = 1;
+        do {
+            cc = write(pMutex->u.pipeStr.mPipes[1], &c, 1);
+        } while (cc < 0 && (errno == EINTR || errno == EAGAIN));
+        if (cc != 1) {
+            if (cc < 0)
+                nss_MD_unix_map_default_error(errno);
+            else
+                PORT_SetError(PR_UNKNOWN_ERROR);
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+SECStatus
+sslMutex_Lock(sslMutex* pMutex)
+{
+    PRInt32 newValue;
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Lock(pMutex);
+    }
+
+    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    newValue = PR_ATOMIC_INCREMENT(&pMutex->u.pipeStr.nWaiters);
+    /* Do Memory Barrier here. */
+    if (newValue > 1) {
+        int cc;
+        char c;
+        do {
+            cc = read(pMutex->u.pipeStr.mPipes[0], &c, 1);
+        } while (cc < 0 && errno == EINTR);
+        if (cc != 1) {
+            if (cc < 0)
+                nss_MD_unix_map_default_error(errno);
+            else
+                PORT_SetError(PR_UNKNOWN_ERROR);
+            return SECFailure;
+        }
+    }
+    return SECSuccess;
+}
+
+#else
+
+/* Using Atomic operations requires the use of a memory barrier instruction
+** on PowerPC, Sparc, and Alpha.  NSPR's PR_Atomic functions do not perform
+** them, and NSPR does not provide a function that does them (e.g. PR_Barrier).
+** So, we don't use them on those platforms.
+*/
+
+SECStatus
+sslMutex_Unlock(sslMutex* pMutex)
+{
+    int cc;
+    char c = 1;
+
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Unlock(pMutex);
+    }
+
+    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    do {
+        cc = write(pMutex->u.pipeStr.mPipes[1], &c, 1);
+    } while (cc < 0 && (errno == EINTR || errno == EAGAIN));
+    if (cc != 1) {
+        if (cc < 0)
+            nss_MD_unix_map_default_error(errno);
+        else
+            PORT_SetError(PR_UNKNOWN_ERROR);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+sslMutex_Lock(sslMutex* pMutex)
+{
+    int cc;
+    char c;
+
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Lock(pMutex);
+    }
+
+    if (pMutex->u.pipeStr.mPipes[2] != SSL_MUTEX_MAGIC) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    do {
+        cc = read(pMutex->u.pipeStr.mPipes[0], &c, 1);
+    } while (cc < 0 && errno == EINTR);
+    if (cc != 1) {
+        if (cc < 0)
+            nss_MD_unix_map_default_error(errno);
+        else
+            PORT_SetError(PR_UNKNOWN_ERROR);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+#endif
+
+#elif defined(WIN32)
+
+#include "win32err.h"
+
+/* on Windows, we need to find the optimal type of locking mechanism to use
+ for the sslMutex.
+
+ There are 3 cases :
+ 1) single-process, use a PRLock, as for all other platforms
+ 2) Win95 multi-process, use a Win32 mutex
+ 3) on WINNT multi-process, use a PRLock + a Win32 mutex
+
+*/
+
+#ifdef WINNT
+
+SECStatus
+sslMutex_2LevelInit(sslMutex *sem)
+{
+    /*  the following adds a PRLock to sslMutex . This is done in each
+        process of a multi-process server and is only needed on WINNT, if
+        using fibers. We can't tell if native threads or fibers are used, so
+        we always do it on WINNT
+    */
+    PR_ASSERT(sem);
+    if (sem) {
+        /* we need to reset the sslLock in the children or the single_process init
+           function below will assert */
+        sem->u.sslLock = NULL;
+    }
+    return single_process_sslMutex_Init(sem);
+}
+
+static SECStatus
+sslMutex_2LevelDestroy(sslMutex *sem)
+{
+    return single_process_sslMutex_Destroy(sem);
+}
+
+#endif
+
+SECStatus
+sslMutex_Init(sslMutex *pMutex, int shared)
+{
+#ifdef WINNT
+    SECStatus retvalue;
+#endif
+    HANDLE hMutex;
+    SECURITY_ATTRIBUTES attributes =
+        { sizeof(SECURITY_ATTRIBUTES), NULL, TRUE };
+
+    PR_ASSERT(pMutex != 0 && (pMutex->u.sslMutx == 0 ||
+                              pMutex->u.sslMutx ==
+                                  INVALID_HANDLE_VALUE));
+
+    pMutex->isMultiProcess = (PRBool)(shared != 0);
+
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Init(pMutex);
+    }
+
+#ifdef WINNT
+    /*  we need a lock on WINNT for fibers in the parent process */
+    retvalue = sslMutex_2LevelInit(pMutex);
+    if (SECSuccess != retvalue)
+        return SECFailure;
+#endif
+
+    if (!pMutex || ((hMutex = pMutex->u.sslMutx) != 0 &&
+                    hMutex !=
+                        INVALID_HANDLE_VALUE)) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    attributes.bInheritHandle = (shared ? TRUE : FALSE);
+    hMutex = CreateMutex(&attributes, FALSE, NULL);
+    if (hMutex == NULL) {
+        hMutex = INVALID_HANDLE_VALUE;
+        nss_MD_win32_map_default_error(GetLastError());
+        return SECFailure;
+    }
+    pMutex->u.sslMutx = hMutex;
+    return SECSuccess;
+}
+
+SECStatus
+sslMutex_Destroy(sslMutex *pMutex, PRBool processLocal)
+{
+    HANDLE hMutex;
+    int rv;
+    int retvalue = SECSuccess;
+
+    PR_ASSERT(pMutex != 0);
+    if (!pMutex) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Destroy(pMutex);
+    }
+
+/*  multi-process mode */
+#ifdef WINNT
+    /* on NT, get rid of the PRLock used for fibers within a process */
+    retvalue = sslMutex_2LevelDestroy(pMutex);
+#endif
+
+    PR_ASSERT(pMutex->u.sslMutx != 0 &&
+              pMutex->u.sslMutx != INVALID_HANDLE_VALUE);
+    if ((hMutex = pMutex->u.sslMutx) == 0 || hMutex == INVALID_HANDLE_VALUE) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    rv = CloseHandle(hMutex); /* ignore error */
+    if (!processLocal && rv) {
+        pMutex->u.sslMutx = hMutex = INVALID_HANDLE_VALUE;
+    }
+    if (!rv) {
+        nss_MD_win32_map_default_error(GetLastError());
+        retvalue = SECFailure;
+    }
+    return retvalue;
+}
+
+int
+sslMutex_Unlock(sslMutex *pMutex)
+{
+    BOOL success = FALSE;
+    HANDLE hMutex;
+
+    PR_ASSERT(pMutex != 0);
+    if (!pMutex) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Unlock(pMutex);
+    }
+
+    PR_ASSERT(pMutex->u.sslMutx != 0 &&
+              pMutex->u.sslMutx != INVALID_HANDLE_VALUE);
+    if ((hMutex = pMutex->u.sslMutx) == 0 || hMutex == INVALID_HANDLE_VALUE) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+    success = ReleaseMutex(hMutex);
+    if (!success) {
+        nss_MD_win32_map_default_error(GetLastError());
+        return SECFailure;
+    }
+#ifdef WINNT
+    return single_process_sslMutex_Unlock(pMutex);
+/* release PRLock for other fibers in the process */
+#else
+    return SECSuccess;
+#endif
+}
+
+int
+sslMutex_Lock(sslMutex *pMutex)
+{
+    HANDLE hMutex;
+    DWORD event;
+    DWORD lastError;
+    SECStatus rv;
+    SECStatus retvalue = SECSuccess;
+
+    PR_ASSERT(pMutex != 0);
+    if (!pMutex) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure;
+    }
+
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Lock(pMutex);
+    }
+#ifdef WINNT
+    /* lock first to preserve from other threads/fibers in the same process */
+    retvalue = single_process_sslMutex_Lock(pMutex);
+#endif
+    PR_ASSERT(pMutex->u.sslMutx != 0 &&
+              pMutex->u.sslMutx != INVALID_HANDLE_VALUE);
+    if ((hMutex = pMutex->u.sslMutx) == 0 || hMutex == INVALID_HANDLE_VALUE) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return SECFailure; /* what else ? */
+    }
+    /* acquire the mutex to be the only owner accross all other processes */
+    event = WaitForSingleObject(hMutex, INFINITE);
+    switch (event) {
+        case WAIT_OBJECT_0:
+        case WAIT_ABANDONED:
+            rv = SECSuccess;
+            break;
+
+        case WAIT_TIMEOUT:
+#if defined(WAIT_IO_COMPLETION)
+        case WAIT_IO_COMPLETION:
+#endif
+        default: /* should never happen. nothing we can do. */
+            PR_ASSERT(!("WaitForSingleObject returned invalid value."));
+            PORT_SetError(PR_UNKNOWN_ERROR);
+            rv = SECFailure;
+            break;
+
+        case WAIT_FAILED: /* failure returns this */
+            rv = SECFailure;
+            lastError = GetLastError(); /* for debugging */
+            nss_MD_win32_map_default_error(lastError);
+            break;
+    }
+
+    if (!(SECSuccess == retvalue && SECSuccess == rv)) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+#elif defined(XP_UNIX) && !defined(DARWIN)
+
+#include <errno.h>
+#include "unix_err.h"
+
+SECStatus
+sslMutex_Init(sslMutex* pMutex, int shared)
+{
+    int rv;
+    PR_ASSERT(pMutex);
+    pMutex->isMultiProcess = (PRBool)(shared != 0);
+    if (!shared) {
+        return single_process_sslMutex_Init(pMutex);
+    }
+    do {
+        rv = sem_init(&pMutex->u.sem, shared, 1);
+    } while (rv < 0 && errno == EINTR);
+    if (rv < 0) {
+        nss_MD_unix_map_default_error(errno);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+sslMutex_Destroy(sslMutex* pMutex, PRBool processLocal)
+{
+    int rv;
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Destroy(pMutex);
+    }
+
+    /* semaphores are global resources. See SEM_DESTROY(3) man page */
+    if (processLocal) {
+        return SECSuccess;
+    }
+    do {
+        rv = sem_destroy(&pMutex->u.sem);
+    } while (rv < 0 && errno == EINTR);
+    if (rv < 0) {
+        nss_MD_unix_map_default_error(errno);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+sslMutex_Unlock(sslMutex* pMutex)
+{
+    int rv;
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Unlock(pMutex);
+    }
+    do {
+        rv = sem_post(&pMutex->u.sem);
+    } while (rv < 0 && errno == EINTR);
+    if (rv < 0) {
+        nss_MD_unix_map_default_error(errno);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+sslMutex_Lock(sslMutex* pMutex)
+{
+    int rv;
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Lock(pMutex);
+    }
+    do {
+        rv = sem_wait(&pMutex->u.sem);
+    } while (rv < 0 && errno == EINTR);
+    if (rv < 0) {
+        nss_MD_unix_map_default_error(errno);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+#else
+
+SECStatus
+sslMutex_Init(sslMutex* pMutex, int shared)
+{
+    PR_ASSERT(pMutex);
+    pMutex->isMultiProcess = (PRBool)(shared != 0);
+    if (!shared) {
+        return single_process_sslMutex_Init(pMutex);
+    }
+    PORT_Assert(!("sslMutex_Init not implemented for multi-process applications !"));
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+SECStatus
+sslMutex_Destroy(sslMutex* pMutex, PRBool processLocal)
+{
+    PR_ASSERT(pMutex);
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Destroy(pMutex);
+    }
+    PORT_Assert(!("sslMutex_Destroy not implemented for multi-process applications !"));
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+SECStatus
+sslMutex_Unlock(sslMutex* pMutex)
+{
+    PR_ASSERT(pMutex);
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Unlock(pMutex);
+    }
+    PORT_Assert(!("sslMutex_Unlock not implemented for multi-process applications !"));
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+SECStatus
+sslMutex_Lock(sslMutex* pMutex)
+{
+    PR_ASSERT(pMutex);
+    if (PR_FALSE == pMutex->isMultiProcess) {
+        return single_process_sslMutex_Lock(pMutex);
+    }
+    PORT_Assert(!("sslMutex_Lock not implemented for multi-process applications !"));
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return SECFailure;
+}
+
+#endif
+
+#endif
diff --git a/nss/lib/ssl/sslmutex.h b/nss/lib/ssl/sslmutex.h
new file mode 100644
index 0000000..3f63ed8
--- /dev/null
+++ b/nss/lib/ssl/sslmutex.h
@@ -0,0 +1,129 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef __SSLMUTEX_H_
+#define __SSLMUTEX_H_ 1
+
+/* What SSL really wants is portable process-shared unnamed mutexes in
+ * shared memory, that have the property that if the process that holds
+ * them dies, they are released automatically, and that (unlike fcntl
+ * record locking) lock to the thread, not to the process.
+ * NSPR doesn't provide that.
+ * Windows has mutexes that meet that description, but they're not portable.
+ * POSIX mutexes are not automatically released when the holder dies,
+ * and other processes/threads cannot release the mutex on behalf of the
+ * dead holder.
+ * POSIX semaphores can be used to accomplish this on systems that implement
+ * process-shared unnamed POSIX semaphores, because a watchdog thread can
+ * discover and release semaphores that were held by a dead process.
+ * On systems that do not support process-shared POSIX unnamed semaphores,
+ * they can be emulated using pipes.
+ * The performance cost of doing that is not yet measured.
+ *
+ * So, this API looks a lot like POSIX pthread mutexes.
+ */
+
+#include "prtypes.h"
+#include "prlock.h"
+
+#if defined(NETBSD)
+#include <sys/param.h> /* for __NetBSD_Version__ */
+#endif
+
+#if defined(WIN32)
+
+#include <wtypes.h>
+
+typedef struct {
+    PRBool isMultiProcess;
+#ifdef WINNT
+    /* on WINNT we need both the PRLock and the Win32 mutex for fibers */
+    struct {
+#else
+    union {
+#endif
+        PRLock *sslLock;
+        HANDLE sslMutx;
+    } u;
+} sslMutex;
+
+typedef int sslPID;
+
+#elif defined(LINUX) || defined(AIX) || defined(BEOS) || defined(BSDI) || \
+    (defined(NETBSD) && __NetBSD_Version__ < 500000000) || defined(OPENBSD) || defined(__GLIBC__)
+
+#include <sys/types.h>
+#include "prtypes.h"
+
+typedef struct {
+    PRBool isMultiProcess;
+    union {
+        PRLock *sslLock;
+        struct {
+            int mPipes[3];
+            PRInt32 nWaiters;
+        } pipeStr;
+    } u;
+} sslMutex;
+typedef pid_t sslPID;
+
+/* other types of unix, except OS X */
+#elif defined(XP_UNIX) && !defined(DARWIN)
+
+#include <sys/types.h> /* for pid_t */
+#include <semaphore.h> /* for sem_t, and sem_* functions */
+
+typedef struct {
+    PRBool isMultiProcess;
+    union {
+        PRLock *sslLock;
+        sem_t sem;
+    } u;
+} sslMutex;
+
+typedef pid_t sslPID;
+
+#else /* no support for cross-process locking */
+
+/* what platform is this ?? */
+
+typedef struct {
+    PRBool isMultiProcess;
+    union {
+        PRLock *sslLock;
+        /* include cross-process locking mechanism here */
+    } u;
+} sslMutex;
+
+#ifdef DARWIN
+typedef pid_t sslPID;
+#else
+typedef int sslPID;
+#endif
+
+#endif
+
+#include "seccomon.h"
+
+SEC_BEGIN_PROTOS
+
+extern SECStatus sslMutex_Init(sslMutex *sem, int shared);
+
+/* If processLocal is set to true, then just free resources which are *only* associated
+ * with the current process. Leave any shared resources (including the state of
+ * shared memory) intact. */
+extern SECStatus sslMutex_Destroy(sslMutex *sem, PRBool processLocal);
+
+extern SECStatus sslMutex_Unlock(sslMutex *sem);
+
+extern SECStatus sslMutex_Lock(sslMutex *sem);
+
+#ifdef WINNT
+
+extern SECStatus sslMutex_2LevelInit(sslMutex *sem);
+
+#endif
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
new file mode 100644
index 0000000..7ad1c6b
--- /dev/null
+++ b/nss/lib/ssl/sslnonce.c
@@ -0,0 +1,509 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file implements the CLIENT Session ID cache.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "pk11pub.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "nss.h"
+
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "nssilock.h"
+#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
+#include <time.h>
+#endif
+
+PRUint32 ssl3_sid_timeout = 86400L; /* 24 hours */
+
+static sslSessionID *cache = NULL;
+static PZLock *cacheLock = NULL;
+
+/* sids can be in one of 4 states:
+ *
+ * never_cached,        created, but not yet put into cache.
+ * in_client_cache,     in the client cache's linked list.
+ * in_server_cache,     entry came from the server's cache file.
+ * invalid_cache        has been removed from the cache.
+ */
+
+#define LOCK_CACHE lock_cache()
+#define UNLOCK_CACHE PZ_Unlock(cacheLock)
+
+static SECStatus
+ssl_InitClientSessionCacheLock(void)
+{
+    cacheLock = PZ_NewLock(nssILockCache);
+    return cacheLock ? SECSuccess : SECFailure;
+}
+
+static SECStatus
+ssl_FreeClientSessionCacheLock(void)
+{
+    if (cacheLock) {
+        PZ_DestroyLock(cacheLock);
+        cacheLock = NULL;
+        return SECSuccess;
+    }
+    PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+    return SECFailure;
+}
+
+static PRBool LocksInitializedEarly = PR_FALSE;
+
+static SECStatus
+FreeSessionCacheLocks()
+{
+    SECStatus rv1, rv2;
+    rv1 = ssl_FreeSymWrapKeysLock();
+    rv2 = ssl_FreeClientSessionCacheLock();
+    if ((SECSuccess == rv1) && (SECSuccess == rv2)) {
+        return SECSuccess;
+    }
+    return SECFailure;
+}
+
+static SECStatus
+InitSessionCacheLocks(void)
+{
+    SECStatus rv1, rv2;
+    PRErrorCode rc;
+    rv1 = ssl_InitSymWrapKeysLock();
+    rv2 = ssl_InitClientSessionCacheLock();
+    if ((SECSuccess == rv1) && (SECSuccess == rv2)) {
+        return SECSuccess;
+    }
+    rc = PORT_GetError();
+    FreeSessionCacheLocks();
+    PORT_SetError(rc);
+    return SECFailure;
+}
+
+/* free the session cache locks if they were initialized early */
+SECStatus
+ssl_FreeSessionCacheLocks()
+{
+    PORT_Assert(PR_TRUE == LocksInitializedEarly);
+    if (!LocksInitializedEarly) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+    FreeSessionCacheLocks();
+    LocksInitializedEarly = PR_FALSE;
+    return SECSuccess;
+}
+
+static PRCallOnceType lockOnce;
+
+/* free the session cache locks if they were initialized lazily */
+static SECStatus
+ssl_ShutdownLocks(void *appData, void *nssData)
+{
+    PORT_Assert(PR_FALSE == LocksInitializedEarly);
+    if (LocksInitializedEarly) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    FreeSessionCacheLocks();
+    memset(&lockOnce, 0, sizeof(lockOnce));
+    return SECSuccess;
+}
+
+static PRStatus
+initSessionCacheLocksLazily(void)
+{
+    SECStatus rv = InitSessionCacheLocks();
+    if (SECSuccess != rv) {
+        return PR_FAILURE;
+    }
+    rv = NSS_RegisterShutdown(ssl_ShutdownLocks, NULL);
+    PORT_Assert(SECSuccess == rv);
+    if (SECSuccess != rv) {
+        return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+}
+
+/* lazyInit means that the call is not happening during a 1-time
+ * initialization function, but rather during dynamic, lazy initialization
+ */
+SECStatus
+ssl_InitSessionCacheLocks(PRBool lazyInit)
+{
+    if (LocksInitializedEarly) {
+        return SECSuccess;
+    }
+
+    if (lazyInit) {
+        return (PR_SUCCESS ==
+                PR_CallOnce(&lockOnce, initSessionCacheLocksLazily))
+                   ? SECSuccess
+                   : SECFailure;
+    }
+
+    if (SECSuccess == InitSessionCacheLocks()) {
+        LocksInitializedEarly = PR_TRUE;
+        return SECSuccess;
+    }
+
+    return SECFailure;
+}
+
+static void
+lock_cache(void)
+{
+    ssl_InitSessionCacheLocks(PR_TRUE);
+    PZ_Lock(cacheLock);
+}
+
+/* BEWARE: This function gets called for both client and server SIDs !!
+ * If the unreferenced sid is not in the cache, Free sid and its contents.
+ */
+static void
+ssl_DestroySID(sslSessionID *sid)
+{
+    SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
+    PORT_Assert(sid->references == 0);
+    PORT_Assert(sid->cached != in_client_cache);
+
+    if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
+        SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
+                         PR_FALSE);
+    }
+    if (sid->u.ssl3.srvName.data) {
+        SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
+    }
+    if (sid->u.ssl3.signedCertTimestamps.data) {
+        SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
+    }
+
+    if (sid->u.ssl3.lock) {
+        PR_DestroyRWLock(sid->u.ssl3.lock);
+    }
+
+    if (sid->peerID != NULL)
+        PORT_Free((void *)sid->peerID); /* CONST */
+
+    if (sid->urlSvrName != NULL)
+        PORT_Free((void *)sid->urlSvrName); /* CONST */
+
+    if (sid->peerCert) {
+        CERT_DestroyCertificate(sid->peerCert);
+    }
+    if (sid->peerCertStatus.items) {
+        SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
+    }
+
+    if (sid->localCert) {
+        CERT_DestroyCertificate(sid->localCert);
+    }
+
+    SECITEM_FreeItem(&sid->u.ssl3.alpnSelection, PR_FALSE);
+
+    PORT_ZFree(sid, sizeof(sslSessionID));
+}
+
+/* BEWARE: This function gets called for both client and server SIDs !!
+ * Decrement reference count, and
+ *    free sid if ref count is zero, and sid is not in the cache.
+ * Does NOT remove from the cache first.
+ * If the sid is still in the cache, it is left there until next time
+ * the cache list is traversed.
+ */
+static void
+ssl_FreeLockedSID(sslSessionID *sid)
+{
+    PORT_Assert(sid->references >= 1);
+    if (--sid->references == 0) {
+        ssl_DestroySID(sid);
+    }
+}
+
+/* BEWARE: This function gets called for both client and server SIDs !!
+ * Decrement reference count, and
+ *    free sid if ref count is zero, and sid is not in the cache.
+ * Does NOT remove from the cache first.
+ * These locks are necessary because the sid _might_ be in the cache list.
+ */
+void
+ssl_FreeSID(sslSessionID *sid)
+{
+    LOCK_CACHE;
+    ssl_FreeLockedSID(sid);
+    UNLOCK_CACHE;
+}
+
+/************************************************************************/
+
+/*
+**  Lookup sid entry in cache by Address, port, and peerID string.
+**  If found, Increment reference count, and return pointer to caller.
+**  If it has timed out or ref count is zero, remove from list and free it.
+*/
+
+sslSessionID *
+ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port, const char *peerID,
+              const char *urlSvrName)
+{
+    sslSessionID **sidp;
+    sslSessionID *sid;
+    PRUint32 now;
+
+    if (!urlSvrName)
+        return NULL;
+    now = ssl_Time();
+    LOCK_CACHE;
+    sidp = &cache;
+    while ((sid = *sidp) != 0) {
+        PORT_Assert(sid->cached == in_client_cache);
+        PORT_Assert(sid->references >= 1);
+
+        SSL_TRC(8, ("SSL: Lookup1: sid=0x%x", sid));
+
+        if (sid->expirationTime < now) {
+            /*
+            ** This session-id timed out.
+            ** Don't even care who it belongs to, blow it out of our cache.
+            */
+            SSL_TRC(7, ("SSL: lookup1, throwing sid out, age=%d refs=%d",
+                        now - sid->creationTime, sid->references));
+
+            *sidp = sid->next;                                      /* delink it from the list. */
+            sid->cached = invalid_cache;                            /* mark not on list. */
+            ssl_FreeLockedSID(sid);                                 /* drop ref count, free. */
+        } else if (!memcmp(&sid->addr, addr, sizeof(PRIPv6Addr)) && /* server IP addr matches */
+                   (sid->port == port) &&                           /* server port matches */
+                   /* proxy (peerID) matches */
+                   (((peerID == NULL) && (sid->peerID == NULL)) ||
+                    ((peerID != NULL) && (sid->peerID != NULL) &&
+                     PORT_Strcmp(sid->peerID, peerID) == 0)) &&
+                   /* is cacheable */
+                   (sid->u.ssl3.keys.resumable) &&
+                   /* server hostname matches. */
+                   (sid->urlSvrName != NULL) &&
+                   (0 == PORT_Strcmp(urlSvrName, sid->urlSvrName))) {
+            /* Hit */
+            sid->lastAccessTime = now;
+            sid->references++;
+            break;
+        } else {
+            sidp = &sid->next;
+        }
+    }
+    UNLOCK_CACHE;
+    return sid;
+}
+
+/*
+** Add an sid to the cache or return a previously cached entry to the cache.
+** Although this is static, it is called via ss->sec.cache().
+*/
+static void
+CacheSID(sslSessionID *sid)
+{
+    PRUint32 expirationPeriod;
+
+    PORT_Assert(sid->cached == never_cached);
+
+    SSL_TRC(8, ("SSL: Cache: sid=0x%x cached=%d addr=0x%08x%08x%08x%08x port=0x%04x "
+                "time=%x cached=%d",
+                sid, sid->cached, sid->addr.pr_s6_addr32[0],
+                sid->addr.pr_s6_addr32[1], sid->addr.pr_s6_addr32[2],
+                sid->addr.pr_s6_addr32[3], sid->port, sid->creationTime,
+                sid->cached));
+
+    if (!sid->urlSvrName) {
+        /* don't cache this SID because it can never be matched */
+        return;
+    }
+
+    if (sid->u.ssl3.sessionIDLength == 0 &&
+        sid->u.ssl3.locked.sessionTicket.ticket.data == NULL)
+        return;
+
+    /* Client generates the SessionID if this was a stateless resume. */
+    if (sid->u.ssl3.sessionIDLength == 0) {
+        SECStatus rv;
+        rv = PK11_GenerateRandom(sid->u.ssl3.sessionID,
+                                 SSL3_SESSIONID_BYTES);
+        if (rv != SECSuccess)
+            return;
+        sid->u.ssl3.sessionIDLength = SSL3_SESSIONID_BYTES;
+    }
+    expirationPeriod = ssl3_sid_timeout;
+    PRINT_BUF(8, (0, "sessionID:",
+                  sid->u.ssl3.sessionID, sid->u.ssl3.sessionIDLength));
+
+    sid->u.ssl3.lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, NULL);
+    if (!sid->u.ssl3.lock) {
+        return;
+    }
+    PORT_Assert(sid->creationTime != 0 && sid->expirationTime != 0);
+    if (!sid->creationTime)
+        sid->lastAccessTime = sid->creationTime = ssl_Time();
+    if (!sid->expirationTime)
+        sid->expirationTime = sid->creationTime + expirationPeriod;
+
+    /*
+     * Put sid into the cache.  Bump reference count to indicate that
+     * cache is holding a reference. Uncache will reduce the cache
+     * reference.
+     */
+    LOCK_CACHE;
+    sid->references++;
+    sid->cached = in_client_cache;
+    sid->next = cache;
+    cache = sid;
+    UNLOCK_CACHE;
+}
+
+/*
+ * If sid "zap" is in the cache,
+ *    removes sid from cache, and decrements reference count.
+ * Caller must hold cache lock.
+ */
+static void
+UncacheSID(sslSessionID *zap)
+{
+    sslSessionID **sidp = &cache;
+    sslSessionID *sid;
+
+    if (zap->cached != in_client_cache) {
+        return;
+    }
+
+    SSL_TRC(8, ("SSL: Uncache: zap=0x%x cached=%d addr=0x%08x%08x%08x%08x port=0x%04x "
+                "time=%x cipherSuite=%d",
+                zap, zap->cached, zap->addr.pr_s6_addr32[0],
+                zap->addr.pr_s6_addr32[1], zap->addr.pr_s6_addr32[2],
+                zap->addr.pr_s6_addr32[3], zap->port, zap->creationTime,
+                zap->u.ssl3.cipherSuite));
+
+    /* See if it's in the cache, if so nuke it */
+    while ((sid = *sidp) != 0) {
+        if (sid == zap) {
+            /*
+            ** Bingo. Reduce reference count by one so that when
+            ** everyone is done with the sid we can free it up.
+            */
+            *sidp = zap->next;
+            zap->cached = invalid_cache;
+            ssl_FreeLockedSID(zap);
+            return;
+        }
+        sidp = &sid->next;
+    }
+}
+
+/* If sid "zap" is in the cache,
+ *    removes sid from cache, and decrements reference count.
+ * Although this function is static, it is called externally via
+ *    ss->sec.uncache().
+ */
+static void
+LockAndUncacheSID(sslSessionID *zap)
+{
+    LOCK_CACHE;
+    UncacheSID(zap);
+    UNLOCK_CACHE;
+}
+
+/* choose client or server cache functions for this sslsocket. */
+void
+ssl_ChooseSessionIDProcs(sslSecurityInfo *sec)
+{
+    if (sec->isServer) {
+        sec->cache = ssl_sid_cache;
+        sec->uncache = ssl_sid_uncache;
+    } else {
+        sec->cache = CacheSID;
+        sec->uncache = LockAndUncacheSID;
+    }
+}
+
+/* wipe out the entire client session cache. */
+void
+SSL_ClearSessionCache(void)
+{
+    LOCK_CACHE;
+    while (cache != NULL)
+        UncacheSID(cache);
+    UNLOCK_CACHE;
+}
+
+/* returns an unsigned int containing the number of seconds in PR_Now() */
+PRUint32
+ssl_Time(void)
+{
+#ifdef UNSAFE_FUZZER_MODE
+    return 1234;
+#endif
+
+    PRUint32 myTime;
+#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
+    myTime = time(NULL); /* accurate until the year 2038. */
+#else
+    /* portable, but possibly slower */
+    PRTime now;
+    PRInt64 ll;
+
+    now = PR_Now();
+    LL_I2L(ll, 1000000L);
+    LL_DIV(now, now, ll);
+    LL_L2UI(myTime, now);
+#endif
+    return myTime;
+}
+
+PRBool
+ssl_TicketTimeValid(const NewSessionTicket *ticket)
+{
+    PRTime endTime;
+
+    if (ticket->ticket_lifetime_hint == 0) {
+        return PR_TRUE;
+    }
+
+    endTime = ticket->received_timestamp +
+              (PRTime)(ticket->ticket_lifetime_hint * PR_USEC_PER_SEC);
+    return endTime > PR_Now();
+}
+
+void
+ssl3_SetSIDSessionTicket(sslSessionID *sid,
+                         /*in/out*/ NewSessionTicket *newSessionTicket)
+{
+    PORT_Assert(sid);
+    PORT_Assert(newSessionTicket);
+    PORT_Assert(newSessionTicket->ticket.data);
+    PORT_Assert(newSessionTicket->ticket.len != 0);
+
+    /* if sid->u.ssl3.lock, we are updating an existing entry that is already
+     * cached or was once cached, so we need to acquire and release the write
+     * lock. Otherwise, this is a new session that isn't shared with anything
+     * yet, so no locking is needed.
+     */
+    if (sid->u.ssl3.lock) {
+        PR_RWLock_Wlock(sid->u.ssl3.lock);
+        if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
+            SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
+                             PR_FALSE);
+        }
+    }
+
+    PORT_Assert(!sid->u.ssl3.locked.sessionTicket.ticket.data);
+
+    /* Do a shallow copy, moving the ticket data. */
+    sid->u.ssl3.locked.sessionTicket = *newSessionTicket;
+    newSessionTicket->ticket.data = NULL;
+    newSessionTicket->ticket.len = 0;
+
+    if (sid->u.ssl3.lock) {
+        PR_RWLock_Unlock(sid->u.ssl3.lock);
+    }
+}
diff --git a/nss/lib/ssl/sslproto.h b/nss/lib/ssl/sslproto.h
new file mode 100644
index 0000000..70daea0
--- /dev/null
+++ b/nss/lib/ssl/sslproto.h
@@ -0,0 +1,294 @@
+/*
+ * Various and sundry protocol constants. DON'T CHANGE THESE. These values
+ * are mostly defined by the SSL3 or TLS protocol specifications.
+ * Cipher kinds and ciphersuites are part of the public API.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __sslproto_h_
+#define __sslproto_h_
+
+/* clang-format off */
+
+/* All versions less than 3_0 are treated as SSL version 2 */
+#define SSL_LIBRARY_VERSION_2                   0x0002
+#define SSL_LIBRARY_VERSION_3_0                 0x0300
+#define SSL_LIBRARY_VERSION_TLS_1_0             0x0301
+#define SSL_LIBRARY_VERSION_TLS_1_1             0x0302
+#define SSL_LIBRARY_VERSION_TLS_1_2             0x0303
+#define SSL_LIBRARY_VERSION_TLS_1_3             0x0304
+
+/* Note: this is the internal format, not the wire format */
+#define SSL_LIBRARY_VERSION_DTLS_1_0            SSL_LIBRARY_VERSION_TLS_1_1
+#define SSL_LIBRARY_VERSION_DTLS_1_2            SSL_LIBRARY_VERSION_TLS_1_2
+#define SSL_LIBRARY_VERSION_DTLS_1_3            SSL_LIBRARY_VERSION_TLS_1_3
+
+/* deprecated old name */
+#define SSL_LIBRARY_VERSION_3_1_TLS SSL_LIBRARY_VERSION_TLS_1_0
+
+/* The DTLS versions used in the spec */
+#define SSL_LIBRARY_VERSION_DTLS_1_0_WIRE       ((~0x0100) & 0xffff)
+#define SSL_LIBRARY_VERSION_DTLS_1_2_WIRE       ((~0x0102) & 0xffff)
+#define SSL_LIBRARY_VERSION_DTLS_1_3_WIRE       SSL_LIBRARY_VERSION_DTLS_1_3
+
+/* Certificate types */
+#define SSL_CT_X509_CERTIFICATE                 0x01
+#if 0 /* XXX Not implemented yet */
+#define SSL_PKCS6_CERTIFICATE                   0x02
+#endif
+#define SSL_AT_MD5_WITH_RSA_ENCRYPTION          0x01
+
+/* Error codes */
+#define SSL_PE_NO_CYPHERS                       0x0001
+#define SSL_PE_NO_CERTIFICATE                   0x0002
+#define SSL_PE_BAD_CERTIFICATE                  0x0004
+#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE     0x0006
+
+/* Deprecated SSL 3.0 & libssl names replaced by IANA-registered TLS names. */
+#ifndef SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES
+#define SSL_NULL_WITH_NULL_NULL                TLS_NULL_WITH_NULL_NULL
+#define SSL_RSA_WITH_NULL_MD5                  TLS_RSA_WITH_NULL_MD5
+#define SSL_RSA_WITH_NULL_SHA                  TLS_RSA_WITH_NULL_SHA
+#define SSL_RSA_WITH_RC4_128_MD5               TLS_RSA_WITH_RC4_128_MD5
+#define SSL_RSA_WITH_RC4_128_SHA               TLS_RSA_WITH_RC4_128_SHA
+#define SSL_RSA_WITH_IDEA_CBC_SHA              TLS_RSA_WITH_IDEA_CBC_SHA
+#define SSL_RSA_WITH_DES_CBC_SHA               TLS_RSA_WITH_DES_CBC_SHA
+#define SSL_RSA_WITH_3DES_EDE_CBC_SHA          TLS_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_DSS_WITH_DES_CBC_SHA            TLS_DH_DSS_WITH_DES_CBC_SHA
+#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA       TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_RSA_WITH_DES_CBC_SHA            TLS_DH_RSA_WITH_DES_CBC_SHA
+#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA       TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_DSS_WITH_DES_CBC_SHA           TLS_DHE_DSS_WITH_DES_CBC_SHA
+#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
+#define SSL_DHE_RSA_WITH_DES_CBC_SHA           TLS_DHE_RSA_WITH_DES_CBC_SHA
+#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+#define SSL_DH_ANON_WITH_RC4_128_MD5           TLS_DH_anon_WITH_RC4_128_MD5
+#define SSL_DH_ANON_WITH_DES_CBC_SHA           TLS_DH_anon_WITH_DES_CBC_SHA
+#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA      TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+#define TLS_DH_ANON_WITH_AES_128_CBC_SHA       TLS_DH_anon_WITH_AES_128_CBC_SHA
+#define TLS_DH_ANON_WITH_AES_256_CBC_SHA       TLS_DH_anon_WITH_AES_256_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
+#define TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA  TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
+#endif
+
+#define TLS_NULL_WITH_NULL_NULL                 0x0000
+
+#define TLS_RSA_WITH_NULL_MD5                   0x0001
+#define TLS_RSA_WITH_NULL_SHA                   0x0002
+#define TLS_RSA_WITH_RC4_128_MD5                0x0004
+#define TLS_RSA_WITH_RC4_128_SHA                0x0005
+#define TLS_RSA_WITH_IDEA_CBC_SHA               0x0007
+#define TLS_RSA_WITH_DES_CBC_SHA                0x0009
+#define TLS_RSA_WITH_3DES_EDE_CBC_SHA           0x000a
+
+#define TLS_DH_DSS_WITH_DES_CBC_SHA             0x000c
+#define TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        0x000d
+#define TLS_DH_RSA_WITH_DES_CBC_SHA             0x000f
+#define TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        0x0010
+
+#define TLS_DHE_DSS_WITH_DES_CBC_SHA            0x0012
+#define TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       0x0013
+#define TLS_DHE_RSA_WITH_DES_CBC_SHA            0x0015
+#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       0x0016
+
+#define TLS_DH_anon_WITH_RC4_128_MD5            0x0018
+#define TLS_DH_anon_WITH_DES_CBC_SHA            0x001a
+#define TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       0x001b
+
+#define TLS_RSA_WITH_AES_128_CBC_SHA            0x002F
+#define TLS_DH_DSS_WITH_AES_128_CBC_SHA         0x0030
+#define TLS_DH_RSA_WITH_AES_128_CBC_SHA         0x0031
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA        0x0032
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA        0x0033
+#define TLS_DH_anon_WITH_AES_128_CBC_SHA        0x0034
+
+#define TLS_RSA_WITH_AES_256_CBC_SHA            0x0035
+#define TLS_DH_DSS_WITH_AES_256_CBC_SHA         0x0036
+#define TLS_DH_RSA_WITH_AES_256_CBC_SHA         0x0037
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA        0x0038
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA        0x0039
+#define TLS_DH_anon_WITH_AES_256_CBC_SHA        0x003A
+#define TLS_RSA_WITH_NULL_SHA256                0x003B
+#define TLS_RSA_WITH_AES_128_CBC_SHA256         0x003C
+#define TLS_RSA_WITH_AES_256_CBC_SHA256         0x003D
+
+#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256     0x0040
+#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA       0x0041
+#define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA    0x0042
+#define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA    0x0043
+#define TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA   0x0044
+#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA   0x0045
+#define TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA   0x0046
+
+#define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
+#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256     0x0067
+#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256     0x006A
+#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256     0x006B
+
+#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA       0x0084
+#define TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA    0x0085
+#define TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA    0x0086
+#define TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA   0x0087
+#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA   0x0088
+#define TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA   0x0089
+
+#define TLS_RSA_WITH_SEED_CBC_SHA               0x0096
+
+#define TLS_RSA_WITH_AES_128_GCM_SHA256         0x009C
+#define TLS_RSA_WITH_AES_256_GCM_SHA384         0x009D
+#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256     0x009E
+#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384     0x009F
+#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256     0x00A2
+#define TLS_DHE_DSS_WITH_AES_256_GCM_SHA384     0x00A3
+
+/* TLS "Signaling Cipher Suite Value" (SCSV). May be requested by client.
+ * Must NEVER be chosen by server.  SSL 3.0 server acknowledges by sending
+ * back an empty Renegotiation Info (RI) server hello extension.
+ */
+#define TLS_EMPTY_RENEGOTIATION_INFO_SCSV       0x00FF
+
+/* TLS_FALLBACK_SCSV is a signaling cipher suite value that indicates that a
+ * handshake is the result of TLS version fallback.
+ */
+#define TLS_FALLBACK_SCSV                       0x5600
+
+/* Cipher Suite Values starting with 0xC000 are defined in informational
+ * RFCs.
+ */
+#define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001
+#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002
+#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003
+#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA     0xC004
+#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA     0xC005
+
+#define TLS_ECDHE_ECDSA_WITH_NULL_SHA           0xC006
+#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        0xC007
+#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   0xC008
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    0xC009
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    0xC00A
+
+#define TLS_ECDH_RSA_WITH_NULL_SHA              0xC00B
+#define TLS_ECDH_RSA_WITH_RC4_128_SHA           0xC00C
+#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA      0xC00D
+#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA       0xC00E
+#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA       0xC00F
+
+#define TLS_ECDHE_RSA_WITH_NULL_SHA             0xC010
+#define TLS_ECDHE_RSA_WITH_RC4_128_SHA          0xC011
+#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     0xC012
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      0xC013
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      0xC014
+
+#define TLS_ECDH_anon_WITH_NULL_SHA             0xC015
+#define TLS_ECDH_anon_WITH_RC4_128_SHA          0xC016
+#define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017
+#define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018
+#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
+
+#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
+#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
+#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027
+#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   0xC028
+
+#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
+#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
+#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D
+#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
+#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   0xC030
+#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031
+
+/* draft-ietf-tls-chacha20-poly1305-04 */
+#define TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   0xCCA8
+#define TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
+#define TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     0xCCAA
+
+/* Special TLS 1.3 cipher suites that really just specify AEAD */
+#define TLS_AES_128_GCM_SHA256                0x1301
+#define TLS_AES_256_GCM_SHA384                0x1302
+#define TLS_CHACHA20_POLY1305_SHA256          0x1303
+
+/* PSK cipher suites. NSS doesn't actually support these, but we
+ * exposed them when TLS 1.3 used them so we need to keep them
+ * in the API. */
+#define TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   0xCCAC
+#define TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAD
+#define TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256   0xD001
+#define TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384   0xD002
+#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256     0x00AA /* RFC 5487 */
+#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384     0x00AB /* RFC 5487 */
+
+/* DTLS-SRTP cipher suites from RFC 5764 */
+/* If you modify this, also modify MAX_DTLS_SRTP_CIPHER_SUITES in sslimpl.h */
+#define SRTP_AES128_CM_HMAC_SHA1_80             0x0001
+#define SRTP_AES128_CM_HMAC_SHA1_32             0x0002
+#define SRTP_NULL_HMAC_SHA1_80                  0x0005
+#define SRTP_NULL_HMAC_SHA1_32                  0x0006
+
+/* DO NOT USE. (deprecated, will be removed) */
+#define SSL_HL_ERROR_HBYTES                     3
+#define SSL_HL_CLIENT_HELLO_HBYTES              9
+#define SSL_HL_CLIENT_MASTER_KEY_HBYTES         10
+#define SSL_HL_CLIENT_FINISHED_HBYTES           1
+#define SSL_HL_SERVER_HELLO_HBYTES              11
+#define SSL_HL_SERVER_VERIFY_HBYTES             1
+#define SSL_HL_SERVER_FINISHED_HBYTES           1
+#define SSL_HL_REQUEST_CERTIFICATE_HBYTES       2
+#define SSL_HL_CLIENT_CERTIFICATE_HBYTES        6
+#define SSL_MT_ERROR                            0
+#define SSL_MT_CLIENT_HELLO                     1
+#define SSL_MT_CLIENT_MASTER_KEY                2
+#define SSL_MT_CLIENT_FINISHED                  3
+#define SSL_MT_SERVER_HELLO                     4
+#define SSL_MT_SERVER_VERIFY                    5
+#define SSL_MT_SERVER_FINISHED                  6
+#define SSL_MT_REQUEST_CERTIFICATE              7
+#define SSL_MT_CLIENT_CERTIFICATE               8
+#define SSL_CK_RC4_128_WITH_MD5                 0x01
+#define SSL_CK_RC4_128_EXPORT40_WITH_MD5        0x02
+#define SSL_CK_RC2_128_CBC_WITH_MD5             0x03
+#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    0x04
+#define SSL_CK_IDEA_128_CBC_WITH_MD5            0x05
+#define SSL_CK_DES_64_CBC_WITH_MD5              0x06
+#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5        0x07
+#define SSL_EN_RC4_128_WITH_MD5                 0xFF01
+#define SSL_EN_RC4_128_EXPORT40_WITH_MD5        0xFF02
+#define SSL_EN_RC2_128_CBC_WITH_MD5             0xFF03
+#define SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5    0xFF04
+#define SSL_EN_IDEA_128_CBC_WITH_MD5            0xFF05
+#define SSL_EN_DES_64_CBC_WITH_MD5              0xFF06
+#define SSL_EN_DES_192_EDE3_CBC_WITH_MD5        0xFF07
+#define TLS_RSA_EXPORT_WITH_RC4_40_MD5          0x0003
+#define TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      0x0006
+#define TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       0x0008
+#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     0x0062
+#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      0x0064
+#define TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   0x0014
+#define TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    0x000e
+#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x0063
+#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
+#define TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    0x000b
+#define TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   0x0011
+#define TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      0x0017
+#define TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   0x0019
+#define SSL_FORTEZZA_DMS_WITH_NULL_SHA          0x001c
+#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA  0x001d
+#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA       0x001e
+#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA   0xffe0
+#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA        0xffe1
+#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA      0xfeff
+#define SSL_RSA_FIPS_WITH_DES_CBC_SHA           0xfefe
+#define SSL_RSA_EXPORT_WITH_RC4_40_MD5         TLS_RSA_EXPORT_WITH_RC4_40_MD5
+#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
+#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA      TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
+#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
+
+/* clang-format on */
+
+#endif /* __sslproto_h_ */
diff --git a/nss/lib/ssl/sslreveal.c b/nss/lib/ssl/sslreveal.c
new file mode 100644
index 0000000..4c124a1
--- /dev/null
+++ b/nss/lib/ssl/sslreveal.c
@@ -0,0 +1,110 @@
+/*
+ * Accessor functions for SSLSocket private members.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "cert.h"
+#include "ssl.h"
+#include "certt.h"
+#include "sslimpl.h"
+
+/* given PRFileDesc, returns a copy of certificate associated with the socket
+ * the caller should delete the cert when done with SSL_DestroyCertificate
+ */
+CERTCertificate *
+SSL_RevealCert(PRFileDesc *fd)
+{
+    CERTCertificate *cert = NULL;
+    sslSocket *sslsocket = NULL;
+
+    sslsocket = ssl_FindSocket(fd);
+
+    /* CERT_DupCertificate increases reference count and returns pointer to
+     * the same cert
+     */
+    if (sslsocket && sslsocket->sec.peerCert)
+        cert = CERT_DupCertificate(sslsocket->sec.peerCert);
+
+    return cert;
+}
+
+/* given PRFileDesc, returns a pointer to PinArg associated with the socket
+ */
+void *
+SSL_RevealPinArg(PRFileDesc *fd)
+{
+    sslSocket *sslsocket = NULL;
+    void *PinArg = NULL;
+
+    sslsocket = ssl_FindSocket(fd);
+
+    /* is pkcs11PinArg part of the sslSocket or sslSecurityInfo ? */
+    if (sslsocket)
+        PinArg = sslsocket->pkcs11PinArg;
+
+    return PinArg;
+}
+
+/* given PRFileDesc, returns a pointer to the URL associated with the socket
+ * the caller should free url when done
+ */
+char *
+SSL_RevealURL(PRFileDesc *fd)
+{
+    sslSocket *sslsocket = NULL;
+    char *url = NULL;
+
+    sslsocket = ssl_FindSocket(fd);
+
+    if (sslsocket && sslsocket->url)
+        url = PL_strdup(sslsocket->url);
+
+    return url;
+}
+
+/* given PRFileDesc, returns status information related to extensions
+ * negotiated with peer during the handshake.
+ */
+
+SECStatus
+SSL_HandshakeNegotiatedExtension(PRFileDesc *socket,
+                                 SSLExtensionType extId,
+                                 PRBool *pYes)
+{
+    /* some decisions derived from SSL_GetChannelInfo */
+    sslSocket *sslsocket = NULL;
+
+    if (!pYes) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    sslsocket = ssl_FindSocket(socket);
+    if (!sslsocket) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
+                 SSL_GETPID(), socket));
+        return SECFailure;
+    }
+
+    *pYes = PR_FALSE;
+
+    /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
+    if (sslsocket->opt.useSecurity) {
+        if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
+            /* now we know this socket went through ssl3_InitState() and
+             * ss->xtnData got initialized, which is the only member accessed by
+             * ssl3_ExtensionNegotiated();
+             * Member xtnData appears to get accessed in functions that handle
+             * the handshake (hello messages and extension sending),
+             * therefore the handshake lock should be sufficient.
+             */
+            ssl_GetSSL3HandshakeLock(sslsocket);
+            *pYes = ssl3_ExtensionNegotiated(sslsocket, extId);
+            ssl_ReleaseSSL3HandshakeLock(sslsocket);
+        }
+    }
+
+    return SECSuccess;
+}
diff --git a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
new file mode 100644
index 0000000..5a02635
--- /dev/null
+++ b/nss/lib/ssl/sslsecur.c
@@ -0,0 +1,1271 @@
+/*
+ * Various SSL functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "cert.h"
+#include "secitem.h"
+#include "keyhi.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "secoid.h"   /* for SECOID_GetALgorithmTag */
+#include "pk11func.h" /* for PK11_GenerateRandom */
+#include "nss.h"      /* for NSS_RegisterShutdown */
+#include "prinit.h"   /* for PR_CallOnceWithArg */
+
+/* Returns a SECStatus: SECSuccess or SECFailure, NOT SECWouldBlock.
+ *
+ * Currently, the list of functions called through ss->handshake is:
+ *
+ * In sslsocks.c:
+ *  SocksGatherRecord
+ *  SocksHandleReply
+ *  SocksStartGather
+ *
+ * In sslcon.c:
+ *  ssl_GatherRecord1stHandshake
+ *  ssl_BeginClientHandshake
+ *  ssl_BeginServerHandshake
+ *
+ * The ss->handshake function returns SECWouldBlock if it was returned by
+ *  one of the callback functions, via one of these paths:
+ *
+ * -    ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
+ *  ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
+ *  ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificate() ->
+ *  ss->handleBadCert()
+ *
+ * -    ssl_GatherRecord1stHandshake() -> ssl3_GatherCompleteHandshake() ->
+ *  ssl3_HandleRecord() -> ssl3_HandleHandshake() ->
+ *  ssl3_HandleHandshakeMessage() -> ssl3_HandleCertificateRequest() ->
+ *  ss->getClientAuthData()
+ *
+ * Called from: SSL_ForceHandshake  (below),
+ *              ssl_SecureRecv      (below) and
+ *              ssl_SecureSend      (below)
+ *    from: WaitForResponse     in sslsocks.c
+ *          ssl_SocksRecv       in sslsocks.c
+ *              ssl_SocksSend       in sslsocks.c
+ *
+ * Caller must hold the (write) handshakeLock.
+ */
+int
+ssl_Do1stHandshake(sslSocket *ss)
+{
+    int rv = SECSuccess;
+
+    while (ss->handshake && rv == SECSuccess) {
+        PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+        PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss));
+        PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss));
+        PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss));
+
+        rv = (*ss->handshake)(ss);
+    };
+
+    PORT_Assert(ss->opt.noLocks || !ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || !ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || !ssl_HaveSSL3HandshakeLock(ss));
+
+    if (rv == SECWouldBlock) {
+        PORT_SetError(PR_WOULD_BLOCK_ERROR);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+void
+ssl_FinishHandshake(sslSocket *ss)
+{
+    PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+
+    SSL_TRC(3, ("%d: SSL[%d]: handshake is completed", SSL_GETPID(), ss->fd));
+
+    ss->firstHsDone = PR_TRUE;
+    ss->enoughFirstHsDone = PR_TRUE;
+    ss->gs.writeOffset = 0;
+    ss->gs.readOffset = 0;
+
+    if (ss->handshakeCallback) {
+        PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) ==
+                    ssl_preinfo_all);
+        (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData);
+    }
+
+    ssl_FreeEphemeralKeyPairs(ss);
+}
+
+/*
+ * Handshake function that blocks.  Used to force a
+ * retry on a connection on the next read/write.
+ */
+static SECStatus
+ssl3_AlwaysBlock(sslSocket *ss)
+{
+    PORT_SetError(PR_WOULD_BLOCK_ERROR); /* perhaps redundant. */
+    return SECWouldBlock;
+}
+
+/*
+ * set the initial handshake state machine to block
+ */
+void
+ssl3_SetAlwaysBlock(sslSocket *ss)
+{
+    if (!ss->firstHsDone) {
+        ss->handshake = ssl3_AlwaysBlock;
+    }
+}
+
+static SECStatus
+ssl_SetTimeout(PRFileDesc *fd, PRIntervalTime timeout)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SetTimeout", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+    SSL_LOCK_READER(ss);
+    ss->rTimeout = timeout;
+    if (ss->opt.fdx) {
+        SSL_LOCK_WRITER(ss);
+    }
+    ss->wTimeout = timeout;
+    if (ss->opt.fdx) {
+        SSL_UNLOCK_WRITER(ss);
+    }
+    SSL_UNLOCK_READER(ss);
+    return SECSuccess;
+}
+
+/* Acquires and releases HandshakeLock.
+*/
+SECStatus
+SSL_ResetHandshake(PRFileDesc *s, PRBool asServer)
+{
+    sslSocket *ss;
+    SECStatus status;
+    PRNetAddr addr;
+
+    ss = ssl_FindSocket(s);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in ResetHandshake", SSL_GETPID(), s));
+        return SECFailure;
+    }
+
+    /* Don't waste my time */
+    if (!ss->opt.useSecurity)
+        return SECSuccess;
+
+    SSL_LOCK_READER(ss);
+    SSL_LOCK_WRITER(ss);
+
+    /* Reset handshake state */
+    ssl_Get1stHandshakeLock(ss);
+
+    ss->firstHsDone = PR_FALSE;
+    ss->enoughFirstHsDone = PR_FALSE;
+    if (asServer) {
+        ss->handshake = ssl_BeginServerHandshake;
+        ss->handshaking = sslHandshakingAsServer;
+    } else {
+        ss->handshake = ssl_BeginClientHandshake;
+        ss->handshaking = sslHandshakingAsClient;
+    }
+
+    ssl_GetRecvBufLock(ss);
+    status = ssl3_InitGather(&ss->gs);
+    ssl_ReleaseRecvBufLock(ss);
+    if (status != SECSuccess)
+        goto loser;
+
+    ssl_GetSSL3HandshakeLock(ss);
+    ss->ssl3.hs.canFalseStart = PR_FALSE;
+    ss->ssl3.hs.restartTarget = NULL;
+
+    /*
+    ** Blow away old security state and get a fresh setup.
+    */
+    ssl_GetXmitBufLock(ss);
+    ssl_ResetSecurityInfo(&ss->sec, PR_TRUE);
+    status = ssl_CreateSecurityInfo(ss);
+    ssl_ReleaseXmitBufLock(ss);
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
+    ssl3_ResetExtensionData(&ss->xtnData);
+
+    if (!ss->TCPconnected)
+        ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
+
+loser:
+    SSL_UNLOCK_WRITER(ss);
+    SSL_UNLOCK_READER(ss);
+
+    return status;
+}
+
+/* For SSLv2, does nothing but return an error.
+** For SSLv3, flushes SID cache entry (if requested),
+** and then starts new client hello or hello request.
+** Acquires and releases HandshakeLock.
+*/
+SECStatus
+SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache)
+{
+    sslSocket *ss;
+    SECStatus rv;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in RedoHandshake", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!ss->opt.useSecurity)
+        return SECSuccess;
+
+    ssl_Get1stHandshakeLock(ss);
+
+    ssl_GetSSL3HandshakeLock(ss);
+    rv = ssl3_RedoHandshake(ss, flushCache); /* force full handshake. */
+    ssl_ReleaseSSL3HandshakeLock(ss);
+
+    ssl_Release1stHandshakeLock(ss);
+
+    return rv;
+}
+
+/*
+** Same as above, but with an I/O timeout.
+ */
+SSL_IMPORT SECStatus
+SSL_ReHandshakeWithTimeout(PRFileDesc *fd,
+                           PRBool flushCache,
+                           PRIntervalTime timeout)
+{
+    if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
+        return SECFailure;
+    }
+    return SSL_ReHandshake(fd, flushCache);
+}
+
+SECStatus
+SSL_RedoHandshake(PRFileDesc *fd)
+{
+    return SSL_ReHandshake(fd, PR_TRUE);
+}
+
+/* Register an application callback to be called when SSL handshake completes.
+** Acquires and releases HandshakeLock.
+*/
+SECStatus
+SSL_HandshakeCallback(PRFileDesc *fd, SSLHandshakeCallback cb,
+                      void *client_data)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!ss->opt.useSecurity) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    ss->handshakeCallback = cb;
+    ss->handshakeCallbackData = client_data;
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    return SECSuccess;
+}
+
+/* Register an application callback to be called when false start may happen.
+** Acquires and releases HandshakeLock.
+*/
+SECStatus
+SSL_SetCanFalseStartCallback(PRFileDesc *fd, SSLCanFalseStartCallback cb,
+                             void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCanFalseStartCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!ss->opt.useSecurity) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    ss->canFalseStartCallback = cb;
+    ss->canFalseStartCallbackData = arg;
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_RecommendedCanFalseStart(PRFileDesc *fd, PRBool *canFalseStart)
+{
+    sslSocket *ss;
+
+    *canFalseStart = PR_FALSE;
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_RecommendedCanFalseStart",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!ss->ssl3.initialized) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* Require a forward-secret key exchange. */
+    *canFalseStart = ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
+                     ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
+                     ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
+                     ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa;
+
+    return SECSuccess;
+}
+
+/* Try to make progress on an SSL handshake by attempting to read the
+** next handshake from the peer, and sending any responses.
+** For non-blocking sockets, returns PR_ERROR_WOULD_BLOCK  if it cannot
+** read the next handshake from the underlying socket.
+** Returns when handshake is complete, or application data has
+** arrived that must be taken by application before handshake can continue,
+** or a fatal error occurs.
+** Application should use handshake completion callback to tell which.
+*/
+SECStatus
+SSL_ForceHandshake(PRFileDesc *fd)
+{
+    sslSocket *ss;
+    SECStatus rv = SECFailure;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in ForceHandshake",
+                 SSL_GETPID(), fd));
+        return rv;
+    }
+
+    /* Don't waste my time */
+    if (!ss->opt.useSecurity)
+        return SECSuccess;
+
+    if (!ssl_SocketIsBlocking(ss)) {
+        ssl_GetXmitBufLock(ss);
+        if (ss->pendingBuf.len != 0) {
+            int sent = ssl_SendSavedWriteData(ss);
+            if ((sent < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
+                ssl_ReleaseXmitBufLock(ss);
+                return SECFailure;
+            }
+        }
+        ssl_ReleaseXmitBufLock(ss);
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+
+    if (ss->version >= SSL_LIBRARY_VERSION_3_0) {
+        int gatherResult;
+
+        ssl_GetRecvBufLock(ss);
+        gatherResult = ssl3_GatherCompleteHandshake(ss, 0);
+        ssl_ReleaseRecvBufLock(ss);
+        if (gatherResult > 0) {
+            rv = SECSuccess;
+        } else if (gatherResult == 0) {
+            PORT_SetError(PR_END_OF_FILE_ERROR);
+        } else if (gatherResult == SECWouldBlock) {
+            PORT_SetError(PR_WOULD_BLOCK_ERROR);
+        }
+    } else {
+        PORT_Assert(!ss->firstHsDone);
+        rv = ssl_Do1stHandshake(ss);
+    }
+
+    ssl_Release1stHandshakeLock(ss);
+
+    return rv;
+}
+
+/*
+ ** Same as above, but with an I/O timeout.
+ */
+SSL_IMPORT SECStatus
+SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
+                              PRIntervalTime timeout)
+{
+    if (SECSuccess != ssl_SetTimeout(fd, timeout)) {
+        return SECFailure;
+    }
+    return SSL_ForceHandshake(fd);
+}
+
+/************************************************************************/
+
+/*
+** Grow a buffer to hold newLen bytes of data.
+** Called for both recv buffers and xmit buffers.
+** Caller must hold xmitBufLock or recvBufLock, as appropriate.
+*/
+SECStatus
+sslBuffer_Grow(sslBuffer *b, unsigned int newLen)
+{
+    newLen = PR_MAX(newLen, MAX_FRAGMENT_LENGTH + 2048);
+    if (newLen > b->space) {
+        unsigned char *newBuf;
+        if (b->buf) {
+            newBuf = (unsigned char *)PORT_Realloc(b->buf, newLen);
+        } else {
+            newBuf = (unsigned char *)PORT_Alloc(newLen);
+        }
+        if (!newBuf) {
+            return SECFailure;
+        }
+        SSL_TRC(10, ("%d: SSL: grow buffer from %d to %d",
+                     SSL_GETPID(), b->space, newLen));
+        b->buf = newBuf;
+        b->space = newLen;
+    }
+    return SECSuccess;
+}
+
+SECStatus
+sslBuffer_Append(sslBuffer *b, const void *data, unsigned int len)
+{
+    unsigned int newLen = b->len + len;
+    SECStatus rv;
+
+    rv = sslBuffer_Grow(b, newLen);
+    if (rv != SECSuccess)
+        return rv;
+    PORT_Memcpy(b->buf + b->len, data, len);
+    b->len += len;
+    return SECSuccess;
+}
+
+void
+sslBuffer_Clear(sslBuffer *b)
+{
+    if (b->len > 0) {
+        PORT_Free(b->buf);
+        b->buf = NULL;
+        b->len = 0;
+        b->space = 0;
+    }
+}
+
+/*
+** Save away write data that is trying to be written before the security
+** handshake has been completed. When the handshake is completed, we will
+** flush this data out.
+** Caller must hold xmitBufLock
+*/
+SECStatus
+ssl_SaveWriteData(sslSocket *ss, const void *data, unsigned int len)
+{
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    rv = sslBuffer_Append(&ss->pendingBuf, data, len);
+    SSL_TRC(5, ("%d: SSL[%d]: saving %u bytes of data (%u total saved so far)",
+                SSL_GETPID(), ss->fd, len, ss->pendingBuf.len));
+    return rv;
+}
+
+/*
+** Send saved write data. This will flush out data sent prior to a
+** complete security handshake. Hopefully there won't be too much of it.
+** Returns count of the bytes sent, NOT a SECStatus.
+** Caller must hold xmitBufLock
+*/
+int
+ssl_SendSavedWriteData(sslSocket *ss)
+{
+    int rv = 0;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    if (ss->pendingBuf.len != 0) {
+        SSL_TRC(5, ("%d: SSL[%d]: sending %d bytes of saved data",
+                    SSL_GETPID(), ss->fd, ss->pendingBuf.len));
+        rv = ssl_DefSend(ss, ss->pendingBuf.buf, ss->pendingBuf.len, 0);
+        if (rv < 0) {
+            return rv;
+        }
+        ss->pendingBuf.len -= rv;
+        if (ss->pendingBuf.len > 0 && rv > 0) {
+            /* UGH !! This shifts the whole buffer down by copying it */
+            PORT_Memmove(ss->pendingBuf.buf, ss->pendingBuf.buf + rv,
+                         ss->pendingBuf.len);
+        }
+    }
+    return rv;
+}
+
+/************************************************************************/
+
+/*
+** Receive some application data on a socket.  Reads SSL records from the input
+** stream, decrypts them and then copies them to the output buffer.
+** Called from ssl_SecureRecv() below.
+**
+** Caller does NOT hold 1stHandshakeLock because that handshake is over.
+** Caller doesn't call this until initial handshake is complete.
+** The call to ssl3_GatherAppDataRecord may encounter handshake
+** messages from a subsequent handshake.
+**
+** This code is similar to, and easily confused with,
+**   ssl_GatherRecord1stHandshake() in sslcon.c
+*/
+static int
+DoRecv(sslSocket *ss, unsigned char *out, int len, int flags)
+{
+    int rv;
+    int amount;
+    int available;
+
+    /* ssl3_GatherAppDataRecord may call ssl_FinishHandshake, which needs the
+     * 1stHandshakeLock. */
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetRecvBufLock(ss);
+
+    available = ss->gs.writeOffset - ss->gs.readOffset;
+    if (available == 0) {
+        /* Wait for application data to arrive.  */
+        rv = ssl3_GatherAppDataRecord(ss, 0);
+        if (rv <= 0) {
+            if (rv == 0) {
+                /* EOF */
+                SSL_TRC(10, ("%d: SSL[%d]: ssl_recv EOF",
+                             SSL_GETPID(), ss->fd));
+                goto done;
+            }
+            if ((rv != SECWouldBlock) &&
+                (PR_GetError() != PR_WOULD_BLOCK_ERROR)) {
+                /* Some random error */
+                goto done;
+            }
+
+            /*
+            ** Gather record is blocked waiting for more record data to
+            ** arrive. Try to process what we have already received
+            */
+        } else {
+            /* Gather record has finished getting a complete record */
+        }
+
+        /* See if any clear data is now available */
+        available = ss->gs.writeOffset - ss->gs.readOffset;
+        if (available == 0) {
+            /*
+            ** No partial data is available. Force error code to
+            ** EWOULDBLOCK so that caller will try again later. Note
+            ** that the error code is probably EWOULDBLOCK already,
+            ** but if it isn't (for example, if we received a zero
+            ** length record) then this will force it to be correct.
+            */
+            PORT_SetError(PR_WOULD_BLOCK_ERROR);
+            rv = SECFailure;
+            goto done;
+        }
+        SSL_TRC(30, ("%d: SSL[%d]: partial data ready, available=%d",
+                     SSL_GETPID(), ss->fd, available));
+    }
+
+    if (IS_DTLS(ss) && (len < available)) {
+        /* DTLS does not allow you to do partial reads */
+        SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d",
+                     SSL_GETPID(), ss->fd, len, available));
+        ss->gs.readOffset += available;
+        PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ);
+        rv = SECFailure;
+        goto done;
+    }
+
+    /* Dole out clear data to reader */
+    amount = PR_MIN(len, available);
+    PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount);
+    if (!(flags & PR_MSG_PEEK)) {
+        ss->gs.readOffset += amount;
+    }
+    PORT_Assert(ss->gs.readOffset <= ss->gs.writeOffset);
+    rv = amount;
+
+    SSL_TRC(30, ("%d: SSL[%d]: amount=%d available=%d",
+                 SSL_GETPID(), ss->fd, amount, available));
+    PRINT_BUF(4, (ss, "DoRecv receiving plaintext:", out, amount));
+
+done:
+    ssl_ReleaseRecvBufLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+    return rv;
+}
+
+/************************************************************************/
+
+SECStatus
+ssl_CreateSecurityInfo(sslSocket *ss)
+{
+    SECStatus status;
+
+    ssl_GetXmitBufLock(ss);
+    status = sslBuffer_Grow(&ss->sec.writeBuf, 4096);
+    ssl_ReleaseXmitBufLock(ss);
+
+    return status;
+}
+
+SECStatus
+ssl_CopySecurityInfo(sslSocket *ss, sslSocket *os)
+{
+    ss->sec.isServer = os->sec.isServer;
+
+    ss->sec.peerCert = CERT_DupCertificate(os->sec.peerCert);
+    if (os->sec.peerCert && !ss->sec.peerCert)
+        goto loser;
+
+    ss->sec.cache = os->sec.cache;
+    ss->sec.uncache = os->sec.uncache;
+
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+
+/* Reset sec back to its initial state.
+** Caller holds any relevant locks.
+*/
+void
+ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
+{
+    if (sec->localCert) {
+        CERT_DestroyCertificate(sec->localCert);
+        sec->localCert = NULL;
+    }
+    if (sec->peerCert) {
+        CERT_DestroyCertificate(sec->peerCert);
+        sec->peerCert = NULL;
+    }
+    if (sec->peerKey) {
+        SECKEY_DestroyPublicKey(sec->peerKey);
+        sec->peerKey = NULL;
+    }
+
+    /* cleanup the ci */
+    if (sec->ci.sid != NULL) {
+        ssl_FreeSID(sec->ci.sid);
+    }
+    PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
+    if (doMemset) {
+        memset(&sec->ci, 0, sizeof sec->ci);
+    }
+}
+
+/*
+** Called from SSL_ResetHandshake (above), and
+**        from ssl_FreeSocket     in sslsock.c
+** Caller should hold relevant locks (e.g. XmitBufLock)
+*/
+void
+ssl_DestroySecurityInfo(sslSecurityInfo *sec)
+{
+    ssl_ResetSecurityInfo(sec, PR_FALSE);
+
+    PORT_ZFree(sec->writeBuf.buf, sec->writeBuf.space);
+    sec->writeBuf.buf = 0;
+
+    memset(sec, 0, sizeof *sec);
+}
+
+/************************************************************************/
+
+int
+ssl_SecureConnect(sslSocket *ss, const PRNetAddr *sa)
+{
+    PRFileDesc *osfd = ss->fd->lower;
+    int rv;
+
+    if (ss->opt.handshakeAsServer) {
+        ss->handshake = ssl_BeginServerHandshake;
+        ss->handshaking = sslHandshakingAsServer;
+    } else {
+        ss->handshake = ssl_BeginClientHandshake;
+        ss->handshaking = sslHandshakingAsClient;
+    }
+
+    /* connect to server */
+    rv = osfd->methods->connect(osfd, sa, ss->cTimeout);
+    if (rv == PR_SUCCESS) {
+        ss->TCPconnected = 1;
+    } else {
+        int err = PR_GetError();
+        SSL_DBG(("%d: SSL[%d]: connect failed, errno=%d",
+                 SSL_GETPID(), ss->fd, err));
+        if (err == PR_IS_CONNECTED_ERROR) {
+            ss->TCPconnected = 1;
+        }
+    }
+
+    SSL_TRC(5, ("%d: SSL[%d]: secure connect completed, rv == %d",
+                SSL_GETPID(), ss->fd, rv));
+    return rv;
+}
+
+/*
+ * The TLS 1.2 RFC 5246, Section 7.2.1 says:
+ *
+ *     Unless some other fatal alert has been transmitted, each party is
+ *     required to send a close_notify alert before closing the write side
+ *     of the connection.  The other party MUST respond with a close_notify
+ *     alert of its own and close down the connection immediately,
+ *     discarding any pending writes.  It is not required for the initiator
+ *     of the close to wait for the responding close_notify alert before
+ *     closing the read side of the connection.
+ *
+ * The second sentence requires that we send a close_notify alert when we
+ * have received a close_notify alert.  In practice, all SSL implementations
+ * close the socket immediately after sending a close_notify alert (which is
+ * allowed by the third sentence), so responding with a close_notify alert
+ * would result in a write failure with the ECONNRESET error.  This is why
+ * we don't respond with a close_notify alert.
+ *
+ * Also, in the unlikely event that the TCP pipe is full and the peer stops
+ * reading, the SSL3_SendAlert call in ssl_SecureClose and ssl_SecureShutdown
+ * may block indefinitely in blocking mode, and may fail (without retrying)
+ * in non-blocking mode.
+ */
+
+int
+ssl_SecureClose(sslSocket *ss)
+{
+    int rv;
+
+    if (!(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
+        ss->firstHsDone &&
+        !ss->recvdCloseNotify &&
+        ss->ssl3.initialized) {
+
+        /* We don't want the final alert to be Nagle delayed. */
+        if (!ss->delayDisabled) {
+            ssl_EnableNagleDelay(ss, PR_FALSE);
+            ss->delayDisabled = 1;
+        }
+
+        (void)SSL3_SendAlert(ss, alert_warning, close_notify);
+    }
+    rv = ssl_DefClose(ss);
+    return rv;
+}
+
+/* Caller handles all locking */
+int
+ssl_SecureShutdown(sslSocket *ss, int nsprHow)
+{
+    PRFileDesc *osfd = ss->fd->lower;
+    int rv;
+    PRIntn sslHow = nsprHow + 1;
+
+    if ((unsigned)nsprHow > PR_SHUTDOWN_BOTH) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return PR_FAILURE;
+    }
+
+    if ((sslHow & ssl_SHUTDOWN_SEND) != 0 &&
+        !(ss->shutdownHow & ssl_SHUTDOWN_SEND) &&
+        ss->firstHsDone &&
+        !ss->recvdCloseNotify &&
+        ss->ssl3.initialized) {
+
+        (void)SSL3_SendAlert(ss, alert_warning, close_notify);
+    }
+
+    rv = osfd->methods->shutdown(osfd, nsprHow);
+
+    ss->shutdownHow |= sslHow;
+
+    return rv;
+}
+
+/************************************************************************/
+
+int
+ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
+{
+    int rv = 0;
+
+    if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
+        PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
+        return PR_FAILURE;
+    }
+    if (flags & ~PR_MSG_PEEK) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return PR_FAILURE;
+    }
+
+    if (!ssl_SocketIsBlocking(ss) && !ss->opt.fdx) {
+        ssl_GetXmitBufLock(ss);
+        if (ss->pendingBuf.len != 0) {
+            rv = ssl_SendSavedWriteData(ss);
+            if ((rv < 0) && (PORT_GetError() != PR_WOULD_BLOCK_ERROR)) {
+                ssl_ReleaseXmitBufLock(ss);
+                return SECFailure;
+            }
+        }
+        ssl_ReleaseXmitBufLock(ss);
+    }
+
+    rv = 0;
+    if (!PR_CLIST_IS_EMPTY(&ss->ssl3.hs.bufferedEarlyData)) {
+        PORT_Assert(ss->version >= SSL_LIBRARY_VERSION_TLS_1_3);
+        return tls13_Read0RttData(ss, buf, len);
+    }
+
+    /* If any of these is non-zero, the initial handshake is not done. */
+    if (!ss->firstHsDone) {
+        ssl_Get1stHandshakeLock(ss);
+        if (ss->handshake) {
+            rv = ssl_Do1stHandshake(ss);
+        }
+        ssl_Release1stHandshakeLock(ss);
+    }
+    if (rv < 0) {
+        return rv;
+    }
+
+    if (len == 0)
+        return 0;
+
+    rv = DoRecv(ss, (unsigned char *)buf, len, flags);
+    SSL_TRC(2, ("%d: SSL[%d]: recving %d bytes securely (errno=%d)",
+                SSL_GETPID(), ss->fd, rv, PORT_GetError()));
+    return rv;
+}
+
+int
+ssl_SecureRead(sslSocket *ss, unsigned char *buf, int len)
+{
+    return ssl_SecureRecv(ss, buf, len, 0);
+}
+
+/* Caller holds the SSL Socket's write lock. SSL_LOCK_WRITER(ss) */
+int
+ssl_SecureSend(sslSocket *ss, const unsigned char *buf, int len, int flags)
+{
+    int rv = 0;
+
+    SSL_TRC(2, ("%d: SSL[%d]: SecureSend: sending %d bytes",
+                SSL_GETPID(), ss->fd, len));
+
+    if (ss->shutdownHow & ssl_SHUTDOWN_SEND) {
+        PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
+        rv = PR_FAILURE;
+        goto done;
+    }
+    if (flags) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        rv = PR_FAILURE;
+        goto done;
+    }
+
+    ssl_GetXmitBufLock(ss);
+    if (ss->pendingBuf.len != 0) {
+        PORT_Assert(ss->pendingBuf.len > 0);
+        rv = ssl_SendSavedWriteData(ss);
+        if (rv >= 0 && ss->pendingBuf.len != 0) {
+            PORT_Assert(ss->pendingBuf.len > 0);
+            PORT_SetError(PR_WOULD_BLOCK_ERROR);
+            rv = SECFailure;
+        }
+    }
+    ssl_ReleaseXmitBufLock(ss);
+    if (rv < 0) {
+        goto done;
+    }
+
+    if (len > 0)
+        ss->writerThread = PR_GetCurrentThread();
+
+    /* Check to see if we can write even though we're not finished.
+     *
+     * Case 1: False start
+     * Case 2: TLS 1.3 0-RTT
+     */
+    if (!ss->firstHsDone) {
+        PRBool falseStart = PR_FALSE;
+        ssl_Get1stHandshakeLock(ss);
+        if (ss->opt.enableFalseStart ||
+            (ss->opt.enable0RttData && !ss->sec.isServer)) {
+            ssl_GetSSL3HandshakeLock(ss);
+            /* The client can sometimes send before the handshake is fully
+             * complete. In TLS 1.2: false start; in TLS 1.3: 0-RTT. */
+            falseStart = ss->ssl3.hs.canFalseStart ||
+                         ss->ssl3.hs.zeroRttState == ssl_0rtt_sent ||
+                         ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted;
+            ssl_ReleaseSSL3HandshakeLock(ss);
+        }
+        if (!falseStart && ss->handshake) {
+            rv = ssl_Do1stHandshake(ss);
+        }
+        ssl_Release1stHandshakeLock(ss);
+    }
+    if (rv < 0) {
+        ss->writerThread = NULL;
+        goto done;
+    }
+
+    /* Check for zero length writes after we do housekeeping so we make forward
+     * progress.
+     */
+    if (len == 0) {
+        rv = 0;
+        goto done;
+    }
+    PORT_Assert(buf != NULL);
+    if (!buf) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        rv = PR_FAILURE;
+        goto done;
+    }
+
+    if (!ss->firstHsDone) {
+#ifdef DEBUG
+        ssl_GetSSL3HandshakeLock(ss);
+        PORT_Assert(!ss->sec.isServer &&
+                    (ss->ssl3.hs.canFalseStart ||
+                     ss->ssl3.hs.zeroRttState == ssl_0rtt_sent ||
+                     ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted));
+        ssl_ReleaseSSL3HandshakeLock(ss);
+#endif
+        SSL_TRC(3, ("%d: SSL[%d]: SecureSend: sending data due to false start",
+                    SSL_GETPID(), ss->fd));
+    }
+
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_SendApplicationData(ss, buf, len, flags);
+    ssl_ReleaseXmitBufLock(ss);
+    ss->writerThread = NULL;
+done:
+    if (rv < 0) {
+        SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count, error %d",
+                    SSL_GETPID(), ss->fd, rv, PORT_GetError()));
+    } else {
+        SSL_TRC(2, ("%d: SSL[%d]: SecureSend: returning %d count",
+                    SSL_GETPID(), ss->fd, rv));
+    }
+    return rv;
+}
+
+int
+ssl_SecureWrite(sslSocket *ss, const unsigned char *buf, int len)
+{
+    return ssl_SecureSend(ss, buf, len, 0);
+}
+
+SECStatus
+SSL_AlertReceivedCallback(PRFileDesc *fd, SSLAlertCallback cb, void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: unable to find socket in SSL_AlertReceivedCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    ss->alertReceivedCallback = cb;
+    ss->alertReceivedCallbackArg = arg;
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_AlertSentCallback(PRFileDesc *fd, SSLAlertCallback cb, void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: unable to find socket in SSL_AlertSentCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    ss->alertSentCallback = cb;
+    ss->alertSentCallbackArg = arg;
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_BadCertHook(PRFileDesc *fd, SSLBadCertHandler f, void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSLBadCertHook",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    ss->handleBadCert = f;
+    ss->badCertArg = arg;
+
+    return SECSuccess;
+}
+
+/*
+ * Allow the application to pass the url or hostname into the SSL library
+ * so that we can do some checking on it. It will be used for the value in
+ * SNI extension of client hello message.
+ */
+SECStatus
+SSL_SetURL(PRFileDesc *fd, const char *url)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+    SECStatus rv = SECSuccess;
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSLSetURL",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    if (ss->url) {
+        PORT_Free((void *)ss->url); /* CONST */
+    }
+
+    ss->url = (const char *)PORT_Strdup(url);
+    if (ss->url == NULL) {
+        rv = SECFailure;
+    }
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    return rv;
+}
+
+/*
+ * Allow the application to pass the set of trust anchors
+ */
+SECStatus
+SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+    CERTDistNames *names = NULL;
+
+    if (!certList) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetTrustAnchors",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    names = CERT_DistNamesFromCertList(certList);
+    if (names == NULL) {
+        return SECFailure;
+    }
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+    if (ss->ssl3.ca_list) {
+        CERT_FreeDistNames(ss->ssl3.ca_list);
+    }
+    ss->ssl3.ca_list = names;
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    return SECSuccess;
+}
+
+/*
+** Returns Negative number on error, zero or greater on success.
+** Returns the amount of data immediately available to be read.
+*/
+int
+SSL_DataPending(PRFileDesc *fd)
+{
+    sslSocket *ss;
+    int rv = 0;
+
+    ss = ssl_FindSocket(fd);
+
+    if (ss && ss->opt.useSecurity) {
+        ssl_GetRecvBufLock(ss);
+        rv = ss->gs.writeOffset - ss->gs.readOffset;
+        ssl_ReleaseRecvBufLock(ss);
+    }
+
+    return rv;
+}
+
+SECStatus
+SSL_InvalidateSession(PRFileDesc *fd)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+    SECStatus rv = SECFailure;
+
+    if (ss) {
+        ssl_Get1stHandshakeLock(ss);
+        ssl_GetSSL3HandshakeLock(ss);
+
+        if (ss->sec.ci.sid) {
+            ss->sec.uncache(ss->sec.ci.sid);
+            rv = SECSuccess;
+        }
+
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        ssl_Release1stHandshakeLock(ss);
+    }
+    return rv;
+}
+
+SECItem *
+SSL_GetSessionID(PRFileDesc *fd)
+{
+    sslSocket *ss;
+    SECItem *item = NULL;
+
+    ss = ssl_FindSocket(fd);
+    if (ss) {
+        ssl_Get1stHandshakeLock(ss);
+        ssl_GetSSL3HandshakeLock(ss);
+
+        if (ss->opt.useSecurity && ss->firstHsDone && ss->sec.ci.sid) {
+            item = (SECItem *)PORT_Alloc(sizeof(SECItem));
+            if (item) {
+                sslSessionID *sid = ss->sec.ci.sid;
+                item->len = sid->u.ssl3.sessionIDLength;
+                item->data = (unsigned char *)PORT_Alloc(item->len);
+                PORT_Memcpy(item->data, sid->u.ssl3.sessionID, item->len);
+            }
+        }
+
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        ssl_Release1stHandshakeLock(ss);
+    }
+    return item;
+}
+
+SECStatus
+SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss)
+        return SECFailure;
+    if (!dbHandle) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    ss->dbHandle = dbHandle;
+    return SECSuccess;
+}
+
+/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
+ * this implementation exists to maintain link-time compatibility.
+ */
+int
+SSL_RestartHandshakeAfterCertReq(sslSocket *ss,
+                                 CERTCertificate *cert,
+                                 SECKEYPrivateKey *key,
+                                 CERTCertificateList *certChain)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return -1;
+}
+
+/* DO NOT USE. This function was exported in ssl.def with the wrong signature;
+ * this implementation exists to maintain link-time compatibility.
+ */
+int
+SSL_RestartHandshakeAfterServerCert(sslSocket *ss)
+{
+    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+    return -1;
+}
+
+/* See documentation in ssl.h */
+SECStatus
+SSL_AuthCertificateComplete(PRFileDesc *fd, PRErrorCode error)
+{
+    SECStatus rv;
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_AuthCertificateComplete",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+
+    if (!ss->ssl3.initialized) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
+    } else {
+        rv = ssl3_AuthCertificateComplete(ss, error);
+    }
+
+    ssl_Release1stHandshakeLock(ss);
+
+    return rv;
+}
+
+/* For more info see ssl.h */
+SECStatus
+SSL_SNISocketConfigHook(PRFileDesc *fd, SSLSNISocketConfig func,
+                        void *arg)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SNISocketConfigHook",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    ss->sniSocketConfig = func;
+    ss->sniSocketConfigArg = arg;
+    return SECSuccess;
+}
diff --git a/nss/lib/ssl/sslsnce.c b/nss/lib/ssl/sslsnce.c
new file mode 100644
index 0000000..92d7f10
--- /dev/null
+++ b/nss/lib/ssl/sslsnce.c
@@ -0,0 +1,2193 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/* This file implements the SERVER Session ID cache.
+ * NOTE:  The contents of this file are NOT used by the client.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server
+ * cache sids!
+ *
+ * About record locking among different server processes:
+ *
+ * All processes that are part of the same conceptual server (serving on
+ * the same address and port) MUST share a common SSL session cache.
+ * This code makes the content of the shared cache accessible to all
+ * processes on the same "server".  This code works on Unix and Win32 only.
+ *
+ * We use NSPR anonymous shared memory and move data to & from shared memory.
+ * We must do explicit locking of the records for all reads and writes.
+ * The set of Cache entries are divided up into "sets" of 128 entries.
+ * Each set is protected by a lock.  There may be one or more sets protected
+ * by each lock.  That is, locks to sets are 1:N.
+ * There is one lock for the entire cert cache.
+ * There is one lock for the set of wrapped sym wrap keys.
+ *
+ * The anonymous shared memory is laid out as if it were declared like this:
+ *
+ * struct {
+ *     cacheDescriptor          desc;
+ *     sidCacheLock             sidCacheLocks[ numSIDCacheLocks];
+ *     sidCacheLock             keyCacheLock;
+ *     sidCacheLock             certCacheLock;
+ *     sidCacheSet              sidCacheSets[ numSIDCacheSets ];
+ *     sidCacheEntry            sidCacheData[ numSIDCacheEntries];
+ *     certCacheEntry           certCacheData[numCertCacheEntries];
+ *     SSLWrappedSymWrappingKey keyCacheData[SSL_NUM_WRAP_KEYS][SSL_NUM_WRAP_MECHS];
+ *     PRUint8                  keyNameSuffix[SESS_TICKET_KEY_VAR_NAME_LEN]
+ *     encKeyCacheEntry         ticketEncKey; // Wrapped
+ *     encKeyCacheEntry         ticketMacKey; // Wrapped
+ *     PRBool                   ticketKeysValid;
+ *     sidCacheLock             srvNameCacheLock;
+ *     srvNameCacheEntry        srvNameData[ numSrvNameCacheEntries ];
+ * } cacheMemCacheData;
+ */
+#include "seccomon.h"
+
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_OS2) || defined(XP_BEOS)
+
+#include "cert.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "pk11func.h"
+#include "base64.h"
+#include "keyhi.h"
+#include "blapit.h"
+#include "nss.h" /* for NSS_RegisterShutdown */
+#include "sechash.h"
+
+#include <stdio.h>
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+
+#include <syslog.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <signal.h>
+#include "unix_err.h"
+
+#else
+
+#ifdef XP_WIN32
+#include <wtypes.h>
+#include "win32err.h"
+#endif
+
+#endif
+#include <sys/types.h>
+
+#include "nspr.h"
+#include "sslmutex.h"
+
+/*
+** Format of a cache entry in the shared memory.
+*/
+struct sidCacheEntryStr {
+    /* 16 */ PRIPv6Addr addr; /* client's IP address */
+    /*  4 */ PRUint32 creationTime;
+    /*  4 */ PRUint32 lastAccessTime;
+    /*  4 */ PRUint32 expirationTime;
+    /*  2 */ PRUint16 version;
+    /*  1 */ PRUint8 valid;
+    /*  1 */ PRUint8 sessionIDLength;
+    /* 32 */ PRUint8 sessionID[SSL3_SESSIONID_BYTES];
+    /*  2 */ PRUint16 authType;
+    /*  2 */ PRUint16 authKeyBits;
+    /*  2 */ PRUint16 keaType;
+    /*  2 */ PRUint16 keaKeyBits;
+    /* 72  - common header total */
+
+    union {
+        struct {
+            /*  2 */ ssl3CipherSuite cipherSuite;
+            /*  2 */ PRUint16 compression; /* SSLCompressionMethod */
+
+            /* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */
+
+            /*  4 */ PRUint32 masterWrapMech;
+            /*  4 */ PRInt32 certIndex;
+            /*  4 */ PRInt32 srvNameIndex;
+            /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */
+            /*  2 */ PRUint16 namedCurve;
+/*104 */} ssl3;
+
+/* force sizeof(sidCacheEntry) to be a multiple of cache line size */
+struct {
+    /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */
+} forceSize;
+    } u;
+};
+typedef struct sidCacheEntryStr sidCacheEntry;
+
+/* The length of this struct is supposed to be a power of 2, e.g. 4KB */
+struct certCacheEntryStr {
+    PRUint16 certLength;                     /*    2 */
+    PRUint16 sessionIDLength;                /*    2 */
+    PRUint8 sessionID[SSL3_SESSIONID_BYTES]; /*   32 */
+    PRUint8 cert[SSL_MAX_CACHED_CERT_LEN];   /* 4060 */
+};                                           /* total   4096 */
+typedef struct certCacheEntryStr certCacheEntry;
+
+struct sidCacheLockStr {
+    PRUint32 timeStamp;
+    sslMutex mutex;
+    sslPID pid;
+};
+typedef struct sidCacheLockStr sidCacheLock;
+
+struct sidCacheSetStr {
+    PRIntn next;
+};
+typedef struct sidCacheSetStr sidCacheSet;
+
+struct encKeyCacheEntryStr {
+    PRUint8 bytes[512];
+    PRInt32 length;
+};
+typedef struct encKeyCacheEntryStr encKeyCacheEntry;
+
+#define SSL_MAX_DNS_HOST_NAME 1024
+
+struct srvNameCacheEntryStr {
+    PRUint16 type;                            /*    2 */
+    PRUint16 nameLen;                         /*    2 */
+    PRUint8 name[SSL_MAX_DNS_HOST_NAME + 12]; /* 1034 */
+    PRUint8 nameHash[SHA256_LENGTH];          /*   32 */
+                                              /* 1072 */
+};
+typedef struct srvNameCacheEntryStr srvNameCacheEntry;
+
+struct cacheDescStr {
+
+    PRUint32 cacheMemSize;
+
+    PRUint32 numSIDCacheLocks;
+    PRUint32 numSIDCacheSets;
+    PRUint32 numSIDCacheSetsPerLock;
+
+    PRUint32 numSIDCacheEntries;
+    PRUint32 sidCacheSize;
+
+    PRUint32 numCertCacheEntries;
+    PRUint32 certCacheSize;
+
+    PRUint32 numKeyCacheEntries;
+    PRUint32 keyCacheSize;
+
+    PRUint32 numSrvNameCacheEntries;
+    PRUint32 srvNameCacheSize;
+
+    PRUint32 ssl3Timeout;
+
+    PRUint32 numSIDCacheLocksInitialized;
+
+    /* These values are volatile, and are accessed through sharedCache-> */
+    PRUint32 nextCertCacheEntry; /* certCacheLock protects */
+    PRBool stopPolling;
+    PRBool everInherited;
+
+    /* The private copies of these values are pointers into shared mem */
+    /* The copies of these values in shared memory are merely offsets */
+    sidCacheLock *sidCacheLocks;
+    sidCacheLock *keyCacheLock;
+    sidCacheLock *certCacheLock;
+    sidCacheLock *srvNameCacheLock;
+    sidCacheSet *sidCacheSets;
+    sidCacheEntry *sidCacheData;
+    certCacheEntry *certCacheData;
+    SSLWrappedSymWrappingKey *keyCacheData;
+    PRUint8 *ticketKeyNameSuffix;
+    encKeyCacheEntry *ticketEncKey;
+    encKeyCacheEntry *ticketMacKey;
+    PRUint32 *ticketKeysValid;
+    srvNameCacheEntry *srvNameCacheData;
+
+    /* Only the private copies of these pointers are valid */
+    char *cacheMem;
+    struct cacheDescStr *sharedCache; /* shared copy of this struct */
+    PRFileMap *cacheMemMap;
+    PRThread *poller;
+    PRUint32 mutexTimeout;
+    PRBool shared;
+};
+typedef struct cacheDescStr cacheDesc;
+
+static cacheDesc globalCache;
+
+static const char envVarName[] = { SSL_ENV_VAR_NAME };
+
+static PRBool isMultiProcess = PR_FALSE;
+
+#define DEF_SID_CACHE_ENTRIES 10000
+#define DEF_CERT_CACHE_ENTRIES 250
+#define MIN_CERT_CACHE_ENTRIES 125 /* the effective size in old releases. */
+#define DEF_KEY_CACHE_ENTRIES 250
+#define DEF_NAME_CACHE_ENTRIES 1000
+
+#define SID_CACHE_ENTRIES_PER_SET 128
+#define SID_ALIGNMENT 16
+
+#define DEF_SSL3_TIMEOUT 86400L /* 24 hours */
+#define MAX_SSL3_TIMEOUT 86400L /* 24 hours */
+#define MIN_SSL3_TIMEOUT 5      /* seconds  */
+
+#if defined(AIX) || defined(LINUX) || defined(NETBSD) || defined(OPENBSD)
+#define MAX_SID_CACHE_LOCKS 8 /* two FDs per lock */
+#elif defined(OSF1)
+#define MAX_SID_CACHE_LOCKS 16 /* one FD per lock */
+#else
+#define MAX_SID_CACHE_LOCKS 256
+#endif
+
+#define SID_HOWMANY(val, size) (((val) + ((size)-1)) / (size))
+#define SID_ROUNDUP(val, size) ((size)*SID_HOWMANY((val), (size)))
+
+static sslPID myPid;
+static PRUint32 ssl_max_sid_cache_locks = MAX_SID_CACHE_LOCKS;
+
+/* forward static function declarations */
+static PRUint32 SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s,
+                         unsigned nl);
+static SECStatus LaunchLockPoller(cacheDesc *cache);
+static SECStatus StopLockPoller(cacheDesc *cache);
+
+struct inheritanceStr {
+    PRUint32 cacheMemSize;
+    PRUint32 fmStrLen;
+};
+
+typedef struct inheritanceStr inheritance;
+
+#if defined(_WIN32) || defined(XP_OS2)
+
+#define DEFAULT_CACHE_DIRECTORY "\\temp"
+
+#endif /* _win32 */
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+
+#define DEFAULT_CACHE_DIRECTORY "/tmp"
+
+#endif /* XP_UNIX || XP_BEOS */
+
+/************************************************************************/
+
+static PRUint32
+LockSidCacheLock(sidCacheLock *lock, PRUint32 now)
+{
+    SECStatus rv = sslMutex_Lock(&lock->mutex);
+    if (rv != SECSuccess)
+        return 0;
+    if (!now)
+        now = ssl_Time();
+    lock->timeStamp = now;
+    lock->pid = myPid;
+    return now;
+}
+
+static SECStatus
+UnlockSidCacheLock(sidCacheLock *lock)
+{
+    SECStatus rv;
+
+    lock->pid = 0;
+    rv = sslMutex_Unlock(&lock->mutex);
+    return rv;
+}
+
+/* returns the value of ssl_Time on success, zero on failure. */
+static PRUint32
+LockSet(cacheDesc *cache, PRUint32 set, PRUint32 now)
+{
+    PRUint32 lockNum = set % cache->numSIDCacheLocks;
+    sidCacheLock *lock = cache->sidCacheLocks + lockNum;
+
+    return LockSidCacheLock(lock, now);
+}
+
+static SECStatus
+UnlockSet(cacheDesc *cache, PRUint32 set)
+{
+    PRUint32 lockNum = set % cache->numSIDCacheLocks;
+    sidCacheLock *lock = cache->sidCacheLocks + lockNum;
+
+    return UnlockSidCacheLock(lock);
+}
+
+/************************************************************************/
+
+/* Put a certificate in the cache.  Update the cert index in the sce.
+*/
+static PRUint32
+CacheCert(cacheDesc *cache, CERTCertificate *cert, sidCacheEntry *sce)
+{
+    PRUint32 now;
+    certCacheEntry cce;
+
+    if ((cert->derCert.len > SSL_MAX_CACHED_CERT_LEN) ||
+        (cert->derCert.len <= 0) ||
+        (cert->derCert.data == NULL)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return 0;
+    }
+
+    cce.sessionIDLength = sce->sessionIDLength;
+    PORT_Memcpy(cce.sessionID, sce->sessionID, cce.sessionIDLength);
+
+    cce.certLength = cert->derCert.len;
+    PORT_Memcpy(cce.cert, cert->derCert.data, cce.certLength);
+
+    /* get lock on cert cache */
+    now = LockSidCacheLock(cache->certCacheLock, 0);
+    if (now) {
+
+        /* Find where to place the next cert cache entry. */
+        cacheDesc *sharedCache = cache->sharedCache;
+        PRUint32 ndx = sharedCache->nextCertCacheEntry;
+
+        /* write the entry */
+        cache->certCacheData[ndx] = cce;
+
+        /* remember where we put it. */
+        sce->u.ssl3.certIndex = ndx;
+
+        /* update the "next" cache entry index */
+        sharedCache->nextCertCacheEntry =
+            (ndx + 1) % cache->numCertCacheEntries;
+
+        UnlockSidCacheLock(cache->certCacheLock);
+    }
+    return now;
+}
+
+/* Server configuration hash tables need to account the SECITEM.type
+ * field as well. These functions accomplish that. */
+static PLHashNumber
+Get32BitNameHash(const SECItem *name)
+{
+    PLHashNumber rv = SECITEM_Hash(name);
+
+    PRUint8 *rvc = (PRUint8 *)&rv;
+    rvc[name->len % sizeof(rv)] ^= name->type;
+
+    return rv;
+}
+
+/* Put a name in the cache.  Update the cert index in the sce.
+*/
+static PRUint32
+CacheSrvName(cacheDesc *cache, SECItem *name, sidCacheEntry *sce)
+{
+    PRUint32 now;
+    PRUint32 ndx;
+    srvNameCacheEntry snce;
+
+    if (!name || name->len <= 0 ||
+        name->len > SSL_MAX_DNS_HOST_NAME) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return 0;
+    }
+
+    snce.type = name->type;
+    snce.nameLen = name->len;
+    PORT_Memcpy(snce.name, name->data, snce.nameLen);
+    HASH_HashBuf(HASH_AlgSHA256, snce.nameHash, name->data, name->len);
+
+    /* get index of the next name */
+    ndx = Get32BitNameHash(name);
+    /* get lock on cert cache */
+    now = LockSidCacheLock(cache->srvNameCacheLock, 0);
+    if (now) {
+        if (cache->numSrvNameCacheEntries > 0) {
+            /* Fit the index into array */
+            ndx %= cache->numSrvNameCacheEntries;
+            /* write the entry */
+            cache->srvNameCacheData[ndx] = snce;
+            /* remember where we put it. */
+            sce->u.ssl3.srvNameIndex = ndx;
+            /* Copy hash into sid hash */
+            PORT_Memcpy(sce->u.ssl3.srvNameHash, snce.nameHash, SHA256_LENGTH);
+        }
+        UnlockSidCacheLock(cache->srvNameCacheLock);
+    }
+    return now;
+}
+
+/*
+** Convert local SID to shared memory one
+*/
+static void
+ConvertFromSID(sidCacheEntry *to, sslSessionID *from)
+{
+    to->valid = 1;
+    to->version = from->version;
+    to->addr = from->addr;
+    to->creationTime = from->creationTime;
+    to->lastAccessTime = from->lastAccessTime;
+    to->expirationTime = from->expirationTime;
+    to->authType = from->authType;
+    to->authKeyBits = from->authKeyBits;
+    to->keaType = from->keaType;
+    to->keaKeyBits = from->keaKeyBits;
+
+    to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
+    to->u.ssl3.compression = (PRUint16)from->u.ssl3.compression;
+    to->u.ssl3.keys = from->u.ssl3.keys;
+    to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
+    to->sessionIDLength = from->u.ssl3.sessionIDLength;
+    to->u.ssl3.certIndex = -1;
+    to->u.ssl3.srvNameIndex = -1;
+    PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID,
+                to->sessionIDLength);
+    to->u.ssl3.namedCurve = 0U;
+    if (from->authType == ssl_auth_ecdsa ||
+        from->authType == ssl_auth_ecdh_rsa ||
+        from->authType == ssl_auth_ecdh_ecdsa) {
+        PORT_Assert(from->namedCurve);
+        to->u.ssl3.namedCurve = (PRUint16)from->namedCurve->name;
+    }
+
+    SSL_TRC(8, ("%d: SSL3: ConvertSID: time=%d addr=0x%08x%08x%08x%08x "
+                "cipherSuite=%d",
+                myPid, to->creationTime, to->addr.pr_s6_addr32[0],
+                to->addr.pr_s6_addr32[1], to->addr.pr_s6_addr32[2],
+                to->addr.pr_s6_addr32[3], to->u.ssl3.cipherSuite));
+}
+
+/*
+** Convert shared memory cache-entry to local memory based one
+** This is only called from ServerSessionIDLookup().
+*/
+static sslSessionID *
+ConvertToSID(sidCacheEntry *from,
+             certCacheEntry *pcce,
+             srvNameCacheEntry *psnce,
+             CERTCertDBHandle *dbHandle)
+{
+    sslSessionID *to;
+
+    to = PORT_ZNew(sslSessionID);
+    if (!to) {
+        return 0;
+    }
+
+    to->u.ssl3.sessionIDLength = from->sessionIDLength;
+    to->u.ssl3.cipherSuite = from->u.ssl3.cipherSuite;
+    to->u.ssl3.compression = (SSLCompressionMethod)from->u.ssl3.compression;
+    to->u.ssl3.keys = from->u.ssl3.keys;
+    to->u.ssl3.masterWrapMech = from->u.ssl3.masterWrapMech;
+    if (from->u.ssl3.srvNameIndex != -1 && psnce) {
+        SECItem name;
+        SECStatus rv;
+        name.type = psnce->type;
+        name.len = psnce->nameLen;
+        name.data = psnce->name;
+        rv = SECITEM_CopyItem(NULL, &to->u.ssl3.srvName, &name);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    PORT_Memcpy(to->u.ssl3.sessionID, from->sessionID, from->sessionIDLength);
+
+    /* the portions of the SID that are only restored on the client
+     * are set to invalid values on the server.
+     */
+    to->u.ssl3.clientWriteKey = NULL;
+    to->u.ssl3.serverWriteKey = NULL;
+
+    to->urlSvrName = NULL;
+
+    to->u.ssl3.masterModuleID = (SECMODModuleID)-1; /* invalid value */
+    to->u.ssl3.masterSlotID = (CK_SLOT_ID)-1;       /* invalid value */
+    to->u.ssl3.masterWrapIndex = 0;
+    to->u.ssl3.masterWrapSeries = 0;
+    to->u.ssl3.masterValid = PR_FALSE;
+
+    to->u.ssl3.clAuthModuleID = (SECMODModuleID)-1; /* invalid value */
+    to->u.ssl3.clAuthSlotID = (CK_SLOT_ID)-1;       /* invalid value */
+    to->u.ssl3.clAuthSeries = 0;
+    to->u.ssl3.clAuthValid = PR_FALSE;
+
+    if (from->u.ssl3.certIndex != -1 && pcce) {
+        SECItem derCert;
+
+        derCert.len = pcce->certLength;
+        derCert.data = pcce->cert;
+
+        to->peerCert = CERT_NewTempCertificate(dbHandle, &derCert, NULL,
+                                               PR_FALSE, PR_TRUE);
+        if (to->peerCert == NULL)
+            goto loser;
+    }
+    if (from->authType == ssl_auth_ecdsa ||
+        from->authType == ssl_auth_ecdh_rsa ||
+        from->authType == ssl_auth_ecdh_ecdsa) {
+        to->namedCurve =
+            ssl_LookupNamedGroup((SSLNamedGroup)from->u.ssl3.namedCurve);
+    }
+
+    to->version = from->version;
+    to->creationTime = from->creationTime;
+    to->lastAccessTime = from->lastAccessTime;
+    to->expirationTime = from->expirationTime;
+    to->cached = in_server_cache;
+    to->addr = from->addr;
+    to->references = 1;
+    to->authType = from->authType;
+    to->authKeyBits = from->authKeyBits;
+    to->keaType = from->keaType;
+    to->keaKeyBits = from->keaKeyBits;
+
+    return to;
+
+loser:
+    if (to) {
+        SECITEM_FreeItem(&to->u.ssl3.srvName, PR_FALSE);
+        PORT_Free(to);
+    }
+    return NULL;
+}
+
+/*
+** Perform some mumbo jumbo on the ip-address and the session-id value to
+** compute a hash value.
+*/
+static PRUint32
+SIDindex(cacheDesc *cache, const PRIPv6Addr *addr, PRUint8 *s, unsigned nl)
+{
+    PRUint32 rv;
+    PRUint32 x[8];
+
+    memset(x, 0, sizeof x);
+    if (nl > sizeof x)
+        nl = sizeof x;
+    memcpy(x, s, nl);
+
+    rv = (addr->pr_s6_addr32[0] ^ addr->pr_s6_addr32[1] ^
+          addr->pr_s6_addr32[2] ^ addr->pr_s6_addr32[3] ^
+          x[0] ^ x[1] ^ x[2] ^ x[3] ^ x[4] ^ x[5] ^ x[6] ^ x[7]) %
+         cache->numSIDCacheSets;
+    return rv;
+}
+
+/*
+** Look something up in the cache. This will invalidate old entries
+** in the process. Caller has locked the cache set!
+** Returns PR_TRUE if found a valid match.  PR_FALSE otherwise.
+*/
+static sidCacheEntry *
+FindSID(cacheDesc *cache, PRUint32 setNum, PRUint32 now,
+        const PRIPv6Addr *addr, unsigned char *sessionID,
+        unsigned sessionIDLength)
+{
+    PRUint32 ndx = cache->sidCacheSets[setNum].next;
+    int i;
+
+    sidCacheEntry *set = cache->sidCacheData +
+                         (setNum * SID_CACHE_ENTRIES_PER_SET);
+
+    for (i = SID_CACHE_ENTRIES_PER_SET; i > 0; --i) {
+        sidCacheEntry *sce;
+
+        ndx = (ndx - 1) % SID_CACHE_ENTRIES_PER_SET;
+        sce = set + ndx;
+
+        if (!sce->valid)
+            continue;
+
+        if (now > sce->expirationTime) {
+            /* SessionID has timed out. Invalidate the entry. */
+            SSL_TRC(7, ("%d: timed out sid entry addr=%08x%08x%08x%08x now=%x "
+                        "time+=%x",
+                        myPid, sce->addr.pr_s6_addr32[0],
+                        sce->addr.pr_s6_addr32[1], sce->addr.pr_s6_addr32[2],
+                        sce->addr.pr_s6_addr32[3], now,
+                        sce->expirationTime));
+            sce->valid = 0;
+            continue;
+        }
+
+        /*
+        ** Next, examine specific session-id/addr data to see if the cache
+        ** entry matches our addr+session-id value
+        */
+        if (sessionIDLength == sce->sessionIDLength &&
+            !memcmp(&sce->addr, addr, sizeof(PRIPv6Addr)) &&
+            !memcmp(sce->sessionID, sessionID, sessionIDLength)) {
+            /* Found it */
+            return sce;
+        }
+    }
+
+    PORT_SetError(SSL_ERROR_SESSION_NOT_FOUND);
+    return NULL;
+}
+
+/************************************************************************/
+
+/* This is the primary function for finding entries in the server's sid cache.
+ * Although it is static, this function is called via the global function
+ * pointer ssl_sid_lookup.
+ */
+static sslSessionID *
+ServerSessionIDLookup(const PRIPv6Addr *addr,
+                      unsigned char *sessionID,
+                      unsigned int sessionIDLength,
+                      CERTCertDBHandle *dbHandle)
+{
+    sslSessionID *sid = 0;
+    sidCacheEntry *psce;
+    certCacheEntry *pcce = 0;
+    srvNameCacheEntry *psnce = 0;
+    cacheDesc *cache = &globalCache;
+    PRUint32 now;
+    PRUint32 set;
+    PRInt32 cndx;
+    sidCacheEntry sce;
+    certCacheEntry cce;
+    srvNameCacheEntry snce;
+
+    set = SIDindex(cache, addr, sessionID, sessionIDLength);
+    now = LockSet(cache, set, 0);
+    if (!now)
+        return NULL;
+
+    psce = FindSID(cache, set, now, addr, sessionID, sessionIDLength);
+    if (psce) {
+        if ((cndx = psce->u.ssl3.certIndex) != -1) {
+            PRUint32 gotLock = LockSidCacheLock(cache->certCacheLock, now);
+            if (gotLock) {
+                pcce = &cache->certCacheData[cndx];
+
+                /* See if the cert's session ID matches the sce cache. */
+                if ((pcce->sessionIDLength == psce->sessionIDLength) &&
+                    !PORT_Memcmp(pcce->sessionID, psce->sessionID,
+                                 pcce->sessionIDLength)) {
+                    cce = *pcce;
+                } else {
+                    /* The cert doesen't match the SID cache entry,
+                    ** so invalidate the SID cache entry.
+                    */
+                    psce->valid = 0;
+                    psce = 0;
+                    pcce = 0;
+                }
+                UnlockSidCacheLock(cache->certCacheLock);
+            } else {
+                /* what the ??.  Didn't get the cert cache lock.
+                ** Don't invalidate the SID cache entry, but don't find it.
+                */
+                PORT_Assert(!("Didn't get cert Cache Lock!"));
+                psce = 0;
+                pcce = 0;
+            }
+        }
+        if (psce && ((cndx = psce->u.ssl3.srvNameIndex) != -1)) {
+            PRUint32 gotLock = LockSidCacheLock(cache->srvNameCacheLock,
+                                                now);
+            if (gotLock) {
+                psnce = &cache->srvNameCacheData[cndx];
+
+                if (!PORT_Memcmp(psnce->nameHash, psce->u.ssl3.srvNameHash,
+                                 SHA256_LENGTH)) {
+                    snce = *psnce;
+                } else {
+                    /* The name doesen't match the SID cache entry,
+                    ** so invalidate the SID cache entry.
+                    */
+                    psce->valid = 0;
+                    psce = 0;
+                    psnce = 0;
+                }
+                UnlockSidCacheLock(cache->srvNameCacheLock);
+            } else {
+                /* what the ??.  Didn't get the cert cache lock.
+                ** Don't invalidate the SID cache entry, but don't find it.
+                */
+                PORT_Assert(!("Didn't get name Cache Lock!"));
+                psce = 0;
+                psnce = 0;
+            }
+        }
+        if (psce) {
+            psce->lastAccessTime = now;
+            sce = *psce; /* grab a copy while holding the lock */
+        }
+    }
+    UnlockSet(cache, set);
+    if (psce) {
+        /* sce conains a copy of the cache entry.
+        ** Convert shared memory format to local format
+        */
+        sid = ConvertToSID(&sce, pcce ? &cce : 0, psnce ? &snce : 0, dbHandle);
+    }
+    return sid;
+}
+
+/*
+** Place a sid into the cache, if it isn't already there.
+*/
+static void
+ServerSessionIDCache(sslSessionID *sid)
+{
+    sidCacheEntry sce;
+    PRUint32 now = 0;
+    cacheDesc *cache = &globalCache;
+
+    if (sid->u.ssl3.sessionIDLength == 0) {
+        return;
+    }
+
+    if (sid->cached == never_cached || sid->cached == invalid_cache) {
+        PRUint32 set;
+        SECItem *name;
+
+        PORT_Assert(sid->creationTime != 0);
+        if (!sid->creationTime)
+            sid->lastAccessTime = sid->creationTime = ssl_Time();
+        /* override caller's expiration time, which uses client timeout
+         * duration, not server timeout duration.
+         */
+        sid->expirationTime = sid->creationTime + cache->ssl3Timeout;
+        SSL_TRC(8, ("%d: SSL: CacheMT: cached=%d addr=0x%08x%08x%08x%08x time=%x "
+                    "cipherSuite=%d",
+                    myPid, sid->cached,
+                    sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
+                    sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+                    sid->creationTime, sid->u.ssl3.cipherSuite));
+        PRINT_BUF(8, (0, "sessionID:", sid->u.ssl3.sessionID,
+                      sid->u.ssl3.sessionIDLength));
+
+        ConvertFromSID(&sce, sid);
+
+        name = &sid->u.ssl3.srvName;
+        if (name->len && name->data) {
+            now = CacheSrvName(cache, name, &sce);
+        }
+        if (sid->peerCert != NULL) {
+            now = CacheCert(cache, sid->peerCert, &sce);
+        }
+
+        set = SIDindex(cache, &sce.addr, sce.sessionID, sce.sessionIDLength);
+        now = LockSet(cache, set, now);
+        if (now) {
+            PRUint32 next = cache->sidCacheSets[set].next;
+            PRUint32 ndx = set * SID_CACHE_ENTRIES_PER_SET + next;
+
+            /* Write out new cache entry */
+            cache->sidCacheData[ndx] = sce;
+
+            cache->sidCacheSets[set].next =
+                (next + 1) % SID_CACHE_ENTRIES_PER_SET;
+
+            UnlockSet(cache, set);
+            sid->cached = in_server_cache;
+        }
+    }
+}
+
+/*
+** Although this is static, it is called from ssl via global function pointer
+**  ssl_sid_uncache.  This invalidates the referenced cache entry.
+*/
+static void
+ServerSessionIDUncache(sslSessionID *sid)
+{
+    cacheDesc *cache = &globalCache;
+    PRUint8 *sessionID;
+    unsigned int sessionIDLength;
+    PRErrorCode err;
+    PRUint32 set;
+    PRUint32 now;
+    sidCacheEntry *psce;
+
+    if (sid == NULL)
+        return;
+
+    /* Uncaching a SID should never change the error code.
+    ** So save it here and restore it before exiting.
+    */
+    err = PR_GetError();
+
+    sessionID = sid->u.ssl3.sessionID;
+    sessionIDLength = sid->u.ssl3.sessionIDLength;
+    SSL_TRC(8, ("%d: SSL3: UncacheMT: valid=%d addr=0x%08x%08x%08x%08x time=%x "
+                "cipherSuite=%d",
+                myPid, sid->cached,
+                sid->addr.pr_s6_addr32[0], sid->addr.pr_s6_addr32[1],
+                sid->addr.pr_s6_addr32[2], sid->addr.pr_s6_addr32[3],
+                sid->creationTime, sid->u.ssl3.cipherSuite));
+    PRINT_BUF(8, (0, "sessionID:", sessionID, sessionIDLength));
+    set = SIDindex(cache, &sid->addr, sessionID, sessionIDLength);
+    now = LockSet(cache, set, 0);
+    if (now) {
+        psce = FindSID(cache, set, now, &sid->addr, sessionID, sessionIDLength);
+        if (psce) {
+            psce->valid = 0;
+        }
+        UnlockSet(cache, set);
+    }
+    sid->cached = invalid_cache;
+    PORT_SetError(err);
+}
+
+#ifdef XP_OS2
+
+#define INCL_DOSPROCESS
+#include <os2.h>
+
+long
+gettid(void)
+{
+    PTIB ptib;
+    PPIB ppib;
+    DosGetInfoBlocks(&ptib, &ppib);
+    return ((long)ptib->tib_ordinal); /* thread id */
+}
+#endif
+
+static void
+CloseCache(cacheDesc *cache)
+{
+    int locks_initialized = cache->numSIDCacheLocksInitialized;
+
+    if (cache->cacheMem) {
+        if (cache->sharedCache) {
+            sidCacheLock *pLock = cache->sidCacheLocks;
+            for (; locks_initialized > 0; --locks_initialized, ++pLock) {
+                /* If everInherited is true, this shared cache was (and may
+                ** still be) in use by multiple processes.  We do not wish to
+                ** destroy the mutexes while they are still in use, but we do
+                ** want to free mutex resources associated with this process.
+                */
+                sslMutex_Destroy(&pLock->mutex,
+                                 cache->sharedCache->everInherited);
+            }
+        }
+        if (cache->shared) {
+            PR_MemUnmap(cache->cacheMem, cache->cacheMemSize);
+        } else {
+            PORT_Free(cache->cacheMem);
+        }
+        cache->cacheMem = NULL;
+    }
+    if (cache->cacheMemMap) {
+        PR_CloseFileMap(cache->cacheMemMap);
+        cache->cacheMemMap = NULL;
+    }
+    memset(cache, 0, sizeof *cache);
+}
+
+static SECStatus
+InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
+          int maxSrvNameCacheEntries, PRUint32 ssl3_timeout,
+          const char *directory, PRBool shared)
+{
+    ptrdiff_t ptr;
+    sidCacheLock *pLock;
+    char *cacheMem;
+    PRFileMap *cacheMemMap;
+    char *cfn = NULL; /* cache file name */
+    int locks_initialized = 0;
+    int locks_to_initialize = 0;
+    PRUint32 init_time;
+
+    if ((!cache) || (maxCacheEntries < 0) || (!directory)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (cache->cacheMem) {
+        /* Already done */
+        return SECSuccess;
+    }
+
+    /* make sure loser can clean up properly */
+    cache->shared = shared;
+    cache->cacheMem = cacheMem = NULL;
+    cache->cacheMemMap = cacheMemMap = NULL;
+    cache->sharedCache = (cacheDesc *)0;
+
+    cache->numSIDCacheLocksInitialized = 0;
+    cache->nextCertCacheEntry = 0;
+    cache->stopPolling = PR_FALSE;
+    cache->everInherited = PR_FALSE;
+    cache->poller = NULL;
+    cache->mutexTimeout = 0;
+
+    cache->numSIDCacheEntries = maxCacheEntries ? maxCacheEntries
+                                                : DEF_SID_CACHE_ENTRIES;
+    cache->numSIDCacheSets =
+        SID_HOWMANY(cache->numSIDCacheEntries, SID_CACHE_ENTRIES_PER_SET);
+
+    cache->numSIDCacheEntries =
+        cache->numSIDCacheSets * SID_CACHE_ENTRIES_PER_SET;
+
+    cache->numSIDCacheLocks =
+        PR_MIN(cache->numSIDCacheSets, ssl_max_sid_cache_locks);
+
+    cache->numSIDCacheSetsPerLock =
+        SID_HOWMANY(cache->numSIDCacheSets, cache->numSIDCacheLocks);
+
+    cache->numCertCacheEntries = (maxCertCacheEntries > 0) ? maxCertCacheEntries
+                                                           : 0;
+    cache->numSrvNameCacheEntries = (maxSrvNameCacheEntries >= 0) ? maxSrvNameCacheEntries
+                                                                  : DEF_NAME_CACHE_ENTRIES;
+
+    /* compute size of shared memory, and offsets of all pointers */
+    ptr = 0;
+    cache->cacheMem = (char *)ptr;
+    ptr += SID_ROUNDUP(sizeof(cacheDesc), SID_ALIGNMENT);
+
+    cache->sidCacheLocks = (sidCacheLock *)ptr;
+    cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks;
+    cache->certCacheLock = cache->keyCacheLock + 1;
+    cache->srvNameCacheLock = cache->certCacheLock + 1;
+    ptr = (ptrdiff_t)(cache->srvNameCacheLock + 1);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->sidCacheSets = (sidCacheSet *)ptr;
+    ptr = (ptrdiff_t)(cache->sidCacheSets + cache->numSIDCacheSets);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->sidCacheData = (sidCacheEntry *)ptr;
+    ptr = (ptrdiff_t)(cache->sidCacheData + cache->numSIDCacheEntries);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->certCacheData = (certCacheEntry *)ptr;
+    cache->sidCacheSize =
+        (char *)cache->certCacheData - (char *)cache->sidCacheData;
+
+    if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES) {
+        /* This is really a poor way to computer this! */
+        cache->numCertCacheEntries = cache->sidCacheSize / sizeof(certCacheEntry);
+        if (cache->numCertCacheEntries < MIN_CERT_CACHE_ENTRIES)
+            cache->numCertCacheEntries = MIN_CERT_CACHE_ENTRIES;
+    }
+    ptr = (ptrdiff_t)(cache->certCacheData + cache->numCertCacheEntries);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->keyCacheData = (SSLWrappedSymWrappingKey *)ptr;
+    cache->certCacheSize =
+        (char *)cache->keyCacheData - (char *)cache->certCacheData;
+
+    cache->numKeyCacheEntries = SSL_NUM_WRAP_KEYS * SSL_NUM_WRAP_MECHS;
+    ptr = (ptrdiff_t)(cache->keyCacheData + cache->numKeyCacheEntries);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->keyCacheSize = (char *)ptr - (char *)cache->keyCacheData;
+
+    cache->ticketKeyNameSuffix = (PRUint8 *)ptr;
+    ptr = (ptrdiff_t)(cache->ticketKeyNameSuffix +
+                      SESS_TICKET_KEY_VAR_NAME_LEN);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->ticketEncKey = (encKeyCacheEntry *)ptr;
+    ptr = (ptrdiff_t)(cache->ticketEncKey + 1);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->ticketMacKey = (encKeyCacheEntry *)ptr;
+    ptr = (ptrdiff_t)(cache->ticketMacKey + 1);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->ticketKeysValid = (PRUint32 *)ptr;
+    ptr = (ptrdiff_t)(cache->ticketKeysValid + 1);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->srvNameCacheData = (srvNameCacheEntry *)ptr;
+    cache->srvNameCacheSize =
+        cache->numSrvNameCacheEntries * sizeof(srvNameCacheEntry);
+    ptr = (ptrdiff_t)(cache->srvNameCacheData + cache->numSrvNameCacheEntries);
+    ptr = SID_ROUNDUP(ptr, SID_ALIGNMENT);
+
+    cache->cacheMemSize = ptr;
+
+    if (ssl3_timeout) {
+        if (ssl3_timeout > MAX_SSL3_TIMEOUT) {
+            ssl3_timeout = MAX_SSL3_TIMEOUT;
+        }
+        if (ssl3_timeout < MIN_SSL3_TIMEOUT) {
+            ssl3_timeout = MIN_SSL3_TIMEOUT;
+        }
+        cache->ssl3Timeout = ssl3_timeout;
+    } else {
+        cache->ssl3Timeout = DEF_SSL3_TIMEOUT;
+    }
+
+    if (shared) {
+/* Create file names */
+#if defined(XP_UNIX) || defined(XP_BEOS)
+        /* there's some confusion here about whether PR_OpenAnonFileMap wants
+        ** a directory name or a file name for its first argument.
+        cfn = PR_smprintf("%s/.sslsvrcache.%d", directory, myPid);
+        */
+        cfn = PR_smprintf("%s", directory);
+#elif defined(XP_WIN32)
+        cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid,
+                          GetCurrentThreadId());
+#elif defined(XP_OS2)
+        cfn = PR_smprintf("%s/svrcache_%d_%x.ssl", directory, myPid,
+                          gettid());
+#else
+#error "Don't know how to create file name for this platform!"
+#endif
+        if (!cfn) {
+            goto loser;
+        }
+
+        /* Create cache */
+        cacheMemMap = PR_OpenAnonFileMap(cfn, cache->cacheMemSize,
+                                         PR_PROT_READWRITE);
+
+        PR_smprintf_free(cfn);
+        if (!cacheMemMap) {
+            goto loser;
+        }
+
+        cacheMem = PR_MemMap(cacheMemMap, 0, cache->cacheMemSize);
+    } else {
+        cacheMem = PORT_Alloc(cache->cacheMemSize);
+    }
+
+    if (!cacheMem) {
+        goto loser;
+    }
+
+    /* Initialize shared memory. This may not be necessary on all platforms */
+    memset(cacheMem, 0, cache->cacheMemSize);
+
+    /* Copy cache descriptor header into shared memory */
+    memcpy(cacheMem, cache, sizeof *cache);
+
+    /* save private copies of these values */
+    cache->cacheMemMap = cacheMemMap;
+    cache->cacheMem = cacheMem;
+    cache->sharedCache = (cacheDesc *)cacheMem;
+
+    /* Fix pointers in our private copy of cache descriptor to point to
+    ** spaces in shared memory
+    */
+    cache->sidCacheLocks = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks);
+    cache->keyCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->keyCacheLock);
+    cache->certCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->certCacheLock);
+    cache->srvNameCacheLock = (sidCacheLock *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
+    cache->sidCacheSets = (sidCacheSet *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheSets);
+    cache->sidCacheData = (sidCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->sidCacheData);
+    cache->certCacheData = (certCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->certCacheData);
+    cache->keyCacheData = (SSLWrappedSymWrappingKey *)(cache->cacheMem + (ptrdiff_t)cache->keyCacheData);
+    cache->ticketKeyNameSuffix = (PRUint8 *)(cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
+    cache->ticketEncKey = (encKeyCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->ticketEncKey);
+    cache->ticketMacKey = (encKeyCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->ticketMacKey);
+    cache->ticketKeysValid = (PRUint32 *)(cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid);
+    cache->srvNameCacheData = (srvNameCacheEntry *)(cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData);
+
+    /* initialize the locks */
+    init_time = ssl_Time();
+    pLock = cache->sidCacheLocks;
+    for (locks_to_initialize = cache->numSIDCacheLocks + 3;
+         locks_initialized < locks_to_initialize;
+         ++locks_initialized, ++pLock) {
+
+        SECStatus err = sslMutex_Init(&pLock->mutex, shared);
+        if (err) {
+            cache->numSIDCacheLocksInitialized = locks_initialized;
+            goto loser;
+        }
+        pLock->timeStamp = init_time;
+        pLock->pid = 0;
+    }
+    cache->numSIDCacheLocksInitialized = locks_initialized;
+
+    return SECSuccess;
+
+loser:
+    CloseCache(cache);
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+}
+
+PRUint32
+SSL_GetMaxServerCacheLocks(void)
+{
+    return ssl_max_sid_cache_locks + 2;
+    /* The extra two are the cert cache lock and the key cache lock. */
+}
+
+SECStatus
+SSL_SetMaxServerCacheLocks(PRUint32 maxLocks)
+{
+    /* Minimum is 1 sid cache lock, 1 cert cache lock and 1 key cache lock.
+    ** We'd like to test for a maximum value, but not all platforms' header
+    ** files provide a symbol or function or other means of determining
+    ** the maximum, other than trial and error.
+    */
+    if (maxLocks < 3) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    ssl_max_sid_cache_locks = maxLocks - 2;
+    /* The extra two are the cert cache lock and the key cache lock. */
+    return SECSuccess;
+}
+
+static SECStatus
+ssl_ConfigServerSessionIDCacheInstanceWithOpt(cacheDesc *cache,
+                                              PRUint32 ssl3_timeout,
+                                              const char *directory,
+                                              PRBool shared,
+                                              int maxCacheEntries,
+                                              int maxCertCacheEntries,
+                                              int maxSrvNameCacheEntries)
+{
+    SECStatus rv;
+
+    PORT_Assert(sizeof(sidCacheEntry) == 192);
+    PORT_Assert(sizeof(certCacheEntry) == 4096);
+    PORT_Assert(sizeof(srvNameCacheEntry) == 1072);
+
+    rv = ssl_Init();
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    myPid = SSL_GETPID();
+    if (!directory) {
+        directory = DEFAULT_CACHE_DIRECTORY;
+    }
+    rv = InitCache(cache, maxCacheEntries, maxCertCacheEntries,
+                   maxSrvNameCacheEntries, ssl3_timeout, directory, shared);
+    if (rv) {
+        return SECFailure;
+    }
+
+    ssl_sid_lookup = ServerSessionIDLookup;
+    ssl_sid_cache = ServerSessionIDCache;
+    ssl_sid_uncache = ServerSessionIDUncache;
+    return SECSuccess;
+}
+
+SECStatus
+SSL_ConfigServerSessionIDCacheInstance(cacheDesc *cache,
+                                       int maxCacheEntries,
+                                       PRUint32 ssl2_timeout,
+                                       PRUint32 ssl3_timeout,
+                                       const char *directory, PRBool shared)
+{
+    return ssl_ConfigServerSessionIDCacheInstanceWithOpt(cache,
+                                                         ssl3_timeout,
+                                                         directory,
+                                                         shared,
+                                                         maxCacheEntries,
+                                                         -1, -1);
+}
+
+SECStatus
+SSL_ConfigServerSessionIDCache(int maxCacheEntries,
+                               PRUint32 ssl2_timeout,
+                               PRUint32 ssl3_timeout,
+                               const char *directory)
+{
+    ssl_InitSessionCacheLocks(PR_FALSE);
+    return SSL_ConfigServerSessionIDCacheInstance(&globalCache,
+                                                  maxCacheEntries, ssl2_timeout, ssl3_timeout, directory, PR_FALSE);
+}
+
+SECStatus
+SSL_ShutdownServerSessionIDCacheInstance(cacheDesc *cache)
+{
+    CloseCache(cache);
+    return SECSuccess;
+}
+
+SECStatus
+SSL_ShutdownServerSessionIDCache(void)
+{
+#if defined(XP_UNIX) || defined(XP_BEOS)
+    /* Stop the thread that polls cache for expired locks on Unix */
+    StopLockPoller(&globalCache);
+#endif
+    SSL3_ShutdownServerCache();
+    return SSL_ShutdownServerSessionIDCacheInstance(&globalCache);
+}
+
+/* Use this function, instead of SSL_ConfigServerSessionIDCache,
+ * if the cache will be shared by multiple processes.
+ */
+static SECStatus
+ssl_ConfigMPServerSIDCacheWithOpt(PRUint32 ssl3_timeout,
+                                  const char *directory,
+                                  int maxCacheEntries,
+                                  int maxCertCacheEntries,
+                                  int maxSrvNameCacheEntries)
+{
+    char *envValue;
+    char *inhValue;
+    cacheDesc *cache = &globalCache;
+    PRUint32 fmStrLen;
+    SECStatus result;
+    PRStatus prStatus;
+    SECStatus putEnvFailed;
+    inheritance inherit;
+    char fmString[PR_FILEMAP_STRING_BUFSIZE];
+
+    isMultiProcess = PR_TRUE;
+    result = ssl_ConfigServerSessionIDCacheInstanceWithOpt(cache,
+                                                           ssl3_timeout, directory, PR_TRUE,
+                                                           maxCacheEntries, maxCacheEntries, maxSrvNameCacheEntries);
+    if (result != SECSuccess)
+        return result;
+
+    prStatus = PR_ExportFileMapAsString(cache->cacheMemMap,
+                                        sizeof fmString, fmString);
+    if ((prStatus != PR_SUCCESS) || !(fmStrLen = strlen(fmString))) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    inherit.cacheMemSize = cache->cacheMemSize;
+    inherit.fmStrLen = fmStrLen;
+
+    inhValue = BTOA_DataToAscii((unsigned char *)&inherit, sizeof inherit);
+    if (!inhValue || !strlen(inhValue)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    envValue = PR_smprintf("%s,%s", inhValue, fmString);
+    if (!envValue || !strlen(envValue)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    PORT_Free(inhValue);
+
+    putEnvFailed = (SECStatus)NSS_PutEnv(envVarName, envValue);
+    PR_smprintf_free(envValue);
+    if (putEnvFailed) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        result = SECFailure;
+    }
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+    /* Launch thread to poll cache for expired locks on Unix */
+    LaunchLockPoller(cache);
+#endif
+    return result;
+}
+
+/* Use this function, instead of SSL_ConfigServerSessionIDCache,
+ * if the cache will be shared by multiple processes.
+ */
+SECStatus
+SSL_ConfigMPServerSIDCache(int maxCacheEntries,
+                           PRUint32 ssl2_timeout,
+                           PRUint32 ssl3_timeout,
+                           const char *directory)
+{
+    return ssl_ConfigMPServerSIDCacheWithOpt(ssl3_timeout,
+                                             directory,
+                                             maxCacheEntries,
+                                             -1, -1);
+}
+
+SECStatus
+SSL_ConfigServerSessionIDCacheWithOpt(
+    PRUint32 ssl2_timeout,
+    PRUint32 ssl3_timeout,
+    const char *directory,
+    int maxCacheEntries,
+    int maxCertCacheEntries,
+    int maxSrvNameCacheEntries,
+    PRBool enableMPCache)
+{
+    if (!enableMPCache) {
+        ssl_InitSessionCacheLocks(PR_FALSE);
+        return ssl_ConfigServerSessionIDCacheInstanceWithOpt(&globalCache,
+                                                             ssl3_timeout, directory, PR_FALSE,
+                                                             maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
+    } else {
+        return ssl_ConfigMPServerSIDCacheWithOpt(ssl3_timeout, directory,
+                                                 maxCacheEntries, maxCertCacheEntries, maxSrvNameCacheEntries);
+    }
+}
+
+SECStatus
+SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char *envString)
+{
+    unsigned char *decoString = NULL;
+    char *fmString = NULL;
+    char *myEnvString = NULL;
+    unsigned int decoLen;
+    inheritance inherit;
+    cacheDesc my;
+#ifdef WINNT
+    sidCacheLock *newLocks;
+    int locks_initialized = 0;
+    int locks_to_initialize = 0;
+#endif
+    SECStatus status = ssl_Init();
+
+    if (status != SECSuccess) {
+        return status;
+    }
+
+    myPid = SSL_GETPID();
+
+    /* If this child was created by fork(), and not by exec() on unix,
+    ** then isMultiProcess will already be set.
+    ** If not, we'll set it below.
+    */
+    if (isMultiProcess) {
+        if (cache && cache->sharedCache) {
+            cache->sharedCache->everInherited = PR_TRUE;
+        }
+        return SECSuccess; /* already done. */
+    }
+
+    ssl_InitSessionCacheLocks(PR_FALSE);
+
+    ssl_sid_lookup = ServerSessionIDLookup;
+    ssl_sid_cache = ServerSessionIDCache;
+    ssl_sid_uncache = ServerSessionIDUncache;
+
+    if (!envString) {
+        envString = PR_GetEnvSecure(envVarName);
+        if (!envString) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+    }
+    myEnvString = PORT_Strdup(envString);
+    if (!myEnvString)
+        return SECFailure;
+    fmString = strchr(myEnvString, ',');
+    if (!fmString)
+        goto loser;
+    *fmString++ = 0;
+
+    decoString = ATOB_AsciiToData(myEnvString, &decoLen);
+    if (!decoString) {
+        goto loser;
+    }
+    if (decoLen != sizeof inherit) {
+        goto loser;
+    }
+
+    PORT_Memcpy(&inherit, decoString, sizeof inherit);
+
+    if (strlen(fmString) != inherit.fmStrLen) {
+        goto loser;
+    }
+
+    memset(cache, 0, sizeof *cache);
+    cache->cacheMemSize = inherit.cacheMemSize;
+
+    /* Create cache */
+    cache->cacheMemMap = PR_ImportFileMapFromString(fmString);
+    if (!cache->cacheMemMap) {
+        goto loser;
+    }
+    cache->cacheMem = PR_MemMap(cache->cacheMemMap, 0, cache->cacheMemSize);
+    if (!cache->cacheMem) {
+        goto loser;
+    }
+    cache->sharedCache = (cacheDesc *)cache->cacheMem;
+
+    if (cache->sharedCache->cacheMemSize != cache->cacheMemSize) {
+        goto loser;
+    }
+
+    /* We're now going to overwrite the local cache instance with the
+    ** shared copy of the cache struct, then update several values in
+    ** the local cache using the values for cache->cacheMemMap and
+    ** cache->cacheMem computed just above.  So, we copy cache into
+    ** the automatic variable "my", to preserve the variables while
+    ** cache is overwritten.
+    */
+    my = *cache;                                      /* save values computed above. */
+    memcpy(cache, cache->sharedCache, sizeof *cache); /* overwrite */
+
+    /* Fix pointers in our private copy of cache descriptor to point to
+    ** spaces in shared memory, whose address is now in "my".
+    */
+    cache->sidCacheLocks = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->sidCacheLocks);
+    cache->keyCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->keyCacheLock);
+    cache->certCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->certCacheLock);
+    cache->srvNameCacheLock = (sidCacheLock *)(my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock);
+    cache->sidCacheSets = (sidCacheSet *)(my.cacheMem + (ptrdiff_t)cache->sidCacheSets);
+    cache->sidCacheData = (sidCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->sidCacheData);
+    cache->certCacheData = (certCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->certCacheData);
+    cache->keyCacheData = (SSLWrappedSymWrappingKey *)(my.cacheMem + (ptrdiff_t)cache->keyCacheData);
+    cache->ticketKeyNameSuffix = (PRUint8 *)(my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix);
+    cache->ticketEncKey = (encKeyCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->ticketEncKey);
+    cache->ticketMacKey = (encKeyCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->ticketMacKey);
+    cache->ticketKeysValid = (PRUint32 *)(my.cacheMem + (ptrdiff_t)cache->ticketKeysValid);
+    cache->srvNameCacheData = (srvNameCacheEntry *)(my.cacheMem + (ptrdiff_t)cache->srvNameCacheData);
+
+    cache->cacheMemMap = my.cacheMemMap;
+    cache->cacheMem = my.cacheMem;
+    cache->sharedCache = (cacheDesc *)cache->cacheMem;
+
+#ifdef WINNT
+    /*  On Windows NT we need to "fix" the sidCacheLocks here to support fibers
+    **  When NT fibers are used in a multi-process server, a second level of
+    **  locking is needed to prevent a deadlock, in case a fiber acquires the
+    **  cross-process mutex, yields, and another fiber is later scheduled on
+    **  the same native thread and tries to acquire the cross-process mutex.
+    **  We do this by using a PRLock in the sslMutex. However, it is stored in
+    **  shared memory as part of sidCacheLocks, and we don't want to overwrite
+    **  the PRLock of the parent process. So we need to make new, private
+    **  copies of sidCacheLocks before modifying the sslMutex with our own
+    **  PRLock
+    */
+
+    /* note from jpierre : this should be free'd in child processes when
+    ** a function is added to delete the SSL session cache in the future.
+    */
+    locks_to_initialize = cache->numSIDCacheLocks + 3;
+    newLocks = PORT_NewArray(sidCacheLock, locks_to_initialize);
+    if (!newLocks)
+        goto loser;
+    /* copy the old locks */
+    memcpy(newLocks, cache->sidCacheLocks,
+           locks_to_initialize * sizeof(sidCacheLock));
+    cache->sidCacheLocks = newLocks;
+    /* fix the locks */
+    for (; locks_initialized < locks_to_initialize; ++locks_initialized) {
+        /* now, make a local PRLock in this sslMutex for this child process */
+        SECStatus err;
+        err = sslMutex_2LevelInit(&newLocks[locks_initialized].mutex);
+        if (err != SECSuccess) {
+            cache->numSIDCacheLocksInitialized = locks_initialized;
+            goto loser;
+        }
+    }
+    cache->numSIDCacheLocksInitialized = locks_initialized;
+
+    /* also fix the key and cert cache which use the last 2 lock entries */
+    cache->keyCacheLock = cache->sidCacheLocks + cache->numSIDCacheLocks;
+    cache->certCacheLock = cache->keyCacheLock + 1;
+    cache->srvNameCacheLock = cache->certCacheLock + 1;
+#endif
+
+    PORT_Free(myEnvString);
+    PORT_Free(decoString);
+
+    /* mark that we have inherited this. */
+    cache->sharedCache->everInherited = PR_TRUE;
+    isMultiProcess = PR_TRUE;
+
+    return SECSuccess;
+
+loser:
+    PORT_Free(myEnvString);
+    if (decoString)
+        PORT_Free(decoString);
+    CloseCache(cache);
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+}
+
+SECStatus
+SSL_InheritMPServerSIDCache(const char *envString)
+{
+    return SSL_InheritMPServerSIDCacheInstance(&globalCache, envString);
+}
+
+#if defined(XP_UNIX) || defined(XP_BEOS)
+
+#define SID_LOCK_EXPIRATION_TIMEOUT 30 /* seconds */
+
+static void
+LockPoller(void *arg)
+{
+    cacheDesc *cache = (cacheDesc *)arg;
+    cacheDesc *sharedCache = cache->sharedCache;
+    sidCacheLock *pLock;
+    PRIntervalTime timeout;
+    PRUint32 now;
+    PRUint32 then;
+    int locks_polled = 0;
+    int locks_to_poll = cache->numSIDCacheLocks + 2;
+    PRUint32 expiration = cache->mutexTimeout;
+
+    timeout = PR_SecondsToInterval(expiration);
+    while (!sharedCache->stopPolling) {
+        PR_Sleep(timeout);
+        if (sharedCache->stopPolling)
+            break;
+
+        now = ssl_Time();
+        then = now - expiration;
+        for (pLock = cache->sidCacheLocks, locks_polled = 0;
+             locks_to_poll > locks_polled && !sharedCache->stopPolling;
+             ++locks_polled, ++pLock) {
+            pid_t pid;
+
+            if (pLock->timeStamp < then &&
+                pLock->timeStamp != 0 &&
+                (pid = pLock->pid) != 0) {
+
+                /* maybe we should try the lock? */
+                int result = kill(pid, 0);
+                if (result < 0 && errno == ESRCH) {
+                    SECStatus rv;
+                    /* No process exists by that pid any more.
+                    ** Treat this mutex as abandoned.
+                    */
+                    pLock->timeStamp = now;
+                    pLock->pid = 0;
+                    rv = sslMutex_Unlock(&pLock->mutex);
+                    if (rv != SECSuccess) {
+                        /* Now what? */
+                    }
+                }
+            }
+        } /* end of loop over locks */
+    }     /* end of entire polling loop */
+}
+
+/* Launch thread to poll cache for expired locks */
+static SECStatus
+LaunchLockPoller(cacheDesc *cache)
+{
+    const char *timeoutString;
+    PRThread *pollerThread;
+
+    cache->mutexTimeout = SID_LOCK_EXPIRATION_TIMEOUT;
+    timeoutString = PR_GetEnvSecure("NSS_SSL_SERVER_CACHE_MUTEX_TIMEOUT");
+    if (timeoutString) {
+        long newTime = strtol(timeoutString, 0, 0);
+        if (newTime == 0)
+            return SECSuccess; /* application doesn't want poller thread */
+        if (newTime > 0)
+            cache->mutexTimeout = (PRUint32)newTime;
+        /* if error (newTime < 0) ignore it and use default */
+    }
+
+    pollerThread =
+        PR_CreateThread(PR_USER_THREAD, LockPoller, cache, PR_PRIORITY_NORMAL,
+                        PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
+    if (!pollerThread) {
+        return SECFailure;
+    }
+    cache->poller = pollerThread;
+    return SECSuccess;
+}
+
+/* Stop the thread that polls cache for expired locks */
+static SECStatus
+StopLockPoller(cacheDesc *cache)
+{
+    if (!cache->poller) {
+        return SECSuccess;
+    }
+    cache->sharedCache->stopPolling = PR_TRUE;
+    if (PR_Interrupt(cache->poller) != PR_SUCCESS) {
+        return SECFailure;
+    }
+    if (PR_JoinThread(cache->poller) != PR_SUCCESS) {
+        return SECFailure;
+    }
+    cache->poller = NULL;
+    return SECSuccess;
+}
+#endif
+
+/************************************************************************
+ *  Code dealing with shared wrapped symmetric wrapping keys below      *
+ ************************************************************************/
+
+/* The asymmetric key we use for wrapping the symmetric ticket keys. This is a
+ * global structure that can be initialized without a socket. Access is
+ * synchronized on the reader-writer lock. This is setup either by calling
+ * SSL_SetSessionTicketKeyPair() or by configuring a certificate of the
+ * ssl_auth_rsa_decrypt type. */
+static struct {
+    PRCallOnceType setup;
+    PRRWLock *lock;
+    SECKEYPublicKey *pubKey;
+    SECKEYPrivateKey *privKey;
+    PRBool configured;
+} ssl_session_ticket_key_pair;
+
+/* The symmetric ticket keys. This requires a socket to construct and requires
+ * that the global structure be initialized before use. */
+static struct {
+    PRCallOnceType setup;
+    unsigned char keyName[SESS_TICKET_KEY_NAME_LEN];
+    PK11SymKey *encKey;
+    PK11SymKey *macKey;
+} ssl_session_ticket_keys;
+
+static void
+ssl_CleanupSessionTicketKeyPair()
+{
+    if (ssl_session_ticket_key_pair.pubKey) {
+        PORT_Assert(ssl_session_ticket_key_pair.privKey);
+        SECKEY_DestroyPublicKey(ssl_session_ticket_key_pair.pubKey);
+        SECKEY_DestroyPrivateKey(ssl_session_ticket_key_pair.privKey);
+    }
+}
+
+void
+ssl_ResetSessionTicketKeys()
+{
+    if (ssl_session_ticket_keys.encKey) {
+        PORT_Assert(ssl_session_ticket_keys.macKey);
+        PK11_FreeSymKey(ssl_session_ticket_keys.encKey);
+        PK11_FreeSymKey(ssl_session_ticket_keys.macKey);
+    }
+    PORT_Memset(&ssl_session_ticket_keys, 0,
+                sizeof(ssl_session_ticket_keys));
+}
+
+static SECStatus
+ssl_SessionTicketShutdown(void *appData, void *nssData)
+{
+    ssl_CleanupSessionTicketKeyPair();
+    PR_DestroyRWLock(ssl_session_ticket_key_pair.lock);
+    PORT_Memset(&ssl_session_ticket_key_pair, 0,
+                sizeof(ssl_session_ticket_key_pair));
+
+    ssl_ResetSessionTicketKeys();
+    return SECSuccess;
+}
+
+static PRStatus
+ssl_SessionTicketSetup(void)
+{
+    SECStatus rv = NSS_RegisterShutdown(ssl_SessionTicketShutdown, NULL);
+    if (rv != SECSuccess) {
+        return PR_FAILURE;
+    }
+    ssl_session_ticket_key_pair.lock = PR_NewRWLock(PR_RWLOCK_RANK_NONE, NULL);
+    if (!ssl_session_ticket_key_pair.lock) {
+        return PR_FAILURE;
+    }
+    return PR_SUCCESS;
+}
+
+/* Configure a session ticket key pair.  |explicitConfig| is set to true for
+ * calls to SSL_SetSessionTicketKeyPair(), false for implicit configuration.
+ * This assumes that the setup has been run. */
+static SECStatus
+ssl_SetSessionTicketKeyPair(SECKEYPublicKey *pubKey,
+                            SECKEYPrivateKey *privKey,
+                            PRBool explicitConfig)
+{
+    SECKEYPublicKey *pubKeyCopy;
+    SECKEYPrivateKey *privKeyCopy;
+
+    PORT_Assert(ssl_session_ticket_key_pair.lock);
+
+    pubKeyCopy = SECKEY_CopyPublicKey(pubKey);
+    if (!pubKeyCopy) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    privKeyCopy = SECKEY_CopyPrivateKey(privKey);
+    if (!privKeyCopy) {
+        SECKEY_DestroyPublicKey(pubKeyCopy);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    PR_RWLock_Wlock(ssl_session_ticket_key_pair.lock);
+    ssl_CleanupSessionTicketKeyPair();
+    ssl_session_ticket_key_pair.pubKey = pubKeyCopy;
+    ssl_session_ticket_key_pair.privKey = privKeyCopy;
+    ssl_session_ticket_key_pair.configured = explicitConfig;
+    PR_RWLock_Unlock(ssl_session_ticket_key_pair.lock);
+    return SECSuccess;
+}
+
+SECStatus
+SSL_SetSessionTicketKeyPair(SECKEYPublicKey *pubKey,
+                            SECKEYPrivateKey *privKey)
+{
+    if (SECKEY_GetPublicKeyType(pubKey) != rsaKey ||
+        SECKEY_GetPrivateKeyType(privKey) != rsaKey) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (PR_SUCCESS != PR_CallOnce(&ssl_session_ticket_key_pair.setup,
+                                  &ssl_SessionTicketSetup)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    return ssl_SetSessionTicketKeyPair(pubKey, privKey, PR_TRUE);
+}
+
+/* When configuring a server cert, we should save the RSA key in case it is
+ * needed for ticket encryption. This saves the latest copy, unless there has
+ * been an explicit call to SSL_SetSessionTicketKeyPair(). */
+SECStatus
+ssl_MaybeSetSessionTicketKeyPair(const sslKeyPair *keyPair)
+{
+    PRBool configured;
+
+    if (PR_SUCCESS != PR_CallOnce(&ssl_session_ticket_key_pair.setup,
+                                  &ssl_SessionTicketSetup)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    PR_RWLock_Rlock(ssl_session_ticket_key_pair.lock);
+    configured = ssl_session_ticket_key_pair.configured;
+    PR_RWLock_Unlock(ssl_session_ticket_key_pair.lock);
+    if (configured) {
+        return SECSuccess;
+    }
+    return ssl_SetSessionTicketKeyPair(keyPair->pubKey,
+                                       keyPair->privKey, PR_FALSE);
+}
+
+static SECStatus
+ssl_GetSessionTicketKeyPair(SECKEYPublicKey **pubKey,
+                            SECKEYPrivateKey **privKey)
+{
+    if (PR_SUCCESS != PR_CallOnce(&ssl_session_ticket_key_pair.setup,
+                                  &ssl_SessionTicketSetup)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    PR_RWLock_Rlock(ssl_session_ticket_key_pair.lock);
+    *pubKey = ssl_session_ticket_key_pair.pubKey;
+    *privKey = ssl_session_ticket_key_pair.privKey;
+    PR_RWLock_Unlock(ssl_session_ticket_key_pair.lock);
+    if (!*pubKey) {
+        PORT_Assert(!*privKey);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    PORT_Assert(*privKey);
+    return SECSuccess;
+}
+
+static PRBool
+ssl_GenerateSessionTicketKeys(void *pwArg, unsigned char *keyName,
+                              PK11SymKey **aesKey, PK11SymKey **macKey);
+
+static PRStatus
+ssl_GenerateSessionTicketKeysOnce(void *arg)
+{
+    SECStatus rv;
+
+    /* Get a copy of the session keys from shared memory. */
+    PORT_Memcpy(ssl_session_ticket_keys.keyName,
+                SESS_TICKET_KEY_NAME_PREFIX,
+                sizeof(SESS_TICKET_KEY_NAME_PREFIX));
+    /* This function calls ssl_GetSessionTicketKeyPair(), which initializes the
+     * key pair stuff.  That allows this to use the same shutdown function. */
+    rv = ssl_GenerateSessionTicketKeys(arg, ssl_session_ticket_keys.keyName,
+                                       &ssl_session_ticket_keys.encKey,
+                                       &ssl_session_ticket_keys.macKey);
+    if (rv != SECSuccess) {
+        return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+
+SECStatus
+ssl_GetSessionTicketKeys(sslSocket *ss, unsigned char *keyName,
+                         PK11SymKey **encKey, PK11SymKey **macKey)
+{
+    if (PR_SUCCESS != PR_CallOnceWithArg(&ssl_session_ticket_keys.setup,
+                                         &ssl_GenerateSessionTicketKeysOnce,
+                                         ss->pkcs11PinArg)) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    if (!ssl_session_ticket_keys.encKey || !ssl_session_ticket_keys.macKey) {
+        return SECFailure;
+    }
+
+    PORT_Memcpy(keyName, ssl_session_ticket_keys.keyName,
+                sizeof(ssl_session_ticket_keys.keyName));
+    *encKey = ssl_session_ticket_keys.encKey;
+    *macKey = ssl_session_ticket_keys.macKey;
+    return SECSuccess;
+}
+
+/* If lockTime is zero, it implies that the lock is not held, and must be
+ * aquired here.
+ */
+static SECStatus
+getSvrWrappingKey(unsigned int symWrapMechIndex,
+                  unsigned int wrapKeyIndex,
+                  SSLWrappedSymWrappingKey *wswk,
+                  cacheDesc *cache,
+                  PRUint32 lockTime)
+{
+    PRUint32 ndx = (wrapKeyIndex * SSL_NUM_WRAP_MECHS) + symWrapMechIndex;
+    SSLWrappedSymWrappingKey *pwswk = cache->keyCacheData + ndx;
+    PRUint32 now = 0;
+    PRBool rv = SECFailure;
+
+    if (!cache->cacheMem) { /* cache is uninitialized */
+        PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED);
+        return SECFailure;
+    }
+    if (!lockTime) {
+        now = LockSidCacheLock(cache->keyCacheLock, 0);
+        if (!now) {
+            return SECFailure;
+        }
+    }
+    if (pwswk->wrapKeyIndex == wrapKeyIndex &&
+        pwswk->wrapMechIndex == symWrapMechIndex &&
+        pwswk->wrappedSymKeyLen != 0) {
+        *wswk = *pwswk;
+        rv = SECSuccess;
+    }
+    if (now) {
+        UnlockSidCacheLock(cache->keyCacheLock);
+    }
+    return rv;
+}
+
+SECStatus
+ssl_GetWrappingKey(unsigned int wrapMechIndex,
+                   unsigned int wrapKeyIndex,
+                   SSLWrappedSymWrappingKey *wswk)
+{
+    PORT_Assert(wrapMechIndex < SSL_NUM_WRAP_MECHS);
+    PORT_Assert(wrapKeyIndex < SSL_NUM_WRAP_KEYS);
+    if (wrapMechIndex >= SSL_NUM_WRAP_MECHS ||
+        wrapKeyIndex >= SSL_NUM_WRAP_KEYS) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    return getSvrWrappingKey(wrapMechIndex, wrapKeyIndex, wswk,
+                             &globalCache, 0);
+}
+
+/* Wrap and cache a session ticket key. */
+static SECStatus
+WrapTicketKey(SECKEYPublicKey *svrPubKey, PK11SymKey *symKey,
+              const char *keyName, encKeyCacheEntry *cacheEntry)
+{
+    SECItem wrappedKey = { siBuffer, NULL, 0 };
+
+    wrappedKey.len = SECKEY_PublicKeyStrength(svrPubKey);
+    PORT_Assert(wrappedKey.len <= sizeof(cacheEntry->bytes));
+    if (wrappedKey.len > sizeof(cacheEntry->bytes))
+        return PR_FALSE;
+    wrappedKey.data = cacheEntry->bytes;
+
+    if (PK11_PubWrapSymKey(CKM_RSA_PKCS, svrPubKey, symKey, &wrappedKey) !=
+        SECSuccess) {
+        SSL_DBG(("%d: SSL[%s]: Unable to wrap session ticket %s.",
+                 SSL_GETPID(), "unknown", keyName));
+        return SECFailure;
+    }
+    cacheEntry->length = wrappedKey.len;
+    return SECSuccess;
+}
+
+static SECStatus
+GenerateTicketKeys(void *pwArg, unsigned char *keyName, PK11SymKey **aesKey,
+                   PK11SymKey **macKey)
+{
+    PK11SlotInfo *slot;
+    CK_MECHANISM_TYPE mechanismArray[2];
+    PK11SymKey *aesKeyTmp = NULL;
+    PK11SymKey *macKeyTmp = NULL;
+    cacheDesc *cache = &globalCache;
+    PRUint8 ticketKeyNameSuffixLocal[SESS_TICKET_KEY_VAR_NAME_LEN];
+    PRUint8 *ticketKeyNameSuffix;
+
+    if (!cache->cacheMem) {
+        /* cache is not initalized. Use stack buffer */
+        ticketKeyNameSuffix = ticketKeyNameSuffixLocal;
+    } else {
+        ticketKeyNameSuffix = cache->ticketKeyNameSuffix;
+    }
+
+    if (PK11_GenerateRandom(ticketKeyNameSuffix,
+                            SESS_TICKET_KEY_VAR_NAME_LEN) !=
+        SECSuccess) {
+        SSL_DBG(("%d: SSL[%s]: Unable to generate random key name bytes.",
+                 SSL_GETPID(), "unknown"));
+        return SECFailure;
+    }
+
+    mechanismArray[0] = CKM_AES_CBC;
+    mechanismArray[1] = CKM_SHA256_HMAC;
+
+    slot = PK11_GetBestSlotMultiple(mechanismArray, 2, pwArg);
+    if (slot) {
+        aesKeyTmp = PK11_KeyGen(slot, mechanismArray[0], NULL,
+                                AES_256_KEY_LENGTH, pwArg);
+        macKeyTmp = PK11_KeyGen(slot, mechanismArray[1], NULL,
+                                SHA256_LENGTH, pwArg);
+        PK11_FreeSlot(slot);
+    }
+
+    if (aesKeyTmp == NULL || macKeyTmp == NULL) {
+        SSL_DBG(("%d: SSL[%s]: Unable to generate session ticket keys.",
+                 SSL_GETPID(), "unknown"));
+        goto loser;
+    }
+    PORT_Memcpy(keyName, ticketKeyNameSuffix, SESS_TICKET_KEY_VAR_NAME_LEN);
+    *aesKey = aesKeyTmp;
+    *macKey = macKeyTmp;
+    return SECSuccess;
+
+loser:
+    if (aesKeyTmp)
+        PK11_FreeSymKey(aesKeyTmp);
+    if (macKeyTmp)
+        PK11_FreeSymKey(macKeyTmp);
+    return SECFailure;
+}
+
+static SECStatus
+GenerateAndWrapTicketKeys(SECKEYPublicKey *svrPubKey, void *pwArg,
+                          unsigned char *keyName, PK11SymKey **aesKey,
+                          PK11SymKey **macKey)
+{
+    PK11SymKey *aesKeyTmp = NULL;
+    PK11SymKey *macKeyTmp = NULL;
+    cacheDesc *cache = &globalCache;
+    SECStatus rv;
+
+    rv = GenerateTicketKeys(pwArg, keyName, &aesKeyTmp, &macKeyTmp);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    if (cache->cacheMem) {
+        /* Export the keys to the shared cache in wrapped form. */
+        rv = WrapTicketKey(svrPubKey, aesKeyTmp, "enc key", cache->ticketEncKey);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+        rv = WrapTicketKey(svrPubKey, macKeyTmp, "mac key", cache->ticketMacKey);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    *aesKey = aesKeyTmp;
+    *macKey = macKeyTmp;
+    return SECSuccess;
+
+loser:
+    PK11_FreeSymKey(aesKeyTmp);
+    PK11_FreeSymKey(macKeyTmp);
+    return SECFailure;
+}
+
+static SECStatus
+UnwrapCachedTicketKeys(SECKEYPrivateKey *svrPrivKey, unsigned char *keyName,
+                       PK11SymKey **aesKey, PK11SymKey **macKey)
+{
+    SECItem wrappedKey = { siBuffer, NULL, 0 };
+    PK11SymKey *aesKeyTmp = NULL;
+    PK11SymKey *macKeyTmp = NULL;
+    cacheDesc *cache = &globalCache;
+
+    wrappedKey.data = cache->ticketEncKey->bytes;
+    wrappedKey.len = cache->ticketEncKey->length;
+    PORT_Assert(wrappedKey.len <= sizeof(cache->ticketEncKey->bytes));
+    aesKeyTmp = PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
+                                     CKM_AES_CBC, CKA_DECRYPT, 0);
+
+    wrappedKey.data = cache->ticketMacKey->bytes;
+    wrappedKey.len = cache->ticketMacKey->length;
+    PORT_Assert(wrappedKey.len <= sizeof(cache->ticketMacKey->bytes));
+    macKeyTmp = PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
+                                     CKM_SHA256_HMAC, CKA_SIGN, 0);
+
+    if (aesKeyTmp == NULL || macKeyTmp == NULL) {
+        SSL_DBG(("%d: SSL[%s]: Unable to unwrap session ticket keys.",
+                 SSL_GETPID(), "unknown"));
+        goto loser;
+    }
+    SSL_DBG(("%d: SSL[%s]: Successfully unwrapped session ticket keys.",
+             SSL_GETPID(), "unknown"));
+
+    PORT_Memcpy(keyName, cache->ticketKeyNameSuffix,
+                SESS_TICKET_KEY_VAR_NAME_LEN);
+    *aesKey = aesKeyTmp;
+    *macKey = macKeyTmp;
+    return SECSuccess;
+
+loser:
+    if (aesKeyTmp)
+        PK11_FreeSymKey(aesKeyTmp);
+    if (macKeyTmp)
+        PK11_FreeSymKey(macKeyTmp);
+    return SECFailure;
+}
+
+static SECStatus
+ssl_GenerateSessionTicketKeys(void *pwArg, unsigned char *keyName,
+                              PK11SymKey **encKey, PK11SymKey **macKey)
+{
+    SECKEYPrivateKey *svrPrivKey;
+    SECKEYPublicKey *svrPubKey;
+    PRUint32 now;
+    SECStatus rv;
+    cacheDesc *cache = &globalCache;
+
+    rv = ssl_GetSessionTicketKeyPair(&svrPubKey, &svrPrivKey);
+    if (rv != SECSuccess || !cache->cacheMem) {
+        /* No key pair for wrapping, or the cache is uninitialized. Generate
+         * keys and return them without caching. */
+        return GenerateTicketKeys(pwArg, keyName, encKey, macKey);
+    }
+
+    now = LockSidCacheLock(cache->keyCacheLock, 0);
+    if (!now)
+        return SECFailure;
+
+    if (*(cache->ticketKeysValid)) {
+        rv = UnwrapCachedTicketKeys(svrPrivKey, keyName, encKey, macKey);
+    } else {
+        /* Keys do not exist, create them. */
+        rv = GenerateAndWrapTicketKeys(svrPubKey, pwArg, keyName,
+                                       encKey, macKey);
+        if (rv == SECSuccess) {
+            *(cache->ticketKeysValid) = 1;
+        }
+    }
+    UnlockSidCacheLock(cache->keyCacheLock);
+    return rv;
+}
+
+/* The caller passes in the new value it wants
+ * to set.  This code tests the wrapped sym key entry in the shared memory.
+ * If it is uninitialized, this function writes the caller's value into
+ * the disk entry, and returns false.
+ * Otherwise, it overwrites the caller's wswk with the value obtained from
+ * the disk, and returns PR_TRUE.
+ * This is all done while holding the locks/mutexes necessary to make
+ * the operation atomic.
+ */
+SECStatus
+ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
+{
+    cacheDesc *cache = &globalCache;
+    PRBool rv = SECFailure;
+    PRUint32 ndx;
+    PRUint32 now;
+    SSLWrappedSymWrappingKey myWswk;
+
+    if (!cache->cacheMem) { /* cache is uninitialized */
+        PORT_SetError(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED);
+        return SECFailure;
+    }
+
+    PORT_Assert(wswk->wrapMechIndex < SSL_NUM_WRAP_MECHS);
+    PORT_Assert(wswk->wrapKeyIndex < SSL_NUM_WRAP_KEYS);
+    if (wswk->wrapMechIndex >= SSL_NUM_WRAP_MECHS ||
+        wswk->wrapKeyIndex >= SSL_NUM_WRAP_KEYS) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    ndx = (wswk->wrapKeyIndex * SSL_NUM_WRAP_MECHS) + wswk->wrapMechIndex;
+    PORT_Memset(&myWswk, 0, sizeof myWswk); /* eliminate UMRs. */
+
+    now = LockSidCacheLock(cache->keyCacheLock, 0);
+    if (!now) {
+        return SECFailure;
+    }
+    rv = getSvrWrappingKey(wswk->wrapMechIndex, wswk->wrapKeyIndex,
+                           &myWswk, cache, now);
+    if (rv == SECSuccess) {
+        /* we found it on disk, copy it out to the caller. */
+        PORT_Memcpy(wswk, &myWswk, sizeof *wswk);
+    } else {
+        /* Wasn't on disk, and we're still holding the lock, so write it. */
+        cache->keyCacheData[ndx] = *wswk;
+    }
+    UnlockSidCacheLock(cache->keyCacheLock);
+    return rv;
+}
+
+#else /* MAC version or other platform */
+
+#include "seccomon.h"
+#include "cert.h"
+#include "ssl.h"
+#include "sslimpl.h"
+
+SECStatus
+SSL_ConfigServerSessionIDCache(int maxCacheEntries,
+                               PRUint32 ssl2_timeout,
+                               PRUint32 ssl3_timeout,
+                               const char *directory)
+{
+    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigServerSessionIDCache)");
+    return SECFailure;
+}
+
+SECStatus
+SSL_ConfigMPServerSIDCache(int maxCacheEntries,
+                           PRUint32 ssl2_timeout,
+                           PRUint32 ssl3_timeout,
+                           const char *directory)
+{
+    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_ConfigMPServerSIDCache)");
+    return SECFailure;
+}
+
+SECStatus
+SSL_InheritMPServerSIDCache(const char *envString)
+{
+    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_InheritMPServerSIDCache)");
+    return SECFailure;
+}
+
+SECStatus
+ssl_GetWrappingKey(unsigned int wrapMechIndex,
+                   unsigned int wrapKeyIndex,
+                   SSLWrappedSymWrappingKey *wswk)
+{
+    PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_GetWrappingKey)");
+    return SECFailure;
+}
+
+/* This is a kind of test-and-set.  The caller passes in the new value it wants
+ * to set.  This code tests the wrapped sym key entry in the shared memory.
+ * If it is uninitialized, this function writes the caller's value into
+ * the disk entry, and returns false.
+ * Otherwise, it overwrites the caller's wswk with the value obtained from
+ * the disk, and returns PR_TRUE.
+ * This is all done while holding the locks/mutexes necessary to make
+ * the operation atomic.
+ */
+SECStatus
+ssl_SetWrappingKey(SSLWrappedSymWrappingKey *wswk)
+{
+    PR_ASSERT(!"SSL servers are not supported on this platform. (ssl_SetWrappingKey)");
+    return SECFailure;
+}
+
+PRUint32
+SSL_GetMaxServerCacheLocks(void)
+{
+    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_GetMaxServerCacheLocks)");
+    return -1;
+}
+
+SECStatus
+SSL_SetMaxServerCacheLocks(PRUint32 maxLocks)
+{
+    PR_ASSERT(!"SSL servers are not supported on this platform. (SSL_SetMaxServerCacheLocks)");
+    return SECFailure;
+}
+
+#endif /* XP_UNIX || XP_WIN32 */
diff --git a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
new file mode 100644
index 0000000..5aa498c
--- /dev/null
+++ b/nss/lib/ssl/sslsock.c
@@ -0,0 +1,3833 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * vtables (and methods that call through them) for the 4 types of
+ * SSLSockets supported.  Only one type is still supported.
+ * Various other functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "seccomon.h"
+#include "cert.h"
+#include "keyhi.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "nspr.h"
+#include "private/pprio.h"
+#include "nss.h"
+#include "pk11pqg.h"
+
+static const sslSocketOps ssl_default_ops = { /* No SSL. */
+                                              ssl_DefConnect,
+                                              NULL,
+                                              ssl_DefBind,
+                                              ssl_DefListen,
+                                              ssl_DefShutdown,
+                                              ssl_DefClose,
+                                              ssl_DefRecv,
+                                              ssl_DefSend,
+                                              ssl_DefRead,
+                                              ssl_DefWrite,
+                                              ssl_DefGetpeername,
+                                              ssl_DefGetsockname
+};
+
+static const sslSocketOps ssl_secure_ops = { /* SSL. */
+                                             ssl_SecureConnect,
+                                             NULL,
+                                             ssl_DefBind,
+                                             ssl_DefListen,
+                                             ssl_SecureShutdown,
+                                             ssl_SecureClose,
+                                             ssl_SecureRecv,
+                                             ssl_SecureSend,
+                                             ssl_SecureRead,
+                                             ssl_SecureWrite,
+                                             ssl_DefGetpeername,
+                                             ssl_DefGetsockname
+};
+
+/*
+** default settings for socket enables
+*/
+static sslOptions ssl_defaults = {
+    { siBuffer, NULL, 0 }, /* nextProtoNego */
+    PR_TRUE,               /* useSecurity        */
+    PR_FALSE,              /* useSocks           */
+    PR_FALSE,              /* requestCertificate */
+    2,                     /* requireCertificate */
+    PR_FALSE,              /* handshakeAsClient  */
+    PR_FALSE,              /* handshakeAsServer  */
+    PR_FALSE,              /* noCache            */
+    PR_FALSE,              /* fdx                */
+    PR_TRUE,               /* detectRollBack     */
+    PR_FALSE,              /* noLocks            */
+    PR_FALSE,              /* enableSessionTickets */
+    PR_FALSE,              /* enableDeflate      */
+    2,                     /* enableRenegotiation (default: requires extension) */
+    PR_FALSE,              /* requireSafeNegotiation */
+    PR_FALSE,              /* enableFalseStart   */
+    PR_TRUE,               /* cbcRandomIV        */
+    PR_FALSE,              /* enableOCSPStapling */
+    PR_FALSE,              /* enableNPN          */
+    PR_TRUE,               /* enableALPN         */
+    PR_TRUE,               /* reuseServerECDHEKey */
+    PR_FALSE,              /* enableFallbackSCSV */
+    PR_TRUE,               /* enableServerDhe */
+    PR_FALSE,              /* enableExtendedMS    */
+    PR_FALSE,              /* enableSignedCertTimestamps */
+    PR_FALSE,              /* requireDHENamedGroups */
+    PR_FALSE,              /* enable0RttData */
+#ifdef NSS_ENABLE_TLS13_SHORT_HEADERS
+    PR_TRUE, /* enableShortHeaders */
+#else
+    PR_FALSE, /* enableShortHeaders */
+#endif
+	PR_FALSE                /* enableTLSProof */ // TLS-N Extension
+};
+
+/*
+ * default range of enabled SSL/TLS protocols
+ */
+static SSLVersionRange versions_defaults_stream = {
+    SSL_LIBRARY_VERSION_TLS_1_0,
+    SSL_LIBRARY_VERSION_TLS_1_2
+};
+
+static SSLVersionRange versions_defaults_datagram = {
+    SSL_LIBRARY_VERSION_TLS_1_1,
+    SSL_LIBRARY_VERSION_TLS_1_2
+};
+
+#define VERSIONS_DEFAULTS(variant) \
+    (variant == ssl_variant_stream ? &versions_defaults_stream : &versions_defaults_datagram)
+#define VERSIONS_POLICY_MIN(variant) \
+    (variant == ssl_variant_stream ? NSS_TLS_VERSION_MIN_POLICY : NSS_DTLS_VERSION_MIN_POLICY)
+#define VERSIONS_POLICY_MAX(variant) \
+    (variant == ssl_variant_stream ? NSS_TLS_VERSION_MAX_POLICY : NSS_DTLS_VERSION_MAX_POLICY)
+
+sslSessionIDLookupFunc ssl_sid_lookup;
+sslSessionIDCacheFunc ssl_sid_cache;
+sslSessionIDUncacheFunc ssl_sid_uncache;
+
+static PRBool ssl_inited = PR_FALSE;
+static PRDescIdentity ssl_layer_id;
+
+PRBool locksEverDisabled; /* implicitly PR_FALSE */
+PRBool ssl_force_locks;   /* implicitly PR_FALSE */
+int ssl_lock_readers = 1; /* default true. */
+char ssl_debug;
+char ssl_trace;
+FILE *ssl_trace_iob;
+
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+FILE *ssl_keylog_iob;
+#endif
+
+char lockStatus[] = "Locks are ENABLED.  ";
+#define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
+
+/* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
+static const PRUint16 srtpCiphers[] = {
+    SRTP_AES128_CM_HMAC_SHA1_80,
+    SRTP_AES128_CM_HMAC_SHA1_32,
+    0
+};
+
+/* This list is in preference order.  Note that while some smaller groups appear
+ * early in the list, smaller groups are generally ignored when iterating
+ * through this list. ffdhe_custom must not appear in this list. */
+#define ECGROUP(name, size, oid, assumeSupported)  \
+    {                                              \
+        ssl_grp_ec_##name, size, ssl_kea_ecdh,     \
+            SEC_OID_SECG_EC_##oid, assumeSupported \
+    }
+#define FFGROUP(size)                           \
+    {                                           \
+        ssl_grp_ffdhe_##size, size, ssl_kea_dh, \
+            SEC_OID_TLS_FFDHE_##size, PR_TRUE   \
+    }
+
+const sslNamedGroupDef ssl_named_groups[] = {
+    /* Note that 256 for 25519 is a lie, but we only use it for checking bit
+     * security and expect 256 bits there (not 255). */
+    { ssl_grp_ec_curve25519, 256, ssl_kea_ecdh, SEC_OID_CURVE25519, PR_TRUE },
+    ECGROUP(secp256r1, 256, SECP256R1, PR_TRUE),
+    ECGROUP(secp384r1, 384, SECP384R1, PR_TRUE),
+    ECGROUP(secp521r1, 521, SECP521R1, PR_TRUE),
+    FFGROUP(2048),
+    FFGROUP(3072),
+    FFGROUP(4096),
+    FFGROUP(6144),
+    FFGROUP(8192),
+    ECGROUP(secp192r1, 192, SECP192R1, PR_FALSE),
+    ECGROUP(secp160r2, 160, SECP160R2, PR_FALSE),
+    ECGROUP(secp160k1, 160, SECP160K1, PR_FALSE),
+    ECGROUP(secp160r1, 160, SECP160R1, PR_FALSE),
+    ECGROUP(sect163k1, 163, SECT163K1, PR_FALSE),
+    ECGROUP(sect163r1, 163, SECT163R1, PR_FALSE),
+    ECGROUP(sect163r2, 163, SECT163R2, PR_FALSE),
+    ECGROUP(secp192k1, 192, SECP192K1, PR_FALSE),
+    ECGROUP(sect193r1, 193, SECT193R1, PR_FALSE),
+    ECGROUP(sect193r2, 193, SECT193R2, PR_FALSE),
+    ECGROUP(secp224r1, 224, SECP224R1, PR_FALSE),
+    ECGROUP(secp224k1, 224, SECP224K1, PR_FALSE),
+    ECGROUP(sect233k1, 233, SECT233K1, PR_FALSE),
+    ECGROUP(sect233r1, 233, SECT233R1, PR_FALSE),
+    ECGROUP(sect239k1, 239, SECT239K1, PR_FALSE),
+    ECGROUP(secp256k1, 256, SECP256K1, PR_FALSE),
+    ECGROUP(sect283k1, 283, SECT283K1, PR_FALSE),
+    ECGROUP(sect283r1, 283, SECT283R1, PR_FALSE),
+    ECGROUP(sect409k1, 409, SECT409K1, PR_FALSE),
+    ECGROUP(sect409r1, 409, SECT409R1, PR_FALSE),
+    ECGROUP(sect571k1, 571, SECT571K1, PR_FALSE),
+    ECGROUP(sect571r1, 571, SECT571R1, PR_FALSE),
+};
+PR_STATIC_ASSERT(SSL_NAMED_GROUP_COUNT == PR_ARRAY_SIZE(ssl_named_groups));
+
+#undef ECGROUP
+#undef FFGROUP
+
+/* forward declarations. */
+static sslSocket *ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant variant);
+static SECStatus ssl_MakeLocks(sslSocket *ss);
+static void ssl_SetDefaultsFromEnvironment(void);
+static PRStatus ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack,
+                                PRDescIdentity id);
+
+/************************************************************************/
+
+/*
+** Lookup a socket structure from a file descriptor.
+** Only functions called through the PRIOMethods table should use this.
+** Other app-callable functions should use ssl_FindSocket.
+*/
+static sslSocket *
+ssl_GetPrivate(PRFileDesc *fd)
+{
+    sslSocket *ss;
+
+    PORT_Assert(fd != NULL);
+    PORT_Assert(fd->methods->file_type == PR_DESC_LAYERED);
+    PORT_Assert(fd->identity == ssl_layer_id);
+
+    if (fd->methods->file_type != PR_DESC_LAYERED ||
+        fd->identity != ssl_layer_id) {
+        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+        return NULL;
+    }
+
+    ss = (sslSocket *)fd->secret;
+    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+     * contents of the PRFileDesc pointed by ss->fd and the new layer.
+     * See bug 807250.
+     */
+    ss->fd = fd;
+    return ss;
+}
+
+/* This function tries to find the SSL layer in the stack.
+ * It searches for the first SSL layer at or below the argument fd,
+ * and failing that, it searches for the nearest SSL layer above the
+ * argument fd.  It returns the private sslSocket from the found layer.
+ */
+sslSocket *
+ssl_FindSocket(PRFileDesc *fd)
+{
+    PRFileDesc *layer;
+    sslSocket *ss;
+
+    PORT_Assert(fd != NULL);
+    PORT_Assert(ssl_layer_id != 0);
+
+    layer = PR_GetIdentitiesLayer(fd, ssl_layer_id);
+    if (layer == NULL) {
+        PORT_SetError(PR_BAD_DESCRIPTOR_ERROR);
+        return NULL;
+    }
+
+    ss = (sslSocket *)layer->secret;
+    /* Set ss->fd lazily. We can't rely on the value of ss->fd set by
+     * ssl_PushIOLayer because another PR_PushIOLayer call will switch the
+     * contents of the PRFileDesc pointed by ss->fd and the new layer.
+     * See bug 807250.
+     */
+    ss->fd = layer;
+    return ss;
+}
+
+static sslSocket *
+ssl_DupSocket(sslSocket *os)
+{
+    sslSocket *ss;
+    SECStatus rv;
+
+    ss = ssl_NewSocket((PRBool)(!os->opt.noLocks), os->protocolVariant);
+    if (!ss) {
+        return NULL;
+    }
+
+    ss->opt = os->opt;
+    ss->opt.useSocks = PR_FALSE;
+    rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &os->opt.nextProtoNego);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    ss->vrange = os->vrange;
+
+    ss->peerID = !os->peerID ? NULL : PORT_Strdup(os->peerID);
+    ss->url = !os->url ? NULL : PORT_Strdup(os->url);
+
+    ss->ops = os->ops;
+    ss->rTimeout = os->rTimeout;
+    ss->wTimeout = os->wTimeout;
+    ss->cTimeout = os->cTimeout;
+    ss->dbHandle = os->dbHandle;
+
+    /* copy ssl2&3 policy & prefs, even if it's not selected (yet) */
+    PORT_Memcpy(ss->cipherSuites, os->cipherSuites, sizeof os->cipherSuites);
+    PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers,
+                sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount);
+    ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount;
+    PORT_Memcpy(ss->ssl3.signatureSchemes, os->ssl3.signatureSchemes,
+                sizeof(ss->ssl3.signatureSchemes[0]) *
+                    os->ssl3.signatureSchemeCount);
+    ss->ssl3.signatureSchemeCount = os->ssl3.signatureSchemeCount;
+    ss->ssl3.downgradeCheckVersion = os->ssl3.downgradeCheckVersion;
+
+    ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled;
+
+    if (ss->opt.useSecurity) {
+        PRCList *cursor;
+        for (cursor = PR_NEXT_LINK(&os->serverCerts);
+             cursor != &os->serverCerts;
+             cursor = PR_NEXT_LINK(cursor)) {
+            sslServerCert *sc = ssl_CopyServerCert((sslServerCert *)cursor);
+            if (!sc)
+                goto loser;
+            PR_APPEND_LINK(&sc->link, &ss->serverCerts);
+        }
+
+        PR_INIT_CLIST(&ss->ephemeralKeyPairs);
+        for (cursor = PR_NEXT_LINK(&os->ephemeralKeyPairs);
+             cursor != &os->ephemeralKeyPairs;
+             cursor = PR_NEXT_LINK(cursor)) {
+            sslEphemeralKeyPair *okp = (sslEphemeralKeyPair *)cursor;
+            sslEphemeralKeyPair *skp = ssl_CopyEphemeralKeyPair(okp);
+            if (!skp)
+                goto loser;
+            PR_APPEND_LINK(&skp->link, &ss->ephemeralKeyPairs);
+        }
+
+        /*
+         * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
+         * XXX We should detect this, and not just march on with NULL pointers.
+         */
+        ss->authCertificate = os->authCertificate;
+        ss->authCertificateArg = os->authCertificateArg;
+        ss->getClientAuthData = os->getClientAuthData;
+        ss->getClientAuthDataArg = os->getClientAuthDataArg;
+        ss->sniSocketConfig = os->sniSocketConfig;
+        ss->sniSocketConfigArg = os->sniSocketConfigArg;
+        ss->alertReceivedCallback = os->alertReceivedCallback;
+        ss->alertReceivedCallbackArg = os->alertReceivedCallbackArg;
+        ss->alertSentCallback = os->alertSentCallback;
+        ss->alertSentCallbackArg = os->alertSentCallbackArg;
+        ss->handleBadCert = os->handleBadCert;
+        ss->badCertArg = os->badCertArg;
+        ss->handshakeCallback = os->handshakeCallback;
+        ss->handshakeCallbackData = os->handshakeCallbackData;
+        ss->canFalseStartCallback = os->canFalseStartCallback;
+        ss->canFalseStartCallbackData = os->canFalseStartCallbackData;
+        ss->pkcs11PinArg = os->pkcs11PinArg;
+        ss->nextProtoCallback = os->nextProtoCallback;
+        ss->nextProtoArg = os->nextProtoArg;
+        PORT_Memcpy((void *)ss->namedGroupPreferences,
+                    os->namedGroupPreferences,
+                    sizeof(ss->namedGroupPreferences));
+        ss->additionalShares = os->additionalShares;
+
+        /* Create security data */
+        rv = ssl_CopySecurityInfo(ss, os);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+    return ss;
+
+loser:
+    ssl_FreeSocket(ss);
+    return NULL;
+}
+
+static void
+ssl_DestroyLocks(sslSocket *ss)
+{
+    /* Destroy locks. */
+    if (ss->firstHandshakeLock) {
+        PZ_DestroyMonitor(ss->firstHandshakeLock);
+        ss->firstHandshakeLock = NULL;
+    }
+    if (ss->ssl3HandshakeLock) {
+        PZ_DestroyMonitor(ss->ssl3HandshakeLock);
+        ss->ssl3HandshakeLock = NULL;
+    }
+    if (ss->specLock) {
+        NSSRWLock_Destroy(ss->specLock);
+        ss->specLock = NULL;
+    }
+
+    if (ss->recvLock) {
+        PZ_DestroyLock(ss->recvLock);
+        ss->recvLock = NULL;
+    }
+    if (ss->sendLock) {
+        PZ_DestroyLock(ss->sendLock);
+        ss->sendLock = NULL;
+    }
+    if (ss->xmitBufLock) {
+        PZ_DestroyMonitor(ss->xmitBufLock);
+        ss->xmitBufLock = NULL;
+    }
+    if (ss->recvBufLock) {
+        PZ_DestroyMonitor(ss->recvBufLock);
+        ss->recvBufLock = NULL;
+    }
+}
+
+/* Caller holds any relevant locks */
+static void
+ssl_DestroySocketContents(sslSocket *ss)
+{
+	PRUint32 i;
+    PRCList *cursor;
+
+    /* Free up socket */
+    ssl_DestroySecurityInfo(&ss->sec);
+
+    ssl3_DestroySSL3Info(ss);
+
+    PORT_Free(ss->saveBuf.buf);
+    PORT_Free(ss->pendingBuf.buf);
+    ssl3_DestroyGather(&ss->gs);
+
+    if (ss->peerID != NULL)
+        PORT_Free(ss->peerID);
+    if (ss->url != NULL)
+        PORT_Free((void *)ss->url); /* CONST */
+
+    /* Clean up server certificates and sundries. */
+    while (!PR_CLIST_IS_EMPTY(&ss->serverCerts)) {
+        cursor = PR_LIST_TAIL(&ss->serverCerts);
+        PR_REMOVE_LINK(cursor);
+        ssl_FreeServerCert((sslServerCert *)cursor);
+    }
+    ssl_FreeEphemeralKeyPairs(ss);
+    SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
+    ssl3_FreeSniNameArray(&ss->xtnData);
+
+	// TLS-N Extension
+	if(ss->tlsproofMerkleRoot != NULL){
+		PORT_Free(ss->tlsproofMerkleRoot);
+	}
+	if(ss->tlsproofOrderingVector != NULL){
+		PORT_Free(ss->tlsproofOrderingVector);
+	}
+	if(ss->tlsproofClientRecvLen > 0){
+		for(i = 0; i < ss->tlsproofClientRecvLen; ++i){
+			if(ss->tlsproofClientRecv[i].plaintext != NULL){
+				PORT_Free(ss->tlsproofClientRecv[i].plaintext);
+			}
+			if(ss->tlsproofClientRecv[i].merkle_hash != NULL){
+				PORT_Free(ss->tlsproofClientRecv[i].merkle_hash);
+			}
+			if(ss->tlsproofClientRecv[i].salt_secret != NULL){
+				PORT_Free(ss->tlsproofClientRecv[i].salt_secret);
+			}
+		}
+		PORT_Free(ss->tlsproofClientRecv);
+		ss->tlsproofClientRecv = NULL;
+		ss->tlsproofClientRecvLen = 0;
+	}
+	if(ss->tlsproofClientSentLen > 0){
+		for(i = 0; i < ss->tlsproofClientSentLen; ++i){
+			if(ss->tlsproofClientSent[i].plaintext != NULL){
+				PORT_Free(ss->tlsproofClientSent[i].plaintext);
+			}
+			if(ss->tlsproofClientSent[i].merkle_hash != NULL){
+				PORT_Free(ss->tlsproofClientSent[i].merkle_hash);
+			}
+			if(ss->tlsproofClientSent[i].salt_secret != NULL){
+				PORT_Free(ss->tlsproofClientSent[i].salt_secret);
+			}
+		}
+		PORT_Free(ss->tlsproofClientSent);
+		ss->tlsproofClientSent = NULL;
+		ss->tlsproofClientSentLen = 0;
+	}
+}
+
+/*
+ * free an sslSocket struct, and all the stuff that hangs off of it
+ */
+void
+ssl_FreeSocket(sslSocket *ss)
+{
+    /* Get every lock you can imagine!
+    ** Caller already holds these:
+    **  SSL_LOCK_READER(ss);
+    **  SSL_LOCK_WRITER(ss);
+    */
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetRecvBufLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+    ssl_GetXmitBufLock(ss);
+    ssl_GetSpecWriteLock(ss);
+
+    ssl_DestroySocketContents(ss);
+
+    /* Release all the locks acquired above.  */
+    SSL_UNLOCK_READER(ss);
+    SSL_UNLOCK_WRITER(ss);
+    ssl_Release1stHandshakeLock(ss);
+    ssl_ReleaseRecvBufLock(ss);
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_ReleaseXmitBufLock(ss);
+    ssl_ReleaseSpecWriteLock(ss);
+
+    ssl_DestroyLocks(ss);
+
+#ifdef DEBUG
+    PORT_Memset(ss, 0x1f, sizeof *ss);
+#endif
+    PORT_Free(ss);
+    return;
+}
+
+/************************************************************************/
+SECStatus
+ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled)
+{
+    PRFileDesc *osfd = ss->fd->lower;
+    SECStatus rv = SECFailure;
+    PRSocketOptionData opt;
+
+    opt.option = PR_SockOpt_NoDelay;
+    opt.value.no_delay = (PRBool)!enabled;
+
+    if (osfd->methods->setsocketoption) {
+        rv = (SECStatus)osfd->methods->setsocketoption(osfd, &opt);
+    } else {
+        PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    }
+
+    return rv;
+}
+
+static void
+ssl_ChooseOps(sslSocket *ss)
+{
+    ss->ops = ss->opt.useSecurity ? &ssl_secure_ops : &ssl_default_ops;
+}
+
+/* Called from SSL_Enable (immediately below) */
+static SECStatus
+PrepareSocket(sslSocket *ss)
+{
+    SECStatus rv = SECSuccess;
+
+    ssl_ChooseOps(ss);
+    return rv;
+}
+
+SECStatus
+SSL_Enable(PRFileDesc *fd, int which, PRBool on)
+{
+    return SSL_OptionSet(fd, which, on);
+}
+
+static PRBool ssl_VersionIsSupportedByPolicy(
+    SSLProtocolVariant protocolVariant, SSL3ProtocolVersion version);
+
+/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_TLS, on) described in
+ * ssl.h in the section "SSL version range setting API".
+ */
+static void
+ssl_EnableTLS(SSLVersionRange *vrange, PRBool on)
+{
+    if (on) {
+        /* don't turn it on if tls1.0 disallowed by by policy */
+        if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
+                                            SSL_LIBRARY_VERSION_TLS_1_0)) {
+            return;
+        }
+    }
+    if (SSL_ALL_VERSIONS_DISABLED(vrange)) {
+        if (on) {
+            vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
+            vrange->max = SSL_LIBRARY_VERSION_TLS_1_0;
+        } /* else don't change anything */
+        return;
+    }
+
+    if (on) {
+        /* Expand the range of enabled version to include TLS 1.0 */
+        vrange->min = PR_MIN(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+        vrange->max = PR_MAX(vrange->max, SSL_LIBRARY_VERSION_TLS_1_0);
+    } else {
+        /* Disable all TLS versions, leaving only SSL 3.0 if it was enabled */
+        if (vrange->min == SSL_LIBRARY_VERSION_3_0) {
+            vrange->max = SSL_LIBRARY_VERSION_3_0;
+        } else {
+            /* Only TLS was enabled, so now no versions are. */
+            vrange->min = SSL_LIBRARY_VERSION_NONE;
+            vrange->max = SSL_LIBRARY_VERSION_NONE;
+        }
+    }
+}
+
+/* Implements the semantics for SSL_OptionSet(SSL_ENABLE_SSL3, on) described in
+ * ssl.h in the section "SSL version range setting API".
+ */
+static void
+ssl_EnableSSL3(SSLVersionRange *vrange, PRBool on)
+{
+    if (on) {
+        /* don't turn it on if ssl3 disallowed by by policy */
+        if (!ssl_VersionIsSupportedByPolicy(ssl_variant_stream,
+                                            SSL_LIBRARY_VERSION_3_0)) {
+            return;
+        }
+    }
+    if (SSL_ALL_VERSIONS_DISABLED(vrange)) {
+        if (on) {
+            vrange->min = SSL_LIBRARY_VERSION_3_0;
+            vrange->max = SSL_LIBRARY_VERSION_3_0;
+        } /* else don't change anything */
+        return;
+    }
+
+    if (on) {
+        /* Expand the range of enabled versions to include SSL 3.0. We know
+         * SSL 3.0 or some version of TLS is already enabled at this point, so
+         * we don't need to change vrange->max.
+         */
+        vrange->min = SSL_LIBRARY_VERSION_3_0;
+    } else {
+        /* Disable SSL 3.0, leaving TLS unaffected. */
+        if (vrange->max > SSL_LIBRARY_VERSION_3_0) {
+            vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
+        } else {
+            /* Only SSL 3.0 was enabled, so now no versions are. */
+            vrange->min = SSL_LIBRARY_VERSION_NONE;
+            vrange->max = SSL_LIBRARY_VERSION_NONE;
+        }
+    }
+}
+
+SECStatus
+SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+    SECStatus rv = SECSuccess;
+    PRBool holdingLocks;
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    holdingLocks = (!ss->opt.noLocks);
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    switch (which) {
+        case SSL_SOCKS:
+            ss->opt.useSocks = PR_FALSE;
+            rv = PrepareSocket(ss);
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+            }
+            break;
+
+        case SSL_SECURITY:
+            ss->opt.useSecurity = on;
+            rv = PrepareSocket(ss);
+            break;
+
+        case SSL_REQUEST_CERTIFICATE:
+            ss->opt.requestCertificate = on;
+            break;
+
+        case SSL_REQUIRE_CERTIFICATE:
+            ss->opt.requireCertificate = on;
+            break;
+
+        case SSL_HANDSHAKE_AS_CLIENT:
+            if (ss->opt.handshakeAsServer && on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+                break;
+            }
+            ss->opt.handshakeAsClient = on;
+            break;
+
+        case SSL_HANDSHAKE_AS_SERVER:
+            if (ss->opt.handshakeAsClient && on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+                break;
+            }
+            ss->opt.handshakeAsServer = on;
+            break;
+
+        case SSL_ENABLE_TLS:
+            if (IS_DTLS(ss)) {
+                if (on) {
+                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                    rv = SECFailure; /* not allowed */
+                }
+                break;
+            }
+            ssl_EnableTLS(&ss->vrange, on);
+            break;
+
+        case SSL_ENABLE_SSL3:
+            if (IS_DTLS(ss)) {
+                if (on) {
+                    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                    rv = SECFailure; /* not allowed */
+                }
+                break;
+            }
+            ssl_EnableSSL3(&ss->vrange, on);
+            break;
+
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            /* We no longer support SSL v2.
+             * However, if an old application requests to disable SSL v2,
+             * we shouldn't fail.
+             */
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+            }
+            break;
+
+        case SSL_NO_CACHE:
+            ss->opt.noCache = on;
+            break;
+
+        case SSL_ENABLE_FDX:
+            if (on && ss->opt.noLocks) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+            }
+            ss->opt.fdx = on;
+            break;
+
+        case SSL_ROLLBACK_DETECTION:
+            ss->opt.detectRollBack = on;
+            break;
+
+        case SSL_NO_STEP_DOWN:
+            break;
+
+        case SSL_BYPASS_PKCS11:
+            break;
+
+        case SSL_NO_LOCKS:
+            if (on && ss->opt.fdx) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+            }
+            if (on && ssl_force_locks)
+                on = PR_FALSE; /* silent override */
+            ss->opt.noLocks = on;
+            if (on) {
+                locksEverDisabled = PR_TRUE;
+                strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+            } else if (!holdingLocks) {
+                rv = ssl_MakeLocks(ss);
+                if (rv != SECSuccess) {
+                    ss->opt.noLocks = PR_TRUE;
+                }
+            }
+            break;
+
+        case SSL_ENABLE_SESSION_TICKETS:
+            ss->opt.enableSessionTickets = on;
+            break;
+
+        case SSL_ENABLE_DEFLATE:
+            ss->opt.enableDeflate = on;
+            break;
+
+        case SSL_ENABLE_RENEGOTIATION:
+            if (IS_DTLS(ss) && on != SSL_RENEGOTIATE_NEVER) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                rv = SECFailure;
+                break;
+            }
+            ss->opt.enableRenegotiation = on;
+            break;
+
+        case SSL_REQUIRE_SAFE_NEGOTIATION:
+            ss->opt.requireSafeNegotiation = on;
+            break;
+
+        case SSL_ENABLE_FALSE_START:
+            ss->opt.enableFalseStart = on;
+            break;
+
+        case SSL_CBC_RANDOM_IV:
+            ss->opt.cbcRandomIV = on;
+            break;
+
+        case SSL_ENABLE_OCSP_STAPLING:
+            ss->opt.enableOCSPStapling = on;
+            break;
+
+        case SSL_ENABLE_NPN:
+            break;
+
+        case SSL_ENABLE_ALPN:
+            ss->opt.enableALPN = on;
+            break;
+
+        case SSL_REUSE_SERVER_ECDHE_KEY:
+            ss->opt.reuseServerECDHEKey = on;
+            break;
+
+        case SSL_ENABLE_FALLBACK_SCSV:
+            ss->opt.enableFallbackSCSV = on;
+            break;
+
+        case SSL_ENABLE_SERVER_DHE:
+            ss->opt.enableServerDhe = on;
+            break;
+
+        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+            ss->opt.enableExtendedMS = on;
+            break;
+
+        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+            ss->opt.enableSignedCertTimestamps = on;
+            break;
+
+        case SSL_REQUIRE_DH_NAMED_GROUPS:
+            ss->opt.requireDHENamedGroups = on;
+            break;
+
+        case SSL_ENABLE_0RTT_DATA:
+            ss->opt.enable0RttData = on;
+            break;
+
+		// TLS-N Extension
+        case SSL_ENABLE_TLS_PROOF:
+            if(IS_DTLS(ss)) return SECFailure;
+            ss-> opt.enableTLSProof = on;
+            break;
+		
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+    }
+
+    /* We can't use the macros for releasing the locks here,
+     * because ss->opt.noLocks might have changed just above.
+     * We must release these locks (monitors) here, if we aquired them above,
+     * regardless of the current value of ss->opt.noLocks.
+     */
+    if (holdingLocks) {
+        PZ_ExitMonitor((ss)->ssl3HandshakeLock);
+        PZ_ExitMonitor((ss)->firstHandshakeLock);
+    }
+
+    return rv;
+}
+
+SECStatus
+SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+    SECStatus rv = SECSuccess;
+    PRBool on = PR_FALSE;
+
+    if (!pOn) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in Enable", SSL_GETPID(), fd));
+        *pOn = PR_FALSE;
+        return SECFailure;
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    switch (which) {
+        case SSL_SOCKS:
+            on = PR_FALSE;
+            break;
+        case SSL_SECURITY:
+            on = ss->opt.useSecurity;
+            break;
+        case SSL_REQUEST_CERTIFICATE:
+            on = ss->opt.requestCertificate;
+            break;
+        case SSL_REQUIRE_CERTIFICATE:
+            on = ss->opt.requireCertificate;
+            break;
+        case SSL_HANDSHAKE_AS_CLIENT:
+            on = ss->opt.handshakeAsClient;
+            break;
+        case SSL_HANDSHAKE_AS_SERVER:
+            on = ss->opt.handshakeAsServer;
+            break;
+        case SSL_ENABLE_TLS:
+            on = ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+            break;
+        case SSL_ENABLE_SSL3:
+            on = ss->vrange.min == SSL_LIBRARY_VERSION_3_0;
+            break;
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            on = PR_FALSE;
+            break;
+        case SSL_NO_CACHE:
+            on = ss->opt.noCache;
+            break;
+        case SSL_ENABLE_FDX:
+            on = ss->opt.fdx;
+            break;
+        case SSL_ROLLBACK_DETECTION:
+            on = ss->opt.detectRollBack;
+            break;
+        case SSL_NO_STEP_DOWN:
+            on = PR_FALSE;
+            break;
+        case SSL_BYPASS_PKCS11:
+            on = PR_FALSE;
+            break;
+        case SSL_NO_LOCKS:
+            on = ss->opt.noLocks;
+            break;
+        case SSL_ENABLE_SESSION_TICKETS:
+            on = ss->opt.enableSessionTickets;
+            break;
+        case SSL_ENABLE_DEFLATE:
+            on = ss->opt.enableDeflate;
+            break;
+        case SSL_ENABLE_RENEGOTIATION:
+            on = ss->opt.enableRenegotiation;
+            break;
+        case SSL_REQUIRE_SAFE_NEGOTIATION:
+            on = ss->opt.requireSafeNegotiation;
+            break;
+        case SSL_ENABLE_FALSE_START:
+            on = ss->opt.enableFalseStart;
+            break;
+        case SSL_CBC_RANDOM_IV:
+            on = ss->opt.cbcRandomIV;
+            break;
+        case SSL_ENABLE_OCSP_STAPLING:
+            on = ss->opt.enableOCSPStapling;
+            break;
+        case SSL_ENABLE_NPN:
+            on = ss->opt.enableNPN;
+            break;
+        case SSL_ENABLE_ALPN:
+            on = ss->opt.enableALPN;
+            break;
+        case SSL_REUSE_SERVER_ECDHE_KEY:
+            on = ss->opt.reuseServerECDHEKey;
+            break;
+        case SSL_ENABLE_FALLBACK_SCSV:
+            on = ss->opt.enableFallbackSCSV;
+            break;
+        case SSL_ENABLE_SERVER_DHE:
+            on = ss->opt.enableServerDhe;
+            break;
+        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+            on = ss->opt.enableExtendedMS;
+            break;
+        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+            on = ss->opt.enableSignedCertTimestamps;
+            break;
+        case SSL_REQUIRE_DH_NAMED_GROUPS:
+            on = ss->opt.requireDHENamedGroups;
+            break;
+        case SSL_ENABLE_0RTT_DATA:
+            on = ss->opt.enable0RttData;
+            break;
+		// TLS-N Extension
+        case SSL_ENABLE_TLS_PROOF:
+            on = ss->opt.enableTLSProof;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+    }
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    *pOn = on;
+    return rv;
+}
+
+SECStatus
+SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
+{
+    SECStatus rv = SECSuccess;
+    PRBool on = PR_FALSE;
+
+    if (!pOn) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ssl_SetDefaultsFromEnvironment();
+
+    switch (which) {
+        case SSL_SOCKS:
+            on = PR_FALSE;
+            break;
+        case SSL_SECURITY:
+            on = ssl_defaults.useSecurity;
+            break;
+        case SSL_REQUEST_CERTIFICATE:
+            on = ssl_defaults.requestCertificate;
+            break;
+        case SSL_REQUIRE_CERTIFICATE:
+            on = ssl_defaults.requireCertificate;
+            break;
+        case SSL_HANDSHAKE_AS_CLIENT:
+            on = ssl_defaults.handshakeAsClient;
+            break;
+        case SSL_HANDSHAKE_AS_SERVER:
+            on = ssl_defaults.handshakeAsServer;
+            break;
+        case SSL_ENABLE_TLS:
+            on = versions_defaults_stream.max >= SSL_LIBRARY_VERSION_TLS_1_0;
+            break;
+        case SSL_ENABLE_SSL3:
+            on = versions_defaults_stream.min == SSL_LIBRARY_VERSION_3_0;
+            break;
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            on = PR_FALSE;
+            break;
+        case SSL_NO_CACHE:
+            on = ssl_defaults.noCache;
+            break;
+        case SSL_ENABLE_FDX:
+            on = ssl_defaults.fdx;
+            break;
+        case SSL_ROLLBACK_DETECTION:
+            on = ssl_defaults.detectRollBack;
+            break;
+        case SSL_NO_STEP_DOWN:
+            on = PR_FALSE;
+            break;
+        case SSL_BYPASS_PKCS11:
+            on = PR_FALSE;
+            break;
+        case SSL_NO_LOCKS:
+            on = ssl_defaults.noLocks;
+            break;
+        case SSL_ENABLE_SESSION_TICKETS:
+            on = ssl_defaults.enableSessionTickets;
+            break;
+        case SSL_ENABLE_DEFLATE:
+            on = ssl_defaults.enableDeflate;
+            break;
+        case SSL_ENABLE_RENEGOTIATION:
+            on = ssl_defaults.enableRenegotiation;
+            break;
+        case SSL_REQUIRE_SAFE_NEGOTIATION:
+            on = ssl_defaults.requireSafeNegotiation;
+            break;
+        case SSL_ENABLE_FALSE_START:
+            on = ssl_defaults.enableFalseStart;
+            break;
+        case SSL_CBC_RANDOM_IV:
+            on = ssl_defaults.cbcRandomIV;
+            break;
+        case SSL_ENABLE_OCSP_STAPLING:
+            on = ssl_defaults.enableOCSPStapling;
+            break;
+        case SSL_ENABLE_NPN:
+            on = ssl_defaults.enableNPN;
+            break;
+        case SSL_ENABLE_ALPN:
+            on = ssl_defaults.enableALPN;
+            break;
+        case SSL_REUSE_SERVER_ECDHE_KEY:
+            on = ssl_defaults.reuseServerECDHEKey;
+            break;
+        case SSL_ENABLE_FALLBACK_SCSV:
+            on = ssl_defaults.enableFallbackSCSV;
+            break;
+        case SSL_ENABLE_SERVER_DHE:
+            on = ssl_defaults.enableServerDhe;
+            break;
+        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+            on = ssl_defaults.enableExtendedMS;
+            break;
+        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+            on = ssl_defaults.enableSignedCertTimestamps;
+            break;
+        case SSL_ENABLE_0RTT_DATA:
+            on = ssl_defaults.enable0RttData;
+            break;
+		// TLS-N Extension
+        case SSL_ENABLE_TLS_PROOF:
+            on = ssl_defaults.enableTLSProof;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+    }
+
+    *pOn = on;
+    return rv;
+}
+
+/* XXX Use Global Lock to protect this stuff. */
+SECStatus
+SSL_EnableDefault(int which, PRBool on)
+{
+    return SSL_OptionSetDefault(which, on);
+}
+
+SECStatus
+SSL_OptionSetDefault(PRInt32 which, PRBool on)
+{
+    SECStatus status = ssl_Init();
+
+    if (status != SECSuccess) {
+        return status;
+    }
+
+    ssl_SetDefaultsFromEnvironment();
+
+    switch (which) {
+        case SSL_SOCKS:
+            ssl_defaults.useSocks = PR_FALSE;
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            break;
+
+        case SSL_SECURITY:
+            ssl_defaults.useSecurity = on;
+            break;
+
+        case SSL_REQUEST_CERTIFICATE:
+            ssl_defaults.requestCertificate = on;
+            break;
+
+        case SSL_REQUIRE_CERTIFICATE:
+            ssl_defaults.requireCertificate = on;
+            break;
+
+        case SSL_HANDSHAKE_AS_CLIENT:
+            if (ssl_defaults.handshakeAsServer && on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            ssl_defaults.handshakeAsClient = on;
+            break;
+
+        case SSL_HANDSHAKE_AS_SERVER:
+            if (ssl_defaults.handshakeAsClient && on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            ssl_defaults.handshakeAsServer = on;
+            break;
+
+        case SSL_ENABLE_TLS:
+            ssl_EnableTLS(&versions_defaults_stream, on);
+            break;
+
+        case SSL_ENABLE_SSL3:
+            ssl_EnableSSL3(&versions_defaults_stream, on);
+            break;
+
+        case SSL_ENABLE_SSL2:
+        case SSL_V2_COMPATIBLE_HELLO:
+            /* We no longer support SSL v2.
+             * However, if an old application requests to disable SSL v2,
+             * we shouldn't fail.
+             */
+            if (on) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            break;
+
+        case SSL_NO_CACHE:
+            ssl_defaults.noCache = on;
+            break;
+
+        case SSL_ENABLE_FDX:
+            if (on && ssl_defaults.noLocks) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            ssl_defaults.fdx = on;
+            break;
+
+        case SSL_ROLLBACK_DETECTION:
+            ssl_defaults.detectRollBack = on;
+            break;
+
+        case SSL_NO_STEP_DOWN:
+            break;
+
+        case SSL_BYPASS_PKCS11:
+            break;
+
+        case SSL_NO_LOCKS:
+            if (on && ssl_defaults.fdx) {
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+            }
+            if (on && ssl_force_locks)
+                on = PR_FALSE; /* silent override */
+            ssl_defaults.noLocks = on;
+            if (on) {
+                locksEverDisabled = PR_TRUE;
+                strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
+            }
+            break;
+
+        case SSL_ENABLE_SESSION_TICKETS:
+            ssl_defaults.enableSessionTickets = on;
+            break;
+
+        case SSL_ENABLE_DEFLATE:
+            ssl_defaults.enableDeflate = on;
+            break;
+
+        case SSL_ENABLE_RENEGOTIATION:
+            ssl_defaults.enableRenegotiation = on;
+            break;
+
+        case SSL_REQUIRE_SAFE_NEGOTIATION:
+            ssl_defaults.requireSafeNegotiation = on;
+            break;
+
+        case SSL_ENABLE_FALSE_START:
+            ssl_defaults.enableFalseStart = on;
+            break;
+
+        case SSL_CBC_RANDOM_IV:
+            ssl_defaults.cbcRandomIV = on;
+            break;
+
+        case SSL_ENABLE_OCSP_STAPLING:
+            ssl_defaults.enableOCSPStapling = on;
+            break;
+
+        case SSL_ENABLE_NPN:
+            break;
+
+        case SSL_ENABLE_ALPN:
+            ssl_defaults.enableALPN = on;
+            break;
+
+        case SSL_REUSE_SERVER_ECDHE_KEY:
+            ssl_defaults.reuseServerECDHEKey = on;
+            break;
+
+        case SSL_ENABLE_FALLBACK_SCSV:
+            ssl_defaults.enableFallbackSCSV = on;
+            break;
+
+        case SSL_ENABLE_SERVER_DHE:
+            ssl_defaults.enableServerDhe = on;
+            break;
+
+        case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+            ssl_defaults.enableExtendedMS = on;
+            break;
+
+        case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+            ssl_defaults.enableSignedCertTimestamps = on;
+            break;
+
+        case SSL_ENABLE_0RTT_DATA:
+            ssl_defaults.enable0RttData = on;
+            break;
+
+		// TLS-N Extension
+        case SSL_ENABLE_TLS_PROOF:
+            ssl_defaults.enableTLSProof = on;
+            break;
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* function tells us if the cipher suite is one that we no longer support. */
+static PRBool
+ssl_IsRemovedCipherSuite(PRInt32 suite)
+{
+    switch (suite) {
+        case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
+        case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
+        case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
+            return PR_TRUE;
+        default:
+            return PR_FALSE;
+    }
+}
+
+/* Part of the public NSS API.
+ * Since this is a global (not per-socket) setting, we cannot use the
+ * HandshakeLock to protect this.  Probably want a global lock.
+ */
+SECStatus
+SSL_SetPolicy(long which, int policy)
+{
+    if (ssl_IsRemovedCipherSuite(which))
+        return SECSuccess;
+    return SSL_CipherPolicySet(which, policy);
+}
+
+SECStatus
+ssl_CipherPolicySet(PRInt32 which, PRInt32 policy)
+{
+    SECStatus rv = SECSuccess;
+
+    if (ssl_IsRemovedCipherSuite(which)) {
+        rv = SECSuccess;
+    } else {
+        rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy);
+    }
+    return rv;
+}
+SECStatus
+SSL_CipherPolicySet(PRInt32 which, PRInt32 policy)
+{
+    SECStatus rv = ssl_Init();
+
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    return ssl_CipherPolicySet(which, policy);
+}
+
+SECStatus
+SSL_CipherPolicyGet(PRInt32 which, PRInt32 *oPolicy)
+{
+    SECStatus rv;
+
+    if (!oPolicy) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (ssl_IsRemovedCipherSuite(which)) {
+        *oPolicy = SSL_NOT_ALLOWED;
+        rv = SECSuccess;
+    } else {
+        rv = ssl3_GetPolicy((ssl3CipherSuite)which, oPolicy);
+    }
+    return rv;
+}
+
+/* Part of the public NSS API.
+ * Since this is a global (not per-socket) setting, we cannot use the
+ * HandshakeLock to protect this.  Probably want a global lock.
+ * These changes have no effect on any sslSockets already created.
+ */
+SECStatus
+SSL_EnableCipher(long which, PRBool enabled)
+{
+    if (ssl_IsRemovedCipherSuite(which))
+        return SECSuccess;
+    return SSL_CipherPrefSetDefault(which, enabled);
+}
+
+SECStatus
+ssl_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
+{
+    if (ssl_IsRemovedCipherSuite(which))
+        return SECSuccess;
+    return ssl3_CipherPrefSetDefault((ssl3CipherSuite)which, enabled);
+}
+
+SECStatus
+SSL_CipherPrefSetDefault(PRInt32 which, PRBool enabled)
+{
+    SECStatus rv = ssl_Init();
+
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    return ssl_CipherPrefSetDefault(which, enabled);
+}
+
+SECStatus
+SSL_CipherPrefGetDefault(PRInt32 which, PRBool *enabled)
+{
+    SECStatus rv;
+
+    if (!enabled) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (ssl_IsRemovedCipherSuite(which)) {
+        *enabled = PR_FALSE;
+        rv = SECSuccess;
+    } else {
+        rv = ssl3_CipherPrefGetDefault((ssl3CipherSuite)which, enabled);
+    }
+    return rv;
+}
+
+SECStatus
+SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 which, PRBool enabled)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefSet", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+    if (ssl_IsRemovedCipherSuite(which))
+        return SECSuccess;
+    return ssl3_CipherPrefSet(ss, (ssl3CipherSuite)which, enabled);
+}
+
+SECStatus
+SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 which, PRBool *enabled)
+{
+    SECStatus rv;
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!enabled) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in CipherPrefGet", SSL_GETPID(), fd));
+        *enabled = PR_FALSE;
+        return SECFailure;
+    }
+    if (ssl_IsRemovedCipherSuite(which)) {
+        *enabled = PR_FALSE;
+        rv = SECSuccess;
+    } else {
+        rv = ssl3_CipherPrefGet(ss, (ssl3CipherSuite)which, enabled);
+    }
+    return rv;
+}
+
+SECStatus
+NSS_SetDomesticPolicy(void)
+{
+    SECStatus status = SECSuccess;
+    const PRUint16 *cipher;
+    SECStatus rv;
+    PRUint32 policy;
+
+    /* If we've already defined some policy oids, skip changing them */
+    rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
+    if ((rv == SECSuccess) && (policy & NSS_USE_POLICY_IN_SSL)) {
+        return ssl_Init(); /* make sure the policies have bee loaded */
+    }
+
+    for (cipher = SSL_ImplementedCiphers; *cipher != 0; ++cipher) {
+        status = SSL_SetPolicy(*cipher, SSL_ALLOWED);
+        if (status != SECSuccess)
+            break;
+    }
+    return status;
+}
+
+SECStatus
+NSS_SetExportPolicy(void)
+{
+    return NSS_SetDomesticPolicy();
+}
+
+SECStatus
+NSS_SetFrancePolicy(void)
+{
+    return NSS_SetDomesticPolicy();
+}
+
+SECStatus
+SSL_NamedGroupConfig(PRFileDesc *fd, const SSLNamedGroup *groups,
+                     unsigned int numGroups)
+{
+    unsigned int i;
+    unsigned int j = 0;
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return SECFailure;
+    }
+
+    if (!groups) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (numGroups > SSL_NAMED_GROUP_COUNT) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    memset((void *)ss->namedGroupPreferences, 0,
+           sizeof(ss->namedGroupPreferences));
+    for (i = 0; i < numGroups; ++i) {
+        const sslNamedGroupDef *groupDef = ssl_LookupNamedGroup(groups[i]);
+        if (!ssl_NamedGroupEnabled(ss, groupDef)) {
+            ss->namedGroupPreferences[j++] = groupDef;
+        }
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_DHEGroupPrefSet(PRFileDesc *fd, const SSLDHEGroupType *groups,
+                    PRUint16 num_groups)
+{
+    sslSocket *ss;
+    const SSLDHEGroupType *list;
+    unsigned int count;
+    int i, k, j;
+    const sslNamedGroupDef *enabled[SSL_NAMED_GROUP_COUNT] = { 0 };
+    static const SSLDHEGroupType default_dhe_groups[] = {
+        ssl_ff_dhe_2048_group
+    };
+
+    if ((num_groups && !groups) || (!num_groups && groups) ||
+        num_groups > SSL_NAMED_GROUP_COUNT) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (groups) {
+        list = groups;
+        count = num_groups;
+    } else {
+        list = default_dhe_groups;
+        count = PR_ARRAY_SIZE(default_dhe_groups);
+    }
+
+    /* save enabled ec groups and clear ss->namedGroupPreferences */
+    k = 0;
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        if (ss->namedGroupPreferences[i] &&
+            ss->namedGroupPreferences[i]->keaType != ssl_kea_dh) {
+            enabled[k++] = ss->namedGroupPreferences[i];
+        }
+        ss->namedGroupPreferences[i] = NULL;
+    }
+
+    ss->ssl3.dhePreferredGroup = NULL;
+    for (i = 0; i < count; ++i) {
+        PRBool duplicate = PR_FALSE;
+        SSLNamedGroup name;
+        const sslNamedGroupDef *groupDef;
+        switch (list[i]) {
+            case ssl_ff_dhe_2048_group:
+                name = ssl_grp_ffdhe_2048;
+                break;
+            case ssl_ff_dhe_3072_group:
+                name = ssl_grp_ffdhe_3072;
+                break;
+            case ssl_ff_dhe_4096_group:
+                name = ssl_grp_ffdhe_4096;
+                break;
+            case ssl_ff_dhe_6144_group:
+                name = ssl_grp_ffdhe_6144;
+                break;
+            case ssl_ff_dhe_8192_group:
+                name = ssl_grp_ffdhe_8192;
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_INVALID_ARGS);
+                return SECFailure;
+        }
+        groupDef = ssl_LookupNamedGroup(name);
+        PORT_Assert(groupDef);
+        if (!ss->ssl3.dhePreferredGroup) {
+            ss->ssl3.dhePreferredGroup = groupDef;
+        }
+        PORT_Assert(k < SSL_NAMED_GROUP_COUNT);
+        for (j = 0; j < k; ++j) {
+            /* skip duplicates */
+            if (enabled[j] == groupDef) {
+                duplicate = PR_TRUE;
+                break;
+            }
+        }
+        if (!duplicate) {
+            enabled[k++] = groupDef;
+        }
+    }
+    for (i = 0; i < k; ++i) {
+        ss->namedGroupPreferences[i] = enabled[i];
+    }
+
+    return SECSuccess;
+}
+
+PRCallOnceType gWeakDHParamsRegisterOnce;
+int gWeakDHParamsRegisterError;
+
+PRCallOnceType gWeakDHParamsOnce;
+int gWeakDHParamsError;
+/* As our code allocates type PQGParams, we'll keep it around,
+ * even though we only make use of it's parameters through gWeakDHParam. */
+static PQGParams *gWeakParamsPQG;
+static ssl3DHParams *gWeakDHParams;
+#define WEAK_DHE_SIZE 1024
+
+static PRStatus
+ssl3_CreateWeakDHParams(void)
+{
+    PQGVerify *vfy;
+    SECStatus rv, passed;
+
+    PORT_Assert(!gWeakDHParams && !gWeakParamsPQG);
+
+    rv = PK11_PQG_ParamGenV2(WEAK_DHE_SIZE, 160, 64 /*maximum seed that will work*/,
+                             &gWeakParamsPQG, &vfy);
+    if (rv != SECSuccess) {
+        gWeakDHParamsError = PORT_GetError();
+        return PR_FAILURE;
+    }
+
+    rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed);
+    if (rv != SECSuccess || passed != SECSuccess) {
+        SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams",
+                 SSL_GETPID()));
+        gWeakDHParamsError = PORT_GetError();
+        return PR_FAILURE;
+    }
+
+    gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams);
+    if (!gWeakDHParams) {
+        gWeakDHParamsError = PORT_GetError();
+        return PR_FAILURE;
+    }
+
+    gWeakDHParams->name = ssl_grp_ffdhe_custom;
+    gWeakDHParams->prime.data = gWeakParamsPQG->prime.data;
+    gWeakDHParams->prime.len = gWeakParamsPQG->prime.len;
+    gWeakDHParams->base.data = gWeakParamsPQG->base.data;
+    gWeakDHParams->base.len = gWeakParamsPQG->base.len;
+
+    PK11_PQG_DestroyVerify(vfy);
+    return PR_SUCCESS;
+}
+
+static SECStatus
+ssl3_WeakDHParamsShutdown(void *appData, void *nssData)
+{
+    if (gWeakParamsPQG) {
+        PK11_PQG_DestroyParams(gWeakParamsPQG);
+        gWeakParamsPQG = NULL;
+        gWeakDHParams = NULL;
+    }
+    return SECSuccess;
+}
+
+static PRStatus
+ssl3_WeakDHParamsRegisterShutdown(void)
+{
+    SECStatus rv;
+    rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL);
+    if (rv != SECSuccess) {
+        gWeakDHParamsRegisterError = PORT_GetError();
+    }
+    return (PRStatus)rv;
+}
+
+/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */
+SECStatus
+SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled)
+{
+    sslSocket *ss;
+    PRStatus status;
+
+    if (enabled) {
+        status = PR_CallOnce(&gWeakDHParamsRegisterOnce,
+                             ssl3_WeakDHParamsRegisterShutdown);
+        if (status != PR_SUCCESS) {
+            PORT_SetError(gWeakDHParamsRegisterError);
+            return SECFailure;
+        }
+
+        status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams);
+        if (status != PR_SUCCESS) {
+            PORT_SetError(gWeakDHParamsError);
+            return SECFailure;
+        }
+    }
+
+    if (!fd)
+        return SECSuccess;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    ss->ssl3.dheWeakGroupEnabled = enabled;
+    return SECSuccess;
+}
+
+#include "dhe-param.c"
+
+const ssl3DHParams *
+ssl_GetDHEParams(const sslNamedGroupDef *groupDef)
+{
+    switch (groupDef->name) {
+        case ssl_grp_ffdhe_2048:
+            return &ff_dhe_2048_params;
+        case ssl_grp_ffdhe_3072:
+            return &ff_dhe_3072_params;
+        case ssl_grp_ffdhe_4096:
+            return &ff_dhe_4096_params;
+        case ssl_grp_ffdhe_6144:
+            return &ff_dhe_6144_params;
+        case ssl_grp_ffdhe_8192:
+            return &ff_dhe_8192_params;
+        case ssl_grp_ffdhe_custom:
+            PORT_Assert(gWeakDHParams);
+            return gWeakDHParams;
+        default:
+            PORT_Assert(0);
+    }
+    return NULL;
+}
+
+/* This validates dh_Ys against the group prime. */
+PRBool
+ssl_IsValidDHEShare(const SECItem *dh_p, const SECItem *dh_Ys)
+{
+    unsigned int size_p = SECKEY_BigIntegerBitLength(dh_p);
+    unsigned int size_y = SECKEY_BigIntegerBitLength(dh_Ys);
+    unsigned int commonPart;
+    int cmp;
+
+    if (dh_p->len == 0 || dh_Ys->len == 0) {
+        return PR_FALSE;
+    }
+    /* Check that the prime is at least odd. */
+    if ((dh_p->data[dh_p->len - 1] & 0x01) == 0) {
+        return PR_FALSE;
+    }
+    /* dh_Ys can't be 1, or bigger than dh_p. */
+    if (size_y <= 1 || size_y > size_p) {
+        return PR_FALSE;
+    }
+    /* If dh_Ys is shorter, then it's definitely smaller than p-1. */
+    if (size_y < size_p) {
+        return PR_TRUE;
+    }
+
+    /* Compare the common part of each, minus the final octet. */
+    commonPart = (size_p + 7) / 8;
+    PORT_Assert(commonPart <= dh_Ys->len);
+    PORT_Assert(commonPart <= dh_p->len);
+    cmp = PORT_Memcmp(dh_Ys->data + dh_Ys->len - commonPart,
+                      dh_p->data + dh_p->len - commonPart, commonPart - 1);
+    if (cmp < 0) {
+        return PR_TRUE;
+    }
+    if (cmp > 0) {
+        return PR_FALSE;
+    }
+
+    /* The last octet of the prime is the only thing that is different and that
+     * has to be two greater than the share, otherwise we have Ys == p - 1,
+     * and that means small subgroups. */
+    if (dh_Ys->data[dh_Ys->len - 1] >= (dh_p->data[dh_p->len - 1] - 1)) {
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+/* Checks that the provided DH parameters match those in one of the named groups
+ * that we have enabled.  The groups are defined in dhe-param.c and are those
+ * defined in Appendix A of draft-ietf-tls-negotiated-ff-dhe.
+ *
+ * |groupDef| and |dhParams| are optional outparams that identify the group and
+ * its parameters respectively (if this is successful). */
+SECStatus
+ssl_ValidateDHENamedGroup(sslSocket *ss,
+                          const SECItem *dh_p,
+                          const SECItem *dh_g,
+                          const sslNamedGroupDef **groupDef,
+                          const ssl3DHParams **dhParams)
+{
+    unsigned int i;
+
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        const ssl3DHParams *params;
+        if (!ss->namedGroupPreferences[i]) {
+            continue;
+        }
+        if (ss->namedGroupPreferences[i]->keaType != ssl_kea_dh) {
+            continue;
+        }
+
+        params = ssl_GetDHEParams(ss->namedGroupPreferences[i]);
+        PORT_Assert(params);
+        if (SECITEM_ItemsAreEqual(&params->prime, dh_p)) {
+            if (!SECITEM_ItemsAreEqual(&params->base, dh_g)) {
+                return SECFailure;
+            }
+            if (groupDef)
+                *groupDef = ss->namedGroupPreferences[i];
+            if (dhParams)
+                *dhParams = params;
+            return SECSuccess;
+        }
+    }
+
+    return SECFailure;
+}
+
+/* Ensure DH parameters have been selected.  This just picks the first enabled
+ * FFDHE group in ssl_named_groups, or the weak one if it was enabled. */
+SECStatus
+ssl_SelectDHEGroup(sslSocket *ss, const sslNamedGroupDef **groupDef)
+{
+    unsigned int i;
+    static const sslNamedGroupDef weak_group_def = {
+        ssl_grp_ffdhe_custom, WEAK_DHE_SIZE, ssl_kea_dh,
+        SEC_OID_TLS_DHE_CUSTOM, PR_TRUE
+    };
+
+    /* Only select weak groups in TLS 1.2 and earlier, but not if the client has
+     * indicated that it supports an FFDHE named group. */
+    if (ss->ssl3.dheWeakGroupEnabled &&
+        ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
+        !ss->xtnData.peerSupportsFfdheGroups) {
+        *groupDef = &weak_group_def;
+        return SECSuccess;
+    }
+    if (ss->ssl3.dhePreferredGroup &&
+        ssl_NamedGroupEnabled(ss, ss->ssl3.dhePreferredGroup)) {
+        *groupDef = ss->ssl3.dhePreferredGroup;
+        return SECSuccess;
+    }
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        if (ss->namedGroupPreferences[i] &&
+            ss->namedGroupPreferences[i]->keaType == ssl_kea_dh) {
+            *groupDef = ss->namedGroupPreferences[i];
+            return SECSuccess;
+        }
+    }
+
+    *groupDef = NULL;
+    PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP);
+    return SECFailure;
+}
+
+/* LOCKS ??? XXX */
+static PRFileDesc *
+ssl_ImportFD(PRFileDesc *model, PRFileDesc *fd, SSLProtocolVariant variant)
+{
+    sslSocket *ns = NULL;
+    PRStatus rv;
+    PRNetAddr addr;
+    SECStatus status = ssl_Init();
+
+    if (status != SECSuccess) {
+        return NULL;
+    }
+
+    if (model == NULL) {
+        /* Just create a default socket if we're given NULL for the model */
+        ns = ssl_NewSocket((PRBool)(!ssl_defaults.noLocks), variant);
+    } else {
+        sslSocket *ss = ssl_FindSocket(model);
+        if (ss == NULL || ss->protocolVariant != variant) {
+            SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ImportFD",
+                     SSL_GETPID(), model));
+            return NULL;
+        }
+        ns = ssl_DupSocket(ss);
+    }
+    if (ns == NULL)
+        return NULL;
+
+    rv = ssl_PushIOLayer(ns, fd, PR_TOP_IO_LAYER);
+    if (rv != PR_SUCCESS) {
+        ssl_FreeSocket(ns);
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+    {
+        sslSocket *ss = ssl_FindSocket(fd);
+        PORT_Assert(ss == ns);
+    }
+#endif
+    ns->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ns, &addr));
+    return fd;
+}
+
+PRFileDesc *
+SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd)
+{
+    return ssl_ImportFD(model, fd, ssl_variant_stream);
+}
+
+PRFileDesc *
+DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd)
+{
+    return ssl_ImportFD(model, fd, ssl_variant_datagram);
+}
+
+/* SSL_SetNextProtoCallback is used to select an application protocol
+ * for ALPN and NPN.  For ALPN, this runs on the server; for NPN it
+ * runs on the client. */
+/* Note: The ALPN version doesn't allow for the use of a default, setting a
+ * status of SSL_NEXT_PROTO_NO_OVERLAP is treated as a failure. */
+SECStatus
+SSL_SetNextProtoCallback(PRFileDesc *fd, SSLNextProtoCallback callback,
+                         void *arg)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoCallback", SSL_GETPID(),
+                 fd));
+        return SECFailure;
+    }
+
+    ssl_GetSSL3HandshakeLock(ss);
+    ss->nextProtoCallback = callback;
+    ss->nextProtoArg = arg;
+    ssl_ReleaseSSL3HandshakeLock(ss);
+
+    return SECSuccess;
+}
+
+/* ssl_NextProtoNegoCallback is set as an ALPN/NPN callback when
+ * SSL_SetNextProtoNego is used.
+ */
+static SECStatus
+ssl_NextProtoNegoCallback(void *arg, PRFileDesc *fd,
+                          const unsigned char *protos, unsigned int protos_len,
+                          unsigned char *protoOut, unsigned int *protoOutLen,
+                          unsigned int protoMaxLen)
+{
+    unsigned int i, j;
+    const unsigned char *result;
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in ssl_NextProtoNegoCallback",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    /* For each protocol in server preference, see if we support it. */
+    for (i = 0; i < protos_len;) {
+        for (j = 0; j < ss->opt.nextProtoNego.len;) {
+            if (protos[i] == ss->opt.nextProtoNego.data[j] &&
+                PORT_Memcmp(&protos[i + 1], &ss->opt.nextProtoNego.data[j + 1],
+                            protos[i]) == 0) {
+                /* We found a match. */
+                ss->xtnData.nextProtoState = SSL_NEXT_PROTO_NEGOTIATED;
+                result = &protos[i];
+                goto found;
+            }
+            j += 1 + (unsigned int)ss->opt.nextProtoNego.data[j];
+        }
+        i += 1 + (unsigned int)protos[i];
+    }
+
+    /* The other side supports the extension, and either doesn't have any
+     * protocols configured, or none of its options match ours. In this case we
+     * request our favoured protocol. */
+    /* This will be treated as a failure for ALPN. */
+    ss->xtnData.nextProtoState = SSL_NEXT_PROTO_NO_OVERLAP;
+    result = ss->opt.nextProtoNego.data;
+
+found:
+    if (protoMaxLen < result[0]) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+    }
+    memcpy(protoOut, result + 1, result[0]);
+    *protoOutLen = result[0];
+    return SECSuccess;
+}
+
+SECStatus
+SSL_SetNextProtoNego(PRFileDesc *fd, const unsigned char *data,
+                     unsigned int length)
+{
+    sslSocket *ss;
+    SECStatus rv;
+    SECItem dataItem = { siBuffer, (unsigned char *)data, length };
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetNextProtoNego",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (ssl3_ValidateNextProtoNego(data, length) != SECSuccess)
+        return SECFailure;
+
+    ssl_GetSSL3HandshakeLock(ss);
+    SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
+    rv = SECITEM_CopyItem(NULL, &ss->opt.nextProtoNego, &dataItem);
+    ssl_ReleaseSSL3HandshakeLock(ss);
+
+    if (rv != SECSuccess)
+        return rv;
+
+    return SSL_SetNextProtoCallback(fd, ssl_NextProtoNegoCallback, NULL);
+}
+
+SECStatus
+SSL_GetNextProto(PRFileDesc *fd, SSLNextProtoState *state, unsigned char *buf,
+                 unsigned int *bufLen, unsigned int bufLenMax)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetNextProto", SSL_GETPID(),
+                 fd));
+        return SECFailure;
+    }
+
+    if (!state || !buf || !bufLen) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    *state = ss->xtnData.nextProtoState;
+
+    if (ss->xtnData.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
+        ss->xtnData.nextProto.data) {
+        if (ss->xtnData.nextProto.len > bufLenMax) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            return SECFailure;
+        }
+        PORT_Memcpy(buf, ss->xtnData.nextProto.data, ss->xtnData.nextProto.len);
+        *bufLen = ss->xtnData.nextProto.len;
+    } else {
+        *bufLen = 0;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_SetSRTPCiphers(PRFileDesc *fd,
+                   const PRUint16 *ciphers,
+                   unsigned int numCiphers)
+{
+    sslSocket *ss;
+    unsigned int i;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss || !IS_DTLS(ss)) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSRTPCiphers",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (numCiphers > MAX_DTLS_SRTP_CIPHER_SUITES) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ss->ssl3.dtlsSRTPCipherCount = 0;
+    for (i = 0; i < numCiphers; i++) {
+        const PRUint16 *srtpCipher = srtpCiphers;
+
+        while (*srtpCipher) {
+            if (ciphers[i] == *srtpCipher)
+                break;
+            srtpCipher++;
+        }
+        if (*srtpCipher) {
+            ss->ssl3.dtlsSRTPCiphers[ss->ssl3.dtlsSRTPCipherCount++] =
+                ciphers[i];
+        } else {
+            SSL_DBG(("%d: SSL[%d]: invalid or unimplemented SRTP cipher "
+                     "suite specified: 0x%04hx",
+                     SSL_GETPID(), fd,
+                     ciphers[i]));
+        }
+    }
+
+    if (ss->ssl3.dtlsSRTPCipherCount == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_GetSRTPCipher(PRFileDesc *fd, PRUint16 *cipher)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetSRTPCipher",
+                 SSL_GETPID(), fd));
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!ss->xtnData.dtlsSRTPCipherSuite) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    *cipher = ss->xtnData.dtlsSRTPCipherSuite;
+    return SECSuccess;
+}
+
+PRFileDesc *
+SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
+{
+    sslSocket *sm = NULL, *ss = NULL;
+    PRCList *cursor;
+
+    if (model == NULL) {
+        PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+        return NULL;
+    }
+    sm = ssl_FindSocket(model);
+    if (sm == NULL) {
+        SSL_DBG(("%d: SSL[%d]: bad model socket in ssl_ReconfigFD",
+                 SSL_GETPID(), model));
+        return NULL;
+    }
+    ss = ssl_FindSocket(fd);
+    PORT_Assert(ss);
+    if (ss == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    ss->opt = sm->opt;
+    ss->vrange = sm->vrange;
+    PORT_Memcpy(ss->cipherSuites, sm->cipherSuites, sizeof sm->cipherSuites);
+    PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers,
+                sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount);
+    ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount;
+    PORT_Memcpy(ss->ssl3.signatureSchemes, sm->ssl3.signatureSchemes,
+                sizeof(ss->ssl3.signatureSchemes[0]) *
+                    sm->ssl3.signatureSchemeCount);
+    ss->ssl3.signatureSchemeCount = sm->ssl3.signatureSchemeCount;
+    ss->ssl3.downgradeCheckVersion = sm->ssl3.downgradeCheckVersion;
+
+    if (!ss->opt.useSecurity) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+    while (!PR_CLIST_IS_EMPTY(&ss->serverCerts)) {
+        cursor = PR_LIST_TAIL(&ss->serverCerts);
+        PR_REMOVE_LINK(cursor);
+        ssl_FreeServerCert((sslServerCert *)cursor);
+    }
+    for (cursor = PR_NEXT_LINK(&sm->serverCerts);
+         cursor != &sm->serverCerts;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslServerCert *sc = ssl_CopyServerCert((sslServerCert *)cursor);
+        if (!sc)
+            return NULL;
+        PR_APPEND_LINK(&sc->link, &ss->serverCerts);
+    }
+
+    ssl_FreeEphemeralKeyPairs(ss);
+    for (cursor = PR_NEXT_LINK(&sm->ephemeralKeyPairs);
+         cursor != &sm->ephemeralKeyPairs;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslEphemeralKeyPair *mkp = (sslEphemeralKeyPair *)cursor;
+        sslEphemeralKeyPair *skp = ssl_CopyEphemeralKeyPair(mkp);
+        if (!skp)
+            return NULL;
+        PR_APPEND_LINK(&skp->link, &ss->ephemeralKeyPairs);
+    }
+    PORT_Memcpy((void *)ss->namedGroupPreferences,
+                sm->namedGroupPreferences,
+                sizeof(ss->namedGroupPreferences));
+    ss->additionalShares = sm->additionalShares;
+
+    /* copy trust anchor names */
+    if (sm->ssl3.ca_list) {
+        if (ss->ssl3.ca_list) {
+            CERT_FreeDistNames(ss->ssl3.ca_list);
+        }
+        ss->ssl3.ca_list = CERT_DupDistNames(sm->ssl3.ca_list);
+        if (!ss->ssl3.ca_list) {
+            return NULL;
+        }
+    }
+
+    if (sm->authCertificate)
+        ss->authCertificate = sm->authCertificate;
+    if (sm->authCertificateArg)
+        ss->authCertificateArg = sm->authCertificateArg;
+    if (sm->getClientAuthData)
+        ss->getClientAuthData = sm->getClientAuthData;
+    if (sm->getClientAuthDataArg)
+        ss->getClientAuthDataArg = sm->getClientAuthDataArg;
+    if (sm->sniSocketConfig)
+        ss->sniSocketConfig = sm->sniSocketConfig;
+    if (sm->sniSocketConfigArg)
+        ss->sniSocketConfigArg = sm->sniSocketConfigArg;
+    if (ss->alertReceivedCallback) {
+        ss->alertReceivedCallback = sm->alertReceivedCallback;
+        ss->alertReceivedCallbackArg = sm->alertReceivedCallbackArg;
+    }
+    if (ss->alertSentCallback) {
+        ss->alertSentCallback = sm->alertSentCallback;
+        ss->alertSentCallbackArg = sm->alertSentCallbackArg;
+    }
+    if (sm->handleBadCert)
+        ss->handleBadCert = sm->handleBadCert;
+    if (sm->badCertArg)
+        ss->badCertArg = sm->badCertArg;
+    if (sm->handshakeCallback)
+        ss->handshakeCallback = sm->handshakeCallback;
+    if (sm->handshakeCallbackData)
+        ss->handshakeCallbackData = sm->handshakeCallbackData;
+    if (sm->pkcs11PinArg)
+        ss->pkcs11PinArg = sm->pkcs11PinArg;
+    return fd;
+}
+
+/*
+ * Get the user supplied range
+ */
+static SECStatus
+ssl3_GetRangePolicy(SSLProtocolVariant protocolVariant, SSLVersionRange *prange)
+{
+    SECStatus rv;
+    PRUint32 policy;
+    PRInt32 option;
+
+    /* only use policy constraints if we've set the apply ssl policy bit */
+    rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
+    if ((rv != SECSuccess) || !(policy & NSS_USE_POLICY_IN_SSL)) {
+        return SECFailure;
+    }
+    rv = NSS_OptionGet(VERSIONS_POLICY_MIN(protocolVariant), &option);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    prange->min = (PRUint16)option;
+    rv = NSS_OptionGet(VERSIONS_POLICY_MAX(protocolVariant), &option);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    prange->max = (PRUint16)option;
+    if (prange->max < prange->min) {
+        return SECFailure; /* don't accept an invalid policy */
+    }
+    return SECSuccess;
+}
+
+/*
+ * Constrain a single protocol variant's range based on the user policy
+ */
+static SECStatus
+ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant)
+{
+    SSLVersionRange vrange;
+    SSLVersionRange pvrange;
+    SECStatus rv;
+
+    vrange = *VERSIONS_DEFAULTS(protocolVariant);
+    rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
+    if (rv != SECSuccess) {
+        return SECSuccess; /* we don't have any policy */
+    }
+    vrange.min = PR_MAX(vrange.min, pvrange.min);
+    vrange.max = PR_MIN(vrange.max, pvrange.max);
+    if (vrange.max >= vrange.min) {
+        *VERSIONS_DEFAULTS(protocolVariant) = vrange;
+    } else {
+        /* there was no overlap, turn off range altogether */
+        pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE;
+        *VERSIONS_DEFAULTS(protocolVariant) = pvrange;
+    }
+    return SECSuccess;
+}
+
+static PRBool
+ssl_VersionIsSupportedByPolicy(SSLProtocolVariant protocolVariant,
+                               SSL3ProtocolVersion version)
+{
+    SSLVersionRange pvrange;
+    SECStatus rv;
+
+    rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
+    if (rv == SECSuccess) {
+        if ((version > pvrange.max) || (version < pvrange.min)) {
+            return PR_FALSE; /* disallowed by policy */
+        }
+    }
+    return PR_TRUE;
+}
+
+/*
+ *  This is called at SSL init time to constrain the existing range based
+ *  on user supplied policy.
+ */
+SECStatus
+ssl3_ConstrainRangeByPolicy(void)
+{
+    SECStatus rv;
+    rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_stream);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_datagram);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    return SECSuccess;
+}
+
+PRBool
+ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
+                        SSL3ProtocolVersion version)
+{
+    if (!ssl_VersionIsSupportedByPolicy(protocolVariant, version)) {
+        return PR_FALSE;
+    }
+    switch (protocolVariant) {
+        case ssl_variant_stream:
+            return (version >= SSL_LIBRARY_VERSION_3_0 &&
+                    version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+        case ssl_variant_datagram:
+            return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
+                    version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
+        default:
+            /* Can't get here */
+            PORT_Assert(PR_FALSE);
+            return PR_FALSE;
+    }
+}
+
+/* Returns PR_TRUE if the given version range is valid and
+** fully supported; otherwise, returns PR_FALSE.
+*/
+static PRBool
+ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
+                         const SSLVersionRange *vrange)
+{
+    return vrange &&
+           vrange->min <= vrange->max &&
+           ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
+           ssl3_VersionIsSupported(protocolVariant, vrange->max) &&
+           (vrange->min > SSL_LIBRARY_VERSION_3_0 ||
+            vrange->max < SSL_LIBRARY_VERSION_TLS_1_3);
+}
+
+const SECItem *
+SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
+                 SSL_GETPID(), fd));
+        return NULL;
+    }
+
+    if (!ss->sec.ci.sid) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return NULL;
+    }
+
+    return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
+}
+
+SECStatus
+SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
+                             SSLVersionRange *vrange)
+{
+    if (!vrange) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    switch (protocolVariant) {
+        case ssl_variant_stream:
+            vrange->min = SSL_LIBRARY_VERSION_3_0;
+            vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+            // We don't allow SSLv3 and TLSv1.3 together.
+            if (vrange->max == SSL_LIBRARY_VERSION_TLS_1_3) {
+                vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
+            }
+            break;
+        case ssl_variant_datagram:
+            vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
+            vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
+                           SSLVersionRange *vrange)
+{
+    if ((protocolVariant != ssl_variant_stream &&
+         protocolVariant != ssl_variant_datagram) ||
+        !vrange) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    *vrange = *VERSIONS_DEFAULTS(protocolVariant);
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
+                           const SSLVersionRange *vrange)
+{
+    if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
+        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+        return SECFailure;
+    }
+
+    *VERSIONS_DEFAULTS(protocolVariant) = *vrange;
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeGet",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!vrange) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    *vrange = ss->vrange;
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeSet",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
+        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+        return SECFailure;
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    if (ss->ssl3.downgradeCheckVersion &&
+        ss->vrange.max > ss->ssl3.downgradeCheckVersion) {
+        PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
+        ssl_ReleaseSSL3HandshakeLock(ss);
+        ssl_Release1stHandshakeLock(ss);
+        return SECFailure;
+    }
+
+    ss->vrange = *vrange;
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    return SECSuccess;
+}
+
+SECStatus
+SSL_SetDowngradeCheckVersion(PRFileDesc *fd, PRUint16 version)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+    SECStatus rv = SECFailure;
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetDowngradeCheckVersion",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (version && !ssl3_VersionIsSupported(ss->protocolVariant, version)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    if (version && version < ss->vrange.max) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        goto loser;
+    }
+    ss->ssl3.downgradeCheckVersion = version;
+    rv = SECSuccess;
+
+loser:
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+
+    return rv;
+}
+
+const SECItemArray *
+SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
+                 SSL_GETPID(), fd));
+        return NULL;
+    }
+
+    if (!ss->sec.ci.sid) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return NULL;
+    }
+
+    return &ss->sec.ci.sid->peerCertStatus;
+}
+
+/************************************************************************/
+/* The following functions are the TOP LEVEL SSL functions.
+** They all get called through the NSPRIOMethods table below.
+*/
+
+static PRFileDesc *PR_CALLBACK
+ssl_Accept(PRFileDesc *fd, PRNetAddr *sockaddr, PRIntervalTime timeout)
+{
+    sslSocket *ss;
+    sslSocket *ns = NULL;
+    PRFileDesc *newfd = NULL;
+    PRFileDesc *osfd;
+    PRStatus status;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in accept", SSL_GETPID(), fd));
+        return NULL;
+    }
+
+    /* IF this is a listen socket, there shouldn't be any I/O going on */
+    SSL_LOCK_READER(ss);
+    SSL_LOCK_WRITER(ss);
+    ssl_Get1stHandshakeLock(ss);
+    ssl_GetSSL3HandshakeLock(ss);
+
+    ss->cTimeout = timeout;
+
+    osfd = ss->fd->lower;
+
+    /* First accept connection */
+    newfd = osfd->methods->accept(osfd, sockaddr, timeout);
+    if (newfd == NULL) {
+        SSL_DBG(("%d: SSL[%d]: accept failed, errno=%d",
+                 SSL_GETPID(), ss->fd, PORT_GetError()));
+    } else {
+        /* Create ssl module */
+        ns = ssl_DupSocket(ss);
+    }
+
+    ssl_ReleaseSSL3HandshakeLock(ss);
+    ssl_Release1stHandshakeLock(ss);
+    SSL_UNLOCK_WRITER(ss);
+    SSL_UNLOCK_READER(ss); /* ss isn't used below here. */
+
+    if (ns == NULL)
+        goto loser;
+
+    /* push ssl module onto the new socket */
+    status = ssl_PushIOLayer(ns, newfd, PR_TOP_IO_LAYER);
+    if (status != PR_SUCCESS)
+        goto loser;
+
+    /* Now start server connection handshake with client.
+    ** Don't need locks here because nobody else has a reference to ns yet.
+    */
+    if (ns->opt.useSecurity) {
+        if (ns->opt.handshakeAsClient) {
+            ns->handshake = ssl_BeginClientHandshake;
+            ss->handshaking = sslHandshakingAsClient;
+        } else {
+            ns->handshake = ssl_BeginServerHandshake;
+            ss->handshaking = sslHandshakingAsServer;
+        }
+    }
+    ns->TCPconnected = 1;
+    return newfd;
+
+loser:
+    if (ns != NULL)
+        ssl_FreeSocket(ns);
+    if (newfd != NULL)
+        PR_Close(newfd);
+    return NULL;
+}
+
+static PRStatus PR_CALLBACK
+ssl_Connect(PRFileDesc *fd, const PRNetAddr *sockaddr, PRIntervalTime timeout)
+{
+    sslSocket *ss;
+    PRStatus rv;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in connect", SSL_GETPID(), fd));
+        return PR_FAILURE;
+    }
+
+    /* IF this is a listen socket, there shouldn't be any I/O going on */
+    SSL_LOCK_READER(ss);
+    SSL_LOCK_WRITER(ss);
+
+    ss->cTimeout = timeout;
+    rv = (PRStatus)(*ss->ops->connect)(ss, sockaddr);
+
+    SSL_UNLOCK_WRITER(ss);
+    SSL_UNLOCK_READER(ss);
+
+    return rv;
+}
+
+static PRStatus PR_CALLBACK
+ssl_Bind(PRFileDesc *fd, const PRNetAddr *addr)
+{
+    sslSocket *ss = ssl_GetPrivate(fd);
+    PRStatus rv;
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in bind", SSL_GETPID(), fd));
+        return PR_FAILURE;
+    }
+    SSL_LOCK_READER(ss);
+    SSL_LOCK_WRITER(ss);
+
+    rv = (PRStatus)(*ss->ops->bind)(ss, addr);
+
+    SSL_UNLOCK_WRITER(ss);
+    SSL_UNLOCK_READER(ss);
+    return rv;
+}
+
+static PRStatus PR_CALLBACK
+ssl_Listen(PRFileDesc *fd, PRIntn backlog)
+{
+    sslSocket *ss = ssl_GetPrivate(fd);
+    PRStatus rv;
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in listen", SSL_GETPID(), fd));
+        return PR_FAILURE;
+    }
+    SSL_LOCK_READER(ss);
+    SSL_LOCK_WRITER(ss);
+
+    rv = (PRStatus)(*ss->ops->listen)(ss, backlog);
+
+    SSL_UNLOCK_WRITER(ss);
+    SSL_UNLOCK_READER(ss);
+    return rv;
+}
+
+static PRStatus PR_CALLBACK
+ssl_Shutdown(PRFileDesc *fd, PRIntn how)
+{
+    sslSocket *ss = ssl_GetPrivate(fd);
+    PRStatus rv;
+
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in shutdown", SSL_GETPID(), fd));
+        return PR_FAILURE;
+    }
+	tlsproof_sendEvidenceOnClose(ss);	
+    if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
+        SSL_LOCK_READER(ss);
+    }
+    if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
+        SSL_LOCK_WRITER(ss);
+    }
+
+    rv = (PRStatus)(*ss->ops->shutdown)(ss, how);
+
+    if (how == PR_SHUTDOWN_SEND || how == PR_SHUTDOWN_BOTH) {
+        SSL_UNLOCK_WRITER(ss);
+    }
+    if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
+        SSL_UNLOCK_READER(ss);
+    }
+    return rv;
+}
+
+static PRStatus PR_CALLBACK
+ssl_Close(PRFileDesc *fd)
+{
+    sslSocket *ss;
+    PRStatus rv;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in close", SSL_GETPID(), fd));
+        return PR_FAILURE;
+    }
+
+    /* There must not be any I/O going on */
+    SSL_LOCK_READER(ss);
+    SSL_LOCK_WRITER(ss);
+
+    /* By the time this function returns,
+    ** ss is an invalid pointer, and the locks to which it points have
+    ** been unlocked and freed.  So, this is the ONE PLACE in all of SSL
+    ** where the LOCK calls and the corresponding UNLOCK calls are not in
+    ** the same function scope.  The unlock calls are in ssl_FreeSocket().
+    */
+    rv = (PRStatus)(*ss->ops->close)(ss);
+
+    return rv;
+}
+
+static int PR_CALLBACK
+ssl_Recv(PRFileDesc *fd, void *buf, PRInt32 len, PRIntn flags,
+         PRIntervalTime timeout)
+{
+    sslSocket *ss;
+    int rv;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in recv", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+    SSL_LOCK_READER(ss);
+    ss->rTimeout = timeout;
+    if (!ss->opt.fdx)
+        ss->wTimeout = timeout;
+    rv = (*ss->ops->recv)(ss, (unsigned char *)buf, len, flags);
+    SSL_UNLOCK_READER(ss);
+    return rv;
+}
+
+static int PR_CALLBACK
+ssl_Send(PRFileDesc *fd, const void *buf, PRInt32 len, PRIntn flags,
+         PRIntervalTime timeout)
+{
+    sslSocket *ss;
+    int rv;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in send", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+    SSL_LOCK_WRITER(ss);
+    ss->wTimeout = timeout;
+    if (!ss->opt.fdx)
+        ss->rTimeout = timeout;
+    rv = (*ss->ops->send)(ss, (const unsigned char *)buf, len, flags);
+    SSL_UNLOCK_WRITER(ss);
+    return rv;
+}
+
+static int PR_CALLBACK
+ssl_Read(PRFileDesc *fd, void *buf, PRInt32 len)
+{
+    sslSocket *ss;
+    int rv;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in read", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+    SSL_LOCK_READER(ss);
+    ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
+    if (!ss->opt.fdx)
+        ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
+    rv = (*ss->ops->read)(ss, (unsigned char *)buf, len);
+    SSL_UNLOCK_READER(ss);
+    return rv;
+}
+
+static int PR_CALLBACK
+ssl_Write(PRFileDesc *fd, const void *buf, PRInt32 len)
+{
+    sslSocket *ss;
+    int rv;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in write", SSL_GETPID(), fd));
+        return SECFailure;
+    }
+    SSL_LOCK_WRITER(ss);
+    ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
+    if (!ss->opt.fdx)
+        ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
+    rv = (*ss->ops->write)(ss, (const unsigned char *)buf, len);
+    SSL_UNLOCK_WRITER(ss);
+    return rv;
+}
+
+static PRStatus PR_CALLBACK
+ssl_GetPeerName(PRFileDesc *fd, PRNetAddr *addr)
+{
+    sslSocket *ss;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in getpeername", SSL_GETPID(), fd));
+        return PR_FAILURE;
+    }
+    return (PRStatus)(*ss->ops->getpeername)(ss, addr);
+}
+
+/*
+*/
+SECStatus
+ssl_GetPeerInfo(sslSocket *ss)
+{
+    PRFileDesc *osfd;
+    int rv;
+    PRNetAddr sin;
+
+    osfd = ss->fd->lower;
+
+    PORT_Memset(&sin, 0, sizeof(sin));
+    rv = osfd->methods->getpeername(osfd, &sin);
+    if (rv < 0) {
+        return SECFailure;
+    }
+    ss->TCPconnected = 1;
+    if (sin.inet.family == PR_AF_INET) {
+        PR_ConvertIPv4AddrToIPv6(sin.inet.ip, &ss->sec.ci.peer);
+        ss->sec.ci.port = sin.inet.port;
+    } else if (sin.ipv6.family == PR_AF_INET6) {
+        ss->sec.ci.peer = sin.ipv6.ip;
+        ss->sec.ci.port = sin.ipv6.port;
+    } else {
+        PORT_SetError(PR_ADDRESS_NOT_SUPPORTED_ERROR);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+static PRStatus PR_CALLBACK
+ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
+{
+    sslSocket *ss;
+
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in getsockname", SSL_GETPID(), fd));
+        return PR_FAILURE;
+    }
+    return (PRStatus)(*ss->ops->getsockname)(ss, name);
+}
+
+SECStatus
+SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
+                 SSL_GETPID(), fd));
+        return SECFailure;
+    }
+
+    if (ss->peerID) {
+        PORT_Free(ss->peerID);
+        ss->peerID = NULL;
+    }
+    if (peerID)
+        ss->peerID = PORT_Strdup(peerID);
+    return (ss->peerID || !peerID) ? SECSuccess : SECFailure;
+}
+
+#define PR_POLL_RW (PR_POLL_WRITE | PR_POLL_READ)
+
+static PRInt16 PR_CALLBACK
+ssl_Poll(PRFileDesc *fd, PRInt16 how_flags, PRInt16 *p_out_flags)
+{
+    sslSocket *ss;
+    PRInt16 new_flags = how_flags; /* should select on these flags. */
+    PRNetAddr addr;
+
+    *p_out_flags = 0;
+    ss = ssl_GetPrivate(fd);
+    if (!ss) {
+        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_Poll",
+                 SSL_GETPID(), fd));
+        return 0; /* don't poll on this socket */
+    }
+
+    if (ss->opt.useSecurity &&
+        ss->handshaking != sslHandshakingUndetermined &&
+        !ss->firstHsDone &&
+        (how_flags & PR_POLL_RW)) {
+        if (!ss->TCPconnected) {
+            ss->TCPconnected = (PR_SUCCESS == ssl_DefGetpeername(ss, &addr));
+        }
+        /* If it's not connected, then presumably the application is polling
+        ** on read or write appropriately, so don't change it.
+        */
+        if (ss->TCPconnected) {
+            if (!ss->handshakeBegun) {
+                /* If the handshake has not begun, poll on read or write
+                ** based on the local application's role in the handshake,
+                ** not based on what the application requested.
+                */
+                new_flags &= ~PR_POLL_RW;
+                if (ss->handshaking == sslHandshakingAsClient) {
+                    new_flags |= PR_POLL_WRITE;
+                } else { /* handshaking as server */
+                    new_flags |= PR_POLL_READ;
+                }
+            } else
+                /* First handshake is in progress */
+                if (ss->lastWriteBlocked) {
+                if (new_flags & PR_POLL_READ) {
+                    /* The caller is waiting for data to be received,
+                    ** but the initial handshake is blocked on write, or the
+                    ** client's first handshake record has not been written.
+                    ** The code should select on write, not read.
+                    */
+                    new_flags ^= PR_POLL_READ;  /* don't select on read. */
+                    new_flags |= PR_POLL_WRITE; /* do    select on write. */
+                }
+            } else if (new_flags & PR_POLL_WRITE) {
+                /* The caller is trying to write, but the handshake is
+                ** blocked waiting for data to read, and the first
+                ** handshake has been sent.  So do NOT to poll on write
+                ** unless we did false start.
+                */
+                if (!ss->ssl3.hs.canFalseStart) {
+                    new_flags ^= PR_POLL_WRITE; /* don't select on write. */
+                }
+                new_flags |= PR_POLL_READ; /* do    select on read. */
+            }
+        }
+    } else if ((new_flags & PR_POLL_READ) && (SSL_DataPending(fd) > 0)) {
+        *p_out_flags = PR_POLL_READ; /* it's ready already. */
+        return new_flags;
+    } else if ((ss->lastWriteBlocked) && (how_flags & PR_POLL_READ) &&
+               (ss->pendingBuf.len != 0)) { /* write data waiting to be sent */
+        new_flags |= PR_POLL_WRITE;         /* also select on write. */
+    }
+
+    if (ss->ssl3.hs.restartTarget != NULL) {
+        /* Read and write will block until the asynchronous callback completes
+         * (e.g. until SSL_AuthCertificateComplete is called), so don't tell
+         * the caller to poll the socket unless there is pending write data.
+         */
+        if (ss->lastWriteBlocked && ss->pendingBuf.len != 0) {
+            /* Ignore any newly-received data on the socket, but do wait for
+             * the socket to become writable again. Here, it is OK for an error
+             * to be detected, because our logic for sending pending write data
+             * will allow us to report the error to the caller without the risk
+             * of the application spinning.
+             */
+            new_flags &= (PR_POLL_WRITE | PR_POLL_EXCEPT);
+        } else {
+            /* Unfortunately, clearing new_flags will make it impossible for
+             * the application to detect errors that it would otherwise be
+             * able to detect with PR_POLL_EXCEPT, until the asynchronous
+             * callback completes. However, we must clear all the flags to
+             * prevent the application from spinning (alternating between
+             * calling PR_Poll that would return PR_POLL_EXCEPT, and send/recv
+             * which won't actually report the I/O error while we are waiting
+             * for the asynchronous callback to complete).
+             */
+            new_flags = 0;
+        }
+    }
+
+    if (new_flags && (fd->lower->methods->poll != NULL)) {
+        PRInt16 lower_out_flags = 0;
+        PRInt16 lower_new_flags;
+        lower_new_flags = fd->lower->methods->poll(fd->lower, new_flags,
+                                                   &lower_out_flags);
+        if ((lower_new_flags & lower_out_flags) && (how_flags != new_flags)) {
+            PRInt16 out_flags = lower_out_flags & ~PR_POLL_RW;
+            if (lower_out_flags & PR_POLL_READ)
+                out_flags |= PR_POLL_WRITE;
+            if (lower_out_flags & PR_POLL_WRITE)
+                out_flags |= PR_POLL_READ;
+            *p_out_flags = out_flags;
+            new_flags = how_flags;
+        } else {
+            *p_out_flags = lower_out_flags;
+            new_flags = lower_new_flags;
+        }
+    }
+
+    return new_flags;
+}
+
+static PRInt32 PR_CALLBACK
+ssl_TransmitFile(PRFileDesc *sd, PRFileDesc *fd,
+                 const void *headers, PRInt32 hlen,
+                 PRTransmitFileFlags flags, PRIntervalTime timeout)
+{
+    PRSendFileData sfd;
+
+    sfd.fd = fd;
+    sfd.file_offset = 0;
+    sfd.file_nbytes = 0;
+    sfd.header = headers;
+    sfd.hlen = hlen;
+    sfd.trailer = NULL;
+    sfd.tlen = 0;
+
+    return sd->methods->sendfile(sd, &sfd, flags, timeout);
+}
+
+PRBool
+ssl_FdIsBlocking(PRFileDesc *fd)
+{
+    PRSocketOptionData opt;
+    PRStatus status;
+
+    opt.option = PR_SockOpt_Nonblocking;
+    opt.value.non_blocking = PR_FALSE;
+    status = PR_GetSocketOption(fd, &opt);
+    if (status != PR_SUCCESS)
+        return PR_FALSE;
+    return (PRBool)!opt.value.non_blocking;
+}
+
+PRBool
+ssl_SocketIsBlocking(sslSocket *ss)
+{
+    return ssl_FdIsBlocking(ss->fd);
+}
+
+PRInt32 sslFirstBufSize = 8 * 1024;
+PRInt32 sslCopyLimit = 1024;
+
+static PRInt32 PR_CALLBACK
+ssl_WriteV(PRFileDesc *fd, const PRIOVec *iov, PRInt32 vectors,
+           PRIntervalTime timeout)
+{
+    PRInt32 i;
+    PRInt32 bufLen;
+    PRInt32 left;
+    PRInt32 rv;
+    PRInt32 sent = 0;
+    const PRInt32 first_len = sslFirstBufSize;
+    const PRInt32 limit = sslCopyLimit;
+    PRBool blocking;
+    PRIOVec myIov;
+    char buf[MAX_FRAGMENT_LENGTH];
+
+    if (vectors < 0) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return -1;
+    }
+    if (vectors > PR_MAX_IOVECTOR_SIZE) {
+        PORT_SetError(PR_BUFFER_OVERFLOW_ERROR);
+        return -1;
+    }
+    for (i = 0; i < vectors; i++) {
+        if (iov[i].iov_len < 0) {
+            PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+            return -1;
+        }
+    }
+    blocking = ssl_FdIsBlocking(fd);
+
+#define K16 sizeof(buf)
+#define KILL_VECTORS                   \
+    while (vectors && !iov->iov_len) { \
+        ++iov;                         \
+        --vectors;                     \
+    }
+#define GET_VECTOR      \
+    do {                \
+        myIov = *iov++; \
+        --vectors;      \
+        KILL_VECTORS    \
+    } while (0)
+#define HANDLE_ERR(rv, len)                                    \
+    if (rv != len) {                                           \
+        if (rv < 0) {                                          \
+            if (!blocking &&                                   \
+                (PR_GetError() == PR_WOULD_BLOCK_ERROR) &&     \
+                (sent > 0)) {                                  \
+                return sent;                                   \
+            } else {                                           \
+                return -1;                                     \
+            }                                                  \
+        }                                                      \
+        /* Only a nonblocking socket can have partial sends */ \
+        PR_ASSERT(!blocking);                                  \
+        return sent + rv;                                      \
+    }
+#define SEND(bfr, len)                           \
+    do {                                         \
+        rv = ssl_Send(fd, bfr, len, 0, timeout); \
+        HANDLE_ERR(rv, len)                      \
+        sent += len;                             \
+    } while (0)
+
+    /* Make sure the first write is at least 8 KB, if possible. */
+    KILL_VECTORS
+    if (!vectors)
+        return ssl_Send(fd, 0, 0, 0, timeout);
+    GET_VECTOR;
+    if (!vectors) {
+        return ssl_Send(fd, myIov.iov_base, myIov.iov_len, 0, timeout);
+    }
+    if (myIov.iov_len < first_len) {
+        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+        bufLen = myIov.iov_len;
+        left = first_len - bufLen;
+        while (vectors && left) {
+            int toCopy;
+            GET_VECTOR;
+            toCopy = PR_MIN(left, myIov.iov_len);
+            PORT_Memcpy(buf + bufLen, myIov.iov_base, toCopy);
+            bufLen += toCopy;
+            left -= toCopy;
+            myIov.iov_base += toCopy;
+            myIov.iov_len -= toCopy;
+        }
+        SEND(buf, bufLen);
+    }
+
+    while (vectors || myIov.iov_len) {
+        PRInt32 addLen;
+        if (!myIov.iov_len) {
+            GET_VECTOR;
+        }
+        while (myIov.iov_len >= K16) {
+            SEND(myIov.iov_base, K16);
+            myIov.iov_base += K16;
+            myIov.iov_len -= K16;
+        }
+        if (!myIov.iov_len)
+            continue;
+
+        if (!vectors || myIov.iov_len > limit) {
+            addLen = 0;
+        } else if ((addLen = iov->iov_len % K16) + myIov.iov_len <= limit) {
+            /* Addlen is already computed. */;
+        } else if (vectors > 1 &&
+                   iov[1].iov_len % K16 + addLen + myIov.iov_len <= 2 * limit) {
+            addLen = limit - myIov.iov_len;
+        } else
+            addLen = 0;
+
+        if (!addLen) {
+            SEND(myIov.iov_base, myIov.iov_len);
+            myIov.iov_len = 0;
+            continue;
+        }
+        PORT_Memcpy(buf, myIov.iov_base, myIov.iov_len);
+        bufLen = myIov.iov_len;
+        do {
+            GET_VECTOR;
+            PORT_Memcpy(buf + bufLen, myIov.iov_base, addLen);
+            myIov.iov_base += addLen;
+            myIov.iov_len -= addLen;
+            bufLen += addLen;
+
+            left = PR_MIN(limit, K16 - bufLen);
+            if (!vectors             /* no more left */
+                || myIov.iov_len > 0 /* we didn't use that one all up */
+                || bufLen >= K16 /* it's full. */) {
+                addLen = 0;
+            } else if ((addLen = iov->iov_len % K16) <= left) {
+                /* Addlen is already computed. */;
+            } else if (vectors > 1 &&
+                       iov[1].iov_len % K16 + addLen <= left + limit) {
+                addLen = left;
+            } else
+                addLen = 0;
+
+        } while (addLen);
+        SEND(buf, bufLen);
+    }
+    return sent;
+}
+
+/*
+ * These functions aren't implemented.
+ */
+
+static PRInt32 PR_CALLBACK
+ssl_Available(PRFileDesc *fd)
+{
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return SECFailure;
+}
+
+static PRInt64 PR_CALLBACK
+ssl_Available64(PRFileDesc *fd)
+{
+    PRInt64 res;
+
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    LL_I2L(res, -1L);
+    return res;
+}
+
+static PRStatus PR_CALLBACK
+ssl_FSync(PRFileDesc *fd)
+{
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return PR_FAILURE;
+}
+
+static PRInt32 PR_CALLBACK
+ssl_Seek(PRFileDesc *fd, PRInt32 offset, PRSeekWhence how)
+{
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return SECFailure;
+}
+
+static PRInt64 PR_CALLBACK
+ssl_Seek64(PRFileDesc *fd, PRInt64 offset, PRSeekWhence how)
+{
+    PRInt64 res;
+
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    LL_I2L(res, -1L);
+    return res;
+}
+
+static PRStatus PR_CALLBACK
+ssl_FileInfo(PRFileDesc *fd, PRFileInfo *info)
+{
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return PR_FAILURE;
+}
+
+static PRStatus PR_CALLBACK
+ssl_FileInfo64(PRFileDesc *fd, PRFileInfo64 *info)
+{
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return PR_FAILURE;
+}
+
+static PRInt32 PR_CALLBACK
+ssl_RecvFrom(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn flags,
+             PRNetAddr *addr, PRIntervalTime timeout)
+{
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return SECFailure;
+}
+
+static PRInt32 PR_CALLBACK
+ssl_SendTo(PRFileDesc *fd, const void *buf, PRInt32 amount, PRIntn flags,
+           const PRNetAddr *addr, PRIntervalTime timeout)
+{
+    PORT_Assert(0);
+    PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+    return SECFailure;
+}
+
+static const PRIOMethods ssl_methods = {
+    PR_DESC_LAYERED,
+    ssl_Close,            /* close        */
+    ssl_Read,             /* read         */
+    ssl_Write,            /* write        */
+    ssl_Available,        /* available    */
+    ssl_Available64,      /* available64  */
+    ssl_FSync,            /* fsync        */
+    ssl_Seek,             /* seek         */
+    ssl_Seek64,           /* seek64       */
+    ssl_FileInfo,         /* fileInfo     */
+    ssl_FileInfo64,       /* fileInfo64   */
+    ssl_WriteV,           /* writev       */
+    ssl_Connect,          /* connect      */
+    ssl_Accept,           /* accept       */
+    ssl_Bind,             /* bind         */
+    ssl_Listen,           /* listen       */
+    ssl_Shutdown,         /* shutdown     */
+    ssl_Recv,             /* recv         */
+    ssl_Send,             /* send         */
+    ssl_RecvFrom,         /* recvfrom     */
+    ssl_SendTo,           /* sendto       */
+    ssl_Poll,             /* poll         */
+    PR_EmulateAcceptRead, /* acceptread   */
+    ssl_TransmitFile,     /* transmitfile */
+    ssl_GetSockName,      /* getsockname  */
+    ssl_GetPeerName,      /* getpeername  */
+    NULL,                 /* getsockopt   OBSOLETE */
+    NULL,                 /* setsockopt   OBSOLETE */
+    NULL,                 /* getsocketoption   */
+    NULL,                 /* setsocketoption   */
+    PR_EmulateSendFile,   /* Send a (partial) file with header/trailer*/
+    NULL,                 /* reserved for future use */
+    NULL,                 /* reserved for future use */
+    NULL,                 /* reserved for future use */
+    NULL,                 /* reserved for future use */
+    NULL                  /* reserved for future use */
+};
+
+static PRIOMethods combined_methods;
+
+static void
+ssl_SetupIOMethods(void)
+{
+    PRIOMethods *new_methods = &combined_methods;
+    const PRIOMethods *nspr_methods = PR_GetDefaultIOMethods();
+    const PRIOMethods *my_methods = &ssl_methods;
+
+    *new_methods = *nspr_methods;
+
+    new_methods->file_type = my_methods->file_type;
+    new_methods->close = my_methods->close;
+    new_methods->read = my_methods->read;
+    new_methods->write = my_methods->write;
+    new_methods->available = my_methods->available;
+    new_methods->available64 = my_methods->available64;
+    new_methods->fsync = my_methods->fsync;
+    new_methods->seek = my_methods->seek;
+    new_methods->seek64 = my_methods->seek64;
+    new_methods->fileInfo = my_methods->fileInfo;
+    new_methods->fileInfo64 = my_methods->fileInfo64;
+    new_methods->writev = my_methods->writev;
+    new_methods->connect = my_methods->connect;
+    new_methods->accept = my_methods->accept;
+    new_methods->bind = my_methods->bind;
+    new_methods->listen = my_methods->listen;
+    new_methods->shutdown = my_methods->shutdown;
+    new_methods->recv = my_methods->recv;
+    new_methods->send = my_methods->send;
+    new_methods->recvfrom = my_methods->recvfrom;
+    new_methods->sendto = my_methods->sendto;
+    new_methods->poll = my_methods->poll;
+    new_methods->acceptread = my_methods->acceptread;
+    new_methods->transmitfile = my_methods->transmitfile;
+    new_methods->getsockname = my_methods->getsockname;
+    new_methods->getpeername = my_methods->getpeername;
+    /*  new_methods->getsocketoption   = my_methods->getsocketoption;       */
+    /*  new_methods->setsocketoption   = my_methods->setsocketoption;       */
+    new_methods->sendfile = my_methods->sendfile;
+}
+
+static PRCallOnceType initIoLayerOnce;
+
+static PRStatus
+ssl_InitIOLayer(void)
+{
+    ssl_layer_id = PR_GetUniqueIdentity("SSL");
+    ssl_SetupIOMethods();
+    ssl_inited = PR_TRUE;
+    return PR_SUCCESS;
+}
+
+static PRStatus
+ssl_PushIOLayer(sslSocket *ns, PRFileDesc *stack, PRDescIdentity id)
+{
+    PRFileDesc *layer = NULL;
+    PRStatus status;
+
+    if (!ssl_inited) {
+        status = PR_CallOnce(&initIoLayerOnce, &ssl_InitIOLayer);
+        if (status != PR_SUCCESS)
+            goto loser;
+    }
+
+    if (ns == NULL)
+        goto loser;
+
+    layer = PR_CreateIOLayerStub(ssl_layer_id, &combined_methods);
+    if (layer == NULL)
+        goto loser;
+    layer->secret = (PRFilePrivate *)ns;
+
+    /* Here, "stack" points to the PRFileDesc on the top of the stack.
+    ** "layer" points to a new FD that is to be inserted into the stack.
+    ** If layer is being pushed onto the top of the stack, then
+    ** PR_PushIOLayer switches the contents of stack and layer, and then
+    ** puts stack on top of layer, so that after it is done, the top of
+    ** stack is the same "stack" as it was before, and layer is now the
+    ** FD for the former top of stack.
+    ** After this call, stack always points to the top PRFD on the stack.
+    ** If this function fails, the contents of stack and layer are as
+    ** they were before the call.
+    */
+    status = PR_PushIOLayer(stack, id, layer);
+    if (status != PR_SUCCESS)
+        goto loser;
+
+    ns->fd = (id == PR_TOP_IO_LAYER) ? stack : layer;
+    return PR_SUCCESS;
+
+loser:
+    if (layer) {
+        layer->dtor(layer); /* free layer */
+    }
+    return PR_FAILURE;
+}
+
+/* if this fails, caller must destroy socket. */
+static SECStatus
+ssl_MakeLocks(sslSocket *ss)
+{
+    ss->firstHandshakeLock = PZ_NewMonitor(nssILockSSL);
+    if (!ss->firstHandshakeLock)
+        goto loser;
+    ss->ssl3HandshakeLock = PZ_NewMonitor(nssILockSSL);
+    if (!ss->ssl3HandshakeLock)
+        goto loser;
+    ss->specLock = NSSRWLock_New(SSL_LOCK_RANK_SPEC, NULL);
+    if (!ss->specLock)
+        goto loser;
+    ss->recvBufLock = PZ_NewMonitor(nssILockSSL);
+    if (!ss->recvBufLock)
+        goto loser;
+    ss->xmitBufLock = PZ_NewMonitor(nssILockSSL);
+    if (!ss->xmitBufLock)
+        goto loser;
+    ss->writerThread = NULL;
+    if (ssl_lock_readers) {
+        ss->recvLock = PZ_NewLock(nssILockSSL);
+        if (!ss->recvLock)
+            goto loser;
+        ss->sendLock = PZ_NewLock(nssILockSSL);
+        if (!ss->sendLock)
+            goto loser;
+    }
+    return SECSuccess;
+loser:
+    ssl_DestroyLocks(ss);
+    return SECFailure;
+}
+
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
+#define NSS_HAVE_GETENV 1
+#endif
+
+#define LOWER(x) (x | 0x20) /* cheap ToLower function ignores LOCALE */
+
+static void
+ssl_SetDefaultsFromEnvironment(void)
+{
+#if defined(NSS_HAVE_GETENV)
+    static int firsttime = 1;
+
+    if (firsttime) {
+        char *ev;
+        firsttime = 0;
+#ifdef DEBUG
+        ev = PR_GetEnvSecure("SSLDEBUGFILE");
+        if (ev && ev[0]) {
+            ssl_trace_iob = fopen(ev, "w");
+        }
+        if (!ssl_trace_iob) {
+            ssl_trace_iob = stderr;
+        }
+#ifdef TRACE
+        ev = PR_GetEnvSecure("SSLTRACE");
+        if (ev && ev[0]) {
+            ssl_trace = atoi(ev);
+            SSL_TRACE(("SSL: tracing set to %d", ssl_trace));
+        }
+#endif /* TRACE */
+        ev = PR_GetEnvSecure("SSLDEBUG");
+        if (ev && ev[0]) {
+            ssl_debug = atoi(ev);
+            SSL_TRACE(("SSL: debugging set to %d", ssl_debug));
+        }
+#endif /* DEBUG */
+#ifdef NSS_ALLOW_SSLKEYLOGFILE
+        ev = PR_GetEnvSecure("SSLKEYLOGFILE");
+        if (ev && ev[0]) {
+            ssl_keylog_iob = fopen(ev, "a");
+            if (!ssl_keylog_iob) {
+                SSL_TRACE(("SSL: failed to open key log file"));
+            } else {
+                if (ftell(ssl_keylog_iob) == 0) {
+                    fputs("# SSL/TLS secrets log file, generated by NSS\n",
+                          ssl_keylog_iob);
+                }
+                SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
+            }
+        }
+#endif
+        ev = PR_GetEnvSecure("SSLFORCELOCKS");
+        if (ev && ev[0] == '1') {
+            ssl_force_locks = PR_TRUE;
+            ssl_defaults.noLocks = 0;
+            strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED.  ");
+            SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
+        }
+        ev = PR_GetEnvSecure("NSS_SSL_ENABLE_RENEGOTIATION");
+        if (ev) {
+            if (ev[0] == '1' || LOWER(ev[0]) == 'u')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_UNRESTRICTED;
+            else if (ev[0] == '0' || LOWER(ev[0]) == 'n')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
+            else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
+            else if (ev[0] == '3' || LOWER(ev[0]) == 't')
+                ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
+            SSL_TRACE(("SSL: enableRenegotiation set to %d",
+                       ssl_defaults.enableRenegotiation));
+        }
+        ev = PR_GetEnvSecure("NSS_SSL_REQUIRE_SAFE_NEGOTIATION");
+        if (ev && ev[0] == '1') {
+            ssl_defaults.requireSafeNegotiation = PR_TRUE;
+            SSL_TRACE(("SSL: requireSafeNegotiation set to %d",
+                       PR_TRUE));
+        }
+        ev = PR_GetEnvSecure("NSS_SSL_CBC_RANDOM_IV");
+        if (ev && ev[0] == '0') {
+            ssl_defaults.cbcRandomIV = PR_FALSE;
+            SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+        }
+    }
+#endif /* NSS_HAVE_GETENV */
+}
+
+const sslNamedGroupDef *
+ssl_LookupNamedGroup(SSLNamedGroup group)
+{
+    unsigned int i;
+
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        if (ssl_named_groups[i].name == group) {
+            return &ssl_named_groups[i];
+        }
+    }
+    return NULL;
+}
+
+PRBool
+ssl_NamedGroupEnabled(const sslSocket *ss, const sslNamedGroupDef *groupDef)
+{
+    unsigned int i;
+
+    if (!groupDef) {
+        return PR_FALSE;
+    }
+
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        if (ss->namedGroupPreferences[i] &&
+            ss->namedGroupPreferences[i] == groupDef) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+/* Returns a reference counted object that contains a key pair.
+ * Or NULL on failure.  Initial ref count is 1.
+ * Uses the keys in the pair as input.  Adopts the keys given.
+ */
+sslKeyPair *
+ssl_NewKeyPair(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey)
+{
+    sslKeyPair *pair;
+
+    if (!privKey || !pubKey) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return NULL;
+    }
+    pair = PORT_ZNew(sslKeyPair);
+    if (!pair)
+        return NULL; /* error code is set. */
+    pair->privKey = privKey;
+    pair->pubKey = pubKey;
+    pair->refCount = 1;
+    return pair; /* success */
+}
+
+sslKeyPair *
+ssl_GetKeyPairRef(sslKeyPair *keyPair)
+{
+    PR_ATOMIC_INCREMENT(&keyPair->refCount);
+    return keyPair;
+}
+
+void
+ssl_FreeKeyPair(sslKeyPair *keyPair)
+{
+    PRInt32 newCount = PR_ATOMIC_DECREMENT(&keyPair->refCount);
+    if (!newCount) {
+        SECKEY_DestroyPrivateKey(keyPair->privKey);
+        SECKEY_DestroyPublicKey(keyPair->pubKey);
+        PORT_Free(keyPair);
+    }
+}
+
+/* Ephemeral key handling. */
+sslEphemeralKeyPair *
+ssl_NewEphemeralKeyPair(const sslNamedGroupDef *group,
+                        SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey)
+{
+    sslKeyPair *keys;
+    sslEphemeralKeyPair *pair;
+
+    if (!group) {
+        PORT_SetError(PR_INVALID_ARGUMENT_ERROR);
+        return NULL;
+    }
+
+    keys = ssl_NewKeyPair(privKey, pubKey);
+    if (!keys) {
+        return NULL;
+    }
+
+    pair = PORT_ZNew(sslEphemeralKeyPair);
+    if (!pair) {
+        ssl_FreeKeyPair(keys);
+        return NULL; /* error already set */
+    }
+
+    PR_INIT_CLIST(&pair->link);
+    pair->group = group;
+    pair->keys = keys;
+
+    return pair;
+}
+
+sslEphemeralKeyPair *
+ssl_CopyEphemeralKeyPair(sslEphemeralKeyPair *keyPair)
+{
+    sslEphemeralKeyPair *pair;
+
+    pair = PORT_ZNew(sslEphemeralKeyPair);
+    if (!pair) {
+        return NULL; /* error already set */
+    }
+
+    PR_INIT_CLIST(&pair->link);
+    pair->group = keyPair->group;
+    pair->keys = ssl_GetKeyPairRef(keyPair->keys);
+
+    return pair;
+}
+
+void
+ssl_FreeEphemeralKeyPair(sslEphemeralKeyPair *keyPair)
+{
+    ssl_FreeKeyPair(keyPair->keys);
+    PR_REMOVE_LINK(&keyPair->link);
+    PORT_Free(keyPair);
+}
+
+PRBool
+ssl_HaveEphemeralKeyPair(const sslSocket *ss, const sslNamedGroupDef *groupDef)
+{
+    return ssl_LookupEphemeralKeyPair((sslSocket *)ss, groupDef) != NULL;
+}
+
+sslEphemeralKeyPair *
+ssl_LookupEphemeralKeyPair(sslSocket *ss, const sslNamedGroupDef *groupDef)
+{
+    PRCList *cursor;
+    for (cursor = PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+         cursor != &ss->ephemeralKeyPairs;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslEphemeralKeyPair *keyPair = (sslEphemeralKeyPair *)cursor;
+        if (keyPair->group == groupDef) {
+            return keyPair;
+        }
+    }
+    return NULL;
+}
+
+void
+ssl_FreeEphemeralKeyPairs(sslSocket *ss)
+{
+    while (!PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs)) {
+        PRCList *cursor = PR_LIST_TAIL(&ss->ephemeralKeyPairs);
+        ssl_FreeEphemeralKeyPair((sslEphemeralKeyPair *)cursor);
+    }
+}
+
+/*
+** Create a newsocket structure for a file descriptor.
+*/
+static sslSocket *
+ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
+{
+    SECStatus rv;
+    sslSocket *ss;
+    int i;
+
+    ssl_SetDefaultsFromEnvironment();
+
+    if (ssl_force_locks)
+        makeLocks = PR_TRUE;
+
+    /* Make a new socket and get it ready */
+    ss = (sslSocket *)PORT_ZAlloc(sizeof(sslSocket));
+    if (!ss) {
+        return NULL;
+    }
+    ss->opt = ssl_defaults;
+    if (protocolVariant == ssl_variant_datagram) {
+        ss->opt.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
+    }
+    ss->opt.useSocks = PR_FALSE;
+    ss->opt.noLocks = !makeLocks;
+    ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
+    ss->protocolVariant = protocolVariant;
+
+    ss->peerID = NULL;
+    ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
+    ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
+    ss->cTimeout = PR_INTERVAL_NO_TIMEOUT;
+    ss->url = NULL;
+
+    PR_INIT_CLIST(&ss->serverCerts);
+    PR_INIT_CLIST(&ss->ephemeralKeyPairs);
+
+    ss->dbHandle = CERT_GetDefaultCertDB();
+
+    /* Provide default implementation of hooks */
+    ss->authCertificate = SSL_AuthCertificate;
+    ss->authCertificateArg = (void *)ss->dbHandle;
+    ss->sniSocketConfig = NULL;
+    ss->sniSocketConfigArg = NULL;
+    ss->getClientAuthData = NULL;
+    ss->alertReceivedCallback = NULL;
+    ss->alertReceivedCallbackArg = NULL;
+    ss->alertSentCallback = NULL;
+    ss->alertSentCallbackArg = NULL;
+    ss->handleBadCert = NULL;
+    ss->badCertArg = NULL;
+    ss->pkcs11PinArg = NULL;
+	// TLS-N Extension
+    ss->tlsproofMerkleRoot = NULL;
+    ss->tlsproofTimeStampStart = 0;
+    ss->tlsproofOrderingVector = NULL;
+    ss->tlsproofOrderingVectorLen = 0;
+    ss->tlsproofClientSent = NULL;
+    ss->tlsproofClientSentLen = 0;
+    ss->tlsproofClientRecv = NULL;
+    ss->tlsproofClientRecvLen = 0;	
+	ss->client_prop_salt_size = SALT_SIZE;
+	ss->client_prop_chunk_size = CHUNK_SIZE;
+    ss->tlsProofType = 1;
+    ss->tlsproofSentEvidence = 0;
+
+    ssl_ChooseOps(ss);
+    ssl3_InitSocketPolicy(ss);
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        ss->namedGroupPreferences[i] = &ssl_named_groups[i];
+    }
+    ss->additionalShares = 0;
+    PR_INIT_CLIST(&ss->ssl3.hs.remoteExtensions);
+    PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
+    PR_INIT_CLIST(&ss->ssl3.hs.cipherSpecs);
+    PR_INIT_CLIST(&ss->ssl3.hs.bufferedEarlyData);
+    ssl3_InitExtensionData(&ss->xtnData);
+    if (makeLocks) {
+        rv = ssl_MakeLocks(ss);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+    rv = ssl_CreateSecurityInfo(ss);
+    if (rv != SECSuccess)
+        goto loser;
+    rv = ssl3_InitGather(&ss->gs);
+    if (rv != SECSuccess)
+        goto loser;
+    return ss;
+
+loser:
+    ssl_DestroySocketContents(ss);
+    ssl_DestroyLocks(ss);
+    PORT_Free(ss);
+    return NULL;
+}
+
+/**
+ * DEPRECATED: Will always return false.
+ */
+SECStatus
+SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
+              PRUint32 protocolmask, PRUint16 *ciphersuites, int nsuites,
+              PRBool *pcanbypass, void *pwArg)
+{
+    if (!pcanbypass) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    *pcanbypass = PR_FALSE;
+    return SECSuccess;
+}
diff --git a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
new file mode 100644
index 0000000..d51bb33
--- /dev/null
+++ b/nss/lib/ssl/sslt.h
@@ -0,0 +1,422 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file contains prototypes for the public SSL functions.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __sslt_h_
+#define __sslt_h_
+
+#include "prtypes.h"
+#include "secitem.h"
+#include "certt.h"
+
+typedef struct SSL3StatisticsStr {
+    /* statistics from ssl3_SendClientHello (sch) */
+    long sch_sid_cache_hits;
+    long sch_sid_cache_misses;
+    long sch_sid_cache_not_ok;
+
+    /* statistics from ssl3_HandleServerHello (hsh) */
+    long hsh_sid_cache_hits;
+    long hsh_sid_cache_misses;
+    long hsh_sid_cache_not_ok;
+
+    /* statistics from ssl3_HandleClientHello (hch) */
+    long hch_sid_cache_hits;
+    long hch_sid_cache_misses;
+    long hch_sid_cache_not_ok;
+
+    /* statistics related to stateless resume */
+    long sch_sid_stateless_resumes;
+    long hsh_sid_stateless_resumes;
+    long hch_sid_stateless_resumes;
+    long hch_sid_ticket_parse_failures;
+} SSL3Statistics;
+
+/* Key Exchange algorithm values */
+typedef enum {
+    ssl_kea_null = 0,
+    ssl_kea_rsa = 1,
+    ssl_kea_dh = 2,
+    ssl_kea_fortezza = 3, /* deprecated, now unused */
+    ssl_kea_ecdh = 4,
+    ssl_kea_ecdh_psk = 5,
+    ssl_kea_dh_psk = 6,
+    ssl_kea_tls13_any = 7,
+    ssl_kea_size /* number of ssl_kea_ algorithms */
+} SSLKEAType;
+
+/* The following defines are for backwards compatibility.
+** They will be removed in a forthcoming release to reduce namespace pollution.
+** programs that use the kt_ symbols should convert to the ssl_kt_ symbols
+** soon.
+*/
+#define kt_null ssl_kea_null
+#define kt_rsa ssl_kea_rsa
+#define kt_dh ssl_kea_dh
+#define kt_fortezza ssl_kea_fortezza /* deprecated, now unused */
+#define kt_ecdh ssl_kea_ecdh
+#define kt_kea_size ssl_kea_size
+
+/* Values of this enum match the SignatureAlgorithm enum from
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+typedef enum {
+    ssl_sign_null = 0, /* "anonymous" in TLS */
+    ssl_sign_rsa = 1,
+    ssl_sign_dsa = 2,
+    ssl_sign_ecdsa = 3
+} SSLSignType;
+
+/* Values of this enum match the HashAlgorithm enum from
+ * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */
+typedef enum {
+    /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5
+     * and SHA1. The other values are only used in TLS 1.2. */
+    ssl_hash_none = 0,
+    ssl_hash_md5 = 1,
+    ssl_hash_sha1 = 2,
+    ssl_hash_sha224 = 3,
+    ssl_hash_sha256 = 4,
+    ssl_hash_sha384 = 5,
+    ssl_hash_sha512 = 6
+} SSLHashType;
+
+/* Deprecated */
+typedef struct SSLSignatureAndHashAlgStr {
+    SSLHashType hashAlg;
+    SSLSignType sigAlg;
+} SSLSignatureAndHashAlg;
+
+typedef enum {
+    ssl_sig_none = 0,
+    ssl_sig_rsa_pkcs1_sha1 = 0x0201,
+    ssl_sig_rsa_pkcs1_sha256 = 0x0401,
+    ssl_sig_rsa_pkcs1_sha384 = 0x0501,
+    ssl_sig_rsa_pkcs1_sha512 = 0x0601,
+    /* For ECDSA, the pairing of the hash with a specific curve is only enforced
+     * in TLS 1.3; in TLS 1.2 any curve can be used with each of these. */
+    ssl_sig_ecdsa_secp256r1_sha256 = 0x0403,
+    ssl_sig_ecdsa_secp384r1_sha384 = 0x0503,
+    ssl_sig_ecdsa_secp521r1_sha512 = 0x0603,
+    ssl_sig_rsa_pss_sha256 = 0x0804,
+    ssl_sig_rsa_pss_sha384 = 0x0805,
+    ssl_sig_rsa_pss_sha512 = 0x0806,
+    ssl_sig_ed25519 = 0x0807,
+    ssl_sig_ed448 = 0x0808,
+
+    ssl_sig_dsa_sha1 = 0x0202,
+    ssl_sig_dsa_sha256 = 0x0402,
+    ssl_sig_dsa_sha384 = 0x0502,
+    ssl_sig_dsa_sha512 = 0x0602,
+    ssl_sig_ecdsa_sha1 = 0x0203,
+
+    /* The following value (which can't be used in the protocol), represents
+     * the RSA signature using SHA-1 and MD5 that is used in TLS 1.0 and 1.1.
+     * This is reported as a signature scheme when TLS 1.0 or 1.1 is used.
+     * This should not be passed to SSL_SignatureSchemePrefSet(); this
+     * signature scheme is always used and cannot be disabled. */
+    ssl_sig_rsa_pkcs1_sha1md5 = 0x10101,
+} SSLSignatureScheme;
+
+/*
+** SSLAuthType describes the type of key that is used to authenticate a
+** connection.  That is, the type of key in the end-entity certificate.
+*/
+typedef enum {
+    ssl_auth_null = 0,
+    ssl_auth_rsa_decrypt = 1, /* static RSA */
+    ssl_auth_dsa = 2,
+    ssl_auth_kea = 3, /* unused */
+    ssl_auth_ecdsa = 4,
+    ssl_auth_ecdh_rsa = 5,   /* ECDH cert with an RSA signature */
+    ssl_auth_ecdh_ecdsa = 6, /* ECDH cert with an ECDSA signature */
+    ssl_auth_rsa_sign = 7,   /* RSA PKCS#1.5 signing */
+    ssl_auth_rsa_pss = 8,
+    ssl_auth_psk = 9,
+    ssl_auth_tls13_any = 10,
+    ssl_auth_size /* number of authentication types */
+} SSLAuthType;
+
+/* This is defined for backward compatibility reasons */
+#define ssl_auth_rsa ssl_auth_rsa_decrypt
+
+typedef enum {
+    ssl_calg_null = 0,
+    ssl_calg_rc4 = 1,
+    ssl_calg_rc2 = 2,
+    ssl_calg_des = 3,
+    ssl_calg_3des = 4,
+    ssl_calg_idea = 5,
+    ssl_calg_fortezza = 6, /* deprecated, now unused */
+    ssl_calg_aes = 7,
+    ssl_calg_camellia = 8,
+    ssl_calg_seed = 9,
+    ssl_calg_aes_gcm = 10,
+    ssl_calg_chacha20 = 11
+} SSLCipherAlgorithm;
+
+typedef enum {
+    ssl_mac_null = 0,
+    ssl_mac_md5 = 1,
+    ssl_mac_sha = 2,
+    ssl_hmac_md5 = 3, /* TLS HMAC version of mac_md5 */
+    ssl_hmac_sha = 4, /* TLS HMAC version of mac_sha */
+    ssl_hmac_sha256 = 5,
+    ssl_mac_aead = 6,
+    ssl_hmac_sha384 = 7
+} SSLMACAlgorithm;
+
+typedef enum {
+    ssl_compression_null = 0,
+    ssl_compression_deflate = 1 /* RFC 3749 */
+} SSLCompressionMethod;
+
+typedef enum {
+    ssl_grp_ec_sect163k1 = 1,
+    ssl_grp_ec_sect163r1 = 2,
+    ssl_grp_ec_sect163r2 = 3,
+    ssl_grp_ec_sect193r1 = 4,
+    ssl_grp_ec_sect193r2 = 5,
+    ssl_grp_ec_sect233k1 = 6,
+    ssl_grp_ec_sect233r1 = 7,
+    ssl_grp_ec_sect239k1 = 8,
+    ssl_grp_ec_sect283k1 = 9,
+    ssl_grp_ec_sect283r1 = 10,
+    ssl_grp_ec_sect409k1 = 11,
+    ssl_grp_ec_sect409r1 = 12,
+    ssl_grp_ec_sect571k1 = 13,
+    ssl_grp_ec_sect571r1 = 14,
+    ssl_grp_ec_secp160k1 = 15,
+    ssl_grp_ec_secp160r1 = 16,
+    ssl_grp_ec_secp160r2 = 17,
+    ssl_grp_ec_secp192k1 = 18,
+    ssl_grp_ec_secp192r1 = 19,
+    ssl_grp_ec_secp224k1 = 20,
+    ssl_grp_ec_secp224r1 = 21,
+    ssl_grp_ec_secp256k1 = 22,
+    ssl_grp_ec_secp256r1 = 23,
+    ssl_grp_ec_secp384r1 = 24,
+    ssl_grp_ec_secp521r1 = 25,
+    ssl_grp_ec_curve25519 = 29, /* RFC4492 */
+    ssl_grp_ffdhe_2048 = 256,   /* RFC7919 */
+    ssl_grp_ffdhe_3072 = 257,
+    ssl_grp_ffdhe_4096 = 258,
+    ssl_grp_ffdhe_6144 = 259,
+    ssl_grp_ffdhe_8192 = 260,
+    ssl_grp_none = 65537,        /* special value */
+    ssl_grp_ffdhe_custom = 65538 /* special value */
+} SSLNamedGroup;
+
+typedef struct SSLExtraServerCertDataStr {
+    /* When this struct is passed to SSL_ConfigServerCert, and authType is set
+     * to a value other than ssl_auth_null, this limits the use of the key to
+     * the type defined; otherwise, the certificate is configured for all
+     * compatible types. */
+    SSLAuthType authType;
+    /* The remainder of the certificate chain. */
+    const CERTCertificateList* certChain;
+    /* A set of one or more stapled OCSP responses for the certificate.  This is
+     * used to generate the OCSP stapling answer provided by the server. */
+    const SECItemArray* stapledOCSPResponses;
+    /* A serialized sign_certificate_timestamp extension, used to answer
+     * requests from clients for this data. */
+    const SECItem* signedCertTimestamps;
+} SSLExtraServerCertData;
+
+typedef struct SSLChannelInfoStr {
+    /* On return, SSL_GetChannelInfo sets |length| to the smaller of
+     * the |len| argument and the length of the struct used by NSS.
+     * Callers must ensure the application uses a version of NSS that
+     * isn't older than the version used at compile time. */
+    PRUint32 length;
+    PRUint16 protocolVersion;
+    PRUint16 cipherSuite;
+
+    /* server authentication info */
+    PRUint32 authKeyBits;
+
+    /* key exchange algorithm info */
+    PRUint32 keaKeyBits;
+
+    /* session info */
+    PRUint32 creationTime;    /* seconds since Jan 1, 1970 */
+    PRUint32 lastAccessTime;  /* seconds since Jan 1, 1970 */
+    PRUint32 expirationTime;  /* seconds since Jan 1, 1970 */
+    PRUint32 sessionIDLength; /* up to 32 */
+    PRUint8 sessionID[32];
+
+    /* The following fields are added in NSS 3.12.5. */
+
+    /* compression method info */
+    const char* compressionMethodName;
+    SSLCompressionMethod compressionMethod;
+
+    /* The following fields are added in NSS 3.21.
+     * This field only has meaning in TLS < 1.3 and will be set to
+     *  PR_FALSE in TLS 1.3.
+     */
+    PRBool extendedMasterSecretUsed;
+
+    /* The following fields were added in NSS 3.25.
+     * This field only has meaning in TLS >= 1.3, and indicates on the
+     * client side that the server accepted early (0-RTT) data.
+     */
+    PRBool earlyDataAccepted;
+
+    /* The following fields were added in NSS 3.28. */
+    /* These fields have the same meaning as in SSLCipherSuiteInfo. */
+    SSLKEAType keaType;
+    SSLNamedGroup keaGroup;
+    SSLCipherAlgorithm symCipher;
+    SSLMACAlgorithm macAlgorithm;
+    SSLAuthType authType;
+    SSLSignatureScheme signatureScheme;
+
+    /* When adding new fields to this structure, please document the
+     * NSS version in which they were added. */
+} SSLChannelInfo;
+
+/* Preliminary channel info */
+#define ssl_preinfo_version (1U << 0)
+#define ssl_preinfo_cipher_suite (1U << 1)
+#define ssl_preinfo_all (ssl_preinfo_version | ssl_preinfo_cipher_suite)
+
+typedef struct SSLPreliminaryChannelInfoStr {
+    /* On return, SSL_GetPreliminaryChannelInfo sets |length| to the smaller of
+     * the |len| argument and the length of the struct used by NSS.
+     * Callers must ensure the application uses a version of NSS that
+     * isn't older than the version used at compile time. */
+    PRUint32 length;
+    /* A bitfield over SSLPreliminaryValueSet that describes which
+     * preliminary values are set (see ssl_preinfo_*). */
+    PRUint32 valuesSet;
+    /* Protocol version: test (valuesSet & ssl_preinfo_version) */
+    PRUint16 protocolVersion;
+    /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */
+    PRUint16 cipherSuite;
+
+    /* The following fields were added in NSS 3.29. */
+    /* |canSendEarlyData| is true when a 0-RTT is enabled. This can only be
+     * true after sending the ClientHello and before the handshake completes.
+     */
+    PRBool canSendEarlyData;
+
+    /* When adding new fields to this structure, please document the
+     * NSS version in which they were added. */
+} SSLPreliminaryChannelInfo;
+
+typedef struct SSLCipherSuiteInfoStr {
+    /* On return, SSL_GetCipherSuitelInfo sets |length| to the smaller of
+     * the |len| argument and the length of the struct used by NSS.
+     * Callers must ensure the application uses a version of NSS that
+     * isn't older than the version used at compile time. */
+    PRUint16 length;
+    PRUint16 cipherSuite;
+
+    /* Cipher Suite Name */
+    const char* cipherSuiteName;
+
+    /* server authentication info */
+    const char* authAlgorithmName;
+    SSLAuthType authAlgorithm; /* deprecated, use |authType| */
+
+    /* key exchange algorithm info */
+    const char* keaTypeName;
+    SSLKEAType keaType;
+
+    /* symmetric encryption info */
+    const char* symCipherName;
+    SSLCipherAlgorithm symCipher;
+    PRUint16 symKeyBits;
+    PRUint16 symKeySpace;
+    PRUint16 effectiveKeyBits;
+
+    /* MAC info */
+    /* AEAD ciphers don't have a MAC. For an AEAD cipher, macAlgorithmName
+     * is "AEAD", macAlgorithm is ssl_mac_aead, and macBits is the length in
+     * bits of the authentication tag. */
+    const char* macAlgorithmName;
+    SSLMACAlgorithm macAlgorithm;
+    PRUint16 macBits;
+
+    PRUintn isFIPS : 1;
+    PRUintn isExportable : 1; /* deprecated, don't use */
+    PRUintn nonStandard : 1;
+    PRUintn reservedBits : 29;
+
+    /* The following fields were added in NSS 3.24. */
+    /* This reports the correct authentication type for the cipher suite, use
+     * this instead of |authAlgorithm|. */
+    SSLAuthType authType;
+
+    /* When adding new fields to this structure, please document the
+     * NSS version in which they were added. */
+} SSLCipherSuiteInfo;
+
+typedef enum {
+    ssl_variant_stream = 0,
+    ssl_variant_datagram = 1
+} SSLProtocolVariant;
+
+typedef struct SSLVersionRangeStr {
+    PRUint16 min;
+    PRUint16 max;
+} SSLVersionRange;
+
+typedef enum {
+    SSL_sni_host_name = 0,
+    SSL_sni_type_total
+} SSLSniNameType;
+
+/* Supported extensions. */
+/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
+typedef enum {
+    ssl_server_name_xtn = 0,
+    ssl_cert_status_xtn = 5,
+    ssl_supported_groups_xtn = 10,
+    ssl_ec_point_formats_xtn = 11,
+    ssl_signature_algorithms_xtn = 13,
+    ssl_use_srtp_xtn = 14,
+    ssl_app_layer_protocol_xtn = 16,
+    /* signed_certificate_timestamp extension, RFC 6962 */
+    ssl_signed_cert_timestamp_xtn = 18,
+    ssl_padding_xtn = 21,
+    ssl_extended_master_secret_xtn = 23,
+    ssl_session_ticket_xtn = 35,
+    ssl_tls13_key_share_xtn = 40,
+    ssl_tls13_pre_shared_key_xtn = 41,
+    ssl_tls13_early_data_xtn = 42,
+    ssl_tls13_supported_versions_xtn = 43,
+    ssl_tls13_cookie_xtn = 44,
+    ssl_tls13_psk_key_exchange_modes_xtn = 45,
+    ssl_tls13_ticket_early_data_info_xtn = 46,
+    ssl_next_proto_nego_xtn = 13172,
+    ssl_renegotiation_info_xtn = 0xff01,
+    ssl_tls13_short_header_xtn = 0xff03,
+	ssl_tls13_tls_proof_xtn = 0xff04 // TLS-N Extension
+} SSLExtensionType;
+
+/* This is the old name for the supported_groups extensions. */
+#define ssl_elliptic_curves_xtn ssl_supported_groups_xtn
+
+/* SSL_MAX_EXTENSIONS doesn't include ssl_padding_xtn.  It includes the maximum
+ * number of extensions that are supported for any single message type.  That
+ * is, a ClientHello; ServerHello and TLS 1.3 NewSessionTicket and
+ * HelloRetryRequest extensions are smaller. */
+#define SSL_MAX_EXTENSIONS 20 // Modified for TLS-N Extension
+
+/* Deprecated */
+typedef enum {
+    ssl_dhe_group_none = 0,
+    ssl_ff_dhe_2048_group = 1,
+    ssl_ff_dhe_3072_group = 2,
+    ssl_ff_dhe_4096_group = 3,
+    ssl_ff_dhe_6144_group = 4,
+    ssl_ff_dhe_8192_group = 5,
+    ssl_dhe_group_max
+} SSLDHEGroupType;
+
+#endif /* __sslt_h_ */
diff --git a/nss/lib/ssl/ssltrace.c b/nss/lib/ssl/ssltrace.c
new file mode 100644
index 0000000..78a6988
--- /dev/null
+++ b/nss/lib/ssl/ssltrace.c
@@ -0,0 +1,114 @@
+/*
+ * Functions to trace SSL protocol behavior in DEBUG builds.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include <stdarg.h>
+#include "cert.h"
+#include "pk11func.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "prprf.h"
+
+#if defined(DEBUG) || defined(TRACE)
+static const char *hex = "0123456789abcdef";
+
+static const char printable[257] = {
+    "................"  /* 0x */
+    "................"  /* 1x */
+    " !\"#$%&'()*+,-./" /* 2x */
+    "0123456789:;<=>?"  /* 3x */
+    "@ABCDEFGHIJKLMNO"  /* 4x */
+    "PQRSTUVWXYZ[\\]^_" /* 5x */
+    "`abcdefghijklmno"  /* 6x */
+    "pqrstuvwxyz{|}~."  /* 7x */
+    "................"  /* 8x */
+    "................"  /* 9x */
+    "................"  /* ax */
+    "................"  /* bx */
+    "................"  /* cx */
+    "................"  /* dx */
+    "................"  /* ex */
+    "................"  /* fx */
+};
+
+void
+ssl_PrintBuf(const sslSocket *ss, const char *msg, const void *vp, int len)
+{
+    const unsigned char *cp = (const unsigned char *)vp;
+    char buf[80];
+    char *bp;
+    char *ap;
+
+    if (ss) {
+        SSL_TRACE(("%d: SSL[%d]: %s [Len: %d]", SSL_GETPID(), ss->fd,
+                   msg, len));
+    } else {
+        SSL_TRACE(("%d: SSL: %s [Len: %d]", SSL_GETPID(), msg, len));
+    }
+
+    if (!cp) {
+        SSL_TRACE(("   <NULL>"));
+        return;
+    }
+
+    memset(buf, ' ', sizeof buf);
+    bp = buf;
+    ap = buf + 50;
+    while (--len >= 0) {
+        unsigned char ch = *cp++;
+        *bp++ = hex[(ch >> 4) & 0xf];
+        *bp++ = hex[ch & 0xf];
+        *bp++ = ' ';
+        *ap++ = printable[ch];
+        if (ap - buf >= 66) {
+            *ap = 0;
+            SSL_TRACE(("   %s", buf));
+            memset(buf, ' ', sizeof buf);
+            bp = buf;
+            ap = buf + 50;
+        }
+    }
+    if (bp > buf) {
+        *ap = 0;
+        SSL_TRACE(("   %s", buf));
+    }
+}
+
+void
+ssl_Trace(const char *format, ...)
+{
+    char buf[33000];
+    va_list args;
+
+    if (ssl_trace_iob) {
+        va_start(args, format);
+        PR_vsnprintf(buf, sizeof(buf), format, args);
+        va_end(args);
+
+        fputs(buf, ssl_trace_iob);
+        fputs("\n", ssl_trace_iob);
+    }
+}
+
+void
+ssl_PrintKey(const sslSocket *ss, const char *msg, PK11SymKey *key)
+{
+    SECStatus rv;
+    SECItem *rawkey;
+
+    rv = PK11_ExtractKeyValue(key);
+    if (rv != SECSuccess) {
+        ssl_Trace("Could not extract key for %s", msg);
+        return;
+    }
+    rawkey = PK11_GetKeyData(key);
+    if (!rawkey) {
+        ssl_Trace("Could not extract key for %s", msg);
+        return;
+    }
+    ssl_PrintBuf(ss, msg, rawkey->data, rawkey->len);
+}
+#endif
diff --git a/nss/lib/ssl/sslver.c b/nss/lib/ssl/sslver.c
new file mode 100644
index 0000000..666e259
--- /dev/null
+++ b/nss/lib/ssl/sslver.c
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Library identity and versioning */
+
+#include "nss.h"
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_ssl_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING;
diff --git a/nss/lib/ssl/tls13con.c b/nss/lib/ssl/tls13con.c
new file mode 100644
index 0000000..4f60a6b
--- /dev/null
+++ b/nss/lib/ssl/tls13con.c
@@ -0,0 +1,4494 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * TLS 1.3 Protocol
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "stdarg.h"
+#include "cert.h"
+#include "ssl.h"
+#include "keyhi.h"
+#include "pk11func.h"
+#include "prerr.h"
+#include "secitem.h"
+#include "secmod.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "sslerr.h"
+#include "tls13hkdf.h"
+#include "tls13con.h"
+#include "tls13exthandle.h"
+
+typedef enum {
+    TrafficKeyClearText = 0,
+    TrafficKeyEarlyApplicationData = 1,
+    TrafficKeyHandshake = 2,
+    TrafficKeyApplicationData = 3
+} TrafficKeyType;
+
+typedef enum {
+    CipherSpecRead,
+    CipherSpecWrite,
+} CipherSpecDirection;
+
+static SECStatus tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
+                                     CipherSpecDirection install,
+                                     PRBool deleteSecret);
+static SECStatus tls13_AESGCM(
+    ssl3KeyMaterial *keys,
+    PRBool doDecrypt,
+    unsigned char *out, int *outlen, int maxout,
+    const unsigned char *in, int inlen,
+    const unsigned char *additionalData, int additionalDataLen);
+static SECStatus tls13_ChaCha20Poly1305(
+    ssl3KeyMaterial *keys,
+    PRBool doDecrypt,
+    unsigned char *out, int *outlen, int maxout,
+    const unsigned char *in, int inlen,
+    const unsigned char *additionalData, int additionalDataLen);
+static SECStatus tls13_SendServerHelloSequence(sslSocket *ss);
+static SECStatus tls13_SendEncryptedExtensions(sslSocket *ss);
+static void tls13_SetKeyExchangeType(sslSocket *ss, const sslNamedGroupDef *group);
+static SECStatus tls13_HandleClientKeyShare(sslSocket *ss,
+                                            TLS13KeyShareEntry *peerShare);
+static SECStatus tls13_SendHelloRetryRequest(sslSocket *ss,
+                                             const sslNamedGroupDef *selectedGroup);
+
+static SECStatus tls13_HandleServerKeyShare(sslSocket *ss);
+static SECStatus tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b,
+                                                 PRUint32 length);
+static SECStatus tls13_SendCertificate(sslSocket *ss);
+static SECStatus tls13_HandleCertificate(
+    sslSocket *ss, SSL3Opaque *b, PRUint32 length);
+static SECStatus tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b,
+                                                PRUint32 length);
+static SECStatus
+tls13_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey);
+static SECStatus tls13_HandleCertificateVerify(
+    sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+    SSL3Hashes *hashes);
+static SECStatus tls13_RecoverWrappedSharedSecret(sslSocket *ss,
+                                                  sslSessionID *sid);
+static SECStatus
+tls13_DeriveSecret(sslSocket *ss, PK11SymKey *key,
+                   const char *prefix,
+                   const char *suffix,
+                   const SSL3Hashes *hashes,
+                   PK11SymKey **dest);
+static SECStatus tls13_SendEndOfEarlyData(sslSocket *ss);
+static SECStatus tls13_SendFinished(sslSocket *ss, PK11SymKey *baseKey);
+static SECStatus tls13_ComputePskBinderHash(sslSocket *ss,
+                                            unsigned long prefixLength,
+                                            SSL3Hashes *hashes);
+static SECStatus tls13_VerifyFinished(sslSocket *ss, SSL3HandshakeType message,
+                                      PK11SymKey *secret,
+                                      SSL3Opaque *b, PRUint32 length,
+                                      const SSL3Hashes *hashes);
+static SECStatus tls13_ClientHandleFinished(sslSocket *ss,
+                                            SSL3Opaque *b, PRUint32 length,
+                                            const SSL3Hashes *hashes);
+static SECStatus tls13_ServerHandleFinished(sslSocket *ss,
+                                            SSL3Opaque *b, PRUint32 length,
+                                            const SSL3Hashes *hashes);
+static SECStatus tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b,
+                                              PRUint32 length);
+static SECStatus tls13_ComputeHandshakeHashes(sslSocket *ss,
+                                              SSL3Hashes *hashes);
+static SECStatus tls13_ComputeEarlySecrets(sslSocket *ss);
+static SECStatus tls13_ComputeHandshakeSecrets(sslSocket *ss);
+static SECStatus tls13_ComputeApplicationSecrets(sslSocket *ss);
+static SECStatus tls13_ComputeFinalSecrets(sslSocket *ss);
+static SECStatus tls13_ComputeFinished(
+    sslSocket *ss, PK11SymKey *baseKey, const SSL3Hashes *hashes,
+    PRBool sending, PRUint8 *output, unsigned int *outputLen,
+    unsigned int maxOutputLen);
+static SECStatus tls13_SendClientSecondRound(sslSocket *ss);
+static SECStatus tls13_FinishHandshake(sslSocket *ss);
+
+const char kHkdfLabelClient[] = "client";
+const char kHkdfLabelServer[] = "server";
+const char kHkdfLabelPskBinderKey[] = "resumption psk binder key";
+const char kHkdfLabelEarlyTrafficSecret[] = "early traffic secret";
+const char kHkdfLabelEarlyExporterSecret[] = "early exporter master secret";
+const char kHkdfLabelHandshakeTrafficSecret[] = "handshake traffic secret";
+const char kHkdfLabelApplicationTrafficSecret[] = "application traffic secret";
+const char kHkdfLabelFinishedSecret[] = "finished";
+const char kHkdfLabelResumptionMasterSecret[] = "resumption master secret";
+const char kHkdfLabelExporterMasterSecret[] = "exporter master secret";
+const char kHkdfPurposeKey[] = "key";
+const char kHkdfPurposeIv[] = "iv";
+
+#define TRAFFIC_SECRET(ss, dir, name) ((ss->sec.isServer ^            \
+                                        (dir == CipherSpecWrite))     \
+                                           ? ss->ssl3.hs.client##name \
+                                           : ss->ssl3.hs.server##name)
+
+const SSL3ProtocolVersion kTlsRecordVersion = SSL_LIBRARY_VERSION_TLS_1_0;
+const SSL3ProtocolVersion kDtlsRecordVersion = SSL_LIBRARY_VERSION_TLS_1_1;
+
+/* Belt and suspenders in case we ever add a TLS 1.4. */
+PR_STATIC_ASSERT(SSL_LIBRARY_VERSION_MAX_SUPPORTED <=
+                 SSL_LIBRARY_VERSION_TLS_1_3);
+
+/* Use this instead of FATAL_ERROR when no alert shall be sent. */
+#define LOG_ERROR(ss, prError)                                                     \
+    do {                                                                           \
+        SSL_TRC(3, ("%d: TLS13[%d]: fatal error %d in %s (%s:%d)",                 \
+                    SSL_GETPID(), ss->fd, prError, __func__, __FILE__, __LINE__)); \
+        PORT_SetError(prError);                                                    \
+    } while (0)
+
+/* Log an error and generate an alert because something is irreparably wrong. */
+#define FATAL_ERROR(ss, prError, desc)       \
+    do {                                     \
+        LOG_ERROR(ss, prError);              \
+        tls13_FatalError(ss, prError, desc); \
+    } while (0)
+
+void
+tls13_FatalError(sslSocket *ss, PRErrorCode prError, SSL3AlertDescription desc)
+{
+    PORT_Assert(desc != internal_error); /* These should never happen */
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+    PORT_SetError(prError);
+}
+
+#ifdef TRACE
+#define STATE_CASE(a) \
+    case a:           \
+        return #a
+static char *
+tls13_HandshakeState(SSL3WaitState st)
+{
+    switch (st) {
+        STATE_CASE(idle_handshake);
+        STATE_CASE(wait_client_hello);
+        STATE_CASE(wait_client_cert);
+        STATE_CASE(wait_client_key);
+        STATE_CASE(wait_cert_verify);
+        STATE_CASE(wait_change_cipher);
+        STATE_CASE(wait_finished);
+        STATE_CASE(wait_server_hello);
+        STATE_CASE(wait_certificate_status);
+        STATE_CASE(wait_server_cert);
+        STATE_CASE(wait_server_key);
+        STATE_CASE(wait_cert_request);
+        STATE_CASE(wait_hello_done);
+        STATE_CASE(wait_new_session_ticket);
+        STATE_CASE(wait_encrypted_extensions);
+        default:
+            break;
+    }
+    PORT_Assert(0);
+    return "unknown";
+}
+#endif
+
+#define TLS13_WAIT_STATE_MASK 0x80
+
+#define TLS13_BASE_WAIT_STATE(ws) (ws & ~TLS13_WAIT_STATE_MASK)
+/* We don't mask idle_handshake because other parts of the code use it*/
+#define TLS13_WAIT_STATE(ws) (((ws == idle_handshake) || (ws == wait_server_hello)) ? ws : ws | TLS13_WAIT_STATE_MASK)
+#define TLS13_CHECK_HS_STATE(ss, err, ...)                          \
+    tls13_CheckHsState(ss, err, #err, __func__, __FILE__, __LINE__, \
+                       __VA_ARGS__,                                 \
+                       wait_invalid)
+void
+tls13_SetHsState(sslSocket *ss, SSL3WaitState ws,
+                 const char *func, const char *file, int line)
+{
+#ifdef TRACE
+    const char *new_state_name =
+        tls13_HandshakeState(ws);
+
+    SSL_TRC(3, ("%d: TLS13[%d]: %s state change from %s->%s in %s (%s:%d)",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss),
+                tls13_HandshakeState(TLS13_BASE_WAIT_STATE(ss->ssl3.hs.ws)),
+                new_state_name,
+                func, file, line));
+#endif
+
+    ss->ssl3.hs.ws = TLS13_WAIT_STATE(ws);
+}
+
+static PRBool
+tls13_InHsStateV(sslSocket *ss, va_list ap)
+{
+    SSL3WaitState ws;
+
+    while ((ws = va_arg(ap, SSL3WaitState)) != wait_invalid) {
+        if (TLS13_WAIT_STATE(ws) == ss->ssl3.hs.ws) {
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+PRBool
+tls13_InHsState(sslSocket *ss, ...)
+{
+    PRBool found;
+    va_list ap;
+
+    va_start(ap, ss);
+    found = tls13_InHsStateV(ss, ap);
+    va_end(ap);
+
+    return found;
+}
+
+static SECStatus
+tls13_CheckHsState(sslSocket *ss, int err, const char *error_name,
+                   const char *func, const char *file, int line,
+                   ...)
+{
+    va_list ap;
+    va_start(ap, line);
+    if (tls13_InHsStateV(ss, ap)) {
+        va_end(ap);
+        return SECSuccess;
+    }
+    va_end(ap);
+
+    SSL_TRC(3, ("%d: TLS13[%d]: error %s state is (%s) at %s (%s:%d)",
+                SSL_GETPID(), ss->fd,
+                error_name,
+                tls13_HandshakeState(TLS13_BASE_WAIT_STATE(ss->ssl3.hs.ws)),
+                func, file, line));
+    tls13_FatalError(ss, err, unexpected_message);
+    return SECFailure;
+}
+
+SSLHashType
+tls13_GetHashForCipherSuite(ssl3CipherSuite suite)
+{
+    const ssl3CipherSuiteDef *cipherDef =
+        ssl_LookupCipherSuiteDef(suite);
+    PORT_Assert(cipherDef);
+    if (!cipherDef) {
+        return ssl_hash_none;
+    }
+    return cipherDef->prf_hash;
+}
+
+SSLHashType
+tls13_GetHash(const sslSocket *ss)
+{
+    /* All TLS 1.3 cipher suites must have an explict PRF hash. */
+    PORT_Assert(ss->ssl3.hs.suite_def->prf_hash != ssl_hash_none);
+    return ss->ssl3.hs.suite_def->prf_hash;
+}
+
+unsigned int
+tls13_GetHashSizeForHash(SSLHashType hash)
+{
+    switch (hash) {
+        case ssl_hash_sha256:
+            return 32;
+        case ssl_hash_sha384:
+            return 48;
+        default:
+            PORT_Assert(0);
+    }
+    return 32;
+}
+
+unsigned int
+tls13_GetHashSize(const sslSocket *ss)
+{
+    return tls13_GetHashSizeForHash(tls13_GetHash(ss));
+}
+
+CK_MECHANISM_TYPE
+tls13_GetHkdfMechanismForHash(SSLHashType hash)
+{
+    switch (hash) {
+        case ssl_hash_sha256:
+            return CKM_NSS_HKDF_SHA256;
+        case ssl_hash_sha384:
+            return CKM_NSS_HKDF_SHA384;
+        default:
+            PORT_Assert(0);
+    }
+    return CKM_NSS_HKDF_SHA256;
+}
+
+CK_MECHANISM_TYPE
+tls13_GetHkdfMechanism(sslSocket *ss)
+{
+    return tls13_GetHkdfMechanismForHash(tls13_GetHash(ss));
+}
+
+static CK_MECHANISM_TYPE
+tls13_GetHmacMechanism(sslSocket *ss)
+{
+    switch (tls13_GetHash(ss)) {
+        case ssl_hash_sha256:
+            return CKM_SHA256_HMAC;
+        case ssl_hash_sha384:
+            return CKM_SHA384_HMAC;
+        default:
+            PORT_Assert(0);
+    }
+    return CKM_SHA256_HMAC;
+}
+
+SECStatus
+tls13_CreateKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef)
+{
+    SECStatus rv;
+    sslEphemeralKeyPair *keyPair = NULL;
+    const ssl3DHParams *params;
+
+    PORT_Assert(groupDef);
+    switch (groupDef->keaType) {
+        case ssl_kea_ecdh:
+            rv = ssl_CreateECDHEphemeralKeyPair(ss, groupDef, &keyPair);
+            if (rv != SECSuccess) {
+                return SECFailure;
+            }
+            break;
+        case ssl_kea_dh:
+            params = ssl_GetDHEParams(groupDef);
+            PORT_Assert(params->name != ssl_grp_ffdhe_custom);
+            rv = ssl_CreateDHEKeyPair(groupDef, params, &keyPair);
+            if (rv != SECSuccess) {
+                return SECFailure;
+            }
+            break;
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+    }
+
+    PR_APPEND_LINK(&keyPair->link, &ss->ephemeralKeyPairs);
+    return rv;
+}
+
+SECStatus
+SSL_SendAdditionalKeyShares(PRFileDesc *fd, unsigned int count)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+    if (!ss) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    ss->additionalShares = count;
+    return SECSuccess;
+}
+
+/*
+ * Generate shares for ECDHE and FFDHE.  This picks the first enabled group of
+ * the requisite type and creates a share for that.
+ *
+ * Called from ssl3_SendClientHello.
+ */
+SECStatus
+tls13_SetupClientHello(sslSocket *ss)
+{
+    unsigned int i;
+    SSL3Statistics *ssl3stats = SSL_GetStatistics();
+    NewSessionTicket *session_ticket = NULL;
+    sslSessionID *sid = ss->sec.ci.sid;
+    unsigned int numShares = 0;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
+
+    /* Select the first enabled group.
+     * TODO(ekr@rtfm.com): be smarter about offering the group
+     * that the other side negotiated if we are resuming. */
+    for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
+        SECStatus rv;
+        if (!ss->namedGroupPreferences[i]) {
+            continue;
+        }
+        rv = tls13_CreateKeyShare(ss, ss->namedGroupPreferences[i]);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+        if (++numShares > ss->additionalShares) {
+            break;
+        }
+    }
+
+    if (PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs)) {
+        PORT_SetError(SSL_ERROR_NO_CIPHERS_SUPPORTED);
+        return SECFailure;
+    }
+
+    /* Below here checks if we can do stateless resumption. */
+    if (sid->cached == never_cached ||
+        sid->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    /* The caller must be holding sid->u.ssl3.lock for reading. */
+    session_ticket = &sid->u.ssl3.locked.sessionTicket;
+    PORT_Assert(session_ticket && session_ticket->ticket.data);
+
+    if (ssl_TicketTimeValid(session_ticket)) {
+        ss->statelessResume = PR_TRUE;
+    }
+
+    if (ss->statelessResume) {
+        SECStatus rv;
+
+        PORT_Assert(ss->sec.ci.sid);
+        rv = tls13_RecoverWrappedSharedSecret(ss, ss->sec.ci.sid);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            SSL_AtomicIncrementLong(&ssl3stats->sch_sid_cache_not_ok);
+            ss->sec.uncache(ss->sec.ci.sid);
+            ssl_FreeSID(ss->sec.ci.sid);
+            ss->sec.ci.sid = NULL;
+            return SECFailure;
+        }
+
+        rv = ssl3_SetCipherSuite(ss, ss->sec.ci.sid->u.ssl3.cipherSuite, PR_FALSE);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, PORT_GetError(), internal_error);
+            return SECFailure;
+        }
+
+        rv = tls13_ComputeEarlySecrets(ss);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_ImportDHEKeyShare(sslSocket *ss, SECKEYPublicKey *peerKey,
+                        SSL3Opaque *b, PRUint32 length,
+                        SECKEYPublicKey *pubKey)
+{
+    SECStatus rv;
+    SECItem publicValue = { siBuffer, NULL, 0 };
+
+    publicValue.data = b;
+    publicValue.len = length;
+    if (!ssl_IsValidDHEShare(&pubKey->u.dh.prime, &publicValue)) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
+        return SECFailure;
+    }
+
+    peerKey->keyType = dhKey;
+    rv = SECITEM_CopyItem(peerKey->arena, &peerKey->u.dh.prime,
+                          &pubKey->u.dh.prime);
+    if (rv != SECSuccess)
+        return SECFailure;
+    rv = SECITEM_CopyItem(peerKey->arena, &peerKey->u.dh.base,
+                          &pubKey->u.dh.base);
+    if (rv != SECSuccess)
+        return SECFailure;
+    rv = SECITEM_CopyItem(peerKey->arena, &peerKey->u.dh.publicValue,
+                          &publicValue);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_HandleKeyShare(sslSocket *ss,
+                     TLS13KeyShareEntry *entry,
+                     sslKeyPair *keyPair)
+{
+    PORTCheapArenaPool arena;
+    SECKEYPublicKey *peerKey;
+    CK_MECHANISM_TYPE mechanism;
+    PRErrorCode errorCode;
+    SECStatus rv;
+
+    PORT_InitCheapArena(&arena, DER_DEFAULT_CHUNKSIZE);
+    peerKey = PORT_ArenaZNew(&arena.arena, SECKEYPublicKey);
+    if (peerKey == NULL) {
+        goto loser;
+    }
+    peerKey->arena = &arena.arena;
+    peerKey->pkcs11Slot = NULL;
+    peerKey->pkcs11ID = CK_INVALID_HANDLE;
+
+    switch (entry->group->keaType) {
+        case ssl_kea_ecdh:
+            rv = ssl_ImportECDHKeyShare(ss, peerKey,
+                                        entry->key_exchange.data,
+                                        entry->key_exchange.len,
+                                        entry->group);
+            mechanism = CKM_ECDH1_DERIVE;
+            break;
+        case ssl_kea_dh:
+            rv = tls13_ImportDHEKeyShare(ss, peerKey,
+                                         entry->key_exchange.data,
+                                         entry->key_exchange.len,
+                                         keyPair->pubKey);
+            mechanism = CKM_DH_PKCS_DERIVE;
+            break;
+        default:
+            PORT_Assert(0);
+            goto loser;
+    }
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    ss->ssl3.hs.dheSecret = PK11_PubDeriveWithKDF(
+        keyPair->privKey, peerKey, PR_FALSE, NULL, NULL, mechanism,
+        tls13_GetHkdfMechanism(ss), CKA_DERIVE, 0, CKD_NULL, NULL, NULL);
+    if (!ss->ssl3.hs.dheSecret) {
+        ssl_MapLowLevelError(SSL_ERROR_KEY_EXCHANGE_FAILURE);
+        goto loser;
+    }
+    PORT_DestroyCheapArena(&arena);
+    return SECSuccess;
+
+loser:
+    PORT_DestroyCheapArena(&arena);
+    errorCode = PORT_GetError(); /* don't overwrite the error code */
+    tls13_FatalError(ss, errorCode, illegal_parameter);
+    return SECFailure;
+}
+
+SECStatus
+tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
+                                      PRUint32 length, SSL3Hashes *hashesPtr)
+{
+    if (ss->sec.isServer && ss->ssl3.hs.zeroRttIgnore != ssl_0rtt_ignore_none) {
+        SSL_TRC(3, ("%d: TLS13[%d]: %s successfully decrypted handshake after"
+                    "failed 0-RTT",
+                    SSL_GETPID(), ss->fd));
+        ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_none;
+    }
+
+    /* TODO(ekr@rtfm.com): Would it be better to check all the states here? */
+    switch (ss->ssl3.hs.msg_type) {
+        case certificate:
+            return tls13_HandleCertificate(ss, b, length);
+
+        case certificate_request:
+            return tls13_HandleCertificateRequest(ss, b, length);
+
+        case certificate_verify:
+            if (!hashesPtr) {
+                FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY, unexpected_message);
+                return SECFailure;
+            }
+            return tls13_HandleCertificateVerify(ss, b, length, hashesPtr);
+
+        case encrypted_extensions:
+            return tls13_HandleEncryptedExtensions(ss, b, length);
+
+        case new_session_ticket:
+            return tls13_HandleNewSessionTicket(ss, b, length);
+
+        case finished:
+            if (!hashesPtr) {
+                FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED, unexpected_message);
+                return SECFailure;
+            }
+            if (ss->sec.isServer) {
+                return tls13_ServerHandleFinished(ss, b, length, hashesPtr);
+            } else {
+                return tls13_ClientHandleFinished(ss, b, length, hashesPtr);
+            }
+
+        default:
+            FATAL_ERROR(ss, SSL_ERROR_RX_UNKNOWN_HANDSHAKE, unexpected_message);
+            return SECFailure;
+    }
+
+    PORT_Assert(0); /* Unreached */
+    return SECFailure;
+}
+
+static SECStatus
+tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid)
+{
+    PK11SymKey *wrapKey; /* wrapping key */
+    SECItem wrappedMS = { siBuffer, NULL, 0 };
+    SSLHashType hashType;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: recovering static secret (%s)",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
+    if (!sid->u.ssl3.keys.msIsWrapped) {
+        PORT_Assert(0); /* I think this can't happen. */
+        return SECFailure;
+    }
+
+    /* Now find the hash used as the PRF for the previous handshake. */
+    hashType = tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite);
+
+    /* If we are the server, we compute the wrapping key, but if we
+     * are the client, its coordinates are stored with the ticket. */
+    if (ss->sec.isServer) {
+        wrapKey = ssl3_GetWrappingKey(ss, NULL,
+                                      sid->u.ssl3.masterWrapMech,
+                                      ss->pkcs11PinArg);
+    } else {
+        PK11SlotInfo *slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
+                                               sid->u.ssl3.masterSlotID);
+        if (!slot)
+            return SECFailure;
+
+        wrapKey = PK11_GetWrapKey(slot,
+                                  sid->u.ssl3.masterWrapIndex,
+                                  sid->u.ssl3.masterWrapMech,
+                                  sid->u.ssl3.masterWrapSeries,
+                                  ss->pkcs11PinArg);
+        PK11_FreeSlot(slot);
+    }
+    if (!wrapKey) {
+        return SECFailure;
+    }
+
+    wrappedMS.data = sid->u.ssl3.keys.wrapped_master_secret;
+    wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len;
+
+    /* unwrap the "master secret" which is actually RMS. */
+    ss->ssl3.hs.resumptionMasterSecret = PK11_UnwrapSymKeyWithFlags(
+        wrapKey, sid->u.ssl3.masterWrapMech,
+        NULL, &wrappedMS,
+        CKM_SSL3_MASTER_KEY_DERIVE,
+        CKA_DERIVE,
+        tls13_GetHashSizeForHash(hashType),
+        CKF_SIGN | CKF_VERIFY);
+    PK11_FreeSymKey(wrapKey);
+    if (!ss->ssl3.hs.resumptionMasterSecret) {
+        return SECFailure;
+    }
+
+    PRINT_KEY(50, (ss, "Recovered RMS", ss->ssl3.hs.resumptionMasterSecret));
+
+    return SECSuccess;
+}
+
+/* Key Derivation Functions.
+ *
+ * Below is the key schedule from [draft-ietf-tls-tls13].
+ *
+ * * The relevant functions from this file are indicated by tls13_Foo().
+ *                 0
+ *                 |
+ *                 v
+ *   PSK ->  HKDF-Extract
+ *                 |
+ *                 v
+ *           Early Secret ---> Derive-Secret(., "client early traffic secret",
+ *                 |                         ClientHello)
+ *                 |                         = client_early_traffic_secret
+ *                 v
+ * (EC)DHE -> HKDF-Extract
+ *                 |
+ *                 v
+ *         Handshake Secret
+ *                 |
+ *                 +---------> Derive-Secret(., "client handshake traffic secret",
+ *                 |                         ClientHello...ServerHello)
+ *                 |                         = client_handshake_traffic_secret
+ *                 |
+ *                 +---------> Derive-Secret(., "server handshake traffic secret",
+ *                 |                         ClientHello...ServerHello)
+ *                 |                         = server_handshake_traffic_secret
+ *                 |
+ *                 v
+ *      0 -> HKDF-Extract
+ *                 |
+ *                 v
+ *            Master Secret
+ *                 |
+ *                 +---------> Derive-Secret(., "client application traffic secret",
+ *                 |                         ClientHello...Server Finished)
+ *                 |                         = client_traffic_secret_0
+ *                 |
+ *                 +---------> Derive-Secret(., "server application traffic secret",
+ *                 |                         ClientHello...Server Finished)
+ *                 |                         = server_traffic_secret_0
+ *                 |
+ *                 +---------> Derive-Secret(., "exporter master secret",
+ *                 |                         ClientHello...Client Finished)
+ *                 |                         = exporter_secret
+ *                 |
+ *                 +---------> Derive-Secret(., "resumption master secret",
+ *                                           ClientHello...Client Finished)
+ *                                           = resumption_secret
+ *
+ */
+
+static SECStatus
+tls13_ComputeEarlySecrets(sslSocket *ss)
+{
+    SECStatus rv = SECSuccess;
+
+    SSL_TRC(5, ("%d: TLS13[%d]: compute early secrets (%s)",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
+
+    /* Extract off the resumptionMasterSecret (if present), else pass the NULL
+     * resumptionMasterSecret which will be internally translated to zeroes. */
+    PORT_Assert(!ss->ssl3.hs.currentSecret);
+    rv = tls13_HkdfExtract(NULL, ss->ssl3.hs.resumptionMasterSecret,
+                           tls13_GetHash(ss), &ss->ssl3.hs.currentSecret);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    PORT_Assert(ss->statelessResume == (ss->ssl3.hs.resumptionMasterSecret != NULL));
+    if (ss->statelessResume) {
+        PRUint8 buf[1] = { 0 };
+        SSL3Hashes hashes;
+
+        PK11_FreeSymKey(ss->ssl3.hs.resumptionMasterSecret);
+        ss->ssl3.hs.resumptionMasterSecret = NULL;
+
+        rv = PK11_HashBuf(ssl3_HashTypeToOID(tls13_GetHash(ss)),
+                          hashes.u.raw, buf, 0);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            return SECFailure;
+        }
+        hashes.len = tls13_GetHashSize(ss);
+
+        rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                                NULL, kHkdfLabelPskBinderKey, &hashes,
+                                &ss->ssl3.hs.pskBinderKey);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+
+        rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                                NULL, kHkdfLabelEarlyExporterSecret,
+                                &hashes, &ss->ssl3.hs.earlyExporterSecret);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    } else {
+        PORT_Assert(!ss->ssl3.hs.resumptionMasterSecret);
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_ComputeHandshakeSecrets(sslSocket *ss)
+{
+    SECStatus rv;
+    PK11SymKey *newSecret = NULL;
+
+    SSL_TRC(5, ("%d: TLS13[%d]: compute handshake secrets (%s)",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
+
+    /* First update |currentSecret| to add |dheSecret|, if any. */
+    PORT_Assert(ss->ssl3.hs.currentSecret);
+    PORT_Assert(ss->ssl3.hs.dheSecret);
+    rv = tls13_HkdfExtract(ss->ssl3.hs.currentSecret, ss->ssl3.hs.dheSecret,
+                           tls13_GetHash(ss), &newSecret);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return rv;
+    }
+    PK11_FreeSymKey(ss->ssl3.hs.dheSecret);
+    ss->ssl3.hs.dheSecret = NULL;
+    PK11_FreeSymKey(ss->ssl3.hs.currentSecret);
+    ss->ssl3.hs.currentSecret = newSecret;
+
+    /* Now compute |*HsTrafficSecret| */
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelClient,
+                            kHkdfLabelHandshakeTrafficSecret, NULL,
+                            &ss->ssl3.hs.clientHsTrafficSecret);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return rv;
+    }
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelServer,
+                            kHkdfLabelHandshakeTrafficSecret, NULL,
+                            &ss->ssl3.hs.serverHsTrafficSecret);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return rv;
+    }
+
+    SSL_TRC(5, ("%d: TLS13[%d]: compute master secret (%s)",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
+
+    /* Crank HKDF forward to make master secret, which we
+     * stuff in current secret. */
+    rv = tls13_HkdfExtract(ss->ssl3.hs.currentSecret,
+                           NULL,
+                           tls13_GetHash(ss),
+                           &newSecret);
+
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    PK11_FreeSymKey(ss->ssl3.hs.currentSecret);
+    ss->ssl3.hs.currentSecret = newSecret;
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_ComputeApplicationSecrets(sslSocket *ss)
+{
+    SECStatus rv;
+
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelClient,
+                            kHkdfLabelApplicationTrafficSecret,
+                            NULL,
+                            &ss->ssl3.hs.clientTrafficSecret);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelServer,
+                            kHkdfLabelApplicationTrafficSecret,
+                            NULL,
+                            &ss->ssl3.hs.serverTrafficSecret);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            NULL, kHkdfLabelExporterMasterSecret,
+                            NULL, &ss->ssl3.hs.exporterSecret);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_ComputeFinalSecrets(sslSocket *ss)
+{
+    SECStatus rv;
+    PK11SymKey *resumptionMasterSecret = NULL;
+
+    PORT_Assert(!ss->ssl3.crSpec->master_secret);
+    PORT_Assert(!ss->ssl3.cwSpec->master_secret);
+
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            NULL, kHkdfLabelResumptionMasterSecret,
+                            NULL, &resumptionMasterSecret);
+    PK11_FreeSymKey(ss->ssl3.hs.currentSecret);
+    ss->ssl3.hs.currentSecret = NULL;
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* This is pretty gross. TLS 1.3 uses a number of master secrets:
+     * The master secret to generate the keys and then the resumption
+     * master secret for future connections. To make this work without
+     * refactoring too much of the SSLv3 code, we store the RMS in
+     * |crSpec->master_secret| and |cwSpec->master_secret|.
+     */
+    ss->ssl3.crSpec->master_secret = resumptionMasterSecret;
+    ss->ssl3.cwSpec->master_secret =
+        PK11_ReferenceSymKey(ss->ssl3.crSpec->master_secret);
+
+    return SECSuccess;
+}
+
+static void
+tls13_RestoreCipherInfo(sslSocket *ss, sslSessionID *sid)
+{
+    /* Set these to match the cached value.
+     * TODO(ekr@rtfm.com): Make a version with the "true" values.
+     * Bug 1256137.
+     */
+    ss->sec.authType = sid->authType;
+    ss->sec.authKeyBits = sid->authKeyBits;
+}
+
+/* Check whether resumption-PSK is allowed. */
+static PRBool
+tls13_CanResume(sslSocket *ss, const sslSessionID *sid)
+{
+    const sslServerCert *sc;
+
+    if (!sid) {
+        return PR_FALSE;
+    }
+
+    if (sid->version != ss->version) {
+        return PR_FALSE;
+    }
+
+    if (tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite) != tls13_GetHashForCipherSuite(ss->ssl3.hs.cipher_suite)) {
+        return PR_FALSE;
+    }
+
+    /* Server sids don't remember the server cert we previously sent, but they
+     * do remember the type of certificate we originally used, so we can locate
+     * it again, provided that the current ssl socket has had its server certs
+     * configured the same as the previous one. */
+    sc = ssl_FindServerCert(ss, sid->authType, sid->namedCurve);
+    if (!sc || !sc->serverCert) {
+        return PR_FALSE;
+    }
+
+    return PR_TRUE;
+}
+
+static PRBool
+tls13_AlpnTagAllowed(const sslSocket *ss, const SECItem *tag)
+{
+    const unsigned char *data = ss->opt.nextProtoNego.data;
+    unsigned int length = ss->opt.nextProtoNego.len;
+    unsigned int offset = 0;
+
+    if (!tag->len)
+        return PR_TRUE;
+
+    while (offset < length) {
+        unsigned int taglen = (unsigned int)data[offset];
+        if ((taglen == tag->len) &&
+            !PORT_Memcmp(data + offset + 1, tag->data, tag->len))
+            return PR_TRUE;
+        offset += 1 + taglen;
+    }
+
+    return PR_FALSE;
+}
+
+static PRBool
+tls13_CanNegotiateZeroRtt(sslSocket *ss, const sslSessionID *sid)
+{
+    PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_sent);
+
+    if (!sid)
+        return PR_FALSE;
+    PORT_Assert(ss->statelessResume);
+    if (!ss->statelessResume)
+        return PR_FALSE;
+    if (ss->ssl3.hs.cipher_suite != sid->u.ssl3.cipherSuite)
+        return PR_FALSE;
+    if (!ss->opt.enable0RttData)
+        return PR_FALSE;
+    if (!(sid->u.ssl3.locked.sessionTicket.flags & ticket_allow_early_data))
+        return PR_FALSE;
+    if (SECITEM_CompareItem(&ss->xtnData.nextProto,
+                            &sid->u.ssl3.alpnSelection) != 0)
+        return PR_FALSE;
+
+    return PR_TRUE;
+}
+
+/* Called from tls13_HandleClientHelloPart2 to update the state of 0-RTT handling.
+ *
+ * 0-RTT is only permitted if:
+ * 1. The early data extension was present.
+ * 2. We are resuming a session.
+ * 3. The 0-RTT option is set.
+ * 4. The ticket allowed 0-RTT.
+ * 5. We negotiated the same ALPN value as in the ticket.
+ */
+static void
+tls13_NegotiateZeroRtt(sslSocket *ss, const sslSessionID *sid)
+{
+    SSL_TRC(3, ("%d: TLS13[%d]: negotiate 0-RTT %p",
+                SSL_GETPID(), ss->fd, sid));
+
+    /* tls13_ServerHandleEarlyDataXtn sets this to ssl_0rtt_sent, so this will
+     * be ssl_0rtt_none unless early_data is present. */
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_none) {
+        return;
+    }
+
+    /* If we rejected 0-RTT on the first ClientHello, then we can just say that
+     * there is no 0-RTT for the second.  We shouldn't get any more.  Reset the
+     * ignore state so that we treat decryption failure normally. */
+    if (ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_hrr) {
+        PORT_Assert(ss->ssl3.hs.helloRetry);
+        ss->ssl3.hs.zeroRttState = ssl_0rtt_none;
+        ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_none;
+        return;
+    }
+
+    if (!tls13_CanNegotiateZeroRtt(ss, sid)) {
+        SSL_TRC(3, ("%d: TLS13[%d]: ignore 0-RTT",
+                    SSL_GETPID(), ss->fd));
+        ss->ssl3.hs.zeroRttState = ssl_0rtt_ignored;
+        ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_trial;
+        return;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: enable 0-RTT",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->statelessResume);
+    ss->ssl3.hs.zeroRttState = ssl_0rtt_accepted;
+    ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_none;
+}
+
+/* Check if the offered group is acceptable. */
+static PRBool
+tls13_isGroupAcceptable(const sslNamedGroupDef *offered,
+                        const sslNamedGroupDef *preferredGroup)
+{
+    /* We accept epsilon (e) bits around the offered group size. */
+    const unsigned int e = 2;
+
+    PORT_Assert(offered);
+    PORT_Assert(preferredGroup);
+
+    if (offered->bits >= preferredGroup->bits - e &&
+        offered->bits <= preferredGroup->bits + e) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+/* Find remote key share for given group and return it.
+ * Returns NULL if no key share is found. */
+static TLS13KeyShareEntry *
+tls13_FindKeyShareEntry(sslSocket *ss, const sslNamedGroupDef *group)
+{
+    PRCList *cur_p = PR_NEXT_LINK(&ss->xtnData.remoteKeyShares);
+    while (cur_p != &ss->xtnData.remoteKeyShares) {
+        TLS13KeyShareEntry *offer = (TLS13KeyShareEntry *)cur_p;
+        if (offer->group == group) {
+            return offer;
+        }
+        cur_p = PR_NEXT_LINK(cur_p);
+    }
+    return NULL;
+}
+
+static SECStatus
+tls13_NegotiateKeyExchange(sslSocket *ss, TLS13KeyShareEntry **clientShare)
+{
+    unsigned int index;
+    TLS13KeyShareEntry *entry = NULL;
+    const sslNamedGroupDef *preferredGroup = NULL;
+
+    /* We insist on DHE. */
+    if (ss->statelessResume) {
+        if (!ssl3_ExtensionNegotiated(ss, ssl_tls13_psk_key_exchange_modes_xtn)) {
+            FATAL_ERROR(ss, SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES,
+                        missing_extension);
+            return SECFailure;
+        }
+        if (!memchr(ss->xtnData.psk_ke_modes.data, tls13_psk_dh_ke,
+                    ss->xtnData.psk_ke_modes.len)) {
+            SSL_TRC(3, ("%d: TLS13[%d]: client offered PSK without DH",
+                        SSL_GETPID(), ss->fd));
+            ss->statelessResume = PR_FALSE;
+        }
+    }
+
+    /* Now figure out which key share we like the best out of the
+     * mutually supported groups, regardless of what the client offered
+     * for key shares.
+     */
+    if (!ssl3_ExtensionNegotiated(ss, ssl_supported_groups_xtn)) {
+        FATAL_ERROR(ss, SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION,
+                    missing_extension);
+        return SECFailure;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: selected KE = %s",
+                SSL_GETPID(), ss->fd, ss->statelessResume ? "PSK + (EC)DHE" : "(EC)DHE"));
+
+    /* Find the preferred group and an according client key share available. */
+    for (index = 0; index < SSL_NAMED_GROUP_COUNT; ++index) {
+        /* Continue to the next group if this one is not enabled. */
+        if (!ss->namedGroupPreferences[index]) {
+            /* There's a gap in the preferred groups list. Assume this is a group
+             * that's not supported by the client but preferred by the server. */
+            if (preferredGroup) {
+                entry = NULL;
+                break;
+            }
+            continue;
+        }
+
+        /* Check if the client sent a key share for this group. */
+        entry = tls13_FindKeyShareEntry(ss, ss->namedGroupPreferences[index]);
+
+        if (preferredGroup) {
+            /* We already found our preferred group but the group didn't have a share. */
+            if (entry) {
+                /* The client sent a key share with group ss->namedGroupPreferences[index] */
+                if (tls13_isGroupAcceptable(ss->namedGroupPreferences[index],
+                                            preferredGroup)) {
+                    /* This is not the preferred group, but it's acceptable */
+                    preferredGroup = ss->namedGroupPreferences[index];
+                } else {
+                    /* The proposed group is not acceptable. */
+                    entry = NULL;
+                }
+            }
+            break;
+        } else {
+            /* The first enabled group is the preferred group. */
+            preferredGroup = ss->namedGroupPreferences[index];
+            if (entry) {
+                break;
+            }
+        }
+    }
+
+    if (!preferredGroup) {
+        FATAL_ERROR(ss, SSL_ERROR_NO_CYPHER_OVERLAP, handshake_failure);
+        return SECFailure;
+    }
+    SSL_TRC(3, ("%d: TLS13[%d]: group = %d", SSL_GETPID(), ss->fd,
+                preferredGroup->name));
+
+    if (!entry) {
+        return tls13_SendHelloRetryRequest(ss, preferredGroup);
+    }
+
+    PORT_Assert(preferredGroup == entry->group);
+    *clientShare = entry;
+
+    return SECSuccess;
+}
+
+SSLAuthType
+ssl_SignatureSchemeToAuthType(SSLSignatureScheme scheme)
+{
+    switch (scheme) {
+        case ssl_sig_rsa_pkcs1_sha1:
+        case ssl_sig_rsa_pkcs1_sha256:
+        case ssl_sig_rsa_pkcs1_sha384:
+        case ssl_sig_rsa_pkcs1_sha512:
+        /* We report PSS signatures as being just RSA signatures. */
+        case ssl_sig_rsa_pss_sha256:
+        case ssl_sig_rsa_pss_sha384:
+        case ssl_sig_rsa_pss_sha512:
+            return ssl_auth_rsa_sign;
+        case ssl_sig_ecdsa_secp256r1_sha256:
+        case ssl_sig_ecdsa_secp384r1_sha384:
+        case ssl_sig_ecdsa_secp521r1_sha512:
+        case ssl_sig_ecdsa_sha1:
+            return ssl_auth_ecdsa;
+        default:
+            PORT_Assert(0);
+    }
+    return ssl_auth_null;
+}
+
+SECStatus
+tls13_SelectServerCert(sslSocket *ss)
+{
+    PRCList *cursor;
+    SECStatus rv;
+
+    if (!ssl3_ExtensionNegotiated(ss, ssl_signature_algorithms_xtn)) {
+        FATAL_ERROR(ss, SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION,
+                    missing_extension);
+        return SECFailure;
+    }
+
+    /* This picks the first certificate that has:
+     * a) the right authentication method, and
+     * b) the right named curve (EC only)
+     *
+     * We might want to do some sort of ranking here later.  For now, it's all
+     * based on what order they are configured in. */
+    for (cursor = PR_NEXT_LINK(&ss->serverCerts);
+         cursor != &ss->serverCerts;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslServerCert *cert = (sslServerCert *)cursor;
+
+        if (SSL_CERT_IS_ONLY(cert, ssl_auth_rsa_decrypt)) {
+            continue;
+        }
+
+        rv = ssl_PickSignatureScheme(ss,
+                                     cert->serverKeyPair->pubKey,
+                                     cert->serverKeyPair->privKey,
+                                     ss->xtnData.clientSigSchemes,
+                                     ss->xtnData.numClientSigScheme,
+                                     PR_FALSE);
+        if (rv == SECSuccess) {
+            /* Found one. */
+            ss->sec.serverCert = cert;
+            ss->sec.authType = ss->ssl3.hs.kea_def_mutable.authKeyType =
+                ssl_SignatureSchemeToAuthType(ss->ssl3.hs.signatureScheme);
+            ss->sec.authKeyBits = cert->serverKeyBits;
+            return SECSuccess;
+        }
+    }
+
+    FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM,
+                handshake_failure);
+    return SECFailure;
+}
+
+static SECStatus
+tls13_NegotiateAuthentication(sslSocket *ss)
+{
+    SECStatus rv;
+
+    if (ss->statelessResume) {
+        SSL_TRC(3, ("%d: TLS13[%d]: selected PSK authentication",
+                    SSL_GETPID(), ss->fd));
+        ss->ssl3.hs.signatureScheme = ssl_sig_none;
+        ss->ssl3.hs.kea_def_mutable.authKeyType = ssl_auth_psk;
+        return SECSuccess;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: selected certificate authentication",
+                SSL_GETPID(), ss->fd));
+    /* We've now established that we need to sign.... */
+    rv = tls13_SelectServerCert(ss);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Called from ssl3_HandleClientHello after we have parsed the
+ * ClientHello and are sure that we are going to do TLS 1.3
+ * or fail. */
+SECStatus
+tls13_HandleClientHelloPart2(sslSocket *ss,
+                             const SECItem *suites,
+                             sslSessionID *sid)
+{
+    SECStatus rv;
+    SSL3Statistics *ssl3stats = SSL_GetStatistics();
+    TLS13KeyShareEntry *clientShare = NULL;
+    int j;
+    ssl3CipherSuite previousCipherSuite;
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_tls13_early_data_xtn)) {
+        ss->ssl3.hs.zeroRttState = ssl_0rtt_sent;
+    }
+
+#ifndef PARANOID
+    /* Look for a matching cipher suite. */
+    j = ssl3_config_match_init(ss);
+    if (j <= 0) { /* no ciphers are working/supported by PK11 */
+        FATAL_ERROR(ss, PORT_GetError(), internal_error);
+        goto loser;
+    }
+#endif
+
+    previousCipherSuite = ss->ssl3.hs.cipher_suite;
+    rv = ssl3_NegotiateCipherSuite(ss, suites, PR_FALSE);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SSL_ERROR_NO_CYPHER_OVERLAP, handshake_failure);
+        goto loser;
+    }
+    /* If we are going around again, then we should make sure that the cipher
+     * suite selection doesn't change. That's a sign of client shennanigans. */
+    if (ss->ssl3.hs.helloRetry &&
+        ss->ssl3.hs.cipher_suite != previousCipherSuite) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, handshake_failure);
+        goto loser;
+    }
+
+    /* Now create a synthetic kea_def that we can tweak. */
+    ss->ssl3.hs.kea_def_mutable = *ss->ssl3.hs.kea_def;
+    ss->ssl3.hs.kea_def = &ss->ssl3.hs.kea_def_mutable;
+
+    /* Note: We call this quite a bit earlier than with TLS 1.2 and
+     * before. */
+    rv = ssl3_ServerCallSNICallback(ss);
+    if (rv != SECSuccess) {
+        goto loser; /* An alert has already been sent. */
+    }
+
+    /* Check if we could in principle resume. */
+    if (ss->statelessResume) {
+        PORT_Assert(sid);
+        if (!sid) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            return SECFailure;
+        }
+        if (!tls13_CanResume(ss, sid)) {
+            ss->statelessResume = PR_FALSE;
+        }
+    }
+
+    /* Select key exchange. */
+    rv = tls13_NegotiateKeyExchange(ss, &clientShare);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* If we didn't find a client key share, we have to retry. */
+    if (!clientShare) {
+        if (sid) { /* Free the sid. */
+            ss->sec.uncache(sid);
+            ssl_FreeSID(sid);
+        }
+        PORT_Assert(ss->ssl3.hs.helloRetry);
+        return SECSuccess;
+    }
+
+    /* Select the authentication (this is also handshake shape). */
+    rv = tls13_NegotiateAuthentication(ss);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    if (ss->statelessResume) {
+        /* We are now committed to trying to resume. */
+        PORT_Assert(sid);
+
+        /* Check that the negotiated SNI and the cached SNI match. */
+        if (SECITEM_CompareItem(&sid->u.ssl3.srvName,
+                                &ss->ssl3.hs.srvVirtName) != SECEqual) {
+            FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO,
+                        handshake_failure);
+            goto loser;
+        }
+
+        ss->sec.serverCert = ssl_FindServerCert(ss, sid->authType,
+                                                sid->namedCurve);
+        PORT_Assert(ss->sec.serverCert);
+
+        rv = tls13_RecoverWrappedSharedSecret(ss, sid);
+        if (rv != SECSuccess) {
+            SSL_AtomicIncrementLong(&ssl3stats->hch_sid_cache_not_ok);
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            goto loser;
+        }
+        tls13_RestoreCipherInfo(ss, sid);
+
+        ss->sec.localCert = CERT_DupCertificate(ss->sec.serverCert->serverCert);
+        if (sid->peerCert != NULL) {
+            ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
+        }
+
+        ssl3_RegisterExtensionSender(
+            ss, &ss->xtnData,
+            ssl_tls13_pre_shared_key_xtn, tls13_ServerSendPreSharedKeyXtn);
+
+        tls13_NegotiateZeroRtt(ss, sid);
+    } else {
+        if (sid) { /* we had a sid, but it's no longer valid, free it */
+            SSL_AtomicIncrementLong(&ssl3stats->hch_sid_cache_not_ok);
+            if (ss->sec.uncache)
+                ss->sec.uncache(sid);
+            ssl_FreeSID(sid);
+            sid = NULL;
+        }
+        tls13_NegotiateZeroRtt(ss, NULL);
+    }
+
+    /* Need to compute early secrets. */
+    rv = tls13_ComputeEarlySecrets(ss);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    /* Now that we have the binder key check the binder. */
+    if (ss->statelessResume) {
+        SSL3Hashes hashes;
+
+        rv = tls13_ComputePskBinderHash(ss, ss->xtnData.pskBinderPrefixLen,
+                                        &hashes);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            goto loser;
+        }
+
+        rv = tls13_VerifyFinished(ss, client_hello,
+                                  ss->ssl3.hs.pskBinderKey,
+                                  ss->xtnData.pskBinder.data,
+                                  ss->xtnData.pskBinder.len,
+                                  &hashes);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+    }
+
+    /* This needs to go after we verify the psk binder. */
+    rv = ssl3_InitHandshakeHashes(ss);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    /* If this is TLS 1.3 we are expecting a ClientKeyShare
+     * extension. Missing/absent extension cause failure
+     * below. */
+    rv = tls13_HandleClientKeyShare(ss, clientShare);
+    if (rv != SECSuccess) {
+        goto loser; /* An alert was sent already. */
+    }
+
+    /* From this point we are either committed to resumption, or not. */
+    if (ss->statelessResume) {
+        SSL_AtomicIncrementLong(&ssl3stats->hch_sid_cache_hits);
+        SSL_AtomicIncrementLong(&ssl3stats->hch_sid_stateless_resumes);
+    } else {
+        if (sid) {
+            /* We had a sid, but it's no longer valid, free it. */
+            SSL_AtomicIncrementLong(&ssl3stats->hch_sid_cache_not_ok);
+            ss->sec.uncache(sid);
+            ssl_FreeSID(sid);
+        } else {
+            SSL_AtomicIncrementLong(&ssl3stats->hch_sid_cache_misses);
+        }
+
+        sid = ssl3_NewSessionID(ss, PR_TRUE);
+        if (!sid) {
+            FATAL_ERROR(ss, PORT_GetError(), internal_error);
+            return SECFailure;
+        }
+    }
+    /* Take ownership of the session. */
+    ss->sec.ci.sid = sid;
+    sid = NULL;
+
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
+        rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                                kHkdfLabelClient,
+                                kHkdfLabelEarlyTrafficSecret,
+                                NULL, /* Current running hash. */
+                                &ss->ssl3.hs.clientEarlyTrafficSecret);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            return SECFailure;
+        }
+    }
+
+    ssl_GetXmitBufLock(ss);
+    rv = tls13_SendServerHelloSequence(ss);
+    ssl_ReleaseXmitBufLock(ss);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, PORT_GetError(), handshake_failure);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+
+loser:
+    if (sid) {
+        ss->sec.uncache(sid);
+        ssl_FreeSID(sid);
+    }
+    return SECFailure;
+}
+
+static SECStatus
+tls13_SendHelloRetryRequest(sslSocket *ss, const sslNamedGroupDef *selectedGroup)
+{
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send hello retry request handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    /* We asked already, but made no progress. */
+    if (ss->ssl3.hs.helloRetry) {
+        FATAL_ERROR(ss, SSL_ERROR_BAD_2ND_CLIENT_HELLO, illegal_parameter);
+        return SECFailure;
+    }
+
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_AppendHandshakeHeader(ss, hello_retry_request,
+                                    2 +     /* version */
+                                        2 + /* extension length */
+                                        2 + /* group extension id */
+                                        2 + /* group extension length */
+                                        2 /* group */);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        goto loser;
+    }
+
+    rv = ssl3_AppendHandshakeNumber(
+        ss, tls13_EncodeDraftVersion(ss->version), 2);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        goto loser;
+    }
+
+    /* Length of extensions. */
+    rv = ssl3_AppendHandshakeNumber(ss, 2 + 2 + 2, 2);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        goto loser;
+    }
+
+    /* Key share extension - currently the only reason we send this. */
+    rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        goto loser;
+    }
+    /* Key share extension length. */
+    rv = ssl3_AppendHandshakeNumber(ss, 2, 2);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        goto loser;
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, selectedGroup->name, 2);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        goto loser;
+    }
+
+    rv = ssl3_FlushHandshake(ss, 0);
+    if (rv != SECSuccess) {
+        goto loser; /* error code set by ssl3_FlushHandshake */
+    }
+    ssl_ReleaseXmitBufLock(ss);
+
+    ss->ssl3.hs.helloRetry = PR_TRUE;
+
+    /* We received early data but have to ignore it because we sent a retry. */
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) {
+        ss->ssl3.hs.zeroRttState = ssl_0rtt_ignored;
+        ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_hrr;
+    }
+
+    return SECSuccess;
+
+loser:
+    ssl_ReleaseXmitBufLock(ss);
+    return SECFailure;
+}
+
+/* Called from tls13_HandleClientHello.
+ *
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+
+static SECStatus
+tls13_HandleClientKeyShare(sslSocket *ss, TLS13KeyShareEntry *peerShare)
+{
+    SECStatus rv;
+    sslEphemeralKeyPair *keyPair; /* ours */
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle client_key_share handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(peerShare);
+
+    tls13_SetKeyExchangeType(ss, peerShare->group);
+
+    /* Generate our key */
+    rv = tls13_CreateKeyShare(ss, peerShare->group);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    /* We should have exactly one key share. */
+    PORT_Assert(!PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
+    PORT_Assert(PR_PREV_LINK(&ss->ephemeralKeyPairs) ==
+                PR_NEXT_LINK(&ss->ephemeralKeyPairs));
+
+    keyPair = ((sslEphemeralKeyPair *)PR_NEXT_LINK(&ss->ephemeralKeyPairs));
+    ss->sec.keaKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->keys->pubKey);
+
+    /* Register the sender */
+    rv = ssl3_RegisterExtensionSender(ss, &ss->xtnData, ssl_tls13_key_share_xtn,
+                                      tls13_ServerSendKeyShareXtn);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Error code set already. */
+    }
+
+    rv = tls13_HandleKeyShare(ss, peerShare, keyPair->keys);
+    return rv; /* Error code set already. */
+}
+
+/*
+ *     [draft-ietf-tls-tls13-11] Section 6.3.3.2
+ *
+ *     opaque DistinguishedName<1..2^16-1>;
+ *
+ *     struct {
+ *         opaque certificate_extension_oid<1..2^8-1>;
+ *         opaque certificate_extension_values<0..2^16-1>;
+ *     } CertificateExtension;
+ *
+ *     struct {
+ *         opaque certificate_request_context<0..2^8-1>;
+ *         SignatureAndHashAlgorithm
+ *           supported_signature_algorithms<2..2^16-2>;
+ *         DistinguishedName certificate_authorities<0..2^16-1>;
+ *         CertificateExtension certificate_extensions<0..2^16-1>;
+ *     } CertificateRequest;
+ */
+static SECStatus
+tls13_SendCertificateRequest(sslSocket *ss)
+{
+    SECStatus rv;
+    unsigned int calen;
+    SECItem *names;
+    unsigned int nnames;
+    SECItem *name;
+    int i;
+    PRUint8 sigSchemes[MAX_SIGNATURE_SCHEMES * 2];
+    unsigned int sigSchemesLength = 0;
+    int length;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: begin send certificate_request",
+                SSL_GETPID(), ss->fd));
+
+    rv = ssl3_EncodeSigAlgs(ss, sigSchemes, sizeof(sigSchemes),
+                            &sigSchemesLength);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    rv = ssl_GetCertificateRequestCAs(ss, &calen, &names, &nnames);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+    length = 1 + 0 /* length byte for empty request context */ +
+             2 + sigSchemesLength + 2 + calen + 2;
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, 0, 1);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    rv = ssl3_AppendHandshakeVariable(ss, sigSchemes, sigSchemesLength, 2);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, calen, 2);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+    for (i = 0, name = names; i < nnames; i++, name++) {
+        rv = ssl3_AppendHandshakeVariable(ss, name->data, name->len, 2);
+        if (rv != SECSuccess) {
+            return rv; /* err set by AppendHandshake. */
+        }
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+    if (rv != SECSuccess) {
+        return rv; /* err set by AppendHandshake. */
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+tls13_HandleHelloRetryRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+    PRUint32 tmp;
+    SSL3ProtocolVersion version;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle hello retry request",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST,
+                    unexpected_message);
+        return SECFailure;
+    }
+
+    /* Client only. */
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST,
+                              wait_server_hello);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* Fool me once, shame on you; fool me twice... */
+    if (ss->ssl3.hs.helloRetry) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST,
+                    unexpected_message);
+        return SECFailure;
+    }
+
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) {
+        ss->ssl3.hs.zeroRttState = ssl_0rtt_ignored;
+        /* Restore the null cipher spec for writing. */
+        ssl_GetSpecWriteLock(ss);
+        tls13_CipherSpecRelease(ss->ssl3.cwSpec);
+        ss->ssl3.cwSpec = ss->ssl3.crSpec;
+        PORT_Assert(ss->ssl3.cwSpec->cipher_def->cipher == cipher_null);
+        ssl_ReleaseSpecWriteLock(ss);
+    } else {
+        PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_none);
+    }
+
+    /* Version. */
+    rv = ssl_ClientReadVersion(ss, &b, &length, &version);
+    if (rv != SECSuccess) {
+        return SECFailure; /* alert already sent */
+    }
+    if (version > ss->vrange.max || version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST,
+                    protocol_version);
+        return SECFailure;
+    }
+
+    /* Extensions. */
+    rv = ssl3_ConsumeHandshakeNumber(ss, &tmp, 2, &b, &length);
+    if (rv != SECSuccess) {
+        return SECFailure; /* error code already set */
+    }
+    /* Extensions must be non-empty and use the remainder of the message.
+     * This means that a HelloRetryRequest cannot be a no-op: we must have an
+     * extension, it must be one that we understand and recognize as being valid
+     * for HelloRetryRequest, and all the extensions we permit cause us to
+     * modify our ClientHello in some way. */
+    if (!tmp || tmp != length) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST,
+                    decode_error);
+        return SECFailure;
+    }
+
+    rv = ssl3_HandleExtensions(ss, &b, &length, hello_retry_request);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Error code set below */
+    }
+
+    ss->ssl3.hs.helloRetry = PR_TRUE;
+
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_SendClientHello(ss, client_hello_retry);
+    ssl_ReleaseXmitBufLock(ss);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+    TLS13CertificateRequest *certRequest = NULL;
+    SECItem context = { siBuffer, NULL, 0 };
+    PLArenaPool *arena;
+    PRUint32 extensionsLength;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_request sequence",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    /* Client */
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST,
+                              wait_cert_request);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    PORT_Assert(ss->ssl3.clientCertChain == NULL);
+    PORT_Assert(ss->ssl3.clientCertificate == NULL);
+    PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
+    PORT_Assert(ss->ssl3.hs.certificateRequest == NULL);
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!arena) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &context, 1, &b, &length);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* We don't support post-handshake client auth, the certificate request
+     * context must always be null. */
+    if (context.len > 0) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST, illegal_parameter);
+        goto loser;
+    }
+
+    certRequest = PORT_ArenaZNew(arena, TLS13CertificateRequest);
+    if (!certRequest)
+        goto loser;
+    certRequest->arena = arena;
+    certRequest->ca_list.arena = arena;
+
+    rv = ssl_ParseSignatureSchemes(ss, arena,
+                                   &certRequest->signatureSchemes,
+                                   &certRequest->signatureSchemeCount,
+                                   &b, &length);
+    if (rv != SECSuccess || certRequest->signatureSchemeCount == 0) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST,
+                    decode_error);
+        goto loser;
+    }
+
+    rv = ssl3_ParseCertificateRequestCAs(ss, &b, &length, arena,
+                                         &certRequest->ca_list);
+    if (rv != SECSuccess)
+        goto loser; /* alert already sent */
+
+    /* Verify that the extensions length is correct. */
+    rv = ssl3_ConsumeHandshakeNumber(ss, &extensionsLength, 2, &b, &length);
+    if (rv != SECSuccess) {
+        goto loser; /* alert already sent */
+    }
+    if (extensionsLength != length) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_REQUEST,
+                    illegal_parameter);
+        goto loser;
+    }
+
+    rv = SECITEM_CopyItem(arena, &certRequest->context, &context);
+    if (rv != SECSuccess)
+        goto loser;
+
+    TLS13_SET_HS_STATE(ss, wait_server_cert);
+    ss->ssl3.hs.certificateRequest = certRequest;
+
+    return SECSuccess;
+
+loser:
+    PORT_FreeArena(arena, PR_FALSE);
+    return SECFailure;
+}
+
+static SECStatus
+tls13_SendEncryptedServerSequence(sslSocket *ss)
+{
+    SECStatus rv;
+
+    rv = tls13_ComputeHandshakeSecrets(ss);
+    if (rv != SECSuccess) {
+        return SECFailure; /* error code is set. */
+    }
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
+                             CipherSpecWrite, PR_FALSE);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    ss->ssl3.hs.shortHeaders = ssl3_ExtensionNegotiated(
+        ss, ssl_tls13_short_header_xtn);
+
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
+        rv = ssl3_RegisterExtensionSender(ss, &ss->xtnData, ssl_tls13_early_data_xtn,
+                                          tls13_ServerSendEarlyDataXtn);
+        if (rv != SECSuccess) {
+            return SECFailure; /* Error code set already. */
+        }
+    }
+
+    rv = tls13_SendEncryptedExtensions(ss);
+    if (rv != SECSuccess) {
+        return SECFailure; /* error code is set. */
+    }
+
+    if (ss->opt.requestCertificate) {
+        rv = tls13_SendCertificateRequest(ss);
+        if (rv != SECSuccess) {
+            return SECFailure; /* error code is set. */
+        }
+    }
+    if (ss->ssl3.hs.signatureScheme != ssl_sig_none) {
+        SECKEYPrivateKey *svrPrivKey;
+
+        rv = tls13_SendCertificate(ss);
+        if (rv != SECSuccess) {
+            return SECFailure; /* error code is set. */
+        }
+
+        svrPrivKey = ss->sec.serverCert->serverKeyPair->privKey;
+        rv = tls13_SendCertificateVerify(ss, svrPrivKey);
+        if (rv != SECSuccess) {
+            return SECFailure; /* err code is set. */
+        }
+    }
+
+    rv = tls13_SendFinished(ss, ss->ssl3.hs.serverHsTrafficSecret);
+    if (rv != SECSuccess) {
+        return SECFailure; /* error code is set. */
+    }
+
+    return SECSuccess;
+}
+
+/* Called from:  ssl3_HandleClientHello */
+static SECStatus
+tls13_SendServerHelloSequence(sslSocket *ss)
+{
+    SECStatus rv;
+    PRErrorCode err = 0;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: begin send server_hello sequence",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    rv = ssl3_SendServerHello(ss);
+    if (rv != SECSuccess) {
+        return rv; /* err code is set. */
+    }
+
+    rv = tls13_SendEncryptedServerSequence(ss);
+    if (rv != SECSuccess) {
+        err = PORT_GetError();
+    }
+    /* Even if we get an error, since the ServerHello was successfully
+     * serialized, we should give it a chance to reach the network.  This gives
+     * the client a chance to perform the key exchange and decrypt the alert
+     * we're about to send. */
+    rv |= ssl3_FlushHandshake(ss, 0);
+    if (rv != SECSuccess) {
+        if (err) {
+            PORT_SetError(err);
+        }
+        return SECFailure;
+    }
+
+    /* Compute the rest of the secrets except for the resumption
+     * and exporter secret. */
+    rv = tls13_ComputeApplicationSecrets(ss);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, PORT_GetError());
+        return SECFailure;
+    }
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyApplicationData,
+                             CipherSpecWrite, PR_FALSE);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
+        rv = tls13_SetCipherSpec(ss,
+                                 TrafficKeyEarlyApplicationData,
+                                 CipherSpecRead, PR_TRUE);
+        if (rv != SECSuccess) {
+            LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+    } else {
+        PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_none ||
+                    ss->ssl3.hs.zeroRttState == ssl_0rtt_ignored);
+
+        rv = tls13_SetCipherSpec(ss,
+                                 TrafficKeyHandshake,
+                                 CipherSpecRead, PR_FALSE);
+        if (rv != SECSuccess) {
+            LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+    }
+
+    TLS13_SET_HS_STATE(ss,
+                       ss->opt.requestCertificate ? wait_client_cert
+                                                  : wait_finished);
+    return SECSuccess;
+}
+
+SECStatus
+tls13_HandleServerHelloPart2(sslSocket *ss)
+{
+    SECStatus rv;
+    sslSessionID *sid = ss->sec.ci.sid;
+    SSL3Statistics *ssl3stats = SSL_GetStatistics();
+
+    if (ssl3_ExtensionNegotiated(ss, ssl_tls13_pre_shared_key_xtn)) {
+        PORT_Assert(ss->statelessResume);
+    } else {
+        if (ss->ssl3.hs.currentSecret) {
+            PORT_Assert(ss->statelessResume);
+            PK11_FreeSymKey(ss->ssl3.hs.currentSecret);
+            ss->ssl3.hs.currentSecret = NULL;
+        }
+        ss->statelessResume = PR_FALSE;
+    }
+
+    if (ss->statelessResume) {
+        if (tls13_GetHash(ss) !=
+            tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite)) {
+            FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_SERVER_HELLO,
+                        illegal_parameter);
+            return SECFailure;
+        }
+    }
+
+    /* Now create a synthetic kea_def that we can tweak. */
+    ss->ssl3.hs.kea_def_mutable = *ss->ssl3.hs.kea_def;
+    ss->ssl3.hs.kea_def = &ss->ssl3.hs.kea_def_mutable;
+
+    if (ss->statelessResume) {
+        /* PSK */
+        ss->ssl3.hs.kea_def_mutable.authKeyType = ssl_auth_psk;
+        tls13_RestoreCipherInfo(ss, sid);
+        if (sid->peerCert) {
+            ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
+        }
+
+        SSL_AtomicIncrementLong(&ssl3stats->hsh_sid_cache_hits);
+        SSL_AtomicIncrementLong(&ssl3stats->hsh_sid_stateless_resumes);
+    } else {
+        /* !PSK */
+        if (ssl3_ClientExtensionAdvertised(ss, ssl_tls13_pre_shared_key_xtn)) {
+            SSL_AtomicIncrementLong(&ssl3stats->hsh_sid_cache_misses);
+        }
+        if (sid->cached == in_client_cache) {
+            /* If we tried to resume and failed, let's not try again. */
+            ss->sec.uncache(sid);
+        }
+    }
+
+    if (!ss->ssl3.hs.currentSecret) {
+        PORT_Assert(!ss->statelessResume);
+
+        /* If we don't already have the Early Secret we need to make it
+         * now. */
+        rv = tls13_ComputeEarlySecrets(ss);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            return SECFailure;
+        }
+    }
+
+    /* Discard current SID and make a new one, though it may eventually
+     * end up looking a lot like the old one.
+     */
+    ssl_FreeSID(sid);
+    ss->sec.ci.sid = sid = ssl3_NewSessionID(ss, PR_FALSE);
+    if (sid == NULL) {
+        FATAL_ERROR(ss, PORT_GetError(), internal_error);
+        return SECFailure;
+    }
+    if (ss->statelessResume) {
+        PORT_Assert(ss->sec.peerCert);
+        sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
+    }
+    sid->version = ss->version;
+
+    rv = tls13_HandleServerKeyShare(ss);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    rv = tls13_ComputeHandshakeSecrets(ss);
+    if (rv != SECSuccess) {
+        return SECFailure; /* error code is set. */
+    }
+
+    ss->ssl3.hs.shortHeaders = ssl3_ExtensionNegotiated(
+        ss, ssl_tls13_short_header_xtn);
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
+                             CipherSpecRead, PR_FALSE);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SSL_ERROR_INIT_CIPHER_SUITE_FAILURE, internal_error);
+        return SECFailure;
+    }
+    TLS13_SET_HS_STATE(ss, wait_encrypted_extensions);
+
+    return SECSuccess;
+}
+
+static void
+tls13_SetKeyExchangeType(sslSocket *ss, const sslNamedGroupDef *group)
+{
+    ss->sec.keaGroup = group;
+    switch (group->keaType) {
+        /* Note: These overwrite on resumption.... so if you start with ECDH
+         * and resume with DH, we report DH. That's fine, since no answer
+         * is really right. */
+        case ssl_kea_ecdh:
+            ss->ssl3.hs.kea_def_mutable.exchKeyType =
+                ss->statelessResume ? ssl_kea_ecdh_psk : ssl_kea_ecdh;
+            ss->sec.keaType = ssl_kea_ecdh;
+            break;
+        case ssl_kea_dh:
+            ss->ssl3.hs.kea_def_mutable.exchKeyType =
+                ss->statelessResume ? ssl_kea_dh_psk : ssl_kea_dh;
+            ss->sec.keaType = ssl_kea_dh;
+            break;
+        default:
+            PORT_Assert(0);
+    }
+}
+
+/*
+ * Called from ssl3_HandleServerHello.
+ *
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+tls13_HandleServerKeyShare(sslSocket *ss)
+{
+    SECStatus rv;
+    TLS13KeyShareEntry *entry;
+    sslEphemeralKeyPair *keyPair;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle server_key_share handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    /* This list should have one entry. */
+    if (PR_CLIST_IS_EMPTY(&ss->xtnData.remoteKeyShares)) {
+        FATAL_ERROR(ss, SSL_ERROR_MISSING_KEY_SHARE, missing_extension);
+        return SECFailure;
+    }
+
+    entry = (TLS13KeyShareEntry *)PR_NEXT_LINK(&ss->xtnData.remoteKeyShares);
+    PORT_Assert(PR_NEXT_LINK(&entry->link) == &ss->xtnData.remoteKeyShares);
+
+    /* Now get our matching key. */
+    keyPair = ssl_LookupEphemeralKeyPair(ss, entry->group);
+    if (!keyPair) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_KEY_SHARE, illegal_parameter);
+        return SECFailure;
+    }
+
+    PORT_Assert(ssl_NamedGroupEnabled(ss, entry->group));
+
+    rv = tls13_HandleKeyShare(ss, entry, keyPair->keys);
+    if (rv != SECSuccess)
+        return SECFailure; /* Error code set by caller. */
+
+    tls13_SetKeyExchangeType(ss, entry->group);
+    ss->sec.keaKeyBits = SECKEY_PublicKeyStrengthInBits(keyPair->keys->pubKey);
+
+    return SECSuccess;
+}
+
+/*
+ *    opaque ASN1Cert<1..2^24-1>;
+ *
+ *    struct {
+ *        ASN1Cert cert_data;
+ *        Extension extensions<0..2^16-1>;
+ *    } CertificateEntry;
+ *
+ *    struct {
+ *        opaque certificate_request_context<0..2^8-1>;
+ *        CertificateEntry certificate_list<0..2^24-1>;
+ *    } Certificate;
+ */
+static SECStatus
+tls13_SendCertificate(sslSocket *ss)
+{
+    SECStatus rv;
+    CERTCertificateList *certChain;
+    int certChainLen = 0;
+    int i;
+    SECItem context = { siBuffer, NULL, 0 };
+    PRInt32 extensionsLen = 0;
+    PRUint32 maxBytes = 65535;
+
+    SSL_TRC(3, ("%d: TLS1.3[%d]: send certificate handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->sec.isServer) {
+        PORT_Assert(!ss->sec.localCert);
+        /* A server certificate is selected in tls13_SelectServerCert(). */
+        PORT_Assert(ss->sec.serverCert);
+
+        certChain = ss->sec.serverCert->serverCertChain;
+        ss->sec.localCert = CERT_DupCertificate(ss->sec.serverCert->serverCert);
+    } else {
+        if (ss->sec.localCert)
+            CERT_DestroyCertificate(ss->sec.localCert);
+
+        certChain = ss->ssl3.clientCertChain;
+        ss->sec.localCert = CERT_DupCertificate(ss->ssl3.clientCertificate);
+    }
+
+    /* Get the extensions length. This only applies to the leaf cert,
+     * because we don't yet send extensions for non-leaf certs. */
+    extensionsLen = ssl3_CallHelloExtensionSenders(
+        ss, PR_FALSE, maxBytes, &ss->xtnData.certificateSenders[0]);
+
+    if (!ss->sec.isServer) {
+        PORT_Assert(ss->ssl3.hs.certificateRequest);
+        context = ss->ssl3.hs.certificateRequest->context;
+    }
+    if (certChain) {
+        for (i = 0; i < certChain->len; i++) {
+            certChainLen +=
+                3 + certChain->certs[i].len + /* cert length + cert */
+                2 + (!i ? extensionsLen : 0); /* extensions length + extensions */
+        }
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate,
+                                    1 + context.len +
+                                        3 + certChainLen);
+    if (rv != SECSuccess) {
+        return SECFailure; /* err set by AppendHandshake. */
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, context.data,
+                                      context.len, 1);
+    if (rv != SECSuccess) {
+        return SECFailure; /* err set by AppendHandshake. */
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, certChainLen, 3);
+    if (rv != SECSuccess) {
+        return SECFailure; /* err set by AppendHandshake. */
+    }
+    if (certChain) {
+        for (i = 0; i < certChain->len; i++) {
+            PRInt32 sentLen;
+
+            rv = ssl3_AppendHandshakeVariable(ss, certChain->certs[i].data,
+                                              certChain->certs[i].len, 3);
+            if (rv != SECSuccess) {
+                return SECFailure; /* err set by AppendHandshake. */
+            }
+
+            if (i) {
+                /* Not end-entity. */
+                rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+                if (rv != SECSuccess) {
+                    return SECFailure; /* err set by AppendHandshake. */
+                }
+                continue;
+            }
+
+            /* End-entity, send extensions. */
+            rv = ssl3_AppendHandshakeNumber(ss, extensionsLen, 2);
+            if (rv != SECSuccess) {
+                return SECFailure; /* err set by AppendHandshake. */
+            }
+
+            sentLen = ssl3_CallHelloExtensionSenders(
+                ss, PR_TRUE, extensionsLen,
+                &ss->xtnData.certificateSenders[0]);
+            PORT_Assert(sentLen == extensionsLen);
+            if (sentLen != extensionsLen) {
+                LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+                return SECFailure;
+            }
+        }
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_HandleCertificateEntry(sslSocket *ss, SECItem *data, PRBool first,
+                             CERTCertificate **certp)
+{
+    SECStatus rv;
+    SECItem certData;
+    SECItem extensionsData;
+    CERTCertificate *cert = NULL;
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &certData,
+                                       3, &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &extensionsData,
+                                       2, &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* Parse all the extensions. */
+    if (first && !ss->sec.isServer) {
+        rv = ssl3_HandleExtensions(ss, &extensionsData.data,
+                                   &extensionsData.len,
+                                   certificate);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+
+        /* TODO(ekr@rtfm.com): Copy out SCTs. Bug 1315727. */
+    }
+
+    cert = CERT_NewTempCertificate(ss->dbHandle, &certData, NULL,
+                                   PR_FALSE, PR_TRUE);
+
+    if (!cert) {
+        PRErrorCode errCode = PORT_GetError();
+        switch (errCode) {
+            case PR_OUT_OF_MEMORY_ERROR:
+            case SEC_ERROR_BAD_DATABASE:
+            case SEC_ERROR_NO_MEMORY:
+                FATAL_ERROR(ss, errCode, internal_error);
+                return SECFailure;
+            default:
+                ssl3_SendAlertForCertError(ss, errCode);
+                return SECFailure;
+        }
+    }
+
+    *certp = cert;
+
+    return SECSuccess;
+}
+
+/* Called from tls13_CompleteHandleHandshakeMessage() when it has deciphered a complete
+ * tls13 Certificate message.
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+static SECStatus
+tls13_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+    SECItem context = { siBuffer, NULL, 0 };
+    SECItem certList;
+    PRBool first = PR_TRUE;
+    ssl3CertNode *lastCert = NULL;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle certificate handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (ss->sec.isServer) {
+        rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
+                                  wait_client_cert);
+    } else {
+        rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERTIFICATE,
+                                  wait_cert_request, wait_server_cert);
+    }
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    /* Process the context string */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &context, 1, &b, &length);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    if (context.len) {
+        /* The context string MUST be empty */
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERTIFICATE, illegal_parameter);
+        return SECFailure;
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &certList, 3, &b, &length);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    if (length) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERTIFICATE, illegal_parameter);
+        return SECFailure;
+    }
+
+    if (!certList.len) {
+        if (!ss->sec.isServer) {
+            /* Servers always need to send some cert. */
+            FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERTIFICATE, bad_certificate);
+            return SECFailure;
+        } else {
+            /* This is TLS's version of a no_certificate alert. */
+            /* I'm a server. I've requested a client cert. He hasn't got one. */
+            rv = ssl3_HandleNoCertificate(ss);
+            if (rv != SECSuccess) {
+                return SECFailure;
+            }
+
+            TLS13_SET_HS_STATE(ss, wait_finished);
+            return SECSuccess;
+        }
+    }
+
+    /* Now clean up. */
+    ssl3_CleanupPeerCerts(ss);
+    ss->ssl3.peerCertArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (ss->ssl3.peerCertArena == NULL) {
+        FATAL_ERROR(ss, SEC_ERROR_NO_MEMORY, internal_error);
+        return SECFailure;
+    }
+
+    while (certList.len) {
+        CERTCertificate *cert;
+
+        rv = tls13_HandleCertificateEntry(ss, &certList, first,
+                                          &cert);
+        if (rv != SECSuccess) {
+            ss->xtnData.signedCertTimestamps.len = 0;
+            return SECFailure;
+        }
+
+        if (first) {
+            ss->sec.peerCert = cert;
+
+            if (ss->xtnData.signedCertTimestamps.len) {
+                sslSessionID *sid = ss->sec.ci.sid;
+                rv = SECITEM_CopyItem(NULL, &sid->u.ssl3.signedCertTimestamps,
+                                      &ss->xtnData.signedCertTimestamps);
+                ss->xtnData.signedCertTimestamps.len = 0;
+                if (rv != SECSuccess) {
+                    FATAL_ERROR(ss, SEC_ERROR_NO_MEMORY, internal_error);
+                    return SECFailure;
+                }
+            }
+        } else {
+            ssl3CertNode *c = PORT_ArenaNew(ss->ssl3.peerCertArena,
+                                            ssl3CertNode);
+            if (!c) {
+                FATAL_ERROR(ss, SEC_ERROR_NO_MEMORY, internal_error);
+                return SECFailure;
+            }
+            c->cert = cert;
+            c->next = NULL;
+
+            if (lastCert) {
+                lastCert->next = c;
+            } else {
+                ss->ssl3.peerCertChain = c;
+            }
+            lastCert = c;
+        }
+
+        first = PR_FALSE;
+    }
+    SECKEY_UpdateCertPQG(ss->sec.peerCert);
+
+    return ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+}
+
+void
+tls13_CipherSpecAddRef(ssl3CipherSpec *spec)
+{
+    ++spec->refCt;
+    SSL_TRC(10, ("%d: TLS13[-]: Increment ref ct for spec %d. new ct = %d",
+                 SSL_GETPID(), spec, spec->refCt));
+}
+
+/* This function is never called on a spec which is on the
+ * cipherSpecs list. */
+void
+tls13_CipherSpecRelease(ssl3CipherSpec *spec)
+{
+    PORT_Assert(spec->refCt > 0);
+    --spec->refCt;
+    SSL_TRC(10, ("%d: TLS13[-]: decrement refct for spec %d. phase=%s new ct = %d",
+                 SSL_GETPID(), spec, spec->phase, spec->refCt));
+    if (!spec->refCt) {
+        SSL_TRC(10, ("%d: TLS13[-]: Freeing spec %d. phase=%s",
+                     SSL_GETPID(), spec, spec->phase));
+        PR_REMOVE_LINK(&spec->link);
+        ssl3_DestroyCipherSpec(spec, PR_TRUE);
+        PORT_Free(spec);
+    }
+}
+
+/* Add context to the hash functions as described in
+   [draft-ietf-tls-tls13; Section 4.9.1] */
+SECStatus
+tls13_AddContextToHashes(sslSocket *ss, const SSL3Hashes *hashes,
+                         SSLHashType algorithm, PRBool sending,
+                         SSL3Hashes *tbsHash)
+{
+    SECStatus rv = SECSuccess;
+    PK11Context *ctx;
+    const unsigned char context_padding[] = {
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    };
+
+    const char *client_cert_verify_string = "TLS 1.3, client CertificateVerify";
+    const char *server_cert_verify_string = "TLS 1.3, server CertificateVerify";
+    const char *context_string = (sending ^ ss->sec.isServer) ? client_cert_verify_string
+                                                              : server_cert_verify_string;
+    unsigned int hashlength;
+
+    /* Double check that we are doing the same hash.*/
+    PORT_Assert(hashes->len == tls13_GetHashSize(ss));
+
+    ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(algorithm));
+    if (!ctx) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        goto loser;
+    }
+
+    PORT_Assert(SECFailure);
+    PORT_Assert(!SECSuccess);
+
+    PRINT_BUF(50, (ss, "TLS 1.3 hash without context", hashes->u.raw, hashes->len));
+    PRINT_BUF(50, (ss, "Context string", context_string, strlen(context_string)));
+    rv |= PK11_DigestBegin(ctx);
+    rv |= PK11_DigestOp(ctx, context_padding, sizeof(context_padding));
+    rv |= PK11_DigestOp(ctx, (unsigned char *)context_string,
+                        strlen(context_string) + 1); /* +1 includes the terminating 0 */
+    rv |= PK11_DigestOp(ctx, hashes->u.raw, hashes->len);
+    /* Update the hash in-place */
+    rv |= PK11_DigestFinal(ctx, tbsHash->u.raw, &hashlength, sizeof(tbsHash->u.raw));
+    PK11_DestroyContext(ctx, PR_TRUE);
+    PRINT_BUF(50, (ss, "TLS 1.3 hash with context", tbsHash->u.raw, hashlength));
+
+    tbsHash->len = hashlength;
+    tbsHash->hashAlg = algorithm;
+
+    if (rv) {
+        ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+        goto loser;
+    }
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+
+/*
+ *    Derive-Secret(Secret, Label, Messages) =
+ *       HKDF-Expand-Label(Secret, Label,
+ *                         Hash(Messages) + Hash(resumption_context), L))
+ */
+static SECStatus
+tls13_DeriveSecret(sslSocket *ss, PK11SymKey *key,
+                   const char *prefix,
+                   const char *suffix,
+                   const SSL3Hashes *hashes,
+                   PK11SymKey **dest)
+{
+    SECStatus rv;
+    SSL3Hashes hashesTmp;
+    char buf[100];
+    const char *label;
+
+    if (prefix) {
+        if ((strlen(prefix) + strlen(suffix) + 2) > sizeof(buf)) {
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+        (void)PR_snprintf(buf, sizeof(buf), "%s %s",
+                          prefix, suffix);
+        label = buf;
+    } else {
+        label = suffix;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: deriving secret '%s'",
+                SSL_GETPID(), ss->fd, label));
+    if (!hashes) {
+        rv = tls13_ComputeHandshakeHashes(ss, &hashesTmp);
+        if (rv != SECSuccess) {
+            PORT_Assert(0); /* Should never fail */
+            ssl_MapLowLevelError(SEC_ERROR_LIBRARY_FAILURE);
+            return SECFailure;
+        }
+        hashes = &hashesTmp;
+    }
+
+    rv = tls13_HkdfExpandLabel(key, tls13_GetHash(ss),
+                               hashes->u.raw, hashes->len,
+                               label, strlen(label),
+                               tls13_GetHkdfMechanism(ss),
+                               tls13_GetHashSize(ss), dest);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/* Derive traffic keys for the next cipher spec in the queue. */
+static SECStatus
+tls13_DeriveTrafficKeys(sslSocket *ss, ssl3CipherSpec *spec,
+                        TrafficKeyType type,
+                        CipherSpecDirection direction,
+                        PRBool deleteSecret)
+{
+    size_t keySize = spec->cipher_def->key_size;
+    size_t ivSize = spec->cipher_def->iv_size +
+                    spec->cipher_def->explicit_nonce_size; /* This isn't always going to
+                                                              * work, but it does for
+                                                              * AES-GCM */
+    CK_MECHANISM_TYPE bulkAlgorithm = ssl3_Alg2Mech(spec->cipher_def->calg);
+    PK11SymKey **prkp = NULL;
+    PK11SymKey *prk = NULL;
+    PRBool clientKey;
+    ssl3KeyMaterial *target;
+    const char *phase;
+    SECStatus rv;
+    /* These labels are just used for debugging. */
+    static const char kHkdfPhaseEarlyApplicationDataKeys[] = "early application data";
+    static const char kHkdfPhaseHandshakeKeys[] = "handshake data";
+    static const char kHkdfPhaseApplicationDataKeys[] = "application data";
+
+    if (ss->sec.isServer ^ (direction == CipherSpecWrite)) {
+        clientKey = PR_TRUE;
+        target = &spec->client;
+    } else {
+        clientKey = PR_FALSE;
+        target = &spec->server;
+    }
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    switch (type) {
+        case TrafficKeyEarlyApplicationData:
+            PORT_Assert(clientKey);
+            phase = kHkdfPhaseEarlyApplicationDataKeys;
+            prkp = &ss->ssl3.hs.clientEarlyTrafficSecret;
+            break;
+        case TrafficKeyHandshake:
+            phase = kHkdfPhaseHandshakeKeys;
+            prkp = clientKey ? &ss->ssl3.hs.clientHsTrafficSecret : &ss->ssl3.hs.serverHsTrafficSecret;
+            break;
+        case TrafficKeyApplicationData:
+            phase = kHkdfPhaseApplicationDataKeys;
+            prkp = clientKey ? &ss->ssl3.hs.clientTrafficSecret : &ss->ssl3.hs.serverTrafficSecret;
+            break;
+        default:
+            LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+            PORT_Assert(0);
+            return SECFailure;
+    }
+    PORT_Assert(prkp != NULL);
+    prk = *prkp;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: deriving %s traffic keys phase='%s'",
+                SSL_GETPID(), ss->fd,
+                (direction == CipherSpecWrite) ? "write" : "read", phase));
+    PORT_Assert(phase);
+    spec->phase = phase;
+
+    rv = tls13_HkdfExpandLabel(prk, tls13_GetHash(ss),
+                               NULL, 0,
+                               kHkdfPurposeKey, strlen(kHkdfPurposeKey),
+                               bulkAlgorithm, keySize,
+                               &target->write_key);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        PORT_Assert(0);
+        goto loser;
+    }
+
+    rv = tls13_HkdfExpandLabelRaw(prk, tls13_GetHash(ss),
+                                  NULL, 0,
+                                  kHkdfPurposeIv, strlen(kHkdfPurposeIv),
+                                  target->write_iv, ivSize);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        PORT_Assert(0);
+        goto loser;
+    }
+
+    if (deleteSecret) {
+        PK11_FreeSymKey(prk);
+        *prkp = NULL;
+    }
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+
+static SECStatus
+tls13_SetupPendingCipherSpec(sslSocket *ss)
+{
+    ssl3CipherSpec *pSpec;
+    ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
+    const ssl3BulkCipherDef *bulk = ssl_GetBulkCipherDef(
+        ssl_LookupCipherSuiteDef(suite));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    ssl_GetSpecWriteLock(ss); /*******************************/
+
+    pSpec = ss->ssl3.pwSpec;
+    /* Version isn't set when we send 0-RTT data. */
+    pSpec->version = PR_MAX(SSL_LIBRARY_VERSION_TLS_1_3, ss->version);
+
+    SSL_TRC(3, ("%d: TLS13[%d]: Set Pending Cipher Suite to 0x%04x",
+                SSL_GETPID(), ss->fd, suite));
+    pSpec->cipher_def = bulk;
+
+    ssl_ReleaseSpecWriteLock(ss); /*******************************/
+    return SECSuccess;
+}
+
+/* Install a new cipher spec for this direction. */
+static SECStatus
+tls13_SetCipherSpec(sslSocket *ss, TrafficKeyType type,
+                    CipherSpecDirection direction, PRBool deleteSecret)
+{
+    SECStatus rv;
+    ssl3CipherSpec *spec = NULL;
+    ssl3CipherSpec **specp = (direction == CipherSpecRead) ? &ss->ssl3.crSpec : &ss->ssl3.cwSpec;
+    /* Flush out old handshake data. */
+    ssl_GetXmitBufLock(ss);
+    rv = ssl3_FlushHandshake(ss, ssl_SEND_FLAG_FORCE_INTO_BUFFER);
+    ssl_ReleaseXmitBufLock(ss);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* Create the new spec. */
+    spec = PORT_ZNew(ssl3CipherSpec);
+    if (!spec) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+    spec->refCt = 1;
+    PR_APPEND_LINK(&spec->link, &ss->ssl3.hs.cipherSpecs);
+    ss->ssl3.pwSpec = ss->ssl3.prSpec = spec;
+
+    rv = tls13_SetupPendingCipherSpec(ss);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    switch (spec->cipher_def->calg) {
+        case calg_aes_gcm:
+            spec->aead = tls13_AESGCM;
+            break;
+        case calg_chacha20:
+            spec->aead = tls13_ChaCha20Poly1305;
+            break;
+        default:
+            PORT_Assert(0);
+            return SECFailure;
+            break;
+    }
+
+    rv = tls13_DeriveTrafficKeys(ss, spec, type, direction,
+                                 deleteSecret);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* We use the epoch for cipher suite identification, so increment
+     * it in both TLS and DTLS. */
+    if ((*specp)->epoch == PR_UINT16_MAX) {
+        return SECFailure;
+    }
+    spec->epoch = (PRUint16)type;
+
+    if (!IS_DTLS(ss)) {
+        spec->read_seq_num = spec->write_seq_num = 0;
+    } else {
+        /* The sequence number has the high 16 bits as the epoch. */
+        spec->read_seq_num = spec->write_seq_num =
+            (sslSequenceNumber)spec->epoch << 48;
+
+        dtls_InitRecvdRecords(&spec->recvdRecords);
+    }
+
+    /* Now that we've set almost everything up, finally cut over. */
+    ssl_GetSpecWriteLock(ss);
+    tls13_CipherSpecRelease(*specp); /* May delete old cipher. */
+    *specp = spec;                   /* Overwrite. */
+    ssl_ReleaseSpecWriteLock(ss);
+
+    SSL_TRC(3, ("%d: TLS13[%d]: %s installed key for phase='%s'.%d dir=%s",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss),
+                spec->phase, spec->epoch,
+                direction == CipherSpecRead ? "read" : "write"));
+
+    if (ss->ssl3.changedCipherSpecFunc) {
+        ss->ssl3.changedCipherSpecFunc(ss->ssl3.changedCipherSpecArg,
+                                       direction == CipherSpecWrite, spec);
+    }
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_ComputeHandshakeHashes(sslSocket *ss,
+                             SSL3Hashes *hashes)
+{
+    SECStatus rv;
+    PK11Context *ctx = NULL;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
+        /* Backup: if we haven't done any hashing, then hash now.
+         * This happens when we are doing 0-RTT on the client. */
+        ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(tls13_GetHash(ss)));
+        if (!ctx) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            return SECFailure;
+        }
+
+        if (PK11_DigestBegin(ctx) != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            goto loser;
+        }
+
+        PRINT_BUF(10, (NULL, "Handshake hash computed over saved messages",
+                       ss->ssl3.hs.messages.buf,
+                       ss->ssl3.hs.messages.len));
+
+        if (PK11_DigestOp(ctx,
+                          ss->ssl3.hs.messages.buf,
+                          ss->ssl3.hs.messages.len) != SECSuccess) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            goto loser;
+        }
+    } else {
+        ctx = PK11_CloneContext(ss->ssl3.hs.sha);
+        if (!ctx) {
+            ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+            return SECFailure;
+        }
+    }
+
+    rv = PK11_DigestFinal(ctx, hashes->u.raw,
+                          &hashes->len,
+                          sizeof(hashes->u.raw));
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+        goto loser;
+    }
+    PORT_Assert(hashes->len == tls13_GetHashSize(ss));
+    PK11_DestroyContext(ctx, PR_TRUE);
+
+    return SECSuccess;
+
+loser:
+    PK11_DestroyContext(ctx, PR_TRUE);
+    return SECFailure;
+}
+
+void
+tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *offer)
+{
+    SECITEM_ZfreeItem(&offer->key_exchange, PR_FALSE);
+    PORT_ZFree(offer, sizeof(*offer));
+}
+
+void
+tls13_DestroyKeyShares(PRCList *list)
+{
+    PRCList *cur_p;
+
+    /* The list must be initialized. */
+    PORT_Assert(PR_LIST_HEAD(list));
+
+    while (!PR_CLIST_IS_EMPTY(list)) {
+        cur_p = PR_LIST_TAIL(list);
+        PR_REMOVE_LINK(cur_p);
+        tls13_DestroyKeyShareEntry((TLS13KeyShareEntry *)cur_p);
+    }
+}
+
+void
+tls13_DestroyEarlyData(PRCList *list)
+{
+    PRCList *cur_p;
+
+    while (!PR_CLIST_IS_EMPTY(list)) {
+        TLS13EarlyData *msg;
+
+        cur_p = PR_LIST_TAIL(list);
+        msg = (TLS13EarlyData *)cur_p;
+
+        PR_REMOVE_LINK(cur_p);
+        SECITEM_ZfreeItem(&msg->data, PR_FALSE);
+        PORT_ZFree(msg, sizeof(*msg));
+    }
+}
+
+void
+tls13_DestroyCipherSpecs(PRCList *list)
+{
+    PRCList *cur_p;
+
+    while (!PR_CLIST_IS_EMPTY(list)) {
+        cur_p = PR_LIST_TAIL(list);
+        PR_REMOVE_LINK(cur_p);
+        ssl3_DestroyCipherSpec((ssl3CipherSpec *)cur_p, PR_FALSE);
+        PORT_Free(cur_p);
+    }
+}
+
+/* draft-ietf-tls-tls13 Section 5.2.2 specifies the following
+ * nonce algorithm:
+ *
+ * The length of the per-record nonce (iv_length) is set to max(8 bytes,
+ * N_MIN) for the AEAD algorithm (see [RFC5116] Section 4).  An AEAD
+ * algorithm where N_MAX is less than 8 bytes MUST NOT be used with TLS.
+ * The per-record nonce for the AEAD construction is formed as follows:
+ *
+ * 1.  The 64-bit record sequence number is padded to the left with
+ *     zeroes to iv_length.
+ *
+ * 2.  The padded sequence number is XORed with the static
+ *     client_write_iv or server_write_iv, depending on the role.
+ *
+ * The resulting quantity (of length iv_length) is used as the per-
+ * record nonce.
+ *
+ * Existing suites have the same nonce size: N_MIN = N_MAX = 12 bytes
+ *
+ * See RFC 5288 and https://tools.ietf.org/html/draft-ietf-tls-chacha20-poly1305-04#section-2
+ */
+static void
+tls13_WriteNonce(ssl3KeyMaterial *keys,
+                 const unsigned char *seqNumBuf, unsigned int seqNumLen,
+                 unsigned char *nonce, unsigned int nonceLen)
+{
+    size_t i;
+
+    PORT_Assert(nonceLen == 12);
+    memcpy(nonce, keys->write_iv, 12);
+
+    /* XOR the last 8 bytes of the IV with the sequence number. */
+    PORT_Assert(seqNumLen == 8);
+    for (i = 0; i < 8; ++i) {
+        nonce[4 + i] ^= seqNumBuf[i];
+    }
+    PRINT_BUF(50, (NULL, "Nonce", nonce, nonceLen));
+}
+
+/* Implement the SSLAEADCipher interface defined in sslimpl.h.
+ *
+ * That interface takes the additional data (see below) and reinterprets that as
+ * a sequence number. In TLS 1.3 there is no additional data so this value is
+ * just the encoded sequence number.
+ */
+static SECStatus
+tls13_AEAD(ssl3KeyMaterial *keys, PRBool doDecrypt,
+           unsigned char *out, int *outlen, int maxout,
+           const unsigned char *in, int inlen,
+           CK_MECHANISM_TYPE mechanism,
+           unsigned char *aeadParams, unsigned int aeadParamLength)
+{
+    SECStatus rv;
+    unsigned int uOutLen = 0;
+    SECItem param = {
+        siBuffer, aeadParams, aeadParamLength
+    };
+
+    if (doDecrypt) {
+        rv = PK11_Decrypt(keys->write_key, mechanism, &param,
+                          out, &uOutLen, maxout, in, inlen);
+    } else {
+        rv = PK11_Encrypt(keys->write_key, mechanism, &param,
+                          out, &uOutLen, maxout, in, inlen);
+    }
+    *outlen = (int)uOutLen;
+
+    return rv;
+}
+
+static SECStatus
+tls13_AESGCM(ssl3KeyMaterial *keys,
+             PRBool doDecrypt,
+             unsigned char *out,
+             int *outlen,
+             int maxout,
+             const unsigned char *in,
+             int inlen,
+             const unsigned char *additionalData,
+             int additionalDataLen)
+{
+    CK_GCM_PARAMS gcmParams;
+    unsigned char nonce[12];
+
+    memset(&gcmParams, 0, sizeof(gcmParams));
+    gcmParams.pIv = nonce;
+    gcmParams.ulIvLen = sizeof(nonce);
+    gcmParams.pAAD = NULL;
+    gcmParams.ulAADLen = 0;
+    gcmParams.ulTagBits = 128; /* GCM measures tag length in bits. */
+
+    tls13_WriteNonce(keys, additionalData, additionalDataLen,
+                     nonce, sizeof(nonce));
+    return tls13_AEAD(keys, doDecrypt, out, outlen, maxout, in, inlen,
+                      CKM_AES_GCM,
+                      (unsigned char *)&gcmParams, sizeof(gcmParams));
+}
+
+static SECStatus
+tls13_ChaCha20Poly1305(ssl3KeyMaterial *keys, PRBool doDecrypt,
+                       unsigned char *out, int *outlen, int maxout,
+                       const unsigned char *in, int inlen,
+                       const unsigned char *additionalData,
+                       int additionalDataLen)
+{
+    CK_NSS_AEAD_PARAMS aeadParams;
+    unsigned char nonce[12];
+
+    memset(&aeadParams, 0, sizeof(aeadParams));
+    aeadParams.pNonce = nonce;
+    aeadParams.ulNonceLen = sizeof(nonce);
+    aeadParams.pAAD = NULL; /* No AAD in TLS 1.3. */
+    aeadParams.ulAADLen = 0;
+    aeadParams.ulTagLen = 16; /* The Poly1305 tag is 16 octets. */
+
+    tls13_WriteNonce(keys, additionalData, additionalDataLen,
+                     nonce, sizeof(nonce));
+    return tls13_AEAD(keys, doDecrypt, out, outlen, maxout, in, inlen,
+                      CKM_NSS_CHACHA20_POLY1305,
+                      (unsigned char *)&aeadParams, sizeof(aeadParams));
+}
+
+static SECStatus
+tls13_HandleEncryptedExtensions(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+    PRUint32 innerLength;
+    SECItem oldNpn = { siBuffer, NULL, 0 };
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle encrypted extensions",
+                SSL_GETPID(), ss->fd));
+
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_ENCRYPTED_EXTENSIONS,
+                              wait_encrypted_extensions);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    rv = ssl3_ConsumeHandshakeNumber(ss, &innerLength, 2, &b, &length);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Alert already sent. */
+    }
+    if (innerLength != length) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS,
+                    illegal_parameter);
+        return SECFailure;
+    }
+
+    /* If we are doing 0-RTT, then we already have an NPN value. Stash
+     * it for comparison. */
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent &&
+        ss->xtnData.nextProtoState == SSL_NEXT_PROTO_EARLY_VALUE) {
+        oldNpn = ss->xtnData.nextProto;
+        ss->xtnData.nextProto.data = NULL;
+        ss->xtnData.nextProtoState = SSL_NEXT_PROTO_NO_SUPPORT;
+    }
+    rv = ssl3_HandleExtensions(ss, &b, &length, encrypted_extensions);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Error code set below */
+    }
+
+    /* We can only get here if we offered 0-RTT. */
+    if (ssl3_ExtensionNegotiated(ss, ssl_tls13_early_data_xtn)) {
+        PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_sent);
+        if (!ss->statelessResume) {
+            /* Illegal to accept 0-RTT without also accepting PSK. */
+            FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS,
+                        illegal_parameter);
+        }
+        ss->ssl3.hs.zeroRttState = ssl_0rtt_accepted;
+
+        /* Check that the server negotiated the same ALPN (if any). */
+        if (SECITEM_CompareItem(&oldNpn, &ss->xtnData.nextProto)) {
+            SECITEM_FreeItem(&oldNpn, PR_FALSE);
+            FATAL_ERROR(ss, SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID,
+                        illegal_parameter);
+            return SECFailure;
+        }
+        /* Check that the server negotiated the same cipher suite. */
+        if (ss->ssl3.hs.cipher_suite != ss->ssl3.hs.zeroRttSuite) {
+            FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_ENCRYPTED_EXTENSIONS,
+                        illegal_parameter);
+            return SECFailure;
+        }
+    } else if (ss->ssl3.hs.zeroRttState == ssl_0rtt_sent) {
+        /* Though we sent 0-RTT, the early_data extension wasn't present so the
+         * state is unmodified; the server must have rejected 0-RTT. */
+        ss->ssl3.hs.zeroRttState = ssl_0rtt_ignored;
+        ss->ssl3.hs.zeroRttIgnore = ssl_0rtt_ignore_trial;
+    } else {
+        PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_none ||
+                    (ss->ssl3.hs.helloRetry &&
+                     ss->ssl3.hs.zeroRttState == ssl_0rtt_ignored));
+    }
+
+    SECITEM_FreeItem(&oldNpn, PR_FALSE);
+    if (ss->ssl3.hs.kea_def->authKeyType == ssl_auth_psk) {
+        TLS13_SET_HS_STATE(ss, wait_finished);
+    } else {
+        TLS13_SET_HS_STATE(ss, wait_cert_request);
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_SendEncryptedExtensions(sslSocket *ss)
+{
+    SECStatus rv;
+    PRInt32 extensions_len = 0;
+    PRInt32 sent_len = 0;
+    PRUint32 maxBytes = 65535;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send encrypted extensions handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    extensions_len = ssl3_CallHelloExtensionSenders(
+        ss, PR_FALSE, maxBytes, &ss->xtnData.encryptedExtensionsSenders[0]);
+
+    rv = ssl3_AppendHandshakeHeader(ss, encrypted_extensions,
+                                    extensions_len + 2);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, extensions_len, 2);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    sent_len = ssl3_CallHelloExtensionSenders(
+        ss, PR_TRUE, extensions_len,
+        &ss->xtnData.encryptedExtensionsSenders[0]);
+    PORT_Assert(sent_len == extensions_len);
+    if (sent_len != extensions_len) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        PORT_Assert(sent_len == 0);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+tls13_SendCertificateVerify(sslSocket *ss, SECKEYPrivateKey *privKey)
+{
+    SECStatus rv = SECFailure;
+    SECItem buf = { siBuffer, NULL, 0 };
+    unsigned int len;
+    SSLHashType hashAlg;
+    SSL3Hashes hash;
+    SSL3Hashes tbsHash; /* The hash "to be signed". */
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send certificate_verify handshake",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_single);
+    rv = tls13_ComputeHandshakeHashes(ss, &hash);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    /* We should have picked a signature scheme when we received a
+     * CertificateRequest, or when we picked a server certificate. */
+    PORT_Assert(ss->ssl3.hs.signatureScheme != ssl_sig_none);
+    if (ss->ssl3.hs.signatureScheme == ssl_sig_none) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    hashAlg = ssl_SignatureSchemeToHashType(ss->ssl3.hs.signatureScheme);
+    rv = tls13_AddContextToHashes(ss, &hash, hashAlg,
+                                  PR_TRUE, &tbsHash);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    rv = ssl3_SignHashes(ss, &tbsHash, privKey, &buf);
+    if (rv == SECSuccess && !ss->sec.isServer) {
+        /* Remember the info about the slot that did the signing.
+         * Later, when doing an SSL restart handshake, verify this.
+         * These calls are mere accessors, and can't fail.
+         */
+        PK11SlotInfo *slot;
+        sslSessionID *sid = ss->sec.ci.sid;
+
+        slot = PK11_GetSlotFromPrivateKey(privKey);
+        sid->u.ssl3.clAuthSeries = PK11_GetSlotSeries(slot);
+        sid->u.ssl3.clAuthSlotID = PK11_GetSlotID(slot);
+        sid->u.ssl3.clAuthModuleID = PK11_GetModuleID(slot);
+        sid->u.ssl3.clAuthValid = PR_TRUE;
+        PK11_FreeSlot(slot);
+    }
+    if (rv != SECSuccess) {
+        goto done; /* err code was set by ssl3_SignHashes */
+    }
+
+    len = buf.len + 2 + 2;
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_verify, len);
+    if (rv != SECSuccess) {
+        goto done; /* error code set by AppendHandshake */
+    }
+
+    rv = ssl3_AppendHandshakeNumber(ss, ss->ssl3.hs.signatureScheme, 2);
+    if (rv != SECSuccess) {
+        goto done; /* err set by AppendHandshakeNumber */
+    }
+
+    rv = ssl3_AppendHandshakeVariable(ss, buf.data, buf.len, 2);
+    if (rv != SECSuccess) {
+        goto done; /* error code set by AppendHandshake */
+    }
+
+done:
+    /* For parity with the allocation functions, which don't use
+     * SECITEM_AllocItem(). */
+    if (buf.data)
+        PORT_Free(buf.data);
+    return rv;
+}
+
+/* Called from tls13_CompleteHandleHandshakeMessage() when it has deciphered a complete
+ * tls13 CertificateVerify message
+ * Caller must hold Handshake and RecvBuf locks.
+ */
+SECStatus
+tls13_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+                              SSL3Hashes *hashes)
+{
+    SECItem signed_hash = { siBuffer, NULL, 0 };
+    SECStatus rv;
+    SSLSignatureScheme sigScheme;
+    SSLHashType hashAlg;
+    SSL3Hashes tbsHash;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle certificate_verify handshake",
+                SSL_GETPID(), ss->fd));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY,
+                              wait_cert_verify);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    PORT_Assert(hashes);
+
+    rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_VERIFY);
+        return SECFailure;
+    }
+
+    rv = ssl_CheckSignatureSchemeConsistency(ss, sigScheme, ss->sec.peerCert);
+    if (rv != SECSuccess) {
+        /* Error set already */
+        return SECFailure;
+    }
+    hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
+
+    rv = tls13_AddContextToHashes(ss, hashes, hashAlg, PR_FALSE, &tbsHash);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SSL_ERROR_DIGEST_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &signed_hash, 2, &b, &length);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_CERT_VERIFY);
+        return SECFailure;
+    }
+
+    if (length != 0) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CERT_VERIFY, decode_error);
+        return SECFailure;
+    }
+
+    rv = ssl3_VerifySignedHashes(ss, sigScheme, &tbsHash, &signed_hash);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, PORT_GetError(), decrypt_error);
+        return SECFailure;
+    }
+
+    /* Set the auth type. */
+    if (!ss->sec.isServer) {
+        ss->sec.authType = ssl_SignatureSchemeToAuthType(sigScheme);
+    }
+
+    /* Request a client certificate now if one was requested. */
+    if (ss->ssl3.hs.certificateRequest) {
+        TLS13CertificateRequest *req = ss->ssl3.hs.certificateRequest;
+
+        PORT_Assert(!ss->sec.isServer);
+        rv = ssl3_CompleteHandleCertificateRequest(ss, req->signatureSchemes,
+                                                   req->signatureSchemeCount,
+                                                   &req->ca_list);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+            return rv;
+        }
+    }
+
+    TLS13_SET_HS_STATE(ss, wait_finished);
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_ComputePskBinderHash(sslSocket *ss, unsigned long prefixLength,
+                           SSL3Hashes *hashes)
+{
+    SECStatus rv;
+
+    PORT_Assert(ss->ssl3.hs.hashType == handshake_hash_unknown);
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(prefixLength <= ss->ssl3.hs.messages.len);
+
+    PRINT_BUF(10, (NULL, "Handshake hash computed over ClientHello prefix",
+                   ss->ssl3.hs.messages.buf, prefixLength));
+    rv = PK11_HashBuf(ssl3_HashTypeToOID(tls13_GetHash(ss)),
+                      hashes->u.raw,
+                      ss->ssl3.hs.messages.buf, prefixLength);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+        goto loser;
+    }
+    hashes->len = tls13_GetHashSize(ss);
+
+    PRINT_BUF(10, (NULL, "PSK Binder hash",
+                   hashes->u.raw, hashes->len));
+
+    return SECSuccess;
+
+loser:
+    return SECFailure;
+}
+/* Compute the PSK Binder This is kind of sneaky.*/
+SECStatus
+tls13_ComputePskBinder(sslSocket *ss, PRBool sending,
+                       unsigned int prefixLength,
+                       PRUint8 *output, unsigned int *outputLen,
+                       unsigned int maxOutputLen)
+{
+    SSL3Hashes hashes;
+    SECStatus rv;
+
+    rv = tls13_ComputePskBinderHash(ss, prefixLength, &hashes);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    return tls13_ComputeFinished(ss, ss->ssl3.hs.pskBinderKey, &hashes,
+                                 sending, output, outputLen, maxOutputLen);
+}
+
+static SECStatus
+tls13_ComputeFinished(sslSocket *ss, PK11SymKey *baseKey,
+                      const SSL3Hashes *hashes,
+                      PRBool sending, PRUint8 *output, unsigned int *outputLen,
+                      unsigned int maxOutputLen)
+{
+    SECStatus rv;
+    PK11Context *hmacCtx = NULL;
+    CK_MECHANISM_TYPE macAlg = tls13_GetHmacMechanism(ss);
+    SECItem param = { siBuffer, NULL, 0 };
+    unsigned int outputLenUint;
+    const char *label = kHkdfLabelFinishedSecret;
+    PK11SymKey *secret = NULL;
+
+    PORT_Assert(baseKey);
+    SSL_TRC(3, ("%d: TLS13[%d]: %s calculate finished",
+                SSL_GETPID(), ss->fd, SSL_ROLE(ss)));
+    PRINT_BUF(50, (ss, "Handshake hash", hashes->u.raw, hashes->len));
+
+    /* Now derive the appropriate finished secret from the base secret. */
+    rv = tls13_HkdfExpandLabel(baseKey,
+                               tls13_GetHash(ss),
+                               NULL, 0,
+                               label, strlen(label),
+                               tls13_GetHmacMechanism(ss),
+                               tls13_GetHashSize(ss), &secret);
+    if (rv != SECSuccess) {
+        goto abort;
+    }
+
+    PORT_Assert(hashes->len == tls13_GetHashSize(ss));
+    hmacCtx = PK11_CreateContextBySymKey(macAlg, CKA_SIGN,
+                                         secret, &param);
+    if (!hmacCtx) {
+        goto abort;
+    }
+
+    rv = PK11_DigestBegin(hmacCtx);
+    if (rv != SECSuccess)
+        goto abort;
+
+    rv = PK11_DigestOp(hmacCtx, hashes->u.raw, hashes->len);
+    if (rv != SECSuccess)
+        goto abort;
+
+    PORT_Assert(maxOutputLen >= tls13_GetHashSize(ss));
+    rv = PK11_DigestFinal(hmacCtx, output, &outputLenUint, maxOutputLen);
+    if (rv != SECSuccess)
+        goto abort;
+    *outputLen = outputLenUint;
+
+    PK11_FreeSymKey(secret);
+    PK11_DestroyContext(hmacCtx, PR_TRUE);
+    return SECSuccess;
+
+abort:
+    if (secret) {
+        PK11_FreeSymKey(secret);
+    }
+
+    if (hmacCtx) {
+        PK11_DestroyContext(hmacCtx, PR_TRUE);
+    }
+
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return SECFailure;
+}
+
+static SECStatus
+tls13_SendFinished(sslSocket *ss, PK11SymKey *baseKey)
+{
+    SECStatus rv;
+    PRUint8 finishedBuf[TLS13_MAX_FINISHED_SIZE];
+    unsigned int finishedLen;
+    SSL3Hashes hashes;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send finished handshake", SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    rv = tls13_ComputeHandshakeHashes(ss, &hashes);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    ssl_GetSpecReadLock(ss);
+    rv = tls13_ComputeFinished(ss, baseKey, &hashes, PR_TRUE,
+                               finishedBuf, &finishedLen, sizeof(finishedBuf));
+    ssl_ReleaseSpecReadLock(ss);
+    if (rv != SECSuccess) {
+        LOG_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    rv = ssl3_AppendHandshakeHeader(ss, finished, finishedLen);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Error code already set. */
+    }
+
+    rv = ssl3_AppendHandshake(ss, finishedBuf, finishedLen);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Error code already set. */
+    }
+
+    /* TODO(ekr@rtfm.com): Record key log */
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_VerifyFinished(sslSocket *ss, SSL3HandshakeType message,
+                     PK11SymKey *secret,
+                     SSL3Opaque *b, PRUint32 length,
+                     const SSL3Hashes *hashes)
+{
+    SECStatus rv;
+    PRUint8 finishedBuf[TLS13_MAX_FINISHED_SIZE];
+    unsigned int finishedLen;
+
+    if (!hashes) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    rv = tls13_ComputeFinished(ss, secret, hashes, PR_FALSE,
+                               finishedBuf, &finishedLen, sizeof(finishedBuf));
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    if (length != finishedLen) {
+#ifndef UNSAFE_FUZZER_MODE
+        FATAL_ERROR(ss, message == finished ? SSL_ERROR_RX_MALFORMED_FINISHED : SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
+        return SECFailure;
+#endif
+    }
+
+    if (NSS_SecureMemcmp(b, finishedBuf, finishedLen) != 0) {
+#ifndef UNSAFE_FUZZER_MODE
+        FATAL_ERROR(ss, SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE,
+                    decrypt_error);
+        return SECFailure;
+#endif
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_ClientHandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+                           const SSL3Hashes *hashes)
+{
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: TLS13[%d]: client handle finished handshake",
+                SSL_GETPID(), ss->fd));
+
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED,
+                              wait_finished);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    rv = tls13_VerifyFinished(ss, finished,
+                              ss->ssl3.hs.serverHsTrafficSecret,
+                              b, length, hashes);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    return tls13_SendClientSecondRound(ss);
+}
+
+static SECStatus
+tls13_ServerHandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
+                           const SSL3Hashes *hashes)
+{
+    SECStatus rv;
+    PK11SymKey *secret;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    SSL_TRC(3, ("%d: TLS13[%d]: server handle finished handshake",
+                SSL_GETPID(), ss->fd));
+
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_FINISHED, wait_finished);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    if (TLS13_IN_HS_STATE(ss, wait_finished)) {
+        secret = ss->ssl3.hs.clientHsTrafficSecret;
+    } else {
+        secret = ss->ssl3.hs.clientEarlyTrafficSecret;
+    }
+
+    rv = tls13_VerifyFinished(ss, finished, secret, b, length, hashes);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyApplicationData,
+                             CipherSpecRead, PR_TRUE);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    rv = tls13_FinishHandshake(ss);
+    if (rv != SECSuccess) {
+        return SECFailure; /* Error code and alerts handled below */
+    }
+    ssl_GetXmitBufLock(ss);
+    if (ss->opt.enableSessionTickets) {
+        rv = tls13_SendNewSessionTicket(ss);
+        if (rv != SECSuccess) {
+            ssl_ReleaseXmitBufLock(ss);
+            return SECFailure; /* Error code and alerts handled below */
+        }
+        rv = ssl3_FlushHandshake(ss, 0);
+    }
+    ssl_ReleaseXmitBufLock(ss);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_FinishHandshake(sslSocket *ss)
+{
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+    PORT_Assert(ss->ssl3.hs.restartTarget == NULL);
+
+    rv = tls13_ComputeFinalSecrets(ss);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    /* The first handshake is now completed. */
+    ss->handshake = NULL;
+
+    /* Don't need this. */
+    PK11_FreeSymKey(ss->ssl3.hs.clientHsTrafficSecret);
+    ss->ssl3.hs.clientHsTrafficSecret = NULL;
+    PK11_FreeSymKey(ss->ssl3.hs.serverHsTrafficSecret);
+    ss->ssl3.hs.serverHsTrafficSecret = NULL;
+
+    TLS13_SET_HS_STATE(ss, idle_handshake);
+
+    ssl_FinishHandshake(ss);
+
+    return SECSuccess;
+}
+
+/* Do the parts of sending the client's second round that require
+ * the XmitBuf lock. */
+static SECStatus
+tls13_SendClientSecondFlight(sslSocket *ss, PRBool sendClientCert,
+                             SSL3AlertDescription *sendAlert)
+{
+    SECStatus rv;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+
+    *sendAlert = internal_error;
+
+    if (ss->ssl3.sendEmptyCert) {
+        ss->ssl3.sendEmptyCert = PR_FALSE;
+        rv = ssl3_SendEmptyCertificate(ss);
+        /* Don't send verify */
+        if (rv != SECSuccess) {
+            return SECFailure; /* error code is set. */
+        }
+    } else if (sendClientCert) {
+        rv = tls13_SendCertificate(ss);
+        if (rv != SECSuccess) {
+            return SECFailure; /* error code is set. */
+        }
+    }
+    if (ss->ssl3.hs.certificateRequest) {
+        PORT_FreeArena(ss->ssl3.hs.certificateRequest->arena, PR_FALSE);
+        ss->ssl3.hs.certificateRequest = NULL;
+    }
+
+    if (sendClientCert) {
+        rv = tls13_SendCertificateVerify(ss, ss->ssl3.clientPrivateKey);
+        SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
+        ss->ssl3.clientPrivateKey = NULL;
+        if (rv != SECSuccess) {
+            return SECFailure; /* err is set. */
+        }
+    }
+
+    rv = tls13_SendFinished(ss, ss->ssl3.hs.clientHsTrafficSecret);
+    if (rv != SECSuccess) {
+        return SECFailure; /* err code was set. */
+    }
+    rv = ssl3_FlushHandshake(ss, IS_DTLS(ss) ? ssl_SEND_FLAG_NO_RETRANSMIT : 0);
+    if (rv != SECSuccess) {
+        /* No point in sending an alert here because we're not going to
+         * be able to send it if we couldn't flush the handshake. */
+        *sendAlert = no_alert;
+        return SECFailure;
+    }
+
+    rv = dtls_StartHolddownTimer(ss);
+    if (rv != SECSuccess) {
+        return SECFailure; /* err code was set. */
+    }
+
+    return SECSuccess;
+}
+
+static SECStatus
+tls13_SendClientSecondRound(sslSocket *ss)
+{
+    SECStatus rv;
+    PRBool sendClientCert;
+    SSL3AlertDescription sendAlert = no_alert;
+
+    PORT_Assert(ss->opt.noLocks || ssl_HaveRecvBufLock(ss));
+    PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    sendClientCert = !ss->ssl3.sendEmptyCert &&
+                     ss->ssl3.clientCertChain != NULL &&
+                     ss->ssl3.clientPrivateKey != NULL;
+
+    /* Defer client authentication sending if we are still waiting for server
+     * authentication.  This avoids unnecessary disclosure of client credentials
+     * to an unauthenticated server.
+     */
+    if (ss->ssl3.hs.restartTarget) {
+        PR_NOT_REACHED("unexpected ss->ssl3.hs.restartTarget");
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+    if (ss->ssl3.hs.authCertificatePending) {
+        SSL_TRC(3, ("%d: TLS13[%d]: deferring ssl3_SendClientSecondRound because"
+                    " certificate authentication is still pending.",
+                    SSL_GETPID(), ss->fd));
+        ss->ssl3.hs.restartTarget = tls13_SendClientSecondRound;
+        return SECWouldBlock;
+    }
+
+    if (ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted) {
+        rv = tls13_SendEndOfEarlyData(ss);
+        if (rv != SECSuccess) {
+            return SECFailure; /* Error code already set. */
+        }
+    }
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
+                             CipherSpecWrite, PR_FALSE);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SSL_ERROR_INIT_CIPHER_SUITE_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    rv = tls13_ComputeApplicationSecrets(ss);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyApplicationData,
+                             CipherSpecRead, PR_FALSE);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    ssl_GetXmitBufLock(ss); /*******************************/
+    rv = tls13_SendClientSecondFlight(ss, sendClientCert, &sendAlert);
+    ssl_ReleaseXmitBufLock(ss); /*******************************/
+    if (rv != SECSuccess) {
+        if (sendAlert != no_alert) {
+            FATAL_ERROR(ss, PORT_GetError(), sendAlert);
+        } else {
+            LOG_ERROR(ss, PORT_GetError());
+        }
+        return SECFailure;
+    }
+    rv = tls13_SetCipherSpec(ss, TrafficKeyApplicationData,
+                             CipherSpecWrite, PR_TRUE);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /* The handshake is now finished */
+    return tls13_FinishHandshake(ss);
+}
+
+/*
+ *  enum { (65535) } TicketExtensionType;
+ *
+ *  struct {
+ *      TicketExtensionType extension_type;
+ *      opaque extension_data<0..2^16-1>;
+ *  } TicketExtension;
+ *
+ *   struct {
+ *       uint32 ticket_lifetime;
+ *       uint32 ticket_age_add;
+ *       opaque ticket<1..2^16-1>;
+ *       TicketExtension extensions<0..2^16-2>;
+ *   } NewSessionTicket;
+ */
+
+#define MAX_EARLY_DATA_SIZE (2 << 16) /* Arbitrary limit. */
+
+SECStatus
+tls13_SendNewSessionTicket(sslSocket *ss)
+{
+    PRUint16 message_length;
+    SECItem ticket_data = { 0, NULL, 0 };
+    SECStatus rv;
+    NewSessionTicket ticket = { 0 };
+    PRUint32 max_early_data_size_len = 0;
+    ticket.flags = 0;
+    if (ss->opt.enable0RttData) {
+        ticket.flags |= ticket_allow_early_data;
+        max_early_data_size_len = 8; /* type + len + value. */
+    }
+    ticket.ticket_lifetime_hint = ssl_ticket_lifetime;
+
+    rv = ssl3_EncodeSessionTicket(ss, &ticket, &ticket_data);
+    if (rv != SECSuccess)
+        goto loser;
+
+    message_length =
+        4 +                           /* lifetime */
+        4 +                           /* ticket_age_add */
+        2 + max_early_data_size_len + /* max_early_data_size_len */
+        2 +                           /* ticket length */
+        ticket_data.len;
+
+    rv = ssl3_AppendHandshakeHeader(ss, new_session_ticket,
+                                    message_length);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* This is a fixed value. */
+    rv = ssl3_AppendHandshakeNumber(ss, ssl_ticket_lifetime, 4);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* The ticket age obfuscator. */
+    rv = PK11_GenerateRandom((PRUint8 *)&ticket.ticket_age_add,
+                             sizeof(ticket.ticket_age_add));
+    if (rv != SECSuccess)
+        goto loser;
+
+    rv = ssl3_AppendHandshakeNumber(ss, ticket.ticket_age_add, 4);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Encode the ticket. */
+    rv = ssl3_AppendHandshakeVariable(
+        ss, ticket_data.data, ticket_data.len, 2);
+    if (rv != SECSuccess)
+        goto loser;
+
+    /* Extensions. */
+    rv = ssl3_AppendHandshakeNumber(ss, max_early_data_size_len, 2);
+    if (rv != SECSuccess)
+        goto loser;
+
+    if (max_early_data_size_len) {
+        rv = ssl3_AppendHandshakeNumber(
+            ss, ssl_tls13_ticket_early_data_info_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* Length */
+        rv = ssl3_AppendHandshakeNumber(ss, 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        rv = ssl3_AppendHandshakeNumber(ss, MAX_EARLY_DATA_SIZE, 4);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    SECITEM_FreeItem(&ticket_data, PR_FALSE);
+    return SECSuccess;
+
+loser:
+    if (ticket_data.data) {
+        SECITEM_FreeItem(&ticket_data, PR_FALSE);
+    }
+    return SECFailure;
+}
+
+static SECStatus
+tls13_HandleNewSessionTicket(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+    SECStatus rv;
+    PRUint32 utmp;
+    NewSessionTicket ticket = { 0 };
+    SECItem data;
+    SECItem ticket_data;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle new session ticket message",
+                SSL_GETPID(), ss->fd));
+
+    rv = TLS13_CHECK_HS_STATE(ss, SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET,
+                              idle_handshake);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    if (!ss->firstHsDone || ss->sec.isServer) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET,
+                    unexpected_message);
+        return SECFailure;
+    }
+
+    ticket.received_timestamp = PR_Now();
+    rv = ssl3_ConsumeHandshakeNumber(ss, &ticket.ticket_lifetime_hint, 4, &b,
+                                     &length);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
+                    decode_error);
+        return SECFailure;
+    }
+    ticket.ticket.type = siBuffer;
+
+    rv = ssl3_ConsumeHandshake(ss, &utmp, sizeof(utmp),
+                               &b, &length);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
+        return SECFailure;
+    }
+    ticket.ticket_age_add = PR_ntohl(utmp);
+
+    /* Get the ticket value. */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &ticket_data, 2, &b, &length);
+    if (rv != SECSuccess || !ticket_data.len) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
+                    decode_error);
+        return SECFailure;
+    }
+
+    /* Parse extensions. */
+    rv = ssl3_ConsumeHandshakeVariable(ss, &data, 2, &b, &length);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
+                    decode_error);
+        return SECFailure;
+    }
+
+    rv = ssl3_HandleExtensions(ss, &data.data,
+                               &data.len, new_session_ticket);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
+                    decode_error);
+        return SECFailure;
+    }
+    if (ss->xtnData.max_early_data_size) {
+        ticket.flags |= ticket_allow_early_data;
+        ticket.max_early_data_size = ss->xtnData.max_early_data_size;
+    }
+
+    if (length != 0) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET,
+                    decode_error);
+        return SECFailure;
+    }
+
+    if (!ss->opt.noCache) {
+        PORT_Assert(ss->sec.ci.sid);
+        rv = SECITEM_CopyItem(NULL, &ticket.ticket, &ticket_data);
+        if (rv != SECSuccess) {
+            FATAL_ERROR(ss, SEC_ERROR_NO_MEMORY, internal_error);
+            return SECFailure;
+        }
+        PRINT_BUF(50, (ss, "Caching session ticket",
+                       ticket.ticket.data,
+                       ticket.ticket.len));
+
+        /* Replace a previous session ticket when
+         * we receive a second NewSessionTicket message. */
+        if (ss->sec.ci.sid->cached == in_client_cache) {
+            /* Create a new session ID. */
+            sslSessionID *sid = ssl3_NewSessionID(ss, PR_FALSE);
+            if (!sid) {
+                return SECFailure;
+            }
+
+            /* Copy over the peerCert. */
+            PORT_Assert(ss->sec.ci.sid->peerCert);
+            sid->peerCert = CERT_DupCertificate(ss->sec.ci.sid->peerCert);
+            if (!sid->peerCert) {
+                ssl_FreeSID(sid);
+                return SECFailure;
+            }
+
+            /* Destroy the old SID. */
+            ss->sec.uncache(ss->sec.ci.sid);
+            ssl_FreeSID(ss->sec.ci.sid);
+            ss->sec.ci.sid = sid;
+        }
+
+        ssl3_SetSIDSessionTicket(ss->sec.ci.sid, &ticket);
+        PORT_Assert(!ticket.ticket.data);
+
+        rv = ssl3_FillInCachedSID(ss, ss->sec.ci.sid);
+        if (rv != SECSuccess)
+            return SECFailure;
+
+        /* Cache the session. */
+        ss->sec.cache(ss->sec.ci.sid);
+    }
+
+    return SECSuccess;
+}
+
+typedef enum {
+    ExtensionNotUsed,
+    ExtensionClientOnly,
+    ExtensionSendClear,
+    ExtensionSendClearOrHrr,
+    ExtensionSendHrr,
+    ExtensionSendEncrypted,
+    ExtensionSendCertificate,
+    ExtensionNewSessionTicket
+} Tls13ExtensionStatus;
+
+static const struct {
+    PRUint16 ex_value;
+    Tls13ExtensionStatus status;
+} KnownExtensions[] = {
+    { ssl_server_name_xtn, ExtensionSendEncrypted },
+    { ssl_supported_groups_xtn, ExtensionSendEncrypted },
+    { ssl_ec_point_formats_xtn, ExtensionNotUsed },
+    { ssl_signature_algorithms_xtn, ExtensionClientOnly },
+    { ssl_use_srtp_xtn, ExtensionSendEncrypted },
+    { ssl_app_layer_protocol_xtn, ExtensionSendEncrypted },
+    { ssl_padding_xtn, ExtensionNotUsed },
+    { ssl_extended_master_secret_xtn, ExtensionNotUsed },
+    { ssl_session_ticket_xtn, ExtensionClientOnly },
+    { ssl_tls13_key_share_xtn, ExtensionSendClearOrHrr },
+    { ssl_tls13_pre_shared_key_xtn, ExtensionSendClear },
+    { ssl_tls13_early_data_xtn, ExtensionSendEncrypted },
+    { ssl_next_proto_nego_xtn, ExtensionNotUsed },
+    { ssl_renegotiation_info_xtn, ExtensionNotUsed },
+    { ssl_signed_cert_timestamp_xtn, ExtensionSendCertificate },
+    { ssl_cert_status_xtn, ExtensionSendCertificate },
+    { ssl_tls13_ticket_early_data_info_xtn, ExtensionNewSessionTicket },
+    { ssl_tls13_cookie_xtn, ExtensionSendHrr },
+    { ssl_tls13_short_header_xtn, ExtensionSendClear },
+    { ssl_tls13_tls_proof_xtn, ExtensionSendEncrypted} // TLS-N Extension
+};
+
+PRBool
+tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message)
+{
+    unsigned int i;
+
+    PORT_Assert((message == client_hello) ||
+                (message == server_hello) ||
+                (message == hello_retry_request) ||
+                (message == encrypted_extensions) ||
+                (message == new_session_ticket) ||
+                (message == certificate));
+
+    for (i = 0; i < PR_ARRAY_SIZE(KnownExtensions); i++) {
+        if (KnownExtensions[i].ex_value == extension)
+            break;
+    }
+    if (i == PR_ARRAY_SIZE(KnownExtensions)) {
+        /* We have never heard of this extension which is OK
+         * in client_hello and new_session_ticket. */
+        return (message == client_hello) ||
+               (message == new_session_ticket);
+    }
+
+    switch (KnownExtensions[i].status) {
+        case ExtensionNotUsed:
+            return PR_FALSE;
+        case ExtensionClientOnly:
+            return message == client_hello;
+        case ExtensionSendClear:
+            return message == client_hello ||
+                   message == server_hello;
+        case ExtensionSendClearOrHrr:
+            return message == client_hello ||
+                   message == server_hello ||
+                   message == hello_retry_request;
+        case ExtensionSendHrr:
+            return message == client_hello ||
+                   message == hello_retry_request;
+        case ExtensionSendEncrypted:
+            return message == client_hello ||
+                   message == encrypted_extensions;
+        case ExtensionNewSessionTicket:
+            return message == new_session_ticket;
+        case ExtensionSendCertificate:
+            return message == client_hello ||
+                   message == certificate;
+    }
+
+    PORT_Assert(0);
+
+    /* Not reached */
+    return PR_TRUE;
+}
+
+/* TLS 1.3 doesn't actually have additional data but the aead function
+ * signature overloads additional data to carry the record sequence
+ * number and that's what we put here. The TLS 1.3 AEAD functions
+ * just use this input as the sequence number and not as additional
+ * data. */
+static void
+tls13_FormatAdditionalData(PRUint8 *aad, unsigned int length,
+                           sslSequenceNumber seqNum)
+{
+    PRUint8 *ptr = aad;
+
+    PORT_Assert(length == 8);
+    ptr = ssl_EncodeUintX(seqNum, 8, ptr);
+    PORT_Assert((ptr - aad) == length);
+}
+
+SECStatus
+tls13_ProtectRecord(sslSocket *ss,
+                    ssl3CipherSpec *cwSpec,
+                    SSL3ContentType type,
+                    const SSL3Opaque *pIn,
+                    PRUint32 contentLen,
+                    sslBuffer *wrBuf)
+{
+    const ssl3BulkCipherDef *cipher_def = cwSpec->cipher_def;
+    const int tagLen = cipher_def->tag_size;
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: spec=%d (%s) protect record 0x%0llx len=%u",
+                SSL_GETPID(), ss->fd, cwSpec, cwSpec->phase,
+                cwSpec->write_seq_num, contentLen));
+
+    if (contentLen + 1 + tagLen > wrBuf->space) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    /* Copy the data into the wrBuf. We're going to encrypt in-place
+     * in the AEAD branch anyway */
+    PORT_Memcpy(wrBuf->buf, pIn, contentLen);
+
+    if (cipher_def->calg == ssl_calg_null) {
+        /* Shortcut for plaintext */
+        wrBuf->len = contentLen;
+    } else {
+        PRUint8 aad[8];
+        PORT_Assert(cipher_def->type == type_aead);
+
+        /* Add the content type at the end. */
+        wrBuf->buf[contentLen] = type;
+
+        tls13_FormatAdditionalData(aad, sizeof(aad), cwSpec->write_seq_num);
+        rv = cwSpec->aead(
+            ss->sec.isServer ? &cwSpec->server : &cwSpec->client,
+            PR_FALSE,                   /* do encrypt */
+            wrBuf->buf,                 /* output  */
+            (int *)&wrBuf->len,         /* out len */
+            wrBuf->space,               /* max out */
+            wrBuf->buf, contentLen + 1, /* input   */
+            aad, sizeof(aad));
+        if (rv != SECSuccess) {
+            PORT_SetError(SSL_ERROR_ENCRYPTION_FAILURE);
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+/* Unprotect a TLS 1.3 record and leave the result in plaintext.
+ *
+ * Called by ssl3_HandleRecord. Caller must hold the spec read lock.
+ * Therefore, we MUST not call SSL3_SendAlert().
+ *
+ * If SECFailure is returned, we:
+ * 1. Set |*alert| to the alert to be sent.
+ * 2. Call PORT_SetError() witn an appropriate code.
+ */
+SECStatus
+tls13_UnprotectRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
+                      SSL3AlertDescription *alert)
+{
+    ssl3CipherSpec *crSpec = ss->ssl3.crSpec;
+    const ssl3BulkCipherDef *cipher_def = crSpec->cipher_def;
+    PRUint8 aad[8];
+    SECStatus rv;
+
+    *alert = bad_record_mac; /* Default alert for most issues. */
+
+    SSL_TRC(3, ("%d: TLS13[%d]: spec=%d (%s) unprotect record 0x%0llx len=%u",
+                SSL_GETPID(), ss->fd, crSpec, crSpec->phase,
+                crSpec->read_seq_num, cText->buf->len));
+
+    /* We can perform this test in variable time because the record's total
+     * length and the ciphersuite are both public knowledge. */
+    if (cText->buf->len < cipher_def->tag_size) {
+        SSL_TRC(3,
+                ("%d: TLS13[%d]: record too short to contain valid AEAD data",
+                 SSL_GETPID(), ss->fd));
+        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+        return SECFailure;
+    }
+
+    /* Verify that the content type is right, even though we overwrite it. */
+    if (cText->type != content_application_data) {
+        SSL_TRC(3,
+                ("%d: TLS13[%d]: record has invalid exterior content type=%d",
+                 SSL_GETPID(), ss->fd, cText->type));
+        /* Do we need a better error here? */
+        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+        return SECFailure;
+    }
+
+    /* Check the version number in the record */
+    if ((IS_DTLS(ss) && cText->version != kDtlsRecordVersion) ||
+        (!IS_DTLS(ss) && cText->version != kTlsRecordVersion)) {
+        /* Do we need a better error here? */
+        SSL_TRC(3,
+                ("%d: TLS13[%d]: record has bogus version",
+                 SSL_GETPID(), ss->fd));
+        return SECFailure;
+    }
+
+    /* Decrypt */
+    PORT_Assert(cipher_def->type == type_aead);
+    tls13_FormatAdditionalData(aad, sizeof(aad),
+                               IS_DTLS(ss) ? cText->seq_num
+                                           : crSpec->read_seq_num);
+    rv = crSpec->aead(
+        ss->sec.isServer ? &crSpec->client : &crSpec->server,
+        PR_TRUE,                /* do decrypt */
+        plaintext->buf,         /* out */
+        (int *)&plaintext->len, /* outlen */
+        plaintext->space,       /* maxout */
+        cText->buf->buf,        /* in */
+        cText->buf->len,        /* inlen */
+        aad, sizeof(aad));
+    if (rv != SECSuccess) {
+        SSL_TRC(3,
+                ("%d: TLS13[%d]: record has bogus MAC",
+                 SSL_GETPID(), ss->fd));
+        PORT_SetError(SSL_ERROR_BAD_MAC_READ);
+        return SECFailure;
+    }
+
+    /* The record is right-padded with 0s, followed by the true
+     * content type, so read from the right until we receive a
+     * nonzero byte. */
+    while (plaintext->len > 0 && !(plaintext->buf[plaintext->len - 1])) {
+        --plaintext->len;
+    }
+
+    /* Bogus padding. */
+    if (plaintext->len < 1) {
+        SSL_TRC(3,
+                ("%d: TLS13[%d]: empty record",
+                 SSL_GETPID(), ss->fd, cText->type));
+        /* It's safe to report this specifically because it happened
+         * after the MAC has been verified. */
+        PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
+        return SECFailure;
+    }
+
+    /* Record the type. */
+    cText->type = plaintext->buf[plaintext->len - 1];
+    --plaintext->len;
+
+    SSL_TRC(10,
+            ("%d: TLS13[%d]: %s received record of length=%d type=%d",
+             SSL_GETPID(), ss->fd, SSL_ROLE(ss),
+             plaintext->len, cText->type));
+
+    return SECSuccess;
+}
+
+/* 0-RTT is only permitted if:
+ *
+ * 1. We are doing TLS 1.3
+ * 2. This isn't a second ClientHello (in response to HelloRetryRequest)
+ * 3. The 0-RTT option is set.
+ * 4. We have a valid ticket.
+ * 5. The server is willing to accept 0-RTT.
+ * 6. We have not changed our ALPN settings to disallow the ALPN tag
+ *    in the ticket.
+ *
+ * Called from tls13_ClientSendEarlyDataXtn().
+ */
+PRBool
+tls13_ClientAllow0Rtt(const sslSocket *ss, const sslSessionID *sid)
+{
+    /* We checked that the cipher suite was still allowed back in
+     * ssl3_SendClientHello. */
+    if (sid->version < SSL_LIBRARY_VERSION_TLS_1_3)
+        return PR_FALSE;
+    if (ss->ssl3.hs.helloRetry)
+        return PR_FALSE;
+    if (!ss->opt.enable0RttData)
+        return PR_FALSE;
+    if (!ss->statelessResume)
+        return PR_FALSE;
+    if ((sid->u.ssl3.locked.sessionTicket.flags & ticket_allow_early_data) == 0)
+        return PR_FALSE;
+    return tls13_AlpnTagAllowed(ss, &sid->u.ssl3.alpnSelection);
+}
+
+SECStatus
+tls13_MaybeDo0RTTHandshake(sslSocket *ss)
+{
+    SECStatus rv;
+
+    /* Don't do anything if there is no early_data xtn, which means we're
+     * not doing early data. */
+    if (!ssl3_ClientExtensionAdvertised(ss, ssl_tls13_early_data_xtn)) {
+        return SECSuccess;
+    }
+
+    ss->ssl3.hs.zeroRttState = ssl_0rtt_sent;
+    ss->ssl3.hs.zeroRttSuite = ss->ssl3.hs.cipher_suite;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: in 0-RTT mode", SSL_GETPID(), ss->fd));
+
+    /* Set the ALPN data as if it was negotiated. We check in the ServerHello
+     * handler that the server negotiates the same value. */
+    if (ss->sec.ci.sid->u.ssl3.alpnSelection.len) {
+        ss->xtnData.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
+        rv = SECITEM_CopyItem(NULL, &ss->xtnData.nextProto,
+                              &ss->sec.ci.sid->u.ssl3.alpnSelection);
+        if (rv != SECSuccess)
+            return rv;
+    }
+
+    /* Cipher suite already set in tls13_SetupClientHello. */
+    ss->ssl3.hs.preliminaryInfo = 0;
+
+    rv = tls13_DeriveSecret(ss, ss->ssl3.hs.currentSecret,
+                            kHkdfLabelClient,
+                            kHkdfLabelEarlyTrafficSecret,
+                            NULL,
+                            &ss->ssl3.hs.clientEarlyTrafficSecret);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyEarlyApplicationData,
+                             CipherSpecWrite, PR_TRUE);
+    if (rv != SECSuccess) {
+        return rv;
+    }
+
+    return SECSuccess;
+}
+
+PRInt32
+tls13_Read0RttData(sslSocket *ss, void *buf, PRInt32 len)
+{
+    TLS13EarlyData *msg;
+
+    PORT_Assert(!PR_CLIST_IS_EMPTY(&ss->ssl3.hs.bufferedEarlyData));
+    msg = (TLS13EarlyData *)PR_NEXT_LINK(&ss->ssl3.hs.bufferedEarlyData);
+
+    PR_REMOVE_LINK(&msg->link);
+    if (msg->data.len > len) {
+        PORT_SetError(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+        return SECFailure;
+    }
+    len = msg->data.len;
+
+    PORT_Memcpy(buf, msg->data.data, msg->data.len);
+    SECITEM_ZfreeItem(&msg->data, PR_FALSE);
+    PORT_ZFree(msg, sizeof(*msg));
+
+    return len;
+}
+
+static SECStatus
+tls13_SendEndOfEarlyData(sslSocket *ss)
+{
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send end_of_early_data extension",
+                SSL_GETPID(), ss->fd));
+
+    rv = SSL3_SendAlert(ss, alert_warning, end_of_early_data);
+    if (rv != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    ss->ssl3.hs.zeroRttState = ssl_0rtt_done;
+    return SECSuccess;
+}
+
+SECStatus
+tls13_HandleEndOfEarlyData(sslSocket *ss)
+{
+    SECStatus rv;
+
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3 ||
+        ss->ssl3.hs.zeroRttState != ssl_0rtt_accepted) {
+        (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+        PORT_SetError(SSL_ERROR_END_OF_EARLY_DATA_ALERT);
+        return SECFailure;
+    }
+
+    PORT_Assert(TLS13_IN_HS_STATE(ss, ss->opt.requestCertificate ? wait_client_cert : wait_finished));
+
+    rv = tls13_SetCipherSpec(ss, TrafficKeyHandshake,
+                             CipherSpecRead, PR_FALSE);
+    if (rv != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+    }
+
+    ss->ssl3.hs.zeroRttState = ssl_0rtt_done;
+    return SECSuccess;
+}
+
+SECStatus
+tls13_HandleEarlyApplicationData(sslSocket *ss, sslBuffer *origBuf)
+{
+    TLS13EarlyData *ed;
+    SECItem it = { siBuffer, NULL, 0 };
+
+    PORT_Assert(ss->sec.isServer);
+    PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted);
+    if (ss->ssl3.hs.zeroRttState != ssl_0rtt_accepted) {
+        /* Belt and suspenders. */
+        FATAL_ERROR(ss, SEC_ERROR_LIBRARY_FAILURE, internal_error);
+        return SECFailure;
+    }
+
+    PRINT_BUF(3, (NULL, "Received early application data",
+                  origBuf->buf, origBuf->len));
+    ed = PORT_ZNew(TLS13EarlyData);
+    if (!ed) {
+        FATAL_ERROR(ss, SEC_ERROR_NO_MEMORY, internal_error);
+        return SECFailure;
+    }
+    it.data = origBuf->buf;
+    it.len = origBuf->len;
+    if (SECITEM_CopyItem(NULL, &ed->data, &it) != SECSuccess) {
+        FATAL_ERROR(ss, SEC_ERROR_NO_MEMORY, internal_error);
+        return SECFailure;
+    }
+    PR_APPEND_LINK(&ed->link, &ss->ssl3.hs.bufferedEarlyData);
+
+    origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */
+
+    return SECSuccess;
+}
+
+PRUint16
+tls13_EncodeDraftVersion(SSL3ProtocolVersion version)
+{
+#ifdef TLS_1_3_DRAFT_VERSION
+    if (version == SSL_LIBRARY_VERSION_TLS_1_3) {
+        return 0x7f00 | TLS_1_3_DRAFT_VERSION;
+    }
+#endif
+    return (PRUint16)version;
+}
+
+/* Pick the highest version we support that is also advertised. */
+SECStatus
+tls13_NegotiateVersion(sslSocket *ss, const TLSExtension *supported_versions)
+{
+    PRUint16 version;
+    /* Make a copy so we're nondestructive*/
+    SECItem data = supported_versions->data;
+    SECItem versions;
+    SECStatus rv;
+
+    rv = ssl3_ConsumeHandshakeVariable(ss, &versions, 1,
+                                       &data.data, &data.len);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+    if (data.len || !versions.len || (versions.len & 1)) {
+        FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter);
+        return SECFailure;
+    }
+    for (version = ss->vrange.max; version >= ss->vrange.min; --version) {
+        PRUint16 wire = tls13_EncodeDraftVersion(version);
+        unsigned long offset;
+
+        for (offset = 0; offset < versions.len; offset += 2) {
+            PRUint16 supported =
+                (versions.data[offset] << 8) | versions.data[offset + 1];
+            if (supported == wire) {
+                ss->version = version;
+                return SECSuccess;
+            }
+        }
+    }
+
+    FATAL_ERROR(ss, SSL_ERROR_UNSUPPORTED_VERSION, protocol_version);
+    return SECFailure;
+}
diff --git a/nss/lib/ssl/tls13con.h b/nss/lib/ssl/tls13con.h
new file mode 100644
index 0000000..f810abc
--- /dev/null
+++ b/nss/lib/ssl/tls13con.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is PRIVATE to SSL.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __tls13con_h_
+#define __tls13con_h_
+
+typedef enum {
+    StaticSharedSecret,
+    EphemeralSharedSecret
+} SharedSecretType;
+
+#define TLS13_MAX_FINISHED_SIZE 64
+
+SECStatus tls13_UnprotectRecord(
+    sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *plaintext,
+    SSL3AlertDescription *alert);
+
+#if defined(WIN32)
+#define __func__ __FUNCTION__
+#endif
+
+void tls13_SetHsState(sslSocket *ss, SSL3WaitState ws,
+                      const char *func, const char *file, int line);
+#define TLS13_SET_HS_STATE(ss, ws) \
+    tls13_SetHsState(ss, ws, __func__, __FILE__, __LINE__)
+
+/* Return PR_TRUE if the socket is in one of the given states, else return
+ * PR_FALSE. Only call the macro not the function, because the trailing
+ * wait_invalid is needed to terminate the argument list. */
+PRBool tls13_InHsState(sslSocket *ss, ...);
+#define TLS13_IN_HS_STATE(ss, ...) \
+    tls13_InHsState(ss, __VA_ARGS__, wait_invalid)
+
+SSLHashType tls13_GetHashForCipherSuite(ssl3CipherSuite suite);
+SSLHashType tls13_GetHash(const sslSocket *ss);
+unsigned int tls13_GetHashSizeForHash(SSLHashType hash);
+unsigned int tls13_GetHashSize(const sslSocket *ss);
+CK_MECHANISM_TYPE tls13_GetHkdfMechanismForHash(SSLHashType hash);
+CK_MECHANISM_TYPE tls13_GetHkdfMechanism(sslSocket *ss);
+void tls13_FatalError(sslSocket *ss, PRErrorCode prError,
+                      SSL3AlertDescription desc);
+SECStatus tls13_SetupClientHello(sslSocket *ss);
+SECStatus tls13_MaybeDo0RTTHandshake(sslSocket *ss);
+PRBool tls13_AllowPskCipher(const sslSocket *ss,
+                            const ssl3CipherSuiteDef *cipher_def);
+PRBool tls13_PskSuiteEnabled(sslSocket *ss);
+SECStatus tls13_ComputePskBinder(sslSocket *ss, PRBool sending,
+                                 unsigned int prefixLength,
+                                 PRUint8 *output, unsigned int *outputLen,
+                                 unsigned int maxOutputLen);
+SECStatus tls13_HandleClientHelloPart2(sslSocket *ss,
+                                       const SECItem *suites,
+                                       sslSessionID *sid);
+SECStatus tls13_HandleServerHelloPart2(sslSocket *ss);
+SECStatus tls13_HandlePostHelloHandshakeMessage(sslSocket *ss, SSL3Opaque *b,
+                                                PRUint32 length,
+                                                SSL3Hashes *hashesPtr);
+SECStatus tls13_HandleHelloRetryRequest(sslSocket *ss, SSL3Opaque *b,
+                                        PRUint32 length);
+void tls13_DestroyKeyShareEntry(TLS13KeyShareEntry *entry);
+void tls13_DestroyKeyShares(PRCList *list);
+SECStatus tls13_CreateKeyShare(sslSocket *ss, const sslNamedGroupDef *groupDef);
+void tls13_DestroyEarlyData(PRCList *list);
+void tls13_CipherSpecAddRef(ssl3CipherSpec *spec);
+void tls13_CipherSpecRelease(ssl3CipherSpec *spec);
+void tls13_DestroyCipherSpecs(PRCList *list);
+PRBool tls13_ExtensionAllowed(PRUint16 extension, SSL3HandshakeType message);
+SECStatus tls13_ProtectRecord(sslSocket *ss,
+                              ssl3CipherSpec *cwSpec,
+                              SSL3ContentType type,
+                              const SSL3Opaque *pIn,
+                              PRUint32 contentLen,
+                              sslBuffer *wrBuf);
+PRInt32 tls13_Read0RttData(sslSocket *ss, void *buf, PRInt32 len);
+SECStatus tls13_HandleEndOfEarlyData(sslSocket *ss);
+SECStatus tls13_HandleEarlyApplicationData(sslSocket *ss, sslBuffer *origBuf);
+PRBool tls13_ClientAllow0Rtt(const sslSocket *ss, const sslSessionID *sid);
+PRUint16 tls13_EncodeDraftVersion(SSL3ProtocolVersion version);
+PRUint16 tls13_DecodeDraftVersion(PRUint16 version);
+SECStatus tls13_NegotiateVersion(sslSocket *ss,
+                                 const TLSExtension *supported_versions);
+SECStatus tls13_SendNewSessionTicket(sslSocket *ss);
+
+#endif /* __tls13con_h_ */
diff --git a/nss/lib/ssl/tls13exthandle.c b/nss/lib/ssl/tls13exthandle.c
new file mode 100644
index 0000000..443ee9e
--- /dev/null
+++ b/nss/lib/ssl/tls13exthandle.c
@@ -0,0 +1,1367 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssrenam.h"
+#include "nss.h"
+#include "ssl.h"
+#include "sslproto.h"
+#include "sslimpl.h"
+#include "pk11pub.h"
+#include "ssl3ext.h"
+#include "ssl3exthandle.h"
+#include "tls13exthandle.h"
+
+PRInt32
+tls13_ServerSendStatusRequestXtn(
+    const sslSocket *ss,
+    TLSExtensionData *xtnData,
+    PRBool append,
+    PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    const sslServerCert *serverCert = ss->sec.serverCert;
+    const SECItem *item;
+    SECStatus rv;
+
+    if (!serverCert->certStatusArray ||
+        !serverCert->certStatusArray->len) {
+        return 0;
+    }
+
+    item = &serverCert->certStatusArray->items[0];
+
+    /* Only send the first entry. */
+    extension_length = 2 + 2 + 1 /* status_type */ + 3 + item->len;
+    if (maxBytes < (PRUint32)extension_length) {
+        return 0;
+    }
+    if (append) {
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* length of extension_data */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+        /* status_type == ocsp */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 1 /*ocsp*/, 1);
+        if (rv != SECSuccess)
+            return rv; /* err set by AppendHandshake. */
+        /* opaque OCSPResponse<1..2^24-1> */
+        rv = ssl3_ExtAppendHandshakeVariable(ss, item->data, item->len, 3);
+        if (rv != SECSuccess)
+            return rv; /* err set by AppendHandshake. */
+    }
+
+    return extension_length;
+}
+
+/*
+ *     [draft-ietf-tls-tls13-11] Section 6.3.2.3.
+ *
+ *     struct {
+ *         NamedGroup group;
+ *         opaque key_exchange<1..2^16-1>;
+ *     } KeyShareEntry;
+ *
+ *     struct {
+ *         select (role) {
+ *             case client:
+ *                 KeyShareEntry client_shares<4..2^16-1>;
+ *
+ *             case server:
+ *                 KeyShareEntry server_share;
+ *         }
+ *     } KeyShare;
+ *
+ * DH is Section 6.3.2.3.1.
+ *
+ *     opaque dh_Y<1..2^16-1>;
+ *
+ * ECDH is Section 6.3.2.3.2.
+ *
+ *     opaque point <1..2^8-1>;
+ */
+static PRUint32
+tls13_SizeOfKeyShareEntry(const SECKEYPublicKey *pubKey)
+{
+    /* Size = NamedGroup(2) + length(2) + opaque<?> share */
+    switch (pubKey->keyType) {
+        case ecKey:
+            return 2 + 2 + pubKey->u.ec.publicValue.len;
+        case dhKey:
+            return 2 + 2 + pubKey->u.dh.prime.len;
+        default:
+            PORT_Assert(0);
+    }
+    return 0;
+}
+
+static PRUint32
+tls13_SizeOfClientKeyShareExtension(const sslSocket *ss)
+{
+    PRCList *cursor;
+    /* Size is: extension(2) + extension_len(2) + client_shares(2) */
+    PRUint32 size = 2 + 2 + 2;
+    for (cursor = PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+         cursor != &ss->ephemeralKeyPairs;
+         cursor = PR_NEXT_LINK(cursor)) {
+        sslEphemeralKeyPair *keyPair = (sslEphemeralKeyPair *)cursor;
+        size += tls13_SizeOfKeyShareEntry(keyPair->keys->pubKey);
+    }
+    return size;
+}
+
+static SECStatus
+tls13_EncodeKeyShareEntry(const sslSocket *ss, const sslEphemeralKeyPair *keyPair)
+{
+    SECStatus rv;
+    SECKEYPublicKey *pubKey = keyPair->keys->pubKey;
+    unsigned int size = tls13_SizeOfKeyShareEntry(pubKey);
+
+    rv = ssl3_ExtAppendHandshakeNumber(ss, keyPair->group->name, 2);
+    if (rv != SECSuccess)
+        return rv;
+    rv = ssl3_ExtAppendHandshakeNumber(ss, size - 4, 2);
+    if (rv != SECSuccess)
+        return rv;
+
+    switch (pubKey->keyType) {
+        case ecKey:
+            rv = tls13_EncodeECDHEKeyShareKEX(ss, pubKey);
+            break;
+        case dhKey:
+            rv = ssl_AppendPaddedDHKeyShare(ss, pubKey, PR_FALSE);
+            break;
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            break;
+    }
+
+    return rv;
+}
+
+PRInt32
+tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                            PRUint32 maxBytes)
+{
+    PRUint32 extension_length;
+
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return 0;
+    }
+
+    /* Optimistically try to send an ECDHE key using the
+     * preexisting key (in future will be keys) */
+    SSL_TRC(3, ("%d: TLS13[%d]: send client key share xtn",
+                SSL_GETPID(), ss->fd));
+
+    extension_length = tls13_SizeOfClientKeyShareExtension(ss);
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        PRCList *cursor;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* The extension length */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* The length of KeyShares */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 6, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        for (cursor = PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+             cursor != &ss->ephemeralKeyPairs;
+             cursor = PR_NEXT_LINK(cursor)) {
+            sslEphemeralKeyPair *keyPair = (sslEphemeralKeyPair *)cursor;
+            rv = tls13_EncodeKeyShareEntry(ss, keyPair);
+            if (rv != SECSuccess)
+                goto loser;
+        }
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_key_share_xtn;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
+}
+
+static SECStatus
+tls13_HandleKeyShareEntry(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data)
+{
+    SECStatus rv;
+    PRUint32 group;
+    const sslNamedGroupDef *groupDef;
+    TLS13KeyShareEntry *ks = NULL;
+    SECItem share = { siBuffer, NULL, 0 };
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &group, 2, &data->data, &data->len);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
+        goto loser;
+    }
+    groupDef = ssl_LookupNamedGroup(group);
+    rv = ssl3_ExtConsumeHandshakeVariable(ss, &share, 2, &data->data,
+                                          &data->len);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    /* If the group is disabled, continue. */
+    if (!groupDef) {
+        return SECSuccess;
+    }
+
+    ks = PORT_ZNew(TLS13KeyShareEntry);
+    if (!ks)
+        goto loser;
+    ks->group = groupDef;
+
+    rv = SECITEM_CopyItem(NULL, &ks->key_exchange, &share);
+    if (rv != SECSuccess)
+        goto loser;
+
+    PR_APPEND_LINK(&ks->link, &xtnData->remoteKeyShares);
+    return SECSuccess;
+
+loser:
+    if (ks)
+        tls13_DestroyKeyShareEntry(ks);
+    return SECFailure;
+}
+/* Handle an incoming KeyShare extension at the client and copy to
+ * |xtnData->remoteKeyShares| for future use. The key
+ * share is processed in tls13_HandleServerKeyShare(). */
+SECStatus
+tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+    PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares));
+
+    PORT_Assert(!ss->sec.isServer);
+
+    /* The server must not send this extension when negotiating < TLS 1.3. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION);
+        return SECFailure;
+    }
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
+                SSL_GETPID(), ss->fd));
+
+    rv = tls13_HandleKeyShareEntry(ss, xtnData, data);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
+        return SECFailure;
+    }
+
+    if (data->len) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+    PRUint32 tmp;
+    const sslNamedGroupDef *group;
+
+    PORT_Assert(!ss->sec.isServer);
+    PORT_Assert(ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3);
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension in HRR",
+                SSL_GETPID(), ss->fd));
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2, &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure; /* error code already set */
+    }
+    if (data->len) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
+        return SECFailure;
+    }
+
+    group = ssl_LookupNamedGroup((SSLNamedGroup)tmp);
+    /* If the group is not enabled, or we already have a share for the
+     * requested group, abort. */
+    if (!ssl_NamedGroupEnabled(ss, group) ||
+        ssl_HaveEphemeralKeyPair(ss, group)) {
+        ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
+        return SECFailure;
+    }
+
+    /* Now delete all the key shares per [draft-ietf-tls-tls13 S 4.1.2] */
+    ssl_FreeEphemeralKeyPairs(CONST_CAST(sslSocket, ss));
+
+    /* And replace with our new share. */
+    rv = tls13_CreateKeyShare(CONST_CAST(sslSocket, ss), group);
+    if (rv != SECSuccess) {
+        ssl3_ExtSendAlert(ss, alert_fatal, internal_error);
+        PORT_SetError(SEC_ERROR_KEYGEN_FAIL);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+/* Handle an incoming KeyShare extension at the server and copy to
+ * |xtnData->remoteKeyShares| for future use. The key
+ * share is processed in tls13_HandleClientKeyShare(). */
+SECStatus
+tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+    PRUint32 length;
+
+    PORT_Assert(ss->sec.isServer);
+    PORT_Assert(PR_CLIST_IS_EMPTY(&xtnData->remoteKeyShares));
+
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle key_share extension",
+                SSL_GETPID(), ss->fd));
+
+    /* Redundant length because of TLS encoding (this vector consumes
+     * the entire extension.) */
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &length, 2, &data->data,
+                                        &data->len);
+    if (rv != SECSuccess)
+        goto loser;
+    if (length != data->len) {
+        /* Check for consistency */
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_KEY_SHARE);
+        goto loser;
+    }
+
+    while (data->len) {
+        rv = tls13_HandleKeyShareEntry(ss, xtnData, data);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    /* Check that the client only offered one share if this is
+     * after HRR. */
+    if (ss->ssl3.hs.helloRetry) {
+        if (PR_PREV_LINK(&xtnData->remoteKeyShares) !=
+            PR_NEXT_LINK(&xtnData->remoteKeyShares)) {
+            PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
+            goto loser;
+        }
+    }
+
+    return SECSuccess;
+
+loser:
+    tls13_DestroyKeyShares(&xtnData->remoteKeyShares);
+    return SECFailure;
+}
+
+PRInt32
+tls13_ServerSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                            PRUint32 maxBytes)
+{
+    PRUint32 extension_length;
+    PRUint32 entry_length;
+    SECStatus rv;
+    sslEphemeralKeyPair *keyPair;
+
+    /* There should be exactly one key share. */
+    PORT_Assert(!PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
+    PORT_Assert(PR_PREV_LINK(&ss->ephemeralKeyPairs) ==
+                PR_NEXT_LINK(&ss->ephemeralKeyPairs));
+
+    keyPair = (sslEphemeralKeyPair *)PR_NEXT_LINK(&ss->ephemeralKeyPairs);
+
+    entry_length = tls13_SizeOfKeyShareEntry(keyPair->keys->pubKey);
+    extension_length = 2 + 2 + entry_length; /* Type + length + entry_length */
+    if (maxBytes < extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_key_share_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, entry_length, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        rv = tls13_EncodeKeyShareEntry(ss, keyPair);
+        if (rv != SECSuccess)
+            goto loser;
+    }
+
+    return extension_length;
+
+loser:
+    return -1;
+}
+
+/* Called by clients.
+ *
+ *      struct {
+ *         opaque identity<0..2^16-1>;
+ *         uint32 obfuscated_ticket_age;
+ *     } PskIdentity;
+ *
+ *     opaque PskBinderEntry<32..255>;
+ *
+ *     struct {
+ *         select (Handshake.msg_type) {
+ *             case client_hello:
+ *                 PskIdentity identities<6..2^16-1>;
+ *                 PskBinderEntry binders<33..2^16-1>;
+ *
+ *             case server_hello:
+ *                 uint16 selected_identity;
+ *         };
+ *
+ *     } PreSharedKeyExtension;
+
+ * Presently the only way to get a PSK is by resumption, so this is
+ * really a ticket label and there will be at most one.
+ */
+PRInt32
+tls13_ClientSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                PRBool append,
+                                PRUint32 maxBytes)
+{
+    PRInt32 extension_length;
+    PRInt32 identities_length;
+    PRInt32 binders_length;
+    NewSessionTicket *session_ticket;
+
+    /* We only set statelessResume on the client in TLS 1.3 code. */
+    if (!ss->statelessResume)
+        return 0;
+
+    PORT_Assert(ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3);
+
+    /* The length computations are simplified by the fact that there
+     * is just one ticket at most. */
+    session_ticket = &ss->sec.ci.sid->u.ssl3.locked.sessionTicket;
+    identities_length =
+        2 +                              /* vector length */
+        2 + session_ticket->ticket.len + /* identity length + ticket len */
+        4;                               /* obfuscated_ticket_age */
+    binders_length =
+        2 + /* vector length */
+        1 + tls13_GetHashSizeForHash(
+                tls13_GetHashForCipherSuite(ss->sec.ci.sid->u.ssl3.cipherSuite));
+    extension_length =
+        2 + 2 + /* Type + length */
+        identities_length + binders_length;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+        PRTime age;
+        unsigned int prefixLength;
+        PRUint8 binder[TLS13_MAX_FINISHED_SIZE];
+        unsigned int binderLen;
+
+        /* extension_type */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_pre_shared_key_xtn, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, identities_length - 2, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeVariable(ss, session_ticket->ticket.data,
+                                             session_ticket->ticket.len, 2);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* Obfuscated age. */
+        age = PR_Now() - session_ticket->received_timestamp;
+        age /= PR_USEC_PER_MSEC;
+        age += session_ticket->ticket_age_add;
+        rv = ssl3_ExtAppendHandshakeNumber(ss, age, 4);
+        if (rv != SECSuccess)
+            goto loser;
+
+        /* Now the binders. */
+        prefixLength = ss->ssl3.hs.messages.len;
+        rv = tls13_ComputePskBinder(CONST_CAST(sslSocket, ss), PR_TRUE,
+                                    prefixLength, binder, &binderLen,
+                                    sizeof(binder));
+        if (rv != SECSuccess)
+            goto loser;
+        PORT_Assert(binderLen == tls13_GetHashSize(ss));
+        rv = ssl3_ExtAppendHandshakeNumber(ss, binders_length - 2, 2);
+        if (rv != SECSuccess)
+            goto loser;
+        rv = ssl3_ExtAppendHandshakeVariable(ss,
+                                             binder, binderLen, 1);
+        if (rv != SECSuccess)
+            goto loser;
+
+        PRINT_BUF(50, (ss, "Sending PreSharedKey value",
+                       session_ticket->ticket.data,
+                       session_ticket->ticket.len));
+
+        xtnData->sentSessionTicketInClientHello = PR_TRUE;
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_pre_shared_key_xtn;
+    }
+    return extension_length;
+
+loser:
+    xtnData->ticketTimestampVerified = PR_FALSE;
+    return -1;
+}
+
+/* Handle a TLS 1.3 PreSharedKey Extension. We only accept PSKs
+ * that contain session tickets. */
+SECStatus
+tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    SECItem inner;
+    SECStatus rv;
+    unsigned int numIdentities = 0;
+    unsigned int numBinders = 0;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle pre_shared_key extension",
+                SSL_GETPID(), ss->fd));
+
+    /* If we are doing < TLS 1.3, then ignore this. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    /* Parse the identities list. */
+    rv = ssl3_ExtConsumeHandshakeVariable(ss,
+                                          &inner, 2, &data->data, &data->len);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+    while (inner.len) {
+        SECItem label;
+        PRUint32 utmp;
+
+        rv = ssl3_ExtConsumeHandshakeVariable(ss, &label, 2,
+                                              &inner.data, &inner.len);
+        if (rv != SECSuccess)
+            return rv;
+        if (!label.len) {
+            goto alert_loser;
+        }
+
+        /* Read and discard session ticket age. Bug 1295163 */
+        rv = ssl3_ExtConsumeHandshake(ss, &utmp, 4,
+                                      &inner.data, &inner.len);
+        if (rv != SECSuccess)
+            return rv;
+
+        if (!numIdentities) {
+            PRINT_BUF(50, (ss, "Handling PreSharedKey value",
+                           label.data, label.len));
+            rv = ssl3_ProcessSessionTicketCommon(
+                CONST_CAST(sslSocket, ss), &label);
+            /* This only happens if we have an internal error, not
+             * a malformed ticket. Bogus tickets just don't resume
+             * and return SECSuccess. */
+            if (rv != SECSuccess)
+                return SECFailure;
+        }
+        ++numIdentities;
+    }
+
+    xtnData->pskBinderPrefixLen = ss->ssl3.hs.messages.len - data->len;
+
+    /* Parse the binders list. */
+    rv = ssl3_ExtConsumeHandshakeVariable(ss,
+                                          &inner, 2, &data->data, &data->len);
+    if (rv != SECSuccess)
+        return SECFailure;
+    if (data->len) {
+        goto alert_loser;
+    }
+
+    while (inner.len) {
+        SECItem binder;
+        rv = ssl3_ExtConsumeHandshakeVariable(ss, &binder, 1,
+                                              &inner.data, &inner.len);
+        if (rv != SECSuccess)
+            return rv;
+        if (binder.len < 32) {
+            goto alert_loser;
+        }
+
+        if (!numBinders) {
+            xtnData->pskBinder = binder;
+        }
+        ++numBinders;
+    }
+
+    if (numBinders != numIdentities)
+        goto alert_loser;
+
+    /* Keep track of negotiated extensions. Note that this does not
+     * mean we are resuming. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    return SECSuccess;
+
+alert_loser:
+    ssl3_ExtSendAlert(ss, alert_fatal, illegal_parameter);
+    PORT_SetError(SSL_ERROR_MALFORMED_PRE_SHARED_KEY);
+    return SECFailure;
+}
+
+PRInt32
+tls13_ServerSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                PRBool append,
+                                PRUint32 maxBytes)
+{
+    PRInt32 extension_length =
+        2 + 2 + 2; /* type + len + index */
+    SECStatus rv;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_pre_shared_key_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 2, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        /* We only process the first session ticket the client sends,
+         * so the index is always 0. */
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+
+    return extension_length;
+}
+
+/* Handle a TLS 1.3 PreSharedKey Extension. We only accept PSKs
+ * that contain session tickets. */
+SECStatus
+tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                  SECItem *data)
+{
+    PRUint32 index;
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: handle pre_shared_key extension",
+                SSL_GETPID(), ss->fd));
+
+    /* The server must not send this extension when negotiating < TLS 1.3. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION);
+        return SECFailure;
+    }
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &index, 2, &data->data, &data->len);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    /* This should be the end of the extension. */
+    if (data->len) {
+        PORT_SetError(SSL_ERROR_MALFORMED_PRE_SHARED_KEY);
+        return SECFailure;
+    }
+
+    /* We only sent one PSK label so index must be equal to 0 */
+    if (index) {
+        PORT_SetError(SSL_ERROR_MALFORMED_PRE_SHARED_KEY);
+        return SECFailure;
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}
+
+/*
+ *  struct { } EarlyDataIndication;
+ */
+PRInt32
+tls13_ClientSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                             PRBool append,
+                             PRUint32 maxBytes)
+{
+    SECStatus rv;
+    PRInt32 extension_length;
+
+    if (!tls13_ClientAllow0Rtt(ss, ss->sec.ci.sid))
+        return 0;
+
+    /* type + length */
+    extension_length = 2 + 2;
+
+    if (maxBytes < (PRUint32)extension_length) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_early_data_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_early_data_xtn;
+    }
+
+    return extension_length;
+}
+
+SECStatus
+tls13_ServerHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                               SECItem *data)
+{
+    SSL_TRC(3, ("%d: TLS13[%d]: handle early_data extension",
+                SSL_GETPID(), ss->fd));
+
+    /* If we are doing < TLS 1.3, then ignore this. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    if (ss->ssl3.hs.helloRetry) {
+        ssl3_ExtSendAlert(ss, alert_fatal, unsupported_extension);
+        PORT_SetError(SSL_ERROR_RX_UNEXPECTED_EXTENSION);
+        return SECFailure;
+    }
+
+    if (data->len) {
+        PORT_SetError(SSL_ERROR_MALFORMED_EARLY_DATA);
+        return SECFailure;
+    }
+
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}
+
+/* This is only registered if we are sending it. */
+PRInt32
+tls13_ServerSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                             PRBool append,
+                             PRUint32 maxBytes)
+{
+    SSL_TRC(3, ("%d: TLS13[%d]: send early_data extension",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->ssl3.hs.zeroRttState == ssl_0rtt_accepted);
+    if (maxBytes < 4) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_early_data_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+
+    return 4;
+}
+
+/* This will only be called if we also offered the extension. */
+SECStatus
+tls13_ClientHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                               SECItem *data)
+{
+    SSL_TRC(3, ("%d: TLS13[%d]: handle early_data extension",
+                SSL_GETPID(), ss->fd));
+
+    /* The server must not send this extension when negotiating < TLS 1.3. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION);
+        return SECFailure;
+    }
+
+    if (data->len) {
+        PORT_SetError(SSL_ERROR_MALFORMED_EARLY_DATA);
+        return SECFailure;
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}
+
+SECStatus
+tls13_ClientHandleTicketEarlyDataInfoXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                         SECItem *data)
+{
+    PRUint32 utmp;
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle early_data_info extension",
+                SSL_GETPID(), ss->fd));
+
+    /* The server must not send this extension when negotiating < TLS 1.3. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION);
+        return SECFailure;
+    }
+
+    rv = ssl3_ExtConsumeHandshake(ss, &utmp, sizeof(utmp),
+                                  &data->data, &data->len);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
+        return SECFailure;
+    }
+    if (data->len) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET);
+        return SECFailure;
+    }
+
+    xtnData->max_early_data_size = PR_ntohl(utmp);
+
+    return SECSuccess;
+}
+
+/*
+ *     struct {
+ *          ProtocolVersion versions<2..254>;
+ *     } SupportedVersions;
+ */
+PRInt32
+tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                     PRUint32 maxBytes)
+{
+    PRInt32 extensions_len;
+    PRUint16 version;
+    SECStatus rv;
+
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return 0;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send supported_versions extension",
+                SSL_GETPID(), ss->fd));
+
+    /* Extension type, extension len fiels, vector len field,
+     * length of the values. */
+    extensions_len = 2 + 2 + 1 +
+                     2 * (ss->vrange.max - ss->vrange.min + 1);
+
+    if (maxBytes < (PRUint32)extensions_len) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_supported_versions_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extensions_len - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extensions_len - 5, 1);
+        if (rv != SECSuccess)
+            return -1;
+
+        for (version = ss->vrange.max; version >= ss->vrange.min; --version) {
+            rv = ssl3_ExtAppendHandshakeNumber(
+                ss, tls13_EncodeDraftVersion(version), 2);
+            if (rv != SECSuccess)
+                return -1;
+        }
+    }
+
+    return extensions_len;
+}
+
+/*
+ *    struct {
+ *        opaque cookie<1..2^16-1>;
+ *    } Cookie;
+ */
+SECStatus
+tls13_ClientHandleHrrCookie(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle cookie extension",
+                SSL_GETPID(), ss->fd));
+
+    PORT_Assert(ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3);
+
+    /* IMPORTANT: this is only valid while the HelloRetryRequest is still valid. */
+    rv = ssl3_ExtConsumeHandshakeVariable(
+        ss, &CONST_CAST(sslSocket, ss)->ssl3.hs.cookie, 2,
+        &data->data, &data->len);
+    if (rv != SECSuccess) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
+        return SECFailure;
+    }
+    if (!ss->ssl3.hs.cookie.len || data->len) {
+        ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+PRInt32
+tls13_ClientSendHrrCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    PRInt32 extension_len;
+
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3 ||
+        !ss->ssl3.hs.cookie.len) {
+        return 0;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send cookie extension", SSL_GETPID(), ss->fd));
+
+    /* Extension type, length, cookie length, cookie value. */
+    extension_len = 2 + 2 + 2 + ss->ssl3.hs.cookie.len;
+
+    if (maxBytes < (PRUint32)extension_len) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_cookie_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_len - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeVariable(ss, ss->ssl3.hs.cookie.data,
+                                             ss->ssl3.hs.cookie.len, 2);
+        if (rv != SECSuccess)
+            return -1;
+    }
+    return extension_len;
+}
+
+/*
+ *     enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode;
+ *
+ *     struct {
+ *         PskKeyExchangeMode ke_modes<1..255>;
+ *     } PskKeyExchangeModes;
+ */
+PRInt32
+tls13_ClientSendPskKeyExchangeModesXtn(const sslSocket *ss,
+                                       TLSExtensionData *xtnData,
+                                       PRBool append, PRUint32 maxBytes)
+{
+    static const PRUint8 ke_modes[] = { tls13_psk_dh_ke };
+    static const unsigned long ke_modes_len = sizeof(ke_modes);
+    PRInt32 extension_len;
+
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3 ||
+        ss->opt.noCache) {
+        return 0;
+    }
+
+    extension_len =
+        2 + 2 +           /* Type + length */
+        1 + ke_modes_len; /* key exchange modes vector */
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send psk key exchange modes extension",
+                SSL_GETPID(), ss->fd));
+
+    if (maxBytes < (PRUint32)extension_len) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv = ssl3_ExtAppendHandshakeNumber(
+            ss, ssl_tls13_psk_key_exchange_modes_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, extension_len - 4, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeVariable(
+            ss, ke_modes, ke_modes_len, 1);
+        if (rv != SECSuccess)
+            return -1;
+    }
+    return extension_len;
+}
+
+SECStatus
+tls13_ServerHandlePskKeyExchangeModesXtn(const sslSocket *ss,
+                                         TLSExtensionData *xtnData,
+                                         PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+
+    /* If we are doing < TLS 1.3, then ignore this. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: handle PSK key exchange modes extension",
+                SSL_GETPID(), ss->fd));
+
+    /* IMPORTANT: We aren't copying these values, just setting pointers.
+     * They will only be valid as long as the ClientHello is in memory. */
+    rv = ssl3_ExtConsumeHandshakeVariable(ss,
+                                          &xtnData->psk_ke_modes, 1,
+                                          &data->data, &data->len);
+    if (rv != SECSuccess)
+        return rv;
+    if (!xtnData->psk_ke_modes.len || data->len) {
+        PORT_SetError(SSL_ERROR_MALFORMED_PSK_KEY_EXCHANGE_MODES);
+        return SECFailure;
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}
+
+PRInt32
+tls13_SendShortHeaderXtn(const sslSocket *ss,
+                         TLSExtensionData *xtnData,
+                         PRBool append, PRUint32 maxBytes)
+{
+    PRUint32 extension_len = 2 + 2; /* Type + length (0). */
+
+    if (!ss->opt.enableShortHeaders) {
+        return 0;
+    }
+
+    /* Presently this is incompatible with 0-RTT. We will fix if
+     * it becomes more than an experiment. */
+    if (ss->opt.enable0RttData) {
+        return 0;
+    }
+
+    if (IS_DTLS(ss)) {
+        return 0;
+    }
+
+    /* Don't send this if TLS 1.3 isn't at least possible. */
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3) {
+        /* This should only happen on the client. */
+        PORT_Assert(!ss->sec.isServer);
+        return 0;
+    }
+
+    SSL_TRC(3, ("%d: TLS13[%d]: send short_header extension",
+                SSL_GETPID(), ss->fd));
+
+    if (maxBytes < extension_len) {
+        PORT_Assert(0);
+        return 0;
+    }
+
+    if (append) {
+        SECStatus rv;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, ssl_tls13_short_header_xtn, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        rv = ssl3_ExtAppendHandshakeNumber(ss, 0, 2);
+        if (rv != SECSuccess)
+            return -1;
+
+        xtnData->advertised[xtnData->numAdvertised++] =
+            ssl_tls13_short_header_xtn;
+    }
+
+    return extension_len;
+}
+
+SECStatus
+tls13_HandleShortHeaderXtn(
+    const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+    SECItem *data)
+{
+    SSL_TRC(3, ("%d: TLS13[%d]: handle short_header extension",
+                SSL_GETPID(), ss->fd));
+
+    /* The client might have asked for this, but we didn't negotiate TLS 1.3. */
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
+        return SECSuccess;
+    }
+
+    /* Presently this is incompatible with 0-RTT. We will fix if
+     * it becomes more than an experiment. */
+    if (ss->opt.enable0RttData) {
+        return SECSuccess;
+    }
+
+    if (IS_DTLS(ss)) {
+        PORT_SetError(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION);
+        return SECFailure;
+    }
+
+    if (data->len) {
+        PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
+        return SECFailure;
+    }
+
+    if (!ss->opt.enableShortHeaders) {
+        /* Ignore. */
+        return SECSuccess;
+    }
+
+    /* Keep track of negotiated extensions. */
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    if (ss->sec.isServer) {
+        SECStatus rv;
+
+        rv = ssl3_RegisterExtensionSender(ss, xtnData,
+                                          ssl_tls13_short_header_xtn,
+                                          tls13_SendShortHeaderXtn);
+        if (rv != SECSuccess) {
+            return SECFailure;
+        }
+    }
+
+    return SECSuccess;
+}
+
+// TLS-N Extension
+
+/*TLS proof clientHello extention sender*/
+PRInt32
+tls13_ClientSendTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    SECStatus rv;
+    PRInt32 extension_length;
+
+    //Is TLS Proof enable ?
+    if(!ss->opt.enableTLSProof)
+        return 0;
+
+    //Is it TLS 1.3 ? TLS Proof is only compatible with TLS 1.3
+    if (ss->vrange.max < SSL_LIBRARY_VERSION_TLS_1_3)
+        return 0;
+
+    extension_length =
+            2 /* extension type */ +
+            2 /* extension length */ +
+			2 /* salt size */ +
+			2 /* chunk size */;
+
+    //maxBytes verification
+    if (maxBytes < extension_length) {
+            PORT_Assert(0);
+            return 0;
+    }
+
+    //Add the extension in the clientHello message
+    if (append) {
+            /* extension_type */
+            rv = ssl3_ExtAppendHandshakeNumber(ss,ssl_tls13_tls_proof_xtn, 2);
+            if (rv != SECSuccess)
+                return -1;
+            /* length of extension_data */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+            if (rv != SECSuccess)
+                return -1;
+			/* salt size */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, ss->client_prop_salt_size, 2);
+            if (rv != SECSuccess)
+                return -1;
+			/* chunk size */
+            rv = ssl3_ExtAppendHandshakeNumber(ss, ss->client_prop_chunk_size, 2);
+            if (rv != SECSuccess)
+                return -1;
+
+        }
+
+    //Record the sending of the extension
+    xtnData->advertised[xtnData->numAdvertised++] = ssl_tls13_tls_proof_xtn;
+
+    return extension_length;
+}
+
+/*TLS Proof Extention handler for server*/
+SECStatus
+tls13_ServerHandleTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+	PRUint32 client_salt_size;
+	PRUint32 client_chunk_size;
+
+    //Is TLS Proof enable ?
+    if(!ss->opt.enableTLSProof)
+        return SECSuccess; //Extension ignored
+
+    //Is it TLS 1.3 ? TLS Proof is only compatible with TLS 1.3
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3)
+        return SECSuccess; //Extension ignored
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &client_salt_size, 2, &data->data, &data->len);
+    if (rv != SECSuccess)
+        return SECFailure;
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &client_chunk_size, 2, &data->data, &data->len);
+    if (rv != SECSuccess)
+        return SECFailure;
+	
+    /* This should be the end of the extension. */
+    if (data->len) {
+        return SECFailure;
+    }
+
+	// Only accept salt sizes of at least 16
+	if(client_salt_size >= 16){
+		xtnData->salt_size = (PRUint16) client_salt_size;
+	}else{
+		xtnData->salt_size = SALT_SIZE;
+	}
+	// Only accept chunk sizes of at least 8
+	if(client_chunk_size >= 8){
+		xtnData->chunk_size = (PRUint16) client_chunk_size;
+	}else{
+		xtnData->chunk_size = CHUNK_SIZE;
+	}
+
+    //Mark TLS Proof as negotiated
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+	
+
+    //Send back the extension in the ServerHello
+    rv = ssl3_RegisterExtensionSender(
+                ss, xtnData, ex_type, tls13_ServerSendTLSProofXtn);
+
+    return rv;
+}
+
+/*TLS Proof Extention handler for client*/
+SECStatus
+tls13_ClientHandleTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type, SECItem *data)
+{
+    SECStatus rv;
+	PRUint32 server_salt_size;
+	PRUint32 server_chunk_size;
+
+    if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3)
+            return SECSuccess;
+
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &server_salt_size, 2, &data->data, &data->len);
+    if (rv != SECSuccess)
+        return SECFailure;
+    rv = ssl3_ExtConsumeHandshakeNumber(ss, &server_chunk_size, 2, &data->data, &data->len);
+    if (rv != SECSuccess)
+        return SECFailure;
+
+    /* This should be the end of the extension. */
+    if (data->len) {
+        return SECFailure;
+    }
+
+	xtnData->salt_size = (PRUint16) server_salt_size;
+	xtnData->chunk_size = (PRUint16) server_chunk_size;
+	
+    xtnData->negotiated[xtnData->numNegotiated++] = ex_type;
+
+    return SECSuccess;
+}
+
+/*TLS proof serverHello extention sender*/
+PRInt32 tls13_ServerSendTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append, PRUint32 maxBytes)
+{
+    SECStatus rv;
+    PRInt32 extension_length;
+
+    extension_length =
+                2 /* extension type */ +
+                2 /* extension length */ +
+				2 /* salt size */ +
+				2 /* chunk size */;
+
+        //maxBytes verification
+        if (maxBytes < extension_length) {
+                PORT_Assert(0);
+                return 0;
+        }
+
+        //Add the extension in the servertHello message
+        if (append) {
+                /* extension_type */
+                rv = ssl3_ExtAppendHandshakeNumber(ss,ssl_tls13_tls_proof_xtn, 2);
+                if (rv != SECSuccess)
+                    return -1;
+
+                /* length of extension_data */
+                rv = ssl3_ExtAppendHandshakeNumber(ss, extension_length - 4, 2);
+                if (rv != SECSuccess)
+                    return -1;
+        			/* salt size */
+				rv = ssl3_ExtAppendHandshakeNumber(ss, xtnData->salt_size, 2);
+				if (rv != SECSuccess)
+					return -1;
+				/* chunk size */
+				rv = ssl3_ExtAppendHandshakeNumber(ss, xtnData->chunk_size, 2);
+				if (rv != SECSuccess)
+					return -1;
+
+		}
+
+    return extension_length;
+}
+
diff --git a/nss/lib/ssl/tls13exthandle.h b/nss/lib/ssl/tls13exthandle.h
new file mode 100644
index 0000000..8422be3
--- /dev/null
+++ b/nss/lib/ssl/tls13exthandle.h
@@ -0,0 +1,84 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is PRIVATE to SSL.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __tls13exthandle_h_
+#define __tls13exthandle_h_
+
+PRInt32 tls13_ServerSendStatusRequestXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                         PRBool append, PRUint32 maxBytes);
+PRInt32 tls13_ClientSendKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                    PRUint32 maxBytes);
+SECStatus tls13_ClientHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRUint16 ex_type,
+                                        SECItem *data);
+SECStatus tls13_ClientHandleKeyShareXtnHrr(const sslSocket *ss, TLSExtensionData *xtnData,
+                                           PRUint16 ex_type,
+                                           SECItem *data);
+SECStatus tls13_ServerHandleKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRUint16 ex_type,
+                                        SECItem *data);
+PRInt32 tls13_ServerSendKeyShareXtn(const sslSocket *ss,
+                                    TLSExtensionData *xtnData,
+                                    PRBool append,
+                                    PRUint32 maxBytes);
+PRInt32 tls13_ClientSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                        PRUint32 maxBytes);
+SECStatus tls13_ServerHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type,
+                                            SECItem *data);
+SECStatus tls13_ClientHandlePreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                            PRUint16 ex_type,
+                                            SECItem *data);
+PRInt32 tls13_ServerSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                        PRBool append,
+                                        PRUint32 maxBytes);
+PRInt32 tls13_ClientSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                     PRBool append,
+                                     PRUint32 maxBytes);
+SECStatus tls13_ServerHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                         SECItem *data);
+SECStatus tls13_ClientHandleEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                         SECItem *data);
+PRInt32 tls13_ServerSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                     PRBool append,
+                                     PRUint32 maxBytes);
+SECStatus tls13_ClientHandleTicketEarlyDataInfoXtn(
+    const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+    SECItem *data);
+PRInt32 tls13_ClientSendSupportedVersionsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                             PRBool append,
+                                             PRUint32 maxBytes);
+SECStatus tls13_ClientHandleHrrCookie(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                      SECItem *data);
+PRInt32 tls13_ClientSendHrrCookieXtn(const sslSocket *ss, TLSExtensionData *xtnData,
+                                     PRBool append,
+                                     PRUint32 maxBytes);
+PRInt32 tls13_ClientSendPskKeyExchangeModesXtn(const sslSocket *ss,
+                                               TLSExtensionData *xtnData,
+                                               PRBool append, PRUint32 maxBytes);
+SECStatus tls13_ServerHandlePskKeyExchangeModesXtn(const sslSocket *ss,
+                                                   TLSExtensionData *xtnData,
+                                                   PRUint16 ex_type, SECItem *data);
+PRInt32 tls13_SendShortHeaderXtn(const sslSocket *ss,
+                                 TLSExtensionData *xtnData,
+                                 PRBool append, PRUint32 maxBytes);
+SECStatus tls13_HandleShortHeaderXtn(
+    const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+    SECItem *data);
+
+// TLS-N Extension
+PRInt32 tls13_ClientSendTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                         PRUint32 maxBytes);
+SECStatus tls13_ServerHandleTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                               SECItem *data);
+SECStatus tls13_ClientHandleTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRUint16 ex_type,
+                                               SECItem *data);
+PRInt32 tls13_ServerSendTLSProofXtn(const sslSocket *ss, TLSExtensionData *xtnData, PRBool append,
+                                          PRUint32 maxBytes);
+
+#endif
diff --git a/nss/lib/ssl/tls13hkdf.c b/nss/lib/ssl/tls13hkdf.c
new file mode 100644
index 0000000..7e69bb8
--- /dev/null
+++ b/nss/lib/ssl/tls13hkdf.c
@@ -0,0 +1,270 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * TLS 1.3 Protocol
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "keyhi.h"
+#include "pk11func.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "sslt.h"
+#include "sslerr.h"
+#include "sslimpl.h"
+
+/* This table contains the mapping between TLS hash identifiers and the
+ * PKCS#11 identifiers */
+static const struct {
+    SSLHashType hash;
+    CK_MECHANISM_TYPE pkcs11Mech;
+    unsigned int hashSize;
+} kTlsHkdfInfo[] = {
+    { ssl_hash_none, 0, 0 },
+    { ssl_hash_md5, 0, 0 },
+    { ssl_hash_sha1, 0, 0 },
+    { ssl_hash_sha224, 0 },
+    { ssl_hash_sha256, CKM_NSS_HKDF_SHA256, 32 },
+    { ssl_hash_sha384, CKM_NSS_HKDF_SHA384, 48 },
+    { ssl_hash_sha512, CKM_NSS_HKDF_SHA512, 64 }
+};
+
+SECStatus
+tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2in, SSLHashType baseHash,
+                  PK11SymKey **prkp)
+{
+    CK_NSS_HKDFParams params;
+    SECItem paramsi;
+    SECStatus rv;
+    SECItem *salt;
+    PK11SymKey *prk;
+    static const PRUint8 zeroKeyBuf[HASH_LENGTH_MAX];
+    PK11SymKey *zeroKey = NULL;
+    PK11SlotInfo *slot = NULL;
+    PK11SymKey *ikm2;
+
+    params.bExtract = CK_TRUE;
+    params.bExpand = CK_FALSE;
+    params.pInfo = NULL;
+    params.ulInfoLen = 0UL;
+
+    if (ikm1) {
+        /* TODO(ekr@rtfm.com): This violates the PKCS#11 key boundary
+         * but is imposed on us by the present HKDF interface. */
+        rv = PK11_ExtractKeyValue(ikm1);
+        if (rv != SECSuccess)
+            return rv;
+
+        salt = PK11_GetKeyData(ikm1);
+        if (!salt)
+            return SECFailure;
+
+        params.pSalt = salt->data;
+        params.ulSaltLen = salt->len;
+        PORT_Assert(salt->len > 0);
+    } else {
+        /* Per documentation for CKM_NSS_HKDF_*:
+         *
+         *  If the optional salt is given, it is used; otherwise, the salt is
+         *  set to a sequence of zeros equal in length to the HMAC output.
+         */
+        params.pSalt = NULL;
+        params.ulSaltLen = 0UL;
+    }
+    paramsi.data = (unsigned char *)&params;
+    paramsi.len = sizeof(params);
+
+    PORT_Assert(kTlsHkdfInfo[baseHash].pkcs11Mech);
+    PORT_Assert(kTlsHkdfInfo[baseHash].hashSize);
+    PORT_Assert(kTlsHkdfInfo[baseHash].hash == baseHash);
+
+    /* A zero ikm2 is a key of hash-length 0s. */
+    if (!ikm2in) {
+        SECItem zeroItem = {
+            siBuffer,
+            (unsigned char *)zeroKeyBuf,
+            kTlsHkdfInfo[baseHash].hashSize
+        };
+        slot = PK11_GetInternalSlot();
+        if (!slot) {
+            return SECFailure;
+        }
+        zeroKey = PK11_ImportSymKey(slot,
+                                    kTlsHkdfInfo[baseHash].pkcs11Mech,
+                                    PK11_OriginUnwrap,
+                                    CKA_DERIVE, &zeroItem, NULL);
+        if (!zeroKey)
+            return SECFailure;
+        ikm2 = zeroKey;
+    } else {
+        ikm2 = ikm2in;
+    }
+    PORT_Assert(ikm2);
+
+    PRINT_BUF(50, (NULL, "HKDF Extract: IKM1/Salt", params.pSalt, params.ulSaltLen));
+    PRINT_KEY(50, (NULL, "HKDF Extract: IKM2", ikm2));
+
+    prk = PK11_Derive(ikm2, kTlsHkdfInfo[baseHash].pkcs11Mech,
+                      &paramsi, kTlsHkdfInfo[baseHash].pkcs11Mech,
+                      CKA_DERIVE, kTlsHkdfInfo[baseHash].hashSize);
+    if (zeroKey)
+        PK11_FreeSymKey(zeroKey);
+    if (slot)
+        PK11_FreeSlot(slot);
+    if (!prk)
+        return SECFailure;
+
+    PRINT_KEY(50, (NULL, "HKDF Extract", prk));
+    *prkp = prk;
+
+    return SECSuccess;
+}
+
+SECStatus
+tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
+                      const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
+                      const char *label, unsigned int labelLen,
+                      CK_MECHANISM_TYPE algorithm, unsigned int keySize,
+                      PK11SymKey **keyp)
+{
+    CK_NSS_HKDFParams params;
+    SECItem paramsi = { siBuffer, NULL, 0 };
+    /* Size of info array needs to be big enough to hold the maximum Prefix,
+     * Label, plus HandshakeHash. If it's ever to small, the code will abort.
+     */
+    PRUint8 info[256];
+    PRUint8 *ptr = info;
+    unsigned int infoLen;
+    PK11SymKey *derived;
+    const char *kLabelPrefix = "TLS 1.3, ";
+    const unsigned int kLabelPrefixLen = strlen(kLabelPrefix);
+
+    if (handshakeHash) {
+        if (handshakeHashLen > 255) {
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return SECFailure;
+        }
+    } else {
+        PORT_Assert(!handshakeHashLen);
+    }
+
+    /*
+     *  [draft-ietf-tls-tls13-11] Section 7.1:
+     *
+     *  HKDF-Expand-Label(Secret, Label, HashValue, Length) =
+     *       HKDF-Expand(Secret, HkdfLabel, Length)
+     *
+     *  Where HkdfLabel is specified as:
+     *
+     *  struct HkdfLabel {
+     *    uint16 length;
+     *    opaque label<9..255>;
+     *    opaque hash_value<0..255>;
+     *  };
+     *
+     *  Where:
+     *  - HkdfLabel.length is Length
+     *  - HkdfLabel.hash_value is HashValue.
+     *  - HkdfLabel.label is "TLS 1.3, " + Label
+     *
+     */
+    infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen;
+    if (infoLen > sizeof(info)) {
+        PORT_Assert(0);
+        goto abort;
+    }
+
+    ptr = ssl_EncodeUintX(keySize, 2, ptr);
+    ptr = ssl_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr);
+    PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen);
+    ptr += kLabelPrefixLen;
+    PORT_Memcpy(ptr, label, labelLen);
+    ptr += labelLen;
+    ptr = ssl_EncodeUintX(handshakeHashLen, 1, ptr);
+    if (handshakeHash) {
+        PORT_Memcpy(ptr, handshakeHash, handshakeHashLen);
+        ptr += handshakeHashLen;
+    }
+    PORT_Assert((ptr - info) == infoLen);
+
+    params.bExtract = CK_FALSE;
+    params.bExpand = CK_TRUE;
+    params.pInfo = info;
+    params.ulInfoLen = infoLen;
+    paramsi.data = (unsigned char *)&params;
+    paramsi.len = sizeof(params);
+
+    derived = PK11_DeriveWithFlags(prk, kTlsHkdfInfo[baseHash].pkcs11Mech,
+                                   &paramsi, algorithm,
+                                   CKA_DERIVE, keySize,
+                                   CKF_SIGN | CKF_VERIFY);
+    if (!derived)
+        return SECFailure;
+
+    *keyp = derived;
+
+#ifdef TRACE
+    if (ssl_trace >= 10) {
+        /* Make sure the label is null terminated. */
+        char labelStr[100];
+        PORT_Memcpy(labelStr, label, labelLen);
+        labelStr[labelLen] = 0;
+        SSL_TRC(50, ("HKDF Expand: label=[TLS 1.3, ] + '%s',requested length=%d",
+                     labelStr, keySize));
+    }
+    PRINT_KEY(50, (NULL, "PRK", prk));
+    PRINT_BUF(50, (NULL, "Hash", handshakeHash, handshakeHashLen));
+    PRINT_BUF(50, (NULL, "Info", info, infoLen));
+    PRINT_KEY(50, (NULL, "Derived key", derived));
+#endif
+
+    return SECSuccess;
+
+abort:
+    PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+    return SECFailure;
+}
+
+SECStatus
+tls13_HkdfExpandLabelRaw(PK11SymKey *prk, SSLHashType baseHash,
+                         const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
+                         const char *label, unsigned int labelLen,
+                         unsigned char *output, unsigned int outputLen)
+{
+    PK11SymKey *derived = NULL;
+    SECItem *rawkey;
+    SECStatus rv;
+
+    rv = tls13_HkdfExpandLabel(prk, baseHash, handshakeHash, handshakeHashLen,
+                               label, labelLen,
+                               kTlsHkdfInfo[baseHash].pkcs11Mech, outputLen,
+                               &derived);
+    if (rv != SECSuccess || !derived) {
+        goto abort;
+    }
+
+    rv = PK11_ExtractKeyValue(derived);
+    if (rv != SECSuccess) {
+        goto abort;
+    }
+
+    rawkey = PK11_GetKeyData(derived);
+    if (!rawkey) {
+        goto abort;
+    }
+
+    PORT_Assert(rawkey->len == outputLen);
+    memcpy(output, rawkey->data, outputLen);
+    PK11_FreeSymKey(derived);
+
+    return SECSuccess;
+
+abort:
+    if (derived) {
+        PK11_FreeSymKey(derived);
+    }
+    PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
+    return SECFailure;
+}
diff --git a/nss/lib/ssl/tls13hkdf.h b/nss/lib/ssl/tls13hkdf.h
new file mode 100644
index 0000000..78347a1
--- /dev/null
+++ b/nss/lib/ssl/tls13hkdf.h
@@ -0,0 +1,38 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is PRIVATE to SSL.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __tls13hkdf_h_
+#define __tls13hkdf_h_
+
+#include "keyhi.h"
+#include "sslt.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SECStatus tls13_HkdfExtract(
+    PK11SymKey *ikm1, PK11SymKey *ikm2, SSLHashType baseHash,
+    PK11SymKey **prkp);
+SECStatus tls13_HkdfExpandLabelRaw(
+    PK11SymKey *prk, SSLHashType baseHash,
+    const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
+    const char *label, unsigned int labelLen,
+    unsigned char *output, unsigned int outputLen);
+SECStatus tls13_HkdfExpandLabel(
+    PK11SymKey *prk, SSLHashType baseHash,
+    const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
+    const char *label, unsigned int labelLen,
+    CK_MECHANISM_TYPE algorithm, unsigned int keySize,
+    PK11SymKey **keyp);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/nss/lib/ssl/tlsproof.c b/nss/lib/ssl/tlsproof.c
new file mode 100644
index 0000000..fb9fa20
--- /dev/null
+++ b/nss/lib/ssl/tlsproof.c
@@ -0,0 +1,2418 @@
+#include "nssrenam.h"
+#include "cert.h"
+#include "keyhi.h"
+#include "pkcs11.h"
+#include "pk11func.h"
+#include "prtime.h"
+#include "seccomon.h"
+#include "secitem.h"
+#include "secmod.h"
+#include "secmodi.h"
+#include "sslerr.h"
+#include "ssl.h"
+#include "sslimpl.h"
+#include "sslproto.h"
+#include "stdarg.h"
+#include "tls13con.h"
+#include "tls13hkdf.h"
+#include "secutil.h"
+
+#include "tlsproof.h"
+
+#include <stdio.h>
+#include <math.h>
+#include <regex.h>
+
+// Enable for Performance Measuremeants, uses [Measure] tags
+//#define EV_MEASURE_COMP
+#ifdef EV_MEASURE_COMP
+//	#undef TRACE
+#endif
+
+
+char* SALT_TREE_LABEL = "TLS-NSaltTree";
+
+PRUint8 merkle_root_marker = 0;
+PRUint8 hash_chain_marker = 1;
+static SECStatus tlsproof_handleMessageRequest(sslSocket *ss, sslBuffer  *origBuf);
+static SECStatus tlsproof_handleMessageResponse(sslSocket *ss, sslBuffer *origBuf);
+
+
+static SECStatus requires_plaintext_saving(int proof_type){
+	return ((proof_type & last_message_proof) != 0) || ((proof_type & hidden_plaintext_proof) != 0)|| ((proof_type & plaintext_proof) != 0);
+}
+
+PK11SymKey* create_sym_key_for_salt(RecordProofInfo* rpi, PRUint8* keydata){
+	PK11SlotInfo* slot = PK11_GetInternalKeySlot();
+	SECItem keyItem;
+	keyItem.data = keydata; 
+	keyItem.len = rpi->salt_size; 
+
+	/* turn the SECItem into a key object */
+	PK11SymKey* sym_key = PK11_ImportSymKey(slot, CKM_AES_KEY_GEN, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, NULL);
+
+	return sym_key;
+}
+
+
+// TODO: Non-linear search  
+// TODO: Change signature
+static PRBool is_hidden_chunk(PRUint16* hidden_chunk_ids, PRUint16 num_hidden_chunks, PRUint16 chunk_id){
+    int i;
+    for(i = 0; i < num_hidden_chunks; ++i){
+        if(hidden_chunk_ids[i] == chunk_id){
+            return PR_TRUE;
+        }
+    }
+    return PR_FALSE;
+}
+
+static PRUint16 get_chunk_length2(RecordProofInfo* rpi, PRUint16 chunk_index){
+	if (chunk_index + 1 < rpi->num_chunks){
+		return rpi->chunk_size;
+	} else {			
+		return rpi->record_length - rpi->chunk_size * chunk_index;
+	}
+}
+
+static PRUint16 get_chunk_length(RecordProofInfo* rpi){
+	return get_chunk_length2(rpi, rpi->chunk_index);
+}
+
+
+static SECStatus allocate_salts(RecordProofInfo* rpi){
+	int i;
+	rpi->salts = (PRUint8**) PORT_Alloc(sizeof(PRUint8*) * rpi->num_chunks);
+	if(rpi->salts == NULL){
+#ifdef TRACE
+		SSL_TRC(10, ("Error! Couldn't allocate memory!"));
+#endif
+		return SECFailure;
+	}
+	// Allocate salts
+	rpi->salts[0] = (PRUint8*) PORT_Alloc(rpi->salt_size * rpi->num_chunks);
+	if(rpi->salts[0] == NULL){
+#ifdef TRACE
+		SSL_TRC(10, ("Error! Couldn't allocate memory!"));
+#endif
+		return SECFailure;
+	}
+	for(i = 1; i < rpi->num_chunks; ++i){
+		rpi->salts[i] = rpi->salts[i-1] + rpi->salt_size;
+	}
+	return SECSuccess;
+}
+
+// TODO: Unify
+static PRUint8** allocate_string_array(PRUint16 salt_size, PRUint16 num_chunks){
+	int i;
+	PRUint8** salts = (PRUint8**) PORT_Alloc(sizeof(PRUint8*) * num_chunks);
+	salts[0] = (PRUint8*) PORT_Alloc(salt_size * num_chunks);
+	if(salts[0] == NULL){
+#ifdef TRACE
+		SSL_TRC(10, ("Error! Couldn't allocate memory!"));
+#endif
+		return NULL;
+	}
+	for(i = 1; i < num_chunks; ++i){
+		salts[i] = salts[i-1] + salt_size;
+	}
+	return salts;
+}
+
+static PRUint16 num_skipped_leaves(RecordProofInfo* rpi, int level, PRUint16 chunk_index){
+	if(level == rpi->tree_levels){
+		return 1;
+	}
+	if(level == 0){
+		return rpi->num_chunks;
+	}
+	// Compute the maximal number of children
+	PRUint16 max_leaves = 1 << ( rpi->tree_levels - level);
+	if(max_leaves + chunk_index > rpi->num_chunks){
+		// All the remaining
+		PORT_Assert(rpi->num_chunks - chunk_index < rpi->num_chunks);
+		return rpi->num_chunks - chunk_index;
+	}else{
+		// Maximum possible
+		PORT_Assert(max_leaves < rpi->num_chunks);
+		return max_leaves;
+	}
+	
+}
+
+
+static SECStatus free_rpi(RecordProofInfo* rpi){
+	// Hack to get around the const
+	PRUint8* tmp;
+	
+	if(rpi->salts != NULL){
+		PORT_Free(rpi->salts[0]);
+		PORT_Free(rpi->salts);
+		rpi->salts = NULL;
+	}
+	if(rpi->num_hashes > 0){
+		PORT_Free(rpi->hash_locs);
+		rpi->hash_locs = NULL;
+		if(!rpi->initialized_from_proof){
+			PORT_Free(rpi->proof_merkle_hashes[0]);
+		}
+		PORT_Free(rpi->proof_merkle_hashes);
+		rpi->proof_merkle_hashes = NULL;
+		rpi->num_hashes = 0;
+	}
+	if(rpi->num_salts > 0){
+		PORT_Free(rpi->salt_locs);
+		rpi->salt_locs = NULL;
+		rpi->num_salts = 0;
+	}
+	if(rpi->num_hidden_chunks > 0){
+		PORT_Free(rpi->hidden_chunk_ids);
+		rpi->hidden_chunk_ids = NULL;
+		rpi->num_hidden_chunks = 0;
+		// Inflated the record -> free it
+		if(rpi->initialized_from_proof){
+			PORT_Memcpy(&tmp, &(rpi->record), sizeof(PRUint8*));
+			PORT_Free(tmp);
+		}
+	}
+	if(rpi->ctx != NULL){
+		PK11_DestroyContext(rpi->ctx, PR_TRUE);
+	}
+
+	if(rpi->hmac != NULL){
+		HMAC_Destroy(rpi->hmac, PR_FALSE);
+		PORT_Free(rpi->hmac);
+		rpi->hmac = NULL;
+	}
+
+	if(rpi->hmac_info != NULL){
+		PORT_Free(rpi->hmac_info);
+	}
+
+	PORT_Free(rpi);
+	rpi = NULL;
+	return SECSuccess;
+}
+
+// Inflate the record by putting 'X' where content was censored
+static SECStatus inflate_record(RecordProofInfo* rpi, PRUint8* compressed_record){
+	int i;
+	int j;
+	PRUint16 num_normal_records = 0;
+	PRUint16 chunk_length;
+	PRUint16 offset = 0;
+
+	PRUint8 *record = (PRUint8*) PORT_Alloc(rpi->record_length);
+	for(i = 0; i < rpi->num_chunks; ++i){
+		chunk_length = get_chunk_length2(rpi, i);
+		if(is_hidden_chunk(rpi->hidden_chunk_ids, rpi->num_hidden_chunks, i)){
+			for(j = 0; j < chunk_length; ++j){
+				// Put this for hidden chunks
+				record[offset] = 'X';
+				offset++;
+			}
+		}else{
+			// Copy normal records
+			PORT_Memcpy(record + offset, compressed_record + (num_normal_records * rpi->chunk_size), chunk_length);
+			offset += chunk_length;
+			num_normal_records++;
+		}	
+	}
+	PORT_Assert(offset == rpi->record_length);
+	rpi->record = record;
+	return SECSuccess;
+}
+
+// Recompute the hidden chunks from the proof contents
+static SECStatus compute_hidden_chunks_from_proof(RecordProofInfo* rpi){
+	int i;
+	int j;
+	PRUint16 hidden_chunk_ids[rpi->num_chunks];
+	PRUint16 num_skipped;
+	rpi->num_hidden_chunks = 0;
+	for(i = 0; i < rpi->num_hashes; ++i){	
+		num_skipped = num_skipped_leaves(rpi, rpi->hash_locs[i].tree_level, rpi->hash_locs[i].chunk_index);
+		for(j = 0; j < num_skipped; ++j){
+			// Save all the skipped leaves as hidden
+			hidden_chunk_ids[rpi->num_hidden_chunks] = rpi->hash_locs[i].chunk_index + j;
+			rpi->num_hidden_chunks++;
+		}
+	}
+	if(rpi->num_hidden_chunks == 0){
+		rpi->hidden_chunk_ids = NULL;
+	}else{
+		rpi->hidden_chunk_ids = (PRUint16*) PORT_Alloc(rpi->num_hidden_chunks * sizeof(PRUint16));
+		if(rpi->hidden_chunk_ids == NULL) return SECFailure;
+		PORT_Memcpy(rpi->hidden_chunk_ids, hidden_chunk_ids, rpi->num_hidden_chunks * sizeof(PRUint16));
+#ifdef TRACE
+		SSL_TRC(25, ("Recomputed Hidden Chunk IDs:"));
+		// TODO: Make nicer
+		for(i = 0; i < rpi->num_hidden_chunks; ++i){
+			SSL_TRC(25, ("%u", rpi->hidden_chunk_ids[i]));
+		}
+#endif
+	}
+	return SECSuccess;
+}
+
+// Compute the compressed record length
+static PRUint16 compute_compressed_record_padding(RecordProofInfo* rpi){
+	int j;
+	PRBool last_censored = PR_FALSE;
+	PRUint16 compressed_record_padding = 0;
+
+	// Subtract the size for censored chunks
+	for(j = 0; j < rpi->num_hidden_chunks; ++j){
+		last_censored = (rpi->hidden_chunk_ids[j] == rpi->num_chunks - 1) | last_censored;
+	}
+	// Last chunk is a special case. If not censored, and necessary, pad it
+	if(!last_censored && get_chunk_length2(rpi, rpi->num_chunks - 1) != rpi->chunk_size){
+		compressed_record_padding = rpi->chunk_size - get_chunk_length2(rpi, rpi->num_chunks - 1);
+	}
+	
+	return compressed_record_padding; 
+}
+
+
+// Compute the compressed record length
+static PRUint16 compute_compressed_record_length(RecordProofInfo* rpi){
+	int j;
+	PRUint16 compressed_record_length = rpi->record_length;
+
+	// Subtract the size for censored chunks
+	for(j = 0; j < rpi->num_hidden_chunks; ++j){
+		compressed_record_length -= get_chunk_length2(rpi, rpi->hidden_chunk_ids[j]);
+	}
+	// Add Padding if necessary
+	compressed_record_length += compute_compressed_record_padding(rpi);
+	
+	return compressed_record_length; 
+}
+
+
+static void init_hmac_context(RecordProofInfo* rpi){
+    const char *kLabelPrefix = "TLS 1.3, ";
+    const unsigned int kLabelPrefixLen = strlen(kLabelPrefix);
+	PRUint8* ptr;
+
+	rpi->hmac = NULL;
+	rpi->hmac_info_len = 2 + 1 + kLabelPrefixLen + strlen(SALT_TREE_LABEL) + 1;
+	rpi->hmac_info = (PRUint8*) PORT_Alloc(rpi->hmac_info_len);
+	ptr =  rpi->hmac_info;
+	ptr = ssl_EncodeUintX(rpi->salt_size, 2, ptr);
+	ptr = ssl_EncodeUintX(kLabelPrefixLen + strlen(SALT_TREE_LABEL), 1, ptr);
+    PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen);
+    ptr += kLabelPrefixLen;
+    PORT_Memcpy(ptr, SALT_TREE_LABEL, strlen(SALT_TREE_LABEL));
+    ptr += strlen(SALT_TREE_LABEL);
+    ptr = ssl_EncodeUintX(0, 1, ptr);
+    PORT_Assert((ptr - rpi->hmac_info) == rpi->hmac_info_len);
+}
+
+// Initialize the record information from information in the proof
+static RecordProofInfo* init_proof_info_from_plaintext_proof(ProofPar* proofPar, PlaintextProofNode* proofNode, PRUint8* compressed_record, ProofMerkleNode* hash_locs, PRUint8** proof_merkle_hashes, ProofSalt* salt_locs){
+	RecordProofInfo rpival = { .salt_size = proofPar->salt_size, .hash_size = proofPar->hash_size, .chunk_size = proofPar->chunk_size, .hash_type = proofPar->hash_type, .num_chunks = (PRUint32) ceil((double)proofNode->len_record/proofPar->chunk_size), .tree_levels = (PRUint32) ceil(log(rpival.num_chunks)/log(2)), .gen_orig = proofNode->gen_orig, .hkdf_mechanism = tls13_GetHkdfMechanismForHash(rpival.hash_type)};
+	rpival.record_length = proofNode->len_record;
+	rpival.salt_index = 0;
+	rpival.chunk_index = 0;
+	rpival.num_hashes = 0;	
+	rpival.hash_locs = hash_locs;
+	rpival.proof_merkle_hashes = proof_merkle_hashes;
+	rpival.salt_locs = salt_locs;
+	rpival.num_salts = 0;
+	rpival.initialized_from_proof = PR_TRUE;
+	rpival.ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(rpival.hash_type));
+
+	// Copy, do this to allow const values
+	RecordProofInfo* rpi = (RecordProofInfo*) PORT_Alloc(sizeof(RecordProofInfo));
+	PORT_Memcpy(rpi, &rpival, sizeof(rpival));
+	if(allocate_salts(rpi) != SECSuccess) return NULL;
+	rpi->hidden_chunk_ids = NULL;
+	rpi->num_hidden_chunks = 0;
+	rpi->record = compressed_record;
+	init_hmac_context(rpi);
+	return rpi;
+}
+
+// Initialize the record information from information in the proof
+static RecordProofInfo* init_proof_info_from_proof(ProofPar* proofPar, HiddenPlaintextProofNode* proofNode, PRUint8* compressed_record, ProofMerkleNode* hash_locs, PRUint8** proof_merkle_hashes, ProofSalt* salt_locs){
+	RecordProofInfo rpival = { .salt_size = proofPar->salt_size, .hash_size = proofPar->hash_size, .chunk_size = proofPar->chunk_size, .hash_type = proofPar->hash_type, .num_chunks = (PRUint32) ceil((double)proofNode->len_record/proofPar->chunk_size), .tree_levels = (PRUint32) ceil(log(rpival.num_chunks)/log(2)), .gen_orig = proofNode->gen_orig, .hkdf_mechanism = tls13_GetHkdfMechanismForHash(rpival.hash_type)};
+	rpival.record_length = proofNode->len_record;
+	rpival.salt_index = 0;
+	rpival.chunk_index = 0;
+	rpival.num_hashes = proofNode->num_hashes;	
+	rpival.hash_locs = hash_locs;
+	rpival.proof_merkle_hashes = proof_merkle_hashes;
+	rpival.salt_locs = salt_locs;
+	rpival.num_salts = proofNode->num_salts;
+	rpival.initialized_from_proof = PR_TRUE;
+	rpival.ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(rpival.hash_type));
+
+	// Copy, do this to allow const values
+	RecordProofInfo* rpi = (RecordProofInfo*) PORT_Alloc(sizeof(RecordProofInfo));
+	PORT_Memcpy(rpi, &rpival, sizeof(rpival));
+	if(allocate_salts(rpi) != SECSuccess) return NULL;
+	if(rpi->num_hashes > 0){
+		if(compute_hidden_chunks_from_proof(rpi) != SECSuccess) return NULL;
+	}else{
+		rpi->hidden_chunk_ids = NULL;
+		rpi->num_hidden_chunks = 0;
+		rpi->record = compressed_record;
+	}
+	init_hmac_context(rpi);
+	return rpi;
+}
+
+// Initialize the record information 
+static RecordProofInfo* init_proof_info(sslSocket *ss, const PRUint8* record, PRUint16 record_length, PRBool received){
+	RecordProofInfo rpival = { .hash_size = tls13_GetHashSize(ss), .salt_size = ss->xtnData.salt_size, .chunk_size = ss->xtnData.chunk_size, .hash_type = tls13_GetHash(ss), .num_chunks = (PRUint32) ceil((double)record_length/rpival.chunk_size), .tree_levels = (PRUint32) ceil(log(rpival.num_chunks)/log(2)), .gen_orig = received ^ ss->sec.isServer, .hkdf_mechanism = tls13_GetHkdfMechanismForHash(rpival.hash_type)};
+	rpival.record = record;
+	rpival.record_length = record_length;
+	rpival.salt_index = 0;
+	rpival.chunk_index = 0;
+	rpival.num_hashes = 0;	
+	rpival.hash_locs = NULL;
+	rpival.proof_merkle_hashes = NULL;
+	rpival.hidden_chunk_ids = NULL;
+	rpival.num_hidden_chunks = 0;
+	rpival.salt_locs = NULL;
+	rpival.num_salts = 0;
+	rpival.initialized_from_proof = PR_FALSE;
+	rpival.ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(rpival.hash_type));
+
+#ifdef TRACE
+	SSL_TRC(50, ("[TLS-N] Num_chunks: %i\n", rpival.num_chunks));
+#endif
+
+	// Copy, do this to allow const values
+	RecordProofInfo* rpi = (RecordProofInfo*) PORT_Alloc(sizeof(RecordProofInfo));
+	PORT_Memcpy(rpi, &rpival, sizeof(rpival));
+	if(allocate_salts(rpi) != SECSuccess) return NULL;
+	init_hmac_context(rpi);
+	return rpi;
+}
+	
+
+
+static
+SECStatus find_sensitive_chunks(RecordProofInfo *rpi){
+
+    char *reg_str[] = {
+        "[&\\?]passwd=([^&[:space:]]*)[&[:space:]]",
+        "[&\\?]pass=([^&[:space:]]*)[&[:space:]]",
+        "[&\\?]access_token=([^&[:space:]]*)[&[:space:]]",
+        "Cookie:(.*)\n",
+        "Authorization:(.*)\n",
+        NULL
+    };
+
+	regex_t regex;
+	PRInt16 reti;
+	PRUint16 offset = 0;
+	PRUint16* hidden_chunk_ids = NULL;
+	// Number of hidden chunks
+    PRUint16 num_hidden = 0;
+    PRUint16 startchunk;
+    PRUint16 stopchunk;
+    int i;
+	int reg_ex_id = 0;
+
+    while(reg_str[reg_ex_id] != NULL) {
+		// TODO: Compile this once
+		// Compile regular expression 
+        reti = regcomp(&regex, reg_str[reg_ex_id], REG_EXTENDED);
+
+		if (reti) {
+#ifdef TRACE
+			ssl_Trace("[TLS-N] Error: Could not compile regex\n");
+#endif
+			exit(1);
+		}
+        size_t ngroups = regex.re_nsub + 1;
+        regmatch_t *groups = (regmatch_t *) PORT_Alloc(ngroups * sizeof(regmatch_t));
+        
+        regmatch_t pmatch;
+        offset = 0; 
+
+		// Search for sensitive chunks
+        while(offset < rpi->record_length){
+            reti = regexec(&regex, (char*) rpi->record+offset, ngroups, groups, 0);
+            if (!reti) {
+				size_t g_idx;
+                for (g_idx = 1; g_idx < ngroups; g_idx++){
+                    pmatch = groups[g_idx];
+
+                    startchunk = (offset+pmatch.rm_so)/rpi->chunk_size;
+                    stopchunk = (offset+pmatch.rm_eo)/rpi->chunk_size;
+
+					// Mark the hidden chunks
+					for(i = startchunk; i <= stopchunk; ++i){
+						// If already hidden
+						if(!is_hidden_chunk(hidden_chunk_ids, num_hidden, i)){
+							hidden_chunk_ids = (PRUint16*) PORT_Realloc(hidden_chunk_ids, (num_hidden + 1)* sizeof(PRUint16));
+							// TODO: Sort we can do a fast lookup
+							hidden_chunk_ids[num_hidden] = i;
+							num_hidden++;
+						}
+					}
+					// Adjust the offset so that we continue searching in the next chunk 
+					offset += pmatch.rm_eo;
+				}
+			} else if(reti == REG_NOMATCH){
+				break;
+			} else {
+	#ifdef TRACE
+				char msgbuf[128];
+				regerror(reti, &regex, msgbuf, sizeof(msgbuf));
+				ssl_Trace("Regex match failed: %s\n", msgbuf);
+	#endif
+				return SECFailure;
+			}
+		}
+		// Free memory allocated by regcomp
+	    regfree(&regex);
+		reg_ex_id++;
+		PORT_Free(groups);
+
+	}
+
+    rpi->hidden_chunk_ids = hidden_chunk_ids;
+    rpi->num_hidden_chunks = num_hidden;
+    return SECSuccess;
+}
+
+
+
+
+
+static PRUint16
+ceil_div8(PRUint16 num){
+	PRUint16 res = num >> 3;
+	if ((num & 7) != 0){
+		res++;
+	}
+	return res;
+}
+
+/*
+static SECStatus
+tlsproof_hash_begin(sslSocket *ss, PK11Context ** out_ctx)
+{
+    PK11Context *ctx = NULL;
+
+	ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(tls13_GetHash(ss)));
+	if (!ctx) {
+		ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+		return SECFailure;
+	}
+
+	if (PK11_DigestBegin(ctx) != SECSuccess) {
+		ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+		PK11_DestroyContext(ctx, PR_TRUE);
+	    return SECFailure;
+	}
+	*out_ctx = ctx;
+    return SECSuccess;
+}*/
+
+static SECStatus
+tlsproof_hash_begin2(PK11Context * ctx)
+{
+
+	if (PK11_DigestBegin(ctx) != SECSuccess) {
+		ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+		PK11_DestroyContext(ctx, PR_TRUE);
+	    return SECFailure;
+	}
+    return SECSuccess;
+}
+
+static SECStatus 
+tlsproof_hash_zeroes(PK11Context *ctx, const PRUint32 inbuf_len){
+	// No more padding
+	return SECSuccess;
+	PRUint8 buf[inbuf_len];
+	bzero(buf, inbuf_len);
+
+	if (PK11_DigestOp(ctx,
+					  buf,
+					  inbuf_len) != SECSuccess) {
+		ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+		PK11_DestroyContext(ctx, PR_TRUE);
+		return SECFailure;
+	}
+    return SECSuccess;
+}
+
+static SECStatus 
+tlsproof_hash_op(PK11Context *ctx, const void* inbuf, const PRUint32 inbuf_len){
+	if (PK11_DigestOp(ctx,
+					  inbuf,
+					  inbuf_len) != SECSuccess) {
+		ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE);
+		PK11_DestroyContext(ctx, PR_TRUE);
+	    return SECFailure;
+	}
+    return SECSuccess;
+}
+
+
+
+// Hash in Network-Byte order
+static SECStatus 
+tlsproof_hash_op_nbo(PK11Context *ctx, const void* inbuf, const PRUint32 inbuf_len){
+// TODO decide whether to do this or not
+	return tlsproof_hash_op(ctx, inbuf, inbuf_len);
+
+	PRUint16 tmp2;
+	PRUint32 tmp4;
+	if(inbuf_len == 2){
+		tmp2 = htobe16(* (PRUint16*)inbuf);
+		return tlsproof_hash_op(ctx, &tmp2, inbuf_len);
+	}else if(inbuf_len == 4){
+		tmp4 = htobe32(* (PRUint32*)inbuf);
+		return tlsproof_hash_op(ctx, &tmp4, inbuf_len);
+	}else{
+		PORT_Assert(0);
+		return SECFailure;
+	}
+}
+
+
+/*
+static SECStatus
+tlsproof_hash_finish(sslSocket *ss, PK11Context *ctx, PRUint8* outbuf, unsigned int outbuf_len){
+    unsigned int len;
+    SECStatus rv;
+
+    rv = PK11_DigestFinal(ctx, outbuf, &len, outbuf_len);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+	    PK11_DestroyContext(ctx, PR_TRUE);
+	    return SECFailure;
+    }
+    PORT_Assert(len == tls13_GetHashSize(ss));
+    PK11_DestroyContext(ctx, PR_TRUE);
+
+    return SECSuccess;
+}*/
+
+static SECStatus
+tlsproof_hash_finish2(PK11Context *ctx, PRUint8* outbuf, unsigned int outbuf_len){
+    unsigned int len;
+    SECStatus rv;
+
+    rv = PK11_DigestFinal(ctx, outbuf, &len, outbuf_len);
+    if (rv != SECSuccess) {
+        ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE);
+	    PK11_DestroyContext(ctx, PR_TRUE);
+	    return SECFailure;
+    }
+    return SECSuccess;
+}
+
+/*When a message of content type tlsproof message is received it is tranfered to this
+ *function. It will look at the sub-type and transfert it to the correct function*/
+SECStatus
+tlsproof_HandleMessage(sslSocket *ss, sslBuffer *origBuf)
+{
+	SECStatus rv;
+
+	TLSProofMessageType proofMessageType;
+	PRInt32 length;
+
+	if(!ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn))
+		return SECFailure;
+
+	length = origBuf->len;
+
+	if(length <= 0) return SECFailure;
+
+	//Get the sub-content type
+	proofMessageType = origBuf->buf[0];
+
+	//Call the corresponding function
+	switch(proofMessageType){
+	case tlsproof_message_type_request:
+
+		rv = tlsproof_handleMessageRequest(ss,origBuf);
+		if(rv != SECSuccess) return SECFailure;
+
+		break;
+	case tlsproof_message_type_response:
+
+		rv = tlsproof_handleMessageResponse(ss, origBuf);
+		if(rv != SECSuccess) return SECFailure;
+
+		break;
+	default:
+
+		return SECFailure;
+		break;
+
+	}
+	return SECSuccess;
+}
+
+/*Set *val to TRUE if the negotiation was succsessfull or set *val to FALSE if
+ * the negotiation failed*/
+SECStatus SSL_TLSProofIsNegociated(PRFileDesc *fd, PRBool *val)
+{
+	*val = PR_FALSE;
+	sslSocket *ss = ssl_FindSocket(fd);
+
+	if (!ss) {
+	        SSL_DBG(("%d: SSL[%d]: bad socket in SSL_TLSProofIsNegociated",
+	                 SSL_GETPID(), fd));
+	        return SECFailure;
+	}
+
+	if(ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn))
+		*val = PR_TRUE;
+
+	return SECSuccess;
+}
+
+/*Call by a client to send the proof request*/
+SECStatus SSL_TLSProofRequestProof(PRFileDesc *fd)
+{
+
+	SECStatus rv = SECFailure;
+	sslSocket *ss = ssl_FindSocket(fd);
+	PRInt32 sent = -1;
+	PRInt32 rqLength = TLS_PROOF_MESSAGE_TYPE_SIZE;
+	TLSProofMessageType request = tlsproof_message_type_request;
+
+	//Hold lock to send messages
+	ssl_GetSSL3HandshakeLock(ss);
+	ssl_GetXmitBufLock(ss);
+
+	if(!ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn))
+		return SECFailure;
+
+	//Send the proof request
+	sent = ssl3_SendRecord(ss, NULL, content_tls_proof_message, (PRUint8 *) &request, rqLength, 0);
+
+	if(sent > 0) rv = SECSuccess;
+
+	SSL_TRC(15, ("Proof request sent."));
+
+	ssl_ReleaseXmitBufLock(ss);
+	ssl_ReleaseSSL3HandshakeLock(ss);
+
+	return rv;
+}
+
+
+// TODO: const and int
+static PRInt32	salt_is_in_proof(ProofSalt* salt_locs, PRUint16 num_proof_salts, int level, PRUint16 salt_index){
+    int i;
+    for(i = 0; i < num_proof_salts; ++i){
+        if(salt_locs[i].tree_level == level && salt_locs[i].salt_index == salt_index){
+            return i;
+        }
+    }
+    return -1;	
+}
+
+
+SECStatus my_hkdf_expand(RecordProofInfo* rpi, PRUint8* outbuf, PRUint8* inbuf){
+                /* T(1) = HMAC-Hash(prk, "" | info | 0x01)
+                 * T(n) = HMAC-Hash(prk, T(n-1) | info | n
+                 * key material = T(1) | ... | T(n)
+                 */
+                CK_BYTE i;
+                unsigned iterations = PR_ROUNDUP(2 * rpi->salt_size, rpi->hash_size) / rpi->hash_size;
+				if(rpi->hmac == NULL){
+	                rpi->hmac = HMAC_Create(HASH_GetHashObject(rpi->hash_type), inbuf, rpi->salt_size, 0);
+				}else{
+					HMAC_Init(rpi->hmac, HASH_GetHashObject(rpi->hash_type), inbuf, rpi->salt_size, 0);
+				}
+                for (i = 1; i <= iterations; ++i) {
+                    unsigned len;
+                    HMAC_Begin(rpi->hmac);
+                    if (i > 1) {
+                        HMAC_Update(rpi->hmac, outbuf + ((i - 2) * rpi->hash_size), rpi->hash_size);
+                    }
+                    HMAC_Update(rpi->hmac, rpi->hmac_info, rpi->hmac_info_len);
+                    HMAC_Update(rpi->hmac, &i, 1);
+                    HMAC_Finish(rpi->hmac, outbuf + ((i - 1) * rpi->hash_size), &len, rpi->hash_size);
+                    PORT_Assert(len == rpi->hash_size);
+                }
+	return SECSuccess;
+}
+
+
+//SECStatus compute_salt_tree2(RecordProofInfo* rpi, const int level, PK11SymKey* int_salt_secret){
+SECStatus compute_salt_tree2(RecordProofInfo* rpi, const int level, PRUint8* int_salt_secret){
+	PRUint8 new_salt[2 * rpi->salt_size];
+//	PK11SymKey* left;
+//	PK11SymKey* right;
+	PRUint8* left;
+	PRUint8* right;
+
+	if(rpi->salt_index >= rpi->num_chunks){
+		return SECSuccess;
+	}
+
+	// Special case: single chunk
+	if(rpi->num_chunks == 1){
+		PORT_Memcpy(rpi->salts[rpi->salt_index], int_salt_secret, rpi->salt_size);
+		rpi->salt_index += 1;
+		return SECSuccess;
+	}
+
+
+	my_hkdf_expand(rpi, new_salt, int_salt_secret);
+
+//	if(tls13_HkdfExpandLabelRaw(int_salt_secret, rpi->hash_type, NULL, 0, rpi->salt_tree_label, rpi->salt_tree_label_len, new_salt, 2 * rpi->salt_size) != SECSuccess) return SECFailure;
+//	if(tlsproof_hash_begin2(rpi->ctx) != SECSuccess) return SECFailure;
+//	if(tlsproof_hash_op(rpi->ctx, int_salt_secret, rpi->salt_size) != SECSuccess) return SECFailure;
+//	if(tlsproof_hash_finish2(rpi->ctx, new_salt, sizeof(new_salt)) != SECSuccess) return SECFailure;
+	
+	// Split into left and right
+//	left = create_sym_key_for_salt(rpi, new_salt);
+//	right = create_sym_key_for_salt(rpi, new_salt + rpi->salt_size); 
+	left = new_salt;
+	right = new_salt + rpi->salt_size;
+
+	// Leaf Detection: A leaf is on the last level or is within the last two indices
+
+	// Left side
+
+	// Check if leaf
+	if(level == rpi->tree_levels - 1){
+		// Save salt values if bottom is reached
+		PORT_Memcpy(rpi->salts[rpi->salt_index], left, rpi->salt_size);
+		rpi->salt_index += 1;
+	} else {
+		// Go to lower level
+		if(compute_salt_tree2(rpi, level+1, left) != SECSuccess) return SECFailure;
+	}
+
+	if(rpi->salt_index >= rpi->num_chunks){
+		return SECSuccess;
+	}
+
+	// Right side
+
+	// Check if leaf
+	if(level == rpi->tree_levels - 1){
+		PORT_Assert(rpi->salt_index < rpi->num_chunks);
+		PORT_Memcpy(rpi->salts[rpi->salt_index], right, rpi->salt_size);
+		rpi->salt_index += 1;
+	} else {
+		if(compute_salt_tree2(rpi, level+1, right) != SECSuccess) return SECFailure;
+	}
+//	PK11_FreeSymKey(left);
+//	PK11_FreeSymKey(right);
+	return SECSuccess;
+}
+
+// int_salt_secret has salt_size
+// salt_index is the next free index
+SECStatus compute_salt_tree(RecordProofInfo* rpi, PRUint8* int_salt_secret){
+	rpi->salt_index = 0;
+//	PK11SymKey* int_salt_key = create_sym_key_for_salt(rpi, int_salt_secret);
+//	SECStatus rv = compute_salt_tree2(rpi, 0, int_salt_key);
+	SECStatus rv = compute_salt_tree2(rpi, 0, int_salt_secret);
+	PORT_Assert(rpi->num_chunks == rpi->salt_index);
+//	PK11_FreeSymKey(int_salt_key);
+	return rv;
+}
+
+SECStatus compute_salts_from_proof_salts2(RecordProofInfo* rpi, const int level, PRUint8** proof_salts){
+
+	PRInt32 in_proof_index;
+
+	if(rpi->salt_index >= rpi->num_chunks){
+		return SECSuccess;
+	}
+
+	// Special case: single chunk
+	if(rpi->num_chunks == 1){
+		// Handle this differently
+		PORT_Assert(PR_FALSE);
+	}
+
+	// If this part is in the proof
+	in_proof_index = salt_is_in_proof(rpi->salt_locs, rpi->num_salts, level, rpi->salt_index);
+	if(in_proof_index != -1){
+		// Just copy it, if it is a final salt
+		if(level == rpi->tree_levels){
+			PORT_Memcpy(rpi->salts[rpi->salt_index], proof_salts[in_proof_index], rpi->salt_size);
+			rpi->salt_index += 1;
+			return SECSuccess;
+		} else {
+			// Take it from the proof and run the normal subtree execution
+			return compute_salt_tree2(rpi, level, proof_salts[in_proof_index]);
+		}
+	}
+
+	// Useless leaf
+    if(level == rpi->tree_levels){
+		rpi->salt_index += 1;
+		return SECSuccess;
+	}
+
+	// Traverse down
+	if(compute_salts_from_proof_salts2(rpi, level+1, proof_salts) != SECSuccess) return SECFailure;
+	if(rpi->salt_index >= rpi->num_chunks){
+		return SECSuccess;
+	}
+	if(compute_salts_from_proof_salts2(rpi, level+1, proof_salts) != SECSuccess) return SECFailure;
+
+
+	return SECSuccess;
+}
+
+SECStatus compute_salts_from_proof_salts(RecordProofInfo* rpi, PRUint8** proof_salts){
+	rpi->salt_index = 0;
+	return compute_salts_from_proof_salts2(rpi, 0, proof_salts);
+}
+
+SECStatus compute_proof_salts2(RecordProofInfo* rpi, const int level, PRUint8* int_salt_secret, PRBool* nonsensitive_subtree, ProofSalt* nonsense_loc, PRUint8* hash_for_nonsense){
+	PRUint8 new_salt[rpi->hash_size];
+	PRUint8* left;
+	PRUint8* right;
+	PRBool left_nonsensitive;
+	PRBool right_nonsensitive;
+	ProofSalt left_loc;
+	ProofSalt right_loc;
+	PRUint8 left_hash_for_nonsense[rpi->hash_size];
+	PRUint8 right_hash_for_nonsense[rpi->hash_size];
+	PRUint16 orig_salt_index = rpi->salt_index;
+
+	if(rpi->salt_index >= rpi->num_chunks){
+		return SECSuccess;
+	}
+
+	// Special case: single chunk
+	if(rpi->num_chunks == 1){
+		// These cases should be handled separately
+		PORT_Assert(PR_FALSE);
+	}
+
+	my_hkdf_expand(rpi, new_salt, int_salt_secret);
+
+    // Split into left and right
+	left = new_salt;
+	right = new_salt + rpi->salt_size; 
+
+	// Leaf Detection: A leaf is on the last level or is within the last two indices
+
+
+	// Check if lowest level
+	if(level == rpi->tree_levels - 1){
+		left_nonsensitive = ! is_hidden_chunk(rpi->hidden_chunk_ids, rpi->num_hidden_chunks, rpi->salt_index);
+		right_nonsensitive = (rpi->salt_index+1 < rpi->num_chunks) && !is_hidden_chunk(rpi->hidden_chunk_ids, rpi->num_hidden_chunks, rpi->salt_index+1);
+
+		// If both are not hidden, push it up
+		if(left_nonsensitive && right_nonsensitive){
+			*nonsensitive_subtree = PR_TRUE;
+			nonsense_loc->tree_level = level;
+			nonsense_loc->salt_index = rpi->salt_index;
+			PORT_Memcpy(hash_for_nonsense, int_salt_secret, rpi->hash_size);
+			rpi->salt_index += 2;
+			return SECSuccess;
+		}
+		*nonsensitive_subtree = PR_FALSE;
+		if(left_nonsensitive){
+			rpi->salt_locs[rpi->num_salts].tree_level = level + 1;
+			rpi->salt_locs[rpi->num_salts].salt_index = rpi->salt_index;
+			PORT_Memcpy(rpi->salts[rpi->num_salts], left, rpi->salt_size);
+			rpi->num_salts++;
+		}
+		rpi->salt_index += 1;
+		if(rpi->salt_index >= rpi->num_chunks){
+			*nonsensitive_subtree = left_nonsensitive;
+			return SECSuccess;
+		}
+		if(right_nonsensitive){
+			rpi->salt_locs[rpi->num_salts].tree_level = level + 1;
+			rpi->salt_locs[rpi->num_salts].salt_index = rpi->salt_index;
+			PORT_Memcpy(rpi->salts[rpi->num_salts], right, rpi->salt_size);
+			rpi->num_salts++;
+		}
+		rpi->salt_index += 1;		
+		PORT_Assert(rpi->salt_index <= rpi->num_chunks);
+
+
+	} else {
+		// Go to lower level
+		if(compute_proof_salts2(rpi, level+1, left, &left_nonsensitive, &left_loc, left_hash_for_nonsense) != SECSuccess) return SECFailure;
+
+		if(rpi->salt_index >= rpi->num_chunks){
+			if (left_nonsensitive){
+				// If only left is around, push it up
+				*nonsensitive_subtree = PR_TRUE;
+				nonsense_loc->tree_level = left_loc.tree_level;
+				nonsense_loc->salt_index = left_loc.salt_index;
+                PORT_Memcpy(hash_for_nonsense, left_hash_for_nonsense, rpi->hash_size);
+			} else {
+				*nonsensitive_subtree = PR_FALSE;
+			}
+			return SECSuccess;
+		}
+
+		if(compute_proof_salts2(rpi, level+1, right, &right_nonsensitive, &right_loc, right_hash_for_nonsense) != SECSuccess) return SECFailure;
+
+		// Merge the two sides
+		if(left_nonsensitive && right_nonsensitive){
+			// Both hidden
+			*nonsensitive_subtree = PR_TRUE;
+			nonsense_loc->tree_level = level;
+			nonsense_loc->salt_index = orig_salt_index;
+			PORT_Memcpy(hash_for_nonsense, int_salt_secret, rpi->hash_size);
+		} else {
+			*nonsensitive_subtree = PR_FALSE;
+			if (left_nonsensitive){
+				PORT_Memcpy(rpi->salts[rpi->num_salts], left_hash_for_nonsense, rpi->salt_size);
+				PORT_Memcpy(&(rpi->salt_locs[rpi->num_salts]), &left_loc, sizeof(ProofSalt));
+				rpi->num_salts++;
+			} else if (right_nonsensitive){
+				PORT_Memcpy(rpi->salts[rpi->num_salts], right_hash_for_nonsense, rpi->salt_size);
+				PORT_Memcpy(&(rpi->salt_locs[rpi->num_salts]), &right_loc, sizeof(ProofSalt));
+				rpi->num_salts++;
+			}
+		}
+	}
+
+	return SECSuccess;
+}
+
+SECStatus compute_proof_salts(RecordProofInfo* rpi, PRUint8* int_salt_secret){
+	PRBool sensitive_subtree;
+	rpi->num_salts = 0;
+	rpi->salt_index = 0;
+	if(rpi->salt_locs == NULL){
+		rpi->salt_locs = (ProofSalt*) PORT_Alloc((rpi->num_chunks - rpi->num_hidden_chunks)* sizeof(ProofSalt));
+	}
+	return compute_proof_salts2(rpi, 0, int_salt_secret, &sensitive_subtree, NULL, NULL);
+	// TODO: Assertion
+}
+
+
+// outbuf has to be of length hash_size 
+static SECStatus compute_proof_merkle_hashes2(RecordProofInfo* rpi, int level, PRUint8* outbuf, PRBool *am_hidden, ProofMerkleNode* hidden_loc){
+	PRUint8 left_child[rpi->hash_size];
+	PRUint8 right_child[rpi->hash_size];
+	PRBool left_hidden;
+	PRBool right_hidden;
+	ProofMerkleNode left_loc;
+	ProofMerkleNode right_loc;
+	PRUint16 orig_chunk_index = rpi->chunk_index;
+
+	if(rpi->chunk_index >= rpi->num_chunks){
+		*am_hidden = PR_FALSE;
+		return SECSuccess;
+	}
+
+	// Check if this a leaf
+	if(level == rpi->tree_levels){
+		if(is_hidden_chunk(rpi->hidden_chunk_ids, rpi->num_hidden_chunks, rpi->chunk_index)){
+		
+			PRUint16 chunk_length = get_chunk_length(rpi);
+			// Compute hash from salt and chunk
+			if(tlsproof_hash_begin2(rpi->ctx) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op(rpi->ctx, rpi->salts[rpi->chunk_index], rpi->salt_size) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op(rpi->ctx, &(rpi->record[rpi->chunk_size * rpi->chunk_index]), chunk_length) != SECSuccess) return SECFailure;
+			if(chunk_length < rpi->chunk_size){
+				// Pad last chunk with zeros
+				if(tlsproof_hash_zeroes(rpi->ctx, rpi->chunk_size - chunk_length) != SECSuccess) return SECFailure;	
+			}
+
+			// Special case: Root node
+			if(level == 0){
+				// This should never happen. A completely hidden node should be a merkle_hash_node
+				PORT_Assert(0);
+				return SECFailure;
+			}
+			if(tlsproof_hash_finish2(rpi->ctx, outbuf, rpi->hash_size) != SECSuccess) return SECFailure;
+
+
+			*am_hidden = PR_TRUE;	
+			hidden_loc->tree_level = level;
+			hidden_loc->chunk_index = rpi->chunk_index;
+		} else {
+			*am_hidden = PR_FALSE;
+		}
+		rpi->chunk_index += 1;
+		return SECSuccess;
+	} else {
+		// left, right, length, client_orig 
+		if(compute_proof_merkle_hashes2(rpi, level + 1, left_child, &left_hidden, &left_loc) != SECSuccess) return SECFailure;
+
+		// If we don't need the right side any more, just push the left side upwards
+		if(rpi->chunk_index >= rpi->num_chunks){
+			*am_hidden = left_hidden;
+			if(left_hidden){
+				PORT_Memcpy(outbuf, left_child, rpi->hash_size);	
+				hidden_loc->tree_level = left_loc.tree_level;
+				hidden_loc->chunk_index = left_loc.chunk_index;
+			}
+			return SECSuccess;
+		}
+
+		if(compute_proof_merkle_hashes2(rpi, level + 1, right_child, &right_hidden, &right_loc) != SECSuccess) return SECFailure;
+		// Compute hash
+		*am_hidden = right_hidden && left_hidden;
+		if(*am_hidden){
+			if(tlsproof_hash_begin2(rpi->ctx) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op(rpi->ctx, left_child, rpi->hash_size) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op(rpi->ctx, right_child, rpi->hash_size) != SECSuccess) return SECFailure;
+			// Special case: Root node
+			if(level == 0){
+				// This should never happen. A completely hidden node should be a merkle_hash_node
+				PORT_Assert(0);
+				return SECFailure;
+			}
+			if(tlsproof_hash_finish2(rpi->ctx, outbuf, rpi->hash_size) != SECSuccess) return SECFailure;
+			hidden_loc->tree_level = level;
+			hidden_loc->chunk_index = orig_chunk_index;
+		} else if (left_hidden) {
+			rpi->hash_locs[rpi->num_hashes].tree_level = left_loc.tree_level;
+			rpi->hash_locs[rpi->num_hashes].chunk_index = left_loc.chunk_index;
+			PORT_Memcpy(rpi->proof_merkle_hashes[rpi->num_hashes], left_child, rpi->hash_size);
+			rpi->num_hashes += 1;
+		} else if (right_hidden) {
+			rpi->hash_locs[rpi->num_hashes].tree_level = right_loc.tree_level;
+			rpi->hash_locs[rpi->num_hashes].chunk_index = right_loc.chunk_index;
+			PORT_Memcpy(rpi->proof_merkle_hashes[rpi->num_hashes], right_child, rpi->hash_size);
+			rpi->num_hashes += 1;
+		}
+		return SECSuccess;		
+	}
+}
+
+SECStatus compute_proof_merkle_hashes(RecordProofInfo* rpi){
+	if(rpi->hash_locs == NULL){
+		rpi->hash_locs = (ProofMerkleNode*) PORT_Alloc(rpi->num_hidden_chunks * sizeof(ProofMerkleNode));
+		if(rpi->hash_locs == NULL) return SECFailure;
+	}
+	if(rpi->proof_merkle_hashes == NULL){
+		rpi->proof_merkle_hashes = allocate_string_array(rpi->hash_size, rpi->num_hidden_chunks); 
+		if(rpi->proof_merkle_hashes == NULL) return SECFailure;
+	}
+	rpi->num_hashes = 0;
+	rpi->chunk_index = 0;
+		
+	PRBool am_hidden;
+	if(compute_proof_merkle_hashes2(rpi, 0, NULL, &am_hidden, NULL) != SECSuccess) return SECFailure;
+	PORT_Assert(rpi->chunk_index == rpi->num_chunks);
+	PORT_Assert(!am_hidden);
+	return SECSuccess;
+}
+
+// TODO: const and int
+static PRInt32 hash_is_in_proof(ProofMerkleNode* hash_locs, PRUint16 num_hashes, int level, PRUint16 chunk_index){
+    int i;
+    for(i = 0; i < num_hashes; ++i){
+        if(hash_locs[i].tree_level == level && hash_locs[i].chunk_index == chunk_index){
+            return i;
+        }
+    }
+    return -1;	
+}
+
+
+
+// outbuf has to be of length hash_size 
+SECStatus compute_merkle_tree2(RecordProofInfo* rpi, int level, PRUint8* outbuf){
+	PRUint8 left_child[rpi->hash_size];
+	PRUint8 right_child[rpi->hash_size];
+	PRUint16 chunk_length;
+
+	if(rpi->chunk_index >= rpi->num_chunks){
+		return SECSuccess;
+	}
+
+	// Use existing hashes when generating from proof
+	if(rpi->num_hashes != 0){
+		PRInt32 in_proof_index = hash_is_in_proof(rpi->hash_locs, rpi->num_hashes, level, rpi->chunk_index);
+		// Found a hash in the proof
+		if(in_proof_index != -1){
+			PORT_Memcpy(outbuf, rpi->proof_merkle_hashes[in_proof_index], rpi->hash_size);
+			// Add the leaves we skipped
+			rpi->chunk_index += num_skipped_leaves(rpi, level, rpi->chunk_index);
+			return SECSuccess;
+		}
+	}
+
+
+	chunk_length = get_chunk_length(rpi);
+
+	// Check if this a leaf
+	if(level == rpi->tree_levels){
+	
+		// Compute hash from salt and chunk
+		if(tlsproof_hash_begin2(rpi->ctx) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(rpi->ctx, rpi->salts[rpi->chunk_index], rpi->salt_size) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(rpi->ctx, &(rpi->record[rpi->chunk_size * rpi->chunk_index]), chunk_length) != SECSuccess) return SECFailure;
+		if(chunk_length < rpi->chunk_size){
+			// Pad last chunk with zeros
+			if(tlsproof_hash_zeroes(rpi->ctx, rpi->chunk_size - chunk_length) != SECSuccess) return SECFailure;	
+		}
+		// Special case: Root node
+		if(level == 0){
+			if(tlsproof_hash_op(rpi->ctx, (unsigned char*) &merkle_root_marker, sizeof(merkle_root_marker)) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op_nbo(rpi->ctx, (unsigned char*) &(rpi->record_length), sizeof(rpi->record_length)) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op(rpi->ctx, (unsigned char*) &(rpi->gen_orig), sizeof(rpi->gen_orig)) != SECSuccess) return SECFailure;
+		}
+		if(tlsproof_hash_finish2(rpi->ctx, outbuf, rpi->hash_size) != SECSuccess) return SECFailure;
+		rpi->chunk_index += 1;
+		return SECSuccess;
+	} else {
+		// left, right, length, gen_orig
+		if(compute_merkle_tree2(rpi, level + 1, left_child) != SECSuccess) return SECFailure;
+
+		// If we don't need the right side any more, just push the left side upwards
+		if(rpi->chunk_index >= rpi->num_chunks){
+			PORT_Memcpy(outbuf, left_child, rpi->hash_size);	
+			return SECSuccess;
+		}
+
+		if(compute_merkle_tree2(rpi, level + 1, right_child) != SECSuccess) return SECFailure;
+		// Compute hash
+		if(tlsproof_hash_begin2(rpi->ctx) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(rpi->ctx, left_child, rpi->hash_size) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(rpi->ctx, right_child, rpi->hash_size) != SECSuccess) return SECFailure;
+		// Special case: Root node
+		if(level == 0){
+			if(tlsproof_hash_op(rpi->ctx, (unsigned char*) &merkle_root_marker, sizeof(merkle_root_marker)) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op_nbo(rpi->ctx, (unsigned char*) &(rpi->record_length), sizeof(rpi->record_length)) != SECSuccess) return SECFailure;
+			if(tlsproof_hash_op(rpi->ctx, (unsigned char*) &(rpi->gen_orig), sizeof(rpi->gen_orig)) != SECSuccess) return SECFailure;
+		}
+		if(tlsproof_hash_finish2(rpi->ctx, outbuf, rpi->hash_size) != SECSuccess) return SECFailure;
+		return SECSuccess;		
+	}
+}
+
+
+// outbuf has to be of length hash_size 
+SECStatus compute_merkle_tree(RecordProofInfo* rpi, PRUint8* outbuf){
+	rpi->chunk_index = 0;
+	rpi->num_hashes = 0;
+	return compute_merkle_tree2(rpi, 0, outbuf);
+}
+
+// outbuf has to be of length hash_size 
+SECStatus compute_merkle_tree_from_proof(RecordProofInfo* rpi, PRUint8* outbuf){
+	rpi->chunk_index = 0;
+	return compute_merkle_tree2(rpi, 0, outbuf);
+}
+
+static SECStatus sendEvidence(sslSocket *ss){
+#ifdef EV_MEASURE_COMP
+	PRTime measure_start = PR_Now();
+#endif
+
+	PRUint16 offset = 0;
+	const PRUint32 hash_size = tls13_GetHashSize(ss);
+	PRTime timeStampStop;
+	SSLHashType hash_type =  tls13_GetHash(ss);
+	PRUint16 chunk_size = ss->xtnData.chunk_size;
+	PRUint16 salt_size = ss->xtnData.salt_size;
+
+	if(ss->tlsproofMerkleRoot == NULL){
+		return SECFailure;
+	}
+	
+	timeStampStop = PR_Now();
+
+
+	// Retrieve private key
+	SECKEYPrivateKey *key = ss->sec.serverCert->serverKeyPair->privKey;
+
+	// TODO: Hash other stuff
+	// Hash to be signed: Signature, Timestamp, Timestamp
+	SECItem data;
+	data.type = siBuffer;
+	data.len = hash_size;
+	data.data = (unsigned char *) PORT_Alloc(data.len);
+
+	PK11Context *ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(tls13_GetHash(ss)));
+	if(tlsproof_hash_begin2(ctx) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, ss->tlsproofMerkleRoot, hash_size) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &ss->tlsproofTimeStampStart, sizeof(ss->tlsproofTimeStampStart)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &timeStampStop, sizeof(timeStampStop)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &salt_size, sizeof(salt_size)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &chunk_size, sizeof(chunk_size)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &hash_type, sizeof(SSLHashType)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_finish2(ctx, data.data, hash_size) != SECSuccess) return SECFailure;
+	PK11_DestroyContext(ctx, PR_TRUE);
+
+	// Where the signature will be stored
+	SECItem signature;
+	signature.type = siBuffer;
+	signature.len = (unsigned int) PK11_SignatureLen(key);
+	signature.data = (unsigned char *) PORT_Alloc(signature.len);
+
+	// TODO: Hash
+
+	// Sign
+	PK11_Sign(key, &signature, &data);
+
+#ifdef TRACE
+	if (ssl_trace >= 25) {
+		ssl_PrintBuf(ss, "[TLS-N] Signature: ", signature.data, signature.len);
+	}
+#endif
+
+	 // Send the proof response
+	ssl_GetSSL3HandshakeLock(ss);
+	ssl_GetXmitBufLock(ss);
+
+	PRInt32 respLength = TLS_PROOF_MESSAGE_TYPE_SIZE + EVIDENCE_MESSAGE_SIZE + signature.len + ceil_div8(ss->tlsproofOrderingVectorLen);
+	unsigned char *response = PORT_Alloc(respLength);
+	PRInt32 sent;
+
+	TLSProofMessageType message_type = tlsproof_message_type_response;
+	EvidenceMessage evMsg;
+	// Timestamps
+	evMsg.timeStampStart = ss->tlsproofTimeStampStart;
+	evMsg.timeStampStop = timeStampStop;
+	// Length of Signature
+	evMsg.sig_len = signature.len;
+	// Length of ordering vector
+	evMsg.orderingVectorLen = ss->tlsproofOrderingVectorLen;
+
+	offset = 0;
+
+	WRITE_LEN_AT_OFFSET(response, offset, &message_type, TLS_PROOF_MESSAGE_TYPE_SIZE);
+
+	// Add Struct
+	WRITE_LEN_AT_OFFSET(response, offset, &evMsg, EVIDENCE_MESSAGE_SIZE);
+
+	// Add Signature
+	PORT_Memcpy(response+offset, signature.data, signature.len);
+	offset += signature.len;
+
+	// Add Ordering Vector 
+	PORT_Memcpy(response+offset, ss->tlsproofOrderingVector, ceil_div8(ss->tlsproofOrderingVectorLen));
+	offset += ceil_div8(ss->tlsproofOrderingVectorLen);
+
+	PORT_Assert(offset == respLength);
+	
+#ifdef EV_MEASURE_COMP
+	PRTime measure_stop = PR_Now();
+	printf("[Measure-Evidence] %lu, %u, %u, %u, %u\n", measure_stop - measure_start, signature.len, data.len, respLength, ss->tlsproofOrderingVectorLen);
+#endif
+
+	// Send the response
+	sent = ssl3_SendRecord(ss, NULL, content_tls_proof_message, response, respLength, 0);
+	if(sent <= 0) return SECFailure;
+
+	ssl_ReleaseXmitBufLock(ss);
+	ssl_ReleaseSSL3HandshakeLock(ss);
+	PORT_Free(response);
+	PORT_Free(signature.data);
+	PORT_Free(data.data);
+	ss->tlsproofSentEvidence = 1;
+	return SECSuccess;
+
+}
+
+
+SECStatus tlsproof_sendEvidenceOnClose(sslSocket *ss){
+	if(ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn) && ss->tlsproofOrderingVectorLen > 0 && ss->tlsproofSentEvidence != 1){
+		return sendEvidence(ss);
+	}
+	return SECSuccess;
+}
+
+
+/*Function called when a proof request is sent. It generate the signature and send the proof response*/
+static SECStatus tlsproof_handleMessageRequest(sslSocket *ss, sslBuffer  *origBuf)
+{
+	PRInt32 length;
+	length = origBuf->len;
+
+	if(!ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn)){
+#ifdef TRACE
+	if (ssl_trace >= 25) {
+		ssl_Trace("Received a proof request, but extension was not negotiated!");
+	}
+#endif
+			return SECFailure;
+	}
+
+	if(length != 1){
+#ifdef TRACE
+	if (ssl_trace >= 25) {
+		ssl_Trace("Received a proof request, but it was not correctly formatted!");
+	}
+#endif
+				return SECFailure;
+	}
+
+
+	//Flush the buffer because it is not destined to application layer
+	origBuf->len = 0;
+
+#ifdef TRACE
+	if (ssl_trace >= 25) {
+		ssl_PrintBuf(ss, "Received a proof request! Generating a signature over the root hash:", ss->tlsproofMerkleRoot, tls13_GetHashSize(ss));
+	}
+#endif
+
+	return sendEvidence(ss);
+
+}
+
+
+// No more padding
+static PRUint32 recordPaddingSize(PRUint16 len_record, PRUint16 chunk_size){
+	return 0;	
+}
+
+/*
+static PRUint32 recordPaddingSize(PRUint16 len_record, PRUint16 chunk_size){
+	PRUint32 padded_size = 0;
+	PRUint32 remaining = len_record % chunk_size;
+	if(remaining > 0){
+		padded_size += chunk_size - remaining;
+	}
+	return padded_size;	
+}*/
+
+static SECStatus addPlaintextProofNode(unsigned char** proof_str_ptr, PRUint32* proof_offset_ptr, PRUint32* proof_size_ptr, TLSProofClientRecording* recording, PRBool received, PRUint16 salt_size, PRUint16 chunk_size){
+
+	PRUint32 proof_offset = *proof_offset_ptr;
+	PRUint32 record_padding_size = recordPaddingSize(recording->plaintext_size, chunk_size);
+	
+	// Add another proof node
+	ProofNode proofNode;
+	proofNode.node_type = plaintext_node;	
+
+	PlaintextProofNode plaintextNode;
+	plaintextNode.gen_orig = received;
+	plaintextNode.len_record = recording->plaintext_size;
+	
+	unsigned char* proof_str = *proof_str_ptr;
+	*proof_size_ptr += PROOF_NODE_SIZE + PLAINTEXT_PROOF_NODE_SIZE + recording->plaintext_size + record_padding_size + salt_size;
+	proof_str = (unsigned char*) PORT_Realloc(proof_str, *proof_size_ptr);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &proofNode, PROOF_NODE_SIZE);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &plaintextNode, PLAINTEXT_PROOF_NODE_SIZE);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, recording->plaintext, recording->plaintext_size);
+	WRITE_ZEROES_AT_OFFSET(proof_str, proof_offset, record_padding_size);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, recording->salt_secret, salt_size);
+	PORT_Assert(proof_offset == *proof_size_ptr);
+	*proof_str_ptr = proof_str;
+	*proof_offset_ptr = proof_offset;
+	return SECSuccess;
+}
+
+static SECStatus addHashChainNode(unsigned char** proof_str_ptr, PRUint32* proof_offset_ptr, PRUint32* proof_size_ptr, PRUint8* hash_chain, PRUint16 hash_size){
+	PRUint32 proof_offset = *proof_offset_ptr;
+
+	// Hash chain value
+	// Add another proof node
+	ProofNode proofNode;
+	proofNode.node_type = hash_chain_node;	
+	
+    unsigned char* proof_str = *proof_str_ptr;
+		
+	*proof_size_ptr += sizeof(ProofNode) + hash_size;
+	proof_str = (unsigned char*) PORT_Realloc(proof_str, *proof_size_ptr);
+    WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &proofNode, PROOF_NODE_SIZE);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, hash_chain, hash_size);
+	PORT_Assert(proof_offset == *proof_size_ptr);			
+    *proof_str_ptr = proof_str;
+	*proof_offset_ptr = proof_offset;
+	return SECSuccess;
+}
+
+
+static SECStatus addMerkleProofNode(unsigned char** proof_str_ptr, PRUint32* proof_offset_ptr, PRUint32* proof_size_ptr, PRUint8* hash, PRUint16 hash_size){
+	PRUint32 proof_offset = *proof_offset_ptr;
+
+	// Add another proof node
+	ProofNode proofNode;
+	proofNode.node_type = merkle_hash_node;	
+
+    unsigned char* proof_str = *proof_str_ptr;
+		
+	*proof_size_ptr += PROOF_NODE_SIZE + hash_size;
+	proof_str = (unsigned char*) PORT_Realloc(proof_str, *proof_size_ptr);
+    WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &proofNode, PROOF_NODE_SIZE);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, hash, hash_size);
+	PORT_Assert(proof_offset == *proof_size_ptr);
+    *proof_str_ptr = proof_str;
+	*proof_offset_ptr = proof_offset;
+	return SECSuccess;
+}
+
+
+PRUint8* advance_hash_chain2(PRUint8* hash_chain, PRUint8* hash, PRUint16 hash_size, SSLHashType hash_type){
+	
+	PK11Context *ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(hash_type));
+	// Advance hash chain
+	if(tlsproof_hash_begin2(ctx) != SECSuccess) return NULL;
+    if(tlsproof_hash_op(ctx, &hash_chain_marker, sizeof(PRUint8)) != SECSuccess) return NULL;
+    if(hash_chain != NULL){
+		if(tlsproof_hash_op(ctx, hash_chain, hash_size) != SECSuccess) return NULL;
+	}else{
+		// Allocate space if necessary
+		hash_chain = (PRUint8*) PORT_Alloc(hash_size);
+	}
+	if(tlsproof_hash_op(ctx, hash, hash_size) != SECSuccess) return NULL;
+	if(tlsproof_hash_finish2(ctx, hash_chain, hash_size) != SECSuccess) return NULL;
+	PK11_DestroyContext(ctx, PR_TRUE);
+	return hash_chain;
+}
+
+PRUint8* advance_hash_chain(RecordProofInfo* rpi, PRUint8* hash_chain, PRUint8* hash){
+	// Advance hash chain
+	if(tlsproof_hash_begin2(rpi->ctx) != SECSuccess) return NULL;
+	if(tlsproof_hash_op(rpi->ctx, &hash_chain_marker, sizeof(PRUint8)) != SECSuccess) return NULL;
+	if(hash_chain != NULL){
+		if(tlsproof_hash_op(rpi->ctx, hash_chain, rpi->hash_size) != SECSuccess) return NULL;
+	}else{
+		// Allocate space if necessary
+		hash_chain = (PRUint8*) PORT_Alloc(rpi->hash_size);
+	}
+	if(tlsproof_hash_op(rpi->ctx, hash, rpi->hash_size) != SECSuccess) return NULL;
+	if(tlsproof_hash_finish2(rpi->ctx, hash_chain, rpi->hash_size) != SECSuccess) return NULL;
+	return hash_chain;
+}
+
+#ifdef TRACE
+void printfProofParameters(ProofPar* proofPar){
+	ssl_Trace("[TLS-N] == Proof Parameters: ==");
+	ssl_Trace("[TLS-N] Hash Size: %u", proofPar->hash_size);
+	ssl_Trace("[TLS-N] Salt Size: %u", proofPar->salt_size);
+	ssl_Trace("[TLS-N] Chunk Size: %u", proofPar->chunk_size);
+	ssl_Trace("[TLS-N] Start Time: %lli", proofPar->startTime);
+	ssl_Trace("[TLS-N] Stop Time: %lli", proofPar->stopTime);
+	ssl_Trace("[TLS-N] Number of Proof Nodes: %u", proofPar->num_proof_nodes);
+	ssl_Trace("[TLS-N] Hash Type: %i", proofPar->hash_type);
+	ssl_Trace("[TLS-N] Signature Length: %u", proofPar->sig_len);
+	ssl_Trace("[TLS-N] Certificate Chain Length: %u", proofPar->cert_chain_len);
+}
+
+void printfHiddenPlaintextProofNode(HiddenPlaintextProofNode* plaintextProofNode){
+	ssl_Trace("[TLS-N] -- Plaintext Proof Node: --");
+	ssl_Trace("[TLS-N] Originated from Generator: %u", plaintextProofNode->gen_orig);
+	ssl_Trace("[TLS-N] Record Size: %u", plaintextProofNode->len_record);
+	ssl_Trace("[TLS-N] Num Salts: %u", plaintextProofNode->num_salts);
+	ssl_Trace("[TLS-N] Num Hashes: %u", plaintextProofNode->num_hashes);
+}
+
+void printfPlaintextProofNode(PlaintextProofNode* plaintextProofNode){
+	ssl_Trace("[TLS-N] -- Plaintext Proof Node: --");
+	ssl_Trace("[TLS-N] Originated from Generator: %u", plaintextProofNode->gen_orig);
+	ssl_Trace("[TLS-N] Record Size: %u", plaintextProofNode->len_record);
+}
+
+
+
+#endif
+
+/*
+static PRUint32 writeProofParameters(PRUint8* target, ProofPar* proofPar){
+	PRUint32 offset = 0;
+	WRITE_AT_OFFSET(target, offset, proofPar->hash_size);
+	WRITE_AT_OFFSET(target, offset, proofPar->salt_size);
+	WRITE_AT_OFFSET(target, offset, proofPar->chunk_size);
+	WRITE_AT_OFFSET(target, offset, proofPar->startTime);
+	WRITE_AT_OFFSET(target, offset, proofPar->stopTime);
+	WRITE_AT_OFFSET(target, offset, proofPar->num_proof_nodes);
+	WRITE_AT_OFFSET(target, offset, proofPar->hash_type);
+	WRITE_AT_OFFSET(target, offset, proofPar->sig_len);
+	WRITE_AT_OFFSET(target, offset, proofPar->cert_chain_len);
+	return offset;
+}
+
+static PRUint32 writeProofNode(PRUint8* target, ProofNode* proofNode){
+	PRUint32 offset = 0;
+	WRITE_AT_OFFSET(target, offset, proofNode->node_type);
+	return offset;
+}
+
+static PRUint32 writePlaintextProofNode(PRUint8* target, PlaintextProofNode* plaintextNode){
+	PRUint32 offset = 0;
+	WRITE_AT_OFFSET(target, offset, plaintextNode->gen_orig);
+	WRITE_AT_OFFSET(target, offset, plaintextNode->len_record);
+	WRITE_AT_OFFSET(target, offset, plaintextNode->num_salts);
+	WRITE_AT_OFFSET(target, offset, plaintextNode->num_hashes);
+	return offset;
+}
+
+static PRUint32 writeProofSalt(PRUint8* target, ProofSalt* proofSalt){
+	PRUint32 offset = 0;
+	WRITE_AT_OFFSET(target, offset, proofSalt->tree_level);
+	WRITE_AT_OFFSET(target, offset, proofSalt->salt_index);
+	return offset;
+}
+
+static PRUint32 writeProofMerkleNode(PRUint8* target, ProofMerkleNode* proofMerkleNode){
+	PRUint32 offset = 0;
+	WRITE_AT_OFFSET(target, offset, proofMerkleNode->tree_level);
+	WRITE_AT_OFFSET(target, offset, proofMerkleNode->chunk_index);
+	return offset;
+}
+*/
+
+static SECStatus tlsproof_handleMessageResponse(sslSocket *ss, sslBuffer *origBuf)
+{
+
+#ifdef EV_MEASURE_COMP
+	PRTime measure_start = PR_Now();
+	// Total number of bytes
+	PRUint32 record_bytes = 0;
+	// Hidden number of bytes
+	PRUint32 hidden_bytes = 0;
+#endif
+
+	int i;
+	int j;
+	SECStatus rv;
+	SECItem sig;
+	SECItem data;
+	EvidenceMessage evMsg;
+	PRUint16 offset = 0;
+	PRUint32 proof_offset = 0;
+	unsigned char *orderingVector;
+	unsigned char *response = origBuf->buf;
+	const unsigned int hash_size = tls13_GetHashSize(ss);
+	unsigned char *hash_chain = NULL;
+	// How many sent and received messages have been hashed into the hash chain
+	PRUint32 hashed_recvd = 0;
+	PRUint32 hashed_sent = 0;
+
+	// Record end time
+	PRTime timeStampStop = PR_Now();
+
+	if(!ssl3_ExtensionNegotiated(ss,ssl_tls13_tls_proof_xtn)) return SECFailure;
+
+	offset += TLS_PROOF_MESSAGE_TYPE_SIZE;
+
+	READ_LEN_FROM_OFFSET(&evMsg, response, offset, EVIDENCE_MESSAGE_SIZE);
+
+	// Signature
+	sig.data = response+offset;
+	offset += evMsg.sig_len;
+
+	// Ordering Vector
+	orderingVector = response+offset;
+	offset += ceil_div8(evMsg.orderingVectorLen);
+
+	PORT_Assert(offset == origBuf->len);
+
+	sig.len = evMsg.sig_len;
+	sig.type = siBuffer;
+	
+
+	// Construct the proof
+	ProofPar proofPar;
+	proofPar.hash_size = hash_size;
+	proofPar.salt_size = ss->xtnData.salt_size;
+	proofPar.chunk_size = ss->xtnData.chunk_size;
+	proofPar.startTime = evMsg.timeStampStart;
+	proofPar.stopTime = evMsg.timeStampStop;
+	proofPar.hash_type = tls13_GetHash(ss);
+	proofPar.sig_len = evMsg.sig_len;
+	if(ss->tlsProofType & omit_cert_chain){
+		proofPar.cert_chain_len = 0;
+	}else{
+		proofPar.cert_chain_len = ss->sec.peerCert->derCert.len;
+	}
+
+	if(ss->tlsProofType & merkle_hashes_proof){
+		proofPar.num_proof_nodes = evMsg.orderingVectorLen;
+	} else if (ss->tlsProofType & last_merkle_proof){
+		proofPar.num_proof_nodes = 2;
+		PORT_Assert(evMsg.orderingVectorLen >= 2);
+	} else if (ss->tlsProofType & last_message_proof){
+		proofPar.num_proof_nodes = 2;
+		PORT_Assert(evMsg.orderingVectorLen >= 2);
+	} else if (ss->tlsProofType & plaintext_proof){
+		proofPar.num_proof_nodes = evMsg.orderingVectorLen;
+	} else if (ss->tlsProofType & hidden_plaintext_proof){
+		proofPar.num_proof_nodes = evMsg.orderingVectorLen;
+	} else {
+#ifdef TRACE
+		SSL_TRC(10, ("Error: Unknown TLSProof Type."));
+#endif		
+	}
+
+
+	// Allocate proof string
+	PRUint32 proof_size = PROOF_PAR_SIZE + proofPar.sig_len + proofPar.cert_chain_len;
+	unsigned char *proof_str = (unsigned char*) PORT_Alloc(proof_size);
+	proof_offset = 0;
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &proofPar, PROOF_PAR_SIZE);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, sig.data, proofPar.sig_len);
+	WRITE_LEN_AT_OFFSET(proof_str, proof_offset, ss->sec.peerCert->derCert.data, proofPar.cert_chain_len);
+	PORT_Assert(proof_offset == proof_size);
+	
+
+	// Recomputing the hash chain
+	for(i = 0; i < evMsg.orderingVectorLen; ++i){
+		// 1 in ordering vector => sent by server => received by client
+		PRBool received = (orderingVector[i/8] >> (i%8) ) & 1;
+#ifdef TRACE
+		if(ssl_trace > 50){
+			ssl_Trace("Ordering Vector = %i", received);
+			ssl_Trace("[TLS-N] %i received and %i sent.",  ss->tlsproofClientRecvLen, ss->tlsproofClientSentLen);
+		}
+#endif
+		// Filter if no content
+		if(ss->tlsproofClientRecvLen == 0 && ss->tlsproofClientSentLen == 0){
+			return SECSuccess;
+		}
+
+		TLSProofClientRecording* recording = received ? &(ss->tlsproofClientRecv[hashed_recvd]) : &(ss->tlsproofClientSent[hashed_sent]);
+
+#ifdef EV_MEASURE_COMP
+		record_bytes += recording->plaintext_size;
+#endif
+
+		RecordProofInfo* rpi = init_proof_info(ss, recording->plaintext, recording->plaintext_size, received);
+		// Compute the merkle hash if not precomputed
+		if(recording->merkle_hash == NULL){
+			recording->merkle_hash = (unsigned char*) PORT_Alloc(hash_size);
+		
+			if(compute_salt_tree(rpi, recording->salt_secret) != SECSuccess) return SECFailure;
+
+			if(compute_merkle_tree(rpi, recording->merkle_hash) != SECSuccess) return SECFailure;
+
+		}
+
+#ifdef TRACE
+		PRUint16 recording_len = received ? ss->tlsproofClientRecvLen : ss->tlsproofClientSentLen;
+		PRUint16 used = received ? hashed_recvd : hashed_sent;
+		PORT_Assert(recording_len > used);
+		if(ssl_trace > 50){
+			ssl_Trace("Using %i of %i.", used, recording_len);
+			ssl_PrintBuf(ss, "Hashing = ", recording->merkle_hash, hash_size);
+		}
+#endif
+		hash_chain = advance_hash_chain(rpi, hash_chain, recording->merkle_hash);
+		if(hash_chain == NULL) return SECFailure;
+
+		if(received){
+			hashed_recvd++;
+		} else {
+			hashed_sent++;
+		}
+
+		
+		if(ss->tlsProofType & merkle_hashes_proof){
+			// Add another merkle proof node
+			if( addMerkleProofNode(&proof_str, &proof_offset, &proof_size, recording->merkle_hash, hash_size)!= SECSuccess) return SECFailure;
+		} else if (ss->tlsProofType & last_merkle_proof){
+			if(i < evMsg.orderingVectorLen - 2){
+				continue;
+			} else if (i == evMsg.orderingVectorLen - 2){
+				if(addHashChainNode(&proof_str, &proof_offset, &proof_size, hash_chain, hash_size) != SECSuccess) return SECFailure;
+			} else if (i == evMsg.orderingVectorLen - 1){
+				if(addMerkleProofNode(&proof_str, &proof_offset, &proof_size, recording->merkle_hash, hash_size)!= SECSuccess) return SECFailure;
+			} else {
+				PORT_Assert(PR_FALSE);
+			}
+		} else if (ss->tlsProofType & last_message_proof){
+			if(i < evMsg.orderingVectorLen - 2){
+				continue;
+			} else if (i == evMsg.orderingVectorLen - 2){
+				if(addHashChainNode(&proof_str, &proof_offset, &proof_size, hash_chain, hash_size) != SECSuccess) return SECFailure;
+			} else if (i == evMsg.orderingVectorLen - 1){
+				if(addPlaintextProofNode(&proof_str, &proof_offset, &proof_size, recording, received, proofPar.salt_size, proofPar.chunk_size)!= SECSuccess) return SECFailure;
+			} else {
+				PORT_Assert(PR_FALSE);
+			}
+		} else if (ss->tlsProofType & plaintext_proof){
+			if(addPlaintextProofNode(&proof_str, &proof_offset, &proof_size, recording, received, proofPar.salt_size, proofPar.chunk_size)!= SECSuccess) return SECFailure;
+		} else if (ss->tlsProofType & hidden_plaintext_proof){
+			// TODO: Consistent data types for num_chunks, salt_size, hash_size etc. Replace _t types
+			// Find sensitive chunks
+			if(find_sensitive_chunks(rpi) != SECSuccess) return SECFailure;
+			if(rpi->num_hidden_chunks == 0){
+				// No hidden chunks => plaintext node
+				if(addPlaintextProofNode(&proof_str, &proof_offset, &proof_size, recording, received, proofPar.salt_size, proofPar.chunk_size)!= SECSuccess) return SECFailure;
+			} else if(rpi->num_hidden_chunks == rpi->num_chunks){
+				// All chunks hidde => merkle hash node
+				if(addMerkleProofNode(&proof_str, &proof_offset, &proof_size, recording->merkle_hash, hash_size)!= SECSuccess) return SECFailure;
+			} else {
+				// Mixed Node
+		
+				// ----- Compute necessary hashes ------
+				// Salts have already been computed during evidence verification
+				if(compute_proof_merkle_hashes(rpi) != SECSuccess) return SECFailure;
+				
+				// ----- Compute the proof salts ----
+				if(compute_proof_salts(rpi, recording->salt_secret) != SECSuccess) return SECFailure;
+				PRUint8** proof_salts = rpi->salts;
+
+				// ---- Form proof str ----
+				ProofNode proofNode;
+				proofNode.node_type = hidden_plaintext_node;
+
+				HiddenPlaintextProofNode plaintextNode;
+				plaintextNode.gen_orig = received;
+				plaintextNode.len_record = recording->plaintext_size;
+				plaintextNode.num_salts = rpi->num_salts;
+				plaintextNode.num_hashes = rpi->num_hashes;
+
+	
+				PORT_Assert(proof_offset == proof_size);
+				// Proof Node & PlaintextProofNode
+				proof_size += PROOF_NODE_SIZE + HIDDEN_PLAINTEXT_PROOF_NODE_SIZE;
+				// Salt Locs and Proof Salts
+				proof_size += rpi->num_salts * PROOF_SALT_SIZE + rpi->num_salts * rpi->salt_size;
+				// Hash Locs and Proof Hashes
+				proof_size += rpi->num_hashes * PROOF_MERKLE_NODE_SIZE + rpi->num_hashes * rpi->hash_size;
+				// Compressed (without censored chunks) record length
+				proof_size += compute_compressed_record_length(rpi);
+
+				proof_str = (unsigned char*) PORT_Realloc(proof_str, proof_size);
+				WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &proofNode, PROOF_NODE_SIZE);
+				// Plaintext Node
+				WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &plaintextNode, HIDDEN_PLAINTEXT_PROOF_NODE_SIZE);
+				// Salt Locations
+				for(j = 0; j < rpi->num_salts; ++j){
+					WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &(rpi->salt_locs[j]), PROOF_SALT_SIZE);
+					//proof_offset += writeProofSalt(proof_str+proof_offset, rpi->salt_locs[j]);	
+				}
+				// Proof Salts
+				WRITE_LEN_AT_OFFSET(proof_str, proof_offset, proof_salts[0], rpi->num_salts * rpi->salt_size);
+				// Hash Locations
+				for(j = 0; j < rpi->num_hashes; ++j){
+					WRITE_LEN_AT_OFFSET(proof_str, proof_offset, &(rpi->hash_locs[j]), PROOF_MERKLE_NODE_SIZE);
+				}
+				// Proof Hashes
+				WRITE_LEN_AT_OFFSET(proof_str, proof_offset, rpi->proof_merkle_hashes[0], rpi->num_hashes * rpi->hash_size);
+				// Only include uncensored record parts
+				PRUint16 chunk_index;
+				PRUint16 chunk_length;
+				for(chunk_index = 0; chunk_index < rpi->num_chunks; ++chunk_index){
+					chunk_length = get_chunk_length2(rpi, chunk_index);
+					if(!is_hidden_chunk(rpi->hidden_chunk_ids, rpi->num_hidden_chunks, chunk_index)){
+						PORT_Memcpy(proof_str+proof_offset, rpi->record + chunk_index * rpi->chunk_size, chunk_length);
+						proof_offset += chunk_length;
+					}
+#ifdef EV_MEASURE_COMP
+					else{
+						hidden_bytes += chunk_length;
+					}
+#endif
+
+				}
+				WRITE_ZEROES_AT_OFFSET(proof_str, proof_offset, compute_compressed_record_padding(rpi));
+			 
+
+				PORT_Assert(proof_offset == proof_size);				
+				
+			}
+		
+		}
+		free_rpi(rpi);
+	}
+	
+#ifdef TRACE
+	if(ssl_trace > 50){
+		ssl_PrintBuf(ss, "Hash chain value = ", hash_chain, hash_size);
+	}
+#endif
+
+	// Testing the Signature
+	// First constructing the signed data
+	offset = 0;
+	data.type = siBuffer;
+	data.len = hash_size;
+	data.data = (unsigned char *) PORT_Alloc(data.len);
+
+	PK11Context *ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(proofPar.hash_type));
+	if(tlsproof_hash_begin2(ctx) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, hash_chain, hash_size) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &evMsg.timeStampStart, sizeof(evMsg.timeStampStart)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &evMsg.timeStampStop, sizeof(evMsg.timeStampStop)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &proofPar.salt_size, sizeof(proofPar.salt_size)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &proofPar.chunk_size, sizeof(proofPar.chunk_size)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_op(ctx, &proofPar.hash_type, sizeof(SSLHashType)) != SECSuccess) return SECFailure;
+	if(tlsproof_hash_finish2(ctx, data.data, hash_size) != SECSuccess) return SECFailure;
+	PK11_DestroyContext(ctx, PR_TRUE);
+
+
+	SECKEYPublicKey *key = CERT_ExtractPublicKey(ss->sec.peerCert);
+	PORT_Assert(key != NULL);
+
+	rv = PK11_Verify(key, &sig, &data, NULL);
+	if(rv != SECSuccess){
+#ifdef TRACE
+		ssl_Trace("[TLS-N] !!! Signature Verification Failed During Evidence Generation!!!\n");
+#endif
+		// TODO: Cleanup here
+		return SECFailure;
+	}
+#ifdef TRACE
+	SSL_TRC(10, ("[TLS-N] Signature Verification: OK!\n"));
+#endif
+
+	if(abs(evMsg.timeStampStart - ss->tlsproofTimeStampStart) > TLS_PROOF_WARN_TIME_DIFF){
+#ifdef TRACE
+		ssl_Trace("[TLS-N] Warning: Discrepenancy in start timestamps.\n");
+#endif
+	}
+	if(abs(evMsg.timeStampStop - timeStampStop) > TLS_PROOF_WARN_TIME_DIFF){
+#ifdef TRACE
+		ssl_Trace("[TLS-N] Warning: Discrepenancy in stop timestamps.\n");
+#endif
+	}
+
+
+
+	//Flush the buffer because it is not destined to application layer
+	origBuf->len = 0;
+
+	SECKEY_DestroyPublicKey(key);
+	PORT_Free(data.data);
+	PORT_Free(hash_chain);
+#ifdef EV_MEASURE_COMP
+	PRTime measure_stop = PR_Now();
+	printf("[Measure-Generation] %lu, %i, %u, %u, %u, %u, %u, %u\n", measure_stop - measure_start, record_bytes, proofPar.chunk_size, proofPar.salt_size, proofPar.hash_size, proof_size - record_bytes, hidden_bytes, evMsg.orderingVectorLen);
+#endif
+	//Call the user define callback to handle the signature
+	if(ss->tlsProofReturnCallBack != NULL){
+		rv = (*ss->tlsProofReturnCallBack)(proof_str, proof_size);
+	}
+
+	return SECSuccess;
+}
+
+
+// ------------ Proof Verification -------------
+
+SECStatus SSL_TLSProofCheckProof(unsigned char *proof_str, unsigned int proof_size){
+
+#ifdef EV_MEASURE_COMP
+	PRTime measure_start = PR_Now();
+#endif
+	ProofPar proofPar;
+	PRUint32 proof_offset = 0;
+	PRUint8* hash_chain = NULL;
+	// Data for signature
+	SECItem data;
+	CERTCertificate* cert;
+	// Signature
+	SECItem sig;
+	SECItem certbuf;
+	int i;
+	ProofNode proofNode;
+	bzero(&proofNode, sizeof(proofNode));
+	PlaintextProofNode plaintextNode;
+	bzero(&plaintextNode, sizeof(plaintextNode));
+	HiddenPlaintextProofNode hiddenPlaintextNode;
+	bzero(&hiddenPlaintextNode, sizeof(hiddenPlaintextNode));
+	PRUint8* plaintext;
+	PRUint8* salt_secret;
+	int num_proof_node;
+
+	PORT_Assert(proof_str != NULL && proof_size > PROOF_PAR_SIZE);
+
+	// Parse main structure
+	READ_LEN_FROM_OFFSET(&proofPar, proof_str, proof_offset, PROOF_PAR_SIZE);
+
+#ifdef TRACE
+	if(ssl_trace > 40){
+		printfProofParameters(&proofPar);
+	}
+#endif
+
+	// Check timestamps
+	if(proofPar.startTime > proofPar.stopTime){
+		return SECFailure;
+	}
+
+	// Parse signature
+	sig.type = siBuffer;
+	sig.data = proof_str+proof_offset;
+	sig.len = proofPar.sig_len;
+	proof_offset += proofPar.sig_len;
+	
+	// Parse certificate
+	certbuf.type = siBuffer;
+	certbuf.data = proof_str+proof_offset;
+	certbuf.len = proofPar.cert_chain_len;	
+	proof_offset += proofPar.cert_chain_len;
+	if(proofPar.cert_chain_len != 0){
+		cert = CERT_DecodeDERCertificate(&certbuf, PR_FALSE, NULL);
+
+		// Check against CA
+		// TODO: Move this
+		secuPWData pwdata;
+		pwdata.source = PW_PLAINTEXT;
+		pwdata.data = "";
+		if(CERT_VerifyCertNow(CERT_GetDefaultCertDB(), cert, PR_TRUE, certUsageSSLServer, &pwdata) != SECSuccess){
+#ifdef TRACE
+			ssl_Trace("Invalid Certificate.\n");
+#endif
+			return SECFailure;
+		}
+	}else{
+#ifdef TRACE
+		ssl_Trace("[TLS-N] Warning: This proof contains no certificate chain. It is only trustworthy if you know the generator's (server's) public key.\n");
+#endif
+	}
+
+	
+	// Loop over proof nodes
+	for(num_proof_node = 0; num_proof_node < proofPar.num_proof_nodes; ++num_proof_node){
+		READ_LEN_FROM_OFFSET(&proofNode, proof_str, proof_offset, PROOF_NODE_SIZE);
+		if(proofNode.node_type == hash_chain_node){
+				// Hash Chain Node
+				if(hash_chain == NULL){
+					// First value => Copy state
+					hash_chain = (PRUint8*) PORT_Alloc(proofPar.hash_size);
+					READ_LEN_FROM_OFFSET(hash_chain, proof_str, proof_offset, proofPar.hash_size)
+				} else {
+					// A hash chain value can only be given to initialize not to update
+					return SECFailure;
+				}
+		} else if(proofNode.node_type == merkle_hash_node){
+				// New hash of a record
+				hash_chain = advance_hash_chain2(hash_chain, proof_str+proof_offset, proofPar.hash_size, proofPar.hash_type);
+
+				proof_offset += proofPar.hash_size;
+		} else if(proofNode.node_type == plaintext_node){
+				READ_LEN_FROM_OFFSET(&plaintextNode, proof_str, proof_offset, PLAINTEXT_PROOF_NODE_SIZE);
+#ifdef TRACE
+				if(ssl_trace > 50){
+					// Print
+					printfPlaintextProofNode(&plaintextNode);
+				}
+#endif
+				plaintext = proof_str+proof_offset;
+				proof_offset += plaintextNode.len_record + recordPaddingSize(plaintextNode.len_record, proofPar.chunk_size);
+				salt_secret = proof_str+proof_offset;
+				proof_offset += proofPar.salt_size;
+
+				RecordProofInfo* rpi = init_proof_info_from_plaintext_proof(&proofPar, &plaintextNode, plaintext, NULL, NULL, NULL);
+			
+
+				#ifdef TRACE
+					my_print_buf("[TLS-N] Salt Secret: %s", salt_secret, proofPar.salt_size, 60);
+				#endif
+		
+				if(compute_salt_tree(rpi, salt_secret) != SECSuccess) return SECFailure;
+
+				PRUint8 merkle_hash[proofPar.hash_size];
+				if(compute_merkle_tree(rpi, merkle_hash) != SECSuccess) return SECFailure;
+				#ifdef TRACE
+					my_print_buf("[TLS-N] Computed merkle hash during proof verification: %s", merkle_hash, proofPar.hash_size, 60);
+					my_print_buf("[TLS-N] Plaintext: %s", plaintext, plaintextNode.len_record, 60);
+				#endif
+	
+				hash_chain = advance_hash_chain(rpi, hash_chain, merkle_hash);
+				free_rpi(rpi);
+
+		} else if(proofNode.node_type == hidden_plaintext_node) {
+				READ_LEN_FROM_OFFSET(&hiddenPlaintextNode, proof_str, proof_offset, HIDDEN_PLAINTEXT_PROOF_NODE_SIZE);
+#ifdef TRACE
+				if(ssl_trace > 50){
+					// Print
+					printfHiddenPlaintextProofNode(&hiddenPlaintextNode);
+				}
+#endif
+				ProofSalt *salt_locs = (ProofSalt*) PORT_Alloc(hiddenPlaintextNode.num_salts * sizeof(ProofSalt));
+				for(i = 0; i < hiddenPlaintextNode.num_salts; ++i){
+					READ_LEN_FROM_OFFSET(&(salt_locs[i]), proof_str, proof_offset, PROOF_SALT_SIZE);
+				}
+
+				PRUint8** proof_salts = (PRUint8**) PORT_Alloc(hiddenPlaintextNode.num_salts * sizeof(PRUint8*));
+				for(i = 0; i < hiddenPlaintextNode.num_salts; ++i){
+					proof_salts[i] = (PRUint8*) proof_str+proof_offset;
+					proof_offset += proofPar.salt_size;
+				}
+				
+				ProofMerkleNode *hash_locs = (ProofMerkleNode *) PORT_Alloc(hiddenPlaintextNode.num_hashes * sizeof(ProofMerkleNode));
+				for(i = 0; i < hiddenPlaintextNode.num_hashes; ++i){
+					READ_LEN_FROM_OFFSET(&(hash_locs[i]), proof_str, proof_offset, PROOF_MERKLE_NODE_SIZE);
+				}
+
+				PRUint8** proof_merkle_hashes = (PRUint8**) PORT_Alloc(hiddenPlaintextNode.num_hashes * sizeof(PRUint8*));
+				for(i = 0; i < hiddenPlaintextNode.num_hashes; ++i){
+					proof_merkle_hashes[i] = proof_str+proof_offset;
+					proof_offset += proofPar.hash_size;
+				}
+
+				RecordProofInfo* rpi = init_proof_info_from_proof(&proofPar, &hiddenPlaintextNode, NULL, hash_locs, proof_merkle_hashes, salt_locs);
+
+				PRUint8 *compressed_record = proof_str+proof_offset;
+				proof_offset += compute_compressed_record_length(rpi);
+
+				
+				if(inflate_record(rpi, compressed_record) != SECSuccess) return SECFailure;
+
+#ifdef TRACE
+				my_print_buf("[TLS-N] Plaintext: %s", rpi->record, hiddenPlaintextNode.len_record, 60);
+#endif
+			
+				
+				if(compute_salts_from_proof_salts(rpi, proof_salts) != SECSuccess) return SECFailure;
+				#ifdef TRACE
+					if(ssl_trace >= 60){
+						PRUint16 salt_id = 0;
+						for(salt_id = 0; salt_id < rpi->num_chunks; ++salt_id){
+							my_print_buf("[TLS-N] During Verification: Salt: %s", rpi->salts[salt_id], proofPar.salt_size, 60);
+						}
+						PRUint16 hash_id = 0;
+						for(hash_id = 0; hash_id < rpi->num_hashes; ++hash_id){
+							ssl_Trace("[TLS-N] During Verification: Hash %i: Level = %i, Index = %i", hash_id, rpi->hash_locs[hash_id].tree_level, rpi->hash_locs[hash_id].chunk_index);
+							my_print_buf("[TLS-N] Hash %s", rpi->proof_merkle_hashes[hash_id], proofPar.hash_size, 60);
+						}
+					}
+				#endif
+	
+				// -- Compute merkle hash ---
+				PRUint8 outbuf[rpi->hash_size];
+
+				if(compute_merkle_tree_from_proof(rpi, outbuf) != SECSuccess) return SECFailure;
+
+				#ifdef TRACE
+					my_print_buf("[TLS-N] Computed merkle hash during proof verification: %s",outbuf, proofPar.hash_size, 60);
+				#endif
+	
+				hash_chain = advance_hash_chain(rpi, hash_chain, outbuf);
+				free_rpi(rpi);
+				PORT_Free(proof_salts);
+				
+		}else{
+#ifdef TRACE
+			SSL_TRC(10, ("[TLS-N] Invalid Proof Format!"));
+#endif			
+			return SECFailure;
+		}
+	}
+
+	PORT_Assert(hash_chain != NULL);
+
+	if(proofPar.cert_chain_len != 0){
+		// Testing the Signature
+		// First constructing the signed data
+		data.type = siBuffer;
+		data.len = proofPar.hash_size;
+		data.data = (unsigned char *) PORT_Alloc(data.len);
+
+		PK11Context *ctx = PK11_CreateDigestContext(ssl3_HashTypeToOID(proofPar.hash_type));
+		if(tlsproof_hash_begin2(ctx) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(ctx, hash_chain, proofPar.hash_size) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(ctx, &proofPar.startTime, sizeof(proofPar.startTime)) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(ctx, &proofPar.stopTime, sizeof(proofPar.stopTime)) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(ctx, &proofPar.salt_size, sizeof(proofPar.salt_size)) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(ctx, &proofPar.chunk_size, sizeof(proofPar.chunk_size)) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_op(ctx, &proofPar.hash_type, sizeof(SSLHashType)) != SECSuccess) return SECFailure;
+		if(tlsproof_hash_finish2(ctx, data.data, proofPar.hash_size) != SECSuccess) return SECFailure;
+		PK11_DestroyContext(ctx, PR_TRUE);
+
+#ifdef TRACE
+		my_print_buf("[TLS-N] Final hash chain during proof verification: %s", hash_chain, proofPar.hash_size, 20);
+#endif
+		
+#ifdef TRACE
+		my_print_buf("[TLS-N] Hash to be signed: %s", data.data, data.len, 20);
+		my_print_buf("[TLS-N] Signature: %s", sig.data, sig.len, 20);
+#endif
+
+		SECKEYPublicKey *key = CERT_ExtractPublicKey(cert);
+		PORT_Assert(key != NULL);
+
+		if(PK11_Verify(key, &sig, &data, NULL) != SECSuccess){
+#ifdef TRACE
+			SSL_TRC(10, ("[TLS-N] Error: Signature Verification failed during Proof Verification!"));
+#endif 
+			// TODO: Cleanup here
+			return SECFailure;
+		}
+#ifdef TRACE
+		SSL_TRC(15, ("[TLS-N] Proof Verification: OK!"));
+#endif 
+
+		PORT_Free(data.data);
+		SECKEY_DestroyPublicKey(key);
+		CERT_DestroyCertificate(cert);
+}
+
+	PORT_Assert(proof_offset == proof_size);
+	if(hash_chain != NULL){
+		PORT_Free(hash_chain);
+	}
+
+#ifdef EV_MEASURE_COMP
+	PRTime measure_stop = PR_Now();
+	printf("[Measure-Verification] %lu, %i, %u, %u, %u\n", measure_stop - measure_start, proofPar.chunk_size, proofPar.salt_size, proofPar.hash_size, proof_size);
+#endif
+
+	return SECSuccess;
+}
+
+
+SECStatus SSL_TLSProofSetSaltSize(PRFileDesc *fd, PRUint16 client_prop_salt_size){
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) return SECFailure;
+
+    if(!ss->opt.enableTLSProof) return SECFailure;
+
+    ss->client_prop_salt_size = client_prop_salt_size;
+
+    return SECSuccess;
+}
+
+
+SECStatus SSL_TLSProofSetChunkSize(PRFileDesc *fd, PRUint16 client_prop_chunk_size){
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) return SECFailure;
+
+    if(!ss->opt.enableTLSProof) return SECFailure;
+
+    ss->client_prop_chunk_size = client_prop_chunk_size;
+
+    return SECSuccess;
+}
+
+
+
+/*Set the callback*/
+SECStatus SSL_TLSProofSetReturnCallBack(PRFileDesc *fd, SSLTLSProofReturnCallBack callback, PRUint8 proof_type)
+{
+	sslSocket *ss = ssl_FindSocket(fd);
+
+	if (!ss) return SECFailure;
+
+	if(!ss->opt.enableTLSProof) return SECFailure;
+
+	ss->tlsProofReturnCallBack = callback;
+
+	ss->tlsProofType = proof_type;
+
+	return SECSuccess;
+}
+
+
+
+
+
+/*Update the Merkle root with a new specify message. It is call whenever a server send or receive a message
+ * The message is passed by sslBuffer and the boolean received should be set if it is a received message*/
+SECStatus tlsproof_addMessageToProof(sslSocket *ss, const PRUint8 *record, const PRUint16 record_length, PRBool received)
+{
+
+#ifdef EV_MEASURE_COMP
+	PRTime measure_start = PR_Now();
+	PRTime merkle_tree_start, merkle_tree_stop, salt_tree_start, salt_tree_stop;
+	merkle_tree_start = merkle_tree_stop = salt_tree_start = salt_tree_stop = 0;
+#endif
+
+	// TODO: Move to post_handshake
+	if(ss->tlsproofTimeStampStart == 0){
+		ss->tlsproofTimeStampStart = PR_Now();
+	}
+
+	if(!record) return SECFailure;
+
+	// TODO: Replace printf with ssl_trace
+	SECStatus rv;
+	RecordProofInfo* rpi = init_proof_info(ss, record, record_length, received);
+	if(rpi == NULL) return SECFailure;
+	PRUint8 merkle_hash[rpi->hash_size];
+
+
+	// Get traffic secret
+	PK11SymKey * key;
+	if(ss->sec.isServer){
+		key = received ? ss->ssl3.crSpec->client.write_key : ss->ssl3.cwSpec->server.write_key;
+	} else {
+		key = received ? ss->ssl3.crSpec->server.write_key : ss->ssl3.cwSpec->client.write_key;
+	}
+	if(PK11_ExtractKeyValue(key) != SECSuccess || PK11_GetKeyData(key)->data == NULL){
+		printf("Error! The traffic secret is empty!\n");
+		return SECFailure;
+	}
+
+	// Generate intermediate key 
+	// Secret + Nonce
+	sslSequenceNumber nonce = received ? ss->ssl3.crSpec->read_seq_num : ss->ssl3.cwSpec->write_seq_num;
+#ifdef TRACE
+	SSL_TRC(50, ("[TLS-N] Nonce: %lu\n", nonce));
+#endif
+	PK11SymKey* tmp_secret;
+
+	tmp_secret = pk11_ConcatenateBaseAndData(key, (unsigned char*) &nonce, sizeof(sslSequenceNumber), tls13_GetHkdfMechanism(ss), CKA_DERIVE);
+	if(PK11_ExtractKeyValue(tmp_secret) != SECSuccess  || PK11_GetKeyData(tmp_secret)->data == NULL){
+		printf("Error! Temporary Secret not properly generated!\n");
+		return SECFailure;
+	}
+
+	// Generate the salt secret
+	const char kHkdfPurposeSaltSecret[] = "salt secret";
+	PK11SymKey* salt_secret;
+    rv = tls13_HkdfExpandLabel(tmp_secret, rpi->hash_type,
+                               NULL, 0,
+                               kHkdfPurposeSaltSecret, strlen(kHkdfPurposeSaltSecret),
+                               tls13_GetHkdfMechanism(ss),
+                               rpi->salt_size, &salt_secret);
+    if (rv != SECSuccess) {
+        return SECFailure;
+    }
+
+	// Compute salts
+	PORT_Assert(rpi->hash_size >= 2 * rpi->salt_size);
+	// level 0 = salt secret
+#ifdef TRACE
+	SSL_TRC(50, ("[TLS-N] Salt Index: %i, Salt Tree Levels: %i\n", rpi->salt_index, rpi->tree_levels));
+#endif
+	if(PK11_ExtractKeyValue(salt_secret) != SECSuccess || PK11_GetKeyData(salt_secret)->data == NULL){
+		printf("Error! Salt Secret not properly generated!\n");
+		return SECFailure;
+	}
+
+	// A client saving the plaintexts does not need to do this
+	if(ss->sec.isServer || (!requires_plaintext_saving(ss->tlsProofType))){
+	
+#ifdef EV_MEASURE_COMP
+		salt_tree_start = PR_Now();
+#endif
+		rv = compute_salt_tree(rpi, PK11_GetKeyData(salt_secret)->data);
+#ifdef EV_MEASURE_COMP
+		salt_tree_stop = PR_Now();
+#endif
+		if (rv != SECSuccess) {
+			return SECFailure;
+		}
+
+	#ifdef TRACE
+		if(ssl_trace >= 50){
+			ssl_Trace("Salt Size: %u", rpi->salt_size);
+			int i;
+			for(i = 0; i < rpi->num_chunks; ++i){
+				ssl_PrintBuf(ss, "[TLS-N] Salt:", rpi->salts[i], rpi->salt_size);
+			}
+		}
+	#endif
+
+#ifdef EV_MEASURE_COMP
+		merkle_tree_start = PR_Now();
+#endif
+		rv = compute_merkle_tree(rpi, merkle_hash);
+#ifdef EV_MEASURE_COMP
+		merkle_tree_stop = PR_Now();
+#endif
+		if (rv != SECSuccess) {
+			return SECFailure;
+		}
+
+
+	#ifdef TRACE
+		if (ssl_trace >= 25){
+			ssl_PrintBuf(ss, "Message Hash = ", merkle_hash, rpi->hash_size);
+		}
+	#endif
+	}
+
+	// The server manages the ordering vector and keeps the hash chain
+	if(ss->sec.isServer){
+
+		// Advance hash_chain
+		ss->tlsproofMerkleRoot = advance_hash_chain(rpi, ss->tlsproofMerkleRoot, merkle_hash);
+		if(ss->tlsproofMerkleRoot == NULL) return SECFailure;
+
+		// Manage Ordering Vector
+		if(ss->tlsproofOrderingVectorLen%8 == 0){
+			// Reallocate
+			ss->tlsproofOrderingVector = PORT_Realloc(ss->tlsproofOrderingVector, ss->tlsproofOrderingVectorLen + 1);
+			// Zero last part
+			ss->tlsproofOrderingVector[ss->tlsproofOrderingVectorLen/8] = 0;
+		}
+		// Server message => add a 1
+		if(! received){
+			ss->tlsproofOrderingVector[ss->tlsproofOrderingVectorLen/8] |= 1 << (ss->tlsproofOrderingVectorLen%8);
+		}
+		ss->tlsproofOrderingVectorLen++;
+#ifdef TRACE
+		if (ssl_trace >= 25){
+			ssl_PrintBuf(ss, "New Hash Chain Value: ", ss->tlsproofMerkleRoot, rpi->hash_size);
+		}
+#endif
+	} else {
+		// The client remembers the hashes of the different records
+		TLSProofClientRecording** recording_ptr = received ? &ss->tlsproofClientRecv: &ss->tlsproofClientSent;
+		PRUint32* len_ptr = received ? &ss->tlsproofClientRecvLen : &ss->tlsproofClientSentLen;
+
+#ifdef TRACE
+		if (ssl_trace >= 25){
+			ssl_Trace("[TLS-N] Adding element %i for %i: ", *len_ptr, received);
+		}
+#endif
+
+		// Reallocate
+		*recording_ptr = (TLSProofClientRecording*) PORT_Realloc(*recording_ptr, (*len_ptr + 1) * sizeof(TLSProofClientRecording));
+		bzero(&((*recording_ptr)[*len_ptr]), sizeof(TLSProofClientRecording));
+
+		// Check if the client has to save the plaintext
+		if(requires_plaintext_saving(ss->tlsProofType)){
+			// Save record size
+			(*recording_ptr)[*len_ptr].plaintext_size = record_length;
+			
+			// Allocate space for record + 1 for zero-byte for regexes later
+			(*recording_ptr)[*len_ptr].plaintext = (unsigned char*) PORT_Alloc(record_length + 1);
+			// Save record
+			PORT_Memcpy((*recording_ptr)[*len_ptr].plaintext, record, record_length);
+			// Set Zero Byte
+			(*recording_ptr)[*len_ptr].plaintext[record_length] = '\0';
+			// Allocate space for salt secret 
+			(*recording_ptr)[*len_ptr].salt_secret = (unsigned char*) PORT_Alloc(rpi->salt_size);
+			// Save salt secret 
+			PORT_Memcpy((*recording_ptr)[*len_ptr].salt_secret, PK11_GetKeyData(salt_secret)->data, rpi->salt_size);
+			(*recording_ptr)[*len_ptr].merkle_hash = NULL;
+		}else{
+			// Allocate space for merkle hash 
+			(*recording_ptr)[*len_ptr].merkle_hash = (unsigned char*) PORT_Alloc(rpi->hash_size);
+			// Save merkle hash
+			PORT_Memcpy((*recording_ptr)[*len_ptr].merkle_hash, merkle_hash, rpi->hash_size);
+			(*recording_ptr)[*len_ptr].salt_secret = NULL;
+			(*recording_ptr)[*len_ptr].plaintext = NULL;
+			(*recording_ptr)[*len_ptr].plaintext_size = 0;
+		}
+		
+		// Increment len counter
+		(*len_ptr)++;
+	}
+
+	
+	// Free secrets
+	PK11_FreeSymKey(tmp_secret);
+	PK11_FreeSymKey(salt_secret);
+
+#ifdef EV_MEASURE_COMP
+	if(!ss->sec.isServer){
+		PRTime measure_stop = PR_Now();
+		printf("[Measure-Latency] %lu, %i, %u, %u, %u\n", measure_stop - measure_start, record_length, rpi->chunk_size, rpi->salt_size, rpi->hash_size);
+	}else{
+		PRTime measure_stop = PR_Now();
+		printf("[Measure-Latency] %lu, %i, %u, %u, %u, %lu, %lu\n", measure_stop - measure_start, record_length, rpi->chunk_size, rpi->salt_size, rpi->hash_size, salt_tree_stop-salt_tree_start, merkle_tree_stop-merkle_tree_start);
+	}
+#endif
+	free_rpi(rpi);
+
+	return SECSuccess;
+}
+
+
+#ifdef TRACE
+void my_print_buf(char* fmt_msg, const PRUint8* buf, PRUint32 buf_size, PRUint8 ssl_limit){
+    if(ssl_trace >= ssl_limit){
+        int i;
+        char hexbuf[2 *buf_size+1];
+        for(i = 0; i < buf_size; ++i){
+            snprintf(hexbuf + 2*i, sizeof(hexbuf), "%02x", buf[i]);
+        }
+        ssl_Trace(fmt_msg, hexbuf);
+    }
+}
+#endif
+
+// TODO: ssl_DupSocket
diff --git a/nss/lib/ssl/tlsproof.h b/nss/lib/ssl/tlsproof.h
new file mode 100644
index 0000000..1cadd52
--- /dev/null
+++ b/nss/lib/ssl/tlsproof.h
@@ -0,0 +1,129 @@
+#ifndef __tlsproof_h_
+#define __tlsproof_h_
+#include "prtime.h"
+#include "sslt.h"
+#include "tlsproofstr.h"
+#include "hasht.h"
+#include "alghmac.h"
+#include "sechash.h"
+
+
+
+// The defaults for salt and chunk size
+// Salt size 128 bit of security
+#define SALT_SIZE 16
+// Make this configurable in the handshake
+#define CHUNK_SIZE 16383
+
+
+// Time difference in microseconds to trigger a warning
+#define TLS_PROOF_WARN_TIME_DIFF 1000000
+
+#define WRITE_AT_OFFSET(target, offset, val)\
+{ \
+	PORT_Memcpy(target + offset, &(val), sizeof(val)); \
+	offset += sizeof(val); \
+}
+
+#define WRITE_LEN_AT_OFFSET(target, offset, val, len)\
+{ \
+	PORT_Memcpy(target + offset, val, len); \
+	offset += len; \
+}
+
+#define WRITE_ZEROES_AT_OFFSET(target, offset, len)\
+{ \
+	PORT_Memset(target + offset, 0, len); \
+	offset += len; \
+}
+
+#define READ_LEN_FROM_OFFSET(target, buffer, offset, len)\
+{ \
+	PORT_Memcpy(target, buffer + offset, len); \
+	offset += len; \
+}
+
+
+void my_print_buf(char* fmt_msg, const PRUint8* buf, PRUint32 buf_size, PRUint8 ssl_limit);
+
+
+SECStatus tlsproof_HandleMessage(sslSocket *ss, sslBuffer *origBuf);
+SECStatus tlsproof_addMessageToProof(sslSocket *ss, const PRUint8 *record, const PRUint16 rec_len,  PRBool received);
+SECStatus SSL_TLSProofCheckProof(unsigned char *proof_str, unsigned int proof_size);
+SECStatus tlsproof_sendEvidenceOnClose(sslSocket *ss);
+
+
+// Proof paramaters
+#define PROOF_PAR_SIZE (sizeof(PRUint16) + sizeof(PRUint16) + sizeof(PRUint16) + sizeof(PRUint16) + sizeof(PRUint64) + sizeof(PRUint64)  + sizeof(PRUint16) + sizeof(PRUint16) + sizeof(SSLHashType))
+typedef struct ProofParStr{
+	PRUint16 hash_size;
+	PRUint16 salt_size;
+	PRUint16 chunk_size;
+	PRUint16 num_proof_nodes;
+	PRUint64 startTime;
+	PRUint64 stopTime;
+	PRUint16 sig_len; // Signature is directly after this struct
+	PRUint16 cert_chain_len; // Certificate Chain is after the signature
+	SSLHashType hash_type;
+} ProofPar;
+
+#define PROOF_NODE_SIZE 1
+typedef struct ProofNodeStr{
+	TLSProofNodeType node_type; // Can be Hash_chain, plaintext + salts, merkle_hash
+} ProofNode;
+
+// Order: Struct, Plaintext, Salt Secret
+#define PLAINTEXT_PROOF_NODE_SIZE (sizeof(PRUint16) + sizeof(PRUint8))
+typedef struct PlaintextProofNodeStr{
+	PRUint16 len_record;
+	PRUint8 gen_orig; // Record sent by the generator
+} PlaintextProofNode;
+
+// Order: Struct, Salts (Loc, Val), Hashes (Loc, Val), Uncensored Plaintext
+#define HIDDEN_PLAINTEXT_PROOF_NODE_SIZE (sizeof(PRUint16) + sizeof(PRUint16) + sizeof(PRUint16) + sizeof(PRUint8))
+typedef struct HiddenPlaintextProofNodeStr{
+	PRUint16 len_record;
+	PRUint16 num_salts; 
+	PRUint16 num_hashes;
+	PRUint8 gen_orig; // Record sent by the generator
+} HiddenPlaintextProofNode;
+
+
+#define EVIDENCE_MESSAGE_SIZE (sizeof(PRTime) + sizeof(PRTime) + sizeof(PRUint16) + sizeof(PRUint16))
+typedef struct EvidenceMessageStr{
+	PRTime timeStampStart;
+	PRTime timeStampStop;
+	PRUint16 sig_len;
+	PRUint16 orderingVectorLen;
+} EvidenceMessage;
+
+// Proof paramaters
+typedef struct RecordProofInfoStr{
+	const PRUint16 hash_size;
+	const PRUint16 salt_size;
+	const PRUint16 chunk_size;
+	const SSLHashType hash_type;
+	const PRUint8* record;
+	PRUint16 record_length;
+	const PRUint16 num_chunks; 
+	const PRUint16 tree_levels;
+	const PRUint8 gen_orig;
+	PRUint16 salt_index;
+	PRUint16 chunk_index;
+	PRUint8** salts;
+	PRUint16 num_hashes;
+	ProofMerkleNode* hash_locs;
+	PRUint8** proof_merkle_hashes;
+	PRUint16* hidden_chunk_ids;
+	PRUint16 num_hidden_chunks;
+	ProofSalt* salt_locs;
+	PRUint16 num_salts;
+	PRBool initialized_from_proof;
+	PK11Context *ctx;
+	const CK_MECHANISM_TYPE hkdf_mechanism;
+	HMACContext *hmac;
+	PRUint8* hmac_info;
+	PRUint8 hmac_info_len;
+} RecordProofInfo;
+
+#endif
diff --git a/nss/lib/ssl/tlsproofstr.h b/nss/lib/ssl/tlsproofstr.h
new file mode 100644
index 0000000..4ffbdd3
--- /dev/null
+++ b/nss/lib/ssl/tlsproofstr.h
@@ -0,0 +1,45 @@
+#ifndef __tlsproofstr_h_
+#define __tlsproofstr_h_
+
+    // Save the information necessary for proof generation
+    typedef struct TLSProofClientRecordingStr{
+        // Content of records
+        unsigned char* plaintext;
+        // Size of records
+        PRUint16 plaintext_size;
+        unsigned char* merkle_hash;
+        // Salt Secrets
+        unsigned char* salt_secret;
+    } TLSProofClientRecording;
+
+
+typedef enum {
+    merkle_hashes_proof = 1,
+    last_merkle_proof = 2,
+    last_message_proof = 4,
+    hidden_plaintext_proof = 8,
+    plaintext_proof = 16,
+	omit_cert_chain = 32
+} TLSProofType;
+
+typedef enum { 
+    hash_chain_node = 1,
+    plaintext_node = 2,
+    merkle_hash_node = 3,
+    hidden_plaintext_node = 4
+} TLSProofNodeType;
+
+// TODO: Rename
+#define PROOF_SALT_SIZE (sizeof(PRUint16) + sizeof(PRUint16))
+typedef struct ProofSaltStr {
+	PRUint16 tree_level;
+	PRUint16 salt_index;
+} ProofSalt;
+
+#define PROOF_MERKLE_NODE_SIZE (sizeof(PRUint16) + sizeof(PRUint16))
+typedef struct ProofMerkleNodeStr {
+	PRUint16 tree_level;
+	PRUint16 chunk_index;
+} ProofMerkleNode;
+
+#endif
diff --git a/nss/lib/ssl/unix_err.c b/nss/lib/ssl/unix_err.c
new file mode 100644
index 0000000..d4390b8
--- /dev/null
+++ b/nss/lib/ssl/unix_err.c
@@ -0,0 +1,837 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * This file essentially replicates NSPR's source for the functions that
+ * map system-specific error codes to NSPR error codes.  We would use
+ * NSPR's functions, instead of duplicating them, but they're private.
+ * As long as SSL's server session cache code must do platform native I/O
+ * to accomplish its job, and NSPR's error mapping functions remain private,
+ * this code will continue to need to be replicated.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#if 0
+#include "primpl.h"
+#else
+#define _PR_POLL_AVAILABLE 1
+#include "prerror.h"
+#endif
+
+#if defined(__bsdi__) || defined(NTO) || defined(DARWIN) || defined(BEOS)
+#undef _PR_POLL_AVAILABLE
+#endif
+
+#if defined(_PR_POLL_AVAILABLE)
+#include <poll.h>
+#endif
+#include <errno.h>
+
+/* forward declarations. */
+void nss_MD_unix_map_default_error(int err);
+
+void
+nss_MD_unix_map_opendir_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_closedir_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EINVAL:
+            prError = PR_BAD_DESCRIPTOR_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_readdir_error(int err)
+{
+    PRErrorCode prError;
+
+    switch (err) {
+        case ENOENT:
+            prError = PR_NO_MORE_FILES_ERROR;
+            break;
+#ifdef EOVERFLOW
+        case EOVERFLOW:
+            prError = PR_IO_ERROR;
+            break;
+#endif
+        case EINVAL:
+            prError = PR_IO_ERROR;
+            break;
+        case ENXIO:
+            prError = PR_IO_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_unlink_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EPERM:
+            prError = PR_IS_DIRECTORY_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_stat_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_fstat_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_rename_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EEXIST:
+            prError = PR_DIRECTORY_NOT_EMPTY_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_access_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_mkdir_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_rmdir_error(int err)
+{
+    PRErrorCode prError;
+
+    switch (err) {
+        case EEXIST:
+            prError = PR_DIRECTORY_NOT_EMPTY_ERROR;
+            break;
+        case EINVAL:
+            prError = PR_DIRECTORY_NOT_EMPTY_ERROR;
+            break;
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_read_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EINVAL:
+            prError = PR_INVALID_METHOD_ERROR;
+            break;
+        case ENXIO:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_write_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EINVAL:
+            prError = PR_INVALID_METHOD_ERROR;
+            break;
+        case ENXIO:
+            prError = PR_INVALID_METHOD_ERROR;
+            break;
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_lseek_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_fsync_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        case EINVAL:
+            prError = PR_INVALID_METHOD_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_close_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_socket_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ENOMEM:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_socketavailable_error(int err)
+{
+    PR_SetError(PR_BAD_DESCRIPTOR_ERROR, err);
+}
+
+void
+nss_MD_unix_map_recv_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_recvfrom_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_send_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_sendto_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_writev_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_accept_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ENODEV:
+            prError = PR_NOT_TCP_SOCKET_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_connect_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EACCES:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+#if defined(UNIXWARE) || defined(SNI) || defined(NEC)
+        /*
+         * On some platforms, if we connect to a port on the local host
+         * (the loopback address) that no process is listening on, we get
+         * EIO instead of ECONNREFUSED.
+         */
+        case EIO:
+            prError = PR_CONNECT_REFUSED_ERROR;
+            break;
+#endif
+        case ELOOP:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case ENOENT:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case ENXIO:
+            prError = PR_IO_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_bind_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EINVAL:
+            prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR;
+            break;
+        /*
+             * UNIX domain sockets are not supported in NSPR
+             */
+        case EIO:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case EISDIR:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case ELOOP:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case ENOENT:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case ENOTDIR:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case EROFS:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_listen_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_shutdown_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_socketpair_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ENOMEM:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_getsockname_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case ENOMEM:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_getpeername_error(int err)
+{
+    PRErrorCode prError;
+
+    switch (err) {
+        case ENOMEM:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_getsockopt_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EINVAL:
+            prError = PR_BUFFER_OVERFLOW_ERROR;
+            break;
+        case ENOMEM:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_setsockopt_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EINVAL:
+            prError = PR_BUFFER_OVERFLOW_ERROR;
+            break;
+        case ENOMEM:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_open_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EAGAIN:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case EBUSY:
+            prError = PR_IO_ERROR;
+            break;
+        case ENODEV:
+            prError = PR_FILE_NOT_FOUND_ERROR;
+            break;
+        case ENOMEM:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case ETIMEDOUT:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_mmap_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EAGAIN:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case EMFILE:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case ENODEV:
+            prError = PR_OPERATION_NOT_SUPPORTED_ERROR;
+            break;
+        case ENXIO:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_gethostname_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+void
+nss_MD_unix_map_select_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+
+#ifdef _PR_POLL_AVAILABLE
+void
+nss_MD_unix_map_poll_error(int err)
+{
+    PRErrorCode prError;
+
+    switch (err) {
+        case EAGAIN:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_poll_revents_error(int err)
+{
+    if (err & POLLNVAL)
+        PR_SetError(PR_BAD_DESCRIPTOR_ERROR, EBADF);
+    else if (err & POLLHUP)
+        PR_SetError(PR_CONNECT_RESET_ERROR, EPIPE);
+    else if (err & POLLERR)
+        PR_SetError(PR_IO_ERROR, EIO);
+    else
+        PR_SetError(PR_UNKNOWN_ERROR, err);
+}
+#endif /* _PR_POLL_AVAILABLE */
+
+void
+nss_MD_unix_map_flock_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EINVAL:
+            prError = PR_BAD_DESCRIPTOR_ERROR;
+            break;
+        case EWOULDBLOCK:
+            prError = PR_FILE_IS_LOCKED_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_unix_map_lockf_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EACCES:
+            prError = PR_FILE_IS_LOCKED_ERROR;
+            break;
+        case EDEADLK:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        default:
+            nss_MD_unix_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+#ifdef HPUX11
+void
+nss_MD_hpux_map_sendfile_error(int err)
+{
+    nss_MD_unix_map_default_error(err);
+}
+#endif /* HPUX11 */
+
+void
+nss_MD_unix_map_default_error(int err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case EACCES:
+            prError = PR_NO_ACCESS_RIGHTS_ERROR;
+            break;
+        case EADDRINUSE:
+            prError = PR_ADDRESS_IN_USE_ERROR;
+            break;
+        case EADDRNOTAVAIL:
+            prError = PR_ADDRESS_NOT_AVAILABLE_ERROR;
+            break;
+        case EAFNOSUPPORT:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case EAGAIN:
+            prError = PR_WOULD_BLOCK_ERROR;
+            break;
+/*
+     * On QNX and Neutrino, EALREADY is defined as EBUSY.
+     */
+#if EALREADY != EBUSY
+        case EALREADY:
+            prError = PR_ALREADY_INITIATED_ERROR;
+            break;
+#endif
+        case EBADF:
+            prError = PR_BAD_DESCRIPTOR_ERROR;
+            break;
+#ifdef EBADMSG
+        case EBADMSG:
+            prError = PR_IO_ERROR;
+            break;
+#endif
+        case EBUSY:
+            prError = PR_FILESYSTEM_MOUNTED_ERROR;
+            break;
+        case ECONNREFUSED:
+            prError = PR_CONNECT_REFUSED_ERROR;
+            break;
+        case ECONNRESET:
+            prError = PR_CONNECT_RESET_ERROR;
+            break;
+        case EDEADLK:
+            prError = PR_DEADLOCK_ERROR;
+            break;
+#ifdef EDIRCORRUPTED
+        case EDIRCORRUPTED:
+            prError = PR_DIRECTORY_CORRUPTED_ERROR;
+            break;
+#endif
+#ifdef EDQUOT
+        case EDQUOT:
+            prError = PR_NO_DEVICE_SPACE_ERROR;
+            break;
+#endif
+        case EEXIST:
+            prError = PR_FILE_EXISTS_ERROR;
+            break;
+        case EFAULT:
+            prError = PR_ACCESS_FAULT_ERROR;
+            break;
+        case EFBIG:
+            prError = PR_FILE_TOO_BIG_ERROR;
+            break;
+        case EINPROGRESS:
+            prError = PR_IN_PROGRESS_ERROR;
+            break;
+        case EINTR:
+            prError = PR_PENDING_INTERRUPT_ERROR;
+            break;
+        case EINVAL:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case EIO:
+            prError = PR_IO_ERROR;
+            break;
+        case EISCONN:
+            prError = PR_IS_CONNECTED_ERROR;
+            break;
+        case EISDIR:
+            prError = PR_IS_DIRECTORY_ERROR;
+            break;
+        case ELOOP:
+            prError = PR_LOOP_ERROR;
+            break;
+        case EMFILE:
+            prError = PR_PROC_DESC_TABLE_FULL_ERROR;
+            break;
+        case EMLINK:
+            prError = PR_MAX_DIRECTORY_ENTRIES_ERROR;
+            break;
+        case EMSGSIZE:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+#ifdef EMULTIHOP
+        case EMULTIHOP:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+#endif
+        case ENAMETOOLONG:
+            prError = PR_NAME_TOO_LONG_ERROR;
+            break;
+        case ENETUNREACH:
+            prError = PR_NETWORK_UNREACHABLE_ERROR;
+            break;
+        case ENFILE:
+            prError = PR_SYS_DESC_TABLE_FULL_ERROR;
+            break;
+#if !defined(SCO)
+        case ENOBUFS:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+#endif
+        case ENODEV:
+            prError = PR_FILE_NOT_FOUND_ERROR;
+            break;
+        case ENOENT:
+            prError = PR_FILE_NOT_FOUND_ERROR;
+            break;
+        case ENOLCK:
+            prError = PR_FILE_IS_LOCKED_ERROR;
+            break;
+#ifdef ENOLINK
+        case ENOLINK:
+            prError = PR_REMOTE_FILE_ERROR;
+            break;
+#endif
+        case ENOMEM:
+            prError = PR_OUT_OF_MEMORY_ERROR;
+            break;
+        case ENOPROTOOPT:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case ENOSPC:
+            prError = PR_NO_DEVICE_SPACE_ERROR;
+            break;
+#ifdef ENOSR
+        case ENOSR:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+#endif
+        case ENOTCONN:
+            prError = PR_NOT_CONNECTED_ERROR;
+            break;
+        case ENOTDIR:
+            prError = PR_NOT_DIRECTORY_ERROR;
+            break;
+        case ENOTSOCK:
+            prError = PR_NOT_SOCKET_ERROR;
+            break;
+        case ENXIO:
+            prError = PR_FILE_NOT_FOUND_ERROR;
+            break;
+        case EOPNOTSUPP:
+            prError = PR_NOT_TCP_SOCKET_ERROR;
+            break;
+#ifdef EOVERFLOW
+        case EOVERFLOW:
+            prError = PR_BUFFER_OVERFLOW_ERROR;
+            break;
+#endif
+        case EPERM:
+            prError = PR_NO_ACCESS_RIGHTS_ERROR;
+            break;
+        case EPIPE:
+            prError = PR_CONNECT_RESET_ERROR;
+            break;
+#ifdef EPROTO
+        case EPROTO:
+            prError = PR_IO_ERROR;
+            break;
+#endif
+        case EPROTONOSUPPORT:
+            prError = PR_PROTOCOL_NOT_SUPPORTED_ERROR;
+            break;
+        case EPROTOTYPE:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case ERANGE:
+            prError = PR_INVALID_METHOD_ERROR;
+            break;
+        case EROFS:
+            prError = PR_READ_ONLY_FILESYSTEM_ERROR;
+            break;
+        case ESPIPE:
+            prError = PR_INVALID_METHOD_ERROR;
+            break;
+        case ETIMEDOUT:
+            prError = PR_IO_TIMEOUT_ERROR;
+            break;
+#if EWOULDBLOCK != EAGAIN
+        case EWOULDBLOCK:
+            prError = PR_WOULD_BLOCK_ERROR;
+            break;
+#endif
+        case EXDEV:
+            prError = PR_NOT_SAME_DEVICE_ERROR;
+            break;
+
+        default:
+            prError = PR_UNKNOWN_ERROR;
+            break;
+    }
+    PR_SetError(prError, err);
+}
diff --git a/nss/lib/ssl/unix_err.h b/nss/lib/ssl/unix_err.h
new file mode 100644
index 0000000..5d7d547
--- /dev/null
+++ b/nss/lib/ssl/unix_err.h
@@ -0,0 +1,57 @@
+/*
+ * This file essentially replicates NSPR's source for the functions that
+ * map system-specific error codes to NSPR error codes.  We would use
+ * NSPR's functions, instead of duplicating them, but they're private.
+ * As long as SSL's server session cache code must do platform native I/O
+ * to accomplish its job, and NSPR's error mapping functions remain private,
+ * this code will continue to need to be replicated.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*  NSPR doesn't make these functions public, so we have to duplicate
+**  them in NSS.
+*/
+extern void nss_MD_hpux_map_sendfile_error(int err);
+extern void nss_MD_unix_map_accept_error(int err);
+extern void nss_MD_unix_map_access_error(int err);
+extern void nss_MD_unix_map_bind_error(int err);
+extern void nss_MD_unix_map_close_error(int err);
+extern void nss_MD_unix_map_closedir_error(int err);
+extern void nss_MD_unix_map_connect_error(int err);
+extern void nss_MD_unix_map_default_error(int err);
+extern void nss_MD_unix_map_flock_error(int err);
+extern void nss_MD_unix_map_fstat_error(int err);
+extern void nss_MD_unix_map_fsync_error(int err);
+extern void nss_MD_unix_map_gethostname_error(int err);
+extern void nss_MD_unix_map_getpeername_error(int err);
+extern void nss_MD_unix_map_getsockname_error(int err);
+extern void nss_MD_unix_map_getsockopt_error(int err);
+extern void nss_MD_unix_map_listen_error(int err);
+extern void nss_MD_unix_map_lockf_error(int err);
+extern void nss_MD_unix_map_lseek_error(int err);
+extern void nss_MD_unix_map_mkdir_error(int err);
+extern void nss_MD_unix_map_mmap_error(int err);
+extern void nss_MD_unix_map_open_error(int err);
+extern void nss_MD_unix_map_opendir_error(int err);
+extern void nss_MD_unix_map_poll_error(int err);
+extern void nss_MD_unix_map_poll_revents_error(int err);
+extern void nss_MD_unix_map_read_error(int err);
+extern void nss_MD_unix_map_readdir_error(int err);
+extern void nss_MD_unix_map_recv_error(int err);
+extern void nss_MD_unix_map_recvfrom_error(int err);
+extern void nss_MD_unix_map_rename_error(int err);
+extern void nss_MD_unix_map_rmdir_error(int err);
+extern void nss_MD_unix_map_select_error(int err);
+extern void nss_MD_unix_map_send_error(int err);
+extern void nss_MD_unix_map_sendto_error(int err);
+extern void nss_MD_unix_map_setsockopt_error(int err);
+extern void nss_MD_unix_map_shutdown_error(int err);
+extern void nss_MD_unix_map_socket_error(int err);
+extern void nss_MD_unix_map_socketavailable_error(int err);
+extern void nss_MD_unix_map_socketpair_error(int err);
+extern void nss_MD_unix_map_stat_error(int err);
+extern void nss_MD_unix_map_unlink_error(int err);
+extern void nss_MD_unix_map_write_error(int err);
+extern void nss_MD_unix_map_writev_error(int err);
diff --git a/nss/lib/ssl/win32err.c b/nss/lib/ssl/win32err.c
new file mode 100644
index 0000000..caa12b9
--- /dev/null
+++ b/nss/lib/ssl/win32err.c
@@ -0,0 +1,550 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/*
+ * This file essentially replicates NSPR's source for the functions that
+ * map system-specific error codes to NSPR error codes.  We would use
+ * NSPR's functions, instead of duplicating them, but they're private.
+ * As long as SSL's server session cache code must do platform native I/O
+ * to accomplish its job, and NSPR's error mapping functions remain private,
+ * this code will continue to need to be replicated.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prerror.h"
+#include "prlog.h"
+#include <errno.h>
+#include <windows.h>
+
+/*
+ * On Win32, we map three kinds of error codes:
+ * - GetLastError(): for Win32 functions
+ * - WSAGetLastError(): for Winsock functions
+ * - errno: for standard C library functions
+ *
+ * We do not check for WSAEINPROGRESS and WSAEINTR because we do not
+ * use blocking Winsock 1.1 calls.
+ *
+ * Except for the 'socket' call, we do not check for WSAEINITIALISED.
+ * It is assumed that if Winsock is not initialized, that fact will
+ * be detected at the time we create new sockets.
+ */
+
+/* forward declaration. */
+void nss_MD_win32_map_default_error(PRInt32 err);
+
+void
+nss_MD_win32_map_opendir_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_closedir_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_readdir_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_delete_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+/* The error code for stat() is in errno. */
+void
+nss_MD_win32_map_stat_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_fstat_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_rename_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+/* The error code for access() is in errno. */
+void
+nss_MD_win32_map_access_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_mkdir_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_rmdir_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_read_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_transmitfile_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_write_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_lseek_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_fsync_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+/*
+ * For both CloseHandle() and closesocket().
+ */
+void
+nss_MD_win32_map_close_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_socket_error(PRInt32 err)
+{
+    PR_ASSERT(err != WSANOTINITIALISED);
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_recv_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_recvfrom_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_send_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAEMSGSIZE:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_sendto_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAEMSGSIZE:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_accept_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAEOPNOTSUPP:
+            prError = PR_NOT_TCP_SOCKET_ERROR;
+            break;
+        case WSAEINVAL:
+            prError = PR_INVALID_STATE_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_acceptex_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_connect_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAEWOULDBLOCK:
+            prError = PR_IN_PROGRESS_ERROR;
+            break;
+        case WSAEINVAL:
+            prError = PR_ALREADY_INITIATED_ERROR;
+            break;
+        case WSAETIMEDOUT:
+            prError = PR_IO_TIMEOUT_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_bind_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAEINVAL:
+            prError = PR_SOCKET_ADDRESS_IS_BOUND_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_listen_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAEOPNOTSUPP:
+            prError = PR_NOT_TCP_SOCKET_ERROR;
+            break;
+        case WSAEINVAL:
+            prError = PR_INVALID_STATE_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_shutdown_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_getsockname_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAEINVAL:
+            prError = PR_INVALID_STATE_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_getpeername_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_getsockopt_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_setsockopt_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_open_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_gethostname_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+/* Win32 select() only works on sockets.  So in this
+** context, WSAENOTSOCK is equivalent to EBADF on Unix.
+*/
+void
+nss_MD_win32_map_select_error(PRInt32 err)
+{
+    PRErrorCode prError;
+    switch (err) {
+        case WSAENOTSOCK:
+            prError = PR_BAD_DESCRIPTOR_ERROR;
+            break;
+        default:
+            nss_MD_win32_map_default_error(err);
+            return;
+    }
+    PR_SetError(prError, err);
+}
+
+void
+nss_MD_win32_map_lockf_error(PRInt32 err)
+{
+    nss_MD_win32_map_default_error(err);
+}
+
+void
+nss_MD_win32_map_default_error(PRInt32 err)
+{
+    PRErrorCode prError;
+
+    switch (err) {
+        case EACCES:
+            prError = PR_NO_ACCESS_RIGHTS_ERROR;
+            break;
+        case ENOENT:
+            prError = PR_FILE_NOT_FOUND_ERROR;
+            break;
+        case ERROR_ACCESS_DENIED:
+            prError = PR_NO_ACCESS_RIGHTS_ERROR;
+            break;
+        case ERROR_ALREADY_EXISTS:
+            prError = PR_FILE_EXISTS_ERROR;
+            break;
+        case ERROR_DISK_CORRUPT:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_DISK_FULL:
+            prError = PR_NO_DEVICE_SPACE_ERROR;
+            break;
+        case ERROR_DISK_OPERATION_FAILED:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_DRIVE_LOCKED:
+            prError = PR_FILE_IS_LOCKED_ERROR;
+            break;
+        case ERROR_FILENAME_EXCED_RANGE:
+            prError = PR_NAME_TOO_LONG_ERROR;
+            break;
+        case ERROR_FILE_CORRUPT:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_FILE_EXISTS:
+            prError = PR_FILE_EXISTS_ERROR;
+            break;
+        case ERROR_FILE_INVALID:
+            prError = PR_BAD_DESCRIPTOR_ERROR;
+            break;
+#if ERROR_FILE_NOT_FOUND != ENOENT
+        case ERROR_FILE_NOT_FOUND:
+            prError = PR_FILE_NOT_FOUND_ERROR;
+            break;
+#endif
+        case ERROR_HANDLE_DISK_FULL:
+            prError = PR_NO_DEVICE_SPACE_ERROR;
+            break;
+        case ERROR_INVALID_ADDRESS:
+            prError = PR_ACCESS_FAULT_ERROR;
+            break;
+        case ERROR_INVALID_HANDLE:
+            prError = PR_BAD_DESCRIPTOR_ERROR;
+            break;
+        case ERROR_INVALID_NAME:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case ERROR_INVALID_PARAMETER:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case ERROR_INVALID_USER_BUFFER:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case ERROR_LOCKED:
+            prError = PR_FILE_IS_LOCKED_ERROR;
+            break;
+        case ERROR_NETNAME_DELETED:
+            prError = PR_CONNECT_RESET_ERROR;
+            break;
+        case ERROR_NOACCESS:
+            prError = PR_ACCESS_FAULT_ERROR;
+            break;
+        case ERROR_NOT_ENOUGH_MEMORY:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case ERROR_NOT_ENOUGH_QUOTA:
+            prError = PR_OUT_OF_MEMORY_ERROR;
+            break;
+        case ERROR_NOT_READY:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_NO_MORE_FILES:
+            prError = PR_NO_MORE_FILES_ERROR;
+            break;
+        case ERROR_OPEN_FAILED:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_OPEN_FILES:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_OUTOFMEMORY:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case ERROR_PATH_BUSY:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_PATH_NOT_FOUND:
+            prError = PR_FILE_NOT_FOUND_ERROR;
+            break;
+        case ERROR_SEEK_ON_DEVICE:
+            prError = PR_IO_ERROR;
+            break;
+        case ERROR_SHARING_VIOLATION:
+            prError = PR_FILE_IS_BUSY_ERROR;
+            break;
+        case ERROR_STACK_OVERFLOW:
+            prError = PR_ACCESS_FAULT_ERROR;
+            break;
+        case ERROR_TOO_MANY_OPEN_FILES:
+            prError = PR_SYS_DESC_TABLE_FULL_ERROR;
+            break;
+        case ERROR_WRITE_PROTECT:
+            prError = PR_NO_ACCESS_RIGHTS_ERROR;
+            break;
+        case WSAEACCES:
+            prError = PR_NO_ACCESS_RIGHTS_ERROR;
+            break;
+        case WSAEADDRINUSE:
+            prError = PR_ADDRESS_IN_USE_ERROR;
+            break;
+        case WSAEADDRNOTAVAIL:
+            prError = PR_ADDRESS_NOT_AVAILABLE_ERROR;
+            break;
+        case WSAEAFNOSUPPORT:
+            prError = PR_ADDRESS_NOT_SUPPORTED_ERROR;
+            break;
+        case WSAEALREADY:
+            prError = PR_ALREADY_INITIATED_ERROR;
+            break;
+        case WSAEBADF:
+            prError = PR_BAD_DESCRIPTOR_ERROR;
+            break;
+        case WSAECONNABORTED:
+            prError = PR_CONNECT_ABORTED_ERROR;
+            break;
+        case WSAECONNREFUSED:
+            prError = PR_CONNECT_REFUSED_ERROR;
+            break;
+        case WSAECONNRESET:
+            prError = PR_CONNECT_RESET_ERROR;
+            break;
+        case WSAEDESTADDRREQ:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case WSAEFAULT:
+            prError = PR_ACCESS_FAULT_ERROR;
+            break;
+        case WSAEHOSTUNREACH:
+            prError = PR_HOST_UNREACHABLE_ERROR;
+            break;
+        case WSAEINVAL:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case WSAEISCONN:
+            prError = PR_IS_CONNECTED_ERROR;
+            break;
+        case WSAEMFILE:
+            prError = PR_PROC_DESC_TABLE_FULL_ERROR;
+            break;
+        case WSAEMSGSIZE:
+            prError = PR_BUFFER_OVERFLOW_ERROR;
+            break;
+        case WSAENETDOWN:
+            prError = PR_NETWORK_DOWN_ERROR;
+            break;
+        case WSAENETRESET:
+            prError = PR_CONNECT_ABORTED_ERROR;
+            break;
+        case WSAENETUNREACH:
+            prError = PR_NETWORK_UNREACHABLE_ERROR;
+            break;
+        case WSAENOBUFS:
+            prError = PR_INSUFFICIENT_RESOURCES_ERROR;
+            break;
+        case WSAENOPROTOOPT:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case WSAENOTCONN:
+            prError = PR_NOT_CONNECTED_ERROR;
+            break;
+        case WSAENOTSOCK:
+            prError = PR_NOT_SOCKET_ERROR;
+            break;
+        case WSAEOPNOTSUPP:
+            prError = PR_OPERATION_NOT_SUPPORTED_ERROR;
+            break;
+        case WSAEPROTONOSUPPORT:
+            prError = PR_PROTOCOL_NOT_SUPPORTED_ERROR;
+            break;
+        case WSAEPROTOTYPE:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case WSAESHUTDOWN:
+            prError = PR_SOCKET_SHUTDOWN_ERROR;
+            break;
+        case WSAESOCKTNOSUPPORT:
+            prError = PR_INVALID_ARGUMENT_ERROR;
+            break;
+        case WSAETIMEDOUT:
+            prError = PR_CONNECT_ABORTED_ERROR;
+            break;
+        case WSAEWOULDBLOCK:
+            prError = PR_WOULD_BLOCK_ERROR;
+            break;
+        default:
+            prError = PR_UNKNOWN_ERROR;
+            break;
+    }
+    PR_SetError(prError, err);
+}
diff --git a/nss/lib/ssl/win32err.h b/nss/lib/ssl/win32err.h
new file mode 100644
index 0000000..a698849
--- /dev/null
+++ b/nss/lib/ssl/win32err.h
@@ -0,0 +1,51 @@
+/*
+ * This file essentially replicates NSPR's source for the functions that
+ * map system-specific error codes to NSPR error codes.  We would use
+ * NSPR's functions, instead of duplicating them, but they're private.
+ * As long as SSL's server session cache code must do platform native I/O
+ * to accomplish its job, and NSPR's error mapping functions remain private,
+ * This code will continue to need to be replicated.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*  NSPR doesn't make these functions public, so we have to duplicate
+**  them in NSS.
+*/
+extern void nss_MD_win32_map_accept_error(PRInt32 err);
+extern void nss_MD_win32_map_acceptex_error(PRInt32 err);
+extern void nss_MD_win32_map_access_error(PRInt32 err);
+extern void nss_MD_win32_map_bind_error(PRInt32 err);
+extern void nss_MD_win32_map_close_error(PRInt32 err);
+extern void nss_MD_win32_map_closedir_error(PRInt32 err);
+extern void nss_MD_win32_map_connect_error(PRInt32 err);
+extern void nss_MD_win32_map_default_error(PRInt32 err);
+extern void nss_MD_win32_map_delete_error(PRInt32 err);
+extern void nss_MD_win32_map_fstat_error(PRInt32 err);
+extern void nss_MD_win32_map_fsync_error(PRInt32 err);
+extern void nss_MD_win32_map_gethostname_error(PRInt32 err);
+extern void nss_MD_win32_map_getpeername_error(PRInt32 err);
+extern void nss_MD_win32_map_getsockname_error(PRInt32 err);
+extern void nss_MD_win32_map_getsockopt_error(PRInt32 err);
+extern void nss_MD_win32_map_listen_error(PRInt32 err);
+extern void nss_MD_win32_map_lockf_error(PRInt32 err);
+extern void nss_MD_win32_map_lseek_error(PRInt32 err);
+extern void nss_MD_win32_map_mkdir_error(PRInt32 err);
+extern void nss_MD_win32_map_open_error(PRInt32 err);
+extern void nss_MD_win32_map_opendir_error(PRInt32 err);
+extern void nss_MD_win32_map_read_error(PRInt32 err);
+extern void nss_MD_win32_map_readdir_error(PRInt32 err);
+extern void nss_MD_win32_map_recv_error(PRInt32 err);
+extern void nss_MD_win32_map_recvfrom_error(PRInt32 err);
+extern void nss_MD_win32_map_rename_error(PRInt32 err);
+extern void nss_MD_win32_map_rmdir_error(PRInt32 err);
+extern void nss_MD_win32_map_select_error(PRInt32 err);
+extern void nss_MD_win32_map_send_error(PRInt32 err);
+extern void nss_MD_win32_map_sendto_error(PRInt32 err);
+extern void nss_MD_win32_map_setsockopt_error(PRInt32 err);
+extern void nss_MD_win32_map_shutdown_error(PRInt32 err);
+extern void nss_MD_win32_map_socket_error(PRInt32 err);
+extern void nss_MD_win32_map_stat_error(PRInt32 err);
+extern void nss_MD_win32_map_transmitfile_error(PRInt32 err);
+extern void nss_MD_win32_map_write_error(PRInt32 err);
diff --git a/nss/lib/sysinit/Makefile b/nss/lib/sysinit/Makefile
new file mode 100644
index 0000000..fe59954
--- /dev/null
+++ b/nss/lib/sysinit/Makefile
@@ -0,0 +1,48 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+#include ../platlibs.mk
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+#include ../platrules.mk
+
diff --git a/nss/lib/sysinit/config.mk b/nss/lib/sysinit/config.mk
new file mode 100644
index 0000000..037641b
--- /dev/null
+++ b/nss/lib/sysinit/config.mk
@@ -0,0 +1,80 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = $(LIBRARY_NAME).rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4\
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(DIST)/lib/nssutil3.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSSUTIL_LIB_DIR) \
+	-lnssutil3 \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
+
+# $(PROGRAM) has explicit dependencies on $(EXTRA_LIBS)
+
+ifeq ($(OS_TARGET),SunOS)
+ifeq ($(BUILD_SUN_PKG), 1)
+# The -R '$ORIGIN' linker option instructs this library to search for its
+# dependencies in the same directory where it resides.
+ifeq ($(USE_64), 1)
+MKSHLIB += -R '$$ORIGIN:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
+else
+MKSHLIB += -R '$$ORIGIN:/usr/lib/mps/secv1:/usr/lib/mps'
+endif
+else
+MKSHLIB += -R '$$ORIGIN'
+endif
+endif
+
+ifeq ($(OS_ARCH), HP-UX) 
+ifneq ($(OS_TEST), ia64)
+# pa-risc
+ifeq ($(USE_64), 1)
+MKSHLIB += +b '$$ORIGIN'
+endif
+endif
+endif
diff --git a/nss/lib/sysinit/manifest.mn b/nss/lib/sysinit/manifest.mn
new file mode 100644
index 0000000..822f4fc
--- /dev/null
+++ b/nss/lib/sysinit/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = nss 
+
+CSRCS = nsssysinit.c
+
+LIBRARY_NAME = nsssysinit
+#LIBRARY_VERSION = 3
+
diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c
new file mode 100644
index 0000000..39e2ad7
--- /dev/null
+++ b/nss/lib/sysinit/nsssysinit.c
@@ -0,0 +1,403 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "seccomon.h"
+#include "prio.h"
+#include "prprf.h"
+#include "plhash.h"
+#include "prenv.h"
+
+/*
+ * The following provides a default example for operating systems to set up
+ * and manage applications loading NSS on their OS globally.
+ *
+ * This code hooks in to the system pkcs11.txt, which controls all the loading
+ * of pkcs11 modules common to all applications.
+ */
+
+/*
+ * OS Specific function to get where the NSS user database should reside.
+ */
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+static int
+testdir(char *dir)
+{
+    struct stat buf;
+    memset(&buf, 0, sizeof(buf));
+
+    if (stat(dir, &buf) < 0) {
+        return 0;
+    }
+
+    return S_ISDIR(buf.st_mode);
+}
+
+#define NSS_USER_PATH1 "/.pki"
+#define NSS_USER_PATH2 "/nssdb"
+static char *
+getUserDB(void)
+{
+    char *userdir = PR_GetEnvSecure("HOME");
+    char *nssdir = NULL;
+
+    if (userdir == NULL) {
+        return NULL;
+    }
+
+    nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
+    if (nssdir == NULL) {
+        return NULL;
+    }
+    PORT_Strcpy(nssdir, userdir);
+    /* verify it exists */
+    if (!testdir(nssdir)) {
+        PORT_Free(nssdir);
+        return NULL;
+    }
+    PORT_Strcat(nssdir, NSS_USER_PATH1);
+    if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
+        PORT_Free(nssdir);
+        return NULL;
+    }
+    PORT_Strcat(nssdir, NSS_USER_PATH2);
+    if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
+        PORT_Free(nssdir);
+        return NULL;
+    }
+    return nssdir;
+}
+
+#define NSS_DEFAULT_SYSTEM "/etc/pki/nssdb"
+static char *
+getSystemDB(void)
+{
+    return PORT_Strdup(NSS_DEFAULT_SYSTEM);
+}
+
+static PRBool
+userIsRoot()
+{
+    /* this works for linux and all unixes that we know off
+       though it isn't stated as such in POSIX documentation */
+    return getuid() == 0;
+}
+
+static PRBool
+userCanModifySystemDB()
+{
+    return (access(NSS_DEFAULT_SYSTEM, W_OK) == 0);
+}
+
+#else
+#ifdef XP_WIN
+static char *
+getUserDB(void)
+{
+    /* use the registry to find the user's NSS_DIR. if no entry exists, create
+     * one in the users Appdir location */
+    return NULL;
+}
+
+static char *
+getSystemDB(void)
+{
+    /* use the registry to find the system's NSS_DIR. if no entry exists, create
+     * one based on the windows system data area */
+    return NULL;
+}
+
+static PRBool
+userIsRoot()
+{
+    /* use the registry to find if the user is the system administrator. */
+    return PR_FALSE;
+}
+
+static PRBool
+userCanModifySystemDB()
+{
+    /* use the registry to find if the user has administrative privilege
+    * to modify the system's nss database. */
+    return PR_FALSE;
+}
+
+#else
+#error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions"
+#endif
+#endif
+
+static PRBool
+getFIPSEnv(void)
+{
+    char *fipsEnv = PR_GetEnvSecure("NSS_FIPS");
+    if (!fipsEnv) {
+        return PR_FALSE;
+    }
+    if ((strcasecmp(fipsEnv, "fips") == 0) ||
+        (strcasecmp(fipsEnv, "true") == 0) ||
+        (strcasecmp(fipsEnv, "on") == 0) ||
+        (strcasecmp(fipsEnv, "1") == 0)) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+#ifdef XP_LINUX
+
+static PRBool
+getFIPSMode(void)
+{
+    FILE *f;
+    char d;
+    size_t size;
+
+    f = fopen("/proc/sys/crypto/fips_enabled", "r");
+    if (!f) {
+        /* if we don't have a proc flag, fall back to the
+     * environment variable */
+        return getFIPSEnv();
+    }
+
+    size = fread(&d, 1, 1, f);
+    fclose(f);
+    if (size != 1)
+        return PR_FALSE;
+    if (d != '1')
+        return PR_FALSE;
+    return PR_TRUE;
+}
+
+#else
+static PRBool
+getFIPSMode(void)
+{
+    return getFIPSEnv();
+}
+#endif
+
+#define NSS_DEFAULT_FLAGS "flags=readonly"
+
+/* configuration flags according to
+ * https://developer.mozilla.org/en/PKCS11_Module_Specs
+ * As stated there the slotParams start with a slot name which is a slotID
+ * Slots 1 through 3 are reserved for the nss internal modules as follows:
+ * 1 for crypto operations slot non-fips,
+ * 2 for the key slot, and
+ * 3 for the crypto operations slot fips
+ */
+#define CIPHER_ORDER_FLAGS "cipherOrder=100"
+#define SLOT_FLAGS                                                  \
+    "[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
+    " askpw=any timeout=30 ]"
+
+static const char *nssDefaultFlags =
+    CIPHER_ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " }  ";
+
+static const char *nssDefaultFIPSFlags =
+    CIPHER_ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " }  ";
+
+/*
+ * This function builds the list of databases and modules to load, and sets
+ * their configuration. For the sample we have a fixed set.
+ *  1. We load the user's home nss database.
+ *  2. We load the user's custom PKCS #11 modules.
+ *  3. We load the system nss database readonly.
+ *
+ * Any space allocated in get_list must be freed in release_list.
+ * This function can use whatever information is available to the application.
+ * it is running in the process of the application for which it is making
+ * decisions, so it's possible to acquire the application name as part of
+ * the decision making process.
+ *
+ */
+static char **
+get_list(char *filename, char *stripped_parameters)
+{
+    char **module_list = PORT_ZNewArray(char *, 5);
+    char *userdb, *sysdb;
+    int isFIPS = getFIPSMode();
+    const char *nssflags = isFIPS ? nssDefaultFIPSFlags : nssDefaultFlags;
+    int next = 0;
+
+    /* can't get any space */
+    if (module_list == NULL) {
+        return NULL;
+    }
+
+    sysdb = getSystemDB();
+    userdb = getUserDB();
+
+    /* Don't open root's user DB */
+    if (userdb != NULL && !userIsRoot()) {
+        /* return a list of databases to open. First the user Database */
+        module_list[next++] = PR_smprintf(
+            "library= "
+            "module=\"NSS User database\" "
+            "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
+            "NSS=\"trustOrder=75 %sflags=internal%s\"",
+            userdb, stripped_parameters, nssflags,
+            isFIPS ? ",FIPS" : "");
+
+        /* now open the user's defined PKCS #11 modules */
+        /* skip the local user DB entry */
+        module_list[next++] = PR_smprintf(
+            "library= "
+            "module=\"NSS User database\" "
+            "parameters=\"configdir='sql:%s' %s\" "
+            "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",
+            userdb, stripped_parameters);
+    }
+
+    /* now the system database (always read only unless it's root) */
+    if (sysdb) {
+        const char *readonly = userCanModifySystemDB() ? "" : "flags=readonly";
+        module_list[next++] = PR_smprintf(
+            "library= "
+            "module=\"NSS system database\" "
+            "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+            "NSS=\"trustOrder=80 %sflags=internal,critical\"",
+            sysdb, readonly, nssflags);
+    }
+
+    /* that was the last module */
+    module_list[next] = 0;
+
+    PORT_Free(userdb);
+    PORT_Free(sysdb);
+
+    return module_list;
+}
+
+static char **
+release_list(char **arg)
+{
+    static char *success = "Success";
+    int next;
+
+    for (next = 0; arg[next]; next++) {
+        free(arg[next]);
+    }
+    PORT_Free(arg);
+    return &success;
+}
+
+#include "utilpars.h"
+
+#define TARGET_SPEC_COPY(new, start, end) \
+    if (end > start) {                    \
+        int _cnt = end - start;           \
+        PORT_Memcpy(new, start, _cnt);    \
+        new += _cnt;                      \
+    }
+
+/*
+ * According the strcpy man page:
+ *
+ * The strings  may  not overlap, and the destination string dest must be
+ * large enough to receive the copy.
+ *
+ * This implementation allows target to overlap with src.
+ * It does not allow the src to overlap the target.
+ *  example: overlapstrcpy(string, string+4) is fine
+ *           overlapstrcpy(string+4, string) is not.
+ */
+static void
+overlapstrcpy(char *target, char *src)
+{
+    while (*src) {
+        *target++ = *src++;
+    }
+    *target = 0;
+}
+
+/* determine what options the user was trying to open this database with */
+/* filename is the directory pointed to by configdir= */
+/* stripped is the rest of the parameters with configdir= stripped out */
+static SECStatus
+parse_parameters(const char *parameters, char **filename, char **stripped)
+{
+    const char *sourcePrev;
+    const char *sourceCurr;
+    char *targetCurr;
+    char *newStripped;
+    *filename = NULL;
+    *stripped = NULL;
+
+    newStripped = PORT_Alloc(PORT_Strlen(parameters) + 2);
+    targetCurr = newStripped;
+    sourcePrev = parameters;
+    sourceCurr = NSSUTIL_ArgStrip(parameters);
+    TARGET_SPEC_COPY(targetCurr, sourcePrev, sourceCurr);
+
+    while (*sourceCurr) {
+        int next;
+        sourcePrev = sourceCurr;
+        NSSUTIL_HANDLE_STRING_ARG(sourceCurr, *filename, "configdir=",
+                                  sourcePrev = sourceCurr;)
+        NSSUTIL_HANDLE_FINAL_ARG(sourceCurr);
+        TARGET_SPEC_COPY(targetCurr, sourcePrev, sourceCurr);
+    }
+    *targetCurr = 0;
+    if (*filename == NULL) {
+        PORT_Free(newStripped);
+        return SECFailure;
+    }
+    /* strip off any directives from the filename */
+    if (strncmp("sql:", *filename, 4) == 0) {
+        overlapstrcpy(*filename, (*filename) + 4);
+    } else if (strncmp("dbm:", *filename, 4) == 0) {
+        overlapstrcpy(*filename, (*filename) + 4);
+    } else if (strncmp("extern:", *filename, 7) == 0) {
+        overlapstrcpy(*filename, (*filename) + 7);
+    }
+    *stripped = newStripped;
+    return SECSuccess;
+}
+
+/* entry point */
+char **
+NSS_ReturnModuleSpecData(unsigned long function, char *parameters, void *args)
+{
+    char *filename = NULL;
+    char *stripped = NULL;
+    char **retString = NULL;
+    SECStatus rv;
+
+    rv = parse_parameters(parameters, &filename, &stripped);
+    if (rv != SECSuccess) {
+        /* use defaults */
+        filename = getSystemDB();
+        if (!filename) {
+            return NULL;
+        }
+        stripped = PORT_Strdup(NSS_DEFAULT_FLAGS);
+        if (!stripped) {
+            free(filename);
+            return NULL;
+        }
+    }
+    switch (function) {
+        case SECMOD_MODULE_DB_FUNCTION_FIND:
+            retString = get_list(filename, stripped);
+            break;
+        case SECMOD_MODULE_DB_FUNCTION_RELEASE:
+            retString = release_list((char **)args);
+            break;
+        /* can't add or delete from this module DB */
+        case SECMOD_MODULE_DB_FUNCTION_ADD:
+        case SECMOD_MODULE_DB_FUNCTION_DEL:
+            retString = NULL;
+            break;
+        default:
+            retString = NULL;
+            break;
+    }
+
+    PORT_Free(filename);
+    PORT_Free(stripped);
+    return retString;
+}
diff --git a/nss/lib/sysinit/sysinit.gyp b/nss/lib/sysinit/sysinit.gyp
new file mode 100644
index 0000000..e961325
--- /dev/null
+++ b/nss/lib/sysinit/sysinit.gyp
@@ -0,0 +1,31 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nsssysinit_static',
+      'type': 'static_library',
+      'sources': [
+        'nsssysinit.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports',
+        '<(DEPTH)/lib/util/util.gyp:nssutil3'
+      ]
+    },
+    {
+      'target_name': 'nsssysinit',
+      'type': 'shared_library',
+      'dependencies': [
+        'nsssysinit_static'
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/util/Makefile b/nss/lib/util/Makefile
new file mode 100644
index 0000000..97ec934
--- /dev/null
+++ b/nss/lib/util/Makefile
@@ -0,0 +1,50 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+# include $(CORE_DEPTH)/coreconf/arch.mk
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+export:: private_export
diff --git a/nss/lib/util/SECerrs.h b/nss/lib/util/SECerrs.h
new file mode 100644
index 0000000..6d6f1b8
--- /dev/null
+++ b/nss/lib/util/SECerrs.h
@@ -0,0 +1,551 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* General security error codes  */
+/* Caller must #include "secerr.h" */
+
+ER3(SEC_ERROR_IO, SEC_ERROR_BASE + 0,
+    "An I/O error occurred during security authorization.")
+
+ER3(SEC_ERROR_LIBRARY_FAILURE, SEC_ERROR_BASE + 1,
+    "security library failure.")
+
+ER3(SEC_ERROR_BAD_DATA, SEC_ERROR_BASE + 2,
+    "security library: received bad data.")
+
+ER3(SEC_ERROR_OUTPUT_LEN, SEC_ERROR_BASE + 3,
+    "security library: output length error.")
+
+ER3(SEC_ERROR_INPUT_LEN, SEC_ERROR_BASE + 4,
+    "security library has experienced an input length error.")
+
+ER3(SEC_ERROR_INVALID_ARGS, SEC_ERROR_BASE + 5,
+    "security library: invalid arguments.")
+
+ER3(SEC_ERROR_INVALID_ALGORITHM, SEC_ERROR_BASE + 6,
+    "security library: invalid algorithm.")
+
+ER3(SEC_ERROR_INVALID_AVA, SEC_ERROR_BASE + 7,
+    "security library: invalid AVA.")
+
+ER3(SEC_ERROR_INVALID_TIME, SEC_ERROR_BASE + 8,
+    "Improperly formatted time string.")
+
+ER3(SEC_ERROR_BAD_DER, SEC_ERROR_BASE + 9,
+    "security library: improperly formatted DER-encoded message.")
+
+ER3(SEC_ERROR_BAD_SIGNATURE, SEC_ERROR_BASE + 10,
+    "Peer's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_EXPIRED_CERTIFICATE, SEC_ERROR_BASE + 11,
+    "Peer's Certificate has expired.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE, SEC_ERROR_BASE + 12,
+    "Peer's Certificate has been revoked.")
+
+ER3(SEC_ERROR_UNKNOWN_ISSUER, SEC_ERROR_BASE + 13,
+    "Peer's Certificate issuer is not recognized.")
+
+ER3(SEC_ERROR_BAD_KEY, SEC_ERROR_BASE + 14,
+    "Peer's public key is invalid.")
+
+ER3(SEC_ERROR_BAD_PASSWORD, SEC_ERROR_BASE + 15,
+    "The security password entered is incorrect.")
+
+ER3(SEC_ERROR_RETRY_PASSWORD, SEC_ERROR_BASE + 16,
+    "New password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_NO_NODELOCK, SEC_ERROR_BASE + 17,
+    "security library: no nodelock.")
+
+ER3(SEC_ERROR_BAD_DATABASE, SEC_ERROR_BASE + 18,
+    "security library: bad database.")
+
+ER3(SEC_ERROR_NO_MEMORY, SEC_ERROR_BASE + 19,
+    "security library: memory allocation failure.")
+
+ER3(SEC_ERROR_UNTRUSTED_ISSUER, SEC_ERROR_BASE + 20,
+    "Peer's certificate issuer has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_UNTRUSTED_CERT, SEC_ERROR_BASE + 21,
+    "Peer's certificate has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT, (SEC_ERROR_BASE + 22),
+    "Certificate already exists in your database.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT_NAME, (SEC_ERROR_BASE + 23),
+    "Downloaded certificate's name duplicates one already in your database.")
+
+ER3(SEC_ERROR_ADDING_CERT, (SEC_ERROR_BASE + 24),
+    "Error adding certificate to database.")
+
+ER3(SEC_ERROR_FILING_KEY, (SEC_ERROR_BASE + 25),
+    "Error refiling the key for this certificate.")
+
+ER3(SEC_ERROR_NO_KEY, (SEC_ERROR_BASE + 26),
+    "The private key for this certificate cannot be found in key database")
+
+ER3(SEC_ERROR_CERT_VALID, (SEC_ERROR_BASE + 27),
+    "This certificate is valid.")
+
+ER3(SEC_ERROR_CERT_NOT_VALID, (SEC_ERROR_BASE + 28),
+    "This certificate is not valid.")
+
+ER3(SEC_ERROR_CERT_NO_RESPONSE, (SEC_ERROR_BASE + 29),
+    "Cert Library: No Response")
+
+ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, (SEC_ERROR_BASE + 30),
+    "The certificate issuer's certificate has expired.  Check your system date and time.")
+
+ER3(SEC_ERROR_CRL_EXPIRED, (SEC_ERROR_BASE + 31),
+    "The CRL for the certificate's issuer has expired.  Update it or check your system date and time.")
+
+ER3(SEC_ERROR_CRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 32),
+    "The CRL for the certificate's issuer has an invalid signature.")
+
+ER3(SEC_ERROR_CRL_INVALID, (SEC_ERROR_BASE + 33),
+    "New CRL has an invalid format.")
+
+ER3(SEC_ERROR_EXTENSION_VALUE_INVALID, (SEC_ERROR_BASE + 34),
+    "Certificate extension value is invalid.")
+
+ER3(SEC_ERROR_EXTENSION_NOT_FOUND, (SEC_ERROR_BASE + 35),
+    "Certificate extension not found.")
+
+ER3(SEC_ERROR_CA_CERT_INVALID, (SEC_ERROR_BASE + 36),
+    "Issuer certificate is invalid.")
+
+ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID, (SEC_ERROR_BASE + 37),
+    "Certificate path length constraint is invalid.")
+
+ER3(SEC_ERROR_CERT_USAGES_INVALID, (SEC_ERROR_BASE + 38),
+    "Certificate usages field is invalid.")
+
+ER3(SEC_INTERNAL_ONLY, (SEC_ERROR_BASE + 39),
+    "**Internal ONLY module**")
+
+ER3(SEC_ERROR_INVALID_KEY, (SEC_ERROR_BASE + 40),
+    "The key does not support the requested operation.")
+
+ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 41),
+    "Certificate contains unknown critical extension.")
+
+ER3(SEC_ERROR_OLD_CRL, (SEC_ERROR_BASE + 42),
+    "New CRL is not later than the current one.")
+
+ER3(SEC_ERROR_NO_EMAIL_CERT, (SEC_ERROR_BASE + 43),
+    "Not encrypted or signed: you do not yet have an email certificate.")
+
+ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY, (SEC_ERROR_BASE + 44),
+    "Not encrypted: you do not have certificates for each of the recipients.")
+
+ER3(SEC_ERROR_NOT_A_RECIPIENT, (SEC_ERROR_BASE + 45),
+    "Cannot decrypt: you are not a recipient, or matching certificate and \
+private key not found.")
+
+ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH, (SEC_ERROR_BASE + 46),
+    "Cannot decrypt: key encryption algorithm does not match your certificate.")
+
+ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE, (SEC_ERROR_BASE + 47),
+    "Signature verification failed: no signer found, too many signers found, \
+or improper or corrupted data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
+    "Unsupported or unknown key algorithm.")
+
+ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
+    "Cannot decrypt: encrypted using a disallowed algorithm or key size.")
+
+/* Fortezza Alerts */
+ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
+    "Fortezza card has not been properly initialized.  \
+Please remove it and return it to your issuer.")
+
+ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
+    "No Fortezza cards Found")
+
+ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
+    "No Fortezza card selected")
+
+ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
+    "Please select a personality to get more info on")
+
+ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
+    "Personality not found")
+
+ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
+    "No more information on that Personality")
+
+ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
+    "Invalid Pin")
+
+ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
+    "Couldn't initialize Fortezza personalities.")
+/* end fortezza alerts. */
+
+ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
+    "No KRL for this site's certificate has been found.")
+
+ER3(SEC_ERROR_KRL_EXPIRED, (SEC_ERROR_BASE + 59),
+    "The KRL for this site's certificate has expired.")
+
+ER3(SEC_ERROR_KRL_BAD_SIGNATURE, (SEC_ERROR_BASE + 60),
+    "The KRL for this site's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_REVOKED_KEY, (SEC_ERROR_BASE + 61),
+    "The key for this site's certificate has been revoked.")
+
+ER3(SEC_ERROR_KRL_INVALID, (SEC_ERROR_BASE + 62),
+    "New KRL has an invalid format.")
+
+ER3(SEC_ERROR_NEED_RANDOM, (SEC_ERROR_BASE + 63),
+    "security library: need random data.")
+
+ER3(SEC_ERROR_NO_MODULE, (SEC_ERROR_BASE + 64),
+    "security library: no security module can perform the requested operation.")
+
+ER3(SEC_ERROR_NO_TOKEN, (SEC_ERROR_BASE + 65),
+    "The security card or token does not exist, needs to be initialized, or has been removed.")
+
+ER3(SEC_ERROR_READ_ONLY, (SEC_ERROR_BASE + 66),
+    "security library: read-only database.")
+
+ER3(SEC_ERROR_NO_SLOT_SELECTED, (SEC_ERROR_BASE + 67),
+    "No slot or token was selected.")
+
+ER3(SEC_ERROR_CERT_NICKNAME_COLLISION, (SEC_ERROR_BASE + 68),
+    "A certificate with the same nickname already exists.")
+
+ER3(SEC_ERROR_KEY_NICKNAME_COLLISION, (SEC_ERROR_BASE + 69),
+    "A key with the same nickname already exists.")
+
+ER3(SEC_ERROR_SAFE_NOT_CREATED, (SEC_ERROR_BASE + 70),
+    "error while creating safe object")
+
+ER3(SEC_ERROR_BAGGAGE_NOT_CREATED, (SEC_ERROR_BASE + 71),
+    "error while creating baggage object")
+
+ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR, (SEC_ERROR_BASE + 72),
+    "Couldn't remove the principal")
+
+ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR, (SEC_ERROR_BASE + 73),
+    "Couldn't delete the privilege")
+
+ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR, (SEC_ERROR_BASE + 74),
+    "This principal doesn't have a certificate")
+
+ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM, (SEC_ERROR_BASE + 75),
+    "Required algorithm is not allowed.")
+
+ER3(SEC_ERROR_EXPORTING_CERTIFICATES, (SEC_ERROR_BASE + 76),
+    "Error attempting to export certificates.")
+
+ER3(SEC_ERROR_IMPORTING_CERTIFICATES, (SEC_ERROR_BASE + 77),
+    "Error attempting to import certificates.")
+
+ER3(SEC_ERROR_PKCS12_DECODING_PFX, (SEC_ERROR_BASE + 78),
+    "Unable to import.  Decoding error.  File not valid.")
+
+ER3(SEC_ERROR_PKCS12_INVALID_MAC, (SEC_ERROR_BASE + 79),
+    "Unable to import.  Invalid MAC.  Incorrect password or corrupt file.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM, (SEC_ERROR_BASE + 80),
+    "Unable to import.  MAC algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE, (SEC_ERROR_BASE + 81),
+    "Unable to import.  Only password integrity and privacy modes supported.")
+
+ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE, (SEC_ERROR_BASE + 82),
+    "Unable to import.  File structure is corrupt.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
+    "Unable to import.  Encryption algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION, (SEC_ERROR_BASE + 84),
+    "Unable to import.  File version not supported.")
+
+ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT, (SEC_ERROR_BASE + 85),
+    "Unable to import.  Incorrect privacy password.")
+
+ER3(SEC_ERROR_PKCS12_CERT_COLLISION, (SEC_ERROR_BASE + 86),
+    "Unable to import.  Same nickname already exists in database.")
+
+ER3(SEC_ERROR_USER_CANCELLED, (SEC_ERROR_BASE + 87),
+    "The user pressed cancel.")
+
+ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA, (SEC_ERROR_BASE + 88),
+    "Not imported, already in database.")
+
+ER3(SEC_ERROR_MESSAGE_SEND_ABORTED, (SEC_ERROR_BASE + 89),
+    "Message not sent.")
+
+ER3(SEC_ERROR_INADEQUATE_KEY_USAGE, (SEC_ERROR_BASE + 90),
+    "Certificate key usage inadequate for attempted operation.")
+
+ER3(SEC_ERROR_INADEQUATE_CERT_TYPE, (SEC_ERROR_BASE + 91),
+    "Certificate type not approved for application.")
+
+ER3(SEC_ERROR_CERT_ADDR_MISMATCH, (SEC_ERROR_BASE + 92),
+    "Address in signing certificate does not match address in message headers.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY, (SEC_ERROR_BASE + 93),
+    "Unable to import.  Error attempting to import private key.")
+
+ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN, (SEC_ERROR_BASE + 94),
+    "Unable to import.  Error attempting to import certificate chain.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
+    "Unable to export.  Unable to locate certificate or key by nickname.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY, (SEC_ERROR_BASE + 96),
+    "Unable to export.  Private Key could not be located and exported.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, (SEC_ERROR_BASE + 97),
+    "Unable to export.  Unable to write the export file.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ, (SEC_ERROR_BASE + 98),
+    "Unable to import.  Unable to read the import file.")
+
+ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
+    "Unable to export.  Key database corrupt or deleted.")
+
+ER3(SEC_ERROR_KEYGEN_FAIL, (SEC_ERROR_BASE + 100),
+    "Unable to generate public/private key pair.")
+
+ER3(SEC_ERROR_INVALID_PASSWORD, (SEC_ERROR_BASE + 101),
+    "Password entered is invalid.  Please pick a different one.")
+
+ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
+    "Old password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
+    "Certificate nickname already in use.")
+
+ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
+    "Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
+
+ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
+    "A sensitive key cannot be moved to the slot where it is needed.")
+
+ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, (SEC_ERROR_BASE + 106),
+    "Invalid module name.")
+
+ER3(SEC_ERROR_JS_INVALID_DLL, (SEC_ERROR_BASE + 107),
+    "Invalid module path/filename")
+
+ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, (SEC_ERROR_BASE + 108),
+    "Unable to add module")
+
+ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, (SEC_ERROR_BASE + 109),
+    "Unable to delete module")
+
+ER3(SEC_ERROR_OLD_KRL, (SEC_ERROR_BASE + 110),
+    "New KRL is not later than the current one.")
+
+ER3(SEC_ERROR_CKL_CONFLICT, (SEC_ERROR_BASE + 111),
+    "New CKL has different issuer than current CKL.  Delete current CKL.")
+
+ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, (SEC_ERROR_BASE + 112),
+    "The Certifying Authority for this certificate is not permitted to issue a \
+certificate with this name.")
+
+ER3(SEC_ERROR_KRL_NOT_YET_VALID, (SEC_ERROR_BASE + 113),
+    "The key revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_CRL_NOT_YET_VALID, (SEC_ERROR_BASE + 114),
+    "The certificate revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_UNKNOWN_CERT, (SEC_ERROR_BASE + 115),
+    "The requested certificate could not be found.")
+
+ER3(SEC_ERROR_UNKNOWN_SIGNER, (SEC_ERROR_BASE + 116),
+    "The signer's certificate could not be found.")
+
+ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, (SEC_ERROR_BASE + 117),
+    "The location for the certificate status server has invalid format.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE, (SEC_ERROR_BASE + 118),
+    "The OCSP response cannot be fully decoded; it is of an unknown type.")
+
+ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 119),
+    "The OCSP server returned unexpected/invalid HTTP data.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST, (SEC_ERROR_BASE + 120),
+    "The OCSP server found the request to be corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_SERVER_ERROR, (SEC_ERROR_BASE + 121),
+    "The OCSP server experienced an internal error.")
+
+ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER, (SEC_ERROR_BASE + 122),
+    "The OCSP server suggests trying again later.")
+
+ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, (SEC_ERROR_BASE + 123),
+    "The OCSP server requires a signature on this request.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, (SEC_ERROR_BASE + 124),
+    "The OCSP server has refused this request as unauthorized.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS, (SEC_ERROR_BASE + 125),
+    "The OCSP server returned an unrecognizable status.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_CERT, (SEC_ERROR_BASE + 126),
+    "The OCSP server has no status for the certificate.")
+
+ER3(SEC_ERROR_OCSP_NOT_ENABLED, (SEC_ERROR_BASE + 127),
+    "You must enable OCSP before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER, (SEC_ERROR_BASE + 128),
+    "You must set the OCSP default responder before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE, (SEC_ERROR_BASE + 129),
+    "The response from the OCSP server was corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE, (SEC_ERROR_BASE + 130),
+    "The signer of the OCSP response is not authorized to give status for \
+this certificate.")
+
+ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE, (SEC_ERROR_BASE + 131),
+    "The OCSP response is not yet valid (contains a date in the future).")
+
+ER3(SEC_ERROR_OCSP_OLD_RESPONSE, (SEC_ERROR_BASE + 132),
+    "The OCSP response contains out-of-date information.")
+
+ER3(SEC_ERROR_DIGEST_NOT_FOUND, (SEC_ERROR_BASE + 133),
+    "The CMS or PKCS #7 Digest was not found in signed message.")
+
+ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE, (SEC_ERROR_BASE + 134),
+    "The CMS or PKCS #7 Message type is unsupported.")
+
+ER3(SEC_ERROR_MODULE_STUCK, (SEC_ERROR_BASE + 135),
+    "PKCS #11 module could not be removed because it is still in use.")
+
+ER3(SEC_ERROR_BAD_TEMPLATE, (SEC_ERROR_BASE + 136),
+    "Could not decode ASN.1 data. Specified template was invalid.")
+
+ER3(SEC_ERROR_CRL_NOT_FOUND, (SEC_ERROR_BASE + 137),
+    "No matching CRL was found.")
+
+ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL, (SEC_ERROR_BASE + 138),
+    "You are attempting to import a cert with the same issuer/serial as \
+an existing cert, but that is not the same cert.")
+
+ER3(SEC_ERROR_BUSY, (SEC_ERROR_BASE + 139),
+    "NSS could not shutdown. Objects are still in use.")
+
+ER3(SEC_ERROR_EXTRA_INPUT, (SEC_ERROR_BASE + 140),
+    "DER-encoded message contained extra unused data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE, (SEC_ERROR_BASE + 141),
+    "Unsupported elliptic curve.")
+
+ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM, (SEC_ERROR_BASE + 142),
+    "Unsupported elliptic curve point form.")
+
+ER3(SEC_ERROR_UNRECOGNIZED_OID, (SEC_ERROR_BASE + 143),
+    "Unrecognized Object Identifier.")
+
+ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT, (SEC_ERROR_BASE + 144),
+    "Invalid OCSP signing certificate in OCSP response.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL, (SEC_ERROR_BASE + 145),
+    "Certificate is revoked in issuer's certificate revocation list.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_OCSP, (SEC_ERROR_BASE + 146),
+    "Issuer's OCSP responder reports certificate is revoked.")
+
+ER3(SEC_ERROR_CRL_INVALID_VERSION, (SEC_ERROR_BASE + 147),
+    "Issuer's Certificate Revocation List has an unknown version number.")
+
+ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 148),
+    "Issuer's V1 Certificate Revocation List has a critical extension.")
+
+ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION, (SEC_ERROR_BASE + 149),
+    "Issuer's V2 Certificate Revocation List has an unknown critical extension.")
+
+ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE, (SEC_ERROR_BASE + 150),
+    "Unknown object type specified.")
+
+ER3(SEC_ERROR_INCOMPATIBLE_PKCS11, (SEC_ERROR_BASE + 151),
+    "PKCS #11 driver violates the spec in an incompatible way.")
+
+ER3(SEC_ERROR_NO_EVENT, (SEC_ERROR_BASE + 152),
+    "No new slot event is available at this time.")
+
+ER3(SEC_ERROR_CRL_ALREADY_EXISTS, (SEC_ERROR_BASE + 153),
+    "CRL already exists.")
+
+ER3(SEC_ERROR_NOT_INITIALIZED, (SEC_ERROR_BASE + 154),
+    "NSS is not initialized.")
+
+ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN, (SEC_ERROR_BASE + 155),
+    "The operation failed because the PKCS#11 token is not logged in.")
+
+ER3(SEC_ERROR_OCSP_RESPONDER_CERT_INVALID, (SEC_ERROR_BASE + 156),
+    "Configured OCSP responder's certificate is invalid.")
+
+ER3(SEC_ERROR_OCSP_BAD_SIGNATURE, (SEC_ERROR_BASE + 157),
+    "OCSP response has an invalid signature.")
+
+ER3(SEC_ERROR_OUT_OF_SEARCH_LIMITS, (SEC_ERROR_BASE + 158),
+    "Cert validation search is out of search limits")
+
+ER3(SEC_ERROR_INVALID_POLICY_MAPPING, (SEC_ERROR_BASE + 159),
+    "Policy mapping contains anypolicy")
+
+ER3(SEC_ERROR_POLICY_VALIDATION_FAILED, (SEC_ERROR_BASE + 160),
+    "Cert chain fails policy validation")
+
+ER3(SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE, (SEC_ERROR_BASE + 161),
+    "Unknown location type in cert AIA extension")
+
+ER3(SEC_ERROR_BAD_HTTP_RESPONSE, (SEC_ERROR_BASE + 162),
+    "Server returned bad HTTP response")
+
+ER3(SEC_ERROR_BAD_LDAP_RESPONSE, (SEC_ERROR_BASE + 163),
+    "Server returned bad LDAP response")
+
+ER3(SEC_ERROR_FAILED_TO_ENCODE_DATA, (SEC_ERROR_BASE + 164),
+    "Failed to encode data with ASN1 encoder")
+
+ER3(SEC_ERROR_BAD_INFO_ACCESS_LOCATION, (SEC_ERROR_BASE + 165),
+    "Bad information access location in cert extension")
+
+ER3(SEC_ERROR_LIBPKIX_INTERNAL, (SEC_ERROR_BASE + 166),
+    "Libpkix internal error occurred during cert validation.")
+
+ER3(SEC_ERROR_PKCS11_GENERAL_ERROR, (SEC_ERROR_BASE + 167),
+    "A PKCS #11 module returned CKR_GENERAL_ERROR, indicating that an unrecoverable error has occurred.")
+
+ER3(SEC_ERROR_PKCS11_FUNCTION_FAILED, (SEC_ERROR_BASE + 168),
+    "A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the requested function could not be performed.  Trying the same operation again might succeed.")
+
+ER3(SEC_ERROR_PKCS11_DEVICE_ERROR, (SEC_ERROR_BASE + 169),
+    "A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot.")
+
+ER3(SEC_ERROR_BAD_INFO_ACCESS_METHOD, (SEC_ERROR_BASE + 170),
+    "Unknown information access method in certificate extension.")
+
+ER3(SEC_ERROR_CRL_IMPORT_FAILED, (SEC_ERROR_BASE + 171),
+    "Error attempting to import a CRL.")
+
+ER3(SEC_ERROR_EXPIRED_PASSWORD, (SEC_ERROR_BASE + 172),
+    "The password expired.")
+
+ER3(SEC_ERROR_LOCKED_PASSWORD, (SEC_ERROR_BASE + 173),
+    "The password is locked.")
+
+ER3(SEC_ERROR_UNKNOWN_PKCS11_ERROR, (SEC_ERROR_BASE + 174),
+    "Unknown PKCS #11 error.")
+
+ER3(SEC_ERROR_BAD_CRL_DP_URL, (SEC_ERROR_BASE + 175),
+    "Invalid or unsupported URL in CRL distribution point name.")
+
+ER3(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, (SEC_ERROR_BASE + 176),
+    "The certificate was signed using a signature algorithm that is disabled because it is not secure.")
+
+ER3(SEC_ERROR_LEGACY_DATABASE, (SEC_ERROR_BASE + 177),
+    "The certificate/key database is in an old, unsupported format.")
+
+ER3(SEC_ERROR_APPLICATION_CALLBACK_ERROR, (SEC_ERROR_BASE + 178),
+    "The certificate was rejected by extra checks in the application.")
diff --git a/nss/lib/util/base64.h b/nss/lib/util/base64.h
new file mode 100644
index 0000000..ddc2db6
--- /dev/null
+++ b/nss/lib/util/base64.h
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * base64.h - prototypes for base64 encoding/decoding
+ * Note: These functions are deprecated; see nssb64.h for new routines.
+ */
+#ifndef _BASE64_H_
+#define _BASE64_H_
+
+#include "utilrename.h"
+#include "seccomon.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+** Return an PORT_Alloc'd ascii string which is the base64 encoded
+** version of the input string.
+*/
+extern char *BTOA_DataToAscii(const unsigned char *data, unsigned int len);
+
+/*
+** Return an PORT_Alloc'd string which is the base64 decoded version
+** of the input string; set *lenp to the length of the returned data.
+*/
+extern unsigned char *ATOB_AsciiToData(const char *string, unsigned int *lenp);
+
+/*
+** Convert from ascii to binary encoding of an item.
+*/
+extern SECStatus ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii);
+
+/*
+** Convert from binary encoding of an item to ascii.
+*/
+extern char *BTOA_ConvertItemToAscii(SECItem *binary_item);
+
+SEC_END_PROTOS
+
+#endif /* _BASE64_H_ */
diff --git a/nss/lib/util/ciferfam.h b/nss/lib/util/ciferfam.h
new file mode 100644
index 0000000..68caa4f
--- /dev/null
+++ b/nss/lib/util/ciferfam.h
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * ciferfam.h - cipher familie IDs used for configuring ciphers for export
+ *              control
+ */
+
+#ifndef _CIFERFAM_H_
+#define _CIFERFAM_H_
+
+#include "utilrename.h"
+/* Cipher Suite "Families" */
+#define CIPHER_FAMILY_PKCS12 "PKCS12"
+#define CIPHER_FAMILY_SMIME "SMIME"
+#define CIPHER_FAMILY_SSL2 "SSLv2" /* deprecated */
+#define CIPHER_FAMILY_SSL3 "SSLv3"
+#define CIPHER_FAMILY_SSL "SSL"
+#define CIPHER_FAMILY_ALL ""
+#define CIPHER_FAMILY_UNKNOWN "UNKNOWN"
+
+#define CIPHER_FAMILYID_MASK 0xFFFF0000L
+#define CIPHER_FAMILYID_SSL 0x00000000L
+#define CIPHER_FAMILYID_SMIME 0x00010000L
+#define CIPHER_FAMILYID_PKCS12 0x00020000L
+
+/* SMIME "Cipher Suites" */
+/*
+ * Note that it is assumed that the cipher number itself can be used
+ * as a bit position in a mask, and that mask is currently 32 bits wide.
+ * So, if you want to add a cipher that is greater than 0037, secmime.c
+ * needs to be made smarter at the same time.
+ */
+#define SMIME_RC2_CBC_40 (CIPHER_FAMILYID_SMIME | 0001)
+#define SMIME_RC2_CBC_64 (CIPHER_FAMILYID_SMIME | 0002)
+#define SMIME_RC2_CBC_128 (CIPHER_FAMILYID_SMIME | 0003)
+#define SMIME_DES_CBC_56 (CIPHER_FAMILYID_SMIME | 0011)
+#define SMIME_DES_EDE3_168 (CIPHER_FAMILYID_SMIME | 0012)
+#define SMIME_AES_CBC_128 (CIPHER_FAMILYID_SMIME | 0013)
+#define SMIME_AES_CBC_256 (CIPHER_FAMILYID_SMIME | 0014)
+#define SMIME_RC5PAD_64_16_40 (CIPHER_FAMILYID_SMIME | 0021)
+#define SMIME_RC5PAD_64_16_64 (CIPHER_FAMILYID_SMIME | 0022)
+#define SMIME_RC5PAD_64_16_128 (CIPHER_FAMILYID_SMIME | 0023)
+#define SMIME_FORTEZZA (CIPHER_FAMILYID_SMIME | 0031)
+
+/* PKCS12 "Cipher Suites" */
+
+#define PKCS12_RC2_CBC_40 (CIPHER_FAMILYID_PKCS12 | 0001)
+#define PKCS12_RC2_CBC_128 (CIPHER_FAMILYID_PKCS12 | 0002)
+#define PKCS12_RC4_40 (CIPHER_FAMILYID_PKCS12 | 0011)
+#define PKCS12_RC4_128 (CIPHER_FAMILYID_PKCS12 | 0012)
+#define PKCS12_DES_56 (CIPHER_FAMILYID_PKCS12 | 0021)
+#define PKCS12_DES_EDE3_168 (CIPHER_FAMILYID_PKCS12 | 0022)
+#define PKCS12_AES_CBC_128 (CIPHER_FAMILYID_PKCS12 | 0031)
+#define PKCS12_AES_CBC_192 (CIPHER_FAMILYID_PKCS12 | 0032)
+#define PKCS12_AES_CBC_256 (CIPHER_FAMILYID_PKCS12 | 0033)
+
+/* SMIME version numbers are negative, to avoid colliding with SSL versions */
+#define SMIME_LIBRARY_VERSION_1_0 -0x0100
+
+#endif /* _CIFERFAM_H_ */
diff --git a/nss/lib/util/config.mk b/nss/lib/util/config.mk
new file mode 100644
index 0000000..a3e7202
--- /dev/null
+++ b/nss/lib/util/config.mk
@@ -0,0 +1,45 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# can't do this in manifest.mn because OS_TARGET isn't defined there.
+ifeq (,$(filter-out WIN%,$(OS_TARGET)))
+
+# don't want the 32 in the shared library name
+SHARED_LIBRARY = $(OBJDIR)/$(DLL_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION).$(DLL_SUFFIX)
+IMPORT_LIBRARY = $(OBJDIR)/$(IMPORT_LIB_PREFIX)$(LIBRARY_NAME)$(LIBRARY_VERSION)$(IMPORT_LIB_SUFFIX)
+
+RES = $(OBJDIR)/$(LIBRARY_NAME).res
+RESNAME = $(LIBRARY_NAME).rc
+
+ifdef NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4\
+	$(NULL)
+else # ! NS_USE_GCC
+EXTRA_SHARED_LIBS += \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.lib \
+	$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.lib \
+	$(NULL)
+endif # NS_USE_GCC
+
+else
+
+# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
+# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
+EXTRA_SHARED_LIBS += \
+	-L$(DIST)/lib \
+	-L$(NSPR_LIB_DIR) \
+	-lplc4 \
+	-lplds4 \
+	-lnspr4 \
+	$(NULL)
+
+endif
+
diff --git a/nss/lib/util/derdec.c b/nss/lib/util/derdec.c
new file mode 100644
index 0000000..2e3312b
--- /dev/null
+++ b/nss/lib/util/derdec.c
@@ -0,0 +1,189 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secder.h"
+#include "secerr.h"
+
+static PRUint32
+der_indefinite_length(unsigned char *buf, unsigned char *end)
+{
+    PRUint32 len, ret, dataLen;
+    unsigned char tag, lenCode;
+    int dataLenLen;
+
+    len = 0;
+    while (1) {
+        if ((buf + 2) > end) {
+            return (0);
+        }
+
+        tag = *buf++;
+        lenCode = *buf++;
+        len += 2;
+
+        if ((tag == 0) && (lenCode == 0)) {
+            return (len);
+        }
+
+        if (lenCode == 0x80) {                     /* indefinite length */
+            ret = der_indefinite_length(buf, end); /* recurse to find length */
+            if (ret == 0)
+                return 0;
+            len += ret;
+            buf += ret;
+        } else { /* definite length */
+            if (lenCode & 0x80) {
+                /* Length of data is in multibyte format */
+                dataLenLen = lenCode & 0x7f;
+                switch (dataLenLen) {
+                    case 1:
+                        dataLen = buf[0];
+                        break;
+                    case 2:
+                        dataLen = (buf[0] << 8) | buf[1];
+                        break;
+                    case 3:
+                        dataLen = ((unsigned long)buf[0] << 16) | (buf[1] << 8) | buf[2];
+                        break;
+                    case 4:
+                        dataLen = ((unsigned long)buf[0] << 24) |
+                                  ((unsigned long)buf[1] << 16) | (buf[2] << 8) | buf[3];
+                        break;
+                    default:
+                        PORT_SetError(SEC_ERROR_BAD_DER);
+                        return SECFailure;
+                }
+            } else {
+                /* Length of data is in single byte */
+                dataLen = lenCode;
+                dataLenLen = 0;
+            }
+
+            /* skip this item */
+            buf = buf + dataLenLen + dataLen;
+            len = len + dataLenLen + dataLen;
+        }
+    }
+}
+
+/*
+** Capture the next thing in the buffer.
+** Returns the length of the header and the length of the contents.
+*/
+static SECStatus
+der_capture(unsigned char *buf, unsigned char *end,
+            int *header_len_p, PRUint32 *contents_len_p)
+{
+    unsigned char *bp;
+    unsigned char whole_tag;
+    PRUint32 contents_len;
+    int tag_number;
+
+    if ((buf + 2) > end) {
+        *header_len_p = 0;
+        *contents_len_p = 0;
+        if (buf == end)
+            return SECSuccess;
+        return SECFailure;
+    }
+
+    bp = buf;
+
+    /* Get tag and verify that it is ok. */
+    whole_tag = *bp++;
+    tag_number = whole_tag & DER_TAGNUM_MASK;
+
+    /*
+     * XXX This code does not (yet) handle the high-tag-number form!
+     */
+    if (tag_number == DER_HIGH_TAG_NUMBER) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return SECFailure;
+    }
+
+    if ((whole_tag & DER_CLASS_MASK) == DER_UNIVERSAL) {
+        /* Check that the universal tag number is one we implement.  */
+        switch (tag_number) {
+            case DER_BOOLEAN:
+            case DER_INTEGER:
+            case DER_BIT_STRING:
+            case DER_OCTET_STRING:
+            case DER_NULL:
+            case DER_OBJECT_ID:
+            case DER_SEQUENCE:
+            case DER_SET:
+            case DER_PRINTABLE_STRING:
+            case DER_T61_STRING:
+            case DER_IA5_STRING:
+            case DER_VISIBLE_STRING:
+            case DER_UTC_TIME:
+            case 0: /* end-of-contents tag */
+                break;
+            default:
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                return SECFailure;
+        }
+    }
+
+    /*
+     * Get first byte of length code (might contain entire length, might not).
+     */
+    contents_len = *bp++;
+
+    /*
+     * If the high bit is set, then the length is in multibyte format,
+     * or the thing has an indefinite-length.
+     */
+    if (contents_len & 0x80) {
+        int bytes_of_encoded_len;
+
+        bytes_of_encoded_len = contents_len & 0x7f;
+        contents_len = 0;
+
+        switch (bytes_of_encoded_len) {
+            case 4:
+                contents_len |= *bp++;
+                contents_len <<= 8;
+            /* fallthru */
+            case 3:
+                contents_len |= *bp++;
+                contents_len <<= 8;
+            /* fallthru */
+            case 2:
+                contents_len |= *bp++;
+                contents_len <<= 8;
+            /* fallthru */
+            case 1:
+                contents_len |= *bp++;
+                break;
+
+            case 0:
+                contents_len = der_indefinite_length(bp, end);
+                if (contents_len)
+                    break;
+            /* fallthru */
+            default:
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                return SECFailure;
+        }
+    }
+
+    if ((bp + contents_len) > end) {
+        /* Ran past end of buffer */
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return SECFailure;
+    }
+
+    *header_len_p = (int)(bp - buf);
+    *contents_len_p = contents_len;
+
+    return SECSuccess;
+}
+
+SECStatus
+DER_Lengths(SECItem *item, int *header_len_p, PRUint32 *contents_len_p)
+{
+    return (der_capture(item->data, &item->data[item->len], header_len_p,
+                        contents_len_p));
+}
diff --git a/nss/lib/util/derenc.c b/nss/lib/util/derenc.c
new file mode 100644
index 0000000..da9fc4e
--- /dev/null
+++ b/nss/lib/util/derenc.c
@@ -0,0 +1,460 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secder.h"
+#include "secerr.h"
+
+#if 0
+/*
+ * Generic templates for individual/simple items.
+ */
+
+DERTemplate SECAnyTemplate[] = {
+    { DER_ANY,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECBitStringTemplate[] = {
+    { DER_BIT_STRING,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECBooleanTemplate[] = {
+    { DER_BOOLEAN,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECIA5StringTemplate[] = {
+    { DER_IA5_STRING,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECIntegerTemplate[] = {
+    { DER_INTEGER,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECNullTemplate[] = {
+    { DER_NULL,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECObjectIDTemplate[] = {
+    { DER_OBJECT_ID,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECOctetStringTemplate[] = {
+    { DER_OCTET_STRING,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECPrintableStringTemplate[] = {
+    { DER_PRINTABLE_STRING,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECT61StringTemplate[] = {
+    { DER_T61_STRING,
+	  0, NULL, sizeof(SECItem) }
+};
+
+DERTemplate SECUTCTimeTemplate[] = {
+    { DER_UTC_TIME,
+	  0, NULL, sizeof(SECItem) }
+};
+
+#endif
+
+static int
+header_length(DERTemplate *dtemplate, PRUint32 contents_len)
+{
+    PRUint32 len;
+    unsigned long encode_kind, under_kind;
+    PRBool explicit, optional, universal;
+
+    encode_kind = dtemplate->kind;
+
+    explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
+    optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE;
+    universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
+                    ? PR_TRUE
+                    : PR_FALSE;
+
+    PORT_Assert(!(explicit && universal)); /* bad templates */
+
+    if (encode_kind & DER_POINTER) {
+        if (dtemplate->sub != NULL) {
+            under_kind = dtemplate->sub->kind;
+            if (universal) {
+                encode_kind = under_kind;
+            }
+        } else if (universal) {
+            under_kind = encode_kind & ~DER_POINTER;
+        } else {
+            under_kind = dtemplate->arg;
+        }
+    } else if (encode_kind & DER_INLINE) {
+        PORT_Assert(dtemplate->sub != NULL);
+        under_kind = dtemplate->sub->kind;
+        if (universal) {
+            encode_kind = under_kind;
+        }
+    } else if (universal) {
+        under_kind = encode_kind;
+    } else {
+        under_kind = dtemplate->arg;
+    }
+
+    /* This is only used in decoding; it plays no part in encoding.  */
+    if (under_kind & DER_DERPTR)
+        return 0;
+
+    /* No header at all for an "empty" optional.  */
+    if ((contents_len == 0) && optional)
+        return 0;
+
+    /* And no header for a full DER_ANY.  */
+    if (encode_kind & DER_ANY)
+        return 0;
+
+    /*
+     * The common case: one octet for identifier and as many octets
+     * as necessary to hold the content length.
+     */
+    len = 1 + DER_LengthLength(contents_len);
+
+    /* Account for the explicit wrapper, if necessary.  */
+    if (explicit) {
+#if 0 /*                                                         \
+       * Well, I was trying to do something useful, but these    \
+       * assertions are too restrictive on valid templates.      \
+       * I wanted to make sure that the top-level "kind" of      \
+       * a template does not also specify DER_EXPLICIT, which    \
+       * should only modify a component field.  Maybe later      \
+       * I can figure out a better way to detect such a problem, \
+       * but for now I must remove these checks altogether.      \
+       */
+	/*
+	 * This modifier applies only to components of a set or sequence;
+	 * it should never be used on a set/sequence itself -- confirm.
+	 */
+	PORT_Assert (under_kind != DER_SEQUENCE);
+	PORT_Assert (under_kind != DER_SET);
+#endif
+
+        len += 1 + DER_LengthLength(len + contents_len);
+    }
+
+    return len;
+}
+
+static PRUint32
+contents_length(DERTemplate *dtemplate, void *src)
+{
+    PRUint32 len;
+    unsigned long encode_kind, under_kind;
+    PRBool universal;
+
+    PORT_Assert(src != NULL);
+
+    encode_kind = dtemplate->kind;
+
+    universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
+                    ? PR_TRUE
+                    : PR_FALSE;
+    encode_kind &= ~DER_OPTIONAL;
+
+    if (encode_kind & DER_POINTER) {
+        src = *(void **)src;
+        if (src == NULL) {
+            return 0;
+        }
+        if (dtemplate->sub != NULL) {
+            dtemplate = dtemplate->sub;
+            under_kind = dtemplate->kind;
+            src = (void *)((char *)src + dtemplate->offset);
+        } else if (universal) {
+            under_kind = encode_kind & ~DER_POINTER;
+        } else {
+            under_kind = dtemplate->arg;
+        }
+    } else if (encode_kind & DER_INLINE) {
+        PORT_Assert(dtemplate->sub != NULL);
+        dtemplate = dtemplate->sub;
+        under_kind = dtemplate->kind;
+        src = (void *)((char *)src + dtemplate->offset);
+    } else if (universal) {
+        under_kind = encode_kind;
+    } else {
+        under_kind = dtemplate->arg;
+    }
+
+    /* Having any of these bits is not expected here...  */
+    PORT_Assert((under_kind & (DER_EXPLICIT | DER_INLINE | DER_OPTIONAL | DER_POINTER | DER_SKIP)) == 0);
+
+    /* This is only used in decoding; it plays no part in encoding.  */
+    if (under_kind & DER_DERPTR)
+        return 0;
+
+    if (under_kind & DER_INDEFINITE) {
+        PRUint32 sub_len;
+        void **indp = *(void ***)src;
+
+        if (indp == NULL)
+            return 0;
+
+        len = 0;
+        under_kind &= ~DER_INDEFINITE;
+
+        if (under_kind == DER_SET || under_kind == DER_SEQUENCE) {
+            DERTemplate *tmpt = dtemplate->sub;
+            PORT_Assert(tmpt != NULL);
+
+            for (; *indp != NULL; indp++) {
+                void *sub_src = (void *)((char *)(*indp) + tmpt->offset);
+                sub_len = contents_length(tmpt, sub_src);
+                len += sub_len + header_length(tmpt, sub_len);
+            }
+        } else {
+            /*
+    	     * XXX Lisa is not sure this code (for handling, for example,
+    	     * DER_INDEFINITE | DER_OCTET_STRING) is right.
+    	     */
+            for (; *indp != NULL; indp++) {
+                SECItem *item = (SECItem *)(*indp);
+                sub_len = item->len;
+                if (under_kind == DER_BIT_STRING) {
+                    sub_len = (sub_len + 7) >> 3;
+                    /* bit string contents involve an extra octet */
+                    if (sub_len)
+                        sub_len++;
+                }
+                if (under_kind != DER_ANY)
+                    len += 1 + DER_LengthLength(sub_len);
+            }
+        }
+
+        return len;
+    }
+
+    switch (under_kind) {
+        case DER_SEQUENCE:
+        case DER_SET: {
+            DERTemplate *tmpt;
+            void *sub_src;
+            PRUint32 sub_len;
+
+            len = 0;
+            for (tmpt = dtemplate + 1; tmpt->kind; tmpt++) {
+                sub_src = (void *)((char *)src + tmpt->offset);
+                sub_len = contents_length(tmpt, sub_src);
+                len += sub_len + header_length(tmpt, sub_len);
+            }
+        } break;
+
+        case DER_BIT_STRING:
+            len = (((SECItem *)src)->len + 7) >> 3;
+            /* bit string contents involve an extra octet */
+            if (len)
+                len++;
+            break;
+
+        default:
+            len = ((SECItem *)src)->len;
+            break;
+    }
+
+    return len;
+}
+
+static unsigned char *
+der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src)
+{
+    int header_len;
+    PRUint32 contents_len;
+    unsigned long encode_kind, under_kind;
+    PRBool explicit, universal;
+
+    /*
+     * First figure out how long the encoding will be.  Do this by
+     * traversing the template from top to bottom and accumulating
+     * the length of each leaf item.
+     */
+    contents_len = contents_length(dtemplate, src);
+    header_len = header_length(dtemplate, contents_len);
+
+    /*
+     * Enough smarts was involved already, so that if both the
+     * header and the contents have a length of zero, then we
+     * are not doing any encoding for this element.
+     */
+    if (header_len == 0 && contents_len == 0)
+        return buf;
+
+    encode_kind = dtemplate->kind;
+
+    explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~DER_OPTIONAL;
+    universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
+                    ? PR_TRUE
+                    : PR_FALSE;
+
+    if (encode_kind & DER_POINTER) {
+        if (contents_len) {
+            src = *(void **)src;
+            PORT_Assert(src != NULL);
+        }
+        if (dtemplate->sub != NULL) {
+            dtemplate = dtemplate->sub;
+            under_kind = dtemplate->kind;
+            if (universal) {
+                encode_kind = under_kind;
+            }
+            src = (void *)((char *)src + dtemplate->offset);
+        } else if (universal) {
+            under_kind = encode_kind & ~DER_POINTER;
+        } else {
+            under_kind = dtemplate->arg;
+        }
+    } else if (encode_kind & DER_INLINE) {
+        dtemplate = dtemplate->sub;
+        under_kind = dtemplate->kind;
+        if (universal) {
+            encode_kind = under_kind;
+        }
+        src = (void *)((char *)src + dtemplate->offset);
+    } else if (universal) {
+        under_kind = encode_kind;
+    } else {
+        under_kind = dtemplate->arg;
+    }
+
+    if (explicit) {
+        buf = DER_StoreHeader(buf, encode_kind,
+                              (1 + DER_LengthLength(contents_len) + contents_len));
+        encode_kind = under_kind;
+    }
+
+    if ((encode_kind & DER_ANY) == 0) { /* DER_ANY already contains header */
+        buf = DER_StoreHeader(buf, encode_kind, contents_len);
+    }
+
+    /* If no real contents to encode, then we are done.  */
+    if (contents_len == 0)
+        return buf;
+
+    if (under_kind & DER_INDEFINITE) {
+        void **indp;
+
+        indp = *(void ***)src;
+        PORT_Assert(indp != NULL);
+
+        under_kind &= ~DER_INDEFINITE;
+        if (under_kind == DER_SET || under_kind == DER_SEQUENCE) {
+            DERTemplate *tmpt = dtemplate->sub;
+            PORT_Assert(tmpt != NULL);
+            for (; *indp != NULL; indp++) {
+                void *sub_src = (void *)((char *)(*indp) + tmpt->offset);
+                buf = der_encode(buf, tmpt, sub_src);
+            }
+        } else {
+            for (; *indp != NULL; indp++) {
+                SECItem *item;
+                int sub_len;
+
+                item = (SECItem *)(*indp);
+                sub_len = item->len;
+                if (under_kind == DER_BIT_STRING) {
+                    if (sub_len) {
+                        int rem;
+
+                        sub_len = (sub_len + 7) >> 3;
+                        buf = DER_StoreHeader(buf, under_kind, sub_len + 1);
+                        rem = (sub_len << 3) - item->len;
+                        *buf++ = rem; /* remaining bits */
+                    } else {
+                        buf = DER_StoreHeader(buf, under_kind, 0);
+                    }
+                } else if (under_kind != DER_ANY) {
+                    buf = DER_StoreHeader(buf, under_kind, sub_len);
+                }
+                PORT_Memcpy(buf, item->data, sub_len);
+                buf += sub_len;
+            }
+        }
+        return buf;
+    }
+
+    switch (under_kind) {
+        case DER_SEQUENCE:
+        case DER_SET: {
+            DERTemplate *tmpt;
+            void *sub_src;
+
+            for (tmpt = dtemplate + 1; tmpt->kind; tmpt++) {
+                sub_src = (void *)((char *)src + tmpt->offset);
+                buf = der_encode(buf, tmpt, sub_src);
+            }
+        } break;
+
+        case DER_BIT_STRING: {
+            SECItem *item;
+            int rem;
+
+            /*
+    	     * The contents length includes our extra octet; subtract
+    	     * it off so we just have the real string length there.
+    	     */
+            contents_len--;
+            item = (SECItem *)src;
+            PORT_Assert(contents_len == ((item->len + 7) >> 3));
+            rem = (contents_len << 3) - item->len;
+            *buf++ = rem; /* remaining bits */
+            PORT_Memcpy(buf, item->data, contents_len);
+            buf += contents_len;
+        } break;
+
+        default: {
+            SECItem *item;
+
+            item = (SECItem *)src;
+            PORT_Assert(contents_len == item->len);
+            PORT_Memcpy(buf, item->data, contents_len);
+            buf += contents_len;
+        } break;
+    }
+
+    return buf;
+}
+
+SECStatus
+DER_Encode(PLArenaPool *arena, SECItem *dest, DERTemplate *dtemplate, void *src)
+{
+    unsigned int contents_len, header_len;
+
+    src = (void **)((char *)src + dtemplate->offset);
+
+    /*
+     * First figure out how long the encoding will be. Do this by
+     * traversing the template from top to bottom and accumulating
+     * the length of each leaf item.
+     */
+    contents_len = contents_length(dtemplate, src);
+    header_len = header_length(dtemplate, contents_len);
+
+    dest->len = contents_len + header_len;
+
+    /* Allocate storage to hold the encoding */
+    dest->data = (unsigned char *)PORT_ArenaAlloc(arena, dest->len);
+    if (dest->data == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    /* Now encode into the buffer */
+    (void)der_encode(dest->data, dtemplate, src);
+
+    return SECSuccess;
+}
diff --git a/nss/lib/util/dersubr.c b/nss/lib/util/dersubr.c
new file mode 100644
index 0000000..03d070a
--- /dev/null
+++ b/nss/lib/util/dersubr.c
@@ -0,0 +1,249 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secder.h"
+#include <limits.h>
+#include "secerr.h"
+
+int
+DER_LengthLength(PRUint32 len)
+{
+    if (len > 127) {
+        if (len > 255) {
+            if (len > 65535L) {
+                if (len > 16777215L) {
+                    return 5;
+                } else {
+                    return 4;
+                }
+            } else {
+                return 3;
+            }
+        } else {
+            return 2;
+        }
+    } else {
+        return 1;
+    }
+}
+
+unsigned char *
+DER_StoreHeader(unsigned char *buf, unsigned int code, PRUint32 len)
+{
+    unsigned char b[4];
+
+    b[0] = (unsigned char)(len >> 24);
+    b[1] = (unsigned char)(len >> 16);
+    b[2] = (unsigned char)(len >> 8);
+    b[3] = (unsigned char)len;
+    if ((code & DER_TAGNUM_MASK) == DER_SET || (code & DER_TAGNUM_MASK) == DER_SEQUENCE)
+        code |= DER_CONSTRUCTED;
+    *buf++ = code;
+    if (len > 127) {
+        if (len > 255) {
+            if (len > 65535) {
+                if (len > 16777215) {
+                    *buf++ = 0x84;
+                    *buf++ = b[0];
+                    *buf++ = b[1];
+                    *buf++ = b[2];
+                    *buf++ = b[3];
+                } else {
+                    *buf++ = 0x83;
+                    *buf++ = b[1];
+                    *buf++ = b[2];
+                    *buf++ = b[3];
+                }
+            } else {
+                *buf++ = 0x82;
+                *buf++ = b[2];
+                *buf++ = b[3];
+            }
+        } else {
+            *buf++ = 0x81;
+            *buf++ = b[3];
+        }
+    } else {
+        *buf++ = b[3];
+    }
+    return buf;
+}
+
+/*
+ * XXX This should be rewritten, generalized, to take a long instead
+ * of a PRInt32.
+ */
+SECStatus
+DER_SetInteger(PLArenaPool *arena, SECItem *it, PRInt32 i)
+{
+    unsigned char bb[4];
+    unsigned len;
+
+    bb[0] = (unsigned char)(i >> 24);
+    bb[1] = (unsigned char)(i >> 16);
+    bb[2] = (unsigned char)(i >> 8);
+    bb[3] = (unsigned char)(i);
+
+    /*
+    ** Small integers are encoded in a single byte. Larger integers
+    ** require progressively more space.
+    */
+    if (i < -128) {
+        if (i < -32768L) {
+            if (i < -8388608L) {
+                len = 4;
+            } else {
+                len = 3;
+            }
+        } else {
+            len = 2;
+        }
+    } else if (i > 127) {
+        if (i > 32767L) {
+            if (i > 8388607L) {
+                len = 4;
+            } else {
+                len = 3;
+            }
+        } else {
+            len = 2;
+        }
+    } else {
+        len = 1;
+    }
+    it->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
+    if (!it->data) {
+        return SECFailure;
+    }
+    it->len = len;
+    PORT_Memcpy(it->data, bb + (4 - len), len);
+    return SECSuccess;
+}
+
+/*
+ * XXX This should be rewritten, generalized, to take an unsigned long instead
+ * of a PRUint32.
+ */
+SECStatus
+DER_SetUInteger(PLArenaPool *arena, SECItem *it, PRUint32 ui)
+{
+    unsigned char bb[5];
+    int len;
+
+    bb[0] = 0;
+    bb[1] = (unsigned char)(ui >> 24);
+    bb[2] = (unsigned char)(ui >> 16);
+    bb[3] = (unsigned char)(ui >> 8);
+    bb[4] = (unsigned char)(ui);
+
+    /*
+    ** Small integers are encoded in a single byte. Larger integers
+    ** require progressively more space.
+    */
+    if (ui > 0x7f) {
+        if (ui > 0x7fff) {
+            if (ui > 0x7fffffL) {
+                if (ui >= 0x80000000L) {
+                    len = 5;
+                } else {
+                    len = 4;
+                }
+            } else {
+                len = 3;
+            }
+        } else {
+            len = 2;
+        }
+    } else {
+        len = 1;
+    }
+
+    it->data = (unsigned char *)PORT_ArenaAlloc(arena, len);
+    if (it->data == NULL) {
+        return SECFailure;
+    }
+
+    it->len = len;
+    PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
+
+    return SECSuccess;
+}
+
+/*
+** Convert a der encoded *signed* integer into a machine integral value.
+** If an underflow/overflow occurs, sets error code and returns min/max.
+*/
+long
+DER_GetInteger(const SECItem *it)
+{
+    unsigned long ival;
+    PRBool negative;
+    unsigned int len = it->len;
+    unsigned char *cp = it->data;
+    size_t lsize = sizeof(ival);
+
+    PORT_Assert(len);
+    if (!len) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return 0;
+    }
+
+    negative = (PRBool)(*cp & 0x80);
+    ival = negative ? ~0 : 0;
+
+    /* Ignore leading zeros/ones. */
+    while (len && *cp == (unsigned char)ival) {
+        len--;
+        cp++;
+    }
+
+    /* Check for overflow/underflow. */
+    if (len > lsize || (len == lsize && (*cp & 0x80) != negative)) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return negative ? LONG_MIN : LONG_MAX;
+    }
+
+    while (len--) {
+        ival <<= 8;
+        ival |= *cp++;
+    }
+
+    return ival;
+}
+
+/*
+** Convert a der encoded *unsigned* integer into a machine integral value.
+** If an overflow occurs, sets error code and returns max.
+*/
+unsigned long
+DER_GetUInteger(SECItem *it)
+{
+    unsigned long ival = 0;
+    unsigned len = it->len;
+    unsigned char *cp = it->data;
+    unsigned long overflow = 0xffUL << ((sizeof(ival) - 1) * 8);
+
+    PORT_Assert(len);
+    if (!len) {
+        PORT_SetError(SEC_ERROR_INPUT_LEN);
+        return 0;
+    }
+
+    /* Cannot put a negative value into an unsigned container. */
+    if (*cp & 0x80) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return 0;
+    }
+
+    while (len) {
+        if (ival & overflow) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            return ULONG_MAX;
+        }
+        ival = ival << 8;
+        ival |= *cp++;
+        --len;
+    }
+    return ival;
+}
diff --git a/nss/lib/util/dertime.c b/nss/lib/util/dertime.c
new file mode 100644
index 0000000..f58fc18
--- /dev/null
+++ b/nss/lib/util/dertime.c
@@ -0,0 +1,310 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prtypes.h"
+#include "prtime.h"
+#include "secder.h"
+#include "prlong.h"
+#include "secerr.h"
+
+#define HIDIGIT(v) (((v) / 10) + '0')
+#define LODIGIT(v) (((v) % 10) + '0')
+
+#define ISDIGIT(dig) (((dig) >= '0') && ((dig) <= '9'))
+#define CAPTURE(var, p, label)                        \
+    {                                                 \
+        if (!ISDIGIT((p)[0]) || !ISDIGIT((p)[1]))     \
+            goto label;                               \
+        (var) = ((p)[0] - '0') * 10 + ((p)[1] - '0'); \
+        p += 2;                                       \
+    }
+
+static const PRTime January1st1 = PR_INT64(0xff23400100d44000);
+static const PRTime January1st1950 = PR_INT64(0xfffdc1f8793da000);
+static const PRTime January1st2050 = PR_INT64(0x0008f81e1b098000);
+static const PRTime January1st10000 = PR_INT64(0x0384440ccc736000);
+
+/* gmttime must contains UTC time in micro-seconds unit */
+SECStatus
+DER_TimeToUTCTimeArena(PLArenaPool *arenaOpt, SECItem *dst, PRTime gmttime)
+{
+    PRExplodedTime printableTime;
+    unsigned char *d;
+
+    if ((gmttime < January1st1950) || (gmttime >= January1st2050)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    dst->len = 13;
+    if (arenaOpt) {
+        dst->data = d = (unsigned char *)PORT_ArenaAlloc(arenaOpt, dst->len);
+    } else {
+        dst->data = d = (unsigned char *)PORT_Alloc(dst->len);
+    }
+    dst->type = siUTCTime;
+    if (!d) {
+        return SECFailure;
+    }
+
+    /* Convert a PRTime to a printable format.  */
+    PR_ExplodeTime(gmttime, PR_GMTParameters, &printableTime);
+
+    /* The month in UTC time is base one */
+    printableTime.tm_month++;
+
+    /* remove the century since it's added to the tm_year by the
+       PR_ExplodeTime routine, but is not needed for UTC time */
+    printableTime.tm_year %= 100;
+
+    d[0] = HIDIGIT(printableTime.tm_year);
+    d[1] = LODIGIT(printableTime.tm_year);
+    d[2] = HIDIGIT(printableTime.tm_month);
+    d[3] = LODIGIT(printableTime.tm_month);
+    d[4] = HIDIGIT(printableTime.tm_mday);
+    d[5] = LODIGIT(printableTime.tm_mday);
+    d[6] = HIDIGIT(printableTime.tm_hour);
+    d[7] = LODIGIT(printableTime.tm_hour);
+    d[8] = HIDIGIT(printableTime.tm_min);
+    d[9] = LODIGIT(printableTime.tm_min);
+    d[10] = HIDIGIT(printableTime.tm_sec);
+    d[11] = LODIGIT(printableTime.tm_sec);
+    d[12] = 'Z';
+    return SECSuccess;
+}
+
+SECStatus
+DER_TimeToUTCTime(SECItem *dst, PRTime gmttime)
+{
+    return DER_TimeToUTCTimeArena(NULL, dst, gmttime);
+}
+
+static SECStatus /* forward */
+    der_TimeStringToTime(PRTime *dst, const char *string, int generalized,
+                         const char **endptr);
+
+#define GEN_STRING 2 /* TimeString is a GeneralizedTime */
+#define UTC_STRING 0 /* TimeString is a UTCTime         */
+
+/* The caller of DER_AsciiToItem MUST ENSURE that either
+** a) "string" points to a null-terminated ASCII string, or
+** b) "string" points to a buffer containing a valid UTCTime,
+**     whether null terminated or not, or
+** c) "string" contains at least 19 characters, with or without null char.
+** otherwise, this function may UMR and/or crash.
+** It suffices to ensure that the input "string" is at least 17 bytes long.
+*/
+SECStatus
+DER_AsciiToTime(PRTime *dst, const char *string)
+{
+    return der_TimeStringToTime(dst, string, UTC_STRING, NULL);
+}
+
+SECStatus
+DER_UTCTimeToTime(PRTime *dst, const SECItem *time)
+{
+    /* Minimum valid UTCTime is yymmddhhmmZ       which is 11 bytes.
+    ** Maximum valid UTCTime is yymmddhhmmss+0000 which is 17 bytes.
+    ** 20 should be large enough for all valid encoded times.
+    */
+    unsigned int i;
+    char localBuf[20];
+    const char *end = NULL;
+    SECStatus rv;
+
+    if (!time || !time->data || time->len < 11 || time->len > 17) {
+        PORT_SetError(SEC_ERROR_INVALID_TIME);
+        return SECFailure;
+    }
+
+    for (i = 0; i < time->len; i++) {
+        if (time->data[i] == '\0') {
+            PORT_SetError(SEC_ERROR_INVALID_TIME);
+            return SECFailure;
+        }
+        localBuf[i] = time->data[i];
+    }
+    localBuf[i] = '\0';
+
+    rv = der_TimeStringToTime(dst, localBuf, UTC_STRING, &end);
+    if (rv == SECSuccess && *end != '\0') {
+        PORT_SetError(SEC_ERROR_INVALID_TIME);
+        return SECFailure;
+    }
+    return rv;
+}
+
+/*
+   gmttime must contains UTC time in micro-seconds unit.
+   Note: the caller should make sure that Generalized time
+   should only be used for certifiate validities after the
+   year 2049.  Otherwise, UTC time should be used.  This routine
+   does not check this case, since it can be used to encode
+   certificate extension, which does not have this restriction.
+ */
+SECStatus
+DER_TimeToGeneralizedTimeArena(PLArenaPool *arenaOpt, SECItem *dst, PRTime gmttime)
+{
+    PRExplodedTime printableTime;
+    unsigned char *d;
+
+    if ((gmttime < January1st1) || (gmttime >= January1st10000)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    dst->len = 15;
+    if (arenaOpt) {
+        dst->data = d = (unsigned char *)PORT_ArenaAlloc(arenaOpt, dst->len);
+    } else {
+        dst->data = d = (unsigned char *)PORT_Alloc(dst->len);
+    }
+    dst->type = siGeneralizedTime;
+    if (!d) {
+        return SECFailure;
+    }
+
+    /* Convert a PRTime to a printable format.  */
+    PR_ExplodeTime(gmttime, PR_GMTParameters, &printableTime);
+
+    /* The month in Generalized time is base one */
+    printableTime.tm_month++;
+
+    d[0] = (printableTime.tm_year / 1000) + '0';
+    d[1] = ((printableTime.tm_year % 1000) / 100) + '0';
+    d[2] = ((printableTime.tm_year % 100) / 10) + '0';
+    d[3] = (printableTime.tm_year % 10) + '0';
+    d[4] = HIDIGIT(printableTime.tm_month);
+    d[5] = LODIGIT(printableTime.tm_month);
+    d[6] = HIDIGIT(printableTime.tm_mday);
+    d[7] = LODIGIT(printableTime.tm_mday);
+    d[8] = HIDIGIT(printableTime.tm_hour);
+    d[9] = LODIGIT(printableTime.tm_hour);
+    d[10] = HIDIGIT(printableTime.tm_min);
+    d[11] = LODIGIT(printableTime.tm_min);
+    d[12] = HIDIGIT(printableTime.tm_sec);
+    d[13] = LODIGIT(printableTime.tm_sec);
+    d[14] = 'Z';
+    return SECSuccess;
+}
+
+SECStatus
+DER_TimeToGeneralizedTime(SECItem *dst, PRTime gmttime)
+{
+    return DER_TimeToGeneralizedTimeArena(NULL, dst, gmttime);
+}
+
+SECStatus
+DER_GeneralizedTimeToTime(PRTime *dst, const SECItem *time)
+{
+    /* Minimum valid GeneralizedTime is ccyymmddhhmmZ       which is 13 bytes.
+    ** Maximum valid GeneralizedTime is ccyymmddhhmmss+0000 which is 19 bytes.
+    ** 20 should be large enough for all valid encoded times.
+    */
+    unsigned int i;
+    char localBuf[20];
+    const char *end = NULL;
+    SECStatus rv;
+
+    if (!time || !time->data || time->len < 13 || time->len > 19) {
+        PORT_SetError(SEC_ERROR_INVALID_TIME);
+        return SECFailure;
+    }
+
+    for (i = 0; i < time->len; i++) {
+        if (time->data[i] == '\0') {
+            PORT_SetError(SEC_ERROR_INVALID_TIME);
+            return SECFailure;
+        }
+        localBuf[i] = time->data[i];
+    }
+    localBuf[i] = '\0';
+
+    rv = der_TimeStringToTime(dst, localBuf, GEN_STRING, &end);
+    if (rv == SECSuccess && *end != '\0') {
+        PORT_SetError(SEC_ERROR_INVALID_TIME);
+        return SECFailure;
+    }
+    return rv;
+}
+
+static SECStatus
+der_TimeStringToTime(PRTime *dst, const char *string, int generalized,
+                     const char **endptr)
+{
+    PRExplodedTime genTime;
+    long hourOff = 0, minOff = 0;
+    PRUint16 century;
+    char signum;
+
+    if (string == NULL || dst == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* Verify time is formatted properly and capture information */
+    memset(&genTime, 0, sizeof genTime);
+
+    if (generalized == UTC_STRING) {
+        CAPTURE(genTime.tm_year, string, loser);
+        century = (genTime.tm_year < 50) ? 20 : 19;
+    } else {
+        CAPTURE(century, string, loser);
+        CAPTURE(genTime.tm_year, string, loser);
+    }
+    genTime.tm_year += century * 100;
+
+    CAPTURE(genTime.tm_month, string, loser);
+    if ((genTime.tm_month == 0) || (genTime.tm_month > 12))
+        goto loser;
+
+    /* NSPR month base is 0 */
+    --genTime.tm_month;
+
+    CAPTURE(genTime.tm_mday, string, loser);
+    if ((genTime.tm_mday == 0) || (genTime.tm_mday > 31))
+        goto loser;
+
+    CAPTURE(genTime.tm_hour, string, loser);
+    if (genTime.tm_hour > 23)
+        goto loser;
+
+    CAPTURE(genTime.tm_min, string, loser);
+    if (genTime.tm_min > 59)
+        goto loser;
+
+    if (ISDIGIT(string[0])) {
+        CAPTURE(genTime.tm_sec, string, loser);
+        if (genTime.tm_sec > 59)
+            goto loser;
+    }
+    signum = *string++;
+    if (signum == '+' || signum == '-') {
+        CAPTURE(hourOff, string, loser);
+        if (hourOff > 23)
+            goto loser;
+        CAPTURE(minOff, string, loser);
+        if (minOff > 59)
+            goto loser;
+        if (signum == '-') {
+            hourOff = -hourOff;
+            minOff = -minOff;
+        }
+    } else if (signum != 'Z') {
+        goto loser;
+    }
+
+    if (endptr)
+        *endptr = string;
+
+    /* Convert the GMT offset to seconds and save it in genTime
+     * for the implode time call.
+     */
+    genTime.tm_params.tp_gmt_offset = (PRInt32)((hourOff * 60L + minOff) * 60L);
+    *dst = PR_ImplodeTime(&genTime);
+    return SECSuccess;
+
+loser:
+    PORT_SetError(SEC_ERROR_INVALID_TIME);
+    return SECFailure;
+}
diff --git a/nss/lib/util/eccutil.h b/nss/lib/util/eccutil.h
new file mode 100644
index 0000000..8c627e1
--- /dev/null
+++ b/nss/lib/util/eccutil.h
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _FREEBL_H_
+#define _FREEBL_H_
+
+/* deprecated */
+typedef enum {
+    ECPoint_Uncompressed,
+    ECPoint_XOnly,
+    ECPoint_Undefined
+} ECPointEncoding;
+
+#endif /* _FREEBL_H_ */
diff --git a/nss/lib/util/errstrs.c b/nss/lib/util/errstrs.c
new file mode 100644
index 0000000..138ee39
--- /dev/null
+++ b/nss/lib/util/errstrs.c
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "prerror.h"
+#include "secerr.h"
+#include "secport.h"
+#include "prinit.h"
+#include "prprf.h"
+#include "prtypes.h"
+#include "prlog.h"
+#include "plstr.h"
+#include "nssutil.h"
+#include <string.h>
+
+#define ER3(name, value, str) { #name, str },
+
+static const struct PRErrorMessage sectext[] = {
+#include "SECerrs.h"
+    { 0, 0 }
+};
+
+static const struct PRErrorTable sec_et = {
+    sectext, "secerrstrings", SEC_ERROR_BASE,
+    (sizeof sectext) / (sizeof sectext[0])
+};
+
+static PRStatus
+nss_InitializePRErrorTableOnce(void)
+{
+    return PR_ErrorInstallTable(&sec_et);
+}
+
+static PRCallOnceType once;
+
+SECStatus
+NSS_InitializePRErrorTable(void)
+{
+    return (PR_SUCCESS == PR_CallOnce(&once, nss_InitializePRErrorTableOnce))
+               ? SECSuccess
+               : SECFailure;
+}
diff --git a/nss/lib/util/exports.gyp b/nss/lib/util/exports.gyp
new file mode 100644
index 0000000..eb220d2
--- /dev/null
+++ b/nss/lib/util/exports.gyp
@@ -0,0 +1,67 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'lib_util_exports',
+      'type': 'none',
+      'copies': [
+        {
+          'files': [
+            'base64.h',
+            'ciferfam.h',
+            'eccutil.h',
+            'hasht.h',
+            'nssb64.h',
+            'nssb64t.h',
+            'nssilckt.h',
+            'nssilock.h',
+            'nsslocks.h',
+            'nssrwlk.h',
+            'nssrwlkt.h',
+            'nssutil.h',
+            'pkcs11.h',
+            'pkcs11f.h',
+            'pkcs11n.h',
+            'pkcs11p.h',
+            'pkcs11t.h',
+            'pkcs11u.h',
+            'pkcs1sig.h',
+            'portreg.h',
+            'secasn1.h',
+            'secasn1t.h',
+            'seccomon.h',
+            'secder.h',
+            'secdert.h',
+            'secdig.h',
+            'secdigt.h',
+            'secerr.h',
+            'secitem.h',
+            'secoid.h',
+            'secoidt.h',
+            'secport.h',
+            'utilmodt.h',
+            'utilpars.h',
+            'utilparst.h',
+            'utilrename.h'
+          ],
+          'destination': '<(nss_public_dist_dir)/<(module)'
+        },
+        {
+          'files': [
+            'templates.c',
+            'verref.h'
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+        }
+      ]
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
diff --git a/nss/lib/util/hasht.h b/nss/lib/util/hasht.h
new file mode 100644
index 0000000..536d34c
--- /dev/null
+++ b/nss/lib/util/hasht.h
@@ -0,0 +1,63 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _HASHT_H_
+#define _HASHT_H_
+
+#include "prtypes.h"
+
+/* Opaque objects */
+typedef struct SECHashObjectStr SECHashObject;
+typedef struct HASHContextStr HASHContext;
+
+/*
+ * The hash functions the security library supports
+ * NOTE the order must match the definition of SECHashObjects[]!
+ */
+typedef enum {
+    HASH_AlgNULL = 0,
+    HASH_AlgMD2 = 1,
+    HASH_AlgMD5 = 2,
+    HASH_AlgSHA1 = 3,
+    HASH_AlgSHA256 = 4,
+    HASH_AlgSHA384 = 5,
+    HASH_AlgSHA512 = 6,
+    HASH_AlgSHA224 = 7,
+    HASH_AlgTOTAL
+} HASH_HashType;
+
+/*
+ * Number of bytes each hash algorithm produces
+ */
+#define MD2_LENGTH 16
+#define MD5_LENGTH 16
+#define SHA1_LENGTH 20
+#define SHA224_LENGTH 28
+#define SHA256_LENGTH 32
+#define SHA384_LENGTH 48
+#define SHA512_LENGTH 64
+#define HASH_LENGTH_MAX SHA512_LENGTH
+
+/*
+ * Structure to hold hash computation info and routines
+ */
+struct SECHashObjectStr {
+    unsigned int length; /* hash output length (in bytes) */
+    void *(*create)(void);
+    void *(*clone)(void *);
+    void (*destroy)(void *, PRBool);
+    void (*begin)(void *);
+    void (*update)(void *, const unsigned char *, unsigned int);
+    void (*end)(void *, unsigned char *, unsigned int *, unsigned int);
+    unsigned int blocklength; /* hash input block size (in bytes) */
+    HASH_HashType type;
+    void (*end_raw)(void *, unsigned char *, unsigned int *, unsigned int);
+};
+
+struct HASHContextStr {
+    const struct SECHashObjectStr *hashobj;
+    void *hash_context;
+};
+
+#endif /* _HASHT_H_ */
diff --git a/nss/lib/util/manifest.mn b/nss/lib/util/manifest.mn
new file mode 100644
index 0000000..f0a9fd0
--- /dev/null
+++ b/nss/lib/util/manifest.mn
@@ -0,0 +1,90 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+
+EXPORTS = \
+	base64.h \
+	ciferfam.h \
+	eccutil.h \
+	hasht.h \
+	nssb64.h \
+	nssb64t.h \
+	nsslocks.h \
+	nssilock.h \
+	nssilckt.h \
+	nssrwlk.h \
+	nssrwlkt.h \
+	nssutil.h \
+	pkcs11.h \
+	pkcs11f.h \
+	pkcs11p.h \
+	pkcs11t.h \
+	pkcs11n.h \
+	pkcs11u.h \
+	pkcs1sig.h \
+	portreg.h \
+	secasn1.h \
+	secasn1t.h \
+	seccomon.h \
+	secder.h \
+	secdert.h \
+	secdig.h \
+	secdigt.h \
+	secitem.h \
+	secoid.h \
+	secoidt.h \
+	secport.h \
+	secerr.h \
+	utilmodt.h \
+	utilrename.h \
+	utilpars.h \
+	utilparst.h \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+        verref.h \
+	templates.c \
+	$(NULL)
+
+CSRCS = \
+	quickder.c \
+	secdig.c \
+	derdec.c \
+	derenc.c \
+	dersubr.c \
+	dertime.c \
+	errstrs.c \
+	nssb64d.c \
+	nssb64e.c \
+	nssrwlk.c \
+	nssilock.c \
+	oidstring.c \
+	pkcs1sig.c \
+	portreg.c \
+	secalgid.c \
+	secasn1d.c \
+	secasn1e.c \
+	secasn1u.c \
+	secitem.c \
+	secload.c \
+	secoid.c \
+	sectime.c \
+	secport.c \
+	templates.c \
+	utf8.c \
+	utilmod.c \
+	utilpars.c \
+	$(NULL)
+
+MODULE = nss
+
+# don't duplicate module name in REQUIRES
+MAPFILE = $(OBJDIR)/nssutil.def
+
+LIBRARY_NAME = nssutil
+LIBRARY_VERSION = 3
+
+# This part of the code, including all sub-dirs, can be optimized for size
+export ALLOW_OPT_CODE_SIZE = 1
diff --git a/nss/lib/util/nssb64.h b/nss/lib/util/nssb64.h
new file mode 100644
index 0000000..7882c3b
--- /dev/null
+++ b/nss/lib/util/nssb64.h
@@ -0,0 +1,94 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Public prototypes for base64 encoding/decoding.
+ */
+#ifndef _NSSB64_H_
+#define _NSSB64_H_
+
+#include "utilrename.h"
+#include "seccomon.h"
+#include "nssb64t.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+ * Functions to start a base64 decoding/encoding context.
+ */
+
+extern NSSBase64Decoder *
+NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *,
+                                             PRInt32),
+                        void *output_arg);
+
+extern NSSBase64Encoder *
+NSSBase64Encoder_Create(PRInt32 (*output_fn)(void *, const char *, PRInt32),
+                        void *output_arg);
+
+/*
+ * Push data through the decoder/encoder, causing the output_fn (provided
+ * to Create) to be called with the decoded/encoded data.
+ */
+
+extern SECStatus
+NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer,
+                        PRUint32 size);
+
+extern SECStatus
+NSSBase64Encoder_Update(NSSBase64Encoder *data, const unsigned char *buffer,
+                        PRUint32 size);
+
+/*
+ * When you're done processing, call this to close the context.
+ * If "abort_p" is false, then calling this may cause the output_fn
+ * to be called one last time (as the last buffered data is flushed out).
+ */
+
+extern SECStatus
+NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p);
+
+extern SECStatus
+NSSBase64Encoder_Destroy(NSSBase64Encoder *data, PRBool abort_p);
+
+/*
+ * Perform base64 decoding from an ascii string "inStr" to an Item.
+ * The length of the input must be provided as "inLen".  The Item
+ * may be provided (as "outItemOpt"); you can also pass in a NULL
+ * and the Item will be allocated for you.
+ *
+ * In any case, the data within the Item will be allocated for you.
+ * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
+ * If "arenaOpt" is NULL, standard allocation (heap) will be used and
+ * you will want to free the result via SECITEM_FreeItem.
+ *
+ * Return value is NULL on error, the Item (allocated or provided) otherwise.
+ */
+extern SECItem *
+NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt,
+                       const char *inStr, unsigned int inLen);
+
+/*
+ * Perform base64 encoding of binary data "inItem" to an ascii string.
+ * The output buffer may be provided (as "outStrOpt"); you can also pass
+ * in a NULL and the buffer will be allocated for you.  The result will
+ * be null-terminated, and if the buffer is provided, "maxOutLen" must
+ * specify the maximum length of the buffer and will be checked to
+ * supply sufficient space space for the encoded result.  (If "outStrOpt"
+ * is NULL, "maxOutLen" is ignored.)
+ *
+ * If "outStrOpt" is NULL, allocation will happen out of the passed-in
+ * "arenaOpt", if *it* is non-NULL, otherwise standard allocation (heap)
+ * will be used.
+ *
+ * Return value is NULL on error, the output buffer (allocated or provided)
+ * otherwise.
+ */
+extern char *
+NSSBase64_EncodeItem(PLArenaPool *arenaOpt, char *outStrOpt,
+                     unsigned int maxOutLen, SECItem *inItem);
+
+SEC_END_PROTOS
+
+#endif /* _NSSB64_H_ */
diff --git a/nss/lib/util/nssb64d.c b/nss/lib/util/nssb64d.c
new file mode 100644
index 0000000..886ce21
--- /dev/null
+++ b/nss/lib/util/nssb64d.c
@@ -0,0 +1,823 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Base64 decoding (ascii to binary).
+ */
+
+#include "nssb64.h"
+#include "nspr.h"
+#include "secitem.h"
+#include "secerr.h"
+
+/*
+ * XXX We want this basic support to go into NSPR (the PL part).
+ * Until that can happen, the PL interface is going to be kept entirely
+ * internal here -- all static functions and opaque data structures.
+ * When someone can get it moved over into NSPR, that should be done:
+ *    - giving everything names that are accepted by the NSPR module owners
+ *  (though I tried to choose ones that would work without modification)
+ *    - exporting the functions (remove static declarations and add
+ *  to nssutil.def as necessary)
+ *    - put prototypes into appropriate header file (probably replacing
+ *  the entire current lib/libc/include/plbase64.h in NSPR)
+ *  along with a typedef for the context structure (which should be
+ *  kept opaque -- definition in the source file only, but typedef
+ *  ala "typedef struct PLBase64FooStr PLBase64Foo;" in header file)
+ *    - modify anything else as necessary to conform to NSPR required style
+ *  (I looked but found no formatting guide to follow)
+ *
+ * You will want to move over everything from here down to the comment
+ * which says "XXX End of base64 decoding code to be moved into NSPR",
+ * into a new file in NSPR.
+ */
+
+/*
+ **************************************************************
+ * XXX Beginning of base64 decoding code to be moved into NSPR.
+ */
+
+/*
+ * This typedef would belong in the NSPR header file (i.e. plbase64.h).
+ */
+typedef struct PLBase64DecoderStr PLBase64Decoder;
+
+/*
+ * The following implementation of base64 decoding was based on code
+ * found in libmime (specifically, in mimeenc.c).  It has been adapted to
+ * use PR types and naming as well as to provide other necessary semantics
+ * (like buffer-in/buffer-out in addition to "streaming" without undue
+ * performance hit of extra copying if you made the buffer versions
+ * use the output_fn).  It also incorporates some aspects of the current
+ * NSPR base64 decoding code.  As such, you may find similarities to
+ * both of those implementations.  I tried to use names that reflected
+ * the original code when possible.  For this reason you may find some
+ * inconsistencies -- libmime used lots of "in" and "out" whereas the
+ * NSPR version uses "src" and "dest"; sometimes I changed one to the other
+ * and sometimes I left them when I thought the subroutines were at least
+ * self-consistent.
+ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * Opaque object used by the decoder to store state.
+ */
+struct PLBase64DecoderStr {
+    /* Current token (or portion, if token_size < 4) being decoded. */
+    unsigned char token[4];
+    int token_size;
+
+    /*
+     * Where to write the decoded data (used when streaming, not when
+     * doing all in-memory (buffer) operations).
+     *
+     * Note that this definition is chosen to be compatible with PR_Write.
+     */
+    PRInt32 (*output_fn)(void *output_arg, const unsigned char *buf,
+                         PRInt32 size);
+    void *output_arg;
+
+    /*
+     * Where the decoded output goes -- either temporarily (in the streaming
+     * case, staged here before it goes to the output function) or what will
+     * be the entire buffered result for users of the buffer version.
+     */
+    unsigned char *output_buffer;
+    PRUint32 output_buflen; /* the total length of allocated buffer */
+    PRUint32 output_length; /* the length that is currently populated */
+};
+
+PR_END_EXTERN_C
+
+/*
+ * Table to convert an ascii "code" to its corresponding binary value.
+ * For ease of use, the binary values in the table are the actual values
+ * PLUS ONE.  This is so that the special value of zero can denote an
+ * invalid mapping; that was much easier than trying to fill in the other
+ * values with some value other than zero, and to check for it.
+ * Just remember to SUBTRACT ONE when using the value retrieved.
+ */
+static unsigned char base64_codetovaluep1[256] = {
+    /*   0: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*   8: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  16: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  24: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  32: */ 0, 0, 0, 0, 0, 0, 0, 0,
+    /*  40: */ 0, 0, 0, 63, 0, 0, 0, 64,
+    /*  48: */ 53, 54, 55, 56, 57, 58, 59, 60,
+    /*  56: */ 61, 62, 0, 0, 0, 0, 0, 0,
+    /*  64: */ 0, 1, 2, 3, 4, 5, 6, 7,
+    /*  72: */ 8, 9, 10, 11, 12, 13, 14, 15,
+    /*  80: */ 16, 17, 18, 19, 20, 21, 22, 23,
+    /*  88: */ 24, 25, 26, 0, 0, 0, 0, 0,
+    /*  96: */ 0, 27, 28, 29, 30, 31, 32, 33,
+    /* 104: */ 34, 35, 36, 37, 38, 39, 40, 41,
+    /* 112: */ 42, 43, 44, 45, 46, 47, 48, 49,
+    /* 120: */ 50, 51, 52, 0, 0, 0, 0, 0,
+    /* 128: */ 0, 0, 0, 0, 0, 0, 0, 0
+    /* and rest are all zero as well */
+};
+
+#define B64_PAD '='
+
+/*
+ * Reads 4; writes 3 (known, or expected, to have no trailing padding).
+ * Returns bytes written; -1 on error (unexpected character).
+ */
+static int
+pl_base64_decode_4to3(const unsigned char *in, unsigned char *out)
+{
+    int j;
+    PRUint32 num = 0;
+    unsigned char bits;
+
+    for (j = 0; j < 4; j++) {
+        bits = base64_codetovaluep1[in[j]];
+        if (bits == 0)
+            return -1;
+        num = (num << 6) | (bits - 1);
+    }
+
+    out[0] = (unsigned char)(num >> 16);
+    out[1] = (unsigned char)((num >> 8) & 0xFF);
+    out[2] = (unsigned char)(num & 0xFF);
+
+    return 3;
+}
+
+/*
+ * Reads 3; writes 2 (caller already confirmed EOF or trailing padding).
+ * Returns bytes written; -1 on error (unexpected character).
+ */
+static int
+pl_base64_decode_3to2(const unsigned char *in, unsigned char *out)
+{
+    PRUint32 num = 0;
+    unsigned char bits1, bits2, bits3;
+
+    bits1 = base64_codetovaluep1[in[0]];
+    bits2 = base64_codetovaluep1[in[1]];
+    bits3 = base64_codetovaluep1[in[2]];
+
+    if ((bits1 == 0) || (bits2 == 0) || (bits3 == 0))
+        return -1;
+
+    num = ((PRUint32)(bits1 - 1)) << 10;
+    num |= ((PRUint32)(bits2 - 1)) << 4;
+    num |= ((PRUint32)(bits3 - 1)) >> 2;
+
+    out[0] = (unsigned char)(num >> 8);
+    out[1] = (unsigned char)(num & 0xFF);
+
+    return 2;
+}
+
+/*
+ * Reads 2; writes 1 (caller already confirmed EOF or trailing padding).
+ * Returns bytes written; -1 on error (unexpected character).
+ */
+static int
+pl_base64_decode_2to1(const unsigned char *in, unsigned char *out)
+{
+    PRUint32 num = 0;
+    unsigned char bits1, bits2;
+
+    bits1 = base64_codetovaluep1[in[0]];
+    bits2 = base64_codetovaluep1[in[1]];
+
+    if ((bits1 == 0) || (bits2 == 0))
+        return -1;
+
+    num = ((PRUint32)(bits1 - 1)) << 2;
+    num |= ((PRUint32)(bits2 - 1)) >> 4;
+
+    out[0] = (unsigned char)num;
+
+    return 1;
+}
+
+/*
+ * Reads 4; writes 0-3.  Returns bytes written or -1 on error.
+ * (Writes less than 3 only at (presumed) EOF.)
+ */
+static int
+pl_base64_decode_token(const unsigned char *in, unsigned char *out)
+{
+    if (in[3] != B64_PAD)
+        return pl_base64_decode_4to3(in, out);
+
+    if (in[2] == B64_PAD)
+        return pl_base64_decode_2to1(in, out);
+
+    return pl_base64_decode_3to2(in, out);
+}
+
+static PRStatus
+pl_base64_decode_buffer(PLBase64Decoder *data, const unsigned char *in,
+                        PRUint32 length)
+{
+    unsigned char *out = data->output_buffer;
+    unsigned char *token = data->token;
+    int i, n = 0;
+
+    i = data->token_size;
+    data->token_size = 0;
+
+    while (length > 0) {
+        while (i < 4 && length > 0) {
+            /*
+             * XXX Note that the following simply ignores any unexpected
+             * characters.  This is exactly what the original code in
+             * libmime did, and I am leaving it.  We certainly want to skip
+             * over whitespace (we must); this does much more than that.
+             * I am not confident changing it, and I don't want to slow
+             * the processing down doing more complicated checking, but
+             * someone else might have different ideas in the future.
+             */
+            if (base64_codetovaluep1[*in] > 0 || *in == B64_PAD)
+                token[i++] = *in;
+            in++;
+            length--;
+        }
+
+        if (i < 4) {
+            /* Didn't get enough for a complete token. */
+            data->token_size = i;
+            break;
+        }
+        i = 0;
+
+        PR_ASSERT((out - data->output_buffer + 3) <= data->output_buflen);
+
+        /*
+         * Assume we are not at the end; the following function only works
+         * for an internal token (no trailing padding characters) but is
+         * faster that way.  If it hits an invalid character (padding) it
+         * will return an error; we break out of the loop and try again
+         * calling the routine that will handle a final token.
+         * Note that we intentionally do it this way rather than explicitly
+         * add a check for padding here (because that would just slow down
+         * the normal case) nor do we rely on checking whether we have more
+         * input to process (because that would also slow it down but also
+         * because we want to allow trailing garbage, especially white space
+         * and cannot tell that without read-ahead, also a slow proposition).
+         * Whew.  Understand?
+         */
+        n = pl_base64_decode_4to3(token, out);
+        if (n < 0)
+            break;
+
+        /* Advance "out" by the number of bytes just written to it. */
+        out += n;
+        n = 0;
+    }
+
+    /*
+     * See big comment above, before call to pl_base64_decode_4to3.
+     * Here we check if we error'd out of loop, and allow for the case
+     * that we are processing the last interesting token.  If the routine
+     * which should handle padding characters also fails, then we just
+     * have bad input and give up.
+     */
+    if (n < 0) {
+        n = pl_base64_decode_token(token, out);
+        if (n < 0)
+            return PR_FAILURE;
+
+        out += n;
+    }
+
+    /*
+     * As explained above, we can get here with more input remaining, but
+     * it should be all characters we do not care about (i.e. would be
+     * ignored when transferring from "in" to "token" in loop above,
+     * except here we choose to ignore extraneous pad characters, too).
+     * Swallow it, performing that check.  If we find more characters that
+     * we would expect to decode, something is wrong.
+     */
+    while (length > 0) {
+        if (base64_codetovaluep1[*in] > 0)
+            return PR_FAILURE;
+        in++;
+        length--;
+    }
+
+    /* Record the length of decoded data we have left in output_buffer. */
+    data->output_length = (PRUint32)(out - data->output_buffer);
+    return PR_SUCCESS;
+}
+
+/*
+ * Flush any remaining buffered characters.  Given well-formed input,
+ * this will have nothing to do.  If the input was missing the padding
+ * characters at the end, though, there could be 1-3 characters left
+ * behind -- we will tolerate that by adding the padding for them.
+ */
+static PRStatus
+pl_base64_decode_flush(PLBase64Decoder *data)
+{
+    int count;
+
+    /*
+     * If no remaining characters, or all are padding (also not well-formed
+     * input, but again, be tolerant), then nothing more to do.  (And, that
+     * is considered successful.)
+     */
+    if (data->token_size == 0 || data->token[0] == B64_PAD)
+        return PR_SUCCESS;
+
+    /*
+     * Assume we have all the interesting input except for some expected
+     * padding characters.  Add them and decode the resulting token.
+     */
+    while (data->token_size < 4)
+        data->token[data->token_size++] = B64_PAD;
+
+    data->token_size = 0; /* so a subsequent flush call is a no-op */
+
+    count = pl_base64_decode_token(data->token,
+                                   data->output_buffer + data->output_length);
+    if (count < 0)
+        return PR_FAILURE;
+
+    /*
+     * If there is an output function, call it with this last bit of data.
+     * Otherwise we are doing all buffered output, and the decoded bytes
+     * are now there, we just need to reflect that in the length.
+     */
+    if (data->output_fn != NULL) {
+        PRInt32 output_result;
+
+        PR_ASSERT(data->output_length == 0);
+        output_result = data->output_fn(data->output_arg,
+                                        data->output_buffer,
+                                        (PRInt32)count);
+        if (output_result < 0)
+            return PR_FAILURE;
+    } else {
+        data->output_length += count;
+    }
+
+    return PR_SUCCESS;
+}
+
+/*
+ * The maximum space needed to hold the output of the decoder given
+ * input data of length "size".
+ */
+static PRUint32
+PL_Base64MaxDecodedLength(PRUint32 size)
+{
+    return size * 0.75;
+}
+
+/*
+ * A distinct internal creation function for the buffer version to use.
+ * (It does not want to specify an output_fn, and we want the normal
+ * Create function to require that.)  If more common initialization
+ * of the decoding context needs to be done, it should be done *here*.
+ */
+static PLBase64Decoder *
+pl_base64_create_decoder(void)
+{
+    return PR_NEWZAP(PLBase64Decoder);
+}
+
+/*
+ * Function to start a base64 decoding context.
+ * An "output_fn" is required; the "output_arg" parameter to that is optional.
+ */
+static PLBase64Decoder *
+PL_CreateBase64Decoder(PRInt32 (*output_fn)(void *, const unsigned char *,
+                                            PRInt32),
+                       void *output_arg)
+{
+    PLBase64Decoder *data;
+
+    if (output_fn == NULL) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+
+    data = pl_base64_create_decoder();
+    if (data != NULL) {
+        data->output_fn = output_fn;
+        data->output_arg = output_arg;
+    }
+    return data;
+}
+
+/*
+ * Push data through the decoder, causing the output_fn (provided to Create)
+ * to be called with the decoded data.
+ */
+static PRStatus
+PL_UpdateBase64Decoder(PLBase64Decoder *data, const char *buffer,
+                       PRUint32 size)
+{
+    PRUint32 need_length;
+    PRStatus status;
+
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL || buffer == NULL || size == 0) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return PR_FAILURE;
+    }
+
+    /*
+     * How much space could this update need for decoding?
+     */
+    need_length = PL_Base64MaxDecodedLength(size + data->token_size);
+
+    /*
+     * Make sure we have at least that much.  If not, (re-)allocate.
+     */
+    if (need_length > data->output_buflen) {
+        unsigned char *output_buffer = data->output_buffer;
+
+        if (output_buffer != NULL)
+            output_buffer = (unsigned char *)PR_Realloc(output_buffer,
+                                                        need_length);
+        else
+            output_buffer = (unsigned char *)PR_Malloc(need_length);
+
+        if (output_buffer == NULL)
+            return PR_FAILURE;
+
+        data->output_buffer = output_buffer;
+        data->output_buflen = need_length;
+    }
+
+    /* There should not have been any leftover output data in the buffer. */
+    PR_ASSERT(data->output_length == 0);
+    data->output_length = 0;
+
+    status = pl_base64_decode_buffer(data, (const unsigned char *)buffer,
+                                     size);
+
+    /* Now that we have some decoded data, write it. */
+    if (status == PR_SUCCESS && data->output_length > 0) {
+        PRInt32 output_result;
+
+        PR_ASSERT(data->output_fn != NULL);
+        output_result = data->output_fn(data->output_arg,
+                                        data->output_buffer,
+                                        (PRInt32)data->output_length);
+        if (output_result < 0)
+            status = PR_FAILURE;
+    }
+
+    data->output_length = 0;
+    return status;
+}
+
+/*
+ * When you're done decoding, call this to free the data.  If "abort_p"
+ * is false, then calling this may cause the output_fn to be called
+ * one last time (as the last buffered data is flushed out).
+ */
+static PRStatus
+PL_DestroyBase64Decoder(PLBase64Decoder *data, PRBool abort_p)
+{
+    PRStatus status = PR_SUCCESS;
+
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return PR_FAILURE;
+    }
+
+    /* Flush out the last few buffered characters. */
+    if (!abort_p)
+        status = pl_base64_decode_flush(data);
+
+    if (data->output_buffer != NULL)
+        PR_Free(data->output_buffer);
+    PR_Free(data);
+
+    return status;
+}
+
+/*
+ * Perform base64 decoding from an input buffer to an output buffer.
+ * The output buffer can be provided (as "dest"); you can also pass in
+ * a NULL and this function will allocate a buffer large enough for you,
+ * and return it.  If you do provide the output buffer, you must also
+ * provide the maximum length of that buffer (as "maxdestlen").
+ * The actual decoded length of output will be returned to you in
+ * "output_destlen".
+ *
+ * Return value is NULL on error, the output buffer (allocated or provided)
+ * otherwise.
+ */
+static unsigned char *
+PL_Base64DecodeBuffer(const char *src, PRUint32 srclen, unsigned char *dest,
+                      PRUint32 maxdestlen, PRUint32 *output_destlen)
+{
+    PRUint32 need_length;
+    unsigned char *output_buffer = NULL;
+    PLBase64Decoder *data = NULL;
+    PRStatus status;
+
+    PR_ASSERT(srclen > 0);
+    if (srclen == 0) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+
+    /*
+     * How much space could we possibly need for decoding this input?
+     */
+    need_length = PL_Base64MaxDecodedLength(srclen);
+
+    /*
+     * Make sure we have at least that much, if output buffer provided.
+     * If no output buffer provided, then we allocate that much.
+     */
+    if (dest != NULL) {
+        PR_ASSERT(maxdestlen >= need_length);
+        if (maxdestlen < need_length) {
+            PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+            goto loser;
+        }
+        output_buffer = dest;
+    } else {
+        output_buffer = (unsigned char *)PR_Malloc(need_length);
+        if (output_buffer == NULL)
+            goto loser;
+        maxdestlen = need_length;
+    }
+
+    data = pl_base64_create_decoder();
+    if (data == NULL)
+        goto loser;
+
+    data->output_buflen = maxdestlen;
+    data->output_buffer = output_buffer;
+
+    status = pl_base64_decode_buffer(data, (const unsigned char *)src,
+                                     srclen);
+
+    /*
+     * We do not wait for Destroy to flush, because Destroy will also
+     * get rid of our decoder context, which we need to look at first!
+     */
+    if (status == PR_SUCCESS)
+        status = pl_base64_decode_flush(data);
+
+    /* Must clear this or Destroy will free it. */
+    data->output_buffer = NULL;
+
+    if (status == PR_SUCCESS) {
+        *output_destlen = data->output_length;
+        status = PL_DestroyBase64Decoder(data, PR_FALSE);
+        data = NULL;
+        if (status == PR_FAILURE)
+            goto loser;
+        return output_buffer;
+    }
+
+loser:
+    if (dest == NULL && output_buffer != NULL)
+        PR_Free(output_buffer);
+    if (data != NULL)
+        (void)PL_DestroyBase64Decoder(data, PR_TRUE);
+    return NULL;
+}
+
+/*
+ * XXX End of base64 decoding code to be moved into NSPR.
+ ********************************************************
+ */
+
+/*
+ * This is the beginning of the NSS cover functions.  These will
+ * provide the interface we want to expose as NSS-ish.  For example,
+ * they will operate on our Items, do any special handling or checking
+ * we want to do, etc.
+ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * A boring cover structure for now.  Perhaps someday it will include
+ * some more interesting fields.
+ */
+struct NSSBase64DecoderStr {
+    PLBase64Decoder *pl_data;
+};
+
+PR_END_EXTERN_C
+
+/*
+ * Function to start a base64 decoding context.
+ */
+NSSBase64Decoder *
+NSSBase64Decoder_Create(PRInt32 (*output_fn)(void *, const unsigned char *,
+                                             PRInt32),
+                        void *output_arg)
+{
+    PLBase64Decoder *pl_data;
+    NSSBase64Decoder *nss_data;
+
+    nss_data = PORT_ZNew(NSSBase64Decoder);
+    if (nss_data == NULL)
+        return NULL;
+
+    pl_data = PL_CreateBase64Decoder(output_fn, output_arg);
+    if (pl_data == NULL) {
+        PORT_Free(nss_data);
+        return NULL;
+    }
+
+    nss_data->pl_data = pl_data;
+    return nss_data;
+}
+
+/*
+ * Push data through the decoder, causing the output_fn (provided to Create)
+ * to be called with the decoded data.
+ */
+SECStatus
+NSSBase64Decoder_Update(NSSBase64Decoder *data, const char *buffer,
+                        PRUint32 size)
+{
+    PRStatus pr_status;
+
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    pr_status = PL_UpdateBase64Decoder(data->pl_data, buffer, size);
+    if (pr_status == PR_FAILURE)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/*
+ * When you're done decoding, call this to free the data.  If "abort_p"
+ * is false, then calling this may cause the output_fn to be called
+ * one last time (as the last buffered data is flushed out).
+ */
+SECStatus
+NSSBase64Decoder_Destroy(NSSBase64Decoder *data, PRBool abort_p)
+{
+    PRStatus pr_status;
+
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    pr_status = PL_DestroyBase64Decoder(data->pl_data, abort_p);
+
+    PORT_Free(data);
+
+    if (pr_status == PR_FAILURE)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/*
+ * Perform base64 decoding from an ascii string "inStr" to an Item.
+ * The length of the input must be provided as "inLen".  The Item
+ * may be provided (as "outItemOpt"); you can also pass in a NULL
+ * and the Item will be allocated for you.
+ *
+ * In any case, the data within the Item will be allocated for you.
+ * All allocation will happen out of the passed-in "arenaOpt", if non-NULL.
+ * If "arenaOpt" is NULL, standard allocation (heap) will be used and
+ * you will want to free the result via SECITEM_FreeItem.
+ *
+ * Return value is NULL on error, the Item (allocated or provided) otherwise.
+ */
+SECItem *
+NSSBase64_DecodeBuffer(PLArenaPool *arenaOpt, SECItem *outItemOpt,
+                       const char *inStr, unsigned int inLen)
+{
+    SECItem *out_item = NULL;
+    PRUint32 max_out_len = 0;
+    void *mark = NULL;
+    unsigned char *dummy = NULL;
+
+    if ((outItemOpt != NULL && outItemOpt->data != NULL) || inLen == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (arenaOpt != NULL)
+        mark = PORT_ArenaMark(arenaOpt);
+
+    max_out_len = PL_Base64MaxDecodedLength(inLen);
+    if (max_out_len == 0) {
+        goto loser;
+    }
+    out_item = SECITEM_AllocItem(arenaOpt, outItemOpt, max_out_len);
+    if (out_item == NULL) {
+        goto loser;
+    }
+
+    dummy = PL_Base64DecodeBuffer(inStr, inLen, out_item->data,
+                                  max_out_len, &out_item->len);
+    if (dummy == NULL) {
+        goto loser;
+    }
+    if (arenaOpt != NULL) {
+        PORT_ArenaUnmark(arenaOpt, mark);
+    }
+    return out_item;
+
+loser:
+    if (arenaOpt != NULL) {
+        PORT_ArenaRelease(arenaOpt, mark);
+        if (outItemOpt != NULL) {
+            outItemOpt->data = NULL;
+            outItemOpt->len = 0;
+        }
+    } else if (dummy == NULL) {
+        SECITEM_FreeItem(out_item, (PRBool)(outItemOpt == NULL));
+    }
+    return NULL;
+}
+
+/*
+ * XXX Everything below is deprecated.  If you add new stuff, put it
+ * *above*, not below.
+ */
+
+/*
+ * XXX The following "ATOB" functions are provided for backward compatibility
+ * with current code.  They should be considered strongly deprecated.
+ * When we can convert all our code over to using the new NSSBase64Decoder_
+ * functions defined above, we should get rid of these altogether.  (Remove
+ * protoypes from base64.h as well -- actually, remove that file completely).
+ * If someone thinks either of these functions provides such a very useful
+ * interface (though, as shown, the same functionality can already be
+ * obtained by calling NSSBase64_DecodeBuffer directly), fine -- but then
+ * that API should be provided with a nice new NSSFoo name and using
+ * appropriate types, etc.
+ */
+
+#include "base64.h"
+
+/*
+** Return an PORT_Alloc'd string which is the base64 decoded version
+** of the input string; set *lenp to the length of the returned data.
+*/
+unsigned char *
+ATOB_AsciiToData(const char *string, unsigned int *lenp)
+{
+    SECItem binary_item, *dummy;
+
+    binary_item.data = NULL;
+    binary_item.len = 0;
+
+    dummy = NSSBase64_DecodeBuffer(NULL, &binary_item, string,
+                                   (PRUint32)PORT_Strlen(string));
+    if (dummy == NULL)
+        return NULL;
+
+    PORT_Assert(dummy == &binary_item);
+
+    *lenp = dummy->len;
+    return dummy->data;
+}
+
+/*
+** Convert from ascii to binary encoding of an item.
+*/
+SECStatus
+ATOB_ConvertAsciiToItem(SECItem *binary_item, const char *ascii)
+{
+    SECItem *dummy;
+
+    if (binary_item == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /*
+     * XXX Would prefer to assert here if data is non-null (actually,
+     * don't need to, just let NSSBase64_DecodeBuffer do it), so as to
+     * to catch unintended memory leaks, but callers are not clean in
+     * this respect so we need to explicitly clear here to avoid the
+     * assert in NSSBase64_DecodeBuffer.
+     */
+    binary_item->data = NULL;
+    binary_item->len = 0;
+
+    dummy = NSSBase64_DecodeBuffer(NULL, binary_item, ascii,
+                                   (PRUint32)PORT_Strlen(ascii));
+
+    if (dummy == NULL)
+        return SECFailure;
+
+    return SECSuccess;
+}
diff --git a/nss/lib/util/nssb64e.c b/nss/lib/util/nssb64e.c
new file mode 100644
index 0000000..18b01dd
--- /dev/null
+++ b/nss/lib/util/nssb64e.c
@@ -0,0 +1,734 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Base64 encoding (binary to ascii).
+ */
+
+#include "nssb64.h"
+#include "nspr.h"
+#include "secitem.h"
+#include "secerr.h"
+
+/*
+ * XXX See the big comment at the top of nssb64d.c about moving the
+ * bulk of this code over into NSPR (the PL part).  It all applies
+ * here but I didn't want to duplicate it, to avoid divergence problems.
+ */
+
+/*
+ **************************************************************
+ * XXX Beginning of base64 encoding code to be moved into NSPR.
+ */
+
+struct PLBase64EncodeStateStr {
+    unsigned chunks;
+    unsigned saved;
+    unsigned char buf[3];
+};
+
+/*
+ * This typedef would belong in the NSPR header file (i.e. plbase64.h).
+ */
+typedef struct PLBase64EncoderStr PLBase64Encoder;
+
+/*
+ * The following implementation of base64 encoding was based on code
+ * found in libmime (specifically, in mimeenc.c).  It has been adapted to
+ * use PR types and naming as well as to provide other necessary semantics
+ * (like buffer-in/buffer-out in addition to "streaming" without undue
+ * performance hit of extra copying if you made the buffer versions
+ * use the output_fn).  It also incorporates some aspects of the current
+ * NSPR base64 encoding code.  As such, you may find similarities to
+ * both of those implementations.  I tried to use names that reflected
+ * the original code when possible.  For this reason you may find some
+ * inconsistencies -- libmime used lots of "in" and "out" whereas the
+ * NSPR version uses "src" and "dest"; sometimes I changed one to the other
+ * and sometimes I left them when I thought the subroutines were at least
+ * self-consistent.
+ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * Opaque object used by the encoder to store state.
+ */
+struct PLBase64EncoderStr {
+    /*
+     * The one or two bytes pending.  (We need 3 to create a "token",
+     * and hold the leftovers here.  in_buffer_count is *only* ever
+     * 0, 1, or 2.
+     */
+    unsigned char in_buffer[2];
+    int in_buffer_count;
+
+    /*
+     * If the caller wants linebreaks added, line_length specifies
+     * where they come out.  It must be a multiple of 4; if the caller
+     * provides one that isn't, we round it down to the nearest
+     * multiple of 4.
+     *
+     * The value of current_column counts how many characters have been
+     * added since the last linebreaks (or since the beginning, on the
+     * first line).  It is also always a multiple of 4; it is unused when
+     * line_length is 0.
+     */
+    PRUint32 line_length;
+    PRUint32 current_column;
+
+    /*
+     * Where to write the encoded data (used when streaming, not when
+     * doing all in-memory (buffer) operations).
+     *
+     * Note that this definition is chosen to be compatible with PR_Write.
+     */
+    PRInt32 (*output_fn)(void *output_arg, const char *buf, PRInt32 size);
+    void *output_arg;
+
+    /*
+     * Where the encoded output goes -- either temporarily (in the streaming
+     * case, staged here before it goes to the output function) or what will
+     * be the entire buffered result for users of the buffer version.
+     */
+    char *output_buffer;
+    PRUint32 output_buflen; /* the total length of allocated buffer */
+    PRUint32 output_length; /* the length that is currently populated */
+};
+
+PR_END_EXTERN_C
+
+/*
+ * Table to convert a binary value to its corresponding ascii "code".
+ */
+static unsigned char base64_valuetocode[64] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+#define B64_PAD '='
+#define B64_CR '\r'
+#define B64_LF '\n'
+
+static PRStatus
+pl_base64_encode_buffer(PLBase64Encoder *data, const unsigned char *in,
+                        PRUint32 size)
+{
+    const unsigned char *end = in + size;
+    char *out = data->output_buffer + data->output_length;
+    unsigned int i = data->in_buffer_count;
+    PRUint32 n = 0;
+    int off;
+    PRUint32 output_threshold;
+
+    /* If this input buffer is too small, wait until next time. */
+    if (size < (3 - i)) {
+        data->in_buffer[i++] = in[0];
+        if (size > 1)
+            data->in_buffer[i++] = in[1];
+        PR_ASSERT(i < 3);
+        data->in_buffer_count = i;
+        return PR_SUCCESS;
+    }
+
+    /* If there are bytes that were put back last time, take them now. */
+    if (i > 0) {
+        n = data->in_buffer[0];
+        if (i > 1)
+            n = (n << 8) | data->in_buffer[1];
+        data->in_buffer_count = 0;
+    }
+
+    /* If our total is not a multiple of three, put one or two bytes back. */
+    off = (size + i) % 3;
+    if (off > 0) {
+        size -= off;
+        data->in_buffer[0] = in[size];
+        if (off > 1)
+            data->in_buffer[1] = in[size + 1];
+        data->in_buffer_count = off;
+        end -= off;
+    }
+
+    output_threshold = data->output_buflen - 3;
+
+    /*
+     * Populate the output buffer with base64 data, one line (or buffer)
+     * at a time.
+     */
+    while (in < end) {
+        int j, k;
+
+        while (i < 3) {
+            n = (n << 8) | *in++;
+            i++;
+        }
+        i = 0;
+
+        if (data->line_length > 0) {
+            if (data->current_column >= data->line_length) {
+                data->current_column = 0;
+                *out++ = B64_CR;
+                *out++ = B64_LF;
+                data->output_length += 2;
+            }
+            data->current_column += 4; /* the bytes we are about to add */
+        }
+
+        for (j = 18; j >= 0; j -= 6) {
+            k = (n >> j) & 0x3F;
+            *out++ = base64_valuetocode[k];
+        }
+        n = 0;
+        data->output_length += 4;
+
+        if (data->output_length >= output_threshold) {
+            PR_ASSERT(data->output_length <= data->output_buflen);
+            if (data->output_fn != NULL) {
+                PRInt32 output_result;
+
+                output_result = data->output_fn(data->output_arg,
+                                                data->output_buffer,
+                                                (PRInt32)data->output_length);
+                if (output_result < 0)
+                    return PR_FAILURE;
+
+                out = data->output_buffer;
+                data->output_length = 0;
+            } else {
+                /*
+                 * Check that we are about to exit the loop.  (Since we
+                 * are over the threshold, there isn't enough room in the
+                 * output buffer for another trip around.)
+                 */
+                PR_ASSERT(in == end);
+                if (in < end) {
+                    PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+                    return PR_FAILURE;
+                }
+            }
+        }
+    }
+
+    return PR_SUCCESS;
+}
+
+static PRStatus
+pl_base64_encode_flush(PLBase64Encoder *data)
+{
+    int i = data->in_buffer_count;
+
+    if (i == 0 && data->output_length == 0)
+        return PR_SUCCESS;
+
+    if (i > 0) {
+        char *out = data->output_buffer + data->output_length;
+        PRUint32 n;
+        int j, k;
+
+        n = ((PRUint32)data->in_buffer[0]) << 16;
+        if (i > 1)
+            n |= ((PRUint32)data->in_buffer[1] << 8);
+
+        data->in_buffer_count = 0;
+
+        if (data->line_length > 0) {
+            if (data->current_column >= data->line_length) {
+                data->current_column = 0;
+                *out++ = B64_CR;
+                *out++ = B64_LF;
+                data->output_length += 2;
+            }
+        }
+
+        /*
+         * This will fill in more than we really have data for, but the
+         * valid parts will end up in the correct position and the extras
+         * will be over-written with pad characters below.
+         */
+        for (j = 18; j >= 0; j -= 6) {
+            k = (n >> j) & 0x3F;
+            *out++ = base64_valuetocode[k];
+        }
+
+        /* Pad with equal-signs. */
+        if (i == 1)
+            out[-2] = B64_PAD;
+        out[-1] = B64_PAD;
+
+        data->output_length += 4;
+    }
+
+    if (data->output_fn != NULL) {
+        PRInt32 output_result;
+
+        output_result = data->output_fn(data->output_arg, data->output_buffer,
+                                        (PRInt32)data->output_length);
+        data->output_length = 0;
+
+        if (output_result < 0)
+            return PR_FAILURE;
+    }
+
+    return PR_SUCCESS;
+}
+
+/*
+ * The maximum space needed to hold the output of the encoder given input
+ * data of length "size", and allowing for CRLF added at least every
+ * line_length bytes (we will add it at nearest lower multiple of 4).
+ * There is no trailing CRLF.
+ */
+static PRUint32
+PL_Base64MaxEncodedLength(PRUint32 size, PRUint32 line_length)
+{
+    PRUint32 tokens, tokens_per_line, full_lines, line_break_chars, remainder;
+
+    /* This is the maximum length we support. */
+    if (size > 0x3fffffff) {
+        return 0;
+    }
+
+    tokens = (size + 2) / 3;
+
+    if (line_length == 0) {
+        return tokens * 4;
+    }
+
+    if (line_length < 4) { /* too small! */
+        line_length = 4;
+    }
+
+    tokens_per_line = line_length / 4;
+    full_lines = tokens / tokens_per_line;
+    remainder = (tokens - (full_lines * tokens_per_line)) * 4;
+    line_break_chars = full_lines * 2;
+    if (remainder == 0) {
+        line_break_chars -= 2;
+    }
+
+    return (full_lines * tokens_per_line * 4) + line_break_chars + remainder;
+}
+
+/*
+ * A distinct internal creation function for the buffer version to use.
+ * (It does not want to specify an output_fn, and we want the normal
+ * Create function to require that.)  All common initialization of the
+ * encoding context should be done *here*.
+ *
+ * Save "line_length", rounded down to nearest multiple of 4 (if not
+ * already even multiple).  Allocate output_buffer, if not provided --
+ * based on given size if specified, otherwise based on line_length.
+ */
+static PLBase64Encoder *
+pl_base64_create_encoder(PRUint32 line_length, char *output_buffer,
+                         PRUint32 output_buflen)
+{
+    PLBase64Encoder *data;
+    PRUint32 line_tokens;
+
+    data = PR_NEWZAP(PLBase64Encoder);
+    if (data == NULL)
+        return NULL;
+
+    if (line_length > 0 && line_length < 4) /* too small! */
+        line_length = 4;
+
+    line_tokens = line_length / 4;
+    data->line_length = line_tokens * 4;
+
+    if (output_buffer == NULL) {
+        if (output_buflen == 0) {
+            if (data->line_length > 0) /* need to include room for CRLF */
+                output_buflen = data->line_length + 2;
+            else
+                output_buflen = 64; /* XXX what is a good size? */
+        }
+
+        output_buffer = (char *)PR_Malloc(output_buflen);
+        if (output_buffer == NULL) {
+            PR_Free(data);
+            return NULL;
+        }
+    }
+
+    data->output_buffer = output_buffer;
+    data->output_buflen = output_buflen;
+    return data;
+}
+
+/*
+ * Function to start a base64 encoding context.
+ * An "output_fn" is required; the "output_arg" parameter to that is optional.
+ * If linebreaks in the encoded output are desired, "line_length" specifies
+ * where to place them -- it will be rounded down to the nearest multiple of 4
+ * (if it is not already an even multiple of 4).  If it is zero, no linebreaks
+ * will be added.  (FYI, a linebreak is CRLF -- two characters.)
+ */
+static PLBase64Encoder *
+PL_CreateBase64Encoder(PRInt32 (*output_fn)(void *, const char *, PRInt32),
+                       void *output_arg, PRUint32 line_length)
+{
+    PLBase64Encoder *data;
+
+    if (output_fn == NULL) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+
+    data = pl_base64_create_encoder(line_length, NULL, 0);
+    if (data == NULL)
+        return NULL;
+
+    data->output_fn = output_fn;
+    data->output_arg = output_arg;
+
+    return data;
+}
+
+/*
+ * Push data through the encoder, causing the output_fn (provided to Create)
+ * to be called with the encoded data.
+ */
+static PRStatus
+PL_UpdateBase64Encoder(PLBase64Encoder *data, const unsigned char *buffer,
+                       PRUint32 size)
+{
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL || buffer == NULL || size == 0) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return PR_FAILURE;
+    }
+
+    return pl_base64_encode_buffer(data, buffer, size);
+}
+
+/*
+ * When you're done encoding, call this to free the data.  If "abort_p"
+ * is false, then calling this may cause the output_fn to be called
+ * one last time (as the last buffered data is flushed out).
+ */
+static PRStatus
+PL_DestroyBase64Encoder(PLBase64Encoder *data, PRBool abort_p)
+{
+    PRStatus status = PR_SUCCESS;
+
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return PR_FAILURE;
+    }
+
+    /* Flush out the last few buffered characters. */
+    if (!abort_p)
+        status = pl_base64_encode_flush(data);
+
+    if (data->output_buffer != NULL)
+        PR_Free(data->output_buffer);
+    PR_Free(data);
+
+    return status;
+}
+
+/*
+ * Perform base64 encoding from an input buffer to an output buffer.
+ * The output buffer can be provided (as "dest"); you can also pass in
+ * a NULL and this function will allocate a buffer large enough for you,
+ * and return it.  If you do provide the output buffer, you must also
+ * provide the maximum length of that buffer (as "maxdestlen").
+ * The actual encoded length of output will be returned to you in
+ * "output_destlen".
+ *
+ * If linebreaks in the encoded output are desired, "line_length" specifies
+ * where to place them -- it will be rounded down to the nearest multiple of 4
+ * (if it is not already an even multiple of 4).  If it is zero, no linebreaks
+ * will be added.  (FYI, a linebreak is CRLF -- two characters.)
+ *
+ * Return value is NULL on error, the output buffer (allocated or provided)
+ * otherwise.
+ */
+static char *
+PL_Base64EncodeBuffer(const unsigned char *src, PRUint32 srclen,
+                      PRUint32 line_length, char *dest, PRUint32 maxdestlen,
+                      PRUint32 *output_destlen)
+{
+    PRUint32 need_length;
+    PLBase64Encoder *data = NULL;
+    PRStatus status;
+
+    PR_ASSERT(srclen > 0);
+    if (srclen == 0) {
+        return dest;
+    }
+
+    /*
+     * How much space could we possibly need for encoding this input?
+     */
+    need_length = PL_Base64MaxEncodedLength(srclen, line_length);
+    if (need_length == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    /*
+     * Make sure we have at least that much, if output buffer provided.
+     */
+    if (dest != NULL) {
+        PR_ASSERT(maxdestlen >= need_length);
+        if (maxdestlen < need_length) {
+            PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
+            return NULL;
+        }
+    } else {
+        maxdestlen = need_length;
+    }
+
+    data = pl_base64_create_encoder(line_length, dest, maxdestlen);
+    if (data == NULL)
+        return NULL;
+
+    status = pl_base64_encode_buffer(data, src, srclen);
+
+    /*
+     * We do not wait for Destroy to flush, because Destroy will also
+     * get rid of our encoder context, which we need to look at first!
+     */
+    if (status == PR_SUCCESS)
+        status = pl_base64_encode_flush(data);
+
+    if (status != PR_SUCCESS) {
+        (void)PL_DestroyBase64Encoder(data, PR_TRUE);
+        return NULL;
+    }
+
+    dest = data->output_buffer;
+
+    /* Must clear this or Destroy will free it. */
+    data->output_buffer = NULL;
+
+    *output_destlen = data->output_length;
+    status = PL_DestroyBase64Encoder(data, PR_FALSE);
+    if (status == PR_FAILURE) {
+        PR_Free(dest);
+        return NULL;
+    }
+
+    return dest;
+}
+
+/*
+ * XXX End of base64 encoding code to be moved into NSPR.
+ ********************************************************
+ */
+
+/*
+ * This is the beginning of the NSS cover functions.  These will
+ * provide the interface we want to expose as NSS-ish.  For example,
+ * they will operate on our Items, do any special handling or checking
+ * we want to do, etc.
+ */
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * A boring cover structure for now.  Perhaps someday it will include
+ * some more interesting fields.
+ */
+struct NSSBase64EncoderStr {
+    PLBase64Encoder *pl_data;
+};
+
+PR_END_EXTERN_C
+
+/*
+ * Function to start a base64 encoding context.
+ */
+NSSBase64Encoder *
+NSSBase64Encoder_Create(PRInt32 (*output_fn)(void *, const char *, PRInt32),
+                        void *output_arg)
+{
+    PLBase64Encoder *pl_data;
+    NSSBase64Encoder *nss_data;
+
+    nss_data = PORT_ZNew(NSSBase64Encoder);
+    if (nss_data == NULL)
+        return NULL;
+
+    pl_data = PL_CreateBase64Encoder(output_fn, output_arg, 64);
+    if (pl_data == NULL) {
+        PORT_Free(nss_data);
+        return NULL;
+    }
+
+    nss_data->pl_data = pl_data;
+    return nss_data;
+}
+
+/*
+ * Push data through the encoder, causing the output_fn (provided to Create)
+ * to be called with the encoded data.
+ */
+SECStatus
+NSSBase64Encoder_Update(NSSBase64Encoder *data, const unsigned char *buffer,
+                        PRUint32 size)
+{
+    PRStatus pr_status;
+
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    pr_status = PL_UpdateBase64Encoder(data->pl_data, buffer, size);
+    if (pr_status == PR_FAILURE)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/*
+ * When you're done encoding, call this to free the data.  If "abort_p"
+ * is false, then calling this may cause the output_fn to be called
+ * one last time (as the last buffered data is flushed out).
+ */
+SECStatus
+NSSBase64Encoder_Destroy(NSSBase64Encoder *data, PRBool abort_p)
+{
+    PRStatus pr_status;
+
+    /* XXX Should we do argument checking only in debug build? */
+    if (data == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    pr_status = PL_DestroyBase64Encoder(data->pl_data, abort_p);
+
+    PORT_Free(data);
+
+    if (pr_status == PR_FAILURE)
+        return SECFailure;
+
+    return SECSuccess;
+}
+
+/*
+ * Perform base64 encoding of binary data "inItem" to an ascii string.
+ * The output buffer may be provided (as "outStrOpt"); you can also pass
+ * in a NULL and the buffer will be allocated for you.  The result will
+ * be null-terminated, and if the buffer is provided, "maxOutLen" must
+ * specify the maximum length of the buffer and will be checked to
+ * supply sufficient space space for the encoded result.  (If "outStrOpt"
+ * is NULL, "maxOutLen" is ignored.)
+ *
+ * If "outStrOpt" is NULL, allocation will happen out of the passed-in
+ * "arenaOpt", if *it* is non-NULL, otherwise standard allocation (heap)
+ * will be used.
+ *
+ * Return value is NULL on error, the output buffer (allocated or provided)
+ * otherwise.
+ */
+char *
+NSSBase64_EncodeItem(PLArenaPool *arenaOpt, char *outStrOpt,
+                     unsigned int maxOutLen, SECItem *inItem)
+{
+    char *out_string = outStrOpt;
+    PRUint32 max_out_len;
+    PRUint32 out_len = 0;
+    void *mark = NULL;
+    char *dummy;
+
+    PORT_Assert(inItem != NULL && inItem->data != NULL && inItem->len != 0);
+    if (inItem == NULL || inItem->data == NULL || inItem->len == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    max_out_len = PL_Base64MaxEncodedLength(inItem->len, 64);
+    if (max_out_len == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (arenaOpt != NULL)
+        mark = PORT_ArenaMark(arenaOpt);
+
+    if (out_string == NULL) {
+        if (arenaOpt != NULL)
+            out_string = PORT_ArenaAlloc(arenaOpt, max_out_len + 1);
+        else
+            out_string = PORT_Alloc(max_out_len + 1);
+
+        if (out_string == NULL) {
+            if (arenaOpt != NULL)
+                PORT_ArenaRelease(arenaOpt, mark);
+            return NULL;
+        }
+    } else {
+        if ((max_out_len + 1) > maxOutLen) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            return NULL;
+        }
+        max_out_len = maxOutLen;
+    }
+
+    dummy = PL_Base64EncodeBuffer(inItem->data, inItem->len, 64,
+                                  out_string, max_out_len, &out_len);
+    if (dummy == NULL) {
+        if (arenaOpt != NULL) {
+            PORT_ArenaRelease(arenaOpt, mark);
+        } else {
+            PORT_Free(out_string);
+        }
+        return NULL;
+    }
+
+    if (arenaOpt != NULL)
+        PORT_ArenaUnmark(arenaOpt, mark);
+
+    out_string[out_len] = '\0';
+    return out_string;
+}
+
+/*
+ * XXX Everything below is deprecated.  If you add new stuff, put it
+ * *above*, not below.
+ */
+
+/*
+ * XXX The following "BTOA" functions are provided for backward compatibility
+ * with current code.  They should be considered strongly deprecated.
+ * When we can convert all our code over to using the new NSSBase64Encoder_
+ * functions defined above, we should get rid of these altogether.  (Remove
+ * protoypes from base64.h as well -- actually, remove that file completely).
+ * If someone thinks either of these functions provides such a very useful
+ * interface (though, as shown, the same functionality can already be
+ * obtained by calling NSSBase64_EncodeItem directly), fine -- but then
+ * that API should be provided with a nice new NSSFoo name and using
+ * appropriate types, etc.
+ */
+
+#include "base64.h"
+
+/*
+** Return an PORT_Alloc'd ascii string which is the base64 encoded
+** version of the input string.
+*/
+char *
+BTOA_DataToAscii(const unsigned char *data, unsigned int len)
+{
+    SECItem binary_item;
+
+    binary_item.data = (unsigned char *)data;
+    binary_item.len = len;
+
+    return NSSBase64_EncodeItem(NULL, NULL, 0, &binary_item);
+}
+
+/*
+** Convert from binary encoding of an item to ascii.
+*/
+char *
+BTOA_ConvertItemToAscii(SECItem *binary_item)
+{
+    return NSSBase64_EncodeItem(NULL, NULL, 0, binary_item);
+}
diff --git a/nss/lib/util/nssb64t.h b/nss/lib/util/nssb64t.h
new file mode 100644
index 0000000..75e7877
--- /dev/null
+++ b/nss/lib/util/nssb64t.h
@@ -0,0 +1,15 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Public data structures for base64 encoding/decoding.
+ */
+#ifndef _NSSB64T_H_
+#define _NSSB64T_H_
+
+#include "utilrename.h"
+typedef struct NSSBase64DecoderStr NSSBase64Decoder;
+typedef struct NSSBase64EncoderStr NSSBase64Encoder;
+
+#endif /* _NSSB64T_H_ */
diff --git a/nss/lib/util/nssilckt.h b/nss/lib/util/nssilckt.h
new file mode 100644
index 0000000..417f96f
--- /dev/null
+++ b/nss/lib/util/nssilckt.h
@@ -0,0 +1,191 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** nssilock.h - Instrumented locking functions for NSS
+**
+** Description:
+**    nssilock provides instrumentation for locks and monitors in
+**    the NSS libraries. The instrumentation, when enabled, causes
+**    each call to the instrumented function to record data about
+**    the call to an external file. The external file
+**    subsequently used to extract performance data and other
+**    statistical information about the operation of locks used in
+**    the nss library.
+**
+**    To enable compilation with instrumentation, build NSS with
+**    the compile time switch NEED_NSS_ILOCK defined.
+**
+**    say:  "gmake OS_CFLAGS+=-DNEED_NSS_ILOCK" at make time.
+**
+**    At runtime, to enable recording from nssilock, one or more
+**    environment variables must be set. For each nssILockType to
+**    be recorded, an environment variable of the form NSS_ILOCK_x
+**    must be set to 1. For example:
+**
+**       set NSS_ILOCK_Cert=1
+**
+**    nssilock uses PRLOG is used to record to trace data. The
+**    PRLogModule name associated with nssilock data is: "nssilock".
+**    To enable recording of nssilock data you will need to set the
+**    environment variable NSPR_LOG_MODULES to enable
+**    recording for the nssilock log module. Similarly, you will
+**    need to set the environment variable NSPR_LOG_FILE to specify
+**    the filename to receive the recorded data. See prlog.h for usage.
+**    Example:
+**
+**        export NSPR_LOG_MODULES=nssilock:6
+**        export NSPR_LOG_FILE=xxxLogfile
+**
+** Operation:
+**    nssilock wraps calls to NSPR's PZLock and PZMonitor functions
+**    with similarly named functions: PZ_NewLock(), etc. When NSS is
+**    built with lock instrumentation enabled, the PZ* functions are
+**    compiled into NSS; when lock instrumentation is disabled,
+**    calls to PZ* functions are directly mapped to PR* functions
+**    and the instrumentation arguments to the PZ* functions are
+**    compiled away.
+**
+**
+** File Format:
+**    The format of the external file is implementation
+**    dependent. Where NSPR's PR_LOG() function is used, the file
+**    contains data defined for PR_LOG() plus the data written by
+**    the wrapped function. On some platforms and under some
+**    circumstances, platform dependent logging or
+**    instrumentation probes may be used. In any case, the
+**    relevant data provided by the lock instrumentation is:
+**
+**      lockType, func, address, duration, line, file [heldTime]
+**
+**    where:
+**
+**       lockType: a character representation of nssILockType for the
+**       call. e.g. ... "cert"
+**
+**       func: the function doing the tracing. e.g. "NewLock"
+**
+**       address: address of the instrumented lock or monitor
+**
+**       duration: is how long was spent in the instrumented function,
+**       in PRIntervalTime "ticks".
+**
+**       line: the line number within the calling function
+**
+**       file: the file from which the call was made
+**
+**       heldTime: how long the lock/monitor was held. field
+**       present only for PZ_Unlock() and PZ_ExitMonitor().
+**
+** Design Notes:
+**    The design for lock instrumentation was influenced by the
+**    need to gather performance data on NSS 3.x. It is intended
+**    that the effort to modify NSS to use lock instrumentation
+**    be minimized. Existing calls to locking functions need only
+**    have their names changed to the instrumentation function
+**    names.
+**
+** Private NSS Interface:
+**    nssilock.h defines a private interface for use by NSS.
+**    nssilock.h is experimental in nature and is subject to
+**    change or revocation without notice. ... Don't mess with
+**    it.
+**
+*/
+
+/*
+ * $Id:
+ */
+
+#ifndef _NSSILCKT_H_
+#define _NSSILCKT_H_
+
+#include "utilrename.h"
+#include "prtypes.h"
+#include "prmon.h"
+#include "prlock.h"
+#include "prcvar.h"
+
+typedef enum {
+    nssILockArena = 0,
+    nssILockSession = 1,
+    nssILockObject = 2,
+    nssILockRefLock = 3,
+    nssILockCert = 4,
+    nssILockCertDB = 5,
+    nssILockDBM = 6,
+    nssILockCache = 7,
+    nssILockSSL = 8,
+    nssILockList = 9,
+    nssILockSlot = 10,
+    nssILockFreelist = 11,
+    nssILockOID = 12,
+    nssILockAttribute = 13,
+    nssILockPK11cxt = 14, /* pk11context */
+    nssILockRWLock = 15,
+    nssILockOther = 16,
+    nssILockSelfServ = 17,
+    nssILockKeyDB = 18,
+    nssILockLast /* don't use this one! */
+} nssILockType;
+
+/*
+** conditionally compile in nssilock features
+*/
+#if defined(NEED_NSS_ILOCK)
+
+/*
+** Declare operation type enumerator
+** enumerations identify the function being performed
+*/
+typedef enum {
+    FlushTT = 0,
+    NewLock = 1,
+    Lock = 2,
+    Unlock = 3,
+    DestroyLock = 4,
+    NewCondVar = 5,
+    WaitCondVar = 6,
+    NotifyCondVar = 7,
+    NotifyAllCondVar = 8,
+    DestroyCondVar = 9,
+    NewMonitor = 10,
+    EnterMonitor = 11,
+    ExitMonitor = 12,
+    Notify = 13,
+    NotifyAll = 14,
+    Wait = 15,
+    DestroyMonitor = 16
+} nssILockOp;
+
+/*
+** Declare the trace record
+*/
+struct pzTrace_s {
+    PRUint32 threadID;       /* PR_GetThreadID() */
+    nssILockOp op;           /* operation being performed */
+    nssILockType ltype;      /* lock type identifier */
+    PRIntervalTime callTime; /* time spent in function */
+    PRIntervalTime heldTime; /* lock held time, or -1 */
+    void *lock;              /* address of lock structure */
+    PRIntn line;             /* line number */
+    char file[24];           /* filename */
+};
+
+/*
+** declare opaque types. See: nssilock.c
+*/
+typedef struct pzlock_s PZLock;
+typedef struct pzcondvar_s PZCondVar;
+typedef struct pzmonitor_s PZMonitor;
+
+#else /* NEED_NSS_ILOCK */
+
+#define PZLock PRLock
+#define PZCondVar PRCondVar
+#define PZMonitor PRMonitor
+
+#endif /* NEED_NSS_ILOCK */
+
+#endif /* _NSSILCKT_H_ */
diff --git a/nss/lib/util/nssilock.c b/nss/lib/util/nssilock.c
new file mode 100644
index 0000000..d767209
--- /dev/null
+++ b/nss/lib/util/nssilock.c
@@ -0,0 +1,479 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * nssilock.c - NSS lock instrumentation wrapper functions
+ *
+ * NOTE - These are not public interfaces
+ *
+ * Implementation Notes:
+ * I've tried to make the instrumentation relatively non-intrusive.
+ * To do this, I have used a single PR_LOG() call in each
+ * instrumented function. There's room for improvement.
+ *
+ *
+ */
+
+#include "prinit.h"
+#include "prerror.h"
+#include "prlock.h"
+#include "prmem.h"
+#include "prenv.h"
+#include "prcvar.h"
+#include "prio.h"
+
+#if defined(NEED_NSS_ILOCK)
+#include "prlog.h"
+#include "nssilock.h"
+
+/*
+** Declare the instrumented PZLock
+*/
+struct pzlock_s {
+    PRLock *lock;        /* the PZLock to be instrumented */
+    PRIntervalTime time; /* timestamp when the lock was aquired */
+    nssILockType ltype;
+};
+
+/*
+** Declare the instrumented PZMonitor
+*/
+struct pzmonitor_s {
+    PRMonitor *mon;      /* the PZMonitor to be instrumented */
+    PRIntervalTime time; /* timestamp when the monitor was aquired */
+    nssILockType ltype;
+};
+
+/*
+** Declare the instrumented PZCondVar
+*/
+struct pzcondvar_s {
+    PRCondVar *cvar; /* the PZCondVar to be instrumented */
+    nssILockType ltype;
+};
+
+/*
+** Define a CallOnce type to ensure serialized self-initialization
+*/
+static PRCallOnceType coNssILock;  /* CallOnce type */
+static PRIntn nssILockInitialized; /* initialization done when 1 */
+static PRLogModuleInfo *nssILog;   /* Log instrumentation to this handle */
+
+#define NUM_TT_ENTRIES 6000000
+static PRInt32 traceIndex = -1; /* index into trace table */
+static struct pzTrace_s *tt;    /* pointer to trace table */
+static PRInt32 ttBufSize = (NUM_TT_ENTRIES * sizeof(struct pzTrace_s));
+static PRCondVar *ttCVar;
+static PRLock *ttLock;
+static PRFileDesc *ttfd; /* trace table file */
+
+/*
+** Vtrace() -- Trace events, write events to external media
+**
+** Vtrace() records traced events in an in-memory trace table
+** when the trace table fills, Vtrace writes the entire table
+** to a file.
+**
+** data can be lost!
+**
+*/
+static void
+Vtrace(
+    nssILockOp op,
+    nssILockType ltype,
+    PRIntervalTime callTime,
+    PRIntervalTime heldTime,
+    void *lock,
+    PRIntn line,
+    char *file)
+{
+    PRInt32 idx;
+    struct pzTrace_s *tp;
+
+RetryTrace:
+    idx = PR_ATOMIC_INCREMENT(&traceIndex);
+    while (NUM_TT_ENTRIES <= idx || op == FlushTT) {
+        if (NUM_TT_ENTRIES == idx || op == FlushTT) {
+            int writeSize = idx * sizeof(struct pzTrace_s);
+            PR_Lock(ttLock);
+            PR_Write(ttfd, tt, writeSize);
+            traceIndex = -1;
+            PR_NotifyAllCondVar(ttCVar);
+            PR_Unlock(ttLock);
+            goto RetryTrace;
+        } else {
+            PR_Lock(ttLock);
+            while (NUM_TT_ENTRIES < idx)
+                PR_WaitCondVar(ttCVar, PR_INTERVAL_NO_WAIT);
+            PR_Unlock(ttLock);
+            goto RetryTrace;
+        }
+    } /* end while() */
+
+    /* create the trace entry */
+    tp = tt + idx;
+    tp->threadID = PR_GetThreadID(PR_GetCurrentThread());
+    tp->op = op;
+    tp->ltype = ltype;
+    tp->callTime = callTime;
+    tp->heldTime = heldTime;
+    tp->lock = lock;
+    tp->line = line;
+    strcpy(tp->file, file);
+    return;
+} /* --- end Vtrace() --- */
+
+/*
+** pz_TraceFlush() -- Force trace table write to file
+**
+*/
+extern void
+pz_TraceFlush(void)
+{
+    Vtrace(FlushTT, nssILockSelfServ, 0, 0, NULL, 0, "");
+    return;
+} /* --- end pz_TraceFlush() --- */
+
+/*
+** nssILockInit() -- Initialization for nssilock
+**
+** This function is called from the CallOnce mechanism.
+*/
+static PRStatus
+nssILockInit(void)
+{
+    int i;
+    nssILockInitialized = 1;
+
+    /* new log module */
+    nssILog = PR_NewLogModule("nssilock");
+    if (NULL == nssILog) {
+        return (PR_FAILURE);
+    }
+
+    tt = PR_Calloc(NUM_TT_ENTRIES, sizeof(struct pzTrace_s));
+    if (NULL == tt) {
+        fprintf(stderr, "nssilock: can't allocate trace table\n");
+        exit(1);
+    }
+
+    ttfd = PR_Open("xxxTTLog", PR_CREATE_FILE | PR_WRONLY, 0666);
+    if (NULL == ttfd) {
+        fprintf(stderr, "Oh Drat! Can't open 'xxxTTLog'\n");
+        exit(1);
+    }
+
+    ttLock = PR_NewLock();
+    ttCVar = PR_NewCondVar(ttLock);
+
+    return (PR_SUCCESS);
+} /* --- end nssILockInit() --- */
+
+extern PZLock *
+pz_NewLock(
+    nssILockType ltype,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PZLock *lock;
+
+    /* Self Initialize the nssILock feature */
+    if (!nssILockInitialized) {
+        rc = PR_CallOnce(&coNssILock, nssILockInit);
+        if (PR_FAILURE == rc) {
+            PR_SetError(PR_UNKNOWN_ERROR, 0);
+            return (NULL);
+        }
+    }
+
+    lock = PR_NEWZAP(PZLock);
+    if (NULL != lock) {
+        lock->ltype = ltype;
+        lock->lock = PR_NewLock();
+        if (NULL == lock->lock) {
+            PR_DELETE(lock);
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    Vtrace(NewLock, ltype, 0, 0, lock, line, file);
+    return (lock);
+} /* --- end pz_NewLock() --- */
+
+extern void
+pz_Lock(
+    PZLock *lock,
+    char *file,
+    PRIntn line)
+{
+    PRIntervalTime callTime;
+
+    callTime = PR_IntervalNow();
+    PR_Lock(lock->lock);
+    lock->time = PR_IntervalNow();
+    callTime = lock->time - callTime;
+
+    Vtrace(Lock, lock->ltype, callTime, 0, lock, line, file);
+    return;
+} /* --- end  pz_Lock() --- */
+
+extern PRStatus
+pz_Unlock(
+    PZLock *lock,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PRIntervalTime callTime, now, heldTime;
+
+    callTime = PR_IntervalNow();
+    rc = PR_Unlock(lock->lock);
+    now = PR_IntervalNow();
+    callTime = now - callTime;
+    heldTime = now - lock->time;
+    Vtrace(Unlock, lock->ltype, callTime, heldTime, lock, line, file);
+    return (rc);
+} /* --- end  pz_Unlock() --- */
+
+extern void
+pz_DestroyLock(
+    PZLock *lock,
+    char *file,
+    PRIntn line)
+{
+    Vtrace(DestroyLock, lock->ltype, 0, 0, lock, line, file);
+    PR_DestroyLock(lock->lock);
+    PR_DELETE(lock);
+    return;
+} /* --- end  pz_DestroyLock() --- */
+
+extern PZCondVar *
+pz_NewCondVar(
+    PZLock *lock,
+    char *file,
+    PRIntn line)
+{
+    PZCondVar *cvar;
+
+    cvar = PR_NEWZAP(PZCondVar);
+    if (NULL == cvar) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    } else {
+        cvar->ltype = lock->ltype;
+        cvar->cvar = PR_NewCondVar(lock->lock);
+        if (NULL == cvar->cvar) {
+            PR_DELETE(cvar);
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+        }
+    }
+    Vtrace(NewCondVar, lock->ltype, 0, 0, cvar, line, file);
+    return (cvar);
+} /* --- end  pz_NewCondVar() --- */
+
+extern void
+pz_DestroyCondVar(
+    PZCondVar *cvar,
+    char *file,
+    PRIntn line)
+{
+    Vtrace(DestroyCondVar, cvar->ltype, 0, 0, cvar, line, file);
+    PR_DestroyCondVar(cvar->cvar);
+    PR_DELETE(cvar);
+} /* --- end  pz_DestroyCondVar() --- */
+
+extern PRStatus
+pz_WaitCondVar(
+    PZCondVar *cvar,
+    PRIntervalTime timeout,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PRIntervalTime callTime;
+
+    callTime = PR_IntervalNow();
+    rc = PR_WaitCondVar(cvar->cvar, timeout);
+    callTime = PR_IntervalNow() - callTime;
+
+    Vtrace(WaitCondVar, cvar->ltype, callTime, 0, cvar, line, file);
+    return (rc);
+} /* --- end  pz_WaitCondVar() --- */
+
+extern PRStatus
+pz_NotifyCondVar(
+    PZCondVar *cvar,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+
+    rc = PR_NotifyCondVar(cvar->cvar);
+
+    Vtrace(NotifyCondVar, cvar->ltype, 0, 0, cvar, line, file);
+    return (rc);
+} /* --- end  pz_NotifyCondVar() --- */
+
+extern PRStatus
+pz_NotifyAllCondVar(
+    PZCondVar *cvar,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+
+    rc = PR_NotifyAllCondVar(cvar->cvar);
+
+    Vtrace(NotifyAllCondVar, cvar->ltype, 0, 0, cvar, line, file);
+    return (rc);
+} /* --- end  pz_NotifyAllCondVar() --- */
+
+extern PZMonitor *
+pz_NewMonitor(
+    nssILockType ltype,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PZMonitor *mon;
+
+    /* Self Initialize the nssILock feature */
+    if (!nssILockInitialized) {
+        rc = PR_CallOnce(&coNssILock, nssILockInit);
+        if (PR_FAILURE == rc) {
+            PR_SetError(PR_UNKNOWN_ERROR, 0);
+            return (NULL);
+        }
+    }
+
+    mon = PR_NEWZAP(PZMonitor);
+    if (NULL != mon) {
+        mon->ltype = ltype;
+        mon->mon = PR_NewMonitor();
+        if (NULL == mon->mon) {
+            PR_DELETE(mon);
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+        }
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    Vtrace(NewMonitor, ltype, 0, 0, mon, line, file);
+    return (mon);
+} /* --- end  pz_NewMonitor() --- */
+
+extern void
+pz_DestroyMonitor(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line)
+{
+    Vtrace(DestroyMonitor, mon->ltype, 0, 0, mon, line, file);
+    PR_DestroyMonitor(mon->mon);
+    PR_DELETE(mon);
+    return;
+} /* --- end  pz_DestroyMonitor() --- */
+
+extern void
+pz_EnterMonitor(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line)
+{
+    PRIntervalTime callTime, now;
+
+    callTime = PR_IntervalNow();
+    PR_EnterMonitor(mon->mon);
+    now = PR_IntervalNow();
+    callTime = now - callTime;
+    if (PR_GetMonitorEntryCount(mon->mon) == 1) {
+        mon->time = now;
+    }
+    Vtrace(EnterMonitor, mon->ltype, callTime, 0, mon, line, file);
+    return;
+} /* --- end  pz_EnterMonitor() --- */
+
+extern PRStatus
+pz_ExitMonitor(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PRIntervalTime callTime, now, heldTime;
+    PRIntn mec = PR_GetMonitorEntryCount(mon->mon);
+
+    heldTime = (PRIntervalTime)-1;
+    callTime = PR_IntervalNow();
+    rc = PR_ExitMonitor(mon->mon);
+    now = PR_IntervalNow();
+    callTime = now - callTime;
+    if (mec == 1)
+        heldTime = now - mon->time;
+    Vtrace(ExitMonitor, mon->ltype, callTime, heldTime, mon, line, file);
+    return (rc);
+} /* --- end  pz_ExitMonitor() --- */
+
+extern PRIntn
+pz_GetMonitorEntryCount(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line)
+{
+    return (PR_GetMonitorEntryCount(mon->mon));
+} /* --- end pz_GetMonitorEntryCount() --- */
+
+extern PRStatus
+pz_Wait(
+    PZMonitor *mon,
+    PRIntervalTime ticks,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PRIntervalTime callTime;
+
+    callTime = PR_IntervalNow();
+    rc = PR_Wait(mon->mon, ticks);
+    callTime = PR_IntervalNow() - callTime;
+    Vtrace(Wait, mon->ltype, callTime, 0, mon, line, file);
+    return (rc);
+} /* --- end  pz_Wait() --- */
+
+extern PRStatus
+pz_Notify(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PRIntervalTime callTime;
+
+    callTime = PR_IntervalNow();
+    rc = PR_Notify(mon->mon);
+    callTime = PR_IntervalNow() - callTime;
+    Vtrace(Notify, mon->ltype, callTime, 0, mon, line, file);
+    return (rc);
+} /* --- end  pz_Notify() --- */
+
+extern PRStatus
+pz_NotifyAll(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line)
+{
+    PRStatus rc;
+    PRIntervalTime callTime;
+
+    callTime = PR_IntervalNow();
+    rc = PR_NotifyAll(mon->mon);
+    callTime = PR_IntervalNow() - callTime;
+    Vtrace(NotifyAll, mon->ltype, callTime, 0, mon, line, file);
+    return (rc);
+} /* --- end  pz_NotifyAll() --- */
+
+#endif /* NEED_NSS_ILOCK */
+/* --- end nssilock.c --------------------------------- */
diff --git a/nss/lib/util/nssilock.h b/nss/lib/util/nssilock.h
new file mode 100644
index 0000000..01f666a
--- /dev/null
+++ b/nss/lib/util/nssilock.h
@@ -0,0 +1,267 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** nssilock.h - Instrumented locking functions for NSS
+**
+** Description:
+**    nssilock provides instrumentation for locks and monitors in
+**    the NSS libraries. The instrumentation, when enabled, causes
+**    each call to the instrumented function to record data about
+**    the call to an external file. The external file
+**    subsequently used to extract performance data and other
+**    statistical information about the operation of locks used in
+**    the nss library.
+**
+**    To enable compilation with instrumentation, build NSS with
+**    the compile time switch NEED_NSS_ILOCK defined.
+**
+**    say:  "gmake OS_CFLAGS+=-DNEED_NSS_ILOCK" at make time.
+**
+**    At runtime, to enable recording from nssilock, one or more
+**    environment variables must be set. For each nssILockType to
+**    be recorded, an environment variable of the form NSS_ILOCK_x
+**    must be set to 1. For example:
+**
+**       set NSS_ILOCK_Cert=1
+**
+**    nssilock uses PRLOG is used to record to trace data. The
+**    PRLogModule name associated with nssilock data is: "nssilock".
+**    To enable recording of nssilock data you will need to set the
+**    environment variable NSPR_LOG_MODULES to enable
+**    recording for the nssilock log module. Similarly, you will
+**    need to set the environment variable NSPR_LOG_FILE to specify
+**    the filename to receive the recorded data. See prlog.h for usage.
+**    Example:
+**
+**        export NSPR_LOG_MODULES=nssilock:6
+**        export NSPR_LOG_FILE=xxxLogfile
+**
+** Operation:
+**    nssilock wraps calls to NSPR's PZLock and PZMonitor functions
+**    with similarly named functions: PZ_NewLock(), etc. When NSS is
+**    built with lock instrumentation enabled, the PZ* functions are
+**    compiled into NSS; when lock instrumentation is disabled,
+**    calls to PZ* functions are directly mapped to PR* functions
+**    and the instrumentation arguments to the PZ* functions are
+**    compiled away.
+**
+**
+** File Format:
+**    The format of the external file is implementation
+**    dependent. Where NSPR's PR_LOG() function is used, the file
+**    contains data defined for PR_LOG() plus the data written by
+**    the wrapped function. On some platforms and under some
+**    circumstances, platform dependent logging or
+**    instrumentation probes may be used. In any case, the
+**    relevant data provided by the lock instrumentation is:
+**
+**      lockType, func, address, duration, line, file [heldTime]
+**
+**    where:
+**
+**       lockType: a character representation of nssILockType for the
+**       call. e.g. ... "cert"
+**
+**       func: the function doing the tracing. e.g. "NewLock"
+**
+**       address: address of the instrumented lock or monitor
+**
+**       duration: is how long was spent in the instrumented function,
+**       in PRIntervalTime "ticks".
+**
+**       line: the line number within the calling function
+**
+**       file: the file from which the call was made
+**
+**       heldTime: how long the lock/monitor was held. field
+**       present only for PZ_Unlock() and PZ_ExitMonitor().
+**
+** Design Notes:
+**    The design for lock instrumentation was influenced by the
+**    need to gather performance data on NSS 3.x. It is intended
+**    that the effort to modify NSS to use lock instrumentation
+**    be minimized. Existing calls to locking functions need only
+**    have their names changed to the instrumentation function
+**    names.
+**
+** Private NSS Interface:
+**    nssilock.h defines a private interface for use by NSS.
+**    nssilock.h is experimental in nature and is subject to
+**    change or revocation without notice. ... Don't mess with
+**    it.
+**
+*/
+
+/*
+ * $Id:
+ */
+
+#ifndef _NSSILOCK_H_
+#define _NSSILOCK_H_
+
+#include "utilrename.h"
+#include "prtypes.h"
+#include "prmon.h"
+#include "prlock.h"
+#include "prcvar.h"
+
+#include "nssilckt.h"
+
+PR_BEGIN_EXTERN_C
+
+#if defined(NEED_NSS_ILOCK)
+
+#define PZ_NewLock(t) pz_NewLock((t), __FILE__, __LINE__)
+extern PZLock *
+pz_NewLock(
+    nssILockType ltype,
+    char *file,
+    PRIntn line);
+
+#define PZ_Lock(k) pz_Lock((k), __FILE__, __LINE__)
+extern void
+pz_Lock(
+    PZLock *lock,
+    char *file,
+    PRIntn line);
+
+#define PZ_Unlock(k) pz_Unlock((k), __FILE__, __LINE__)
+extern PRStatus
+pz_Unlock(
+    PZLock *lock,
+    char *file,
+    PRIntn line);
+
+#define PZ_DestroyLock(k) pz_DestroyLock((k), __FILE__, __LINE__)
+extern void
+pz_DestroyLock(
+    PZLock *lock,
+    char *file,
+    PRIntn line);
+
+#define PZ_NewCondVar(l) pz_NewCondVar((l), __FILE__, __LINE__)
+extern PZCondVar *
+pz_NewCondVar(
+    PZLock *lock,
+    char *file,
+    PRIntn line);
+
+#define PZ_DestroyCondVar(v) pz_DestroyCondVar((v), __FILE__, __LINE__)
+extern void
+pz_DestroyCondVar(
+    PZCondVar *cvar,
+    char *file,
+    PRIntn line);
+
+#define PZ_WaitCondVar(v, t) pz_WaitCondVar((v), (t), __FILE__, __LINE__)
+extern PRStatus
+pz_WaitCondVar(
+    PZCondVar *cvar,
+    PRIntervalTime timeout,
+    char *file,
+    PRIntn line);
+
+#define PZ_NotifyCondVar(v) pz_NotifyCondVar((v), __FILE__, __LINE__)
+extern PRStatus
+pz_NotifyCondVar(
+    PZCondVar *cvar,
+    char *file,
+    PRIntn line);
+
+#define PZ_NotifyAllCondVar(v) pz_NotifyAllCondVar((v), __FILE__, __LINE__)
+extern PRStatus
+pz_NotifyAllCondVar(
+    PZCondVar *cvar,
+    char *file,
+    PRIntn line);
+
+#define PZ_NewMonitor(t) pz_NewMonitor((t), __FILE__, __LINE__)
+extern PZMonitor *
+pz_NewMonitor(
+    nssILockType ltype,
+    char *file,
+    PRIntn line);
+
+#define PZ_DestroyMonitor(m) pz_DestroyMonitor((m), __FILE__, __LINE__)
+extern void
+pz_DestroyMonitor(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line);
+
+#define PZ_EnterMonitor(m) pz_EnterMonitor((m), __FILE__, __LINE__)
+extern void
+pz_EnterMonitor(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line);
+
+#define PZ_ExitMonitor(m) pz_ExitMonitor((m), __FILE__, __LINE__)
+extern PRStatus
+pz_ExitMonitor(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line);
+
+#define PZ_InMonitor(m) (PZ_GetMonitorEntryCount(m) > 0)
+#define PZ_GetMonitorEntryCount(m) pz_GetMonitorEntryCount((m), __FILE__, __LINE__)
+extern PRIntn
+pz_GetMonitorEntryCount(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line);
+
+#define PZ_Wait(m, i) pz_Wait((m), ((i)), __FILE__, __LINE__)
+extern PRStatus
+pz_Wait(
+    PZMonitor *mon,
+    PRIntervalTime ticks,
+    char *file,
+    PRIntn line);
+
+#define PZ_Notify(m) pz_Notify((m), __FILE__, __LINE__)
+extern PRStatus
+pz_Notify(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line);
+
+#define PZ_NotifyAll(m) pz_NotifyAll((m), __FILE__, __LINE__)
+extern PRStatus
+pz_NotifyAll(
+    PZMonitor *mon,
+    char *file,
+    PRIntn line);
+
+#define PZ_TraceFlush() pz_TraceFlush()
+extern void pz_TraceFlush(void);
+
+#else /* NEED_NSS_ILOCK */
+
+#define PZ_NewLock(t) PR_NewLock()
+#define PZ_DestroyLock(k) PR_DestroyLock((k))
+#define PZ_Lock(k) PR_Lock((k))
+#define PZ_Unlock(k) PR_Unlock((k))
+
+#define PZ_NewCondVar(l) PR_NewCondVar((l))
+#define PZ_DestroyCondVar(v) PR_DestroyCondVar((v))
+#define PZ_WaitCondVar(v, t) PR_WaitCondVar((v), (t))
+#define PZ_NotifyCondVar(v) PR_NotifyCondVar((v))
+#define PZ_NotifyAllCondVar(v) PR_NotifyAllCondVar((v))
+
+#define PZ_NewMonitor(t) PR_NewMonitor()
+#define PZ_DestroyMonitor(m) PR_DestroyMonitor((m))
+#define PZ_EnterMonitor(m) PR_EnterMonitor((m))
+#define PZ_ExitMonitor(m) PR_ExitMonitor((m))
+#define PZ_InMonitor(m) PR_InMonitor((m))
+#define PZ_Wait(m, t) PR_Wait(((m)), ((t)))
+#define PZ_Notify(m) PR_Notify((m))
+#define PZ_NotifyAll(m) PR_Notify((m))
+#define PZ_TraceFlush() /* nothing */
+
+#endif /* NEED_NSS_ILOCK */
+
+PR_END_EXTERN_C
+#endif /* _NSSILOCK_H_ */
diff --git a/nss/lib/util/nsslocks.h b/nss/lib/util/nsslocks.h
new file mode 100644
index 0000000..6098f56
--- /dev/null
+++ b/nss/lib/util/nsslocks.h
@@ -0,0 +1,10 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * nsslocks.h - threadsafe functions to initialize lock pointers.
+ *
+ * NOTE - The interfaces formerly in this header were private and are now all
+ *        obsolete.
+ */
diff --git a/nss/lib/util/nssrwlk.c b/nss/lib/util/nssrwlk.c
new file mode 100644
index 0000000..dbaeca2
--- /dev/null
+++ b/nss/lib/util/nssrwlk.c
@@ -0,0 +1,448 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssrwlk.h"
+#include "nspr.h"
+
+PR_BEGIN_EXTERN_C
+
+/*
+ * Reader-writer lock
+ */
+struct nssRWLockStr {
+    PZLock *rw_lock;
+    char *rw_name;               /* lock name                    */
+    PRUint32 rw_rank;            /* rank of the lock             */
+    PRInt32 rw_writer_locks;     /* ==  0, if unlocked           */
+    PRInt32 rw_reader_locks;     /* ==  0, if unlocked           */
+                                 /* > 0  , # of read locks       */
+    PRUint32 rw_waiting_readers; /* number of waiting readers    */
+    PRUint32 rw_waiting_writers; /* number of waiting writers    */
+    PZCondVar *rw_reader_waitq;  /* cvar for readers             */
+    PZCondVar *rw_writer_waitq;  /* cvar for writers             */
+    PRThread *rw_owner;          /* lock owner for write-lock    */
+                                 /* Non-null if write lock held. */
+};
+
+PR_END_EXTERN_C
+
+#include <string.h>
+
+#ifdef DEBUG_RANK_ORDER
+#define NSS_RWLOCK_RANK_ORDER_DEBUG /* enable deadlock detection using \
+                                       rank-order for locks            \
+                                    */
+#endif
+
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+
+static PRUintn nss_thread_rwlock_initialized;
+static PRUintn nss_thread_rwlock; /* TPD key for lock stack */
+static PRUintn nss_thread_rwlock_alloc_failed;
+
+#define _NSS_RWLOCK_RANK_ORDER_LIMIT 10
+
+typedef struct thread_rwlock_stack {
+    PRInt32 trs_index;                                  /* top of stack */
+    NSSRWLock *trs_stack[_NSS_RWLOCK_RANK_ORDER_LIMIT]; /* stack of lock
+                                                               pointers */
+} thread_rwlock_stack;
+
+/* forward static declarations. */
+static PRUint32 nssRWLock_GetThreadRank(PRThread *me);
+static void nssRWLock_SetThreadRank(PRThread *me, NSSRWLock *rwlock);
+static void nssRWLock_UnsetThreadRank(PRThread *me, NSSRWLock *rwlock);
+static void nssRWLock_ReleaseLockStack(void *lock_stack);
+
+#endif
+
+#define UNTIL(x) while (!(x))
+
+/*
+ * Reader/Writer Locks
+ */
+
+/*
+ * NSSRWLock_New
+ *      Create a reader-writer lock, with the given lock rank and lock name
+ *
+ */
+
+NSSRWLock *
+NSSRWLock_New(PRUint32 lock_rank, const char *lock_name)
+{
+    NSSRWLock *rwlock;
+
+    rwlock = PR_NEWZAP(NSSRWLock);
+    if (rwlock == NULL)
+        return NULL;
+
+    rwlock->rw_lock = PZ_NewLock(nssILockRWLock);
+    if (rwlock->rw_lock == NULL) {
+        goto loser;
+    }
+    rwlock->rw_reader_waitq = PZ_NewCondVar(rwlock->rw_lock);
+    if (rwlock->rw_reader_waitq == NULL) {
+        goto loser;
+    }
+    rwlock->rw_writer_waitq = PZ_NewCondVar(rwlock->rw_lock);
+    if (rwlock->rw_writer_waitq == NULL) {
+        goto loser;
+    }
+    if (lock_name != NULL) {
+        rwlock->rw_name = (char *)PR_Malloc((PRUint32)strlen(lock_name) + 1);
+        if (rwlock->rw_name == NULL) {
+            goto loser;
+        }
+        strcpy(rwlock->rw_name, lock_name);
+    } else {
+        rwlock->rw_name = NULL;
+    }
+    rwlock->rw_rank = lock_rank;
+    rwlock->rw_waiting_readers = 0;
+    rwlock->rw_waiting_writers = 0;
+    rwlock->rw_reader_locks = 0;
+    rwlock->rw_writer_locks = 0;
+
+    return rwlock;
+
+loser:
+    NSSRWLock_Destroy(rwlock);
+    return (NULL);
+}
+
+/*
+** Destroy the given RWLock "lock".
+*/
+void
+NSSRWLock_Destroy(NSSRWLock *rwlock)
+{
+    PR_ASSERT(rwlock != NULL);
+    PR_ASSERT(rwlock->rw_waiting_readers == 0);
+
+    /* XXX Shouldn't we lock the PZLock before destroying this?? */
+
+    if (rwlock->rw_name)
+        PR_Free(rwlock->rw_name);
+    if (rwlock->rw_reader_waitq)
+        PZ_DestroyCondVar(rwlock->rw_reader_waitq);
+    if (rwlock->rw_writer_waitq)
+        PZ_DestroyCondVar(rwlock->rw_writer_waitq);
+    if (rwlock->rw_lock)
+        PZ_DestroyLock(rwlock->rw_lock);
+    PR_DELETE(rwlock);
+}
+
+/*
+** Read-lock the RWLock.
+*/
+void
+NSSRWLock_LockRead(NSSRWLock *rwlock)
+{
+    PRThread *me = PR_GetCurrentThread();
+
+    PZ_Lock(rwlock->rw_lock);
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+
+    /*
+     * assert that rank ordering is not violated; the rank of 'rwlock' should
+     * be equal to or greater than the highest rank of all the locks held by
+     * the thread.
+     */
+    PR_ASSERT((rwlock->rw_rank == NSS_RWLOCK_RANK_NONE) ||
+              (rwlock->rw_rank >= nssRWLock_GetThreadRank(me)));
+#endif
+    /*
+     * wait if write-locked or if a writer is waiting; preference for writers
+     */
+    UNTIL((rwlock->rw_owner == me) ||    /* I own it, or        */
+          ((rwlock->rw_owner == NULL) && /* no-one owns it, and */
+           (rwlock->rw_waiting_writers == 0)))
+    { /* no-one is waiting to own */
+
+        rwlock->rw_waiting_readers++;
+        PZ_WaitCondVar(rwlock->rw_reader_waitq, PR_INTERVAL_NO_TIMEOUT);
+        rwlock->rw_waiting_readers--;
+    }
+    rwlock->rw_reader_locks++; /* Increment read-lock count */
+
+    PZ_Unlock(rwlock->rw_lock);
+
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+    nssRWLock_SetThreadRank(me, rwlock); /* update thread's lock rank */
+#endif
+}
+
+/* Unlock a Read lock held on this RW lock.
+*/
+void
+NSSRWLock_UnlockRead(NSSRWLock *rwlock)
+{
+    PZ_Lock(rwlock->rw_lock);
+
+    PR_ASSERT(rwlock->rw_reader_locks > 0); /* lock must be read locked */
+
+    if ((rwlock->rw_reader_locks > 0) &&    /* caller isn't screwey */
+        (--rwlock->rw_reader_locks == 0) && /* not read locked any more */
+        (rwlock->rw_owner == NULL) &&       /* not write locked */
+        (rwlock->rw_waiting_writers > 0)) { /* someone's waiting. */
+
+        PZ_NotifyCondVar(rwlock->rw_writer_waitq); /* wake him up. */
+    }
+
+    PZ_Unlock(rwlock->rw_lock);
+
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+    /*
+     * update thread's lock rank
+     */
+    nssRWLock_UnsetThreadRank(me, rwlock);
+#endif
+    return;
+}
+
+/*
+** Write-lock the RWLock.
+*/
+void
+NSSRWLock_LockWrite(NSSRWLock *rwlock)
+{
+    PRThread *me = PR_GetCurrentThread();
+
+    PZ_Lock(rwlock->rw_lock);
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+    /*
+     * assert that rank ordering is not violated; the rank of 'rwlock' should
+     * be equal to or greater than the highest rank of all the locks held by
+     * the thread.
+     */
+    PR_ASSERT((rwlock->rw_rank == NSS_RWLOCK_RANK_NONE) ||
+              (rwlock->rw_rank >= nssRWLock_GetThreadRank(me)));
+#endif
+    /*
+     * wait if read locked or write locked.
+     */
+    PR_ASSERT(rwlock->rw_reader_locks >= 0);
+    PR_ASSERT(me != NULL);
+
+    UNTIL((rwlock->rw_owner == me) ||    /* I own write lock, or */
+          ((rwlock->rw_owner == NULL) && /* no writer   and */
+           (rwlock->rw_reader_locks == 0)))
+    { /* no readers, either. */
+
+        rwlock->rw_waiting_writers++;
+        PZ_WaitCondVar(rwlock->rw_writer_waitq, PR_INTERVAL_NO_TIMEOUT);
+        rwlock->rw_waiting_writers--;
+        PR_ASSERT(rwlock->rw_reader_locks >= 0);
+    }
+
+    PR_ASSERT(rwlock->rw_reader_locks == 0);
+    /*
+     * apply write lock
+     */
+    rwlock->rw_owner = me;
+    rwlock->rw_writer_locks++; /* Increment write-lock count */
+
+    PZ_Unlock(rwlock->rw_lock);
+
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+    /*
+     * update thread's lock rank
+     */
+    nssRWLock_SetThreadRank(me, rwlock);
+#endif
+}
+
+/* Unlock a Read lock held on this RW lock.
+*/
+void
+NSSRWLock_UnlockWrite(NSSRWLock *rwlock)
+{
+    PRThread *me = PR_GetCurrentThread();
+
+    PZ_Lock(rwlock->rw_lock);
+    PR_ASSERT(rwlock->rw_owner == me);      /* lock must be write-locked by me.  */
+    PR_ASSERT(rwlock->rw_writer_locks > 0); /* lock must be write locked */
+
+    if (rwlock->rw_owner == me &&         /* I own it, and            */
+        rwlock->rw_writer_locks > 0 &&    /* I own it, and            */
+        --rwlock->rw_writer_locks == 0) { /* I'm all done with it     */
+
+        rwlock->rw_owner = NULL; /* I don't own it any more. */
+
+        /* Give preference to waiting writers. */
+        if (rwlock->rw_waiting_writers > 0) {
+            if (rwlock->rw_reader_locks == 0)
+                PZ_NotifyCondVar(rwlock->rw_writer_waitq);
+        } else if (rwlock->rw_waiting_readers > 0) {
+            PZ_NotifyAllCondVar(rwlock->rw_reader_waitq);
+        }
+    }
+    PZ_Unlock(rwlock->rw_lock);
+
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+    /*
+     * update thread's lock rank
+     */
+    nssRWLock_UnsetThreadRank(me, rwlock);
+#endif
+    return;
+}
+
+/* This is primarily for debugging, i.e. for inclusion in ASSERT calls. */
+PRBool
+NSSRWLock_HaveWriteLock(NSSRWLock *rwlock)
+{
+    PRBool ownWriteLock;
+    PRThread *me = PR_GetCurrentThread();
+
+/* This lock call isn't really necessary.
+    ** If this thread is the owner, that fact cannot change during this call,
+    ** because this thread is in this call.
+    ** If this thread is NOT the owner, the owner could change, but it
+    ** could not become this thread.
+    */
+#if UNNECESSARY
+    PZ_Lock(rwlock->rw_lock);
+#endif
+    ownWriteLock = (PRBool)(me == rwlock->rw_owner);
+#if UNNECESSARY
+    PZ_Unlock(rwlock->rw_lock);
+#endif
+    return ownWriteLock;
+}
+
+#ifdef NSS_RWLOCK_RANK_ORDER_DEBUG
+
+/*
+ * nssRWLock_SetThreadRank
+ *      Set a thread's lock rank, which is the highest of the ranks of all
+ *      the locks held by the thread. Pointers to the locks are added to a
+ *      per-thread list, which is anchored off a thread-private data key.
+ */
+
+static void
+nssRWLock_SetThreadRank(PRThread *me, NSSRWLock *rwlock)
+{
+    thread_rwlock_stack *lock_stack;
+    PRStatus rv;
+
+    /*
+     * allocated thread-private-data for rwlock list, if not already allocated
+     */
+    if (!nss_thread_rwlock_initialized) {
+        /*
+         * allocate tpd, only if not failed already
+         */
+        if (!nss_thread_rwlock_alloc_failed) {
+            if (PR_NewThreadPrivateIndex(&nss_thread_rwlock,
+                                         nssRWLock_ReleaseLockStack) == PR_FAILURE) {
+                nss_thread_rwlock_alloc_failed = 1;
+                return;
+            }
+        } else
+            return;
+    }
+    /*
+     * allocate a lock stack
+     */
+    if ((lock_stack = PR_GetThreadPrivate(nss_thread_rwlock)) == NULL) {
+        lock_stack = (thread_rwlock_stack *)
+            PR_CALLOC(1 * sizeof(thread_rwlock_stack));
+        if (lock_stack) {
+            rv = PR_SetThreadPrivate(nss_thread_rwlock, lock_stack);
+            if (rv == PR_FAILURE) {
+                PR_DELETE(lock_stack);
+                nss_thread_rwlock_alloc_failed = 1;
+                return;
+            }
+        } else {
+            nss_thread_rwlock_alloc_failed = 1;
+            return;
+        }
+    }
+    /*
+     * add rwlock to lock stack, if limit is not exceeded
+     */
+    if (lock_stack) {
+        if (lock_stack->trs_index < _NSS_RWLOCK_RANK_ORDER_LIMIT)
+            lock_stack->trs_stack[lock_stack->trs_index++] = rwlock;
+    }
+    nss_thread_rwlock_initialized = 1;
+}
+
+static void
+nssRWLock_ReleaseLockStack(void *lock_stack)
+{
+    PR_ASSERT(lock_stack);
+    PR_DELETE(lock_stack);
+}
+
+/*
+ * nssRWLock_GetThreadRank
+ *
+ *      return thread's lock rank. If thread-private-data for the lock
+ *      stack is not allocated, return NSS_RWLOCK_RANK_NONE.
+ */
+
+static PRUint32
+nssRWLock_GetThreadRank(PRThread *me)
+{
+    thread_rwlock_stack *lock_stack;
+
+    if (nss_thread_rwlock_initialized) {
+        if ((lock_stack = PR_GetThreadPrivate(nss_thread_rwlock)) == NULL)
+            return (NSS_RWLOCK_RANK_NONE);
+        else
+            return (lock_stack->trs_stack[lock_stack->trs_index - 1]->rw_rank);
+
+    } else
+        return (NSS_RWLOCK_RANK_NONE);
+}
+
+/*
+ * nssRWLock_UnsetThreadRank
+ *
+ *      remove the rwlock from the lock stack. Since locks may not be
+ *      unlocked in a FIFO order, the entire lock stack is searched.
+ */
+
+static void
+nssRWLock_UnsetThreadRank(PRThread *me, NSSRWLock *rwlock)
+{
+    thread_rwlock_stack *lock_stack;
+    int new_index = 0, index, done = 0;
+
+    if (!nss_thread_rwlock_initialized)
+        return;
+
+    lock_stack = PR_GetThreadPrivate(nss_thread_rwlock);
+
+    PR_ASSERT(lock_stack != NULL);
+
+    index = lock_stack->trs_index - 1;
+    while (index-- >= 0) {
+        if ((lock_stack->trs_stack[index] == rwlock) && !done) {
+            /*
+             * reset the slot for rwlock
+             */
+            lock_stack->trs_stack[index] = NULL;
+            done = 1;
+        }
+        /*
+         * search for the lowest-numbered empty slot, above which there are
+         * no non-empty slots
+         */
+        if ((lock_stack->trs_stack[index] != NULL) && !new_index)
+            new_index = index + 1;
+        if (done && new_index)
+            break;
+    }
+    /*
+     * set top of stack to highest numbered empty slot
+     */
+    lock_stack->trs_index = new_index;
+}
+
+#endif /* NSS_RWLOCK_RANK_ORDER_DEBUG */
diff --git a/nss/lib/util/nssrwlk.h b/nss/lib/util/nssrwlk.h
new file mode 100644
index 0000000..2ae6931
--- /dev/null
+++ b/nss/lib/util/nssrwlk.h
@@ -0,0 +1,132 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+** File:        nsrwlock.h
+** Description: API to basic reader-writer lock functions of NSS.
+**  These are re-entrant reader writer locks; that is,
+**  If I hold the write lock, I can ask for it and get it again.
+**  If I hold the write lock, I can also ask for and get a read lock.
+**      I can then release the locks in any order (read or write).
+**  I must release each lock type as many times as I acquired it.
+**  Otherwise, these are normal reader/writer locks.
+**
+** For deadlock detection, locks should be ranked, and no lock may be aquired
+** while I hold a lock of higher rank number.
+** If you don't want that feature, always use NSS_RWLOCK_RANK_NONE.
+** Lock name is for debugging, and is optional (may be NULL)
+**/
+
+#ifndef nssrwlk_h___
+#define nssrwlk_h___
+
+#include "utilrename.h"
+#include "prtypes.h"
+#include "nssrwlkt.h"
+
+#define NSS_RWLOCK_RANK_NONE 0
+
+/* SEC_BEGIN_PROTOS */
+PR_BEGIN_EXTERN_C
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_New
+** DESCRIPTION:
+**  Returns a pointer to a newly created reader-writer lock object.
+** INPUTS:      Lock rank
+**      Lock name
+** OUTPUTS:     void
+** RETURN:      NSSRWLock*
+**   If the lock cannot be created because of resource constraints, NULL
+**   is returned.
+**
+***********************************************************************/
+extern NSSRWLock *NSSRWLock_New(PRUint32 lock_rank, const char *lock_name);
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_AtomicCreate
+** DESCRIPTION:
+**  Given the address of a NULL pointer to a NSSRWLock,
+**  atomically initializes that pointer to a newly created NSSRWLock.
+**  Returns the value placed into that pointer, or NULL.
+**
+** INPUTS:      address of NSRWLock pointer
+**              Lock rank
+**      Lock name
+** OUTPUTS:     NSSRWLock*
+** RETURN:      NSSRWLock*
+**   If the lock cannot be created because of resource constraints,
+**   the pointer will be left NULL.
+**
+***********************************************************************/
+extern NSSRWLock *
+nssRWLock_AtomicCreate(NSSRWLock **prwlock,
+                       PRUint32 lock_rank,
+                       const char *lock_name);
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_Destroy
+** DESCRIPTION:
+**  Destroys a given RW lock object.
+** INPUTS:      NSSRWLock *lock - Lock to be freed.
+** OUTPUTS:     void
+** RETURN:      None
+***********************************************************************/
+extern void NSSRWLock_Destroy(NSSRWLock *lock);
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_LockRead
+** DESCRIPTION:
+**  Apply a read lock (non-exclusive) on a RWLock
+** INPUTS:      NSSRWLock *lock - Lock to be read-locked.
+** OUTPUTS:     void
+** RETURN:      None
+***********************************************************************/
+extern void NSSRWLock_LockRead(NSSRWLock *lock);
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_LockWrite
+** DESCRIPTION:
+**  Apply a write lock (exclusive) on a RWLock
+** INPUTS:      NSSRWLock *lock - Lock to write-locked.
+** OUTPUTS:     void
+** RETURN:      None
+***********************************************************************/
+extern void NSSRWLock_LockWrite(NSSRWLock *lock);
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_UnlockRead
+** DESCRIPTION:
+**  Release a Read lock. Unlocking an unlocked lock has undefined results.
+** INPUTS:      NSSRWLock *lock - Lock to unlocked.
+** OUTPUTS:     void
+** RETURN:      void
+***********************************************************************/
+extern void NSSRWLock_UnlockRead(NSSRWLock *lock);
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_UnlockWrite
+** DESCRIPTION:
+**  Release a Write lock. Unlocking an unlocked lock has undefined results.
+** INPUTS:      NSSRWLock *lock - Lock to unlocked.
+** OUTPUTS:     void
+** RETURN:      void
+***********************************************************************/
+extern void NSSRWLock_UnlockWrite(NSSRWLock *lock);
+
+/***********************************************************************
+** FUNCTION:    NSSRWLock_HaveWriteLock
+** DESCRIPTION:
+**  Tells caller whether the current thread holds the write lock, or not.
+** INPUTS:      NSSRWLock *lock - Lock to test.
+** OUTPUTS:     void
+** RETURN:      PRBool  PR_TRUE IFF the current thread holds the write lock.
+***********************************************************************/
+
+extern PRBool NSSRWLock_HaveWriteLock(NSSRWLock *rwlock);
+
+/* SEC_END_PROTOS */
+PR_END_EXTERN_C
+
+#endif /* nsrwlock_h___ */
diff --git a/nss/lib/util/nssrwlkt.h b/nss/lib/util/nssrwlkt.h
new file mode 100644
index 0000000..50a4112
--- /dev/null
+++ b/nss/lib/util/nssrwlkt.h
@@ -0,0 +1,19 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nssrwlkt_h___
+#define nssrwlkt_h___
+
+#include "utilrename.h"
+#include "nssilock.h"
+/*
+ * NSSRWLock --
+ *
+ *  The reader writer lock, NSSRWLock, is an opaque object to the clients
+ *  of NSS.  All routines operate on a pointer to this opaque entity.
+ */
+
+typedef struct nssRWLockStr NSSRWLock;
+
+#endif /* nsrwlock_h___ */
diff --git a/nss/lib/util/nssutil.def b/nss/lib/util/nssutil.def
new file mode 100644
index 0000000..1c9fd79
--- /dev/null
+++ b/nss/lib/util/nssutil.def
@@ -0,0 +1,298 @@
+;+#
+;+# This Source Code Form is subject to the terms of the Mozilla Public
+;+# License, v. 2.0. If a copy of the MPL was not distributed with this
+;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;+#
+;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
+;+#   1. For all unix platforms, the string ";-"  means "remove this line"
+;+#   2. For all unix platforms, the string " DATA " will be removed from any
+;+#	line on which it occurs.
+;+#   3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
+;+#      On AIX, lines containing ";+" will be removed.
+;+#   4. For all unix platforms, the string ";;" will thave the ";;" removed.
+;+#   5. For all unix platforms, after the above processing has taken place,
+;+#    all characters after the first ";" on the line will be removed.
+;+#    And for AIX, the first ";" will also be removed.
+;+#  This file is passed directly to windows. Since ';' is a comment, all UNIX
+;+#   directives are hidden behind ";", ";+", and ";-"
+;+NSSUTIL_3.12 {       # NSS Utilities 3.12 release
+;+    global:
+LIBRARY nssutil3	;-
+EXPORTS		;-
+ATOB_AsciiToData_Util;
+ATOB_ConvertAsciiToItem_Util;
+BTOA_ConvertItemToAscii_Util;
+BTOA_DataToAscii_Util;
+CERT_GenTime2FormattedAscii_Util;
+DER_AsciiToTime_Util;
+DER_DecodeTimeChoice_Util;
+DER_Encode_Util;
+DER_EncodeTimeChoice_Util;
+DER_GeneralizedDayToAscii_Util;
+DER_GeneralizedTimeToTime_Util;
+DER_GetInteger_Util;
+DER_GetUInteger;
+DER_LengthLength;
+DER_Lengths_Util;
+DER_SetUInteger;
+DER_StoreHeader;
+DER_TimeChoiceDayToAscii_Util;
+DER_TimeToGeneralizedTime_Util;
+DER_TimeToGeneralizedTimeArena_Util;
+DER_TimeToUTCTime_Util;
+DER_UTCDayToAscii_Util;
+DER_UTCTimeToAscii_Util;
+DER_UTCTimeToTime_Util;
+NSS_PutEnv_Util;
+NSSBase64_DecodeBuffer_Util;
+NSSBase64_EncodeItem_Util;
+NSSBase64Decoder_Create_Util;
+NSSBase64Decoder_Destroy_Util;
+NSSBase64Decoder_Update_Util;
+NSSBase64Encoder_Create_Util;
+NSSBase64Encoder_Destroy_Util;
+NSSBase64Encoder_Update_Util;
+NSSRWLock_Destroy_Util;
+NSSRWLock_HaveWriteLock_Util;
+NSSRWLock_LockRead_Util;
+NSSRWLock_LockWrite_Util;
+NSSRWLock_New_Util;
+NSSRWLock_UnlockRead_Util;
+NSSRWLock_UnlockWrite_Util;
+PORT_Alloc_Util;
+PORT_ArenaAlloc_Util;
+PORT_ArenaGrow_Util;
+PORT_ArenaMark_Util;
+PORT_ArenaRelease_Util;
+PORT_ArenaStrdup_Util;
+PORT_ArenaUnmark_Util;
+PORT_ArenaZAlloc_Util;
+PORT_Free_Util;
+PORT_FreeArena_Util;
+PORT_GetError_Util;
+PORT_ISO88591_UTF8Conversion;
+PORT_NewArena_Util;
+PORT_Realloc_Util;
+PORT_RegExpCaseSearch;
+PORT_RegExpValid;
+PORT_SetError_Util;
+PORT_SetUCS2_ASCIIConversionFunction_Util;
+PORT_SetUCS2_UTF8ConversionFunction_Util;
+PORT_SetUCS4_UTF8ConversionFunction_Util;
+PORT_Strdup_Util;
+PORT_UCS2_ASCIIConversion_Util;
+PORT_UCS2_UTF8Conversion_Util;
+PORT_UCS4_UTF8Conversion;
+PORT_ZAlloc_Util;
+PORT_ZFree_Util;
+SEC_ASN1Decode_Util;
+SEC_ASN1DecodeInteger_Util;
+SEC_ASN1DecodeItem_Util;
+SEC_ASN1DecoderAbort_Util;
+SEC_ASN1DecoderClearFilterProc_Util;
+SEC_ASN1DecoderClearNotifyProc_Util;
+SEC_ASN1DecoderFinish_Util;
+SEC_ASN1DecoderSetFilterProc_Util;
+SEC_ASN1DecoderSetNotifyProc_Util;
+SEC_ASN1DecoderStart_Util;
+SEC_ASN1DecoderUpdate_Util;
+SEC_ASN1Encode_Util;
+SEC_ASN1EncodeInteger_Util;
+SEC_ASN1EncodeItem_Util;
+SEC_ASN1EncoderAbort_Util;
+SEC_ASN1EncoderClearNotifyProc_Util;
+SEC_ASN1EncoderClearStreaming_Util;
+SEC_ASN1EncoderClearTakeFromBuf_Util;
+SEC_ASN1EncoderFinish_Util;
+SEC_ASN1EncoderSetNotifyProc_Util;
+SEC_ASN1EncoderSetStreaming_Util;
+SEC_ASN1EncoderSetTakeFromBuf_Util;
+SEC_ASN1EncoderStart_Util;
+SEC_ASN1EncoderUpdate_Util;
+SEC_ASN1EncodeUnsignedInteger_Util;
+SEC_ASN1LengthLength_Util;
+SEC_QuickDERDecodeItem_Util;
+SEC_StringToOID;
+SECITEM_AllocItem_Util;
+SECITEM_ArenaDupItem_Util;
+SECITEM_CompareItem_Util;
+SECITEM_CopyItem_Util;
+SECITEM_DupItem_Util;
+SECITEM_FreeItem_Util;
+SECITEM_Hash;
+SECITEM_HashCompare;
+SECITEM_ItemsAreEqual_Util;
+SECITEM_ZfreeItem_Util;
+SECOID_AddEntry_Util;
+SECOID_CompareAlgorithmID_Util;
+SECOID_CopyAlgorithmID_Util;
+SECOID_DestroyAlgorithmID_Util;
+SECOID_FindOID_Util;
+SECOID_FindOIDByMechanism;
+SECOID_FindOIDByTag_Util;
+SECOID_FindOIDTag_Util;
+SECOID_FindOIDTagDescription_Util;
+SECOID_GetAlgorithmTag_Util;
+SECOID_Init;
+SECOID_KnownCertExtenOID;
+SECOID_SetAlgorithmID_Util;
+SECOID_Shutdown;
+SGN_CompareDigestInfo_Util;
+SGN_CopyDigestInfo_Util;
+SGN_CreateDigestInfo_Util;
+SGN_DecodeDigestInfo;
+SGN_DestroyDigestInfo_Util;
+;+#
+;+# Data objects
+;+#
+;+# Don't export these DATA symbols on Windows because they don't work right.
+;+# Use the SEC_ASN1_GET / SEC_ASN1_SUB / SEC_ASN1_XTRN macros to access them.
+;;SEC_AnyTemplate_Util DATA ;
+;;SEC_BitStringTemplate_Util DATA ;
+;;SEC_BMPStringTemplate_Util DATA ;
+;;SEC_BooleanTemplate_Util DATA ;
+;;SEC_EnumeratedTemplate DATA ;
+;;SEC_GeneralizedTimeTemplate_Util DATA ;
+;;SEC_IA5StringTemplate_Util DATA ;
+;;SEC_IntegerTemplate_Util DATA ;
+;;SEC_NullTemplate_Util DATA ;
+;;SEC_ObjectIDTemplate_Util DATA ;
+;;SEC_OctetStringTemplate_Util DATA ;
+;;SEC_PointerToAnyTemplate_Util DATA ;
+;;SEC_PointerToEnumeratedTemplate DATA ;
+;;SEC_PointerToGeneralizedTimeTemplate DATA ;
+;;SEC_PointerToOctetStringTemplate_Util DATA ;
+;;SEC_PrintableStringTemplate DATA ;
+;;SEC_SequenceOfAnyTemplate DATA ;
+;;SEC_SequenceOfObjectIDTemplate DATA ;
+;;SEC_SetOfAnyTemplate_Util DATA ;
+;;SEC_SkipTemplate DATA ;
+;;SEC_T61StringTemplate DATA ;
+;;SEC_UniversalStringTemplate DATA ;
+;;SEC_UTF8StringTemplate_Util DATA ;
+;;SECOID_AlgorithmIDTemplate_Util DATA ;
+;;sgn_DigestInfoTemplate_Util DATA ;
+NSS_Get_SEC_AnyTemplate_Util;
+NSS_Get_SEC_BitStringTemplate_Util;
+NSS_Get_SEC_BMPStringTemplate_Util;
+NSS_Get_SEC_BooleanTemplate_Util;
+NSS_Get_SEC_EnumeratedTemplate;
+NSS_Get_SEC_GeneralizedTimeTemplate_Util;
+NSS_Get_SEC_IA5StringTemplate_Util;
+NSS_Get_SEC_IntegerTemplate_Util;
+NSS_Get_SEC_NullTemplate_Util;
+NSS_Get_SEC_ObjectIDTemplate_Util;
+NSS_Get_SEC_OctetStringTemplate_Util;
+NSS_Get_SEC_PointerToAnyTemplate_Util;
+NSS_Get_SEC_PointerToEnumeratedTemplate;
+NSS_Get_SEC_PointerToGeneralizedTimeTemplate;
+NSS_Get_SEC_PointerToOctetStringTemplate_Util;
+NSS_Get_SEC_PrintableStringTemplate;
+NSS_Get_SEC_SequenceOfAnyTemplate;
+NSS_Get_SEC_SequenceOfObjectIDTemplate;
+NSS_Get_SEC_SetOfAnyTemplate_Util;
+NSS_Get_SEC_SkipTemplate;
+NSS_Get_SEC_T61StringTemplate;
+NSS_Get_SEC_UniversalStringTemplate;
+NSS_Get_SEC_UTF8StringTemplate_Util;
+NSS_Get_SECOID_AlgorithmIDTemplate_Util;
+NSS_Get_sgn_DigestInfoTemplate_Util;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.12.3 {       # NSS Utilities 3.12.3 release
+;+    global:
+NSS_GetAlgorithmPolicy;
+NSS_SetAlgorithmPolicy;
+SECITEM_ReallocItem;
+UTIL_SetForkState;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.12.5 {       # NSS Utilities 3.12.5 release
+;+    global:
+NSS_SecureMemcmp;
+PORT_LoadLibraryFromOrigin;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.12.7 {       # NSS Utilities 3.12.7 release
+;+    global:
+PORT_RegExpSearch;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.13 {         # NSS Utilities 3.13 release
+;+    global:
+NSSUTIL_GetVersion;
+NSS_InitializePRErrorTable;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.14 {         # NSS Utilities 3.14 release
+;+    global:
+;+# private exports for softoken
+_NSSUTIL_GetSecmodName;
+_NSSUTIL_EvaluateConfigDir;
+;+# public exports
+NSSUTIL_ArgDecodeNumber;
+NSSUTIL_ArgFetchValue;
+NSSUTIL_ArgGetParamValue;
+NSSUTIL_ArgGetLabel;
+NSSUTIL_ArgHasFlag;
+NSSUTIL_ArgIsBlank;
+NSSUTIL_ArgParseCipherFlags;
+NSSUTIL_ArgParseModuleSpec;
+NSSUTIL_ArgParseSlotFlags;
+NSSUTIL_ArgParseSlotInfo;
+NSSUTIL_ArgReadLong;
+NSSUTIL_ArgSkipParameter;
+NSSUTIL_ArgStrip;
+NSSUTIL_DoModuleDBFunction;
+NSSUTIL_DoubleEscape;
+NSSUTIL_DoubleEscapeSize;
+NSSUTIL_Escape;
+NSSUTIL_EscapeSize;
+NSSUTIL_MkModuleSpec;
+NSSUTIL_MkNSSString;
+NSSUTIL_MkSlotString;
+NSSUTIL_Quote;
+NSSUTIL_QuoteSize;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.15 {         # NSS Utilities 3.15 release
+;+    global:
+SECITEM_AllocArray;
+SECITEM_DupArray;
+SECITEM_FreeArray;
+SECITEM_ReallocItemV2;
+SECITEM_ZfreeArray;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.17.1 {         # NSS Utilities 3.17.1 release
+;+    global:
+_SGN_VerifyPKCS1DigestInfo;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.21 {         # NSS Utilities 3.21 release
+;+    global:
+NSSUTIL_ArgParseModuleSpecEx;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.24 {       # NSS Utilities 3.24 release
+;+    global:
+PORT_InitCheapArena;
+PORT_DestroyCheapArena;
+;+    local:
+;+       *;
+;+};
+;+NSSUTIL_3.25 {         # NSS Utilities 3.25 release
+;+    global:
+SEC_ASN1DecoderSetMaximumElementSize;
+;+    local:
+;+       *;
+;+};
diff --git a/nss/lib/util/nssutil.h b/nss/lib/util/nssutil.h
new file mode 100644
index 0000000..4ae1261
--- /dev/null
+++ b/nss/lib/util/nssutil.h
@@ -0,0 +1,41 @@
+/*
+ * NSS utility functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __nssutil_h_
+#define __nssutil_h_
+
+#ifndef RC_INVOKED
+#include "seccomon.h"
+#endif
+
+/*
+ * NSS utilities's major version, minor version, patch level, build number,
+ * and whether this is a beta release.
+ *
+ * The format of the version string should be
+ *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
+ */
+#define NSSUTIL_VERSION "3.30.1"
+#define NSSUTIL_VMAJOR 3
+#define NSSUTIL_VMINOR 30
+#define NSSUTIL_VPATCH 1
+#define NSSUTIL_VBUILD 0
+#define NSSUTIL_BETA PR_FALSE
+
+SEC_BEGIN_PROTOS
+
+/*
+ * Returns a const string of the UTIL library version.
+ */
+extern const char *NSSUTIL_GetVersion(void);
+
+extern SECStatus
+NSS_InitializePRErrorTable(void);
+
+SEC_END_PROTOS
+
+#endif /* __nssutil_h_ */
diff --git a/nss/lib/util/nssutil.rc b/nss/lib/util/nssutil.rc
new file mode 100644
index 0000000..65d4e68
--- /dev/null
+++ b/nss/lib/util/nssutil.rc
@@ -0,0 +1,68 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nssutil.h"
+#include <winver.h>
+
+#define MY_LIBNAME "nssutil"
+#define MY_FILEDESCRIPTION "NSS Utility Library"
+
+#define STRINGIZE(x) #x
+#define STRINGIZE2(x) STRINGIZE(x)
+#define NSSUTIL_VMAJOR_STR STRINGIZE2(NSSUTIL_VMAJOR)
+
+#ifdef _DEBUG
+#define MY_DEBUG_STR " (debug)"
+#define MY_FILEFLAGS_1 VS_FF_DEBUG
+#else
+#define MY_DEBUG_STR ""
+#define MY_FILEFLAGS_1 0x0L
+#endif
+#if NSSUTIL_BETA
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1|VS_FF_PRERELEASE
+#else
+#define MY_FILEFLAGS_2 MY_FILEFLAGS_1
+#endif
+
+#ifdef WINNT
+#define MY_FILEOS VOS_NT_WINDOWS32
+#else
+#define MY_FILEOS VOS__WINDOWS32
+#endif
+
+#define MY_INTERNAL_NAME MY_LIBNAME NSSUTIL_VMAJOR_STR
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version-information resource
+//
+
+VS_VERSION_INFO VERSIONINFO
+ FILEVERSION NSSUTIL_VMAJOR,NSSUTIL_VMINOR,NSSUTIL_VPATCH,NSSUTIL_VBUILD
+ PRODUCTVERSION NSSUTIL_VMAJOR,NSSUTIL_VMINOR,NSSUTIL_VPATCH,NSSUTIL_VBUILD
+ FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
+ FILEFLAGS MY_FILEFLAGS_2
+ FILEOS MY_FILEOS
+ FILETYPE VFT_DLL
+ FILESUBTYPE 0x0L // not used
+
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904B0" // Lang=US English, CharSet=Unicode
+        BEGIN
+            VALUE "CompanyName", "Mozilla Foundation\0"
+            VALUE "FileDescription", MY_FILEDESCRIPTION MY_DEBUG_STR "\0"
+            VALUE "FileVersion", NSSUTIL_VERSION "\0"
+            VALUE "InternalName", MY_INTERNAL_NAME "\0"
+            VALUE "OriginalFilename", MY_INTERNAL_NAME ".dll\0"
+            VALUE "ProductName", "Network Security Services\0"
+            VALUE "ProductVersion", NSSUTIL_VERSION "\0"
+        END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 1200
+    END
+END
diff --git a/nss/lib/util/oidstring.c b/nss/lib/util/oidstring.c
new file mode 100644
index 0000000..58c8be1
--- /dev/null
+++ b/nss/lib/util/oidstring.c
@@ -0,0 +1,114 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <string.h>
+#include "secitem.h"
+#include "secport.h"
+#include "secerr.h"
+
+/* if to->data is not NULL, and to->len is large enough to hold the result,
+ * then the resultant OID will be copyed into to->data, and to->len will be
+ * changed to show the actual OID length.
+ * Otherwise, memory for the OID will be allocated (from the caller's
+ * PLArenaPool, if pool is non-NULL) and to->data will receive the address
+ * of the allocated data, and to->len will receive the OID length.
+ * The original value of to->data is not freed when a new buffer is allocated.
+ *
+ * The input string may begin with "OID." and this still be ignored.
+ * The length of the input string is given in len.  If len == 0, then
+ * len will be computed as strlen(from), meaning it must be NUL terminated.
+ * It is an error if from == NULL, or if *from == '\0'.
+ */
+
+SECStatus
+SEC_StringToOID(PLArenaPool *pool, SECItem *to, const char *from, PRUint32 len)
+{
+    PRUint32 decimal_numbers = 0;
+    PRUint32 result_bytes = 0;
+    SECStatus rv;
+    PRUint8 result[1024];
+
+    static const PRUint32 max_decimal = (0xffffffff / 10);
+    static const char OIDstring[] = { "OID." };
+
+    if (!from || !to) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    if (!len) {
+        len = PL_strlen(from);
+    }
+    if (len >= 4 && !PL_strncasecmp(from, OIDstring, 4)) {
+        from += 4; /* skip leading "OID." if present */
+        len -= 4;
+    }
+    if (!len) {
+    bad_data:
+        PORT_SetError(SEC_ERROR_BAD_DATA);
+        return SECFailure;
+    }
+    do {
+        PRUint32 decimal = 0;
+        while (len > 0 && isdigit(*from)) {
+            PRUint32 addend = (*from++ - '0');
+            --len;
+            if (decimal > max_decimal) /* overflow */
+                goto bad_data;
+            decimal = (decimal * 10) + addend;
+            if (decimal < addend) /* overflow */
+                goto bad_data;
+        }
+        if (len != 0 && *from != '.') {
+            goto bad_data;
+        }
+        if (decimal_numbers == 0) {
+            if (decimal > 2)
+                goto bad_data;
+            result[0] = decimal * 40;
+            result_bytes = 1;
+        } else if (decimal_numbers == 1) {
+            if (decimal > 40)
+                goto bad_data;
+            result[0] += decimal;
+        } else {
+            /* encode the decimal number,  */
+            PRUint8 *rp;
+            PRUint32 num_bytes = 0;
+            PRUint32 tmp = decimal;
+            while (tmp) {
+                num_bytes++;
+                tmp >>= 7;
+            }
+            if (!num_bytes)
+                ++num_bytes; /* use one byte for a zero value */
+            if (num_bytes + result_bytes > sizeof result)
+                goto bad_data;
+            tmp = num_bytes;
+            rp = result + result_bytes - 1;
+            rp[tmp] = (PRUint8)(decimal & 0x7f);
+            decimal >>= 7;
+            while (--tmp > 0) {
+                rp[tmp] = (PRUint8)(decimal | 0x80);
+                decimal >>= 7;
+            }
+            result_bytes += num_bytes;
+        }
+        ++decimal_numbers;
+        if (len > 0) { /* skip trailing '.' */
+            ++from;
+            --len;
+        }
+    } while (len > 0);
+    /* now result contains result_bytes of data */
+    if (to->data && to->len >= result_bytes) {
+        PORT_Memcpy(to->data, result, to->len = result_bytes);
+        rv = SECSuccess;
+    } else {
+        SECItem result_item = { siBuffer, NULL, 0 };
+        result_item.data = result;
+        result_item.len = result_bytes;
+        rv = SECITEM_CopyItem(pool, to, &result_item);
+    }
+    return rv;
+}
diff --git a/nss/lib/util/pkcs11.h b/nss/lib/util/pkcs11.h
new file mode 100644
index 0000000..bd98126
--- /dev/null
+++ b/nss/lib/util/pkcs11.h
@@ -0,0 +1,252 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security In.c Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ *
+ * The latest version of this header can be found at:
+ *    http://www.rsalabs.com/pkcs/pkcs-11/index.html
+ */
+#ifndef _PKCS11_H_
+#define _PKCS11_H_ 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Before including this file (pkcs11.h) (or pkcs11t.h by
+ * itself), 6 platform-specific macros must be defined.  These
+ * macros are described below, and typical definitions for them
+ * are also given.  Be advised that these definitions can depend
+ * on both the platform and the compiler used (and possibly also
+ * on whether a PKCS #11 library is linked statically or
+ * dynamically).
+ *
+ * In addition to defining these 6 macros, the packing convention
+ * for PKCS #11 structures should be set.  The PKCS #11
+ * convention on packing is that structures should be 1-byte
+ * aligned.
+ *
+ * In a Win32 environment, this might be done by using the
+ * following preprocessor directive before including pkcs11.h
+ * or pkcs11t.h:
+ *
+ * #pragma pack(push, cryptoki, 1)
+ *
+ * and using the following preprocessor directive after including
+ * pkcs11.h or pkcs11t.h:
+ *
+ * #pragma pack(pop, cryptoki)
+ *
+ * In a UNIX environment, you're on your own here.  You might
+ * not need to do anything.
+ *
+ *
+ * Now for the macros:
+ *
+ *
+ * 1. CK_PTR: The indirection string for making a pointer to an
+ * object.  It can be used like this:
+ *
+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
+ *
+ * In a Win32 environment, it might be defined by
+ *
+ * #define CK_PTR *
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_PTR *
+ *
+ *
+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
+ * an exportable PKCS #11 library function definition out of a
+ * return type and a function name.  It should be used in the
+ * following fashion to define the exposed PKCS #11 functions in
+ * a PKCS #11 library:
+ *
+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
+ *   CK_VOID_PTR pReserved
+ * )
+ * {
+ *   ...
+ * }
+ *
+ * For defining a function in a Win32 PKCS #11 .dll, it might be
+ * defined by
+ *
+ * #define CK_DEFINE_FUNCTION(returnType, name) \
+ *   returnType __declspec(dllexport) name
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_DEFINE_FUNCTION(returnType, name) \
+ *   returnType name
+ *
+ *
+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
+ * an importable PKCS #11 library function declaration out of a
+ * return type and a function name.  It should be used in the
+ * following fashion:
+ *
+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
+ *   CK_VOID_PTR pReserved
+ * );
+ *
+ * For declaring a function in a Win32 PKCS #11 .dll, it might
+ * be defined by
+ *
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
+ *   returnType __declspec(dllimport) name
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
+ *   returnType name
+ *
+ *
+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
+ * which makes a PKCS #11 API function pointer declaration or
+ * function pointer type declaration out of a return type and a
+ * function name.  It should be used in the following fashion:
+ *
+ * // Define funcPtr to be a pointer to a PKCS #11 API function
+ * // taking arguments args and returning CK_RV.
+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
+ *
+ * or
+ *
+ * // Define funcPtrType to be the type of a pointer to a
+ * // PKCS #11 API function taking arguments args and returning
+ * // CK_RV, and then define funcPtr to be a variable of type
+ * // funcPtrType.
+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
+ * funcPtrType funcPtr;
+ *
+ * For accessing functions in a Win32 PKCS #11 .dll, in might be
+ * defined by
+ *
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+ *   returnType __declspec(dllimport) (* name)
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+ *   returnType (* name)
+ *
+ *
+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
+ * a function pointer type for an application callback out of
+ * a return type for the callback and a name for the callback.
+ * It should be used in the following fashion:
+ *
+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
+ *
+ * to declare a function pointer, myCallback, to a callback
+ * which takes arguments args and returns a CK_RV.  It can also
+ * be used like this:
+ *
+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
+ * myCallbackType myCallback;
+ *
+ * In a Win32 environment, it might be defined by
+ *
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
+ *   returnType (* name)
+ *
+ * In a UNIX environment, it might be defined by
+ *
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
+ *   returnType (* name)
+ *
+ *
+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
+ *
+ * In any ANSI/ISO C environment (and in many others as well),
+ * this should be defined by
+ *
+ * #ifndef NULL_PTR
+ * #define NULL_PTR 0
+ * #endif
+ */
+
+/* All the various PKCS #11 types and #define'd values are in the
+ * file pkcs11t.h. */
+#include "pkcs11t.h"
+
+#define __PASTE(x, y) x##y
+
+/* packing defines */
+#include "pkcs11p.h"
+/* ==============================================================
+ * Define the "extern" form of all the entry points.
+ * ==============================================================
+ */
+
+#define CK_NEED_ARG_LIST 1
+#define CK_PKCS11_FUNCTION_INFO(name) \
+    CK_DECLARE_FUNCTION(CK_RV, name)
+
+/* pkcs11f.h has all the information about the PKCS #11
+ * function prototypes. */
+#include "pkcs11f.h"
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+/* ==============================================================
+ * Define the typedef form of all the entry points.  That is, for
+ * each PKCS #11 function C_XXX, define a type CK_C_XXX which is
+ * a pointer to that kind of function.
+ * ==============================================================
+ */
+
+#define CK_NEED_ARG_LIST 1
+#define CK_PKCS11_FUNCTION_INFO(name) \
+    typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_, name))
+
+/* pkcs11f.h has all the information about the PKCS #11
+ * function prototypes. */
+#include "pkcs11f.h"
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+/* ==============================================================
+ * Define structed vector of entry points.  A CK_FUNCTION_LIST
+ * contains a CK_VERSION indicating a library's PKCS #11 version
+ * and then a whole slew of function pointers to the routines in
+ * the library.  This type was declared, but not defined, in
+ * pkcs11t.h.
+ * ==============================================================
+ */
+
+#define CK_PKCS11_FUNCTION_INFO(name) \
+    __PASTE(CK_, name)                \
+    name;
+
+struct CK_FUNCTION_LIST {
+
+    CK_VERSION version; /* PKCS #11 version */
+
+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
+/* pkcs11f.h has all the information about the PKCS #11
+ * function prototypes. */
+#include "pkcs11f.h"
+};
+
+#undef CK_PKCS11_FUNCTION_INFO
+
+#undef __PASTE
+
+/* unpack */
+#include "pkcs11u.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/nss/lib/util/pkcs11f.h b/nss/lib/util/pkcs11f.h
new file mode 100644
index 0000000..e79e125
--- /dev/null
+++ b/nss/lib/util/pkcs11f.h
@@ -0,0 +1,812 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security In.c Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ */
+/* This function contains pretty much everything about all the */
+/* PKCS #11  function prototypes.  Because this information is */
+/* used for more than just declaring function prototypes, the */
+/* order of the functions appearing herein is important, and */
+/* should not be altered. */
+
+/* General-purpose */
+
+/* C_Initialize initializes the PKCS #11 library. */
+CK_PKCS11_FUNCTION_INFO(C_Initialize)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
+                           * cast to CK_C_INITIALIZE_ARGS_PTR
+                           * and dereferenced */
+    );
+#endif
+
+/* C_Finalize indicates that an application is done with the
+ * PKCS #11 library. */
+CK_PKCS11_FUNCTION_INFO(C_Finalize)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_VOID_PTR pReserved /* reserved.  Should be NULL_PTR */
+    );
+#endif
+
+/* C_GetInfo returns general information about PKCS #11. */
+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_INFO_PTR pInfo /* location that receives information */
+    );
+#endif
+
+/* C_GetFunctionList returns the function list. */
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
+                                             * function list */
+    );
+#endif
+
+/* Slot and token management */
+
+/* C_GetSlotList obtains a list of slots in the system. */
+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_BBOOL tokenPresent,    /* only slots with tokens? */
+    CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
+    CK_ULONG_PTR pulCount     /* receives number of slots */
+    );
+#endif
+
+/* C_GetSlotInfo obtains information about a particular slot in
+ * the system. */
+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SLOT_ID slotID,     /* the ID of the slot */
+    CK_SLOT_INFO_PTR pInfo /* receives the slot information */
+    );
+#endif
+
+/* C_GetTokenInfo obtains information about a particular token
+ * in the system. */
+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SLOT_ID slotID,      /* ID of the token's slot */
+    CK_TOKEN_INFO_PTR pInfo /* receives the token information */
+    );
+#endif
+
+/* C_GetMechanismList obtains a list of mechanism types
+ * supported by a token. */
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SLOT_ID slotID,                    /* ID of token's slot */
+    CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
+    CK_ULONG_PTR pulCount                 /* gets # of mechs. */
+    );
+#endif
+
+/* C_GetMechanismInfo obtains information about a particular
+ * mechanism possibly supported by a token. */
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SLOT_ID slotID,          /* ID of the token's slot */
+    CK_MECHANISM_TYPE type,     /* type of mechanism */
+    CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
+    );
+#endif
+
+/* C_InitToken initializes a token. */
+CK_PKCS11_FUNCTION_INFO(C_InitToken)
+#ifdef CK_NEED_ARG_LIST
+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
+(
+    CK_SLOT_ID slotID,     /* ID of the token's slot */
+    CK_UTF8CHAR_PTR pPin,  /* the SO's initial PIN */
+    CK_ULONG ulPinLen,     /* length in bytes of the PIN */
+    CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
+    );
+#endif
+
+/* C_InitPIN initializes the normal user's PIN. */
+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_UTF8CHAR_PTR pPin,       /* the normal user's PIN */
+    CK_ULONG ulPinLen           /* length in bytes of the PIN */
+    );
+#endif
+
+/* C_SetPIN modifies the PIN of the user who is logged in. */
+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_UTF8CHAR_PTR pOldPin,    /* the old PIN */
+    CK_ULONG ulOldLen,          /* length of the old PIN */
+    CK_UTF8CHAR_PTR pNewPin,    /* the new PIN */
+    CK_ULONG ulNewLen           /* length of the new PIN */
+    );
+#endif
+
+/* Session management */
+
+/* C_OpenSession opens a session between an application and a
+ * token. */
+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SLOT_ID slotID,              /* the slot's ID */
+    CK_FLAGS flags,                 /* from CK_SESSION_INFO */
+    CK_VOID_PTR pApplication,       /* passed to callback */
+    CK_NOTIFY Notify,               /* callback function */
+    CK_SESSION_HANDLE_PTR phSession /* gets session handle */
+    );
+#endif
+
+/* C_CloseSession closes a session between an application and a
+ * token. */
+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession /* the session's handle */
+    );
+#endif
+
+/* C_CloseAllSessions closes all sessions with a token. */
+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SLOT_ID slotID /* the token's slot */
+    );
+#endif
+
+/* C_GetSessionInfo obtains information about the session. */
+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_SESSION_INFO_PTR pInfo   /* receives session info */
+    );
+#endif
+
+/* C_GetOperationState obtains the state of the cryptographic operation
+ * in a session. */
+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,       /* session's handle */
+    CK_BYTE_PTR pOperationState,      /* gets state */
+    CK_ULONG_PTR pulOperationStateLen /* gets state length */
+    );
+#endif
+
+/* C_SetOperationState restores the state of the cryptographic
+ * operation in a session. */
+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,         /* session's handle */
+    CK_BYTE_PTR pOperationState,        /* holds state */
+    CK_ULONG ulOperationStateLen,       /* holds state length */
+    CK_OBJECT_HANDLE hEncryptionKey,    /* en/decryption key */
+    CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
+    );
+#endif
+
+/* C_Login logs a user into a token. */
+CK_PKCS11_FUNCTION_INFO(C_Login)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_USER_TYPE userType,      /* the user type */
+    CK_UTF8CHAR_PTR pPin,       /* the user's PIN */
+    CK_ULONG ulPinLen           /* the length of the PIN */
+    );
+#endif
+
+/* C_Logout logs a user out from a token. */
+CK_PKCS11_FUNCTION_INFO(C_Logout)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession /* the session's handle */
+    );
+#endif
+
+/* Object management */
+
+/* C_CreateObject creates a new object. */
+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,   /* the session's handle */
+    CK_ATTRIBUTE_PTR pTemplate,   /* the object's template */
+    CK_ULONG ulCount,             /* attributes in template */
+    CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
+    );
+#endif
+
+/* C_CopyObject copies an object, creating a new object for the
+ * copy. */
+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,      /* the session's handle */
+    CK_OBJECT_HANDLE hObject,        /* the object's handle */
+    CK_ATTRIBUTE_PTR pTemplate,      /* template for new object */
+    CK_ULONG ulCount,                /* attributes in template */
+    CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
+    );
+#endif
+
+/* C_DestroyObject destroys an object. */
+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_OBJECT_HANDLE hObject    /* the object's handle */
+    );
+#endif
+
+/* C_GetObjectSize gets the size of an object in bytes. */
+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_OBJECT_HANDLE hObject,   /* the object's handle */
+    CK_ULONG_PTR pulSize        /* receives size of object */
+    );
+#endif
+
+/* C_GetAttributeValue obtains the value of one or more object
+ * attributes. */
+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_OBJECT_HANDLE hObject,   /* the object's handle */
+    CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
+    CK_ULONG ulCount            /* attributes in template */
+    );
+#endif
+
+/* C_SetAttributeValue modifies the value of one or more object
+ * attributes */
+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_OBJECT_HANDLE hObject,   /* the object's handle */
+    CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
+    CK_ULONG ulCount            /* attributes in template */
+    );
+#endif
+
+/* C_FindObjectsInit initializes a search for token and session
+ * objects that match a template. */
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
+    CK_ULONG ulCount            /* attrs in search template */
+    );
+#endif
+
+/* C_FindObjects continues a search for token and session
+ * objects that match a template, obtaining additional object
+ * handles. */
+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,    /* session's handle */
+    CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
+    CK_ULONG ulMaxObjectCount,     /* max handles to get */
+    CK_ULONG_PTR pulObjectCount    /* actual # returned */
+    );
+#endif
+
+/* C_FindObjectsFinal finishes a search for token and session
+ * objects. */
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession /* the session's handle */
+    );
+#endif
+
+/* Encryption and decryption */
+
+/* C_EncryptInit initializes an encryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
+    CK_OBJECT_HANDLE hKey        /* handle of encryption key */
+    );
+#endif
+
+/* C_Encrypt encrypts single-part data. */
+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,      /* session's handle */
+    CK_BYTE_PTR pData,               /* the plaintext data */
+    CK_ULONG ulDataLen,              /* bytes of plaintext */
+    CK_BYTE_PTR pEncryptedData,      /* gets ciphertext */
+    CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
+    );
+#endif
+
+/* C_EncryptUpdate continues a multiple-part encryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,      /* session's handle */
+    CK_BYTE_PTR pPart,               /* the plaintext data */
+    CK_ULONG ulPartLen,              /* plaintext data len */
+    CK_BYTE_PTR pEncryptedPart,      /* gets ciphertext */
+    CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
+    );
+#endif
+
+/* C_EncryptFinal finishes a multiple-part encryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,          /* session handle */
+    CK_BYTE_PTR pLastEncryptedPart,      /* last c-text */
+    CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
+    );
+#endif
+
+/* C_DecryptInit initializes a decryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
+    CK_OBJECT_HANDLE hKey        /* handle of decryption key */
+    );
+#endif
+
+/* C_Decrypt decrypts encrypted data in a single part. */
+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* session's handle */
+    CK_BYTE_PTR pEncryptedData,  /* ciphertext */
+    CK_ULONG ulEncryptedDataLen, /* ciphertext length */
+    CK_BYTE_PTR pData,           /* gets plaintext */
+    CK_ULONG_PTR pulDataLen      /* gets p-text size */
+    );
+#endif
+
+/* C_DecryptUpdate continues a multiple-part decryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* session's handle */
+    CK_BYTE_PTR pEncryptedPart,  /* encrypted data */
+    CK_ULONG ulEncryptedPartLen, /* input length */
+    CK_BYTE_PTR pPart,           /* gets plaintext */
+    CK_ULONG_PTR pulPartLen      /* p-text size */
+    );
+#endif
+
+/* C_DecryptFinal finishes a multiple-part decryption
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pLastPart,      /* gets plaintext */
+    CK_ULONG_PTR pulLastPartLen /* p-text size */
+    );
+#endif
+
+/* Message digesting */
+
+/* C_DigestInit initializes a message-digesting operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
+    );
+#endif
+
+/* C_Digest digests data in a single part. */
+CK_PKCS11_FUNCTION_INFO(C_Digest)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pData,          /* data to be digested */
+    CK_ULONG ulDataLen,         /* bytes of data to digest */
+    CK_BYTE_PTR pDigest,        /* gets the message digest */
+    CK_ULONG_PTR pulDigestLen   /* gets digest length */
+    );
+#endif
+
+/* C_DigestUpdate continues a multiple-part message-digesting
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pPart,          /* data to be digested */
+    CK_ULONG ulPartLen          /* bytes of data to be digested */
+    );
+#endif
+
+/* C_DigestKey continues a multi-part message-digesting
+ * operation, by digesting the value of a secret key as part of
+ * the data already digested. */
+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_OBJECT_HANDLE hKey       /* secret key to digest */
+    );
+#endif
+
+/* C_DigestFinal finishes a multiple-part message-digesting
+ * operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pDigest,        /* gets the message digest */
+    CK_ULONG_PTR pulDigestLen   /* gets byte count of digest */
+    );
+#endif
+
+/* Signing and MACing */
+
+/* C_SignInit initializes a signature (private key encryption)
+ * operation, where the signature is (will be) an appendix to
+ * the data, and plaintext cannot be recovered from the
+ *signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
+    CK_OBJECT_HANDLE hKey        /* handle of signature key */
+    );
+#endif
+
+/* C_Sign signs (encrypts with private key) data in a single
+ * part, where the signature is (will be) an appendix to the
+ * data, and plaintext cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_Sign)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_BYTE_PTR pData,           /* the data to sign */
+    CK_ULONG ulDataLen,          /* count of bytes to sign */
+    CK_BYTE_PTR pSignature,      /* gets the signature */
+    CK_ULONG_PTR pulSignatureLen /* gets signature length */
+    );
+#endif
+
+/* C_SignUpdate continues a multiple-part signature operation,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pPart,          /* the data to sign */
+    CK_ULONG ulPartLen          /* count of bytes to sign */
+    );
+#endif
+
+/* C_SignFinal finishes a multiple-part signature operation,
+ * returning the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_BYTE_PTR pSignature,      /* gets the signature */
+    CK_ULONG_PTR pulSignatureLen /* gets signature length */
+    );
+#endif
+
+/* C_SignRecoverInit initializes a signature operation, where
+ * the data can be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
+    CK_OBJECT_HANDLE hKey        /* handle of the signature key */
+    );
+#endif
+
+/* C_SignRecover signs data in a single operation, where the
+ * data can be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_BYTE_PTR pData,           /* the data to sign */
+    CK_ULONG ulDataLen,          /* count of bytes to sign */
+    CK_BYTE_PTR pSignature,      /* gets the signature */
+    CK_ULONG_PTR pulSignatureLen /* gets signature length */
+    );
+#endif
+
+/* Verifying signatures and MACs */
+
+/* C_VerifyInit initializes a verification operation, where the
+ * signature is an appendix to the data, and plaintext cannot
+ *  cannot be recovered from the signature (e.g. DSA). */
+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
+    CK_OBJECT_HANDLE hKey        /* verification key */
+    );
+#endif
+
+/* C_Verify verifies a signature in a single-part operation,
+ * where the signature is an appendix to the data, and plaintext
+ * cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_Verify)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pData,          /* signed data */
+    CK_ULONG ulDataLen,         /* length of signed data */
+    CK_BYTE_PTR pSignature,     /* signature */
+    CK_ULONG ulSignatureLen     /* signature length*/
+    );
+#endif
+
+/* C_VerifyUpdate continues a multiple-part verification
+ * operation, where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pPart,          /* signed data */
+    CK_ULONG ulPartLen          /* length of signed data */
+    );
+#endif
+
+/* C_VerifyFinal finishes a multiple-part verification
+ * operation, checking the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pSignature,     /* signature to verify */
+    CK_ULONG ulSignatureLen     /* signature length */
+    );
+#endif
+
+/* C_VerifyRecoverInit initializes a signature verification
+ * operation, where the data is recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
+    CK_OBJECT_HANDLE hKey        /* verification key */
+    );
+#endif
+
+/* C_VerifyRecover verifies a signature in a single-part
+ * operation, where the data is recovered from the signature. */
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pSignature,     /* signature to verify */
+    CK_ULONG ulSignatureLen,    /* signature length */
+    CK_BYTE_PTR pData,          /* gets signed data */
+    CK_ULONG_PTR pulDataLen     /* gets signed data len */
+    );
+#endif
+
+/* Dual-function cryptographic operations */
+
+/* C_DigestEncryptUpdate continues a multiple-part digesting
+ * and encryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,      /* session's handle */
+    CK_BYTE_PTR pPart,               /* the plaintext data */
+    CK_ULONG ulPartLen,              /* plaintext length */
+    CK_BYTE_PTR pEncryptedPart,      /* gets ciphertext */
+    CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
+    );
+#endif
+
+/* C_DecryptDigestUpdate continues a multiple-part decryption and
+ * digesting operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* session's handle */
+    CK_BYTE_PTR pEncryptedPart,  /* ciphertext */
+    CK_ULONG ulEncryptedPartLen, /* ciphertext length */
+    CK_BYTE_PTR pPart,           /* gets plaintext */
+    CK_ULONG_PTR pulPartLen      /* gets plaintext len */
+    );
+#endif
+
+/* C_SignEncryptUpdate continues a multiple-part signing and
+ * encryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,      /* session's handle */
+    CK_BYTE_PTR pPart,               /* the plaintext data */
+    CK_ULONG ulPartLen,              /* plaintext length */
+    CK_BYTE_PTR pEncryptedPart,      /* gets ciphertext */
+    CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
+    );
+#endif
+
+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
+ * verify operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* session's handle */
+    CK_BYTE_PTR pEncryptedPart,  /* ciphertext */
+    CK_ULONG ulEncryptedPartLen, /* ciphertext length */
+    CK_BYTE_PTR pPart,           /* gets plaintext */
+    CK_ULONG_PTR pulPartLen      /* gets p-text length */
+    );
+#endif
+
+/* Key management */
+
+/* C_GenerateKey generates a secret key, creating a new key
+ * object. */
+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* the session's handle */
+    CK_MECHANISM_PTR pMechanism, /* key generation mech. */
+    CK_ATTRIBUTE_PTR pTemplate,  /* template for new key */
+    CK_ULONG ulCount,            /* # of attrs in template */
+    CK_OBJECT_HANDLE_PTR phKey   /* gets handle of new key */
+    );
+#endif
+
+/* C_GenerateKeyPair generates a public-key/private-key pair,
+ * creating new key objects. */
+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,           /* session handle */
+    CK_MECHANISM_PTR pMechanism,          /* key-gen mech. */
+    CK_ATTRIBUTE_PTR pPublicKeyTemplate,  /* template for pub. key */
+    CK_ULONG ulPublicKeyAttributeCount,   /* # pub. attrs. */
+    CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */
+    CK_ULONG ulPrivateKeyAttributeCount,  /* # priv. attrs. */
+    CK_OBJECT_HANDLE_PTR phPublicKey,     /* gets pub. key handle */
+    CK_OBJECT_HANDLE_PTR phPrivateKey     /* gets priv. key handle */
+    );
+#endif
+
+/* C_WrapKey wraps (i.e., encrypts) a key. */
+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,    /* the session's handle */
+    CK_MECHANISM_PTR pMechanism,   /* the wrapping mechanism */
+    CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
+    CK_OBJECT_HANDLE hKey,         /* key to be wrapped */
+    CK_BYTE_PTR pWrappedKey,       /* gets wrapped key */
+    CK_ULONG_PTR pulWrappedKeyLen  /* gets wrapped key size */
+    );
+#endif
+
+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
+ * key object. */
+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,      /* session's handle */
+    CK_MECHANISM_PTR pMechanism,     /* unwrapping mech. */
+    CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
+    CK_BYTE_PTR pWrappedKey,         /* the wrapped key */
+    CK_ULONG ulWrappedKeyLen,        /* wrapped key len */
+    CK_ATTRIBUTE_PTR pTemplate,      /* new key template */
+    CK_ULONG ulAttributeCount,       /* template length */
+    CK_OBJECT_HANDLE_PTR phKey       /* gets new handle */
+    );
+#endif
+
+/* C_DeriveKey derives a key from a base key, creating a new key
+ * object. */
+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession,  /* session's handle */
+    CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
+    CK_OBJECT_HANDLE hBaseKey,   /* base key */
+    CK_ATTRIBUTE_PTR pTemplate,  /* new key template */
+    CK_ULONG ulAttributeCount,   /* template length */
+    CK_OBJECT_HANDLE_PTR phKey   /* gets new handle */
+    );
+#endif
+
+/* Random number generation */
+
+/* C_SeedRandom mixes additional seed material into the token's
+ * random number generator. */
+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR pSeed,          /* the seed material */
+    CK_ULONG ulSeedLen          /* length of seed material */
+    );
+#endif
+
+/* C_GenerateRandom generates random data. */
+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_BYTE_PTR RandomData,     /* receives the random data */
+    CK_ULONG ulRandomLen        /* # of bytes to generate */
+    );
+#endif
+
+/* Parallel function management */
+
+/* C_GetFunctionStatus is a legacy function; it obtains an
+ * updated status of a function running in parallel with an
+ * application. */
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession /* the session's handle */
+    );
+#endif
+
+/* C_CancelFunction is a legacy function; it cancels a function
+ * running in parallel. */
+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_SESSION_HANDLE hSession /* the session's handle */
+    );
+#endif
+
+/* Functions added in for PKCS #11 Version 2.01 or later */
+
+/* C_WaitForSlotEvent waits for a slot event (token insertion,
+ * removal, etc.) to occur. */
+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
+#ifdef CK_NEED_ARG_LIST
+(
+    CK_FLAGS flags,       /* blocking/nonblocking flag */
+    CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
+    CK_VOID_PTR pRserved  /* reserved.  Should be NULL_PTR */
+    );
+#endif
diff --git a/nss/lib/util/pkcs11n.h b/nss/lib/util/pkcs11n.h
new file mode 100644
index 0000000..399d656
--- /dev/null
+++ b/nss/lib/util/pkcs11n.h
@@ -0,0 +1,509 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _PKCS11N_H_
+#define _PKCS11N_H_
+
+/*
+ * pkcs11n.h
+ *
+ * This file contains the NSS-specific type definitions for Cryptoki
+ * (PKCS#11).
+ */
+
+/*
+ * NSSCK_VENDOR_NSS
+ *
+ * Cryptoki reserves the high half of all the number spaces for
+ * vendor-defined use.  I'd like to keep all of our NSS-
+ * specific values together, but not in the oh-so-obvious
+ * 0x80000001, 0x80000002, etc. area.  So I've picked an offset,
+ * and constructed values for the beginnings of our spaces.
+ *
+ * Note that some "historical" Netscape values don't fall within
+ * this range.
+ */
+#define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
+
+/*
+ * NSS-defined object classes
+ *
+ */
+#define CKO_NSS (CKO_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
+
+#define CKO_NSS_CRL (CKO_NSS + 1)
+#define CKO_NSS_SMIME (CKO_NSS + 2)
+#define CKO_NSS_TRUST (CKO_NSS + 3)
+#define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4)
+#define CKO_NSS_NEWSLOT (CKO_NSS + 5)
+#define CKO_NSS_DELSLOT (CKO_NSS + 6)
+
+/*
+ * NSS-defined key types
+ *
+ */
+#define CKK_NSS (CKK_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
+
+#define CKK_NSS_PKCS8 (CKK_NSS + 1)
+
+#define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2)
+#define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3)
+
+#define CKK_NSS_CHACHA20 (CKK_NSS + 4)
+
+/*
+ * NSS-defined certificate types
+ *
+ */
+#define CKC_NSS (CKC_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
+
+/* FAKE PKCS #11 defines */
+#define CKA_DIGEST 0x81000000L
+#define CKA_FLAGS_ONLY 0 /* CKA_CLASS */
+
+/*
+ * NSS-defined object attributes
+ *
+ */
+#define CKA_NSS (CKA_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
+
+#define CKA_NSS_URL (CKA_NSS + 1)
+#define CKA_NSS_EMAIL (CKA_NSS + 2)
+#define CKA_NSS_SMIME_INFO (CKA_NSS + 3)
+#define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4)
+#define CKA_NSS_PKCS8_SALT (CKA_NSS + 5)
+#define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6)
+#define CKA_NSS_EXPIRES (CKA_NSS + 7)
+#define CKA_NSS_KRL (CKA_NSS + 8)
+
+#define CKA_NSS_PQG_COUNTER (CKA_NSS + 20)
+#define CKA_NSS_PQG_SEED (CKA_NSS + 21)
+#define CKA_NSS_PQG_H (CKA_NSS + 22)
+#define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23)
+#define CKA_NSS_MODULE_SPEC (CKA_NSS + 24)
+#define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25)
+
+#define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26)
+#define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27)
+#define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28)
+#define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29)
+#define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30)
+#define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31)
+#define CKA_NSS_JPAKE_X2 (CKA_NSS + 32)
+#define CKA_NSS_JPAKE_X2S (CKA_NSS + 33)
+
+#define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34)
+
+/*
+ * Trust attributes:
+ *
+ * If trust goes standard, these probably will too.  So I'll
+ * put them all in one place.
+ */
+
+#define CKA_TRUST (CKA_NSS + 0x2000)
+
+/* "Usage" key information */
+#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
+#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
+#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
+#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
+#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
+#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
+#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
+
+/* "Purpose" trust information */
+#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
+#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
+#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
+#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
+#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
+#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
+#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
+#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
+#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
+
+#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
+#define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
+
+/* NSS trust stuff */
+
+/* HISTORICAL: define used to pass in the database key for DSA private keys */
+#define CKA_NETSCAPE_DB 0xD5A0DB00L
+#define CKA_NETSCAPE_TRUST 0x80000001L
+
+/* FAKE PKCS #11 defines */
+#define CKM_FAKE_RANDOM 0x80000efeUL
+#define CKM_INVALID_MECHANISM 0xffffffffUL
+
+/*
+ * NSS-defined crypto mechanisms
+ *
+ */
+#define CKM_NSS (CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
+
+#define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1)
+#define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
+
+/* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */
+#define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3)
+#define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4)
+#define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5)
+#define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6)
+
+/* J-PAKE round 1 key generation mechanisms.
+ *
+ * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
+ *                               CKA_NSS_JPAKE_SIGNERID
+ * Output key type: CKK_NSS_JPAKE_ROUND1
+ * Output key class: CKO_PRIVATE_KEY
+ * Parameter type: CK_NSS_JPAKERound1Params
+ *
+ */
+#define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7)
+#define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8)
+#define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9)
+#define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10)
+
+/* J-PAKE round 2 key derivation mechanisms.
+ *
+ * Required template attributes: CKA_NSS_JPAKE_PEERID
+ * Input key type:  CKK_NSS_JPAKE_ROUND1
+ * Output key type: CKK_NSS_JPAKE_ROUND2
+ * Output key class: CKO_PRIVATE_KEY
+ * Parameter type: CK_NSS_JPAKERound2Params
+ */
+#define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11)
+#define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12)
+#define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13)
+#define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14)
+
+/* J-PAKE final key material derivation mechanisms
+ *
+ * Input key type:  CKK_NSS_JPAKE_ROUND2
+ * Output key type: CKK_GENERIC_SECRET
+ * Output key class: CKO_SECRET_KEY
+ * Parameter type: CK_NSS_JPAKEFinalParams
+ *
+ * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material
+ * to get a key with uniformly distributed bits.
+ */
+#define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15)
+#define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16)
+#define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17)
+#define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18)
+
+/* Constant-time MAC mechanisms:
+ *
+ * These operations verify a padded, MAC-then-encrypt block of data in
+ * constant-time. Because of the order of operations, the padding bytes are not
+ * protected by the MAC. However, disclosing the value of the padding bytes
+ * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be
+ * as subtle as taking slightly less time to perform the MAC when the padding
+ * is one byte longer. See https://www.isg.rhul.ac.uk/tls/
+ *
+ * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication.
+ * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC.
+ *
+ * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS
+ */
+#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
+#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
+
+/* TLS 1.2 mechanisms */
+#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21)
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22)
+#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23)
+#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
+
+/* TLS extended master secret derivation */
+#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25)
+#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26)
+
+#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27)
+#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28)
+
+/* Additional PKCS #12 PBE algorithms defined in v1.1 */
+#define CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_NSS + 29)
+#define CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_NSS + 30)
+#define CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_NSS + 31)
+#define CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_NSS + 32)
+
+/*
+ * HISTORICAL:
+ * Do not attempt to use these. They are only used by NETSCAPE's internal
+ * PKCS #11 interface. Most of these are place holders for other mechanism
+ * and will change in the future.
+ */
+#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL
+#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL
+#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL
+#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL
+#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL
+#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL
+#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL
+#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL
+#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL
+#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL
+
+#define CKM_TLS_PRF_GENERAL 0x80000373UL
+
+typedef struct CK_NSS_JPAKEPublicValue {
+    CK_BYTE *pGX;
+    CK_ULONG ulGXLen;
+    CK_BYTE *pGV;
+    CK_ULONG ulGVLen;
+    CK_BYTE *pR;
+    CK_ULONG ulRLen;
+} CK_NSS_JPAKEPublicValue;
+
+typedef struct CK_NSS_JPAKERound1Params {
+    CK_NSS_JPAKEPublicValue gx1; /* out */
+    CK_NSS_JPAKEPublicValue gx2; /* out */
+} CK_NSS_JPAKERound1Params;
+
+typedef struct CK_NSS_JPAKERound2Params {
+    CK_BYTE *pSharedKey;         /* in */
+    CK_ULONG ulSharedKeyLen;     /* in */
+    CK_NSS_JPAKEPublicValue gx3; /* in */
+    CK_NSS_JPAKEPublicValue gx4; /* in */
+    CK_NSS_JPAKEPublicValue A;   /* out */
+} CK_NSS_JPAKERound2Params;
+
+typedef struct CK_NSS_JPAKEFinalParams {
+    CK_NSS_JPAKEPublicValue B; /* in */
+} CK_NSS_JPAKEFinalParams;
+
+/* macAlg: the MAC algorithm to use. This determines the hash function used in
+ *     the HMAC/SSLv3 MAC calculations.
+ * ulBodyTotalLen: the total length of the data, including padding bytes and
+ *     padding length.
+ * pHeader: points to a block of data that contains additional data to
+ *     authenticate. For TLS this includes the sequence number etc. For SSLv3,
+ *     this also includes the initial padding bytes.
+ *
+ * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
+ * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
+ * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
+ * unsigned int variable to represent the length in bits. This should not
+ * be a problem because the SSL/TLS protocol limits the size of an SSL
+ * record to something considerably less than 2^32 bytes.
+ */
+typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
+    CK_MECHANISM_TYPE macAlg; /* in */
+    CK_ULONG ulBodyTotalLen;  /* in */
+    CK_BYTE *pHeader;         /* in */
+    CK_ULONG ulHeaderLen;     /* in */
+} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
+
+typedef struct CK_NSS_AEAD_PARAMS {
+    CK_BYTE_PTR pNonce;
+    CK_ULONG ulNonceLen;
+    CK_BYTE_PTR pAAD;
+    CK_ULONG ulAADLen;
+    CK_ULONG ulTagLen;
+} CK_NSS_AEAD_PARAMS;
+
+/*
+ * NSS-defined return values
+ *
+ */
+#define CKR_NSS (CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
+
+#define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1)
+#define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2)
+
+/* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.
+   See RFC 5869.
+
+    bExtract: If set, HKDF-Extract will be applied to the input key. If
+              the optional salt is given, it is used; otherwise, the salt is
+              set to a sequence of zeros equal in length to the HMAC output.
+              If bExpand is not set, then the key template given to
+              C_DeriveKey must indicate an output key size less than or equal
+              to the output size of the HMAC.
+
+    bExpand:  If set, HKDF-Expand will be applied to the input key (if
+              bExtract is not set) or to the result of HKDF-Extract (if
+              bExtract is set). Any info given in the optional pInfo field will
+              be included in the calculation.
+
+    The size of the output key must be specified in the template passed to
+    C_DeriveKey.
+*/
+typedef struct CK_NSS_HKDFParams {
+    CK_BBOOL bExtract;
+    CK_BYTE_PTR pSalt;
+    CK_ULONG ulSaltLen;
+    CK_BBOOL bExpand;
+    CK_BYTE_PTR pInfo;
+    CK_ULONG ulInfoLen;
+} CK_NSS_HKDFParams;
+
+/*
+ * Parameter for the TLS extended master secret key derivation mechanisms:
+ *
+ *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
+ *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
+ *
+ * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash
+ * function used. For earlier versions of the PRF, set the prfHashMechanism
+ * value to CKM_TLS_PRF.
+ *
+ * The session hash input is expected to be the output of the same hash
+ * function as the PRF uses (as required by draft-ietf-tls-session-hash).  So
+ * the ulSessionHashLen member must be equal the output length of the hash
+ * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF,
+ * the length of concatenated MD5 and SHA-1 digests).
+ *
+ */
+typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
+    CK_MECHANISM_TYPE prfHashMechanism;
+    CK_BYTE_PTR pSessionHash;
+    CK_ULONG ulSessionHashLen;
+    CK_VERSION_PTR pVersion;
+} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
+
+/*
+ * Trust info
+ *
+ * This isn't part of the Cryptoki standard (yet), so I'm putting
+ * all the definitions here.  Some of this would move to nssckt.h
+ * if trust info were made part of the standard.  In view of this
+ * possibility, I'm putting my (NSS) values in the NSS
+ * vendor space, like everything else.
+ */
+
+typedef CK_ULONG CK_TRUST;
+
+/* The following trust types are defined: */
+#define CKT_VENDOR_DEFINED 0x80000000
+
+#define CKT_NSS (CKT_VENDOR_DEFINED | NSSCK_VENDOR_NSS)
+
+/* If trust goes standard, these'll probably drop out of vendor space. */
+#define CKT_NSS_TRUSTED (CKT_NSS + 1)
+#define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2)
+#define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3)
+#define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10)
+#define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */
+
+/*
+ * These may well remain NSS-specific; I'm only using them
+ * to cache resolution data.
+ */
+#define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11)
+
+/*
+ * old definitions. They still exist, but the plain meaning of the
+ * labels have never been accurate to what was really implemented.
+ * The new labels correctly reflect what the values effectively mean.
+ */
+#if defined(__GNUC__) && (__GNUC__ > 3)
+/* make GCC warn when we use these #defines */
+/*
+ *  This is really painful because GCC doesn't allow us to mark random
+ *  #defines as deprecated. We can only mark the following:
+ *      functions, variables, and types.
+ *  const variables will create extra storage for everyone including this
+ *       header file, so it's undesirable.
+ *  functions could be inlined to prevent storage creation, but will fail
+ *       when constant values are expected (like switch statements).
+ *  enum types do not seem to pay attention to the deprecated attribute.
+ *
+ *  That leaves typedefs. We declare new types that we then deprecate, then
+ *  cast the resulting value to the deprecated type in the #define, thus
+ *  producting the warning when the #define is used.
+ */
+#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
+/* The mac doesn't like the friendlier deprecate messages. I'm assuming this
+ * is a gcc version issue rather than mac or ppc specific */
+typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
+typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated));
+typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated));
+#else
+/* when possible, get a full deprecation warning. This works on gcc 4.5
+ * it may work on earlier versions of gcc */
+typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST")));
+typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED")));
+typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN")));
+#endif
+#define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST)
+#define CKT_NSS_VALID ((__CKT_NSS_VALID)CKT_NSS_NOT_TRUSTED)
+/* keep the old value for compatibility reasons*/
+#define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS + 4))
+#else
+#ifdef _WIN32
+/* This magic gets the windows compiler to give us a deprecation
+ * warning */
+#pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID)
+#endif
+/* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */
+#define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST
+/* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */
+#define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED
+/* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */
+#define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /*really means trust unknown*/
+#endif
+
+/* don't leave old programs in a lurch just yet, give them the old NETSCAPE
+ * synonym */
+#define CKO_NETSCAPE_CRL CKO_NSS_CRL
+#define CKO_NETSCAPE_SMIME CKO_NSS_SMIME
+#define CKO_NETSCAPE_TRUST CKO_NSS_TRUST
+#define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST
+#define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT
+#define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT
+#define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8
+#define CKA_NETSCAPE_URL CKA_NSS_URL
+#define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL
+#define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO
+#define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP
+#define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT
+#define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK
+#define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES
+#define CKA_NETSCAPE_KRL CKA_NSS_KRL
+#define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER
+#define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED
+#define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H
+#define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS
+#define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC
+#define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP
+#define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD
+#define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED
+#define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED
+
+#define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED
+#define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR
+#define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED
+#define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY
+#define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN
+#define CKT_NETSCAPE_VALID CKT_NSS_VALID
+#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
+
+/*
+ * These are not really PKCS #11 values specifically. They are the 'loadable'
+ * module spec NSS uses. The are available for others to use as well, but not
+ * part of the formal PKCS #11 spec.
+ *
+ * The function 'FIND' returns an array of PKCS #11 initialization strings
+ * The function 'ADD' takes a PKCS #11 initialization string and stores it.
+ * The function 'DEL' takes a 'name= library=' value and deletes the associated
+ *  string.
+ * The function 'RELEASE' frees the array returned by 'FIND'
+ */
+#define SECMOD_MODULE_DB_FUNCTION_FIND 0
+#define SECMOD_MODULE_DB_FUNCTION_ADD 1
+#define SECMOD_MODULE_DB_FUNCTION_DEL 2
+#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
+typedef char **(PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
+                                                 char *parameters, void *moduleSpec);
+
+/* softoken slot ID's */
+#define SFTK_MIN_USER_SLOT_ID 4
+#define SFTK_MAX_USER_SLOT_ID 100
+#define SFTK_MIN_FIPS_USER_SLOT_ID 101
+#define SFTK_MAX_FIPS_USER_SLOT_ID 127
+
+#endif /* _PKCS11N_H_ */
diff --git a/nss/lib/util/pkcs11p.h b/nss/lib/util/pkcs11p.h
new file mode 100644
index 0000000..2e904ee
--- /dev/null
+++ b/nss/lib/util/pkcs11p.h
@@ -0,0 +1,21 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security Inc. Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ */
+/* these data types are platform/implementation dependent. */
+/*
+ * Packing was removed from the shipped RSA header files, even
+ * though it's still needed. put in a central file to help merging..
+ */
+
+#if defined(_WIN32)
+#ifdef _MSC_VER
+#pragma warning(disable : 4103)
+#endif
+#pragma pack(push, cryptoki, 1)
+#endif
diff --git a/nss/lib/util/pkcs11t.h b/nss/lib/util/pkcs11t.h
new file mode 100644
index 0000000..c945f31
--- /dev/null
+++ b/nss/lib/util/pkcs11t.h
@@ -0,0 +1,1800 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* License to copy and use this software is granted provided that it is
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+ * (Cryptoki)" in all material mentioning or referencing this software.
+
+ * License is also granted to make and use derivative works provided that
+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+ * referencing the derived work.
+
+ * RSA Security Inc. makes no representations concerning either the
+ * merchantability of this software or the suitability of this software for
+ * any particular purpose. It is provided "as is" without express or implied
+ * warranty of any kind.
+ */
+
+#ifndef _PKCS11T_H_
+#define _PKCS11T_H_ 1
+
+#define CK_TRUE 1
+#define CK_FALSE 0
+
+#include "prtypes.h"
+
+#define CK_PTR *
+#define CK_NULL_PTR 0
+#define CK_CALLBACK_FUNCTION(rtype, func) rtype(PR_CALLBACK *func)
+#define CK_DECLARE_FUNCTION(rtype, func) extern rtype func
+#define CK_DECLARE_FUNCTION_POINTER(rtype, func) rtype(PR_CALLBACK *func)
+
+#define CK_INVALID_SESSION 0
+
+/* an unsigned 8-bit value */
+typedef unsigned char CK_BYTE;
+
+/* an unsigned 8-bit character */
+typedef CK_BYTE CK_CHAR;
+
+/* an 8-bit UTF-8 character */
+typedef CK_BYTE CK_UTF8CHAR;
+
+/* a BYTE-sized Boolean flag */
+typedef CK_BYTE CK_BBOOL;
+
+/* an unsigned value, at least 32 bits long */
+typedef unsigned long int CK_ULONG;
+
+/* a signed value, the same size as a CK_ULONG */
+/* CK_LONG is new for v2.0 */
+typedef long int CK_LONG;
+
+/* at least 32 bits; each bit is a Boolean flag */
+typedef CK_ULONG CK_FLAGS;
+
+/* some special values for certain CK_ULONG variables */
+#define CK_UNAVAILABLE_INFORMATION (~0UL)
+#define CK_EFFECTIVELY_INFINITE 0
+
+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
+typedef void CK_PTR CK_VOID_PTR;
+
+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
+
+/* The following value is always invalid if used as a session */
+/* handle or object handle */
+#define CK_INVALID_HANDLE 0
+
+/* pack */
+#include "pkcs11p.h"
+
+typedef struct CK_VERSION {
+    CK_BYTE major; /* integer portion of version number */
+    CK_BYTE minor; /* 1/100ths portion of version number */
+} CK_VERSION;
+
+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
+
+typedef struct CK_INFO {
+    /* manufacturerID and libraryDecription have been changed from
+   * CK_CHAR to CK_UTF8CHAR for v2.10 */
+    CK_VERSION cryptokiVersion;     /* PKCS #11 interface ver */
+    CK_UTF8CHAR manufacturerID[32]; /* blank padded */
+    CK_FLAGS flags;                 /* must be zero */
+
+    /* libraryDescription and libraryVersion are new for v2.0 */
+    CK_UTF8CHAR libraryDescription[32]; /* blank padded */
+    CK_VERSION libraryVersion;          /* version of library */
+} CK_INFO;
+
+typedef CK_INFO CK_PTR CK_INFO_PTR;
+
+/* CK_NOTIFICATION enumerates the types of notifications that
+ * PKCS #11 provides to an application */
+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
+ * for v2.0 */
+typedef CK_ULONG CK_NOTIFICATION;
+#define CKN_SURRENDER 0
+
+typedef CK_ULONG CK_SLOT_ID;
+
+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
+
+/* CK_SLOT_INFO provides information about a slot */
+typedef struct CK_SLOT_INFO {
+    /* slotDescription and manufacturerID have been changed from
+     * CK_CHAR to CK_UTF8CHAR for v2.10 */
+    CK_UTF8CHAR slotDescription[64]; /* blank padded */
+    CK_UTF8CHAR manufacturerID[32];  /* blank padded */
+    CK_FLAGS flags;
+
+    /* hardwareVersion and firmwareVersion are new for v2.0 */
+    CK_VERSION hardwareVersion; /* version of hardware */
+    CK_VERSION firmwareVersion; /* version of firmware */
+} CK_SLOT_INFO;
+
+/* flags: bit flags that provide capabilities of the slot
+ *      Bit Flag              Mask        Meaning
+ */
+#define CKF_TOKEN_PRESENT 0x00000001    /* a token is there */
+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
+#define CKF_HW_SLOT 0x00000004          /* hardware slot */
+
+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
+
+/* CK_TOKEN_INFO provides information about a token */
+typedef struct CK_TOKEN_INFO {
+    /* label, manufacturerID, and model have been changed from
+     * CK_CHAR to CK_UTF8CHAR for v2.10 */
+    CK_UTF8CHAR label[32];          /* blank padded */
+    CK_UTF8CHAR manufacturerID[32]; /* blank padded */
+    CK_UTF8CHAR model[16];          /* blank padded */
+    CK_CHAR serialNumber[16];       /* blank padded */
+    CK_FLAGS flags;                 /* see below */
+
+    /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
+     * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
+     * changed from CK_USHORT to CK_ULONG for v2.0 */
+    CK_ULONG ulMaxSessionCount;    /* max open sessions */
+    CK_ULONG ulSessionCount;       /* sess. now open */
+    CK_ULONG ulMaxRwSessionCount;  /* max R/W sessions */
+    CK_ULONG ulRwSessionCount;     /* R/W sess. now open */
+    CK_ULONG ulMaxPinLen;          /* in bytes */
+    CK_ULONG ulMinPinLen;          /* in bytes */
+    CK_ULONG ulTotalPublicMemory;  /* in bytes */
+    CK_ULONG ulFreePublicMemory;   /* in bytes */
+    CK_ULONG ulTotalPrivateMemory; /* in bytes */
+    CK_ULONG ulFreePrivateMemory;  /* in bytes */
+
+    /* hardwareVersion, firmwareVersion, and time are new for
+     * v2.0 */
+    CK_VERSION hardwareVersion; /* version of hardware */
+    CK_VERSION firmwareVersion; /* version of firmware */
+    CK_CHAR utcTime[16];        /* time */
+} CK_TOKEN_INFO;
+
+/* The flags parameter is defined as follows:
+ *      Bit Flag                    Mask        Meaning
+ */
+#define CKF_RNG 0x00000001                  /* has random # \
+                                             * generator */
+#define CKF_WRITE_PROTECTED 0x00000002      /* token is \
+                                             * write-   \
+                                             * protected */
+#define CKF_LOGIN_REQUIRED 0x00000004       /* user must \
+                                             * login */
+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's \
+                                             * PIN is set */
+
+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0.  If it is set,
+ * that means that *every* time the state of cryptographic
+ * operations of a session is successfully saved, all keys
+ * needed to continue those operations are stored in the state */
+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
+
+/* CKF_CLOCK_ON_TOKEN is new for v2.0.  If it is set, that means
+ * that the token has some sort of clock.  The time on that
+ * clock is returned in the token info structure */
+#define CKF_CLOCK_ON_TOKEN 0x00000040
+
+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0.  If it is
+ * set, that means that there is some way for the user to login
+ * without sending a PIN through the PKCS #11 library itself */
+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
+
+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0.  If it is true,
+ * that means that a single session with the token can perform
+ * dual simultaneous cryptographic operations (digest and
+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
+ * and sign) */
+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
+
+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
+ * token has been initialized using C_InitializeToken or an
+ * equivalent mechanism outside the scope of PKCS #11.
+ * Calling C_InitializeToken when this flag is set will cause
+ * the token to be reinitialized. */
+#define CKF_TOKEN_INITIALIZED 0x00000400
+
+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
+ * true, the token supports secondary authentication for
+ * private key objects. This flag is deprecated in v2.11 and
+   onwards. */
+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
+
+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
+ * incorrect user login PIN has been entered at least once
+ * since the last successful authentication. */
+#define CKF_USER_PIN_COUNT_LOW 0x00010000
+
+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
+ * supplying an incorrect user PIN will it to become locked. */
+#define CKF_USER_PIN_FINAL_TRY 0x00020000
+
+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
+ * user PIN has been locked. User login to the token is not
+ * possible. */
+#define CKF_USER_PIN_LOCKED 0x00040000
+
+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
+ * the user PIN value is the default value set by token
+ * initialization or manufacturing, or the PIN has been
+ * expired by the card. */
+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
+
+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
+ * incorrect SO login PIN has been entered at least once since
+ * the last successful authentication. */
+#define CKF_SO_PIN_COUNT_LOW 0x00100000
+
+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
+ * supplying an incorrect SO PIN will it to become locked. */
+#define CKF_SO_PIN_FINAL_TRY 0x00200000
+
+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
+ * PIN has been locked. SO login to the token is not possible.
+ */
+#define CKF_SO_PIN_LOCKED 0x00400000
+
+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
+ * the SO PIN value is the default value set by token
+ * initialization or manufacturing, or the PIN has been
+ * expired by the card. */
+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
+
+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
+
+/* CK_SESSION_HANDLE is a PKCS #11-assigned value that
+ * identifies a session */
+typedef CK_ULONG CK_SESSION_HANDLE;
+
+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
+
+/* CK_USER_TYPE enumerates the types of PKCS #11 users */
+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_USER_TYPE;
+/* Security Officer */
+#define CKU_SO 0
+/* Normal user */
+#define CKU_USER 1
+/* Context specific (added in v2.20) */
+#define CKU_CONTEXT_SPECIFIC 2
+
+/* CK_STATE enumerates the session states */
+/* CK_STATE has been changed from an enum to a CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_STATE;
+#define CKS_RO_PUBLIC_SESSION 0
+#define CKS_RO_USER_FUNCTIONS 1
+#define CKS_RW_PUBLIC_SESSION 2
+#define CKS_RW_USER_FUNCTIONS 3
+#define CKS_RW_SO_FUNCTIONS 4
+
+/* CK_SESSION_INFO provides information about a session */
+typedef struct CK_SESSION_INFO {
+    CK_SLOT_ID slotID;
+    CK_STATE state;
+    CK_FLAGS flags; /* see below */
+
+    /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
+     * v2.0 */
+    CK_ULONG ulDeviceError; /* device-dependent error code */
+} CK_SESSION_INFO;
+
+/* The flags are defined in the following table:
+ *      Bit Flag                Mask        Meaning
+ */
+#define CKF_RW_SESSION 0x00000002     /* session is r/w */
+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
+
+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
+
+/* CK_OBJECT_HANDLE is a token-specific identifier for an
+ * object  */
+typedef CK_ULONG CK_OBJECT_HANDLE;
+
+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
+
+/* CK_OBJECT_CLASS is a value that identifies the classes (or
+ * types) of objects that PKCS #11 recognizes.  It is defined
+ * as follows: */
+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_OBJECT_CLASS;
+
+/* The following classes of objects are defined: */
+/* CKO_HW_FEATURE is new for v2.10 */
+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
+/* CKO_MECHANISM is new for v2.20 */
+#define CKO_DATA 0x00000000
+#define CKO_CERTIFICATE 0x00000001
+#define CKO_PUBLIC_KEY 0x00000002
+#define CKO_PRIVATE_KEY 0x00000003
+#define CKO_SECRET_KEY 0x00000004
+#define CKO_HW_FEATURE 0x00000005
+#define CKO_DOMAIN_PARAMETERS 0x00000006
+#define CKO_MECHANISM 0x00000007
+#define CKO_VENDOR_DEFINED 0x80000000
+
+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
+
+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
+ * value that identifies the hardware feature type of an object
+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
+typedef CK_ULONG CK_HW_FEATURE_TYPE;
+
+/* The following hardware feature types are defined */
+/* CKH_USER_INTERFACE is new for v2.20 */
+#define CKH_MONOTONIC_COUNTER 0x00000001
+#define CKH_CLOCK 0x00000002
+#define CKH_USER_INTERFACE 0x00000003
+#define CKH_VENDOR_DEFINED 0x80000000
+
+/* CK_KEY_TYPE is a value that identifies a key type */
+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
+typedef CK_ULONG CK_KEY_TYPE;
+
+/* the following key types are defined: */
+#define CKK_RSA 0x00000000
+#define CKK_DSA 0x00000001
+#define CKK_DH 0x00000002
+
+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
+#define CKK_ECDSA 0x00000003
+#define CKK_EC 0x00000003
+#define CKK_X9_42_DH 0x00000004
+#define CKK_KEA 0x00000005
+
+#define CKK_GENERIC_SECRET 0x00000010
+#define CKK_RC2 0x00000011
+#define CKK_RC4 0x00000012
+#define CKK_DES 0x00000013
+#define CKK_DES2 0x00000014
+#define CKK_DES3 0x00000015
+
+/* all these key types are new for v2.0 */
+#define CKK_CAST 0x00000016
+#define CKK_CAST3 0x00000017
+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
+#define CKK_CAST5 0x00000018
+#define CKK_CAST128 0x00000018
+#define CKK_RC5 0x00000019
+#define CKK_IDEA 0x0000001A
+#define CKK_SKIPJACK 0x0000001B
+#define CKK_BATON 0x0000001C
+#define CKK_JUNIPER 0x0000001D
+#define CKK_CDMF 0x0000001E
+#define CKK_AES 0x0000001F
+
+/* BlowFish and TwoFish are new for v2.20 */
+#define CKK_BLOWFISH 0x00000020
+#define CKK_TWOFISH 0x00000021
+
+/* Camellia is proposed for v2.20 Amendment 3 */
+#define CKK_CAMELLIA 0x00000025
+
+#define CKK_SEED 0x00000026
+
+#define CKK_VENDOR_DEFINED 0x80000000
+
+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
+ * type */
+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
+ * for v2.0 */
+typedef CK_ULONG CK_CERTIFICATE_TYPE;
+
+/* The following certificate types are defined: */
+/* CKC_X_509_ATTR_CERT is new for v2.10 */
+/* CKC_WTLS is new for v2.20 */
+#define CKC_X_509 0x00000000
+#define CKC_X_509_ATTR_CERT 0x00000001
+#define CKC_WTLS 0x00000002
+#define CKC_VENDOR_DEFINED 0x80000000
+
+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
+ * type */
+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
+
+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
+   consists of an array of values. */
+#define CKF_ARRAY_ATTRIBUTE 0x40000000
+
+/* The following attribute types are defined: */
+#define CKA_CLASS 0x00000000
+#define CKA_TOKEN 0x00000001
+#define CKA_PRIVATE 0x00000002
+#define CKA_LABEL 0x00000003
+#define CKA_APPLICATION 0x00000010
+#define CKA_VALUE 0x00000011
+
+/* CKA_OBJECT_ID is new for v2.10 */
+#define CKA_OBJECT_ID 0x00000012
+
+#define CKA_CERTIFICATE_TYPE 0x00000080
+#define CKA_ISSUER 0x00000081
+#define CKA_SERIAL_NUMBER 0x00000082
+
+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
+ * for v2.10 */
+#define CKA_AC_ISSUER 0x00000083
+#define CKA_OWNER 0x00000084
+#define CKA_ATTR_TYPES 0x00000085
+
+/* CKA_TRUSTED is new for v2.11 */
+#define CKA_TRUSTED 0x00000086
+
+/* CKA_CERTIFICATE_CATEGORY ...
+ * CKA_CHECK_VALUE are new for v2.20 */
+#define CKA_CERTIFICATE_CATEGORY 0x00000087
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
+#define CKA_URL 0x00000089
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
+#define CKA_CHECK_VALUE 0x00000090
+
+#define CKA_KEY_TYPE 0x00000100
+#define CKA_SUBJECT 0x00000101
+#define CKA_ID 0x00000102
+#define CKA_SENSITIVE 0x00000103
+#define CKA_ENCRYPT 0x00000104
+#define CKA_DECRYPT 0x00000105
+#define CKA_WRAP 0x00000106
+#define CKA_UNWRAP 0x00000107
+#define CKA_SIGN 0x00000108
+#define CKA_SIGN_RECOVER 0x00000109
+#define CKA_VERIFY 0x0000010A
+#define CKA_VERIFY_RECOVER 0x0000010B
+#define CKA_DERIVE 0x0000010C
+#define CKA_START_DATE 0x00000110
+#define CKA_END_DATE 0x00000111
+#define CKA_MODULUS 0x00000120
+#define CKA_MODULUS_BITS 0x00000121
+#define CKA_PUBLIC_EXPONENT 0x00000122
+#define CKA_PRIVATE_EXPONENT 0x00000123
+#define CKA_PRIME_1 0x00000124
+#define CKA_PRIME_2 0x00000125
+#define CKA_EXPONENT_1 0x00000126
+#define CKA_EXPONENT_2 0x00000127
+#define CKA_COEFFICIENT 0x00000128
+#define CKA_PRIME 0x00000130
+#define CKA_SUBPRIME 0x00000131
+#define CKA_BASE 0x00000132
+
+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
+#define CKA_PRIME_BITS 0x00000133
+#define CKA_SUBPRIME_BITS 0x00000134
+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
+/* (To retain backwards-compatibility) */
+
+#define CKA_VALUE_BITS 0x00000160
+#define CKA_VALUE_LEN 0x00000161
+
+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
+ * and CKA_EC_POINT are new for v2.0 */
+#define CKA_EXTRACTABLE 0x00000162
+#define CKA_LOCAL 0x00000163
+#define CKA_NEVER_EXTRACTABLE 0x00000164
+#define CKA_ALWAYS_SENSITIVE 0x00000165
+
+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
+#define CKA_KEY_GEN_MECHANISM 0x00000166
+
+#define CKA_MODIFIABLE 0x00000170
+
+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
+ * CKA_EC_PARAMS is preferred. */
+#define CKA_ECDSA_PARAMS 0x00000180
+#define CKA_EC_PARAMS 0x00000180
+
+#define CKA_EC_POINT 0x00000181
+
+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
+ * are new for v2.10. Deprecated in v2.11 and onwards. */
+#define CKA_SECONDARY_AUTH 0x00000200
+#define CKA_AUTH_PIN_FLAGS 0x00000201
+
+/* CKA_ALWAYS_AUTHENTICATE ...
+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
+
+#define CKA_WRAP_WITH_TRUSTED 0x00000210
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000211)
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000212)
+
+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
+ * are new for v2.10 */
+#define CKA_HW_FEATURE_TYPE 0x00000300
+#define CKA_RESET_ON_INIT 0x00000301
+#define CKA_HAS_RESET 0x00000302
+
+/* The following attributes are new for v2.20 */
+#define CKA_PIXEL_X 0x00000400
+#define CKA_PIXEL_Y 0x00000401
+#define CKA_RESOLUTION 0x00000402
+#define CKA_CHAR_ROWS 0x00000403
+#define CKA_CHAR_COLUMNS 0x00000404
+#define CKA_COLOR 0x00000405
+#define CKA_BITS_PER_PIXEL 0x00000406
+#define CKA_CHAR_SETS 0x00000480
+#define CKA_ENCODING_METHODS 0x00000481
+#define CKA_MIME_TYPES 0x00000482
+#define CKA_MECHANISM_TYPE 0x00000500
+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x00000600)
+
+#define CKA_VENDOR_DEFINED 0x80000000
+
+/* CK_ATTRIBUTE is a structure that includes the type, length
+ * and value of an attribute */
+typedef struct CK_ATTRIBUTE {
+    CK_ATTRIBUTE_TYPE type;
+    CK_VOID_PTR pValue;
+
+    /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
+    CK_ULONG ulValueLen; /* in bytes */
+} CK_ATTRIBUTE;
+
+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
+
+/* CK_DATE is a structure that defines a date */
+typedef struct CK_DATE {
+    CK_CHAR year[4];  /* the year ("1900" - "9999") */
+    CK_CHAR month[2]; /* the month ("01" - "12") */
+    CK_CHAR day[2];   /* the day   ("01" - "31") */
+} CK_DATE;
+
+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
+ * type */
+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
+typedef CK_ULONG CK_MECHANISM_TYPE;
+
+/* the following mechanism types are defined: */
+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
+#define CKM_RSA_PKCS 0x00000001
+#define CKM_RSA_9796 0x00000002
+#define CKM_RSA_X_509 0x00000003
+
+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
+ * are new for v2.0.  They are mechanisms which hash and sign */
+#define CKM_MD2_RSA_PKCS 0x00000004
+#define CKM_MD5_RSA_PKCS 0x00000005
+#define CKM_SHA1_RSA_PKCS 0x00000006
+
+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
+#define CKM_RSA_PKCS_OAEP 0x00000009
+
+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
+#define CKM_RSA_X9_31 0x0000000B
+#define CKM_SHA1_RSA_X9_31 0x0000000C
+#define CKM_RSA_PKCS_PSS 0x0000000D
+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
+
+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
+#define CKM_DSA 0x00000011
+#define CKM_DSA_SHA1 0x00000012
+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
+#define CKM_DH_PKCS_DERIVE 0x00000021
+
+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
+ * v2.11 */
+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
+#define CKM_X9_42_DH_DERIVE 0x00000031
+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
+#define CKM_X9_42_MQV_DERIVE 0x00000033
+
+/* CKM_SHA256/384/512 are new for v2.20 */
+#define CKM_SHA256_RSA_PKCS 0x00000040
+#define CKM_SHA384_RSA_PKCS 0x00000041
+#define CKM_SHA512_RSA_PKCS 0x00000042
+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
+
+/* CKM_SHA224 new for v2.20 amendment 3 */
+#define CKM_SHA224_RSA_PKCS 0x00000046
+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
+
+#define CKM_RC2_KEY_GEN 0x00000100
+#define CKM_RC2_ECB 0x00000101
+#define CKM_RC2_CBC 0x00000102
+#define CKM_RC2_MAC 0x00000103
+
+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
+#define CKM_RC2_MAC_GENERAL 0x00000104
+#define CKM_RC2_CBC_PAD 0x00000105
+
+#define CKM_RC4_KEY_GEN 0x00000110
+#define CKM_RC4 0x00000111
+#define CKM_DES_KEY_GEN 0x00000120
+#define CKM_DES_ECB 0x00000121
+#define CKM_DES_CBC 0x00000122
+#define CKM_DES_MAC 0x00000123
+
+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
+#define CKM_DES_MAC_GENERAL 0x00000124
+#define CKM_DES_CBC_PAD 0x00000125
+
+#define CKM_DES2_KEY_GEN 0x00000130
+#define CKM_DES3_KEY_GEN 0x00000131
+#define CKM_DES3_ECB 0x00000132
+#define CKM_DES3_CBC 0x00000133
+#define CKM_DES3_MAC 0x00000134
+
+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
+#define CKM_DES3_MAC_GENERAL 0x00000135
+#define CKM_DES3_CBC_PAD 0x00000136
+#define CKM_CDMF_KEY_GEN 0x00000140
+#define CKM_CDMF_ECB 0x00000141
+#define CKM_CDMF_CBC 0x00000142
+#define CKM_CDMF_MAC 0x00000143
+#define CKM_CDMF_MAC_GENERAL 0x00000144
+#define CKM_CDMF_CBC_PAD 0x00000145
+
+/* the following four DES mechanisms are new for v2.20 */
+#define CKM_DES_OFB64 0x00000150
+#define CKM_DES_OFB8 0x00000151
+#define CKM_DES_CFB64 0x00000152
+#define CKM_DES_CFB8 0x00000153
+
+#define CKM_MD2 0x00000200
+
+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
+#define CKM_MD2_HMAC 0x00000201
+#define CKM_MD2_HMAC_GENERAL 0x00000202
+
+#define CKM_MD5 0x00000210
+
+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
+#define CKM_MD5_HMAC 0x00000211
+#define CKM_MD5_HMAC_GENERAL 0x00000212
+
+#define CKM_SHA_1 0x00000220
+
+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
+#define CKM_SHA_1_HMAC 0x00000221
+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
+
+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
+#define CKM_RIPEMD128 0x00000230
+#define CKM_RIPEMD128_HMAC 0x00000231
+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
+#define CKM_RIPEMD160 0x00000240
+#define CKM_RIPEMD160_HMAC 0x00000241
+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
+
+/* CKM_SHA256/384/512 are new for v2.20 */
+#define CKM_SHA256 0x00000250
+#define CKM_SHA256_HMAC 0x00000251
+#define CKM_SHA256_HMAC_GENERAL 0x00000252
+#define CKM_SHA384 0x00000260
+#define CKM_SHA384_HMAC 0x00000261
+#define CKM_SHA384_HMAC_GENERAL 0x00000262
+#define CKM_SHA512 0x00000270
+#define CKM_SHA512_HMAC 0x00000271
+#define CKM_SHA512_HMAC_GENERAL 0x00000272
+
+/* CKM_SHA224 new for v2.20 amendment 3 */
+#define CKM_SHA224 0x00000255
+#define CKM_SHA224_HMAC 0x00000256
+#define CKM_SHA224_HMAC_GENERAL 0x00000257
+
+/* All of the following mechanisms are new for v2.0 */
+/* Note that CAST128 and CAST5 are the same algorithm */
+#define CKM_CAST_KEY_GEN 0x00000300
+#define CKM_CAST_ECB 0x00000301
+#define CKM_CAST_CBC 0x00000302
+#define CKM_CAST_MAC 0x00000303
+#define CKM_CAST_MAC_GENERAL 0x00000304
+#define CKM_CAST_CBC_PAD 0x00000305
+#define CKM_CAST3_KEY_GEN 0x00000310
+#define CKM_CAST3_ECB 0x00000311
+#define CKM_CAST3_CBC 0x00000312
+#define CKM_CAST3_MAC 0x00000313
+#define CKM_CAST3_MAC_GENERAL 0x00000314
+#define CKM_CAST3_CBC_PAD 0x00000315
+#define CKM_CAST5_KEY_GEN 0x00000320
+#define CKM_CAST128_KEY_GEN 0x00000320
+#define CKM_CAST5_ECB 0x00000321
+#define CKM_CAST128_ECB 0x00000321
+#define CKM_CAST5_CBC 0x00000322
+#define CKM_CAST128_CBC 0x00000322
+#define CKM_CAST5_MAC 0x00000323
+#define CKM_CAST128_MAC 0x00000323
+#define CKM_CAST5_MAC_GENERAL 0x00000324
+#define CKM_CAST128_MAC_GENERAL 0x00000324
+#define CKM_CAST5_CBC_PAD 0x00000325
+#define CKM_CAST128_CBC_PAD 0x00000325
+#define CKM_RC5_KEY_GEN 0x00000330
+#define CKM_RC5_ECB 0x00000331
+#define CKM_RC5_CBC 0x00000332
+#define CKM_RC5_MAC 0x00000333
+#define CKM_RC5_MAC_GENERAL 0x00000334
+#define CKM_RC5_CBC_PAD 0x00000335
+#define CKM_IDEA_KEY_GEN 0x00000340
+#define CKM_IDEA_ECB 0x00000341
+#define CKM_IDEA_CBC 0x00000342
+#define CKM_IDEA_MAC 0x00000343
+#define CKM_IDEA_MAC_GENERAL 0x00000344
+#define CKM_IDEA_CBC_PAD 0x00000345
+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
+#define CKM_XOR_BASE_AND_DATA 0x00000364
+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
+
+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
+
+/* CKM_TLS_PRF is new for v2.20 */
+#define CKM_TLS_PRF 0x00000378
+
+#define CKM_SSL3_MD5_MAC 0x00000380
+#define CKM_SSL3_SHA1_MAC 0x00000381
+#define CKM_MD5_KEY_DERIVATION 0x00000390
+#define CKM_MD2_KEY_DERIVATION 0x00000391
+#define CKM_SHA1_KEY_DERIVATION 0x00000392
+
+/* CKM_SHA256/384/512 are new for v2.20 */
+#define CKM_SHA256_KEY_DERIVATION 0x00000393
+#define CKM_SHA384_KEY_DERIVATION 0x00000394
+#define CKM_SHA512_KEY_DERIVATION 0x00000395
+
+/* CKM_SHA224 new for v2.20 amendment 3 */
+#define CKM_SHA224_KEY_DERIVATION 0x00000396
+
+#define CKM_PBE_MD2_DES_CBC 0x000003A0
+#define CKM_PBE_MD5_DES_CBC 0x000003A1
+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
+#define CKM_PBE_SHA1_RC4_128 0x000003A6
+#define CKM_PBE_SHA1_RC4_40 0x000003A7
+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
+
+/* CKM_PKCS5_PBKD2 is new for v2.10 */
+#define CKM_PKCS5_PBKD2 0x000003B0
+
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
+
+/* WTLS mechanisms are new for v2.20 */
+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
+#define CKM_WTLS_PRF 0x000003D3
+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
+
+/* TLS 1.2 mechanisms are new for v2.40 */
+#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0
+#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1
+#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2
+#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3
+#define CKM_TLS12_MAC 0x000003E4
+#define CKM_TLS_MAC 0x000003E4
+#define CKM_TLS_KDF 0x000003E5
+
+#define CKM_KEY_WRAP_LYNKS 0x00000400
+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
+
+/* CKM_CMS_SIG is new for v2.20 */
+#define CKM_CMS_SIG 0x00000500
+
+/* Fortezza mechanisms */
+#define CKM_SKIPJACK_KEY_GEN 0x00001000
+#define CKM_SKIPJACK_ECB64 0x00001001
+#define CKM_SKIPJACK_CBC64 0x00001002
+#define CKM_SKIPJACK_OFB64 0x00001003
+#define CKM_SKIPJACK_CFB64 0x00001004
+#define CKM_SKIPJACK_CFB32 0x00001005
+#define CKM_SKIPJACK_CFB16 0x00001006
+#define CKM_SKIPJACK_CFB8 0x00001007
+#define CKM_SKIPJACK_WRAP 0x00001008
+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
+#define CKM_SKIPJACK_RELAYX 0x0000100a
+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
+#define CKM_KEA_KEY_DERIVE 0x00001011
+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
+#define CKM_BATON_KEY_GEN 0x00001030
+#define CKM_BATON_ECB128 0x00001031
+#define CKM_BATON_ECB96 0x00001032
+#define CKM_BATON_CBC128 0x00001033
+#define CKM_BATON_COUNTER 0x00001034
+#define CKM_BATON_SHUFFLE 0x00001035
+#define CKM_BATON_WRAP 0x00001036
+
+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
+ * CKM_EC_KEY_PAIR_GEN is preferred */
+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
+#define CKM_EC_KEY_PAIR_GEN 0x00001040
+
+#define CKM_ECDSA 0x00001041
+#define CKM_ECDSA_SHA1 0x00001042
+
+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
+ * are new for v2.11 */
+#define CKM_ECDH1_DERIVE 0x00001050
+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
+#define CKM_ECMQV_DERIVE 0x00001052
+
+#define CKM_JUNIPER_KEY_GEN 0x00001060
+#define CKM_JUNIPER_ECB128 0x00001061
+#define CKM_JUNIPER_CBC128 0x00001062
+#define CKM_JUNIPER_COUNTER 0x00001063
+#define CKM_JUNIPER_SHUFFLE 0x00001064
+#define CKM_JUNIPER_WRAP 0x00001065
+#define CKM_FASTHASH 0x00001070
+
+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
+ * new for v2.11 */
+#define CKM_AES_KEY_GEN 0x00001080
+#define CKM_AES_ECB 0x00001081
+#define CKM_AES_CBC 0x00001082
+#define CKM_AES_MAC 0x00001083
+#define CKM_AES_MAC_GENERAL 0x00001084
+#define CKM_AES_CBC_PAD 0x00001085
+/* new for v2.20 amendment 3 */
+#define CKM_AES_CTR 0x00001086
+/* new for v2.30 */
+#define CKM_AES_GCM 0x00001087
+#define CKM_AES_CCM 0x00001088
+#define CKM_AES_CTS 0x00001089
+
+/* BlowFish and TwoFish are new for v2.20 */
+#define CKM_BLOWFISH_KEY_GEN 0x00001090
+#define CKM_BLOWFISH_CBC 0x00001091
+#define CKM_TWOFISH_KEY_GEN 0x00001092
+#define CKM_TWOFISH_CBC 0x00001093
+
+/* Camellia is proposed for v2.20 Amendment 3 */
+#define CKM_CAMELLIA_KEY_GEN 0x00000550
+#define CKM_CAMELLIA_ECB 0x00000551
+#define CKM_CAMELLIA_CBC 0x00000552
+#define CKM_CAMELLIA_MAC 0x00000553
+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
+#define CKM_CAMELLIA_CBC_PAD 0x00000555
+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
+
+#define CKM_SEED_KEY_GEN 0x00000650
+#define CKM_SEED_ECB 0x00000651
+#define CKM_SEED_CBC 0x00000652
+#define CKM_SEED_MAC 0x00000653
+#define CKM_SEED_MAC_GENERAL 0x00000654
+#define CKM_SEED_CBC_PAD 0x00000655
+#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656
+#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657
+
+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
+
+#define CKM_DSA_PARAMETER_GEN 0x00002000
+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
+
+#define CKM_VENDOR_DEFINED 0x80000000
+
+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
+
+/* CK_MECHANISM is a structure that specifies a particular
+ * mechanism  */
+typedef struct CK_MECHANISM {
+    CK_MECHANISM_TYPE mechanism;
+    CK_VOID_PTR pParameter;
+
+    /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
+     * v2.0 */
+    CK_ULONG ulParameterLen; /* in bytes */
+} CK_MECHANISM;
+
+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
+
+/* CK_MECHANISM_INFO provides information about a particular
+ * mechanism */
+typedef struct CK_MECHANISM_INFO {
+    CK_ULONG ulMinKeySize;
+    CK_ULONG ulMaxKeySize;
+    CK_FLAGS flags;
+} CK_MECHANISM_INFO;
+
+/* The flags are defined as follows:
+ *      Bit Flag               Mask        Meaning */
+#define CKF_HW 0x00000001 /* performed by HW */
+
+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
+ * and CKF_DERIVE are new for v2.0.  They specify whether or not
+ * a mechanism can be used for a particular task */
+#define CKF_ENCRYPT 0x00000100
+#define CKF_DECRYPT 0x00000200
+#define CKF_DIGEST 0x00000400
+#define CKF_SIGN 0x00000800
+#define CKF_SIGN_RECOVER 0x00001000
+#define CKF_VERIFY 0x00002000
+#define CKF_VERIFY_RECOVER 0x00004000
+#define CKF_GENERATE 0x00008000
+#define CKF_GENERATE_KEY_PAIR 0x00010000
+#define CKF_WRAP 0x00020000
+#define CKF_UNWRAP 0x00040000
+#define CKF_DERIVE 0x00080000
+
+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
+ * describe a token's EC capabilities not available in mechanism
+ * information. */
+#define CKF_EC_F_P 0x00100000
+#define CKF_EC_F_2M 0x00200000
+#define CKF_EC_ECPARAMETERS 0x00400000
+#define CKF_EC_NAMEDCURVE 0x00800000
+#define CKF_EC_UNCOMPRESS 0x01000000
+#define CKF_EC_COMPRESS 0x02000000
+
+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
+
+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
+
+/* CK_RV is a value that identifies the return value of a
+ * PKCS #11 function */
+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
+typedef CK_ULONG CK_RV;
+
+#define CKR_OK 0x00000000
+#define CKR_CANCEL 0x00000001
+#define CKR_HOST_MEMORY 0x00000002
+#define CKR_SLOT_ID_INVALID 0x00000003
+
+/* CKR_FLAGS_INVALID was removed for v2.0 */
+
+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
+#define CKR_GENERAL_ERROR 0x00000005
+#define CKR_FUNCTION_FAILED 0x00000006
+
+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
+ * and CKR_CANT_LOCK are new for v2.01 */
+#define CKR_ARGUMENTS_BAD 0x00000007
+#define CKR_NO_EVENT 0x00000008
+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
+#define CKR_CANT_LOCK 0x0000000A
+
+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
+#define CKR_DATA_INVALID 0x00000020
+#define CKR_DATA_LEN_RANGE 0x00000021
+#define CKR_DEVICE_ERROR 0x00000030
+#define CKR_DEVICE_MEMORY 0x00000031
+#define CKR_DEVICE_REMOVED 0x00000032
+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
+#define CKR_FUNCTION_CANCELED 0x00000050
+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
+
+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
+
+#define CKR_KEY_HANDLE_INVALID 0x00000060
+
+/* CKR_KEY_SENSITIVE was removed for v2.0 */
+
+#define CKR_KEY_SIZE_RANGE 0x00000062
+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
+
+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
+ * v2.0 */
+#define CKR_KEY_NOT_NEEDED 0x00000064
+#define CKR_KEY_CHANGED 0x00000065
+#define CKR_KEY_NEEDED 0x00000066
+#define CKR_KEY_INDIGESTIBLE 0x00000067
+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
+
+#define CKR_MECHANISM_INVALID 0x00000070
+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
+
+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
+ * were removed for v2.0 */
+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
+#define CKR_OPERATION_ACTIVE 0x00000090
+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
+#define CKR_PIN_INCORRECT 0x000000A0
+#define CKR_PIN_INVALID 0x000000A1
+#define CKR_PIN_LEN_RANGE 0x000000A2
+
+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
+#define CKR_PIN_EXPIRED 0x000000A3
+#define CKR_PIN_LOCKED 0x000000A4
+
+#define CKR_SESSION_CLOSED 0x000000B0
+#define CKR_SESSION_COUNT 0x000000B1
+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
+#define CKR_SESSION_READ_ONLY 0x000000B5
+#define CKR_SESSION_EXISTS 0x000000B6
+
+/* CKR_SESSION_READ_ONLY_EXISTS and
+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
+
+#define CKR_SIGNATURE_INVALID 0x000000C0
+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
+#define CKR_USER_NOT_LOGGED_IN 0x00000101
+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
+#define CKR_USER_TYPE_INVALID 0x00000103
+
+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
+ * are new to v2.01 */
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
+#define CKR_USER_TOO_MANY_TYPES 0x00000105
+
+#define CKR_WRAPPED_KEY_INVALID 0x00000110
+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
+
+/* These are new to v2.0 */
+#define CKR_RANDOM_NO_RNG 0x00000121
+
+/* These are new to v2.11 */
+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
+
+/* These are new to v2.0 */
+#define CKR_BUFFER_TOO_SMALL 0x00000150
+#define CKR_SAVED_STATE_INVALID 0x00000160
+#define CKR_INFORMATION_SENSITIVE 0x00000170
+#define CKR_STATE_UNSAVEABLE 0x00000180
+
+/* These are new to v2.01 */
+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
+#define CKR_MUTEX_BAD 0x000001A0
+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
+
+/* This is new to v2.20 */
+#define CKR_FUNCTION_REJECTED 0x00000200
+
+#define CKR_VENDOR_DEFINED 0x80000000
+
+/* CK_NOTIFY is an application callback that processes events */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
+    CK_SESSION_HANDLE hSession, /* the session's handle */
+    CK_NOTIFICATION event,
+    CK_VOID_PTR pApplication /* passed to C_OpenSession */
+    );
+
+/* CK_FUNCTION_LIST is a structure holding a PKCS #11 spec
+ * version and pointers of appropriate types to all the
+ * PKCS #11 functions */
+/* CK_FUNCTION_LIST is new for v2.0 */
+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
+
+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
+
+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
+
+/* CK_CREATEMUTEX is an application callback for creating a
+ * mutex object */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
+    CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
+    );
+
+/* CK_DESTROYMUTEX is an application callback for destroying a
+ * mutex object */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
+    CK_VOID_PTR pMutex /* pointer to mutex */
+    );
+
+/* CK_LOCKMUTEX is an application callback for locking a mutex */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
+    CK_VOID_PTR pMutex /* pointer to mutex */
+    );
+
+/* CK_UNLOCKMUTEX is an application callback for unlocking a
+ * mutex */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
+    CK_VOID_PTR pMutex /* pointer to mutex */
+    );
+
+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
+ * C_Initialize */
+typedef struct CK_C_INITIALIZE_ARGS {
+    CK_CREATEMUTEX CreateMutex;
+    CK_DESTROYMUTEX DestroyMutex;
+    CK_LOCKMUTEX LockMutex;
+    CK_UNLOCKMUTEX UnlockMutex;
+    CK_FLAGS flags;
+    /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
+     * a reserved field. NSS needs a way to pass instance-specific information
+     * to the library (like where to find its config files, etc). This
+     * information is usually provided by the installer and passed uninterpreted
+     * by NSS to the library, though NSS does know the specifics of the softoken
+     * version of this parameter. Most compliant PKCS#11 modules expect this
+     * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
+     * C_Initialize if Library parameters is supplied. */
+    CK_CHAR_PTR *LibraryParameters;
+    /* This field is only present if the LibraryParameters is not NULL. It must
+     * be NULL in all cases */
+    CK_VOID_PTR pReserved;
+} CK_C_INITIALIZE_ARGS;
+
+/* flags: bit flags that provide capabilities of the slot
+ *      Bit Flag                           Mask       Meaning
+ */
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
+#define CKF_OS_LOCKING_OK 0x00000002
+
+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
+
+/* additional flags for parameters to functions */
+
+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
+#define CKF_DONT_BLOCK 1
+
+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
+ * CK_RSA_PKCS_OAEP_MGF_TYPE  is used to indicate the Message
+ * Generation Function (MGF) applied to a message block when
+ * formatting a message block for the PKCS #1 OAEP encryption
+ * scheme. */
+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
+
+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
+
+/* The following MGFs are defined */
+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
+ * are new for v2.20 */
+#define CKG_MGF1_SHA1 0x00000001
+#define CKG_MGF1_SHA256 0x00000002
+#define CKG_MGF1_SHA384 0x00000003
+#define CKG_MGF1_SHA512 0x00000004
+
+/* v2.20 amendment 3 */
+#define CKG_MGF1_SHA224 0x00000005
+
+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE  is used to indicate the source
+ * of the encoding parameter when formatting a message block
+ * for the PKCS #1 OAEP encryption scheme. */
+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
+
+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
+
+/* The following encoding parameter sources are defined */
+#define CKZ_DATA_SPECIFIED 0x00000001
+
+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
+ * CKM_RSA_PKCS_OAEP mechanism. */
+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
+    CK_MECHANISM_TYPE hashAlg;
+    CK_RSA_PKCS_MGF_TYPE mgf;
+    CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
+    CK_VOID_PTR pSourceData;
+    CK_ULONG ulSourceDataLen;
+} CK_RSA_PKCS_OAEP_PARAMS;
+
+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
+
+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
+ * CKM_RSA_PKCS_PSS mechanism(s). */
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
+    CK_MECHANISM_TYPE hashAlg;
+    CK_RSA_PKCS_MGF_TYPE mgf;
+    CK_ULONG sLen;
+} CK_RSA_PKCS_PSS_PARAMS;
+
+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
+
+/* CK_EC_KDF_TYPE is new for v2.11. */
+typedef CK_ULONG CK_EC_KDF_TYPE;
+
+/* The following EC Key Derivation Functions are defined */
+#define CKD_NULL 0x00000001
+#define CKD_SHA1_KDF 0x00000002
+#define CKD_SHA224_KDF 0x00000005
+#define CKD_SHA256_KDF 0x00000006
+#define CKD_SHA384_KDF 0x00000007
+#define CKD_SHA512_KDF 0x00000008
+
+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
+ * where each party contributes one key pair.
+ */
+typedef struct CK_ECDH1_DERIVE_PARAMS {
+    CK_EC_KDF_TYPE kdf;
+    CK_ULONG ulSharedDataLen;
+    CK_BYTE_PTR pSharedData;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+} CK_ECDH1_DERIVE_PARAMS;
+
+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
+
+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
+typedef struct CK_ECDH2_DERIVE_PARAMS {
+    CK_EC_KDF_TYPE kdf;
+    CK_ULONG ulSharedDataLen;
+    CK_BYTE_PTR pSharedData;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+    CK_ULONG ulPrivateDataLen;
+    CK_OBJECT_HANDLE hPrivateData;
+    CK_ULONG ulPublicDataLen2;
+    CK_BYTE_PTR pPublicData2;
+} CK_ECDH2_DERIVE_PARAMS;
+
+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
+
+typedef struct CK_ECMQV_DERIVE_PARAMS {
+    CK_EC_KDF_TYPE kdf;
+    CK_ULONG ulSharedDataLen;
+    CK_BYTE_PTR pSharedData;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+    CK_ULONG ulPrivateDataLen;
+    CK_OBJECT_HANDLE hPrivateData;
+    CK_ULONG ulPublicDataLen2;
+    CK_BYTE_PTR pPublicData2;
+    CK_OBJECT_HANDLE publicKey;
+} CK_ECMQV_DERIVE_PARAMS;
+
+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
+
+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
+
+/* The following X9.42 DH key derivation functions are defined
+   (besides CKD_NULL already defined : */
+#define CKD_SHA1_KDF_ASN1 0x00000003
+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
+
+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
+ * contributes one key pair */
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
+    CK_X9_42_DH_KDF_TYPE kdf;
+    CK_ULONG ulOtherInfoLen;
+    CK_BYTE_PTR pOtherInfo;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+} CK_X9_42_DH1_DERIVE_PARAMS;
+
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
+
+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
+ * mechanisms, where each party contributes two key pairs */
+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
+    CK_X9_42_DH_KDF_TYPE kdf;
+    CK_ULONG ulOtherInfoLen;
+    CK_BYTE_PTR pOtherInfo;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+    CK_ULONG ulPrivateDataLen;
+    CK_OBJECT_HANDLE hPrivateData;
+    CK_ULONG ulPublicDataLen2;
+    CK_BYTE_PTR pPublicData2;
+} CK_X9_42_DH2_DERIVE_PARAMS;
+
+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
+
+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
+    CK_X9_42_DH_KDF_TYPE kdf;
+    CK_ULONG ulOtherInfoLen;
+    CK_BYTE_PTR pOtherInfo;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+    CK_ULONG ulPrivateDataLen;
+    CK_OBJECT_HANDLE hPrivateData;
+    CK_ULONG ulPublicDataLen2;
+    CK_BYTE_PTR pPublicData2;
+    CK_OBJECT_HANDLE publicKey;
+} CK_X9_42_MQV_DERIVE_PARAMS;
+
+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
+
+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
+ * CKM_KEA_DERIVE mechanism */
+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
+typedef struct CK_KEA_DERIVE_PARAMS {
+    CK_BBOOL isSender;
+    CK_ULONG ulRandomLen;
+    CK_BYTE_PTR pRandomA;
+    CK_BYTE_PTR pRandomB;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+} CK_KEA_DERIVE_PARAMS;
+
+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
+
+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
+ * CKM_RC2_MAC mechanisms.  An instance of CK_RC2_PARAMS just
+ * holds the effective keysize */
+typedef CK_ULONG CK_RC2_PARAMS;
+
+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
+
+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
+ * mechanism */
+typedef struct CK_RC2_CBC_PARAMS {
+    /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
+   * v2.0 */
+    CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
+
+    CK_BYTE iv[8]; /* IV for CBC mode */
+} CK_RC2_CBC_PARAMS;
+
+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
+
+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
+ * CKM_RC2_MAC_GENERAL mechanism */
+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
+    CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
+    CK_ULONG ulMacLength;     /* Length of MAC in bytes */
+} CK_RC2_MAC_GENERAL_PARAMS;
+
+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR
+    CK_RC2_MAC_GENERAL_PARAMS_PTR;
+
+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
+ * CKM_RC5_MAC mechanisms */
+/* CK_RC5_PARAMS is new for v2.0 */
+typedef struct CK_RC5_PARAMS {
+    CK_ULONG ulWordsize; /* wordsize in bits */
+    CK_ULONG ulRounds;   /* number of rounds */
+} CK_RC5_PARAMS;
+
+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
+
+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
+ * mechanism */
+/* CK_RC5_CBC_PARAMS is new for v2.0 */
+typedef struct CK_RC5_CBC_PARAMS {
+    CK_ULONG ulWordsize; /* wordsize in bits */
+    CK_ULONG ulRounds;   /* number of rounds */
+    CK_BYTE_PTR pIv;     /* pointer to IV */
+    CK_ULONG ulIvLen;    /* length of IV in bytes */
+} CK_RC5_CBC_PARAMS;
+
+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
+
+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
+ * CKM_RC5_MAC_GENERAL mechanism */
+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
+    CK_ULONG ulWordsize;  /* wordsize in bits */
+    CK_ULONG ulRounds;    /* number of rounds */
+    CK_ULONG ulMacLength; /* Length of MAC in bytes */
+} CK_RC5_MAC_GENERAL_PARAMS;
+
+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR
+    CK_RC5_MAC_GENERAL_PARAMS_PTR;
+
+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
+ * ciphers' MAC_GENERAL mechanisms.  Its value is the length of
+ * the MAC */
+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
+
+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
+
+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
+    CK_BYTE iv[8];
+    CK_BYTE_PTR pData;
+    CK_ULONG length;
+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
+    CK_BYTE iv[16];
+    CK_BYTE_PTR pData;
+    CK_ULONG length;
+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
+typedef struct CK_AES_CTR_PARAMS {
+    CK_ULONG ulCounterBits;
+    CK_BYTE cb[16];
+} CK_AES_CTR_PARAMS;
+
+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
+
+/* CK_GCM_PARAMS is new for version 2.30 */
+typedef struct CK_GCM_PARAMS {
+    CK_BYTE_PTR pIv;
+    CK_ULONG ulIvLen;
+    CK_BYTE_PTR pAAD;
+    CK_ULONG ulAADLen;
+    CK_ULONG ulTagBits;
+} CK_GCM_PARAMS;
+
+typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
+
+/* CK_CCM_PARAMS is new for version 2.30 */
+typedef struct CK_CCM_PARAMS {
+    CK_ULONG ulDataLen;
+    CK_BYTE_PTR pNonce;
+    CK_ULONG ulNonceLen;
+    CK_BYTE_PTR pAAD;
+    CK_ULONG ulAADLen;
+    CK_ULONG ulMACLen;
+} CK_CCM_PARAMS;
+
+typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
+
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
+    CK_ULONG ulPasswordLen;
+    CK_BYTE_PTR pPassword;
+    CK_ULONG ulPublicDataLen;
+    CK_BYTE_PTR pPublicData;
+    CK_ULONG ulPAndGLen;
+    CK_ULONG ulQLen;
+    CK_ULONG ulRandomLen;
+    CK_BYTE_PTR pRandomA;
+    CK_BYTE_PTR pPrimeP;
+    CK_BYTE_PTR pBaseG;
+    CK_BYTE_PTR pSubprimeQ;
+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
+
+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR
+    CK_SKIPJACK_PRIVATE_WRAP_PTR;
+
+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
+ * CKM_SKIPJACK_RELAYX mechanism */
+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
+    CK_ULONG ulOldWrappedXLen;
+    CK_BYTE_PTR pOldWrappedX;
+    CK_ULONG ulOldPasswordLen;
+    CK_BYTE_PTR pOldPassword;
+    CK_ULONG ulOldPublicDataLen;
+    CK_BYTE_PTR pOldPublicData;
+    CK_ULONG ulOldRandomLen;
+    CK_BYTE_PTR pOldRandomA;
+    CK_ULONG ulNewPasswordLen;
+    CK_BYTE_PTR pNewPassword;
+    CK_ULONG ulNewPublicDataLen;
+    CK_BYTE_PTR pNewPublicData;
+    CK_ULONG ulNewRandomLen;
+    CK_BYTE_PTR pNewRandomA;
+} CK_SKIPJACK_RELAYX_PARAMS;
+
+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR
+    CK_SKIPJACK_RELAYX_PARAMS_PTR;
+
+typedef struct CK_PBE_PARAMS {
+    CK_BYTE_PTR pInitVector;
+    CK_UTF8CHAR_PTR pPassword;
+    CK_ULONG ulPasswordLen;
+    CK_BYTE_PTR pSalt;
+    CK_ULONG ulSaltLen;
+    CK_ULONG ulIteration;
+} CK_PBE_PARAMS;
+
+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
+
+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
+ * CKM_KEY_WRAP_SET_OAEP mechanism */
+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
+    CK_BYTE bBC;     /* block contents byte */
+    CK_BYTE_PTR pX;  /* extra data */
+    CK_ULONG ulXLen; /* length of extra data in bytes */
+} CK_KEY_WRAP_SET_OAEP_PARAMS;
+
+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR
+    CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
+
+typedef struct CK_SSL3_RANDOM_DATA {
+    CK_BYTE_PTR pClientRandom;
+    CK_ULONG ulClientRandomLen;
+    CK_BYTE_PTR pServerRandom;
+    CK_ULONG ulServerRandomLen;
+} CK_SSL3_RANDOM_DATA;
+
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
+    CK_SSL3_RANDOM_DATA RandomInfo;
+    CK_VERSION_PTR pVersion;
+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
+
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR
+    CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_SSL3_KEY_MAT_OUT {
+    CK_OBJECT_HANDLE hClientMacSecret;
+    CK_OBJECT_HANDLE hServerMacSecret;
+    CK_OBJECT_HANDLE hClientKey;
+    CK_OBJECT_HANDLE hServerKey;
+    CK_BYTE_PTR pIVClient;
+    CK_BYTE_PTR pIVServer;
+} CK_SSL3_KEY_MAT_OUT;
+
+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
+
+typedef struct CK_SSL3_KEY_MAT_PARAMS {
+    CK_ULONG ulMacSizeInBits;
+    CK_ULONG ulKeySizeInBits;
+    CK_ULONG ulIVSizeInBits;
+    CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
+    CK_SSL3_RANDOM_DATA RandomInfo;
+    CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+} CK_SSL3_KEY_MAT_PARAMS;
+
+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
+
+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
+typedef struct CK_TLS_PRF_PARAMS {
+    CK_BYTE_PTR pSeed;
+    CK_ULONG ulSeedLen;
+    CK_BYTE_PTR pLabel;
+    CK_ULONG ulLabelLen;
+    CK_BYTE_PTR pOutput;
+    CK_ULONG_PTR pulOutputLen;
+} CK_TLS_PRF_PARAMS;
+
+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
+
+/* TLS 1.2 is new for version 2.40 */
+typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+    CK_SSL3_RANDOM_DATA RandomInfo;
+    CK_VERSION_PTR pVersion;
+    CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR
+    CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_TLS12_KEY_MAT_PARAMS {
+    CK_ULONG ulMacSizeInBits;
+    CK_ULONG ulKeySizeInBits;
+    CK_ULONG ulIVSizeInBits;
+    CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
+    CK_SSL3_RANDOM_DATA RandomInfo;
+    CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+    CK_MECHANISM_TYPE prfHashMechanism;
+} CK_TLS12_KEY_MAT_PARAMS;
+
+typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_TLS_KDF_PARAMS {
+    CK_MECHANISM_TYPE prfMechanism;
+    CK_BYTE_PTR pLabel;
+    CK_ULONG ulLabelLength;
+    CK_SSL3_RANDOM_DATA RandomInfo;
+    CK_BYTE_PTR pContextData;
+    CK_ULONG ulContextDataLength;
+} CK_TLS_KDF_PARAMS;
+
+typedef struct CK_TLS_MAC_PARAMS {
+    CK_MECHANISM_TYPE prfMechanism;
+    CK_ULONG ulMacLength;
+    CK_ULONG ulServerOrClient;
+} CK_TLS_MAC_PARAMS;
+
+typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
+
+/* WTLS is new for version 2.20 */
+typedef struct CK_WTLS_RANDOM_DATA {
+    CK_BYTE_PTR pClientRandom;
+    CK_ULONG ulClientRandomLen;
+    CK_BYTE_PTR pServerRandom;
+    CK_ULONG ulServerRandomLen;
+} CK_WTLS_RANDOM_DATA;
+
+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
+
+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
+    CK_MECHANISM_TYPE DigestMechanism;
+    CK_WTLS_RANDOM_DATA RandomInfo;
+    CK_BYTE_PTR pVersion;
+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR
+    CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_WTLS_PRF_PARAMS {
+    CK_MECHANISM_TYPE DigestMechanism;
+    CK_BYTE_PTR pSeed;
+    CK_ULONG ulSeedLen;
+    CK_BYTE_PTR pLabel;
+    CK_ULONG ulLabelLen;
+    CK_BYTE_PTR pOutput;
+    CK_ULONG_PTR pulOutputLen;
+} CK_WTLS_PRF_PARAMS;
+
+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
+
+typedef struct CK_WTLS_KEY_MAT_OUT {
+    CK_OBJECT_HANDLE hMacSecret;
+    CK_OBJECT_HANDLE hKey;
+    CK_BYTE_PTR pIV;
+} CK_WTLS_KEY_MAT_OUT;
+
+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
+
+typedef struct CK_WTLS_KEY_MAT_PARAMS {
+    CK_MECHANISM_TYPE DigestMechanism;
+    CK_ULONG ulMacSizeInBits;
+    CK_ULONG ulKeySizeInBits;
+    CK_ULONG ulIVSizeInBits;
+    CK_ULONG ulSequenceNumber;
+    CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
+    CK_WTLS_RANDOM_DATA RandomInfo;
+    CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+} CK_WTLS_KEY_MAT_PARAMS;
+
+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
+
+/* CMS is new for version 2.20 */
+typedef struct CK_CMS_SIG_PARAMS {
+    CK_OBJECT_HANDLE certificateHandle;
+    CK_MECHANISM_PTR pSigningMechanism;
+    CK_MECHANISM_PTR pDigestMechanism;
+    CK_UTF8CHAR_PTR pContentType;
+    CK_BYTE_PTR pRequestedAttributes;
+    CK_ULONG ulRequestedAttributesLen;
+    CK_BYTE_PTR pRequiredAttributes;
+    CK_ULONG ulRequiredAttributesLen;
+} CK_CMS_SIG_PARAMS;
+
+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
+
+typedef struct CK_KEY_DERIVATION_STRING_DATA {
+    CK_BYTE_PTR pData;
+    CK_ULONG ulLen;
+} CK_KEY_DERIVATION_STRING_DATA;
+
+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR
+    CK_KEY_DERIVATION_STRING_DATA_PTR;
+
+/* The CK_EXTRACT_PARAMS is used for the
+ * CKM_EXTRACT_KEY_FROM_KEY mechanism.  It specifies which bit
+ * of the base key should be used as the first bit of the
+ * derived key */
+/* CK_EXTRACT_PARAMS is new for v2.0 */
+typedef CK_ULONG CK_EXTRACT_PARAMS;
+
+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
+
+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
+ * indicate the Pseudo-Random Function (PRF) used to generate
+ * key bits using PKCS #5 PBKDF2. */
+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
+
+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
+
+/* The following PRFs are defined in PKCS #5 v2.1. */
+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
+#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002
+#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003
+#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004
+#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005
+#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006
+#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007
+#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008
+
+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
+ * source of the salt value when deriving a key using PKCS #5
+ * PBKDF2. */
+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
+
+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
+
+/* The following salt value sources are defined in PKCS #5 v2.0. */
+#define CKZ_SALT_SPECIFIED 0x00000001
+
+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
+typedef struct CK_PKCS5_PBKD2_PARAMS {
+    CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
+    CK_VOID_PTR pSaltSourceData;
+    CK_ULONG ulSaltSourceDataLen;
+    CK_ULONG iterations;
+    CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
+    CK_VOID_PTR pPrfData;
+    CK_ULONG ulPrfDataLen;
+    CK_UTF8CHAR_PTR pPassword;
+    CK_ULONG_PTR ulPasswordLen;
+} CK_PKCS5_PBKD2_PARAMS;
+
+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
+
+/* NSS Specific defines */
+
+/* defines that have been deprecated in 2.20, but maintained in our
+ * header file for backward compatibility */
+#define CKO_KG_PARAMETERS CKO_DOMAIN_PARAMETERS
+#define CKF_EC_FP CKF_EC_F_P
+/* new in v2.11 deprecated by 2.20 */
+#define CKR_KEY_PARAMS_INVALID 0x0000006B
+
+/* stuff that for historic reasons is in this header file but should have
+ * been in pkcs11n.h */
+#define CKK_INVALID_KEY_TYPE 0xffffffff
+
+#include "pkcs11n.h"
+
+/* undo packing */
+#include "pkcs11u.h"
+
+#endif
diff --git a/nss/lib/util/pkcs11u.h b/nss/lib/util/pkcs11u.h
new file mode 100644
index 0000000..be949bc
--- /dev/null
+++ b/nss/lib/util/pkcs11u.h
@@ -0,0 +1,19 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Copyright (C) 1994-1999 RSA Security Inc. Licence to copy this document
+ * is granted provided that it is identified as "RSA Security Inc. Public-Key
+ * Cryptography Standards (PKCS)" in all material mentioning or referencing
+ * this document.
+ */
+/*
+ * reset any packing set by pkcs11p.h
+ */
+
+#if defined(_WIN32)
+#ifdef _MSC_VER
+#pragma warning(disable : 4103)
+#endif
+#pragma pack(pop, cryptoki)
+#endif
diff --git a/nss/lib/util/pkcs1sig.c b/nss/lib/util/pkcs1sig.c
new file mode 100644
index 0000000..502119a
--- /dev/null
+++ b/nss/lib/util/pkcs1sig.c
@@ -0,0 +1,169 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include "pkcs1sig.h"
+#include "hasht.h"
+#include "secerr.h"
+#include "secasn1t.h"
+#include "secoid.h"
+
+typedef struct pkcs1PrefixStr pkcs1Prefix;
+struct pkcs1PrefixStr {
+    unsigned int len;
+    PRUint8 *data;
+};
+
+typedef struct pkcs1PrefixesStr pkcs1Prefixes;
+struct pkcs1PrefixesStr {
+    unsigned int digestLen;
+    pkcs1Prefix prefixWithParams;
+    pkcs1Prefix prefixWithoutParams;
+};
+
+/* The value for SGN_PKCS1_DIGESTINFO_MAX_PREFIX_LEN_EXCLUDING_OID is based on
+ * the possible prefix encodings as explained below.
+ */
+#define MAX_PREFIX_LEN_EXCLUDING_OID 10
+
+static SECStatus
+encodePrefix(const SECOidData *hashOid, unsigned int digestLen,
+             pkcs1Prefix *prefix, PRBool withParams)
+{
+    /* with params coding is:
+     *  Sequence (2 bytes) {
+     *      Sequence (2 bytes) {
+     *               Oid (2 bytes)  {
+     *                   Oid value (derOid->oid.len)
+     *               }
+     *               NULL (2 bytes)
+     *      }
+     *      OCTECT (2 bytes);
+     *
+     * without params coding is:
+     *  Sequence (2 bytes) {
+     *      Sequence (2 bytes) {
+     *               Oid (2 bytes)  {
+     *                   Oid value (derOid->oid.len)
+     *               }
+     *      }
+     *      OCTECT (2 bytes);
+     */
+
+    unsigned int innerSeqLen = 2 + hashOid->oid.len;
+    unsigned int outerSeqLen = 2 + innerSeqLen + 2 + digestLen;
+    unsigned int extra = 0;
+
+    if (withParams) {
+        innerSeqLen += 2;
+        outerSeqLen += 2;
+        extra = 2;
+    }
+
+    if (innerSeqLen >= 128 ||
+        outerSeqLen >= 128 ||
+        (outerSeqLen + 2 - digestLen) >
+            (MAX_PREFIX_LEN_EXCLUDING_OID + hashOid->oid.len)) {
+        /* this is actually a library failure, It shouldn't happen */
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    prefix->len = 6 + hashOid->oid.len + extra + 2;
+    prefix->data = PORT_Alloc(prefix->len);
+    if (!prefix->data) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    prefix->data[0] = SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED;
+    prefix->data[1] = outerSeqLen;
+    prefix->data[2] = SEC_ASN1_SEQUENCE | SEC_ASN1_CONSTRUCTED;
+    prefix->data[3] = innerSeqLen;
+    prefix->data[4] = SEC_ASN1_OBJECT_ID;
+    prefix->data[5] = hashOid->oid.len;
+    PORT_Memcpy(&prefix->data[6], hashOid->oid.data, hashOid->oid.len);
+    if (withParams) {
+        prefix->data[6 + hashOid->oid.len] = SEC_ASN1_NULL;
+        prefix->data[6 + hashOid->oid.len + 1] = 0;
+    }
+    prefix->data[6 + hashOid->oid.len + extra] = SEC_ASN1_OCTET_STRING;
+    prefix->data[6 + hashOid->oid.len + extra + 1] = digestLen;
+
+    return SECSuccess;
+}
+
+SECStatus
+_SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg,
+                           const SECItem *digest,
+                           const SECItem *dataRecoveredFromSignature,
+                           PRBool unsafeAllowMissingParameters)
+{
+    SECOidData *hashOid;
+    pkcs1Prefixes pp;
+    const pkcs1Prefix *expectedPrefix;
+    SECStatus rv, rv2, rv3;
+
+    if (!digest || !digest->data ||
+        !dataRecoveredFromSignature || !dataRecoveredFromSignature->data) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    hashOid = SECOID_FindOIDByTag(digestAlg);
+    if (hashOid == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    pp.digestLen = digest->len;
+    pp.prefixWithParams.data = NULL;
+    pp.prefixWithoutParams.data = NULL;
+
+    rv2 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithParams, PR_TRUE);
+    rv3 = encodePrefix(hashOid, pp.digestLen, &pp.prefixWithoutParams, PR_FALSE);
+
+    rv = SECSuccess;
+    if (rv2 != SECSuccess || rv3 != SECSuccess) {
+        rv = SECFailure;
+    }
+
+    if (rv == SECSuccess) {
+        /* We don't attempt to avoid timing attacks on these comparisons because
+         * signature verification is a public key operation, not a private key
+         * operation.
+         */
+
+        if (dataRecoveredFromSignature->len ==
+            pp.prefixWithParams.len + pp.digestLen) {
+            expectedPrefix = &pp.prefixWithParams;
+        } else if (unsafeAllowMissingParameters &&
+                   dataRecoveredFromSignature->len ==
+                       pp.prefixWithoutParams.len + pp.digestLen) {
+            expectedPrefix = &pp.prefixWithoutParams;
+        } else {
+            PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+            rv = SECFailure;
+        }
+    }
+
+    if (rv == SECSuccess) {
+        if (memcmp(dataRecoveredFromSignature->data, expectedPrefix->data,
+                   expectedPrefix->len) ||
+            memcmp(dataRecoveredFromSignature->data + expectedPrefix->len,
+                   digest->data, digest->len)) {
+            PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
+            rv = SECFailure;
+        }
+    }
+
+    if (pp.prefixWithParams.data) {
+        PORT_Free(pp.prefixWithParams.data);
+    }
+    if (pp.prefixWithoutParams.data) {
+        PORT_Free(pp.prefixWithoutParams.data);
+    }
+
+    return rv;
+}
diff --git a/nss/lib/util/pkcs1sig.h b/nss/lib/util/pkcs1sig.h
new file mode 100644
index 0000000..7c52b15
--- /dev/null
+++ b/nss/lib/util/pkcs1sig.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#ifndef _PKCS1SIG_H_
+#define _PKCS1SIG_H_
+
+#include "hasht.h"
+#include "seccomon.h"
+#include "secoidt.h"
+
+/* SGN_VerifyPKCS1DigestInfo verifies that the length of the digest is correct
+ * for the given algorithm, then verifies that the recovered data from the
+ * PKCS#1 signature is a properly-formatted DigestInfo that identifies the
+ * given digest algorithm, then verifies that the digest in the DigestInfo
+ * matches the given digest.
+ *
+ * dataRecoveredFromSignature must be the result of calling PK11_VerifyRecover
+ * or equivalent.
+ *
+ * If unsafeAllowMissingParameters is true (not recommended), then a DigestInfo
+ * without the mandatory ASN.1 NULL parameter will also be accepted.
+ */
+SECStatus _SGN_VerifyPKCS1DigestInfo(SECOidTag digestAlg,
+                                     const SECItem* digest,
+                                     const SECItem* dataRecoveredFromSignature,
+                                     PRBool unsafeAllowMissingParameters);
+
+#endif /* _PKCS1SIG_H_ */
diff --git a/nss/lib/util/portreg.c b/nss/lib/util/portreg.c
new file mode 100644
index 0000000..bf77672
--- /dev/null
+++ b/nss/lib/util/portreg.c
@@ -0,0 +1,375 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * shexp.c: shell-like wildcard match routines
+ *
+ * See shexp.h for public documentation.
+ */
+
+#include "seccomon.h"
+#include "portreg.h"
+
+/* ----------------------------- shexp_valid ------------------------------ */
+
+static int
+_valid_subexp(const char *exp, char stop1, char stop2)
+{
+    register int x;
+    int nsc = 0; /* Number of special characters */
+    int np;      /* Number of pipe characters in union */
+    int tld = 0; /* Number of tilde characters */
+
+    for (x = 0; exp[x] && (exp[x] != stop1) && (exp[x] != stop2); ++x) {
+        switch (exp[x]) {
+            case '~':
+                if (tld) /* at most one exclusion */
+                    return INVALID_SXP;
+                if (stop1) /* no exclusions within unions */
+                    return INVALID_SXP;
+                if (!exp[x + 1]) /* exclusion cannot be last character */
+                    return INVALID_SXP;
+                if (!x) /* exclusion cannot be first character */
+                    return INVALID_SXP;
+                ++tld;
+            /* fall through */
+            case '*':
+            case '?':
+            case '$':
+                ++nsc;
+                break;
+            case '[':
+                ++nsc;
+                if ((!exp[++x]) || (exp[x] == ']'))
+                    return INVALID_SXP;
+                for (; exp[x] && (exp[x] != ']'); ++x) {
+                    if (exp[x] == '\\' && !exp[++x])
+                        return INVALID_SXP;
+                }
+                if (!exp[x])
+                    return INVALID_SXP;
+                break;
+            case '(':
+                ++nsc;
+                if (stop1) /* no nested unions */
+                    return INVALID_SXP;
+                np = -1;
+                do {
+                    int t = _valid_subexp(&exp[++x], ')', '|');
+                    if (t == 0 || t == INVALID_SXP)
+                        return INVALID_SXP;
+                    x += t;
+                    if (!exp[x])
+                        return INVALID_SXP;
+                    ++np;
+                } while (exp[x] == '|');
+                if (np < 1) /* must be at least one pipe */
+                    return INVALID_SXP;
+                break;
+            case ')':
+            case '|':
+            case ']':
+                return INVALID_SXP;
+            case '\\':
+                ++nsc;
+                if (!exp[++x])
+                    return INVALID_SXP;
+                break;
+            default:
+                break;
+        }
+    }
+    if ((!stop1) && (!nsc)) /* must be at least one special character */
+        return NON_SXP;
+    return ((exp[x] == stop1 || exp[x] == stop2) ? x : INVALID_SXP);
+}
+
+int
+PORT_RegExpValid(const char *exp)
+{
+    int x;
+
+    x = _valid_subexp(exp, '\0', '\0');
+    return (x < 0 ? x : VALID_SXP);
+}
+
+/* ----------------------------- shexp_match ----------------------------- */
+
+#define MATCH 0
+#define NOMATCH 1
+#define ABORTED -1
+
+static int
+_shexp_match(const char *str, const char *exp, PRBool case_insensitive,
+             unsigned int level);
+
+/* Count characters until we reach a NUL character or either of the
+ * two delimiter characters, stop1 or stop2.  If we encounter a bracketed
+ * expression, look only for NUL or ']' inside it.  Do not look for stop1
+ * or stop2 inside it. Return ABORTED if bracketed expression is unterminated.
+ * Handle all escaping.
+ * Return index in input string of first stop found, or ABORTED if not found.
+ * If "dest" is non-NULL, copy counted characters to it and NUL terminate.
+ */
+static int
+_scan_and_copy(const char *exp, char stop1, char stop2, char *dest)
+{
+    register int sx; /* source index */
+    register char cc;
+
+    for (sx = 0; (cc = exp[sx]) && cc != stop1 && cc != stop2; sx++) {
+        if (cc == '\\') {
+            if (!exp[++sx])
+                return ABORTED; /* should be impossible */
+        } else if (cc == '[') {
+            while ((cc = exp[++sx]) && cc != ']') {
+                if (cc == '\\' && !exp[++sx])
+                    return ABORTED;
+            }
+            if (!cc)
+                return ABORTED; /* should be impossible */
+        }
+    }
+    if (dest && sx) {
+        /* Copy all but the closing delimiter. */
+        memcpy(dest, exp, sx);
+        dest[sx] = 0;
+    }
+    return cc ? sx : ABORTED; /* index of closing delimiter */
+}
+
+/* On input, exp[0] is the opening parenthesis of a union.
+ * See if any of the alternatives in the union matches as a pattern.
+ * The strategy is to take each of the alternatives, in turn, and append
+ * the rest of the expression (after the closing ')' that marks the end of
+ * this union) to that alternative, and then see if the resultant expression
+ * matches the input string.  Repeat this until some alternative matches,
+ * or we have an abort.
+ */
+static int
+_handle_union(const char *str, const char *exp, PRBool case_insensitive,
+              unsigned int level)
+{
+    register int sx; /* source index */
+    int cp;          /* source index of closing parenthesis */
+    int count;
+    int ret = NOMATCH;
+    char *e2;
+
+    /* Find the closing parenthesis that ends this union in the expression */
+    cp = _scan_and_copy(exp, ')', '\0', NULL);
+    if (cp == ABORTED || cp < 4) /* must be at least "(a|b" before ')' */
+        return ABORTED;
+    ++cp; /* now index of char after closing parenthesis */
+    e2 = (char *)PORT_Alloc(1 + strlen(exp));
+    if (!e2)
+        return ABORTED;
+    for (sx = 1;; ++sx) {
+        /* Here, exp[sx] is one character past the preceding '(' or '|'. */
+        /* Copy everything up to the next delimiter to e2 */
+        count = _scan_and_copy(exp + sx, ')', '|', e2);
+        if (count == ABORTED || !count) {
+            ret = ABORTED;
+            break;
+        }
+        sx += count;
+        /* Append everything after closing parenthesis to e2. This is safe. */
+        strcpy(e2 + count, exp + cp);
+        ret = _shexp_match(str, e2, case_insensitive, level + 1);
+        if (ret != NOMATCH || !exp[sx] || exp[sx] == ')')
+            break;
+    }
+    PORT_Free(e2);
+    if (sx < 2)
+        ret = ABORTED;
+    return ret;
+}
+
+/* returns 1 if val is in range from start..end, case insensitive. */
+static int
+_is_char_in_range(int start, int end, int val)
+{
+    char map[256];
+    memset(map, 0, sizeof map);
+    while (start <= end)
+        map[tolower(start++)] = 1;
+    return map[tolower(val)];
+}
+
+static int
+_shexp_match(const char *str, const char *exp, PRBool case_insensitive,
+             unsigned int level)
+{
+    register int x; /* input string index */
+    register int y; /* expression index */
+    int ret, neg;
+
+    if (level > 20) /* Don't let the stack get too deep. */
+        return ABORTED;
+    for (x = 0, y = 0; exp[y]; ++y, ++x) {
+        if ((!str[x]) && (exp[y] != '$') && (exp[y] != '*')) {
+            return NOMATCH;
+        }
+        switch (exp[y]) {
+            case '$':
+                if (str[x])
+                    return NOMATCH;
+                --x; /* we don't want loop to increment x */
+                break;
+            case '*':
+                while (exp[++y] == '*') {
+                }
+                if (!exp[y])
+                    return MATCH;
+                while (str[x]) {
+                    ret = _shexp_match(&str[x++], &exp[y], case_insensitive,
+                                       level + 1);
+                    switch (ret) {
+                        case NOMATCH:
+                            continue;
+                        case ABORTED:
+                            return ABORTED;
+                        default:
+                            return MATCH;
+                    }
+                }
+                if ((exp[y] == '$') && (exp[y + 1] == '\0') && (!str[x]))
+                    return MATCH;
+                else
+                    return NOMATCH;
+            case '[': {
+                int start, end = 0, i;
+                neg = ((exp[++y] == '^') && (exp[y + 1] != ']'));
+                if (neg)
+                    ++y;
+                i = y;
+                start = (unsigned char)(exp[i++]);
+                if (start == '\\')
+                    start = (unsigned char)(exp[i++]);
+                if (isalnum(start) && exp[i++] == '-') {
+                    end = (unsigned char)(exp[i++]);
+                    if (end == '\\')
+                        end = (unsigned char)(exp[i++]);
+                }
+                if (isalnum(end) && exp[i] == ']') {
+                    /* This is a range form: a-b */
+                    int val = (unsigned char)(str[x]);
+                    if (end < start) { /* swap them */
+                        start ^= end;
+                        end ^= start;
+                        start ^= end;
+                    }
+                    if (case_insensitive && isalpha(val)) {
+                        val = _is_char_in_range(start, end, val);
+                        if (neg == val)
+                            return NOMATCH;
+                    } else if (neg != ((val < start) || (val > end))) {
+                        return NOMATCH;
+                    }
+                    y = i;
+                } else {
+                    /* Not range form */
+                    int matched = 0;
+                    for (; exp[y] != ']'; y++) {
+                        if (exp[y] == '\\')
+                            ++y;
+                        if (case_insensitive) {
+                            matched |= (toupper(str[x]) == toupper(exp[y]));
+                        } else {
+                            matched |= (str[x] == exp[y]);
+                        }
+                    }
+                    if (neg == matched)
+                        return NOMATCH;
+                }
+            } break;
+            case '(':
+                if (!exp[y + 1])
+                    return ABORTED;
+                return _handle_union(&str[x], &exp[y], case_insensitive, level);
+            case '?':
+                break;
+            case '|':
+            case ']':
+            case ')':
+                return ABORTED;
+            case '\\':
+                ++y;
+            /* fall through */
+            default:
+                if (case_insensitive) {
+                    if (toupper(str[x]) != toupper(exp[y]))
+                        return NOMATCH;
+                } else {
+                    if (str[x] != exp[y])
+                        return NOMATCH;
+                }
+                break;
+        }
+    }
+    return (str[x] ? NOMATCH : MATCH);
+}
+
+static int
+port_RegExpMatch(const char *str, const char *xp, PRBool case_insensitive)
+{
+    char *exp = 0;
+    int x, ret = MATCH;
+
+    if (!strchr(xp, '~'))
+        return _shexp_match(str, xp, case_insensitive, 0);
+
+    exp = PORT_Strdup(xp);
+    if (!exp)
+        return NOMATCH;
+
+    x = _scan_and_copy(exp, '~', '\0', NULL);
+    if (x != ABORTED && exp[x] == '~') {
+        exp[x++] = '\0';
+        ret = _shexp_match(str, &exp[x], case_insensitive, 0);
+        switch (ret) {
+            case NOMATCH:
+                ret = MATCH;
+                break;
+            case MATCH:
+                ret = NOMATCH;
+                break;
+            default:
+                break;
+        }
+    }
+    if (ret == MATCH)
+        ret = _shexp_match(str, exp, case_insensitive, 0);
+
+    PORT_Free(exp);
+    return ret;
+}
+
+/* ------------------------------ shexp_cmp ------------------------------- */
+
+int
+PORT_RegExpSearch(const char *str, const char *exp)
+{
+    switch (PORT_RegExpValid(exp)) {
+        case INVALID_SXP:
+            return -1;
+        case NON_SXP:
+            return (strcmp(exp, str) ? 1 : 0);
+        default:
+            return port_RegExpMatch(str, exp, PR_FALSE);
+    }
+}
+
+int
+PORT_RegExpCaseSearch(const char *str, const char *exp)
+{
+    switch (PORT_RegExpValid(exp)) {
+        case INVALID_SXP:
+            return -1;
+        case NON_SXP:
+            return (PORT_Strcasecmp(exp, str) ? 1 : 0);
+        default:
+            return port_RegExpMatch(str, exp, PR_TRUE);
+    }
+}
diff --git a/nss/lib/util/portreg.h b/nss/lib/util/portreg.h
new file mode 100644
index 0000000..14bd9e7
--- /dev/null
+++ b/nss/lib/util/portreg.h
@@ -0,0 +1,81 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * shexp.h: Defines and prototypes for shell exp. match routines
+ *
+ * This routine will match a string with a shell expression. The expressions
+ * accepted are based loosely on the expressions accepted by zsh.
+ *
+ * o * matches anything
+ * o ? matches one character
+ * o \ will escape a special character
+ * o $ matches the end of the string
+ * Bracketed expressions:
+ * o [abc] matches one occurence of a, b, or c.
+ * o [^abc] matches any character except a, b, or c.
+ *     To be matched between [ and ], these characters must be escaped: \ ]
+ *     No other characters need be escaped between brackets.
+ *     Unnecessary escaping is permitted.
+ * o [a-z] matches any character between a and z, inclusive.
+ *     The two range-definition characters must be alphanumeric ASCII.
+ *     If one is upper case and the other is lower case, then the ASCII
+ *     non-alphanumeric characters between Z and a will also be in range.
+ * o [^a-z] matches any character except those between a and z, inclusive.
+ *     These forms cannot be combined, e.g [a-gp-z] does not work.
+ * o Exclusions:
+ *   As a top level, outter-most expression only, the expression
+ *   foo~bar will match the expression foo, provided it does not also
+ *     match the expression bar.  Either expression or both may be a union.
+ *     Except between brackets, any unescaped ~ is an exclusion.
+ *     At most one exclusion is permitted.
+ *     Exclusions cannot be nested (contain other exclusions).
+ *     example: *~abc will match any string except abc
+ * o Unions:
+ *   (foo|bar) will match either the expression foo, or the expression bar.
+ *     At least one '|' separator is required.  More are permitted.
+ *     Expressions inside unions may not include unions or exclusions.
+ *     Inside a union, to be matched and not treated as a special character,
+ *     these characters must be escaped: \ ( | ) [ ~ except when they occur
+ *     inside a bracketed expression, where only \ and ] require escaping.
+ *
+ * The public interface to these routines is documented below.
+ *
+ */
+
+#ifndef SHEXP_H
+#define SHEXP_H
+
+#include "utilrename.h"
+/*
+ * Requires that the macro MALLOC be set to a "safe" malloc that will
+ * exit if no memory is available.
+ */
+
+/* --------------------------- Public routines ---------------------------- */
+
+/*
+ * shexp_valid takes a shell expression exp as input. It returns:
+ *
+ *  NON_SXP      if exp is a standard string
+ *  INVALID_SXP  if exp is a shell expression, but invalid
+ *  VALID_SXP    if exp is a valid shell expression
+ */
+
+#define NON_SXP -1
+#define INVALID_SXP -2
+#define VALID_SXP 1
+
+SEC_BEGIN_PROTOS
+
+extern int PORT_RegExpValid(const char *exp);
+
+extern int PORT_RegExpSearch(const char *str, const char *exp);
+
+/* same as above but uses case insensitive search */
+extern int PORT_RegExpCaseSearch(const char *str, const char *exp);
+
+SEC_END_PROTOS
+
+#endif
diff --git a/nss/lib/util/quickder.c b/nss/lib/util/quickder.c
new file mode 100644
index 0000000..49ff14d
--- /dev/null
+++ b/nss/lib/util/quickder.c
@@ -0,0 +1,819 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+    Optimized ASN.1 DER decoder
+*/
+
+#include "secerr.h"
+#include "secasn1.h" /* for SEC_ASN1GetSubtemplate */
+#include "secitem.h"
+
+/*
+ * simple definite-length ASN.1 decoder
+ */
+
+static unsigned char*
+definite_length_decoder(const unsigned char* buf,
+                        const unsigned int buf_length,
+                        unsigned int* out_data_length,
+                        PRBool includeTag)
+{
+    unsigned char tag;
+    unsigned int used_length = 0;
+    unsigned int data_length = 0;
+    unsigned char length_field_len = 0;
+    unsigned char byte;
+    unsigned int i;
+
+    if (used_length >= buf_length) {
+        /* Tag field was not found! */
+        return NULL;
+    }
+    tag = buf[used_length++];
+
+    if (tag == 0) {
+        /* End-of-contents octects should not be present in DER because
+           DER doesn't use the indefinite length form. */
+        return NULL;
+    }
+
+    if ((tag & 0x1F) == 0x1F) {
+        /* High tag number (a tag number > 30) is not supported */
+        return NULL;
+    }
+
+    if (used_length >= buf_length) {
+        /* Length field was not found! */
+        return NULL;
+    }
+    byte = buf[used_length++];
+
+    if (!(byte & 0x80)) {
+        /* Short form: The high bit is not set. */
+        data_length = byte; /* clarity; we're returning a 32-bit int. */
+    } else {
+        /* Long form. Extract the field length */
+        length_field_len = byte & 0x7F;
+        if (length_field_len == 0) {
+            /* DER doesn't use the indefinite length form. */
+            return NULL;
+        }
+
+        if (length_field_len > sizeof(data_length)) {
+            /* We don't support an extended length field  longer than
+               4 bytes (2^32) */
+            return NULL;
+        }
+
+        if (length_field_len > (buf_length - used_length)) {
+            /* Extended length field was not found */
+            return NULL;
+        }
+
+        /* Iterate across the extended length field */
+        for (i = 0; i < length_field_len; i++) {
+            byte = buf[used_length++];
+            data_length = (data_length << 8) | byte;
+
+            if (i == 0) {
+                PRBool too_long = PR_FALSE;
+                if (length_field_len == 1) {
+                    too_long = ((byte & 0x80) == 0); /* Short form suffices */
+                } else {
+                    too_long = (byte == 0); /* This zero byte can be omitted */
+                }
+                if (too_long) {
+                    /* The length is longer than needed. */
+                    return NULL;
+                }
+            }
+        }
+    }
+
+    if (data_length > (buf_length - used_length)) {
+        /* The decoded length exceeds the available buffer */
+        return NULL;
+    }
+
+    if (includeTag) {
+        data_length += used_length;
+    }
+
+    *out_data_length = data_length;
+    return ((unsigned char*)buf + (includeTag ? 0 : used_length));
+}
+
+static SECStatus
+GetItem(SECItem* src, SECItem* dest, PRBool includeTag)
+{
+    if ((!src) || (!dest) || (!src->data && src->len)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!src->len) {
+        /* reaching the end of the buffer is not an error */
+        dest->data = NULL;
+        dest->len = 0;
+        return SECSuccess;
+    }
+
+    dest->data = definite_length_decoder(src->data, src->len, &dest->len,
+                                         includeTag);
+    if (dest->data == NULL) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        return SECFailure;
+    }
+    src->len -= (int)(dest->data - src->data) + dest->len;
+    src->data = dest->data + dest->len;
+    return SECSuccess;
+}
+
+/* check if the actual component's type matches the type in the template */
+
+static SECStatus
+MatchComponentType(const SEC_ASN1Template* templateEntry,
+                   SECItem* item, PRBool* match, void* dest)
+{
+    unsigned long kind = 0;
+    unsigned char tag = 0;
+
+    if ((!item) || (!item->data && item->len) || (!templateEntry) || (!match)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!item->len) {
+        *match = PR_FALSE;
+        return SECSuccess;
+    }
+
+    kind = templateEntry->kind;
+    tag = *(unsigned char*)item->data;
+
+    if (((kind & SEC_ASN1_INLINE) ||
+         (kind & SEC_ASN1_POINTER)) &&
+        (0 == (kind & SEC_ASN1_TAG_MASK))) {
+        /* These cases are special because the template's "kind" does not
+           give us the information for the ASN.1 tag of the next item. It can
+           only be figured out from the subtemplate. */
+        if (!(kind & SEC_ASN1_OPTIONAL)) {
+            /* This is a required component. If there is a type mismatch,
+               the decoding of the subtemplate will fail, so assume this
+               is a match at the parent level and let it fail later. This
+               avoids a redundant check in matching cases */
+            *match = PR_TRUE;
+            return SECSuccess;
+        } else {
+            /* optional component. This is the hard case. Now we need to
+               look at the subtemplate to get the expected kind */
+            const SEC_ASN1Template* subTemplate =
+                SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE);
+            if (!subTemplate) {
+                PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
+                return SECFailure;
+            }
+            if ((subTemplate->kind & SEC_ASN1_INLINE) ||
+                (subTemplate->kind & SEC_ASN1_POINTER)) {
+                /* disallow nesting SEC_ASN1_POINTER and SEC_ASN1_INLINE,
+                   otherwise you may get a false positive due to the recursion
+                   optimization above that always matches the type if the
+                   component is required . Nesting these should never be
+                   required, so that no one should miss this ability */
+                PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
+                return SECFailure;
+            }
+            return MatchComponentType(subTemplate, item, match,
+                                      (void*)((char*)dest + templateEntry->offset));
+        }
+    }
+
+    if (kind & SEC_ASN1_CHOICE) {
+        /* we need to check the component's tag against each choice's tag */
+        /* XXX it would be nice to save the index of the choice here so that
+           DecodeChoice wouldn't have to do this again. However, due to the
+           recursivity of MatchComponentType, we don't know if we are in a
+           required or optional component, so we can't write anywhere in
+           the destination within this function */
+        unsigned choiceIndex = 1;
+        const SEC_ASN1Template* choiceEntry;
+        while ((choiceEntry = &templateEntry[choiceIndex++]) && (choiceEntry->kind)) {
+            if ((SECSuccess == MatchComponentType(choiceEntry, item, match,
+                                                  (void*)((char*)dest + choiceEntry->offset))) &&
+                (PR_TRUE == *match)) {
+                return SECSuccess;
+            }
+        }
+        /* no match, caller must decide if this is BAD DER, or not. */
+        *match = PR_FALSE;
+        return SECSuccess;
+    }
+
+    if (kind & SEC_ASN1_ANY) {
+        /* SEC_ASN1_ANY always matches */
+        *match = PR_TRUE;
+        return SECSuccess;
+    }
+
+    if ((0 == ((unsigned char)kind & SEC_ASN1_TAGNUM_MASK)) &&
+        (!(kind & SEC_ASN1_EXPLICIT)) &&
+        (((kind & SEC_ASN1_SAVE) ||
+          (kind & SEC_ASN1_SKIP)) &&
+         (!(kind & SEC_ASN1_OPTIONAL)))) {
+        /* when saving or skipping a required component,  a type is not
+           required in the template. This is for legacy support of
+           SEC_ASN1_SAVE and SEC_ASN1_SKIP only. XXX I would like to
+           deprecate these usages and always require a type, as this
+           disables type checking, and effectively forbids us from
+           transparently ignoring optional components we aren't aware of */
+        *match = PR_TRUE;
+        return SECSuccess;
+    }
+
+    /* first, do a class check */
+    if ((tag & SEC_ASN1_CLASS_MASK) !=
+        (((unsigned char)kind) & SEC_ASN1_CLASS_MASK)) {
+        /* this is only to help debugging of the decoder in case of problems */
+        /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */
+        /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */
+        *match = PR_FALSE;
+        return SECSuccess;
+    }
+
+    /* now do a tag check */
+    if (((unsigned char)kind & SEC_ASN1_TAGNUM_MASK) !=
+        (tag & SEC_ASN1_TAGNUM_MASK)) {
+        *match = PR_FALSE;
+        return SECSuccess;
+    }
+
+    /* now, do a method check. This depends on the class */
+    switch (tag & SEC_ASN1_CLASS_MASK) {
+        case SEC_ASN1_UNIVERSAL:
+            /* For types of the SEC_ASN1_UNIVERSAL class, we know which must be
+               primitive or constructed based on the tag */
+            switch (tag & SEC_ASN1_TAGNUM_MASK) {
+                case SEC_ASN1_SEQUENCE:
+                case SEC_ASN1_SET:
+                case SEC_ASN1_EMBEDDED_PDV:
+                    /* this component must be a constructed type */
+                    /* XXX add any new universal constructed type here */
+                    if (tag & SEC_ASN1_CONSTRUCTED) {
+                        *match = PR_TRUE;
+                        return SECSuccess;
+                    }
+                    break;
+
+                default:
+                    /* this component must be a primitive type */
+                    if (!(tag & SEC_ASN1_CONSTRUCTED)) {
+                        *match = PR_TRUE;
+                        return SECSuccess;
+                    }
+                    break;
+            }
+            break;
+
+        default:
+            /* for all other classes, we check the method based on the template */
+            if ((unsigned char)(kind & SEC_ASN1_METHOD_MASK) ==
+                (tag & SEC_ASN1_METHOD_MASK)) {
+                *match = PR_TRUE;
+                return SECSuccess;
+            }
+            /* method does not match between template and component */
+            break;
+    }
+
+    *match = PR_FALSE;
+    return SECSuccess;
+}
+
+#ifdef DEBUG
+
+static SECStatus
+CheckSequenceTemplate(const SEC_ASN1Template* sequenceTemplate)
+{
+    SECStatus rv = SECSuccess;
+    const SEC_ASN1Template* sequenceEntry = NULL;
+    unsigned long seqIndex = 0;
+    unsigned long lastEntryIndex = 0;
+    unsigned long ambiguityIndex = 0;
+    PRBool foundAmbiguity = PR_FALSE;
+
+    do {
+        sequenceEntry = &sequenceTemplate[seqIndex++];
+        if (sequenceEntry->kind) {
+            /* ensure that we don't have an optional component of SEC_ASN1_ANY
+               in the middle of the sequence, since we could not handle it */
+            /* XXX this function needs to dig into the subtemplates to find
+               the next tag */
+            if ((PR_FALSE == foundAmbiguity) &&
+                (sequenceEntry->kind & SEC_ASN1_OPTIONAL) &&
+                (sequenceEntry->kind & SEC_ASN1_ANY)) {
+                foundAmbiguity = PR_TRUE;
+                ambiguityIndex = seqIndex - 1;
+            }
+        }
+    } while (sequenceEntry->kind);
+
+    lastEntryIndex = seqIndex - 2;
+
+    if (PR_FALSE != foundAmbiguity) {
+        if (ambiguityIndex < lastEntryIndex) {
+            /* ambiguity can only be tolerated on the last entry */
+            PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
+            rv = SECFailure;
+        }
+    }
+
+    /* XXX also enforce ASN.1 requirement that tags be
+       distinct for consecutive optional components */
+
+    return rv;
+}
+
+#endif
+
+static SECStatus DecodeItem(void* dest,
+                            const SEC_ASN1Template* templateEntry,
+                            SECItem* src, PLArenaPool* arena, PRBool checkTag);
+
+static SECStatus
+DecodeSequence(void* dest,
+               const SEC_ASN1Template* templateEntry,
+               SECItem* src, PLArenaPool* arena)
+{
+    SECStatus rv = SECSuccess;
+    SECItem source;
+    SECItem sequence;
+    const SEC_ASN1Template* sequenceTemplate = &(templateEntry[1]);
+    const SEC_ASN1Template* sequenceEntry = NULL;
+    unsigned long seqindex = 0;
+
+#ifdef DEBUG
+    /* for a sequence, we need to validate the template. */
+    rv = CheckSequenceTemplate(sequenceTemplate);
+#endif
+
+    source = *src;
+
+    /* get the sequence */
+    if (SECSuccess == rv) {
+        rv = GetItem(&source, &sequence, PR_FALSE);
+    }
+
+    /* process it */
+    if (SECSuccess == rv)
+        do {
+            sequenceEntry = &sequenceTemplate[seqindex++];
+            if ((sequenceEntry && sequenceEntry->kind) &&
+                (sequenceEntry->kind != SEC_ASN1_SKIP_REST)) {
+                rv = DecodeItem(dest, sequenceEntry, &sequence, arena, PR_TRUE);
+            }
+        } while ((SECSuccess == rv) &&
+                 (sequenceEntry->kind &&
+                  sequenceEntry->kind != SEC_ASN1_SKIP_REST));
+    /* we should have consumed all the bytes in the sequence by now
+       unless the caller doesn't care about the rest of the sequence */
+    if (SECSuccess == rv && sequence.len &&
+        sequenceEntry && sequenceEntry->kind != SEC_ASN1_SKIP_REST) {
+        /* it isn't 100% clear whether this is a bad DER or a bad template.
+           The problem is that logically, they don't match - there is extra
+           data in the DER that the template doesn't know about */
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        rv = SECFailure;
+    }
+
+    return rv;
+}
+
+static SECStatus
+DecodeInline(void* dest,
+             const SEC_ASN1Template* templateEntry,
+             SECItem* src, PLArenaPool* arena, PRBool checkTag)
+{
+    const SEC_ASN1Template* inlineTemplate =
+        SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE);
+    return DecodeItem((void*)((char*)dest + templateEntry->offset),
+                      inlineTemplate, src, arena, checkTag);
+}
+
+static SECStatus
+DecodePointer(void* dest,
+              const SEC_ASN1Template* templateEntry,
+              SECItem* src, PLArenaPool* arena, PRBool checkTag)
+{
+    const SEC_ASN1Template* ptrTemplate =
+        SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE);
+    void* subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size);
+    *(void**)((char*)dest + templateEntry->offset) = subdata;
+    if (subdata) {
+        return DecodeItem(subdata, ptrTemplate, src, arena, checkTag);
+    } else {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+}
+
+static SECStatus
+DecodeImplicit(void* dest,
+               const SEC_ASN1Template* templateEntry,
+               SECItem* src, PLArenaPool* arena)
+{
+    if (templateEntry->kind & SEC_ASN1_POINTER) {
+        return DecodePointer((void*)((char*)dest),
+                             templateEntry, src, arena, PR_FALSE);
+    } else {
+        return DecodeInline((void*)((char*)dest),
+                            templateEntry, src, arena, PR_FALSE);
+    }
+}
+
+static SECStatus
+DecodeChoice(void* dest,
+             const SEC_ASN1Template* templateEntry,
+             SECItem* src, PLArenaPool* arena)
+{
+    SECStatus rv = SECSuccess;
+    SECItem choice;
+    const SEC_ASN1Template* choiceTemplate = &(templateEntry[1]);
+    const SEC_ASN1Template* choiceEntry = NULL;
+    unsigned long choiceindex = 0;
+
+    /* XXX for a choice component, we should validate the template to make
+       sure the tags are distinct, in debug builds. This hasn't been
+       implemented yet */
+    /* rv = CheckChoiceTemplate(sequenceTemplate); */
+
+    /* process it */
+    do {
+        choice = *src;
+        choiceEntry = &choiceTemplate[choiceindex++];
+        if (choiceEntry->kind) {
+            rv = DecodeItem(dest, choiceEntry, &choice, arena, PR_TRUE);
+        }
+    } while ((SECFailure == rv) && (choiceEntry->kind));
+
+    if (SECFailure == rv) {
+        /* the component didn't match any of the choices */
+        PORT_SetError(SEC_ERROR_BAD_DER);
+    } else {
+        /* set the type in the union here */
+        int* which = (int*)((char*)dest + templateEntry->offset);
+        *which = (int)choiceEntry->size;
+    }
+
+    /* we should have consumed all the bytes by now */
+    /* fail if we have not */
+    if (SECSuccess == rv && choice.len) {
+        /* there is extra data that isn't listed in the template */
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        rv = SECFailure;
+    }
+    return rv;
+}
+
+static SECStatus
+DecodeGroup(void* dest,
+            const SEC_ASN1Template* templateEntry,
+            SECItem* src, PLArenaPool* arena)
+{
+    SECStatus rv = SECSuccess;
+    SECItem source;
+    SECItem group;
+    PRUint32 totalEntries = 0;
+    PRUint32 entryIndex = 0;
+    void** entries = NULL;
+
+    const SEC_ASN1Template* subTemplate =
+        SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE);
+
+    source = *src;
+
+    /* get the group */
+    if (SECSuccess == rv) {
+        rv = GetItem(&source, &group, PR_FALSE);
+    }
+
+    /* XXX we should check the subtemplate in debug builds */
+    if (SECSuccess == rv) {
+        /* first, count the number of entries. Benchmarking showed that this
+           counting pass is more efficient than trying to allocate entries as
+           we read the DER, even if allocating many entries at a time
+        */
+        SECItem counter = group;
+        do {
+            SECItem anitem;
+            rv = GetItem(&counter, &anitem, PR_TRUE);
+            if (SECSuccess == rv && (anitem.len)) {
+                totalEntries++;
+            }
+        } while ((SECSuccess == rv) && (counter.len));
+
+        if (SECSuccess == rv) {
+            /* allocate room for pointer array and entries */
+            /* we want to allocate the array even if there is 0 entry */
+            entries = (void**)PORT_ArenaZAlloc(arena, sizeof(void*) *
+                                                              (totalEntries + 1) + /* the extra one is for NULL termination */
+                                                          subTemplate->size * totalEntries);
+
+            if (entries) {
+                entries[totalEntries] = NULL; /* terminate the array */
+            } else {
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                rv = SECFailure;
+            }
+            if (SECSuccess == rv) {
+                void* entriesData = (unsigned char*)entries + (unsigned long)(sizeof(void*) * (totalEntries + 1));
+                /* and fix the pointers in the array */
+                PRUint32 entriesIndex = 0;
+                for (entriesIndex = 0; entriesIndex < totalEntries; entriesIndex++) {
+                    entries[entriesIndex] =
+                        (char*)entriesData + (subTemplate->size * entriesIndex);
+                }
+            }
+        }
+    }
+
+    if (SECSuccess == rv && totalEntries)
+        do {
+            if (!(entryIndex < totalEntries)) {
+                rv = SECFailure;
+                break;
+            }
+            rv = DecodeItem(entries[entryIndex++], subTemplate, &group, arena, PR_TRUE);
+        } while ((SECSuccess == rv) && (group.len));
+    /* we should be at the end of the set by now */
+    /* save the entries where requested */
+    memcpy(((char*)dest + templateEntry->offset), &entries, sizeof(void**));
+
+    return rv;
+}
+
+static SECStatus
+DecodeExplicit(void* dest,
+               const SEC_ASN1Template* templateEntry,
+               SECItem* src, PLArenaPool* arena)
+{
+    SECStatus rv = SECSuccess;
+    SECItem subItem;
+    SECItem constructed = *src;
+
+    rv = GetItem(&constructed, &subItem, PR_FALSE);
+
+    if (SECSuccess == rv) {
+        if (templateEntry->kind & SEC_ASN1_POINTER) {
+            rv = DecodePointer(dest, templateEntry, &subItem, arena, PR_TRUE);
+        } else {
+            rv = DecodeInline(dest, templateEntry, &subItem, arena, PR_TRUE);
+        }
+    }
+
+    return rv;
+}
+
+/* new decoder implementation. This is a recursive function */
+
+static SECStatus
+DecodeItem(void* dest,
+           const SEC_ASN1Template* templateEntry,
+           SECItem* src, PLArenaPool* arena, PRBool checkTag)
+{
+    SECStatus rv = SECSuccess;
+    SECItem temp;
+    SECItem mark = { siBuffer, NULL, 0 };
+    PRBool pop = PR_FALSE;
+    PRBool decode = PR_TRUE;
+    PRBool save = PR_FALSE;
+    unsigned long kind;
+    PRBool match = PR_TRUE;
+
+    PR_ASSERT(src && dest && templateEntry && arena);
+#if 0
+    if (!src || !dest || !templateEntry || !arena)
+    {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
+    }
+#endif
+
+    if (SECSuccess == rv) {
+        /* do the template validation */
+        kind = templateEntry->kind;
+        if (!kind) {
+            PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
+            rv = SECFailure;
+        }
+    }
+
+    if (SECSuccess == rv) {
+#ifdef DEBUG
+        if (kind & SEC_ASN1_DEBUG_BREAK) {
+            /* when debugging the decoder or a template that fails to
+            decode, put SEC_ASN1_DEBUG in the component that gives you
+            trouble. The decoder will then get to this block and assert.
+            If you want to debug the rest of the code, you can set a
+            breakpoint and set dontassert to PR_TRUE, which will let
+            you skip over the assert and continue the debugging session
+            past it. */
+            PRBool dontassert = PR_FALSE;
+            PR_ASSERT(dontassert); /* set bkpoint here & set dontassert*/
+        }
+#endif
+
+        if ((kind & SEC_ASN1_SKIP) ||
+            (kind & SEC_ASN1_SAVE)) {
+            /* if skipping or saving this component, don't decode it */
+            decode = PR_FALSE;
+        }
+
+        if (kind & (SEC_ASN1_SAVE | SEC_ASN1_OPTIONAL)) {
+            /* if saving this component, or if it is optional, we may not want to
+               move past it, so save the position in case we have to rewind */
+            mark = *src;
+            if (kind & SEC_ASN1_SAVE) {
+                save = PR_TRUE;
+                if (0 == (kind & SEC_ASN1_SKIP)) {
+                    /* we will for sure have to rewind when saving this
+                       component and not skipping it. This is true for all
+                       legacy uses of SEC_ASN1_SAVE where the following entry
+                       in the template would causes the same component to be
+                       processed again */
+                    pop = PR_TRUE;
+                }
+            }
+        }
+
+        rv = GetItem(src, &temp, PR_TRUE);
+    }
+
+    if (SECSuccess == rv) {
+        /* now check if the component matches what we expect in the template */
+
+        if (PR_TRUE == checkTag)
+
+        {
+            rv = MatchComponentType(templateEntry, &temp, &match, dest);
+        }
+
+        if ((SECSuccess == rv) && (PR_TRUE != match)) {
+            if (kind & SEC_ASN1_OPTIONAL) {
+
+                /* the optional component is missing. This is not fatal. */
+                /* Rewind, don't decode, and don't save */
+                pop = PR_TRUE;
+                decode = PR_FALSE;
+                save = PR_FALSE;
+            } else {
+                /* a required component is missing. abort */
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                rv = SECFailure;
+            }
+        }
+    }
+
+    if ((SECSuccess == rv) && (PR_TRUE == decode)) {
+        /* the order of processing here is is the tricky part */
+        /* we start with our special cases */
+        /* first, check the component class */
+        if (kind & SEC_ASN1_INLINE) {
+            /* decode inline template */
+            rv = DecodeInline(dest, templateEntry, &temp, arena, PR_TRUE);
+        }
+
+        else if (kind & SEC_ASN1_EXPLICIT) {
+            rv = DecodeExplicit(dest, templateEntry, &temp, arena);
+        } else if ((SEC_ASN1_UNIVERSAL != (kind & SEC_ASN1_CLASS_MASK)) &&
+
+                   (!(kind & SEC_ASN1_EXPLICIT))) {
+
+            /* decode implicitly tagged components */
+            rv = DecodeImplicit(dest, templateEntry, &temp, arena);
+        } else if (kind & SEC_ASN1_POINTER) {
+            rv = DecodePointer(dest, templateEntry, &temp, arena, PR_TRUE);
+        } else if (kind & SEC_ASN1_CHOICE) {
+            rv = DecodeChoice(dest, templateEntry, &temp, arena);
+        } else if (kind & SEC_ASN1_ANY) {
+            /* catch-all ANY type, don't decode */
+            save = PR_TRUE;
+            if (kind & SEC_ASN1_INNER) {
+                /* skip the tag and length */
+                SECItem newtemp = temp;
+                rv = GetItem(&newtemp, &temp, PR_FALSE);
+            }
+        } else if (kind & SEC_ASN1_GROUP) {
+            if ((SEC_ASN1_SEQUENCE == (kind & SEC_ASN1_TAGNUM_MASK)) ||
+                (SEC_ASN1_SET == (kind & SEC_ASN1_TAGNUM_MASK))) {
+                rv = DecodeGroup(dest, templateEntry, &temp, arena);
+            } else {
+                /* a group can only be a SET OF or SEQUENCE OF */
+                PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
+                rv = SECFailure;
+            }
+        } else if (SEC_ASN1_SEQUENCE == (kind & SEC_ASN1_TAGNUM_MASK)) {
+            /* plain SEQUENCE */
+            rv = DecodeSequence(dest, templateEntry, &temp, arena);
+        } else {
+            /* handle all other types as "save" */
+            /* we should only get here for primitive universal types */
+            SECItem newtemp = temp;
+            rv = GetItem(&newtemp, &temp, PR_FALSE);
+            save = PR_TRUE;
+            if ((SECSuccess == rv) &&
+                SEC_ASN1_UNIVERSAL == (kind & SEC_ASN1_CLASS_MASK)) {
+                unsigned long tagnum = kind & SEC_ASN1_TAGNUM_MASK;
+                if (temp.len == 0 && (tagnum == SEC_ASN1_BOOLEAN ||
+                                      tagnum == SEC_ASN1_INTEGER ||
+                                      tagnum == SEC_ASN1_BIT_STRING ||
+                                      tagnum == SEC_ASN1_OBJECT_ID ||
+                                      tagnum == SEC_ASN1_ENUMERATED ||
+                                      tagnum == SEC_ASN1_UTC_TIME ||
+                                      tagnum == SEC_ASN1_GENERALIZED_TIME)) {
+                    /* these types MUST have at least one content octet */
+                    PORT_SetError(SEC_ERROR_BAD_DER);
+                    rv = SECFailure;
+                } else
+                    switch (tagnum) {
+                        /* special cases of primitive types */
+                        case SEC_ASN1_INTEGER: {
+                            /* remove leading zeroes if the caller requested
+                               siUnsignedInteger
+                               This is to allow RSA key operations to work */
+                            SECItem* destItem = (SECItem*)((char*)dest +
+                                                           templateEntry->offset);
+                            if (destItem && (siUnsignedInteger == destItem->type)) {
+                                while (temp.len > 1 && temp.data[0] == 0) { /* leading 0 */
+                                    temp.data++;
+                                    temp.len--;
+                                }
+                            }
+                            break;
+                        }
+
+                        case SEC_ASN1_BIT_STRING: {
+                            /* change the length in the SECItem to be the number
+                               of bits */
+                            temp.len = (temp.len - 1) * 8 - (temp.data[0] & 0x7);
+                            temp.data++;
+                            break;
+                        }
+
+                        default: {
+                            break;
+                        }
+                    }
+            }
+        }
+    }
+
+    if ((SECSuccess == rv) && (PR_TRUE == save)) {
+        SECItem* destItem = (SECItem*)((char*)dest + templateEntry->offset);
+        if (destItem) {
+            /* we leave the type alone in the destination SECItem.
+               If part of the destination was allocated by the decoder, in
+               cases of POINTER, SET OF and SEQUENCE OF, then type is set to
+               siBuffer due to the use of PORT_ArenaZAlloc*/
+            destItem->data = temp.len ? temp.data : NULL;
+            destItem->len = temp.len;
+        } else {
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            rv = SECFailure;
+        }
+    }
+
+    if (PR_TRUE == pop) {
+        /* we don't want to move ahead, so restore the position */
+        *src = mark;
+    }
+    return rv;
+}
+
+/* the function below is the public one */
+
+SECStatus
+SEC_QuickDERDecodeItem(PLArenaPool* arena, void* dest,
+                       const SEC_ASN1Template* templateEntry,
+                       const SECItem* src)
+{
+    SECStatus rv = SECSuccess;
+    SECItem newsrc;
+
+    if (!arena || !templateEntry || !src) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        rv = SECFailure;
+    }
+
+    if (SECSuccess == rv) {
+        newsrc = *src;
+        rv = DecodeItem(dest, templateEntry, &newsrc, arena, PR_TRUE);
+        if (SECSuccess == rv && newsrc.len) {
+            rv = SECFailure;
+            PORT_SetError(SEC_ERROR_EXTRA_INPUT);
+        }
+    }
+
+    return rv;
+}
diff --git a/nss/lib/util/secalgid.c b/nss/lib/util/secalgid.c
new file mode 100644
index 0000000..718bb03
--- /dev/null
+++ b/nss/lib/util/secalgid.c
@@ -0,0 +1,129 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secoid.h"
+#include "secder.h" /* XXX remove this when remove the DERTemplate */
+#include "secasn1.h"
+#include "secitem.h"
+#include "secerr.h"
+
+SECOidTag
+SECOID_GetAlgorithmTag(const SECAlgorithmID *id)
+{
+    if (id == NULL || id->algorithm.data == NULL)
+        return SEC_OID_UNKNOWN;
+
+    return SECOID_FindOIDTag(&(id->algorithm));
+}
+
+SECStatus
+SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *id, SECOidTag which,
+                      SECItem *params)
+{
+    SECOidData *oiddata;
+    PRBool add_null_param;
+
+    oiddata = SECOID_FindOIDByTag(which);
+    if (!oiddata) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return SECFailure;
+    }
+
+    if (SECITEM_CopyItem(arena, &id->algorithm, &oiddata->oid))
+        return SECFailure;
+
+    switch (which) {
+        case SEC_OID_MD2:
+        case SEC_OID_MD4:
+        case SEC_OID_MD5:
+        case SEC_OID_SHA1:
+        case SEC_OID_SHA224:
+        case SEC_OID_SHA256:
+        case SEC_OID_SHA384:
+        case SEC_OID_SHA512:
+        case SEC_OID_PKCS1_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+        case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+            add_null_param = PR_TRUE;
+            break;
+        default:
+            add_null_param = PR_FALSE;
+            break;
+    }
+
+    if (params) {
+        /*
+         * I am specifically *not* enforcing the following assertion
+         * (by following it up with an error and a return of failure)
+         * because I do not want to introduce any change in the current
+         * behavior.  But I do want for us to notice if the following is
+         * ever true, because I do not think it should be so and probably
+         * signifies an error/bug somewhere.
+         */
+        PORT_Assert(!add_null_param || (params->len == 2 && params->data[0] == SEC_ASN1_NULL && params->data[1] == 0));
+        if (SECITEM_CopyItem(arena, &id->parameters, params)) {
+            return SECFailure;
+        }
+    } else {
+        /*
+         * Again, this is not considered an error.  But if we assume
+         * that nobody tries to set the parameters field themselves
+         * (but always uses this routine to do that), then we should
+         * not hit the following assertion.  Unless they forgot to zero
+         * the structure, which could also be a bad (and wrong) thing.
+         */
+        PORT_Assert(id->parameters.data == NULL);
+
+        if (add_null_param) {
+            (void)SECITEM_AllocItem(arena, &id->parameters, 2);
+            if (id->parameters.data == NULL) {
+                return SECFailure;
+            }
+            id->parameters.data[0] = SEC_ASN1_NULL;
+            id->parameters.data[1] = 0;
+        }
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *to,
+                       const SECAlgorithmID *from)
+{
+    SECStatus rv;
+
+    rv = SECITEM_CopyItem(arena, &to->algorithm, &from->algorithm);
+    if (rv)
+        return rv;
+    rv = SECITEM_CopyItem(arena, &to->parameters, &from->parameters);
+    return rv;
+}
+
+void
+SECOID_DestroyAlgorithmID(SECAlgorithmID *algid, PRBool freeit)
+{
+    SECITEM_FreeItem(&algid->parameters, PR_FALSE);
+    SECITEM_FreeItem(&algid->algorithm, PR_FALSE);
+    if (freeit == PR_TRUE)
+        PORT_Free(algid);
+}
+
+SECComparison
+SECOID_CompareAlgorithmID(SECAlgorithmID *a, SECAlgorithmID *b)
+{
+    SECComparison rv;
+
+    rv = SECITEM_CompareItem(&a->algorithm, &b->algorithm);
+    if (rv)
+        return rv;
+    rv = SECITEM_CompareItem(&a->parameters, &b->parameters);
+    return rv;
+}
diff --git a/nss/lib/util/secasn1.h b/nss/lib/util/secasn1.h
new file mode 100644
index 0000000..78cab0a
--- /dev/null
+++ b/nss/lib/util/secasn1.h
@@ -0,0 +1,303 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished
+ * Encoding Rules).  The routines are found in and used extensively by the
+ * security library, but exported for other use.
+ */
+
+#ifndef _SECASN1_H_
+#define _SECASN1_H_
+
+#include "utilrename.h"
+#include "plarena.h"
+
+#include "seccomon.h"
+#include "secasn1t.h"
+
+/************************************************************************/
+SEC_BEGIN_PROTOS
+
+/*
+ * XXX These function prototypes need full, explanatory comments.
+ */
+
+/*
+** Decoding.
+*/
+
+extern SEC_ASN1DecoderContext *SEC_ASN1DecoderStart(PLArenaPool *pool,
+                                                    void *dest,
+                                                    const SEC_ASN1Template *t);
+
+/* XXX char or unsigned char? */
+extern SECStatus SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx,
+                                       const char *buf,
+                                       unsigned long len);
+
+extern SECStatus SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx);
+
+/* Higher level code detected an error, abort the rest of the processing */
+extern void SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext *cx, int error);
+
+extern void SEC_ASN1DecoderSetFilterProc(SEC_ASN1DecoderContext *cx,
+                                         SEC_ASN1WriteProc fn,
+                                         void *arg, PRBool no_store);
+
+extern void SEC_ASN1DecoderClearFilterProc(SEC_ASN1DecoderContext *cx);
+
+extern void SEC_ASN1DecoderSetNotifyProc(SEC_ASN1DecoderContext *cx,
+                                         SEC_ASN1NotifyProc fn,
+                                         void *arg);
+
+extern void SEC_ASN1DecoderClearNotifyProc(SEC_ASN1DecoderContext *cx);
+
+/* Sets the maximum size that should be allocated for a single ASN.1
+ * element. Set to 0 to indicate there is no limit.
+ *
+ * Note: This does not set the maximum size overall that may be allocated
+ * while parsing, nor does it guarantee that the decoder won't allocate
+ * more than |max_size| while parsing an individual element; rather, it
+ * merely guarantees that any individual allocation for returned data
+ * should not exceed |max_size|.
+*/
+extern void SEC_ASN1DecoderSetMaximumElementSize(SEC_ASN1DecoderContext *cx,
+                                                 unsigned long max_size);
+
+extern SECStatus SEC_ASN1Decode(PLArenaPool *pool, void *dest,
+                                const SEC_ASN1Template *t,
+                                const char *buf, long len);
+
+/* Both classic ASN.1 and QuickDER have a feature that removes leading zeroes
+   out of SEC_ASN1_INTEGER if the caller sets siUnsignedInteger in the type
+   field of the target SECItem prior to calling the decoder. Otherwise, the
+   type field is ignored and untouched. For SECItem that are dynamically
+   allocated (from POINTER, SET OF, SEQUENCE OF) the decoder sets the type
+   field to siBuffer. */
+
+extern SECStatus SEC_ASN1DecodeItem(PLArenaPool *pool, void *dest,
+                                    const SEC_ASN1Template *t,
+                                    const SECItem *src);
+
+extern SECStatus SEC_QuickDERDecodeItem(PLArenaPool *arena, void *dest,
+                                        const SEC_ASN1Template *templateEntry,
+                                        const SECItem *src);
+
+/*
+** Encoding.
+*/
+
+extern SEC_ASN1EncoderContext *SEC_ASN1EncoderStart(const void *src,
+                                                    const SEC_ASN1Template *t,
+                                                    SEC_ASN1WriteProc fn,
+                                                    void *output_arg);
+
+/* XXX char or unsigned char? */
+extern SECStatus SEC_ASN1EncoderUpdate(SEC_ASN1EncoderContext *cx,
+                                       const char *buf,
+                                       unsigned long len);
+
+extern void SEC_ASN1EncoderFinish(SEC_ASN1EncoderContext *cx);
+
+/* Higher level code detected an error, abort the rest of the processing */
+extern void SEC_ASN1EncoderAbort(SEC_ASN1EncoderContext *cx, int error);
+
+extern void SEC_ASN1EncoderSetNotifyProc(SEC_ASN1EncoderContext *cx,
+                                         SEC_ASN1NotifyProc fn,
+                                         void *arg);
+
+extern void SEC_ASN1EncoderClearNotifyProc(SEC_ASN1EncoderContext *cx);
+
+extern void SEC_ASN1EncoderSetStreaming(SEC_ASN1EncoderContext *cx);
+
+extern void SEC_ASN1EncoderClearStreaming(SEC_ASN1EncoderContext *cx);
+
+extern void sec_ASN1EncoderSetDER(SEC_ASN1EncoderContext *cx);
+
+extern void sec_ASN1EncoderClearDER(SEC_ASN1EncoderContext *cx);
+
+extern void SEC_ASN1EncoderSetTakeFromBuf(SEC_ASN1EncoderContext *cx);
+
+extern void SEC_ASN1EncoderClearTakeFromBuf(SEC_ASN1EncoderContext *cx);
+
+extern SECStatus SEC_ASN1Encode(const void *src, const SEC_ASN1Template *t,
+                                SEC_ASN1WriteProc output_proc,
+                                void *output_arg);
+
+/*
+ * If both pool and dest are NULL, the caller should free the returned SECItem
+ * with a SECITEM_FreeItem(..., PR_TRUE) call.  If pool is NULL but dest is
+ * not NULL, the caller should free the data buffer pointed to by dest with a
+ * SECITEM_FreeItem(dest, PR_FALSE) or PORT_Free(dest->data) call.
+ */
+extern SECItem *SEC_ASN1EncodeItem(PLArenaPool *pool, SECItem *dest,
+                                   const void *src, const SEC_ASN1Template *t);
+
+extern SECItem *SEC_ASN1EncodeInteger(PLArenaPool *pool,
+                                      SECItem *dest, long value);
+
+extern SECItem *SEC_ASN1EncodeUnsignedInteger(PLArenaPool *pool,
+                                              SECItem *dest,
+                                              unsigned long value);
+
+extern SECStatus SEC_ASN1DecodeInteger(SECItem *src,
+                                       unsigned long *value);
+
+/*
+** Utilities.
+*/
+
+/*
+ * We have a length that needs to be encoded; how many bytes will the
+ * encoding take?
+ */
+extern int SEC_ASN1LengthLength(unsigned long len);
+
+/* encode the length and return the number of bytes we encoded. Buffer
+ * must be pre allocated  */
+extern int SEC_ASN1EncodeLength(unsigned char *buf, int value);
+
+/*
+ * Find the appropriate subtemplate for the given template.
+ * This may involve calling a "chooser" function, or it may just
+ * be right there.  In either case, it is expected to *have* a
+ * subtemplate; this is asserted in debug builds (in non-debug
+ * builds, NULL will be returned).
+ *
+ * "thing" is a pointer to the structure being encoded/decoded
+ * "encoding", when true, means that we are in the process of encoding
+ *  (as opposed to in the process of decoding)
+ */
+extern const SEC_ASN1Template *
+SEC_ASN1GetSubtemplate(const SEC_ASN1Template *inTemplate, void *thing,
+                       PRBool encoding);
+
+/* whether the template is for a primitive type or a choice of
+ * primitive types
+ */
+extern PRBool SEC_ASN1IsTemplateSimple(const SEC_ASN1Template *theTemplate);
+
+/************************************************************************/
+
+/*
+ * Generic Templates
+ * One for each of the simple types, plus a special one for ANY, plus:
+ *  - a pointer to each one of those
+ *  - a set of each one of those
+ *  - a sequence of each one of those
+ *
+ * Note that these are alphabetical (case insensitive); please add new
+ * ones in the appropriate place.
+ */
+
+extern const SEC_ASN1Template SEC_AnyTemplate[];
+extern const SEC_ASN1Template SEC_BitStringTemplate[];
+extern const SEC_ASN1Template SEC_BMPStringTemplate[];
+extern const SEC_ASN1Template SEC_BooleanTemplate[];
+extern const SEC_ASN1Template SEC_EnumeratedTemplate[];
+extern const SEC_ASN1Template SEC_GeneralizedTimeTemplate[];
+extern const SEC_ASN1Template SEC_IA5StringTemplate[];
+extern const SEC_ASN1Template SEC_IntegerTemplate[];
+extern const SEC_ASN1Template SEC_NullTemplate[];
+extern const SEC_ASN1Template SEC_ObjectIDTemplate[];
+extern const SEC_ASN1Template SEC_OctetStringTemplate[];
+extern const SEC_ASN1Template SEC_PrintableStringTemplate[];
+extern const SEC_ASN1Template SEC_T61StringTemplate[];
+extern const SEC_ASN1Template SEC_UniversalStringTemplate[];
+extern const SEC_ASN1Template SEC_UTCTimeTemplate[];
+extern const SEC_ASN1Template SEC_UTF8StringTemplate[];
+extern const SEC_ASN1Template SEC_VisibleStringTemplate[];
+
+extern const SEC_ASN1Template SEC_PointerToAnyTemplate[];
+extern const SEC_ASN1Template SEC_PointerToBitStringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToBMPStringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToBooleanTemplate[];
+extern const SEC_ASN1Template SEC_PointerToEnumeratedTemplate[];
+extern const SEC_ASN1Template SEC_PointerToGeneralizedTimeTemplate[];
+extern const SEC_ASN1Template SEC_PointerToIA5StringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToIntegerTemplate[];
+extern const SEC_ASN1Template SEC_PointerToNullTemplate[];
+extern const SEC_ASN1Template SEC_PointerToObjectIDTemplate[];
+extern const SEC_ASN1Template SEC_PointerToOctetStringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToPrintableStringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToT61StringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToUniversalStringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToUTCTimeTemplate[];
+extern const SEC_ASN1Template SEC_PointerToUTF8StringTemplate[];
+extern const SEC_ASN1Template SEC_PointerToVisibleStringTemplate[];
+
+extern const SEC_ASN1Template SEC_SequenceOfAnyTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfBitStringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfBMPStringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfBooleanTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfEnumeratedTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfGeneralizedTimeTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfIA5StringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfIntegerTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfNullTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfObjectIDTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfOctetStringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfPrintableStringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfT61StringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfUniversalStringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfUTCTimeTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfUTF8StringTemplate[];
+extern const SEC_ASN1Template SEC_SequenceOfVisibleStringTemplate[];
+
+extern const SEC_ASN1Template SEC_SetOfAnyTemplate[];
+extern const SEC_ASN1Template SEC_SetOfBitStringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfBMPStringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfBooleanTemplate[];
+extern const SEC_ASN1Template SEC_SetOfEnumeratedTemplate[];
+extern const SEC_ASN1Template SEC_SetOfGeneralizedTimeTemplate[];
+extern const SEC_ASN1Template SEC_SetOfIA5StringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfIntegerTemplate[];
+extern const SEC_ASN1Template SEC_SetOfNullTemplate[];
+extern const SEC_ASN1Template SEC_SetOfObjectIDTemplate[];
+extern const SEC_ASN1Template SEC_SetOfOctetStringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfPrintableStringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfT61StringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfUniversalStringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfUTCTimeTemplate[];
+extern const SEC_ASN1Template SEC_SetOfUTF8StringTemplate[];
+extern const SEC_ASN1Template SEC_SetOfVisibleStringTemplate[];
+
+/*
+ * Template for skipping a subitem; this only makes sense when decoding.
+ */
+extern const SEC_ASN1Template SEC_SkipTemplate[];
+
+/* These functions simply return the address of the above-declared templates.
+** This is necessary for Windows DLLs.  Sigh.
+*/
+SEC_ASN1_CHOOSER_DECLARE(SEC_AnyTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_BMPStringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_BooleanTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_BitStringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_GeneralizedTimeTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_IA5StringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_IntegerTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_NullTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_ObjectIDTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_OctetStringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_UTCTimeTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_UTF8StringTemplate)
+
+SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToAnyTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToOctetStringTemplate)
+
+SEC_ASN1_CHOOSER_DECLARE(SEC_SetOfAnyTemplate)
+
+SEC_ASN1_CHOOSER_DECLARE(SEC_EnumeratedTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToEnumeratedTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_SequenceOfAnyTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_SequenceOfObjectIDTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_SkipTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_UniversalStringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_PrintableStringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_T61StringTemplate)
+SEC_ASN1_CHOOSER_DECLARE(SEC_PointerToGeneralizedTimeTemplate)
+SEC_END_PROTOS
+#endif /* _SECASN1_H_ */
diff --git a/nss/lib/util/secasn1d.c b/nss/lib/util/secasn1d.c
new file mode 100644
index 0000000..e6abb5f
--- /dev/null
+++ b/nss/lib/util/secasn1d.c
@@ -0,0 +1,3416 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished
+ * Encoding Rules).
+ */
+
+/* #define DEBUG_ASN1D_STATES 1 */
+
+#ifdef DEBUG_ASN1D_STATES
+#include <stdio.h>
+#define PR_Assert sec_asn1d_Assert
+#endif
+
+#include <limits.h>
+
+#include "secasn1.h"
+#include "secerr.h"
+
+typedef enum {
+    beforeIdentifier,
+    duringIdentifier,
+    afterIdentifier,
+    beforeLength,
+    duringLength,
+    afterLength,
+    beforeBitString,
+    duringBitString,
+    duringConstructedString,
+    duringGroup,
+    duringLeaf,
+    duringSaveEncoding,
+    duringSequence,
+    afterConstructedString,
+    afterGroup,
+    afterExplicit,
+    afterImplicit,
+    afterInline,
+    afterPointer,
+    afterSaveEncoding,
+    beforeEndOfContents,
+    duringEndOfContents,
+    afterEndOfContents,
+    beforeChoice,
+    duringChoice,
+    afterChoice,
+    notInUse
+} sec_asn1d_parse_place;
+
+#ifdef DEBUG_ASN1D_STATES
+static const char *const place_names[] = {
+    "beforeIdentifier",
+    "duringIdentifier",
+    "afterIdentifier",
+    "beforeLength",
+    "duringLength",
+    "afterLength",
+    "beforeBitString",
+    "duringBitString",
+    "duringConstructedString",
+    "duringGroup",
+    "duringLeaf",
+    "duringSaveEncoding",
+    "duringSequence",
+    "afterConstructedString",
+    "afterGroup",
+    "afterExplicit",
+    "afterImplicit",
+    "afterInline",
+    "afterPointer",
+    "afterSaveEncoding",
+    "beforeEndOfContents",
+    "duringEndOfContents",
+    "afterEndOfContents",
+    "beforeChoice",
+    "duringChoice",
+    "afterChoice",
+    "notInUse"
+};
+
+static const char *const class_names[] = {
+    "UNIVERSAL",
+    "APPLICATION",
+    "CONTEXT_SPECIFIC",
+    "PRIVATE"
+};
+
+static const char *const method_names[] = { "PRIMITIVE", "CONSTRUCTED" };
+
+static const char *const type_names[] = {
+    "END_OF_CONTENTS",
+    "BOOLEAN",
+    "INTEGER",
+    "BIT_STRING",
+    "OCTET_STRING",
+    "NULL",
+    "OBJECT_ID",
+    "OBJECT_DESCRIPTOR",
+    "(type 08)",
+    "REAL",
+    "ENUMERATED",
+    "EMBEDDED",
+    "UTF8_STRING",
+    "(type 0d)",
+    "(type 0e)",
+    "(type 0f)",
+    "SEQUENCE",
+    "SET",
+    "NUMERIC_STRING",
+    "PRINTABLE_STRING",
+    "T61_STRING",
+    "VIDEOTEXT_STRING",
+    "IA5_STRING",
+    "UTC_TIME",
+    "GENERALIZED_TIME",
+    "GRAPHIC_STRING",
+    "VISIBLE_STRING",
+    "GENERAL_STRING",
+    "UNIVERSAL_STRING",
+    "(type 1d)",
+    "BMP_STRING",
+    "HIGH_TAG_VALUE"
+};
+
+static const char *const flag_names[] = {
+    /* flags, right to left */
+    "OPTIONAL",
+    "EXPLICIT",
+    "ANY",
+    "INLINE",
+    "POINTER",
+    "GROUP",
+    "DYNAMIC",
+    "SKIP",
+    "INNER",
+    "SAVE",
+    "", /* decoder ignores "MAY_STREAM", */
+    "SKIP_REST",
+    "CHOICE",
+    "NO_STREAM",
+    "DEBUG_BREAK",
+    "unknown 08",
+    "unknown 10",
+    "unknown 20",
+    "unknown 40",
+    "unknown 80"
+};
+
+static int /* bool */
+    formatKind(unsigned long kind, char *buf)
+{
+    int i;
+    unsigned long k = kind & SEC_ASN1_TAGNUM_MASK;
+    unsigned long notag = kind & (SEC_ASN1_CHOICE | SEC_ASN1_POINTER |
+                                  SEC_ASN1_INLINE | SEC_ASN1_ANY | SEC_ASN1_SAVE);
+
+    buf[0] = 0;
+    if ((kind & SEC_ASN1_CLASS_MASK) != SEC_ASN1_UNIVERSAL) {
+        sprintf(buf, " %s", class_names[(kind & SEC_ASN1_CLASS_MASK) >> 6]);
+        buf += strlen(buf);
+    }
+    if (kind & SEC_ASN1_METHOD_MASK) {
+        sprintf(buf, " %s", method_names[1]);
+        buf += strlen(buf);
+    }
+    if ((kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL) {
+        if (k || !notag) {
+            sprintf(buf, " %s", type_names[k]);
+            if ((k == SEC_ASN1_SET || k == SEC_ASN1_SEQUENCE) &&
+                (kind & SEC_ASN1_GROUP)) {
+                buf += strlen(buf);
+                sprintf(buf, "_OF");
+            }
+        }
+    } else {
+        sprintf(buf, " [%d]", k);
+    }
+    buf += strlen(buf);
+
+    for (k = kind >> 8, i = 0; k; k >>= 1, ++i) {
+        if (k & 1) {
+            sprintf(buf, " %s", flag_names[i]);
+            buf += strlen(buf);
+        }
+    }
+    return notag != 0;
+}
+
+#endif /* DEBUG_ASN1D_STATES */
+
+typedef enum {
+    allDone,
+    decodeError,
+    keepGoing,
+    needBytes
+} sec_asn1d_parse_status;
+
+struct subitem {
+    const void *data;
+    unsigned long len; /* only used for substrings */
+    struct subitem *next;
+};
+
+typedef struct sec_asn1d_state_struct {
+    SEC_ASN1DecoderContext *top;
+    const SEC_ASN1Template *theTemplate;
+    void *dest;
+
+    void *our_mark; /* free on completion */
+
+    struct sec_asn1d_state_struct *parent; /* aka prev */
+    struct sec_asn1d_state_struct *child;  /* aka next */
+
+    sec_asn1d_parse_place place;
+
+    /*
+     * XXX explain the next fields as clearly as possible...
+     */
+    unsigned char found_tag_modifiers;
+    unsigned char expect_tag_modifiers;
+    unsigned long check_tag_mask;
+    unsigned long found_tag_number;
+    unsigned long expect_tag_number;
+    unsigned long underlying_kind;
+
+    unsigned long contents_length;
+    unsigned long pending;
+    unsigned long consumed;
+
+    int depth;
+
+    /*
+     * Bit strings have their length adjusted -- the first octet of the
+     * contents contains a value between 0 and 7 which says how many bits
+     * at the end of the octets are not actually part of the bit string;
+     * when parsing bit strings we put that value here because we need it
+     * later, for adjustment of the length (when the whole string is done).
+     */
+    unsigned int bit_string_unused_bits;
+
+    /*
+     * The following are used for indefinite-length constructed strings.
+     */
+    struct subitem *subitems_head;
+    struct subitem *subitems_tail;
+
+    PRPackedBool
+        allocate,      /* when true, need to allocate the destination */
+        endofcontents, /* this state ended up parsing end-of-contents octets */
+        explicit,      /* we are handling an explicit header */
+        indefinite,    /* the current item has indefinite-length encoding */
+        missing,       /* an optional field that was not present */
+        optional,      /* the template says this field may be omitted */
+        substring;     /* this is a substring of a constructed string */
+
+} sec_asn1d_state;
+
+#define IS_HIGH_TAG_NUMBER(n) ((n) == SEC_ASN1_HIGH_TAG_NUMBER)
+#define LAST_TAG_NUMBER_BYTE(b) (((b)&0x80) == 0)
+#define TAG_NUMBER_BITS 7
+#define TAG_NUMBER_MASK 0x7f
+
+#define LENGTH_IS_SHORT_FORM(b) (((b)&0x80) == 0)
+#define LONG_FORM_LENGTH(b) ((b)&0x7f)
+
+#define HIGH_BITS(field, cnt) ((field) >> ((sizeof(field) * 8) - (cnt)))
+
+/*
+ * An "outsider" will have an opaque pointer to this, created by calling
+ * SEC_ASN1DecoderStart().  It will be passed back in to all subsequent
+ * calls to SEC_ASN1DecoderUpdate(), and when done it is passed to
+ * SEC_ASN1DecoderFinish().
+ */
+struct sec_DecoderContext_struct {
+    PLArenaPool *our_pool;     /* for our internal allocs */
+    PLArenaPool *their_pool;   /* for destination structure allocs */
+#ifdef SEC_ASN1D_FREE_ON_ERROR /*                                 \
+                                * XXX see comment below (by same  \
+                                * ifdef) that explains why this   \
+                                * does not work (need more smarts \
+                                * in order to free back to mark)  \
+                                */
+    /*
+     * XXX how to make their_mark work in the case where they do NOT
+     * give us a pool pointer?
+     */
+    void *their_mark; /* free on error */
+#endif
+
+    sec_asn1d_state *current;
+    sec_asn1d_parse_status status;
+
+    /* The maximum size the caller is willing to allow a single element
+     * to be before returning an error.
+     *
+     * In the case of an indefinite length element, this is the sum total
+     * of all child elements.
+     *
+     * In the case of a definite length element, this represents the maximum
+     * size of the top-level element.
+     */
+    unsigned long max_element_size;
+
+    SEC_ASN1NotifyProc notify_proc; /* call before/after handling field */
+    void *notify_arg;               /* argument to notify_proc */
+    PRBool during_notify;           /* true during call to notify_proc */
+
+    SEC_ASN1WriteProc filter_proc; /* pass field bytes to this  */
+    void *filter_arg;              /* argument to that function */
+    PRBool filter_only;            /* do not allocate/store fields */
+};
+
+/*
+ * XXX this is a fairly generic function that may belong elsewhere
+ */
+static void *
+sec_asn1d_alloc(PLArenaPool *poolp, unsigned long len)
+{
+    void *thing;
+
+    if (poolp != NULL) {
+        /*
+         * Allocate from the pool.
+         */
+        thing = PORT_ArenaAlloc(poolp, len);
+    } else {
+        /*
+         * Allocate generically.
+         */
+        thing = PORT_Alloc(len);
+    }
+
+    return thing;
+}
+
+/*
+ * XXX this is a fairly generic function that may belong elsewhere
+ */
+static void *
+sec_asn1d_zalloc(PLArenaPool *poolp, unsigned long len)
+{
+    void *thing;
+
+    thing = sec_asn1d_alloc(poolp, len);
+    if (thing != NULL)
+        PORT_Memset(thing, 0, len);
+    return thing;
+}
+
+static sec_asn1d_state *
+sec_asn1d_push_state(SEC_ASN1DecoderContext *cx,
+                     const SEC_ASN1Template *theTemplate,
+                     void *dest, PRBool new_depth)
+{
+    sec_asn1d_state *state, *new_state;
+
+    state = cx->current;
+
+    PORT_Assert(state == NULL || state->child == NULL);
+
+    if (state != NULL) {
+        PORT_Assert(state->our_mark == NULL);
+        state->our_mark = PORT_ArenaMark(cx->our_pool);
+    }
+
+    new_state = (sec_asn1d_state *)sec_asn1d_zalloc(cx->our_pool,
+                                                    sizeof(*new_state));
+    if (new_state == NULL) {
+        goto loser;
+    }
+
+    new_state->top = cx;
+    new_state->parent = state;
+    new_state->theTemplate = theTemplate;
+    new_state->place = notInUse;
+    if (dest != NULL)
+        new_state->dest = (char *)dest + theTemplate->offset;
+
+    if (state != NULL) {
+        new_state->depth = state->depth;
+        if (new_depth) {
+            if (++new_state->depth > SEC_ASN1D_MAX_DEPTH) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                goto loser;
+            }
+        }
+        state->child = new_state;
+    }
+
+    cx->current = new_state;
+    return new_state;
+
+loser:
+    cx->status = decodeError;
+    if (state != NULL) {
+        PORT_ArenaRelease(cx->our_pool, state->our_mark);
+        state->our_mark = NULL;
+    }
+    return NULL;
+}
+
+static void
+sec_asn1d_scrub_state(sec_asn1d_state *state)
+{
+    /*
+     * Some default "scrubbing".
+     * XXX right set of initializations?
+     */
+    state->place = beforeIdentifier;
+    state->endofcontents = PR_FALSE;
+    state->indefinite = PR_FALSE;
+    state->missing = PR_FALSE;
+    PORT_Assert(state->consumed == 0);
+}
+
+static void
+sec_asn1d_notify_before(SEC_ASN1DecoderContext *cx, void *dest, int depth)
+{
+    if (cx->notify_proc == NULL)
+        return;
+
+    cx->during_notify = PR_TRUE;
+    (*cx->notify_proc)(cx->notify_arg, PR_TRUE, dest, depth);
+    cx->during_notify = PR_FALSE;
+}
+
+static void
+sec_asn1d_notify_after(SEC_ASN1DecoderContext *cx, void *dest, int depth)
+{
+    if (cx->notify_proc == NULL)
+        return;
+
+    cx->during_notify = PR_TRUE;
+    (*cx->notify_proc)(cx->notify_arg, PR_FALSE, dest, depth);
+    cx->during_notify = PR_FALSE;
+}
+
+static sec_asn1d_state *
+sec_asn1d_init_state_based_on_template(sec_asn1d_state *state)
+{
+    PRBool explicit, optional, universal;
+    unsigned char expect_tag_modifiers;
+    unsigned long encode_kind, under_kind;
+    unsigned long check_tag_mask, expect_tag_number;
+
+    /* XXX Check that both of these tests are really needed/appropriate. */
+    if (state == NULL || state->top->status == decodeError)
+        return state;
+
+    encode_kind = state->theTemplate->kind;
+
+    if (encode_kind & SEC_ASN1_SAVE) {
+        /*
+         * This is a "magic" field that saves away all bytes, allowing
+         * the immediately following field to still be decoded from this
+         * same spot -- sort of a fork.
+         */
+        /* check that there are no extraneous bits */
+        PORT_Assert(encode_kind == SEC_ASN1_SAVE);
+        if (state->top->filter_only) {
+            /*
+             * If we are not storing, then we do not do the SAVE field
+             * at all.  Just move ahead to the "real" field instead,
+             * doing the appropriate notify calls before and after.
+             */
+            sec_asn1d_notify_after(state->top, state->dest, state->depth);
+            /*
+             * Since we are not storing, allow for our current dest value
+             * to be NULL.  (This might not actually occur, but right now I
+             * cannot convince myself one way or the other.)  If it is NULL,
+             * assume that our parent dest can help us out.
+             */
+            if (state->dest == NULL)
+                state->dest = state->parent->dest;
+            else
+                state->dest = (char *)state->dest - state->theTemplate->offset;
+            state->theTemplate++;
+            if (state->dest != NULL)
+                state->dest = (char *)state->dest + state->theTemplate->offset;
+            sec_asn1d_notify_before(state->top, state->dest, state->depth);
+            encode_kind = state->theTemplate->kind;
+            PORT_Assert((encode_kind & SEC_ASN1_SAVE) == 0);
+        } else {
+            sec_asn1d_scrub_state(state);
+            state->place = duringSaveEncoding;
+            state = sec_asn1d_push_state(state->top, SEC_AnyTemplate,
+                                         state->dest, PR_FALSE);
+            if (state != NULL)
+                state = sec_asn1d_init_state_based_on_template(state);
+            return state;
+        }
+    }
+
+    universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
+                    ? PR_TRUE
+                    : PR_FALSE;
+
+    explicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_EXPLICIT;
+
+    optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_OPTIONAL;
+
+    PORT_Assert(!(explicit && universal)); /* bad templates */
+
+    encode_kind &= ~SEC_ASN1_DYNAMIC;
+    encode_kind &= ~SEC_ASN1_MAY_STREAM;
+
+    if (encode_kind & SEC_ASN1_CHOICE) {
+#if 0 /* XXX remove? */
+      sec_asn1d_state *child = sec_asn1d_push_state(state->top, state->theTemplate, state->dest, PR_FALSE);
+      if ((sec_asn1d_state *)NULL == child) {
+        return (sec_asn1d_state *)NULL;
+      }
+
+      child->allocate = state->allocate;
+      child->place = beforeChoice;
+      return child;
+#else
+        state->place = beforeChoice;
+        return state;
+#endif
+    }
+
+    if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || (!universal && !explicit)) {
+        const SEC_ASN1Template *subt;
+        void *dest;
+        PRBool child_allocate;
+
+        PORT_Assert((encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) == 0);
+
+        sec_asn1d_scrub_state(state);
+        child_allocate = PR_FALSE;
+
+        if (encode_kind & SEC_ASN1_POINTER) {
+            /*
+             * A POINTER means we need to allocate the destination for
+             * this field.  But, since it may also be an optional field,
+             * we defer the allocation until later; we just record that
+             * it needs to be done.
+             *
+             * There are two possible scenarios here -- one is just a
+             * plain POINTER (kind of like INLINE, except with allocation)
+             * and the other is an implicitly-tagged POINTER.  We don't
+             * need to do anything special here for the two cases, but
+             * since the template definition can be tricky, we do check
+             * that there are no extraneous bits set in encode_kind.
+             *
+             * XXX The same conditions which assert should set an error.
+             */
+            if (universal) {
+                /*
+                 * "universal" means this entry is a standalone POINTER;
+                 * there should be no other bits set in encode_kind.
+                 */
+                PORT_Assert(encode_kind == SEC_ASN1_POINTER);
+            } else {
+                /*
+                 * If we get here we have an implicitly-tagged field
+                 * that needs to be put into a POINTER.  The subtemplate
+                 * will determine how to decode the field, but encode_kind
+                 * describes the (implicit) tag we are looking for.
+                 * The non-tag bits of encode_kind will be ignored by
+                 * the code below; none of them should be set, however,
+                 * except for the POINTER bit itself -- so check that.
+                 */
+                PORT_Assert((encode_kind & ~SEC_ASN1_TAG_MASK) == SEC_ASN1_POINTER);
+            }
+            if (!state->top->filter_only)
+                child_allocate = PR_TRUE;
+            dest = NULL;
+            state->place = afterPointer;
+        } else {
+            dest = state->dest;
+            if (encode_kind & SEC_ASN1_INLINE) {
+                /* check that there are no extraneous bits */
+                PORT_Assert(encode_kind == SEC_ASN1_INLINE && !optional);
+                state->place = afterInline;
+            } else {
+                state->place = afterImplicit;
+            }
+        }
+
+        state->optional = optional;
+        subt = SEC_ASN1GetSubtemplate(state->theTemplate, state->dest, PR_FALSE);
+        state = sec_asn1d_push_state(state->top, subt, dest, PR_FALSE);
+        if (state == NULL)
+            return NULL;
+
+        state->allocate = child_allocate;
+
+        if (universal) {
+            state = sec_asn1d_init_state_based_on_template(state);
+            if (state != NULL) {
+                /*
+                 * If this field is optional, we need to record that on
+                 * the pushed child so it won't fail if the field isn't
+                 * found.  I can't think of a way that this new state
+                 * could already have optional set (which we would wipe
+                 * out below if our local optional is not set) -- but
+                 * just to be sure, assert that it isn't set.
+                 */
+                PORT_Assert(!state->optional);
+                state->optional = optional;
+            }
+            return state;
+        }
+
+        under_kind = state->theTemplate->kind;
+        under_kind &= ~SEC_ASN1_MAY_STREAM;
+    } else if (explicit) {
+        /*
+         * For explicit, we only need to match the encoding tag next,
+         * then we will push another state to handle the entire inner
+         * part.  In this case, there is no underlying kind which plays
+         * any part in the determination of the outer, explicit tag.
+         * So we just set under_kind to 0, which is not a valid tag,
+         * and the rest of the tag matching stuff should be okay.
+         */
+        under_kind = 0;
+    } else {
+        /*
+         * Nothing special; the underlying kind and the given encoding
+         * information are the same.
+         */
+        under_kind = encode_kind;
+    }
+
+    /* XXX is this the right set of bits to test here? */
+    PORT_Assert((under_kind & (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_MAY_STREAM | SEC_ASN1_INLINE | SEC_ASN1_POINTER)) == 0);
+
+    if (encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) {
+        PORT_Assert(encode_kind == under_kind);
+        if (encode_kind & SEC_ASN1_SKIP) {
+            PORT_Assert(!optional);
+            PORT_Assert(encode_kind == SEC_ASN1_SKIP);
+            state->dest = NULL;
+        }
+        check_tag_mask = 0;
+        expect_tag_modifiers = 0;
+        expect_tag_number = 0;
+    } else {
+        check_tag_mask = SEC_ASN1_TAG_MASK;
+        expect_tag_modifiers = (unsigned char)encode_kind & SEC_ASN1_TAG_MASK & ~SEC_ASN1_TAGNUM_MASK;
+        /*
+         * XXX This assumes only single-octet identifiers.  To handle
+         * the HIGH TAG form we would need to do some more work, especially
+         * in how to specify them in the template, because right now we
+         * do not provide a way to specify more *tag* bits in encode_kind.
+         */
+        expect_tag_number = encode_kind & SEC_ASN1_TAGNUM_MASK;
+
+        switch (under_kind & SEC_ASN1_TAGNUM_MASK) {
+            case SEC_ASN1_SET:
+                /*
+                 * XXX A plain old SET (as opposed to a SET OF) is not implemented.
+                 * If it ever is, remove this assert...
+                 */
+                PORT_Assert((under_kind & SEC_ASN1_GROUP) != 0);
+            /* fallthru */
+            case SEC_ASN1_SEQUENCE:
+                expect_tag_modifiers |= SEC_ASN1_CONSTRUCTED;
+                break;
+            case SEC_ASN1_BIT_STRING:
+            case SEC_ASN1_BMP_STRING:
+            case SEC_ASN1_GENERALIZED_TIME:
+            case SEC_ASN1_IA5_STRING:
+            case SEC_ASN1_OCTET_STRING:
+            case SEC_ASN1_PRINTABLE_STRING:
+            case SEC_ASN1_T61_STRING:
+            case SEC_ASN1_UNIVERSAL_STRING:
+            case SEC_ASN1_UTC_TIME:
+            case SEC_ASN1_UTF8_STRING:
+            case SEC_ASN1_VISIBLE_STRING:
+                check_tag_mask &= ~SEC_ASN1_CONSTRUCTED;
+                break;
+        }
+    }
+
+    state->check_tag_mask = check_tag_mask;
+    state->expect_tag_modifiers = expect_tag_modifiers;
+    state->expect_tag_number = expect_tag_number;
+    state->underlying_kind = under_kind;
+    state->explicit = explicit;
+    state->optional = optional;
+
+    sec_asn1d_scrub_state(state);
+
+    return state;
+}
+
+static sec_asn1d_state *
+sec_asn1d_get_enclosing_construct(sec_asn1d_state *state)
+{
+    for (state = state->parent; state; state = state->parent) {
+        sec_asn1d_parse_place place = state->place;
+        if (place != afterImplicit &&
+            place != afterPointer &&
+            place != afterInline &&
+            place != afterSaveEncoding &&
+            place != duringSaveEncoding &&
+            place != duringChoice) {
+
+            /* we've walked up the stack to a state that represents
+            ** the enclosing construct.
+            */
+            break;
+        }
+    }
+    return state;
+}
+
+static PRBool
+sec_asn1d_parent_allows_EOC(sec_asn1d_state *state)
+{
+    /* get state of enclosing construct. */
+    state = sec_asn1d_get_enclosing_construct(state);
+    if (state) {
+        sec_asn1d_parse_place place = state->place;
+        /* Is it one of the types that permits an unexpected EOC? */
+        int eoc_permitted =
+            (place == duringGroup ||
+             place == duringConstructedString ||
+             state->child->optional);
+        return (state->indefinite && eoc_permitted) ? PR_TRUE : PR_FALSE;
+    }
+    return PR_FALSE;
+}
+
+static unsigned long
+sec_asn1d_parse_identifier(sec_asn1d_state *state,
+                           const char *buf, unsigned long len)
+{
+    unsigned char byte;
+    unsigned char tag_number;
+
+    PORT_Assert(state->place == beforeIdentifier);
+
+    if (len == 0) {
+        state->top->status = needBytes;
+        return 0;
+    }
+
+    byte = (unsigned char)*buf;
+#ifdef DEBUG_ASN1D_STATES
+    {
+        char kindBuf[256];
+        formatKind(byte, kindBuf);
+        printf("Found tag %02x %s\n", byte, kindBuf);
+    }
+#endif
+    tag_number = byte & SEC_ASN1_TAGNUM_MASK;
+
+    if (IS_HIGH_TAG_NUMBER(tag_number)) {
+        state->place = duringIdentifier;
+        state->found_tag_number = 0;
+        /*
+         * Actually, we have no idea how many bytes are pending, but we
+         * do know that it is at least 1.  That is all we know; we have
+         * to look at each byte to know if there is another, etc.
+         */
+        state->pending = 1;
+    } else {
+        if (byte == 0 && sec_asn1d_parent_allows_EOC(state)) {
+            /*
+             * Our parent has indefinite-length encoding, and the
+             * entire tag found is 0, so it seems that we have hit the
+             * end-of-contents octets.  To handle this, we just change
+             * our state to that which expects to get the bytes of the
+             * end-of-contents octets and let that code re-read this byte
+             * so that our categorization of field types is correct.
+             * After that, our parent will then deal with everything else.
+             */
+            state->place = duringEndOfContents;
+            state->pending = 2;
+            state->found_tag_number = 0;
+            state->found_tag_modifiers = 0;
+            /*
+             * We might be an optional field that is, as we now find out,
+             * missing.  Give our parent a clue that this happened.
+             */
+            if (state->optional)
+                state->missing = PR_TRUE;
+            return 0;
+        }
+        state->place = afterIdentifier;
+        state->found_tag_number = tag_number;
+    }
+    state->found_tag_modifiers = byte & ~SEC_ASN1_TAGNUM_MASK;
+
+    return 1;
+}
+
+static unsigned long
+sec_asn1d_parse_more_identifier(sec_asn1d_state *state,
+                                const char *buf, unsigned long len)
+{
+    unsigned char byte;
+    int count;
+
+    PORT_Assert(state->pending == 1);
+    PORT_Assert(state->place == duringIdentifier);
+
+    if (len == 0) {
+        state->top->status = needBytes;
+        return 0;
+    }
+
+    count = 0;
+
+    while (len && state->pending) {
+        if (HIGH_BITS(state->found_tag_number, TAG_NUMBER_BITS) != 0) {
+            /*
+             * The given high tag number overflows our container;
+             * just give up.  This is not likely to *ever* happen.
+             */
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+            return 0;
+        }
+
+        state->found_tag_number <<= TAG_NUMBER_BITS;
+
+        byte = (unsigned char)buf[count++];
+        state->found_tag_number |= (byte & TAG_NUMBER_MASK);
+
+        len--;
+        if (LAST_TAG_NUMBER_BYTE(byte))
+            state->pending = 0;
+    }
+
+    if (state->pending == 0)
+        state->place = afterIdentifier;
+
+    return count;
+}
+
+static void
+sec_asn1d_confirm_identifier(sec_asn1d_state *state)
+{
+    PRBool match;
+
+    PORT_Assert(state->place == afterIdentifier);
+
+    match = (PRBool)(((state->found_tag_modifiers & state->check_tag_mask) == state->expect_tag_modifiers) && ((state->found_tag_number & state->check_tag_mask) == state->expect_tag_number));
+    if (match) {
+        state->place = beforeLength;
+    } else {
+        if (state->optional) {
+            state->missing = PR_TRUE;
+            state->place = afterEndOfContents;
+        } else {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+        }
+    }
+}
+
+static unsigned long
+sec_asn1d_parse_length(sec_asn1d_state *state,
+                       const char *buf, unsigned long len)
+{
+    unsigned char byte;
+
+    PORT_Assert(state->place == beforeLength);
+
+    if (len == 0) {
+        state->top->status = needBytes;
+        return 0;
+    }
+
+    /*
+     * The default/likely outcome.  It may get adjusted below.
+     */
+    state->place = afterLength;
+
+    byte = (unsigned char)*buf;
+
+    if (LENGTH_IS_SHORT_FORM(byte)) {
+        state->contents_length = byte;
+    } else {
+        state->contents_length = 0;
+        state->pending = LONG_FORM_LENGTH(byte);
+        if (state->pending == 0) {
+            state->indefinite = PR_TRUE;
+        } else {
+            state->place = duringLength;
+        }
+    }
+
+    /* If we're parsing an ANY, SKIP, or SAVE template, and
+    ** the object being saved is definite length encoded and constructed,
+    ** there's no point in decoding that construct's members.
+    ** So, just forget it's constructed and treat it as primitive.
+    ** (SAVE appears as an ANY at this point)
+    */
+    if (!state->indefinite &&
+        (state->underlying_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP))) {
+        state->found_tag_modifiers &= ~SEC_ASN1_CONSTRUCTED;
+    }
+
+    return 1;
+}
+
+static unsigned long
+sec_asn1d_parse_more_length(sec_asn1d_state *state,
+                            const char *buf, unsigned long len)
+{
+    int count;
+
+    PORT_Assert(state->pending > 0);
+    PORT_Assert(state->place == duringLength);
+
+    if (len == 0) {
+        state->top->status = needBytes;
+        return 0;
+    }
+
+    count = 0;
+
+    while (len && state->pending) {
+        if (HIGH_BITS(state->contents_length, 9) != 0) {
+            /*
+             * The given full content length overflows our container;
+             * just give up.
+             */
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+            return 0;
+        }
+
+        state->contents_length <<= 8;
+        state->contents_length |= (unsigned char)buf[count++];
+
+        len--;
+        state->pending--;
+    }
+
+    if (state->pending == 0)
+        state->place = afterLength;
+
+    return count;
+}
+
+/*
+ * Helper function for sec_asn1d_prepare_for_contents.
+ * Checks that a value representing a number of bytes consumed can be
+ * subtracted from a remaining length. If so, returns PR_TRUE.
+ * Otherwise, sets the error SEC_ERROR_BAD_DER, indicates that there was a
+ * decoding error in the given SEC_ASN1DecoderContext, and returns PR_FALSE.
+ */
+static PRBool
+sec_asn1d_check_and_subtract_length(unsigned long *remaining,
+                                    unsigned long consumed,
+                                    SEC_ASN1DecoderContext *cx)
+{
+    PORT_Assert(remaining);
+    PORT_Assert(cx);
+    if (!remaining || !cx) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        cx->status = decodeError;
+        return PR_FALSE;
+    }
+    if (*remaining < consumed) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        cx->status = decodeError;
+        return PR_FALSE;
+    }
+    *remaining -= consumed;
+    return PR_TRUE;
+}
+
+static void
+sec_asn1d_prepare_for_contents(sec_asn1d_state *state)
+{
+    SECItem *item;
+    PLArenaPool *poolp;
+    unsigned long alloc_len;
+    sec_asn1d_state *parent;
+
+#ifdef DEBUG_ASN1D_STATES
+    {
+        printf("Found Length %d %s\n", state->contents_length,
+               state->indefinite ? "indefinite" : "");
+    }
+#endif
+
+    /**
+     * The maximum length for a child element should be constrained to the
+     * length remaining in the first definite length element in the ancestor
+     * stack. If there is no definite length element in the ancestor stack,
+     * there's nothing to constrain the length of the child, so there's no
+     * further processing necessary.
+     *
+     * It's necessary to walk the ancestor stack, because it's possible to have
+     * definite length children that are part of an indefinite length element,
+     * which is itself part of an indefinite length element, and which is
+     * ultimately part of a definite length element. A simple example of this
+     * would be the handling of constructed OCTET STRINGs in BER encoding.
+     *
+     * This algorithm finds the first definite length element in the ancestor
+     * stack, if any, and if so, ensures that the length of the child element
+     * is consistent with the number of bytes remaining in the constraining
+     * ancestor element (that is, after accounting for any other sibling
+     * elements that may have been read).
+     *
+     * It's slightly complicated by the need to account both for integer
+     * underflow and overflow, as well as ensure that for indefinite length
+     * encodings, there's also enough space for the End-of-Contents (EOC)
+     * octets (Tag = 0x00, Length = 0x00, or two bytes).
+     */
+
+    /* Determine the maximum length available for this element by finding the
+     * first definite length ancestor, if any. */
+    parent = sec_asn1d_get_enclosing_construct(state);
+    while (parent && parent->indefinite) {
+        parent = sec_asn1d_get_enclosing_construct(parent);
+    }
+    /* If parent is null, state is either the outermost state / at the top of
+     * the stack, or the outermost state uses indefinite length encoding. In
+     * these cases, there's nothing external to constrain this element, so
+     * there's nothing to check. */
+    if (parent) {
+        unsigned long remaining = parent->pending;
+        parent = state;
+        do {
+            if (!sec_asn1d_check_and_subtract_length(
+                    &remaining, parent->consumed, state->top) ||
+                /* If parent->indefinite is true, parent->contents_length is
+                 * zero and this is a no-op. */
+                !sec_asn1d_check_and_subtract_length(
+                    &remaining, parent->contents_length, state->top) ||
+                /* If parent->indefinite is true, then ensure there is enough
+                 * space for an EOC tag of 2 bytes. */
+                (parent->indefinite && !sec_asn1d_check_and_subtract_length(&remaining, 2, state->top))) {
+                /* This element is larger than its enclosing element, which is
+                 * invalid. */
+                return;
+            }
+        } while ((parent = sec_asn1d_get_enclosing_construct(parent)) &&
+                 parent->indefinite);
+    }
+
+    /*
+     * XXX I cannot decide if this allocation should exclude the case
+     *     where state->endofcontents is true -- figure it out!
+     */
+    if (state->allocate) {
+        void *dest;
+
+        PORT_Assert(state->dest == NULL);
+        /*
+         * We are handling a POINTER or a member of a GROUP, and need to
+         * allocate for the data structure.
+         */
+        dest = sec_asn1d_zalloc(state->top->their_pool,
+                                state->theTemplate->size);
+        if (dest == NULL) {
+            state->top->status = decodeError;
+            return;
+        }
+        state->dest = (char *)dest + state->theTemplate->offset;
+
+        /*
+         * For a member of a GROUP, our parent will later put the
+         * pointer wherever it belongs.  But for a POINTER, we need
+         * to record the destination now, in case notify or filter
+         * procs need access to it -- they cannot find it otherwise,
+         * until it is too late (for one-pass processing).
+         */
+        if (state->parent->place == afterPointer) {
+            void **placep;
+
+            placep = state->parent->dest;
+            *placep = dest;
+        }
+    }
+
+    /*
+     * Remember, length may be indefinite here!  In that case,
+     * both contents_length and pending will be zero.
+     */
+    state->pending = state->contents_length;
+
+    /*
+     * An EXPLICIT is nothing but an outer header, which we have
+     * already parsed and accepted.  Now we need to do the inner
+     * header and its contents.
+     */
+    if (state->explicit) {
+        state->place = afterExplicit;
+        state = sec_asn1d_push_state(state->top,
+                                     SEC_ASN1GetSubtemplate(state->theTemplate,
+                                                            state->dest,
+                                                            PR_FALSE),
+                                     state->dest, PR_TRUE);
+        if (state != NULL) {
+            (void)sec_asn1d_init_state_based_on_template(state);
+        }
+        return;
+    }
+
+    /*
+     * For GROUP (SET OF, SEQUENCE OF), even if we know the length here
+     * we cannot tell how many items we will end up with ... so push a
+     * state that can keep track of "children" (the individual members
+     * of the group; we will allocate as we go and put them all together
+     * at the end.
+     */
+    if (state->underlying_kind & SEC_ASN1_GROUP) {
+        /* XXX If this assertion holds (should be able to confirm it via
+         * inspection, too) then move this code into the switch statement
+         * below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
+         */
+        PORT_Assert(state->underlying_kind == SEC_ASN1_SET_OF || state->underlying_kind == SEC_ASN1_SEQUENCE_OF || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC) || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF | SEC_ASN1_DYNAMIC));
+        if (state->contents_length != 0 || state->indefinite) {
+            const SEC_ASN1Template *subt;
+
+            state->place = duringGroup;
+            subt = SEC_ASN1GetSubtemplate(state->theTemplate, state->dest,
+                                          PR_FALSE);
+            state = sec_asn1d_push_state(state->top, subt, NULL, PR_TRUE);
+            if (state != NULL) {
+                if (!state->top->filter_only)
+                    state->allocate = PR_TRUE; /* XXX propogate this? */
+                /*
+                 * Do the "before" field notification for next in group.
+                 */
+                sec_asn1d_notify_before(state->top, state->dest, state->depth);
+                (void)sec_asn1d_init_state_based_on_template(state);
+            }
+        } else {
+            /*
+             * A group of zero; we are done.
+             * Set state to afterGroup and let that code plant the NULL.
+             */
+            state->place = afterGroup;
+        }
+        return;
+    }
+
+    switch (state->underlying_kind) {
+        case SEC_ASN1_SEQUENCE:
+            /*
+             * We need to push a child to handle the individual fields.
+             */
+            state->place = duringSequence;
+            state = sec_asn1d_push_state(state->top, state->theTemplate + 1,
+                                         state->dest, PR_TRUE);
+            if (state != NULL) {
+                /*
+                 * Do the "before" field notification.
+                 */
+                sec_asn1d_notify_before(state->top, state->dest, state->depth);
+                (void)sec_asn1d_init_state_based_on_template(state);
+            }
+            break;
+
+        case SEC_ASN1_SET: /* XXX SET is not really implemented */
+            /*
+             * XXX A plain SET requires special handling; scanning of a
+             * template to see where a field should go (because by definition,
+             * they are not in any particular order, and you have to look at
+             * each tag to disambiguate what the field is).  We may never
+             * implement this because in practice, it seems to be unused.
+             */
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_BAD_DER); /* XXX */
+            state->top->status = decodeError;
+            break;
+
+        case SEC_ASN1_NULL:
+            /*
+             * The NULL type, by definition, is "nothing", content length of zero.
+             * An indefinite-length encoding is not alloweed.
+             */
+            if (state->contents_length || state->indefinite) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                break;
+            }
+            if (state->dest != NULL) {
+                item = (SECItem *)(state->dest);
+                item->data = NULL;
+                item->len = 0;
+            }
+            state->place = afterEndOfContents;
+            break;
+
+        case SEC_ASN1_BMP_STRING:
+            /* Error if length is not divisable by 2 */
+            if (state->contents_length % 2) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                break;
+            }
+            /* otherwise, handle as other string types */
+            goto regular_string_type;
+
+        case SEC_ASN1_UNIVERSAL_STRING:
+            /* Error if length is not divisable by 4 */
+            if (state->contents_length % 4) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                break;
+            }
+            /* otherwise, handle as other string types */
+            goto regular_string_type;
+
+        case SEC_ASN1_SKIP:
+        case SEC_ASN1_ANY:
+        case SEC_ASN1_ANY_CONTENTS:
+        /*
+         * These are not (necessarily) strings, but they need nearly
+         * identical handling (especially when we need to deal with
+         * constructed sub-pieces), so we pretend they are.
+         */
+        /* fallthru */
+        regular_string_type:
+        case SEC_ASN1_BIT_STRING:
+        case SEC_ASN1_IA5_STRING:
+        case SEC_ASN1_OCTET_STRING:
+        case SEC_ASN1_PRINTABLE_STRING:
+        case SEC_ASN1_T61_STRING:
+        case SEC_ASN1_UTC_TIME:
+        case SEC_ASN1_UTF8_STRING:
+        case SEC_ASN1_VISIBLE_STRING:
+            /*
+             * We are allocating for a primitive or a constructed string.
+             * If it is a constructed string, it may also be indefinite-length.
+             * If it is primitive, the length can (legally) be zero.
+             * Our first order of business is to allocate the memory for
+             * the string, if we can (if we know the length).
+             */
+            item = (SECItem *)(state->dest);
+
+            /*
+             * If the item is a definite-length constructed string, then
+             * the contents_length is actually larger than what we need
+             * (because it also counts each intermediate header which we
+             * will be throwing away as we go), but it is a perfectly good
+             * upper bound that we just allocate anyway, and then concat
+             * as we go; we end up wasting a few extra bytes but save a
+             * whole other copy.
+             */
+            alloc_len = state->contents_length;
+            poolp = NULL; /* quiet compiler warnings about unused... */
+
+            if (item == NULL || state->top->filter_only) {
+                if (item != NULL) {
+                    item->data = NULL;
+                    item->len = 0;
+                }
+                alloc_len = 0;
+            } else if (state->substring) {
+                /*
+                 * If we are a substring of a constructed string, then we may
+                 * not have to allocate anything (because our parent, the
+                 * actual constructed string, did it for us).  If we are a
+                 * substring and we *do* have to allocate, that means our
+                 * parent is an indefinite-length, so we allocate from our pool;
+                 * later our parent will copy our string into the aggregated
+                 * whole and free our pool allocation.
+                 */
+                if (item->data == NULL) {
+                    PORT_Assert(item->len == 0);
+                    poolp = state->top->our_pool;
+                } else {
+                    alloc_len = 0;
+                }
+            } else {
+                item->len = 0;
+                item->data = NULL;
+                poolp = state->top->their_pool;
+            }
+
+            if (alloc_len || ((!state->indefinite) && (state->subitems_head != NULL))) {
+                struct subitem *subitem;
+                int len;
+
+                PORT_Assert(item);
+                if (!item) {
+                    PORT_SetError(SEC_ERROR_BAD_DER);
+                    state->top->status = decodeError;
+                    return;
+                }
+                PORT_Assert(item->len == 0 && item->data == NULL);
+                /*
+                 * Check for and handle an ANY which has stashed aside the
+                 * header (identifier and length) bytes for us to include
+                 * in the saved contents.
+                 */
+                if (state->subitems_head != NULL) {
+                    PORT_Assert(state->underlying_kind == SEC_ASN1_ANY);
+                    for (subitem = state->subitems_head;
+                         subitem != NULL; subitem = subitem->next)
+                        alloc_len += subitem->len;
+                }
+
+                if (state->top->max_element_size > 0 &&
+                    alloc_len > state->top->max_element_size) {
+                    PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+                    state->top->status = decodeError;
+                    return;
+                }
+
+                item->data = (unsigned char *)sec_asn1d_zalloc(poolp, alloc_len);
+                if (item->data == NULL) {
+                    state->top->status = decodeError;
+                    break;
+                }
+
+                len = 0;
+                for (subitem = state->subitems_head;
+                     subitem != NULL; subitem = subitem->next) {
+                    PORT_Memcpy(item->data + len, subitem->data, subitem->len);
+                    len += subitem->len;
+                }
+                item->len = len;
+
+                /*
+                 * Because we use arenas and have a mark set, we later free
+                 * everything we have allocated, so this does *not* present
+                 * a memory leak (it is just temporarily left dangling).
+                 */
+                state->subitems_head = state->subitems_tail = NULL;
+            }
+
+            if (state->contents_length == 0 && (!state->indefinite)) {
+                /*
+                 * A zero-length simple or constructed string; we are done.
+                 */
+                state->place = afterEndOfContents;
+            } else if (state->found_tag_modifiers & SEC_ASN1_CONSTRUCTED) {
+                const SEC_ASN1Template *sub;
+
+                switch (state->underlying_kind) {
+                    case SEC_ASN1_ANY:
+                    case SEC_ASN1_ANY_CONTENTS:
+                        sub = SEC_AnyTemplate;
+                        break;
+                    case SEC_ASN1_BIT_STRING:
+                        sub = SEC_BitStringTemplate;
+                        break;
+                    case SEC_ASN1_BMP_STRING:
+                        sub = SEC_BMPStringTemplate;
+                        break;
+                    case SEC_ASN1_GENERALIZED_TIME:
+                        sub = SEC_GeneralizedTimeTemplate;
+                        break;
+                    case SEC_ASN1_IA5_STRING:
+                        sub = SEC_IA5StringTemplate;
+                        break;
+                    case SEC_ASN1_OCTET_STRING:
+                        sub = SEC_OctetStringTemplate;
+                        break;
+                    case SEC_ASN1_PRINTABLE_STRING:
+                        sub = SEC_PrintableStringTemplate;
+                        break;
+                    case SEC_ASN1_T61_STRING:
+                        sub = SEC_T61StringTemplate;
+                        break;
+                    case SEC_ASN1_UNIVERSAL_STRING:
+                        sub = SEC_UniversalStringTemplate;
+                        break;
+                    case SEC_ASN1_UTC_TIME:
+                        sub = SEC_UTCTimeTemplate;
+                        break;
+                    case SEC_ASN1_UTF8_STRING:
+                        sub = SEC_UTF8StringTemplate;
+                        break;
+                    case SEC_ASN1_VISIBLE_STRING:
+                        sub = SEC_VisibleStringTemplate;
+                        break;
+                    case SEC_ASN1_SKIP:
+                        sub = SEC_SkipTemplate;
+                        break;
+                    default:            /* redundant given outer switch cases, but */
+                        PORT_Assert(0); /* the compiler does not seem to know that, */
+                        sub = NULL;     /* so just do enough to quiet it. */
+                        break;
+                }
+
+                state->place = duringConstructedString;
+                state = sec_asn1d_push_state(state->top, sub, item, PR_TRUE);
+                if (state != NULL) {
+                    state->substring = PR_TRUE; /* XXX propogate? */
+                    (void)sec_asn1d_init_state_based_on_template(state);
+                }
+            } else if (state->indefinite) {
+                /*
+                 * An indefinite-length string *must* be constructed!
+                 */
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+            } else {
+                /*
+                 * A non-zero-length simple string.
+                 */
+                if (state->underlying_kind == SEC_ASN1_BIT_STRING)
+                    state->place = beforeBitString;
+                else
+                    state->place = duringLeaf;
+            }
+            break;
+
+        default:
+            /*
+             * We are allocating for a simple leaf item.
+             */
+            if (state->contents_length) {
+                if (state->dest != NULL) {
+                    item = (SECItem *)(state->dest);
+                    item->len = 0;
+                    if (state->top->max_element_size > 0 &&
+                        state->contents_length > state->top->max_element_size) {
+                        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+                        state->top->status = decodeError;
+                        return;
+                    }
+
+                    if (state->top->filter_only) {
+                        item->data = NULL;
+                    } else {
+                        item->data = (unsigned char *)
+                            sec_asn1d_zalloc(state->top->their_pool,
+                                             state->contents_length);
+                        if (item->data == NULL) {
+                            state->top->status = decodeError;
+                            return;
+                        }
+                    }
+                }
+                state->place = duringLeaf;
+            } else {
+                /*
+                 * An indefinite-length or zero-length item is not allowed.
+                 * (All legal cases of such were handled above.)
+                 */
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+            }
+    }
+}
+
+static void
+sec_asn1d_free_child(sec_asn1d_state *state, PRBool error)
+{
+    if (state->child != NULL) {
+        PORT_Assert(error || state->child->consumed == 0);
+        PORT_Assert(state->our_mark != NULL);
+        PORT_ArenaZRelease(state->top->our_pool, state->our_mark);
+        if (error && state->top->their_pool == NULL) {
+            /*
+             * XXX We need to free anything allocated.
+             * At this point, we failed in the middle of decoding. But we
+             * can't free the data we previously allocated with PR_Malloc
+             * unless we keep track of every pointer. So instead we have a
+             * memory leak when decoding fails half-way, unless an arena is
+             * used. See bug 95311 .
+            */
+        }
+        state->child = NULL;
+        state->our_mark = NULL;
+    } else {
+        /*
+         * It is important that we do not leave a mark unreleased/unmarked.
+         * But I do not think we should ever have one set in this case, only
+         * if we had a child (handled above).  So check for that.  If this
+         * assertion should ever get hit, then we probably need to add code
+         * here to release back to our_mark (and then set our_mark to NULL).
+         */
+        PORT_Assert(state->our_mark == NULL);
+    }
+    state->place = beforeEndOfContents;
+}
+
+/* We have just saved an entire encoded ASN.1 object (type) for a SAVE
+** template, and now in the next template, we are going to decode that
+** saved data  by calling SEC_ASN1DecoderUpdate recursively.
+** If that recursive call fails with needBytes, it is a fatal error,
+** because the encoded object should have been complete.
+** If that recursive call fails with decodeError, it will have already
+** cleaned up the state stack, so we must bail out quickly.
+**
+** These checks of the status returned by the recursive call are now
+** done in the caller of this function, immediately after it returns.
+*/
+static void
+sec_asn1d_reuse_encoding(sec_asn1d_state *state)
+{
+    sec_asn1d_state *child;
+    unsigned long consumed;
+    SECItem *item;
+    void *dest;
+
+    child = state->child;
+    PORT_Assert(child != NULL);
+
+    consumed = child->consumed;
+    child->consumed = 0;
+
+    item = (SECItem *)(state->dest);
+    PORT_Assert(item != NULL);
+
+    PORT_Assert(item->len == consumed);
+
+    /*
+     * Free any grandchild.
+     */
+    sec_asn1d_free_child(child, PR_FALSE);
+
+    /*
+     * Notify after the SAVE field.
+     */
+    sec_asn1d_notify_after(state->top, state->dest, state->depth);
+
+    /*
+     * Adjust to get new dest and move forward.
+     */
+    dest = (char *)state->dest - state->theTemplate->offset;
+    state->theTemplate++;
+    child->dest = (char *)dest + state->theTemplate->offset;
+    child->theTemplate = state->theTemplate;
+
+    /*
+     * Notify before the "real" field.
+     */
+    PORT_Assert(state->depth == child->depth);
+    sec_asn1d_notify_before(state->top, child->dest, child->depth);
+
+    /*
+     * This will tell DecoderUpdate to return when it is done.
+     */
+    state->place = afterSaveEncoding;
+
+    /*
+     * We already have a child; "push" it by making it current.
+     */
+    state->top->current = child;
+
+    /*
+     * And initialize it so it is ready to parse.
+     */
+    (void)sec_asn1d_init_state_based_on_template(child);
+
+    /*
+     * Now parse that out of our data.
+     */
+    if (SEC_ASN1DecoderUpdate(state->top,
+                              (char *)item->data, item->len) != SECSuccess)
+        return;
+    if (state->top->status == needBytes) {
+        return;
+    }
+
+    PORT_Assert(state->top->current == state);
+    PORT_Assert(state->child == child);
+
+    /*
+     * That should have consumed what we consumed before.
+     */
+    PORT_Assert(consumed == child->consumed);
+    child->consumed = 0;
+
+    /*
+     * Done.
+     */
+    state->consumed += consumed;
+    child->place = notInUse;
+    state->place = afterEndOfContents;
+}
+
+static unsigned long
+sec_asn1d_parse_leaf(sec_asn1d_state *state,
+                     const char *buf, unsigned long len)
+{
+    SECItem *item;
+    unsigned long bufLen;
+
+    if (len == 0) {
+        state->top->status = needBytes;
+        return 0;
+    }
+
+    if (state->pending < len)
+        len = state->pending;
+
+    bufLen = len;
+
+    item = (SECItem *)(state->dest);
+    if (item != NULL && item->data != NULL) {
+        unsigned long offset;
+        /* Strip leading zeroes when target is unsigned integer */
+        if (state->underlying_kind == SEC_ASN1_INTEGER && /* INTEGER   */
+            item->len == 0 &&                             /* MSB       */
+            item->type == siUnsignedInteger)              /* unsigned  */
+        {
+            while (len > 1 && buf[0] == 0) { /* leading 0 */
+                buf++;
+                len--;
+            }
+        }
+        offset = item->len;
+        if (state->underlying_kind == SEC_ASN1_BIT_STRING) {
+            // The previous bit string must have no unused bits.
+            if (item->len & 0x7) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return 0;
+            }
+            // If this is a bit string, the length is bits, not bytes.
+            offset = item->len >> 3;
+        }
+        if (state->underlying_kind == SEC_ASN1_BIT_STRING) {
+            unsigned long len_in_bits;
+            // Protect against overflow during the bytes-to-bits conversion.
+            if (len >= (ULONG_MAX >> 3) + 1) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return 0;
+            }
+            len_in_bits = (len << 3) - state->bit_string_unused_bits;
+            // Protect against overflow when computing the total length in bits.
+            if (UINT_MAX - item->len < len_in_bits) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return 0;
+            }
+            item->len += len_in_bits;
+        } else {
+            if (UINT_MAX - item->len < len) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return 0;
+            }
+            item->len += len;
+        }
+        PORT_Memcpy(item->data + offset, buf, len);
+    }
+    state->pending -= bufLen;
+    if (state->pending == 0)
+        state->place = beforeEndOfContents;
+
+    return bufLen;
+}
+
+static unsigned long
+sec_asn1d_parse_bit_string(sec_asn1d_state *state,
+                           const char *buf, unsigned long len)
+{
+    unsigned char byte;
+
+    /*PORT_Assert (state->pending > 0); */
+    PORT_Assert(state->place == beforeBitString);
+
+    if (state->pending == 0) {
+        if (state->dest != NULL) {
+            SECItem *item = (SECItem *)(state->dest);
+            item->data = NULL;
+            item->len = 0;
+            state->place = beforeEndOfContents;
+            return 0;
+        }
+    }
+
+    if (len == 0) {
+        state->top->status = needBytes;
+        return 0;
+    }
+
+    byte = (unsigned char)*buf;
+    if (byte > 7) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        state->top->status = decodeError;
+        return 0;
+    }
+
+    state->bit_string_unused_bits = byte;
+    state->place = duringBitString;
+    state->pending -= 1;
+
+    return 1;
+}
+
+static unsigned long
+sec_asn1d_parse_more_bit_string(sec_asn1d_state *state,
+                                const char *buf, unsigned long len)
+{
+    PORT_Assert(state->place == duringBitString);
+    if (state->pending == 0) {
+        /* An empty bit string with some unused bits is invalid. */
+        if (state->bit_string_unused_bits) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+        } else {
+            /* An empty bit string with no unused bits is OK. */
+            state->place = beforeEndOfContents;
+        }
+        return 0;
+    }
+
+    len = sec_asn1d_parse_leaf(state, buf, len);
+    return len;
+}
+
+/*
+ * XXX All callers should be looking at return value to detect
+ * out-of-memory errors (and stop!).
+ */
+static struct subitem *
+sec_asn1d_add_to_subitems(sec_asn1d_state *state,
+                          const void *data, unsigned long len,
+                          PRBool copy_data)
+{
+    struct subitem *thing;
+
+    thing = (struct subitem *)sec_asn1d_zalloc(state->top->our_pool,
+                                               sizeof(struct subitem));
+    if (thing == NULL) {
+        state->top->status = decodeError;
+        return NULL;
+    }
+
+    if (copy_data) {
+        void *copy;
+        copy = sec_asn1d_alloc(state->top->our_pool, len);
+        if (copy == NULL) {
+            state->top->status = decodeError;
+            if (!state->top->our_pool)
+                PORT_Free(thing);
+            return NULL;
+        }
+        PORT_Memcpy(copy, data, len);
+        thing->data = copy;
+    } else {
+        thing->data = data;
+    }
+    thing->len = len;
+    thing->next = NULL;
+
+    if (state->subitems_head == NULL) {
+        PORT_Assert(state->subitems_tail == NULL);
+        state->subitems_head = state->subitems_tail = thing;
+    } else {
+        state->subitems_tail->next = thing;
+        state->subitems_tail = thing;
+    }
+
+    return thing;
+}
+
+static void
+sec_asn1d_record_any_header(sec_asn1d_state *state,
+                            const char *buf,
+                            unsigned long len)
+{
+    SECItem *item;
+
+    item = (SECItem *)(state->dest);
+    if (item != NULL && item->data != NULL) {
+        PORT_Assert(state->substring);
+        PORT_Memcpy(item->data + item->len, buf, len);
+        item->len += len;
+    } else {
+        sec_asn1d_add_to_subitems(state, buf, len, PR_TRUE);
+    }
+}
+
+/*
+ * We are moving along through the substrings of a constructed string,
+ * and have just finished parsing one -- we need to save our child data
+ * (if the child was not already writing directly into the destination)
+ * and then move forward by one.
+ *
+ * We also have to detect when we are done:
+ *  - a definite-length encoding stops when our pending value hits 0
+ *  - an indefinite-length encoding stops when our child is empty
+ *    (which means it was the end-of-contents octets)
+ */
+static void
+sec_asn1d_next_substring(sec_asn1d_state *state)
+{
+    sec_asn1d_state *child;
+    SECItem *item;
+    unsigned long child_consumed;
+    PRBool done;
+
+    PORT_Assert(state->place == duringConstructedString);
+    PORT_Assert(state->child != NULL);
+
+    child = state->child;
+
+    child_consumed = child->consumed;
+    child->consumed = 0;
+    state->consumed += child_consumed;
+
+    done = PR_FALSE;
+
+    if (state->pending) {
+        PORT_Assert(!state->indefinite);
+        if (child_consumed > state->pending) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+            return;
+        }
+
+        state->pending -= child_consumed;
+        if (state->pending == 0)
+            done = PR_TRUE;
+    } else {
+        PRBool preallocatedString;
+        sec_asn1d_state *temp_state;
+        PORT_Assert(state->indefinite);
+
+        item = (SECItem *)(child->dest);
+
+        /**
+         * At this point, there's three states at play:
+         *   child: The element that was just parsed
+         *   state: The currently processed element
+         *   'parent' (aka state->parent): The enclosing construct
+         *      of state, or NULL if this is the top-most element.
+         *
+         * This state handles both substrings of a constructed string AND
+         * child elements of items whose template type was that of
+         * SEC_ASN1_ANY, SEC_ASN1_SAVE, SEC_ASN1_ANY_CONTENTS, SEC_ASN1_SKIP
+         * template, as described in sec_asn1d_prepare_for_contents. For
+         * brevity, these will be referred to as 'string' and 'any' types.
+         *
+         * This leads to the following possibilities:
+         *   1: This element is an indefinite length string, part of a
+         *      definite length string.
+         *   2: This element is an indefinite length string, part of an
+         *      indefinite length string.
+         *   3: This element is an indefinite length any, part of a
+         *      definite length any.
+         *   4: This element is an indefinite length any, part of an
+         *      indefinite length any.
+         *   5: This element is an indefinite length any and does not
+         *      meet any of the above criteria. Note that this would include
+         *      an indefinite length string type matching an indefinite
+         *      length any template.
+         *
+         * In Cases #1 and #3, the definite length 'parent' element will
+         * have allocated state->dest based on the parent elements definite
+         * size. During the processing of 'child', sec_asn1d_parse_leaf will
+         * have copied the (string, any) data directly into the offset of
+         * dest, as appropriate, so there's no need for this class to still
+         * store the child - it's already been processed.
+         *
+         * In Cases #2 and #4, dest will be set to the parent element's dest,
+         * but dest->data will not have been allocated yet, due to the
+         * indefinite length encoding. In this situation, it's necessary to
+         * hold onto child (and all other children) until the EOC, at which
+         * point, it becomes possible to compute 'state's overall length. Once
+         * 'state' has a computed length, this can then be fed to 'parent' (via
+         * this state), and then 'parent' can similarly compute the length of
+         * all of its children up to the EOC, which will ultimately transit to
+         * sec_asn1d_concat_substrings, determine the overall size needed,
+         * allocate, and copy the contents (of all of parent's children, which
+         * would include 'state', just as 'state' will have copied all of its
+         * children via sec_asn1d_concat_substrings)
+         *
+         * The final case, Case #5, will manifest in that item->data and
+         * item->len will be NULL/0, respectively, since this element was
+         * indefinite-length encoded. In that case, both the tag and length will
+         * already exist in state's subitems, via sec_asn1d_record_any_header,
+         * and so the contents (aka 'child') should be added to that list of
+         * items to concatenate in sec_asn1d_concat_substrings once the EOC
+         * is encountered.
+         *
+         * To distinguish #2/#4 from #1/#3, it's sufficient to walk the ancestor
+         * tree. If the current type is a string type, then the enclosing
+         * construct will be that same type (#1/#2). If the current type is an
+         * any type, then the enclosing construct is either an any type (#3/#4)
+         * or some other type (#5). Since this is BER, this nesting relationship
+         * between 'state' and 'parent' may go through several levels of
+         * constructed encoding, so continue walking the ancestor chain until a
+         * clear determination can be made.
+         *
+         * The variable preallocatedString is used to indicate Case #1/#3,
+         * indicating an in-place copy has already occurred, and Cases #2, #4,
+         * and #5 all have the same behaviour of adding a new substring.
+         */
+        preallocatedString = PR_FALSE;
+        temp_state = state;
+        while (temp_state && item == temp_state->dest && temp_state->indefinite) {
+            sec_asn1d_state *parent = sec_asn1d_get_enclosing_construct(temp_state);
+            if (!parent || parent->underlying_kind != temp_state->underlying_kind) {
+                /* Case #5 - Either this is a top-level construct or it is part
+                 * of some other element (e.g. a SEQUENCE), in which case, a
+                 * new item should be allocated. */
+                break;
+            }
+            if (!parent->indefinite) {
+                /* Cases #1 / #3 - A definite length ancestor exists, for which
+                 * this is a substring that has already copied into dest. */
+                preallocatedString = PR_TRUE;
+                break;
+            }
+            if (!parent->substring) {
+                /* Cases #2 / #4 - If the parent is not a substring, but is
+                 * indefinite, then there's nothing further up that may have
+                 * preallocated dest, thus child will not have already
+                 * been copied in place, therefore it's necessary to save child
+                 * as a subitem. */
+                break;
+            }
+            temp_state = parent;
+        }
+        if (item != NULL && item->data != NULL && !preallocatedString) {
+            /*
+             * Save the string away for later concatenation.
+             */
+            PORT_Assert(item->data != NULL);
+            sec_asn1d_add_to_subitems(state, item->data, item->len, PR_FALSE);
+            /*
+             * Clear the child item for the next round.
+             */
+            item->data = NULL;
+            item->len = 0;
+        }
+
+        /*
+         * If our child was just our end-of-contents octets, we are done.
+         */
+        if (child->endofcontents)
+            done = PR_TRUE;
+    }
+
+    /*
+     * Stop or do the next one.
+     */
+    if (done) {
+        child->place = notInUse;
+        state->place = afterConstructedString;
+    } else {
+        sec_asn1d_scrub_state(child);
+        state->top->current = child;
+    }
+}
+
+/*
+ * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
+ */
+static void
+sec_asn1d_next_in_group(sec_asn1d_state *state)
+{
+    sec_asn1d_state *child;
+    unsigned long child_consumed;
+
+    PORT_Assert(state->place == duringGroup);
+    PORT_Assert(state->child != NULL);
+
+    child = state->child;
+
+    child_consumed = child->consumed;
+    child->consumed = 0;
+    state->consumed += child_consumed;
+
+    /*
+     * If our child was just our end-of-contents octets, we are done.
+     */
+    if (child->endofcontents) {
+        /* XXX I removed the PORT_Assert (child->dest == NULL) because there
+         * was a bug in that a template that was a sequence of which also had
+         * a child of a sequence of, in an indefinite group was not working
+         * properly.  This fix seems to work, (added the if statement below),
+         * and nothing appears broken, but I am putting this note here just
+         * in case. */
+        /*
+         * XXX No matter how many times I read that comment,
+         * I cannot figure out what case he was fixing.  I believe what he
+         * did was deliberate, so I am loathe to touch it.  I need to
+         * understand how it could ever be that child->dest != NULL but
+         * child->endofcontents is true, and why it is important to check
+         * that state->subitems_head is NULL.  This really needs to be
+         * figured out, as I am not sure if the following code should be
+         * compensating for "offset", as is done a little farther below
+         * in the more normal case.
+         */
+        PORT_Assert(state->indefinite);
+        PORT_Assert(state->pending == 0);
+        if (child->dest && !state->subitems_head) {
+            sec_asn1d_add_to_subitems(state, child->dest, 0, PR_FALSE);
+            child->dest = NULL;
+        }
+
+        child->place = notInUse;
+        state->place = afterGroup;
+        return;
+    }
+
+    /*
+     * Do the "after" field notification for next in group.
+     */
+    sec_asn1d_notify_after(state->top, child->dest, child->depth);
+
+    /*
+     * Save it away (unless we are not storing).
+     */
+    if (child->dest != NULL) {
+        void *dest;
+
+        dest = child->dest;
+        dest = (char *)dest - child->theTemplate->offset;
+        sec_asn1d_add_to_subitems(state, dest, 0, PR_FALSE);
+        child->dest = NULL;
+    }
+
+    /*
+     * Account for those bytes; see if we are done.
+     */
+    if (state->pending) {
+        PORT_Assert(!state->indefinite);
+        if (child_consumed > state->pending) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+            return;
+        }
+
+        state->pending -= child_consumed;
+        if (state->pending == 0) {
+            child->place = notInUse;
+            state->place = afterGroup;
+            return;
+        }
+    }
+
+    /*
+     * Do the "before" field notification for next item in group.
+     */
+    sec_asn1d_notify_before(state->top, child->dest, child->depth);
+
+    /*
+     * Now we do the next one.
+     */
+    sec_asn1d_scrub_state(child);
+
+    /* Initialize child state from the template */
+    sec_asn1d_init_state_based_on_template(child);
+
+    state->top->current = child;
+}
+
+/*
+ * We are moving along through a sequence; move forward by one,
+ * (detecting end-of-sequence when it happens).
+ * XXX The handling of "missing" is ugly.  Fix it.
+ */
+static void
+sec_asn1d_next_in_sequence(sec_asn1d_state *state)
+{
+    sec_asn1d_state *child;
+    unsigned long child_consumed;
+    PRBool child_missing;
+
+    PORT_Assert(state->place == duringSequence);
+    PORT_Assert(state->child != NULL);
+
+    child = state->child;
+
+    /*
+     * Do the "after" field notification.
+     */
+    sec_asn1d_notify_after(state->top, child->dest, child->depth);
+
+    child_missing = (PRBool)child->missing;
+    child_consumed = child->consumed;
+    child->consumed = 0;
+
+    /*
+     * Take care of accounting.
+     */
+    if (child_missing) {
+        PORT_Assert(child->optional);
+    } else {
+        state->consumed += child_consumed;
+        /*
+         * Free any grandchild.
+         */
+        sec_asn1d_free_child(child, PR_FALSE);
+        if (state->pending) {
+            PORT_Assert(!state->indefinite);
+            if (child_consumed > state->pending) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return;
+            }
+            state->pending -= child_consumed;
+            if (state->pending == 0) {
+                child->theTemplate++;
+                while (child->theTemplate->kind != 0) {
+                    if ((child->theTemplate->kind & SEC_ASN1_OPTIONAL) == 0) {
+                        PORT_SetError(SEC_ERROR_BAD_DER);
+                        state->top->status = decodeError;
+                        return;
+                    }
+                    child->theTemplate++;
+                }
+                child->place = notInUse;
+                state->place = afterEndOfContents;
+                return;
+            }
+        }
+    }
+
+    /*
+     * Move forward.
+     */
+    child->theTemplate++;
+    if (child->theTemplate->kind == 0) {
+        /*
+         * We are done with this sequence.
+         */
+        child->place = notInUse;
+        if (state->pending) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+        } else if (child_missing) {
+            /*
+             * We got to the end, but have a child that started parsing
+             * and ended up "missing".  The only legitimate reason for
+             * this is that we had one or more optional fields at the
+             * end of our sequence, and we were encoded indefinite-length,
+             * so when we went looking for those optional fields we
+             * found our end-of-contents octets instead.
+             * (Yes, this is ugly; dunno a better way to handle it.)
+             * So, first confirm the situation, and then mark that we
+             * are done.
+             */
+            if (state->indefinite && child->endofcontents) {
+                PORT_Assert(child_consumed == 2);
+                if (child_consumed != 2) {
+                    PORT_SetError(SEC_ERROR_BAD_DER);
+                    state->top->status = decodeError;
+                } else {
+                    state->consumed += child_consumed;
+                    state->place = afterEndOfContents;
+                }
+            } else {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+            }
+        } else {
+            /*
+             * We have to finish out, maybe reading end-of-contents octets;
+             * let the normal logic do the right thing.
+             */
+            state->place = beforeEndOfContents;
+        }
+    } else {
+        unsigned char child_found_tag_modifiers = 0;
+        unsigned long child_found_tag_number = 0;
+
+        /*
+         * Reset state and push.
+         */
+        if (state->dest != NULL)
+            child->dest = (char *)state->dest + child->theTemplate->offset;
+
+        /*
+         * Do the "before" field notification.
+         */
+        sec_asn1d_notify_before(state->top, child->dest, child->depth);
+
+        if (child_missing) { /* if previous child was missing, copy the tag data we already have */
+            child_found_tag_modifiers = child->found_tag_modifiers;
+            child_found_tag_number = child->found_tag_number;
+        }
+        state->top->current = child;
+        child = sec_asn1d_init_state_based_on_template(child);
+        if (child_missing && child) {
+            child->place = afterIdentifier;
+            child->found_tag_modifiers = child_found_tag_modifiers;
+            child->found_tag_number = child_found_tag_number;
+            child->consumed = child_consumed;
+            if (child->underlying_kind == SEC_ASN1_ANY && !child->top->filter_only) {
+                /*
+                 * If the new field is an ANY, and we are storing, then
+                 * we need to save the tag out.  We would have done this
+                 * already in the normal case, but since we were looking
+                 * for an optional field, and we did not find it, we only
+                 * now realize we need to save the tag.
+                 */
+                unsigned char identifier;
+
+                /*
+                 * Check that we did not end up with a high tag; for that
+                 * we need to re-encode the tag into multiple bytes in order
+                 * to store it back to look like what we parsed originally.
+                 * In practice this does not happen, but for completeness
+                 * sake it should probably be made to work at some point.
+                 */
+                PORT_Assert(child_found_tag_number < SEC_ASN1_HIGH_TAG_NUMBER);
+                identifier = (unsigned char)(child_found_tag_modifiers | child_found_tag_number);
+                sec_asn1d_record_any_header(child, (char *)&identifier, 1);
+            }
+        }
+    }
+}
+
+static void
+sec_asn1d_concat_substrings(sec_asn1d_state *state)
+{
+    PORT_Assert(state->place == afterConstructedString);
+
+    if (state->subitems_head != NULL) {
+        struct subitem *substring;
+        unsigned long alloc_len, item_len;
+        unsigned char *where;
+        SECItem *item;
+        PRBool is_bit_string;
+
+        item_len = 0;
+        is_bit_string = (state->underlying_kind == SEC_ASN1_BIT_STRING)
+                            ? PR_TRUE
+                            : PR_FALSE;
+
+        substring = state->subitems_head;
+        while (substring != NULL) {
+            /*
+             * All bit-string substrings except the last one should be
+             * a clean multiple of 8 bits.
+             */
+            if (is_bit_string && (substring->next != NULL) && (substring->len & 0x7)) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return;
+            }
+            item_len += substring->len;
+            substring = substring->next;
+        }
+
+        if (is_bit_string) {
+            alloc_len = ((item_len + 7) >> 3);
+        } else {
+            /*
+             * Add 2 for the end-of-contents octets of an indefinite-length
+             * ANY that is *not* also an INNER.  Because we zero-allocate
+             * below, all we need to do is increase the length here.
+             */
+            if (state->underlying_kind == SEC_ASN1_ANY && state->indefinite)
+                item_len += 2;
+            alloc_len = item_len;
+        }
+
+        if (state->top->max_element_size > 0 &&
+            alloc_len > state->top->max_element_size) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+            state->top->status = decodeError;
+            return;
+        }
+
+        item = (SECItem *)(state->dest);
+        PORT_Assert(item != NULL);
+        PORT_Assert(item->data == NULL);
+        item->data = (unsigned char *)sec_asn1d_zalloc(state->top->their_pool,
+                                                       alloc_len);
+        if (item->data == NULL) {
+            state->top->status = decodeError;
+            return;
+        }
+        item->len = item_len;
+
+        where = item->data;
+        substring = state->subitems_head;
+        while (substring != NULL) {
+            if (is_bit_string)
+                item_len = (substring->len + 7) >> 3;
+            else
+                item_len = substring->len;
+            PORT_Memcpy(where, substring->data, item_len);
+            where += item_len;
+            substring = substring->next;
+        }
+
+        /*
+         * Because we use arenas and have a mark set, we later free
+         * everything we have allocated, so this does *not* present
+         * a memory leak (it is just temporarily left dangling).
+         */
+        state->subitems_head = state->subitems_tail = NULL;
+    }
+
+    state->place = afterEndOfContents;
+}
+
+static void
+sec_asn1d_concat_group(sec_asn1d_state *state)
+{
+    const void ***placep;
+
+    PORT_Assert(state->place == afterGroup);
+
+    placep = (const void ***)state->dest;
+    PORT_Assert(state->subitems_head == NULL || placep != NULL);
+    if (placep != NULL) {
+        struct subitem *item;
+        const void **group;
+        int count;
+
+        count = 0;
+        item = state->subitems_head;
+        while (item != NULL) {
+            PORT_Assert(item->next != NULL || item == state->subitems_tail);
+            count++;
+            item = item->next;
+        }
+
+        group = (const void **)sec_asn1d_zalloc(state->top->their_pool,
+                                                (count + 1) * (sizeof(void *)));
+        if (group == NULL) {
+            state->top->status = decodeError;
+            return;
+        }
+
+        *placep = group;
+
+        item = state->subitems_head;
+        while (item != NULL) {
+            *group++ = item->data;
+            item = item->next;
+        }
+        *group = NULL;
+
+        /*
+         * Because we use arenas and have a mark set, we later free
+         * everything we have allocated, so this does *not* present
+         * a memory leak (it is just temporarily left dangling).
+         */
+        state->subitems_head = state->subitems_tail = NULL;
+    }
+
+    state->place = afterEndOfContents;
+}
+
+/*
+ * For those states that push a child to handle a subtemplate,
+ * "absorb" that child (transfer necessary information).
+ */
+static void
+sec_asn1d_absorb_child(sec_asn1d_state *state)
+{
+    /*
+     * There is absolutely supposed to be a child there.
+     */
+    PORT_Assert(state->child != NULL);
+
+    /*
+     * Inherit the missing status of our child, and do the ugly
+     * backing-up if necessary.
+     */
+    state->missing = state->child->missing;
+    if (state->missing) {
+        state->found_tag_number = state->child->found_tag_number;
+        state->found_tag_modifiers = state->child->found_tag_modifiers;
+        state->endofcontents = state->child->endofcontents;
+    }
+
+    /*
+     * Add in number of bytes consumed by child.
+     * (Only EXPLICIT should have already consumed bytes itself.)
+     */
+    PORT_Assert(state->place == afterExplicit || state->consumed == 0);
+    state->consumed += state->child->consumed;
+
+    /*
+     * Subtract from bytes pending; this only applies to a definite-length
+     * EXPLICIT field.
+     */
+    if (state->pending) {
+        PORT_Assert(!state->indefinite);
+        PORT_Assert(state->place == afterExplicit);
+
+        /*
+         * If we had a definite-length explicit, then what the child
+         * consumed should be what was left pending.
+         */
+        if (state->pending != state->child->consumed) {
+            if (state->pending < state->child->consumed) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return;
+            }
+            /*
+             * Okay, this is a hack.  It *should* be an error whether
+             * pending is too big or too small, but it turns out that
+             * we had a bug in our *old* DER encoder that ended up
+             * counting an explicit header twice in the case where
+             * the underlying type was an ANY.  So, because we cannot
+             * prevent receiving these (our own certificate server can
+             * send them to us), we need to be lenient and accept them.
+             * To do so, we need to pretend as if we read all of the
+             * bytes that the header said we would find, even though
+             * we actually came up short.
+             */
+            state->consumed += (state->pending - state->child->consumed);
+        }
+        state->pending = 0;
+    }
+
+    /*
+     * Indicate that we are done with child.
+     */
+    state->child->consumed = 0;
+
+    /*
+     * And move on to final state.
+     * (Technically everybody could move to afterEndOfContents except
+     * for an indefinite-length EXPLICIT; for simplicity though we assert
+     * that but let the end-of-contents code do the real determination.)
+     */
+    PORT_Assert(state->place == afterExplicit || (!state->indefinite));
+    state->place = beforeEndOfContents;
+}
+
+static void
+sec_asn1d_prepare_for_end_of_contents(sec_asn1d_state *state)
+{
+    PORT_Assert(state->place == beforeEndOfContents);
+
+    if (state->indefinite) {
+        state->place = duringEndOfContents;
+        state->pending = 2;
+    } else {
+        state->place = afterEndOfContents;
+    }
+}
+
+static unsigned long
+sec_asn1d_parse_end_of_contents(sec_asn1d_state *state,
+                                const char *buf, unsigned long len)
+{
+    unsigned int i;
+
+    PORT_Assert(state->pending <= 2);
+    PORT_Assert(state->place == duringEndOfContents);
+
+    if (len == 0) {
+        state->top->status = needBytes;
+        return 0;
+    }
+
+    if (state->pending < len)
+        len = state->pending;
+
+    for (i = 0; i < len; i++) {
+        if (buf[i] != 0) {
+            /*
+             * We expect to find only zeros; if not, just give up.
+             */
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+            return 0;
+        }
+    }
+
+    state->pending -= len;
+
+    if (state->pending == 0) {
+        state->place = afterEndOfContents;
+        state->endofcontents = PR_TRUE;
+    }
+
+    return len;
+}
+
+static void
+sec_asn1d_pop_state(sec_asn1d_state *state)
+{
+#if 0  /* XXX I think this should always be handled explicitly by parent? */
+    /*
+     * Account for our child.
+     */
+    if (state->child != NULL) {
+    state->consumed += state->child->consumed;
+    if (state->pending) {
+        PORT_Assert (!state->indefinite);
+        if (state->child->consumed > state->pending) {
+        PORT_SetError (SEC_ERROR_BAD_DER);
+        state->top->status = decodeError;
+        } else {
+        state->pending -= state->child->consumed;
+        }
+    }
+    state->child->consumed = 0;
+    }
+#endif /* XXX */
+
+    /*
+     * Free our child.
+     */
+    sec_asn1d_free_child(state, PR_FALSE);
+
+    /*
+     * Just make my parent be the current state.  It will then clean
+     * up after me and free me (or reuse me).
+     */
+    state->top->current = state->parent;
+}
+
+static sec_asn1d_state *
+sec_asn1d_before_choice(sec_asn1d_state *state)
+{
+    sec_asn1d_state *child;
+
+    if (state->allocate) {
+        void *dest;
+
+        dest = sec_asn1d_zalloc(state->top->their_pool, state->theTemplate->size);
+        if ((void *)NULL == dest) {
+            state->top->status = decodeError;
+            return (sec_asn1d_state *)NULL;
+        }
+
+        state->dest = (char *)dest + state->theTemplate->offset;
+    }
+
+    child = sec_asn1d_push_state(state->top, state->theTemplate + 1,
+                                 (char *)state->dest - state->theTemplate->offset,
+                                 PR_FALSE);
+    if ((sec_asn1d_state *)NULL == child) {
+        return (sec_asn1d_state *)NULL;
+    }
+
+    sec_asn1d_scrub_state(child);
+    child = sec_asn1d_init_state_based_on_template(child);
+    if ((sec_asn1d_state *)NULL == child) {
+        return (sec_asn1d_state *)NULL;
+    }
+
+    child->optional = PR_TRUE;
+
+    state->place = duringChoice;
+
+    return child;
+}
+
+static sec_asn1d_state *
+sec_asn1d_during_choice(sec_asn1d_state *state)
+{
+    sec_asn1d_state *child = state->child;
+
+    PORT_Assert((sec_asn1d_state *)NULL != child);
+
+    if (child->missing) {
+        unsigned char child_found_tag_modifiers = 0;
+        unsigned long child_found_tag_number = 0;
+        void *dest;
+
+        state->consumed += child->consumed;
+
+        if (child->endofcontents) {
+            /* This choice is probably the first item in a GROUP
+            ** (e.g. SET_OF) that was indefinite-length encoded.
+            ** We're actually at the end of that GROUP.
+            ** We look up the stack to be sure that we find
+            ** a state with indefinite length encoding before we
+            ** find a state (like a SEQUENCE) that is definite.
+            */
+            child->place = notInUse;
+            state->place = afterChoice;
+            state->endofcontents = PR_TRUE; /* propagate this up */
+            if (sec_asn1d_parent_allows_EOC(state))
+                return state;
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+            return NULL;
+        }
+
+        dest = (char *)child->dest - child->theTemplate->offset;
+        child->theTemplate++;
+
+        if (0 == child->theTemplate->kind) {
+            /* Ran out of choices */
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            state->top->status = decodeError;
+            return (sec_asn1d_state *)NULL;
+        }
+        child->dest = (char *)dest + child->theTemplate->offset;
+
+        /* cargo'd from next_in_sequence innards */
+        if (state->pending) {
+            PORT_Assert(!state->indefinite);
+            if (child->consumed > state->pending) {
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return NULL;
+            }
+            state->pending -= child->consumed;
+            if (0 == state->pending) {
+                /* XXX uh.. not sure if I should have stopped this
+                 * from happening before. */
+                PORT_Assert(0);
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                state->top->status = decodeError;
+                return (sec_asn1d_state *)NULL;
+            }
+        }
+
+        child->consumed = 0;
+        sec_asn1d_scrub_state(child);
+
+        /* move it on top again */
+        state->top->current = child;
+
+        child_found_tag_modifiers = child->found_tag_modifiers;
+        child_found_tag_number = child->found_tag_number;
+
+        child = sec_asn1d_init_state_based_on_template(child);
+        if ((sec_asn1d_state *)NULL == child) {
+            return (sec_asn1d_state *)NULL;
+        }
+
+        /* copy our findings to the new top */
+        child->found_tag_modifiers = child_found_tag_modifiers;
+        child->found_tag_number = child_found_tag_number;
+
+        child->optional = PR_TRUE;
+        child->place = afterIdentifier;
+
+        return child;
+    }
+    if ((void *)NULL != state->dest) {
+        /* Store the enum */
+        int *which = (int *)state->dest;
+        *which = (int)child->theTemplate->size;
+    }
+
+    child->place = notInUse;
+
+    state->place = afterChoice;
+    return state;
+}
+
+static void
+sec_asn1d_after_choice(sec_asn1d_state *state)
+{
+    state->consumed += state->child->consumed;
+    state->child->consumed = 0;
+    state->place = afterEndOfContents;
+    sec_asn1d_pop_state(state);
+}
+
+unsigned long
+sec_asn1d_uinteger(SECItem *src)
+{
+    unsigned long value;
+    int len;
+
+    if (src->len > 5 || (src->len > 4 && src->data[0] == 0))
+        return 0;
+
+    value = 0;
+    len = src->len;
+    while (len) {
+        value <<= 8;
+        value |= src->data[--len];
+    }
+    return value;
+}
+
+SECStatus
+SEC_ASN1DecodeInteger(SECItem *src, unsigned long *value)
+{
+    unsigned long v;
+    unsigned int i;
+
+    if (src == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (src->len > sizeof(unsigned long)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (src->data == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (src->data[0] & 0x80)
+        v = -1; /* signed and negative - start with all 1's */
+    else
+        v = 0;
+
+    for (i = 0; i < src->len; i++) {
+        /* shift in next byte */
+        v <<= 8;
+        v |= src->data[i];
+    }
+    *value = v;
+    return SECSuccess;
+}
+
+#ifdef DEBUG_ASN1D_STATES
+static void
+dump_states(SEC_ASN1DecoderContext *cx)
+{
+    sec_asn1d_state *state;
+    char kindBuf[256];
+
+    for (state = cx->current; state->parent; state = state->parent) {
+        ;
+    }
+
+    for (; state; state = state->child) {
+        int i;
+        for (i = 0; i < state->depth; i++) {
+            printf("  ");
+        }
+
+        i = formatKind(state->theTemplate->kind, kindBuf);
+        printf("%s: tmpl %08x, kind%s",
+               (state == cx->current) ? "STATE" : "State",
+               state->theTemplate,
+               kindBuf);
+        printf(" %s", (state->place >= 0 && state->place <= notInUse)
+                          ? place_names[state->place]
+                          : "(undefined)");
+        if (!i)
+            printf(", expect 0x%02x",
+                   state->expect_tag_number | state->expect_tag_modifiers);
+
+        printf("%s%s%s %d\n",
+               state->indefinite ? ", indef" : "",
+               state->missing ? ", miss" : "",
+               state->endofcontents ? ", EOC" : "",
+               state->pending);
+    }
+
+    return;
+}
+#endif /* DEBUG_ASN1D_STATES */
+
+SECStatus
+SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx,
+                      const char *buf, unsigned long len)
+{
+    sec_asn1d_state *state = NULL;
+    unsigned long consumed;
+    SEC_ASN1EncodingPart what;
+    sec_asn1d_state *stateEnd = cx->current;
+
+    if (cx->status == needBytes)
+        cx->status = keepGoing;
+
+    while (cx->status == keepGoing) {
+        state = cx->current;
+        what = SEC_ASN1_Contents;
+        consumed = 0;
+#ifdef DEBUG_ASN1D_STATES
+        printf("\nPLACE = %s, next byte = 0x%02x, %08x[%d]\n",
+               (state->place >= 0 && state->place <= notInUse) ? place_names[state->place] : "(undefined)",
+               len ? (unsigned int)((unsigned char *)buf)[consumed] : 0,
+               buf, consumed);
+        dump_states(cx);
+#endif /* DEBUG_ASN1D_STATES */
+        switch (state->place) {
+            case beforeIdentifier:
+                consumed = sec_asn1d_parse_identifier(state, buf, len);
+                what = SEC_ASN1_Identifier;
+                break;
+            case duringIdentifier:
+                consumed = sec_asn1d_parse_more_identifier(state, buf, len);
+                what = SEC_ASN1_Identifier;
+                break;
+            case afterIdentifier:
+                sec_asn1d_confirm_identifier(state);
+                break;
+            case beforeLength:
+                consumed = sec_asn1d_parse_length(state, buf, len);
+                what = SEC_ASN1_Length;
+                break;
+            case duringLength:
+                consumed = sec_asn1d_parse_more_length(state, buf, len);
+                what = SEC_ASN1_Length;
+                break;
+            case afterLength:
+                sec_asn1d_prepare_for_contents(state);
+                break;
+            case beforeBitString:
+                consumed = sec_asn1d_parse_bit_string(state, buf, len);
+                break;
+            case duringBitString:
+                consumed = sec_asn1d_parse_more_bit_string(state, buf, len);
+                break;
+            case duringConstructedString:
+                sec_asn1d_next_substring(state);
+                break;
+            case duringGroup:
+                sec_asn1d_next_in_group(state);
+                break;
+            case duringLeaf:
+                consumed = sec_asn1d_parse_leaf(state, buf, len);
+                break;
+            case duringSaveEncoding:
+                sec_asn1d_reuse_encoding(state);
+                if (cx->status == decodeError) {
+                    /* recursive call has already popped all states from stack.
+                    ** Bail out quickly.
+                    */
+                    return SECFailure;
+                }
+                if (cx->status == needBytes) {
+                    /* recursive call wanted more data. Fatal. Clean up below. */
+                    PORT_SetError(SEC_ERROR_BAD_DER);
+                    cx->status = decodeError;
+                }
+                break;
+            case duringSequence:
+                sec_asn1d_next_in_sequence(state);
+                break;
+            case afterConstructedString:
+                sec_asn1d_concat_substrings(state);
+                break;
+            case afterExplicit:
+            case afterImplicit:
+            case afterInline:
+            case afterPointer:
+                sec_asn1d_absorb_child(state);
+                break;
+            case afterGroup:
+                sec_asn1d_concat_group(state);
+                break;
+            case afterSaveEncoding:
+                /* SEC_ASN1DecoderUpdate has called itself recursively to
+                ** decode SAVEd encoded data, and now is done decoding that.
+                ** Return to the calling copy of SEC_ASN1DecoderUpdate.
+                */
+                return SECSuccess;
+            case beforeEndOfContents:
+                sec_asn1d_prepare_for_end_of_contents(state);
+                break;
+            case duringEndOfContents:
+                consumed = sec_asn1d_parse_end_of_contents(state, buf, len);
+                what = SEC_ASN1_EndOfContents;
+                break;
+            case afterEndOfContents:
+                sec_asn1d_pop_state(state);
+                break;
+            case beforeChoice:
+                state = sec_asn1d_before_choice(state);
+                break;
+            case duringChoice:
+                state = sec_asn1d_during_choice(state);
+                break;
+            case afterChoice:
+                sec_asn1d_after_choice(state);
+                break;
+            case notInUse:
+            default:
+                /* This is not an error, but rather a plain old BUG! */
+                PORT_Assert(0);
+                PORT_SetError(SEC_ERROR_BAD_DER);
+                cx->status = decodeError;
+                break;
+        }
+
+        if (cx->status == decodeError)
+            break;
+
+        /* We should not consume more than we have.  */
+        PORT_Assert(consumed <= len);
+        if (consumed > len) {
+            PORT_SetError(SEC_ERROR_BAD_DER);
+            cx->status = decodeError;
+            break;
+        }
+
+        /* It might have changed, so we have to update our local copy.  */
+        state = cx->current;
+
+        /* If it is NULL, we have popped all the way to the top.  */
+        if (state == NULL) {
+            PORT_Assert(consumed == 0);
+#if 0 /* XXX I want this here, but it seems that we have situations (like \
+       * downloading a pkcs7 cert chain from some issuers) that give us a \
+       * length which is greater than the entire encoding.  So, we cannot \
+       * have this be an error.                                           \
+       */
+        if (len > 0) {
+        PORT_SetError (SEC_ERROR_BAD_DER);
+        cx->status = decodeError;
+        } else
+#endif
+            cx->status = allDone;
+            break;
+        } else if (state->theTemplate->kind == SEC_ASN1_SKIP_REST) {
+            cx->status = allDone;
+            break;
+        }
+
+        if (consumed == 0)
+            continue;
+
+        /*
+         * The following check is specifically looking for an ANY
+         * that is *not* also an INNER, because we need to save aside
+         * all bytes in that case -- the contents parts will get
+         * handled like all other contents, and the end-of-contents
+         * bytes are added by the concat code, but the outer header
+         * bytes need to get saved too, so we do them explicitly here.
+         */
+        if (state->underlying_kind == SEC_ASN1_ANY && !cx->filter_only && (what == SEC_ASN1_Identifier || what == SEC_ASN1_Length)) {
+            sec_asn1d_record_any_header(state, buf, consumed);
+        }
+
+        /*
+         * We had some number of good, accepted bytes.  If the caller
+         * has registered to see them, pass them along.
+         */
+        if (state->top->filter_proc != NULL) {
+            int depth;
+
+            depth = state->depth;
+            if (what == SEC_ASN1_EndOfContents && !state->indefinite) {
+                PORT_Assert(state->parent != NULL && state->parent->indefinite);
+                depth--;
+                PORT_Assert(depth == state->parent->depth);
+            }
+            (*state->top->filter_proc)(state->top->filter_arg,
+                                       buf, consumed, depth, what);
+        }
+
+        state->consumed += consumed;
+        buf += consumed;
+        len -= consumed;
+    }
+
+    if (cx->status == decodeError) {
+        while (state != NULL && stateEnd->parent != state) {
+            sec_asn1d_free_child(state, PR_TRUE);
+            state = state->parent;
+        }
+#ifdef SEC_ASN1D_FREE_ON_ERROR /*                                           \
+                                * XXX This does not work because we can     \
+                                * end up leaving behind dangling pointers   \
+                                * to stuff that was allocated.  In order    \
+                                * to make this really work (which would     \
+                                * be a good thing, I think), we need to     \
+                                * keep track of every place/pointer that    \
+                                * was allocated and make sure to NULL it    \
+                                * out before we then free back to the mark. \
+                                */
+        if (cx->their_pool != NULL) {
+            PORT_Assert(cx->their_mark != NULL);
+            PORT_ArenaRelease(cx->their_pool, cx->their_mark);
+            cx->their_mark = NULL;
+        }
+#endif
+        return SECFailure;
+    }
+
+#if 0 /* XXX This is what I want, but cannot have because it seems we    \
+       * have situations (like when downloading a pkcs7 cert chain from  \
+       * some issuers) that give us a total length which is greater than \
+       * the entire encoding.  So, we have to allow allDone to have a    \
+       * remaining length greater than zero.  I wanted to catch internal \
+       * bugs with this, noticing when we do not have the right length.  \
+       * Oh well.                                                        \
+       */
+    PORT_Assert (len == 0
+         && (cx->status == needBytes || cx->status == allDone));
+#else
+    PORT_Assert((len == 0 && cx->status == needBytes) || cx->status == allDone);
+#endif
+    return SECSuccess;
+}
+
+SECStatus
+SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx)
+{
+    SECStatus rv;
+
+    if (cx->status == needBytes) {
+        PORT_SetError(SEC_ERROR_BAD_DER);
+        rv = SECFailure;
+    } else {
+        rv = SECSuccess;
+    }
+
+    /*
+     * XXX anything else that needs to be finished?
+     */
+
+    PORT_FreeArena(cx->our_pool, PR_TRUE);
+
+    return rv;
+}
+
+SEC_ASN1DecoderContext *
+SEC_ASN1DecoderStart(PLArenaPool *their_pool, void *dest,
+                     const SEC_ASN1Template *theTemplate)
+{
+    PLArenaPool *our_pool;
+    SEC_ASN1DecoderContext *cx;
+
+    our_pool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (our_pool == NULL)
+        return NULL;
+
+    cx = (SEC_ASN1DecoderContext *)PORT_ArenaZAlloc(our_pool, sizeof(*cx));
+    if (cx == NULL) {
+        PORT_FreeArena(our_pool, PR_FALSE);
+        return NULL;
+    }
+
+    cx->our_pool = our_pool;
+    if (their_pool != NULL) {
+        cx->their_pool = their_pool;
+#ifdef SEC_ASN1D_FREE_ON_ERROR
+        cx->their_mark = PORT_ArenaMark(their_pool);
+#endif
+    }
+
+    cx->status = needBytes;
+
+    if (sec_asn1d_push_state(cx, theTemplate, dest, PR_FALSE) == NULL || sec_asn1d_init_state_based_on_template(cx->current) == NULL) {
+        /*
+         * Trouble initializing (probably due to failed allocations)
+         * requires that we just give up.
+         */
+        PORT_FreeArena(our_pool, PR_FALSE);
+        return NULL;
+    }
+
+    return cx;
+}
+
+void
+SEC_ASN1DecoderSetFilterProc(SEC_ASN1DecoderContext *cx,
+                             SEC_ASN1WriteProc fn, void *arg,
+                             PRBool only)
+{
+    /* check that we are "between" fields here */
+    PORT_Assert(cx->during_notify);
+
+    cx->filter_proc = fn;
+    cx->filter_arg = arg;
+    cx->filter_only = only;
+}
+
+void
+SEC_ASN1DecoderClearFilterProc(SEC_ASN1DecoderContext *cx)
+{
+    /* check that we are "between" fields here */
+    PORT_Assert(cx->during_notify);
+
+    cx->filter_proc = NULL;
+    cx->filter_arg = NULL;
+    cx->filter_only = PR_FALSE;
+}
+
+void
+SEC_ASN1DecoderSetNotifyProc(SEC_ASN1DecoderContext *cx,
+                             SEC_ASN1NotifyProc fn, void *arg)
+{
+    cx->notify_proc = fn;
+    cx->notify_arg = arg;
+}
+
+void
+SEC_ASN1DecoderClearNotifyProc(SEC_ASN1DecoderContext *cx)
+{
+    cx->notify_proc = NULL;
+    cx->notify_arg = NULL; /* not necessary; just being clean */
+}
+
+void
+SEC_ASN1DecoderSetMaximumElementSize(SEC_ASN1DecoderContext *cx,
+                                     unsigned long max_size)
+{
+    cx->max_element_size = max_size;
+}
+
+void
+SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext *cx, int error)
+{
+    PORT_Assert(cx);
+    PORT_SetError(error);
+    cx->status = decodeError;
+}
+
+SECStatus
+SEC_ASN1Decode(PLArenaPool *poolp, void *dest,
+               const SEC_ASN1Template *theTemplate,
+               const char *buf, long len)
+{
+    SEC_ASN1DecoderContext *dcx;
+    SECStatus urv, frv;
+
+    dcx = SEC_ASN1DecoderStart(poolp, dest, theTemplate);
+    if (dcx == NULL)
+        return SECFailure;
+
+    /* In one-shot mode, there's no possibility of streaming data beyond the
+     * length of len */
+    SEC_ASN1DecoderSetMaximumElementSize(dcx, len);
+
+    urv = SEC_ASN1DecoderUpdate(dcx, buf, len);
+    frv = SEC_ASN1DecoderFinish(dcx);
+
+    if (urv != SECSuccess)
+        return urv;
+
+    return frv;
+}
+
+SECStatus
+SEC_ASN1DecodeItem(PLArenaPool *poolp, void *dest,
+                   const SEC_ASN1Template *theTemplate,
+                   const SECItem *src)
+{
+    return SEC_ASN1Decode(poolp, dest, theTemplate,
+                          (const char *)src->data, src->len);
+}
+
+#ifdef DEBUG_ASN1D_STATES
+void
+sec_asn1d_Assert(const char *s, const char *file, PRIntn ln)
+{
+    printf("Assertion failed, \"%s\", file %s, line %d\n", s, file, ln);
+    fflush(stdout);
+}
+#endif
+
+/*
+ * Generic templates for individual/simple items and pointers to
+ * and sets of same.
+ *
+ * If you need to add a new one, please note the following:
+ *   - For each new basic type you should add *four* templates:
+ *  one plain, one PointerTo, one SequenceOf and one SetOf.
+ *   - If the new type can be constructed (meaning, it is a
+ *  *string* type according to BER/DER rules), then you should
+ *  or-in SEC_ASN1_MAY_STREAM to the type in the basic template.
+ *  See the definition of the OctetString template for an example.
+ *   - It may not be obvious, but these are in *alphabetical*
+ *  order based on the SEC_ASN1_XXX name; so put new ones in
+ *  the appropriate place.
+ */
+
+const SEC_ASN1Template SEC_SequenceOfAnyTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_PointerToBitStringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_BitStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfBitStringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_BitStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfBitStringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_BitStringTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToBMPStringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_BMPStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfBMPStringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_BMPStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfBMPStringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_BMPStringTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToBooleanTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_BooleanTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfBooleanTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_BooleanTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfBooleanTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_BooleanTemplate }
+};
+
+#endif
+
+const SEC_ASN1Template SEC_EnumeratedTemplate[] = {
+    { SEC_ASN1_ENUMERATED, 0, NULL, sizeof(SECItem) }
+};
+
+const SEC_ASN1Template SEC_PointerToEnumeratedTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_EnumeratedTemplate }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_SequenceOfEnumeratedTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_EnumeratedTemplate }
+};
+
+#endif
+
+const SEC_ASN1Template SEC_SetOfEnumeratedTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_EnumeratedTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToGeneralizedTimeTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_GeneralizedTimeTemplate }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_SequenceOfGeneralizedTimeTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_GeneralizedTimeTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfGeneralizedTimeTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_GeneralizedTimeTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToIA5StringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_IA5StringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfIA5StringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_IA5StringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfIA5StringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_IA5StringTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToIntegerTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_IntegerTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfIntegerTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_IntegerTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfIntegerTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_IntegerTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToNullTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_NullTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfNullTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_NullTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfNullTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_NullTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToObjectIDTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_ObjectIDTemplate }
+};
+
+#endif
+
+const SEC_ASN1Template SEC_SequenceOfObjectIDTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_ObjectIDTemplate }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_SetOfObjectIDTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_ObjectIDTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfOctetStringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_OctetStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfOctetStringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_OctetStringTemplate }
+};
+
+#endif
+
+const SEC_ASN1Template SEC_PrintableStringTemplate[] = {
+    { SEC_ASN1_PRINTABLE_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_PointerToPrintableStringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_PrintableStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfPrintableStringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_PrintableStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfPrintableStringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_PrintableStringTemplate }
+};
+
+#endif
+
+const SEC_ASN1Template SEC_T61StringTemplate[] = {
+    { SEC_ASN1_T61_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_PointerToT61StringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_T61StringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfT61StringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_T61StringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfT61StringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_T61StringTemplate }
+};
+
+#endif
+
+const SEC_ASN1Template SEC_UniversalStringTemplate[] = {
+    { SEC_ASN1_UNIVERSAL_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_PointerToUniversalStringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_UniversalStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfUniversalStringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_UniversalStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfUniversalStringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_UniversalStringTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToUTCTimeTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_UTCTimeTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfUTCTimeTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_UTCTimeTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfUTCTimeTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_UTCTimeTemplate }
+};
+
+const SEC_ASN1Template SEC_PointerToUTF8StringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_UTF8StringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfUTF8StringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_UTF8StringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfUTF8StringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_UTF8StringTemplate }
+};
+
+#endif
+
+const SEC_ASN1Template SEC_VisibleStringTemplate[] = {
+    { SEC_ASN1_VISIBLE_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+#if 0
+
+const SEC_ASN1Template SEC_PointerToVisibleStringTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_VisibleStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SequenceOfVisibleStringTemplate[] = {
+    { SEC_ASN1_SEQUENCE_OF, 0, SEC_VisibleStringTemplate }
+};
+
+const SEC_ASN1Template SEC_SetOfVisibleStringTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_VisibleStringTemplate }
+};
+
+#endif
+
+/*
+ * Template for skipping a subitem.
+ *
+ * Note that it only makes sense to use this for decoding (when you want
+ * to decode something where you are only interested in one or two of
+ * the fields); you cannot encode a SKIP!
+ */
+const SEC_ASN1Template SEC_SkipTemplate[] = {
+    { SEC_ASN1_SKIP }
+};
+
+/* These functions simply return the address of the above-declared templates.
+** This is necessary for Windows DLLs.  Sigh.
+*/
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_EnumeratedTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToEnumeratedTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SequenceOfAnyTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SequenceOfObjectIDTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SkipTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_UniversalStringTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PrintableStringTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_T61StringTemplate)
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToGeneralizedTimeTemplate)
diff --git a/nss/lib/util/secasn1e.c b/nss/lib/util/secasn1e.c
new file mode 100644
index 0000000..fb3feef
--- /dev/null
+++ b/nss/lib/util/secasn1e.c
@@ -0,0 +1,1568 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support for ENcoding ASN.1 data based on BER/DER (Basic/Distinguished
+ * Encoding Rules).
+ */
+
+#include "secasn1.h"
+
+typedef enum {
+    beforeHeader,
+    duringContents,
+    duringGroup,
+    duringSequence,
+    afterContents,
+    afterImplicit,
+    afterInline,
+    afterPointer,
+    afterChoice,
+    notInUse
+} sec_asn1e_parse_place;
+
+typedef enum {
+    allDone,
+    encodeError,
+    keepGoing,
+    needBytes
+} sec_asn1e_parse_status;
+
+typedef enum {
+    hdr_normal = 0,     /* encode header normally */
+    hdr_any = 1,        /* header already encoded in content */
+    hdr_decoder = 2,    /* template only used by decoder. skip it. */
+    hdr_optional = 3,   /* optional component, to be omitted */
+    hdr_placeholder = 4 /* place holder for from_buf content */
+} sec_asn1e_hdr_encoding;
+
+typedef struct sec_asn1e_state_struct {
+    SEC_ASN1EncoderContext *top;
+    const SEC_ASN1Template *theTemplate;
+    void *src;
+
+    struct sec_asn1e_state_struct *parent; /* aka prev */
+    struct sec_asn1e_state_struct *child;  /* aka next */
+
+    sec_asn1e_parse_place place; /* where we are in encoding process */
+
+    /*
+     * XXX explain the next fields as clearly as possible...
+     */
+    unsigned char tag_modifiers;
+    unsigned char tag_number;
+    unsigned long underlying_kind;
+
+    int depth;
+
+    PRBool isExplicit,     /* we are handling an isExplicit header */
+        indefinite,        /* need end-of-contents */
+        is_string,         /* encoding a simple string or an ANY */
+        may_stream,        /* when streaming, do indefinite encoding */
+        optional,          /* omit field if it has no contents */
+        disallowStreaming; /* disallow streaming in all sub-templates */
+} sec_asn1e_state;
+
+/*
+ * An "outsider" will have an opaque pointer to this, created by calling
+ * SEC_ASN1EncoderStart().  It will be passed back in to all subsequent
+ * calls to SEC_ASN1EncoderUpdate() and related routines, and when done
+ * it is passed to SEC_ASN1EncoderFinish().
+ */
+struct sec_EncoderContext_struct {
+    PLArenaPool *our_pool; /* for our internal allocs */
+
+    sec_asn1e_state *current;
+    sec_asn1e_parse_status status;
+
+    PRBool streaming;
+    PRBool from_buf;
+
+    SEC_ASN1NotifyProc notify_proc; /* call before/after handling field */
+    void *notify_arg;               /* argument to notify_proc */
+    PRBool during_notify;           /* true during call to notify_proc */
+
+    SEC_ASN1WriteProc output_proc; /* pass encoded bytes to this  */
+    void *output_arg;              /* argument to that function */
+};
+
+static sec_asn1e_state *
+sec_asn1e_push_state(SEC_ASN1EncoderContext *cx,
+                     const SEC_ASN1Template *theTemplate,
+                     const void *src, PRBool new_depth)
+{
+    sec_asn1e_state *state, *new_state;
+
+    state = cx->current;
+
+    new_state = (sec_asn1e_state *)PORT_ArenaZAlloc(cx->our_pool,
+                                                    sizeof(*new_state));
+    if (new_state == NULL) {
+        cx->status = encodeError;
+        return NULL;
+    }
+
+    new_state->top = cx;
+    new_state->parent = state;
+    new_state->theTemplate = theTemplate;
+    new_state->place = notInUse;
+    if (src != NULL)
+        new_state->src = (char *)src + theTemplate->offset;
+
+    if (state != NULL) {
+        new_state->depth = state->depth;
+        if (new_depth)
+            new_state->depth++;
+        state->child = new_state;
+    }
+
+    cx->current = new_state;
+    return new_state;
+}
+
+static void
+sec_asn1e_scrub_state(sec_asn1e_state *state)
+{
+    /*
+     * Some default "scrubbing".
+     * XXX right set of initializations?
+     */
+    state->place = beforeHeader;
+    state->indefinite = PR_FALSE;
+}
+
+static void
+sec_asn1e_notify_before(SEC_ASN1EncoderContext *cx, void *src, int depth)
+{
+    if (cx->notify_proc == NULL)
+        return;
+
+    cx->during_notify = PR_TRUE;
+    (*cx->notify_proc)(cx->notify_arg, PR_TRUE, src, depth);
+    cx->during_notify = PR_FALSE;
+}
+
+static void
+sec_asn1e_notify_after(SEC_ASN1EncoderContext *cx, void *src, int depth)
+{
+    if (cx->notify_proc == NULL)
+        return;
+
+    cx->during_notify = PR_TRUE;
+    (*cx->notify_proc)(cx->notify_arg, PR_FALSE, src, depth);
+    cx->during_notify = PR_FALSE;
+}
+
+static sec_asn1e_state *
+sec_asn1e_init_state_based_on_template(sec_asn1e_state *state)
+{
+    PRBool isExplicit, is_string, may_stream, optional, universal;
+    PRBool disallowStreaming;
+    unsigned char tag_modifiers;
+    unsigned long encode_kind, under_kind;
+    unsigned long tag_number;
+    PRBool isInline = PR_FALSE;
+
+    encode_kind = state->theTemplate->kind;
+
+    universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
+                    ? PR_TRUE
+                    : PR_FALSE;
+
+    isExplicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_EXPLICIT;
+
+    optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_OPTIONAL;
+
+    PORT_Assert(!(isExplicit && universal)); /* bad templates */
+
+    may_stream = (encode_kind & SEC_ASN1_MAY_STREAM) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_MAY_STREAM;
+
+    disallowStreaming = (encode_kind & SEC_ASN1_NO_STREAM) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_NO_STREAM;
+
+    /* Just clear this to get it out of the way; we do not need it here */
+    encode_kind &= ~SEC_ASN1_DYNAMIC;
+
+    if (encode_kind & SEC_ASN1_CHOICE) {
+        under_kind = SEC_ASN1_CHOICE;
+    } else if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) ||
+               (!universal && !isExplicit)) {
+        const SEC_ASN1Template *subt;
+        void *src = NULL;
+
+        PORT_Assert((encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) == 0);
+
+        sec_asn1e_scrub_state(state);
+
+        if (encode_kind & SEC_ASN1_POINTER) {
+            src = *(void **)state->src;
+            state->place = afterPointer;
+
+            if (src == NULL) {
+                /*
+                 * If this is optional, but NULL, then the field does
+                 * not need to be encoded.  In this case we are done;
+                 * we do not want to push a subtemplate.
+                 */
+                if (optional)
+                    return state;
+
+                /*
+                 * XXX this is an error; need to figure out
+                 * how to handle this
+                 */
+            }
+        } else {
+            src = state->src;
+            if (encode_kind & SEC_ASN1_INLINE) {
+                /* check that there are no extraneous bits */
+                /* PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional); */
+                state->place = afterInline;
+                isInline = PR_TRUE;
+            } else {
+                /*
+                 * Save the tag modifiers and tag number here before moving
+                 * on to the next state in case this is a member of a
+                 * SEQUENCE OF
+                 */
+                state->tag_modifiers = (unsigned char)(encode_kind & (SEC_ASN1_TAG_MASK & ~SEC_ASN1_TAGNUM_MASK));
+                state->tag_number = (unsigned char)(encode_kind & SEC_ASN1_TAGNUM_MASK);
+
+                state->place = afterImplicit;
+                state->optional = optional;
+            }
+        }
+
+        subt = SEC_ASN1GetSubtemplate(state->theTemplate, state->src, PR_TRUE);
+        if (isInline && optional) {
+            /* we only handle a very limited set of optional inline cases at
+               this time */
+            if (PR_FALSE != SEC_ASN1IsTemplateSimple(subt)) {
+                /* we now know that the target is a SECItem*, so we can check
+                   if the source contains one */
+                SECItem *target = (SECItem *)state->src;
+                if (!target || !target->data || !target->len) {
+                    /* no valid data to encode subtemplate */
+                    return state;
+                }
+            } else {
+                PORT_Assert(0); /* complex templates are not handled as
+                                   inline optional */
+            }
+        }
+        state = sec_asn1e_push_state(state->top, subt, src, PR_FALSE);
+        if (state == NULL)
+            return state;
+
+        if (universal) {
+            /*
+             * This is a POINTER or INLINE; just init based on that
+             * and we are done.
+             */
+            return sec_asn1e_init_state_based_on_template(state);
+        }
+
+        /*
+         * This is an implicit, non-universal (meaning, application-private
+         * or context-specific) field.  This results in a "magic" tag but
+         * encoding based on the underlying type.  We pushed a new state
+         * that is based on the subtemplate (the underlying type), but
+         * now we will sort of alias it to give it some of our properties
+         * (tag, optional status, etc.).
+         *
+         * NB: ALL the following flags in the subtemplate are disallowed
+         *     and/or ignored: EXPLICIT, OPTIONAL, INNER, INLINE, POINTER.
+         */
+
+        under_kind = state->theTemplate->kind;
+        if ((under_kind & SEC_ASN1_MAY_STREAM) && !disallowStreaming) {
+            may_stream = PR_TRUE;
+        }
+        under_kind &= ~(SEC_ASN1_MAY_STREAM | SEC_ASN1_DYNAMIC);
+    } else {
+        under_kind = encode_kind;
+    }
+
+/*
+     * Sanity check that there are no unwanted bits marked in under_kind.
+     * These bits were either removed above (after we recorded them) or
+     * they simply should not be found (signalling a bad/broken template).
+     * XXX is this the right set of bits to test here? (i.e. need to add
+     * or remove any?)
+     */
+#define UNEXPECTED_FLAGS                                                      \
+    (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_SKIP | SEC_ASN1_INNER | \
+     SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM | SEC_ASN1_INLINE | SEC_ASN1_POINTER)
+
+    PORT_Assert((under_kind & UNEXPECTED_FLAGS) == 0);
+    under_kind &= ~UNEXPECTED_FLAGS;
+#undef UNEXPECTED_FLAGS
+
+    if (encode_kind & SEC_ASN1_ANY) {
+        PORT_Assert(encode_kind == under_kind);
+        tag_modifiers = 0;
+        tag_number = 0;
+        is_string = PR_TRUE;
+    } else {
+        tag_modifiers = (unsigned char)(encode_kind & (SEC_ASN1_TAG_MASK & ~SEC_ASN1_TAGNUM_MASK));
+        /*
+         * XXX This assumes only single-octet identifiers.  To handle
+         * the HIGH TAG form we would need to do some more work, especially
+         * in how to specify them in the template, because right now we
+         * do not provide a way to specify more *tag* bits in encode_kind.
+         */
+        tag_number = encode_kind & SEC_ASN1_TAGNUM_MASK;
+
+        is_string = PR_FALSE;
+        switch (under_kind & SEC_ASN1_TAGNUM_MASK) {
+            case SEC_ASN1_SET:
+                /*
+                 * XXX A plain old SET (as opposed to a SET OF) is not implemented.
+                 * If it ever is, remove this assert...
+                 */
+                PORT_Assert((under_kind & SEC_ASN1_GROUP) != 0);
+            /* fallthru */
+            case SEC_ASN1_SEQUENCE:
+                tag_modifiers |= SEC_ASN1_CONSTRUCTED;
+                break;
+            case SEC_ASN1_BIT_STRING:
+            case SEC_ASN1_BMP_STRING:
+            case SEC_ASN1_GENERALIZED_TIME:
+            case SEC_ASN1_IA5_STRING:
+            case SEC_ASN1_OCTET_STRING:
+            case SEC_ASN1_PRINTABLE_STRING:
+            case SEC_ASN1_T61_STRING:
+            case SEC_ASN1_UNIVERSAL_STRING:
+            case SEC_ASN1_UTC_TIME:
+            case SEC_ASN1_UTF8_STRING:
+            case SEC_ASN1_VISIBLE_STRING:
+                /*
+                 * We do not yet know if we will be constructing the string,
+                 * so we have to wait to do this final tag modification.
+                 */
+                is_string = PR_TRUE;
+                break;
+        }
+    }
+
+    state->tag_modifiers = tag_modifiers;
+    state->tag_number = (unsigned char)tag_number;
+    state->underlying_kind = under_kind;
+    state->isExplicit = isExplicit;
+    state->may_stream = may_stream;
+    state->is_string = is_string;
+    state->optional = optional;
+    state->disallowStreaming = disallowStreaming;
+
+    sec_asn1e_scrub_state(state);
+
+    return state;
+}
+
+static void
+sec_asn1e_write_part(sec_asn1e_state *state,
+                     const char *buf, unsigned long len,
+                     SEC_ASN1EncodingPart part)
+{
+    SEC_ASN1EncoderContext *cx;
+
+    cx = state->top;
+    (*cx->output_proc)(cx->output_arg, buf, len, state->depth, part);
+}
+
+/*
+ * XXX This assumes only single-octet identifiers.  To handle
+ * the HIGH TAG form we would need to modify this interface and
+ * teach it to properly encode the special form.
+ */
+static void
+sec_asn1e_write_identifier_bytes(sec_asn1e_state *state, unsigned char value)
+{
+    char byte;
+
+    byte = (char)value;
+    sec_asn1e_write_part(state, &byte, 1, SEC_ASN1_Identifier);
+}
+
+int
+SEC_ASN1EncodeLength(unsigned char *buf, int value)
+{
+    int lenlen;
+
+    lenlen = SEC_ASN1LengthLength(value);
+    if (lenlen == 1) {
+        buf[0] = value;
+    } else {
+        int i;
+
+        i = lenlen - 1;
+        buf[0] = 0x80 | i;
+        while (i) {
+            buf[i--] = value;
+            value >>= 8;
+        }
+        PORT_Assert(value == 0);
+    }
+    return lenlen;
+}
+
+static void
+sec_asn1e_write_length_bytes(sec_asn1e_state *state, unsigned long value,
+                             PRBool indefinite)
+{
+    int lenlen;
+    unsigned char buf[sizeof(unsigned long) + 1];
+
+    if (indefinite) {
+        PORT_Assert(value == 0);
+        buf[0] = 0x80;
+        lenlen = 1;
+    } else {
+        lenlen = SEC_ASN1EncodeLength(buf, value);
+    }
+
+    sec_asn1e_write_part(state, (char *)buf, lenlen, SEC_ASN1_Length);
+}
+
+static void
+sec_asn1e_write_contents_bytes(sec_asn1e_state *state,
+                               const char *buf, unsigned long len)
+{
+    sec_asn1e_write_part(state, buf, len, SEC_ASN1_Contents);
+}
+
+static void
+sec_asn1e_write_end_of_contents_bytes(sec_asn1e_state *state)
+{
+    const char eoc[2] = { 0, 0 };
+
+    sec_asn1e_write_part(state, eoc, 2, SEC_ASN1_EndOfContents);
+}
+
+static int
+sec_asn1e_which_choice(
+    void *src,
+    const SEC_ASN1Template *theTemplate)
+{
+    int rv;
+    unsigned int which = *(unsigned int *)src;
+
+    for (rv = 1, theTemplate++; theTemplate->kind != 0; rv++, theTemplate++) {
+        if (which == theTemplate->size) {
+            return rv;
+        }
+    }
+
+    return 0;
+}
+
+static unsigned long
+sec_asn1e_contents_length(const SEC_ASN1Template *theTemplate, void *src,
+                          PRBool disallowStreaming, PRBool insideIndefinite,
+                          sec_asn1e_hdr_encoding *pHdrException)
+{
+    unsigned long encode_kind, underlying_kind;
+    PRBool isExplicit, optional, universal, may_stream;
+    unsigned long len;
+
+    /*
+     * This function currently calculates the length in all cases
+     * except the following: when writing out the contents of a
+     * template that belongs to a state where it was a sub-template
+     * with the SEC_ASN1_MAY_STREAM bit set and it's parent had the
+     * optional bit set.  The information that the parent is optional
+     * and that we should return the length of 0 when that length is
+     * present since that means the optional field is no longer present.
+     * So we add the disallowStreaming flag which is passed in when
+     * writing the contents, but for all recursive calls to
+     * sec_asn1e_contents_length, we pass PR_FALSE, because this
+     * function correctly calculates the length for children templates
+     * from that point on.  Confused yet?  At least you didn't have
+     * to figure it out.  ;)  -javi
+     */
+    encode_kind = theTemplate->kind;
+
+    universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
+                    ? PR_TRUE
+                    : PR_FALSE;
+
+    isExplicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_EXPLICIT;
+
+    optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_OPTIONAL;
+
+    PORT_Assert(!(isExplicit && universal)); /* bad templates */
+
+    may_stream = (encode_kind & SEC_ASN1_MAY_STREAM) ? PR_TRUE : PR_FALSE;
+    encode_kind &= ~SEC_ASN1_MAY_STREAM;
+
+    /* Just clear this to get it out of the way; we do not need it here */
+    encode_kind &= ~SEC_ASN1_DYNAMIC;
+
+    if (encode_kind & SEC_ASN1_NO_STREAM) {
+        disallowStreaming = PR_TRUE;
+    }
+    encode_kind &= ~SEC_ASN1_NO_STREAM;
+
+    if (encode_kind & SEC_ASN1_CHOICE) {
+        void *src2;
+        int indx = sec_asn1e_which_choice(src, theTemplate);
+        if (0 == indx) {
+            /* XXX set an error? "choice not found" */
+            /* state->top->status = encodeError; */
+            return 0;
+        }
+
+        src2 = (void *)((char *)src - theTemplate->offset + theTemplate[indx].offset);
+
+        return sec_asn1e_contents_length(&theTemplate[indx], src2,
+                                         disallowStreaming, insideIndefinite,
+                                         pHdrException);
+    }
+
+    if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || !universal) {
+        /* XXX any bits we want to disallow (PORT_Assert against) here? */
+        theTemplate = SEC_ASN1GetSubtemplate(theTemplate, src, PR_TRUE);
+        if (encode_kind & SEC_ASN1_POINTER) {
+            src = *(void **)src;
+            if (src == NULL) {
+                *pHdrException = optional ? hdr_optional : hdr_normal;
+                return 0;
+            }
+        } else if (encode_kind & SEC_ASN1_INLINE) {
+            /* check that there are no extraneous bits */
+            if (optional) {
+                if (PR_FALSE != SEC_ASN1IsTemplateSimple(theTemplate)) {
+                    /* we now know that the target is a SECItem*, so we can check
+                       if the source contains one */
+                    SECItem *target = (SECItem *)src;
+                    if (!target || !target->data || !target->len) {
+                        /* no valid data to encode subtemplate */
+                        *pHdrException = hdr_optional;
+                        return 0;
+                    }
+                } else {
+                    PORT_Assert(0); /* complex templates not handled as inline
+                                       optional */
+                }
+            }
+        }
+
+        src = (char *)src + theTemplate->offset;
+
+        /* recurse to find the length of the subtemplate */
+        len = sec_asn1e_contents_length(theTemplate, src, disallowStreaming,
+                                        insideIndefinite, pHdrException);
+        if (len == 0 && optional) {
+            *pHdrException = hdr_optional;
+        } else if (isExplicit) {
+            if (*pHdrException == hdr_any) {
+                /* *we* do not want to add in a header,
+                ** but our caller still does.
+                */
+                *pHdrException = hdr_normal;
+            } else if (*pHdrException == hdr_normal) {
+                /* if the inner content exists, our length is
+                 * len(identifier) + len(length) + len(innercontent)
+                 * XXX we currently assume len(identifier) == 1;
+                 * to support a high-tag-number this would need to be smarter.
+                 */
+                len += 1 + SEC_ASN1LengthLength(len);
+            }
+        }
+        return len;
+    }
+    underlying_kind = encode_kind;
+
+    /* This is only used in decoding; it plays no part in encoding.  */
+    if (underlying_kind & SEC_ASN1_SAVE) {
+        /* check that there are no extraneous bits */
+        PORT_Assert(underlying_kind == SEC_ASN1_SAVE);
+        *pHdrException = hdr_decoder;
+        return 0;
+    }
+
+#define UNEXPECTED_FLAGS                                                          \
+    (SEC_ASN1_EXPLICIT | SEC_ASN1_OPTIONAL | SEC_ASN1_INLINE | SEC_ASN1_POINTER | \
+     SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM | SEC_ASN1_SAVE | SEC_ASN1_SKIP)
+
+    /* Having any of these bits is not expected here...  */
+    PORT_Assert((underlying_kind & UNEXPECTED_FLAGS) == 0);
+    underlying_kind &= ~UNEXPECTED_FLAGS;
+#undef UNEXPECTED_FLAGS
+
+    if (underlying_kind & SEC_ASN1_CHOICE) {
+        void *src2;
+        int indx = sec_asn1e_which_choice(src, theTemplate);
+        if (0 == indx) {
+            /* XXX set an error? "choice not found" */
+            /* state->top->status = encodeError; */
+            return 0;
+        }
+
+        src2 = (void *)((char *)src - theTemplate->offset + theTemplate[indx].offset);
+        len = sec_asn1e_contents_length(&theTemplate[indx], src2,
+                                        disallowStreaming, insideIndefinite,
+                                        pHdrException);
+    } else {
+        switch (underlying_kind) {
+            case SEC_ASN1_SEQUENCE_OF:
+            case SEC_ASN1_SET_OF: {
+                const SEC_ASN1Template *tmpt;
+                void *sub_src;
+                unsigned long sub_len;
+                void **group;
+
+                len = 0;
+
+                group = *(void ***)src;
+                if (group == NULL)
+                    break;
+
+                tmpt = SEC_ASN1GetSubtemplate(theTemplate, src, PR_TRUE);
+
+                for (; *group != NULL; group++) {
+                    sub_src = (char *)(*group) + tmpt->offset;
+                    sub_len = sec_asn1e_contents_length(tmpt, sub_src,
+                                                        disallowStreaming,
+                                                        insideIndefinite,
+                                                        pHdrException);
+                    len += sub_len;
+                    /*
+                     * XXX The 1 below is the presumed length of the identifier;
+                     * to support a high-tag-number this would need to be smarter.
+                     */
+                    if (*pHdrException == hdr_normal)
+                        len += 1 + SEC_ASN1LengthLength(sub_len);
+                }
+            } break;
+
+            case SEC_ASN1_SEQUENCE:
+            case SEC_ASN1_SET: {
+                const SEC_ASN1Template *tmpt;
+                void *sub_src;
+                unsigned long sub_len;
+
+                len = 0;
+                for (tmpt = theTemplate + 1; tmpt->kind; tmpt++) {
+                    sub_src = (char *)src + tmpt->offset;
+                    sub_len = sec_asn1e_contents_length(tmpt, sub_src,
+                                                        disallowStreaming,
+                                                        insideIndefinite,
+                                                        pHdrException);
+                    len += sub_len;
+                    /*
+                     * XXX The 1 below is the presumed length of the identifier;
+                     * to support a high-tag-number this would need to be smarter.
+                     */
+                    if (*pHdrException == hdr_normal)
+                        len += 1 + SEC_ASN1LengthLength(sub_len);
+                }
+            } break;
+
+            case SEC_ASN1_BIT_STRING:
+                /* convert bit length to byte */
+                len = (((SECItem *)src)->len + 7) >> 3;
+                /* bit string contents involve an extra octet */
+                if (len)
+                    len++;
+                break;
+
+            case SEC_ASN1_INTEGER:
+                /* ASN.1 INTEGERs are signed.
+                 * If the source is an unsigned integer, the encoder will need
+                 * to handle the conversion here.
+                 */
+                {
+                    unsigned char *buf = ((SECItem *)src)->data;
+                    SECItemType integerType = ((SECItem *)src)->type;
+                    len = ((SECItem *)src)->len;
+                    while (len > 0) {
+                        if (*buf != 0) {
+                            if (*buf & 0x80 && integerType == siUnsignedInteger) {
+                                len++; /* leading zero needed to make number signed */
+                            }
+                            break; /* reached beginning of number */
+                        }
+                        if (len == 1) {
+                            break; /* the number 0 */
+                        }
+                        if (buf[1] & 0x80) {
+                            break; /* leading zero already present */
+                        }
+                        /* extraneous leading zero, keep going */
+                        buf++;
+                        len--;
+                    }
+                }
+                break;
+
+            default:
+                len = ((SECItem *)src)->len;
+                break;
+        } /* end switch */
+
+#ifndef WHAT_PROBLEM_DOES_THIS_SOLVE
+        /* if we're streaming, we may have a secitem w/len 0 as placeholder */
+        if (!len && insideIndefinite && may_stream && !disallowStreaming) {
+            len = 1;
+        }
+#endif
+    } /* end else */
+
+    if (len == 0 && optional)
+        *pHdrException = hdr_optional;
+    else if (underlying_kind == SEC_ASN1_ANY)
+        *pHdrException = hdr_any;
+    else
+        *pHdrException = hdr_normal;
+
+    return len;
+}
+
+static void
+sec_asn1e_write_header(sec_asn1e_state *state)
+{
+    unsigned long contents_length;
+    unsigned char tag_number, tag_modifiers;
+    sec_asn1e_hdr_encoding hdrException = hdr_normal;
+    PRBool indefinite = PR_FALSE;
+
+    PORT_Assert(state->place == beforeHeader);
+
+    tag_number = state->tag_number;
+    tag_modifiers = state->tag_modifiers;
+
+    if (state->underlying_kind == SEC_ASN1_ANY) {
+        state->place = duringContents;
+        return;
+    }
+
+    if (state->underlying_kind & SEC_ASN1_CHOICE) {
+        int indx = sec_asn1e_which_choice(state->src, state->theTemplate);
+        if (0 == indx) {
+            /* XXX set an error? "choice not found" */
+            state->top->status = encodeError;
+            return;
+        }
+        state->place = afterChoice;
+        state = sec_asn1e_push_state(state->top, &state->theTemplate[indx],
+                                     (char *)state->src - state->theTemplate->offset,
+                                     PR_TRUE);
+        if (state) {
+            /*
+             * Do the "before" field notification.
+             */
+            sec_asn1e_notify_before(state->top, state->src, state->depth);
+            (void)sec_asn1e_init_state_based_on_template(state);
+        }
+        return;
+    }
+
+    /* The !isString test below is apparently intended to ensure that all
+    ** constructed types receive indefinite length encoding.
+    */
+    indefinite = (PRBool)(state->top->streaming && state->may_stream &&
+                          (state->top->from_buf || !state->is_string));
+
+    /*
+     * If we are doing a definite-length encoding, first we have to
+     * walk the data structure to calculate the entire contents length.
+     * If we are doing an indefinite-length encoding, we still need to
+     * know if the contents is:
+     *    optional and to be omitted, or
+     *    an ANY (header is pre-encoded), or
+     *    a SAVE or some other kind of template used only by the decoder.
+     * So, we call this function either way.
+     */
+    contents_length = sec_asn1e_contents_length(state->theTemplate,
+                                                state->src,
+                                                state->disallowStreaming,
+                                                indefinite,
+                                                &hdrException);
+    /*
+     * We might be told explicitly not to put out a header.
+     * But it can also be the case, via a pushed subtemplate, that
+     * sec_asn1e_contents_length could not know that this field is
+     * really optional.  So check for that explicitly, too.
+     */
+    if (hdrException != hdr_normal ||
+        (contents_length == 0 && state->optional)) {
+        state->place = afterContents;
+        if (state->top->streaming &&
+            state->may_stream &&
+            state->top->from_buf) {
+            /* we did not find an optional indefinite string, so we
+             * don't encode it.  However, if TakeFromBuf is on, we stop
+             * here anyway to give our caller a chance to intercept at the
+             * same point where we would stop if the field were present.
+             */
+            state->top->status = needBytes;
+        }
+        return;
+    }
+
+    if (indefinite) {
+        /*
+         * We need to put out an indefinite-length encoding.
+         * The only universal types that can be constructed are SETs,
+         * SEQUENCEs, and strings; so check that it is one of those,
+         * or that it is not universal (e.g. context-specific).
+         */
+        state->indefinite = PR_TRUE;
+        PORT_Assert((tag_number == SEC_ASN1_SET) || (tag_number == SEC_ASN1_SEQUENCE) || ((tag_modifiers & SEC_ASN1_CLASS_MASK) != 0) || state->is_string);
+        tag_modifiers |= SEC_ASN1_CONSTRUCTED;
+        contents_length = 0;
+    }
+
+    sec_asn1e_write_identifier_bytes(state,
+                                     (unsigned char)(tag_number | tag_modifiers));
+    sec_asn1e_write_length_bytes(state, contents_length, state->indefinite);
+
+    if (contents_length == 0 && !state->indefinite) {
+        /*
+         * If no real contents to encode, then we are done with this field.
+         */
+        state->place = afterContents;
+        return;
+    }
+
+    /*
+     * An EXPLICIT is nothing but an outer header, which we have already
+     * written.  Now we need to do the inner header and contents.
+     */
+    if (state->isExplicit) {
+        const SEC_ASN1Template *subt =
+            SEC_ASN1GetSubtemplate(state->theTemplate, state->src, PR_TRUE);
+        state->place = afterContents;
+        state = sec_asn1e_push_state(state->top, subt, state->src, PR_TRUE);
+        if (state != NULL) {
+            (void)sec_asn1e_init_state_based_on_template(state);
+        }
+        return;
+    }
+
+    switch (state->underlying_kind) {
+        case SEC_ASN1_SET_OF:
+        case SEC_ASN1_SEQUENCE_OF:
+            /*
+             * We need to push a child to handle each member.
+             */
+            {
+                void **group;
+                const SEC_ASN1Template *subt;
+
+                group = *(void ***)state->src;
+                if (group == NULL || *group == NULL) {
+                    /*
+                     * Group is empty; we are done.
+                     */
+                    state->place = afterContents;
+                    return;
+                }
+                state->place = duringGroup;
+                subt = SEC_ASN1GetSubtemplate(state->theTemplate, state->src,
+                                              PR_TRUE);
+                state = sec_asn1e_push_state(state->top, subt, *group, PR_TRUE);
+                if (state != NULL) {
+                    (void)sec_asn1e_init_state_based_on_template(state);
+                }
+            }
+            break;
+
+        case SEC_ASN1_SEQUENCE:
+        case SEC_ASN1_SET:
+            /*
+             * We need to push a child to handle the individual fields.
+             */
+            state->place = duringSequence;
+            state = sec_asn1e_push_state(state->top, state->theTemplate + 1,
+                                         state->src, PR_TRUE);
+            if (state != NULL) {
+                /*
+                 * Do the "before" field notification.
+                 */
+                sec_asn1e_notify_before(state->top, state->src, state->depth);
+                (void)sec_asn1e_init_state_based_on_template(state);
+            }
+            break;
+
+        default:
+            /*
+             * I think we do not need to do anything else.
+             * XXX Correct?
+             */
+            state->place = duringContents;
+            break;
+    }
+}
+
+static void
+sec_asn1e_write_contents_from_buf(sec_asn1e_state *state,
+                                  const char *buf, unsigned long len)
+{
+    PORT_Assert(state->place == duringContents);
+    PORT_Assert(state->top->from_buf);
+    PORT_Assert(state->may_stream && !state->disallowStreaming);
+
+    /*
+     * Probably they just turned on "take from buf", but have not
+     * yet given us any bytes.  If there is nothing in the buffer
+     * then we have nothing to do but return and wait.
+     */
+    if (buf == NULL || len == 0) {
+        state->top->status = needBytes;
+        return;
+    }
+    /*
+     * We are streaming, reading from a passed-in buffer.
+     * This means we are encoding a simple string or an ANY.
+     * For the former, we need to put out a substring, with its
+     * own identifier and length.  For an ANY, we just write it
+     * out as is (our caller is required to ensure that it
+     * is a properly encoded entity).
+     */
+    PORT_Assert(state->is_string); /* includes ANY */
+    if (state->underlying_kind != SEC_ASN1_ANY) {
+        unsigned char identifier;
+
+        /*
+         * Create the identifier based on underlying_kind.  We cannot
+         * use tag_number and tag_modifiers because this can be an
+         * implicitly encoded field.  In that case, the underlying
+         * substrings *are* encoded with their real tag.
+         */
+        identifier = (unsigned char)(state->underlying_kind & SEC_ASN1_TAG_MASK);
+        /*
+         * The underlying kind should just be a simple string; there
+         * should be no bits like CONTEXT_SPECIFIC or CONSTRUCTED set.
+         */
+        PORT_Assert((identifier & SEC_ASN1_TAGNUM_MASK) == identifier);
+        /*
+         * Write out the tag and length for the substring.
+         */
+        sec_asn1e_write_identifier_bytes(state, identifier);
+        if (state->underlying_kind == SEC_ASN1_BIT_STRING) {
+            char byte;
+            /*
+             * Assume we have a length in bytes but we need to output
+             * a proper bit string.  This interface only works for bit
+             * strings that are full multiples of 8.  If support for
+             * real, variable length bit strings is needed then the
+             * caller will have to know to pass in a bit length instead
+             * of a byte length and then this code will have to
+             * perform the encoding necessary (length written is length
+             * in bytes plus 1, and the first octet of string is the
+             * number of bits remaining between the end of the bit
+             * string and the next byte boundary).
+             */
+            sec_asn1e_write_length_bytes(state, len + 1, PR_FALSE);
+            byte = 0;
+            sec_asn1e_write_contents_bytes(state, &byte, 1);
+        } else {
+            sec_asn1e_write_length_bytes(state, len, PR_FALSE);
+        }
+    }
+    sec_asn1e_write_contents_bytes(state, buf, len);
+    state->top->status = needBytes;
+}
+
+static void
+sec_asn1e_write_contents(sec_asn1e_state *state)
+{
+    unsigned long len = 0;
+
+    PORT_Assert(state->place == duringContents);
+
+    switch (state->underlying_kind) {
+        case SEC_ASN1_SET:
+        case SEC_ASN1_SEQUENCE:
+            PORT_Assert(0);
+            break;
+
+        case SEC_ASN1_BIT_STRING: {
+            SECItem *item;
+            char rem;
+
+            item = (SECItem *)state->src;
+            len = (item->len + 7) >> 3;
+            rem = (unsigned char)((len << 3) - item->len); /* remaining bits */
+            sec_asn1e_write_contents_bytes(state, &rem, 1);
+            sec_asn1e_write_contents_bytes(state, (char *)item->data, len);
+        } break;
+
+        case SEC_ASN1_BMP_STRING:
+            /* The number of bytes must be divisable by 2 */
+            if ((((SECItem *)state->src)->len) % 2) {
+                SEC_ASN1EncoderContext *cx;
+
+                cx = state->top;
+                cx->status = encodeError;
+                break;
+            }
+            /* otherwise, fall through to write the content */
+            goto process_string;
+
+        case SEC_ASN1_UNIVERSAL_STRING:
+            /* The number of bytes must be divisable by 4 */
+            if ((((SECItem *)state->src)->len) % 4) {
+                SEC_ASN1EncoderContext *cx;
+
+                cx = state->top;
+                cx->status = encodeError;
+                break;
+            }
+            /* otherwise, fall through to write the content */
+            goto process_string;
+
+        case SEC_ASN1_INTEGER:
+            /* ASN.1 INTEGERs are signed.  If the source is an unsigned
+             * integer, the encoder will need to handle the conversion here.
+             */
+            {
+                unsigned int blen;
+                unsigned char *buf;
+                SECItemType integerType;
+                blen = ((SECItem *)state->src)->len;
+                buf = ((SECItem *)state->src)->data;
+                integerType = ((SECItem *)state->src)->type;
+                while (blen > 0) {
+                    if (*buf & 0x80 && integerType == siUnsignedInteger) {
+                        char zero = 0; /* write a leading 0 */
+                        sec_asn1e_write_contents_bytes(state, &zero, 1);
+                        /* and then the remaining buffer */
+                        sec_asn1e_write_contents_bytes(state,
+                                                       (char *)buf, blen);
+                        break;
+                    }
+                    /* Check three possibilities:
+                     * 1.  No leading zeros, msb of MSB is not 1;
+                     * 2.  The number is zero itself;
+                     * 3.  Encoding a signed integer with a leading zero,
+                     *     keep the zero so that the number is positive.
+                     */
+                    if (*buf != 0 ||
+                        blen == 1 ||
+                        (buf[1] & 0x80 && integerType != siUnsignedInteger)) {
+                        sec_asn1e_write_contents_bytes(state,
+                                                       (char *)buf, blen);
+                        break;
+                    }
+                    /* byte is 0, continue */
+                    buf++;
+                    blen--;
+                }
+            }
+            /* done with this content */
+            break;
+
+        process_string:
+        default: {
+            SECItem *item;
+
+            item = (SECItem *)state->src;
+            sec_asn1e_write_contents_bytes(state, (char *)item->data,
+                                           item->len);
+        } break;
+    }
+    state->place = afterContents;
+}
+
+/*
+ * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
+ */
+static void
+sec_asn1e_next_in_group(sec_asn1e_state *state)
+{
+    sec_asn1e_state *child;
+    void **group;
+    void *member;
+
+    PORT_Assert(state->place == duringGroup);
+    PORT_Assert(state->child != NULL);
+
+    child = state->child;
+
+    group = *(void ***)state->src;
+
+    /*
+     * Find placement of current item.
+     */
+    member = (char *)(state->child->src) - child->theTemplate->offset;
+    while (*group != member)
+        group++;
+
+    /*
+     * Move forward to next item.
+     */
+    group++;
+    if (*group == NULL) {
+        /*
+         * That was our last one; we are done now.
+         */
+        child->place = notInUse;
+        state->place = afterContents;
+        return;
+    }
+    child->src = (char *)(*group) + child->theTemplate->offset;
+
+    /*
+     * Re-"push" child.
+     */
+    sec_asn1e_scrub_state(child);
+    state->top->current = child;
+}
+
+/*
+ * We are moving along through a sequence; move forward by one,
+ * (detecting end-of-sequence when it happens).
+ */
+static void
+sec_asn1e_next_in_sequence(sec_asn1e_state *state)
+{
+    sec_asn1e_state *child;
+
+    PORT_Assert(state->place == duringSequence);
+    PORT_Assert(state->child != NULL);
+
+    child = state->child;
+
+    /*
+     * Do the "after" field notification.
+     */
+    sec_asn1e_notify_after(state->top, child->src, child->depth);
+
+    /*
+     * Move forward.
+     */
+    child->theTemplate++;
+    if (child->theTemplate->kind == 0) {
+        /*
+         * We are done with this sequence.
+         */
+        child->place = notInUse;
+        state->place = afterContents;
+        return;
+    }
+
+    /*
+     * Reset state and push.
+     */
+
+    child->src = (char *)state->src + child->theTemplate->offset;
+
+    /*
+     * Do the "before" field notification.
+     */
+    sec_asn1e_notify_before(state->top, child->src, child->depth);
+
+    state->top->current = child;
+    (void)sec_asn1e_init_state_based_on_template(child);
+}
+
+static void
+sec_asn1e_after_contents(sec_asn1e_state *state)
+{
+    PORT_Assert(state->place == afterContents);
+
+    if (state->indefinite)
+        sec_asn1e_write_end_of_contents_bytes(state);
+
+    /*
+     * Just make my parent be the current state.  It will then clean
+     * up after me and free me (or reuse me).
+     */
+    state->top->current = state->parent;
+}
+
+/*
+ * This function is called whether or not we are streaming; if we
+ * *are* streaming, our caller can also instruct us to take bytes
+ * from the passed-in buffer (at buf, for length len, which is likely
+ * bytes but could even mean bits if the current field is a bit string).
+ * If we have been so instructed, we will gobble up bytes from there
+ * (rather than from our src structure) and output them, and then
+ * we will just return, expecting to be called again -- either with
+ * more bytes or after our caller has instructed us that we are done
+ * (for now) with the buffer.
+ */
+SECStatus
+SEC_ASN1EncoderUpdate(SEC_ASN1EncoderContext *cx,
+                      const char *buf, unsigned long len)
+{
+    sec_asn1e_state *state;
+
+    if (cx->status == needBytes) {
+        cx->status = keepGoing;
+    }
+
+    while (cx->status == keepGoing) {
+        state = cx->current;
+        switch (state->place) {
+            case beforeHeader:
+                sec_asn1e_write_header(state);
+                break;
+            case duringContents:
+                if (cx->from_buf)
+                    sec_asn1e_write_contents_from_buf(state, buf, len);
+                else
+                    sec_asn1e_write_contents(state);
+                break;
+            case duringGroup:
+                sec_asn1e_next_in_group(state);
+                break;
+            case duringSequence:
+                sec_asn1e_next_in_sequence(state);
+                break;
+            case afterContents:
+                sec_asn1e_after_contents(state);
+                break;
+            case afterImplicit:
+            case afterInline:
+            case afterPointer:
+            case afterChoice:
+                /*
+                 * These states are more documentation than anything.
+                 * They just need to force a pop.
+                 */
+                PORT_Assert(!state->indefinite);
+                state->place = afterContents;
+                break;
+            case notInUse:
+            default:
+                /* This is not an error, but rather a plain old BUG! */
+                PORT_Assert(0);
+                cx->status = encodeError;
+                break;
+        }
+
+        if (cx->status == encodeError)
+            break;
+
+        /* It might have changed, so we have to update our local copy.  */
+        state = cx->current;
+
+        /* If it is NULL, we have popped all the way to the top.  */
+        if (state == NULL) {
+            cx->status = allDone;
+            break;
+        }
+    }
+
+    if (cx->status == encodeError) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+void
+SEC_ASN1EncoderFinish(SEC_ASN1EncoderContext *cx)
+{
+    /*
+     * XXX anything else that needs to be finished?
+     */
+
+    PORT_FreeArena(cx->our_pool, PR_FALSE);
+}
+
+SEC_ASN1EncoderContext *
+SEC_ASN1EncoderStart(const void *src, const SEC_ASN1Template *theTemplate,
+                     SEC_ASN1WriteProc output_proc, void *output_arg)
+{
+    PLArenaPool *our_pool;
+    SEC_ASN1EncoderContext *cx;
+
+    our_pool = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (our_pool == NULL)
+        return NULL;
+
+    cx = (SEC_ASN1EncoderContext *)PORT_ArenaZAlloc(our_pool, sizeof(*cx));
+    if (cx == NULL) {
+        PORT_FreeArena(our_pool, PR_FALSE);
+        return NULL;
+    }
+
+    cx->our_pool = our_pool;
+    cx->output_proc = output_proc;
+    cx->output_arg = output_arg;
+
+    cx->status = keepGoing;
+
+    if (sec_asn1e_push_state(cx, theTemplate, src, PR_FALSE) == NULL ||
+        sec_asn1e_init_state_based_on_template(cx->current) == NULL) {
+        /*
+         * Trouble initializing (probably due to failed allocations)
+         * requires that we just give up.
+         */
+        PORT_FreeArena(our_pool, PR_FALSE);
+        return NULL;
+    }
+
+    return cx;
+}
+
+/*
+ * XXX Do we need a FilterProc, too?
+ */
+
+void
+SEC_ASN1EncoderSetNotifyProc(SEC_ASN1EncoderContext *cx,
+                             SEC_ASN1NotifyProc fn, void *arg)
+{
+    cx->notify_proc = fn;
+    cx->notify_arg = arg;
+}
+
+void
+SEC_ASN1EncoderClearNotifyProc(SEC_ASN1EncoderContext *cx)
+{
+    cx->notify_proc = NULL;
+    cx->notify_arg = NULL; /* not necessary; just being clean */
+}
+
+void
+SEC_ASN1EncoderAbort(SEC_ASN1EncoderContext *cx, int error)
+{
+    PORT_Assert(cx);
+    PORT_SetError(error);
+    cx->status = encodeError;
+}
+
+void
+SEC_ASN1EncoderSetStreaming(SEC_ASN1EncoderContext *cx)
+{
+    /* XXX is there a way to check that we are "between" fields here? */
+
+    cx->streaming = PR_TRUE;
+}
+
+void
+SEC_ASN1EncoderClearStreaming(SEC_ASN1EncoderContext *cx)
+{
+    /* XXX is there a way to check that we are "between" fields here? */
+
+    cx->streaming = PR_FALSE;
+}
+
+void
+SEC_ASN1EncoderSetTakeFromBuf(SEC_ASN1EncoderContext *cx)
+{
+    /*
+     * XXX is there a way to check that we are "between" fields here?  this
+     * needs to include a check for being in between groups of items in
+     * a SET_OF or SEQUENCE_OF.
+     */
+    PORT_Assert(cx->streaming);
+
+    cx->from_buf = PR_TRUE;
+}
+
+void
+SEC_ASN1EncoderClearTakeFromBuf(SEC_ASN1EncoderContext *cx)
+{
+    /* we should actually be taking from buf *now* */
+    PORT_Assert(cx->from_buf);
+    if (!cx->from_buf) /* if not, just do nothing */
+        return;
+
+    cx->from_buf = PR_FALSE;
+
+    if (cx->status == needBytes) {
+        cx->status = keepGoing;
+        cx->current->place = afterContents;
+    }
+}
+
+SECStatus
+SEC_ASN1Encode(const void *src, const SEC_ASN1Template *theTemplate,
+               SEC_ASN1WriteProc output_proc, void *output_arg)
+{
+    SEC_ASN1EncoderContext *ecx;
+    SECStatus rv;
+
+    ecx = SEC_ASN1EncoderStart(src, theTemplate, output_proc, output_arg);
+    if (ecx == NULL)
+        return SECFailure;
+
+    rv = SEC_ASN1EncoderUpdate(ecx, NULL, 0);
+
+    SEC_ASN1EncoderFinish(ecx);
+    return rv;
+}
+
+/*
+ * XXX depth and data_kind are unused; is there a PC way to silence warnings?
+ * (I mean "politically correct", not anything to do with intel/win platform)
+ */
+static void
+sec_asn1e_encode_item_count(void *arg, const char *buf, unsigned long len,
+                            int depth, SEC_ASN1EncodingPart data_kind)
+{
+    unsigned long *count;
+
+    count = (unsigned long *)arg;
+    PORT_Assert(count != NULL);
+
+    *count += len;
+}
+
+/* XXX depth and data_kind are unused; is there a PC way to silence warnings? */
+static void
+sec_asn1e_encode_item_store(void *arg, const char *buf, unsigned long len,
+                            int depth, SEC_ASN1EncodingPart data_kind)
+{
+    SECItem *dest;
+
+    dest = (SECItem *)arg;
+    PORT_Assert(dest != NULL);
+
+    if (len > 0) {
+        PORT_Memcpy(dest->data + dest->len, buf, len);
+        dest->len += len;
+    }
+}
+
+/*
+ * Allocate an entire SECItem, or just the data part of it, to hold
+ * "len" bytes of stuff.  Allocate from the given pool, if specified,
+ * otherwise just do a vanilla PORT_Alloc.
+ *
+ * XXX This seems like a reasonable general-purpose function (for SECITEM_)?
+ */
+static SECItem *
+sec_asn1e_allocate_item(PLArenaPool *poolp, SECItem *dest, unsigned long len)
+{
+    if (poolp != NULL) {
+        void *release;
+
+        release = PORT_ArenaMark(poolp);
+        if (dest == NULL)
+            dest = (SECItem *)PORT_ArenaAlloc(poolp, sizeof(SECItem));
+        if (dest != NULL) {
+            dest->data = (unsigned char *)PORT_ArenaAlloc(poolp, len);
+            if (dest->data == NULL) {
+                dest = NULL;
+            }
+        }
+        if (dest == NULL) {
+            /* one or both allocations failed; release everything */
+            PORT_ArenaRelease(poolp, release);
+        } else {
+            /* everything okay; unmark the arena */
+            PORT_ArenaUnmark(poolp, release);
+        }
+    } else {
+        SECItem *indest;
+
+        indest = dest;
+        if (dest == NULL)
+            dest = (SECItem *)PORT_Alloc(sizeof(SECItem));
+        if (dest != NULL) {
+            dest->type = siBuffer;
+            dest->data = (unsigned char *)PORT_Alloc(len);
+            if (dest->data == NULL) {
+                if (indest == NULL)
+                    PORT_Free(dest);
+                dest = NULL;
+            }
+        }
+    }
+
+    return dest;
+}
+
+SECItem *
+SEC_ASN1EncodeItem(PLArenaPool *poolp, SECItem *dest, const void *src,
+                   const SEC_ASN1Template *theTemplate)
+{
+    unsigned long encoding_length;
+    SECStatus rv;
+
+    PORT_Assert(dest == NULL || dest->data == NULL);
+
+    encoding_length = 0;
+    rv = SEC_ASN1Encode(src, theTemplate,
+                        sec_asn1e_encode_item_count, &encoding_length);
+    if (rv != SECSuccess)
+        return NULL;
+
+    dest = sec_asn1e_allocate_item(poolp, dest, encoding_length);
+    if (dest == NULL)
+        return NULL;
+
+    /* XXX necessary?  This really just checks for a bug in the allocate fn */
+    PORT_Assert(dest->data != NULL);
+    if (dest->data == NULL)
+        return NULL;
+
+    dest->len = 0;
+    (void)SEC_ASN1Encode(src, theTemplate, sec_asn1e_encode_item_store, dest);
+
+    PORT_Assert(encoding_length == dest->len);
+    return dest;
+}
+
+static SECItem *
+sec_asn1e_integer(PLArenaPool *poolp, SECItem *dest, unsigned long value,
+                  PRBool is_unsigned)
+{
+    unsigned long copy;
+    unsigned char sign;
+    int len = 0;
+
+    /*
+     * Determine the length of the encoded value (minimum of 1).
+     */
+    copy = value;
+    do {
+        len++;
+        sign = (unsigned char)(copy & 0x80);
+        copy >>= 8;
+    } while (copy);
+
+    /*
+     * If 'value' is non-negative, and the high bit of the last
+     * byte we counted was set, we need to add one to the length so
+     * we put a high-order zero byte in the encoding.
+     */
+    if (sign && (is_unsigned || (long)value >= 0))
+        len++;
+
+    /*
+     * Allocate the item (if necessary) and the data pointer within.
+     */
+    dest = sec_asn1e_allocate_item(poolp, dest, len);
+    if (dest == NULL)
+        return NULL;
+
+    /*
+     * Store the value, byte by byte, in the item.
+     */
+    dest->len = len;
+    while (len) {
+        dest->data[--len] = (unsigned char)value;
+        value >>= 8;
+    }
+    PORT_Assert(value == 0);
+
+    return dest;
+}
+
+SECItem *
+SEC_ASN1EncodeInteger(PLArenaPool *poolp, SECItem *dest, long value)
+{
+    return sec_asn1e_integer(poolp, dest, (unsigned long)value, PR_FALSE);
+}
+
+SECItem *
+SEC_ASN1EncodeUnsignedInteger(PLArenaPool *poolp,
+                              SECItem *dest, unsigned long value)
+{
+    return sec_asn1e_integer(poolp, dest, value, PR_TRUE);
+}
diff --git a/nss/lib/util/secasn1t.h b/nss/lib/util/secasn1t.h
new file mode 100644
index 0000000..0d1a6ae
--- /dev/null
+++ b/nss/lib/util/secasn1t.h
@@ -0,0 +1,267 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Types for encoding/decoding of ASN.1 using BER/DER (Basic/Distinguished
+ * Encoding Rules).
+ */
+
+#ifndef _SECASN1T_H_
+#define _SECASN1T_H_
+
+#include "utilrename.h"
+
+/*
+** An array of these structures defines a BER/DER encoding for an object.
+**
+** The array usually starts with a dummy entry whose kind is SEC_ASN1_SEQUENCE;
+** such an array is terminated with an entry where kind == 0.  (An array
+** which consists of a single component does not require a second dummy
+** entry -- the array is only searched as long as previous component(s)
+** instruct it.)
+*/
+typedef struct sec_ASN1Template_struct {
+    /*
+    ** Kind of item being decoded/encoded, including tags and modifiers.
+    */
+    unsigned long kind;
+
+    /*
+    ** The value is the offset from the base of the structure to the
+    ** field that holds the value being decoded/encoded.
+    */
+    unsigned long offset;
+
+    /*
+    ** When kind suggests it (SEC_ASN1_POINTER, SEC_ASN1_GROUP, SEC_ASN1_INLINE,
+    ** or a component that is *not* a SEC_ASN1_UNIVERSAL), this points to
+    ** a sub-template for nested encoding/decoding,
+    ** OR, iff SEC_ASN1_DYNAMIC is set, then this is a pointer to a pointer
+    ** to a function which will return the appropriate template when called
+    ** at runtime.  NOTE! that explicit level of indirection, which is
+    ** necessary because ANSI does not allow you to store a function
+    ** pointer directly as a "void *" so we must store it separately and
+    ** dereference it to get at the function pointer itself.
+    */
+    const void *sub;
+
+    /*
+    ** In the first element of a template array, the value is the size
+    ** of the structure to allocate when this template is being referenced
+    ** by another template via SEC_ASN1_POINTER or SEC_ASN1_GROUP.
+    ** In all other cases, the value is ignored.
+    */
+    unsigned int size;
+} SEC_ASN1Template;
+
+/* default size used for allocation of encoding/decoding stuff */
+/* XXX what is the best value here? */
+#define SEC_ASN1_DEFAULT_ARENA_SIZE (2048)
+
+/*
+** BER/DER values for ASN.1 identifier octets.
+*/
+#define SEC_ASN1_TAG_MASK 0xff
+
+/*
+ * BER/DER universal type tag numbers.
+ * The values are defined by the X.208 standard; do not change them!
+ * NOTE: if you add anything to this list, you must add code to secasn1d.c
+ * to accept the tag, and probably also to secasn1e.c to encode it.
+ * XXX It appears some have been added recently without being added to
+ * the code; so need to go through the list now and double-check them all.
+ * (Look especially at those added in revision 1.10.)
+ */
+#define SEC_ASN1_TAGNUM_MASK 0x1f
+#define SEC_ASN1_BOOLEAN 0x01
+#define SEC_ASN1_INTEGER 0x02
+#define SEC_ASN1_BIT_STRING 0x03
+#define SEC_ASN1_OCTET_STRING 0x04
+#define SEC_ASN1_NULL 0x05
+#define SEC_ASN1_OBJECT_ID 0x06
+#define SEC_ASN1_OBJECT_DESCRIPTOR 0x07
+/* External type and instance-of type   0x08 */
+#define SEC_ASN1_REAL 0x09
+#define SEC_ASN1_ENUMERATED 0x0a
+#define SEC_ASN1_EMBEDDED_PDV 0x0b
+#define SEC_ASN1_UTF8_STRING 0x0c
+/*                                      0x0d */
+/*                                      0x0e */
+/*                                      0x0f */
+#define SEC_ASN1_SEQUENCE 0x10
+#define SEC_ASN1_SET 0x11
+#define SEC_ASN1_NUMERIC_STRING 0x12
+#define SEC_ASN1_PRINTABLE_STRING 0x13
+#define SEC_ASN1_T61_STRING 0x14
+#define SEC_ASN1_VIDEOTEX_STRING 0x15
+#define SEC_ASN1_IA5_STRING 0x16
+#define SEC_ASN1_UTC_TIME 0x17
+#define SEC_ASN1_GENERALIZED_TIME 0x18
+#define SEC_ASN1_GRAPHIC_STRING 0x19
+#define SEC_ASN1_VISIBLE_STRING 0x1a
+#define SEC_ASN1_GENERAL_STRING 0x1b
+#define SEC_ASN1_UNIVERSAL_STRING 0x1c
+/*                                      0x1d */
+#define SEC_ASN1_BMP_STRING 0x1e
+#define SEC_ASN1_HIGH_TAG_NUMBER 0x1f
+#define SEC_ASN1_TELETEX_STRING SEC_ASN1_T61_STRING
+
+/*
+** Modifiers to type tags.  These are also specified by a/the
+** standard, and must not be changed.
+*/
+
+#define SEC_ASN1_METHOD_MASK 0x20
+#define SEC_ASN1_PRIMITIVE 0x00
+#define SEC_ASN1_CONSTRUCTED 0x20
+
+#define SEC_ASN1_CLASS_MASK 0xc0
+#define SEC_ASN1_UNIVERSAL 0x00
+#define SEC_ASN1_APPLICATION 0x40
+#define SEC_ASN1_CONTEXT_SPECIFIC 0x80
+#define SEC_ASN1_PRIVATE 0xc0
+
+/*
+** Our additions, used for templates.
+** These are not defined by any standard; the values are used internally only.
+** Just be careful to keep them out of the low 8 bits.
+** XXX finish comments
+*/
+#define SEC_ASN1_OPTIONAL 0x00100
+#define SEC_ASN1_EXPLICIT 0x00200
+#define SEC_ASN1_ANY 0x00400
+#define SEC_ASN1_INLINE 0x00800
+#define SEC_ASN1_POINTER 0x01000
+#define SEC_ASN1_GROUP 0x02000        /* with SET or SEQUENCE means \
+                                       * SET OF or SEQUENCE OF */
+#define SEC_ASN1_DYNAMIC 0x04000      /* subtemplate is found by calling \
+                                       * a function at runtime */
+#define SEC_ASN1_SKIP 0x08000         /* skip a field; only for decoding */
+#define SEC_ASN1_INNER 0x10000        /* with ANY means capture the      \
+                                       * contents only (not the id, len, \
+                                       * or eoc); only for decoding */
+#define SEC_ASN1_SAVE 0x20000         /* stash away the encoded bytes first; \
+                                       * only for decoding */
+#define SEC_ASN1_MAY_STREAM 0x40000   /* field or one of its sub-fields may \
+                                       * stream in and so should encode as  \
+                                       * indefinite-length when streaming   \
+                                       * has been indicated; only for       \
+                                       * encoding */
+#define SEC_ASN1_SKIP_REST 0x80000    /* skip all following fields; \
+                                         only for decoding */
+#define SEC_ASN1_CHOICE 0x100000      /* pick one from a template */
+#define SEC_ASN1_NO_STREAM 0X200000   /* This entry will not stream          \
+                                         even if the sub-template says       \
+                                         streaming is possible.  Helps       \
+                                         to solve ambiguities with potential \
+                                         streaming entries that are          \
+                                         optional */
+#define SEC_ASN1_DEBUG_BREAK 0X400000 /* put this in your template and the \
+                                         decoder will assert when it       \
+                                         processes it. Only for use with   \
+                                         SEC_QuickDERDecodeItem */
+
+/* Shorthand/Aliases */
+#define SEC_ASN1_SEQUENCE_OF (SEC_ASN1_GROUP | SEC_ASN1_SEQUENCE)
+#define SEC_ASN1_SET_OF (SEC_ASN1_GROUP | SEC_ASN1_SET)
+#define SEC_ASN1_ANY_CONTENTS (SEC_ASN1_ANY | SEC_ASN1_INNER)
+
+/* Maximum depth of nested SEQUENCEs and SETs */
+#define SEC_ASN1D_MAX_DEPTH 32
+
+/*
+** Function used for SEC_ASN1_DYNAMIC.
+** "arg" is a pointer to the structure being encoded/decoded
+** "enc", when true, means that we are encoding (false means decoding)
+*/
+typedef const SEC_ASN1Template *SEC_ASN1TemplateChooser(void *arg, PRBool enc);
+typedef SEC_ASN1TemplateChooser *SEC_ASN1TemplateChooserPtr;
+
+#if defined(_WIN32) || defined(ANDROID)
+#define SEC_ASN1_GET(x) NSS_Get_##x(NULL, PR_FALSE)
+#define SEC_ASN1_SUB(x) &p_NSS_Get_##x
+#define SEC_ASN1_XTRN SEC_ASN1_DYNAMIC
+#define SEC_ASN1_MKSUB(x) \
+    static const SEC_ASN1TemplateChooserPtr p_NSS_Get_##x = &NSS_Get_##x;
+#else
+#define SEC_ASN1_GET(x) x
+#define SEC_ASN1_SUB(x) x
+#define SEC_ASN1_XTRN 0
+#define SEC_ASN1_MKSUB(x)
+#endif
+
+#define SEC_ASN1_CHOOSER_DECLARE(x) \
+    extern const SEC_ASN1Template *NSS_Get_##x(void *arg, PRBool enc);
+
+#define SEC_ASN1_CHOOSER_IMPLEMENT(x)                          \
+    const SEC_ASN1Template *NSS_Get_##x(void *arg, PRBool enc) \
+    {                                                          \
+        return x;                                              \
+    }
+
+/*
+** Opaque object used by the decoder to store state.
+*/
+typedef struct sec_DecoderContext_struct SEC_ASN1DecoderContext;
+
+/*
+** Opaque object used by the encoder to store state.
+*/
+typedef struct sec_EncoderContext_struct SEC_ASN1EncoderContext;
+
+/*
+ * This is used to describe to a filter function the bytes that are
+ * being passed to it.  This is only useful when the filter is an "outer"
+ * one, meaning it expects to get *all* of the bytes not just the
+ * contents octets.
+ */
+typedef enum {
+    SEC_ASN1_Identifier = 0,
+    SEC_ASN1_Length = 1,
+    SEC_ASN1_Contents = 2,
+    SEC_ASN1_EndOfContents = 3
+} SEC_ASN1EncodingPart;
+
+/*
+ * Type of the function pointer used either for decoding or encoding,
+ * when doing anything "funny" (e.g. manipulating the data stream)
+ */
+typedef void (*SEC_ASN1NotifyProc)(void *arg, PRBool before,
+                                   void *dest, int real_depth);
+
+/*
+ * Type of the function pointer used for grabbing encoded bytes.
+ * This can be used during either encoding or decoding, as follows...
+ *
+ * When decoding, this can be used to filter the encoded bytes as they
+ * are parsed.  This is what you would do if you wanted to process the data
+ * along the way (like to decrypt it, or to perform a hash on it in order
+ * to do a signature check later).  See SEC_ASN1DecoderSetFilterProc().
+ * When processing only part of the encoded bytes is desired, you "watch"
+ * for the field(s) you are interested in with a "notify proc" (see
+ * SEC_ASN1DecoderSetNotifyProc()) and for even finer granularity (e.g. to
+ * ignore all by the contents bytes) you pay attention to the "data_kind"
+ * parameter.
+ *
+ * When encoding, this is the specification for the output function which
+ * will receive the bytes as they are encoded.  The output function can
+ * perform any postprocessing necessary (like hashing (some of) the data
+ * to create a digest that gets included at the end) as well as shoving
+ * the data off wherever it needs to go.  (In order to "tune" any processing,
+ * you can set a "notify proc" as described above in the decoding case.)
+ *
+ * The parameters:
+ * - "arg" is an opaque pointer that you provided at the same time you
+ *   specified a function of this type
+ * - "data" is a buffer of length "len", containing the encoded bytes
+ * - "depth" is how deep in a nested encoding we are (it is not usually
+ *   valuable, but can be useful sometimes so I included it)
+ * - "data_kind" tells you if these bytes are part of the ASN.1 encoded
+ *   octets for identifier, length, contents, or end-of-contents
+ */
+typedef void (*SEC_ASN1WriteProc)(void *arg,
+                                  const char *data, unsigned long len,
+                                  int depth, SEC_ASN1EncodingPart data_kind);
+
+#endif /* _SECASN1T_H_ */
diff --git a/nss/lib/util/secasn1u.c b/nss/lib/util/secasn1u.c
new file mode 100644
index 0000000..7d086fb
--- /dev/null
+++ b/nss/lib/util/secasn1u.c
@@ -0,0 +1,94 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Utility routines to complement the ASN.1 encoding and decoding functions.
+ */
+
+#include "secasn1.h"
+
+/*
+ * We have a length that needs to be encoded; how many bytes will the
+ * encoding take?
+ *
+ * The rules are that 0 - 0x7f takes one byte (the length itself is the
+ * entire encoding); everything else takes one plus the number of bytes
+ * in the length.
+ */
+int
+SEC_ASN1LengthLength(unsigned long len)
+{
+    int lenlen = 1;
+
+    if (len > 0x7f) {
+        do {
+            lenlen++;
+            len >>= 8;
+        } while (len);
+    }
+
+    return lenlen;
+}
+
+/*
+ * XXX Move over (and rewrite as appropriate) the rest of the
+ * stuff in dersubr.c!
+ */
+
+/*
+ * Find the appropriate subtemplate for the given template.
+ * This may involve calling a "chooser" function, or it may just
+ * be right there.  In either case, it is expected to *have* a
+ * subtemplate; this is asserted in debug builds (in non-debug
+ * builds, NULL will be returned).
+ *
+ * "thing" is a pointer to the structure being encoded/decoded
+ * "encoding", when true, means that we are in the process of encoding
+ *	(as opposed to in the process of decoding)
+ */
+const SEC_ASN1Template *
+SEC_ASN1GetSubtemplate(const SEC_ASN1Template *theTemplate, void *thing,
+                       PRBool encoding)
+{
+    const SEC_ASN1Template *subt = NULL;
+
+    PORT_Assert(theTemplate->sub != NULL);
+    if (theTemplate->sub != NULL) {
+        if (theTemplate->kind & SEC_ASN1_DYNAMIC) {
+            SEC_ASN1TemplateChooserPtr chooserp;
+
+            chooserp = *(SEC_ASN1TemplateChooserPtr *)theTemplate->sub;
+            if (chooserp) {
+                if (thing != NULL)
+                    thing = (char *)thing - theTemplate->offset;
+                subt = (*chooserp)(thing, encoding);
+            }
+        } else {
+            subt = (SEC_ASN1Template *)theTemplate->sub;
+        }
+    }
+    return subt;
+}
+
+PRBool
+SEC_ASN1IsTemplateSimple(const SEC_ASN1Template *theTemplate)
+{
+    if (!theTemplate) {
+        return PR_TRUE; /* it doesn't get any simpler than NULL */
+    }
+    /* only templates made of one primitive type or a choice of primitive
+       types are considered simple */
+    if (!(theTemplate->kind & (~SEC_ASN1_TAGNUM_MASK))) {
+        return PR_TRUE; /* primitive type */
+    }
+    if (!(theTemplate->kind & SEC_ASN1_CHOICE)) {
+        return PR_FALSE; /* no choice means not simple */
+    }
+    while (++theTemplate && theTemplate->kind) {
+        if (theTemplate->kind & (~SEC_ASN1_TAGNUM_MASK)) {
+            return PR_FALSE; /* complex type */
+        }
+    }
+    return PR_TRUE; /* choice of primitive types */
+}
diff --git a/nss/lib/util/seccomon.h b/nss/lib/util/seccomon.h
new file mode 100644
index 0000000..edd5c53
--- /dev/null
+++ b/nss/lib/util/seccomon.h
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * seccomon.h - common data structures for security libraries
+ *
+ * This file should have lowest-common-denominator datastructures
+ * for security libraries.  It should not be dependent on any other
+ * headers, and should not require linking with any libraries.
+ */
+
+#ifndef _SECCOMMON_H_
+#define _SECCOMMON_H_
+
+#include "utilrename.h"
+#include "prtypes.h"
+
+#ifdef __cplusplus
+#define SEC_BEGIN_PROTOS extern "C" {
+#define SEC_END_PROTOS }
+#else
+#define SEC_BEGIN_PROTOS
+#define SEC_END_PROTOS
+#endif
+
+#include "secport.h"
+
+typedef enum {
+    siBuffer = 0,
+    siClearDataBuffer = 1,
+    siCipherDataBuffer = 2,
+    siDERCertBuffer = 3,
+    siEncodedCertBuffer = 4,
+    siDERNameBuffer = 5,
+    siEncodedNameBuffer = 6,
+    siAsciiNameString = 7,
+    siAsciiString = 8,
+    siDEROID = 9,
+    siUnsignedInteger = 10,
+    siUTCTime = 11,
+    siGeneralizedTime = 12,
+    siVisibleString = 13,
+    siUTF8String = 14,
+    siBMPString = 15
+} SECItemType;
+
+typedef struct SECItemStr SECItem;
+
+struct SECItemStr {
+    SECItemType type;
+    unsigned char *data;
+    unsigned int len;
+};
+
+typedef struct SECItemArrayStr SECItemArray;
+
+struct SECItemArrayStr {
+    SECItem *items;
+    unsigned int len;
+};
+
+/*
+** A status code. Status's are used by procedures that return status
+** values. Again the motivation is so that a compiler can generate
+** warnings when return values are wrong. Correct testing of status codes:
+**
+**  SECStatus rv;
+**  rv = some_function (some_argument);
+**  if (rv != SECSuccess)
+**      do_an_error_thing();
+**
+*/
+typedef enum _SECStatus {
+    SECWouldBlock = -2,
+    SECFailure = -1,
+    SECSuccess = 0
+} SECStatus;
+
+/*
+** A comparison code. Used for procedures that return comparision
+** values. Again the motivation is so that a compiler can generate
+** warnings when return values are wrong.
+*/
+typedef enum _SECComparison {
+    SECLessThan = -1,
+    SECEqual = 0,
+    SECGreaterThan = 1
+} SECComparison;
+
+#endif /* _SECCOMMON_H_ */
diff --git a/nss/lib/util/secder.h b/nss/lib/util/secder.h
new file mode 100644
index 0000000..dbc3580
--- /dev/null
+++ b/nss/lib/util/secder.h
@@ -0,0 +1,172 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECDER_H_
+#define _SECDER_H_
+
+#include "utilrename.h"
+
+/*
+ * secder.h - public data structures and prototypes for the DER encoding and
+ *        decoding utilities library
+ */
+
+#include <time.h>
+
+#include "plarena.h"
+#include "prlong.h"
+
+#include "seccomon.h"
+#include "secdert.h"
+#include "prtime.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+** Encode a data structure into DER.
+**  "dest" will be filled in (and memory allocated) to hold the der
+**     encoded structure in "src"
+**  "t" is a template structure which defines the shape of the
+**     stored data
+**  "src" is a pointer to the structure that will be encoded
+*/
+extern SECStatus DER_Encode(PLArenaPool *arena, SECItem *dest, DERTemplate *t,
+                            void *src);
+
+extern SECStatus DER_Lengths(SECItem *item, int *header_len_p,
+                             PRUint32 *contents_len_p);
+
+/*
+** Lower level der subroutine that stores the standard header into "to".
+** The header is of variable length, based on encodingLen.
+** The return value is the new value of "to" after skipping over the header.
+**  "to" is where the header will be stored
+**  "code" is the der code to write
+**  "encodingLen" is the number of bytes of data that will follow
+**     the header
+*/
+extern unsigned char *DER_StoreHeader(unsigned char *to, unsigned int code,
+                                      PRUint32 encodingLen);
+
+/*
+** Return the number of bytes it will take to hold a der encoded length.
+*/
+extern int DER_LengthLength(PRUint32 len);
+
+/*
+** Store a der encoded *signed* integer (whose value is "src") into "dst".
+** XXX This should really be enhanced to take a long.
+*/
+extern SECStatus DER_SetInteger(PLArenaPool *arena, SECItem *dst, PRInt32 src);
+
+/*
+** Store a der encoded *unsigned* integer (whose value is "src") into "dst".
+** XXX This should really be enhanced to take an unsigned long.
+*/
+extern SECStatus DER_SetUInteger(PLArenaPool *arena, SECItem *dst, PRUint32 src);
+
+/*
+** Decode a der encoded *signed* integer that is stored in "src".
+** If "-1" is returned, then the caller should check the error in
+** XP_GetError() to see if an overflow occurred (SEC_ERROR_BAD_DER).
+*/
+extern long DER_GetInteger(const SECItem *src);
+
+/*
+** Decode a der encoded *unsigned* integer that is stored in "src".
+** If the ULONG_MAX is returned, then the caller should check the error
+** in XP_GetError() to see if an overflow occurred (SEC_ERROR_BAD_DER).
+*/
+extern unsigned long DER_GetUInteger(SECItem *src);
+
+/*
+** Convert an NSPR time value to a der encoded time value.
+**  "result" is the der encoded time (memory is allocated)
+**  "time" is the NSPR time value (Since Jan 1st, 1970).
+**      time must be on or after January 1, 1950, and
+**      before January 1, 2050
+** The caller is responsible for freeing up the buffer which
+** result->data points to upon a successful operation.
+*/
+extern SECStatus DER_TimeToUTCTime(SECItem *result, PRTime time);
+extern SECStatus DER_TimeToUTCTimeArena(PLArenaPool *arenaOpt,
+                                        SECItem *dst, PRTime gmttime);
+
+/*
+** Convert an ascii encoded time value (according to DER rules) into
+** an NSPR time value.
+**  "result" the resulting NSPR time
+**  "string" the der notation ascii value to decode
+*/
+extern SECStatus DER_AsciiToTime(PRTime *result, const char *string);
+
+/*
+** Same as DER_AsciiToTime except takes an SECItem instead of a string
+*/
+extern SECStatus DER_UTCTimeToTime(PRTime *result, const SECItem *time);
+
+/*
+** Convert a DER encoded UTC time to an ascii time representation
+** "utctime" is the DER encoded UTC time to be converted. The
+** caller is responsible for deallocating the returned buffer.
+*/
+extern char *DER_UTCTimeToAscii(SECItem *utcTime);
+
+/*
+** Convert a DER encoded UTC time to an ascii time representation, but only
+** include the day, not the time.
+**  "utctime" is the DER encoded UTC time to be converted.
+** The caller is responsible for deallocating the returned buffer.
+*/
+extern char *DER_UTCDayToAscii(SECItem *utctime);
+/* same thing for DER encoded GeneralizedTime */
+extern char *DER_GeneralizedDayToAscii(SECItem *gentime);
+/* same thing for either DER UTCTime or GeneralizedTime */
+extern char *DER_TimeChoiceDayToAscii(SECItem *timechoice);
+
+/*
+** Convert a PRTime to a DER encoded Generalized time
+** gmttime must be on or after January 1, year 1 and
+** before January 1, 10000.
+*/
+extern SECStatus DER_TimeToGeneralizedTime(SECItem *dst, PRTime gmttime);
+extern SECStatus DER_TimeToGeneralizedTimeArena(PLArenaPool *arenaOpt,
+                                                SECItem *dst, PRTime gmttime);
+
+/*
+** Convert a DER encoded Generalized time value into an NSPR time value.
+**  "dst" the resulting NSPR time
+**  "string" the der notation ascii value to decode
+*/
+extern SECStatus DER_GeneralizedTimeToTime(PRTime *dst, const SECItem *time);
+
+/*
+** Convert from a PRTime UTC time value to a formatted ascii value. The
+** caller is responsible for deallocating the returned buffer.
+*/
+extern char *CERT_UTCTime2FormattedAscii(PRTime utcTime, char *format);
+#define CERT_GeneralizedTime2FormattedAscii CERT_UTCTime2FormattedAscii
+
+/*
+** Convert from a PRTime Generalized time value to a formatted ascii value. The
+** caller is responsible for deallocating the returned buffer.
+*/
+extern char *CERT_GenTime2FormattedAscii(PRTime genTime, char *format);
+
+/*
+** decode a SECItem containing either a SEC_ASN1_GENERALIZED_TIME
+** or a SEC_ASN1_UTC_TIME
+*/
+
+extern SECStatus DER_DecodeTimeChoice(PRTime *output, const SECItem *input);
+
+/* encode a PRTime to an ASN.1 DER SECItem containing either a
+   SEC_ASN1_GENERALIZED_TIME or a SEC_ASN1_UTC_TIME */
+
+extern SECStatus DER_EncodeTimeChoice(PLArenaPool *arena, SECItem *output,
+                                      PRTime input);
+
+SEC_END_PROTOS
+
+#endif /* _SECDER_H_ */
diff --git a/nss/lib/util/secdert.h b/nss/lib/util/secdert.h
new file mode 100644
index 0000000..de67eaf
--- /dev/null
+++ b/nss/lib/util/secdert.h
@@ -0,0 +1,129 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECDERT_H_
+#define _SECDERT_H_
+/*
+ * secdert.h - public data structures for the DER encoding and
+ *             decoding utilities library
+ */
+
+#include "utilrename.h"
+#include "seccomon.h"
+
+typedef struct DERTemplateStr DERTemplate;
+
+/*
+** An array of these structures defines an encoding for an object using DER.
+** The array usually starts with a dummy entry whose kind is DER_SEQUENCE;
+** such an array is terminated with an entry where kind == 0.  (An array
+** which consists of a single component does not require a second dummy
+** entry -- the array is only searched as long as previous component(s)
+** instruct it.)
+*/
+struct DERTemplateStr {
+    /*
+    ** Kind of item being decoded/encoded, including tags and modifiers.
+    */
+    unsigned long kind;
+
+    /*
+    ** Offset from base of structure to field that holds the value
+    ** being decoded/encoded.
+    */
+    unsigned int offset;
+
+    /*
+    ** When kind suggests it (DER_POINTER, DER_INDEFINITE, DER_INLINE),
+    ** this points to a sub-template for nested encoding/decoding.
+    */
+    DERTemplate *sub;
+
+    /*
+    ** Argument value, dependent on "kind" and/or template placement
+    ** within an array of templates:
+    **  - In the first element of a template array, the value is the
+    **    size of the structure to allocate when this template is being
+    **    referenced by another template via DER_POINTER or DER_INDEFINITE.
+    **  - In a component of a DER_SET or DER_SEQUENCE which is *not* a
+    **    DER_UNIVERSAL type (that is, it has a class tag for either
+    **    DER_APPLICATION, DER_CONTEXT_SPECIFIC, or DER_PRIVATE), the
+    **    value is the underlying type of item being decoded/encoded.
+    */
+    unsigned long arg;
+};
+
+/************************************************************************/
+
+/* default chunksize for arenas used for DER stuff */
+#define DER_DEFAULT_CHUNKSIZE (2048)
+
+/*
+** BER/DER values for ASN.1 identifier octets.
+*/
+#define DER_TAG_MASK 0xff
+
+/*
+ * BER/DER universal type tag numbers.
+ * The values are defined by the X.208 standard; do not change them!
+ * NOTE: if you add anything to this list, you must add code to derdec.c
+ * to accept the tag, and probably also to derenc.c to encode it.
+ */
+#define DER_TAGNUM_MASK 0x1f
+#define DER_BOOLEAN 0x01
+#define DER_INTEGER 0x02
+#define DER_BIT_STRING 0x03
+#define DER_OCTET_STRING 0x04
+#define DER_NULL 0x05
+#define DER_OBJECT_ID 0x06
+#define DER_SEQUENCE 0x10
+#define DER_SET 0x11
+#define DER_PRINTABLE_STRING 0x13
+#define DER_T61_STRING 0x14
+#define DER_IA5_STRING 0x16
+#define DER_UTC_TIME 0x17
+#define DER_VISIBLE_STRING 0x1a
+#define DER_HIGH_TAG_NUMBER 0x1f
+
+/*
+** Modifiers to type tags.  These are also specified by a/the
+** standard, and must not be changed.
+*/
+
+#define DER_METHOD_MASK 0x20
+#define DER_PRIMITIVE 0x00
+#define DER_CONSTRUCTED 0x20
+
+#define DER_CLASS_MASK 0xc0
+#define DER_UNIVERSAL 0x00
+#define DER_APPLICATION 0x40
+#define DER_CONTEXT_SPECIFIC 0x80
+#define DER_PRIVATE 0xc0
+
+/*
+** Our additions, used for templates.
+** These are not defined by any standard; the values are used internally only.
+** Just be careful to keep them out of the low 8 bits.
+*/
+#define DER_OPTIONAL 0x00100
+#define DER_EXPLICIT 0x00200
+#define DER_ANY 0x00400
+#define DER_INLINE 0x00800
+#define DER_POINTER 0x01000
+#define DER_INDEFINITE 0x02000
+#define DER_DERPTR 0x04000
+#define DER_SKIP 0x08000
+#define DER_FORCE 0x10000
+#define DER_OUTER 0x40000 /* for DER_DERPTR */
+
+/*
+** Macro to convert der decoded bit string into a decoded octet
+** string. All it needs to do is fiddle with the length code.
+*/
+#define DER_ConvertBitString(item)            \
+    {                                         \
+        (item)->len = ((item)->len + 7) >> 3; \
+    }
+
+#endif /* _SECDERT_H_ */
diff --git a/nss/lib/util/secdig.c b/nss/lib/util/secdig.c
new file mode 100644
index 0000000..f4deec5
--- /dev/null
+++ b/nss/lib/util/secdig.c
@@ -0,0 +1,182 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "secdig.h"
+
+#include "secoid.h"
+#include "secasn1.h"
+#include "secerr.h"
+
+/*
+ * XXX Want to have a SGN_DecodeDigestInfo, like:
+ *  SGNDigestInfo *SGN_DecodeDigestInfo(SECItem *didata);
+ * that creates a pool and allocates from it and decodes didata into
+ * the newly allocated DigestInfo structure.  Then fix secvfy.c (it
+ * will no longer need an arena itself) to call this and then call
+ * DestroyDigestInfo when it is done, then can remove the old template
+ * above and keep our new template static and "hidden".
+ */
+
+/*
+ * XXX It might be nice to combine the following two functions (create
+ * and encode).  I think that is all anybody ever wants to do anyway.
+ */
+
+SECItem *
+SGN_EncodeDigestInfo(PLArenaPool *poolp, SECItem *dest, SGNDigestInfo *diginfo)
+{
+    return SEC_ASN1EncodeItem(poolp, dest, diginfo, sgn_DigestInfoTemplate);
+}
+
+SGNDigestInfo *
+SGN_CreateDigestInfo(SECOidTag algorithm, const unsigned char *sig,
+                     unsigned len)
+{
+    SGNDigestInfo *di;
+    SECStatus rv;
+    PLArenaPool *arena;
+    SECItem *null_param;
+    SECItem dummy_value;
+
+    switch (algorithm) {
+        case SEC_OID_MD2:
+        case SEC_OID_MD5:
+        case SEC_OID_SHA1:
+        case SEC_OID_SHA224:
+        case SEC_OID_SHA256:
+        case SEC_OID_SHA384:
+        case SEC_OID_SHA512:
+            break;
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+            return NULL;
+    }
+
+    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (arena == NULL) {
+        return NULL;
+    }
+
+    di = (SGNDigestInfo *)PORT_ArenaZAlloc(arena, sizeof(SGNDigestInfo));
+    if (di == NULL) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    di->arena = arena;
+
+    /*
+     * PKCS #1 specifies that the AlgorithmID must have a NULL parameter
+     * (as opposed to no parameter at all).
+     */
+    dummy_value.data = NULL;
+    dummy_value.len = 0;
+    null_param = SEC_ASN1EncodeItem(NULL, NULL, &dummy_value, SEC_NullTemplate);
+    if (null_param == NULL) {
+        goto loser;
+    }
+
+    rv = SECOID_SetAlgorithmID(arena, &di->digestAlgorithm, algorithm,
+                               null_param);
+
+    SECITEM_FreeItem(null_param, PR_TRUE);
+
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+
+    di->digest.data = (unsigned char *)PORT_ArenaAlloc(arena, len);
+    if (di->digest.data == NULL) {
+        goto loser;
+    }
+
+    di->digest.len = len;
+    PORT_Memcpy(di->digest.data, sig, len);
+    return di;
+
+loser:
+    SGN_DestroyDigestInfo(di);
+    return NULL;
+}
+
+SGNDigestInfo *
+SGN_DecodeDigestInfo(SECItem *didata)
+{
+    PLArenaPool *arena;
+    SGNDigestInfo *di;
+    SECStatus rv = SECFailure;
+    SECItem diCopy = { siBuffer, NULL, 0 };
+
+    arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
+    if (arena == NULL)
+        return NULL;
+
+    rv = SECITEM_CopyItem(arena, &diCopy, didata);
+    if (rv != SECSuccess) {
+        PORT_FreeArena(arena, PR_FALSE);
+        return NULL;
+    }
+
+    di = (SGNDigestInfo *)PORT_ArenaZAlloc(arena, sizeof(SGNDigestInfo));
+    if (di != NULL) {
+        di->arena = arena;
+        rv = SEC_QuickDERDecodeItem(arena, di, sgn_DigestInfoTemplate, &diCopy);
+    }
+
+    if ((di == NULL) || (rv != SECSuccess)) {
+        PORT_FreeArena(arena, PR_FALSE);
+        di = NULL;
+    }
+
+    return di;
+}
+
+void
+SGN_DestroyDigestInfo(SGNDigestInfo *di)
+{
+    if (di && di->arena) {
+        PORT_FreeArena(di->arena, PR_FALSE);
+    }
+
+    return;
+}
+
+SECStatus
+SGN_CopyDigestInfo(PLArenaPool *poolp, SGNDigestInfo *a, SGNDigestInfo *b)
+{
+    SECStatus rv;
+    void *mark;
+
+    if ((poolp == NULL) || (a == NULL) || (b == NULL))
+        return SECFailure;
+
+    mark = PORT_ArenaMark(poolp);
+    a->arena = poolp;
+    rv = SECOID_CopyAlgorithmID(poolp, &a->digestAlgorithm,
+                                &b->digestAlgorithm);
+    if (rv == SECSuccess)
+        rv = SECITEM_CopyItem(poolp, &a->digest, &b->digest);
+
+    if (rv != SECSuccess) {
+        PORT_ArenaRelease(poolp, mark);
+    } else {
+        PORT_ArenaUnmark(poolp, mark);
+    }
+
+    return rv;
+}
+
+SECComparison
+SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b)
+{
+    SECComparison rv;
+
+    /* Check signature algorithm's */
+    rv = SECOID_CompareAlgorithmID(&a->digestAlgorithm, &b->digestAlgorithm);
+    if (rv)
+        return rv;
+
+    /* Compare signature block length's */
+    rv = SECITEM_CompareItem(&a->digest, &b->digest);
+    return rv;
+}
diff --git a/nss/lib/util/secdig.h b/nss/lib/util/secdig.h
new file mode 100644
index 0000000..1531bf1
--- /dev/null
+++ b/nss/lib/util/secdig.h
@@ -0,0 +1,100 @@
+/*
+ * secdig.h - public prototypes for digest-info functions
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECDIG_H_
+#define _SECDIG_H_
+
+#include "utilrename.h"
+#include "secdigt.h"
+
+#include "seccomon.h"
+#include "secasn1t.h"
+#include "secdert.h"
+
+SEC_BEGIN_PROTOS
+
+extern const SEC_ASN1Template sgn_DigestInfoTemplate[];
+
+SEC_ASN1_CHOOSER_DECLARE(sgn_DigestInfoTemplate)
+
+/****************************************/
+/*
+** Digest-info functions
+*/
+
+/*
+** Create a new digest-info object
+**  "algorithm" one of SEC_OID_MD2, SEC_OID_MD5, or SEC_OID_SHA1
+**  "sig" the raw signature data (from MD2 or MD5)
+**  "sigLen" the length of the signature data
+**
+** NOTE: this is a low level routine used to prepare some data for PKCS#1
+** digital signature formatting.
+**
+** XXX It might be nice to combine the create and encode functions.
+** I think that is all anybody ever wants to do anyway.
+*/
+extern SGNDigestInfo *SGN_CreateDigestInfo(SECOidTag algorithm,
+                                           const unsigned char *sig,
+                                           unsigned int sigLen);
+
+/*
+** Destroy a digest-info object
+*/
+extern void SGN_DestroyDigestInfo(SGNDigestInfo *info);
+
+/*
+** Encode a digest-info object
+**  "poolp" is where to allocate the result from; it can be NULL in
+**      which case generic heap allocation (XP_ALLOC) will be used
+**  "dest" is where to store the result; it can be NULL, in which case
+**      it will be allocated (from poolp or heap, as explained above)
+**  "diginfo" is the object to be encoded
+** The return value is NULL if any error occurred, otherwise it is the
+** resulting SECItem (either allocated or the same as the "dest" parameter).
+**
+** XXX It might be nice to combine the create and encode functions.
+** I think that is all anybody ever wants to do anyway.
+*/
+extern SECItem *SGN_EncodeDigestInfo(PLArenaPool *poolp, SECItem *dest,
+                                     SGNDigestInfo *diginfo);
+
+/*
+** Decode a DER encoded digest info objct.
+**  didata is thr source of the encoded digest.
+** The return value is NULL if an error occurs.  Otherwise, a
+** digest info object which is allocated within it's own
+** pool is returned.  The digest info should be deleted
+** by later calling SGN_DestroyDigestInfo.
+*/
+extern SGNDigestInfo *SGN_DecodeDigestInfo(SECItem *didata);
+
+/*
+** Copy digest info.
+**  poolp is the arena to which the digest will be copied.
+**  a is the destination digest, it must be non-NULL.
+**  b is the source digest
+** This function is for copying digests.  It allows digests
+** to be copied into a specified pool.  If the digest is in
+** the same pool as other data, you do not want to delete
+** the digest by calling SGN_DestroyDigestInfo.
+** A return value of SECFailure indicates an error.  A return
+** of SECSuccess indicates no error occurred.
+*/
+extern SECStatus SGN_CopyDigestInfo(PLArenaPool *poolp,
+                                    SGNDigestInfo *a,
+                                    SGNDigestInfo *b);
+
+/*
+** Compare two digest-info objects, returning the difference between
+** them.
+*/
+extern SECComparison SGN_CompareDigestInfo(SGNDigestInfo *a, SGNDigestInfo *b);
+
+SEC_END_PROTOS
+
+#endif /* _SECDIG_H_ */
diff --git a/nss/lib/util/secdigt.h b/nss/lib/util/secdigt.h
new file mode 100644
index 0000000..4553434
--- /dev/null
+++ b/nss/lib/util/secdigt.h
@@ -0,0 +1,26 @@
+/*
+ * secdigt.h - public data structures for digest-info objects
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECDIGT_H_
+#define _SECDIGT_H_
+
+#include "utilrename.h"
+#include "plarena.h"
+#include "secoidt.h"
+#include "secitem.h"
+
+/*
+** A PKCS#1 digest-info object
+*/
+struct SGNDigestInfoStr {
+    PLArenaPool* arena;
+    SECAlgorithmID digestAlgorithm;
+    SECItem digest;
+};
+typedef struct SGNDigestInfoStr SGNDigestInfo;
+
+#endif /* _SECDIGT_H_ */
diff --git a/nss/lib/util/secerr.h b/nss/lib/util/secerr.h
new file mode 100644
index 0000000..4fe1d8e
--- /dev/null
+++ b/nss/lib/util/secerr.h
@@ -0,0 +1,218 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __SEC_ERR_H_
+#define __SEC_ERR_H_
+
+#include "utilrename.h"
+
+#define SEC_ERROR_BASE (-0x2000)
+#define SEC_ERROR_LIMIT (SEC_ERROR_BASE + 1000)
+
+#define IS_SEC_ERROR(code) \
+    (((code) >= SEC_ERROR_BASE) && ((code) < SEC_ERROR_LIMIT))
+
+#ifndef NO_SECURITY_ERROR_ENUM
+typedef enum {
+    SEC_ERROR_IO = SEC_ERROR_BASE + 0,
+    SEC_ERROR_LIBRARY_FAILURE = SEC_ERROR_BASE + 1,
+    SEC_ERROR_BAD_DATA = SEC_ERROR_BASE + 2,
+    SEC_ERROR_OUTPUT_LEN = SEC_ERROR_BASE + 3,
+    SEC_ERROR_INPUT_LEN = SEC_ERROR_BASE + 4,
+    SEC_ERROR_INVALID_ARGS = SEC_ERROR_BASE + 5,
+    SEC_ERROR_INVALID_ALGORITHM = SEC_ERROR_BASE + 6,
+    SEC_ERROR_INVALID_AVA = SEC_ERROR_BASE + 7,
+    SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8,
+    SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9,
+    SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10,
+    SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11,
+    SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12,
+    SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13,
+    SEC_ERROR_BAD_KEY = SEC_ERROR_BASE + 14,
+    SEC_ERROR_BAD_PASSWORD = SEC_ERROR_BASE + 15,
+    SEC_ERROR_RETRY_PASSWORD = SEC_ERROR_BASE + 16,
+    SEC_ERROR_NO_NODELOCK = SEC_ERROR_BASE + 17,
+    SEC_ERROR_BAD_DATABASE = SEC_ERROR_BASE + 18,
+    SEC_ERROR_NO_MEMORY = SEC_ERROR_BASE + 19,
+    SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20,
+    SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21,
+    SEC_ERROR_DUPLICATE_CERT = (SEC_ERROR_BASE + 22),
+    SEC_ERROR_DUPLICATE_CERT_NAME = (SEC_ERROR_BASE + 23),
+    SEC_ERROR_ADDING_CERT = (SEC_ERROR_BASE + 24),
+    SEC_ERROR_FILING_KEY = (SEC_ERROR_BASE + 25),
+    SEC_ERROR_NO_KEY = (SEC_ERROR_BASE + 26),
+    SEC_ERROR_CERT_VALID = (SEC_ERROR_BASE + 27),
+    SEC_ERROR_CERT_NOT_VALID = (SEC_ERROR_BASE + 28),
+    SEC_ERROR_CERT_NO_RESPONSE = (SEC_ERROR_BASE + 29),
+    SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30),
+    SEC_ERROR_CRL_EXPIRED = (SEC_ERROR_BASE + 31),
+    SEC_ERROR_CRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 32),
+    SEC_ERROR_CRL_INVALID = (SEC_ERROR_BASE + 33),
+    SEC_ERROR_EXTENSION_VALUE_INVALID = (SEC_ERROR_BASE + 34),
+    SEC_ERROR_EXTENSION_NOT_FOUND = (SEC_ERROR_BASE + 35),
+    SEC_ERROR_CA_CERT_INVALID = (SEC_ERROR_BASE + 36),
+    SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID = (SEC_ERROR_BASE + 37),
+    SEC_ERROR_CERT_USAGES_INVALID = (SEC_ERROR_BASE + 38),
+    SEC_INTERNAL_ONLY = (SEC_ERROR_BASE + 39),
+    SEC_ERROR_INVALID_KEY = (SEC_ERROR_BASE + 40),
+    SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 41),
+    SEC_ERROR_OLD_CRL = (SEC_ERROR_BASE + 42),
+    SEC_ERROR_NO_EMAIL_CERT = (SEC_ERROR_BASE + 43),
+    SEC_ERROR_NO_RECIPIENT_CERTS_QUERY = (SEC_ERROR_BASE + 44),
+    SEC_ERROR_NOT_A_RECIPIENT = (SEC_ERROR_BASE + 45),
+    SEC_ERROR_PKCS7_KEYALG_MISMATCH = (SEC_ERROR_BASE + 46),
+    SEC_ERROR_PKCS7_BAD_SIGNATURE = (SEC_ERROR_BASE + 47),
+    SEC_ERROR_UNSUPPORTED_KEYALG = (SEC_ERROR_BASE + 48),
+    SEC_ERROR_DECRYPTION_DISALLOWED = (SEC_ERROR_BASE + 49),
+    /* Fortezza Alerts */
+    XP_SEC_FORTEZZA_BAD_CARD = (SEC_ERROR_BASE + 50),
+    XP_SEC_FORTEZZA_NO_CARD = (SEC_ERROR_BASE + 51),
+    XP_SEC_FORTEZZA_NONE_SELECTED = (SEC_ERROR_BASE + 52),
+    XP_SEC_FORTEZZA_MORE_INFO = (SEC_ERROR_BASE + 53),
+    XP_SEC_FORTEZZA_PERSON_NOT_FOUND = (SEC_ERROR_BASE + 54),
+    XP_SEC_FORTEZZA_NO_MORE_INFO = (SEC_ERROR_BASE + 55),
+    XP_SEC_FORTEZZA_BAD_PIN = (SEC_ERROR_BASE + 56),
+    XP_SEC_FORTEZZA_PERSON_ERROR = (SEC_ERROR_BASE + 57),
+    SEC_ERROR_NO_KRL = (SEC_ERROR_BASE + 58),
+    SEC_ERROR_KRL_EXPIRED = (SEC_ERROR_BASE + 59),
+    SEC_ERROR_KRL_BAD_SIGNATURE = (SEC_ERROR_BASE + 60),
+    SEC_ERROR_REVOKED_KEY = (SEC_ERROR_BASE + 61),
+    SEC_ERROR_KRL_INVALID = (SEC_ERROR_BASE + 62),
+    SEC_ERROR_NEED_RANDOM = (SEC_ERROR_BASE + 63),
+    SEC_ERROR_NO_MODULE = (SEC_ERROR_BASE + 64),
+    SEC_ERROR_NO_TOKEN = (SEC_ERROR_BASE + 65),
+    SEC_ERROR_READ_ONLY = (SEC_ERROR_BASE + 66),
+    SEC_ERROR_NO_SLOT_SELECTED = (SEC_ERROR_BASE + 67),
+    SEC_ERROR_CERT_NICKNAME_COLLISION = (SEC_ERROR_BASE + 68),
+    SEC_ERROR_KEY_NICKNAME_COLLISION = (SEC_ERROR_BASE + 69),
+    SEC_ERROR_SAFE_NOT_CREATED = (SEC_ERROR_BASE + 70),
+    SEC_ERROR_BAGGAGE_NOT_CREATED = (SEC_ERROR_BASE + 71),
+    XP_JAVA_REMOVE_PRINCIPAL_ERROR = (SEC_ERROR_BASE + 72),
+    XP_JAVA_DELETE_PRIVILEGE_ERROR = (SEC_ERROR_BASE + 73),
+    XP_JAVA_CERT_NOT_EXISTS_ERROR = (SEC_ERROR_BASE + 74),
+    SEC_ERROR_BAD_EXPORT_ALGORITHM = (SEC_ERROR_BASE + 75),
+    SEC_ERROR_EXPORTING_CERTIFICATES = (SEC_ERROR_BASE + 76),
+    SEC_ERROR_IMPORTING_CERTIFICATES = (SEC_ERROR_BASE + 77),
+    SEC_ERROR_PKCS12_DECODING_PFX = (SEC_ERROR_BASE + 78),
+    SEC_ERROR_PKCS12_INVALID_MAC = (SEC_ERROR_BASE + 79),
+    SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM = (SEC_ERROR_BASE + 80),
+    SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE = (SEC_ERROR_BASE + 81),
+    SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE = (SEC_ERROR_BASE + 82),
+    SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM = (SEC_ERROR_BASE + 83),
+    SEC_ERROR_PKCS12_UNSUPPORTED_VERSION = (SEC_ERROR_BASE + 84),
+    SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT = (SEC_ERROR_BASE + 85),
+    SEC_ERROR_PKCS12_CERT_COLLISION = (SEC_ERROR_BASE + 86),
+    SEC_ERROR_USER_CANCELLED = (SEC_ERROR_BASE + 87),
+    SEC_ERROR_PKCS12_DUPLICATE_DATA = (SEC_ERROR_BASE + 88),
+    SEC_ERROR_MESSAGE_SEND_ABORTED = (SEC_ERROR_BASE + 89),
+    SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90),
+    SEC_ERROR_INADEQUATE_CERT_TYPE = (SEC_ERROR_BASE + 91),
+    SEC_ERROR_CERT_ADDR_MISMATCH = (SEC_ERROR_BASE + 92),
+    SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY = (SEC_ERROR_BASE + 93),
+    SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN = (SEC_ERROR_BASE + 94),
+    SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME = (SEC_ERROR_BASE + 95),
+    SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY = (SEC_ERROR_BASE + 96),
+    SEC_ERROR_PKCS12_UNABLE_TO_WRITE = (SEC_ERROR_BASE + 97),
+    SEC_ERROR_PKCS12_UNABLE_TO_READ = (SEC_ERROR_BASE + 98),
+    SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED = (SEC_ERROR_BASE + 99),
+    SEC_ERROR_KEYGEN_FAIL = (SEC_ERROR_BASE + 100),
+    SEC_ERROR_INVALID_PASSWORD = (SEC_ERROR_BASE + 101),
+    SEC_ERROR_RETRY_OLD_PASSWORD = (SEC_ERROR_BASE + 102),
+    SEC_ERROR_BAD_NICKNAME = (SEC_ERROR_BASE + 103),
+    SEC_ERROR_NOT_FORTEZZA_ISSUER = (SEC_ERROR_BASE + 104),
+    SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY = (SEC_ERROR_BASE + 105),
+    SEC_ERROR_JS_INVALID_MODULE_NAME = (SEC_ERROR_BASE + 106),
+    SEC_ERROR_JS_INVALID_DLL = (SEC_ERROR_BASE + 107),
+    SEC_ERROR_JS_ADD_MOD_FAILURE = (SEC_ERROR_BASE + 108),
+    SEC_ERROR_JS_DEL_MOD_FAILURE = (SEC_ERROR_BASE + 109),
+    SEC_ERROR_OLD_KRL = (SEC_ERROR_BASE + 110),
+    SEC_ERROR_CKL_CONFLICT = (SEC_ERROR_BASE + 111),
+    SEC_ERROR_CERT_NOT_IN_NAME_SPACE = (SEC_ERROR_BASE + 112),
+    SEC_ERROR_KRL_NOT_YET_VALID = (SEC_ERROR_BASE + 113),
+    SEC_ERROR_CRL_NOT_YET_VALID = (SEC_ERROR_BASE + 114),
+    SEC_ERROR_UNKNOWN_CERT = (SEC_ERROR_BASE + 115),
+    SEC_ERROR_UNKNOWN_SIGNER = (SEC_ERROR_BASE + 116),
+    SEC_ERROR_CERT_BAD_ACCESS_LOCATION = (SEC_ERROR_BASE + 117),
+    SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE = (SEC_ERROR_BASE + 118),
+    SEC_ERROR_OCSP_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 119),
+    SEC_ERROR_OCSP_MALFORMED_REQUEST = (SEC_ERROR_BASE + 120),
+    SEC_ERROR_OCSP_SERVER_ERROR = (SEC_ERROR_BASE + 121),
+    SEC_ERROR_OCSP_TRY_SERVER_LATER = (SEC_ERROR_BASE + 122),
+    SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = (SEC_ERROR_BASE + 123),
+    SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = (SEC_ERROR_BASE + 124),
+    SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS = (SEC_ERROR_BASE + 125),
+    SEC_ERROR_OCSP_UNKNOWN_CERT = (SEC_ERROR_BASE + 126),
+    SEC_ERROR_OCSP_NOT_ENABLED = (SEC_ERROR_BASE + 127),
+    SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER = (SEC_ERROR_BASE + 128),
+    SEC_ERROR_OCSP_MALFORMED_RESPONSE = (SEC_ERROR_BASE + 129),
+    SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = (SEC_ERROR_BASE + 130),
+    SEC_ERROR_OCSP_FUTURE_RESPONSE = (SEC_ERROR_BASE + 131),
+    SEC_ERROR_OCSP_OLD_RESPONSE = (SEC_ERROR_BASE + 132),
+    /* smime stuff */
+    SEC_ERROR_DIGEST_NOT_FOUND = (SEC_ERROR_BASE + 133),
+    SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE = (SEC_ERROR_BASE + 134),
+    SEC_ERROR_MODULE_STUCK = (SEC_ERROR_BASE + 135),
+    SEC_ERROR_BAD_TEMPLATE = (SEC_ERROR_BASE + 136),
+    SEC_ERROR_CRL_NOT_FOUND = (SEC_ERROR_BASE + 137),
+    SEC_ERROR_REUSED_ISSUER_AND_SERIAL = (SEC_ERROR_BASE + 138),
+    SEC_ERROR_BUSY = (SEC_ERROR_BASE + 139),
+    SEC_ERROR_EXTRA_INPUT = (SEC_ERROR_BASE + 140),
+    /* error codes used by elliptic curve code */
+    SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = (SEC_ERROR_BASE + 141),
+    SEC_ERROR_UNSUPPORTED_EC_POINT_FORM = (SEC_ERROR_BASE + 142),
+    SEC_ERROR_UNRECOGNIZED_OID = (SEC_ERROR_BASE + 143),
+    SEC_ERROR_OCSP_INVALID_SIGNING_CERT = (SEC_ERROR_BASE + 144),
+    /* new revocation errors */
+    SEC_ERROR_REVOKED_CERTIFICATE_CRL = (SEC_ERROR_BASE + 145),
+    SEC_ERROR_REVOKED_CERTIFICATE_OCSP = (SEC_ERROR_BASE + 146),
+    SEC_ERROR_CRL_INVALID_VERSION = (SEC_ERROR_BASE + 147),
+    SEC_ERROR_CRL_V1_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 148),
+    SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION = (SEC_ERROR_BASE + 149),
+    SEC_ERROR_UNKNOWN_OBJECT_TYPE = (SEC_ERROR_BASE + 150),
+    SEC_ERROR_INCOMPATIBLE_PKCS11 = (SEC_ERROR_BASE + 151),
+    SEC_ERROR_NO_EVENT = (SEC_ERROR_BASE + 152),
+    SEC_ERROR_CRL_ALREADY_EXISTS = (SEC_ERROR_BASE + 153),
+    SEC_ERROR_NOT_INITIALIZED = (SEC_ERROR_BASE + 154),
+    SEC_ERROR_TOKEN_NOT_LOGGED_IN = (SEC_ERROR_BASE + 155),
+    SEC_ERROR_OCSP_RESPONDER_CERT_INVALID = (SEC_ERROR_BASE + 156),
+    SEC_ERROR_OCSP_BAD_SIGNATURE = (SEC_ERROR_BASE + 157),
+
+    SEC_ERROR_OUT_OF_SEARCH_LIMITS = (SEC_ERROR_BASE + 158),
+    SEC_ERROR_INVALID_POLICY_MAPPING = (SEC_ERROR_BASE + 159),
+    SEC_ERROR_POLICY_VALIDATION_FAILED = (SEC_ERROR_BASE + 160),
+    /* No longer used.  Unknown AIA location types are now silently ignored. */
+    SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE = (SEC_ERROR_BASE + 161),
+    SEC_ERROR_BAD_HTTP_RESPONSE = (SEC_ERROR_BASE + 162),
+    SEC_ERROR_BAD_LDAP_RESPONSE = (SEC_ERROR_BASE + 163),
+    SEC_ERROR_FAILED_TO_ENCODE_DATA = (SEC_ERROR_BASE + 164),
+    SEC_ERROR_BAD_INFO_ACCESS_LOCATION = (SEC_ERROR_BASE + 165),
+
+    SEC_ERROR_LIBPKIX_INTERNAL = (SEC_ERROR_BASE + 166),
+
+    SEC_ERROR_PKCS11_GENERAL_ERROR = (SEC_ERROR_BASE + 167),
+    SEC_ERROR_PKCS11_FUNCTION_FAILED = (SEC_ERROR_BASE + 168),
+    SEC_ERROR_PKCS11_DEVICE_ERROR = (SEC_ERROR_BASE + 169),
+
+    SEC_ERROR_BAD_INFO_ACCESS_METHOD = (SEC_ERROR_BASE + 170),
+    SEC_ERROR_CRL_IMPORT_FAILED = (SEC_ERROR_BASE + 171),
+
+    SEC_ERROR_EXPIRED_PASSWORD = (SEC_ERROR_BASE + 172),
+    SEC_ERROR_LOCKED_PASSWORD = (SEC_ERROR_BASE + 173),
+
+    SEC_ERROR_UNKNOWN_PKCS11_ERROR = (SEC_ERROR_BASE + 174),
+
+    SEC_ERROR_BAD_CRL_DP_URL = (SEC_ERROR_BASE + 175),
+
+    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176),
+
+    SEC_ERROR_LEGACY_DATABASE = (SEC_ERROR_BASE + 177),
+
+    SEC_ERROR_APPLICATION_CALLBACK_ERROR = (SEC_ERROR_BASE + 178),
+
+    /* Add new error codes above here. */
+    SEC_ERROR_END_OF_LIST
+} SECErrorCodes;
+#endif /* NO_SECURITY_ERROR_ENUM */
+
+#endif /* __SEC_ERR_H_ */
diff --git a/nss/lib/util/secitem.c b/nss/lib/util/secitem.c
new file mode 100644
index 0000000..22c5b1f
--- /dev/null
+++ b/nss/lib/util/secitem.c
@@ -0,0 +1,487 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Support routines for SECItem data structure.
+ */
+
+#include "seccomon.h"
+#include "secitem.h"
+#include "secerr.h"
+#include "secport.h"
+
+SECItem *
+SECITEM_AllocItem(PLArenaPool *arena, SECItem *item, unsigned int len)
+{
+    SECItem *result = NULL;
+    void *mark = NULL;
+
+    if (arena != NULL) {
+        mark = PORT_ArenaMark(arena);
+    }
+
+    if (item == NULL) {
+        if (arena != NULL) {
+            result = PORT_ArenaZAlloc(arena, sizeof(SECItem));
+        } else {
+            result = PORT_ZAlloc(sizeof(SECItem));
+        }
+        if (result == NULL) {
+            goto loser;
+        }
+    } else {
+        PORT_Assert(item->data == NULL);
+        result = item;
+    }
+
+    result->len = len;
+    if (len) {
+        if (arena != NULL) {
+            result->data = PORT_ArenaAlloc(arena, len);
+        } else {
+            result->data = PORT_Alloc(len);
+        }
+        if (result->data == NULL) {
+            goto loser;
+        }
+    } else {
+        result->data = NULL;
+    }
+
+    if (mark) {
+        PORT_ArenaUnmark(arena, mark);
+    }
+    return (result);
+
+loser:
+    if (arena != NULL) {
+        if (mark) {
+            PORT_ArenaRelease(arena, mark);
+        }
+        if (item != NULL) {
+            item->data = NULL;
+            item->len = 0;
+        }
+    } else {
+        if (result != NULL) {
+            SECITEM_FreeItem(result, (item == NULL) ? PR_TRUE : PR_FALSE);
+        }
+        /*
+         * If item is not NULL, the above has set item->data and
+         * item->len to 0.
+         */
+    }
+    return (NULL);
+}
+
+SECStatus
+SECITEM_ReallocItem(PLArenaPool *arena, SECItem *item, unsigned int oldlen,
+                    unsigned int newlen)
+{
+    PORT_Assert(item != NULL);
+    if (item == NULL) {
+        /* XXX Set error.  But to what? */
+        return SECFailure;
+    }
+
+    /*
+     * If no old length, degenerate to just plain alloc.
+     */
+    if (oldlen == 0) {
+        PORT_Assert(item->data == NULL || item->len == 0);
+        if (newlen == 0) {
+            /* Nothing to do.  Weird, but not a failure.  */
+            return SECSuccess;
+        }
+        item->len = newlen;
+        if (arena != NULL) {
+            item->data = PORT_ArenaAlloc(arena, newlen);
+        } else {
+            item->data = PORT_Alloc(newlen);
+        }
+    } else {
+        if (arena != NULL) {
+            item->data = PORT_ArenaGrow(arena, item->data, oldlen, newlen);
+        } else {
+            item->data = PORT_Realloc(item->data, newlen);
+        }
+    }
+
+    if (item->data == NULL) {
+        return SECFailure;
+    }
+
+    return SECSuccess;
+}
+
+SECStatus
+SECITEM_ReallocItemV2(PLArenaPool *arena, SECItem *item, unsigned int newlen)
+{
+    unsigned char *newdata = NULL;
+
+    PORT_Assert(item);
+    if (!item) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (item->len == newlen) {
+        return SECSuccess;
+    }
+
+    if (!newlen) {
+        if (!arena) {
+            PORT_Free(item->data);
+        }
+        item->data = NULL;
+        item->len = 0;
+        return SECSuccess;
+    }
+
+    if (!item->data) {
+        /* allocate fresh block of memory */
+        PORT_Assert(!item->len);
+        if (arena) {
+            newdata = PORT_ArenaAlloc(arena, newlen);
+        } else {
+            newdata = PORT_Alloc(newlen);
+        }
+    } else {
+        /* reallocate or adjust existing block of memory */
+        if (arena) {
+            if (item->len > newlen) {
+                /* There's no need to realloc a shorter block from the arena,
+                 * because it would result in using even more memory!
+                 * Therefore we'll continue to use the old block and
+                 * set the item to the shorter size.
+                 */
+                item->len = newlen;
+                return SECSuccess;
+            }
+            newdata = PORT_ArenaGrow(arena, item->data, item->len, newlen);
+        } else {
+            newdata = PORT_Realloc(item->data, newlen);
+        }
+    }
+
+    if (!newdata) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return SECFailure;
+    }
+
+    item->len = newlen;
+    item->data = newdata;
+    return SECSuccess;
+}
+
+SECComparison
+SECITEM_CompareItem(const SECItem *a, const SECItem *b)
+{
+    unsigned m;
+    int rv;
+
+    if (a == b)
+        return SECEqual;
+    if (!a || !a->len || !a->data)
+        return (!b || !b->len || !b->data) ? SECEqual : SECLessThan;
+    if (!b || !b->len || !b->data)
+        return SECGreaterThan;
+
+    m = ((a->len < b->len) ? a->len : b->len);
+
+    rv = PORT_Memcmp(a->data, b->data, m);
+    if (rv) {
+        return rv < 0 ? SECLessThan : SECGreaterThan;
+    }
+    if (a->len < b->len) {
+        return SECLessThan;
+    }
+    if (a->len == b->len) {
+        return SECEqual;
+    }
+    return SECGreaterThan;
+}
+
+PRBool
+SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b)
+{
+    if (a->len != b->len)
+        return PR_FALSE;
+    if (!a->len)
+        return PR_TRUE;
+    if (!a->data || !b->data) {
+        /* avoid null pointer crash. */
+        return (PRBool)(a->data == b->data);
+    }
+    return (PRBool)!PORT_Memcmp(a->data, b->data, a->len);
+}
+
+SECItem *
+SECITEM_DupItem(const SECItem *from)
+{
+    return SECITEM_ArenaDupItem(NULL, from);
+}
+
+SECItem *
+SECITEM_ArenaDupItem(PLArenaPool *arena, const SECItem *from)
+{
+    SECItem *to;
+
+    if (from == NULL) {
+        return (NULL);
+    }
+
+    if (arena != NULL) {
+        to = (SECItem *)PORT_ArenaAlloc(arena, sizeof(SECItem));
+    } else {
+        to = (SECItem *)PORT_Alloc(sizeof(SECItem));
+    }
+    if (to == NULL) {
+        return (NULL);
+    }
+
+    if (arena != NULL) {
+        to->data = (unsigned char *)PORT_ArenaAlloc(arena, from->len);
+    } else {
+        to->data = (unsigned char *)PORT_Alloc(from->len);
+    }
+    if (to->data == NULL) {
+        PORT_Free(to);
+        return (NULL);
+    }
+
+    to->len = from->len;
+    to->type = from->type;
+    if (to->len) {
+        PORT_Memcpy(to->data, from->data, to->len);
+    }
+
+    return (to);
+}
+
+SECStatus
+SECITEM_CopyItem(PLArenaPool *arena, SECItem *to, const SECItem *from)
+{
+    to->type = from->type;
+    if (from->data && from->len) {
+        if (arena) {
+            to->data = (unsigned char *)PORT_ArenaAlloc(arena, from->len);
+        } else {
+            to->data = (unsigned char *)PORT_Alloc(from->len);
+        }
+
+        if (!to->data) {
+            return SECFailure;
+        }
+        PORT_Memcpy(to->data, from->data, from->len);
+        to->len = from->len;
+    } else {
+        /*
+         * If from->data is NULL but from->len is nonzero, this function
+         * will succeed.  Is this right?
+         */
+        to->data = 0;
+        to->len = 0;
+    }
+    return SECSuccess;
+}
+
+void
+SECITEM_FreeItem(SECItem *zap, PRBool freeit)
+{
+    if (zap) {
+        PORT_Free(zap->data);
+        zap->data = 0;
+        zap->len = 0;
+        if (freeit) {
+            PORT_Free(zap);
+        }
+    }
+}
+
+void
+SECITEM_ZfreeItem(SECItem *zap, PRBool freeit)
+{
+    if (zap) {
+        PORT_ZFree(zap->data, zap->len);
+        zap->data = 0;
+        zap->len = 0;
+        if (freeit) {
+            PORT_ZFree(zap, sizeof(SECItem));
+        }
+    }
+}
+/* these reroutines were taken from pkix oid.c, which is supposed to
+ * replace this file some day */
+/*
+ * This is the hash function.  We simply XOR the encoded form with
+ * itself in sizeof(PLHashNumber)-byte chunks.  Improving this
+ * routine is left as an excercise for the more mathematically
+ * inclined student.
+ */
+PLHashNumber PR_CALLBACK
+SECITEM_Hash(const void *key)
+{
+    const SECItem *item = (const SECItem *)key;
+    PLHashNumber rv = 0;
+
+    PRUint8 *data = (PRUint8 *)item->data;
+    PRUint32 i;
+    PRUint8 *rvc = (PRUint8 *)&rv;
+
+    for (i = 0; i < item->len; i++) {
+        rvc[i % sizeof(rv)] ^= *data;
+        data++;
+    }
+
+    return rv;
+}
+
+/*
+ * This is the key-compare function.  It simply does a lexical
+ * comparison on the item data.  This does not result in
+ * quite the same ordering as the "sequence of numbers" order,
+ * but heck it's only used internally by the hash table anyway.
+ */
+PRIntn PR_CALLBACK
+SECITEM_HashCompare(const void *k1, const void *k2)
+{
+    const SECItem *i1 = (const SECItem *)k1;
+    const SECItem *i2 = (const SECItem *)k2;
+
+    return SECITEM_ItemsAreEqual(i1, i2);
+}
+
+SECItemArray *
+SECITEM_AllocArray(PLArenaPool *arena, SECItemArray *array, unsigned int len)
+{
+    SECItemArray *result = NULL;
+    void *mark = NULL;
+
+    if (array != NULL && array->items != NULL) {
+        PORT_Assert(0);
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
+    if (arena != NULL) {
+        mark = PORT_ArenaMark(arena);
+    }
+
+    if (array == NULL) {
+        if (arena != NULL) {
+            result = PORT_ArenaZAlloc(arena, sizeof(SECItemArray));
+        } else {
+            result = PORT_ZAlloc(sizeof(SECItemArray));
+        }
+        if (result == NULL) {
+            goto loser;
+        }
+    } else {
+        result = array;
+    }
+
+    result->len = len;
+    if (len) {
+        if (arena != NULL) {
+            result->items = PORT_ArenaZNewArray(arena, SECItem, len);
+        } else {
+            result->items = PORT_ZNewArray(SECItem, len);
+        }
+        if (result->items == NULL) {
+            goto loser;
+        }
+    } else {
+        result->items = NULL;
+    }
+
+    if (mark) {
+        PORT_ArenaUnmark(arena, mark);
+    }
+    return result;
+
+loser:
+    if (arena != NULL) {
+        if (mark) {
+            PORT_ArenaRelease(arena, mark);
+        }
+    } else {
+        if (result != NULL && array == NULL) {
+            PORT_Free(result);
+        }
+    }
+    if (array != NULL) {
+        array->items = NULL;
+        array->len = 0;
+    }
+    return NULL;
+}
+
+static void
+secitem_FreeArray(SECItemArray *array, PRBool zero_items, PRBool freeit)
+{
+    unsigned int i;
+
+    if (!array || !array->len || !array->items)
+        return;
+
+    for (i = 0; i < array->len; ++i) {
+        SECItem *item = &array->items[i];
+
+        if (item->data) {
+            if (zero_items) {
+                SECITEM_ZfreeItem(item, PR_FALSE);
+            } else {
+                SECITEM_FreeItem(item, PR_FALSE);
+            }
+        }
+    }
+    PORT_Free(array->items);
+    array->items = NULL;
+    array->len = 0;
+
+    if (freeit)
+        PORT_Free(array);
+}
+
+void
+SECITEM_FreeArray(SECItemArray *array, PRBool freeit)
+{
+    secitem_FreeArray(array, PR_FALSE, freeit);
+}
+
+void
+SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit)
+{
+    secitem_FreeArray(array, PR_TRUE, freeit);
+}
+
+SECItemArray *
+SECITEM_DupArray(PLArenaPool *arena, const SECItemArray *from)
+{
+    SECItemArray *result;
+    unsigned int i;
+
+    /* Require a "from" array.
+     * Reject an inconsistent "from" array with NULL data and nonzero length.
+     * However, allow a "from" array of zero length.
+     */
+    if (!from || (!from->items && from->len))
+        return NULL;
+
+    result = SECITEM_AllocArray(arena, NULL, from->len);
+    if (!result)
+        return NULL;
+
+    for (i = 0; i < from->len; ++i) {
+        SECStatus rv = SECITEM_CopyItem(arena,
+                                        &result->items[i], &from->items[i]);
+        if (rv != SECSuccess) {
+            SECITEM_ZfreeArray(result, PR_TRUE);
+            return NULL;
+        }
+    }
+
+    return result;
+}
diff --git a/nss/lib/util/secitem.h b/nss/lib/util/secitem.h
new file mode 100644
index 0000000..5b9d0e1
--- /dev/null
+++ b/nss/lib/util/secitem.h
@@ -0,0 +1,118 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECITEM_H_
+#define _SECITEM_H_
+
+#include "utilrename.h"
+
+/*
+ * secitem.h - public data structures and prototypes for handling
+ *             SECItems
+ */
+
+#include "plarena.h"
+#include "plhash.h"
+#include "seccomon.h"
+
+SEC_BEGIN_PROTOS
+
+/*
+** Allocate an item.  If "arena" is not NULL, then allocate from there,
+** otherwise allocate from the heap.  If "item" is not NULL, allocate
+** only the data buffer for the item, not the item itself.  If "len" is
+** 0, do not allocate the data buffer for the item; simply set the data
+** field to NULL and the len field to 0.  The item structure is allocated
+** zero-filled; the data buffer is not zeroed.  The caller is responsible
+** for initializing the type field of the item.
+**
+** The resulting item is returned; NULL if any error occurs.
+**
+** XXX This probably should take a SECItemType, but since that is mostly
+** unused and our improved APIs (aka Stan) are looming, I left it out.
+*/
+extern SECItem *SECITEM_AllocItem(PLArenaPool *arena, SECItem *item,
+                                  unsigned int len);
+
+/*
+** This is a legacy function containing bugs. It doesn't update item->len,
+** and it has other issues as described in bug 298649 and bug 298938.
+** However, the function is  kept unchanged for consumers that might depend
+** on the broken behaviour. New code should call SECITEM_ReallocItemV2.
+**
+** Reallocate the data for the specified "item".  If "arena" is not NULL,
+** then reallocate from there, otherwise reallocate from the heap.
+** In the case where oldlen is 0, the data is allocated (not reallocated).
+** In any case, "item" is expected to be a valid SECItem pointer;
+** SECFailure is returned if it is not.  If the allocation succeeds,
+** SECSuccess is returned.
+*/
+extern SECStatus SECITEM_ReallocItem(/* deprecated function */
+                                     PLArenaPool *arena, SECItem *item,
+                                     unsigned int oldlen, unsigned int newlen);
+
+/*
+** Reallocate the data for the specified "item".  If "arena" is not NULL,
+** then reallocate from there, otherwise reallocate from the heap.
+** If item->data is NULL, the data is allocated (not reallocated).
+** In any case, "item" is expected to be a valid SECItem pointer;
+** SECFailure is returned if it is not, and the item will remain unchanged.
+** If the allocation succeeds, the item is updated and SECSuccess is returned.
+ */
+extern SECStatus SECITEM_ReallocItemV2(PLArenaPool *arena, SECItem *item,
+                                       unsigned int newlen);
+
+/*
+** Compare two items returning the difference between them.
+*/
+extern SECComparison SECITEM_CompareItem(const SECItem *a, const SECItem *b);
+
+/*
+** Compare two items -- if they are the same, return true; otherwise false.
+*/
+extern PRBool SECITEM_ItemsAreEqual(const SECItem *a, const SECItem *b);
+
+/*
+** Copy "from" to "to"
+*/
+extern SECStatus SECITEM_CopyItem(PLArenaPool *arena, SECItem *to,
+                                  const SECItem *from);
+
+/*
+** Allocate an item and copy "from" into it.
+*/
+extern SECItem *SECITEM_DupItem(const SECItem *from);
+
+/*
+** Allocate an item and copy "from" into it.  The item itself and the
+** data it points to are both allocated from the arena.  If arena is
+** NULL, this function is equivalent to SECITEM_DupItem.
+*/
+extern SECItem *SECITEM_ArenaDupItem(PLArenaPool *arena, const SECItem *from);
+
+/*
+** Free "zap". If freeit is PR_TRUE then "zap" itself is freed.
+*/
+extern void SECITEM_FreeItem(SECItem *zap, PRBool freeit);
+
+/*
+** Zero and then free "zap". If freeit is PR_TRUE then "zap" itself is freed.
+*/
+extern void SECITEM_ZfreeItem(SECItem *zap, PRBool freeit);
+
+PLHashNumber PR_CALLBACK SECITEM_Hash(const void *key);
+
+PRIntn PR_CALLBACK SECITEM_HashCompare(const void *k1, const void *k2);
+
+extern SECItemArray *SECITEM_AllocArray(PLArenaPool *arena,
+                                        SECItemArray *array,
+                                        unsigned int len);
+extern SECItemArray *SECITEM_DupArray(PLArenaPool *arena,
+                                      const SECItemArray *from);
+extern void SECITEM_FreeArray(SECItemArray *array, PRBool freeit);
+extern void SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit);
+
+SEC_END_PROTOS
+
+#endif /* _SECITEM_H_ */
diff --git a/nss/lib/util/secload.c b/nss/lib/util/secload.c
new file mode 100644
index 0000000..12efd2f
--- /dev/null
+++ b/nss/lib/util/secload.c
@@ -0,0 +1,182 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secport.h"
+#include "nspr.h"
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#define BL_MAXSYMLINKS 20
+
+/*
+ * If 'link' is a symbolic link, this function follows the symbolic links
+ * and returns the pathname of the ultimate source of the symbolic links.
+ * If 'link' is not a symbolic link, this function returns NULL.
+ * The caller should call PR_Free to free the string returned by this
+ * function.
+ */
+static char*
+loader_GetOriginalPathname(const char* link)
+{
+    char* resolved = NULL;
+    char* input = NULL;
+    PRUint32 iterations = 0;
+    PRInt32 len = 0, retlen = 0;
+    if (!link) {
+        PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+        return NULL;
+    }
+    len = PR_MAX(1024, strlen(link) + 1);
+    resolved = PR_Malloc(len);
+    input = PR_Malloc(len);
+    if (!resolved || !input) {
+        if (resolved) {
+            PR_Free(resolved);
+        }
+        if (input) {
+            PR_Free(input);
+        }
+        return NULL;
+    }
+    strcpy(input, link);
+    while ((iterations++ < BL_MAXSYMLINKS) &&
+           ((retlen = readlink(input, resolved, len - 1)) > 0)) {
+        char* tmp = input;
+        resolved[retlen] = '\0'; /* NULL termination */
+        input = resolved;
+        resolved = tmp;
+    }
+    PR_Free(resolved);
+    if (iterations == 1 && retlen < 0) {
+        PR_Free(input);
+        input = NULL;
+    }
+    return input;
+}
+#endif /* XP_UNIX */
+
+/*
+ * Load the library with the file name 'name' residing in the same
+ * directory as the reference library, whose pathname is 'referencePath'.
+ */
+static PRLibrary*
+loader_LoadLibInReferenceDir(const char* referencePath, const char* name)
+{
+    PRLibrary* dlh = NULL;
+    char* fullName = NULL;
+    char* c;
+    PRLibSpec libSpec;
+
+    /* Remove the trailing filename from referencePath and add the new one */
+    c = strrchr(referencePath, PR_GetDirectorySeparator());
+    if (c) {
+        size_t referencePathSize = 1 + c - referencePath;
+        fullName = (char*)PORT_Alloc(strlen(name) + referencePathSize + 1);
+        if (fullName) {
+            memcpy(fullName, referencePath, referencePathSize);
+            strcpy(fullName + referencePathSize, name);
+#ifdef DEBUG_LOADER
+            PR_fprintf(PR_STDOUT, "\nAttempting to load fully-qualified %s\n",
+                       fullName);
+#endif
+            libSpec.type = PR_LibSpec_Pathname;
+            libSpec.value.pathname = fullName;
+            dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
+#ifdef PR_LD_ALT_SEARCH_PATH
+                                                       /* allow library's dependencies to be found in the same directory
+                                                        * on Windows even if PATH is not set. Requires NSPR 4.8.1 . */
+                                                       | PR_LD_ALT_SEARCH_PATH
+#endif
+                                          );
+            PORT_Free(fullName);
+        }
+    }
+    return dlh;
+}
+
+/*
+ * Load a shared library called "newShLibName" in the same directory as
+ * a shared library that is already loaded, called existingShLibName.
+ * A pointer to a static function in that shared library,
+ * staticShLibFunc, is required.
+ *
+ * existingShLibName:
+ *   The file name of the shared library that shall be used as the
+ *   "reference library". The loader will attempt to load the requested
+ *   library from the same directory as the reference library.
+ *
+ * staticShLibFunc:
+ *   Pointer to a static function in the "reference library".
+ *
+ * newShLibName:
+ *   The simple file name of the new shared library to be loaded.
+ *
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded
+ * shared lib that contains this function, and then do a
+ * PR_LoadLibraryWithFlags with an absolute pathname for the shared
+ * library to be loaded.
+ *
+ * On Windows, the "alternate search path" strategy is employed, if available.
+ * On Unix, if existingShLibName is a symbolic link, and no link exists for the
+ * new library, the original link will be resolved, and the new library loaded
+ * from the resolved location.
+ *
+ * If the new shared library is not found in the same location as the reference
+ * library, it will then be loaded from the normal system library path.
+ *
+ */
+
+PRLibrary*
+PORT_LoadLibraryFromOrigin(const char* existingShLibName,
+                           PRFuncPtr staticShLibFunc,
+                           const char* newShLibName)
+{
+    PRLibrary* lib = NULL;
+    char* fullPath = NULL;
+    PRLibSpec libSpec;
+
+    /* Get the pathname for existingShLibName, e.g. /usr/lib/libnss3.so
+     * PR_GetLibraryFilePathname works with either the base library name or a
+     * function pointer, depending on the platform.
+     * We require the address of a function in the "reference library",
+     * provided by the caller. To avoid getting the address of the stub/thunk
+     * of an exported function by accident, use the address of a static
+     * function rather than an exported function.
+     */
+    fullPath = PR_GetLibraryFilePathname(existingShLibName,
+                                         staticShLibFunc);
+
+    if (fullPath) {
+        lib = loader_LoadLibInReferenceDir(fullPath, newShLibName);
+#ifdef XP_UNIX
+        if (!lib) {
+            /*
+             * If fullPath is a symbolic link, resolve the symbolic
+             * link and try again.
+             */
+            char* originalfullPath = loader_GetOriginalPathname(fullPath);
+            if (originalfullPath) {
+                PR_Free(fullPath);
+                fullPath = originalfullPath;
+                lib = loader_LoadLibInReferenceDir(fullPath, newShLibName);
+            }
+        }
+#endif
+        PR_Free(fullPath);
+    }
+    if (!lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nAttempting to load %s\n", newShLibName);
+#endif
+        libSpec.type = PR_LibSpec_Pathname;
+        libSpec.value.pathname = newShLibName;
+        lib = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
+    }
+    if (NULL == lib) {
+#ifdef DEBUG_LOADER
+        PR_fprintf(PR_STDOUT, "\nLoading failed : %s.\n", newShLibName);
+#endif
+    }
+    return lib;
+}
diff --git a/nss/lib/util/secoid.c b/nss/lib/util/secoid.c
new file mode 100644
index 0000000..da03b7c
--- /dev/null
+++ b/nss/lib/util/secoid.c
@@ -0,0 +1,2306 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secoid.h"
+#include "pkcs11t.h"
+#include "secitem.h"
+#include "secerr.h"
+#include "prenv.h"
+#include "plhash.h"
+#include "nssrwlk.h"
+#include "nssutil.h"
+
+/* Library identity and versioning */
+
+#if defined(DEBUG)
+#define _DEBUG_STRING " (debug)"
+#else
+#define _DEBUG_STRING ""
+#endif
+
+/*
+ * Version information
+ */
+const char __nss_util_version[] = "Version: NSS " NSSUTIL_VERSION _DEBUG_STRING;
+
+/* MISSI Mosaic Object ID space */
+/* USGov algorithm OID space: { 2 16 840 1 101 } */
+#define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
+#define MISSI USGOV, 0x02, 0x01, 0x01
+#define MISSI_OLD_KEA_DSS MISSI, 0x0c
+#define MISSI_OLD_DSS MISSI, 0x02
+#define MISSI_KEA_DSS MISSI, 0x14
+#define MISSI_DSS MISSI, 0x13
+#define MISSI_KEA MISSI, 0x0a
+#define MISSI_ALT_KEA MISSI, 0x16
+
+#define NISTALGS USGOV, 3, 4
+#define AES NISTALGS, 1
+#define SHAXXX NISTALGS, 2
+#define DSA2 NISTALGS, 3
+
+/**
+ ** The Netscape OID space is allocated by Terry Hayes.  If you need
+ ** a piece of the space, contact him at thayes@netscape.com.
+ **/
+
+/* Netscape Communications Corporation Object ID space */
+/* { 2 16 840 1 113730 } */
+#define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
+#define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
+#define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
+/* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
+#define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
+#define NETSCAPE_POLICY NETSCAPE_OID, 0x04
+#define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
+#define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */
+#define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
+
+#define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
+#define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
+
+/* these are old and should go away soon */
+#define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
+#define NS_CERT_EXT OLD_NETSCAPE, 0x01
+#define NS_FILE_TYPE OLD_NETSCAPE, 0x02
+#define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
+
+/* RSA OID name space */
+#define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
+#define PKCS RSADSI, 0x01
+#define DIGEST RSADSI, 0x02
+#define CIPHER RSADSI, 0x03
+#define PKCS1 PKCS, 0x01
+#define PKCS5 PKCS, 0x05
+#define PKCS7 PKCS, 0x07
+#define PKCS9 PKCS, 0x09
+#define PKCS12 PKCS, 0x0c
+
+/* Other OID name spaces */
+#define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
+#define X500 0x55
+#define X520_ATTRIBUTE_TYPE X500, 0x04
+#define X500_ALG X500, 0x08
+#define X500_ALG_ENCRYPTION X500_ALG, 0x01
+
+/** X.509 v3 Extension OID
+ ** {joint-iso-ccitt (2) ds(5) 29}
+ **/
+#define ID_CE_OID X500, 0x1d
+
+#define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
+/* #define RFC2247_ATTR_TYPE  0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
+
+/* PKCS #12 name spaces */
+#define PKCS12_MODE_IDS PKCS12, 0x01
+#define PKCS12_ESPVK_IDS PKCS12, 0x02
+#define PKCS12_BAG_IDS PKCS12, 0x03
+#define PKCS12_CERT_BAG_IDS PKCS12, 0x04
+#define PKCS12_OIDS PKCS12, 0x05
+#define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
+#define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
+#define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
+#define PKCS12_V2_PBE_IDS PKCS12, 0x01
+#define PKCS9_CERT_TYPES PKCS9, 0x16
+#define PKCS9_CRL_TYPES PKCS9, 0x17
+#define PKCS9_SMIME_IDS PKCS9, 0x10
+#define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
+#define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
+#define PKCS12_VERSION1 PKCS12, 0x0a
+#define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
+
+/* for DSA algorithm */
+/* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
+#define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
+
+/* for DH algorithm */
+/* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
+/* need real OID person to look at this, copied the above line
+ * and added 6 to second to last value (and changed '4' to '2' */
+#define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
+
+#define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
+
+#define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
+#define PKIX_CERT_EXTENSIONS PKIX, 1
+#define PKIX_POLICY_QUALIFIERS PKIX, 2
+#define PKIX_KEY_USAGE PKIX, 3
+#define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
+#define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
+#define PKIX_CA_ISSUERS PKIX_ACCESS_DESCRIPTION, 2
+
+#define PKIX_ID_PKIP PKIX, 5
+#define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1
+#define PKIX_ID_REGINFO PKIX_ID_PKIP, 2
+
+/* Microsoft Object ID space */
+/* { 1.3.6.1.4.1.311 } */
+#define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
+#define EV_NAME_ATTRIBUTE MICROSOFT_OID, 60, 2, 1
+
+/* Microsoft Crypto 2.0 ID space */
+/* { 1.3.6.1.4.1.311.10 } */
+#define MS_CRYPTO_20 MICROSOFT_OID, 10
+/* Microsoft Crypto 2.0 Extended Key Usage ID space */
+/* { 1.3.6.1.4.1.311.10.3 } */
+#define MS_CRYPTO_EKU MS_CRYPTO_20, 3
+
+#define CERTICOM_OID 0x2b, 0x81, 0x04
+#define SECG_OID CERTICOM_OID, 0x00
+
+#define ANSI_X962_OID 0x2a, 0x86, 0x48, 0xce, 0x3d
+#define ANSI_X962_CURVE_OID ANSI_X962_OID, 0x03
+#define ANSI_X962_GF2m_OID ANSI_X962_CURVE_OID, 0x00
+#define ANSI_X962_GFp_OID ANSI_X962_CURVE_OID, 0x01
+#define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
+#define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03
+
+/* for Camellia: iso(1) member-body(2) jisc(392)
+ *    mitsubishi(200011) isl(61) security(1) algorithm(1)
+ */
+#define MITSUBISHI_ALG 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01
+#define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG, 1
+#define CAMELLIA_WRAP_OID MITSUBISHI_ALG, 3
+
+/* For IDEA: 1.3.6.1.4.1.188.7.1.1
+ */
+#define ASCOM_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0xbc
+#define ASCOM_IDEA_ALG ASCOM_OID, 0x7, 0x1, 0x1
+
+/* for SEED : iso(1) member-body(2) korea(410)
+ *    kisa(200004) algorithm(1)
+ */
+#define SEED_OID 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01
+
+#define CONST_OID static const unsigned char
+
+CONST_OID md2[] = { DIGEST, 0x02 };
+CONST_OID md4[] = { DIGEST, 0x04 };
+CONST_OID md5[] = { DIGEST, 0x05 };
+CONST_OID hmac_sha1[] = { DIGEST, 7 };
+CONST_OID hmac_sha224[] = { DIGEST, 8 };
+CONST_OID hmac_sha256[] = { DIGEST, 9 };
+CONST_OID hmac_sha384[] = { DIGEST, 10 };
+CONST_OID hmac_sha512[] = { DIGEST, 11 };
+
+CONST_OID rc2cbc[] = { CIPHER, 0x02 };
+CONST_OID rc4[] = { CIPHER, 0x04 };
+CONST_OID desede3cbc[] = { CIPHER, 0x07 };
+CONST_OID rc5cbcpad[] = { CIPHER, 0x09 };
+
+CONST_OID desecb[] = { ALGORITHM, 0x06 };
+CONST_OID descbc[] = { ALGORITHM, 0x07 };
+CONST_OID desofb[] = { ALGORITHM, 0x08 };
+CONST_OID descfb[] = { ALGORITHM, 0x09 };
+CONST_OID desmac[] = { ALGORITHM, 0x0a };
+CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c };
+CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f };
+CONST_OID desede[] = { ALGORITHM, 0x11 };
+CONST_OID sha1[] = { ALGORITHM, 0x1a };
+CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b };
+CONST_OID isoSHA1WithRSASignature[] = { ALGORITHM, 0x1d };
+
+CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 };
+CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
+CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
+CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
+CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
+CONST_OID pkcs1RSAOAEPEncryption[] = { PKCS1, 0x07 };
+CONST_OID pkcs1MGF1[] = { PKCS1, 0x08 };
+CONST_OID pkcs1PSpecified[] = { PKCS1, 0x09 };
+CONST_OID pkcs1RSAPSSSignature[] = { PKCS1, 10 };
+CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 };
+CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 };
+CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 };
+CONST_OID pkcs1SHA224WithRSAEncryption[] = { PKCS1, 14 };
+
+CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
+CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
+CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
+CONST_OID pkcs5Pbkdf2[] = { PKCS5, 12 };
+CONST_OID pkcs5Pbes2[] = { PKCS5, 13 };
+CONST_OID pkcs5Pbmac1[] = { PKCS5, 14 };
+
+CONST_OID pkcs7[] = { PKCS7 };
+CONST_OID pkcs7Data[] = { PKCS7, 0x01 };
+CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 };
+CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 };
+CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
+CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 };
+CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 };
+
+CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 };
+CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 };
+CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 };
+CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 };
+CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 };
+CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 };
+CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 };
+CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
+CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
+CONST_OID pkcs9ExtensionRequest[] = { PKCS9, 14 };
+CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 };
+CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 };
+CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 };
+
+CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
+CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
+CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
+
+/* RFC2630 (CMS) OIDs */
+CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
+CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
+CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
+
+/* RFC2633 SMIME message attributes */
+CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
+CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 };
+
+CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
+CONST_OID x520SurName[] = { X520_ATTRIBUTE_TYPE, 4 };
+CONST_OID x520SerialNumber[] = { X520_ATTRIBUTE_TYPE, 5 };
+CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
+CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
+CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
+CONST_OID x520StreetAddress[] = { X520_ATTRIBUTE_TYPE, 9 };
+CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
+CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
+CONST_OID x520Title[] = { X520_ATTRIBUTE_TYPE, 12 };
+CONST_OID x520BusinessCategory[] = { X520_ATTRIBUTE_TYPE, 15 };
+CONST_OID x520PostalAddress[] = { X520_ATTRIBUTE_TYPE, 16 };
+CONST_OID x520PostalCode[] = { X520_ATTRIBUTE_TYPE, 17 };
+CONST_OID x520PostOfficeBox[] = { X520_ATTRIBUTE_TYPE, 18 };
+CONST_OID x520Name[] = { X520_ATTRIBUTE_TYPE, 41 };
+CONST_OID x520GivenName[] = { X520_ATTRIBUTE_TYPE, 42 };
+CONST_OID x520Initials[] = { X520_ATTRIBUTE_TYPE, 43 };
+CONST_OID x520GenerationQualifier[] = { X520_ATTRIBUTE_TYPE, 44 };
+CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
+CONST_OID x520HouseIdentifier[] = { X520_ATTRIBUTE_TYPE, 51 };
+CONST_OID x520Pseudonym[] = { X520_ATTRIBUTE_TYPE, 65 };
+
+CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
+CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
+CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
+CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
+CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
+
+CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
+CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS };
+CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS };
+CONST_OID missiCertDSS[] = { MISSI_DSS };
+CONST_OID missiCertKEA[] = { MISSI_KEA };
+CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA };
+CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
+
+/* added for alg 1485 */
+CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
+CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
+CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
+
+/* Netscape private certificate extensions */
+CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
+CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
+CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
+CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
+CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
+CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
+CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
+CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
+CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
+CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
+CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
+CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
+CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
+CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
+CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
+CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
+
+/* the following 2 extensions are defined for and used by Cartman(NSM) */
+CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
+CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
+
+CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
+CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
+/* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
+
+/* Netscape policy values */
+CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
+
+/* Netscape other name types */
+CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01 };
+CONST_OID netscapeAOLScreenname[] = { NETSCAPE_NAME_COMPONENTS, 0x02 };
+
+/* OIDs needed for cert server */
+CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
+
+/* Standard x.509 v3 Certificate & CRL Extensions */
+CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
+CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 };
+CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 };
+CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
+CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 };
+CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 };
+CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 };
+CONST_OID x509CRLNumber[] = { ID_CE_OID, 20 };
+CONST_OID x509ReasonCode[] = { ID_CE_OID, 21 };
+CONST_OID x509HoldInstructionCode[] = { ID_CE_OID, 23 };
+CONST_OID x509InvalidDate[] = { ID_CE_OID, 24 };
+CONST_OID x509DeltaCRLIndicator[] = { ID_CE_OID, 27 };
+CONST_OID x509IssuingDistributionPoint[] = { ID_CE_OID, 28 };
+CONST_OID x509CertIssuer[] = { ID_CE_OID, 29 };
+CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 };
+CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 };
+CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 };
+CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 };
+CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 };
+CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 36 };
+CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 };
+CONST_OID x509FreshestCRL[] = { ID_CE_OID, 46 };
+CONST_OID x509InhibitAnyPolicy[] = { ID_CE_OID, 54 };
+
+CONST_OID x509CertificatePoliciesAnyPolicy[] = { ID_CE_OID, 32, 0 };
+
+CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
+CONST_OID x509SubjectInfoAccess[] = { PKIX_CERT_EXTENSIONS, 11 };
+
+CONST_OID x509SIATimeStamping[] = { PKIX_ACCESS_DESCRIPTION, 0x03 };
+CONST_OID x509SIACaRepository[] = { PKIX_ACCESS_DESCRIPTION, 0x05 };
+
+/* pkcs 12 additions */
+CONST_OID pkcs12[] = { PKCS12 };
+CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
+CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
+CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS };
+CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
+CONST_OID pkcs12OIDs[] = { PKCS12_OIDS };
+CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
+CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
+CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
+CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
+CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
+CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
+CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
+CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
+CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
+CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
+CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
+CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
+CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
+CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
+CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
+CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 };
+CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 };
+CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
+
+/* pkcs 12 version 1.0 ids */
+CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
+CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
+CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x03 };
+CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x04 };
+CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
+CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
+
+CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 };
+CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
+
+CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
+CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
+CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
+CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
+CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
+CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
+
+/* The following encoding is INCORRECT, but correcting it would create a
+ * duplicate OID in the table.  So, we will leave it alone.
+ */
+CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
+
+CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
+CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 };
+CONST_OID nistDSASignaturewithSHA224Digest[] = { DSA2, 0x01 };
+CONST_OID nistDSASignaturewithSHA256Digest[] = { DSA2, 0x02 };
+
+/* verisign OIDs */
+CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
+
+/* pkix OIDs */
+CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
+CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
+
+CONST_OID pkixOCSP[] = { PKIX_OCSP };
+CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
+CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 };
+CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 };
+CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 };
+CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
+CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
+CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
+
+CONST_OID pkixCAIssuers[] = { PKIX_CA_ISSUERS };
+
+CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1 };
+CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2 };
+CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3 };
+CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4 };
+CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5 };
+CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6 };
+CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1 };
+CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2 };
+
+CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 };
+CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 };
+CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
+CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
+CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
+CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
+CONST_OID msExtendedKeyUsageTrustListSigning[] = { MS_CRYPTO_EKU, 1 };
+
+/* OIDs for Netscape defined algorithms */
+CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
+
+/* Fortezza algorithm OIDs */
+CONST_OID skipjackCBC[] = { MISSI, 0x04 };
+CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
+
+CONST_OID idea_CBC[] = { ASCOM_IDEA_ALG, 2 };
+CONST_OID aes128_GCM[] = { AES, 0x6 };
+CONST_OID aes192_GCM[] = { AES, 0x1a };
+CONST_OID aes256_GCM[] = { AES, 0x2e };
+CONST_OID aes128_ECB[] = { AES, 1 };
+CONST_OID aes128_CBC[] = { AES, 2 };
+#ifdef DEFINE_ALL_AES_CIPHERS
+CONST_OID aes128_OFB[] = { AES, 3 };
+CONST_OID aes128_CFB[] = { AES, 4 };
+#endif
+CONST_OID aes128_KEY_WRAP[] = { AES, 5 };
+
+CONST_OID aes192_ECB[] = { AES, 21 };
+CONST_OID aes192_CBC[] = { AES, 22 };
+#ifdef DEFINE_ALL_AES_CIPHERS
+CONST_OID aes192_OFB[] = { AES, 23 };
+CONST_OID aes192_CFB[] = { AES, 24 };
+#endif
+CONST_OID aes192_KEY_WRAP[] = { AES, 25 };
+
+CONST_OID aes256_ECB[] = { AES, 41 };
+CONST_OID aes256_CBC[] = { AES, 42 };
+#ifdef DEFINE_ALL_AES_CIPHERS
+CONST_OID aes256_OFB[] = { AES, 43 };
+CONST_OID aes256_CFB[] = { AES, 44 };
+#endif
+CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
+
+CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2 };
+CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3 };
+CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4 };
+
+CONST_OID sha256[] = { SHAXXX, 1 };
+CONST_OID sha384[] = { SHAXXX, 2 };
+CONST_OID sha512[] = { SHAXXX, 3 };
+CONST_OID sha224[] = { SHAXXX, 4 };
+
+CONST_OID ansix962ECPublicKey[] = { ANSI_X962_OID, 0x02, 0x01 };
+CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 };
+CONST_OID ansix962SignatureRecommended[] = { ANSI_X962_SIGNATURE_OID, 0x02 };
+CONST_OID ansix962SignatureSpecified[] = { ANSI_X962_SPECIFY_OID };
+CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 };
+CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 };
+CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 };
+CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 };
+
+/* ANSI X9.62 prime curve OIDs */
+/* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the
+ * same as secp256r1
+ */
+CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 }; /* unsupported by freebl */
+CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 }; /* unsupported by freebl */
+CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 }; /* unsupported by freebl */
+CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 }; /* unsupported by freebl */
+CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 }; /* unsupported by freebl */
+CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 }; /* unsupported by freebl */
+CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 };
+
+/* SECG prime curve OIDs */
+CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 }; /* unsupported by freebl */
+CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 }; /* unsupported by freebl */
+CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c }; /* unsupported by freebl */
+CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d }; /* unsupported by freebl */
+CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 }; /* unsupported by freebl */
+CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 }; /* unsupported by freebl */
+CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e }; /* unsupported by freebl */
+CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f }; /* unsupported by freebl */
+CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 }; /* unsupported by freebl */
+CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 }; /* unsupported by freebl */
+CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a }; /* unsupported by freebl */
+CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 };
+CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 };
+
+/* ANSI X9.62 characteristic two curve OIDs */
+CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 }; /* unsupported by freebl */
+CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 }; /* unsupported by freebl */
+CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 }; /* unsupported by freebl */
+CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 }; /* unsupported by freebl */
+CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 }; /* unsupported by freebl */
+CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 }; /* unsupported by freebl */
+CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d }; /* unsupported by freebl */
+CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e }; /* unsupported by freebl */
+CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f }; /* unsupported by freebl */
+CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 }; /* unsupported by freebl */
+CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 }; /* unsupported by freebl */
+CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 }; /* unsupported by freebl */
+CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 }; /* unsupported by freebl */
+
+/* SECG characterisitic two curve OIDs */
+CONST_OID secgECsect113r1[] = { SECG_OID, 0x04 }; /* unsupported by freebl */
+CONST_OID secgECsect113r2[] = { SECG_OID, 0x05 }; /* unsupported by freebl */
+CONST_OID secgECsect131r1[] = { SECG_OID, 0x16 }; /* unsupported by freebl */
+CONST_OID secgECsect131r2[] = { SECG_OID, 0x17 }; /* unsupported by freebl */
+CONST_OID secgECsect163k1[] = { SECG_OID, 0x01 }; /* unsupported by freebl */
+CONST_OID secgECsect163r1[] = { SECG_OID, 0x02 }; /* unsupported by freebl */
+CONST_OID secgECsect163r2[] = { SECG_OID, 0x0f }; /* unsupported by freebl */
+CONST_OID secgECsect193r1[] = { SECG_OID, 0x18 }; /* unsupported by freebl */
+CONST_OID secgECsect193r2[] = { SECG_OID, 0x19 }; /* unsupported by freebl */
+CONST_OID secgECsect233k1[] = { SECG_OID, 0x1a }; /* unsupported by freebl */
+CONST_OID secgECsect233r1[] = { SECG_OID, 0x1b }; /* unsupported by freebl */
+CONST_OID secgECsect239k1[] = { SECG_OID, 0x03 }; /* unsupported by freebl */
+CONST_OID secgECsect283k1[] = { SECG_OID, 0x10 }; /* unsupported by freebl */
+CONST_OID secgECsect283r1[] = { SECG_OID, 0x11 }; /* unsupported by freebl */
+CONST_OID secgECsect409k1[] = { SECG_OID, 0x24 }; /* unsupported by freebl */
+CONST_OID secgECsect409r1[] = { SECG_OID, 0x25 }; /* unsupported by freebl */
+CONST_OID secgECsect571k1[] = { SECG_OID, 0x26 }; /* unsupported by freebl */
+CONST_OID secgECsect571r1[] = { SECG_OID, 0x27 }; /* unsupported by freebl */
+
+CONST_OID seed_CBC[] = { SEED_OID, 4 };
+
+CONST_OID evIncorporationLocality[] = { EV_NAME_ATTRIBUTE, 1 };
+CONST_OID evIncorporationState[] = { EV_NAME_ATTRIBUTE, 2 };
+CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 };
+
+/* https://tools.ietf.org/html/draft-josefsson-pkix-newcurves-01
+ * 1.3.6.1.4.1.11591.15.1
+ */
+CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01 };
+
+#define OI(x)                                  \
+    {                                          \
+        siDEROID, (unsigned char *)x, sizeof x \
+    }
+#ifndef SECOID_NO_STRINGS
+#define OD(oid, tag, desc, mech, ext) \
+    {                                 \
+        OI(oid)                       \
+        , tag, desc, mech, ext        \
+    }
+#define ODE(tag, desc, mech, ext)                   \
+    {                                               \
+        { siDEROID, NULL, 0 }, tag, desc, mech, ext \
+    }
+#else
+#define OD(oid, tag, desc, mech, ext) \
+    {                                 \
+        OI(oid)                       \
+        , tag, 0, mech, ext           \
+    }
+#define ODE(tag, desc, mech, ext)                \
+    {                                            \
+        { siDEROID, NULL, 0 }, tag, 0, mech, ext \
+    }
+#endif
+
+#if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
+#define FAKE_SUPPORTED_CERT_EXTENSION SUPPORTED_CERT_EXTENSION
+#else
+#define FAKE_SUPPORTED_CERT_EXTENSION UNSUPPORTED_CERT_EXTENSION
+#endif
+
+/*
+ * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
+ */
+const static SECOidData oids[SEC_OID_TOTAL] = {
+    { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN, "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
+    OD(md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION),
+    OD(md4, SEC_OID_MD4,
+       "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION),
+    OD(sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION),
+    OD(rc2cbc, SEC_OID_RC2_CBC,
+       "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION),
+    OD(rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION),
+    OD(desede3cbc, SEC_OID_DES_EDE3_CBC,
+       "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION),
+    OD(rc5cbcpad, SEC_OID_RC5_CBC_PAD,
+       "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION),
+    OD(desecb, SEC_OID_DES_ECB,
+       "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION),
+    OD(descbc, SEC_OID_DES_CBC,
+       "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION),
+    OD(desofb, SEC_OID_DES_OFB,
+       "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(descfb, SEC_OID_DES_CFB,
+       "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(desmac, SEC_OID_DES_MAC,
+       "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION),
+    OD(desede, SEC_OID_DES_EDE,
+       "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
+       "ISO SHA with RSA Signature",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
+       "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION),
+
+    /* the following Signing mechanisms should get new CKM_ values when
+     * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
+     * PKCS #11.
+     */
+    OD(pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
+       "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
+       INVALID_CERT_EXTENSION),
+    OD(pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
+       "PKCS #1 MD4 With RSA Encryption",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
+       "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
+       INVALID_CERT_EXTENSION),
+    OD(pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
+       "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
+       INVALID_CERT_EXTENSION),
+
+    OD(pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
+       "PKCS #5 Password Based Encryption with MD2 and DES-CBC",
+       CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
+       "PKCS #5 Password Based Encryption with MD5 and DES-CBC",
+       CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
+       "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC",
+       CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs7, SEC_OID_PKCS7,
+       "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs7Data, SEC_OID_PKCS7_DATA,
+       "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
+       "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
+       "PKCS #7 Enveloped Data",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
+       "PKCS #7 Signed And Enveloped Data",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
+       "PKCS #7 Digested Data",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
+       "PKCS #7 Encrypted Data",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
+       "PKCS #9 Email Address",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
+       "PKCS #9 Unstructured Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
+       "PKCS #9 Content Type",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
+       "PKCS #9 Message Digest",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
+       "PKCS #9 Signing Time",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
+       "PKCS #9 Counter Signature",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
+       "PKCS #9 Challenge Password",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
+       "PKCS #9 Unstructured Address",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9ExtendedCertificateAttributes,
+       SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
+       "PKCS #9 Extended Certificate Attributes",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
+       "PKCS #9 S/MIME Capabilities",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520CommonName, SEC_OID_AVA_COMMON_NAME,
+       "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
+       "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520LocalityName, SEC_OID_AVA_LOCALITY,
+       "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
+       "X520 State Or Province Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
+       "X520 Organization Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
+       "X520 Organizational Unit Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
+       "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(rfc2247DomainComponent, SEC_OID_AVA_DC,
+       "RFC 2247 Domain Component",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(nsTypeGIF, SEC_OID_NS_TYPE_GIF,
+       "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
+       "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(nsTypeURL, SEC_OID_NS_TYPE_URL,
+       "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(nsTypeHTML, SEC_OID_NS_TYPE_HTML,
+       "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
+       "Certificate Sequence",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD,
+       "MISSI KEA and DSS Algorithm (Old)",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(missiCertDSSOld, SEC_OID_MISSI_DSS_OLD,
+       "MISSI DSS Algorithm (Old)",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(missiCertKEADSS, SEC_OID_MISSI_KEA_DSS,
+       "MISSI KEA and DSS Algorithm",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(missiCertDSS, SEC_OID_MISSI_DSS,
+       "MISSI DSS Algorithm",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(missiCertKEA, SEC_OID_MISSI_KEA,
+       "MISSI KEA Algorithm",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(missiCertAltKEA, SEC_OID_MISSI_ALT_KEA,
+       "MISSI Alternate KEA Algorithm",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* Netscape private extensions */
+    OD(nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
+       "Netscape says this cert is OK",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
+       "Certificate Issuer Logo",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
+       "Certificate Subject Logo",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
+       "Certificate Type",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
+       "Certificate Extension Base URL",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
+       "Certificate Revocation URL",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
+       "Certificate Authority Revocation URL",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
+       "Certificate Authority CRL Download URL",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
+       "Certificate Authority Certificate Download URL",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
+       "Certificate Renewal URL",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
+       "Certificate Authority Policy URL",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
+       "Certificate Homepage URL",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
+       "Certificate Entity Logo",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
+       "Certificate User Picture",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
+       "Certificate SSL Server Name",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
+       "Certificate Comment",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
+       "Lost Password URL",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
+       "Certificate Renewal Time",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
+       "Strong Crypto Export Approved",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+
+    /* x.509 v3 certificate extensions */
+    OD(x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
+       "Certificate Subject Directory Attributes",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID,
+       "Certificate Subject Key ID",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509KeyUsage, SEC_OID_X509_KEY_USAGE,
+       "Certificate Key Usage",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
+       "Certificate Private Key Usage Period",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME,
+       "Certificate Subject Alt Name",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME,
+       "Certificate Issuer Alt Name",
+       CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS,
+       "Certificate Basic Constraints",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS,
+       "Certificate Name Constraints",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS,
+       "CRL Distribution Points",
+       CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
+       "Certificate Policies",
+       CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS,
+       "Certificate Policy Mappings",
+       CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
+    OD(x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS,
+       "Certificate Policy Constraints",
+       CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID,
+       "Certificate Authority Key Identifier",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE,
+       "Extended Key Usage",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS,
+       "Authority Information Access",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+
+    /* x.509 v3 CRL extensions */
+    OD(x509CRLNumber, SEC_OID_X509_CRL_NUMBER,
+       "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509ReasonCode, SEC_OID_X509_REASON_CODE,
+       "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(x509InvalidDate, SEC_OID_X509_INVALID_DATE,
+       "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+
+    OD(x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
+       "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION),
+
+    /* added for alg 1485 */
+    OD(rfc1274Uid, SEC_OID_RFC1274_UID,
+       "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(rfc1274Mail, SEC_OID_RFC1274_MAIL,
+       "RFC1274 E-mail Address",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* pkcs 12 additions */
+    OD(pkcs12, SEC_OID_PKCS12,
+       "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
+       "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
+       "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
+       "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
+       "PKCS #12 Cert Bag IDs",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12OIDs, SEC_OID_PKCS12_OIDS,
+       "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
+       "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
+       "PKCS #12 Signature IDs",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
+       "PKCS #12 Enveloping IDs",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
+       "PKCS #12 Key Shrouding",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
+       "PKCS #12 Key Bag ID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
+       "PKCS #12 Cert And CRL Bag ID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
+       "PKCS #12 Secret Bag ID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
+       "PKCS #12 X509 Cert CRL Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
+       "PKCS #12 SDSI Cert Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12PBEWithSha1And128BitRC4,
+       SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
+       "PKCS #12 PBE With SHA-1 and 128 Bit RC4",
+       CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION),
+    OD(pkcs12PBEWithSha1And40BitRC4,
+       SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
+       "PKCS #12 PBE With SHA-1 and 40 Bit RC4",
+       CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION),
+    OD(pkcs12PBEWithSha1AndTripleDESCBC,
+       SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
+       "PKCS #12 PBE With SHA-1 and Triple DES-CBC",
+       CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs12PBEWithSha1And128BitRC2CBC,
+       SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
+       "PKCS #12 PBE With SHA-1 and 128 Bit RC2 CBC",
+       CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs12PBEWithSha1And40BitRC2CBC,
+       SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
+       "PKCS #12 PBE With SHA-1 and 40 Bit RC2 CBC",
+       CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs12RSAEncryptionWith128BitRC4,
+       SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
+       "PKCS #12 RSA Encryption with 128 Bit RC4",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12RSAEncryptionWith40BitRC4,
+       SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
+       "PKCS #12 RSA Encryption with 40 Bit RC4",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12RSAEncryptionWithTripleDES,
+       SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
+       "PKCS #12 RSA Encryption with Triple DES",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12RSASignatureWithSHA1Digest,
+       SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
+       "PKCS #12 RSA Encryption with Triple DES",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* DSA signatures */
+    OD(ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
+       "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION),
+    OD(ansix9DSASignaturewithSHA1Digest,
+       SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
+       "ANSI X9.57 DSA Signature with SHA-1 Digest",
+       CKM_DSA_SHA1, INVALID_CERT_EXTENSION),
+    OD(bogusDSASignaturewithSHA1Digest,
+       SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
+       "FORTEZZA DSA Signature with SHA-1 Digest",
+       CKM_DSA_SHA1, INVALID_CERT_EXTENSION),
+
+    /* verisign oids */
+    OD(verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
+       "Verisign User Notices",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* pkix oids */
+    OD(pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
+       "PKIX CPS Pointer Qualifier",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
+       "PKIX User Notice Qualifier",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(pkixOCSP, SEC_OID_PKIX_OCSP,
+       "PKIX Online Certificate Status Protocol",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
+       "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
+       "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
+       "OCSP CRL Reference Extension",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
+       "OCSP Response Types Extension",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
+       "OCSP No Check Extension",
+       CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION),
+    OD(pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
+       "OCSP Archive Cutoff Extension",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
+       "OCSP Service Locator Extension",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
+       "PKIX CRMF Registration Control, Registration Token",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
+       "PKIX CRMF Registration Control, Registration Authenticator",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
+       "PKIX CRMF Registration Control, PKI Publication Info",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixRegCtrlPKIArchOptions,
+       SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
+       "PKIX CRMF Registration Control, PKI Archive Options",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
+       "PKIX CRMF Registration Control, Old Certificate ID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
+       "PKIX CRMF Registration Control, Protocol Encryption Key",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
+       "PKIX CRMF Registration Info, UTF8 Pairs",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
+       "PKIX CRMF Registration Info, Certificate Request",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixExtendedKeyUsageServerAuth,
+       SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
+       "TLS Web Server Authentication Certificate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixExtendedKeyUsageClientAuth,
+       SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
+       "TLS Web Client Authentication Certificate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
+       "Code Signing Certificate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixExtendedKeyUsageEMailProtect,
+       SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
+       "E-Mail Protection Certificate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixExtendedKeyUsageTimeStamp,
+       SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
+       "Time Stamping Certifcate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
+       "OCSP Responder Certificate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* Netscape Algorithm OIDs */
+
+    OD(netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
+       "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* Skipjack OID -- ### mwelch temporary */
+    OD(skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
+       "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION),
+
+    /* pkcs12 v2 oids */
+    OD(pkcs12V2PBEWithSha1And128BitRC4,
+       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
+       "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4",
+       CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION),
+    OD(pkcs12V2PBEWithSha1And40BitRC4,
+       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
+       "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4",
+       CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION),
+    OD(pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
+       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
+       "PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC",
+       CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
+       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
+       "PKCS #12 V2 PBE With SHA-1 And 2KEY Triple DES-CBC",
+       CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs12V2PBEWithSha1And128BitRC2cbc,
+       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
+       "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC",
+       CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs12V2PBEWithSha1And40BitRC2cbc,
+       SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
+       "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC",
+       CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION),
+    OD(pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
+       "PKCS #12 Safe Contents ID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12PKCS8ShroudedKeyBagID,
+       SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
+       "PKCS #12 Safe Contents ID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
+       "PKCS #12 V1 Key Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12V1PKCS8ShroudedKeyBag,
+       SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
+       "PKCS #12 V1 PKCS8 Shrouded Key Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
+       "PKCS #12 V1 Cert Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
+       "PKCS #12 V1 CRL Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
+       "PKCS #12 V1 Secret Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
+       "PKCS #12 V1 Safe Contents Bag",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
+       "PKCS #9 X509 Certificate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
+       "PKCS #9 SDSI Certificate",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
+       "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
+       "PKCS #9 Friendly Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
+       "PKCS #9 Local Key ID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs12KeyUsageAttr, SEC_OID_BOGUS_KEY_USAGE,
+       "Bogus Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
+       "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
+       "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* Cert Server specific OIDs */
+    OD(netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
+       "Recovery Request OID",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
+       "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    OD(nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
+       "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM,
+       SUPPORTED_CERT_EXTENSION),
+
+    /* CMS stuff */
+    OD(cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
+       "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */,
+       INVALID_CERT_EXTENSION),
+    OD(cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
+       "CMS Triple DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
+       INVALID_CERT_EXTENSION),
+    OD(cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
+       "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
+       INVALID_CERT_EXTENSION),
+    OD(smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
+       "S/MIME Encryption Key Preference",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* AES algorithm OIDs */
+    OD(aes128_ECB, SEC_OID_AES_128_ECB,
+       "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION),
+    OD(aes128_CBC, SEC_OID_AES_128_CBC,
+       "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION),
+    OD(aes192_ECB, SEC_OID_AES_192_ECB,
+       "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION),
+    OD(aes192_CBC, SEC_OID_AES_192_CBC,
+       "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION),
+    OD(aes256_ECB, SEC_OID_AES_256_ECB,
+       "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION),
+    OD(aes256_CBC, SEC_OID_AES_256_CBC,
+       "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION),
+
+    /* More bogus DSA OIDs */
+    OD(sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE,
+       "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION),
+
+    OD(ms_smimeEncryptionKeyPreference,
+       SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
+       "Microsoft S/MIME Encryption Key Preference",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION),
+    OD(sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION),
+    OD(sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION),
+
+    OD(pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
+       "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS,
+       INVALID_CERT_EXTENSION),
+    OD(pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
+       "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS,
+       INVALID_CERT_EXTENSION),
+    OD(pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
+       "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS,
+       INVALID_CERT_EXTENSION),
+
+    OD(aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
+       "AES-128 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
+    OD(aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
+       "AES-192 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
+    OD(aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
+       "AES-256 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
+
+    /* Elliptic Curve Cryptography (ECC) OIDs */
+    OD(ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY,
+       "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(ansix962SignaturewithSHA1Digest,
+       SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
+       "X9.62 ECDSA signature with SHA-1", CKM_ECDSA_SHA1,
+       INVALID_CERT_EXTENSION),
+
+    /* Named curves */
+    /* NOTE: Only P256, P384, P521, and 25519 are supported by softoken.
+     *       Using other curves requires an appropriate token. */
+
+    /* ANSI X9.62 named elliptic curves (prime field) */
+    OD(ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1,
+       "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2,
+       "ANSI X9.62 elliptic curve prime192v2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3,
+       "ANSI X9.62 elliptic curve prime192v3",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1,
+       "ANSI X9.62 elliptic curve prime239v1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2,
+       "ANSI X9.62 elliptic curve prime239v2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3,
+       "ANSI X9.62 elliptic curve prime239v3",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1,
+       "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    /* SECG named elliptic curves (prime field) */
+    OD(secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1,
+       "SECG elliptic curve secp112r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2,
+       "SECG elliptic curve secp112r2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1,
+       "SECG elliptic curve secp128r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2,
+       "SECG elliptic curve secp128r2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1,
+       "SECG elliptic curve secp160k1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1,
+       "SECG elliptic curve secp160r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2,
+       "SECG elliptic curve secp160r2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1,
+       "SECG elliptic curve secp192k1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1,
+       "SECG elliptic curve secp224k1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1,
+       "SECG elliptic curve secp224r1 (aka NIST P-224)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1,
+       "SECG elliptic curve secp256k1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1,
+       "SECG elliptic curve secp384r1 (aka NIST P-384)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1,
+       "SECG elliptic curve secp521r1 (aka NIST P-521)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    /* ANSI X9.62 named elliptic curves (characteristic two field) */
+    OD(ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1,
+       "ANSI X9.62 elliptic curve c2pnb163v1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2,
+       "ANSI X9.62 elliptic curve c2pnb163v2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3,
+       "ANSI X9.62 elliptic curve c2pnb163v3",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1,
+       "ANSI X9.62 elliptic curve c2pnb176v1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1,
+       "ANSI X9.62 elliptic curve c2tnb191v1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2,
+       "ANSI X9.62 elliptic curve c2tnb191v2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3,
+       "ANSI X9.62 elliptic curve c2tnb191v3",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4,
+       "ANSI X9.62 elliptic curve c2onb191v4",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5,
+       "ANSI X9.62 elliptic curve c2onb191v5",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1,
+       "ANSI X9.62 elliptic curve c2pnb208w1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1,
+       "ANSI X9.62 elliptic curve c2tnb239v1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2,
+       "ANSI X9.62 elliptic curve c2tnb239v2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3,
+       "ANSI X9.62 elliptic curve c2tnb239v3",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4,
+       "ANSI X9.62 elliptic curve c2onb239v4",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5,
+       "ANSI X9.62 elliptic curve c2onb239v5",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1,
+       "ANSI X9.62 elliptic curve c2pnb272w1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1,
+       "ANSI X9.62 elliptic curve c2pnb304w1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1,
+       "ANSI X9.62 elliptic curve c2tnb359v1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1,
+       "ANSI X9.62 elliptic curve c2pnb368w1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1,
+       "ANSI X9.62 elliptic curve c2tnb431r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    /* SECG named elliptic curves (characterisitic two field) */
+    OD(secgECsect113r1, SEC_OID_SECG_EC_SECT113R1,
+       "SECG elliptic curve sect113r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect113r2, SEC_OID_SECG_EC_SECT113R2,
+       "SECG elliptic curve sect113r2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect131r1, SEC_OID_SECG_EC_SECT131R1,
+       "SECG elliptic curve sect131r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect131r2, SEC_OID_SECG_EC_SECT131R2,
+       "SECG elliptic curve sect131r2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect163k1, SEC_OID_SECG_EC_SECT163K1,
+       "SECG elliptic curve sect163k1 (aka NIST K-163)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect163r1, SEC_OID_SECG_EC_SECT163R1,
+       "SECG elliptic curve sect163r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect163r2, SEC_OID_SECG_EC_SECT163R2,
+       "SECG elliptic curve sect163r2 (aka NIST B-163)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect193r1, SEC_OID_SECG_EC_SECT193R1,
+       "SECG elliptic curve sect193r1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect193r2, SEC_OID_SECG_EC_SECT193R2,
+       "SECG elliptic curve sect193r2",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect233k1, SEC_OID_SECG_EC_SECT233K1,
+       "SECG elliptic curve sect233k1 (aka NIST K-233)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect233r1, SEC_OID_SECG_EC_SECT233R1,
+       "SECG elliptic curve sect233r1 (aka NIST B-233)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect239k1, SEC_OID_SECG_EC_SECT239K1,
+       "SECG elliptic curve sect239k1",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect283k1, SEC_OID_SECG_EC_SECT283K1,
+       "SECG elliptic curve sect283k1 (aka NIST K-283)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect283r1, SEC_OID_SECG_EC_SECT283R1,
+       "SECG elliptic curve sect283r1 (aka NIST B-283)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect409k1, SEC_OID_SECG_EC_SECT409K1,
+       "SECG elliptic curve sect409k1 (aka NIST K-409)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect409r1, SEC_OID_SECG_EC_SECT409R1,
+       "SECG elliptic curve sect409r1 (aka NIST B-409)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect571k1, SEC_OID_SECG_EC_SECT571K1,
+       "SECG elliptic curve sect571k1 (aka NIST K-571)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(secgECsect571r1, SEC_OID_SECG_EC_SECT571R1,
+       "SECG elliptic curve sect571r1 (aka NIST B-571)",
+       CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    OD(netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME,
+       "AOL Screenname", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    OD(x520SurName, SEC_OID_AVA_SURNAME,
+       "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER,
+       "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS,
+       "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520Title, SEC_OID_AVA_TITLE,
+       "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS,
+       "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520PostalCode, SEC_OID_AVA_POSTAL_CODE,
+       "X520 Postal Code", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX,
+       "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520GivenName, SEC_OID_AVA_GIVEN_NAME,
+       "X520 Given Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520Initials, SEC_OID_AVA_INITIALS,
+       "X520 Initials", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER,
+       "X520 Generation Qualifier",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER,
+       "X520 House Identifier",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520Pseudonym, SEC_OID_AVA_PSEUDONYM,
+       "X520 Pseudonym", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* More OIDs */
+    OD(pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS,
+       "PKIX CA issuers access method",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST,
+       "PKCS #9 Extension Request",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* more ECC Signature Oids */
+    OD(ansix962SignatureRecommended,
+       SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST,
+       "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansix962SignatureSpecified,
+       SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST,
+       "X9.62 ECDSA signature with specified digest", CKM_ECDSA,
+       INVALID_CERT_EXTENSION),
+    OD(ansix962SignaturewithSHA224Digest,
+       SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE,
+       "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansix962SignaturewithSHA256Digest,
+       SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
+       "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansix962SignaturewithSHA384Digest,
+       SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
+       "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(ansix962SignaturewithSHA512Digest,
+       SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
+       "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    /* More id-ce and id-pe OIDs from RFC 3280 */
+    OD(x509HoldInstructionCode, SEC_OID_X509_HOLD_INSTRUCTION_CODE,
+       "CRL Hold Instruction Code", CKM_INVALID_MECHANISM,
+       UNSUPPORTED_CERT_EXTENSION),
+    OD(x509DeltaCRLIndicator, SEC_OID_X509_DELTA_CRL_INDICATOR,
+       "Delta CRL Indicator", CKM_INVALID_MECHANISM,
+       FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509IssuingDistributionPoint, SEC_OID_X509_ISSUING_DISTRIBUTION_POINT,
+       "Issuing Distribution Point", CKM_INVALID_MECHANISM,
+       FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509CertIssuer, SEC_OID_X509_CERT_ISSUER,
+       "Certificate Issuer Extension", CKM_INVALID_MECHANISM,
+       FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509FreshestCRL, SEC_OID_X509_FRESHEST_CRL,
+       "Freshest CRL", CKM_INVALID_MECHANISM,
+       UNSUPPORTED_CERT_EXTENSION),
+    OD(x509InhibitAnyPolicy, SEC_OID_X509_INHIBIT_ANY_POLICY,
+       "Inhibit Any Policy", CKM_INVALID_MECHANISM,
+       FAKE_SUPPORTED_CERT_EXTENSION),
+    OD(x509SubjectInfoAccess, SEC_OID_X509_SUBJECT_INFO_ACCESS,
+       "Subject Info Access", CKM_INVALID_MECHANISM,
+       UNSUPPORTED_CERT_EXTENSION),
+
+    /* Camellia algorithm OIDs */
+    OD(camellia128_CBC, SEC_OID_CAMELLIA_128_CBC,
+       "CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION),
+    OD(camellia192_CBC, SEC_OID_CAMELLIA_192_CBC,
+       "CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION),
+    OD(camellia256_CBC, SEC_OID_CAMELLIA_256_CBC,
+       "CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION),
+
+    /* PKCS 5 v2 OIDS */
+    OD(pkcs5Pbkdf2, SEC_OID_PKCS5_PBKDF2,
+       "PKCS #5 Password Based Key Dervive Function v2 ",
+       CKM_PKCS5_PBKD2, INVALID_CERT_EXTENSION),
+    OD(pkcs5Pbes2, SEC_OID_PKCS5_PBES2,
+       "PKCS #5 Password Based Encryption v2 ",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(pkcs5Pbmac1, SEC_OID_PKCS5_PBMAC1,
+       "PKCS #5 Password Based Authentication v1 ",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(hmac_sha1, SEC_OID_HMAC_SHA1, "HMAC SHA-1",
+       CKM_SHA_1_HMAC, INVALID_CERT_EXTENSION),
+    OD(hmac_sha224, SEC_OID_HMAC_SHA224, "HMAC SHA-224",
+       CKM_SHA224_HMAC, INVALID_CERT_EXTENSION),
+    OD(hmac_sha256, SEC_OID_HMAC_SHA256, "HMAC SHA-256",
+       CKM_SHA256_HMAC, INVALID_CERT_EXTENSION),
+    OD(hmac_sha384, SEC_OID_HMAC_SHA384, "HMAC SHA-384",
+       CKM_SHA384_HMAC, INVALID_CERT_EXTENSION),
+    OD(hmac_sha512, SEC_OID_HMAC_SHA512, "HMAC SHA-512",
+       CKM_SHA512_HMAC, INVALID_CERT_EXTENSION),
+
+    /* SIA extension OIDs */
+    OD(x509SIATimeStamping, SEC_OID_PKIX_TIMESTAMPING,
+       "SIA Time Stamping", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+    OD(x509SIACaRepository, SEC_OID_PKIX_CA_REPOSITORY,
+       "SIA CA Repository", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    OD(isoSHA1WithRSASignature, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE,
+       "ISO SHA-1 with RSA Signature",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    /* SEED algorithm OIDs */
+    OD(seed_CBC, SEC_OID_SEED_CBC,
+       "SEED-CBC", CKM_SEED_CBC, INVALID_CERT_EXTENSION),
+
+    OD(x509CertificatePoliciesAnyPolicy, SEC_OID_X509_ANY_POLICY,
+       "Certificate Policies AnyPolicy",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(pkcs1RSAOAEPEncryption, SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION,
+       "PKCS #1 RSA-OAEP Encryption", CKM_RSA_PKCS_OAEP,
+       INVALID_CERT_EXTENSION),
+
+    OD(pkcs1MGF1, SEC_OID_PKCS1_MGF1,
+       "PKCS #1 MGF1 Mask Generation Function", CKM_INVALID_MECHANISM,
+       INVALID_CERT_EXTENSION),
+
+    OD(pkcs1PSpecified, SEC_OID_PKCS1_PSPECIFIED,
+       "PKCS #1 RSA-OAEP Explicitly Specified Encoding Parameters",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(pkcs1RSAPSSSignature, SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+       "PKCS #1 RSA-PSS Signature", CKM_RSA_PKCS_PSS,
+       INVALID_CERT_EXTENSION),
+
+    OD(pkcs1SHA224WithRSAEncryption, SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION,
+       "PKCS #1 SHA-224 With RSA Encryption", CKM_SHA224_RSA_PKCS,
+       INVALID_CERT_EXTENSION),
+
+    OD(sha224, SEC_OID_SHA224, "SHA-224", CKM_SHA224, INVALID_CERT_EXTENSION),
+
+    OD(evIncorporationLocality, SEC_OID_EV_INCORPORATION_LOCALITY,
+       "Jurisdiction of Incorporation Locality Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(evIncorporationState, SEC_OID_EV_INCORPORATION_STATE,
+       "Jurisdiction of Incorporation State Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(evIncorporationCountry, SEC_OID_EV_INCORPORATION_COUNTRY,
+       "Jurisdiction of Incorporation Country Name",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520BusinessCategory, SEC_OID_BUSINESS_CATEGORY,
+       "Business Category",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(nistDSASignaturewithSHA224Digest,
+       SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST,
+       "DSA with SHA-224 Signature",
+       CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION),
+    OD(nistDSASignaturewithSHA256Digest,
+       SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST,
+       "DSA with SHA-256 Signature",
+       CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION),
+    OD(msExtendedKeyUsageTrustListSigning,
+       SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING,
+       "Microsoft Trust List Signing",
+       CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(x520Name, SEC_OID_AVA_NAME,
+       "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    OD(aes128_GCM, SEC_OID_AES_128_GCM,
+       "AES-128-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION),
+    OD(aes192_GCM, SEC_OID_AES_192_GCM,
+       "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION),
+    OD(aes256_GCM, SEC_OID_AES_256_GCM,
+       "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION),
+    OD(idea_CBC, SEC_OID_IDEA_CBC,
+       "IDEA_CBC", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    ODE(SEC_OID_RC2_40_CBC,
+        "RC2-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_DES_40_CBC,
+        "DES-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_RC4_40,
+        "RC4-40", CKM_RC4, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_RC4_56,
+        "RC4-56", CKM_RC4, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_NULL_CIPHER,
+        "NULL cipher", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_HMAC_MD5,
+        "HMAC-MD5", CKM_MD5_HMAC, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_RSA,
+        "TLS RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DHE_RSA,
+        "TLS DHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DHE_DSS,
+        "TLS DHE-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DH_RSA,
+        "TLS DH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DH_DSS,
+        "TLS DH-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DH_ANON,
+        "TLS DH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_ECDHE_ECDSA,
+        "TLS ECDHE-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_ECDHE_RSA,
+        "TLS ECDHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_ECDH_ECDSA,
+        "TLS ECDH-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_ECDH_RSA,
+        "TLS ECDH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_ECDH_ANON,
+        "TLS ECDH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_RSA_EXPORT,
+        "TLS RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DHE_RSA_EXPORT,
+        "TLS DHE-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DHE_DSS_EXPORT,
+        "TLS DHE-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DH_RSA_EXPORT,
+        "TLS DH-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DH_DSS_EXPORT,
+        "TLS DH-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DH_ANON_EXPORT,
+        "TLS DH-ANON-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_APPLY_SSL_POLICY,
+        "Apply SSL policy (pseudo-OID)", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_CHACHA20_POLY1305,
+        "ChaCha20-Poly1305", CKM_NSS_CHACHA20_POLY1305, INVALID_CERT_EXTENSION),
+
+    ODE(SEC_OID_TLS_ECDHE_PSK,
+        "TLS ECHDE-PSK key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DHE_PSK,
+        "TLS DHE-PSK key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+
+    ODE(SEC_OID_TLS_FFDHE_2048,
+        "TLS FFDHE 2048-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_FFDHE_3072,
+        "TLS FFDHE 3072-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_FFDHE_4096,
+        "TLS FFDHE 4096-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_FFDHE_6144,
+        "TLS FFDHE 6144-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_FFDHE_8192,
+        "TLS FFDHE 8192-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS_DHE_CUSTOM,
+        "TLS DHE custom group key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    OD(curve25519, SEC_OID_CURVE25519,
+       "Curve25519", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+    ODE(SEC_OID_TLS13_KEA_ANY,
+        "TLS 1.3 fake key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
+};
+
+/* PRIVATE EXTENDED SECOID Table
+ * This table is private. Its structure is opaque to the outside.
+ * It is indexed by the same SECOidTag as the oids table above.
+ * Every member of this struct must have accessor functions (set, get)
+ * and those functions must operate by value, not by reference.
+ * The addresses of the contents of this table must not be exposed
+ * by the accessor functions.
+ */
+typedef struct privXOidStr {
+    PRUint32 notPolicyFlags; /* ones complement of policy flags */
+} privXOid;
+
+static privXOid xOids[SEC_OID_TOTAL];
+
+/*
+ * now the dynamic table. The dynamic table gets build at init time.
+ * and conceivably gets modified if the user loads new crypto modules.
+ * All this static data, and the allocated data to which it points,
+ * is protected by a global reader/writer lock.
+ * The c language guarantees that global and static data that is not
+ * explicitly initialized will be initialized with zeros.  If we
+ * initialize it with zeros, the data goes into the initialized data
+ * secment, and increases the size of the library.  By leaving it
+ * uninitialized, it is allocated in BSS, and does NOT increase the
+ * library size.
+ */
+
+typedef struct dynXOidStr {
+    SECOidData data;
+    privXOid priv;
+} dynXOid;
+
+static NSSRWLock *dynOidLock;
+static PLArenaPool *dynOidPool;
+static PLHashTable *dynOidHash;
+static dynXOid **dynOidTable; /* not in the pool */
+static int dynOidEntriesAllocated;
+static int dynOidEntriesUsed;
+
+/* Creates NSSRWLock and dynOidPool at initialization time.
+*/
+static SECStatus
+secoid_InitDynOidData(void)
+{
+    SECStatus rv = SECSuccess;
+
+    dynOidLock = NSSRWLock_New(1, "dynamic OID data");
+    if (!dynOidLock) {
+        return SECFailure; /* Error code should already be set. */
+    }
+    dynOidPool = PORT_NewArena(2048);
+    if (!dynOidPool) {
+        rv = SECFailure /* Error code should already be set. */;
+    }
+    return rv;
+}
+
+/* Add oidData to hash table.  Caller holds write lock dynOidLock. */
+static SECStatus
+secoid_HashDynamicOiddata(const SECOidData *oid)
+{
+    PLHashEntry *entry;
+
+    if (!dynOidHash) {
+        dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+                                     PL_CompareValues, NULL, NULL);
+        if (!dynOidHash) {
+            return SECFailure;
+        }
+    }
+
+    entry = PL_HashTableAdd(dynOidHash, &oid->oid, (void *)oid);
+    return entry ? SECSuccess : SECFailure;
+}
+
+/*
+ * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
+ * cheaper to rehash the table when it changes than it is to do the loop
+ * each time.
+ */
+static SECOidData *
+secoid_FindDynamic(const SECItem *key)
+{
+    SECOidData *ret = NULL;
+
+    if (dynOidHash) {
+        NSSRWLock_LockRead(dynOidLock);
+        if (dynOidHash) { /* must check it again with lock held. */
+            ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
+        }
+        NSSRWLock_UnlockRead(dynOidLock);
+    }
+    if (ret == NULL) {
+        PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
+    }
+    return ret;
+}
+
+static dynXOid *
+secoid_FindDynamicByTag(SECOidTag tagnum)
+{
+    dynXOid *dxo = NULL;
+    int tagNumDiff;
+
+    if (tagnum < SEC_OID_TOTAL) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return NULL;
+    }
+    tagNumDiff = tagnum - SEC_OID_TOTAL;
+
+    if (dynOidTable) {
+        NSSRWLock_LockRead(dynOidLock);
+        if (dynOidTable != NULL && /* must check it again with lock held. */
+            tagNumDiff < dynOidEntriesUsed) {
+            dxo = dynOidTable[tagNumDiff];
+        }
+        NSSRWLock_UnlockRead(dynOidLock);
+    }
+    if (dxo == NULL) {
+        PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
+    }
+    return dxo;
+}
+
+/*
+ * This routine is thread safe now.
+ */
+SECOidTag
+SECOID_AddEntry(const SECOidData *src)
+{
+    SECOidData *dst;
+    dynXOid **table;
+    SECOidTag ret = SEC_OID_UNKNOWN;
+    SECStatus rv;
+    int tableEntries;
+    int used;
+
+    if (!src || !src->oid.data || !src->oid.len ||
+        !src->desc || !strlen(src->desc)) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return ret;
+    }
+    if (src->supportedExtension != INVALID_CERT_EXTENSION &&
+        src->supportedExtension != UNSUPPORTED_CERT_EXTENSION &&
+        src->supportedExtension != SUPPORTED_CERT_EXTENSION) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return ret;
+    }
+
+    if (!dynOidPool || !dynOidLock) {
+        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+        return ret;
+    }
+
+    NSSRWLock_LockWrite(dynOidLock);
+
+    /* We've just acquired the write lock, and now we call FindOIDTag
+    ** which will acquire and release the read lock.  NSSRWLock has been
+    ** designed to allow this very case without deadlock.  This approach
+    ** makes the test for the presence of the OID, and the subsequent
+    ** addition of the OID to the table a single atomic write operation.
+    */
+    ret = SECOID_FindOIDTag(&src->oid);
+    if (ret != SEC_OID_UNKNOWN) {
+        /* we could return an error here, but I chose not to do that.
+        ** This way, if we add an OID to the shared library's built in
+        ** list of OIDs in some future release, and that OID is the same
+        ** as some OID that a program has been adding, the program will
+        ** not suddenly stop working.
+        */
+        goto done;
+    }
+
+    table = dynOidTable;
+    tableEntries = dynOidEntriesAllocated;
+    used = dynOidEntriesUsed;
+
+    if (used + 1 > tableEntries) {
+        dynXOid **newTable;
+        int newTableEntries = tableEntries + 16;
+
+        newTable = (dynXOid **)PORT_Realloc(table,
+                                            newTableEntries * sizeof(dynXOid *));
+        if (newTable == NULL) {
+            goto done;
+        }
+        dynOidTable = table = newTable;
+        dynOidEntriesAllocated = tableEntries = newTableEntries;
+    }
+
+    /* copy oid structure */
+    dst = (SECOidData *)PORT_ArenaZNew(dynOidPool, dynXOid);
+    if (!dst) {
+        goto done;
+    }
+    rv = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid);
+    if (rv != SECSuccess) {
+        goto done;
+    }
+    dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc);
+    if (!dst->desc) {
+        goto done;
+    }
+    dst->offset = (SECOidTag)(used + SEC_OID_TOTAL);
+    dst->mechanism = src->mechanism;
+    dst->supportedExtension = src->supportedExtension;
+
+    rv = secoid_HashDynamicOiddata(dst);
+    if (rv == SECSuccess) {
+        table[used++] = (dynXOid *)dst;
+        dynOidEntriesUsed = used;
+        ret = dst->offset;
+    }
+done:
+    NSSRWLock_UnlockWrite(dynOidLock);
+    return ret;
+}
+
+/* normal static table processing */
+static PLHashTable *oidhash = NULL;
+static PLHashTable *oidmechhash = NULL;
+
+static PLHashNumber
+secoid_HashNumber(const void *key)
+{
+    return (PLHashNumber)((char *)key - (char *)NULL);
+}
+
+#define DEF_FLAGS (NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SSL_KX)
+static void
+handleHashAlgSupport(char *envVal)
+{
+    char *myVal = PORT_Strdup(envVal); /* Get a copy we can alter */
+    char *arg = myVal;
+
+    while (arg && *arg) {
+        char *nextArg = PL_strpbrk(arg, ";");
+        PRUint32 notEnable;
+
+        if (nextArg) {
+            while (*nextArg == ';') {
+                *nextArg++ = '\0';
+            }
+        }
+        notEnable = (*arg == '-') ? (DEF_FLAGS) : 0;
+        if ((*arg == '+' || *arg == '-') && *++arg) {
+            int i;
+
+            for (i = 1; i < SEC_OID_TOTAL; i++) {
+                if (oids[i].desc && strstr(arg, oids[i].desc)) {
+                    xOids[i].notPolicyFlags = notEnable |
+                                              (xOids[i].notPolicyFlags & ~(DEF_FLAGS));
+                }
+            }
+        }
+        arg = nextArg;
+    }
+    PORT_Free(myVal); /* can handle NULL argument OK */
+}
+
+SECStatus
+SECOID_Init(void)
+{
+    PLHashEntry *entry;
+    const SECOidData *oid;
+    int i;
+    char *envVal;
+
+#define NSS_VERSION_VARIABLE __nss_util_version
+#include "verref.h"
+
+    if (oidhash) {
+        return SECSuccess; /* already initialized */
+    }
+
+    if (!PR_GetEnvSecure("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
+        /* initialize any policy flags that are disabled by default */
+        xOids[SEC_OID_MD2].notPolicyFlags = ~0;
+        xOids[SEC_OID_MD4].notPolicyFlags = ~0;
+        xOids[SEC_OID_MD5].notPolicyFlags = ~0;
+        xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION].notPolicyFlags = ~0;
+        xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION].notPolicyFlags = ~0;
+        xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION].notPolicyFlags = ~0;
+        xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0;
+        xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
+    }
+
+    /* turn off NSS_USE_POLICY_IN_SSL by default */
+    xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL;
+
+    envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT");
+    if (envVal)
+        handleHashAlgSupport(envVal);
+
+    if (secoid_InitDynOidData() != SECSuccess) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        PORT_Assert(0); /* this function should never fail */
+        return SECFailure;
+    }
+
+    oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
+                              PL_CompareValues, NULL, NULL);
+    oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
+                                  PL_CompareValues, NULL, NULL);
+
+    if (!oidhash || !oidmechhash) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        PORT_Assert(0); /*This function should never fail. */
+        return (SECFailure);
+    }
+
+    for (i = 0; i < SEC_OID_TOTAL; i++) {
+        oid = &oids[i];
+
+        PORT_Assert(oid->offset == i);
+
+        entry = PL_HashTableAdd(oidhash, &oid->oid, (void *)oid);
+        if (entry == NULL) {
+            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+            PORT_Assert(0); /*This function should never fail. */
+            return (SECFailure);
+        }
+
+        if (oid->mechanism != CKM_INVALID_MECHANISM) {
+            entry = PL_HashTableAdd(oidmechhash,
+                                    (void *)oid->mechanism, (void *)oid);
+            if (entry == NULL) {
+                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+                PORT_Assert(0); /* This function should never fail. */
+                return (SECFailure);
+            }
+        }
+    }
+
+    PORT_Assert(i == SEC_OID_TOTAL);
+
+    return (SECSuccess);
+}
+
+SECOidData *
+SECOID_FindOIDByMechanism(unsigned long mechanism)
+{
+    SECOidData *ret;
+
+    PR_ASSERT(oidhash != NULL);
+
+    ret = PL_HashTableLookupConst(oidmechhash, (void *)mechanism);
+    if (ret == NULL) {
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    }
+
+    return (ret);
+}
+
+SECOidData *
+SECOID_FindOID(const SECItem *oid)
+{
+    SECOidData *ret;
+
+    PR_ASSERT(oidhash != NULL);
+
+    ret = PL_HashTableLookupConst(oidhash, oid);
+    if (ret == NULL) {
+        ret = secoid_FindDynamic(oid);
+        if (ret == NULL) {
+            PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
+        }
+    }
+
+    return (ret);
+}
+
+SECOidTag
+SECOID_FindOIDTag(const SECItem *oid)
+{
+    SECOidData *oiddata;
+
+    oiddata = SECOID_FindOID(oid);
+    if (oiddata == NULL)
+        return SEC_OID_UNKNOWN;
+
+    return oiddata->offset;
+}
+
+/* This really should return const. */
+SECOidData *
+SECOID_FindOIDByTag(SECOidTag tagnum)
+{
+    if (tagnum >= SEC_OID_TOTAL) {
+        return (SECOidData *)secoid_FindDynamicByTag(tagnum);
+    }
+
+    PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL);
+    return (SECOidData *)(&oids[tagnum]);
+}
+
+PRBool
+SECOID_KnownCertExtenOID(SECItem *extenOid)
+{
+    SECOidData *oidData;
+
+    oidData = SECOID_FindOID(extenOid);
+    if (oidData == (SECOidData *)NULL)
+        return (PR_FALSE);
+    return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ? PR_TRUE : PR_FALSE);
+}
+
+const char *
+SECOID_FindOIDTagDescription(SECOidTag tagnum)
+{
+    const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
+    return oidData ? oidData->desc : 0;
+}
+
+/* --------- opaque extended OID table accessor functions ---------------*/
+/*
+ * Any of these functions may return SECSuccess or SECFailure with the error
+ * code set to SEC_ERROR_UNKNOWN_OBJECT_TYPE if the SECOidTag is out of range.
+ */
+
+static privXOid *
+secoid_FindXOidByTag(SECOidTag tagnum)
+{
+    if (tagnum >= SEC_OID_TOTAL) {
+        dynXOid *dxo = secoid_FindDynamicByTag(tagnum);
+        return (dxo ? &dxo->priv : NULL);
+    }
+
+    PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL);
+    return &xOids[tagnum];
+}
+
+/* The Get function outputs the 32-bit value associated with the SECOidTag.
+ * Flags bits are the NSS_USE_ALG_ #defines in "secoidt.h".
+ * Default value for any algorithm is 0xffffffff (enabled for all purposes).
+ * No value is output if function returns SECFailure.
+ */
+SECStatus
+NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue)
+{
+    privXOid *pxo = secoid_FindXOidByTag(tag);
+    if (!pxo)
+        return SECFailure;
+    if (!pValue) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+    *pValue = ~(pxo->notPolicyFlags);
+    return SECSuccess;
+}
+
+/* The Set function modifies the stored value according to the following
+ * algorithm:
+ *   policy[tag] = (policy[tag] & ~clearBits) | setBits;
+ */
+SECStatus
+NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits)
+{
+    privXOid *pxo = secoid_FindXOidByTag(tag);
+    PRUint32 policyFlags;
+    if (!pxo)
+        return SECFailure;
+    /* The stored policy flags are the ones complement of the flags as
+     * seen by the user.  This is not atomic, but these changes should
+     * be done rarely, e.g. at initialization time.
+     */
+    policyFlags = ~(pxo->notPolicyFlags);
+    policyFlags = (policyFlags & ~clearBits) | setBits;
+    pxo->notPolicyFlags = ~policyFlags;
+    return SECSuccess;
+}
+
+/* --------- END OF opaque extended OID table accessor functions ---------*/
+
+/* for now, this is only used in a single place, so it can remain static */
+static PRBool parentForkedAfterC_Initialize;
+
+#define SKIP_AFTER_FORK(x)              \
+    if (!parentForkedAfterC_Initialize) \
+    x
+
+/*
+ * free up the oid tables.
+ */
+SECStatus
+SECOID_Shutdown(void)
+{
+    if (oidhash) {
+        PL_HashTableDestroy(oidhash);
+        oidhash = NULL;
+    }
+    if (oidmechhash) {
+        PL_HashTableDestroy(oidmechhash);
+        oidmechhash = NULL;
+    }
+    /* Have to handle the case where the lock was created, but
+    ** the pool wasn't.
+    ** I'm not going to attempt to create the lock, just to protect
+    ** the destruction of data that probably isn't initialized anyway.
+    */
+    if (dynOidLock) {
+        SKIP_AFTER_FORK(NSSRWLock_LockWrite(dynOidLock));
+        if (dynOidHash) {
+            PL_HashTableDestroy(dynOidHash);
+            dynOidHash = NULL;
+        }
+        if (dynOidPool) {
+            PORT_FreeArena(dynOidPool, PR_FALSE);
+            dynOidPool = NULL;
+        }
+        if (dynOidTable) {
+            PORT_Free(dynOidTable);
+            dynOidTable = NULL;
+        }
+        dynOidEntriesAllocated = 0;
+        dynOidEntriesUsed = 0;
+
+        SKIP_AFTER_FORK(NSSRWLock_UnlockWrite(dynOidLock));
+        SKIP_AFTER_FORK(NSSRWLock_Destroy(dynOidLock));
+        dynOidLock = NULL;
+    } else {
+        /* Since dynOidLock doesn't exist, then all the data it protects
+        ** should be uninitialized.  We'll check that (in DEBUG builds),
+        ** and then make sure it is so, in case NSS is reinitialized.
+        */
+        PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable &&
+                    !dynOidEntriesAllocated && !dynOidEntriesUsed);
+        dynOidHash = NULL;
+        dynOidPool = NULL;
+        dynOidTable = NULL;
+        dynOidEntriesAllocated = 0;
+        dynOidEntriesUsed = 0;
+    }
+    memset(xOids, 0, sizeof xOids);
+    return SECSuccess;
+}
+
+void
+UTIL_SetForkState(PRBool forked)
+{
+    parentForkedAfterC_Initialize = forked;
+}
+
+const char *
+NSSUTIL_GetVersion(void)
+{
+    return NSSUTIL_VERSION;
+}
diff --git a/nss/lib/util/secoid.h b/nss/lib/util/secoid.h
new file mode 100644
index 0000000..e6eaa8c
--- /dev/null
+++ b/nss/lib/util/secoid.h
@@ -0,0 +1,140 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECOID_H_
+#define _SECOID_H_
+
+#include "utilrename.h"
+
+/*
+ * secoid.h - public data structures and prototypes for ASN.1 OID functions
+ */
+
+#include "plarena.h"
+
+#include "seccomon.h"
+#include "secoidt.h"
+#include "secasn1t.h"
+
+SEC_BEGIN_PROTOS
+
+extern const SEC_ASN1Template SECOID_AlgorithmIDTemplate[];
+
+/* This functions simply returns the address of the above-declared template. */
+SEC_ASN1_CHOOSER_DECLARE(SECOID_AlgorithmIDTemplate)
+
+/*
+ * OID handling routines
+ */
+extern SECOidData *SECOID_FindOID(const SECItem *oid);
+extern SECOidTag SECOID_FindOIDTag(const SECItem *oid);
+extern SECOidData *SECOID_FindOIDByTag(SECOidTag tagnum);
+extern SECOidData *SECOID_FindOIDByMechanism(unsigned long mechanism);
+
+/****************************************/
+/*
+** Algorithm id handling operations
+*/
+
+/*
+** Fill in an algorithm-ID object given a tag and some parameters.
+**      "aid" where the DER encoded algorithm info is stored (memory
+**         is allocated)
+**      "tag" the tag number defining the algorithm
+**      "params" if not NULL, the parameters to go with the algorithm
+*/
+extern SECStatus SECOID_SetAlgorithmID(PLArenaPool *arena, SECAlgorithmID *aid,
+                                       SECOidTag tag, SECItem *params);
+
+/*
+** Copy the "src" object to "dest". Memory is allocated in "dest" for
+** each of the appropriate sub-objects. Memory in "dest" is not freed
+** before memory is allocated (use SECOID_DestroyAlgorithmID(dest, PR_FALSE)
+** to do that).
+*/
+extern SECStatus SECOID_CopyAlgorithmID(PLArenaPool *arena, SECAlgorithmID *dest,
+                                        const SECAlgorithmID *src);
+
+/*
+** Get the tag number for the given algorithm-id object.
+*/
+extern SECOidTag SECOID_GetAlgorithmTag(const SECAlgorithmID *aid);
+
+/*
+** Destroy an algorithm-id object.
+**      "aid" the certificate-request to destroy
+**      "freeit" if PR_TRUE then free the object as well as its sub-objects
+*/
+extern void SECOID_DestroyAlgorithmID(SECAlgorithmID *aid, PRBool freeit);
+
+/*
+** Compare two algorithm-id objects, returning the difference between
+** them.
+*/
+extern SECComparison SECOID_CompareAlgorithmID(SECAlgorithmID *a,
+                                               SECAlgorithmID *b);
+
+extern PRBool SECOID_KnownCertExtenOID(SECItem *extenOid);
+
+/* Given a tag number, return a string describing it.
+ */
+extern const char *SECOID_FindOIDTagDescription(SECOidTag tagnum);
+
+/* Add a dynamic SECOidData to the dynamic OID table.
+** Routine copies the src entry, and returns the new SECOidTag.
+** Returns SEC_OID_INVALID if failed to add for some reason.
+*/
+extern SECOidTag SECOID_AddEntry(const SECOidData *src);
+
+/*
+ * initialize the oid data structures.
+ */
+extern SECStatus SECOID_Init(void);
+
+/*
+ * free up the oid data structures.
+ */
+extern SECStatus SECOID_Shutdown(void);
+
+/* if to->data is not NULL, and to->len is large enough to hold the result,
+ * then the resultant OID will be copyed into to->data, and to->len will be
+ * changed to show the actual OID length.
+ * Otherwise, memory for the OID will be allocated (from the caller's
+ * PLArenaPool, if pool is non-NULL) and to->data will receive the address
+ * of the allocated data, and to->len will receive the OID length.
+ * The original value of to->data is not freed when a new buffer is allocated.
+ *
+ * The input string may begin with "OID." and this still be ignored.
+ * The length of the input string is given in len.  If len == 0, then
+ * len will be computed as strlen(from), meaning it must be NUL terminated.
+ * It is an error if from == NULL, or if *from == '\0'.
+ */
+extern SECStatus SEC_StringToOID(PLArenaPool *pool, SECItem *to,
+                                 const char *from, PRUint32 len);
+
+extern void UTIL_SetForkState(PRBool forked);
+
+/*
+ * Accessor functions for new opaque extended SECOID table.
+ * Any of these functions may return SECSuccess or SECFailure with the error
+ * code set to SEC_ERROR_UNKNOWN_OBJECT_TYPE if the SECOidTag is out of range.
+ */
+
+/* The Get function outputs the 32-bit value associated with the SECOidTag.
+ * Flags bits are the NSS_USE_ALG_ #defines in "secoidt.h".
+ * Default value for any algorithm is 0xffffffff (enabled for all purposes).
+ * No value is output if function returns SECFailure.
+ */
+extern SECStatus NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue);
+
+/* The Set function modifies the stored value according to the following
+ * algorithm:
+ *   policy[tag] = (policy[tag] & ~clearBits) | setBits;
+ */
+extern SECStatus
+NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits);
+
+SEC_END_PROTOS
+
+#endif /* _SECOID_H_ */
diff --git a/nss/lib/util/secoidt.h b/nss/lib/util/secoidt.h
new file mode 100644
index 0000000..0a40f29
--- /dev/null
+++ b/nss/lib/util/secoidt.h
@@ -0,0 +1,540 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _SECOIDT_H_
+#define _SECOIDT_H_
+
+#include "utilrename.h"
+
+/*
+ * secoidt.h - public data structures for ASN.1 OID functions
+ */
+
+#include "secitem.h"
+
+typedef struct SECOidDataStr SECOidData;
+typedef struct SECAlgorithmIDStr SECAlgorithmID;
+
+/*
+** An X.500 algorithm identifier
+*/
+struct SECAlgorithmIDStr {
+    SECItem algorithm;
+    SECItem parameters;
+};
+
+/*
+ * Misc object IDs - these numbers are for convenient handling.
+ * They are mapped into real object IDs
+ *
+ * NOTE: the order of these entries must mach the array "oids" of SECOidData
+ * in util/secoid.c.
+ */
+typedef enum {
+    SEC_OID_UNKNOWN = 0,
+    SEC_OID_MD2 = 1,
+    SEC_OID_MD4 = 2,
+    SEC_OID_MD5 = 3,
+    SEC_OID_SHA1 = 4,
+    SEC_OID_RC2_CBC = 5,
+    SEC_OID_RC4 = 6,
+    SEC_OID_DES_EDE3_CBC = 7,
+    SEC_OID_RC5_CBC_PAD = 8,
+    SEC_OID_DES_ECB = 9,
+    SEC_OID_DES_CBC = 10,
+    SEC_OID_DES_OFB = 11,
+    SEC_OID_DES_CFB = 12,
+    SEC_OID_DES_MAC = 13,
+    SEC_OID_DES_EDE = 14,
+    SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE = 15,
+    SEC_OID_PKCS1_RSA_ENCRYPTION = 16,
+    SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION = 17,
+    SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION = 18,
+    SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION = 19,
+    SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION = 20,
+    SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC = 21,
+    SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC = 22,
+    SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC = 23,
+    SEC_OID_PKCS7 = 24,
+    SEC_OID_PKCS7_DATA = 25,
+    SEC_OID_PKCS7_SIGNED_DATA = 26,
+    SEC_OID_PKCS7_ENVELOPED_DATA = 27,
+    SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA = 28,
+    SEC_OID_PKCS7_DIGESTED_DATA = 29,
+    SEC_OID_PKCS7_ENCRYPTED_DATA = 30,
+    SEC_OID_PKCS9_EMAIL_ADDRESS = 31,
+    SEC_OID_PKCS9_UNSTRUCTURED_NAME = 32,
+    SEC_OID_PKCS9_CONTENT_TYPE = 33,
+    SEC_OID_PKCS9_MESSAGE_DIGEST = 34,
+    SEC_OID_PKCS9_SIGNING_TIME = 35,
+    SEC_OID_PKCS9_COUNTER_SIGNATURE = 36,
+    SEC_OID_PKCS9_CHALLENGE_PASSWORD = 37,
+    SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS = 38,
+    SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES = 39,
+    SEC_OID_PKCS9_SMIME_CAPABILITIES = 40,
+    SEC_OID_AVA_COMMON_NAME = 41,
+    SEC_OID_AVA_COUNTRY_NAME = 42,
+    SEC_OID_AVA_LOCALITY = 43,
+    SEC_OID_AVA_STATE_OR_PROVINCE = 44,
+    SEC_OID_AVA_ORGANIZATION_NAME = 45,
+    SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME = 46,
+    SEC_OID_AVA_DN_QUALIFIER = 47,
+    SEC_OID_AVA_DC = 48,
+
+    SEC_OID_NS_TYPE_GIF = 49,
+    SEC_OID_NS_TYPE_JPEG = 50,
+    SEC_OID_NS_TYPE_URL = 51,
+    SEC_OID_NS_TYPE_HTML = 52,
+    SEC_OID_NS_TYPE_CERT_SEQUENCE = 53,
+    SEC_OID_MISSI_KEA_DSS_OLD = 54,
+    SEC_OID_MISSI_DSS_OLD = 55,
+    SEC_OID_MISSI_KEA_DSS = 56,
+    SEC_OID_MISSI_DSS = 57,
+    SEC_OID_MISSI_KEA = 58,
+    SEC_OID_MISSI_ALT_KEA = 59,
+
+    /* Netscape private certificate extensions */
+    SEC_OID_NS_CERT_EXT_NETSCAPE_OK = 60,
+    SEC_OID_NS_CERT_EXT_ISSUER_LOGO = 61,
+    SEC_OID_NS_CERT_EXT_SUBJECT_LOGO = 62,
+    SEC_OID_NS_CERT_EXT_CERT_TYPE = 63,
+    SEC_OID_NS_CERT_EXT_BASE_URL = 64,
+    SEC_OID_NS_CERT_EXT_REVOCATION_URL = 65,
+    SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL = 66,
+    SEC_OID_NS_CERT_EXT_CA_CRL_URL = 67,
+    SEC_OID_NS_CERT_EXT_CA_CERT_URL = 68,
+    SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 69,
+    SEC_OID_NS_CERT_EXT_CA_POLICY_URL = 70,
+    SEC_OID_NS_CERT_EXT_HOMEPAGE_URL = 71,
+    SEC_OID_NS_CERT_EXT_ENTITY_LOGO = 72,
+    SEC_OID_NS_CERT_EXT_USER_PICTURE = 73,
+    SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME = 74,
+    SEC_OID_NS_CERT_EXT_COMMENT = 75,
+    SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL = 76,
+    SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME = 77,
+    SEC_OID_NS_KEY_USAGE_GOVT_APPROVED = 78,
+
+    /* x.509 v3 Extensions */
+    SEC_OID_X509_SUBJECT_DIRECTORY_ATTR = 79,
+    SEC_OID_X509_SUBJECT_KEY_ID = 80,
+    SEC_OID_X509_KEY_USAGE = 81,
+    SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 82,
+    SEC_OID_X509_SUBJECT_ALT_NAME = 83,
+    SEC_OID_X509_ISSUER_ALT_NAME = 84,
+    SEC_OID_X509_BASIC_CONSTRAINTS = 85,
+    SEC_OID_X509_NAME_CONSTRAINTS = 86,
+    SEC_OID_X509_CRL_DIST_POINTS = 87,
+    SEC_OID_X509_CERTIFICATE_POLICIES = 88,
+    SEC_OID_X509_POLICY_MAPPINGS = 89,
+    SEC_OID_X509_POLICY_CONSTRAINTS = 90,
+    SEC_OID_X509_AUTH_KEY_ID = 91,
+    SEC_OID_X509_EXT_KEY_USAGE = 92,
+    SEC_OID_X509_AUTH_INFO_ACCESS = 93,
+
+    SEC_OID_X509_CRL_NUMBER = 94,
+    SEC_OID_X509_REASON_CODE = 95,
+    SEC_OID_X509_INVALID_DATE = 96,
+    /* End of x.509 v3 Extensions */
+
+    SEC_OID_X500_RSA_ENCRYPTION = 97,
+
+    /* alg 1485 additions */
+    SEC_OID_RFC1274_UID = 98,
+    SEC_OID_RFC1274_MAIL = 99,
+
+    /* PKCS 12 additions */
+    SEC_OID_PKCS12 = 100,
+    SEC_OID_PKCS12_MODE_IDS = 101,
+    SEC_OID_PKCS12_ESPVK_IDS = 102,
+    SEC_OID_PKCS12_BAG_IDS = 103,
+    SEC_OID_PKCS12_CERT_BAG_IDS = 104,
+    SEC_OID_PKCS12_OIDS = 105,
+    SEC_OID_PKCS12_PBE_IDS = 106,
+    SEC_OID_PKCS12_SIGNATURE_IDS = 107,
+    SEC_OID_PKCS12_ENVELOPING_IDS = 108,
+    /* SEC_OID_PKCS12_OFFLINE_TRANSPORT_MODE,
+    SEC_OID_PKCS12_ONLINE_TRANSPORT_MODE, */
+    SEC_OID_PKCS12_PKCS8_KEY_SHROUDING = 109,
+    SEC_OID_PKCS12_KEY_BAG_ID = 110,
+    SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID = 111,
+    SEC_OID_PKCS12_SECRET_BAG_ID = 112,
+    SEC_OID_PKCS12_X509_CERT_CRL_BAG = 113,
+    SEC_OID_PKCS12_SDSI_CERT_BAG = 114,
+    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 = 115,
+    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 = 116,
+    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC = 117,
+    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 118,
+    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 119,
+    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4 = 120,
+    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4 = 121,
+    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES = 122,
+    SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST = 123,
+    /* end of PKCS 12 additions */
+
+    /* DSA signatures */
+    SEC_OID_ANSIX9_DSA_SIGNATURE = 124,
+    SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST = 125,
+    SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 126,
+
+    /* Verisign OIDs */
+    SEC_OID_VERISIGN_USER_NOTICES = 127,
+
+    /* PKIX OIDs */
+    SEC_OID_PKIX_CPS_POINTER_QUALIFIER = 128,
+    SEC_OID_PKIX_USER_NOTICE_QUALIFIER = 129,
+    SEC_OID_PKIX_OCSP = 130,
+    SEC_OID_PKIX_OCSP_BASIC_RESPONSE = 131,
+    SEC_OID_PKIX_OCSP_NONCE = 132,
+    SEC_OID_PKIX_OCSP_CRL = 133,
+    SEC_OID_PKIX_OCSP_RESPONSE = 134,
+    SEC_OID_PKIX_OCSP_NO_CHECK = 135,
+    SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 136,
+    SEC_OID_PKIX_OCSP_SERVICE_LOCATOR = 137,
+    SEC_OID_PKIX_REGCTRL_REGTOKEN = 138,
+    SEC_OID_PKIX_REGCTRL_AUTHENTICATOR = 139,
+    SEC_OID_PKIX_REGCTRL_PKIPUBINFO = 140,
+    SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 141,
+    SEC_OID_PKIX_REGCTRL_OLD_CERT_ID = 142,
+    SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 143,
+    SEC_OID_PKIX_REGINFO_UTF8_PAIRS = 144,
+    SEC_OID_PKIX_REGINFO_CERT_REQUEST = 145,
+    SEC_OID_EXT_KEY_USAGE_SERVER_AUTH = 146,
+    SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH = 147,
+    SEC_OID_EXT_KEY_USAGE_CODE_SIGN = 148,
+    SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT = 149,
+    SEC_OID_EXT_KEY_USAGE_TIME_STAMP = 150,
+    SEC_OID_OCSP_RESPONDER = 151,
+
+    /* Netscape Algorithm OIDs */
+    SEC_OID_NETSCAPE_SMIME_KEA = 152,
+
+    /* Skipjack OID -- ### mwelch temporary */
+    SEC_OID_FORTEZZA_SKIPJACK = 153,
+
+    /* PKCS 12 V2 oids */
+    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 = 154,
+    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 = 155,
+    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC = 156,
+    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC = 157,
+    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 158,
+    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 159,
+    SEC_OID_PKCS12_SAFE_CONTENTS_ID = 160,
+    SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID = 161,
+
+    SEC_OID_PKCS12_V1_KEY_BAG_ID = 162,
+    SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID = 163,
+    SEC_OID_PKCS12_V1_CERT_BAG_ID = 164,
+    SEC_OID_PKCS12_V1_CRL_BAG_ID = 165,
+    SEC_OID_PKCS12_V1_SECRET_BAG_ID = 166,
+    SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID = 167,
+    SEC_OID_PKCS9_X509_CERT = 168,
+    SEC_OID_PKCS9_SDSI_CERT = 169,
+    SEC_OID_PKCS9_X509_CRL = 170,
+    SEC_OID_PKCS9_FRIENDLY_NAME = 171,
+    SEC_OID_PKCS9_LOCAL_KEY_ID = 172,
+    SEC_OID_BOGUS_KEY_USAGE = 173,
+
+    /*Diffe Helman OIDS */
+    SEC_OID_X942_DIFFIE_HELMAN_KEY = 174,
+
+    /* Netscape other name types */
+    /* SEC_OID_NETSCAPE_NICKNAME is an otherName field of type IA5String
+     * in the subjectAltName certificate extension.  NSS dropped support
+     * for SEC_OID_NETSCAPE_NICKNAME in NSS 3.13. */
+    SEC_OID_NETSCAPE_NICKNAME = 175,
+
+    /* Cert Server OIDS */
+    SEC_OID_NETSCAPE_RECOVERY_REQUEST = 176,
+
+    /* New PSM certificate management OIDs */
+    SEC_OID_CERT_RENEWAL_LOCATOR = 177,
+    SEC_OID_NS_CERT_EXT_SCOPE_OF_USE = 178,
+
+    /* CMS (RFC2630) OIDs */
+    SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = 179,
+    SEC_OID_CMS_3DES_KEY_WRAP = 180,
+    SEC_OID_CMS_RC2_KEY_WRAP = 181,
+
+    /* SMIME attributes */
+    SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE = 182,
+
+    /* AES OIDs */
+    SEC_OID_AES_128_ECB = 183,
+    SEC_OID_AES_128_CBC = 184,
+    SEC_OID_AES_192_ECB = 185,
+    SEC_OID_AES_192_CBC = 186,
+    SEC_OID_AES_256_ECB = 187,
+    SEC_OID_AES_256_CBC = 188,
+
+    SEC_OID_SDN702_DSA_SIGNATURE = 189,
+
+    SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190,
+
+    SEC_OID_SHA256 = 191,
+    SEC_OID_SHA384 = 192,
+    SEC_OID_SHA512 = 193,
+
+    SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 194,
+    SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 195,
+    SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 196,
+
+    SEC_OID_AES_128_KEY_WRAP = 197,
+    SEC_OID_AES_192_KEY_WRAP = 198,
+    SEC_OID_AES_256_KEY_WRAP = 199,
+
+    /* Elliptic Curve Cryptography (ECC) OIDs */
+    SEC_OID_ANSIX962_EC_PUBLIC_KEY = 200,
+    SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE = 201,
+
+#define SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST \
+    SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE
+
+    /* ANSI X9.62 named elliptic curves (prime field) */
+    SEC_OID_ANSIX962_EC_PRIME192V1 = 202,
+    SEC_OID_ANSIX962_EC_PRIME192V2 = 203,
+    SEC_OID_ANSIX962_EC_PRIME192V3 = 204,
+    SEC_OID_ANSIX962_EC_PRIME239V1 = 205,
+    SEC_OID_ANSIX962_EC_PRIME239V2 = 206,
+    SEC_OID_ANSIX962_EC_PRIME239V3 = 207,
+    SEC_OID_ANSIX962_EC_PRIME256V1 = 208,
+
+    /* SECG named elliptic curves (prime field) */
+    SEC_OID_SECG_EC_SECP112R1 = 209,
+    SEC_OID_SECG_EC_SECP112R2 = 210,
+    SEC_OID_SECG_EC_SECP128R1 = 211,
+    SEC_OID_SECG_EC_SECP128R2 = 212,
+    SEC_OID_SECG_EC_SECP160K1 = 213,
+    SEC_OID_SECG_EC_SECP160R1 = 214,
+    SEC_OID_SECG_EC_SECP160R2 = 215,
+    SEC_OID_SECG_EC_SECP192K1 = 216,
+    /* SEC_OID_SECG_EC_SECP192R1 is SEC_OID_ANSIX962_EC_PRIME192V1 */
+    SEC_OID_SECG_EC_SECP224K1 = 217,
+    SEC_OID_SECG_EC_SECP224R1 = 218,
+    SEC_OID_SECG_EC_SECP256K1 = 219,
+    /* SEC_OID_SECG_EC_SECP256R1 is SEC_OID_ANSIX962_EC_PRIME256V1 */
+    SEC_OID_SECG_EC_SECP384R1 = 220,
+    SEC_OID_SECG_EC_SECP521R1 = 221,
+
+    /* ANSI X9.62 named elliptic curves (characteristic two field) */
+    SEC_OID_ANSIX962_EC_C2PNB163V1 = 222,
+    SEC_OID_ANSIX962_EC_C2PNB163V2 = 223,
+    SEC_OID_ANSIX962_EC_C2PNB163V3 = 224,
+    SEC_OID_ANSIX962_EC_C2PNB176V1 = 225,
+    SEC_OID_ANSIX962_EC_C2TNB191V1 = 226,
+    SEC_OID_ANSIX962_EC_C2TNB191V2 = 227,
+    SEC_OID_ANSIX962_EC_C2TNB191V3 = 228,
+    SEC_OID_ANSIX962_EC_C2ONB191V4 = 229,
+    SEC_OID_ANSIX962_EC_C2ONB191V5 = 230,
+    SEC_OID_ANSIX962_EC_C2PNB208W1 = 231,
+    SEC_OID_ANSIX962_EC_C2TNB239V1 = 232,
+    SEC_OID_ANSIX962_EC_C2TNB239V2 = 233,
+    SEC_OID_ANSIX962_EC_C2TNB239V3 = 234,
+    SEC_OID_ANSIX962_EC_C2ONB239V4 = 235,
+    SEC_OID_ANSIX962_EC_C2ONB239V5 = 236,
+    SEC_OID_ANSIX962_EC_C2PNB272W1 = 237,
+    SEC_OID_ANSIX962_EC_C2PNB304W1 = 238,
+    SEC_OID_ANSIX962_EC_C2TNB359V1 = 239,
+    SEC_OID_ANSIX962_EC_C2PNB368W1 = 240,
+    SEC_OID_ANSIX962_EC_C2TNB431R1 = 241,
+
+    /* SECG named elliptic curves (characteristic two field) */
+    SEC_OID_SECG_EC_SECT113R1 = 242,
+    SEC_OID_SECG_EC_SECT113R2 = 243,
+    SEC_OID_SECG_EC_SECT131R1 = 244,
+    SEC_OID_SECG_EC_SECT131R2 = 245,
+    SEC_OID_SECG_EC_SECT163K1 = 246,
+    SEC_OID_SECG_EC_SECT163R1 = 247,
+    SEC_OID_SECG_EC_SECT163R2 = 248,
+    SEC_OID_SECG_EC_SECT193R1 = 249,
+    SEC_OID_SECG_EC_SECT193R2 = 250,
+    SEC_OID_SECG_EC_SECT233K1 = 251,
+    SEC_OID_SECG_EC_SECT233R1 = 252,
+    SEC_OID_SECG_EC_SECT239K1 = 253,
+    SEC_OID_SECG_EC_SECT283K1 = 254,
+    SEC_OID_SECG_EC_SECT283R1 = 255,
+    SEC_OID_SECG_EC_SECT409K1 = 256,
+    SEC_OID_SECG_EC_SECT409R1 = 257,
+    SEC_OID_SECG_EC_SECT571K1 = 258,
+    SEC_OID_SECG_EC_SECT571R1 = 259,
+
+    SEC_OID_NETSCAPE_AOLSCREENNAME = 260,
+
+    SEC_OID_AVA_SURNAME = 261,
+    SEC_OID_AVA_SERIAL_NUMBER = 262,
+    SEC_OID_AVA_STREET_ADDRESS = 263,
+    SEC_OID_AVA_TITLE = 264,
+    SEC_OID_AVA_POSTAL_ADDRESS = 265,
+    SEC_OID_AVA_POSTAL_CODE = 266,
+    SEC_OID_AVA_POST_OFFICE_BOX = 267,
+    SEC_OID_AVA_GIVEN_NAME = 268,
+    SEC_OID_AVA_INITIALS = 269,
+    SEC_OID_AVA_GENERATION_QUALIFIER = 270,
+    SEC_OID_AVA_HOUSE_IDENTIFIER = 271,
+    SEC_OID_AVA_PSEUDONYM = 272,
+
+    /* More OIDs */
+    SEC_OID_PKIX_CA_ISSUERS = 273,
+    SEC_OID_PKCS9_EXTENSION_REQUEST = 274,
+
+    /* new EC Signature oids */
+    SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST = 275,
+    SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST = 276,
+    SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE = 277,
+    SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE = 278,
+    SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE = 279,
+    SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE = 280,
+
+    /* More id-ce and id-pe OIDs from RFC 3280 */
+    SEC_OID_X509_HOLD_INSTRUCTION_CODE = 281,
+    SEC_OID_X509_DELTA_CRL_INDICATOR = 282,
+    SEC_OID_X509_ISSUING_DISTRIBUTION_POINT = 283,
+    SEC_OID_X509_CERT_ISSUER = 284,
+    SEC_OID_X509_FRESHEST_CRL = 285,
+    SEC_OID_X509_INHIBIT_ANY_POLICY = 286,
+    SEC_OID_X509_SUBJECT_INFO_ACCESS = 287,
+
+    /* Camellia OIDs (RFC3657)*/
+    SEC_OID_CAMELLIA_128_CBC = 288,
+    SEC_OID_CAMELLIA_192_CBC = 289,
+    SEC_OID_CAMELLIA_256_CBC = 290,
+
+    /* PKCS 5 V2 OIDS */
+    SEC_OID_PKCS5_PBKDF2 = 291,
+    SEC_OID_PKCS5_PBES2 = 292,
+    SEC_OID_PKCS5_PBMAC1 = 293,
+    SEC_OID_HMAC_SHA1 = 294,
+    SEC_OID_HMAC_SHA224 = 295,
+    SEC_OID_HMAC_SHA256 = 296,
+    SEC_OID_HMAC_SHA384 = 297,
+    SEC_OID_HMAC_SHA512 = 298,
+
+    SEC_OID_PKIX_TIMESTAMPING = 299,
+    SEC_OID_PKIX_CA_REPOSITORY = 300,
+
+    SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE = 301,
+
+    SEC_OID_SEED_CBC = 302,
+
+    SEC_OID_X509_ANY_POLICY = 303,
+
+    SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION = 304,
+    SEC_OID_PKCS1_MGF1 = 305,
+    SEC_OID_PKCS1_PSPECIFIED = 306,
+    SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 307,
+    SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION = 308,
+
+    SEC_OID_SHA224 = 309,
+
+    SEC_OID_EV_INCORPORATION_LOCALITY = 310,
+    SEC_OID_EV_INCORPORATION_STATE = 311,
+    SEC_OID_EV_INCORPORATION_COUNTRY = 312,
+    SEC_OID_BUSINESS_CATEGORY = 313,
+
+    SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST = 314,
+    SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST = 315,
+
+    /* Microsoft Trust List Signing
+     * szOID_KP_CTL_USAGE_SIGNING
+     * where KP stands for Key Purpose
+     */
+    SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING = 316,
+
+    /* The 'name' attribute type in X.520 */
+    SEC_OID_AVA_NAME = 317,
+
+    SEC_OID_AES_128_GCM = 318,
+    SEC_OID_AES_192_GCM = 319,
+    SEC_OID_AES_256_GCM = 320,
+    SEC_OID_IDEA_CBC = 321,
+
+    /* pseudo - OIDs */
+
+    SEC_OID_RC2_40_CBC = 322,
+    SEC_OID_DES_40_CBC = 323,
+    SEC_OID_RC4_40 = 324,
+    SEC_OID_RC4_56 = 325,
+    SEC_OID_NULL_CIPHER = 326,
+
+    SEC_OID_HMAC_MD5 = 327,
+
+    SEC_OID_TLS_RSA = 328,
+    SEC_OID_TLS_DHE_RSA = 329,
+    SEC_OID_TLS_DHE_DSS = 330,
+    SEC_OID_TLS_DH_RSA = 331,
+    SEC_OID_TLS_DH_DSS = 332,
+    SEC_OID_TLS_DH_ANON = 333,
+    SEC_OID_TLS_ECDHE_ECDSA = 334,
+    SEC_OID_TLS_ECDHE_RSA = 335,
+    SEC_OID_TLS_ECDH_ECDSA = 336,
+    SEC_OID_TLS_ECDH_RSA = 337,
+    SEC_OID_TLS_ECDH_ANON = 338,
+    SEC_OID_TLS_RSA_EXPORT = 339,
+
+    SEC_OID_TLS_DHE_RSA_EXPORT = 340,
+    SEC_OID_TLS_DHE_DSS_EXPORT = 341,
+    SEC_OID_TLS_DH_RSA_EXPORT = 342,
+    SEC_OID_TLS_DH_DSS_EXPORT = 343,
+    SEC_OID_TLS_DH_ANON_EXPORT = 344,
+    SEC_OID_APPLY_SSL_POLICY = 345,
+
+    SEC_OID_CHACHA20_POLY1305 = 346,
+
+    SEC_OID_TLS_ECDHE_PSK = 347,
+    SEC_OID_TLS_DHE_PSK = 348,
+
+    SEC_OID_TLS_FFDHE_2048 = 349,
+    SEC_OID_TLS_FFDHE_3072 = 350,
+    SEC_OID_TLS_FFDHE_4096 = 351,
+    SEC_OID_TLS_FFDHE_6144 = 352,
+    SEC_OID_TLS_FFDHE_8192 = 353,
+    SEC_OID_TLS_DHE_CUSTOM = 354,
+
+    SEC_OID_CURVE25519 = 355,
+
+    SEC_OID_TLS13_KEA_ANY = 356,
+
+    SEC_OID_TOTAL
+} SECOidTag;
+
+#define SEC_OID_SECG_EC_SECP192R1 SEC_OID_ANSIX962_EC_PRIME192V1
+#define SEC_OID_SECG_EC_SECP256R1 SEC_OID_ANSIX962_EC_PRIME256V1
+#define SEC_OID_PKCS12_KEY_USAGE SEC_OID_X509_KEY_USAGE
+
+/* fake OID for DSS sign/verify */
+#define SEC_OID_SHA SEC_OID_MISS_DSS
+
+typedef enum {
+    INVALID_CERT_EXTENSION = 0,
+    UNSUPPORTED_CERT_EXTENSION = 1,
+    SUPPORTED_CERT_EXTENSION = 2
+} SECSupportExtenTag;
+
+struct SECOidDataStr {
+    SECItem oid;
+    SECOidTag offset;
+    const char* desc;
+    unsigned long mechanism;
+    SECSupportExtenTag supportedExtension;
+    /* only used for x.509 v3 extensions, so
+       that we can print the names of those
+       extensions that we don't even support */
+};
+
+/* New Opaque extended OID table API.
+ * These are algorithm policy Flags, used with functions
+ * NSS_SetAlgorithmPolicy & NSS_GetAlgorithmPolicy.
+ */
+#define NSS_USE_ALG_IN_CERT_SIGNATURE 0x00000001 /* CRLs and OCSP, too */
+#define NSS_USE_ALG_IN_CMS_SIGNATURE 0x00000002  /* used in S/MIME */
+#define NSS_USE_ALG_IN_SSL_KX 0x00000004         /* used in SSL key exchange */
+#define NSS_USE_ALG_IN_SSL 0x00000008            /* used in SSL record protocol */
+#define NSS_USE_POLICY_IN_SSL 0x00000010         /* enable policy in SSL protocol */
+#define NSS_USE_ALG_RESERVED 0xfffffffc          /* may be used in future */
+
+/* Code MUST NOT SET or CLEAR reserved bits, and must NOT depend on them
+ * being all zeros or having any other known value.  The reserved bits
+ * must be ignored.
+ */
+
+#endif /* _SECOIDT_H_ */
diff --git a/nss/lib/util/secplcy.c b/nss/lib/util/secplcy.c
new file mode 100644
index 0000000..0c784d0
--- /dev/null
+++ b/nss/lib/util/secplcy.c
@@ -0,0 +1,83 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "secplcy.h"
+#include "prmem.h"
+
+SECCipherFind *
+sec_CipherFindInit(PRBool onlyAllowed,
+                   secCPStruct *policy,
+                   long *ciphers)
+{
+    SECCipherFind *find = PR_NEWZAP(SECCipherFind);
+    if (find) {
+        find->policy = policy;
+        find->ciphers = ciphers;
+        find->onlyAllowed = onlyAllowed;
+        find->index = -1;
+    }
+    return find;
+}
+
+long
+sec_CipherFindNext(SECCipherFind *find)
+{
+    char *policy;
+    long rv = -1;
+    secCPStruct *policies = (secCPStruct *)find->policy;
+    long *ciphers = (long *)find->ciphers;
+    long numCiphers = policies->num_ciphers;
+
+    find->index++;
+    while ((find->index < numCiphers) && (rv == -1)) {
+        /* Translate index to cipher. */
+        rv = ciphers[find->index];
+
+        /* If we're only looking for allowed ciphers, and if this
+           cipher isn't allowed, loop around.*/
+        if (find->onlyAllowed) {
+            /* Find the appropriate policy flag. */
+            policy = (&(policies->begin_ciphers)) + find->index + 1;
+
+            /* If this cipher isn't allowed by policy, continue. */
+            if (!(*policy)) {
+                rv = -1;
+                find->index++;
+            }
+        }
+    }
+
+    return rv;
+}
+
+char
+sec_IsCipherAllowed(long cipher, secCPStruct *policies,
+                    long *ciphers)
+{
+    char result = SEC_CIPHER_NOT_ALLOWED; /* our default answer */
+    long numCiphers = policies->num_ciphers;
+    char *policy;
+    int i;
+
+    /* Convert the cipher number into a policy flag location. */
+    for (i = 0, policy = (&(policies->begin_ciphers) + 1);
+         i < numCiphers;
+         i++, policy++) {
+        if (cipher == ciphers[i])
+            break;
+    }
+
+    if (i < numCiphers) {
+        /* Found the cipher, get the policy value. */
+        result = *policy;
+    }
+
+    return result;
+}
+
+void
+sec_CipherFindEnd(SECCipherFind *find)
+{
+    PR_FREEIF(find);
+}
diff --git a/nss/lib/util/secplcy.h b/nss/lib/util/secplcy.h
new file mode 100644
index 0000000..6a85e03
--- /dev/null
+++ b/nss/lib/util/secplcy.h
@@ -0,0 +1,104 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __secplcy_h__
+#define __secplcy_h__
+
+#include "utilrename.h"
+
+#include "prtypes.h"
+
+/*
+** Cipher policy enforcement. This code isn't very pretty, but it accomplishes
+** the purpose of obscuring policy information from potential fortifiers. :-)
+**
+** The following routines are generic and intended for anywhere where cipher
+** policy enforcement is to be done, e.g. SSL and PKCS7&12.
+*/
+
+#define SEC_CIPHER_NOT_ALLOWED 0
+#define SEC_CIPHER_ALLOWED 1
+#define SEC_CIPHER_RESTRICTED 2 /* cipher is allowed in limited cases \
+                                   e.g. step-up */
+
+/* The length of the header string for each cipher table.
+   (It's the same regardless of whether we're using md5 strings or not.) */
+#define SEC_POLICY_HEADER_LENGTH 48
+
+/* If we're testing policy stuff, we may want to use the plaintext version */
+#define SEC_POLICY_USE_MD5_STRINGS 1
+
+#define SEC_POLICY_THIS_IS_THE \
+    "\x2a\x3a\x51\xbf\x2f\x71\xb7\x73\xaa\xca\x6b\x57\x70\xcd\xc8\x9f"
+#define SEC_POLICY_STRING_FOR_THE \
+    "\x97\x15\xe2\x70\xd2\x8a\xde\xa9\xe7\xa7\x6a\xe2\x83\xe5\xb1\xf6"
+#define SEC_POLICY_SSL_TAIL \
+    "\x70\x16\x25\xc0\x2a\xb2\x4a\xca\xb6\x67\xb1\x89\x20\xdf\x87\xca"
+#define SEC_POLICY_SMIME_TAIL \
+    "\xdf\xd4\xe7\x2a\xeb\xc4\x1b\xb5\xd8\xe5\xe0\x2a\x16\x9f\xc4\xb9"
+#define SEC_POLICY_PKCS12_TAIL \
+    "\x1c\xf8\xa4\x85\x4a\xc6\x8a\xfe\xe6\xca\x03\x72\x50\x1c\xe2\xc8"
+
+#if defined(SEC_POLICY_USE_MD5_STRINGS)
+
+/* We're not testing.
+   Use md5 checksums of the strings. */
+
+#define SEC_POLICY_SSL_HEADER \
+    SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SSL_TAIL
+
+#define SEC_POLICY_SMIME_HEADER \
+    SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_SMIME_TAIL
+
+#define SEC_POLICY_PKCS12_HEADER \
+    SEC_POLICY_THIS_IS_THE SEC_POLICY_STRING_FOR_THE SEC_POLICY_PKCS12_TAIL
+
+#else
+
+/* We're testing.
+   Use plaintext versions of the strings, for testing purposes. */
+#define SEC_POLICY_SSL_HEADER \
+    "This is the string for the SSL policy table.    "
+#define SEC_POLICY_SMIME_HEADER \
+    "This is the string for the PKCS7 policy table.  "
+#define SEC_POLICY_PKCS12_HEADER \
+    "This is the string for the PKCS12 policy table. "
+
+#endif
+
+/* Local cipher tables have to have these members at the top. */
+typedef struct _sec_cp_struct {
+    char policy_string[SEC_POLICY_HEADER_LENGTH];
+    long unused; /* placeholder for max keybits in pkcs12 struct */
+    char num_ciphers;
+    char begin_ciphers;
+    /* cipher policy settings follow. each is a char. */
+} secCPStruct;
+
+struct SECCipherFindStr {
+    /* (policy) and (ciphers) are opaque to the outside world */
+    void *policy;
+    void *ciphers;
+    long index;
+    PRBool onlyAllowed;
+};
+
+typedef struct SECCipherFindStr SECCipherFind;
+
+SEC_BEGIN_PROTOS
+
+SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed,
+                                  secCPStruct *policy,
+                                  long *ciphers);
+
+long sec_CipherFindNext(SECCipherFind *find);
+
+char sec_IsCipherAllowed(long cipher, secCPStruct *policies,
+                         long *ciphers);
+
+void sec_CipherFindEnd(SECCipherFind *find);
+
+SEC_END_PROTOS
+
+#endif /* __SECPLCY_H__ */
diff --git a/nss/lib/util/secport.c b/nss/lib/util/secport.c
new file mode 100644
index 0000000..0eea0cd
--- /dev/null
+++ b/nss/lib/util/secport.c
@@ -0,0 +1,732 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * secport.c - portability interfaces for security libraries
+ *
+ * This file abstracts out libc functionality that libsec depends on
+ *
+ * NOTE - These are not public interfaces
+ */
+
+#include "seccomon.h"
+#include "prmem.h"
+#include "prerror.h"
+#include "plarena.h"
+#include "secerr.h"
+#include "prmon.h"
+#include "nssilock.h"
+#include "secport.h"
+#include "prenv.h"
+#include "prinit.h"
+
+#ifdef DEBUG
+#define THREADMARK
+#endif /* DEBUG */
+
+#ifdef THREADMARK
+#include "prthread.h"
+#endif /* THREADMARK */
+
+#if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
+#include <stdlib.h>
+#else
+#include "wtypes.h"
+#endif
+
+#define SET_ERROR_CODE /* place holder for code to set PR error code. */
+
+#ifdef THREADMARK
+typedef struct threadmark_mark_str {
+    struct threadmark_mark_str *next;
+    void *mark;
+} threadmark_mark;
+
+#endif /* THREADMARK */
+
+/* The value of this magic must change each time PORTArenaPool changes. */
+#define ARENAPOOL_MAGIC 0xB8AC9BDF
+
+#define CHEAP_ARENAPOOL_MAGIC 0x3F16BB09
+
+typedef struct PORTArenaPool_str {
+    PLArenaPool arena;
+    PRUint32 magic;
+    PRLock *lock;
+#ifdef THREADMARK
+    PRThread *marking_thread;
+    threadmark_mark *first_mark;
+#endif
+} PORTArenaPool;
+
+/* locations for registering Unicode conversion functions.
+ * XXX is this the appropriate location?  or should they be
+ *     moved to client/server specific locations?
+ */
+PORTCharConversionFunc ucs4Utf8ConvertFunc;
+PORTCharConversionFunc ucs2Utf8ConvertFunc;
+PORTCharConversionWSwapFunc ucs2AsciiConvertFunc;
+
+/* NSPR memory allocation functions (PR_Malloc, PR_Calloc, and PR_Realloc)
+ * use the PRUint32 type for the size parameter. Before we pass a size_t or
+ * unsigned long size to these functions, we need to ensure it is <= half of
+ * the maximum PRUint32 value to avoid truncation and catch a negative size.
+ */
+#define MAX_SIZE (PR_UINT32_MAX >> 1)
+
+void *
+PORT_Alloc(size_t bytes)
+{
+    void *rv = NULL;
+
+    if (bytes <= MAX_SIZE) {
+        /* Always allocate a non-zero amount of bytes */
+        rv = PR_Malloc(bytes ? bytes : 1);
+    }
+    if (!rv) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+    return rv;
+}
+
+void *
+PORT_Realloc(void *oldptr, size_t bytes)
+{
+    void *rv = NULL;
+
+    if (bytes <= MAX_SIZE) {
+        rv = PR_Realloc(oldptr, bytes);
+    }
+    if (!rv) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+    return rv;
+}
+
+void *
+PORT_ZAlloc(size_t bytes)
+{
+    void *rv = NULL;
+
+    if (bytes <= MAX_SIZE) {
+        /* Always allocate a non-zero amount of bytes */
+        rv = PR_Calloc(1, bytes ? bytes : 1);
+    }
+    if (!rv) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+    return rv;
+}
+
+void
+PORT_Free(void *ptr)
+{
+    if (ptr) {
+        PR_Free(ptr);
+    }
+}
+
+void
+PORT_ZFree(void *ptr, size_t len)
+{
+    if (ptr) {
+        memset(ptr, 0, len);
+        PR_Free(ptr);
+    }
+}
+
+char *
+PORT_Strdup(const char *str)
+{
+    size_t len = PORT_Strlen(str) + 1;
+    char *newstr;
+
+    newstr = (char *)PORT_Alloc(len);
+    if (newstr) {
+        PORT_Memcpy(newstr, str, len);
+    }
+    return newstr;
+}
+
+void
+PORT_SetError(int value)
+{
+#ifdef DEBUG_jp96085
+    PORT_Assert(value != SEC_ERROR_REUSED_ISSUER_AND_SERIAL);
+#endif
+    PR_SetError(value, 0);
+    return;
+}
+
+int
+PORT_GetError(void)
+{
+    return (PR_GetError());
+}
+
+/********************* Arena code follows *****************************
+ * ArenaPools are like heaps.  The memory in them consists of large blocks,
+ * called arenas, which are allocated from the/a system heap.  Inside an
+ * ArenaPool, the arenas are organized as if they were in a stack.  Newly
+ * allocated arenas are "pushed" on that stack.  When you attempt to
+ * allocate memory from an ArenaPool, the code first looks to see if there
+ * is enough unused space in the top arena on the stack to satisfy your
+ * request, and if so, your request is satisfied from that arena.
+ * Otherwise, a new arena is allocated (or taken from NSPR's list of freed
+ * arenas) and pushed on to the stack.  The new arena is always big enough
+ * to satisfy the request, and is also at least a minimum size that is
+ * established at the time that the ArenaPool is created.
+ *
+ * The ArenaMark function returns the address of a marker in the arena at
+ * the top of the arena stack.  It is the address of the place in the arena
+ * on the top of the arena stack from which the next block of memory will
+ * be allocated.  Each ArenaPool has its own separate stack, and hence
+ * marks are only relevant to the ArenaPool from which they are gotten.
+ * Marks may be nested.  That is, a thread can get a mark, and then get
+ * another mark.
+ *
+ * It is intended that all the marks in an ArenaPool may only be owned by a
+ * single thread.  In DEBUG builds, this is enforced.  In non-DEBUG builds,
+ * it is not.  In DEBUG builds, when a thread gets a mark from an
+ * ArenaPool, no other thread may acquire a mark in that ArenaPool while
+ * that mark exists, that is, until that mark is unmarked or released.
+ * Therefore, it is important that every mark be unmarked or released when
+ * the creating thread has no further need for exclusive ownership of the
+ * right to manage the ArenaPool.
+ *
+ * The ArenaUnmark function discards the ArenaMark at the address given,
+ * and all marks nested inside that mark (that is, acquired from that same
+ * ArenaPool while that mark existed).   It is an error for a thread other
+ * than the mark's creator to try to unmark it.  When a thread has unmarked
+ * all its marks from an ArenaPool, then another thread is able to set
+ * marks in that ArenaPool.  ArenaUnmark does not deallocate (or "pop") any
+ * memory allocated from the ArenaPool since the mark was created.
+ *
+ * ArenaRelease "pops" the stack back to the mark, deallocating all the
+ * memory allocated from the arenas in the ArenaPool since that mark was
+ * created, and removing any arenas from the ArenaPool that have no
+ * remaining active allocations when that is done.  It implicitly releases
+ * any marks nested inside the mark being explicitly released.  It is the
+ * only operation, other than destroying the arenapool, that potentially
+ * reduces the number of arenas on the stack.  Otherwise, the stack grows
+ * until the arenapool is destroyed, at which point all the arenas are
+ * freed or returned to a "free arena list", depending on their sizes.
+ */
+PLArenaPool *
+PORT_NewArena(unsigned long chunksize)
+{
+    PORTArenaPool *pool;
+
+    if (chunksize > MAX_SIZE) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+    pool = PORT_ZNew(PORTArenaPool);
+    if (!pool) {
+        return NULL;
+    }
+    pool->magic = ARENAPOOL_MAGIC;
+    pool->lock = PZ_NewLock(nssILockArena);
+    if (!pool->lock) {
+        PORT_Free(pool);
+        return NULL;
+    }
+    PL_InitArenaPool(&pool->arena, "security", chunksize, sizeof(double));
+    return (&pool->arena);
+}
+
+void
+PORT_InitCheapArena(PORTCheapArenaPool *pool, unsigned long chunksize)
+{
+    pool->magic = CHEAP_ARENAPOOL_MAGIC;
+    PL_InitArenaPool(&pool->arena, "security", chunksize, sizeof(double));
+}
+
+void *
+PORT_ArenaAlloc(PLArenaPool *arena, size_t size)
+{
+    void *p = NULL;
+
+    PORTArenaPool *pool = (PORTArenaPool *)arena;
+
+    if (size <= 0) {
+        size = 1;
+    }
+
+    if (size > MAX_SIZE) {
+        /* you lose. */
+    } else
+        /* Is it one of ours?  Assume so and check the magic */
+        if (ARENAPOOL_MAGIC == pool->magic) {
+        PZ_Lock(pool->lock);
+#ifdef THREADMARK
+        /* Most likely one of ours.  Is there a thread id? */
+        if (pool->marking_thread &&
+            pool->marking_thread != PR_GetCurrentThread()) {
+            /* Another thread holds a mark in this arena */
+            PZ_Unlock(pool->lock);
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            PORT_Assert(0);
+            return NULL;
+        } /* tid != null */
+#endif    /* THREADMARK */
+        PL_ARENA_ALLOCATE(p, arena, size);
+        PZ_Unlock(pool->lock);
+    } else {
+        PL_ARENA_ALLOCATE(p, arena, size);
+    }
+
+    if (!p) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+    }
+
+    return (p);
+}
+
+void *
+PORT_ArenaZAlloc(PLArenaPool *arena, size_t size)
+{
+    void *p;
+
+    if (size <= 0)
+        size = 1;
+
+    p = PORT_ArenaAlloc(arena, size);
+
+    if (p) {
+        PORT_Memset(p, 0, size);
+    }
+
+    return (p);
+}
+
+static PRCallOnceType setupUseFreeListOnce;
+static PRBool useFreeList;
+
+static PRStatus
+SetupUseFreeList(void)
+{
+    useFreeList = (PR_GetEnvSecure("NSS_DISABLE_ARENA_FREE_LIST") == NULL);
+    return PR_SUCCESS;
+}
+
+/*
+ * If zero is true, zeroize the arena memory before freeing it.
+ */
+void
+PORT_FreeArena(PLArenaPool *arena, PRBool zero)
+{
+    PORTArenaPool *pool = (PORTArenaPool *)arena;
+    PRLock *lock = (PRLock *)0;
+    size_t len = sizeof *arena;
+
+    if (!pool)
+        return;
+    if (ARENAPOOL_MAGIC == pool->magic) {
+        len = sizeof *pool;
+        lock = pool->lock;
+        PZ_Lock(lock);
+    }
+    if (zero) {
+        PL_ClearArenaPool(arena, 0);
+    }
+    (void)PR_CallOnce(&setupUseFreeListOnce, &SetupUseFreeList);
+    if (useFreeList) {
+        PL_FreeArenaPool(arena);
+    } else {
+        PL_FinishArenaPool(arena);
+    }
+    PORT_ZFree(arena, len);
+    if (lock) {
+        PZ_Unlock(lock);
+        PZ_DestroyLock(lock);
+    }
+}
+
+void
+PORT_DestroyCheapArena(PORTCheapArenaPool *pool)
+{
+    (void)PR_CallOnce(&setupUseFreeListOnce, &SetupUseFreeList);
+    if (useFreeList) {
+        PL_FreeArenaPool(&pool->arena);
+    } else {
+        PL_FinishArenaPool(&pool->arena);
+    }
+}
+
+void *
+PORT_ArenaGrow(PLArenaPool *arena, void *ptr, size_t oldsize, size_t newsize)
+{
+    PORTArenaPool *pool = (PORTArenaPool *)arena;
+    PORT_Assert(newsize >= oldsize);
+
+    if (newsize > MAX_SIZE) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    if (ARENAPOOL_MAGIC == pool->magic) {
+        PZ_Lock(pool->lock);
+        /* Do we do a THREADMARK check here? */
+        PL_ARENA_GROW(ptr, arena, oldsize, (newsize - oldsize));
+        PZ_Unlock(pool->lock);
+    } else {
+        PL_ARENA_GROW(ptr, arena, oldsize, (newsize - oldsize));
+    }
+
+    return (ptr);
+}
+
+void *
+PORT_ArenaMark(PLArenaPool *arena)
+{
+    void *result;
+
+    PORTArenaPool *pool = (PORTArenaPool *)arena;
+    if (ARENAPOOL_MAGIC == pool->magic) {
+        PZ_Lock(pool->lock);
+#ifdef THREADMARK
+        {
+            threadmark_mark *tm, **pw;
+            PRThread *currentThread = PR_GetCurrentThread();
+
+            if (!pool->marking_thread) {
+                /* First mark */
+                pool->marking_thread = currentThread;
+            } else if (currentThread != pool->marking_thread) {
+                PZ_Unlock(pool->lock);
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                PORT_Assert(0);
+                return NULL;
+            }
+
+            result = PL_ARENA_MARK(arena);
+            PL_ARENA_ALLOCATE(tm, arena, sizeof(threadmark_mark));
+            if (!tm) {
+                PZ_Unlock(pool->lock);
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                return NULL;
+            }
+
+            tm->mark = result;
+            tm->next = (threadmark_mark *)NULL;
+
+            pw = &pool->first_mark;
+            while (*pw) {
+                pw = &(*pw)->next;
+            }
+
+            *pw = tm;
+        }
+#else  /* THREADMARK */
+        result = PL_ARENA_MARK(arena);
+#endif /* THREADMARK */
+        PZ_Unlock(pool->lock);
+    } else {
+        /* a "pure" NSPR arena */
+        result = PL_ARENA_MARK(arena);
+    }
+    return result;
+}
+
+/*
+ * This function accesses the internals of PLArena, which is why it needs
+ * to use the NSPR internal macro PL_MAKE_MEM_UNDEFINED before the memset
+ * calls.
+ *
+ * We should move this function to NSPR as PL_ClearArenaAfterMark or add
+ * a PL_ARENA_CLEAR_AND_RELEASE macro.
+ *
+ * TODO: remove the #ifdef PL_MAKE_MEM_UNDEFINED tests when NSPR 4.10+ is
+ * widely available.
+ */
+static void
+port_ArenaZeroAfterMark(PLArenaPool *arena, void *mark)
+{
+    PLArena *a = arena->current;
+    if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) {
+/* fast path: mark falls in the current arena */
+#ifdef PL_MAKE_MEM_UNDEFINED
+        PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark);
+#endif
+        memset(mark, 0, a->avail - (PRUword)mark);
+    } else {
+        /* slow path: need to find the arena that mark falls in */
+        for (a = arena->first.next; a; a = a->next) {
+            PR_ASSERT(a->base <= a->avail && a->avail <= a->limit);
+            if (a->base <= (PRUword)mark && (PRUword)mark <= a->avail) {
+#ifdef PL_MAKE_MEM_UNDEFINED
+                PL_MAKE_MEM_UNDEFINED(mark, a->avail - (PRUword)mark);
+#endif
+                memset(mark, 0, a->avail - (PRUword)mark);
+                a = a->next;
+                break;
+            }
+        }
+        for (; a; a = a->next) {
+            PR_ASSERT(a->base <= a->avail && a->avail <= a->limit);
+#ifdef PL_MAKE_MEM_UNDEFINED
+            PL_MAKE_MEM_UNDEFINED((void *)a->base, a->avail - a->base);
+#endif
+            memset((void *)a->base, 0, a->avail - a->base);
+        }
+    }
+}
+
+static void
+port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero)
+{
+    PORTArenaPool *pool = (PORTArenaPool *)arena;
+    if (ARENAPOOL_MAGIC == pool->magic) {
+        PZ_Lock(pool->lock);
+#ifdef THREADMARK
+        {
+            threadmark_mark **pw;
+
+            if (PR_GetCurrentThread() != pool->marking_thread) {
+                PZ_Unlock(pool->lock);
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                PORT_Assert(0);
+                return /* no error indication available */;
+            }
+
+            pw = &pool->first_mark;
+            while (*pw && (mark != (*pw)->mark)) {
+                pw = &(*pw)->next;
+            }
+
+            if (!*pw) {
+                /* bad mark */
+                PZ_Unlock(pool->lock);
+                PORT_SetError(SEC_ERROR_NO_MEMORY);
+                PORT_Assert(0);
+                return /* no error indication available */;
+            }
+
+            *pw = (threadmark_mark *)NULL;
+
+            if (zero) {
+                port_ArenaZeroAfterMark(arena, mark);
+            }
+            PL_ARENA_RELEASE(arena, mark);
+
+            if (!pool->first_mark) {
+                pool->marking_thread = (PRThread *)NULL;
+            }
+        }
+#else  /* THREADMARK */
+        if (zero) {
+            port_ArenaZeroAfterMark(arena, mark);
+        }
+        PL_ARENA_RELEASE(arena, mark);
+#endif /* THREADMARK */
+        PZ_Unlock(pool->lock);
+    } else {
+        if (zero) {
+            port_ArenaZeroAfterMark(arena, mark);
+        }
+        PL_ARENA_RELEASE(arena, mark);
+    }
+}
+
+void
+PORT_ArenaRelease(PLArenaPool *arena, void *mark)
+{
+    port_ArenaRelease(arena, mark, PR_FALSE);
+}
+
+/*
+ * Zeroize the arena memory before releasing it.
+ */
+void
+PORT_ArenaZRelease(PLArenaPool *arena, void *mark)
+{
+    port_ArenaRelease(arena, mark, PR_TRUE);
+}
+
+void
+PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
+{
+#ifdef THREADMARK
+    PORTArenaPool *pool = (PORTArenaPool *)arena;
+    if (ARENAPOOL_MAGIC == pool->magic) {
+        threadmark_mark **pw;
+
+        PZ_Lock(pool->lock);
+
+        if (PR_GetCurrentThread() != pool->marking_thread) {
+            PZ_Unlock(pool->lock);
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            PORT_Assert(0);
+            return /* no error indication available */;
+        }
+
+        pw = &pool->first_mark;
+        while (((threadmark_mark *)NULL != *pw) && (mark != (*pw)->mark)) {
+            pw = &(*pw)->next;
+        }
+
+        if ((threadmark_mark *)NULL == *pw) {
+            /* bad mark */
+            PZ_Unlock(pool->lock);
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            PORT_Assert(0);
+            return /* no error indication available */;
+        }
+
+        *pw = (threadmark_mark *)NULL;
+
+        if (!pool->first_mark) {
+            pool->marking_thread = (PRThread *)NULL;
+        }
+
+        PZ_Unlock(pool->lock);
+    }
+#endif /* THREADMARK */
+}
+
+char *
+PORT_ArenaStrdup(PLArenaPool *arena, const char *str)
+{
+    int len = PORT_Strlen(str) + 1;
+    char *newstr;
+
+    newstr = (char *)PORT_ArenaAlloc(arena, len);
+    if (newstr) {
+        PORT_Memcpy(newstr, str, len);
+    }
+    return newstr;
+}
+
+/********************** end of arena functions ***********************/
+
+/****************** unicode conversion functions ***********************/
+/*
+ * NOTE: These conversion functions all assume that the multibyte
+ * characters are going to be in NETWORK BYTE ORDER, not host byte
+ * order.  This is because the only time we deal with UCS-2 and UCS-4
+ * are when the data was received from or is going to be sent out
+ * over the wire (in, e.g. certificates).
+ */
+
+void
+PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
+{
+    ucs4Utf8ConvertFunc = convFunc;
+}
+
+void
+PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc)
+{
+    ucs2AsciiConvertFunc = convFunc;
+}
+
+void
+PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc)
+{
+    ucs2Utf8ConvertFunc = convFunc;
+}
+
+PRBool
+PORT_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
+                         unsigned int inBufLen, unsigned char *outBuf,
+                         unsigned int maxOutBufLen, unsigned int *outBufLen)
+{
+    if (!ucs4Utf8ConvertFunc) {
+        return sec_port_ucs4_utf8_conversion_function(toUnicode,
+                                                      inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
+    }
+
+    return (*ucs4Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
+                                  maxOutBufLen, outBufLen);
+}
+
+PRBool
+PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
+                         unsigned int inBufLen, unsigned char *outBuf,
+                         unsigned int maxOutBufLen, unsigned int *outBufLen)
+{
+    if (!ucs2Utf8ConvertFunc) {
+        return sec_port_ucs2_utf8_conversion_function(toUnicode,
+                                                      inBuf, inBufLen, outBuf, maxOutBufLen, outBufLen);
+    }
+
+    return (*ucs2Utf8ConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
+                                  maxOutBufLen, outBufLen);
+}
+
+PRBool
+PORT_ISO88591_UTF8Conversion(const unsigned char *inBuf,
+                             unsigned int inBufLen, unsigned char *outBuf,
+                             unsigned int maxOutBufLen, unsigned int *outBufLen)
+{
+    return sec_port_iso88591_utf8_conversion_function(inBuf, inBufLen,
+                                                      outBuf, maxOutBufLen, outBufLen);
+}
+
+PRBool
+PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
+                          unsigned int inBufLen, unsigned char *outBuf,
+                          unsigned int maxOutBufLen, unsigned int *outBufLen,
+                          PRBool swapBytes)
+{
+    if (!ucs2AsciiConvertFunc) {
+        return PR_FALSE;
+    }
+
+    return (*ucs2AsciiConvertFunc)(toUnicode, inBuf, inBufLen, outBuf,
+                                   maxOutBufLen, outBufLen, swapBytes);
+}
+
+/* Portable putenv.  Creates/replaces an environment variable of the form
+ *  envVarName=envValue
+ */
+int
+NSS_PutEnv(const char *envVarName, const char *envValue)
+{
+    SECStatus result = SECSuccess;
+    char *encoded;
+    int putEnvFailed;
+#ifdef _WIN32
+    PRBool setOK;
+
+    setOK = SetEnvironmentVariable(envVarName, envValue);
+    if (!setOK) {
+        SET_ERROR_CODE
+        return SECFailure;
+    }
+#endif
+
+    encoded = (char *)PORT_ZAlloc(strlen(envVarName) + 2 + strlen(envValue));
+    strcpy(encoded, envVarName);
+    strcat(encoded, "=");
+    strcat(encoded, envValue);
+
+    putEnvFailed = putenv(encoded); /* adopt. */
+    if (putEnvFailed) {
+        SET_ERROR_CODE
+        result = SECFailure;
+        PORT_Free(encoded);
+    }
+    return result;
+}
+
+/*
+ * Perform a constant-time compare of two memory regions. The return value is
+ * 0 if the memory regions are equal and non-zero otherwise.
+ */
+int
+NSS_SecureMemcmp(const void *ia, const void *ib, size_t n)
+{
+    const unsigned char *a = (const unsigned char *)ia;
+    const unsigned char *b = (const unsigned char *)ib;
+    size_t i;
+    unsigned char r = 0;
+
+    for (i = 0; i < n; ++i) {
+        r |= *a++ ^ *b++;
+    }
+
+    return r;
+}
diff --git a/nss/lib/util/secport.h b/nss/lib/util/secport.h
new file mode 100644
index 0000000..fb9ff4e
--- /dev/null
+++ b/nss/lib/util/secport.h
@@ -0,0 +1,287 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * secport.h - portability interfaces for security libraries
+ */
+
+#ifndef _SECPORT_H_
+#define _SECPORT_H_
+
+#include "utilrename.h"
+#include "prlink.h"
+
+/*
+ * define XP_WIN, XP_BEOS, or XP_UNIX, in case they are not defined
+ * by anyone else
+ */
+#ifdef _WINDOWS
+#ifndef XP_WIN
+#define XP_WIN
+#endif
+#if defined(_WIN32) || defined(WIN32)
+#ifndef XP_WIN32
+#define XP_WIN32
+#endif
+#endif
+#endif
+
+#ifdef __BEOS__
+#ifndef XP_BEOS
+#define XP_BEOS
+#endif
+#endif
+
+#ifdef unix
+#ifndef XP_UNIX
+#define XP_UNIX
+#endif
+#endif
+
+#include <sys/types.h>
+
+#include <ctype.h>
+#include <string.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include "prtypes.h"
+#include "prlog.h" /* for PR_ASSERT */
+#include "plarena.h"
+#include "plstr.h"
+
+/*
+ * HACK for NSS 2.8 to allow Admin to compile without source changes.
+ */
+#ifndef SEC_BEGIN_PROTOS
+#include "seccomon.h"
+#endif
+
+/*
+ * The PORT_*Arena* function signatures mostly involve PLArenaPool* arguments.
+ * But this is misleading! It's not actually safe to use vanilla PLArenaPools
+ * with them. There are two "subclasses" of PLArenaPool that should be used
+ * instead.
+ *
+ * - PORTArenaPool (defined in secport.c): this "subclass" is always
+ *   heap-allocated and uses a (heap-allocated) lock to protect all accesses.
+ *   Use PORT_NewArena() and PORT_FreeArena() to create and destroy
+ *   PORTArenaPools.
+ *
+ * - PORTCheapArenaPool (defined here): this "subclass" can be stack-allocated
+ *   and does not use a lock to protect accesses. This makes it cheaper but
+ *   less general. It is best used for arena pools that (a) are hot, (b) have
+ *   lifetimes bounded within a single function, and (c) don't need locking.
+ *   Use PORT_InitCheapArena() and PORT_DestroyCheapArena() to initialize and
+ *   finalize PORTCheapArenaPools.
+ *
+ * All the other PORT_Arena* functions will operate safely with either
+ * subclass.
+ */
+typedef struct PORTCheapArenaPool_str {
+    PLArenaPool arena;
+    PRUint32 magic; /* This is used to distinguish the two subclasses. */
+} PORTCheapArenaPool;
+
+SEC_BEGIN_PROTOS
+
+extern void *PORT_Alloc(size_t len);
+extern void *PORT_Realloc(void *old, size_t len);
+extern void *PORT_ZAlloc(size_t len);
+extern void PORT_Free(void *ptr);
+extern void PORT_ZFree(void *ptr, size_t len);
+extern char *PORT_Strdup(const char *s);
+extern void PORT_SetError(int value);
+extern int PORT_GetError(void);
+
+/* These functions are for use with PORTArenaPools. */
+extern PLArenaPool *PORT_NewArena(unsigned long chunksize);
+extern void PORT_FreeArena(PLArenaPool *arena, PRBool zero);
+
+/* These functions are for use with PORTCheapArenaPools. */
+extern void PORT_InitCheapArena(PORTCheapArenaPool *arena,
+                                unsigned long chunksize);
+extern void PORT_DestroyCheapArena(PORTCheapArenaPool *arena);
+
+/* These functions work with both kinds of arena pool. */
+extern void *PORT_ArenaAlloc(PLArenaPool *arena, size_t size);
+extern void *PORT_ArenaZAlloc(PLArenaPool *arena, size_t size);
+extern void *PORT_ArenaGrow(PLArenaPool *arena, void *ptr,
+                            size_t oldsize, size_t newsize);
+extern void *PORT_ArenaMark(PLArenaPool *arena);
+extern void PORT_ArenaRelease(PLArenaPool *arena, void *mark);
+extern void PORT_ArenaZRelease(PLArenaPool *arena, void *mark);
+extern void PORT_ArenaUnmark(PLArenaPool *arena, void *mark);
+extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str);
+
+SEC_END_PROTOS
+
+#define PORT_Assert PR_ASSERT
+/* This runs a function that should return SECSuccess.
+ * Intended for NSS internal use only.
+ * The return value is asserted in a debug build, otherwise it is ignored.
+ * This is no substitute for proper error handling.  It is OK only if you
+ * have ensured that the function cannot fail by other means such as checking
+ * prerequisites.  In that case this can be used as a safeguard against
+ * unexpected changes in a function.
+ */
+#ifdef DEBUG
+#define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess)
+#else
+#define PORT_CheckSuccess(f) (f)
+#endif
+#define PORT_ZNew(type) (type *)PORT_ZAlloc(sizeof(type))
+#define PORT_New(type) (type *)PORT_Alloc(sizeof(type))
+#define PORT_ArenaNew(poolp, type) \
+    (type *)PORT_ArenaAlloc(poolp, sizeof(type))
+#define PORT_ArenaZNew(poolp, type) \
+    (type *)PORT_ArenaZAlloc(poolp, sizeof(type))
+#define PORT_NewArray(type, num) \
+    (type *)PORT_Alloc(sizeof(type) * (num))
+#define PORT_ZNewArray(type, num) \
+    (type *)PORT_ZAlloc(sizeof(type) * (num))
+#define PORT_ArenaNewArray(poolp, type, num) \
+    (type *)PORT_ArenaAlloc(poolp, sizeof(type) * (num))
+#define PORT_ArenaZNewArray(poolp, type, num) \
+    (type *)PORT_ArenaZAlloc(poolp, sizeof(type) * (num))
+
+/* Please, keep these defines sorted alphabetically.  Thanks! */
+
+#define PORT_Atoi(buff) (int)strtol(buff, NULL, 10)
+
+/* Returns a UTF-8 encoded constant error string for err.
+ * Returns NULL if initialization of the error tables fails
+ * due to insufficient memory.
+ *
+ * This string must not be modified by the application.
+ */
+#define PORT_ErrorToString(err) PR_ErrorToString((err), PR_LANGUAGE_I_DEFAULT)
+
+#define PORT_ErrorToName PR_ErrorToName
+
+#define PORT_Memcmp memcmp
+#define PORT_Memcpy memcpy
+#ifndef SUNOS4
+#define PORT_Memmove memmove
+#else /*SUNOS4*/
+#define PORT_Memmove(s, ct, n) bcopy((ct), (s), (n))
+#endif /*SUNOS4*/
+#define PORT_Memset memset
+
+#define PORT_Strcasecmp PL_strcasecmp
+#define PORT_Strcat strcat
+#define PORT_Strchr strchr
+#define PORT_Strrchr strrchr
+#define PORT_Strcmp strcmp
+#define PORT_Strcpy strcpy
+#define PORT_Strlen(s) strlen(s)
+#define PORT_Strncasecmp PL_strncasecmp
+#define PORT_Strncat strncat
+#define PORT_Strncmp strncmp
+#define PORT_Strncpy strncpy
+#define PORT_Strpbrk strpbrk
+#define PORT_Strstr strstr
+#define PORT_Strtok strtok
+
+#define PORT_Tolower tolower
+
+typedef PRBool(PR_CALLBACK *PORTCharConversionWSwapFunc)(PRBool toUnicode,
+                                                         unsigned char *inBuf, unsigned int inBufLen,
+                                                         unsigned char *outBuf, unsigned int maxOutBufLen,
+                                                         unsigned int *outBufLen, PRBool swapBytes);
+
+typedef PRBool(PR_CALLBACK *PORTCharConversionFunc)(PRBool toUnicode,
+                                                    unsigned char *inBuf, unsigned int inBufLen,
+                                                    unsigned char *outBuf, unsigned int maxOutBufLen,
+                                                    unsigned int *outBufLen);
+
+SEC_BEGIN_PROTOS
+
+void PORT_SetUCS4_UTF8ConversionFunction(PORTCharConversionFunc convFunc);
+void PORT_SetUCS2_ASCIIConversionFunction(PORTCharConversionWSwapFunc convFunc);
+PRBool PORT_UCS4_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
+                                unsigned int inBufLen, unsigned char *outBuf,
+                                unsigned int maxOutBufLen, unsigned int *outBufLen);
+PRBool PORT_UCS2_ASCIIConversion(PRBool toUnicode, unsigned char *inBuf,
+                                 unsigned int inBufLen, unsigned char *outBuf,
+                                 unsigned int maxOutBufLen, unsigned int *outBufLen,
+                                 PRBool swapBytes);
+void PORT_SetUCS2_UTF8ConversionFunction(PORTCharConversionFunc convFunc);
+PRBool PORT_UCS2_UTF8Conversion(PRBool toUnicode, unsigned char *inBuf,
+                                unsigned int inBufLen, unsigned char *outBuf,
+                                unsigned int maxOutBufLen, unsigned int *outBufLen);
+
+/* One-way conversion from ISO-8859-1 to UTF-8 */
+PRBool PORT_ISO88591_UTF8Conversion(const unsigned char *inBuf,
+                                    unsigned int inBufLen, unsigned char *outBuf,
+                                    unsigned int maxOutBufLen, unsigned int *outBufLen);
+
+extern PRBool
+sec_port_ucs4_utf8_conversion_function(
+    PRBool toUnicode,
+    unsigned char *inBuf,
+    unsigned int inBufLen,
+    unsigned char *outBuf,
+    unsigned int maxOutBufLen,
+    unsigned int *outBufLen);
+
+extern PRBool
+sec_port_ucs2_utf8_conversion_function(
+    PRBool toUnicode,
+    unsigned char *inBuf,
+    unsigned int inBufLen,
+    unsigned char *outBuf,
+    unsigned int maxOutBufLen,
+    unsigned int *outBufLen);
+
+/* One-way conversion from ISO-8859-1 to UTF-8 */
+extern PRBool
+sec_port_iso88591_utf8_conversion_function(
+    const unsigned char *inBuf,
+    unsigned int inBufLen,
+    unsigned char *outBuf,
+    unsigned int maxOutBufLen,
+    unsigned int *outBufLen);
+
+extern int NSS_PutEnv(const char *envVarName, const char *envValue);
+
+extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
+
+/*
+ * Load a shared library called "newShLibName" in the same directory as
+ * a shared library that is already loaded, called existingShLibName.
+ * A pointer to a static function in that shared library,
+ * staticShLibFunc, is required.
+ *
+ * existingShLibName:
+ *   The file name of the shared library that shall be used as the
+ *   "reference library". The loader will attempt to load the requested
+ *   library from the same directory as the reference library.
+ *
+ * staticShLibFunc:
+ *   Pointer to a static function in the "reference library".
+ *
+ * newShLibName:
+ *   The simple file name of the new shared library to be loaded.
+ *
+ * We use PR_GetLibraryFilePathname to get the pathname of the loaded
+ * shared lib that contains this function, and then do a
+ * PR_LoadLibraryWithFlags with an absolute pathname for the shared
+ * library to be loaded.
+ *
+ * On Windows, the "alternate search path" strategy is employed, if available.
+ * On Unix, if existingShLibName is a symbolic link, and no link exists for the
+ * new library, the original link will be resolved, and the new library loaded
+ * from the resolved location.
+ *
+ * If the new shared library is not found in the same location as the reference
+ * library, it will then be loaded from the normal system library path.
+ */
+PRLibrary *
+PORT_LoadLibraryFromOrigin(const char *existingShLibName,
+                           PRFuncPtr staticShLibFunc,
+                           const char *newShLibName);
+
+SEC_END_PROTOS
+
+#endif /* _SECPORT_H_ */
diff --git a/nss/lib/util/sectime.c b/nss/lib/util/sectime.c
new file mode 100644
index 0000000..11ee5ff
--- /dev/null
+++ b/nss/lib/util/sectime.c
@@ -0,0 +1,163 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "prtime.h"
+#include "secder.h"
+#include "secitem.h"
+#include "secerr.h"
+
+static char *DecodeUTCTime2FormattedAscii(SECItem *utcTimeDER, char *format);
+static char *DecodeGeneralizedTime2FormattedAscii(SECItem *generalizedTimeDER, char *format);
+
+/* convert DER utc time to ascii time string */
+char *
+DER_UTCTimeToAscii(SECItem *utcTime)
+{
+    return (DecodeUTCTime2FormattedAscii(utcTime, "%a %b %d %H:%M:%S %Y"));
+}
+
+/* convert DER utc time to ascii time string, only include day, not time */
+char *
+DER_UTCDayToAscii(SECItem *utctime)
+{
+    return (DecodeUTCTime2FormattedAscii(utctime, "%a %b %d, %Y"));
+}
+
+/* convert DER generalized time to ascii time string, only include day,
+   not time */
+char *
+DER_GeneralizedDayToAscii(SECItem *gentime)
+{
+    return (DecodeGeneralizedTime2FormattedAscii(gentime, "%a %b %d, %Y"));
+}
+
+/* convert DER generalized or UTC time to ascii time string, only include
+   day, not time */
+char *
+DER_TimeChoiceDayToAscii(SECItem *timechoice)
+{
+    switch (timechoice->type) {
+
+        case siUTCTime:
+            return DER_UTCDayToAscii(timechoice);
+
+        case siGeneralizedTime:
+            return DER_GeneralizedDayToAscii(timechoice);
+
+        default:
+            PORT_Assert(0);
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            return NULL;
+    }
+}
+
+char *
+CERT_UTCTime2FormattedAscii(PRTime utcTime, char *format)
+{
+    PRExplodedTime printableTime;
+    char *timeString;
+
+    /* Converse time to local time and decompose it into components */
+    PR_ExplodeTime(utcTime, PR_LocalTimeParameters, &printableTime);
+
+    timeString = (char *)PORT_Alloc(256);
+
+    if (timeString) {
+        if (!PR_FormatTime(timeString, 256, format, &printableTime)) {
+            PORT_Free(timeString);
+            timeString = NULL;
+        }
+    }
+
+    return (timeString);
+}
+
+char *
+CERT_GenTime2FormattedAscii(PRTime genTime, char *format)
+{
+    PRExplodedTime printableTime;
+    char *timeString;
+
+    /* Decompose time into components */
+    PR_ExplodeTime(genTime, PR_GMTParameters, &printableTime);
+
+    timeString = (char *)PORT_Alloc(256);
+
+    if (timeString) {
+        if (!PR_FormatTime(timeString, 256, format, &printableTime)) {
+            PORT_Free(timeString);
+            timeString = NULL;
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        }
+    }
+
+    return (timeString);
+}
+
+/* convert DER utc time to ascii time string, The format of the time string
+   depends on the input "format"
+ */
+static char *
+DecodeUTCTime2FormattedAscii(SECItem *utcTimeDER, char *format)
+{
+    PRTime utcTime;
+    int rv;
+
+    rv = DER_UTCTimeToTime(&utcTime, utcTimeDER);
+    if (rv) {
+        return (NULL);
+    }
+    return (CERT_UTCTime2FormattedAscii(utcTime, format));
+}
+
+/* convert DER utc time to ascii time string, The format of the time string
+   depends on the input "format"
+ */
+static char *
+DecodeGeneralizedTime2FormattedAscii(SECItem *generalizedTimeDER, char *format)
+{
+    PRTime generalizedTime;
+    int rv;
+
+    rv = DER_GeneralizedTimeToTime(&generalizedTime, generalizedTimeDER);
+    if (rv) {
+        return (NULL);
+    }
+    return (CERT_GeneralizedTime2FormattedAscii(generalizedTime, format));
+}
+
+/* decode a SECItem containing either a SEC_ASN1_GENERALIZED_TIME
+   or a SEC_ASN1_UTC_TIME */
+
+SECStatus
+DER_DecodeTimeChoice(PRTime *output, const SECItem *input)
+{
+    switch (input->type) {
+        case siGeneralizedTime:
+            return DER_GeneralizedTimeToTime(output, input);
+
+        case siUTCTime:
+            return DER_UTCTimeToTime(output, input);
+
+        default:
+            PORT_SetError(SEC_ERROR_INVALID_ARGS);
+            PORT_Assert(0);
+            return SECFailure;
+    }
+}
+
+/* encode a PRTime to an ASN.1 DER SECItem containing either a
+   SEC_ASN1_GENERALIZED_TIME or a SEC_ASN1_UTC_TIME */
+
+SECStatus
+DER_EncodeTimeChoice(PLArenaPool *arena, SECItem *output, PRTime input)
+{
+    SECStatus rv;
+
+    rv = DER_TimeToUTCTimeArena(arena, output, input);
+    if (rv == SECSuccess || PORT_GetError() != SEC_ERROR_INVALID_ARGS) {
+        return rv;
+    }
+    return DER_TimeToGeneralizedTimeArena(arena, output, input);
+}
diff --git a/nss/lib/util/templates.c b/nss/lib/util/templates.c
new file mode 100644
index 0000000..6118aee
--- /dev/null
+++ b/nss/lib/util/templates.c
@@ -0,0 +1,136 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Templates that are compiled and exported from both libnss3 and libnssutil3.
+ * They have to be, because they were previously exported from libnss3, and
+ * there is no way to create data forwarder symbols on Unix.
+ *
+ * Please do not add to this file. New shared templates should be exported
+ * from libnssutil3 only.
+ *
+ */
+
+#include "utilrename.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secoid.h"
+#include "secdig.h"
+
+const SEC_ASN1Template SECOID_AlgorithmIDTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SECAlgorithmID) },
+    { SEC_ASN1_OBJECT_ID,
+      offsetof(SECAlgorithmID, algorithm) },
+    { SEC_ASN1_OPTIONAL | SEC_ASN1_ANY,
+      offsetof(SECAlgorithmID, parameters) },
+    { 0 }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SECOID_AlgorithmIDTemplate)
+
+const SEC_ASN1Template SEC_AnyTemplate[] = {
+    { SEC_ASN1_ANY | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_AnyTemplate)
+
+const SEC_ASN1Template SEC_BMPStringTemplate[] = {
+    { SEC_ASN1_BMP_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BMPStringTemplate)
+
+const SEC_ASN1Template SEC_BitStringTemplate[] = {
+    { SEC_ASN1_BIT_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BitStringTemplate)
+
+const SEC_ASN1Template SEC_BooleanTemplate[] = {
+    { SEC_ASN1_BOOLEAN, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_BooleanTemplate)
+
+const SEC_ASN1Template SEC_GeneralizedTimeTemplate[] = {
+    { SEC_ASN1_GENERALIZED_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_GeneralizedTimeTemplate)
+
+const SEC_ASN1Template SEC_IA5StringTemplate[] = {
+    { SEC_ASN1_IA5_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_IA5StringTemplate)
+
+const SEC_ASN1Template SEC_IntegerTemplate[] = {
+    { SEC_ASN1_INTEGER, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_IntegerTemplate)
+
+const SEC_ASN1Template SEC_NullTemplate[] = {
+    { SEC_ASN1_NULL, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_NullTemplate)
+
+const SEC_ASN1Template SEC_ObjectIDTemplate[] = {
+    { SEC_ASN1_OBJECT_ID, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_ObjectIDTemplate)
+
+const SEC_ASN1Template SEC_OctetStringTemplate[] = {
+    { SEC_ASN1_OCTET_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_OctetStringTemplate)
+
+const SEC_ASN1Template SEC_PointerToAnyTemplate[] = {
+    { SEC_ASN1_POINTER, 0, SEC_AnyTemplate }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToAnyTemplate)
+
+const SEC_ASN1Template SEC_PointerToOctetStringTemplate[] = {
+    { SEC_ASN1_POINTER | SEC_ASN1_MAY_STREAM, 0, SEC_OctetStringTemplate }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_PointerToOctetStringTemplate)
+
+const SEC_ASN1Template SEC_SetOfAnyTemplate[] = {
+    { SEC_ASN1_SET_OF, 0, SEC_AnyTemplate }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_SetOfAnyTemplate)
+
+const SEC_ASN1Template SEC_UTCTimeTemplate[] = {
+    { SEC_ASN1_UTC_TIME | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_UTCTimeTemplate)
+
+const SEC_ASN1Template SEC_UTF8StringTemplate[] = {
+    { SEC_ASN1_UTF8_STRING | SEC_ASN1_MAY_STREAM, 0, NULL, sizeof(SECItem) }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(SEC_UTF8StringTemplate)
+
+/* XXX See comment below about SGN_DecodeDigestInfo -- keep this static! */
+/* XXX Changed from static -- need to change name? */
+const SEC_ASN1Template sgn_DigestInfoTemplate[] = {
+    { SEC_ASN1_SEQUENCE,
+      0, NULL, sizeof(SGNDigestInfo) },
+    { SEC_ASN1_INLINE,
+      offsetof(SGNDigestInfo, digestAlgorithm),
+      SECOID_AlgorithmIDTemplate },
+    { SEC_ASN1_OCTET_STRING,
+      offsetof(SGNDigestInfo, digest) },
+    { 0 }
+};
+
+SEC_ASN1_CHOOSER_IMPLEMENT(sgn_DigestInfoTemplate)
diff --git a/nss/lib/util/utf8.c b/nss/lib/util/utf8.c
new file mode 100644
index 0000000..7bdd714
--- /dev/null
+++ b/nss/lib/util/utf8.c
@@ -0,0 +1,445 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "secport.h"
+
+/*
+ * From RFC 2044:
+ *
+ * UCS-4 range (hex.)           UTF-8 octet sequence (binary)
+ * 0000 0000-0000 007F   0xxxxxxx
+ * 0000 0080-0000 07FF   110xxxxx 10xxxxxx
+ * 0000 0800-0000 FFFF   1110xxxx 10xxxxxx 10xxxxxx
+ * 0001 0000-001F FFFF   11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+ * 0020 0000-03FF FFFF   111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+ * 0400 0000-7FFF FFFF   1111110x 10xxxxxx ... 10xxxxxx
+ */
+
+/*
+ * From http://www.imc.org/draft-hoffman-utf16
+ *
+ * For U on [0x00010000,0x0010FFFF]:  Let U' = U - 0x00010000
+ *
+ * U' = yyyyyyyyyyxxxxxxxxxx
+ * W1 = 110110yyyyyyyyyy
+ * W2 = 110111xxxxxxxxxx
+ */
+
+/*
+ * This code is assuming NETWORK BYTE ORDER for the 16- and 32-bit
+ * character values.  If you wish to use this code for working with
+ * host byte order values, define the following:
+ *
+ * #if IS_BIG_ENDIAN
+ * #define L_0 0
+ * #define L_1 1
+ * #define L_2 2
+ * #define L_3 3
+ * #define H_0 0
+ * #define H_1 1
+ * #else / * not everyone has elif * /
+ * #if IS_LITTLE_ENDIAN
+ * #define L_0 3
+ * #define L_1 2
+ * #define L_2 1
+ * #define L_3 0
+ * #define H_0 1
+ * #define H_1 0
+ * #else
+ * #error "PDP and NUXI support deferred"
+ * #endif / * IS_LITTLE_ENDIAN * /
+ * #endif / * IS_BIG_ENDIAN * /
+ */
+
+#define L_0 0
+#define L_1 1
+#define L_2 2
+#define L_3 3
+#define H_0 0
+#define H_1 1
+
+#define BAD_UTF8 ((PRUint32)-1)
+
+/*
+ * Parse a single UTF-8 character per the spec. in section 3.9 (D36)
+ * of Unicode 4.0.0.
+ *
+ * Parameters:
+ * index - Points to the byte offset in inBuf of character to read.  On success,
+ *         updated to the offset of the following character.
+ * inBuf - Input buffer, UTF-8 encoded
+ * inbufLen - Length of input buffer, in bytes.
+ *
+ * Returns:
+ * Success - The UCS4 encoded character
+ * Failure - BAD_UTF8
+ */
+static PRUint32
+sec_port_read_utf8(unsigned int *index, unsigned char *inBuf, unsigned int inBufLen)
+{
+    PRUint32 result;
+    unsigned int i = *index;
+    int bytes_left;
+    PRUint32 min_value;
+
+    PORT_Assert(i < inBufLen);
+
+    if ((inBuf[i] & 0x80) == 0x00) {
+        result = inBuf[i++];
+        bytes_left = 0;
+        min_value = 0;
+    } else if ((inBuf[i] & 0xE0) == 0xC0) {
+        result = inBuf[i++] & 0x1F;
+        bytes_left = 1;
+        min_value = 0x80;
+    } else if ((inBuf[i] & 0xF0) == 0xE0) {
+        result = inBuf[i++] & 0x0F;
+        bytes_left = 2;
+        min_value = 0x800;
+    } else if ((inBuf[i] & 0xF8) == 0xF0) {
+        result = inBuf[i++] & 0x07;
+        bytes_left = 3;
+        min_value = 0x10000;
+    } else {
+        return BAD_UTF8;
+    }
+
+    while (bytes_left--) {
+        if (i >= inBufLen || (inBuf[i] & 0xC0) != 0x80)
+            return BAD_UTF8;
+        result = (result << 6) | (inBuf[i++] & 0x3F);
+    }
+
+    /* Check for overlong sequences, surrogates, and outside unicode range */
+    if (result < min_value || (result & 0xFFFFF800) == 0xD800 || result > 0x10FFFF) {
+        return BAD_UTF8;
+    }
+
+    *index = i;
+    return result;
+}
+
+PRBool
+sec_port_ucs4_utf8_conversion_function(
+    PRBool toUnicode,
+    unsigned char *inBuf,
+    unsigned int inBufLen,
+    unsigned char *outBuf,
+    unsigned int maxOutBufLen,
+    unsigned int *outBufLen)
+{
+    PORT_Assert((unsigned int *)NULL != outBufLen);
+
+    if (toUnicode) {
+        unsigned int i, len = 0;
+
+        for (i = 0; i < inBufLen;) {
+            if ((inBuf[i] & 0x80) == 0x00)
+                i += 1;
+            else if ((inBuf[i] & 0xE0) == 0xC0)
+                i += 2;
+            else if ((inBuf[i] & 0xF0) == 0xE0)
+                i += 3;
+            else if ((inBuf[i] & 0xF8) == 0xF0)
+                i += 4;
+            else
+                return PR_FALSE;
+
+            len += 4;
+        }
+
+        if (len > maxOutBufLen) {
+            *outBufLen = len;
+            return PR_FALSE;
+        }
+
+        len = 0;
+
+        for (i = 0; i < inBufLen;) {
+            PRUint32 ucs4 = sec_port_read_utf8(&i, inBuf, inBufLen);
+
+            if (ucs4 == BAD_UTF8)
+                return PR_FALSE;
+
+            outBuf[len + L_0] = 0x00;
+            outBuf[len + L_1] = (unsigned char)(ucs4 >> 16);
+            outBuf[len + L_2] = (unsigned char)(ucs4 >> 8);
+            outBuf[len + L_3] = (unsigned char)ucs4;
+
+            len += 4;
+        }
+
+        *outBufLen = len;
+        return PR_TRUE;
+    } else {
+        unsigned int i, len = 0;
+        PORT_Assert((inBufLen % 4) == 0);
+        if ((inBufLen % 4) != 0) {
+            *outBufLen = 0;
+            return PR_FALSE;
+        }
+
+        for (i = 0; i < inBufLen; i += 4) {
+            if ((inBuf[i + L_0] > 0x00) || (inBuf[i + L_1] > 0x10)) {
+                *outBufLen = 0;
+                return PR_FALSE;
+            } else if (inBuf[i + L_1] >= 0x01)
+                len += 4;
+            else if (inBuf[i + L_2] >= 0x08)
+                len += 3;
+            else if ((inBuf[i + L_2] > 0x00) || (inBuf[i + L_3] >= 0x80))
+                len += 2;
+            else
+                len += 1;
+        }
+
+        if (len > maxOutBufLen) {
+            *outBufLen = len;
+            return PR_FALSE;
+        }
+
+        len = 0;
+
+        for (i = 0; i < inBufLen; i += 4) {
+            if (inBuf[i + L_1] >= 0x01) {
+                /* 0001 0000-001F FFFF -> 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */
+                /* 00000000 000abcde fghijklm nopqrstu ->
+                   11110abc 10defghi 10jklmno 10pqrstu */
+
+                outBuf[len + 0] = 0xF0 | ((inBuf[i + L_1] & 0x1C) >> 2);
+                outBuf[len + 1] = 0x80 | ((inBuf[i + L_1] & 0x03) << 4) | ((inBuf[i + L_2] & 0xF0) >> 4);
+                outBuf[len + 2] = 0x80 | ((inBuf[i + L_2] & 0x0F) << 2) | ((inBuf[i + L_3] & 0xC0) >> 6);
+                outBuf[len + 3] = 0x80 | ((inBuf[i + L_3] & 0x3F) >> 0);
+
+                len += 4;
+            } else if (inBuf[i + L_2] >= 0x08) {
+                /* 0000 0800-0000 FFFF -> 1110xxxx 10xxxxxx 10xxxxxx */
+                /* 00000000 00000000 abcdefgh ijklmnop ->
+                   1110abcd 10efghij 10klmnop */
+
+                outBuf[len + 0] = 0xE0 | ((inBuf[i + L_2] & 0xF0) >> 4);
+                outBuf[len + 1] = 0x80 | ((inBuf[i + L_2] & 0x0F) << 2) | ((inBuf[i + L_3] & 0xC0) >> 6);
+                outBuf[len + 2] = 0x80 | ((inBuf[i + L_3] & 0x3F) >> 0);
+
+                len += 3;
+            } else if ((inBuf[i + L_2] > 0x00) || (inBuf[i + L_3] >= 0x80)) {
+                /* 0000 0080-0000 07FF -> 110xxxxx 10xxxxxx */
+                /* 00000000 00000000 00000abc defghijk ->
+                   110abcde 10fghijk */
+
+                outBuf[len + 0] = 0xC0 | ((inBuf[i + L_2] & 0x07) << 2) | ((inBuf[i + L_3] & 0xC0) >> 6);
+                outBuf[len + 1] = 0x80 | ((inBuf[i + L_3] & 0x3F) >> 0);
+
+                len += 2;
+            } else {
+                /* 0000 0000-0000 007F -> 0xxxxxx */
+                /* 00000000 00000000 00000000 0abcdefg ->
+                   0abcdefg */
+
+                outBuf[len + 0] = (inBuf[i + L_3] & 0x7F);
+
+                len += 1;
+            }
+        }
+
+        *outBufLen = len;
+        return PR_TRUE;
+    }
+}
+
+PRBool
+sec_port_ucs2_utf8_conversion_function(
+    PRBool toUnicode,
+    unsigned char *inBuf,
+    unsigned int inBufLen,
+    unsigned char *outBuf,
+    unsigned int maxOutBufLen,
+    unsigned int *outBufLen)
+{
+    PORT_Assert((unsigned int *)NULL != outBufLen);
+
+    if (toUnicode) {
+        unsigned int i, len = 0;
+
+        for (i = 0; i < inBufLen;) {
+            if ((inBuf[i] & 0x80) == 0x00) {
+                i += 1;
+                len += 2;
+            } else if ((inBuf[i] & 0xE0) == 0xC0) {
+                i += 2;
+                len += 2;
+            } else if ((inBuf[i] & 0xF0) == 0xE0) {
+                i += 3;
+                len += 2;
+            } else if ((inBuf[i] & 0xF8) == 0xF0) {
+                i += 4;
+                len += 4;
+            } else
+                return PR_FALSE;
+        }
+
+        if (len > maxOutBufLen) {
+            *outBufLen = len;
+            return PR_FALSE;
+        }
+
+        len = 0;
+
+        for (i = 0; i < inBufLen;) {
+            PRUint32 ucs4 = sec_port_read_utf8(&i, inBuf, inBufLen);
+
+            if (ucs4 == BAD_UTF8)
+                return PR_FALSE;
+
+            if (ucs4 < 0x10000) {
+                outBuf[len + H_0] = (unsigned char)(ucs4 >> 8);
+                outBuf[len + H_1] = (unsigned char)ucs4;
+                len += 2;
+            } else {
+                ucs4 -= 0x10000;
+                outBuf[len + 0 + H_0] = (unsigned char)(0xD8 | ((ucs4 >> 18) & 0x3));
+                outBuf[len + 0 + H_1] = (unsigned char)(ucs4 >> 10);
+                outBuf[len + 2 + H_0] = (unsigned char)(0xDC | ((ucs4 >> 8) & 0x3));
+                outBuf[len + 2 + H_1] = (unsigned char)ucs4;
+                len += 4;
+            }
+        }
+
+        *outBufLen = len;
+        return PR_TRUE;
+    } else {
+        unsigned int i, len = 0;
+        PORT_Assert((inBufLen % 2) == 0);
+        if ((inBufLen % 2) != 0) {
+            *outBufLen = 0;
+            return PR_FALSE;
+        }
+
+        for (i = 0; i < inBufLen; i += 2) {
+            if ((inBuf[i + H_0] == 0x00) && ((inBuf[i + H_1] & 0x80) == 0x00))
+                len += 1;
+            else if (inBuf[i + H_0] < 0x08)
+                len += 2;
+            else if (((inBuf[i + H_0] & 0xFC) == 0xD8)) {
+                if (((inBufLen - i) > 2) && ((inBuf[i + 2 + H_0] & 0xFC) == 0xDC)) {
+                    i += 2;
+                    len += 4;
+                } else {
+                    return PR_FALSE;
+                }
+            } else if ((inBuf[i + H_0] & 0xFC) == 0xDC) {
+                return PR_FALSE;
+            } else {
+                len += 3;
+            }
+        }
+
+        if (len > maxOutBufLen) {
+            *outBufLen = len;
+            return PR_FALSE;
+        }
+
+        len = 0;
+
+        for (i = 0; i < inBufLen; i += 2) {
+            if ((inBuf[i + H_0] == 0x00) && ((inBuf[i + H_1] & 0x80) == 0x00)) {
+                /* 0000-007F -> 0xxxxxx */
+                /* 00000000 0abcdefg -> 0abcdefg */
+
+                outBuf[len] = inBuf[i + H_1] & 0x7F;
+
+                len += 1;
+            } else if (inBuf[i + H_0] < 0x08) {
+                /* 0080-07FF -> 110xxxxx 10xxxxxx */
+                /* 00000abc defghijk -> 110abcde 10fghijk */
+
+                outBuf[len + 0] = 0xC0 | ((inBuf[i + H_0] & 0x07) << 2) | ((inBuf[i + H_1] & 0xC0) >> 6);
+                outBuf[len + 1] = 0x80 | ((inBuf[i + H_1] & 0x3F) >> 0);
+
+                len += 2;
+            } else if ((inBuf[i + H_0] & 0xFC) == 0xD8) {
+                int abcde, BCDE;
+
+                PORT_Assert(((inBufLen - i) > 2) && ((inBuf[i + 2 + H_0] & 0xFC) == 0xDC));
+
+                /* D800-DBFF DC00-DFFF -> 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */
+                /* 110110BC DEfghijk 110111lm nopqrstu ->
+                   { Let abcde = BCDE + 1 }
+                   11110abc 10defghi 10jklmno 10pqrstu */
+
+                BCDE = ((inBuf[i + H_0] & 0x03) << 2) | ((inBuf[i + H_1] & 0xC0) >> 6);
+                abcde = BCDE + 1;
+
+                outBuf[len + 0] = 0xF0 | ((abcde & 0x1C) >> 2);
+                outBuf[len + 1] = 0x80 | ((abcde & 0x03) << 4) | ((inBuf[i + 0 + H_1] & 0x3C) >> 2);
+                outBuf[len + 2] = 0x80 | ((inBuf[i + 0 + H_1] & 0x03) << 4) | ((inBuf[i + 2 + H_0] & 0x03) << 2) | ((inBuf[i + 2 + H_1] & 0xC0) >> 6);
+                outBuf[len + 3] = 0x80 | ((inBuf[i + 2 + H_1] & 0x3F) >> 0);
+
+                i += 2;
+                len += 4;
+            } else {
+                /* 0800-FFFF -> 1110xxxx 10xxxxxx 10xxxxxx */
+                /* abcdefgh ijklmnop -> 1110abcd 10efghij 10klmnop */
+
+                outBuf[len + 0] = 0xE0 | ((inBuf[i + H_0] & 0xF0) >> 4);
+                outBuf[len + 1] = 0x80 | ((inBuf[i + H_0] & 0x0F) << 2) | ((inBuf[i + H_1] & 0xC0) >> 6);
+                outBuf[len + 2] = 0x80 | ((inBuf[i + H_1] & 0x3F) >> 0);
+
+                len += 3;
+            }
+        }
+
+        *outBufLen = len;
+        return PR_TRUE;
+    }
+}
+
+PRBool
+sec_port_iso88591_utf8_conversion_function(
+    const unsigned char *inBuf,
+    unsigned int inBufLen,
+    unsigned char *outBuf,
+    unsigned int maxOutBufLen,
+    unsigned int *outBufLen)
+{
+    unsigned int i, len = 0;
+
+    PORT_Assert((unsigned int *)NULL != outBufLen);
+
+    for (i = 0; i < inBufLen; i++) {
+        if ((inBuf[i] & 0x80) == 0x00)
+            len += 1;
+        else
+            len += 2;
+    }
+
+    if (len > maxOutBufLen) {
+        *outBufLen = len;
+        return PR_FALSE;
+    }
+
+    len = 0;
+
+    for (i = 0; i < inBufLen; i++) {
+        if ((inBuf[i] & 0x80) == 0x00) {
+            /* 00-7F -> 0xxxxxxx */
+            /* 0abcdefg -> 0abcdefg */
+
+            outBuf[len] = inBuf[i];
+            len += 1;
+        } else {
+            /* 80-FF <- 110xxxxx 10xxxxxx */
+            /* 00000000 abcdefgh -> 110000ab 10cdefgh */
+
+            outBuf[len + 0] = 0xC0 | ((inBuf[i] & 0xC0) >> 6);
+            outBuf[len + 1] = 0x80 | ((inBuf[i] & 0x3F) >> 0);
+
+            len += 2;
+        }
+    }
+
+    *outBufLen = len;
+    return PR_TRUE;
+}
diff --git a/nss/lib/util/util.gyp b/nss/lib/util/util.gyp
new file mode 100644
index 0000000..9f3a74b
--- /dev/null
+++ b/nss/lib/util/util.gyp
@@ -0,0 +1,59 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nssutil',
+      'type': 'static_library',
+      'sources': [
+        'derdec.c',
+        'derenc.c',
+        'dersubr.c',
+        'dertime.c',
+        'errstrs.c',
+        'nssb64d.c',
+        'nssb64e.c',
+        'nssilock.c',
+        'nssrwlk.c',
+        'oidstring.c',
+        'pkcs1sig.c',
+        'portreg.c',
+        'quickder.c',
+        'secalgid.c',
+        'secasn1d.c',
+        'secasn1e.c',
+        'secasn1u.c',
+        'secdig.c',
+        'secitem.c',
+        'secload.c',
+        'secoid.c',
+        'secport.c',
+        'sectime.c',
+        'templates.c',
+        'utf8.c',
+        'utilmod.c',
+        'utilpars.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ]
+    },
+    {
+      'target_name': 'nssutil3',
+      'type': 'shared_library',
+      'dependencies': [
+        'nssutil'
+      ],
+      'variables': {
+        'mapfile': 'nssutil.def'
+      }
+    }
+  ],
+  'variables': {
+    'module': 'nss'
+  }
+}
\ No newline at end of file
diff --git a/nss/lib/util/utilmod.c b/nss/lib/util/utilmod.c
new file mode 100644
index 0000000..971b6c1
--- /dev/null
+++ b/nss/lib/util/utilmod.c
@@ -0,0 +1,771 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * The following code handles the storage of PKCS 11 modules used by the
+ * NSS. For the rest of NSS, only one kind of database handle exists:
+ *
+ *     SFTKDBHandle
+ *
+ * There is one SFTKDBHandle for each key database and one for each cert
+ * database. These databases are opened as associated pairs, one pair per
+ * slot. SFTKDBHandles are reference counted objects.
+ *
+ * Each SFTKDBHandle points to a low level database handle (SDB). This handle
+ * represents the underlying physical database. These objects are not
+ * reference counted, and are 'owned' by their respective SFTKDBHandles.
+ */
+
+#include "prprf.h"
+#include "prsystem.h"
+#include "secport.h"
+#include "utilpars.h"
+#include "secerr.h"
+
+#if defined(_WIN32)
+#include <io.h>
+#endif
+#ifdef XP_UNIX
+#include <unistd.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#if defined(_WIN32)
+#define os_open _open
+#define os_fdopen _fdopen
+#define os_stat _stat
+#define os_truncate_open_flags _O_CREAT | _O_RDWR | _O_TRUNC
+#define os_append_open_flags _O_CREAT | _O_RDWR | _O_APPEND
+#define os_open_permissions_type int
+#define os_open_permissions_default _S_IREAD | _S_IWRITE
+#define os_stat_type struct _stat
+#else
+#define os_open open
+#define os_fdopen fdopen
+#define os_stat stat
+#define os_truncate_open_flags O_CREAT | O_RDWR | O_TRUNC
+#define os_append_open_flags O_CREAT | O_RDWR | O_APPEND
+#define os_open_permissions_type mode_t
+#define os_open_permissions_default 0600
+#define os_stat_type struct stat
+#endif
+
+/****************************************************************
+ *
+ * Secmod database.
+ *
+ * The new secmod database is simply a text file with each of the module
+ * entries in the following form:
+ *
+ * #
+ * # This is a comment The next line is the library to load
+ * library=libmypkcs11.so
+ * name="My PKCS#11 module"
+ * params="my library's param string"
+ * nss="NSS parameters"
+ * other="parameters for other libraries and applications"
+ *
+ * library=libmynextpk11.so
+ * name="My other PKCS#11 module"
+ */
+
+/*
+ * Smart string cat functions. Automatically manage the memory.
+ * The first parameter is the destination string. If it's null, we
+ * allocate memory for it. If it's not, we reallocate memory
+ * so the the concanenated string fits.
+ */
+static char *
+nssutil_DupnCat(char *baseString, const char *str, int str_len)
+{
+    int baseStringLen = baseString ? PORT_Strlen(baseString) : 0;
+    int len = baseStringLen + 1;
+    char *newString;
+
+    len += str_len;
+    newString = (char *)PORT_Realloc(baseString, len);
+    if (newString == NULL) {
+        PORT_Free(baseString);
+        return NULL;
+    }
+    PORT_Memcpy(&newString[baseStringLen], str, str_len);
+    newString[len - 1] = 0;
+    return newString;
+}
+
+/* Same as nssutil_DupnCat except it concatenates the full string, not a
+ * partial one */
+static char *
+nssutil_DupCat(char *baseString, const char *str)
+{
+    return nssutil_DupnCat(baseString, str, PORT_Strlen(str));
+}
+
+/* function to free up all the memory associated with a null terminated
+ * array of module specs */
+static SECStatus
+nssutil_releaseSpecList(char **moduleSpecList)
+{
+    if (moduleSpecList) {
+        char **index;
+        for (index = moduleSpecList; *index; index++) {
+            PORT_Free(*index);
+        }
+        PORT_Free(moduleSpecList);
+    }
+    return SECSuccess;
+}
+
+#define SECMOD_STEP 10
+static SECStatus
+nssutil_growList(char ***pModuleList, int *useCount, int last)
+{
+    char **newModuleList;
+
+    *useCount += SECMOD_STEP;
+    newModuleList = (char **)PORT_Realloc(*pModuleList,
+                                          *useCount * sizeof(char *));
+    if (newModuleList == NULL) {
+        return SECFailure;
+    }
+    PORT_Memset(&newModuleList[last], 0, sizeof(char *) * SECMOD_STEP);
+    *pModuleList = newModuleList;
+    return SECSuccess;
+}
+
+static char *
+_NSSUTIL_GetOldSecmodName(const char *dbname, const char *filename)
+{
+    char *file = NULL;
+    char *dirPath = PORT_Strdup(dbname);
+    char *sep;
+
+    sep = PORT_Strrchr(dirPath, *NSSUTIL_PATH_SEPARATOR);
+#ifdef _WIN32
+    if (!sep) {
+        /* utilparst.h defines NSSUTIL_PATH_SEPARATOR as "/" for all
+         * platforms. */
+        sep = PORT_Strrchr(dirPath, '\\');
+    }
+#endif
+    if (sep) {
+        *sep = 0;
+        file = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s", dirPath, filename);
+    } else {
+        file = PR_smprintf("%s", filename);
+    }
+    PORT_Free(dirPath);
+    return file;
+}
+
+static SECStatus nssutil_AddSecmodDBEntry(const char *appName,
+                                          const char *filename,
+                                          const char *dbname,
+                                          const char *module, PRBool rw);
+
+enum lfopen_mode { lfopen_truncate,
+                   lfopen_append };
+
+FILE *
+lfopen(const char *name, enum lfopen_mode om, os_open_permissions_type open_perms)
+{
+    int fd;
+    FILE *file;
+
+    fd = os_open(name,
+                 (om == lfopen_truncate) ? os_truncate_open_flags : os_append_open_flags,
+                 open_perms);
+    if (fd < 0) {
+        return NULL;
+    }
+    file = os_fdopen(fd, (om == lfopen_truncate) ? "w+" : "a+");
+    if (!file) {
+        close(fd);
+    }
+    /* file inherits fd */
+    return file;
+}
+
+#define MAX_LINE_LENGTH 2048
+
+/*
+ * Read all the existing modules in out of the file.
+ */
+static char **
+nssutil_ReadSecmodDB(const char *appName,
+                     const char *filename, const char *dbname,
+                     char *params, PRBool rw)
+{
+    FILE *fd = NULL;
+    char **moduleList = NULL;
+    int moduleCount = 1;
+    int useCount = SECMOD_STEP;
+    char line[MAX_LINE_LENGTH];
+    PRBool internal = PR_FALSE;
+    PRBool skipParams = PR_FALSE;
+    char *moduleString = NULL;
+    char *paramsValue = NULL;
+    PRBool failed = PR_TRUE;
+
+    moduleList = (char **)PORT_ZAlloc(useCount * sizeof(char *));
+    if (moduleList == NULL)
+        return NULL;
+
+    if (dbname == NULL) {
+        goto return_default;
+    }
+
+    /* do we really want to use streams here */
+    fd = fopen(dbname, "r");
+    if (fd == NULL)
+        goto done;
+
+    /*
+     * the following loop takes line separated config lines and collapses
+     * the lines to a single string, escaping and quoting as necessary.
+     */
+    /* loop state variables */
+    moduleString = NULL;   /* current concatenated string */
+    internal = PR_FALSE;   /* is this an internal module */
+    skipParams = PR_FALSE; /* did we find an override parameter block*/
+    paramsValue = NULL;    /* the current parameter block value */
+    do {
+        int len;
+
+        if (fgets(line, sizeof(line), fd) == NULL) {
+            goto endloop;
+        }
+
+        /* remove the ending newline */
+        len = PORT_Strlen(line);
+        if (len && line[len - 1] == '\n') {
+            len--;
+            line[len] = 0;
+        }
+        if (*line == '#') {
+            continue;
+        }
+        if (*line != 0) {
+            /*
+             * The PKCS #11 group standard assumes blocks of strings
+             * separated by new lines, clumped by new lines. Internally
+             * we take strings separated by spaces, so we may need to escape
+             * certain spaces.
+             */
+            char *value = PORT_Strchr(line, '=');
+
+            /* there is no value, write out the stanza as is */
+            if (value == NULL || value[1] == 0) {
+                if (moduleString) {
+                    moduleString = nssutil_DupnCat(moduleString, " ", 1);
+                    if (moduleString == NULL)
+                        goto loser;
+                }
+                moduleString = nssutil_DupCat(moduleString, line);
+                if (moduleString == NULL)
+                    goto loser;
+                /* value is already quoted, just write it out */
+            } else if (value[1] == '"') {
+                if (moduleString) {
+                    moduleString = nssutil_DupnCat(moduleString, " ", 1);
+                    if (moduleString == NULL)
+                        goto loser;
+                }
+                moduleString = nssutil_DupCat(moduleString, line);
+                if (moduleString == NULL)
+                    goto loser;
+                /* we have an override parameter section, remember that
+                 * we found this (see following comment about why this
+                 * is necessary). */
+                if (PORT_Strncasecmp(line, "parameters", 10) == 0) {
+                    skipParams = PR_TRUE;
+                }
+                /*
+                 * The internal token always overrides it's parameter block
+                 * from the passed in parameters, so wait until then end
+                 * before we include the parameter block in case we need to
+                 * override it. NOTE: if the parameter block is quoted with ("),
+                 * this override does not happen. This allows you to override
+                 * the application's parameter configuration.
+                 *
+                 * parameter block state is controlled by the following variables:
+                 *  skipParams - Bool : set to true of we have an override param
+                 *    block (all other blocks, either implicit or explicit are
+                 *    ignored).
+                 *  paramsValue - char * : pointer to the current param block. In
+                 *    the absence of overrides, paramsValue is set to the first
+                 *    parameter block we find. All subsequent blocks are ignored.
+                 *    When we find an internal token, the application passed
+                 *    parameters take precident.
+                 */
+            } else if (PORT_Strncasecmp(line, "parameters", 10) == 0) {
+                /* already have parameters */
+                if (paramsValue) {
+                    continue;
+                }
+                paramsValue = NSSUTIL_Quote(&value[1], '"');
+                if (paramsValue == NULL)
+                    goto loser;
+                continue;
+            } else {
+                /* may need to quote */
+                char *newLine;
+                if (moduleString) {
+                    moduleString = nssutil_DupnCat(moduleString, " ", 1);
+                    if (moduleString == NULL)
+                        goto loser;
+                }
+                moduleString = nssutil_DupnCat(moduleString, line, value - line + 1);
+                if (moduleString == NULL)
+                    goto loser;
+                newLine = NSSUTIL_Quote(&value[1], '"');
+                if (newLine == NULL)
+                    goto loser;
+                moduleString = nssutil_DupCat(moduleString, newLine);
+                PORT_Free(newLine);
+                if (moduleString == NULL)
+                    goto loser;
+            }
+
+            /* check to see if it's internal? */
+            if (PORT_Strncasecmp(line, "NSS=", 4) == 0) {
+                /* This should be case insensitive! reviewers make
+                 * me fix it if it's not */
+                if (PORT_Strstr(line, "internal")) {
+                    internal = PR_TRUE;
+                    /* override the parameters */
+                    if (paramsValue) {
+                        PORT_Free(paramsValue);
+                    }
+                    paramsValue = NSSUTIL_Quote(params, '"');
+                }
+            }
+            continue;
+        }
+        if ((moduleString == NULL) || (*moduleString == 0)) {
+            continue;
+        }
+
+    endloop:
+        /*
+         * if we are here, we have found a complete stanza. Now write out
+         * any param section we may have found.
+         */
+        if (paramsValue) {
+            /* we had an override */
+            if (!skipParams) {
+                moduleString = nssutil_DupnCat(moduleString, " parameters=", 12);
+                if (moduleString == NULL)
+                    goto loser;
+                moduleString = nssutil_DupCat(moduleString, paramsValue);
+                if (moduleString == NULL)
+                    goto loser;
+            }
+            PORT_Free(paramsValue);
+            paramsValue = NULL;
+        }
+
+        if ((moduleCount + 1) >= useCount) {
+            SECStatus rv;
+            rv = nssutil_growList(&moduleList, &useCount, moduleCount + 1);
+            if (rv != SECSuccess) {
+                goto loser;
+            }
+        }
+
+        if (internal) {
+            moduleList[0] = moduleString;
+        } else {
+            moduleList[moduleCount] = moduleString;
+            moduleCount++;
+        }
+        moduleString = NULL;
+        internal = PR_FALSE;
+        skipParams = PR_FALSE;
+    } while (!feof(fd));
+
+    if (moduleString) {
+        PORT_Free(moduleString);
+        moduleString = NULL;
+    }
+done:
+    /* if we couldn't open a pkcs11 database, look for the old one */
+    if (fd == NULL) {
+        char *olddbname = _NSSUTIL_GetOldSecmodName(dbname, filename);
+        PRStatus status;
+
+        /* couldn't get the old name */
+        if (!olddbname) {
+            goto bail;
+        }
+
+        /* old one exists */
+        status = PR_Access(olddbname, PR_ACCESS_EXISTS);
+        if (status == PR_SUCCESS) {
+            PR_smprintf_free(olddbname);
+            PORT_ZFree(moduleList, useCount * sizeof(char *));
+            PORT_SetError(SEC_ERROR_LEGACY_DATABASE);
+            return NULL;
+        }
+
+    bail:
+        if (olddbname) {
+            PR_smprintf_free(olddbname);
+        }
+    }
+
+return_default:
+
+    if (!moduleList[0]) {
+        char *newParams;
+        moduleString = PORT_Strdup(NSSUTIL_DEFAULT_INTERNAL_INIT1);
+        newParams = NSSUTIL_Quote(params, '"');
+        if (newParams == NULL)
+            goto loser;
+        moduleString = nssutil_DupCat(moduleString, newParams);
+        PORT_Free(newParams);
+        if (moduleString == NULL)
+            goto loser;
+        moduleString = nssutil_DupCat(moduleString,
+                                      NSSUTIL_DEFAULT_INTERNAL_INIT2);
+        if (moduleString == NULL)
+            goto loser;
+        moduleString = nssutil_DupCat(moduleString,
+                                      NSSUTIL_DEFAULT_SFTKN_FLAGS);
+        if (moduleString == NULL)
+            goto loser;
+        moduleString = nssutil_DupCat(moduleString,
+                                      NSSUTIL_DEFAULT_INTERNAL_INIT3);
+        if (moduleString == NULL)
+            goto loser;
+        moduleList[0] = moduleString;
+        moduleString = NULL;
+    }
+    failed = PR_FALSE;
+
+loser:
+    /*
+     * cleanup
+     */
+    /* deal with trust cert db here */
+    if (moduleString) {
+        PORT_Free(moduleString);
+        moduleString = NULL;
+    }
+    if (paramsValue) {
+        PORT_Free(paramsValue);
+        paramsValue = NULL;
+    }
+    if (failed || (moduleList[0] == NULL)) {
+        /* This is wrong! FIXME */
+        nssutil_releaseSpecList(moduleList);
+        moduleList = NULL;
+        failed = PR_TRUE;
+    }
+    if (fd != NULL) {
+        fclose(fd);
+    } else if (!failed && rw) {
+        /* update our internal module */
+        nssutil_AddSecmodDBEntry(appName, filename, dbname, moduleList[0], rw);
+    }
+    return moduleList;
+}
+
+static SECStatus
+nssutil_ReleaseSecmodDBData(const char *appName,
+                            const char *filename, const char *dbname,
+                            char **moduleSpecList, PRBool rw)
+{
+    if (moduleSpecList) {
+        nssutil_releaseSpecList(moduleSpecList);
+    }
+    return SECSuccess;
+}
+
+/*
+ * Delete a module from the Data Base
+ */
+static SECStatus
+nssutil_DeleteSecmodDBEntry(const char *appName,
+                            const char *filename,
+                            const char *dbname,
+                            const char *args,
+                            PRBool rw)
+{
+    /* SHDB_FIXME implement */
+    os_stat_type stat_existing;
+    os_open_permissions_type file_mode;
+    FILE *fd = NULL;
+    FILE *fd2 = NULL;
+    char line[MAX_LINE_LENGTH];
+    char *dbname2 = NULL;
+    char *block = NULL;
+    char *name = NULL;
+    char *lib = NULL;
+    int name_len = 0, lib_len = 0;
+    PRBool skip = PR_FALSE;
+    PRBool found = PR_FALSE;
+
+    if (dbname == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    if (!rw) {
+        PORT_SetError(SEC_ERROR_READ_ONLY);
+        return SECFailure;
+    }
+
+    dbname2 = PORT_Strdup(dbname);
+    if (dbname2 == NULL)
+        goto loser;
+    dbname2[strlen(dbname) - 1]++;
+
+    /* get the permissions of the existing file, or use the default */
+    if (!os_stat(dbname, &stat_existing)) {
+        file_mode = stat_existing.st_mode;
+    } else {
+        file_mode = os_open_permissions_default;
+    }
+
+    /* do we really want to use streams here */
+    fd = fopen(dbname, "r");
+    if (fd == NULL)
+        goto loser;
+
+    fd2 = lfopen(dbname2, lfopen_truncate, file_mode);
+
+    if (fd2 == NULL)
+        goto loser;
+
+    name = NSSUTIL_ArgGetParamValue("name", args);
+    if (name) {
+        name_len = PORT_Strlen(name);
+    }
+    lib = NSSUTIL_ArgGetParamValue("library", args);
+    if (lib) {
+        lib_len = PORT_Strlen(lib);
+    }
+
+    /*
+     * the following loop takes line separated config files and collapses
+     * the lines to a single string, escaping and quoting as necessary.
+     */
+    /* loop state variables */
+    block = NULL;
+    skip = PR_FALSE;
+    while (fgets(line, sizeof(line), fd) != NULL) {
+        /* If we are processing a block (we haven't hit a blank line yet */
+        if (*line != '\n') {
+            /* skip means we are in the middle of a block we are deleting */
+            if (skip) {
+                continue;
+            }
+            /* if we haven't found the block yet, check to see if this block
+             * matches our requirements */
+            if (!found && ((name && (PORT_Strncasecmp(line, "name=", 5) == 0) &&
+                            (PORT_Strncmp(line + 5, name, name_len) == 0)) ||
+                           (lib && (PORT_Strncasecmp(line, "library=", 8) == 0) &&
+                            (PORT_Strncmp(line + 8, lib, lib_len) == 0)))) {
+
+                /* yup, we don't need to save any more data, */
+                PORT_Free(block);
+                block = NULL;
+                /* we don't need to collect more of this block */
+                skip = PR_TRUE;
+                /* we don't need to continue searching for the block */
+                found = PR_TRUE;
+                continue;
+            }
+            /* not our match, continue to collect data in this block */
+            block = nssutil_DupCat(block, line);
+            continue;
+        }
+        /* we've collected a block of data that wasn't the module we were
+         * looking for, write it out */
+        if (block) {
+            fwrite(block, PORT_Strlen(block), 1, fd2);
+            PORT_Free(block);
+            block = NULL;
+        }
+        /* If we didn't just delete the this block, keep the blank line */
+        if (!skip) {
+            fputs(line, fd2);
+        }
+        /* we are definately not in a deleted block anymore */
+        skip = PR_FALSE;
+    }
+    fclose(fd);
+    fclose(fd2);
+    if (found) {
+        /* rename dbname2 to dbname */
+        PR_Delete(dbname);
+        PR_Rename(dbname2, dbname);
+    } else {
+        PR_Delete(dbname2);
+    }
+    PORT_Free(dbname2);
+    PORT_Free(lib);
+    PORT_Free(name);
+    PORT_Free(block);
+    return SECSuccess;
+
+loser:
+    if (fd != NULL) {
+        fclose(fd);
+    }
+    if (fd2 != NULL) {
+        fclose(fd2);
+    }
+    if (dbname2) {
+        PR_Delete(dbname2);
+        PORT_Free(dbname2);
+    }
+    PORT_Free(lib);
+    PORT_Free(name);
+    return SECFailure;
+}
+
+/*
+ * Add a module to the Data base
+ */
+static SECStatus
+nssutil_AddSecmodDBEntry(const char *appName,
+                         const char *filename, const char *dbname,
+                         const char *module, PRBool rw)
+{
+    os_stat_type stat_existing;
+    os_open_permissions_type file_mode;
+    FILE *fd = NULL;
+    char *block = NULL;
+    PRBool libFound = PR_FALSE;
+
+    if (dbname == NULL) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
+    /* can't write to a read only module */
+    if (!rw) {
+        PORT_SetError(SEC_ERROR_READ_ONLY);
+        return SECFailure;
+    }
+
+    /* remove the previous version if it exists */
+    (void)nssutil_DeleteSecmodDBEntry(appName, filename, dbname, module, rw);
+
+    /* get the permissions of the existing file, or use the default */
+    if (!os_stat(dbname, &stat_existing)) {
+        file_mode = stat_existing.st_mode;
+    } else {
+        file_mode = os_open_permissions_default;
+    }
+
+    fd = lfopen(dbname, lfopen_append, file_mode);
+    if (fd == NULL) {
+        return SECFailure;
+    }
+    module = NSSUTIL_ArgStrip(module);
+    while (*module) {
+        int count;
+        char *keyEnd = PORT_Strchr(module, '=');
+        char *value;
+
+        if (PORT_Strncmp(module, "library=", 8) == 0) {
+            libFound = PR_TRUE;
+        }
+        if (keyEnd == NULL) {
+            block = nssutil_DupCat(block, module);
+            break;
+        }
+        block = nssutil_DupnCat(block, module, keyEnd - module + 1);
+        if (block == NULL) {
+            goto loser;
+        }
+        value = NSSUTIL_ArgFetchValue(&keyEnd[1], &count);
+        if (value) {
+            block = nssutil_DupCat(block, NSSUTIL_ArgStrip(value));
+            PORT_Free(value);
+        }
+        if (block == NULL) {
+            goto loser;
+        }
+        block = nssutil_DupnCat(block, "\n", 1);
+        module = keyEnd + 1 + count;
+        module = NSSUTIL_ArgStrip(module);
+    }
+    if (block) {
+        if (!libFound) {
+            fprintf(fd, "library=\n");
+        }
+        fwrite(block, PORT_Strlen(block), 1, fd);
+        fprintf(fd, "\n");
+        PORT_Free(block);
+        block = NULL;
+    }
+    fclose(fd);
+    return SECSuccess;
+
+loser:
+    PORT_Free(block);
+    fclose(fd);
+    return SECFailure;
+}
+
+char **
+NSSUTIL_DoModuleDBFunction(unsigned long function, char *parameters, void *args)
+{
+    char *secmod = NULL;
+    char *appName = NULL;
+    char *filename = NULL;
+    NSSDBType dbType = NSS_DB_TYPE_NONE;
+    PRBool rw;
+    static char *success = "Success";
+    char **rvstr = NULL;
+
+    secmod = _NSSUTIL_GetSecmodName(parameters, &dbType, &appName,
+                                    &filename, &rw);
+    if ((dbType == NSS_DB_TYPE_LEGACY) ||
+        (dbType == NSS_DB_TYPE_MULTIACCESS)) {
+        /* we can't handle the old database, only softoken can */
+        PORT_SetError(SEC_ERROR_LEGACY_DATABASE);
+        rvstr = NULL;
+        goto done;
+    }
+
+    switch (function) {
+        case SECMOD_MODULE_DB_FUNCTION_FIND:
+            rvstr = nssutil_ReadSecmodDB(appName, filename,
+                                         secmod, (char *)parameters, rw);
+            break;
+        case SECMOD_MODULE_DB_FUNCTION_ADD:
+            rvstr = (nssutil_AddSecmodDBEntry(appName, filename,
+                                              secmod, (char *)args, rw) == SECSuccess)
+                        ? &success
+                        : NULL;
+            break;
+        case SECMOD_MODULE_DB_FUNCTION_DEL:
+            rvstr = (nssutil_DeleteSecmodDBEntry(appName, filename,
+                                                 secmod, (char *)args, rw) == SECSuccess)
+                        ? &success
+                        : NULL;
+            break;
+        case SECMOD_MODULE_DB_FUNCTION_RELEASE:
+            rvstr = (nssutil_ReleaseSecmodDBData(appName, filename,
+                                                 secmod, (char **)args, rw) == SECSuccess)
+                        ? &success
+                        : NULL;
+            break;
+    }
+done:
+    if (secmod)
+        PR_smprintf_free(secmod);
+    if (appName)
+        PORT_Free(appName);
+    if (filename)
+        PORT_Free(filename);
+    return rvstr;
+}
diff --git a/nss/lib/util/utilmodt.h b/nss/lib/util/utilmodt.h
new file mode 100644
index 0000000..e1555f3
--- /dev/null
+++ b/nss/lib/util/utilmodt.h
@@ -0,0 +1,43 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _UTILMODT_H_
+#define _UTILMODT_H_ 1
+
+/*
+ * these are SECMOD flags that would normally be in secmodt.h, but are needed
+ * for the parser in util. Fort this reason we preserve the SECMOD names.
+ */
+#define SECMOD_RSA_FLAG 0x00000001L
+#define SECMOD_DSA_FLAG 0x00000002L
+#define SECMOD_RC2_FLAG 0x00000004L
+#define SECMOD_RC4_FLAG 0x00000008L
+#define SECMOD_DES_FLAG 0x00000010L
+#define SECMOD_DH_FLAG 0x00000020L
+#define SECMOD_FORTEZZA_FLAG 0x00000040L
+#define SECMOD_RC5_FLAG 0x00000080L
+#define SECMOD_SHA1_FLAG 0x00000100L
+#define SECMOD_MD5_FLAG 0x00000200L
+#define SECMOD_MD2_FLAG 0x00000400L
+#define SECMOD_SSL_FLAG 0x00000800L
+#define SECMOD_TLS_FLAG 0x00001000L
+#define SECMOD_AES_FLAG 0x00002000L
+#define SECMOD_SHA256_FLAG 0x00004000L   /* also for SHA224 */
+#define SECMOD_SHA512_FLAG 0x00008000L   /* also for SHA384 */
+#define SECMOD_CAMELLIA_FLAG 0x00010000L /* = PUBLIC_MECH_CAMELLIA_FLAG */
+#define SECMOD_SEED_FLAG 0x00020000L
+#define SECMOD_ECC_FLAG 0x00040000L
+/* reserved bit for future, do not use */
+#define SECMOD_RESERVED_FLAG 0X08000000L
+#define SECMOD_FRIENDLY_FLAG 0x10000000L
+#define SECMOD_RANDOM_FLAG 0x80000000L
+
+#define PK11_OWN_PW_DEFAULTS 0x20000000L
+#define PK11_DISABLE_FLAG 0x40000000L
+
+/* need to make SECMOD and PK11 prefixes consistent. */
+#define SECMOD_OWN_PW_DEFAULTS PK11_OWN_PW_DEFAULTS
+#define SECMOD_DISABLE_FLAG PK11_DISABLE_FLAG
+
+#endif /* _UTILMODT_H_ */
diff --git a/nss/lib/util/utilpars.c b/nss/lib/util/utilpars.c
new file mode 100644
index 0000000..7116d26
--- /dev/null
+++ b/nss/lib/util/utilpars.c
@@ -0,0 +1,1231 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * The following code handles the storage of PKCS 11 modules used by the
+ * NSS. This file is written to abstract away how the modules are
+ * stored so we can decide that later.
+ */
+#include "secport.h"
+#include "prprf.h"
+#include "prenv.h"
+#include "utilpars.h"
+#include "utilmodt.h"
+
+/*
+ * return the expected matching quote value for the one specified
+ */
+PRBool
+NSSUTIL_ArgGetPair(char c)
+{
+    switch (c) {
+        case '\'':
+            return c;
+        case '\"':
+            return c;
+        case '<':
+            return '>';
+        case '{':
+            return '}';
+        case '[':
+            return ']';
+        case '(':
+            return ')';
+        default:
+            break;
+    }
+    return ' ';
+}
+
+PRBool
+NSSUTIL_ArgIsBlank(char c)
+{
+    return isspace((unsigned char)c);
+}
+
+PRBool
+NSSUTIL_ArgIsEscape(char c)
+{
+    return c == '\\';
+}
+
+PRBool
+NSSUTIL_ArgIsQuote(char c)
+{
+    switch (c) {
+        case '\'':
+        case '\"':
+        case '<':
+        case '{': /* } end curly to keep vi bracket matching working */
+        case '(': /* ) */
+        case '[': /* ] */
+            return PR_TRUE;
+        default:
+            break;
+    }
+    return PR_FALSE;
+}
+
+const char *
+NSSUTIL_ArgStrip(const char *c)
+{
+    while (*c && NSSUTIL_ArgIsBlank(*c))
+        c++;
+    return c;
+}
+
+/*
+ * find the end of the current tag/value pair. string should be pointing just
+ * after the equal sign. Handles quoted characters.
+ */
+const char *
+NSSUTIL_ArgFindEnd(const char *string)
+{
+    char endChar = ' ';
+    PRBool lastEscape = PR_FALSE;
+
+    if (NSSUTIL_ArgIsQuote(*string)) {
+        endChar = NSSUTIL_ArgGetPair(*string);
+        string++;
+    }
+
+    for (; *string; string++) {
+        if (lastEscape) {
+            lastEscape = PR_FALSE;
+            continue;
+        }
+        if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) {
+            lastEscape = PR_TRUE;
+            continue;
+        }
+        if ((endChar == ' ') && NSSUTIL_ArgIsBlank(*string))
+            break;
+        if (*string == endChar) {
+            break;
+        }
+    }
+
+    return string;
+}
+
+/*
+ * get the value pointed to by string. string should be pointing just beyond
+ * the equal sign.
+ */
+char *
+NSSUTIL_ArgFetchValue(const char *string, int *pcount)
+{
+    const char *end = NSSUTIL_ArgFindEnd(string);
+    char *retString, *copyString;
+    PRBool lastEscape = PR_FALSE;
+    int len;
+
+    len = end - string;
+    if (len == 0) {
+        *pcount = 0;
+        return NULL;
+    }
+
+    copyString = retString = (char *)PORT_Alloc(len + 1);
+
+    if (*end)
+        len++;
+    *pcount = len;
+    if (retString == NULL)
+        return NULL;
+
+    if (NSSUTIL_ArgIsQuote(*string))
+        string++;
+    for (; string < end; string++) {
+        if (NSSUTIL_ArgIsEscape(*string) && !lastEscape) {
+            lastEscape = PR_TRUE;
+            continue;
+        }
+        lastEscape = PR_FALSE;
+        *copyString++ = *string;
+    }
+    *copyString = 0;
+    return retString;
+}
+
+/*
+ * point to the next parameter in string
+ */
+const char *
+NSSUTIL_ArgSkipParameter(const char *string)
+{
+    const char *end;
+    /* look for the end of the <name>= */
+    for (; *string; string++) {
+        if (*string == '=') {
+            string++;
+            break;
+        }
+        if (NSSUTIL_ArgIsBlank(*string))
+            return (string);
+    }
+
+    end = NSSUTIL_ArgFindEnd(string);
+    if (*end)
+        end++;
+    return end;
+}
+
+/*
+ * get the value from that tag value pair.
+ */
+char *
+NSSUTIL_ArgGetParamValue(const char *paramName, const char *parameters)
+{
+    char searchValue[256];
+    int paramLen = strlen(paramName);
+    char *returnValue = NULL;
+    int next;
+
+    if ((parameters == NULL) || (*parameters == 0))
+        return NULL;
+
+    PORT_Assert(paramLen + 2 < sizeof(searchValue));
+
+    PORT_Strcpy(searchValue, paramName);
+    PORT_Strcat(searchValue, "=");
+    while (*parameters) {
+        if (PORT_Strncasecmp(parameters, searchValue, paramLen + 1) == 0) {
+            parameters += paramLen + 1;
+            returnValue = NSSUTIL_ArgFetchValue(parameters, &next);
+            break;
+        } else {
+            parameters = NSSUTIL_ArgSkipParameter(parameters);
+        }
+        parameters = NSSUTIL_ArgStrip(parameters);
+    }
+    return returnValue;
+}
+
+/*
+ * find the next flag in the parameter list
+ */
+const char *
+NSSUTIL_ArgNextFlag(const char *flags)
+{
+    for (; *flags; flags++) {
+        if (*flags == ',') {
+            flags++;
+            break;
+        }
+    }
+    return flags;
+}
+
+/*
+ * return true if the flag is set in the label parameter.
+ */
+PRBool
+NSSUTIL_ArgHasFlag(const char *label, const char *flag, const char *parameters)
+{
+    char *flags;
+    const char *index;
+    int len = strlen(flag);
+    PRBool found = PR_FALSE;
+
+    flags = NSSUTIL_ArgGetParamValue(label, parameters);
+    if (flags == NULL)
+        return PR_FALSE;
+
+    for (index = flags; *index; index = NSSUTIL_ArgNextFlag(index)) {
+        if (PORT_Strncasecmp(index, flag, len) == 0) {
+            found = PR_TRUE;
+            break;
+        }
+    }
+    PORT_Free(flags);
+    return found;
+}
+
+/*
+ * decode a number. handle octal (leading '0'), hex (leading '0x') or decimal
+ */
+long
+NSSUTIL_ArgDecodeNumber(const char *num)
+{
+    int radix = 10;
+    unsigned long value = 0;
+    long retValue = 0;
+    int sign = 1;
+    int digit;
+
+    if (num == NULL)
+        return retValue;
+
+    num = NSSUTIL_ArgStrip(num);
+
+    if (*num == '-') {
+        sign = -1;
+        num++;
+    }
+
+    if (*num == '0') {
+        radix = 8;
+        num++;
+        if ((*num == 'x') || (*num == 'X')) {
+            radix = 16;
+            num++;
+        }
+    }
+
+    for (; *num; num++) {
+        if (isdigit(*num)) {
+            digit = *num - '0';
+        } else if ((*num >= 'a') && (*num <= 'f')) {
+            digit = *num - 'a' + 10;
+        } else if ((*num >= 'A') && (*num <= 'F')) {
+            digit = *num - 'A' + 10;
+        } else {
+            break;
+        }
+        if (digit >= radix)
+            break;
+        value = value * radix + digit;
+    }
+
+    retValue = ((int)value) * sign;
+    return retValue;
+}
+
+/*
+ * parameters are tag value pairs. This function returns the tag or label (the
+ * value before the equal size.
+ */
+char *
+NSSUTIL_ArgGetLabel(const char *inString, int *next)
+{
+    char *name = NULL;
+    const char *string;
+    int len;
+
+    /* look for the end of the <label>= */
+    for (string = inString; *string; string++) {
+        if (*string == '=') {
+            break;
+        }
+        if (NSSUTIL_ArgIsBlank(*string))
+            break;
+    }
+
+    len = string - inString;
+
+    *next = len;
+    if (*string == '=')
+        (*next) += 1;
+    if (len > 0) {
+        name = PORT_Alloc(len + 1);
+        PORT_Strncpy(name, inString, len);
+        name[len] = 0;
+    }
+    return name;
+}
+
+/*
+ * read an argument at a Long integer
+ */
+long
+NSSUTIL_ArgReadLong(const char *label, const char *params,
+                    long defValue, PRBool *isdefault)
+{
+    char *value;
+    long retValue;
+    if (isdefault)
+        *isdefault = PR_FALSE;
+
+    value = NSSUTIL_ArgGetParamValue(label, params);
+    if (value == NULL) {
+        if (isdefault)
+            *isdefault = PR_TRUE;
+        return defValue;
+    }
+    retValue = NSSUTIL_ArgDecodeNumber(value);
+    if (value)
+        PORT_Free(value);
+
+    return retValue;
+}
+
+/*
+ * prepare a string to be quoted with 'quote' marks. We do that by adding
+ * appropriate escapes.
+ */
+static int
+nssutil_escapeQuotesSize(const char *string, char quote, PRBool addquotes)
+{
+    int escapes = 0, size = 0;
+    const char *src;
+
+    size = addquotes ? 2 : 0;
+    for (src = string; *src; src++) {
+        if ((*src == quote) || (*src == '\\'))
+            escapes++;
+        size++;
+    }
+    return size + escapes + 1;
+}
+
+static char *
+nssutil_escapeQuotes(const char *string, char quote, PRBool addquotes)
+{
+    char *newString = 0;
+    int size = 0;
+    const char *src;
+    char *dest;
+
+    size = nssutil_escapeQuotesSize(string, quote, addquotes);
+
+    dest = newString = PORT_ZAlloc(size);
+    if (newString == NULL) {
+        return NULL;
+    }
+
+    if (addquotes)
+        *dest++ = quote;
+    for (src = string; *src; src++, dest++) {
+        if ((*src == '\\') || (*src == quote)) {
+            *dest++ = '\\';
+        }
+        *dest = *src;
+    }
+    if (addquotes)
+        *dest = quote;
+
+    return newString;
+}
+
+int
+NSSUTIL_EscapeSize(const char *string, char quote)
+{
+    return nssutil_escapeQuotesSize(string, quote, PR_FALSE);
+}
+
+char *
+NSSUTIL_Escape(const char *string, char quote)
+{
+    return nssutil_escapeQuotes(string, quote, PR_FALSE);
+}
+
+int
+NSSUTIL_QuoteSize(const char *string, char quote)
+{
+    return nssutil_escapeQuotesSize(string, quote, PR_TRUE);
+}
+
+char *
+NSSUTIL_Quote(const char *string, char quote)
+{
+    return nssutil_escapeQuotes(string, quote, PR_TRUE);
+}
+
+int
+NSSUTIL_DoubleEscapeSize(const char *string, char quote1, char quote2)
+{
+    int escapes = 0, size = 0;
+    const char *src;
+    for (src = string; *src; src++) {
+        if (*src == '\\')
+            escapes += 3; /* \\\\ */
+        if (*src == quote1)
+            escapes += 2; /* \\quote1 */
+        if (*src == quote2)
+            escapes++; /* \quote2 */
+        size++;
+    }
+
+    return escapes + size + 1;
+}
+
+char *
+NSSUTIL_DoubleEscape(const char *string, char quote1, char quote2)
+{
+    char *round1 = NULL;
+    char *retValue = NULL;
+    if (string == NULL) {
+        goto done;
+    }
+    round1 = nssutil_escapeQuotes(string, quote1, PR_FALSE);
+    if (round1) {
+        retValue = nssutil_escapeQuotes(round1, quote2, PR_FALSE);
+        PORT_Free(round1);
+    }
+
+done:
+    if (retValue == NULL) {
+        retValue = PORT_Strdup("");
+    }
+    return retValue;
+}
+
+/************************************************************************
+ * These functions are used in contructing strings.
+ * NOTE: they will always return a string, but sometimes it will return
+ * a specific NULL string. These strings must be freed with util_freePair.
+ */
+
+/* string to return on error... */
+static char *nssutil_nullString = "";
+
+static char *
+nssutil_formatValue(PLArenaPool *arena, char *value, char quote)
+{
+    char *vp, *vp2, *retval;
+    int size = 0, escapes = 0;
+
+    for (vp = value; *vp; vp++) {
+        if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE))
+            escapes++;
+        size++;
+    }
+    if (arena) {
+        retval = PORT_ArenaZAlloc(arena, size + escapes + 1);
+    } else {
+        retval = PORT_ZAlloc(size + escapes + 1);
+    }
+    if (retval == NULL)
+        return NULL;
+    vp2 = retval;
+    for (vp = value; *vp; vp++) {
+        if ((*vp == quote) || (*vp == NSSUTIL_ARG_ESCAPE))
+            *vp2++ = NSSUTIL_ARG_ESCAPE;
+        *vp2++ = *vp;
+    }
+    return retval;
+}
+
+static PRBool
+nssutil_argHasChar(char *v, char c)
+{
+    for (; *v; v++) {
+        if (*v == c)
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+static PRBool
+nssutil_argHasBlanks(char *v)
+{
+    for (; *v; v++) {
+        if (NSSUTIL_ArgIsBlank(*v))
+            return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
+static char *
+nssutil_formatPair(char *name, char *value, char quote)
+{
+    char openQuote = quote;
+    char closeQuote = NSSUTIL_ArgGetPair(quote);
+    char *newValue = NULL;
+    char *returnValue;
+    PRBool need_quote = PR_FALSE;
+
+    if (!value || (*value == 0))
+        return nssutil_nullString;
+
+    if (nssutil_argHasBlanks(value) || NSSUTIL_ArgIsQuote(value[0]))
+        need_quote = PR_TRUE;
+
+    if ((need_quote && nssutil_argHasChar(value, closeQuote)) || nssutil_argHasChar(value, NSSUTIL_ARG_ESCAPE)) {
+        value = newValue = nssutil_formatValue(NULL, value, quote);
+        if (newValue == NULL)
+            return nssutil_nullString;
+    }
+    if (need_quote) {
+        returnValue = PR_smprintf("%s=%c%s%c", name, openQuote, value, closeQuote);
+    } else {
+        returnValue = PR_smprintf("%s=%s", name, value);
+    }
+    if (returnValue == NULL)
+        returnValue = nssutil_nullString;
+
+    if (newValue)
+        PORT_Free(newValue);
+
+    return returnValue;
+}
+
+static char *
+nssutil_formatIntPair(char *name, unsigned long value,
+                      unsigned long def)
+{
+    char *returnValue;
+
+    if (value == def)
+        return nssutil_nullString;
+
+    returnValue = PR_smprintf("%s=%d", name, value);
+
+    return returnValue;
+}
+
+static void
+nssutil_freePair(char *pair)
+{
+    if (pair && pair != nssutil_nullString) {
+        PR_smprintf_free(pair);
+    }
+}
+
+/************************************************************************
+ * Parse the Slot specific parameters in the NSS params.
+ */
+
+struct nssutilArgSlotFlagTable {
+    char *name;
+    int len;
+    unsigned long value;
+};
+
+#define NSSUTIL_ARG_ENTRY(arg, flag) \
+    {                                \
+        #arg, sizeof(#arg) - 1, flag \
+    }
+static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
+    NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG),
+    NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG),
+    NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG),
+    NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG),
+    NSSUTIL_ARG_ENTRY(DES, SECMOD_DES_FLAG),
+    NSSUTIL_ARG_ENTRY(DH, SECMOD_DH_FLAG),
+    NSSUTIL_ARG_ENTRY(FORTEZZA, SECMOD_FORTEZZA_FLAG),
+    NSSUTIL_ARG_ENTRY(RC5, SECMOD_RC5_FLAG),
+    NSSUTIL_ARG_ENTRY(SHA1, SECMOD_SHA1_FLAG),
+    NSSUTIL_ARG_ENTRY(SHA256, SECMOD_SHA256_FLAG),
+    NSSUTIL_ARG_ENTRY(SHA512, SECMOD_SHA512_FLAG),
+    NSSUTIL_ARG_ENTRY(MD5, SECMOD_MD5_FLAG),
+    NSSUTIL_ARG_ENTRY(MD2, SECMOD_MD2_FLAG),
+    NSSUTIL_ARG_ENTRY(SSL, SECMOD_SSL_FLAG),
+    NSSUTIL_ARG_ENTRY(TLS, SECMOD_TLS_FLAG),
+    NSSUTIL_ARG_ENTRY(AES, SECMOD_AES_FLAG),
+    NSSUTIL_ARG_ENTRY(Camellia, SECMOD_CAMELLIA_FLAG),
+    NSSUTIL_ARG_ENTRY(SEED, SECMOD_SEED_FLAG),
+    NSSUTIL_ARG_ENTRY(PublicCerts, SECMOD_FRIENDLY_FLAG),
+    NSSUTIL_ARG_ENTRY(RANDOM, SECMOD_RANDOM_FLAG),
+    NSSUTIL_ARG_ENTRY(Disable, SECMOD_DISABLE_FLAG),
+};
+
+static int nssutil_argSlotFlagTableSize =
+    sizeof(nssutil_argSlotFlagTable) / sizeof(nssutil_argSlotFlagTable[0]);
+
+/* turn the slot flags into a bit mask */
+unsigned long
+NSSUTIL_ArgParseSlotFlags(const char *label, const char *params)
+{
+    char *flags;
+    const char *index;
+    unsigned long retValue = 0;
+    int i;
+    PRBool all = PR_FALSE;
+
+    flags = NSSUTIL_ArgGetParamValue(label, params);
+    if (flags == NULL)
+        return 0;
+
+    if (PORT_Strcasecmp(flags, "all") == 0)
+        all = PR_TRUE;
+
+    for (index = flags; *index; index = NSSUTIL_ArgNextFlag(index)) {
+        for (i = 0; i < nssutil_argSlotFlagTableSize; i++) {
+            if (all ||
+                (PORT_Strncasecmp(index, nssutil_argSlotFlagTable[i].name,
+                                  nssutil_argSlotFlagTable[i].len) == 0)) {
+                retValue |= nssutil_argSlotFlagTable[i].value;
+            }
+        }
+    }
+    PORT_Free(flags);
+    return retValue;
+}
+
+/* parse a single slot specific parameter */
+static void
+nssutil_argDecodeSingleSlotInfo(char *name, char *params,
+                                struct NSSUTILPreSlotInfoStr *slotInfo)
+{
+    char *askpw;
+
+    slotInfo->slotID = NSSUTIL_ArgDecodeNumber(name);
+    slotInfo->defaultFlags = NSSUTIL_ArgParseSlotFlags("slotFlags", params);
+    slotInfo->timeout = NSSUTIL_ArgReadLong("timeout", params, 0, NULL);
+
+    askpw = NSSUTIL_ArgGetParamValue("askpw", params);
+    slotInfo->askpw = 0;
+
+    if (askpw) {
+        if (PORT_Strcasecmp(askpw, "every") == 0) {
+            slotInfo->askpw = -1;
+        } else if (PORT_Strcasecmp(askpw, "timeout") == 0) {
+            slotInfo->askpw = 1;
+        }
+        PORT_Free(askpw);
+        slotInfo->defaultFlags |= PK11_OWN_PW_DEFAULTS;
+    }
+    slotInfo->hasRootCerts = NSSUTIL_ArgHasFlag("rootFlags", "hasRootCerts",
+                                                params);
+    slotInfo->hasRootTrust = NSSUTIL_ArgHasFlag("rootFlags", "hasRootTrust",
+                                                params);
+}
+
+/* parse all the slot specific parameters. */
+struct NSSUTILPreSlotInfoStr *
+NSSUTIL_ArgParseSlotInfo(PLArenaPool *arena, const char *slotParams,
+                         int *retCount)
+{
+    const char *slotIndex;
+    struct NSSUTILPreSlotInfoStr *slotInfo = NULL;
+    int i = 0, count = 0, next;
+
+    *retCount = 0;
+    if ((slotParams == NULL) || (*slotParams == 0))
+        return NULL;
+
+    /* first count the number of slots */
+    for (slotIndex = NSSUTIL_ArgStrip(slotParams); *slotIndex;
+         slotIndex = NSSUTIL_ArgStrip(NSSUTIL_ArgSkipParameter(slotIndex))) {
+        count++;
+    }
+
+    /* get the data structures */
+    if (arena) {
+        slotInfo = PORT_ArenaZNewArray(arena,
+                                       struct NSSUTILPreSlotInfoStr, count);
+    } else {
+        slotInfo = PORT_ZNewArray(struct NSSUTILPreSlotInfoStr, count);
+    }
+    if (slotInfo == NULL)
+        return NULL;
+
+    for (slotIndex = NSSUTIL_ArgStrip(slotParams), i = 0;
+         *slotIndex && i < count;) {
+        char *name;
+        name = NSSUTIL_ArgGetLabel(slotIndex, &next);
+        slotIndex += next;
+
+        if (!NSSUTIL_ArgIsBlank(*slotIndex)) {
+            char *args = NSSUTIL_ArgFetchValue(slotIndex, &next);
+            slotIndex += next;
+            if (args) {
+                nssutil_argDecodeSingleSlotInfo(name, args, &slotInfo[i]);
+                i++;
+                PORT_Free(args);
+            }
+        }
+        if (name)
+            PORT_Free(name);
+        slotIndex = NSSUTIL_ArgStrip(slotIndex);
+    }
+    *retCount = i;
+    return slotInfo;
+}
+
+/************************************************************************
+ * make a new slot specific parameter
+ */
+/* first make the slot flags */
+static char *
+nssutil_mkSlotFlags(unsigned long defaultFlags)
+{
+    char *flags = NULL;
+    unsigned int i;
+    int j;
+
+    for (i = 0; i < sizeof(defaultFlags) * 8; i++) {
+        if (defaultFlags & (1UL << i)) {
+            char *string = NULL;
+
+            for (j = 0; j < nssutil_argSlotFlagTableSize; j++) {
+                if (nssutil_argSlotFlagTable[j].value == (1UL << i)) {
+                    string = nssutil_argSlotFlagTable[j].name;
+                    break;
+                }
+            }
+            if (string) {
+                if (flags) {
+                    char *tmp;
+                    tmp = PR_smprintf("%s,%s", flags, string);
+                    PR_smprintf_free(flags);
+                    flags = tmp;
+                } else {
+                    flags = PR_smprintf("%s", string);
+                }
+            }
+        }
+    }
+
+    return flags;
+}
+
+/* now make the root flags */
+#define NSSUTIL_MAX_ROOT_FLAG_SIZE sizeof("hasRootCerts") + sizeof("hasRootTrust")
+static char *
+nssutil_mkRootFlags(PRBool hasRootCerts, PRBool hasRootTrust)
+{
+    char *flags = (char *)PORT_ZAlloc(NSSUTIL_MAX_ROOT_FLAG_SIZE);
+    PRBool first = PR_TRUE;
+
+    PORT_Memset(flags, 0, NSSUTIL_MAX_ROOT_FLAG_SIZE);
+    if (hasRootCerts) {
+        PORT_Strcat(flags, "hasRootCerts");
+        first = PR_FALSE;
+    }
+    if (hasRootTrust) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "hasRootTrust");
+    }
+    return flags;
+}
+
+/* now make a full slot string */
+char *
+NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags,
+                     unsigned long timeout, unsigned char askpw_in,
+                     PRBool hasRootCerts, PRBool hasRootTrust)
+{
+    char *askpw, *flags, *rootFlags, *slotString;
+    char *flagPair, *rootFlagsPair;
+
+    switch (askpw_in) {
+        case 0xff:
+            askpw = "every";
+            break;
+        case 1:
+            askpw = "timeout";
+            break;
+        default:
+            askpw = "any";
+            break;
+    }
+    flags = nssutil_mkSlotFlags(defaultFlags);
+    rootFlags = nssutil_mkRootFlags(hasRootCerts, hasRootTrust);
+    flagPair = nssutil_formatPair("slotFlags", flags, '\'');
+    rootFlagsPair = nssutil_formatPair("rootFlags", rootFlags, '\'');
+    if (flags)
+        PR_smprintf_free(flags);
+    if (rootFlags)
+        PORT_Free(rootFlags);
+    if (defaultFlags & PK11_OWN_PW_DEFAULTS) {
+        slotString = PR_smprintf("0x%08lx=[%s askpw=%s timeout=%d %s]",
+                                 (PRUint32)slotID, flagPair, askpw, timeout,
+                                 rootFlagsPair);
+    } else {
+        slotString = PR_smprintf("0x%08lx=[%s %s]",
+                                 (PRUint32)slotID, flagPair, rootFlagsPair);
+    }
+    nssutil_freePair(flagPair);
+    nssutil_freePair(rootFlagsPair);
+    return slotString;
+}
+
+/************************************************************************
+ * Parse Full module specs into: library, commonName, module parameters,
+ * and NSS specifi parameters.
+ */
+SECStatus
+NSSUTIL_ArgParseModuleSpecEx(const char *modulespec, char **lib, char **mod,
+                             char **parameters, char **nss,
+                             char **config)
+{
+    int next;
+    modulespec = NSSUTIL_ArgStrip(modulespec);
+
+    *lib = *mod = *parameters = *nss = *config = 0;
+
+    while (*modulespec) {
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *lib, "library=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *mod, "name=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *parameters, "parameters=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *nss, "nss=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *config, "config=", ;)
+        NSSUTIL_HANDLE_FINAL_ARG(modulespec)
+    }
+    return SECSuccess;
+}
+
+/************************************************************************
+ * Parse Full module specs into: library, commonName, module parameters,
+ * and NSS specifi parameters.
+ */
+SECStatus
+NSSUTIL_ArgParseModuleSpec(const char *modulespec, char **lib, char **mod,
+                           char **parameters, char **nss)
+{
+    int next;
+    modulespec = NSSUTIL_ArgStrip(modulespec);
+
+    *lib = *mod = *parameters = *nss = 0;
+
+    while (*modulespec) {
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *lib, "library=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *mod, "name=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *parameters, "parameters=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(modulespec, *nss, "nss=", ;)
+        NSSUTIL_HANDLE_FINAL_ARG(modulespec)
+    }
+    return SECSuccess;
+}
+
+/************************************************************************
+ * make a new module spec from it's components */
+char *
+NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters,
+                       char *NSS,
+                       char *config)
+{
+    char *moduleSpec;
+    char *lib, *name, *param, *nss, *conf;
+
+    /*
+     * now the final spec
+     */
+    lib = nssutil_formatPair("library", dllName, '\"');
+    name = nssutil_formatPair("name", commonName, '\"');
+    param = nssutil_formatPair("parameters", parameters, '\"');
+    nss = nssutil_formatPair("NSS", NSS, '\"');
+    if (config) {
+        conf = nssutil_formatPair("config", config, '\"');
+        moduleSpec = PR_smprintf("%s %s %s %s %s", lib, name, param, nss, conf);
+        nssutil_freePair(conf);
+    } else {
+        moduleSpec = PR_smprintf("%s %s %s %s", lib, name, param, nss);
+    }
+    nssutil_freePair(lib);
+    nssutil_freePair(name);
+    nssutil_freePair(param);
+    nssutil_freePair(nss);
+    return (moduleSpec);
+}
+
+/************************************************************************
+ * make a new module spec from it's components */
+char *
+NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters,
+                     char *NSS)
+{
+    return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL);
+}
+
+#define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA"
+/******************************************************************************
+ * Parse the cipher flags from the NSS parameter
+ */
+void
+NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers, const char *cipherList)
+{
+    newCiphers[0] = newCiphers[1] = 0;
+    if ((cipherList == NULL) || (*cipherList == 0))
+        return;
+
+    for (; *cipherList; cipherList = NSSUTIL_ArgNextFlag(cipherList)) {
+        if (PORT_Strncasecmp(cipherList, NSSUTIL_ARG_FORTEZZA_FLAG,
+                             sizeof(NSSUTIL_ARG_FORTEZZA_FLAG) - 1) == 0) {
+            newCiphers[0] |= SECMOD_FORTEZZA_FLAG;
+        }
+
+        /* add additional flags here as necessary */
+        /* direct bit mapping escape */
+        if (*cipherList == 0) {
+            if (cipherList[1] == 'l') {
+                newCiphers[1] |= atoi(&cipherList[2]);
+            } else {
+                newCiphers[0] |= atoi(&cipherList[2]);
+            }
+        }
+    }
+}
+
+/*********************************************************************
+ * make NSS parameter...
+ */
+/* First make NSS specific flags */
+#define MAX_FLAG_SIZE sizeof("internal") + sizeof("FIPS") + sizeof("moduleDB") + \
+                          sizeof("moduleDBOnly") + sizeof("critical")
+static char *
+nssutil_mkNSSFlags(PRBool internal, PRBool isFIPS,
+                   PRBool isModuleDB, PRBool isModuleDBOnly, PRBool isCritical)
+{
+    char *flags = (char *)PORT_ZAlloc(MAX_FLAG_SIZE);
+    PRBool first = PR_TRUE;
+
+    PORT_Memset(flags, 0, MAX_FLAG_SIZE);
+    if (internal) {
+        PORT_Strcat(flags, "internal");
+        first = PR_FALSE;
+    }
+    if (isFIPS) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "FIPS");
+        first = PR_FALSE;
+    }
+    if (isModuleDB) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "moduleDB");
+        first = PR_FALSE;
+    }
+    if (isModuleDBOnly) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "moduleDBOnly");
+        first = PR_FALSE;
+    }
+    if (isCritical) {
+        if (!first)
+            PORT_Strcat(flags, ",");
+        PORT_Strcat(flags, "critical");
+    }
+    return flags;
+}
+
+/* construct the NSS cipher flags */
+static char *
+nssutil_mkCipherFlags(unsigned long ssl0, unsigned long ssl1)
+{
+    char *cipher = NULL;
+    unsigned int i;
+
+    for (i = 0; i < sizeof(ssl0) * 8; i++) {
+        if (ssl0 & (1UL << i)) {
+            char *string;
+            if ((1UL << i) == SECMOD_FORTEZZA_FLAG) {
+                string = PR_smprintf("%s", NSSUTIL_ARG_FORTEZZA_FLAG);
+            } else {
+                string = PR_smprintf("0h0x%08lx", 1UL << i);
+            }
+            if (cipher) {
+                char *tmp;
+                tmp = PR_smprintf("%s,%s", cipher, string);
+                PR_smprintf_free(cipher);
+                PR_smprintf_free(string);
+                cipher = tmp;
+            } else {
+                cipher = string;
+            }
+        }
+    }
+    for (i = 0; i < sizeof(ssl0) * 8; i++) {
+        if (ssl1 & (1UL << i)) {
+            if (cipher) {
+                char *tmp;
+                tmp = PR_smprintf("%s,0l0x%08lx", cipher, 1UL << i);
+                PR_smprintf_free(cipher);
+                cipher = tmp;
+            } else {
+                cipher = PR_smprintf("0l0x%08lx", 1UL << i);
+            }
+        }
+    }
+
+    return cipher;
+}
+
+/* Assemble a full NSS string. */
+char *
+NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
+                    PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly,
+                    PRBool isCritical, unsigned long trustOrder,
+                    unsigned long cipherOrder, unsigned long ssl0, unsigned long ssl1)
+{
+    int slotLen, i;
+    char *slotParams, *ciphers, *nss, *nssFlags;
+    const char *tmp;
+    char *trustOrderPair, *cipherOrderPair, *slotPair, *cipherPair, *flagPair;
+
+    /* now let's build up the string
+     * first the slot infos
+     */
+    slotLen = 0;
+    for (i = 0; i < (int)slotCount; i++) {
+        slotLen += PORT_Strlen(slotStrings[i]) + 1;
+    }
+    slotLen += 1; /* space for the final NULL */
+
+    slotParams = (char *)PORT_ZAlloc(slotLen);
+    PORT_Memset(slotParams, 0, slotLen);
+    for (i = 0; i < (int)slotCount; i++) {
+        PORT_Strcat(slotParams, slotStrings[i]);
+        PORT_Strcat(slotParams, " ");
+        PR_smprintf_free(slotStrings[i]);
+        slotStrings[i] = NULL;
+    }
+
+    /*
+     * now the NSS structure
+     */
+    nssFlags = nssutil_mkNSSFlags(internal, isFIPS, isModuleDB, isModuleDBOnly,
+                                  isCritical);
+    /* for now only the internal module is critical */
+    ciphers = nssutil_mkCipherFlags(ssl0, ssl1);
+
+    trustOrderPair = nssutil_formatIntPair("trustOrder", trustOrder,
+                                           NSSUTIL_DEFAULT_TRUST_ORDER);
+    cipherOrderPair = nssutil_formatIntPair("cipherOrder", cipherOrder,
+                                            NSSUTIL_DEFAULT_CIPHER_ORDER);
+    slotPair = nssutil_formatPair("slotParams", slotParams, '{'); /* } */
+    if (slotParams)
+        PORT_Free(slotParams);
+    cipherPair = nssutil_formatPair("ciphers", ciphers, '\'');
+    if (ciphers)
+        PR_smprintf_free(ciphers);
+    flagPair = nssutil_formatPair("Flags", nssFlags, '\'');
+    if (nssFlags)
+        PORT_Free(nssFlags);
+    nss = PR_smprintf("%s %s %s %s %s", trustOrderPair,
+                      cipherOrderPair, slotPair, cipherPair, flagPair);
+    nssutil_freePair(trustOrderPair);
+    nssutil_freePair(cipherOrderPair);
+    nssutil_freePair(slotPair);
+    nssutil_freePair(cipherPair);
+    nssutil_freePair(flagPair);
+    tmp = NSSUTIL_ArgStrip(nss);
+    if (*tmp == '\0') {
+        PR_smprintf_free(nss);
+        nss = NULL;
+    }
+    return nss;
+}
+
+/*****************************************************************************
+ *
+ * Private calls for use by softoken and utilmod.c
+ */
+
+#define SQLDB "sql:"
+#define EXTERNDB "extern:"
+#define LEGACY "dbm:"
+#define MULTIACCESS "multiaccess:"
+#define SECMOD_DB "secmod.db"
+const char *
+_NSSUTIL_EvaluateConfigDir(const char *configdir,
+                           NSSDBType *pdbType, char **appName)
+{
+    NSSDBType dbType;
+    PRBool checkEnvDefaultDB = PR_FALSE;
+    *appName = NULL;
+/* force the default */
+#ifdef NSS_DISABLE_DBM
+    dbType = NSS_DB_TYPE_SQL;
+#else
+    dbType = NSS_DB_TYPE_LEGACY;
+#endif
+    if (configdir == NULL) {
+        checkEnvDefaultDB = PR_TRUE;
+    } else if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS) - 1) == 0) {
+        char *cdir;
+        dbType = NSS_DB_TYPE_MULTIACCESS;
+
+        *appName = PORT_Strdup(configdir + sizeof(MULTIACCESS) - 1);
+        if (*appName == NULL) {
+            return configdir;
+        }
+        cdir = *appName;
+        while (*cdir && *cdir != ':') {
+            cdir++;
+        }
+        if (*cdir == ':') {
+            *cdir = 0;
+            cdir++;
+        }
+        configdir = cdir;
+    } else if (PORT_Strncmp(configdir, SQLDB, sizeof(SQLDB) - 1) == 0) {
+        dbType = NSS_DB_TYPE_SQL;
+        configdir = configdir + sizeof(SQLDB) - 1;
+    } else if (PORT_Strncmp(configdir, EXTERNDB, sizeof(EXTERNDB) - 1) == 0) {
+        dbType = NSS_DB_TYPE_EXTERN;
+        configdir = configdir + sizeof(EXTERNDB) - 1;
+    } else if (PORT_Strncmp(configdir, LEGACY, sizeof(LEGACY) - 1) == 0) {
+        dbType = NSS_DB_TYPE_LEGACY;
+        configdir = configdir + sizeof(LEGACY) - 1;
+    } else {
+        checkEnvDefaultDB = PR_TRUE;
+    }
+
+    /* look up the default from the environment */
+    if (checkEnvDefaultDB) {
+        char *defaultType = PR_GetEnvSecure("NSS_DEFAULT_DB_TYPE");
+        if (defaultType != NULL) {
+            if (PORT_Strncmp(defaultType, SQLDB, sizeof(SQLDB) - 2) == 0) {
+                dbType = NSS_DB_TYPE_SQL;
+            } else if (PORT_Strncmp(defaultType, EXTERNDB, sizeof(EXTERNDB) - 2) == 0) {
+                dbType = NSS_DB_TYPE_EXTERN;
+            } else if (PORT_Strncmp(defaultType, LEGACY, sizeof(LEGACY) - 2) == 0) {
+                dbType = NSS_DB_TYPE_LEGACY;
+            }
+        }
+    }
+    /* if the caller has already set a type, don't change it */
+    if (*pdbType == NSS_DB_TYPE_NONE) {
+        *pdbType = dbType;
+    }
+    return configdir;
+}
+
+char *
+_NSSUTIL_GetSecmodName(const char *param, NSSDBType *dbType, char **appName,
+                       char **filename, PRBool *rw)
+{
+    int next;
+    char *configdir = NULL;
+    char *secmodName = NULL;
+    char *value = NULL;
+    const char *save_params = param;
+    const char *lconfigdir;
+    PRBool noModDB = PR_FALSE;
+    param = NSSUTIL_ArgStrip(param);
+
+    while (*param) {
+        NSSUTIL_HANDLE_STRING_ARG(param, configdir, "configDir=", ;)
+        NSSUTIL_HANDLE_STRING_ARG(param, secmodName, "secmod=", ;)
+        NSSUTIL_HANDLE_FINAL_ARG(param)
+    }
+
+    *rw = PR_TRUE;
+    if (NSSUTIL_ArgHasFlag("flags", "readOnly", save_params)) {
+        *rw = PR_FALSE;
+    }
+
+    if (!secmodName || *secmodName == '\0') {
+        if (secmodName)
+            PORT_Free(secmodName);
+        secmodName = PORT_Strdup(SECMOD_DB);
+    }
+
+    *filename = secmodName;
+    lconfigdir = _NSSUTIL_EvaluateConfigDir(configdir, dbType, appName);
+
+    if (NSSUTIL_ArgHasFlag("flags", "noModDB", save_params)) {
+        /* there isn't a module db, don't load the legacy support */
+        noModDB = PR_TRUE;
+        *dbType = NSS_DB_TYPE_SQL;
+        PORT_Free(*filename);
+        *filename = NULL;
+        *rw = PR_FALSE;
+    }
+
+    /* only use the renamed secmod for legacy databases */
+    if ((*dbType != NSS_DB_TYPE_LEGACY) &&
+        (*dbType != NSS_DB_TYPE_MULTIACCESS) &&
+        !NSSUTIL_ArgHasFlag("flags", "forceSecmodChoice", save_params)) {
+        secmodName = "pkcs11.txt";
+    }
+
+    if (noModDB) {
+        value = NULL;
+    } else if (lconfigdir && lconfigdir[0] != '\0') {
+        value = PR_smprintf("%s" NSSUTIL_PATH_SEPARATOR "%s",
+                            lconfigdir, secmodName);
+    } else {
+        value = PR_smprintf("%s", secmodName);
+    }
+    if (configdir)
+        PORT_Free(configdir);
+    return value;
+}
diff --git a/nss/lib/util/utilpars.h b/nss/lib/util/utilpars.h
new file mode 100644
index 0000000..7076726
--- /dev/null
+++ b/nss/lib/util/utilpars.h
@@ -0,0 +1,63 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _UTILPARS_H_
+#define _UTILPARS_H_ 1
+
+#include "utilparst.h"
+#include "plarena.h"
+
+/* handle a module db request */
+char **NSSUTIL_DoModuleDBFunction(unsigned long function, char *parameters, void *args);
+
+/* parsing functions */
+char *NSSUTIL_ArgFetchValue(const char *string, int *pcount);
+const char *NSSUTIL_ArgStrip(const char *c);
+char *NSSUTIL_ArgGetParamValue(const char *paramName, const char *parameters);
+const char *NSSUTIL_ArgSkipParameter(const char *string);
+char *NSSUTIL_ArgGetLabel(const char *inString, int *next);
+long NSSUTIL_ArgDecodeNumber(const char *num);
+PRBool NSSUTIL_ArgIsBlank(char c);
+PRBool NSSUTIL_ArgHasFlag(const char *label, const char *flag,
+                          const char *parameters);
+long NSSUTIL_ArgReadLong(const char *label, const char *params, long defValue,
+                         PRBool *isdefault);
+
+/* quoting functions */
+int NSSUTIL_EscapeSize(const char *string, char quote);
+char *NSSUTIL_Escape(const char *string, char quote);
+int NSSUTIL_QuoteSize(const char *string, char quote);
+char *NSSUTIL_Quote(const char *string, char quote);
+int NSSUTIL_DoubleEscapeSize(const char *string, char quote1, char quote2);
+char *NSSUTIL_DoubleEscape(const char *string, char quote1, char quote2);
+
+unsigned long NSSUTIL_ArgParseSlotFlags(const char *label, const char *params);
+struct NSSUTILPreSlotInfoStr *NSSUTIL_ArgParseSlotInfo(PLArenaPool *arena,
+                                                       const char *slotParams, int *retCount);
+char *NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags,
+                           unsigned long timeout, unsigned char askpw_in,
+                           PRBool hasRootCerts, PRBool hasRootTrust);
+SECStatus NSSUTIL_ArgParseModuleSpec(const char *modulespec, char **lib,
+                                     char **mod, char **parameters, char **nss);
+SECStatus NSSUTIL_ArgParseModuleSpecEx(const char *modulespec, char **lib,
+                                       char **mod, char **parameters, char **nss, char **config);
+char *NSSUTIL_MkModuleSpec(char *dllName, char *commonName,
+                           char *parameters, char *NSS);
+char *NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName,
+                             char *parameters, char *NSS, char *config);
+void NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers,
+                                 const char *cipherList);
+char *NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
+                          PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly,
+                          PRBool isCritical, unsigned long trustOrder,
+                          unsigned long cipherOrder, unsigned long ssl0, unsigned long ssl1);
+
+/*
+ * private functions for softoken.
+ */
+char *_NSSUTIL_GetSecmodName(const char *param, NSSDBType *dbType,
+                             char **appName, char **filename, PRBool *rw);
+const char *_NSSUTIL_EvaluateConfigDir(const char *configdir, NSSDBType *dbType, char **app);
+
+#endif /* _UTILPARS_H_ */
diff --git a/nss/lib/util/utilparst.h b/nss/lib/util/utilparst.h
new file mode 100644
index 0000000..f2148e6
--- /dev/null
+++ b/nss/lib/util/utilparst.h
@@ -0,0 +1,78 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef UTILPARS_T_H
+#define UTILPARS_T_H 1
+#include "pkcs11t.h"
+
+/*
+ * macros to handle parsing strings of blank sparated arguments.
+ * Several NSSUTIL_HANDLE_STRING() macros should be places one after another with no intervening
+ * code. The first ones have precedence over the later ones. The last Macro should be
+ * NSSUTIL_HANDLE_FINAL_ARG.
+ *
+ *  param is the input parameters. On exit param will point to the next parameter to parse. If the
+ *      last paramter has been returned, param points to a null byte (*param = '0');
+ *  target is the location to store any data aquired from the parameter. Caller is responsible to free this data.
+ *  value is the string value of the parameter.
+ *  command is any commands you need to run to help process the parameter's data.
+ */
+#define NSSUTIL_HANDLE_STRING_ARG(param, target, value, command)  \
+    if (PORT_Strncasecmp(param, value, sizeof(value) - 1) == 0) { \
+        param += sizeof(value) - 1;                               \
+        if (target)                                               \
+            PORT_Free(target);                                    \
+        target = NSSUTIL_ArgFetchValue(param, &next);             \
+        param += next;                                            \
+        command;                                                  \
+    } else
+
+#define NSSUTIL_HANDLE_FINAL_ARG(param)          \
+    {                                            \
+        param = NSSUTIL_ArgSkipParameter(param); \
+    }                                            \
+    param = NSSUTIL_ArgStrip(param);
+
+#define NSSUTIL_PATH_SEPARATOR "/"
+
+/* default module configuration strings */
+#define NSSUTIL_DEFAULT_INTERNAL_INIT1 \
+    "library= name=\"NSS Internal PKCS #11 Module\" parameters="
+#define NSSUTIL_DEFAULT_INTERNAL_INIT2 \
+    " NSS=\"Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={"
+#define NSSUTIL_DEFAULT_INTERNAL_INIT3 \
+    " askpw=any timeout=30})\""
+#define NSSUTIL_DEFAULT_SFTKN_FLAGS \
+    "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
+
+#define NSSUTIL_DEFAULT_CIPHER_ORDER 0
+#define NSSUTIL_DEFAULT_TRUST_ORDER 50
+#define NSSUTIL_ARG_ESCAPE '\\'
+
+/* hold slot default flags until we initialize a slot. This structure is only
+ * useful between the time we define a module (either by hand or from the
+ * database) and the time the module is loaded. Not reference counted  */
+struct NSSUTILPreSlotInfoStr {
+    CK_SLOT_ID slotID;          /* slot these flags are for */
+    unsigned long defaultFlags; /* bit mask of default implementation this slot
+                                 * provides */
+    int askpw;                  /* slot specific password bits */
+    long timeout;               /* slot specific timeout value */
+    char hasRootCerts;          /* is this the root cert PKCS #11 module? */
+    char hasRootTrust;          /* is this the root cert PKCS #11 module? */
+    int reserved0[2];
+    void *reserved1[2];
+};
+
+/*
+ * private functions for softoken.
+ */
+typedef enum {
+    NSS_DB_TYPE_NONE = 0,
+    NSS_DB_TYPE_SQL,
+    NSS_DB_TYPE_EXTERN,
+    NSS_DB_TYPE_LEGACY,
+    NSS_DB_TYPE_MULTIACCESS
+} NSSDBType;
+
+#endif /* UTILPARS_T_H */
diff --git a/nss/lib/util/utilrename.h b/nss/lib/util/utilrename.h
new file mode 100644
index 0000000..1aea3d2
--- /dev/null
+++ b/nss/lib/util/utilrename.h
@@ -0,0 +1,162 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * utilrename.h - rename symbols moved from libnss3 to libnssutil3
+ *
+ */
+
+#ifndef _LIBUTIL_H_
+#define _LIBUTIL_H_ _LIBUTIL_H__Util
+
+#ifdef USE_UTIL_DIRECTLY
+
+/* functions moved from libnss3 */
+#define ATOB_AsciiToData ATOB_AsciiToData_Util
+#define ATOB_ConvertAsciiToItem ATOB_ConvertAsciiToItem_Util
+#define BTOA_ConvertItemToAscii BTOA_ConvertItemToAscii_Util
+#define BTOA_DataToAscii BTOA_DataToAscii_Util
+#define CERT_GenTime2FormattedAscii CERT_GenTime2FormattedAscii_Util
+#define DER_AsciiToTime DER_AsciiToTime_Util
+#define DER_DecodeTimeChoice DER_DecodeTimeChoice_Util
+#define DER_Encode DER_Encode_Util
+#define DER_EncodeTimeChoice DER_EncodeTimeChoice_Util
+#define DER_GeneralizedDayToAscii DER_GeneralizedDayToAscii_Util
+#define DER_GeneralizedTimeToTime DER_GeneralizedTimeToTime_Util
+#define DER_GetInteger DER_GetInteger_Util
+#define DER_Lengths DER_Lengths_Util
+#define DER_TimeChoiceDayToAscii DER_TimeChoiceDayToAscii_Util
+#define DER_TimeToGeneralizedTime DER_TimeToGeneralizedTime_Util
+#define DER_TimeToGeneralizedTimeArena DER_TimeToGeneralizedTimeArena_Util
+#define DER_TimeToUTCTime DER_TimeToUTCTime_Util
+#define DER_UTCDayToAscii DER_UTCDayToAscii_Util
+#define DER_UTCTimeToAscii DER_UTCTimeToAscii_Util
+#define DER_UTCTimeToTime DER_UTCTimeToTime_Util
+#define NSS_PutEnv NSS_PutEnv_Util
+#define NSSBase64_DecodeBuffer NSSBase64_DecodeBuffer_Util
+#define NSSBase64_EncodeItem NSSBase64_EncodeItem_Util
+#define NSSBase64Decoder_Create NSSBase64Decoder_Create_Util
+#define NSSBase64Decoder_Destroy NSSBase64Decoder_Destroy_Util
+#define NSSBase64Decoder_Update NSSBase64Decoder_Update_Util
+#define NSSBase64Encoder_Create NSSBase64Encoder_Create_Util
+#define NSSBase64Encoder_Destroy NSSBase64Encoder_Destroy_Util
+#define NSSBase64Encoder_Update NSSBase64Encoder_Update_Util
+#define NSSRWLock_Destroy NSSRWLock_Destroy_Util
+#define NSSRWLock_HaveWriteLock NSSRWLock_HaveWriteLock_Util
+#define NSSRWLock_LockRead NSSRWLock_LockRead_Util
+#define NSSRWLock_LockWrite NSSRWLock_LockWrite_Util
+#define NSSRWLock_New NSSRWLock_New_Util
+#define NSSRWLock_UnlockRead NSSRWLock_UnlockRead_Util
+#define NSSRWLock_UnlockWrite NSSRWLock_UnlockWrite_Util
+#define PORT_Alloc PORT_Alloc_Util
+#define PORT_ArenaAlloc PORT_ArenaAlloc_Util
+#define PORT_ArenaGrow PORT_ArenaGrow_Util
+#define PORT_ArenaMark PORT_ArenaMark_Util
+#define PORT_ArenaRelease PORT_ArenaRelease_Util
+#define PORT_ArenaStrdup PORT_ArenaStrdup_Util
+#define PORT_ArenaUnmark PORT_ArenaUnmark_Util
+#define PORT_ArenaZAlloc PORT_ArenaZAlloc_Util
+#define PORT_Free PORT_Free_Util
+#define PORT_FreeArena PORT_FreeArena_Util
+#define PORT_GetError PORT_GetError_Util
+#define PORT_NewArena PORT_NewArena_Util
+#define PORT_Realloc PORT_Realloc_Util
+#define PORT_SetError PORT_SetError_Util
+#define PORT_SetUCS2_ASCIIConversionFunction PORT_SetUCS2_ASCIIConversionFunction_Util
+#define PORT_SetUCS2_UTF8ConversionFunction PORT_SetUCS2_UTF8ConversionFunction_Util
+#define PORT_SetUCS4_UTF8ConversionFunction PORT_SetUCS4_UTF8ConversionFunction_Util
+#define PORT_Strdup PORT_Strdup_Util
+#define PORT_UCS2_ASCIIConversion PORT_UCS2_ASCIIConversion_Util
+#define PORT_UCS2_UTF8Conversion PORT_UCS2_UTF8Conversion_Util
+#define PORT_ZAlloc PORT_ZAlloc_Util
+#define PORT_ZFree PORT_ZFree_Util
+#define SEC_ASN1Decode SEC_ASN1Decode_Util
+#define SEC_ASN1DecodeInteger SEC_ASN1DecodeInteger_Util
+#define SEC_ASN1DecodeItem SEC_ASN1DecodeItem_Util
+#define SEC_ASN1DecoderAbort SEC_ASN1DecoderAbort_Util
+#define SEC_ASN1DecoderClearFilterProc SEC_ASN1DecoderClearFilterProc_Util
+#define SEC_ASN1DecoderClearNotifyProc SEC_ASN1DecoderClearNotifyProc_Util
+#define SEC_ASN1DecoderFinish SEC_ASN1DecoderFinish_Util
+#define SEC_ASN1DecoderSetFilterProc SEC_ASN1DecoderSetFilterProc_Util
+#define SEC_ASN1DecoderSetNotifyProc SEC_ASN1DecoderSetNotifyProc_Util
+#define SEC_ASN1DecoderStart SEC_ASN1DecoderStart_Util
+#define SEC_ASN1DecoderUpdate SEC_ASN1DecoderUpdate_Util
+#define SEC_ASN1Encode SEC_ASN1Encode_Util
+#define SEC_ASN1EncodeInteger SEC_ASN1EncodeInteger_Util
+#define SEC_ASN1EncodeItem SEC_ASN1EncodeItem_Util
+#define SEC_ASN1EncoderAbort SEC_ASN1EncoderAbort_Util
+#define SEC_ASN1EncoderClearNotifyProc SEC_ASN1EncoderClearNotifyProc_Util
+#define SEC_ASN1EncoderClearStreaming SEC_ASN1EncoderClearStreaming_Util
+#define SEC_ASN1EncoderClearTakeFromBuf SEC_ASN1EncoderClearTakeFromBuf_Util
+#define SEC_ASN1EncoderFinish SEC_ASN1EncoderFinish_Util
+#define SEC_ASN1EncoderSetNotifyProc SEC_ASN1EncoderSetNotifyProc_Util
+#define SEC_ASN1EncoderSetStreaming SEC_ASN1EncoderSetStreaming_Util
+#define SEC_ASN1EncoderSetTakeFromBuf SEC_ASN1EncoderSetTakeFromBuf_Util
+#define SEC_ASN1EncoderStart SEC_ASN1EncoderStart_Util
+#define SEC_ASN1EncoderUpdate SEC_ASN1EncoderUpdate_Util
+#define SEC_ASN1EncodeUnsignedInteger SEC_ASN1EncodeUnsignedInteger_Util
+#define SEC_ASN1LengthLength SEC_ASN1LengthLength_Util
+#define SEC_QuickDERDecodeItem SEC_QuickDERDecodeItem_Util
+#define SECITEM_AllocItem SECITEM_AllocItem_Util
+#define SECITEM_ArenaDupItem SECITEM_ArenaDupItem_Util
+#define SECITEM_CompareItem SECITEM_CompareItem_Util
+#define SECITEM_CopyItem SECITEM_CopyItem_Util
+#define SECITEM_DupItem SECITEM_DupItem_Util
+#define SECITEM_FreeItem SECITEM_FreeItem_Util
+#define SECITEM_ItemsAreEqual SECITEM_ItemsAreEqual_Util
+#define SECITEM_ZfreeItem SECITEM_ZfreeItem_Util
+#define SECOID_AddEntry SECOID_AddEntry_Util
+#define SECOID_CompareAlgorithmID SECOID_CompareAlgorithmID_Util
+#define SECOID_CopyAlgorithmID SECOID_CopyAlgorithmID_Util
+#define SECOID_DestroyAlgorithmID SECOID_DestroyAlgorithmID_Util
+#define SECOID_FindOID SECOID_FindOID_Util
+#define SECOID_FindOIDByTag SECOID_FindOIDByTag_Util
+#define SECOID_FindOIDTag SECOID_FindOIDTag_Util
+#define SECOID_FindOIDTagDescription SECOID_FindOIDTagDescription_Util
+#define SECOID_GetAlgorithmTag SECOID_GetAlgorithmTag_Util
+#define SECOID_SetAlgorithmID SECOID_SetAlgorithmID_Util
+#define SGN_CompareDigestInfo SGN_CompareDigestInfo_Util
+#define SGN_CopyDigestInfo SGN_CopyDigestInfo_Util
+#define SGN_CreateDigestInfo SGN_CreateDigestInfo_Util
+#define SGN_DestroyDigestInfo SGN_DestroyDigestInfo_Util
+
+/* templates moved from libnss3 */
+#define NSS_Get_SEC_AnyTemplate NSS_Get_SEC_AnyTemplate_Util
+#define NSS_Get_SEC_BitStringTemplate NSS_Get_SEC_BitStringTemplate_Util
+#define NSS_Get_SEC_BMPStringTemplate NSS_Get_SEC_BMPStringTemplate_Util
+#define NSS_Get_SEC_BooleanTemplate NSS_Get_SEC_BooleanTemplate_Util
+#define NSS_Get_SEC_GeneralizedTimeTemplate NSS_Get_SEC_GeneralizedTimeTemplate_Util
+#define NSS_Get_SEC_IA5StringTemplate NSS_Get_SEC_IA5StringTemplate_Util
+#define NSS_Get_SEC_IntegerTemplate NSS_Get_SEC_IntegerTemplate_Util
+#define NSS_Get_SEC_NullTemplate NSS_Get_SEC_NullTemplate_Util
+#define NSS_Get_SEC_ObjectIDTemplate NSS_Get_SEC_ObjectIDTemplate_Util
+#define NSS_Get_SEC_OctetStringTemplate NSS_Get_SEC_OctetStringTemplate_Util
+#define NSS_Get_SEC_PointerToAnyTemplate NSS_Get_SEC_PointerToAnyTemplate_Util
+#define NSS_Get_SEC_PointerToOctetStringTemplate NSS_Get_SEC_PointerToOctetStringTemplate_Util
+#define NSS_Get_SEC_SetOfAnyTemplate NSS_Get_SEC_SetOfAnyTemplate_Util
+#define NSS_Get_SEC_UTCTimeTemplate NSS_Get_SEC_UTCTimeTemplate_Util
+#define NSS_Get_SEC_UTF8StringTemplate NSS_Get_SEC_UTF8StringTemplate_Util
+#define NSS_Get_SECOID_AlgorithmIDTemplate NSS_Get_SECOID_AlgorithmIDTemplate_Util
+#define NSS_Get_sgn_DigestInfoTemplate NSS_Get_sgn_DigestInfoTemplate_Util
+#define SEC_AnyTemplate SEC_AnyTemplate_Util
+#define SEC_BitStringTemplate SEC_BitStringTemplate_Util
+#define SEC_BMPStringTemplate SEC_BMPStringTemplate_Util
+#define SEC_BooleanTemplate SEC_BooleanTemplate_Util
+#define SEC_GeneralizedTimeTemplate SEC_GeneralizedTimeTemplate_Util
+#define SEC_IA5StringTemplate SEC_IA5StringTemplate_Util
+#define SEC_IntegerTemplate SEC_IntegerTemplate_Util
+#define SEC_NullTemplate SEC_NullTemplate_Util
+#define SEC_ObjectIDTemplate SEC_ObjectIDTemplate_Util
+#define SEC_OctetStringTemplate SEC_OctetStringTemplate_Util
+#define SEC_PointerToAnyTemplate SEC_PointerToAnyTemplate_Util
+#define SEC_PointerToOctetStringTemplate SEC_PointerToOctetStringTemplate_Util
+#define SEC_SetOfAnyTemplate SEC_SetOfAnyTemplate_Util
+#define SEC_UTCTimeTemplate SEC_UTCTimeTemplate_Util
+#define SEC_UTF8StringTemplate SEC_UTF8StringTemplate_Util
+#define SECOID_AlgorithmIDTemplate SECOID_AlgorithmIDTemplate_Util
+#define sgn_DigestInfoTemplate sgn_DigestInfoTemplate_Util
+
+#endif /* USE_UTIL_DIRECTLY */
+
+#endif /* _LIBUTIL_H_ */
diff --git a/nss/lib/util/verref.h b/nss/lib/util/verref.h
new file mode 100644
index 0000000..efbcb03
--- /dev/null
+++ b/nss/lib/util/verref.h
@@ -0,0 +1,43 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This header is used inline in a function to ensure that a version string
+ * symbol is linked in and not optimized out. A volatile reference is added to
+ * the variable identified by NSS_VERSION_VARIABLE.
+ *
+ * Use this as follows:
+ *
+ * #define NSS_VERSION_VARIABLE __nss_ssl_version
+ * #include "verref.h"
+ */
+
+/* Suppress unused variable warnings. */
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable : 4101)
+#endif
+/* This works for both gcc and clang */
+#if defined(__GNUC__) && !defined(NSS_NO_GCC48)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-variable"
+#endif
+
+#ifndef NSS_VERSION_VARIABLE
+#error NSS_VERSION_VARIABLE must be set before including "verref.h"
+#endif
+{
+    extern const char NSS_VERSION_VARIABLE[];
+#if defined(__GNUC__)
+    __attribute__((unused))
+#endif
+    volatile const char _nss_version_c = NSS_VERSION_VARIABLE[0];
+}
+#undef NSS_VERSION_VARIABLE
+
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+#if defined(__GNUC__) && !defined(NSS_NO_GCC48)
+#pragma GCC diagnostic pop
+#endif
diff --git a/nss/lib/zlib/Makefile b/nss/lib/zlib/Makefile
new file mode 100644
index 0000000..183294f
--- /dev/null
+++ b/nss/lib/zlib/Makefile
@@ -0,0 +1,55 @@
+#! gmake
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include config.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+export:: private_export
+
+test: $(PROGRAMS)
+	@cd $(OBJDIR); \
+	if echo hello world | ./minigzip | ./minigzip -d && ./example; then \
+	  echo '		*** zlib test OK ***'; \
+	else \
+	  echo '		*** zlib test FAILED ***'; false; \
+	fi
+	-@rm -f foo.gz
diff --git a/nss/lib/zlib/README b/nss/lib/zlib/README
new file mode 100644
index 0000000..d4219bf
--- /dev/null
+++ b/nss/lib/zlib/README
@@ -0,0 +1,115 @@
+ZLIB DATA COMPRESSION LIBRARY
+
+zlib 1.2.5 is a general purpose data compression library.  All the code is
+thread safe.  The data format used by the zlib library is described by RFCs
+(Request for Comments) 1950 to 1952 in the files
+http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format)
+and rfc1952.txt (gzip format).
+
+All functions of the compression library are documented in the file zlib.h
+(volunteer to write man pages welcome, contact zlib@gzip.org).  A usage example
+of the library is given in the file example.c which also tests that the library
+is working correctly.  Another example is given in the file minigzip.c.  The
+compression library itself is composed of all source files except example.c and
+minigzip.c.
+
+To compile all files and run the test program, follow the instructions given at
+the top of Makefile.in.  In short "./configure; make test", and if that goes
+well, "make install" should work for most flavors of Unix.  For Windows, use one
+of the special makefiles in win32/ or contrib/vstudio/ .  For VMS, use
+make_vms.com.
+
+Questions about zlib should be sent to <zlib@gzip.org>, or to Gilles Vollant
+<info@winimage.com> for the Windows DLL version.  The zlib home page is
+http://zlib.net/ .  Before reporting a problem, please check this site to
+verify that you have the latest version of zlib; otherwise get the latest
+version and check whether the problem still exists or not.
+
+PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help.
+
+Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan.  1997
+issue of Dr.  Dobb's Journal; a copy of the article is available at
+http://marknelson.us/1997/01/01/zlib-engine/ .
+
+The changes made in version 1.2.5 are documented in the file ChangeLog.
+
+Unsupported third party contributions are provided in directory contrib/ .
+
+zlib is available in Java using the java.util.zip package, documented at
+http://java.sun.com/developer/technicalArticles/Programming/compression/ .
+
+A Perl interface to zlib written by Paul Marquess <pmqs@cpan.org> is available
+at CPAN (Comprehensive Perl Archive Network) sites, including
+http://search.cpan.org/~pmqs/IO-Compress-Zlib/ .
+
+A Python interface to zlib written by A.M. Kuchling <amk@amk.ca> is
+available in Python 1.5 and later versions, see
+http://www.python.org/doc/lib/module-zlib.html .
+
+zlib is built into tcl: http://wiki.tcl.tk/4610 .
+
+An experimental package to read and write files in .zip format, written on top
+of zlib by Gilles Vollant <info@winimage.com>, is available in the
+contrib/minizip directory of zlib.
+
+
+Notes for some targets:
+
+- For Windows DLL versions, please see win32/DLL_FAQ.txt
+
+- For 64-bit Irix, deflate.c must be compiled without any optimization. With
+  -O, one libpng test fails. The test works in 32 bit mode (with the -n32
+  compiler flag). The compiler bug has been reported to SGI.
+
+- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works
+  when compiled with cc.
+
+- On Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 is
+  necessary to get gzprintf working correctly. This is done by configure.
+
+- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with
+  other compilers. Use "make test" to check your compiler.
+
+- gzdopen is not supported on RISCOS or BEOS.
+
+- For PalmOs, see http://palmzlib.sourceforge.net/
+
+
+Acknowledgments:
+
+  The deflate format used by zlib was defined by Phil Katz.  The deflate and
+  zlib specifications were written by L.  Peter Deutsch.  Thanks to all the
+  people who reported problems and suggested various improvements in zlib; they
+  are too numerous to cite here.
+
+Copyright notice:
+
+ (C) 1995-2010 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+If you use the zlib library in a product, we would appreciate *not* receiving
+lengthy legal documents to sign.  The sources are provided for free but without
+warranty of any kind.  The library has been entirely written by Jean-loup
+Gailly and Mark Adler; it does not include third-party code.
+
+If you redistribute modified sources, we would appreciate that you include in
+the file ChangeLog history information documenting your changes.  Please read
+the FAQ for more information on the distribution of modified source versions.
diff --git a/nss/lib/zlib/README.nss b/nss/lib/zlib/README.nss
new file mode 100644
index 0000000..58ad213
--- /dev/null
+++ b/nss/lib/zlib/README.nss
@@ -0,0 +1,18 @@
+zlib data compression library
+
+URL: http://zlib.net/
+Version: 1.2.5
+License: zlib License
+License File: http://zlib.net/zlib_license.html
+
+Description:
+
+NSS uses zlib in libSSL (for the DEFLATE compression method), modutil, and
+signtool.
+
+Local Modifications:
+
+- patches/prune-zlib.sh: run this shell script to remove unneeded files
+  from the zlib distribution.
+- patches/msvc-vsnprintf.patch: define HAVE_VSNPRINTF for Visual C++ 2008
+  (9.0) and later.
diff --git a/nss/lib/zlib/adler32.c b/nss/lib/zlib/adler32.c
new file mode 100644
index 0000000..65ad6a5
--- /dev/null
+++ b/nss/lib/zlib/adler32.c
@@ -0,0 +1,169 @@
+/* adler32.c -- compute the Adler-32 checksum of a data stream
+ * Copyright (C) 1995-2007 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zutil.h"
+
+#define local static
+
+local uLong adler32_combine_(uLong adler1, uLong adler2, z_off64_t len2);
+
+#define BASE 65521UL    /* largest prime smaller than 65536 */
+#define NMAX 5552
+/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
+
+#define DO1(buf,i)  {adler += (buf)[i]; sum2 += adler;}
+#define DO2(buf,i)  DO1(buf,i); DO1(buf,i+1);
+#define DO4(buf,i)  DO2(buf,i); DO2(buf,i+2);
+#define DO8(buf,i)  DO4(buf,i); DO4(buf,i+4);
+#define DO16(buf)   DO8(buf,0); DO8(buf,8);
+
+/* use NO_DIVIDE if your processor does not do division in hardware */
+#ifdef NO_DIVIDE
+#  define MOD(a) \
+    do { \
+        if (a >= (BASE << 16)) a -= (BASE << 16); \
+        if (a >= (BASE << 15)) a -= (BASE << 15); \
+        if (a >= (BASE << 14)) a -= (BASE << 14); \
+        if (a >= (BASE << 13)) a -= (BASE << 13); \
+        if (a >= (BASE << 12)) a -= (BASE << 12); \
+        if (a >= (BASE << 11)) a -= (BASE << 11); \
+        if (a >= (BASE << 10)) a -= (BASE << 10); \
+        if (a >= (BASE << 9)) a -= (BASE << 9); \
+        if (a >= (BASE << 8)) a -= (BASE << 8); \
+        if (a >= (BASE << 7)) a -= (BASE << 7); \
+        if (a >= (BASE << 6)) a -= (BASE << 6); \
+        if (a >= (BASE << 5)) a -= (BASE << 5); \
+        if (a >= (BASE << 4)) a -= (BASE << 4); \
+        if (a >= (BASE << 3)) a -= (BASE << 3); \
+        if (a >= (BASE << 2)) a -= (BASE << 2); \
+        if (a >= (BASE << 1)) a -= (BASE << 1); \
+        if (a >= BASE) a -= BASE; \
+    } while (0)
+#  define MOD4(a) \
+    do { \
+        if (a >= (BASE << 4)) a -= (BASE << 4); \
+        if (a >= (BASE << 3)) a -= (BASE << 3); \
+        if (a >= (BASE << 2)) a -= (BASE << 2); \
+        if (a >= (BASE << 1)) a -= (BASE << 1); \
+        if (a >= BASE) a -= BASE; \
+    } while (0)
+#else
+#  define MOD(a) a %= BASE
+#  define MOD4(a) a %= BASE
+#endif
+
+/* ========================================================================= */
+uLong ZEXPORT adler32(adler, buf, len)
+    uLong adler;
+    const Bytef *buf;
+    uInt len;
+{
+    unsigned long sum2;
+    unsigned n;
+
+    /* split Adler-32 into component sums */
+    sum2 = (adler >> 16) & 0xffff;
+    adler &= 0xffff;
+
+    /* in case user likes doing a byte at a time, keep it fast */
+    if (len == 1) {
+        adler += buf[0];
+        if (adler >= BASE)
+            adler -= BASE;
+        sum2 += adler;
+        if (sum2 >= BASE)
+            sum2 -= BASE;
+        return adler | (sum2 << 16);
+    }
+
+    /* initial Adler-32 value (deferred check for len == 1 speed) */
+    if (buf == Z_NULL)
+        return 1L;
+
+    /* in case short lengths are provided, keep it somewhat fast */
+    if (len < 16) {
+        while (len--) {
+            adler += *buf++;
+            sum2 += adler;
+        }
+        if (adler >= BASE)
+            adler -= BASE;
+        MOD4(sum2);             /* only added so many BASE's */
+        return adler | (sum2 << 16);
+    }
+
+    /* do length NMAX blocks -- requires just one modulo operation */
+    while (len >= NMAX) {
+        len -= NMAX;
+        n = NMAX / 16;          /* NMAX is divisible by 16 */
+        do {
+            DO16(buf);          /* 16 sums unrolled */
+            buf += 16;
+        } while (--n);
+        MOD(adler);
+        MOD(sum2);
+    }
+
+    /* do remaining bytes (less than NMAX, still just one modulo) */
+    if (len) {                  /* avoid modulos if none remaining */
+        while (len >= 16) {
+            len -= 16;
+            DO16(buf);
+            buf += 16;
+        }
+        while (len--) {
+            adler += *buf++;
+            sum2 += adler;
+        }
+        MOD(adler);
+        MOD(sum2);
+    }
+
+    /* return recombined sums */
+    return adler | (sum2 << 16);
+}
+
+/* ========================================================================= */
+local uLong adler32_combine_(adler1, adler2, len2)
+    uLong adler1;
+    uLong adler2;
+    z_off64_t len2;
+{
+    unsigned long sum1;
+    unsigned long sum2;
+    unsigned rem;
+
+    /* the derivation of this formula is left as an exercise for the reader */
+    rem = (unsigned)(len2 % BASE);
+    sum1 = adler1 & 0xffff;
+    sum2 = rem * sum1;
+    MOD(sum2);
+    sum1 += (adler2 & 0xffff) + BASE - 1;
+    sum2 += ((adler1 >> 16) & 0xffff) + ((adler2 >> 16) & 0xffff) + BASE - rem;
+    if (sum1 >= BASE) sum1 -= BASE;
+    if (sum1 >= BASE) sum1 -= BASE;
+    if (sum2 >= (BASE << 1)) sum2 -= (BASE << 1);
+    if (sum2 >= BASE) sum2 -= BASE;
+    return sum1 | (sum2 << 16);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT adler32_combine(adler1, adler2, len2)
+    uLong adler1;
+    uLong adler2;
+    z_off_t len2;
+{
+    return adler32_combine_(adler1, adler2, len2);
+}
+
+uLong ZEXPORT adler32_combine64(adler1, adler2, len2)
+    uLong adler1;
+    uLong adler2;
+    z_off64_t len2;
+{
+    return adler32_combine_(adler1, adler2, len2);
+}
diff --git a/nss/lib/zlib/compress.c b/nss/lib/zlib/compress.c
new file mode 100644
index 0000000..ea4dfbe
--- /dev/null
+++ b/nss/lib/zlib/compress.c
@@ -0,0 +1,80 @@
+/* compress.c -- compress a memory buffer
+ * Copyright (C) 1995-2005 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#define ZLIB_INTERNAL
+#include "zlib.h"
+
+/* ===========================================================================
+     Compresses the source buffer into the destination buffer. The level
+   parameter has the same meaning as in deflateInit.  sourceLen is the byte
+   length of the source buffer. Upon entry, destLen is the total size of the
+   destination buffer, which must be at least 0.1% larger than sourceLen plus
+   12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
+
+     compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer,
+   Z_STREAM_ERROR if the level parameter is invalid.
+*/
+int ZEXPORT compress2 (dest, destLen, source, sourceLen, level)
+    Bytef *dest;
+    uLongf *destLen;
+    const Bytef *source;
+    uLong sourceLen;
+    int level;
+{
+    z_stream stream;
+    int err;
+
+    stream.next_in = (Bytef*)source;
+    stream.avail_in = (uInt)sourceLen;
+#ifdef MAXSEG_64K
+    /* Check for source > 64K on 16-bit machine: */
+    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
+#endif
+    stream.next_out = dest;
+    stream.avail_out = (uInt)*destLen;
+    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
+
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+    stream.opaque = (voidpf)0;
+
+    err = deflateInit(&stream, level);
+    if (err != Z_OK) return err;
+
+    err = deflate(&stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        deflateEnd(&stream);
+        return err == Z_OK ? Z_BUF_ERROR : err;
+    }
+    *destLen = stream.total_out;
+
+    err = deflateEnd(&stream);
+    return err;
+}
+
+/* ===========================================================================
+ */
+int ZEXPORT compress (dest, destLen, source, sourceLen)
+    Bytef *dest;
+    uLongf *destLen;
+    const Bytef *source;
+    uLong sourceLen;
+{
+    return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION);
+}
+
+/* ===========================================================================
+     If the default memLevel or windowBits for deflateInit() is changed, then
+   this function needs to be updated.
+ */
+uLong ZEXPORT compressBound (sourceLen)
+    uLong sourceLen;
+{
+    return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
+           (sourceLen >> 25) + 13;
+}
diff --git a/nss/lib/zlib/config.mk b/nss/lib/zlib/config.mk
new file mode 100644
index 0000000..696be5d
--- /dev/null
+++ b/nss/lib/zlib/config.mk
@@ -0,0 +1,20 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+#  Override TARGETS variable so that only static libraries
+#  are specifed as dependencies within rules.mk.
+#
+
+TARGETS        = $(LIBRARY) $(PROGRAMS)
+SHARED_LIBRARY =
+IMPORT_LIBRARY =
+PROGRAM        =
+
+EXTRA_LIBS     = $(LIBRARY)
+
+ifeq ($(OS_TARGET),Linux)
+DEFINES += -DHAVE_UNISTD_H
+endif
diff --git a/nss/lib/zlib/crc32.c b/nss/lib/zlib/crc32.c
new file mode 100644
index 0000000..91be372
--- /dev/null
+++ b/nss/lib/zlib/crc32.c
@@ -0,0 +1,442 @@
+/* crc32.c -- compute the CRC-32 of a data stream
+ * Copyright (C) 1995-2006, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ *
+ * Thanks to Rodney Brown <rbrown64@csc.com.au> for his contribution of faster
+ * CRC methods: exclusive-oring 32 bits of data at a time, and pre-computing
+ * tables for updating the shift register in one step with three exclusive-ors
+ * instead of four steps with four exclusive-ors.  This results in about a
+ * factor of two increase in speed on a Power PC G4 (PPC7455) using gcc -O3.
+ */
+
+/* @(#) $Id$ */
+
+/*
+  Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore
+  protection on the static variables used to control the first-use generation
+  of the crc tables.  Therefore, if you #define DYNAMIC_CRC_TABLE, you should
+  first call get_crc_table() to initialize the tables before allowing more than
+  one thread to use crc32().
+ */
+
+#ifdef MAKECRCH
+#  include <stdio.h>
+#  ifndef DYNAMIC_CRC_TABLE
+#    define DYNAMIC_CRC_TABLE
+#  endif /* !DYNAMIC_CRC_TABLE */
+#endif /* MAKECRCH */
+
+#include "zutil.h"      /* for STDC and FAR definitions */
+
+#define local static
+
+/* Find a four-byte integer type for crc32_little() and crc32_big(). */
+#ifndef NOBYFOUR
+#  ifdef STDC           /* need ANSI C limits.h to determine sizes */
+#    include <limits.h>
+#    define BYFOUR
+#    if (UINT_MAX == 0xffffffffUL)
+       typedef unsigned int u4;
+#    else
+#      if (ULONG_MAX == 0xffffffffUL)
+         typedef unsigned long u4;
+#      else
+#        if (USHRT_MAX == 0xffffffffUL)
+           typedef unsigned short u4;
+#        else
+#          undef BYFOUR     /* can't find a four-byte integer type! */
+#        endif
+#      endif
+#    endif
+#  endif /* STDC */
+#endif /* !NOBYFOUR */
+
+/* Definitions for doing the crc four data bytes at a time. */
+#ifdef BYFOUR
+#  define REV(w) ((((w)>>24)&0xff)+(((w)>>8)&0xff00)+ \
+                (((w)&0xff00)<<8)+(((w)&0xff)<<24))
+   local unsigned long crc32_little OF((unsigned long,
+                        const unsigned char FAR *, unsigned));
+   local unsigned long crc32_big OF((unsigned long,
+                        const unsigned char FAR *, unsigned));
+#  define TBLS 8
+#else
+#  define TBLS 1
+#endif /* BYFOUR */
+
+/* Local functions for crc concatenation */
+local unsigned long gf2_matrix_times OF((unsigned long *mat,
+                                         unsigned long vec));
+local void gf2_matrix_square OF((unsigned long *square, unsigned long *mat));
+local uLong crc32_combine_(uLong crc1, uLong crc2, z_off64_t len2);
+
+
+#ifdef DYNAMIC_CRC_TABLE
+
+local volatile int crc_table_empty = 1;
+local unsigned long FAR crc_table[TBLS][256];
+local void make_crc_table OF((void));
+#ifdef MAKECRCH
+   local void write_table OF((FILE *, const unsigned long FAR *));
+#endif /* MAKECRCH */
+/*
+  Generate tables for a byte-wise 32-bit CRC calculation on the polynomial:
+  x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1.
+
+  Polynomials over GF(2) are represented in binary, one bit per coefficient,
+  with the lowest powers in the most significant bit.  Then adding polynomials
+  is just exclusive-or, and multiplying a polynomial by x is a right shift by
+  one.  If we call the above polynomial p, and represent a byte as the
+  polynomial q, also with the lowest power in the most significant bit (so the
+  byte 0xb1 is the polynomial x^7+x^3+x+1), then the CRC is (q*x^32) mod p,
+  where a mod b means the remainder after dividing a by b.
+
+  This calculation is done using the shift-register method of multiplying and
+  taking the remainder.  The register is initialized to zero, and for each
+  incoming bit, x^32 is added mod p to the register if the bit is a one (where
+  x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by
+  x (which is shifting right by one and adding x^32 mod p if the bit shifted
+  out is a one).  We start with the highest power (least significant bit) of
+  q and repeat for all eight bits of q.
+
+  The first table is simply the CRC of all possible eight bit values.  This is
+  all the information needed to generate CRCs on data a byte at a time for all
+  combinations of CRC register values and incoming bytes.  The remaining tables
+  allow for word-at-a-time CRC calculation for both big-endian and little-
+  endian machines, where a word is four bytes.
+*/
+local void make_crc_table()
+{
+    unsigned long c;
+    int n, k;
+    unsigned long poly;                 /* polynomial exclusive-or pattern */
+    /* terms of polynomial defining this crc (except x^32): */
+    static volatile int first = 1;      /* flag to limit concurrent making */
+    static const unsigned char p[] = {0,1,2,4,5,7,8,10,11,12,16,22,23,26};
+
+    /* See if another task is already doing this (not thread-safe, but better
+       than nothing -- significantly reduces duration of vulnerability in
+       case the advice about DYNAMIC_CRC_TABLE is ignored) */
+    if (first) {
+        first = 0;
+
+        /* make exclusive-or pattern from polynomial (0xedb88320UL) */
+        poly = 0UL;
+        for (n = 0; n < sizeof(p)/sizeof(unsigned char); n++)
+            poly |= 1UL << (31 - p[n]);
+
+        /* generate a crc for every 8-bit value */
+        for (n = 0; n < 256; n++) {
+            c = (unsigned long)n;
+            for (k = 0; k < 8; k++)
+                c = c & 1 ? poly ^ (c >> 1) : c >> 1;
+            crc_table[0][n] = c;
+        }
+
+#ifdef BYFOUR
+        /* generate crc for each value followed by one, two, and three zeros,
+           and then the byte reversal of those as well as the first table */
+        for (n = 0; n < 256; n++) {
+            c = crc_table[0][n];
+            crc_table[4][n] = REV(c);
+            for (k = 1; k < 4; k++) {
+                c = crc_table[0][c & 0xff] ^ (c >> 8);
+                crc_table[k][n] = c;
+                crc_table[k + 4][n] = REV(c);
+            }
+        }
+#endif /* BYFOUR */
+
+        crc_table_empty = 0;
+    }
+    else {      /* not first */
+        /* wait for the other guy to finish (not efficient, but rare) */
+        while (crc_table_empty)
+            ;
+    }
+
+#ifdef MAKECRCH
+    /* write out CRC tables to crc32.h */
+    {
+        FILE *out;
+
+        out = fopen("crc32.h", "w");
+        if (out == NULL) return;
+        fprintf(out, "/* crc32.h -- tables for rapid CRC calculation\n");
+        fprintf(out, " * Generated automatically by crc32.c\n */\n\n");
+        fprintf(out, "local const unsigned long FAR ");
+        fprintf(out, "crc_table[TBLS][256] =\n{\n  {\n");
+        write_table(out, crc_table[0]);
+#  ifdef BYFOUR
+        fprintf(out, "#ifdef BYFOUR\n");
+        for (k = 1; k < 8; k++) {
+            fprintf(out, "  },\n  {\n");
+            write_table(out, crc_table[k]);
+        }
+        fprintf(out, "#endif\n");
+#  endif /* BYFOUR */
+        fprintf(out, "  }\n};\n");
+        fclose(out);
+    }
+#endif /* MAKECRCH */
+}
+
+#ifdef MAKECRCH
+local void write_table(out, table)
+    FILE *out;
+    const unsigned long FAR *table;
+{
+    int n;
+
+    for (n = 0; n < 256; n++)
+        fprintf(out, "%s0x%08lxUL%s", n % 5 ? "" : "    ", table[n],
+                n == 255 ? "\n" : (n % 5 == 4 ? ",\n" : ", "));
+}
+#endif /* MAKECRCH */
+
+#else /* !DYNAMIC_CRC_TABLE */
+/* ========================================================================
+ * Tables of CRC-32s of all single-byte values, made by make_crc_table().
+ */
+#include "crc32.h"
+#endif /* DYNAMIC_CRC_TABLE */
+
+/* =========================================================================
+ * This function can be used by asm versions of crc32()
+ */
+const unsigned long FAR * ZEXPORT get_crc_table()
+{
+#ifdef DYNAMIC_CRC_TABLE
+    if (crc_table_empty)
+        make_crc_table();
+#endif /* DYNAMIC_CRC_TABLE */
+    return (const unsigned long FAR *)crc_table;
+}
+
+/* ========================================================================= */
+#define DO1 crc = crc_table[0][((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8)
+#define DO8 DO1; DO1; DO1; DO1; DO1; DO1; DO1; DO1
+
+/* ========================================================================= */
+unsigned long ZEXPORT crc32(crc, buf, len)
+    unsigned long crc;
+    const unsigned char FAR *buf;
+    uInt len;
+{
+    if (buf == Z_NULL) return 0UL;
+
+#ifdef DYNAMIC_CRC_TABLE
+    if (crc_table_empty)
+        make_crc_table();
+#endif /* DYNAMIC_CRC_TABLE */
+
+#ifdef BYFOUR
+    if (sizeof(void *) == sizeof(ptrdiff_t)) {
+        u4 endian;
+
+        endian = 1;
+        if (*((unsigned char *)(&endian)))
+            return crc32_little(crc, buf, len);
+        else
+            return crc32_big(crc, buf, len);
+    }
+#endif /* BYFOUR */
+    crc = crc ^ 0xffffffffUL;
+    while (len >= 8) {
+        DO8;
+        len -= 8;
+    }
+    if (len) do {
+        DO1;
+    } while (--len);
+    return crc ^ 0xffffffffUL;
+}
+
+#ifdef BYFOUR
+
+/* ========================================================================= */
+#define DOLIT4 c ^= *buf4++; \
+        c = crc_table[3][c & 0xff] ^ crc_table[2][(c >> 8) & 0xff] ^ \
+            crc_table[1][(c >> 16) & 0xff] ^ crc_table[0][c >> 24]
+#define DOLIT32 DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4; DOLIT4
+
+/* ========================================================================= */
+local unsigned long crc32_little(crc, buf, len)
+    unsigned long crc;
+    const unsigned char FAR *buf;
+    unsigned len;
+{
+    register u4 c;
+    register const u4 FAR *buf4;
+
+    c = (u4)crc;
+    c = ~c;
+    while (len && ((ptrdiff_t)buf & 3)) {
+        c = crc_table[0][(c ^ *buf++) & 0xff] ^ (c >> 8);
+        len--;
+    }
+
+    buf4 = (const u4 FAR *)(const void FAR *)buf;
+    while (len >= 32) {
+        DOLIT32;
+        len -= 32;
+    }
+    while (len >= 4) {
+        DOLIT4;
+        len -= 4;
+    }
+    buf = (const unsigned char FAR *)buf4;
+
+    if (len) do {
+        c = crc_table[0][(c ^ *buf++) & 0xff] ^ (c >> 8);
+    } while (--len);
+    c = ~c;
+    return (unsigned long)c;
+}
+
+/* ========================================================================= */
+#define DOBIG4 c ^= *++buf4; \
+        c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \
+            crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24]
+#define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4
+
+/* ========================================================================= */
+local unsigned long crc32_big(crc, buf, len)
+    unsigned long crc;
+    const unsigned char FAR *buf;
+    unsigned len;
+{
+    register u4 c;
+    register const u4 FAR *buf4;
+
+    c = REV((u4)crc);
+    c = ~c;
+    while (len && ((ptrdiff_t)buf & 3)) {
+        c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8);
+        len--;
+    }
+
+    buf4 = (const u4 FAR *)(const void FAR *)buf;
+    buf4--;
+    while (len >= 32) {
+        DOBIG32;
+        len -= 32;
+    }
+    while (len >= 4) {
+        DOBIG4;
+        len -= 4;
+    }
+    buf4++;
+    buf = (const unsigned char FAR *)buf4;
+
+    if (len) do {
+        c = crc_table[4][(c >> 24) ^ *buf++] ^ (c << 8);
+    } while (--len);
+    c = ~c;
+    return (unsigned long)(REV(c));
+}
+
+#endif /* BYFOUR */
+
+#define GF2_DIM 32      /* dimension of GF(2) vectors (length of CRC) */
+
+/* ========================================================================= */
+local unsigned long gf2_matrix_times(mat, vec)
+    unsigned long *mat;
+    unsigned long vec;
+{
+    unsigned long sum;
+
+    sum = 0;
+    while (vec) {
+        if (vec & 1)
+            sum ^= *mat;
+        vec >>= 1;
+        mat++;
+    }
+    return sum;
+}
+
+/* ========================================================================= */
+local void gf2_matrix_square(square, mat)
+    unsigned long *square;
+    unsigned long *mat;
+{
+    int n;
+
+    for (n = 0; n < GF2_DIM; n++)
+        square[n] = gf2_matrix_times(mat, mat[n]);
+}
+
+/* ========================================================================= */
+local uLong crc32_combine_(crc1, crc2, len2)
+    uLong crc1;
+    uLong crc2;
+    z_off64_t len2;
+{
+    int n;
+    unsigned long row;
+    unsigned long even[GF2_DIM];    /* even-power-of-two zeros operator */
+    unsigned long odd[GF2_DIM];     /* odd-power-of-two zeros operator */
+
+    /* degenerate case (also disallow negative lengths) */
+    if (len2 <= 0)
+        return crc1;
+
+    /* put operator for one zero bit in odd */
+    odd[0] = 0xedb88320UL;          /* CRC-32 polynomial */
+    row = 1;
+    for (n = 1; n < GF2_DIM; n++) {
+        odd[n] = row;
+        row <<= 1;
+    }
+
+    /* put operator for two zero bits in even */
+    gf2_matrix_square(even, odd);
+
+    /* put operator for four zero bits in odd */
+    gf2_matrix_square(odd, even);
+
+    /* apply len2 zeros to crc1 (first square will put the operator for one
+       zero byte, eight zero bits, in even) */
+    do {
+        /* apply zeros operator for this bit of len2 */
+        gf2_matrix_square(even, odd);
+        if (len2 & 1)
+            crc1 = gf2_matrix_times(even, crc1);
+        len2 >>= 1;
+
+        /* if no more bits set, then done */
+        if (len2 == 0)
+            break;
+
+        /* another iteration of the loop with odd and even swapped */
+        gf2_matrix_square(odd, even);
+        if (len2 & 1)
+            crc1 = gf2_matrix_times(odd, crc1);
+        len2 >>= 1;
+
+        /* if no more bits set, then done */
+    } while (len2 != 0);
+
+    /* return combined crc */
+    crc1 ^= crc2;
+    return crc1;
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine(crc1, crc2, len2)
+    uLong crc1;
+    uLong crc2;
+    z_off_t len2;
+{
+    return crc32_combine_(crc1, crc2, len2);
+}
+
+uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
+    uLong crc1;
+    uLong crc2;
+    z_off64_t len2;
+{
+    return crc32_combine_(crc1, crc2, len2);
+}
diff --git a/nss/lib/zlib/crc32.h b/nss/lib/zlib/crc32.h
new file mode 100644
index 0000000..7156a5a
--- /dev/null
+++ b/nss/lib/zlib/crc32.h
@@ -0,0 +1,445 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* crc32.h -- tables for rapid CRC calculation
+ * Generated automatically by crc32.c
+ */
+
+local const unsigned long FAR crc_table[TBLS][256] =
+{
+  {
+    0x00000000UL, 0x77073096UL, 0xee0e612cUL, 0x990951baUL, 0x076dc419UL,
+    0x706af48fUL, 0xe963a535UL, 0x9e6495a3UL, 0x0edb8832UL, 0x79dcb8a4UL,
+    0xe0d5e91eUL, 0x97d2d988UL, 0x09b64c2bUL, 0x7eb17cbdUL, 0xe7b82d07UL,
+    0x90bf1d91UL, 0x1db71064UL, 0x6ab020f2UL, 0xf3b97148UL, 0x84be41deUL,
+    0x1adad47dUL, 0x6ddde4ebUL, 0xf4d4b551UL, 0x83d385c7UL, 0x136c9856UL,
+    0x646ba8c0UL, 0xfd62f97aUL, 0x8a65c9ecUL, 0x14015c4fUL, 0x63066cd9UL,
+    0xfa0f3d63UL, 0x8d080df5UL, 0x3b6e20c8UL, 0x4c69105eUL, 0xd56041e4UL,
+    0xa2677172UL, 0x3c03e4d1UL, 0x4b04d447UL, 0xd20d85fdUL, 0xa50ab56bUL,
+    0x35b5a8faUL, 0x42b2986cUL, 0xdbbbc9d6UL, 0xacbcf940UL, 0x32d86ce3UL,
+    0x45df5c75UL, 0xdcd60dcfUL, 0xabd13d59UL, 0x26d930acUL, 0x51de003aUL,
+    0xc8d75180UL, 0xbfd06116UL, 0x21b4f4b5UL, 0x56b3c423UL, 0xcfba9599UL,
+    0xb8bda50fUL, 0x2802b89eUL, 0x5f058808UL, 0xc60cd9b2UL, 0xb10be924UL,
+    0x2f6f7c87UL, 0x58684c11UL, 0xc1611dabUL, 0xb6662d3dUL, 0x76dc4190UL,
+    0x01db7106UL, 0x98d220bcUL, 0xefd5102aUL, 0x71b18589UL, 0x06b6b51fUL,
+    0x9fbfe4a5UL, 0xe8b8d433UL, 0x7807c9a2UL, 0x0f00f934UL, 0x9609a88eUL,
+    0xe10e9818UL, 0x7f6a0dbbUL, 0x086d3d2dUL, 0x91646c97UL, 0xe6635c01UL,
+    0x6b6b51f4UL, 0x1c6c6162UL, 0x856530d8UL, 0xf262004eUL, 0x6c0695edUL,
+    0x1b01a57bUL, 0x8208f4c1UL, 0xf50fc457UL, 0x65b0d9c6UL, 0x12b7e950UL,
+    0x8bbeb8eaUL, 0xfcb9887cUL, 0x62dd1ddfUL, 0x15da2d49UL, 0x8cd37cf3UL,
+    0xfbd44c65UL, 0x4db26158UL, 0x3ab551ceUL, 0xa3bc0074UL, 0xd4bb30e2UL,
+    0x4adfa541UL, 0x3dd895d7UL, 0xa4d1c46dUL, 0xd3d6f4fbUL, 0x4369e96aUL,
+    0x346ed9fcUL, 0xad678846UL, 0xda60b8d0UL, 0x44042d73UL, 0x33031de5UL,
+    0xaa0a4c5fUL, 0xdd0d7cc9UL, 0x5005713cUL, 0x270241aaUL, 0xbe0b1010UL,
+    0xc90c2086UL, 0x5768b525UL, 0x206f85b3UL, 0xb966d409UL, 0xce61e49fUL,
+    0x5edef90eUL, 0x29d9c998UL, 0xb0d09822UL, 0xc7d7a8b4UL, 0x59b33d17UL,
+    0x2eb40d81UL, 0xb7bd5c3bUL, 0xc0ba6cadUL, 0xedb88320UL, 0x9abfb3b6UL,
+    0x03b6e20cUL, 0x74b1d29aUL, 0xead54739UL, 0x9dd277afUL, 0x04db2615UL,
+    0x73dc1683UL, 0xe3630b12UL, 0x94643b84UL, 0x0d6d6a3eUL, 0x7a6a5aa8UL,
+    0xe40ecf0bUL, 0x9309ff9dUL, 0x0a00ae27UL, 0x7d079eb1UL, 0xf00f9344UL,
+    0x8708a3d2UL, 0x1e01f268UL, 0x6906c2feUL, 0xf762575dUL, 0x806567cbUL,
+    0x196c3671UL, 0x6e6b06e7UL, 0xfed41b76UL, 0x89d32be0UL, 0x10da7a5aUL,
+    0x67dd4accUL, 0xf9b9df6fUL, 0x8ebeeff9UL, 0x17b7be43UL, 0x60b08ed5UL,
+    0xd6d6a3e8UL, 0xa1d1937eUL, 0x38d8c2c4UL, 0x4fdff252UL, 0xd1bb67f1UL,
+    0xa6bc5767UL, 0x3fb506ddUL, 0x48b2364bUL, 0xd80d2bdaUL, 0xaf0a1b4cUL,
+    0x36034af6UL, 0x41047a60UL, 0xdf60efc3UL, 0xa867df55UL, 0x316e8eefUL,
+    0x4669be79UL, 0xcb61b38cUL, 0xbc66831aUL, 0x256fd2a0UL, 0x5268e236UL,
+    0xcc0c7795UL, 0xbb0b4703UL, 0x220216b9UL, 0x5505262fUL, 0xc5ba3bbeUL,
+    0xb2bd0b28UL, 0x2bb45a92UL, 0x5cb36a04UL, 0xc2d7ffa7UL, 0xb5d0cf31UL,
+    0x2cd99e8bUL, 0x5bdeae1dUL, 0x9b64c2b0UL, 0xec63f226UL, 0x756aa39cUL,
+    0x026d930aUL, 0x9c0906a9UL, 0xeb0e363fUL, 0x72076785UL, 0x05005713UL,
+    0x95bf4a82UL, 0xe2b87a14UL, 0x7bb12baeUL, 0x0cb61b38UL, 0x92d28e9bUL,
+    0xe5d5be0dUL, 0x7cdcefb7UL, 0x0bdbdf21UL, 0x86d3d2d4UL, 0xf1d4e242UL,
+    0x68ddb3f8UL, 0x1fda836eUL, 0x81be16cdUL, 0xf6b9265bUL, 0x6fb077e1UL,
+    0x18b74777UL, 0x88085ae6UL, 0xff0f6a70UL, 0x66063bcaUL, 0x11010b5cUL,
+    0x8f659effUL, 0xf862ae69UL, 0x616bffd3UL, 0x166ccf45UL, 0xa00ae278UL,
+    0xd70dd2eeUL, 0x4e048354UL, 0x3903b3c2UL, 0xa7672661UL, 0xd06016f7UL,
+    0x4969474dUL, 0x3e6e77dbUL, 0xaed16a4aUL, 0xd9d65adcUL, 0x40df0b66UL,
+    0x37d83bf0UL, 0xa9bcae53UL, 0xdebb9ec5UL, 0x47b2cf7fUL, 0x30b5ffe9UL,
+    0xbdbdf21cUL, 0xcabac28aUL, 0x53b39330UL, 0x24b4a3a6UL, 0xbad03605UL,
+    0xcdd70693UL, 0x54de5729UL, 0x23d967bfUL, 0xb3667a2eUL, 0xc4614ab8UL,
+    0x5d681b02UL, 0x2a6f2b94UL, 0xb40bbe37UL, 0xc30c8ea1UL, 0x5a05df1bUL,
+    0x2d02ef8dUL
+#ifdef BYFOUR
+  },
+  {
+    0x00000000UL, 0x191b3141UL, 0x32366282UL, 0x2b2d53c3UL, 0x646cc504UL,
+    0x7d77f445UL, 0x565aa786UL, 0x4f4196c7UL, 0xc8d98a08UL, 0xd1c2bb49UL,
+    0xfaefe88aUL, 0xe3f4d9cbUL, 0xacb54f0cUL, 0xb5ae7e4dUL, 0x9e832d8eUL,
+    0x87981ccfUL, 0x4ac21251UL, 0x53d92310UL, 0x78f470d3UL, 0x61ef4192UL,
+    0x2eaed755UL, 0x37b5e614UL, 0x1c98b5d7UL, 0x05838496UL, 0x821b9859UL,
+    0x9b00a918UL, 0xb02dfadbUL, 0xa936cb9aUL, 0xe6775d5dUL, 0xff6c6c1cUL,
+    0xd4413fdfUL, 0xcd5a0e9eUL, 0x958424a2UL, 0x8c9f15e3UL, 0xa7b24620UL,
+    0xbea97761UL, 0xf1e8e1a6UL, 0xe8f3d0e7UL, 0xc3de8324UL, 0xdac5b265UL,
+    0x5d5daeaaUL, 0x44469febUL, 0x6f6bcc28UL, 0x7670fd69UL, 0x39316baeUL,
+    0x202a5aefUL, 0x0b07092cUL, 0x121c386dUL, 0xdf4636f3UL, 0xc65d07b2UL,
+    0xed705471UL, 0xf46b6530UL, 0xbb2af3f7UL, 0xa231c2b6UL, 0x891c9175UL,
+    0x9007a034UL, 0x179fbcfbUL, 0x0e848dbaUL, 0x25a9de79UL, 0x3cb2ef38UL,
+    0x73f379ffUL, 0x6ae848beUL, 0x41c51b7dUL, 0x58de2a3cUL, 0xf0794f05UL,
+    0xe9627e44UL, 0xc24f2d87UL, 0xdb541cc6UL, 0x94158a01UL, 0x8d0ebb40UL,
+    0xa623e883UL, 0xbf38d9c2UL, 0x38a0c50dUL, 0x21bbf44cUL, 0x0a96a78fUL,
+    0x138d96ceUL, 0x5ccc0009UL, 0x45d73148UL, 0x6efa628bUL, 0x77e153caUL,
+    0xbabb5d54UL, 0xa3a06c15UL, 0x888d3fd6UL, 0x91960e97UL, 0xded79850UL,
+    0xc7cca911UL, 0xece1fad2UL, 0xf5facb93UL, 0x7262d75cUL, 0x6b79e61dUL,
+    0x4054b5deUL, 0x594f849fUL, 0x160e1258UL, 0x0f152319UL, 0x243870daUL,
+    0x3d23419bUL, 0x65fd6ba7UL, 0x7ce65ae6UL, 0x57cb0925UL, 0x4ed03864UL,
+    0x0191aea3UL, 0x188a9fe2UL, 0x33a7cc21UL, 0x2abcfd60UL, 0xad24e1afUL,
+    0xb43fd0eeUL, 0x9f12832dUL, 0x8609b26cUL, 0xc94824abUL, 0xd05315eaUL,
+    0xfb7e4629UL, 0xe2657768UL, 0x2f3f79f6UL, 0x362448b7UL, 0x1d091b74UL,
+    0x04122a35UL, 0x4b53bcf2UL, 0x52488db3UL, 0x7965de70UL, 0x607eef31UL,
+    0xe7e6f3feUL, 0xfefdc2bfUL, 0xd5d0917cUL, 0xcccba03dUL, 0x838a36faUL,
+    0x9a9107bbUL, 0xb1bc5478UL, 0xa8a76539UL, 0x3b83984bUL, 0x2298a90aUL,
+    0x09b5fac9UL, 0x10aecb88UL, 0x5fef5d4fUL, 0x46f46c0eUL, 0x6dd93fcdUL,
+    0x74c20e8cUL, 0xf35a1243UL, 0xea412302UL, 0xc16c70c1UL, 0xd8774180UL,
+    0x9736d747UL, 0x8e2de606UL, 0xa500b5c5UL, 0xbc1b8484UL, 0x71418a1aUL,
+    0x685abb5bUL, 0x4377e898UL, 0x5a6cd9d9UL, 0x152d4f1eUL, 0x0c367e5fUL,
+    0x271b2d9cUL, 0x3e001cddUL, 0xb9980012UL, 0xa0833153UL, 0x8bae6290UL,
+    0x92b553d1UL, 0xddf4c516UL, 0xc4eff457UL, 0xefc2a794UL, 0xf6d996d5UL,
+    0xae07bce9UL, 0xb71c8da8UL, 0x9c31de6bUL, 0x852aef2aUL, 0xca6b79edUL,
+    0xd37048acUL, 0xf85d1b6fUL, 0xe1462a2eUL, 0x66de36e1UL, 0x7fc507a0UL,
+    0x54e85463UL, 0x4df36522UL, 0x02b2f3e5UL, 0x1ba9c2a4UL, 0x30849167UL,
+    0x299fa026UL, 0xe4c5aeb8UL, 0xfdde9ff9UL, 0xd6f3cc3aUL, 0xcfe8fd7bUL,
+    0x80a96bbcUL, 0x99b25afdUL, 0xb29f093eUL, 0xab84387fUL, 0x2c1c24b0UL,
+    0x350715f1UL, 0x1e2a4632UL, 0x07317773UL, 0x4870e1b4UL, 0x516bd0f5UL,
+    0x7a468336UL, 0x635db277UL, 0xcbfad74eUL, 0xd2e1e60fUL, 0xf9ccb5ccUL,
+    0xe0d7848dUL, 0xaf96124aUL, 0xb68d230bUL, 0x9da070c8UL, 0x84bb4189UL,
+    0x03235d46UL, 0x1a386c07UL, 0x31153fc4UL, 0x280e0e85UL, 0x674f9842UL,
+    0x7e54a903UL, 0x5579fac0UL, 0x4c62cb81UL, 0x8138c51fUL, 0x9823f45eUL,
+    0xb30ea79dUL, 0xaa1596dcUL, 0xe554001bUL, 0xfc4f315aUL, 0xd7626299UL,
+    0xce7953d8UL, 0x49e14f17UL, 0x50fa7e56UL, 0x7bd72d95UL, 0x62cc1cd4UL,
+    0x2d8d8a13UL, 0x3496bb52UL, 0x1fbbe891UL, 0x06a0d9d0UL, 0x5e7ef3ecUL,
+    0x4765c2adUL, 0x6c48916eUL, 0x7553a02fUL, 0x3a1236e8UL, 0x230907a9UL,
+    0x0824546aUL, 0x113f652bUL, 0x96a779e4UL, 0x8fbc48a5UL, 0xa4911b66UL,
+    0xbd8a2a27UL, 0xf2cbbce0UL, 0xebd08da1UL, 0xc0fdde62UL, 0xd9e6ef23UL,
+    0x14bce1bdUL, 0x0da7d0fcUL, 0x268a833fUL, 0x3f91b27eUL, 0x70d024b9UL,
+    0x69cb15f8UL, 0x42e6463bUL, 0x5bfd777aUL, 0xdc656bb5UL, 0xc57e5af4UL,
+    0xee530937UL, 0xf7483876UL, 0xb809aeb1UL, 0xa1129ff0UL, 0x8a3fcc33UL,
+    0x9324fd72UL
+  },
+  {
+    0x00000000UL, 0x01c26a37UL, 0x0384d46eUL, 0x0246be59UL, 0x0709a8dcUL,
+    0x06cbc2ebUL, 0x048d7cb2UL, 0x054f1685UL, 0x0e1351b8UL, 0x0fd13b8fUL,
+    0x0d9785d6UL, 0x0c55efe1UL, 0x091af964UL, 0x08d89353UL, 0x0a9e2d0aUL,
+    0x0b5c473dUL, 0x1c26a370UL, 0x1de4c947UL, 0x1fa2771eUL, 0x1e601d29UL,
+    0x1b2f0bacUL, 0x1aed619bUL, 0x18abdfc2UL, 0x1969b5f5UL, 0x1235f2c8UL,
+    0x13f798ffUL, 0x11b126a6UL, 0x10734c91UL, 0x153c5a14UL, 0x14fe3023UL,
+    0x16b88e7aUL, 0x177ae44dUL, 0x384d46e0UL, 0x398f2cd7UL, 0x3bc9928eUL,
+    0x3a0bf8b9UL, 0x3f44ee3cUL, 0x3e86840bUL, 0x3cc03a52UL, 0x3d025065UL,
+    0x365e1758UL, 0x379c7d6fUL, 0x35dac336UL, 0x3418a901UL, 0x3157bf84UL,
+    0x3095d5b3UL, 0x32d36beaUL, 0x331101ddUL, 0x246be590UL, 0x25a98fa7UL,
+    0x27ef31feUL, 0x262d5bc9UL, 0x23624d4cUL, 0x22a0277bUL, 0x20e69922UL,
+    0x2124f315UL, 0x2a78b428UL, 0x2bbade1fUL, 0x29fc6046UL, 0x283e0a71UL,
+    0x2d711cf4UL, 0x2cb376c3UL, 0x2ef5c89aUL, 0x2f37a2adUL, 0x709a8dc0UL,
+    0x7158e7f7UL, 0x731e59aeUL, 0x72dc3399UL, 0x7793251cUL, 0x76514f2bUL,
+    0x7417f172UL, 0x75d59b45UL, 0x7e89dc78UL, 0x7f4bb64fUL, 0x7d0d0816UL,
+    0x7ccf6221UL, 0x798074a4UL, 0x78421e93UL, 0x7a04a0caUL, 0x7bc6cafdUL,
+    0x6cbc2eb0UL, 0x6d7e4487UL, 0x6f38fadeUL, 0x6efa90e9UL, 0x6bb5866cUL,
+    0x6a77ec5bUL, 0x68315202UL, 0x69f33835UL, 0x62af7f08UL, 0x636d153fUL,
+    0x612bab66UL, 0x60e9c151UL, 0x65a6d7d4UL, 0x6464bde3UL, 0x662203baUL,
+    0x67e0698dUL, 0x48d7cb20UL, 0x4915a117UL, 0x4b531f4eUL, 0x4a917579UL,
+    0x4fde63fcUL, 0x4e1c09cbUL, 0x4c5ab792UL, 0x4d98dda5UL, 0x46c49a98UL,
+    0x4706f0afUL, 0x45404ef6UL, 0x448224c1UL, 0x41cd3244UL, 0x400f5873UL,
+    0x4249e62aUL, 0x438b8c1dUL, 0x54f16850UL, 0x55330267UL, 0x5775bc3eUL,
+    0x56b7d609UL, 0x53f8c08cUL, 0x523aaabbUL, 0x507c14e2UL, 0x51be7ed5UL,
+    0x5ae239e8UL, 0x5b2053dfUL, 0x5966ed86UL, 0x58a487b1UL, 0x5deb9134UL,
+    0x5c29fb03UL, 0x5e6f455aUL, 0x5fad2f6dUL, 0xe1351b80UL, 0xe0f771b7UL,
+    0xe2b1cfeeUL, 0xe373a5d9UL, 0xe63cb35cUL, 0xe7fed96bUL, 0xe5b86732UL,
+    0xe47a0d05UL, 0xef264a38UL, 0xeee4200fUL, 0xeca29e56UL, 0xed60f461UL,
+    0xe82fe2e4UL, 0xe9ed88d3UL, 0xebab368aUL, 0xea695cbdUL, 0xfd13b8f0UL,
+    0xfcd1d2c7UL, 0xfe976c9eUL, 0xff5506a9UL, 0xfa1a102cUL, 0xfbd87a1bUL,
+    0xf99ec442UL, 0xf85cae75UL, 0xf300e948UL, 0xf2c2837fUL, 0xf0843d26UL,
+    0xf1465711UL, 0xf4094194UL, 0xf5cb2ba3UL, 0xf78d95faUL, 0xf64fffcdUL,
+    0xd9785d60UL, 0xd8ba3757UL, 0xdafc890eUL, 0xdb3ee339UL, 0xde71f5bcUL,
+    0xdfb39f8bUL, 0xddf521d2UL, 0xdc374be5UL, 0xd76b0cd8UL, 0xd6a966efUL,
+    0xd4efd8b6UL, 0xd52db281UL, 0xd062a404UL, 0xd1a0ce33UL, 0xd3e6706aUL,
+    0xd2241a5dUL, 0xc55efe10UL, 0xc49c9427UL, 0xc6da2a7eUL, 0xc7184049UL,
+    0xc25756ccUL, 0xc3953cfbUL, 0xc1d382a2UL, 0xc011e895UL, 0xcb4dafa8UL,
+    0xca8fc59fUL, 0xc8c97bc6UL, 0xc90b11f1UL, 0xcc440774UL, 0xcd866d43UL,
+    0xcfc0d31aUL, 0xce02b92dUL, 0x91af9640UL, 0x906dfc77UL, 0x922b422eUL,
+    0x93e92819UL, 0x96a63e9cUL, 0x976454abUL, 0x9522eaf2UL, 0x94e080c5UL,
+    0x9fbcc7f8UL, 0x9e7eadcfUL, 0x9c381396UL, 0x9dfa79a1UL, 0x98b56f24UL,
+    0x99770513UL, 0x9b31bb4aUL, 0x9af3d17dUL, 0x8d893530UL, 0x8c4b5f07UL,
+    0x8e0de15eUL, 0x8fcf8b69UL, 0x8a809decUL, 0x8b42f7dbUL, 0x89044982UL,
+    0x88c623b5UL, 0x839a6488UL, 0x82580ebfUL, 0x801eb0e6UL, 0x81dcdad1UL,
+    0x8493cc54UL, 0x8551a663UL, 0x8717183aUL, 0x86d5720dUL, 0xa9e2d0a0UL,
+    0xa820ba97UL, 0xaa6604ceUL, 0xaba46ef9UL, 0xaeeb787cUL, 0xaf29124bUL,
+    0xad6fac12UL, 0xacadc625UL, 0xa7f18118UL, 0xa633eb2fUL, 0xa4755576UL,
+    0xa5b73f41UL, 0xa0f829c4UL, 0xa13a43f3UL, 0xa37cfdaaUL, 0xa2be979dUL,
+    0xb5c473d0UL, 0xb40619e7UL, 0xb640a7beUL, 0xb782cd89UL, 0xb2cddb0cUL,
+    0xb30fb13bUL, 0xb1490f62UL, 0xb08b6555UL, 0xbbd72268UL, 0xba15485fUL,
+    0xb853f606UL, 0xb9919c31UL, 0xbcde8ab4UL, 0xbd1ce083UL, 0xbf5a5edaUL,
+    0xbe9834edUL
+  },
+  {
+    0x00000000UL, 0xb8bc6765UL, 0xaa09c88bUL, 0x12b5afeeUL, 0x8f629757UL,
+    0x37def032UL, 0x256b5fdcUL, 0x9dd738b9UL, 0xc5b428efUL, 0x7d084f8aUL,
+    0x6fbde064UL, 0xd7018701UL, 0x4ad6bfb8UL, 0xf26ad8ddUL, 0xe0df7733UL,
+    0x58631056UL, 0x5019579fUL, 0xe8a530faUL, 0xfa109f14UL, 0x42acf871UL,
+    0xdf7bc0c8UL, 0x67c7a7adUL, 0x75720843UL, 0xcdce6f26UL, 0x95ad7f70UL,
+    0x2d111815UL, 0x3fa4b7fbUL, 0x8718d09eUL, 0x1acfe827UL, 0xa2738f42UL,
+    0xb0c620acUL, 0x087a47c9UL, 0xa032af3eUL, 0x188ec85bUL, 0x0a3b67b5UL,
+    0xb28700d0UL, 0x2f503869UL, 0x97ec5f0cUL, 0x8559f0e2UL, 0x3de59787UL,
+    0x658687d1UL, 0xdd3ae0b4UL, 0xcf8f4f5aUL, 0x7733283fUL, 0xeae41086UL,
+    0x525877e3UL, 0x40edd80dUL, 0xf851bf68UL, 0xf02bf8a1UL, 0x48979fc4UL,
+    0x5a22302aUL, 0xe29e574fUL, 0x7f496ff6UL, 0xc7f50893UL, 0xd540a77dUL,
+    0x6dfcc018UL, 0x359fd04eUL, 0x8d23b72bUL, 0x9f9618c5UL, 0x272a7fa0UL,
+    0xbafd4719UL, 0x0241207cUL, 0x10f48f92UL, 0xa848e8f7UL, 0x9b14583dUL,
+    0x23a83f58UL, 0x311d90b6UL, 0x89a1f7d3UL, 0x1476cf6aUL, 0xaccaa80fUL,
+    0xbe7f07e1UL, 0x06c36084UL, 0x5ea070d2UL, 0xe61c17b7UL, 0xf4a9b859UL,
+    0x4c15df3cUL, 0xd1c2e785UL, 0x697e80e0UL, 0x7bcb2f0eUL, 0xc377486bUL,
+    0xcb0d0fa2UL, 0x73b168c7UL, 0x6104c729UL, 0xd9b8a04cUL, 0x446f98f5UL,
+    0xfcd3ff90UL, 0xee66507eUL, 0x56da371bUL, 0x0eb9274dUL, 0xb6054028UL,
+    0xa4b0efc6UL, 0x1c0c88a3UL, 0x81dbb01aUL, 0x3967d77fUL, 0x2bd27891UL,
+    0x936e1ff4UL, 0x3b26f703UL, 0x839a9066UL, 0x912f3f88UL, 0x299358edUL,
+    0xb4446054UL, 0x0cf80731UL, 0x1e4da8dfUL, 0xa6f1cfbaUL, 0xfe92dfecUL,
+    0x462eb889UL, 0x549b1767UL, 0xec277002UL, 0x71f048bbUL, 0xc94c2fdeUL,
+    0xdbf98030UL, 0x6345e755UL, 0x6b3fa09cUL, 0xd383c7f9UL, 0xc1366817UL,
+    0x798a0f72UL, 0xe45d37cbUL, 0x5ce150aeUL, 0x4e54ff40UL, 0xf6e89825UL,
+    0xae8b8873UL, 0x1637ef16UL, 0x048240f8UL, 0xbc3e279dUL, 0x21e91f24UL,
+    0x99557841UL, 0x8be0d7afUL, 0x335cb0caUL, 0xed59b63bUL, 0x55e5d15eUL,
+    0x47507eb0UL, 0xffec19d5UL, 0x623b216cUL, 0xda874609UL, 0xc832e9e7UL,
+    0x708e8e82UL, 0x28ed9ed4UL, 0x9051f9b1UL, 0x82e4565fUL, 0x3a58313aUL,
+    0xa78f0983UL, 0x1f336ee6UL, 0x0d86c108UL, 0xb53aa66dUL, 0xbd40e1a4UL,
+    0x05fc86c1UL, 0x1749292fUL, 0xaff54e4aUL, 0x322276f3UL, 0x8a9e1196UL,
+    0x982bbe78UL, 0x2097d91dUL, 0x78f4c94bUL, 0xc048ae2eUL, 0xd2fd01c0UL,
+    0x6a4166a5UL, 0xf7965e1cUL, 0x4f2a3979UL, 0x5d9f9697UL, 0xe523f1f2UL,
+    0x4d6b1905UL, 0xf5d77e60UL, 0xe762d18eUL, 0x5fdeb6ebUL, 0xc2098e52UL,
+    0x7ab5e937UL, 0x680046d9UL, 0xd0bc21bcUL, 0x88df31eaUL, 0x3063568fUL,
+    0x22d6f961UL, 0x9a6a9e04UL, 0x07bda6bdUL, 0xbf01c1d8UL, 0xadb46e36UL,
+    0x15080953UL, 0x1d724e9aUL, 0xa5ce29ffUL, 0xb77b8611UL, 0x0fc7e174UL,
+    0x9210d9cdUL, 0x2aacbea8UL, 0x38191146UL, 0x80a57623UL, 0xd8c66675UL,
+    0x607a0110UL, 0x72cfaefeUL, 0xca73c99bUL, 0x57a4f122UL, 0xef189647UL,
+    0xfdad39a9UL, 0x45115eccUL, 0x764dee06UL, 0xcef18963UL, 0xdc44268dUL,
+    0x64f841e8UL, 0xf92f7951UL, 0x41931e34UL, 0x5326b1daUL, 0xeb9ad6bfUL,
+    0xb3f9c6e9UL, 0x0b45a18cUL, 0x19f00e62UL, 0xa14c6907UL, 0x3c9b51beUL,
+    0x842736dbUL, 0x96929935UL, 0x2e2efe50UL, 0x2654b999UL, 0x9ee8defcUL,
+    0x8c5d7112UL, 0x34e11677UL, 0xa9362eceUL, 0x118a49abUL, 0x033fe645UL,
+    0xbb838120UL, 0xe3e09176UL, 0x5b5cf613UL, 0x49e959fdUL, 0xf1553e98UL,
+    0x6c820621UL, 0xd43e6144UL, 0xc68bceaaUL, 0x7e37a9cfUL, 0xd67f4138UL,
+    0x6ec3265dUL, 0x7c7689b3UL, 0xc4caeed6UL, 0x591dd66fUL, 0xe1a1b10aUL,
+    0xf3141ee4UL, 0x4ba87981UL, 0x13cb69d7UL, 0xab770eb2UL, 0xb9c2a15cUL,
+    0x017ec639UL, 0x9ca9fe80UL, 0x241599e5UL, 0x36a0360bUL, 0x8e1c516eUL,
+    0x866616a7UL, 0x3eda71c2UL, 0x2c6fde2cUL, 0x94d3b949UL, 0x090481f0UL,
+    0xb1b8e695UL, 0xa30d497bUL, 0x1bb12e1eUL, 0x43d23e48UL, 0xfb6e592dUL,
+    0xe9dbf6c3UL, 0x516791a6UL, 0xccb0a91fUL, 0x740cce7aUL, 0x66b96194UL,
+    0xde0506f1UL
+  },
+  {
+    0x00000000UL, 0x96300777UL, 0x2c610eeeUL, 0xba510999UL, 0x19c46d07UL,
+    0x8ff46a70UL, 0x35a563e9UL, 0xa395649eUL, 0x3288db0eUL, 0xa4b8dc79UL,
+    0x1ee9d5e0UL, 0x88d9d297UL, 0x2b4cb609UL, 0xbd7cb17eUL, 0x072db8e7UL,
+    0x911dbf90UL, 0x6410b71dUL, 0xf220b06aUL, 0x4871b9f3UL, 0xde41be84UL,
+    0x7dd4da1aUL, 0xebe4dd6dUL, 0x51b5d4f4UL, 0xc785d383UL, 0x56986c13UL,
+    0xc0a86b64UL, 0x7af962fdUL, 0xecc9658aUL, 0x4f5c0114UL, 0xd96c0663UL,
+    0x633d0ffaUL, 0xf50d088dUL, 0xc8206e3bUL, 0x5e10694cUL, 0xe44160d5UL,
+    0x727167a2UL, 0xd1e4033cUL, 0x47d4044bUL, 0xfd850dd2UL, 0x6bb50aa5UL,
+    0xfaa8b535UL, 0x6c98b242UL, 0xd6c9bbdbUL, 0x40f9bcacUL, 0xe36cd832UL,
+    0x755cdf45UL, 0xcf0dd6dcUL, 0x593dd1abUL, 0xac30d926UL, 0x3a00de51UL,
+    0x8051d7c8UL, 0x1661d0bfUL, 0xb5f4b421UL, 0x23c4b356UL, 0x9995bacfUL,
+    0x0fa5bdb8UL, 0x9eb80228UL, 0x0888055fUL, 0xb2d90cc6UL, 0x24e90bb1UL,
+    0x877c6f2fUL, 0x114c6858UL, 0xab1d61c1UL, 0x3d2d66b6UL, 0x9041dc76UL,
+    0x0671db01UL, 0xbc20d298UL, 0x2a10d5efUL, 0x8985b171UL, 0x1fb5b606UL,
+    0xa5e4bf9fUL, 0x33d4b8e8UL, 0xa2c90778UL, 0x34f9000fUL, 0x8ea80996UL,
+    0x18980ee1UL, 0xbb0d6a7fUL, 0x2d3d6d08UL, 0x976c6491UL, 0x015c63e6UL,
+    0xf4516b6bUL, 0x62616c1cUL, 0xd8306585UL, 0x4e0062f2UL, 0xed95066cUL,
+    0x7ba5011bUL, 0xc1f40882UL, 0x57c40ff5UL, 0xc6d9b065UL, 0x50e9b712UL,
+    0xeab8be8bUL, 0x7c88b9fcUL, 0xdf1ddd62UL, 0x492dda15UL, 0xf37cd38cUL,
+    0x654cd4fbUL, 0x5861b24dUL, 0xce51b53aUL, 0x7400bca3UL, 0xe230bbd4UL,
+    0x41a5df4aUL, 0xd795d83dUL, 0x6dc4d1a4UL, 0xfbf4d6d3UL, 0x6ae96943UL,
+    0xfcd96e34UL, 0x468867adUL, 0xd0b860daUL, 0x732d0444UL, 0xe51d0333UL,
+    0x5f4c0aaaUL, 0xc97c0dddUL, 0x3c710550UL, 0xaa410227UL, 0x10100bbeUL,
+    0x86200cc9UL, 0x25b56857UL, 0xb3856f20UL, 0x09d466b9UL, 0x9fe461ceUL,
+    0x0ef9de5eUL, 0x98c9d929UL, 0x2298d0b0UL, 0xb4a8d7c7UL, 0x173db359UL,
+    0x810db42eUL, 0x3b5cbdb7UL, 0xad6cbac0UL, 0x2083b8edUL, 0xb6b3bf9aUL,
+    0x0ce2b603UL, 0x9ad2b174UL, 0x3947d5eaUL, 0xaf77d29dUL, 0x1526db04UL,
+    0x8316dc73UL, 0x120b63e3UL, 0x843b6494UL, 0x3e6a6d0dUL, 0xa85a6a7aUL,
+    0x0bcf0ee4UL, 0x9dff0993UL, 0x27ae000aUL, 0xb19e077dUL, 0x44930ff0UL,
+    0xd2a30887UL, 0x68f2011eUL, 0xfec20669UL, 0x5d5762f7UL, 0xcb676580UL,
+    0x71366c19UL, 0xe7066b6eUL, 0x761bd4feUL, 0xe02bd389UL, 0x5a7ada10UL,
+    0xcc4add67UL, 0x6fdfb9f9UL, 0xf9efbe8eUL, 0x43beb717UL, 0xd58eb060UL,
+    0xe8a3d6d6UL, 0x7e93d1a1UL, 0xc4c2d838UL, 0x52f2df4fUL, 0xf167bbd1UL,
+    0x6757bca6UL, 0xdd06b53fUL, 0x4b36b248UL, 0xda2b0dd8UL, 0x4c1b0aafUL,
+    0xf64a0336UL, 0x607a0441UL, 0xc3ef60dfUL, 0x55df67a8UL, 0xef8e6e31UL,
+    0x79be6946UL, 0x8cb361cbUL, 0x1a8366bcUL, 0xa0d26f25UL, 0x36e26852UL,
+    0x95770cccUL, 0x03470bbbUL, 0xb9160222UL, 0x2f260555UL, 0xbe3bbac5UL,
+    0x280bbdb2UL, 0x925ab42bUL, 0x046ab35cUL, 0xa7ffd7c2UL, 0x31cfd0b5UL,
+    0x8b9ed92cUL, 0x1daede5bUL, 0xb0c2649bUL, 0x26f263ecUL, 0x9ca36a75UL,
+    0x0a936d02UL, 0xa906099cUL, 0x3f360eebUL, 0x85670772UL, 0x13570005UL,
+    0x824abf95UL, 0x147ab8e2UL, 0xae2bb17bUL, 0x381bb60cUL, 0x9b8ed292UL,
+    0x0dbed5e5UL, 0xb7efdc7cUL, 0x21dfdb0bUL, 0xd4d2d386UL, 0x42e2d4f1UL,
+    0xf8b3dd68UL, 0x6e83da1fUL, 0xcd16be81UL, 0x5b26b9f6UL, 0xe177b06fUL,
+    0x7747b718UL, 0xe65a0888UL, 0x706a0fffUL, 0xca3b0666UL, 0x5c0b0111UL,
+    0xff9e658fUL, 0x69ae62f8UL, 0xd3ff6b61UL, 0x45cf6c16UL, 0x78e20aa0UL,
+    0xeed20dd7UL, 0x5483044eUL, 0xc2b30339UL, 0x612667a7UL, 0xf71660d0UL,
+    0x4d476949UL, 0xdb776e3eUL, 0x4a6ad1aeUL, 0xdc5ad6d9UL, 0x660bdf40UL,
+    0xf03bd837UL, 0x53aebca9UL, 0xc59ebbdeUL, 0x7fcfb247UL, 0xe9ffb530UL,
+    0x1cf2bdbdUL, 0x8ac2bacaUL, 0x3093b353UL, 0xa6a3b424UL, 0x0536d0baUL,
+    0x9306d7cdUL, 0x2957de54UL, 0xbf67d923UL, 0x2e7a66b3UL, 0xb84a61c4UL,
+    0x021b685dUL, 0x942b6f2aUL, 0x37be0bb4UL, 0xa18e0cc3UL, 0x1bdf055aUL,
+    0x8def022dUL
+  },
+  {
+    0x00000000UL, 0x41311b19UL, 0x82623632UL, 0xc3532d2bUL, 0x04c56c64UL,
+    0x45f4777dUL, 0x86a75a56UL, 0xc796414fUL, 0x088ad9c8UL, 0x49bbc2d1UL,
+    0x8ae8effaUL, 0xcbd9f4e3UL, 0x0c4fb5acUL, 0x4d7eaeb5UL, 0x8e2d839eUL,
+    0xcf1c9887UL, 0x5112c24aUL, 0x1023d953UL, 0xd370f478UL, 0x9241ef61UL,
+    0x55d7ae2eUL, 0x14e6b537UL, 0xd7b5981cUL, 0x96848305UL, 0x59981b82UL,
+    0x18a9009bUL, 0xdbfa2db0UL, 0x9acb36a9UL, 0x5d5d77e6UL, 0x1c6c6cffUL,
+    0xdf3f41d4UL, 0x9e0e5acdUL, 0xa2248495UL, 0xe3159f8cUL, 0x2046b2a7UL,
+    0x6177a9beUL, 0xa6e1e8f1UL, 0xe7d0f3e8UL, 0x2483dec3UL, 0x65b2c5daUL,
+    0xaaae5d5dUL, 0xeb9f4644UL, 0x28cc6b6fUL, 0x69fd7076UL, 0xae6b3139UL,
+    0xef5a2a20UL, 0x2c09070bUL, 0x6d381c12UL, 0xf33646dfUL, 0xb2075dc6UL,
+    0x715470edUL, 0x30656bf4UL, 0xf7f32abbUL, 0xb6c231a2UL, 0x75911c89UL,
+    0x34a00790UL, 0xfbbc9f17UL, 0xba8d840eUL, 0x79dea925UL, 0x38efb23cUL,
+    0xff79f373UL, 0xbe48e86aUL, 0x7d1bc541UL, 0x3c2ade58UL, 0x054f79f0UL,
+    0x447e62e9UL, 0x872d4fc2UL, 0xc61c54dbUL, 0x018a1594UL, 0x40bb0e8dUL,
+    0x83e823a6UL, 0xc2d938bfUL, 0x0dc5a038UL, 0x4cf4bb21UL, 0x8fa7960aUL,
+    0xce968d13UL, 0x0900cc5cUL, 0x4831d745UL, 0x8b62fa6eUL, 0xca53e177UL,
+    0x545dbbbaUL, 0x156ca0a3UL, 0xd63f8d88UL, 0x970e9691UL, 0x5098d7deUL,
+    0x11a9ccc7UL, 0xd2fae1ecUL, 0x93cbfaf5UL, 0x5cd76272UL, 0x1de6796bUL,
+    0xdeb55440UL, 0x9f844f59UL, 0x58120e16UL, 0x1923150fUL, 0xda703824UL,
+    0x9b41233dUL, 0xa76bfd65UL, 0xe65ae67cUL, 0x2509cb57UL, 0x6438d04eUL,
+    0xa3ae9101UL, 0xe29f8a18UL, 0x21cca733UL, 0x60fdbc2aUL, 0xafe124adUL,
+    0xeed03fb4UL, 0x2d83129fUL, 0x6cb20986UL, 0xab2448c9UL, 0xea1553d0UL,
+    0x29467efbUL, 0x687765e2UL, 0xf6793f2fUL, 0xb7482436UL, 0x741b091dUL,
+    0x352a1204UL, 0xf2bc534bUL, 0xb38d4852UL, 0x70de6579UL, 0x31ef7e60UL,
+    0xfef3e6e7UL, 0xbfc2fdfeUL, 0x7c91d0d5UL, 0x3da0cbccUL, 0xfa368a83UL,
+    0xbb07919aUL, 0x7854bcb1UL, 0x3965a7a8UL, 0x4b98833bUL, 0x0aa99822UL,
+    0xc9fab509UL, 0x88cbae10UL, 0x4f5def5fUL, 0x0e6cf446UL, 0xcd3fd96dUL,
+    0x8c0ec274UL, 0x43125af3UL, 0x022341eaUL, 0xc1706cc1UL, 0x804177d8UL,
+    0x47d73697UL, 0x06e62d8eUL, 0xc5b500a5UL, 0x84841bbcUL, 0x1a8a4171UL,
+    0x5bbb5a68UL, 0x98e87743UL, 0xd9d96c5aUL, 0x1e4f2d15UL, 0x5f7e360cUL,
+    0x9c2d1b27UL, 0xdd1c003eUL, 0x120098b9UL, 0x533183a0UL, 0x9062ae8bUL,
+    0xd153b592UL, 0x16c5f4ddUL, 0x57f4efc4UL, 0x94a7c2efUL, 0xd596d9f6UL,
+    0xe9bc07aeUL, 0xa88d1cb7UL, 0x6bde319cUL, 0x2aef2a85UL, 0xed796bcaUL,
+    0xac4870d3UL, 0x6f1b5df8UL, 0x2e2a46e1UL, 0xe136de66UL, 0xa007c57fUL,
+    0x6354e854UL, 0x2265f34dUL, 0xe5f3b202UL, 0xa4c2a91bUL, 0x67918430UL,
+    0x26a09f29UL, 0xb8aec5e4UL, 0xf99fdefdUL, 0x3accf3d6UL, 0x7bfde8cfUL,
+    0xbc6ba980UL, 0xfd5ab299UL, 0x3e099fb2UL, 0x7f3884abUL, 0xb0241c2cUL,
+    0xf1150735UL, 0x32462a1eUL, 0x73773107UL, 0xb4e17048UL, 0xf5d06b51UL,
+    0x3683467aUL, 0x77b25d63UL, 0x4ed7facbUL, 0x0fe6e1d2UL, 0xccb5ccf9UL,
+    0x8d84d7e0UL, 0x4a1296afUL, 0x0b238db6UL, 0xc870a09dUL, 0x8941bb84UL,
+    0x465d2303UL, 0x076c381aUL, 0xc43f1531UL, 0x850e0e28UL, 0x42984f67UL,
+    0x03a9547eUL, 0xc0fa7955UL, 0x81cb624cUL, 0x1fc53881UL, 0x5ef42398UL,
+    0x9da70eb3UL, 0xdc9615aaUL, 0x1b0054e5UL, 0x5a314ffcUL, 0x996262d7UL,
+    0xd85379ceUL, 0x174fe149UL, 0x567efa50UL, 0x952dd77bUL, 0xd41ccc62UL,
+    0x138a8d2dUL, 0x52bb9634UL, 0x91e8bb1fUL, 0xd0d9a006UL, 0xecf37e5eUL,
+    0xadc26547UL, 0x6e91486cUL, 0x2fa05375UL, 0xe836123aUL, 0xa9070923UL,
+    0x6a542408UL, 0x2b653f11UL, 0xe479a796UL, 0xa548bc8fUL, 0x661b91a4UL,
+    0x272a8abdUL, 0xe0bccbf2UL, 0xa18dd0ebUL, 0x62defdc0UL, 0x23efe6d9UL,
+    0xbde1bc14UL, 0xfcd0a70dUL, 0x3f838a26UL, 0x7eb2913fUL, 0xb924d070UL,
+    0xf815cb69UL, 0x3b46e642UL, 0x7a77fd5bUL, 0xb56b65dcUL, 0xf45a7ec5UL,
+    0x370953eeUL, 0x763848f7UL, 0xb1ae09b8UL, 0xf09f12a1UL, 0x33cc3f8aUL,
+    0x72fd2493UL
+  },
+  {
+    0x00000000UL, 0x376ac201UL, 0x6ed48403UL, 0x59be4602UL, 0xdca80907UL,
+    0xebc2cb06UL, 0xb27c8d04UL, 0x85164f05UL, 0xb851130eUL, 0x8f3bd10fUL,
+    0xd685970dUL, 0xe1ef550cUL, 0x64f91a09UL, 0x5393d808UL, 0x0a2d9e0aUL,
+    0x3d475c0bUL, 0x70a3261cUL, 0x47c9e41dUL, 0x1e77a21fUL, 0x291d601eUL,
+    0xac0b2f1bUL, 0x9b61ed1aUL, 0xc2dfab18UL, 0xf5b56919UL, 0xc8f23512UL,
+    0xff98f713UL, 0xa626b111UL, 0x914c7310UL, 0x145a3c15UL, 0x2330fe14UL,
+    0x7a8eb816UL, 0x4de47a17UL, 0xe0464d38UL, 0xd72c8f39UL, 0x8e92c93bUL,
+    0xb9f80b3aUL, 0x3cee443fUL, 0x0b84863eUL, 0x523ac03cUL, 0x6550023dUL,
+    0x58175e36UL, 0x6f7d9c37UL, 0x36c3da35UL, 0x01a91834UL, 0x84bf5731UL,
+    0xb3d59530UL, 0xea6bd332UL, 0xdd011133UL, 0x90e56b24UL, 0xa78fa925UL,
+    0xfe31ef27UL, 0xc95b2d26UL, 0x4c4d6223UL, 0x7b27a022UL, 0x2299e620UL,
+    0x15f32421UL, 0x28b4782aUL, 0x1fdeba2bUL, 0x4660fc29UL, 0x710a3e28UL,
+    0xf41c712dUL, 0xc376b32cUL, 0x9ac8f52eUL, 0xada2372fUL, 0xc08d9a70UL,
+    0xf7e75871UL, 0xae591e73UL, 0x9933dc72UL, 0x1c259377UL, 0x2b4f5176UL,
+    0x72f11774UL, 0x459bd575UL, 0x78dc897eUL, 0x4fb64b7fUL, 0x16080d7dUL,
+    0x2162cf7cUL, 0xa4748079UL, 0x931e4278UL, 0xcaa0047aUL, 0xfdcac67bUL,
+    0xb02ebc6cUL, 0x87447e6dUL, 0xdefa386fUL, 0xe990fa6eUL, 0x6c86b56bUL,
+    0x5bec776aUL, 0x02523168UL, 0x3538f369UL, 0x087faf62UL, 0x3f156d63UL,
+    0x66ab2b61UL, 0x51c1e960UL, 0xd4d7a665UL, 0xe3bd6464UL, 0xba032266UL,
+    0x8d69e067UL, 0x20cbd748UL, 0x17a11549UL, 0x4e1f534bUL, 0x7975914aUL,
+    0xfc63de4fUL, 0xcb091c4eUL, 0x92b75a4cUL, 0xa5dd984dUL, 0x989ac446UL,
+    0xaff00647UL, 0xf64e4045UL, 0xc1248244UL, 0x4432cd41UL, 0x73580f40UL,
+    0x2ae64942UL, 0x1d8c8b43UL, 0x5068f154UL, 0x67023355UL, 0x3ebc7557UL,
+    0x09d6b756UL, 0x8cc0f853UL, 0xbbaa3a52UL, 0xe2147c50UL, 0xd57ebe51UL,
+    0xe839e25aUL, 0xdf53205bUL, 0x86ed6659UL, 0xb187a458UL, 0x3491eb5dUL,
+    0x03fb295cUL, 0x5a456f5eUL, 0x6d2fad5fUL, 0x801b35e1UL, 0xb771f7e0UL,
+    0xeecfb1e2UL, 0xd9a573e3UL, 0x5cb33ce6UL, 0x6bd9fee7UL, 0x3267b8e5UL,
+    0x050d7ae4UL, 0x384a26efUL, 0x0f20e4eeUL, 0x569ea2ecUL, 0x61f460edUL,
+    0xe4e22fe8UL, 0xd388ede9UL, 0x8a36abebUL, 0xbd5c69eaUL, 0xf0b813fdUL,
+    0xc7d2d1fcUL, 0x9e6c97feUL, 0xa90655ffUL, 0x2c101afaUL, 0x1b7ad8fbUL,
+    0x42c49ef9UL, 0x75ae5cf8UL, 0x48e900f3UL, 0x7f83c2f2UL, 0x263d84f0UL,
+    0x115746f1UL, 0x944109f4UL, 0xa32bcbf5UL, 0xfa958df7UL, 0xcdff4ff6UL,
+    0x605d78d9UL, 0x5737bad8UL, 0x0e89fcdaUL, 0x39e33edbUL, 0xbcf571deUL,
+    0x8b9fb3dfUL, 0xd221f5ddUL, 0xe54b37dcUL, 0xd80c6bd7UL, 0xef66a9d6UL,
+    0xb6d8efd4UL, 0x81b22dd5UL, 0x04a462d0UL, 0x33cea0d1UL, 0x6a70e6d3UL,
+    0x5d1a24d2UL, 0x10fe5ec5UL, 0x27949cc4UL, 0x7e2adac6UL, 0x494018c7UL,
+    0xcc5657c2UL, 0xfb3c95c3UL, 0xa282d3c1UL, 0x95e811c0UL, 0xa8af4dcbUL,
+    0x9fc58fcaUL, 0xc67bc9c8UL, 0xf1110bc9UL, 0x740744ccUL, 0x436d86cdUL,
+    0x1ad3c0cfUL, 0x2db902ceUL, 0x4096af91UL, 0x77fc6d90UL, 0x2e422b92UL,
+    0x1928e993UL, 0x9c3ea696UL, 0xab546497UL, 0xf2ea2295UL, 0xc580e094UL,
+    0xf8c7bc9fUL, 0xcfad7e9eUL, 0x9613389cUL, 0xa179fa9dUL, 0x246fb598UL,
+    0x13057799UL, 0x4abb319bUL, 0x7dd1f39aUL, 0x3035898dUL, 0x075f4b8cUL,
+    0x5ee10d8eUL, 0x698bcf8fUL, 0xec9d808aUL, 0xdbf7428bUL, 0x82490489UL,
+    0xb523c688UL, 0x88649a83UL, 0xbf0e5882UL, 0xe6b01e80UL, 0xd1dadc81UL,
+    0x54cc9384UL, 0x63a65185UL, 0x3a181787UL, 0x0d72d586UL, 0xa0d0e2a9UL,
+    0x97ba20a8UL, 0xce0466aaUL, 0xf96ea4abUL, 0x7c78ebaeUL, 0x4b1229afUL,
+    0x12ac6fadUL, 0x25c6adacUL, 0x1881f1a7UL, 0x2feb33a6UL, 0x765575a4UL,
+    0x413fb7a5UL, 0xc429f8a0UL, 0xf3433aa1UL, 0xaafd7ca3UL, 0x9d97bea2UL,
+    0xd073c4b5UL, 0xe71906b4UL, 0xbea740b6UL, 0x89cd82b7UL, 0x0cdbcdb2UL,
+    0x3bb10fb3UL, 0x620f49b1UL, 0x55658bb0UL, 0x6822d7bbUL, 0x5f4815baUL,
+    0x06f653b8UL, 0x319c91b9UL, 0xb48adebcUL, 0x83e01cbdUL, 0xda5e5abfUL,
+    0xed3498beUL
+  },
+  {
+    0x00000000UL, 0x6567bcb8UL, 0x8bc809aaUL, 0xeeafb512UL, 0x5797628fUL,
+    0x32f0de37UL, 0xdc5f6b25UL, 0xb938d79dUL, 0xef28b4c5UL, 0x8a4f087dUL,
+    0x64e0bd6fUL, 0x018701d7UL, 0xb8bfd64aUL, 0xddd86af2UL, 0x3377dfe0UL,
+    0x56106358UL, 0x9f571950UL, 0xfa30a5e8UL, 0x149f10faUL, 0x71f8ac42UL,
+    0xc8c07bdfUL, 0xada7c767UL, 0x43087275UL, 0x266fcecdUL, 0x707fad95UL,
+    0x1518112dUL, 0xfbb7a43fUL, 0x9ed01887UL, 0x27e8cf1aUL, 0x428f73a2UL,
+    0xac20c6b0UL, 0xc9477a08UL, 0x3eaf32a0UL, 0x5bc88e18UL, 0xb5673b0aUL,
+    0xd00087b2UL, 0x6938502fUL, 0x0c5fec97UL, 0xe2f05985UL, 0x8797e53dUL,
+    0xd1878665UL, 0xb4e03addUL, 0x5a4f8fcfUL, 0x3f283377UL, 0x8610e4eaUL,
+    0xe3775852UL, 0x0dd8ed40UL, 0x68bf51f8UL, 0xa1f82bf0UL, 0xc49f9748UL,
+    0x2a30225aUL, 0x4f579ee2UL, 0xf66f497fUL, 0x9308f5c7UL, 0x7da740d5UL,
+    0x18c0fc6dUL, 0x4ed09f35UL, 0x2bb7238dUL, 0xc518969fUL, 0xa07f2a27UL,
+    0x1947fdbaUL, 0x7c204102UL, 0x928ff410UL, 0xf7e848a8UL, 0x3d58149bUL,
+    0x583fa823UL, 0xb6901d31UL, 0xd3f7a189UL, 0x6acf7614UL, 0x0fa8caacUL,
+    0xe1077fbeUL, 0x8460c306UL, 0xd270a05eUL, 0xb7171ce6UL, 0x59b8a9f4UL,
+    0x3cdf154cUL, 0x85e7c2d1UL, 0xe0807e69UL, 0x0e2fcb7bUL, 0x6b4877c3UL,
+    0xa20f0dcbUL, 0xc768b173UL, 0x29c70461UL, 0x4ca0b8d9UL, 0xf5986f44UL,
+    0x90ffd3fcUL, 0x7e5066eeUL, 0x1b37da56UL, 0x4d27b90eUL, 0x284005b6UL,
+    0xc6efb0a4UL, 0xa3880c1cUL, 0x1ab0db81UL, 0x7fd76739UL, 0x9178d22bUL,
+    0xf41f6e93UL, 0x03f7263bUL, 0x66909a83UL, 0x883f2f91UL, 0xed589329UL,
+    0x546044b4UL, 0x3107f80cUL, 0xdfa84d1eUL, 0xbacff1a6UL, 0xecdf92feUL,
+    0x89b82e46UL, 0x67179b54UL, 0x027027ecUL, 0xbb48f071UL, 0xde2f4cc9UL,
+    0x3080f9dbUL, 0x55e74563UL, 0x9ca03f6bUL, 0xf9c783d3UL, 0x176836c1UL,
+    0x720f8a79UL, 0xcb375de4UL, 0xae50e15cUL, 0x40ff544eUL, 0x2598e8f6UL,
+    0x73888baeUL, 0x16ef3716UL, 0xf8408204UL, 0x9d273ebcUL, 0x241fe921UL,
+    0x41785599UL, 0xafd7e08bUL, 0xcab05c33UL, 0x3bb659edUL, 0x5ed1e555UL,
+    0xb07e5047UL, 0xd519ecffUL, 0x6c213b62UL, 0x094687daUL, 0xe7e932c8UL,
+    0x828e8e70UL, 0xd49eed28UL, 0xb1f95190UL, 0x5f56e482UL, 0x3a31583aUL,
+    0x83098fa7UL, 0xe66e331fUL, 0x08c1860dUL, 0x6da63ab5UL, 0xa4e140bdUL,
+    0xc186fc05UL, 0x2f294917UL, 0x4a4ef5afUL, 0xf3762232UL, 0x96119e8aUL,
+    0x78be2b98UL, 0x1dd99720UL, 0x4bc9f478UL, 0x2eae48c0UL, 0xc001fdd2UL,
+    0xa566416aUL, 0x1c5e96f7UL, 0x79392a4fUL, 0x97969f5dUL, 0xf2f123e5UL,
+    0x05196b4dUL, 0x607ed7f5UL, 0x8ed162e7UL, 0xebb6de5fUL, 0x528e09c2UL,
+    0x37e9b57aUL, 0xd9460068UL, 0xbc21bcd0UL, 0xea31df88UL, 0x8f566330UL,
+    0x61f9d622UL, 0x049e6a9aUL, 0xbda6bd07UL, 0xd8c101bfUL, 0x366eb4adUL,
+    0x53090815UL, 0x9a4e721dUL, 0xff29cea5UL, 0x11867bb7UL, 0x74e1c70fUL,
+    0xcdd91092UL, 0xa8beac2aUL, 0x46111938UL, 0x2376a580UL, 0x7566c6d8UL,
+    0x10017a60UL, 0xfeaecf72UL, 0x9bc973caUL, 0x22f1a457UL, 0x479618efUL,
+    0xa939adfdUL, 0xcc5e1145UL, 0x06ee4d76UL, 0x6389f1ceUL, 0x8d2644dcUL,
+    0xe841f864UL, 0x51792ff9UL, 0x341e9341UL, 0xdab12653UL, 0xbfd69aebUL,
+    0xe9c6f9b3UL, 0x8ca1450bUL, 0x620ef019UL, 0x07694ca1UL, 0xbe519b3cUL,
+    0xdb362784UL, 0x35999296UL, 0x50fe2e2eUL, 0x99b95426UL, 0xfcdee89eUL,
+    0x12715d8cUL, 0x7716e134UL, 0xce2e36a9UL, 0xab498a11UL, 0x45e63f03UL,
+    0x208183bbUL, 0x7691e0e3UL, 0x13f65c5bUL, 0xfd59e949UL, 0x983e55f1UL,
+    0x2106826cUL, 0x44613ed4UL, 0xaace8bc6UL, 0xcfa9377eUL, 0x38417fd6UL,
+    0x5d26c36eUL, 0xb389767cUL, 0xd6eecac4UL, 0x6fd61d59UL, 0x0ab1a1e1UL,
+    0xe41e14f3UL, 0x8179a84bUL, 0xd769cb13UL, 0xb20e77abUL, 0x5ca1c2b9UL,
+    0x39c67e01UL, 0x80fea99cUL, 0xe5991524UL, 0x0b36a036UL, 0x6e511c8eUL,
+    0xa7166686UL, 0xc271da3eUL, 0x2cde6f2cUL, 0x49b9d394UL, 0xf0810409UL,
+    0x95e6b8b1UL, 0x7b490da3UL, 0x1e2eb11bUL, 0x483ed243UL, 0x2d596efbUL,
+    0xc3f6dbe9UL, 0xa6916751UL, 0x1fa9b0ccUL, 0x7ace0c74UL, 0x9461b966UL,
+    0xf10605deUL
+#endif
+  }
+};
diff --git a/nss/lib/zlib/deflate.c b/nss/lib/zlib/deflate.c
new file mode 100644
index 0000000..5c4022f
--- /dev/null
+++ b/nss/lib/zlib/deflate.c
@@ -0,0 +1,1834 @@
+/* deflate.c -- compress data using the deflation algorithm
+ * Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ *  ALGORITHM
+ *
+ *      The "deflation" process depends on being able to identify portions
+ *      of the input text which are identical to earlier input (within a
+ *      sliding window trailing behind the input currently being processed).
+ *
+ *      The most straightforward technique turns out to be the fastest for
+ *      most input files: try all possible matches and select the longest.
+ *      The key feature of this algorithm is that insertions into the string
+ *      dictionary are very simple and thus fast, and deletions are avoided
+ *      completely. Insertions are performed at each input character, whereas
+ *      string matches are performed only when the previous match ends. So it
+ *      is preferable to spend more time in matches to allow very fast string
+ *      insertions and avoid deletions. The matching algorithm for small
+ *      strings is inspired from that of Rabin & Karp. A brute force approach
+ *      is used to find longer strings when a small match has been found.
+ *      A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
+ *      (by Leonid Broukhis).
+ *         A previous version of this file used a more sophisticated algorithm
+ *      (by Fiala and Greene) which is guaranteed to run in linear amortized
+ *      time, but has a larger average cost, uses more memory and is patented.
+ *      However the F&G algorithm may be faster for some highly redundant
+ *      files if the parameter max_chain_length (described below) is too large.
+ *
+ *  ACKNOWLEDGEMENTS
+ *
+ *      The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
+ *      I found it in 'freeze' written by Leonid Broukhis.
+ *      Thanks to many people for bug reports and testing.
+ *
+ *  REFERENCES
+ *
+ *      Deutsch, L.P.,"DEFLATE Compressed Data Format Specification".
+ *      Available in http://www.ietf.org/rfc/rfc1951.txt
+ *
+ *      A description of the Rabin and Karp algorithm is given in the book
+ *         "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
+ *
+ *      Fiala,E.R., and Greene,D.H.
+ *         Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
+ *
+ */
+
+/* @(#) $Id$ */
+
+#include "deflate.h"
+
+const char deflate_copyright[] =
+   " deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler ";
+/*
+  If you use the zlib library in a product, an acknowledgment is welcome
+  in the documentation of your product. If for some reason you cannot
+  include such an acknowledgment, I would appreciate that you keep this
+  copyright string in the executable of your product.
+ */
+
+/* ===========================================================================
+ *  Function prototypes.
+ */
+typedef enum {
+    need_more,      /* block not completed, need more input or more output */
+    block_done,     /* block flush performed */
+    finish_started, /* finish started, need only more output at next deflate */
+    finish_done     /* finish done, accept no more input or output */
+} block_state;
+
+typedef block_state (*compress_func) OF((deflate_state *s, int flush));
+/* Compression function. Returns the block state after the call. */
+
+local void fill_window    OF((deflate_state *s));
+local block_state deflate_stored OF((deflate_state *s, int flush));
+local block_state deflate_fast   OF((deflate_state *s, int flush));
+#ifndef FASTEST
+local block_state deflate_slow   OF((deflate_state *s, int flush));
+#endif
+local block_state deflate_rle    OF((deflate_state *s, int flush));
+local block_state deflate_huff   OF((deflate_state *s, int flush));
+local void lm_init        OF((deflate_state *s));
+local void putShortMSB    OF((deflate_state *s, uInt b));
+local void flush_pending  OF((z_streamp strm));
+local int read_buf        OF((z_streamp strm, Bytef *buf, unsigned size));
+#ifdef ASMV
+      void match_init OF((void)); /* asm code initialization */
+      uInt longest_match  OF((deflate_state *s, IPos cur_match));
+#else
+local uInt longest_match  OF((deflate_state *s, IPos cur_match));
+#endif
+
+#ifdef DEBUG
+local  void check_match OF((deflate_state *s, IPos start, IPos match,
+                            int length));
+#endif
+
+/* ===========================================================================
+ * Local data
+ */
+
+#define NIL 0
+/* Tail of hash chains */
+
+#ifndef TOO_FAR
+#  define TOO_FAR 4096
+#endif
+/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
+
+/* Values for max_lazy_match, good_match and max_chain_length, depending on
+ * the desired pack level (0..9). The values given below have been tuned to
+ * exclude worst case performance for pathological files. Better values may be
+ * found for specific files.
+ */
+typedef struct config_s {
+   ush good_length; /* reduce lazy search above this match length */
+   ush max_lazy;    /* do not perform lazy search above this match length */
+   ush nice_length; /* quit search above this match length */
+   ush max_chain;
+   compress_func func;
+} config;
+
+#ifdef FASTEST
+local const config configuration_table[2] = {
+/*      good lazy nice chain */
+/* 0 */ {0,    0,  0,    0, deflate_stored},  /* store only */
+/* 1 */ {4,    4,  8,    4, deflate_fast}}; /* max speed, no lazy matches */
+#else
+local const config configuration_table[10] = {
+/*      good lazy nice chain */
+/* 0 */ {0,    0,  0,    0, deflate_stored},  /* store only */
+/* 1 */ {4,    4,  8,    4, deflate_fast}, /* max speed, no lazy matches */
+/* 2 */ {4,    5, 16,    8, deflate_fast},
+/* 3 */ {4,    6, 32,   32, deflate_fast},
+
+/* 4 */ {4,    4, 16,   16, deflate_slow},  /* lazy matches */
+/* 5 */ {8,   16, 32,   32, deflate_slow},
+/* 6 */ {8,   16, 128, 128, deflate_slow},
+/* 7 */ {8,   32, 128, 256, deflate_slow},
+/* 8 */ {32, 128, 258, 1024, deflate_slow},
+/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* max compression */
+#endif
+
+/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
+ * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
+ * meaning.
+ */
+
+#define EQUAL 0
+/* result of memcmp for equal strings */
+
+#ifndef NO_DUMMY_DECL
+struct static_tree_desc_s {int dummy;}; /* for buggy compilers */
+#endif
+
+/* ===========================================================================
+ * Update a hash value with the given input byte
+ * IN  assertion: all calls to to UPDATE_HASH are made with consecutive
+ *    input characters, so that a running hash key can be computed from the
+ *    previous key instead of complete recalculation each time.
+ */
+#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
+
+
+/* ===========================================================================
+ * Insert string str in the dictionary and set match_head to the previous head
+ * of the hash chain (the most recent string with same hash key). Return
+ * the previous length of the hash chain.
+ * If this file is compiled with -DFASTEST, the compression level is forced
+ * to 1, and no hash chains are maintained.
+ * IN  assertion: all calls to to INSERT_STRING are made with consecutive
+ *    input characters and the first MIN_MATCH bytes of str are valid
+ *    (except for the last MIN_MATCH-1 bytes of the input file).
+ */
+#ifdef FASTEST
+#define INSERT_STRING(s, str, match_head) \
+   (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
+    match_head = s->head[s->ins_h], \
+    s->head[s->ins_h] = (Pos)(str))
+#else
+#define INSERT_STRING(s, str, match_head) \
+   (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
+    match_head = s->prev[(str) & s->w_mask] = s->head[s->ins_h], \
+    s->head[s->ins_h] = (Pos)(str))
+#endif
+
+/* ===========================================================================
+ * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
+ * prev[] will be initialized on the fly.
+ */
+#define CLEAR_HASH(s) \
+    s->head[s->hash_size-1] = NIL; \
+    zmemzero((Bytef *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
+
+/* ========================================================================= */
+int ZEXPORT deflateInit_(strm, level, version, stream_size)
+    z_streamp strm;
+    int level;
+    const char *version;
+    int stream_size;
+{
+    return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
+                         Z_DEFAULT_STRATEGY, version, stream_size);
+    /* To do: ignore strm->next_in if we use it as window */
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+                  version, stream_size)
+    z_streamp strm;
+    int  level;
+    int  method;
+    int  windowBits;
+    int  memLevel;
+    int  strategy;
+    const char *version;
+    int stream_size;
+{
+    deflate_state *s;
+    int wrap = 1;
+    static const char my_version[] = ZLIB_VERSION;
+
+    ushf *overlay;
+    /* We overlay pending_buf and d_buf+l_buf. This works since the average
+     * output size for (length,distance) codes is <= 24 bits.
+     */
+
+    if (version == Z_NULL || version[0] != my_version[0] ||
+        stream_size != sizeof(z_stream)) {
+        return Z_VERSION_ERROR;
+    }
+    if (strm == Z_NULL) return Z_STREAM_ERROR;
+
+    strm->msg = Z_NULL;
+    if (strm->zalloc == (alloc_func)0) {
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+    }
+    if (strm->zfree == (free_func)0) strm->zfree = zcfree;
+
+#ifdef FASTEST
+    if (level != 0) level = 1;
+#else
+    if (level == Z_DEFAULT_COMPRESSION) level = 6;
+#endif
+
+    if (windowBits < 0) { /* suppress zlib wrapper */
+        wrap = 0;
+        windowBits = -windowBits;
+    }
+#ifdef GZIP
+    else if (windowBits > 15) {
+        wrap = 2;       /* write gzip wrapper instead */
+        windowBits -= 16;
+    }
+#endif
+    if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
+        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
+        strategy < 0 || strategy > Z_FIXED) {
+        return Z_STREAM_ERROR;
+    }
+    if (windowBits == 8) windowBits = 9;  /* until 256-byte window bug fixed */
+    s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
+    if (s == Z_NULL) return Z_MEM_ERROR;
+    strm->state = (struct internal_state FAR *)s;
+    s->strm = strm;
+
+    s->wrap = wrap;
+    s->gzhead = Z_NULL;
+    s->w_bits = windowBits;
+    s->w_size = 1 << s->w_bits;
+    s->w_mask = s->w_size - 1;
+
+    s->hash_bits = memLevel + 7;
+    s->hash_size = 1 << s->hash_bits;
+    s->hash_mask = s->hash_size - 1;
+    s->hash_shift =  ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
+
+    s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
+    s->prev   = (Posf *)  ZALLOC(strm, s->w_size, sizeof(Pos));
+    s->head   = (Posf *)  ZALLOC(strm, s->hash_size, sizeof(Pos));
+
+    s->high_water = 0;      /* nothing written to s->window yet */
+
+    s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
+
+    overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
+    s->pending_buf = (uchf *) overlay;
+    s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
+
+    if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
+        s->pending_buf == Z_NULL) {
+        s->status = FINISH_STATE;
+        strm->msg = (char*)ERR_MSG(Z_MEM_ERROR);
+        deflateEnd (strm);
+        return Z_MEM_ERROR;
+    }
+    s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
+    s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
+
+    s->level = level;
+    s->strategy = strategy;
+    s->method = (Byte)method;
+
+    return deflateReset(strm);
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateSetDictionary (strm, dictionary, dictLength)
+    z_streamp strm;
+    const Bytef *dictionary;
+    uInt  dictLength;
+{
+    deflate_state *s;
+    uInt length = dictLength;
+    uInt n;
+    IPos hash_head = 0;
+
+    if (strm == Z_NULL || strm->state == Z_NULL || dictionary == Z_NULL ||
+        strm->state->wrap == 2 ||
+        (strm->state->wrap == 1 && strm->state->status != INIT_STATE))
+        return Z_STREAM_ERROR;
+
+    s = strm->state;
+    if (s->wrap)
+        strm->adler = adler32(strm->adler, dictionary, dictLength);
+
+    if (length < MIN_MATCH) return Z_OK;
+    if (length > s->w_size) {
+        length = s->w_size;
+        dictionary += dictLength - length; /* use the tail of the dictionary */
+    }
+    zmemcpy(s->window, dictionary, length);
+    s->strstart = length;
+    s->block_start = (long)length;
+
+    /* Insert all strings in the hash table (except for the last two bytes).
+     * s->lookahead stays null, so s->ins_h will be recomputed at the next
+     * call of fill_window.
+     */
+    s->ins_h = s->window[0];
+    UPDATE_HASH(s, s->ins_h, s->window[1]);
+    for (n = 0; n <= length - MIN_MATCH; n++) {
+        INSERT_STRING(s, n, hash_head);
+    }
+    if (hash_head) hash_head = 0;  /* to make compiler happy */
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateReset (strm)
+    z_streamp strm;
+{
+    deflate_state *s;
+
+    if (strm == Z_NULL || strm->state == Z_NULL ||
+        strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0) {
+        return Z_STREAM_ERROR;
+    }
+
+    strm->total_in = strm->total_out = 0;
+    strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
+    strm->data_type = Z_UNKNOWN;
+
+    s = (deflate_state *)strm->state;
+    s->pending = 0;
+    s->pending_out = s->pending_buf;
+
+    if (s->wrap < 0) {
+        s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */
+    }
+    s->status = s->wrap ? INIT_STATE : BUSY_STATE;
+    strm->adler =
+#ifdef GZIP
+        s->wrap == 2 ? crc32(0L, Z_NULL, 0) :
+#endif
+        adler32(0L, Z_NULL, 0);
+    s->last_flush = Z_NO_FLUSH;
+
+    _tr_init(s);
+    lm_init(s);
+
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateSetHeader (strm, head)
+    z_streamp strm;
+    gz_headerp head;
+{
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    if (strm->state->wrap != 2) return Z_STREAM_ERROR;
+    strm->state->gzhead = head;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflatePrime (strm, bits, value)
+    z_streamp strm;
+    int bits;
+    int value;
+{
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    strm->state->bi_valid = bits;
+    strm->state->bi_buf = (ush)(value & ((1 << bits) - 1));
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateParams(strm, level, strategy)
+    z_streamp strm;
+    int level;
+    int strategy;
+{
+    deflate_state *s;
+    compress_func func;
+    int err = Z_OK;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    s = strm->state;
+
+#ifdef FASTEST
+    if (level != 0) level = 1;
+#else
+    if (level == Z_DEFAULT_COMPRESSION) level = 6;
+#endif
+    if (level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED) {
+        return Z_STREAM_ERROR;
+    }
+    func = configuration_table[s->level].func;
+
+    if ((strategy != s->strategy || func != configuration_table[level].func) &&
+        strm->total_in != 0) {
+        /* Flush the last buffer: */
+        err = deflate(strm, Z_BLOCK);
+    }
+    if (s->level != level) {
+        s->level = level;
+        s->max_lazy_match   = configuration_table[level].max_lazy;
+        s->good_match       = configuration_table[level].good_length;
+        s->nice_match       = configuration_table[level].nice_length;
+        s->max_chain_length = configuration_table[level].max_chain;
+    }
+    s->strategy = strategy;
+    return err;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateTune(strm, good_length, max_lazy, nice_length, max_chain)
+    z_streamp strm;
+    int good_length;
+    int max_lazy;
+    int nice_length;
+    int max_chain;
+{
+    deflate_state *s;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    s = strm->state;
+    s->good_match = good_length;
+    s->max_lazy_match = max_lazy;
+    s->nice_match = nice_length;
+    s->max_chain_length = max_chain;
+    return Z_OK;
+}
+
+/* =========================================================================
+ * For the default windowBits of 15 and memLevel of 8, this function returns
+ * a close to exact, as well as small, upper bound on the compressed size.
+ * They are coded as constants here for a reason--if the #define's are
+ * changed, then this function needs to be changed as well.  The return
+ * value for 15 and 8 only works for those exact settings.
+ *
+ * For any setting other than those defaults for windowBits and memLevel,
+ * the value returned is a conservative worst case for the maximum expansion
+ * resulting from using fixed blocks instead of stored blocks, which deflate
+ * can emit on compressed data for some combinations of the parameters.
+ *
+ * This function could be more sophisticated to provide closer upper bounds for
+ * every combination of windowBits and memLevel.  But even the conservative
+ * upper bound of about 14% expansion does not seem onerous for output buffer
+ * allocation.
+ */
+uLong ZEXPORT deflateBound(strm, sourceLen)
+    z_streamp strm;
+    uLong sourceLen;
+{
+    deflate_state *s;
+    uLong complen, wraplen;
+    Bytef *str;
+
+    /* conservative upper bound for compressed data */
+    complen = sourceLen +
+              ((sourceLen + 7) >> 3) + ((sourceLen + 63) >> 6) + 5;
+
+    /* if can't get parameters, return conservative bound plus zlib wrapper */
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return complen + 6;
+
+    /* compute wrapper length */
+    s = strm->state;
+    switch (s->wrap) {
+    case 0:                                 /* raw deflate */
+        wraplen = 0;
+        break;
+    case 1:                                 /* zlib wrapper */
+        wraplen = 6 + (s->strstart ? 4 : 0);
+        break;
+    case 2:                                 /* gzip wrapper */
+        wraplen = 18;
+        if (s->gzhead != Z_NULL) {          /* user-supplied gzip header */
+            if (s->gzhead->extra != Z_NULL)
+                wraplen += 2 + s->gzhead->extra_len;
+            str = s->gzhead->name;
+            if (str != Z_NULL)
+                do {
+                    wraplen++;
+                } while (*str++);
+            str = s->gzhead->comment;
+            if (str != Z_NULL)
+                do {
+                    wraplen++;
+                } while (*str++);
+            if (s->gzhead->hcrc)
+                wraplen += 2;
+        }
+        break;
+    default:                                /* for compiler happiness */
+        wraplen = 6;
+    }
+
+    /* if not default parameters, return conservative bound */
+    if (s->w_bits != 15 || s->hash_bits != 8 + 7)
+        return complen + wraplen;
+
+    /* default settings: return tight bound for that case */
+    return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
+           (sourceLen >> 25) + 13 - 6 + wraplen;
+}
+
+/* =========================================================================
+ * Put a short in the pending buffer. The 16-bit value is put in MSB order.
+ * IN assertion: the stream state is correct and there is enough room in
+ * pending_buf.
+ */
+local void putShortMSB (s, b)
+    deflate_state *s;
+    uInt b;
+{
+    put_byte(s, (Byte)(b >> 8));
+    put_byte(s, (Byte)(b & 0xff));
+}
+
+/* =========================================================================
+ * Flush as much pending output as possible. All deflate() output goes
+ * through this function so some applications may wish to modify it
+ * to avoid allocating a large strm->next_out buffer and copying into it.
+ * (See also read_buf()).
+ */
+local void flush_pending(strm)
+    z_streamp strm;
+{
+    unsigned len = strm->state->pending;
+
+    if (len > strm->avail_out) len = strm->avail_out;
+    if (len == 0) return;
+
+    zmemcpy(strm->next_out, strm->state->pending_out, len);
+    strm->next_out  += len;
+    strm->state->pending_out  += len;
+    strm->total_out += len;
+    strm->avail_out  -= len;
+    strm->state->pending -= len;
+    if (strm->state->pending == 0) {
+        strm->state->pending_out = strm->state->pending_buf;
+    }
+}
+
+/* ========================================================================= */
+int ZEXPORT deflate (strm, flush)
+    z_streamp strm;
+    int flush;
+{
+    int old_flush; /* value of flush param for previous deflate call */
+    deflate_state *s;
+
+    if (strm == Z_NULL || strm->state == Z_NULL ||
+        flush > Z_BLOCK || flush < 0) {
+        return Z_STREAM_ERROR;
+    }
+    s = strm->state;
+
+    if (strm->next_out == Z_NULL ||
+        (strm->next_in == Z_NULL && strm->avail_in != 0) ||
+        (s->status == FINISH_STATE && flush != Z_FINISH)) {
+        ERR_RETURN(strm, Z_STREAM_ERROR);
+    }
+    if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
+
+    s->strm = strm; /* just in case */
+    old_flush = s->last_flush;
+    s->last_flush = flush;
+
+    /* Write the header */
+    if (s->status == INIT_STATE) {
+#ifdef GZIP
+        if (s->wrap == 2) {
+            strm->adler = crc32(0L, Z_NULL, 0);
+            put_byte(s, 31);
+            put_byte(s, 139);
+            put_byte(s, 8);
+            if (s->gzhead == Z_NULL) {
+                put_byte(s, 0);
+                put_byte(s, 0);
+                put_byte(s, 0);
+                put_byte(s, 0);
+                put_byte(s, 0);
+                put_byte(s, s->level == 9 ? 2 :
+                            (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ?
+                             4 : 0));
+                put_byte(s, OS_CODE);
+                s->status = BUSY_STATE;
+            }
+            else {
+                put_byte(s, (s->gzhead->text ? 1 : 0) +
+                            (s->gzhead->hcrc ? 2 : 0) +
+                            (s->gzhead->extra == Z_NULL ? 0 : 4) +
+                            (s->gzhead->name == Z_NULL ? 0 : 8) +
+                            (s->gzhead->comment == Z_NULL ? 0 : 16)
+                        );
+                put_byte(s, (Byte)(s->gzhead->time & 0xff));
+                put_byte(s, (Byte)((s->gzhead->time >> 8) & 0xff));
+                put_byte(s, (Byte)((s->gzhead->time >> 16) & 0xff));
+                put_byte(s, (Byte)((s->gzhead->time >> 24) & 0xff));
+                put_byte(s, s->level == 9 ? 2 :
+                            (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ?
+                             4 : 0));
+                put_byte(s, s->gzhead->os & 0xff);
+                if (s->gzhead->extra != Z_NULL) {
+                    put_byte(s, s->gzhead->extra_len & 0xff);
+                    put_byte(s, (s->gzhead->extra_len >> 8) & 0xff);
+                }
+                if (s->gzhead->hcrc)
+                    strm->adler = crc32(strm->adler, s->pending_buf,
+                                        s->pending);
+                s->gzindex = 0;
+                s->status = EXTRA_STATE;
+            }
+        }
+        else
+#endif
+        {
+            uInt header = (Z_DEFLATED + ((s->w_bits-8)<<4)) << 8;
+            uInt level_flags;
+
+            if (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2)
+                level_flags = 0;
+            else if (s->level < 6)
+                level_flags = 1;
+            else if (s->level == 6)
+                level_flags = 2;
+            else
+                level_flags = 3;
+            header |= (level_flags << 6);
+            if (s->strstart != 0) header |= PRESET_DICT;
+            header += 31 - (header % 31);
+
+            s->status = BUSY_STATE;
+            putShortMSB(s, header);
+
+            /* Save the adler32 of the preset dictionary: */
+            if (s->strstart != 0) {
+                putShortMSB(s, (uInt)(strm->adler >> 16));
+                putShortMSB(s, (uInt)(strm->adler & 0xffff));
+            }
+            strm->adler = adler32(0L, Z_NULL, 0);
+        }
+    }
+#ifdef GZIP
+    if (s->status == EXTRA_STATE) {
+        if (s->gzhead->extra != Z_NULL) {
+            uInt beg = s->pending;  /* start of bytes to update crc */
+
+            while (s->gzindex < (s->gzhead->extra_len & 0xffff)) {
+                if (s->pending == s->pending_buf_size) {
+                    if (s->gzhead->hcrc && s->pending > beg)
+                        strm->adler = crc32(strm->adler, s->pending_buf + beg,
+                                            s->pending - beg);
+                    flush_pending(strm);
+                    beg = s->pending;
+                    if (s->pending == s->pending_buf_size)
+                        break;
+                }
+                put_byte(s, s->gzhead->extra[s->gzindex]);
+                s->gzindex++;
+            }
+            if (s->gzhead->hcrc && s->pending > beg)
+                strm->adler = crc32(strm->adler, s->pending_buf + beg,
+                                    s->pending - beg);
+            if (s->gzindex == s->gzhead->extra_len) {
+                s->gzindex = 0;
+                s->status = NAME_STATE;
+            }
+        }
+        else
+            s->status = NAME_STATE;
+    }
+    if (s->status == NAME_STATE) {
+        if (s->gzhead->name != Z_NULL) {
+            uInt beg = s->pending;  /* start of bytes to update crc */
+            int val;
+
+            do {
+                if (s->pending == s->pending_buf_size) {
+                    if (s->gzhead->hcrc && s->pending > beg)
+                        strm->adler = crc32(strm->adler, s->pending_buf + beg,
+                                            s->pending - beg);
+                    flush_pending(strm);
+                    beg = s->pending;
+                    if (s->pending == s->pending_buf_size) {
+                        val = 1;
+                        break;
+                    }
+                }
+                val = s->gzhead->name[s->gzindex++];
+                put_byte(s, val);
+            } while (val != 0);
+            if (s->gzhead->hcrc && s->pending > beg)
+                strm->adler = crc32(strm->adler, s->pending_buf + beg,
+                                    s->pending - beg);
+            if (val == 0) {
+                s->gzindex = 0;
+                s->status = COMMENT_STATE;
+            }
+        }
+        else
+            s->status = COMMENT_STATE;
+    }
+    if (s->status == COMMENT_STATE) {
+        if (s->gzhead->comment != Z_NULL) {
+            uInt beg = s->pending;  /* start of bytes to update crc */
+            int val;
+
+            do {
+                if (s->pending == s->pending_buf_size) {
+                    if (s->gzhead->hcrc && s->pending > beg)
+                        strm->adler = crc32(strm->adler, s->pending_buf + beg,
+                                            s->pending - beg);
+                    flush_pending(strm);
+                    beg = s->pending;
+                    if (s->pending == s->pending_buf_size) {
+                        val = 1;
+                        break;
+                    }
+                }
+                val = s->gzhead->comment[s->gzindex++];
+                put_byte(s, val);
+            } while (val != 0);
+            if (s->gzhead->hcrc && s->pending > beg)
+                strm->adler = crc32(strm->adler, s->pending_buf + beg,
+                                    s->pending - beg);
+            if (val == 0)
+                s->status = HCRC_STATE;
+        }
+        else
+            s->status = HCRC_STATE;
+    }
+    if (s->status == HCRC_STATE) {
+        if (s->gzhead->hcrc) {
+            if (s->pending + 2 > s->pending_buf_size)
+                flush_pending(strm);
+            if (s->pending + 2 <= s->pending_buf_size) {
+                put_byte(s, (Byte)(strm->adler & 0xff));
+                put_byte(s, (Byte)((strm->adler >> 8) & 0xff));
+                strm->adler = crc32(0L, Z_NULL, 0);
+                s->status = BUSY_STATE;
+            }
+        }
+        else
+            s->status = BUSY_STATE;
+    }
+#endif
+
+    /* Flush as much pending output as possible */
+    if (s->pending != 0) {
+        flush_pending(strm);
+        if (strm->avail_out == 0) {
+            /* Since avail_out is 0, deflate will be called again with
+             * more output space, but possibly with both pending and
+             * avail_in equal to zero. There won't be anything to do,
+             * but this is not an error situation so make sure we
+             * return OK instead of BUF_ERROR at next call of deflate:
+             */
+            s->last_flush = -1;
+            return Z_OK;
+        }
+
+    /* Make sure there is something to do and avoid duplicate consecutive
+     * flushes. For repeated and useless calls with Z_FINISH, we keep
+     * returning Z_STREAM_END instead of Z_BUF_ERROR.
+     */
+    } else if (strm->avail_in == 0 && flush <= old_flush &&
+               flush != Z_FINISH) {
+        ERR_RETURN(strm, Z_BUF_ERROR);
+    }
+
+    /* User must not provide more input after the first FINISH: */
+    if (s->status == FINISH_STATE && strm->avail_in != 0) {
+        ERR_RETURN(strm, Z_BUF_ERROR);
+    }
+
+    /* Start a new block or continue the current one.
+     */
+    if (strm->avail_in != 0 || s->lookahead != 0 ||
+        (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
+        block_state bstate;
+
+        bstate = s->strategy == Z_HUFFMAN_ONLY ? deflate_huff(s, flush) :
+                    (s->strategy == Z_RLE ? deflate_rle(s, flush) :
+                        (*(configuration_table[s->level].func))(s, flush));
+
+        if (bstate == finish_started || bstate == finish_done) {
+            s->status = FINISH_STATE;
+        }
+        if (bstate == need_more || bstate == finish_started) {
+            if (strm->avail_out == 0) {
+                s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
+            }
+            return Z_OK;
+            /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
+             * of deflate should use the same flush parameter to make sure
+             * that the flush is complete. So we don't have to output an
+             * empty block here, this will be done at next call. This also
+             * ensures that for a very small output buffer, we emit at most
+             * one empty block.
+             */
+        }
+        if (bstate == block_done) {
+            if (flush == Z_PARTIAL_FLUSH) {
+                _tr_align(s);
+            } else if (flush != Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */
+                _tr_stored_block(s, (char*)0, 0L, 0);
+                /* For a full flush, this empty block will be recognized
+                 * as a special marker by inflate_sync().
+                 */
+                if (flush == Z_FULL_FLUSH) {
+                    CLEAR_HASH(s);             /* forget history */
+                    if (s->lookahead == 0) {
+                        s->strstart = 0;
+                        s->block_start = 0L;
+                    }
+                }
+            }
+            flush_pending(strm);
+            if (strm->avail_out == 0) {
+              s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
+              return Z_OK;
+            }
+        }
+    }
+    Assert(strm->avail_out > 0, "bug2");
+
+    if (flush != Z_FINISH) return Z_OK;
+    if (s->wrap <= 0) return Z_STREAM_END;
+
+    /* Write the trailer */
+#ifdef GZIP
+    if (s->wrap == 2) {
+        put_byte(s, (Byte)(strm->adler & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 8) & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 16) & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 24) & 0xff));
+        put_byte(s, (Byte)(strm->total_in & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 8) & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 16) & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 24) & 0xff));
+    }
+    else
+#endif
+    {
+        putShortMSB(s, (uInt)(strm->adler >> 16));
+        putShortMSB(s, (uInt)(strm->adler & 0xffff));
+    }
+    flush_pending(strm);
+    /* If avail_out is zero, the application will call deflate again
+     * to flush the rest.
+     */
+    if (s->wrap > 0) s->wrap = -s->wrap; /* write the trailer only once! */
+    return s->pending != 0 ? Z_OK : Z_STREAM_END;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateEnd (strm)
+    z_streamp strm;
+{
+    int status;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+
+    status = strm->state->status;
+    if (status != INIT_STATE &&
+        status != EXTRA_STATE &&
+        status != NAME_STATE &&
+        status != COMMENT_STATE &&
+        status != HCRC_STATE &&
+        status != BUSY_STATE &&
+        status != FINISH_STATE) {
+      return Z_STREAM_ERROR;
+    }
+
+    /* Deallocate in reverse order of allocations: */
+    TRY_FREE(strm, strm->state->pending_buf);
+    TRY_FREE(strm, strm->state->head);
+    TRY_FREE(strm, strm->state->prev);
+    TRY_FREE(strm, strm->state->window);
+
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+
+    return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
+}
+
+/* =========================================================================
+ * Copy the source state to the destination state.
+ * To simplify the source, this is not supported for 16-bit MSDOS (which
+ * doesn't have enough memory anyway to duplicate compression states).
+ */
+int ZEXPORT deflateCopy (dest, source)
+    z_streamp dest;
+    z_streamp source;
+{
+#ifdef MAXSEG_64K
+    return Z_STREAM_ERROR;
+#else
+    deflate_state *ds;
+    deflate_state *ss;
+    ushf *overlay;
+
+
+    if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
+        return Z_STREAM_ERROR;
+    }
+
+    ss = source->state;
+
+    zmemcpy(dest, source, sizeof(z_stream));
+
+    ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state));
+    if (ds == Z_NULL) return Z_MEM_ERROR;
+    dest->state = (struct internal_state FAR *) ds;
+    zmemcpy(ds, ss, sizeof(deflate_state));
+    ds->strm = dest;
+
+    ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
+    ds->prev   = (Posf *)  ZALLOC(dest, ds->w_size, sizeof(Pos));
+    ds->head   = (Posf *)  ZALLOC(dest, ds->hash_size, sizeof(Pos));
+    overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
+    ds->pending_buf = (uchf *) overlay;
+
+    if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
+        ds->pending_buf == Z_NULL) {
+        deflateEnd (dest);
+        return Z_MEM_ERROR;
+    }
+    /* following zmemcpy do not work for 16-bit MSDOS */
+    zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
+    zmemcpy(ds->prev, ss->prev, ds->w_size * sizeof(Pos));
+    zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos));
+    zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
+
+    ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
+    ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
+    ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
+
+    ds->l_desc.dyn_tree = ds->dyn_ltree;
+    ds->d_desc.dyn_tree = ds->dyn_dtree;
+    ds->bl_desc.dyn_tree = ds->bl_tree;
+
+    return Z_OK;
+#endif /* MAXSEG_64K */
+}
+
+/* ===========================================================================
+ * Read a new buffer from the current input stream, update the adler32
+ * and total number of bytes read.  All deflate() input goes through
+ * this function so some applications may wish to modify it to avoid
+ * allocating a large strm->next_in buffer and copying from it.
+ * (See also flush_pending()).
+ */
+local int read_buf(strm, buf, size)
+    z_streamp strm;
+    Bytef *buf;
+    unsigned size;
+{
+    unsigned len = strm->avail_in;
+
+    if (len > size) len = size;
+    if (len == 0) return 0;
+
+    strm->avail_in  -= len;
+
+    if (strm->state->wrap == 1) {
+        strm->adler = adler32(strm->adler, strm->next_in, len);
+    }
+#ifdef GZIP
+    else if (strm->state->wrap == 2) {
+        strm->adler = crc32(strm->adler, strm->next_in, len);
+    }
+#endif
+    zmemcpy(buf, strm->next_in, len);
+    strm->next_in  += len;
+    strm->total_in += len;
+
+    return (int)len;
+}
+
+/* ===========================================================================
+ * Initialize the "longest match" routines for a new zlib stream
+ */
+local void lm_init (s)
+    deflate_state *s;
+{
+    s->window_size = (ulg)2L*s->w_size;
+
+    CLEAR_HASH(s);
+
+    /* Set the default configuration parameters:
+     */
+    s->max_lazy_match   = configuration_table[s->level].max_lazy;
+    s->good_match       = configuration_table[s->level].good_length;
+    s->nice_match       = configuration_table[s->level].nice_length;
+    s->max_chain_length = configuration_table[s->level].max_chain;
+
+    s->strstart = 0;
+    s->block_start = 0L;
+    s->lookahead = 0;
+    s->match_length = s->prev_length = MIN_MATCH-1;
+    s->match_available = 0;
+    s->ins_h = 0;
+#ifndef FASTEST
+#ifdef ASMV
+    match_init(); /* initialize the asm code */
+#endif
+#endif
+}
+
+#ifndef FASTEST
+/* ===========================================================================
+ * Set match_start to the longest match starting at the given string and
+ * return its length. Matches shorter or equal to prev_length are discarded,
+ * in which case the result is equal to prev_length and match_start is
+ * garbage.
+ * IN assertions: cur_match is the head of the hash chain for the current
+ *   string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
+ * OUT assertion: the match length is not greater than s->lookahead.
+ */
+#ifndef ASMV
+/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
+ * match.S. The code will be functionally equivalent.
+ */
+local uInt longest_match(s, cur_match)
+    deflate_state *s;
+    IPos cur_match;                             /* current match */
+{
+    unsigned chain_length = s->max_chain_length;/* max hash chain length */
+    register Bytef *scan = s->window + s->strstart; /* current string */
+    register Bytef *match;                       /* matched string */
+    register int len;                           /* length of current match */
+    int best_len = s->prev_length;              /* best match length so far */
+    int nice_match = s->nice_match;             /* stop if match long enough */
+    IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
+        s->strstart - (IPos)MAX_DIST(s) : NIL;
+    /* Stop when cur_match becomes <= limit. To simplify the code,
+     * we prevent matches with the string of window index 0.
+     */
+    Posf *prev = s->prev;
+    uInt wmask = s->w_mask;
+
+#ifdef UNALIGNED_OK
+    /* Compare two bytes at a time. Note: this is not always beneficial.
+     * Try with and without -DUNALIGNED_OK to check.
+     */
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
+    register ush scan_start = *(ushf*)scan;
+    register ush scan_end   = *(ushf*)(scan+best_len-1);
+#else
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH;
+    register Byte scan_end1  = scan[best_len-1];
+    register Byte scan_end   = scan[best_len];
+#endif
+
+    /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
+     * It is easy to get rid of this optimization if necessary.
+     */
+    Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
+
+    /* Do not waste too much time if we already have a good match: */
+    if (s->prev_length >= s->good_match) {
+        chain_length >>= 2;
+    }
+    /* Do not look for matches beyond the end of the input. This is necessary
+     * to make deflate deterministic.
+     */
+    if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead;
+
+    Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
+
+    do {
+        Assert(cur_match < s->strstart, "no future");
+        match = s->window + cur_match;
+
+        /* Skip to next match if the match length cannot increase
+         * or if the match length is less than 2.  Note that the checks below
+         * for insufficient lookahead only occur occasionally for performance
+         * reasons.  Therefore uninitialized memory will be accessed, and
+         * conditional jumps will be made that depend on those values.
+         * However the length of the match is limited to the lookahead, so
+         * the output of deflate is not affected by the uninitialized values.
+         */
+#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
+        /* This code assumes sizeof(unsigned short) == 2. Do not use
+         * UNALIGNED_OK if your compiler uses a different size.
+         */
+        if (*(ushf*)(match+best_len-1) != scan_end ||
+            *(ushf*)match != scan_start) continue;
+
+        /* It is not necessary to compare scan[2] and match[2] since they are
+         * always equal when the other bytes match, given that the hash keys
+         * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
+         * strstart+3, +5, ... up to strstart+257. We check for insufficient
+         * lookahead only every 4th comparison; the 128th check will be made
+         * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
+         * necessary to put more guard bytes at the end of the window, or
+         * to check more often for insufficient lookahead.
+         */
+        Assert(scan[2] == match[2], "scan[2]?");
+        scan++, match++;
+        do {
+        } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
+                 *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
+                 *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
+                 *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
+                 scan < strend);
+        /* The funny "do {}" generates better code on most compilers */
+
+        /* Here, scan <= window+strstart+257 */
+        Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
+        if (*scan == *match) scan++;
+
+        len = (MAX_MATCH - 1) - (int)(strend-scan);
+        scan = strend - (MAX_MATCH-1);
+
+#else /* UNALIGNED_OK */
+
+        if (match[best_len]   != scan_end  ||
+            match[best_len-1] != scan_end1 ||
+            *match            != *scan     ||
+            *++match          != scan[1])      continue;
+
+        /* The check at best_len-1 can be removed because it will be made
+         * again later. (This heuristic is not always a win.)
+         * It is not necessary to compare scan[2] and match[2] since they
+         * are always equal when the other bytes match, given that
+         * the hash keys are equal and that HASH_BITS >= 8.
+         */
+        scan += 2, match++;
+        Assert(*scan == *match, "match[2]?");
+
+        /* We check for insufficient lookahead only every 8th comparison;
+         * the 256th check will be made at strstart+258.
+         */
+        do {
+        } while (*++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 scan < strend);
+
+        Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
+
+        len = MAX_MATCH - (int)(strend - scan);
+        scan = strend - MAX_MATCH;
+
+#endif /* UNALIGNED_OK */
+
+        if (len > best_len) {
+            s->match_start = cur_match;
+            best_len = len;
+            if (len >= nice_match) break;
+#ifdef UNALIGNED_OK
+            scan_end = *(ushf*)(scan+best_len-1);
+#else
+            scan_end1  = scan[best_len-1];
+            scan_end   = scan[best_len];
+#endif
+        }
+    } while ((cur_match = prev[cur_match & wmask]) > limit
+             && --chain_length != 0);
+
+    if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
+    return s->lookahead;
+}
+#endif /* ASMV */
+
+#else /* FASTEST */
+
+/* ---------------------------------------------------------------------------
+ * Optimized version for FASTEST only
+ */
+local uInt longest_match(s, cur_match)
+    deflate_state *s;
+    IPos cur_match;                             /* current match */
+{
+    register Bytef *scan = s->window + s->strstart; /* current string */
+    register Bytef *match;                       /* matched string */
+    register int len;                           /* length of current match */
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH;
+
+    /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
+     * It is easy to get rid of this optimization if necessary.
+     */
+    Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
+
+    Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
+
+    Assert(cur_match < s->strstart, "no future");
+
+    match = s->window + cur_match;
+
+    /* Return failure if the match length is less than 2:
+     */
+    if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1;
+
+    /* The check at best_len-1 can be removed because it will be made
+     * again later. (This heuristic is not always a win.)
+     * It is not necessary to compare scan[2] and match[2] since they
+     * are always equal when the other bytes match, given that
+     * the hash keys are equal and that HASH_BITS >= 8.
+     */
+    scan += 2, match += 2;
+    Assert(*scan == *match, "match[2]?");
+
+    /* We check for insufficient lookahead only every 8th comparison;
+     * the 256th check will be made at strstart+258.
+     */
+    do {
+    } while (*++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             scan < strend);
+
+    Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
+
+    len = MAX_MATCH - (int)(strend - scan);
+
+    if (len < MIN_MATCH) return MIN_MATCH - 1;
+
+    s->match_start = cur_match;
+    return (uInt)len <= s->lookahead ? (uInt)len : s->lookahead;
+}
+
+#endif /* FASTEST */
+
+#ifdef DEBUG
+/* ===========================================================================
+ * Check that the match at match_start is indeed a match.
+ */
+local void check_match(s, start, match, length)
+    deflate_state *s;
+    IPos start, match;
+    int length;
+{
+    /* check that the match is indeed a match */
+    if (zmemcmp(s->window + match,
+                s->window + start, length) != EQUAL) {
+        fprintf(stderr, " start %u, match %u, length %d\n",
+                start, match, length);
+        do {
+            fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
+        } while (--length != 0);
+        z_error("invalid match");
+    }
+    if (z_verbose > 1) {
+        fprintf(stderr,"\\[%d,%d]", start-match, length);
+        do { putc(s->window[start++], stderr); } while (--length != 0);
+    }
+}
+#else
+#  define check_match(s, start, match, length)
+#endif /* DEBUG */
+
+/* ===========================================================================
+ * Fill the window when the lookahead becomes insufficient.
+ * Updates strstart and lookahead.
+ *
+ * IN assertion: lookahead < MIN_LOOKAHEAD
+ * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
+ *    At least one byte has been read, or avail_in == 0; reads are
+ *    performed for at least two bytes (required for the zip translate_eol
+ *    option -- not supported here).
+ */
+local void fill_window(s)
+    deflate_state *s;
+{
+    register unsigned n, m;
+    register Posf *p;
+    unsigned more;    /* Amount of free space at the end of the window. */
+    uInt wsize = s->w_size;
+
+    do {
+        more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
+
+        /* Deal with !@#$% 64K limit: */
+        if (sizeof(int) <= 2) {
+            if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
+                more = wsize;
+
+            } else if (more == (unsigned)(-1)) {
+                /* Very unlikely, but possible on 16 bit machine if
+                 * strstart == 0 && lookahead == 1 (input done a byte at time)
+                 */
+                more--;
+            }
+        }
+
+        /* If the window is almost full and there is insufficient lookahead,
+         * move the upper half to the lower one to make room in the upper half.
+         */
+        if (s->strstart >= wsize+MAX_DIST(s)) {
+
+            zmemcpy(s->window, s->window+wsize, (unsigned)wsize);
+            s->match_start -= wsize;
+            s->strstart    -= wsize; /* we now have strstart >= MAX_DIST */
+            s->block_start -= (long) wsize;
+
+            /* Slide the hash table (could be avoided with 32 bit values
+               at the expense of memory usage). We slide even when level == 0
+               to keep the hash table consistent if we switch back to level > 0
+               later. (Using level 0 permanently is not an optimal usage of
+               zlib, so we don't care about this pathological case.)
+             */
+            n = s->hash_size;
+            p = &s->head[n];
+            do {
+                m = *--p;
+                *p = (Pos)(m >= wsize ? m-wsize : NIL);
+            } while (--n);
+
+            n = wsize;
+#ifndef FASTEST
+            p = &s->prev[n];
+            do {
+                m = *--p;
+                *p = (Pos)(m >= wsize ? m-wsize : NIL);
+                /* If n is not on any hash chain, prev[n] is garbage but
+                 * its value will never be used.
+                 */
+            } while (--n);
+#endif
+            more += wsize;
+        }
+        if (s->strm->avail_in == 0) return;
+
+        /* If there was no sliding:
+         *    strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
+         *    more == window_size - lookahead - strstart
+         * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
+         * => more >= window_size - 2*WSIZE + 2
+         * In the BIG_MEM or MMAP case (not yet supported),
+         *   window_size == input_size + MIN_LOOKAHEAD  &&
+         *   strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
+         * Otherwise, window_size == 2*WSIZE so more >= 2.
+         * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
+         */
+        Assert(more >= 2, "more < 2");
+
+        n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
+        s->lookahead += n;
+
+        /* Initialize the hash value now that we have some input: */
+        if (s->lookahead >= MIN_MATCH) {
+            s->ins_h = s->window[s->strstart];
+            UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
+#if MIN_MATCH != 3
+            Call UPDATE_HASH() MIN_MATCH-3 more times
+#endif
+        }
+        /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
+         * but this is not important since only literal bytes will be emitted.
+         */
+
+    } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
+
+    /* If the WIN_INIT bytes after the end of the current data have never been
+     * written, then zero those bytes in order to avoid memory check reports of
+     * the use of uninitialized (or uninitialised as Julian writes) bytes by
+     * the longest match routines.  Update the high water mark for the next
+     * time through here.  WIN_INIT is set to MAX_MATCH since the longest match
+     * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.
+     */
+    if (s->high_water < s->window_size) {
+        ulg curr = s->strstart + (ulg)(s->lookahead);
+        ulg init;
+
+        if (s->high_water < curr) {
+            /* Previous high water mark below current data -- zero WIN_INIT
+             * bytes or up to end of window, whichever is less.
+             */
+            init = s->window_size - curr;
+            if (init > WIN_INIT)
+                init = WIN_INIT;
+            zmemzero(s->window + curr, (unsigned)init);
+            s->high_water = curr + init;
+        }
+        else if (s->high_water < (ulg)curr + WIN_INIT) {
+            /* High water mark at or above current data, but below current data
+             * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up
+             * to end of window, whichever is less.
+             */
+            init = (ulg)curr + WIN_INIT - s->high_water;
+            if (init > s->window_size - s->high_water)
+                init = s->window_size - s->high_water;
+            zmemzero(s->window + s->high_water, (unsigned)init);
+            s->high_water += init;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Flush the current block, with given end-of-file flag.
+ * IN assertion: strstart is set to the end of the current match.
+ */
+#define FLUSH_BLOCK_ONLY(s, last) { \
+   _tr_flush_block(s, (s->block_start >= 0L ? \
+                   (charf *)&s->window[(unsigned)s->block_start] : \
+                   (charf *)Z_NULL), \
+                (ulg)((long)s->strstart - s->block_start), \
+                (last)); \
+   s->block_start = s->strstart; \
+   flush_pending(s->strm); \
+   Tracev((stderr,"[FLUSH]")); \
+}
+
+/* Same but force premature exit if necessary. */
+#define FLUSH_BLOCK(s, last) { \
+   FLUSH_BLOCK_ONLY(s, last); \
+   if (s->strm->avail_out == 0) return (last) ? finish_started : need_more; \
+}
+
+/* ===========================================================================
+ * Copy without compression as much as possible from the input stream, return
+ * the current block state.
+ * This function does not insert new strings in the dictionary since
+ * uncompressible data is probably not useful. This function is used
+ * only for the level=0 compression option.
+ * NOTE: this function should be optimized to avoid extra copying from
+ * window to pending_buf.
+ */
+local block_state deflate_stored(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    /* Stored blocks are limited to 0xffff bytes, pending_buf is limited
+     * to pending_buf_size, and each stored block has a 5 byte header:
+     */
+    ulg max_block_size = 0xffff;
+    ulg max_start;
+
+    if (max_block_size > s->pending_buf_size - 5) {
+        max_block_size = s->pending_buf_size - 5;
+    }
+
+    /* Copy as much as possible from input to output: */
+    for (;;) {
+        /* Fill the window as much as possible: */
+        if (s->lookahead <= 1) {
+
+            Assert(s->strstart < s->w_size+MAX_DIST(s) ||
+                   s->block_start >= (long)s->w_size, "slide too late");
+
+            fill_window(s);
+            if (s->lookahead == 0 && flush == Z_NO_FLUSH) return need_more;
+
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+        Assert(s->block_start >= 0L, "block gone");
+
+        s->strstart += s->lookahead;
+        s->lookahead = 0;
+
+        /* Emit a stored block if pending_buf will be full: */
+        max_start = s->block_start + max_block_size;
+        if (s->strstart == 0 || (ulg)s->strstart >= max_start) {
+            /* strstart == 0 is possible when wraparound on 16-bit machine */
+            s->lookahead = (uInt)(s->strstart - max_start);
+            s->strstart = (uInt)max_start;
+            FLUSH_BLOCK(s, 0);
+        }
+        /* Flush if we may have to slide, otherwise block_start may become
+         * negative and the data will be gone:
+         */
+        if (s->strstart - (uInt)s->block_start >= MAX_DIST(s)) {
+            FLUSH_BLOCK(s, 0);
+        }
+    }
+    FLUSH_BLOCK(s, flush == Z_FINISH);
+    return flush == Z_FINISH ? finish_done : block_done;
+}
+
+/* ===========================================================================
+ * Compress as much as possible from the input stream, return the current
+ * block state.
+ * This function does not perform lazy evaluation of matches and inserts
+ * new strings in the dictionary only for unmatched strings or for short
+ * matches. It is used only for the fast compression options.
+ */
+local block_state deflate_fast(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    IPos hash_head;       /* head of the hash chain */
+    int bflush;           /* set if current block must be flushed */
+
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the next match, plus MIN_MATCH bytes to insert the
+         * string following the next match.
+         */
+        if (s->lookahead < MIN_LOOKAHEAD) {
+            fill_window(s);
+            if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* Insert the string window[strstart .. strstart+2] in the
+         * dictionary, and set hash_head to the head of the hash chain:
+         */
+        hash_head = NIL;
+        if (s->lookahead >= MIN_MATCH) {
+            INSERT_STRING(s, s->strstart, hash_head);
+        }
+
+        /* Find the longest match, discarding those <= prev_length.
+         * At this point we have always match_length < MIN_MATCH
+         */
+        if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
+            /* To simplify the code, we prevent matches with the string
+             * of window index 0 (in particular we have to avoid a match
+             * of the string with itself at the start of the input file).
+             */
+            s->match_length = longest_match (s, hash_head);
+            /* longest_match() sets match_start */
+        }
+        if (s->match_length >= MIN_MATCH) {
+            check_match(s, s->strstart, s->match_start, s->match_length);
+
+            _tr_tally_dist(s, s->strstart - s->match_start,
+                           s->match_length - MIN_MATCH, bflush);
+
+            s->lookahead -= s->match_length;
+
+            /* Insert new strings in the hash table only if the match length
+             * is not too large. This saves time but degrades compression.
+             */
+#ifndef FASTEST
+            if (s->match_length <= s->max_insert_length &&
+                s->lookahead >= MIN_MATCH) {
+                s->match_length--; /* string at strstart already in table */
+                do {
+                    s->strstart++;
+                    INSERT_STRING(s, s->strstart, hash_head);
+                    /* strstart never exceeds WSIZE-MAX_MATCH, so there are
+                     * always MIN_MATCH bytes ahead.
+                     */
+                } while (--s->match_length != 0);
+                s->strstart++;
+            } else
+#endif
+            {
+                s->strstart += s->match_length;
+                s->match_length = 0;
+                s->ins_h = s->window[s->strstart];
+                UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
+#if MIN_MATCH != 3
+                Call UPDATE_HASH() MIN_MATCH-3 more times
+#endif
+                /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
+                 * matter since it will be recomputed at next deflate call.
+                 */
+            }
+        } else {
+            /* No match, output a literal byte */
+            Tracevv((stderr,"%c", s->window[s->strstart]));
+            _tr_tally_lit (s, s->window[s->strstart], bflush);
+            s->lookahead--;
+            s->strstart++;
+        }
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    FLUSH_BLOCK(s, flush == Z_FINISH);
+    return flush == Z_FINISH ? finish_done : block_done;
+}
+
+#ifndef FASTEST
+/* ===========================================================================
+ * Same as above, but achieves better compression. We use a lazy
+ * evaluation for matches: a match is finally adopted only if there is
+ * no better match at the next window position.
+ */
+local block_state deflate_slow(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    IPos hash_head;          /* head of hash chain */
+    int bflush;              /* set if current block must be flushed */
+
+    /* Process the input block. */
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the next match, plus MIN_MATCH bytes to insert the
+         * string following the next match.
+         */
+        if (s->lookahead < MIN_LOOKAHEAD) {
+            fill_window(s);
+            if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* Insert the string window[strstart .. strstart+2] in the
+         * dictionary, and set hash_head to the head of the hash chain:
+         */
+        hash_head = NIL;
+        if (s->lookahead >= MIN_MATCH) {
+            INSERT_STRING(s, s->strstart, hash_head);
+        }
+
+        /* Find the longest match, discarding those <= prev_length.
+         */
+        s->prev_length = s->match_length, s->prev_match = s->match_start;
+        s->match_length = MIN_MATCH-1;
+
+        if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
+            s->strstart - hash_head <= MAX_DIST(s)) {
+            /* To simplify the code, we prevent matches with the string
+             * of window index 0 (in particular we have to avoid a match
+             * of the string with itself at the start of the input file).
+             */
+            s->match_length = longest_match (s, hash_head);
+            /* longest_match() sets match_start */
+
+            if (s->match_length <= 5 && (s->strategy == Z_FILTERED
+#if TOO_FAR <= 32767
+                || (s->match_length == MIN_MATCH &&
+                    s->strstart - s->match_start > TOO_FAR)
+#endif
+                )) {
+
+                /* If prev_match is also MIN_MATCH, match_start is garbage
+                 * but we will ignore the current match anyway.
+                 */
+                s->match_length = MIN_MATCH-1;
+            }
+        }
+        /* If there was a match at the previous step and the current
+         * match is not better, output the previous match:
+         */
+        if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
+            uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
+            /* Do not insert strings in hash table beyond this. */
+
+            check_match(s, s->strstart-1, s->prev_match, s->prev_length);
+
+            _tr_tally_dist(s, s->strstart -1 - s->prev_match,
+                           s->prev_length - MIN_MATCH, bflush);
+
+            /* Insert in hash table all strings up to the end of the match.
+             * strstart-1 and strstart are already inserted. If there is not
+             * enough lookahead, the last two strings are not inserted in
+             * the hash table.
+             */
+            s->lookahead -= s->prev_length-1;
+            s->prev_length -= 2;
+            do {
+                if (++s->strstart <= max_insert) {
+                    INSERT_STRING(s, s->strstart, hash_head);
+                }
+            } while (--s->prev_length != 0);
+            s->match_available = 0;
+            s->match_length = MIN_MATCH-1;
+            s->strstart++;
+
+            if (bflush) FLUSH_BLOCK(s, 0);
+
+        } else if (s->match_available) {
+            /* If there was no match at the previous position, output a
+             * single literal. If there was a match but the current match
+             * is longer, truncate the previous match to a single literal.
+             */
+            Tracevv((stderr,"%c", s->window[s->strstart-1]));
+            _tr_tally_lit(s, s->window[s->strstart-1], bflush);
+            if (bflush) {
+                FLUSH_BLOCK_ONLY(s, 0);
+            }
+            s->strstart++;
+            s->lookahead--;
+            if (s->strm->avail_out == 0) return need_more;
+        } else {
+            /* There is no previous match to compare with, wait for
+             * the next step to decide.
+             */
+            s->match_available = 1;
+            s->strstart++;
+            s->lookahead--;
+        }
+    }
+    Assert (flush != Z_NO_FLUSH, "no flush?");
+    if (s->match_available) {
+        Tracevv((stderr,"%c", s->window[s->strstart-1]));
+        _tr_tally_lit(s, s->window[s->strstart-1], bflush);
+        s->match_available = 0;
+    }
+    FLUSH_BLOCK(s, flush == Z_FINISH);
+    return flush == Z_FINISH ? finish_done : block_done;
+}
+#endif /* FASTEST */
+
+/* ===========================================================================
+ * For Z_RLE, simply look for runs of bytes, generate matches only of distance
+ * one.  Do not maintain a hash table.  (It will be regenerated if this run of
+ * deflate switches away from Z_RLE.)
+ */
+local block_state deflate_rle(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    int bflush;             /* set if current block must be flushed */
+    uInt prev;              /* byte at distance one to match */
+    Bytef *scan, *strend;   /* scan goes up to strend for length of run */
+
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the longest encodable run.
+         */
+        if (s->lookahead < MAX_MATCH) {
+            fill_window(s);
+            if (s->lookahead < MAX_MATCH && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* See how many times the previous byte repeats */
+        s->match_length = 0;
+        if (s->lookahead >= MIN_MATCH && s->strstart > 0) {
+            scan = s->window + s->strstart - 1;
+            prev = *scan;
+            if (prev == *++scan && prev == *++scan && prev == *++scan) {
+                strend = s->window + s->strstart + MAX_MATCH;
+                do {
+                } while (prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         scan < strend);
+                s->match_length = MAX_MATCH - (int)(strend - scan);
+                if (s->match_length > s->lookahead)
+                    s->match_length = s->lookahead;
+            }
+        }
+
+        /* Emit match if have run of MIN_MATCH or longer, else emit literal */
+        if (s->match_length >= MIN_MATCH) {
+            check_match(s, s->strstart, s->strstart - 1, s->match_length);
+
+            _tr_tally_dist(s, 1, s->match_length - MIN_MATCH, bflush);
+
+            s->lookahead -= s->match_length;
+            s->strstart += s->match_length;
+            s->match_length = 0;
+        } else {
+            /* No match, output a literal byte */
+            Tracevv((stderr,"%c", s->window[s->strstart]));
+            _tr_tally_lit (s, s->window[s->strstart], bflush);
+            s->lookahead--;
+            s->strstart++;
+        }
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    FLUSH_BLOCK(s, flush == Z_FINISH);
+    return flush == Z_FINISH ? finish_done : block_done;
+}
+
+/* ===========================================================================
+ * For Z_HUFFMAN_ONLY, do not look for matches.  Do not maintain a hash table.
+ * (It will be regenerated if this run of deflate switches away from Huffman.)
+ */
+local block_state deflate_huff(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    int bflush;             /* set if current block must be flushed */
+
+    for (;;) {
+        /* Make sure that we have a literal to write. */
+        if (s->lookahead == 0) {
+            fill_window(s);
+            if (s->lookahead == 0) {
+                if (flush == Z_NO_FLUSH)
+                    return need_more;
+                break;      /* flush the current block */
+            }
+        }
+
+        /* Output a literal byte */
+        s->match_length = 0;
+        Tracevv((stderr,"%c", s->window[s->strstart]));
+        _tr_tally_lit (s, s->window[s->strstart], bflush);
+        s->lookahead--;
+        s->strstart++;
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    FLUSH_BLOCK(s, flush == Z_FINISH);
+    return flush == Z_FINISH ? finish_done : block_done;
+}
diff --git a/nss/lib/zlib/deflate.h b/nss/lib/zlib/deflate.h
new file mode 100644
index 0000000..cbf0d1e
--- /dev/null
+++ b/nss/lib/zlib/deflate.h
@@ -0,0 +1,342 @@
+/* deflate.h -- internal compression state
+ * Copyright (C) 1995-2010 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* @(#) $Id$ */
+
+#ifndef DEFLATE_H
+#define DEFLATE_H
+
+#include "zutil.h"
+
+/* define NO_GZIP when compiling if you want to disable gzip header and
+   trailer creation by deflate().  NO_GZIP would be used to avoid linking in
+   the crc code when it is not needed.  For shared libraries, gzip encoding
+   should be left enabled. */
+#ifndef NO_GZIP
+#  define GZIP
+#endif
+
+/* ===========================================================================
+ * Internal compression state.
+ */
+
+#define LENGTH_CODES 29
+/* number of length codes, not counting the special END_BLOCK code */
+
+#define LITERALS  256
+/* number of literal bytes 0..255 */
+
+#define L_CODES (LITERALS+1+LENGTH_CODES)
+/* number of Literal or Length codes, including the END_BLOCK code */
+
+#define D_CODES   30
+/* number of distance codes */
+
+#define BL_CODES  19
+/* number of codes used to transfer the bit lengths */
+
+#define HEAP_SIZE (2*L_CODES+1)
+/* maximum heap size */
+
+#define MAX_BITS 15
+/* All codes must not exceed MAX_BITS bits */
+
+#define INIT_STATE    42
+#define EXTRA_STATE   69
+#define NAME_STATE    73
+#define COMMENT_STATE 91
+#define HCRC_STATE   103
+#define BUSY_STATE   113
+#define FINISH_STATE 666
+/* Stream status */
+
+
+/* Data structure describing a single value and its code string. */
+typedef struct ct_data_s {
+    union {
+        ush  freq;       /* frequency count */
+        ush  code;       /* bit string */
+    } fc;
+    union {
+        ush  dad;        /* father node in Huffman tree */
+        ush  len;        /* length of bit string */
+    } dl;
+} FAR ct_data;
+
+#define Freq fc.freq
+#define Code fc.code
+#define Dad  dl.dad
+#define Len  dl.len
+
+typedef struct static_tree_desc_s  static_tree_desc;
+
+typedef struct tree_desc_s {
+    ct_data *dyn_tree;           /* the dynamic tree */
+    int     max_code;            /* largest code with non zero frequency */
+    static_tree_desc *stat_desc; /* the corresponding static tree */
+} FAR tree_desc;
+
+typedef ush Pos;
+typedef Pos FAR Posf;
+typedef unsigned IPos;
+
+/* A Pos is an index in the character window. We use short instead of int to
+ * save space in the various tables. IPos is used only for parameter passing.
+ */
+
+typedef struct internal_state {
+    z_streamp strm;      /* pointer back to this zlib stream */
+    int   status;        /* as the name implies */
+    Bytef *pending_buf;  /* output still pending */
+    ulg   pending_buf_size; /* size of pending_buf */
+    Bytef *pending_out;  /* next pending byte to output to the stream */
+    uInt   pending;      /* nb of bytes in the pending buffer */
+    int   wrap;          /* bit 0 true for zlib, bit 1 true for gzip */
+    gz_headerp  gzhead;  /* gzip header information to write */
+    uInt   gzindex;      /* where in extra, name, or comment */
+    Byte  method;        /* STORED (for zip only) or DEFLATED */
+    int   last_flush;    /* value of flush param for previous deflate call */
+
+                /* used by deflate.c: */
+
+    uInt  w_size;        /* LZ77 window size (32K by default) */
+    uInt  w_bits;        /* log2(w_size)  (8..16) */
+    uInt  w_mask;        /* w_size - 1 */
+
+    Bytef *window;
+    /* Sliding window. Input bytes are read into the second half of the window,
+     * and move to the first half later to keep a dictionary of at least wSize
+     * bytes. With this organization, matches are limited to a distance of
+     * wSize-MAX_MATCH bytes, but this ensures that IO is always
+     * performed with a length multiple of the block size. Also, it limits
+     * the window size to 64K, which is quite useful on MSDOS.
+     * To do: use the user input buffer as sliding window.
+     */
+
+    ulg window_size;
+    /* Actual size of window: 2*wSize, except when the user input buffer
+     * is directly used as sliding window.
+     */
+
+    Posf *prev;
+    /* Link to older string with same hash index. To limit the size of this
+     * array to 64K, this link is maintained only for the last 32K strings.
+     * An index in this array is thus a window index modulo 32K.
+     */
+
+    Posf *head; /* Heads of the hash chains or NIL. */
+
+    uInt  ins_h;          /* hash index of string to be inserted */
+    uInt  hash_size;      /* number of elements in hash table */
+    uInt  hash_bits;      /* log2(hash_size) */
+    uInt  hash_mask;      /* hash_size-1 */
+
+    uInt  hash_shift;
+    /* Number of bits by which ins_h must be shifted at each input
+     * step. It must be such that after MIN_MATCH steps, the oldest
+     * byte no longer takes part in the hash key, that is:
+     *   hash_shift * MIN_MATCH >= hash_bits
+     */
+
+    long block_start;
+    /* Window position at the beginning of the current output block. Gets
+     * negative when the window is moved backwards.
+     */
+
+    uInt match_length;           /* length of best match */
+    IPos prev_match;             /* previous match */
+    int match_available;         /* set if previous match exists */
+    uInt strstart;               /* start of string to insert */
+    uInt match_start;            /* start of matching string */
+    uInt lookahead;              /* number of valid bytes ahead in window */
+
+    uInt prev_length;
+    /* Length of the best match at previous step. Matches not greater than this
+     * are discarded. This is used in the lazy match evaluation.
+     */
+
+    uInt max_chain_length;
+    /* To speed up deflation, hash chains are never searched beyond this
+     * length.  A higher limit improves compression ratio but degrades the
+     * speed.
+     */
+
+    uInt max_lazy_match;
+    /* Attempt to find a better match only when the current match is strictly
+     * smaller than this value. This mechanism is used only for compression
+     * levels >= 4.
+     */
+#   define max_insert_length  max_lazy_match
+    /* Insert new strings in the hash table only if the match length is not
+     * greater than this length. This saves time but degrades compression.
+     * max_insert_length is used only for compression levels <= 3.
+     */
+
+    int level;    /* compression level (1..9) */
+    int strategy; /* favor or force Huffman coding*/
+
+    uInt good_match;
+    /* Use a faster search when the previous match is longer than this */
+
+    int nice_match; /* Stop searching when current match exceeds this */
+
+                /* used by trees.c: */
+    /* Didn't use ct_data typedef below to supress compiler warning */
+    struct ct_data_s dyn_ltree[HEAP_SIZE];   /* literal and length tree */
+    struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
+    struct ct_data_s bl_tree[2*BL_CODES+1];  /* Huffman tree for bit lengths */
+
+    struct tree_desc_s l_desc;               /* desc. for literal tree */
+    struct tree_desc_s d_desc;               /* desc. for distance tree */
+    struct tree_desc_s bl_desc;              /* desc. for bit length tree */
+
+    ush bl_count[MAX_BITS+1];
+    /* number of codes at each bit length for an optimal tree */
+
+    int heap[2*L_CODES+1];      /* heap used to build the Huffman trees */
+    int heap_len;               /* number of elements in the heap */
+    int heap_max;               /* element of largest frequency */
+    /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
+     * The same heap array is used to build all trees.
+     */
+
+    uch depth[2*L_CODES+1];
+    /* Depth of each subtree used as tie breaker for trees of equal frequency
+     */
+
+    uchf *l_buf;          /* buffer for literals or lengths */
+
+    uInt  lit_bufsize;
+    /* Size of match buffer for literals/lengths.  There are 4 reasons for
+     * limiting lit_bufsize to 64K:
+     *   - frequencies can be kept in 16 bit counters
+     *   - if compression is not successful for the first block, all input
+     *     data is still in the window so we can still emit a stored block even
+     *     when input comes from standard input.  (This can also be done for
+     *     all blocks if lit_bufsize is not greater than 32K.)
+     *   - if compression is not successful for a file smaller than 64K, we can
+     *     even emit a stored file instead of a stored block (saving 5 bytes).
+     *     This is applicable only for zip (not gzip or zlib).
+     *   - creating new Huffman trees less frequently may not provide fast
+     *     adaptation to changes in the input data statistics. (Take for
+     *     example a binary file with poorly compressible code followed by
+     *     a highly compressible string table.) Smaller buffer sizes give
+     *     fast adaptation but have of course the overhead of transmitting
+     *     trees more frequently.
+     *   - I can't count above 4
+     */
+
+    uInt last_lit;      /* running index in l_buf */
+
+    ushf *d_buf;
+    /* Buffer for distances. To simplify the code, d_buf and l_buf have
+     * the same number of elements. To use different lengths, an extra flag
+     * array would be necessary.
+     */
+
+    ulg opt_len;        /* bit length of current block with optimal trees */
+    ulg static_len;     /* bit length of current block with static trees */
+    uInt matches;       /* number of string matches in current block */
+    int last_eob_len;   /* bit length of EOB code for last block */
+
+#ifdef DEBUG
+    ulg compressed_len; /* total bit length of compressed file mod 2^32 */
+    ulg bits_sent;      /* bit length of compressed data sent mod 2^32 */
+#endif
+
+    ush bi_buf;
+    /* Output buffer. bits are inserted starting at the bottom (least
+     * significant bits).
+     */
+    int bi_valid;
+    /* Number of valid bits in bi_buf.  All bits above the last valid bit
+     * are always zero.
+     */
+
+    ulg high_water;
+    /* High water mark offset in window for initialized bytes -- bytes above
+     * this are set to zero in order to avoid memory check warnings when
+     * longest match routines access bytes past the input.  This is then
+     * updated to the new high water mark.
+     */
+
+} FAR deflate_state;
+
+/* Output a byte on the stream.
+ * IN assertion: there is enough room in pending_buf.
+ */
+#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
+
+
+#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
+/* Minimum amount of lookahead, except at the end of the input file.
+ * See deflate.c for comments about the MIN_MATCH+1.
+ */
+
+#define MAX_DIST(s)  ((s)->w_size-MIN_LOOKAHEAD)
+/* In order to simplify the code, particularly on 16 bit machines, match
+ * distances are limited to MAX_DIST instead of WSIZE.
+ */
+
+#define WIN_INIT MAX_MATCH
+/* Number of bytes after end of data in window to initialize in order to avoid
+   memory checker errors from longest match routines */
+
+        /* in trees.c */
+void ZLIB_INTERNAL _tr_init OF((deflate_state *s));
+int ZLIB_INTERNAL _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
+void ZLIB_INTERNAL _tr_flush_block OF((deflate_state *s, charf *buf,
+                        ulg stored_len, int last));
+void ZLIB_INTERNAL _tr_align OF((deflate_state *s));
+void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
+                        ulg stored_len, int last));
+
+#define d_code(dist) \
+   ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
+/* Mapping from a distance to a distance code. dist is the distance - 1 and
+ * must not have side effects. _dist_code[256] and _dist_code[257] are never
+ * used.
+ */
+
+#ifndef DEBUG
+/* Inline versions of _tr_tally for speed: */
+
+#if defined(GEN_TREES_H) || !defined(STDC)
+  extern uch ZLIB_INTERNAL _length_code[];
+  extern uch ZLIB_INTERNAL _dist_code[];
+#else
+  extern const uch ZLIB_INTERNAL _length_code[];
+  extern const uch ZLIB_INTERNAL _dist_code[];
+#endif
+
+# define _tr_tally_lit(s, c, flush) \
+  { uch cc = (c); \
+    s->d_buf[s->last_lit] = 0; \
+    s->l_buf[s->last_lit++] = cc; \
+    s->dyn_ltree[cc].Freq++; \
+    flush = (s->last_lit == s->lit_bufsize-1); \
+   }
+# define _tr_tally_dist(s, distance, length, flush) \
+  { uch len = (length); \
+    ush dist = (distance); \
+    s->d_buf[s->last_lit] = dist; \
+    s->l_buf[s->last_lit++] = len; \
+    dist--; \
+    s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+    s->dyn_dtree[d_code(dist)].Freq++; \
+    flush = (s->last_lit == s->lit_bufsize-1); \
+  }
+#else
+# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
+# define _tr_tally_dist(s, distance, length, flush) \
+              flush = _tr_tally(s, distance, length)
+#endif
+
+#endif /* DEFLATE_H */
diff --git a/nss/lib/zlib/example.c b/nss/lib/zlib/example.c
new file mode 100644
index 0000000..604736f
--- /dev/null
+++ b/nss/lib/zlib/example.c
@@ -0,0 +1,565 @@
+/* example.c -- usage example of the zlib compression library
+ * Copyright (C) 1995-2006 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zlib.h"
+#include <stdio.h>
+
+#ifdef STDC
+#  include <string.h>
+#  include <stdlib.h>
+#endif
+
+#if defined(VMS) || defined(RISCOS)
+#  define TESTFILE "foo-gz"
+#else
+#  define TESTFILE "foo.gz"
+#endif
+
+#define CHECK_ERR(err, msg) { \
+    if (err != Z_OK) { \
+        fprintf(stderr, "%s error: %d\n", msg, err); \
+        exit(1); \
+    } \
+}
+
+const char hello[] = "hello, hello!";
+/* "hello world" would be more standard, but the repeated "hello"
+ * stresses the compression code better, sorry...
+ */
+
+const char dictionary[] = "hello";
+uLong dictId; /* Adler32 value of the dictionary */
+
+void test_compress      OF((Byte *compr, uLong comprLen,
+                            Byte *uncompr, uLong uncomprLen));
+void test_gzio          OF((const char *fname,
+                            Byte *uncompr, uLong uncomprLen));
+void test_deflate       OF((Byte *compr, uLong comprLen));
+void test_inflate       OF((Byte *compr, uLong comprLen,
+                            Byte *uncompr, uLong uncomprLen));
+void test_large_deflate OF((Byte *compr, uLong comprLen,
+                            Byte *uncompr, uLong uncomprLen));
+void test_large_inflate OF((Byte *compr, uLong comprLen,
+                            Byte *uncompr, uLong uncomprLen));
+void test_flush         OF((Byte *compr, uLong *comprLen));
+void test_sync          OF((Byte *compr, uLong comprLen,
+                            Byte *uncompr, uLong uncomprLen));
+void test_dict_deflate  OF((Byte *compr, uLong comprLen));
+void test_dict_inflate  OF((Byte *compr, uLong comprLen,
+                            Byte *uncompr, uLong uncomprLen));
+int  main               OF((int argc, char *argv[]));
+
+/* ===========================================================================
+ * Test compress() and uncompress()
+ */
+void test_compress(compr, comprLen, uncompr, uncomprLen)
+    Byte *compr, *uncompr;
+    uLong comprLen, uncomprLen;
+{
+    int err;
+    uLong len = (uLong)strlen(hello)+1;
+
+    err = compress(compr, &comprLen, (const Bytef*)hello, len);
+    CHECK_ERR(err, "compress");
+
+    strcpy((char*)uncompr, "garbage");
+
+    err = uncompress(uncompr, &uncomprLen, compr, comprLen);
+    CHECK_ERR(err, "uncompress");
+
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad uncompress\n");
+        exit(1);
+    } else {
+        printf("uncompress(): %s\n", (char *)uncompr);
+    }
+}
+
+/* ===========================================================================
+ * Test read/write of .gz files
+ */
+void test_gzio(fname, uncompr, uncomprLen)
+    const char *fname; /* compressed file name */
+    Byte *uncompr;
+    uLong uncomprLen;
+{
+#ifdef NO_GZCOMPRESS
+    fprintf(stderr, "NO_GZCOMPRESS -- gz* functions cannot compress\n");
+#else
+    int err;
+    int len = (int)strlen(hello)+1;
+    gzFile file;
+    z_off_t pos;
+
+    file = gzopen(fname, "wb");
+    if (file == NULL) {
+        fprintf(stderr, "gzopen error\n");
+        exit(1);
+    }
+    gzputc(file, 'h');
+    if (gzputs(file, "ello") != 4) {
+        fprintf(stderr, "gzputs err: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    if (gzprintf(file, ", %s!", "hello") != 8) {
+        fprintf(stderr, "gzprintf err: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    gzseek(file, 1L, SEEK_CUR); /* add one zero byte */
+    gzclose(file);
+
+    file = gzopen(fname, "rb");
+    if (file == NULL) {
+        fprintf(stderr, "gzopen error\n");
+        exit(1);
+    }
+    strcpy((char*)uncompr, "garbage");
+
+    if (gzread(file, uncompr, (unsigned)uncomprLen) != len) {
+        fprintf(stderr, "gzread err: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad gzread: %s\n", (char*)uncompr);
+        exit(1);
+    } else {
+        printf("gzread(): %s\n", (char*)uncompr);
+    }
+
+    pos = gzseek(file, -8L, SEEK_CUR);
+    if (pos != 6 || gztell(file) != pos) {
+        fprintf(stderr, "gzseek error, pos=%ld, gztell=%ld\n",
+                (long)pos, (long)gztell(file));
+        exit(1);
+    }
+
+    if (gzgetc(file) != ' ') {
+        fprintf(stderr, "gzgetc error\n");
+        exit(1);
+    }
+
+    if (gzungetc(' ', file) != ' ') {
+        fprintf(stderr, "gzungetc error\n");
+        exit(1);
+    }
+
+    gzgets(file, (char*)uncompr, (int)uncomprLen);
+    if (strlen((char*)uncompr) != 7) { /* " hello!" */
+        fprintf(stderr, "gzgets err after gzseek: %s\n", gzerror(file, &err));
+        exit(1);
+    }
+    if (strcmp((char*)uncompr, hello + 6)) {
+        fprintf(stderr, "bad gzgets after gzseek\n");
+        exit(1);
+    } else {
+        printf("gzgets() after gzseek: %s\n", (char*)uncompr);
+    }
+
+    gzclose(file);
+#endif
+}
+
+/* ===========================================================================
+ * Test deflate() with small buffers
+ */
+void test_deflate(compr, comprLen)
+    Byte *compr;
+    uLong comprLen;
+{
+    z_stream c_stream; /* compression stream */
+    int err;
+    uLong len = (uLong)strlen(hello)+1;
+
+    c_stream.zalloc = (alloc_func)0;
+    c_stream.zfree = (free_func)0;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
+    CHECK_ERR(err, "deflateInit");
+
+    c_stream.next_in  = (Bytef*)hello;
+    c_stream.next_out = compr;
+
+    while (c_stream.total_in != len && c_stream.total_out < comprLen) {
+        c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
+        err = deflate(&c_stream, Z_NO_FLUSH);
+        CHECK_ERR(err, "deflate");
+    }
+    /* Finish the stream, still forcing small buffers: */
+    for (;;) {
+        c_stream.avail_out = 1;
+        err = deflate(&c_stream, Z_FINISH);
+        if (err == Z_STREAM_END) break;
+        CHECK_ERR(err, "deflate");
+    }
+
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with small buffers
+ */
+void test_inflate(compr, comprLen, uncompr, uncomprLen)
+    Byte *compr, *uncompr;
+    uLong comprLen, uncomprLen;
+{
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = (alloc_func)0;
+    d_stream.zfree = (free_func)0;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = 0;
+    d_stream.next_out = uncompr;
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
+        d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
+        err = inflate(&d_stream, Z_NO_FLUSH);
+        if (err == Z_STREAM_END) break;
+        CHECK_ERR(err, "inflate");
+    }
+
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad inflate\n");
+        exit(1);
+    } else {
+        printf("inflate(): %s\n", (char *)uncompr);
+    }
+}
+
+/* ===========================================================================
+ * Test deflate() with large buffers and dynamic change of compression level
+ */
+void test_large_deflate(compr, comprLen, uncompr, uncomprLen)
+    Byte *compr, *uncompr;
+    uLong comprLen, uncomprLen;
+{
+    z_stream c_stream; /* compression stream */
+    int err;
+
+    c_stream.zalloc = (alloc_func)0;
+    c_stream.zfree = (free_func)0;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_BEST_SPEED);
+    CHECK_ERR(err, "deflateInit");
+
+    c_stream.next_out = compr;
+    c_stream.avail_out = (uInt)comprLen;
+
+    /* At this point, uncompr is still mostly zeroes, so it should compress
+     * very well:
+     */
+    c_stream.next_in = uncompr;
+    c_stream.avail_in = (uInt)uncomprLen;
+    err = deflate(&c_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "deflate");
+    if (c_stream.avail_in != 0) {
+        fprintf(stderr, "deflate not greedy\n");
+        exit(1);
+    }
+
+    /* Feed in already compressed data and switch to no compression: */
+    deflateParams(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY);
+    c_stream.next_in = compr;
+    c_stream.avail_in = (uInt)comprLen/2;
+    err = deflate(&c_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "deflate");
+
+    /* Switch back to compressing mode: */
+    deflateParams(&c_stream, Z_BEST_COMPRESSION, Z_FILTERED);
+    c_stream.next_in = uncompr;
+    c_stream.avail_in = (uInt)uncomprLen;
+    err = deflate(&c_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "deflate");
+
+    err = deflate(&c_stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        fprintf(stderr, "deflate should report Z_STREAM_END\n");
+        exit(1);
+    }
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with large buffers
+ */
+void test_large_inflate(compr, comprLen, uncompr, uncomprLen)
+    Byte *compr, *uncompr;
+    uLong comprLen, uncomprLen;
+{
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = (alloc_func)0;
+    d_stream.zfree = (free_func)0;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = (uInt)comprLen;
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    for (;;) {
+        d_stream.next_out = uncompr;            /* discard the output */
+        d_stream.avail_out = (uInt)uncomprLen;
+        err = inflate(&d_stream, Z_NO_FLUSH);
+        if (err == Z_STREAM_END) break;
+        CHECK_ERR(err, "large inflate");
+    }
+
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    if (d_stream.total_out != 2*uncomprLen + comprLen/2) {
+        fprintf(stderr, "bad large inflate: %ld\n", d_stream.total_out);
+        exit(1);
+    } else {
+        printf("large_inflate(): OK\n");
+    }
+}
+
+/* ===========================================================================
+ * Test deflate() with full flush
+ */
+void test_flush(compr, comprLen)
+    Byte *compr;
+    uLong *comprLen;
+{
+    z_stream c_stream; /* compression stream */
+    int err;
+    uInt len = (uInt)strlen(hello)+1;
+
+    c_stream.zalloc = (alloc_func)0;
+    c_stream.zfree = (free_func)0;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
+    CHECK_ERR(err, "deflateInit");
+
+    c_stream.next_in  = (Bytef*)hello;
+    c_stream.next_out = compr;
+    c_stream.avail_in = 3;
+    c_stream.avail_out = (uInt)*comprLen;
+    err = deflate(&c_stream, Z_FULL_FLUSH);
+    CHECK_ERR(err, "deflate");
+
+    compr[3]++; /* force an error in first compressed block */
+    c_stream.avail_in = len - 3;
+
+    err = deflate(&c_stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        CHECK_ERR(err, "deflate");
+    }
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+
+    *comprLen = c_stream.total_out;
+}
+
+/* ===========================================================================
+ * Test inflateSync()
+ */
+void test_sync(compr, comprLen, uncompr, uncomprLen)
+    Byte *compr, *uncompr;
+    uLong comprLen, uncomprLen;
+{
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = (alloc_func)0;
+    d_stream.zfree = (free_func)0;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = 2; /* just read the zlib header */
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    d_stream.next_out = uncompr;
+    d_stream.avail_out = (uInt)uncomprLen;
+
+    inflate(&d_stream, Z_NO_FLUSH);
+    CHECK_ERR(err, "inflate");
+
+    d_stream.avail_in = (uInt)comprLen-2;   /* read all compressed data */
+    err = inflateSync(&d_stream);           /* but skip the damaged part */
+    CHECK_ERR(err, "inflateSync");
+
+    err = inflate(&d_stream, Z_FINISH);
+    if (err != Z_DATA_ERROR) {
+        fprintf(stderr, "inflate should report DATA_ERROR\n");
+        /* Because of incorrect adler32 */
+        exit(1);
+    }
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    printf("after inflateSync(): hel%s\n", (char *)uncompr);
+}
+
+/* ===========================================================================
+ * Test deflate() with preset dictionary
+ */
+void test_dict_deflate(compr, comprLen)
+    Byte *compr;
+    uLong comprLen;
+{
+    z_stream c_stream; /* compression stream */
+    int err;
+
+    c_stream.zalloc = (alloc_func)0;
+    c_stream.zfree = (free_func)0;
+    c_stream.opaque = (voidpf)0;
+
+    err = deflateInit(&c_stream, Z_BEST_COMPRESSION);
+    CHECK_ERR(err, "deflateInit");
+
+    err = deflateSetDictionary(&c_stream,
+                               (const Bytef*)dictionary, sizeof(dictionary));
+    CHECK_ERR(err, "deflateSetDictionary");
+
+    dictId = c_stream.adler;
+    c_stream.next_out = compr;
+    c_stream.avail_out = (uInt)comprLen;
+
+    c_stream.next_in = (Bytef*)hello;
+    c_stream.avail_in = (uInt)strlen(hello)+1;
+
+    err = deflate(&c_stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        fprintf(stderr, "deflate should report Z_STREAM_END\n");
+        exit(1);
+    }
+    err = deflateEnd(&c_stream);
+    CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with a preset dictionary
+ */
+void test_dict_inflate(compr, comprLen, uncompr, uncomprLen)
+    Byte *compr, *uncompr;
+    uLong comprLen, uncomprLen;
+{
+    int err;
+    z_stream d_stream; /* decompression stream */
+
+    strcpy((char*)uncompr, "garbage");
+
+    d_stream.zalloc = (alloc_func)0;
+    d_stream.zfree = (free_func)0;
+    d_stream.opaque = (voidpf)0;
+
+    d_stream.next_in  = compr;
+    d_stream.avail_in = (uInt)comprLen;
+
+    err = inflateInit(&d_stream);
+    CHECK_ERR(err, "inflateInit");
+
+    d_stream.next_out = uncompr;
+    d_stream.avail_out = (uInt)uncomprLen;
+
+    for (;;) {
+        err = inflate(&d_stream, Z_NO_FLUSH);
+        if (err == Z_STREAM_END) break;
+        if (err == Z_NEED_DICT) {
+            if (d_stream.adler != dictId) {
+                fprintf(stderr, "unexpected dictionary");
+                exit(1);
+            }
+            err = inflateSetDictionary(&d_stream, (const Bytef*)dictionary,
+                                       sizeof(dictionary));
+        }
+        CHECK_ERR(err, "inflate with dict");
+    }
+
+    err = inflateEnd(&d_stream);
+    CHECK_ERR(err, "inflateEnd");
+
+    if (strcmp((char*)uncompr, hello)) {
+        fprintf(stderr, "bad inflate with dict\n");
+        exit(1);
+    } else {
+        printf("inflate with dictionary: %s\n", (char *)uncompr);
+    }
+}
+
+/* ===========================================================================
+ * Usage:  example [output.gz  [input.gz]]
+ */
+
+int main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    Byte *compr, *uncompr;
+    uLong comprLen = 10000*sizeof(int); /* don't overflow on MSDOS */
+    uLong uncomprLen = comprLen;
+    static const char* myVersion = ZLIB_VERSION;
+
+    if (zlibVersion()[0] != myVersion[0]) {
+        fprintf(stderr, "incompatible zlib version\n");
+        exit(1);
+
+    } else if (strcmp(zlibVersion(), ZLIB_VERSION) != 0) {
+        fprintf(stderr, "warning: different zlib version\n");
+    }
+
+    printf("zlib version %s = 0x%04x, compile flags = 0x%lx\n",
+            ZLIB_VERSION, ZLIB_VERNUM, zlibCompileFlags());
+
+    compr    = (Byte*)calloc((uInt)comprLen, 1);
+    uncompr  = (Byte*)calloc((uInt)uncomprLen, 1);
+    /* compr and uncompr are cleared to avoid reading uninitialized
+     * data and to ensure that uncompr compresses well.
+     */
+    if (compr == Z_NULL || uncompr == Z_NULL) {
+        printf("out of memory\n");
+        exit(1);
+    }
+    test_compress(compr, comprLen, uncompr, uncomprLen);
+
+    test_gzio((argc > 1 ? argv[1] : TESTFILE),
+              uncompr, uncomprLen);
+
+    test_deflate(compr, comprLen);
+    test_inflate(compr, comprLen, uncompr, uncomprLen);
+
+    test_large_deflate(compr, comprLen, uncompr, uncomprLen);
+    test_large_inflate(compr, comprLen, uncompr, uncomprLen);
+
+    test_flush(compr, &comprLen);
+    test_sync(compr, comprLen, uncompr, uncomprLen);
+    comprLen = uncomprLen;
+
+    test_dict_deflate(compr, comprLen);
+    test_dict_inflate(compr, comprLen, uncompr, uncomprLen);
+
+    free(compr);
+    free(uncompr);
+
+    return 0;
+}
diff --git a/nss/lib/zlib/exports.gyp b/nss/lib/zlib/exports.gyp
new file mode 100644
index 0000000..b557218
--- /dev/null
+++ b/nss/lib/zlib/exports.gyp
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    '../../coreconf/config.gypi'
+  ],
+  'variables': {
+    'module': 'nss',
+  },
+  'conditions': [
+    ['use_system_zlib==1', {
+      'targets': [{
+        'target_name': 'lib_zlib_exports',
+        'type': 'none',
+      }],
+    }, {
+      'targets': [{
+        'target_name': 'lib_zlib_exports',
+        'type': 'none',
+        'copies': [
+          {
+          'files': [
+            'zlib.h',
+            'zconf.h',
+          ],
+          'destination': '<(nss_private_dist_dir)/<(module)'
+          }
+      ]
+    }],
+    }],
+  ],
+}
diff --git a/nss/lib/zlib/gzclose.c b/nss/lib/zlib/gzclose.c
new file mode 100644
index 0000000..caeb99a
--- /dev/null
+++ b/nss/lib/zlib/gzclose.c
@@ -0,0 +1,25 @@
+/* gzclose.c -- zlib gzclose() function
+ * Copyright (C) 2004, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* gzclose() is in a separate file so that it is linked in only if it is used.
+   That way the other gzclose functions can be used instead to avoid linking in
+   unneeded compression or decompression routines. */
+int ZEXPORT gzclose(file)
+    gzFile file;
+{
+#ifndef NO_GZCOMPRESS
+    gz_statep state;
+
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    return state->mode == GZ_READ ? gzclose_r(file) : gzclose_w(file);
+#else
+    return gzclose_r(file);
+#endif
+}
diff --git a/nss/lib/zlib/gzguts.h b/nss/lib/zlib/gzguts.h
new file mode 100644
index 0000000..0f8fb79
--- /dev/null
+++ b/nss/lib/zlib/gzguts.h
@@ -0,0 +1,132 @@
+/* gzguts.h -- zlib internal header definitions for gz* operations
+ * Copyright (C) 2004, 2005, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#ifdef _LARGEFILE64_SOURCE
+#  ifndef _LARGEFILE_SOURCE
+#    define _LARGEFILE_SOURCE 1
+#  endif
+#  ifdef _FILE_OFFSET_BITS
+#    undef _FILE_OFFSET_BITS
+#  endif
+#endif
+
+#if ((__GNUC__-0) * 10 + __GNUC_MINOR__-0 >= 33) && !defined(NO_VIZ)
+#  define ZLIB_INTERNAL __attribute__((visibility ("hidden")))
+#else
+#  define ZLIB_INTERNAL
+#endif
+
+#include <stdio.h>
+#include "zlib.h"
+#ifdef STDC
+#  include <string.h>
+#  include <stdlib.h>
+#  include <limits.h>
+#endif
+#include <fcntl.h>
+
+#ifdef NO_DEFLATE       /* for compatibility with old definition */
+#  define NO_GZCOMPRESS
+#endif
+
+#ifdef _MSC_VER
+#  include <io.h>
+#  define vsnprintf _vsnprintf
+#endif
+
+#ifndef local
+#  define local static
+#endif
+/* compile with -Dlocal if your debugger can't find static symbols */
+
+/* gz* functions always use library allocation functions */
+#ifndef STDC
+  extern voidp  malloc OF((uInt size));
+  extern void   free   OF((voidpf ptr));
+#endif
+
+/* get errno and strerror definition */
+#if defined UNDER_CE
+#  include <windows.h>
+#  define zstrerror() gz_strwinerror((DWORD)GetLastError())
+#else
+#  ifdef STDC
+#    include <errno.h>
+#    define zstrerror() strerror(errno)
+#  else
+#    define zstrerror() "stdio error (consult errno)"
+#  endif
+#endif
+
+/* provide prototypes for these when building zlib without LFS */
+#if !defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0
+    ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
+    ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int));
+    ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile));
+    ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile));
+#endif
+
+/* default i/o buffer size -- double this for output when reading */
+#define GZBUFSIZE 8192
+
+/* gzip modes, also provide a little integrity check on the passed structure */
+#define GZ_NONE 0
+#define GZ_READ 7247
+#define GZ_WRITE 31153
+#define GZ_APPEND 1     /* mode set to GZ_WRITE after the file is opened */
+
+/* values for gz_state how */
+#define LOOK 0      /* look for a gzip header */
+#define COPY 1      /* copy input directly */
+#define GZIP 2      /* decompress a gzip stream */
+
+/* internal gzip file state data structure */
+typedef struct {
+        /* used for both reading and writing */
+    int mode;               /* see gzip modes above */
+    int fd;                 /* file descriptor */
+    char *path;             /* path or fd for error messages */
+    z_off64_t pos;          /* current position in uncompressed data */
+    unsigned size;          /* buffer size, zero if not allocated yet */
+    unsigned want;          /* requested buffer size, default is GZBUFSIZE */
+    unsigned char *in;      /* input buffer */
+    unsigned char *out;     /* output buffer (double-sized when reading) */
+    unsigned char *next;    /* next output data to deliver or write */
+        /* just for reading */
+    unsigned have;          /* amount of output data unused at next */
+    int eof;                /* true if end of input file reached */
+    z_off64_t start;        /* where the gzip data started, for rewinding */
+    z_off64_t raw;          /* where the raw data started, for seeking */
+    int how;                /* 0: get header, 1: copy, 2: decompress */
+    int direct;             /* true if last read direct, false if gzip */
+        /* just for writing */
+    int level;              /* compression level */
+    int strategy;           /* compression strategy */
+        /* seek request */
+    z_off64_t skip;         /* amount to skip (already rewound if backwards) */
+    int seek;               /* true if seek request pending */
+        /* error information */
+    int err;                /* error code */
+    char *msg;              /* error message */
+        /* zlib inflate or deflate stream */
+    z_stream strm;          /* stream structure in-place (not a pointer) */
+} gz_state;
+typedef gz_state FAR *gz_statep;
+
+/* shared functions */
+void ZLIB_INTERNAL gz_error OF((gz_statep, int, const char *));
+#if defined UNDER_CE
+char ZLIB_INTERNAL *gz_strwinerror OF((DWORD error));
+#endif
+
+/* GT_OFF(x), where x is an unsigned value, is true if x > maximum z_off64_t
+   value -- needed when comparing unsigned to z_off64_t, which is signed
+   (possible z_off64_t types off_t, off64_t, and long are all signed) */
+#ifdef INT_MAX
+#  define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > INT_MAX)
+#else
+unsigned ZLIB_INTERNAL gz_intmax OF((void));
+#  define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > gz_intmax())
+#endif
diff --git a/nss/lib/zlib/gzlib.c b/nss/lib/zlib/gzlib.c
new file mode 100644
index 0000000..603e60e
--- /dev/null
+++ b/nss/lib/zlib/gzlib.c
@@ -0,0 +1,537 @@
+/* gzlib.c -- zlib functions common to reading and writing gzip files
+ * Copyright (C) 2004, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+#if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0
+#  define LSEEK lseek64
+#else
+#  define LSEEK lseek
+#endif
+
+/* Local functions */
+local void gz_reset OF((gz_statep));
+local gzFile gz_open OF((const char *, int, const char *));
+
+#if defined UNDER_CE
+
+/* Map the Windows error number in ERROR to a locale-dependent error message
+   string and return a pointer to it.  Typically, the values for ERROR come
+   from GetLastError.
+
+   The string pointed to shall not be modified by the application, but may be
+   overwritten by a subsequent call to gz_strwinerror
+
+   The gz_strwinerror function does not change the current setting of
+   GetLastError. */
+char ZLIB_INTERNAL *gz_strwinerror (error)
+     DWORD error;
+{
+    static char buf[1024];
+
+    wchar_t *msgbuf;
+    DWORD lasterr = GetLastError();
+    DWORD chars = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM
+        | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+        NULL,
+        error,
+        0, /* Default language */
+        (LPVOID)&msgbuf,
+        0,
+        NULL);
+    if (chars != 0) {
+        /* If there is an \r\n appended, zap it.  */
+        if (chars >= 2
+            && msgbuf[chars - 2] == '\r' && msgbuf[chars - 1] == '\n') {
+            chars -= 2;
+            msgbuf[chars] = 0;
+        }
+
+        if (chars > sizeof (buf) - 1) {
+            chars = sizeof (buf) - 1;
+            msgbuf[chars] = 0;
+        }
+
+        wcstombs(buf, msgbuf, chars + 1);
+        LocalFree(msgbuf);
+    }
+    else {
+        sprintf(buf, "unknown win32 error (%ld)", error);
+    }
+
+    SetLastError(lasterr);
+    return buf;
+}
+
+#endif /* UNDER_CE */
+
+/* Reset gzip file state */
+local void gz_reset(state)
+    gz_statep state;
+{
+    if (state->mode == GZ_READ) {   /* for reading ... */
+        state->have = 0;            /* no output data available */
+        state->eof = 0;             /* not at end of file */
+        state->how = LOOK;          /* look for gzip header */
+        state->direct = 1;          /* default for empty file */
+    }
+    state->seek = 0;                /* no seek request pending */
+    gz_error(state, Z_OK, NULL);    /* clear error */
+    state->pos = 0;                 /* no uncompressed data yet */
+    state->strm.avail_in = 0;       /* no input data yet */
+}
+
+/* Open a gzip file either by name or file descriptor. */
+local gzFile gz_open(path, fd, mode)
+    const char *path;
+    int fd;
+    const char *mode;
+{
+    gz_statep state;
+
+    /* allocate gzFile structure to return */
+    state = malloc(sizeof(gz_state));
+    if (state == NULL)
+        return NULL;
+    state->size = 0;            /* no buffers allocated yet */
+    state->want = GZBUFSIZE;    /* requested buffer size */
+    state->msg = NULL;          /* no error message yet */
+
+    /* interpret mode */
+    state->mode = GZ_NONE;
+    state->level = Z_DEFAULT_COMPRESSION;
+    state->strategy = Z_DEFAULT_STRATEGY;
+    while (*mode) {
+        if (*mode >= '0' && *mode <= '9')
+            state->level = *mode - '0';
+        else
+            switch (*mode) {
+            case 'r':
+                state->mode = GZ_READ;
+                break;
+#ifndef NO_GZCOMPRESS
+            case 'w':
+                state->mode = GZ_WRITE;
+                break;
+            case 'a':
+                state->mode = GZ_APPEND;
+                break;
+#endif
+            case '+':       /* can't read and write at the same time */
+                free(state);
+                return NULL;
+            case 'b':       /* ignore -- will request binary anyway */
+                break;
+            case 'f':
+                state->strategy = Z_FILTERED;
+                break;
+            case 'h':
+                state->strategy = Z_HUFFMAN_ONLY;
+                break;
+            case 'R':
+                state->strategy = Z_RLE;
+                break;
+            case 'F':
+                state->strategy = Z_FIXED;
+            default:        /* could consider as an error, but just ignore */
+                ;
+            }
+        mode++;
+    }
+
+    /* must provide an "r", "w", or "a" */
+    if (state->mode == GZ_NONE) {
+        free(state);
+        return NULL;
+    }
+
+    /* save the path name for error messages */
+    state->path = malloc(strlen(path) + 1);
+    if (state->path == NULL) {
+        free(state);
+        return NULL;
+    }
+    strcpy(state->path, path);
+
+    /* open the file with the appropriate mode (or just use fd) */
+    state->fd = fd != -1 ? fd :
+        open(path,
+#ifdef O_LARGEFILE
+            O_LARGEFILE |
+#endif
+#ifdef O_BINARY
+            O_BINARY |
+#endif
+            (state->mode == GZ_READ ?
+                O_RDONLY :
+                (O_WRONLY | O_CREAT | (
+                    state->mode == GZ_WRITE ?
+                        O_TRUNC :
+                        O_APPEND))),
+            0666);
+    if (state->fd == -1) {
+        free(state->path);
+        free(state);
+        return NULL;
+    }
+    if (state->mode == GZ_APPEND)
+        state->mode = GZ_WRITE;         /* simplify later checks */
+
+    /* save the current position for rewinding (only if reading) */
+    if (state->mode == GZ_READ) {
+        state->start = LSEEK(state->fd, 0, SEEK_CUR);
+        if (state->start == -1) state->start = 0;
+    }
+
+    /* initialize stream */
+    gz_reset(state);
+
+    /* return stream */
+    return (gzFile)state;
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzopen(path, mode)
+    const char *path;
+    const char *mode;
+{
+    return gz_open(path, -1, mode);
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzopen64(path, mode)
+    const char *path;
+    const char *mode;
+{
+    return gz_open(path, -1, mode);
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzdopen(fd, mode)
+    int fd;
+    const char *mode;
+{
+    char *path;         /* identifier for error messages */
+    gzFile gz;
+
+    if (fd == -1 || (path = malloc(7 + 3 * sizeof(int))) == NULL)
+        return NULL;
+    sprintf(path, "<fd:%d>", fd);   /* for debugging */
+    gz = gz_open(path, fd, mode);
+    free(path);
+    return gz;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzbuffer(file, size)
+    gzFile file;
+    unsigned size;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* make sure we haven't already allocated memory */
+    if (state->size != 0)
+        return -1;
+
+    /* check and set requested size */
+    if (size == 0)
+        return -1;
+    state->want = size;
+    return 0;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzrewind(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no error */
+    if (state->mode != GZ_READ || state->err != Z_OK)
+        return -1;
+
+    /* back up and start over */
+    if (LSEEK(state->fd, state->start, SEEK_SET) == -1)
+        return -1;
+    gz_reset(state);
+    return 0;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gzseek64(file, offset, whence)
+    gzFile file;
+    z_off64_t offset;
+    int whence;
+{
+    unsigned n;
+    z_off64_t ret;
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* check that there's no error */
+    if (state->err != Z_OK)
+        return -1;
+
+    /* can only seek from start or relative to current position */
+    if (whence != SEEK_SET && whence != SEEK_CUR)
+        return -1;
+
+    /* normalize offset to a SEEK_CUR specification */
+    if (whence == SEEK_SET)
+        offset -= state->pos;
+    else if (state->seek)
+        offset += state->skip;
+    state->seek = 0;
+
+    /* if within raw area while reading, just go there */
+    if (state->mode == GZ_READ && state->how == COPY &&
+        state->pos + offset >= state->raw) {
+        ret = LSEEK(state->fd, offset - state->have, SEEK_CUR);
+        if (ret == -1)
+            return -1;
+        state->have = 0;
+        state->eof = 0;
+        state->seek = 0;
+        gz_error(state, Z_OK, NULL);
+        state->strm.avail_in = 0;
+        state->pos += offset;
+        return state->pos;
+    }
+
+    /* calculate skip amount, rewinding if needed for back seek when reading */
+    if (offset < 0) {
+        if (state->mode != GZ_READ)         /* writing -- can't go backwards */
+            return -1;
+        offset += state->pos;
+        if (offset < 0)                     /* before start of file! */
+            return -1;
+        if (gzrewind(file) == -1)           /* rewind, then skip to offset */
+            return -1;
+    }
+
+    /* if reading, skip what's in output buffer (one less gzgetc() check) */
+    if (state->mode == GZ_READ) {
+        n = GT_OFF(state->have) || (z_off64_t)state->have > offset ?
+            (unsigned)offset : state->have;
+        state->have -= n;
+        state->next += n;
+        state->pos += n;
+        offset -= n;
+    }
+
+    /* request skip (if not zero) */
+    if (offset) {
+        state->seek = 1;
+        state->skip = offset;
+    }
+    return state->pos + offset;
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gzseek(file, offset, whence)
+    gzFile file;
+    z_off_t offset;
+    int whence;
+{
+    z_off64_t ret;
+
+    ret = gzseek64(file, (z_off64_t)offset, whence);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gztell64(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* return position */
+    return state->pos + (state->seek ? state->skip : 0);
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gztell(file)
+    gzFile file;
+{
+    z_off64_t ret;
+
+    ret = gztell64(file);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gzoffset64(file)
+    gzFile file;
+{
+    z_off64_t offset;
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* compute and return effective offset in file */
+    offset = LSEEK(state->fd, 0, SEEK_CUR);
+    if (offset == -1)
+        return -1;
+    if (state->mode == GZ_READ)             /* reading */
+        offset -= state->strm.avail_in;     /* don't count buffered input */
+    return offset;
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gzoffset(file)
+    gzFile file;
+{
+    z_off64_t ret;
+
+    ret = gzoffset64(file);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzeof(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return 0;
+
+    /* return end-of-file state */
+    return state->mode == GZ_READ ?
+        (state->eof && state->strm.avail_in == 0 && state->have == 0) : 0;
+}
+
+/* -- see zlib.h -- */
+const char * ZEXPORT gzerror(file, errnum)
+    gzFile file;
+    int *errnum;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return NULL;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return NULL;
+
+    /* return error information */
+    if (errnum != NULL)
+        *errnum = state->err;
+    return state->msg == NULL ? "" : state->msg;
+}
+
+/* -- see zlib.h -- */
+void ZEXPORT gzclearerr(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return;
+
+    /* clear error and end-of-file */
+    if (state->mode == GZ_READ)
+        state->eof = 0;
+    gz_error(state, Z_OK, NULL);
+}
+
+/* Create an error message in allocated memory and set state->err and
+   state->msg accordingly.  Free any previous error message already there.  Do
+   not try to free or allocate space if the error is Z_MEM_ERROR (out of
+   memory).  Simply save the error message as a static string.  If there is an
+   allocation failure constructing the error message, then convert the error to
+   out of memory. */
+void ZLIB_INTERNAL gz_error(state, err, msg)
+    gz_statep state;
+    int err;
+    const char *msg;
+{
+    /* free previously allocated message and clear */
+    if (state->msg != NULL) {
+        if (state->err != Z_MEM_ERROR)
+            free(state->msg);
+        state->msg = NULL;
+    }
+
+    /* set error code, and if no message, then done */
+    state->err = err;
+    if (msg == NULL)
+        return;
+
+    /* for an out of memory error, save as static string */
+    if (err == Z_MEM_ERROR) {
+        state->msg = (char *)msg;
+        return;
+    }
+
+    /* construct error message with path */
+    if ((state->msg = malloc(strlen(state->path) + strlen(msg) + 3)) == NULL) {
+        state->err = Z_MEM_ERROR;
+        state->msg = (char *)"out of memory";
+        return;
+    }
+    strcpy(state->msg, state->path);
+    strcat(state->msg, ": ");
+    strcat(state->msg, msg);
+    return;
+}
+
+#ifndef INT_MAX
+/* portably return maximum value for an int (when limits.h presumed not
+   available) -- we need to do this to cover cases where 2's complement not
+   used, since C standard permits 1's complement and sign-bit representations,
+   otherwise we could just use ((unsigned)-1) >> 1 */
+unsigned ZLIB_INTERNAL gz_intmax()
+{
+    unsigned p, q;
+
+    p = 1;
+    do {
+        q = p;
+        p <<= 1;
+        p++;
+    } while (p > q);
+    return q >> 1;
+}
+#endif
diff --git a/nss/lib/zlib/gzread.c b/nss/lib/zlib/gzread.c
new file mode 100644
index 0000000..548201a
--- /dev/null
+++ b/nss/lib/zlib/gzread.c
@@ -0,0 +1,653 @@
+/* gzread.c -- zlib functions for reading gzip files
+ * Copyright (C) 2004, 2005, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* Local functions */
+local int gz_load OF((gz_statep, unsigned char *, unsigned, unsigned *));
+local int gz_avail OF((gz_statep));
+local int gz_next4 OF((gz_statep, unsigned long *));
+local int gz_head OF((gz_statep));
+local int gz_decomp OF((gz_statep));
+local int gz_make OF((gz_statep));
+local int gz_skip OF((gz_statep, z_off64_t));
+
+/* Use read() to load a buffer -- return -1 on error, otherwise 0.  Read from
+   state->fd, and update state->eof, state->err, and state->msg as appropriate.
+   This function needs to loop on read(), since read() is not guaranteed to
+   read the number of bytes requested, depending on the type of descriptor. */
+local int gz_load(state, buf, len, have)
+    gz_statep state;
+    unsigned char *buf;
+    unsigned len;
+    unsigned *have;
+{
+    int ret;
+
+    *have = 0;
+    do {
+        ret = read(state->fd, buf + *have, len - *have);
+        if (ret <= 0)
+            break;
+        *have += ret;
+    } while (*have < len);
+    if (ret < 0) {
+        gz_error(state, Z_ERRNO, zstrerror());
+        return -1;
+    }
+    if (ret == 0)
+        state->eof = 1;
+    return 0;
+}
+
+/* Load up input buffer and set eof flag if last data loaded -- return -1 on
+   error, 0 otherwise.  Note that the eof flag is set when the end of the input
+   file is reached, even though there may be unused data in the buffer.  Once
+   that data has been used, no more attempts will be made to read the file.
+   gz_avail() assumes that strm->avail_in == 0. */
+local int gz_avail(state)
+    gz_statep state;
+{
+    z_streamp strm = &(state->strm);
+
+    if (state->err != Z_OK)
+        return -1;
+    if (state->eof == 0) {
+        if (gz_load(state, state->in, state->size,
+                (unsigned *)&(strm->avail_in)) == -1)
+            return -1;
+        strm->next_in = state->in;
+    }
+    return 0;
+}
+
+/* Get next byte from input, or -1 if end or error. */
+#define NEXT() ((strm->avail_in == 0 && gz_avail(state) == -1) ? -1 : \
+                (strm->avail_in == 0 ? -1 : \
+                 (strm->avail_in--, *(strm->next_in)++)))
+
+/* Get a four-byte little-endian integer and return 0 on success and the value
+   in *ret.  Otherwise -1 is returned and *ret is not modified. */
+local int gz_next4(state, ret)
+    gz_statep state;
+    unsigned long *ret;
+{
+    int ch;
+    unsigned long val;
+    z_streamp strm = &(state->strm);
+
+    val = NEXT();
+    val += (unsigned)NEXT() << 8;
+    val += (unsigned long)NEXT() << 16;
+    ch = NEXT();
+    if (ch == -1)
+        return -1;
+    val += (unsigned long)ch << 24;
+    *ret = val;
+    return 0;
+}
+
+/* Look for gzip header, set up for inflate or copy.  state->have must be zero.
+   If this is the first time in, allocate required memory.  state->how will be
+   left unchanged if there is no more input data available, will be set to COPY
+   if there is no gzip header and direct copying will be performed, or it will
+   be set to GZIP for decompression, and the gzip header will be skipped so
+   that the next available input data is the raw deflate stream.  If direct
+   copying, then leftover input data from the input buffer will be copied to
+   the output buffer.  In that case, all further file reads will be directly to
+   either the output buffer or a user buffer.  If decompressing, the inflate
+   state and the check value will be initialized.  gz_head() will return 0 on
+   success or -1 on failure.  Failures may include read errors or gzip header
+   errors.  */
+local int gz_head(state)
+    gz_statep state;
+{
+    z_streamp strm = &(state->strm);
+    int flags;
+    unsigned len;
+
+    /* allocate read buffers and inflate memory */
+    if (state->size == 0) {
+        /* allocate buffers */
+        state->in = malloc(state->want);
+        state->out = malloc(state->want << 1);
+        if (state->in == NULL || state->out == NULL) {
+            if (state->out != NULL)
+                free(state->out);
+            if (state->in != NULL)
+                free(state->in);
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        state->size = state->want;
+
+        /* allocate inflate memory */
+        state->strm.zalloc = Z_NULL;
+        state->strm.zfree = Z_NULL;
+        state->strm.opaque = Z_NULL;
+        state->strm.avail_in = 0;
+        state->strm.next_in = Z_NULL;
+        if (inflateInit2(&(state->strm), -15) != Z_OK) {    /* raw inflate */
+            free(state->out);
+            free(state->in);
+            state->size = 0;
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+    }
+
+    /* get some data in the input buffer */
+    if (strm->avail_in == 0) {
+        if (gz_avail(state) == -1)
+            return -1;
+        if (strm->avail_in == 0)
+            return 0;
+    }
+
+    /* look for the gzip magic header bytes 31 and 139 */
+    if (strm->next_in[0] == 31) {
+        strm->avail_in--;
+        strm->next_in++;
+        if (strm->avail_in == 0 && gz_avail(state) == -1)
+            return -1;
+        if (strm->avail_in && strm->next_in[0] == 139) {
+            /* we have a gzip header, woo hoo! */
+            strm->avail_in--;
+            strm->next_in++;
+
+            /* skip rest of header */
+            if (NEXT() != 8) {      /* compression method */
+                gz_error(state, Z_DATA_ERROR, "unknown compression method");
+                return -1;
+            }
+            flags = NEXT();
+            if (flags & 0xe0) {     /* reserved flag bits */
+                gz_error(state, Z_DATA_ERROR, "unknown header flags set");
+                return -1;
+            }
+            NEXT();                 /* modification time */
+            NEXT();
+            NEXT();
+            NEXT();
+            NEXT();                 /* extra flags */
+            NEXT();                 /* operating system */
+            if (flags & 4) {        /* extra field */
+                len = (unsigned)NEXT();
+                len += (unsigned)NEXT() << 8;
+                while (len--)
+                    if (NEXT() < 0)
+                        break;
+            }
+            if (flags & 8)          /* file name */
+                while (NEXT() > 0)
+                    ;
+            if (flags & 16)         /* comment */
+                while (NEXT() > 0)
+                    ;
+            if (flags & 2) {        /* header crc */
+                NEXT();
+                NEXT();
+            }
+            /* an unexpected end of file is not checked for here -- it will be
+               noticed on the first request for uncompressed data */
+
+            /* set up for decompression */
+            inflateReset(strm);
+            strm->adler = crc32(0L, Z_NULL, 0);
+            state->how = GZIP;
+            state->direct = 0;
+            return 0;
+        }
+        else {
+            /* not a gzip file -- save first byte (31) and fall to raw i/o */
+            state->out[0] = 31;
+            state->have = 1;
+        }
+    }
+
+    /* doing raw i/o, save start of raw data for seeking, copy any leftover
+       input to output -- this assumes that the output buffer is larger than
+       the input buffer, which also assures space for gzungetc() */
+    state->raw = state->pos;
+    state->next = state->out;
+    if (strm->avail_in) {
+        memcpy(state->next + state->have, strm->next_in, strm->avail_in);
+        state->have += strm->avail_in;
+        strm->avail_in = 0;
+    }
+    state->how = COPY;
+    state->direct = 1;
+    return 0;
+}
+
+/* Decompress from input to the provided next_out and avail_out in the state.
+   If the end of the compressed data is reached, then verify the gzip trailer
+   check value and length (modulo 2^32).  state->have and state->next are set
+   to point to the just decompressed data, and the crc is updated.  If the
+   trailer is verified, state->how is reset to LOOK to look for the next gzip
+   stream or raw data, once state->have is depleted.  Returns 0 on success, -1
+   on failure.  Failures may include invalid compressed data or a failed gzip
+   trailer verification. */
+local int gz_decomp(state)
+    gz_statep state;
+{
+    int ret;
+    unsigned had;
+    unsigned long crc, len;
+    z_streamp strm = &(state->strm);
+
+    /* fill output buffer up to end of deflate stream */
+    had = strm->avail_out;
+    do {
+        /* get more input for inflate() */
+        if (strm->avail_in == 0 && gz_avail(state) == -1)
+            return -1;
+        if (strm->avail_in == 0) {
+            gz_error(state, Z_DATA_ERROR, "unexpected end of file");
+            return -1;
+        }
+
+        /* decompress and handle errors */
+        ret = inflate(strm, Z_NO_FLUSH);
+        if (ret == Z_STREAM_ERROR || ret == Z_NEED_DICT) {
+            gz_error(state, Z_STREAM_ERROR,
+                      "internal error: inflate stream corrupt");
+            return -1;
+        }
+        if (ret == Z_MEM_ERROR) {
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        if (ret == Z_DATA_ERROR) {              /* deflate stream invalid */
+            gz_error(state, Z_DATA_ERROR,
+                      strm->msg == NULL ? "compressed data error" : strm->msg);
+            return -1;
+        }
+    } while (strm->avail_out && ret != Z_STREAM_END);
+
+    /* update available output and crc check value */
+    state->have = had - strm->avail_out;
+    state->next = strm->next_out - state->have;
+    strm->adler = crc32(strm->adler, state->next, state->have);
+
+    /* check gzip trailer if at end of deflate stream */
+    if (ret == Z_STREAM_END) {
+        if (gz_next4(state, &crc) == -1 || gz_next4(state, &len) == -1) {
+            gz_error(state, Z_DATA_ERROR, "unexpected end of file");
+            return -1;
+        }
+        if (crc != strm->adler) {
+            gz_error(state, Z_DATA_ERROR, "incorrect data check");
+            return -1;
+        }
+        if (len != (strm->total_out & 0xffffffffL)) {
+            gz_error(state, Z_DATA_ERROR, "incorrect length check");
+            return -1;
+        }
+        state->how = LOOK;      /* ready for next stream, once have is 0 (leave
+                                   state->direct unchanged to remember how) */
+    }
+
+    /* good decompression */
+    return 0;
+}
+
+/* Make data and put in the output buffer.  Assumes that state->have == 0.
+   Data is either copied from the input file or decompressed from the input
+   file depending on state->how.  If state->how is LOOK, then a gzip header is
+   looked for (and skipped if found) to determine wither to copy or decompress.
+   Returns -1 on error, otherwise 0.  gz_make() will leave state->have as COPY
+   or GZIP unless the end of the input file has been reached and all data has
+   been processed.  */
+local int gz_make(state)
+    gz_statep state;
+{
+    z_streamp strm = &(state->strm);
+
+    if (state->how == LOOK) {           /* look for gzip header */
+        if (gz_head(state) == -1)
+            return -1;
+        if (state->have)                /* got some data from gz_head() */
+            return 0;
+    }
+    if (state->how == COPY) {           /* straight copy */
+        if (gz_load(state, state->out, state->size << 1, &(state->have)) == -1)
+            return -1;
+        state->next = state->out;
+    }
+    else if (state->how == GZIP) {      /* decompress */
+        strm->avail_out = state->size << 1;
+        strm->next_out = state->out;
+        if (gz_decomp(state) == -1)
+            return -1;
+    }
+    return 0;
+}
+
+/* Skip len uncompressed bytes of output.  Return -1 on error, 0 on success. */
+local int gz_skip(state, len)
+    gz_statep state;
+    z_off64_t len;
+{
+    unsigned n;
+
+    /* skip over len bytes or reach end-of-file, whichever comes first */
+    while (len)
+        /* skip over whatever is in output buffer */
+        if (state->have) {
+            n = GT_OFF(state->have) || (z_off64_t)state->have > len ?
+                (unsigned)len : state->have;
+            state->have -= n;
+            state->next += n;
+            state->pos += n;
+            len -= n;
+        }
+
+        /* output buffer empty -- return if we're at the end of the input */
+        else if (state->eof && state->strm.avail_in == 0)
+            break;
+
+        /* need more data to skip -- load up output buffer */
+        else {
+            /* get more output, looking for header if required */
+            if (gz_make(state) == -1)
+                return -1;
+        }
+    return 0;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzread(file, buf, len)
+    gzFile file;
+    voidp buf;
+    unsigned len;
+{
+    unsigned got, n;
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're reading and that there's no error */
+    if (state->mode != GZ_READ || state->err != Z_OK)
+        return -1;
+
+    /* since an int is returned, make sure len fits in one, otherwise return
+       with an error (this avoids the flaw in the interface) */
+    if ((int)len < 0) {
+        gz_error(state, Z_BUF_ERROR, "requested length does not fit in int");
+        return -1;
+    }
+
+    /* if len is zero, avoid unnecessary operations */
+    if (len == 0)
+        return 0;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* get len bytes to buf, or less than len if at the end */
+    got = 0;
+    do {
+        /* first just try copying data from the output buffer */
+        if (state->have) {
+            n = state->have > len ? len : state->have;
+            memcpy(buf, state->next, n);
+            state->next += n;
+            state->have -= n;
+        }
+
+        /* output buffer empty -- return if we're at the end of the input */
+        else if (state->eof && strm->avail_in == 0)
+            break;
+
+        /* need output data -- for small len or new stream load up our output
+           buffer */
+        else if (state->how == LOOK || len < (state->size << 1)) {
+            /* get more output, looking for header if required */
+            if (gz_make(state) == -1)
+                return -1;
+            continue;       /* no progress yet -- go back to memcpy() above */
+            /* the copy above assures that we will leave with space in the
+               output buffer, allowing at least one gzungetc() to succeed */
+        }
+
+        /* large len -- read directly into user buffer */
+        else if (state->how == COPY) {      /* read directly */
+            if (gz_load(state, buf, len, &n) == -1)
+                return -1;
+        }
+
+        /* large len -- decompress directly into user buffer */
+        else {  /* state->how == GZIP */
+            strm->avail_out = len;
+            strm->next_out = buf;
+            if (gz_decomp(state) == -1)
+                return -1;
+            n = state->have;
+            state->have = 0;
+        }
+
+        /* update progress */
+        len -= n;
+        buf = (char *)buf + n;
+        got += n;
+        state->pos += n;
+    } while (len);
+
+    /* return number of bytes read into user buffer (will fit in int) */
+    return (int)got;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzgetc(file)
+    gzFile file;
+{
+    int ret;
+    unsigned char buf[1];
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no error */
+    if (state->mode != GZ_READ || state->err != Z_OK)
+        return -1;
+
+    /* try output buffer (no need to check for skip request) */
+    if (state->have) {
+        state->have--;
+        state->pos++;
+        return *(state->next)++;
+    }
+
+    /* nothing there -- try gzread() */
+    ret = gzread(file, buf, 1);
+    return ret < 1 ? -1 : buf[0];
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzungetc(c, file)
+    int c;
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no error */
+    if (state->mode != GZ_READ || state->err != Z_OK)
+        return -1;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* can't push EOF */
+    if (c < 0)
+        return -1;
+
+    /* if output buffer empty, put byte at end (allows more pushing) */
+    if (state->have == 0) {
+        state->have = 1;
+        state->next = state->out + (state->size << 1) - 1;
+        state->next[0] = c;
+        state->pos--;
+        return c;
+    }
+
+    /* if no room, give up (must have already done a gzungetc()) */
+    if (state->have == (state->size << 1)) {
+        gz_error(state, Z_BUF_ERROR, "out of room to push characters");
+        return -1;
+    }
+
+    /* slide output data if needed and insert byte before existing data */
+    if (state->next == state->out) {
+        unsigned char *src = state->out + state->have;
+        unsigned char *dest = state->out + (state->size << 1);
+        while (src > state->out)
+            *--dest = *--src;
+        state->next = dest;
+    }
+    state->have++;
+    state->next--;
+    state->next[0] = c;
+    state->pos--;
+    return c;
+}
+
+/* -- see zlib.h -- */
+char * ZEXPORT gzgets(file, buf, len)
+    gzFile file;
+    char *buf;
+    int len;
+{
+    unsigned left, n;
+    char *str;
+    unsigned char *eol;
+    gz_statep state;
+
+    /* check parameters and get internal structure */
+    if (file == NULL || buf == NULL || len < 1)
+        return NULL;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no error */
+    if (state->mode != GZ_READ || state->err != Z_OK)
+        return NULL;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return NULL;
+    }
+
+    /* copy output bytes up to new line or len - 1, whichever comes first --
+       append a terminating zero to the string (we don't check for a zero in
+       the contents, let the user worry about that) */
+    str = buf;
+    left = (unsigned)len - 1;
+    if (left) do {
+        /* assure that something is in the output buffer */
+        if (state->have == 0) {
+            if (gz_make(state) == -1)
+                return NULL;            /* error */
+            if (state->have == 0) {     /* end of file */
+                if (buf == str)         /* got bupkus */
+                    return NULL;
+                break;                  /* got something -- return it */
+            }
+        }
+
+        /* look for end-of-line in current output buffer */
+        n = state->have > left ? left : state->have;
+        eol = memchr(state->next, '\n', n);
+        if (eol != NULL)
+            n = (unsigned)(eol - state->next) + 1;
+
+        /* copy through end-of-line, or remainder if not found */
+        memcpy(buf, state->next, n);
+        state->have -= n;
+        state->next += n;
+        state->pos += n;
+        left -= n;
+        buf += n;
+    } while (left && eol == NULL);
+
+    /* found end-of-line or out of space -- terminate string and return it */
+    buf[0] = 0;
+    return str;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzdirect(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* check that we're reading */
+    if (state->mode != GZ_READ)
+        return 0;
+
+    /* if the state is not known, but we can find out, then do so (this is
+       mainly for right after a gzopen() or gzdopen()) */
+    if (state->how == LOOK && state->have == 0)
+        (void)gz_head(state);
+
+    /* return 1 if reading direct, 0 if decompressing a gzip stream */
+    return state->direct;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzclose_r(file)
+    gzFile file;
+{
+    int ret;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're reading */
+    if (state->mode != GZ_READ)
+        return Z_STREAM_ERROR;
+
+    /* free memory and close file */
+    if (state->size) {
+        inflateEnd(&(state->strm));
+        free(state->out);
+        free(state->in);
+    }
+    gz_error(state, Z_OK, NULL);
+    free(state->path);
+    ret = close(state->fd);
+    free(state);
+    return ret ? Z_ERRNO : Z_OK;
+}
diff --git a/nss/lib/zlib/gzwrite.c b/nss/lib/zlib/gzwrite.c
new file mode 100644
index 0000000..e8defc6
--- /dev/null
+++ b/nss/lib/zlib/gzwrite.c
@@ -0,0 +1,531 @@
+/* gzwrite.c -- zlib functions for writing gzip files
+ * Copyright (C) 2004, 2005, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* Local functions */
+local int gz_init OF((gz_statep));
+local int gz_comp OF((gz_statep, int));
+local int gz_zero OF((gz_statep, z_off64_t));
+
+/* Initialize state for writing a gzip file.  Mark initialization by setting
+   state->size to non-zero.  Return -1 on failure or 0 on success. */
+local int gz_init(state)
+    gz_statep state;
+{
+    int ret;
+    z_streamp strm = &(state->strm);
+
+    /* allocate input and output buffers */
+    state->in = malloc(state->want);
+    state->out = malloc(state->want);
+    if (state->in == NULL || state->out == NULL) {
+        if (state->out != NULL)
+            free(state->out);
+        if (state->in != NULL)
+            free(state->in);
+        gz_error(state, Z_MEM_ERROR, "out of memory");
+        return -1;
+    }
+
+    /* allocate deflate memory, set up for gzip compression */
+    strm->zalloc = Z_NULL;
+    strm->zfree = Z_NULL;
+    strm->opaque = Z_NULL;
+    ret = deflateInit2(strm, state->level, Z_DEFLATED,
+                       15 + 16, 8, state->strategy);
+    if (ret != Z_OK) {
+        free(state->in);
+        gz_error(state, Z_MEM_ERROR, "out of memory");
+        return -1;
+    }
+
+    /* mark state as initialized */
+    state->size = state->want;
+
+    /* initialize write buffer */
+    strm->avail_out = state->size;
+    strm->next_out = state->out;
+    state->next = strm->next_out;
+    return 0;
+}
+
+/* Compress whatever is at avail_in and next_in and write to the output file.
+   Return -1 if there is an error writing to the output file, otherwise 0.
+   flush is assumed to be a valid deflate() flush value.  If flush is Z_FINISH,
+   then the deflate() state is reset to start a new gzip stream. */
+local int gz_comp(state, flush)
+    gz_statep state;
+    int flush;
+{
+    int ret, got;
+    unsigned have;
+    z_streamp strm = &(state->strm);
+
+    /* allocate memory if this is the first time through */
+    if (state->size == 0 && gz_init(state) == -1)
+        return -1;
+
+    /* run deflate() on provided input until it produces no more output */
+    ret = Z_OK;
+    do {
+        /* write out current buffer contents if full, or if flushing, but if
+           doing Z_FINISH then don't write until we get to Z_STREAM_END */
+        if (strm->avail_out == 0 || (flush != Z_NO_FLUSH &&
+            (flush != Z_FINISH || ret == Z_STREAM_END))) {
+            have = (unsigned)(strm->next_out - state->next);
+            if (have && ((got = write(state->fd, state->next, have)) < 0 ||
+                         (unsigned)got != have)) {
+                gz_error(state, Z_ERRNO, zstrerror());
+                return -1;
+            }
+            if (strm->avail_out == 0) {
+                strm->avail_out = state->size;
+                strm->next_out = state->out;
+            }
+            state->next = strm->next_out;
+        }
+
+        /* compress */
+        have = strm->avail_out;
+        ret = deflate(strm, flush);
+        if (ret == Z_STREAM_ERROR) {
+            gz_error(state, Z_STREAM_ERROR,
+                      "internal error: deflate stream corrupt");
+            return -1;
+        }
+        have -= strm->avail_out;
+    } while (have);
+
+    /* if that completed a deflate stream, allow another to start */
+    if (flush == Z_FINISH)
+        deflateReset(strm);
+
+    /* all done, no errors */
+    return 0;
+}
+
+/* Compress len zeros to output.  Return -1 on error, 0 on success. */
+local int gz_zero(state, len)
+    gz_statep state;
+    z_off64_t len;
+{
+    int first;
+    unsigned n;
+    z_streamp strm = &(state->strm);
+
+    /* consume whatever's left in the input buffer */
+    if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+        return -1;
+
+    /* compress len zeros (len guaranteed > 0) */
+    first = 1;
+    while (len) {
+        n = GT_OFF(state->size) || (z_off64_t)state->size > len ?
+            (unsigned)len : state->size;
+        if (first) {
+            memset(state->in, 0, n);
+            first = 0;
+        }
+        strm->avail_in = n;
+        strm->next_in = state->in;
+        state->pos += n;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return -1;
+        len -= n;
+    }
+    return 0;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzwrite(file, buf, len)
+    gzFile file;
+    voidpc buf;
+    unsigned len;
+{
+    unsigned put = len;
+    unsigned n;
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return 0;
+
+    /* since an int is returned, make sure len fits in one, otherwise return
+       with an error (this avoids the flaw in the interface) */
+    if ((int)len < 0) {
+        gz_error(state, Z_BUF_ERROR, "requested length does not fit in int");
+        return 0;
+    }
+
+    /* if len is zero, avoid unnecessary operations */
+    if (len == 0)
+        return 0;
+
+    /* allocate memory if this is the first time through */
+    if (state->size == 0 && gz_init(state) == -1)
+        return 0;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return 0;
+    }
+
+    /* for small len, copy to input buffer, otherwise compress directly */
+    if (len < state->size) {
+        /* copy to input buffer, compress when full */
+        do {
+            if (strm->avail_in == 0)
+                strm->next_in = state->in;
+            n = state->size - strm->avail_in;
+            if (n > len)
+                n = len;
+            memcpy(strm->next_in + strm->avail_in, buf, n);
+            strm->avail_in += n;
+            state->pos += n;
+            buf = (char *)buf + n;
+            len -= n;
+            if (len && gz_comp(state, Z_NO_FLUSH) == -1)
+                return 0;
+        } while (len);
+    }
+    else {
+        /* consume whatever's left in the input buffer */
+        if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+            return 0;
+
+        /* directly compress user buffer to file */
+        strm->avail_in = len;
+        strm->next_in = (voidp)buf;
+        state->pos += len;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return 0;
+    }
+
+    /* input was all buffered or compressed (put will fit in int) */
+    return (int)put;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzputc(file, c)
+    gzFile file;
+    int c;
+{
+    unsigned char buf[1];
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return -1;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* try writing to input buffer for speed (state->size == 0 if buffer not
+       initialized) */
+    if (strm->avail_in < state->size) {
+        if (strm->avail_in == 0)
+            strm->next_in = state->in;
+        strm->next_in[strm->avail_in++] = c;
+        state->pos++;
+        return c;
+    }
+
+    /* no room in buffer or not initialized, use gz_write() */
+    buf[0] = c;
+    if (gzwrite(file, buf, 1) != 1)
+        return -1;
+    return c;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzputs(file, str)
+    gzFile file;
+    const char *str;
+{
+    int ret;
+    unsigned len;
+
+    /* write string */
+    len = (unsigned)strlen(str);
+    ret = gzwrite(file, str, len);
+    return ret == 0 && len != 0 ? -1 : ret;
+}
+
+#ifdef STDC
+#include <stdarg.h>
+
+/* -- see zlib.h -- */
+int ZEXPORTVA gzprintf (gzFile file, const char *format, ...)
+{
+    int size, len;
+    gz_statep state;
+    z_streamp strm;
+    va_list va;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return 0;
+
+    /* make sure we have some buffer space */
+    if (state->size == 0 && gz_init(state) == -1)
+        return 0;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return 0;
+    }
+
+    /* consume whatever's left in the input buffer */
+    if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+        return 0;
+
+    /* do the printf() into the input buffer, put length in len */
+    size = (int)(state->size);
+    state->in[size - 1] = 0;
+    va_start(va, format);
+#ifdef NO_vsnprintf
+#  ifdef HAS_vsprintf_void
+    (void)vsprintf(state->in, format, va);
+    va_end(va);
+    for (len = 0; len < size; len++)
+        if (state->in[len] == 0) break;
+#  else
+    len = vsprintf(state->in, format, va);
+    va_end(va);
+#  endif
+#else
+#  ifdef HAS_vsnprintf_void
+    (void)vsnprintf(state->in, size, format, va);
+    va_end(va);
+    len = strlen(state->in);
+#  else
+    len = vsnprintf((char *)(state->in), size, format, va);
+    va_end(va);
+#  endif
+#endif
+
+    /* check that printf() results fit in buffer */
+    if (len <= 0 || len >= (int)size || state->in[size - 1] != 0)
+        return 0;
+
+    /* update buffer and position, defer compression until needed */
+    strm->avail_in = (unsigned)len;
+    strm->next_in = state->in;
+    state->pos += len;
+    return len;
+}
+
+#else /* !STDC */
+
+/* -- see zlib.h -- */
+int ZEXPORTVA gzprintf (file, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10,
+                       a11, a12, a13, a14, a15, a16, a17, a18, a19, a20)
+    gzFile file;
+    const char *format;
+    int a1, a2, a3, a4, a5, a6, a7, a8, a9, a10,
+        a11, a12, a13, a14, a15, a16, a17, a18, a19, a20;
+{
+    int size, len;
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return 0;
+
+    /* make sure we have some buffer space */
+    if (state->size == 0 && gz_init(state) == -1)
+        return 0;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return 0;
+    }
+
+    /* consume whatever's left in the input buffer */
+    if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+        return 0;
+
+    /* do the printf() into the input buffer, put length in len */
+    size = (int)(state->size);
+    state->in[size - 1] = 0;
+#ifdef NO_snprintf
+#  ifdef HAS_sprintf_void
+    sprintf(state->in, format, a1, a2, a3, a4, a5, a6, a7, a8,
+            a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+    for (len = 0; len < size; len++)
+        if (state->in[len] == 0) break;
+#  else
+    len = sprintf(state->in, format, a1, a2, a3, a4, a5, a6, a7, a8,
+                a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+#  endif
+#else
+#  ifdef HAS_snprintf_void
+    snprintf(state->in, size, format, a1, a2, a3, a4, a5, a6, a7, a8,
+             a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+    len = strlen(state->in);
+#  else
+    len = snprintf(state->in, size, format, a1, a2, a3, a4, a5, a6, a7, a8,
+                 a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+#  endif
+#endif
+
+    /* check that printf() results fit in buffer */
+    if (len <= 0 || len >= (int)size || state->in[size - 1] != 0)
+        return 0;
+
+    /* update buffer and position, defer compression until needed */
+    strm->avail_in = (unsigned)len;
+    strm->next_in = state->in;
+    state->pos += len;
+    return len;
+}
+
+#endif
+
+/* -- see zlib.h -- */
+int ZEXPORT gzflush(file, flush)
+    gzFile file;
+    int flush;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* check flush parameter */
+    if (flush < 0 || flush > Z_FINISH)
+        return Z_STREAM_ERROR;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* compress remaining data with requested flush */
+    gz_comp(state, flush);
+    return state->err;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzsetparams(file, level, strategy)
+    gzFile file;
+    int level;
+    int strategy;
+{
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* if no change is requested, then do nothing */
+    if (level == state->level && strategy == state->strategy)
+        return Z_OK;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* change compression parameters for subsequent input */
+    if (state->size) {
+        /* flush previous input with previous parameters before changing */
+        if (strm->avail_in && gz_comp(state, Z_PARTIAL_FLUSH) == -1)
+            return state->err;
+        deflateParams(strm, level, strategy);
+    }
+    state->level = level;
+    state->strategy = strategy;
+    return Z_OK;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzclose_w(file)
+    gzFile file;
+{
+    int ret = 0;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're writing */
+    if (state->mode != GZ_WRITE)
+        return Z_STREAM_ERROR;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        ret += gz_zero(state, state->skip);
+    }
+
+    /* flush, free memory, and close file */
+    ret += gz_comp(state, Z_FINISH);
+    (void)deflateEnd(&(state->strm));
+    free(state->out);
+    free(state->in);
+    gz_error(state, Z_OK, NULL);
+    free(state->path);
+    ret += close(state->fd);
+    free(state);
+    return ret ? Z_ERRNO : Z_OK;
+}
diff --git a/nss/lib/zlib/infback.c b/nss/lib/zlib/infback.c
new file mode 100644
index 0000000..af3a8c9
--- /dev/null
+++ b/nss/lib/zlib/infback.c
@@ -0,0 +1,632 @@
+/* infback.c -- inflate using a call-back interface
+ * Copyright (C) 1995-2009 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+   This code is largely copied from inflate.c.  Normally either infback.o or
+   inflate.o would be linked into an application--not both.  The interface
+   with inffast.c is retained so that optimized assembler-coded versions of
+   inflate_fast() can be used with either inflate.c or infback.c.
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+/* function prototypes */
+local void fixedtables OF((struct inflate_state FAR *state));
+
+/*
+   strm provides memory allocation functions in zalloc and zfree, or
+   Z_NULL to use the library memory allocation functions.
+
+   windowBits is in the range 8..15, and window is a user-supplied
+   window and output buffer that is 2**windowBits bytes.
+ */
+int ZEXPORT inflateBackInit_(strm, windowBits, window, version, stream_size)
+z_streamp strm;
+int windowBits;
+unsigned char FAR *window;
+const char *version;
+int stream_size;
+{
+    struct inflate_state FAR *state;
+
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
+    if (strm == Z_NULL || window == Z_NULL ||
+        windowBits < 8 || windowBits > 15)
+        return Z_STREAM_ERROR;
+    strm->msg = Z_NULL;                 /* in case we return an error */
+    if (strm->zalloc == (alloc_func)0) {
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+    }
+    if (strm->zfree == (free_func)0) strm->zfree = zcfree;
+    state = (struct inflate_state FAR *)ZALLOC(strm, 1,
+                                               sizeof(struct inflate_state));
+    if (state == Z_NULL) return Z_MEM_ERROR;
+    Tracev((stderr, "inflate: allocated\n"));
+    strm->state = (struct internal_state FAR *)state;
+    state->dmax = 32768U;
+    state->wbits = windowBits;
+    state->wsize = 1U << windowBits;
+    state->window = window;
+    state->wnext = 0;
+    state->whave = 0;
+    return Z_OK;
+}
+
+/*
+   Return state with length and distance decoding tables and index sizes set to
+   fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+   If BUILDFIXED is defined, then instead this routine builds the tables the
+   first time it's called, and returns those tables the first time and
+   thereafter.  This reduces the size of the code by about 2K bytes, in
+   exchange for a little execution time.  However, BUILDFIXED should not be
+   used for threaded applications, since the rewriting of the tables and virgin
+   may not be thread-safe.
+ */
+local void fixedtables(state)
+struct inflate_state FAR *state;
+{
+#ifdef BUILDFIXED
+    static int virgin = 1;
+    static code *lenfix, *distfix;
+    static code fixed[544];
+
+    /* build fixed huffman tables if first call (may not be thread safe) */
+    if (virgin) {
+        unsigned sym, bits;
+        static code *next;
+
+        /* literal/length table */
+        sym = 0;
+        while (sym < 144) state->lens[sym++] = 8;
+        while (sym < 256) state->lens[sym++] = 9;
+        while (sym < 280) state->lens[sym++] = 7;
+        while (sym < 288) state->lens[sym++] = 8;
+        next = fixed;
+        lenfix = next;
+        bits = 9;
+        inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work);
+
+        /* distance table */
+        sym = 0;
+        while (sym < 32) state->lens[sym++] = 5;
+        distfix = next;
+        bits = 5;
+        inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work);
+
+        /* do this just once */
+        virgin = 0;
+    }
+#else /* !BUILDFIXED */
+#   include "inffixed.h"
+#endif /* BUILDFIXED */
+    state->lencode = lenfix;
+    state->lenbits = 9;
+    state->distcode = distfix;
+    state->distbits = 5;
+}
+
+/* Macros for inflateBack(): */
+
+/* Load returned state from inflate_fast() */
+#define LOAD() \
+    do { \
+        put = strm->next_out; \
+        left = strm->avail_out; \
+        next = strm->next_in; \
+        have = strm->avail_in; \
+        hold = state->hold; \
+        bits = state->bits; \
+    } while (0)
+
+/* Set state from registers for inflate_fast() */
+#define RESTORE() \
+    do { \
+        strm->next_out = put; \
+        strm->avail_out = left; \
+        strm->next_in = next; \
+        strm->avail_in = have; \
+        state->hold = hold; \
+        state->bits = bits; \
+    } while (0)
+
+/* Clear the input bit accumulator */
+#define INITBITS() \
+    do { \
+        hold = 0; \
+        bits = 0; \
+    } while (0)
+
+/* Assure that some input is available.  If input is requested, but denied,
+   then return a Z_BUF_ERROR from inflateBack(). */
+#define PULL() \
+    do { \
+        if (have == 0) { \
+            have = in(in_desc, &next); \
+            if (have == 0) { \
+                next = Z_NULL; \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/* Get a byte of input into the bit accumulator, or return from inflateBack()
+   with an error if there is no input available. */
+#define PULLBYTE() \
+    do { \
+        PULL(); \
+        have--; \
+        hold += (unsigned long)(*next++) << bits; \
+        bits += 8; \
+    } while (0)
+
+/* Assure that there are at least n bits in the bit accumulator.  If there is
+   not enough available input to do that, then return from inflateBack() with
+   an error. */
+#define NEEDBITS(n) \
+    do { \
+        while (bits < (unsigned)(n)) \
+            PULLBYTE(); \
+    } while (0)
+
+/* Return the low n bits of the bit accumulator (n < 16) */
+#define BITS(n) \
+    ((unsigned)hold & ((1U << (n)) - 1))
+
+/* Remove n bits from the bit accumulator */
+#define DROPBITS(n) \
+    do { \
+        hold >>= (n); \
+        bits -= (unsigned)(n); \
+    } while (0)
+
+/* Remove zero to seven bits as needed to go to a byte boundary */
+#define BYTEBITS() \
+    do { \
+        hold >>= bits & 7; \
+        bits -= bits & 7; \
+    } while (0)
+
+/* Assure that some output space is available, by writing out the window
+   if it's full.  If the write fails, return from inflateBack() with a
+   Z_BUF_ERROR. */
+#define ROOM() \
+    do { \
+        if (left == 0) { \
+            put = state->window; \
+            left = state->wsize; \
+            state->whave = left; \
+            if (out(out_desc, put, left)) { \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/*
+   strm provides the memory allocation functions and window buffer on input,
+   and provides information on the unused input on return.  For Z_DATA_ERROR
+   returns, strm will also provide an error message.
+
+   in() and out() are the call-back input and output functions.  When
+   inflateBack() needs more input, it calls in().  When inflateBack() has
+   filled the window with output, or when it completes with data in the
+   window, it calls out() to write out the data.  The application must not
+   change the provided input until in() is called again or inflateBack()
+   returns.  The application must not change the window/output buffer until
+   inflateBack() returns.
+
+   in() and out() are called with a descriptor parameter provided in the
+   inflateBack() call.  This parameter can be a structure that provides the
+   information required to do the read or write, as well as accumulated
+   information on the input and output such as totals and check values.
+
+   in() should return zero on failure.  out() should return non-zero on
+   failure.  If either in() or out() fails, than inflateBack() returns a
+   Z_BUF_ERROR.  strm->next_in can be checked for Z_NULL to see whether it
+   was in() or out() that caused in the error.  Otherwise,  inflateBack()
+   returns Z_STREAM_END on success, Z_DATA_ERROR for an deflate format
+   error, or Z_MEM_ERROR if it could not allocate memory for the state.
+   inflateBack() can also return Z_STREAM_ERROR if the input parameters
+   are not correct, i.e. strm is Z_NULL or the state was not initialized.
+ */
+int ZEXPORT inflateBack(strm, in, in_desc, out, out_desc)
+z_streamp strm;
+in_func in;
+void FAR *in_desc;
+out_func out;
+void FAR *out_desc;
+{
+    struct inflate_state FAR *state;
+    unsigned char FAR *next;    /* next input */
+    unsigned char FAR *put;     /* next output */
+    unsigned have, left;        /* available input and output */
+    unsigned long hold;         /* bit buffer */
+    unsigned bits;              /* bits in bit buffer */
+    unsigned copy;              /* number of stored or match bytes to copy */
+    unsigned char FAR *from;    /* where to copy match bytes from */
+    code here;                  /* current decoding table entry */
+    code last;                  /* parent table entry */
+    unsigned len;               /* length to copy for repeats, bits to drop */
+    int ret;                    /* return code */
+    static const unsigned short order[19] = /* permutation of code lengths */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+
+    /* Check that the strm exists and that the state was initialized */
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* Reset the state */
+    strm->msg = Z_NULL;
+    state->mode = TYPE;
+    state->last = 0;
+    state->whave = 0;
+    next = strm->next_in;
+    have = next != Z_NULL ? strm->avail_in : 0;
+    hold = 0;
+    bits = 0;
+    put = state->window;
+    left = state->wsize;
+
+    /* Inflate until end of block marked as last */
+    for (;;)
+        switch (state->mode) {
+        case TYPE:
+            /* determine and dispatch block type */
+            if (state->last) {
+                BYTEBITS();
+                state->mode = DONE;
+                break;
+            }
+            NEEDBITS(3);
+            state->last = BITS(1);
+            DROPBITS(1);
+            switch (BITS(2)) {
+            case 0:                             /* stored block */
+                Tracev((stderr, "inflate:     stored block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = STORED;
+                break;
+            case 1:                             /* fixed block */
+                fixedtables(state);
+                Tracev((stderr, "inflate:     fixed codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = LEN;              /* decode codes */
+                break;
+            case 2:                             /* dynamic block */
+                Tracev((stderr, "inflate:     dynamic codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = TABLE;
+                break;
+            case 3:
+                strm->msg = (char *)"invalid block type";
+                state->mode = BAD;
+            }
+            DROPBITS(2);
+            break;
+
+        case STORED:
+            /* get and verify stored block length */
+            BYTEBITS();                         /* go to byte boundary */
+            NEEDBITS(32);
+            if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
+                strm->msg = (char *)"invalid stored block lengths";
+                state->mode = BAD;
+                break;
+            }
+            state->length = (unsigned)hold & 0xffff;
+            Tracev((stderr, "inflate:       stored length %u\n",
+                    state->length));
+            INITBITS();
+
+            /* copy stored block from input to output */
+            while (state->length != 0) {
+                copy = state->length;
+                PULL();
+                ROOM();
+                if (copy > have) copy = have;
+                if (copy > left) copy = left;
+                zmemcpy(put, next, copy);
+                have -= copy;
+                next += copy;
+                left -= copy;
+                put += copy;
+                state->length -= copy;
+            }
+            Tracev((stderr, "inflate:       stored end\n"));
+            state->mode = TYPE;
+            break;
+
+        case TABLE:
+            /* get dynamic table entries descriptor */
+            NEEDBITS(14);
+            state->nlen = BITS(5) + 257;
+            DROPBITS(5);
+            state->ndist = BITS(5) + 1;
+            DROPBITS(5);
+            state->ncode = BITS(4) + 4;
+            DROPBITS(4);
+#ifndef PKZIP_BUG_WORKAROUND
+            if (state->nlen > 286 || state->ndist > 30) {
+                strm->msg = (char *)"too many length or distance symbols";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracev((stderr, "inflate:       table sizes ok\n"));
+
+            /* get code length code lengths (not a typo) */
+            state->have = 0;
+            while (state->have < state->ncode) {
+                NEEDBITS(3);
+                state->lens[order[state->have++]] = (unsigned short)BITS(3);
+                DROPBITS(3);
+            }
+            while (state->have < 19)
+                state->lens[order[state->have++]] = 0;
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 7;
+            ret = inflate_table(CODES, state->lens, 19, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid code lengths set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       code lengths ok\n"));
+
+            /* get length and distance code code lengths */
+            state->have = 0;
+            while (state->have < state->nlen + state->ndist) {
+                for (;;) {
+                    here = state->lencode[BITS(state->lenbits)];
+                    if ((unsigned)(here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                if (here.val < 16) {
+                    NEEDBITS(here.bits);
+                    DROPBITS(here.bits);
+                    state->lens[state->have++] = here.val;
+                }
+                else {
+                    if (here.val == 16) {
+                        NEEDBITS(here.bits + 2);
+                        DROPBITS(here.bits);
+                        if (state->have == 0) {
+                            strm->msg = (char *)"invalid bit length repeat";
+                            state->mode = BAD;
+                            break;
+                        }
+                        len = (unsigned)(state->lens[state->have - 1]);
+                        copy = 3 + BITS(2);
+                        DROPBITS(2);
+                    }
+                    else if (here.val == 17) {
+                        NEEDBITS(here.bits + 3);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 3 + BITS(3);
+                        DROPBITS(3);
+                    }
+                    else {
+                        NEEDBITS(here.bits + 7);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 11 + BITS(7);
+                        DROPBITS(7);
+                    }
+                    if (state->have + copy > state->nlen + state->ndist) {
+                        strm->msg = (char *)"invalid bit length repeat";
+                        state->mode = BAD;
+                        break;
+                    }
+                    while (copy--)
+                        state->lens[state->have++] = (unsigned short)len;
+                }
+            }
+
+            /* handle error breaks in while */
+            if (state->mode == BAD) break;
+
+            /* check for end-of-block code (better have one) */
+            if (state->lens[256] == 0) {
+                strm->msg = (char *)"invalid code -- missing end-of-block";
+                state->mode = BAD;
+                break;
+            }
+
+            /* build code tables -- note: do not change the lenbits or distbits
+               values here (9 and 6) without reading the comments in inftrees.h
+               concerning the ENOUGH constants, which depend on those values */
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 9;
+            ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid literal/lengths set";
+                state->mode = BAD;
+                break;
+            }
+            state->distcode = (code const FAR *)(state->next);
+            state->distbits = 6;
+            ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
+                            &(state->next), &(state->distbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid distances set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       codes ok\n"));
+            state->mode = LEN;
+
+        case LEN:
+            /* use inflate_fast() if we have enough input and output */
+            if (have >= 6 && left >= 258) {
+                RESTORE();
+                if (state->whave < state->wsize)
+                    state->whave = state->wsize - left;
+                inflate_fast(strm, state->wsize);
+                LOAD();
+                break;
+            }
+
+            /* get a literal, length, or end-of-block code */
+            for (;;) {
+                here = state->lencode[BITS(state->lenbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if (here.op && (here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->lencode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            state->length = (unsigned)here.val;
+
+            /* process literal */
+            if (here.op == 0) {
+                Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                        "inflate:         literal '%c'\n" :
+                        "inflate:         literal 0x%02x\n", here.val));
+                ROOM();
+                *put++ = (unsigned char)(state->length);
+                left--;
+                state->mode = LEN;
+                break;
+            }
+
+            /* process end of block */
+            if (here.op & 32) {
+                Tracevv((stderr, "inflate:         end of block\n"));
+                state->mode = TYPE;
+                break;
+            }
+
+            /* invalid code */
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid literal/length code";
+                state->mode = BAD;
+                break;
+            }
+
+            /* length code -- get extra bits, if any */
+            state->extra = (unsigned)(here.op) & 15;
+            if (state->extra != 0) {
+                NEEDBITS(state->extra);
+                state->length += BITS(state->extra);
+                DROPBITS(state->extra);
+            }
+            Tracevv((stderr, "inflate:         length %u\n", state->length));
+
+            /* get distance code */
+            for (;;) {
+                here = state->distcode[BITS(state->distbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if ((here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->distcode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+            state->offset = (unsigned)here.val;
+
+            /* get distance extra bits, if any */
+            state->extra = (unsigned)(here.op) & 15;
+            if (state->extra != 0) {
+                NEEDBITS(state->extra);
+                state->offset += BITS(state->extra);
+                DROPBITS(state->extra);
+            }
+            if (state->offset > state->wsize - (state->whave < state->wsize ?
+                                                left : 0)) {
+                strm->msg = (char *)"invalid distance too far back";
+                state->mode = BAD;
+                break;
+            }
+            Tracevv((stderr, "inflate:         distance %u\n", state->offset));
+
+            /* copy match from window to output */
+            do {
+                ROOM();
+                copy = state->wsize - state->offset;
+                if (copy < left) {
+                    from = put + copy;
+                    copy = left - copy;
+                }
+                else {
+                    from = put - state->offset;
+                    copy = left;
+                }
+                if (copy > state->length) copy = state->length;
+                state->length -= copy;
+                left -= copy;
+                do {
+                    *put++ = *from++;
+                } while (--copy);
+            } while (state->length != 0);
+            break;
+
+        case DONE:
+            /* inflate stream terminated properly -- write leftover output */
+            ret = Z_STREAM_END;
+            if (left < state->wsize) {
+                if (out(out_desc, state->window, state->wsize - left))
+                    ret = Z_BUF_ERROR;
+            }
+            goto inf_leave;
+
+        case BAD:
+            ret = Z_DATA_ERROR;
+            goto inf_leave;
+
+        default:                /* can't happen, but makes compilers happy */
+            ret = Z_STREAM_ERROR;
+            goto inf_leave;
+        }
+
+    /* Return unused input */
+  inf_leave:
+    strm->next_in = next;
+    strm->avail_in = have;
+    return ret;
+}
+
+int ZEXPORT inflateBackEnd(strm)
+z_streamp strm;
+{
+    if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0)
+        return Z_STREAM_ERROR;
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+    Tracev((stderr, "inflate: end\n"));
+    return Z_OK;
+}
diff --git a/nss/lib/zlib/inffast.c b/nss/lib/zlib/inffast.c
new file mode 100644
index 0000000..2f1d60b
--- /dev/null
+++ b/nss/lib/zlib/inffast.c
@@ -0,0 +1,340 @@
+/* inffast.c -- fast decoding
+ * Copyright (C) 1995-2008, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+#ifndef ASMINF
+
+/* Allow machine dependent optimization for post-increment or pre-increment.
+   Based on testing to date,
+   Pre-increment preferred for:
+   - PowerPC G3 (Adler)
+   - MIPS R5000 (Randers-Pehrson)
+   Post-increment preferred for:
+   - none
+   No measurable difference:
+   - Pentium III (Anderson)
+   - M68060 (Nikl)
+ */
+#ifdef POSTINC
+#  define OFF 0
+#  define PUP(a) *(a)++
+#else
+#  define OFF 1
+#  define PUP(a) *++(a)
+#endif
+
+/*
+   Decode literal, length, and distance codes and write out the resulting
+   literal and match bytes until either not enough input or output is
+   available, an end-of-block is encountered, or a data error is encountered.
+   When large enough input and output buffers are supplied to inflate(), for
+   example, a 16K input buffer and a 64K output buffer, more than 95% of the
+   inflate execution time is spent in this routine.
+
+   Entry assumptions:
+
+        state->mode == LEN
+        strm->avail_in >= 6
+        strm->avail_out >= 258
+        start >= strm->avail_out
+        state->bits < 8
+
+   On return, state->mode is one of:
+
+        LEN -- ran out of enough output space or enough available input
+        TYPE -- reached end of block code, inflate() to interpret next block
+        BAD -- error in block data
+
+   Notes:
+
+    - The maximum input bits used by a length/distance pair is 15 bits for the
+      length code, 5 bits for the length extra, 15 bits for the distance code,
+      and 13 bits for the distance extra.  This totals 48 bits, or six bytes.
+      Therefore if strm->avail_in >= 6, then there is enough input to avoid
+      checking for available input while decoding.
+
+    - The maximum bytes that a single length/distance pair can output is 258
+      bytes, which is the maximum length that can be coded.  inflate_fast()
+      requires strm->avail_out >= 258 for each loop to avoid checking for
+      output space.
+ */
+void ZLIB_INTERNAL inflate_fast(strm, start)
+z_streamp strm;
+unsigned start;         /* inflate()'s starting value for strm->avail_out */
+{
+    struct inflate_state FAR *state;
+    unsigned char FAR *in;      /* local strm->next_in */
+    unsigned char FAR *last;    /* while in < last, enough input available */
+    unsigned char FAR *out;     /* local strm->next_out */
+    unsigned char FAR *beg;     /* inflate()'s initial strm->next_out */
+    unsigned char FAR *end;     /* while out < end, enough space available */
+#ifdef INFLATE_STRICT
+    unsigned dmax;              /* maximum distance from zlib header */
+#endif
+    unsigned wsize;             /* window size or zero if not using window */
+    unsigned whave;             /* valid bytes in the window */
+    unsigned wnext;             /* window write index */
+    unsigned char FAR *window;  /* allocated sliding window, if wsize != 0 */
+    unsigned long hold;         /* local strm->hold */
+    unsigned bits;              /* local strm->bits */
+    code const FAR *lcode;      /* local strm->lencode */
+    code const FAR *dcode;      /* local strm->distcode */
+    unsigned lmask;             /* mask for first level of length codes */
+    unsigned dmask;             /* mask for first level of distance codes */
+    code here;                  /* retrieved table entry */
+    unsigned op;                /* code bits, operation, extra bits, or */
+                                /*  window position, window bytes to copy */
+    unsigned len;               /* match length, unused bytes */
+    unsigned dist;              /* match distance */
+    unsigned char FAR *from;    /* where to copy match from */
+
+    /* copy state to local variables */
+    state = (struct inflate_state FAR *)strm->state;
+    in = strm->next_in - OFF;
+    last = in + (strm->avail_in - 5);
+    out = strm->next_out - OFF;
+    beg = out - (start - strm->avail_out);
+    end = out + (strm->avail_out - 257);
+#ifdef INFLATE_STRICT
+    dmax = state->dmax;
+#endif
+    wsize = state->wsize;
+    whave = state->whave;
+    wnext = state->wnext;
+    window = state->window;
+    hold = state->hold;
+    bits = state->bits;
+    lcode = state->lencode;
+    dcode = state->distcode;
+    lmask = (1U << state->lenbits) - 1;
+    dmask = (1U << state->distbits) - 1;
+
+    /* decode literals and length/distances until end-of-block or not enough
+       input data or output space */
+    do {
+        if (bits < 15) {
+            hold += (unsigned long)(PUP(in)) << bits;
+            bits += 8;
+            hold += (unsigned long)(PUP(in)) << bits;
+            bits += 8;
+        }
+        here = lcode[hold & lmask];
+      dolen:
+        op = (unsigned)(here.bits);
+        hold >>= op;
+        bits -= op;
+        op = (unsigned)(here.op);
+        if (op == 0) {                          /* literal */
+            Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                    "inflate:         literal '%c'\n" :
+                    "inflate:         literal 0x%02x\n", here.val));
+            PUP(out) = (unsigned char)(here.val);
+        }
+        else if (op & 16) {                     /* length base */
+            len = (unsigned)(here.val);
+            op &= 15;                           /* number of extra bits */
+            if (op) {
+                if (bits < op) {
+                    hold += (unsigned long)(PUP(in)) << bits;
+                    bits += 8;
+                }
+                len += (unsigned)hold & ((1U << op) - 1);
+                hold >>= op;
+                bits -= op;
+            }
+            Tracevv((stderr, "inflate:         length %u\n", len));
+            if (bits < 15) {
+                hold += (unsigned long)(PUP(in)) << bits;
+                bits += 8;
+                hold += (unsigned long)(PUP(in)) << bits;
+                bits += 8;
+            }
+            here = dcode[hold & dmask];
+          dodist:
+            op = (unsigned)(here.bits);
+            hold >>= op;
+            bits -= op;
+            op = (unsigned)(here.op);
+            if (op & 16) {                      /* distance base */
+                dist = (unsigned)(here.val);
+                op &= 15;                       /* number of extra bits */
+                if (bits < op) {
+                    hold += (unsigned long)(PUP(in)) << bits;
+                    bits += 8;
+                    if (bits < op) {
+                        hold += (unsigned long)(PUP(in)) << bits;
+                        bits += 8;
+                    }
+                }
+                dist += (unsigned)hold & ((1U << op) - 1);
+#ifdef INFLATE_STRICT
+                if (dist > dmax) {
+                    strm->msg = (char *)"invalid distance too far back";
+                    state->mode = BAD;
+                    break;
+                }
+#endif
+                hold >>= op;
+                bits -= op;
+                Tracevv((stderr, "inflate:         distance %u\n", dist));
+                op = (unsigned)(out - beg);     /* max distance in output */
+                if (dist > op) {                /* see if copy from window */
+                    op = dist - op;             /* distance back in window */
+                    if (op > whave) {
+                        if (state->sane) {
+                            strm->msg =
+                                (char *)"invalid distance too far back";
+                            state->mode = BAD;
+                            break;
+                        }
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+                        if (len <= op - whave) {
+                            do {
+                                PUP(out) = 0;
+                            } while (--len);
+                            continue;
+                        }
+                        len -= op - whave;
+                        do {
+                            PUP(out) = 0;
+                        } while (--op > whave);
+                        if (op == 0) {
+                            from = out - dist;
+                            do {
+                                PUP(out) = PUP(from);
+                            } while (--len);
+                            continue;
+                        }
+#endif
+                    }
+                    from = window - OFF;
+                    if (wnext == 0) {           /* very common case */
+                        from += wsize - op;
+                        if (op < len) {         /* some from window */
+                            len -= op;
+                            do {
+                                PUP(out) = PUP(from);
+                            } while (--op);
+                            from = out - dist;  /* rest from output */
+                        }
+                    }
+                    else if (wnext < op) {      /* wrap around window */
+                        from += wsize + wnext - op;
+                        op -= wnext;
+                        if (op < len) {         /* some from end of window */
+                            len -= op;
+                            do {
+                                PUP(out) = PUP(from);
+                            } while (--op);
+                            from = window - OFF;
+                            if (wnext < len) {  /* some from start of window */
+                                op = wnext;
+                                len -= op;
+                                do {
+                                    PUP(out) = PUP(from);
+                                } while (--op);
+                                from = out - dist;      /* rest from output */
+                            }
+                        }
+                    }
+                    else {                      /* contiguous in window */
+                        from += wnext - op;
+                        if (op < len) {         /* some from window */
+                            len -= op;
+                            do {
+                                PUP(out) = PUP(from);
+                            } while (--op);
+                            from = out - dist;  /* rest from output */
+                        }
+                    }
+                    while (len > 2) {
+                        PUP(out) = PUP(from);
+                        PUP(out) = PUP(from);
+                        PUP(out) = PUP(from);
+                        len -= 3;
+                    }
+                    if (len) {
+                        PUP(out) = PUP(from);
+                        if (len > 1)
+                            PUP(out) = PUP(from);
+                    }
+                }
+                else {
+                    from = out - dist;          /* copy direct from output */
+                    do {                        /* minimum length is three */
+                        PUP(out) = PUP(from);
+                        PUP(out) = PUP(from);
+                        PUP(out) = PUP(from);
+                        len -= 3;
+                    } while (len > 2);
+                    if (len) {
+                        PUP(out) = PUP(from);
+                        if (len > 1)
+                            PUP(out) = PUP(from);
+                    }
+                }
+            }
+            else if ((op & 64) == 0) {          /* 2nd level distance code */
+                here = dcode[here.val + (hold & ((1U << op) - 1))];
+                goto dodist;
+            }
+            else {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+        }
+        else if ((op & 64) == 0) {              /* 2nd level length code */
+            here = lcode[here.val + (hold & ((1U << op) - 1))];
+            goto dolen;
+        }
+        else if (op & 32) {                     /* end-of-block */
+            Tracevv((stderr, "inflate:         end of block\n"));
+            state->mode = TYPE;
+            break;
+        }
+        else {
+            strm->msg = (char *)"invalid literal/length code";
+            state->mode = BAD;
+            break;
+        }
+    } while (in < last && out < end);
+
+    /* return unused bytes (on entry, bits < 8, so in won't go too far back) */
+    len = bits >> 3;
+    in -= len;
+    bits -= len << 3;
+    hold &= (1U << bits) - 1;
+
+    /* update state and return */
+    strm->next_in = in + OFF;
+    strm->next_out = out + OFF;
+    strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last));
+    strm->avail_out = (unsigned)(out < end ?
+                                 257 + (end - out) : 257 - (out - end));
+    state->hold = hold;
+    state->bits = bits;
+    return;
+}
+
+/*
+   inflate_fast() speedups that turned out slower (on a PowerPC G3 750CXe):
+   - Using bit fields for code structure
+   - Different op definition to avoid & for extra bits (do & for table bits)
+   - Three separate decoding do-loops for direct, window, and wnext == 0
+   - Special case for distance > 1 copies to do overlapped load and store copy
+   - Explicit branch predictions (based on measured branch probabilities)
+   - Deferring match copy and interspersed it with decoding subsequent codes
+   - Swapping literal/length else
+   - Swapping window/direct else
+   - Larger unrolled copy loops (three is about right)
+   - Moving len -= 3 statement into middle of loop
+ */
+
+#endif /* !ASMINF */
diff --git a/nss/lib/zlib/inffast.h b/nss/lib/zlib/inffast.h
new file mode 100644
index 0000000..e5c1aa4
--- /dev/null
+++ b/nss/lib/zlib/inffast.h
@@ -0,0 +1,11 @@
+/* inffast.h -- header to use inffast.c
+ * Copyright (C) 1995-2003, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start));
diff --git a/nss/lib/zlib/inffixed.h b/nss/lib/zlib/inffixed.h
new file mode 100644
index 0000000..05640fe
--- /dev/null
+++ b/nss/lib/zlib/inffixed.h
@@ -0,0 +1,98 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+    /* inffixed.h -- table for decoding fixed codes
+     * Generated automatically by makefixed().
+     */
+
+    /* WARNING: this file should *not* be used by applications. It
+       is part of the implementation of the compression library and
+       is subject to change. Applications should only use zlib.h.
+     */
+
+    static const code lenfix[512] = {
+        {96,7,0},{0,8,80},{0,8,16},{20,8,115},{18,7,31},{0,8,112},{0,8,48},
+        {0,9,192},{16,7,10},{0,8,96},{0,8,32},{0,9,160},{0,8,0},{0,8,128},
+        {0,8,64},{0,9,224},{16,7,6},{0,8,88},{0,8,24},{0,9,144},{19,7,59},
+        {0,8,120},{0,8,56},{0,9,208},{17,7,17},{0,8,104},{0,8,40},{0,9,176},
+        {0,8,8},{0,8,136},{0,8,72},{0,9,240},{16,7,4},{0,8,84},{0,8,20},
+        {21,8,227},{19,7,43},{0,8,116},{0,8,52},{0,9,200},{17,7,13},{0,8,100},
+        {0,8,36},{0,9,168},{0,8,4},{0,8,132},{0,8,68},{0,9,232},{16,7,8},
+        {0,8,92},{0,8,28},{0,9,152},{20,7,83},{0,8,124},{0,8,60},{0,9,216},
+        {18,7,23},{0,8,108},{0,8,44},{0,9,184},{0,8,12},{0,8,140},{0,8,76},
+        {0,9,248},{16,7,3},{0,8,82},{0,8,18},{21,8,163},{19,7,35},{0,8,114},
+        {0,8,50},{0,9,196},{17,7,11},{0,8,98},{0,8,34},{0,9,164},{0,8,2},
+        {0,8,130},{0,8,66},{0,9,228},{16,7,7},{0,8,90},{0,8,26},{0,9,148},
+        {20,7,67},{0,8,122},{0,8,58},{0,9,212},{18,7,19},{0,8,106},{0,8,42},
+        {0,9,180},{0,8,10},{0,8,138},{0,8,74},{0,9,244},{16,7,5},{0,8,86},
+        {0,8,22},{64,8,0},{19,7,51},{0,8,118},{0,8,54},{0,9,204},{17,7,15},
+        {0,8,102},{0,8,38},{0,9,172},{0,8,6},{0,8,134},{0,8,70},{0,9,236},
+        {16,7,9},{0,8,94},{0,8,30},{0,9,156},{20,7,99},{0,8,126},{0,8,62},
+        {0,9,220},{18,7,27},{0,8,110},{0,8,46},{0,9,188},{0,8,14},{0,8,142},
+        {0,8,78},{0,9,252},{96,7,0},{0,8,81},{0,8,17},{21,8,131},{18,7,31},
+        {0,8,113},{0,8,49},{0,9,194},{16,7,10},{0,8,97},{0,8,33},{0,9,162},
+        {0,8,1},{0,8,129},{0,8,65},{0,9,226},{16,7,6},{0,8,89},{0,8,25},
+        {0,9,146},{19,7,59},{0,8,121},{0,8,57},{0,9,210},{17,7,17},{0,8,105},
+        {0,8,41},{0,9,178},{0,8,9},{0,8,137},{0,8,73},{0,9,242},{16,7,4},
+        {0,8,85},{0,8,21},{16,8,258},{19,7,43},{0,8,117},{0,8,53},{0,9,202},
+        {17,7,13},{0,8,101},{0,8,37},{0,9,170},{0,8,5},{0,8,133},{0,8,69},
+        {0,9,234},{16,7,8},{0,8,93},{0,8,29},{0,9,154},{20,7,83},{0,8,125},
+        {0,8,61},{0,9,218},{18,7,23},{0,8,109},{0,8,45},{0,9,186},{0,8,13},
+        {0,8,141},{0,8,77},{0,9,250},{16,7,3},{0,8,83},{0,8,19},{21,8,195},
+        {19,7,35},{0,8,115},{0,8,51},{0,9,198},{17,7,11},{0,8,99},{0,8,35},
+        {0,9,166},{0,8,3},{0,8,131},{0,8,67},{0,9,230},{16,7,7},{0,8,91},
+        {0,8,27},{0,9,150},{20,7,67},{0,8,123},{0,8,59},{0,9,214},{18,7,19},
+        {0,8,107},{0,8,43},{0,9,182},{0,8,11},{0,8,139},{0,8,75},{0,9,246},
+        {16,7,5},{0,8,87},{0,8,23},{64,8,0},{19,7,51},{0,8,119},{0,8,55},
+        {0,9,206},{17,7,15},{0,8,103},{0,8,39},{0,9,174},{0,8,7},{0,8,135},
+        {0,8,71},{0,9,238},{16,7,9},{0,8,95},{0,8,31},{0,9,158},{20,7,99},
+        {0,8,127},{0,8,63},{0,9,222},{18,7,27},{0,8,111},{0,8,47},{0,9,190},
+        {0,8,15},{0,8,143},{0,8,79},{0,9,254},{96,7,0},{0,8,80},{0,8,16},
+        {20,8,115},{18,7,31},{0,8,112},{0,8,48},{0,9,193},{16,7,10},{0,8,96},
+        {0,8,32},{0,9,161},{0,8,0},{0,8,128},{0,8,64},{0,9,225},{16,7,6},
+        {0,8,88},{0,8,24},{0,9,145},{19,7,59},{0,8,120},{0,8,56},{0,9,209},
+        {17,7,17},{0,8,104},{0,8,40},{0,9,177},{0,8,8},{0,8,136},{0,8,72},
+        {0,9,241},{16,7,4},{0,8,84},{0,8,20},{21,8,227},{19,7,43},{0,8,116},
+        {0,8,52},{0,9,201},{17,7,13},{0,8,100},{0,8,36},{0,9,169},{0,8,4},
+        {0,8,132},{0,8,68},{0,9,233},{16,7,8},{0,8,92},{0,8,28},{0,9,153},
+        {20,7,83},{0,8,124},{0,8,60},{0,9,217},{18,7,23},{0,8,108},{0,8,44},
+        {0,9,185},{0,8,12},{0,8,140},{0,8,76},{0,9,249},{16,7,3},{0,8,82},
+        {0,8,18},{21,8,163},{19,7,35},{0,8,114},{0,8,50},{0,9,197},{17,7,11},
+        {0,8,98},{0,8,34},{0,9,165},{0,8,2},{0,8,130},{0,8,66},{0,9,229},
+        {16,7,7},{0,8,90},{0,8,26},{0,9,149},{20,7,67},{0,8,122},{0,8,58},
+        {0,9,213},{18,7,19},{0,8,106},{0,8,42},{0,9,181},{0,8,10},{0,8,138},
+        {0,8,74},{0,9,245},{16,7,5},{0,8,86},{0,8,22},{64,8,0},{19,7,51},
+        {0,8,118},{0,8,54},{0,9,205},{17,7,15},{0,8,102},{0,8,38},{0,9,173},
+        {0,8,6},{0,8,134},{0,8,70},{0,9,237},{16,7,9},{0,8,94},{0,8,30},
+        {0,9,157},{20,7,99},{0,8,126},{0,8,62},{0,9,221},{18,7,27},{0,8,110},
+        {0,8,46},{0,9,189},{0,8,14},{0,8,142},{0,8,78},{0,9,253},{96,7,0},
+        {0,8,81},{0,8,17},{21,8,131},{18,7,31},{0,8,113},{0,8,49},{0,9,195},
+        {16,7,10},{0,8,97},{0,8,33},{0,9,163},{0,8,1},{0,8,129},{0,8,65},
+        {0,9,227},{16,7,6},{0,8,89},{0,8,25},{0,9,147},{19,7,59},{0,8,121},
+        {0,8,57},{0,9,211},{17,7,17},{0,8,105},{0,8,41},{0,9,179},{0,8,9},
+        {0,8,137},{0,8,73},{0,9,243},{16,7,4},{0,8,85},{0,8,21},{16,8,258},
+        {19,7,43},{0,8,117},{0,8,53},{0,9,203},{17,7,13},{0,8,101},{0,8,37},
+        {0,9,171},{0,8,5},{0,8,133},{0,8,69},{0,9,235},{16,7,8},{0,8,93},
+        {0,8,29},{0,9,155},{20,7,83},{0,8,125},{0,8,61},{0,9,219},{18,7,23},
+        {0,8,109},{0,8,45},{0,9,187},{0,8,13},{0,8,141},{0,8,77},{0,9,251},
+        {16,7,3},{0,8,83},{0,8,19},{21,8,195},{19,7,35},{0,8,115},{0,8,51},
+        {0,9,199},{17,7,11},{0,8,99},{0,8,35},{0,9,167},{0,8,3},{0,8,131},
+        {0,8,67},{0,9,231},{16,7,7},{0,8,91},{0,8,27},{0,9,151},{20,7,67},
+        {0,8,123},{0,8,59},{0,9,215},{18,7,19},{0,8,107},{0,8,43},{0,9,183},
+        {0,8,11},{0,8,139},{0,8,75},{0,9,247},{16,7,5},{0,8,87},{0,8,23},
+        {64,8,0},{19,7,51},{0,8,119},{0,8,55},{0,9,207},{17,7,15},{0,8,103},
+        {0,8,39},{0,9,175},{0,8,7},{0,8,135},{0,8,71},{0,9,239},{16,7,9},
+        {0,8,95},{0,8,31},{0,9,159},{20,7,99},{0,8,127},{0,8,63},{0,9,223},
+        {18,7,27},{0,8,111},{0,8,47},{0,9,191},{0,8,15},{0,8,143},{0,8,79},
+        {0,9,255}
+    };
+
+    static const code distfix[32] = {
+        {16,5,1},{23,5,257},{19,5,17},{27,5,4097},{17,5,5},{25,5,1025},
+        {21,5,65},{29,5,16385},{16,5,3},{24,5,513},{20,5,33},{28,5,8193},
+        {18,5,9},{26,5,2049},{22,5,129},{64,5,0},{16,5,2},{23,5,385},
+        {19,5,25},{27,5,6145},{17,5,7},{25,5,1537},{21,5,97},{29,5,24577},
+        {16,5,4},{24,5,769},{20,5,49},{28,5,12289},{18,5,13},{26,5,3073},
+        {22,5,193},{64,5,0}
+    };
diff --git a/nss/lib/zlib/inflate.c b/nss/lib/zlib/inflate.c
new file mode 100644
index 0000000..a8431ab
--- /dev/null
+++ b/nss/lib/zlib/inflate.c
@@ -0,0 +1,1480 @@
+/* inflate.c -- zlib decompression
+ * Copyright (C) 1995-2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ * Change history:
+ *
+ * 1.2.beta0    24 Nov 2002
+ * - First version -- complete rewrite of inflate to simplify code, avoid
+ *   creation of window when not needed, minimize use of window when it is
+ *   needed, make inffast.c even faster, implement gzip decoding, and to
+ *   improve code readability and style over the previous zlib inflate code
+ *
+ * 1.2.beta1    25 Nov 2002
+ * - Use pointers for available input and output checking in inffast.c
+ * - Remove input and output counters in inffast.c
+ * - Change inffast.c entry and loop from avail_in >= 7 to >= 6
+ * - Remove unnecessary second byte pull from length extra in inffast.c
+ * - Unroll direct copy to three copies per loop in inffast.c
+ *
+ * 1.2.beta2    4 Dec 2002
+ * - Change external routine names to reduce potential conflicts
+ * - Correct filename to inffixed.h for fixed tables in inflate.c
+ * - Make hbuf[] unsigned char to match parameter type in inflate.c
+ * - Change strm->next_out[-state->offset] to *(strm->next_out - state->offset)
+ *   to avoid negation problem on Alphas (64 bit) in inflate.c
+ *
+ * 1.2.beta3    22 Dec 2002
+ * - Add comments on state->bits assertion in inffast.c
+ * - Add comments on op field in inftrees.h
+ * - Fix bug in reuse of allocated window after inflateReset()
+ * - Remove bit fields--back to byte structure for speed
+ * - Remove distance extra == 0 check in inflate_fast()--only helps for lengths
+ * - Change post-increments to pre-increments in inflate_fast(), PPC biased?
+ * - Add compile time option, POSTINC, to use post-increments instead (Intel?)
+ * - Make MATCH copy in inflate() much faster for when inflate_fast() not used
+ * - Use local copies of stream next and avail values, as well as local bit
+ *   buffer and bit count in inflate()--for speed when inflate_fast() not used
+ *
+ * 1.2.beta4    1 Jan 2003
+ * - Split ptr - 257 statements in inflate_table() to avoid compiler warnings
+ * - Move a comment on output buffer sizes from inffast.c to inflate.c
+ * - Add comments in inffast.c to introduce the inflate_fast() routine
+ * - Rearrange window copies in inflate_fast() for speed and simplification
+ * - Unroll last copy for window match in inflate_fast()
+ * - Use local copies of window variables in inflate_fast() for speed
+ * - Pull out common wnext == 0 case for speed in inflate_fast()
+ * - Make op and len in inflate_fast() unsigned for consistency
+ * - Add FAR to lcode and dcode declarations in inflate_fast()
+ * - Simplified bad distance check in inflate_fast()
+ * - Added inflateBackInit(), inflateBack(), and inflateBackEnd() in new
+ *   source file infback.c to provide a call-back interface to inflate for
+ *   programs like gzip and unzip -- uses window as output buffer to avoid
+ *   window copying
+ *
+ * 1.2.beta5    1 Jan 2003
+ * - Improved inflateBack() interface to allow the caller to provide initial
+ *   input in strm.
+ * - Fixed stored blocks bug in inflateBack()
+ *
+ * 1.2.beta6    4 Jan 2003
+ * - Added comments in inffast.c on effectiveness of POSTINC
+ * - Typecasting all around to reduce compiler warnings
+ * - Changed loops from while (1) or do {} while (1) to for (;;), again to
+ *   make compilers happy
+ * - Changed type of window in inflateBackInit() to unsigned char *
+ *
+ * 1.2.beta7    27 Jan 2003
+ * - Changed many types to unsigned or unsigned short to avoid warnings
+ * - Added inflateCopy() function
+ *
+ * 1.2.0        9 Mar 2003
+ * - Changed inflateBack() interface to provide separate opaque descriptors
+ *   for the in() and out() functions
+ * - Changed inflateBack() argument and in_func typedef to swap the length
+ *   and buffer address return values for the input function
+ * - Check next_in and next_out for Z_NULL on entry to inflate()
+ *
+ * The history for versions after 1.2.0 are in ChangeLog in zlib distribution.
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+#ifdef MAKEFIXED
+#  ifndef BUILDFIXED
+#    define BUILDFIXED
+#  endif
+#endif
+
+/* function prototypes */
+local void fixedtables OF((struct inflate_state FAR *state));
+local int updatewindow OF((z_streamp strm, unsigned out));
+#ifdef BUILDFIXED
+   void makefixed OF((void));
+#endif
+local unsigned syncsearch OF((unsigned FAR *have, unsigned char FAR *buf,
+                              unsigned len));
+
+int ZEXPORT inflateReset(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    strm->total_in = strm->total_out = state->total = 0;
+    strm->msg = Z_NULL;
+    strm->adler = 1;        /* to support ill-conceived Java test suite */
+    state->mode = HEAD;
+    state->last = 0;
+    state->havedict = 0;
+    state->dmax = 32768U;
+    state->head = Z_NULL;
+    state->wsize = 0;
+    state->whave = 0;
+    state->wnext = 0;
+    state->hold = 0;
+    state->bits = 0;
+    state->lencode = state->distcode = state->next = state->codes;
+    state->sane = 1;
+    state->back = -1;
+    Tracev((stderr, "inflate: reset\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateReset2(strm, windowBits)
+z_streamp strm;
+int windowBits;
+{
+    int wrap;
+    struct inflate_state FAR *state;
+
+    /* get the state */
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* extract wrap request from windowBits parameter */
+    if (windowBits < 0) {
+        wrap = 0;
+        windowBits = -windowBits;
+    }
+    else {
+        wrap = (windowBits >> 4) + 1;
+#ifdef GUNZIP
+        if (windowBits < 48)
+            windowBits &= 15;
+#endif
+    }
+
+    /* set number of window bits, free window if different */
+    if (windowBits && (windowBits < 8 || windowBits > 15))
+        return Z_STREAM_ERROR;
+    if (state->window != Z_NULL && state->wbits != (unsigned)windowBits) {
+        ZFREE(strm, state->window);
+        state->window = Z_NULL;
+    }
+
+    /* update state and reset the rest of it */
+    state->wrap = wrap;
+    state->wbits = (unsigned)windowBits;
+    return inflateReset(strm);
+}
+
+int ZEXPORT inflateInit2_(strm, windowBits, version, stream_size)
+z_streamp strm;
+int windowBits;
+const char *version;
+int stream_size;
+{
+    int ret;
+    struct inflate_state FAR *state;
+
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
+    if (strm == Z_NULL) return Z_STREAM_ERROR;
+    strm->msg = Z_NULL;                 /* in case we return an error */
+    if (strm->zalloc == (alloc_func)0) {
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+    }
+    if (strm->zfree == (free_func)0) strm->zfree = zcfree;
+    state = (struct inflate_state FAR *)
+            ZALLOC(strm, 1, sizeof(struct inflate_state));
+    if (state == Z_NULL) return Z_MEM_ERROR;
+    Tracev((stderr, "inflate: allocated\n"));
+    strm->state = (struct internal_state FAR *)state;
+    state->window = Z_NULL;
+    ret = inflateReset2(strm, windowBits);
+    if (ret != Z_OK) {
+        ZFREE(strm, state);
+        strm->state = Z_NULL;
+    }
+    return ret;
+}
+
+int ZEXPORT inflateInit_(strm, version, stream_size)
+z_streamp strm;
+const char *version;
+int stream_size;
+{
+    return inflateInit2_(strm, DEF_WBITS, version, stream_size);
+}
+
+int ZEXPORT inflatePrime(strm, bits, value)
+z_streamp strm;
+int bits;
+int value;
+{
+    struct inflate_state FAR *state;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (bits < 0) {
+        state->hold = 0;
+        state->bits = 0;
+        return Z_OK;
+    }
+    if (bits > 16 || state->bits + bits > 32) return Z_STREAM_ERROR;
+    value &= (1L << bits) - 1;
+    state->hold += value << state->bits;
+    state->bits += bits;
+    return Z_OK;
+}
+
+/*
+   Return state with length and distance decoding tables and index sizes set to
+   fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+   If BUILDFIXED is defined, then instead this routine builds the tables the
+   first time it's called, and returns those tables the first time and
+   thereafter.  This reduces the size of the code by about 2K bytes, in
+   exchange for a little execution time.  However, BUILDFIXED should not be
+   used for threaded applications, since the rewriting of the tables and virgin
+   may not be thread-safe.
+ */
+local void fixedtables(state)
+struct inflate_state FAR *state;
+{
+#ifdef BUILDFIXED
+    static int virgin = 1;
+    static code *lenfix, *distfix;
+    static code fixed[544];
+
+    /* build fixed huffman tables if first call (may not be thread safe) */
+    if (virgin) {
+        unsigned sym, bits;
+        static code *next;
+
+        /* literal/length table */
+        sym = 0;
+        while (sym < 144) state->lens[sym++] = 8;
+        while (sym < 256) state->lens[sym++] = 9;
+        while (sym < 280) state->lens[sym++] = 7;
+        while (sym < 288) state->lens[sym++] = 8;
+        next = fixed;
+        lenfix = next;
+        bits = 9;
+        inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work);
+
+        /* distance table */
+        sym = 0;
+        while (sym < 32) state->lens[sym++] = 5;
+        distfix = next;
+        bits = 5;
+        inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work);
+
+        /* do this just once */
+        virgin = 0;
+    }
+#else /* !BUILDFIXED */
+#   include "inffixed.h"
+#endif /* BUILDFIXED */
+    state->lencode = lenfix;
+    state->lenbits = 9;
+    state->distcode = distfix;
+    state->distbits = 5;
+}
+
+#ifdef MAKEFIXED
+#include <stdio.h>
+
+/*
+   Write out the inffixed.h that is #include'd above.  Defining MAKEFIXED also
+   defines BUILDFIXED, so the tables are built on the fly.  makefixed() writes
+   those tables to stdout, which would be piped to inffixed.h.  A small program
+   can simply call makefixed to do this:
+
+    void makefixed(void);
+
+    int main(void)
+    {
+        makefixed();
+        return 0;
+    }
+
+   Then that can be linked with zlib built with MAKEFIXED defined and run:
+
+    a.out > inffixed.h
+ */
+void makefixed()
+{
+    unsigned low, size;
+    struct inflate_state state;
+
+    fixedtables(&state);
+    puts("    /* inffixed.h -- table for decoding fixed codes");
+    puts("     * Generated automatically by makefixed().");
+    puts("     */");
+    puts("");
+    puts("    /* WARNING: this file should *not* be used by applications.");
+    puts("       It is part of the implementation of this library and is");
+    puts("       subject to change. Applications should only use zlib.h.");
+    puts("     */");
+    puts("");
+    size = 1U << 9;
+    printf("    static const code lenfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 7) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", state.lencode[low].op, state.lencode[low].bits,
+               state.lencode[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+    size = 1U << 5;
+    printf("\n    static const code distfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 6) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", state.distcode[low].op, state.distcode[low].bits,
+               state.distcode[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+}
+#endif /* MAKEFIXED */
+
+/*
+   Update the window with the last wsize (normally 32K) bytes written before
+   returning.  If window does not exist yet, create it.  This is only called
+   when a window is already in use, or when output has been written during this
+   inflate call, but the end of the deflate stream has not been reached yet.
+   It is also called to create a window for dictionary data when a dictionary
+   is loaded.
+
+   Providing output buffers larger than 32K to inflate() should provide a speed
+   advantage, since only the last 32K of output is copied to the sliding window
+   upon return from inflate(), and since all distances after the first 32K of
+   output will fall in the output data, making match copies simpler and faster.
+   The advantage may be dependent on the size of the processor's data caches.
+ */
+local int updatewindow(strm, out)
+z_streamp strm;
+unsigned out;
+{
+    struct inflate_state FAR *state;
+    unsigned copy, dist;
+
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* if it hasn't been done already, allocate space for the window */
+    if (state->window == Z_NULL) {
+        state->window = (unsigned char FAR *)
+                        ZALLOC(strm, 1U << state->wbits,
+                               sizeof(unsigned char));
+        if (state->window == Z_NULL) return 1;
+    }
+
+    /* if window not in use yet, initialize */
+    if (state->wsize == 0) {
+        state->wsize = 1U << state->wbits;
+        state->wnext = 0;
+        state->whave = 0;
+    }
+
+    /* copy state->wsize or less output bytes into the circular window */
+    copy = out - strm->avail_out;
+    if (copy >= state->wsize) {
+        zmemcpy(state->window, strm->next_out - state->wsize, state->wsize);
+        state->wnext = 0;
+        state->whave = state->wsize;
+    }
+    else {
+        dist = state->wsize - state->wnext;
+        if (dist > copy) dist = copy;
+        zmemcpy(state->window + state->wnext, strm->next_out - copy, dist);
+        copy -= dist;
+        if (copy) {
+            zmemcpy(state->window, strm->next_out - copy, copy);
+            state->wnext = copy;
+            state->whave = state->wsize;
+        }
+        else {
+            state->wnext += dist;
+            if (state->wnext == state->wsize) state->wnext = 0;
+            if (state->whave < state->wsize) state->whave += dist;
+        }
+    }
+    return 0;
+}
+
+/* Macros for inflate(): */
+
+/* check function to use adler32() for zlib or crc32() for gzip */
+#ifdef GUNZIP
+#  define UPDATE(check, buf, len) \
+    (state->flags ? crc32(check, buf, len) : adler32(check, buf, len))
+#else
+#  define UPDATE(check, buf, len) adler32(check, buf, len)
+#endif
+
+/* check macros for header crc */
+#ifdef GUNZIP
+#  define CRC2(check, word) \
+    do { \
+        hbuf[0] = (unsigned char)(word); \
+        hbuf[1] = (unsigned char)((word) >> 8); \
+        check = crc32(check, hbuf, 2); \
+    } while (0)
+
+#  define CRC4(check, word) \
+    do { \
+        hbuf[0] = (unsigned char)(word); \
+        hbuf[1] = (unsigned char)((word) >> 8); \
+        hbuf[2] = (unsigned char)((word) >> 16); \
+        hbuf[3] = (unsigned char)((word) >> 24); \
+        check = crc32(check, hbuf, 4); \
+    } while (0)
+#endif
+
+/* Load registers with state in inflate() for speed */
+#define LOAD() \
+    do { \
+        put = strm->next_out; \
+        left = strm->avail_out; \
+        next = strm->next_in; \
+        have = strm->avail_in; \
+        hold = state->hold; \
+        bits = state->bits; \
+    } while (0)
+
+/* Restore state from registers in inflate() */
+#define RESTORE() \
+    do { \
+        strm->next_out = put; \
+        strm->avail_out = left; \
+        strm->next_in = next; \
+        strm->avail_in = have; \
+        state->hold = hold; \
+        state->bits = bits; \
+    } while (0)
+
+/* Clear the input bit accumulator */
+#define INITBITS() \
+    do { \
+        hold = 0; \
+        bits = 0; \
+    } while (0)
+
+/* Get a byte of input into the bit accumulator, or return from inflate()
+   if there is no input available. */
+#define PULLBYTE() \
+    do { \
+        if (have == 0) goto inf_leave; \
+        have--; \
+        hold += (unsigned long)(*next++) << bits; \
+        bits += 8; \
+    } while (0)
+
+/* Assure that there are at least n bits in the bit accumulator.  If there is
+   not enough available input to do that, then return from inflate(). */
+#define NEEDBITS(n) \
+    do { \
+        while (bits < (unsigned)(n)) \
+            PULLBYTE(); \
+    } while (0)
+
+/* Return the low n bits of the bit accumulator (n < 16) */
+#define BITS(n) \
+    ((unsigned)hold & ((1U << (n)) - 1))
+
+/* Remove n bits from the bit accumulator */
+#define DROPBITS(n) \
+    do { \
+        hold >>= (n); \
+        bits -= (unsigned)(n); \
+    } while (0)
+
+/* Remove zero to seven bits as needed to go to a byte boundary */
+#define BYTEBITS() \
+    do { \
+        hold >>= bits & 7; \
+        bits -= bits & 7; \
+    } while (0)
+
+/* Reverse the bytes in a 32-bit value */
+#define REVERSE(q) \
+    ((((q) >> 24) & 0xff) + (((q) >> 8) & 0xff00) + \
+     (((q) & 0xff00) << 8) + (((q) & 0xff) << 24))
+
+/*
+   inflate() uses a state machine to process as much input data and generate as
+   much output data as possible before returning.  The state machine is
+   structured roughly as follows:
+
+    for (;;) switch (state) {
+    ...
+    case STATEn:
+        if (not enough input data or output space to make progress)
+            return;
+        ... make progress ...
+        state = STATEm;
+        break;
+    ...
+    }
+
+   so when inflate() is called again, the same case is attempted again, and
+   if the appropriate resources are provided, the machine proceeds to the
+   next state.  The NEEDBITS() macro is usually the way the state evaluates
+   whether it can proceed or should return.  NEEDBITS() does the return if
+   the requested bits are not available.  The typical use of the BITS macros
+   is:
+
+        NEEDBITS(n);
+        ... do something with BITS(n) ...
+        DROPBITS(n);
+
+   where NEEDBITS(n) either returns from inflate() if there isn't enough
+   input left to load n bits into the accumulator, or it continues.  BITS(n)
+   gives the low n bits in the accumulator.  When done, DROPBITS(n) drops
+   the low n bits off the accumulator.  INITBITS() clears the accumulator
+   and sets the number of available bits to zero.  BYTEBITS() discards just
+   enough bits to put the accumulator on a byte boundary.  After BYTEBITS()
+   and a NEEDBITS(8), then BITS(8) would return the next byte in the stream.
+
+   NEEDBITS(n) uses PULLBYTE() to get an available byte of input, or to return
+   if there is no input available.  The decoding of variable length codes uses
+   PULLBYTE() directly in order to pull just enough bytes to decode the next
+   code, and no more.
+
+   Some states loop until they get enough input, making sure that enough
+   state information is maintained to continue the loop where it left off
+   if NEEDBITS() returns in the loop.  For example, want, need, and keep
+   would all have to actually be part of the saved state in case NEEDBITS()
+   returns:
+
+    case STATEw:
+        while (want < need) {
+            NEEDBITS(n);
+            keep[want++] = BITS(n);
+            DROPBITS(n);
+        }
+        state = STATEx;
+    case STATEx:
+
+   As shown above, if the next state is also the next case, then the break
+   is omitted.
+
+   A state may also return if there is not enough output space available to
+   complete that state.  Those states are copying stored data, writing a
+   literal byte, and copying a matching string.
+
+   When returning, a "goto inf_leave" is used to update the total counters,
+   update the check value, and determine whether any progress has been made
+   during that inflate() call in order to return the proper return code.
+   Progress is defined as a change in either strm->avail_in or strm->avail_out.
+   When there is a window, goto inf_leave will update the window with the last
+   output written.  If a goto inf_leave occurs in the middle of decompression
+   and there is no window currently, goto inf_leave will create one and copy
+   output to the window for the next call of inflate().
+
+   In this implementation, the flush parameter of inflate() only affects the
+   return code (per zlib.h).  inflate() always writes as much as possible to
+   strm->next_out, given the space available and the provided input--the effect
+   documented in zlib.h of Z_SYNC_FLUSH.  Furthermore, inflate() always defers
+   the allocation of and copying into a sliding window until necessary, which
+   provides the effect documented in zlib.h for Z_FINISH when the entire input
+   stream available.  So the only thing the flush parameter actually does is:
+   when flush is set to Z_FINISH, inflate() cannot return Z_OK.  Instead it
+   will return Z_BUF_ERROR if it has not reached the end of the stream.
+ */
+
+int ZEXPORT inflate(strm, flush)
+z_streamp strm;
+int flush;
+{
+    struct inflate_state FAR *state;
+    unsigned char FAR *next;    /* next input */
+    unsigned char FAR *put;     /* next output */
+    unsigned have, left;        /* available input and output */
+    unsigned long hold;         /* bit buffer */
+    unsigned bits;              /* bits in bit buffer */
+    unsigned in, out;           /* save starting available input and output */
+    unsigned copy;              /* number of stored or match bytes to copy */
+    unsigned char FAR *from;    /* where to copy match bytes from */
+    code here;                  /* current decoding table entry */
+    code last;                  /* parent table entry */
+    unsigned len;               /* length to copy for repeats, bits to drop */
+    int ret;                    /* return code */
+#ifdef GUNZIP
+    unsigned char hbuf[4];      /* buffer for gzip header crc calculation */
+#endif
+    static const unsigned short order[19] = /* permutation of code lengths */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+
+    if (strm == Z_NULL || strm->state == Z_NULL || strm->next_out == Z_NULL ||
+        (strm->next_in == Z_NULL && strm->avail_in != 0))
+        return Z_STREAM_ERROR;
+
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->mode == TYPE) state->mode = TYPEDO;      /* skip check */
+    LOAD();
+    in = have;
+    out = left;
+    ret = Z_OK;
+    for (;;)
+        switch (state->mode) {
+        case HEAD:
+            if (state->wrap == 0) {
+                state->mode = TYPEDO;
+                break;
+            }
+            NEEDBITS(16);
+#ifdef GUNZIP
+            if ((state->wrap & 2) && hold == 0x8b1f) {  /* gzip header */
+                state->check = crc32(0L, Z_NULL, 0);
+                CRC2(state->check, hold);
+                INITBITS();
+                state->mode = FLAGS;
+                break;
+            }
+            state->flags = 0;           /* expect zlib header */
+            if (state->head != Z_NULL)
+                state->head->done = -1;
+            if (!(state->wrap & 1) ||   /* check if zlib header allowed */
+#else
+            if (
+#endif
+                ((BITS(8) << 8) + (hold >> 8)) % 31) {
+                strm->msg = (char *)"incorrect header check";
+                state->mode = BAD;
+                break;
+            }
+            if (BITS(4) != Z_DEFLATED) {
+                strm->msg = (char *)"unknown compression method";
+                state->mode = BAD;
+                break;
+            }
+            DROPBITS(4);
+            len = BITS(4) + 8;
+            if (state->wbits == 0)
+                state->wbits = len;
+            else if (len > state->wbits) {
+                strm->msg = (char *)"invalid window size";
+                state->mode = BAD;
+                break;
+            }
+            state->dmax = 1U << len;
+            Tracev((stderr, "inflate:   zlib header ok\n"));
+            strm->adler = state->check = adler32(0L, Z_NULL, 0);
+            state->mode = hold & 0x200 ? DICTID : TYPE;
+            INITBITS();
+            break;
+#ifdef GUNZIP
+        case FLAGS:
+            NEEDBITS(16);
+            state->flags = (int)(hold);
+            if ((state->flags & 0xff) != Z_DEFLATED) {
+                strm->msg = (char *)"unknown compression method";
+                state->mode = BAD;
+                break;
+            }
+            if (state->flags & 0xe000) {
+                strm->msg = (char *)"unknown header flags set";
+                state->mode = BAD;
+                break;
+            }
+            if (state->head != Z_NULL)
+                state->head->text = (int)((hold >> 8) & 1);
+            if (state->flags & 0x0200) CRC2(state->check, hold);
+            INITBITS();
+            state->mode = TIME;
+        case TIME:
+            NEEDBITS(32);
+            if (state->head != Z_NULL)
+                state->head->time = hold;
+            if (state->flags & 0x0200) CRC4(state->check, hold);
+            INITBITS();
+            state->mode = OS;
+        case OS:
+            NEEDBITS(16);
+            if (state->head != Z_NULL) {
+                state->head->xflags = (int)(hold & 0xff);
+                state->head->os = (int)(hold >> 8);
+            }
+            if (state->flags & 0x0200) CRC2(state->check, hold);
+            INITBITS();
+            state->mode = EXLEN;
+        case EXLEN:
+            if (state->flags & 0x0400) {
+                NEEDBITS(16);
+                state->length = (unsigned)(hold);
+                if (state->head != Z_NULL)
+                    state->head->extra_len = (unsigned)hold;
+                if (state->flags & 0x0200) CRC2(state->check, hold);
+                INITBITS();
+            }
+            else if (state->head != Z_NULL)
+                state->head->extra = Z_NULL;
+            state->mode = EXTRA;
+        case EXTRA:
+            if (state->flags & 0x0400) {
+                copy = state->length;
+                if (copy > have) copy = have;
+                if (copy) {
+                    if (state->head != Z_NULL &&
+                        state->head->extra != Z_NULL) {
+                        len = state->head->extra_len - state->length;
+                        zmemcpy(state->head->extra + len, next,
+                                len + copy > state->head->extra_max ?
+                                state->head->extra_max - len : copy);
+                    }
+                    if (state->flags & 0x0200)
+                        state->check = crc32(state->check, next, copy);
+                    have -= copy;
+                    next += copy;
+                    state->length -= copy;
+                }
+                if (state->length) goto inf_leave;
+            }
+            state->length = 0;
+            state->mode = NAME;
+        case NAME:
+            if (state->flags & 0x0800) {
+                if (have == 0) goto inf_leave;
+                copy = 0;
+                do {
+                    len = (unsigned)(next[copy++]);
+                    if (state->head != Z_NULL &&
+                            state->head->name != Z_NULL &&
+                            state->length < state->head->name_max)
+                        state->head->name[state->length++] = len;
+                } while (len && copy < have);
+                if (state->flags & 0x0200)
+                    state->check = crc32(state->check, next, copy);
+                have -= copy;
+                next += copy;
+                if (len) goto inf_leave;
+            }
+            else if (state->head != Z_NULL)
+                state->head->name = Z_NULL;
+            state->length = 0;
+            state->mode = COMMENT;
+        case COMMENT:
+            if (state->flags & 0x1000) {
+                if (have == 0) goto inf_leave;
+                copy = 0;
+                do {
+                    len = (unsigned)(next[copy++]);
+                    if (state->head != Z_NULL &&
+                            state->head->comment != Z_NULL &&
+                            state->length < state->head->comm_max)
+                        state->head->comment[state->length++] = len;
+                } while (len && copy < have);
+                if (state->flags & 0x0200)
+                    state->check = crc32(state->check, next, copy);
+                have -= copy;
+                next += copy;
+                if (len) goto inf_leave;
+            }
+            else if (state->head != Z_NULL)
+                state->head->comment = Z_NULL;
+            state->mode = HCRC;
+        case HCRC:
+            if (state->flags & 0x0200) {
+                NEEDBITS(16);
+                if (hold != (state->check & 0xffff)) {
+                    strm->msg = (char *)"header crc mismatch";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+            }
+            if (state->head != Z_NULL) {
+                state->head->hcrc = (int)((state->flags >> 9) & 1);
+                state->head->done = 1;
+            }
+            strm->adler = state->check = crc32(0L, Z_NULL, 0);
+            state->mode = TYPE;
+            break;
+#endif
+        case DICTID:
+            NEEDBITS(32);
+            strm->adler = state->check = REVERSE(hold);
+            INITBITS();
+            state->mode = DICT;
+        case DICT:
+            if (state->havedict == 0) {
+                RESTORE();
+                return Z_NEED_DICT;
+            }
+            strm->adler = state->check = adler32(0L, Z_NULL, 0);
+            state->mode = TYPE;
+        case TYPE:
+            if (flush == Z_BLOCK || flush == Z_TREES) goto inf_leave;
+        case TYPEDO:
+            if (state->last) {
+                BYTEBITS();
+                state->mode = CHECK;
+                break;
+            }
+            NEEDBITS(3);
+            state->last = BITS(1);
+            DROPBITS(1);
+            switch (BITS(2)) {
+            case 0:                             /* stored block */
+                Tracev((stderr, "inflate:     stored block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = STORED;
+                break;
+            case 1:                             /* fixed block */
+                fixedtables(state);
+                Tracev((stderr, "inflate:     fixed codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = LEN_;             /* decode codes */
+                if (flush == Z_TREES) {
+                    DROPBITS(2);
+                    goto inf_leave;
+                }
+                break;
+            case 2:                             /* dynamic block */
+                Tracev((stderr, "inflate:     dynamic codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = TABLE;
+                break;
+            case 3:
+                strm->msg = (char *)"invalid block type";
+                state->mode = BAD;
+            }
+            DROPBITS(2);
+            break;
+        case STORED:
+            BYTEBITS();                         /* go to byte boundary */
+            NEEDBITS(32);
+            if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
+                strm->msg = (char *)"invalid stored block lengths";
+                state->mode = BAD;
+                break;
+            }
+            state->length = (unsigned)hold & 0xffff;
+            Tracev((stderr, "inflate:       stored length %u\n",
+                    state->length));
+            INITBITS();
+            state->mode = COPY_;
+            if (flush == Z_TREES) goto inf_leave;
+        case COPY_:
+            state->mode = COPY;
+        case COPY:
+            copy = state->length;
+            if (copy) {
+                if (copy > have) copy = have;
+                if (copy > left) copy = left;
+                if (copy == 0) goto inf_leave;
+                zmemcpy(put, next, copy);
+                have -= copy;
+                next += copy;
+                left -= copy;
+                put += copy;
+                state->length -= copy;
+                break;
+            }
+            Tracev((stderr, "inflate:       stored end\n"));
+            state->mode = TYPE;
+            break;
+        case TABLE:
+            NEEDBITS(14);
+            state->nlen = BITS(5) + 257;
+            DROPBITS(5);
+            state->ndist = BITS(5) + 1;
+            DROPBITS(5);
+            state->ncode = BITS(4) + 4;
+            DROPBITS(4);
+#ifndef PKZIP_BUG_WORKAROUND
+            if (state->nlen > 286 || state->ndist > 30) {
+                strm->msg = (char *)"too many length or distance symbols";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracev((stderr, "inflate:       table sizes ok\n"));
+            state->have = 0;
+            state->mode = LENLENS;
+        case LENLENS:
+            while (state->have < state->ncode) {
+                NEEDBITS(3);
+                state->lens[order[state->have++]] = (unsigned short)BITS(3);
+                DROPBITS(3);
+            }
+            while (state->have < 19)
+                state->lens[order[state->have++]] = 0;
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 7;
+            ret = inflate_table(CODES, state->lens, 19, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid code lengths set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       code lengths ok\n"));
+            state->have = 0;
+            state->mode = CODELENS;
+        case CODELENS:
+            while (state->have < state->nlen + state->ndist) {
+                for (;;) {
+                    here = state->lencode[BITS(state->lenbits)];
+                    if ((unsigned)(here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                if (here.val < 16) {
+                    NEEDBITS(here.bits);
+                    DROPBITS(here.bits);
+                    state->lens[state->have++] = here.val;
+                }
+                else {
+                    if (here.val == 16) {
+                        NEEDBITS(here.bits + 2);
+                        DROPBITS(here.bits);
+                        if (state->have == 0) {
+                            strm->msg = (char *)"invalid bit length repeat";
+                            state->mode = BAD;
+                            break;
+                        }
+                        len = state->lens[state->have - 1];
+                        copy = 3 + BITS(2);
+                        DROPBITS(2);
+                    }
+                    else if (here.val == 17) {
+                        NEEDBITS(here.bits + 3);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 3 + BITS(3);
+                        DROPBITS(3);
+                    }
+                    else {
+                        NEEDBITS(here.bits + 7);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 11 + BITS(7);
+                        DROPBITS(7);
+                    }
+                    if (state->have + copy > state->nlen + state->ndist) {
+                        strm->msg = (char *)"invalid bit length repeat";
+                        state->mode = BAD;
+                        break;
+                    }
+                    while (copy--)
+                        state->lens[state->have++] = (unsigned short)len;
+                }
+            }
+
+            /* handle error breaks in while */
+            if (state->mode == BAD) break;
+
+            /* check for end-of-block code (better have one) */
+            if (state->lens[256] == 0) {
+                strm->msg = (char *)"invalid code -- missing end-of-block";
+                state->mode = BAD;
+                break;
+            }
+
+            /* build code tables -- note: do not change the lenbits or distbits
+               values here (9 and 6) without reading the comments in inftrees.h
+               concerning the ENOUGH constants, which depend on those values */
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 9;
+            ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid literal/lengths set";
+                state->mode = BAD;
+                break;
+            }
+            state->distcode = (code const FAR *)(state->next);
+            state->distbits = 6;
+            ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
+                            &(state->next), &(state->distbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid distances set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       codes ok\n"));
+            state->mode = LEN_;
+            if (flush == Z_TREES) goto inf_leave;
+        case LEN_:
+            state->mode = LEN;
+        case LEN:
+            if (have >= 6 && left >= 258) {
+                RESTORE();
+                inflate_fast(strm, out);
+                LOAD();
+                if (state->mode == TYPE)
+                    state->back = -1;
+                break;
+            }
+            state->back = 0;
+            for (;;) {
+                here = state->lencode[BITS(state->lenbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if (here.op && (here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->lencode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+                state->back += last.bits;
+            }
+            DROPBITS(here.bits);
+            state->back += here.bits;
+            state->length = (unsigned)here.val;
+            if ((int)(here.op) == 0) {
+                Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                        "inflate:         literal '%c'\n" :
+                        "inflate:         literal 0x%02x\n", here.val));
+                state->mode = LIT;
+                break;
+            }
+            if (here.op & 32) {
+                Tracevv((stderr, "inflate:         end of block\n"));
+                state->back = -1;
+                state->mode = TYPE;
+                break;
+            }
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid literal/length code";
+                state->mode = BAD;
+                break;
+            }
+            state->extra = (unsigned)(here.op) & 15;
+            state->mode = LENEXT;
+        case LENEXT:
+            if (state->extra) {
+                NEEDBITS(state->extra);
+                state->length += BITS(state->extra);
+                DROPBITS(state->extra);
+                state->back += state->extra;
+            }
+            Tracevv((stderr, "inflate:         length %u\n", state->length));
+            state->was = state->length;
+            state->mode = DIST;
+        case DIST:
+            for (;;) {
+                here = state->distcode[BITS(state->distbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if ((here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->distcode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+                state->back += last.bits;
+            }
+            DROPBITS(here.bits);
+            state->back += here.bits;
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+            state->offset = (unsigned)here.val;
+            state->extra = (unsigned)(here.op) & 15;
+            state->mode = DISTEXT;
+        case DISTEXT:
+            if (state->extra) {
+                NEEDBITS(state->extra);
+                state->offset += BITS(state->extra);
+                DROPBITS(state->extra);
+                state->back += state->extra;
+            }
+#ifdef INFLATE_STRICT
+            if (state->offset > state->dmax) {
+                strm->msg = (char *)"invalid distance too far back";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracevv((stderr, "inflate:         distance %u\n", state->offset));
+            state->mode = MATCH;
+        case MATCH:
+            if (left == 0) goto inf_leave;
+            copy = out - left;
+            if (state->offset > copy) {         /* copy from window */
+                copy = state->offset - copy;
+                if (copy > state->whave) {
+                    if (state->sane) {
+                        strm->msg = (char *)"invalid distance too far back";
+                        state->mode = BAD;
+                        break;
+                    }
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+                    Trace((stderr, "inflate.c too far\n"));
+                    copy -= state->whave;
+                    if (copy > state->length) copy = state->length;
+                    if (copy > left) copy = left;
+                    left -= copy;
+                    state->length -= copy;
+                    do {
+                        *put++ = 0;
+                    } while (--copy);
+                    if (state->length == 0) state->mode = LEN;
+                    break;
+#endif
+                }
+                if (copy > state->wnext) {
+                    copy -= state->wnext;
+                    from = state->window + (state->wsize - copy);
+                }
+                else
+                    from = state->window + (state->wnext - copy);
+                if (copy > state->length) copy = state->length;
+            }
+            else {                              /* copy from output */
+                from = put - state->offset;
+                copy = state->length;
+            }
+            if (copy > left) copy = left;
+            left -= copy;
+            state->length -= copy;
+            do {
+                *put++ = *from++;
+            } while (--copy);
+            if (state->length == 0) state->mode = LEN;
+            break;
+        case LIT:
+            if (left == 0) goto inf_leave;
+            *put++ = (unsigned char)(state->length);
+            left--;
+            state->mode = LEN;
+            break;
+        case CHECK:
+            if (state->wrap) {
+                NEEDBITS(32);
+                out -= left;
+                strm->total_out += out;
+                state->total += out;
+                if (out)
+                    strm->adler = state->check =
+                        UPDATE(state->check, put - out, out);
+                out = left;
+                if ((
+#ifdef GUNZIP
+                     state->flags ? hold :
+#endif
+                     REVERSE(hold)) != state->check) {
+                    strm->msg = (char *)"incorrect data check";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+                Tracev((stderr, "inflate:   check matches trailer\n"));
+            }
+#ifdef GUNZIP
+            state->mode = LENGTH;
+        case LENGTH:
+            if (state->wrap && state->flags) {
+                NEEDBITS(32);
+                if (hold != (state->total & 0xffffffffUL)) {
+                    strm->msg = (char *)"incorrect length check";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+                Tracev((stderr, "inflate:   length matches trailer\n"));
+            }
+#endif
+            state->mode = DONE;
+        case DONE:
+            ret = Z_STREAM_END;
+            goto inf_leave;
+        case BAD:
+            ret = Z_DATA_ERROR;
+            goto inf_leave;
+        case MEM:
+            return Z_MEM_ERROR;
+        case SYNC:
+        default:
+            return Z_STREAM_ERROR;
+        }
+
+    /*
+       Return from inflate(), updating the total counts and the check value.
+       If there was no progress during the inflate() call, return a buffer
+       error.  Call updatewindow() to create and/or update the window state.
+       Note: a memory error from inflate() is non-recoverable.
+     */
+  inf_leave:
+    RESTORE();
+    if (state->wsize || (state->mode < CHECK && out != strm->avail_out))
+        if (updatewindow(strm, out)) {
+            state->mode = MEM;
+            return Z_MEM_ERROR;
+        }
+    in -= strm->avail_in;
+    out -= strm->avail_out;
+    strm->total_in += in;
+    strm->total_out += out;
+    state->total += out;
+    if (state->wrap && out)
+        strm->adler = state->check =
+            UPDATE(state->check, strm->next_out - out, out);
+    strm->data_type = state->bits + (state->last ? 64 : 0) +
+                      (state->mode == TYPE ? 128 : 0) +
+                      (state->mode == LEN_ || state->mode == COPY_ ? 256 : 0);
+    if (((in == 0 && out == 0) || flush == Z_FINISH) && ret == Z_OK)
+        ret = Z_BUF_ERROR;
+    return ret;
+}
+
+int ZEXPORT inflateEnd(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+    if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->window != Z_NULL) ZFREE(strm, state->window);
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+    Tracev((stderr, "inflate: end\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateSetDictionary(strm, dictionary, dictLength)
+z_streamp strm;
+const Bytef *dictionary;
+uInt dictLength;
+{
+    struct inflate_state FAR *state;
+    unsigned long id;
+
+    /* check state */
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->wrap != 0 && state->mode != DICT)
+        return Z_STREAM_ERROR;
+
+    /* check for correct dictionary id */
+    if (state->mode == DICT) {
+        id = adler32(0L, Z_NULL, 0);
+        id = adler32(id, dictionary, dictLength);
+        if (id != state->check)
+            return Z_DATA_ERROR;
+    }
+
+    /* copy dictionary to window */
+    if (updatewindow(strm, strm->avail_out)) {
+        state->mode = MEM;
+        return Z_MEM_ERROR;
+    }
+    if (dictLength > state->wsize) {
+        zmemcpy(state->window, dictionary + dictLength - state->wsize,
+                state->wsize);
+        state->whave = state->wsize;
+    }
+    else {
+        zmemcpy(state->window + state->wsize - dictLength, dictionary,
+                dictLength);
+        state->whave = dictLength;
+    }
+    state->havedict = 1;
+    Tracev((stderr, "inflate:   dictionary set\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateGetHeader(strm, head)
+z_streamp strm;
+gz_headerp head;
+{
+    struct inflate_state FAR *state;
+
+    /* check state */
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if ((state->wrap & 2) == 0) return Z_STREAM_ERROR;
+
+    /* save header structure */
+    state->head = head;
+    head->done = 0;
+    return Z_OK;
+}
+
+/*
+   Search buf[0..len-1] for the pattern: 0, 0, 0xff, 0xff.  Return when found
+   or when out of input.  When called, *have is the number of pattern bytes
+   found in order so far, in 0..3.  On return *have is updated to the new
+   state.  If on return *have equals four, then the pattern was found and the
+   return value is how many bytes were read including the last byte of the
+   pattern.  If *have is less than four, then the pattern has not been found
+   yet and the return value is len.  In the latter case, syncsearch() can be
+   called again with more data and the *have state.  *have is initialized to
+   zero for the first call.
+ */
+local unsigned syncsearch(have, buf, len)
+unsigned FAR *have;
+unsigned char FAR *buf;
+unsigned len;
+{
+    unsigned got;
+    unsigned next;
+
+    got = *have;
+    next = 0;
+    while (next < len && got < 4) {
+        if ((int)(buf[next]) == (got < 2 ? 0 : 0xff))
+            got++;
+        else if (buf[next])
+            got = 0;
+        else
+            got = 4 - got;
+        next++;
+    }
+    *have = got;
+    return next;
+}
+
+int ZEXPORT inflateSync(strm)
+z_streamp strm;
+{
+    unsigned len;               /* number of bytes to look at or looked at */
+    unsigned long in, out;      /* temporary to save total_in and total_out */
+    unsigned char buf[4];       /* to restore bit buffer to byte string */
+    struct inflate_state FAR *state;
+
+    /* check parameters */
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (strm->avail_in == 0 && state->bits < 8) return Z_BUF_ERROR;
+
+    /* if first time, start search in bit buffer */
+    if (state->mode != SYNC) {
+        state->mode = SYNC;
+        state->hold <<= state->bits & 7;
+        state->bits -= state->bits & 7;
+        len = 0;
+        while (state->bits >= 8) {
+            buf[len++] = (unsigned char)(state->hold);
+            state->hold >>= 8;
+            state->bits -= 8;
+        }
+        state->have = 0;
+        syncsearch(&(state->have), buf, len);
+    }
+
+    /* search available input */
+    len = syncsearch(&(state->have), strm->next_in, strm->avail_in);
+    strm->avail_in -= len;
+    strm->next_in += len;
+    strm->total_in += len;
+
+    /* return no joy or set up to restart inflate() on a new block */
+    if (state->have != 4) return Z_DATA_ERROR;
+    in = strm->total_in;  out = strm->total_out;
+    inflateReset(strm);
+    strm->total_in = in;  strm->total_out = out;
+    state->mode = TYPE;
+    return Z_OK;
+}
+
+/*
+   Returns true if inflate is currently at the end of a block generated by
+   Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP
+   implementation to provide an additional safety check. PPP uses
+   Z_SYNC_FLUSH but removes the length bytes of the resulting empty stored
+   block. When decompressing, PPP checks that at the end of input packet,
+   inflate is waiting for these length bytes.
+ */
+int ZEXPORT inflateSyncPoint(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    return state->mode == STORED && state->bits == 0;
+}
+
+int ZEXPORT inflateCopy(dest, source)
+z_streamp dest;
+z_streamp source;
+{
+    struct inflate_state FAR *state;
+    struct inflate_state FAR *copy;
+    unsigned char FAR *window;
+    unsigned wsize;
+
+    /* check input */
+    if (dest == Z_NULL || source == Z_NULL || source->state == Z_NULL ||
+        source->zalloc == (alloc_func)0 || source->zfree == (free_func)0)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)source->state;
+
+    /* allocate space */
+    copy = (struct inflate_state FAR *)
+           ZALLOC(source, 1, sizeof(struct inflate_state));
+    if (copy == Z_NULL) return Z_MEM_ERROR;
+    window = Z_NULL;
+    if (state->window != Z_NULL) {
+        window = (unsigned char FAR *)
+                 ZALLOC(source, 1U << state->wbits, sizeof(unsigned char));
+        if (window == Z_NULL) {
+            ZFREE(source, copy);
+            return Z_MEM_ERROR;
+        }
+    }
+
+    /* copy state */
+    zmemcpy(dest, source, sizeof(z_stream));
+    zmemcpy(copy, state, sizeof(struct inflate_state));
+    if (state->lencode >= state->codes &&
+        state->lencode <= state->codes + ENOUGH - 1) {
+        copy->lencode = copy->codes + (state->lencode - state->codes);
+        copy->distcode = copy->codes + (state->distcode - state->codes);
+    }
+    copy->next = copy->codes + (state->next - state->codes);
+    if (window != Z_NULL) {
+        wsize = 1U << state->wbits;
+        zmemcpy(window, state->window, wsize);
+    }
+    copy->window = window;
+    dest->state = (struct internal_state FAR *)copy;
+    return Z_OK;
+}
+
+int ZEXPORT inflateUndermine(strm, subvert)
+z_streamp strm;
+int subvert;
+{
+    struct inflate_state FAR *state;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    state->sane = !subvert;
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+    return Z_OK;
+#else
+    state->sane = 1;
+    return Z_DATA_ERROR;
+#endif
+}
+
+long ZEXPORT inflateMark(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+
+    if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
+    state = (struct inflate_state FAR *)strm->state;
+    return ((long)(state->back) << 16) +
+        (state->mode == COPY ? state->length :
+            (state->mode == MATCH ? state->was - state->length : 0));
+}
diff --git a/nss/lib/zlib/inflate.h b/nss/lib/zlib/inflate.h
new file mode 100644
index 0000000..95f4986
--- /dev/null
+++ b/nss/lib/zlib/inflate.h
@@ -0,0 +1,122 @@
+/* inflate.h -- internal inflate state definition
+ * Copyright (C) 1995-2009 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* define NO_GZIP when compiling if you want to disable gzip header and
+   trailer decoding by inflate().  NO_GZIP would be used to avoid linking in
+   the crc code when it is not needed.  For shared libraries, gzip decoding
+   should be left enabled. */
+#ifndef NO_GZIP
+#  define GUNZIP
+#endif
+
+/* Possible inflate modes between inflate() calls */
+typedef enum {
+    HEAD,       /* i: waiting for magic header */
+    FLAGS,      /* i: waiting for method and flags (gzip) */
+    TIME,       /* i: waiting for modification time (gzip) */
+    OS,         /* i: waiting for extra flags and operating system (gzip) */
+    EXLEN,      /* i: waiting for extra length (gzip) */
+    EXTRA,      /* i: waiting for extra bytes (gzip) */
+    NAME,       /* i: waiting for end of file name (gzip) */
+    COMMENT,    /* i: waiting for end of comment (gzip) */
+    HCRC,       /* i: waiting for header crc (gzip) */
+    DICTID,     /* i: waiting for dictionary check value */
+    DICT,       /* waiting for inflateSetDictionary() call */
+        TYPE,       /* i: waiting for type bits, including last-flag bit */
+        TYPEDO,     /* i: same, but skip check to exit inflate on new block */
+        STORED,     /* i: waiting for stored size (length and complement) */
+        COPY_,      /* i/o: same as COPY below, but only first time in */
+        COPY,       /* i/o: waiting for input or output to copy stored block */
+        TABLE,      /* i: waiting for dynamic block table lengths */
+        LENLENS,    /* i: waiting for code length code lengths */
+        CODELENS,   /* i: waiting for length/lit and distance code lengths */
+            LEN_,       /* i: same as LEN below, but only first time in */
+            LEN,        /* i: waiting for length/lit/eob code */
+            LENEXT,     /* i: waiting for length extra bits */
+            DIST,       /* i: waiting for distance code */
+            DISTEXT,    /* i: waiting for distance extra bits */
+            MATCH,      /* o: waiting for output space to copy string */
+            LIT,        /* o: waiting for output space to write literal */
+    CHECK,      /* i: waiting for 32-bit check value */
+    LENGTH,     /* i: waiting for 32-bit length (gzip) */
+    DONE,       /* finished check, done -- remain here until reset */
+    BAD,        /* got a data error -- remain here until reset */
+    MEM,        /* got an inflate() memory error -- remain here until reset */
+    SYNC        /* looking for synchronization bytes to restart inflate() */
+} inflate_mode;
+
+/*
+    State transitions between above modes -
+
+    (most modes can go to BAD or MEM on error -- not shown for clarity)
+
+    Process header:
+        HEAD -> (gzip) or (zlib) or (raw)
+        (gzip) -> FLAGS -> TIME -> OS -> EXLEN -> EXTRA -> NAME -> COMMENT ->
+                  HCRC -> TYPE
+        (zlib) -> DICTID or TYPE
+        DICTID -> DICT -> TYPE
+        (raw) -> TYPEDO
+    Read deflate blocks:
+            TYPE -> TYPEDO -> STORED or TABLE or LEN_ or CHECK
+            STORED -> COPY_ -> COPY -> TYPE
+            TABLE -> LENLENS -> CODELENS -> LEN_
+            LEN_ -> LEN
+    Read deflate codes in fixed or dynamic block:
+                LEN -> LENEXT or LIT or TYPE
+                LENEXT -> DIST -> DISTEXT -> MATCH -> LEN
+                LIT -> LEN
+    Process trailer:
+        CHECK -> LENGTH -> DONE
+ */
+
+/* state maintained between inflate() calls.  Approximately 10K bytes. */
+struct inflate_state {
+    inflate_mode mode;          /* current inflate mode */
+    int last;                   /* true if processing last block */
+    int wrap;                   /* bit 0 true for zlib, bit 1 true for gzip */
+    int havedict;               /* true if dictionary provided */
+    int flags;                  /* gzip header method and flags (0 if zlib) */
+    unsigned dmax;              /* zlib header max distance (INFLATE_STRICT) */
+    unsigned long check;        /* protected copy of check value */
+    unsigned long total;        /* protected copy of output count */
+    gz_headerp head;            /* where to save gzip header information */
+        /* sliding window */
+    unsigned wbits;             /* log base 2 of requested window size */
+    unsigned wsize;             /* window size or zero if not using window */
+    unsigned whave;             /* valid bytes in the window */
+    unsigned wnext;             /* window write index */
+    unsigned char FAR *window;  /* allocated sliding window, if needed */
+        /* bit accumulator */
+    unsigned long hold;         /* input bit accumulator */
+    unsigned bits;              /* number of bits in "in" */
+        /* for string and stored block copying */
+    unsigned length;            /* literal or length of data to copy */
+    unsigned offset;            /* distance back to copy string from */
+        /* for table and code decoding */
+    unsigned extra;             /* extra bits needed */
+        /* fixed and dynamic code tables */
+    code const FAR *lencode;    /* starting table for length/literal codes */
+    code const FAR *distcode;   /* starting table for distance codes */
+    unsigned lenbits;           /* index bits for lencode */
+    unsigned distbits;          /* index bits for distcode */
+        /* dynamic table building */
+    unsigned ncode;             /* number of code length code lengths */
+    unsigned nlen;              /* number of length code lengths */
+    unsigned ndist;             /* number of distance code lengths */
+    unsigned have;              /* number of code lengths in lens[] */
+    code FAR *next;             /* next available space in codes[] */
+    unsigned short lens[320];   /* temporary storage for code lengths */
+    unsigned short work[288];   /* work area for code table building */
+    code codes[ENOUGH];         /* space for code tables */
+    int sane;                   /* if false, allow invalid distance too far */
+    int back;                   /* bits back of last unprocessed length/lit */
+    unsigned was;               /* initial length of match */
+};
diff --git a/nss/lib/zlib/inftrees.c b/nss/lib/zlib/inftrees.c
new file mode 100644
index 0000000..11e9c52
--- /dev/null
+++ b/nss/lib/zlib/inftrees.c
@@ -0,0 +1,330 @@
+/* inftrees.c -- generate Huffman trees for efficient decoding
+ * Copyright (C) 1995-2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+
+#define MAXBITS 15
+
+const char inflate_copyright[] =
+   " inflate 1.2.5 Copyright 1995-2010 Mark Adler ";
+/*
+  If you use the zlib library in a product, an acknowledgment is welcome
+  in the documentation of your product. If for some reason you cannot
+  include such an acknowledgment, I would appreciate that you keep this
+  copyright string in the executable of your product.
+ */
+
+/*
+   Build a set of tables to decode the provided canonical Huffman code.
+   The code lengths are lens[0..codes-1].  The result starts at *table,
+   whose indices are 0..2^bits-1.  work is a writable array of at least
+   lens shorts, which is used as a work area.  type is the type of code
+   to be generated, CODES, LENS, or DISTS.  On return, zero is success,
+   -1 is an invalid code, and +1 means that ENOUGH isn't enough.  table
+   on return points to the next available entry's address.  bits is the
+   requested root table index bits, and on return it is the actual root
+   table index bits.  It will differ if the request is greater than the
+   longest code or if it is less than the shortest code.
+ */
+int ZLIB_INTERNAL inflate_table(type, lens, codes, table, bits, work)
+codetype type;
+unsigned short FAR *lens;
+unsigned codes;
+code FAR * FAR *table;
+unsigned FAR *bits;
+unsigned short FAR *work;
+{
+    unsigned len;               /* a code's length in bits */
+    unsigned sym;               /* index of code symbols */
+    unsigned min, max;          /* minimum and maximum code lengths */
+    unsigned root;              /* number of index bits for root table */
+    unsigned curr;              /* number of index bits for current table */
+    unsigned drop;              /* code bits to drop for sub-table */
+    int left;                   /* number of prefix codes available */
+    unsigned used;              /* code entries in table used */
+    unsigned huff;              /* Huffman code */
+    unsigned incr;              /* for incrementing code, index */
+    unsigned fill;              /* index for replicating entries */
+    unsigned low;               /* low bits for current root entry */
+    unsigned mask;              /* mask for low root bits */
+    code here;                  /* table entry for duplication */
+    code FAR *next;             /* next available space in table */
+    const unsigned short FAR *base;     /* base value table to use */
+    const unsigned short FAR *extra;    /* extra bits table to use */
+    int end;                    /* use base and extra for symbol > end */
+    unsigned short count[MAXBITS+1];    /* number of codes of each length */
+    unsigned short offs[MAXBITS+1];     /* offsets in table for each length */
+    static const unsigned short lbase[31] = { /* Length codes 257..285 base */
+        3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
+        35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
+    static const unsigned short lext[31] = { /* Length codes 257..285 extra */
+        16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
+        19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 73, 195};
+    static const unsigned short dbase[32] = { /* Distance codes 0..29 base */
+        1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
+        257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
+        8193, 12289, 16385, 24577, 0, 0};
+    static const unsigned short dext[32] = { /* Distance codes 0..29 extra */
+        16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,
+        23, 23, 24, 24, 25, 25, 26, 26, 27, 27,
+        28, 28, 29, 29, 64, 64};
+
+    /*
+       Process a set of code lengths to create a canonical Huffman code.  The
+       code lengths are lens[0..codes-1].  Each length corresponds to the
+       symbols 0..codes-1.  The Huffman code is generated by first sorting the
+       symbols by length from short to long, and retaining the symbol order
+       for codes with equal lengths.  Then the code starts with all zero bits
+       for the first code of the shortest length, and the codes are integer
+       increments for the same length, and zeros are appended as the length
+       increases.  For the deflate format, these bits are stored backwards
+       from their more natural integer increment ordering, and so when the
+       decoding tables are built in the large loop below, the integer codes
+       are incremented backwards.
+
+       This routine assumes, but does not check, that all of the entries in
+       lens[] are in the range 0..MAXBITS.  The caller must assure this.
+       1..MAXBITS is interpreted as that code length.  zero means that that
+       symbol does not occur in this code.
+
+       The codes are sorted by computing a count of codes for each length,
+       creating from that a table of starting indices for each length in the
+       sorted table, and then entering the symbols in order in the sorted
+       table.  The sorted table is work[], with that space being provided by
+       the caller.
+
+       The length counts are used for other purposes as well, i.e. finding
+       the minimum and maximum length codes, determining if there are any
+       codes at all, checking for a valid set of lengths, and looking ahead
+       at length counts to determine sub-table sizes when building the
+       decoding tables.
+     */
+
+    /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */
+    for (len = 0; len <= MAXBITS; len++)
+        count[len] = 0;
+    for (sym = 0; sym < codes; sym++)
+        count[lens[sym]]++;
+
+    /* bound code lengths, force root to be within code lengths */
+    root = *bits;
+    for (max = MAXBITS; max >= 1; max--)
+        if (count[max] != 0) break;
+    if (root > max) root = max;
+    if (max == 0) {                     /* no symbols to code at all */
+        here.op = (unsigned char)64;    /* invalid code marker */
+        here.bits = (unsigned char)1;
+        here.val = (unsigned short)0;
+        *(*table)++ = here;             /* make a table to force an error */
+        *(*table)++ = here;
+        *bits = 1;
+        return 0;     /* no symbols, but wait for decoding to report error */
+    }
+    for (min = 1; min < max; min++)
+        if (count[min] != 0) break;
+    if (root < min) root = min;
+
+    /* check for an over-subscribed or incomplete set of lengths */
+    left = 1;
+    for (len = 1; len <= MAXBITS; len++) {
+        left <<= 1;
+        left -= count[len];
+        if (left < 0) return -1;        /* over-subscribed */
+    }
+    if (left > 0 && (type == CODES || max != 1))
+        return -1;                      /* incomplete set */
+
+    /* generate offsets into symbol table for each length for sorting */
+    offs[1] = 0;
+    for (len = 1; len < MAXBITS; len++)
+        offs[len + 1] = offs[len] + count[len];
+
+    /* sort symbols by length, by symbol order within each length */
+    for (sym = 0; sym < codes; sym++)
+        if (lens[sym] != 0) work[offs[lens[sym]]++] = (unsigned short)sym;
+
+    /*
+       Create and fill in decoding tables.  In this loop, the table being
+       filled is at next and has curr index bits.  The code being used is huff
+       with length len.  That code is converted to an index by dropping drop
+       bits off of the bottom.  For codes where len is less than drop + curr,
+       those top drop + curr - len bits are incremented through all values to
+       fill the table with replicated entries.
+
+       root is the number of index bits for the root table.  When len exceeds
+       root, sub-tables are created pointed to by the root entry with an index
+       of the low root bits of huff.  This is saved in low to check for when a
+       new sub-table should be started.  drop is zero when the root table is
+       being filled, and drop is root when sub-tables are being filled.
+
+       When a new sub-table is needed, it is necessary to look ahead in the
+       code lengths to determine what size sub-table is needed.  The length
+       counts are used for this, and so count[] is decremented as codes are
+       entered in the tables.
+
+       used keeps track of how many table entries have been allocated from the
+       provided *table space.  It is checked for LENS and DIST tables against
+       the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in
+       the initial root table size constants.  See the comments in inftrees.h
+       for more information.
+
+       sym increments through all symbols, and the loop terminates when
+       all codes of length max, i.e. all codes, have been processed.  This
+       routine permits incomplete codes, so another loop after this one fills
+       in the rest of the decoding tables with invalid code markers.
+     */
+
+    /* set up for code type */
+    switch (type) {
+    case CODES:
+        base = extra = work;    /* dummy value--not used */
+        end = 19;
+        break;
+    case LENS:
+        base = lbase;
+        base -= 257;
+        extra = lext;
+        extra -= 257;
+        end = 256;
+        break;
+    default:            /* DISTS */
+        base = dbase;
+        extra = dext;
+        end = -1;
+    }
+
+    /* initialize state for loop */
+    huff = 0;                   /* starting code */
+    sym = 0;                    /* starting code symbol */
+    len = min;                  /* starting code length */
+    next = *table;              /* current table to fill in */
+    curr = root;                /* current table index bits */
+    drop = 0;                   /* current bits to drop from code for index */
+    low = (unsigned)(-1);       /* trigger new sub-table when len > root */
+    used = 1U << root;          /* use root table entries */
+    mask = used - 1;            /* mask for comparing low */
+
+    /* check available table space */
+    if ((type == LENS && used >= ENOUGH_LENS) ||
+        (type == DISTS && used >= ENOUGH_DISTS))
+        return 1;
+
+    /* process all codes and make table entries */
+    for (;;) {
+        /* create table entry */
+        here.bits = (unsigned char)(len - drop);
+        if ((int)(work[sym]) < end) {
+            here.op = (unsigned char)0;
+            here.val = work[sym];
+        }
+        else if ((int)(work[sym]) > end) {
+            here.op = (unsigned char)(extra[work[sym]]);
+            here.val = base[work[sym]];
+        }
+        else {
+            here.op = (unsigned char)(32 + 64);         /* end of block */
+            here.val = 0;
+        }
+
+        /* replicate for those indices with low len bits equal to huff */
+        incr = 1U << (len - drop);
+        fill = 1U << curr;
+        min = fill;                 /* save offset to next table */
+        do {
+            fill -= incr;
+            next[(huff >> drop) + fill] = here;
+        } while (fill != 0);
+
+        /* backwards increment the len-bit code huff */
+        incr = 1U << (len - 1);
+        while (huff & incr)
+            incr >>= 1;
+        if (incr != 0) {
+            huff &= incr - 1;
+            huff += incr;
+        }
+        else
+            huff = 0;
+
+        /* go to next symbol, update count, len */
+        sym++;
+        if (--(count[len]) == 0) {
+            if (len == max) break;
+            len = lens[work[sym]];
+        }
+
+        /* create new sub-table if needed */
+        if (len > root && (huff & mask) != low) {
+            /* if first time, transition to sub-tables */
+            if (drop == 0)
+                drop = root;
+
+            /* increment past last table */
+            next += min;            /* here min is 1 << curr */
+
+            /* determine length of next table */
+            curr = len - drop;
+            left = (int)(1 << curr);
+            while (curr + drop < max) {
+                left -= count[curr + drop];
+                if (left <= 0) break;
+                curr++;
+                left <<= 1;
+            }
+
+            /* check for enough space */
+            used += 1U << curr;
+            if ((type == LENS && used >= ENOUGH_LENS) ||
+                (type == DISTS && used >= ENOUGH_DISTS))
+                return 1;
+
+            /* point entry in root table to sub-table */
+            low = huff & mask;
+            (*table)[low].op = (unsigned char)curr;
+            (*table)[low].bits = (unsigned char)root;
+            (*table)[low].val = (unsigned short)(next - *table);
+        }
+    }
+
+    /*
+       Fill in rest of table for incomplete codes.  This loop is similar to the
+       loop above in incrementing huff for table indices.  It is assumed that
+       len is equal to curr + drop, so there is no loop needed to increment
+       through high index bits.  When the current sub-table is filled, the loop
+       drops back to the root table to fill in any remaining entries there.
+     */
+    here.op = (unsigned char)64;                /* invalid code marker */
+    here.bits = (unsigned char)(len - drop);
+    here.val = (unsigned short)0;
+    while (huff != 0) {
+        /* when done with sub-table, drop back to root table */
+        if (drop != 0 && (huff & mask) != low) {
+            drop = 0;
+            len = root;
+            next = *table;
+            here.bits = (unsigned char)len;
+        }
+
+        /* put invalid code marker in table */
+        next[huff >> drop] = here;
+
+        /* backwards increment the len-bit code huff */
+        incr = 1U << (len - 1);
+        while (huff & incr)
+            incr >>= 1;
+        if (incr != 0) {
+            huff &= incr - 1;
+            huff += incr;
+        }
+        else
+            huff = 0;
+    }
+
+    /* set return parameters */
+    *table += used;
+    *bits = root;
+    return 0;
+}
diff --git a/nss/lib/zlib/inftrees.h b/nss/lib/zlib/inftrees.h
new file mode 100644
index 0000000..baa53a0
--- /dev/null
+++ b/nss/lib/zlib/inftrees.h
@@ -0,0 +1,62 @@
+/* inftrees.h -- header to use inftrees.c
+ * Copyright (C) 1995-2005, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* Structure for decoding tables.  Each entry provides either the
+   information needed to do the operation requested by the code that
+   indexed that table entry, or it provides a pointer to another
+   table that indexes more bits of the code.  op indicates whether
+   the entry is a pointer to another table, a literal, a length or
+   distance, an end-of-block, or an invalid code.  For a table
+   pointer, the low four bits of op is the number of index bits of
+   that table.  For a length or distance, the low four bits of op
+   is the number of extra bits to get after the code.  bits is
+   the number of bits in this code or part of the code to drop off
+   of the bit buffer.  val is the actual byte to output in the case
+   of a literal, the base length or distance, or the offset from
+   the current table to the next table.  Each entry is four bytes. */
+typedef struct {
+    unsigned char op;           /* operation, extra bits, table bits */
+    unsigned char bits;         /* bits in this part of the code */
+    unsigned short val;         /* offset in table or code value */
+} code;
+
+/* op values as set by inflate_table():
+    00000000 - literal
+    0000tttt - table link, tttt != 0 is the number of table index bits
+    0001eeee - length or distance, eeee is the number of extra bits
+    01100000 - end of block
+    01000000 - invalid code
+ */
+
+/* Maximum size of the dynamic table.  The maximum number of code structures is
+   1444, which is the sum of 852 for literal/length codes and 592 for distance
+   codes.  These values were found by exhaustive searches using the program
+   examples/enough.c found in the zlib distribtution.  The arguments to that
+   program are the number of symbols, the initial root table size, and the
+   maximum bit length of a code.  "enough 286 9 15" for literal/length codes
+   returns returns 852, and "enough 30 6 15" for distance codes returns 592.
+   The initial root table size (9 or 6) is found in the fifth argument of the
+   inflate_table() calls in inflate.c and infback.c.  If the root table size is
+   changed, then these maximum sizes would be need to be recalculated and
+   updated. */
+#define ENOUGH_LENS 852
+#define ENOUGH_DISTS 592
+#define ENOUGH (ENOUGH_LENS+ENOUGH_DISTS)
+
+/* Type of code to build for inflate_table() */
+typedef enum {
+    CODES,
+    LENS,
+    DISTS
+} codetype;
+
+int ZLIB_INTERNAL inflate_table OF((codetype type, unsigned short FAR *lens,
+                             unsigned codes, code FAR * FAR *table,
+                             unsigned FAR *bits, unsigned short FAR *work));
diff --git a/nss/lib/zlib/manifest.mn b/nss/lib/zlib/manifest.mn
new file mode 100644
index 0000000..2118f8d
--- /dev/null
+++ b/nss/lib/zlib/manifest.mn
@@ -0,0 +1,39 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+PRIVATE_EXPORTS = zlib.h zconf.h
+
+CSRCS =	adler32.c 	\
+	compress.c 	\
+	crc32.c 	\
+	deflate.c 	\
+	gzclose.c	\
+	gzlib.c		\
+	gzread.c	\
+	gzwrite.c	\
+	infback.c 	\
+	inffast.c	\
+	inflate.c 	\
+	inftrees.c 	\
+	trees.c 	\
+	uncompr.c 	\
+	zutil.c 	\
+	$(NULL)
+
+LIBRARY_NAME = zlib
+
+PROGRAMS = example minigzip
+
+# REQUIRES = nss
+
+# Define verbose as -1 to turn off all zlib trace messages in
+# debug builds.
+DEFINES = -Dverbose=-1
+
+NO_MD_RELEASE = 1
diff --git a/nss/lib/zlib/minigzip.c b/nss/lib/zlib/minigzip.c
new file mode 100644
index 0000000..9825ccc
--- /dev/null
+++ b/nss/lib/zlib/minigzip.c
@@ -0,0 +1,440 @@
+/* minigzip.c -- simulate gzip using the zlib compression library
+ * Copyright (C) 1995-2006, 2010 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ * minigzip is a minimal implementation of the gzip utility. This is
+ * only an example of using zlib and isn't meant to replace the
+ * full-featured gzip. No attempt is made to deal with file systems
+ * limiting names to 14 or 8+3 characters, etc... Error checking is
+ * very limited. So use minigzip only for testing; use gzip for the
+ * real thing. On MSDOS, use only on file names without extension
+ * or in pipe mode.
+ */
+
+/* @(#) $Id$ */
+
+#include "zlib.h"
+#include <stdio.h>
+
+#ifdef STDC
+#  include <string.h>
+#  include <stdlib.h>
+#endif
+
+#ifdef USE_MMAP
+#  include <sys/types.h>
+#  include <sys/mman.h>
+#  include <sys/stat.h>
+#endif
+
+#if defined(MSDOS) || defined(OS2) || defined(WIN32) || defined(__CYGWIN__)
+#  include <fcntl.h>
+#  include <io.h>
+#  ifdef UNDER_CE
+#    include <stdlib.h>
+#  endif
+#  define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+#  define SET_BINARY_MODE(file)
+#endif
+
+#ifdef VMS
+#  define unlink delete
+#  define GZ_SUFFIX "-gz"
+#endif
+#ifdef RISCOS
+#  define unlink remove
+#  define GZ_SUFFIX "-gz"
+#  define fileno(file) file->__file
+#endif
+#if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
+#  include <unix.h> /* for fileno */
+#endif
+
+#if !defined(Z_HAVE_UNISTD_H) && !defined(_LARGEFILE64_SOURCE)
+#ifndef WIN32 /* unlink already in stdio.h for WIN32 */
+  extern int unlink OF((const char *));
+#endif
+#endif
+
+#if defined(UNDER_CE)
+#  include <windows.h>
+#  define perror(s) pwinerror(s)
+
+/* Map the Windows error number in ERROR to a locale-dependent error
+   message string and return a pointer to it.  Typically, the values
+   for ERROR come from GetLastError.
+
+   The string pointed to shall not be modified by the application,
+   but may be overwritten by a subsequent call to strwinerror
+
+   The strwinerror function does not change the current setting
+   of GetLastError.  */
+
+static char *strwinerror (error)
+     DWORD error;
+{
+    static char buf[1024];
+
+    wchar_t *msgbuf;
+    DWORD lasterr = GetLastError();
+    DWORD chars = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM
+        | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+        NULL,
+        error,
+        0, /* Default language */
+        (LPVOID)&msgbuf,
+        0,
+        NULL);
+    if (chars != 0) {
+        /* If there is an \r\n appended, zap it.  */
+        if (chars >= 2
+            && msgbuf[chars - 2] == '\r' && msgbuf[chars - 1] == '\n') {
+            chars -= 2;
+            msgbuf[chars] = 0;
+        }
+
+        if (chars > sizeof (buf) - 1) {
+            chars = sizeof (buf) - 1;
+            msgbuf[chars] = 0;
+        }
+
+        wcstombs(buf, msgbuf, chars + 1);
+        LocalFree(msgbuf);
+    }
+    else {
+        sprintf(buf, "unknown win32 error (%ld)", error);
+    }
+
+    SetLastError(lasterr);
+    return buf;
+}
+
+static void pwinerror (s)
+    const char *s;
+{
+    if (s && *s)
+        fprintf(stderr, "%s: %s\n", s, strwinerror(GetLastError ()));
+    else
+        fprintf(stderr, "%s\n", strwinerror(GetLastError ()));
+}
+
+#endif /* UNDER_CE */
+
+#ifndef GZ_SUFFIX
+#  define GZ_SUFFIX ".gz"
+#endif
+#define SUFFIX_LEN (sizeof(GZ_SUFFIX)-1)
+
+#define BUFLEN      16384
+#define MAX_NAME_LEN 1024
+
+#ifdef MAXSEG_64K
+#  define local static
+   /* Needed for systems with limitation on stack size. */
+#else
+#  define local
+#endif
+
+char *prog;
+
+void error            OF((const char *msg));
+void gz_compress      OF((FILE   *in, gzFile out));
+#ifdef USE_MMAP
+int  gz_compress_mmap OF((FILE   *in, gzFile out));
+#endif
+void gz_uncompress    OF((gzFile in, FILE   *out));
+void file_compress    OF((char  *file, char *mode));
+void file_uncompress  OF((char  *file));
+int  main             OF((int argc, char *argv[]));
+
+/* ===========================================================================
+ * Display error message and exit
+ */
+void error(msg)
+    const char *msg;
+{
+    fprintf(stderr, "%s: %s\n", prog, msg);
+    exit(1);
+}
+
+/* ===========================================================================
+ * Compress input to output then close both files.
+ */
+
+void gz_compress(in, out)
+    FILE   *in;
+    gzFile out;
+{
+    local char buf[BUFLEN];
+    int len;
+    int err;
+
+#ifdef USE_MMAP
+    /* Try first compressing with mmap. If mmap fails (minigzip used in a
+     * pipe), use the normal fread loop.
+     */
+    if (gz_compress_mmap(in, out) == Z_OK) return;
+#endif
+    for (;;) {
+        len = (int)fread(buf, 1, sizeof(buf), in);
+        if (ferror(in)) {
+            perror("fread");
+            exit(1);
+        }
+        if (len == 0) break;
+
+        if (gzwrite(out, buf, (unsigned)len) != len) error(gzerror(out, &err));
+    }
+    fclose(in);
+    if (gzclose(out) != Z_OK) error("failed gzclose");
+}
+
+#ifdef USE_MMAP /* MMAP version, Miguel Albrecht <malbrech@eso.org> */
+
+/* Try compressing the input file at once using mmap. Return Z_OK if
+ * if success, Z_ERRNO otherwise.
+ */
+int gz_compress_mmap(in, out)
+    FILE   *in;
+    gzFile out;
+{
+    int len;
+    int err;
+    int ifd = fileno(in);
+    caddr_t buf;    /* mmap'ed buffer for the entire input file */
+    off_t buf_len;  /* length of the input file */
+    struct stat sb;
+
+    /* Determine the size of the file, needed for mmap: */
+    if (fstat(ifd, &sb) < 0) return Z_ERRNO;
+    buf_len = sb.st_size;
+    if (buf_len <= 0) return Z_ERRNO;
+
+    /* Now do the actual mmap: */
+    buf = mmap((caddr_t) 0, buf_len, PROT_READ, MAP_SHARED, ifd, (off_t)0);
+    if (buf == (caddr_t)(-1)) return Z_ERRNO;
+
+    /* Compress the whole file at once: */
+    len = gzwrite(out, (char *)buf, (unsigned)buf_len);
+
+    if (len != (int)buf_len) error(gzerror(out, &err));
+
+    munmap(buf, buf_len);
+    fclose(in);
+    if (gzclose(out) != Z_OK) error("failed gzclose");
+    return Z_OK;
+}
+#endif /* USE_MMAP */
+
+/* ===========================================================================
+ * Uncompress input to output then close both files.
+ */
+void gz_uncompress(in, out)
+    gzFile in;
+    FILE   *out;
+{
+    local char buf[BUFLEN];
+    int len;
+    int err;
+
+    for (;;) {
+        len = gzread(in, buf, sizeof(buf));
+        if (len < 0) error (gzerror(in, &err));
+        if (len == 0) break;
+
+        if ((int)fwrite(buf, 1, (unsigned)len, out) != len) {
+            error("failed fwrite");
+        }
+    }
+    if (fclose(out)) error("failed fclose");
+
+    if (gzclose(in) != Z_OK) error("failed gzclose");
+}
+
+
+/* ===========================================================================
+ * Compress the given file: create a corresponding .gz file and remove the
+ * original.
+ */
+void file_compress(file, mode)
+    char  *file;
+    char  *mode;
+{
+    local char outfile[MAX_NAME_LEN];
+    FILE  *in;
+    gzFile out;
+
+    if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
+        fprintf(stderr, "%s: filename too long\n", prog);
+        exit(1);
+    }
+
+    strcpy(outfile, file);
+    strcat(outfile, GZ_SUFFIX);
+
+    in = fopen(file, "rb");
+    if (in == NULL) {
+        perror(file);
+        exit(1);
+    }
+    out = gzopen(outfile, mode);
+    if (out == NULL) {
+        fprintf(stderr, "%s: can't gzopen %s\n", prog, outfile);
+        exit(1);
+    }
+    gz_compress(in, out);
+
+    unlink(file);
+}
+
+
+/* ===========================================================================
+ * Uncompress the given file and remove the original.
+ */
+void file_uncompress(file)
+    char  *file;
+{
+    local char buf[MAX_NAME_LEN];
+    char *infile, *outfile;
+    FILE  *out;
+    gzFile in;
+    size_t len = strlen(file);
+
+    if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) {
+        fprintf(stderr, "%s: filename too long\n", prog);
+        exit(1);
+    }
+
+    strcpy(buf, file);
+
+    if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) {
+        infile = file;
+        outfile = buf;
+        outfile[len-3] = '\0';
+    } else {
+        outfile = file;
+        infile = buf;
+        strcat(infile, GZ_SUFFIX);
+    }
+    in = gzopen(infile, "rb");
+    if (in == NULL) {
+        fprintf(stderr, "%s: can't gzopen %s\n", prog, infile);
+        exit(1);
+    }
+    out = fopen(outfile, "wb");
+    if (out == NULL) {
+        perror(file);
+        exit(1);
+    }
+
+    gz_uncompress(in, out);
+
+    unlink(infile);
+}
+
+
+/* ===========================================================================
+ * Usage:  minigzip [-c] [-d] [-f] [-h] [-r] [-1 to -9] [files...]
+ *   -c : write to standard output
+ *   -d : decompress
+ *   -f : compress with Z_FILTERED
+ *   -h : compress with Z_HUFFMAN_ONLY
+ *   -r : compress with Z_RLE
+ *   -1 to -9 : compression level
+ */
+
+int main(argc, argv)
+    int argc;
+    char *argv[];
+{
+    int copyout = 0;
+    int uncompr = 0;
+    gzFile file;
+    char *bname, outmode[20];
+
+    strcpy(outmode, "wb6 ");
+
+    prog = argv[0];
+    bname = strrchr(argv[0], '/');
+    if (bname)
+      bname++;
+    else
+      bname = argv[0];
+    argc--, argv++;
+
+    if (!strcmp(bname, "gunzip"))
+      uncompr = 1;
+    else if (!strcmp(bname, "zcat"))
+      copyout = uncompr = 1;
+
+    while (argc > 0) {
+      if (strcmp(*argv, "-c") == 0)
+        copyout = 1;
+      else if (strcmp(*argv, "-d") == 0)
+        uncompr = 1;
+      else if (strcmp(*argv, "-f") == 0)
+        outmode[3] = 'f';
+      else if (strcmp(*argv, "-h") == 0)
+        outmode[3] = 'h';
+      else if (strcmp(*argv, "-r") == 0)
+        outmode[3] = 'R';
+      else if ((*argv)[0] == '-' && (*argv)[1] >= '1' && (*argv)[1] <= '9' &&
+               (*argv)[2] == 0)
+        outmode[2] = (*argv)[1];
+      else
+        break;
+      argc--, argv++;
+    }
+    if (outmode[3] == ' ')
+        outmode[3] = 0;
+    if (argc == 0) {
+        SET_BINARY_MODE(stdin);
+        SET_BINARY_MODE(stdout);
+        if (uncompr) {
+            file = gzdopen(fileno(stdin), "rb");
+            if (file == NULL) error("can't gzdopen stdin");
+            gz_uncompress(file, stdout);
+        } else {
+            file = gzdopen(fileno(stdout), outmode);
+            if (file == NULL) error("can't gzdopen stdout");
+            gz_compress(stdin, file);
+        }
+    } else {
+        if (copyout) {
+            SET_BINARY_MODE(stdout);
+        }
+        do {
+            if (uncompr) {
+                if (copyout) {
+                    file = gzopen(*argv, "rb");
+                    if (file == NULL)
+                        fprintf(stderr, "%s: can't gzopen %s\n", prog, *argv);
+                    else
+                        gz_uncompress(file, stdout);
+                } else {
+                    file_uncompress(*argv);
+                }
+            } else {
+                if (copyout) {
+                    FILE * in = fopen(*argv, "rb");
+
+                    if (in == NULL) {
+                        perror(*argv);
+                    } else {
+                        file = gzdopen(fileno(stdout), outmode);
+                        if (file == NULL) error("can't gzdopen stdout");
+
+                        gz_compress(in, file);
+                    }
+
+                } else {
+                    file_compress(*argv, outmode);
+                }
+            }
+        } while (argv++, --argc);
+    }
+    return 0;
+}
diff --git a/nss/lib/zlib/patches/prune-zlib.sh b/nss/lib/zlib/patches/prune-zlib.sh
new file mode 100644
index 0000000..6a742fb
--- /dev/null
+++ b/nss/lib/zlib/patches/prune-zlib.sh
@@ -0,0 +1,34 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+files_to_remove="
+CMakeLists.txt
+ChangeLog
+FAQ
+INDEX
+Makefile
+Makefile.in
+amiga
+configure
+contrib
+doc
+examples
+make_vms.com
+msdos
+nintendods
+old
+qnx
+treebuild.xml
+watcom
+win32
+zconf.h.cmakein
+zconf.h.in
+zlib.3
+zlib.3.pdf
+zlib.map
+zlib.pc.in
+zlib2ansi
+"
+
+rm -rf $files_to_remove
diff --git a/nss/lib/zlib/trees.c b/nss/lib/zlib/trees.c
new file mode 100644
index 0000000..56e9bb1
--- /dev/null
+++ b/nss/lib/zlib/trees.c
@@ -0,0 +1,1244 @@
+/* trees.c -- output deflated data using Huffman coding
+ * Copyright (C) 1995-2010 Jean-loup Gailly
+ * detect_data_type() function provided freely by Cosmin Truta, 2006
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ *  ALGORITHM
+ *
+ *      The "deflation" process uses several Huffman trees. The more
+ *      common source values are represented by shorter bit sequences.
+ *
+ *      Each code tree is stored in a compressed form which is itself
+ * a Huffman encoding of the lengths of all the code strings (in
+ * ascending order by source values).  The actual code strings are
+ * reconstructed from the lengths in the inflate process, as described
+ * in the deflate specification.
+ *
+ *  REFERENCES
+ *
+ *      Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
+ *      Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
+ *
+ *      Storer, James A.
+ *          Data Compression:  Methods and Theory, pp. 49-50.
+ *          Computer Science Press, 1988.  ISBN 0-7167-8156-5.
+ *
+ *      Sedgewick, R.
+ *          Algorithms, p290.
+ *          Addison-Wesley, 1983. ISBN 0-201-06672-6.
+ */
+
+/* @(#) $Id$ */
+
+/* #define GEN_TREES_H */
+
+#include "deflate.h"
+
+#ifdef DEBUG
+#  include <ctype.h>
+#endif
+
+/* ===========================================================================
+ * Constants
+ */
+
+#define MAX_BL_BITS 7
+/* Bit length codes must not exceed MAX_BL_BITS bits */
+
+#define END_BLOCK 256
+/* end of block literal code */
+
+#define REP_3_6      16
+/* repeat previous bit length 3-6 times (2 bits of repeat count) */
+
+#define REPZ_3_10    17
+/* repeat a zero length 3-10 times  (3 bits of repeat count) */
+
+#define REPZ_11_138  18
+/* repeat a zero length 11-138 times  (7 bits of repeat count) */
+
+local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
+   = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
+
+local const int extra_dbits[D_CODES] /* extra bits for each distance code */
+   = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
+
+local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */
+   = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
+
+local const uch bl_order[BL_CODES]
+   = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
+/* The lengths of the bit length codes are sent in order of decreasing
+ * probability, to avoid transmitting the lengths for unused bit length codes.
+ */
+
+#define Buf_size (8 * 2*sizeof(char))
+/* Number of bits used within bi_buf. (bi_buf might be implemented on
+ * more than 16 bits on some systems.)
+ */
+
+/* ===========================================================================
+ * Local data. These are initialized only once.
+ */
+
+#define DIST_CODE_LEN  512 /* see definition of array dist_code below */
+
+#if defined(GEN_TREES_H) || !defined(STDC)
+/* non ANSI compilers may not accept trees.h */
+
+local ct_data static_ltree[L_CODES+2];
+/* The static literal tree. Since the bit lengths are imposed, there is no
+ * need for the L_CODES extra codes used during heap construction. However
+ * The codes 286 and 287 are needed to build a canonical tree (see _tr_init
+ * below).
+ */
+
+local ct_data static_dtree[D_CODES];
+/* The static distance tree. (Actually a trivial tree since all codes use
+ * 5 bits.)
+ */
+
+uch _dist_code[DIST_CODE_LEN];
+/* Distance codes. The first 256 values correspond to the distances
+ * 3 .. 258, the last 256 values correspond to the top 8 bits of
+ * the 15 bit distances.
+ */
+
+uch _length_code[MAX_MATCH-MIN_MATCH+1];
+/* length code for each normalized match length (0 == MIN_MATCH) */
+
+local int base_length[LENGTH_CODES];
+/* First normalized length for each code (0 = MIN_MATCH) */
+
+local int base_dist[D_CODES];
+/* First normalized distance for each code (0 = distance of 1) */
+
+#else
+#  include "trees.h"
+#endif /* GEN_TREES_H */
+
+struct static_tree_desc_s {
+    const ct_data *static_tree;  /* static tree or NULL */
+    const intf *extra_bits;      /* extra bits for each code or NULL */
+    int     extra_base;          /* base index for extra_bits */
+    int     elems;               /* max number of elements in the tree */
+    int     max_length;          /* max bit length for the codes */
+};
+
+local static_tree_desc  static_l_desc =
+{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
+
+local static_tree_desc  static_d_desc =
+{static_dtree, extra_dbits, 0,          D_CODES, MAX_BITS};
+
+local static_tree_desc  static_bl_desc =
+{(const ct_data *)0, extra_blbits, 0,   BL_CODES, MAX_BL_BITS};
+
+/* ===========================================================================
+ * Local (static) routines in this file.
+ */
+
+local void tr_static_init OF((void));
+local void init_block     OF((deflate_state *s));
+local void pqdownheap     OF((deflate_state *s, ct_data *tree, int k));
+local void gen_bitlen     OF((deflate_state *s, tree_desc *desc));
+local void gen_codes      OF((ct_data *tree, int max_code, ushf *bl_count));
+local void build_tree     OF((deflate_state *s, tree_desc *desc));
+local void scan_tree      OF((deflate_state *s, ct_data *tree, int max_code));
+local void send_tree      OF((deflate_state *s, ct_data *tree, int max_code));
+local int  build_bl_tree  OF((deflate_state *s));
+local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
+                              int blcodes));
+local void compress_block OF((deflate_state *s, ct_data *ltree,
+                              ct_data *dtree));
+local int  detect_data_type OF((deflate_state *s));
+local unsigned bi_reverse OF((unsigned value, int length));
+local void bi_windup      OF((deflate_state *s));
+local void bi_flush       OF((deflate_state *s));
+local void copy_block     OF((deflate_state *s, charf *buf, unsigned len,
+                              int header));
+
+#ifdef GEN_TREES_H
+local void gen_trees_header OF((void));
+#endif
+
+#ifndef DEBUG
+#  define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
+   /* Send a code of the given tree. c and tree must not have side effects */
+
+#else /* DEBUG */
+#  define send_code(s, c, tree) \
+     { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \
+       send_bits(s, tree[c].Code, tree[c].Len); }
+#endif
+
+/* ===========================================================================
+ * Output a short LSB first on the stream.
+ * IN assertion: there is enough room in pendingBuf.
+ */
+#define put_short(s, w) { \
+    put_byte(s, (uch)((w) & 0xff)); \
+    put_byte(s, (uch)((ush)(w) >> 8)); \
+}
+
+/* ===========================================================================
+ * Send a value on a given number of bits.
+ * IN assertion: length <= 16 and value fits in length bits.
+ */
+#ifdef DEBUG
+local void send_bits      OF((deflate_state *s, int value, int length));
+
+local void send_bits(s, value, length)
+    deflate_state *s;
+    int value;  /* value to send */
+    int length; /* number of bits */
+{
+    Tracevv((stderr," l %2d v %4x ", length, value));
+    Assert(length > 0 && length <= 15, "invalid length");
+    s->bits_sent += (ulg)length;
+
+    /* If not enough room in bi_buf, use (valid) bits from bi_buf and
+     * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid))
+     * unused bits in value.
+     */
+    if (s->bi_valid > (int)Buf_size - length) {
+        s->bi_buf |= (ush)value << s->bi_valid;
+        put_short(s, s->bi_buf);
+        s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
+        s->bi_valid += length - Buf_size;
+    } else {
+        s->bi_buf |= (ush)value << s->bi_valid;
+        s->bi_valid += length;
+    }
+}
+#else /* !DEBUG */
+
+#define send_bits(s, value, length) \
+{ int len = length;\
+  if (s->bi_valid > (int)Buf_size - len) {\
+    int val = value;\
+    s->bi_buf |= (ush)val << s->bi_valid;\
+    put_short(s, s->bi_buf);\
+    s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
+    s->bi_valid += len - Buf_size;\
+  } else {\
+    s->bi_buf |= (ush)(value) << s->bi_valid;\
+    s->bi_valid += len;\
+  }\
+}
+#endif /* DEBUG */
+
+
+/* the arguments must not have side effects */
+
+/* ===========================================================================
+ * Initialize the various 'constant' tables.
+ */
+local void tr_static_init()
+{
+#if defined(GEN_TREES_H) || !defined(STDC)
+    static int static_init_done = 0;
+    int n;        /* iterates over tree elements */
+    int bits;     /* bit counter */
+    int length;   /* length value */
+    int code;     /* code value */
+    int dist;     /* distance index */
+    ush bl_count[MAX_BITS+1];
+    /* number of codes at each bit length for an optimal tree */
+
+    if (static_init_done) return;
+
+    /* For some embedded targets, global variables are not initialized: */
+#ifdef NO_INIT_GLOBAL_POINTERS
+    static_l_desc.static_tree = static_ltree;
+    static_l_desc.extra_bits = extra_lbits;
+    static_d_desc.static_tree = static_dtree;
+    static_d_desc.extra_bits = extra_dbits;
+    static_bl_desc.extra_bits = extra_blbits;
+#endif
+
+    /* Initialize the mapping length (0..255) -> length code (0..28) */
+    length = 0;
+    for (code = 0; code < LENGTH_CODES-1; code++) {
+        base_length[code] = length;
+        for (n = 0; n < (1<<extra_lbits[code]); n++) {
+            _length_code[length++] = (uch)code;
+        }
+    }
+    Assert (length == 256, "tr_static_init: length != 256");
+    /* Note that the length 255 (match length 258) can be represented
+     * in two different ways: code 284 + 5 bits or code 285, so we
+     * overwrite length_code[255] to use the best encoding:
+     */
+    _length_code[length-1] = (uch)code;
+
+    /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
+    dist = 0;
+    for (code = 0 ; code < 16; code++) {
+        base_dist[code] = dist;
+        for (n = 0; n < (1<<extra_dbits[code]); n++) {
+            _dist_code[dist++] = (uch)code;
+        }
+    }
+    Assert (dist == 256, "tr_static_init: dist != 256");
+    dist >>= 7; /* from now on, all distances are divided by 128 */
+    for ( ; code < D_CODES; code++) {
+        base_dist[code] = dist << 7;
+        for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) {
+            _dist_code[256 + dist++] = (uch)code;
+        }
+    }
+    Assert (dist == 256, "tr_static_init: 256+dist != 512");
+
+    /* Construct the codes of the static literal tree */
+    for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
+    n = 0;
+    while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
+    while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
+    while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
+    while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
+    /* Codes 286 and 287 do not exist, but we must include them in the
+     * tree construction to get a canonical Huffman tree (longest code
+     * all ones)
+     */
+    gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
+
+    /* The static distance tree is trivial: */
+    for (n = 0; n < D_CODES; n++) {
+        static_dtree[n].Len = 5;
+        static_dtree[n].Code = bi_reverse((unsigned)n, 5);
+    }
+    static_init_done = 1;
+
+#  ifdef GEN_TREES_H
+    gen_trees_header();
+#  endif
+#endif /* defined(GEN_TREES_H) || !defined(STDC) */
+}
+
+/* ===========================================================================
+ * Genererate the file trees.h describing the static trees.
+ */
+#ifdef GEN_TREES_H
+#  ifndef DEBUG
+#    include <stdio.h>
+#  endif
+
+#  define SEPARATOR(i, last, width) \
+      ((i) == (last)? "\n};\n\n" :    \
+       ((i) % (width) == (width)-1 ? ",\n" : ", "))
+
+void gen_trees_header()
+{
+    FILE *header = fopen("trees.h", "w");
+    int i;
+
+    Assert (header != NULL, "Can't open trees.h");
+    fprintf(header,
+            "/* header created automatically with -DGEN_TREES_H */\n\n");
+
+    fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n");
+    for (i = 0; i < L_CODES+2; i++) {
+        fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code,
+                static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5));
+    }
+
+    fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n");
+    for (i = 0; i < D_CODES; i++) {
+        fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code,
+                static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5));
+    }
+
+    fprintf(header, "const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = {\n");
+    for (i = 0; i < DIST_CODE_LEN; i++) {
+        fprintf(header, "%2u%s", _dist_code[i],
+                SEPARATOR(i, DIST_CODE_LEN-1, 20));
+    }
+
+    fprintf(header,
+        "const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= {\n");
+    for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) {
+        fprintf(header, "%2u%s", _length_code[i],
+                SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20));
+    }
+
+    fprintf(header, "local const int base_length[LENGTH_CODES] = {\n");
+    for (i = 0; i < LENGTH_CODES; i++) {
+        fprintf(header, "%1u%s", base_length[i],
+                SEPARATOR(i, LENGTH_CODES-1, 20));
+    }
+
+    fprintf(header, "local const int base_dist[D_CODES] = {\n");
+    for (i = 0; i < D_CODES; i++) {
+        fprintf(header, "%5u%s", base_dist[i],
+                SEPARATOR(i, D_CODES-1, 10));
+    }
+
+    fclose(header);
+}
+#endif /* GEN_TREES_H */
+
+/* ===========================================================================
+ * Initialize the tree data structures for a new zlib stream.
+ */
+void ZLIB_INTERNAL _tr_init(s)
+    deflate_state *s;
+{
+    tr_static_init();
+
+    s->l_desc.dyn_tree = s->dyn_ltree;
+    s->l_desc.stat_desc = &static_l_desc;
+
+    s->d_desc.dyn_tree = s->dyn_dtree;
+    s->d_desc.stat_desc = &static_d_desc;
+
+    s->bl_desc.dyn_tree = s->bl_tree;
+    s->bl_desc.stat_desc = &static_bl_desc;
+
+    s->bi_buf = 0;
+    s->bi_valid = 0;
+    s->last_eob_len = 8; /* enough lookahead for inflate */
+#ifdef DEBUG
+    s->compressed_len = 0L;
+    s->bits_sent = 0L;
+#endif
+
+    /* Initialize the first block of the first file: */
+    init_block(s);
+}
+
+/* ===========================================================================
+ * Initialize a new block.
+ */
+local void init_block(s)
+    deflate_state *s;
+{
+    int n; /* iterates over tree elements */
+
+    /* Initialize the trees. */
+    for (n = 0; n < L_CODES;  n++) s->dyn_ltree[n].Freq = 0;
+    for (n = 0; n < D_CODES;  n++) s->dyn_dtree[n].Freq = 0;
+    for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
+
+    s->dyn_ltree[END_BLOCK].Freq = 1;
+    s->opt_len = s->static_len = 0L;
+    s->last_lit = s->matches = 0;
+}
+
+#define SMALLEST 1
+/* Index within the heap array of least frequent node in the Huffman tree */
+
+
+/* ===========================================================================
+ * Remove the smallest element from the heap and recreate the heap with
+ * one less element. Updates heap and heap_len.
+ */
+#define pqremove(s, tree, top) \
+{\
+    top = s->heap[SMALLEST]; \
+    s->heap[SMALLEST] = s->heap[s->heap_len--]; \
+    pqdownheap(s, tree, SMALLEST); \
+}
+
+/* ===========================================================================
+ * Compares to subtrees, using the tree depth as tie breaker when
+ * the subtrees have equal frequency. This minimizes the worst case length.
+ */
+#define smaller(tree, n, m, depth) \
+   (tree[n].Freq < tree[m].Freq || \
+   (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
+
+/* ===========================================================================
+ * Restore the heap property by moving down the tree starting at node k,
+ * exchanging a node with the smallest of its two sons if necessary, stopping
+ * when the heap property is re-established (each father smaller than its
+ * two sons).
+ */
+local void pqdownheap(s, tree, k)
+    deflate_state *s;
+    ct_data *tree;  /* the tree to restore */
+    int k;               /* node to move down */
+{
+    int v = s->heap[k];
+    int j = k << 1;  /* left son of k */
+    while (j <= s->heap_len) {
+        /* Set j to the smallest of the two sons: */
+        if (j < s->heap_len &&
+            smaller(tree, s->heap[j+1], s->heap[j], s->depth)) {
+            j++;
+        }
+        /* Exit if v is smaller than both sons */
+        if (smaller(tree, v, s->heap[j], s->depth)) break;
+
+        /* Exchange v with the smallest son */
+        s->heap[k] = s->heap[j];  k = j;
+
+        /* And continue down the tree, setting j to the left son of k */
+        j <<= 1;
+    }
+    s->heap[k] = v;
+}
+
+/* ===========================================================================
+ * Compute the optimal bit lengths for a tree and update the total bit length
+ * for the current block.
+ * IN assertion: the fields freq and dad are set, heap[heap_max] and
+ *    above are the tree nodes sorted by increasing frequency.
+ * OUT assertions: the field len is set to the optimal bit length, the
+ *     array bl_count contains the frequencies for each bit length.
+ *     The length opt_len is updated; static_len is also updated if stree is
+ *     not null.
+ */
+local void gen_bitlen(s, desc)
+    deflate_state *s;
+    tree_desc *desc;    /* the tree descriptor */
+{
+    ct_data *tree        = desc->dyn_tree;
+    int max_code         = desc->max_code;
+    const ct_data *stree = desc->stat_desc->static_tree;
+    const intf *extra    = desc->stat_desc->extra_bits;
+    int base             = desc->stat_desc->extra_base;
+    int max_length       = desc->stat_desc->max_length;
+    int h;              /* heap index */
+    int n, m;           /* iterate over the tree elements */
+    int bits;           /* bit length */
+    int xbits;          /* extra bits */
+    ush f;              /* frequency */
+    int overflow = 0;   /* number of elements with bit length too large */
+
+    for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
+
+    /* In a first pass, compute the optimal bit lengths (which may
+     * overflow in the case of the bit length tree).
+     */
+    tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
+
+    for (h = s->heap_max+1; h < HEAP_SIZE; h++) {
+        n = s->heap[h];
+        bits = tree[tree[n].Dad].Len + 1;
+        if (bits > max_length) bits = max_length, overflow++;
+        tree[n].Len = (ush)bits;
+        /* We overwrite tree[n].Dad which is no longer needed */
+
+        if (n > max_code) continue; /* not a leaf node */
+
+        s->bl_count[bits]++;
+        xbits = 0;
+        if (n >= base) xbits = extra[n-base];
+        f = tree[n].Freq;
+        s->opt_len += (ulg)f * (bits + xbits);
+        if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits);
+    }
+    if (overflow == 0) return;
+
+    Trace((stderr,"\nbit length overflow\n"));
+    /* This happens for example on obj2 and pic of the Calgary corpus */
+
+    /* Find the first bit length which could increase: */
+    do {
+        bits = max_length-1;
+        while (s->bl_count[bits] == 0) bits--;
+        s->bl_count[bits]--;      /* move one leaf down the tree */
+        s->bl_count[bits+1] += 2; /* move one overflow item as its brother */
+        s->bl_count[max_length]--;
+        /* The brother of the overflow item also moves one step up,
+         * but this does not affect bl_count[max_length]
+         */
+        overflow -= 2;
+    } while (overflow > 0);
+
+    /* Now recompute all bit lengths, scanning in increasing frequency.
+     * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
+     * lengths instead of fixing only the wrong ones. This idea is taken
+     * from 'ar' written by Haruhiko Okumura.)
+     */
+    for (bits = max_length; bits != 0; bits--) {
+        n = s->bl_count[bits];
+        while (n != 0) {
+            m = s->heap[--h];
+            if (m > max_code) continue;
+            if ((unsigned) tree[m].Len != (unsigned) bits) {
+                Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
+                s->opt_len += ((long)bits - (long)tree[m].Len)
+                              *(long)tree[m].Freq;
+                tree[m].Len = (ush)bits;
+            }
+            n--;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Generate the codes for a given tree and bit counts (which need not be
+ * optimal).
+ * IN assertion: the array bl_count contains the bit length statistics for
+ * the given tree and the field len is set for all tree elements.
+ * OUT assertion: the field code is set for all tree elements of non
+ *     zero code length.
+ */
+local void gen_codes (tree, max_code, bl_count)
+    ct_data *tree;             /* the tree to decorate */
+    int max_code;              /* largest code with non zero frequency */
+    ushf *bl_count;            /* number of codes at each bit length */
+{
+    ush next_code[MAX_BITS+1]; /* next code value for each bit length */
+    ush code = 0;              /* running code value */
+    int bits;                  /* bit index */
+    int n;                     /* code index */
+
+    /* The distribution counts are first used to generate the code values
+     * without bit reversal.
+     */
+    for (bits = 1; bits <= MAX_BITS; bits++) {
+        next_code[bits] = code = (code + bl_count[bits-1]) << 1;
+    }
+    /* Check that the bit counts in bl_count are consistent. The last code
+     * must be all ones.
+     */
+    Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1,
+            "inconsistent bit counts");
+    Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
+
+    for (n = 0;  n <= max_code; n++) {
+        int len = tree[n].Len;
+        if (len == 0) continue;
+        /* Now reverse the bits */
+        tree[n].Code = bi_reverse(next_code[len]++, len);
+
+        Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
+             n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1));
+    }
+}
+
+/* ===========================================================================
+ * Construct one Huffman tree and assigns the code bit strings and lengths.
+ * Update the total bit length for the current block.
+ * IN assertion: the field freq is set for all tree elements.
+ * OUT assertions: the fields len and code are set to the optimal bit length
+ *     and corresponding code. The length opt_len is updated; static_len is
+ *     also updated if stree is not null. The field max_code is set.
+ */
+local void build_tree(s, desc)
+    deflate_state *s;
+    tree_desc *desc; /* the tree descriptor */
+{
+    ct_data *tree         = desc->dyn_tree;
+    const ct_data *stree  = desc->stat_desc->static_tree;
+    int elems             = desc->stat_desc->elems;
+    int n, m;          /* iterate over heap elements */
+    int max_code = -1; /* largest code with non zero frequency */
+    int node;          /* new node being created */
+
+    /* Construct the initial heap, with least frequent element in
+     * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].
+     * heap[0] is not used.
+     */
+    s->heap_len = 0, s->heap_max = HEAP_SIZE;
+
+    for (n = 0; n < elems; n++) {
+        if (tree[n].Freq != 0) {
+            s->heap[++(s->heap_len)] = max_code = n;
+            s->depth[n] = 0;
+        } else {
+            tree[n].Len = 0;
+        }
+    }
+
+    /* The pkzip format requires that at least one distance code exists,
+     * and that at least one bit should be sent even if there is only one
+     * possible code. So to avoid special checks later on we force at least
+     * two codes of non zero frequency.
+     */
+    while (s->heap_len < 2) {
+        node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
+        tree[node].Freq = 1;
+        s->depth[node] = 0;
+        s->opt_len--; if (stree) s->static_len -= stree[node].Len;
+        /* node is 0 or 1 so it does not have extra bits */
+    }
+    desc->max_code = max_code;
+
+    /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,
+     * establish sub-heaps of increasing lengths:
+     */
+    for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
+
+    /* Construct the Huffman tree by repeatedly combining the least two
+     * frequent nodes.
+     */
+    node = elems;              /* next internal node of the tree */
+    do {
+        pqremove(s, tree, n);  /* n = node of least frequency */
+        m = s->heap[SMALLEST]; /* m = node of next least frequency */
+
+        s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
+        s->heap[--(s->heap_max)] = m;
+
+        /* Create a new node father of n and m */
+        tree[node].Freq = tree[n].Freq + tree[m].Freq;
+        s->depth[node] = (uch)((s->depth[n] >= s->depth[m] ?
+                                s->depth[n] : s->depth[m]) + 1);
+        tree[n].Dad = tree[m].Dad = (ush)node;
+#ifdef DUMP_BL_TREE
+        if (tree == s->bl_tree) {
+            fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
+                    node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
+        }
+#endif
+        /* and insert the new node in the heap */
+        s->heap[SMALLEST] = node++;
+        pqdownheap(s, tree, SMALLEST);
+
+    } while (s->heap_len >= 2);
+
+    s->heap[--(s->heap_max)] = s->heap[SMALLEST];
+
+    /* At this point, the fields freq and dad are set. We can now
+     * generate the bit lengths.
+     */
+    gen_bitlen(s, (tree_desc *)desc);
+
+    /* The field len is now set, we can generate the bit codes */
+    gen_codes ((ct_data *)tree, max_code, s->bl_count);
+}
+
+/* ===========================================================================
+ * Scan a literal or distance tree to determine the frequencies of the codes
+ * in the bit length tree.
+ */
+local void scan_tree (s, tree, max_code)
+    deflate_state *s;
+    ct_data *tree;   /* the tree to be scanned */
+    int max_code;    /* and its largest code of non zero frequency */
+{
+    int n;                     /* iterates over all tree elements */
+    int prevlen = -1;          /* last emitted length */
+    int curlen;                /* length of current code */
+    int nextlen = tree[0].Len; /* length of next code */
+    int count = 0;             /* repeat count of the current code */
+    int max_count = 7;         /* max repeat count */
+    int min_count = 4;         /* min repeat count */
+
+    if (nextlen == 0) max_count = 138, min_count = 3;
+    tree[max_code+1].Len = (ush)0xffff; /* guard */
+
+    for (n = 0; n <= max_code; n++) {
+        curlen = nextlen; nextlen = tree[n+1].Len;
+        if (++count < max_count && curlen == nextlen) {
+            continue;
+        } else if (count < min_count) {
+            s->bl_tree[curlen].Freq += count;
+        } else if (curlen != 0) {
+            if (curlen != prevlen) s->bl_tree[curlen].Freq++;
+            s->bl_tree[REP_3_6].Freq++;
+        } else if (count <= 10) {
+            s->bl_tree[REPZ_3_10].Freq++;
+        } else {
+            s->bl_tree[REPZ_11_138].Freq++;
+        }
+        count = 0; prevlen = curlen;
+        if (nextlen == 0) {
+            max_count = 138, min_count = 3;
+        } else if (curlen == nextlen) {
+            max_count = 6, min_count = 3;
+        } else {
+            max_count = 7, min_count = 4;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Send a literal or distance tree in compressed form, using the codes in
+ * bl_tree.
+ */
+local void send_tree (s, tree, max_code)
+    deflate_state *s;
+    ct_data *tree; /* the tree to be scanned */
+    int max_code;       /* and its largest code of non zero frequency */
+{
+    int n;                     /* iterates over all tree elements */
+    int prevlen = -1;          /* last emitted length */
+    int curlen;                /* length of current code */
+    int nextlen = tree[0].Len; /* length of next code */
+    int count = 0;             /* repeat count of the current code */
+    int max_count = 7;         /* max repeat count */
+    int min_count = 4;         /* min repeat count */
+
+    /* tree[max_code+1].Len = -1; */  /* guard already set */
+    if (nextlen == 0) max_count = 138, min_count = 3;
+
+    for (n = 0; n <= max_code; n++) {
+        curlen = nextlen; nextlen = tree[n+1].Len;
+        if (++count < max_count && curlen == nextlen) {
+            continue;
+        } else if (count < min_count) {
+            do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
+
+        } else if (curlen != 0) {
+            if (curlen != prevlen) {
+                send_code(s, curlen, s->bl_tree); count--;
+            }
+            Assert(count >= 3 && count <= 6, " 3_6?");
+            send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2);
+
+        } else if (count <= 10) {
+            send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3);
+
+        } else {
+            send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7);
+        }
+        count = 0; prevlen = curlen;
+        if (nextlen == 0) {
+            max_count = 138, min_count = 3;
+        } else if (curlen == nextlen) {
+            max_count = 6, min_count = 3;
+        } else {
+            max_count = 7, min_count = 4;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Construct the Huffman tree for the bit lengths and return the index in
+ * bl_order of the last bit length code to send.
+ */
+local int build_bl_tree(s)
+    deflate_state *s;
+{
+    int max_blindex;  /* index of last bit length code of non zero freq */
+
+    /* Determine the bit length frequencies for literal and distance trees */
+    scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
+    scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
+
+    /* Build the bit length tree: */
+    build_tree(s, (tree_desc *)(&(s->bl_desc)));
+    /* opt_len now includes the length of the tree representations, except
+     * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.
+     */
+
+    /* Determine the number of bit length codes to send. The pkzip format
+     * requires that at least 4 bit length codes be sent. (appnote.txt says
+     * 3 but the actual value used is 4.)
+     */
+    for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
+        if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
+    }
+    /* Update opt_len to include the bit length tree and counts */
+    s->opt_len += 3*(max_blindex+1) + 5+5+4;
+    Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
+            s->opt_len, s->static_len));
+
+    return max_blindex;
+}
+
+/* ===========================================================================
+ * Send the header for a block using dynamic Huffman trees: the counts, the
+ * lengths of the bit length codes, the literal tree and the distance tree.
+ * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
+ */
+local void send_all_trees(s, lcodes, dcodes, blcodes)
+    deflate_state *s;
+    int lcodes, dcodes, blcodes; /* number of codes for each tree */
+{
+    int rank;                    /* index in bl_order */
+
+    Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
+    Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
+            "too many codes");
+    Tracev((stderr, "\nbl counts: "));
+    send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */
+    send_bits(s, dcodes-1,   5);
+    send_bits(s, blcodes-4,  4); /* not -3 as stated in appnote.txt */
+    for (rank = 0; rank < blcodes; rank++) {
+        Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
+        send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
+    }
+    Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
+
+    send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */
+    Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
+
+    send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */
+    Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
+}
+
+/* ===========================================================================
+ * Send a stored block
+ */
+void ZLIB_INTERNAL _tr_stored_block(s, buf, stored_len, last)
+    deflate_state *s;
+    charf *buf;       /* input block */
+    ulg stored_len;   /* length of input block */
+    int last;         /* one if this is the last block for a file */
+{
+    send_bits(s, (STORED_BLOCK<<1)+last, 3);    /* send block type */
+#ifdef DEBUG
+    s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L;
+    s->compressed_len += (stored_len + 4) << 3;
+#endif
+    copy_block(s, buf, (unsigned)stored_len, 1); /* with header */
+}
+
+/* ===========================================================================
+ * Send one empty static block to give enough lookahead for inflate.
+ * This takes 10 bits, of which 7 may remain in the bit buffer.
+ * The current inflate code requires 9 bits of lookahead. If the
+ * last two codes for the previous block (real code plus EOB) were coded
+ * on 5 bits or less, inflate may have only 5+3 bits of lookahead to decode
+ * the last real code. In this case we send two empty static blocks instead
+ * of one. (There are no problems if the previous block is stored or fixed.)
+ * To simplify the code, we assume the worst case of last real code encoded
+ * on one bit only.
+ */
+void ZLIB_INTERNAL _tr_align(s)
+    deflate_state *s;
+{
+    send_bits(s, STATIC_TREES<<1, 3);
+    send_code(s, END_BLOCK, static_ltree);
+#ifdef DEBUG
+    s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
+#endif
+    bi_flush(s);
+    /* Of the 10 bits for the empty block, we have already sent
+     * (10 - bi_valid) bits. The lookahead for the last real code (before
+     * the EOB of the previous block) was thus at least one plus the length
+     * of the EOB plus what we have just sent of the empty static block.
+     */
+    if (1 + s->last_eob_len + 10 - s->bi_valid < 9) {
+        send_bits(s, STATIC_TREES<<1, 3);
+        send_code(s, END_BLOCK, static_ltree);
+#ifdef DEBUG
+        s->compressed_len += 10L;
+#endif
+        bi_flush(s);
+    }
+    s->last_eob_len = 7;
+}
+
+/* ===========================================================================
+ * Determine the best encoding for the current block: dynamic trees, static
+ * trees or store, and output the encoded block to the zip file.
+ */
+void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
+    deflate_state *s;
+    charf *buf;       /* input block, or NULL if too old */
+    ulg stored_len;   /* length of input block */
+    int last;         /* one if this is the last block for a file */
+{
+    ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
+    int max_blindex = 0;  /* index of last bit length code of non zero freq */
+
+    /* Build the Huffman trees unless a stored block is forced */
+    if (s->level > 0) {
+
+        /* Check if the file is binary or text */
+        if (s->strm->data_type == Z_UNKNOWN)
+            s->strm->data_type = detect_data_type(s);
+
+        /* Construct the literal and distance trees */
+        build_tree(s, (tree_desc *)(&(s->l_desc)));
+        Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
+                s->static_len));
+
+        build_tree(s, (tree_desc *)(&(s->d_desc)));
+        Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
+                s->static_len));
+        /* At this point, opt_len and static_len are the total bit lengths of
+         * the compressed block data, excluding the tree representations.
+         */
+
+        /* Build the bit length tree for the above two trees, and get the index
+         * in bl_order of the last bit length code to send.
+         */
+        max_blindex = build_bl_tree(s);
+
+        /* Determine the best encoding. Compute the block lengths in bytes. */
+        opt_lenb = (s->opt_len+3+7)>>3;
+        static_lenb = (s->static_len+3+7)>>3;
+
+        Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
+                opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
+                s->last_lit));
+
+        if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
+
+    } else {
+        Assert(buf != (char*)0, "lost buf");
+        opt_lenb = static_lenb = stored_len + 5; /* force a stored block */
+    }
+
+#ifdef FORCE_STORED
+    if (buf != (char*)0) { /* force stored block */
+#else
+    if (stored_len+4 <= opt_lenb && buf != (char*)0) {
+                       /* 4: two words for the lengths */
+#endif
+        /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
+         * Otherwise we can't have processed more than WSIZE input bytes since
+         * the last block flush, because compression would have been
+         * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
+         * transform a block into a stored block.
+         */
+        _tr_stored_block(s, buf, stored_len, last);
+
+#ifdef FORCE_STATIC
+    } else if (static_lenb >= 0) { /* force static trees */
+#else
+    } else if (s->strategy == Z_FIXED || static_lenb == opt_lenb) {
+#endif
+        send_bits(s, (STATIC_TREES<<1)+last, 3);
+        compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree);
+#ifdef DEBUG
+        s->compressed_len += 3 + s->static_len;
+#endif
+    } else {
+        send_bits(s, (DYN_TREES<<1)+last, 3);
+        send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1,
+                       max_blindex+1);
+        compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree);
+#ifdef DEBUG
+        s->compressed_len += 3 + s->opt_len;
+#endif
+    }
+    Assert (s->compressed_len == s->bits_sent, "bad compressed size");
+    /* The above check is made mod 2^32, for files larger than 512 MB
+     * and uLong implemented on 32 bits.
+     */
+    init_block(s);
+
+    if (last) {
+        bi_windup(s);
+#ifdef DEBUG
+        s->compressed_len += 7;  /* align on byte boundary */
+#endif
+    }
+    Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3,
+           s->compressed_len-7*last));
+}
+
+/* ===========================================================================
+ * Save the match info and tally the frequency counts. Return true if
+ * the current block must be flushed.
+ */
+int ZLIB_INTERNAL _tr_tally (s, dist, lc)
+    deflate_state *s;
+    unsigned dist;  /* distance of matched string */
+    unsigned lc;    /* match length-MIN_MATCH or unmatched char (if dist==0) */
+{
+    s->d_buf[s->last_lit] = (ush)dist;
+    s->l_buf[s->last_lit++] = (uch)lc;
+    if (dist == 0) {
+        /* lc is the unmatched char */
+        s->dyn_ltree[lc].Freq++;
+    } else {
+        s->matches++;
+        /* Here, lc is the match length - MIN_MATCH */
+        dist--;             /* dist = match distance - 1 */
+        Assert((ush)dist < (ush)MAX_DIST(s) &&
+               (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
+               (ush)d_code(dist) < (ush)D_CODES,  "_tr_tally: bad match");
+
+        s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
+        s->dyn_dtree[d_code(dist)].Freq++;
+    }
+
+#ifdef TRUNCATE_BLOCK
+    /* Try to guess if it is profitable to stop the current block here */
+    if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
+        /* Compute an upper bound for the compressed length */
+        ulg out_length = (ulg)s->last_lit*8L;
+        ulg in_length = (ulg)((long)s->strstart - s->block_start);
+        int dcode;
+        for (dcode = 0; dcode < D_CODES; dcode++) {
+            out_length += (ulg)s->dyn_dtree[dcode].Freq *
+                (5L+extra_dbits[dcode]);
+        }
+        out_length >>= 3;
+        Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
+               s->last_lit, in_length, out_length,
+               100L - out_length*100L/in_length));
+        if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
+    }
+#endif
+    return (s->last_lit == s->lit_bufsize-1);
+    /* We avoid equality with lit_bufsize because of wraparound at 64K
+     * on 16 bit machines and because stored blocks are restricted to
+     * 64K-1 bytes.
+     */
+}
+
+/* ===========================================================================
+ * Send the block data compressed using the given Huffman trees
+ */
+local void compress_block(s, ltree, dtree)
+    deflate_state *s;
+    ct_data *ltree; /* literal tree */
+    ct_data *dtree; /* distance tree */
+{
+    unsigned dist;      /* distance of matched string */
+    int lc;             /* match length or unmatched char (if dist == 0) */
+    unsigned lx = 0;    /* running index in l_buf */
+    unsigned code;      /* the code to send */
+    int extra;          /* number of extra bits to send */
+
+    if (s->last_lit != 0) do {
+        dist = s->d_buf[lx];
+        lc = s->l_buf[lx++];
+        if (dist == 0) {
+            send_code(s, lc, ltree); /* send a literal byte */
+            Tracecv(isgraph(lc), (stderr," '%c' ", lc));
+        } else {
+            /* Here, lc is the match length - MIN_MATCH */
+            code = _length_code[lc];
+            send_code(s, code+LITERALS+1, ltree); /* send the length code */
+            extra = extra_lbits[code];
+            if (extra != 0) {
+                lc -= base_length[code];
+                send_bits(s, lc, extra);       /* send the extra length bits */
+            }
+            dist--; /* dist is now the match distance - 1 */
+            code = d_code(dist);
+            Assert (code < D_CODES, "bad d_code");
+
+            send_code(s, code, dtree);       /* send the distance code */
+            extra = extra_dbits[code];
+            if (extra != 0) {
+                dist -= base_dist[code];
+                send_bits(s, dist, extra);   /* send the extra distance bits */
+            }
+        } /* literal or match pair ? */
+
+        /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
+        Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
+               "pendingBuf overflow");
+
+    } while (lx < s->last_lit);
+
+    send_code(s, END_BLOCK, ltree);
+    s->last_eob_len = ltree[END_BLOCK].Len;
+}
+
+/* ===========================================================================
+ * Check if the data type is TEXT or BINARY, using the following algorithm:
+ * - TEXT if the two conditions below are satisfied:
+ *    a) There are no non-portable control characters belonging to the
+ *       "black list" (0..6, 14..25, 28..31).
+ *    b) There is at least one printable character belonging to the
+ *       "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).
+ * - BINARY otherwise.
+ * - The following partially-portable control characters form a
+ *   "gray list" that is ignored in this detection algorithm:
+ *   (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).
+ * IN assertion: the fields Freq of dyn_ltree are set.
+ */
+local int detect_data_type(s)
+    deflate_state *s;
+{
+    /* black_mask is the bit mask of black-listed bytes
+     * set bits 0..6, 14..25, and 28..31
+     * 0xf3ffc07f = binary 11110011111111111100000001111111
+     */
+    unsigned long black_mask = 0xf3ffc07fUL;
+    int n;
+
+    /* Check for non-textual ("black-listed") bytes. */
+    for (n = 0; n <= 31; n++, black_mask >>= 1)
+        if ((black_mask & 1) && (s->dyn_ltree[n].Freq != 0))
+            return Z_BINARY;
+
+    /* Check for textual ("white-listed") bytes. */
+    if (s->dyn_ltree[9].Freq != 0 || s->dyn_ltree[10].Freq != 0
+            || s->dyn_ltree[13].Freq != 0)
+        return Z_TEXT;
+    for (n = 32; n < LITERALS; n++)
+        if (s->dyn_ltree[n].Freq != 0)
+            return Z_TEXT;
+
+    /* There are no "black-listed" or "white-listed" bytes:
+     * this stream either is empty or has tolerated ("gray-listed") bytes only.
+     */
+    return Z_BINARY;
+}
+
+/* ===========================================================================
+ * Reverse the first len bits of a code, using straightforward code (a faster
+ * method would use a table)
+ * IN assertion: 1 <= len <= 15
+ */
+local unsigned bi_reverse(code, len)
+    unsigned code; /* the value to invert */
+    int len;       /* its bit length */
+{
+    register unsigned res = 0;
+    do {
+        res |= code & 1;
+        code >>= 1, res <<= 1;
+    } while (--len > 0);
+    return res >> 1;
+}
+
+/* ===========================================================================
+ * Flush the bit buffer, keeping at most 7 bits in it.
+ */
+local void bi_flush(s)
+    deflate_state *s;
+{
+    if (s->bi_valid == 16) {
+        put_short(s, s->bi_buf);
+        s->bi_buf = 0;
+        s->bi_valid = 0;
+    } else if (s->bi_valid >= 8) {
+        put_byte(s, (Byte)s->bi_buf);
+        s->bi_buf >>= 8;
+        s->bi_valid -= 8;
+    }
+}
+
+/* ===========================================================================
+ * Flush the bit buffer and align the output on a byte boundary
+ */
+local void bi_windup(s)
+    deflate_state *s;
+{
+    if (s->bi_valid > 8) {
+        put_short(s, s->bi_buf);
+    } else if (s->bi_valid > 0) {
+        put_byte(s, (Byte)s->bi_buf);
+    }
+    s->bi_buf = 0;
+    s->bi_valid = 0;
+#ifdef DEBUG
+    s->bits_sent = (s->bits_sent+7) & ~7;
+#endif
+}
+
+/* ===========================================================================
+ * Copy a stored block, storing first the length and its
+ * one's complement if requested.
+ */
+local void copy_block(s, buf, len, header)
+    deflate_state *s;
+    charf    *buf;    /* the input data */
+    unsigned len;     /* its length */
+    int      header;  /* true if block header must be written */
+{
+    bi_windup(s);        /* align on byte boundary */
+    s->last_eob_len = 8; /* enough lookahead for inflate */
+
+    if (header) {
+        put_short(s, (ush)len);
+        put_short(s, (ush)~len);
+#ifdef DEBUG
+        s->bits_sent += 2*16;
+#endif
+    }
+#ifdef DEBUG
+    s->bits_sent += (ulg)len<<3;
+#endif
+    while (len--) {
+        put_byte(s, *buf++);
+    }
+}
diff --git a/nss/lib/zlib/trees.h b/nss/lib/zlib/trees.h
new file mode 100644
index 0000000..d0868d9
--- /dev/null
+++ b/nss/lib/zlib/trees.h
@@ -0,0 +1,132 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* header created automatically with -DGEN_TREES_H */
+
+local const ct_data static_ltree[L_CODES+2] = {
+{{ 12},{  8}}, {{140},{  8}}, {{ 76},{  8}}, {{204},{  8}}, {{ 44},{  8}},
+{{172},{  8}}, {{108},{  8}}, {{236},{  8}}, {{ 28},{  8}}, {{156},{  8}},
+{{ 92},{  8}}, {{220},{  8}}, {{ 60},{  8}}, {{188},{  8}}, {{124},{  8}},
+{{252},{  8}}, {{  2},{  8}}, {{130},{  8}}, {{ 66},{  8}}, {{194},{  8}},
+{{ 34},{  8}}, {{162},{  8}}, {{ 98},{  8}}, {{226},{  8}}, {{ 18},{  8}},
+{{146},{  8}}, {{ 82},{  8}}, {{210},{  8}}, {{ 50},{  8}}, {{178},{  8}},
+{{114},{  8}}, {{242},{  8}}, {{ 10},{  8}}, {{138},{  8}}, {{ 74},{  8}},
+{{202},{  8}}, {{ 42},{  8}}, {{170},{  8}}, {{106},{  8}}, {{234},{  8}},
+{{ 26},{  8}}, {{154},{  8}}, {{ 90},{  8}}, {{218},{  8}}, {{ 58},{  8}},
+{{186},{  8}}, {{122},{  8}}, {{250},{  8}}, {{  6},{  8}}, {{134},{  8}},
+{{ 70},{  8}}, {{198},{  8}}, {{ 38},{  8}}, {{166},{  8}}, {{102},{  8}},
+{{230},{  8}}, {{ 22},{  8}}, {{150},{  8}}, {{ 86},{  8}}, {{214},{  8}},
+{{ 54},{  8}}, {{182},{  8}}, {{118},{  8}}, {{246},{  8}}, {{ 14},{  8}},
+{{142},{  8}}, {{ 78},{  8}}, {{206},{  8}}, {{ 46},{  8}}, {{174},{  8}},
+{{110},{  8}}, {{238},{  8}}, {{ 30},{  8}}, {{158},{  8}}, {{ 94},{  8}},
+{{222},{  8}}, {{ 62},{  8}}, {{190},{  8}}, {{126},{  8}}, {{254},{  8}},
+{{  1},{  8}}, {{129},{  8}}, {{ 65},{  8}}, {{193},{  8}}, {{ 33},{  8}},
+{{161},{  8}}, {{ 97},{  8}}, {{225},{  8}}, {{ 17},{  8}}, {{145},{  8}},
+{{ 81},{  8}}, {{209},{  8}}, {{ 49},{  8}}, {{177},{  8}}, {{113},{  8}},
+{{241},{  8}}, {{  9},{  8}}, {{137},{  8}}, {{ 73},{  8}}, {{201},{  8}},
+{{ 41},{  8}}, {{169},{  8}}, {{105},{  8}}, {{233},{  8}}, {{ 25},{  8}},
+{{153},{  8}}, {{ 89},{  8}}, {{217},{  8}}, {{ 57},{  8}}, {{185},{  8}},
+{{121},{  8}}, {{249},{  8}}, {{  5},{  8}}, {{133},{  8}}, {{ 69},{  8}},
+{{197},{  8}}, {{ 37},{  8}}, {{165},{  8}}, {{101},{  8}}, {{229},{  8}},
+{{ 21},{  8}}, {{149},{  8}}, {{ 85},{  8}}, {{213},{  8}}, {{ 53},{  8}},
+{{181},{  8}}, {{117},{  8}}, {{245},{  8}}, {{ 13},{  8}}, {{141},{  8}},
+{{ 77},{  8}}, {{205},{  8}}, {{ 45},{  8}}, {{173},{  8}}, {{109},{  8}},
+{{237},{  8}}, {{ 29},{  8}}, {{157},{  8}}, {{ 93},{  8}}, {{221},{  8}},
+{{ 61},{  8}}, {{189},{  8}}, {{125},{  8}}, {{253},{  8}}, {{ 19},{  9}},
+{{275},{  9}}, {{147},{  9}}, {{403},{  9}}, {{ 83},{  9}}, {{339},{  9}},
+{{211},{  9}}, {{467},{  9}}, {{ 51},{  9}}, {{307},{  9}}, {{179},{  9}},
+{{435},{  9}}, {{115},{  9}}, {{371},{  9}}, {{243},{  9}}, {{499},{  9}},
+{{ 11},{  9}}, {{267},{  9}}, {{139},{  9}}, {{395},{  9}}, {{ 75},{  9}},
+{{331},{  9}}, {{203},{  9}}, {{459},{  9}}, {{ 43},{  9}}, {{299},{  9}},
+{{171},{  9}}, {{427},{  9}}, {{107},{  9}}, {{363},{  9}}, {{235},{  9}},
+{{491},{  9}}, {{ 27},{  9}}, {{283},{  9}}, {{155},{  9}}, {{411},{  9}},
+{{ 91},{  9}}, {{347},{  9}}, {{219},{  9}}, {{475},{  9}}, {{ 59},{  9}},
+{{315},{  9}}, {{187},{  9}}, {{443},{  9}}, {{123},{  9}}, {{379},{  9}},
+{{251},{  9}}, {{507},{  9}}, {{  7},{  9}}, {{263},{  9}}, {{135},{  9}},
+{{391},{  9}}, {{ 71},{  9}}, {{327},{  9}}, {{199},{  9}}, {{455},{  9}},
+{{ 39},{  9}}, {{295},{  9}}, {{167},{  9}}, {{423},{  9}}, {{103},{  9}},
+{{359},{  9}}, {{231},{  9}}, {{487},{  9}}, {{ 23},{  9}}, {{279},{  9}},
+{{151},{  9}}, {{407},{  9}}, {{ 87},{  9}}, {{343},{  9}}, {{215},{  9}},
+{{471},{  9}}, {{ 55},{  9}}, {{311},{  9}}, {{183},{  9}}, {{439},{  9}},
+{{119},{  9}}, {{375},{  9}}, {{247},{  9}}, {{503},{  9}}, {{ 15},{  9}},
+{{271},{  9}}, {{143},{  9}}, {{399},{  9}}, {{ 79},{  9}}, {{335},{  9}},
+{{207},{  9}}, {{463},{  9}}, {{ 47},{  9}}, {{303},{  9}}, {{175},{  9}},
+{{431},{  9}}, {{111},{  9}}, {{367},{  9}}, {{239},{  9}}, {{495},{  9}},
+{{ 31},{  9}}, {{287},{  9}}, {{159},{  9}}, {{415},{  9}}, {{ 95},{  9}},
+{{351},{  9}}, {{223},{  9}}, {{479},{  9}}, {{ 63},{  9}}, {{319},{  9}},
+{{191},{  9}}, {{447},{  9}}, {{127},{  9}}, {{383},{  9}}, {{255},{  9}},
+{{511},{  9}}, {{  0},{  7}}, {{ 64},{  7}}, {{ 32},{  7}}, {{ 96},{  7}},
+{{ 16},{  7}}, {{ 80},{  7}}, {{ 48},{  7}}, {{112},{  7}}, {{  8},{  7}},
+{{ 72},{  7}}, {{ 40},{  7}}, {{104},{  7}}, {{ 24},{  7}}, {{ 88},{  7}},
+{{ 56},{  7}}, {{120},{  7}}, {{  4},{  7}}, {{ 68},{  7}}, {{ 36},{  7}},
+{{100},{  7}}, {{ 20},{  7}}, {{ 84},{  7}}, {{ 52},{  7}}, {{116},{  7}},
+{{  3},{  8}}, {{131},{  8}}, {{ 67},{  8}}, {{195},{  8}}, {{ 35},{  8}},
+{{163},{  8}}, {{ 99},{  8}}, {{227},{  8}}
+};
+
+local const ct_data static_dtree[D_CODES] = {
+{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}},
+{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}},
+{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}},
+{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}},
+{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}},
+{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}}
+};
+
+const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = {
+ 0,  1,  2,  3,  4,  4,  5,  5,  6,  6,  6,  6,  7,  7,  7,  7,  8,  8,  8,  8,
+ 8,  8,  8,  8,  9,  9,  9,  9,  9,  9,  9,  9, 10, 10, 10, 10, 10, 10, 10, 10,
+10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11,
+11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12,
+12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13,
+13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,  0,  0, 16, 17,
+18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22,
+23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29
+};
+
+const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= {
+ 0,  1,  2,  3,  4,  5,  6,  7,  8,  8,  9,  9, 10, 10, 11, 11, 12, 12, 12, 12,
+13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16,
+17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19,
+19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20,
+21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22,
+22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23,
+23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
+25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28
+};
+
+local const int base_length[LENGTH_CODES] = {
+0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56,
+64, 80, 96, 112, 128, 160, 192, 224, 0
+};
+
+local const int base_dist[D_CODES] = {
+    0,     1,     2,     3,     4,     6,     8,    12,    16,    24,
+   32,    48,    64,    96,   128,   192,   256,   384,   512,   768,
+ 1024,  1536,  2048,  3072,  4096,  6144,  8192, 12288, 16384, 24576
+};
+
diff --git a/nss/lib/zlib/uncompr.c b/nss/lib/zlib/uncompr.c
new file mode 100644
index 0000000..ad98be3
--- /dev/null
+++ b/nss/lib/zlib/uncompr.c
@@ -0,0 +1,59 @@
+/* uncompr.c -- decompress a memory buffer
+ * Copyright (C) 1995-2003, 2010 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#define ZLIB_INTERNAL
+#include "zlib.h"
+
+/* ===========================================================================
+     Decompresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer. Upon entry, destLen is the total
+   size of the destination buffer, which must be large enough to hold the
+   entire uncompressed data. (The size of the uncompressed data must have
+   been saved previously by the compressor and transmitted to the decompressor
+   by some mechanism outside the scope of this compression library.)
+   Upon exit, destLen is the actual size of the compressed buffer.
+
+     uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer, or Z_DATA_ERROR if the input data was corrupted.
+*/
+int ZEXPORT uncompress (dest, destLen, source, sourceLen)
+    Bytef *dest;
+    uLongf *destLen;
+    const Bytef *source;
+    uLong sourceLen;
+{
+    z_stream stream;
+    int err;
+
+    stream.next_in = (Bytef*)source;
+    stream.avail_in = (uInt)sourceLen;
+    /* Check for source > 64K on 16-bit machine: */
+    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
+
+    stream.next_out = dest;
+    stream.avail_out = (uInt)*destLen;
+    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
+
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+
+    err = inflateInit(&stream);
+    if (err != Z_OK) return err;
+
+    err = inflate(&stream, Z_FINISH);
+    if (err != Z_STREAM_END) {
+        inflateEnd(&stream);
+        if (err == Z_NEED_DICT || (err == Z_BUF_ERROR && stream.avail_in == 0))
+            return Z_DATA_ERROR;
+        return err;
+    }
+    *destLen = stream.total_out;
+
+    err = inflateEnd(&stream);
+    return err;
+}
diff --git a/nss/lib/zlib/zconf.h b/nss/lib/zlib/zconf.h
new file mode 100644
index 0000000..02ce56c
--- /dev/null
+++ b/nss/lib/zlib/zconf.h
@@ -0,0 +1,428 @@
+/* zconf.h -- configuration of the zlib compression library
+ * Copyright (C) 1995-2010 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZCONF_H
+#define ZCONF_H
+
+/*
+ * If you *really* need a unique prefix for all types and library functions,
+ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
+ * Even better than compiling with -DZ_PREFIX would be to use configure to set
+ * this permanently in zconf.h using "./configure --zprefix".
+ */
+#ifdef Z_PREFIX     /* may be set to #if 1 by ./configure */
+
+/* all linked symbols */
+#  define _dist_code            z__dist_code
+#  define _length_code          z__length_code
+#  define _tr_align             z__tr_align
+#  define _tr_flush_block       z__tr_flush_block
+#  define _tr_init              z__tr_init
+#  define _tr_stored_block      z__tr_stored_block
+#  define _tr_tally             z__tr_tally
+#  define adler32               z_adler32
+#  define adler32_combine       z_adler32_combine
+#  define adler32_combine64     z_adler32_combine64
+#  define compress              z_compress
+#  define compress2             z_compress2
+#  define compressBound         z_compressBound
+#  define crc32                 z_crc32
+#  define crc32_combine         z_crc32_combine
+#  define crc32_combine64       z_crc32_combine64
+#  define deflate               z_deflate
+#  define deflateBound          z_deflateBound
+#  define deflateCopy           z_deflateCopy
+#  define deflateEnd            z_deflateEnd
+#  define deflateInit2_         z_deflateInit2_
+#  define deflateInit_          z_deflateInit_
+#  define deflateParams         z_deflateParams
+#  define deflatePrime          z_deflatePrime
+#  define deflateReset          z_deflateReset
+#  define deflateSetDictionary  z_deflateSetDictionary
+#  define deflateSetHeader      z_deflateSetHeader
+#  define deflateTune           z_deflateTune
+#  define deflate_copyright     z_deflate_copyright
+#  define get_crc_table         z_get_crc_table
+#  define gz_error              z_gz_error
+#  define gz_intmax             z_gz_intmax
+#  define gz_strwinerror        z_gz_strwinerror
+#  define gzbuffer              z_gzbuffer
+#  define gzclearerr            z_gzclearerr
+#  define gzclose               z_gzclose
+#  define gzclose_r             z_gzclose_r
+#  define gzclose_w             z_gzclose_w
+#  define gzdirect              z_gzdirect
+#  define gzdopen               z_gzdopen
+#  define gzeof                 z_gzeof
+#  define gzerror               z_gzerror
+#  define gzflush               z_gzflush
+#  define gzgetc                z_gzgetc
+#  define gzgets                z_gzgets
+#  define gzoffset              z_gzoffset
+#  define gzoffset64            z_gzoffset64
+#  define gzopen                z_gzopen
+#  define gzopen64              z_gzopen64
+#  define gzprintf              z_gzprintf
+#  define gzputc                z_gzputc
+#  define gzputs                z_gzputs
+#  define gzread                z_gzread
+#  define gzrewind              z_gzrewind
+#  define gzseek                z_gzseek
+#  define gzseek64              z_gzseek64
+#  define gzsetparams           z_gzsetparams
+#  define gztell                z_gztell
+#  define gztell64              z_gztell64
+#  define gzungetc              z_gzungetc
+#  define gzwrite               z_gzwrite
+#  define inflate               z_inflate
+#  define inflateBack           z_inflateBack
+#  define inflateBackEnd        z_inflateBackEnd
+#  define inflateBackInit_      z_inflateBackInit_
+#  define inflateCopy           z_inflateCopy
+#  define inflateEnd            z_inflateEnd
+#  define inflateGetHeader      z_inflateGetHeader
+#  define inflateInit2_         z_inflateInit2_
+#  define inflateInit_          z_inflateInit_
+#  define inflateMark           z_inflateMark
+#  define inflatePrime          z_inflatePrime
+#  define inflateReset          z_inflateReset
+#  define inflateReset2         z_inflateReset2
+#  define inflateSetDictionary  z_inflateSetDictionary
+#  define inflateSync           z_inflateSync
+#  define inflateSyncPoint      z_inflateSyncPoint
+#  define inflateUndermine      z_inflateUndermine
+#  define inflate_copyright     z_inflate_copyright
+#  define inflate_fast          z_inflate_fast
+#  define inflate_table         z_inflate_table
+#  define uncompress            z_uncompress
+#  define zError                z_zError
+#  define zcalloc               z_zcalloc
+#  define zcfree                z_zcfree
+#  define zlibCompileFlags      z_zlibCompileFlags
+#  define zlibVersion           z_zlibVersion
+
+/* all zlib typedefs in zlib.h and zconf.h */
+#  define Byte                  z_Byte
+#  define Bytef                 z_Bytef
+#  define alloc_func            z_alloc_func
+#  define charf                 z_charf
+#  define free_func             z_free_func
+#  define gzFile                z_gzFile
+#  define gz_header             z_gz_header
+#  define gz_headerp            z_gz_headerp
+#  define in_func               z_in_func
+#  define intf                  z_intf
+#  define out_func              z_out_func
+#  define uInt                  z_uInt
+#  define uIntf                 z_uIntf
+#  define uLong                 z_uLong
+#  define uLongf                z_uLongf
+#  define voidp                 z_voidp
+#  define voidpc                z_voidpc
+#  define voidpf                z_voidpf
+
+/* all zlib structs in zlib.h and zconf.h */
+#  define gz_header_s           z_gz_header_s
+#  define internal_state        z_internal_state
+
+#endif
+
+#if defined(__MSDOS__) && !defined(MSDOS)
+#  define MSDOS
+#endif
+#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2)
+#  define OS2
+#endif
+#if defined(_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+#endif
+#if defined(_WIN32) || defined(_WIN32_WCE) || defined(__WIN32__)
+#  ifndef WIN32
+#    define WIN32
+#  endif
+#endif
+#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32)
+#  if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__)
+#    ifndef SYS16BIT
+#      define SYS16BIT
+#    endif
+#  endif
+#endif
+
+/*
+ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
+ * than 64k bytes at a time (needed on systems with 16-bit int).
+ */
+#ifdef SYS16BIT
+#  define MAXSEG_64K
+#endif
+#ifdef MSDOS
+#  define UNALIGNED_OK
+#endif
+
+#ifdef __STDC_VERSION__
+#  ifndef STDC
+#    define STDC
+#  endif
+#  if __STDC_VERSION__ >= 199901L
+#    ifndef STDC99
+#      define STDC99
+#    endif
+#  endif
+#endif
+#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__))
+#  define STDC
+#endif
+
+#if defined(__OS400__) && !defined(STDC)    /* iSeries (formerly AS/400). */
+#  define STDC
+#endif
+
+#ifndef STDC
+#  ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
+#    define const       /* note: need a more gentle solution here */
+#  endif
+#endif
+
+/* Some Mac compilers merge all .h files incorrectly: */
+#if defined(__MWERKS__)||defined(applec)||defined(THINK_C)||defined(__SC__)
+#  define NO_DUMMY_DECL
+#endif
+
+/* Maximum value for memLevel in deflateInit2 */
+#ifndef MAX_MEM_LEVEL
+#  ifdef MAXSEG_64K
+#    define MAX_MEM_LEVEL 8
+#  else
+#    define MAX_MEM_LEVEL 9
+#  endif
+#endif
+
+/* Maximum value for windowBits in deflateInit2 and inflateInit2.
+ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
+ * created by gzip. (Files created by minigzip can still be extracted by
+ * gzip.)
+ */
+#ifndef MAX_WBITS
+#  define MAX_WBITS   15 /* 32K LZ77 window */
+#endif
+
+/* The memory requirements for deflate are (in bytes):
+            (1 << (windowBits+2)) +  (1 << (memLevel+9))
+ that is: 128K for windowBits=15  +  128K for memLevel = 8  (default values)
+ plus a few kilobytes for small objects. For example, if you want to reduce
+ the default memory requirements from 256K to 128K, compile with
+     make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
+ Of course this will generally degrade compression (there's no free lunch).
+
+   The memory requirements for inflate are (in bytes) 1 << windowBits
+ that is, 32K for windowBits=15 (default value) plus a few kilobytes
+ for small objects.
+*/
+
+                        /* Type declarations */
+
+#ifndef OF /* function prototypes */
+#  ifdef STDC
+#    define OF(args)  args
+#  else
+#    define OF(args)  ()
+#  endif
+#endif
+
+/* The following definitions for FAR are needed only for MSDOS mixed
+ * model programming (small or medium model with some far allocations).
+ * This was tested only with MSC; for other MSDOS compilers you may have
+ * to define NO_MEMCPY in zutil.h.  If you don't need the mixed model,
+ * just define FAR to be empty.
+ */
+#ifdef SYS16BIT
+#  if defined(M_I86SM) || defined(M_I86MM)
+     /* MSC small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef _MSC_VER
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#  if (defined(__SMALL__) || defined(__MEDIUM__))
+     /* Turbo C small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef __BORLANDC__
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#endif
+
+#if defined(WINDOWS) || defined(WIN32)
+   /* If building or using zlib as a DLL, define ZLIB_DLL.
+    * This is not mandatory, but it offers a little performance increase.
+    */
+#  ifdef ZLIB_DLL
+#    if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500))
+#      ifdef ZLIB_INTERNAL
+#        define ZEXTERN extern __declspec(dllexport)
+#      else
+#        define ZEXTERN extern __declspec(dllimport)
+#      endif
+#    endif
+#  endif  /* ZLIB_DLL */
+   /* If building or using zlib with the WINAPI/WINAPIV calling convention,
+    * define ZLIB_WINAPI.
+    * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI.
+    */
+#  ifdef ZLIB_WINAPI
+#    ifdef FAR
+#      undef FAR
+#    endif
+#    include <windows.h>
+     /* No need for _export, use ZLIB.DEF instead. */
+     /* For complete Windows compatibility, use WINAPI, not __stdcall. */
+#    define ZEXPORT WINAPI
+#    ifdef WIN32
+#      define ZEXPORTVA WINAPIV
+#    else
+#      define ZEXPORTVA FAR CDECL
+#    endif
+#  endif
+#endif
+
+#if defined (__BEOS__)
+#  ifdef ZLIB_DLL
+#    ifdef ZLIB_INTERNAL
+#      define ZEXPORT   __declspec(dllexport)
+#      define ZEXPORTVA __declspec(dllexport)
+#    else
+#      define ZEXPORT   __declspec(dllimport)
+#      define ZEXPORTVA __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+#ifndef ZEXTERN
+#  define ZEXTERN extern
+#endif
+#ifndef ZEXPORT
+#  define ZEXPORT
+#endif
+#ifndef ZEXPORTVA
+#  define ZEXPORTVA
+#endif
+
+#ifndef FAR
+#  define FAR
+#endif
+
+#if !defined(__MACTYPES__)
+typedef unsigned char  Byte;  /* 8 bits */
+#endif
+typedef unsigned int   uInt;  /* 16 bits or more */
+typedef unsigned long  uLong; /* 32 bits or more */
+
+#ifdef SMALL_MEDIUM
+   /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
+#  define Bytef Byte FAR
+#else
+   typedef Byte  FAR Bytef;
+#endif
+typedef char  FAR charf;
+typedef int   FAR intf;
+typedef uInt  FAR uIntf;
+typedef uLong FAR uLongf;
+
+#ifdef STDC
+   typedef void const *voidpc;
+   typedef void FAR   *voidpf;
+   typedef void       *voidp;
+#else
+   typedef Byte const *voidpc;
+   typedef Byte FAR   *voidpf;
+   typedef Byte       *voidp;
+#endif
+
+#ifdef HAVE_UNISTD_H    /* may be set to #if 1 by ./configure */
+#  define Z_HAVE_UNISTD_H
+#endif
+
+#ifdef STDC
+#  include <sys/types.h>    /* for off_t */
+#endif
+
+/* a little trick to accommodate both "#define _LARGEFILE64_SOURCE" and
+ * "#define _LARGEFILE64_SOURCE 1" as requesting 64-bit operations, (even
+ * though the former does not conform to the LFS document), but considering
+ * both "#undef _LARGEFILE64_SOURCE" and "#define _LARGEFILE64_SOURCE 0" as
+ * equivalently requesting no 64-bit operations
+ */
+#if -_LARGEFILE64_SOURCE - -1 == 1
+#  undef _LARGEFILE64_SOURCE
+#endif
+
+#if defined(Z_HAVE_UNISTD_H) || defined(_LARGEFILE64_SOURCE)
+#  include <unistd.h>       /* for SEEK_* and off_t */
+#  ifdef VMS
+#    include <unixio.h>     /* for off_t */
+#  endif
+#  ifndef z_off_t
+#    define z_off_t off_t
+#  endif
+#endif
+
+#ifndef SEEK_SET
+#  define SEEK_SET        0       /* Seek from beginning of file.  */
+#  define SEEK_CUR        1       /* Seek from current position.  */
+#  define SEEK_END        2       /* Set file pointer to EOF plus "offset" */
+#endif
+
+#ifndef z_off_t
+#  define z_off_t long
+#endif
+
+#if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0
+#  define z_off64_t off64_t
+#else
+#  define z_off64_t z_off_t
+#endif
+
+#if defined(__OS400__)
+#  define NO_vsnprintf
+#endif
+
+#if defined(__MVS__)
+#  define NO_vsnprintf
+#endif
+
+/* MVS linker does not support external names larger than 8 bytes */
+#if defined(__MVS__)
+  #pragma map(deflateInit_,"DEIN")
+  #pragma map(deflateInit2_,"DEIN2")
+  #pragma map(deflateEnd,"DEEND")
+  #pragma map(deflateBound,"DEBND")
+  #pragma map(inflateInit_,"ININ")
+  #pragma map(inflateInit2_,"ININ2")
+  #pragma map(inflateEnd,"INEND")
+  #pragma map(inflateSync,"INSY")
+  #pragma map(inflateSetDictionary,"INSEDI")
+  #pragma map(compressBound,"CMBND")
+  #pragma map(inflate_table,"INTABL")
+  #pragma map(inflate_fast,"INFA")
+  #pragma map(inflate_copyright,"INCOPY")
+#endif
+
+#endif /* ZCONF_H */
diff --git a/nss/lib/zlib/zlib.gyp b/nss/lib/zlib/zlib.gyp
new file mode 100644
index 0000000..c89dbd9
--- /dev/null
+++ b/nss/lib/zlib/zlib.gyp
@@ -0,0 +1,49 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+    "../../coreconf/config.gypi"
+  ],
+  'variables': {
+    'module': 'nss',
+  },
+  'conditions': [
+    ['use_system_zlib==1', {
+      'targets': [{
+        'target_name': 'nss_zlib',
+        'type': 'none',
+        'link_settings': {
+          'libraries': ['<@(zlib_libs)'],
+        },
+      }],
+    }, {
+      'targets': [{
+        'target_name': 'nss_zlib',
+        'type': 'static_library',
+        'sources': [
+          'adler32.c',
+          'compress.c',
+          'crc32.c',
+          'deflate.c',
+          'gzclose.c',
+          'gzlib.c',
+          'gzread.c',
+          'gzwrite.c',
+          'infback.c',
+          'inffast.c',
+          'inflate.c',
+          'inftrees.c',
+          'trees.c',
+          'uncompr.c',
+          'zutil.c',
+        ],
+        'defines': [
+          # Define verbose as -1 to turn off all zlib trace messages in
+          # debug builds.
+          'verbose=-1',
+        ],
+      }],
+    }]
+  ],
+}
diff --git a/nss/lib/zlib/zlib.h b/nss/lib/zlib/zlib.h
new file mode 100644
index 0000000..bfbba83
--- /dev/null
+++ b/nss/lib/zlib/zlib.h
@@ -0,0 +1,1613 @@
+/* zlib.h -- interface of the 'zlib' general purpose compression library
+  version 1.2.5, April 19th, 2010
+
+  Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+
+  The data format used by the zlib library is described by RFCs (Request for
+  Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt
+  (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
+*/
+
+#ifndef ZLIB_H
+#define ZLIB_H
+
+#include "zconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ZLIB_VERSION "1.2.5"
+#define ZLIB_VERNUM 0x1250
+#define ZLIB_VER_MAJOR 1
+#define ZLIB_VER_MINOR 2
+#define ZLIB_VER_REVISION 5
+#define ZLIB_VER_SUBREVISION 0
+
+/*
+    The 'zlib' compression library provides in-memory compression and
+  decompression functions, including integrity checks of the uncompressed data.
+  This version of the library supports only one compression method (deflation)
+  but other algorithms will be added later and will have the same stream
+  interface.
+
+    Compression can be done in a single step if the buffers are large enough,
+  or can be done by repeated calls of the compression function.  In the latter
+  case, the application must provide more input and/or consume the output
+  (providing more output space) before each call.
+
+    The compressed data format used by default by the in-memory functions is
+  the zlib format, which is a zlib wrapper documented in RFC 1950, wrapped
+  around a deflate stream, which is itself documented in RFC 1951.
+
+    The library also supports reading and writing files in gzip (.gz) format
+  with an interface similar to that of stdio using the functions that start
+  with "gz".  The gzip format is different from the zlib format.  gzip is a
+  gzip wrapper, documented in RFC 1952, wrapped around a deflate stream.
+
+    This library can optionally read and write gzip streams in memory as well.
+
+    The zlib format was designed to be compact and fast for use in memory
+  and on communications channels.  The gzip format was designed for single-
+  file compression on file systems, has a larger header than zlib to maintain
+  directory information, and uses a different, slower check method than zlib.
+
+    The library does not install any signal handler.  The decoder checks
+  the consistency of the compressed data, so the library should never crash
+  even in case of corrupted input.
+*/
+
+typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
+typedef void   (*free_func)  OF((voidpf opaque, voidpf address));
+
+struct internal_state;
+
+typedef struct z_stream_s {
+    Bytef    *next_in;  /* next input byte */
+    uInt     avail_in;  /* number of bytes available at next_in */
+    uLong    total_in;  /* total nb of input bytes read so far */
+
+    Bytef    *next_out; /* next output byte should be put there */
+    uInt     avail_out; /* remaining free space at next_out */
+    uLong    total_out; /* total nb of bytes output so far */
+
+    char     *msg;      /* last error message, NULL if no error */
+    struct internal_state FAR *state; /* not visible by applications */
+
+    alloc_func zalloc;  /* used to allocate the internal state */
+    free_func  zfree;   /* used to free the internal state */
+    voidpf     opaque;  /* private data object passed to zalloc and zfree */
+
+    int     data_type;  /* best guess about the data type: binary or text */
+    uLong   adler;      /* adler32 value of the uncompressed data */
+    uLong   reserved;   /* reserved for future use */
+} z_stream;
+
+typedef z_stream FAR *z_streamp;
+
+/*
+     gzip header information passed to and from zlib routines.  See RFC 1952
+  for more details on the meanings of these fields.
+*/
+typedef struct gz_header_s {
+    int     text;       /* true if compressed data believed to be text */
+    uLong   time;       /* modification time */
+    int     xflags;     /* extra flags (not used when writing a gzip file) */
+    int     os;         /* operating system */
+    Bytef   *extra;     /* pointer to extra field or Z_NULL if none */
+    uInt    extra_len;  /* extra field length (valid if extra != Z_NULL) */
+    uInt    extra_max;  /* space at extra (only when reading header) */
+    Bytef   *name;      /* pointer to zero-terminated file name or Z_NULL */
+    uInt    name_max;   /* space at name (only when reading header) */
+    Bytef   *comment;   /* pointer to zero-terminated comment or Z_NULL */
+    uInt    comm_max;   /* space at comment (only when reading header) */
+    int     hcrc;       /* true if there was or will be a header crc */
+    int     done;       /* true when done reading gzip header (not used
+                           when writing a gzip file) */
+} gz_header;
+
+typedef gz_header FAR *gz_headerp;
+
+/*
+     The application must update next_in and avail_in when avail_in has dropped
+   to zero.  It must update next_out and avail_out when avail_out has dropped
+   to zero.  The application must initialize zalloc, zfree and opaque before
+   calling the init function.  All other fields are set by the compression
+   library and must not be updated by the application.
+
+     The opaque value provided by the application will be passed as the first
+   parameter for calls of zalloc and zfree.  This can be useful for custom
+   memory management.  The compression library attaches no meaning to the
+   opaque value.
+
+     zalloc must return Z_NULL if there is not enough memory for the object.
+   If zlib is used in a multi-threaded application, zalloc and zfree must be
+   thread safe.
+
+     On 16-bit systems, the functions zalloc and zfree must be able to allocate
+   exactly 65536 bytes, but will not be required to allocate more than this if
+   the symbol MAXSEG_64K is defined (see zconf.h).  WARNING: On MSDOS, pointers
+   returned by zalloc for objects of exactly 65536 bytes *must* have their
+   offset normalized to zero.  The default allocation function provided by this
+   library ensures this (see zutil.c).  To reduce memory requirements and avoid
+   any allocation of 64K objects, at the expense of compression ratio, compile
+   the library with -DMAX_WBITS=14 (see zconf.h).
+
+     The fields total_in and total_out can be used for statistics or progress
+   reports.  After compression, total_in holds the total size of the
+   uncompressed data and may be saved for use in the decompressor (particularly
+   if the decompressor wants to decompress everything in a single step).
+*/
+
+                        /* constants */
+
+#define Z_NO_FLUSH      0
+#define Z_PARTIAL_FLUSH 1
+#define Z_SYNC_FLUSH    2
+#define Z_FULL_FLUSH    3
+#define Z_FINISH        4
+#define Z_BLOCK         5
+#define Z_TREES         6
+/* Allowed flush values; see deflate() and inflate() below for details */
+
+#define Z_OK            0
+#define Z_STREAM_END    1
+#define Z_NEED_DICT     2
+#define Z_ERRNO        (-1)
+#define Z_STREAM_ERROR (-2)
+#define Z_DATA_ERROR   (-3)
+#define Z_MEM_ERROR    (-4)
+#define Z_BUF_ERROR    (-5)
+#define Z_VERSION_ERROR (-6)
+/* Return codes for the compression/decompression functions. Negative values
+ * are errors, positive values are used for special but normal events.
+ */
+
+#define Z_NO_COMPRESSION         0
+#define Z_BEST_SPEED             1
+#define Z_BEST_COMPRESSION       9
+#define Z_DEFAULT_COMPRESSION  (-1)
+/* compression levels */
+
+#define Z_FILTERED            1
+#define Z_HUFFMAN_ONLY        2
+#define Z_RLE                 3
+#define Z_FIXED               4
+#define Z_DEFAULT_STRATEGY    0
+/* compression strategy; see deflateInit2() below for details */
+
+#define Z_BINARY   0
+#define Z_TEXT     1
+#define Z_ASCII    Z_TEXT   /* for compatibility with 1.2.2 and earlier */
+#define Z_UNKNOWN  2
+/* Possible values of the data_type field (though see inflate()) */
+
+#define Z_DEFLATED   8
+/* The deflate compression method (the only one supported in this version) */
+
+#define Z_NULL  0  /* for initializing zalloc, zfree, opaque */
+
+#define zlib_version zlibVersion()
+/* for compatibility with versions < 1.0.2 */
+
+
+                        /* basic functions */
+
+ZEXTERN const char * ZEXPORT zlibVersion OF((void));
+/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
+   If the first character differs, the library code actually used is not
+   compatible with the zlib.h header file used by the application.  This check
+   is automatically made by deflateInit and inflateInit.
+ */
+
+/*
+ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
+
+     Initializes the internal stream state for compression.  The fields
+   zalloc, zfree and opaque must be initialized before by the caller.  If
+   zalloc and zfree are set to Z_NULL, deflateInit updates them to use default
+   allocation functions.
+
+     The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
+   1 gives best speed, 9 gives best compression, 0 gives no compression at all
+   (the input data is simply copied a block at a time).  Z_DEFAULT_COMPRESSION
+   requests a default compromise between speed and compression (currently
+   equivalent to level 6).
+
+     deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_STREAM_ERROR if level is not a valid compression level, or
+   Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
+   with the version assumed by the caller (ZLIB_VERSION).  msg is set to null
+   if there is no error message.  deflateInit does not perform any compression:
+   this will be done by deflate().
+*/
+
+
+ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
+/*
+    deflate compresses as much data as possible, and stops when the input
+  buffer becomes empty or the output buffer becomes full.  It may introduce
+  some output latency (reading input without producing any output) except when
+  forced to flush.
+
+    The detailed semantics are as follows.  deflate performs one or both of the
+  following actions:
+
+  - Compress more input starting at next_in and update next_in and avail_in
+    accordingly.  If not all input can be processed (because there is not
+    enough room in the output buffer), next_in and avail_in are updated and
+    processing will resume at this point for the next call of deflate().
+
+  - Provide more output starting at next_out and update next_out and avail_out
+    accordingly.  This action is forced if the parameter flush is non zero.
+    Forcing flush frequently degrades the compression ratio, so this parameter
+    should be set only when necessary (in interactive applications).  Some
+    output may be provided even if flush is not set.
+
+    Before the call of deflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming more
+  output, and updating avail_in or avail_out accordingly; avail_out should
+  never be zero before the call.  The application can consume the compressed
+  output when it wants, for example when the output buffer is full (avail_out
+  == 0), or after each call of deflate().  If deflate returns Z_OK and with
+  zero avail_out, it must be called again after making room in the output
+  buffer because there might be more output pending.
+
+    Normally the parameter flush is set to Z_NO_FLUSH, which allows deflate to
+  decide how much data to accumulate before producing output, in order to
+  maximize compression.
+
+    If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
+  flushed to the output buffer and the output is aligned on a byte boundary, so
+  that the decompressor can get all input data available so far.  (In
+  particular avail_in is zero after the call if enough output space has been
+  provided before the call.) Flushing may degrade compression for some
+  compression algorithms and so it should be used only when necessary.  This
+  completes the current deflate block and follows it with an empty stored block
+  that is three bits plus filler bits to the next byte, followed by four bytes
+  (00 00 ff ff).
+
+    If flush is set to Z_PARTIAL_FLUSH, all pending output is flushed to the
+  output buffer, but the output is not aligned to a byte boundary.  All of the
+  input data so far will be available to the decompressor, as for Z_SYNC_FLUSH.
+  This completes the current deflate block and follows it with an empty fixed
+  codes block that is 10 bits long.  This assures that enough bytes are output
+  in order for the decompressor to finish the block before the empty fixed code
+  block.
+
+    If flush is set to Z_BLOCK, a deflate block is completed and emitted, as
+  for Z_SYNC_FLUSH, but the output is not aligned on a byte boundary, and up to
+  seven bits of the current block are held to be written as the next byte after
+  the next deflate block is completed.  In this case, the decompressor may not
+  be provided enough bits at this point in order to complete decompression of
+  the data provided so far to the compressor.  It may need to wait for the next
+  block to be emitted.  This is for advanced applications that need to control
+  the emission of deflate blocks.
+
+    If flush is set to Z_FULL_FLUSH, all output is flushed as with
+  Z_SYNC_FLUSH, and the compression state is reset so that decompression can
+  restart from this point if previous compressed data has been damaged or if
+  random access is desired.  Using Z_FULL_FLUSH too often can seriously degrade
+  compression.
+
+    If deflate returns with avail_out == 0, this function must be called again
+  with the same value of the flush parameter and more output space (updated
+  avail_out), until the flush is complete (deflate returns with non-zero
+  avail_out).  In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that
+  avail_out is greater than six to avoid repeated flush markers due to
+  avail_out == 0 on return.
+
+    If the parameter flush is set to Z_FINISH, pending input is processed,
+  pending output is flushed and deflate returns with Z_STREAM_END if there was
+  enough output space; if deflate returns with Z_OK, this function must be
+  called again with Z_FINISH and more output space (updated avail_out) but no
+  more input data, until it returns with Z_STREAM_END or an error.  After
+  deflate has returned Z_STREAM_END, the only possible operations on the stream
+  are deflateReset or deflateEnd.
+
+    Z_FINISH can be used immediately after deflateInit if all the compression
+  is to be done in a single step.  In this case, avail_out must be at least the
+  value returned by deflateBound (see below).  If deflate does not return
+  Z_STREAM_END, then it must be called again as described above.
+
+    deflate() sets strm->adler to the adler32 checksum of all input read
+  so far (that is, total_in bytes).
+
+    deflate() may update strm->data_type if it can make a good guess about
+  the input data type (Z_BINARY or Z_TEXT).  In doubt, the data is considered
+  binary.  This field is only for information purposes and does not affect the
+  compression algorithm in any manner.
+
+    deflate() returns Z_OK if some progress has been made (more input
+  processed or more output produced), Z_STREAM_END if all input has been
+  consumed and all output has been produced (only when flush is set to
+  Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
+  if next_in or next_out was Z_NULL), Z_BUF_ERROR if no progress is possible
+  (for example avail_in or avail_out was zero).  Note that Z_BUF_ERROR is not
+  fatal, and deflate() can be called again with more input and more output
+  space to continue compressing.
+*/
+
+
+ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any pending
+   output.
+
+     deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
+   stream state was inconsistent, Z_DATA_ERROR if the stream was freed
+   prematurely (some input or output was discarded).  In the error case, msg
+   may be set but then points to a static string (which must not be
+   deallocated).
+*/
+
+
+/*
+ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
+
+     Initializes the internal stream state for decompression.  The fields
+   next_in, avail_in, zalloc, zfree and opaque must be initialized before by
+   the caller.  If next_in is not Z_NULL and avail_in is large enough (the
+   exact value depends on the compression method), inflateInit determines the
+   compression method from the zlib header and allocates all data structures
+   accordingly; otherwise the allocation will be deferred to the first call of
+   inflate.  If zalloc and zfree are set to Z_NULL, inflateInit updates them to
+   use default allocation functions.
+
+     inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
+   version assumed by the caller, or Z_STREAM_ERROR if the parameters are
+   invalid, such as a null pointer to the structure.  msg is set to null if
+   there is no error message.  inflateInit does not perform any decompression
+   apart from possibly reading the zlib header if present: actual decompression
+   will be done by inflate().  (So next_in and avail_in may be modified, but
+   next_out and avail_out are unused and unchanged.) The current implementation
+   of inflateInit() does not process any header information -- that is deferred
+   until inflate() is called.
+*/
+
+
+ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
+/*
+    inflate decompresses as much data as possible, and stops when the input
+  buffer becomes empty or the output buffer becomes full.  It may introduce
+  some output latency (reading input without producing any output) except when
+  forced to flush.
+
+  The detailed semantics are as follows.  inflate performs one or both of the
+  following actions:
+
+  - Decompress more input starting at next_in and update next_in and avail_in
+    accordingly.  If not all input can be processed (because there is not
+    enough room in the output buffer), next_in is updated and processing will
+    resume at this point for the next call of inflate().
+
+  - Provide more output starting at next_out and update next_out and avail_out
+    accordingly.  inflate() provides as much output as possible, until there is
+    no more input data or no more space in the output buffer (see below about
+    the flush parameter).
+
+    Before the call of inflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming more
+  output, and updating the next_* and avail_* values accordingly.  The
+  application can consume the uncompressed output when it wants, for example
+  when the output buffer is full (avail_out == 0), or after each call of
+  inflate().  If inflate returns Z_OK and with zero avail_out, it must be
+  called again after making room in the output buffer because there might be
+  more output pending.
+
+    The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, Z_FINISH,
+  Z_BLOCK, or Z_TREES.  Z_SYNC_FLUSH requests that inflate() flush as much
+  output as possible to the output buffer.  Z_BLOCK requests that inflate()
+  stop if and when it gets to the next deflate block boundary.  When decoding
+  the zlib or gzip format, this will cause inflate() to return immediately
+  after the header and before the first block.  When doing a raw inflate,
+  inflate() will go ahead and process the first block, and will return when it
+  gets to the end of that block, or when it runs out of data.
+
+    The Z_BLOCK option assists in appending to or combining deflate streams.
+  Also to assist in this, on return inflate() will set strm->data_type to the
+  number of unused bits in the last byte taken from strm->next_in, plus 64 if
+  inflate() is currently decoding the last block in the deflate stream, plus
+  128 if inflate() returned immediately after decoding an end-of-block code or
+  decoding the complete header up to just before the first byte of the deflate
+  stream.  The end-of-block will not be indicated until all of the uncompressed
+  data from that block has been written to strm->next_out.  The number of
+  unused bits may in general be greater than seven, except when bit 7 of
+  data_type is set, in which case the number of unused bits will be less than
+  eight.  data_type is set as noted here every time inflate() returns for all
+  flush options, and so can be used to determine the amount of currently
+  consumed input in bits.
+
+    The Z_TREES option behaves as Z_BLOCK does, but it also returns when the
+  end of each deflate block header is reached, before any actual data in that
+  block is decoded.  This allows the caller to determine the length of the
+  deflate block header for later use in random access within a deflate block.
+  256 is added to the value of strm->data_type when inflate() returns
+  immediately after reaching the end of the deflate block header.
+
+    inflate() should normally be called until it returns Z_STREAM_END or an
+  error.  However if all decompression is to be performed in a single step (a
+  single call of inflate), the parameter flush should be set to Z_FINISH.  In
+  this case all pending input is processed and all pending output is flushed;
+  avail_out must be large enough to hold all the uncompressed data.  (The size
+  of the uncompressed data may have been saved by the compressor for this
+  purpose.) The next operation on this stream must be inflateEnd to deallocate
+  the decompression state.  The use of Z_FINISH is never required, but can be
+  used to inform inflate that a faster approach may be used for the single
+  inflate() call.
+
+     In this implementation, inflate() always flushes as much output as
+  possible to the output buffer, and always uses the faster approach on the
+  first call.  So the only effect of the flush parameter in this implementation
+  is on the return value of inflate(), as noted below, or when it returns early
+  because Z_BLOCK or Z_TREES is used.
+
+     If a preset dictionary is needed after this call (see inflateSetDictionary
+  below), inflate sets strm->adler to the adler32 checksum of the dictionary
+  chosen by the compressor and returns Z_NEED_DICT; otherwise it sets
+  strm->adler to the adler32 checksum of all output produced so far (that is,
+  total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described
+  below.  At the end of the stream, inflate() checks that its computed adler32
+  checksum is equal to that saved by the compressor and returns Z_STREAM_END
+  only if the checksum is correct.
+
+    inflate() can decompress and check either zlib-wrapped or gzip-wrapped
+  deflate data.  The header type is detected automatically, if requested when
+  initializing with inflateInit2().  Any information contained in the gzip
+  header is not retained, so applications that need that information should
+  instead use raw inflate, see inflateInit2() below, or inflateBack() and
+  perform their own processing of the gzip header and trailer.
+
+    inflate() returns Z_OK if some progress has been made (more input processed
+  or more output produced), Z_STREAM_END if the end of the compressed data has
+  been reached and all uncompressed output has been produced, Z_NEED_DICT if a
+  preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
+  corrupted (input stream not conforming to the zlib format or incorrect check
+  value), Z_STREAM_ERROR if the stream structure was inconsistent (for example
+  next_in or next_out was Z_NULL), Z_MEM_ERROR if there was not enough memory,
+  Z_BUF_ERROR if no progress is possible or if there was not enough room in the
+  output buffer when Z_FINISH is used.  Note that Z_BUF_ERROR is not fatal, and
+  inflate() can be called again with more input and more output space to
+  continue decompressing.  If Z_DATA_ERROR is returned, the application may
+  then call inflateSync() to look for a good compression block if a partial
+  recovery of the data is desired.
+*/
+
+
+ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any pending
+   output.
+
+     inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
+   was inconsistent.  In the error case, msg may be set but then points to a
+   static string (which must not be deallocated).
+*/
+
+
+                        /* Advanced functions */
+
+/*
+    The following functions are needed only in some special applications.
+*/
+
+/*
+ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
+                                     int  level,
+                                     int  method,
+                                     int  windowBits,
+                                     int  memLevel,
+                                     int  strategy));
+
+     This is another version of deflateInit with more compression options.  The
+   fields next_in, zalloc, zfree and opaque must be initialized before by the
+   caller.
+
+     The method parameter is the compression method.  It must be Z_DEFLATED in
+   this version of the library.
+
+     The windowBits parameter is the base two logarithm of the window size
+   (the size of the history buffer).  It should be in the range 8..15 for this
+   version of the library.  Larger values of this parameter result in better
+   compression at the expense of memory usage.  The default value is 15 if
+   deflateInit is used instead.
+
+     windowBits can also be -8..-15 for raw deflate.  In this case, -windowBits
+   determines the window size.  deflate() will then generate raw deflate data
+   with no zlib header or trailer, and will not compute an adler32 check value.
+
+     windowBits can also be greater than 15 for optional gzip encoding.  Add
+   16 to windowBits to write a simple gzip header and trailer around the
+   compressed data instead of a zlib wrapper.  The gzip header will have no
+   file name, no extra data, no comment, no modification time (set to zero), no
+   header crc, and the operating system will be set to 255 (unknown).  If a
+   gzip stream is being written, strm->adler is a crc32 instead of an adler32.
+
+     The memLevel parameter specifies how much memory should be allocated
+   for the internal compression state.  memLevel=1 uses minimum memory but is
+   slow and reduces compression ratio; memLevel=9 uses maximum memory for
+   optimal speed.  The default value is 8.  See zconf.h for total memory usage
+   as a function of windowBits and memLevel.
+
+     The strategy parameter is used to tune the compression algorithm.  Use the
+   value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
+   filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no
+   string match), or Z_RLE to limit match distances to one (run-length
+   encoding).  Filtered data consists mostly of small values with a somewhat
+   random distribution.  In this case, the compression algorithm is tuned to
+   compress them better.  The effect of Z_FILTERED is to force more Huffman
+   coding and less string matching; it is somewhat intermediate between
+   Z_DEFAULT_STRATEGY and Z_HUFFMAN_ONLY.  Z_RLE is designed to be almost as
+   fast as Z_HUFFMAN_ONLY, but give better compression for PNG image data.  The
+   strategy parameter only affects the compression ratio but not the
+   correctness of the compressed output even if it is not set appropriately.
+   Z_FIXED prevents the use of dynamic Huffman codes, allowing for a simpler
+   decoder for special applications.
+
+     deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_STREAM_ERROR if any parameter is invalid (such as an invalid
+   method), or Z_VERSION_ERROR if the zlib library version (zlib_version) is
+   incompatible with the version assumed by the caller (ZLIB_VERSION).  msg is
+   set to null if there is no error message.  deflateInit2 does not perform any
+   compression: this will be done by deflate().
+*/
+
+ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
+                                             const Bytef *dictionary,
+                                             uInt  dictLength));
+/*
+     Initializes the compression dictionary from the given byte sequence
+   without producing any compressed output.  This function must be called
+   immediately after deflateInit, deflateInit2 or deflateReset, before any call
+   of deflate.  The compressor and decompressor must use exactly the same
+   dictionary (see inflateSetDictionary).
+
+     The dictionary should consist of strings (byte sequences) that are likely
+   to be encountered later in the data to be compressed, with the most commonly
+   used strings preferably put towards the end of the dictionary.  Using a
+   dictionary is most useful when the data to be compressed is short and can be
+   predicted with good accuracy; the data can then be compressed better than
+   with the default empty dictionary.
+
+     Depending on the size of the compression data structures selected by
+   deflateInit or deflateInit2, a part of the dictionary may in effect be
+   discarded, for example if the dictionary is larger than the window size
+   provided in deflateInit or deflateInit2.  Thus the strings most likely to be
+   useful should be put at the end of the dictionary, not at the front.  In
+   addition, the current implementation of deflate will use at most the window
+   size minus 262 bytes of the provided dictionary.
+
+     Upon return of this function, strm->adler is set to the adler32 value
+   of the dictionary; the decompressor may later use this value to determine
+   which dictionary has been used by the compressor.  (The adler32 value
+   applies to the whole dictionary even if only a subset of the dictionary is
+   actually used by the compressor.) If a raw deflate was requested, then the
+   adler32 value is not computed and strm->adler is not set.
+
+     deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
+   parameter is invalid (e.g.  dictionary being Z_NULL) or the stream state is
+   inconsistent (for example if deflate has already been called for this stream
+   or if the compression method is bsort).  deflateSetDictionary does not
+   perform any compression: this will be done by deflate().
+*/
+
+ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
+                                    z_streamp source));
+/*
+     Sets the destination stream as a complete copy of the source stream.
+
+     This function can be useful when several compression strategies will be
+   tried, for example when there are several ways of pre-processing the input
+   data with a filter.  The streams that will be discarded should then be freed
+   by calling deflateEnd.  Note that deflateCopy duplicates the internal
+   compression state which can be quite large, so this strategy is slow and can
+   consume lots of memory.
+
+     deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
+   (such as zalloc being Z_NULL).  msg is left unchanged in both source and
+   destination.
+*/
+
+ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
+/*
+     This function is equivalent to deflateEnd followed by deflateInit,
+   but does not free and reallocate all the internal compression state.  The
+   stream will keep the same compression level and any other attributes that
+   may have been set by deflateInit2.
+
+     deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL).
+*/
+
+ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
+                                      int level,
+                                      int strategy));
+/*
+     Dynamically update the compression level and compression strategy.  The
+   interpretation of level and strategy is as in deflateInit2.  This can be
+   used to switch between compression and straight copy of the input data, or
+   to switch to a different kind of input data requiring a different strategy.
+   If the compression level is changed, the input available so far is
+   compressed with the old level (and may be flushed); the new level will take
+   effect only at the next call of deflate().
+
+     Before the call of deflateParams, the stream state must be set as for
+   a call of deflate(), since the currently available input may have to be
+   compressed and flushed.  In particular, strm->avail_out must be non-zero.
+
+     deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
+   stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR if
+   strm->avail_out was zero.
+*/
+
+ZEXTERN int ZEXPORT deflateTune OF((z_streamp strm,
+                                    int good_length,
+                                    int max_lazy,
+                                    int nice_length,
+                                    int max_chain));
+/*
+     Fine tune deflate's internal compression parameters.  This should only be
+   used by someone who understands the algorithm used by zlib's deflate for
+   searching for the best matching string, and even then only by the most
+   fanatic optimizer trying to squeeze out the last compressed bit for their
+   specific input data.  Read the deflate.c source code for the meaning of the
+   max_lazy, good_length, nice_length, and max_chain parameters.
+
+     deflateTune() can be called after deflateInit() or deflateInit2(), and
+   returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream.
+ */
+
+ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm,
+                                       uLong sourceLen));
+/*
+     deflateBound() returns an upper bound on the compressed size after
+   deflation of sourceLen bytes.  It must be called after deflateInit() or
+   deflateInit2(), and after deflateSetHeader(), if used.  This would be used
+   to allocate an output buffer for deflation in a single pass, and so would be
+   called before deflate().
+*/
+
+ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm,
+                                     int bits,
+                                     int value));
+/*
+     deflatePrime() inserts bits in the deflate output stream.  The intent
+   is that this function is used to start off the deflate output with the bits
+   leftover from a previous deflate stream when appending to it.  As such, this
+   function can only be used for raw deflate, and must be used before the first
+   deflate() call after a deflateInit2() or deflateReset().  bits must be less
+   than or equal to 16, and that many of the least significant bits of value
+   will be inserted in the output.
+
+     deflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+ZEXTERN int ZEXPORT deflateSetHeader OF((z_streamp strm,
+                                         gz_headerp head));
+/*
+     deflateSetHeader() provides gzip header information for when a gzip
+   stream is requested by deflateInit2().  deflateSetHeader() may be called
+   after deflateInit2() or deflateReset() and before the first call of
+   deflate().  The text, time, os, extra field, name, and comment information
+   in the provided gz_header structure are written to the gzip header (xflag is
+   ignored -- the extra flags are set according to the compression level).  The
+   caller must assure that, if not Z_NULL, name and comment are terminated with
+   a zero byte, and that if extra is not Z_NULL, that extra_len bytes are
+   available there.  If hcrc is true, a gzip header crc is included.  Note that
+   the current versions of the command-line version of gzip (up through version
+   1.3.x) do not support header crc's, and will report that it is a "multi-part
+   gzip file" and give up.
+
+     If deflateSetHeader is not used, the default gzip header has text false,
+   the time set to zero, and os set to 255, with no extra, name, or comment
+   fields.  The gzip header is returned to the default state by deflateReset().
+
+     deflateSetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+/*
+ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
+                                     int  windowBits));
+
+     This is another version of inflateInit with an extra parameter.  The
+   fields next_in, avail_in, zalloc, zfree and opaque must be initialized
+   before by the caller.
+
+     The windowBits parameter is the base two logarithm of the maximum window
+   size (the size of the history buffer).  It should be in the range 8..15 for
+   this version of the library.  The default value is 15 if inflateInit is used
+   instead.  windowBits must be greater than or equal to the windowBits value
+   provided to deflateInit2() while compressing, or it must be equal to 15 if
+   deflateInit2() was not used.  If a compressed stream with a larger window
+   size is given as input, inflate() will return with the error code
+   Z_DATA_ERROR instead of trying to allocate a larger window.
+
+     windowBits can also be zero to request that inflate use the window size in
+   the zlib header of the compressed stream.
+
+     windowBits can also be -8..-15 for raw inflate.  In this case, -windowBits
+   determines the window size.  inflate() will then process raw deflate data,
+   not looking for a zlib or gzip header, not generating a check value, and not
+   looking for any check values for comparison at the end of the stream.  This
+   is for use with other formats that use the deflate compressed data format
+   such as zip.  Those formats provide their own check values.  If a custom
+   format is developed using the raw deflate format for compressed data, it is
+   recommended that a check value such as an adler32 or a crc32 be applied to
+   the uncompressed data as is done in the zlib, gzip, and zip formats.  For
+   most applications, the zlib format should be used as is.  Note that comments
+   above on the use in deflateInit2() applies to the magnitude of windowBits.
+
+     windowBits can also be greater than 15 for optional gzip decoding.  Add
+   32 to windowBits to enable zlib and gzip decoding with automatic header
+   detection, or add 16 to decode only the gzip format (the zlib format will
+   return a Z_DATA_ERROR).  If a gzip stream is being decoded, strm->adler is a
+   crc32 instead of an adler32.
+
+     inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
+   version assumed by the caller, or Z_STREAM_ERROR if the parameters are
+   invalid, such as a null pointer to the structure.  msg is set to null if
+   there is no error message.  inflateInit2 does not perform any decompression
+   apart from possibly reading the zlib header if present: actual decompression
+   will be done by inflate().  (So next_in and avail_in may be modified, but
+   next_out and avail_out are unused and unchanged.) The current implementation
+   of inflateInit2() does not process any header information -- that is
+   deferred until inflate() is called.
+*/
+
+ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
+                                             const Bytef *dictionary,
+                                             uInt  dictLength));
+/*
+     Initializes the decompression dictionary from the given uncompressed byte
+   sequence.  This function must be called immediately after a call of inflate,
+   if that call returned Z_NEED_DICT.  The dictionary chosen by the compressor
+   can be determined from the adler32 value returned by that call of inflate.
+   The compressor and decompressor must use exactly the same dictionary (see
+   deflateSetDictionary).  For raw inflate, this function can be called
+   immediately after inflateInit2() or inflateReset() and before any call of
+   inflate() to set the dictionary.  The application must insure that the
+   dictionary that was used for compression is provided.
+
+     inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
+   parameter is invalid (e.g.  dictionary being Z_NULL) or the stream state is
+   inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
+   expected one (incorrect adler32 value).  inflateSetDictionary does not
+   perform any decompression: this will be done by subsequent calls of
+   inflate().
+*/
+
+ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
+/*
+     Skips invalid compressed data until a full flush point (see above the
+   description of deflate with Z_FULL_FLUSH) can be found, or until all
+   available input is skipped.  No output is provided.
+
+     inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR
+   if no more input was provided, Z_DATA_ERROR if no flush point has been
+   found, or Z_STREAM_ERROR if the stream structure was inconsistent.  In the
+   success case, the application may save the current current value of total_in
+   which indicates where valid compressed data was found.  In the error case,
+   the application may repeatedly call inflateSync, providing more input each
+   time, until success or end of the input data.
+*/
+
+ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest,
+                                    z_streamp source));
+/*
+     Sets the destination stream as a complete copy of the source stream.
+
+     This function can be useful when randomly accessing a large stream.  The
+   first pass through the stream can periodically record the inflate state,
+   allowing restarting inflate at those points when randomly accessing the
+   stream.
+
+     inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
+   (such as zalloc being Z_NULL).  msg is left unchanged in both source and
+   destination.
+*/
+
+ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
+/*
+     This function is equivalent to inflateEnd followed by inflateInit,
+   but does not free and reallocate all the internal decompression state.  The
+   stream will keep attributes that may have been set by inflateInit2.
+
+     inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL).
+*/
+
+ZEXTERN int ZEXPORT inflateReset2 OF((z_streamp strm,
+                                      int windowBits));
+/*
+     This function is the same as inflateReset, but it also permits changing
+   the wrap and window size requests.  The windowBits parameter is interpreted
+   the same as it is for inflateInit2.
+
+     inflateReset2 returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL), or if
+   the windowBits parameter is invalid.
+*/
+
+ZEXTERN int ZEXPORT inflatePrime OF((z_streamp strm,
+                                     int bits,
+                                     int value));
+/*
+     This function inserts bits in the inflate input stream.  The intent is
+   that this function is used to start inflating at a bit position in the
+   middle of a byte.  The provided bits will be used before any bytes are used
+   from next_in.  This function should only be used with raw inflate, and
+   should be used before the first inflate() call after inflateInit2() or
+   inflateReset().  bits must be less than or equal to 16, and that many of the
+   least significant bits of value will be inserted in the input.
+
+     If bits is negative, then the input stream bit buffer is emptied.  Then
+   inflatePrime() can be called again to put bits in the buffer.  This is used
+   to clear out bits leftover after feeding inflate a block description prior
+   to feeding inflate codes.
+
+     inflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+ZEXTERN long ZEXPORT inflateMark OF((z_streamp strm));
+/*
+     This function returns two values, one in the lower 16 bits of the return
+   value, and the other in the remaining upper bits, obtained by shifting the
+   return value down 16 bits.  If the upper value is -1 and the lower value is
+   zero, then inflate() is currently decoding information outside of a block.
+   If the upper value is -1 and the lower value is non-zero, then inflate is in
+   the middle of a stored block, with the lower value equaling the number of
+   bytes from the input remaining to copy.  If the upper value is not -1, then
+   it is the number of bits back from the current bit position in the input of
+   the code (literal or length/distance pair) currently being processed.  In
+   that case the lower value is the number of bytes already emitted for that
+   code.
+
+     A code is being processed if inflate is waiting for more input to complete
+   decoding of the code, or if it has completed decoding but is waiting for
+   more output space to write the literal or match data.
+
+     inflateMark() is used to mark locations in the input data for random
+   access, which may be at bit positions, and to note those cases where the
+   output of a code may span boundaries of random access blocks.  The current
+   location in the input stream can be determined from avail_in and data_type
+   as noted in the description for the Z_BLOCK flush parameter for inflate.
+
+     inflateMark returns the value noted above or -1 << 16 if the provided
+   source stream state was inconsistent.
+*/
+
+ZEXTERN int ZEXPORT inflateGetHeader OF((z_streamp strm,
+                                         gz_headerp head));
+/*
+     inflateGetHeader() requests that gzip header information be stored in the
+   provided gz_header structure.  inflateGetHeader() may be called after
+   inflateInit2() or inflateReset(), and before the first call of inflate().
+   As inflate() processes the gzip stream, head->done is zero until the header
+   is completed, at which time head->done is set to one.  If a zlib stream is
+   being decoded, then head->done is set to -1 to indicate that there will be
+   no gzip header information forthcoming.  Note that Z_BLOCK or Z_TREES can be
+   used to force inflate() to return immediately after header processing is
+   complete and before any actual data is decompressed.
+
+     The text, time, xflags, and os fields are filled in with the gzip header
+   contents.  hcrc is set to true if there is a header CRC.  (The header CRC
+   was valid if done is set to one.) If extra is not Z_NULL, then extra_max
+   contains the maximum number of bytes to write to extra.  Once done is true,
+   extra_len contains the actual extra field length, and extra contains the
+   extra field, or that field truncated if extra_max is less than extra_len.
+   If name is not Z_NULL, then up to name_max characters are written there,
+   terminated with a zero unless the length is greater than name_max.  If
+   comment is not Z_NULL, then up to comm_max characters are written there,
+   terminated with a zero unless the length is greater than comm_max.  When any
+   of extra, name, or comment are not Z_NULL and the respective field is not
+   present in the header, then that field is set to Z_NULL to signal its
+   absence.  This allows the use of deflateSetHeader() with the returned
+   structure to duplicate the header.  However if those fields are set to
+   allocated memory, then the application will need to save those pointers
+   elsewhere so that they can be eventually freed.
+
+     If inflateGetHeader is not used, then the header information is simply
+   discarded.  The header is always checked for validity, including the header
+   CRC if present.  inflateReset() will reset the process to discard the header
+   information.  The application would need to call inflateGetHeader() again to
+   retrieve the header from the next gzip stream.
+
+     inflateGetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+/*
+ZEXTERN int ZEXPORT inflateBackInit OF((z_streamp strm, int windowBits,
+                                        unsigned char FAR *window));
+
+     Initialize the internal stream state for decompression using inflateBack()
+   calls.  The fields zalloc, zfree and opaque in strm must be initialized
+   before the call.  If zalloc and zfree are Z_NULL, then the default library-
+   derived memory allocation routines are used.  windowBits is the base two
+   logarithm of the window size, in the range 8..15.  window is a caller
+   supplied buffer of that size.  Except for special applications where it is
+   assured that deflate was used with small window sizes, windowBits must be 15
+   and a 32K byte window must be supplied to be able to decompress general
+   deflate streams.
+
+     See inflateBack() for the usage of these routines.
+
+     inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of
+   the paramaters are invalid, Z_MEM_ERROR if the internal state could not be
+   allocated, or Z_VERSION_ERROR if the version of the library does not match
+   the version of the header file.
+*/
+
+typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *));
+typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned));
+
+ZEXTERN int ZEXPORT inflateBack OF((z_streamp strm,
+                                    in_func in, void FAR *in_desc,
+                                    out_func out, void FAR *out_desc));
+/*
+     inflateBack() does a raw inflate with a single call using a call-back
+   interface for input and output.  This is more efficient than inflate() for
+   file i/o applications in that it avoids copying between the output and the
+   sliding window by simply making the window itself the output buffer.  This
+   function trusts the application to not change the output buffer passed by
+   the output function, at least until inflateBack() returns.
+
+     inflateBackInit() must be called first to allocate the internal state
+   and to initialize the state with the user-provided window buffer.
+   inflateBack() may then be used multiple times to inflate a complete, raw
+   deflate stream with each call.  inflateBackEnd() is then called to free the
+   allocated state.
+
+     A raw deflate stream is one with no zlib or gzip header or trailer.
+   This routine would normally be used in a utility that reads zip or gzip
+   files and writes out uncompressed files.  The utility would decode the
+   header and process the trailer on its own, hence this routine expects only
+   the raw deflate stream to decompress.  This is different from the normal
+   behavior of inflate(), which expects either a zlib or gzip header and
+   trailer around the deflate stream.
+
+     inflateBack() uses two subroutines supplied by the caller that are then
+   called by inflateBack() for input and output.  inflateBack() calls those
+   routines until it reads a complete deflate stream and writes out all of the
+   uncompressed data, or until it encounters an error.  The function's
+   parameters and return types are defined above in the in_func and out_func
+   typedefs.  inflateBack() will call in(in_desc, &buf) which should return the
+   number of bytes of provided input, and a pointer to that input in buf.  If
+   there is no input available, in() must return zero--buf is ignored in that
+   case--and inflateBack() will return a buffer error.  inflateBack() will call
+   out(out_desc, buf, len) to write the uncompressed data buf[0..len-1].  out()
+   should return zero on success, or non-zero on failure.  If out() returns
+   non-zero, inflateBack() will return with an error.  Neither in() nor out()
+   are permitted to change the contents of the window provided to
+   inflateBackInit(), which is also the buffer that out() uses to write from.
+   The length written by out() will be at most the window size.  Any non-zero
+   amount of input may be provided by in().
+
+     For convenience, inflateBack() can be provided input on the first call by
+   setting strm->next_in and strm->avail_in.  If that input is exhausted, then
+   in() will be called.  Therefore strm->next_in must be initialized before
+   calling inflateBack().  If strm->next_in is Z_NULL, then in() will be called
+   immediately for input.  If strm->next_in is not Z_NULL, then strm->avail_in
+   must also be initialized, and then if strm->avail_in is not zero, input will
+   initially be taken from strm->next_in[0 ..  strm->avail_in - 1].
+
+     The in_desc and out_desc parameters of inflateBack() is passed as the
+   first parameter of in() and out() respectively when they are called.  These
+   descriptors can be optionally used to pass any information that the caller-
+   supplied in() and out() functions need to do their job.
+
+     On return, inflateBack() will set strm->next_in and strm->avail_in to
+   pass back any unused input that was provided by the last in() call.  The
+   return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR
+   if in() or out() returned an error, Z_DATA_ERROR if there was a format error
+   in the deflate stream (in which case strm->msg is set to indicate the nature
+   of the error), or Z_STREAM_ERROR if the stream was not properly initialized.
+   In the case of Z_BUF_ERROR, an input or output error can be distinguished
+   using strm->next_in which will be Z_NULL only if in() returned an error.  If
+   strm->next_in is not Z_NULL, then the Z_BUF_ERROR was due to out() returning
+   non-zero.  (in() will always be called before out(), so strm->next_in is
+   assured to be defined if out() returns non-zero.) Note that inflateBack()
+   cannot return Z_OK.
+*/
+
+ZEXTERN int ZEXPORT inflateBackEnd OF((z_streamp strm));
+/*
+     All memory allocated by inflateBackInit() is freed.
+
+     inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream
+   state was inconsistent.
+*/
+
+ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void));
+/* Return flags indicating compile-time options.
+
+    Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other:
+     1.0: size of uInt
+     3.2: size of uLong
+     5.4: size of voidpf (pointer)
+     7.6: size of z_off_t
+
+    Compiler, assembler, and debug options:
+     8: DEBUG
+     9: ASMV or ASMINF -- use ASM code
+     10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention
+     11: 0 (reserved)
+
+    One-time table building (smaller code, but not thread-safe if true):
+     12: BUILDFIXED -- build static block decoding tables when needed
+     13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed
+     14,15: 0 (reserved)
+
+    Library content (indicates missing functionality):
+     16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking
+                          deflate code when not needed)
+     17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect
+                    and decode gzip streams (to avoid linking crc code)
+     18-19: 0 (reserved)
+
+    Operation variations (changes in library functionality):
+     20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate
+     21: FASTEST -- deflate algorithm with only one, lowest compression level
+     22,23: 0 (reserved)
+
+    The sprintf variant used by gzprintf (zero is best):
+     24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format
+     25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure!
+     26: 0 = returns value, 1 = void -- 1 means inferred string length returned
+
+    Remainder:
+     27-31: 0 (reserved)
+ */
+
+
+                        /* utility functions */
+
+/*
+     The following utility functions are implemented on top of the basic
+   stream-oriented functions.  To simplify the interface, some default options
+   are assumed (compression level and memory usage, standard memory allocation
+   functions).  The source code of these utility functions can be modified if
+   you need special options.
+*/
+
+ZEXTERN int ZEXPORT compress OF((Bytef *dest,   uLongf *destLen,
+                                 const Bytef *source, uLong sourceLen));
+/*
+     Compresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer.  Upon entry, destLen is the total size
+   of the destination buffer, which must be at least the value returned by
+   compressBound(sourceLen).  Upon exit, destLen is the actual size of the
+   compressed buffer.
+
+     compress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer.
+*/
+
+ZEXTERN int ZEXPORT compress2 OF((Bytef *dest,   uLongf *destLen,
+                                  const Bytef *source, uLong sourceLen,
+                                  int level));
+/*
+     Compresses the source buffer into the destination buffer.  The level
+   parameter has the same meaning as in deflateInit.  sourceLen is the byte
+   length of the source buffer.  Upon entry, destLen is the total size of the
+   destination buffer, which must be at least the value returned by
+   compressBound(sourceLen).  Upon exit, destLen is the actual size of the
+   compressed buffer.
+
+     compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer,
+   Z_STREAM_ERROR if the level parameter is invalid.
+*/
+
+ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen));
+/*
+     compressBound() returns an upper bound on the compressed size after
+   compress() or compress2() on sourceLen bytes.  It would be used before a
+   compress() or compress2() call to allocate the destination buffer.
+*/
+
+ZEXTERN int ZEXPORT uncompress OF((Bytef *dest,   uLongf *destLen,
+                                   const Bytef *source, uLong sourceLen));
+/*
+     Decompresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer.  Upon entry, destLen is the total size
+   of the destination buffer, which must be large enough to hold the entire
+   uncompressed data.  (The size of the uncompressed data must have been saved
+   previously by the compressor and transmitted to the decompressor by some
+   mechanism outside the scope of this compression library.) Upon exit, destLen
+   is the actual size of the uncompressed buffer.
+
+     uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete.
+*/
+
+
+                        /* gzip file access functions */
+
+/*
+     This library supports reading and writing files in gzip (.gz) format with
+   an interface similar to that of stdio, using the functions that start with
+   "gz".  The gzip format is different from the zlib format.  gzip is a gzip
+   wrapper, documented in RFC 1952, wrapped around a deflate stream.
+*/
+
+typedef voidp gzFile;       /* opaque gzip file descriptor */
+
+/*
+ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
+
+     Opens a gzip (.gz) file for reading or writing.  The mode parameter is as
+   in fopen ("rb" or "wb") but can also include a compression level ("wb9") or
+   a strategy: 'f' for filtered data as in "wb6f", 'h' for Huffman-only
+   compression as in "wb1h", 'R' for run-length encoding as in "wb1R", or 'F'
+   for fixed code compression as in "wb9F".  (See the description of
+   deflateInit2 for more information about the strategy parameter.) Also "a"
+   can be used instead of "w" to request that the gzip stream that will be
+   written be appended to the file.  "+" will result in an error, since reading
+   and writing to the same gzip file is not supported.
+
+     gzopen can be used to read a file which is not in gzip format; in this
+   case gzread will directly read from the file without decompression.
+
+     gzopen returns NULL if the file could not be opened, if there was
+   insufficient memory to allocate the gzFile state, or if an invalid mode was
+   specified (an 'r', 'w', or 'a' was not provided, or '+' was provided).
+   errno can be checked to determine if the reason gzopen failed was that the
+   file could not be opened.
+*/
+
+ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
+/*
+     gzdopen associates a gzFile with the file descriptor fd.  File descriptors
+   are obtained from calls like open, dup, creat, pipe or fileno (if the file
+   has been previously opened with fopen).  The mode parameter is as in gzopen.
+
+     The next call of gzclose on the returned gzFile will also close the file
+   descriptor fd, just like fclose(fdopen(fd, mode)) closes the file descriptor
+   fd.  If you want to keep fd open, use fd = dup(fd_keep); gz = gzdopen(fd,
+   mode);.  The duplicated descriptor should be saved to avoid a leak, since
+   gzdopen does not close fd if it fails.
+
+     gzdopen returns NULL if there was insufficient memory to allocate the
+   gzFile state, if an invalid mode was specified (an 'r', 'w', or 'a' was not
+   provided, or '+' was provided), or if fd is -1.  The file descriptor is not
+   used until the next gz* read, write, seek, or close operation, so gzdopen
+   will not detect if fd is invalid (unless fd is -1).
+*/
+
+ZEXTERN int ZEXPORT gzbuffer OF((gzFile file, unsigned size));
+/*
+     Set the internal buffer size used by this library's functions.  The
+   default buffer size is 8192 bytes.  This function must be called after
+   gzopen() or gzdopen(), and before any other calls that read or write the
+   file.  The buffer memory allocation is always deferred to the first read or
+   write.  Two buffers are allocated, either both of the specified size when
+   writing, or one of the specified size and the other twice that size when
+   reading.  A larger buffer size of, for example, 64K or 128K bytes will
+   noticeably increase the speed of decompression (reading).
+
+     The new buffer size also affects the maximum length for gzprintf().
+
+     gzbuffer() returns 0 on success, or -1 on failure, such as being called
+   too late.
+*/
+
+ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
+/*
+     Dynamically update the compression level or strategy.  See the description
+   of deflateInit2 for the meaning of these parameters.
+
+     gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not
+   opened for writing.
+*/
+
+ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
+/*
+     Reads the given number of uncompressed bytes from the compressed file.  If
+   the input file was not in gzip format, gzread copies the given number of
+   bytes into the buffer.
+
+     After reaching the end of a gzip stream in the input, gzread will continue
+   to read, looking for another gzip stream, or failing that, reading the rest
+   of the input file directly without decompression.  The entire input file
+   will be read if gzread is called until it returns less than the requested
+   len.
+
+     gzread returns the number of uncompressed bytes actually read, less than
+   len for end of file, or -1 for error.
+*/
+
+ZEXTERN int ZEXPORT gzwrite OF((gzFile file,
+                                voidpc buf, unsigned len));
+/*
+     Writes the given number of uncompressed bytes into the compressed file.
+   gzwrite returns the number of uncompressed bytes written or 0 in case of
+   error.
+*/
+
+ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...));
+/*
+     Converts, formats, and writes the arguments to the compressed file under
+   control of the format string, as in fprintf.  gzprintf returns the number of
+   uncompressed bytes actually written, or 0 in case of error.  The number of
+   uncompressed bytes written is limited to 8191, or one less than the buffer
+   size given to gzbuffer().  The caller should assure that this limit is not
+   exceeded.  If it is exceeded, then gzprintf() will return an error (0) with
+   nothing written.  In this case, there may also be a buffer overflow with
+   unpredictable consequences, which is possible only if zlib was compiled with
+   the insecure functions sprintf() or vsprintf() because the secure snprintf()
+   or vsnprintf() functions were not available.  This can be determined using
+   zlibCompileFlags().
+*/
+
+ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
+/*
+     Writes the given null-terminated string to the compressed file, excluding
+   the terminating null character.
+
+     gzputs returns the number of characters written, or -1 in case of error.
+*/
+
+ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
+/*
+     Reads bytes from the compressed file until len-1 characters are read, or a
+   newline character is read and transferred to buf, or an end-of-file
+   condition is encountered.  If any characters are read or if len == 1, the
+   string is terminated with a null character.  If no characters are read due
+   to an end-of-file or len < 1, then the buffer is left untouched.
+
+     gzgets returns buf which is a null-terminated string, or it returns NULL
+   for end-of-file or in case of error.  If there was an error, the contents at
+   buf are indeterminate.
+*/
+
+ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
+/*
+     Writes c, converted to an unsigned char, into the compressed file.  gzputc
+   returns the value that was written, or -1 in case of error.
+*/
+
+ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
+/*
+     Reads one byte from the compressed file.  gzgetc returns this byte or -1
+   in case of end of file or error.
+*/
+
+ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file));
+/*
+     Push one character back onto the stream to be read as the first character
+   on the next read.  At least one character of push-back is allowed.
+   gzungetc() returns the character pushed, or -1 on failure.  gzungetc() will
+   fail if c is -1, and may fail if a character has been pushed but not read
+   yet.  If gzungetc is used immediately after gzopen or gzdopen, at least the
+   output buffer size of pushed characters is allowed.  (See gzbuffer above.)
+   The pushed character will be discarded if the stream is repositioned with
+   gzseek() or gzrewind().
+*/
+
+ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
+/*
+     Flushes all pending output into the compressed file.  The parameter flush
+   is as in the deflate() function.  The return value is the zlib error number
+   (see function gzerror below).  gzflush is only permitted when writing.
+
+     If the flush parameter is Z_FINISH, the remaining data is written and the
+   gzip stream is completed in the output.  If gzwrite() is called again, a new
+   gzip stream will be started in the output.  gzread() is able to read such
+   concatented gzip streams.
+
+     gzflush should be called only when strictly necessary because it will
+   degrade compression if called too often.
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
+                                   z_off_t offset, int whence));
+
+     Sets the starting position for the next gzread or gzwrite on the given
+   compressed file.  The offset represents a number of bytes in the
+   uncompressed data stream.  The whence parameter is defined as in lseek(2);
+   the value SEEK_END is not supported.
+
+     If the file is opened for reading, this function is emulated but can be
+   extremely slow.  If the file is opened for writing, only forward seeks are
+   supported; gzseek then compresses a sequence of zeroes up to the new
+   starting position.
+
+     gzseek returns the resulting offset location as measured in bytes from
+   the beginning of the uncompressed stream, or -1 in case of error, in
+   particular if the file is opened for writing and the new starting position
+   would be before the current position.
+*/
+
+ZEXTERN int ZEXPORT    gzrewind OF((gzFile file));
+/*
+     Rewinds the given file. This function is supported only for reading.
+
+     gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET)
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT    gztell OF((gzFile file));
+
+     Returns the starting position for the next gzread or gzwrite on the given
+   compressed file.  This position represents a number of bytes in the
+   uncompressed data stream, and is zero when starting, even if appending or
+   reading a gzip stream from the middle of a file using gzdopen().
+
+     gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile file));
+
+     Returns the current offset in the file being read or written.  This offset
+   includes the count of bytes that precede the gzip stream, for example when
+   appending or when using gzdopen() for reading.  When reading, the offset
+   does not include as yet unused buffered input.  This information can be used
+   for a progress indicator.  On error, gzoffset() returns -1.
+*/
+
+ZEXTERN int ZEXPORT gzeof OF((gzFile file));
+/*
+     Returns true (1) if the end-of-file indicator has been set while reading,
+   false (0) otherwise.  Note that the end-of-file indicator is set only if the
+   read tried to go past the end of the input, but came up short.  Therefore,
+   just like feof(), gzeof() may return false even if there is no more data to
+   read, in the event that the last read request was for the exact number of
+   bytes remaining in the input file.  This will happen if the input file size
+   is an exact multiple of the buffer size.
+
+     If gzeof() returns true, then the read functions will return no more data,
+   unless the end-of-file indicator is reset by gzclearerr() and the input file
+   has grown since the previous end of file was detected.
+*/
+
+ZEXTERN int ZEXPORT gzdirect OF((gzFile file));
+/*
+     Returns true (1) if file is being copied directly while reading, or false
+   (0) if file is a gzip stream being decompressed.  This state can change from
+   false to true while reading the input file if the end of a gzip stream is
+   reached, but is followed by data that is not another gzip stream.
+
+     If the input file is empty, gzdirect() will return true, since the input
+   does not contain a gzip stream.
+
+     If gzdirect() is used immediately after gzopen() or gzdopen() it will
+   cause buffers to be allocated to allow reading the file to determine if it
+   is a gzip file.  Therefore if gzbuffer() is used, it should be called before
+   gzdirect().
+*/
+
+ZEXTERN int ZEXPORT    gzclose OF((gzFile file));
+/*
+     Flushes all pending output if necessary, closes the compressed file and
+   deallocates the (de)compression state.  Note that once file is closed, you
+   cannot call gzerror with file, since its structures have been deallocated.
+   gzclose must not be called more than once on the same file, just as free
+   must not be called more than once on the same allocation.
+
+     gzclose will return Z_STREAM_ERROR if file is not valid, Z_ERRNO on a
+   file operation error, or Z_OK on success.
+*/
+
+ZEXTERN int ZEXPORT gzclose_r OF((gzFile file));
+ZEXTERN int ZEXPORT gzclose_w OF((gzFile file));
+/*
+     Same as gzclose(), but gzclose_r() is only for use when reading, and
+   gzclose_w() is only for use when writing or appending.  The advantage to
+   using these instead of gzclose() is that they avoid linking in zlib
+   compression or decompression code that is not used when only reading or only
+   writing respectively.  If gzclose() is used, then both compression and
+   decompression code will be included the application when linking to a static
+   zlib library.
+*/
+
+ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
+/*
+     Returns the error message for the last error which occurred on the given
+   compressed file.  errnum is set to zlib error number.  If an error occurred
+   in the file system and not in the compression library, errnum is set to
+   Z_ERRNO and the application may consult errno to get the exact error code.
+
+     The application must not modify the returned string.  Future calls to
+   this function may invalidate the previously returned string.  If file is
+   closed, then the string previously returned by gzerror will no longer be
+   available.
+
+     gzerror() should be used to distinguish errors from end-of-file for those
+   functions above that do not distinguish those cases in their return values.
+*/
+
+ZEXTERN void ZEXPORT gzclearerr OF((gzFile file));
+/*
+     Clears the error and end-of-file flags for file.  This is analogous to the
+   clearerr() function in stdio.  This is useful for continuing to read a gzip
+   file that is being written concurrently.
+*/
+
+
+                        /* checksum functions */
+
+/*
+     These functions are not related to compression but are exported
+   anyway because they might be useful in applications using the compression
+   library.
+*/
+
+ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
+/*
+     Update a running Adler-32 checksum with the bytes buf[0..len-1] and
+   return the updated checksum.  If buf is Z_NULL, this function returns the
+   required initial value for the checksum.
+
+     An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
+   much faster.
+
+   Usage example:
+
+     uLong adler = adler32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       adler = adler32(adler, buffer, length);
+     }
+     if (adler != original_adler) error();
+*/
+
+/*
+ZEXTERN uLong ZEXPORT adler32_combine OF((uLong adler1, uLong adler2,
+                                          z_off_t len2));
+
+     Combine two Adler-32 checksums into one.  For two sequences of bytes, seq1
+   and seq2 with lengths len1 and len2, Adler-32 checksums were calculated for
+   each, adler1 and adler2.  adler32_combine() returns the Adler-32 checksum of
+   seq1 and seq2 concatenated, requiring only adler1, adler2, and len2.
+*/
+
+ZEXTERN uLong ZEXPORT crc32   OF((uLong crc, const Bytef *buf, uInt len));
+/*
+     Update a running CRC-32 with the bytes buf[0..len-1] and return the
+   updated CRC-32.  If buf is Z_NULL, this function returns the required
+   initial value for the for the crc.  Pre- and post-conditioning (one's
+   complement) is performed within this function so it shouldn't be done by the
+   application.
+
+   Usage example:
+
+     uLong crc = crc32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       crc = crc32(crc, buffer, length);
+     }
+     if (crc != original_crc) error();
+*/
+
+/*
+ZEXTERN uLong ZEXPORT crc32_combine OF((uLong crc1, uLong crc2, z_off_t len2));
+
+     Combine two CRC-32 check values into one.  For two sequences of bytes,
+   seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
+   calculated for each, crc1 and crc2.  crc32_combine() returns the CRC-32
+   check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and
+   len2.
+*/
+
+
+                        /* various hacks, don't look :) */
+
+/* deflateInit and inflateInit are macros to allow checking the zlib version
+ * and the compiler's view of z_stream:
+ */
+ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
+                                     const char *version, int stream_size));
+ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
+                                     const char *version, int stream_size));
+ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int  level, int  method,
+                                      int windowBits, int memLevel,
+                                      int strategy, const char *version,
+                                      int stream_size));
+ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int  windowBits,
+                                      const char *version, int stream_size));
+ZEXTERN int ZEXPORT inflateBackInit_ OF((z_streamp strm, int windowBits,
+                                         unsigned char FAR *window,
+                                         const char *version,
+                                         int stream_size));
+#define deflateInit(strm, level) \
+        deflateInit_((strm), (level),       ZLIB_VERSION, sizeof(z_stream))
+#define inflateInit(strm) \
+        inflateInit_((strm),                ZLIB_VERSION, sizeof(z_stream))
+#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
+        deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
+                      (strategy),           ZLIB_VERSION, sizeof(z_stream))
+#define inflateInit2(strm, windowBits) \
+        inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
+#define inflateBackInit(strm, windowBits, window) \
+        inflateBackInit_((strm), (windowBits), (window), \
+                                            ZLIB_VERSION, sizeof(z_stream))
+
+/* provide 64-bit offset functions if _LARGEFILE64_SOURCE defined, and/or
+ * change the regular functions to 64 bits if _FILE_OFFSET_BITS is 64 (if
+ * both are true, the application gets the *64 functions, and the regular
+ * functions are changed to 64 bits) -- in case these are set on systems
+ * without large file support, _LFS64_LARGEFILE must also be true
+ */
+#if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0
+   ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
+   ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int));
+   ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile));
+   ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile));
+   ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off64_t));
+   ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off64_t));
+#endif
+
+#if !defined(ZLIB_INTERNAL) && _FILE_OFFSET_BITS-0 == 64 && _LFS64_LARGEFILE-0
+#  define gzopen gzopen64
+#  define gzseek gzseek64
+#  define gztell gztell64
+#  define gzoffset gzoffset64
+#  define adler32_combine adler32_combine64
+#  define crc32_combine crc32_combine64
+#  ifdef _LARGEFILE64_SOURCE
+     ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
+     ZEXTERN z_off_t ZEXPORT gzseek64 OF((gzFile, z_off_t, int));
+     ZEXTERN z_off_t ZEXPORT gztell64 OF((gzFile));
+     ZEXTERN z_off_t ZEXPORT gzoffset64 OF((gzFile));
+     ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
+     ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
+#  endif
+#else
+   ZEXTERN gzFile ZEXPORT gzopen OF((const char *, const char *));
+   ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile, z_off_t, int));
+   ZEXTERN z_off_t ZEXPORT gztell OF((gzFile));
+   ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile));
+   ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t));
+   ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t));
+#endif
+
+/* hack for buggy compilers */
+#if !defined(ZUTIL_H) && !defined(NO_DUMMY_DECL)
+    struct internal_state {int dummy;};
+#endif
+
+/* undocumented functions */
+ZEXTERN const char   * ZEXPORT zError           OF((int));
+ZEXTERN int            ZEXPORT inflateSyncPoint OF((z_streamp));
+ZEXTERN const uLongf * ZEXPORT get_crc_table    OF((void));
+ZEXTERN int            ZEXPORT inflateUndermine OF((z_streamp, int));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ZLIB_H */
diff --git a/nss/lib/zlib/zutil.c b/nss/lib/zlib/zutil.c
new file mode 100644
index 0000000..898ed34
--- /dev/null
+++ b/nss/lib/zlib/zutil.c
@@ -0,0 +1,318 @@
+/* zutil.c -- target dependent utility functions for the compression library
+ * Copyright (C) 1995-2005, 2010 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zutil.h"
+
+#ifndef NO_DUMMY_DECL
+struct internal_state      {int dummy;}; /* for buggy compilers */
+#endif
+
+const char * const z_errmsg[10] = {
+"need dictionary",     /* Z_NEED_DICT       2  */
+"stream end",          /* Z_STREAM_END      1  */
+"",                    /* Z_OK              0  */
+"file error",          /* Z_ERRNO         (-1) */
+"stream error",        /* Z_STREAM_ERROR  (-2) */
+"data error",          /* Z_DATA_ERROR    (-3) */
+"insufficient memory", /* Z_MEM_ERROR     (-4) */
+"buffer error",        /* Z_BUF_ERROR     (-5) */
+"incompatible version",/* Z_VERSION_ERROR (-6) */
+""};
+
+
+const char * ZEXPORT zlibVersion()
+{
+    return ZLIB_VERSION;
+}
+
+uLong ZEXPORT zlibCompileFlags()
+{
+    uLong flags;
+
+    flags = 0;
+    switch ((int)(sizeof(uInt))) {
+    case 2:     break;
+    case 4:     flags += 1;     break;
+    case 8:     flags += 2;     break;
+    default:    flags += 3;
+    }
+    switch ((int)(sizeof(uLong))) {
+    case 2:     break;
+    case 4:     flags += 1 << 2;        break;
+    case 8:     flags += 2 << 2;        break;
+    default:    flags += 3 << 2;
+    }
+    switch ((int)(sizeof(voidpf))) {
+    case 2:     break;
+    case 4:     flags += 1 << 4;        break;
+    case 8:     flags += 2 << 4;        break;
+    default:    flags += 3 << 4;
+    }
+    switch ((int)(sizeof(z_off_t))) {
+    case 2:     break;
+    case 4:     flags += 1 << 6;        break;
+    case 8:     flags += 2 << 6;        break;
+    default:    flags += 3 << 6;
+    }
+#ifdef DEBUG
+    flags += 1 << 8;
+#endif
+#if defined(ASMV) || defined(ASMINF)
+    flags += 1 << 9;
+#endif
+#ifdef ZLIB_WINAPI
+    flags += 1 << 10;
+#endif
+#ifdef BUILDFIXED
+    flags += 1 << 12;
+#endif
+#ifdef DYNAMIC_CRC_TABLE
+    flags += 1 << 13;
+#endif
+#ifdef NO_GZCOMPRESS
+    flags += 1L << 16;
+#endif
+#ifdef NO_GZIP
+    flags += 1L << 17;
+#endif
+#ifdef PKZIP_BUG_WORKAROUND
+    flags += 1L << 20;
+#endif
+#ifdef FASTEST
+    flags += 1L << 21;
+#endif
+#ifdef STDC
+#  ifdef NO_vsnprintf
+        flags += 1L << 25;
+#    ifdef HAS_vsprintf_void
+        flags += 1L << 26;
+#    endif
+#  else
+#    ifdef HAS_vsnprintf_void
+        flags += 1L << 26;
+#    endif
+#  endif
+#else
+        flags += 1L << 24;
+#  ifdef NO_snprintf
+        flags += 1L << 25;
+#    ifdef HAS_sprintf_void
+        flags += 1L << 26;
+#    endif
+#  else
+#    ifdef HAS_snprintf_void
+        flags += 1L << 26;
+#    endif
+#  endif
+#endif
+    return flags;
+}
+
+#ifdef DEBUG
+
+#  ifndef verbose
+#    define verbose 0
+#  endif
+int ZLIB_INTERNAL z_verbose = verbose;
+
+void ZLIB_INTERNAL z_error (m)
+    char *m;
+{
+    fprintf(stderr, "%s\n", m);
+    exit(1);
+}
+#endif
+
+/* exported to allow conversion of error code to string for compress() and
+ * uncompress()
+ */
+const char * ZEXPORT zError(err)
+    int err;
+{
+    return ERR_MSG(err);
+}
+
+#if defined(_WIN32_WCE)
+    /* The Microsoft C Run-Time Library for Windows CE doesn't have
+     * errno.  We define it as a global variable to simplify porting.
+     * Its value is always 0 and should not be used.
+     */
+    int errno = 0;
+#endif
+
+#ifndef HAVE_MEMCPY
+
+void ZLIB_INTERNAL zmemcpy(dest, source, len)
+    Bytef* dest;
+    const Bytef* source;
+    uInt  len;
+{
+    if (len == 0) return;
+    do {
+        *dest++ = *source++; /* ??? to be unrolled */
+    } while (--len != 0);
+}
+
+int ZLIB_INTERNAL zmemcmp(s1, s2, len)
+    const Bytef* s1;
+    const Bytef* s2;
+    uInt  len;
+{
+    uInt j;
+
+    for (j = 0; j < len; j++) {
+        if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1;
+    }
+    return 0;
+}
+
+void ZLIB_INTERNAL zmemzero(dest, len)
+    Bytef* dest;
+    uInt  len;
+{
+    if (len == 0) return;
+    do {
+        *dest++ = 0;  /* ??? to be unrolled */
+    } while (--len != 0);
+}
+#endif
+
+
+#ifdef SYS16BIT
+
+#ifdef __TURBOC__
+/* Turbo C in 16-bit mode */
+
+#  define MY_ZCALLOC
+
+/* Turbo C malloc() does not allow dynamic allocation of 64K bytes
+ * and farmalloc(64K) returns a pointer with an offset of 8, so we
+ * must fix the pointer. Warning: the pointer must be put back to its
+ * original form in order to free it, use zcfree().
+ */
+
+#define MAX_PTR 10
+/* 10*64K = 640K */
+
+local int next_ptr = 0;
+
+typedef struct ptr_table_s {
+    voidpf org_ptr;
+    voidpf new_ptr;
+} ptr_table;
+
+local ptr_table table[MAX_PTR];
+/* This table is used to remember the original form of pointers
+ * to large buffers (64K). Such pointers are normalized with a zero offset.
+ * Since MSDOS is not a preemptive multitasking OS, this table is not
+ * protected from concurrent access. This hack doesn't work anyway on
+ * a protected system like OS/2. Use Microsoft C instead.
+ */
+
+voidpf ZLIB_INTERNAL zcalloc (voidpf opaque, unsigned items, unsigned size)
+{
+    voidpf buf = opaque; /* just to make some compilers happy */
+    ulg bsize = (ulg)items*size;
+
+    /* If we allocate less than 65520 bytes, we assume that farmalloc
+     * will return a usable pointer which doesn't have to be normalized.
+     */
+    if (bsize < 65520L) {
+        buf = farmalloc(bsize);
+        if (*(ush*)&buf != 0) return buf;
+    } else {
+        buf = farmalloc(bsize + 16L);
+    }
+    if (buf == NULL || next_ptr >= MAX_PTR) return NULL;
+    table[next_ptr].org_ptr = buf;
+
+    /* Normalize the pointer to seg:0 */
+    *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4;
+    *(ush*)&buf = 0;
+    table[next_ptr++].new_ptr = buf;
+    return buf;
+}
+
+void ZLIB_INTERNAL zcfree (voidpf opaque, voidpf ptr)
+{
+    int n;
+    if (*(ush*)&ptr != 0) { /* object < 64K */
+        farfree(ptr);
+        return;
+    }
+    /* Find the original pointer */
+    for (n = 0; n < next_ptr; n++) {
+        if (ptr != table[n].new_ptr) continue;
+
+        farfree(table[n].org_ptr);
+        while (++n < next_ptr) {
+            table[n-1] = table[n];
+        }
+        next_ptr--;
+        return;
+    }
+    ptr = opaque; /* just to make some compilers happy */
+    Assert(0, "zcfree: ptr not found");
+}
+
+#endif /* __TURBOC__ */
+
+
+#ifdef M_I86
+/* Microsoft C in 16-bit mode */
+
+#  define MY_ZCALLOC
+
+#if (!defined(_MSC_VER) || (_MSC_VER <= 600))
+#  define _halloc  halloc
+#  define _hfree   hfree
+#endif
+
+voidpf ZLIB_INTERNAL zcalloc (voidpf opaque, uInt items, uInt size)
+{
+    if (opaque) opaque = 0; /* to make compiler happy */
+    return _halloc((long)items, size);
+}
+
+void ZLIB_INTERNAL zcfree (voidpf opaque, voidpf ptr)
+{
+    if (opaque) opaque = 0; /* to make compiler happy */
+    _hfree(ptr);
+}
+
+#endif /* M_I86 */
+
+#endif /* SYS16BIT */
+
+
+#ifndef MY_ZCALLOC /* Any system without a special alloc function */
+
+#ifndef STDC
+extern voidp  malloc OF((uInt size));
+extern voidp  calloc OF((uInt items, uInt size));
+extern void   free   OF((voidpf ptr));
+#endif
+
+voidpf ZLIB_INTERNAL zcalloc (opaque, items, size)
+    voidpf opaque;
+    unsigned items;
+    unsigned size;
+{
+    if (opaque) items += size - size; /* make compiler happy */
+    return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) :
+                              (voidpf)calloc(items, size);
+}
+
+void ZLIB_INTERNAL zcfree (opaque, ptr)
+    voidpf opaque;
+    voidpf ptr;
+{
+    free(ptr);
+    if (opaque) return; /* make compiler happy */
+}
+
+#endif /* MY_ZCALLOC */
diff --git a/nss/lib/zlib/zutil.h b/nss/lib/zlib/zutil.h
new file mode 100644
index 0000000..d6ee23c
--- /dev/null
+++ b/nss/lib/zlib/zutil.h
@@ -0,0 +1,275 @@
+/* zutil.h -- internal interface and configuration of the compression library
+ * Copyright (C) 1995-2010 Jean-loup Gailly.
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZUTIL_H
+#define ZUTIL_H
+
+#if ((__GNUC__-0) * 10 + __GNUC_MINOR__-0 >= 33) && !defined(NO_VIZ)
+#  define ZLIB_INTERNAL __attribute__((visibility ("hidden")))
+#else
+#  define ZLIB_INTERNAL
+#endif
+
+#include "zlib.h"
+
+#ifdef STDC
+#  if !(defined(_WIN32_WCE) && defined(_MSC_VER))
+#    include <stddef.h>
+#  endif
+#  include <string.h>
+#  include <stdlib.h>
+#endif
+
+#ifndef local
+#  define local static
+#endif
+/* compile with -Dlocal if your debugger can't find static symbols */
+
+typedef unsigned char  uch;
+typedef uch FAR uchf;
+typedef unsigned short ush;
+typedef ush FAR ushf;
+typedef unsigned long  ulg;
+
+extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
+/* (size given to avoid silly warnings with Visual C++) */
+
+#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
+
+#define ERR_RETURN(strm,err) \
+  return (strm->msg = (char*)ERR_MSG(err), (err))
+/* To be used only when the state is known to be valid */
+
+        /* common constants */
+
+#ifndef DEF_WBITS
+#  define DEF_WBITS MAX_WBITS
+#endif
+/* default windowBits for decompression. MAX_WBITS is for compression only */
+
+#if MAX_MEM_LEVEL >= 8
+#  define DEF_MEM_LEVEL 8
+#else
+#  define DEF_MEM_LEVEL  MAX_MEM_LEVEL
+#endif
+/* default memLevel */
+
+#define STORED_BLOCK 0
+#define STATIC_TREES 1
+#define DYN_TREES    2
+/* The three kinds of block type */
+
+#define MIN_MATCH  3
+#define MAX_MATCH  258
+/* The minimum and maximum match lengths */
+
+#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
+
+        /* target dependencies */
+
+#if defined(MSDOS) || (defined(WINDOWS) && !defined(WIN32))
+#  define OS_CODE  0x00
+#  if defined(__TURBOC__) || defined(__BORLANDC__)
+#    if (__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__))
+       /* Allow compilation with ANSI keywords only enabled */
+       void _Cdecl farfree( void *block );
+       void *_Cdecl farmalloc( unsigned long nbytes );
+#    else
+#      include <alloc.h>
+#    endif
+#  else /* MSC or DJGPP */
+#    include <malloc.h>
+#  endif
+#endif
+
+#ifdef AMIGA
+#  define OS_CODE  0x01
+#endif
+
+#if defined(VAXC) || defined(VMS)
+#  define OS_CODE  0x02
+#  define F_OPEN(name, mode) \
+     fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
+#endif
+
+#if defined(ATARI) || defined(atarist)
+#  define OS_CODE  0x05
+#endif
+
+#ifdef OS2
+#  define OS_CODE  0x06
+#  ifdef M_I86
+#    include <malloc.h>
+#  endif
+#endif
+
+#if defined(MACOS) || defined(TARGET_OS_MAC)
+#  define OS_CODE  0x07
+#  if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
+#    include <unix.h> /* for fdopen */
+#  else
+#    ifndef fdopen
+#      define fdopen(fd,mode) NULL /* No fdopen() */
+#    endif
+#  endif
+#endif
+
+#ifdef TOPS20
+#  define OS_CODE  0x0a
+#endif
+
+#ifdef WIN32
+#  ifndef __CYGWIN__  /* Cygwin is Unix, not Win32 */
+#    define OS_CODE  0x0b
+#  endif
+#endif
+
+#ifdef __50SERIES /* Prime/PRIMOS */
+#  define OS_CODE  0x0f
+#endif
+
+#if defined(_BEOS_) || defined(RISCOS)
+#  define fdopen(fd,mode) NULL /* No fdopen() */
+#endif
+
+#if (defined(_MSC_VER) && (_MSC_VER > 600)) && !defined __INTERIX
+#  if defined(_WIN32_WCE)
+#    define fdopen(fd,mode) NULL /* No fdopen() */
+#    ifndef _PTRDIFF_T_DEFINED
+       typedef int ptrdiff_t;
+#      define _PTRDIFF_T_DEFINED
+#    endif
+#  else
+#    define fdopen(fd,type)  _fdopen(fd,type)
+#  endif
+#endif
+
+#if defined(__BORLANDC__)
+  #pragma warn -8004
+  #pragma warn -8008
+  #pragma warn -8066
+#endif
+
+/* provide prototypes for these when building zlib without LFS */
+#if !defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0
+    ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
+    ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
+#endif
+
+        /* common defaults */
+
+#ifndef OS_CODE
+#  define OS_CODE  0x03  /* assume Unix */
+#endif
+
+#ifndef F_OPEN
+#  define F_OPEN(name, mode) fopen((name), (mode))
+#endif
+
+         /* functions */
+
+#if defined(STDC99) || (defined(__TURBOC__) && __TURBOC__ >= 0x550) || \
+   (defined(_MSC_VER) && _MSC_VER >= 1500)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+#if defined(__CYGWIN__)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+#ifndef HAVE_VSNPRINTF
+#  ifdef MSDOS
+     /* vsnprintf may exist on some MS-DOS compilers (DJGPP?),
+        but for now we just assume it doesn't. */
+#    define NO_vsnprintf
+#  endif
+#  ifdef __TURBOC__
+#    define NO_vsnprintf
+#  endif
+#  ifdef WIN32
+     /* In Win32, vsnprintf is available as the "non-ANSI" _vsnprintf. */
+#    if !defined(vsnprintf) && !defined(NO_vsnprintf)
+#      if !defined(_MSC_VER) || ( defined(_MSC_VER) && _MSC_VER < 1500 )
+#         define vsnprintf _vsnprintf
+#      endif
+#    endif
+#  endif
+#  ifdef __SASC
+#    define NO_vsnprintf
+#  endif
+#endif
+#ifdef VMS
+#  define NO_vsnprintf
+#endif
+
+#if defined(pyr)
+#  define NO_MEMCPY
+#endif
+#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__)
+ /* Use our own functions for small and medium model with MSC <= 5.0.
+  * You may have to use the same strategy for Borland C (untested).
+  * The __SC__ check is for Symantec.
+  */
+#  define NO_MEMCPY
+#endif
+#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
+#  define HAVE_MEMCPY
+#endif
+#ifdef HAVE_MEMCPY
+#  ifdef SMALL_MEDIUM /* MSDOS small or medium model */
+#    define zmemcpy _fmemcpy
+#    define zmemcmp _fmemcmp
+#    define zmemzero(dest, len) _fmemset(dest, 0, len)
+#  else
+#    define zmemcpy memcpy
+#    define zmemcmp memcmp
+#    define zmemzero(dest, len) memset(dest, 0, len)
+#  endif
+#else
+   void ZLIB_INTERNAL zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
+   int ZLIB_INTERNAL zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
+   void ZLIB_INTERNAL zmemzero OF((Bytef* dest, uInt len));
+#endif
+
+/* Diagnostic functions */
+#ifdef DEBUG
+#  include <stdio.h>
+   extern int ZLIB_INTERNAL z_verbose;
+   extern void ZLIB_INTERNAL z_error OF((char *m));
+#  define Assert(cond,msg) {if(!(cond)) z_error(msg);}
+#  define Trace(x) {if (z_verbose>=0) fprintf x ;}
+#  define Tracev(x) {if (z_verbose>0) fprintf x ;}
+#  define Tracevv(x) {if (z_verbose>1) fprintf x ;}
+#  define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
+#  define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
+#else
+#  define Assert(cond,msg)
+#  define Trace(x)
+#  define Tracev(x)
+#  define Tracevv(x)
+#  define Tracec(c,x)
+#  define Tracecv(c,x)
+#endif
+
+
+voidpf ZLIB_INTERNAL zcalloc OF((voidpf opaque, unsigned items,
+                        unsigned size));
+void ZLIB_INTERNAL zcfree  OF((voidpf opaque, voidpf ptr));
+
+#define ZALLOC(strm, items, size) \
+           (*((strm)->zalloc))((strm)->opaque, (items), (size))
+#define ZFREE(strm, addr)  (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
+#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
+
+#endif /* ZUTIL_H */
diff --git a/nss/manifest.mn b/nss/manifest.mn
new file mode 100644
index 0000000..32086bf
--- /dev/null
+++ b/nss/manifest.mn
@@ -0,0 +1,13 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = .
+DEPTH      = .
+
+IMPORTS =	nspr20/v4.8 \
+		$(NULL)
+
+RELEASE = nss
+
+DIRS = coreconf lib cmd gtests
diff --git a/nss/nss-tool/.clang-format b/nss/nss-tool/.clang-format
new file mode 100644
index 0000000..06e3c51
--- /dev/null
+++ b/nss/nss-tool/.clang-format
@@ -0,0 +1,4 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+...
diff --git a/nss/nss-tool/common/argparse.cc b/nss/nss-tool/common/argparse.cc
new file mode 100644
index 0000000..3b7c738
--- /dev/null
+++ b/nss/nss-tool/common/argparse.cc
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "argparse.h"
+
+ArgParser::ArgParser(const std::vector<std::string>& arguments) {
+  for (size_t i = 0; i < arguments.size(); i++) {
+    std::string arg = arguments.at(i);
+    if (arg.find("--") == 0) {
+      // look for an option argument
+      if (i + 1 < arguments.size() && arguments.at(i + 1).find("--") != 0) {
+        programArgs_[arg] = arguments.at(i + 1);
+        i++;
+      } else {
+        programArgs_[arg] = "";
+      }
+    } else {
+      // positional argument (e.g. required argument)
+      positionalArgs_.push_back(arg);
+    }
+  }
+}
diff --git a/nss/nss-tool/common/argparse.h b/nss/nss-tool/common/argparse.h
new file mode 100644
index 0000000..8645d5a
--- /dev/null
+++ b/nss/nss-tool/common/argparse.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef argparse_h__
+#define argparse_h__
+
+#include <string>
+#include <unordered_map>
+#include <vector>
+
+class ArgParser {
+ public:
+  ArgParser(const std::vector<std::string>& arguments);
+
+  bool Has(std::string arg) const { return programArgs_.count(arg) > 0; }
+
+  std::string Get(std::string arg) const { return programArgs_.at(arg); }
+
+  size_t GetPositionalArgumentCount() const { return positionalArgs_.size(); }
+  std::string GetPositionalArgument(size_t pos) const {
+    return positionalArgs_.at(pos);
+  }
+
+ private:
+  std::unordered_map<std::string, std::string> programArgs_;
+  std::vector<std::string> positionalArgs_;
+};
+
+#endif  // argparse_h__
diff --git a/nss/nss-tool/common/util.cc b/nss/nss-tool/common/util.cc
new file mode 100644
index 0000000..f8abf82
--- /dev/null
+++ b/nss/nss-tool/common/util.cc
@@ -0,0 +1,135 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "util.h"
+
+#include <iomanip>
+#include <iostream>
+#include <sstream>
+#include <string>
+
+#include <prerror.h>
+
+#if defined(__unix__) || defined(__APPLE__)
+#include <termios.h>
+#include <unistd.h>
+#elif defined(WIN32) || defined(_WIN64)
+#include <Windows.h>
+#endif
+
+static std::string GetPassword(const std::string &prompt) {
+  std::cout << prompt << std::endl;
+
+#if defined(__unix__) || defined(__APPLE__)
+  termios oldt;
+  tcgetattr(STDIN_FILENO, &oldt);
+  termios newt = oldt;
+  newt.c_lflag &= ~ECHO;
+  tcsetattr(STDIN_FILENO, TCSANOW, &newt);
+#elif defined(WIN32) || defined(_WIN64)
+  HANDLE hStdin = GetStdHandle(STD_INPUT_HANDLE);
+  DWORD mode = 0;
+  GetConsoleMode(hStdin, &mode);
+  SetConsoleMode(hStdin, mode & (~ENABLE_ECHO_INPUT));
+#endif
+
+  std::string pw;
+  std::getline(std::cin, pw);
+
+#if defined(__unix__) || defined(__APPLE__)
+  tcsetattr(STDIN_FILENO, TCSANOW, &oldt);
+#elif defined(WIN32) || defined(_WIN64)
+  SetConsoleMode(hStdin, mode);
+#endif
+
+  return pw;
+}
+
+static char *GetModulePassword(PK11SlotInfo *slot, int retry, void *arg) {
+  if (arg == nullptr) {
+    return nullptr;
+  }
+
+  PwData *pwData = reinterpret_cast<PwData *>(arg);
+
+  if (retry > 0) {
+    std::cerr << "Incorrect password/PIN entered." << std::endl;
+    return nullptr;
+  }
+
+  switch (pwData->source) {
+    case PW_NONE:
+    case PW_FROMFILE:
+      std::cerr << "Password input method not supported." << std::endl;
+      return nullptr;
+    case PW_PLAINTEXT:
+      return PL_strdup(pwData->data);
+    default:
+      break;
+  }
+
+  std::cerr << "Password check failed:  No password found." << std::endl;
+  return nullptr;
+}
+
+bool InitSlotPassword(void) {
+  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (slot.get() == nullptr) {
+    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
+    return false;
+  }
+
+  std::cout << "Enter a password which will be used to encrypt your keys."
+            << std::endl
+            << std::endl;
+  std::string pw;
+
+  while (true) {
+    pw = GetPassword("Enter new password: ");
+    if (pw == GetPassword("Re-enter password: ")) {
+      break;
+    }
+
+    std::cerr << "Passwords do not match. Try again." << std::endl;
+  }
+
+  SECStatus rv = PK11_InitPin(slot.get(), nullptr, pw.c_str());
+  if (rv != SECSuccess) {
+    std::cerr << "Init db password failed." << std::endl;
+    return false;
+  }
+
+  return true;
+}
+
+bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot) {
+  if (!PK11_NeedLogin(slot.get())) {
+    return true;
+  }
+
+  PK11_SetPasswordFunc(&GetModulePassword);
+  std::string pw = GetPassword("Enter your password: ");
+  PwData pwData = {PW_PLAINTEXT, const_cast<char *>(pw.c_str())};
+  SECStatus rv = PK11_Authenticate(slot.get(), true /*loadCerts*/, &pwData);
+  if (rv != SECSuccess) {
+    std::cerr << "Could not authenticate to token "
+              << PK11_GetTokenName(slot.get()) << ". Failed with error "
+              << PR_ErrorToName(PR_GetError()) << std::endl;
+    return false;
+  }
+  std::cout << std::endl;
+
+  return true;
+}
+
+std::string StringToHex(const ScopedSECItem &input) {
+  std::stringstream ss;
+  ss << "0x";
+  for (size_t i = 0; i < input->len; i++) {
+    ss << std::hex << std::setfill('0') << std::setw(2)
+       << static_cast<int>(input->data[i]);
+  }
+
+  return ss.str();
+}
diff --git a/nss/nss-tool/common/util.h b/nss/nss-tool/common/util.h
new file mode 100644
index 0000000..d4fc257
--- /dev/null
+++ b/nss/nss-tool/common/util.h
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef util_h__
+#define util_h__
+
+#include "scoped_ptrs.h"
+
+#include <secmodt.h>
+#include <string>
+
+enum PwDataType { PW_NONE = 0, PW_FROMFILE = 1, PW_PLAINTEXT = 2 };
+typedef struct {
+  PwDataType source;
+  char *data;
+} PwData;
+
+bool InitSlotPassword(void);
+bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot);
+std::string StringToHex(const ScopedSECItem &input);
+
+#endif  // util_h__
diff --git a/nss/nss-tool/db/dbtool.cc b/nss/nss-tool/db/dbtool.cc
new file mode 100644
index 0000000..f88ba41
--- /dev/null
+++ b/nss/nss-tool/db/dbtool.cc
@@ -0,0 +1,369 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "dbtool.h"
+#include "argparse.h"
+#include "scoped_ptrs.h"
+#include "util.h"
+
+#include <dirent.h>
+#include <fstream>
+#include <iomanip>
+#include <iostream>
+#include <memory>
+#include <regex>
+#include <sstream>
+
+#include <cert.h>
+#include <certdb.h>
+#include <nss.h>
+#include <prerror.h>
+#include <prio.h>
+
+const std::vector<std::string> kCommandArgs({"--create", "--list-certs",
+                                             "--import-cert", "--list-keys"});
+
+static bool HasSingleCommandArgument(const ArgParser &parser) {
+  auto pred = [&](const std::string &cmd) { return parser.Has(cmd); };
+  return std::count_if(kCommandArgs.begin(), kCommandArgs.end(), pred) == 1;
+}
+
+static std::string PrintFlags(unsigned int flags) {
+  std::stringstream ss;
+  if ((flags & CERTDB_VALID_CA) && !(flags & CERTDB_TRUSTED_CA) &&
+      !(flags & CERTDB_TRUSTED_CLIENT_CA)) {
+    ss << "c";
+  }
+  if ((flags & CERTDB_TERMINAL_RECORD) && !(flags & CERTDB_TRUSTED)) {
+    ss << "p";
+  }
+  if (flags & CERTDB_TRUSTED_CA) {
+    ss << "C";
+  }
+  if (flags & CERTDB_TRUSTED_CLIENT_CA) {
+    ss << "T";
+  }
+  if (flags & CERTDB_TRUSTED) {
+    ss << "P";
+  }
+  if (flags & CERTDB_USER) {
+    ss << "u";
+  }
+  if (flags & CERTDB_SEND_WARN) {
+    ss << "w";
+  }
+  if (flags & CERTDB_INVISIBLE_CA) {
+    ss << "I";
+  }
+  if (flags & CERTDB_GOVT_APPROVED_CA) {
+    ss << "G";
+  }
+  return ss.str();
+}
+
+static std::vector<char> ReadFromIstream(std::istream &is) {
+  std::vector<char> certData;
+  while (is) {
+    char buf[1024];
+    is.read(buf, sizeof(buf));
+    certData.insert(certData.end(), buf, buf + is.gcount());
+  }
+
+  return certData;
+}
+
+static const char *const keyTypeName[] = {"null", "rsa", "dsa", "fortezza",
+                                          "dh",   "kea", "ec"};
+
+void DBTool::Usage() {
+  std::cerr << "Usage: nss db [--path <directory>]" << std::endl;
+  std::cerr << "  --create" << std::endl;
+  std::cerr << "  --list-certs" << std::endl;
+  std::cerr << "  --import-cert [<path>] --name <name> [--trusts <trusts>]"
+            << std::endl;
+  std::cerr << "  --list-keys" << std::endl;
+}
+
+bool DBTool::Run(const std::vector<std::string> &arguments) {
+  ArgParser parser(arguments);
+
+  if (!HasSingleCommandArgument(parser)) {
+    Usage();
+    return false;
+  }
+
+  PRAccessHow how = PR_ACCESS_READ_OK;
+  bool readOnly = true;
+  if (parser.Has("--create") || parser.Has("--import-cert")) {
+    how = PR_ACCESS_WRITE_OK;
+    readOnly = false;
+  }
+
+  std::string initDir(".");
+  if (parser.Has("--path")) {
+    initDir = parser.Get("--path");
+  }
+  if (PR_Access(initDir.c_str(), how) != PR_SUCCESS) {
+    std::cerr << "Directory '" << initDir
+              << "' does not exist or you don't have permissions!" << std::endl;
+    return false;
+  }
+
+  std::cout << "Using database directory: " << initDir << std::endl
+            << std::endl;
+
+  bool dbFilesExist = PathHasDBFiles(initDir);
+  if (parser.Has("--create") && dbFilesExist) {
+    std::cerr << "Trying to create database files in a directory where they "
+                 "already exists. Delete the db files before creating new ones."
+              << std::endl;
+    return false;
+  }
+  if (!parser.Has("--create") && !dbFilesExist) {
+    std::cerr << "No db files found." << std::endl;
+    std::cerr << "Create them using 'nss db --create [--path /foo/bar]' before "
+                 "continuing."
+              << std::endl;
+    return false;
+  }
+
+  // init NSS
+  const char *certPrefix = "";  // certutil -P option  --- can leave this empty
+  SECStatus rv = NSS_Initialize(initDir.c_str(), certPrefix, certPrefix,
+                                "secmod.db", readOnly ? NSS_INIT_READONLY : 0);
+  if (rv != SECSuccess) {
+    std::cerr << "NSS init failed!" << std::endl;
+    return false;
+  }
+
+  bool ret = true;
+  if (parser.Has("--list-certs")) {
+    ListCertificates();
+  } else if (parser.Has("--import-cert")) {
+    ret = ImportCertificate(parser);
+  } else if (parser.Has("--create")) {
+    ret = InitSlotPassword();
+    if (ret) {
+      std::cout << "DB files created successfully." << std::endl;
+    }
+  } else if (parser.Has("--list-keys")) {
+    ret = ListKeys();
+  }
+
+  // shutdown nss
+  if (NSS_Shutdown() != SECSuccess) {
+    std::cerr << "NSS Shutdown failed!" << std::endl;
+    return false;
+  }
+
+  return ret;
+}
+
+bool DBTool::PathHasDBFiles(std::string path) {
+  std::regex certDBPattern("cert.*\\.db");
+  std::regex keyDBPattern("key.*\\.db");
+
+  DIR *dir;
+  if (!(dir = opendir(path.c_str()))) {
+    std::cerr << "Directory " << path << " could not be accessed!" << std::endl;
+    return false;
+  }
+
+  struct dirent *ent;
+  bool dbFileExists = false;
+  while ((ent = readdir(dir))) {
+    if (std::regex_match(ent->d_name, certDBPattern) ||
+        std::regex_match(ent->d_name, keyDBPattern) ||
+        "secmod.db" == std::string(ent->d_name)) {
+      dbFileExists = true;
+      break;
+    }
+  }
+
+  closedir(dir);
+  return dbFileExists;
+}
+
+void DBTool::ListCertificates() {
+  ScopedCERTCertList list(PK11_ListCerts(PK11CertListAll, nullptr));
+  CERTCertListNode *node;
+
+  std::cout << std::setw(60) << std::left << "Certificate Nickname"
+            << " "
+            << "Trust Attributes" << std::endl;
+  std::cout << std::setw(60) << std::left << ""
+            << " "
+            << "SSL,S/MIME,JAR/XPI" << std::endl
+            << std::endl;
+
+  for (node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
+       node = CERT_LIST_NEXT(node)) {
+    CERTCertificate *cert = node->cert;
+
+    std::string name("(unknown)");
+    char *appData = static_cast<char *>(node->appData);
+    if (appData && strlen(appData) > 0) {
+      name = appData;
+    } else if (cert->nickname && strlen(cert->nickname) > 0) {
+      name = cert->nickname;
+    } else if (cert->emailAddr && strlen(cert->emailAddr) > 0) {
+      name = cert->emailAddr;
+    }
+
+    CERTCertTrust trust;
+    std::string trusts;
+    if (CERT_GetCertTrust(cert, &trust) == SECSuccess) {
+      std::stringstream ss;
+      ss << PrintFlags(trust.sslFlags);
+      ss << ",";
+      ss << PrintFlags(trust.emailFlags);
+      ss << ",";
+      ss << PrintFlags(trust.objectSigningFlags);
+      trusts = ss.str();
+    } else {
+      trusts = ",,";
+    }
+    std::cout << std::setw(60) << std::left << name << " " << trusts
+              << std::endl;
+  }
+}
+
+bool DBTool::ImportCertificate(const ArgParser &parser) {
+  if (!parser.Has("--name")) {
+    std::cerr << "A name (--name) is required to import a certificate."
+              << std::endl;
+    return false;
+  }
+
+  std::string derFilePath = parser.Get("--import-cert");
+  std::string certName = parser.Get("--name");
+  std::string trustString("TCu,Cu,Tu");
+  if (parser.Has("--trusts")) {
+    trustString = parser.Get("--trusts");
+  }
+
+  CERTCertTrust trust;
+  SECStatus rv = CERT_DecodeTrustString(&trust, trustString.c_str());
+  if (rv != SECSuccess) {
+    std::cerr << "Cannot decode trust string!" << std::endl;
+    return false;
+  }
+
+  ScopedPK11SlotInfo slot = ScopedPK11SlotInfo(PK11_GetInternalKeySlot());
+  if (slot.get() == nullptr) {
+    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
+    return false;
+  }
+
+  std::vector<char> certData;
+  if (derFilePath.empty()) {
+    std::cout << "No Certificate file path given, using stdin." << std::endl;
+    certData = ReadFromIstream(std::cin);
+  } else {
+    std::ifstream is(derFilePath, std::ifstream::binary);
+    if (!is.good()) {
+      std::cerr << "IO Error when opening " << derFilePath << std::endl;
+      std::cerr
+          << "Certificate file does not exist or you don't have permissions."
+          << std::endl;
+      return false;
+    }
+    certData = ReadFromIstream(is);
+  }
+
+  ScopedCERTCertificate cert(
+      CERT_DecodeCertFromPackage(certData.data(), certData.size()));
+  if (cert.get() == nullptr) {
+    std::cerr << "Error: Could not decode certificate!" << std::endl;
+    return false;
+  }
+
+  rv = PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE,
+                       certName.c_str(), PR_FALSE);
+  if (rv != SECSuccess) {
+    // TODO handle authentication -> PK11_Authenticate (see certutil.c line
+    // 134)
+    std::cerr << "Error: Could not add certificate to database!" << std::endl;
+    return false;
+  }
+
+  rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert.get(), &trust);
+  if (rv != SECSuccess) {
+    std::cerr << "Cannot change cert's trust" << std::endl;
+    return false;
+  }
+
+  std::cout << "Certificate import was successful!" << std::endl;
+  // TODO show information about imported certificate
+  return true;
+}
+
+bool DBTool::ListKeys() {
+  ScopedPK11SlotInfo slot = ScopedPK11SlotInfo(PK11_GetInternalKeySlot());
+  if (slot.get() == nullptr) {
+    std::cerr << "Error: Init PK11SlotInfo failed!" << std::endl;
+    return false;
+  }
+
+  if (!DBLoginIfNeeded(slot)) {
+    return false;
+  }
+
+  ScopedSECKEYPrivateKeyList list(PK11_ListPrivateKeysInSlot(slot.get()));
+  if (list.get() == nullptr) {
+    std::cerr << "Listing private keys failed with error "
+              << PR_ErrorToName(PR_GetError()) << std::endl;
+    return false;
+  }
+
+  SECKEYPrivateKeyListNode *node;
+  int count = 0;
+  for (node = PRIVKEY_LIST_HEAD(list.get());
+       !PRIVKEY_LIST_END(node, list.get()); node = PRIVKEY_LIST_NEXT(node)) {
+    char *keyNameRaw = PK11_GetPrivateKeyNickname(node->key);
+    std::string keyName(keyNameRaw ? "" : keyNameRaw);
+
+    if (keyName.empty()) {
+      ScopedCERTCertificate cert(PK11_GetCertFromPrivateKey(node->key));
+      if (cert.get()) {
+        if (cert->nickname && strlen(cert->nickname) > 0) {
+          keyName = cert->nickname;
+        } else if (cert->emailAddr && strlen(cert->emailAddr) > 0) {
+          keyName = cert->emailAddr;
+        }
+      }
+      if (keyName.empty()) {
+        keyName = "(none)";  // default value
+      }
+    }
+
+    SECKEYPrivateKey *key = node->key;
+    ScopedSECItem keyIDItem(PK11_GetLowLevelKeyIDForPrivateKey(key));
+    if (keyIDItem.get() == nullptr) {
+      std::cerr << "Error: PK11_GetLowLevelKeyIDForPrivateKey failed!"
+                << std::endl;
+      continue;
+    }
+
+    std::string keyID = StringToHex(keyIDItem);
+
+    if (count++ == 0) {
+      // print header
+      std::cout << std::left << std::setw(20) << "<key#, key name>"
+                << std::setw(20) << "key type"
+                << "key id" << std::endl;
+    }
+
+    std::stringstream leftElem;
+    leftElem << "<" << count << ", " << keyName << ">";
+    std::cout << std::left << std::setw(20) << leftElem.str() << std::setw(20)
+              << keyTypeName[key->keyType] << keyID << std::endl;
+  }
+
+  if (count == 0) {
+    std::cout << "No keys found." << std::endl;
+  }
+
+  return true;
+}
diff --git a/nss/nss-tool/db/dbtool.h b/nss/nss-tool/db/dbtool.h
new file mode 100644
index 0000000..ed44e74
--- /dev/null
+++ b/nss/nss-tool/db/dbtool.h
@@ -0,0 +1,25 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef dbtool_h__
+#define dbtool_h__
+
+#include <string>
+#include <vector>
+#include "argparse.h"
+
+class DBTool {
+ public:
+  bool Run(const std::vector<std::string>& arguments);
+
+  void Usage();
+
+ private:
+  bool PathHasDBFiles(std::string path);
+  void ListCertificates();
+  bool ImportCertificate(const ArgParser& parser);
+  bool ListKeys();
+};
+
+#endif  // dbtool_h__
diff --git a/nss/nss-tool/nss_tool.cc b/nss/nss-tool/nss_tool.cc
new file mode 100644
index 0000000..0b6b734
--- /dev/null
+++ b/nss/nss-tool/nss_tool.cc
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <iostream>
+#include <string>
+#include <vector>
+
+#include <prinit.h>
+
+#include "argparse.h"
+#include "db/dbtool.h"
+
+static void Usage() {
+  std::cerr << "Usage: nss <command> <subcommand> [options]" << std::endl;
+  std::cerr << "       nss db [--path <directory>] <commands>" << std::endl;
+}
+
+int main(int argc, char **argv) {
+  if (argc < 2) {
+    Usage();
+    return 1;
+  }
+
+  if (std::string(argv[1]) != "db") {
+    Usage();
+    return 1;
+  }
+
+  int exit_code = 0;
+  PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+  std::vector<std::string> arguments(argv + 2, argv + argc);
+  DBTool tool;
+  if (!tool.Run(arguments)) {
+    exit_code = 1;
+  }
+
+  PR_Cleanup();
+
+  return exit_code;
+}
diff --git a/nss/nss-tool/nss_tool.gyp b/nss/nss-tool/nss_tool.gyp
new file mode 100644
index 0000000..95b6270
--- /dev/null
+++ b/nss/nss-tool/nss_tool.gyp
@@ -0,0 +1,29 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes' : [
+    '../coreconf/config.gypi',
+    '../cmd/platlibs.gypi',
+  ],
+  'targets' : [
+    {
+      'target_name' : 'nss',
+      'type' : 'executable',
+      'sources' : [
+        'nss_tool.cc',
+        'common/argparse.cc',
+        'common/util.cc',
+        'db/dbtool.cc',
+      ],
+      'include_dirs': [
+        'common',
+      ],
+      'dependencies' : [
+        '<(DEPTH)/cpputil/cpputil.gyp:cpputil',
+        '<(DEPTH)/exports.gyp:dbm_exports',
+        '<(DEPTH)/exports.gyp:nss_exports',
+      ],
+    }
+  ],
+}
diff --git a/nss/nss.gyp b/nss/nss.gyp
new file mode 100644
index 0000000..97782c8
--- /dev/null
+++ b/nss/nss.gyp
@@ -0,0 +1,273 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+  'includes': [
+    'coreconf/config.gypi'
+  ],
+  'targets': [
+    {
+      'target_name': 'nss_libs',
+      'type': 'none',
+      'dependencies': [
+        'lib/ckfw/builtins/builtins.gyp:nssckbi',
+        'lib/freebl/freebl.gyp:freebl3',
+        'lib/softoken/softoken.gyp:softokn3',
+      ],
+      'conditions': [
+        [ 'moz_fold_libs==0', {
+          'dependencies': [
+            'lib/nss/nss.gyp:nss3',
+            'lib/smime/smime.gyp:smime3',
+            'lib/sqlite/sqlite.gyp:sqlite3',
+            'lib/ssl/ssl.gyp:ssl3',
+            'lib/util/util.gyp:nssutil3',
+          ],
+        }],
+        [ 'OS=="linux"', {
+          'dependencies': [
+            'lib/freebl/freebl.gyp:freeblpriv3',
+            'lib/sysinit/sysinit.gyp:nsssysinit',
+          ],
+        }],
+        [ 'disable_dbm==0', {
+          'dependencies': [
+            'lib/softoken/legacydb/legacydb.gyp:nssdbm3',
+          ],
+        }],
+      ],
+    },
+    {
+      'target_name': 'nss_static_libs',
+      'type': 'none',
+      'dependencies': [
+        'cmd/lib/lib.gyp:sectool',
+        'lib/base/base.gyp:nssb',
+        'lib/certdb/certdb.gyp:certdb',
+        'lib/certhigh/certhigh.gyp:certhi',
+        'lib/ckfw/ckfw.gyp:nssckfw',
+        'lib/crmf/crmf.gyp:crmf',
+        'lib/cryptohi/cryptohi.gyp:cryptohi',
+        'lib/dev/dev.gyp:nssdev',
+        'lib/freebl/freebl.gyp:freebl',
+        'lib/jar/jar.gyp:jar',
+        'lib/nss/nss.gyp:nss_static',
+        'lib/pk11wrap/pk11wrap.gyp:pk11wrap',
+        'lib/pkcs12/pkcs12.gyp:pkcs12',
+        'lib/pkcs7/pkcs7.gyp:pkcs7',
+        'lib/pki/pki.gyp:nsspki',
+        'lib/smime/smime.gyp:smime',
+        'lib/softoken/softoken.gyp:softokn',
+        'lib/ssl/ssl.gyp:ssl',
+        'lib/util/util.gyp:nssutil'
+      ],
+      'conditions': [
+        [ 'OS=="linux"', {
+          'dependencies': [
+            'lib/sysinit/sysinit.gyp:nsssysinit_static',
+          ],
+        }],
+        [ 'disable_dbm==0', {
+          'dependencies': [
+            'lib/dbm/src/src.gyp:dbm',
+            'lib/softoken/legacydb/legacydb.gyp:nssdbm',
+          ],
+        }],
+        [ 'disable_libpkix==0', {
+          'dependencies': [
+            'lib/libpkix/pkix/certsel/certsel.gyp:pkixcertsel',
+            'lib/libpkix/pkix/checker/checker.gyp:pkixchecker',
+            'lib/libpkix/pkix/crlsel/crlsel.gyp:pkixcrlsel',
+            'lib/libpkix/pkix/params/params.gyp:pkixparams',
+            'lib/libpkix/pkix/results/results.gyp:pkixresults',
+            'lib/libpkix/pkix/store/store.gyp:pkixstore',
+            'lib/libpkix/pkix/top/top.gyp:pkixtop',
+            'lib/libpkix/pkix/util/util.gyp:pkixutil',
+            'lib/libpkix/pkix_pl_nss/module/module.gyp:pkixmodule',
+            'lib/libpkix/pkix_pl_nss/pki/pki.gyp:pkixpki',
+            'lib/libpkix/pkix_pl_nss/system/system.gyp:pkixsystem',
+          ],
+        }],
+        [ 'use_system_sqlite==0', {
+          'dependencies': [
+            'lib/sqlite/sqlite.gyp:sqlite',
+          ],
+        }],
+        [ 'moz_fold_libs==1', {
+          'dependencies': [
+            'lib/nss/nss.gyp:nss3_static',
+            'lib/smime/smime.gyp:smime3_static',
+          ],
+        }],
+      ],
+    },
+    {
+      'target_name': 'nss_cmds',
+      'type': 'none',
+      'dependencies': [
+        'cmd/certutil/certutil.gyp:certutil',
+        'cmd/modutil/modutil.gyp:modutil',
+        'cmd/pk12util/pk12util.gyp:pk12util',
+        'cmd/shlibsign/shlibsign.gyp:shlibsign',
+      ],
+      'conditions': [
+        [ 'mozilla_client==0', {
+          'dependencies': [
+            'cmd/crlutil/crlutil.gyp:crlutil',
+            'cmd/pwdecrypt/pwdecrypt.gyp:pwdecrypt',
+            'cmd/signtool/signtool.gyp:signtool',
+            'cmd/signver/signver.gyp:signver',
+            'cmd/smimetools/smimetools.gyp:cmsutil',
+            'cmd/ssltap/ssltap.gyp:ssltap',
+            'cmd/symkeyutil/symkeyutil.gyp:symkeyutil',
+            'nss-tool/nss_tool.gyp:nss',
+          ],
+        }],
+      ],
+    },
+  ],
+  'conditions': [
+    [ 'disable_tests==0', {
+      'targets': [
+        {
+          'target_name': 'nss_tests',
+          'type': 'none',
+          'dependencies': [
+            'cmd/addbuiltin/addbuiltin.gyp:addbuiltin',
+            'cmd/atob/atob.gyp:atob',
+            'cmd/bltest/bltest.gyp:bltest',
+            'cmd/btoa/btoa.gyp:btoa',
+            'cmd/certcgi/certcgi.gyp:certcgi',
+            'cmd/chktest/chktest.gyp:chktest',
+            'cmd/crmftest/crmftest.gyp:crmftest',
+            'cmd/dbtest/dbtest.gyp:dbtest',
+            'cmd/derdump/derdump.gyp:derdump',
+            'cmd/digest/digest.gyp:digest',
+            'cmd/ecperf/ecperf.gyp:ecperf',
+            'cmd/fbectest/fbectest.gyp:fbectest',
+            'cmd/fipstest/fipstest.gyp:fipstest',
+            'cmd/httpserv/httpserv.gyp:httpserv',
+            'cmd/listsuites/listsuites.gyp:listsuites',
+            'cmd/makepqg/makepqg.gyp:makepqg',
+            'cmd/multinit/multinit.gyp:multinit',
+            'cmd/ocspclnt/ocspclnt.gyp:ocspclnt',
+            'cmd/ocspresp/ocspresp.gyp:ocspresp',
+            'cmd/oidcalc/oidcalc.gyp:oidcalc',
+            'cmd/p7content/p7content.gyp:p7content',
+            'cmd/p7env/p7env.gyp:p7env',
+            'cmd/p7sign/p7sign.gyp:p7sign',
+            'cmd/p7verify/p7verify.gyp:p7verify',
+            'cmd/pk11ectest/pk11ectest.gyp:pk11ectest',
+            'cmd/pk11gcmtest/pk11gcmtest.gyp:pk11gcmtest',
+            'cmd/pk11mode/pk11mode.gyp:pk11mode',
+            'cmd/pk1sign/pk1sign.gyp:pk1sign',
+            'cmd/pp/pp.gyp:pp',
+            'cmd/rsaperf/rsaperf.gyp:rsaperf',
+            'cmd/sdrtest/sdrtest.gyp:sdrtest',
+            'cmd/selfserv/selfserv.gyp:selfserv',
+            'cmd/shlibsign/mangle/mangle.gyp:mangle',
+            'cmd/strsclnt/strsclnt.gyp:strsclnt',
+            'cmd/tests/tests.gyp:baddbdir',
+            'cmd/tests/tests.gyp:conflict',
+            'cmd/tests/tests.gyp:dertimetest',
+            'cmd/tests/tests.gyp:encodeinttest',
+            'cmd/tests/tests.gyp:nonspr10',
+            'cmd/tests/tests.gyp:remtest',
+            'cmd/tests/tests.gyp:secmodtest',
+            'cmd/tstclnt/tstclnt.gyp:tstclnt',
+            'cmd/vfychain/vfychain.gyp:vfychain',
+            'cmd/vfyserv/vfyserv.gyp:vfyserv',
+            'gtests/der_gtest/der_gtest.gyp:der_gtest',
+            'gtests/freebl_gtest/freebl_gtest.gyp:prng_gtest',
+            'gtests/pk11_gtest/pk11_gtest.gyp:pk11_gtest',
+            'gtests/ssl_gtest/ssl_gtest.gyp:ssl_gtest',
+            'gtests/util_gtest/util_gtest.gyp:util_gtest',
+            'gtests/nss_bogo_shim/nss_bogo_shim.gyp:nss_bogo_shim',
+          ],
+          'conditions': [
+            [ 'OS=="linux"', {
+              'dependencies': [
+                'cmd/lowhashtest/lowhashtest.gyp:lowhashtest',
+              ],
+            }],
+            [ 'disable_libpkix==0', {
+              'dependencies': [
+                'cmd/pkix-errcodes/pkix-errcodes.gyp:pkix-errcodes',
+              ],
+            }],
+            [ 'test_build==1', {
+              'dependencies': [
+                'cmd/mpitests/mpitests.gyp:mpi_tests',
+                'gtests/freebl_gtest/freebl_gtest.gyp:freebl_gtest',
+              ],
+            }],
+          ],
+        },
+      ],
+    }],
+    [ 'sign_libs==1', {
+      'targets': [
+        {
+        'target_name': 'nss_sign_shared_libs',
+          'type': 'none',
+          'dependencies': [
+            'cmd/shlibsign/shlibsign.gyp:shlibsign',
+          ],
+          'actions': [
+            {
+          'action_name': 'shlibsign',
+              'msvs_cygwin_shell': 0,
+              'inputs': [
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)freebl3.<(dll_suffix)',
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)freeblpriv3.<(dll_suffix)',
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)nssdbm3.<(dll_suffix)',
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)softokn3.<(dll_suffix)',
+              ],
+              'outputs': [
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)freebl3.chk',
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)freeblpriv3.chk',
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)nssdbm3.chk',
+                '<(nss_dist_obj_dir)/lib/<(dll_prefix)softokn3.chk'
+              ],
+              'conditions': [
+                ['OS!="linux"', {
+                  'inputs/': [['exclude', 'freeblpriv']],
+                  'outputs/': [['exclude', 'freeblpriv']]
+                }],
+              ],
+              'action': ['<(python)', '<(DEPTH)/coreconf/shlibsign.py', '<@(_inputs)']
+            }
+          ],
+        },
+      ],
+    }],
+    [ 'fuzz_tls==1', {
+      'targets': [
+        {
+          'target_name': 'fuzz_warning',
+          'type': 'none',
+          'actions': [
+            {
+              'action_name': 'fuzz_warning',
+              'action': ['cat', 'fuzz/warning.txt'],
+              'inputs': ['fuzz/warning.txt'],
+              'ninja_use_console': 1,
+              'outputs': ['dummy'],
+            }
+          ],
+        },
+      ],
+    }],
+    [ 'fuzz==1', {
+      'targets': [
+        {
+          'target_name': 'fuzz',
+          'type': 'none',
+          'dependencies': [
+            'fuzz/fuzz.gyp:nssfuzz',
+          ],
+        },
+      ],
+    }],
+  ],
+}
diff --git a/nss/pkg/Makefile b/nss/pkg/Makefile
new file mode 100644
index 0000000..13c0910
--- /dev/null
+++ b/nss/pkg/Makefile
@@ -0,0 +1,27 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+DEPTH      = ../..
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+publish:
+ifeq ($(OS_TARGET),Linux)
+	rm -rf $(OBJDIR)
+	cp -r linux $(OBJDIR)
+	$(MAKE) -C $(OBJDIR) publish
+endif
+ifeq ($(OS_TARGET),SunOS)
+	rm -rf $(OBJDIR)
+	cp -r solaris $(OBJDIR)
+	$(MAKE) -C $(OBJDIR) publish
+endif
+
+clean::
+	rm -rf $(OBJDIR)
+
+include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/nss/pkg/linux/Makefile b/nss/pkg/linux/Makefile
new file mode 100644
index 0000000..21ecd28
--- /dev/null
+++ b/nss/pkg/linux/Makefile
@@ -0,0 +1,88 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+CORE_DEPTH = ../../..
+
+NAME        = sun-nss
+ifndef RPM_RELEASE
+RPM_RELEASE = 1
+endif
+VERSION     = `grep NSS_VERSION $(CORE_DEPTH)/../dist/public/nss/nss.h \
+		| head -1 \
+		| sed -e 's/[^"]*"//' -e 's/".*//' -e 's/ .*//'`
+PWD         = `pwd`
+BUILDROOT   = $(PWD)\/$(NAME)-root
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+# Force i386 for non 64 bit build
+ifneq ($(USE_64),1)
+	RPMTARGET = "--target=i386"
+	RPMLIBDIR = lib
+else
+	RPMLIBDIR = lib64
+endif
+
+
+publish:
+	$(MAKE) clean
+	mkdir -p SOURCES SRPMS RPMS BUILD
+	mkdir -p opt/sun/private/$(RPMLIBDIR) 
+	find $(CORE_DEPTH)/../dist/$(OBJDIR)/lib -type l \
+		\( -name "*.so" -o -name "*.chk" \) \
+	-exec cp {} opt/sun/private/$(RPMLIBDIR) \;
+	rm -f opt/sun/private/$(RPMLIBDIR)/libnspr4.so \
+	   opt/sun/private/$(RPMLIBDIR)/libplc4.so \
+	   opt/sun/private/$(RPMLIBDIR)/libplds4.so \
+	   opt/sun/private/$(RPMLIBDIR)/libjss*.so
+	mkdir -p opt/sun/private/bin
+	(cd $(CORE_DEPTH)/../dist/$(OBJDIR)/bin && tar cphf - \
+		certutil cmsutil crlutil modutil pk12util signtool \
+		signver ssltap addbuiltin ) | (cd opt/sun/private/bin && tar xvfBp -)
+	(cd $(CORE_DEPTH)/../dist/public && tar cphf - .) \
+		| (mkdir -p opt/sun/private/include && cd opt/sun/private/include && tar xvfBp -)
+	rm -rf opt/sun/private/include/seccmd
+	rm -rf opt/sun/private/include/dbm
+
+	tar czvf $(NAME)-$(VERSION).tar.gz opt 
+	echo "%define _topdir `pwd`" >temp.spec
+	sed -e "s/NAME_REPLACE/$(NAME)/" \
+		-e "s/VERSION_REPLACE/$(VERSION)/" \
+		-e "s/RELEASE_REPLACE/$(RPM_RELEASE)/" \
+	<$(NAME).spec >>temp.spec
+	echo "" >>temp.spec
+	echo "%files" >>temp.spec
+	echo "%defattr(-,root,root)" >>temp.spec
+	echo "%dir /opt" >>temp.spec
+	echo "%dir /opt/sun" >>temp.spec
+	echo "%dir /opt/sun/private" >>temp.spec
+	echo "%dir /opt/sun/private/$(RPMLIBDIR)" >>temp.spec
+	echo "%dir /opt/sun/private/bin" >>temp.spec
+	find opt \( -name "*.so" -o -name "*.chk" -o -type f \
+		-perm u=rwx,g=rx,o=rx \) | sed -e "s-^-/-" >>temp.spec
+	echo "" >>temp.spec
+	echo "%files devel" >>temp.spec
+	echo "%defattr(-,root,root)" >>temp.spec
+	echo "%dir /opt" >>temp.spec
+	echo "%dir /opt/sun" >>temp.spec
+	echo "%dir /opt/sun/private" >>temp.spec
+	echo "%dir /opt/sun/private/include" >>temp.spec
+	echo "%dir /opt/sun/private/include/nss" >>temp.spec
+	find opt -type f \( -name "*.h" \) \
+		| sed -e "s-^-/-" >>temp.spec
+	cp $(NAME)-$(VERSION).tar.gz SOURCES
+	rpmbuild $(RPMTARGET) -bb temp.spec
+
+clean::
+	rm -rf SOURCES SRPMS RPMS BUILD
+	rm -rf opt 
+	rm -f temp.spec
+	rm -f $(NAME)-$(VERSION).tar.gz
+
+include $(CORE_DEPTH)/coreconf/rules.mk
diff --git a/nss/pkg/linux/sun-nss.spec b/nss/pkg/linux/sun-nss.spec
new file mode 100644
index 0000000..7478322
--- /dev/null
+++ b/nss/pkg/linux/sun-nss.spec
@@ -0,0 +1,52 @@
+Summary: Network Security Services
+Name: NAME_REPLACE
+Vendor: Sun Microsystems, Inc.
+Version: VERSION_REPLACE
+Release: RELEASE_REPLACE
+Copyright: Copyright 2005 Sun Microsystems, Inc.  All rights reserved.  Use is subject to license terms.  Also under other license(s) as shown at the Description field.
+Distribution: Sun Java(TM) Enterprise System
+URL: http://www.sun.com
+Group: System Environment/Base
+Source: %{name}-%{version}.tar.gz
+ExclusiveOS: Linux
+BuildRoot: %_topdir/%{name}-root
+
+Requires: sun-nspr >= 4.1.2
+        
+%description
+Network Security Services (NSS) is a set of libraries designed
+to support cross-platform development of security-enabled server
+applications. Applications built with NSS can support SSL v2
+and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME,
+X.509 v3 certificates, and other security standards.  See:
+http://www.mozilla.org/projects/security/pki/nss/overview.html
+
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+%package devel
+Summary: Development Libraries for Network Security Services
+Group: Development/Libraries
+Requires: %{name} = %{version}-%{release}
+
+%define _unpackaged_files_terminate_build 0
+
+%description devel
+Header files for doing development with Network Security Services.
+
+Under "MPL/GPL" license.
+
+%prep
+%setup -c
+
+%build
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir $RPM_BUILD_ROOT
+cd $RPM_BUILD_ROOT
+tar xvzf $RPM_SOURCE_DIR/%{name}-%{version}.tar.gz
+
+%clean
+rm -rf $RPM_BUILD_ROOT
diff --git a/nss/pkg/pkg-config/nss-config.in b/nss/pkg/pkg-config/nss-config.in
new file mode 100644
index 0000000..438ec3e
--- /dev/null
+++ b/nss/pkg/pkg-config/nss-config.in
@@ -0,0 +1,145 @@
+#!/bin/sh
+
+prefix=@prefix@
+
+major_version=@MOD_MAJOR_VERSION@
+minor_version=@MOD_MINOR_VERSION@
+patch_version=@MOD_PATCH_VERSION@
+
+usage()
+{
+	cat <<EOF
+Usage: nss-config [OPTIONS] [LIBRARIES]
+Options:
+	[--prefix[=DIR]]
+	[--exec-prefix[=DIR]]
+	[--includedir[=DIR]]
+	[--libdir[=DIR]]
+	[--version]
+	[--libs]
+	[--cflags]
+Dynamic Libraries:
+	nss
+	nssutil
+	ssl
+	smime
+EOF
+	exit $1
+}
+
+if test $# -eq 0; then
+	usage 1 1>&2
+fi
+
+lib_ssl=yes
+lib_smime=yes
+lib_nss=yes
+lib_nssutil=yes
+
+while test $# -gt 0; do
+  case "$1" in
+  -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+  *) optarg= ;;
+  esac
+
+  case $1 in
+    --prefix=*)
+      prefix=$optarg
+      ;;
+    --prefix)
+      echo_prefix=yes
+      ;;
+    --exec-prefix=*)
+      exec_prefix=$optarg
+      ;;
+    --exec-prefix)
+      echo_exec_prefix=yes
+      ;;
+    --includedir=*)
+      includedir=$optarg
+      ;;
+    --includedir)
+      echo_includedir=yes
+      ;;
+    --libdir=*)
+      libdir=$optarg
+      ;;
+    --libdir)
+      echo_libdir=yes
+      ;;
+    --version)
+      echo ${major_version}.${minor_version}.${patch_version}
+      ;;
+    --cflags)
+      echo_cflags=yes
+      ;;
+    --libs)
+      echo_libs=yes
+      ;;
+    ssl)
+      lib_ssl=yes
+      ;;
+    smime)
+      lib_smime=yes
+      ;;
+    nss)
+      lib_nss=yes
+      ;;
+    nssutil)
+      lib_nssutil=yes
+      ;;
+    *)
+      usage 1 1>&2
+      ;;
+  esac
+  shift
+done
+
+# Set variables that may be dependent upon other variables
+if test -z "$exec_prefix"; then
+    exec_prefix=`pkg-config --variable=exec_prefix nss`
+fi
+if test -z "$includedir"; then
+    includedir=`pkg-config --variable=includedir nss`
+fi
+if test -z "$libdir"; then
+    libdir=`pkg-config --variable=libdir nss`
+fi
+
+if test "$echo_prefix" = "yes"; then
+    echo $prefix
+fi
+
+if test "$echo_exec_prefix" = "yes"; then
+    echo $exec_prefix
+fi
+
+if test "$echo_includedir" = "yes"; then
+    echo $includedir
+fi
+
+if test "$echo_libdir" = "yes"; then
+    echo $libdir
+fi
+
+if test "$echo_cflags" = "yes"; then
+    echo -I$includedir
+fi
+
+if test "$echo_libs" = "yes"; then
+      libdirs="-Wl,-rpath-link,$libdir -L$libdir"
+      if test -n "$lib_ssl"; then
+	libdirs="$libdirs -lssl${major_version}"
+      fi
+      if test -n "$lib_smime"; then
+	libdirs="$libdirs -lsmime${major_version}"
+      fi
+      if test -n "$lib_nss"; then
+	libdirs="$libdirs -lnss${major_version}"
+      fi
+      if test -n "$lib_nssutil"; then
+	libdirs="$libdirs -lnssutil${major_version}"
+      fi
+      echo $libdirs
+fi
+
diff --git a/nss/pkg/pkg-config/nss.pc.in b/nss/pkg/pkg-config/nss.pc.in
new file mode 100644
index 0000000..42cca9f
--- /dev/null
+++ b/nss/pkg/pkg-config/nss.pc.in
@@ -0,0 +1,11 @@
+prefix=%prefix%
+exec_prefix=%exec_prefix%
+libdir=%libdir%
+includedir=%includedir%
+
+Name: NSS
+Description: Network Security Services
+Version: %NSS_VERSION%
+Requires: nspr >= %NSPR_VERSION%
+Libs: -L${libdir} -lssl3 -lsmime3 -lnss3 -lnssutil3
+Cflags: -I${includedir}
diff --git a/nss/pkg/solaris/Makefile b/nss/pkg/solaris/Makefile
new file mode 100644
index 0000000..739e0d9
--- /dev/null
+++ b/nss/pkg/solaris/Makefile
@@ -0,0 +1,91 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+CORE_DEPTH = ../../..
+
+%: %.ksh
+	$(RM) $@
+	cp $< $@
+	chmod +x $@
+
+HEADER_DIR = public/nss
+
+DIRS = \
+	SUNWtls \
+	SUNWtlsu \
+	SUNWtlsd
+
+include Makefile.com
+
+PROTO = \
+	$(ROOT) \
+	$(ROOT)/usr/lib/mps \
+	$(ROOT)/usr/include/mps \
+	$(ROOT)/usr/sfw/bin
+
+ifeq ($(MACH), sparc)
+	PROTO += $(ROOT)/usr/lib/mps/sparcv9 \
+	$(ROOT)/usr/sfw/bin/sparcv9
+endif
+
+ifeq ($(USE_64), 1)
+ifeq ($(MACH), sparc)
+# Sparc
+	PROTO += $(ROOT)/usr/lib/mps/sparcv9 \
+	$(ROOT)/usr/sfw/bin/sparcv9
+else
+# AMD64
+	PROTO += $(ROOT)/usr/lib/mps/amd64 \
+	$(ROOT)/usr/sfw/bin/amd64
+endif
+	DIST64 = $(DIST)
+	DIST32 = $(shell echo $(DIST) | sed -e "s|_64_OPT|_OPT|g" -e "s|_64_DBG|_DBG|g")
+else
+	DIST32 = $(DIST)
+	DIST64 = $(shell echo $(DIST) | sed -e "s|_OPT|_64_OPT|g" -e "s|_DBG|_64_DBG|g")
+endif
+
+awk_pkginfo: bld_awk_pkginfo
+	./bld_awk_pkginfo -m $(MACH) -p "$(PRODUCT_VERSION)" -o $@ -v $(PRODUCT_VERSION)
+
+all:: awk_pkginfo $(PROTO)
+publish: awk_pkginfo $(PROTO)
+	+$(LOOP_OVER_DIRS)
+
+clean clobber::
+	$(RM) awk_pkginfo bld_awk_pkginfo
+	$(RM) -r $(ROOT)
+
+$(ROOT):
+	mkdir -p $@
+
+$(ROOT)/usr/lib/mps:
+	mkdir -p $@
+	$(CP) -r $(DIST32)/lib/*.so $@
+	$(CP) -r $(DIST32)/lib/*.chk $@
+$(ROOT)/usr/sfw/bin:
+	mkdir -p $@
+	-$(CP) -r $(DIST32)/bin/* $@
+$(ROOT)/usr/include/mps:
+	mkdir -p $@
+	$(CP) -r $(SOURCE_PREFIX)/$(HEADER_DIR)/*.h $@
+$(ROOT)/usr/lib/mps/sparcv9:
+	mkdir -p $@
+	$(CP) -r $(DIST64)/lib/*.so $@
+	$(CP) -r $(DIST64)/lib/*.chk $@
+$(ROOT)/usr/sfw/bin/sparcv9:
+	mkdir -p $@
+	$(CP) -r $(DIST64)/bin/* $@
+$(ROOT)/usr/lib/mps/amd64:
+	mkdir -p $@
+	$(CP) -r $(DIST64)/lib/*.so $@
+	$(CP) -r $(DIST64)/lib/*.chk $@
+$(ROOT)/usr/sfw/bin/amd64:
+	mkdir -p $@
+	$(CP) -r $(DIST64)/bin/* $@
diff --git a/nss/pkg/solaris/Makefile-devl.com b/nss/pkg/solaris/Makefile-devl.com
new file mode 100755
index 0000000..752be85
--- /dev/null
+++ b/nss/pkg/solaris/Makefile-devl.com
@@ -0,0 +1,37 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+MACH = $(shell mach)
+
+PUBLISH_ROOT = $(DIST)
+ifeq ($(CORE_DEPTH),../../..)
+ROOT = ROOT
+else
+ROOT = $(subst ../../../,,$(CORE_DEPTH))/ROOT
+endif
+
+PKGARCHIVE = $(PUBLISH_ROOT)/pkgarchive
+DATAFILES = copyright
+FILES = $(DATAFILES) pkginfo
+
+
+PACKAGE = $(shell basename `pwd`)
+
+PRODUCT_VERSION = $(shell grep NSS_VERSION $(CORE_DEPTH)/nss/lib/nss/nss.h \
+    | head -1 \
+    | sed -e 's/"$$//' -e 's/.*"//' -e 's/ .*//')
+
+LN = /usr/bin/ln
+
+CLOBBERFILES = $(FILES)
+
+include $(CORE_DEPTH)/coreconf/config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+# vim: ft=make
diff --git a/nss/pkg/solaris/Makefile-devl.targ b/nss/pkg/solaris/Makefile-devl.targ
new file mode 100755
index 0000000..bd3a206
--- /dev/null
+++ b/nss/pkg/solaris/Makefile-devl.targ
@@ -0,0 +1,28 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+pkginfo: pkginfo.tmpl ../awk_pkginfo
+	$(RM) $@; nawk -f ../awk_pkginfo $@.tmpl > $@
+
+pkg: $(PKGARCHIVE) prototype
+	pkgmk -f prototype -d $(PKGARCHIVE) -r $(ROOT) -o $(PACKAGE)
+
+$(PKGARCHIVE):
+	[ -d $(PKGARCHIVE) ] || mkdir -p $(PKGARCHIVE)
+
+$(DATAFILES):: %: ../common_files/%
+	$(RM) $@; cp ../common_files/$@ $@
+
+$(MACHDATAFILES): %: ../common_files/%_$(MACH)
+	$(RM) $@; cp ../common_files/$@_$(MACH) $@
+
+clobber clean::
+	-$(RM) $(CLOBBERFILES) $(CLEANFILES)
+
+.PHONY: pkg
diff --git a/nss/pkg/solaris/Makefile-tlsu.com b/nss/pkg/solaris/Makefile-tlsu.com
new file mode 100755
index 0000000..752be85
--- /dev/null
+++ b/nss/pkg/solaris/Makefile-tlsu.com
@@ -0,0 +1,37 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+MACH = $(shell mach)
+
+PUBLISH_ROOT = $(DIST)
+ifeq ($(CORE_DEPTH),../../..)
+ROOT = ROOT
+else
+ROOT = $(subst ../../../,,$(CORE_DEPTH))/ROOT
+endif
+
+PKGARCHIVE = $(PUBLISH_ROOT)/pkgarchive
+DATAFILES = copyright
+FILES = $(DATAFILES) pkginfo
+
+
+PACKAGE = $(shell basename `pwd`)
+
+PRODUCT_VERSION = $(shell grep NSS_VERSION $(CORE_DEPTH)/nss/lib/nss/nss.h \
+    | head -1 \
+    | sed -e 's/"$$//' -e 's/.*"//' -e 's/ .*//')
+
+LN = /usr/bin/ln
+
+CLOBBERFILES = $(FILES)
+
+include $(CORE_DEPTH)/coreconf/config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+# vim: ft=make
diff --git a/nss/pkg/solaris/Makefile-tlsu.targ b/nss/pkg/solaris/Makefile-tlsu.targ
new file mode 100755
index 0000000..2496580
--- /dev/null
+++ b/nss/pkg/solaris/Makefile-tlsu.targ
@@ -0,0 +1,36 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+include ../proto64.mk
+
+pkginfo: pkginfo.tmpl ../awk_pkginfo
+	$(RM) $@; nawk -f ../awk_pkginfo $@.tmpl > $@
+
+prototype:  prototype_com prototype_$(MACH)
+	cat prototype_$(MACH) |  sed -e \
+'/^!include[    ][  ]*prototype_com/ r ./prototype_com' \
+-e 's/^!include[    ][  ]*prototype_com//g' \
+ | sed $(sed_proto64) >prototype
+
+pkg: $(PKGARCHIVE) prototype
+	pkgmk -f prototype -d $(PKGARCHIVE) -r $(ROOT) -o $(PACKAGE)
+
+$(PKGARCHIVE):
+	[ -d $(PKGARCHIVE) ] || mkdir -p $(PKGARCHIVE)
+
+$(DATAFILES):: %: ../common_files/%
+	$(RM) $@; cp ../common_files/$@ $@
+
+$(MACHDATAFILES): %: ../common_files/%_$(MACH)
+	$(RM) $@; cp ../common_files/$@_$(MACH) $@
+
+clobber clean::
+	-$(RM) $(CLOBBERFILES) $(CLEANFILES)
+
+.PHONY: pkg
diff --git a/nss/pkg/solaris/Makefile.com b/nss/pkg/solaris/Makefile.com
new file mode 100644
index 0000000..6ac2d8a
--- /dev/null
+++ b/nss/pkg/solaris/Makefile.com
@@ -0,0 +1,37 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+MACH = $(shell mach)
+
+PUBLISH_ROOT = $(DIST)
+ifeq ($(CORE_DEPTH),../../..)
+ROOT = ROOT
+else
+ROOT = $(subst ../../../,,$(CORE_DEPTH))/ROOT
+endif
+
+PKGARCHIVE = $(PUBLISH_ROOT)/pkgarchive
+DATAFILES = copyright
+FILES = $(DATAFILES) pkginfo prototype
+
+PACKAGE = $(shell basename `pwd`)
+
+PRODUCT_VERSION = $(shell grep NSS_VERSION $(CORE_DEPTH)/../dist/public/nss/nss.h \
+	| head -1 \
+	| sed -e 's/[^"]*"//' -e 's/".*//' -e 's/ .*//')
+
+LN = /usr/bin/ln
+CP = /usr/bin/cp
+
+CLOBBERFILES = $(FILES)
+
+include $(CORE_DEPTH)/coreconf/config.mk
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+# vim: ft=make
diff --git a/nss/pkg/solaris/Makefile.targ b/nss/pkg/solaris/Makefile.targ
new file mode 100644
index 0000000..2496580
--- /dev/null
+++ b/nss/pkg/solaris/Makefile.targ
@@ -0,0 +1,36 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+include ../proto64.mk
+
+pkginfo: pkginfo.tmpl ../awk_pkginfo
+	$(RM) $@; nawk -f ../awk_pkginfo $@.tmpl > $@
+
+prototype:  prototype_com prototype_$(MACH)
+	cat prototype_$(MACH) |  sed -e \
+'/^!include[    ][  ]*prototype_com/ r ./prototype_com' \
+-e 's/^!include[    ][  ]*prototype_com//g' \
+ | sed $(sed_proto64) >prototype
+
+pkg: $(PKGARCHIVE) prototype
+	pkgmk -f prototype -d $(PKGARCHIVE) -r $(ROOT) -o $(PACKAGE)
+
+$(PKGARCHIVE):
+	[ -d $(PKGARCHIVE) ] || mkdir -p $(PKGARCHIVE)
+
+$(DATAFILES):: %: ../common_files/%
+	$(RM) $@; cp ../common_files/$@ $@
+
+$(MACHDATAFILES): %: ../common_files/%_$(MACH)
+	$(RM) $@; cp ../common_files/$@_$(MACH) $@
+
+clobber clean::
+	-$(RM) $(CLOBBERFILES) $(CLEANFILES)
+
+.PHONY: pkg
diff --git a/nss/pkg/solaris/SUNWtls/Makefile b/nss/pkg/solaris/SUNWtls/Makefile
new file mode 100644
index 0000000..65098a5
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtls/Makefile
@@ -0,0 +1,18 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+CORE_DEPTH = ../../../..
+include ../Makefile.com
+
+DATAFILES +=
+
+all:: $(FILES)
+publish:: all pkg
+
+include ../Makefile.targ
diff --git a/nss/pkg/solaris/SUNWtls/pkgdepend b/nss/pkg/solaris/SUNWtls/pkgdepend
new file mode 100644
index 0000000..eb881ce
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtls/pkgdepend
@@ -0,0 +1,30 @@
+# Copyright 2005 Microsystems, Inc.  All Rights Reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This package information file defines software dependencies associated
+# with the pkg.  You can define three types of pkg dependencies with this file:
+#	 P indicates a prerequisite for installation
+#	 I indicates an incompatible package
+#	 R indicates a reverse dependency
+# <pkg.abbr> see pkginfo(4), PKG parameter
+# <name> see pkginfo(4), NAME parameter
+# <version> see pkginfo(4), VERSION parameter
+# <arch> see pkginfo(4), ARCH parameter
+# <type> <pkg.abbr> <name>
+# 	(<arch>)<version>
+# 	(<arch>)<version>
+# 	...
+# <type> <pkg.abbr> <name>
+# ...
+
+P SUNWcar	Core Architecture, (Root)
+P SUNWkvm	Core Architecture, (Kvm)
+P SUNWcsr	Core Solaris, (Root)
+P SUNWcsu	Core Solaris, (Usr)
+P SUNWcsd	Core Solaris Devices
+P SUNWcsl	Core Solaris Libraries
+P SUNWpr	Netscape Portable Runtime
diff --git a/nss/pkg/solaris/SUNWtls/pkginfo.tmpl b/nss/pkg/solaris/SUNWtls/pkginfo.tmpl
new file mode 100644
index 0000000..748c067
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtls/pkginfo.tmpl
@@ -0,0 +1,35 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file describes characteristics of the
+# package, such as package abbreviation, full package name, package version,
+# and package architecture.
+#
+PKG="SUNWtls"
+NAME="Network Security Services"
+ARCH="ISA"
+VERSION="NSSVERS,REV=0.0.0"
+SUNW_PRODNAME="Network Security Services"
+SUNW_PRODVERS="RELEASE/VERSION"
+SUNW_PKGTYPE="usr"
+MAXINST="1000"
+CATEGORY="system"
+DESC="Network Security Services"
+VENDOR="Sun Microsystems, Inc."
+HOTLINE="Please contact your local service provider"
+EMAIL=""
+CLASSES="none"
+BASEDIR=/
+SUNW_PKGVERS="1.0"
+#VSTOCK="<reserved by Release Engineering for package part #>"
+#ISTATES="<developer defined>"
+#RSTATES='<developer defined>'
+#ULIMIT="<developer defined>"
+#ORDER="<developer defined>"
+#PSTAMP="<developer defined>"
+#INTONLY="<developer defined>"
diff --git a/nss/pkg/solaris/SUNWtls/prototype_com b/nss/pkg/solaris/SUNWtls/prototype_com
new file mode 100644
index 0000000..9e47bcf
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtls/prototype_com
@@ -0,0 +1,43 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file contains a list of package contents.
+# The 'pkgmk' command uses this file to identify the contents of a package
+# and their location on the development machine when building the package.
+# Can be created via a text editor or through use of the 'pkgproto' command.
+
+#!search <pathname pathname ...>	# where to find pkg objects
+#!include <filename>			# include another 'prototype' file
+#!default <mode> <owner> <group>	# default used if not specified on entry
+#!<param>=<value>			# puts parameter in pkg environment
+
+# packaging files
+i copyright
+i pkginfo
+i depend=pkgdepend
+#
+# source locations relative to the prototype file
+#
+# SUNWtls
+#
+d none usr 755 root sys
+d none usr/lib 755 root bin
+d none usr/lib/mps 755 root bin
+d none usr/lib/mps/secv1 755 root bin
+f none usr/lib/mps/libnss3.so 755 root bin
+f none usr/lib/mps/libsmime3.so 755 root bin
+f none usr/lib/mps/libssl3.so 755 root bin
+f none usr/lib/mps/libnssckbi.so 755 root bin
+f none usr/lib/mps/libsoftokn3.chk 755 root bin
+f none usr/lib/mps/libsoftokn3.so 755 root bin
+s none usr/lib/mps/secv1/libnss3.so=../libnss3.so
+s none usr/lib/mps/secv1/libsmime3.so=../libsmime3.so
+s none usr/lib/mps/secv1/libssl3.so=../libssl3.so
+s none usr/lib/mps/secv1/libnssckbi.so=../libnssckbi.so
+s none usr/lib/mps/secv1/libsoftokn3.chk=../libsoftokn3.chk
+s none usr/lib/mps/secv1/libsoftokn3.so=../libsoftokn3.so
diff --git a/nss/pkg/solaris/SUNWtls/prototype_i386 b/nss/pkg/solaris/SUNWtls/prototype_i386
new file mode 100644
index 0000000..a0fb77e
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtls/prototype_i386
@@ -0,0 +1,56 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file contains a list of package contents.
+# The 'pkgmk' command uses this file to identify the contents of a package
+# and their location on the development machine when building the package.
+# Can be created via a text editor or through use of the 'pkgproto' command.
+
+#!search <pathname pathname ...>	# where to find pkg objects
+#!include <filename>			# include another 'prototype' file
+#!default <mode> <owner> <group>	# default used if not specified on entry
+#!<param>=<value>			# puts parameter in pkg environment
+
+#
+# Include ISA independent files (prototype_com)
+#
+!include prototype_com
+#
+#
+#
+# List files which are i386 specific here
+#
+# source locations relative to the prototype file
+#
+#
+# SUNWtls
+#
+f none usr/lib/mps/libfreebl3.chk 755 root bin
+f none usr/lib/mps/libfreebl3.so 755 root bin
+s none usr/lib/mps/secv1/libfreebl3.chk=../libfreebl3.chk
+s none usr/lib/mps/secv1/libfreebl3.so=../libfreebl3.so
+#64#s none usr/lib/mps/64=amd64
+#64#s none usr/lib/mps/secv1/64=amd64
+#64#d none usr/lib/mps/amd64 755 root bin
+#64#d none usr/lib/mps/secv1/amd64 755 root bin
+#64#f none usr/lib/mps/amd64/libnss3.so 755 root bin
+#64#f none usr/lib/mps/amd64/libsmime3.so 755 root bin
+#64#f none usr/lib/mps/amd64/libssl3.so 755 root bin
+#64#f none usr/lib/mps/amd64/libnssckbi.so 755 root bin
+#64#f none usr/lib/mps/amd64/libsoftokn3.chk 755 root bin
+#64#f none usr/lib/mps/amd64/libsoftokn3.so 755 root bin
+#64#f none usr/lib/mps/amd64/libfreebl3.chk 755 root bin
+#64#f none usr/lib/mps/amd64/libfreebl3.so 755 root bin
+#64#s none usr/lib/mps/secv1/amd64/libnss3.so=../../amd64/libnss3.so
+#64#s none usr/lib/mps/secv1/amd64/libsmime3.so=../../amd64/libsmime3.so
+#64#s none usr/lib/mps/secv1/amd64/libssl3.so=../../amd64/libssl3.so
+#64#s none usr/lib/mps/secv1/amd64/libnssckbi.so=../../amd64/libnssckbi.so
+#64#s none usr/lib/mps/secv1/amd64/libsoftokn3.chk=../../amd64/libsoftokn3.chk
+#64#s none usr/lib/mps/secv1/amd64/libsoftokn3.so=../../amd64/libsoftokn3.so
+#64#s none usr/lib/mps/secv1/amd64/libfreebl3.chk=../../amd64/libfreebl3.chk
+#64#s none usr/lib/mps/secv1/amd64/libfreebl3.so=../../amd64/libfreebl3.so
diff --git a/nss/pkg/solaris/SUNWtls/prototype_sparc b/nss/pkg/solaris/SUNWtls/prototype_sparc
new file mode 100644
index 0000000..b1dbc06
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtls/prototype_sparc
@@ -0,0 +1,69 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file contains a list of package contents.
+# The 'pkgmk' command uses this file to identify the contents of a package
+# and their location on the development machine when building the package.
+# Can be created via a text editor or through use of the 'pkgproto' command.
+
+#!search <pathname pathname ...>	# where to find pkg objects
+#!include <filename>			# include another 'prototype' file
+#!default <mode> <owner> <group>	# default used if not specified on entry
+#!<param>=<value>			# puts parameter in pkg environment
+
+#
+# Include ISA independent files (prototype_com)
+#
+!include prototype_com
+#
+#
+#
+# List files which are SPARC specific here
+#
+# source locations relative to the prototype file
+#
+#
+# SUNWtls
+#
+f none usr/lib/mps/libfreebl_32fpu_3.chk 755 root bin
+f none usr/lib/mps/libfreebl_32fpu_3.so 755 root bin
+f none usr/lib/mps/libfreebl_32int64_3.chk 755 root bin
+f none usr/lib/mps/libfreebl_32int64_3.so 755 root bin
+f none usr/lib/mps/libfreebl_32int_3.chk 755 root bin
+f none usr/lib/mps/libfreebl_32int_3.so 755 root bin
+s none usr/lib/mps/secv1/libfreebl_32fpu_3.chk=../libfreebl_32fpu_3.chk
+s none usr/lib/mps/secv1/libfreebl_32fpu_3.so=../libfreebl_32fpu_3.so
+s none usr/lib/mps/secv1/libfreebl_32int64_3.chk=../libfreebl_32int64_3.chk
+s none usr/lib/mps/secv1/libfreebl_32int64_3.so=../libfreebl_32int64_3.so
+s none usr/lib/mps/secv1/libfreebl_32int_3.chk=../libfreebl_32int_3.chk
+s none usr/lib/mps/secv1/libfreebl_32int_3.so=../libfreebl_32int_3.so
+#64#s none usr/lib/mps/64=sparcv9
+#64#s none usr/lib/mps/secv1/64=sparcv9
+#64#d none usr/lib/mps/sparcv9 755 root bin
+#64#d none usr/lib/mps/secv1/sparcv9 755 root bin
+#64#f none usr/lib/mps/sparcv9/libnss3.so 755 root bin
+#64#f none usr/lib/mps/sparcv9/libsmime3.so 755 root bin
+#64#f none usr/lib/mps/sparcv9/libssl3.so 755 root bin
+#64#f none usr/lib/mps/sparcv9/libnssckbi.so 755 root bin
+#64#f none usr/lib/mps/sparcv9/libsoftokn3.chk 755 root bin
+#64#f none usr/lib/mps/sparcv9/libsoftokn3.so 755 root bin
+#64#f none usr/lib/mps/sparcv9/libfreebl_64fpu_3.chk 755 root bin
+#64#f none usr/lib/mps/sparcv9/libfreebl_64fpu_3.so 755 root bin
+#64#f none usr/lib/mps/sparcv9/libfreebl_64int_3.chk 755 root bin
+#64#f none usr/lib/mps/sparcv9/libfreebl_64int_3.so 755 root bin
+#64#s none usr/lib/mps/secv1/sparcv9/libnss3.so=../../sparcv9/libnss3.so
+#64#s none usr/lib/mps/secv1/sparcv9/libsmime3.so=../../sparcv9/libsmime3.so
+#64#s none usr/lib/mps/secv1/sparcv9/libssl3.so=../../sparcv9/libssl3.so
+#64#s none usr/lib/mps/secv1/sparcv9/libnssckbi.so=../../sparcv9/libnssckbi.so
+#64#s none usr/lib/mps/secv1/sparcv9/libsoftokn3.chk=../../sparcv9/libsoftokn3.chk
+#64#s none usr/lib/mps/secv1/sparcv9/libsoftokn3.so=../../sparcv9/libsoftokn3.so
+#64#s none usr/lib/mps/secv1/sparcv9/libfreebl_64fpu_3.chk=../../sparcv9/libfreebl_64fpu_3.chk
+#64#s none usr/lib/mps/secv1/sparcv9/libfreebl_64fpu_3.so=../../sparcv9/libfreebl_64fpu_3.so
+#64#s none usr/lib/mps/secv1/sparcv9/libfreebl_64int_3.chk=../../sparcv9/libfreebl_64int_3.chk
+#64#s none usr/lib/mps/secv1/sparcv9/libfreebl_64int_3.so=../../sparcv9/libfreebl_64int_3.so
+
diff --git a/nss/pkg/solaris/SUNWtlsd/Makefile b/nss/pkg/solaris/SUNWtlsd/Makefile
new file mode 100755
index 0000000..ad6df89
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsd/Makefile
@@ -0,0 +1,18 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+CORE_DEPTH = ../../../..
+include ../Makefile-devl.com
+
+DATAFILES +=
+
+all:: $(FILES)
+publish:: all pkg
+
+include ../Makefile-devl.targ
diff --git a/nss/pkg/solaris/SUNWtlsd/pkgdepend b/nss/pkg/solaris/SUNWtlsd/pkgdepend
new file mode 100755
index 0000000..fa09880
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsd/pkgdepend
@@ -0,0 +1,25 @@
+# Copyright 2005 Microsystems, Inc.  All Rights Reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This package information file defines software dependencies associated
+# with the pkg.  You can define three types of pkg dependencies with this file:
+#	 P indicates a prerequisite for installation
+#	 I indicates an incompatible package
+#	 R indicates a reverse dependency
+# <pkg.abbr> see pkginfo(4), PKG parameter
+# <name> see pkginfo(4), NAME parameter
+# <version> see pkginfo(4), VERSION parameter
+# <arch> see pkginfo(4), ARCH parameter
+# <type> <pkg.abbr> <name>
+# 	(<arch>)<version>
+# 	(<arch>)<version>
+# 	...
+# <type> <pkg.abbr> <name>
+# ...
+
+P SUNWprd	Netscape Portable Runtime Development 
+P SUNWtls	Netscape Security Services 
diff --git a/nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl b/nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl
new file mode 100755
index 0000000..2569864
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsd/pkginfo.tmpl
@@ -0,0 +1,35 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file describes characteristics of the
+# package, such as package abbreviation, full package name, package version,
+# and package architecture.
+#
+PKG="SUNWtlsd"
+NAME="Network Security Services Development"
+ARCH="ISA"
+VERSION="NSSVERS,REV=0.0.0"
+SUNW_PRODNAME="Network Security Services Development"
+SUNW_PRODVERS="RELEASE/VERSION"
+SUNW_PKGTYPE="usr"
+MAXINST="1000"
+CATEGORY="system"
+DESC="Network Security Services Files for Development"
+VENDOR="Sun Microsystems, Inc."
+HOTLINE="Please contact your local service provider"
+EMAIL=""
+CLASSES="none"
+BASEDIR=/
+SUNW_PKGVERS="1.0"
+#VSTOCK="<reserved by Release Engineering for package part #>"
+#ISTATES="<developer defined>"
+#RSTATES='<developer defined>'
+#ULIMIT="<developer defined>"
+#ORDER="<developer defined>"
+#PSTAMP="<developer defined>"
+#INTONLY="<developer defined>"
diff --git a/nss/pkg/solaris/SUNWtlsd/prototype b/nss/pkg/solaris/SUNWtlsd/prototype
new file mode 100755
index 0000000..4d21919
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsd/prototype
@@ -0,0 +1,128 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file contains a list of package contents.
+# The 'pkgmk' command uses this file to identify the contents of a package
+# and their location on the development machine when building the package.
+# Can be created via a text editor or through use of the 'pkgproto' command.
+
+#!search <pathname pathname ...>	# where to find pkg objects
+#!include <filename>			# include another 'prototype' file
+#!default <mode> <owner> <group>	# default used if not specified on entry
+#!<param>=<value>			# puts parameter in pkg environment
+
+# packaging files
+i copyright
+i pkginfo
+i depend=pkgdepend
+#
+# source locations relative to the prototype file
+#
+# SUNWtlsd
+#
+d none usr 0755 root sys
+d none usr/include 0755 root bin
+d none usr/include/mps 0755 root bin
+f none usr/include/mps/base64.h 0644 root bin
+#f none usr/include/mps/blapi.h 0644 root bin
+f none usr/include/mps/blapit.h 0644 root bin
+f none usr/include/mps/cert.h 0644 root bin
+f none usr/include/mps/certdb.h 0644 root bin
+f none usr/include/mps/certt.h 0644 root bin
+f none usr/include/mps/ciferfam.h 0644 root bin
+f none usr/include/mps/cmmf.h 0644 root bin
+f none usr/include/mps/cmmft.h 0644 root bin
+f none usr/include/mps/cms.h 0644 root bin
+f none usr/include/mps/cmsreclist.h 0644 root bin
+f none usr/include/mps/cmst.h 0644 root bin
+f none usr/include/mps/crmf.h 0644 root bin
+f none usr/include/mps/crmft.h 0644 root bin
+f none usr/include/mps/cryptohi.h 0644 root bin
+f none usr/include/mps/cryptoht.h 0644 root bin
+f none usr/include/mps/ecl-exp.h 0644 root bin
+f none usr/include/mps/hasht.h 0644 root bin
+f none usr/include/mps/jar-ds.h 0644 root bin
+f none usr/include/mps/jar.h 0644 root bin
+f none usr/include/mps/jarfile.h 0644 root bin
+f none usr/include/mps/key.h 0644 root bin
+#f none usr/include/mps/keydbt.h 0644 root bin
+f none usr/include/mps/keyhi.h 0644 root bin
+#f none usr/include/mps/keylow.h 0644 root bin
+f none usr/include/mps/keyt.h 0644 root bin
+#f none usr/include/mps/keytboth.h 0644 root bin
+f none usr/include/mps/keythi.h 0644 root bin
+#f none usr/include/mps/keytlow.h 0644 root bin
+f none usr/include/mps/nss.h 0644 root bin
+f none usr/include/mps/nssb64.h 0644 root bin
+f none usr/include/mps/nssb64t.h 0644 root bin
+f none usr/include/mps/nssbase.h 0644 root bin
+f none usr/include/mps/nssbaset.h 0644 root bin
+f none usr/include/mps/nssckepv.h 0644 root bin
+f none usr/include/mps/nssckbi.h 0644 root bin
+f none usr/include/mps/nssckft.h 0644 root bin
+f none usr/include/mps/nssckfw.h 0644 root bin
+f none usr/include/mps/nssckfwc.h 0644 root bin
+f none usr/include/mps/nssckfwt.h 0644 root bin
+f none usr/include/mps/nssckg.h 0644 root bin
+f none usr/include/mps/nssckmdt.h 0644 root bin
+#f none usr/include/mps/nssckp.h 0644 root bin
+f none usr/include/mps/nssckt.h 0644 root bin
+#f none usr/include/mps/nsscku.h 0644 root bin
+f none usr/include/mps/nssilckt.h 0644 root bin
+f none usr/include/mps/nssilock.h 0644 root bin
+f none usr/include/mps/nsslocks.h 0644 root bin
+f none usr/include/mps/nssrwlk.h 0644 root bin
+f none usr/include/mps/nssrwlkt.h 0644 root bin
+f none usr/include/mps/ocsp.h 0644 root bin
+f none usr/include/mps/ocspt.h 0644 root bin
+f none usr/include/mps/p12.h 0644 root bin
+f none usr/include/mps/p12plcy.h 0644 root bin
+f none usr/include/mps/p12t.h 0644 root bin
+f none usr/include/mps/pk11func.h 0644 root bin
+f none usr/include/mps/pk11pqg.h 0644 root bin
+f none usr/include/mps/pk11sdr.h 0644 root bin
+f none usr/include/mps/pk11priv.h 0644 root bin
+f none usr/include/mps/pk11pub.h 0644 root bin
+f none usr/include/mps/pkcs11.h 0644 root bin
+f none usr/include/mps/pkcs11f.h 0644 root bin
+f none usr/include/mps/pkcs11p.h 0644 root bin
+f none usr/include/mps/pkcs11t.h 0644 root bin
+f none usr/include/mps/pkcs11u.h 0644 root bin
+f none usr/include/mps/pkcs11n.h 0644 root bin
+f none usr/include/mps/pkcs12.h 0644 root bin
+f none usr/include/mps/pkcs12t.h 0644 root bin
+f none usr/include/mps/pkcs7t.h 0644 root bin
+f none usr/include/mps/portreg.h 0644 root bin
+f none usr/include/mps/preenc.h 0644 root bin
+f none usr/include/mps/secasn1.h 0644 root bin
+f none usr/include/mps/secasn1t.h 0644 root bin
+f none usr/include/mps/seccomon.h 0644 root bin
+f none usr/include/mps/secder.h 0644 root bin
+f none usr/include/mps/secdert.h 0644 root bin
+f none usr/include/mps/secdig.h 0644 root bin
+f none usr/include/mps/secdigt.h 0644 root bin
+f none usr/include/mps/secerr.h 0644 root bin
+f none usr/include/mps/sechash.h 0644 root bin
+f none usr/include/mps/secitem.h 0644 root bin
+f none usr/include/mps/secmime.h 0644 root bin
+f none usr/include/mps/secmod.h 0644 root bin
+f none usr/include/mps/secmodt.h 0644 root bin
+f none usr/include/mps/secoid.h 0644 root bin
+f none usr/include/mps/secoidt.h 0644 root bin
+f none usr/include/mps/secpkcs5.h 0644 root bin
+f none usr/include/mps/secpkcs7.h 0644 root bin
+f none usr/include/mps/secport.h 0644 root bin
+#f none usr/include/mps/secrng.h 0644 root bin
+#f none usr/include/mps/secrngt.h 0644 root bin
+f none usr/include/mps/shsign.h 0644 root bin
+f none usr/include/mps/smime.h 0644 root bin
+f none usr/include/mps/ssl.h 0644 root bin
+f none usr/include/mps/sslerr.h 0644 root bin
+f none usr/include/mps/sslproto.h 0644 root bin
+f none usr/include/mps/sslt.h 0644 root bin
+f none usr/include/mps/utilrename.h 0644 root bin
diff --git a/nss/pkg/solaris/SUNWtlsu/Makefile b/nss/pkg/solaris/SUNWtlsu/Makefile
new file mode 100755
index 0000000..83f96a4
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsu/Makefile
@@ -0,0 +1,18 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+CORE_DEPTH = ../../../..
+include ../Makefile-tlsu.com
+
+DATAFILES +=
+
+all:: $(FILES)
+publish:: all pkg
+
+include ../Makefile-tlsu.targ
diff --git a/nss/pkg/solaris/SUNWtlsu/pkgdepend b/nss/pkg/solaris/SUNWtlsu/pkgdepend
new file mode 100755
index 0000000..e85e50d
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsu/pkgdepend
@@ -0,0 +1,24 @@
+# Copyright 2005 Microsystems, Inc.  All Rights Reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This package information file defines software dependencies associated
+# with the pkg.  You can define three types of pkg dependencies with this file:
+#	 P indicates a prerequisite for installation
+#	 I indicates an incompatible package
+#	 R indicates a reverse dependency
+# <pkg.abbr> see pkginfo(4), PKG parameter
+# <name> see pkginfo(4), NAME parameter
+# <version> see pkginfo(4), VERSION parameter
+# <arch> see pkginfo(4), ARCH parameter
+# <type> <pkg.abbr> <name>
+# 	(<arch>)<version>
+# 	(<arch>)<version>
+# 	...
+# <type> <pkg.abbr> <name>
+# ...
+
+P SUNWtls	Netscape Security Services 
diff --git a/nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl b/nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl
new file mode 100755
index 0000000..5ca1b70
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsu/pkginfo.tmpl
@@ -0,0 +1,35 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file describes characteristics of the
+# package, such as package abbreviation, full package name, package version,
+# and package architecture.
+#
+PKG="SUNWtlsu"
+NAME="Network Security Services Utilities"
+ARCH="ISA"
+VERSION="NSSVERS,REV=0.0.0"
+SUNW_PRODNAME="Network Security Services Utilities"
+SUNW_PRODVERS="RELEASE/VERSION"
+SUNW_PKGTYPE="usr"
+MAXINST="1000"
+CATEGORY="system"
+DESC="Network Security Services Utilities Programs"
+VENDOR="Sun Microsystems, Inc."
+HOTLINE="Please contact your local service provider"
+EMAIL=""
+CLASSES="none"
+BASEDIR=/
+SUNW_PKGVERS="1.0"
+#VSTOCK="<reserved by Release Engineering for package part #>"
+#ISTATES="<developer defined>"
+#RSTATES='<developer defined>'
+#ULIMIT="<developer defined>"
+#ORDER="<developer defined>"
+#PSTAMP="<developer defined>"
+#INTONLY="<developer defined>"
diff --git a/nss/pkg/solaris/SUNWtlsu/prototype_com b/nss/pkg/solaris/SUNWtlsu/prototype_com
new file mode 100755
index 0000000..981c99e
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsu/prototype_com
@@ -0,0 +1,39 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file contains a list of package contents.
+# The 'pkgmk' command uses this file to identify the contents of a package
+# and their location on the development machine when building the package.
+# Can be created via a text editor or through use of the 'pkgproto' command.
+
+#!search <pathname pathname ...>	# where to find pkg objects
+#!include <filename>			# include another 'prototype' file
+#!default <mode> <owner> <group>	# default used if not specified on entry
+#!<param>=<value>			# puts parameter in pkg environment
+
+# packaging files
+i copyright
+i pkginfo
+i depend=pkgdepend
+#
+# source locations relative to the prototype file
+#
+# SUNWtlsu
+#
+d none usr 0755 root sys
+d none usr/sfw 0755 root bin
+d none usr/sfw/bin 0755 root bin
+f none usr/sfw/bin/certutil 0755 root bin
+f none usr/sfw/bin/crlutil 0755 root bin
+f none usr/sfw/bin/cmsutil 0755 root bin
+f none usr/sfw/bin/modutil 0755 root bin
+f none usr/sfw/bin/pk12util 0755 root bin
+f none usr/sfw/bin/signtool 0755 root bin
+f none usr/sfw/bin/signver 0755 root bin
+f none usr/sfw/bin/ssltap 0755 root bin
+f none usr/sfw/bin/addbuiltin 0755 root bin
diff --git a/nss/pkg/solaris/SUNWtlsu/prototype_i386 b/nss/pkg/solaris/SUNWtlsu/prototype_i386
new file mode 100644
index 0000000..3c2ea13
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsu/prototype_i386
@@ -0,0 +1,44 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file contains a list of package contents.
+# The 'pkgmk' command uses this file to identify the contents of a package
+# and their location on the development machine when building the package.
+# Can be created via a text editor or through use of the 'pkgproto' command.
+
+#!search <pathname pathname ...>        # where to find pkg objects
+#!include <filename>                    # include another 'prototype' file
+#!default <mode> <owner> <group>        # default used if not specified on entry
+#!<param>=<value>                       # puts parameter in pkg environment
+
+#
+# Include ISA independent files (prototype_com)
+#
+!include prototype_com
+#
+#
+#
+# List files which are i386 specific here
+#
+# source locations relative to the prototype file
+#
+#
+# SUNWtlsu
+#
+#64#s none usr/sfw/bin/64=amd64
+#64#d none usr/sfw/bin/amd64 0755 root bin
+#64#f none usr/sfw/bin/amd64/certutil 0755 root bin
+#64#f none usr/sfw/bin/amd64/crlutil 0755 root bin
+#64#f none usr/sfw/bin/amd64/cmsutil 0755 root bin
+#64#f none usr/sfw/bin/amd64/modutil 0755 root bin
+#64#f none usr/sfw/bin/amd64/pk12util 0755 root bin
+#64#f none usr/sfw/bin/amd64/signtool 0755 root bin
+#64#f none usr/sfw/bin/amd64/signver 0755 root bin
+#64#f none usr/sfw/bin/amd64/ssltap 0755 root bin
+#64#f none usr/sfw/bin/amd64/addbuiltin 0755 root bin
+
diff --git a/nss/pkg/solaris/SUNWtlsu/prototype_sparc b/nss/pkg/solaris/SUNWtlsu/prototype_sparc
new file mode 100644
index 0000000..0f675a7
--- /dev/null
+++ b/nss/pkg/solaris/SUNWtlsu/prototype_sparc
@@ -0,0 +1,44 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This required package information file contains a list of package contents.
+# The 'pkgmk' command uses this file to identify the contents of a package
+# and their location on the development machine when building the package.
+# Can be created via a text editor or through use of the 'pkgproto' command.
+
+#!search <pathname pathname ...>        # where to find pkg objects
+#!include <filename>                    # include another 'prototype' file
+#!default <mode> <owner> <group>        # default used if not specified on entry
+#!<param>=<value>                       # puts parameter in pkg environment
+
+#
+# Include ISA independent files (prototype_com)
+#
+!include prototype_com
+#
+#
+#
+# List files which are SPARC specific here
+#
+# source locations relative to the prototype file
+#
+#
+# SUNWtlsu
+#
+#64#s none usr/sfw/bin/64=sparcv9
+#64#d none usr/sfw/bin/sparcv9 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/certutil 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/crlutil 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/cmsutil 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/modutil 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/pk12util 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/signtool 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/signver 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/ssltap 0755 root bin
+#64#f none usr/sfw/bin/sparcv9/addbuiltin 0755 root bin
+
diff --git a/nss/pkg/solaris/bld_awk_pkginfo.ksh b/nss/pkg/solaris/bld_awk_pkginfo.ksh
new file mode 100644
index 0000000..c3f0e30
--- /dev/null
+++ b/nss/pkg/solaris/bld_awk_pkginfo.ksh
@@ -0,0 +1,107 @@
+#!/usr/bin/ksh -p
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Simple script which builds the awk_pkginfo awk script.  This awk script
+# is used to convert the pkginfo.tmpl files into pkginfo files
+# for the build.
+#
+
+usage()
+{
+   cat <<-EOF
+usage: bld_awk_pkginfo -p <prodver> -m <mach> -o <awk_script> [-v <version>]
+EOF
+}
+
+#
+# Awk strings
+#
+# two VERSION patterns: one for Dewey decimal, one for Dewey plus ,REV=n
+# the first has one '=' the second has two or more '='
+#
+VERSION1="VERSION=[^=]*$"
+VERSION2="VERSION=[^=]*=.*$"
+PRODVERS="^SUNW_PRODVERS="
+ARCH='ARCH=\"ISA\"'
+
+#
+# parse command line
+#
+mach=""
+prodver=""
+awk_script=""
+version="NSSVERS"
+
+while getopts o:p:m:v: c
+do
+   case $c in
+   o)
+      awk_script=$OPTARG
+      ;;
+   m)
+      mach=$OPTARG
+      ;;
+   p)
+      prodver=$OPTARG
+      ;;
+   v)
+      version=$OPTARG
+      ;;
+   \?)
+      usage
+      exit 1
+      ;;
+   esac
+done
+
+if [[ ( -z $prodver ) || ( -z $mach ) || ( -z $awk_script ) ]]
+then
+   usage
+   exit 1
+fi
+
+if [[ -f $awk_script ]]
+then
+	rm -f $awk_script
+fi
+
+#
+# Build REV= field based on date
+#
+rev=$(date "+%Y.%m.%d.%H.%M")
+
+#
+# Build awk script which will process all the
+# pkginfo.tmpl files.
+#
+# the first VERSION pattern is replaced with a leading quotation mark
+#
+rm -f $awk_script
+cat << EOF > $awk_script
+/$VERSION1/ {
+      sub(/\=[^=]*$/,"=\"$rev\"")
+      print
+      next
+   }
+/$VERSION2/ {
+      sub(/\=[^=]*$/,"=$rev\"")
+      sub(/NSSVERS/,"$version")
+      print
+      next
+   }
+/$PRODVERS/ { 
+      printf "SUNW_PRODVERS=\"%s\"\n", "$prodver" 
+      next
+   }
+/$ARCH/ {
+      printf "ARCH=\"%s\"\n", "$mach"
+      next
+   }
+{ print }
+EOF
diff --git a/nss/pkg/solaris/common_files/copyright b/nss/pkg/solaris/common_files/copyright
new file mode 100644
index 0000000..c553490
--- /dev/null
+++ b/nss/pkg/solaris/common_files/copyright
@@ -0,0 +1,6 @@
+Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+Use is subject to license terms.
+
+This Source Code Form is subject to the terms of the Mozilla Public
+License, v. 2.0. If a copy of the MPL was not distributed with this
+file, You can obtain one at http://mozilla.org/MPL/2.0/.
diff --git a/nss/pkg/solaris/proto64.mk b/nss/pkg/solaris/proto64.mk
new file mode 100644
index 0000000..937b091
--- /dev/null
+++ b/nss/pkg/solaris/proto64.mk
@@ -0,0 +1,16 @@
+#
+# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+ifeq ($(USE_64), 1)
+  # Remove 64 tag
+  sed_proto64='s/\#64\#//g'
+else
+  # Strip 64 lines
+  sed_proto64='/\#64\#/d'
+endif
diff --git a/nss/readme.md b/nss/readme.md
new file mode 100644
index 0000000..8ffb64e
--- /dev/null
+++ b/nss/readme.md
@@ -0,0 +1,174 @@
+# Network Security Services
+
+Network Security Services (NSS) is a set of libraries designed to support
+cross-platform development of security-enabled client and server
+applications. NSS supports SSL v3-TLS 1.2 (experimental TLS 1.3), PKCS #5, PKCS#7,
+PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security
+standards.
+
+## Getting started
+
+In order to get started create a new directory on that you will be uses as your
+local work area, and check out NSS and NSPR. (Note that there's no git mirror of
+NSPR and you require mercurial to get the latest NSPR source.)
+
+    git clone https://github.com/nss-dev/nss.git
+    hg clone https://hg.mozilla.org/projects/nspr
+
+NSS can also be cloned with mercurial
+
+    hg clone https://hg.mozilla.org/projects/nss
+
+## Building NSS
+
+**This build system is under development. It does not yet support all the
+features or platforms that NSS supports. To build on anything other than Mac or
+Linux please use the legacy build system as described below.**
+
+Build requirements:
+
+* [gyp](https://gyp.gsrc.io/)
+* [ninja](https://ninja-build.org/)
+
+After changing into the NSS directory a typical build is done as follows
+
+    ./build.sh
+
+Once the build is done the build output is found in the directory
+`../dist/Debug` for debug builds and `../dist/Release` for opt builds.
+Exported header files can be found in the `include` directory, library files in
+directory `lib`, and tools in directory `bin`. In order to run the tools, set
+your system environment to use the libraries of your build from the "lib"
+directory, e.g., using the `LD_LIBRARY_PATH` or `DYLD_LIBRARY_PATH`.
+
+    Usage: build.sh [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
+                    [--test] [--fuzz] [--pprof] [--scan-build[=output]]
+                    [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
+                    [--ct-verif] [--disable-tests]
+
+    This script builds NSS with gyp and ninja.
+
+    This build system is still under development.  It does not yet support all
+    the features or platforms that NSS supports.
+
+    NSS build tool options:
+
+        -h               display this help and exit
+        -c               clean before build
+        -v               verbose build
+        -j <n>           run at most <n> concurrent jobs
+        --nspr           force a rebuild of NSPR
+        --gyp|-g         force a rerun of gyp
+        --opt|-o         do an opt build
+        -m32             do a 32-bit build on a 64-bit system
+        --test           ignore map files and export everything we have
+        --fuzz           enable fuzzing mode. this always enables test builds
+        --pprof          build with gperftool support
+        --ct-verif       build with valgrind for ct-verif
+        --scan-build     run the build with scan-build (scan-build has to be in the path)
+                         --scan-build=/out/path sets the output path for scan-build
+        --asan           do an asan build
+        --ubsan          do an ubsan build
+                         --ubsan=bool,shift,... sets specific UB sanitizers
+        --msan           do an msan build
+        --sancov         do sanitize coverage builds
+                         --sancov=func sets coverage to function level for example
+        --disable-tests  don't build tests and corresponding cmdline utils
+
+## Building NSS (legacy build system)
+
+After changing into the NSS directory a typical build of 32-bit NSS is done as
+follows:
+
+    make nss_build_all
+
+The following environment variables might be useful:
+
+* `BUILD_OPT=1` to get an optimised build
+
+* `USE_64=1` to get a 64-bit build (recommended)
+
+The complete list of environment variables can be found
+[here](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables).
+
+To clean the build directory run:
+
+    make nss_clean_all
+
+## Tests
+
+### Setup
+
+Make sure that the address `$HOST.$DOMSUF` on your computer is available. This
+is necessary because NSS tests generate certificates and establish TLS
+connections, which requires a fully qualified domain name.
+You can test this by
+calling `ping $HOST.$DOMSUF`. If this is working, you're all set.  If it's not,
+set or export:
+
+    HOST=nss
+    DOMSUF=local
+
+Note that you might have to add `nss.local` to `/etc/hosts` if it's not
+there. The entry should look something like `127.0.0.1 nss.local nss`.
+
+If you get name resolution errors, try to ensure that you are using an IPv4
+address; IPv6 is the default on many systems for the loopback device which
+doesn't work.
+
+### Running tests
+
+**Runnning all tests will take a while!**
+
+    cd tests
+    ./all.sh
+
+Make sure that all environment variables set for the build are set while running
+the tests as well.  Test results are published in the folder
+`../../test_results/`.
+
+Individual tests can be run with the `NSS_TESTS` environment variable,
+e.g. `NSS_TESTS=ssl_gtests ./all.sh` or by changing into the according directory
+and running the bash script there `cd ssl_gtests && ./ssl_gtests.sh`.  The
+following tests are available:
+
+    cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests bogo
+
+To make tests run faster it's recommended to set `NSS_CYCLES=standard` to run
+only the standard cycle.
+
+## Releases
+
+NSS releases can be found at [Mozilla's download
+server](https://ftp.mozilla.org/pub/security/nss/releases/). Because NSS depends
+on the base library NSPR you should download the archive that combines both NSS
+and NSPR.
+
+## Contributing
+
+[Bugzilla](https://bugzilla.mozilla.org/) is used to track NSS development and
+bugs. File new bugs in the NSS product.
+
+A list with good first bugs to start with are [listed
+here](https://bugzilla.mozilla.org/buglist.cgi?keywords=good-first-bug%2C%20&keywords_type=allwords&list_id=13238861&resolution=---&query_format=advanced&product=NSS).
+
+### NSS Folder Structure
+
+The nss directory contains the following important subdirectories:
+
+- `coreconf` contains the build logic.
+
+- `lib` contains all library code that is used to create the runtime libraries.
+
+- `cmd` contains a set of various tool programs that are built with NSS. Several
+  tools are general purpose and can be used to inspect and manipulate the
+  storage files that software using the NSS library creates and modifies. Other
+  tools are only used for testing purposes.
+
+- `test` and `gtests` contain the NSS test suite. While `test` contains shell
+  scripts to drive test programs in `cmd`, `gtests` holds a set of
+  [gtests](https://github.com/google/googletest).
+
+A more comprehensible overview of the NSS folder structure and API guidelines
+can be found
+[here](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_API_Guidelines).
diff --git a/nss/tests/README.txt b/nss/tests/README.txt
new file mode 100644
index 0000000..08088b5
--- /dev/null
+++ b/nss/tests/README.txt
@@ -0,0 +1,6 @@
+Hints for running the NSS test suite:
+
+- all.sh is used to run all tests
+
+- if your host is not registered with DNS you may use:
+  HOST=localhost DOMSUF=localdomain ./all.sh
diff --git a/nss/tests/all.sh b/nss/tests/all.sh
new file mode 100755
index 0000000..3c1f440
--- /dev/null
+++ b/nss/tests/all.sh
@@ -0,0 +1,312 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/all.sh
+#
+# Script to start selected available NSS QA suites on one machine
+# this script is called or sourced by NSS QA which runs on all required
+# platforms
+#
+# Needs to work on all Unix and Windows platforms
+#
+# Currently available NSS QA suites:
+# ----------------------------------
+#   cipher.sh    - tests NSS ciphers
+#   libpkix.sh   - tests PKIX functionality
+#   cert.sh      - exercises certutil and creates certs necessary for
+#                  all other tests
+#   dbtests.sh   - tests related to certificate databases
+#   tools.sh     - tests the majority of the NSS tools
+#   fips.sh      - tests basic functionallity of NSS in FIPS-compliant
+#                - mode
+#   sdr.sh       - tests NSS SDR
+#   crmf.sh      - CRMF/CMMF testing
+#   smime.sh     - S/MIME testing
+#   ssl.sh       - tests SSL V2 SSL V3 and TLS
+#   ocsp.sh      - OCSP testing
+#   merge.sh     - tests merging old and new shareable databases
+#   pkits.sh     - NIST/PKITS tests
+#   chains.sh    - PKIX cert chains tests
+#   dbupgrade.sh - upgrade databases to new shareable version (used
+#                  only in upgrade test cycle)
+#   memleak.sh   - memory leak testing (optional)
+#   ssl_gtests.sh- Gtest based unit tests for ssl
+#   gtests.sh    - Gtest based unit tests for everything else
+#   bogo.sh      - Bogo interop tests (disabled by default)
+#                  https://boringssl.googlesource.com/boringssl/+/master/ssl/test/PORTING.md
+#   interop.sh   - Interoperability tests (disabled by default)
+#                  https://github.com/ekr/tls_interop
+#
+# NSS testing is now devided to 4 cycles:
+# ---------------------------------------
+#   standard     - run test suites with defaults settings
+#   pkix         - run test suites with PKIX enabled
+#   upgradedb    - upgrade existing certificate databases to shareable
+#                  format (creates them if doesn't exist yet) and run
+#                  test suites with those databases
+#   sharedb      - run test suites with shareable database format
+#                  enabled (databases are created directly to this
+#                  format)
+#
+# Mandatory environment variables (to be set before testing):
+# -----------------------------------------------------------
+#   HOST         - test machine host name
+#   DOMSUF       - test machine domain name
+#
+# Optional environment variables to specify build to use:
+# -------------------------------------------------------
+#   BUILT_OPT    - use optimized/debug build
+#   USE_64       - use 64bit/32bit build
+#
+# Optional environment variables to enable specific NSS features:
+# ---------------------------------------------------------------
+#   NSS_DISABLE_ECC             - disable ECC
+#
+# Optional environment variables to select which cycles/suites to test:
+# ---------------------------------------------------------------------
+#   NSS_CYCLES     - list of cycles to run (separated by space
+#                    character)
+#                  - by default all cycles are tested
+#
+#   NSS_TESTS      - list of all test suites to run (separated by space
+#                    character, without trailing .sh)
+#                  - this list can be reduced for individual test cycles
+#
+#   NSS_SSL_TESTS  - list of ssl tests to run (see ssl.sh)
+#   NSS_SSL_RUN    - list of ssl sub-tests to run (see ssl.sh)
+#
+# Testing schema:
+# ---------------
+#                           all.sh                       ~  (main)
+#                              |                               |
+#          +------------+------------+-----------+       ~  run_cycles
+#          |            |            |           |             |
+#      standard       pkix       upgradedb     sharedb   ~  run_cycle_*
+#                       |                                      |
+#                +------+------+------+----->            ~  run_tests
+#                |      |      |      |                        |
+#              cert   tools   fips   ssl   ...           ~  . *.sh
+#
+# Special strings:
+# ----------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+# NOTE:
+# -----
+#   Unlike the old QA this is based on files sourcing each other
+#   This is done to save time, since a great portion of time is lost
+#   in calling and sourcing the same things multiple times over the
+#   network. Also, this way all scripts have all shell function
+#   available and a completely common environment
+#
+########################################################################
+
+############################## run_tests ###############################
+# run test suites defined in TESTS variable, skip scripts defined in
+# TESTS_SKIP variable
+########################################################################
+run_tests()
+{
+    for TEST in ${TESTS}
+    do
+        # NOTE: the spaces are important. If you don't include
+        # the spaces, then turning off ssl_gtests will also turn off ssl
+        # tests.
+        echo " ${TESTS_SKIP} " | grep " ${TEST} " > /dev/null
+        if [ $? -eq 0 ]; then
+            continue
+        fi
+
+        SCRIPTNAME=${TEST}.sh
+        echo "Running tests for ${TEST}"
+        echo "TIMESTAMP ${TEST} BEGIN: `date`"
+        (cd ${QADIR}/${TEST}; . ./${SCRIPTNAME} 2>&1)
+        echo "TIMESTAMP ${TEST} END: `date`"
+    done
+}
+
+########################## run_cycle_standard ##########################
+# run test suites with defaults settings (no PKIX, no sharedb)
+########################################################################
+run_cycle_standard()
+{
+    TEST_MODE=STANDARD
+
+    TESTS="${ALL_TESTS}"
+    TESTS_SKIP=
+
+    run_tests
+}
+
+############################ run_cycle_pkix ############################
+# run test suites with PKIX enabled
+########################################################################
+run_cycle_pkix()
+{
+    TEST_MODE=PKIX
+
+    TABLE_ARGS="bgcolor=cyan"
+    html_head "Testing with PKIX"
+    html "</TABLE><BR>"
+
+    HOSTDIR="${HOSTDIR}/pkix"
+    mkdir -p "${HOSTDIR}"
+    init_directories
+
+    NSS_ENABLE_PKIX_VERIFY="1"
+    export NSS_ENABLE_PKIX_VERIFY
+
+    TESTS="${ALL_TESTS}"
+    TESTS_SKIP="cipher dbtests sdr crmf smime merge multinit"
+    NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
+
+    run_tests
+}
+
+######################### run_cycle_upgrade_db #########################
+# upgrades certificate database to shareable format and run test suites
+# with those databases
+########################################################################
+run_cycle_upgrade_db()
+{
+    TEST_MODE=UPGRADE_DB
+
+    TABLE_ARGS="bgcolor=pink"
+    html_head "Testing with upgraded library"
+    html "</TABLE><BR>"
+
+    OLDHOSTDIR="${HOSTDIR}"
+    HOSTDIR="${HOSTDIR}/upgradedb"
+    mkdir -p "${HOSTDIR}"
+    init_directories
+
+    if [ -r "${OLDHOSTDIR}/cert.log" ]; then
+        DIRS="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server fips SDR server serverCA stapling tools/copydir cert.log cert.done tests.*"
+        for i in $DIRS
+        do
+            cp -r ${OLDHOSTDIR}/${i} ${HOSTDIR} #2> /dev/null
+        done
+    fi
+
+    # upgrade certs dbs to shared db
+    TESTS="dbupgrade"
+    TESTS_SKIP=
+
+    run_tests
+
+    NSS_DEFAULT_DB_TYPE="sql"
+    export NSS_DEFAULT_DB_TYPE
+
+    # run the subset of tests with the upgraded database
+    TESTS="${ALL_TESTS}"
+    TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains"
+
+    NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
+    NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
+
+    run_tests
+}
+
+########################## run_cycle_shared_db #########################
+# run test suites with certificate databases set to shareable format
+########################################################################
+run_cycle_shared_db()
+{
+    TEST_MODE=SHARED_DB
+
+    TABLE_ARGS="bgcolor=yellow"
+    html_head "Testing with shared library"
+    html "</TABLE><BR>"
+
+    HOSTDIR="${HOSTDIR}/sharedb"
+    mkdir -p "${HOSTDIR}"
+    init_directories
+
+    NSS_DEFAULT_DB_TYPE="sql"
+    export NSS_DEFAULT_DB_TYPE
+
+    # run the tests for native sharedb support
+    TESTS="${ALL_TESTS}"
+    TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
+
+    NSS_SSL_TESTS=`echo "${NSS_SSL_TESTS}" | sed -e "s/normal//g" -e "s/fips//g" -e "s/_//g"`
+    NSS_SSL_RUN=`echo "${NSS_SSL_RUN}" | sed -e "s/cov//g" -e "s/auth//g"`
+
+    run_tests
+}
+
+############################# run_cycles ###############################
+# run test cycles defined in CYCLES variable
+########################################################################
+run_cycles()
+{
+    for CYCLE in ${CYCLES}
+    do
+        case "${CYCLE}" in
+        "standard")
+            run_cycle_standard
+            ;;
+        "pkix")
+            if [ -z "$NSS_DISABLE_LIBPKIX" ]; then
+                run_cycle_pkix
+            fi
+            ;;
+        "upgradedb")
+            run_cycle_upgrade_db
+            ;;
+        "sharedb")
+            run_cycle_shared_db
+            ;;
+        esac
+        . ${ENV_BACKUP}
+    done
+}
+
+############################## main code ###############################
+
+cycles="standard pkix upgradedb sharedb"
+CYCLES=${NSS_CYCLES:-$cycles}
+
+tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
+TESTS=${NSS_TESTS:-$tests}
+
+ALL_TESTS=${TESTS}
+
+nss_ssl_tests="crl fips_normal normal_fips iopr policy"
+NSS_SSL_TESTS="${NSS_SSL_TESTS:-$nss_ssl_tests}"
+
+nss_ssl_run="cov auth stapling stress"
+NSS_SSL_RUN="${NSS_SSL_RUN:-$nss_ssl_run}"
+
+SCRIPTNAME=all.sh
+CLEANUP="${SCRIPTNAME}"
+cd `dirname $0`
+
+# all.sh should be the first one to try to source the init
+if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+    cd common
+    . ./init.sh
+fi
+
+# NOTE:
+# Lists of enabled tests and other settings are stored to ${ENV_BACKUP}
+# file and are are restored after every test cycle.
+
+ENV_BACKUP=${HOSTDIR}/env.sh
+env_backup > ${ENV_BACKUP}
+
+if [ "${O_CRON}" = "ON" ]; then
+    run_cycles >> ${LOGFILE}
+else
+    run_cycles | tee -a ${LOGFILE}
+fi
+
+SCRIPTNAME=all.sh
+
+. ${QADIR}/common/cleanup.sh
diff --git a/nss/tests/bogo/bogo.sh b/nss/tests/bogo/bogo.sh
new file mode 100755
index 0000000..8d6291d
--- /dev/null
+++ b/nss/tests/bogo/bogo.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# tests/bogo/bogo.sh
+#
+# Script to drive the ssl bogo interop unit tests
+#
+########################################################################
+
+bogo_init()
+{
+  SCRIPTNAME="bogo.sh"
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ] ; then
+    cd ../common
+    . ./init.sh
+  fi
+
+  mkdir -p "${HOSTDIR}/bogo"
+  cd "${HOSTDIR}/bogo"
+  BORING=${BORING:=boringssl}
+  if [ ! -d "$BORING" ]; then
+    git clone -q https://boringssl.googlesource.com/boringssl "$BORING"
+    git -C "$BORING" checkout -q 5ae416528a0e554aa4df91bdb1e03f75bfc03cd0
+  fi
+
+  SCRIPTNAME="bogo.sh"
+  html_head "bogo test"
+}
+
+bogo_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+cd "$(dirname "$0")"
+SOURCE_DIR="$PWD"/../..
+bogo_init
+(cd "$BORING"/ssl/test/runner;
+ GOPATH="$PWD" go test -pipe -shim-path "${BINDIR}"/nss_bogo_shim \
+	 -loose-errors -allow-unimplemented \
+	 -shim-config "${SOURCE_DIR}/gtests/nss_bogo_shim/config.json") \
+	 2>bogo.errors | tee bogo.log
+html_msg "${PIPESTATUS[0]}" 0 "Bogo" "Run successfully"
+grep -i 'FAILED\|Assertion failure' bogo.errors
+html_msg $? 1 "Bogo" "No failures"
+bogo_cleanup
diff --git a/nss/tests/cert/cert.sh b/nss/tests/cert/cert.sh
new file mode 100755
index 0000000..9b34557
--- /dev/null
+++ b/nss/tests/cert/cert.sh
@@ -0,0 +1,2012 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/cert/rcert.sh
+#
+# Certificate generating and handeling for NSS QA, can be included 
+# multiple times from all.sh and the individual scripts
+#
+# needs to work on all Unix and Windows platforms
+#
+# included from (don't expect this to be up to date)
+# --------------------------------------------------
+#   all.sh
+#   ssl.sh
+#   smime.sh
+#   tools.sh
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+# FIXME - Netscape - NSS
+########################################################################
+
+############################## cert_init ###############################
+# local shell function to initialize this script
+########################################################################
+cert_init()
+{
+  SCRIPTNAME="cert.sh"
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+  if [ -z "${INIT_SOURCED}" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ -z "${IOPR_CERT_SOURCED}" ]; then
+       . ../iopr/cert_iopr.sh
+  fi
+  SCRIPTNAME="cert.sh"
+  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      html_head "Certutil and Crlutil Tests with ECC"
+  else
+      html_head "Certutil and Crlutil Tests"
+  fi
+
+  LIBDIR="${DIST}/${OBJDIR}/lib"
+
+  ROOTCERTSFILE=`ls -1 ${LIBDIR}/*nssckbi* | head -1`
+  if [ ! "${ROOTCERTSFILE}" ] ; then
+      html_failed "Looking for root certs module." 
+      cert_log "ERROR: Root certs module not found."
+      Exit 5 "Fatal - Root certs module not found."
+  else
+      html_passed "Looking for root certs module."
+  fi
+
+  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+	ROOTCERTSFILE=`cygpath -m ${ROOTCERTSFILE}`
+  fi
+}
+
+cert_log() ######################    write the cert_status file
+{
+    echo "$SCRIPTNAME $*"
+    echo $* >>${CERT_LOG_FILE}
+}
+
+########################################################################
+# function wraps calls to pk12util, also: writes action and options
+# to stdout.
+# Params are the same as to pk12util.
+# Returns pk12util status
+#
+pk12u()
+{
+    echo "${CU_ACTION} --------------------------"
+
+    echo "pk12util $@"
+    ${BINDIR}/pk12util $@
+    RET=$?
+
+    return $RET
+}
+
+################################ certu #################################
+# local shell function to call certutil, also: writes action and options to
+# stdout, sets variable RET and writes results to the html file results
+########################################################################
+certu()
+{
+    echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
+    EXPECTED=${RETEXPECTED-0}
+
+    if [ -n "${CU_SUBJECT}" ]; then
+        #the subject of the cert contains blanks, and the shell 
+        #will strip the quotes off the string, if called otherwise...
+        echo "certutil -s \"${CU_SUBJECT}\" $*"
+        ${PROFTOOL} ${BINDIR}/certutil -s "${CU_SUBJECT}" $*
+        RET=$?
+        CU_SUBJECT=""
+    else
+        echo "certutil $*"
+        ${PROFTOOL} ${BINDIR}/certutil $*
+        RET=$?
+    fi
+    if [ "$RET" -ne "$EXPECTED" ]; then
+        CERTFAILED=$RET
+        html_failed "${CU_ACTION} ($RET=$EXPECTED) " 
+        cert_log "ERROR: ${CU_ACTION} failed $RET"
+    else
+        html_passed "${CU_ACTION}"
+    fi
+
+    return $RET
+}
+
+################################ crlu #################################
+# local shell function to call crlutil, also: writes action and options to
+# stdout, sets variable RET and writes results to the html file results
+########################################################################
+crlu()
+{
+    echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
+    
+    CRLUTIL="crlutil -q"
+    echo "$CRLUTIL $*"
+    ${PROFTOOL} ${BINDIR}/$CRLUTIL $*
+    RET=$?
+    if [ "$RET" -ne 0 ]; then
+        CRLFAILED=$RET
+        html_failed "${CU_ACTION} ($RET) " 
+        cert_log "ERROR: ${CU_ACTION} failed $RET"
+    else
+        html_passed "${CU_ACTION}"
+    fi
+
+    return $RET
+}
+
+################################ ocspr ##################################
+# local shell function to call ocsresp, also: writes action and options to
+# stdout, sets variable RET and writes results to the html file results
+#########################################################################
+ocspr()
+{
+    echo "$SCRIPTNAME: ${OR_ACTION} --------------------------"
+
+    OCSPRESP="ocspresp"
+    echo "$OCSPRESP $*"
+    ${PROFTOOL} ${BINDIR}/$OCSPRESP $*
+    RET=$?
+    if [ "$RET" -ne 0 ]; then
+        OCSPFAILED=$RET
+        html_failed "${OR_ACTION} ($RET) "
+        cert_log "ERROR: ${OR_ACTION} failed $RET"
+    else
+        html_passed "${OR_ACTION}"
+    fi
+
+    return $RET
+}
+
+modu()
+{
+    echo "$SCRIPTNAME: ${CU_ACTION} --------------------------"
+
+    MODUTIL="modutil"
+    echo "$MODUTIL $*"
+    # echo is used to press Enter expected by modutil
+    echo | ${BINDIR}/$MODUTIL $*
+    RET=$?
+    if [ "$RET" -ne 0 ]; then
+        MODFAILED=$RET
+        html_failed "${CU_ACTION} ($RET) " 
+        cert_log "ERROR: ${CU_ACTION} failed $RET"
+    else
+        html_passed "${CU_ACTION}"
+    fi
+
+    return $RET
+}
+
+############################# cert_init_cert ##########################
+# local shell function to initialize creation of client and server certs
+########################################################################
+cert_init_cert()
+{
+    CERTDIR="$1"
+    CERTNAME="$2"
+    CERTSERIAL="$3"
+    DOMAIN="$4"
+
+    if [ ! -d "${CERTDIR}" ]; then
+        mkdir -p "${CERTDIR}"
+    else
+        echo "$SCRIPTNAME: WARNING - ${CERTDIR} exists"
+    fi
+    cd "${CERTDIR}"
+    CERTDIR="."
+
+    PROFILEDIR=`cd ${CERTDIR}; pwd`
+    if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+        PROFILEDIR=`cygpath -m ${PROFILEDIR}`
+    fi
+    if [ -n "${MULTIACCESS_DBM}" ]; then
+	PROFILEDIR="multiaccess:${DOMAIN}"
+    fi
+
+    noise
+}
+
+############################# hw_acc #################################
+# local shell function to add hw accelerator modules to the db
+########################################################################
+hw_acc()
+{
+    HW_ACC_RET=0
+    HW_ACC_ERR=""
+    if [ -n "$O_HWACC" -a "$O_HWACC" = ON -a -z "$USE_64" ] ; then
+        echo "creating $CERTNAME s cert with hwaccelerator..."
+        #case $ACCELERATOR in
+        #rainbow)
+
+        echo "modutil -add rainbow -libfile /usr/lib/libcryptoki22.so "
+        echo "         -dbdir ${PROFILEDIR} 2>&1 "
+        echo | ${BINDIR}/modutil -add rainbow -libfile /usr/lib/libcryptoki22.so \
+            -dbdir ${PROFILEDIR} 2>&1 
+        if [ "$?" -ne 0 ]; then
+            echo "modutil -add rainbow failed in `pwd`"
+            HW_ACC_RET=1
+            HW_ACC_ERR="modutil -add rainbow"
+        fi
+    
+        echo "modutil -add ncipher "
+        echo "         -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so "
+        echo "         -dbdir ${PROFILEDIR} 2>&1 "
+        echo | ${BINDIR}/modutil -add ncipher \
+            -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so \
+            -dbdir ${PROFILEDIR} 2>&1 
+        if [ "$?" -ne 0 ]; then
+            echo "modutil -add ncipher failed in `pwd`"
+            HW_ACC_RET=`expr $HW_ACC_RET + 2`
+            HW_ACC_ERR="$HW_ACC_ERR,modutil -add ncipher"
+        fi
+        if [ "$HW_ACC_RET" -ne 0 ]; then
+            html_failed "Adding HW accelerators to certDB for ${CERTNAME} ($HW_ACC_RET) " 
+        else
+            html_passed "Adding HW accelerators to certDB for ${CERTNAME}"
+        fi
+
+    fi
+    return $HW_ACC_RET
+}
+
+############################# cert_create_cert #########################
+# local shell function to create client certs 
+#     initialize DB, import
+#     root cert
+#     add cert to DB
+########################################################################
+cert_create_cert()
+{
+    cert_init_cert "$1" "$2" "$3" "$4"
+
+    CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
+    certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+    if [ "$RET" -ne 0 ]; then
+        return $RET
+    fi
+
+    CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB"
+    modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1   
+    if [ "$RET" -ne 0 ]; then
+        return $RET
+    fi
+
+    hw_acc
+
+    CU_ACTION="Import Root CA for $CERTNAME"
+    certu -A -n "TestCA" -t "TC,TC,TC" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${R_CADIR}/TestCA.ca.cert" 2>&1
+    if [ "$RET" -ne 0 ]; then
+        return $RET
+    fi
+
+	CU_ACTION="Import DSA Root CA for $CERTNAME"
+	certu -A -n "TestCA-dsa" -t "TC,TC,TC" -f "${R_PWFILE}" \
+	    -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-dsa.ca.cert" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
+	CU_ACTION="Import EC Root CA for $CERTNAME"
+	certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
+	    -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+    fi
+
+    cert_add_cert "$5"
+    return $?
+}
+
+############################# cert_add_cert ############################
+# local shell function to add client certs to an existing CERT DB
+#     generate request
+#     sign request
+#     import Cert
+#
+########################################################################
+cert_add_cert()
+{
+    CU_ACTION="Generate Cert Request for $CERTNAME"
+    CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+    certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req  2>&1
+    if [ "$RET" -ne 0 ]; then
+        return $RET
+    fi
+
+    CU_ACTION="Sign ${CERTNAME}'s Request"
+    certu -C -c "TestCA" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
+          -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" "$1" 2>&1
+    if [ "$RET" -ne 0 ]; then
+        return $RET
+    fi
+
+    CU_ACTION="Import $CERTNAME's Cert"
+    certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+          -i "${CERTNAME}.cert" 2>&1
+    if [ "$RET" -ne 0 ]; then
+        return $RET
+    fi
+
+    cert_log "SUCCESS: $CERTNAME's Cert Created"
+
+#
+#   Generate and add DSA cert
+#
+	CU_ACTION="Generate DSA Cert Request for $CERTNAME"
+	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+	certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+	    -z "${R_NOISE_FILE}" -o req  2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Sign ${CERTNAME}'s DSA Request"
+	certu -C -c "TestCA-dsa" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
+            -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" "$1" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Import $CERTNAME's DSA Cert"
+	certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
+	    -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+	cert_log "SUCCESS: $CERTNAME's DSA Cert Created"
+
+#    Generate DSA certificate signed with RSA
+	CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME"
+	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+	certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+	    -z "${R_NOISE_FILE}" -o req  2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Sign ${CERTNAME}'s DSA Request with RSA"
+# Avoid conflicting serial numbers with TestCA issuer by keeping
+# this set far away. A smaller number risks colliding with the
+# extended ssl user certificates.
+	NEWSERIAL=`expr ${CERTSERIAL} + 20000`
+        certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \
+            -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" "$1" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Import $CERTNAME's mixed DSA Cert"
+	certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	    -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+	cert_log "SUCCESS: $CERTNAME's mixed DSA Cert Created"
+
+#
+#   Generate and add EC cert
+#
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
+	CURVE="secp384r1"
+	CU_ACTION="Generate EC Cert Request for $CERTNAME"
+	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+	certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+	    -z "${R_NOISE_FILE}" -o req  2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Sign ${CERTNAME}'s EC Request"
+	certu -C -c "TestCA-ec" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
+            -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" "$1" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Import $CERTNAME's EC Cert"
+	certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
+	    -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+	cert_log "SUCCESS: $CERTNAME's EC Cert Created"
+
+#    Generate EC certificate signed with RSA
+	CU_ACTION="Generate mixed EC Cert Request for $CERTNAME"
+	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+	certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+	    -z "${R_NOISE_FILE}" -o req  2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Sign ${CERTNAME}'s EC Request with RSA"
+# Avoid conflicting serial numbers with TestCA issuer by keeping
+# this set far away. A smaller number risks colliding with the
+# extended ssl user certificates.
+	NEWSERIAL=`expr ${CERTSERIAL} + 10000`
+        certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \
+            -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" "$1" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+
+	CU_ACTION="Import $CERTNAME's mixed EC Cert"
+	certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	    -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
+	if [ "$RET" -ne 0 ]; then
+            return $RET
+	fi
+	cert_log "SUCCESS: $CERTNAME's mixed EC Cert Created"
+    fi
+
+    return 0
+}
+
+################################# cert_all_CA ################################
+# local shell function to build the additional Temp. Certificate Authority (CA)
+# used for the "real life" ssl test with 2 different CA's in the
+# client and in the server's dir
+##########################################################################
+cert_all_CA()
+{
+    echo nss > ${PWFILE}
+
+    ALL_CU_SUBJECT="CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+    cert_CA $CADIR TestCA -x "CTu,CTu,CTu" ${D_CA} "1"
+
+    ALL_CU_SUBJECT="CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+    cert_CA $SERVER_CADIR serverCA -x "Cu,Cu,Cu" ${D_SERVER_CA} "2"
+    ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+    cert_CA $SERVER_CADIR chain-1-serverCA "-c serverCA" "u,u,u" ${D_SERVER_CA} "3"
+    ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
+    cert_CA $SERVER_CADIR chain-2-serverCA "-c chain-1-serverCA" "u,u,u" ${D_SERVER_CA} "4"
+
+
+
+    ALL_CU_SUBJECT="CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+    cert_CA $CLIENT_CADIR clientCA -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5"
+    ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+    cert_CA $CLIENT_CADIR chain-1-clientCA "-c clientCA" "u,u,u" ${D_CLIENT_CA} "6"
+    ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+    cert_CA $CLIENT_CADIR chain-2-clientCA "-c chain-1-clientCA" "u,u,u" ${D_CLIENT_CA} "7"
+
+    rm $CLIENT_CADIR/root.cert $SERVER_CADIR/root.cert
+
+    # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
+    # in the chain
+
+
+#
+#       Create DSA version of TestCA
+	ALL_CU_SUBJECT="CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+	cert_dsa_CA $CADIR TestCA-dsa -x "CTu,CTu,CTu" ${D_CA} "1"
+#
+#       Create DSA versions of the intermediate CA certs
+	ALL_CU_SUBJECT="CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_dsa_CA $SERVER_CADIR serverCA-dsa -x "Cu,Cu,Cu" ${D_SERVER_CA} "2"
+	ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_dsa_CA $SERVER_CADIR chain-1-serverCA-dsa "-c serverCA-dsa" "u,u,u" ${D_SERVER_CA} "3"
+	ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
+	cert_dsa_CA $SERVER_CADIR chain-2-serverCA-dsa "-c chain-1-serverCA-dsa" "u,u,u" ${D_SERVER_CA} "4"
+
+	ALL_CU_SUBJECT="CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_dsa_CA $CLIENT_CADIR clientCA-dsa -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5"
+	ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_dsa_CA $CLIENT_CADIR chain-1-clientCA-dsa "-c clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "6"
+	ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_dsa_CA $CLIENT_CADIR chain-2-clientCA-dsa "-c chain-1-clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "7"
+
+	rm $CLIENT_CADIR/dsaroot.cert $SERVER_CADIR/dsaroot.cert
+#	dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
+#	in the chain
+
+
+
+
+    if [ -z "$NSS_DISABLE_ECC" ] ; then
+#
+#       Create EC version of TestCA
+	CA_CURVE="secp521r1"
+	ALL_CU_SUBJECT="CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+	cert_ec_CA $CADIR TestCA-ec -x "CTu,CTu,CTu" ${D_CA} "1" ${CA_CURVE}
+#
+#       Create EC versions of the intermediate CA certs
+	ALL_CU_SUBJECT="CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_ec_CA $SERVER_CADIR serverCA-ec -x "Cu,Cu,Cu" ${D_SERVER_CA} "2" ${CA_CURVE}
+	ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_ec_CA $SERVER_CADIR chain-1-serverCA-ec "-c serverCA-ec" "u,u,u" ${D_SERVER_CA} "3" ${CA_CURVE}
+	ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" 
+	cert_ec_CA $SERVER_CADIR chain-2-serverCA-ec "-c chain-1-serverCA-ec" "u,u,u" ${D_SERVER_CA} "4" ${CA_CURVE}
+
+	ALL_CU_SUBJECT="CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_ec_CA $CLIENT_CADIR clientCA-ec -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5" ${CA_CURVE}
+	ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_ec_CA $CLIENT_CADIR chain-1-clientCA-ec "-c clientCA-ec" "u,u,u" ${D_CLIENT_CA} "6" ${CA_CURVE}
+	ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US"
+	cert_ec_CA $CLIENT_CADIR chain-2-clientCA-ec "-c chain-1-clientCA-ec" "u,u,u" ${D_CLIENT_CA} "7" ${CA_CURVE}
+
+	rm $CLIENT_CADIR/ecroot.cert $SERVER_CADIR/ecroot.cert
+#	ecroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last 
+#	in the chain
+
+    fi
+}
+
+################################# cert_CA ################################
+# local shell function to build the Temp. Certificate Authority (CA)
+# used for testing purposes, creating  a CA Certificate and a root cert
+##########################################################################
+cert_CA()
+{
+  CUR_CADIR=$1
+  NICKNAME=$2
+  SIGNER=$3
+  TRUSTARG=$4
+  DOMAIN=$5
+  CERTSERIAL=$6
+
+  echo "$SCRIPTNAME: Creating a CA Certificate $NICKNAME =========================="
+
+  if [ ! -d "${CUR_CADIR}" ]; then
+      mkdir -p "${CUR_CADIR}"
+  fi
+  cd ${CUR_CADIR}
+  pwd
+
+  LPROFILE=`pwd`
+  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+     LPROFILE=`cygpath -m ${LPROFILE}`
+  fi
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+	LPROFILE="multiaccess:${DOMAIN}"
+  fi
+
+  if [ "$SIGNER" = "-x" ] ; then # self signed -> create DB
+      CU_ACTION="Creating CA Cert DB"
+      certu -N -d "${LPROFILE}" -f ${R_PWFILE} 2>&1
+      if [ "$RET" -ne 0 ]; then
+          Exit 5 "Fatal - failed to create CA $NICKNAME "
+      fi
+
+      CU_ACTION="Loading root cert module to CA Cert DB"
+      modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${LPROFILE}" 2>&1   
+      if [ "$RET" -ne 0 ]; then
+          return $RET
+      fi
+
+      echo "$SCRIPTNAME: Certificate initialized ----------"
+  fi
+
+
+  ################# Creating CA Cert ######################################
+  #
+  CU_ACTION="Creating CA Cert $NICKNAME "
+  CU_SUBJECT=$ALL_CU_SUBJECT
+  certu -S -n $NICKNAME -t $TRUSTARG -v 600 $SIGNER -d ${LPROFILE} -1 -2 -5 \
+        -f ${R_PWFILE} -z ${R_NOISE_FILE} -m $CERTSERIAL 2>&1 <<CERTSCRIPT
+5
+6
+9
+n
+y
+-1
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+  if [ "$RET" -ne 0 ]; then
+      echo "return value is $RET"
+      Exit 6 "Fatal - failed to create CA cert"
+  fi
+
+  ################# Exporting Root Cert ###################################
+  #
+  CU_ACTION="Exporting Root Cert"
+  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o root.cert 
+  if [ "$RET" -ne 0 ]; then
+      Exit 7 "Fatal - failed to export root cert"
+  fi
+  cp root.cert ${NICKNAME}.ca.cert
+}
+
+
+
+
+
+################################ cert_dsa_CA #############################
+# local shell function to build the Temp. Certificate Authority (CA)
+# used for testing purposes, creating  a CA Certificate and a root cert
+# This is the ECC version of cert_CA.
+##########################################################################
+cert_dsa_CA()
+{
+  CUR_CADIR=$1
+  NICKNAME=$2
+  SIGNER=$3
+  TRUSTARG=$4
+  DOMAIN=$5
+  CERTSERIAL=$6
+
+  echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME =========================="
+
+  if [ ! -d "${CUR_CADIR}" ]; then
+      mkdir -p "${CUR_CADIR}"
+  fi
+  cd ${CUR_CADIR}
+  pwd
+
+  LPROFILE=.
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+	LPROFILE="multiaccess:${DOMAIN}"
+  fi
+
+  ################# Creating an DSA CA Cert ###############################
+  #
+  CU_ACTION="Creating DSA CA Cert $NICKNAME "
+  CU_SUBJECT=$ALL_CU_SUBJECT
+  certu -S -n $NICKNAME -k dsa -t $TRUSTARG -v 600 $SIGNER \
+    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
+    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
+5
+6
+9
+n
+y
+-1
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+  if [ "$RET" -ne 0 ]; then
+      echo "return value is $RET"
+      Exit 6 "Fatal - failed to create DSA CA cert"
+  fi
+
+  ################# Exporting DSA Root Cert ###############################
+  #
+  CU_ACTION="Exporting DSA Root Cert"
+  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o dsaroot.cert 
+  if [ "$RET" -ne 0 ]; then
+      Exit 7 "Fatal - failed to export dsa root cert"
+  fi
+  cp dsaroot.cert ${NICKNAME}.ca.cert
+}
+
+
+
+
+################################ cert_ec_CA ##############################
+# local shell function to build the Temp. Certificate Authority (CA)
+# used for testing purposes, creating  a CA Certificate and a root cert
+# This is the ECC version of cert_CA.
+##########################################################################
+cert_ec_CA()
+{
+  CUR_CADIR=$1
+  NICKNAME=$2
+  SIGNER=$3
+  TRUSTARG=$4
+  DOMAIN=$5
+  CERTSERIAL=$6
+  CURVE=$7
+
+  echo "$SCRIPTNAME: Creating an EC CA Certificate $NICKNAME =========================="
+
+  if [ ! -d "${CUR_CADIR}" ]; then
+      mkdir -p "${CUR_CADIR}"
+  fi
+  cd ${CUR_CADIR}
+  pwd
+
+  LPROFILE=.
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+	LPROFILE="multiaccess:${DOMAIN}"
+  fi
+
+  ################# Creating an EC CA Cert ################################
+  #
+  CU_ACTION="Creating EC CA Cert $NICKNAME "
+  CU_SUBJECT=$ALL_CU_SUBJECT
+  certu -S -n $NICKNAME -k ec -q $CURVE -t $TRUSTARG -v 600 $SIGNER \
+    -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \
+    -m $CERTSERIAL 2>&1 <<CERTSCRIPT
+5
+6
+9
+n
+y
+-1
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+  if [ "$RET" -ne 0 ]; then
+      echo "return value is $RET"
+      Exit 6 "Fatal - failed to create EC CA cert"
+  fi
+
+  ################# Exporting EC Root Cert ################################
+  #
+  CU_ACTION="Exporting EC Root Cert"
+  certu -L -n  $NICKNAME -r -d ${LPROFILE} -o ecroot.cert 
+  if [ "$RET" -ne 0 ]; then
+      Exit 7 "Fatal - failed to export ec root cert"
+  fi
+  cp ecroot.cert ${NICKNAME}.ca.cert
+}
+
+############################## cert_smime_client #############################
+# local shell function to create client Certificates for S/MIME tests 
+##############################################################################
+cert_smime_client()
+{
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Creating Client CA Issued Certificates =============="
+
+  cert_create_cert ${ALICEDIR} "Alice" 30 ${D_ALICE}
+  cert_create_cert ${BOBDIR} "Bob" 40  ${D_BOB}
+
+  echo "$SCRIPTNAME: Creating Dave's Certificate -------------------------"
+  cert_create_cert "${DAVEDIR}" Dave 50 ${D_DAVE}
+
+## XXX With this new script merging ECC and non-ECC tests, the
+## call to cert_create_cert ends up creating two separate certs
+## one for Eve and another for Eve-ec but they both end up with
+## the same Subject Alt Name Extension, i.e., both the cert for
+## Eve@bogus.com and the cert for Eve-ec@bogus.com end up 
+## listing eve@bogus.net in the Certificate Subject Alt Name extension. 
+## This can cause a problem later when cmsutil attempts to create
+## enveloped data and accidently picks up the ECC cert (NSS currently
+## does not support ECC for enveloped data creation). This script
+## avoids the problem by ensuring that these conflicting certs are
+## never added to the same cert database (see comment marked XXXX).
+  echo "$SCRIPTNAME: Creating multiEmail's Certificate --------------------"
+  cert_create_cert "${EVEDIR}" "Eve" 60 ${D_EVE} "-7 eve@bogus.net,eve@bogus.cc,beve@bogus.com"
+
+  #echo "************* Copying CA files to ${SERVERDIR}"
+  #cp ${CADIR}/*.db .
+  #hw_acc
+
+  #########################################################################
+  #
+  #cd ${CERTDIR}
+  #CU_ACTION="Creating ${CERTNAME}'s Server Cert"
+  #CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
+  #certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" \
+  #	-d ${PROFILEDIR} -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
+
+  #CU_ACTION="Export Dave's Cert"
+  #cd ${DAVEDIR}
+  #certu -L -n "Dave" -r -d ${P_R_DAVE} -o Dave.cert
+
+  ################# Importing Certificates for S/MIME tests ###############
+  #
+  echo "$SCRIPTNAME: Importing Certificates =============================="
+  CU_ACTION="Import Bob's cert into Alice's db"
+  certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
+        -i ${R_BOBDIR}/Bob.cert 2>&1
+
+  CU_ACTION="Import Dave's cert into Alice's DB"
+  certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
+        -i ${R_DAVEDIR}/Dave.cert 2>&1
+
+  CU_ACTION="Import Dave's cert into Bob's DB"
+  certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
+        -i ${R_DAVEDIR}/Dave.cert 2>&1
+
+  CU_ACTION="Import Eve's cert into Alice's DB"
+  certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
+        -i ${R_EVEDIR}/Eve.cert 2>&1
+
+  CU_ACTION="Import Eve's cert into Bob's DB"
+  certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
+        -i ${R_EVEDIR}/Eve.cert 2>&1
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      echo "$SCRIPTNAME: Importing EC Certificates =============================="
+      CU_ACTION="Import Bob's EC cert into Alice's db"
+      certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
+          -i ${R_BOBDIR}/Bob-ec.cert 2>&1
+
+      CU_ACTION="Import Dave's EC cert into Alice's DB"
+      certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
+          -i ${R_DAVEDIR}/Dave-ec.cert 2>&1
+
+      CU_ACTION="Import Dave's EC cert into Bob's DB"
+      certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
+          -i ${R_DAVEDIR}/Dave-ec.cert 2>&1
+
+## XXXX Do not import Eve's EC cert until we can make sure that
+## the email addresses listed in the Subject Alt Name Extension 
+## inside Eve's ECC and non-ECC certs are different.
+#     CU_ACTION="Import Eve's EC cert into Alice's DB"
+#     certu -E -t ",," -d ${P_R_ALICEDIR} -f ${R_PWFILE} \
+#         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
+
+#     CU_ACTION="Import Eve's EC cert into Bob's DB"
+#     certu -E -t ",," -d ${P_R_BOBDIR} -f ${R_PWFILE} \
+#         -i ${R_EVEDIR}/Eve-ec.cert 2>&1
+  fi
+
+  if [ "$CERTFAILED" != 0 ] ; then
+      cert_log "ERROR: SMIME failed $RET"
+  else
+      cert_log "SUCCESS: SMIME passed"
+  fi
+}
+
+############################## cert_extended_ssl #######################
+# local shell function to create client + server certs for extended SSL test
+########################################################################
+cert_extended_ssl()
+{
+
+  ################# Creating Certs for extended SSL test ####################
+  #
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Creating Certificates, issued by the last ==============="
+  echo "     of a chain of CA's which are not in the same database============"
+
+  echo "Server Cert"
+  cert_init_cert ${EXT_SERVERDIR} "${HOSTADDR}" 1 ${D_EXT_SERVER}
+
+  CU_ACTION="Initializing ${CERTNAME}'s Cert DB (ext.)"
+  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+
+  CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB (ext.)"
+  modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
+
+  CU_ACTION="Generate Cert Request for $CERTNAME (ext)"
+  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
+
+  CU_ACTION="Sign ${CERTNAME}'s Request (ext)"
+  cp ${CERTDIR}/req ${SERVER_CADIR}
+  certu -C -c "chain-2-serverCA" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
+        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
+
+  CU_ACTION="Import $CERTNAME's Cert  -t u,u,u (ext)"
+  certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+        -i "${CERTNAME}.cert" 2>&1
+
+  CU_ACTION="Import Client Root CA -t T,, for $CERTNAME (ext.)"
+  certu -A -n "clientCA" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${CLIENT_CADIR}/clientCA.ca.cert" 2>&1
+
+#
+#     Repeat the above for DSA certs
+#
+      CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)"
+      cp ${CERTDIR}/req ${SERVER_CADIR}
+      certu -C -c "chain-2-serverCA-dsa" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
+          -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's DSA Cert  -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
+
+      CU_ACTION="Import Client DSA Root CA -t T,, for $CERTNAME (ext.)"
+      certu -A -n "clientCA-dsa" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${CLIENT_CADIR}/clientCA-dsa.ca.cert" 2>&1
+#
+#     done with DSA certs
+#
+#     Repeat again for mixed DSA certs
+#
+      CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)"
+      cp ${CERTDIR}/req ${SERVER_CADIR}
+      certu -C -c "chain-2-serverCA" -m 202 -v 60 -d "${P_SERVER_CADIR}" \
+          -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's mixed DSA Cert  -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
+
+#      CU_ACTION="Import Client mixed DSA Root CA -t T,, for $CERTNAME (ext.)"
+#      certu -A -n "clientCA-dsamixed" -t "T,," -f "${R_PWFILE}" \
+#	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \
+#	  2>&1
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+#
+#     Repeat the above for EC certs
+#
+      EC_CURVE="secp256r1"
+      CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
+      cp ${CERTDIR}/req ${SERVER_CADIR}
+      certu -C -c "chain-2-serverCA-ec" -m 200 -v 60 -d "${P_SERVER_CADIR}" \
+          -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's EC Cert  -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
+
+      CU_ACTION="Import Client EC Root CA -t T,, for $CERTNAME (ext.)"
+      certu -A -n "clientCA-ec" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${CLIENT_CADIR}/clientCA-ec.ca.cert" 2>&1
+#
+#     done with EC certs
+#
+#     Repeat again for mixed EC certs
+#
+      EC_CURVE="secp256r1"
+      CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s mixed EC Request (ext)"
+      cp ${CERTDIR}/req ${SERVER_CADIR}
+      certu -C -c "chain-2-serverCA" -m 201 -v 60 -d "${P_SERVER_CADIR}" \
+          -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's mixed EC Cert  -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
+
+#      CU_ACTION="Import Client mixed EC Root CA -t T,, for $CERTNAME (ext.)"
+#      certu -A -n "clientCA-ecmixed" -t "T,," -f "${R_PWFILE}" \
+#	  -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-ecmixed.ca.cert" \
+#	  2>&1
+  fi
+
+  echo "Importing all the server's own CA chain into the servers DB"
+  for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ;
+  do
+      N=`basename $CA | sed -e "s/.ca.cert//"`
+      if [ $N = "serverCA" -o $N = "serverCA-ec" -o $N = "serverCA-dsa" ] ; then
+          T="-t C,C,C"
+      else
+          T="-t u,u,u"
+      fi
+      CU_ACTION="Import $N CA $T for $CERTNAME (ext.) "
+      certu -A -n $N  $T -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${CA}" 2>&1
+  done
+#============
+  echo "Client Cert"
+  cert_init_cert ${EXT_CLIENTDIR} ExtendedSSLUser 1 ${D_EXT_CLIENT}
+
+  CU_ACTION="Initializing ${CERTNAME}'s Cert DB (ext.)"
+  certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+
+  CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB (ext.)"
+  modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
+
+  CU_ACTION="Generate Cert Request for $CERTNAME (ext)"
+  CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" \
+      -o req 2>&1
+
+  CU_ACTION="Sign ${CERTNAME}'s Request (ext)"
+  cp ${CERTDIR}/req ${CLIENT_CADIR}
+  certu -C -c "chain-2-clientCA" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
+        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
+
+  CU_ACTION="Import $CERTNAME's Cert -t u,u,u (ext)"
+  certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+        -i "${CERTNAME}.cert" 2>&1
+  CU_ACTION="Import Server Root CA -t C,C,C for $CERTNAME (ext.)"
+  certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1
+
+#
+#     Repeat the above for DSA certs
+#
+      CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)"
+      cp ${CERTDIR}/req ${CLIENT_CADIR}
+      certu -C -c "chain-2-clientCA-dsa" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
+          -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1
+
+      CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)"
+      certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \
+	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1
+#
+# done with DSA certs
+#
+#
+#     Repeat the above for mixed DSA certs
+#
+      CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)"
+      cp ${CERTDIR}/req ${CLIENT_CADIR}
+      certu -C -c "chain-2-clientCA" -m 302 -v 60 -d "${P_CLIENT_CADIR}" \
+          -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1
+
+#      CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)"
+#      certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \
+#	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1
+#
+# done with mixed DSA certs
+#
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+#
+#     Repeat the above for EC certs
+#
+      CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s EC Request (ext)"
+      cp ${CERTDIR}/req ${CLIENT_CADIR}
+      certu -C -c "chain-2-clientCA-ec" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \
+          -i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's EC Cert -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
+
+      CU_ACTION="Import Server EC Root CA -t C,C,C for $CERTNAME (ext.)"
+      certu -A -n "serverCA-ec" -t "C,C,C" -f "${R_PWFILE}" \
+	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-ec.ca.cert" 2>&1
+#
+# done with EC certs
+#
+#
+#     Repeat the above for mixed EC certs
+#
+      CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)"
+      CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+      certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \
+	  -z "${R_NOISE_FILE}" -o req 2>&1
+
+      CU_ACTION="Sign ${CERTNAME}'s mixed EC Request (ext)"
+      cp ${CERTDIR}/req ${CLIENT_CADIR}
+      certu -C -c "chain-2-clientCA" -m 301 -v 60 -d "${P_CLIENT_CADIR}" \
+          -i req -o "${CERTNAME}-ecmixed.cert" -f "${R_PWFILE}" 2>&1
+
+      CU_ACTION="Import $CERTNAME's mixed EC Cert -t u,u,u (ext)"
+      certu -A -n "${CERTNAME}-ecmixed" -t "u,u,u" -d "${PROFILEDIR}" \
+	  -f "${R_PWFILE}" -i "${CERTNAME}-ecmixed.cert" 2>&1
+
+#      CU_ACTION="Import Server EC Root CA -t C,C,C for $CERTNAME (ext.)"
+#      certu -A -n "serverCA-ec" -t "C,C,C" -f "${R_PWFILE}" \
+#	  -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-ec.ca.cert" 2>&1
+#
+# done with mixed EC certs
+#
+  fi
+
+  echo "Importing all the client's own CA chain into the servers DB"
+  for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ;
+  do
+      N=`basename $CA | sed -e "s/.ca.cert//"`
+      if [ $N = "clientCA" -o $N = "clientCA-ec" -o $N = "clientCA-dsa" ] ; then
+          T="-t T,C,C"
+      else
+          T="-t u,u,u"
+      fi
+      CU_ACTION="Import $N CA $T for $CERTNAME (ext.)"
+      certu -A -n $N  $T -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${CA}" 2>&1
+  done
+  if [ "$CERTFAILED" != 0 ] ; then
+      cert_log "ERROR: EXT failed $RET"
+  else
+      cert_log "SUCCESS: EXT passed"
+  fi
+}
+
+############################## cert_ssl ################################
+# local shell function to create client + server certs for SSL test
+########################################################################
+cert_ssl()
+{
+  ################# Creating Certs for SSL test ###########################
+  #
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
+  cert_create_cert ${CLIENTDIR} "TestUser" 70 ${D_CLIENT}
+
+  echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
+  echo "             ${HOSTADDR} ------------------------------------"
+  cert_create_cert ${SERVERDIR} "${HOSTADDR}" 100 ${D_SERVER}
+  echo "$SCRIPTNAME: Creating Server CA Issued Certificate for \\"
+  echo "             ${HOSTADDR}-sni --------------------------------"
+  CERTSERIAL=101
+  CERTNAME="${HOST}-sni${sniCertCount}.${DOMSUF}"
+  cert_add_cert 
+  CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC"
+  certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+
+  CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC"
+  certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC"
+      certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}"
+  fi
+#  cert_init_cert ${SERVERDIR} "${HOSTADDR}" 1 ${D_SERVER}
+#  echo "************* Copying CA files to ${SERVERDIR}"
+#  cp ${CADIR}/*.db .
+#  hw_acc
+#  CU_ACTION="Creating ${CERTNAME}'s Server Cert"
+#  CU_SUBJECT="CN=${CERTNAME}, O=BOGUS Netscape, L=Mountain View, ST=California, C=US"
+#  certu -S -n "${CERTNAME}" -c "TestCA" -t "Pu,Pu,Pu" -d ${PROFILEDIR} \
+#	 -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1
+
+  if [ "$CERTFAILED" != 0 ] ; then
+      cert_log "ERROR: SSL failed $RET"
+  else
+      cert_log "SUCCESS: SSL passed"
+  fi
+
+  echo "$SCRIPTNAME: Creating database for OCSP stapling tests  ==============="
+  echo "cp -r ${SERVERDIR} ${STAPLINGDIR}"
+  cp -r ${R_SERVERDIR} ${R_STAPLINGDIR}
+  pk12u -o ${R_STAPLINGDIR}/ca.p12 -n TestCA -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_CADIR}
+  pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR}
+}
+
+############################## cert_stresscerts ################################
+# local shell function to create client certs for SSL stresstest
+########################################################################
+cert_stresscerts()
+{
+
+  ############### Creating Certs for SSL stress test #######################
+  #
+  CERTDIR="$CLIENTDIR"
+  cd "${CERTDIR}"
+
+  PROFILEDIR=`cd ${CERTDIR}; pwd`
+  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+     PROFILEDIR=`cygpath -m ${PROFILEDIR}`
+  fi  
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+     PROFILEDIR="multiaccess:${D_CLIENT}"
+  fi
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Creating Client CA Issued Certificates ==============="
+
+  CONTINUE=$GLOB_MAX_CERT
+  CERTSERIAL=10
+
+  while [ $CONTINUE -ge $GLOB_MIN_CERT ]
+  do
+      CERTNAME="TestUser$CONTINUE"
+#      cert_add_cert ${CLIENTDIR} "TestUser$CONTINUE" $CERTSERIAL
+      cert_add_cert 
+      CERTSERIAL=`expr $CERTSERIAL + 1 `
+      CONTINUE=`expr $CONTINUE - 1 `
+  done
+  if [ "$CERTFAILED" != 0 ] ; then
+      cert_log "ERROR: StressCert failed $RET"
+  else
+      cert_log "SUCCESS: StressCert passed"
+  fi
+}
+
+############################## cert_fips #####################################
+# local shell function to create certificates for FIPS tests 
+##############################################################################
+cert_fips()
+{
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Creating FIPS 140 DSA Certificates =============="
+  cert_init_cert "${FIPSDIR}" "FIPS PUB 140 Test Certificate" 1000 "${D_FIPS}"
+
+  CU_ACTION="Initializing ${CERTNAME}'s Cert DB"
+  certu -N -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" 2>&1
+
+  CU_ACTION="Loading root cert module to ${CERTNAME}'s Cert DB (ext.)"
+  modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
+
+  echo "$SCRIPTNAME: Enable FIPS mode on database -----------------------"
+  CU_ACTION="Enable FIPS mode on database for ${CERTNAME}"
+  echo "modutil -dbdir ${PROFILEDIR} -fips true "
+  ${BINDIR}/modutil -dbdir ${PROFILEDIR} -fips true 2>&1 <<MODSCRIPT
+y
+MODSCRIPT
+  RET=$?
+  if [ "$RET" -ne 0 ]; then
+    html_failed "${CU_ACTION} ($RET) " 
+    cert_log "ERROR: ${CU_ACTION} failed $RET"
+  else
+    html_passed "${CU_ACTION}"
+  fi
+
+  CU_ACTION="Generate Certificate for ${CERTNAME}"
+  CU_SUBJECT="CN=${CERTNAME}, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US"
+  certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1
+  if [ "$RET" -eq 0 ]; then
+    cert_log "SUCCESS: FIPS passed"
+  fi
+}
+
+############################## cert_eccurves ###########################
+# local shell function to create server certs for all EC curves
+########################################################################
+cert_eccurves()
+{
+  ################# Creating Certs for EC curves test ########################
+  #
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+    echo "$SCRIPTNAME: Creating Server CA Issued Certificate for "
+    echo "             EC Curves Test Certificates ------------------------------------"
+
+    cert_init_cert "${ECCURVES_DIR}" "EC Curves Test Certificates" 1 ${D_ECCURVES}
+
+    CU_ACTION="Initializing EC Curve's Cert DB"
+    certu -N -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+
+    CU_ACTION="Loading root cert module to EC Curve's Cert DB"
+    modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1
+
+    CU_ACTION="Import EC Root CA for $CERTNAME"
+    certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \
+        -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-ec.ca.cert" 2>&1
+
+    CURVE_LIST="nistp256 nistp384 nistp521"
+    CERTSERIAL=2000
+
+    for CURVE in ${CURVE_LIST}
+    do
+	CERTFAILED=0
+	CERTNAME="Curve-${CURVE}"
+	CERTSERIAL=`expr $CERTSERIAL + 1 `
+	CU_ACTION="Generate EC Cert Request for $CERTNAME"
+	CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+	certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+		-z "${R_NOISE_FILE}" -o req  2>&1
+	
+	if [ $RET -eq 0 ] ; then
+	  CU_ACTION="Sign ${CERTNAME}'s EC Request"
+	  certu -C -c "TestCA-ec" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \
+		-i req -o "${CERTNAME}-ec.cert" -f "${R_PWFILE}" "$1" 2>&1
+	fi
+	
+	if [ $RET -eq 0 ] ; then
+	  CU_ACTION="Import $CERTNAME's EC Cert"
+	  certu -A -n "${CERTNAME}-ec" -t "u,u,u" -d "${PROFILEDIR}" \
+		-f "${R_PWFILE}" -i "${CERTNAME}-ec.cert" 2>&1
+	fi
+    done
+
+  fi # $NSS_DISABLE_ECC
+}
+
+########################### cert_extensions_test #############################
+# local shell function to test cert extensions generation
+##############################################################################
+cert_extensions_test()
+{
+    COUNT=`expr ${COUNT} + 1`
+    CERTNAME=TestExt${COUNT}
+    CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+
+    echo
+    echo certutil -d ${CERT_EXTENSIONS_DIR} -S -n ${CERTNAME} \
+        -t "u,u,u" -o ${CERT_EXTENSIONS_DIR}/tempcert -s "${CU_SUBJECT}" -x -f ${R_PWFILE} \
+        -z "${R_NOISE_FILE}" -${OPT} \< ${TARG_FILE}
+    echo "certutil options:"
+    cat ${TARG_FILE}
+    ${BINDIR}/certutil -d ${CERT_EXTENSIONS_DIR} -S -n ${CERTNAME} \
+        -t "u,u,u" -o ${CERT_EXTENSIONS_DIR}/tempcert -s "${CU_SUBJECT}" -x -f ${R_PWFILE} \
+        -z "${R_NOISE_FILE}" -${OPT} < ${TARG_FILE}
+    RET=$?
+    if [ "${RET}" -ne 0 ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - Create and Add Certificate" 
+        cert_log "ERROR: ${TESTNAME} - Create and Add Certificate failed" 
+        return 1
+    fi
+
+    echo certutil -d ${CERT_EXTENSIONS_DIR} -L -n ${CERTNAME} 
+    EXTLIST=`${BINDIR}/certutil -d ${CERT_EXTENSIONS_DIR} -L -n ${CERTNAME}`
+    RET=$?
+    echo "${EXTLIST}"
+    if [ "${RET}" -ne 0 ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - List Certificate" 
+        cert_log "ERROR: ${TESTNAME} - List Certificate failed" 
+        return 1
+    fi
+
+    for FL in `echo ${FILTERLIST} | tr \| ' '`; do
+        FL="`echo ${FL} | tr _ ' '`"
+        EXPSTAT=0
+        if [ X`echo "${FL}" | cut -c 1` = 'X!' ]; then
+            EXPSTAT=1
+            FL=`echo ${FL} | tr -d '!'`
+        fi
+        echo "${EXTLIST}" | grep "${FL}" >/dev/null 2>&1
+        RET=$?
+        if [ "${RET}" -ne "${EXPSTAT}" ]; then
+            CERTFAILED=1
+            html_failed "${TESTNAME} (${COUNT}) - Looking for ${FL}" "returned ${RET}, expected is ${EXPSTAT}" 
+            cert_log "ERROR: ${TESTNAME} - Looking for ${FL} failed"
+            return 1
+        fi
+    done
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+############################## cert_extensions ###############################
+# local shell function to run cert extensions tests
+##############################################################################
+cert_extensions()
+{
+    CERTNAME=TestExt
+    cert_create_cert ${CERT_EXTENSIONS_DIR} ${CERTNAME} 90 ${D_CERT_EXTENSTIONS}
+    TARG_FILE=${CERT_EXTENSIONS_DIR}/test.args
+
+    COUNT=0
+    while read ARG OPT FILTERLIST; do
+        if [ X"`echo ${ARG} | cut -c 1`" = "X#" ]; then
+            continue
+        fi
+        if [ X"`echo ${ARG} | cut -c 1`" = "X!" ]; then
+            TESTNAME="${FILTERLIST}"
+            continue
+        fi
+        if [ X"${ARG}" = "X=" ]; then
+            cert_extensions_test
+            rm -f ${TARG_FILE}
+        else
+            echo ${ARG} >> ${TARG_FILE}
+        fi
+    done < ${QADIR}/cert/certext.txt
+}
+
+cert_make_with_param()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    MAKE="$3"
+    SUBJ="$4"
+    EXTRA="$5"
+    EXPECT="$6"
+    TESTNAME="$7"
+
+    echo certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA}
+    ${BINDIR}/certutil ${DIRPASS} -s "${SUBJ}" ${MAKE} ${CERTNAME} ${EXTRA}
+        
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        # if we expected failure to create, then delete unexpected certificate
+        if [ "${EXPECT}" -ne 0 ]; then
+            ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME}
+        fi
+    
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - ${EXTRA}" 
+        cert_log "ERROR: ${TESTNAME} - ${EXTRA} failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_list_and_count_dns()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    EXPECT="$3"
+    EXPECTCOUNT="$4"
+    TESTNAME="$5"
+
+    echo certutil ${DIRPASS} -L ${CERTNAME}
+    ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME}
+
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - list and count" 
+        cert_log "ERROR: ${TESTNAME} - list and count failed"
+        return 1
+    fi
+
+    LISTCOUNT=`${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} | grep -wc DNS`
+    if [ "${LISTCOUNT}" -ne "${EXPECTCOUNT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - list and count" 
+        cert_log "ERROR: ${TESTNAME} - list and count failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_dump_ext_to_file()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    OID="$3"
+    OUTFILE="$4"
+    EXPECT="$5"
+    TESTNAME="$6"
+
+    echo certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID}
+    echo "writing output to ${OUTFILE}"
+    ${BINDIR}/certutil ${DIRPASS} -L ${CERTNAME} --dump-ext-val ${OID} > ${OUTFILE}
+        
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - dump to file"
+        cert_log "ERROR: ${TESTNAME} - dump to file failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_delete()
+{
+    DIRPASS="$1"
+    CERTNAME="$2"
+    EXPECT="$3"
+    TESTNAME="$4"
+
+    echo certutil ${DIRPASS} -D ${CERTNAME}
+    ${BINDIR}/certutil ${DIRPASS} -D ${CERTNAME}
+        
+    RET=$?
+    if [ "${RET}" -ne "${EXPECT}" ]; then
+        CERTFAILED=1
+        html_failed "${TESTNAME} (${COUNT}) - delete cert" 
+        cert_log "ERROR: ${TESTNAME} - delete cert failed"
+        return 1
+    fi
+
+    html_passed "${TESTNAME} (${COUNT})"
+    return 0
+}
+
+cert_inc_count()
+{
+    COUNT=`expr ${COUNT} + 1`
+}
+
+############################## cert_crl_ssl ############################
+# test adding subject-alt-name, dumping, and adding generic extension
+########################################################################
+cert_san_and_generic_extensions()
+{
+    EXTDUMP=${CERT_EXTENSIONS_DIR}/sanext.der
+
+    DIR="-d ${CERT_EXTENSIONS_DIR} -f ${R_PWFILE}"
+    CERTNAME="-n WithSAN"
+    MAKE="-S -t ,, -x -z ${R_NOISE_FILE}"
+    SUBJ="CN=example.com"
+
+    TESTNAME="san-and-generic-extensions"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extSAN example.com" 255 \
+        "create cert with invalid SAN parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extSAN example.com,dns:www.example.com" 255 \
+        "create cert with invalid SAN parameter"
+
+    TN="create cert with valid SAN parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extSAN dns:example.com,dns:www.example.com" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \
+        "${TN}"
+
+    cert_inc_count
+    cert_dump_ext_to_file "${DIR}" "${CERTNAME}" "2.5.29.17" "${EXTDUMP}" 0 \
+        "dump extension 2.5.29.17 to file ${EXTDUMP}"
+
+    cert_inc_count
+    cert_delete "${DIR}" "${CERTNAME}" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \
+        "expect failure to list cert, because we deleted it"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric ${EXTDUMP}" 255 \
+        "create cert with invalid generic ext parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric not-critical:${EXTDUMP}" 255 \
+        "create cert with invalid generic ext parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric not-critical:${EXTDUMP},2.5.29.17:critical:${EXTDUMP}" 255 \
+        "create cert with invalid generic ext parameter"
+
+    TN="create cert with valid generic ext parameter"
+
+    cert_inc_count
+    cert_make_with_param "${DIR}" "${CERTNAME}" "${MAKE}" "${SUBJ}" \
+        "--extGeneric 2.5.29.17:not-critical:${EXTDUMP}" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 0 2 \
+        "${TN}"
+
+    cert_inc_count
+    cert_delete "${DIR}" "${CERTNAME}" 0 \
+        "${TN}"
+
+    cert_inc_count
+    cert_list_and_count_dns "${DIR}" "${CERTNAME}" 255 0 \
+        "expect failure to list cert, because we deleted it"
+}
+
+############################## cert_crl_ssl ############################
+# local shell function to generate certs and crls for SSL tests
+########################################################################
+cert_crl_ssl()
+{
+    
+  ################# Creating Certs ###################################
+  #
+  CERTFAILED=0
+  CERTSERIAL=${CRL_GRP_1_BEGIN}
+
+  cd $CADIR
+  
+  PROFILEDIR=`cd ${CLIENTDIR}; pwd`
+  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+     PROFILEDIR=`cygpath -m ${PROFILEDIR}`
+  fi
+  CRL_GRPS_END=`expr ${CRL_GRP_1_BEGIN} + ${TOTAL_CRL_RANGE} - 1`
+  echo "$SCRIPTNAME: Creating Client CA Issued Certificates Range $CRL_GRP_1_BEGIN - $CRL_GRPS_END ==="
+  CU_ACTION="Creating client test certs"
+
+  while [ $CERTSERIAL -le $CRL_GRPS_END ]
+  do
+      CERTNAME="TestUser$CERTSERIAL"
+      cert_add_cert 
+      CERTSERIAL=`expr $CERTSERIAL + 1 `
+  done
+
+  #################### CRL Creation ##############################
+  CRL_GEN_RES=0
+  echo "$SCRIPTNAME: Creating CA CRL ====================================="
+
+  CRL_GRP_END=`expr ${CRL_GRP_1_BEGIN} + ${CRL_GRP_1_RANGE} - 1`
+  CRL_FILE_GRP_1=${R_SERVERDIR}/root.crl_${CRL_GRP_1_BEGIN}-${CRL_GRP_END}
+  CRL_FILE=${CRL_FILE_GRP_1}
+  
+  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
+  CU_ACTION="Generating CRL for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA authority"
+  CRL_GRP_END_=`expr ${CRL_GRP_END} - 1`
+  crlu -d $CADIR -G -n "TestCA" -f ${R_PWFILE} \
+      -o ${CRL_FILE_GRP_1}_or <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
+addext reasonCode 0 4
+addext issuerAltNames 0 "rfc822Name:caemail@ca.com|dnsName:ca.com|directoryName:CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca.com|ipAddress:192.168.0.1|registerID=reg CA"
+EOF_CRLINI
+# This extension should be added to the list, but currently nss has bug
+#addext authKeyId 0 "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" 1
+  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  chmod 600 ${CRL_FILE_GRP_1}_or
+
+
+      CU_ACTION="Generating CRL (DSA) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-dsa authority"
+
+#     Until Bug 292285 is resolved, do not encode x400 Addresses. After
+#     the bug is resolved, reintroduce "x400Address:x400Address" within
+#     addext issuerAltNames ...
+      crlu -q -d $CADIR -G -n "TestCA-dsa" -f ${R_PWFILE} \
+	  -o ${CRL_FILE_GRP_1}_or-dsa <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
+addext reasonCode 0 4
+addext issuerAltNames 0 "rfc822Name:ca-dsaemail@ca.com|dnsName:ca-dsa.com|directoryName:CN=NSS Test CA (DSA),O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca-dsa.com|ipAddress:192.168.0.1|registerID=reg CA (DSA)"
+EOF_CRLINI
+      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+      chmod 600 ${CRL_FILE_GRP_1}_or-dsa
+
+
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Generating CRL (ECC) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-ec authority"
+
+#     Until Bug 292285 is resolved, do not encode x400 Addresses. After
+#     the bug is resolved, reintroduce "x400Address:x400Address" within
+#     addext issuerAltNames ...
+      crlu -q -d $CADIR -G -n "TestCA-ec" -f ${R_PWFILE} \
+	  -o ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_1_BEGIN}-${CRL_GRP_END_} $CRL_GRP_DATE
+addext reasonCode 0 4
+addext issuerAltNames 0 "rfc822Name:ca-ecemail@ca.com|dnsName:ca-ec.com|directoryName:CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=California,C=US|URI:http://ca-ec.com|ipAddress:192.168.0.1|registerID=reg CA (ECC)"
+EOF_CRLINI
+      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+      chmod 600 ${CRL_FILE_GRP_1}_or-ec
+  fi
+
+  echo test > file
+  ############################# Modification ##################################
+
+  echo "$SCRIPTNAME: Modifying CA CRL by adding one more cert ============"
+  sleep 2
+  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
+  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
+  CU_ACTION="Modify CRL by adding one more cert"
+  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or1 \
+      -i ${CRL_FILE_GRP_1}_or <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_END} $CRL_GRP_DATE
+EOF_CRLINI
+  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  chmod 600 ${CRL_FILE_GRP_1}_or1
+  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or"
+
+
+  CU_ACTION="Modify CRL (DSA) by adding one more cert"
+  crlu -d $CADIR -M -n "TestCA-dsa" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}_or1-dsa \
+      -i ${CRL_FILE_GRP_1}_or-dsa <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_END} $CRL_GRP_DATE
+EOF_CRLINI
+  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  chmod 600 ${CRL_FILE_GRP_1}_or1-dsa
+  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-dsa"
+
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Modify CRL (ECC) by adding one more cert"
+      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} \
+	  -o ${CRL_FILE_GRP_1}_or1-ec -i ${CRL_FILE_GRP_1}_or-ec <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_END} $CRL_GRP_DATE
+EOF_CRLINI
+      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+      chmod 600 ${CRL_FILE_GRP_1}_or1-ec
+      TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or-ec"
+  fi
+
+  ########### Removing one cert ${UNREVOKED_CERT_GRP_1} #######################
+  echo "$SCRIPTNAME: Modifying CA CRL by removing one cert ==============="
+  CU_ACTION="Modify CRL by removing one cert"
+  sleep 2
+  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
+  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1} \
+      -i ${CRL_FILE_GRP_1}_or1 <<EOF_CRLINI
+update=$CRLUPDATE
+rmcert  ${UNREVOKED_CERT_GRP_1}
+EOF_CRLINI
+  chmod 600 ${CRL_FILE_GRP_1}
+  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1"
+
+
+  CU_ACTION="Modify CRL (DSA) by removing one cert"
+  sleep 2
+  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
+  crlu -d $CADIR -M -n "TestCA-dsa" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1} \
+      -i ${CRL_FILE_GRP_1}_or1 <<EOF_CRLINI
+update=$CRLUPDATE
+rmcert  ${UNREVOKED_CERT_GRP_1}
+EOF_CRLINI
+  chmod 600 ${CRL_FILE_GRP_1}
+  TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-dsa"
+
+
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Modify CRL (ECC) by removing one cert"
+      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_1}-ec \
+	  -i ${CRL_FILE_GRP_1}_or1-ec <<EOF_CRLINI
+update=$CRLUPDATE
+rmcert  ${UNREVOKED_CERT_GRP_1}
+EOF_CRLINI
+      chmod 600 ${CRL_FILE_GRP_1}-ec
+      TEMPFILES="$TEMPFILES ${CRL_FILE_GRP_1}_or1-ec"
+  fi
+
+  ########### Creating second CRL which includes groups 1 and 2 ##############
+  CRL_GRP_END=`expr ${CRL_GRP_2_BEGIN} + ${CRL_GRP_2_RANGE} - 1`
+  CRL_FILE_GRP_2=${R_SERVERDIR}/root.crl_${CRL_GRP_2_BEGIN}-${CRL_GRP_END}
+
+  echo "$SCRIPTNAME: Creating CA CRL for groups 1 and 2  ==============="
+  sleep 2
+  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
+  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
+  CU_ACTION="Creating CRL for groups 1 and 2"
+  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2} \
+          -i ${CRL_FILE_GRP_1} <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_2_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
+addext invalidityDate 0 $CRLUPDATE
+rmcert  ${UNREVOKED_CERT_GRP_2}
+EOF_CRLINI
+  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  chmod 600 ${CRL_FILE_GRP_2}
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Creating CRL (ECC) for groups 1 and 2"
+      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_2}-ec \
+          -i ${CRL_FILE_GRP_1}-ec <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_2_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
+addext invalidityDate 0 $CRLUPDATE
+rmcert  ${UNREVOKED_CERT_GRP_2}
+EOF_CRLINI
+      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+      chmod 600 ${CRL_FILE_GRP_2}-ec
+  fi
+
+  ########### Creating second CRL which includes groups 1, 2 and 3 ##############
+  CRL_GRP_END=`expr ${CRL_GRP_3_BEGIN} + ${CRL_GRP_3_RANGE} - 1`
+  CRL_FILE_GRP_3=${R_SERVERDIR}/root.crl_${CRL_GRP_3_BEGIN}-${CRL_GRP_END}
+
+
+
+  echo "$SCRIPTNAME: Creating CA CRL for groups 1, 2 and 3  ==============="
+  sleep 2
+  CRLUPDATE=`date -u "+%Y%m%d%H%M%SZ"`
+  CRL_GRP_DATE=`date -u "+%Y%m%d%H%M%SZ"`
+  CU_ACTION="Creating CRL for groups 1, 2 and 3"
+  crlu -d $CADIR -M -n "TestCA" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3} \
+            -i ${CRL_FILE_GRP_2} <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_3_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
+rmcert  ${UNREVOKED_CERT_GRP_3}
+addext crlNumber 0 2
+EOF_CRLINI
+  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  chmod 600 ${CRL_FILE_GRP_3}
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Creating CRL (ECC) for groups 1, 2 and 3"
+      crlu -d $CADIR -M -n "TestCA-ec" -f ${R_PWFILE} -o ${CRL_FILE_GRP_3}-ec \
+          -i ${CRL_FILE_GRP_2}-ec <<EOF_CRLINI
+update=$CRLUPDATE
+addcert ${CRL_GRP_3_BEGIN}-${CRL_GRP_END} $CRL_GRP_DATE
+rmcert  ${UNREVOKED_CERT_GRP_3}
+addext crlNumber 0 2
+EOF_CRLINI
+      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+      chmod 600 ${CRL_FILE_GRP_3}-ec
+  fi
+
+  ############ Importing Server CA Issued CRL for certs of first group #######
+
+  echo "$SCRIPTNAME: Importing Server CA Issued CRL for certs ${CRL_GRP_BEGIN} trough ${CRL_GRP_END}"
+  CU_ACTION="Importing CRL for groups 1"
+  crlu -D -n TestCA  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
+  crlu -I -i ${CRL_FILE} -n "TestCA" -f "${R_PWFILE}" -d "${R_SERVERDIR}"
+  CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      CU_ACTION="Importing CRL (ECC) for groups 1"
+      crlu -D -n TestCA-ec  -f "${R_PWFILE}" -d "${R_SERVERDIR}"
+      crlu -I -i ${CRL_FILE}-ec -n "TestCA-ec" -f "${R_PWFILE}" \
+	  -d "${R_SERVERDIR}"
+      CRL_GEN_RES=`expr $? + $CRL_GEN_RES`
+  fi
+
+  if [ "$CERTFAILED" != 0 -o "$CRL_GEN_RES" != 0 ] ; then
+      cert_log "ERROR: SSL CRL prep failed $CERTFAILED : $CRL_GEN_RES"
+  else
+      cert_log "SUCCESS: SSL CRL prep passed"
+  fi
+}
+
+#################
+# Verify the we can successfully change the password on the database
+#
+cert_test_password()
+{
+  CERTFAILED=0
+  echo "$SCRIPTNAME: Create A Password Test Cert  =============="
+  cert_init_cert "${DBPASSDIR}" "Password Test Cert" 1000 "${D_DBPASSDIR}"
+
+  echo "$SCRIPTNAME: Create A Password Test Ca  --------"
+  ALL_CU_SUBJECT="CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  cert_CA ${DBPASSDIR} PasswordCA -x "CTu,CTu,CTu" ${D_DBPASS} "1"
+
+  # now change the password
+  CU_ACTION="Changing password on ${CERTNAME}'s Cert DB"
+  certu -W -d "${PROFILEDIR}" -f "${R_PWFILE}" -@ "${R_FIPSPWFILE}" 2>&1
+
+  # finally make sure we can use the old key with the new password
+  CU_ACTION="Generate Certificate for ${CERTNAME} with new password"
+  CU_SUBJECT="CN=${CERTNAME}, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  certu -S -n PasswordCert -c PasswordCA -t "u,u,u" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -z "${R_NOISE_FILE}" 2>&1
+  if [ "$RET" -eq 0 ]; then
+    cert_log "SUCCESS: PASSWORD passed"
+  fi
+  CU_ACTION="Verify Certificate for ${CERTNAME} with new password"
+  certu -V -n PasswordCert -u S -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" 2>&1
+}
+
+###############################
+# test if we can distrust a certificate.
+#
+# we create 3 new certs:
+#   1 leaf signed by the trusted root.
+#   1 intermediate signed by the trusted root.
+#   1 leaf signed by the intermediate.
+#
+#  we mark the first leaf and the intermediate as explicitly untrusted.
+#  we then try to verify the two leaf certs for our possible usages.
+#  All verification should fail.
+# 
+cert_test_distrust()
+{
+  echo "$SCRIPTNAME: Creating Distrusted Certificate"
+  cert_create_cert ${DISTRUSTDIR} "Distrusted" 2000 ${D_DISTRUST}
+  CU_ACTION="Mark CERT as unstrusted"
+  certu -M -n "Distrusted" -t p,p,p -d ${PROFILEDIR} -f "${R_PWFILE}" 2>&1
+  echo "$SCRIPTNAME: Creating Distrusted Intermediate"
+  CERTNAME="DistrustedCA"
+  ALL_CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  cert_CA ${CADIR} "${CERTNAME}" "-c TestCA" ",," ${D_CA} 2010 2>&1
+  CU_ACTION="Import Distrusted Intermediate"
+  certu -A -n "${CERTNAME}" -t "p,p,p" -f "${R_PWFILE}" -d "${PROFILEDIR}" \
+          -i "${R_CADIR}/DistrustedCA.ca.cert" 2>&1
+
+  # now create the last leaf signed by our distrusted CA
+  # since it's not signed by TestCA it requires more steps.
+  CU_ACTION="Generate Cert Request for Leaf Chained to Distrusted CA"
+  CERTNAME="LeafChainedToDistrustedCA"
+  CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+  certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1
+
+  CU_ACTION="Sign ${CERTNAME}'s Request"
+  cp ${CERTDIR}/req ${CADIR}
+  certu -C -c "DistrustedCA" -m 100 -v 60 -d "${P_R_CADIR}" \
+        -i req -o "${CERTNAME}.cert" -f "${R_PWFILE}" 2>&1
+
+  CU_ACTION="Import $CERTNAME's Cert  -t u,u,u"
+  certu -A -n "$CERTNAME" -t "u,u,u" -d "${PROFILEDIR}" -f "${R_PWFILE}" \
+        -i "${CERTNAME}.cert" 2>&1
+
+  RETEXPECTED=255
+  CU_ACTION="Verify ${CERTNAME} Cert for SSL Server"
+  certu -V -n ${CERTNAME} -u V -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for SSL Client"
+  certu -V -n ${CERTNAME} -u C -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for Email signer"
+  certu -V -n ${CERTNAME} -u S -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for Email recipient"
+  certu -V -n ${CERTNAME} -u R -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for OCSP responder"
+  certu -V -n ${CERTNAME} -u O -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for Object Signer"
+  certu -V -n ${CERTNAME} -u J -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+
+  CERTNAME="Distrusted"
+  CU_ACTION="Verify ${CERTNAME} Cert for SSL Server"
+  certu -V -n ${CERTNAME} -u V -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for SSL Client"
+  certu -V -n ${CERTNAME} -u C -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for Email signer"
+  certu -V -n ${CERTNAME} -u S -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for Email recipient"
+  certu -V -n ${CERTNAME} -u R -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for OCSP responder"
+  certu -V -n ${CERTNAME} -u O -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  CU_ACTION="Verify ${CERTNAME} Cert for Object Signer"
+  certu -V -n ${CERTNAME} -u J -d "${PROFILEDIR}" -f "${R_PWFILE}" 2>&1
+  RETEXPECTED=0
+}
+
+cert_test_ocspresp()
+{
+  echo "$SCRIPTNAME: OCSP response creation selftest"
+  OR_ACTION="perform selftest"
+  RETEXPECTED=0
+  ocspr ${SERVER_CADIR} "serverCA" "chain-1-serverCA" -f "${R_PWFILE}" 2>&1
+}
+
+############################## cert_cleanup ############################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+cert_cleanup()
+{
+  cert_log "$SCRIPTNAME: finished $SCRIPTNAME"
+  html "</TABLE><BR>" 
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+cert_init 
+cert_all_CA
+cert_extended_ssl 
+cert_ssl 
+cert_smime_client        
+if [ -z "$NSS_TEST_DISABLE_FIPS" ]; then
+    cert_fips
+fi
+cert_eccurves
+cert_extensions
+cert_san_and_generic_extensions
+cert_test_password
+cert_test_distrust
+cert_test_ocspresp
+
+if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
+    cert_crl_ssl
+else
+    echo "$SCRIPTNAME: Skipping CRL Tests"
+fi
+
+if [ -n "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then
+    cert_stresscerts 
+fi
+
+cert_iopr_setup
+
+cert_cleanup
diff --git a/nss/tests/cert/certext.txt b/nss/tests/cert/certext.txt
new file mode 100644
index 0000000..4bcda81
--- /dev/null
+++ b/nss/tests/cert/certext.txt
@@ -0,0 +1,130 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# File syntax:
+# '#' comments.
+# If the line starts from '!'('! TEST_N Test Name String'),
+# then  'Test Name String' will be the name of a test(starting
+# from second space till the rest of the line).
+# All uncommented lines are hard codded answers to certutil
+# extension questions.
+# Line '= N string1|string2|string3': '=' is a stop sign
+# of certutil inputs and start of the test. 'N' is the number
+# of extension that will be tested. 'string1|string2|string3'
+# are grep patterns for test result verification. '_' in stringN
+# will be replaced to a space.
+# ################################################################
+! TEST_1 Certificate Key Usage Extension
+0
+1
+2
+3
+4
+5
+6
+10
+n
+= 1 Certificate_Key_Usage|Digital_Signature|Non-Repudiation|Key_Encipherment|Data_Encipherment|Key_Agreement|Certificate_Signing|CRL_Signing
+# ################################################################
+! TEST_2 Certificate Key Usage Extension
+0
+1
+2
+3
+4
+5
+6
+10
+y
+= 1 Certificate_Key_Usage|Digital_Signature|Critical:_True
+# ################################################################
+! TEST_3 Certificate Basic Constraints Extension
+y
+-1
+n
+= 2 Name:_Certificate_Basic_Constraints|Data:_Is_a_CA_with_no_maximum
+# ################################################################
+! TEST_4 Certificate Basic Constraints Extension
+n
+-1
+y
+= 2 Name:_Certificate_Basic_Constraints|Data:_Is_not_a_CA|Critical:_True
+# ################################################################
+! TEST_5 Certificate Authority Key Identifier Extension
+y
+12341235123
+
+
+y
+= 3 Name:_Certificate_Authority_Key_Identifier|Critical:_True|Key_ID:|12341235123
+# ################################################################
+! TEST_6 Certificate Authority Key Identifier Extension
+y
+
+3
+test.com
+
+214123
+y
+= 3 Name:_Certificate_Authority_Key_Identifier|Critical:_True|Issuer:|DNS_name:_"test.com"|Serial_Number:|214123
+# ################################################################
+! TEST_7 CRL Distribution Points Extension
+1
+2
+rfc822@name.tld
+3
+test.com
+8
+1.2.3.4
+9
+OID.0.2.213
+10
+0
+10
+n
+n
+= 4 Name:_CRL_Distribution_Points|rfc822@name.tld
+# #################################################################
+! TEST_8 CRL Distribution Points Extension
+2
+SN=asdfsdf
+4
+3
+test.com
+10
+n
+n
+= 4 Name:_CRL_Distribution_Points|asdfsdf|Reasons:|DNS_name:_"test.com"
+# ################################################################
+! TEST_9 Certificate Type Extension
+0
+1
+2
+10
+n
+= 5 Name:_Certificate_Type|Data:_<SSL_Client,SSL_Server,S/MIME>
+# ################################################################
+! TEST_10 Extended Key Usage Extension
+0
+1
+2
+3
+4
+5
+6
+10
+y
+= 6 Name:_Extended_Key_Usage|Critical:_True|TLS_Web_Server_Authentication_Certificate|TLS_Web_Client_Authentication_Certificate|Code_Signing_Certificate|E-Mail_Protection_Certificate|Time_Stamping_Certifcate|OCSP_Responder_Certificate|Strong_Crypto_Export_Approved
+# ################################################################
+! TEST_11 Certificate Key Usage Extension
+
+1
+2
+3
+4
+5
+6
+10
+n
+= 1 Certificate_Key_Usage|!Digital_Signature|Non-Repudiation|Key_Encipherment|Data_Encipherment|Key_Agreement|Certificate_Signing|CRL_Signing
diff --git a/nss/tests/chains/chains.sh b/nss/tests/chains/chains.sh
new file mode 100755
index 0000000..4c3fa57
--- /dev/null
+++ b/nss/tests/chains/chains.sh
@@ -0,0 +1,1308 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/cert/chains.sh
+#
+# Script to test certificate chains validity. 
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+########################################################################
+
+########################### is_httpserv_alive ##########################
+# local shell function to exit with a fatal error if selfserver is not
+# running
+########################################################################
+is_httpserv_alive()
+{
+  if [ ! -f "${HTTPPID}" ]; then
+      echo "$SCRIPTNAME: Error - httpserv PID file ${HTTPPID} doesn't exist"
+      sleep 5
+      if [ ! -f "${HTTPPID}" ]; then
+          Exit 9 "Fatal - httpserv pid file ${HTTPPID} does not exist"
+      fi
+  fi
+  
+  if [ "${OS_ARCH}" = "WINNT" ] && \
+     [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
+      PID=${SHELL_HTTPPID}
+  else
+      PID=`cat ${HTTPPID}`
+  fi
+
+  echo "kill -0 ${PID} >/dev/null 2>/dev/null" 
+  kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - httpserv process not detectable"
+
+  echo "httpserv with PID ${PID} found at `date`"
+}
+
+########################### wait_for_httpserv ##########################
+# local shell function to wait until httpserver is running and initialized
+########################################################################
+wait_for_httpserv()
+{
+  echo "trying to connect to httpserv at `date`"
+  echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
+  ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
+  if [ $? -ne 0 ]; then
+      sleep 5
+      echo "retrying to connect to httpserv at `date`"
+      echo "tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v"
+      ${BINDIR}/tstclnt -p ${NSS_AIA_PORT} -h ${HOSTADDR} -q -v
+      if [ $? -ne 0 ]; then
+          html_failed "Waiting for Server"
+      fi
+  fi
+  is_httpserv_alive
+}
+
+########################### kill_httpserv ##############################
+# local shell function to kill the httpserver after the tests are done
+########################################################################
+kill_httpserv()
+{
+  if [ "${OS_ARCH}" = "WINNT" ] && \
+     [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
+      PID=${SHELL_HTTPPID}
+  else
+      PID=`cat ${HTTPPID}`
+  fi
+
+  echo "trying to kill httpserv with PID ${PID} at `date`"
+
+  if [ "${OS_ARCH}" = "WINNT" -o "${OS_ARCH}" = "WIN95" -o "${OS_ARCH}" = "OS2" ]; then
+      echo "${KILL} ${PID}"
+      ${KILL} ${PID}
+  else
+      echo "${KILL} -USR1 ${PID}"
+      ${KILL} -USR1 ${PID}
+  fi
+  wait ${PID}
+
+  # On Linux httpserv needs up to 30 seconds to fully die and free
+  # the port.  Wait until the port is free. (Bug 129701)
+  if [ "${OS_ARCH}" = "Linux" ]; then
+      echo "httpserv -b -p ${NSS_AIA_PORT} 2>/dev/null;"
+      until ${BINDIR}/httpserv -b -p ${NSS_AIA_PORT} 2>/dev/null; do
+          echo "RETRY: httpserv -b -p ${NSS_AIA_PORT} 2>/dev/null;"
+          sleep 1
+      done
+  fi
+
+  echo "httpserv with PID ${PID} killed at `date`"
+
+  rm ${HTTPPID}
+  html_detect_core "kill_httpserv core detection step"
+}
+
+########################### start_httpserv #############################
+# local shell function to start the httpserver with the parameters required 
+# for this test and log information (parameters, start time)
+# also: wait until the server is up and running
+########################################################################
+start_httpserv()
+{
+  HTTP_METHOD=$1
+
+  if [ -n "$testname" ] ; then
+      echo "$SCRIPTNAME: $testname ----"
+  fi
+  echo "httpserv starting at `date`"
+  ODDIR="${HOSTDIR}/chains/OCSPD"
+  echo "httpserv -D -p ${NSS_AIA_PORT} ${SERVER_OPTIONS} \\"
+  echo "         -A OCSPRoot -C ${ODDIR}/OCSPRoot.crl -A OCSPCA1 -C ${ODDIR}/OCSPCA1.crl \\"
+  echo "         -A OCSPCA2  -C ${ODDIR}/OCSPCA2.crl  -A OCSPCA3 -C ${ODDIR}/OCSPCA3.crl \\"
+  echo "         -O ${HTTP_METHOD} -d ${ODDIR}/ServerDB/ -f ${ODDIR}/ServerDB/dbpasswd \\"
+  echo "         -i ${HTTPPID} $verbose &"
+  ${PROFTOOL} ${BINDIR}/httpserv -D -p ${NSS_AIA_PORT} ${SERVER_OPTIONS} \
+                 -A OCSPRoot -C ${ODDIR}/OCSPRoot.crl -A OCSPCA1 -C ${ODDIR}/OCSPCA1.crl \
+                 -A OCSPCA2  -C ${ODDIR}/OCSPCA2.crl  -A OCSPCA3 -C ${ODDIR}/OCSPCA3.crl \
+                 -O ${HTTP_METHOD} -d ${ODDIR}/ServerDB/ -f ${ODDIR}/ServerDB/dbpasswd \
+                 -i ${HTTPPID} $verbose &
+  RET=$?
+
+  # The PID $! returned by the MKS or Cygwin shell is not the PID of
+  # the real background process, but rather the PID of a helper
+  # process (sh.exe).  MKS's kill command has a bug: invoking kill
+  # on the helper process does not terminate the real background
+  # process.  Our workaround has been to have httpserv save its PID
+  # in the ${HTTPPID} file and "kill" that PID instead.  But this
+  # doesn't work under Cygwin; its kill command doesn't recognize
+  # the PID of the real background process, but it does work on the
+  # PID of the helper process.  So we save the value of $! in the
+  # SHELL_HTTPPID variable, and use it instead of the ${HTTPPID}
+  # file under Cygwin.  (In fact, this should work in any shell
+  # other than the MKS shell.)
+  SHELL_HTTPPID=$!
+  wait_for_httpserv
+
+  if [ "${OS_ARCH}" = "WINNT" ] && \
+     [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
+      PID=${SHELL_HTTPPID}
+  else
+      PID=`cat ${HTTPPID}`
+  fi
+
+  echo "httpserv with PID ${PID} started at `date`"
+}
+
+############################# chains_init ##############################
+# local shell function to initialize this script
+########################################################################
+chains_init()
+{
+    if [ -z "${CLEANUP}" ] ; then   # if nobody else is responsible for
+        CLEANUP="${SCRIPTNAME}"     # cleaning this script will do it
+    fi
+    if [ -z "${INIT_SOURCED}" ] ; then
+        cd ../common
+        . ./init.sh
+    fi
+
+    SCRIPTNAME="chains.sh"
+
+    CHAINS_DIR="${HOSTDIR}/chains"
+    mkdir -p ${CHAINS_DIR}
+    cd ${CHAINS_DIR}
+
+    CHAINS_SCENARIOS="${QADIR}/chains/scenarios/scenarios"
+
+    CERT_SN_CNT=$(date '+%m%d%H%M%S' | sed "s/^0*//")
+    CERT_SN_FIX=$(expr ${CERT_SN_CNT} - 1000)
+
+    PK7_NONCE=${CERT_SN_CNT}
+    SCEN_CNT=${CERT_SN_CNT}
+
+    AIA_FILES="${HOSTDIR}/aiafiles"
+
+    CU_DATA=${HOSTDIR}/cu_data
+    CRL_DATA=${HOSTDIR}/crl_data
+
+    DEFAULT_AIA_BASE_PORT=$(expr ${PORT:-8631} + 10)
+    NSS_AIA_PORT=${NSS_AIA_PORT:-$DEFAULT_AIA_BASE_PORT}
+    DEFAULT_UNUSED_PORT=$(expr ${PORT:-8631} + 11)
+    NSS_UNUSED_PORT=${NSS_UNUSED_PORT:-$DEFAULT_UNUSED_PORT}
+    NSS_AIA_HTTP=${NSS_AIA_HTTP:-"http://${HOSTADDR}:${NSS_AIA_PORT}"}
+    NSS_AIA_PATH=${NSS_AIA_PATH:-$HOSTDIR/aiahttp}
+    NSS_AIA_OCSP=${NSS_AIA_OCSP:-$NSS_AIA_HTTP/ocsp}
+    NSS_OCSP_UNUSED=${NSS_AIA_OCSP_UNUSED:-"http://${HOSTADDR}:${NSS_UNUSED_PORT}"}
+
+    html_head "Certificate Chains Tests"
+}
+
+chains_run_httpserv()
+{
+    HTTP_METHOD=$1
+
+    if [ -n "${NSS_AIA_PATH}" ]; then
+        HTTPPID=${NSS_AIA_PATH}/http_pid.$$
+        mkdir -p "${NSS_AIA_PATH}"
+        SAVEPWD=`pwd`
+        cd "${NSS_AIA_PATH}"
+        # Start_httpserv sets environment variables, which are required for
+        # correct cleanup. (Running it in a subshell doesn't work, the
+        # value of $SHELL_HTTPPID wouldn't arrive in this scope.)
+        start_httpserv ${HTTP_METHOD}
+        cd "${SAVEPWD}"
+    fi
+}
+
+chains_stop_httpserv()
+{
+    if [ -n "${NSS_AIA_PATH}" ]; then
+        kill_httpserv
+    fi
+}
+
+############################ chains_cleanup ############################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+chains_cleanup()
+{
+    html "</TABLE><BR>"
+    cd ${QADIR}
+    . common/cleanup.sh
+}
+
+############################ print_cu_data #############################
+# local shell function to print certutil input data
+########################################################################
+print_cu_data()
+{
+    echo "=== Certutil input data ==="
+    cat ${CU_DATA}
+    echo "==="
+}
+
+set_cert_sn()
+{
+    if [ -z "${SERIAL}" ]; then
+        CERT_SN_CNT=$(expr ${CERT_SN_CNT} + 1)
+        CERT_SN=${CERT_SN_CNT}
+    else
+        echo ${SERIAL} | cut -b 1 | grep '+' > /dev/null
+        if [ $? -eq 0 ]; then
+            CERT_SN=$(echo ${SERIAL} | cut -b 2-)
+            CERT_SN=$(expr ${CERT_SN_FIX} + ${CERT_SN})
+        else
+            CERT_SN=${SERIAL}
+        fi 
+    fi
+}
+
+############################# create_db ################################
+# local shell function to create certificate database
+########################################################################
+create_db()
+{
+    DB=$1
+
+    [ -d "${DB}" ] && rm -rf ${DB}
+    mkdir -p ${DB}
+
+    echo "${DB}passwd" > ${DB}/dbpasswd
+
+    TESTNAME="Creating DB ${DB}"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "certutil -N -d ${DB} -f ${DB}/dbpasswd" 
+    ${BINDIR}/certutil -N -d ${DB} -f ${DB}/dbpasswd
+    html_msg $? 0 "${SCENARIO}${TESTNAME}" 
+}
+
+########################### create_root_ca #############################
+# local shell function to generate self-signed root certificate
+########################################################################
+create_root_ca()
+{
+    ENTITY=$1
+    ENTITY_DB=${ENTITY}DB
+
+    set_cert_sn
+    date >> ${NOISE_FILE} 2>&1
+
+    CTYPE_OPT=
+    if [ -n "${CTYPE}" ]; then
+        CTYPE_OPT="-k ${CTYPE}"
+    fi
+
+    echo "5
+6
+9
+n
+y
+-1
+n
+5
+6
+7
+9
+n
+" > ${CU_DATA}
+
+    TESTNAME="Creating Root CA ${ENTITY}"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "certutil -s \"CN=${ENTITY} ROOT CA, O=${ENTITY}, C=US\" -S -n ${ENTITY} ${CTYPE_OPT} -t CTu,CTu,CTu -v 600 -x -d ${ENTITY_DB} -1 -2 -5 -f ${ENTITY_DB}/dbpasswd -z ${NOISE_FILE} -m ${CERT_SN} < ${CU_DATA}"
+    print_cu_data
+    ${BINDIR}/certutil -s "CN=${ENTITY} ROOT CA, O=${ENTITY}, C=US" -S -n ${ENTITY} ${CTYPE_OPT} -t CTu,CTu,CTu -v 600 -x -d ${ENTITY_DB} -1 -2 -5 -f ${ENTITY_DB}/dbpasswd -z ${NOISE_FILE} -m ${CERT_SN} < ${CU_DATA}
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+
+    TESTNAME="Exporting Root CA ${ENTITY}.der"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "certutil -L -d ${ENTITY_DB} -r -n ${ENTITY} -o ${ENTITY}.der"
+    ${BINDIR}/certutil -L -d ${ENTITY_DB} -r -n ${ENTITY} -o ${ENTITY}.der
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+########################### create_cert_req ############################
+# local shell function to generate certificate sign request
+########################################################################
+create_cert_req()
+{
+    ENTITY=$1
+    TYPE=$2
+
+    ENTITY_DB=${ENTITY}DB
+
+    REQ=${ENTITY}Req.der
+
+    date >> ${NOISE_FILE} 2>&1
+
+    CTYPE_OPT=
+    if [ -n "${CTYPE}" ]; then
+        CTYPE_OPT="-k ${CTYPE}"
+    fi
+
+    CA_FLAG=
+    EXT_DATA=
+    OPTIONS=
+
+    if [ "${TYPE}" != "EE" ]; then
+        CA_FLAG="-2"
+        EXT_DATA="y
+-1
+y
+"
+    fi
+
+    process_crldp
+
+    echo "${EXT_DATA}" > ${CU_DATA}
+
+    TESTNAME="Creating ${TYPE} certifiate request ${REQ}"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "certutil -s \"CN=${ENTITY} ${TYPE}, O=${ENTITY}, C=US\" ${CTYPE_OPT} -R ${CA_FLAG} -d ${ENTITY_DB} -f ${ENTITY_DB}/dbpasswd -z ${NOISE_FILE} -o ${REQ} ${OPTIONS} < ${CU_DATA}"
+    print_cu_data
+    ${BINDIR}/certutil -s "CN=${ENTITY} ${TYPE}, O=${ENTITY}, C=US" ${CTYPE_OPT} -R ${CA_FLAG} -d ${ENTITY_DB} -f ${ENTITY_DB}/dbpasswd -z ${NOISE_FILE} -o ${REQ} ${OPTIONS} < ${CU_DATA} 
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+############################ create_entity #############################
+# local shell function to create certificate chain entity
+########################################################################
+create_entity()
+{
+    ENTITY=$1
+    TYPE=$2
+
+    if [ -z "${ENTITY}" ]; then
+        echo "Configuration error: Unnamed entity"
+        exit 1
+    fi
+
+    DB=${ENTITY}DB
+    ENTITY_DB=${ENTITY}DB
+
+    case "${TYPE}" in
+    "Root")
+        create_db "${DB}"
+        create_root_ca "${ENTITY}"
+        ;;
+    "Intermediate" | "Bridge" | "EE")
+        create_db "${DB}"
+        create_cert_req "${ENTITY}" "${TYPE}"
+        ;;
+    "*")
+        echo "Configuration error: Unknown type ${TYPE}"
+        exit 1
+        ;;
+    esac
+}
+
+########################################################################
+# List of global variables related to certificate extensions processing:
+#
+# Generated by process_extensions and functions called from it:
+# OPTIONS - list of command line policy extensions 
+# DATA - list of inpud data related to policy extensions
+#
+# Generated by parse_config:
+# POLICY - list of certificate policies
+# MAPPING - list of policy mappings 
+# INHIBIT - inhibit flag
+# AIA - AIA list
+########################################################################
+
+############################ process_policy ############################
+# local shell function to process policy extension parameters and 
+# generate input for certutil
+########################################################################
+process_policy()
+{
+    if [ -n "${POLICY}" ]; then
+        OPTIONS="${OPTIONS} --extCP"
+
+        NEXT=
+        for ITEM in ${POLICY}; do
+            if [ -n "${NEXT}" ]; then
+                DATA="${DATA}y
+"
+            fi
+
+            NEXT=1
+            DATA="${DATA}${ITEM}
+1
+
+n
+"
+        done
+
+        DATA="${DATA}n
+n
+"
+    fi
+}
+
+########################### process_mapping ############################
+# local shell function to process policy mapping parameters and 
+# generate input for certutil
+########################################################################
+process_mapping()
+{
+    if [ -n "${MAPPING}" ]; then
+        OPTIONS="${OPTIONS} --extPM"
+
+        NEXT=
+        for ITEM in ${MAPPING}; do
+            if [ -n "${NEXT}" ]; then
+                DATA="${DATA}y
+"
+            fi
+
+            NEXT=1
+            IDP=`echo ${ITEM} | cut -d: -f1`
+            SDP=`echo ${ITEM} | cut -d: -f2`
+            DATA="${DATA}${IDP}
+${SDP}
+"
+        done
+
+        DATA="${DATA}n
+n
+"
+    fi
+}
+
+########################### process_inhibit#############################
+# local shell function to process inhibit extension and generate input 
+# for certutil
+########################################################################
+process_inhibit()
+{
+    if [ -n "${INHIBIT}" ]; then
+        OPTIONS="${OPTIONS} --extIA"
+
+        DATA="${DATA}${INHIBIT}
+n
+"
+    fi
+}
+
+############################# process_aia ##############################
+# local shell function to process AIA extension parameters and 
+# generate input for certutil
+########################################################################
+process_aia()
+{
+    if [ -n "${AIA}" ]; then
+        OPTIONS="${OPTIONS} --extAIA"
+
+        DATA="${DATA}1
+"
+
+        for ITEM in ${AIA}; do
+            PK7_NONCE=`expr $PK7_NONCE + 1`
+
+            echo ${ITEM} | grep ":" > /dev/null
+            if [ $? -eq 0 ]; then
+                CERT_NICK=`echo ${ITEM} | cut -d: -f1`
+                CERT_ISSUER=`echo ${ITEM} | cut -d: -f2`
+                CERT_LOCAL="${CERT_NICK}${CERT_ISSUER}.der"
+                CERT_PUBLIC="${HOST}-$$-${CERT_NICK}${CERT_ISSUER}-${PK7_NONCE}.der"
+            else
+                CERT_LOCAL="${ITEM}.p7"
+                CERT_PUBLIC="${HOST}-$$-${ITEM}-${PK7_NONCE}.p7"
+            fi
+
+            DATA="${DATA}7
+${NSS_AIA_HTTP}/${CERT_PUBLIC}
+"
+
+            if [ -n "${NSS_AIA_PATH}" ]; then
+                cp ${CERT_LOCAL} ${NSS_AIA_PATH}/${CERT_PUBLIC} 2> /dev/null
+                chmod a+r ${NSS_AIA_PATH}/${CERT_PUBLIC}
+                echo ${NSS_AIA_PATH}/${CERT_PUBLIC} >> ${AIA_FILES}
+            fi
+        done
+
+        DATA="${DATA}0
+n
+n"
+    fi
+}
+
+process_ocsp()
+{
+    if [ -n "${OCSP}" ]; then
+        OPTIONS="${OPTIONS} --extAIA"
+ 
+	if [ "${OCSP}" = "offline" ]; then
+	    MY_OCSP_URL=${NSS_OCSP_UNUSED}
+	else
+	    MY_OCSP_URL=${NSS_AIA_OCSP}
+	fi
+
+        DATA="${DATA}2
+7
+${MY_OCSP_URL}
+0
+n
+n
+"
+    fi
+}
+
+process_crldp()
+{
+    if [ -n "${CRLDP}" ]; then
+        OPTIONS="${OPTIONS} -4"
+
+        EXT_DATA="${EXT_DATA}1
+"
+
+        for ITEM in ${CRLDP}; do
+            CRL_PUBLIC="${HOST}-$$-${ITEM}-${SCEN_CNT}.crl"
+
+            EXT_DATA="${EXT_DATA}7
+${NSS_AIA_HTTP}/${CRL_PUBLIC}
+"
+        done
+
+        EXT_DATA="${EXT_DATA}-1
+-1
+-1
+n
+n
+"
+    fi
+}
+
+process_ku_ns_eku()
+{
+    if [ -n "${EXT_KU}" ]; then
+        OPTIONS="${OPTIONS} --keyUsage ${EXT_KU}"
+    fi
+    if [ -n "${EXT_NS}" ]; then
+        EXT_NS_KEY=$(echo ${EXT_NS} | cut -d: -f1)
+        EXT_NS_CODE=$(echo ${EXT_NS} | cut -d: -f2)
+
+        OPTIONS="${OPTIONS} --nsCertType ${EXT_NS_KEY}"
+        DATA="${DATA}${EXT_NS_CODE}
+-1
+n
+"
+    fi
+    if [ -n "${EXT_EKU}" ]; then
+        OPTIONS="${OPTIONS} --extKeyUsage ${EXT_EKU}"
+    fi
+}
+
+copy_crl()
+
+{
+    if [ -z "${NSS_AIA_PATH}" ]; then
+        return;
+    fi
+
+    CRL_LOCAL="${COPYCRL}.crl"
+    CRL_PUBLIC="${HOST}-$$-${COPYCRL}-${SCEN_CNT}.crl"
+
+    cp ${CRL_LOCAL} ${NSS_AIA_PATH}/${CRL_PUBLIC} 2> /dev/null
+    chmod a+r ${NSS_AIA_PATH}/${CRL_PUBLIC}
+    echo ${NSS_AIA_PATH}/${CRL_PUBLIC} >> ${AIA_FILES}
+}
+
+########################## process_extension ###########################
+# local shell function to process entity extension parameters and 
+# generate input for certutil
+########################################################################
+process_extensions()
+{
+    OPTIONS=
+    DATA=
+
+    process_policy
+    process_mapping
+    process_inhibit
+    process_aia
+    process_ocsp
+    process_ku_ns_eku
+}
+
+############################## sign_cert ###############################
+# local shell function to sign certificate sign reuqest
+########################################################################
+sign_cert()
+{
+    ENTITY=$1
+    ISSUER=$2
+    TYPE=$3
+
+    [ -z "${ISSUER}" ] && return
+
+    ENTITY_DB=${ENTITY}DB
+    ISSUER_DB=${ISSUER}DB
+    REQ=${ENTITY}Req.der
+    CERT=${ENTITY}${ISSUER}.der
+
+    set_cert_sn
+
+    EMAIL_OPT=
+    if [ "${TYPE}" = "Bridge" ]; then
+        EMAIL_OPT="-7 ${ENTITY}@${ISSUER}"
+
+        [ -n "${EMAILS}" ] && EMAILS="${EMAILS},"
+        EMAILS="${EMAILS}${ENTITY}@${ISSUER}"
+    fi
+
+    process_extensions 
+
+    echo "${DATA}" > ${CU_DATA}
+
+    TESTNAME="Creating certficate ${CERT} signed by ${ISSUER}"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "certutil -C -c ${ISSUER} -v 60 -d ${ISSUER_DB} -i ${REQ} -o ${CERT} -f ${ISSUER_DB}/dbpasswd -m ${CERT_SN} ${EMAIL_OPT} ${OPTIONS} < ${CU_DATA}"
+    print_cu_data
+    ${BINDIR}/certutil -C -c ${ISSUER} -v 60 -d ${ISSUER_DB} -i ${REQ} -o ${CERT} -f ${ISSUER_DB}/dbpasswd -m ${CERT_SN} ${EMAIL_OPT} ${OPTIONS} < ${CU_DATA}
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+
+    TESTNAME="Importing certificate ${CERT} to ${ENTITY_DB} database"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "certutil -A -n ${ENTITY} -t u,u,u -d ${ENTITY_DB} -f ${ENTITY_DB}/dbpasswd -i ${CERT}"
+    ${BINDIR}/certutil -A -n ${ENTITY} -t u,u,u -d ${ENTITY_DB} -f ${ENTITY_DB}/dbpasswd -i ${CERT}
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+############################# create_pkcs7##############################
+# local shell function to package bridge certificates into pkcs7 
+# package
+########################################################################
+create_pkcs7()
+{
+    ENTITY=$1
+    ENTITY_DB=${ENTITY}DB
+
+    TESTNAME="Generating PKCS7 package from ${ENTITY_DB} database"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "cmsutil -O -r \"${EMAILS}\" -d ${ENTITY_DB} > ${ENTITY}.p7"
+    ${BINDIR}/cmsutil -O -r "${EMAILS}" -d ${ENTITY_DB} > ${ENTITY}.p7
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+############################# import_key ###############################
+# local shell function to import private key + cert into database
+########################################################################
+import_key()
+{
+    KEY_NAME=$1.p12
+    DB=$2
+
+    KEY_FILE=../OCSPD/${KEY_NAME}
+
+    TESTNAME="Importing p12 key ${KEY_NAME} to ${DB} database"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "${BINDIR}/pk12util -d ${DB} -i ${KEY_FILE} -k ${DB}/dbpasswd -W nssnss"
+    ${BINDIR}/pk12util -d ${DB} -i ${KEY_FILE} -k ${DB}/dbpasswd -W nssnss
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+export_key()
+{
+    KEY_NAME=$1.p12
+    DB=$2
+
+    TESTNAME="Exporting $1 as ${KEY_NAME} from ${DB} database"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "${BINDIR}/pk12util -d ${DB} -o ${KEY_NAME} -n $1 -k ${DB}/dbpasswd -W nssnss"
+    ${BINDIR}/pk12util -d ${DB} -o ${KEY_NAME} -n $1 -k ${DB}/dbpasswd -W nssnss
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+############################# import_cert ##############################
+# local shell function to import certificate into database
+########################################################################
+import_cert()
+{
+    IMPORT=$1
+    DB=$2
+
+    CERT_NICK=`echo ${IMPORT} | cut -d: -f1`
+    CERT_ISSUER=`echo ${IMPORT} | cut -d: -f2`
+    CERT_TRUST=`echo ${IMPORT} | cut -d: -f3`
+
+    if [ "${CERT_ISSUER}" = "x" ]; then
+        CERT_ISSUER=
+        CERT=${CERT_NICK}.cert
+        CERT_FILE="${QADIR}/libpkix/certs/${CERT}"
+    elif [ "${CERT_ISSUER}" = "d" ]; then
+        CERT_ISSUER=
+        CERT=${CERT_NICK}.der
+        CERT_FILE="../OCSPD/${CERT}"
+    else
+        CERT=${CERT_NICK}${CERT_ISSUER}.der
+        CERT_FILE=${CERT}
+    fi
+
+    IS_ASCII=`grep -c -- "-----BEGIN CERTIFICATE-----" ${CERT_FILE}`
+
+    ASCII_OPT=
+    if [ "${IS_ASCII}" -gt 0 ]; then
+        ASCII_OPT="-a"
+    fi
+   
+    TESTNAME="Importing certificate ${CERT} to ${DB} database"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "certutil -A -n ${CERT_NICK} ${ASCII_OPT} -t \"${CERT_TRUST}\" -d ${DB} -f ${DB}/dbpasswd -i ${CERT_FILE}"
+    ${BINDIR}/certutil -A -n ${CERT_NICK} ${ASCII_OPT} -t "${CERT_TRUST}" -d ${DB} -f ${DB}/dbpasswd -i ${CERT_FILE} 
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+import_crl()
+{
+    IMPORT=$1
+    DB=$2
+
+    CRL_NICK=`echo ${IMPORT} | cut -d: -f1`
+    CRL_FILE=${CRL_NICK}.crl
+
+    if [ ! -f "${CRL_FILE}" ]; then
+        return
+    fi 
+
+    TESTNAME="Importing CRL ${CRL_FILE} to ${DB} database"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "crlutil -I -d ${DB} -f ${DB}/dbpasswd -i ${CRL_FILE}"
+    ${BINDIR}/crlutil -I -d ${DB} -f ${DB}/dbpasswd -i ${CRL_FILE} 
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+create_crl()
+{
+    ISSUER=$1
+    ISSUER_DB=${ISSUER}DB
+
+    CRL=${ISSUER}.crl
+
+    DATE=$(date -u '+%Y%m%d%H%M%SZ')
+    DATE_LAST="${DATE}"
+
+    UPDATE=$(expr $(date -u '+%Y') + 1)$(date -u '+%m%d%H%M%SZ')
+
+    echo "update=${DATE}" > ${CRL_DATA}
+    echo "nextupdate=${UPDATE}" >> ${CRL_DATA}
+
+    TESTNAME="Create CRL for ${ISSUER_DB}"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "crlutil -G -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL}"
+    echo "=== Crlutil input data ==="
+    cat ${CRL_DATA}
+    echo "==="
+    ${BINDIR}/crlutil -G -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL} < ${CRL_DATA}
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+revoke_cert()
+{
+    ISSUER=$1
+    ISSUER_DB=${ISSUER}DB
+
+    CRL=${ISSUER}.crl
+
+    set_cert_sn
+
+    DATE=$(date -u '+%Y%m%d%H%M%SZ')
+    while [ "${DATE}" = "${DATE_LAST}" ]; do
+        sleep 1
+        DATE=$(date -u '+%Y%m%d%H%M%SZ')
+    done
+    DATE_LAST="${DATE}"
+
+    echo "update=${DATE}" > ${CRL_DATA}
+    echo "addcert ${CERT_SN} ${DATE}" >> ${CRL_DATA}
+
+    TESTNAME="Revoking certificate with SN ${CERT_SN} issued by ${ISSUER}"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "crlutil -M -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL}"
+    echo "=== Crlutil input data ==="
+    cat ${CRL_DATA}
+    echo "==="
+    ${BINDIR}/crlutil -M -d ${ISSUER_DB} -n ${ISSUER} -f ${ISSUER_DB}/dbpasswd -o ${CRL} < ${CRL_DATA}
+    html_msg $? 0 "${SCENARIO}${TESTNAME}"
+}
+
+########################################################################
+# List of global variables related to certificate verification:
+#
+# Generated by parse_config:
+# DB - DB used for testing
+# FETCH - fetch flag (used with AIA extension)
+# POLICY - list of policies
+# TRUST - trust anchor
+# TRUST_AND_DB - Examine both trust anchors and the cert db for trust
+# VERIFY - list of certificates to use as vfychain parameters
+# EXP_RESULT - expected result
+# REV_OPTS - revocation options
+########################################################################
+
+############################# verify_cert ##############################
+# local shell function to verify certificate validity
+########################################################################
+verify_cert()
+{
+    ENGINE=$1
+
+    DB_OPT=
+    FETCH_OPT=
+    POLICY_OPT=
+    TRUST_OPT=
+    VFY_CERTS=
+    VFY_LIST=
+    TRUST_AND_DB_OPT=
+
+    if [ -n "${DB}" ]; then
+        DB_OPT="-d ${DB}"
+    fi
+
+    if [ -n "${FETCH}" ]; then
+        FETCH_OPT="-f"
+        if [ -z "${NSS_AIA_HTTP}" ]; then
+            echo "${SCRIPTNAME} Skipping test using AIA fetching, NSS_AIA_HTTP not defined"
+            return
+        fi
+    fi
+
+    if [ -n "${TRUST_AND_DB}" ]; then
+        TRUST_AND_DB_OPT="-T"
+    fi
+
+    for ITEM in ${POLICY}; do
+        POLICY_OPT="${POLICY_OPT} -o ${ITEM}"
+    done
+
+    for ITEM in ${TRUST}; do
+        echo ${ITEM} | grep ":" > /dev/null
+        if [ $? -eq 0 ]; then
+            CERT_NICK=`echo ${ITEM} | cut -d: -f1`
+            CERT_ISSUER=`echo ${ITEM} | cut -d: -f2`
+            CERT=${CERT_NICK}${CERT_ISSUER}.der
+
+            TRUST_OPT="${TRUST_OPT} -t ${CERT}"
+        else
+            TRUST_OPT="${TRUST_OPT} -t ${ITEM}"
+        fi
+    done
+
+    for ITEM in ${VERIFY}; do
+        CERT_NICK=`echo ${ITEM} | cut -d: -f1`
+        CERT_ISSUER=`echo ${ITEM} | cut -d: -f2`
+
+        if [ "${CERT_ISSUER}" = "x" ]; then
+            CERT="${QADIR}/libpkix/certs/${CERT_NICK}.cert"
+            VFY_CERTS="${VFY_CERTS} ${CERT}"
+            VFY_LIST="${VFY_LIST} ${CERT_NICK}.cert"
+        elif [ "${CERT_ISSUER}" = "d" ]; then
+            CERT="../OCSPD/${CERT_NICK}.der"
+            VFY_CERTS="${VFY_CERTS} ${CERT}"
+            VFY_LIST="${VFY_LIST} ${CERT_NICK}.cert"
+        else
+            CERT=${CERT_NICK}${CERT_ISSUER}.der
+            VFY_CERTS="${VFY_CERTS} ${CERT}"
+            VFY_LIST="${VFY_LIST} ${CERT}"
+        fi
+    done
+
+    VFY_OPTS_TNAME="${DB_OPT} ${ENGINE} ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${TRUST_OPT}"
+    VFY_OPTS_ALL="${DB_OPT} ${ENGINE} -vv ${TRUST_AND_DB_OPT} ${REV_OPTS} ${FETCH_OPT} ${USAGE_OPT} ${POLICY_OPT} ${VFY_CERTS} ${TRUST_OPT}"
+
+    TESTNAME="Verifying certificate(s) ${VFY_LIST} with flags ${VFY_OPTS_TNAME}"
+    echo "${SCRIPTNAME}: ${TESTNAME}"
+    echo "vfychain ${VFY_OPTS_ALL}"
+
+    if [ -z "${MEMLEAK_DBG}" ]; then
+        VFY_OUT=$(${BINDIR}/vfychain ${VFY_OPTS_ALL} 2>&1)
+        RESULT=$?
+        echo "${VFY_OUT}"
+    else 
+        VFY_OUT=$(${RUN_COMMAND_DBG} ${BINDIR}/vfychain ${VFY_OPTS_ALL} 2>> ${LOGFILE})
+        RESULT=$?
+        echo "${VFY_OUT}"
+    fi
+
+    echo "${VFY_OUT}" | grep "ERROR -5990: I/O operation timed out" > /dev/null
+    E5990=$?
+    echo "${VFY_OUT}" | grep "ERROR -8030: Server returned bad HTTP response" > /dev/null
+    E8030=$?
+
+    if [ $E5990 -eq 0 -o $E8030 -eq 0 ]; then
+        echo "Result of this test is not valid due to network time out."
+        html_unknown "${SCENARIO}${TESTNAME}"
+        return
+    fi
+
+    echo "Returned value is ${RESULT}, expected result is ${EXP_RESULT}"
+    
+    if [ "${EXP_RESULT}" = "pass" -a ${RESULT} -eq 0 ]; then
+        html_passed "${SCENARIO}${TESTNAME}"
+    elif [ "${EXP_RESULT}" = "fail" -a ${RESULT} -ne 0 ]; then
+        html_passed "${SCENARIO}${TESTNAME}"
+    else
+        html_failed "${SCENARIO}${TESTNAME}"
+    fi
+}
+
+check_ocsp()
+{
+    OCSP_CERT=$1
+
+    CERT_NICK=`echo ${OCSP_CERT} | cut -d: -f1`
+    CERT_ISSUER=`echo ${OCSP_CERT} | cut -d: -f2`
+
+    if [ "${CERT_ISSUER}" = "x" ]; then
+        CERT_ISSUER=
+        CERT=${CERT_NICK}.cert
+        CERT_FILE="${QADIR}/libpkix/certs/${CERT}"
+    elif [ "${CERT_ISSUER}" = "d" ]; then
+        CERT_ISSUER=
+        CERT=${CERT_NICK}.der
+        CERT_FILE="../OCSPD/${CERT}"
+    else
+        CERT=${CERT_NICK}${CERT_ISSUER}.der
+        CERT_FILE=${CERT}
+    fi
+
+    # sample line:
+    #   URI: "http://ocsp.server:2601"
+    OCSP_HOST=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
+    OCSP_PORT=$(${BINDIR}/pp -w -t certificate -i ${CERT_FILE} | grep URI | sed "s/^.*:.*:\/\/.*:\([0-9]*\).*$/\1/")
+
+    echo "tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20"
+    tstclnt -h ${OCSP_HOST} -p ${OCSP_PORT} -q -t 20
+    return $?
+}
+
+############################ parse_result ##############################
+# local shell function to process expected result value
+# this function was created for case that expected result depends on
+# some conditions - in our case type of cert DB
+#
+# default results are pass and fail
+# this function added parsable values in format:
+# type1:value1 type2:value2 .... typex:valuex
+#
+# allowed types are dbm, sql, all (all means all other cases)
+# allowed values are pass and fail
+#
+# if this format is not used, EXP_RESULT will stay unchanged (this also
+# covers pass and fail states)
+########################################################################
+parse_result()
+{
+    for RES in ${EXP_RESULT}
+    do
+        RESTYPE=$(echo ${RES} | cut -d: -f1)
+        RESSTAT=$(echo ${RES} | cut -d: -f2)
+
+        if [ "${RESTYPE}" = "${NSS_DEFAULT_DB_TYPE}" -o "${RESTYPE}" = "all" ]; then
+            EXP_RESULT=${RESSTAT}
+            break
+        fi
+    done
+}
+
+############################ parse_config ##############################
+# local shell function to parse and process file containing certificate
+# chain configuration and list of tests
+########################################################################
+parse_config()
+{
+    SCENARIO=
+    LOGNAME=
+
+    while read KEY VALUE
+    do
+        case "${KEY}" in
+        "entity")
+            ENTITY="${VALUE}"
+            TYPE=
+            ISSUER=
+            CTYPE=
+            POLICY=
+            MAPPING=
+            INHIBIT=
+            AIA=
+            CRLDP=
+            OCSP=
+            DB=
+            EMAILS=
+            EXT_KU=
+            EXT_NS=
+            EXT_EKU=
+            SERIAL=
+	    EXPORT_KEY=
+            ;;
+        "type")
+            TYPE="${VALUE}"
+            ;;
+        "issuer")
+            if [ -n "${ISSUER}" ]; then
+                if [ -z "${DB}" ]; then
+                    create_entity "${ENTITY}" "${TYPE}"
+                fi
+                sign_cert "${ENTITY}" "${ISSUER}" "${TYPE}"
+            fi
+
+            ISSUER="${VALUE}"
+            POLICY=
+            MAPPING=
+            INHIBIT=
+            AIA=
+            EXT_KU=
+            EXT_NS=
+            EXT_EKU=
+            ;;
+        "ctype") 
+            CTYPE="${VALUE}"
+            ;;
+        "policy")
+            POLICY="${POLICY} ${VALUE}"
+            ;;
+        "mapping")
+            MAPPING="${MAPPING} ${VALUE}"
+            ;;
+        "inhibit")
+            INHIBIT="${VALUE}"
+            ;;
+        "aia")
+            AIA="${AIA} ${VALUE}"
+            ;;
+        "crldp")
+            CRLDP="${CRLDP} ${VALUE}"
+            ;;
+        "ocsp")
+            OCSP="${VALUE}"
+            ;;
+        "db")
+            DB="${VALUE}DB"
+            create_db "${DB}"
+            ;;
+        "import")
+            IMPORT="${VALUE}"
+            import_cert "${IMPORT}" "${DB}"
+            import_crl "${IMPORT}" "${DB}"
+            ;;
+        "import_key")
+            IMPORT="${VALUE}"
+            import_key "${IMPORT}" "${DB}"
+            ;;
+        "crl")
+            ISSUER="${VALUE}"
+            create_crl "${ISSUER}"
+            ;;
+        "revoke")
+            REVOKE="${VALUE}"
+            ;;
+        "serial")
+            SERIAL="${VALUE}"
+            ;;
+	"export_key")
+	    EXPORT_KEY=1
+	    ;;
+        "copycrl")
+            COPYCRL="${VALUE}"
+            copy_crl "${COPYCRL}"
+            ;;
+        "verify")
+            VERIFY="${VALUE}"
+            TRUST=
+            TRUST_AND_DB=
+            POLICY=
+            FETCH=
+            EXP_RESULT=
+            REV_OPTS=
+            USAGE_OPT=
+            ;;
+        "cert")
+            VERIFY="${VERIFY} ${VALUE}"
+            ;;
+        "testdb")
+            if [ -n "${VALUE}" ]; then
+                DB="${VALUE}DB"
+            else
+                DB=
+            fi
+            ;;
+        "trust")
+            TRUST="${TRUST} ${VALUE}"
+            ;;
+        "trust_and_db")
+            TRUST_AND_DB=1
+            ;;
+        "fetch")
+            FETCH=1
+            ;;
+        "result")
+            EXP_RESULT="${VALUE}"
+            parse_result
+            ;;
+        "rev_type")
+            REV_OPTS="${REV_OPTS} -g ${VALUE}"
+            ;;
+        "rev_flags")
+            REV_OPTS="${REV_OPTS} -h ${VALUE}"
+            ;;
+        "rev_mtype")
+            REV_OPTS="${REV_OPTS} -m ${VALUE}"
+            ;;
+        "rev_mflags")
+            REV_OPTS="${REV_OPTS} -s ${VALUE}"
+            ;;
+        "scenario")
+            SCENARIO="${VALUE}: "
+
+            CHAINS_DIR="${HOSTDIR}/chains/${VALUE}"
+            mkdir -p ${CHAINS_DIR}
+            cd ${CHAINS_DIR}
+
+            if [ -n "${MEMLEAK_DBG}" ]; then
+                LOGNAME="libpkix-${VALUE}"
+                LOGFILE="${LOGDIR}/${LOGNAME}"
+            fi
+
+            SCEN_CNT=$(expr ${SCEN_CNT} + 1)
+            ;;
+        "sleep")
+            sleep ${VALUE}
+            ;;
+        "break")
+            break
+            ;;
+        "check_ocsp")
+            TESTNAME="Test that OCSP server is reachable"
+            check_ocsp ${VALUE}
+            if [ $? -ne 0 ]; then
+                html_failed "$TESTNAME"
+                break;
+            else
+                html_passed "$TESTNAME"
+            fi
+            ;;
+        "ku")
+            EXT_KU="${VALUE}"
+            ;;
+        "ns")
+            EXT_NS="${VALUE}"
+            ;;
+        "eku")
+            EXT_EKU="${VALUE}"
+            ;;
+        "usage")
+            USAGE_OPT="-u ${VALUE}"
+            ;;
+        "")
+            if [ -n "${ENTITY}" ]; then
+                if [ -z "${DB}" ]; then
+                    create_entity "${ENTITY}" "${TYPE}"
+                fi
+                sign_cert "${ENTITY}" "${ISSUER}" "${TYPE}"
+                if [ "${TYPE}" = "Bridge" ]; then
+                    create_pkcs7 "${ENTITY}"
+                fi
+		if [ -n "${EXPORT_KEY}" ]; then
+		    export_key "${ENTITY}" "${DB}"
+		fi
+                ENTITY=
+            fi
+
+            if [ -n "${VERIFY}" ] && \
+               [ -z "$NSS_DISABLE_LIBPKIX" ]; then
+                verify_cert "-pp"
+		if [ -n "${VERIFY_CLASSIC_ENGINE_TOO}" ] && \
+		   [ -z "$NSS_DISABLE_LIBPKIX" ]; then
+		    verify_cert ""
+		    verify_cert "-p"
+		fi
+                VERIFY=
+            fi
+
+            if [ -n "${REVOKE}" ]; then
+                revoke_cert "${REVOKE}" "${DB}"
+                REVOKE=
+            fi
+            ;;
+        *)
+            if [ `echo ${KEY} | cut -b 1` != "#" ]; then
+                echo "Configuration error: Unknown keyword ${KEY}"
+                exit 1
+            fi
+            ;;
+        esac
+    done
+
+    if [ -n "${MEMLEAK_DBG}" ]; then
+        log_parse
+        html_msg $? 0 "${SCENARIO}Memory leak checking" 
+    fi
+}
+
+process_scenario()
+{
+    SCENARIO_FILE=$1
+
+    > ${AIA_FILES}
+
+    parse_config < "${QADIR}/chains/scenarios/${SCENARIO_FILE}"
+
+    while read AIA_FILE
+    do
+	rm ${AIA_FILE} 2> /dev/null
+    done < ${AIA_FILES}
+    rm ${AIA_FILES}
+}
+
+# process ocspd.cfg separately
+chains_ocspd()
+{
+    process_scenario "ocspd.cfg"
+}
+
+# process ocsp.cfg separately
+chains_method()
+{
+    process_scenario "method.cfg"
+}
+
+############################# chains_main ##############################
+# local shell function to process all testing scenarios
+########################################################################
+chains_main()
+{
+    while read LINE 
+    do
+        [ `echo ${LINE} | cut -b 1` != "#" ] || continue
+
+	[ ${LINE} != 'ocspd.cfg' ] || continue
+	[ ${LINE} != 'method.cfg' ] || continue
+
+	process_scenario ${LINE}
+    done < "${CHAINS_SCENARIOS}"
+}
+
+################################ main ##################################
+
+chains_init
+VERIFY_CLASSIC_ENGINE_TOO=
+chains_ocspd
+VERIFY_CLASSIC_ENGINE_TOO=1
+chains_run_httpserv get
+chains_method
+chains_stop_httpserv
+chains_run_httpserv post
+chains_method
+chains_stop_httpserv
+VERIFY_CLASSIC_ENGINE_TOO=
+chains_run_httpserv random
+chains_main
+chains_stop_httpserv
+chains_run_httpserv get-unknown
+chains_main
+chains_stop_httpserv
+chains_cleanup
diff --git a/nss/tests/chains/ocspd-config/ocspd-certs.sh b/nss/tests/chains/ocspd-config/ocspd-certs.sh
new file mode 100755
index 0000000..2f7d458
--- /dev/null
+++ b/nss/tests/chains/ocspd-config/ocspd-certs.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+
+DATA_DIR=$1
+OCSP_DIR=$2
+CERT_DIR=$3
+
+TEST_PWD="nssnss"
+CONF_TEMPLATE="ocspd.conf.template"
+
+convert_cert()
+{
+    CERT_NAME=$1
+    CERT_SIGNER=$2
+
+    openssl x509 -in ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der -inform DER -out ${DATA_DIR}/${CERT_NAME}.pem -outform PEM
+}
+
+convert_crl()
+{
+    CRL_NAME=$1
+
+    openssl crl -in ${DATA_DIR}/${CRL_NAME}.crl -inform DER -out ${DATA_DIR}/${CRL_NAME}crl.pem -outform PEM
+}
+
+convert_key()
+{
+    KEY_NAME=$1
+
+    pk12util -o ${DATA_DIR}/${KEY_NAME}.p12 -n ${KEY_NAME} -d ${DATA_DIR}/${KEY_NAME}DB -k ${DATA_DIR}/${KEY_NAME}DB/dbpasswd -W ${TEST_PWD}
+    openssl pkcs12 -in ${DATA_DIR}/${KEY_NAME}.p12 -out ${DATA_DIR}/${KEY_NAME}.key.tmp -passin pass:${TEST_PWD} -passout pass:${TEST_PWD}
+
+    STATUS=0
+    cat ${DATA_DIR}/${KEY_NAME}.key.tmp | while read LINE; do
+        echo "${LINE}" | grep "BEGIN ENCRYPTED PRIVATE KEY" > /dev/null && STATUS=1
+        [ ${STATUS} -eq 1 ] && echo "${LINE}"
+        echo "${LINE}" | grep "END ENCRYPTED PRIVATE KEY" > /dev/null && break
+    done > ${DATA_DIR}/${KEY_NAME}.key
+    
+    rm ${DATA_DIR}/${KEY_NAME}.key.tmp
+}
+
+create_conf()
+{
+    CONF_FILE=$1
+    CA=$2
+    OCSP=$3
+    PORT=$4 
+
+    cat ${CONF_TEMPLATE} | \
+        sed "s:@DIR@:${OCSP_DIR}:" | \
+        sed "s:@CA_CERT@:${DATA_DIR}/${CA}.pem:" | \
+        sed "s:@CA_CRL@:${DATA_DIR}/${CA}crl.pem:" | \
+        sed "s:@CA_KEY@:${DATA_DIR}/${CA}.key:" | \
+        sed "s:@OCSP_PID@:${OCSP}.pid:" | \
+        sed "s:@PORT@:${PORT}:" \
+        > ${CONF_FILE}
+}
+
+copy_cert()
+{
+    CERT_NAME=$1
+    CERT_SIGNER=$2
+
+    cp ${DATA_DIR}/${CERT_NAME}${CERT_SIGNER}.der ${CERT_DIR}/${CERT_NAME}.cert
+}
+
+
+copy_key()
+{
+    KEY_NAME=$1
+
+    cp ${DATA_DIR}/${KEY_NAME}.p12 ${CERT_DIR}/${KEY_NAME}.p12
+}
+
+convert_cert OCSPRoot
+convert_crl OCSPRoot
+convert_key OCSPRoot
+
+convert_cert OCSPCA1 OCSPRoot
+convert_crl OCSPCA1
+convert_key OCSPCA1
+
+convert_cert OCSPCA2 OCSPRoot
+convert_crl OCSPCA2
+convert_key OCSPCA2
+
+convert_cert OCSPCA3 OCSPRoot
+convert_crl OCSPCA3
+convert_key OCSPCA3
+
+create_conf ocspd0.conf OCSPRoot ocspd0 2600
+create_conf ocspd1.conf OCSPCA1 ocspd1 2601
+create_conf ocspd2.conf OCSPCA2 ocspd2 2602
+create_conf ocspd3.conf OCSPCA3 ocspd3 2603
+
+copy_cert OCSPRoot
+copy_cert OCSPCA1 OCSPRoot
+copy_cert OCSPCA2 OCSPRoot
+copy_cert OCSPCA3 OCSPRoot
+copy_cert OCSPEE11 OCSPCA1
+copy_cert OCSPEE12 OCSPCA1
+copy_cert OCSPEE13 OCSPCA1
+copy_cert OCSPEE14 OCSPCA1
+copy_cert OCSPEE15 OCSPCA1
+copy_cert OCSPEE21 OCSPCA2
+copy_cert OCSPEE22 OCSPCA2
+copy_cert OCSPEE23 OCSPCA2
+copy_cert OCSPEE31 OCSPCA3
+copy_cert OCSPEE32 OCSPCA3
+copy_cert OCSPEE33 OCSPCA3
+
+copy_key OCSPRoot
+copy_key OCSPCA1
+copy_key OCSPCA2
+copy_key OCSPCA3
+
diff --git a/nss/tests/chains/ocspd-config/ocspd.conf.template b/nss/tests/chains/ocspd-config/ocspd.conf.template
new file mode 100644
index 0000000..456c74a
--- /dev/null
+++ b/nss/tests/chains/ocspd-config/ocspd.conf.template
@@ -0,0 +1,46 @@
+[ ocspd ]
+
+default_ocspd = OCSPD_default
+
+[ OCSPD_default ]
+
+dir = @DIR@
+db = $dir/index.txt
+md = sha1
+
+ca_certificate = $dir/@CA_CERT@
+ocspd_certificate = $dir/@CA_CERT@
+ocspd_key = $dir/@CA_KEY@
+pidfile = $dir/@OCSP_PID@
+
+user = nobody 
+group = nobody
+
+bind = *
+port = @PORT@
+
+max_req_size = 8192
+threads_num = 150
+max_timeout_secs = 5
+crl_auto_reload = 3600
+crl_check_validity = 600
+crl_reload_expired = yes
+response = ocsp_response
+dbms = dbms_file
+
+[ ocsp_response ]
+
+dir = @DIR@
+next_update_days = 0
+next_update_mins = 5
+
+[ dbms_file ]
+
+0.ca = @first_ca
+
+[ first_ca ]
+
+crl_url = file:///@DIR@/@CA_CRL@
+ca_url  = file:///@DIR@/@CA_CERT@
+server_cert  = file:///@DIR@/@CA_CERT@
+
diff --git a/nss/tests/chains/ocspd-config/readme b/nss/tests/chains/ocspd-config/readme
new file mode 100644
index 0000000..5069af6
--- /dev/null
+++ b/nss/tests/chains/ocspd-config/readme
@@ -0,0 +1,3 @@
+OBSOLETE
+
+tests have been changed to use a local ocsp server (using httpserv)
diff --git a/nss/tests/chains/scenarios/aia.cfg b/nss/tests/chains/scenarios/aia.cfg
new file mode 100644
index 0000000..df3b1ef
--- /dev/null
+++ b/nss/tests/chains/scenarios/aia.cfg
@@ -0,0 +1,35 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario AIA
+
+entity Root
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer Root
+
+entity CA2
+  type Intermediate
+  issuer CA1
+    aia CA1:Root
+
+entity User
+  type EE
+  issuer CA2
+
+testdb User
+
+verify User:CA2
+  cert CA2:CA1
+  trust Root:
+  result fail
+
+verify User:CA2
+  cert CA2:CA1
+  trust Root:
+  fetch
+  result pass
+
diff --git a/nss/tests/chains/scenarios/anypolicy.cfg b/nss/tests/chains/scenarios/anypolicy.cfg
new file mode 100644
index 0000000..fd647ad
--- /dev/null
+++ b/nss/tests/chains/scenarios/anypolicy.cfg
@@ -0,0 +1,77 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario AnyPolicy
+
+entity RootCA
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer RootCA
+  policy any
+
+entity CA2
+  type Intermediate
+  issuer CA1
+  policy OID.1.0
+  inhibit 0
+
+entity CA3
+  type Intermediate
+  issuer CA1
+  policy OID.1.0
+
+entity User1
+  type EE
+  issuer CA2
+  policy OID.1.0
+
+entity User2
+  type EE
+  issuer CA2
+  policy any
+
+entity User3
+  type EE
+  issuer CA3
+  policy any
+ 
+db All
+
+import RootCA::
+import CA1:RootCA:
+import CA2:CA1:
+import CA3:CA1:
+
+verify User1:CA2
+  trust RootCA
+  policy OID.1.0
+  result pass
+
+verify User1:CA2
+  trust RootCA
+  policy OID.2.0
+  result fail
+
+verify User2:CA2
+  trust RootCA
+  policy OID.1.0
+  result fail
+
+verify User2:CA2
+  trust RootCA
+  policy OID.2.0
+  result fail
+
+verify User3:CA3
+  trust RootCA
+  policy OID.1.0
+  result pass
+
+verify User3:CA3
+  trust RootCA
+  policy OID.2.0
+  result fail
+
diff --git a/nss/tests/chains/scenarios/anypolicywithlevel.cfg b/nss/tests/chains/scenarios/anypolicywithlevel.cfg
new file mode 100644
index 0000000..9dd84a7
--- /dev/null
+++ b/nss/tests/chains/scenarios/anypolicywithlevel.cfg
@@ -0,0 +1,399 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario AnyPolicyWithLevel
+
+entity RootCA
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer RootCA
+  policy any
+  inhibit 1
+
+entity CA12
+  type Intermediate
+  issuer CA1
+  policy any
+
+entity CA13
+  type Intermediate
+  issuer CA12
+  policy OID.1.0
+
+entity EE1 
+  type EE
+  issuer CA13
+  policy OID.1.0
+
+entity CA22
+  type Intermediate
+  issuer CA1
+  policy any
+
+entity CA23
+  type Intermediate
+  issuer CA22
+  policy any
+
+entity EE2
+  type EE
+  issuer CA23
+  policy OID.1.0
+
+entity CA32
+  type Intermediate
+  issuer CA1
+  policy any
+  inhibit 1
+
+entity CA33
+  type Intermediate
+  issuer CA32
+  policy any
+
+entity EE3
+  type EE
+  issuer CA33
+  policy OID.1.0
+
+entity CA42
+  type Intermediate
+  issuer CA1
+  policy any
+  policy OID.1.0
+
+entity CA43
+  type Intermediate
+  issuer CA42
+  policy any
+  policy OID.1.0
+
+entity EE4
+  type EE
+  issuer CA43
+  policy OID.1.0
+
+entity CA52
+  type Intermediate
+  issuer CA1
+  policy any
+  policy OID.1.0
+
+entity CA53
+  type Intermediate
+  issuer CA52
+  policy any
+
+entity EE5
+  type EE
+  issuer CA53
+  policy OID.1.0
+
+entity CA61
+  type Intermediate
+  issuer RootCA
+  policy any
+  inhibit 5
+
+entity CA62
+  type Intermediate
+  issuer CA61
+  policy any
+
+entity EE62
+  type EE
+  issuer CA62
+  policy OID.1.0
+
+entity CA63
+  type Intermediate
+  issuer CA62
+  policy any
+
+entity EE63
+  type EE
+  issuer CA63
+  policy OID.1.0
+
+entity CA64
+  type Intermediate
+  issuer CA63
+  policy any
+
+entity EE64
+  type EE
+  issuer CA64
+  policy OID.1.0
+
+entity CA65
+  type Intermediate
+  issuer CA64
+  policy any
+
+entity EE65
+  type EE
+  issuer CA65
+  policy OID.1.0
+
+entity CA66
+  type Intermediate
+  issuer CA65
+  policy any
+
+entity EE66
+  type EE
+  issuer CA66
+  policy OID.1.0
+
+entity CA67
+  type Intermediate
+  issuer CA66
+  policy any
+
+entity EE67
+  type EE
+  issuer CA67
+  policy OID.1.0
+
+db All
+
+verify EE1:CA13
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA12:CA1
+  cert CA13:CA12
+  trust RootCA:
+  policy OID.1.0
+  result pass 
+
+verify EE1:CA13
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA12:CA1
+  cert CA13:CA12
+  trust RootCA:
+  policy OID.2.0
+  result fail
+
+verify EE1:CA13
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA12:CA1
+  cert CA13:CA12
+  trust RootCA:
+  policy OID.2.5.29.32.0
+  result pass
+
+verify EE2:CA23
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA22:CA1
+  cert CA23:CA22
+  trust RootCA:
+  policy OID.1.0
+  result fail
+
+verify EE2:CA23
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA22:CA1
+  cert CA23:CA22
+  trust RootCA:
+  policy OID.2.0
+  result fail
+
+verify EE2:CA23
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA22:CA1
+  cert CA23:CA22
+  trust RootCA:
+  policy OID.2.5.29.32.0
+  result fail
+
+verify EE2:CA23
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA22:CA1
+  cert CA23:CA22
+  trust RootCA:
+  result pass
+
+verify EE3:CA33
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA32:CA1
+  cert CA33:CA32
+  trust RootCA:
+  policy OID.1.0
+  result fail
+
+verify EE3:CA33
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA32:CA1
+  cert CA33:CA32
+  trust RootCA:
+  policy OID.2.0
+  result fail
+
+verify EE3:CA33
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA32:CA1
+  cert CA33:CA32
+  trust RootCA:
+  policy OID.2.5.29.32.0
+  result fail
+
+verify EE3:CA33
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA32:CA1
+  cert CA33:CA32
+  trust RootCA:
+  result pass
+
+verify EE4:CA43
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA42:CA1
+  cert CA43:CA42
+  trust RootCA:
+  policy OID.1.0
+  result pass
+
+verify EE4:CA43
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA42:CA1
+  cert CA43:CA42
+  trust RootCA:
+  policy OID.2.0
+  result fail
+
+verify EE4:CA43
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA42:CA1
+  cert CA43:CA42
+  trust RootCA:
+  policy OID.2.5.29.32.0
+  result pass
+
+verify EE5:CA53
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA52:CA1
+  cert CA53:CA52
+  trust RootCA:
+  policy OID.1.0
+  result fail
+
+verify EE5:CA53
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA52:CA1
+  cert CA53:CA52
+  trust RootCA:
+  policy OID.2.0
+  result fail
+
+verify EE5:CA53
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA52:CA1
+  cert CA53:CA52
+  trust RootCA:
+  policy OID.2.5.29.32.0
+  result fail
+
+verify EE5:CA53
+  cert RootCA:
+  cert CA1:RootCA
+  cert CA52:CA1
+  cert CA53:CA52
+  trust RootCA:
+  result pass
+
+verify EE62:CA62
+  cert RootCA:
+  cert CA61:RootCA
+  cert CA62:CA61
+  cert CA63:CA62
+  cert CA64:CA63
+  cert CA65:CA64
+  cert CA66:CA65
+  cert CA67:CA66
+  trust RootCA:
+  policy OID.1.0
+  result pass
+
+verify EE63:CA63
+  cert RootCA:
+  cert CA61:RootCA
+  cert CA62:CA61
+  cert CA63:CA62
+  cert CA64:CA63
+  cert CA65:CA64
+  cert CA66:CA65
+  cert CA67:CA66
+  trust RootCA:
+  policy OID.1.0
+  result pass
+
+verify EE64:CA64
+  cert RootCA:
+  cert CA61:RootCA
+  cert CA62:CA61
+  cert CA63:CA62
+  cert CA64:CA63
+  cert CA65:CA64
+  cert CA66:CA65
+  cert CA67:CA66
+  trust RootCA:
+  policy OID.1.0
+  result pass
+
+verify EE65:CA65
+  cert RootCA:
+  cert CA61:RootCA
+  cert CA62:CA61
+  cert CA63:CA62
+  cert CA64:CA63
+  cert CA65:CA64
+  cert CA66:CA65
+  cert CA67:CA66
+  trust RootCA:
+  policy OID.1.0
+  result pass
+
+verify EE66:CA66
+  cert RootCA:
+  cert CA61:RootCA
+  cert CA62:CA61
+  cert CA63:CA62
+  cert CA64:CA63
+  cert CA65:CA64
+  cert CA66:CA65
+  cert CA67:CA66
+  trust RootCA:
+  policy OID.1.0
+  result pass
+
+verify EE67:CA67
+  cert RootCA:
+  cert CA61:RootCA
+  cert CA62:CA61
+  cert CA63:CA62
+  cert CA64:CA63
+  cert CA65:CA64
+  cert CA66:CA65
+  cert CA67:CA66
+  trust RootCA:
+  policy OID.1.0
+  result fail
+
diff --git a/nss/tests/chains/scenarios/bridge.cfg b/nss/tests/chains/scenarios/bridge.cfg
new file mode 100644
index 0000000..14dba6a
--- /dev/null
+++ b/nss/tests/chains/scenarios/bridge.cfg
@@ -0,0 +1,106 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario Bridge
+
+entity Army
+  type Root
+
+entity Navy
+  type Root
+
+entity Bridge
+  type Bridge
+  issuer Army
+  issuer Navy
+
+entity User
+  type EE
+  issuer Bridge
+
+db All
+
+import Army::
+import Navy::
+
+verify User:Bridge
+  cert Bridge:Navy
+  trust Navy 
+  result pass
+
+verify User:Bridge
+  cert Bridge:Army
+  trust Army
+  result pass
+
+verify User:Bridge
+  cert Bridge:Navy
+  trust Army
+  result fail
+
+import Bridge:Army:
+import Bridge:Navy:
+
+verify User:Bridge
+  trust Army
+  result pass
+
+verify User:Bridge
+  trust Navy 
+  result pass
+
+db ArmyOnly
+
+import Army::C,,
+
+verify User:Bridge
+  result fail
+
+verify User:Bridge
+  cert Bridge:Navy
+  result fail
+
+verify User:Bridge
+  cert Bridge:Navy
+  cert Navy:
+  result fail
+
+verify User:Bridge
+  cert Bridge:Navy
+  cert Navy:
+  trust Navy:
+  result pass
+
+verify User:Bridge
+  cert Bridge:Navy
+  trust Navy:
+  result pass
+
+db NavyOnly
+
+import Navy::C,,
+
+verify User:Bridge
+  result fail
+
+verify User:Bridge
+  cert Bridge:Army
+  result fail
+
+verify User:Bridge
+  cert Bridge:Army
+  cert Army:
+  result fail
+
+verify User:Bridge
+  cert Bridge:Army
+  cert Army:
+  trust Army:
+  result pass
+
+verify User:Bridge
+  cert Bridge:Army
+  trust Army:
+  result pass
+
diff --git a/nss/tests/chains/scenarios/bridgewithaia.cfg b/nss/tests/chains/scenarios/bridgewithaia.cfg
new file mode 100644
index 0000000..640edb8
--- /dev/null
+++ b/nss/tests/chains/scenarios/bridgewithaia.cfg
@@ -0,0 +1,54 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario BridgeWithAIA
+
+entity Army
+  type Root
+
+entity Navy
+  type Root
+
+entity Bridge
+  type Bridge
+  issuer Army
+  issuer Navy
+
+entity CA1
+  type Intermediate
+  issuer Bridge
+    aia Bridge
+
+entity EE1
+  type EE
+  issuer CA1
+
+testdb EE1
+
+verify EE1:CA1
+  cert CA1:Bridge
+  trust Army:
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  trust Army:
+  fetch
+# should pass, bug 435314
+# temporary result - test fails only with dbm cert db
+  result dbm:fail all:pass
+
+verify EE1:CA1
+  cert CA1:Bridge
+  trust Navy:
+  fetch
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:Army
+  trust Navy:
+  fetch
+  result pass
+
diff --git a/nss/tests/chains/scenarios/bridgewithhalfaia.cfg b/nss/tests/chains/scenarios/bridgewithhalfaia.cfg
new file mode 100644
index 0000000..914828e
--- /dev/null
+++ b/nss/tests/chains/scenarios/bridgewithhalfaia.cfg
@@ -0,0 +1,89 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario BridgeWithHalfAIA
+
+entity Army
+  type Root
+
+entity Navy
+  type Root
+
+entity Bridge
+  type Bridge
+  issuer Army
+  issuer Navy
+
+entity CA1
+  type Intermediate
+  issuer Bridge
+    aia Bridge
+
+entity EE1
+  type EE
+  issuer CA1
+
+entity CA2
+  type Intermediate
+  issuer Bridge
+    aia Bridge:Navy
+
+entity EE2
+  type EE
+  issuer CA2
+
+testdb EE1
+
+verify EE1:CA1
+  cert CA1:Bridge
+  trust Army:
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  trust Army:
+  fetch
+# should pass, bug 435314
+# temporary result - test fails only with dbm cert db
+  result dbm:fail all:pass
+
+verify EE1:CA1
+  cert CA1:Bridge
+  trust Navy:
+  fetch
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:Army
+  trust Navy:
+  fetch
+  result pass
+
+verify EE2:CA2
+  cert Bridge:Army
+  trust Army:
+  fetch
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:Army
+  trust Army:
+  fetch
+  result pass
+
+verify EE2:CA2
+  cert CA2:Bridge
+  trust Navy:
+  fetch
+  result pass
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:Army
+  trust Navy:
+  fetch
+  result pass
+
diff --git a/nss/tests/chains/scenarios/bridgewithpolicyextensionandmapping.cfg b/nss/tests/chains/scenarios/bridgewithpolicyextensionandmapping.cfg
new file mode 100644
index 0000000..f7554ca
--- /dev/null
+++ b/nss/tests/chains/scenarios/bridgewithpolicyextensionandmapping.cfg
@@ -0,0 +1,187 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario BridgeWithPolicyExtensionAndMapping
+
+entity Army
+  type Root
+
+entity Navy
+  type Root
+
+entity CAArmy
+  type Intermediate
+  issuer Army
+    policy OID.1.0
+    policy OID.1.1
+
+entity CANavy
+  type Intermediate
+  issuer Navy
+    policy OID.2.0
+    policy OID.2.1
+
+entity Bridge
+  type Bridge
+  issuer CAArmy
+    policy OID.1.0
+    policy OID.1.1
+    mapping OID.1.1:OID.2.1
+  issuer CANavy
+    policy OID.2.0
+    policy OID.2.1
+    mapping OID.2.1:OID.1.1
+
+entity CA1
+  type Intermediate
+  issuer Bridge
+    policy OID.1.1
+    policy OID.2.1
+
+entity CA2
+  type Intermediate
+  issuer Bridge
+    policy OID.1.0
+    policy OID.2.0
+
+entity EE1
+  type EE
+  issuer CA1
+    policy OID.2.1
+
+entity EE2
+  type EE
+  issuer CA2
+    policy OID.2.0
+
+testdb
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.1.0
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.1.1
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.2.0
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.2.1
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.1.0
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.1.1
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.2.0
+  result fail
+
+verify EE1:CA1
+  cert CA1:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.2.1
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.1.0
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.1.1
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.2.0
+  result pass
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CANavy
+  cert CANavy:Navy
+  trust Navy:
+  policy OID.2.1
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.1.0
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.1.1
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.2.0
+  result fail
+
+verify EE2:CA2
+  cert CA2:Bridge
+  cert Bridge:CAArmy
+  cert CAArmy:Army
+  trust Army:
+  policy OID.2.1
+  result fail
+
diff --git a/nss/tests/chains/scenarios/crldp.cfg b/nss/tests/chains/scenarios/crldp.cfg
new file mode 100644
index 0000000..a9949ae
--- /dev/null
+++ b/nss/tests/chains/scenarios/crldp.cfg
@@ -0,0 +1,105 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario CRLDP
+
+entity Root
+  type Root
+
+entity CA0
+  type Intermediate
+  issuer Root
+
+entity CA1
+  type Intermediate
+  crldp CA0
+  issuer CA0
+  serial 10
+    aia CA0:Root
+
+entity EE11
+  type EE
+  crldp CA0
+  issuer CA1
+
+entity CA2
+  type Intermediate
+  crldp CA0
+  issuer CA0
+  serial 20
+    aia CA0:Root
+
+entity EE21
+  type EE
+  issuer CA2
+
+entity EE1
+  type EE
+  crldp CA0
+  issuer CA0
+  serial 30
+    aia CA0:Root
+
+entity EE2
+  type EE
+  crldp CA0
+  issuer CA0
+  serial 40
+    aia CA0:Root
+
+crl Root
+crl CA0
+crl CA1
+crl CA2
+
+revoke CA0
+  serial 20
+
+revoke CA0
+  serial 40
+
+copycrl CA0
+
+db All
+
+import Root::CTu,CTu,CTu
+
+# intermediate CA - OK, EE - OK
+verify EE11:CA1
+  cert CA1:CA0
+  trust Root:
+  fetch
+  rev_type chain
+  rev_flags requireFreshInfo
+  rev_mtype crl
+  result pass
+
+# intermediate CA - revoked, EE - OK
+verify EE21:CA2
+  cert CA2:CA0
+  trust Root:
+  fetch
+  rev_type chain
+  rev_flags requireFreshInfo
+  rev_mtype crl
+  result fail
+
+# direct EE - OK 
+verify EE1:CA0
+  trust Root:
+  fetch
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype crl
+  result pass
+
+# direct EE - revoked
+verify EE2:CA0
+  trust Root:
+  fetch
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype crl
+  result fail
+
diff --git a/nss/tests/chains/scenarios/dsa.cfg b/nss/tests/chains/scenarios/dsa.cfg
new file mode 100644
index 0000000..896e455
--- /dev/null
+++ b/nss/tests/chains/scenarios/dsa.cfg
@@ -0,0 +1,72 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario DSA
+
+entity Root
+  type Root
+  ctype dsa
+
+entity CA1
+  type Intermediate
+  issuer Root
+  ctype dsa
+
+entity EE1
+  type EE
+  issuer CA1
+  ctype dsa
+
+entity CA2
+  type Intermediate
+  issuer Root
+  ctype dsa
+
+entity EE2
+  type EE
+  issuer CA2
+  ctype rsa
+
+entity CA3
+  type Intermediate
+  issuer Root
+  ctype rsa
+
+entity EE3
+  type EE
+  issuer CA3
+  ctype dsa
+
+entity CA4
+  type Intermediate
+  issuer Root
+  ctype rsa
+
+entity EE4
+  type EE
+  issuer CA4
+  ctype rsa
+
+db All
+
+verify EE1:CA1
+  cert CA1:Root
+  trust Root:
+  result pass
+
+verify EE2:CA2
+  cert CA2:Root
+  trust Root:
+  result pass
+
+verify EE3:CA3
+  cert CA3:Root
+  trust Root:
+  result pass
+
+verify EE4:CA4
+  cert CA4:Root
+  trust Root:
+  result pass
+
diff --git a/nss/tests/chains/scenarios/explicitPolicy.cfg b/nss/tests/chains/scenarios/explicitPolicy.cfg
new file mode 100644
index 0000000..20f79c4
--- /dev/null
+++ b/nss/tests/chains/scenarios/explicitPolicy.cfg
@@ -0,0 +1,78 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario explicitPolicy
+
+entity Root
+  type Root
+
+entity nonEVCA
+  type Intermediate
+  issuer Root 
+
+entity EVCA
+  type Intermediate
+  issuer Root 
+    policy OID.1.0
+
+entity otherEVCA
+  type Intermediate
+  issuer Root 
+    policy OID.2.0
+
+entity validEV
+  type EE
+  issuer EVCA
+    policy OID.1.0
+
+entity invalidEV
+  type EE
+  issuer nonEVCA
+    policy OID.1.0
+
+entity wrongEVOID
+  type EE
+  issuer otherEVCA
+    policy OID.1.0
+
+db All
+
+verify validEV:EVCA
+  cert EVCA:Root
+  cert Root:
+  trust Root:
+  policy OID.1.0
+  result pass
+
+verify invalidEV:nonEVCA
+  cert nonEVCA:Root
+  cert Root:
+  trust Root:
+  policy OID.1.0
+  result fail
+
+verify wrongEVOID:otherEVCA
+  cert otherEVCA:Root
+  cert Root:
+  trust Root:
+  policy OID.1.0
+  result fail
+
+import Root::C,C,C
+
+verify validEV:EVCA
+  cert EVCA:Root
+  policy OID.1.0
+  result pass
+
+verify invalidEV:nonEVCA
+  cert nonEVCA:Root
+  policy OID.1.0
+  result fail
+
+verify wrongEVOID:otherEVCA
+  cert otherEVCA:Root
+  policy OID.1.0
+  result fail
+
diff --git a/nss/tests/chains/scenarios/extension.cfg b/nss/tests/chains/scenarios/extension.cfg
new file mode 100644
index 0000000..fd1c3a0
--- /dev/null
+++ b/nss/tests/chains/scenarios/extension.cfg
@@ -0,0 +1,102 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario Extension
+
+entity Root
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer Root 
+    policy OID.1.0
+
+entity CA2
+  type Intermediate
+  issuer CA1
+    policy OID.1.0
+
+entity User
+  type EE
+  issuer CA2
+    policy OID.1.0
+
+db All
+
+verify User:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  cert Root:
+  trust Root:
+  policy OID.1.0
+  result pass
+
+verify User:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  cert Root:
+  trust Root:
+  policy OID.2.0
+  result fail
+
+verify User:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  trust CA1:Root
+  policy OID.1.0
+  result pass
+
+verify User:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  trust CA1:Root
+  policy OID.2.0
+  result fail
+
+verify User:CA2
+  cert CA2:CA1
+  trust CA2:CA1
+  policy OID.1.0
+  result pass
+
+verify User:CA2
+  cert CA2:CA1
+  trust CA2:CA1
+  policy OID.2.0
+  result fail
+
+import Root::
+import CA1:Root:
+import CA2:CA1:
+
+verify User:CA2
+  trust Root
+  policy OID.1.0
+  result pass
+
+verify User:CA2
+  trust Root
+  policy OID.2.0
+  result fail
+
+verify User:CA2
+  trust CA1
+  policy OID.1.0
+  result pass
+
+verify User:CA2
+  trust CA1
+  policy OID.2.0
+  result fail
+
+verify User:CA2
+  trust CA2
+  policy OID.1.0
+  result pass
+
+verify User:CA2
+  trust CA2
+  policy OID.2.0
+  result fail
+
diff --git a/nss/tests/chains/scenarios/extension2.cfg b/nss/tests/chains/scenarios/extension2.cfg
new file mode 100644
index 0000000..9a6a7cd
--- /dev/null
+++ b/nss/tests/chains/scenarios/extension2.cfg
@@ -0,0 +1,140 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario Extension2
+
+entity Root
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer Root 
+    policy OID.1.0
+    policy OID.2.0
+
+entity CA2
+  type Intermediate
+  issuer CA1
+    policy OID.1.0
+    policy OID.2.0
+
+entity User1
+  type EE
+  issuer CA2
+    policy OID.1.0
+
+entity User2
+  type EE
+  issuer CA2
+    policy OID.1.0
+    policy OID.2.0
+
+db All
+
+verify User1:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  cert Root:
+  trust Root:
+  policy OID.1.0
+  result pass
+
+verify User1:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  cert Root:
+  trust Root:
+  policy OID.2.0
+  result fail
+
+verify User1:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  trust CA1:Root
+  policy OID.1.0
+  result pass
+
+verify User1:CA2
+  cert CA2:CA1
+  cert CA1:Root
+  trust CA1:Root
+  policy OID.2.0
+  result fail
+
+verify User1:CA2
+  cert CA2:CA1
+  trust CA2:CA1
+  policy OID.1.0
+  result pass
+
+verify User1:CA2
+  cert CA2:CA1
+  trust CA2:CA1
+  policy OID.2.0
+  result fail
+
+import Root::
+import CA1:Root:
+import CA2:CA1:
+
+verify User1:CA2
+  trust Root
+  policy OID.1.0
+  result pass
+
+verify User1:CA2
+  trust Root
+  policy OID.2.0
+  result fail
+
+verify User1:CA2
+  trust CA1
+  policy OID.1.0
+  result pass
+
+verify User1:CA2
+  trust CA1
+  policy OID.2.0
+  result fail
+
+verify User1:CA2
+  trust CA2
+  policy OID.1.0
+  result pass
+
+verify User1:CA2
+  trust CA2
+  policy OID.2.0
+  result fail
+
+verify User2:CA2
+  trust Root
+  policy OID.1.0
+  result pass
+
+verify User2:CA2
+  trust Root
+  policy OID.2.0
+  result pass
+
+verify User2:CA2
+  trust CA1
+  policy OID.1.0
+  result pass
+
+verify User2:CA2
+  trust CA1
+  policy OID.2.0
+  result pass
+
+verify User2:CA2
+  trust CA2
+  policy OID.1.0
+  result pass
+
+verify User2:CA2
+  trust CA2
+  policy OID.2.0
+  result pass
+
diff --git a/nss/tests/chains/scenarios/mapping.cfg b/nss/tests/chains/scenarios/mapping.cfg
new file mode 100644
index 0000000..d4e4a29
--- /dev/null
+++ b/nss/tests/chains/scenarios/mapping.cfg
@@ -0,0 +1,63 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario Mapping
+
+entity Root
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer Root 
+    policy OID.1.0
+    mapping OID.1.0:OID.1.1
+
+entity CA2
+  type Intermediate
+  issuer CA1
+    policy OID.1.1
+
+entity User
+  type EE
+  issuer CA2
+    policy OID.1.1
+
+db All
+
+import Root::
+import CA1:Root:
+import CA2:CA1:
+
+verify User:CA2
+  trust Root
+  policy OID.1.0
+# should fail, bug 430859
+  result pass
+
+verify User:CA2
+  trust Root
+  policy OID.1.1
+# should pass, bug 430859
+  result fail
+
+verify User:CA2
+  trust CA1
+  policy OID.1.0
+  result fail
+
+verify User:CA2
+  trust CA1
+  policy OID.1.1
+  result pass
+
+verify User:CA2
+  trust CA2
+  policy OID.1.0
+  result fail
+
+verify User:CA2
+  trust CA2
+  policy OID.1.1
+  result pass
+
diff --git a/nss/tests/chains/scenarios/mapping2.cfg b/nss/tests/chains/scenarios/mapping2.cfg
new file mode 100644
index 0000000..cae1daf
--- /dev/null
+++ b/nss/tests/chains/scenarios/mapping2.cfg
@@ -0,0 +1,71 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario Mapping2
+
+entity Root
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer Root 
+    policy OID.1.0
+
+entity CA2
+  type Intermediate
+  issuer CA1
+    policy OID.1.0
+    mapping OID.1.0:OID.1.1
+
+entity CA3
+  type Intermediate
+  issuer CA2
+    policy OID.1.1
+
+entity User
+  type EE
+  issuer CA3
+    policy OID.1.1
+
+db All
+
+import Root::
+import CA1:Root:
+import CA2:CA1:
+import CA3:CA2:
+
+verify User:CA3
+  trust Root
+  policy OID.1.0
+# should fail, bug 430859
+  result pass
+
+verify User:CA3
+  trust Root
+  policy OID.1.1
+# should pass, bug 430859
+  result fail
+
+verify User:CA3
+  trust CA1
+  policy OID.1.0
+# should fail, bug 430859
+  result pass
+
+verify User:CA3
+  trust CA1
+  policy OID.1.1
+# should pass, bug 430859
+  result fail
+
+verify User:CA3
+  trust CA2
+  policy OID.1.0
+  result fail
+
+verify User:CA3
+  trust CA2
+  policy OID.1.1
+  result pass
+
diff --git a/nss/tests/chains/scenarios/megabridge_3_2.cfg b/nss/tests/chains/scenarios/megabridge_3_2.cfg
new file mode 100644
index 0000000..f1d4545
--- /dev/null
+++ b/nss/tests/chains/scenarios/megabridge_3_2.cfg
@@ -0,0 +1,130 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario MegaBridge_3_2
+
+entity Root1
+  type Root
+
+entity Root2
+  type Root
+
+entity Root3
+  type Root
+
+entity Root4
+  type Root
+
+entity Root5
+  type Root
+
+entity Root6
+  type Root
+
+entity Root7
+  type Root
+
+entity Root8
+  type Root
+
+entity Root9
+  type Root
+
+entity Bridge11
+  type Bridge
+  issuer Root1
+  issuer Root2
+  issuer Root3
+
+entity Bridge12
+  type Bridge
+  issuer Root4
+  issuer Root5
+  issuer Root6
+
+entity Bridge13
+  type Bridge
+  issuer Root7
+  issuer Root8
+  issuer Root9
+
+entity Bridge21
+  type Bridge
+  issuer Bridge11
+  issuer Bridge12
+  issuer Bridge13
+
+entity CA1
+  type Intermediate
+  issuer Bridge21
+
+entity EE1
+  type EE
+  issuer CA1
+
+testdb EE1
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge11
+  cert Bridge11:Root1
+  trust Root1:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge11
+  cert Bridge11:Root2
+  trust Root2:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge11
+  cert Bridge11:Root3
+  trust Root3:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge12
+  cert Bridge12:Root4
+  trust Root4:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge12
+  cert Bridge12:Root5
+  trust Root5:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge12
+  cert Bridge12:Root6
+  trust Root6:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge13
+  cert Bridge13:Root7
+  trust Root7:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge13
+  cert Bridge13:Root8
+  trust Root8:
+  result pass
+
+verify EE1:CA1
+  cert CA1:Bridge21
+  cert Bridge21:Bridge13
+  cert Bridge13:Root9
+  trust Root9:
+  result pass
+
diff --git a/nss/tests/chains/scenarios/method.cfg b/nss/tests/chains/scenarios/method.cfg
new file mode 100644
index 0000000..4223c39
--- /dev/null
+++ b/nss/tests/chains/scenarios/method.cfg
@@ -0,0 +1,25 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario Method
+
+check_ocsp OCSPEE11OCSPCA1:d
+
+testdb ../OCSPD/Client
+
+#EE - OK, CA - OK
+verify OCSPEE11OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result pass
+
+#EE - revoked, CA - OK
+verify OCSPEE12OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result fail
diff --git a/nss/tests/chains/scenarios/nameconstraints.cfg b/nss/tests/chains/scenarios/nameconstraints.cfg
new file mode 100644
index 0000000..6eda441
--- /dev/null
+++ b/nss/tests/chains/scenarios/nameconstraints.cfg
@@ -0,0 +1,161 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario TrustAnchors
+
+db trustanchors
+
+import NameConstraints.ca:x:CT,C,C
+# Name Constrained CA:  Name constrained to permited DNSName ".example"
+import NameConstraints.ncca:x:CT,C,C
+import NameConstraints.dcisscopy:x:CT,C,C
+
+# Intermediate 1: Name constrained to permited DNSName ".example"
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.invalid"
+# altDNS: test.invalid
+#   Fail: CN not in name constraints, altDNS not in name constraints
+verify NameConstraints.server1:x
+  cert NameConstraints.intermediate:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test.invalid", no SAN
+#   Fail: CN not in name constraints
+verify NameConstraints.server2:x
+  cert NameConstraints.intermediate:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.example"
+# altDNS: test.example
+verify NameConstraints.server3:x
+  cert NameConstraints.intermediate:x
+  result pass
+
+# Intermediate 2: No name constraints, signed by Intermediate 1 (inherits name constraints)
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.invalid"
+# altDNS: test.invalid
+#   Fail: CN not in name constraints, altDNS not in name constraints
+verify NameConstraints.server4:x
+  cert NameConstraints.intermediate2:x
+  cert NameConstraints.intermediate:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test.invalid", no SAN
+#   Fail: CN not in name constraints
+verify NameConstraints.server5:x
+  cert NameConstraints.intermediate2:x
+  cert NameConstraints.intermediate:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test.example"
+# altDNS: test.example
+verify NameConstraints.server6:x
+  cert NameConstraints.intermediate2:x
+  cert NameConstraints.intermediate:x
+  result pass
+
+# Intermediate 3: Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=NSS Intermediate CA3"
+#                 Name constrained to a permitted DirectoryName of "C=US, ST=CA, O=Foo"
+#                 and a permitted DNSName of "foo.example"
+
+# Intermediate 4: Subject: "C=US, ST=CA, O=Foo, CN=NSS Intermediate CA 2"
+#                 No name constraints present
+#                 Signed by Intermediate 3 (inherits name constraints)
+
+# Subject: "C=US, ST=CA, O=Foo, OU=bar, CN=bat.foo.example", no SAN
+verify NameConstraints.server7:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result pass
+
+# Subject: "C=US, ST=CA, O=Foo, CN=bat.foo.example", no SAN
+verify NameConstraints.server8:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result pass
+
+# Subject: "C=US, O=Foo, CN=bat.foo.example", no SAN
+#  Fail: ST is missing in the DirectoryName, thus not matching name constraints
+verify NameConstraints.server9:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Subject: "C=US, ST=CA, O=Foo, CN=bar.example"
+#  Fail: CN not in name constraints
+verify NameConstraints.server10:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Subject: "C=US, ST=CA, O=Foo, CN=site.example"
+# altDNS:foo.example
+#   Pass: Ignores CN constraint name violation because SAN is present
+verify NameConstraints.server11:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result pass
+
+# Subject: "C=US, ST=CA, O=Foo, CN=Honest Achmed"
+#   Fail: CN does not match DNS name constraints - even though is not 'DNS shaped'
+verify NameConstraints.server12:x
+  cert NameConstraints.intermediate4:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Intermediate 5: Subject: "C=US, ST=CA, O=OtherOrg, CN=NSS Intermediate CA 2"
+#                 No name constraints present
+#                 Signed by Intermediate 3.
+#                 Intermediate 5's subject is not in Intermediate 3's permitted
+#                 names, so all certs issued by it are invalid.
+
+# Subject: "C=US, ST=CA, O=OtherOrg, CN=bat.foo.example"
+#   Fail: Org matches Intermediate 5's name constraints, but does not match
+#         Intermediate 3' name constraints
+verify NameConstraints.server13:x
+  cert NameConstraints.intermediate5:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Subject: "C=US, ST=CA, O=Foo, CN=another.foo.example"
+#  Fail: Matches Intermediate 5's name constraints, but fails because
+#        Intermediate 5 does not match Intermediate 3's name constraints
+verify NameConstraints.server14:x
+  cert NameConstraints.intermediate5:x
+  cert NameConstraints.intermediate3:x
+  result fail
+
+# Intermediate 6: Subject: "C=US, ST=CA, O=OtherOrg, CN=NSS Intermediate CA6"
+#                 No name constraints present
+#                 Signed by Named Constrained CA (inherits root name constraints)
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=testfoo.invalid"
+# altDNS: testfoo.invalid
+#   Fail: CN not in name constraints, altDNS not in name constraints
+verify NameConstraints.server15:x
+  cert NameConstraints.intermediate6:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=another_test3.invalid", no SAN
+#   Fail: CN not in name constraints
+verify NameConstraints.server16:x
+  cert NameConstraints.intermediate6:x
+  result fail
+
+# Subject: "C=US, ST=California, L=Mountain View, O=BOGUS NSS, CN=test4.example"
+# altDNS: test4.example
+verify NameConstraints.server17:x
+  cert NameConstraints.intermediate6:x
+  result pass
+
+# Subject: "C = US, ST=CA, O=Foo CN=foo.example.com"
+verify NameConstraints.dcissblocked:x
+  result fail
+
+# Subject: "C = US, ST=CA, O=Foo CN=foo.example.fr"
+verify NameConstraints.dcissallowed:x
+  result pass
+
+
diff --git a/nss/tests/chains/scenarios/ocsp.cfg b/nss/tests/chains/scenarios/ocsp.cfg
new file mode 100644
index 0000000..cdfff89
--- /dev/null
+++ b/nss/tests/chains/scenarios/ocsp.cfg
@@ -0,0 +1,177 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario OCSP
+
+check_ocsp OCSPEE11OCSPCA1:d
+
+db OCSPRoot
+import OCSPRoot:d:CT,C,C
+
+db OCSPCA1
+import_key OCSPCA1
+
+crl OCSPCA1
+
+revoke OCSPCA1
+  serial 3
+
+revoke OCSPCA1
+  serial 4 
+
+testdb OCSPRoot
+
+#EE - OK, CA - OK
+verify OCSPEE11OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result pass
+
+#EE - revoked, CA - OK
+verify OCSPEE12OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result fail
+
+#EE - unknown 
+verify OCSPEE15OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_mtype ocsp
+  result pass
+
+#EE - unknown, requireFreshInfo
+verify OCSPEE15OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result fail
+
+#EE - OK, CA - revoked, leaf, no fresh info
+verify OCSPEE21OCSPCA2:d
+  cert OCSPCA2OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_mtype ocsp
+  result pass
+
+#EE - OK, CA - revoked, leaf, requireFreshInfo
+verify OCSPEE21OCSPCA2:d
+  cert OCSPCA2OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result fail
+
+#EE - OK, CA - revoked, chain, requireFreshInfo
+verify OCSPEE21OCSPCA2:d
+  cert OCSPCA2OCSPRoot:d
+  trust OCSPRoot
+  rev_type chain
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result fail
+
+#EE - OK, CA - unknown
+verify OCSPEE31OCSPCA3:d
+  cert OCSPCA3OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_mtype ocsp
+  result pass
+
+#EE - OK, CA - unknown, requireFreshInfo
+verify OCSPEE31OCSPCA3:d
+  cert OCSPCA3OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_flags requireFreshInfo
+  rev_mtype ocsp
+  result fail
+
+#EE - revoked, doNotUse
+verify OCSPEE12OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_mtype ocsp
+  rev_mflags doNotUse
+  result pass
+
+#EE - revoked, forbidFetching
+verify OCSPEE12OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_mtype ocsp
+  rev_mflags forbidFetching
+  result pass
+
+#EE - unknown status, failIfNoInfo
+verify OCSPEE15OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_mtype ocsp
+  rev_mflags failIfNoInfo
+  result fail
+
+#EE - OK, CA - revoked, leaf, failIfNoInfo
+verify OCSPEE21OCSPCA2:d
+  cert OCSPCA2OCSPRoot:d
+  trust OCSPRoot
+  rev_type leaf
+  rev_mtype ocsp
+  rev_mflags failIfNoInfo
+  result fail
+
+testdb OCSPCA1
+
+#EE - OK on OCSP, revoked locally - should fail ??
+# two things about this test: crl is not imported into the db and
+# cert 13 is not revoked by crl.
+verify OCSPEE13OCSPCA1:d
+  cert OCSPCA1OCSPRoot:d
+  trust OCSPCA1
+  rev_type leaf
+  rev_flags testLocalInfoFirst
+  rev_mtype ocsp
+  result pass
+
+db OCSPRoot1
+import OCSPRoot:d:CT,C,C
+
+verify OCSPEE23OCSPCA2:d
+  cert OCSPCA2OCSPRoot:d
+  trust OCSPRoot
+  rev_type chain
+  rev_mtype ocsp
+  rev_type leaf
+  rev_mtype ocsp
+  result fail
+
+db OCSPRoot2
+import OCSPRoot:d:T,,
+
+# bug 527438
+# expected result of this test is FAIL
+verify OCSPEE23OCSPCA2:d
+  cert OCSPCA2OCSPRoot:d
+  trust OCSPRoot
+  rev_type chain
+  rev_mtype ocsp
+  rev_type leaf
+  rev_mtype ocsp
+  result pass
+
diff --git a/nss/tests/chains/scenarios/ocspd.cfg b/nss/tests/chains/scenarios/ocspd.cfg
new file mode 100644
index 0000000..e48f906
--- /dev/null
+++ b/nss/tests/chains/scenarios/ocspd.cfg
@@ -0,0 +1,172 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario OCSPD
+
+#root CA
+entity OCSPRoot
+  type Root
+  export_key
+
+#CA - OK
+entity OCSPCA1
+  type Intermediate
+  issuer OCSPRoot
+  serial 1
+  ocsp online
+  export_key
+
+#CA - revoked
+entity OCSPCA2
+  type Intermediate
+  issuer OCSPRoot
+  serial 2
+  ocsp online
+  export_key
+
+#CA - unknown status
+entity OCSPCA3
+  type Intermediate
+  issuer OCSPRoot
+  serial 3
+  ocsp offline
+  export_key
+
+#EE - OK
+entity OCSPEE11
+  type EE
+  issuer OCSPCA1
+  serial 1
+  ocsp online
+
+#EE - revoked on OCSP
+entity OCSPEE12
+  type EE
+  issuer OCSPCA1
+  serial 2
+  ocsp online
+
+#EE - revoked on CRL
+entity OCSPEE13
+  type EE
+  issuer OCSPCA1
+  serial 3
+  ocsp online
+
+#EE - revoked on OCSP and CRL
+entity OCSPEE14
+  type EE
+  issuer OCSPCA1
+  serial 4
+  ocsp online
+
+#EE - unknown status
+entity OCSPEE15
+  type EE
+  issuer OCSPCA1
+  serial 5
+  ocsp offline
+
+#EE - valid EE, revoked CA
+entity OCSPEE21
+  type EE
+  issuer OCSPCA2
+  serial 1
+  ocsp online
+
+#EE - revoked EE, revoked CA
+entity OCSPEE22
+  type EE 
+  issuer OCSPCA2 
+  serial 2
+  ocsp online
+
+#EE - revoked EE, CA pointing to invalid OCSP
+entity OCSPEE23
+  type EE 
+  issuer OCSPCA2 
+  serial 3
+  ocsp offline
+
+#EE - valid EE, CA pointing to invalid OCSP
+entity OCSPEE31
+  type EE
+  issuer OCSPCA3
+  serial 1
+  ocsp online
+
+#EE - revoked EE, CA pointing to invalid OCSP
+entity OCSPEE32
+  type EE 
+  issuer OCSPCA3 
+  serial 2
+  ocsp online
+
+#EE - EE pointing to invalid OCSP, CA pointing to invalid OCSP
+entity OCSPEE33
+  type EE 
+  issuer OCSPCA3 
+  serial 3
+  ocsp offline
+
+crl OCSPRoot
+
+revoke OCSPRoot
+  serial 2
+
+crl OCSPCA1
+
+revoke OCSPCA1
+  serial 2
+
+revoke OCSPCA1
+  serial 4
+
+crl OCSPCA2
+
+revoke OCSPCA2
+  serial 2
+
+revoke OCSPCA2
+  serial 3
+
+crl OCSPCA3
+
+revoke OCSPCA3
+  serial 2
+
+revoke OCSPCA3
+  serial 3
+
+# Used for running a single OCSP server (httpserv) instance that can
+# handle multiple CAs, e.g.:
+# httpserv -p 8641 -d . -f dbpasswd \
+#   -A OCSPRoot -C OCSPRoot.crl -A OCSPCA1 -C OCSPCA1.crl \
+#   -A OCSPCA2 -C OCSPCA2.crl -A OCSPCA3 -C OCSPCA3.crl
+db Server
+import OCSPRoot::CT,C,C
+import_key OCSPRoot
+import_key OCSPCA1
+import_key OCSPCA2
+import_key OCSPCA3
+
+# A DB containing all certs, but no keys.
+# Useful for manual OCSP client testing, e.g.:
+# ocspclnt -d .  -S OCSPEE12OCSPCA1 -u s
+db Client
+import OCSPRoot::CT,C,C
+import OCSPCA1OCSPRoot::
+import OCSPCA2OCSPRoot::
+import OCSPCA3OCSPRoot::
+import OCSPEE11OCSPCA1::
+import OCSPEE12OCSPCA1::
+import OCSPEE13OCSPCA1::
+import OCSPEE14OCSPCA1::
+import OCSPEE15OCSPCA1::
+import OCSPEE21OCSPCA2::
+import OCSPEE22OCSPCA2::
+import OCSPEE23OCSPCA2::
+import OCSPEE31OCSPCA3::
+import OCSPEE32OCSPCA3::
+import OCSPEE33OCSPCA3::
diff --git a/nss/tests/chains/scenarios/realcerts.cfg b/nss/tests/chains/scenarios/realcerts.cfg
new file mode 100644
index 0000000..d2a8c71
--- /dev/null
+++ b/nss/tests/chains/scenarios/realcerts.cfg
@@ -0,0 +1,29 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario RealCerts
+
+db All
+
+import TestCA.ca:x:CT,C,C
+import TestUser50:x:
+import TestUser51:x:
+import PayPalRootCA:x:CT,C,C
+import PayPalICA:x:
+import PayPalEE:x:
+import BrAirWaysBadSig:x:
+
+verify TestUser50:x
+  result pass
+
+verify TestUser51:x
+  result pass
+
+verify PayPalEE:x
+  policy OID.2.16.840.1.114412.1.1 
+  result pass
+
+verify BrAirWaysBadSig:x
+  result fail
+
diff --git a/nss/tests/chains/scenarios/revoc.cfg b/nss/tests/chains/scenarios/revoc.cfg
new file mode 100644
index 0000000..a4ec786
--- /dev/null
+++ b/nss/tests/chains/scenarios/revoc.cfg
@@ -0,0 +1,86 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario Revocation
+
+entity Root
+  type Root
+  serial 10
+
+entity CA0
+  type Intermediate
+  issuer Root
+  serial 11
+
+entity CA1
+  type Intermediate
+  issuer CA0
+  serial 12
+
+entity EE11
+  type EE
+  issuer CA1
+  serial 13
+
+entity EE12
+  type EE
+  issuer CA1
+  serial 14
+
+entity CA2
+  type Intermediate
+  issuer CA0
+  serial 15
+
+entity EE21
+  type EE
+  issuer CA2
+  serial 16
+
+crl Root
+crl CA0
+crl CA1
+crl CA2
+
+revoke CA1
+  serial 14
+
+revoke CA0
+  serial 15
+
+db All
+
+import Root::CTu,CTu,CTu
+import CA0:Root:
+import CA1:CA0:
+import CA2:CA0:
+
+# EE11 - not revoked 
+verify EE11:CA1
+  trust Root:
+  rev_type leaf
+  rev_mtype crl
+  result pass
+
+# EE12 - revoked
+verify EE12:CA1
+  trust Root:
+  rev_type leaf
+  rev_mtype crl
+  result fail
+
+# EE11 - CA1 not revoked 
+verify EE11:CA1
+  trust Root:
+  rev_type chain
+  rev_mtype crl
+  result pass
+
+# EE21 - CA2 revoked
+verify EE21:CA2
+  trust Root:
+  rev_type chain
+  rev_mtype crl
+  result fail
+
diff --git a/nss/tests/chains/scenarios/scenarios b/nss/tests/chains/scenarios/scenarios
new file mode 100644
index 0000000..d26c3f9
--- /dev/null
+++ b/nss/tests/chains/scenarios/scenarios
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+bridge.cfg
+megabridge_3_2.cfg
+extension.cfg
+extension2.cfg
+anypolicy.cfg
+anypolicywithlevel.cfg
+explicitPolicy.cfg
+mapping.cfg
+mapping2.cfg
+aia.cfg
+bridgewithaia.cfg
+bridgewithhalfaia.cfg
+bridgewithpolicyextensionandmapping.cfg
+realcerts.cfg
+dsa.cfg
+revoc.cfg
+ocsp.cfg
+crldp.cfg
+trustanchors.cfg
+nameconstraints.cfg
diff --git a/nss/tests/chains/scenarios/trustanchors.cfg b/nss/tests/chains/scenarios/trustanchors.cfg
new file mode 100644
index 0000000..db18990
--- /dev/null
+++ b/nss/tests/chains/scenarios/trustanchors.cfg
@@ -0,0 +1,114 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+scenario TrustAnchors
+
+entity RootCA
+  type Root
+
+entity CA1
+  type Intermediate
+  issuer RootCA
+
+entity CA2
+  type Intermediate
+  issuer CA1
+
+entity EE1
+  type EE
+  issuer CA2
+
+entity OtherRoot
+  type Root
+
+entity OtherIntermediate
+  type Intermediate
+  issuer OtherRoot
+
+entity EE2
+  type EE
+  issuer OtherIntermediate
+
+# Scenarios where trust only comes from the DB
+db DBOnly
+
+import RootCA::CT,C,C
+import CA1:RootCA:
+
+# Simple chaining - no trust anchors
+verify EE1:CA2
+  cert CA2:CA1
+  result pass
+
+# Simple trust anchors - ignore the Cert DB
+verify EE1:CA2
+  trust CA2:CA1
+  result pass
+
+# Redundant trust - trust anchor and DB
+verify EE1:CA2
+  cert CA2:CA1
+  trust RootCA
+  result pass
+
+
+# Scenarios where trust only comes from trust anchors
+db TrustOnly
+
+# Simple checking - direct trust anchor
+verify EE1:CA2
+  cert CA2:CA1
+  cert CA1:RootCA:
+  trust RootCA:
+  result pass
+
+# Partial chain (not self-signed), with a trust anchor
+verify EE1:CA2
+  trust CA2:CA1
+  result pass
+
+
+# Scenarios where trust comes from both trust anchors and the DB
+db TrustAndDB
+
+import RootCA::CT,C,C
+import CA1:RootCA:
+
+# Check that trust in the DB works
+verify EE1:CA2
+  cert CA2:CA1
+  result pass
+
+# Check that trust anchors work
+verify EE2:OtherIntermediate
+  cert OtherIntermediate:OtherRoot
+  trust OtherRoot:
+  result pass
+
+# Check that specifying a trust anchor still allows searching the cert DB
+verify EE1:CA2
+  trust_and_db
+  cert CA2:CA1
+  trust OtherIntermediate:OtherRoot
+  trust OtherRoot:
+  result pass
+
+# Scenarios where the trust DB has explicitly distrusted one or more certs,
+# even when the trust anchors indicate trust
+db ExplicitDistrust
+
+import RootCA::CT,C,C
+import CA1:RootCA:p,p,p
+import OtherRoot::p,p,p
+
+# Verify that a distrusted intermediate, but trusted root, is rejected.
+verify EE1:CA2
+  cert CA2:CA1
+  trust CA1:RootCA
+  result fail
+
+# Verify that a trusted intermediate, but distrusted root, is accepted.
+verify EE2:OtherIntermediate
+  trust OtherIntermediate:OtherRoot
+  result pass
diff --git a/nss/tests/cipher/cipher.sh b/nss/tests/cipher/cipher.sh
new file mode 100755
index 0000000..1d2561d
--- /dev/null
+++ b/nss/tests/cipher/cipher.sh
@@ -0,0 +1,140 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/cipher/cipher.sh
+#
+# Script to test NSS ciphers
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## cipher_init #############################
+# local shell function to initialize this script
+########################################################################
+cipher_init()
+{
+  SCRIPTNAME="cipher.sh"
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+  if [ -z "${INIT_SOURCED}" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  SCRIPTNAME="cipher.sh"
+  html_head "Cipher Tests"
+
+  CIPHERDIR=${HOSTDIR}/cipher
+  CIPHERTESTDIR=${QADIR}/../cmd/bltest
+  GCMTESTDIR=${QADIR}/../cmd/pk11gcmtest
+  D_CIPHER="Cipher.$version"
+
+  CIPHER_TXT=${QADIR}/cipher/cipher.txt
+  GCM_TXT=${QADIR}/cipher/gcm.txt
+
+  mkdir -p ${CIPHERDIR}
+
+  cd ${CIPHERDIR}
+  P_CIPHER=.
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+    P_CIPHER="multiaccess:${D_CIPHER}"
+  fi
+}
+
+############################## cipher_main #############################
+# local shell function to test NSS ciphers
+########################################################################
+cipher_main()
+{
+  while read EXP_RET PARAM TESTNAME
+  do
+      if [ -n "$EXP_RET" -a "$EXP_RET" != "#" ] ; then
+          PARAM=`echo $PARAM | sed -e "s/_-/ -/g"`
+          TESTNAME=`echo $TESTNAME | sed -e "s/_/ /g"`
+          echo "$SCRIPTNAME: $TESTNAME --------------------------------"
+          failedStr=""
+          inOff=0
+          res=0
+          while [ $inOff -lt 8 ]
+          do
+             outOff=0
+             while [ $outOff -lt 8 ]
+             do
+                 echo "bltest -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff"
+                 ${PROFTOOL} ${BINDIR}/bltest${PROG_SUFFIX} -T -m $PARAM -d $CIPHERTESTDIR -1 $inOff -2 $outOff
+                 if [ $? -ne 0 ]; then
+                     failedStr="$failedStr[$inOff:$outOff]"
+                 fi
+                 outOff=`expr $outOff + 1`
+             done
+             inOff=`expr $inOff + 1`
+          done
+          if [ -n "$failedStr" ]; then
+              html_msg 1 $EXP_RET "$TESTNAME (Failed in/out offset pairs:" \
+                        " $failedStr)"
+          else
+              html_msg $res $EXP_RET "$TESTNAME"
+          fi
+      fi
+  done < ${CIPHER_TXT}
+}
+
+############################## cipher_gcm #############################
+# local shell function to test NSS AES GCM
+########################################################################
+cipher_gcm()
+{
+  while read EXP_RET INPUT_FILE TESTNAME
+  do
+      if [ -n "$EXP_RET" -a "$EXP_RET" != "#" ] ; then
+          TESTNAME=`echo $TESTNAME | sed -e "s/_/ /g"`
+          echo "$SCRIPTNAME: $TESTNAME --------------------------------"
+          echo "pk11gcmtest aes kat gcm $GCMTESTDIR/tests/$INPUT_FILE"
+          ${PROFTOOL} ${BINDIR}/pk11gcmtest aes kat gcm $GCMTESTDIR/tests/$INPUT_FILE
+          html_msg $? $EXP_RET "$TESTNAME"
+      fi
+  done < ${GCM_TXT}
+}
+
+############################## cipher_cleanup ############################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+cipher_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+# When building without softoken, bltest isn't built. It was already
+# built and the cipher suite run as part of an nss-softoken build. 
+if [ ! -x ${DIST}/${OBJDIR}/bin/bltest${PROG_SUFFIX} ]; then
+    echo "bltest not built, skipping this test." >> ${LOGFILE}
+    res=0
+    html_msg $res $EXP_RET "$TESTNAME"
+    return 0
+fi
+cipher_init
+# Skip cipher_main if this an NSS without softoken build.
+if [ "${NSS_BUILD_WITHOUT_SOFTOKEN}" != "1" ]; then
+    cipher_main
+fi
+# Skip cipher_gcm if this is a softoken only build.
+if [ "${NSS_BUILD_SOFTOKEN_ONLY}" != "1" ]; then
+    cipher_gcm
+fi
+cipher_cleanup
diff --git a/nss/tests/cipher/cipher.txt b/nss/tests/cipher/cipher.txt
new file mode 100644
index 0000000..4e47a9f
--- /dev/null
+++ b/nss/tests/cipher/cipher.txt
@@ -0,0 +1,57 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file defines the cipher tests
+#
+# expected
+#   return	bltest		Test Case name
+#    value	params
+#  -------	----------	---------------
+	0	des_ecb_-E	DES_ECB_Encrypt
+	0	des_ecb_-D	DES_ECB_Decrypt
+	0	des_cbc_-E	DES_CBC_Encrypt
+	0	des_cbc_-D	DES_CBC_Decrypt
+	0	des3_ecb_-E	DES3_ECB_Encrypt
+	0	des3_ecb_-D	DES3_ECB_Decrypt
+	0	des3_cbc_-E	DES3_CBC_Encrypt
+	0	des3_cbc_-D	DES3_CBC_Decrypt
+	0	aes_ecb_-E	AES_ECB_Encrypt
+	0	aes_ecb_-D	AES_ECB_Decrypt
+	0	aes_cbc_-E	AES_CBC_Encrypt
+	0	aes_cbc_-D	AES_CBC_Decrypt
+	0	aes_ctr		AES_CTR
+	0	aes_cts		AES_CTS
+	0	aes_gcm		AES_GCM
+	0	camellia_ecb_-E	Camellia_ECB_Encrypt
+	0	camellia_ecb_-D	Camellia_ECB_Decrypt
+	0	camellia_cbc_-E	Camellia_CBC_Encrypt
+	0	camellia_cbc_-D	Camellia_CBC_Decrypt
+	0	seed_ecb_-E	SEED_ECB_Encrypt
+	0	seed_ecb_-D	SEED_ECB_Decrypt
+	0	seed_cbc_-E	SEED_CBC_Encrypt
+	0	seed_cbc_-D	SEED_CBC_Decrypt
+	0	chacha20_poly1305_-E ChaCha20_Poly1305_Encrypt
+	0	chacha20_poly1305_-D ChaCha20_Poly1305_Decrypt
+	0	rc2_ecb_-E	RC2_ECB_Encrypt
+	0	rc2_ecb_-D	RC2_ECB_Decrypt
+	0	rc2_cbc_-E	RC2_CBC_Encrypt
+	0	rc2_cbc_-D	RC2_CBC_Decrypt
+	0	rc4_-E		RC4_Encrypt
+	0	rc4_-D		RC4_Decrypt
+	0	rsa_-E		RSA_Encrypt
+	0	rsa_-D		RSA_Decrypt
+	0	rsa_oaep_-E	RSA_EncryptOAEP
+	0	rsa_oaep_-D	RSA_DecryptOAEP
+	0	rsa_pss_-S	RSA_SignPSS
+	0	rsa_pss_-V	RSA_CheckSignPSS
+	0	rsa_-K		RSA_Populate
+	0	dsa_-S		DSA_Sign
+	0	dsa_-V		DSA_Verify
+	0	md2_-H		MD2_Hash
+	0	md5_-H		MD5_Hash
+	0	sha1_-H		SHA1_Hash
+	0	sha224_-H	SHA224_Hash
+	0	sha256_-H	SHA256_Hash
+	0	sha384_-H	SHA384_Hash
+	0	sha512_-H	SHA512_Hash
diff --git a/nss/tests/cipher/dsa.txt b/nss/tests/cipher/dsa.txt
new file mode 100644
index 0000000..f2d3401
--- /dev/null
+++ b/nss/tests/cipher/dsa.txt
@@ -0,0 +1,13 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file enables test coverage of the dsa performance tests
+#
+#
+# mode     keysize   bufsize   repetitions cxrepetitions
+  dsa        64         20         200         5
+  dsa        96         20         200         3
+  dsa       128         20         200         3
+  dsa       256         20         200         3
+  dsa       384         20         200         3
diff --git a/nss/tests/cipher/gcm.txt b/nss/tests/cipher/gcm.txt
new file mode 100644
index 0000000..4550faf
--- /dev/null
+++ b/nss/tests/cipher/gcm.txt
@@ -0,0 +1,16 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file defines the AES GCM tests
+#
+# expected
+#   return	pk11gcmtest		Test Case name
+#    value	input file
+#  -------	----------------------	-----------------------
+	0	gcmDecrypt128.rsp	NIST_AES128_GCM_Decrypt
+	0	gcmDecrypt192.rsp	NIST_AES192_GCM_Decrypt
+	0	gcmDecrypt256.rsp	NIST_AES256_GCM_Decrypt
+	0	gcmEncryptExtIV128.rsp	NIST_AES128_GCM_Encrypt
+	0	gcmEncryptExtIV192.rsp	NIST_AES192_GCM_Encrypt
+	0	gcmEncryptExtIV256.rsp	NIST_AES256_GCM_Encrypt
diff --git a/nss/tests/cipher/hash.txt b/nss/tests/cipher/hash.txt
new file mode 100644
index 0000000..9bee5ba
--- /dev/null
+++ b/nss/tests/cipher/hash.txt
@@ -0,0 +1,11 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file enables test coverage of the cryptographic hash performance tests
+#
+#
+# mode      bufsize   repetitions
+  md2        10240        5000
+  md5        10240        100000
+  sha1       10240        100000
diff --git a/nss/tests/cipher/performance.sh b/nss/tests/cipher/performance.sh
new file mode 100755
index 0000000..dd7c74e
--- /dev/null
+++ b/nss/tests/cipher/performance.sh
@@ -0,0 +1,156 @@
+#!/bin/sh  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This is just a quick script so we can still run our testcases.
+# Longer term we need a scriptable test environment..
+#
+. ../common/init.sh
+CURDIR=`pwd`
+if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+	CURDIR=`cygpath -m ${CURDIR}`
+fi
+
+CIPHERDIR=${HOSTDIR}/cipher
+SKTESTS=${CURDIR}/symmkey.txt
+RSATESTS=${CURDIR}/rsa.txt
+DSATESTS=${CURDIR}/dsa.txt
+HASHTESTS=${CURDIR}/hash.txt
+SKPERFOUT=${CIPHERDIR}/skperfout.data
+RSAPERFOUT=${CIPHERDIR}/rsaperfout.data
+DSAPERFOUT=${CIPHERDIR}/dsaperfout.data
+HASHPERFOUT=${CIPHERDIR}/hashperfout.data
+PERFRESULTS=${HOSTDIR}/performance.html
+
+echo "<HTML><BODY>" >> ${PERFRESULTS}
+
+mkdir -p ${CIPHERDIR}
+cd ${CIPHERDIR}
+
+if [ -z $1 ]; then
+    TESTSET="all"
+else
+    TESTSET=$1
+fi
+
+if [ $TESTSET = "all" -o $TESTSET = "symmkey" ]; then
+echo "<TABLE BORDER=1><TR><TH COLSPAN=6>Symmetric Key Cipher Performance</TH></TR>" >> ${PERFRESULTS}
+echo "<TR bgcolor=lightGreen><TH>MODE</TH><TH>INPUT SIZE (bytes)</TH><TH>SYMMETRIC KEY SIZE (bits)</TH><TH>REPETITIONS (cx/op)</TH><TH>CONTEXT CREATION TIME (ms)</TH><TH>OPERATION TIME (ms)</TH></TR>" >> ${PERFRESULTS}
+
+while read mode keysize bufsize reps cxreps
+do
+    if [ $mode != "#" ]; then
+	echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
+	${BINDIR}/bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${SKPERFOUT}
+	mv "tmp.in.0" "$mode.in"
+	mv tmp.key $mode.key
+	if [ -f tmp.iv ]; then
+	    mv tmp.iv $mode.iv
+	fi
+	echo "bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -v ${CIPHERDIR}/$mode.iv -p $reps -o ${CIPHERDIR}/$mode.out"
+	${BINDIR}/bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -v ${CIPHERDIR}/$mode.iv -p $reps -o ${CIPHERDIR}/$mode.out >> ${SKPERFOUT}
+	echo "bltest -D -m $mode -i ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -v ${CIPHERDIR}/$mode.iv -p $reps -o ${CIPHERDIR}/$mode.inv"
+	${BINDIR}/bltest -D -m $mode -i ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -v ${CIPHERDIR}/$mode.iv -p $reps -o ${CIPHERDIR}/$mode.inv >> ${SKPERFOUT}
+    fi
+done < ${SKTESTS} 
+
+while read md buf sk rps cxrps cx op
+do
+    if [ $md != "#" ]; then
+	echo "<TR><TH>$md</TH><TD align=right>$buf</TD><TD align=right>$sk</TD><TD align=right>$cxrps/$rps</TD><TD align=right>$cx</TD><TD align=right>$op</TD></TR>" >> ${PERFRESULTS}
+    fi
+done < ${SKPERFOUT} 
+
+echo "</TABLE><BR>" >> ${PERFRESULTS}
+
+fi
+
+if [ $TESTSET = "all" -o $TESTSET = "rsa" ]; then
+while read mode keysize bufsize exp reps cxreps
+do
+    if [ $mode != "#" ]; then
+	echo "bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps"
+	${BINDIR}/bltest -N -m $mode -b $bufsize -e $exp -g $keysize -u $cxreps >> ${RSAPERFOUT}
+	mv "tmp.in.0" "$mode.in"
+	mv tmp.key $mode.key
+	echo "bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
+	${BINDIR}/bltest -E -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${RSAPERFOUT}
+	echo "bltest -D -m $mode -i ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.inv"
+	${BINDIR}/bltest -D -m $mode -i ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.inv >> ${RSAPERFOUT}
+    fi
+done < ${RSATESTS} 
+
+echo "<TABLE BORDER=1><TR><TH COLSPAN=7>RSA Cipher Performance</TH></TR>" >> ${PERFRESULTS}
+echo "<TR bgcolor=lightGreen><TH>MODE</TH><TH>INPUT SIZE (bytes)</TH><TH>KEY SIZE (bits)</TH><TH>PUBLIC EXPONENT</TH><TH>REPETITIONS (cx/op)</TH><TH>CONTEXT CREATION TIME (ms)</TH><TH>OPERATION TIME (ms)</TH></TR>" >> ${PERFRESULTS}
+
+while read md buf mod pe rps cxrps cx op
+do
+    if [ $md != "#" ]; then
+	echo "<TR><TH>$md</TH><TD align=right>$buf</TD><TD align=right>$mod</TD><TD align=right>$pe</TD><TD align=right>$cxrps/$rps</TD><TD align=right>$cx</TD><TD align=right>$op</TD></TR>" >> ${PERFRESULTS}
+    fi
+done < ${RSAPERFOUT} 
+
+echo "</TABLE><BR>" >> ${PERFRESULTS}
+fi
+
+if [ $TESTSET = "all" -o $TESTSET = "dsa" ]; then
+
+while read mode keysize bufsize reps cxreps
+do
+    if [ $mode != "#" ]; then
+	echo "bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps"
+	${BINDIR}/bltest -N -m $mode -b $bufsize -g $keysize -u $cxreps >> ${DSAPERFOUT}
+	mv "tmp.in.0" "$mode.in"
+	mv tmp.key $mode.key
+	rm -f $mode.out
+	echo "bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out"
+	${BINDIR}/bltest -S -m $mode -i ${CIPHERDIR}/$mode.in -k ${CIPHERDIR}/$mode.key -p $reps -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
+	echo "bltest -V -m $mode -f ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -i ${CIPHERDIR}/$mode.in -o ${CIPHERDIR}/$mode.out"
+	${BINDIR}/bltest -V -m $mode -f ${CIPHERDIR}/$mode.out -k ${CIPHERDIR}/$mode.key -p $reps -i ${CIPHERDIR}/$mode.in -o ${CIPHERDIR}/$mode.out >> ${DSAPERFOUT}
+    fi
+done < ${DSATESTS} 
+
+echo "<TABLE BORDER=1><TR><TH COLSPAN=6>DSA Cipher Performance</TH></TR>" >> ${PERFRESULTS}
+echo "<TR bgcolor=lightGreen><TH>MODE</TH><TH>INPUT SIZE (bytes)</TH><TH>KEY SIZE (bits)</TH><TH>REPETITIONS (cx/op)</TH><TH>CONTEXT CREATION TIME (ms)</TH><TH>OPERATION TIME (ms)</TH></TR>" >> ${PERFRESULTS}
+
+while read md buf mod rps cxrps cx op
+do
+    if [ $md != "#" ]; then
+	echo "<TR><TH>$md</TH><TD align=right>$buf</TD><TD align=right>$mod</TD><TD align=right>$cxrps/$rps</TD><TD align=right>$cx</TD><TD align=right>$op</TD></TR>" >> ${PERFRESULTS}
+    fi
+done < ${DSAPERFOUT} 
+
+echo "</TABLE><BR>" >> ${PERFRESULTS}
+fi
+
+if [ $TESTSET = "all" -o $TESTSET = "hash" ]; then
+while read mode bufsize reps
+do
+    if [ $mode != "#" ]; then
+	echo "bltest -N -m $mode -b $bufsize"
+	${BINDIR}/bltest -N -m $mode -b $bufsize
+	mv "tmp.in.0" "$mode.in"
+	echo "bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out"
+	${BINDIR}/bltest -H -m $mode -i ${CIPHERDIR}/$mode.in -p $reps -o ${CIPHERDIR}/$mode.out >> ${HASHPERFOUT}
+    fi
+done < ${HASHTESTS} 
+
+echo "<TABLE BORDER=1><TR><TH COLSPAN=6>Hash Cipher Performance</TH></TR>" >> ${PERFRESULTS}
+echo "<TR bgcolor=lightGreen><TH>MODE</TH><TH>INPUT SIZE (bytes)</TH><TH>REPETITIONS</TH><TH>OPERATION TIME (ms)</TH></TR>" >> ${PERFRESULTS}
+
+while read md buf rps cxrps cx op
+do
+    if [ $md != "#" ]; then
+	echo "<TR><TH>$md</TH><TD align=right>$buf</TD><TD align=right>$rps</TD><TD align=right>$op</TD></TR>" >> ${PERFRESULTS}
+    fi
+done < ${HASHPERFOUT} 
+
+echo "</TABLE><BR>" >> ${PERFRESULTS}
+fi
+
+#rm -f ${TEMPFILES}
+cd ${CURDIR}
+
+echo "</BODY></HTML>" >> ${PERFRESULTS}
diff --git a/nss/tests/cipher/rsa.txt b/nss/tests/cipher/rsa.txt
new file mode 100644
index 0000000..aad7126
--- /dev/null
+++ b/nss/tests/cipher/rsa.txt
@@ -0,0 +1,11 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file enables test coverage of the rsa performance tests
+#
+#
+# mode     keysize   bufsize   exponent  repetitions cxrepetitions
+  rsa        32         32       17          1000        5 
+  rsa        64         64        3          500         3 
+  rsa       128        128      65537        200         3 
diff --git a/nss/tests/cipher/symmkey.txt b/nss/tests/cipher/symmkey.txt
new file mode 100644
index 0000000..ad4b11a
--- /dev/null
+++ b/nss/tests/cipher/symmkey.txt
@@ -0,0 +1,36 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file enables test coverage of the symmetric key performance tests
+#
+#
+# mode     keysize   bufsize   repetitions cxrepetitions
+ des_ecb      8       8192       1000         100000
+ des_cbc      8       8192       1000         100000
+ des3_ecb    24       8192       1000         100000
+ des3_cbc    24       8192       1000         100000
+ rc2_ecb      5       8192       1000         100000
+ rc2_ecb      8       8192       1000         100000
+ rc2_ecb     16       8192       1000         100000
+ rc2_cbc      5       8192       1000         100000
+ rc2_cbc      8       8192       1000         100000
+ rc2_cbc     16       8192       1000         100000
+ rc4          5       8192       10000        100000
+ rc4          8       8192       10000        100000
+ rc4         16       8192       10000        100000
+ rc4         24       8192       10000        100000
+ aes_ecb     16       8192       10000        100000
+ aes_cbc     16       8192       10000        100000
+ aes_ecb     32       8192       10000        100000
+ aes_cbc     32       8192       10000        100000
+ aes_ctr     16       8192       10000        100000
+ aes_ctr     32       8192       10000        100000
+ aes_gcm     16       8192       10000        100000
+ aes_gcm     32       8192       10000        100000
+ camellia_ecb     16       8192       10000        100000
+ camellia_cbc     16       8192       10000        100000
+ camellia_ecb     32       8192       10000        100000
+ camellia_cbc     32       8192       10000        100000
+ seed_ecb    16       8192       10000        100000
+ seed_cbc    16       8192       10000        100000
diff --git a/nss/tests/clean_tbx b/nss/tests/clean_tbx
new file mode 100755
index 0000000..4de9555
--- /dev/null
+++ b/nss/tests/clean_tbx
@@ -0,0 +1,172 @@
+#! /bin/perl
+
+#######################################################################
+#
+# /u/sonmi/bin/clean_tbx.pl
+#
+# this script is supposed to remove tinderbox  QA if:
+# QA has passed, there are 2+ newer QA dirs of the same machine and 
+#     platform (32/64) and it is older than 2 hours
+# QA has failed, there are 2+ newer QA dirsof the same machine and 
+#     platform (32/64) with _identical failures and it is older than 
+#     2 hours
+# directory is older than 48 hours
+#
+#######################################################################
+
+use Time::Local;
+
+$ANY_TBX_KEEP_HOURS=48;
+$NOT_FAILED_TBX_KEEP_HOURS=24;
+$PASSED_TBX_KEEP_HOURS=2;
+$IF_TBX_KEEP_HOURS=2;
+$PASSED_NEWER_DIRS=2;
+$IF_NEWER_DIRS=2;
+$verbose = 1;
+
+$TBX_TESTDIR="/share/builds/mccrel3/nss/nsstip/tinderbox/tests_results/security";
+$FTP_STAGE="/u/sonmi/tmp/ftp_stage/tinderbox";
+
+@tbx_dirs = ();  
+
+$eANY_TBX_KEEP=$ANY_TBX_KEEP_HOURS*60*60;
+$ePASSED_TBX_KEEP=$PASSED_TBX_KEEP_HOURS*60*60;
+$eIF_TBX_KEEP=$IF_TBX_KEEP_HOURS*60*60;
+$eNOT_FAILED_TBX_KEEP=$NOT_FAILED_TBX_KEEP_HOURS*60*60;
+
+$year, $month, $days, $hours, $minutes, $seconds;
+$efulldate=0;
+
+$fulldate=0;
+
+$no_bits="";
+$last_no_bits="";
+
+$host="";
+$last_host="";
+
+@tbx_dirs = `ls -r $TBX_TESTDIR`; #sort first by host, 
+                               #then 64, 
+                               #then newest - oldest
+debug ("found $#tbx_dirs directories ");
+
+($seconds, $minutes, $hours, $days, $month, $year) = localtime; 
+
+debug ("$seconds, $minutes, $hours, $days, $month, $year");
+
+$enow = timelocal(localtime);
+
+sub debug;
+sub warning;
+sub error;
+sub msg;
+sub init;
+sub check_tbx_dirs;
+
+sub check_tbx_dirs
+{
+    my $platform_idx=0; # counts directories per platform, newest 
+                        # to oldest (ignores incomplete)
+    my $passed_idx=0;   # counts passed  directories newest to oldest
+    my $QAstatus="unknown";
+    foreach $tbx_dir  (@tbx_dirs) {
+        $tbx_dir =~ s/\n//g;
+        $fulldate = $tbx_dir;
+        $fulldate =~ s/^.*-(20.*-..\...$)/$1/;
+        $day = $month = $year = $hour = $min = $fulldate;
+        $host = $tbx_dir;
+        $host =~ s/-20.*//;
+        $no_bits = $host;
+        $host =~ s/64$//;
+        $no_bits =~ s/.*64$/64/;
+        $no_bits =~ s/^[^6].*/other/;
+        $year =~ s/(....).*/$1/;
+        $month =~ s/....(..).*/$1/;
+        $day =~ s/......(..).*/$1/;
+        $hour =~ s/........-(..).*/$1/;
+        $min =~ s/.*\.(..)$/$1/;
+        
+
+        if ( -f "$TBX_TESTDIR/$tbx_dir/QAstatus" ) {
+            $QAstatus=`cat $TBX_TESTDIR/$tbx_dir/QAstatus 2>/dev/null`;
+            $QAstatus =~ s/\n$//g;
+        } else {
+            $QAstatus="unknown";
+        }
+
+        $efulldate = timelocal( 0, $min, $hour, $day, $month-1, $year-1900);
+        if ( "$host" !~ "$last_host" || "$no_bits" !~ "$last_no_bits" ) {
+            if ( $QAstatus !~ "QA running" ) {
+                $platform_idx = 0;
+            } else {
+                $platform_idx = -1;
+            }
+            $passed_idx = 0;
+
+            $last_host = $host;
+            $last_no_bits = $no_bits;
+        } else {
+            $platform_idx ++;
+            $passed_idx++ if ( $QAstatus =~ "QA passed" ) ;
+        }
+
+        debug ("$tbx_dir host $host date $fulldate bits $no_bits $year/$month/$day  $hour:$min QAstatus $QAstatus pli $platform_idx pai $passed_idx");
+
+        if ( $passed_idx > $PASSED_NEWER_DIRS && $QAstatus =~ "QA passed" ) {
+            $ekeeptime=$efulldate + $ePASSED_TBX_KEEP;
+            #($s, $m, $h, $d, $mo, $y) = localtime($ekeeptime);
+            #debug ("$passed_idx > $PASSED_NEWER_DIRS ekeeptime ($s, $m, $h, $d, $mo, $y) == $ekeeptime");
+             rm_tbx ("Passed $PASSED_TBX_KEEP_HOURS +  hours old") if ( $ekeeptime <= $enow );
+        } elsif ( $QAstatus !~ "QA failed" ) {
+            $ekeeptime=$efulldate + $eNOT_FAILED_TBX_KEEP;
+            rm_tbx ("Not failed $NOT_FAILED_TBX_KEEP_HOURS + hours old") if ( $ekeeptime <= $enow );
+	} else {
+            $ekeeptime=$efulldate + $eANY_TBX_KEEP;
+             rm_tbx ("Passed 2+ hours old") if ( $ekeeptime <= $enow );
+        }
+        if  ( $QAstatus =~ "QA failed" ) {
+            $ekeeptime=$efulldate + $eIF_TBX_KEEP;
+            #FIXME - compare to the previous failure by filtering and 
+            #FIXME diffing the results.html files (first grep failed)
+        }
+    }
+
+}
+
+sub rm_tbx()
+{
+
+debug ("DELETING $tbx_dir... (@_[0]) ");
+system("rm -rf $TBX_TESTDIR/$tbx_dir");
+#debug ("rm -rf $TBX_TESTDIR/$tbx_dir");
+
+}
+
+sub msg
+{
+    my $i;
+    for ($i = 0; $i <= $#_ ; $i++ ) {
+        print "@_[$i] ";
+    }
+    print "\n";
+
+}
+sub error
+{
+    msg ("ERROR:  " ,@_ );
+}
+
+sub warning
+{
+    msg ("WARNING:" ,@_ );
+}
+sub debug
+{
+    if ( $verbose == 1 ) {
+        msg ("DEBUG:  " ,@_ );
+    } elsif ( $verbose == 2 ) {
+        msg (@_ );
+    }
+}
+
+check_tbx_dirs;
diff --git a/nss/tests/cmdtests/cmdtests.sh b/nss/tests/cmdtests/cmdtests.sh
new file mode 100644
index 0000000..cc925b2
--- /dev/null
+++ b/nss/tests/cmdtests/cmdtests.sh
@@ -0,0 +1,101 @@
+#! /bin/sh  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+# Script to run small tests to test specific crashes of NSS
+#
+# needs to work on all Unix and Windows platforms
+#
+# included from 
+# --------------
+#   all.sh
+#
+# tests implemented:
+# vercrt (verify encryption cert - bugzilla bug 119059)
+# vercrtfps (verify encryption cert in fips mode - bugzilla bug 119214)
+# test3 (CERT_FindUserCertByUsage called 2nd time - bug 118864)
+#
+# special strings
+# ---------------
+#
+########################################################################
+
+############################## cmdtests_init ###########################
+# local shell function to initialize this script 
+########################################################################
+cmdtests_init()
+{
+  SCRIPTNAME=cmdtests.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  SCRIPTNAME=cmdtests.sh
+  html_head "Tests in cmd/tests"
+
+# grep "SUCCESS: cmd/tests passed" $CERT_LOG_FILE >/dev/null || {
+#     Exit 15 "Fatal - cert.sh needs to pass first"
+# }
+
+  CMDTESTSDIR=${HOSTDIR}/cmd/tests
+  COPYDIR=${CMDTESTSDIR}/copydir
+
+  R_CMDTESTSDIR=../cmd/tests
+  R_COPYDIR=../cmd/tests/copydir
+  P_R_COPYDIR=${R_COPYDIR}
+
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+     P_R_COPYDIR="multiaccess:Cmdtests.$version"
+  fi
+
+  mkdir -p ${CMDTESTSDIR}
+  mkdir -p ${COPYDIR}
+  mkdir -p ${CMDTESTSDIR}/html
+
+  cd ${CMDTESTSDIR}
+}
+
+############################## ct_vercrt ##################################
+# CERT_VerifyCert should not fail when verifying encryption cert 
+# Bugzilla Bug 119059
+########################################################################
+#ct_vercrt()
+#{
+ # echo "$SCRIPTNAME: Verify encryption certificate ----------------------"
+ # echo "vercrt"
+ # vercrt
+ # ret=$?
+ # html_msg $ret 0 "Verify encryption certificate (vercrt)"
+#
+#}
+
+
+############################## cmdtests_cleanup ########################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+cmdtests_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+cmdtests_init
+
+#ct_vercrt
+cmdtests_cleanup
diff --git a/nss/tests/common/Makefile b/nss/tests/common/Makefile
new file mode 100644
index 0000000..7faa677
--- /dev/null
+++ b/nss/tests/common/Makefile
@@ -0,0 +1,24 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH	= ../..
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+objdir_name:
+	@echo $(OBJDIR_NAME)
+
+os_arch:
+	@echo $(OS_ARCH)
+
+dll_prefix:
+	@echo $(DLL_PREFIX)
+
+dll_suffix:
+	@echo $(DLL_SUFFIX)
+
+freebl_lowhash:
+	@echo $(FREEBL_LOWHASH)
diff --git a/nss/tests/common/cleanup.sh b/nss/tests/common/cleanup.sh
new file mode 100755
index 0000000..40d8bc4
--- /dev/null
+++ b/nss/tests/common/cleanup.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then
+    echo
+    echo "SUMMARY:"
+    echo "========"
+    echo "NSS variables:"
+    echo "--------------"
+    echo "HOST=${HOST}"
+    echo "DOMSUF=${DOMSUF}"
+    echo "BUILD_OPT=${BUILD_OPT}"
+    if [ "${OS_ARCH}" = "Linux" ]; then
+        echo "USE_X32=${USE_X32}"
+    fi
+    echo "USE_64=${USE_64}"
+    echo "NSS_CYCLES=\"${NSS_CYCLES}\""
+    echo "NSS_TESTS=\"${NSS_TESTS}\""
+    echo "NSS_SSL_TESTS=\"${NSS_SSL_TESTS}\""
+    echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\""
+    echo "NSS_AIA_PATH=${NSS_AIA_PATH}"
+    echo "NSS_AIA_HTTP=${NSS_AIA_HTTP}"
+    echo "NSS_AIA_OCSP=${NSS_AIA_OCSP}"
+    echo "IOPR_HOSTADDR_LIST=${IOPR_HOSTADDR_LIST}"
+    echo "PKITS_DATA=${PKITS_DATA}"
+    echo
+    echo "Tests summary:"
+    echo "--------------"
+    LINES_CNT=$(cat ${RESULTS} | grep ">Passed<" | wc -l | sed s/\ *//)
+    echo "Passed:             ${LINES_CNT}"
+    FAILED_CNT=$(cat ${RESULTS} | grep ">Failed<" | wc -l | sed s/\ *//)
+    echo "Failed:             ${FAILED_CNT}"
+    CORE_CNT=$(cat ${RESULTS} | grep ">Failed Core<" | wc -l | sed s/\ *//)
+    echo "Failed with core:   ${CORE_CNT}"
+    ASAN_CNT=$(cat $LOGFILE | grep "SUMMARY: AddressSanitizer" | wc -l | sed s/\ *//)
+    echo "ASan failures:      ${ASAN_CNT}"
+    LINES_CNT=$(cat ${RESULTS} | grep ">Unknown<" | wc -l | sed s/\ *//)
+    echo "Unknown status:     ${LINES_CNT}"
+    if [ ${LINES_CNT} -gt 0 ]; then
+        echo "TinderboxPrint:Unknown: ${LINES_CNT}"
+    fi
+    echo
+
+    html "END_OF_TEST<BR>"
+    html "</BODY></HTML>" 
+    rm -f ${TEMPFILES} 2>/dev/null
+    if [ ${FAILED_CNT} -gt 0 ] || [ ${ASAN_CNT} -gt 0 ]; then
+        exit 1
+    fi
+
+fi
diff --git a/nss/tests/common/init.sh b/nss/tests/common/init.sh
new file mode 100644
index 0000000..3598e82
--- /dev/null
+++ b/nss/tests/common/init.sh
@@ -0,0 +1,672 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/common/init.sh
+#
+# initialization for NSS QA, can be included multiple times
+# from all.sh and the individual scripts
+#
+# variables, utilities and shellfunctions global to NSS QA
+# needs to work on all Unix and Windows platforms
+#
+# included from
+# -------------
+#   all.sh
+#   ssl.sh
+#   sdr.sh
+#   cipher.sh
+#   perf.sh
+#   cert.sh
+#   smime.sh
+#   tools.sh
+#   fips.sh
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+# NOTE:
+# -----
+#    Unlike the old QA this is based on files sourcing each other
+#    This is done to save time, since a great portion of time is lost
+#    in calling and sourcing the same things multiple times over the
+#    network. Also, this way all scripts have all shell function  available
+#    and a completely common environment
+#
+########################################################################
+
+NSS_STRICT_SHUTDOWN=1
+export NSS_STRICT_SHUTDOWN
+
+# Init directories based on HOSTDIR variable
+if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+    init_directories()
+    {
+        TMP=${HOSTDIR}      #TMP=${TMP-/tmp}
+        TEMP=${TMP}
+        TMPDIR=${TMP}
+
+        CADIR=${HOSTDIR}/CA
+        SERVERDIR=${HOSTDIR}/server
+        CLIENTDIR=${HOSTDIR}/client
+        ALICEDIR=${HOSTDIR}/alicedir
+        BOBDIR=${HOSTDIR}/bobdir
+        DAVEDIR=${HOSTDIR}/dave
+        EVEDIR=${HOSTDIR}/eve
+        FIPSDIR=${HOSTDIR}/fips
+        DBPASSDIR=${HOSTDIR}/dbpass
+        ECCURVES_DIR=${HOSTDIR}/eccurves
+        DISTRUSTDIR=${HOSTDIR}/distrust
+
+        SERVER_CADIR=${HOSTDIR}/serverCA
+        CLIENT_CADIR=${HOSTDIR}/clientCA
+        EXT_SERVERDIR=${HOSTDIR}/ext_server
+        EXT_CLIENTDIR=${HOSTDIR}/ext_client
+
+        IOPR_CADIR=${HOSTDIR}/CA_iopr
+        IOPR_SSL_SERVERDIR=${HOSTDIR}/server_ssl_iopr
+        IOPR_SSL_CLIENTDIR=${HOSTDIR}/client_ssl_iopr
+        IOPR_OCSP_CLIENTDIR=${HOSTDIR}/client_ocsp_iopr
+
+        CERT_EXTENSIONS_DIR=${HOSTDIR}/cert_extensions
+        STAPLINGDIR=${HOSTDIR}/stapling
+        SSLGTESTDIR=${HOSTDIR}/ssl_gtests
+        GTESTDIR=${HOSTDIR}/gtests
+
+        PWFILE=${HOSTDIR}/tests.pw
+        NOISE_FILE=${HOSTDIR}/tests_noise
+        CORELIST_FILE=${HOSTDIR}/clist
+
+        FIPSPWFILE=${HOSTDIR}/tests.fipspw
+        FIPSBADPWFILE=${HOSTDIR}/tests.fipsbadpw
+        FIPSP12PWFILE=${HOSTDIR}/tests.fipsp12pw
+
+        echo "fIps140" > ${FIPSPWFILE}
+        echo "fips104" > ${FIPSBADPWFILE}
+        echo "pKcs12fips140" > ${FIPSP12PWFILE}
+
+        noise
+
+        P_SERVER_CADIR=${SERVER_CADIR}
+        P_CLIENT_CADIR=${CLIENT_CADIR}
+
+        if [ -n "${MULTIACCESS_DBM}" ]; then
+            P_SERVER_CADIR="multiaccess:${D_SERVER_CA}"
+            P_CLIENT_CADIR="multiaccess:${D_CLIENT_CA}"
+        fi
+
+
+        # a new log file, short - fast to search, mostly for tools to
+        # see if their portion of the cert has succeeded, also for me -
+        CERT_LOG_FILE=${HOSTDIR}/cert.log      #the output.log is so crowded...
+
+        TEMPFILES=foobar   # keep "${PWFILE} ${NOISE_FILE}" around
+
+        export HOSTDIR
+    }
+
+# Generate noise file
+    noise()
+    {
+        # NOTE: these keys are only suitable for testing, as this whole thing
+        # bypasses the entropy gathering. Don't use this method to generate
+        # keys and certs for product use or deployment.
+        ps -efl > ${NOISE_FILE} 2>&1
+        ps aux >> ${NOISE_FILE} 2>&1
+        date >> ${NOISE_FILE} 2>&1
+    }
+
+# Print selected environment variable (used for backup)
+    env_backup()
+    {
+        echo "HOSTDIR=\"${HOSTDIR}\""
+        echo "TABLE_ARGS="
+        echo "NSS_TEST_DISABLE_CRL=${NSS_TEST_DISABLE_CRL}"
+        echo "NSS_SSL_TESTS=\"${NSS_SSL_TESTS}\""
+        echo "NSS_SSL_RUN=\"${NSS_SSL_RUN}\""
+        echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
+        echo "export NSS_DEFAULT_DB_TYPE"
+        echo "NSS_ENABLE_PKIX_VERIFY=${NSS_ENABLE_PKIX_VERIFY}"
+        echo "export NSS_ENABLE_PKIX_VERIFY"
+        echo "init_directories"
+    }
+
+# Exit shellfunction to clean up at exit (error, regular or signal)
+    Exit()
+    {
+        if [ -n "$1" ] ; then
+            echo "$SCRIPTNAME: Exit: $* - FAILED"
+            html_failed "$*"
+        fi
+        echo "</TABLE><BR>" >> ${RESULTS}
+        if [ -n "${SERVERPID}" -a -f "${SERVERPID}" ]; then
+            ${KILL} `cat ${SERVERPID}`
+        fi
+        cd ${QADIR}
+        . common/cleanup.sh
+        case $1 in
+            [0-4][0-9]|[0-9])
+                exit $1;
+                ;;
+            *)
+                exit 1
+                ;;
+        esac
+    }
+
+    detect_core()
+    {
+        [ ! -f $CORELIST_FILE ] && touch $CORELIST_FILE
+        mv $CORELIST_FILE ${CORELIST_FILE}.old
+        coreStr=`find $HOSTDIR -type f -name '*core*'`
+        res=0
+        if [ -n "$coreStr" ]; then
+            sum $coreStr > $CORELIST_FILE
+            res=`cat $CORELIST_FILE ${CORELIST_FILE}.old | sort | uniq -u | wc -l`
+        fi
+        return $res
+    }
+
+#html functions to give the resultfiles a consistant look
+    html() #########################    write the results.html file
+    {      # 3 functions so we can put targets in the output.log easier
+        echo $* >>${RESULTS}
+    }
+    increase_msg_id()
+    {
+        MSG_ID=`cat ${MSG_ID_FILE}`
+        MSG_ID=`expr ${MSG_ID} + 1`
+        echo ${MSG_ID} > ${MSG_ID_FILE}
+    }
+    html_passed_ignore_core()
+    {
+        increase_msg_id
+        html "<TR><TD>#${MSG_ID}: $1 ${HTML_PASSED}"
+        echo "${SCRIPTNAME}: #${MSG_ID}: $* - PASSED"
+    }
+    html_passed()
+    {
+        html_detect_core "$@" || return
+        html_passed_ignore_core "$@"
+    }
+    html_failed_ignore_core()
+    {
+        increase_msg_id
+        html "<TR><TD>#${MSG_ID}: $1 ${HTML_FAILED}"
+        echo "${SCRIPTNAME}: #${MSG_ID}: $* - FAILED"
+    }
+    html_failed()
+    {
+        html_detect_core "$@" || return
+        html_failed_ignore_core "$@" || return
+    }
+    html_unknown_ignore_core()
+    {
+        increase_msg_id
+        html "<TR><TD>#${MSG_ID}: $1 ${HTML_UNKNOWN}"
+        echo "${SCRIPTNAME}: #${MSG_ID}: $* - UNKNOWN"
+    }
+    html_unknown()
+    {
+        html_detect_core "$@" || return
+        increase_msg_id
+        html "<TR><TD>#${MSG_ID}: $1 ${HTML_UNKNOWN}"
+        echo "${SCRIPTNAME}: #${MSG_ID}: $* - UNKNOWN"
+    }
+    html_detect_core()
+    {
+        detect_core
+        if [ $? -ne 0 ]; then
+            increase_msg_id
+            html "<TR><TD>#${MSG_ID}: $* ${HTML_FAILED_CORE}"
+            echo "${SCRIPTNAME}: #${MSG_ID}: $* - Core file is detected - FAILED"
+            return 1
+        fi
+        return 0
+    }
+    html_head()
+    {
+
+        html "<TABLE BORDER=1 ${TABLE_ARGS}><TR><TH COLSPAN=3>$*</TH></TR>"
+        html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>"
+        echo "$SCRIPTNAME: $* ==============================="
+    }
+    html_msg()
+    {
+        if [ $1 -ne $2 ] ; then
+            html_failed "$3" "$4"
+        else
+            html_passed "$3" "$4"
+        fi
+    }
+    HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
+    HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
+    HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
+    HTML_UNKNOWN='</TD><TD>Unknown</TD><TR>'
+    TABLE_ARGS=
+
+
+#directory name init
+    SCRIPTNAME=init.sh
+
+    mozilla_root=`(cd ../../..; pwd)`
+    MOZILLA_ROOT=${MOZILLA_ROOT-$mozilla_root}
+
+    qadir=`(cd ..; pwd)`
+    QADIR=${QADIR-$qadir}
+
+    common=${QADIR}/common
+    COMMON=${TEST_COMMON-$common}
+    export COMMON
+
+    DIST=${DIST-${MOZILLA_ROOT}/dist}
+    TESTDIR=${TESTDIR-${MOZILLA_ROOT}/tests_results/security}
+
+    # Allow for override options from a config file
+    if [ -n "${OBJDIR}" -a -f ${DIST}/${OBJDIR}/platform.cfg ]; then
+        . ${DIST}/${OBJDIR}/platform.cfg
+    fi
+
+    # only need make if we don't already have certain variables set
+    if [ -z "${OBJDIR}" -o -z "${OS_ARCH}" -o -z "${DLL_PREFIX}" -o -z "${DLL_SUFFIX}" ]; then
+        MAKE=gmake
+        $MAKE -v >/dev/null 2>&1 || MAKE=make
+        $MAKE -v >/dev/null 2>&1 || { echo "You are missing make."; exit 5; }
+        MAKE="$MAKE --no-print-directory"
+    fi
+
+    if [ "${OBJDIR}" = "" ]; then
+        if [ -f ${DIST}/latest ]; then
+            OBJDIR=$(cat ${DIST}/latest)
+        else
+            OBJDIR=`($MAKE -s -C $COMMON objdir_name)`
+        fi
+    fi
+    if [ "${OS_ARCH}" = "" ]; then
+        OS_ARCH=`(cd $COMMON; $MAKE os_arch)`
+    fi
+    if [ "${DLL_PREFIX}" = "" ]; then
+        DLL_PREFIX=`(cd $COMMON; $MAKE dll_prefix)`
+    fi
+    if [ "${DLL_SUFFIX}" = "" ]; then
+        DLL_SUFFIX=`(cd $COMMON; $MAKE dll_suffix)`
+    fi
+    OS_NAME=`uname -s | sed -e "s/-[0-9]*\.[0-9]*//" | sed -e "s/-WOW64//"`
+
+    BINDIR="${DIST}/${OBJDIR}/bin"
+
+    # Pathnames constructed from ${TESTDIR} are passed to NSS tools
+    # such as certutil, which don't understand Cygwin pathnames.
+    # So we need to convert ${TESTDIR} to a Windows pathname (with
+    # regular slashes).
+    if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+        TESTDIR=`cygpath -m ${TESTDIR}`
+        QADIR=`cygpath -m ${QADIR}`
+    fi
+
+    # Same problem with MSYS/Mingw, except we need to start over with pwd -W
+    if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "MINGW32_NT" ]; then
+                mingw_mozilla_root=`(cd ../../..; pwd -W)`
+                MINGW_MOZILLA_ROOT=${MINGW_MOZILLA_ROOT-$mingw_mozilla_root}
+                TESTDIR=${MINGW_TESTDIR-${MINGW_MOZILLA_ROOT}/tests_results/security}
+    fi
+
+    # Same problem with MSYS/Mingw, except we need to start over with pwd -W
+    if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "MINGW32_NT" ]; then
+                mingw_mozilla_root=`(cd ../../..; pwd -W)`
+                MINGW_MOZILLA_ROOT=${MINGW_MOZILLA_ROOT-$mingw_mozilla_root}
+                TESTDIR=${MINGW_TESTDIR-${MINGW_MOZILLA_ROOT}/tests_results/security}
+    fi
+    echo testdir is $TESTDIR
+
+#in case of backward comp. tests the calling scripts set the
+#PATH and LD_LIBRARY_PATH and do not want them to be changed
+    if [ -z "${DON_T_SET_PATHS}" -o "${DON_T_SET_PATHS}" != "TRUE" ] ; then
+        if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME"  != "CYGWIN_NT" -a "$OS_NAME" != "MINGW32_NT" ]; then
+            PATH=.\;${DIST}/${OBJDIR}/bin\;${DIST}/${OBJDIR}/lib\;$PATH
+            PATH=`perl ../path_uniq -d ';' "$PATH"`
+        elif [ "${OS_ARCH}" = "Android" ]; then
+            # android doesn't have perl, skip the uniq step
+            PATH=.:${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:$PATH
+        else
+            PATH=.:${DIST}/${OBJDIR}/bin:${DIST}/${OBJDIR}/lib:/bin:/usr/bin:$PATH
+            # added /bin and /usr/bin in the beginning so a local perl will
+            # be used
+            PATH=`perl ../path_uniq -d ':' "$PATH"`
+        fi
+
+        LD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib:$LD_LIBRARY_PATH
+        SHLIB_PATH=${DIST}/${OBJDIR}/lib:$SHLIB_PATH
+        LIBPATH=${DIST}/${OBJDIR}/lib:$LIBPATH
+        DYLD_LIBRARY_PATH=${DIST}/${OBJDIR}/lib:$DYLD_LIBRARY_PATH
+    fi
+
+    if [ ! -d "${TESTDIR}" ]; then
+        echo "$SCRIPTNAME init: Creating ${TESTDIR}"
+        mkdir -p ${TESTDIR}
+    fi
+
+#HOST and DOMSUF are needed for the server cert
+
+    DOMAINNAME=`which domainname`
+    if [ -z "${DOMSUF}" -a $? -eq 0 -a -n "${DOMAINNAME}" ]; then
+        DOMSUF=`domainname`
+    fi
+
+    case $HOST in
+        *\.*)
+            if [ -z "${DOMSUF}" ]; then
+                DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
+            fi
+            HOST=`echo $HOST | sed -e "s/\..*//"`
+            ;;
+        ?*)
+            ;;
+        *)
+            HOST=`uname -n`
+            case $HOST in
+                *\.*)
+                    if [ -z "${DOMSUF}" ]; then
+                        DOMSUF=`echo $HOST | sed -e "s/^[^.]*\.//"`
+                    fi
+                    HOST=`echo $HOST | sed -e "s/\..*//"`
+                    ;;
+                ?*)
+                    ;;
+                *)
+                    echo "$SCRIPTNAME: Fatal HOST environment variable is not defined."
+                    exit 1 #does not need to be Exit, very early in script
+                    ;;
+            esac
+            ;;
+    esac
+
+    if [ -z "${DOMSUF}" -a "${OS_ARCH}" != "Android" ]; then
+        echo "$SCRIPTNAME: Fatal DOMSUF env. variable is not defined."
+        exit 1 #does not need to be Exit, very early in script
+    fi
+
+#HOSTADDR was a workaround for the dist. stress test, and is probably
+#not needed anymore (purpose: be able to use IP address for the server
+#cert instead of PC name which was not in the DNS because of dyn IP address
+    if [ -z "$USE_IP" -o "$USE_IP" != "TRUE" ] ; then
+        if [ -z "${DOMSUF}" ]; then
+            HOSTADDR=${HOST}
+        else
+            HOSTADDR=${HOST}.${DOMSUF}
+        fi
+    else
+        HOSTADDR=${IP_ADDRESS}
+    fi
+
+#if running remote side of the distributed stress test we need to use
+#the files that the server side gives us...
+    if [ -n "$DO_REM_ST" -a "$DO_REM_ST" = "TRUE" ] ; then
+        for w in `ls -rtd ${TESTDIR}/${HOST}.[0-9]* 2>/dev/null |
+            sed -e "s/.*${HOST}.//"` ; do
+                version=$w
+        done
+        HOSTDIR=${TESTDIR}/${HOST}.$version
+        echo "$SCRIPTNAME init: HOSTDIR $HOSTDIR"
+        echo $HOSTDIR
+        if [ ! -d $HOSTDIR ] ; then
+            echo "$SCRIPTNAME: Fatal: Remote side of dist. stress test "
+            echo "       - server HOSTDIR $HOSTDIR does not exist"
+            exit 1 #does not need to be Exit, very early in script
+        fi
+    fi
+
+#find the HOSTDIR, where the results are supposed to go
+    if [ -n "${HOSTDIR}" ]; then
+        version=`echo $HOSTDIR | sed  -e "s/.*${HOST}.//"`
+    else
+        if [ -f "${TESTDIR}/${HOST}" ]; then
+            version=`cat ${TESTDIR}/${HOST}`
+        else
+            version=1
+        fi
+#file has a tendency to disappear, messing up the rest of QA -
+#workaround to find the next higher number if version file is not there
+        if [ -z "${version}" ]; then    # for some strange reason this file
+                                        # gets truncated at times... Windos
+            for w in `ls -d ${TESTDIR}/${HOST}.[0-9]* 2>/dev/null |
+                sort -t '.' -n | sed -e "s/.*${HOST}.//"` ; do
+                version=`expr $w + 1`
+            done
+            if [ -z "${version}" ]; then
+                version=1
+            fi
+        fi
+        expr $version + 1 > ${TESTDIR}/${HOST}
+
+        HOSTDIR=${TESTDIR}/${HOST}'.'$version
+
+        mkdir -p ${HOSTDIR}
+    fi
+
+#result and log file and filename init,
+    if [ -z "${LOGFILE}" ]; then
+        LOGFILE=${HOSTDIR}/output.log
+    fi
+    if [ ! -f "${LOGFILE}" ]; then
+        touch ${LOGFILE}
+    fi
+    if [ -z "${RESULTS}" ]; then
+        RESULTS=${HOSTDIR}/results.html
+    fi
+    if [ ! -f "${RESULTS}" ]; then
+        cp ${COMMON}/results_header.html ${RESULTS}
+        html "<H4>Platform: ${OBJDIR}<BR>"
+        html "Test Run: ${HOST}.$version</H4>"
+        html "${BC_ACTION}"
+        html "<HR><BR>"
+        html "<HTML><BODY>"
+
+        echo "********************************************" | tee -a ${LOGFILE}
+        echo "   Platform: ${OBJDIR}"                       | tee -a ${LOGFILE}
+        echo "   Results: ${HOST}.$version"                 | tee -a ${LOGFILE}
+        echo "********************************************" | tee -a ${LOGFILE}
+        echo "$BC_ACTION"                                   | tee -a ${LOGFILE}
+#if running remote side of the distributed stress test
+# let the user know who it is...
+    elif [ -n "$DO_REM_ST" -a "$DO_REM_ST" = "TRUE" ] ; then
+        echo "********************************************" | tee -a ${LOGFILE}
+        echo "   Platform: ${OBJDIR}"                       | tee -a ${LOGFILE}
+        echo "   Results: ${HOST}.$version"                 | tee -a ${LOGFILE}
+        echo "   remote side of distributed stress test "   | tee -a ${LOGFILE}
+        echo "   `uname -n -s`"                             | tee -a ${LOGFILE}
+        echo "********************************************" | tee -a ${LOGFILE}
+    fi
+
+    echo "$SCRIPTNAME init: Testing PATH $PATH against LIB $LD_LIBRARY_PATH" |\
+        tee -a ${LOGFILE}
+
+    KILL="kill"
+
+    if [ `uname -s` = "SunOS" ]; then
+        PS="/usr/5bin/ps"
+    else
+        PS="ps"
+    fi
+#found 3 rsh's so far that do not work as expected - cygnus mks6
+#(restricted sh) and mks 7 - if it is not in c:/winnt/system32 it
+#needs to be set in the environ.ksh
+    if [ -z "$RSH" ]; then
+        if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME"  = "CYGWIN_NT" ]; then
+            RSH=/cygdrive/c/winnt/system32/rsh
+        elif [ "${OS_ARCH}" = "WINNT" ]; then
+            RSH=c:/winnt/system32/rsh
+        else
+            RSH=rsh
+        fi
+    fi
+
+
+#more filename and directoryname init
+    CURDIR=`pwd`
+
+    CU_ACTION='Unknown certutil action'
+
+    # would like to preserve some tmp files, also easier to see if there
+    # are "leftovers" - another possibility ${HOSTDIR}/tmp
+
+    init_directories
+
+    FIPSCERTNICK="FIPS_PUB_140_Test_Certificate"
+
+    # domains to handle ipc based access to databases
+    D_CA="TestCA.$version"
+    D_ALICE="Alice.$version"
+    D_BOB="Bob.$version"
+    D_DAVE="Dave.$version"
+    D_EVE="Eve.$version"
+    D_SERVER_CA="ServerCA.$version"
+    D_CLIENT_CA="ClientCA.$version"
+    D_SERVER="Server.$version"
+    D_CLIENT="Client.$version"
+    D_FIPS="FIPS.$version"
+    D_DBPASS="DBPASS.$version"
+    D_ECCURVES="ECCURVES.$version"
+    D_EXT_SERVER="ExtendedServer.$version"
+    D_EXT_CLIENT="ExtendedClient.$version"
+    D_CERT_EXTENSTIONS="CertExtensions.$version"
+    D_DISTRUST="Distrust.$version"
+
+    # we need relative pathnames of these files abd directories, since our
+    # tools can't handle the unix style absolut pathnames on cygnus
+
+    R_CADIR=../CA
+    R_SERVERDIR=../server
+    R_CLIENTDIR=../client
+    R_IOPR_CADIR=../CA_iopr
+    R_IOPR_SSL_SERVERDIR=../server_ssl_iopr
+    R_IOPR_SSL_CLIENTDIR=../client_ssl_iopr
+    R_IOPR_OCSP_CLIENTDIR=../client_ocsp_iopr
+    R_ALICEDIR=../alicedir
+    R_BOBDIR=../bobdir
+    R_DAVEDIR=../dave
+    R_EVEDIR=../eve
+    R_EXT_SERVERDIR=../ext_server
+    R_EXT_CLIENTDIR=../ext_client
+    R_CERT_EXT=../cert_extensions
+    R_STAPLINGDIR=../stapling
+    R_SSLGTESTDIR=../ssl_gtests
+    R_GTESTDIR=../gtests
+
+    #
+    # profiles are either paths or domains depending on the setting of
+    # MULTIACCESS_DBM
+    #
+    P_R_CADIR=${R_CADIR}
+    P_R_ALICEDIR=${R_ALICEDIR}
+    P_R_BOBDIR=${R_BOBDIR}
+    P_R_DAVEDIR=${R_DAVEDIR}
+    P_R_EVEDIR=${R_EVEDIR}
+    P_R_SERVERDIR=${R_SERVERDIR}
+    P_R_CLIENTDIR=${R_CLIENTDIR}
+    P_R_EXT_SERVERDIR=${R_EXT_SERVERDIR}
+    P_R_EXT_CLIENTDIR=${R_EXT_CLIENTDIR}
+    if [ -n "${MULTIACCESS_DBM}" ]; then
+        P_R_CADIR="multiaccess:${D_CA}"
+        P_R_ALICEDIR="multiaccess:${D_ALICE}"
+        P_R_BOBDIR="multiaccess:${D_BOB}"
+        P_R_DAVEDIR="multiaccess:${D_DAVE}"
+        P_R_EVEDIR="multiaccess:${D_EVE}"
+        P_R_SERVERDIR="multiaccess:${D_SERVER}"
+        P_R_CLIENTDIR="multiaccess:${D_CLIENT}"
+        P_R_EXT_SERVERDIR="multiaccess:${D_EXT_SERVER}"
+        P_R_EXT_CLIENTDIR="multiaccess:${D_EXT_CLIENT}"
+    fi
+
+    R_PWFILE=../tests.pw
+    R_NOISE_FILE=../tests_noise
+
+    R_FIPSPWFILE=../tests.fipspw
+    R_FIPSBADPWFILE=../tests.fipsbadpw
+    R_FIPSP12PWFILE=../tests.fipsp12pw
+
+    trap "Exit $0 Signal_caught" 2 3
+
+    export PATH LD_LIBRARY_PATH SHLIB_PATH LIBPATH DYLD_LIBRARY_PATH
+    export DOMSUF HOSTADDR
+    export KILL PS
+    export MOZILLA_ROOT DIST TESTDIR OBJDIR QADIR
+    export LOGFILE SCRIPTNAME
+
+#used for the distributed stress test, the server generates certificates
+#from GLOB_MIN_CERT to GLOB_MAX_CERT
+# NOTE - this variable actually gets initialized by directly by the
+# ssl_dist_stress.shs sl_ds_init() before init is called - need to change
+# in  both places. speaking of data encapsulatioN...
+
+    if [ -z "$GLOB_MIN_CERT" ] ; then
+        GLOB_MIN_CERT=0
+    fi
+    if [ -z "$GLOB_MAX_CERT" ] ; then
+        GLOB_MAX_CERT=200
+    fi
+    if [ -z "$MIN_CERT" ] ; then
+        MIN_CERT=$GLOB_MIN_CERT
+    fi
+    if [ -z "$MAX_CERT" ] ; then
+        MAX_CERT=$GLOB_MAX_CERT
+    fi
+
+    #################################################
+    # CRL SSL testing constatnts
+    #
+
+
+    CRL_GRP_1_BEGIN=40
+    CRL_GRP_1_RANGE=3
+    UNREVOKED_CERT_GRP_1=41
+
+    CRL_GRP_2_BEGIN=43
+    CRL_GRP_2_RANGE=6
+    UNREVOKED_CERT_GRP_2=46
+
+    CRL_GRP_3_BEGIN=49
+    CRL_GRP_3_RANGE=4
+    UNREVOKED_CERT_GRP_3=51
+
+    TOTAL_CRL_RANGE=`expr ${CRL_GRP_1_RANGE} + ${CRL_GRP_2_RANGE} + \
+                     ${CRL_GRP_3_RANGE}`
+
+    TOTAL_GRP_NUM=3
+
+    RELOAD_CRL=1
+
+    NSS_DEFAULT_DB_TYPE="dbm"
+    export NSS_DEFAULT_DB_TYPE
+
+    MSG_ID_FILE="${HOSTDIR}/id"
+    MSG_ID=0
+    echo ${MSG_ID} > ${MSG_ID_FILE}
+
+    #################################################
+    # Interoperability testing constatnts
+    #
+    # if suite is setup for testing, IOPR_HOSTADDR_LIST should have
+    # at least one host name(FQDN)
+    # Example   IOPR_HOSTADDR_LIST="goa1.SFBay.Sun.COM"
+
+    if [ -z "`echo ${IOPR_HOSTADDR_LIST} | grep '[A-Za-z]'`" ]; then
+        IOPR=0
+    else
+        IOPR=1
+    fi
+    #################################################
+
+    if [ "${OS_ARCH}" != "WINNT" -a "${OS_ARCH}" != "Android" ]; then
+        ulimit -c unlimited
+    fi
+
+    SCRIPTNAME=$0
+    INIT_SOURCED=TRUE   #whatever one does - NEVER export this one please
+fi
diff --git a/nss/tests/common/parsegtestreport.sed b/nss/tests/common/parsegtestreport.sed
new file mode 100644
index 0000000..d7c6dda
--- /dev/null
+++ b/nss/tests/common/parsegtestreport.sed
@@ -0,0 +1,8 @@
+/\<testcase/{
+  s/^.* name="\([^"]*\)" value_param="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\3 '\4: \1 \2'/
+  t end
+  s/^.* name="\([^"]*\)" status="\([^"]*\)" time="[^"]*" classname="\([^"]*\)".*$/\2 '\3: \1'/
+  t end
+}
+d
+: end
diff --git a/nss/tests/common/results_header.html b/nss/tests/common/results_header.html
new file mode 100644
index 0000000..c09685b
--- /dev/null
+++ b/nss/tests/common/results_header.html
@@ -0,0 +1,6 @@
+<HTML>
+<HEAD>
+<TITLE>Test Report for NSS</TITLE>
+</HEAD>
+<BODY BGCOLOR="#FFFFFF">
+<CENTER><H3>Test Report for NSS</H3></CENTER>
diff --git a/nss/tests/core_watch b/nss/tests/core_watch
new file mode 100755
index 0000000..a627983
--- /dev/null
+++ b/nss/tests/core_watch
@@ -0,0 +1,45 @@
+#############################################################
+# script to watch for cores during QA runs, so they won't overwrite one
+# another
+# Not activated for efficiency reasons, and problems on MKS, us
+# only when needed and remember to remove afterwards
+#############################################################
+
+#############################################################
+# to activate put the following into all.sh (after the HOSTDIR 
+# has been exported
+#############################################################
+# sh `dirname $0`/core_watch $HOSTDIR ${HOSTDIR} &    
+# CORE_WATCH_PID=$!
+# if [ -n "${KILLPIDS}" ]
+# then
+#     echo $CORE_WATCH_PID >>"${KILLPIDS}"            
+# fi
+#############################################################
+
+#############################################################
+# or put the following into nssqa to watch the whole RESULTDIR
+# start it shortly before run_all
+#
+# NOTE: the more efficient way is above, this is potentially going
+# thru 1000ds of files every 30 seconds
+#############################################################
+# sh `dirname $0`/core_watch $RESULTDIR &    
+# echo $! >>"${KILLPIDS}"        #so Exit() can hopefully kill the core_watch
+#############################################################
+
+# in both cases remember to kill the process when done, since 
+# the PIDs that end up in ${KILLPIDS} might not work for all OS
+# something like "kill_by_name core_watch
+
+echo $$ >>"${KILLPIDS}"     #so Exit() can hopefully kill this shell
+while [ 1 ]
+do
+    for w in `find $1 -name "core" -print`
+    do
+        echo "Found core $w"
+        mv $w $w.`date +%H%M%S`
+    done
+    sleep 30
+done
+
diff --git a/nss/tests/crmf/crmf.sh b/nss/tests/crmf/crmf.sh
new file mode 100644
index 0000000..6059c19
--- /dev/null
+++ b/nss/tests/crmf/crmf.sh
@@ -0,0 +1,89 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/crmf/crmf.sh
+#
+# Script to test NSS crmf library (a static library) 
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## smime_init ##############################
+# local shell function to initialize this script
+########################################################################
+crmf_init()
+{
+  SCRIPTNAME=crmf.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  html_head "CRMF/CMMF Tests"
+
+  # cmrf uses the S/MIME certs to test with
+  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
+  }
+
+  CRMFDIR=${HOSTDIR}/crmf
+  R_CRMFDIR=../crmf
+  mkdir -p ${CRMFDIR}
+  cd ${CRMFDIR}
+}
+
+############################## crmf_main ##############################
+# local shell function to test basic CRMF request and CMMF responses
+# from 1 --> 2"
+########################################################################
+crmf_main()
+{
+  echo "$SCRIPTNAME: CRMF/CMMF Tests ------------------------------"
+  echo "crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode"
+  ${BINDIR}/crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode
+  html_msg $? 0 "CRMF test" "."
+
+  echo "crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss cmmf"
+  ${BINDIR}/crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss cmmf 
+  html_msg $? 0 "CMMF test" "."
+
+# Add tests for key recovery and challange as crmftest's capabilities increase
+
+}
+  
+############################## crmf_cleanup ###########################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+crmf_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+crmf_init
+crmf_main
+crmf_cleanup
+
diff --git a/nss/tests/dbtests/dbtests.sh b/nss/tests/dbtests/dbtests.sh
new file mode 100755
index 0000000..7b1ee35
--- /dev/null
+++ b/nss/tests/dbtests/dbtests.sh
@@ -0,0 +1,262 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/dbtest/dbtest.sh
+#
+# Certificate generating and handeling for NSS QA, can be included 
+# multiple times from all.sh and the individual scripts
+#
+# needs to work on all Unix and Windows platforms
+#
+# included from (don't expect this to be up to date)
+# --------------------------------------------------
+#   all.sh
+#   ssl.sh
+#   smime.sh
+#   tools.sh
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+# FIXME - Netscape - NSS
+########################################################################
+
+############################## dbtest_init ###############################
+# local shell function to initialize this script
+########################################################################
+dbtest_init()
+{
+  SCRIPTNAME="dbtests.sh"
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+  if [ -z "${INIT_SOURCED}" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+
+  SCRIPTNAME="dbtests.sh"
+  RONLY_DIR=${HOSTDIR}/ronlydir
+  EMPTY_DIR=${HOSTDIR}/emptydir
+  CONFLICT_DIR=${HOSTDIR}/conflictdir
+
+  html_head "CERT and Key DB Tests"
+
+}
+
+############################## dbtest_cleanup ############################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+dbtest_cleanup()
+{
+  html "</TABLE><BR>" 
+  cd ${QADIR}
+  chmod a+rw $RONLY_DIR
+  . common/cleanup.sh
+}
+
+Echo()
+{
+    echo
+    echo "---------------------------------------------------------------"
+    echo "| $*"
+    echo "---------------------------------------------------------------"
+}
+dbtest_main()
+{
+    cd ${HOSTDIR}
+
+    
+    Echo "test opening the database read/write in a nonexisting directory"
+    ${BINDIR}/certutil -L -X -d ./non_existent_dir
+    ret=$?
+    if [ $ret -ne 255 ]; then
+      html_failed "Certutil succeeded in a nonexisting directory $ret"
+    else
+      html_passed "Certutil didn't work in a nonexisting dir $ret" 
+    fi
+    ${BINDIR}/dbtest -r -d ./non_existent_dir
+    ret=$?
+    if [ $ret -ne 46 ]; then
+      html_failed "Dbtest readonly succeeded in a nonexisting directory $ret"
+    else
+      html_passed "Dbtest readonly didn't work in a nonexisting dir $ret" 
+    fi
+
+    Echo "test force opening the database in a nonexisting directory"
+    ${BINDIR}/dbtest -f -d ./non_existent_dir
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Dbtest force failed in a nonexisting directory $ret"
+    else
+      html_passed "Dbtest force succeeded in a nonexisting dir $ret"
+    fi
+
+    Echo "test opening the database readonly in an empty directory"
+    mkdir $EMPTY_DIR
+    ${BINDIR}/tstclnt -h  ${HOST}  -d $EMPTY_DIR 
+    ret=$?
+    if [ $ret -ne 1 ]; then
+      html_failed "Tstclnt succeded in an empty directory $ret"
+    else
+      html_passed "Tstclnt didn't work in an empty dir $ret"
+    fi
+    ${BINDIR}/dbtest -r -d $EMPTY_DIR
+    ret=$?
+    if [ $ret -ne 46 ]; then
+      html_failed "Dbtest readonly succeeded in an empty directory $ret"
+    else
+      html_passed "Dbtest readonly didn't work in an empty dir $ret" 
+    fi
+    rm -rf $EMPTY_DIR/* 2>/dev/null
+    ${BINDIR}/dbtest -i -d $EMPTY_DIR
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Dbtest logout after empty DB Init loses key $ret"
+    else
+      html_passed "Dbtest logout after empty DB Init has key" 
+    fi
+    rm -rf $EMPTY_DIR/* 2>/dev/null
+    ${BINDIR}/dbtest -i -p pass -d $EMPTY_DIR
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Dbtest password DB Init loses needlogin state $ret"
+    else
+      html_passed "Dbtest password DB Init maintains needlogin state" 
+    fi
+    rm -rf $EMPTY_DIR/* 2>/dev/null
+    ${BINDIR}/certutil -D -n xxxx -d $EMPTY_DIR #created DB
+    ret=$?
+    if [ $ret -ne 255 ]; then 
+        html_failed "Certutil succeeded in deleting a cert in an empty directory $ret"
+    else
+        html_passed "Certutil didn't work in an empty dir $ret"
+    fi
+    rm -rf $EMPTY_DIR/* 2>/dev/null
+    Echo "test force opening the database  readonly in a empty directory"
+    ${BINDIR}/dbtest -r -f -d $EMPTY_DIR
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Dbtest force readonly failed in an empty directory $ret"
+    else
+      html_passed "Dbtest force readonly succeeded in an empty dir $ret"
+    fi
+
+    Echo "test opening the database r/w in a readonly directory"
+    mkdir $RONLY_DIR
+    cp -r ${CLIENTDIR}/* $RONLY_DIR
+    chmod -w $RONLY_DIR $RONLY_DIR/*
+
+    # On Mac OS X 10.1, if we do a "chmod -w" on files in an
+    # NFS-mounted directory, it takes several seconds for the
+    # first open to see the files are readonly, but subsequent
+    # opens immediately see the files are readonly.  As a
+    # workaround we open the files once first.  (Bug 185074)
+    if [ "${OS_ARCH}" = "Darwin" ]; then
+        cat $RONLY_DIR/* > /dev/null
+    fi
+
+    # skipping the next two tests when user is root,
+    # otherwise they would fail due to rooty powers
+    if [ $UID -ne 0 ]; then
+      ${BINDIR}/dbtest -d $RONLY_DIR
+    ret=$?
+    if [ $ret -ne 46 ]; then
+      html_failed "Dbtest r/w succeeded in a readonly directory $ret"
+    else
+      html_passed "Dbtest r/w didn't work in an readonly dir $ret" 
+    fi
+    else
+      html_passed "Skipping Dbtest r/w in a readonly dir because user is root"
+    fi
+    if [ $UID -ne 0 ]; then
+      ${BINDIR}/certutil -D -n "TestUser" -d .
+    ret=$?
+    if [ $ret -ne 255 ]; then
+      html_failed "Certutil succeeded in deleting a cert in a readonly directory $ret"
+    else
+      html_passed "Certutil didn't work in an readonly dir $ret"
+    fi
+    else
+        html_passed "Skipping Certutil delete cert in a readonly directory test because user is root" 
+    fi
+    
+    Echo "test opening the database ronly in a readonly directory"
+
+    ${BINDIR}/dbtest -d $RONLY_DIR -r
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Dbtest readonly failed in a readonly directory $ret"
+    else
+      html_passed "Dbtest readonly succeeded in a readonly dir $ret" 
+    fi
+
+    Echo "test force opening the database  r/w in a readonly directory"
+    ${BINDIR}/dbtest -d $RONLY_DIR -f
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Dbtest force failed in a readonly directory $ret"
+    else
+      html_passed "Dbtest force succeeded in a readonly dir $ret"
+    fi
+
+    Echo "ls -l $RONLY_DIR"
+    ls -ld $RONLY_DIR $RONLY_DIR/*
+
+    mkdir ${CONFLICT_DIR}
+    Echo "test creating a new cert with a conflicting nickname"
+    cd ${CONFLICT_DIR}
+    pwd
+    ${BINDIR}/certutil -N -d ${CONFLICT_DIR} -f ${R_PWFILE}
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Nicknane conflict test failed, couldn't create database $ret"
+    else 
+      ${BINDIR}/certutil -A -n alice -t ,, -i ${R_ALICEDIR}/Alice.cert -d ${CONFLICT_DIR}
+      ret=$?
+      if [ $ret -ne 0 ]; then
+        html_failed "Nicknane conflict test failed, couldn't import alice cert $ret"
+      else
+        ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
+        ret=$?
+        if [ $ret -eq 0 ]; then
+          html_failed "Nicknane conflict test failed, could import conflict nickname $ret"
+        else
+          html_passed "Nicknane conflict test, could not import conflict nickname $ret"
+        fi
+      fi
+    fi
+
+    Echo "test importing an old cert to a conflicting nickname"
+    # first, import the certificate
+    ${BINDIR}/certutil -A -n bob -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
+    # now import with a different nickname
+    ${BINDIR}/certutil -A -n alice -t ,, -i ${R_BOBDIR}/Bob.cert -d ${CONFLICT_DIR}
+    # the old one should still be there...
+    ${BINDIR}/certutil -L -n bob -d ${CONFLICT_DIR}
+    ret=$?
+    if [ $ret -ne 0 ]; then
+      html_failed "Nicknane conflict test-setting nickname conflict incorrectly worked"
+    else
+      html_passed "Nicknane conflict test-setting nickname conflict was correctly rejected"
+    fi
+
+}
+
+################## main #################################################
+
+dbtest_init 
+dbtest_main 2>&1
+dbtest_cleanup
diff --git a/nss/tests/dbupgrade/dbupgrade.sh b/nss/tests/dbupgrade/dbupgrade.sh
new file mode 100755
index 0000000..0302e61
--- /dev/null
+++ b/nss/tests/dbupgrade/dbupgrade.sh
@@ -0,0 +1,106 @@
+#!/bin/sh
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/dbupgrade/dbupgrade.sh
+#
+# Script to upgrade databases to Shared DB
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################ dbupgrade_init ############################
+# local shell function to initialize this script
+########################################################################
+dbupgrade_init()
+{
+	if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then 
+		cd ${QADIR}/common
+		. ./init.sh
+	fi
+	
+	if [ ! -r "${CERT_LOG_FILE}" ]; then  # we need certificates here
+		cd ${QADIR}/cert 
+		. ./cert.sh
+	fi
+
+	if [ ! -d ${HOSTDIR}/SDR ]; then  # we also need sdr as well
+		cd ${QADIR}/sdr
+		. ./sdr.sh
+	fi
+	
+	SCRIPTNAME=dbupgrade.sh
+	if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+		CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+	fi
+	
+	echo "$SCRIPTNAME: DB upgrade tests ==============================="
+}
+
+############################ dbupgrade_main ############################
+# local shell function to upgrade certificate databases
+########################################################################
+dbupgrade_main()
+{
+	# 'reset' the databases to initial values
+	echo "Reset databases to their initial values:"
+	cd ${HOSTDIR}
+	${BINDIR}/certutil -D -n objsigner -d alicedir 2>&1
+	${BINDIR}/certutil -M -n FIPS_PUB_140_Test_Certificate -t "C,C,C" -d fips -f ${FIPSPWFILE} 2>&1
+	${BINDIR}/certutil -L -d fips 2>&1
+	rm -f smime/alicehello.env
+	
+	# test upgrade to the new database
+	echo "nss" > ${PWFILE}
+	html_head "Legacy to shared Library update"
+	dirs="alicedir bobdir CA cert_extensions client clientCA dave eccurves eve ext_client ext_server SDR server serverCA ssl_gtests stapling tools/copydir"
+	for i in $dirs
+	do
+		echo $i
+		if [ -d $i ]; then
+			echo "upgrading db $i"
+			${BINDIR}/certutil -G -g 512 -d sql:$i -f ${PWFILE} -z ${NOISE_FILE} 2>&1
+			html_msg $? 0 "Upgrading $i"
+		else
+			echo "skipping db $i"
+			html_msg 0 0 "No directory $i"
+		fi
+	done
+	
+	if [ -d fips ]; then
+		echo "upgrading db fips"
+		${BINDIR}/certutil -S -g 1024 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2>&1
+		html_msg $? 0 "Upgrading fips"
+		# remove our temp certificate we created in the fist token
+		${BINDIR}/certutil -F -n tmprsa -d sql:fips -f ${FIPSPWFILE} 2>&1
+		${BINDIR}/certutil -L -d sql:fips 2>&1
+	fi
+	
+	html "</TABLE><BR>"
+}
+
+########################## dbupgrade_cleanup ###########################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+dbupgrade_cleanup()
+{
+	cd ${QADIR}
+	. common/cleanup.sh
+}
+
+################################# main #################################
+
+dbupgrade_init
+dbupgrade_main
+dbupgrade_cleanup
diff --git a/nss/tests/dll_version.sh b/nss/tests/dll_version.sh
new file mode 100755
index 0000000..79a1285
--- /dev/null
+++ b/nss/tests/dll_version.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+
+# version controll for DLLs
+# ToDo: make version parameter or find version from first occurance of 3.x
+# make the 3 a variable..., include the header
+
+#OS=`uname -s`
+#DSO_SUFFIX=so
+#if [ "$OS" = "HP-UX" ]; then
+    #DSO_SUFFIX=sl
+#fi
+#what libnss3.$DSO_SUFFIX | grep NSS
+#what libsmime3.$DSO_SUFFIX | grep NSS
+#what libssl3.$DSO_SUFFIX | grep NSS
+#ident libnss3.$DSO_SUFFIX | grep NSS
+#ident libsmime3.$DSO_SUFFIX | grep NSS
+#ident libssl3.$DSO_SUFFIX | grep NSS
+
+for w in `find . -name "libnss3.s[ol]" ; find . -name "libsmime3.s[ol]"; find .  -name "libssl3.s[ol]"`
+do
+        NOWHAT=FALSE
+        NOIDENT=FALSE
+        echo $w
+        what $w | grep NSS || NOWHAT=TRUE
+        ident $w | grep NSS || NOIDENT=TRUE
+        if [ $NOWHAT = TRUE ]
+        then
+                echo "ERROR what $w does not contain NSS"
+        fi
+        if [ $NOIDENT = TRUE ]
+        then
+                echo "ERROR ident $w does not contain NSS"
+        fi
+done
+#for w in `find . -name "libnss3.s[ol]" ; find . -name "libsmime3.s[ol]"; find .
+#-name "libssl3.s[ol]"`
+#do
+        #NOWHAT=FALSE
+        #NOIDENT=FALSE
+        #echo $w
+        #what $w | grep NSS || NOWHAT=TRUE
+        #ident $w | grep NSS || NOIDENT=TRUE
+        #if [ $NOWHAT = TRUE -a $NOIDENT = TRUE ]
+        #then
+                #echo "WARNING what and ident $w does not contain NSS"
+                #strings $w  | grep NSS | grep '3.2' || echo "ERROR strings does
+#not either..."
+        #fi
+#done
+
diff --git a/nss/tests/doc/clean.gif b/nss/tests/doc/clean.gif
new file mode 100644
index 0000000000000000000000000000000000000000..08781cb2b6b4b57f43c10c4679e7206646e45019
GIT binary patch
literal 5503
zcmW-lc|6mP<Hz6c-5X=(Xs((ocTLG%4LNf3kzAjMkrYMikfYITjyW4r%F*1*(Ps%s
zVs24cpUQnKXDE@1a(zF)-yhHaUVpuw|GXYAo8#6-hQ3}v4Dbs8Mn;ylvaNox3@cr=
z+S(>(XIFo%{@mfZZPi@-GCRAy(l`F(&Ul!0L&JDa_t@u%Lw$Wa+pjNHRxYeA&VP+P
zw2^7@>(`%+pTE|UEjI<Jb77k6@2htT9ky~#opvkOTH9C{dB5}JNp+C@$aRCEK#ifm
zgF{2xJAbBrvNXE?)_sy){PWw&&ePLhV~_pJIq!W$mqdEdb-`f#n&#TZ7W=l~@#6tO
zM#xvD)=<Jp;l#J?sq`*?jTM^Ve1zim#?P5c2CqX+msZ!7zU~a1lUqx5E_m>EYHDYv
z+IHop`tlvCg#?$*h7Ms@-FAuDr%M`j%qtU2gB6Ct;@oOi*T&r4zuW$npPKsio2~m^
z@O^D#E!l#&eA_rQl>g?cc3o-HeEZ$8LfY)&3iE2h*J4Uv-&{pO=g!W~_tm9um8TXL
z*S>vQ+u7L3&!5`Z*xC4h78k#7{Fm7I^X=QppPh}xZ)=O+R=+JS_r3kq-27{9ac6>K
z|E1M^rTX|W^K1YBbp8YQKNkRUn;yVm#>T}buo9D!Q&Q7zr(IQ&K!Om6qC7h%H!nrq
zgytwEt}8BXM!@7(R^7g;p6MuEB1JHh($)2Od>hxyZ^7-gwg`TFL>(hbvytjMuG?2~
zT=r#Z>(FppWLKKH5MyE^4I$M1TP)t^ATy9OvNF7PED^JYQL+K+q!b$t=$mPrWVA5h
zz_?OI7d1!XGULuzPJ7v?+U`;qSN=*l96W%*9#Sy=izRzb>HE3Q%t^brd(x+ug`fOk
zOo=nQb$$~vaIYQ?wU*@GDV~y1F0+#e)bne<4TqsT<~32=k3M+mT;K`Va@X_G>)Jt{
zc?*Il%CRm9nk{!t+*ZP+{KhL=0`>|pRde!PoivFcG`C<uMx$QxIP8vmuL=-<4dq2H
z;C!N|60{2Owu4WX`#eyv8kQar&ep5f2W0ss9Z*>#zwmdW)lcWr)p3Gyh=1)}sZ_lS
z?+%dLnV?=qU)pKY>EH+nDUz{-uRTUr%bQE!%ph+|L8+_=UrT$@90N{0Rp9k$H8?z+
zSYNG^*i0}Yu&G-raqq{~Qh1hlQQ(~gMx<u#?ag7~6{wt|&OtQ1GK<)zxs@eo71J!H
z#~=v63Je;k8IENRtF}Opzje-{_ld)JR%p#lI!qk$+ND)o&#WL8kCx*PF*GntYy7_H
zZOImF5}XgU(V@-x8cQvc&x$Gw$#DTW&)xk=4jy<5q#W)Yh_F>HfQk^V3w<zPqbfAD
zLyvtwKrH;X8cE^~#}Y0#ZS+3ppsYS$6C!#C5_pW)Vhw#T|6Co0a`>){KKf%|7}b_#
zEf81xlJKzTlC3~3J=1~&LJCnF-&D~L9;Xu&4Xj$BD(!qaw%7!7a{r_4LNZcEL9ZuB
zRCpCi6=##@#AY}7fY^m&<Z>9U{+b`pgGg<ECca5GN9XtOq1*y7K7e`L$w$h6Gr^=B
z=OZ?HX^z71SK{J2R;_VdVh<Eex1v-v@;|>5*>!2qzEj52!$r*Tz_wR*Ab-zYqQyUH
zej+InkNLy{*p?g1ctlcQu{j35MOA`}s+!O-3ij+SsTTU{q;9jDn<ehj9vKH3O!HgG
zqPo0Ut2cO|LP~4?^6P`UZbr9&Qv2gQ?L<^ZwHCxqvv~TCP7PLKKjhlJd5ZK2;4=`q
z`sq_p0@13atTM}hEb;O{@z=dUt6yx=Wsk8hq)1cPZ}r7-UDYUB*r=0w%s;7xVzMX>
zD1M;vx_hqsrIuk_{ZiCd+aE`qe}53|x3cFHn_1db>U|NmYibH~e%m%5sE+LGyZ^}&
z#aOub)>!<4u>I>_ZY_&TD(2r!`<}hiw!s^^9B)xeRL3l!wo6GQKoU!yV82ZbCmj}5
z-8trfi(e<hwML3k4!~7lgAlx_1I1cw_M+`Kse-0?G?QS#qr+n<3?I&ZF-A71G)V%r
zE~uU>oNpDgdjgnO@_`^WxouSa<@}-7uv^+Nn1qtK^a-KJSt=;ar7*GUf8k`ZnX-F{
zst`aev?(VaiLgbjw-m$$cofJx+oDWV^~A0i#Vf!*Ar2DAF%~4cyeK6BGA&HDCNa<s
zbhxisAw6pqP%gX>FI!_CW6UPv-;fft1AKAX4##9>Ib@MsUsABZPo~<*O8SAhI1VUO
z?&g^sQuZSS&>za_;NnRNmI(|JnJ~J2vdcob6`SY60j-aBOOL)wOd={PYt1Dbt0}-9
zq!!7KP!fm^Gh#Ayf8y;Y9kARMU>Bi;G{?8G*mv>{6ILp_l+E%e-$#uLpV1z}!O(K_
zv=C~Ws1z4r`eEh4^%}nXv+k~wvjTwkp%7jkZe^GYCcM5BAYD7e;@{_{cF{{rr8HPN
ztoM*{)x8Q7;{-#DpV&o`#-4dX-&rkzd|XPK8CtK)V48?ccFIwCNI-_!9%L}VGW}~8
zVotW2=Zb_PHQw;z52gGox>;PPHzoU*);<Q{;S@W3mC6c_Yy+}&VvQyUu&~!ao(%mV
z*blsqYVb{pClnKNySH7k4?tirwuN$W-AT)O@NPhOiR|0u6G<TlD??tZnp6xS6usXi
z_3AU#uV@UY_J5R+VPRCUO0~K8N%vsR9RA7g0Uic&_h?j!V!u;Y=y*E&p+ljTw8SGz
z)DmuJQ`>(Gd~5mR1U8uPdiNMGB*KFOCqHTWSarss-nL+jZ2<)#aikEVoRm^EuiPHt
za&R=Jri)Ujt>jDZkzt(2l9+M;&}?=hON?AnC{G5^=&S!iUVjKyp6y|YU$Cw>Yh$qS
zEAb*U-sAUi?MJ#AAWKU(B==CsF7f)P{5KTaBcx<893KLs`9ihn^ZUa-CuW2|qS@<!
zY+**(_EeH6%=N?mSq%yOE);<DSzj<U9bpNr*Cad@+C`dq0O?LR=urQO$dk(&Pkb$I
zR$`A@@Z;Ih-a04}+7KpkAH)(4wcpm@$~MvIPz5>^_o4->Pm0z0B1EG}Oa(WNYzp4O
ze>bab*LMlX>xjjDNvFKhy7)eOh}n_~0qqJ`+aM~}_^s79Q$=l^;y^kP^<d><l&>%b
zJ#C4k_nX5!NS{@tD$t&v0c5usLi)1uo8$}7boURjdmD|f%sF*I^^Ka~tJ6KSaq>OA
zd!V`e7nIE`8J{6272`#M;0@TZ*b0`b5&&NA<f9t;Ym@RUpw|{!0X)Uae47%{8E0y7
zFpVFxaTuy&^x#!06+qy!-6WhEtL{WmLGIo{?QuH>B8<Fbyi?)lIL|;>aqb&8c?jY|
z7=j<6Y4%<gH-;-RB;#>Vc^wL5S2$BiiU-IGIdC-rfEQZNN-7j;>(sa4;;BnXE5oCz
zPGMK4?dcHuFjS&Dw9xh)qf4hFdaa3waf>c0ef|8EEBBgcgA+U{%n>>yLT{Y9&IJ7V
z$k;(LG6cuo{R2STBI_iz>KgZ4FMyq4wVXf+C}&si!$Ec@xnGG6czt>kHc!so$EvpX
zzl|*85_miCFUF?ey!jOQ*5xzPP|hU~1H|CtDL<Mfwt@NM$QvVh!b*HQAle~wp8#=^
z%E@IwG`M`}QJr66F3RY%2#2BGeSnn4{R46WvbYAZ2vDFeahrdF83HIiHu_bRkMRo_
z&p#$Mdj5Csp2<@$&WqQZtVwly!>7k*p_MGCf>Cwh(F8DYtOU}xjzK6$0@Hi=-*q%b
zt1@{%1Z#@u!z>G_5Mc&p!b-)~<LYou^~PU0V6QH{HNvR%@wEK?<`9GGblpDiiTlJ4
zn_tFRbGI~3fydc29U(-|UC-7q+FJdlJ1#<+;vZ~q!vRmL_Y03P2X4+Hb*cJ}D?sEG
z|IUGcj<Q=CwhSF7TDN;drNNDlWw*d>@;)2&Xj@|R<N)4X5OL)hqr>m)ehCw<6NF3(
zz33ZCBEv*+L@tMrbuUPhdrKQ1*S!naE2)Q53ETV`0Kr|G-W8*PgQthV3sz}6HZ*Ml
z{R%{H{j8){YmDtWOjjVU!p2bgX(?g5x(9Ckd6uxVM*DTcOp$s~+6V$AK|IM|Mj2BV
zl>GQCp?i)Q+zEdFg?}fIGFpzmiGW5^_2*7reSa^|$WJ7x|JEz_B==>Sv_aI`95YJ*
zLU~X#oF2|Le%}f${d1CPH<;!Ddh&yQpN(BoKjg<&c;&aZ^Il3+Htkne3Q(U?HsBLn
zdclYUkO4hh8*Ao#)ONo+<G{Lc=KyG5AoBcseEH94XDF<55ORzf)oBy<s57PiJVV_!
zMw>-@2N;k6_$306Y8!v0HFY&Ro{|7a&;d8D(VoG}m)8x0rjW0E{~MIB(D$HBL{ySn
zk`y5>V?7|z9Bk8rNCA2Wlq2d0vH4TRsO(!u*8`^NW1++pDl67Z1)|K+ZlLT9wS*lL
z&<OMhjqr45kC=CK2$`&)$G@%eJ9&^0k#BQzNCof|T)TbYmh~)T(iUd793yu&jZ<o1
z7)X>3Og|hUawaV4!97?~e0qwyB!mR)rz>n2$vUxNgD7~oCe(=twKK??p+co`5!sYD
zMf!G@$E!@6RoLZq?W|KNM#o_uf$8-Yu-h8?4T8P<eycRFA^XV+WC46b1DdFzlBAI(
zac!6B+AUnBMxvjj@a*1wxEvd(X3Zx`Os0bEsjK!N%#;H&`X#My0}Fb@uE#_3@X6tc
z5vq@_WeF2T*NxwXALy7@Y?_DIb%%KQoy*~#e5C|2R3e%J@Y@9<$4O}o6bu1G81UpO
zpFlT0C%<LU?z-KlB+xvmW}cjcD}I=xWRmK46*XdJ#m8)6x?u!UO^=giWDc>T_z`gz
z8C1}L0_B5-M)Zh^fQUyj%<{V|0-M!Gk_`VX_uDeW6n8Du4R+bqM_<-x_qGu97Q)Yw
ziu5oLA_+uOPVZU<_fQa!1e6g5;Sh5#+!%7~LGIlFP>O!flYH;L{;hB&CwufREyoW(
z&#TBpx->wvmqBg5i|KID(H@i}0HKf&Mr4r84mm@YR7UF^r}#OL5iY08T$9xA)*iu;
zOTu`N%fhk%DhSRM<?#@ENZ`31m;<E<aQB`)1kRi-Q)pAGC@#YhEs7a%u)jp7wn#?}
z<@yn&tA@JlRIYmnggisE)IcPOj}%ov9tHrYY0y8Wt2hcmP!#hAEW(uE#+8@!I2*PX
zc|8CeGLgf$V~Ap`No4TzATCF)oXvNMkF@k^fNbvq$i<Ax6;5ScPo*2|M1Fb2zdh)S
z%ZP2}V>AiWro&%O>W>JkDxPBZN;uqauNZK9+#H11BZPuCKr{eZ!~jt$;@?jjukeeW
zH&kpsDF5>ZwTFCWArgt^!<?OXV-2Wi%A;W+*5nUp`rx0Y29&E+)gG#&n$;7C2&C*R
zFPRTl$iW7%i)JE&&C1IgG3AE#r~*v2gcc7?0V;c{LDi?o3Imr+>|Vj&-jPU)4QEDA
zg<)^erW}`{#U1D=c^+9^nZ!l2f$W8Y=ij6Bc}M&<L?U@EW~QikEnbJ*ITjl*!&JAx
zPIN>fjWBh^c=5f<sB;%BS}EJ$K<7WYR#glVcukudPvP#OB3rK4?mvh4+p{v;#KNu@
z?ZtaiF@^LJ>fwC3ah|oNA4-fX{!w47DY{d;`+60^sT4*wXkEr#I*BSh$Gz6;($G^P
zLw%9x`AnONB%0cJ^txEwtn#+IbW+de=|z<HuybR>i^ksaS=Gkoo5-lsl@$+apZ7dA
z9d`Cw2&}1Vd??3lb*YcSR2PpFdH;E_82M70_ju3sDoH2j4~I}Ko<O8pQ!=@h(*O~V
z1X&md1o?@NJP+>0=U;!!z}5V$cxoXp9a-9(LaZ^x1jgbhbr-GbJYDTeDt;wbc~E2V
zjm^&^LGha{n_7>jwzW|W3oZNNs)BIRy9Y!9arOqZHUm*WhTdj$2?Y3UW+`xTN}DmS
z%~HYsD6Rd;v5G{Ft6?o_tpj!NJ_;`Mj&ll4<hdtt8sl*tiOZl28^P?Yi{-~`in!<h
za6A0MYQJkodVEI$N&1C!lg_5wUyZeEJ<Xf20?kSXy%N-`64cc%cE(Ot>WzpXr{=++
zYR*LjOo(8;;Pst$mEpK5%sLO;@bU6OoybMi{Eqkf7kDVz^FXPmcr(6;)>BIBDaq~O
zi~>{#lzS2i?i6~sr=%h1v_H;ce`Bq8Lpe-P)}hU9Z7)X)frLoMdhHq}8R0-f#n4cF
zmr&dOq_+DXoI@zwU>*V{Kpe(6I4_p8*aMk2YeP5qrc$--a^-=f4i>39p4`PG1DgJ=
zMGK8EPK8Bpg~LqQW&WGN&E6Jm{<zxn*6G?<wtI>Yv8LK50Rx)<E#i3Ai#fSg_Ee0E
z7Emv6eag!rW_B+Wnoo;7OK|N@!M%y)7bYxs=_ph=9D;fPRaL!pd51EMZoU<Y0v#i@
zm0B(`UMQ_#*W~3k7PU{t36OZfU(v2f+2~$Lezr%dwA2+iF;a`>m&6G>k|-eNs!P<5
zkCZWhqH7m*-71KUIGfk+m)HNOf*iQau@L#_F4Z51?MFC4<A{VH-oW|1ZAA3eK#%~4
z+8PK1kg<6PXCgddYalUiFi-%n#s)KV;czG5PVf+%0?&Fml&cHJQipOChx5;%{N4<d
zIu7bJ4kUjaNP9ELQ5=RZ4+ipv+?+=0&WvPZJ$-6M8uOrV0pP7#(Rz3kSRN_HT2x>M
z87;$^QA0_ogS<0Cbz6hZoRODrMzXf7+7FL5VMj+CM>`!+SPJl}YV`crXyTcnzOCWh
z!($JF#|E~nhPK99$Hw5~iB`pNCTV=;>%b$$q0E;<i;82<z79F#CSD$%SP!09*RA-Y
zi`pEU*clu3B?>DYg>}I~RN7d}OJQ@=1U3Y&5sZ-V9+zC(EtC-(<DC&ceEI1`mGH;d
zn43Td5GT9FCIYFGsk+0_sh?!WC-*IlD5gy`AD&V=GO3n7YLY*mH#SueHBwvk$y{ve
z$C+vUkf}+>aeUKg#+gr!M@Ie<n{i&6blDzri=H;jA5ByoJn?qgr)knpY})_G^bg%h
z>$C}vris%{gQ<#xLByeVFQ>j@XN*a+^4_x}!E^3u(@e*~jJ#p`?$39yGqE9`QE8vs
zt3F@IpDC}J?!^i}M}2yiH{?bU-tiuJQ8je`@XYv_Q2fMXsp4X(?%<QA;i{LzPtOgq
g^A@AA$jq;c&cK(?UkBNTzoh0N!h;e2-F&A11I^{hX8-^I

literal 0
HcmV?d00001

diff --git a/nss/tests/doc/nssqa.txt b/nss/tests/doc/nssqa.txt
new file mode 100755
index 0000000..34fa095
--- /dev/null
+++ b/nss/tests/doc/nssqa.txt
@@ -0,0 +1,108 @@
+The new QA wrapper consistst mainly of 2 scripts, nssqa and qa_stat, both 
+include a common header (header) and a common environment (set_environment). 
+Also used is mksymlinks and path_uniq.
+
+The scripts that are used on a daily basis are located in /u/sonmi/bin. 
+
+Parameters and Options are the same for both scripts.
+
+Parameters
+----------
+	nssversion (supported: 30b, 31, tip)
+	builddate (default - today, format mmdd)
+
+Options
+-------
+	-y answer all questions with y - use at your own risk... ignores warnings 
+	-s silent (only usefull with -y)
+	-h, -? -help you guessed right - displays the usage
+	-d debug 
+	-f <filename> - write the (error)output to filename
+	-m <mailinglist> - send filename to mailinglist (csl) only useful
+		with -f on nssqa
+	-l <mozroot> run on a local build - does not work at this time
+	-cron equivalient to -y -s -d -f $RESULTDIR/$HOST.<scriptname>
+
+nssqa and qa_stat are Beta at the most
+--------------------------
+Please be aware that 
+
+-) machinenames are still hardcoded --FIXED
+-) other very iPlanet specific environments and features are being used.
+
+-d Debug option will be removed from cron in a few weeks - or maybe not
+-l QA on local build is not fully implemented yet
+
+Please do not use on Windows 95 and 98, ME platforms yet. 
+
+use -d if script behaves strange or exits unexpectedly
+
+How to use QA
+-------------
+To test a build, first run nssqa on the required QA platforms (some 
+buildplatforms require QA to be run on additional platforms - for 
+example Solaris 2.6 has to be tested on 2.8 32 and 64bit) If QA has 
+been run on multiple or all required platforms it makes sense to run 
+qa_stat on the output of nssqa as well.
+Before used on a new system (even if the same platform has been 
+tested before) please use completely interactive, to see what the 
+variables are being initialized to, and read the warnings. Same is 
+true if being run from a different user account than svbld.
+
+In any case, if you are using it, please let me know the results.
+
+Pseudocode Description of nssqa:
+--------------------------------
+not quite up to date
+
+	header:init (global)
+		set flags and variables to default values
+		signal trap (for interupts and kills)
+		set HOST and DOMSUF variables if running from cron
+		parse parameters and options
+		determine os and set up the environment (espec. PATH)
+		set the directories to run in (influenced by parameters and -l option)
+		set and initialize the tmp / debugging / output files
+
+	nssqa:init (local)
+		locking: if nssqa is already running on this systems (yes-exit, 
+			no-lockfile)
+		set HOST and DOMSUF variables if running interavtively
+		set flag to kill remaining selfserv processes during cleanup
+		if QA platform different from build platform create neccessary 
+			symbolic links
+		wait for the build to finish (max of 5h)
+
+	main:
+		repeated per test (optimized, debug, 32, 64 bit)
+			set flags for this run of all.sh (optimized, debug, 32, 64 bit)
+			set the DIST directory (where the binaries reside)
+			kill running selfservers (sorry - just don't use the svbld 
+				account if you need to do your own testing... I will fix 
+				selfserv as soon as I can - but it hangs too often and 
+				disturbs all following QA)
+			run all.sh 
+		
+	header:exit (global)
+		remove temporary files
+		kill remaining selfservers
+		send email to the list
+		
+		
+	errorhandling
+		Option / Parameter errors: Exit with usage information
+
+		Severe errors: Exit wit errormessage 
+			example: directory in which all.sh resides does not exist
+				can't create files or directories
+				build not done after 5 hours
+				is already running
+				
+		Other errors: User is prompted with the "errormessage - continue (y/n)?"
+			example: local DIST dir does not exist (continues with next all.sh)
+				outputdirectory does not exist (user can specify other)
+
+		Signals 2, 3, 15 are treated as severe errors
+		
+	
+
diff --git a/nss/tests/doc/platform_specific_problems b/nss/tests/doc/platform_specific_problems
new file mode 100644
index 0000000..92a22ca
--- /dev/null
+++ b/nss/tests/doc/platform_specific_problems
@@ -0,0 +1,110 @@
+I will, eventually convert all files here to html - just right now I have no
+time to do it. Anyone who'd like to - please feel free, mail me the file and 
+I will check it in 
+sonmi@netscape.com
+
+
+The NSS 3.1 SSL Stress Tests fail for me on FreeBSD 3.5.  The end of the output
+of './ssl.sh stress' looks like this:
+
+********************* Stress Test  ****************************
+********************* Stress SSL2 RC4 128 with MD5 ****************************
+selfserv -p 8443 -d
+/local/llennox/NSS-PSM/mozilla/tests_results/security/conrail.20/server -n
+conrail.cs.columbia.edu -w nss   -i /tmp/tests_pid.5505  & strsclnt -p 8443 -d . -w nss -c 1000 -C A  conrail.cs.columbia.edu 
+strsclnt: -- SSL: Server Certificate Validated.
+strsclnt: PR_NewTCPSocket returned error -5974:
+Insufficient system resources.
+Terminated 
+********************* Stress SSL3 RC4 128 with MD5 ****************************
+selfserv -p 8443 -d
+/local/llennox/NSS-PSM/mozilla/tests_results/security/conrail.20/server -n
+conrail.cs.columbia.edu -w nss   -i /tmp/tests_pid.5505  & strsclnt -p 8443 -d . -w nss -c 1000 -C c  conrail.cs.columbia.edu 
+strsclnt: -- SSL: Server Certificate Validated.
+strsclnt: PR_NewTCPSocket returned error -5974:
+Insufficient system resources.
+Terminated 
+
+Running ktrace on the process (ktrace is a system-call tracer, the equivalent of
+Linux's strace) reveals that socket() failed with ENOBUFS after it was called
+for the 953rd time for the first test, and it failed after the 27th time it was
+called for the second test.
+
+The failure is consistent, both for debug and optimized builds; I haven't tested
+to see whether the count of socket() failures is consistent.
+
+All the other NSS tests pass successfully.
+
+
+------- Additional Comments From Nelson Bolyard 2000-11-01 23:08 -------
+
+I see no indication of any error on NSS's part from this description.
+It sounds like an OS kernel configuration problem on the 
+submittor's system.  The stress test is just that.  It stresses
+the server by pounding it with SSL connections.  Apparently this 
+test exhausts some kernel resource on the submittor's system.
+
+The only change to NSS that might be beneficial to this test 
+would be to respond to this error by waiting and trying again
+for some limited number of times, rather than immediately 
+treating it as a fatal error.  
+
+However, while such a change might make the test appear to pass,
+it would merely be hiding a very serious problem, namely,
+chronic system resource exhaustion.
+
+So, I suggest that, in this case, the failure serves the useful
+purpose of revealing the system problem, which needs to be 
+cured apart from any changes to NSS.
+
+I'll leave this bug open for a few more days, to give others
+a chance to persuade me that some NSS change would and should
+solve this problem.  
+
+
+------- Additional Comments From Jonathan Lennox 2000-11-02 13:13 -------
+
+Okay, some more investigation leads me to agree with you.  What's happening is
+that the TCP connections from the stress test stick around in TIME_WAIT for two
+minutes; my kernel is only configured to support 1064 simultaneous open sockets,
+which isn't enough for the 2K sockets opened by the stress test plus the 100 or
+so normally in use on my system.
+
+So I'd just suggest adding a note to the NSS test webpage to the effect of "The
+SSL stress test opens 2,048 TCP connections in quick succession.  Kernel data
+structures may remain allocated for these connections for up to two minutes. 
+Some systems may not be configured to allow this many simulatenous connections
+by default; if the stress tests fail, try increasing the number of simultaneous
+sockets supported."
+
+On FreeBSD, you can display the number of simultaneous sockets with the command
+	sysctl kern.ipc.maxsockets
+which on my system returns 1064.
+
+It looks like this can be fixed with the kernel config option
+	options NMBCLUSTERS=[something-large]
+or by increasing the 'maxusers' parameter.
+
+It looks like more recent FreeBSD implementations still have this limitation,
+and the same solutions apply, plus you can alternatively specify the maxsockets
+parameter in the boot loader.
+
+
+---------------------------------
+
+hpux HP-UX hp64 B.11.00 A 9000/800 2014971275 two-user license
+
+we had to change following kernelparameters to make our tests pass
+
+1. maxfiles.  old value = 60.  new value = 100.
+2. nkthread.  old value = 499.  new value = 1328.
+3. max_thread_proc.  old value = 64.  new value = 512.
+4. maxusers.  old value = 32.  new value = 64.
+5. maxuprc.  old value = 75.  new value = 512.
+6. nproc.  old formula = 20+8*MAXUSERS, which evaluated to 276.
+   new value (note: not a formula) = 750.
+
+A few other kernel parameters were also changed automatically
+as a result of the above changes.
+
+
diff --git a/nss/tests/doc/qa_wrapper.html b/nss/tests/doc/qa_wrapper.html
new file mode 100755
index 0000000..755cca2
--- /dev/null
+++ b/nss/tests/doc/qa_wrapper.html
@@ -0,0 +1,269 @@
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.7 [en] (X11; U; SunOS 5.8 sun4u) [Netscape]">
+</head>
+<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B" alink="#FF0000">
+
+<h3>
+<b><font face="Times New Roman,Times">Author Sonja Mirtitsch</font></b></h3>
+
+<h3>
+<b><font face="Times New Roman,Times">Last updated: 4/4/2001</font></b></h3>
+
+<h1>
+<b><font face="Times New Roman,Times">NSS 3.2.QA Wrapper</font></b></h1>
+
+<p><br>The QA&nbsp; wrapper tests the nightly builds of NSS. The actual
+tests are being run are called from the QA script all.sh. I will add documentation
+for the actual QA soon. The main purpose of the wrapper is: find out which
+build (NSS version, date, Build Platform) to test on which machine (OS,
+OS version) and construct a summary report, which is then mailed to the
+nss developers (aka mailing list nss-qa-report@netscape.com). Please see
+also the <a href="#advertisement">feature</a> section.
+<p><a href="#nssqa">nssqa</a>&nbsp; - the script that calls the actual
+qa script all.sh
+<br><a href="#qa_stat">qa_stat</a> - sends out status reports
+<br><a href="#qaclean">qaclean</a>&nbsp; - if everything else fails
+<p>Sample <a href="/u/sonmi/doc/publish/glob_result.html">global result</a>,
+<a href="/u/sonmi/doc/publish/results.html">individual result </a>and <a href="/u/sonmi/doc/publish/output.log">log
+files</a>
+<p>The QA wrapper consistst mainly of scripts, most located in security/nss/tests
+and subdirectories, but run from /u/sonmi/bin
+<p>nssqa and qa_stat, the main scripts both include a common header (<a href="../header">header</a>)
+and a common environment (<a href="../set_environment">set_environment</a>).
+<br>Also used is <a href="../mksymlinks">mksymlinks</a> and <a href="../path_uniq">path_uniq</a>
+and <a href="#qaclean">qaclean</a>.
+<p>The scripts that are used on a daily basis are located in /u/sonmi/bin
+and checked into security/nss/tests
+<p>Parameters and Options are the same for most scripts.
+<p><a NAME="Parameters"></a><b><u><font size=+1>Parameters</font></u></b>
+<br>&nbsp;&nbsp;&nbsp; nssversion (supported: 30b, 31, tip, default tip)
+<br>&nbsp;&nbsp;&nbsp; builddate (default - today, format mmdd)
+<p><a NAME="Options"></a><b><u><font size=+1>Options</font></u></b>
+<br>&nbsp;&nbsp;&nbsp; -y answer all questions with y - use at your own
+risk... ignores warnings
+<br>&nbsp;&nbsp;&nbsp; -s silent (only usefull with -y)
+<br>&nbsp;&nbsp;&nbsp; -h, -? -help you guessed right - displays the usage
+<br>&nbsp;&nbsp;&nbsp; -d debug
+<br>&nbsp;&nbsp;&nbsp; -f &lt;filename> - write the (error)output to filename
+<br>&nbsp;&nbsp;&nbsp; -fcron writes resultfile in the same location as
+would the -cron
+<br>&nbsp;&nbsp;&nbsp; -m &lt;mailinglist> - send filename to mailinglist
+(csl) only useful
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; with -f on nssqa
+<br>&nbsp;&nbsp;&nbsp; -l &lt;mozroot> run on a local build - does not
+work at this time
+<br>&nbsp;&nbsp;&nbsp; -cron equivalient to -y -s -d -f $RESULTDIR/$HOST.&lt;scriptname>
+<br>&nbsp;
+<p>Please be aware that some iPlanet specific environments and features
+are being used.
+<p>-d Debug option might be removed from cron in a few weeks - or maybe
+not
+<br>-l QA on local build is not fully implemented yet - will not be implemented,
+all.sh can be called directly instead
+<p>Please do not use on Windows 95 and 98, ME platforms yet.
+<p>use -d if script behaves strange or exits unexpectedly
+<p><b><font size=+1>How to use the QA-wrapper</font></b>
+<br>To test a build, first run nssqa on the required QA platforms (some
+buildplatforms require QA to be run on additional platforms - for example
+Solaris 2.6 has to be tested on 2.8 32 and 64bit) If QA has been run on
+multiple or all required platforms it makes sense to run qa_stat on the
+output of nssqa as well.
+<br>Before used on a new system (even if the same platform has been tested
+before) please use completely interactive, to see what the variables are
+being initialized to, and read the warnings. Same is true if being run
+from a different user account than svbld.
+<p>In any case, if you are using it, please let me know the results.
+<p><a NAME="nssqa"></a><b><u><font size=+1>nssqa:</font></u></b>
+<p>the script that calls the actual qa script all.sh
+<p>nssqa <a href="#Parameters">parameters</a> and&nbsp; <a href="#Options">options</a>
+<p><a href="../nssqa">view the script</a>
+<p><b><u><font size=+1>Pseudocode Description of nssqa</font></u></b>
+<br>not quite up to date
+<p>&nbsp;&nbsp;&nbsp; header:init (global)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set flags and variables
+to default values
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; signal trap (for interupts
+and kills)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set HOST and DOMSUF variables
+if running from cron
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; parse parameters and options
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; determine os and set up
+the environment (espec. PATH)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set the directories to run
+in (influenced by parameters and -l option)<br>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set the directories for backward
+compatibility testing
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set and initialize the tmp
+/ debugging / output files
+<p>&nbsp;&nbsp;&nbsp; nssqa:init (local)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; locking: if nssqa is already
+running on this systems (yes-exit,
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+no-lockfile)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set HOST and DOMSUF variables
+if running interavtively
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; set flag to kill remaining
+selfserv processes during cleanup
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if QA platform different
+from build platform create neccessary
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+symbolic links
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; wait for the build to finish
+(max of 5h)
+<p>&nbsp;&nbsp;&nbsp; main:
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; repeated per test (optimized,
+debug, 32, 64 bit)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+set flags for this run of all.sh (optimized, debug, 32, 64 bit)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+set the DIST directory (where the binaries reside)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+kill running selfservers (sorry - just don't use the svbld
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+account if you need to do your own testing... I will fix
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+selfserv as soon as I can - but it hangs too often and
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+disturbs all following QA)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+run all.sh
+<p>&nbsp;&nbsp;&nbsp; header:exit (global)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; remove temporary files
+<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; kill remaining selfservers
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; send email to the list
+<br>&nbsp;
+<p>&nbsp;&nbsp;&nbsp; errorhandling
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option / Parameter errors:
+Exit with usage information
+<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Severe errors: Exit wit errormessage
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+example: directory in which all.sh resides does not exist
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+can't create files or directories
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+build not done after 5 hours
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+is already running
+<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Other errors: User is prompted
+with the "errormessage - continue (y/n)?"
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+example: local DIST dir does not exist (continues with next all.sh)
+<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+outputdirectory does not exist (user can specify other)
+<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Signals 2, 3, 15 are treated
+as severe errors
+<br>&nbsp;
+<br>&nbsp;
+<br>&nbsp;
+<p><img SRC="clean.gif" height=129 width=92 align=LEFT><a NAME="qaclean"></a><b><u><font size=+2>qaclean:</font></u></b>/u/sonmi/bin/qaclean
+<br>&nbsp;
+<p>Use qaclean as user "svbld" to get the propper permissions. It is supposed
+to clean up after a "hanging" QA and will also brutally kill, interupt
+and disturb any other nss related test or performance meassurement on the
+named machine. NT and 2000 might require an additional reboot, since the
+ps is not so good about telling us the actual programmname - so we can't
+kill them... Please note that this is a brute force script, it should not
+be used on a regular basis, file a bug whenever you have to use it, since
+hanging QA is nothing that should occur frequently
+<p>&nbsp;<a href="../qaclean">view the script</a>
+<p>What it does:
+<ol>
+<li>
+see if there is a lockfile (/tmp/nssqa.$$ or $TMP/nssqa.$$)</li>
+
+<br>if yes:
+<ol>kill the process of the lockfile <font color="#666666">(future expansion
+and if possible it's children )</font>
+<br>rm the lockfile</ol>
+
+<li>
+kill selfservers</li>
+
+<li>
+kill whatever other qa related processes might be hanging</li>
+
+<li>
+clean up tmp files</li>
+</ol>
+<b>QAClean Parameters:</b>
+<br>&nbsp;&nbsp;&nbsp; machinename.
+<br>&nbsp;&nbsp;&nbsp; for example
+<br>&nbsp;&nbsp;&nbsp; qaclean kentuckyderby
+<br>&nbsp;&nbsp;&nbsp; started on any machine, will clean up on kentuckyderby
+<p><a NAME="qa_stat"></a><b><u><font size=+2>qa_stat</font></u></b>
+<p>qa_stat is the script that is being started from the svbld cron on kentuckyderby
+every morning at 10:00 and runs some (very primitive) analysis on the qa
+results.
+<br>I'd like to rewrite the whole thing in perl, and in a few weeks I might
+just do this...
+<p>&nbsp;<a href="../qa_stat">view the script</a>
+<p>qa_stat <a href="#Parameters">parameters</a> and&nbsp; <a href="#Options">options</a>
+<p><a NAME="advertisement"></a><b><u><font size=+1>Why we need the QA wrapper</font></u></b>
+<p>We need the new QA wrapper, because we have to test on so many platforms,
+that running the tests and evaluating the results for the nightly builds
+took about an average workday.
+<p><b><font size=+1>New Features:</font></b>
+<ul>
+<li>
+runs from <b>cron</b> / rsh or <b>interactive</b> if desired</li>
+
+<li>
+generates <b>summary</b> (no need to look through 60-90 directories)</li>
+
+<li>
+sends <b>email</b> about results</li>
+
+<li>
+automatically <b>recognizes common errors</b> and problems and conflicts
+and corrects them</li>
+
+<br>(or attempts to correct them :-)
+<li>
+automatically determines <b>which build </b>to test (waits if build in
+progress, exits if no build)</li>
+
+<li>
+runs on <b>all required platforms</b> (Windows 98 and before not functional
+yet)</li>
+
+<li>
+Windows version runs on <b>free Cygnus</b> as well as on MKS</li>
+
+<li>
+debug mode, normal mode and silent mode</li>
+
+<li>
+<b>locking</b> mechanism so it won't run twice</li>
+
+<li>
+<b>cleanup</b> after being killed and most errors (no remaining selfservers,
+tmpfiles, lock files)</li>
+</ul>
+The 1st script is started via cron between 5:00 and 8:00 am on different
+systems, and starts QA on the nightly build. At 10:00 the next script is
+started, and sends a QA summary to the nss developers.
+<p><b>Cygnus Advantages</b>:
+<ul>
+<li>
+<b>free</b></li>
+
+<li>
+better handling of <b>processes</b> (background, processIDs, Signals)</li>
+
+<li>
+Unix / Linux <b>compatible</b> sh / bash</li>
+</ul>
+<b>Disadvantages</b>
+<ul>
+<li>
+MKS functionality needs to be preserved (makes <b>8 Windows platforms</b>
+instead of 4 for the QA suites - makes 32 testruns on Windows alone)</li>
+
+<br>In certain functionality's <b>slow</b>
+<br><b></b>&nbsp;</ul>
+<b>Porting the windows QA&nbsp;to Uwin as well is also being considered</b>
+</body>
+</html>
diff --git a/nss/tests/dummy/dummy.sh b/nss/tests/dummy/dummy.sh
new file mode 100644
index 0000000..27d3c9c
--- /dev/null
+++ b/nss/tests/dummy/dummy.sh
@@ -0,0 +1,19 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/dummy/dummy.sh
+#
+# Minimal test that doesn't do anything
+#
+# NSS_TESTS="dummy" can be used for quick testing of the
+#   test script infrastructure, without running any of the tests 
+#
+########################################################################
+
+# html_failed "dummy test fail"
+html_passed "dummy test ok"
diff --git a/nss/tests/ec/ec.sh b/nss/tests/ec/ec.sh
new file mode 100755
index 0000000..9869b65
--- /dev/null
+++ b/nss/tests/ec/ec.sh
@@ -0,0 +1,37 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# tests/ec/ec.sh
+#
+# needs to work on all Unix and Windows platforms
+# this is a meta script to drive all ec tests
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## run_tests ###############################
+# run test suites defined in ECTESTS variable
+########################################################################
+run_ec_tests()
+{
+    for ECTEST in ${ECTESTS}
+    do
+        SCRIPTNAME=${ECTEST}.sh
+        echo "Running ec tests for ${ECTEST}"
+        echo "TIMESTAMP ${ECTEST} BEGIN: `date`"
+        (cd ${QADIR}/ec; . ./${SCRIPTNAME} 2>&1)
+        echo "TIMESTAMP ${ECTEST} END: `date`"
+    done
+}
+
+ECTESTS="ecperf ectest"
+run_ec_tests
diff --git a/nss/tests/ec/ecperf.sh b/nss/tests/ec/ecperf.sh
new file mode 100755
index 0000000..501488e
--- /dev/null
+++ b/nss/tests/ec/ecperf.sh
@@ -0,0 +1,52 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# tests/ec/ecperf.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## ecperf_init #############################
+# local shell function to initialize this script
+########################################################################
+
+ecperf_init()
+{
+  SCRIPTNAME="ecperf.sh"
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  SCRIPTNAME="ecperf.sh"
+  html_head "ecperf test"
+}
+
+ecperf_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+ecperf_init
+ECPERF_OUT=$(ecperf 2>&1)
+echo "$ECPERF_OUT"
+ECPERF_OUT=`echo $ECPERF_OUT | grep -i 'failed\|Assertion failure'`
+# TODO: this is a perf test we don't check for performance here but only failed
+if [ -n "$ECPERF_OUT" ] ; then
+  html_failed "ec(perf) test"
+else
+  html_passed "ec(perf) test"
+fi
+ecperf_cleanup
diff --git a/nss/tests/ec/ectest.sh b/nss/tests/ec/ectest.sh
new file mode 100644
index 0000000..e107605
--- /dev/null
+++ b/nss/tests/ec/ectest.sh
@@ -0,0 +1,93 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# tests/ec/ectest.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## ectest_init #############################
+# local shell function to initialize this script
+########################################################################
+
+ectest_init()
+{
+  SCRIPTNAME="ectest.sh"
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  SCRIPTNAME="ectest.sh"
+  html_head "freebl and pk11 ectest tests"
+}
+
+ectest_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+ectest_genkeydb_test()
+{
+  certutil -N -d "${HOSTDIR}" -f "${R_PWFILE}" 2>&1
+  if [ $? -ne 0 ]; then
+    return $?
+  fi
+  curves=( \
+    "curve25519" \
+    "secp256r1" \
+    "secp384r1" \
+    "secp521r1" \
+  )
+  for curve in "${curves[@]}"; do
+    echo "Test $curve key generation using certutil ..."
+    certutil -G -d "${HOSTDIR}" -k ec -q $curve -f "${R_PWFILE}" -z ${NOISE_FILE}
+    if [ $? -ne 0 ]; then
+      html_failed "ec test certutil keygen - $curve"
+    else
+      html_passed "ec test certutil keygen - $curve"
+    fi
+  done
+  echo "Test sect571r1 key generation using certutil that should fail because it's not implemented ..."
+  certutil -G -d "${HOSTDIR}" -k ec -q sect571r1 -f "${R_PWFILE}" -z ${NOISE_FILE}
+  if [ $? -eq 0 ]; then
+    html_failed "ec test certutil keygen - $curve"
+  else
+    html_passed "ec test certutil keygen - $curve"
+  fi
+}
+
+ectest_init
+ectest_genkeydb_test
+# TODO: expose individual tests and failures instead of overall
+if [ -f ${BINDIR}/fbectest ]; then
+  FB_ECTEST_OUT=$(fbectest -n -d 2>&1)
+  FB_ECTEST_OUT=`echo $FB_ECTEST_OUT | grep -i 'not okay\|Assertion failure'`
+  if [ -n "$FB_ECTEST_OUT" ] ; then
+    html_failed "freebl ec tests"
+  else
+    html_passed "freebl ec tests"
+  fi
+fi
+if [ -f ${BINDIR}/pk11ectest ]; then
+  PK11_ECTEST_OUT=$(pk11ectest -n -d 2>&1)
+  PK11_ECTEST_OUT=`echo $PK11_ECTEST_OUT | grep -i 'not okay\|Assertion failure'`
+  if [ -n "$PK11_ECTEST_OUT" ] ; then
+    html_failed "pk11 ec tests"
+  else
+    html_passed "pk11 ec tests"
+  fi
+fi
+ectest_cleanup
diff --git a/nss/tests/fips/fips.sh b/nss/tests/fips/fips.sh
new file mode 100755
index 0000000..4153e61
--- /dev/null
+++ b/nss/tests/fips/fips.sh
@@ -0,0 +1,293 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+# mozilla/security/nss/tests/fips/fips.sh
+#
+# Script to test basic functionallity of NSS in FIPS-compliant mode
+#
+# needs to work on all Unix and Windows platforms
+#
+# tests implemented:
+#
+# special strings
+# ---------------
+#
+########################################################################
+
+############################## fips_init ##############################
+# local shell function to initialize this script 
+########################################################################
+fips_init()
+{
+  SCRIPTNAME=fips.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  SCRIPTNAME=fips.sh
+  html_head "FIPS 140 Compliance Tests"
+
+  grep "SUCCESS: FIPS passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 15 "Fatal - FIPS of cert.sh needs to pass first"
+  }
+
+  COPYDIR=${FIPSDIR}/copydir
+
+  R_FIPSDIR=../fips
+  P_R_FIPSDIR=../fips
+  R_COPYDIR=../fips/copydir
+
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+     P_R_FIPSDIR="multiaccess:${D_FIPS}"
+  fi
+
+  mkdir -p ${FIPSDIR}
+  mkdir -p ${COPYDIR}
+
+  cd ${FIPSDIR}
+}
+
+############################## fips_140 ##############################
+# local shell function to test basic functionality of NSS while in
+# FIPS 140 compliant mode
+########################################################################
+fips_140()
+{
+  echo "$SCRIPTNAME: Verify this module is in FIPS mode  -----------------"
+  echo "modutil -dbdir ${P_R_FIPSDIR} -list"
+  ${BINDIR}/modutil -dbdir ${P_R_FIPSDIR} -list 2>&1
+  ${BINDIR}/modutil -dbdir ${P_R_FIPSDIR} -chkfips true 2>&1
+  html_msg $? 0 "Verify this module is in FIPS mode (modutil -chkfips true)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1
+  html_msg $? 0 "List the FIPS module certificates (certutil -L)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module keys -------------------------"
+  echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "List the FIPS module keys (certutil -K)" "."
+
+  echo "$SCRIPTNAME: Attempt to list FIPS module keys with incorrect password"
+  echo "certutil -d ${P_R_FIPSDIR} -K -f ${FIPSBADPWFILE}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${FIPSBADPWFILE} 2>&1
+  RET=$?
+  html_msg $RET 255 "Attempt to list FIPS module keys with incorrect password (certutil -K)" "."
+  echo "certutil -K returned $RET"
+
+  echo "$SCRIPTNAME: Validate the certificate --------------------------"
+  echo "certutil -d ${P_R_FIPSDIR} -V -n ${FIPSCERTNICK} -u SR -e -f ${R_FIPSPWFILE}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -V -n ${FIPSCERTNICK} -u SR -e -f ${R_FIPSPWFILE}
+  html_msg $? 0 "Validate the certificate (certutil -V -e)" "."
+
+  echo "$SCRIPTNAME: Export the certificate and key as a PKCS#12 file --"
+  echo "pk12util -d ${P_R_FIPSDIR} -o fips140.p12 -n ${FIPSCERTNICK} -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}"
+  ${BINDIR}/pk12util -d ${P_R_FIPSDIR} -o fips140.p12 -n ${FIPSCERTNICK} -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "Export the certificate and key as a PKCS#12 file (pk12util -o)" "."
+
+  echo "$SCRIPTNAME: Export the certificate as a DER-encoded file ------"
+  echo "certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -L -n ${FIPSCERTNICK} -r -o fips140.crt 2>&1
+  html_msg $? 0 "Export the certificate as a DER (certutil -L -r)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  echo "${certs}" 
+  if [ ${ret} -eq 0 ]; then
+    echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null
+    ret=$?
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
+
+  echo "$SCRIPTNAME: Delete the certificate and key from the FIPS module"
+  echo "certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -F -n ${FIPSCERTNICK} -f ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "Delete the certificate and key from the FIPS module (certutil -F)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  echo "${certs}" 
+  if [ ${ret} -eq 0 ]; then
+    echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null
+    if [ $? -eq 0 ]; then
+      ret=255
+    fi
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module keys."
+  echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1
+  # certutil -K now returns a failure if no keys are found. This verifies that
+  # our delete succeded.
+  html_msg $? 255 "List the FIPS module keys (certutil -K)" "."
+
+
+  echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file"
+  echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}"
+  ${BINDIR}/pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  echo "${certs}" 
+  if [ ${ret} -eq 0 ]; then
+    echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null
+    ret=$?
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module keys --------------------------"
+  echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "List the FIPS module keys (certutil -K)" "."
+
+
+  echo "$SCRIPTNAME: Delete the certificate from the FIPS module"
+  echo "certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -D -n ${FIPSCERTNICK} 2>&1
+  html_msg $? 0 "Delete the certificate from the FIPS module (certutil -D)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  echo "${certs}" 
+  if [ ${ret} -eq 0 ]; then
+    echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null
+    if [ $? -eq 0 ]; then
+      ret=255
+    fi
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
+
+  echo "$SCRIPTNAME: Import the certificate and key from the PKCS#12 file"
+  echo "pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE}"
+  ${BINDIR}/pk12util -d ${P_R_FIPSDIR} -i fips140.p12 -w ${R_FIPSP12PWFILE} -k ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "Import the certificate and key from the PKCS#12 file (pk12util -i)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module certificates -----------------"
+  echo "certutil -d ${P_R_FIPSDIR} -L"
+  certs=`${BINDIR}/certutil -d ${P_R_FIPSDIR} -L 2>&1`
+  ret=$?
+  echo "${certs}" 
+  if [ ${ret} -eq 0 ]; then
+    echo "${certs}" | grep FIPS_PUB_140_Test_Certificate > /dev/null
+    ret=$?
+  fi
+  html_msg $ret 0 "List the FIPS module certificates (certutil -L)" "."
+
+  echo "$SCRIPTNAME: List the FIPS module keys --------------------------"
+  echo "certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE}"
+  ${BINDIR}/certutil -d ${P_R_FIPSDIR} -K -f ${R_FIPSPWFILE} 2>&1
+  html_msg $? 0 "List the FIPS module keys (certutil -K)" "."
+
+
+  echo "$SCRIPTNAME: Run PK11MODE in FIPSMODE  -----------------"
+  echo "pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE}"
+  ${BINDIR}/pk11mode -d ${P_R_FIPSDIR} -p fips- -f ${R_FIPSPWFILE}  2>&1
+  html_msg $? 0 "Run PK11MODE in FIPS mode (pk11mode)" "."
+
+  echo "$SCRIPTNAME: Run PK11MODE in Non FIPSMODE  -----------------"
+  echo "pk11mode -d ${P_R_FIPSDIR} -p nonfips- -f ${R_FIPSPWFILE} -n"
+  ${BINDIR}/pk11mode -d ${P_R_FIPSDIR} -p nonfips- -f ${R_FIPSPWFILE} -n 2>&1
+  html_msg $? 0 "Run PK11MODE in Non FIPS mode (pk11mode -n)" "."
+
+  LIBDIR="${DIST}/${OBJDIR}/lib"
+  MANGLEDIR="${FIPSDIR}/mangle"
+   
+  # There are different versions of cp command on different systems, some of them 
+  # copies only symlinks, others doesn't have option to disable links, so there
+  # is needed to copy files one by one. 
+  echo "mkdir ${MANGLEDIR}"
+  mkdir ${MANGLEDIR}
+  for lib in `ls ${LIBDIR}`; do
+    echo "cp ${LIBDIR}/${lib} ${MANGLEDIR}"
+    cp ${LIBDIR}/${lib} ${MANGLEDIR}
+  done
+    
+  echo "$SCRIPTNAME: Detect mangled softoken--------------------------"
+  SOFTOKEN=${MANGLEDIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX}
+
+  echo "mangling ${SOFTOKEN}"
+  echo "mangle -i ${SOFTOKEN} -o -8 -b 5"
+  # If nss was built without softoken use the system installed one.
+  # It's location must be specified by the package maintainer.
+  if [ ! -e  ${MANGLEDIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX} ]; then
+    echo "cp ${SOFTOKEN_LIB_DIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX} ${MANGLEDIR}"
+    cp ${SOFTOKEN_LIB_DIR}/${DLL_PREFIX}softokn3.${DLL_SUFFIX} ${MANGLEDIR}
+  fi
+  ${BINDIR}/mangle -i ${SOFTOKEN} -o -8 -b 5 2>&1
+  if [ $? -eq 0 ]; then
+    if [ "${OS_ARCH}" = "WINNT" ]; then
+      DBTEST=`which dbtest`
+	  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+		DBTEST=`cygpath -m ${DBTEST}`
+		MANGLEDIR=`cygpath -u ${MANGLEDIR}`
+	  fi
+      echo "PATH=${MANGLEDIR} ${DBTEST} -r -d ${P_R_FIPSDIR}"
+      PATH="${MANGLEDIR}" ${DBTEST} -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1
+      RESULT=$?
+    elif [ "${OS_ARCH}" = "HP-UX" ]; then
+      echo "SHLIB_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}"
+      LD_LIBRARY_PATH="" SHLIB_PATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1
+      RESULT=$?
+    elif [ "${OS_ARCH}" = "AIX" ]; then
+      echo "LIBPATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}"
+      LIBPATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1
+      RESULT=$?
+    elif [ "${OS_ARCH}" = "Darwin" ]; then
+      echo "DYLD_LIBRARY_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}"
+      DYLD_LIBRARY_PATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1
+      RESULT=$?
+    else
+      echo "LD_LIBRARY_PATH=${MANGLEDIR} dbtest -r -d ${P_R_FIPSDIR}"
+      LD_LIBRARY_PATH="${MANGLEDIR}" ${BINDIR}/dbtest -r -d ${P_R_FIPSDIR} > ${TMP}/dbtestoutput.txt 2>&1
+      RESULT=$?
+    fi  
+
+    html_msg ${RESULT} 46 "Init NSS with a corrupted library (dbtest -r)" "."
+  else
+    html_failed "Mangle ${DLL_PREFIX}softokn3.${DLL_SUFFIX}"
+  fi
+}
+
+############################## fips_cleanup ############################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+fips_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+fips_init
+fips_140
+fips_cleanup
+echo "fips.sh done"
diff --git a/nss/tests/gtests/gtests.sh b/nss/tests/gtests/gtests.sh
new file mode 100755
index 0000000..469953f
--- /dev/null
+++ b/nss/tests/gtests/gtests.sh
@@ -0,0 +1,90 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# similar to all.sh this file runs drives gtests.
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## gtest_init ##############################
+# local shell function to initialize this script
+########################################################################
+gtest_init()
+{
+  cd "$(dirname "$1")"
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd common
+      . ./init.sh
+  fi
+
+  SCRIPTNAME=gtests.sh
+
+  if [ -z "${CLEANUP}" ] ; then   # if nobody else is responsible for
+    CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+}
+
+########################## gtest_start #############################
+# Local function to actually start the test
+####################################################################
+gtest_start()
+{
+  echo "gtests: ${GTESTS}"
+  for i in ${GTESTS}; do
+    if [ ! -f ${BINDIR}/$i ]; then
+      html_unknown "Skipping $i (not built)"
+      continue
+    fi
+    GTESTDIR="${HOSTDIR}/$i"
+    html_head "$i"
+    if [ ! -d "$GTESTDIR" ]; then
+      mkdir -p "$GTESTDIR"
+    fi
+    cd "$GTESTDIR"
+    GTESTREPORT="$GTESTDIR/report.xml"
+    PARSED_REPORT="$GTESTDIR/report.parsed"
+    echo "executing $i"
+    ${BINDIR}/$i "${SOURCE_DIR}/gtests/freebl_gtest/kat/Hash_DRBG.rsp" \
+                 -d "$GTESTDIR" --gtest_output=xml:"${GTESTREPORT}" \
+                                --gtest_filter="${GTESTFILTER-*}"
+    html_msg $? 0 "$i run successfully"
+    echo "test output dir: ${GTESTREPORT}"
+    echo "executing sed to parse the xml report"
+    sed -f ${COMMON}/parsegtestreport.sed "${GTESTREPORT}" > "${PARSED_REPORT}"
+    echo "processing the parsed report"
+    cat "${PARSED_REPORT}" | while read result name; do
+      if [ "$result" = "notrun" ]; then
+        echo "$name" SKIPPED
+      elif [ "$result" = "run" ]; then
+        html_passed_ignore_core "$name"
+      else
+        html_failed_ignore_core "$name"
+      fi
+    done
+  done
+}
+
+gtest_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+GTESTS="prng_gtest der_gtest pk11_gtest util_gtest"
+SOURCE_DIR="$PWD"/../..
+gtest_init $0
+gtest_start
+gtest_cleanup
diff --git a/nss/tests/header b/nss/tests/header
new file mode 100644
index 0000000..5a1dead
--- /dev/null
+++ b/nss/tests/header
@@ -0,0 +1,1636 @@
+#! /bin/sh
+
+########################################################################
+#
+# /u/sonmi/bin/header - /u/svbld/bin/init/nss/header
+#
+# variables, utilities and shellfunctions global to NSS QA
+# needs to work on all Unix platforms
+#
+# included from (don't expect this to be up to date)
+# --------------------------------------------------
+#   qa_stat
+#   mksymlinks 
+#   nssqa 
+#
+# parameters
+# ----------
+#   nssversion (supported: 30b, 31, 332, tip 32)
+#   builddate (default - today)
+#
+# options
+# -------
+#   -y answer all questions with y - use at your own risk... ignores warnings 
+#   -s silent (only usefull with -y)
+#   -h, -? - you guessed right - displays this text
+#   -d debug
+#   -f <filename> - write the (error)output to filename
+#   -fcronfile produces the resultfiles in the same locations
+#       as would have been produced with -cron
+#   -m <mailinglist> - send filename to mailinglist (csl) only useful
+#       with -f
+#   -ml <mailinglist> - send link to filename to mailinglist (csl) 
+#       only useful with -f
+#   -cron equivalient to -y -s -d -f $RESULTDIR/$HOST.<scriptname>
+#   -t  run on a tinderbox build that means: local, from the startlocation
+#   -l <mozroot directory>  run on a local build mozroot
+#   -ln <mozroot> copy a networkbuild to a local directory mozroot, 
+#        used for networkindipendend QA
+#   -lt try to copy a networkbuild to a local directory, if not possible
+#        run on the network
+#        used for networkindipendend QA
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+# moduls (not yet)
+# ----------------
+#   --# INIT
+#   --# USERCOM
+#   --# UTILS
+#
+# FIXME - split in init / usercom / utils
+#
+########################################################################
+
+#------------------------------# INIT #------------------------------
+
+# below the option flags get initialized
+
+if [ -z "$QASCRIPT_DIR" ]
+then
+    QASCRIPT_DIR=`dirname $0`
+    if [ "$QASCRIPT_DIR" = '.' ]
+    then
+        QASCRIPT_DIR=`pwd`
+    fi
+fi
+export QASCRIPT_DIR
+
+O_HWACC=OFF
+if [ -z "$O_ALWAYS_YES" ] ; then
+    O_ALWAYS_YES=OFF    # turned on by -y answer all questions with y 
+fi
+
+if [ -z "$O_INIT" ] # header is global, some including scripts may not
+then                # want the init to run, the others don't need to bother
+    O_INIT=ON
+fi
+if [ -z "$O_PARAM" ] # header is global, some including scripts may not
+then                 # require parameters, the others don't need to bother
+    O_PARAM=ON
+fi
+if [ -z "$O_OPTIONS" ] # header is global, some including scripts may not
+then                # permit options, they don't need to bother
+    O_OPTIONS=OFF
+fi
+O_SILENT=OFF        # turned on by -s silent (only usefull with -y)
+if  [ -z "$O_DEBUG" ] ; then
+    O_DEBUG=OFF     # turned on by -d - calls to Debug produce output when ON
+fi
+O_FILE=OFF          # turned on by -f echo all output to a file $FILENAME
+O_CRON=OFF          # turned on by -cron cron use only
+O_CRONFILE=OFF      # turned on by -cron cron and -fcron
+O_LOCAL=OFF         # turned on by -l* run on a local build in $LOCAL_MOZROOT
+O_LN=OFF            # turned on by -ln and -lt, test a networkbuild locally
+O_MAIL=OFF          # turned on by -m - sends email
+O_MAIL_LINK=OFF     # turned on by -ml - sends email
+O_TBX=OFF           # turned on by -t run on a tinderbox build
+                    # that means: local, from the startlocation
+
+if  [ -z "$DOMSUF" ]
+then
+    
+    DOMSUF=red.iplanet.com
+    DS_WAS_SET=FALSE
+else
+    DS_WAS_SET=TRUE
+fi
+
+TMPFILES=""
+
+WAIT_FOR=600  # if waiting for an event sleep n seconds before rechecking 
+              # recomended value 10 minutes 600
+WAIT_TIMES=30 # recheck n times before giving up - recomended 30 - total of 5h
+
+if [ -z "$QAYEAR" ]   # may I introduce - the y2k+1 bug? QA for last year 
+then                  # might not work
+    QAYEAR=`date +%Y`
+fi
+
+if [ -z "$TMP" ]        
+then
+    if [  -z "$TEMP" ]
+    then
+        TMP="/tmp"
+    else
+        TMP=$TEMP
+    fi
+fi
+if [ ! -w "$TMP" ]        
+then
+    echo "Can't write to tmp directory $TMP - exiting"
+    echo "Can't write to tmp directory $TMP - exiting" >&2
+    exit 1
+fi
+
+KILLPIDS="$TMP/killpids.$$"
+export KILLERPIDS
+TMPFILES="$TMPFILES $KILLPIDS"
+
+KILL_SELFSERV=OFF   # if sourcing script sets this to on cleanup will also 
+                    # kill the running selfserv processes
+
+                    # Set the masterbuilds 
+if [ -z "$UX_MASTERBUILD" ]
+then                     
+    UX_MASTERBUILD=booboo_Solaris8
+    #if [ ! -d $UX_MASTERBUILD ] ; then
+        #UX_MASTERBUILD=booboo_Solaris8_forte6
+    #fi
+    UX_MB_WAS_SET=FALSE
+else
+    UX_MB_WAS_SET=TRUE
+fi
+if [ -z "$NT_MASTERBUILD" ]
+then                     
+    NT_MASTERBUILD=blowfish_NT4.0_Win95
+    NT_MB_WAS_SET=FALSE      # in this case later functions can override if
+                             # they find a different build that looks like NT
+else
+    NT_MB_WAS_SET=TRUE
+fi
+if [ -z "$MASTERBUILD" ]    
+then
+    MASTERBUILD=$UX_MASTERBUILD
+fi
+
+                    # Set the default build
+if [ -z "$BUILDNUMBER" ]    
+then
+    BUILDNUMBER=1
+fi
+export BUILDNUMBER
+O_LDIR=OFF          #local QA dir for NT, temporary
+
+if [ -z "$WIN_WAIT_FOREVER" ]    # header is global, some including scripts 
+then                # want the init to wait forever for directories to
+                    # appear (windows only) if OFF exit, if ON wait forever
+    WIN_WAIT_FOREVER=OFF
+fi
+
+                          # NOTE: following variables have to change 
+                          # from release to release
+if [ -z "$BC_MASTER" ]    # master directory for backwardscompatibility testing
+then
+    RH="NO"
+    grep 7.1 /etc/redhat-release > /dev/null 2>/dev/null && RH="YES"
+    grep 7.2 /etc/redhat-release > /dev/null 2>/dev/null && RH="YES"
+
+    if [ "$RH" = "YES" ] 
+    then                      # NSS-3-3-1RTM
+        BC_UX_MASTER=nss331/builds/20010928.2.331-RTM/booboo_Solaris8
+        BC_NT_MASTER=nss331/builds/20010928.2.331-RTM/blowfish_NT4.0_Win95
+    else                      # NSS-3-2-2RTM
+        BC_UX_MASTER=nss322/builds/20010820.1/y2sun2_Solaris8
+        BC_NT_MASTER=nss322/builds/20010820.1/blowfish_NT4.0_Win95
+    fi
+    BC_MASTER=$BC_UX_MASTER
+    BC_MASTER_WAS_SET=FALSE
+else
+    BC_MASTER_WAS_SET=TRUE
+fi
+BC_RELEASE=3.2
+export BC_RELEASE
+
+EARLY_EXIT=TRUE     #before the report file has been created, causes Exit to 
+                    #create it
+
+UX_D0=/share/builds/mccrel3/nss
+
+################################### glob_init ##########################
+# global shell function, main initialisation function
+########################################################################
+glob_init()
+{
+    if [ $O_PARAM = "ON" ] ; then
+        eval_opts $*    # parse parameters and options - set flags
+    fi
+                        # if running from cron HOST needs to be known early, 
+    init_host            # so the output file name can be constructed. 
+    Debug "Setting up environment...( $QASCRIPT_DIR/set_environment) "
+    . $QASCRIPT_DIR/set_environment #finds out if we are running on Windows
+    Debug "OPerating system: $os_name $os_full"
+    umask 0    
+    init_dirs
+    init_files
+    init_vars
+}
+
+################################### init_vars ###########################
+# global shell function, sets the environment variables, part of init 
+########################################################################
+init_vars()
+{
+    if [ -z "$LOGNAME" ]
+    then
+        if [ $O_WIN = "ON" ]
+        then
+            LOGNAME=$USERNAME
+        else
+            LOGNAME=$USER
+        fi
+        if [ -z "$LOGNAME" ]
+        then
+            LOGNAME=$UNAME
+            if [ -z "$LOGNAME" ]
+            then
+                LOGNAME=`basename $HOME`
+            fi
+        fi
+    fi
+    if [ -z "$LOGNAME" ]
+    then
+        Exit "Can't determine current user"
+    fi
+    case $HOST in
+        iws-perf)
+            O_HWACC=ON
+            HWACC_LIST="rainbow ncipher"
+            #MODUTIL="-add rainbow -libfile /usr/lib/libcryptoki22.so"
+            export HWACC_LIST
+            ;;
+        *)
+            O_HWACC=OFF
+            ;;
+    esac
+   export O_HWACC
+}
+
+########################################################################
+# functions below deal with setting up the directories and PATHs for
+# all different flavors of OS (Unix, Linux, NT MKS, NT Cygnus) and QA
+# (Standard, local tinderbox)
+########################################################################
+
+########################## find_nt_masterbuild #########################
+# global shell function, sets the nt masterbuild directories, part of init 
+########################################################################
+find_nt_masterbuild()
+{
+    NT_MASTERDIR=${DAILY_BUILD}/${NT_MASTERBUILD}
+    if [ "${NT_MB_WAS_SET}" = "FALSE" -a ! -d $NT_MASTERDIR ] ; then
+        if [ -d ${DAILY_BUILD}/*NT4* ] ; then
+            NT_MASTERBUILD=` cd ${DAILY_BUILD}; ls -d *NT4* `
+            Debug "NT_MASTERBUILD $NT_MASTERBUILD"
+            NT_MASTERDIR=${DAILY_BUILD}/${NT_MASTERBUILD}
+        fi
+    fi
+    Debug "NT_MASTERDIR $NT_MASTERDIR"
+}
+
+################################### set_daily_build_dirs ###########################
+# global shell function, sets directories 
+########################################################################
+set_daily_build_dirs()
+{
+    if [ "$O_LOCAL" = "ON" -a "$O_LN" = "OFF" ] ; then
+        DAILY_BUILD=${LOCAL_MOZROOT}        # on local builds NSS_VER_DIR and DAILY_BUILD are 
+                             # set to the LOCAL_MOZROOT, since it is not sure
+                             # if ../.. (DAILY_BUILD) even exists
+        LOCALDIST=${LOCAL_MOZROOT}/dist
+    elif [ "$O_TBX" = "ON" ] ; then
+        DAILY_BUILD="$TBX_DAILY_BUILD"
+        LOCALDIST=${UXDIST}
+    else
+        DAILY_BUILD=${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.${BUILDNUMBER}
+        LOCALDIST=${DAILY_BUILD}/${MASTERBUILD}/mozilla/dist
+    fi
+}
+
+map_os64()
+{
+  IS_64=""
+  case `uname -s` in
+      #OSF1) has been done already - always 64 bit
+      SunOS)
+          MAPPED_OS=Solaris*8
+          IS_64=`(isainfo -v | grep 64)>/dev/null 2>/dev/null && echo 64 bit`
+          if [ "$O_TBX" = "OFF" ] ; then
+              set_osdir
+              if [ -n "$IS_64" ]
+              then #Wait for the 64 bit build to finish...
+                  Debug Testing build for $MAPPED_OS in $OSDIR
+                  Wait ${OSDIR}/SVbuild.InProgress.1 0
+              fi
+          fi
+          ;;
+      AIX)
+          IS_64=`lslpp -l | grep "bos.64bit"> /dev/null && echo 64 bit`
+          ;;
+      HP-UX)
+          IS_64=`getconf KERNEL_BITS | grep 64 >/dev/null && echo 64 bit`
+          ;;
+  esac
+  Debug "Mapped OS to $MAPPED_OS"
+}
+
+
+
+################################### copy_to_local ########################
+# global shell function, copies the necessary directories from the 
+# daily build aerea to the local disk
+########################################################################
+copy_to_local()
+{
+    Debug "Copy network directories to local directories"
+    C2L_ERROR=0
+    if [ ! -d ${LOCAL_MOZROOT}/dist ] ; then
+        mkdir -p ${LOCAL_MOZROOT}/dist || C2L_ERROR=1
+    fi
+    if [ ! -d ${LOCAL_MOZROOT}/security/nss ] ; then
+        mkdir -p ${LOCAL_MOZROOT}/security/nss || C2L_ERROR=2
+    fi
+    if [ $C2L_ERROR != 0 ] ; then
+        Exit "copy_to_local: Can t make necesssary directories ($C2L_ERROR ) "
+    fi
+    if [ ! -d ${LOCAL_MOZROOT}/security/nss/tests ] ; then
+        cp -r ${TESTSCRIPTDIR} ${LOCAL_MOZROOT}/security/nss || C2L_ERROR=1
+    fi
+    if [ ! -d ${LOCAL_MOZROOT}/security/coreconf ] ; then
+        cp -r ${MOZILLA_ROOT}/security/coreconf ${LOCAL_MOZROOT}/security || C2L_ERROR=2
+    fi
+    
+    NO_DIRS=0;
+    if [ "$O_WIN" = "ON" ] ; then
+        OS_TARGET=WINNT;export OS_TARGET
+    fi
+    unset BUILD_OPT;export BUILD_OPT;
+    unset USE_64;export USE_64;
+#FIXME only tested on 64 bit Solaris and only got 32 bit builds
+    while [ $NO_DIRS -lt 4 ] ; do
+                                                  # first time thru: Debug 32 bit NT
+        set_objdir
+        Debug "Copying ${OBJDIR}..."
+        if [ ! -d ${LOCAL_MOZROOT}/dist/${OBJDIR} ] ; then
+            cp -r ${LOCALDIST}/${OBJDIR} ${LOCAL_MOZROOT}/dist || C2L_ERROR=3
+        fi
+        NO_DIRS=`expr $NO_DIRS + 1`
+        if [ $NO_DIRS = 1 ] ; then                # 2nd time: OPT 32 bit NT
+            BUILD_OPT=1; export BUILD_OPT;
+        elif [ $NO_DIRS = 2 ] ; then              # 3rd time: OPT, either 64 bit or Win95 or force exit
+            if [ "$O_WIN" = "ON" ] ; then
+                OS_TARGET=WIN95;export OS_TARGET
+            else
+                map_os64
+                if [ -z "$IS_64" ] ; then #32 bit platform
+                    NO_DIRS=4
+                else
+                    USE_64=1; export USE_64
+                fi
+            fi
+        elif [ $NO_DIRS = 3 ] ; then              # 4th time:  Debug either 64 bit or Win95
+            unset BUILD_OPT;export BUILD_OPT;
+        fi
+     
+            
+    done
+    if [ $C2L_ERROR != 0 ] ; then
+        Exit "copy_to_local: Can t copy necesssary directories ($C2L_ERROR ) "
+    fi
+    unset TESTSCRIPTDIR
+    unset TESTDIR
+    unset RESULTDIR
+    O_LN=OFF       #from here on pretend it is regular -l local QA FIXME, might cause 
+                   #problems with the backwardcompatibility tests
+    Debug "Successfully copied network directories to local directories"
+}
+
+################################### local_dirs ###########################
+# global shell function, sets the directories for local QA
+########################################################################
+local_dirs()
+{
+    Debug "Set directories for local QA"
+    #if [ "$O_WIN" = "ON" ] ; then
+        #win_set_tmp
+    #fi
+    NSS_VER_DIR=${LOCAL_MOZROOT}        # on local builds NSS_VER_DIR and DAILY_BUILD are 
+                         # set to the LOCAL_MOZROOT, since it is not sure
+                         # if ../../../.. (NSS_VER_DIR) even exists
+    if [ -z "${RESULTDIR}" ] ; then # needs to be local as well
+        Debug "Setting RESULTDIR for local QA"
+        RESULTDIR="${LOCAL_MOZROOT}/tests_results/security/${HOST}-`date +%Y%m%d-%H.%M`"
+    fi
+    set_daily_build_dirs
+    UX_MASTERDIR=`dirname ${LOCAL_MOZROOT}`
+    NT_MASTERDIR=$UX_MASTERDIR
+    MOZILLA_ROOT=${LOCAL_MOZROOT}
+
+    UXDIST=${MOZILLA_ROOT}/dist
+    NTDIST=${UXDIST}
+
+    if [ -z "${TESTDIR}" ] ; then 
+        Debug "Setting TESTDIR for local QA"
+        TESTDIR=${RESULTDIR}
+    fi
+    if [ -n "$TESTDIR" ] ; then
+        if [ ! -d $TESTDIR ] ; then
+            Debug "Making TESTDIR for local QA"
+            mkdir -p $TESTDIR
+        fi
+    fi
+    export TESTDIR
+    Debug "RESULTDIR $RESULTDIR TESTDIR $TESTDIR"
+
+    TESTSCRIPTDIR=${LOCAL_MOZROOT}/security/nss/tests
+    COMMON=${TESTSCRIPTDIR}/common
+
+    set_objdir
+    debug_dirs
+    export_dirs
+}
+
+
+################################### tbx_dirs ###########################
+# global shell function, sets the directories for tinderbox QA
+########################################################################
+tbx_dirs()
+{
+    Debug "Set directories for tinderbox"
+    if [ "$O_WIN" = "ON" ] ; then
+        win_set_d1 # we need the NSS_VER_DIR later
+    else
+        NSS_VER_DIR="$UX_D0"/nss$NSSVER
+    fi
+    if [ -z "${RESULTDIR}" ] ; then # needs to be different for tinderbox
+        Debug "Setting RESULTDIR for tinderbox"
+        TBX_NOBITS=""
+        echo $QASCRIPT_DIR | grep 64  >/dev/null && TBX_NOBITS=64
+        TRD="${HOST}${TBX_NOBITS}-`date +%Y%m%d-%H.%M`"
+        RESULTDIR="${NSS_VER_DIR}/tinderbox/tests_results/security/${TRD}"
+        if [ ${DOMSUF} = "mcom.com" -o  ${DOMSUF} = "netscape.com" -o ${DOMSUF} = "nscp.aoltw.net" ] ; then
+            URL="sbs-rel.nscp.aoltw.net"
+        else
+            URL="cindercone.red.iplanet.com"
+        fi
+        if [ "$O_WIN" = "ON" ] ; then
+            RESULTDIRURL="<a title=\"QA Results\" href=\"http://${URL}${UX_D0}/nsstip/tinderbox/tests_results/security/${TRD}\">QA</a>"
+        else
+            RESULTDIRURL="<a title=\"QA Results\" href=\"http://${URL}${RESULTDIR}\">QA</a>"
+        fi
+        Debug "RESULTDIRURL TinderboxPrint:$RESULTDIRURL"
+    fi
+    TBX_DAILY_BUILD=`cd ../../../../..;pwd`
+    NSS_VER_DIR="${TBX_DAILY_BUILD}/../.." 
+    TBX_LOGFILE_DIR=`ls ${NSS_VER_DIR}/logs/tinderbox | sed -e 's/ .*//g'`
+    if [ -z "$TBX_LOGFILE_DIR" ] ; then
+        TBX_LOGFILE_DIR=`ls ${NSS_VER_DIR}/logs/tbx | sed -e 's/ .*//g'`
+        TBX_LOGFILE_DIR="${NSS_VER_DIR}/logs/tbx/${TBX_LOGFILE_DIR}"
+    else
+        TBX_LOGFILE_DIR="${NSS_VER_DIR}/logs/tinderbox/${TBX_LOGFILE_DIR}"
+    fi
+    Debug "Set TBX_LOGFILE_DIR ${TBX_LOGFILE_DIR}"
+    
+    set_daily_build_dirs
+    UX_MASTERDIR=`cd ../../../..;pwd`
+    NT_MASTERDIR=$UX_MASTERDIR
+    MOZILLA_ROOT=$UX_MASTERDIR/mozilla
+
+    UXDIST=${MOZILLA_ROOT}/dist
+    NTDIST=${UXDIST}
+
+    if [ -z "${TESTDIR}" ] ; then 
+        Debug "Setting TESTDIR for tinderbox"
+        TESTDIR=${RESULTDIR}
+    fi
+    if [ -n "$TESTDIR" ] ; then
+        if [ ! -d $TESTDIR ] ; then
+            Debug "Making TESTDIR for tinderbox"
+            mkdir -p $TESTDIR
+        fi
+    fi
+    Debug "Making QAstatus file"
+    echo "QA running" >${TESTDIR}/QAstatus
+    export TESTDIR
+    Debug "RESULTDIR $RESULTDIR TESTDIR $TESTDIR"
+
+    TESTSCRIPTDIR=`pwd`
+    COMMON=${TESTSCRIPTDIR}/common
+
+    set_objdir
+    debug_dirs
+    export_dirs
+}
+
+################################### init_mcom ###########################
+# global shell function, sets domain specific variables for AOL's 
+# domains according to Bishakha's instructions
+########################################################################
+init_mcom()
+{
+    Debug "Running in mcom or netscape domain - changing directories..."
+    if [ "${UX_MB_WAS_SET}" = "FALSE" ] ; then #in case it was set
+        # before script was called use these values 
+        UX_MASTERBUILD=spd04_Solaris8
+    fi
+    if [ "${NT_MB_WAS_SET}" = "FALSE" ] ; then 
+        NT_MASTERBUILD=spd06_NT4
+    fi
+ 
+    MASTERBUILD=$UX_MASTERBUILD
+    if [ "${BC_MASTER_WAS_SET}" = "FALSE" ] ; then
+        BC_UX_MASTER=nss322/builds/20010820.1/y2sun2_Solaris8
+        BC_NT_MASTER=nss322/builds/20010820.1/blowfish_NT4.0_Win95
+        BC_MASTER=$BC_UX_MASTER
+    fi
+    UX_D0=/share/builds/sbsrel2/nss
+    URL="sbs-rel.nscp.aoltw.net"
+}
+################################### init_dirs ###########################
+# global shell function, sets the directories for standard QA
+# calls special functions for tinderbox, windows or local QA, part of init 
+########################################################################
+init_dirs()
+{
+    if [ ${DOMSUF} = "mcom.com" -o  ${DOMSUF} = "netscape.com" -o ${DOMSUF} = "nscp.aoltw.net" ] ; then
+        init_mcom
+    fi
+    if [ $O_WIN = "ON" ] ; then
+        win_set_tmp
+        write_to_tmpfile
+        MASTERBUILD=$NT_MASTERBUILD
+        BC_MASTER=$BC_NT_MASTER
+    fi
+    if [ "$O_LOCAL" = "ON" -a $O_LN = "OFF" ] ; then  # if it is a LN we need to know
+                       # all the directories off the network first to copy them
+        local_dirs     # O_LOCAL alone assumes that all the directories are already there 
+        return
+    elif [ "$O_TBX" = "ON" ] ; then
+        tbx_dirs
+        return
+    elif [ "$O_WIN" = "ON" ] ; then
+        win_set_d1
+    else
+        NSS_VER_DIR="$UX_D0"/nss$NSSVER
+    fi
+    #set -x
+
+    set_daily_build_dirs
+
+    if [ -z "${BCDIST}" ] ; then
+        #BCDIST=/share/builds/mccrel3/nss/${BC_MASTER}/mozilla/dist
+        BCDIST=${NSS_VER_DIR}/../${BC_MASTER}/mozilla/dist
+        if [ ! -d $BCDIST -a `basename $0` != jssqa ] ; then
+            ask "Backward compatibility directory $BCDIST does not exist, continue" "y" "n" || Exit
+        fi
+    fi
+
+    UX_MASTERDIR=${DAILY_BUILD}/${UX_MASTERBUILD}
+    find_nt_masterbuild
+
+    if [ "$O_WIN" = "ON" ]
+    then
+        MOZILLA_ROOT=${NT_MASTERDIR}/mozilla
+    else
+        MOZILLA_ROOT=${UX_MASTERDIR}/mozilla
+    fi
+
+    UXDIST=${UX_MASTERDIR}/mozilla/dist
+    NTDIST=${NT_MASTERDIR}/mozilla/dist
+
+    if [ -z "${RESULTDIR}" ] ; then 
+        RESULTDIR=${UX_MASTERDIR}/mozilla/tests_results/security
+    fi
+
+    if [ -n "$PRODUCT_TO_TEST" -a "$PRODUCT_TO_TEST" = "JSS" ] ; then
+
+        if [ "$O_WIN" = "ON" ] ; then
+            JSS_NSS_SRC_DIR=$JSS_NSS_NT_SRC_DIR
+        fi
+        TESTSCRIPTDIR=${NSS_VER_DIR}/../${JSS_NSS_SRC_DIR}/mozilla/security/nss/tests
+    else
+        TESTSCRIPTDIR=${MOZILLA_ROOT}/security/nss/tests
+    fi
+
+    if [ ! -d $TESTSCRIPTDIR -a `basename $0` != jssqa ] ; then
+        if [ "$O_WIN" = "ON" -a "$WIN_WAIT_FOREVER" = "ON" ]
+        then
+            WaitForever $TESTSCRIPTDIR/all.sh 1
+        else
+            Exit "Test directory $TESTSCRIPTDIR does not exist"
+        fi
+    fi
+
+    COMMON=${TESTSCRIPTDIR}/common
+    if [ "$O_LOCAL" = "ON" -a $O_LN = "ON" ] ; then  # if it is a LN we need to know
+                       # all the directories off the network first to copy them
+        copy_to_local
+        local_dirs     
+    fi
+    #set +x
+
+
+    set_objdir
+    debug_dirs
+    export_dirs
+}
+
+debug_dirs()
+{
+    Debug "NTDIST $NTDIST"
+    Debug "UXDIST $UXDIST"
+    Debug "TESTSCRIPTDIR $TESTSCRIPTDIR"
+    Debug "RESULTDIR $RESULTDIR"
+    Debug "TMP $TMP"
+    Debug "LOCALDIST_BIN $LOCALDIST_BIN"
+    Debug "COMMON $COMMON"
+    Debug "MOZILLA_ROOT $MOZILLA_ROOT"
+    Debug "BCDIST $BCDIST"
+}
+
+export_dirs()
+{
+    export NSS_VER_DIR DAILY_BUILD NTDIST UXDIST RESULTDIR TESTSCRIPTDIR BCDIST
+    export UX_MASTERDIR NT_MASTERDIR COMMON MOZILLA_ROOT
+}
+
+set_osdir()
+{
+    OSDIR=${DAILY_BUILD}/*${MAPPED_OS}*
+}
+
+################################### init_files ###########################
+# global shell function, sets filenames, initializes files, part of init 
+########################################################################
+init_files()
+{
+    if [ $O_CRONFILE = "ON" ]
+    then
+        Debug "attempting to create resultfiles"
+        if [ "$O_TBX" = "ON" ] ; then
+            NEWFILENAME=${TBX_LOGFILE_DIR}/qa.log
+            if [ ! -w ${TBX_LOGFILE_DIR} ] ; then
+                Exit "can't touch $NEWFILENAME"
+            fi
+        else
+            NEWFILENAME=$RESULTDIR/$HOST.`basename $0`
+        fi
+        if [ ! -d $RESULTDIR ]
+        then
+            mkdir -p $RESULTDIR || Exit "Error: can't make $RESULTDIR"
+        fi
+        if [ ! -w $RESULTDIR ] ; then
+            Exit "can't touch $NEWFILENAME"
+        fi
+        Debug "About to touch $NEWFILENAME "
+        touch $NEWFILENAME || Exit "Error: can't touch $NEWFILENAME"
+        if [ "$O_TBX" = "ON" ] ; then
+             echo "QA results in $RESULTDIR" >>$NEWFILENAME || Exit "Error: can't write to $NEWFILENAME"
+        fi
+        Debug "About to cat $FILENAME >>$NEWFILENAME "
+        cat $FILENAME >>$NEWFILENAME || Exit "Error: can't append $FILENAME to $NEWFILENAME"
+        TMPFILES="$TMPFILES $FILENAME"
+        FILENAME=$NEWFILENAME
+        Debug "Writing output to $FILENAME"
+    fi
+
+}
+
+################################### write_to_tmpfile ##########################
+# global shell function, for NT and cron operation, first a tmpfile 
+# needs to be created
+########################################################################
+write_to_tmpfile()
+{
+    O_CRONFILE=ON
+    O_FILE=ON
+    FILENAME=${TMP}/nsstmp.$$    # for now write to the temporary file
+                                 # since we don't know the hostname yet
+                                 # will be inserted to the real file later
+    TMPFILES="$TMPFILES nsstmp.$$"        
+    touch $FILENAME || Exit "Error: can't touch $FILENAME"
+    Debug "Writing output to $FILENAME"
+}
+
+############################# turn_on_cronoptions ######################
+# global shell function, turns on options needed for cron and tinderbox
+########################################################################
+turn_on_cronoptions()
+{
+    O_CRON=ON
+    O_SILENT=ON
+    O_DEBUG=ON                # FIXME take out!
+    O_ALWAYS_YES=ON
+    write_to_tmpfile
+}
+
+########################## test_mozroot ##########################
+# global shell function, determines if the variable LOCAL_MOZROOT is set, 
+# and is usable as mozilla root diretory for a local QA
+###################################################################
+test_mozroot()
+{
+  PWD=`pwd`
+  Debug "LOCAL_MOZROOT = $LOCAL_MOZROOT"
+  case "$LOCAL_MOZROOT" in
+      [0-9-]*|tip)
+          glob_usage "Error: -"$1" requires a directoryname to follow (start with a letter) "
+          ;;
+      \.\.)
+          LOCAL_MOZROOT=`dirname $PWD`
+          ;;
+      \.)
+          LOCAL_MOZROOT=$PWD
+          ;;
+      \.\/*)
+          LOCAL_MOZROOT=`echo $LOCAL_MOZROOT | sed -e "s/^\.//"`
+          LOCAL_MOZROOT="${PWD}${LOCAL_MOZROOT}"
+          ;;
+      \.\.\/*)
+          LOCAL_MOZROOT="${PWD}/${LOCAL_MOZROOT}"
+          ;;
+      \/*|[a-zA-Z]:\/*)
+          ;;
+      ?*)
+          LOCAL_MOZROOT="${PWD}/${LOCAL_MOZROOT}"
+          ;;
+      *)
+          glob_usage "Error: -"$1" requires a directoryname to follow"
+          ;;
+  esac
+  Debug "Reformated MOZROOT to $LOCAL_MOZROOT"
+  if [ "$1" = "ln" ] ; then
+      LOCAL_MOZROOT_PARENT=`dirname $LOCAL_MOZROOT`
+      if [ ! -d $LOCAL_MOZROOT_PARENT -o ! -w $LOCAL_MOZROOT_PARENT -o \
+           ! -x $LOCAL_MOZROOT_PARENT ] ; then
+              Exit "Error: Can't create $LOCAL_MOZROOT (permissions)"
+      fi
+      if [ ! -d "$LOCAL_MOZROOT" ] ; then
+          mkdir $LOCAL_MOZROOT ||
+              Exit "Error: Can't create mozroot $LOCAL_MOZROOT (mkdir failed)"
+      else
+          ask "mozroot $LOCAL_MOZROOT exists - continue (y will remove dir) ?" \
+               "y" "n" || Exit
+          rm -rf $LOCAL_MOZROOT/dist $LOCAL_MOZROOT/security $LOCAL_MOZROOT/tests_results ||
+              Exit "Error: Can't clean mozroot $LOCAL_MOZROOT"
+      fi
+  fi
+  if [ ! -d "$LOCAL_MOZROOT" ] ; then
+      glob_usage "Error: mozilla root $LOCAL_MOZROOT not a valid directory"
+  fi
+}
+
+################################### eval_opts ##########################
+# global shell function, evapuates options and parameters, sets flags
+# variables and defaults
+########################################################################
+eval_opts()
+{
+  while [ -n "$1" ]
+  do
+    case $1 in
+        -cron)
+            turn_on_cronoptions
+            ;;
+        -T*|-t*)
+            O_TBX=ON
+            turn_on_cronoptions
+            O_SILENT=OFF	#FIXME debug only
+            ;;
+        -S*|-s*)
+            O_SILENT=ON
+            ;;
+        -Y*|-y)
+            Debug "Option -y dedectet"
+            O_ALWAYS_YES=ON
+            ;;
+        -d*|-D)
+            O_DEBUG=ON
+            #set -x
+            ;;
+        -ml|-ML)
+            O_MAIL_LINK=ON
+            shift
+            MAILINGLIST=$1
+            if [ -z "$MAILINGLIST" ]
+            then
+                glob_usage "Error: -m requires a mailinglist to follow, for example sonmi,wtc,nelsonb "
+            fi
+            Debug "Sending link to result to $MAILINGLIST"
+            ;;
+        -m|-M)
+            O_MAIL=ON
+            shift
+            MAILINGLIST=$1
+            if [ -z "$MAILINGLIST" ]
+            then
+                glob_usage "Error: -m requires a mailinglist to follow, for example sonmi,wtc,nelsonb "
+            fi
+            Debug "Sending result to $MAILINGLIST"
+            ;;
+        -fcron*|-F[Cc][Rr][Oo][Nn]*)
+            write_to_tmpfile
+            ;;
+        -f|-F)
+            O_FILE=ON
+            shift
+            FILENAME=$1
+            if [ -z "$FILENAME" ]
+            then
+                glob_usage "Error: -f requires a filename to follow"
+            fi
+            #rm -f $FILENAME 2>/dev/null
+            touch $FILENAME || Exit "Error: can't touch $FILENAME"
+                                    #NOTE we append rather that creating
+            Debug "Writing output to $FILENAME"
+            ;;
+        -h|-help|"-?")
+            glob_usage
+            ;;
+        -ln)
+            if [ `basename $0` != nssqa ] ; then
+                glob_usage "Error: Can't handle option $1"
+            fi
+            O_LOCAL=ON
+            O_LN=ON
+            shift
+            LOCAL_MOZROOT=$1
+            test_mozroot ln
+            ;;
+        -lt)
+            if [ `basename $0` != nssqa ] ; then
+                glob_usage "Error: Can't handle option $1"
+            fi
+            O_LN=ON
+            O_LOCAL=ON
+            ;;
+        -l)
+            if [ `basename $0` != nssqa ] ; then
+                glob_usage "Error: Can't handle option $1"
+            fi
+            O_LOCAL=ON
+            shift
+            LOCAL_MOZROOT=$1
+            test_mozroot l
+            ;;
+        -p)
+            shift
+            PORT=$1
+            export PORT
+            ;;
+        -*)
+            glob_usage "Error: Can't handle option $1"
+            ;;
+        tip|3.|3..)
+            NSSVER=$1
+            if [ -z "$NSSVER" ] ; then
+                glob_usage "Error: illegal parameter"
+            fi
+            ;;
+        [01][0-9][0123][0-9])
+            BUILDDATE=$1
+            if [ -z "$BUILDDATE" ] ; then
+                glob_usage "Error: illegal parameter"
+            fi
+            ;;
+        ?*)
+            glob_usage "Error: Can't handle parameter $1"
+            ;;
+    esac
+    shift
+  done
+
+  if [ -z "$PORT" -a "$O_TBX" = "ON" ] ; then
+      PORT=8444
+      export PORT
+      if [ -z "$NSSVER" ] ; then
+          NSSVER="tip"
+          Debug "NSS Version: Parameters missing - defaulting to tip!"
+      fi
+  elif [ -z "$NSSVER" ] ; then
+      NSSVER="tip"
+      Debug "NSS Version: Parameters missing - defaulting to tip!"
+  fi
+  if [ -z "$BUILDDATE" ] ; then
+      BUILDDATE=`date +%m%d`
+      Debug "Builddate: Parameters missing - defaulting to today!"
+  fi
+  
+  Debug "Builddate $BUILDDATE NssVersion $NSSVER"
+  export BUILDDATE NSSVER
+  export O_CRON O_SILENT O_DEBUG O_ALWAYS_YES O_TBX
+}
+
+win_set_tmp()
+{
+    TMP=`echo "$TMP" | sed -e 's/	/\/t/g' -e 's//\/b/' -e 's/\\\/\//g'`
+    Debug "TMP reformated to $TMP"
+}
+
+######################### win_set_d1 ################################
+# global shell function, interactively finds the directories in case
+# windows can't get to the default
+########################################################################
+win_set_d1()
+{
+    Debug "set Windows Directories..."
+    #win_set_tmp
+    if [ "$O_CYGNUS" = ON ]
+    then
+        NSS_VER_DIR=/cygdrive/w/nss/nss$NSSVER
+    else
+        NSS_VER_DIR=w:/nss/nss$NSSVER
+    fi
+    if [ ! -w $NSS_VER_DIR ]
+    then
+        Echo "Windows special... can't write in $NSS_VER_DIR"
+        if [ "$O_CYGNUS" = ON ]
+        then
+            NSS_VER_DIR=/cygdrive/u/nss/nss$NSSVER
+        else
+            NSS_VER_DIR="u:/nss/nss$NSSVER"
+        fi
+    else
+        Debug "NSS_VER_DIR set to $NSS_VER_DIR"
+        return
+    fi
+
+    while [ ! -w $NSS_VER_DIR ]
+    do
+        if [ "$O_CRONFILE" = "ON" ] 
+        then
+            Exit "cant write in $NSS_VER_DIR" 
+        fi
+        Warning "cant write in $NSS_VER_DIR" 
+        Echo "input start directory (u:/nss, d:/src/nss, f:/shared/nss) "
+        read D
+        if [ -n "$D" ]
+        then
+            NSS_VER_DIR=$D/nss$NSSVER
+        fi
+    done
+    Debug "NSS_VER_DIR set to $NSS_VER_DIR"
+}
+
+########################### init_host ##################################
+# global shell function, sets required variables HOST and DOMSUF, and asks
+# the user if it has been set right
+########################################################################
+set_host()
+{
+    init_host
+}
+init_host()
+{
+    if [ `basename $0` != nssqa ] ; then
+        return
+    fi
+
+    init_host_done=0
+
+    if [ $DS_WAS_SET = FALSE ] #give chance to overwrite, espec. for NT
+    then
+        Debug "Domainname was not set..."
+        DOMSUF=`domainname 2>/dev/null`
+        if [ -z "$DOMSUF" ]
+        then
+            Debug "domainname command did not work ..."
+            DOMSUF=`echo $HOST | grep '\.' | sed -e "s/[^\.]*\.//"`
+    
+            if [ -z "$DOMSUF" ]
+            then
+                Debug "Domainname not part of the hostname"
+                DOMSUF=`cat /etc/defaultdomain 2>/dev/null`
+                if [ -z "$DOMSUF" ]
+                then
+                    Debug "Domainname needs to be hardcoded to red.iplanet.com"
+                    DOMSUF="red.iplanet.com"
+                fi
+            fi
+        fi
+    fi
+    case $HOST in
+        *\.*)
+            Debug "HOSTNAME $HOST contains Dot"
+            HOST=`echo $HOST | sed -e "s/\..*//"`
+            ;;
+    esac
+    if [ -z "$HOST" ]
+    then
+        HOST=`uname -n`
+        case $HOST in
+            *\.*)
+                Debug "HOSTNAME $HOST contains Dot"
+                HOST=`echo $HOST | sed -e "s/\..*//"`
+                ;;
+        esac
+    fi
+    if [ $O_DEBUG = "ON" ]
+    then
+        while [ $init_host_done -eq 0 ]
+        do
+            Echo
+            ask "DOMSUF=$DOMSUF, HOST=$HOST - OK", "y" "n" &&
+                init_host_done=1
+            if [ $init_host_done -eq 0 ]
+            then
+                Echo "input DOMSUF: "
+                read D
+                if [ -n "$D" ]
+                then
+                    DOMSUF=$D
+                fi
+                Echo "input HOST: "
+                read H
+                if [ -n "$H" ]
+                then
+                    HOST=$H
+                fi
+            fi
+        done
+    fi
+    export HOST DOMSUF
+    Debug "HOST: $HOST, DOMSUF: $DOMSUF"
+}
+
+#-----------------------------# UTILS #----------------------------------
+
+########################### qa_stat_get_sysinfo ########################
+# local shell function, tries to determine the QA operating system
+########################################################################
+qa_stat_get_sysinfo()
+{
+    case $1 in
+        ?*) REM_SYS=$1
+            GET_SYSINFO="rsh $1"
+            ;;
+        *)  REM_SYS=""
+            GET_SYSINFO=""
+            ;;
+    esac
+    QA_SYS=`$GET_SYSINFO uname -sr`
+    echo $QA_SYS | grep Linux >/dev/null &&
+              QA_RHVER=`$GET_SYSINFO cat /etc/redhat-release`
+    if [ -n "$QA_RHVER" ]
+    then
+        QA_OS=`echo $REM_SYS $QA_RHVER | sed -e "s/Red Hat /RH /" \
+                    -e "s/ release//"`
+    else
+        case $QA_SYS in
+            *SunOS*5.[89]*)
+                ISAINFO=`$GET_SYSINFO isainfo -v`
+                IS_64=`echo $ISAINFO | grep 64 >/dev/null && \
+                    echo 64 bit`
+                IS_I386=`echo $ISAINFO | grep i386 >/dev/null && \
+                    echo i86pc`
+                if [ -n "$IS_I386" ] ; then IS_64="$IS_I386"; fi;
+                if [ -z "$IS_64" ] ; then IS_64="32 bit"; fi;
+                ;;
+            *HP*)
+                IS_64=`$GET_SYSINFO getconf KERNEL_BITS |
+                    grep 64 >/dev/null && echo 64 bit`
+                if [ -z "$IS_64" ] ; then IS_64="32 bit"; fi;
+                ;;
+            *AIX*)
+                IS_64=`$GET_SYSINFO lslpp -l |
+                    grep "bos.64bit"> /dev/null && echo 64 bit`
+                if [ -z "$IS_64" ] ; then IS_64="32 bit"; fi;
+                ;;
+        esac
+        QA_OS=`echo "$REM_SYS $QA_SYS $IS_64"`
+    fi
+    if [ "$O_SILENT" != ON ] ; then
+        echo $QA_OS
+    fi
+    QA_OS_STRING=`echo $QA_OS | sed -e "s/^[_ ]//" -e "s/ /_/g"`
+}
+
+################################### set_objdir #########################
+# global shell function, sets the object directories and DIST
+########################################################################
+set_objdir()
+{
+    Debug "set object dir"
+    OBJDIR=`cd ${TESTSCRIPTDIR}/common; gmake objdir_name`
+    OS_ARCH=`cd ${TESTSCRIPTDIR}/common; gmake os_arch`
+    
+    #at this point $MASTERBUILD needs to be either NT or unix
+
+    set_daily_build_dirs
+    LOCALDIST_BIN=${LOCALDIST}/${OBJDIR}/bin
+    DIST=$LOCALDIST
+
+    if [ -z "${TEST_LEVEL}" ] ; then 
+        TEST_LEVEL=0
+    fi
+    bc ${TEST_LEVEL}   #set the path for the backward compatibility test
+
+    PATH_CONTAINS_BIN="TRUE"
+    export PATH_CONTAINS_BIN
+
+    export OBJDIR OS_ARCH LOCALDIST LOCALDIST_BIN DIST PATH 
+}
+
+########################### bc #########################################
+# global shell function , sets paths for the backward compatibility test
+########################################################################
+bc()
+{
+  if [ -n "$PRODUCT_TO_TEST" -a "$PRODUCT_TO_TEST" = "JSS" ] ; then
+      TESTDIR=${RESULTDIR}
+      BC_ACTION=""
+      DON_T_SET_PATHS="FALSE" #let init.sh override - FIXME - check if necessary
+      return
+  fi
+  DON_T_SET_PATHS="TRUE"
+  case $1 in
+    0)
+      #unset TESTDIR
+      TESTDIR=${RESULTDIR}
+      if [ "$O_WIN" = "ON" -a "$O_CYGNUS" != ON ] ; then
+          PATH="$TESTSCRIPTDIR;$LOCALDIST_BIN;$BASEPATH"
+      else
+          PATH=$TESTSCRIPTDIR:$LOCALDIST_BIN:$BASEPATH
+      fi
+      BC_ACTION=""
+      DON_T_SET_PATHS="FALSE" #let init.sh override - FIXME - check if necessary
+      ;;
+    *)
+      if [ "$O_LOCAL" = "ON" ] ; then
+          Exit "FIXME Can't run backwardcompatibility tests locally yet"
+      fi
+      TESTSCRIPTDIR=${BCDIST}/../security/nss/tests
+      COMMON=${TESTSCRIPTDIR}/common
+      TESTDIR=${RESULTDIR}/bct
+      BC_ACTION="backward compatibility of binaries in $BC_MASTER to new libs"
+      BCDIST_BIN=${BCDIST}/${OBJDIR}/bin
+      LD_LIBRARY_PATH=${LOCALDIST}/${OBJDIR}/lib
+      if [ "$O_WIN" = "ON" ] ; then
+          if [ "$O_CYGNUS" = ON ] ; then
+              PATH=$TESTSCRIPTDIR:$BCDIST_BIN:$BASEPATH:$LD_LIBRARY_PATH
+          else
+              PATH="$TESTSCRIPTDIR;$BCDIST_BIN;$BASEPATH;$LD_LIBRARY_PATH"
+          fi
+      else
+          PATH=$TESTSCRIPTDIR:$BCDIST_BIN:$BASEPATH
+      fi
+      Debug "1st stage of backward compatibility test"
+      ;;
+  esac
+  if [ -n "$TESTDIR" ] ; then
+      if [ ! -d $TESTDIR ] ; then
+          mkdir -p $TESTDIR
+      fi
+      export TESTDIR
+  fi
+  SHLIB_PATH=${LD_LIBRARY_PATH}
+  LIBPATH=${LD_LIBRARY_PATH}
+  Debug "PATH $PATH"
+  Debug "LD_LIBRARY_PATH $LD_LIBRARY_PATH"
+  export PATH LD_LIBRARY_PATH SHLIB_PATH LIBPATH
+  export DON_T_SET_PATHS BC_ACTION
+  export TESTSCRIPTDIR COMMON
+}
+
+########################### Ps #########################################
+# global shell function , attempts a platform specific ps
+########################################################################
+Ps()
+{
+#AIX, OSF ps -ef, solaris /usr/5bin/ps -ef, win ps -ef but no user id
+#linux ps -ef, HP
+
+    if [ $os_name = "SunOS" ]
+    then
+        /usr/5bin/ps -ef
+    else
+        ps -ef
+    fi
+}
+
+########################### kill_by_name ################################
+# global shell function , kills the process whose name is given as 
+# parameter 
+########################################################################
+kill_by_name()
+{
+    for PID in `Ps | grep "$1" | grep -v grep | \
+        sed -e "s/^ *//g" -e "s/^[^ ]* //" -e "s/^ *//g" -e "s/ .*//g"`
+    do
+        if [ $O_WIN = "ON" -a $O_CYGNUS = "ON" ]
+        then
+            ask "Do you want to kill Process $PID (`Ps | grep $PID | \
+                grep -v grep | awk '{ print $1, $2, $6, $7, $8, $9 }' | \
+                sed -e "s/[0-9]:[0-6][0-9]//g" | grep $PID `)" \
+                "y" "n" && {
+                kill $PID
+                sleep 1
+                kill -9 $PID 2>/dev/null
+            }
+        else
+            ask "Do you want to kill Process $PID (`Ps | grep $PID | \
+                grep -v grep | awk '{ print $1, $2, $8, $9, $10, $11 }' | \
+                sed -e "s/[0-9]:[0-6][0-9]//g" | grep $PID `)" \
+                "y" "n" && {
+                kill $PID
+                sleep 1
+                kill -9 $PID 2>/dev/null
+            }
+        fi
+    done
+}
+
+############################### early_exit ###################################
+# global shell function , attempts a little more usefull user notification
+# of a complete failure
+########################################################################
+
+early_exit()
+{
+    if [ -z "$DOCDIR" ]
+    then
+        DOCDIR=`dirname $0`/../doc
+    fi
+    if [ -f $DOCDIR/QAerror.html ]
+    then
+        Debug "Found QA errorheader"
+        rm ${FILENAME}.err 2>/dev/null
+        cp $DOCDIR/QAerror.html ${FILENAME}.err
+        echo "$1" >>${FILENAME}.err
+        echo '</font></b></h1>' >>${FILENAME}.err
+        if [ -n "$FILENAME" -a -f "$FILENAME" ]
+        then
+            cat $FILENAME | sed -e "s/^/<br>/" >>${FILENAME}.err
+        fi
+        echo '</body></html>' >>${FILENAME}.err
+        cat ${FILENAME}.err | $RMAIL $MAILINGLIST
+        
+        rm ${FILENAME}.err 2>/dev/null
+        #echo "cat ${FILENAME}.err | $RMAIL $MAILINGLIST "
+    fi
+}
+
+############################### Exit ###################################
+# global shell function , central exiting point
+# cleanup: temporary files, kill the remaining selfservers if sourcing
+# script sets KILL_SELFSERV 
+########################################################################
+Exit()
+{
+    Echo $1    
+    if [ "$O_CRON" = "OFF" ] 
+    then
+        echo $1 >&2
+    fi
+    if [ -f "${KILLPIDS}" ]
+    then
+        Debug "Attempting to kill background processes...`cat ${KILLPIDS}`"
+        kill `cat "${KILLPIDS}"` 
+        sleep 1
+        kill -9  `cat "${KILLPIDS}"`
+    fi
+    if [ -n "${TMPFILES}" ]
+    then
+        Debug "rm -f ${TMPFILES}"
+        rm -f $TMPFILES 2>/dev/null
+    fi
+    O_ALWAYS_YES=ON # set to non-interactive - don't ask anymore questions here
+    if [ $KILL_SELFSERV = "ON" ]
+    then
+        kill_by_name selfserv
+    fi
+    if [ $O_MAIL_LINK = "ON" -a $O_FILE = "ON" ]
+    then
+        if [ $EARLY_EXIT = TRUE ]    #before the report file has been created
+        then
+            early_exit "$1"
+        else
+            head -3  $FILENAME >$ML_FILE
+            echo "Content-Type: text/plain; charset=us-ascii; format=flowed
+    Content-Transfer-Encoding: 7bit
+
+" >>$ML_FILE
+            echo $HREF_TMP_HTML_FILE >>$ML_FILE
+            cat $ML_FILE | $RMAIL $MAILINGLIST
+        fi
+
+#FIXME - early exit etc
+    elif [ $O_MAIL = "ON" -a $O_FILE = "ON" ]
+    then
+        if [ $EARLY_EXIT = TRUE ]    #before the report file has been created
+        then
+            early_exit "$1"
+        elif [ -n "$FILENAME" -a -f "$FILENAME" ]
+        then
+            cat $FILENAME | $RMAIL $MAILINGLIST
+        fi
+        #rm $FILENAME 2>/dev/null
+    elif  [ $O_MAIL = "ON" -a $EARLY_EXIT = TRUE ]
+    then
+        early_exit "$1"
+        rm $FILENAME 2>/dev/null
+    fi
+    #chmod a+rw ${RESULTDIR} ${RESULTDIR}/* ${RESULTDIR}/*/* &
+    if [ -n "$O_TBX" -a "$O_TBX" = "ON" ] ; then
+        rm ${TESTDIR}/QAstatus
+
+        if [ "$1" = "killed... cleaning up..." ] ; then
+            echo "QA killed" >${TESTDIR}/QAstatus
+        elif [ "$TBX_EXIT" = 0 ] ; then
+            echo "QA passed" >${TESTDIR}/QAstatus
+        else
+            echo "QA failed" >${TESTDIR}/QAstatus
+        fi
+
+        exit $TBX_EXIT
+         
+    else
+        exit
+    fi
+}
+
+trap "rm -f ${TMPFILES} 2>/dev/null; Exit 'killed... cleaning up...'" 2 3 15
+
+################################ Wait ##################################
+# global shell function to wait for an event to happen, 1st parameter
+# filename to watch, 2nd parameter 0 - wait for it to disappear, 1 wait
+# for it to be created.
+# uses the variables WAIT_FOR and WAIT_TIMES
+# WAIT_FOR: if waiting for an event sleep n seconds before rechecking 
+#     recomended value 10 minutes 600
+# WAIT_TIMES: recheck n times before giving up to prevent endless loop
+#     recomended 30 - total of 5h
+########################################################################
+
+Wait()
+{
+    i=0
+    Debug "Waiting for $1"
+    while [ $i -lt $WAIT_TIMES ]
+    do
+        i=`expr $i + 1`
+        if [ -f "$1" -a $2 -eq 1 ]   # if file exists and is supposed to 
+        then
+            return
+        fi
+        if [ ! -f "$1" -a $2 -eq 0 ] # not exists and not supposed to exist
+        then
+            return
+        fi
+        Debug "Waiting for $1, loop #$i, about to sleep $WAIT_FOR seconds zzzz..."
+        sleep $WAIT_FOR
+    done
+    TOTAL=`expr $WAIT_TIMES \* $WAIT_FOR / 60`
+    Exit "I HAVE WAITED LONG ENOUGH FOR $1 NOW, I'M GONE! (THAT WAS A TOTAL OF $TOTAL MINUTES) I have better things to do... "
+}
+
+################################ WaitForever ##################################
+# global shell function to wait for an event to happen, 1st parameter
+# filename to watch, 2nd parameter 0 - wait for it to disappear, 1 wait
+# for it to be created.
+# because we daon't have any relyable cron on NT...
+########################################################################
+
+WaitForever()
+{
+    i=0
+    Debug "Waiting for $1"
+    TOTAL=0
+    while [ 1 ]
+    do
+        i=`expr $i + 1`
+        if [ -f "$1" -a $2 -eq 1 ] # if file exists and is supposed to 
+        then
+            return
+        fi
+        if [ ! -f "$1" -a $2 -eq 0 ] # not exists and not supposed to exist
+        then
+            return
+        fi
+        Debug "Waiting for $1, loop #$i, about to sleep $WAIT_FOR seconds Total $TOTAL"
+        sleep $WAIT_FOR
+        TOTAL=`expr $i \* $WAIT_FOR / 60`
+        if [ -n "$MAX_FOREVER" ] # we are cheating. Forever can be very short...
+        then
+            if [ "$TOTAL" -gt "$MAX_FOREVER" ] 
+            then
+                Exit "I HAVE WAITED LONG ENOUGH FOR $1 NOW, I'M GONE! (THAT WAS A TOTAL OF $TOTAL MINUTES) I have better things to do... "
+            fi
+        fi
+    done
+}
+################################### is_running #########################
+# global shell function , implements primitive locking mechanism
+# filename is passed as a parameter, if filename.* exists we assume calling
+# script is running already and exit, otherwise filename.processid is 
+# created 
+########################################################################
+is_running()
+{
+    Debug "Testing if $0 is already running... file ${1} - ${1}.$$"
+    if [ -f ${1}.* ]
+    then
+        Exit "$0 seems to be running already ($1 exists) - Exiting"
+    fi
+    TMPFILES="$TMPFILES ${1}.$$"
+    echo "running $0 on `date` PID $$" >${1}.$$
+    Debug "wrote \"running $0 on `date` PID $$\" to ${1}.$$"
+    
+}
+
+#---------------------------# USERCOM #---------------------------------
+############################## Echo #####################################
+# global shell function , depending on the options the output gets written 
+# to a file, or is being discarded
+# FIXME  \n and \c are mistreates by differnet shells, and linux has /bin/echo
+# instead of /usr/bin/echo
+########################################################################
+Echo ()
+{
+    if [ $O_SILENT = OFF ]
+    then
+        echo "$*"
+        #/usr/bin/echo "$*"
+    fi
+    if [ $O_FILE = ON ]
+    then
+        echo "$*" >>$FILENAME
+    fi
+}
+
+################################### ask ################################
+# global shell function, Asks the a question, and gives the returns 0
+# on the 1st choice, 1 on the 2nd choice
+#
+# PARAMETERS:
+#    $1 question text
+#    $2 1st choice
+#    $3 2nd choice
+#
+# MODIFIERS:
+#    -y O_ALWAYS_YES will assume a first choice always (not neccessaryly "y")
+#
+# RETURN:
+#    0 - User picked 1st choice
+#    1 - User picked 2nd choice
+#
+# EXAMPLE
+#    ask "Would you like to continue" "y" "n" || Exit
+#        will produce the string "Would you like to continue (y/n) ?",
+#        read input from keyboard (or assume a yes with option -y)
+#        - on a yes it will return 0, on a no it will return 1, the 
+#        shell interprets it as error and the || Exit will be executed
+#
+# NOTE: NEVER use "n" as the second parameter - it will mess up -y
+#    don't ask "Continue" "n" "y" || Exit # it will Exit on a "y"
+#
+########################################################################
+Ask()
+{
+    ask $*
+}
+
+ask()
+{
+    if [ $O_ALWAYS_YES = ON ]
+    then
+        Echo "$1 ($2/$3) ?"
+        Echo "YES!"
+        return 0
+    fi
+    A=""
+    while [ 1 ]
+    do
+    
+        Echo "$1 ($2/$3) ?"
+        read A
+        if [ -n "$A" ]
+        then
+            if [ $A = $2 ]
+            then
+                return 0
+            elif [ $A = $3 ]
+            then
+                return 1
+            fi
+        fi
+    done
+    return 0
+}
+
+################################### Warning ############################
+# global shell function, Asks the user a "... continue? (y/n)" question, 
+# and exits when the user answers with no
+# NOTE -y will answer the warnings always with yes
+########################################################################
+Warning ()
+{
+    ask "WARNING: $0: \n $* continue " "y" "n" || Exit 
+}
+
+################################### Debug ############################
+# global shell function, when option -d Debugging output is written
+########################################################################
+Debug()
+{
+    if [ $O_DEBUG = ON ]
+    then
+        Echo "DEBUG: (`date +%H:%M`) $0: $*"
+    fi
+}
+
+################################### line ###############################
+# global shell function, supposed to make output more readable...
+########################################################################
+line()
+{
+Echo
+#Echo "======================================================================="
+#Echo
+}
+
+################################### opt_usage ##########################
+# global shell function, tells user about available options
+########################################################################
+opt_usage()
+{
+  if [ $O_OPTIONS = "ON" ]
+  then
+    Echo
+    line
+    Echo
+    Echo "    -y answer all questions with y - use at your own risk..."
+    Echo "    -s silent (only usefull with -y)"
+    Echo "    -h, -? - you guessed right - displays this text"
+    Echo "    -d debug"
+    Echo "    -f <filename> - write the (error)output to filename"
+    Echo "    -fcronfile produces the resultfiles in the same locations"
+    Echo "        as would have been produced with -cron"
+    Echo "    -m <mailinglist> - send filename to mailinglist (csl "
+    Echo "         example sonmi,nelsonb,wtc) only useful with -f"
+    Echo "    -ml <mailinglist> - send link to filename to mailinglist "
+    Echo "         (csl example sonmi,nelsonb,wtc) only useful with -f"
+    Echo "    -cron equivalient to -y -s -d -f \$RESULTDIR/\$HOST.nssqa"
+    Echo "    -t run on a tinderbox build (included -cron)"
+    if [ `basename $0` = nssqa ] ; then
+        Echo "    -l <mozroot> run on a local build"
+        Echo "    -ln <mozroot> copy a networkbuild to a local directory "
+        Echo "        mozroot,  used for networkindipendend QA "
+        Echo "    -lt try to copy a networkbuild to a local directory, if"
+        Echo "        not possible run on the network
+        Echo "        used for networkindipendend QA
+    fi
+#
+# special strings
+  fi
+    
+}
+
+################################### glob_usage #########################
+# global shell function, how to use the calling script (parameters, options)
+########################################################################
+glob_usage()
+{
+    line
+    Echo $1
+    Echo
+    if [ $O_OPTIONS = "ON" ]
+    then
+        Echo "usage $0 [options] nssversion builddate"
+    else
+        Echo "usage $0 nssversion builddate"
+    fi
+        
+    Echo " for example: $0 30b 0926"
+    Echo "     $0 31 1002"
+    opt_usage
+    Echo
+    Exit "$1"
+}
+
+tell()
+{
+    if [ $O_SILENT = OFF ]
+    then
+        line
+        pwd
+        ls -CF
+        line
+    fi
+    if [ $O_FILE = ON ]
+    then
+        line
+        pwd >>$FILENAME
+        ls -CF >>$FILENAME
+        line 
+    fi
+}
+
+if [ $O_INIT = "ON" ]
+then
+    glob_init $*
+fi
+EARLY_EXIT=FALSE
diff --git a/nss/tests/interop/interop.sh b/nss/tests/interop/interop.sh
new file mode 100755
index 0000000..12cefd0
--- /dev/null
+++ b/nss/tests/interop/interop.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# tests/interop/interop.sh
+#
+# Script to drive our cross-stack interop tests
+#
+########################################################################
+
+interop_init()
+{
+  SCRIPTNAME="interop.sh"
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ] ; then
+    cd ../common
+    . ./init.sh
+  fi
+
+  mkdir -p "${HOSTDIR}/interop"
+  cd "${HOSTDIR}/interop"
+  INTEROP=${INTEROP:=tls_interop}
+  if [ ! -d "$INTEROP" ]; then
+    git clone -q https://github.com/mozilla/tls-interop "$INTEROP"
+  fi
+
+  # We use the BoringSSL keyfiles
+  BORING=${BORING:=boringssl}
+  if [ ! -d "$BORING" ]; then
+    git clone -q https://boringssl.googlesource.com/boringssl "$BORING"
+    git -C "$BORING" checkout -q ea80f9d5df4c302de391e999395e1c87f9c786b3
+  fi
+
+  SCRIPTNAME="interop.sh"
+  html_head "interop test"
+}
+
+interop_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+# Function so we can easily add other stacks
+interop_run()
+{
+  test_name=$1
+  client=$2
+  server=$3
+
+  (cd "$INTEROP";
+   cargo run -- --client ${client} --server ${server} --rootdir ../${BORING}/ssl/test/runner/ --test-cases cases.json) 2>interop-${test_name}.errors | tee interop-${test_name}.log
+  html_msg "${PIPESTATUS[0]}" 0 "Interop" "Run successfully"
+  grep -i 'FAILED\|Assertion failure' interop-${test_name}.errors
+  html_msg $? 1 "Interop" "No failures"
+}
+
+cd "$(dirname "$0")"
+SOURCE_DIR="$PWD"/../..
+interop_init
+NSS_SHIM="${BINDIR}"/nss_bogo_shim
+BORING_SHIM="../${BORING}"/build/ssl/test/bssl_shim
+interop_run "nss_nss" ${NSS_SHIM} ${NSS_SHIM}
+interop_cleanup
diff --git a/nss/tests/iopr/cert_iopr.sh b/nss/tests/iopr/cert_iopr.sh
new file mode 100644
index 0000000..bb1bf04
--- /dev/null
+++ b/nss/tests/iopr/cert_iopr.sh
@@ -0,0 +1,405 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/iopr/cert_iopr.sh
+#
+# Certificate generating and handeling for NSS interoperability QA. This file
+# is included from cert.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+########################################################################
+
+IOPR_CERT_SOURCED=1
+
+########################################################################
+# function wraps calls to pk12util, also: writes action and options
+# to stdout. 
+# Params are the same as to pk12util.
+# Returns pk12util status
+#
+pk12u()
+{
+    echo "${CU_ACTION} --------------------------"
+
+    echo "pk12util $@"
+    ${BINDIR}/pk12util $@
+    RET=$?
+
+    return $RET
+}
+
+########################################################################
+# Initializes nss db directory and files if they don't exists
+# Params:
+#      $1 - directory location
+#
+createDBDir() {
+    trgDir=$1
+
+    if [ -z "`ls $trgDir | grep db`" ]; then
+        trgDir=`cd ${trgDir}; pwd`
+        if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+			trgDir=`cygpath -m ${trgDir}`
+        fi
+
+        CU_ACTION="Initializing DB at ${trgDir}"
+        certu -N -d "${trgDir}" -f "${R_PWFILE}" 2>&1
+        if [ "$RET" -ne 0 ]; then
+            return $RET
+        fi
+
+        CU_ACTION="Loading root cert module to Cert DB at ${trgDir}"
+        modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${trgDir}" 2>&1
+        if [ "$RET" -ne 0 ]; then
+            return $RET
+        fi
+    fi
+}
+########################################################################
+# takes care of downloading config, cert and crl files from remote
+# location. 
+# Params:
+#      $1 - name of the host file will be downloaded from
+#      $2 - path to the file as it appeared in url
+#      $3 - target directory the file will be saved at.
+# Returns tstclnt status.
+#
+download_file() {
+    host=$1
+    filePath=$2
+    trgDir=$3
+
+    file=$trgDir/`basename $filePath`
+
+    createDBDir $trgDir || return $RET
+
+#    echo wget -O $file http://${host}${filePath}
+#    wget -O $file http://${host}${filePath}
+#    ret=$?
+
+    req=$file.$$
+    echo "GET $filePath HTTP/1.0" > $req
+    echo >> $req
+
+    echo ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
+        -v -w ${R_PWFILE} -o 
+    ${BINDIR}/tstclnt -d $trgDir -S -h $host -p $IOPR_DOWNLOAD_PORT \
+        -v -w ${R_PWFILE} -o < $req > $file
+    ret=$?
+    rm -f $_tmp;
+    return $ret
+}
+
+########################################################################
+# Uses pk12util, certutil of cerlutil to import files to an nss db located
+# at <dir>(the value of $1 parameter). Chooses a utility to use based on
+# a file extension. Initializing a db if it does not exists.
+# Params:
+#      $1 - db location directory
+#      $2 - file name to import
+#      $3 - nick name an object in the file will be associated with
+#      $4 - trust arguments 
+# Returns status of import
+#      
+importFile() {
+    dir=$1\
+    file=$2
+    certName=$3
+    certTrust=$4
+
+    [ ! -d $dir ] && mkdir -p $dir;
+
+    createDBDir $dir || return $RET
+            
+    case `basename $file | sed 's/^.*\.//'` in
+        p12)
+            CU_ACTION="Importing p12 $file to DB at $dir"
+            pk12u -d $dir -i $file -k ${R_PWFILE} -W iopr
+            [ $? -ne 0 ] && return 1
+            CU_ACTION="Modifying trust for cert $certName at $dir"
+            certu -M -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}"
+            return $?
+            ;;
+        
+        crl) 
+            CU_ACTION="Importing crl $file to DB at $dir"
+            crlu -d ${dir} -I -n TestCA -i $file
+            return $?
+            ;;
+
+        crt | cert)
+            CU_ACTION="Importing cert $certName with trust $certTrust to $dir"
+            certu -A -n "$certName" -t "$certTrust" -f "${R_PWFILE}" -d "${dir}" \
+                -i "$file"
+            return $?
+            ;;
+
+        *)
+            echo "Unknown file extension: $file:"
+            return 1
+            ;;
+    esac
+}
+
+
+#########################################################################
+# Downloads and installs test certs and crl from a remote webserver.
+# Generates server cert for reverse testing if reverse test run is turned on.
+# Params:
+#      $1 - host name to download files from.
+#      $2 - directory at which CA cert will be installed and used for
+#           signing a server cert.
+#      $3 - path to a config file in webserver context.
+#      $4 - ssl server db location
+#      $5 - ssl client db location
+#      $5 - ocsp client db location
+#
+# Returns 0 upon success, otherwise, failed command error code.
+#
+download_install_certs() {
+    host=$1
+    caDir=$2
+    confPath=$3
+    sslServerDir=$4
+    sslClientDir=$5
+    ocspClientDir=$6
+
+    [ ! -d "$caDir" ] && mkdir -p $caDir;
+
+    #=======================================================
+    # Getting config file
+    #
+    download_file $host "$confPath/iopr_server.cfg" $caDir
+    RET=$?
+    if [ $RET -ne 0 -o ! -f $caDir/iopr_server.cfg ]; then
+        html_failed "Fail to download website config file(ws: $host)" 
+        return 1
+    fi
+
+    . $caDir/iopr_server.cfg
+    RET=$?
+    if [ $RET -ne 0 ]; then
+        html_failed "Fail to source config file(ws: $host)" 
+        return $RET
+    fi
+
+    #=======================================================
+    # Getting CA file
+    #
+
+    #----------------- !!!WARNING!!! -----------------------
+    # Do NOT copy this scenario. CA should never accompany its
+    # cert with the private key when deliver cert to a customer.
+    #----------------- !!!WARNING!!! -----------------------
+
+    download_file $host $certDir/$caCertName.p12 $caDir
+    RET=$?
+    if [ $RET -ne 0 -o ! -f $caDir/$caCertName.p12 ]; then
+        html_failed "Fail to download $caCertName cert(ws: $host)" 
+        return 1
+    fi
+    tmpFiles="$caDir/$caCertName.p12"
+
+    importFile $caDir $caDir/$caCertName.p12 $caCertName "TC,C,C"
+    RET=$?
+    if [ $RET -ne 0 ]; then
+        html_failed "Fail to import $caCertName cert to CA DB(ws: $host)" 
+        return $RET
+    fi
+
+    CU_ACTION="Exporting Root CA cert(ws: $host)"
+    certu -L -n $caCertName -r -d ${caDir} -o $caDir/$caCertName.cert 
+    if [ "$RET" -ne 0 ]; then
+        Exit 7 "Fatal - failed to export $caCertName cert"
+    fi
+
+    #=======================================================
+    # Check what tests we want to run
+    #
+    doSslTests=0; doOcspTests=0
+    # XXX remove "_new" from variables below
+    [ -n "`echo ${supportedTests_new} | grep -i ssl`" ] && doSslTests=1
+    [ -n "`echo ${supportedTests_new} | grep -i ocsp`" ] && doOcspTests=1
+
+    if [ $doSslTests -eq 1 ]; then
+        if [ "$reverseRunCGIScript" ]; then
+            [ ! -d "$sslServerDir" ] && mkdir -p $sslServerDir;
+            #=======================================================
+            # Import CA cert to server DB
+            #
+            importFile $sslServerDir $caDir/$caCertName.cert server-client-CA \
+                        "TC,C,C"
+            RET=$?
+            if [ $RET -ne 0 ]; then
+                html_failed "Fail to import server-client-CA cert to \
+                             server DB(ws: $host)" 
+                return $RET
+            fi
+            
+            #=======================================================
+            # Creating server cert
+            #
+            CERTNAME=$HOSTADDR
+            
+            CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)"
+            CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \
+                        L=Mountain View, ST=California, C=US"
+            certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\
+                -o $sslServerDir/req 2>&1
+            tmpFiles="$tmpFiles $sslServerDir/req"
+
+            # NOTE:
+            # For possible time synchronization problems (bug 444308) we generate
+            # certificates valid also some time in past (-w -1)
+
+            CU_ACTION="Sign ${CERTNAME}'s Request (ws: $host)"
+            certu -C -c "$caCertName" -m `date +"%s"` -v 60 -w -1 \
+                -d "${caDir}" \
+                -i ${sslServerDir}/req -o $caDir/${CERTNAME}.cert \
+                -f "${R_PWFILE}" 2>&1
+            
+            importFile $sslServerDir $caDir/$CERTNAME.cert $CERTNAME ",,"
+            RET=$?
+            if [ $RET -ne 0 ]; then
+                html_failed "Fail to import $CERTNAME cert to server\
+                             DB(ws: $host)" 
+                return $RET
+            fi
+            tmpFiles="$tmpFiles $caDir/$CERTNAME.cert"
+            
+            #=======================================================
+            # Download and import CA crl to server DB
+            #
+            download_file $host "$certDir/$caCrlName.crl" $sslServerDir
+            RET=$?
+            if [ $? -ne 0 ]; then
+                html_failed "Fail to download $caCertName crl\
+                             (ws: $host)" 
+                return $RET
+            fi
+            tmpFiles="$tmpFiles $sslServerDir/$caCrlName.crl"
+            
+            importFile $sslServerDir $sslServerDir/TestCA.crl
+            RET=$?
+            if [ $RET -ne 0 ]; then
+                html_failed "Fail to import TestCA crt to server\
+                             DB(ws: $host)" 
+                return $RET
+            fi
+        fi # if [ "$reverseRunCGIScript" ]
+        
+        [ ! -d "$sslClientDir" ] && mkdir -p $sslClientDir;
+        #=======================================================
+        # Import CA cert to ssl client DB
+        #
+        importFile $sslClientDir $caDir/$caCertName.cert server-client-CA \
+                   "TC,C,C"
+        RET=$?
+        if [ $RET -ne 0 ]; then
+            html_failed "Fail to import server-client-CA cert to \
+                         server DB(ws: $host)" 
+            return $RET
+        fi
+    fi
+
+    if [ $doOcspTests -eq 1 ]; then
+        [ ! -d "$ocspClientDir" ] && mkdir -p $ocspClientDir;
+        #=======================================================
+        # Import CA cert to ocsp client DB
+        #
+        importFile $ocspClientDir $caDir/$caCertName.cert server-client-CA \
+                   "TC,C,C"
+        RET=$?
+        if [ $RET -ne 0 ]; then
+            html_failed "Fail to import server-client-CA cert to \
+                         server DB(ws: $host)" 
+            return $RET
+        fi
+    fi
+
+    #=======================================================
+    # Import client certs to client DB
+    #
+    for fileName in $downloadFiles; do
+        certName=`echo $fileName | sed 's/\..*//'`
+
+        if [ -n "`echo $certName | grep ocsp`" -a $doOcspTests -eq 1 ]; then
+            clientDir=$ocspClientDir
+        elif [ $doSslTests -eq 1 ]; then
+            clientDir=$sslClientDir
+        else
+            continue
+        fi
+
+        download_file $host "$certDir/$fileName" $clientDir
+        RET=$?
+        if [ $RET -ne 0 -o ! -f $clientDir/$fileName ]; then
+            html_failed "Fail to download $certName cert(ws: $host)" 
+            return $RET
+        fi
+        tmpFiles="$tmpFiles $clientDir/$fileName"
+        
+        importFile $clientDir $clientDir/$fileName $certName ",,"
+        RET=$?
+        if [ $RET -ne 0 ]; then
+            html_failed "Fail to import $certName cert to client DB\
+                        (ws: $host)" 
+            return $RET
+        fi
+    done
+
+    rm -f $tmpFiles
+
+    return 0
+}
+
+
+#########################################################################
+# Initial point for downloading config, cert, crl files for multiple hosts
+# involved in interoperability testing. Called from nss/tests/cert/cert.sh
+# It will only proceed with downloading if environment variable 
+# IOPR_HOSTADDR_LIST is set and has a value of host names separated by space.
+#
+# Returns 1 if interoperability testing is off, 0 otherwise. 
+#
+cert_iopr_setup() {
+
+    if [ "$IOPR" -ne 1 ]; then
+        return 1
+    fi
+    num=1
+    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f 1 -d' '`
+    while [ "$IOPR_HOST_PARAM" ]; do
+        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
+        IOPR_DOWNLOAD_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
+        [ -z "$IOPR_DOWNLOAD_PORT" ] && IOPR_DOWNLOAD_PORT=443
+        IOPR_CONF_PATH=`echo "$IOPR_HOST_PARAM:" | cut -f 3 -d':'`
+        [ -z "$IOPR_CONF_PATH" ] && IOPR_CONF_PATH="/iopr"
+        
+        echo "Installing certs for $IOPR_HOSTADDR:$IOPR_DOWNLOAD_PORT:\
+              $IOPR_CONF_PATH"
+        
+        download_install_certs ${IOPR_HOSTADDR} ${IOPR_CADIR}_${IOPR_HOSTADDR} \
+            ${IOPR_CONF_PATH} ${IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR} \
+            ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR} \
+            ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
+        if [ $? -ne 0 ]; then
+            echo "wsFlags=\"NOIOPR $wsParam\"" >> \
+                ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
+        fi
+        num=`expr $num + 1`
+        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+    done
+    
+    return 0
+}
diff --git a/nss/tests/iopr/ocsp_iopr.sh b/nss/tests/iopr/ocsp_iopr.sh
new file mode 100644
index 0000000..dcc6e1f
--- /dev/null
+++ b/nss/tests/iopr/ocsp_iopr.sh
@@ -0,0 +1,231 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/iopr/ocsp_iopr.sh
+#
+# NSS SSL interoperability QA. This file is included from ssl.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+########################################################################
+IOPR_OCSP_SOURCED=1
+
+########################################################################
+# The funtion works with variables defined in interoperability 
+# configuration file that gets downloaded from a webserver.
+# The function sets test parameters defind for a particular type
+# of testing.
+#
+# No return value
+#
+setTestParam() {
+    type=$1
+    testParam=`eval 'echo $'${type}Param`
+    testDescription=`eval 'echo $'${type}Descr`
+    testProto=`eval 'echo $'${type}Proto`
+    testPort=`eval 'echo $'${type}Port`
+    testResponder=`eval 'echo $'${type}ResponderCert`
+    testValidCertNames=`eval 'echo $'${type}ValidCertNames`
+    testRevokedCertNames=`eval 'echo $'${type}RevokedCertNames`
+    testStatUnknownCertNames=`eval 'echo $'${type}StatUnknownCertNames`
+}
+
+########################################################################
+# The funtion checks status of a cert using ocspclnt.
+# Params:
+#    dbDir - nss cert db location
+#    cert - cert in question
+#    respUrl - responder url is available 
+#    defRespCert - trusted responder cert
+#
+# Return values:
+#    0 - test passed, 1 - otherwise.
+#
+ocsp_get_cert_status() {
+    dbDir=$1
+    cert=$2
+    respUrl=$3
+    defRespCert=$4
+    
+    if [ -n "$respUrl" -o -n "$defRespCert" ]; then
+        if [ -z "$respUrl" -o -z "$defRespCert" ]; then
+            html_failed "Incorrect test params" 
+            return 1
+        fi
+        clntParam="-l $respUrl -t $defRespCert"
+    fi
+
+    if [ -z "${MEMLEAK_DBG}" ]; then
+        outFile=$dbDir/ocsptest.out.$$
+        echo "ocspclnt -d $dbDir -S $cert $clntParam"
+        ${BINDIR}/ocspclnt -d $dbDir -S $cert $clntParam >$outFile 2>&1
+        ret=$?
+        echo "ocspclnt output:"
+        cat $outFile
+        [ -z "`grep succeeded $outFile`" ] && ret=1
+    
+        rm -f $outFile
+        return $ret
+    fi
+
+    OCSP_ATTR="-d $dbDir -S $cert $clntParam"
+    ${RUN_COMMAND_DBG} ${BINDIR}/ocspclnt ${OCSP_ATTR}
+}
+
+########################################################################
+# The funtion checks status of a cert using ocspclnt.
+# Params:
+#    testType - type of the test based on type of used responder
+#    servName - FQDM of the responder server
+#    dbDir - nss cert db location
+#
+# No return value
+#
+ocsp_iopr() {
+    testType=$1
+    servName=$2
+    dbDir=$3
+
+    setTestParam $testType
+    if [ "`echo $testParam | grep NOCOV`" != "" ]; then
+        echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
+            "run by server configuration"
+        return 0
+    fi
+    
+    if [ -z "${MEMLEAK_DBG}" ]; then
+        html_head "OCSP testing with responder at $IOPR_HOSTADDR. <br>" \
+            "Test Type: $testDescription"
+    fi
+
+    if [ -n "$testResponder" ]; then
+        responderUrl="$testProto://$servName:$testPort"
+    else
+        responderUrl=""
+    fi
+
+    if [ -z "${MEMLEAK_DBG}" ]; then
+        for certName in $testValidCertNames; do
+            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+                "$testResponder"
+            html_msg $? 0 "Getting status of a valid cert ($certName)" \
+                "produced a returncode of $ret, expected is 0."
+        done
+
+        for certName in $testRevokedCertNames; do
+            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+                "$testResponder"
+            html_msg $? 1 "Getting status of a unvalid cert ($certName)" \
+                "produced a returncode of $ret, expected is 1." 
+        done
+
+        for certName in $testStatUnknownCertNames; do
+            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+                "$testResponder"
+            html_msg $? 1 "Getting status of a cert with unknown status " \
+                        "($certName) produced a returncode of $ret, expected is 1."
+        done
+    else
+        for certName in $testValidCertNames $testRevokedCertNames \
+            $testStatUnknownCertName; do
+            ocsp_get_cert_status $dbDir $certName "$responderUrl" \
+                "$testResponder" 
+        done
+    fi
+}
+  
+#####################################################################
+# Initial point for running ocsp test againt multiple hosts involved in
+# interoperability testing. Called from nss/tests/ocsp/ocsp.sh
+# It will only proceed with test run for a specific host if environment variable 
+# IOPR_HOSTADDR_LIST was set, had the host name in the list
+# and all needed file were successfully downloaded and installed for the host.
+#
+# Returns 1 if interoperability testing is off, 0 otherwise. 
+#
+ocsp_iopr_run() {
+    NO_ECC_CERTS=1 # disable ECC for interoperability tests
+
+    if [ "$IOPR" -ne 1 ]; then
+        return 1
+    fi
+    cd ${CLIENTDIR}
+
+    if [ -n "${MEMLEAK_DBG}" ]; then
+        html_head "Memory leak checking - IOPR"
+    fi
+
+    num=1
+    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+    while [ "$IOPR_HOST_PARAM" ]; do
+        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
+        IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
+        [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
+        
+        . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
+        RES=$?
+        
+        num=`expr $num + 1`
+        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+
+        if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
+            continue
+        fi
+        
+        #=======================================================
+        # Check what server is configured to run ssl tests
+        #
+        [ -z "`echo ${supportedTests_new} | grep -i ocsp`" ] && continue;
+
+        # Testing directories defined by webserver.
+        if [ -n "${MEMLEAK_DBG}" ]; then
+            LOGNAME=iopr-${IOPR_HOSTADDR}
+            LOGFILE=${LOGDIR}/${LOGNAME}.log
+        fi
+       
+        # Testing directories defined by webserver.
+        echo "Testing ocsp interoperability.
+                Client: local(tstclnt).
+                Responder: remote($IOPR_HOSTADDR)"
+
+        for ocspTestType in ${supportedTests_new}; do
+            if [ -z "`echo $ocspTestType | grep -i ocsp`" ]; then
+                continue
+            fi
+            if [ -n "${MEMLEAK_DBG}" ]; then
+                ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
+                    ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR} 2>> ${LOGFILE}
+            else
+                ocsp_iopr $ocspTestType ${IOPR_HOSTADDR} \
+                    ${IOPR_OCSP_CLIENTDIR}_${IOPR_HOSTADDR}
+            fi
+        done
+
+        if [ -n "${MEMLEAK_DBG}" ]; then
+            log_parse
+            ret=$?
+            html_msg ${ret} 0 "${LOGNAME}" \
+                "produced a returncode of $ret, expected is 0"
+        fi
+
+        echo "================================================"
+        echo "Done testing ocsp interoperability with $IOPR_HOSTADDR"
+    done
+
+    if [ -n "${MEMLEAK_DBG}" ]; then
+        html "</TABLE><BR>"
+    fi
+
+    NO_ECC_CERTS=0
+    return 0
+}
+
diff --git a/nss/tests/iopr/server_scr/apache_unix.cfg b/nss/tests/iopr/server_scr/apache_unix.cfg
new file mode 100644
index 0000000..3992bf5
--- /dev/null
+++ b/nss/tests/iopr/server_scr/apache_unix.cfg
@@ -0,0 +1,47 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# Apache OPENSSL configuration file
+#
+
+#
+# Define what type of system this is.
+#
+$clientSys = "openssl";
+
+#
+# Cipher conversion table file
+#
+$cipherTableFile = "$certDir/cipher.list";
+
+#--------------------------------------------
+# Web server specific variables start here:
+#
+
+#
+# Location of installed openssl binary
+#
+$opensslb = "/usr/local/bin/openssl";
+
+
+#
+# General location of apache server
+#
+$apacheHttpd="/var/httpd-ssl";
+
+#
+# HTTP Request file
+#
+$reqFile = "$apacheHttpd/cgi-bin/sslreq.dat";
+
+#
+# OpenSSL certificate directory
+#
+$certDir = "$apacheHttpd/cert";
+
+#
+# CA certificate file
+#
+$caCertFile = "$certDir/serverCA.crt";
diff --git a/nss/tests/iopr/server_scr/cert_gen.sh b/nss/tests/iopr/server_scr/cert_gen.sh
new file mode 100644
index 0000000..17771ad
--- /dev/null
+++ b/nss/tests/iopr/server_scr/cert_gen.sh
@@ -0,0 +1,367 @@
+#!/bin/bash    
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+######################################################################################
+# Server and client certs and crl generator functions. Generated files placed in a <dir>
+# directory to be accessible through http://<webserver>/iopr/TestCA.crt directory.
+# This functions is used for manual webserver configuration and it is not a part of
+# nss test run.
+# To create certs use the following command:
+#       sh cert_iopr.sh cert_gen <dir> <cert name> [cert req]
+# Where:
+#       dir - directory where to place created files
+#       cert name - name of created server cert(FQDN)
+#       cert req  - cert request to be used for cert generation.
+#
+repAndExec() {
+    echo
+    if [ "$1" = "certutil" -a "$2" = "-R" -o "$2" = "-S" ]; then
+        shift
+        echo certutil -s "$CU_SUBJECT" $@
+        certutil -s "$CU_SUBJECT" $@
+        RET=$?
+    else
+        echo $@
+        $@
+        RET=$?
+    fi
+
+    return $RET
+}
+
+setExtData() {
+    extData=$1
+
+    fldNum=0
+    extData=`echo $extData | sed 's/,/ /g'`
+    for extDT in $extData; do
+        if [ $fldNum -eq 0 ]; then
+            eval extType=$extDT
+            fldNum=1
+            continue
+        fi
+        eval data${fldNum}=$extDT
+        fldNum=`expr $fldNum + 1`
+    done
+}
+
+signCert() {
+    dir=$1
+    crtDir=$2
+    crtName=$3
+    crtSN=$4
+    req=$5
+    cuAddParam=$6
+    extList=$7
+
+    if [ -z "$certSigner" ]; then
+        certSigner=TestCA
+    fi
+
+    extCmdLine=""
+    extCmdFile=$dir/extInFile; rm -f $extCmdFile
+    touch $extCmdFile
+    extList=`echo $extList | sed 's/;/ /g'`
+    for ext in $extList; do
+        setExtData $ext
+        [ -z "$extType" ] && echo "incorrect extention format" && return 1
+        case $extType in
+        ocspDR)
+                extCmdLine="$extCmdLine -6"
+                cat <<EOF >> $extCmdFile
+5
+9
+y
+EOF
+                break
+                exit 1
+                ;;
+        AIA)    
+                extCmdLine="$extCmdLine -9"
+                cat <<EOF >> $extCmdFile
+2
+7
+$data1
+0
+n
+n
+EOF
+                break
+                ;;
+            *)
+                echo "Unsupported extension type: $extType"
+                break
+                ;;
+        esac
+    done
+    echo "cmdLine: $extCmdLine"
+    echo "cmdFile: "`cat $extCmdFile`
+    repAndExec \
+        certutil $cuAddParam -C -c $certSigner -m $crtSN -v 599 -d "${dir}" \
+        -i $req -o "$crtDir/${crtName}.crt" -f "${PW_FILE}" $extCmdLine <$extCmdFile 2>&1
+    return $RET
+}
+
+createSignedCert() {
+    dir=$1
+    certDir=$2
+    certName=$3
+    certSN=$4
+    certSubj=$5
+    keyType=$6
+    extList=$7
+
+    echo Creating cert $certName-$keyType with SN=$certSN
+
+    CU_SUBJECT="CN=$certName, E=${certName}-${keyType}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+    repAndExec \
+        certutil -R -d $dir -f "${PW_FILE}" -z "${NOISE_FILE}" \
+                  -k $keyType -o $dir/req  2>&1
+    [ "$RET" -ne 0 ] && return $RET
+
+    signCert $dir $dir $certName-$keyType $certSN $dir/req "" $extList
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    rm -f $dir/req
+
+    repAndExec \
+        certutil -A -n ${certName}-$keyType -t "u,u,u" -d "${dir}" -f "${PW_FILE}" \
+                    -i "$dir/${certName}-$keyType.crt" 2>&1
+    [ "$RET" -ne 0 ] && return $RET
+
+    cp "$dir/${certName}-$keyType.crt" $certDir
+
+    repAndExec \
+        pk12util -d $dir -o $certDir/$certName-$keyType.p12 -n ${certName}-$keyType \
+                     -k ${PW_FILE} -W iopr
+    [ "$RET" -ne 0 ] && return $RET
+    return 0
+}
+
+generateAndExportSSLCerts() {
+    dir=$1
+    certDir=$2
+    serverName=$3
+    servCertReq=$4
+
+    if [ "$servCertReq" -a -f $servCertReq ]; then
+        grep REQUEST $servCertReq >/dev/null 2>&1
+        signCert $dir $certDir ${serverName}_ext 501 $servCertReq `test $? -eq 0 && echo -a`
+        ret=$?
+        [ "$ret" -ne 0 ] && return $ret
+    fi
+
+    certName=$serverName
+    createSignedCert $dir $certDir $certName 500 "$certSubj" rsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    createSignedCert $dir $certDir $certName 501 "$certSubj" dsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+   
+    certName=TestUser510
+    createSignedCert $dir $certDir $certName 510 "$certSubj" rsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=TestUser511
+    createSignedCert $dir $certDir $certName 511 "$certSubj" dsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=TestUser512
+    createSignedCert $dir $certDir $certName 512 "$certSubj" rsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=TestUser513
+    createSignedCert $dir $certDir $certName 513 "$certSubj" dsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+}
+
+generateAndExportOCSPCerts() {
+    dir=$1
+    certDir=$2
+
+    certName=ocspTrustedResponder
+    createSignedCert $dir $certDir $certName 525 "$certSubj" rsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspDesignatedResponder
+    createSignedCert $dir $certDir $certName 526 "$certSubj" rsa ocspDR
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspTRTestUser514
+    createSignedCert $dir $certDir $certName 514 "$certSubj" rsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspTRTestUser516
+    createSignedCert $dir $certDir $certName 516 "$certSubj" rsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspRCATestUser518
+    createSignedCert $dir $certDir $certName 518 "$certSubj" rsa \
+        AIA,http://dochinups.red.iplanet.com:2561
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspRCATestUser520
+    createSignedCert $dir $certDir $certName 520 "$certSubj" rsa \
+        AIA,http://dochinups.red.iplanet.com:2561
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspDRTestUser522
+    createSignedCert $dir $certDir $certName 522 "$certSubj" rsa \
+        AIA,http://dochinups.red.iplanet.com:2562
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspDRTestUser524
+    createSignedCert $dir $certDir $certName 524 "$certSubj" rsa \
+        AIA,http://dochinups.red.iplanet.com:2562
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    generateAndExportCACert $dir "" TestCA-unknown
+    [ $? -ne 0 ] && return $ret
+    
+    certSigner=TestCA-unknown
+    
+    certName=ocspTRUnkownIssuerCert
+    createSignedCert $dir $certDir $certName 531 "$certSubj" rsa
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspRCAUnkownIssuerCert
+    createSignedCert $dir $certDir $certName 532 "$certSubj" rsa \
+        AIA,http://dochinups.red.iplanet.com:2561
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certName=ocspDRUnkownIssuerCert
+    createSignedCert $dir $certDir $certName 533 "$certSubj" rsa \
+        AIA,http://dochinups.red.iplanet.com:2562
+    ret=$?
+    [ "$ret" -ne 0 ] && return $ret
+
+    certSigner=""
+    
+    return 0
+}
+
+generateAndExportCACert() {
+    dir=$1
+    certDirL=$2
+    caName=$3
+
+    certName=TestCA
+    [ "$caName" ] && certName=$caName
+    CU_SUBJECT="CN=NSS IOPR Test CA $$, E=${certName}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US"
+    repAndExec \
+        certutil -S -n $certName -t "CTu,CTu,CTu" -v 600 -x -d ${dir} -1 -2 \
+        -f ${PW_FILE} -z ${NOISE_FILE} -m `expr $$ + 2238` >&1 <<EOF
+5
+6
+9
+n
+y
+-1
+n
+EOF
+
+    if [ "$certDirL" ]; then
+        repAndExec \
+            certutil -L -n $certName -r -d ${dir} -o $certDirL/$certName.crt 
+        [ "$RET" -ne 0 ] && return $RET
+        
+        repAndExec \
+            pk12util -d $dir -o $certDirL/$certName.p12 -n $certName -k ${PW_FILE} -W iopr
+        [ "$RET" -ne 0 ] && return $RET
+    fi
+}
+
+
+generateCerts() {
+    certDir=$1
+    serverName=$2
+    reuseCACert=$3
+    servCertReq=$4
+    
+    [ -z "$certDir" ] && echo "Cert directory should not be empty" && exit 1
+    [ -z "$serverName" ] && echo "Server name should not be empty" && exit 1
+
+    mkdir -p $certDir
+    [ $? -ne 0 ] && echo "Can not create dir: $certDir" && exit 1
+    
+
+    dir=/tmp/db.$$
+    if [ -z "$reuseCACert" ]; then
+        if [ -d "$dir" ]; then
+            rm -f $dir
+        fi
+   
+        PW_FILE=$dir/nss.pwd
+        NOISE_FILE=$dir/nss.noise
+
+        mkdir -p $dir
+        [ $? -ne 0 ] && echo "Can not create dir: $dir" && exit 1
+        
+        echo nss > $PW_FILE
+        date >> ${NOISE_FILE} 2>&1
+        
+        repAndExec \
+            certutil -d $dir -N -f $PW_FILE
+        [ "$RET" -ne 0 ] && return $RET
+        
+        generateAndExportCACert $dir $certDir
+        [ "$RET" -ne 0 ] && return $RET
+    else
+        dir=$reuseCACert
+        PW_FILE=$dir/nss.pwd
+        NOISE_FILE=$dir/nss.noise
+        hasKey=`repAndExec certutil -d $dir -L | grep TestCA | grep CTu`
+        [ -z "$hasKey" ] && echo "reuse CA cert has not priv key" && \
+            return $RET;
+    fi
+
+    generateAndExportSSLCerts $dir $certDir $serverName $servCertReq
+    [ "$RET" -ne 0 ] && return $RET
+
+    generateAndExportOCSPCerts $dir $certDir
+    [ "$RET" -ne 0 ] && return $RET
+
+    crlUpdate=`date +%Y%m%d%H%M%SZ`
+    crlNextUpdate=`echo $crlUpdate | sed 's/20/21/'`
+    repAndExec \
+        crlutil -d $dir -G -n "TestCA" -f ${PW_FILE} -o $certDir/TestCA.crl <<EOF_CRLINI
+update=$crlUpdate
+nextupdate=$crlNextUpdate
+addcert 509-511 $crlUpdate
+addcert 516 $crlUpdate
+addcert 520 $crlUpdate
+addcert 524 $crlUpdate
+EOF_CRLINI
+    [ "$RET" -ne 0 ] && return $RET
+
+    rm -rf $dir
+    return 0
+}
+
+
+if [ -z "$1" -o -z "$2" ]; then
+    echo "$0 <dest dir> <server cert name> [reuse CA cert] [cert req]"
+    exit 1
+fi
+generateCerts $1 $2 "$3" $4
+exit $?
diff --git a/nss/tests/iopr/server_scr/cipher.list b/nss/tests/iopr/server_scr/cipher.list
new file mode 100644
index 0000000..668084c
--- /dev/null
+++ b/nss/tests/iopr/server_scr/cipher.list
@@ -0,0 +1,98 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+nss                                      openssl                    iis 
+
+#
+# SSL v3.0 cipher suites.
+#
+SSL3_RSA_WITH_NULL_MD5                   NULL-MD5                   i
+SSL3_RSA_WITH_NULL_SHA                   NULL-SHA                   z
+SSL3_RSA_WITH_RC4_128_MD5                RC4-MD5                    c
+SSL3_RSA_WITH_RC4_128_SHA                RC4-SHA                    n
+SSL3_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+SSL3_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA                e
+SSL3_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA               d
+
+SSL3_DH_DSS_WITH_DES_CBC_SHA             Not_implemented.
+SSL3_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not_implemented.
+SSL3_DH_RSA_WITH_DES_CBC_SHA             Not_implemented.
+SSL3_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not_implemented.
+SSL3_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA            s
+SSL3_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA       q
+SSL3_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+SSL3_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+SSL3_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+SSL3_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+SSL3_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+SSL3_FORTEZZA_KEA_WITH_NULL_SHA          Not_implemented.
+SSL3_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not_implemented.
+SSL3_FORTEZZA_KEA_WITH_RC4_128_SHA       Not_implemented.
+
+#
+# Next four added to have ciphers below for SSL3 protocol
+#
+SSL3_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+SSL3_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+
+#
+#TLS v1.0 cipher suites.
+#
+TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
+TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+TLS_DH_DSS_WITH_DES_CBC_SHA             Not_implemented.
+TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not_implemented.
+TLS_DH_RSA_WITH_DES_CBC_SHA             Not_implemented.
+TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not_implemented.
+TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
+TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+#
+#AES ciphersuites from RFC3268, extending TLS v1.0
+#
+
+TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+
+TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+
+TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
+
+TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+
+#
+#Additional cipher suites
+#
+#Note: these ciphers can also be used in SSL v3.
+#
+TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
+
+#
+# FIPS cipher list
+#        
+TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA      Not_implemented
+TLS_RSA_FIPS_WITH_DES_CBC_SHA           Not_implemented
+SSL3_RSA_FIPS_WITH_3DES_EDE_CBC_SHA     Not_implemented
+SSL3_RSA_FIPS_WITH_DES_CBC_SHA          Not_implemented
diff --git a/nss/tests/iopr/server_scr/client.cgi b/nss/tests/iopr/server_scr/client.cgi
new file mode 100644
index 0000000..581ad06
--- /dev/null
+++ b/nss/tests/iopr/server_scr/client.cgi
@@ -0,0 +1,526 @@
+#!/usr/bin/perl
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#--------------------------------------------------------------
+# cgi script that parses request argument to appropriate 
+# open ssl or tstclntw options and starts ssl client.
+#
+
+use CGI qw/:standard/;
+
+use subs qw(debug);
+
+#--------------------------------------------------------------
+# Prints out an error string and exits the script with an
+# exitStatus.
+# Param:
+#    str : an error string
+#    exitStat: an exit status of the program
+#
+sub svr_error {
+    my ($str, $exitStat) = @_;
+
+    if (!defined $str || $str eq "") {
+        $str = $ERR;
+    }
+    print "SERVER ERROR: $str\n";
+    if ($exitStat) {
+        print end_html if ($osDataArr{wservRun});
+        exit $exitStat;
+    }
+}
+
+#--------------------------------------------------------------
+# Prints out a debug message
+# Params:
+#     str: debug message
+#     inVal: additional value to print(optional)
+#
+sub debug {
+    my ($str, $inVal) = @_;
+    
+    print "-- DEBUG: $str ($inVal)\n" if ($DEBUG == 1);
+}
+
+
+#--------------------------------------------------------------
+# Initializes execution context depending on a webserver the
+# script is running under.
+#
+sub init {
+    %osDataArr = (
+                  loadSupportedCipthersFn => \&osSpecific,
+                  cipherIsSupportedFn => \&verifyCipherSupport,
+                  cipherListFn => \&convertCipher,
+                  buildCipherTableFn => \&buildCipherTable,
+                  execCmdFn => \&osSpecific,
+                  );
+
+    $scriptName = $ENV{'SCRIPT_NAME'};
+    if (!defined $scriptName) {
+        $DEBUG=1;
+        debug "Debug is ON";
+    }
+    $DEBUG=1;
+    
+    $svrSoft = $ENV{'SERVER_SOFTWARE'};
+    if (defined $svrSoft) {
+        $_ = $svrSoft;
+        /.*Microsoft.*/ && ($osDataArr{wserv} = "IIS");
+        /.*Apache.*/ && ($osDataArr{wserv} = "Apache");
+        $osDataArr{wservRun} = 1;
+    } else {
+        $osDataArr{wserv} = "Apache";
+        $osDataArr{wservRun} = 0;
+    }
+}
+
+#--------------------------------------------------------------
+# Function-spigot to handle errors is OS specific functions are
+# not implemented for a particular OS.
+# Returns:
+#   always returns 0(failure)
+#
+sub osSpecific {
+    $ERR = "This function should be swapped to os specific function.";
+    return 0;
+}
+
+#--------------------------------------------------------------
+# Sets os specific execution context values.
+# Returns:
+#    1 upon success, or 0 upon failure(if OS was not recognized)
+#
+sub setFunctRefs {
+    
+    debug("Entering setFunctRefs function", $osDataArr{wserv});
+
+    if ($osDataArr{wserv} eq "Apache") {
+        $osDataArr{osConfigFile} = "apache_unix.cfg";
+        $osDataArr{suppCiphersCmd} = '$opensslb ciphers ALL:NULL';
+        $osDataArr{clientRunCmd} = '$opensslb s_client -host $in_host -port $in_port -cert $certDir/$in_cert.crt -key $certDir/$in_cert.key -CAfile $caCertFile $proto $ciphers -ign_eof < $reqFile';
+        $osDataArr{loadSupportedCipthersFn} = \&getSupportedCipherList_Unix;
+        $osDataArr{execCmdFn} = \&execClientCmd_Unix;
+    } elsif ($osDataArr{wserv} eq "IIS") {
+        $osDataArr{osConfigFile} = "iis_windows.cfg";
+        $osDataArr{suppCiphersCmd} = '$tstclntwb';
+        $osDataArr{clientRunCmd} = '$tstclntwb -h $in_host -p $in_port -n $in_cert $proto $ciphers < $reqFile';
+        $osDataArr{loadSupportedCipthersFn} = \&getSupportedCipherList_Win;
+        $osDataArr{execCmdFn} = \&execClientCmd_Win;
+    } else {
+        $ERR = "Unknown Web Server  type.";
+        return 0;
+    }
+    return 1;
+}
+
+#--------------------------------------------------------------
+# Parses data from HTTP request. Will print a form if request
+# does not contain sufficient number of parameters.
+# Returns: 
+#     1 if request has sufficient number of parameters
+#     0 if not.
+sub getReqData {
+    my $debug = param('debug');
+    $in_host = param('host');
+    $in_port = param('port');
+    $in_cert = param('cert');
+    $in_cipher = param('cipher');
+
+    if (!$osDataArr{wservRun}) {
+        $in_host="goa1";
+        $in_port="443";
+        $in_cert="TestUser511";
+        $in_cipher = "SSL3_RSA_WITH_NULL_SHA";
+    }
+
+    debug("Entering getReqData function", "$in_port:$in_host:$in_cert:$in_cipher");
+
+    if (defined $debug && $debug == "debug on") {
+        $DEBUG = 1;
+    }
+
+    if (!defined $in_host || $in_host eq "" ||
+        !defined $in_port || $in_port eq "" ||
+        !defined $in_cert || $in_cert eq "") {
+        if ($osDataArr{wservRun}) {
+            print h1('Command description form:'),
+            start_form(-method=>"get"),
+            "Host: ",textfield('host'),p,
+            "Port: ",textfield('port'),p,
+            "Cert: ",textfield('cert'),p,
+            "Cipher: ",textfield('cipher'),p,
+            checkbox_group(-name=>'debug',
+                           -values=>['debug on  ']),
+            submit,
+            end_form,
+            hr;
+        } else {
+            print "Printing html form to get client arguments\n";
+        }
+        $ERR = "the following parameters are required: host, port, cert";
+        return 0;
+    } else {
+        print "<pre>" if ($osDataArr{wservRun});
+        return 1;
+    }
+}
+
+
+#--------------------------------------------------------------
+# Building cipher conversion table from file based on the OS.
+# Params:
+#     tfile: cipher conversion file.
+#     sysName: system name
+#     tblPrt: returned pointer to a table.
+sub buildCipherTable {
+    my ($tfile, $sysName, $tblPrt) = @_;
+    my @retArr = @$tblPrt;
+    my %table, %rtable;
+    my $strCount = 0;
+
+    debug("Entering getReqData function", "$tfile:$sysName:$tblPrt");
+
+    ($ERR = "No system name supplied" && return 0) if ($sysName =~ /^$/);
+    if (!open(TFILE, "$tfile")) {
+        $ERR = "Missing cipher conversion table file.";
+        return 0;
+    }
+    foreach (<TFILE>) {
+        chop;
+        /^#.*/ && next;
+        /^\s*$/ && next;
+        if ($strCount++ == 0) {
+            my @sysArr =  split /\s+/;
+            $colCount = 0;
+            for (;$colCount <= $#sysArr;$colCount++) {
+                last if ($sysArr[$colCount] =~ /(.*:|^)$sysName.*/);
+            }
+            next;
+        }
+        my @ciphArr =  split /\s+/, $_;
+        $table{$ciphArr[0]} = $ciphArr[$colCount];
+        $rtable{$ciphArr[$colCount]} = $ciphArr[0];
+    }
+    close(TFILE);
+    $cipherTablePtr[0] = \%table;
+    $cipherTablePtr[1] = \%rtable;
+    return 1
+}
+
+#--------------------------------------------------------------
+# Client configuration function. Loads client configuration file.
+# Initiates cipher table. Loads cipher list supported by ssl client.
+#
+sub configClient {
+
+    debug "Entering configClient function";
+
+    my $res = &setFunctRefs();
+    return $res if (!$res);
+
+    open(CFILE, $osDataArr{'osConfigFile'}) ||
+        ($ERR = "Missing configuration file." && return 0);
+    foreach (<CFILE>) {
+        /^#.*/ && next;
+        chop;
+        eval $_;
+    }
+    close(CFILE);
+   
+    local @cipherTablePtr = ();
+    $osDataArr{'buildCipherTableFn'}->($cipherTableFile, $clientSys) || return 0;
+    $osDataArr{cipherTable} = $cipherTablePtr[0];
+    $osDataArr{rcipherTable} = $cipherTablePtr[1];
+    
+    local $suppCiphersTablePrt;
+    &{$osDataArr{'loadSupportedCipthersFn'}} || return 0;
+    $osDataArr{suppCiphersTable} = $suppCiphersTablePrt;
+}
+
+#--------------------------------------------------------------
+# Verifies that a particular cipher is supported.
+# Params:
+#    checkCipher: cipher name
+# Returns:
+#    1 - cipher is supported(also echos the cipher).
+#    0 - not supported.
+#
+sub verifyCipherSupport {
+    my ($checkCipher) = @_;
+    my @suppCiphersTable = @{$osDataArr{suppCiphersTable}};
+
+    debug("Entering verifyCipherSupport", $checkCipher);
+    foreach (@suppCiphersTable) {
+        return 1 if ($checkCipher eq $_);
+    }
+    $ERR = "cipher is not supported.";
+    return 0;
+}
+
+#--------------------------------------------------------------
+# Converts long(?name of the type?) cipher name to 
+# openssl/tstclntw cipher name.
+# Returns:
+#   0 if cipher was not listed. 1 upon success.
+#
+sub convertCipher {
+    my ($cipher) = @_;
+    my @retList;
+    my $resStr;
+    my %cipherTable = %{$osDataArr{cipherTable}};
+
+    debug("Entering convertCipher", $cipher);
+    if (defined $cipher) {
+        my $cphr = $cipherTable{$cipher};
+        if (!defined $cphr) {
+            $ERR = "cipher is not listed.";
+            return 0;
+        }        
+        &{$osDataArr{'cipherIsSupportedFn'}}($cphr) || return 0;
+        $ciphers = "$cphr";
+        return 1;
+    }
+    return 0;
+}
+
+#################################################################
+#  UNIX Apache Specific functions
+#----------------------------------------------------------------
+
+#--------------------------------------------------------------
+# Executes ssl client command to get a list of ciphers supported
+# by client.
+#
+sub getSupportedCipherList_Unix {
+    my @arr, @suppCiphersTable;
+
+    debug "Entering getSupportedCipherList_Unix function";
+
+    eval '$sLisrCmd = "'.$osDataArr{'suppCiphersCmd'}.'"';
+    if (!open (OUT, "$sLisrCmd|")) {
+        $ERR="Can not run command to verify supported cipher list.";
+        return 0;
+    }
+    @arr = <OUT>;
+    chop $arr[0];
+    @suppCiphersTable = split /:/, $arr[0];
+    debug("Supported ciphers", $arr[0]);
+    $suppCiphersTablePrt = \@suppCiphersTable;
+    close(OUT);
+    return 1;
+}
+
+#--------------------------------------------------------------
+# Lunches ssl client command in response to a request.
+#
+#
+sub execClientCmd_Unix {
+    my $proto;
+    local $ciphers;
+
+    debug "Entering execClientCmd_Unix";
+    if (defined $in_cipher && $in_cipher ne "") {
+        my @arr = split /_/, $in_cipher, 2;
+        $proto = "-".$arr[0];
+        $proto =~ tr /SLT/slt/;
+        $proto = "-tls1" if ($proto eq "-tls");
+        return 0 if (!&{$osDataArr{'cipherListFn'}}($in_cipher));
+        $ciphers = "-cipher $ciphers";
+        debug("Return from cipher conversion", "$ciphers");
+    }
+
+    eval '$command = "'.$osDataArr{'clientRunCmd'}.'"';
+    debug("Executing command", $command);
+    if (!open CMD_OUT, "$command 2>&1 |") {
+       $ERR = "can not launch client";
+       return 0;
+    }
+
+    my @cmdOutArr = <CMD_OUT>;
+    
+    foreach (@cmdOutArr) {
+        print $_;
+    }
+
+    my $haveVerify = 0;
+    my $haveErrors = 0;
+    foreach (@cmdOutArr) {
+        chop;
+        if (/unknown option/) {
+            $haveErrors++;
+            svr_error "unknown option\n";
+            next;
+        }
+        if (/:no ciphers available/) {
+            $haveErrors++;
+            svr_error "no cipthers available\n";
+            next;
+        }
+        if (/verify error:/) {
+            $haveErrors++;
+            svr_error "unable to do verification\n";
+            next;
+        }
+        if (/alert certificate revoked:/) {
+            $haveErrors++;
+            svr_error "attempt to connect with revoked sertificate\n";
+            next;
+        }
+        if (/(error|ERROR)/) {
+            $haveErrors++;
+            svr_error "found errors in server log\n";
+            next;
+        }
+        /verify return:1/ && ($haveVerify = 1);
+    }
+     if ($haveVerify == 0) {
+         svr_error "no 'verify return:1' found in server log\n";
+         $haveErrors++;
+     }
+
+    if ($haveErrors > 0) {
+        $ERR = "Have $haveErrors server errors";
+        debug "Exiting execClientCmd_Unix";
+        return 0;
+    }
+    debug "Exiting execClientCmd_Unix";
+    return 1;
+}
+
+#################################################################
+#  Windows IIS Specific functions
+#----------------------------------------------------------------
+
+#--------------------------------------------------------------
+# Executes ssl client command to get a list of ciphers supported
+# by client.
+#
+sub getSupportedCipherList_Win {
+    my @arr, @suppCiphersTable;
+
+    debug "Entering getSupportedCipherList_Win function";
+
+    eval '$sLisrCmd = "'.$osDataArr{'suppCiphersCmd'}.'"';
+    if (!open (OUT, "$sLisrCmd|")) {
+        $ERR="Can not run command to verify supported cipher list.";
+        return 0;
+    }
+    my $startCipherList = 0;
+    foreach (<OUT>) {
+        chop;
+        if ($startCipherList) {
+            /^([a-zA-Z])\s+/ && push @suppCiphersTable, $1;
+            next;
+        }
+        /.*from list below.*/ && ($startCipherList = 1);
+    }
+    debug("Supported ciphers", join ':', @suppCiphersTable);
+    $suppCiphersTablePrt = \@suppCiphersTable;
+    close(OUT);
+    return 1;
+}
+
+#--------------------------------------------------------------
+# Lunches ssl client command in response to a request.
+#
+#
+sub execClientCmd_Win {
+    my $proto;
+    local $ciphers;
+
+    debug "Entering execClientCmd_Win";
+    if (defined $in_cipher && $in_cipher ne "") {
+        my @arr = split /_/, $in_cipher, 2;
+        $proto = "-2 -3 -T";
+
+        $proto =~ s/-T// if ($arr[0] eq "TLS");
+        $proto =~ s/-3// if ($arr[0] eq "SSL3");
+        $proto =~ s/-2// if ($arr[0] eq "SSL2");
+	return 0 if (!&{$osDataArr{'cipherListFn'}}($in_cipher));
+        $ciphers = "-c $ciphers";
+        debug("Return from cipher conversion", $ciphers);
+    }
+
+    eval '$command = "'.$osDataArr{'clientRunCmd'}.'"';
+    debug("Executing command", $command);
+    if (!open CMD_OUT, "$command 2>&1 |") {
+        $ERR = "can not launch client";
+        return 0;
+    }
+
+    my @cmdOutArr = <CMD_OUT>;
+    
+    foreach (@cmdOutArr) {
+        print $_;
+    }
+
+    my $haveVerify = 0;
+    my $haveErrors = 0;
+    foreach (@cmdOutArr) {
+        chop;
+        if (/unknown option/) {
+            $haveErrors++;
+            svr_error "unknown option\n";
+            next;
+        }
+        if (/Error performing handshake/) {
+            $haveErrors++;
+            svr_error "Error performing handshake\n";
+            next;
+        }
+        if (/Error creating credentials/) {
+            $haveErrors++;
+            svr_error "Error creating credentials\n";
+            next;
+        }
+        if (/Error .* authenticating server credentials!/) {
+            $haveErrors++;
+            svr_error "Error authenticating server credentials\n";
+            next;
+        }
+        if (/(error|ERROR|Error)/) {
+            $haveErrors++;
+            svr_error "found errors in server log\n";
+            next;
+        }
+    }
+
+    if ($haveErrors > 0) {
+        $ERR = "Have $haveErrors server errors";
+        debug "Exiting execClientCmd_Win";
+        return 0;
+    }
+    debug "Exiting execClientCmd_Win";
+    return 1;
+}
+
+#################################################################
+#  Main line of execution
+#----------------------------------------------------------------
+&init;
+
+if ($osDataArr{wservRun}) {
+    print header('text/html').
+        start_html('iopr client');
+}
+ 
+print "SCRIPT=OK\n";
+
+if (!&getReqData) { 
+    svr_error($ERR, 1);
+}
+
+if (!&configClient) { 
+    svr_error($ERR, 1);
+}
+
+&{$osDataArr{'execCmdFn'}} || svr_error;
+
+if ($osDataArr{wservRun}) {
+    print "</pre>";
+    print end_html;
+}
diff --git a/nss/tests/iopr/server_scr/config b/nss/tests/iopr/server_scr/config
new file mode 100644
index 0000000..9e65b92
--- /dev/null
+++ b/nss/tests/iopr/server_scr/config
@@ -0,0 +1,17 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+certDir=/iopr
+caCertName=TestCA
+caCrlName=TestCA
+userCertNames="TestUser510 TestUser511"
+userRevokedCertNames="TestUser510"
+reverseRunCGIScript="/cgi-bin/client.cgi"
+supportedTests="SslSingleHs"
+# SslSingleHs: ssl single handshake with out client cert auth
+SslSingleHsPort=443
+SslSingleHsUrl=/
+SslSingleHsParam=NOAUTH:NOCOV:NOCRL
+#ParamSslSingleHandshakeWithOutClientCertAuth="443 / NOAUTH:NOCOV:NOCRL"
+#ParamSslSingleHandshakeWithOutClientCertAuth="443 /"
diff --git a/nss/tests/iopr/server_scr/iis_windows.cfg b/nss/tests/iopr/server_scr/iis_windows.cfg
new file mode 100644
index 0000000..76499b8
--- /dev/null
+++ b/nss/tests/iopr/server_scr/iis_windows.cfg
@@ -0,0 +1,33 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# IIS windows configuration file
+#
+
+#
+# Define what type of system this is.
+#
+$clientSys = "iis";
+
+#
+# Cipher conversion table file
+#
+$cipherTableFile = "cipher.list";
+
+#--------------------------------------------
+# Web server specific variables start here:
+#
+
+#
+# Location of installed tstclntb binary
+#
+$tstclntwb = "./tstclntw.exe";
+
+#
+# HTTP Request file
+#
+$reqFile = "sslreq.dat";
+
+
diff --git a/nss/tests/iopr/server_scr/iopr_server.cfg b/nss/tests/iopr/server_scr/iopr_server.cfg
new file mode 100644
index 0000000..2b196e0
--- /dev/null
+++ b/nss/tests/iopr/server_scr/iopr_server.cfg
@@ -0,0 +1,67 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+certDir=/iopr
+caCertName=TestCA
+caCrlName=TestCA
+
+#old values
+userCertNames="TestUser510-rsa TestUser512-rsa"
+userRevokedCertNames="TestUser510-rsa"
+reverseRunCGIScript="/cgi-bin/client.cgi"
+#reverseTestParam=NOREVALL
+supportedTests="SslSingleHs SslSecondHs"
+#supportedTests="SslSecondHs"
+
+
+downloadFiles="TestUser510-rsa.p12 TestUser512-rsa.p12 ocspTrustedResponder-rsa.crt ocspTRTestUser514-rsa.crt ocspTRTestUser516-rsa.crt ocspRCATestUser518-rsa.crt ocspRCATestUser520-rsa.crt ocspDRTestUser522-rsa.crt ocspDRTestUser524-rsa.crt ocspTRUnknownIssuerCert-rsa.crt ocspRCAUnknownIssuerCert-rsa.crt ocspDRUnknownIssuerCert-rsa.crt"
+# Keep a space at the end of
+SslClntValidCertName="TestUser512-rsa"
+SslClntRevokedCertName="TestUser510-rsa"
+reverseRunCGIScript="/cgi-bin/client.cgi"
+#reverseTestParam=NOREVALL
+
+supportedTests_new="SslSingleHs SslSecondHs OcspTrustedResponder OcspResponderCA OcspDesinatedResponder"
+
+#
+# SslSingleHs: ssl single handshake with out client cert auth
+SslSingleHsDescr="ssl with single handshake without client cert auth"
+SslSingleHsPort=443
+SslSingleHsUrl=/iopr_test/test_pg.html
+SslSingleHsParam=NOAUTH
+
+#
+# SslSecondHs: ssl with secondary hs when accessing direcory 
+# that requires cert verification
+SslSecondHsDescr="ssl with secondary hs when accessing direcory that requires cert verification"
+SslSecondHsPort=443
+SslSecondHsUrl=/iopr_test_2hs/test_pg.html
+SslSecondHsParam=NOCOV
+
+#
+# OcspTrustedResponder - trusted responder key is used to sign OCSP response
+#
+OcspTrustedResponderDescr="trusted responder key is used to sign OCSP response"
+OcspTrustedResponderProto=http
+OcspTrustedResponderPort=2560
+OcspTrustedResponderResponderCert=ocspTrustedResponder-rsa
+OcspTrustedResponderValidCertNames="ocspTRTestUser516-rsa"
+OcspTrustedResponderRevokedCertNames="ocspTRTestUser514-rsa"
+OcspTrustedResponderStatUnknownCertNames="ocspTRUnknownIssuerCert-rsa"
+
+#
+# OcspResponderCA - CA key is used to sign OCSP response
+#
+OcspResponderCADescr="CA key is used to sign OCSP response"
+OcspResponderCAValidCertNames="ocspRCATestUser518-rsa"
+OcspResponderCARevokedCertNames="ocspRCATestUser520-rsa"
+OcspResponderCAStatUnknownCertNames="ocspRCAUnknownIssuerCert-rsa"
+
+#
+# OcspDesinatedResponder - CA Designated Responder key is used to sign OCSP response
+#
+OcspDesinatedResponderDescr="CA Designated Responder key is used to sign OCSP response"
+OcspDesinatedResponderValidCertNames="ocspDRTestUser522-rsa"
+OcspDesinatedResponderRevokedCertNames="ocspDRTestUser524-rsa"
+OcspDesinatedResponderStatUnknownCertNames="ocspDRUnknownIssuerCert-rsa"
diff --git a/nss/tests/iopr/server_scr/sslreq.dat b/nss/tests/iopr/server_scr/sslreq.dat
new file mode 100644
index 0000000..2f7ad77
--- /dev/null
+++ b/nss/tests/iopr/server_scr/sslreq.dat
@@ -0,0 +1,2 @@
+GET / HTTP/1.0
+
diff --git a/nss/tests/iopr/ssl_iopr.sh b/nss/tests/iopr/ssl_iopr.sh
new file mode 100644
index 0000000..0f97426
--- /dev/null
+++ b/nss/tests/iopr/ssl_iopr.sh
@@ -0,0 +1,643 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/iopr/ssl_iopr.sh
+#
+# NSS SSL interoperability QA. This file is included from ssl.sh
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+########################################################################
+IOPR_SSL_SOURCED=1
+
+########################################################################
+# The functions works with variables defined in interoperability 
+# configuration file that was downloaded from a webserver.
+# It tries to find unrevoked cert based on value of variable
+# "SslClntValidCertName" defined in the configuration file.
+# Params NONE.
+# Returns 0 if found, 1 otherwise.
+#
+setValidCert() {
+    testUser=$SslClntValidCertName
+    [ -z "$testUser" ] && return 1
+    return 0
+}
+
+########################################################################
+# The funtions works with variables defined in interoperability 
+# configuration file that was downloaded from a webserver.
+# The function sets port, url, param and description test parameters
+# that was defind for a particular type of testing.
+# Params:
+#      $1 - supported types of testing. Currently have maximum
+#           of two: forward and reverse. But more can be defined. 
+# No return value
+#
+setTestParam() {
+    type=$1
+    sslPort=`eval 'echo $'${type}Port`
+    sslUrl=`eval 'echo $'${type}Url`
+    testParam=`eval 'echo $'${type}Param`
+    testDescription=`eval 'echo $'${type}Descr`
+    [ -z "$sslPort" ] && sslPort=443
+    [ -z "$sslUrl" ] && sslUrl="/iopr_test/test_pg.html"
+    [ "$sslUrl" = "/" ] && sslUrl="/test_pg.html"
+}
+
+
+#######################################################################
+# local shell function to perform SSL Cipher Suite Coverage tests
+# in interoperability mode. Tests run against web server by using nss
+# test client
+# Params:
+#      $1 - supported type of testing.
+#      $2 - testing host
+#      $3 - nss db location
+# No return value
+#  
+ssl_iopr_cov_ext_server()
+{
+  testType=$1
+  host=$2
+  dbDir=$3
+
+  setTestParam $testType
+  if [ "`echo $testParam | grep NOCOV`" != "" ]; then
+      echo "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR) excluded from " \
+           "run by server configuration"
+      return 0
+  fi
+
+  html_head "SSL Cipher Coverage of WebServ($IOPR_HOSTADDR" \
+      "$BYPASS_STRING $NORM_EXT): $testDescription"
+
+  setValidCert; ret=$?
+  if [ $ret -ne 0 ]; then
+      html_failed "Fail to find valid test cert(ws: $host)" 
+      return $ret
+  fi
+
+  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
+  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
+  echo >> $SSL_REQ_FILE
+  
+  while read ecc tls param testname therest; do
+      [ -z "$ecc" -o "$ecc" = "#" -o "`echo $testname | grep FIPS`" -o \
+          "$ecc" = "ECC" ] && continue; 
+      
+      echo "$SCRIPTNAME: running $testname ----------------------------"
+      TLS_FLAG=-T
+      if [ "$tls" = "TLS" ]; then
+          TLS_FLAG=""
+      fi
+      
+      resFile=${TMP}/$HOST.tmpRes.$$
+      rm $resFile 2>/dev/null
+      
+      echo "tstclnt -p ${sslPort} -h ${host} -c ${param} ${TLS_FLAG} \\"
+      echo "      -n $testUser -v -w nss ${CLIEN_OPTIONS} -f \\"
+      echo "      -d ${dbDir} < ${SSL_REQ_FILE} > $resFile"
+      
+      ${BINDIR}/tstclnt -p ${sslPort} -h ${host} -c ${param} \
+          ${TLS_FLAG} ${CLIEN_OPTIONS} -f -n $testUser -v -w nss \
+          -d ${dbDir} < ${SSL_REQ_FILE} >$resFile  2>&1
+      ret=$?
+      grep "ACCESS=OK" $resFile
+      test $? -eq 0 -a $ret -eq 0
+      ret=$?
+      [ $ret -ne 0 ] && cat $resFile
+      rm -f $resFile 2>/dev/null
+      html_msg $ret 0 "${testname}"
+  done < ${SSLCOV}
+  rm -f $SSL_REQ_FILE 2>/dev/null
+
+  html "</TABLE><BR>"
+}
+
+#######################################################################
+# local shell function to perform SSL  Client Authentication tests
+# in interoperability mode. Tests run against web server by using nss
+# test client
+# Params:
+#      $1 - supported type of testing.
+#      $2 - testing host
+#      $3 - nss db location
+# No return value
+#  
+ssl_iopr_auth_ext_server()
+{
+  testType=$1
+  host=$2
+  dbDir=$3
+
+  setTestParam $testType
+  if [ "`echo $testParam | grep NOAUTH`" != "" ]; then
+      echo "SSL Client Authentication WebServ($IOPR_HOSTADDR) excluded from " \
+           "run by server configuration"
+      return 0
+  fi
+
+  html_head "SSL Client Authentication WebServ($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT):
+             $testDescription"
+
+  setValidCert;ret=$?
+  if [ $ret -ne 0 ]; then
+      html_failed "Fail to find valid test cert(ws: $host)" 
+      return $ret
+  fi
+
+  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
+  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
+  echo >> $SSL_REQ_FILE
+  
+  SSLAUTH_TMP=${TMP}/authin.tl.tmp
+  grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" > ${SSLAUTH_TMP}
+
+  while read ecc value sparam cparam testname; do
+      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+
+      cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
+      
+      echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \\"
+      echo "         -d ${dbDir} -v < ${SSL_REQ_FILE}"
+      
+      resFile=${TMP}/$HOST.tmp.$$
+      rm $rsFile 2>/dev/null
+
+      ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
+          -d ${dbDir} -v < ${SSL_REQ_FILE} >$resFile  2>&1
+      ret=$?
+      grep "ACCESS=OK" $resFile
+      test $? -eq 0 -a $ret -eq 0
+      ret=$?
+      [ $ret -ne 0 ] && cat $resFile
+      rm $resFile 2>/dev/null
+      
+      html_msg $ret $value "${testname}. Client params: $cparam"\
+          "produced a returncode of $ret, expected is $value"
+  done < ${SSLAUTH_TMP}
+  rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
+
+  html "</TABLE><BR>"
+}
+
+########################################################################
+# local shell function to perform SSL interoperability test with/out
+# revoked certs tests. Tests run against web server by using nss
+# test client
+# Params:
+#      $1 - supported type of testing.
+#      $2 - testing host
+#      $3 - nss db location
+# No return value
+#  
+ssl_iopr_crl_ext_server()
+{
+  testType=$1
+  host=$2
+  dbDir=$3
+
+  setTestParam $testType
+  if [ "`echo $testParam | grep NOCRL`" != "" ]; then
+      echo "CRL SSL Client Tests of WebServerv($IOPR_HOSTADDR) excluded from " \
+           "run by server configuration"
+      return 0
+  fi
+
+  html_head "CRL SSL Client Tests of WebServer($IOPR_HOSTADDR $BYPASS_STRING $NORM_EXT): $testDescription"
+  
+  SSL_REQ_FILE=${TMP}/sslreq.dat.$$
+  echo "GET $sslUrl HTTP/1.0" > $SSL_REQ_FILE
+  echo >> $SSL_REQ_FILE
+  
+  SSLAUTH_TMP=${TMP}/authin.tl.tmp
+  grep -v "^#" ${SSLAUTH} | grep -- "-r_-r_-r_-r" | grep -v bogus | \
+      grep -v none > ${SSLAUTH_TMP}
+
+  while read ecc value sparam _cparam testname; do
+      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+
+      rev_modvalue=254
+      for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
+          cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$testUser/g" `
+	  
+          echo "tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} \\"
+          echo "        -f -d ${dbDir} -v ${cparam}  < ${SSL_REQ_FILE}"
+          resFile=${TMP}/$HOST.tmp.$$
+          rm -f $resFile 2>/dev/null
+          ${BINDIR}/tstclnt -p ${sslPort} -h ${host} ${CLIEN_OPTIONS} -f ${cparam} \
+              -d ${dbDir} -v < ${SSL_REQ_FILE} \
+              > $resFile  2>&1
+          ret=$?
+          grep "ACCESS=OK" $resFile
+          test $? -eq 0 -a $ret -eq 0
+          ret=$?
+          [ $ret -ne 0 ] && ret=$rev_modvalue;
+          [ $ret -ne 0 ] && cat $resFile
+          rm -f $resFile 2>/dev/null
+
+          if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
+              modvalue=$rev_modvalue
+              testAddMsg="revoked"
+          else
+              testAddMsg="not revoked"
+              modvalue=$value
+          fi
+          html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
+              "produced a returncode of $ret, expected is $modvalue"
+      done
+  done < ${SSLAUTH_TMP}
+  rm -f ${SSLAUTH_TMP} ${SSL_REQ_FILE}
+  
+  html "</TABLE><BR>"
+}
+
+
+########################################################################
+# local shell function to perform SSL Cipher Coverage tests of nss server
+# by invoking remote test client on web server side.
+# Invoked only if reverse testing is supported by web server.
+# Params:
+#      $1 - remote web server host
+#      $2 - open port to connect to invoke CGI script
+#      $3 - host where selfserv is running(name of the host nss tests
+#           are running)
+#      $4 - port where selfserv is running
+#      $5 - selfserv nss db location
+# No return value
+#  
+ssl_iopr_cov_ext_client()
+{
+  host=$1
+  port=$2
+  sslHost=$3
+  sslPort=$4
+  serDbDir=$5
+
+  html_head "SSL Cipher Coverage of SelfServ $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
+
+  setValidCert
+  ret=$?
+  if [ $res -ne 0 ]; then
+      html_failed "Fail to find valid test cert(ws: $host)" 
+      return $ret
+  fi
+
+  # P_R_SERVERDIR switch require for selfserv to work.
+  # Will be restored after test
+  OR_P_R_SERVERDIR=$P_R_SERVERDIR
+  P_R_SERVERDIR=$serDbDir
+  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
+  P_R_CLIENTDIR=$serDbDir
+  testname=""
+  sparam="-vvvc ABCDEFcdefgijklmnvyz"
+  # Launch the server
+  start_selfserv 
+  
+  while read ecc tls param cipher therest; do
+      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+      echo "============= Beginning of the test ===================="
+      echo
+      
+      is_selfserv_alive
+      
+      TEST_IN=${TMP}/${HOST}_IN.tmp.$$
+      TEST_OUT=${TMP}/$HOST.tmp.$$
+      rm -f $TEST_IN $TEST_OUT 2>/dev/null
+      
+      echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser&cipher=$cipher HTTP/1.0" > $TEST_IN
+      echo >> $TEST_IN
+      
+      echo "------- Request ----------------------"
+      cat $TEST_IN
+      echo "------- Command ----------------------"
+      echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+          -h $host \< $TEST_IN \>\> $TEST_OUT
+
+      ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+          -h $host <$TEST_IN > $TEST_OUT 
+
+      echo "------- Server output Begin ----------"
+      cat $TEST_OUT
+      echo "------- Server output End   ----------"
+      
+      echo "Checking for errors in log file..."
+      grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
+      if [ $? -eq 0 ]; then
+          grep "cipher is not supported" $TEST_OUT 2>&1 >/dev/null
+          if [ $? -eq 0 ]; then
+              echo "Skiping test: no support for the cipher $cipher on server side"
+              continue
+          fi
+          
+          grep -i "SERVER ERROR:" $TEST_OUT
+          ret=$?
+          if [ $ret -eq 0 ]; then
+              echo "Found problems. Reseting exit code to failure."
+              
+              ret=1
+          else
+              ret=0
+          fi
+      else
+          echo "Script was not executed. Reseting exit code to failure."
+          ret=11
+      fi
+      
+      html_msg $ret 0 "Test ${cipher}. Server params: $sparam " \
+          " produced a returncode of $ret, expected is 0"
+      rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
+  done < ${SSLCOV}
+  kill_selfserv
+  
+  P_R_SERVERDIR=$OR_P_R_SERVERDIR
+  P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
+  
+  rm -f ${TEST_IN} ${TEST_OUT}
+  html "</TABLE><BR>"
+}
+
+########################################################################
+# local shell function to perform SSL Authentication tests of nss server
+# by invoking remove test client on web server side
+# Invoked only if reverse testing is supported by web server.
+# Params:
+#      $1 - remote web server host
+#      $2 - open port to connect to invoke CGI script
+#      $3 - host where selfserv is running(name of the host nss tests
+#           are running)
+#      $4 - port where selfserv is running
+#      $5 - selfserv nss db location
+# No return value
+#  
+ssl_iopr_auth_ext_client()
+{
+  host=$1
+  port=$2
+  sslHost=$3
+  sslPort=$4
+  serDbDir=$5
+
+  html_head "SSL Client Authentication with Selfserv from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
+
+  setValidCert
+  ret=$?
+  if [ $res -ne 0 ]; then
+      html_failed "Fail to find valid test cert(ws: $host)" 
+      return $ret
+  fi
+
+  OR_P_R_SERVERDIR=$P_R_SERVERDIR
+  P_R_SERVERDIR=${serDbDir}
+  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
+  P_R_CLIENTDIR=${serDbDir}
+
+  SSLAUTH_TMP=${TMP}/authin.tl.tmp
+
+  grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
+
+  while read ecc value sparam cparam testname; do
+      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+
+      echo "Server params: $sparam"
+      sparam=$sparam" -vvvc ABCDEFcdefgijklmnvyz"
+      start_selfserv
+      
+      TEST_IN=${TMP}/$HOST_IN.tmp.$$
+      TEST_OUT=${TMP}/$HOST.tmp.$$
+      rm -f $TEST_IN $TEST_OUT 2>/dev/null
+
+      echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
+      echo >> $TEST_IN
+      
+      echo "------- Request ----------------------"
+      cat $TEST_IN
+      echo "------- Command ----------------------"
+      echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+          -h $host \< $TEST_IN \>\> $TEST_OUT
+      
+      ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+          -h $host <$TEST_IN > $TEST_OUT 
+      
+      echo "------- Server output Begin ----------"
+      cat $TEST_OUT
+      echo "------- Server output End   ----------"
+
+      echo "Checking for errors in log file..."
+      grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
+      if [ $? -eq 0 ]; then
+          echo "Checking for error in log file..."
+          grep -i "SERVER ERROR:" $TEST_OUT
+          ret=$?
+          if [ $ret -eq 0 ]; then
+              echo "Found problems. Reseting exit code to failure."
+              ret=1
+          else
+              ret=0
+          fi
+      else
+          echo "Script was not executed. Reseting exit code to failure."
+          ret=11
+      fi
+      
+      html_msg $ret $value "${testname}. Server params: $sparam"\
+          "produced a returncode of $ret, expected is $value"
+      kill_selfserv
+      rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
+  done < ${SSLAUTH_TMP}
+
+  P_R_SERVERDIR=$OR_P_R_SERVERDIR
+  P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
+
+  rm -f ${SSLAUTH_TMP} ${TEST_IN} ${TEST_OUT}
+  html "</TABLE><BR>"
+}
+
+#########################################################################
+# local shell function to perform SSL CRL testing of nss server
+# by invoking remote test client on web server side
+# Invoked only if reverse testing is supported by web server.
+# Params:
+#      $1 - remote web server host
+#      $2 - open port to connect to invoke CGI script
+#      $3 - host where selfserv is running(name of the host nss tests
+#           are running)
+#      $4 - port where selfserv is running
+#      $5 - selfserv nss db location
+# No return value
+#  
+ssl_iopr_crl_ext_client()
+{
+  host=$1
+  port=$2
+  sslHost=$3
+  sslPort=$4
+  serDbDir=$5
+
+  html_head "CRL SSL Selfserv Tests from $IOPR_HOSTADDR. $BYPASS_STRING $NORM_EXT"
+  
+  OR_P_R_SERVERDIR=$P_R_SERVERDIR
+  P_R_SERVERDIR=${serDbDir}
+  OR_P_R_CLIENTDIR=$P_R_CLIENTDIR
+  P_R_CLIENTDIR=$serDbDir
+
+  SSLAUTH_TMP=${TMP}/authin.tl.tmp
+  grep -v "^#" $SSLAUTH | grep "\s*0\s*" > ${SSLAUTH_TMP}
+
+  while read ecc value sparam _cparam testname; do
+      [ -z "$ecc" -o "$ecc" = "#" -o "$ecc" = "ECC" ] && continue;
+      sparam="$sparam  -vvvc ABCDEFcdefgijklmnvyz"
+      start_selfserv
+
+      for testUser in $SslClntValidCertName $SslClntRevokedCertName; do
+	  
+          is_selfserv_alive
+          
+          TEST_IN=${TMP}/${HOST}_IN.tmp.$$
+          TEST_OUT=${TMP}/$HOST.tmp.$$
+          rm -f $TEST_IN $TEST_OUT 2>/dev/null
+
+          echo "GET $reverseRunCGIScript?host=$sslHost&port=$sslPort&cert=$testUser HTTP/1.0" > $TEST_IN
+          echo >> $TEST_IN
+          
+          echo "------- Request ----------------------"
+          cat $TEST_IN
+          echo "------- Command ----------------------"
+          echo tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+              -h ${host} \< $TEST_IN \>\> $TEST_OUT
+            
+          ${BINDIR}/tstclnt -d $serDbDir -v -w ${R_PWFILE} -o -p $port \
+              -h ${host} <$TEST_IN > $TEST_OUT 
+          echo "------- Request ----------------------"
+          cat $TEST_IN
+          echo "------- Server output Begin ----------"
+          cat $TEST_OUT
+          echo "------- Server output End   ----------"
+          
+          echo "Checking for errors in log file..."
+          grep "SCRIPT=OK" $TEST_OUT 2>&1 >/dev/null
+          if [ $? -eq 0 ]; then
+              grep -i "SERVER ERROR:" $TEST_OUT
+              ret=$?
+              if [ $ret -eq 0 ]; then
+                  echo "Found problems. Reseting exit code to failure."
+                  ret=1
+              else
+                  ret=0
+              fi
+          else
+              echo "Script was not executed. Reseting exit code to failure."
+              ret=11
+          fi
+          
+          if [ "`echo $SslClntRevokedCertName | grep $testUser`" != "" ]; then
+              modvalue=1
+              testAddMsg="revoked"
+          else
+              testAddMsg="not revoked"
+              modvalue=0
+          fi
+          
+          html_msg $ret $modvalue "${testname} (cert ${testUser} - $testAddMsg)" \
+		"produced a returncode of $ret, expected is $modvalue(selfserv args: $sparam)"
+          rm -f $TEST_OUT $TEST_IN 2>&1 > /dev/null
+      done
+      kill_selfserv
+  done < ${SSLAUTH_TMP}
+
+  P_R_SERVERDIR=$OR_P_R_SERVERDIR
+  P_R_CLIENTDIR=$OR_P_R_CLIENTDIR
+
+  rm -f ${SSLAUTH_TMP}
+  html "</TABLE><BR>"
+}
+
+#####################################################################
+# Initial point for running ssl test againt multiple hosts involved in
+# interoperability testing. Called from nss/tests/ssl/ssl.sh
+# It will only proceed with test run for a specific host if environment variable 
+# IOPR_HOSTADDR_LIST was set, had the host name in the list
+# and all needed file were successfully downloaded and installed for the host.
+#
+# Returns 1 if interoperability testing is off, 0 otherwise. 
+#
+ssl_iopr_run() {
+    if [ "$IOPR" -ne 1 ]; then
+        return 1
+    fi
+    cd ${CLIENTDIR}
+    
+    ORIG_ECC_CERT=${NO_ECC_CERTS}
+    NO_ECC_CERTS=1 # disable ECC for interoperability tests
+
+    NSS_SSL_ENABLE_RENEGOTIATION=u
+    export NSS_SSL_ENABLE_RENEGOTIATION
+
+    num=1
+    IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+    while [ "$IOPR_HOST_PARAM" ]; do
+        IOPR_HOSTADDR=`echo $IOPR_HOST_PARAM | cut -f 1 -d':'`
+        IOPR_OPEN_PORT=`echo "$IOPR_HOST_PARAM:" | cut -f 2 -d':'`
+        [ -z "$IOPR_OPEN_PORT" ] && IOPR_OPEN_PORT=443
+        
+        . ${IOPR_CADIR}_${IOPR_HOSTADDR}/iopr_server.cfg
+        RES=$?
+        
+        if [ $RES -ne 0 -o X`echo "$wsFlags" | grep NOIOPR` != X ]; then
+            num=`expr $num + 1`
+            IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+            continue
+        fi
+        
+        #=======================================================
+        # Check if server is capable to run ssl tests
+        #
+        [ -z "`echo ${supportedTests_new} | grep -i ssl`" ] && continue;
+
+        # Testing directories defined by webserver.
+        echo "Testing ssl interoperability.
+                Client: local(tstclnt).
+                Server: remote($IOPR_HOSTADDR:$IOPR_OPEN_PORT)"
+        
+        for sslTestType in ${supportedTests_new}; do
+            if [ -z "`echo $sslTestType | grep -i ssl`" ]; then
+                continue
+            fi
+            ssl_iopr_cov_ext_server $sslTestType ${IOPR_HOSTADDR} \
+                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
+            ssl_iopr_auth_ext_server $sslTestType ${IOPR_HOSTADDR} \
+                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
+            ssl_iopr_crl_ext_server $sslTestType ${IOPR_HOSTADDR} \
+                ${IOPR_SSL_CLIENTDIR}_${IOPR_HOSTADDR}
+        done
+        
+        
+        # Testing selfserv with client located at the webserver.
+        echo "Testing ssl interoperability.
+                Client: remote($IOPR_HOSTADDR:$PORT)
+                Server: local(selfserv)"
+        ssl_iopr_cov_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
+            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
+        ssl_iopr_auth_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
+            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
+        ssl_iopr_crl_ext_client ${IOPR_HOSTADDR} ${IOPR_OPEN_PORT} \
+            ${HOSTADDR} ${PORT} ${R_IOPR_SSL_SERVERDIR}_${IOPR_HOSTADDR}
+        echo "================================================"
+        echo "Done testing interoperability with $IOPR_HOSTADDR"
+        num=`expr $num + 1`
+        IOPR_HOST_PARAM=`echo "${IOPR_HOSTADDR_LIST} " | cut -f $num -d' '`
+    done
+    NO_ECC_CERTS=${ORIG_ECC_CERTS}
+    return 0
+}
+
diff --git a/nss/tests/jss_dll_version.sh b/nss/tests/jss_dll_version.sh
new file mode 100755
index 0000000..cb29c4a
--- /dev/null
+++ b/nss/tests/jss_dll_version.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# version controll for DLLs
+# ToDo: make version parameter or find version from first occurance of 3.x
+# make the 3 a variable..., include the header
+
+for w in `find . -name "libjss3.s[ol]"`
+do
+        NOWHAT=FALSE
+        NOIDENT=FALSE
+        echo $w
+        what $w | grep JSS || NOWHAT=TRUE
+        ident $w | grep JSS || NOIDENT=TRUE
+        if [ $NOWHAT = TRUE ]
+        then
+                echo "ERROR what $w does not contain JSS"
+        fi
+        if [ $NOIDENT = TRUE ]
+        then
+                echo "ERROR ident $w does not contain JSS"
+        fi
+done
diff --git a/nss/tests/jssdir b/nss/tests/jssdir
new file mode 100755
index 0000000..1609fbf
--- /dev/null
+++ b/nss/tests/jssdir
@@ -0,0 +1,28 @@
+if ( "$2" == ""  ) then
+	setenv BUILDDATE `date +%m%d`
+else
+	setenv BUILDDATE $2
+endif
+
+if ( "$1" == ""  ) then
+	setenv JSSVER tip
+else
+	setenv JSSVER $1
+endif
+
+if ( ! ${?QAYEAR} ) then 
+        setenv QAYEAR `date +%Y`
+else if ( "$QAYEAR" == ""  ) then
+	setenv QAYEAR `date +%Y`
+	
+endif
+
+setenv JSS_VER_DIR /share/builds/mccrel3/jss/jss$JSSVER
+setenv NTDIST ${JSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/blowfish_NT4.0_Win95/mozilla/dist
+setenv UXDIST ${JSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/dist
+setenv TESTSCRIPTDIR ${JSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/security/jss/tests
+setenv RESULTDIR ${JSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/tests_results/security
+
+cd ${JSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8
+pwd
+ls
diff --git a/nss/tests/jssqa b/nss/tests/jssqa
new file mode 100755
index 0000000..d5356b9
--- /dev/null
+++ b/nss/tests/jssqa
@@ -0,0 +1,220 @@
+#! /bin/sh  
+
+########################################################################
+#
+# /u/sonmi/bin/jssqa
+#
+# this script is supposed to automatically run - now a sanity test, later QA for 
+# JSS on all required Unix and Windows (NT and 2000) platforms
+#
+# parameters
+# ----------
+#   jssversion  (supported: 31, tip)
+#   builddate   (default - today)
+#
+# options
+# -------
+#   -y answer all questions with y - use at your own risk...ignores warnings
+#   -s silent (only usefull with -y)
+#   -h, -? - you guessed right - displays this text
+#   -d debug
+#   -f <filename> - write the (error)output to filename
+#   -cron equivalient to -y -s -d -f $RESULTDIR/$HOST.nssqa
+#
+########################################################################
+
+O_OPTIONS=ON            # accept options (see above for listing)
+WIN_WAIT_FOREVER=OFF    # don't wait for the NSS testdir
+PRODUCT_TO_TEST="JSS"
+JSS_NSPR_DIR="/share/builds/components/nspr20/v4.1.2"
+JSS_NSS_DIR="/share/builds/components/nss/NSS_3_3_1_RTM"
+JSS_NSS_UX_SRC_DIR="nss331/builds/20010928.2.331-RTM/booboo_Solaris8"
+JSS_NSS_NT_SRC_DIR="nss331/builds/20010928.2.331-RTM/blowfish_NT4.0_Win95"
+JSS_NSS_SRC_DIR=$JSS_NSS_UX_SRC_DIR
+NATIVE_FLAG=""
+
+. `dirname $0`/header   # utilities, shellfunctions etc, global to NSS and JSS QA
+
+if [ -z "$O_TBX" -o "$O_TBX" != "ON" ] ; then
+    is_running ${TMP}/jssqa
+                        # checks if the file exists, if yes Exits, if not
+                        # creates to implement a primitive locking mechanism
+fi
+
+INTERNAL_TOKEN="NSS Certificate DB"
+SIGTEST_INTERNAL_TOKEN="Internal Key Storage Token"
+
+################################ jss_init #########################
+# 
+# Most of the procedure is setting up the test environment.
+# set all necessary dir and file variables, set all paths, copy the shared libs 
+# Put all the shared libraries into a lib directory, <libdir>.
+# including the libjss3.so that was built by the build process.
+# set LD_LIBRARY PATH and CLASSPATH
+# The xpclass.jar produced by the JSS build needs to be in the classpath.
+# The classpath must also include the current directory so we can run our test
+# programs.
+################################################################################
+
+jss_init()
+{
+  Debug "Jss init"
+  #correct all directories that the header has set...
+  NTDIST=`echo $NTDIST | sed -e 's/nss/jss/g'`
+  UXDIST=`echo $UXDIST | sed -e 's/nss/jss/g'`
+  RESULTDIR=`echo $RESULTDIR | sed -e 's/nss/jss/g'`
+  mkdir -p ${RESULTDIR} 2>/dev/null
+  JSS_LOGFILE=${RESULTDIR}/${HOST}.txt
+  FILENAME=$JSS_LOGFILE
+  O_FILE=ON
+
+  MOZILLA_ROOT=`echo $MOZILLA_ROOT | sed -e 's/nss/jss/g'`
+
+  JSS_SAMPLES="$MOZILLA_ROOT/security/jss/samples"
+  JSS_CLASSPATH=`echo $MOZILLA_ROOT | 
+      sed -e "s/jss$NSSVER.builds/jss$NSSVER\/ships/g" -e "s/mozilla/jss\/${QAYEAR}${BUILDDATE}/"`
+  Debug "JSS_CLASSPATH=$JSS_CLASSPATH"
+  Debug "JSS_SAMPLES=$JSS_SAMPLES"
+
+  if [ ! -d $JSS_SAMPLES ] ; then
+      if [ "$O_WIN" = "ON" -a "$WIN_WAIT_FOREVER" = "ON" ]
+      then
+          WaitForever $JSS_SAMPLES/TestKeyGen.java 1
+      else
+          Exit "Test directory $JSS_SAMPLES does not exist"
+      fi
+  fi
+
+  PWFILE="$JSS_SAMPLES/passwd"
+  EMPTYFILE="$JSS_SAMPLES/emptyfile"
+  rm $PWFILE $EMPTYFILE 2>/dev/null
+  echo "jss" >$PWFILE
+  echo "" >$EMPTYFILE
+  echo "" >>$EMPTYFILE
+  echo "" >>$EMPTYFILE
+
+  INIT_PATH=$PATH
+  INIT_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
+}
+
+
+jss_mode_init()
+{
+  OBJDIR=`cd ${TESTSCRIPTDIR}/common; gmake objdir_name`
+
+  LOCALDIST_BIN=`echo $LOCALDIST_BIN | sed -e 's/nss/jss/g'`
+  LOCALDIST_LIB=$LOCALDIST_BIN/../lib
+  debug_dirs
+
+  #make testdir/libdir
+
+  JSS_LIBDIR=${RESULTDIR}/${HOST}.libdir/${OBJDIR}
+  mkdir -p ${JSS_LIBDIR} 2>/dev/null
+  Debug "JSS_LIBDIR=$JSS_LIBDIR"
+
+  #Put all the shared libraries into a lib directory
+  Debug "copy all needed libs to ${JSS_LIBDIR}"
+  cp $JSS_NSPR_DIR/${OBJDIR}/lib/* ${JSS_LIBDIR}
+  cp $JSS_NSS_DIR/${OBJDIR}/lib/* ${JSS_LIBDIR}
+  cp $LOCALDIST_LIB/libjss3.*  ${JSS_LIBDIR}
+  #FIXME uncomment above
+
+  if [ $O_DEBUG = ON ] ; then
+      Debug "ls $JSS_LIBDIR"
+      ls $JSS_LIBDIR
+  fi
+
+  #LD_LIBRARY_PATH=$INIT_LD_LIBRARY_PATH:${JSS_LIBDIR}
+  LD_LIBRARY_PATH=${JSS_LIBDIR} #remove to avoid HP coredump
+  CLASSPATH="$JSS_CLASSPATH/xpclass.jar:."
+
+  SHLIB_PATH=${LD_LIBRARY_PATH}
+  LIBPATH=${LD_LIBRARY_PATH}
+
+  PATH=$JSS_NSPR_DIR/${OBJDIR}/bin:$JSS_NSS_DIR/${OBJDIR}//bin:$INIT_PATH
+  Debug "PATH $PATH"
+  Debug "LD_LIBRARY_PATH $LD_LIBRARY_PATH"
+  Debug "CLASSPATH=$CLASSPATH"
+
+  export CLASSPATH LD_LIBRARY_PATH SHLIB_PATH LIBPATH
+  export TESTSCRIPTDIR COMMON
+  export_dirs
+}
+
+  
+################################ jss_test #########################
+# 
+# go into the build tree. cd to mozilla/security/jss/samples.
+# Create NSS directories in this directory with modutil and set the password
+#
+#6. Create an alias for the "java" and "javac" commands. You'll need to set
+#it to whatever version of the JDK you used to build on this platform. For
+#example, 
+      #alias java /share/builds/components/cms_jdk/AIX/1.3.0/jre/bin/java
+        #alias javac /share/builds/components/cms_jdk/AIX/1.3.0/bin/javac
+# instead $JAVA and $JAVAC
+# 7. Compile the tests.
+#####################################################################
+jss_test()
+{
+  O_FILE=OFF
+  Debug "JSS main test"
+  #set -x
+  cd $JSS_SAMPLES
+
+  Debug "Cleaning  $JSS_SAMPLES"
+  rm cert7.db key3.db 2>/dev/null
+
+  Debug "echo | modutil -dbdir . -create -force"
+  echo | modutil -dbdir . -create -force
+  Debug "modutil returned $?"
+
+  modutil -dbdir . -list
+
+  Debug "echo | modutil -dbdir . -changepw \"$INTERNAL_TOKEN\" -newpwfile $PWFILE -force"
+  modutil -dbdir . -changepw "$INTERNAL_TOKEN" -newpwfile $PWFILE  -force <$EMPTYFILE
+  #modutil -dbdir . -changepw "$INTERNAL_TOKEN" -pwfile $PWFILE -newpwfile $PWFILE <$EMPTYFILE
+  Debug "modutil returned $?"
+
+  Debug "$JAVAC TestKeyGen.java"
+  $JAVAC TestKeyGen.java
+  Debug "$JAVAC TestKeyGen.java returned $?"
+
+  Debug "$JAVAC SigTest.java"
+  $JAVAC SigTest.java
+  Debug "$JAVAC SigTest.java returned $?"
+          
+  echo "Starting new jss test on $HOST"  
+  date
+
+  # Run the actual tests
+
+  Debug "$JAVA $NATIVE_FLAG TestKeyGen ." 
+  $JAVA $NATIVE_FLAG TestKeyGen . 
+  Debug "$JAVA TestKeyGen returned $?"
+
+  Debug "$JAVA $NATIVE_FLAG SigTest . \"$SIGTEST_INTERNAL_TOKEN\""
+  $JAVA $NATIVE_FLAG SigTest . "$SIGTEST_INTERNAL_TOKEN"
+  Debug "$JAVA SigTest returned $?"
+
+  O_FILE=ON
+}
+
+jss_init
+jss_mode_init
+
+if [ "$O_CRON" = "ON" -o "$O_WIN" = "ON" ]
+then
+    jss_test >>$JSS_LOGFILE  2>&1
+else
+    jss_test 2>&1 | tee -a $JSS_LOGFILE
+fi
+BUILD_OPT=1; export BUILD_OPT; Debug "BUILD_OPT $BUILD_OPT"
+jss_mode_init
+if [ "$O_CRON" = "ON" -o "$O_WIN" = "ON" ]
+then
+    jss_test >>$JSS_LOGFILE  2>&1
+else
+    jss_test 2>&1 | tee -a $JSS_LOGFILE
+fi
+Exit "jssqa completed. Done `uname -n` $QA_OS_STRING"
diff --git a/nss/tests/libpkix/cert_trust.map b/nss/tests/libpkix/cert_trust.map
new file mode 100644
index 0000000..c992435
--- /dev/null
+++ b/nss/tests/libpkix/cert_trust.map
@@ -0,0 +1,6 @@
+TestCA.ca CT,C,C
+TestUser50 ,,
+TestUser51 ,,
+PayPalRootCA CT,C,C
+PayPalICA ,,
+PayPalEE ,,
diff --git a/nss/tests/libpkix/certs/BrAirWaysBadSig.cert b/nss/tests/libpkix/certs/BrAirWaysBadSig.cert
new file mode 100644
index 0000000000000000000000000000000000000000..30d2f18c3de8a537b4f48b5637240b9711eb4834
GIT binary patch
literal 1647
zcmaJ>X;2eq7|w1s2_bTs7$b75*drV!-vS|kU`uEO${`RyMMqhZg+!Jt?k<GVike#L
zQLR=7500V~MMdjX9LI}#K`U)_7_};BtL@Y}Euhdr#-rT@aY}#m`?c@)yzlc~-?P9e
zE&@)GsX+)sFzmVDq0VbnN5HyH7r*oMhvh#4H?cIRDzR$F4T3}>0a$qklL4t%n2m_#
zaJC7X3?}i0tK2<@plv2wp*;jmvYR!SKk(%NnOr#rpjmV&!=h;f>!9c&Y$k{rbqLKO
z=wb$?3eZx9KyenevTO+xt<^dl4ow-y%5bb2GgYjmOK?<e4g?WcB#7XHg>vmH_IMI!
z7&Htuma~N2LRioooU~bR)<)S;lPLu?CB&ogalmh~8;AsY3<D!4mouYyGc-&WrHjf1
zPACYI123^GSPUVMQy&9ELOGmZz@~yJd`b`b#2icmLQpOrU$0K1&JV=AfCmqX<Sqcy
zkDPyvi3|1w?mX_LkYvr(p-~wr*hJvT-?+%7sWyv+Bp9N6j76ewNu)~c3`se-DmA>D
zRPkmafwNYca-fM68fv$ovq_4gQ6tWcbgs=_h#EK;&9q>?U@9Nss!$kc8*5{%Xq=69
z;O{XZXgX=ef<Yh;%M<~Gp_H-N35Elb>;*JOM3<V`Qkp<bQ~~S2X<}@NLWPpwMgAxs
zK1#=Lgqv2tzh4L>5(u4;hk(0xg`E&2=r}v9QBND%JH)u)kJ=9O#$Nx1@s*S3hB8;x
zd`(8&-1<DI#&OQDApOGL<HKQc#jU4Tf*(CBx&QIL;?2$^zl@NspSoXoZ!GFrT5mZ@
z{#v@DRyRN0oVzBwUgb8c@#4|H%l22kJ@1R!f#LiQJNN7fQg2^M>({oYZ_N4XI3Ba3
z$|tX+`-iH=^C_ROGVk_-#7z6_T@}dsx*79*X8tVOa#a=oEXH#0%j~<$FV=4BT7B!r
zszrknGs*{c`4w-|DA@wj5MfMc6;r>Qtc$o&-$i*huK$i*VgIPU_wFUhhPZuCH=n&z
zS1CHQ+M4I8v|f0taZ^n8!Q^9ge`QrCompJo1q&eo)aZl;xry|T=*Cx$z(6n}4qtaf
zi6}ZvElbw)K3^DgY4L%8d%@4HW*is*GHyq{9ta|YMGfE`-awI9z)MD!SCt4=JuyO(
z$zl)$)M6Lzp^8Kj7*hKDpK!n|p2Z*0104u!z#6nwGkAASX2zT(J4?<m)8u%yjoya>
z5TW5PE)y63Ix-FTkEIksufAZhbhIu50&xzU=X68`lq(cz@g2TpeR@;HoX7L1Ed!DF
zuAROM%Esa#2w4KGAb89MP?i7qswgv4GOjFc1TQ-V@PAvtZTL9fm#vMqK+wQG779&3
z@<HCtMGXr<E|>>$lu}zUUPx#QZ3Td95J<$LV0R(xjVO|fPN=KJ6HZ>qjI0T4NtUde
zCQ^Ynl&`(4lB5c$@hQtV*%nfmhNl|;@8pyL3FbEUKa>4_Ll{WGEoEua+>-gt%aZzB
z+fpw-@~rRN+?sZz-8!^A4xb+McuKyixuWQM#HDLDdA)DtV906-o9TY%Npy3Q|C83W
z7y7kr%VSYlNca8FEof}`i{pLoFIVS2|Fb%+$)>$12%i;R86CbX=k!`BaVm7T`Tq8U
zZV$SQhx(I0_@js1n^}{Do!XRgY>jSxbY(}yEYoKX&R@>I*&ER^X;W>nD$Ul3ew*BG
ztX3aMCH6HPbu4RrFxa_)^mnEn4za3W!|=}QOSWeI#-8Z@yvT3{PixR$dv{L6BJXR)
io45O#&h_Z6`@MI6+IGj7-r^J2!_?hYku`$Egns~9Y%28t

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/CertificatePoliciesCritical.crt b/nss/tests/libpkix/certs/CertificatePoliciesCritical.crt
new file mode 100755
index 0000000000000000000000000000000000000000..efc2f2cd54ff7b61219aeb238c376f6b3b6b885a
GIT binary patch
literal 805
zcmXqLVpcS0V!FS8nTe5!iN$iSVz~h~8@pDU$2kiYW>y9RJ40>*PB!LH7B*p~(qcm%
z11=DUOPIO1G|y1LfDgpu7G^I=EiTE-OE=^<;Dv~=6&IwYCTAGPiSrs57#bKD8yT3G
zn3_k4^BNf#SQ=RXxuyn2Q3gJgnGbUivoLdNS*k%3;|?I!fq8%t$dPAiY-IRbAKWNg
zDx?{7-)oNEn<vk|32qOvdGEq-SkAs-TcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay
z)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMccdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5r
zLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{
z_lFBwug$i-cY4q27_%MWJ1eKG-~G$#RnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;
zRDR*3Att>2Jf~65iDeIM#HzYOYI-#uEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TG
zz7>HJI#)E`e;D<2KHH@3w77=qP}LMhAM1bTJ++t{TNyy^SUu}Qx&Jx6w9k4;g=Ic-
zFKHLGNGkk2lK<$WKveE!h7U6Do@?#6KS@Q**D|3~C3$Q5Ikmj{zv_Hff&#y?&y7}F
zFn6PJft~iIM+|F@@n2QWV^(SUu%<igYwed<dG3fF_Kr^*ub!9gs7siA=j@|1Gp+=9
z?m81^VD-Ru$wh<3H`A0CM;k;Mm;w`ztO6tBe->>6O#^i{W-VrR0|f&)HV$nzMpjmK
zCPp!#jFOT9D}DX)@^U?38q`b9&o$r&Y2ycJV`XM$U&a6t5C#hvFas%+G|jBfV4%Y!
wqJQl8b>rU4a`rc3%;aZnY^=_`x`0VUtX+xw2b=7z_%4lLn{|u$>LeYy0opqrKL7v#

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/GoodCACert.crt b/nss/tests/libpkix/certs/GoodCACert.crt
new file mode 100644
index 0000000000000000000000000000000000000000..5aecbc0cfca752f79f51eef496f451b8b0e1088d
GIT binary patch
literal 625
zcmXqLV#+mWV!XD1nTe4JhzxkyIJMe5+P?ELGP1HV7&sVm8*s8QhqAB<Gld2lN*PFi
zI9$SlA*sbB3eKrTC7EfN$%!SY#fG8=!XP<jVV;npQlO+`UUEi$k%62zuYsX~iJ_&T
ziK)4fL6kVJAu`v%ns^%o4EP{6u)F8yrzki(8Z^#Fb}%C=19M|9gF#~_Q)45;x<jT@
zxu<J0Z}f7W>bm&DG+}{lTqVmlUVgNxTWXbZZLjX3&&<VLhrYe|`<^rL`$?6xiw*DX
zHJBC|;mO~${ALr!?fu-}%oMjdoycFbxWPOq_tjs<^*NO>)3Q$HdwenE*uMBYTZ_NI
z%a~mrIjk{RUObaEbrm!1W&TW)JM&^*m9RV$Gb01z;u?c019_mUWtCYZ48$5le&<}#
zZJc*Xy=ors2Afy2_O$=^d}SaDQozR|#v-y^Z&}mnLnrpEs8)BmZfbmgmgtn@U|-Af
zGcx{XVF5-Hn}Ik;xdIC?I1G5$xDwht7*m1b28;&$APHfRLRJH2AcY(_z}RF4hDzVG
z^L3XTMZEVG{8%N>`cqW*0vE&8D>D+NrWAcWcV<?>=l{-!bU1E*=zV^38M{f*i`+TY
zWjoAE{+n^TWytKABY%AM2g{$$=CRKV<R!D8E8II)Z_>}Rl3Pye%l6u==^5)<)tb7`
h3&~zmWt(^H=)-e$Yd$)xx9WM(XkCAuhks($8UR(W)eZmv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.ca.cert b/nss/tests/libpkix/certs/NameConstraints.ca.cert
new file mode 100644
index 0000000000000000000000000000000000000000..6d2e8469dd5565cd2be6e184a713807506fae355
GIT binary patch
literal 626
zcmXqLV#+gUV!Xb9nTe5!iILHOmyJ`a&7<u*FC!x>D}zCbA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?WiWmri#F&M-fjotf)Z!8aXGa4$ab81XLn8wd14APtQ;R5ZUL#~Kom|m4AKCYe
ztPISJy$lA8olK353^x`f#!P7{S?h4|)wW%io_g~Ay2EkMfKTq!rrSF2TU43rC2kwN
zxhYZFYqY0r@~cTb#~&?KNoi*8l%Kw8nNxQ365e%zU16IySnymk+P;uAcw=chk8zm>
zli5SQ8`;Yf%+#uH&Ro3lZQ|0ucYKT&WE98moA#jc=&1tD$$`Ad<_Av}GBGnUFfKMQ
z&;v#QXF{6?W7`iWMn)DEW+n!910G<I$_lfv8Za|5{x{$T@%TYfjBLmr0!Ak@&?hss
zRkaeW)|NX>dc%CX-9vF@TY7`t%)7$ZR|N|&`qnaQU+81*-mu+*TSchEb;8t{+pf)h
zq`OO_KQdhUpv&|HHw-R2TVzbvbU3e)sF~xNtMac{#zc1?uT1ynoYy?pFC2?0I^|em
g5IJS;RF=rBU#X|Qv=wzNh}>qVy7q<Ehl}A;0m1FVM*si-

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert b/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert
new file mode 100644
index 0000000000000000000000000000000000000000..539adcfee927bdd583c848eea16281217f5b958a
GIT binary patch
literal 888
zcmXqLVlFXgVv1S7%*4pV#LRE|)qt0cQ>)FR?K>|cBP%O|L1U{Sw*e;`b0`a&Fq2!5
zAwN(7ki#L&=2n!Lmz-+IXTSpzU>9Z$NG!@MHWV=61M#_p*#ms_gWX;HU@EwUSzVli
zgFRt<W?@!OcV~S^LuCU+xSgDgVj`L8$%zid=_z@71-W|Z`K4ugX+;Kd;=G0?1||kZ
zhUP|wM&?oCyhg}e14krhh6ckp9KuY_j)pu2To5NQyXEH_iW`W6c+A3lY5DnjsTGO2
z1v#l8E1DRUkbTd{%D~*j$j<;2=VEGNWMp`ItI5Q~AaQwSf9Mjgr~2&6!*5xzZ1DVC
zq*{Ex@Y(0WZ)b&SPOQ@2zVp+r)FpgIM_t`MAJvYpX_6`I|51=T_uW?pu|>(6M%Tms
zeyV=0_J5&bLP4Su-`@rQKlXN>GcV*^+^Bam&&P1X|J%10zvw<*YFKjd^;K4OgXu=O
zUm21Vb21+3q~^-kpHKDb%C?Ev_MCf_ck%1B=@xtT6l&ZEX6q_9@2a16R72u&wpZ4Y
zd)0;Ax38^z@_8D^?HM7Lw|*&jTo~h6oV4L#+cN`gUYVtpANE#wcif3d40n*KeOmjt
z&-C2%GWC=j&9~nK=yzXatM6H>usd?nb&H%RnVk4$+f{p+m>C%u7aJJp83?j*CbW4l
zw*7EoWMpAsW@0-4P6V>TjEw(Tm<$*UxPc)o%MX%b-hmvZz!U`xQ$~hd!yTGyUNUvQ
z7hQJv*)wKg-=^>1ob-1E#HfWwov0{z%H%m&Y0{<}bywH;?%&g_!N1H}RHh{H{o>~7
zlRo7cG9EZ;owl%c`;@b+2PX9d9lo;e&xRKglV#p|Ec_I(Tp&4#LsnH~r{P`4jBmlp
zB^SAu%BD;>a^1mN@$syOxxuIE%?+RCwWrsfUhCnf$q@3Qf@{4GyYlC$*J91CIQD4v
zi;I<)P0M5dwbf<+KGExIZr+`uIaj-Q?*^VdWeg9jBM)e|AJ6}kn4Z=ceL2+3(Bu00
zk5aRC7P(JK(atz&Uy@(kl*FI^W5TSe7ZLjD5!e2{2-@}J<~o%om8t8`r0sX&$$UBY
F69A`lM??Ss

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert b/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert
new file mode 100644
index 0000000000000000000000000000000000000000..28f84919de2e82c0e0334e9da9c35b1c5482311b
GIT binary patch
literal 889
zcmXqLVlFjkVv1eB%*4pV#LRE|#ekQMQ>)FR?K>|cBP%O|L1U{Sw*e;`b0`a&Fq2!5
zAwN(7ki#L&=2n!Lmz-+IXTSpzU>9Z$NG!@MHWV=61M#_p*#ms_gWX;HU@EwUSzVli
zgFRt<W?@!OcV~S^LuCU+xSgDgVj`L8$%zid=_z@71-W|Z`K4ugX+;Kd;=G0?1||kZ
zhUP|wM&?oCyhg}e11BVBh6ckp9KuY_j)pu2To5NQyXEH_N*IWNc+A55Y5DnjsTGO2
z1v#mD$@#ekO^iy&-e+WGU~XdMX8?+GF*PwVGTbr?+8f52Fy&@e<Y|L{_7l$7aFwpG
zmTxlc{?Yx$<Hmd^tuxR1n}6}lzTxO`&~(C_5cV1Kzi?0g)#<NrYu2tiPOC-v<{W?M
z(CF#?w8<#k+kZu{fB40etGQpNm~0f4761JFX~xk??#I76=gT}1RMspw=fIsJ_$N6%
zxtK@q#d=1)(95ol$?wl8+*(sqo}mA@RibL4%%`(<%N2Gryk$CI_SF2tl}}B(b6u^U
z)N6j`a=7+%?UB<pJ12kpxXfV3yHAatJ%=-s%-p}#NB%e7?D}fS`lL^X<^=E3>;F{F
zymyktd&BQqXC-Gi-MeM##-Ja=qVH1o#%7(`V&9#u8*J27ovuG+VrFDuTx?*VXCTPN
znb79J*!IJTk&%UknThQHI2FhWGcx{XVKQJa;06Y<EI&w!c?WWs0+SRlOc@#CtIKD}
z_j#3lJM*RMw&>O`|MyF?b=b_AbFG>0`phSvPd(>+d!Xdx&Un5rT9KaTRcicf=XZ+N
z@iy37u&=w_`;epNmb2!OKfQmaHMu@qY3Jae#NPD1Izr01!6x<M!TfWJINHAF3;sG8
zQP;}5{JG`HE`{a`b85=h9GD<_cS51jJ$vV;Guzjzt-ow?`tS8`-InKq4GYQ)EiX$r
zJ8R|bJ#PH>*34x~vR@>>Z0QWsn^v5E%q9MdryYxc&A%???e`jfsmu;tUwY+(*u-~^
zmwwO7U&X<BCtT6x(|@n#|9aILvJ=&2y;YR#+7o<eN$j8P3)7ObjyU?h{#Io1X+`U?
JJj=U_)Bu^FOg#Vq

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert b/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
new file mode 100644
index 0000000000000000000000000000000000000000..a3fbd91f3fd4521875fafd981592dd6ea263e2b1
GIT binary patch
literal 957
zcmXqLV%}-c#I$e$GZP~d6EnZ<X9Hd~POUbNw(q=*jI68-292$T+y<O%%%Lo7!c1;K
zhWtPUKn{m6n_E$0UUI4-p8*d@fL)k1Ah9U3*igWL55(sZW)JYy4|aF)gQ?&aW_586
z4)%ocnT1(B-JSIv4V4WP;dXK|iiu>VCnq`-r>ErU73Aur=a-i0r4<>-iSrto7#JBC
z8JZgz8kt9l^BN&@2aP+M7?qHNkdc*vxrvdV!Jvtei>Zl`k>S9j&w75d<9<99zZ_V|
zKY#mfZ`+5)%YI&58)bMZcWv}r$tWY)m4?yH@2n-8CvA!0mnnJr^}W*K8%isL`6SHM
zLRP=4x^~saDLtq0FOOU8jhowhx5<<V3$U%)EK#DzIn`?6!WljP)s&~kwl7?f`>HqX
z-fD4Y8Cwwr0sUkD4^6v#E`C1$l@8gh7dL)8uuh&!X8)Gyg7vx4%N~FGb9?VWt0u-6
zal@|~rhi;M=s)K8dV8~gKwNR{`^wn?b3TO_y%LWs*8F!#a^8*Y%A4%I`9D+L{Nd?m
zNuzZy7QQw9IcM(<cTcsZEt7)NZaF?$pD>~1GW*n=)Jj#+sq+lW^`8De$8vimBNH<t
z1LI-?13d#lHqL}L55~41PK=B!EX+&{?BJ9nE6l=bz|6?_-+&vKj%4{kQjBcKVG2x^
zz%XTGus=|A_4?^wku6v6$2rFK-#n<`qNtg%_wj}cPRc1-O<9|`O`FOJr~KQs>eZep
zjr{W8S2fP<cr|ymZ_v6wax3;Y>*>x?eGzpa_|>Z?#vgy(@%<p5@hdywbLn!IG<L_x
zeTx??T=mCttMx|rFS82w|Ia%zd;9bLKkr}7*z=vexc>$ROVejD1FJ>hLf$ow+onwW
z)f3a7qNw=S?DR{&867n<bNu$mlov04+vfiJMNE9;r2Us9rkY;+`l61n(C(L_ykOVD
z4_}@?)IH>R`q1jI9qpTBbGMeH)(M|J!T#;t_6uirINY9{dh)>6qzOrhRZ+)_Pd!Z4
Ua?VcT7FesGx!AvW{(`D#0Hd~F<p2Nx

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.intermediate.cert b/nss/tests/libpkix/certs/NameConstraints.intermediate.cert
new file mode 100644
index 0000000000000000000000000000000000000000..a310aa1acd189597bb386504888c3bbf2bf334f0
GIT binary patch
literal 662
zcmXqLVwz;o#Q1vwGZP~d6QhU$FB_*;n@8JsUPeY%RtAF<Lv903Hs(+kHesgFU_)U8
zK@f*Sn9DgaCo?U-C@(Y7P|QFCB*-qz>ziMiSCW{Srx2EzT5c$0AOI5Q66SRBcMlC#
z@Cyz$6fqD2i7^Xv19=J|sl_D<&W;9h;=G0?28ISeY-D6=5hc!RWNe7w8st#f6*2}=
z5LXC;T;Z8ll3J9Tnv$7Vk_vK7<9y^$U}R-rZtP_+XzXNaY-BjZ_xQFz_0&0s8IHY{
z+IBg|bbG+=5Pdt2lszoF{+Hjql>FI!&q?tZ$GEe+SN^jlEmao}zmdQDY3`Qg(w79p
zxG$V$zV~CV^<Uw>@O+sa8^o7csg)=nzW0ddbdh*0kIKIDrPgosg5`foFYb?<|141C
z;4ihfsTpBWh0Xg_7AswE5oTg$WMEwEW8ejh2+o8y55~41PK=B!EX+&{>|jsH%CP_=
zX#u|hZxe@JYDHphK~8D|BZC1C(8IFAEUX61jEw&cxIsLAkTym(WX}SloEhlLMkPjz
znY-5*GSrLPGrh@+t~N70%kx+}{N>FPf4J91D4%wlH+`LG!<Pl0)+h?SUK*+Dc{Wi)
zFNfdTeCM{HNi+3brf;%we6?J?@b=<V;llx3;U{*hoDsKDzy7}J!@6U_c~P6J?rm-^
f-#IO9-L6$%zZeQJ9aQ03S!`(WfBOS@-4A;KKLpM_

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert b/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert
new file mode 100644
index 0000000000000000000000000000000000000000..fc4b7c1c1b13e50bceb9e66e6ac3a8e7402e6b16
GIT binary patch
literal 644
zcmXqLVrnpGVtl!PnTe5!iBZ&mmyJ`a&7<u*FC!x>D}zCfA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?W${0w2#F&MJfjkAzypq(S+|-oJ#FA76XGa4$ab81XLn8wd14APtQ;R5ZUL$0#
zK^~P|BWEB3ag8Vz*C-enG|op34@Oo7=EhzIgT_v##zuyNZ$k>!t^9uSOtw{N#rD-H
z#lk-?PKoKzEJ)0|xZ-?TNv4R<D$$Hh-2!s6?N6WmFQ_H_E|0zW)25=${q@TOQY}_4
z-k$o6Z%P}V*R11NjHy$WEALR^;R(riR@8DfiMDY)xsUts7uV??TK*4?NA`)I{+B4M
zrk<ef6g*X0d-Ao(^-Ro+42+8n4D^6e!kN(K!Pxf0iII_og_((g-GB$^Em>g}Rs&{6
z#{UM~ARa$RijfW3L%;}T2Kq!JtM}2lh7kAj6NBsj^QpVmB$eH6sq_{7V3ee7HD${4
zN_pv<%oolp{_o2?CZ;*#Vn<M5(L#?m59^xV=AKT}yBw@PU!(F}TT0f7=6i;>zs|n5
zdD@b+{B4TbVOI@Kq)Ys6I<)d*fa~R3ZA<)&8oUZqt||$a`hRYebj(qhDr$e}Apj<%
B%T@pY

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert b/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert
new file mode 100644
index 0000000000000000000000000000000000000000..051e55e560daa28af0883e70aa6be06d324a4e22
GIT binary patch
literal 716
zcmXqLVme{a#ALXDnTe5!iBZ&mmyJ`a&7<u*FC!x>D}zCbA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?WiWmri#F&M-fjotf)Z!8aXGa4$ab80c149EKHZn4`h!W>DGB!kT4RWdM3Rweb
zh$}=uuJFt&NiE7vP036wNd>yb*r0JfaxgHmGB7vxG8i;=GBq|bJgnU_+sN>HsfgT$
zj(J!7d!`%ZeZG_UFnaQljIs;DtyxKbH`cu}^qQ{f*|6AW?d)foyfb7T`)b@-XHs*2
zYMH=lh6d3~2@bxx8`ZweJ;$T=KS=xHu4P#^V)IzJbaU3X|4iC2%UQ(6V||*t%T=ZS
z&N=m*9?!0PHJ!ohrO%WirsvAU%*epFxUs>Y4j2`j32h#XZ9kkC8Ch7EnHbm&{D9t)
zm1A)?a9!YRAkf5}mY=VeT9KGrkdxZL$Y7wqM9V+}DJ)BiVH^%&rsPCJ9s@2&j4`|A
z=YurxfXowSVKrc8Wc+Wy4dU^GtYTzC4k2JdVFm_`@Vfba5{zv3bAG2r2FyxlHC0Hd
zc^fnP#%=qJvD-Ix<lJ3yn;~tpy5cmOX14|RWSWgH-evpWa5`D+=N#r5Mpbsx?N?R)
z=zr04(ti<{l==1c+y9D|Pv69G>ge``oBvP{dk~%Z(d+%3A6lK?vu2dujlXAYQFl;Y
Otyo@9?7dOH_eB6WAJyIf

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert b/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert
new file mode 100644
index 0000000000000000000000000000000000000000..6e7efd53e3a8cceb376c976a68361fddff4b1ead
GIT binary patch
literal 607
zcmXqLVv06sVmz{dnTe5!iP6@8myJ`a&7<u*FC!x>D}zC<A-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?W${I+6#F&LefIJ1yypq(S+|-oJ#FA76XGdcLIdNV?V?!eY69YpdBU6hgab6>2
zu7L-tbD(bH5N2|AG~_Yhf>_7wmY;7ZXCMQyNEC}j3PuKv^O3#E$jZRn*vnwh*vZt`
z$gqd!{qmz4B1y}ptkhgPxkh1c+L^{_4$6V@@1`E@*H|I-y{;^OndRo~M%@jezgDGn
z&M|x+Ca3VWY`$x{U^3syTRWaC-uP;t*n=mWMyF#Z89mzlpk%?5S;<NYw?$UCdM)AX
zSw5k+$e8`+(x&Sb((g;G+fG+`_ONPk?`3`cYvum~+Dy!h42+8n4D^7Z&6&{V!Pxf0
ziII_og_((g-GB$^Em>g}Rs&{6#{UM~ARa$RijfW3L%_IW2KvP1PsSU08R5+6VlLhj
z%Vd(}KTWHDd&A}7aTSdn51Z#46^zb&UEtdnH&K`0__^W<DdUM&KC2u5&ys&J<=2M~
zM`m}w^<UChyERSs`HFvn&lp<`-7IgK8vHpHJI6xQV8(gvmh9OAQ++IEoh*AAwQ_xq
WbVqDx@U8h1d7kkpbM{{RB?tf=<-|k)

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert b/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert
new file mode 100644
index 0000000000000000000000000000000000000000..823eccc05435bb5a0a07d4968b767cda82a11489
GIT binary patch
literal 612
zcmXqLVoES*Vm!HknTe5!iP6r0myJ`a&7<u*FC!x>D}zC<A-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?W${I+6#F&LefIJ1yypq(S+|-oJ#FA76XGdcLIdNV?V?!eY69YpdBU8&Lab6>2
zu7NMAbD(bH5N2|AG!!)8hgiqqUy_kp<X@C-C}$u8u}u_<Z3;#Pjq{QH%gD;W+}O)t
z(Ade;*vRl+H^$fXX9zntn{Y=i^X3;^=OhA|{U4=<sjX)Hv3&LZNVCG{OMNHanCTm_
zspwo+Lcrr?F?NP8<;wOS`N3Z?Atj;pj@_EK1sh&6m1(zf?w|3jEPU;g<iDq$zL_jw
z9Ivw7ZpM$M&jSB7KJE#aTYSUvz-5(>%lMM_-1z^f-fN-e`&uSuMh3>k1_pY-Am>bI
z^I&ZI;l#+u!otkNz;3_;^p>nJ3#$P$BjbMqZV-<jB*n;v>>*$TG6Q{bC)(-R&54rT
z8;@L;4Hv(Ve90oWCY{}7f1t(bB;BNC72-_`x*wNb3b>eG&aZRp)yCOER$(WS*S4+d
zVlaz&+v=*?*6`WljkbPzndF8H=C76WA4lGO!Y{VM_f+)s+bw3(Me9#z-qL=)$LG_<
agIs*F$q6TSGM(R=qO8w7$GA%_+yVfkYQ|as

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert b/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert
new file mode 100644
index 0000000000000000000000000000000000000000..a2f17054ed2db8ca6c764ae24b48be9641837ef7
GIT binary patch
literal 611
zcmXqLVv09tVmz^cnTe5!iP7GGmyJ`a&7<u*FC!x>D}zC<A-4f18*?ZNn=n&oFpR??
z%;fB7C}to6l3^F-_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV_yq?Wsv0PR#F&L;
zfIJ1i#N1Q`=ls0lk|Ln4)D(rF{QMFHXGa4$ab81XLn8wd14APtQ_CoEUL$0#fe*|D
zSezqhzz?yO!@ndWwaC9H-B8v*8e*#m$X3t1lGLKy)RfG`5}@slW(JM(k-f{v%D~*%
z%V5yh$<)}$aQ=#pjm?Spu&=XDHeD3)SRpKOIN0^W2Y0nqhmtI_L#0D*oR+nF!}?r7
zTH?U1Wm=yD<{awXTREZkY|Ppdteh-AqLv4T%;H|+`A@Cqn~Ge##1+vl%h1f%zl6#)
z-kjca`#t-sd5a4RH)?0DQkW9>%&LNe(ePXP0WqNz-zR&ebbcRZVrFDuTx?*VXCTPN
znb79J*!IJTk&%UknTdhjfCuO+Sz#7d17=3X{|4M39zRHmkqy~H!1!YZ`ow774jzkQ
z6{S+k&{OLUPThH7{_R5|?&mf<>SxWrGX3!S81XqxR{|`X**(t`?|l34-I~H(q1A!4
zLE^4cZhPjQ*u&*(FZ6Bxb<dN`6OO1_7!=-X_WHQ-wR48o?g@V)0~apqXWrYh-6+W{
d-s!`xf0ifPx)1*pYgnTG^l)}dWz;?^T>#?D#kBwc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.ncca.cert b/nss/tests/libpkix/certs/NameConstraints.ncca.cert
new file mode 100644
index 0000000000000000000000000000000000000000..ecb24c7d5006ded15e110714f0cc3c70bdebbfcb
GIT binary patch
literal 672
zcmXqLVwz*n#KgLQnTe4JhzxkyIJMe5+P?ELGP1HV7~~pq8*s8QhqAB<Gld4jI2^)E
z&W?s+1|lFCc41!M{L;LV#LPT}u*}qQLm>kJkT{nxr<1>XXt07`aIm4Ofig&pSy%?h
zQ}9d7O;vEt&nqq|0_sXlQ3%S<FHvxIG>{YLH8e3WGyq~FBU8&Lab6>1Lj;%J&S{*F
z93G6U49tza3<iyzOpT2UkM13Lyqxp#=GKB|xAv@8(KxVXrp3BfJB^lx&y^`>Q#n$Y
znOr>G#l>{~BlE)Ez3*9k&nz(H{&PDwqTr-PqQ$per=;KUJ=`+0VroV4qjbgGm7lyc
zWfHj*c`g?4TKt(>+Uohh`+;=kv|jd~>k2=gS2bC9DS7t=)oJ{Pmen6}w|y(k#LURR
zxY)<Q%RrEgGoj6cvF(QwBO?n7GZO>5ffO*XW#w3e4FnhP8}K%9=%rR9<`(3nHZU?6
z@POomSy&C285#c@aD#aKAZ?6n$esm8J~PmlEg`34xROO!ZssRnQ|fe`XngH++7Y%h
z@fRk}d65=zw9{T7;|)hz1M8!2sy9U?zIM$nR9@du`Fimbwd)B1KGyf$3iPi8=I(s7
zCR{`7=n-A%6Q_Hfv;0=5&-Gq8hh6ZJU)+q_Z<rpHENfV~_c!yS^1b(!d3I^<b9tta
L>-VeD(a!_`96HoX

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server1.cert b/nss/tests/libpkix/certs/NameConstraints.server1.cert
new file mode 100644
index 0000000000000000000000000000000000000000..60e8a1c698539c2806b32be68cbf65644fe8bb84
GIT binary patch
literal 660
zcmXqLVwzyk#Q1XoGZP~d6QhO!FB_*;n@8JsUPeY%RtAF{Lv903Hs(+kHesgFU_)U8
zK@f*Sn9DgaCo?U-C@(Y7P|QFCB*-qz>ziMiSCW{Srx2EzT5c$0AOI5Q66SRBcMlC#
z@Cyz$lrfM3i7^Wc19=Lbc_pbuxv43ci6yBD&W;9h;=G0?21W)Z28KpPrWR4+yhg?b
zmT;~?DwSO$Y9I`84NpmGafx1LUK!9=DF%)6k%NJem4Ugjm%*U1lc}+h;f48Jl~?;E
z`{soN&UH^n-Mvfwu6$v_r6UcFA&=L-pE!5Lhhwg5bAPe1r7m3SrK+!ZsJNTq(Q&0|
z0`+%2mOHBO^x4nZ5_2!%b-=B%r;e{9SIz8l{JEjh=4SZ!9Rf-5+wRKtd~4aC8D1)T
zGeJ!9f?Ho@2ZLxU*RA7U8eEjrUfgYEVrFDuT<mG!ZXgbHx~w3JfB|0<s`CZeI1}1D
z7~6h0F*35SFf*|oFyH~H6=r1o&%$KDV89LH@q?t8cOd%|7~#x7FV^VVyew7HdvAQi
zOob(7pUT}EECK<w-0s|Q%Zgih4VO47UJkUlpBKFF*th(TU+%pOut@D;oFKudY{U4d
zWBvJj{#!lQ3QjUues0z1Iou=gG(B1@M|!T$jp|!Z73XQpEe!GB&=T%*qIP1*G@JC|
XZ&9hcuSyv>aT*+&wpTlJZ(IogmPXL&

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server10.cert b/nss/tests/libpkix/certs/NameConstraints.server10.cert
new file mode 100644
index 0000000000000000000000000000000000000000..21d9e876799ac65ec5deb3c584aee2e9b5cf4ac9
GIT binary patch
literal 560
zcmXqLV$v~aVw}2wnTe5!iBZRZmyJ`a&7<u*FC!x>D}#ZDA-4f18*?ZNn=n&oFpR??
z%;fB7$Ya0-lHn3&cFWH<lrxY4@tB20{epuPJo8FYi*i#_G80Qu6`UOvj11(&c@0er
zj0{W+42_ITEu+MFjf@Q};amednBfF%5-|{h*u<TbSfrO)k(gVMlWNd7AKC4UtPISJ
zy$lA8olK35408^BI8|0NXI_fV(OZ6j;xS4wkB^<wnXz%PWbk<<?rqzwcAq)(Bh|cA
zuR!Bdn$4N$OD5H9?cZvyd*15^H~qgUx^u%6!@O?JKhG<l-Mh8ScW0pI8_o=^GZXg*
zUg4ZPDSd0^^;t*vv^YB#@a%t3=EL#6`;Tm`gh}$9_gm5p?Lu$(GBGnUFfKMQ&@&KZ
z<4kDtU~K#0#K_3P!py{Wz<>wn8ChXQ#{Vo#1`Gz=ARa$Rig^dJhk%j64D<=F56AXX
zc@<Mlb4>i^iZ;e4Shgg_&9`J;zPx+$uOziq?^pLePSP?ox}YJsK<Qw=$0NoG0nD<I
zRWhu1@94HmTryU_n4o?vVZ+aVi%zeap#C+}ZOX>uKO$qCE*^7B%s8nMp``j(C0yr0
d)Kw{?`cj{C^G|*5jZd!~X<nDQLaAu-2>=;Sw*mkF

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server11.cert b/nss/tests/libpkix/certs/NameConstraints.server11.cert
new file mode 100644
index 0000000000000000000000000000000000000000..c458c8ce73bbe8eec153983fa92ef314bc6d7947
GIT binary patch
literal 585
zcmXqLVsbTTVqCX?nTe5!iBZ>pmyJ`a&7<u*FC!x>D}#ZDA-4f18*?ZNn=n&oFpR??
z%;fB7$Ya0-lHn3&cFWH<lrxY4@tB20{epuPJo8FYi*i#_G80Qu6`UOvj11(&c@0er
zj0{W+42_ITEu+MFjf@Q};amfInBfF%5;YKp*u+zuS(2)kT9KGrkdtcAI3L;ZjI0dI
zjlB#8jh#%5jSSn|mT&IU{O=)LBCR!jUXQNVOzUZ0%GS)Ktfy87u(NO9ykdg}&x^~`
z->4X`J@X|XB!;_nRY#WkmM1GjcwBaE+f=6e?$oY$#Yb<B>g9hAzqLGHyy<mVunU*n
zwqkZ>hTs1`ac!CrQM1`R-j{U>)4i~)4=44M#LQ$m4zYSq?etnTor#%|fpM{ift!IC
z(CM;*Ec^z%P26eu`Eb_@vT-J~c`&y9aAIU+VPR%sJ7B;AQYy^I_@9NzfWd$p#N!7^
zG4DY3C@_|ofj&%BO!PjYEw;_{W#(n;eGX68atfJf&D5QEVdM4AuI~}2B2Vrtc{6>>
zEvGHH7PD`~_)Ussz5V^HlZOiP;yH@~&m~U!qaa$4_ew4A{_Lq21mm>QcHGN7vi=`;
umvp=RDWks$%a!-!W*)Y@pqU_azrAzkZvA<`<s0{0dF0gmLnL&MwI~2&h`N^m

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server12.cert b/nss/tests/libpkix/certs/NameConstraints.server12.cert
new file mode 100644
index 0000000000000000000000000000000000000000..1a4e6fec2a9bb5267f6919e27a72ba594dcb0b41
GIT binary patch
literal 562
zcmXqLV$w5cVw}E!nTe5!iBZphmyJ`a&7<u*FC!x>D}#ZDA-4f18*?ZNn=n&oFpR??
z%;fB7$Ya0-lHn3&cFWH<lrxY4@tB20{epuPJo8FYi*i#_G80Qu6`UOvj11(&c@0er
zj0{W+42_ITEu+MFjf@Q};amd;nBfF%5;G8i*u?9RpO;!(qTraE0kq1XaXzx^8Ce;a
z8+#cH8atU98ySwqMumGdKV7=Rv}UT)m5mD@_-Dy=GxTqoX5#elLDUArp3R)c#F?gS
zyW?<3Q^{AkA$|6{E+vC_SrNOwuRC`CSh97e*Nuti)+d@(ToC?L@HjCltar){e?`kL
zk#7!k^|CsrUpsQnT<6KjY6a#$!m3B4tDYWVG{1T6u;^9g`P+>AUotT>GB7SSFwip)
zWaCU|^I&ZI;l#+u!otkNcEErK=p9*MM#ldvOa=@F+#nu5NQ!v}vWI}t!3^|C;U@!;
zH1VxZgYNJ7qyA^ID1*~}zI>&vho;0oKT~s9bP`u}*-^jjhTp6@`*o(}E;(K0b6>uz
z(?ribF=%(t#-~e8?&`eVJ8#k7UHWI&sZ89(^O^aQ2Fp7|ZKpH2{Yu+g1iWWIty<x6
f&gVe#_3npO=j!@jA7o-lTN`ASC3-j5JCp$c1Maui

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server13.cert b/nss/tests/libpkix/certs/NameConstraints.server13.cert
new file mode 100644
index 0000000000000000000000000000000000000000..8b7295fb28789b1f73ea9cb69488384bec30e2e5
GIT binary patch
literal 574
zcmXqLVzM%5VqCm{nTe5!iBZ#lmyJ`a&7<u*FC!x>D}#ZrA-4f18*?ZNn=n&oFpR??
z%;fB7C}_YBlHn5O@Gr?oE%Gl)H<UAw0SPe+i~0ozD|qIWq!#6-rer3Tq$)T&Di|5a
ziSrto7#JCt7#JEEnOa7P^BNf&Si-pm?l2pOvrfW53}PLBQeuf-T7JG>YDHphK~Abc
z<9uYFFtRc*H}*0ZG<GsIHZojif3fe2xcbR`8|KVz+#ixB=BF#XDz3ld-HiO-Uy7E_
z4VwR$C;7*km!aFQdwSlwwng7NeXVtSZsM!9*7INHA6|HaciT^aIiHHv3#Z#EvA@|f
zxm9q!Cd+H5vl++kg*}@dZLE=RWF8s8c==cRE8+X^o=lhEy(afV!e8bUSN(|t9lA`+
zj0}v64Gi=Q1lc$f+B_KBemF5Qvam2Su^lkr0eVPQn33^63zGqZ0XK-p50YZuf$Sk*
z)Gz~m;-GZ(KChi)^W_tt?9)0XUfI;bXjkF8W7~P5DL39kL>=3;@M&U@>_Il64Uc9|
zt9#Z}XS4aW?Nu)81#GVE_tuvGH~GDLv3!H*gns9w;@tXk97Q@ewLhF!yUi83V(R)u
o&*w*la4M)&txTvYde`yU@$}b1=E-qFX`lB@?S1PpBk!;!03bxdg#Z8m

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server14.cert b/nss/tests/libpkix/certs/NameConstraints.server14.cert
new file mode 100644
index 0000000000000000000000000000000000000000..8a989f996ad6ad5f84d1946d521da448a2608746
GIT binary patch
literal 574
zcmXqLVzM%5VqCm{nTe5!iHY%*0WTY;R+~rLcV0$DR#pZBUqfyKPB!LH7B*p~&|nyc
zLzv0g(NNHUA0)#i%;8^>ky_+mlx`?zAOjL&78dmj4p#8YD@iTNO-;#6EJ;;xc2qDj
zkQ3)MG%+wTFflMRGBUM{66ZBCHn4<q4cuThV6l$JfD2+Bvs-??p^SkP#3tdyynK-L
zdTIIjdZ`tOxdl0?295KPJ;KP!z}(o&V9?mf)Y!;yWKBQ2q_>9b(z4qY6;~8y9(Z)G
zV9~W=j`=^1pO}73`I>OzwAdS>a;2>%Q+620a!)BSTxfDhWj4bX>D)Mtte;<8R3bjT
zZapT_@H|wvdTNjmld7$5tcsUS^j~ocoA}L^+pYJl*ZlOWwT$({0r|HFpB>yAla;vp
zR(VE@?K$TE_rEeRGcqtPHZagL5M<*_X!Brf`{BgM$il+R#CE`d2k0qTVMfOPEKCLr
z2HYSXKS+vs2eOBNF~bb>iQvRD|4-&$TX9Qt->-UIqYd5lhi(*VUFelQC(v2y_A&Zm
z^UavPEfVv+Gx$ZGJrz1-p3K3=p7^+UG5f)EZpSo}>j8WBEqm=)$;Wiv!ovQG^2K$U
z$*+PwA2mAp`=W|M`rDV8F0nSRHMO*~#j<~XIKgh8o){~*H+cE{l`Tyrtr>y<l1;iz

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server15.cert b/nss/tests/libpkix/certs/NameConstraints.server15.cert
new file mode 100644
index 0000000000000000000000000000000000000000..69d057c9ad703542fd9b36bd8788aae1b8e8a40d
GIT binary patch
literal 634
zcmXqLVk$FeV!XeAnTe5!iP6D;myJ`a&7<u*FC!x>D}#ZLA-4f18*?ZNn=n&oFpR??
z%;fB7C}_YBlHn5O@Gr?oE%Gl)H<UGy1_?0>i}(cxD|qIWq!#6-rer3Tq$)T&ni<H6
z^BS5M7#Wxt7#bOwT1JWU8W|f{!np<+Fbg2I2^$E4Oydyda!$<2Ov^9I%S<#BGY|m@
zvJ3P2=9lJ`BxdF*gk`3d8wwc+KwQJ=<nJCDtN?U?p@e}L#5w#Wsl_E}`T2U8d1XMO
zQVbgBBm0z*m4Ugjm%*U1lc}+hVfWtNqrW{ZSDx?j{=2n$=j;ikHm7sW7<jE$j_r$5
z-<=~W`{HcvWZAIJx!(R89H$**pS{8V!WoyZ>l7zQxa^*BK1n_OD95)2F|RGQuTMHC
z<8!~EVROFt6z7|&AH5Y{v3Z-y^ey}_SK(sL)f>UBCg)G-e$QFE{9NM7w`tA=JeM|y
zGBGnUFfR5n@G_7Bx?Wb01sD!Z7(NhW<4kDtU~K#0#K_3P!py{Wz<>v&T$qvZKMRuq
zg8?^)#}ATX-hu2{V6-v=ed!Rry#7>&gibTdp{H5A_fz^U<vVk0=f053H9LMlO+m`!
zdIMXs;NKPd8inL1TzK)O*y8UYwx0NF56=32U-#cYf7OAVd9e>9uGqRhPEA>G$LQ4L
z>j!7IHkAL7na>?tqbAC(eQX^=%@qE7{BiG_7ktQBlAGYl*13Gyj>8Ww_uUEq2>{C^
B()IuV

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server16.cert b/nss/tests/libpkix/certs/NameConstraints.server16.cert
new file mode 100644
index 0000000000000000000000000000000000000000..0b24d7abb5179de92dfa1ea1693f53025037c355
GIT binary patch
literal 612
zcmXqLVoES*Vm!HknTe5!iP6!3myJ`a&7<u*FC!x>D}#ZLA-4f18*?ZNn=n&oFpR??
z%;fB7C}_YBlHn5O@Gr?oE%Gl)H<UGy1_?0>i}(cxD|qIWq!#6-rer3Tq$)T&ni<H6
z^BS5M7#Wxt7#bOwT1JWU8W|f{!np={Fbg2I2^$E4Oydyda!$<2Ov^9I%S<#BGY|m@
zvJ3P2=9lJ`BxdF*gk`3d8wwc+KwQJ=<nJCDtN?U?p`3vX*f~6+iFx@TH^!Hw7MB?7
zW#*Lu4NNg;oR92ZMpg#q#$E=4#!jZjMuv|c&WA_4raCFQB&hyhm0s}e9?u4iGbchn
zCoXk~`#tm09e(xI$sa=xYJNPJao;a(`uQoZRdqJ>>rLJ<)zxEbJzsC<?G4tZXK$_D
zW_#j*KHtmPMl$PG{$k;txqRQuTR-%!do%OCYX5$DmRfV<6~|J?zZR>MA}0B+eLDS7
zsgL&OJ1?1-85tNC8yM&T1A#N4&4aP+hZ7?s3kx$7+W`X}ptod&85#exFc~lyaD#aK
zASvb@$Q}YlAT!V>%;MrYk>akp^E#(FrOa-1C^huE!J(Zp?_|Ky>XP}ooYlo`6a7ll
znDlIn8`Tst-lzF7UayE=a;)W&+Sz?JPfYIE%{W=O=AH2A^<_U4j7`F)bYJBO*rxO%
u>U$Hrkgd|nRmCn}(sy_6KCu4I3FiNKEn&icxfN>`@XfR;x&A>nIRpUyn8<$s

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server17.cert b/nss/tests/libpkix/certs/NameConstraints.server17.cert
new file mode 100644
index 0000000000000000000000000000000000000000..2fc9437cd1bec3c99d2fbc3713ca5a7a5487f4be
GIT binary patch
literal 630
zcmXqLVk$CdV!XY8nTe5!iP6b`myJ`a&7<u*FC!x>D}#ZLA-4f18*?ZNn=n&oFpR??
z%;fB7C}_YBlHn5O@Gr?oE%Gl)H<UGy1_?0>i}(cxD|qIWq!#6-rer3Tq$)T&ni<H6
z^BS5M7#Wxt7#bOwT1JWU8W|f{!np=%Fbg2I2^$E4Oydyda!$<2Ov^9I%S<#BGY|m@
zvJ3P2=9lJ`BxdF*gk`3d8wwc+KwQJ=<nJCDtN?TXOf9o8Z%Jx#iHTlnMPhD2PO3rU
zd}MzzvNA9?_A(eWb}}_KGTir;Vb0mL=I*qf`Q|0^sm>Db9;^y}$o-DDZdccjX$Sbv
zCvK|Sb$;6;x1^h^l~Z^o3H+Y)^khf-|AX#Fo-3=)k-lqhzV_u}AFi$8F4Y&FJ?5UO
z^(mJpa`nv{u6~MK(z<`Qd*1NTxIJx^9!Gk)#N4h%p<4+T3{x-8ICoZZ>$%r8*O{0Z
z85kFP8F&~-0R1B?$N~)JCN%d8vT-J~c`&y9aAIU+VPR%sJ7B;AQY_5K_@9NzfWd$p
z#N!7^G4DY3Dlkf!fqp!1H8G93;Kbv=+rt0c>XuC3J}czPh4yV`8#kn_D^^Ggf18#r
z=3-dS{pZw!jfdAZzY;pjobmF~sk*fmY3UkjF8eolm9j7U{bf@AzW^@@=}ftm?0cD4
yzYu@KJiGL}ud|=nmL$H|$0tJO37nOko_}!Jw&T-$b0j}^@J1@#Z(Cm}v=RWo^v{z3

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server2.cert b/nss/tests/libpkix/certs/NameConstraints.server2.cert
new file mode 100644
index 0000000000000000000000000000000000000000..1c6e5510dd8bfd2dfbcf5c3c20f5245dc7444cbc
GIT binary patch
literal 643
zcmXqLVyZW2VtlcHnTe5!iBZ#lmyJ`a&7<u*FC!x>D}zCfA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?W${0w2#F&MJfjkAzypq(S+|-oJ#FA76XGa4$ab80c10w?y14APtQ;R5ZUL#`z
zOE}jcm&&e@HIN3ohDRhZFTW%swJ5$MwYWqtGp`KjyA*@Q`N+Y+$jZRn*vnwh*vZt`
z$Z-7XpG{ewXJ=RL{4o7e+{d8Ahy@>h%`E#M_2!AlrNs4DIwC&XKRws^*393zFg9+w
z@$D?%-IG5VUV2wrn0<g_jd1_B&wgSDSD%UuX;xge<x{bOd}mOb*yl}u&M7{A*=$#{
zYc&U>PRDtT-E1yC*FV_UrkCU>I!VMQ{n_!N`1Z>jXC`Jw2FAq(27164;Y?`rU~K#0
z#K_3P!py{Wz<>wnD_LPi#{Vo#1`Gz=ARa$Rig^dJhk)_R4D`v`<42@d3$F=_-|2b%
z*X+F)Z*nYBzJK%Lq1~*PI6pV6cboj<v_8wjMBdJAou&mMpSuMA<Q>u5qZ_Q)me;f7
z@cCI<!8cyEedo?TwnU$$Ut6i;%k6v3hW|ISrFES=CG}uQ_HT*InSpWdZhfdN%ga<v
W5@>9m{9IT6@UBEHzGd~UtAzmmPTK7N

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server3.cert b/nss/tests/libpkix/certs/NameConstraints.server3.cert
new file mode 100644
index 0000000000000000000000000000000000000000..bd93572ddd17eef4cdae447bb1063dd45fb35771
GIT binary patch
literal 660
zcmXqLVwzyk#Q1XoGZP~d6Qh;^FB_*;n@8JsUPeY%RtAF{Lv903Hs(+kHesgFU_)U8
zK@f*Sn9DgaCo?U-C@(Y7P|QFCB*-qz>ziMiSCW{Srx2EzT5c$0AOI5Q66SRBcMlC#
z@Cyz$lrfM3i7^Wc19=Lbc_pbuxv43ci6yBD&W;9h;=G0?21W)Z28KpPrWR4+yhg?b
zmT;~?DwSO$Y9I`84NpmGafx1PMPhD2PO3rUeB@wYWMyD(>}4=$>||<eWZ1o1rR>zD
zAGfA62Xx(=66M&PXyEY5;ayO&Laku!zT739(@fPH^jwZb#?^*pema>~dHgo}ogMFZ
z+_k#C^R4<<u_5F{$Hwj(`zzDfj$X_^yla2wtnFeN_iFBUEm#@1Y;~%<#vVgXIbY7b
z$4^zqn;x-rYT{0{j5D7<JD%eXbMALVCT2zk#>Jin?grvOr^^bm2pI4+p*mlXjWeOm
zgR$+06C)!F3o{ej0RtY8T46@U|13-f3<lgF9zRHmc?Ysjff3FO^rH9^R>qxtLY9V$
zE4OY5G1RZM6AGTXIqtkqfYRRwG0p`gcXhTpFO><-k2DfuxwT@}FR$>`<@vXc3$NRl
z(RpOz;fd30)0CxCTW#M3NIO1VZ6)@NIq&{=vz=-WvJPj(R(N{In>j|^l95&4F)QM4
YJOj_M&(dkKQGX04u95esWVOr&0C@Dxod5s;

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server4.cert b/nss/tests/libpkix/certs/NameConstraints.server4.cert
new file mode 100644
index 0000000000000000000000000000000000000000..ca9d1b1c327abb8190859bc9c6e36568117b6ac1
GIT binary patch
literal 663
zcmXqLVw!Bw#Q0|cGZP~d6Qhv<FB_*;n@8JsUPeY%RtAGSLv903Hs(+kHesgFU_)U8
zK@f*Sn9DgaCo?U-C@(Y7P|QFCB*-qz>ziMiSCW{Srx2EzT5c$0AOI5Q66SRBcMlC#
z@Cyz$lrxY4i7^X{0(lCac_pbuxv43ci6yBD&W;L326E!Oh9(9^1||lEMn<L<QR2Kt
z#s-#fu0a}=-2-(yvoLQ-YH^8?US?hy&|@hEjq{O1f{~Shxv`hQps|ywv611hLhErm
zBMmu~pWjOMDRc3^ND#O9m&d>(r1@ppj_aw-kMDf#s$k175KOo~RbcbW7zO?hoN{l{
z-M$3Ov<cODHPOdZ_E<~coMcl+KJ|mkvMql$Z#nKFsPS8*twQtW)U6%9rti$x^F3CK
zz4TSBeQ&{rgB)o`?%qFoD*gq}u1D#-f=tYe42+9C4craHfng~t$Rc3C*Te&IKiv6(
zY@7*g9*k{2oERBdSeTjE4jAx&)Cw~){%2t_U@+hY@%TYf%sY^M3XF4Rpcg0qTe*_g
zN_6@BHFNYQCtrwAu$^*$jX{;jTiMH|D<`O{&kB2#?)J$@x6ta*6h_l>(JfY&c#j>O
zJ3IW0n1qPt#N_*ps*BQke`g4td~se+Hm_T}QY&QXrV_?bWv8qyd9D&Z92v0!ds=Ga
d-b|@FBfj9_Y1I<<g_62#XBaonE<7Hk1^`Fz%r^i4

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server5.cert b/nss/tests/libpkix/certs/NameConstraints.server5.cert
new file mode 100644
index 0000000000000000000000000000000000000000..1798de766455ea33b8be0c1e8a9dd810dcc801f8
GIT binary patch
literal 646
zcmXqLVrnvIVtl=TnTe5!iP6}AmyJ`a&7<u*FC!x>D}zCvA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?W${EOj#F&LefjkAzypq(S+|-oJ#FA76XGaAi137VCLlXld0}}&7BO_CbC~;mR
zV*^V#muBwa5lzg?FUd$PiZ4kmE-})}%qs(WFvXy8K5~dKvNA9?_A(eWb}}_KGMwOi
zvm$7^(KI$+X2!c0I{N)Sh(C-7iJ0G0t?=CK_8irWEUEOA+EVG&3)`&3G!m;7g+qDF
zVz#j!?bmKv6&cAZb~9@CCgDf#cbmGXuQ)Tin&)Bt1=dK(gu7bTb3U!$m0EiC(t@ro
zUv{Pn{npO6ma85;saRrq_#bb-@#~2KmtTc4F*7nSE;caG14asGLYoI;+Ycv3Miv%k
zCbk0xJiuU<6=r1o&%$KDV89LH@q?t8cOZKR7{$y$pOh9}U&&N{cY(<jnN72HdGy50
zw7S+2aP9B)&#k4q>)qEK*r02!kv;YF9{GEx>v-qykPmQ5-v81h#(2wzU6u1+uW7d5
zT{!#C+``nlUEPPYw)0(zx3qALo!8bk@ptxxq)NR9$(*q|!9VAG=bk9ZQ|}qN%)T?2
RZOxRk+y6JsQ!!hv0RZ@@&}RSu

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server6.cert b/nss/tests/libpkix/certs/NameConstraints.server6.cert
new file mode 100644
index 0000000000000000000000000000000000000000..5698f8ebdba62ca9a0fa87bacf2d342cc1634bff
GIT binary patch
literal 663
zcmXqLVw!Bw#Q0|cGZP~d6QhX%FB_*;n@8JsUPeY%RtAGSLv903Hs(+kHesgFU_)U8
zK@f*Sn9DgaCo?U-C@(Y7P|QFCB*-qz>ziMiSCW{Srx2EzT5c$0AOI5Q66SRBcMlC#
z@Cyz$lrxY4i7^X{0(lCac_pbuxv43ci6yBD&W;L326E!Oh9(9^1||lEMn<L<QR2Kt
z#s-#fu0a}=-2-(yvoLQ-YH^8?UTQ^RZb43}LF0VnkYHqGU~cSXFlg*#YHVaU_wSC-
zb?ybap|3wZJj-?Z`q{v3sY2f_Ztve*`u%MBq<+qp8gXI287EAdcxr?MjvD-Bd;Io&
zlJ=aQV{uYKVF}JPjzUs0FW+u-6Mf>ij9FBs`P7NYiZyY|1lKp;N{SLXT)?V$dfqeN
zO{;Qz)>po~xaly*8s6_UJ)hGyN{gHhR=df>%*epF*wet>KpYsBvVtrE27FCCAos(a
zFUZE3(B{F|_QQ#hk%fhsiS2*^4@j*rBjbM-CIbcoZV-<jB*nY~*{8rbX9jw4S^B<N
z+(~P{3DhWF=WpIFz0asHebq8G8Q-6iK4|^Ct@Zy$n5N?jsm*#D#0@V9c1xZ0oZ<U>
z#^n~vxyz+Z#hKRF#1skbo-ZIHf2ykY<r8c3#VN=54z@P#P|V-D=+g2vZ8zulcB%f>
g-YtCG;JmKlrwxxSn)ohBep$QX$>L4hoL4Xa0N*jy!~g&Q

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server7.cert b/nss/tests/libpkix/certs/NameConstraints.server7.cert
new file mode 100644
index 0000000000000000000000000000000000000000..3cf85d04777a07ab8738b23cbe8e4104a1be5c4e
GIT binary patch
literal 578
zcmXqLVzM)6VqCs}nTe5!iBZ#lmyJ`a&7<u*FC!x>D}#ZDA-4f18*?ZNn=n&oFpR??
z%;fB7$Ya0-lHn3&cFWH<lrxY4@tB20{epuPJo8FYi*i#_G80Qu6`UOvj11(&c@0er
zj0{W+42_ITEuzGEjf@Q};ar0NnBfF%g4)Y1%$$^1WGG=E2C<hvDX~N^Ek9o`wIVUM
zASczJaXzwd7+D#Z8+#cH8atU98yQYp3GO@1(mQ?jwjZtYvaK%}z1lzL<W;Hk?X54Z
z({IO^ef9aIqPSzL%&v2PGET}nHm1)zx&F`ZnVh;;c^%Hk)h^BEn`^DNW$A2-zKW;w
z_pf~tw>o{6#L7V7tDO!)GgnzG>rOo=ptUh@%G*8j=f*f#$No;b_T!Rx19zfBYs~zH
zBS)E-85tNC8yM&r2(ob|w0SVL{cvJrWMN@uVmn~K1N4xrFeBrC7A6A*18xwHA0)-R
z1KC5s=wSx>q(5}>O8)DI+$IX|vD&e~>Xp=qU27JG7|aVWowq&jY4nV*WuKm=?|jox
z*7C1c{jNl3?c&EA(Pf)fUs*k&Q{(80=ekq<3=UuXcIcp|qYWoRMm4vL@j52|-0d=~
sKYjNnE&uVu@QhZ;GRt#oHnb_RI5^hLG0RMudX}|<{UF1dv*Ana0N$y-djJ3c

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server8.cert b/nss/tests/libpkix/certs/NameConstraints.server8.cert
new file mode 100644
index 0000000000000000000000000000000000000000..f0694ed0390d4027bee4913d7438c4b2b45d4d3f
GIT binary patch
literal 564
zcmXqLVlpsjVw|~vnTe5!iBZddmyJ`a&7<u*FC!x>D}#ZDA-4f18*?ZNn=n&oFpR??
z%;fB7$Ya0-lHn3&cFWH<lrxY4@tB20{epuPJo8FYi*i#_G80Qu6`UOvj11(&c@0er
zj0{W+42_ITEuzGEjf@Q};ameJnBfF%k}wd1*u<ZdSfZDfpRbo%k(gVMlWNd7AKCqk
ztPISJy$lA8olK353~xI$v>t8}X*j>*FY`oZ=C55M3U7_?e3-c>UQYC-+%`A=e?}qi
zclXtZ<moP5{rSX$^vC;7y}mxf-?3HuRmGpp4a|Ctr_{D4r|b%kySmadh5u-JRpgs9
zr^L+prr7)ZoH$oCdR~3x=6-I5Gat-?JI<$Fbtt@6vpna`XT|W~M=iX&nV1<F7#ABD
z=otvIaVE5RFt+`0Vq|1tVP;}GV88?PkgPBx<9`+=0|o<b5RV@u#k>RAL%;}O2KvNM
ze$}E=kBnx$Oi^Mf=4O8O$XM6pZc102+Pi<v?$xD}EkAtIXPQvTCA7=$RP0^5-I5W<
ziZhJ`qhsSe*=$0#1Uj7E^r0k&!R*(ub?Og~OgJ2}Sa;^yFzu@8=J#J%$UWEi^13~^
hAz})Xo%s9X6?c8LZ2RwhVNfi-=5wd$(p`f!dH|D*xTydD

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/NameConstraints.server9.cert b/nss/tests/libpkix/certs/NameConstraints.server9.cert
new file mode 100644
index 0000000000000000000000000000000000000000..517c0ae311a354e6e83d0b805152acef7924b269
GIT binary patch
literal 551
zcmXqLVp29}V(eMK%*4pV#Hek+%f_kI=F#?@mywZ`mBGNnklTQhjX9KsO_(V(7{=ic
zW^#5k<T2m^$#4lXyXEH_${EOjc+A40e!;;Co_QsyMY*XdnTaK-3eJuSMh0@?yoM$Q
zMg}GZhDJuFmQmuoM#ct~aIS$V%y5WJsD?`zh(QeJPf9G&OUuvKORY%EEyzhVXq=Di
zWJXp7=EhzIgT_v##zuxG5@}O>Ty{TMH|Lp;+K1bx-9K+Q+HNkh%45Tn55fv!Ti<U;
z;FSHF%)h-h>(k0FXM=UUCpOJ-_SnHW)%%&2jluDzFT(d0FNwdk`p@1T6I+M1I$r-<
zOrj2+Ju@e8xzOo7!F=0I&&ln5qSY@XrET+lDc>K9*Gv!JgnTuy_jF1zelVGdnUR5U
zv4Me}fgl@aLYoI;+Ycv3Miv%kCbk0xJU|c03NtePXJIm6FyIF9_(4+4JCHpDj00w%
zPXr~j<R^caK3O}>L9u69?6QNt$AZeXwUlV>*pLy{;%>FjIC-`6-%kra9&^d`Z7;g<
zzd`@8N@Sc+j8$(?xeeRpi93HZ)-Da&cttn;*FK9J{pG)FPFq}>5fQseBC~_%{SFgV
je!D1v4r^Ce|3i;6(s!`xS=pZrQWIbJ>$~MAmW=`cQfIXI

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPCA1.cert b/nss/tests/libpkix/certs/OCSPCA1.cert
new file mode 100644
index 0000000000000000000000000000000000000000..cac92b790154203936fcd6536e0ea77e92291e33
GIT binary patch
literal 574
zcmXqLVzM%5VqCm{nTe5!iILHOmyJ`a&7<u*FC!x>D}#ZxA-4f18*?ZNn=n&ou%Vy<
zKZwI6%;E1G91xVBUt%a}APy2@78ZaBDFpfZhbTBZ8YqbK8X6mz7#JHFm>3xwM@jG-
z8JHOx03lSszz)@T0RujW@$4Y8oE;4fWeuburi(yD6g=}vQj2m^Q!*1vQVkmCBRiOp
zm4Ugjm%*U1lc}+hVae5?B$;PLvn$K`t@MkR$)xVu-_Un2Lw$yb@$mzeZcpx&y|L_h
z_}Rex<eB1x4B6bJaa$I(Mdj~{*{t{N>D#mmdd9*BXEiRl9anuvV9|wl$8P_ZODsMw
zCu(V-z?c<qk;ARc>$AairQ})1)UIaR+~0SWBQda*xx^&$_#98)Bhi{n%!~|-i#-k8
z!C@vV%*gnkh1Gx=NEw*0acHvv!<U_rkwwEm%|HdlH(+d&$S5f(u+rDhPcAOd%P!5V
z&`U|RGBPtTK=vsxYM6muEWO5a?3qxi#5`}V+jXwft{qQeGdJIxy{oQU@s;QE(6bUH
zXU|&Qd~)lD{odyvv@IqHK9-TwyL2s4YpbfFvWUg4K(Xx1zk$;~-_e|QWah#e_p<IY
zlY3sWSzcqXOfyqEClU4Wq2#|+9DIE8O=ax=4bSlC=gxCAQ+#v3m``Na<kUU@=hM1M

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPCA1.p12 b/nss/tests/libpkix/certs/OCSPCA1.p12
new file mode 100644
index 0000000000000000000000000000000000000000..82cc310340fd2b14f98f5b2214ae40d1a27ce6ff
GIT binary patch
literal 1690
zcmZwGdpy(o9|!P#x7kwe<}xQ1jmnaZ)HDmtlALJn45{q6)P8Qc9AeCM?w8Fi=a{3@
z5lYM@ESGZm<<?MIF(DChI9WSgIr?4uJs!XJ<MDa_@%lX8@4wzpY&;l%VB=xZ`YESU
z{*(pa05={T4`srL*!cewLu9c`i1hZ8g6;a(gv?F=%w>XaW0~M;EE=}+-|_ZZRj5L$
zOQJ|DIqnsXaVvNeBya<R;Q}ZV9540q6sMFz9DRuDle_xkNUzG_=Xd@56=lNFu{DIX
zEG7THVUDz3Zz_Cb7BPOqOFcPs3{SY=7cI})p8T%d2zV%ikE_k$>@6!su4ISGTJ(_-
zeIdb&8&u7ibX!4{RWV~Vx-E?P1JA+ny=@s>?N$@g_u8&*x?X*oN<{Jq^OKRj$MA>?
zW2&M+Y3v+v*q4R@w^dmy-F#X5Q5!I{nSS?pF)5B*g|Z6#dFJHB`CAMgq#IU#EE1ae
z+&2N(PwanwhWo|l>Gy`p!@mxxr=b%mWh#F5v3r902EATIu9=|xR{eOWkkKgJ9}0Ot
z(d`$g9MQh%D}1{cH%Ik|=&I_BWcMa9M>N@4>7_oxc^{LWUBrm7<r$`%N)}*$tbh4?
z=#uvnL58w!8MKlx8&@*t9{X0=NH@+kXuaV=!>hCj4EdGTxi+R>XZvNBkc|1ha+|_Z
zPd^q*w}A^K1a7I9BhU2qgq}MuZ$A*--ruxldeU?<)u;Z}A3lo{#!5RH9&u|d_75B2
z1783@$qc`L9-W`bl5Q7MC|7rn)zqz_-rAw@kr&?`yZ56`fAgFIlZ_%B^CPSsew3lD
z6Tj2<(vtUJ#W=hmVgAKu5Vi>}3AREWTGAv*sy|N75d*@4?Gr1P6ZpTQ(EiVkd{PXr
zn&?qH@hnD5)UD2-z|5;Sa+wL9{Ba83Tz!w+9<vqnomt!Zts%;x=-d)dkB$d<Sq^To
z1tcyh-mGI-G0emSMZj()RYacF?(jEM7?g@j+H^hGduEE;KBkd=RwGn;D<#Jy-z`~V
zFl_zk@0g-VE^#tDZ^HUWq!$XDcRB>a@vx_Q^%<zbg@G4vR#?sd9KAFGr=TSVvImhs
zj-a#K-4cYu?)~q#3QiS@kX=r3>=1b`=(?JKx();<!Wl1Upnuf2PGH<^HedksZ3g@g
z3)oi{93LAQI=PO{KX^J{{Sf5sR~FoDcHldf#zVEL_1bSlk+z{)9S-=62A&6{9P^?7
z1O}H{<=cYMGoQLL=*tGbT{>S;qWoLqRkal3%%f%LgwDJfa=xP4pn;izH=OVh35ueM
za=)<M_2?~^_Zi5so_P4wE3G^@Oa!VoVnSue?ZGm<9YIdrodFbb7m3i<np@V=v^gs&
z`K)@bGG|#+kqYBCx3Be#_dawmSRg8u^jk4sp1fvZ9_h*RDs0;v%jAD7b_<yf5MFns
zKS0biAtja;s`{nJd)d|LYVz>#h5={1%gQ)BZ&Y}b?t(1(ymI?gu%&+rZ^lXgdXKqp
z{;q5u34h)x?B1|sSySQ0P*x5$JGOCsqjJsp>}YElQK;F5qr-yX%`DoW*?x{ml=DUX
zH#_9(RuY~W${jFw%yj()@*OP7M~D#Gc-)6v64NZ9BypJC0L+n1dJ3L!5`ECPOngjj
z2_h9b=V<0?-w7yqY~-~uwKrPj+M)nq+3D_?dSP|TR9Uw-MBd_%@F%EF;1lj>5H`IP
z$=;B70-Ig;byjNb*x8(@O93_SPMj6QeZQ2BzMJS=7j;tYH`Hd)(TI&(!qiAs%4?O5
z>sf62C2a)G(fAV!{In=o|E_B;Yvt*Z5Pg5yRO7Sw2K&#5B)yvM0|8f>*ORW9IN&oa
z7H9Y4N}Q}AMdrs4b+zVGqst@uyym@C69dx+F`_qV)U%KhDt?BV*2sNADHZ~&s>Rl=
zhQ0}6&$NS&JdE6<i^^+jO8Ii-icS`B$SAR;_~(j_7Lm0jMbcx@=zd;n&(+n{^?}93
zoCQN&1$O`sD@DIM-Sr_#uMHx*Pw?)w-qEbl@mKaW#frL4w9X(+8a~IE=w3Ko+ar80
zo(o}hEdlp*ZfDFr7n{-UgBV#j!NAQ%TC;Zyd2C35aSytKy?Y+S9@p3YCx&l3))cFa
zm4-=S<RD-TDG(Il&$PDNmF)l8HgzA?G@R_=#5X$*RiGU%+7t>Z$y#uH*_kF~;420Y
F=r2e(>9+s?

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPCA2.cert b/nss/tests/libpkix/certs/OCSPCA2.cert
new file mode 100644
index 0000000000000000000000000000000000000000..3dd31100fdfa8eaee11a47e83b5bbbf92928edb8
GIT binary patch
literal 574
zcmXqLVzM%5VqCm{nTe4JhzxkyIJMe5+P?ELGP1HV7+4!}8*s8QhqAB<Gld2l3L5Z(
zI9$RU{?5SxLHYS5hLQ&2AR%U90ho|NkiUP3g0rK6f;g|Cv4M$!v5|p^k+E@<1iz7i
znXv&7LIn)$P>mNb;DZ>?4l>Kx(a2ENKpJAY2vkJDGp{7IC^t1FGqEJqpm9F3gBe*F
zm>YW;3>rI`8XFlNe%~8VIzyiK#S|gSoxSxZdi)JK@32W7;K``8_!0e!H(75lm+Veu
z;RWmN$%foIf9uqoD|7D{<S#qz|37(KwouLYU6Y)aEMB@?=2-2a4^;_H3UgoSh5T*(
z{8s*%eQV=?x$?dn{xx#5_P%&Aze!(amW`e6!slm7OeP(XkGtd%{HKtKnUR5Uv8RDM
zILu^)85#exuo^G}DFYKW4sAAI__8xHvS=8n8K}Vc28?YI86_nJR{Hw+$;AbF*`=8k
zdMT+^MrH;E$UX%|4KvV-y;Y?;LCTk%bc6!C*F1l5=fo!S%KyI(wam1;#&O^GT6VgI
zOCoQE0e{^8`FHJ_OFu4{E$<$AuJfPJFTW3;-|xEpqvx*2(Z?)%S|4N^O%J}K%2*P*
zwW-i<eYG*KQuo@8_6vh{T|MB}Zmk<E;xX--p|FBuRn1}hcf9#>Gp8HbNgDwG4HLi@

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPCA2.p12 b/nss/tests/libpkix/certs/OCSPCA2.p12
new file mode 100644
index 0000000000000000000000000000000000000000..1c03d0d7e6f0084612d44b30bd2f9c19d934e67b
GIT binary patch
literal 1690
zcmZwGdpy(o9|!PlcCjUG*;!4DqEP5N6ml)MXf$kyBllmI^XSHDglWh`6DgseIb(A>
z{9JO$<>x_inY)H;E`_AIERu-noTK0GoZqkC<MDex9`E-bug~NC{_FDu7!a@wz<?tU
zGfy+ucY+aM4nv&*je(m1jQ<nM>;z(DklPJ|@Az{=4h4pAVj!hJ4CGfp9gg}d-ad<i
zqWfq4<H;&t&5ABud3JxYCJ+Ka3_xQb4B_(MI|@81R<dd?`G;%24#Ju9*j1Kcr+h1w
z;97HMZKaU)zdhC+=b2~*kb*BpiYXQLT6)sr9>CUG+XwSS(?+qiq@Xv)xvluT$4J(l
zhfiL(>5i|o(@(Esqz|`d?|xMKXqX)yYDl(W;x~`gdp|i`9DaPGG|*v0sfF4jAC><!
zuw~+wk2qOxn9QY0iik%9bVP+wLl03_&3T9OF2%JE%aVFKM8-;Q*ACuEca;gA)3bVM
z5h+e~t;7<kRtE&t^c3FD)_Nl#=<_{P;~pY@pM1Mu4kiEgW<g??kG-7uD~~Wb2+=up
zSNTRY;h*kPA}DLU7U5|zTaiX>M3cxG?VRFQE3U@DBx^wixPWs8PvI+G5ARU!6@=z~
z`pm<X4c!pyBU5W+8*&z#1DouO)m+ovM`;T}e#0S-$Y*FLVY3gCM}OO}lI}LqUadaR
zj+<UjR=Be`pZuv`L8ZVYv&kS4hq2si#*piBN<aP-=j9N%#hk>7IIrZIxl0GZ)M3A|
z7n8d3Xs1I5J6*Dy5qLKpswtPK-{y;tkVz*seD=W9zCB`!U=S|*u6Oc_NYzVYufrls
z+PzqN<N{EqkkBuwm_}s8ig90vxYZ%WT|_e<xnJ!+_&lIu1{z!y5UKaD4<7`JqC7iO
zeqboRv!52$kp=U6N>51oQ7<*a@-D#jn@YiC#0}s^)H2P6ErQQg(j2f`idyWMMf>u{
zS1-yLN!evs*Y`bhSDwh}4OT5K2HuQn!8vv3uO=NA!-|(OFa1QwPf}>v$@CnYq;V%#
zHO_v@k0zpnl+9<o9><|L&Ki4`dIqIFw&4SY0q;V6l?w$_qBWrWpHGj(643;C&{>cb
z$Q4B1o+m+ifZBhbe<0$Z*jsCKR$=b)lOmy!lo%U*-JD6Q0{yGLcLL{Zvw?s?-)G?e
zVFCZff|xYlT@n*v13$30%pp14@f!=yHakdpN#j0R5Q&^ocC9*Seg(lDU}w*@@a2a&
z>;%fdO|gI4)D`!(I`8hS7td9O&kI%RPs7HgC>BhuyS!hA9&%?q!7!!fQCOV;*Q?6r
z#pj#U2MJ)-e!iop3K|oZ=ZgKnTQ!%coIDzuXIS{aVq-o^ytm+ol0K^1_&#kkth1(5
za4$=sEK2BZ1DE`A(S(Po2r$m@d51~c7#<o^mP{E|nFaX%C~q3=Mj0HY2Y<3Rw1`_)
zjk>ygD3xhhh$udB=jElNtr%}7ze&ojT-8gPcNf+VTQ$C%zO3D6;?K>SbtLc_#;$QI
z&!#)SAD?@=o2m5?U+A0o4>aK1ddRm+7T4~Z)4)|-P1dc?k%x7<zg3tKnJc3E@!(!k
zYw1d6gRpvHQ%^MH+KjgzGi0fI^OyQMBnc^%s*<|W$TdbrHuL(U(+}7Jl)>|x(;?}8
z_cn_(<1rB~wu@I&syfPC!wFs#@&0!`1;{Q@u0`cs=JmYeu{!q_`)rI_b5=F2&c`nY
zrro&M+12`L0_Z^ONpOp*E%s2UxzNbTLz5zVv`?shI3|D0#UNkbj;^6;*=1^k`zWjP
zr7|S!HOkl`BW-|&d(bo>m<~9)Vd_Bg!68PKG~b&MgzqcIqHjcvVX^n(4<ruFZ;qoh
zUQ+t>Y5g{7B&!aOpRD&DC3t;ho4-@4Z%4l_D)-A|iIc$7hY!@*pOZKSn=J4I`an6y
z|F(dhP-=mloiKTM9_7O1w(MrDkG9>)#E#zf4Bm0uO*q9>fRGb!lQ%4Qoq|dBF6Nj_
zpt`+R&^g3R?AH;eHN^D3CLy>xgpThfn@O&6WeQ$Nn<%}DoCqK2E~<f7)mKk%j|*o^
z7IJ5lu2~(_KX>9-Df_q3Uq<Y7ck5XG%x~V(Qc{m#mDY;pJfX5b$J!|5;V!8D8^iY#
zFb4JmNI2|>ybMGU27+Qg3uE<BqaNBAGV2j$P_>O?>zD;aNAL?$ZLkv`I!>8I=P16Z
J{e}Sq`U4H#0Dk}g

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPCA3.cert b/nss/tests/libpkix/certs/OCSPCA3.cert
new file mode 100644
index 0000000000000000000000000000000000000000..7d064583038b5bd61aa3470b31cc4e36c391e36a
GIT binary patch
literal 574
zcmXqLVzM%5VqCm{nTe5!iILfWmyJ`a&7<u*FC!x>D}#ZxA-4f18*?ZNn=n&ou%Vy<
zKZwI6%;E1G91xVBUt%a}APy2@78ZaBDFpfZhbTBZ8YqbK8X6mz7#JHFm>3zGL`m=)
z8JHOx03lSszz)@T0RujW@$4Y8oE?n~Weuburi(yD6g=}vQj2m^Q!*1vQVkmCBRiOp
zm4Ugjm%*U1lc}+hVfg`xfHQ~F7kD4GWSL=EdPA|3w?m?Qf16CT_L{!cqS>se>1lI<
zkF$Tty1|~eX4RpWE|uA59sT34>SZLd1Xx#9Gi5V;?6=W<o4xzt$9eymxi7a*G<j=g
z^I+js)gMc3mu=jC{@=CGP~|VLFaOSN==s#lv_yRA!<@)N-djFx{e1U76Eh<N<6=((
zcW{`=3NtePXJIv922utlY#iEb!0=^fWMt7WP%}`0@eLT;Br-}$3as??^OK7U^s-Ac
zEA&!Qt&B`9Es=c+j2dR37vmN^4(Zq^8j*gGS?le>yx@I8E4I6&xWy`b%&y!Tti~B;
z-G0$|p5O|`o~>@P7?>{XU^(e;@%Cm=Q^C>Qf6nEx3VdFD_mqvj){@KW^Jm=*D9nA%
zq#M3*%ZVeKSXHK8*eADn@$7VF-oJ&R$CLwJsl78)Te8LKg)G-~l^LJ8I93+;0ssdE
By`=yE

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPCA3.p12 b/nss/tests/libpkix/certs/OCSPCA3.p12
new file mode 100644
index 0000000000000000000000000000000000000000..610eb50a1d14a6331fef80e4d341cbe22f8255d2
GIT binary patch
literal 1690
zcmZwGdpr~R8wc>&W|^>AL#~x3j*;ywY;MUVj$EgZ>(<Y4T#A-UG0m)+rI>XXoyFPA
zs6{N2B+ieRklYTrREH!^&N@;ya&&ag@6zw}`aQ4L^ZfDozMki=?;Ar0DuFO`2-KYE
z$&{-rZBgRWQFJf^;)tRDpBSW$VSu2Utqj@vuMIU-B_N*xyoF%^#TXPs_22R4S#2<U
zwTVbc=M;6rLCHj|4V`EpaLWLg0i+M_iR2^3rp(M|8riX3c=gMR$s9aPfVOmLpvV&k
zE0#&xU@s$d_kFL?Ra5RNuiH8tk#VfnSnj?m1{^=Si;o!JPQn(4gHvum+Kyo9JJ?6^
z!%!TyioS)`C;f}#g^f{Q*vo*_L&+SQljPsq+;Yo23UaGV&hLuiGX03!fzK1;=hSMR
zu9)^aONNk{S4hDKgo1VMK|@V#Uhs4KiT4(_J6?G%>E^;`$?B+VbIlIR{;_P~BXf-_
zwK3xLGF<mmX7-)B6RG#CrO|7Q6T)pPol&?V!NKKk4S1?Z5l*1Oy+bh&=Ohi*L7m*!
z2A+>Y`QBwtE7MnXEdHU%?rmn}v`U21-`k&o?fmI|E<MG~^2DNt`r9mm=WezvJlV*J
z{BHH3K>YK>2=SvEtiaEgI6B4eP0D|}q2&vLXQ>nX#%T@R1}!A6qAEA+q+6oLNOiod
zrnrCA+nuhYVVG3DA|#k-81D;JOt0G(iKy>f<1Vo7tnXaT=A`jv6DE7o3AGOhY#L23
z;aYSlLrvpgt(AwIp}fryQ$h>kST)A+nqY11kt;fpiU>zGIV8D@)!y+DIh|3C9*PaV
zhw%R8`GJE;d9_s;3$V2;X<Q<H7H3QTwo<UC$x)hGiIR<WOuDJ{oBnd}u2M;jZ?T!2
zXq1L!M%DR%kV!r5YeR!O&)QCdl$$PuU#lQD&R1u%!9QXCC~-S-V0gSf@h#NWi+$Gd
zSmOPFhAKtF(~m|yIHujmL|@vW6Rvu92UC420`w^fmS=fdMU+ZV$D75G;@#@8#kXr3
zuqbzIRcO3}yQBp6>xUS?YsDqC`r`oWhpflA;ULC!cdQ%6@IRj(ip0W=Gyr}8S3n@Z
ze{&uH;4r)Y`>ci41|#jGQwseN5S??5eke56dB7kuQv>i<edz?k-(&++0(_Y%{SOPs
zXBJUg>pIoy@Q(uvItM(yR-u1p!QW&DtUEOlzN6WB5JlT@^{dz|q_Eu5pv;IDHymVT
z?SgLZryHQ}`6g?Y=cZI=!>!bVj3YgC(XAf-w(HVI`NPhpGuGko*6kO2`h<Pd!1-sU
z0;9O__VX|I<)I?>Fob$9s6pne^o#HFNC}XvWKsU7>o}9QTDr8_Br%5fc6tF-_d3sh
zV#zs8_<|Z5ER7A+&o3!8JoDbMYk$nBXk8tXaM^py2n|lFI&{jbaB_6-n`(HW-*t);
zFzAlUq64dg=&`b-9TuH^4;>v+N%OpFGoP|xH)f+F3c>k{d$#V--kYFXPd3w>!M&#a
z&;$JE%-w7g1)TVpc<bzMlXj;A7%P3osXx>G#TX>{0}!y+u|DM+^esZdqW!BDGczUv
zMuzq@Q46<=93C-#Y*4$MC$euf%UXJ(>2zGz%GnDqJ6wc$RlbLtEi%5+h7Tc(`rT9!
zw0S)^Z~hGhUvAjkZ(dQ**Ew-D;$&&Dw``<k{kMBiSt)XMuELXf!rCEsqc{*ZJ~Wjh
z?FWK<HDwbYNHuR>5_j_M_cEMA0xZrvZ9H|LDwGqnD0!f&pXQDVjkkDKHt_v4Ns&UE
z>X5yIreh?qrQSuxjY^Ior$Bhxr_48C(5+~n3Tyeo@i`b(<=tAw{sOWYNI#Yhso*ZR
z7+hv$#*<@aog$i?oSN)oRD9~I8(R+_b?F}(<59jI))m?`yCQov?L@EnNejCvM@?Le
zC;^kCfgBq?{C-!)g%t?^PT<D1qCXAnuZqn-=5uZhN0n~;A(K{9#futlA1>)_lh00z
zqXJ(onp>XX63n#bmA^}HdM5c1(2TYGsY39^uk)~cFTyCUY=}wZGV#8;DNCmEq*kLV
zzB~udu!q6(6wSac{fk&d`Z^@bLEhRa?7j(A)1D<-jah+JO6u^ZT{4SC|Hkm;#1JsM
zFi?mxS_1^sQwD&Mzq&pty9SU*_T8T8s4#tRF}I3x0mDmLQjz71&RFAyYWt&8Po$qQ
H004gi2(<5#

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE11.cert b/nss/tests/libpkix/certs/OCSPEE11.cert
new file mode 100644
index 0000000000000000000000000000000000000000..093756d3dae0aeba6f60bc4d75f3fa8cd2f8d55f
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>sC%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofG?X=v28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ_8
zq9pi@49tuTfDkHRV1{agpaDO`1`d#UuC9iLh9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!=IB`a!HR_^y*$?hfxriF{`S6P++O!#$^NB6E0mbu<xe>}fhDDyl1x8>_P
zBKnnU|ND!V7CNk0rE$L5!|;!0@P@s63)Bwem}twLecSNo)GeiVbFU{k-Aek?IOXc=
zuit9Zp2ff8FmGbbTC^o>vD^30JB?E&8BPnW{{;*Sn>~jwT=HdNW@KPoY++z#V8X_s
z%?1ofc1A`P4Ffd;6&T-uu}vbQq@=(~Uq3&&xIizvG_yi4CDqEv%)k)YW57sY2KtEg
z*wyLcpAR=XRQb0y+RIq&o5&@<ysdtEx>@Z$zxO6r4{eg4visaunRk!Z+Sybc=5%rA
z`EzZ7@dw+NE3e*K_B^$;u2JLnKGxjr_VXs5F4ML<=Xp=zmhY^!Ch8Lx#r)ajDzNYS
i*S4KIT4&yD&*S~iY8W06nO2>@<y*1uiKT+VlD`1palUZ?

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE12.cert b/nss/tests/libpkix/certs/OCSPEE12.cert
new file mode 100644
index 0000000000000000000000000000000000000000..14cd5b9ce311b68e4072df110c48162268615cff
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4n9L<YQUoLX%jZQpqr8Ch8w4D1ZK4LI4DLs{5_nL>jN1q}E=
z94=vYf9K!;XGcRrSp#X12(z#VR7AluuOzi7H#H?Qu_V<%L7dmn*uccV*vP=d$k-%G
zg5Su%%-8@3p#lbGs5S^1@I!3i0Ga3NYG`CAVju*uf*U5J;Oc77I3L-qjI0dIjlB#8
zjh#%5jSL4l*YyhQoy&jqk;IgrjEcWaO@CiHYtF87*E7ATv**=!W2Pm+KMVX^v<g@J
zTA*R`b>Cx_6&vh|Pg>@!?$TS@dd7d!)`$f%LF?AvRkm^r<<wV}`<VUO$^Hf3p+lkE
zzi;rY5x!LVo;O>vOyaWJhR0I(>sY79?3}*)seGDJxd_`CYbIt!2FAq}24)5(Y#iEb
zz>s8TWMt7WP%}`0@eLT;Br-}$3as??^OK7U^s-AcEA&!Qt&GeJ43Rwsj09$&kEVRK
zV%;NJYLIIr^FBgsinqOH^`9F%RCmt2?f-8ha}<+Svsb2HOY4u;Z${a*>fD#PHqTjC
zvf(SUD^ps&2D9<GF9#;nEv%i$Gfyb<YRl`6C-KvJ_-kud{hVNZ?#;oEChM&Zo9pgZ
g{Cj9|PN>D%*(GtSmMp3@ZqDY+2}w<xV<giI02act00000

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE13.cert b/nss/tests/libpkix/certs/OCSPEE13.cert
new file mode 100644
index 0000000000000000000000000000000000000000..058b59d80a5602dcdc358319400039d6eb748e5c
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>&G%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofG?X=v28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ_8
zq9pi@49tuTfDkHRV1{agpaDO`1`d#UuC9j0h9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!<drTZ?=VUbglrs&k}K9k$#R(f#9?ahgELw==w{gU_2{9N(G%8fUiIir-c
zf9)#h*}lokRC4aW;1)jNrKfBE+X}3Hp!f5@bgwDwk=LHENCfN^xX|({PlEN(>-`6G
z)?J)4?Oe%%R}+JstfmNbe7}6Xquhv-J?e?--bvT4DqbsH+`9K76Eh<N<6;W~GXoPg
z4sAAINU}3BvS=8n8K}Vc28?YI86_nJR{Hw+$;AbF*`=8kdMT+^MrH<v$Q}bm0yEG@
z3P(;on(4i{S9(8lw2YUztX;3Ys7Z6fjQk%Qoy&I%e5o;u{PTKOnUY6}#2dM+FMhTj
zU%WKW`Udu1Fr0SL@7@2rz43d0{nTp}`~1+zdAj$H{aZi!?_Cx2>fy2FmtuVN{m=c{
jBx+u0xq>CWZOx-^*%xdczTjP!95_AL>v~)7%|k%|WQ@Ow

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE14.cert b/nss/tests/libpkix/certs/OCSPEE14.cert
new file mode 100644
index 0000000000000000000000000000000000000000..4f937b9e98474e8f5f79d530d198771e255897fa
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>a6%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofG?X=v28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ_8
zqa^r^49tuTfDkHRV1{agpaDO`1`d#UuC9hAh9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!<ds!G7}*JAPD{|P<X`o>+e&R*bIxW#Sy#G(qb2D!tE5;lA*ZtePS(ef?B
z^GSyNL+b+mkoZN*$~$W2=SlJ=m+mzwNo+KbpY!mZ+Tx~zeABe=*92}BznM0BtD>OJ
zzNLo)S3PXmD>n6fjPSCbI-GSS91SeK2UWALRGfSDe}TK6;bJCcMh3>k76xVpCTtwq
zY`~CYXJlm2Fi<m4f$<F(+axkdN(!v>_4AX93-q!}Gb{8`Qmu^43=EMy28;w|ppSyI
zBSploWvt`*%{(Dqs5@!P39}NGzk3_z@K{Ied9)#kX-4?=F5%ejf4_gpt(n{J`iZxd
z=Ut8+ujkn}(N9jTT<?8JP@Ly%cdWLl!`p;rQwM&l`oGz>I#bf}@0*!vzwJA|)iUW&
hx`su?C6D4uPiNeDeOu<wj-?q}o_{Pml_Ga~DFCn)w1WTu

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE15.cert b/nss/tests/libpkix/certs/OCSPEE15.cert
new file mode 100644
index 0000000000000000000000000000000000000000..fbb2000dd513551c988f8d74835483fbaf10f195
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>yE%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofG?X=v28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ_8
zqa^r^49tuTfDkHRV1{agpaDO`1`d#UuC9irh9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!=Iv@=jMxG}P8T}-8Eex8TxZzkb|a+bFH80wW2T1A83E9@^@x25pRl9voe
zRvl7sWiDlM(fDn!gP%*y#(?X>N`v=-mp|I*^YC2=+?M!<uT9X^ukEbyOs@?s&-uf4
z`liggGf!H1`Q%xLkF+Y7@NB%)XVmW;?6dn{df&N)f4^Ph4QFCzWMEuuVPIxp!p5P^
z1`J7dMn)D512qE`7~g=gO(LVDq`*pFKR>y+Krg#AvqCQ=)yl}!(h}KYz(`;Q`iLP%
z<?kexE9MbR=k0a(8d-8D*E$ANuj{ksj&A&N)%w~?v-q^t5uYVgJ~<uMIk4;v@AdmT
zxj*W^nPhjZ_v_qgZVK5=+-Abt&6aNzyK9p*>!p_IKATI*R#76Z<;u*Hl|F7-)t4^%
h?6|7p*@9`B-{(orlRmpKc=kt``Y5lrs%wi*001#~uE+oY

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE21.cert b/nss/tests/libpkix/certs/OCSPEE21.cert
new file mode 100644
index 0000000000000000000000000000000000000000..a3f1305fd3bba1d60a86cdb2a2ab5ec71db24e3d
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>sC%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofGL$ut28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ_8
zqa^r^49tuTfDkHRV1{agpaDO`1`d#UuC7Lgh9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!<d|IexB=d~@#Q-W>E))x6{<_dm|4Zdk@`q4Y!y4VA)gQe#3N7p)9tUc={
zYZB`IJLUY-?kSnyw-(OMow9l@t7*-xQfI-rk8|Co_sHEY4r3FRZ2Ou2ufcke7w@8t
zPpVhQ+^%i8oFa2vCsB5i%xlHRFZQ*v%U*ak*CBM@zR#ZPay*%s85tNCTNs!bn6PnZ
zvjIbrosp46!$8eI1;#gEY?H_+DJihh*UwKbF3`&^&8*N%NwqREGcZE-7%&o;fj)9I
z+^wa$YFq4z<eC=o$1MgiX;q~cmIN)`%>H!t!GoT0CF1>+t<4V}Byan-Up+BJVw3#A
zB=eu`y7%Wre>?a8>aoMQx?Tm-F5k@P-z%!JcF$cKW!=j`JX0FlG!GgiM#(S)xSdcA
hs!w?9zEMWvspt7C$3Dq$&r6zcf3j0}dsSF-Jpih1x6l9p

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE22.cert b/nss/tests/libpkix/certs/OCSPEE22.cert
new file mode 100644
index 0000000000000000000000000000000000000000..198f2068d8fae4bec848b6d48363fc19b3ec3d37
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4n9L<YQUoLX%jZQpqr8Ch8w4D1ZK4LI4DLs{5_nL>jN1q}E=
z94=vYf9K!;XGbGLSp#X12(z#VR7AluuOzi7H#H?Qu_V<%L7dmn*uccV*vP=d$k;SW
zg5Su%%-8@3p#lbGs5S^1@I!3i0Ga3NYGh<6Vju*uf*U5J;Oc77I3L-qjI0dIjlB#8
zjh#%5jSQDNLaxb(FZd$queNBd-!j$8UHR8#^V1S$)o>{-dcggALEpERYG1{VZLv74
zTChF#^_#LeNvm^XboDEqc%Gm6QTN=|>^nDIUgf<F5(?#*|NA0G-(}S}GwJBL8@<=s
ze3w}jP{#B+US9VW(+XW>?Wv`kRF6GOt4XO!={lpjCzx;Re<o%|2FAq}24)5(Y#iEb
zz>s8TWMt7WP%}`0@eLT;Br-}$3as??^OK7U^s-AcEA&!Qt&GeJjF3GBj09$&kEAxd
zI_;s9P|ht{@M-OVN!OH2Z}Be_JnwQ*&RtL9?aD{GuUT&QmCbKA)QZX~ENWu9P~jUX
zcIA11=i|6ZDlcy&sWfQ6>Q&pTl(4;OQ<d|{s?U%AhGx9p<G4(x-sA90`{_*w)-s(t
gJU?;OseN&B#>tv@O52{CF<w2>Fk$=QzOPZg0oe?>7ytkO

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE23.cert b/nss/tests/libpkix/certs/OCSPEE23.cert
new file mode 100644
index 0000000000000000000000000000000000000000..32b3a631dad5a1e2d8bffbac41d2859a9ffa7692
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>&G%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofGL$ut28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ_8
zqa^r^49tuTfDkHRV1{agpaDO`1`d#UuC7MLh9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!=IHNtq_`j&S;u2_akzrVHW*^;RnGZb7@k|b^(p8C_iq=x@&YE9iY4^O5?
zXZL+I?f+9AzxzYLwxu&FN{U*d4&4%9uHCK4e|X0x)ejbOK^`|#pJ-$p+2H1NL|Wz8
zmdV0T-b}an^5Egyjxd?@rjX{q8&d>Ko@`n?=}Kr#@3Zi!g~6Fj%!~|-i!BVy3{2QK
zwAp|m$<D~gqG6zBpaSC?Ft$l#l#~=$>Fehw7Z>Pdmu6PzrKDOJnOa&Rdkh!}%s?Mq
zdOss=_u=4M*YhTReLcBJBZA@3(Zic29J&4fy!6`n`^=kP8zs(mnyg)TevZxMyNWCk
z2`SYkr!<#O$S&F!!02zWX+=g`dCrHIni^^q1s?Gw^*7lSU8NsBk>?e;l&@>^Z%XO!
iivfMf5}R5aoagtJ=*h$!$Zq;7_NwB!<eR+Zjm`jsQN1_-

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE31.cert b/nss/tests/libpkix/certs/OCSPEE31.cert
new file mode 100644
index 0000000000000000000000000000000000000000..3df0f62cba123dc267dfce8a6dec1b5cbefaa26d
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>sC%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofHk37x28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ`p
zq9pi@49tuTfDkHRV1{agpaDO`1`d#UuCB(0h9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!;yy&=I}e%n`nruaK|ttVgF-)M1tRjixLETdx*?3VwIZg?u!YgEelvFA|l
zLdUSEmVI5;o)f1n+Zn;J*X@@m2S-NLJ9R^cu34TQtA6cVdGO^Nt&B27%lPTv{t4aM
zX5t;?tQ;(z>~rW>=EEII?;cKzw%xF}&dl<0&lY~8Cl4gl?oVc7W@KPoY++z#V8X_s
z%?1ofc1A`P4Ffd;6&T-uu}vbQq@=(~Uq3&&xIizvG_yi4CDqEv3>Y}5k-!Y}QNSf0
z#~FJbpKf1db$~HBr$YK})vr2c!)dd6(<Khr*nQXB#}cvDrr>zY-(@MXsa{sLD*We5
zAAj?Gwp1XZBw)?{Q?}Q<@4emQ|L{{=QR=^m+n6d=isb~?EN0{V>mGU7z^d+N+v81>
fX8B1ixZqIZx_xG5Q2?**ZVtOWVjLmAT*R6HA}h4N

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE32.cert b/nss/tests/libpkix/certs/OCSPEE32.cert
new file mode 100644
index 0000000000000000000000000000000000000000..9bf5354abadc2bb495f3536127b5eeb739036e1f
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4n9L<YQUoLX%jZQpqr8Ch8w4D1ZK4LI4DLs{5_nL>jN1q}E=
z94=vYf9K!;XGdd0Sp#X12(z#VR7AluuOzi7H#H?Qu_V<%L7dmn*uccV*vP=d$k;4O
zg5Su%%-8@3p#lbGs5S^1@I!3i0Ga3NYHVaEVju*uf*U5J;Oc77I3L-qjI0dIjlB#8
zjh#%5jSMIM))W*8aXE%GOxfh;b+B}C_2bP8w5p3QJ(ixjij{3e^R2bV{!es#F|YF{
zk4^Yf)1M~Vza3A+?bh(kFKYX;wt_F8ZGl9MxG#sPcR|OGDYxEet};Fu%rEy!a@B6`
z>^Dj-ZJV1zQ;!!Pm@@kcm&7T7sae}sO_z2&x$A7O_L)!dsZ7j_42+8{49pBn*f_M=
zfFa4w$jG8$pk|-~;~OxxNo16i6j<r&=O-5z=w+8?R_LXqS{a!E0|zw{n1MdZ>`zVS
z^D>Q@xq$h<F~=>2<6J7=`rE(1Di2ma`l>ud_ga_g#`MGI3tzUr&kJ-u|4MJx>U7mA
zO_fWWPOT@)-EUu8>ygl%+N3g}z0YJ0$8@tr0n-*4Ud>-{NJjfr-R-1lzs~Qfd#YFv
em&u;9ao7GwsaHMMnBU#Ku0+fsS*-a<Qz!t!Ww*Hi

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPEE33.cert b/nss/tests/libpkix/certs/OCSPEE33.cert
new file mode 100644
index 0000000000000000000000000000000000000000..4a3c1022838d3a65bf8844a4f455980164fcc5b9
GIT binary patch
literal 552
zcmXqLVp1_^V(eYO%*4pV#K>&G%f_kI=F#?@mywZ`mBGNyklTQhjX9KsO_(V(*igWL
z55(aTX7_gv4sdofHk37x28l2Wi$FybJo8FYi*i#_G80Qu4HU$A4UG*<42+EoOpJ`p
zq9pi@49tuTfDkHRV1{agpaDO`1`d#UuCB($h9U++5G%N0LJF>~295KP-O9+yz}(o&
zV9?mf)Y!<dO770Pi&Z~9%T^k;uruG@@m_P%a-Dg#Tl19vq->v2z43gy#;yy3f1-B0
zX86$WXE5vY<2uvj3<}PA4VGTsD}Q7b-P#_^Sh6BQKViwYMP{#qn1vsGe>^!!R#U}%
z?vBVgn_I=>&-<rnc%Cn1T$o<AOkH~N0!snS59fCmEp>@<tPE#jW@KPoY++z#V8X_s
z%?1ofc1A`P4Ffd;6&T-uu}vbQq@=(~Uq3&&xIizvG_yi4CDqEv)Y1~!W57sY2Kp%e
z#uG+a4)Zz7nXagpK0L<%<I<8ToF^TQFvwl}KD#b=Yv8dh+Ew{!N9GmAbj3=XdU~Vm
z)#CRv9M*k~FOxERnJ3eJ<*C<Uq1Pev9K3?-)D!Ng&gm#RaaMt^bRm<Zr0Xq4U8$K9
iWtQ)_dr4*{d-#FV{82xx+&>z%xgE)S?3w-I=Uf2O;I?c4

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPRoot.cert b/nss/tests/libpkix/certs/OCSPRoot.cert
new file mode 100644
index 0000000000000000000000000000000000000000..8abc6bc87d397e1d9aecabd5aae3921a5a084de9
GIT binary patch
literal 549
zcmXqLVp23{V(ePL%*4pV#3I45ZIuBp8>d#AN85K^Mn+av1_NtDZUas>=1>+kVW!Yv
zLqP+65Qj^c!{0eLASge-#8A>e93;dnEC3Ty2=ez2QE+xNP!Q)eG&V3XFg7wUF)}ue
zlHfNoFhdrg%=pIn$gX8%WngaXWiV*$WNK_=m~%tp{+y`nK8__j^A;bNIq5)-j!($E
zx_#ltRt9{X@ANI2_vZs&6TiUYnR|kHxJ4Gdc%|0c$Yok)$HupX{f>Cg593dfCk)fB
z>3ujDbEqmu=wsO$57B9r+uz%T|2ihT^ynAERo~vt;%ey0XsYy><|{gV$vG2EkNQUc
zWsb}zdXGJ4VrFDuTx?*VXCTPNnb79J*!IJTk&%UknTdhjfCm_0vcfE^2F#3%{|&f7
zJbsWABO9`ZfWglU^ogA3{f=!_RqvnA`FU)QwqCN9Cr_T*gAkz`H~cScY3b@xp7UQ+
zw0+@%*;f<xu2}J6V{7s0X%|xBukb{ko3cCL+bxw}x0<?(eabe}zP>lvKmVViX7PsI
y%X8)8+Z;0`6|ZTWRyFdwp!(sor_<8I<+p@#=7>C-e{E9Ayk@0ycN$N%_yPdPL%V1I

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/OCSPRoot.p12 b/nss/tests/libpkix/certs/OCSPRoot.p12
new file mode 100644
index 0000000000000000000000000000000000000000..166baf3f4472a4f4af5dfb124b49fe8274d73f8d
GIT binary patch
literal 1668
zcmZvbdpOez7{|BYW;2cL(P|n^&RjaV{YFVQBef7Q3P<J=npBGINI1-8Ivr)y$#I)p
zL$2jIn#@|9QmR#kLoN+Djzl%0c66?t=Q;2Dyzd|1=Y79_eLo-@fWkmF0<|gGE?KS$
zMMCr0x@>p?!T@Cdj|{_r39wZwgG8+Q>jSL<1@aSsYA^w~4(cLQ{+3s4*TS*cwL@?G
zl1(E8m<$2t*1qikfP4f`0NBr-J|_yYil?>&UpRf^H9;>p?QJ8!;gckF{=p1fZ}CFd
zM<PF@Simkc;4B&iONI1TcBa4v<3xi(N6YZlvAp8vQSrtS3*w9QMGj7s8(&uxvQ~fR
zUKxY@M$#Lz$54KVB0W~%<dS4=!apkLf7EF;QP7l|L2WrdX@4kWtcqDGw6Uz7#HZp@
zTXCPJXQ${H;X~8o9{!hbb%2yIAjs_n9<#~@Dpil9o%KGA+4lYTl<K5w+f;<!`4=3m
z{FW}SYt9Xjy+Sk&hH%*ZV<5LE>Llgvv^9vl8;gJ|E|fD{QA-9<yAw!*d5pVBamk4!
z35wdfIFf}8?H!qUyUcW2J}pt`G>3DYW2|m2Uh&b)Qh7FN*wVX5v*>-TCkx@?XamL(
z!jdE~a=uZTninMj=Yl8OmkvAYOZl+@p1n!kH_v+ql7NuW4_+_Z)h8#XqY0s$8Cw7C
z3=!p6%s}?(cl+p+%2zVElcoc&?bpY681p@8Odpfbm1{B3Z7i>vjT_tM7ew!=@Fdx5
zt=A&rFI#mf5&DA^zq}zN=jQ*`DfFK&jnx9x4yL1;OCk^~b`nzBI;Lx0;=@Sn@V0*K
zXpX;M;d5z}U)w^ecds?^D8Dj$v86i}+1AeZz~`+pHzp2Ec!@1qo~}+|D)a06fks&m
zUL>+EDcYO5?tKPO&u`<T<X~#ee>sld#7`qYDP$bs#kwt8wqlbBA6t{n7=~WU1Qk=J
zcoc|!f)Xh6^wHVLA-#;(xfg@(O(Gd8^=w>;%$XxlMxW&rpLzIk;u*c@_|*^mI?p=y
zjtZ!wLRp%k)A`Z*nI3a|L3ad=TE;9#7nPE!p!PqZN8!loL@dM^VheGDxIkPXr&gK;
zlKwqdLtYEVHSF!l+MjsOX~A-I;6cu@p3qY58OR^?B`Jvf6>tD3<Vy|uA21M~!C)u(
z9ff9B8tS%uI~YDc!1@eE{t9?NrdD9z7;>|EA@jZI3|y`dKgPto+!wDf8Z<S*B5*FL
z8d+RdGud6KB*MaI=_B;SL?ha7=fMw8{2ON-SS)FI`d09OyLg?Q>c#k+0PHT8LXJ!O
zbvuVXh2$vT>mj^@kz(d_DNUS==OgD0Y4aABJGT%lVBdv_nTHNs^QDFs-6YQXZl;&%
zt~+cmBNHy4<Fw~O0xRbV&cvtW2_MH5*O0cPMVS_L6Y8%M)S?$MuMK5<k}=|fdAH7K
zm^pY1=go#i^u;~*hB;b+-eW?2rFUos&ZCC<#6_d3tWM-wDjg~LiA<~+G_sGXNfQ?a
z85G)6O>3IG{1``=%=O{zQ%ylYC*ux#m~CmZIMFb7tS?(0Sh)wGb-i)+<t4a!*sXA1
zT6ED|M7j)BReHN2fE+cu9qyDqMQPvqUdXbX61aITr01n&zA=!lNt(CW9XcXEF@7ps
z988-IpjW?o;G<!0Gub8LC7ujuQ|EIDnrB^gqtnLax!;Z>UF+=yQ?1KOSG7GNfq0j#
zKdhlvxYM!961M?I8uywH**`yB$-7ywBZ${2Qk%08UfCIFKJrj^u>6krzG%t&%F*Fn
z`%K-N&#gU(Zr<qT2i<;?p>3sN)~Tp}r;}xU(z|WLMz!VJb2l)D4{#h0VYwS)Bnurn
znXx@}jKc*+U*GGBwH=%HRWljP9n;i+*Y@wHX($CAqzt_{Wq4j^FmYJDu3FQ>D^kYj
zXdW@^tMSoE*G9kU*gT_QzT-&u%%HE>t<BEmUTeaV<pJtiTjls_UW)7L{oJSeLH<P9
z&oEK4L{T=BW6%+H$FuLvg-=~r+q!0M6W#Ty{|><!=ul?l@sJ0Rqxi5n32q$jL(94C
zJbmlsS3AAn%1tcHW$h~Ysy{>j<p#HbIv@(6WT*xM2uct*j!njwH=2<)gcdkw+3Tzs
fRwel*!m)x~F%BY+wr?7DZF<{lnZf%UdI;oq)?N3Y

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/PayPalEE.cert b/nss/tests/libpkix/certs/PayPalEE.cert
new file mode 100644
index 0000000000000000000000000000000000000000..d71fbb5016b2ac180a61303d2aa2732910aa7a4b
GIT binary patch
literal 1376
zcmXqLVvR9qVsTl(%*4pVB*1j*!`#KcY~J;Vq_QlrJ*IEK%f_kI=F#?@mywa1mBFCE
zklTQhjX9KsO_(V(*ih6!7{uWc=5fhP&vZ^LDpByvOE#1=5C;i!3k#H&m+PefrILYC
zddc~@hWZA&ASq^HHMovo4@V;fkIeK81;^sz(xSw?<Wz;=)S|M~A_Zqh137VCLo-7|
z0}}%<hyrpgfLudEBM?8zpcd6d!UlpM^ErgMoD*|0)AEb*G7}924fsKV?7|$uiFpcM
z`NgS7E)Pho3`oq;0XbaHP|838;&MTVutGpleoAR_NoIbYA=GGQVXlJ2%7VlkkbexC
z7?qI2h>?|nxrvdV0VvMJ)WpchaH_62%Jo=gQ&1?+{qo4|)pEj%xAmmC-{kvT?6KpY
zi(g%S7t=K5d<%~S$D$@SZQgkB30GP8?~Kw9R@X|7*=##na-r~A|CL!<cf@;lFehLA
zC+^7Y+H|^NsfB@q;mHQGcLvixE2p&_7Cq)7Uw+`z<sS92hpN#Pf4K!0+)OUIa<fx5
zHSkfPH%n!aNN(QJEYT=W{y&Gm)%iU<?w#u=%EEK&3-?(^J@)5&mffm2<N36tbqnLF
z{h9mY#B(Ag+EwpXw#{<a`xMT=m>%;g`L<)`m01dZeN5S+g8v&=gm<jUkmX1bz28zV
z=n>}hPdUqtODwJI<i@)8V7Wa0@}G<g1Z^HNF*7nSE^cCc3=EO`2J*nbl~rbuFc51H
z3C#FEVLcOjsm+<2sVPZ|gmy$0SsTcL6!5W#v50)0ppyF3T=gkac<LMNuUd01F(|Gu
z5CusKvhW%3G$BU<A4r&=k?}tZ3o{ez0*EQ9EMf*CY#iEbjI6Be%#3grlR+s+xjajr
zL5_jR0;2^6ZF(6cB?VUc`pHE(#wf{Ezc?e&NH-%<w-}rrb<<7tfNC&xnGmDP2V|`R
zi>raNfjJvzLYoI;+us~UMguJa4VdGY7{z2jZYc&j20iQOI|l?CaImqZH}U{;szGBj
zOcNs`OSwU*feMUoz}O}M^-z9taRG|c41D3LnA#j+-cAH%&tepX`mpQ?%AKIh3D295
ztm*6s42cp09+01eK_Sm%z<`_)fQ1DxBQP>3?%p&zyXNcsWp4js+um<0pEaGwsXLB0
z_T!b?uibte5Yb7n>YS_B=VI$JuYba--TS{qi#$;mQOcZa^Ox64<DmDG=e{E6zMRnz
zl4P8(7N4^#VNYGw?o(4sr#$+4sv~nt*t}_9f1a^lwbP{O?1p`Z)!U0hJZ9YZp?_5J
zVOkJJ6z~7Lf;a2tKCv%*70~H3wO9CZ*7Jq-;gekS_BtH=6E^Qi`AnwUk8kwX+gUGb
zWBVOpHnUsC=ayn<W7Z^9S(BF&4mkDqcD;0;rq?&&)$G)>D?Pq1legQK{M~KSsVDEd
qzZfLBn!dexl#jFb`lZ<WY;$k**RxM@{h%k;WAQU%y=m8(m#qL5@YweN

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/PayPalICA.cert b/nss/tests/libpkix/certs/PayPalICA.cert
new file mode 100644
index 0000000000000000000000000000000000000000..07e025defbc58b3190f341c520ba3d26fc4cd59e
GIT binary patch
literal 1205
zcmXqLV%ccW#5{8WGZP~dlK{)Z=S%LyeEOVwK-+0Ytmu3LUN%mxHjlRNyo`+8tPBP@
zhTI06Y|No7Y{E>T!G@v+!XOTpFpo=SdZu$~QHg?QUb3O2fjCH*TUemHyj(8@D3uJ9
z(o4?IHPklH1W7RqE5UVmWTs~*I2IR|7A58-rz*IHDFo%`mnb+p8pw(B8X6lK7#SHF
z82~|)IIocf64#)BQrGAk=t5kh26s)chog}Knv;T4i^@`qKrU)xR6-6CMpg#qCPsb+
zpg0#(6C)$Twg>u$RM<}BvczA1&y~Wqsa8oXRcxJ;!|Zc+=Fcx<w>xYQ+Ag`%e+pmJ
z6#3AwEr*!2)?b+Mj@#k-kqg#ECq(AGpRiGI<+@8Jb~szz<mSG5b?R4#^(SQC`p$_D
z-`*CGG4pHJtxLyQ<yTBUd1uMSrWV~}YnRSBF4?rKl|RlULd(4Wujxl_4t1lbue-bF
zE!i7*LH*HPYbWEytQtplYn++2Mq8P;;#l>wxWesTb{xMOw~L7_oU1J4`}F!Gjy0uA
z=IlBvzDdr-G_^ih)$*bY*Q{h|$w?&{T;_)k1$msdj9RqqVeG-X3lw%JE}E>CFXE->
zc>Hbd>`xy0pP9cd%9s?aANQDvnUR5UaTB8_FhpDpgn)r7E6m9FpM}GK4M;IDG8piI
z#P~sCEWjk!W*`gVtFnk0h_G>JvoW%=vNJQnSxg2dFg7D2i-v)kfeMUoz}O~{QBqQ1
zrLUi#TwH*X$_%_ghRU<J7&sX?EU;T((`E%#np~7)f}&I(7V)4chbKbUFi;Y7cGLr^
zH?Rd6rodumU}9jz#sXwA7-$)2z}&&aC?*3kycp;Z^wh5J91slgARmhui%4L`{|W1v
z*h_8B+)PbLS|qe1vdG#%9%Q;Qi-dt#gUCj^!<o!K_PaA)nV}}d!Sp^kMf)&vas%c-
zU~*$*km#D)$^0z$e#{@)j8|U$&DR3;d$V1{=B-KodMPibWoGxP#=@59w<dlYwpUKl
zJfqu?^`TGUVdav4%<jUkzP6o;EUf*)GA;XZWQ6U%%Z92k5*96spUrRj+Y>#*(C=);
zJgL8}r#)AFQtzHw^v7=1RY&eySIrjgm&tSYtdG0tQNw)mZ@1@y8EQ@rudhuKT#~{S
z9&+TX>@}vi>^1L>G|Unz`V}_$`v3g~t!xJSx$FJ@hqKOAdE0te`}eZa6>D_G-q%*D
zZ+d-bE;swDRjrp97b|EuMmlR;YJ9xv+nZ|Z@@)=D4Xlo?jPJ$S?Cu>fo}GR<QLm`|
SN#-9RhHwYDg0FHXw*Ua_n4#tX

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/PayPalRootCA.cert b/nss/tests/libpkix/certs/PayPalRootCA.cert
new file mode 100644
index 0000000000000000000000000000000000000000..dae0196507d9166bbf9de6ed93ed5bd91d2a6f7c
GIT binary patch
literal 969
zcmXqLVm@ln#I$w+GZP~dlK|727_}^JhuQtym7mtRsg@h?vT<s)d9;1!Wn^S!WiZGw
z<Tl`BV-96u6J`nxHWW1w264EAd0aBnGo4e5N)$Zvk_{yd#6iN`!UE;x<$5VVsbrv(
zUUGh}p|*i0NQzll39iE<Gd)AWvADRjC^0WNRlzk(At*n;M8Vn7Ku(<3z|7Fl&;SCW
z#CeT@JUExmu4!UaLJkf_RtDxKMt%l^CPpr%CPqevV`rWgKl^=U_fuV6qh<G>Hrk&&
ztLnL}Q0ws3DJJQQxMViOXD)Ntcx3yg{tGjftaOaDx_oEKHJjTd7E8R&_^LL2_gWe(
zWby8^XKvxdy5w!Em&G4m((=PUDRAG9qi=3oOnS`rlw%^#5e>)C->0KGMe7P*nC|y2
z;<VjoWf2fvZYbTm`M8SftmSKR8API3w(k;t9mqAq(NW1SHL<<XF<@C`Oy@mGukfpS
z&theQb?RoEm0}ZHl2LrYghe=JVd3Sdn$X*EDG$xt4Z>KS3U1MC5c*hY*|CU8utq&?
zd&l;QPp7z6SghtsIkZ15c52JPg{pGxu~Grt3PNWbcjs{jTI}#X&BV;ez_>WsAklyi
z7{#*ujEw(TSb)i@&43@o7Y6ZJ4VZzHfh<UXk420{WTV~TOy(c^-5IaUP?O?ddY_!4
zeb_)AB(2OMVIbCkT>)yU1V#fRgNzj0^gGw*%(v-CW8(-{yshZ|Lo0pNehH&82Z8W|
zU7xFN3a0j%{+jp4b?dyFK8D^qCcbdi>Dyd!?)Ky0%ED_;6{j%X3T>aIlJc!9?aaM7
z=4V%!Y|Nakd}3aOl6Haf<4||QM9KFNM_cv%48AQe6jMI&{86fy@#+0i(hF>VoQmr<
z>`vh5)a7A|3EF<-C)bRNqVe;E_SKjrTkLgNQvXCvo9oE*Ox~A0j}8cg?>JE=G%@s(
zN9K(^T1?UWE>{!`Z-3cUpcXqJVcs5ZaZdd$r{$b8PO_^XycF~OmEz6}p*c2l_Rss%
i5HmaZ>>Kx0s_N+r%s(?U)rMSO`QxRY@Z$0p@?HQubYDLJ

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/TestCA.ca.cert b/nss/tests/libpkix/certs/TestCA.ca.cert
new file mode 100644
index 0000000000000000000000000000000000000000..929b793d39d6cfab9f32a288cb31e798fa0428d2
GIT binary patch
literal 628
zcmXqLVk$6bV!XM4nTe5!iILHOmyJ`a&7<u*FC!x>D}zCbA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?WiWmri#F&M-fjotf)Z!8aXGa4Cab81X10y2?Lo*{&1Jfu8ej@`jWC1$4qj5g6
z{~1{sm>YW;3>rI`8XFmoL{w-k?h^6brYrpV(T1m4O#kZ_Yqq}*Fgc*7Hfh1RQjNBx
zqz<m53rx+w{5-RWea?h#{_JDcJ5J}U-OIsc!@F<NwtYqK4hIXc?D0J*q+@&HMH=Hj
z;mcFjdhL4^<g)wVqv{g@;nlAeyjIy&-?>95eBs##F^uNR)myhr|2s3R)!{G`Gb01z
zVgmy`U=(mBw0SVL{cvJrWMN@uVqiDm0S2n9Fbk^zGb7`F18xwHA0)-dhU_6=gfatt
zvg?mY#lnN^0XZH{C+`00iM+Ai)~9_($Yh1&hhh@Tf34a)>4?;_XFKNHK5(ex@{zeG
zy45yZ$a}G`YiaYdj_o|NE^X)kYgE3nC3j9s{zg4dh1dIHW1lVO`m{B!?@!Vu1LvLI
ltXnEyoKANBnRm)brtZyN^OpYYd*!cgzWa}HMuoX+DgZ|B(FOnj

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/TestUser50.cert b/nss/tests/libpkix/certs/TestUser50.cert
new file mode 100644
index 0000000000000000000000000000000000000000..ed71727fa26eea01b41a688ac474f5f9ffafe14e
GIT binary patch
literal 615
zcmXqLVoEk>Vmz~enTe5!iP6Y_myJ`a&7<u*FC!x>D}zCbA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?WiWmri#F&M-fjotf)Z!8aXGa4Cab81X17jltLo*{&1Jfu8ej@`jV*^9DfI(vi
zl^vpNpa}OVC!?4M$SI-4sYRv+4oUgxrNw&5`MEIfG7EDdqzxM9BL@;AD+6<5FM~m2
zCsSi1!_GfK*EC;$>HK+zUB);ds#l|>?|Xyf1D8!=qUP5R+}>sXKr~|Vqjh%;9_-6M
zd$4W0hwiFNz1w&<n1B9rD7orh&#CQymA_11`OR5Ouk~@nWUXDkGaFb>zc&i^efK5r
z{;$3kuhcCT6D-zzE@%7fz9@V9k<VYMf6cNqkJ=pL{KPi#CKEFw10%BYfN{tSbl22p
zYxZXUEB{w<wd7cTajjT7|N2vfIaa}!6-rBLUf5|Q9&vgx<=OqMsdH3Lo4F>NNpKaW
zU)n2@H~W$|*Z19@8yTFtZnjB2dDm!UKAmqfW9RW@%{w-CT8S)*U3q)G856(Rm55OB
gqZZZ+_bYSnViR=L3#(T>FI;Bxf6fX!b@Q|P0L2v1=Kufz

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/TestUser51.cert b/nss/tests/libpkix/certs/TestUser51.cert
new file mode 100644
index 0000000000000000000000000000000000000000..1b45db286f34cb0ebf0bb2572ec3251af4721dbe
GIT binary patch
literal 615
zcmXqLVoEk>Vmz~enTe5!iP6}AmyJ`a&7<u*FC!x>D}zCbA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?WiWmri#F&M-fjotf)Z!8aXGa4Cab81X17jltLo*{&1G6Xzej@`jV*^9DfI(vi
zl^vpNpa}OVC!?4M$SI-4sYRxS4oUgxrNw&5`MEIfG7EDdqzxM9BL@;AD+6<5FM~m2
zCsSi1!|tNr98K+ii)<cwebU;<{_vdLR)ye9nbJK5-xuy+v7h==`ml|%q59Du5f{FF
z{j{yJNT=?~@r|>e>hE^BIgL@nXivnQ=T*W#r97(s*M8Yx_u<F#V{IiDKP1kT58l@)
z)H6p;MEZZvANG7Hc6qZ0S8g3Uy<(Y^*WT;08tfYi?+C8oXJTe#U_^EvFb<i4?uyOn
zPMfpy>iz}sxw1_P=X35p=U$-s;~Z1XiWe%Ela78~b44Xr#hWYt>5p^EB%?$B>+j^f
z|7E#|smhiYdp>C#dtrCE{J+m7o887zdrRvi4>q{hNQ=1a4^L~J_I@E>cIAt`zd7u;
h+3<hA{PCtrlg+6c%ipd%>bgi{l|`??sTmSN9sm-X(+U6p

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/TrustAnchorRootCertificate.crt b/nss/tests/libpkix/certs/TrustAnchorRootCertificate.crt
new file mode 100644
index 0000000000000000000000000000000000000000..21f520ee56d26f8509ccf73caaf9fad08d99c0d5
GIT binary patch
literal 572
zcmXqLVzMx3VqCa@nTe5!iILHOmyJ`a&7<u*FC!x>D}#Z9A-4f18*?ZNn=n&ou%VQJ
z1c<{WEEtknT%zEdT2zvmmYJMbl3HviY9I`fV;1HKDJlg@I_4#3<QEypiSrs58kiVb
z8k(4z8yQ52^BN*^sbE9nd}LQMvNA9?_A(eWb}}_KGF%eVu%EWddG^=RCC&4eGTA<A
znmnWbyxi4w4Kel$Q{xwyhB2>u;`?^`6`qf~mdC{hxjpQN)+u;dbR_du$xiM3<>KMI
z*#(W;)6&z6A6T%t?lm#Ic3``)navu>3ZL!EFIy%ke9gFdt@2ny<l(PJ_dV&_es9z3
zvme)HIaY_5x0mU=GBGnUFfMj7a4?Vs297Krix`W@@0=^Tjq^^aSIy(yVDoC$p7#Hq
zuMGG=()^5!|5;doQNd=w58?}h_^bxZKnmH5z=&Z6`YqW@P4iRU<2}J5>NUNS@)IQs
zV>TEBB_H?O98|$4VUl{Q(oW3y#3m=p|N23p6Yu`+2v4bhQRXceC$R0?;iji2?&lqO
zcvOP*z)N`<B~~dpk?%_%?3`cY<Ne|5rR;g8fxKx+7tK#jS##Irj+FPK^#9Kft4zG=
Q%<QfGD<ys7-_nlD0LFpH!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/ValidCertificatePathTest1EE.crt b/nss/tests/libpkix/certs/ValidCertificatePathTest1EE.crt
new file mode 100644
index 0000000000000000000000000000000000000000..26985c9f60014caa8bed31443c74e3b3f5439b2a
GIT binary patch
literal 622
zcmXqLV#+dTV!XV7nTe5!iILHOmyJ`a&7<u*FC!x>D}#ZxA-4f18*?ZNn=n&ou%VQJ
z1c<{WEEtknT%zEdT2zvmmYJMbl3HviV892GV-{w2&(BX$aCS716X!KBG%zu=G&C_a
zH!_G4=QTv;8u$@!xUzvF#Biyw#GK3&1y@&O%N0PbF*InLkL-L#RtDzAUIv54PNv32
zhP6vp@6TSa;>~g{Yt7jU9PErTG}fyg_YW@=mYi@cc=yQ_W%?)nxa6%kKIQfOEmuGG
zZr!GPX3=z3`4`i9Rli^Tv2kO=%!#Lx4f<5_OrP~6&l6d_bzj-Rna6&r2nlt%FSwoU
z;S$C9*yLe%VRz_rwl15#Q1ON*JNi#0a!GGLz+SuKIukP^1LNXsgG>W?phsktStJa^
z8br41Eo(Y`=)|5C)#@(SO^xr*5}k6~Ko+Eck420{#OlnHRG!wAHU}T94>Z;i@#vp7
zF&Z4oviyvU|5;d=nOHs;h=Y_XumFSKfQOAMq0NIa6&RTY=uycG41^^a>4#Q!Y<Yb)
z{foug`zsUf`u}Y-%P?DfCWEazkhPp^&&T7*Y)TcuCzdNFt4D_)JpB1`S-;JV)tkyR
z&fgSZf4s?I?k3xyj>9RrZE^RuMOuYt+bFg+o3i;_TjDIKdDJiY-OQxD9CQ9WtNxWN
Z-0l9nCnf32`B~ZfEW#3hi7~9b4gj3h*+2jQ

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/anchor2dsa b/nss/tests/libpkix/certs/anchor2dsa
new file mode 100755
index 0000000000000000000000000000000000000000..a1f9e05f609830ad44b2669a5c944216276c28db
GIT binary patch
literal 906
zcmXqLVs0~NVtT)TnTe5!iHZH90WTY;R+~rLcV0$DR#pZB2SaWHPB!LH7B*p~&|pI;
z0|^j^OIR=@wYWsVIkl)HGc7YYu_U$FP}D#eB*!ew6H-(PlyuBX&d4t^kQ3)MFf=eR
zv@|p^H8(Pd66ZBU<{DTLZv#KjbzmFVT!I}HoE;6C7`Fql4jVhr$>%Is7=avlrp88w
z`%eY!ZoS-=Cvff6+(&b*Hn{I~VK^Rk;!NHJ<CZXYQ`>JLCmtVKyL(sZXMJOyWj_ty
zq(6Q-Gxv{X-m379B9ljb3=<wKUX#*y;G2zX|CSS89tLsstLBucao-j$Hg2AN;OORO
z=3njpi}GGssJF}T$LjVQ+-J&XIOVOGJmb(_y=oI~CQ*j-Y%DkacfV$M`7MThTJhg$
zsaE>zAg7&qShL~Wr1<1F7Q0<`-JN8zEpA_G^^L-Embq`zYOGn#ZTlSbkAG4q(|bRm
z)v>em^z*_#7re=OJ6mbT3gOc{bHrX9<myvYb6LvsbHSUW2L*;_GQM)RF7cAitNe2C
zr&*LmzTf+n;QQ%+&wP(e>Yp>`tU!Ov68<^c+2165-nYKaat3o_3j<SQgW#u~H}*Mc
zA8pw;kxAxHk5N(giX6r39bF>33{p!E$k;YzrY>JIp-M!ywfbrBp@csh&!?|H_(_k$
zD9hsbL_h02Hk=oJ7Upu?SNH5?ExEDR?ZWNArNO(}KmUqVZT7F{Dt)^0ap!W!@??j2
zZJm}&2Ma5>ZfA!}K7201Gw;YZBTK%;H3n4%vcTAs<zo?J5h)S9sv@&DF117cVK--8
z{VPcizeEFhkhC(3gn?Lt$nTshx{dQrsaMV8-C*--)}HqNp05nVK?)RD1Pu5Lc-XiS
z+B_Ijf$7+Q(SQ#m!OzI}pM?b|z-GV?;tPZLtOm?L3N4j01LMWYx=6lUXV;xKUuC0R
z&)L^6v467Z;IH{NxMF5JdRLchb?L;0M|%!jJFTH;Q08{_vMp0%$DA`IL917v4)}fK
z&eEb<<Cdwl8(7($zwD6{;Z9U|rLsI^+QDtdT>E1eEL;6ka*f7)RpG;RiubylB~`yJ
Wx0{#hB*_xAlCdt~L|2l4kQo3fPh;@_

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/crldiff.crl b/nss/tests/libpkix/certs/crldiff.crl
new file mode 100755
index 0000000000000000000000000000000000000000..d076ef89fb603aee8f7cd503e82560257c5a69ff
GIT binary patch
literal 237
zcmXqLd}YwMl8KSgfSZk7tIgw_1q(APgMqFgw*e;`b0`a&FjHwUjKd|&lu=+PXuuDW
zVHW1dNX$!1&8#dH=QS`jFf=qWG&M9bHID*v&5*bTUIxlc%#3aG(UckR0_|iDl@(=S
z;bLNB0x4o>GR3P1)s@Wp3<f$(BJrm}_rF!LVr;Bg_;RA_vK|c{UREX%{gpWfZYf4D
RKNHBBW`El{Qd6Uu2>|3#G1UM7

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/crlgood.crl b/nss/tests/libpkix/certs/crlgood.crl
new file mode 100755
index 0000000000000000000000000000000000000000..1ad019ed18a008a437571351adac7d635294fe53
GIT binary patch
literal 237
zcmXqLd}YwMl8KSgfSZk7tIgw_1q(APgMpqQw*e;`b0`a&FjHx<A&&tUh{Gk!TwI!G
zC}_YB;xP+zWF+RLrDj%^it`$n8W<Xw8yOf_8X80axn@XQ15X2GCT2!XBQ#|Oyg*Bt
zLuEx-Sh$!NSqzkzm<%lOszG%nvp$1?4wFdO$HS*K`WR&uAN*?_!ZF!KWzwg3CK1=?
Wh9RF4bJna}E<BgT9Vqs}iU9!47Bl4l

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/extKeyUsage/codeSigningEKUCert b/nss/tests/libpkix/certs/extKeyUsage/codeSigningEKUCert
new file mode 100755
index 0000000000000000000000000000000000000000..a1afd6a2d4d8128e453dfdce8cd8aa2439c33103
GIT binary patch
literal 696
zcmXqLV%lQR#8k9^nTe5!iP6b`n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>8HES{fM{n;Du#p>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFBUftH4p~I
zrmQLpDE)9~voW%=vNJQIq%>xI1_K=?k+2396(8|y=i*sJdzW%&^DSZXOk@(#$mBV2
VeM6MijGb<lD?3zPJX+n>0s!jS1<(Kh

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/extKeyUsage/multiEKUCert b/nss/tests/libpkix/certs/extKeyUsage/multiEKUCert
new file mode 100755
index 0000000000000000000000000000000000000000..55568917cca56a3e80a7074458f804ed8b044775
GIT binary patch
literal 716
zcmXqLVme{a#MHKcnTe5!iP71Bn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>8HES{fM{n;Du#p>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFV;5DG*Ab|
zrmQN9f`J?xhc+7{D=RxQGn~Z;XEC9qK4yIe105z22RBdUHO(gii*+7q-&{6#fxxAV
dJ4_<>yQjAZub#W&ON->{N54u>9Z2mK1^^OI3vK`a

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/extKeyUsage/noEKUCert b/nss/tests/libpkix/certs/extKeyUsage/noEKUCert
new file mode 100755
index 0000000000000000000000000000000000000000..f9c83dc956164a2d37fe10b659237318f265c0c4
GIT binary patch
literal 742
zcmXqLVtQoI#58{aGZP~d6N~wtv^NIaZ0uTX9_K7rm{}PNJPo-GIN6v(S=fY`N{bD7
z47flXE@9^4(mX?6pjsf0TbLy^vA6^#$t}#Bl$>YCZ@>$ZWEN(tOe`+WEHaQ2=e4vn
zurRbVGBC6>HH#AGH822jEudT=lT51&ni#hNu@21Lj6jY&Q)45;-}>N2*-|0Rp!;5P
z^xiyq{!MUukj;A+hQo694ch|MGF@XGlmdT8+V)2L+JE%xE`x8UXNTroZ?tZZHOc>!
zmasj0X28-V^XI={sTNQ=<iC66^?%!sN&m18e|~JmGEsh(-_74HAC)`IWEvtIB{tFM
zTj}R@+KJb--hWbJmYjRhgYh_%D8uxGfPPVB?lYSv?QB}~x`q2ggv?iv)4o4k(0XmQ
z?Y+}`R>zp_2;W&bW&Q47R<D|VhWl{avNxp%Muzw8x)SOCtdL!xv0;m+SfTO@9}O|#
z?dLg-dQL2RXd_nD9a7V)@nG>fIql8MN+;$muIK)xXqxo#cTyFjiuIW#ANQ>YoY1+V
z`ToPGr}Nn+b*IHOREMgjF#1^kJMXE*+}OmxRG;kb|4sAhj75rnZ%v<Pe`<rcXK&YX
zHr{0w(=8*7ixw>{xoY+PSq=O3zP^iT#WO`%rhPTMR`l*t@Q(>wKOg>>vP){-0j^t<
zJdR#&sq^4WyBWBvBrK}Dt7q1nZ!JQJLV<UV`L|4YbGjn1xksTZxcbsIv-<(2Q{_(w
zgm&BiepG&XvATh(0Y5O6$nrBX{%2ujW@cZ)U?2n%5C#cw7_b2;CPoI7G|6nhV4%w+
xVl*f2xl(%RwvF5pKfZ4|d%^tv0YhMbcc~RATYNgp$zqyuOymJ~#O7^}830hL6&e5l

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameDnCert b/nss/tests/libpkix/certs/generalName/altNameDnCert
new file mode 100755
index 0000000000000000000000000000000000000000..43dac7341337fdd27cc5f6c2bab724ef82305621
GIT binary patch
literal 748
zcmXqLVtQfF#I$SyGZP~d6Qia9HygWFo5wi|7G_ok11&>t15P&PP!={}rqW_V9s@2A
zhfA2bxHQj@7pNA<;}&MgNlYp>kQ3)MFflMPFf%eXGBmP`LgN}(6K|FwzX31EXl7xy
z%EaR0%p!v(#_d3?19KZAkR#93*vRm=KDbe~R7f-EzSkVRH&32_6WktT^WKHwu$+Cv
zwm`K^*H{Ooz~7O!y%E3mAN{(^;M?ihp*hzZts7)b@;{{|Y|ow<uyo1%`7c<i1(Xi?
z?_PQR-}YnDKdi%_A6v0Zl%M5y^S8@K<qk8Mh6qQAO*Hye`gxsp;&rX}pOly-=U((+
zJkBJ_Fg+olUsRd<%%({@n-;xp;r<XI^A+T@?++KWUYl)u@ARJ4F=ji$cUDeWzx$Wf
ztEQjfKHRqKP3eJ=;eETVMEXA~WEW^`*y1TxsQki5Lri%4c}}CA6U!djh*fom)bwgR
zSiDY7d-Jl=iFu3bxqm5|CVl*!RK=)beP+qWeJcVdbgpQ=|1j$5e6~s5X>kqJp{gm2
zKGy%vdulN^wlFX?Ht<dgZrZ=+^Y>isJzu`r9qbR|n))clm;dpRpnDF}Zc7&#7#_Z4
z+B>ztz^X;JJjUmY3Ag?J)fzV@U9b!<2%XUzwa0pOVQIl>mhXPyH!jv_Ets)nmB!=7
zJF8}|T9?;wN9?Zp=kL#^mFAY{x9~O@Hcb&sol=*3b~1bB<O8<HZDZE#UhHk)Y2Xfw
zO<6$}2Lrn$HU?HCBm_PK9!Nr9P0h(ktwc$k%=!!lI!q#R)AhUdgy~ll8Sjru{{5@u
fiT@-gCXrC~$$O?%9GY2PDCxLF$g5z<?ftI-hujq5

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameDnCert_diff b/nss/tests/libpkix/certs/generalName/altNameDnCert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..04d133f74195cd60d634977d8b22f848c48005f6
GIT binary patch
literal 747
zcmXqLVtQ`S#I$q)GZP~d6Qhj*HygWFo5wi|7G_ok11&>t15P&PP!={}rqW_V9s@2A
zhfA2bxHQj@7pNA<;}&MgNlYp>kQ3)MFflMPGB+|bFf}oXLgN}(6K|FwzX31EXl7xy
z%EaR0%p!v(#_d3?19KZAkR#93*vRm=KDbe~R7f-EzSkVRH&32_6WktT^WKHwu$+Cv
zwm`K^*H{Ooz~7O!y%E3mAN{(^;M?ihp*hzZts7)b@;{{|Y|ow<uyo1%`7c<i1(Xi?
z?_PQR-}YnDKdi%_A6v0Zl%M5y^S8@K<qk8Mh6qQAO*Hye`gxsp;&rX}pOly-=U((+
zJkBJ_Fg+olUsRd<%%({@n-;xp;r<XI^A+T@?++KWUYl)u@ARJ4F=ji$cUDeWzx$Wf
ztEQjfKHRqKP3eJ=;eETVMEXA~WEW^`*y1TxsQki5Lri%4c}}CA6U!djh*fom)bwgR
zSiDY7d-Jl=iFu3bxqm5|CVl*!RK=)beP+qWeJcVdbgpQ=|1j$5e6~s5X>kqJp{gm2
zKGy%vdulN^wlFX?Ht<dgZrZ=+^Y>isJzu`r9qbR|n))clm;dpRpnDF}Zc7&#7#_Z4
z+B>ztz^X;JJjUmY3Ag?J)fzV@U9b!<2%XUzwa0pOVQIl>mhXPyH!jv_Ets)nmB!=7
zJF8}|T9?;wN9?Zp=kL#^mFAY{x9~O@Hcb&sol=*3b~1bB<O8<HZDZE#UhHMyVc-Ug
zO<6$}djs1g)&`dN5&|@daSJmiCFdFP8Sp^T0c&bbPHH7e;$+rmFwkKVv0-#w5Md`E
oWIMww?VzvHBSYS|^-Lnt31Y!_45o)vX=@)Y5!^6i_qnW603x3dcmMzZ

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameDnsCert b/nss/tests/libpkix/certs/generalName/altNameDnsCert
new file mode 100755
index 0000000000000000000000000000000000000000..63754141afb4d4c211b2a82ae22a3ad02087c203
GIT binary patch
literal 700
zcmXqLV%lNQ#8kF`nTe5!iBZ{rn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uuSsI!dnVOnMp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFP1itG!O^I
zrmP@~fB|0<PikUui5@Wh=q2apqNFxveFg&^CK0*q;W-*<S?_#4^hz$1dVQtrh~YdY
ak%Z?PY`3sYTs7fyqHyVtd0spUX1f4Gk_~zQ

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameDnsCert_diff b/nss/tests/libpkix/certs/generalName/altNameDnsCert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..4fe947e7362c46bf23aeaa7df23d164f18db2fa8
GIT binary patch
literal 700
zcmXqLV%lNQ#8kF`nTe5!iP6%4n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3utnHw1zn3@<xp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFP1itG!O^I
zrmP@~fB|0<PkCx_i5@Wh=q2apqNFxveFg&^CJ`&)5@{2y?HW1y=dP-sIPzvoz_yo6
aBBCmKiH4uGZ@s_ne(900%a-}Ba=ic^01Ws5

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameEdiCert b/nss/tests/libpkix/certs/generalName/altNameEdiCert
new file mode 100755
index 0000000000000000000000000000000000000000..95ec20423f979a3fc01f4bb4aa6c24e4a39f53ae
GIT binary patch
literal 702
zcmXqLV%lZU#8kF`nTe5!iBZRZn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3utSQ=WI7@HbJp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFP1itG!O^I
zrmP@~fC1l9o<=TVj?|RQfW)GbN|e;bY{+1s2Mo~Ob*`@~TW+MX2j(+>;rg8r5_h5o
bDBL!syqEp{-z?$#C%3mN{g}p>So0kKFuD#P

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameEdiCert_diff b/nss/tests/libpkix/certs/generalName/altNameEdiCert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..50e5440d9372e86e475576926c0bde018db69bca
GIT binary patch
literal 700
zcmXqLV%lNQ#8kF`nTe5!iP6=7n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!V|Hjp$B
z2gatXAd7$j-%_4NE@2K}@(D;RDyc+CZOr-%20Bb40W7N@_Hv7|&S(8}N9~e~f%_cc
ck4z%&3J1)z?3Nu|;~9PCnPZqx)!LL}0P#W!?f?J)

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameIpCert b/nss/tests/libpkix/certs/generalName/altNameIpCert
new file mode 100755
index 0000000000000000000000000000000000000000..5f0e528a1e335570e1a1a57d60b0a9739fafdb12
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iBZ*nn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uuSsI!dnVOnMp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFBUcsG~fru
zrmP?fhXGqV3nLRV3rZ?u)@Lx#VG;@7pFH!1{uiN=+P(vf;&qOWg6e;nM1-2Bergo+
SG8CCtw9ssy45y%6|4aZ8It4-i

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameIpCert_diff b/nss/tests/libpkix/certs/generalName/altNameIpCert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..2407be54fb2a6790a02be386c508150773a79818
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6r0n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3utnHw1zn3@<xp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFBUcsG~fru
zrmP?fhXGqVOT7puBT6b`)@Lx#VG>E-+0TB^rf>Gbxo7t7n~)_ceBsXmCK3CHBTj49
UZVvbq|Lx)8z3&djWz<{+0HKr&`~Uy|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameNoneCert b/nss/tests/libpkix/certs/generalName/altNameNoneCert
new file mode 100755
index 0000000000000000000000000000000000000000..f9c83dc956164a2d37fe10b659237318f265c0c4
GIT binary patch
literal 742
zcmXqLVtQoI#58{aGZP~d6N~wtv^NIaZ0uTX9_K7rm{}PNJPo-GIN6v(S=fY`N{bD7
z47flXE@9^4(mX?6pjsf0TbLy^vA6^#$t}#Bl$>YCZ@>$ZWEN(tOe`+WEHaQ2=e4vn
zurRbVGBC6>HH#AGH822jEudT=lT51&ni#hNu@21Lj6jY&Q)45;-}>N2*-|0Rp!;5P
z^xiyq{!MUukj;A+hQo694ch|MGF@XGlmdT8+V)2L+JE%xE`x8UXNTroZ?tZZHOc>!
zmasj0X28-V^XI={sTNQ=<iC66^?%!sN&m18e|~JmGEsh(-_74HAC)`IWEvtIB{tFM
zTj}R@+KJb--hWbJmYjRhgYh_%D8uxGfPPVB?lYSv?QB}~x`q2ggv?iv)4o4k(0XmQ
z?Y+}`R>zp_2;W&bW&Q47R<D|VhWl{avNxp%Muzw8x)SOCtdL!xv0;m+SfTO@9}O|#
z?dLg-dQL2RXd_nD9a7V)@nG>fIql8MN+;$muIK)xXqxo#cTyFjiuIW#ANQ>YoY1+V
z`ToPGr}Nn+b*IHOREMgjF#1^kJMXE*+}OmxRG;kb|4sAhj75rnZ%v<Pe`<rcXK&YX
zHr{0w(=8*7ixw>{xoY+PSq=O3zP^iT#WO`%rhPTMR`l*t@Q(>wKOg>>vP){-0j^t<
zJdR#&sq^4WyBWBvBrK}Dt7q1nZ!JQJLV<UV`L|4YbGjn1xksTZxcbsIv-<(2Q{_(w
zgm&BiepG&XvATh(0Y5O6$nrBX{%2ujW@cZ)U?2n%5C#cw7_b2;CPoI7G|6nhV4%w+
xVl*f2xl(%RwvF5pKfZ4|d%^tv0YhMbcc~RATYNgp$zqyuOymJ~#O7^}830hL6&e5l

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameOidCert b/nss/tests/libpkix/certs/generalName/altNameOidCert
new file mode 100755
index 0000000000000000000000000000000000000000..fa92c9ecd8536b03f968c7b918d18ec86e987e39
GIT binary patch
literal 691
zcmXqLVp?y|#FVpunTe5!iBZjfn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uuSsI!dnVOnMp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFBUX_#HOqu
z3!4E;2a}dMN*ZG}U@*{S5>Z@aedJrK3e){X4Sk(^C0?xISH21i+>RW{(;XaXvvW-6
O-<x1J^POTuSPcMThX{iJ

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameOidCert_diff b/nss/tests/libpkix/certs/generalName/altNameOidCert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..635e4d143b8599566f6862da0b0343af437a77a9
GIT binary patch
literal 694
zcmXqLV%lWT#8j|=nTe5!iP7GGn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3utnHw1zn3@<xp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFBUZrHV_2H
zrmP?fmjOoy8!&aXeFvo-L^@;EXE4xV5=puI;eo>H)&oM46Hl!z-s9doL%fnnME1kt
W+&B4}B@a1t7$!Tvx*+s^lNbQ|T?@4U

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameOtherCert b/nss/tests/libpkix/certs/generalName/altNameOtherCert
new file mode 100755
index 0000000000000000000000000000000000000000..bdfc7cb6a03c29206d611d8a147fa1a41b7ca522
GIT binary patch
literal 698
zcmXqLV%lcV#8k3?nTe5!iP6}An~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3ut8W>s_m>HNyp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFP1bAHxLEJ
zrmP?fp8?MTU<%TgN?gD!%$SIh)|mAf40M=8a(48V$>?e9-hS|0spevK9plAqkC{aH
YR=?R<;pvdp-TO@b|5uJCOQ%zl0dlemw*UYD

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameOtherCert_diff b/nss/tests/libpkix/certs/generalName/altNameOtherCert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..bfc8a797371f55b760cf9f56c77e00200d493427
GIT binary patch
literal 698
zcmXqLV%lcV#8k3?nTe5!iP71Bn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!V|G!Qos
z1;(bVAPb)X&jMfyGLTAKz%0y|gp$^n^%)Fwm_!Qu9_BCL=lH*x-&8rwuqXb@k1Ay*
ak-(>S6(2>NvXiO|RJm50;J{|TJ_G=Z%n1$v

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameRfc822Cert b/nss/tests/libpkix/certs/generalName/altNameRfc822Cert
new file mode 100755
index 0000000000000000000000000000000000000000..9ad3271ab9d120ea75301f723da1a70d8fdaab69
GIT binary patch
literal 740
zcmXqLVtQcE#58XKGZP~d6N_cci#!8vHg>Hxk8>6*%&ZIsT87*PoNUaYENsF|rNxFk
z23#NxmoRg2X`Uf3P%V(hEzFXdSX^QtC(dhNU|?o!U}#}%YGf7#=2{wAK)D9~#G3`P
zh+CLBDLKzj)Ib<y5wkE)VoqjqYJ5^+QC@1XK@;P4Al8Aoml4R3XKHL@_*);`C|fF|
z8Fb%kj^3Lm&%X(753+gh!f;s5zF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8
zvL^YT(h|03&kR_)Wd8gYEY$)^hx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3
zqr@f}eJlOEPCN0s*85LN%#w32dN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY
z3tF$uw!L?H&*~Vn9pO7Gr>x)o%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI
z;iDlYy!||<QO}8G4{gM%x<hJuH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-
zffG7cG~a(1^>jYlr0%r1hU!q&6h<HGf9E~5m>XLdm>L_B7p#79qb4cV)mO!F<FSdh
zDyn|2n?5rZY?pm&&9vjn_InQuT;D64xNXq2$7YRNr~Jo-zKb|tPf2}!;7s0>50jps
zs4Calm+baNW41-{f$y&a6!d=Iu<^Gx*P8VH!R9x?>38I#v)^(Za%(@dJG|=BquslI
zraTPIHkY2YcuVPSzK4;Ebqur&G=Om`E6Ac~Am1npj#oWMygC4*To06@^ni&>FF8LK
zB}p>tGZ^SFiR8QuT@~vpP-n2ZL+?u}(~n<H6<e4@%;w5GoMI@*6=veM+EeGfSs2UI
F1^{TO8+ZT!

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameRfc822Cert_diff b/nss/tests/libpkix/certs/generalName/altNameRfc822Cert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..b8e5b2e7094009b3d71dccbc0582313540856c95
GIT binary patch
literal 703
zcmXqLV%lxc#8k0>nTe5!iP74Cn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3utnHw1zn3@<xp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFP1fsHjo6y
zrmP@~kbyuWA0$Q{fGJ2XIX@RAy)hdw80Z3nw7XM!`SX~d+8IkPXRLEe5DgD{d7Mdv
YDTd3{rnqydor8Lpaj5YUwwFDb0AvRYFaQ7m

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameRfc822DnsCert b/nss/tests/libpkix/certs/generalName/altNameRfc822DnsCert
new file mode 100755
index 0000000000000000000000000000000000000000..89be1811d3179fbe654608cce10d03ecf8387a28
GIT binary patch
literal 718
zcmXqLVmf8e#MH5XnTe5!iBZ>pn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3utSQ=WI7@HbJp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFV;2CHqZpd
zrmP@~l7T`aA0$Q{fGJ2XIX}0F56CD=tki?@QPLl?K7)Y{lZdS2()*v!X;{8~&N69F
ir^Ka>T~B^6i8$W(^RqEtnP1`hzjfQc?u1y;l}i9;%ojoc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameUriCert b/nss/tests/libpkix/certs/generalName/altNameUriCert
new file mode 100755
index 0000000000000000000000000000000000000000..1f46e79f06744424b663b94649033fcc118c545a
GIT binary patch
literal 706
zcmXqLV%lfW#8k6@nTe5!iBZLXn~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uuSsI!dnVOnMp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFIF^=H;@I!
zrmP@~n1M)}P)12fft9{~d3m`WFcs+~=jWoNIc9wZ105!j$_@O7xTfw@6bzr%rM~KQ
geYlv4DwBxScb=)c?+9nIgl^|Md93opYQO7k0El`HTL1t6

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameUriCert_diff b/nss/tests/libpkix/certs/generalName/altNameUriCert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..864e86fb58bf586e311062fce34d17df544792fc
GIT binary patch
literal 708
zcmXqLVme^Z#8kV0nTe5!iP6@8n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3utnHw1zn3@<xp>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFIF;8FpvYr
zrmP@~xPfS!a7IZ<ft9{~YGQGT9xxf{<)xOOBsyjT1_NDSxVE;e|ML20UeHda<f@%>
iHx)?4taW4(F&EAJwa$Fuq3OkXPn)(*zSZVz?Fs+~&=F(+

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameX400Cert b/nss/tests/libpkix/certs/generalName/altNameX400Cert
new file mode 100755
index 0000000000000000000000000000000000000000..b0d10cf3283ed612b83e1236e8f9ae71a2619f6e
GIT binary patch
literal 691
zcmXqLVp?y|#FV>$nTe5!iP6e{n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3ut8W>ubm>O6{p>YkYi8srT-+&inG_x>U
zWnyu0W|2V?<8~m{fw_$l$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|32qOvdGEq-SkAs-
zTcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_Sh{5X{1+_M0!oMc
zcdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)@w(RgPfE;^b1!-@
z9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q27_%MWJ1eKG-~G$#
zRnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65iDeIM#HzYOYI-#u
zEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2KHH@3w77=qP}LMh
zAM1bTJ++t{TNs!c8+a!LH|^i^`FpPRo-g0*4)%v}O??#O%m4UD&^?D~x21~=3=dy2
z?VVa+VAY~q9^-Sygxh}qYK<F{E?9;agwE)V+GD-Cu(aSb%Xh!<8y9P|7R*?(O5<_k
zomI0}t;=h;BX(E)^Y>@dN^?u}TX>rco2Ce+PN~a1JDELm@&Vi9wlQmVFBUQoFyI5m
zrmP?fy8-KBW?{xeltjj?&tRa#B%&I#^QFw%pPG-4`>x5KZY;u@HrI_wgu_E}e#*AX
S-+$Q7=bzJ^tg>>$t^WXWRSB~I

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/generalName/altNameX400Cert_diff b/nss/tests/libpkix/certs/generalName/altNameX400Cert_diff
new file mode 100755
index 0000000000000000000000000000000000000000..6523888478924d9f222fea70b7014aaeacae9220
GIT binary patch
literal 691
zcmXqLVp?y|#FV>$nTe5!iP6P?n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!UdG7vD}
z1IDJTAPc(z>tbeM#w3(P#;ng^pu;4>9BGo;E_d<g2a}fd@yFI(PSR+(%_LHJx3*`B
Uns{-~N&S}D`&;-qzANzn0DRyG#Q*>R

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/hanfeiyu2hanfeiyu b/nss/tests/libpkix/certs/hanfeiyu2hanfeiyu
new file mode 100755
index 0000000000000000000000000000000000000000..3f3452683411849d90fe26423978317ddcbf3067
GIT binary patch
literal 669
zcmXqLVw!2t#1y`OnTe5!iHYTs0XG}FR-4B;3l?Tp1_M1qZUas>=1>+kVW!ezLmmSz
z5Qj^cxwtgXP|$!M#A6ob$VkjfOU<k-HBb=eH83?WG_*7{Gqy0Yh?3wpGBUR?G&C@V
z3Xp7K6XSM+CPp2YqZol4d8WojhQIZ}jk2XennCxy=IFh7^8B0N_8^=0E)0j|>>IWP
zs%5&yIw%GHj<oHK__hD&*IfqRPR|a_x!!2qAZwEUDJ@}p_RN5#OXkmi!BQ=tbjW}A
z%Ip8OACvxJ9sc~-ie;kwEWew-T|O#zn8`FmI7)1y(YMmi>$DTEYrX%Z#4I`Yq6gz~
zCQ*jz2?710%G_r*P1@PC=yePChX|RkAg6tQxS;jgY}<RM_pFXF+Y!FAa?1MMzpP$0
z{S5cvwq<Wh4~z`&+jS+<|5+isKx4xePq9Mf7d{$d!rRYt8ugr5_RvPGsyn2nSL4Cr
zb#mI9mz7S;TU^imOVKpx<L{&@MiuKbOFr&f5jdf9Mf3fKQBUWyP3lgIYp4!YO=0x0
z{&(I}i@C9dfvK^<{n45P;s4z12U1V04~ScG_U{?B;|~j7baC%(`CGB=tnzHTnR9kY
zZ%ML^-)grhZTtDAy}nvepT#PCm`jYFJa~U*dXro6yMTw{-#gU4if^&`CA<7l7;oFs
z9Zk-af42+Yv#_1Grf>eGpSyoH@^z>#5Dk%W5{kaQA*pdmgY%^4k9E@)GZ`?Tq$Xy4
z1_K=?5ed(qlLTXOWDa~>n_;kIYt+uz2|i3BLFJW;^<(zNoeG_EHNL0unW6KXPXLFC
B3OWD)

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/hy2hc-bc b/nss/tests/libpkix/certs/hy2hc-bc
new file mode 100755
index 0000000000000000000000000000000000000000..691b8d98278a9458947d846d1ccf365057a62e7b
GIT binary patch
literal 668
zcmXqLVwz#l#1y)KnTe5!iILfWn~hzo&EuQ}3o|Q&fsP@!0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*RdZ@>%UF$=S0B<7{1W*R7n^BR~K8X1}!nwppy8bnF(o0yvz85$ZILj?@<
z@R=uQzz;ExBO|e>D6=>}&!CBM2N3JPoWuy^$TKxIGW@L%Zj>z*(hR!qHAnBwljq+A
zw+Gq0cVRdzXWy_bP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@
zT{3_E3zljDr9=L^S6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<US
zUF-cPC1%OF7d;q{Gl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd
z*^cm?l~dO5{$=&5>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2Qdf
zvWGTeRox*qy&4Y|uanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwks
zZBlnyTtjuJY6_!|^}q9;TFi~D3?O$*SbOj2YCERWe|i?2h-aPfJ+rh%R^;<G-c@Dl
z1^;d9;y(X-{_5OX&-2ZdOs_AmeyHVCr^xXu;$+>v{qJt9e|2ElWIv0{s^tCawEv{<
z@tJxkXSQ?wrz4sIp95vzwQah8-DbO9`o$P6GtmR?dk;mQ{2k+RAe!^#^hbS)PdH5F
z9a2{;W-?$vNleT@zAiA}CQSBunk@GyB=`CAyx=dIduDU)k!BJpUzcQgZ{mg+3)j;I
M6(vu5^V%%*0VN~~Z~y=R

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/hy2hy-bc0 b/nss/tests/libpkix/certs/hy2hy-bc0
new file mode 100755
index 0000000000000000000000000000000000000000..18b5fe4a8b0fa2955e51ffb497b78ebec35e09b6
GIT binary patch
literal 685
zcmXqLVp?g?#FV~(nTe4Jhzz*d*tOa`&RMW9voaXy7;+nMvN4CUun9Aj78~*yaDg~n
z!py~`d4~K3ydWO4Fk41qURr9Vfr2=%fr+7!p}C={iHWgElmx$txrvdXp`kHUfJF0}
z7<U*nG3vk^#0ccbGc`6c{H+gelr0s~47%?%NAJy(=idak2id%LVK^*j->@xEEz>pD
zK`HQeq-}4+ul+~A?lSmxdUj~e^+xLkS(E%vX$jl2X9g@?GJpOHmTCc|L;ky0UjMiK
znDh_p@aM-?EEDBt`Q7~O@=>|NOr{~iQDPH~zLkDnr=56R>-{GsX34o1Js6KOi84%2
z2<R78=03A&($1zuuUoi3M96#vIqmzy1+CX++ul39XLXF(j_{q8Q`YbPW%a7*XSffy
zEqhaXU}SjTt}BuL&kETE8XLBFiWMrq@X-(x-hQ6bsOQA8hc;qW-61u-8V?q)lhfY3
ztaM`D;(G31il#{)e<xKjs#u>{@^RmazzLlzn(sf1dODwNQg>QhLv^TX3Zswpzw@42
z%#E!KAa_hyd++FKJEqfrdKR3BXPxjpv$RH5<nuP(Rb}c0|848yKL30E>fBn-^Uak^
zuP?8DsO40r$nh)UWZk~~?{2Jrbzs?KKa0$&<o)Zk|D^BnnR+N^wsZZbBboxA17+W}
zZMuKmX1iYc#TYF!(F5*#4@IB+9piE!n)BuKM}3M<I85aoQdcY%GY~Nl0wxbxVMfOP
zEF1=GK#GZx0VR1c>jP65lZbcAf=wTG{5V{&_~KpO{Y~tVk0xzm5(zuz^x&D|u?U{!
O#S5a^(?kN|n_B^N9u8mt

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/issuer-hanfei.crl b/nss/tests/libpkix/certs/issuer-hanfei.crl
new file mode 100755
index 0000000000000000000000000000000000000000..6c9f0dbaa3402f1a76a6959d862c54db91810e8f
GIT binary patch
literal 199
zcmXqLJYvw;%*4oOz|F?4)#h=|f`yrt!9d55+klgeIh2J>n5nebkjH=v#NiTVE-uY8
z<Tv02@tB3#G7|IBQZvPQ4NMJ;49pG9j7?3<q9pi@3{4CTjf@SU0tU(kia;Asl$l2v
z@B*!54wV&UVc|lzpIIO11SXM`==skktSNZ1@s6R)?5A_W_HulB%Os-ArDUa({4h(*
Q?Cdgbha#<`-Lu{R01Lt{bN~PV

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/issuer-none.crl b/nss/tests/libpkix/certs/issuer-none.crl
new file mode 100755
index 0000000000000000000000000000000000000000..c1c83ba2cda2224001c84b66243b59d70a2e14fc
GIT binary patch
literal 196
zcmXqLJZR9^z{JRCz|F?4)#h=|f`yrt!9d%P+klgeIh2J>n5nebkQXQm<ZubI<mKn3
z!nn*3t~jrOsezG!p`nGTp`m3IkZW#eU}Op98Ymkm0*yyfWNcs=WdJczR+NQ>3*B;N
zeFg&^CJ~`^8^2FW?0YGEy|2O0<mLRPiYO)~5yodB$CUpRiLLYJ6R_U>!ZvyTTP6T$
CUM%|n

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/keyIdentifier/authKeyIDCert b/nss/tests/libpkix/certs/keyIdentifier/authKeyIDCert
new file mode 100755
index 0000000000000000000000000000000000000000..7eae4863e189e2c1f41fc31b92b8e685a2e67213
GIT binary patch
literal 536
zcmXqLViGZEV!XV7nTe4JhzvN{*tOa`&RMW98(0}~1G&thENsF|p}~ey1`;3+m#|<+
zYH^8zb81mZW?E))Vo7STA-@4HNRC;U%_Z1T!P(J3PMp`k(7?pd($K`z+{hqGoYxSU
zYv513*(wG~5VNI0W(On|CFZ7<q!tw`c;;oK7G;*CrhqJLoP=;XBXeU515;x|dXM`p
z9<#<2%O6ta+#hyd5&oNQ>u_Suq=#0WAsaqTUs`Y>MSRKfnw2lrIaBX1SSs^}<(A#u
zr0fqoZyUq?V>M53L`w3+_jY{v-?QySDdRo?u9W-X)!jK^AA-+0ckJYx$zd~LJ>!d;
zMzL?hn9e6$Vzhe9r9E$=<G15A_i|<?Gw?00F{m<-1v*}qk420{Bv$2JSE$sdV<$Hq
z+TZnIlc&GcW@!U?khC(3gn?LtNQvlG6`8$psU7kUyE*IXUrBoSB^ro>6ezF=81NbJ
zuyG}{c`&8|<H~^1fDa_W&&c?ng#{?UX21{P3xoKq2FyST5gyFU1`GzeOri`cBJ&N)
rw<)|aoBi55k!!un+oD~XOd`2T5BK`2f77#;zdrX`WZY@hHl-T?Su>?3

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/keyIdentifier/subjKeyIDCert b/nss/tests/libpkix/certs/keyIdentifier/subjKeyIDCert
new file mode 100755
index 0000000000000000000000000000000000000000..a1f9e05f609830ad44b2669a5c944216276c28db
GIT binary patch
literal 906
zcmXqLVs0~NVtT)TnTe5!iHZH90WTY;R+~rLcV0$DR#pZB2SaWHPB!LH7B*p~&|pI;
z0|^j^OIR=@wYWsVIkl)HGc7YYu_U$FP}D#eB*!ew6H-(PlyuBX&d4t^kQ3)MFf=eR
zv@|p^H8(Pd66ZBU<{DTLZv#KjbzmFVT!I}HoE;6C7`Fql4jVhr$>%Is7=avlrp88w
z`%eY!ZoS-=Cvff6+(&b*Hn{I~VK^Rk;!NHJ<CZXYQ`>JLCmtVKyL(sZXMJOyWj_ty
zq(6Q-Gxv{X-m379B9ljb3=<wKUX#*y;G2zX|CSS89tLsstLBucao-j$Hg2AN;OORO
z=3njpi}GGssJF}T$LjVQ+-J&XIOVOGJmb(_y=oI~CQ*j-Y%DkacfV$M`7MThTJhg$
zsaE>zAg7&qShL~Wr1<1F7Q0<`-JN8zEpA_G^^L-Embq`zYOGn#ZTlSbkAG4q(|bRm
z)v>em^z*_#7re=OJ6mbT3gOc{bHrX9<myvYb6LvsbHSUW2L*;_GQM)RF7cAitNe2C
zr&*LmzTf+n;QQ%+&wP(e>Yp>`tU!Ov68<^c+2165-nYKaat3o_3j<SQgW#u~H}*Mc
zA8pw;kxAxHk5N(giX6r39bF>33{p!E$k;YzrY>JIp-M!ywfbrBp@csh&!?|H_(_k$
zD9hsbL_h02Hk=oJ7Upu?SNH5?ExEDR?ZWNArNO(}KmUqVZT7F{Dt)^0ap!W!@??j2
zZJm}&2Ma5>ZfA!}K7201Gw;YZBTK%;H3n4%vcTAs<zo?J5h)S9sv@&DF117cVK--8
z{VPcizeEFhkhC(3gn?Lt$nTshx{dQrsaMV8-C*--)}HqNp05nVK?)RD1Pu5Lc-XiS
z+B_Ijf$7+Q(SQ#m!OzI}pM?b|z-GV?;tPZLtOm?L3N4j01LMWYx=6lUXV;xKUuC0R
z&)L^6v467Z;IH{NxMF5JdRLchb?L;0M|%!jJFTH;Q08{_vMp0%$DA`IL917v4)}fK
z&eEb<<Cdwl8(7($zwD6{;Z9U|rLsI^+QDtdT>E1eEL;6ka*f7)RpG;RiubylB~`yJ
Wx0{#hB*_xAlCdt~L|2l4kQo3fPh;@_

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/keyUsage/decipherOnlyCert b/nss/tests/libpkix/certs/keyUsage/decipherOnlyCert
new file mode 100755
index 0000000000000000000000000000000000000000..11a132d10042a8d69a58286b8fad59c7b4afaacc
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6!3n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>8HES{NA{o0*zLp>WNk46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!UdHV`!6
z2gar>KO^IR7FK3vc7_I&RK~2&V4%Y!lI6O3^`~cL6QngxEZbOUsQ1hK^b#f!ro3dW
V_SSu7*_z&!&9f83&h-{)0RYVT2<HF*

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/keyUsage/encipherOnlyCert b/nss/tests/libpkix/certs/keyUsage/encipherOnlyCert
new file mode 100755
index 0000000000000000000000000000000000000000..9b93771199e5577d376bd19dfc64fe21a8e4d1c0
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6b`n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>8HES{NA{o0*zLp>WNk46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!UdHV`!6
z2gar>KO^IR7FK3vc18x2RK~2&V4%Y!68FQw{cg?^>HLe{hh~4Abx-A!#1AGBo#W9p
Vht58!G!^*Aa>Q%Ni#4`ingHir3?%>n

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/keyUsage/multiKeyUsagesCert b/nss/tests/libpkix/certs/keyUsage/multiKeyUsagesCert
new file mode 100755
index 0000000000000000000000000000000000000000..f9c83dc956164a2d37fe10b659237318f265c0c4
GIT binary patch
literal 742
zcmXqLVtQoI#58{aGZP~d6N~wtv^NIaZ0uTX9_K7rm{}PNJPo-GIN6v(S=fY`N{bD7
z47flXE@9^4(mX?6pjsf0TbLy^vA6^#$t}#Bl$>YCZ@>$ZWEN(tOe`+WEHaQ2=e4vn
zurRbVGBC6>HH#AGH822jEudT=lT51&ni#hNu@21Lj6jY&Q)45;-}>N2*-|0Rp!;5P
z^xiyq{!MUukj;A+hQo694ch|MGF@XGlmdT8+V)2L+JE%xE`x8UXNTroZ?tZZHOc>!
zmasj0X28-V^XI={sTNQ=<iC66^?%!sN&m18e|~JmGEsh(-_74HAC)`IWEvtIB{tFM
zTj}R@+KJb--hWbJmYjRhgYh_%D8uxGfPPVB?lYSv?QB}~x`q2ggv?iv)4o4k(0XmQ
z?Y+}`R>zp_2;W&bW&Q47R<D|VhWl{avNxp%Muzw8x)SOCtdL!xv0;m+SfTO@9}O|#
z?dLg-dQL2RXd_nD9a7V)@nG>fIql8MN+;$muIK)xXqxo#cTyFjiuIW#ANQ>YoY1+V
z`ToPGr}Nn+b*IHOREMgjF#1^kJMXE*+}OmxRG;kb|4sAhj75rnZ%v<Pe`<rcXK&YX
zHr{0w(=8*7ixw>{xoY+PSq=O3zP^iT#WO`%rhPTMR`l*t@Q(>wKOg>>vP){-0j^t<
zJdR#&sq^4WyBWBvBrK}Dt7q1nZ!JQJLV<UV`L|4YbGjn1xksTZxcbsIv-<(2Q{_(w
zgm&BiepG&XvATh(0Y5O6$nrBX{%2ujW@cZ)U?2n%5C#cw7_b2;CPoI7G|6nhV4%w+
xVl*f2xl(%RwvF5pKfZ4|d%^tv0YhMbcc~RATYNgp$zqyuOymJ~#O7^}830hL6&e5l

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/keyUsage/noKeyUsagesCert b/nss/tests/libpkix/certs/keyUsage/noKeyUsagesCert
new file mode 100755
index 0000000000000000000000000000000000000000..c58d9a2aa7d15b3f802213dcfe9f7718e2b4bf37
GIT binary patch
literal 675
zcmXqLVw!Kz#1y-LnTe5!iP6!3n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>8HES{fOenwc0!p>R#246KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!VYGGIVS
zRLuGe20Bb4iEkWS^*>eb>vXWtTX6X^Q>fUL!%QN|YLC|F6!1S>v^HmH*-U9!nN8>1
E0jP8a82|tP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/make-ca-u50-u51 b/nss/tests/libpkix/certs/make-ca-u50-u51
new file mode 100755
index 0000000..5d8f920
--- /dev/null
+++ b/nss/tests/libpkix/certs/make-ca-u50-u51
@@ -0,0 +1,37 @@
+#!/bin/sh
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+mkdir tmp
+cd tmp
+dd if=/dev/urandom bs=512 count=1 of=noise
+echo "" > pwfile
+
+certutil -d . -N -f pwfile
+
+certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -1 -v 600 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n u50 -s "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 50 -v 598
+
+certutil -S -z noise -g 1024 -d . -n u51 -s "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 51 -v 598
+
+certutil -d . -L -n ca -r > TestCA.ca.cert
+certutil -d . -L -n u50 -r > TestUser50.cert
+certutil -d . -L -n u51 -r > TestUser51.cert
+
+echo "Created multiple files in subdirectory tmp: TestCA.ca.cert TestUser50.cert TestUser51.cert"
diff --git a/nss/tests/libpkix/certs/make-nc b/nss/tests/libpkix/certs/make-nc
new file mode 100755
index 0000000..aaab1ed
--- /dev/null
+++ b/nss/tests/libpkix/certs/make-nc
@@ -0,0 +1,508 @@
+#!/bin/sh
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+mkdir tmp
+cd tmp
+dd if=/dev/urandom bs=512 count=1 of=noise
+echo "" > pwfile
+
+certutil -d . -N -f pwfile
+
+certutil -S -z noise -g 1024 -d . -n ca -s "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t C,C,C -x -m 1 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica -s "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 20 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+3
+.example
+1
+n
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server1 -s "CN=test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 40 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server2 -s "CN=another_test.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server3 -s "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 42 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica2 -s "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica -m 21 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server4 -s "CN=test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 50 -v 115 -1 -2 -5 -8 test.invalid <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server5 -s "CN=another_test2.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 51 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+
+certutil -S -z noise -g 1024 -d . -n server6 -s "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica2 -m 52 -v 115 -1 -2 -5 -8 test.example <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica3 -s "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 21 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+3
+foo.example
+1
+y
+5
+O=Foo,st=ca,c=us
+1
+n
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica4 -s "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US" -t ,, -c ica3 -m 61 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server7 -s "CN=bat.foo.example,ou=bar,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server8 -s "CN=bat.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 42 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server9 -s "CN=bat.foo.example,O=Foo,C=US" -t ,, -c ica4 -m 43 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server10 -s "CN=bar.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 44 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server11 -s "CN=site.example,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 45 -v 115 -1 -2 -5 -8 foo.example <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server12 -s "CN=Honest Achmed,O=Foo,ST=CA,C=US" -t ,, -c ica4 -m 46 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica5 -s "CN=NSS Intermediate CA 2,O=OtherOrg,ST=CA,C=US" -t ,, -c ica3 -m 62 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server13 -s "CN=bat.foo.example,O=OtherOrg,ST=CA,C=US" -t ,, -c ica5 -m 41 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server14 -s "CN=another.foo.example,O=Foo,ST=CA,C=US" -t ,, -c ica5 -m 490 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ncca -s "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,ST=CA,C=US" -t C,C,C -x -m 2 -w -1 -v 118 -1 -2 -5 --extNC <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+3
+.example
+1
+n
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n ica6 -s "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US" -t ,, -c ncca -m 63 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server15 -s "CN=testfoo.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 64 -v 115 -1 -2 -5 -8 testfoo.invalid <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server16 -s "CN=another_test3.invalid,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 65 -v 115 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+certutil -S -z noise -g 1024 -d . -n server17 -s "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ica6 -m 66 -v 115 -1 -2 -5 -8 test4.example <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+#DCISS copy certs
+certutil -S -z noise -g 2048 -d . -n dcisscopy -s "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR" -t C,C,C -x -m 998899 -w -2 -v 120 -1 -2 -5 <<CERTSCRIPT
+5
+6
+9
+n
+y
+
+n
+5
+6
+7
+9
+n
+CERTSCRIPT
+
+#the following cert MUST not pass
+certutil -S -z noise -g 2048 -d . -n dcissblocked -s "CN=foo.example.com,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998900 -v 120 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+#the following cert MUST pass
+certutil -S -z noise -g 2048 -d . -n dcissallowed -s "CN=foo.example.fr,O=Foo,ST=CA,C=US" -t ,, -c dcisscopy -m 998901 -v 120 -1 -2 -5 <<CERTSCRIPT
+0
+2
+3
+4
+9
+n
+n
+
+y
+0
+1
+9
+n
+CERTSCRIPT
+
+
+
+certutil -d . -L -n ca -r > NameConstraints.ca.cert
+certutil -d . -L -n ica -r > NameConstraints.intermediate.cert
+certutil -d . -L -n server1 -r > NameConstraints.server1.cert
+certutil -d . -L -n server2 -r > NameConstraints.server2.cert
+certutil -d . -L -n server3 -r > NameConstraints.server3.cert
+certutil -d . -L -n ica2 -r > NameConstraints.intermediate2.cert
+certutil -d . -L -n server4 -r > NameConstraints.server4.cert
+certutil -d . -L -n server5 -r > NameConstraints.server5.cert
+certutil -d . -L -n server6 -r > NameConstraints.server6.cert
+certutil -d . -L -n ica3 -r > NameConstraints.intermediate3.cert
+certutil -d . -L -n ica4 -r > NameConstraints.intermediate4.cert
+certutil -d . -L -n server7 -r > NameConstraints.server7.cert
+certutil -d . -L -n server8 -r > NameConstraints.server8.cert
+certutil -d . -L -n server9 -r > NameConstraints.server9.cert
+certutil -d . -L -n server10 -r > NameConstraints.server10.cert
+certutil -d . -L -n server11 -r > NameConstraints.server11.cert
+certutil -d . -L -n server11 -r > NameConstraints.server11.cert
+certutil -d . -L -n server12 -r > NameConstraints.server12.cert
+certutil -d . -L -n ica5 -r > NameConstraints.intermediate5.cert
+certutil -d . -L -n server13 -r > NameConstraints.server13.cert
+certutil -d . -L -n server14 -r > NameConstraints.server14.cert
+certutil -d . -L -n ncca -r > NameConstraints.ncca.cert
+certutil -d . -L -n ica6 -r > NameConstraints.intermediate6.cert
+certutil -d . -L -n server15 -r > NameConstraints.server15.cert
+certutil -d . -L -n server16 -r > NameConstraints.server16.cert
+certutil -d . -L -n server17 -r > NameConstraints.server17.cert
+certutil -d . -L -n dcisscopy -r >  NameConstraints.dcisscopy.cert
+certutil -d . -L -n dcissblocked -r >  NameConstraints.dcissblocked.cert
+certutil -d . -L -n dcissallowed -r >  NameConstraints.dcissallowed.cert
+
+echo "Created multiple files in subdirectory tmp: NameConstraints.ca.cert NameConstraints.intermediate.cert NameConstraints.server1.cert NameConstraints.server2.cert NameConstraints.server3.cert NameConstraints.intermediate2.cert NameConstraints.server4.cert NameConstraints.server5.cert NameConstraints.server6.cert"
diff --git a/nss/tests/libpkix/certs/noExtensionsCert b/nss/tests/libpkix/certs/noExtensionsCert
new file mode 100755
index 0000000000000000000000000000000000000000..f3dc1c9731cdf3afec6dd1e942e6b46c2fda44df
GIT binary patch
literal 680
zcmXqLVp?L*#FV&znTe5!iP6D;n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>8HC8yFcGm>8Nyp>YlD4fzdtA!e~vCKeZG
z7U4AyrkYt8s@kB5aXS#}z}&|O<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(Z
zEN9=aEl@4fHP%5X@OPwbZ^W<tN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B
z0i{F!yH{TSxBZy(59{#f$5t#8<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXd
zxfeYck28rfOiu{t7ggpyvuV=KrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8
z@BU@=s_AFA54SCQQ+i-zc;Buok^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKC
zHN6@S7O#`j-n^`IV&39<?q7<gNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQ
zsA>wMkM+Ovo?6U}EeuSJ4ZM?roA&Sd{5@BD&zEm@2m8agrap@C<$ru6=$^y0+tNh_
zhKDbi_D(G@uximQkMTKU!fn5QwZ@G}7c9dILTB_w?Xg~6SXywJ<-1?_jf*u}3uY`?
zrSZ7&&Z^m~*5x(a5xcAY`TMhJrMV^gExb*JO;ZF@r_|-1oy?v&`GD<l+n6=G7c&_!
zpd>72AYT_4ZWFY3&hwiRDP&PlF)cwsYn9i+&ySfzDsFz`eZ;1A;4dG8aI;rh<>bcC
Fb^wH|2XO!Z

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/nss2alice b/nss/tests/libpkix/certs/nss2alice
new file mode 100755
index 0000000000000000000000000000000000000000..48172a5ed51a3e364dc18ab8a8f02a8f980df5e0
GIT binary patch
literal 602
zcmXqLVhS^8V%)!gnTe5!iILfWmyJ`a&7<u*FC!xhD}zCbA-4f18*?ZNn=n&ou%WPl
zAc(^u%;lVzlbM!Zl$V)kC}to65@Z+V_02EMD@n}EQwYmUEjJW05CDmD33EF6yN3oV
z_yq?WiWmri#F&M-fjotf)Z!8aXGa4$ab5#sLqkJjLo*XI1LG(l*V4cU&NZl`vMb~a
zWZ>T9WEA6f%*jknbx6ujFD=$f&d)XEGvI-^k`*jt&^RACTo_pym>YW;3>rI`8XFlt
z%}Mfk6#YNvx^Cr>Sf}FBMw`Z$tFs(L6I-L7o#Z|GbHo3C&*wc#h!DCI6VX4tSZG_j
z95Y+Q^t9D1IoIy=*}uM+n$N5i_uA!3|MYddp{p+EKc8;7WX*}(pL=eYr)?Jd`=l)2
z^!C4Vr7QeG+8%$|`t;iM8>{>7FS+)9<0}C_jc8paW<~}^Waj~+jTz{!-j1h7H9Y6e
zS~fGunECvY>L(ZXzr3-r_1!=FzbZGqwru&d*eYOY0LQBEv;`a+E{R0!uvoD$OZmJ}
z_351}6zgpdURA#n&-2e>vXEHa&q(_@Ee}hZ8MHjk?fVmS!gT$HUgkyn*0C$hOW8kr
c>(32lc9}C)-wiQwpU*4K<!+X){Bp^60DKG4fdBvi

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/publicKey/dsaWithParams b/nss/tests/libpkix/certs/publicKey/dsaWithParams
new file mode 100755
index 0000000000000000000000000000000000000000..a1f9e05f609830ad44b2669a5c944216276c28db
GIT binary patch
literal 906
zcmXqLVs0~NVtT)TnTe5!iHZH90WTY;R+~rLcV0$DR#pZB2SaWHPB!LH7B*p~&|pI;
z0|^j^OIR=@wYWsVIkl)HGc7YYu_U$FP}D#eB*!ew6H-(PlyuBX&d4t^kQ3)MFf=eR
zv@|p^H8(Pd66ZBU<{DTLZv#KjbzmFVT!I}HoE;6C7`Fql4jVhr$>%Is7=avlrp88w
z`%eY!ZoS-=Cvff6+(&b*Hn{I~VK^Rk;!NHJ<CZXYQ`>JLCmtVKyL(sZXMJOyWj_ty
zq(6Q-Gxv{X-m379B9ljb3=<wKUX#*y;G2zX|CSS89tLsstLBucao-j$Hg2AN;OORO
z=3njpi}GGssJF}T$LjVQ+-J&XIOVOGJmb(_y=oI~CQ*j-Y%DkacfV$M`7MThTJhg$
zsaE>zAg7&qShL~Wr1<1F7Q0<`-JN8zEpA_G^^L-Embq`zYOGn#ZTlSbkAG4q(|bRm
z)v>em^z*_#7re=OJ6mbT3gOc{bHrX9<myvYb6LvsbHSUW2L*;_GQM)RF7cAitNe2C
zr&*LmzTf+n;QQ%+&wP(e>Yp>`tU!Ov68<^c+2165-nYKaat3o_3j<SQgW#u~H}*Mc
zA8pw;kxAxHk5N(giX6r39bF>33{p!E$k;YzrY>JIp-M!ywfbrBp@csh&!?|H_(_k$
zD9hsbL_h02Hk=oJ7Upu?SNH5?ExEDR?ZWNArNO(}KmUqVZT7F{Dt)^0ap!W!@??j2
zZJm}&2Ma5>ZfA!}K7201Gw;YZBTK%;H3n4%vcTAs<zo?J5h)S9sv@&DF117cVK--8
z{VPcizeEFhkhC(3gn?Lt$nTshx{dQrsaMV8-C*--)}HqNp05nVK?)RD1Pu5Lc-XiS
z+B_Ijf$7+Q(SQ#m!OzI}pM?b|z-GV?;tPZLtOm?L3N4j01LMWYx=6lUXV;xKUuC0R
z&)L^6v467Z;IH{NxMF5JdRLchb?L;0M|%!jJFTH;Q08{_vMp0%$DA`IL917v4)}fK
z&eEb<<Cdwl8(7($zwD6{;Z9U|rLsI^+QDtdT>E1eEL;6ka*f7)RpG;RiubylB~`yJ
Wx0{#hB*_xAlCdt~L|2l4kQo3fPh;@_

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/publicKey/dsaWithoutParams b/nss/tests/libpkix/certs/publicKey/dsaWithoutParams
new file mode 100755
index 0000000000000000000000000000000000000000..7eae4863e189e2c1f41fc31b92b8e685a2e67213
GIT binary patch
literal 536
zcmXqLViGZEV!XV7nTe4JhzvN{*tOa`&RMW98(0}~1G&thENsF|p}~ey1`;3+m#|<+
zYH^8zb81mZW?E))Vo7STA-@4HNRC;U%_Z1T!P(J3PMp`k(7?pd($K`z+{hqGoYxSU
zYv513*(wG~5VNI0W(On|CFZ7<q!tw`c;;oK7G;*CrhqJLoP=;XBXeU515;x|dXM`p
z9<#<2%O6ta+#hyd5&oNQ>u_Suq=#0WAsaqTUs`Y>MSRKfnw2lrIaBX1SSs^}<(A#u
zr0fqoZyUq?V>M53L`w3+_jY{v-?QySDdRo?u9W-X)!jK^AA-+0ckJYx$zd~LJ>!d;
zMzL?hn9e6$Vzhe9r9E$=<G15A_i|<?Gw?00F{m<-1v*}qk420{Bv$2JSE$sdV<$Hq
z+TZnIlc&GcW@!U?khC(3gn?LtNQvlG6`8$psU7kUyE*IXUrBoSB^ro>6ezF=81NbJ
zuyG}{c`&8|<H~^1fDa_W&&c?ng#{?UX21{P3xoKq2FyST5gyFU1`GzeOri`cBJ&N)
rw<)|aoBi55k!!un+oD~XOd`2T5BK`2f77#;zdrX`WZY@hHl-T?Su>?3

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/publicKey/labs2yassir b/nss/tests/libpkix/certs/publicKey/labs2yassir
new file mode 100755
index 0000000000000000000000000000000000000000..f5fe261157c1d97f2dc22152fb4f01be6288de45
GIT binary patch
literal 676
zcmXqLVp?F(#1y-LnTe5!iP6n~n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!VYGGIVS
zRLnrWE->6W7jdQJFn!9;;MgEhtX5jv%dWSWNkr%EPls1*NxW0nD4lzFxmTKZ!M_{;
DJ7xtt

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/publicKey/yassir2labs b/nss/tests/libpkix/certs/publicKey/yassir2labs
new file mode 100755
index 0000000000000000000000000000000000000000..f943854036351233a5ca99e5f8dcd6e54ab95191
GIT binary patch
literal 676
zcmXqLVp?F(#1yxHnTe5!iP7DFn~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=BeX2F3=4hNdPaCWcWc
zT%#xhE#eI~Xky#}#5ypyF#<XAOpT2Uf9r!AWlM!LgYJ9H(R=gc`8UDsK{oGQ7!J$X
zH*5=3%XE!(PzwAVY1<p|YyZ)&y9~aao*kNVz0tZs)+GN^TEh11nE^|e%%A^)rCLDg
zkpJ$L*Z*xlCjG-Y{Q0pJ%S8EEem8%+d{pi*lWB->l-NY0Z>68tX(wLSdjCm@S#s`0
z560t6q72g$0{TUjxzB8xw6kf^>lW@05i(yvPW%3FLF={Iw)al&Ssi1xBYbD&l=ZuR
zS-ood8ScYv%ife87#ZHT>q?~mvqE-(#)d7PVui{td^E&_x1Z-U>N&COp^aEocSudI
z#)HM{<g_<0E1j6PxSso$qG{5{-$_-BD%NL~eB8Gpa6;#b=KBw$p3Y~R)SVXBP#vn8
z!suiD@4TlLb7Lz5$Q^eMgq{*otv8+T&hWcY|M!KSXJ;QvuVWDWugDR7s;=+&^11#F
zbDF-bpR@CQU4)G3Rpno&57k<|vW)n=l<A6>Z&Jcpo6{a&w-+7J{<CKDp{wF0-*_G^
z_sfyVPrM=}`zz9VnUGmSq{p;F9Q(A5Z}M|3*Vg}Uc73JPK_AT(1+1$U_AO>IU_eP#
z%=!!lI!q$Dz891i?0fBTW7=<j{=}2dkETpXXA)ugv+rf5;=*iii~5BN&Hr>&zu#j6
E0G>t&1^@s6

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/sun2sun b/nss/tests/libpkix/certs/sun2sun
new file mode 100755
index 0000000000000000000000000000000000000000..c75192be173c0eb85c0d49214e6c1012d7cc7c26
GIT binary patch
literal 666
zcmXqLVwz^q#1y=MnTe5!iILran~hzo&EuQ}3o|Q&fwUpF0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*PfC(dhNVrXP&U}#}tZeSP%<eC~7!@2l1H!*HEXkyfXS;h$D$TKxIGW@L%
zZj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_bP%YCn)<G%occg7^#IOBFzwR>lc6xSb
z&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^S6=_O{h0I*>+t8tRxA_cXZhXy?ebB%
z!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{Gl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU
z1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5>1VhPw=H{9dSGOD->xf>{?7{81sWT+
zc#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|uanc>ysUI$-r{=hUy7zlAAcuRF{)Uf
zS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|^}q9;TFi|t3`~s;aTzvuel6=h*>_xK
zMP%(cMX?IOt$PGk2mM+t{%rRuQJXfQDT<fg_Dr?hyLjRpwF?tg+UW93Uo>G>6`%Nw
zEk{ZN>l4i7&z8n-U&Z)PgTc#U`TgWbrf*By^EDWqqgVa@rmiC%qHZc#?zmyc{%4MD
zOX_ZZpIFYaG1ef-=ihtI%XTLgs~e~q@B`C<EI%XTe->6|X7)b}20|bKVUPfa0UMBF
zVq`=~O3Vff2D(flzV<JU1^1gPte0E-W1iNOS&?^y5`aP8B*^!LSG#hWoAf1yXdBU_
IMjz2t05ISDtpET3

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/yassir2bcn b/nss/tests/libpkix/certs/yassir2bcn
new file mode 100755
index 0000000000000000000000000000000000000000..f9c83dc956164a2d37fe10b659237318f265c0c4
GIT binary patch
literal 742
zcmXqLVtQoI#58{aGZP~d6N~wtv^NIaZ0uTX9_K7rm{}PNJPo-GIN6v(S=fY`N{bD7
z47flXE@9^4(mX?6pjsf0TbLy^vA6^#$t}#Bl$>YCZ@>$ZWEN(tOe`+WEHaQ2=e4vn
zurRbVGBC6>HH#AGH822jEudT=lT51&ni#hNu@21Lj6jY&Q)45;-}>N2*-|0Rp!;5P
z^xiyq{!MUukj;A+hQo694ch|MGF@XGlmdT8+V)2L+JE%xE`x8UXNTroZ?tZZHOc>!
zmasj0X28-V^XI={sTNQ=<iC66^?%!sN&m18e|~JmGEsh(-_74HAC)`IWEvtIB{tFM
zTj}R@+KJb--hWbJmYjRhgYh_%D8uxGfPPVB?lYSv?QB}~x`q2ggv?iv)4o4k(0XmQ
z?Y+}`R>zp_2;W&bW&Q47R<D|VhWl{avNxp%Muzw8x)SOCtdL!xv0;m+SfTO@9}O|#
z?dLg-dQL2RXd_nD9a7V)@nG>fIql8MN+;$muIK)xXqxo#cTyFjiuIW#ANQ>YoY1+V
z`ToPGr}Nn+b*IHOREMgjF#1^kJMXE*+}OmxRG;kb|4sAhj75rnZ%v<Pe`<rcXK&YX
zHr{0w(=8*7ixw>{xoY+PSq=O3zP^iT#WO`%rhPTMR`l*t@Q(>wKOg>>vP){-0j^t<
zJdR#&sq^4WyBWBvBrK}Dt7q1nZ!JQJLV<UV`L|4YbGjn1xksTZxcbsIv-<(2Q{_(w
zgm&BiepG&XvATh(0Y5O6$nrBX{%2ujW@cZ)U?2n%5C#cw7_b2;CPoI7G|6nhV4%w+
xVl*f2xl(%RwvF5pKfZ4|d%^tv0YhMbcc~RATYNgp$zqyuOymJ~#O7^}830hL6&e5l

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/certs/yassir2yassir b/nss/tests/libpkix/certs/yassir2yassir
new file mode 100755
index 0000000000000000000000000000000000000000..8444af5a3eeb8d74cea242e0a1eba3f1e1f6e12b
GIT binary patch
literal 760
zcmXqLV)|mx#I$JvGZP~d6N~wt)b$43Z0uTX9_K7rm{}PNJPo-GIN6v(S=fY`N{bD7
z47flXE@9^4(mX?6pjsf0TbLy^vA6^#$t}#Bl$>YCZ@>$ZWEN(tOe`+WEHaQ2=e4vn
zurRbVGB7kTwu}<zH822jEudU#TGhn3-Jpq42j&q*AV;35v610#eQ={}sgP#SeXlus
zZ=O8=Cb&Jw=DiEUVLAJTZGmc;uCWeEfxjbddn11BKl*i-!MD@1LvyY-S~tj=<bO&_
z*q%KzVCj<i^Ix!33n(4(-@WqszwO7Qe^`e<Kel3-C_l^Z=5Lpe${l7h4H1qKn`rc{
z^z%CH#Oqq`KPfRw&b{ctc$`U;VR}M9zo;_znN5>+HZ6MH!u=sa<}1i)-ybe$y*AtS
z-swH7W6XAh@2s4%e)lh{S4}^|eYkDeo6-X#!~1q!iS&O~$S%;>u*FlXQ2B+AhM4g7
z^PEOKCzd_55v%GBsp-{tuy~!E_U2`!6Z00=bN^B_P5Ssdsftm>`plA#`&I-_=v>i!
z|6$bA`D~NA)8ZPcLse54eXReT_tau;Y++z(Y~VVx<ju7X*F!4VycHjtKF8S^#{N#Z
z$`)rS_K~ag;{S_FN{&9;uxql+yUf6S*2~gd0=9gJ<GVYbqwwFtiF#M&Wp6srWHT{G
zV#Ccni#;aVcSkZNGBB-HGTc*>!#n@&KI3OGF7uKMrvAuPy8g7)XTyxVwP#LQuRZ<i
z`+RfZ@24Iq?OLpEplZMmOgOUqjEw(TSecpGmoOLzfdqs>0vrZxK#GZx0VSC->oXYW
yFo{HUPqEil>GKh_V6d5|J3~l6M{N<4h*;SEuX__-7mBM*ke@z3u-NQIvM~V8eHEqv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/common/libpkix_init.sh b/nss/tests/libpkix/common/libpkix_init.sh
new file mode 100644
index 0000000..01eb070
--- /dev/null
+++ b/nss/tests/libpkix/common/libpkix_init.sh
@@ -0,0 +1,324 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# libpkix_init.sh
+#
+
+### when the script is exiting, handle it in the Cleanup routine...the result
+### value will get set to 0 if all the tests completed successfully, so we can
+### use that value in the handler
+
+trap 'Cleanup' EXIT
+
+result=1
+checkmem=0
+arenas=0
+quiet=0
+
+doNIST=1
+doNIST_PDTest=0
+doPD=0
+doTop=0
+doModule=0
+doPki=0
+doOCSP=0
+doOCSPTest=0
+
+combinedErrors=0
+totalErrors=0
+prematureTermination=0
+errors=0
+
+if [ -z "${INIT_SOURCED}" ] ; then
+    libpkixCommondir=`pwd`
+    cd ../../common
+    . ./init.sh > /dev/null
+    cd ${libpkixCommondir}
+fi
+
+DIST_BIN=${DIST}/${OBJDIR}/bin
+
+### setup some defaults
+WD=`pwd`
+prog=`basename $0`
+testOut=${HOSTDIR}/${prog}.$$
+testOutMem=${HOSTDIR}/${prog}_mem.$$
+
+####################
+# cleanup from tests
+####################
+Cleanup()
+{
+    if [ ${testOut} != "" ]; then
+        rm -f ${testOut}
+    fi
+
+    if [ ${testOutMem} != "" ]; then
+        rm -f ${testOutMem}
+    fi
+
+    if [ -d ../../nist_pkits/certs ]; then
+        rm -f ../../nist_pkits/certs
+    fi
+
+    if [ ${doTop} -eq 1 ]; then
+        for i in ${linkMStoreNistFiles}; do
+            if [ -f ${HOSTDIR}/rev_data/multiple_certstores/$i ]; then
+                rm -f ${HOSTDIR}/rev_data/multiple_certstores/$i
+            fi
+        done
+        if [ -d ${HOSTDIR}/rev_data/multiple_certstores ]; then
+            rm -fr ${HOSTDIR}/rev_data/multiple_certstores
+        fi
+    fi
+
+    if [ ${doModule} -eq 1 ]; then
+        for i in ${linkModuleNistFiles}; do
+            if [ -f ${HOSTDIR}/rev_data/local/$i ]; then
+                rm -f ${HOSTDIR}/rev_data/local/$i
+            fi
+        done
+        for i in ${localCRLFiles}; do
+            if [ -f ${HOSTDIR}/rev_data/local/$i ]; then
+                rm -f ${HOSTDIR}/rev_data/local/$i
+            fi
+        done
+    fi
+
+    if [ ${doPki} -eq 1 ]; then
+        for i in ${linkPkiNistFiles}; do
+            if [ -f ${HOSTDIR}/rev_data/local/$i ]; then
+                rm -f ${HOSTDIR}/rev_data/local/$i
+            fi
+        done
+    fi
+
+    return ${result}
+}
+
+### ParseArgs
+ParseArgs() # args
+{
+    while [ $# -gt 0 ]; do
+        if [ $1 = "-checkmem" ]; then
+            checkmem=1
+        elif [ $1 = "-quiet" ]; then
+            quiet=1
+        elif [ $1 = "-arenas" ]; then
+            arenas=1
+        fi
+        shift
+    done
+}
+
+Display() # string
+{
+    if [ ${quiet} -eq 0 ]; then
+        echo "$1"
+    fi
+}
+
+testHeadingEcho()
+{
+    echo "*******************************************************************************"
+    echo "START OF TESTS FOR ${testunit}${memText}"
+    echo "*******************************************************************************"
+    echo ""
+}
+
+testEndingEcho()
+{
+    if [ ${totalErrors} -eq 0 ]; then
+        echo ""
+        echo "************************************************************"
+        echo "END OF TESTS FOR ${testunit}: ALL TESTS COMPLETED SUCCESSFULLY"
+        echo "************************************************************"
+        echo ""
+        return 0
+    fi
+
+    if [ ${totalErrors} -eq 1 ]; then
+        plural=""
+    else
+        plural="S"
+    fi
+
+    echo ""
+    echo "************************************************************"
+    echo "END OF TESTS FOR ${testunit}: ${totalErrors} TEST${plural} FAILED"
+    echo "************************************************************"
+    echo ""
+    return ${totalErrors}
+}
+
+###########
+# RunTests
+###########
+RunTests()
+{
+    errors=0
+    memErrors=0
+    prematureErrors=0
+
+    failedpgms=""
+    failedmempgms=""
+    failedprematurepgms=""
+    memText=""
+    arenaCmd=""
+
+    if [ ${checkmem} -eq 1 ]; then
+            memText="   (Memory Checking Enabled)"
+    fi
+
+    if [ ${arenas} -eq 1 ]; then
+            arenaCmd="-arenas"
+    fi
+
+    #
+    # Announce start of tests
+    #
+    Display "*******************************************************************************"
+    Display "START OF TESTS FOR PKIX ${testunit} ${memText}"
+    Display "*******************************************************************************"
+    Display ""
+
+    # run each test specified by the input redirection below
+
+    while read testPgm args; do
+
+        shortTestPurpose=`echo $args | awk '{print $1 " " $2 " "}'`
+        fullTestPurpose=${args}
+        if [ ${doTop} -eq 1 -o ${doModule} -eq 1 -o ${doPki} -eq 1 ]; then
+            testPurpose=${shortTestPurpose}
+        else
+            testPurpose=${fullTestPurpose}
+        fi
+
+        # If we want shorter command printout for NIST tests, delete next line
+        testPurpose=${fullTestPurpose}
+
+        # Skip OCSP tests if OCSP is not defined in the environment
+        if [ ${doOCSPTest} -eq 0 ]; then
+            hasOCSP=`echo ${args} | grep OCSP-Test`
+            if [ ! -z "${hasOCSP}" ]; then
+                Display "SKIPPING ${testPgm} ${testPurpose}"
+	        continue
+	    fi
+        fi
+
+        if [ ${doNIST} -eq 0 ]; then
+            hasNIST=`echo ${args} | grep NIST-Test`
+            if [ ! -z "${hasNIST}" ]; then
+                Display "SKIPPING ${testPgm} ${testPurpose}"
+	        continue
+	    fi
+        fi
+
+        # This "if" is not reached when doNIST is not set. The assumption
+        # is that NIST tests are basic, NIST Path Discovery tests are
+        # additional
+        if [ ${doNIST_PDTest} -eq 0 ]; then
+            hasNIST=`echo ${args} | grep NIST-PDTest`
+            if [ ! -z "${hasNIST}" ]; then
+                Display "SKIPPING ${testPgm} ${testPurpose}"
+	        continue
+	    fi
+        fi
+
+        Display "RUNNING ${testPgm} ${arenaCmd} ${testPurpose}"
+
+        numtests=`expr ${numtests} + 1`
+
+        if [ ${checkmem} -eq 1 ]; then
+            dbx -C -c "runargs ${arenaCmd} ${args};check -all;run;exit" ${DIST_BIN}/${testPgm} > ${testOut} 2>&1
+        else
+            ${DIST_BIN}/${testPgm} ${arenaCmd} ${args} > ${testOut} 2>&1
+        fi
+
+        # Examine output file to see if test failed and keep track of number
+        # of failures and names of failed tests. This assumes that the test
+        # uses our utility library for displaying information
+
+        cat ${testOut} | tail -2 | grep "COMPLETED SUCCESSFULLY" >/dev/null 2>&1
+        
+        if [ $? -ne 0 ]; then
+            testFail=1
+            errors=`expr ${errors} + 1`
+            failedpgms="${failedpgms}\n${testPgm} ${testPurpose} "
+#            cat ${testOut}
+        else
+            testFail=0
+            passed=`expr ${passed} + 1`
+        fi
+        cat ${testOut}
+        html_msg ${testFail} 0 "${testPgm} ${arenaCmd} ${shortTestPurpose}"
+
+        if [ ${checkmem} -eq 1 ]; then
+            grep "(actual leaks:" ${testOut} > ${testOutMem} 2>&1
+            if [ $? -ne 0 ]; then
+                prematureErrors=`expr ${prematureErrors} + 1`
+                failedprematurepgms="${failedprematurepgms}${testPgm} "
+                Display "...program terminated prematurely (unable to check for memory leak errors) ..."
+            else
+                #grep "(actual leaks:         0" ${testOut} > /dev/null 2>&1
+                # special consideration for memory leak in NSS_NoDB_Init
+                grep  "(actual leaks:         1  total size:       4 bytes)" ${testOut} > /dev/null 2>&1
+                if [ $? -ne 0 ]; then
+                    memErrors=`expr ${memErrors} + 1`
+                    failedmempgms="${failedmempgms}${testPgm} "
+                    cat ${testOutMem}
+                fi
+            fi
+        fi
+
+    done
+
+    if [ ${errors} -eq 0 ]; then
+        if [ ${memErrors} -eq 0 ]; then
+            Display ""
+            Display "************************************************************"
+            Display "END OF TESTS FOR PKIX ${testunit}: ALL TESTS COMPLETED SUCCESSFULLY"
+            Display "************************************************************"
+            Display ""
+            return 0
+        fi
+    fi
+
+    if [ ${errors} -eq 1 ]; then
+        plural=""
+    else
+        plural="S"
+    fi
+
+    Display ""
+    Display "*******************************************************************************"
+    Display "END OF TESTS FOR PKIX ${testunit}: ${errors} UNIT TEST${plural} FAILED: ${failedpgms}"
+    Display ""
+    if [ ${checkmem} -eq 1 ]; then
+        if [ ${memErrors} -eq 1 ]; then
+            memPlural=""
+        else
+            memPlural="S"
+        fi
+        Display "                          ${memErrors} MEMORY LEAK TEST${memPlural} FAILED: ${failedmempgms}"
+        
+        if [ ${prematureErrors} -ne 0 ]; then
+            if [ ${prematureErrors} -eq 1 ]; then
+                prematurePlural=""
+            else
+                prematurePlural="S"
+            fi
+            Display "                          ${prematureErrors} MEMORY LEAK TEST${prematurePlural} INDETERMINATE: ${failedprematurepgms}"
+        fi
+
+    fi
+    Display "*******************************************************************************"
+    Display ""
+    combinedErrors=`expr ${errors} + ${memErrors} + ${prematureErrors}`
+
+    return ${combinedErrors}
+
+}
diff --git a/nss/tests/libpkix/common/libpkix_init_nist.sh b/nss/tests/libpkix/common/libpkix_init_nist.sh
new file mode 100644
index 0000000..d4dfd2a
--- /dev/null
+++ b/nss/tests/libpkix/common/libpkix_init_nist.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# libpkix_init_nist.sh
+#
+
+#
+# Any test that uses NIST files should have a tag of either NIST-Test or
+# NIST-Test-Files-Used at the command option so if there are no NIST files
+# installed in the system, the test can be skipped
+#
+
+if [ -z "${NIST_FILES_DIR}" ] ; then
+    Display ""
+    Display "*******************************************************************************"
+    Display "The environment variable NIST_FILES_DIR is not defined. Therefore"
+    Display "tests depending on it will be skipped. To enable these tests set"
+    Display "NIST_FILES_DIR to the directory where NIST Certificates and CRLs"
+    Display "are located." 
+    Display "*******************************************************************************"
+    Display ""
+    doNIST=0
+else
+
+    NIST=${NIST_FILES_DIR}
+    doNIST=1
+fi
+
+#
+# Any tests that use NIST Path Discovery files should have a tag of NIST-PDTest
+# at the command option so if there are no NIST Path Discovery files
+# installed in the system, the test can be skipped
+#
+if [ ${doPD} -eq 1 -a -z "${PDVAL}" ] ; then
+
+    Display ""
+    Display "*******************************************************************************"
+    Display "The environment variable PDVAL is not defined. Therefore tests"
+    Display "depending on it will be skipped. To enable these tests set PDVAL to"
+    Display "the directory where NIST Path Discovery Certificates are located." 
+    Display "*******************************************************************************"
+    Display ""
+    doNIST_PDTest=0
+else
+
+    NIST_PDTEST=${PDVAL}
+    doNIST_PDTest=1
+fi
+
+#
+# Any tests that use an OCSP Server should have a tag of OCSP-Test at the
+# command option so if there is no OCSP Server installed in the system, the
+# test can be skipped
+#
+if [  ${doOCSP} -eq 1 -a -z "${OCSP}" ] ; then
+
+    Display ""
+    Display "*******************************************************************************"
+    Display "The environment variable OCSP is not defined. Therefore tests"
+    Display "depending on it will be skipped. To enable these tests set OCSP"
+    Display "non-NULL (the actual URI used is taken from the AIA extension)." 
+    Display "*******************************************************************************"
+    Display ""
+    doOCSPTest=0
+else
+    doOCSPTest=1
+fi
diff --git a/nss/tests/libpkix/libpkix.sh b/nss/tests/libpkix/libpkix.sh
new file mode 100755
index 0000000..25d38cc
--- /dev/null
+++ b/nss/tests/libpkix/libpkix.sh
@@ -0,0 +1,139 @@
+#! /bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+totalErrors=0
+pkixErrors=0
+pkixplErrors=0
+checkMemArg=""
+arenasArg=""
+quietArg=""
+memText=""
+
+############################## libpkix_init ###############################
+# local shell function to initialize this script
+########################################################################
+libpkix_init()
+{
+  SCRIPTNAME="libpkix.sh"
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  LIBPKIX_CURDIR=`pwd`
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  cd ${LIBPKIX_CURDIR}
+
+  SCRIPTNAME="libpkix.sh"
+}
+
+############################## libpkix_cleanup ############################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+libpkix_cleanup()
+{
+  html "</TABLE><BR>" 
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+############################## libpkix_UT_main ############################
+# local shell function to run libpkix unit tests
+########################################################################
+ParseArgs ()
+{
+    while [ $# -gt 0 ]; do
+        if [ $1 == "-checkmem" ]; then
+            checkMemArg=$1
+            memText="   (Memory Checking Enabled)"
+        elif [ $1 == "-quiet" ]; then
+            quietArg=$1
+        elif [ $1 == "-arenas" ]; then
+            arenasArg=$1
+        fi
+        shift
+    done
+}
+
+libpkix_UT_main()
+{
+
+html_head "LIBPKIX Unit Tests"
+
+ParseArgs 
+
+echo "*******************************************************************************"
+echo "START OF ALL TESTS${memText}"
+echo "*******************************************************************************"
+echo ""
+
+echo "RUNNING tests in pkix_pl_test";
+html_msg 0 0 "Running tests in pkix_pl_test:"
+cd pkix_pl_tests;
+runPLTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+pkixplErrors=$?
+html_msg $? 0 "Results of tests in pkix_pl_test"
+
+echo "RUNNING tests in pkix_test";
+html_msg 0 0 "Running tests in pkix_test:"
+cd ../pkix_tests;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+pkixErrors=$?
+html_msg $? 0 "Results of tests in pkix_test"
+
+echo "RUNNING performance tests in sample_apps";
+html_msg 0 0 "Running performance tests in sample_apps:"
+cd ../sample_apps;
+runPerf.sh ${arenasArg} ${checkMemArg} ${quietArg}
+pkixPerfErrors=$?
+html_msg $? 0 "Results of performance tests in sample_apps"
+
+totalErrors=`expr ${pkixErrors} + ${pkixplErrors} + ${pkixPerfErrors}`
+
+if [ ${totalErrors} -eq 0 ]; then
+    echo ""
+    echo "************************************************************"
+    echo "END OF ALL TESTS: ALL TESTS COMPLETED SUCCESSFULLY"
+    echo "************************************************************"
+    html_msg ${totalErrors} 0 "ALL LIBPKIX TESTS COMPLETED SUCCESSFULLY"
+
+    return 0
+fi
+
+if [ ${totalErrors} -eq 1 ]; then
+    plural=""
+else
+    plural="S"
+fi
+
+if [ ${totalErrors} -ne 0 ]; then
+    echo ""
+    echo "************************************************************"
+    echo "END OF ALL TESTS: ${totalErrors} TEST${plural} FAILED"
+    echo "************************************************************"
+    html_msg 1 0 "${totalErrors} LIBPKIX TEST${plural} FAILED"
+return 1
+fi
+}
+
+libpkix_run_tests()
+{
+    if [ -n "${BUILD_LIBPKIX_TESTS}" ]; then
+         libpkix_UT_main 
+    fi
+}
+
+################## main #################################################
+
+libpkix_init 
+libpkix_run_tests
+libpkix_cleanup
diff --git a/nss/tests/libpkix/pkix_pl_tests/module/cert8.db b/nss/tests/libpkix/pkix_pl_tests/module/cert8.db
new file mode 100755
index 0000000000000000000000000000000000000000..f09bebbcfed4a33295248e2e98f889cd34292ded
GIT binary patch
literal 65536
zcmeI*c~BHr9tZH(-6Pkmg3JIWijH{15VQ7Nz%X(w5Fv>vkccQ|5l~d30t%#pal;Iv
z;sGA3tCpr@)u<>1UJ;`~S6l=Y<C<h+jJqlx(N$OCg;7J?*E1tbqh-<TRw`M)O?A!m
zo1Q*C^M3uBKYqU^4j##b5S9?P20}vVThfIPhQ0_hak9OkpIaI@%d6!h;wijemi~te
z^i`OIb%gn6pPa16^Rw?4JA?oPAOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z
z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2>j0k
zUJSVxawp_pA=^XpLYUxt!3TmD8Y_+E#_7g4jGY3146F-W?tjp~*gwMGO*cfR)b`Re
zYE<g)G^$6KAOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##
zAOHafKmY;|fB*y_009U<00Izz00e#k0!}hQ>ImV@HN3fiWf)%W;OIL$>hk~@*NO12
zs^z@10~aTAP_Q{!>fi7#!h(x}o068TcH_GUOPs<nYiwF-`q)&j&b*%2sMYEKtxm@$
zbaU0HX#-ufHSm4--YnC0HNG?5Cl}}KA(OeVj7)R@+#tdaWR*$vFMOZ!_N}$A{WW1_
z(30Ed<crVGWR;rq8Mkg<i2A43`tnAT_uA}b;igiV#6uQN|Auh-*Ld^hCr*FRvrgZg
zce9?p^Vo^0Q_`}sr{%T)7}S0mgFS$?fsf>USe6`Vvz}Oh6_6%8a~1KgWJB`&raI{B
zu$Xzl2{*Qy->gr}G;O%bDit5T6&!uJY257IBO*%|?Y`r+v#3JGOFc3A1WuXdkKI9B
z_<Xj4&QnS_mSNleVm$vWGX>w(YUYwTEn~bYJtKMYWM0*Bt^vGSFYY&%2HK}Y-O$=$
zXg8E)r)FiVmAt!kqjF&}Eq#J2Ja#Cb&s5TR;N#xR(1l*C*-V=A-Zp#ZxW62G_KnrQ
zy?*g>Q`gGa!Hp5*V9yZKu3`PtUi*Eh&#;H1f{I2y*k5yZ58rfjRovv0W~0elmvL)+
zQstzTF(0pAv*wEI12>=Q=)I*Uf2usx{Rd<G<wKh`c(}?Q&TRU!rsqLcKU|UExmeSb
zbG!VN<deRQw|ux4J~|P_)UqCAc~Z<mk3RDH?Mpt*Uwf@U{{6@vcZEZ{*HAL+>s3K#
zj()b~9lzc2pXM&D*!v*xYX1HBq4FTd{0YNG#TW1SYE<-hQytyRrk$^QPVIAL=m1Ye
z<#A`tg1QY2gFUCuA3mdKz`1qhJzv?eA!l*=x;*)V-ujfA4^yTyeU0_&Z|>VPY|-3J
zGtV|8Tw3F>Wd8U>(+6?=#xX;UKOKMFmopa-)@+JAUzVhJBzOEvYF$N4;`(FF_5Eub
zGOx^&R~0nBzw20^RlzG)@9DlXC1}hi!Q01I9?!3O%QxY+=lessY|X`UjrGg(hh*J|
zY4EyN*#EBA&cP47H=ZBSdG^P<^TTtSD-~w~f)<w*uleHs-uvb*h5brAhW7|_AANFb
zig~>$e97etuZ~|wdkOC<ToPOv=8>!u$2qd(X_tkJ$hhpVSzD*=D!9J(_~~U+56nCK
zH&!_^d|q_m-#;lHcdB%SVvfr@FD54R5PF+N=pBS!U?lfYC;C)ehPV*Yx*4J+qyt;x
zI?|Pe$KMtT;m7VLPBifL(mB@_eBvvC#EYL@<oWCT^#S%5ENg?*4I=1%wL$k1-|xww
z6E3XY3Ly%ecnA8zGA>UGM4#P1T<RVFFm3<c%|E^w(_48ivByDH`QFMj)trf|HyVnn
zcP4kcSbHt{&+hb2K|^OkZ#1OcTR71tPY;s#9rp3wtN~1)buBbxPRykPK7Ew6#I14d
zU7zkCD{X9+q$9R{$8yBN0SYls?@egTR}*I%@B8RH!y5A}IV}1O+Iv{^+=ZJoyP!9y
zwY=6o=&cQs?+!55{(8sSc80x^sLR>zILD0UPE21rDRsrw#?!lcC6pWU>%CcJWat<^
zv|>`-Y1w?$5&xLv6DcvLg}4*$lIbvdSYm$_!bmN-OIiZSvPU8ISz+)NmNdc$PUzrG
z<DX7PByU&hMS$zT-3C2jjr6avt>;HCbYw*8w5+s@bVA%i>IXLt-e<UE*kPD#F#1jK
z^Vi?fU)GoFKh#y|W@tBSb2KHI_cSE}2qp+X00Izz00bZa0SG_<0uX=z1Rwwb2tWV=
z5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2#5uQ1pLp11pK4C
zdF~Sl_#H_6ZcQdv>$IYj)&NU`wFp6Le!Z<#RD^&PXFKt<5CToxE*zdbI&@oA*@0%S
z#<DN7R#bFZmCY(${?ykYv1xUu!)N8ivyzW2|EP4xMOlZ^e5u4yL86W~&v`;Za?)~(
zgMn|G<!5PV>tJ0?T#7)PU2Mzx>an0Qc3ogim(q!2YbWQr=AQUncaBx&#cD@+Pge|x
z4)i>gxh2BIv8ZcQ2NI-(?(koiqp&4Ywg?31)opr$rJ=2Wb+vW~q&IIo8I-eVpRR1%
zsZ!rNwg2c|wv<)+l_bxddvsEgq54LIDXbuT&P~_ac9)~D%Nf;mr1P+?sp+C*SDJWd
zNp_W*ZrkoWH(OR|Yrg7}IqKqQl9>Kym#*rsGw4M{HLMNo-Jp#a$*Rw1vZ}Jd_ik*J
z_ZKg-->&12sbqN-CEHl#=u7uzXtgz;<@7BI^>eyjT>e$zABAL9AqSh0njvnDJZEc~
zxh46OsOe}YHRF|&oR!)debtuoEOy!A3?~}Pqy|fCZ5DsMM&oCnEN*R(o~Vid{J#&t
zr&eo8%3us@u9g<gXM=V`hV5cX4}F`*Dvf!ns=h^0W2QR(TW*@UFzig;Hw#)bnQ8BB
zXPJn{187U#ghQ4{sHSxj@*dYsI3f-OsYQ_Nh9ZMn$BTl&+JInqp2`%pvvh)ksMm3p
ze<qX}%H{7CE#2JdrN*f>^;-w3Vk0uP(0?(OO;a^7{U^LTyj#_t{ndWS&I3jsvx|lf
z6fB@6=9+&2W#(`Q5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb
z2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwx`=UU)DT^%QM

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/key3.db b/nss/tests/libpkix/pkix_pl_tests/module/key3.db
new file mode 100755
index 0000000000000000000000000000000000000000..5c3b3ebbb0617b5d9daf2b08d4873b7619552360
GIT binary patch
literal 32768
zcmeI&F-k*05CG6gB9bN`i1ntiR6-78{{td{PXfl)-V5Xe-oiS4PLLwl*odtb!R-Ec
z0aJuuyn$tAcUg9L^~CvA6%pNti*3X(mobRw<WyGl|B8Iy9Q2ypT$MM`S<ar{b1qT#
zWt}|whkj1}uMY_jAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!8AN1kTb=`c9u|
zlh$eTD+mxEK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB=EE39Q~eM!W9q>tuO3
zo_<}wJk;|^Ro^VC`l)w!|G1dWXRVn-&<Ftn1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNA}v_KwN*tKnJK|cft5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7e?
G{{;4;U#toM

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/crldiff.crl b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/crldiff.crl
new file mode 100755
index 0000000000000000000000000000000000000000..d076ef89fb603aee8f7cd503e82560257c5a69ff
GIT binary patch
literal 237
zcmXqLd}YwMl8KSgfSZk7tIgw_1q(APgMqFgw*e;`b0`a&FjHwUjKd|&lu=+PXuuDW
zVHW1dNX$!1&8#dH=QS`jFf=qWG&M9bHID*v&5*bTUIxlc%#3aG(UckR0_|iDl@(=S
z;bLNB0x4o>GR3P1)s@Wp3<f$(BJrm}_rF!LVr;Bg_;RA_vK|c{UREX%{gpWfZYf4D
RKNHBBW`El{Qd6Uu2>|3#G1UM7

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/crlgood.crl b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/crlgood.crl
new file mode 100755
index 0000000000000000000000000000000000000000..1ad019ed18a008a437571351adac7d635294fe53
GIT binary patch
literal 237
zcmXqLd}YwMl8KSgfSZk7tIgw_1q(APgMpqQw*e;`b0`a&FjHx<A&&tUh{Gk!TwI!G
zC}_YB;xP+zWF+RLrDj%^it`$n8W<Xw8yOf_8X80axn@XQ15X2GCT2!XBQ#|Oyg*Bt
zLuEx-Sh$!NSqzkzm<%lOszG%nvp$1?4wFdO$HS*K`WR&uAN*?_!ZF!KWzwg3CK1=?
Wh9RF4bJna}E<BgT9Vqs}iU9!47Bl4l

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/issuer-hanfei.crl b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/issuer-hanfei.crl
new file mode 100755
index 0000000000000000000000000000000000000000..6c9f0dbaa3402f1a76a6959d862c54db91810e8f
GIT binary patch
literal 199
zcmXqLJYvw;%*4oOz|F?4)#h=|f`yrt!9d55+klgeIh2J>n5nebkjH=v#NiTVE-uY8
z<Tv02@tB3#G7|IBQZvPQ4NMJ;49pG9j7?3<q9pi@3{4CTjf@SU0tU(kia;Asl$l2v
z@B*!54wV&UVc|lzpIIO11SXM`==skktSNZ1@s6R)?5A_W_HulB%Os-ArDUa({4h(*
Q?Cdgbha#<`-Lu{R01Lt{bN~PV

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/issuer-none.crl b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/local/issuer-none.crl
new file mode 100755
index 0000000000000000000000000000000000000000..c1c83ba2cda2224001c84b66243b59d70a2e14fc
GIT binary patch
literal 196
zcmXqLJZR9^z{JRCz|F?4)#h=|f`yrt!9d%P+klgeIh2J>n5nebkQXQm<ZubI<mKn3
z!nn*3t~jrOsezG!p`nGTp`m3IkZW#eU}Op98Ymkm0*yyfWNcs=WdJczR+NQ>3*B;N
zeFg&^CJ~`^8^2FW?0YGEy|2O0<mLRPiYO)~5yodB$CUpRiLLYJ6R_U>!ZvyTTP6T$
CUM%|n

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_all.crt b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_all.crt
new file mode 100755
index 0000000000000000000000000000000000000000..89b59d17df21a1e758316fb6837ee3616645b38c
GIT binary patch
literal 774
zcmXqLVrDXEVmh#ZnTe5!iIK&Cn~hzo&EuQ}3o|Q&fvzF90Vf-CC<~h~Q)#gwj{z5m
z!zIj|n^|HgV893BF$=R7CugSSC8ruFi1Qkl8khm0iHV_sQIrI~v4H`QWnc~!Al1Mo
z#_a}8j5;tUF#<XAOpT2Uf9r!AWlM!LgYJ9H(R=gc`8UDsK{oGQ7!J$XH*5=3%XE!(
zPzwAVY1<p|YyZ)&y9~aao*kNVz0tZs)+GN^TEh11nE^|e%%A^)rCLDgkpJ$L*Z*xl
zCjG-Y{Q0pJ%S8EEem8%+d{pi*lWB->l-NY0Z>68tX(wLSdjCm@S#s`0560t6q72g$
z0{TUjxzB8xw6kf^>lW@05i(yvPW%3FLF={Iw)al&Ssi1xBYbD&l=ZuRS-ood8ScYv
z%ife87#ZHT>q?~mvqE-(#)d7PVui{td^E&_x1Z-U>N&COp^aEocSudI#)HM{<g_<0
zE1j6PxSso$qG{5{-$_-BD%NL~eB8Gpa6;#b=KBw$p3Y~R)SVXBP#vn8!suiD@4TlL
zb7KnwQ)5HIjl0*rd%i8(qxyQs!I!$qvXSp%GW9M!Gh5TC|LXB=d#@EzKbJX~uKVNs
zsZc$pz0oagnLz)V3Y(|S6aKTNPCSsQvH8`l^;V^2Z@rJ%R$fZ(4bpv@EE@In;5v)P
zzyIIZe(}5WuV=T<J&EXR%S}JGbdPZGl$nRsBdwM7Kh>z3HO*d}XOLsS4@@7j{EUqM
zSy-8w+1VHjTtNb=EOrJqY#iEbjI6Be%*=2W3!KFXXEDK9jBpl*fe^?TVUW2T25dlz
ziID*%-7@Pl80avGRA|pREM>dHVu`VqhM@MD&^7n<Q<y~f=SH6UpWA<T^8T}idd16v
J*rT?40{|Q)65{{>

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_allbutcodesigningEE.crt b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_allbutcodesigningEE.crt
new file mode 100755
index 0000000000000000000000000000000000000000..a80c10cd32061559e65615a0d8c784bb6764d5ca
GIT binary patch
literal 732
zcmXqLV!C0_#58RIGZP~d6C<YqHygWFo5wi|7G_ok16@OI15P&PP!={}rqW_V9s@2A
zhfA0_H?zc0z<>|LV-{vFPR>ltOHMUV5a%^8H83+UGc-3fF)@ph;5RlfFflYRFoy~l
z7@-=-3$zYwAWKPVafzXbfe^$*ZV)#!FI~aaJJg_waXS#}z}&?M<j6BMHZuIJ4{nq#
z719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<tN5Aee_;z}BXwLOU
z>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8<!AZb{O$5lxx-AR
zA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=KrbVw?xIaY5d<8k}
z`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buok^avL*##OKws?va
zD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<gNgsbFRWYhqpIP#8
z--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4GA~yUi<F(wrr2;>m3JQ
z>MF}dzKhA!yY$R#O{e~=$G7dhR!IF^=486=kMpNO^_ccXx3pyf{c9?0o;pwX&zd^%
zK&Hm#SGU$%m6pBrK4x2aDY-XD_i3_d)YF6OEFS;<e`EW_@6NxT-9GmuqOUDC{oK+$
z!ogE!9#)UER@VPiqiWVPd$GNNt${T#N@Z19Obm?JIJDUqSy|bcS>P;AIEx9+VuZ6e
zP*NkaK7)Y{lZdp(gjQky#zXvOzm6}@EZx|zV%@_eVzsk!alkoFM%SH1Q)(2f6q%&N
FD*)(b4PpQQ

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_clientauth.crt b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_clientauth.crt
new file mode 100755
index 0000000000000000000000000000000000000000..3cd7bc9bce4b27fd32ea39e3af62ffec2da4ce87
GIT binary patch
literal 726
zcmXqLV!C9|#57?6GZP~d6C<wyHygWFo5wi|7G_ok16@OI15P&PP!={}rqW_V9s@2A
zhfA0_H?zc0z<>|LV-{vFPR>ltOHMUV5a%^8H83?cG&DCcF*1mf;5RlfFflYRfC(7r
z<1<jmKmcMOXL3erZf0>wQKdl><8~m{fjNp1$dPAiY-IRbAKWNgDx?{7-)oNEn<vk|
z32qOvdGEq-SkAs-TcBE|YpjD(;O|J=-iTlOkAB@{@a^>M(46ay)(x^I`Jd7fwr9@_
zSh{5X{1+_M0!oMccdxwuZ~HOnAJ*Z|kF8iH%Fpt<`P=2Aa)+5rLxiKmCK`P!{k%>)
z@w(RgPfE;^b1!-@9%m9|n4S>OFRILaX49mdO^aT)aDRx9`3iE{_lFBwug$i-cY4q2
z7_%MWJ1eKG-~G$#RnyOKA8uRrru4wb@V;GFBK@BgvI{geZ1EH;RDR*3Att>2Jf~65
ziDeIM#HzYOYI-#uEM6z4y?I&b#Jt7z+`kk}lRo}Vs$x{JKC|TGz7>HJI#)E`e;D<2
zKHH@3w77=qP}LMhAM1bTJ++t{TNs!c8xn5Zz4qPnZP^~x*E<fr)K!*^d>50ccj=kg
znoj*!k8j(1t&sY;%*k}!ALmbn>M`w&ZfVN|`qxz0JawM%pEY&jflQ6fuWqfkDlL2K
zeayD<QgUyQ?$cz^sHX?lSv>yz|Hk%<-<^LwyM69SL|<EO`njchgoCHdJggpRt*rm4
zM%Aoo_F@|YD+7LDgv#<WGX7^_WoBk)V=xc~38=DwQWA$Y8zU<#J2SI^5J*rMq>96U
z4M;IDGN7bGW_<<&9VQXUo_&4OCu*m*&93v!xXZHTuY!&MlZdZo`kv6>y9aJfxv)0t
L!sDOy=L}T=-@p`U

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_clientauthEE.crt b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_clientauthEE.crt
new file mode 100755
index 0000000000000000000000000000000000000000..b0119ed261b02e9be4f85ed7e8faa6e3f085f253
GIT binary patch
literal 694
zcmXqLV%lWT#8j|=nTe5!iILTSn~hzo&EuQ}3o|Q&fxaQP0Vf-CC<~h~Q)#gwj{z5m
z!zIj|n^|HgWFP?IF$;4hXQbw47MB!N8YqbK8kicG85kQ{8W|c{MoI7+8yJ`vf-pqD
zzzEeyUZ90wBUwsPi%See41^$Na)Y>;dFcwS-k}CfjN5@&2j((HAV;35v610#eQ={}
zsgP#SeXlusZ=O8=Cb&Jw=DiEUVLAJTZGmc;uCWeEfxjbddn11BKl*i-!MD@1LvyY-
zS~tj=<bO&_*q%KzVCj<i^Ix!33n(4(-@WqszwO7Qe^`e<Kel3-C_l^Z=5Lpe${l7h
z4H1qKn`rc{^z%CH#Oqq`KPfRw&b{ctc$`U;VR}M9zo;_znN5>+HZ6MH!u=sa<}1i)
z-ybe$y*AtS-swH7W6XAh@2s4%e)lh{S4}^|eYkDeo6-X#!~1q!iS&O~$S%;>u*FlX
zQ2B+AhM4g7^PEOKCzd_55v%GBsp-{tuy~!E_U2`!6Z00=bN^B_P5Ssdsftm>`plA#
z`&I-_=v>i!|6$bA`D~NA)8ZPcLse54eXReT_tau;Y++z(Y)H6q_u6;Qw`F@&U+*~h
zQde0v@?A`(-lb<|YdZB`J-%)4wL<FWGAGk@f1E!Rs>if9x}_}>=wDM|^VE65f7aBA
z2QoD_zq+;Fs<iB__c7bbOUb=Kx=)iuqn;jIXYu&={~Oyces})$?Dn}Q5q)jB>F1X2
z5e}X*^RRlPwX*)F8dbBV*^9*uL=A+2Q7Ws-0!lp`+H8!htnAFpDCvw@pTR(fNraDO
u-uog28N-O=gV&}X{QDz3JV}K~#5>}-s%C3`z-!@d&WnHi8I}KSWC8&97!Dr*

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_codesigning_clientauth.crt b/nss/tests/libpkix/pkix_pl_tests/module/rev_data/test_eku_codesigning_clientauth.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f90df0daca4052b709c17a0c7c3111d694f8854e
GIT binary patch
literal 734
zcmXqLV!CC}#57|8GZP~d6C<MmHygWFo5wi|7G_ok16@OI15P&PP!={}rqW_V9s@2A
zhfA0_H?zc0z<>|LV-{vFPR>ltOHMUV5a%^8H83?cG&D0YH8ziu;5RlfFflYRfC-Rl
zU=!nZgC<5Dn3EWR9C@b3Muxxj!Hu$|LYhJMz2@k>dGh?5;PxP!_bv>F<?I`_1*&Db
z#yThk{*JWmjrg_y=+|8a-%igC&AHxa-5_g{|0ykDd-lwLrAy||f5B2MpmfN8_sZ-4
zwjY!JVIBVb*otMM{4Bqlzg<2mcbLgEL^w)pqS3d~&+D`kuWP;kq{J*a_o4^maVAlQ
z=?MY-qRQN7Hci^uwCHsU_lF3XuOO#=f4HFa+HBi<r}wOmG20QovvSJ%-M_3}HT?|t
z;kIRON)L<-@7r}H(*Ic@yFg>Z7EiH4<rh90V#3?ca~k!WSoY9Htg1VtrdQ*^;&pP`
zo0pYN%v)T~{Y%j_>ErLDDn=FSGfO`1TM;;+b4Bz0hfz=GvrXzwi)*M3RZU^^vHo}7
zQ;WH=g@LKDA>qc|Yu`QJmhDk}z2o3ZU1izGcQKiIm!6re>C}Jq__n>*3aOvVoJ`mK
zasE`O9@F0FmbOfwe@%tWQ|Af)SyLw-$kf>U>ehOz(z3VS$80MvCHDsDK1~*ldU|l3
z#pB=qZ*0H#-TBwE+vlD{^tI)tpIf>|IC#p;!|IXN%KD#bRLz=ZFLpC<G2jQL4_SUj
z#{Vp=%*^a;3<k0w0aX?;0}(b3Z8k<$R(57)IE%?Z2qY~GQqN()2Ber68Bo$Avp$1?
z4wHzyfK1|yO=fN{r*hQ&<1#pubas<HlSpRc&UV(dY3;S%q2f;hW9JlKUZ4&DQ1lU6

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/module/runPLTests.sh b/nss/tests/libpkix/pkix_pl_tests/module/runPLTests.sh
new file mode 100755
index 0000000..4c4cebe
--- /dev/null
+++ b/nss/tests/libpkix/pkix_pl_tests/module/runPLTests.sh
@@ -0,0 +1,101 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runPLTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+. ./libpkix_init_nist.sh 
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=MODULE
+doModule=1
+
+### setup NIST files need to link in
+linkModuleNistFiles="InvalidDNnameConstraintsTest3EE.crt 
+        InvalidonlySomeReasonsTest21EE.crt 
+        indirectCRLCA3cRLIssuerCRL.crl  
+        nameConstraintsDN3subCA2Cert.crt 
+        nameConstraintsDN4CACert.crt 
+        nameConstraintsDN5CACert.crt 
+        onlyContainsAttributeCertsCACRL.crl 
+        onlyContainsCACertsCACRL.crl 
+        onlyContainsUserCertsCACRL.crl 
+        onlySomeReasonsCA3compromiseCRL.crl
+        requireExplicitPolicy2CACert.crt 
+        inhibitPolicyMapping5CACert.crt 
+        inhibitAnyPolicy5CACert.crt 
+        inhibitAnyPolicy0CACert.crt 
+        P1Mapping1to234CACert.crt 
+        UserNoticeQualifierTest15EE.crt 
+        UserNoticeQualifierTest16EE.crt 
+        UserNoticeQualifierTest17EE.crt 
+        UserNoticeQualifierTest18EE.crt 
+        CPSPointerQualifierTest20EE.crt"
+
+if [ -n "${NIST_FILES_DIR}" ]; then
+    if [ ! -d ${HOSTDIR}/rev_data/local ]; then
+        mkdir -p ${HOSTDIR}/rev_data/local
+    fi
+ 
+     for i in ${linkModuleNistFiles}; do
+         if [ -f ${HOSTDIR}/rev_data/local/$i ]; then
+             rm ${HOSTDIR}/rev_data/local/$i
+         fi
+         cp ${NIST_FILES_DIR}/$i ${HOSTDIR}/rev_data/local/$i
+     done
+
+    localCRLFiles="crlgood.crl
+	crldiff.crl
+	issuer-hanfei.crl
+	issuer-none.crl"
+
+    for i in ${localCRLFiles}; do
+        cp ${curdir}/rev_data/local/$i ${HOSTDIR}/rev_data/local/$i
+    done
+fi
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+SOCKETTRACE=0
+export SOCKETTRACE
+
+RunTests <<EOF
+pkixutil test_colcertstore NIST-Test-Files-Used rev_data/local ${HOSTDIR}
+pkixutil test_pk11certstore -d ../../pkix_pl_tests/module ../../pkix_tests/top/rev_data/crlchecker
+pkixutil test_ekuchecker "Test-EKU-without-OID" ENE "" rev_data test_eku_codesigning_clientauth.crt test_eku_clientauth.crt test_eku_clientauthEE.crt
+pkixutil test_ekuchecker "Test-EKU-with-good-OID" ENE "1.3.6.1.5.5.7.3.3" rev_data test_eku_codesigning_clientauth.crt test_eku_clientauth.crt test_eku_clientauthEE.crt 
+pkixutil test_ekuchecker "Test-EKU-with-bad-OID" EE "1.3.6.1.5.5.7.3.4" rev_data test_eku_codesigning_clientauth.crt test_eku_clientauth.crt test_eku_clientauthEE.crt 
+pkixutil test_ekuchecker "Test-EKU-with-good-and-bad-OID" EE "1.3.6.1.5.5.7.3.3,1.3.6.1.5.5.7.3.4" rev_data test_eku_codesigning_clientauth.crt test_eku_clientauth.crt test_eku_clientauthEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-with-good-OID" ENE "E1.3.6.1.5.5.7.3.3" rev_data test_eku_codesigning_clientauth.crt test_eku_clientauth.crt test_eku_clientauthEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-with-bad-OID" EE "E1.3.6.1.5.5.7.3.4" rev_data test_eku_codesigning_clientauth.crt test_eku_clientauth.crt test_eku_clientauthEE.crt
+pkixutil test_ekuchecker "Test-EKU-serverAuth" ENE "1.3.6.1.5.5.7.3.1" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-clientAuth" ENE "1.3.6.1.5.5.7.3.2" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-codesigning-without-OID" EE "1.3.6.1.5.5.7.3.3" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-emailProtection" ENE "1.3.6.1.5.5.7.3.4" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-timestamping" ENE "1.3.6.1.5.5.7.3.8" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-OCSPSigning" ENE "1.3.6.1.5.5.7.3.9" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-serverAuth" ENE "E1.3.6.1.5.5.7.3.1" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-clientAuth" ENE "E1.3.6.1.5.5.7.3.2" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-codesigning-without-OID" EE "E1.3.6.1.5.5.7.3.3" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-emailProtection" ENE "E1.3.6.1.5.5.7.3.4" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-timestamping" ENE "E1.3.6.1.5.5.7.3.8" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_ekuchecker "Test-EKU-only-EE-ocspSigning" ENE "E1.3.6.1.5.5.7.3.9" rev_data test_eku_all.crt test_eku_allbutcodesigningEE.crt
+pkixutil test_socket ${HOSTADDR}:2000
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
+
diff --git a/nss/tests/libpkix/pkix_pl_tests/module/secmod.db b/nss/tests/libpkix/pkix_pl_tests/module/secmod.db
new file mode 100755
index 0000000000000000000000000000000000000000..772583d58bd21a17bce44d9265ff8d800e7fd526
GIT binary patch
literal 32768
zcmeI)JxT*X6ae5+A*2y(?8FRMY$pWk#Uho6637W+b`ydzfvBK`rAM&$YNFSWIGYtj
z1gj7Td=DP;_n4Xe+Jy;?{eB2xJA}Qr5Mt_v-4M1?Q)Os=chdTDVrSVdm+GRI>C=0f
ztD>r@a_!Nq@3Z!E9Y}xx0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t8kju-*D-<*k!ezOo%{M1TMR0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1U5{d5n_1$_4@pI`hp^5J$Z21>&3I_T{)lj
zC$W3p>BXaVJ6_C+`$?IqI)mACI35+_d7d3-aZt|hy7O{4e#o;dUYCzQgWGa&Gb{3}
zZjXzrEDk6A(QO{<clck!Y4r#HFy){4?-Gl};xnZnK!5-N0t5&UAV7cs0RjXF5FkK+
U009C72oNAZfB*pk1U6XU3x4(!RsaA1

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/README b/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/README
new file mode 100755
index 0000000..50e1b98
--- /dev/null
+++ b/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/README
@@ -0,0 +1,3 @@
+If the total number of CRL files is changed in this directory, 
+the define PKIX_TEST_COLLECTIONCERTSTORE_NUM_CRLS under the
+test directory also need to be changed.
\ No newline at end of file
diff --git a/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/crldiff.crl b/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/crldiff.crl
new file mode 100755
index 0000000000000000000000000000000000000000..d076ef89fb603aee8f7cd503e82560257c5a69ff
GIT binary patch
literal 237
zcmXqLd}YwMl8KSgfSZk7tIgw_1q(APgMqFgw*e;`b0`a&FjHwUjKd|&lu=+PXuuDW
zVHW1dNX$!1&8#dH=QS`jFf=qWG&M9bHID*v&5*bTUIxlc%#3aG(UckR0_|iDl@(=S
z;bLNB0x4o>GR3P1)s@Wp3<f$(BJrm}_rF!LVr;Bg_;RA_vK|c{UREX%{gpWfZYf4D
RKNHBBW`El{Qd6Uu2>|3#G1UM7

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/crlgood.crl b/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/crlgood.crl
new file mode 100755
index 0000000000000000000000000000000000000000..1ad019ed18a008a437571351adac7d635294fe53
GIT binary patch
literal 237
zcmXqLd}YwMl8KSgfSZk7tIgw_1q(APgMpqQw*e;`b0`a&FjHx<A&&tUh{Gk!TwI!G
zC}_YB;xP+zWF+RLrDj%^it`$n8W<Xw8yOf_8X80axn@XQ15X2GCT2!XBQ#|Oyg*Bt
zLuEx-Sh$!NSqzkzm<%lOszG%nvp$1?4wFdO$HS*K`WR&uAN*?_!ZF!KWzwg3CK1=?
Wh9RF4bJna}E<BgT9Vqs}iU9!47Bl4l

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/issuer-hanfei.crl b/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/issuer-hanfei.crl
new file mode 100755
index 0000000000000000000000000000000000000000..6c9f0dbaa3402f1a76a6959d862c54db91810e8f
GIT binary patch
literal 199
zcmXqLJYvw;%*4oOz|F?4)#h=|f`yrt!9d55+klgeIh2J>n5nebkjH=v#NiTVE-uY8
z<Tv02@tB3#G7|IBQZvPQ4NMJ;49pG9j7?3<q9pi@3{4CTjf@SU0tU(kia;Asl$l2v
z@B*!54wV&UVc|lzpIIO11SXM`==skktSNZ1@s6R)?5A_W_HulB%Os-ArDUa({4h(*
Q?Cdgbha#<`-Lu{R01Lt{bN~PV

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/issuer-none.crl b/nss/tests/libpkix/pkix_pl_tests/pki/rev_data/local/issuer-none.crl
new file mode 100755
index 0000000000000000000000000000000000000000..c1c83ba2cda2224001c84b66243b59d70a2e14fc
GIT binary patch
literal 196
zcmXqLJZR9^z{JRCz|F?4)#h=|f`yrt!9d%P+klgeIh2J>n5nebkQXQm<ZubI<mKn3
z!nn*3t~jrOsezG!p`nGTp`m3IkZW#eU}Op98Ymkm0*yyfWNcs=WdJczR+NQ>3*B;N
zeFg&^CJ~`^8^2FW?0YGEy|2O0<mLRPiYO)~5yodB$CUpRiLLYJ6R_U>!ZvyTTP6T$
CUM%|n

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_pl_tests/pki/runPLTests.sh b/nss/tests/libpkix/pkix_pl_tests/pki/runPLTests.sh
new file mode 100755
index 0000000..7857aad
--- /dev/null
+++ b/nss/tests/libpkix/pkix_pl_tests/pki/runPLTests.sh
@@ -0,0 +1,81 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runPLTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+doPD=1
+. ./libpkix_init_nist.sh
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=PKI
+doPki=1
+
+### setup NIST files need to link in
+linkPkiNistFiles="InvalidDNnameConstraintsTest3EE.crt 
+        InvalidonlySomeReasonsTest21EE.crt 
+        indirectCRLCA3cRLIssuerCRL.crl  
+        nameConstraintsDN3subCA2Cert.crt 
+        nameConstraintsDN4CACert.crt 
+        nameConstraintsDN5CACert.crt 
+        onlyContainsAttributeCertsCACRL.crl 
+        onlyContainsCACertsCACRL.crl 
+        onlyContainsUserCertsCACRL.crl 
+        onlySomeReasonsCA3compromiseCRL.crl
+        requireExplicitPolicy2CACert.crt 
+        inhibitPolicyMapping5CACert.crt 
+        inhibitAnyPolicy5CACert.crt 
+        inhibitAnyPolicy0CACert.crt 
+        P1Mapping1to234CACert.crt 
+        UserNoticeQualifierTest15EE.crt 
+        UserNoticeQualifierTest16EE.crt 
+        UserNoticeQualifierTest17EE.crt 
+        UserNoticeQualifierTest18EE.crt 
+        CPSPointerQualifierTest20EE.crt"
+
+if [ -n "${NIST_FILES_DIR}" ]; then
+    if [ ! -d ${HOSTDIR}/rev_data/local ]; then
+        mkdir -p ${HOSTDIR}/rev_data/local
+    fi
+
+    for i in ${linkPkiNistFiles}; do
+        if [ -f ${HOSTDIR}/rev_data/local/$i ]; then
+            rm ${HOSTDIR}/rev_data/local/$i
+        fi
+        cp ${NIST_FILES_DIR}/$i ${HOSTDIR}/rev_data/local/$i
+    done
+fi
+
+##########
+# main
+#########
+
+TZ=US/Eastern
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_cert NIST-Test-Files-Used ../../certs ${HOSTDIR}/rev_data/local
+pkixutil test_crl NIST-Test-Files-Used ../../certs
+pkixutil test_x500name
+pkixutil test_generalname
+pkixutil test_date NIST-Test-Files-Used
+pkixutil test_crlentry ../../certs
+pkixutil test_nameconstraints NIST-Test-Files-Used rev_data/local ${HOSTDIR}
+pkixutil test_authorityinfoaccess NIST-PDTest ${NIST_PDTEST} certs/BasicLDAPURIPathDiscoveryOU1EE1.crt certs/BasicHTTPURITrustAnchorRootCert.crt
+pkixutil test_subjectinfoaccess NIST-PDTest ${NIST_PDTEST} certs/BasicHTTPURITrustAnchorRootCert.crt certs/BasicLDAPURIPathDiscoveryOU1EE1.crt
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
+
+
diff --git a/nss/tests/libpkix/pkix_pl_tests/runPLTests.sh b/nss/tests/libpkix/pkix_pl_tests/runPLTests.sh
new file mode 100755
index 0000000..89ad1cb
--- /dev/null
+++ b/nss/tests/libpkix/pkix_pl_tests/runPLTests.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runPLTests.sh
+#
+
+curdir=`pwd`
+cd ../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+testunit="PKIX_PL"
+
+totalErrors=0
+moduleErrors=0
+systemErrors=0
+pkiErrors=0
+quiet=0
+
+checkMemArg=""
+arenasArg=""
+quietArg=""
+
+### ParseArgs
+myParseArgs() # args
+{
+    while [ $# -gt 0 ]; do
+        if [ $1 = "-checkmem" ]; then
+            checkMemArg=$1
+        elif [ $1 = "-quiet" ]; then
+            quietArg=$1
+            quiet=1
+        elif [ $1 = "-arenas" ]; then
+            arenasArg=$1
+        fi
+        shift
+    done
+}
+
+myParseArgs $*
+
+testHeadingEcho
+
+echo "RUNNING tests in pki";
+cd pki;
+runPLTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+pkiErrors=$?
+
+echo "RUNNING tests in system";
+cd ../system;
+runPLTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+systemErrors=$?
+
+echo "RUNNING tests in module";
+cd ../module;
+runPLTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+moduleErrors=$?
+
+totalErrors=`expr $moduleErrors + $systemErrors + $pkiErrors`
+
+testEndingEcho
+
+exit ${totalErrors}
+
diff --git a/nss/tests/libpkix/pkix_pl_tests/system/runPLTests.sh b/nss/tests/libpkix/pkix_pl_tests/system/runPLTests.sh
new file mode 100755
index 0000000..ec166cd
--- /dev/null
+++ b/nss/tests/libpkix/pkix_pl_tests/system/runPLTests.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runPLTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=SYSTEM
+
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_mem
+pkixutil test_object
+pkixutil test_string
+pkixutil test_bigint
+pkixutil test_bytearray
+pkixutil test_mutex
+pkixutil test_mutex2
+pkixutil test_mutex3
+pkixutil test_monitorlock
+pkixutil test_oid
+pkixutil test_hashtable
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
+
+
+
+
diff --git a/nss/tests/libpkix/pkix_tests/certsel/keyUsage b/nss/tests/libpkix/pkix_tests/certsel/keyUsage
new file mode 100755
index 0000000..e69de29
diff --git a/nss/tests/libpkix/pkix_tests/certsel/runTests.sh b/nss/tests/libpkix/pkix_tests/certsel/runTests.sh
new file mode 100755
index 0000000..050e4ae
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/certsel/runTests.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+. ./libpkix_init_nist.sh
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=CERTSEL
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_comcertselparams ${NIST} NIST-Test-Files-Used
+pkixutil test_certselector ${NIST} NIST-Test-Files-Used ../../pkix_pl_tests/module/rev_data
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/pkix_tests/checker/runTests.sh b/nss/tests/libpkix/pkix_tests/checker/runTests.sh
new file mode 100755
index 0000000..b63b2c5
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/checker/runTests.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=CHECKER
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_certchainchecker
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/pkix_tests/crlsel/runTests.sh b/nss/tests/libpkix/pkix_tests/crlsel/runTests.sh
new file mode 100755
index 0000000..7f5d2bf
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/crlsel/runTests.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=CRLSEL
+
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_comcrlselparams ../../certs
+pkixutil test_crlselector
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/pkix_tests/params/runTests.sh b/nss/tests/libpkix/pkix_tests/params/runTests.sh
new file mode 100755
index 0000000..cd0e38a
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/params/runTests.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+. ./libpkix_init_nist.sh
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=PARAMS
+
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_valparams ../../certs
+pkixutil test_procparams ../../certs
+pkixutil test_trustanchor ${NIST} ../../certs NIST-Test-Files-Used
+pkixutil test_resourcelimits
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/pkix_tests/results/runTests.sh b/nss/tests/libpkix/pkix_tests/results/runTests.sh
new file mode 100755
index 0000000..8a84610
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/results/runTests.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+. ./libpkix_init_nist.sh
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=RESULTS
+
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_policynode ${NIST} NIST-Test-Files-Used
+pkixutil test_valresult ../../certs
+pkixutil test_buildresult ../../certs
+pkixutil test_verifynode ${NIST} TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/pkix_tests/runTests.sh b/nss/tests/libpkix/pkix_tests/runTests.sh
new file mode 100755
index 0000000..9f1b895
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/runTests.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+testunit="PKIX"
+
+totalErrors=0
+utilErrors=0
+crlselErrors=0
+paramsErrors=0
+resultsErrors=0
+topErrors=0
+checkerErrors=0
+certselErrors=0
+quiet=0
+
+checkMemArg=""
+arenasArg=""
+quietArg=""
+memText=""
+
+### ParseArgs
+ParseArgs() # args
+{
+    while [ $# -gt 0 ]; do
+        if [ $1 = "-checkmem" ]; then
+            checkMemArg=$1
+            memText="   (Memory Checking Enabled)"
+        elif [ $1 = "-quiet" ]; then
+            quietArg=$1
+            quiet=1
+        elif [ $1 = "-arenas" ]; then
+            arenasArg=$1
+        fi
+        shift
+    done
+}
+
+ParseArgs $*
+
+testHeadingEcho
+
+echo "RUNNING tests in certsel";
+cd certsel;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+certselErrors=$?
+
+echo "RUNNING tests in checker";
+cd ../checker;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+checkerErrors=$?
+
+echo "RUNNING tests in results";
+cd ../results;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+resultsErrors=$?
+
+echo "RUNNING tests in params";
+cd ../params;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+paramsErrors=$?
+
+echo "RUNNING tests in crlsel";
+cd ../crlsel;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+crlselErrors=$?
+
+echo "RUNNING tests in store";
+cd ../store;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+storeErrors=$?
+
+echo "RUNNING tests in util";
+cd ../util;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+utilErrors=$?
+
+echo "RUNNING tests in top";
+cd ../top;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+topErrors=$?
+
+totalErrors=`expr ${certselErrors} + ${checkerErrors} + ${resultsErrors} + ${paramsErrors} + ${crlselErrors} + ${storeErrors} + ${utilErrors} + ${topErrors}`
+
+testEndingEcho
+
+exit ${totalErrors}
+
diff --git a/nss/tests/libpkix/pkix_tests/store/runTests.sh b/nss/tests/libpkix/pkix_tests/store/runTests.sh
new file mode 100755
index 0000000..7b0bb37
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/store/runTests.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=STORE
+
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_store genericCertStore rev_data/crlchecker ${HOSTDIR}
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/pkix_tests/top/anchorcert.crt b/nss/tests/libpkix/pkix_tests/top/anchorcert.crt
new file mode 100644
index 0000000000000000000000000000000000000000..1e2f7c7a1dbd2abafbca1d7122149c996fc575a7
GIT binary patch
literal 694
zcmXqLV%lWT#3a3dnTe5!iILHOmyJ`a&7<u*FC!x>D}zC@A-4f18*?ZNn=n&ou%U#3
z7>L6q%wLq6qL*2albDxUqL-YXYse4O36$X$W-Cc8E^&4=)HF~B2`~#Q1O$1yxGDtY
z=L3ZmoKuTRGSf1X6H8JRd=v8$(^HEK<ivRm%nXbT3=J#{fFMeo*T@2iOCLux&PVn;
zBP#=QV=se2V<%H%Bg2D=$p3E^y?U`V>~4FEQ0cGc8RfsPm;Dh*te&sQShY^?*_Y#1
zl8j268HY;CuJ{<8VA|F`L*we|Nt{=_1)eT#Rd`~}D#94KEOHau>@^mDmGW*W9$1vn
z&#Ak60qaEex<!$<J=j(6KRD{m<h)+fg{!xGlPdo^!N$v<3~p*QeEzGU%EZjbz__@~
zpu|9sjWeOmgR$+06C)!F3o{b~y8%Bim}P|-8UM4e8ZZMX16hy&ABz}^$erfyg7o!^
zEZy%b)@$!Rd+$MrR=t5dNLrZ%7?lm!74U%+@PiBlTEN(b94x>j!3+!!<)gs?tN*-x
z$FYR{{?aY(vwQek<)&Ypbm|3H^sTQ)G!K7Lcp1p~<ZQ(1IsLZ_o=2IixFTCOv1yaY
zOflhEGY-0LJXG(&H}Br+yC;-I7OZgOe?9fi7SG6~OFk~^bzFY3@{rEYb3BdvA}^h>
d{Bq-efNgO3UNvn^F{9PIk1KTb1-Dmd0|3>f>MsBQ

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/greg.crl b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/greg.crl
new file mode 100755
index 0000000000000000000000000000000000000000..148b47815dd19669ec595a8957edd99b8ae0abf2
GIT binary patch
literal 169
zcmXqLTxO7Jz|F?4)#h=|f`yrt!N9_h+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>x<d4W2Ca?HXk=|!pO;=Bf?2BwDQhL)z5CI(SJt{D;+#S&%%1_NCt5f(vj$&M?W
qQ5SvEze}1_d1TvX9%m9|n9^3VZ2g1joJp%bSQnMXuzv}9;{pKcKPZF%

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/greg2yassir_badsig.crt b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/greg2yassir_badsig.crt
new file mode 100755
index 0000000000000000000000000000000000000000..66563db4074e0353350082419cbfbfdd0977fb9f
GIT binary patch
literal 689
zcmXqLVp?m^#FV{&nTe5!iP6=7n~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObtv7Ee*{L%}vds#CZ)tTp$O`
zHL%8KGSn<?VV0c4q+&yU173*HY?X<{#hFD0O^n-tSO?}(Mj%I?sj-paZ+&p1Y^jiD
z(0#8tdT*XQ|0cLS$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEy
zn&f{<OW2-0GhpeG`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q
z5}RoBt@QIc?ZoR^?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%
zXuUSu_TK3|t7FV|gzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!d
zkA|4=_Vb)ZJtvkuv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{x
zPUu|GeE(t8)A?+Zy3^tsszX&%7=5h&o%hsYZfs#-YHZ-06x_6b&*$&C+Izlyvpd)y
z#x?a(j4%J=BSH5Zrrnk<GB7-R$+UNBfq_+vZh4H)853^%{i`)@OuAqhUJyE?H)@ad
z>cY~3(=6Zp!f#xx(ONKL$tsP<jdxbfUbQZ-;f~l{_0Qj*O)JeU(Qn~xGHjY6m^!5{
z_v~c$%*h9AkK4wq*}a&_fB_|mG3zrJ=rD;m+8&;G((;1h<`)T@X1e9GofCVyn@NOu
YLi^f753<~t>;DOH+&s2a{=wuK079S&K>z>%

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes.crl b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes.crl
new file mode 100755
index 0000000000000000000000000000000000000000..6cd8d25770ad6acf7ccf4cba54abcd31af6271bf
GIT binary patch
literal 153
zcmXqLoMsSaz|F?4)#h=|f`yrt!9dfH+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>!2c@0brObyMA42%qn4WocuGbApGsm%He20Bb45@+At4EZ{dWop>sug6>`$vbQg
cWMmQ%?lrH{>aIvy`>LAl&K=3;D+)uC0a8gPDgXcg

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2labs.crt b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/jes2labs.crt
new file mode 100755
index 0000000000000000000000000000000000000000..36591b8bface33a2cc7a26298a9beaada2a124c3
GIT binary patch
literal 555
zcmXqLV(K?&V)9wQ%*4pV#OQ0l&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLOUj0~d0c@05aQz+L!3!hQEKx=^pa|^TN
zBqkLbG%@Y~VjY-E7=avlrp88wzxBb5vZX?rLHE7p=)HOJ{F~tRAe;9t42R|H8@2_i
zWxB>XC<XqGwC#=fwg2eXT?XGy&koJG-e}z*Ym)ydEn$21%z&j!=Ffk@QZ1l#$ba|B
z>;JYNlm1~H{`}aAWup8nzni~ZJ}P&Z$uvYbN^GLhx6;q+v=gsuz5k@dEIIe02jg)j
zQHJRW0sW%N+-EjT+S#<|bqn{02$`=Sr+t68p!M2p+k2<?td23;5x%o>%KF{EtX?(!
z4EN!-Wp7Fkj12GFbtTgOSs}YXW5X6tu|nk+J{n@e+s|_v^_*Dt&_=APJEW#p<H6!}
za@w1hl}^lCT+jVW(KPAf@1!b573(ugKJHr)IH7Yz^ZkcWPv^5u>Q0Mms18+4Vf3;7
zcivNrxv`Z2<c>QBLQe^))|<|EXZYQy|NBDEv$Kz-*D(nGSLBF3Ro8cX`CNa8IZfZz
z&)NCDE<(ois`9VXhia`}Sw?(b%5=rcH!0z)&1sLX+l!89|5>y7&{gr0Z#<8d`{l^w
HCtd*nO+4Dv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/labs.crl b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/labs.crl
new file mode 100755
index 0000000000000000000000000000000000000000..8c96b41dcb3b5dd6d9cd1406136244d4a85ba89b
GIT binary patch
literal 155
zcmXqLoM8}dz|F?4)#h=|f`yrt!9dH9+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@#d!@(4NMKqjSLJ7O%0=fTr(stim}WF3<kPPq6}@iUteGS_ip00+@z%N
j1G4*GF=T#V5@DIP?c>@*b6ffMmiolJ$ao^_ZFm^~=W;4z

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/labs2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/labs2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..119368ca59f8c4d16d6906234abeed452266e028
GIT binary patch
literal 675
zcmXqLVw!Kz#1y-LnTe5!iP6J=n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>QTGS{NCaS{fKeiSrtQxMonUfi>}F8S)$O
zf{bPsW~)prF3v16Xky$B#5ypyF#<XAOpT2Uf9r!AWlM!LgYJ9H(R=gc`8UDsK{oGQ
z7!J$XH*5=3%XE!(PzwAVY1<p|YyZ)&y9~aao*kNVz0tZs)+GN^TEh11nE^|e%%A^)
zrCLDgkpJ$L*Z*xlCjG-Y{Q0pJ%S8EEem8%+d{pi*lWB->l-NY0Z>68tX(wLSdjCm@
zS#s`0560t6q72g$0{TUjxzB8xw6kf^>lW@05i(yvPW%3FLF={Iw)al&Ssi1xBYbD&
zl=ZuRS-ood8ScYv%ife87#ZHT>q?~mvqE-(#)d7PVui{td^E&_x1Z-U>N&COp^aEo
zcSudI#)HM{<g_<0E1j6PxSso$qG{5{-$_-BD%NL~eB8Gpa6;#b=KBw$p3Y~R)SVXB
zP#vn8!suiD@4TlLb7KnwQ)2_~q~NCgdp>{9)!y^vo87_wFs`YOVtn}@9|^kWFzvQ<
zk%8giOQyY33k<AUbjxFW&X{o9?_aHPW6}l7@Pg18y-|CtR~MERoM!p%7k=Ynjn;x0
zOIB$-ZoIQ<_NsMx4R^%us(=3eY+7k<iGB-jlVQ^o!PF^rxo0P{XHGs~d)zi=&F;la
z1`H^Pidmn*K!-_0dR>mu(uWxd{#%;tP3)o$ZGW-5fJr3BbNT+CPK@Ud2`v13PGL*F
I2(N820IrP&od5s;

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/yassir.crl b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/yassir.crl
new file mode 100755
index 0000000000000000000000000000000000000000..eca3a5e84a1f4bd07a8f0cc8869b75fa600077c2
GIT binary patch
literal 173
zcmXqLTxF19z|F?4)#h=|f`yrt!NA&(+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@4fzdtL0o2Gw#vlf;>;p(UISADQ$uq@OH&I|lPDn942g?k53?bIfgY16
xL%X2Xfs+%KU(jSuTd2-cy-GaW&KM}%G=FvXnm~*4n)NfAwzyo%H+;G$6#&r!DvJOB

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/backtracking/signature/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/greg.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/greg.crl
new file mode 100755
index 0000000000000000000000000000000000000000..148b47815dd19669ec595a8957edd99b8ae0abf2
GIT binary patch
literal 169
zcmXqLTxO7Jz|F?4)#h=|f`yrt!N9_h+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>x<d4W2Ca?HXk=|!pO;=Bf?2BwDQhL)z5CI(SJt{D;+#S&%%1_NCt5f(vj$&M?W
qQ5SvEze}1_d1TvX9%m9|n9^3VZ2g1joJp%bSQnMXuzv}9;{pKcKPZF%

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/greg2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/greg2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..182472b21cbac3478f64e4dc5d92272ff351c007
GIT binary patch
literal 689
zcmXqLVp?m^#FV{&nTe5!i80iGn~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObv{UEDbG;O-wDL#CZ)tTyrSb
zz#5;)P_wv&S#lDSiVgV<cp*l!RVEe}XBHVWF>VK99hgfQfgE|J#zuy}^}&s@r9zrP
z_r2!my?OHdo8a~!oA)jZhvn=WwgswXy2d&v1^$k-?Tz@g|LE6U2H#H44$ZmVXx$)d
zlK&|!VSDz>fTc_3&ws&EEueJBfA`Ak|F$2K{$U;d{Md?RqWmnso4;K?DtDO4G(<Q`
zY@*S(($DL(6R&H%|D?n$IrpLm<8dZYhUp0b{i4d;XEsgR*|g|&3-^ZznXe$HeSf&1
z_1bLPd#CrTjxpO2zO!=5`rW^*UN!v;_u;l>Z%Pl04DZ`@CDQ*{A-h0h!xm4mLgg1e
z8e+oR&vP2}oLKhIMy#qkq^4Kn!Qypt+MAb^PRv_e&;3i$H0k5-q$)-g>oZF}?pqN!
zp>sv^{fALc=d(@fPK#@(4pmKI^s)YT-cyUYv4w%Dv4M9|aMS)hpTFm7@A>l0?qGiy
z*VIQbzWk4m1l@C(c3Zm0!0_-T)845C239S)<uN{IOt|g$uhzIR>4If=LFkO$s6E!J
z3rh=5vwZgpzj3ifYr%{qt27=r-dQz!)w;ZfJ7Ra$KYxEVtu(hpzlFESuxW~5>Xf?N
zvy<5~Cm*mqZX2^^_hKdk29zYmtj}Pe!zAL>81cMcHDQjd#3x_TySsjza9?f6B%)Nh
X_VwlGoYxP^{S=<O?KrROyn~zobZQCz

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes.crl
new file mode 100755
index 0000000000000000000000000000000000000000..e037e50473a4056861680d9008ac0d2116a1dc91
GIT binary patch
literal 153
zcmXqLoMsSaz|F?4)#h=|f`yrt!9dfH+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>!2c@0brObyKqEln+r%%gx@GbApGsm%He20Bb4t~Vou#fv`%ZZNtKzgWe<nB}?Y
c5+)I^_dM>bv)#8^C|^sKG4+$*FL0<501lNSr2qf`

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2labs.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/jes2labs.crt
new file mode 100755
index 0000000000000000000000000000000000000000..36591b8bface33a2cc7a26298a9beaada2a124c3
GIT binary patch
literal 555
zcmXqLV(K?&V)9wQ%*4pV#OQ0l&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLOUj0~d0c@05aQz+L!3!hQEKx=^pa|^TN
zBqkLbG%@Y~VjY-E7=avlrp88wzxBb5vZX?rLHE7p=)HOJ{F~tRAe;9t42R|H8@2_i
zWxB>XC<XqGwC#=fwg2eXT?XGy&koJG-e}z*Ym)ydEn$21%z&j!=Ffk@QZ1l#$ba|B
z>;JYNlm1~H{`}aAWup8nzni~ZJ}P&Z$uvYbN^GLhx6;q+v=gsuz5k@dEIIe02jg)j
zQHJRW0sW%N+-EjT+S#<|bqn{02$`=Sr+t68p!M2p+k2<?td23;5x%o>%KF{EtX?(!
z4EN!-Wp7Fkj12GFbtTgOSs}YXW5X6tu|nk+J{n@e+s|_v^_*Dt&_=APJEW#p<H6!}
za@w1hl}^lCT+jVW(KPAf@1!b573(ugKJHr)IH7Yz^ZkcWPv^5u>Q0Mms18+4Vf3;7
zcivNrxv`Z2<c>QBLQe^))|<|EXZYQy|NBDEv$Kz-*D(nGSLBF3Ro8cX`CNa8IZfZz
z&)NCDE<(ois`9VXhia`}Sw?(b%5=rcH!0z)&1sLX+l!89|5>y7&{gr0Z#<8d`{l^w
HCtd*nO+4Dv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/labs.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/labs.crl
new file mode 100755
index 0000000000000000000000000000000000000000..8c96b41dcb3b5dd6d9cd1406136244d4a85ba89b
GIT binary patch
literal 155
zcmXqLoM8}dz|F?4)#h=|f`yrt!9dH9+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@#d!@(4NMKqjSLJ7O%0=fTr(stim}WF3<kPPq6}@iUteGS_ip00+@z%N
j1G4*GF=T#V5@DIP?c>@*b6ffMmiolJ$ao^_ZFm^~=W;4z

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/labs2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/labs2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f5fe261157c1d97f2dc22152fb4f01be6288de45
GIT binary patch
literal 676
zcmXqLVp?F(#1y-LnTe5!iP6n~n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!VYGGIVS
zRLnrWE->6W7jdQJFn!9;;MgEhtX5jv%dWSWNkr%EPls1*NxW0nD4lzFxmTKZ!M_{;
DJ7xtt

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/yassir.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/yassir.crl
new file mode 100755
index 0000000000000000000000000000000000000000..eca3a5e84a1f4bd07a8f0cc8869b75fa600077c2
GIT binary patch
literal 173
zcmXqLTxF19z|F?4)#h=|f`yrt!NA&(+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@4fzdtL0o2Gw#vlf;>;p(UISADQ$uq@OH&I|lPDn942g?k53?bIfgY16
xL%X2Xfs+%KU(jSuTd2-cy-GaW&KM}%G=FvXnm~*4n)NfAwzyo%H+;G$6#&r!DvJOB

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/fail/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/greg.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/greg.crl
new file mode 100755
index 0000000000000000000000000000000000000000..148b47815dd19669ec595a8957edd99b8ae0abf2
GIT binary patch
literal 169
zcmXqLTxO7Jz|F?4)#h=|f`yrt!N9_h+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>x<d4W2Ca?HXk=|!pO;=Bf?2BwDQhL)z5CI(SJt{D;+#S&%%1_NCt5f(vj$&M?W
qQ5SvEze}1_d1TvX9%m9|n9^3VZ2g1joJp%bSQnMXuzv}9;{pKcKPZF%

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/greg2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/greg2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..182472b21cbac3478f64e4dc5d92272ff351c007
GIT binary patch
literal 689
zcmXqLVp?m^#FV{&nTe5!i80iGn~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObv{UEDbG;O-wDL#CZ)tTyrSb
zz#5;)P_wv&S#lDSiVgV<cp*l!RVEe}XBHVWF>VK99hgfQfgE|J#zuy}^}&s@r9zrP
z_r2!my?OHdo8a~!oA)jZhvn=WwgswXy2d&v1^$k-?Tz@g|LE6U2H#H44$ZmVXx$)d
zlK&|!VSDz>fTc_3&ws&EEueJBfA`Ak|F$2K{$U;d{Md?RqWmnso4;K?DtDO4G(<Q`
zY@*S(($DL(6R&H%|D?n$IrpLm<8dZYhUp0b{i4d;XEsgR*|g|&3-^ZznXe$HeSf&1
z_1bLPd#CrTjxpO2zO!=5`rW^*UN!v;_u;l>Z%Pl04DZ`@CDQ*{A-h0h!xm4mLgg1e
z8e+oR&vP2}oLKhIMy#qkq^4Kn!Qypt+MAb^PRv_e&;3i$H0k5-q$)-g>oZF}?pqN!
zp>sv^{fALc=d(@fPK#@(4pmKI^s)YT-cyUYv4w%Dv4M9|aMS)hpTFm7@A>l0?qGiy
z*VIQbzWk4m1l@C(c3Zm0!0_-T)845C239S)<uN{IOt|g$uhzIR>4If=LFkO$s6E!J
z3rh=5vwZgpzj3ifYr%{qt27=r-dQz!)w;ZfJ7Ra$KYxEVtu(hpzlFESuxW~5>Xf?N
zvy<5~Cm*mqZX2^^_hKdk29zYmtj}Pe!zAL>81cMcHDQjd#3x_TySsjza9?f6B%)Nh
X_VwlGoYxP^{S=<O?KrROyn~zobZQCz

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes.crl
new file mode 100755
index 0000000000000000000000000000000000000000..e037e50473a4056861680d9008ac0d2116a1dc91
GIT binary patch
literal 153
zcmXqLoMsSaz|F?4)#h=|f`yrt!9dfH+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>!2c@0brObyKqEln+r%%gx@GbApGsm%He20Bb4t~Vou#fv`%ZZNtKzgWe<nB}?Y
c5+)I^_dM>bv)#8^C|^sKG4+$*FL0<501lNSr2qf`

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2labs.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/jes2labs.crt
new file mode 100755
index 0000000000000000000000000000000000000000..36591b8bface33a2cc7a26298a9beaada2a124c3
GIT binary patch
literal 555
zcmXqLV(K?&V)9wQ%*4pV#OQ0l&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLOUj0~d0c@05aQz+L!3!hQEKx=^pa|^TN
zBqkLbG%@Y~VjY-E7=avlrp88wzxBb5vZX?rLHE7p=)HOJ{F~tRAe;9t42R|H8@2_i
zWxB>XC<XqGwC#=fwg2eXT?XGy&koJG-e}z*Ym)ydEn$21%z&j!=Ffk@QZ1l#$ba|B
z>;JYNlm1~H{`}aAWup8nzni~ZJ}P&Z$uvYbN^GLhx6;q+v=gsuz5k@dEIIe02jg)j
zQHJRW0sW%N+-EjT+S#<|bqn{02$`=Sr+t68p!M2p+k2<?td23;5x%o>%KF{EtX?(!
z4EN!-Wp7Fkj12GFbtTgOSs}YXW5X6tu|nk+J{n@e+s|_v^_*Dt&_=APJEW#p<H6!}
za@w1hl}^lCT+jVW(KPAf@1!b573(ugKJHr)IH7Yz^ZkcWPv^5u>Q0Mms18+4Vf3;7
zcivNrxv`Z2<c>QBLQe^))|<|EXZYQy|NBDEv$Kz-*D(nGSLBF3Ro8cX`CNa8IZfZz
z&)NCDE<(ois`9VXhia`}Sw?(b%5=rcH!0z)&1sLX+l!89|5>y7&{gr0Z#<8d`{l^w
HCtd*nO+4Dv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/labs.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/labs.crl
new file mode 100755
index 0000000000000000000000000000000000000000..8c96b41dcb3b5dd6d9cd1406136244d4a85ba89b
GIT binary patch
literal 155
zcmXqLoM8}dz|F?4)#h=|f`yrt!9dH9+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@#d!@(4NMKqjSLJ7O%0=fTr(stim}WF3<kPPq6}@iUteGS_ip00+@z%N
j1G4*GF=T#V5@DIP?c>@*b6ffMmiolJ$ao^_ZFm^~=W;4z

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/labs2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/labs2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f5fe261157c1d97f2dc22152fb4f01be6288de45
GIT binary patch
literal 676
zcmXqLVp?F(#1y-LnTe5!iP6n~n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!VYGGIVS
zRLnrWE->6W7jdQJFn!9;;MgEhtX5jv%dWSWNkr%EPls1*NxW0nD4lzFxmTKZ!M_{;
DJ7xtt

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/yassir.crl b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/yassir.crl
new file mode 100755
index 0000000000000000000000000000000000000000..eca3a5e84a1f4bd07a8f0cc8869b75fa600077c2
GIT binary patch
literal 173
zcmXqLTxF19z|F?4)#h=|f`yrt!NA&(+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@4fzdtL0o2Gw#vlf;>;p(UISADQ$uq@OH&I|lPDn942g?k53?bIfgY16
xL%X2Xfs+%KU(jSuTd2-cy-GaW&KM}%G=FvXnm~*4n)NfAwzyo%H+;G$6#&r!DvJOB

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/multi_path/signature/pass/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/greg.crl b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/greg.crl
new file mode 100755
index 0000000000000000000000000000000000000000..148b47815dd19669ec595a8957edd99b8ae0abf2
GIT binary patch
literal 169
zcmXqLTxO7Jz|F?4)#h=|f`yrt!N9_h+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>x<d4W2Ca?HXk=|!pO;=Bf?2BwDQhL)z5CI(SJt{D;+#S&%%1_NCt5f(vj$&M?W
qQ5SvEze}1_d1TvX9%m9|n9^3VZ2g1joJp%bSQnMXuzv}9;{pKcKPZF%

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/greg2yassir_badsig.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/greg2yassir_badsig.crt
new file mode 100755
index 0000000000000000000000000000000000000000..66563db4074e0353350082419cbfbfdd0977fb9f
GIT binary patch
literal 689
zcmXqLVp?m^#FV{&nTe5!iP6=7n~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObtv7Ee*{L%}vds#CZ)tTp$O`
zHL%8KGSn<?VV0c4q+&yU173*HY?X<{#hFD0O^n-tSO?}(Mj%I?sj-paZ+&p1Y^jiD
z(0#8tdT*XQ|0cLS$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEy
zn&f{<OW2-0GhpeG`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q
z5}RoBt@QIc?ZoR^?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%
zXuUSu_TK3|t7FV|gzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!d
zkA|4=_Vb)ZJtvkuv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{x
zPUu|GeE(t8)A?+Zy3^tsszX&%7=5h&o%hsYZfs#-YHZ-06x_6b&*$&C+Izlyvpd)y
z#x?a(j4%J=BSH5Zrrnk<GB7-R$+UNBfq_+vZh4H)853^%{i`)@OuAqhUJyE?H)@ad
z>cY~3(=6Zp!f#xx(ONKL$tsP<jdxbfUbQZ-;f~l{_0Qj*O)JeU(Qn~xGHjY6m^!5{
z_v~c$%*h9AkK4wq*}a&_fB_|mG3zrJ=rD;m+8&;G((;1h<`)T@X1e9GofCVyn@NOu
YLi^f753<~t>;DOH+&s2a{=wuK079S&K>z>%

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes.crl b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes.crl
new file mode 100755
index 0000000000000000000000000000000000000000..e037e50473a4056861680d9008ac0d2116a1dc91
GIT binary patch
literal 153
zcmXqLoMsSaz|F?4)#h=|f`yrt!9dfH+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>!2c@0brObyKqEln+r%%gx@GbApGsm%He20Bb4t~Vou#fv`%ZZNtKzgWe<nB}?Y
c5+)I^_dM>bv)#8^C|^sKG4+$*FL0<501lNSr2qf`

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/yassir.crl b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/yassir.crl
new file mode 100755
index 0000000000000000000000000000000000000000..eca3a5e84a1f4bd07a8f0cc8869b75fa600077c2
GIT binary patch
literal 173
zcmXqLTxF19z|F?4)#h=|f`yrt!NA&(+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@4fzdtL0o2Gw#vlf;>;p(UISADQ$uq@OH&I|lPDn942g?k53?bIfgY16
xL%X2Xfs+%KU(jSuTd2-cy-GaW&KM}%G=FvXnm~*4n)NfAwzyo%H+;G$6#&r!DvJOB

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/fail/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/greg.crl b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/greg.crl
new file mode 100755
index 0000000000000000000000000000000000000000..148b47815dd19669ec595a8957edd99b8ae0abf2
GIT binary patch
literal 169
zcmXqLTxO7Jz|F?4)#h=|f`yrt!N9_h+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>x<d4W2Ca?HXk=|!pO;=Bf?2BwDQhL)z5CI(SJt{D;+#S&%%1_NCt5f(vj$&M?W
qQ5SvEze}1_d1TvX9%m9|n9^3VZ2g1joJp%bSQnMXuzv}9;{pKcKPZF%

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/greg2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/greg2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..182472b21cbac3478f64e4dc5d92272ff351c007
GIT binary patch
literal 689
zcmXqLVp?m^#FV{&nTe5!i80iGn~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObv{UEDbG;O-wDL#CZ)tTyrSb
zz#5;)P_wv&S#lDSiVgV<cp*l!RVEe}XBHVWF>VK99hgfQfgE|J#zuy}^}&s@r9zrP
z_r2!my?OHdo8a~!oA)jZhvn=WwgswXy2d&v1^$k-?Tz@g|LE6U2H#H44$ZmVXx$)d
zlK&|!VSDz>fTc_3&ws&EEueJBfA`Ak|F$2K{$U;d{Md?RqWmnso4;K?DtDO4G(<Q`
zY@*S(($DL(6R&H%|D?n$IrpLm<8dZYhUp0b{i4d;XEsgR*|g|&3-^ZznXe$HeSf&1
z_1bLPd#CrTjxpO2zO!=5`rW^*UN!v;_u;l>Z%Pl04DZ`@CDQ*{A-h0h!xm4mLgg1e
z8e+oR&vP2}oLKhIMy#qkq^4Kn!Qypt+MAb^PRv_e&;3i$H0k5-q$)-g>oZF}?pqN!
zp>sv^{fALc=d(@fPK#@(4pmKI^s)YT-cyUYv4w%Dv4M9|aMS)hpTFm7@A>l0?qGiy
z*VIQbzWk4m1l@C(c3Zm0!0_-T)845C239S)<uN{IOt|g$uhzIR>4If=LFkO$s6E!J
z3rh=5vwZgpzj3ifYr%{qt27=r-dQz!)w;ZfJ7Ra$KYxEVtu(hpzlFESuxW~5>Xf?N
zvy<5~Cm*mqZX2^^_hKdk29zYmtj}Pe!zAL>81cMcHDQjd#3x_TySsjza9?f6B%)Nh
X_VwlGoYxP^{S=<O?KrROyn~zobZQCz

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes.crl b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes.crl
new file mode 100755
index 0000000000000000000000000000000000000000..e037e50473a4056861680d9008ac0d2116a1dc91
GIT binary patch
literal 153
zcmXqLoMsSaz|F?4)#h=|f`yrt!9dfH+klgeIh2J>n5nebkjH=v#NiTVE-uZ3@wkPV
zvr>!2c@0brObyKqEln+r%%gx@GbApGsm%He20Bb4t~Vou#fv`%ZZNtKzgWe<nB}?Y
c5+)I^_dM>bv)#8^C|^sKG4+$*FL0<501lNSr2qf`

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/yassir.crl b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/yassir.crl
new file mode 100755
index 0000000000000000000000000000000000000000..eca3a5e84a1f4bd07a8f0cc8869b75fa600077c2
GIT binary patch
literal 173
zcmXqLTxF19z|F?4)#h=|f`yrt!NA&(+klgeIh2J>n5nebkjH=v#NiTVE-uY8<OQk)
z^0<XrauSn@4fzdtL0o2Gw#vlf;>;p(UISADQ$uq@OH&I|lPDn942g?k53?bIfgY16
xL%X2Xfs+%KU(jSuTd2-cy-GaW&KM}%G=FvXnm~*4n)NfAwzyo%H+;G$6#&r!DvJOB

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/single_path/signature/pass/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test1/greg2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test1/greg2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..182472b21cbac3478f64e4dc5d92272ff351c007
GIT binary patch
literal 689
zcmXqLVp?m^#FV{&nTe5!i80iGn~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObv{UEDbG;O-wDL#CZ)tTyrSb
zz#5;)P_wv&S#lDSiVgV<cp*l!RVEe}XBHVWF>VK99hgfQfgE|J#zuy}^}&s@r9zrP
z_r2!my?OHdo8a~!oA)jZhvn=WwgswXy2d&v1^$k-?Tz@g|LE6U2H#H44$ZmVXx$)d
zlK&|!VSDz>fTc_3&ws&EEueJBfA`Ak|F$2K{$U;d{Md?RqWmnso4;K?DtDO4G(<Q`
zY@*S(($DL(6R&H%|D?n$IrpLm<8dZYhUp0b{i4d;XEsgR*|g|&3-^ZznXe$HeSf&1
z_1bLPd#CrTjxpO2zO!=5`rW^*UN!v;_u;l>Z%Pl04DZ`@CDQ*{A-h0h!xm4mLgg1e
z8e+oR&vP2}oLKhIMy#qkq^4Kn!Qypt+MAb^PRv_e&;3i$H0k5-q$)-g>oZF}?pqN!
zp>sv^{fALc=d(@fPK#@(4pmKI^s)YT-cyUYv4w%Dv4M9|aMS)hpTFm7@A>l0?qGiy
z*VIQbzWk4m1l@C(c3Zm0!0_-T)845C239S)<uN{IOt|g$uhzIR>4If=LFkO$s6E!J
z3rh=5vwZgpzj3ifYr%{qt27=r-dQz!)w;ZfJ7Ra$KYxEVtu(hpzlFESuxW~5>Xf?N
zvy<5~Cm*mqZX2^^_hKdk29zYmtj}Pe!zAL>81cMcHDQjd#3x_TySsjza9?f6B%)Nh
X_VwlGoYxP^{S=<O?KrROyn~zobZQCz

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2labs.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test1/jes2labs.crt
new file mode 100755
index 0000000000000000000000000000000000000000..36591b8bface33a2cc7a26298a9beaada2a124c3
GIT binary patch
literal 555
zcmXqLV(K?&V)9wQ%*4pV#OQ0l&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLOUj0~d0c@05aQz+L!3!hQEKx=^pa|^TN
zBqkLbG%@Y~VjY-E7=avlrp88wzxBb5vZX?rLHE7p=)HOJ{F~tRAe;9t42R|H8@2_i
zWxB>XC<XqGwC#=fwg2eXT?XGy&koJG-e}z*Ym)ydEn$21%z&j!=Ffk@QZ1l#$ba|B
z>;JYNlm1~H{`}aAWup8nzni~ZJ}P&Z$uvYbN^GLhx6;q+v=gsuz5k@dEIIe02jg)j
zQHJRW0sW%N+-EjT+S#<|bqn{02$`=Sr+t68p!M2p+k2<?td23;5x%o>%KF{EtX?(!
z4EN!-Wp7Fkj12GFbtTgOSs}YXW5X6tu|nk+J{n@e+s|_v^_*Dt&_=APJEW#p<H6!}
za@w1hl}^lCT+jVW(KPAf@1!b573(ugKJHr)IH7Yz^ZkcWPv^5u>Q0Mms18+4Vf3;7
zcivNrxv`Z2<c>QBLQe^))|<|EXZYQy|NBDEv$Kz-*D(nGSLBF3Ro8cX`CNa8IZfZz
z&)NCDE<(ois`9VXhia`}Sw?(b%5=rcH!0z)&1sLX+l!89|5>y7&{gr0Z#<8d`{l^w
HCtd*nO+4Dv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test1/labs2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test1/labs2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f5fe261157c1d97f2dc22152fb4f01be6288de45
GIT binary patch
literal 676
zcmXqLVp?F(#1y-LnTe5!iP6n~n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!VYGGIVS
zRLnrWE->6W7jdQJFn!9;;MgEhtX5jv%dWSWNkr%EPls1*NxW0nD4lzFxmTKZ!M_{;
DJ7xtt

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test1/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test1/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test1/yassir2richard.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test1/yassir2richard.crt
new file mode 100755
index 0000000000000000000000000000000000000000..b11826f97a7c34e053d8694698c1cf1decc5a014
GIT binary patch
literal 520
zcmXqLV%lWT#8j|=nTe5!iP6h|n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMur9^21Zfh
zyoMmIDU@qqLxSM~27D01*^4rhGZKqZ44N2s0I?3twTwWHJX2#M!{7SgM%hv!&7k{U
zbM)RkdHzjsdyvh07ly-f_6^$t)iPaU9h3rpN80vA{Mvu?>n?+Dr)P)eTyL~)kTuEw
zl$NkPduG7WCG+RMV5t^RI^@55<@JBtk4gWq4u5`Z#WGQTmfy|aE+3UU%w!rO93?i<
z=v(RMb=ry7wcdYHVwRkH(Sz|glPJUVgn)igW$rVZChcrm^ty%nLxjv%kkh_DT+n)L
zw(Y&sdsfGo?FiplIc5FsUskW0eun#S+p;&M2S$eX?Ya`_|E!Q*ps`_#r&yu#3m*+J
z;qB)+je1TjduSt8)g4mPtMOp*Iyvpl%StEaEw1POrD&S;@pn=cql)#JB_H>#2%ONl
zqWS*AsHgMUCUvL9HB^VHrZD<g|2yxg#oXA+0CLC01NGc9`x`In3Kf-ZDGA;Dh4Il;
E05V^_ApigX

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2labs.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test2/jes2labs.crt
new file mode 100755
index 0000000000000000000000000000000000000000..36591b8bface33a2cc7a26298a9beaada2a124c3
GIT binary patch
literal 555
zcmXqLV(K?&V)9wQ%*4pV#OQ0l&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLOUj0~d0c@05aQz+L!3!hQEKx=^pa|^TN
zBqkLbG%@Y~VjY-E7=avlrp88wzxBb5vZX?rLHE7p=)HOJ{F~tRAe;9t42R|H8@2_i
zWxB>XC<XqGwC#=fwg2eXT?XGy&koJG-e}z*Ym)ydEn$21%z&j!=Ffk@QZ1l#$ba|B
z>;JYNlm1~H{`}aAWup8nzni~ZJ}P&Z$uvYbN^GLhx6;q+v=gsuz5k@dEIIe02jg)j
zQHJRW0sW%N+-EjT+S#<|bqn{02$`=Sr+t68p!M2p+k2<?td23;5x%o>%KF{EtX?(!
z4EN!-Wp7Fkj12GFbtTgOSs}YXW5X6tu|nk+J{n@e+s|_v^_*Dt&_=APJEW#p<H6!}
za@w1hl}^lCT+jVW(KPAf@1!b573(ugKJHr)IH7Yz^ZkcWPv^5u>Q0Mms18+4Vf3;7
zcivNrxv`Z2<c>QBLQe^))|<|EXZYQy|NBDEv$Kz-*D(nGSLBF3Ro8cX`CNa8IZfZz
z&)NCDE<(ois`9VXhia`}Sw?(b%5=rcH!0z)&1sLX+l!89|5>y7&{gr0Z#<8d`{l^w
HCtd*nO+4Dv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test2/labs2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test2/labs2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..2b4387d6c6cb84cf7b2c0c294ec77d7bc666a19d
GIT binary patch
literal 669
zcmXqLVp?m^#FV{&nTe5!iP6n~n~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObtv7Ee(y03=Peq#CZ)tTyrSb
zz#5;)P_wv&S#lDSiVgV<cp*l!RVEe}XBHVWF>VK99hgfQfgE|J#zuy}^}&s@r9zrP
z_r2!my?OHdo8a~!oA)jZhvn=WwgswXy2d&v1^$k-?Tz@g|LE6U2H#H44$ZmVXx$)d
zlK&|!VSDz>fTc_3&ws&EEueJBfA`Ak|F$2K{$U;d{Md?RqWmnso4;K?DtDO4G(<Q`
zY@*S(($DL(6R&H%|D?n$IrpLm<8dZYhUp0b{i4d;XEsgR*|g|&3-^ZznXe$HeSf&1
z_1bLPd#CrTjxpO2zO!=5`rW^*UN!v;_u;l>Z%Pl04DZ`@CDQ*{A-h0h!xm4mLgg1e
z8e+oR&vP2}oLKhIMy#qkq^4Kn!Qypt+MAb^PRv_e&;3i$H0k5-q$)-g>oZF}?pqN!
zp>sv^{fALc=d(@fPK#@(4pmKI^s)YT-cyUYv4w%Dv4M9|aMS)hpTFm7@A>l0?qGiy
z*VIQbzWk4m1l@C(c3Zm0!0_-T)845C239S)<uN{IOt|g$uhzIR>4If=LFkO$s6E!J
z3rh=5vwZgpzj3ifYr%{qt27=r-dQz!)w;ZfJ7Ra$KYxEVtu(hpzlFESuxW~5>Xf?N
zvy<5~Cm*mqZX2^^_hKdk29zYmtj}Pe!z99e>)>kR=gK0|k!9ft+qmW4zu+ok5&-~^
C<^CrC

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test2/nelson2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test2/nelson2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f5fe261157c1d97f2dc22152fb4f01be6288de45
GIT binary patch
literal 676
zcmXqLVp?F(#1y-LnTe5!iP6n~n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!VYGGIVS
zRLnrWE->6W7jdQJFn!9;;MgEhtX5jv%dWSWNkr%EPls1*NxW0nD4lzFxmTKZ!M_{;
DJ7xtt

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test2/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test2/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test2/yassir2richard.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test2/yassir2richard.crt
new file mode 100755
index 0000000000000000000000000000000000000000..b11826f97a7c34e053d8694698c1cf1decc5a014
GIT binary patch
literal 520
zcmXqLV%lWT#8j|=nTe5!iP6h|n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMur9^21Zfh
zyoMmIDU@qqLxSM~27D01*^4rhGZKqZ44N2s0I?3twTwWHJX2#M!{7SgM%hv!&7k{U
zbM)RkdHzjsdyvh07ly-f_6^$t)iPaU9h3rpN80vA{Mvu?>n?+Dr)P)eTyL~)kTuEw
zl$NkPduG7WCG+RMV5t^RI^@55<@JBtk4gWq4u5`Z#WGQTmfy|aE+3UU%w!rO93?i<
z=v(RMb=ry7wcdYHVwRkH(Sz|glPJUVgn)igW$rVZChcrm^ty%nLxjv%kkh_DT+n)L
zw(Y&sdsfGo?FiplIc5FsUskW0eun#S+p;&M2S$eX?Ya`_|E!Q*ps`_#r&yu#3m*+J
z;qB)+je1TjduSt8)g4mPtMOp*Iyvpl%StEaEw1POrD&S;@pn=cql)#JB_H>#2%ONl
zqWS*AsHgMUCUvL9HB^VHrZD<g|2yxg#oXA+0CLC01NGc9`x`In3Kf-ZDGA;Dh4Il;
E05V^_ApigX

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2greg.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2greg.crt
new file mode 100755
index 0000000000000000000000000000000000000000..44419aa4cf339f106277c55889fdea5f5c79798e
GIT binary patch
literal 671
zcmXqLVw!Ex#1y%JnTe5!iP6u1n~hzo&EuQ}3o|Q&fu<q10Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}2=iSrtm8W<az8yOmy8yZK6^BRJ<rckbd1<^(s@&X+Jw1!!j
zCA}y$-JpqaI}q!@+{Fmw$TKxIGW@L%Zj>z*(hR!qHAnBwljq+Aw+Gq0cVRdzXWy_b
zP%YCn)<G%occg7^#IOBFzwR>lc6xSb&h<v?23eE*PiYC;vu6e@T{3_E3zljDr9=L^
zS6=_O{h0I*>+t8tRxA_cXZhXy?ebB%!%U_j!ck%qjlPwBUZ<USUF-cPC1%OF7d;q{
zGl?=xPYCE2RpvgkY0}Q7MXy`9KSaoU1v%~e!v(F^X4~F7y=Qfd*^cm?l~dO5{$=&5
z>1VhPw=H{9dSGOD->xf>{?7{81sWT+c#0J&zwprz6W)HF)2QdfvWGTeRox*qy&4Y|
zuanc>ysUI$-r{=hUy7zlAAcuRF{)UfS@Ln;iogk-E1K^=jCwksZBlnyTtjuJY6_!|
z^}q9;TFi|t3`~s;&eg2#Tw!Ml%(tBh-1aueR&T|bI^&u9=kiQs+`sCT17k*;_JJ@D
zQ~T&_n*y2r$NKk}ZTfckq?VzNbN0TqIW@1V?%a4DVs1Yn<m0k^+mmk|cvFAx(lq=3
z{;Izd)>h_T|36pqZ`#Kl%U{;*XI$MPC(oQQt1jS3h<kO`!m1<3zCFFRn8|<vB|$Ok
zGZ^SFi8$N+QxjKRQB|3t7I*E$gHwz2C99Z3#8uxPy!tTsvPM$Ge=EN-A(g^|z5uaU
B2B81|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2jes.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2jes.crt
new file mode 100755
index 0000000000000000000000000000000000000000..07f7e58d1fa653d6b2bcd5d4f1f87a2feababb39
GIT binary patch
literal 656
zcmXqLV(KwyV)9zR%*4pV#29G6&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLMejLoCOc@05aQz(}dqna4E8#FQMz#PH|
z<j6BMHZuIJ4{nq#719j4?=?s7&6DTf1h)s-ymw(ZEN9=aEl@4fHP%5X@OPwbZ^W<t
zN5Aee_;z}BXwLOU>jqhq{7-2K+p}i|EL}2x{tK3B0i{F!yH{TSxBZy(59{#f$5t#8
z<!AZb{O$5lxx-ARA;M8&6OF!=eqN`YcwOuLCnaXdxfeYck28rfOiu{t7ggpyvuV=K
zrbVw?xIaY5d<8k}`@;pT*Jj(^JH2OhjM<Lxot0D8@BU@=s_AFA54SCQQ+i-zc;Buo
zk^avL*##OKws?vaD!=g25EI^hp3|u3#IlDrVpZKCHN6@S7O#`j-n^`IV&39<?q7<g
zNgsbFRWYhqpIP#8--^HqohzE}Ka6@hpKVfiT3kbQsA>wMkM+Ovo?6U}EeuSJ4f4+v
zrbi#>jo~wqV~)G5^3S63z!CHHtKNQkW%A*Lj?=S8)BlQjyxaG+z})%K#7?ERch;)$
zoylyuv{8-6_363i4@#Of8}9d>n!x5P*B5li>r$|<NAbxV-78M~UAHt}8_hr8+j3Wa
zEvI$zPZ`(q3od5v&UI7b-@pH9Sc&1veOX$M7Bd+zprjyXeFg&^CJ}?rvA39JP5n`o
m5&J6U+nf;QfK`S}B0PQihR4<U<l|qgDEL$t>@4>7`8farECTlc

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2labs.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test3/jes2labs.crt
new file mode 100755
index 0000000000000000000000000000000000000000..36591b8bface33a2cc7a26298a9beaada2a124c3
GIT binary patch
literal 555
zcmXqLV(K?&V)9wQ%*4pV#OQ0l&Bm_P=5fw~g_)JXK+}-hfRl|ml!Z;0skGRT$AAmO
z;Sy#pF3p4SxP_UsQi~1b#CZ)&4U7%VjSLOUj0~d0c@05aQz+L!3!hQEKx=^pa|^TN
zBqkLbG%@Y~VjY-E7=avlrp88wzxBb5vZX?rLHE7p=)HOJ{F~tRAe;9t42R|H8@2_i
zWxB>XC<XqGwC#=fwg2eXT?XGy&koJG-e}z*Ym)ydEn$21%z&j!=Ffk@QZ1l#$ba|B
z>;JYNlm1~H{`}aAWup8nzni~ZJ}P&Z$uvYbN^GLhx6;q+v=gsuz5k@dEIIe02jg)j
zQHJRW0sW%N+-EjT+S#<|bqn{02$`=Sr+t68p!M2p+k2<?td23;5x%o>%KF{EtX?(!
z4EN!-Wp7Fkj12GFbtTgOSs}YXW5X6tu|nk+J{n@e+s|_v^_*Dt&_=APJEW#p<H6!}
za@w1hl}^lCT+jVW(KPAf@1!b573(ugKJHr)IH7Yz^ZkcWPv^5u>Q0Mms18+4Vf3;7
zcivNrxv`Z2<c>QBLQe^))|<|EXZYQy|NBDEv$Kz-*D(nGSLBF3Ro8cX`CNa8IZfZz
z&)NCDE<(ois`9VXhia`}Sw?(b%5=rcH!0z)&1sLX+l!89|5>y7&{gr0Z#<8d`{l^w
HCtd*nO+4Dv

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test3/labs2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test3/labs2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..2b4387d6c6cb84cf7b2c0c294ec77d7bc666a19d
GIT binary patch
literal 669
zcmXqLVp?m^#FV{&nTe5!iP6n~n~hzo&EuQ}3o|Q&frTNr0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$%^taSJnNr4}3V0(AoAn1xx=i&E1K<ivRmObtv7Ee(y03=Peq#CZ)tTyrSb
zz#5;)P_wv&S#lDSiVgV<cp*l!RVEe}XBHVWF>VK99hgfQfgE|J#zuy}^}&s@r9zrP
z_r2!my?OHdo8a~!oA)jZhvn=WwgswXy2d&v1^$k-?Tz@g|LE6U2H#H44$ZmVXx$)d
zlK&|!VSDz>fTc_3&ws&EEueJBfA`Ak|F$2K{$U;d{Md?RqWmnso4;K?DtDO4G(<Q`
zY@*S(($DL(6R&H%|D?n$IrpLm<8dZYhUp0b{i4d;XEsgR*|g|&3-^ZznXe$HeSf&1
z_1bLPd#CrTjxpO2zO!=5`rW^*UN!v;_u;l>Z%Pl04DZ`@CDQ*{A-h0h!xm4mLgg1e
z8e+oR&vP2}oLKhIMy#qkq^4Kn!Qypt+MAb^PRv_e&;3i$H0k5-q$)-g>oZF}?pqN!
zp>sv^{fALc=d(@fPK#@(4pmKI^s)YT-cyUYv4w%Dv4M9|aMS)hpTFm7@A>l0?qGiy
z*VIQbzWk4m1l@C(c3Zm0!0_-T)845C239S)<uN{IOt|g$uhzIR>4If=LFkO$s6E!J
z3rh=5vwZgpzj3ifYr%{qt27=r-dQz!)w;ZfJ7Ra$KYxEVtu(hpzlFESuxW~5>Xf?N
zvy<5~Cm*mqZX2^^_hKdk29zYmtj}Pe!z99e>)>kR=gK0|k!9ft+qmW4zu+ok5&-~^
C<^CrC

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test3/nelson2yassir.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test3/nelson2yassir.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f5fe261157c1d97f2dc22152fb4f01be6288de45
GIT binary patch
literal 676
zcmXqLVp?F(#1y-LnTe5!iP6n~n~hzo&EuQ}3o|Q&ftDe+0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb$cghBm>3uv7#f<In3xzwp>U0&46KPa%aGrI7i2WE
zFk59}adBpmK@;P4Al8AojS<L^XKHL@_*);`C|fF|8Fb%kj^3Lm&%X(753+gh!f;s5
zzF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT(h|03&kR_)Wd8gYEY$)^
zhx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}eJlOEPCN0s*85LN%#w32
zdN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$uw!L?H&*~Vn9pO7Gr>x)o
z%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlYy!||<QO}8G4{gM%x<hJu
zH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7cG~a(1^>jYlr0%r1hU!q&
z6h<HGf9E~5m>XLdm>L^+Cj~d{-}Cu<uJ)cU-|P<dhjC4P6ywYP_(;$_hiSK^iwq18
zUo!2TT3}$+qFWy0bH;?*e*bEX8<Q?rh8Kj+=#AQAy}Gcp;55s3zwjFuYqS>3Sh7mv
zapRp;vsbOlYq%qJSN-$%XVXe^OY~cKn+%(#2&PV{%RM`pJ#+E_+vBz|Yj!VYGGIVS
zRLnrWE->6W7jdQJFn!9;;MgEhtX5jv%dWSWNkr%EPls1*NxW0nD4lzFxmTKZ!M_{;
DJ7xtt

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/build_data/test3/yassir2hanfei.crt b/nss/tests/libpkix/pkix_tests/top/build_data/test3/yassir2hanfei.crt
new file mode 100755
index 0000000000000000000000000000000000000000..460d19307358eea2f00b46541620e67281530ff5
GIT binary patch
literal 692
zcmXqLV%lKP#FV#ynTe5!iP6P?n~hzo&EuQ}3o|Q&fwdvG0Vf-CC<~h~Q)#gwj{z5m
z!zIjIT$*Rd3sei_aSOBLBqkLb@*D7ixXi+Am5Ig0nMDS2;=Bf?2F8ZwMh2#q21Zfh
zyoMmIDU?g5;Tef}X{nh8O^n-tSO?}<Mj%I?sj-paZ+&p1Y^jiD(0#8tdT*XQ|0cLS
z$mYEZ!(lo5hHZgrnXa)8N`b#4ZF?hr?LYc;m%+EwvqN*PH(EEyn&f{<OW2-0GhpeG
z`SV|}R0}8_^54Dk`oHbRq<>h4KR>o&nJ7QY@8)lpkIEfpG7S-q5}RoBt@QIc?ZoR^
z?>{LqOU}LM!FZfWlwo>8K)<Lm_nA$Tb~Y_~-NOALLgp*TY2P0%XuUSu_TK3|t7FV|
zgzv1JvVQk3t5;1w!+p4I*_+Y>Bg6Z4U5WI6R>&^U*s#S@tWf!dkA|4=_Vb)ZJtvku
zv=OW74yozYc(8b#oc88rr4#cO*K_|;G)?;WJE@9M#rn*WkNZ{xPUu|GeE(t8)A?+Z
zy3^tsszX&%7=5h&o%hsYZfs#-YHYC0zL~(Km>S3Yczt@8&;@bTj7%n$UGuazTx;K#
zde{4Ea{0f%T(|CvIIg<ACiwY;;2Sg47wov+v3JE@brFr~hlMBJ&U8rnm%RAL@A$*o
zH*4q4vtQoKV}9nhMTTt3;g%U*4U?m;o33ttSJAQNm9lK~1glwno^lT!{=2j8@Y9NI
zNlA;D3>Z*S8M8ivfew=h=LE@;TshUJ(q|rAdU;{vbq1#O)0jjmJ!hX4&(4_Nell%q
M+Lp<g@qB(^0Iul_!vFvP

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/cert8.db b/nss/tests/libpkix/pkix_tests/top/cert8.db
new file mode 100644
index 0000000000000000000000000000000000000000..a2bb46756a2f765e2ef6792c9b64e0f5705a99a9
GIT binary patch
literal 65536
zcmeI*c~}!?9tZH5$pPUC7(lBcHv%HO0YwtEiqS3AmK!XfR)mNV43SG+TQ#WhSWm2v
zh!;gss#aROg{}wddg3nL;)Mr_)YVq-SQYIIm*7hK?9)DZw%u>?<e8bwJk0xk=A9q&
z&-V=_w2GxDilHd;8x%E=U8T$@ie?wwhcawhVfQzD!E0DH?Bb52=;i9qZ?Q}6#T~<a
z^!_qzY>(d0ixWZs0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa
z0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00e$B0h0kw2h<H%
z*gvx0!+ueHYx}169VdS-Um~}V)ygei;{^c-KmY;|fB*y_009U<00Izz00bZa0SG_<
z0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX?}A4-7z
zRbIn}H*YH?B$>Pd_7j@RV`zq<eTk`1<gN?QJvF6izJMY_q{c)f<VEm>5+)){+KE_m
z8%7dwiZb3)rAdlaE7LsVk|#*JlFr;7o<yQhrlhIHs^VhPly)D-s$&zBDWqFRQ{qd!
zz5953d;1YtG`A`BCQ{-@*jF@3Y<n6LV$^sVURb(XYEI0!En|s+D!Ac<Qfp$_crw$W
z=}9W3+Adh7Oi58norptA^F_3^)%b?Jo|=Ze15?x0TvN%2)}5pU6mJ+s0vLblyZpN=
z#b4bhJlF5jp;NBqIAyL|K4%nTxv$p`Rf@Y$_Iz=vX6uPpg7l0_J{||oM=Ev;%uD!p
z_LXj3v8Tqb+&FYN!=ovBeI_FynGD^~W*ae0zvlCKjG&TO2t}iH0krPfAXc{VD_gb`
zHjaE2b%teD#rspT=S~f*K3ToSAnxn^-3q20A(`|i+#$C7OghMr{fTFqGNGsxWkzzM
zGCq!Frl_$LWlG}O>a~B7#B9$SB!y|p)HH>^)Qxm+gtQ9|{c!LQyU^rh_G`O$TtXg6
zXnU5n*QjaBSi)nKf8F&lWPht#rMI&&tvMTwjVUTt9XBpHrG=Q*6R|!nWMdyi6qS&i
z{ALh|_0mIj09(KFo}_przU}bpNUVfLqAZtr%N}{e)3n53yhi3r{CfY&vBmx(c_;48
z*iy#qZQ6ys#b!0tKBje9;A)>fu0~U3^l2%D9ZlH+`DT-JZmzjJi8x3R7Hr22%AT4O
zRlJgD*R^gkSIM*sDWaXnXth-7ndlT}`-J)C1}4WlI&~?TU32=e-Rqo11(x4jS@!T@
zh3x3jZ6VzbbSbI0_Tzoe{E+K0E^-qRH1|@dtgQ0JTJzXFs_&oV(YyWE&NaOnZ=mac
zb$!;@^1?u&Srsim@t~%7by#G<<2aX`y*Z0LehBpNFZJ1buS0nL$PTIHpXJ>NX)K1W
z#Dz$>66Vb3DuiJVAuSLX@I*u`6g93BTEJ&m?6&`Rcx(?6gI<XbZZ!Su=CTCI)<8wc
z_+;5b^SFVdc`qt!t{rrnv2$W=PQ<N=!@rT8?ib8sX4e&2*H#`2d-8dxuY)FT8Gnhj
z&ca;eT6Ky}ta|b6PUVILfvc>XsyD0~-znW@@BZh3^$Tpn-3NK!`TJwHPNQrtM)9wY
znWZ&a`_GE~wuzco6O!XnHDRg*wK9dG8NCb!Lw53jNM%Z@Dp^fY=4|@^%z#}3{N68@
z?~ren50Jac_R7ANDg3VZn)Ti!oh2P5o%Nf|Hh@0_0SG_<0uX=z1Rwwb2tWV=5P$##
zAOHafKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##ewP9*NlCsD
zWkNFfTv{@@DJ^9BR$@gj0g>jkkhB-^?k)B4<8qXJh)>I=-cobzW+=D1#45@Hr;4tA
zHFC|~P5)4jH9arbd*SJv;elha18j6XjKZ^fhPd=Odu(y%`l%Ly0YgpesttqlZ<SU$
zPRq=*J=mO~G-ShB{9n#c=91PK$}2PfqDd&slYMaAetM7MvTK#$?$e1K7eBJ#zehT1
z+sT7w(lOjIT*@+(&4UFJ?athxxdFOACB?^T<X&D4VJpwK0<ZF3eloA1i2jX<Ne^}{
zSedLzQhE$l^l!?=a;t3KG%sO;Qa__ZyDZl=*G1<vE-g)y+FrxG5|n9*(2w-js{YNf
zFE;loC0?Xw^ERP%_FPljZ7G+)dh0ghf?=-q18)}1RA|dR&HNoAZK%pYmJhz{av=A>
zt5nUl@Gej3*HuZo-M=`P6mfEL>4f>#*?j^dd#!&cj){(0f9(9N1&iG8W=55a813L|
zxO|%U%g4{+E6UDAJXpKJd~vqhqE98&H$tcP9yRi_$>XTOJIYiN<q?0YM0HkxKz(t)
zqprB7bz+p(Px_XvMATd^w9V{l$SoFe*~O+xM7Jgq{IBE|^%9=^xd3G4<fzy8^J=Ph
zMqZsWqC@)gnc0(GT*!E789Q~I8~x{Po_Few$ls$KMB@&nXPo`W`zW((PPXg0Em@+o
z!_2GlXWQNGE3l-aHbxZ*S8esHcTiW@AIKZMSk$vPSFqGzT3*!U00Zaim4}BhibA)+
zMhhnuIg1}yXwN(%m)vL6*1I}4R<aC|_8-Y_%7BeOvIR%Ng~J7e$1aEs_k|hXns52e
zBKC__j!Ve5q|IsFTSJ1oYa9=U1#fxzuLp)346f(z_+Zrn@$7CZ%CnAF8^u&S{+nCr
zBfEPcqT6MkY+1edvgU4duY$8S)0SoyS+2B}<YXTl^6jDN0cLBjZMk~X(K5HdU;O>@
zD?2`n%HQzg#)bZyj!ik_@$XY6+P_AfJ}Ila_&T_M*re}VdbnA8Z!x_!xu=)K?#Vq`
zMXG82<f*wJxqd1y)2efZ!iH2nMd>HeEPQvKn(O;m{j`8-36j5gUNWFW?DG<jeO^jx
zs#4t418ruO&`W`6oOi-U+M7sy*iZBGQuC&MfZBan+7~Oj=NmC>;QcaNQrhoK_j{2#
zznIF^6UlLJ#p!7!kr(P~i%P?JXE&}PGd{KoFO;iNv{%;j@j4k<G)-JQdHa9)uvCeM
zrB+jt{GU85r9E<Zd3O5t?MwK|C02|$%DMA=vjls$$E(Zz4!n|TG=f}Z;Y-KE_iK;W
z+ZSJ+x%*((McOmgJ2PT#bS)cW(W5SETS(`iZ^_bCy-T9~jwe_Snbh}i=&6ep+cqES
zcK<}@m8y!(PB(`SUb|&wXjJ!;wZ`>pP6ZB?E-GFfdwX8=E88(G#evq(6ca5|c(jV|
zbF-xAC&ADAx%nEnn#@j<)Bc1GOsh7tQx4Vtp{5-|XCMFp2tWV=5P$##AOHafKmY;|
zfB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<
V00Izz00bZa0SG_<0>49np8%n?K@k7|

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/goodcert.crt b/nss/tests/libpkix/pkix_tests/top/goodcert.crt
new file mode 100644
index 0000000000000000000000000000000000000000..c9904f4e021b223b6776269f220908cfbcbf5f04
GIT binary patch
literal 1031
zcmXqLVqrFDV$NB>%*4pV#K>>J%f_kI=F#?@mywZ$mBAp{klTQhjX9KsO_(V(*igbi
z48-9Q<}XT3(aS8zNz6+v(M!(HH3aDd%5V#_m82GzI6E3@8mNN=n1vMrf;?SZ6@v2f
zfx-&TsYNB3X_?81C8-L&iFt|XsYM2I;=BfC2F8Y_28PB!90lZ>BXJE<P#qy|Aj-zY
zIZ3T^@+X}XMn+-wtO83j0}E3_F#{2ZmAqc1Ihm<>3IUm^MMbHGDh5h$UvV;uiDrRi
z^$NhU4#lN;ARidSAp4z>m4Vrt!N7ybkzrRN=S#CtZ-+N$<qZzoTvmS>)@Bj?U{0aI
zDI@1gb$i0D|NXq_a0v62WpfQ0d__anTV)nC-kEEze<o~G9sll%%}mUU42+ALm^ciY
zm{<(>fG(8fXJq`(!otkN`oKVtjWeOmgR$+06EMIbLh>Lb$}GUJZV<WC++C2qevzg7
zeZ_k1-DmGT2+^uHPyi_qWRWxwZ^Yr3CdO!x8hMr`#vp?xMn8kbtqZ&sc(l3Yq$Czt
z>FXC1Wu~O+p~az<iG`)Uf2b`argVU;fYkhgoKzhbXIp4ggP6duT9m#dl|D(Maq<F<
z1!`?786_nJ#kd@<pPpLc9OOekSJ|?0XtOc0va$o?%+NsJKo`b0U~E$aITfc%^OK7U
zkkc73k1;nkGL(E$`g5gz^X3UGsS`w*_#;)Ny7<x+HNVceXmQ}5VL<`wg4FeYl#jmo
zeCn^_?%U1V56bj4UKZP07X47>Y?7e%m&kR2QvMqaCeAk96J>EKUBtEA`e@L(8@JZ2
tIwbezwA9SZTdPzag}cmKJu@g${mf_XzjM#|c^UTYo|E{bGwPpw5&)S7I;#Kx

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/key3.db b/nss/tests/libpkix/pkix_tests/top/key3.db
new file mode 100644
index 0000000000000000000000000000000000000000..fd1bee8268181f7ee00ef70dead8535e7b05067c
GIT binary patch
literal 32768
zcmeI&O)G>^6ae5mCSwXU8`-E=$wsCW`2~uyW?`e(N62Jkl+|o3CWWOfzrt2FR*JHk
z%_v!7r?Bwx&hQH~O|y7T-OlNr+r77EeL|)$4k2`ekb4MWFeyWC2&p91SIGVqNx!j?
zZsbNQH0qPB@?)}BkNTPVYI$UT|I_k!JxG860RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0tDJdAQOE=@6k(Ci*BQ{=r}t276b?oAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!8AV1=6`xSDd-1ER=`tYnjoh{@g_99;wV!-g;9#ovHNj_0{;?z-fN+t9tW1
z9m?BrskB$zS;;T2uP$#MK8@W~4yxyuuPev1`$vmwh2m0N$d}^6ZhC%or?gSrYMVI(
zA0a@1009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0Rja6Es%^Wd^UGv!EFQx5FkK+
j009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7dXs|9`lMeKrq

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/chem.crl b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/chem.crl
new file mode 100755
index 0000000000000000000000000000000000000000..9619c22cf5aa47ef188700cfe9ddd04cf85980a5
GIT binary patch
literal 239
zcmXqLd}GkKiiwfYfSZk7tIgw_1q(APgMq#ww*e;`b0`a&FjHx<A&&tUh{Gk!oSRu<
zC}bc2;xP+zCTFDPW)_zeRf_W(m>L)v8X8&}ni*L}N$?vP0tE~WEey>}jE#(<4BQQr
zn3xz&p{X<A1zO7-Dl5vu!o|eMWT42zn2uKosxz4l7z}ioL>Z>*&il!g;(6-Qp6w+!
jvk!Pr-cvh+NyN)0YoX**=A)alHZ#bYglyj-EbtZp;o3FE

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/chem2prof.crt b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/chem2prof.crt
new file mode 100755
index 0000000000000000000000000000000000000000..0022f3cbf12f6ce7f95063b4b0b68df9feeba50e
GIT binary patch
literal 709
zcmXqLVmfHh#8kh4nTe5!iHYHq0XG}FR-4B;3l?Tp1_OOVZUas>=1>+kVW!ezLmmSz
z5Qj^cIXAP!P{=?4#A6obOwLHn%`7e{sx(j#=QS`jFfueWv@|p^FpHAlH!=hY7#dm_
zni(4!nnoEI;4@O#KoDXiS3yyJnnGTFVor`h6XSLu)`7W;5y+8eYHVcqTOZsgTPma(
zbl+=^-kT@SzX@&+vU%^qa9Ga1VOyYDrfaN&QsD1M+un#@`;UIzW$^9v?9iO+jn)ma
zCi$Pz61Hd03|P8k{`?m#)dEU~{CBUs{%`v+=^xhN&yTHGCd$w9yZPJYqjHCtOhbgD
z#3mYjEB(AqJMp^K`%g;Dl5;P5Fdk<TWtg52&@ZaYeP+|7olT2gw{U-mkogL7+V_VG
zTCdHvy?1)g>KL;f;X5m*tl$01>Q&Rva35}4_NMf}$nd^hS0eqN6|xI7Hf-?}D^z~r
zqah}|{XC~p&xvIZZN#d&Luz_89xPrbr@eVu>BPLn_1wP{O_M(UPO4&5u|Bip<GvMv
z6FOHk-+vhObUxdp?zFgu>QL1bMjz{c=RLKU8(SEd8XFRB+`abQ^KIE4)z>=?zSLEg
zjeHlAsdwp_*_uxMSC4Pod##ZAxy;FQ-5=*qh3YZwjc#en1p3!h*gSQf@Sinx;(<(!
z&982)w<;}r>wV0&@=|hdknYoD(Ws{f*I7LN{r|@Hi{G7pJ-dDGNkm^;Zu+^UdxV3h
z%si|fX|1gPsYcbTY4&1u162clV2sN0Gcx{XVP$4!XJarB0tpC%1UL-XfD{uW8%nBU
z)@Lx#VG>FF;?=xy$Ah(N{5Uzq<gO{c{#uvGBofyeeJ*~D(SP|9ZL950zRo$lZ$l{n
Dt<M#g

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/phy2prof.crt b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/phy2prof.crt
new file mode 100755
index 0000000000000000000000000000000000000000..50be7df1f12a8758640c1155fd161d0e1e64a83f
GIT binary patch
literal 707
zcmXqLV%l%e#8k6@nTe5!iILfWn~hzo&EuQ}3o|Q&fvzF90Vf-CC<~h~Q)#gwj{z5m
z!zIj|n^|HgV893BF$=R7WK<SsCKnqhi1Qkl8W<TG8k(CL8JR^%@EaKd1q=->49yIT
zO)R4f4DcB!Y#<0RkgK35KTRPoKQSlApowui5bMBP#R%lcGc`6c{H+gelr0s~47%?%
zNAJy(=idak2id%LVK^*j->@xEEz>pDK`HQeq-}4+ul+~A?lSmxdUj~e^+xLkS(E%v
zX$jl2X9g@?GJpOHmTCc|L;ky0UjMiKnDh_p@aM-?EEDBt`Q7~O@=>|NOr{~iQDPH~
zzLkDnr=56R>-{GsX34o1Js6KOi84%22<R78=03A&($1zuuUoi3M96#vIqmzy1+CX+
z+ul39XLXF(j_{q8Q`YbPW%a7*XSffyEqhaXU}SjTt}BuL&kETE8XLBFiWMrq@X-(x
z-hQ6bsOQA8hc;qW-61u-8V?q)lhfY3taM`D;(G31il#{)e<xKjs#u>{@^RmazzLlz
zn(sf1dODwNQg>QhLv^TX3Zswpzw@42%#AG!OpOf*H|}2h?)kQCkLv3k2Vd$c%SOJ7
z$<({_%xq1k{;S8g?Y&k={aof`y6%tjr$Y6Z_C~j~Wdi+cDr}xQPx#N8I`KfJ#^zVI
z)?1a9z4bn3TX`wDH%RwsvS`%PgX=6F|Neht`^E3hzn<Mb_avgPEjRt#(mle#Q)V7k
zkF-|S|5T%D)--#ux`C<zKQKmR`577iv#>HVv$HW62!RBIK>{2GY(R>MkpU&mF&hAr
z9g|3^vh2kdcVj~*9{#Z<AbyS3!da=?fI;4MC_3xqwG+RL_I|$*EphVxEYqoJ0D=V-
AWdHyG

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/phys.crl b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/phys.crl
new file mode 100755
index 0000000000000000000000000000000000000000..2deed93ed8de068c2d4a78bd1b9cb6f9d9073951
GIT binary patch
literal 201
zcmXqLJZ8|?!o<jEz|F?4)#h=|f`yrt!9drL+klgeIh2J>n5nebkjH=v#NiTV&dn?_
z6foce@tB3#3o<H;Gn0$Oc@0brj0_D8EldrKEutj&jSPVTK(3*wsimoTl!3B=A`@de
znlb}kpq<R2vZ5?3T<8v9HUPSTNklL*;!4^K!3GZDBmL`{ew;E)4|QY`WtirCq<3?x
S^_Oh6aygIKjb^N6yZr%N9xSQ=

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/prof.crl b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/prof.crl
new file mode 100755
index 0000000000000000000000000000000000000000..fa9b2dc692a336bc5d49c845ee3e8f741d2c04ad
GIT binary patch
literal 203
zcmXqLJYmq-&cw)Qz|F?4)#h=|f`yrt!N9<f+klgeIh2J>n5nebkjH=v#NiTV&dn?_
z6gCh9@tB3V3X1a66!P*Db8^Ia4NMJ;3=It}4U7$pqa^r^41ofMh8Biq2F4}^Q3lEe
zicE~@Xvz$Dfz~pI%8IhEaG|?_S)ai`he?FfzFg^_N&Kv5eqWed^Ov#A+tjv{NkrsP
XSh@TTfrbg5wME~oudfN>&5Qy7>;o>i

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/prof2test.crt b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/prof2test.crt
new file mode 100755
index 0000000000000000000000000000000000000000..04bc5f16a818a8713bb8e4fb6ba2b511d3a8c1ea
GIT binary patch
literal 691
zcmXqLVp?y|#FV>$nTe5!iIK&Cn~hzo&EuQ}3o|Q&fq@~n0Vf-CC<~h~Q)#gwj{z5m
z!zIj|n^|HgY#<2YF$;4Q6y>KW<mD&k<QOQ3^BR~M7#SKGS{N9b8bnF(8yNxxfLuc}
zLkm-jD4-mQnY=(7!Dh0Qq!yPLiWmq%4CMxKGxO3FoP&G}ni#hOu@1~>j6jY&Q)45;
z-}>N2*-|0Rp!;5P^xiyq{!MUukj;A+hQo694ch|MGF@XGlmdT8+V)2L+JE%xE`x8U
zXNTroZ?tZZHOc>!masj0X28-V^XI={sTNQ=<iC66^?%!sN&m18e|~JmGEsh(-_74H
zAC)`IWEvtIB{tFMTj}R@+KJb--hWbJmYjRhgYh_%D8uxGfPPVB?lYSv?QB}~x`q2g
zgv?iv)4o4k(0XmQ?Y+}`R>zp_2;W&bW&Q47R<D|VhWl{avNxp%Muzw8x)SOCtdL!x
zv0;m+SfTO@9}O|#?dLg-dQL2RXd_nD9a7V)@nG>fIql8MN+;$muIK)xXqxo#cTyFj
ziuIW#ANQ>YoY1+V`ToPGr}Nn+b*IHOREMgjF#1^kJMXE*+}Ogv)Yy=4<L<TZo^Q+c
zsJ`BD@TIP@Y~;I`Oub9b%+_@3zj}Pz-fM-_&t*=g>;5=@DpZeYZ*)srCeXj8!se;-
zg#WCm6Axr+Y<_iXy;W)1Tkm7Gm6wuxgLI!Ji$*;?xX$A7@BcTpU;OU;>)GvdPa^u-
za?{T(-6I@4W#(b^NNZ*NPc^D$O|usRQ;7jTFiK_l85#exurf2VGclkfGG=`S105!j
xK<*1`UX{x;pFXTNN#%Z1>h$khH!z7P76scoxzAg*@lmyt(S{jT3Q9}n0|0ed50wA_

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci.crl b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci.crl
new file mode 100755
index 0000000000000000000000000000000000000000..675e9a53fd43ba51818900e0d37fbce1f99e8cf8
GIT binary patch
literal 200
zcmXqLJZjL`!o<jEz|F?4)#h=|f`yrt!9drL+klgeIh2J>n5nebkjH=v#NiTV&dn?_
z6foce@tB3#i<2``^O94=c@0brj0_D8EsRY}45B3XjSPVTK(3*wv8AbDl!3B=A`>IJ
zG6P<qoy?)KqAV<2OpGij4q(=2FwkKVVfq>{VS4n0v;SK>C&?z53;#Z~<TR5=s^1h7
V{#tq6<xkA{4+u8Dxu<G2830d9E<FGM

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2chem.crt b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2chem.crt
new file mode 100755
index 0000000000000000000000000000000000000000..e12232b8a4549c7c3a2d0a26c82028bad69e96f1
GIT binary patch
literal 707
zcmXqLV%l%e#8k6@nTe5!iHYH)0XG}FR-4B;3l?Tp1_NC~ZUas>=1>+kVW!ezLmmSz
z5Qj^cIXAP!P{4o>#A6m_FHX)(%}Y)-P!Q)eFf}kTG&Hm{G&V4flHfNo1PT}$S{Rxc
z8ycEM8R+9PP{=?4VjyR7Mrv+maY<37K@;P4Al897iV?_>XKHL@_*);`C|fF|8Fb%k
zj^3Lm&%X(753+gh!f;s5zF}LSTBd8PgHqt{NZa0sU;B@K-DU9Y^z6`_>y6e8vL^YT
z(h|03&kR_)Wd8gYEY$)^hx~W1y#8<dG3g)H;m?n)SSHHP^1J!l<)d<knM^~3qr@f}
zeJlOEPCN0s*85LN%#w32dN3Ym5@nd45YR8G%zb9lq@7KRUbk?6h>-aTa@zNY3tF$u
zw!L?H&*~Vn9pO7Gr>x)o%j#9r&u|}ZTlS{(z{v2vT~{LgpB1tTG&XGU6f0DI;iDlY
zy!||<QO}8G4{gM%x<hJuH6AQpC#Su6S?R>Q#r5336it&p{!Xf5RIxs@<m0{-ffG7c
zG~a(1^>jYlr0%r1hU!q&6h<HGf9E~5m>XLdm>L@rZrr{0-SchP9@W=74!+b?mW_ND
zlc{&<nc137{a24~+k35$`nk->blo54Plf6+?Tv0}%LMw@RM<Rqp75VFb>e|cjm@ua
zt+y&Id+UA7w(?SPZ;<ZOWYMUn2iI9V{{8>P_KV-0e?7Z>?ny*nTW<QfrF(>fr_4O8
z9%-$t|EWgRtZDXQbpurceqe;k@-s62XJKV#W@lqC5CRDZg9JDX*nkuhBL_;7V>SS$
zIwle3$Gs7UxK~T{vP_KLk#pl>wCyhrV32ppD?WSvu*@L-tE21kw;}s2+~e~AeWMZ_

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2phy.crt b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2phy.crt
new file mode 100755
index 0000000000000000000000000000000000000000..f5a165baa7826d6ad635e7813fc90316aaec8c8f
GIT binary patch
literal 703
zcmXqLV%lxc#8kO}nTe4Jhzz*d*tOa`&RMW9voaXy8gd(OvN4CUun9Aj78~*yaDg~n
z!pymuC58e9d>|gPFne)wW@=t?s)2$yuYsw7k)ffXxrwEzWt0TJks(mP(9pur)WqD#
zAc|N63o<H;Gn0!Ani#hOu@1~hj6jY&Q)45;-}>N2*-|0Rp!;5P^xiyq{!MUukj;A+
zhQo694ch|MGF@XGlmdT8+V)2L+JE%xE`x8UXNTroZ?tZZHOc>!masj0X28-V^XI={
zsTNQ=<iC66^?%!sN&m18e|~JmGEsh(-_74HAC)`IWEvtIB{tFMTj}R@+KJb--hWbJ
zmYjRhgYh_%D8uxGfPPVB?lYSv?QB}~x`q2ggv?iv)4o4k(0XmQ?Y+}`R>zp_2;W&b
zW&Q47R<D|VhWl{avNxp%Muzw8x)SOCtdL!xv0;m+SfTO@9}O|#?dLg-dQL2RXd_nD
z9a7V)@nG>fIql8MN+;$muIK)xXqxo#cTyFjiuIW#ANQ>YoY1+V`ToPGr}Nn+b*IHO
zREMgjF#1^kJMXE*+}Ogv)Yy=4<L<TZo^Q+csJ`BD@TIP@Y~;I`Oub9b%+_@3zj}Pz
z-fM-_&t*=g>;5=@DpZeYZ*)srCeXj8!se;-g#WCm6Axr+Y<_iXy;W)1Tkm7Gm6wux
zgLI!Ji$*;?xX$A7@BcTpU;OU;>)GvdPa^u-a?{T(-6I@4W#(b^NNZ*NPc^D$O|uuP
z8>kxa1Jj2rKO^IR7FK3vb~XkBA&`JDNPxqD4M;IDa-bwQW_<<&9VQWRyAD6mOeXu)
nwJ+?}tS~H}pe6H@NhD~V{IgR&`;~uYH|buN-7BXub;fo8F1Qac

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2sci.crt b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/sci2sci.crt
new file mode 100755
index 0000000000000000000000000000000000000000..ca09c166eb5387acc4e31af79315ec811e8a8424
GIT binary patch
literal 703
zcmXqLV%lxc#8kO}nTe5!iILHOn~hzo&EuQ}3o|Q&fvzF90Vf-CC<~h~Q)#gwj{z5m
z!zIj|n^|HgV893BF$=R7CugSSC8ruFi1Qkl8W<TG8k(D!n_5Ik@EaKd1q=->3{8!U
z3@oBZHL!_syFnA94$Mi6K#n|9V<W@g`rt;{QX$Qt`(AVO-aL8!O>ldV&3hMy!*ccw
z+XB@xU1J@T0)I!^_D1~LfAs4vgKwv2hvr;wv~G|!$^Vp=uswTbz|tl2=f7a77En6m
zzkB8Nf7_2q|F8~!er&}uQGS-+&EGB`l{?I28X_DeHqq!?>F0IYiPyE>e^O$WoO{uO
z@i>zx!}NrJeo<xaGn*#uY+CfXh5JK<%vX@pzCT>hdTqAtz0-SE$C&L1-&r|j{qA2@
zubO^_`*7Q`H>C$ghWG8d66yb}kX@j$VT-3&q4EnK4Kd;E=Q)jfPAq$9BUaTNQq!yP
zVDUOR?aj+dC+01#=l-Q=n)LB^QWc|$^_e9f_pJz=(7B@d{==xJ^VueKr^Pi?hpMJ9
z`dI%v@2SPy*uucn*pP7J?zQipZ_D<mzTR>0rLMAU<hz(my-Ux`)^zH>dVJg7YlYO$
zWlpB+{y2XsRF7$IbW2+%(7&d_=Be|9|E#GK4`ga=esycTRcYB<?_;)=my&yfbe|@R
zMm;^a&f@X!|2MW@{O<hg+3j;rBKq2L)6Xs4BOE+s=3(_nYi0dUHL7M!vlpuys2cDC
z(}yfSBjbM-R%T{)HU<MBkbp2qfWv?dNHH;Tp(HqFeFg&^CXo~llN0)Lp6^fcycvCZ
i$~Mk*vt!RQiD*T%78Gw^E#$#@h;@_B>*whUTpIueP!MMT

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/test.crl b/nss/tests/libpkix/pkix_tests/top/rev_data/crlchecker/test.crl
new file mode 100755
index 0000000000000000000000000000000000000000..e37aa9c2402cb7e99d8d25d2e79cd8c4160f6ae1
GIT binary patch
literal 205
zcmXqLJY~?>$;8NLz|F?4)#h=|f`yrt!NACn+klgeIh2J>n5nebkQXQm<ZubIl%y7y
z7>XDOfw;`V+#qgdUb=#FkdHX8fhka*p`nGLiLphL1iz6XPyoa=Gqf-@iZW0(P-J3E
zM^k11F<MrXg@ucWkqN~W%=!!lI!q!JuP^Pot~zNx-(6?h!-{(p9<JEu%_Jf?CB|gK
UR)q;MoEsm!Fl+Idq$|Y_0Hwz;KL7v#

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/revokedcert.crt b/nss/tests/libpkix/pkix_tests/top/revokedcert.crt
new file mode 100644
index 0000000000000000000000000000000000000000..0715ceb7b61d411104d0d3c2ceb1c81cc52f1713
GIT binary patch
literal 1034
zcmXqLVqr6AV$NT{%*4pV#K>#F%f_kI=F#?@mywZ$mBAp{klTQhjX9KsO_(V(*igbi
z48-9Q<}XT3(aS8zNz6+v(M!(HHRK2C1j=v=vz4S4mpD5bY8t461ek>t0)jkUTor=y
z^MS$&&Z$KunQ58Hi6yBDzKMB>>8V8qa^k!OW(LNFCI&{PhQ=0AK(09w*B~9$5j+N5
z5JxZvm*yEldECOx#Xz2zfe6G_Ua!)e%+x%EfXvjQqEtf_10}e}I2px6v%s=?1z=eR
zpiYn{3}TSI&&bNa?9E`{!Q{xWMlI3#tY0<f-IcL(cP>Alm&SXIb?5c(?csh&GdyJ5
zw7EiN=mx5pUpd(?^|xBk&%=xN%L|TxrH>CkP_AoQB!7^JnUR5UaT61VK@$^;0UywX
zviyvU|5;d=nOGkf2(ob|w0SVL{cr+?IY?-MfjmfwG7B)c8$|9jcNe6uUu5ZiU$I_$
z_t|?7LbU1)6hI0DStJd_8*%uhi7^_aMxLdKG032a(a)f9>jJL@9&K(pDTxJE`uYV$
znJKAyXwhh8VqvN8A8HGUEFB;#AT_@rCsoJA*%lhxASN)Z7NsvqrBCW;oV-9|fm)kN
zMoCFQF)oMer>B-U2l>#?Rkmy#+H8!htn9!zGc?dQ(1r007~2#<PQ~fc{N&;S<a7qi
zX3UL^3>u0Kk2W<sH(u1^b5shGWq9Bu@@}E@fdvQt6&I`vk^av3|7p&4ttkg{LeEqj
z&g~MLVeS`ZviLoJbX4@>lh+>i^l3eBirf>Epk&4|wT^$`*B>dj&Rz|DH*dN?{|wE(
nc;OchgX&G=Vrwcg7+kiT%@j^O?kJj_H_3xF@5X-Rw%xA)>^d`n

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/top/runTests.sh b/nss/tests/libpkix/pkix_tests/top/runTests.sh
new file mode 100755
index 0000000..1e20809
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/top/runTests.sh
@@ -0,0 +1,517 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+
+LDAP='nss.red.iplanet.com:1389'
+export LDAP
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+doPD=1
+doOCSP=1
+. ./libpkix_init_nist.sh
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=TOP
+doTop=1
+linkMStoreNistFiles="store1/TrustAnchorRootCRL.crl
+    store1/TwoCRLsCABadCRL.crl
+    store2/TwoCRLsCAGoodCRL.crl"
+
+if [ ! -z "${NIST_FILES_DIR}" ] ; then
+    if [ -d ${HOSTDIR}/rev_data/multiple_certstores ]; then
+        rm -fr ${HOSTDIR}/rev_data/multiple_certstores
+    fi
+    mkdir -p ${HOSTDIR}/rev_data/multiple_certstores
+    mkdir -p ${HOSTDIR}/rev_data/multiple_certstores/store1
+    mkdir -p ${HOSTDIR}/rev_data/multiple_certstores/store2
+    for i in ${linkMStoreNistFiles}; do
+        if [ -f ${HOSTDIR}/rev_data/multiple_certstores/$i ]; then
+            rm ${HOSTDIR}/rev_data/multiple_certstores/$i
+        fi
+        fname=`basename $i`
+        cp ${NIST_FILES_DIR}/${fname} ${HOSTDIR}/rev_data/multiple_certstores/$i
+    done
+fi
+
+ocspFiles="goodcert.crt revokedcert.crt anchorcert.crt
+    secmod.db key3.db cert8.db"
+
+if [ ! -z ${doOCSPTest} ] ; then
+    if [ -d ${HOSTDIR}/ocsp ]; then
+        rm -fr ${HOSTDIR}/ocsp
+    fi
+    mkdir -p ${HOSTDIR}/ocsp
+    for i in ${ocspFiles}; do
+        cp $i ${HOSTDIR}/ocsp/$i
+
+    done
+fi
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+Display ""
+Display "#    ENE = expect no error (validation should succeed)"
+Display "#    EE = expect error (validation should fail)"
+Display ""
+
+LOGGING=1
+SOCKETTRACE=1
+export LOGGING SOCKETTRACE
+
+RunTests <<EOF
+pkixutil test_validatechain_NB NIST-Test.4.1.1 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil_or test_validatechain_NB NIST-Test.4.1.1 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.2 EE $NIST TrustAnchorRootCertificate.crt BadSignedCACert.crt InvalidCASignatureTest2EE.crt
+pkixutil_or test_validatechain_NB NIST-Test.4.1.2 EE $NIST TrustAnchorRootCertificate.crt BadSignedCACert.crt InvalidCASignatureTest2EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.3 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt  InvalidEESignatureTest3EE.crt
+pkixutil_or test_validatechain_NB NIST-Test.4.1.3 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt  InvalidEESignatureTest3EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.4 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt ValidDSASignaturesTest4EE.crt
+pkixutil_or test_validatechain_NB NIST-Test.4.1.4 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt ValidDSASignaturesTest4EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.5 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt DSAParametersInheritedCACert.crt ValidDSAParameterInheritanceTest5EE.crt
+pkixutil_or test_validatechain_NB NIST-Test.4.1.5 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt DSAParametersInheritedCACert.crt ValidDSAParameterInheritanceTest5EE.crt
+EOF
+
+tracedErrors=$?
+
+LOGGING=0
+SOCKETTRACE=0
+
+RunTests <<EOF
+pkixutil test_basicchecker ../../certs
+pkixutil test_basicconstraintschecker "Two-Certificates-Chain" ENE ../../certs hy2hy-bc0 hy2hc-bc
+pkixutil test_basicconstraintschecker "Three-Certificates-Chain" ENE ../../certs hy2hy-bc0 hy2hy-bc0 hy2hc-bc
+pkixutil test_basicconstraintschecker "Four-Certificates-Chain-with-error" EE ../../certs hy2hy-bc0 hy2hy-bc0 hy2hc-bc hy2hc-bc
+pkixutil test_validatechain_bc  ../../certs/hy2hy-bc0 ../../certs/hy2hc-bc
+pkixutil test_policychecker NIST-Test-Files-Used ENE $NIST ../../certs
+pkixutil test_defaultcrlchecker2stores NIST-Test.4.4.7-with-multiple-CRL-stores ENE $NIST ${HOSTDIR}/rev_data/multiple_certstores/store1 ${HOSTDIR}/rev_data/multiple_certstores/store2 TrustAnchorRootCertificate.crt TwoCRLsCACert.crt ValidTwoCRLsTest7EE.crt
+pkixutil test_buildchain_resourcelimits ${LDAP} NIST-Test.4.5.1 ENE $NIST ValidBasicSelfIssuedOldWithNewTest1EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_customcrlchecker "CRL-test-without-revocation" ENE rev_data/crlchecker sci2sci.crt sci2phy.crt phy2prof.crt prof2test.crt
+pkixutil test_customcrlchecker "CRL-test-with-revocation-reasoncode" EE rev_data/crlchecker sci2sci.crt sci2chem.crt chem2prof.crt prof2test.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "0R:testcertificates.gov+R:Test23EE@testcertificates.gov" ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA2Cert.crt ValidRFC822nameConstraintsTest23EE.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "0R:TEST.gov" EE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA2Cert.crt ValidRFC822nameConstraintsTest23EE.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "0N:testcertificates.gov+N:testserver.testcertificates.gov" ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDNS1CACert.crt ValidDNSnameConstraintsTest30EE.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "0N:notestcertificates.gov" EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDNS1CACert.crt ValidDNSnameConstraintsTest30EE.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "0U:.gov+U:http://testserver.testcertificates.gov/index.html" ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsURI1CACert.crt ValidURInameConstraintsTest34EE.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "0U:test.testcertificates.gov" EE $NIST TrustAnchorRootCertificate.crt nameConstraintsURI1CACert.crt ValidURInameConstraintsTest34EE.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "1D:C=US+D:CN=Certificates,C=US" EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN2CACert.crt ValidDNnameConstraintsTest5EE.crt
+pkixutil test_subjaltnamechecker "NIST-Test-Files-Used" "0D:O=TestCertificates,C=CN" EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN2CACert.crt ValidDNnameConstraintsTest5EE.crt
+pkixutil test_validatechain "CRL-test-without-key-usage-cRLsign-bit-NIST-Test-Files-Used" EE $NIST TrustAnchorRootCertificate.crt SeparateCertificateandCRLKeysCertificateSigningCACert.crt SeparateCertificateandCRLKeysCRLSigningCert.crt InvalidSeparateCertificateandCRLKeysTest20EE.crt
+pkixutil test_validatechain NIST-Test.4.1.1 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_validatechain NIST-Test.4.1.2 EE $NIST TrustAnchorRootCertificate.crt BadSignedCACert.crt InvalidCASignatureTest2EE.crt
+pkixutil test_validatechain NIST-Test.4.1.3 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt  InvalidEESignatureTest3EE.crt
+pkixutil test_validatechain NIST-Test.4.1.4 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt ValidDSASignaturesTest4EE.crt
+pkixutil test_validatechain NIST-Test.4.1.5 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt DSAParametersInheritedCACert.crt ValidDSAParameterInheritanceTest5EE.crt
+pkixutil test_validatechain NIST-Test.4.1.6 EE $NIST TrustAnchorRootCertificate.crt DSACACert.crt InvalidDSASignatureTest6EE.crt
+pkixutil test_validatechain NIST-Test.4.2.1 EE $NIST TrustAnchorRootCertificate.crt BadnotBeforeDateCACert.crt InvalidCAnotBeforeDateTest1EE.crt
+pkixutil test_validatechain NIST-Test.4.2.2 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidEEnotBeforeDateTest2EE.crt
+pkixutil test_validatechain NIST-Test.4.2.3 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt Validpre2000UTCnotBeforeDateTest3EE.crt
+pkixutil test_validatechain NIST-Test.4.2.4 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidGeneralizedTimenotBeforeDateTest4EE.crt
+pkixutil test_validatechain NIST-Test.4.2.5 EE $NIST TrustAnchorRootCertificate.crt BadnotAfterDateCACert.crt InvalidCAnotAfterDateTest5EE.crt
+pkixutil test_validatechain NIST-Test.4.2.6 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidEEnotAfterDateTest6EE.crt
+pkixutil test_validatechain NIST-Test.4.2.7 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt Invalidpre2000UTCEEnotAfterDateTest7EE.crt
+pkixutil test_validatechain NIST-Test.4.2.8 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidGeneralizedTimenotAfterDateTest8EE.crt
+pkixutil test_validatechain NIST-Test.4.3.1 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidNameChainingTest1EE.crt
+pkixutil test_validatechain NIST-Test.4.3.2 EE $NIST TrustAnchorRootCertificate.crt NameOrderingCACert.crt  InvalidNameChainingOrderTest2EE.crt
+pkixutil test_validatechain NIST-Test.4.3.3 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidNameChainingWhitespaceTest3EE.crt
+pkixutil test_validatechain NIST-Test.4.3.4 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidNameChainingWhitespaceTest4EE.crt
+pkixutil test_validatechain NIST-Test.4.3.5 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidNameChainingCapitalizationTest5EE.crt
+pkixutil test_validatechain NIST-Test.4.3.6 ENE $NIST TrustAnchorRootCertificate.crt UIDCACert.crt  ValidNameUIDsTest6EE.crt
+pkixutil test_validatechain NIST-Test.4.3.9 ENE $NIST TrustAnchorRootCertificate.crt UTF8StringEncodedNamesCACert.crt  ValidUTF8StringEncodedNamesTest9EE.crt
+pkixutil test_validatechain NIST-Test.4.3.10 ENE $NIST TrustAnchorRootCertificate.crt RolloverfromPrintableStringtoUTF8StringCACert.crt  ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
+pkixutil test_validatechain NIST-Test.4.3.11 ENE $NIST TrustAnchorRootCertificate.crt UTF8StringCaseInsensitiveMatchCACert.crt  ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
+pkixutil test_validatechain NIST-Test.4.4.1 EE $NIST TrustAnchorRootCertificate.crt NoCRLCACert.crt InvalidMissingCRLTest1EE.crt
+pkixutil test_validatechain NIST-Test.4.4.2 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt RevokedsubCACert.crt InvalidRevokedCATest2EE.crt
+pkixutil test_validatechain NIST-Test.4.4.3 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidRevokedEETest3EE.crt
+pkixutil test_validatechain NIST-Test.4.4.4 EE $NIST TrustAnchorRootCertificate.crt BadCRLSignatureCACert.crt InvalidBadCRLSignatureTest4EE.crt
+pkixutil test_validatechain NIST-Test.4.4.5 EE $NIST TrustAnchorRootCertificate.crt BadCRLIssuerNameCACert.crt InvalidBadCRLIssuerNameTest5EE.crt
+pkixutil test_validatechain NIST-Test.4.4.6 EE $NIST TrustAnchorRootCertificate.crt WrongCRLCACert.crt InvalidWrongCRLTest6EE.crt
+pkixutil test_validatechain NIST-Test.4.4.7 ENE $NIST TrustAnchorRootCertificate.crt TwoCRLsCACert.crt ValidTwoCRLsTest7EE.crt
+pkixutil test_validatechain NIST-Test.4.4.8 EE $NIST TrustAnchorRootCertificate.crt UnknownCRLEntryExtensionCACert.crt InvalidUnknownCRLEntryExtensionTest8EE.crt
+pkixutil test_validatechain NIST-Test.4.4.9 EE $NIST TrustAnchorRootCertificate.crt UnknownCRLExtensionCACert.crt InvalidUnknownCRLExtensionTest9EE.crt
+pkixutil test_validatechain NIST-Test.4.4.10 EE $NIST TrustAnchorRootCertificate.crt UnknownCRLExtensionCACert.crt InvalidUnknownCRLExtensionTest10EE.crt
+pkixutil test_validatechain NIST-Test.4.4.11 EE $NIST TrustAnchorRootCertificate.crt OldCRLnextUpdateCACert.crt InvalidOldCRLnextUpdateTest11EE.crt
+pkixutil test_validatechain NIST-Test.4.4.12 EE $NIST TrustAnchorRootCertificate.crt pre2000CRLnextUpdateCACert.crt Invalidpre2000CRLnextUpdateTest12EE.crt
+pkixutil test_validatechain NIST-Test.4.4.13 ENE $NIST TrustAnchorRootCertificate.crt GeneralizedTimeCRLnextUpdateCACert.crt ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
+pkixutil test_validatechain NIST-Test.4.4.14 ENE $NIST TrustAnchorRootCertificate.crt NegativeSerialNumberCACert.crt ValidNegativeSerialNumberTest14EE.crt
+pkixutil test_validatechain NIST-Test.4.4.15 EE $NIST TrustAnchorRootCertificate.crt NegativeSerialNumberCACert.crt InvalidNegativeSerialNumberTest15EE.crt
+pkixutil test_validatechain NIST-Test.4.4.16 ENE $NIST TrustAnchorRootCertificate.crt LongSerialNumberCACert.crt ValidLongSerialNumberTest16EE.crt
+pkixutil test_validatechain NIST-Test.4.4.17 ENE $NIST TrustAnchorRootCertificate.crt LongSerialNumberCACert.crt ValidLongSerialNumberTest17EE.crt
+pkixutil test_validatechain NIST-Test.4.4.18 EE $NIST TrustAnchorRootCertificate.crt LongSerialNumberCACert.crt InvalidLongSerialNumberTest18EE.crt
+pkixutil test_validatechain NIST-Test.4.4.20 EE $NIST TrustAnchorRootCertificate.crt SeparateCertificateandCRLKeysCertificateSigningCACert.crt SeparateCertificateandCRLKeysCRLSigningCert.crt InvalidSeparateCertificateandCRLKeysTest20EE.crt
+pkixutil test_validatechain NIST-Test.4.5.1 ENE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedNewKeyCACert.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt ValidBasicSelfIssuedOldWithNewTest1EE.crt
+pkixutil test_validatechain NIST-Test.4.5.2 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedNewKeyCACert.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt InvalidBasicSelfIssuedOldWithNewTest2EE.crt
+pkixutil test_validatechain NIST-Test.4.5.5 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedOldKeyCACert.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt InvalidBasicSelfIssuedNewWithOldTest5EE.crt
+pkixutil test_validatechain NIST-Test.4.5.7 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedCRLSigningKeyCACert.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
+pkixutil test_validatechain NIST-Test.4.5.8 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedCRLSigningKeyCACert.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
+pkixutil test_validatechain_NB "CRL-test-without-key-usage-cRLsign-bit-NIST-Test-Files-Used" EE $NIST TrustAnchorRootCertificate.crt SeparateCertificateandCRLKeysCertificateSigningCACert.crt SeparateCertificateandCRLKeysCRLSigningCert.crt InvalidSeparateCertificateandCRLKeysTest20EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.1 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.2 EE $NIST TrustAnchorRootCertificate.crt BadSignedCACert.crt InvalidCASignatureTest2EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.3 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt  InvalidEESignatureTest3EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.4 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt ValidDSASignaturesTest4EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.5 ENE $NIST TrustAnchorRootCertificate.crt DSACACert.crt DSAParametersInheritedCACert.crt ValidDSAParameterInheritanceTest5EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.1.6 EE $NIST TrustAnchorRootCertificate.crt DSACACert.crt InvalidDSASignatureTest6EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.1 EE $NIST TrustAnchorRootCertificate.crt BadnotBeforeDateCACert.crt InvalidCAnotBeforeDateTest1EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.2 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidEEnotBeforeDateTest2EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.3 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt Validpre2000UTCnotBeforeDateTest3EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.4 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidGeneralizedTimenotBeforeDateTest4EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.5 EE $NIST TrustAnchorRootCertificate.crt BadnotAfterDateCACert.crt InvalidCAnotAfterDateTest5EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.6 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidEEnotAfterDateTest6EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.7 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt Invalidpre2000UTCEEnotAfterDateTest7EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.2.8 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidGeneralizedTimenotAfterDateTest8EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.1 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidNameChainingTest1EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.2 EE $NIST TrustAnchorRootCertificate.crt NameOrderingCACert.crt  InvalidNameChainingOrderTest2EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.3 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidNameChainingWhitespaceTest3EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.4 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidNameChainingWhitespaceTest4EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.5 ENE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt ValidNameChainingCapitalizationTest5EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.6 ENE $NIST TrustAnchorRootCertificate.crt UIDCACert.crt  ValidNameUIDsTest6EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.9 ENE $NIST TrustAnchorRootCertificate.crt UTF8StringEncodedNamesCACert.crt  ValidUTF8StringEncodedNamesTest9EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.10 ENE $NIST TrustAnchorRootCertificate.crt RolloverfromPrintableStringtoUTF8StringCACert.crt  ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.3.11 ENE $NIST TrustAnchorRootCertificate.crt UTF8StringCaseInsensitiveMatchCACert.crt  ValidUTF8StringCaseInsensitiveMatchTest11EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.1 EE $NIST TrustAnchorRootCertificate.crt NoCRLCACert.crt InvalidMissingCRLTest1EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.2 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt RevokedsubCACert.crt InvalidRevokedCATest2EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.3 EE $NIST TrustAnchorRootCertificate.crt GoodCACert.crt InvalidRevokedEETest3EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.4 EE $NIST TrustAnchorRootCertificate.crt BadCRLSignatureCACert.crt InvalidBadCRLSignatureTest4EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.5 EE $NIST TrustAnchorRootCertificate.crt BadCRLIssuerNameCACert.crt InvalidBadCRLIssuerNameTest5EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.6 EE $NIST TrustAnchorRootCertificate.crt WrongCRLCACert.crt InvalidWrongCRLTest6EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.7 ENE $NIST TrustAnchorRootCertificate.crt TwoCRLsCACert.crt ValidTwoCRLsTest7EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.8 EE $NIST TrustAnchorRootCertificate.crt UnknownCRLEntryExtensionCACert.crt InvalidUnknownCRLEntryExtensionTest8EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.9 EE $NIST TrustAnchorRootCertificate.crt UnknownCRLExtensionCACert.crt InvalidUnknownCRLExtensionTest9EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.10 EE $NIST TrustAnchorRootCertificate.crt UnknownCRLExtensionCACert.crt InvalidUnknownCRLExtensionTest10EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.11 EE $NIST TrustAnchorRootCertificate.crt OldCRLnextUpdateCACert.crt InvalidOldCRLnextUpdateTest11EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.12 EE $NIST TrustAnchorRootCertificate.crt pre2000CRLnextUpdateCACert.crt Invalidpre2000CRLnextUpdateTest12EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.13 ENE $NIST TrustAnchorRootCertificate.crt GeneralizedTimeCRLnextUpdateCACert.crt ValidGeneralizedTimeCRLnextUpdateTest13EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.14 ENE $NIST TrustAnchorRootCertificate.crt NegativeSerialNumberCACert.crt ValidNegativeSerialNumberTest14EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.15 EE $NIST TrustAnchorRootCertificate.crt NegativeSerialNumberCACert.crt InvalidNegativeSerialNumberTest15EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.16 ENE $NIST TrustAnchorRootCertificate.crt LongSerialNumberCACert.crt ValidLongSerialNumberTest16EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.17 ENE $NIST TrustAnchorRootCertificate.crt LongSerialNumberCACert.crt ValidLongSerialNumberTest17EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.18 EE $NIST TrustAnchorRootCertificate.crt LongSerialNumberCACert.crt InvalidLongSerialNumberTest18EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.4.20 EE $NIST TrustAnchorRootCertificate.crt SeparateCertificateandCRLKeysCertificateSigningCACert.crt SeparateCertificateandCRLKeysCRLSigningCert.crt InvalidSeparateCertificateandCRLKeysTest20EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.5.1 ENE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedNewKeyCACert.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt ValidBasicSelfIssuedOldWithNewTest1EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.5.2 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedNewKeyCACert.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt InvalidBasicSelfIssuedOldWithNewTest2EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.5.5 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedOldKeyCACert.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt InvalidBasicSelfIssuedNewWithOldTest5EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.5.7 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedCRLSigningKeyCACert.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt
+pkixutil test_validatechain_NB NIST-Test.4.5.8 EE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedCRLSigningKeyCACert.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.1 EE $NIST TrustAnchorRootCertificate.crt MissingbasicConstraintsCACert.crt InvalidMissingbasicConstraintsTest1EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.2 EE $NIST TrustAnchorRootCertificate.crt basicConstraintsCriticalcAFalseCACert.crt InvalidcAFalseTest2EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.3 EE $NIST TrustAnchorRootCertificate.crt basicConstraintsNotCriticalcAFalseCACert.crt InvalidcAFalseTest3EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.4 ENE $NIST TrustAnchorRootCertificate.crt basicConstraintsNotCriticalCACert.crt ValidbasicConstraintsNotCriticalTest4EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.5 EE $NIST TrustAnchorRootCertificate.crt pathLenConstraint0CACert.crt pathLenConstraint0subCACert.crt InvalidpathLenConstraintTest5EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.6 EE $NIST TrustAnchorRootCertificate.crt pathLenConstraint0CACert.crt pathLenConstraint0subCACert.crt InvalidpathLenConstraintTest6EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.7 ENE $NIST TrustAnchorRootCertificate.crt pathLenConstraint0CACert.crt ValidpathLenConstraintTest7EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.8 ENE $NIST TrustAnchorRootCertificate.crt pathLenConstraint0CACert.crt ValidpathLenConstraintTest8EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.9 EE $NIST TrustAnchorRootCertificate.crt pathLenConstraint6CACert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6subsubCA00Cert.crt InvalidpathLenConstraintTest9EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.10 EE $NIST TrustAnchorRootCertificate.crt pathLenConstraint6CACert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6subsubCA00Cert.crt InvalidpathLenConstraintTest10EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.11 EE $NIST TrustAnchorRootCertificate.crt pathLenConstraint6CACert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subsubsubCA11XCert.crt InvalidpathLenConstraintTest11EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.12 EE $NIST TrustAnchorRootCertificate.crt pathLenConstraint6CACert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subsubsubCA11XCert.crt InvalidpathLenConstraintTest12EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.13 ENE $NIST TrustAnchorRootCertificate.crt pathLenConstraint6CACert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subsubsubCA41XCert.crt ValidpathLenConstraintTest13EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.14 ENE $NIST TrustAnchorRootCertificate.crt pathLenConstraint6CACert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subsubsubCA41XCert.crt ValidpathLenConstraintTest14EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.15 ENE $NIST TrustAnchorRootCertificate.crt pathLenConstraint0CACert.crt pathLenConstraint0SelfIssuedCACert.crt ValidSelfIssuedpathLenConstraintTest15EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.16 EE $NIST TrustAnchorRootCertificate.crt pathLenConstraint0CACert.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0subCA2Cert.crt InvalidSelfIssuedpathLenConstraintTest16EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.6.17 ENE $NIST TrustAnchorRootCertificate.crt pathLenConstraint1CACert.crt pathLenConstraint1SelfIssuedCACert.crt pathLenConstraint1subCACert.crt pathLenConstraint1SelfIssuedsubCACert.crt ValidSelfIssuedpathLenConstraintTest17EE.crt
+pkixutil test_validatechain "NIST-Test.4.7.1" EE $NIST TrustAnchorRootCertificate.crt keyUsageCriticalkeyCertSignFalseCACert.crt InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt
+pkixutil test_validatechain "NIST-Test.4.7.2" EE $NIST TrustAnchorRootCertificate.crt keyUsageNotCriticalkeyCertSignFalseCACert.crt InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt
+pkixutil test_validatechain "NIST-Test.4.7.3" ENE $NIST TrustAnchorRootCertificate.crt keyUsageNotCriticalCACert.crt ValidkeyUsageNotCriticalTest3EE.crt
+pkixutil test_validatechain "NIST-Test.4.7.4" EE $NIST TrustAnchorRootCertificate.crt keyUsageCriticalcRLSignFalseCACert.crt InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt
+pkixutil test_validatechain "NIST-Test.4.7.5" EE $NIST TrustAnchorRootCertificate.crt  keyUsageNotCriticalcRLSignFalseCACert.crt InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt
+pkixutil test_policychecker NIST-Test.4.8.1.1-1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.8.1.1-2 ENE $NIST ../../certs "{2.5.29.32.0}" E TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.8.1.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" E TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.8.1.3 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" E TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.8.1.4 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1:2.16.840.1.101.3.2.1.48.2}" E TrustAnchorRootCertificate.crt GoodCACert.crt ValidCertificatePathTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.8.2.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt NoPoliciesCACert.crt AllCertificatesNoPoliciesTest2EE.crt
+pkixutil test_policychecker NIST-Test.4.8.2.2 EE $NIST ../../certs "{2.5.29.32.0}" E TrustAnchorRootCertificate.crt NoPoliciesCACert.crt AllCertificatesNoPoliciesTest2EE.crt
+pkixutil test_policychecker NIST-Test.4.8.3.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt PoliciesP2subCACert.crt DifferentPoliciesTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.8.3.2 EE $NIST ../../certs "{2.5.29.32.0}" E TrustAnchorRootCertificate.crt GoodCACert.crt PoliciesP2subCACert.crt DifferentPoliciesTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.8.3.3 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1:2.16.840.1.101.3.2.1.48.2}" E TrustAnchorRootCertificate.crt GoodCACert.crt PoliciesP2subCACert.crt DifferentPoliciesTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.8.4 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt GoodsubCACert.crt DifferentPoliciesTest4EE.crt
+pkixutil test_policychecker NIST-Test.4.8.5 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt PoliciesP2subCA2Cert.crt DifferentPoliciesTest5EE.crt
+pkixutil test_policychecker NIST-Test.4.8.6.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt PoliciesP1234CACert.crt PoliciesP1234subCAP123Cert.crt PoliciesP1234subsubCAP123P12Cert.crt OverlappingPoliciesTest6EE.crt
+pkixutil test_policychecker NIST-Test.4.8.6.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt PoliciesP1234CACert.crt PoliciesP1234subCAP123Cert.crt PoliciesP1234subsubCAP123P12Cert.crt OverlappingPoliciesTest6EE.crt
+pkixutil test_policychecker NIST-Test.4.8.6.3 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" TrustAnchorRootCertificate.crt PoliciesP1234CACert.crt PoliciesP1234subCAP123Cert.crt PoliciesP1234subsubCAP123P12Cert.crt OverlappingPoliciesTest6EE.crt
+pkixutil test_policychecker NIST-Test.4.8.7 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt PoliciesP123CACert.crt PoliciesP123subCAP12Cert.crt PoliciesP123subsubCAP12P1Cert.crt DifferentPoliciesTest7EE.crt
+pkixutil test_policychecker NIST-Test.4.8.8 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt PoliciesP12CACert.crt PoliciesP12subCAP1Cert.crt PoliciesP12subsubCAP1P2Cert.crt DifferentPoliciesTest8EE.crt
+pkixutil test_policychecker NIST-Test.4.8.9 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt PoliciesP123CACert.crt PoliciesP123subCAP12Cert.crt PoliciesP123subsubCAP12P2Cert.crt PoliciesP123subsubsubCAP12P2P1Cert.crt
+pkixutil test_policychecker NIST-Test.4.8.10.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt PoliciesP12CACert.crt AllCertificatesSamePoliciesTest10EE.crt
+pkixutil test_policychecker NIST-Test.4.8.10.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt PoliciesP12CACert.crt AllCertificatesSamePoliciesTest10EE.crt
+pkixutil test_policychecker NIST-Test.4.8.10.3 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" TrustAnchorRootCertificate.crt PoliciesP12CACert.crt AllCertificatesSamePoliciesTest10EE.crt
+pkixutil test_policychecker NIST-Test.4.8.11.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt anyPolicyCACert.crt AllCertificatesanyPolicyTest11EE.crt
+pkixutil test_policychecker NIST-Test.4.8.11.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt anyPolicyCACert.crt AllCertificatesanyPolicyTest11EE.crt
+pkixutil test_policychecker NIST-Test.4.8.12 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt PoliciesP3CACert.crt DifferentPoliciesTest12EE.crt
+pkixutil test_policychecker NIST-Test.4.8.13.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt PoliciesP123CACert.crt AllCertificatesSamePoliciesTest13EE.crt
+pkixutil test_policychecker NIST-Test.4.8.13.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" TrustAnchorRootCertificate.crt PoliciesP123CACert.crt AllCertificatesSamePoliciesTest13EE.crt
+pkixutil test_policychecker NIST-Test.4.8.13.3 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.3}" TrustAnchorRootCertificate.crt PoliciesP123CACert.crt AllCertificatesSamePoliciesTest13EE.crt
+pkixutil test_policychecker NIST-Test.4.8.14.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt anyPolicyCACert.crt AnyPolicyTest14EE.crt
+pkixutil test_policychecker NIST-Test.4.8.14.2 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" E TrustAnchorRootCertificate.crt anyPolicyCACert.crt AnyPolicyTest14EE.crt
+pkixutil test_policychecker NIST-Test.4.8.15.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" E TrustAnchorRootCertificate.crt UserNoticeQualifierTest15EE.crt
+pkixutil test_policychecker NIST-Test.4.8.15.2 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" E TrustAnchorRootCertificate.crt UserNoticeQualifierTest15EE.crt
+pkixutil test_policychecker NIST-Test.4.8.16.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" E TrustAnchorRootCertificate.crt GoodCACert.crt UserNoticeQualifierTest16EE.crt
+pkixutil test_policychecker NIST-Test.4.8.16.2 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" E TrustAnchorRootCertificate.crt GoodCACert.crt UserNoticeQualifierTest16EE.crt
+pkixutil test_policychecker NIST-Test.4.8.17 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt UserNoticeQualifierTest17EE.crt
+pkixutil test_policychecker NIST-Test.4.8.18.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt PoliciesP12CACert.crt UserNoticeQualifierTest18EE.crt
+pkixutil test_policychecker NIST-Test.4.8.18.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" TrustAnchorRootCertificate.crt PoliciesP12CACert.crt UserNoticeQualifierTest18EE.crt
+pkixutil test_policychecker NIST-Test.4.8.19 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt UserNoticeQualifierTest19EE.crt
+pkixutil test_policychecker NIST-Test.4.8.20 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt CPSPointerQualifierTest20EE.crt
+pkixutil test_policychecker NIST-Test.4.9.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy10CACert.crt requireExplicitPolicy10subCACert.crt requireExplicitPolicy10subsubCACert.crt requireExplicitPolicy10subsubsubCACert.crt ValidrequireExplicitPolicyTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.9.2 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy5CACert.crt requireExplicitPolicy5subCACert.crt requireExplicitPolicy5subsubCACert.crt requireExplicitPolicy5subsubsubCACert.crt ValidrequireExplicitPolicyTest2EE.crt
+pkixutil test_policychecker NIST-Test.4.9.3 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy4CACert.crt requireExplicitPolicy4subCACert.crt requireExplicitPolicy4subsubCACert.crt requireExplicitPolicy4subsubsubCACert.crt InvalidrequireExplicitPolicyTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.9.4 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy0CACert.crt requireExplicitPolicy0subCACert.crt requireExplicitPolicy0subsubCACert.crt requireExplicitPolicy0subsubsubCACert.crt ValidrequireExplicitPolicyTest4EE.crt
+pkixutil test_policychecker NIST-Test.4.9.5 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy7CACert.crt requireExplicitPolicy7subCARE2Cert.crt requireExplicitPolicy7subsubCARE2RE4Cert.crt requireExplicitPolicy7subsubsubCARE2RE4Cert.crt InvalidrequireExplicitPolicyTest5EE.crt
+pkixutil test_policychecker NIST-Test.4.9.6 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy2CACert.crt requireExplicitPolicy2SelfIssuedCACert.crt ValidSelfIssuedrequireExplicitPolicyTest6EE.crt
+pkixutil test_policychecker NIST-Test.4.9.7 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy2CACert.crt requireExplicitPolicy2SelfIssuedCACert.crt requireExplicitPolicy2subCACert.crt InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt
+pkixutil test_policychecker NIST-Test.4.9.8 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt requireExplicitPolicy2CACert.crt requireExplicitPolicy2SelfIssuedCACert.crt requireExplicitPolicy2subCACert.crt requireExplicitPolicy2SelfIssuedsubCACert.crt InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt
+pkixutil test_policychecker NIST-Test.4.10.1.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt Mapping1to2CACert.crt ValidPolicyMappingTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.10.1.2 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" TrustAnchorRootCertificate.crt Mapping1to2CACert.crt ValidPolicyMappingTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.10.1.3 EE $NIST ../../certs "{2.5.29.32.0}" P TrustAnchorRootCertificate.crt Mapping1to2CACert.crt ValidPolicyMappingTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.10.2.1 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt Mapping1to2CACert.crt InvalidPolicyMappingTest2EE.crt
+pkixutil test_policychecker NIST-Test.4.10.2.2 EE $NIST ../../certs "{2.5.29.32.0}" P TrustAnchorRootCertificate.crt Mapping1to2CACert.crt InvalidPolicyMappingTest2EE.crt
+pkixutil test_policychecker NIST-Test.4.10.3.1 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt P12Mapping1to3CACert.crt P12Mapping1to3subCACert.crt P12Mapping1to3subsubCACert.crt ValidPolicyMappingTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.10.3.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" TrustAnchorRootCertificate.crt P12Mapping1to3CACert.crt P12Mapping1to3subCACert.crt P12Mapping1to3subsubCACert.crt ValidPolicyMappingTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.10.4 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt P12Mapping1to3CACert.crt P12Mapping1to3subCACert.crt P12Mapping1to3subsubCACert.crt InvalidPolicyMappingTest4EE.crt
+pkixutil test_policychecker NIST-Test.4.10.5.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt P1Mapping1to234CACert.crt P1Mapping1to234subCACert.crt ValidPolicyMappingTest5EE.crt
+pkixutil test_policychecker NIST-Test.4.10.5.2 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.6}" TrustAnchorRootCertificate.crt P1Mapping1to234CACert.crt P1Mapping1to234subCACert.crt ValidPolicyMappingTest5EE.crt
+pkixutil test_policychecker NIST-Test.4.10.6.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt P1Mapping1to234CACert.crt P1Mapping1to234subCACert.crt ValidPolicyMappingTest6EE.crt
+pkixutil test_policychecker NIST-Test.4.10.6.2 EE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.6}" TrustAnchorRootCertificate.crt P1Mapping1to234CACert.crt P1Mapping1to234subCACert.crt ValidPolicyMappingTest6EE.crt TrustAnchorRootCertificate.crt
+pkixutil test_policychecker NIST-Test.4.10.7.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt MappingFromanyPolicyCACert.crt
+pkixutil test_policychecker NIST-Test.4.10.7.2 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt MappingFromanyPolicyCACert.crt InvalidMappingFromanyPolicyTest7EE.crt
+pkixutil test_policychecker NIST-Test.4.10.8.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt MappingToanyPolicyCACert.crt
+pkixutil test_policychecker NIST-Test.4.10.8.2 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt MappingToanyPolicyCACert.crt InvalidMappingToanyPolicyTest8EE.crt
+pkixutil test_policychecker NIST-Test.4.10.9 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt PanyPolicyMapping1to2CACert.crt ValidPolicyMappingTest9EE.crt
+pkixutil test_policychecker NIST-Test.4.10.10 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt GoodsubCAPanyPolicyMapping1to2CACert.crt InvalidPolicyMappingTest10EE.crt
+pkixutil test_policychecker NIST-Test.4.10.11 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt GoodCACert.crt GoodsubCAPanyPolicyMapping1to2CACert.crt ValidPolicyMappingTest11EE.crt
+pkixutil test_policychecker NIST-Test.4.10.12.1 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.1}" TrustAnchorRootCertificate.crt P12Mapping1to3CACert.crt ValidPolicyMappingTest12EE.crt
+pkixutil test_policychecker NIST-Test.4.10.12.2 ENE $NIST ../../certs "{2.16.840.1.101.3.2.1.48.2}" TrustAnchorRootCertificate.crt P12Mapping1to3CACert.crt ValidPolicyMappingTest12EE.crt
+pkixutil test_policychecker NIST-Test.4.10.13 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt P1anyPolicyMapping1to2CACert.crt ValidPolicyMappingTest13EE.crt
+pkixutil test_policychecker NIST-Test.4.10.14 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt P1anyPolicyMapping1to2CACert.crt ValidPolicyMappingTest14EE.crt
+pkixutil test_policychecker NIST-Test.4.11.1.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping0CACert.crt inhibitPolicyMapping0subCACert.crt
+pkixutil test_policychecker NIST-Test.4.11.1.2 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping0CACert.crt inhibitPolicyMapping0subCACert.crt InvalidinhibitPolicyMappingTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.11.2 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P12CACert.crt inhibitPolicyMapping1P12subCACert.crt ValidinhibitPolicyMappingTest2EE.crt
+pkixutil test_policychecker NIST-Test.4.11.3 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P12CACert.crt inhibitPolicyMapping1P12subCACert.crt inhibitPolicyMapping1P12subsubCACert.crt InvalidinhibitPolicyMappingTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.11.4 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P12CACert.crt inhibitPolicyMapping1P12subCACert.crt inhibitPolicyMapping1P12subsubCACert.crt ValidinhibitPolicyMappingTest4EE.crt
+pkixutil test_policychecker NIST-Test.4.11.5 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping5CACert.crt inhibitPolicyMapping5subCACert.crt inhibitPolicyMapping5subsubCACert.crt inhibitPolicyMapping5subsubsubCACert.crt InvalidinhibitPolicyMappingTest5EE.crt
+pkixutil test_policychecker NIST-Test.4.11.6 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P12CACert.crt inhibitPolicyMapping1P12subCAIPM5Cert.crt inhibitPolicyMapping1P12subsubCAIPM5Cert.crt InvalidinhibitPolicyMappingTest6EE.crt
+pkixutil test_policychecker NIST-Test.4.11.7 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P1CACert.crt inhibitPolicyMapping1P1SelfIssuedCACert.crt inhibitPolicyMapping1P1subCACert.crt ValidSelfIssuedinhibitPolicyMappingTest7EE.crt
+pkixutil test_policychecker NIST-Test.4.11.8 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P1CACert.crt inhibitPolicyMapping1P1SelfIssuedCACert.crt inhibitPolicyMapping1P1subCACert.crt inhibitPolicyMapping1P1subsubCACert.crt InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt
+pkixutil test_policychecker NIST-Test.4.11.9 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P1CACert.crt inhibitPolicyMapping1P1SelfIssuedCACert.crt inhibitPolicyMapping1P1subCACert.crt inhibitPolicyMapping1P1subsubCACert.crt InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt
+pkixutil test_policychecker NIST-Test.4.11.10 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P1CACert.crt inhibitPolicyMapping1P1SelfIssuedCACert.crt inhibitPolicyMapping1P1subCACert.crt inhibitPolicyMapping1P1SelfIssuedsubCACert.crt InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt
+pkixutil test_policychecker NIST-Test.4.11.11 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitPolicyMapping1P1CACert.crt inhibitPolicyMapping1P1SelfIssuedCACert.crt inhibitPolicyMapping1P1subCACert.crt inhibitPolicyMapping1P1SelfIssuedsubCACert.crt InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt
+pkixutil test_policychecker NIST-Test.4.12.1 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy0CACert.crt InvalidinhibitAnyPolicyTest1EE.crt
+pkixutil test_policychecker NIST-Test.4.12.2 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy0CACert.crt ValidinhibitAnyPolicyTest2EE.crt
+pkixutil test_policychecker NIST-Test.4.12.3.1 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1subCA1Cert.crt inhibitAnyPolicyTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.12.3.2 EE $NIST ../../certs "{2.5.29.32.0}" A TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1subCA1Cert.crt inhibitAnyPolicyTest3EE.crt
+pkixutil test_policychecker NIST-Test.4.12.4 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1subCA1Cert.crt InvalidinhibitAnyPolicyTest4EE.crt
+pkixutil test_policychecker NIST-Test.4.12.5 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy5CACert.crt inhibitAnyPolicy5subCACert.crt inhibitAnyPolicy5subsubCACert.crt InvalidinhibitAnyPolicyTest5EE.crt
+pkixutil test_policychecker NIST-Test.4.12.6 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1subCAIAP5Cert.crt InvalidinhibitAnyPolicyTest6EE.crt
+pkixutil test_policychecker NIST-Test.4.12.7 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1SelfIssuedCACert.crt inhibitAnyPolicy1subCA2Cert.crt ValidSelfIssuedinhibitAnyPolicyTest7EE.crt
+pkixutil test_policychecker NIST-Test.4.12.8 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1SelfIssuedCACert.crt inhibitAnyPolicy1subCA2Cert.crt inhibitAnyPolicy1subsubCA2Cert.crt InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt
+pkixutil test_policychecker NIST-Test.4.12.9 ENE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1SelfIssuedCACert.crt inhibitAnyPolicy1subCA2Cert.crt inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt ValidSelfIssuedinhibitAnyPolicyTest9EE.crt
+pkixutil test_policychecker NIST-Test.4.12.10 EE $NIST ../../certs "{2.5.29.32.0}" TrustAnchorRootCertificate.crt inhibitAnyPolicy1CACert.crt inhibitAnyPolicy1SelfIssuedCACert.crt inhibitAnyPolicy1subCA2Cert.crt InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.1 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt ValidDNnameConstraintsTest1EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.2 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt InvalidDNnameConstraintsTest2EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.3 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt InvalidDNnameConstraintsTest3EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.4 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt ValidDNnameConstraintsTest4EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.5 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN2CACert.crt ValidDNnameConstraintsTest5EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.6 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN3CACert.crt ValidDNnameConstraintsTest6EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.7 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN3CACert.crt InvalidDNnameConstraintsTest7EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.8 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN4CACert.crt InvalidDNnameConstraintsTest8EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.9 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN4CACert.crt InvalidDNnameConstraintsTest9EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.10 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN5CACert.crt InvalidDNnameConstraintsTest10EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.11 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN5CACert.crt ValidDNnameConstraintsTest11EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.12 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt nameConstraintsDN1subCA1Cert.crt InvalidDNnameConstraintsTest12EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.13 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt nameConstraintsDN1subCA2Cert.crt InvalidDNnameConstraintsTest13EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.14 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt nameConstraintsDN1subCA2Cert.crt ValidDNnameConstraintsTest14EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.15 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN3CACert.crt nameConstraintsDN3subCA1Cert.crt InvalidDNnameConstraintsTest15EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.16 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN3CACert.crt nameConstraintsDN3subCA1Cert.crt InvalidDNnameConstraintsTest16EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.17 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN3CACert.crt nameConstraintsDN3subCA2Cert.crt InvalidDNnameConstraintsTest17EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.18 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN3CACert.crt nameConstraintsDN3subCA2Cert.crt ValidDNnameConstraintsTest18EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.19 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt nameConstraintsDN1SelfIssuedCACert.crt ValidDNnameConstraintsTest19EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.20 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt InvalidDNnameConstraintsTest20EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.21 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA1Cert.crt ValidRFC822nameConstraintsTest21EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.22 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA1Cert.crt InvalidRFC822nameConstraintsTest22EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.23 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA2Cert.crt ValidRFC822nameConstraintsTest23EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.24 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA2Cert.crt InvalidRFC822nameConstraintsTest24EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.25 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA3Cert.crt ValidRFC822nameConstraintsTest25EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.26 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsRFC822CA3Cert.crt InvalidRFC822nameConstraintsTest26EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.27 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt  nameConstraintsDN1subCA3Cert.crt ValidDNandRFC822nameConstraintsTest27EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.28 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt  nameConstraintsDN1subCA3Cert.crt InvalidDNandRFC822nameConstraintsTest28EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.29 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDN1CACert.crt  nameConstraintsDN1subCA3Cert.crt InvalidDNandRFC822nameConstraintsTest29EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.30 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDNS1CACert.crt ValidDNSnameConstraintsTest30EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.31 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDNS1CACert.crt InvalidDNSnameConstraintsTest31EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.32 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsDNS2CACert.crt ValidDNSnameConstraintsTest32EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.33 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDNS2CACert.crt InvalidDNSnameConstraintsTest33EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.34 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsURI1CACert.crt ValidURInameConstraintsTest34EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.35 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsURI1CACert.crt InvalidURInameConstraintsTest35EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.36 ENE $NIST TrustAnchorRootCertificate.crt nameConstraintsURI2CACert.crt ValidURInameConstraintsTest36EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.37 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsURI2CACert.crt InvalidURInameConstraintsTest37EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.13.38 EE $NIST TrustAnchorRootCertificate.crt nameConstraintsDNS1CACert.crt InvalidDNSnameConstraintsTest38EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.16.1 ENE $NIST TrustAnchorRootCertificate.crt ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
+pkixutil test_basicconstraintschecker NIST-Test.4.16.2 EE $NIST TrustAnchorRootCertificate.crt InvalidUnknownCriticalCertificateExtensionTest2EE.crt
+pkixutil test_buildchain_uchecker NIST-Test.4.1.1-without-OID ENE - $NIST ValidCertificatePathTest1EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain_uchecker NIST-Test.4.1.1-with-OID-without-forwardSupport ENE 2.5.29.19 $NIST ValidCertificatePathTest1EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain_uchecker NIST-Test.4.1.1-with-OID-forwardSupport ENE F2.5.29.19 $NIST ValidCertificatePathTest1EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.1.1 ENE $NIST ValidCertificatePathTest1EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.1.2 EE $NIST InvalidCASignatureTest2EE.crt BadSignedCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.1.3 EE $NIST InvalidEESignatureTest3EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.1.4 ENE $NIST ValidDSASignaturesTest4EE.crt DSACACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.1.5 ENE $NIST ValidDSAParameterInheritanceTest5EE.crt DSAParametersInheritedCACert.crt DSACACert.crt TrustAnchorRootCertificate.crt  
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.1.6 EE $NIST InvalidDSASignatureTest6EE.crt DSACACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.1 EE $NIST InvalidCAnotBeforeDateTest1EE.crt BadnotBeforeDateCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.2 EE $NIST InvalidEEnotBeforeDateTest2EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.3 ENE $NIST Validpre2000UTCnotBeforeDateTest3EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.4 ENE $NIST ValidGeneralizedTimenotBeforeDateTest4EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.5 EE $NIST InvalidCAnotAfterDateTest5EE.crt BadnotAfterDateCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.6 EE $NIST InvalidEEnotAfterDateTest6EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.7 EE $NIST Invalidpre2000UTCEEnotAfterDateTest7EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.2.8 ENE $NIST ValidGeneralizedTimenotAfterDateTest8EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.1 EE $NIST InvalidNameChainingTest1EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.2 EE $NIST InvalidNameChainingOrderTest2EE.crt NameOrderingCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.3 ENE $NIST ValidNameChainingWhitespaceTest3EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.4 ENE $NIST ValidNameChainingWhitespaceTest4EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.5 ENE $NIST ValidNameChainingCapitalizationTest5EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.6 ENE $NIST ValidNameUIDsTest6EE.crt UIDCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain -  NIST-Test.4.3.7 ENE $NIST ValidRFC3280MandatoryAttributeTypesTest7EE.crt RFC3280MandatoryAttributeTypesCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.9 ENE $NIST ValidUTF8StringEncodedNamesTest9EE.crt UTF8StringEncodedNamesCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.10 ENE $NIST ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt RolloverfromPrintableStringtoUTF8StringCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.3.11 ENE $NIST ValidUTF8StringCaseInsensitiveMatchTest11EE.crt UTF8StringCaseInsensitiveMatchCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.1 EE $NIST InvalidMissingCRLTest1EE.crt NoCRLCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.2 EE $NIST InvalidRevokedCATest2EE.crt RevokedsubCACert.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.3 EE $NIST InvalidRevokedEETest3EE.crt GoodCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.4 EE $NIST InvalidBadCRLSignatureTest4EE.crt BadCRLSignatureCACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.5 EE $NIST InvalidBadCRLIssuerNameTest5EE.crt BadCRLIssuerNameCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.6 EE $NIST InvalidWrongCRLTest6EE.crt WrongCRLCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.7 ENE $NIST ValidTwoCRLsTest7EE.crt TwoCRLsCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.8 EE $NIST InvalidUnknownCRLEntryExtensionTest8EE.crt UnknownCRLEntryExtensionCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.9 EE $NIST InvalidUnknownCRLExtensionTest9EE.crt UnknownCRLExtensionCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.10 EE $NIST InvalidUnknownCRLExtensionTest10EE.crt UnknownCRLExtensionCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.11 EE $NIST InvalidOldCRLnextUpdateTest11EE.crt OldCRLnextUpdateCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.12 EE $NIST Invalidpre2000CRLnextUpdateTest12EE.crt pre2000CRLnextUpdateCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.13 ENE $NIST ValidGeneralizedTimeCRLnextUpdateTest13EE.crt GeneralizedTimeCRLnextUpdateCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.14 ENE $NIST ValidNegativeSerialNumberTest14EE.crt NegativeSerialNumberCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.15 EE $NIST InvalidNegativeSerialNumberTest15EE.crt NegativeSerialNumberCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.16 ENE $NIST ValidLongSerialNumberTest16EE.crt LongSerialNumberCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.17 ENE $NIST ValidLongSerialNumberTest17EE.crt LongSerialNumberCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.18 EE $NIST InvalidLongSerialNumberTest18EE.crt LongSerialNumberCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.4.20 EE $NIST InvalidSeparateCertificateandCRLKeysTest20EE.crt SeparateCertificateandCRLKeysCRLSigningCert.crt TrustAnchorRootCertificate.crt SeparateCertificateandCRLKeysCertificateSigningCACert.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.5.1 ENE $NIST ValidBasicSelfIssuedOldWithNewTest1EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.5.2 EE $NIST InvalidBasicSelfIssuedOldWithNewTest2EE.crt BasicSelfIssuedNewKeyOldWithNewCACert.crt BasicSelfIssuedNewKeyCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.1 EE $NIST InvalidMissingbasicConstraintsTest1EE.crt MissingbasicConstraintsCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.2 EE $NIST InvalidcAFalseTest2EE.crt basicConstraintsCriticalcAFalseCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.3 EE $NIST InvalidcAFalseTest3EE.crt basicConstraintsNotCriticalcAFalseCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.4 ENE $NIST ValidbasicConstraintsNotCriticalTest4EE.crt basicConstraintsNotCriticalCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.5 EE $NIST InvalidpathLenConstraintTest5EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.6 EE $NIST InvalidpathLenConstraintTest6EE.crt pathLenConstraint0subCACert.crt pathLenConstraint0CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.7 ENE $NIST ValidpathLenConstraintTest7EE.crt pathLenConstraint0CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.8 ENE $NIST ValidpathLenConstraintTest8EE.crt pathLenConstraint0CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.9 EE $NIST InvalidpathLenConstraintTest9EE.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.10 EE $NIST InvalidpathLenConstraintTest10EE.crt pathLenConstraint6subsubCA00Cert.crt pathLenConstraint6subCA0Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.11 EE $NIST InvalidpathLenConstraintTest11EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.12 EE $NIST InvalidpathLenConstraintTest12EE.crt pathLenConstraint6subsubsubCA11XCert.crt pathLenConstraint6subsubCA11Cert.crt pathLenConstraint6subCA1Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.13 ENE $NIST ValidpathLenConstraintTest13EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.14 ENE $NIST ValidpathLenConstraintTest14EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.15 ENE $NIST ValidSelfIssuedpathLenConstraintTest15EE.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.16 EE $NIST InvalidSelfIssuedpathLenConstraintTest16EE.crt pathLenConstraint0subCA2Cert.crt pathLenConstraint0SelfIssuedCACert.crt pathLenConstraint0CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.6.17 ENE $NIST ValidSelfIssuedpathLenConstraintTest17EE.crt pathLenConstraint1SelfIssuedsubCACert.crt pathLenConstraint1subCACert.crt pathLenConstraint1SelfIssuedCACert.crt pathLenConstraint1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.7.1 EE $NIST InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt keyUsageCriticalkeyCertSignFalseCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.7.2 EE $NIST InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt keyUsageNotCriticalkeyCertSignFalseCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.7.3 ENE $NIST ValidkeyUsageNotCriticalTest3EE.crt keyUsageNotCriticalCACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.7.4 EE $NIST InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt keyUsageCriticalcRLSignFalseCACert.crt TrustAnchorRootCertificate.crt  
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.7.5 EE $NIST InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt keyUsageNotCriticalcRLSignFalseCACert.crt TrustAnchorRootCertificate.crt  
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.1 ENE $NIST ValidDNnameConstraintsTest1EE.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.2 EE $NIST InvalidDNnameConstraintsTest2EE.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.3 EE $NIST InvalidDNnameConstraintsTest3EE.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.4 ENE $NIST ValidDNnameConstraintsTest4EE.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.5 ENE $NIST ValidDNnameConstraintsTest5EE.crt nameConstraintsDN2CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.6 ENE $NIST ValidDNnameConstraintsTest6EE.crt nameConstraintsDN3CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.7 EE $NIST InvalidDNnameConstraintsTest7EE.crt nameConstraintsDN3CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.8 EE $NIST InvalidDNnameConstraintsTest8EE.crt nameConstraintsDN4CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.9 EE $NIST InvalidDNnameConstraintsTest9EE.crt nameConstraintsDN4CACert.crt nameConstraintsDN4CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.10 EE $NIST InvalidDNnameConstraintsTest10EE.crt nameConstraintsDN5CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.11 ENE $NIST ValidDNnameConstraintsTest11EE.crt nameConstraintsDN5CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.12 EE $NIST InvalidDNnameConstraintsTest12EE.crt nameConstraintsDN1subCA1Cert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.13 EE $NIST InvalidDNnameConstraintsTest13EE.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.14 ENE $NIST ValidDNnameConstraintsTest14EE.crt  nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.15 EE $NIST InvalidDNnameConstraintsTest15EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.16 EE $NIST InvalidDNnameConstraintsTest16EE.crt nameConstraintsDN3subCA1Cert.crt nameConstraintsDN3CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.17 EE $NIST InvalidDNnameConstraintsTest17EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.18 ENE $NIST ValidDNnameConstraintsTest18EE.crt nameConstraintsDN3subCA2Cert.crt nameConstraintsDN3CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.19 ENE $NIST ValidDNnameConstraintsTest19EE.crt nameConstraintsDN1SelfIssuedCACert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.20 EE $NIST InvalidDNnameConstraintsTest20EE.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.21 ENE $NIST ValidRFC822nameConstraintsTest21EE.crt nameConstraintsRFC822CA1Cert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.22 EE $NIST InvalidRFC822nameConstraintsTest22EE.crt nameConstraintsRFC822CA1Cert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.23 ENE $NIST ValidRFC822nameConstraintsTest23EE.crt nameConstraintsRFC822CA2Cert.crt  TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.24 EE $NIST InvalidRFC822nameConstraintsTest24EE.crt nameConstraintsRFC822CA2Cert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.25 ENE $NIST ValidRFC822nameConstraintsTest25EE.crt nameConstraintsRFC822CA3Cert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.26 EE $NIST InvalidRFC822nameConstraintsTest26EE.crt nameConstraintsRFC822CA3Cert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.27 ENE $NIST ValidDNandRFC822nameConstraintsTest27EE.crt nameConstraintsDN1subCA3Cert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.28 EE $NIST InvalidDNandRFC822nameConstraintsTest28EE.crt nameConstraintsDN1subCA3Cert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.29 EE $NIST InvalidDNandRFC822nameConstraintsTest29EE.crt nameConstraintsDN1subCA3Cert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.30 ENE $NIST ValidDNSnameConstraintsTest30EE.crt nameConstraintsDNS1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.31 EE $NIST InvalidDNSnameConstraintsTest31EE.crt nameConstraintsDNS1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.32 ENE $NIST ValidDNSnameConstraintsTest32EE.crt nameConstraintsDNS2CACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.33 EE $NIST InvalidDNSnameConstraintsTest33EE.crt nameConstraintsDNS2CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.34 ENE $NIST ValidURInameConstraintsTest34EE.crt nameConstraintsURI1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.35 EE $NIST InvalidURInameConstraintsTest35EE.crt nameConstraintsURI1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.36 ENE $NIST ValidURInameConstraintsTest36EE.crt nameConstraintsURI2CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.37 EE $NIST InvalidURInameConstraintsTest37EE.crt nameConstraintsURI2CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP}  NIST-Test.4.13.38 EE $NIST InvalidDNSnameConstraintsTest38EE.crt nameConstraintsDNS1CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain_partialchain ${LDAP}  NIST-Test.4.6.14 ENE $NIST ValidpathLenConstraintTest14EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain_partialchain ${LDAP}  NIST-Test.4.6.14 ENE $NIST ValidpathLenConstraintTest14EE.crt pathLenConstraint6subsubsubCA41XCert.crt pathLenConstraint6subsubCA41Cert.crt TrustAnchorRootCertificate.crt pathLenConstraint6subCA4Cert.crt pathLenConstraint6CACert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain_partialchain ${LDAP}  NIST-Test.4.13.13 EE $NIST InvalidDNnameConstraintsTest13EE.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1subCA2Cert.crt nameConstraintsDN1CACert.crt TrustAnchorRootCertificate.crt
+pkixutil test_buildchain_partialchain ${LDAP}  NIST-Test.4.13.27 ENE $NIST ValidDNandRFC822nameConstraintsTest27EE.crt nameConstraintsDN1subCA3Cert.crt nameConstraintsDN1subCA2Cert.crt TrustAnchorRootCertificate.crt 
+pkixutil test_buildchain ${LDAP} NIST-PDTest ENE ${NIST_PDTEST} certs/BasicHTTPURIPathDiscoveryTest2EE.crt certs/BasicHTTPURITrustAnchorRootCert.crt
+pkixutil test_ocsp -d ${HOSTDIR}/ocsp OCSP-Test ENE ${HOSTDIR}/ocsp anchorcert.crt goodcert.crt
+pkixutil test_ocsp -d ${HOSTDIR}/ocsp OCSP-Test EE ${HOSTDIR}/ocsp anchorcert.crt revokedcert.crt
+EOF
+
+totalErrors=$?
+totalErrors=`expr ${totalErrors} + ${tracedErrors}`
+
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
+
+##########################################################
+#
+# Document NIST tests that are not currently running for builder...
+# 4.3.8  4.4.19  4.4.21
+#
+# Others
+# 4.5.4  4.5.5, 4.5.6, 4.5.7, 4.5.8
+# 4.14.* Distribution Point - functionality not yet implemented
+# 4.15.* Delta CRL - not supported
+##########################################################
+# Following tests are not run because of bugs beyond libpkix:
+#pkixutil test_validatechain NIST-Test.4.3.7 ENE $NIST TrustAnchorRootCertificate.crt RFC3280MandatoryAttributeTypesCACert.crt ValidRFC3280MandatoryAttributeTypesTest7EE.crt
+# pkixutil test_buildchain NIST-Test.4.3.8 ENE $NIST ValidRFC3280OptionalAttributeTypesTest8EE.crt RFC3280OptionalAttributeTypesCACert.crt TrustAnchorRootCertificate.crt
+
+# Following tests are not supported by libpkix : separate certificate
+# NIST test 4.4.19 and 4.4.21
+
+# Following tests are not supported by libpkix : cert dp, cert chain definition
+# NIST tests 4.5.4, 4.5.5
+#pkixutil test_buildchain NIST-Test.4.5.7 EE $NIST InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt TrustAnchorRootCertificate.crt BasicSelfIssuedCRLSigningKeyCACert.crt 
+#pkixutil test_buildchain NIST-Test.4.5.8 EE $NIST InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt BasicSelfIssuedCRLSigningKeyCRLCert.crt BasicSelfIssuedCRLSigningKeyCACert.crt TrustAnchorRootCertificate.crt 
+
+
+# Following tests are not supported by libpkix : self-issued, multiple keys, one for cert, one for CRL
+#pkixutil test_validatechain NIST-Test.4.5.3 ENE $NIST TrustAnchorRootCertificate.crt BasicSelfIssuedOldKeyCACert.crt BasicSelfIssuedOldKeyNewWithOldCACert.crt ValidBasicSelfIssuedNewWithOldTest3EE.crt
+#pkixutil test_defaultcrlchecker NIST-Test.4.5.4 ENE $NIST/../crls $NIST/TrustAnchorRootCertificate.crt $NIST/BasicSelfIssuedOldKeyCACert.crt $NIST/BasicSelfIssuedOldKeyNewWithOldCACert.crt $NIST/ValidBasicSelfIssuedNewWithOldTest4EE.crt
+#pkixutil test_defaultcrlchecker NIST-Test.4.5.6 ENE $NIST/../crls $NIST/TrustAnchorRootCertificate.crt $NIST/BasicSelfIssuedCRLSigningKeyCACert.crt $NIST/BasicSelfIssuedCRLSigningKeyCRLCert.crt $NIST/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt
+
+# Need to recreate certs with BC extension and Key Usage
+#pkixutil test_buildchain single_sig ENE build_data/single_path/signature/pass yassir2hanfei.crt greg2yassir.crt jes2greg.crt jes2jes.crt
+#pkixutil test_buildchain single-sig EE build_data/single_path/signature/fail yassir2hanfei.crt jes2jes.crt
+#pkixutil test_buildchain multi-sig ENE build_data/multi_path/signature/pass yassir2hanfei.crt greg2yassir.crt jes2greg.crt jes2jes.crt
+#pkixutil test_buildchain multi-sig EE build_data/multi_path/signature/fail yassir2hanfei.crt greg2yassir.crt yassir2hanfei.crt
+#pkixutil test_buildchain backtrack-sig ENE build_data/backtracking/signature yassir2hanfei.crt labs2yassir.crt jes2labs.crt jes2jes.crtn
diff --git a/nss/tests/libpkix/pkix_tests/top/secmod.db b/nss/tests/libpkix/pkix_tests/top/secmod.db
new file mode 100644
index 0000000000000000000000000000000000000000..772583d58bd21a17bce44d9265ff8d800e7fd526
GIT binary patch
literal 32768
zcmeI)JxT*X6ae5+A*2y(?8FRMY$pWk#Uho6637W+b`ydzfvBK`rAM&$YNFSWIGYtj
z1gj7Td=DP;_n4Xe+Jy;?{eB2xJA}Qr5Mt_v-4M1?Q)Os=chdTDVrSVdm+GRI>C=0f
ztD>r@a_!Nq@3Z!E9Y}xx0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t8kju-*D-<*k!ezOo%{M1TMR0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1U5{d5n_1$_4@pI`hp^5J$Z21>&3I_T{)lj
zC$W3p>BXaVJ6_C+`$?IqI)mACI35+_d7d3-aZt|hy7O{4e#o;dUYCzQgWGa&Gb{3}
zZjXzrEDk6A(QO{<clck!Y4r#HFy){4?-Gl};xnZnK!5-N0t5&UAV7cs0RjXF5FkK+
U009C72oNAZfB*pk1U6XU3x4(!RsaA1

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/pkix_tests/util/runTests.sh b/nss/tests/libpkix/pkix_tests/util/runTests.sh
new file mode 100755
index 0000000..a413535
--- /dev/null
+++ b/nss/tests/libpkix/pkix_tests/util/runTests.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh
+#
+
+curdir=`pwd`
+cd ../../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=UTIL
+
+##########
+# main
+##########
+
+ParseArgs $*
+
+RunTests <<EOF
+pkixutil test_error
+pkixutil test_list
+pkixutil test_list2
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;${testunit}: passed ${passed} of ${numtests} tests"
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/runTests.sh b/nss/tests/libpkix/runTests.sh
new file mode 100755
index 0000000..190f5de
--- /dev/null
+++ b/nss/tests/libpkix/runTests.sh
@@ -0,0 +1,87 @@
+#! /bin/sh
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runTests.sh#
+#
+# This script enables all tests to be run together. It simply cd's into
+# the pkix_tests and pkix_pl_tests directories and runs test scripts
+#
+# This test is the original of libpkix.sh. While libpkix.sh is invoked by
+# all.sh as a /bin/sh script, runTests.sh is a /bin/ksh and provides the
+# options of checking memory and using different memory allcation schemes.
+#
+
+errors=0
+pkixErrors=0
+pkixplErrors=0
+checkMemArg=""
+arenasArg=""
+quietArg=""
+memText=""
+
+### ParseArgs
+ParseArgs() # args
+{
+    while [ $# -gt 0 ]; do
+	if [ $1 = "-checkmem" ]; then
+	    checkMemArg=$1
+	    memText="   (Memory Checking Enabled)"
+	elif [ $1 = "-quiet" ]; then
+	    quietArg=$1
+	elif [ $1 = "-arenas" ]; then
+	    arenasArg=$1
+	fi
+	shift
+    done
+}
+
+ParseArgs $*
+
+echo "*******************************************************************************"
+echo "START OF ALL TESTS${memText}"
+echo "*******************************************************************************"
+echo ""
+
+echo "RUNNING tests in pkix_pl_test";
+cd pkix_pl_tests;
+runPLTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+pkixplErrors=$?
+
+echo "RUNNING tests in pkix_test";
+cd ../pkix_tests;
+runTests.sh ${arenasArg} ${checkMemArg} ${quietArg}
+pkixErrors=$?
+
+echo "RUNNING tests in sample_apps (performance)";
+cd ../sample_apps;
+runPerf.sh ${arenasArg} ${checkMemArg} ${quietArg}
+pkixPerfErrors=$?
+
+errors=`expr ${pkixplErrors} + ${pkixErrors} + ${pkixPerfErrors}`
+
+if [ ${errors} -eq 0 ]; then
+    echo ""
+    echo "************************************************************"
+    echo "END OF ALL TESTS: ALL TESTS COMPLETED SUCCESSFULLY"
+    echo "************************************************************"
+    exit 0
+fi
+
+if [ ${errors} -eq 1 ]; then
+    plural=""
+else
+    plural="S"
+fi
+
+echo ""
+echo "************************************************************"
+echo "END OF ALL TESTS: ${errors} TEST${plural} FAILED"
+echo "************************************************************"
+exit 1
+
+
+
+
diff --git a/nss/tests/libpkix/sample_apps/README b/nss/tests/libpkix/sample_apps/README
new file mode 100755
index 0000000..012e7bf
--- /dev/null
+++ b/nss/tests/libpkix/sample_apps/README
@@ -0,0 +1,77 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+This directory contains both sample applications and performance evaluation
+applications.
+
+SAMPLE APPLICATIONS
+
+Currently, there are two performance applications: libpkix_buildThreads and
+nss_threads. And three sample applications: dumpcert, dumpcrl and 
+validateChain..
+
+============================================================================
+
+USAGE: 	dumpcert <certFile>
+	Parses a certificate located at <certFile> and displays it.
+
+Source: <root>/tests/sample_apps/dumpcert.c
+Binary: <root>/bin/sample_apps/dumpcert
+
+============================================================================
+
+USAGE: 	dumpcrl <crlFile>
+	Parses a CRL located at <crlFile> and displays it.
+
+Source: <root>/tests/sample_apps/dumpcrl.c
+Binary: <root>/bin/sample_apps/dumpcrl
+
+============================================================================
+
+USAGE: 	validateChain <trustedCert> <cert_1> <cert_2> ... <cert_n>
+	Validates a chain of n certificates using the given trust anchor.
+
+Source: <root>/tests/sample_apps/validateChain.c
+Binary: <root>/bin/sample_apps/validateChain
+
+============================================================================
+
+PERFORMANCE EVALUATION APPLICATIONS
+
+============================================================================
+
+USAGE:  libpkix_buildthreads <duration> <threads> <eecertNickname> 
+
+	Sets up and runs a PKIX_BuildChain call for the number of seconds
+	specified by <duration> using the number of threads specified by
+	<threads>. This application assumes that the NSS certutil application
+	has already been run to create the NSS databases and that the
+	various nicknames on the command line have been associated with
+	certificates in the NSS databases. The NSS databases MUST reside
+	in the directory where this file is located and MUST be named
+	"cert8.db", "key3.db", and "secmod.db". There must exist a nickname
+        in the databases which has been marked as trusted.
+
+Source: <root>/perf/libpkix_buildthreads/libpkix_buildthreads.c
+Binary: <root>/perf/libpkix_buildthreads/*.OBJ/libpkix_buildthreads
+
+============================================================================
+
+USAGE:  nssThreads <duration> <threads> <eecertNickname>
+
+	Sets up and runs a CERT_VerifyCertificate call for the number of
+	seconds specified by <duration> using the number of threads specified
+	by <threads>. This application assumes that the NSS certutil
+	application has already been run to create the NSS databases and that
+	the various nicknames on the command line have been associated with
+	certificates in the NSS databases. The NSS databases MUST reside
+	in the directory where this file is located and MUST be named
+	"cert8.db", "key3.db", and "secmod.db". There must exist a nickname in
+	the databases which has been marked as trusted.
+
+Source: <root>/perf/nss_threads/nss_threads.c
+Binary: <root>/perf/nss_threads/*.OBJ/nss_threads
+
+============================================================================
+
diff --git a/nss/tests/libpkix/sample_apps/cert8.db b/nss/tests/libpkix/sample_apps/cert8.db
new file mode 100755
index 0000000000000000000000000000000000000000..b39de42f188f32d3c20945687cd653aa93527f0a
GIT binary patch
literal 65536
zcmeI*2~-o;9tQB4B!qq6RTit%0tF{5vIPMFH*muuTB(Ww0i!_{^F)ghC>EuHAd3nj
zRTMY0P!(4Y)Pk)_pHwL-T6f$5Q4|;64D>t^EqY!!J@vdVkdwg7nOuJV%e@0<z8iw8
z9Y7ESiy+jl5QHoJlu#iEl73+BgxsG`=<OZfV0S!rY$BAH=NY1yYxE;?WA<V0fBQ|Y
zvps+N>*56=009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_
z009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY>0CZOQb>eAx!gYzK%
zZGJL8f^Y8B;1uH|aEfs}=ve3Q+|i&NHwZug0uX=z1Rwwb2tWV=5P$##AOHafKmY;|
zfB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_0D*ss
zfE@jH&m^Hn5W@ljCx!-#f&$&$+=C*b2*RBp*pw?zk&@@KeK}lBmhVJfA4-q;LP1mg
zi=fCTV`j(DS)qb}sGvxmHl@jIV{0mX5iy_M=q3_`ghj9^w+}yr4yDz32xYo8#+}VE
zc6aM+V;_PTB@zeB38h=eYzm0_c-r2VAUaSwO?<+_qPoy^P?NnuEp@fz=r{KsCVfj-
zJ^ZkpMN=e*5n*9n`x;C7mt|8<AKus0D3#8>Cd)L0>18DSR_M$JE1XcI;#hO3IPzQ`
zn?<tdPfD39Z?<&g(pF`Xl#wB%Z!2Y}t4#4I8=eEt#@5b?`chY!*Y!)OeiTZwzH5U?
z8G<cYK~R!qEQy5JSz()@m}Sl`8ttCpxv?=*Q*Ez8R6$YA)#9W++Xlp}u&8*%j$B^x
zq~Ya5`GD3F0}D6uE*+*ar%WED8dp#kCwHMt@yU?>dxuqpZP*xV=QH=tOLEtoX#dRF
zC&EUy@Z?H1R&&1@r*_-_z{oi={<B9btunRfAL`QYMW*4&hTMgkMl3c-kQ=|I7E(rZ
z0SpFk^eCNJt><%ovykNeJZNFA@(=twYY%<fKI#r-!0e#H(cx&7SZ<E{rK0N4mPLa+
zYHh7AuhmYk>?ojtDoM6;ICPn~lrFQoF^8@!rNmX3v2-LEM1P+mDOF~JCbOdq#ik#+
z;?UJ((<;fC)r-%#X?Y!<_jH?D!ZU4)UloY6zpb8;5g76K^vSjJ9<{qyd@gsPamB5=
z&9XKT4RdoAiTBw>wGUAo9@6hnj!|WHqr<a!yRU9iM*6~A#+QCtVw0k@RngF_r6gu{
zR>;nTPverRH4M&}aC6TczjAu<jwaV#j^8y%oR-uosiw}}(dD;+?rqZlBGZcpObUvK
z3=I<zgo;bKvzfCpe;+@XPdK$W6+4L>6zoshjj-d`=GZQz@9wstR@1GPQD=C>V8y}C
z7XB7#y|(%Q4g>)RKmY;|fB*y_009U<00Izz00bZa0SG_<0uX=z1Rwwb2tWV=5P$##
zAOHafKmY;|fB*y_009U<;3F20;}GOff}jHij+7*yMUvevNbiNrOwZ|pyup;k8<*b?
z>l>D(I3U`nT+T1oakE0s%0#2zDFx=Tc`fGJ`tA*6u9#O(jnUu49$V04q&G9YEh}%h
zTP80<e^m6=8%^JAtGZaVBu)1Ei&>f3mdTOZ3g@Zozf3M|j&g}+eR<O?c=zyHgXNd1
zel0oqB;mr!&BJpF2gr}u*686Wc<fsLVt$!d!r-<j`KS6Rrdeq_ZTv+-p=;EH$)8@%
zD2dQ?E)uU*aJS=edO?ZFySVpw9F*##DOI;T+JD1jDB(w6!Z-7PtnOLG*U_zi5o&aF
zE0P{rFa8<bVs{@~rOwv8H@YQ#;<3j7S8ZOhv7r*HI)9THYk&WTaR(=Rk0*t^l`0l@
zOFgW~;-|xWzPTHJB=p(>uW)C!zwv_`tCt@<7<elF>e##;XHx6Qq89dp-D8^r#dDj2
z#RpcNb}5vMkyP(^b!D<v{AB%PGmEx+%9lz9WM^8*Hs~g(Cuc<vb@2-wSmvs_R?A<d
z{!am}cTO-&0<X6MTpGf>Qd?W2rJC86_rf2wvvt)hHC_ch)zbF*(f7p>eNI!km#TA2
zldAfYCK)?2Kx63mS24mDmAjn!jWOGvv}cRAcUkk9#D!$Nt9{L=NUu9fxyxjZnxx!4
z??IlQVP07A%G@en@nPN&h5EcTp{sW7%XlKO?62v1!QDf{S6~xO(S7p$v&maS6f-sj
zbesu%MM)~(o@k{{g7thNKz%|Pv&fKcJ5frVbH6r+tw54*oh-aFtJm|%LYl@go84*K
z4}=S&csi%=o1F79Y<p^KxUO~ybzi$R>8rr(dY<cbUsa{)aiIc2ys0|(*!1R!+1W9V
zLk*(*?C0HhK2<#V#68}{^uDYI>#TF^y-W?RD48aSD$DX3Ty5g3+t;7k(^@yCV7+CT
z$7*47&8scOymD)CNk9FdG5fU~IMPEhrCQuks)dx~`a4P`P58810lJ4lJ(wz~bld68
zDlvPg_PEDeb$n;2vgbOks<@{ZE^D!_cEgX2_vOZjxGQHxaJN=akxhCLWd##7Gmi0G
z45Hoc-{1agrn;fk2=8O9SLK4jB7MuJ$WLmX5j{xHGTpU)aZy^?KEE5@$L+J`n|-gl
z!9@9<N=b(6iq9|aZ&Pb8%^lrrH_qgjzEyJ{UYFm`9@4kG?%6nET5LkvDUMXRSbCly
z^q3D8pXf`^6ZZ5x@%^9kME6r%={wAO=LzX&qMmZTXLLSu$=v3i{dj(UeC{Te^VPUj
zt5d2C&+d%%clkbOdY<hh_Ri~L?q~g`)O4U=+H{}cR}!awKJRwKvC#8T`_01&bp4ct
z^CTs+f`cRfu;+Rnw&9&SQer)Xze9h4cS%8w!wlocA$8}Xe~O)Q^zrf1>&r_n72iG8
zR5;sh(HC~#iU)gkP7`#Ryi1Jtog+v0S>OZGx`NT4nl_8B9h#^$=<5|}VFCK#{y$JY
zg37T!`Yce<vk5vMJygfKs(6?~`(Pj6)cWU%et}CG#9r#t)b>6(8h4}Wvgp{A<9aej
zZX5OcM5d3SR_mre_OJii+pF>M8DXyN1m#&X|7~|7eMh~=#XeqFgWGQ%9hiF7o$Y1b
z78qRga(-e>5BYZbZzZYg%1k8AQuTCJmppN2;=Ugp2<})s;q{sg;{&2Xm~|X@o}L6j
z|2;}d^^$CA?1!iC2T=X#xu0GvqEAPoj6FTOE+%2z(JDq^d~Y9=)f2+&^GFfVj~*Xp
z)8j+UUyTpa4EOIH8hV+s$Mea;{Ox7Jye;<%6r4=6^IV5og?zTlq;i~JxTgNfa}y7q
z*diWW^}<86r852Q<=tnSR_xhpadJbJj8Q|DvPtXNr$t4vYf^s}P{{*Dwl}{M<Z5l-
zQz|ZB^V73|8XC(+<XsSs^!QT#n$4A@@Fd?`+~xdaU)|X2`%-=mQ0QB7L^ft$ZRbEC
zq(a~LkHkACr`HPtIG#)oQcBp$FaKlL1Zy*`ktw;UQ{P+=fYbQb3j(~kngjFSjQo(`
zimi#e@16>7u`j&5bw>TTmy#hNLpGia;U-Ox`Io|>rb+?#lLZs23i=BMP4z23`lv>n
z!vB4HvG}v<IyKpA#jfj$oqZCI2F_hN?b6;Uj($RZ|Acs3uJ^focYV|2V+9Y^%secY
z^Wx^BHi2f+h+E$U&TOe(D=f926wsza6xR0CE$Jaen$AWqHS_YHvfK>X0Rad=00Izz
z00bZa0SG_<0uX=z1Rwwb2tWV=5P$##AOHafKmY;|fB*y_009U<00Izz00bZa0SG_<
g0uX=z1Rwwb2tWV=5P$##AOHafKmY;|_<t4n4}itrwg3PC

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/sample_apps/key3.db b/nss/tests/libpkix/sample_apps/key3.db
new file mode 100755
index 0000000000000000000000000000000000000000..9c03916ee8fd5c2f70205b9b2cc850341f23857b
GIT binary patch
literal 32768
zcmeI&t4o7X6aer$heOf9%JQe62m`@rHW@St3%2<{#j%N-ng%ADh@fB*4Hk<=tI1$7
zm<>Lvh(UaSk8jhzKx7zx2QKGu&*k3BFQ1Ug7D5OuA!M#Y=!(mb4j~bz`U-77Mci*}
zBpbQW3XOWZRJ)D$>QO&aUrmp;@BcLYT@Ml<K!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB=DiBan(-qnGGDx{5BMy=Xn!`xFES5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7e?-wGr%iG#6`zS{WV<Kgl^Za3R=89H)n!)wp!L}zOvIhZ;<dplaaIsSOa
z4?S(&Efgx1mGa_L|K#lS<a~9cd$YZBbpL#5W2f4iKba|(Ckn;>N}*Uy=BF1cbLG;%
znM3dq0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK;YK`@wmeK-;OM}jQ{}x
l1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oPwtz!#yOgcSe)

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/sample_apps/runPerf.sh b/nss/tests/libpkix/sample_apps/runPerf.sh
new file mode 100755
index 0000000..27b5521
--- /dev/null
+++ b/nss/tests/libpkix/sample_apps/runPerf.sh
@@ -0,0 +1,143 @@
+#!/bin/sh
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# runPerf.sh
+#
+
+curdir=`pwd`
+cd ../common
+. ./libpkix_init.sh > /dev/null
+cd ${curdir}
+
+numtests=0
+passed=0
+testunit=PERFORMANCE
+
+totalErrors=0
+loopErrors=0
+
+ParseArgs $*
+
+testHeadingEcho
+
+Display "\nRunning executables at ${DIST_BIN}"
+Display "Using libraries at ${LD_LIBRARY_PATH}"
+
+
+# Check the performance data ...
+perfTest()
+{
+
+    Display ""
+    Display "*******************************************************************************"
+    Display "START OF PKIX PERFORMANCE SCENARIOS ${memText}"
+Display "*******************************************************************************"
+    Display ""
+
+    while read perfPgm args; do
+        numtests=`expr ${numtests} + 1`
+        Display "Running ${perfPgm} ${args}"
+        if [ ${checkmem} -eq 1 ]; then
+            dbx -C -c "runargs $args; check -all ;run;exit" ${DIST_BIN}/${perfPgm} > ${testOut} 2>&1
+        else
+            ${DIST_BIN}/${perfPgm} ${args} > ${testOut} 2>&1
+        fi
+
+        # Examine output file to see if test failed and keep track of number
+        # of failures and names of failed tests. This assumes that the test
+        # uses our utility library for displaying information
+	
+        outputCount=`cat ${testOut} | grep "per second"`
+
+        if [ $? -ne 0 ]; then
+            errors=`expr ${errors} + 1`
+            failedpgms="${failedpgms}${perfPgm} ${args}\n"
+            cat ${testOut}
+        else
+            Display ${outputCount}
+            passed=`expr ${passed} + 1`
+        fi
+
+        if [ ${checkmem} -eq 1 ]; then
+            grep "(actual leaks:" ${testOut} > ${testOutMem} 2>&1
+            if [ $? -ne 0 ]; then
+                prematureErrors=`expr ${prematureErrors} + 1`
+                failedprematurepgms="${failedprematurepgms}${perfPgm} "
+                Display "...program terminated prematurely (unable to check for memory leak errors) ..."
+            else
+                grep  "(actual leaks:         1  total size:       4 bytes)" ${testOut} > /dev/null 2>&1
+                if [ $? -ne 0 ]; then
+                    memErrors=`expr ${memErrors} + 1`
+                    failedmempgms="${failedmempgms}${perfPgm} "
+                    Display ${testOutMem}
+                fi
+            fi
+        fi
+    done
+    return ${errors}
+}
+
+
+# If there is race condition bug, may this test catch it...
+loopTest()
+{
+    totalLoop=10
+
+    Display ""
+    Display "*******************************************************************************"
+    Display "START OF TESTS FOR PKIX PERFORMANCE SANITY LOOP (${totalLoop} times)"
+Display "*******************************************************************************"
+    Display ""
+
+    errors=0
+    iLoop=0
+    perfPgm="${DIST_BIN}/pkixutil libpkix_buildthreads -d . 5 8 ValidCertificatePathTest1EE"
+
+    while [ $iLoop -lt $totalLoop ]
+    do
+        iLoop=`expr $iLoop + 1`
+        numtests=`expr ${numtests} + 1`
+
+        Display "Running ${perfPgm}"
+        ${perfPgm} > ${testOut} 2>&1
+        Display `cat ${testOut} | grep "per second"`
+
+        outputCount=`cat ${testOut} | grep "per second"`
+
+        if [ $? -ne 0 ]; then
+            errors=`expr ${errors} + 1`
+            failedpgms="${failedpgms} ${perfPgm}\n"
+            cat ${testOut}
+        else
+            passed=`expr ${passed} + 1`
+        fi
+    done
+
+    return ${errors}
+
+}
+
+#main
+perfTest <<EOF
+pkixutil libpkix_buildthreads -d . 5 1 ValidCertificatePathTest1EE
+pkixutil libpkix_buildthreads -d . 5 8 ValidCertificatePathTest1EE
+pkixutil nss_threads -d . 5 1 ValidCertificatePathTest1EE
+pkixutil nss_threads -d . 5 8 ValidCertificatePathTest1EE
+EOF
+
+totalErrors=$?
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;performance test: passed ${passed} of ${numtests} tests"
+
+numtests=0
+passed=0
+loopTest
+loopErrors=$?
+totalErrors=`expr ${totalErrors} + ${loopErrors}`
+html_msg ${totalErrors} 0 "&nbsp;&nbsp;&nbsp;loop test: passed ${passed} of ${numtests} tests"
+
+testEndingEcho
+
+exit ${totalErrors}
diff --git a/nss/tests/libpkix/sample_apps/secmod.db b/nss/tests/libpkix/sample_apps/secmod.db
new file mode 100755
index 0000000000000000000000000000000000000000..772583d58bd21a17bce44d9265ff8d800e7fd526
GIT binary patch
literal 32768
zcmeI)JxT*X6ae5+A*2y(?8FRMY$pWk#Uho6637W+b`ydzfvBK`rAM&$YNFSWIGYtj
z1gj7Td=DP;_n4Xe+Jy;?{eB2xJA}Qr5Mt_v-4M1?Q)Os=chdTDVrSVdm+GRI>C=0f
ztD>r@a_!Nq@3Z!E9Y}xx0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t8kju-*D-<*k!ezOo%{M1TMR0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1U5{d5n_1$_4@pI`hp^5J$Z21>&3I_T{)lj
zC$W3p>BXaVJ6_C+`$?IqI)mACI35+_d7d3-aZt|hy7O{4e#o;dUYCzQgWGa&Gb{3}
zZjXzrEDk6A(QO{<clck!Y4r#HFy){4?-Gl};xnZnK!5-N0t5&UAV7cs0RjXF5FkK+
U009C72oNAZfB*pk1U6XU3x4(!RsaA1

literal 0
HcmV?d00001

diff --git a/nss/tests/libpkix/vfychain_test.lst b/nss/tests/libpkix/vfychain_test.lst
new file mode 100644
index 0000000..78d6185
--- /dev/null
+++ b/nss/tests/libpkix/vfychain_test.lst
@@ -0,0 +1,4 @@
+# Status | Leaf Cert | Policies | Others(undef)
+0 TestUser50 undef
+0 TestUser51 undef
+0 PayPalEE OID.2.16.840.1.114412.1.1
diff --git a/nss/tests/lowhash/lowhash.sh b/nss/tests/lowhash/lowhash.sh
new file mode 100644
index 0000000..6de255b
--- /dev/null
+++ b/nss/tests/lowhash/lowhash.sh
@@ -0,0 +1,97 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+# mozilla/security/nss/tests/lowhash/lowhash.sh
+#
+# Script to test basic functionallity of the NSSLoHash API
+#
+# included from 
+# --------------
+#   all.sh
+#
+# needs to work on all Linux platforms
+#
+# tests implemented:
+# lowash (verify encryption cert - bugzilla bug 119059)
+#
+# special strings
+# ---------------
+#
+########################################################################
+
+errors=0
+
+############################## lowhash_init ##############################
+# local shell function to initialize this script 
+########################################################################
+lowhash_init()
+{
+  SCRIPTNAME=lowhash.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  LOWHASHDIR=../lowhash
+  mkdir -p ${LOWHASHDIR}
+  if [ -f /proc/sys/crypto/fips_enabled ]; then
+    FVAL=`cat /proc/sys/crypto/fips_enabled`
+    html_head "Lowhash Tests - /proc/sys/crypto/fips_enabled is ${FVAL}"
+  else
+    html_head "Lowhash Tests"
+  fi
+  cd ${LOWHASHDIR}
+}
+
+############################## lowhash_test ##############################
+# local shell function to test basic the NSS Low Hash API both in
+# FIPS 140 compliant mode and not
+########################################################################
+lowhash_test()
+{
+  if [ ! -f ${BINDIR}/lowhashtest -a  \
+       ! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then
+    echo "freebl lowhash not supported in this plaform."
+  else
+    TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+    OLD_MODE=`echo ${NSS_FIPS}`
+    for fips_mode in 0 1; do
+      echo "lowhashtest with fips mode=${fips_mode}"
+      export NSS_FIPS=${fips_mode}
+      for TEST in ${TESTS}
+      do
+        echo "lowhashtest ${TEST}"
+        ${BINDIR}/lowhashtest ${TEST} 2>&1
+        RESULT=$?
+        html_msg ${RESULT} 0 "lowhashtest with fips mode=${fips_mode} for ${TEST}"
+      done
+    done
+    export NSS_FIPS=${OLD_MODE}
+  fi
+}
+
+############################## lowhash_cleanup ############################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+lowhash_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+lowhash_init
+lowhash_test
+lowhash_cleanup
+echo "lowhash.sh done"
diff --git a/nss/tests/memleak/ignored b/nss/tests/memleak/ignored
new file mode 100644
index 0000000..60ed0db
--- /dev/null
+++ b/nss/tests/memleak/ignored
@@ -0,0 +1,58 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#367374
+**/PR_ErrorInstallTable**
+**/_PR_ImplicitInitialization/**
+**/_PR_InitCMon/ExpandMonitorCache/**
+**/_PR_InitCMon/PR_NewLock/**
+**/_PR_InitLinker/**
+**/_PR_InitTPD/**
+**/_PR_InitZones/pr_FindSymbolInProg/**
+**/_PR_UnixInit/PR_NewLock/**
+**/_PR_UnixInit/PR_NewMonitor/**
+
+#367376
+**/_PR_CreateThread/pthread_create@@GLIBC_**
+**/_PR_CreateThread/PR_Calloc/**
+
+#367384
+**/PR_LoadLibraryWithFlags/**
+**/pr_LoadLibraryByPathname/**
+**/PR_LoadLibrary/**
+
+#397487
+**/__rpc_getconfip/setnetconfig/**
+
+#401100
+**/testThreadLockingBehavior/pthread_create@@GLIBC_**
+**/findLockInfo/pthread_create@@GLIBC_**
+
+#430544
+**/PR_CallOnce/InitializeArenas/PR_NewLock/**
+
+#458905
+**/cert_createObject/nssTrustDomain_AddCertsToCache/add_cert_to_cache/**
+**/cert_createObject/nssTrustDomain_AddCertsToCache/nssArena_Create/**
+
+#459237
+**/PR_FormatTime/strftime/**
+**/PR_FormatTime/__strftime_std/**
+
+#463208
+**/sqlite3UnixFullPathname/_getcwd/**
+**/unixFullPathname/_getcwd/**
+
+#463631
+vfychain/main/PL_CreateOptState/**
+
+#486298
+selfserv/main/PORT_Strdup_Util**
+
+#497251
+**/FREEBL_InitStubs/dlopen@@GLIBC_**
+
+#679524
+**/nss_Init/PR_CallOnce/nss_doLockInit/**
+
diff --git a/nss/tests/memleak/memleak.sh b/nss/tests/memleak/memleak.sh
new file mode 100755
index 0000000..45e432b
--- /dev/null
+++ b/nss/tests/memleak/memleak.sh
@@ -0,0 +1,915 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/memleak/memleak.sh
+#
+# Script to test memory leaks in NSS
+#
+# needs to work on Solaris and Linux platforms, on others just print a message
+# that OS is not supported
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################# memleak_init #############################
+# local shell function to initialize this script 
+########################################################################
+memleak_init()
+{
+	if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+		cd ../common
+		. ./init.sh
+	fi
+	
+	if [ ! -r ${CERT_LOG_FILE} ]; then
+		cd ${QADIR}/cert
+		. ./cert.sh
+	fi
+
+	SCRIPTNAME="memleak.sh"
+	if [ -z "${CLEANUP}" ] ; then
+		CLEANUP="${SCRIPTNAME}"
+	fi
+
+	OLD_LIBRARY_PATH=${LD_LIBRARY_PATH}
+	TMP_LIBDIR="${HOSTDIR}/tmp"
+	TMP_STACKS="${HOSTDIR}/stacks"
+	TMP_SORTED="${HOSTDIR}/sorted"
+	TMP_COUNT="${HOSTDIR}/count"
+	DBXOUT="${HOSTDIR}/dbxout"
+	DBXERR="${HOSTDIR}/dbxerr"
+	DBXCMD="${HOSTDIR}/dbxcmd"
+	
+	PORT=${PORT:-8443}
+	
+	MODE_LIST="NORMAL BYPASS FIPS"
+	
+	SERVER_DB="${HOSTDIR}/server_memleak"
+	CLIENT_DB="${HOSTDIR}/client_memleak"
+	cp -r ${HOSTDIR}/server ${SERVER_DB}
+	cp -r ${HOSTDIR}/client ${CLIENT_DB}
+	
+	LOGDIR="${HOSTDIR}/memleak_logs"
+	mkdir -p ${LOGDIR}
+
+	FOUNDLEAKS="${LOGDIR}/foundleaks"
+	
+	REQUEST_FILE="${QADIR}/memleak/sslreq.dat"
+	IGNORED_STACKS="${QADIR}/memleak/ignored"
+	
+	gline=`echo ${OBJDIR} | grep "_64_"`
+	if [ -n "${gline}" ] ; then
+		BIT_NAME="64"
+	else
+		BIT_NAME="32"
+	fi
+		
+	case "${OS_NAME}" in
+	"SunOS")
+		DBX=`which dbx`
+		AWK=nawk
+		
+		if [ $? -eq 0 ] ; then
+			echo "${SCRIPTNAME}: DBX found: ${DBX}"
+		else
+			echo "${SCRIPTNAME}: DBX not found, skipping memory leak checking."
+			exit 0
+		fi
+		
+		PROC_ARCH=`uname -p`
+				
+		if [ "${PROC_ARCH}" = "sparc" ] ; then
+			if [ "${BIT_NAME}" = "64" ] ; then
+				FREEBL_DEFAULT="libfreebl_64fpu_3"
+				FREEBL_LIST="${FREEBL_DEFAULT} libfreebl_64int_3"
+			else
+				FREEBL_DEFAULT="libfreebl_32fpu_3"
+				FREEBL_LIST="${FREEBL_DEFAULT} libfreebl_32int64_3"
+			fi
+		else
+			if [ "${BIT_NAME}" = "64" ] ; then
+				echo "${SCRIPTNAME}: OS not supported for memory leak checking."
+				exit 0
+			fi
+			
+			FREEBL_DEFAULT="libfreebl_3"
+			FREEBL_LIST="${FREEBL_DEFAULT}"
+		fi
+		
+		RUN_COMMAND_DBG="run_command_dbx"
+		PARSE_LOGFILE="parse_logfile_dbx"
+		;;
+	"Linux")
+		VALGRIND=`which valgrind`
+		AWK=awk
+		
+		if [ $? -eq 0 ] ; then
+			echo "${SCRIPTNAME}: Valgrind found: ${VALGRIND}"
+		else
+			echo "${SCRIPTNAME}: Valgrind not found, skipping memory leak checking."
+			exit 0
+		fi
+
+		FREEBL_DEFAULT="libfreebl_3"
+		FREEBL_LIST="${FREEBL_DEFAULT}"
+				
+		RUN_COMMAND_DBG="run_command_valgrind"
+		PARSE_LOGFILE="parse_logfile_valgrind"
+		;;
+	*)
+		echo "${SCRIPTNAME}: OS not supported for memory leak checking."
+		exit 0
+		;;
+	esac
+
+	if [ "${BUILD_OPT}" = "1" ] ; then
+		OPT="OPT"
+	else 
+		OPT="DBG"
+	fi
+
+	NSS_DISABLE_UNLOAD="1"
+	export NSS_DISABLE_UNLOAD
+
+	SELFSERV_ATTR="-D -p ${PORT} -d ${SERVER_DB} -n ${HOSTADDR} -e ${HOSTADDR}-ec -w nss -c :C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz -t 5 -V ssl3:tls1.2"
+	TSTCLNT_ATTR="-p ${PORT} -h ${HOSTADDR} -c j -f -d ${CLIENT_DB} -w nss -o"
+	STRSCLNT_ATTR="-q -p ${PORT} -d ${CLIENT_DB} -w nss -c 1000 -n TestUser ${HOSTADDR}"
+
+	tbytes=0
+	tblocks=0
+	truns=0
+	
+	MEMLEAK_DBG=1
+	export MEMLEAK_DBG
+}
+
+########################### memleak_cleanup ############################
+# local shell function to clean up after this script 
+########################################################################
+memleak_cleanup()
+{
+	unset MEMLEAK_DBG
+	unset NSS_DISABLE_UNLOAD
+	
+	. ${QADIR}/common/cleanup.sh
+}
+
+############################ set_test_mode #############################
+# local shell function to set testing mode for server and for client
+########################################################################
+set_test_mode()
+{
+	if [ "${server_mode}" = "BYPASS" ] ; then
+		echo "${SCRIPTNAME}: BYPASS is ON"
+		SERVER_OPTION="-B -s"
+		CLIENT_OPTION=""
+	elif [ "${client_mode}" = "BYPASS" ] ; then
+		echo "${SCRIPTNAME}: BYPASS is ON"
+		SERVER_OPTION=""
+		CLIENT_OPTION="-B -s"
+	else
+		echo "${SCRIPTNAME}: BYPASS is OFF"
+		SERVER_OPTION=""
+		CLIENT_OPTION=""
+	fi
+	
+	if [ "${server_mode}" = "FIPS" ] ; then
+		${BINDIR}/modutil -dbdir ${SERVER_DB} -fips true -force
+		${BINDIR}/modutil -dbdir ${SERVER_DB} -list
+		${BINDIR}/modutil -dbdir ${CLIENT_DB} -fips false -force
+		${BINDIR}/modutil -dbdir ${CLIENT_DB} -list
+		
+		echo "${SCRIPTNAME}: FIPS is ON"
+		cipher_list="c d e i j k n v y z"
+	elif [ "${client_mode}" = "FIPS" ] ; then
+		
+		${BINDIR}/modutil -dbdir ${SERVER_DB} -fips false -force
+		${BINDIR}/modutil -dbdir ${SERVER_DB} -list
+		${BINDIR}/modutil -dbdir ${CLIENT_DB} -fips true -force
+		${BINDIR}/modutil -dbdir ${CLIENT_DB} -list
+		
+		echo "${SCRIPTNAME}: FIPS is ON"
+		cipher_list="c d e i j k n v y z"
+	else
+		${BINDIR}/modutil -dbdir ${SERVER_DB} -fips false -force
+		${BINDIR}/modutil -dbdir ${SERVER_DB} -list
+		${BINDIR}/modutil -dbdir ${CLIENT_DB} -fips false -force
+		${BINDIR}/modutil -dbdir ${CLIENT_DB} -list
+		
+		echo "${SCRIPTNAME}: FIPS is OFF"
+		# ciphers l and m removed, see bug 1136095
+		cipher_list=":C001 :C002 :C003 :C004 :C005 :C006 :C007 :C008 :C009 :C00A :C010 :C011 :C012 :C013 :C014 c d e f g i j k n v y z"
+	fi
+}
+
+############################## set_freebl ##############################
+# local shell function to set freebl - sets temporary path for libraries
+########################################################################
+set_freebl()
+{
+	if [ "${freebl}" = "${FREEBL_DEFAULT}" ] ; then
+		LD_LIBRARY_PATH="${OLD_LIBRARY_PATH}"
+		export LD_LIBRARY_PATH
+	else
+		if [ -d "${TMP_LIBDIR}" ] ; then
+			rm -rf ${TMP_LIBDIR}
+		fi
+
+		mkdir ${TMP_LIBDIR}
+		[ $? -ne 0 ] && html_failed "Create temp directory" && return 1
+
+		cp ${DIST}/${OBJDIR}/lib/*.so ${DIST}/${OBJDIR}/lib/*.chk ${TMP_LIBDIR}
+		[ $? -ne 0 ] && html_failed "Copy libraries to temp directory" && return 1
+		
+		echo "${SCRIPTNAME}: Using ${freebl} instead of ${FREEBL_DEFAULT}"
+
+		mv ${TMP_LIBDIR}/${FREEBL_DEFAULT}.so ${TMP_LIBDIR}/${FREEBL_DEFAULT}.so.orig
+		[ $? -ne 0 ] && html_failed "Move ${FREEBL_DEFAULT}.so -> ${FREEBL_DEFAULT}.so.orig" && return 1
+
+		cp ${TMP_LIBDIR}/${freebl}.so ${TMP_LIBDIR}/${FREEBL_DEFAULT}.so
+		[ $? -ne 0 ] && html_failed "Copy ${freebl}.so -> ${FREEBL_DEFAULT}.so" && return 1
+
+		mv ${TMP_LIBDIR}/${FREEBL_DEFAULT}.chk ${TMP_LIBDIR}/${FREEBL_DEFAULT}.chk.orig
+		[ $? -ne 0 ] && html_failed "Move ${FREEBL_DEFAULT}.chk -> ${FREEBL_DEFAULT}.chk.orig" && return 1
+
+		cp ${TMP_LIBDIR}/${freebl}.chk ${TMP_LIBDIR}/${FREEBL_DEFAULT}.chk
+		[ $? -ne 0 ] && html_failed "Copy ${freebl}.chk to temp directory" && return 1
+
+		echo "ls -l ${TMP_LIBDIR}"
+		ls -l ${TMP_LIBDIR}
+
+		LD_LIBRARY_PATH="${TMP_LIBDIR}"
+		export LD_LIBRARY_PATH
+	fi
+
+	return 0
+}
+
+############################# clear_freebl #############################
+# local shell function to set default library path and clear temporary 
+# directory for libraries created by function set_freebl 
+########################################################################
+clear_freebl()
+{
+	LD_LIBRARY_PATH="${OLD_LIBRARY_PATH}"
+	export LD_LIBRARY_PATH
+
+	if [ -d "${TMP_LIBDIR}" ] ; then
+		rm -rf ${TMP_LIBDIR}
+	fi
+}
+
+############################ run_command_dbx ###########################
+# local shell function to run command under dbx tool
+########################################################################
+run_command_dbx()
+{
+	COMMAND=$1
+	shift
+	ATTR=$*
+	
+	COMMAND=`which ${COMMAND}`
+	
+	echo "dbxenv follow_fork_mode parent" > ${DBXCMD}
+	echo "dbxenv rtc_mel_at_exit verbose" >> ${DBXCMD}
+	echo "dbxenv rtc_biu_at_exit verbose" >> ${DBXCMD}
+	echo "check -memuse -match 16 -frames 16" >> ${DBXCMD}
+	echo "run ${ATTR}" >> ${DBXCMD}
+	
+	export NSS_DISABLE_ARENA_FREE_LIST=1
+	
+	echo "${SCRIPTNAME}: -------- Running ${COMMAND} under DBX:"
+	echo "${DBX} ${COMMAND}"
+	echo "${SCRIPTNAME}: -------- DBX commands:"
+	cat ${DBXCMD}
+	
+	( ${DBX} ${COMMAND} < ${DBXCMD} > ${DBXOUT} 2> ${DBXERR} )
+	grep -v Reading ${DBXOUT} 1>&2
+	cat ${DBXERR}
+	
+	unset NSS_DISABLE_ARENA_FREE_LIST
+	
+	grep "exit code is" ${DBXOUT}
+	grep "exit code is 0" ${DBXOUT} > /dev/null
+	return $?
+}
+
+######################### run_command_valgrind #########################
+# local shell function to run command under valgrind tool
+########################################################################
+run_command_valgrind()
+{
+	COMMAND=$1
+	shift
+	ATTR=$*
+	
+	export NSS_DISABLE_ARENA_FREE_LIST=1
+	
+	echo "${SCRIPTNAME}: -------- Running ${COMMAND} under Valgrind:"
+	echo "${VALGRIND} --tool=memcheck --leak-check=yes --show-reachable=yes --partial-loads-ok=yes --leak-resolution=high --num-callers=50 ${COMMAND} ${ATTR}"
+	echo "Running: ${COMMAND} ${ATTR}" 1>&2
+	${VALGRIND} --tool=memcheck --leak-check=yes --show-reachable=yes --partial-loads-ok=yes --leak-resolution=high --num-callers=50 ${COMMAND} ${ATTR} 1>&2
+	ret=$?
+	echo "==0=="
+	
+	unset NSS_DISABLE_ARENA_FREE_LIST
+	
+	return $ret
+}
+
+############################# run_selfserv #############################
+# local shell function to start selfserv
+########################################################################
+run_selfserv()
+{
+	echo "PATH=${PATH}"
+	echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
+	echo "${SCRIPTNAME}: -------- Running selfserv:"
+	echo "selfserv ${SELFSERV_ATTR}"
+	${BINDIR}/selfserv ${SELFSERV_ATTR}
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		html_failed "${LOGNAME}: Selfserv"
+		echo "${SCRIPTNAME} ${LOGNAME}: " \
+			"Selfserv produced a returncode of ${ret} - FAILED"
+	fi
+}
+
+########################### run_selfserv_dbg ###########################
+# local shell function to start selfserv under debug tool
+########################################################################
+run_selfserv_dbg()
+{
+	echo "PATH=${PATH}"
+	echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
+	${RUN_COMMAND_DBG} ${BINDIR}/selfserv ${SERVER_OPTION} ${SELFSERV_ATTR}
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		html_failed "${LOGNAME}: Selfserv"
+		echo "${SCRIPTNAME} ${LOGNAME}: " \
+			"Selfserv produced a returncode of ${ret} - FAILED"
+	fi
+}
+
+############################# run_strsclnt #############################
+# local shell function to run strsclnt for all ciphers and send stop
+# command to selfserv over tstclnt
+########################################################################
+run_strsclnt()
+{
+	for cipher in ${cipher_list}; do
+		VMIN="ssl3"
+		VMAX="tls1.2"
+		case "${cipher}" in
+		f|g)
+			# TLS 1.1 disallows export cipher suites.
+			VMAX="tls1.0"
+			;;
+		esac
+		ATTR="${STRSCLNT_ATTR} -C ${cipher} -V ${VMIN}:${VMAX}"
+		echo "${SCRIPTNAME}: -------- Trying cipher ${cipher}:"
+		echo "strsclnt ${ATTR}"
+		${BINDIR}/strsclnt ${ATTR}
+		ret=$?
+		if [ $ret -ne 0 ]; then
+			html_failed "${LOGNAME}: Strsclnt with cipher ${cipher}"
+			echo "${SCRIPTNAME} ${LOGNAME}: " \
+				"Strsclnt produced a returncode of ${ret} - FAILED"
+		fi
+	done
+	
+	ATTR="${TSTCLNT_ATTR} -V ssl3:tls1.2"
+	echo "${SCRIPTNAME}: -------- Stopping server:"
+	echo "tstclnt ${ATTR} < ${REQUEST_FILE}"
+	${BINDIR}/tstclnt ${ATTR} < ${REQUEST_FILE}
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		html_failed "${LOGNAME}: Tstclnt"
+		echo "${SCRIPTNAME} ${LOGNAME}: " \
+			"Tstclnt produced a returncode of ${ret} - FAILED"
+	fi
+	
+	sleep 20
+	kill $(jobs -p) 2> /dev/null
+}
+
+########################### run_strsclnt_dbg ###########################
+# local shell function to run strsclnt under debug tool for all ciphers 
+# and send stop command to selfserv over tstclnt
+########################################################################
+run_strsclnt_dbg()
+{
+	for cipher in ${cipher_list}; do
+		VMIN="ssl3"
+		VMAX="tls1.2"
+		case "${cipher}" in
+		f|g)
+			# TLS 1.1 disallows export cipher suites.
+			VMAX="tls1.0"
+			;;
+		esac
+		ATTR="${STRSCLNT_ATTR} -C ${cipher} -V ${VMIN}:${VMAX}"
+		${RUN_COMMAND_DBG} ${BINDIR}/strsclnt ${CLIENT_OPTION} ${ATTR}
+		ret=$?
+		if [ $ret -ne 0 ]; then
+			html_failed "${LOGNAME}: Strsclnt with cipher ${cipher}"
+			echo "${SCRIPTNAME} ${LOGNAME}: " \
+				"Strsclnt produced a returncode of ${ret} - FAILED"
+		fi
+	done
+	
+	ATTR="${TSTCLNT_ATTR} -V ssl3:tls1.2"
+	echo "${SCRIPTNAME}: -------- Stopping server:"
+	echo "tstclnt ${ATTR} < ${REQUEST_FILE}"
+	${BINDIR}/tstclnt ${ATTR} < ${REQUEST_FILE}
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		html_failed "${LOGNAME}: Tstclnt"
+		echo "${SCRIPTNAME} ${LOGNAME}: " \
+			"Tstclnt produced a returncode of ${ret} - FAILED"
+	fi
+	
+	kill $(jobs -p) 2> /dev/null
+}
+
+stat_clear()
+{
+	stat_minbytes=9999999
+	stat_maxbytes=0
+	stat_minblocks=9999999
+	stat_maxblocks=0
+	stat_bytes=0
+	stat_blocks=0
+	stat_runs=0
+}
+
+stat_add()
+{
+	read hash lbytes bytes_str lblocks blocks_str in_str lruns runs_str \
+		minbytes minbytes_str maxbytes maxbytes_str minblocks \
+		minblocks_str maxblocks maxblocks_str rest < ${TMP_COUNT} 
+	rm ${TMP_COUNT}
+	
+	tbytes=`expr ${tbytes} + ${lbytes}`
+	tblocks=`expr ${tblocks} + ${lblocks}`
+	truns=`expr ${truns} + ${lruns}`
+	
+	if [ ${stat_minbytes} -gt ${minbytes} ]; then
+		stat_minbytes=${minbytes}
+	fi
+			
+	if [ ${stat_maxbytes} -lt ${maxbytes} ]; then
+		stat_maxbytes=${maxbytes}
+	fi
+			
+	if [ ${stat_minblocks} -gt ${minblocks} ]; then
+		stat_minblocks=${minblocks}
+	fi
+			
+	if [ ${stat_maxblocks} -lt ${maxblocks} ]; then
+		stat_maxblocks=${maxblocks}
+	fi
+			
+	stat_bytes=`expr ${stat_bytes} + ${lbytes}`
+	stat_blocks=`expr ${stat_blocks} + ${lblocks}`
+	stat_runs=`expr ${stat_runs} + ${lruns}`
+}
+
+stat_print()
+{
+	if [ ${stat_runs} -gt 0 ]; then
+		stat_avgbytes=`expr "${stat_bytes}" / "${stat_runs}"`
+		stat_avgblocks=`expr "${stat_blocks}" / "${stat_runs}"`
+		
+		echo
+		echo "$1 statistics:"
+		echo "Leaked bytes: ${stat_minbytes} min, ${stat_avgbytes} avg, ${stat_maxbytes} max"
+		echo "Leaked blocks: ${stat_minblocks} min, ${stat_avgblocks} avg, ${stat_maxblocks} max"
+		echo "Total runs: ${stat_runs}"
+		echo
+	fi
+}
+
+########################## run_ciphers_server ##########################
+# local shell function to test server part of code (selfserv)
+########################################################################
+run_ciphers_server()
+{
+	html_head "Memory leak checking - server"
+	
+	stat_clear
+	
+	client_mode="NORMAL"	
+	for server_mode in ${MODE_LIST}; do
+		set_test_mode
+		
+		for freebl in ${FREEBL_LIST}; do
+			set_freebl || continue
+			
+			LOGNAME=server-${BIT_NAME}-${freebl}-${server_mode}
+			LOGFILE=${LOGDIR}/${LOGNAME}.log
+			echo "Running ${LOGNAME}"
+			
+			(
+			    run_selfserv_dbg 2>> ${LOGFILE} &
+			    sleep 5
+			    run_strsclnt
+			)
+			
+			sleep 20
+			clear_freebl
+			
+			log_parse
+			ret=$?
+			
+			html_msg ${ret} 0 "${LOGNAME}" "produced a returncode of $ret, expected is 0"
+		done
+	done
+	
+	stat_print "Selfserv"
+	
+	html "</TABLE><BR>"
+}
+
+########################## run_ciphers_client ##########################
+# local shell function to test client part of code (strsclnt)
+########################################################################
+run_ciphers_client()
+{
+	html_head "Memory leak checking - client"
+	
+	stat_clear
+	
+	server_mode="NORMAL"
+	for client_mode in ${MODE_LIST}; do
+		set_test_mode
+		
+		for freebl in ${FREEBL_LIST}; do
+			set_freebl || continue
+			
+			LOGNAME=client-${BIT_NAME}-${freebl}-${client_mode}
+			LOGFILE=${LOGDIR}/${LOGNAME}.log
+			echo "Running ${LOGNAME}"
+			
+			(
+			    run_selfserv &
+			    sleep 5
+			    run_strsclnt_dbg 2>> ${LOGFILE}
+			)
+			
+			sleep 20
+			clear_freebl
+			
+			log_parse
+			ret=$?
+			html_msg ${ret} 0 "${LOGNAME}" "produced a returncode of $ret, expected is 0"
+		done
+	done
+	
+	stat_print "Strsclnt"
+	
+	html "</TABLE><BR>"
+}
+
+########################## parse_logfile_dbx ###########################
+# local shell function to parse and process logs from dbx
+########################################################################
+parse_logfile_dbx()
+{
+	${AWK} '
+	BEGIN {
+		in_mel = 0
+		mel_line = 0
+		bytes = 0
+		lbytes = 0
+		minbytes = 9999999
+		maxbytes = 0
+		blocks = 0
+		lblocks = 0
+		minblocks = 9999999
+		maxblocks = 0
+		runs = 0
+		stack_string = ""
+		bin_name = ""
+	}
+	/Memory Leak \(mel\):/ ||
+	/Possible memory leak -- address in block \(aib\):/ ||
+	/Block in use \(biu\):/ {
+		in_mel = 1
+		stack_string = ""
+		next
+	}
+	in_mel == 1 && /^$/ {
+		print bin_name stack_string
+		in_mel = 0
+		mel_line = 0
+		next
+	}
+	in_mel == 1 {
+		mel_line += 1
+	}
+	/Found leaked block of size/ {
+		bytes += $6
+		blocks += 1
+		next
+	}
+	/Found .* leaked blocks/ {
+		bytes += $8
+		blocks += $2
+		next
+	}
+	/Found block of size/ {
+		bytes += $5
+		blocks += 1
+		next
+	}
+	/Found .* blocks totaling/ {
+		bytes += $5
+		blocks += $2
+		next
+	}
+	mel_line > 2 {
+		gsub(/\(\)/, "")
+		new_line = $2
+		stack_string = "/" new_line stack_string
+		next
+	}
+	/^Running: / {
+		bin_name = $2
+		next
+	}
+	/execution completed/ {
+		runs += 1
+		lbytes += bytes
+		minbytes = (minbytes < bytes) ? minbytes : bytes
+		maxbytes = (maxbytes > bytes) ? maxbytes : bytes
+		bytes = 0
+		lblocks += blocks
+		minblocks = (minblocks < blocks) ? minblocks : blocks
+		maxblocks = (maxblocks > blocks) ? maxblocks : blocks
+		blocks = 0
+		next
+	}
+	END {
+		print "# " lbytes " bytes " lblocks " blocks in " runs " runs " \
+		minbytes " minbytes " maxbytes " maxbytes " minblocks " minblocks " \
+		maxblocks " maxblocks " > "/dev/stderr"
+	}' 2> ${TMP_COUNT}
+	
+	stat_add
+}
+
+######################## parse_logfile_valgrind ########################
+# local shell function to parse and process logs from valgrind
+########################################################################
+parse_logfile_valgrind()
+{
+	${AWK} '
+	BEGIN {
+		in_mel = 0
+		in_sum = 0
+		bytes = 0
+		lbytes = 0
+		minbytes = 9999999
+		maxbytes = 0
+		blocks = 0
+		lblocks = 0
+		minblocks = 9999999
+		maxblocks = 0
+		runs = 0
+		stack_string = ""
+		bin_name = "" 
+	}
+	!/==[0-9]*==/ { 
+		if ( $1 == "Running:" ) 
+			bin_name = $2
+			bin_nf = split(bin_name, bin_fields, "/")
+			bin_name = bin_fields[bin_nf]
+		next
+	}
+	/blocks are/ {
+		in_mel = 1
+		stack_string = ""
+		next
+	}
+	/LEAK SUMMARY/ {
+		in_sum = 1
+		next
+	}
+	/^==[0-9]*== *$/ { 
+		if (in_mel)
+			print bin_name stack_string
+		if (in_sum) {
+			runs += 1
+			lbytes += bytes
+			minbytes = (minbytes < bytes) ? minbytes : bytes
+			maxbytes = (maxbytes > bytes) ? maxbytes : bytes
+			bytes = 0
+			lblocks += blocks
+			minblocks = (minblocks < blocks) ? minblocks : blocks
+			maxblocks = (maxblocks > blocks) ? maxblocks : blocks
+			blocks = 0
+		}
+		in_sum = 0
+		in_mel = 0
+		next
+	}
+	in_mel == 1 {	
+		new_line = $4
+		if ( new_line == "(within")
+			new_line = "*"
+		stack_string = "/" new_line stack_string
+	}
+	in_sum == 1 {
+		for (i = 2; i <= NF; i++) {
+			if ($i == "bytes") {
+				str = $(i - 1)
+				gsub(",", "", str)
+				bytes += str
+			}
+			if ($i == "blocks.") {
+				str = $(i - 1)
+				gsub(",", "", str)
+				blocks += str
+			}
+		}
+	}
+	END {
+		print "# " lbytes " bytes " lblocks " blocks in " runs " runs " \
+		minbytes " minbytes " maxbytes " maxbytes " minblocks " minblocks " \
+		maxblocks " maxblocks " > "/dev/stderr"
+	}' 2> ${TMP_COUNT}
+	
+	stat_add
+}
+
+############################# check_ignored ############################
+# local shell function to check all stacks if they are not ignored
+########################################################################
+check_ignored()
+{
+	${AWK} -F/ '
+	BEGIN {
+		ignore = "'${IGNORED_STACKS}'"
+		# read in the ignore file
+		BUGNUM = ""
+		count = 0
+		new = 0
+		while ((getline line < ignore) > 0)  {
+			if (line ~ "^#[0-9]+") {
+				BUGNUM = line
+			} else if (line ~ "^#") {
+				continue
+			} else if (line == "") {
+				continue
+			} else {
+				bugnum_array[count] = BUGNUM
+				# Create a regular expression for the ignored stack:
+				# replace * with % so we can later replace them with regular expressions
+				# without messing up everything (the regular expressions contain *)
+				gsub("\\*", "%", line)
+				# replace %% with .*
+				gsub("%%", ".*", line)
+				# replace % with [^/]*
+				gsub("%", "[^/]*", line)
+				# add ^ at the beginning
+				# add $ at the end
+				line_array[count] = "^" line "$"
+				count++
+			}
+		}
+	}
+	{
+		match_found = 0
+		# Look for matching ignored stack
+		for (i = 0; i < count; i++) {
+			if ($0 ~ line_array[i]) {
+				# found a match
+				match_found = 1
+				bug_found = bugnum_array[i]
+				break
+			}
+		}
+		# Process result
+		if (match_found == 1 ) {
+				if (bug_found != "") {
+					print "IGNORED STACK (" bug_found "): " $0
+				} else {
+					print "IGNORED STACK: " $0
+				}
+		} else {
+				print "NEW STACK: " $0
+				new = 1
+		}
+	}
+	END {
+		exit new
+	}'
+	ret=$?
+	return $ret
+}
+
+############################### parse_log ##############################
+# local shell function to parse log file
+########################################################################
+log_parse()
+{
+	${PARSE_LOGFILE} < ${LOGFILE} > ${TMP_STACKS}
+	echo "${SCRIPTNAME}: Processing log ${LOGNAME}:" > ${TMP_SORTED}
+	cat ${TMP_STACKS} | sort -u | check_ignored >> ${TMP_SORTED}
+	ret=$?
+	echo >> ${TMP_SORTED}
+	
+	cat ${TMP_SORTED} | tee -a ${FOUNDLEAKS}
+	rm ${TMP_STACKS} ${TMP_SORTED}
+	
+	return ${ret}
+}
+
+############################## cnt_total ###############################
+# local shell function to count total leaked bytes
+########################################################################
+cnt_total()
+{
+	echo ""
+	echo "TinderboxPrint:${OPT} Lk bytes: ${tbytes}"
+	echo "TinderboxPrint:${OPT} Lk blocks: ${tblocks}"
+	echo "TinderboxPrint:${OPT} # of runs: ${truns}"
+	echo ""
+}
+
+############################### run_ocsp ###############################
+# local shell function to run ocsp tests
+########################################################################
+run_ocsp()
+{
+	stat_clear
+	
+	cd ${QADIR}/iopr
+	. ./ocsp_iopr.sh
+	ocsp_iopr_run
+	
+	stat_print "Ocspclnt"
+}
+
+############################## run_chains ##############################
+# local shell function to run PKIX certificate chains tests
+########################################################################
+run_chains()
+{
+    stat_clear
+
+    LOGNAME="chains"
+    LOGFILE=${LOGDIR}/chains.log
+
+    . ${QADIR}/chains/chains.sh
+
+    stat_print "Chains"
+}
+
+############################## run_chains ##############################
+# local shell function to run memory leak tests
+#
+# NSS_MEMLEAK_TESTS - list of tests to run, if not defined before,
+# then is redefined to default list 
+########################################################################
+memleak_run_tests()
+{
+    nss_memleak_tests="ssl_server ssl_client chains ocsp"
+    NSS_MEMLEAK_TESTS="${NSS_MEMLEAK_TESTS:-$nss_memleak_tests}"
+
+    for MEMLEAK_TEST in ${NSS_MEMLEAK_TESTS}
+    do
+        case "${MEMLEAK_TEST}" in
+        "ssl_server")
+            run_ciphers_server
+            ;;
+        "ssl_client")
+            run_ciphers_client
+            ;;
+        "chains")
+            run_chains
+            ;;
+        "ocsp")
+            run_ocsp
+            ;;
+        esac
+    done
+}
+
+################################# main #################################
+
+memleak_init
+memleak_run_tests
+cnt_total
+memleak_cleanup
+
diff --git a/nss/tests/memleak/sslreq.dat b/nss/tests/memleak/sslreq.dat
new file mode 100644
index 0000000..1db703d
--- /dev/null
+++ b/nss/tests/memleak/sslreq.dat
@@ -0,0 +1,2 @@
+GET /stop HTTP/1.0
+
diff --git a/nss/tests/merge/merge.sh b/nss/tests/merge/merge.sh
new file mode 100755
index 0000000..1929b12
--- /dev/null
+++ b/nss/tests/merge/merge.sh
@@ -0,0 +1,277 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/merge/merge.sh
+#
+# Script to test NSS merge
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## merge_init ##############################
+# local shell function to initialize this script
+########################################################################
+merge_init()
+{
+  SCRIPTNAME=merge.sh      # sourced - $0 would point to all.sh
+  HAS_EXPLICIT_DB=0
+  if [ ! -z "${NSS_DEFAULT_DB_TYPE}" ]; then
+     HAS_EXPLICIT_DB=1
+  fi
+
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ${QADIR}/cert
+      . ./cert.sh
+  fi
+
+  if [ ! -d ${HOSTDIR}/SDR ]; then
+      cd ${QADIR}/sdr
+      . ./sdr.sh
+  fi
+  SCRIPTNAME=merge.sh
+
+  html_head "Merge Tests"
+
+  # need the SSL & SMIME directories from cert.sh
+  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
+  }
+  grep "SUCCESS: SSL passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 8 "Fatal - SSL of cert.sh needs to pass first"
+  }
+
+  #temporary files for SDR tests
+  VALUE1=$HOSTDIR/tests.v1.$$
+  VALUE3=$HOSTDIR/tests.v3.$$
+
+  # local directories used in this test.
+  MERGEDIR=${HOSTDIR}/merge
+  R_MERGEDIR=../merge
+  D_MERGE="merge.$version"
+  # SDR not initialized in common/init
+  P_R_SDR=../SDR
+  D_SDR="SDR.$version"
+  mkdir -p ${MERGEDIR}
+
+  PROFILE=.
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+     PROFILE="multiaccess:${D_MERGE}"
+     P_R_SDR="multiaccess:${D_SDR}"
+  fi
+
+  cd ${MERGEDIR}
+
+  # clear out any existing databases, potentially from a previous run.
+  rm -f *.db
+
+  # copy alicedir over as a seed database.
+  cp ${R_ALICEDIR}/* .
+  # copy the smime text samples
+  cp ${QADIR}/smime/*.txt .
+
+  # create a set of conflicting names.
+  CONFLICT1DIR=conflict1
+  CONFLICT2DIR=conflict2
+  mkdir ${CONFLICT1DIR}
+  mkdir ${CONFLICT2DIR}
+  # in the upgrade mode (dbm->sql), make sure our test databases
+  # are dbm databases.
+  if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
+	save=${NSS_DEFAULT_DB_TYPE}
+	NSS_DEFAULT_DB_TYPE= ; export NSS_DEFAULT_DB_TYPE
+  fi
+
+  certutil -N -d ${CONFLICT1DIR} -f ${R_PWFILE}
+  certutil -N -d ${CONFLICT2DIR} -f ${R_PWFILE}
+  certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser41.cert -d ${CONFLICT1DIR}
+  # modify CONFLICTDIR potentially corrupting the database
+  certutil -A -n "Alice #1" -t C,, -i ${R_CADIR}/TestUser42.cert -d ${CONFLICT1DIR} -f ${R_PWFILE}
+  certutil -M -n "Alice #1" -t ,, -d ${CONFLICT1DIR} -f ${R_PWFILE}
+  certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser43.cert -d ${CONFLICT1DIR}
+  certutil -A -n Alice -t ,, -i ${R_CADIR}/TestUser44.cert -d ${CONFLICT2DIR}
+  certutil -A -n "Alice #1" -t ,, -i ${R_CADIR}/TestUser45.cert -d ${CONFLICT2DIR}
+  certutil -A -n "Alice #99" -t ,, -i ${R_CADIR}/TestUser46.cert -d ${CONFLICT2DIR}
+  if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
+	NSS_DEFAULT_DB_TYPE=${save}; export NSS_DEFAULT_DB_TYPE
+  fi
+
+  #
+  # allow all the tests to run in standalone mode.
+  #  in standalone mode, TEST_MODE is not set.
+  #  if NSS_DEFAULT_DB_TYPE is dbm, then test merge with dbm
+  #  if NSS_DEFAULT_DB_TYPE is sql, then test merge with sql
+  #  if NSS_DEFAULT_DB_TYPE is not set, then test database upgrade merge
+  #   from dbm databases (created above) into a new sql db.
+  if [ -z "${TEST_MODE}" ] && [ ${HAS_EXPLICIT_DB} -eq 0 ]; then
+	echo "*** Using Standalone Upgrade DB mode"
+	NSS_DEFAULT_DB_TYPE=sql; export NSS_DEFAULT_DB_TYPE
+	echo certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+	${BINDIR}/certutil --upgrade-merge --source-dir ${P_R_ALICEDIR} --upgrade-id local -d ${PROFILE}  -f ${R_PWFILE} -@ ${R_PWFILE}
+	TEST_MODE=UPGRADE_DB
+
+  fi
+	
+}
+
+#
+# this allows us to run this test for both merge and upgrade-merge cases.
+# merge_cmd takes the potential upgrade-id and the rest of the certutil
+# arguments.
+#
+merge_cmd()
+{
+  MERGE_CMD=--merge
+  if [ "${TEST_MODE}" = "UPGRADE_DB" ]; then
+     MERGE_CMD="--upgrade-merge --upgrade-token-name OldDB --upgrade-id ${1}"
+  fi
+  shift
+  echo certutil ${MERGE_CMD} $*
+  ${PROFTOOL} ${BINDIR}/certutil ${MERGE_CMD} $*
+}
+
+
+merge_main()
+{
+  # first create a local sdr key and encrypt some data with it
+  # This will cause a colision with the SDR key in ../SDR.
+  echo "$SCRIPTNAME: Creating an SDR key & Encrypt"
+  echo "sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}"
+  ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE3} -t Test2 -f ${R_PWFILE}
+  html_msg $? 0 "Creating SDR Key"
+
+  # Now merge in Dave
+  # Dave's cert is already in alicedir, but his key isn't. This will make
+  # sure we are updating the keys and CKA_ID's on the certificate properly.
+  MERGE_ID=dave
+  echo "$SCRIPTNAME: Merging in Key for Existing user"
+  merge_cmd dave --source-dir ${P_R_DAVEDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+  html_msg $? 0 "Merging Dave"
+
+  # Merge in server
+  # contains a CRL and new user certs
+  MERGE_ID=server
+  echo "$SCRIPTNAME: Merging in new user "
+  merge_cmd server --source-dir ${P_R_SERVERDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+  html_msg $? 0 "Merging server"
+
+  # Merge in ext_client
+  # contains a new certificate chain and additional trust flags
+  MERGE_ID=ext_client
+  echo "$SCRIPTNAME: Merging in new chain "
+  merge_cmd ext_client --source-dir ${P_R_EXT_CLIENTDIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+  html_msg $? 0 "Merging ext_client"
+
+  # Merge conflicting nicknames in conflict1dir
+  # contains several certificates with nicknames that conflict with the target
+  # database
+  MERGE_ID=conflict1
+  echo "$SCRIPTNAME: Merging in conflicting nicknames 1"
+  merge_cmd conflict1 --source-dir ${CONFLICT1DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+
+  html_msg $? 0 "Merging conflicting nicknames 1"
+
+  # Merge conflicting nicknames in conflict2dir
+  # contains several certificates with nicknames that conflict with the target
+  # database
+  MERGE_ID=conflict2
+  echo "$SCRIPTNAME: Merging in conflicting nicknames 1"
+  merge_cmd conflict2 --source-dir ${CONFLICT2DIR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+  html_msg $? 0 "Merging conflicting nicknames 2"
+
+  # Make sure conflicted names were properly sorted out.
+  echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #4)"
+  certutil -L -n "Alice #4" -d ${PROFILE}
+  html_msg $? 0 "Verify nicknames were deconflicted (Alice #4)"
+
+  # Make sure conflicted names were properly sorted out.
+  echo "$SCRIPTNAME: Verify nicknames were deconflicted (Alice #100)"
+  certutil -L -n "Alice #100" -d ${PROFILE}
+  html_msg $? 0 "Verify nicknames were deconflicted (Alice #100)"
+
+  # Merge in SDR
+  # contains a secret SDR key
+  MERGE_ID=SDR
+  echo "$SCRIPTNAME: Merging in SDR "
+  merge_cmd sdr --source-dir ${P_R_SDR} -d ${PROFILE} -f ${R_PWFILE} -@ ${R_PWFILE}
+  html_msg $? 0 "Merging SDR"
+
+  # insert a listing of the database into the log for diagonic purposes
+  ${BINDIR}/certutil -L -d ${PROFILE}
+  ${BINDIR}/crlutil -L -d ${PROFILE}
+
+  # Make sure we can decrypt with our original SDR key generated above
+  echo "$SCRIPTNAME: Decrypt - With Original SDR Key"
+  echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}"
+  ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t Test2 -f ${R_PWFILE}
+  html_msg $? 0 "Decrypt - Value 3"
+
+  # Make sure we can decrypt with our the SDR key merged in from ../SDR
+  echo "$SCRIPTNAME: Decrypt - With Merged SDR Key"
+  echo "sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}"
+  ${PROFTOOL} ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE1} -t Test1 -f ${R_PWFILE}
+  html_msg $? 0 "Decrypt - Value 1"
+
+  # Make sure we can sign with merge certificate
+  echo "$SCRIPTNAME: Signing with merged key  ------------------"
+  echo "cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig"
+  ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d ${PROFILE} -p nss -o dave.dsig
+  html_msg $? 0 "Create Detached Signature Dave" "."
+
+  echo "cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE} "
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i dave.dsig -c alice.txt -d ${PROFILE}
+  html_msg $? 0 "Verifying Dave's Detached Signature"
+
+  # Make sure that trust objects were properly merged
+  echo "$SCRIPTNAME: verifying  merged cert  ------------------"
+  echo "certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}"
+  ${PROFTOOL} ${BINDIR}/certutil -V -n ExtendedSSLUser -u C -d ${PROFILE}
+  html_msg $? 0 "Verifying ExtendedSSL User Cert"
+
+  # Make sure that the crl got properly copied in
+  echo "$SCRIPTNAME: verifying  merged crl  ------------------"
+  echo "crlutil -L -n TestCA -d ${PROFILE}"
+  ${PROFTOOL} ${BINDIR}/crlutil -L -n TestCA -d ${PROFILE}
+  html_msg $? 0 "Verifying TestCA CRL"
+
+}
+  
+############################## smime_cleanup ###########################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+merge_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+merge_init
+merge_main
+echo "TEST_MODE=${TEST_MODE}"
+echo "NSS_DEFAULT_DB_TYPE=${NSS_DEFAULT_DB_TYPE}"
+merge_cleanup
+
+
diff --git a/nss/tests/mksymlinks b/nss/tests/mksymlinks
new file mode 100755
index 0000000..aae3386
--- /dev/null
+++ b/nss/tests/mksymlinks
@@ -0,0 +1,115 @@
+#! /bin/sh
+
+O_OPTIONS=OFF
+. `dirname $0`/header
+
+if [ $O_DEBUG = ON ] ; then
+        Debug "NTDIST $NTDIST"
+        Debug "UXDIST $UXDIST"
+        Debug "TESTSCRIPTDIR $TESTSCRIPTDIR"
+fi
+
+if [ -d "$NSS_VER_DIR" ] ; then
+    cd $NSS_VER_DIR
+else
+    glob_usage "cant cd to $NSS_VER_DIR Exiting"
+fi
+
+if [ -d "$NTDIST" ] ; then
+    cd $NTDIST
+    if [  ! -h WINNT5.0_DBG.OBJ -a ! -d WINNT5.0_DBG.OBJ ] ; then 
+        ln -s WINNT4.0_DBG.OBJ WINNT5.0_DBG.OBJ
+    fi
+    if [  ! -h WINNT5.0_DBG.OBJD -a ! -d WINNT5.0_DBG.OBJD ] ; then 
+        ln -s WINNT4.0_DBG.OBJD WINNT5.0_DBG.OBJD
+    fi
+    if [  ! -h WINNT5.0_OPT.OBJ -a ! -d WINNT5.0_OPT.OBJ ] ; then 
+        ln -s WINNT4.0_OPT.OBJ WINNT5.0_OPT.OBJ
+    fi
+    if [  ! -h WINNT5.1_DBG.OBJ -a ! -d WINNT5.1_DBG.OBJ ] ; then 
+        ln -s WINNT4.0_DBG.OBJ WINNT5.1_DBG.OBJ
+    fi
+    if [  ! -h WINNT5.1_DBG.OBJD -a ! -d WINNT5.1_DBG.OBJD ] ; then 
+        ln -s WINNT4.0_DBG.OBJD WINNT5.1_DBG.OBJD
+    fi
+    if [  ! -h WINNT5.1_OPT.OBJ -a ! -d WINNT5.1_OPT.OBJ ] ; then 
+        ln -s WINNT4.0_OPT.OBJ WINNT5.1_OPT.OBJ
+    fi
+    
+    if [ $O_DEBUG = ON ] ; then
+        tell
+    fi
+else
+    if [ $O_DEBUG = ON ] ; then
+        Debug "WARNING!!! cant cd to $NTDIST "
+    fi
+fi
+
+if [ -d "$UXDIST" ]
+then
+    cd $UXDIST
+else
+    glob_usage "Error!!! cant cd to $UXDIST "
+fi
+
+ErrorFlag=0
+
+#if [  ! -h OSF1V5.1_DBG.OBJ -a ! -d OSF1V5.1_DBG.OBJ ] ; then 
+    #ln -s OSF1V4.0D_DBG.OBJ OSF1V5.1_DBG.OBJ || ErrorFlag=1
+#fi
+#if [  ! -h OSF1V5.1_OPT.OBJ -a ! -d OSF1V5.1_OPT.OBJ ] ; then 
+    #ln -s OSF1V4.0D_OPT.OBJ OSF1V5.1_OPT.OBJ || ErrorFlag=1
+#fi
+#if [  ! -h OSF1V5.0_DBG.OBJ -a ! -d OSF1V5.0_DBG.OBJ ] ; then 
+    #ln -s OSF1V4.0D_DBG.OBJ OSF1V5.0_DBG.OBJ || ErrorFlag=1
+#fi
+#if [  ! -h OSF1V5.0_OPT.OBJ -a ! -d OSF1V5.0_OPT.OBJ ] ; then 
+    #ln -s OSF1V4.0D_OPT.OBJ OSF1V5.0_OPT.OBJ || ErrorFlag=1
+#fi
+if [  ! -h SunOS5.9_64_DBG.OBJ  -a ! -d  SunOS5.9_64_DBG.OBJ ] ; then 
+    ln -s SunOS5.8_64_DBG.OBJ SunOS5.9_64_DBG.OBJ || ErrorFlag=1
+fi
+if [  ! -h SunOS5.9_64_OPT.OBJ  -a ! -d  SunOS5.9_64_OPT.OBJ ] ; then 
+    ln -s SunOS5.8_64_OPT.OBJ SunOS5.9_64_OPT.OBJ || ErrorFlag=1
+fi
+if [  ! -h SunOS5.9_DBG.OBJ  -a ! -d  SunOS5.9_DBG.OBJ ] ; then 
+    ln -s SunOS5.8_DBG.OBJ SunOS5.9_DBG.OBJ || ErrorFlag=1
+fi
+if [  ! -h SunOS5.9_OPT.OBJ  -a ! -d  SunOS5.9_OPT.OBJ ] ; then 
+    ln -s SunOS5.8_OPT.OBJ SunOS5.9_OPT.OBJ || ErrorFlag=1
+fi
+#sonmi - still leaving the section in there so 3.3 and 3.2 will not break
+#since 5.8 is the masterbuild it should never be executed
+#additionally: only creat link if the slave build is present, but 
+#master is not
+#if [  ! -h SunOS5.8_DBG.OBJ -a ! -d  SunOS5.8_DBG.OBJ ]  ; then 
+    #if [ -d SunOS5.6_DBG.OBJ ] ; then
+        #ln -s SunOS5.6_DBG.OBJ SunOS5.8_DBG.OBJ || ErrorFlag=1
+    #fi
+#fi
+#if [  ! -h SunOS5.8_OPT.OBJ -a ! -d  SunOS5.8_OPT.OBJ ] ; then 
+    #if [ -d SunOS5.6_OPT.OBJ ] ; then
+        #ln -s SunOS5.6_OPT.OBJ SunOS5.8_OPT.OBJ || ErrorFlag=1
+    #fi
+#fi
+#if [ ! -h Linux2.4_x86_glibc_PTH_DBG.OBJ -a ! -d Linux2.4_x86_glibc_PTH_DBG.OBJ]
+#then
+    #ln -s Linux2.2_x86_glibc_PTH_DBG.OBJ Linux2.4_x86_glibc_PTH_DBG.OBJ || ErrorFlag=1
+#fi
+#if [ ! -h Linux2.4_x86_glibc_PTH_OPT.OBJ -a ! -d Linux2.4_x86_glibc_PTH_OPT.OBJ]
+#then
+    #ln -s Linux2.2_x86_glibc_PTH_OPT.OBJ Linux2.4_x86_glibc_PTH_OPT.OBJ || ErrorFlag=1
+#fi
+
+if [  ! -h SunOS5.9_i86pc_DBG.OBJ  -a ! -d SunOS5.9_i86pc_DBG.OBJ ] ; then 
+    ln -s SunOS5.8_i86pc_DBG.OBJ SunOS5.9_i86pc_DBG.OBJ || ErrorFlag=1
+fi
+if [  ! -h SunOS5.9_i86pc_OPT.OBJ  -a ! -d SunOS5.9_i86pc_OPT.OBJ ] ; then 
+    ln -s SunOS5.8_i86pc_OPT.OBJ SunOS5.9_i86pc_OPT.OBJ || ErrorFlag=1
+fi
+
+if [ $O_DEBUG = ON ] ; then
+    tell
+fi
+
+exit $ErrorFlag #no cleanup here, no tempfiles
diff --git a/nss/tests/mpi/mpi.sh b/nss/tests/mpi/mpi.sh
new file mode 100644
index 0000000..5cda516
--- /dev/null
+++ b/nss/tests/mpi/mpi.sh
@@ -0,0 +1,40 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+mpi_init()
+{
+  SCRIPTNAME="mpi.sh"
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  SCRIPTNAME="mpi.sh"
+  html_head "MPI tests"
+}
+
+mpi_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+mpi_init
+tests=($(mpi_tests list | awk '{print $1}'))
+for test in "${tests[@]}"
+do
+  OUT=$(mpi_tests $test 2>&1)
+  [ ! -z "$OUT" ] && echo "$OUT"
+  OUT=`echo $OUT | grep -i 'error\|Assertion failure'`
+
+  if [ -n "$OUT" ] ; then
+    html_failed "mpi $test test"
+  else
+    html_passed "mpi $test test"
+  fi
+done
+
+mpi_cleanup
diff --git a/nss/tests/multinit/multinit.sh b/nss/tests/multinit/multinit.sh
new file mode 100755
index 0000000..6ec605f
--- /dev/null
+++ b/nss/tests/multinit/multinit.sh
@@ -0,0 +1,158 @@
+#! /bin/sh  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/multinit/multinit.sh
+#
+# Script to test NSS multinit
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## multinit_init ##############################
+# local shell function to initialize this script
+########################################################################
+multinit_init()
+{
+  SCRIPTNAME=multinit.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  SCRIPTNAME=multinit.sh
+
+  html_head "MULTI Tests"
+
+  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
+  }
+
+  # set up our directories
+  MULTINITDIR=${HOSTDIR}/multinit
+  MULTINITDIR_1=${MULTINITDIR}/dir1
+  MULTINITDIR_2=${MULTINITDIR}/dir2
+  MULTINITDIR_3=${MULTINITDIR}/dir3
+  R_MULINITDIR=../multinit
+  R_MULTINITDIR_1=${R_MULTINITDIR}/dir1
+  R_MULTINITDIR_2=${R_MULTINITDIR}/dir2
+  R_MULTINITDIR_3=${R_MULTINITDIR}/dir3
+  # first create them all
+  mkdir -p ${MULTINITDIR}
+  mkdir -p ${MULTINITDIR_1}
+  mkdir -p ${MULTINITDIR_2}
+  mkdir -p ${MULTINITDIR_3}
+  # now copy them fro alice, bob, and dave
+  cd ${MULTINITDIR}
+  cp ${P_R_ALICEDIR}/* ${MULTINITDIR_1}/
+  cp ${P_R_BOBDIR}/*   ${MULTINITDIR_2}/
+  cp ${P_R_DAVEDIR}/*  ${MULTINITDIR_3}/
+  # finally delete the RootCerts module to keep the certificate noice in the
+  # summary lines down
+  echo | modutil -delete RootCerts -dbdir ${MULTINITDIR_1}
+  echo | modutil -delete RootCerts -dbdir ${MULTINITDIR_2}
+  echo | modutil -delete RootCerts -dbdir ${MULTINITDIR_3}
+  MULTINIT_TESTS=${QADIR}/multinit/multinit.txt
+}
+
+
+############################## multinit_main ##############################
+# local shell function to test basic signed and enveloped messages 
+# from 1 --> 2"
+########################################################################
+multinit_main()
+{
+  html_head "Multi init interface testing"
+  exec < ${MULTINIT_TESTS}
+  while read order commands shutdown_type dirs readonly testname
+  do
+    if [ "$order" != "#" ]; then
+	read tag expected_result
+
+	# handle the case where we expect different results based on
+	# the database type.
+	if [ "$tag" != "all" ]; then
+	    read tag2 expected_result2
+	    if [ "$NSS_DEFAULT_DB_TYPE" == "$tag2" ]; then
+		expected_result=$expected_result2
+	    fi
+	fi
+
+	# convert shutdown type to option flags
+	shutdown_command="";
+	if [ "$shutdown_type" == "old" ]; then
+	   shutdown_command="--oldStype"
+	fi
+
+	# convert read only to option flags
+	ro_command="";
+	case $readonly in
+        all)  ro_command="--main_readonly --lib1_readonly --lib2_readonly";;
+        libs) ro_command="--lib1_readonly --lib2_readonly";;
+        main) ro_command="--main_readonly";;
+        lib1) ro_command="--lib1_readonly";;
+        lib2) ro_command="--lib2_readonly";;
+	none) ;;
+	*) ;;
+	esac
+
+	# convert commands to option flags
+	main_command=`echo $commands | sed -e 's;,.*$;;'`
+	lib1_command=`echo $commands | sed -e 's;,.*,;+&+;' -e 's;^.*+,;;' -e 's;,+.*$;;'`
+	lib2_command=`echo $commands | sed -e 's;^.*,;;'`
+
+	# convert db's to option flags
+	main_db=`echo $dirs | sed -e 's;,.*$;;'`
+	lib1_db=`echo $dirs | sed -e 's;,.*,;+&+;' -e 's;^.*+,;;' -e 's;,+.*$;;'`
+	lib2_db=`echo $dirs | sed -e 's;^.*,;;'`
+
+	# show us the command we are executing
+	echo ${PROFILETOOL} ${BINDIR}/multinit --order $order --main_command $main_command --lib1_command $lib1_command --lib2_command $lib2_command $shutdown_command --main_db $main_db --lib1_db $lib1_db --lib2_db $lib2_db $ro_command --main_token_name "Main" --lib1_token_name "Lib1" --lib2_token_name "Lib2" --verbose --summary 
+
+	# execute the command an collect the result. Most of the user
+	# visible output goes to stderr, so it's not captured by the pipe
+	actual_result=`${PROFILETOOL} ${BINDIR}/multinit --order $order --main_command $main_command --lib1_command $lib1_command --lib2_command $lib2_command $shutdown_command --main_db $main_db --lib1_db $lib1_db --lib2_db $lib2_db $ro_command --main_token_name "Main" --lib1_token_name "Lib1" --lib2_token_name "Lib2" --verbose --summary | grep "^result=" | sed -e 's;^result=;;'` 
+
+	# show what we got and what we expected for diagnostic purposes
+	echo "actual   = |$actual_result|"
+	echo "expected = |$expected_result|"
+	test  "$actual_result" == "$expected_result" 
+	html_msg $? 0 "$testname"
+    fi
+  done
+}
+  
+############################## multinit_cleanup ###########################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+multinit_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+multinit_init
+multinit_main
+multinit_cleanup
diff --git a/nss/tests/multinit/multinit.txt b/nss/tests/multinit/multinit.txt
new file mode 100644
index 0000000..d5296dc
--- /dev/null
+++ b/nss/tests/multinit/multinit.txt
@@ -0,0 +1,79 @@
+#
+# This file defines the tests for multiple initialization of NSS in
+#  different libraries.
+#
+# Test description lines control the parameters for the multinit test program.
+#
+# Init order: Upper case/digits indicate an init call, lower case indicate
+# a shutdown call.
+# 	M,m-Main 1,i-lib1, 2,z-lib2
+# Main calls the traditional NSS init calls (simulating the main application)
+# lib1 and lib2 call NSS_InitContext().
+#
+# All functions call NSS_ShutdownContext unless 'main shutdown type' is set to 
+# 'old', in which case main will call the traditional NSS_Shutdown().
+#
+# Commands: comma separated list of commands to execute. These simulate
+#  executing commands from either a library or main. In each cycle, multinit
+#  will do one initialize or shutdown, then execute all the commands
+#  for any of the libraries or main that is currently initialized. The same
+#  command is executed in each cycle that it's library is initialized.
+#
+#  Commands are given in order or 'main','lib1','lib2'. Valid commands are:
+#    none - don't execute any commands for this library (or main).
+#    list_certs - list all the visible certs in the system.
+#    list_slots - list all the slots in the system.
+#    key_slot - list the current default key slot.
+#
+# Main Shutdown Type - which kind of shutdown does main call. See Init order.
+#
+# Directories - which directory should each init open. Listed in order of:
+#   (main init directory),(lib1 init directory),(lib2 init directory).
+#
+# RO - Which databases to open up read only, valid values are:
+#   all - main, lib1, and lib2
+#   none - open all directories R/W
+#   libs - lib1 & lib2
+#   main, lib1, lib2 - their respective directories only.
+#
+# Test description lines are followed by their expected summary output.
+# output lines are of the form:
+#
+# tag expected output.
+#
+# where tag is one of
+# all - applies to all database types
+# sql - expected output for sql databases
+# dbm - expected output for dbm databases
+#
+# if you do not specify all, you must have one line each for sql and dbm
+#
+#                                  main
+#  init       main,lib1,lib2   shutdown  main,lib1,lib2      Test Case name
+#  order         commands          type  directories    RO
+# ------ ------------------------  ---  -----------   ----- --------------
+  1M2zmi list_slots,list_certs,none new dir1,dir2,dir3  all  Progressive init
+all 1C<Bob>uuuC<Dave>pppC<Eve>pppC<NSS Test CA>CTCCMS<NSS Generic Crypto Services>ttS<Main>ttS<Lib1>ttC<Alice>uuuC<Bob>pupupuC<Dave>pppC<Eve>pppC<NSS Test CA>CTCC2S<NSS Generic Crypto Services>ttS<Lib2>ttS<Main>ttS<Lib1>ttC<Alice>uuuC<Bob>pupupuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCZS<NSS Generic Crypto Services>ttS<Lib2>ttS<Main>ttS<Lib1>ttC<Alice>uuuC<Bob>pupupuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCNC<Alice>uuuC<Bob>pupupuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCI
+  1M2zmi list_certs,none,none       old dir1,dir2,dir3  all  Progressive init - oldStyle
+all 1MC<Alice>uuuC<Bob>pupupuC<Dave>pppC<Eve>pppC<NSS Test CA>CTCC2C<Alice>uuuC<Bob>pupupuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCZC<Alice>uuuC<Bob>pupupuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCNIE0xffffe09a
+  12Mizm none,list_certs,none       new dir1,dir2,dir3  all  Sequenced init
+all 1C<Bob>uuuC<Dave>pppC<Eve>pppC<NSS Test CA>CTCC2C<Bob>uuuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCMC<Alice>uuuC<Bob>pupupuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCIZN
+  12Mizm none,list_certs,none       old dir1,dir2,dir3  all  Sequenced init - old Style
+all 1C<Bob>uuuC<Dave>pppC<Eve>pppC<NSS Test CA>CTCC2C<Bob>uuuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCMC<Alice>uuuC<Bob>pupupuC<Dave>pupupuC<Eve>pppC<NSS Test CA>CTCCIZN
+  1Mi2mz none,list_certs,list_slots new dir1,dir2,dir3  all  Overlap shutdown
+all 1C<Bob>uuuC<Dave>pppC<Eve>pppC<NSS Test CA>CTCCMC<Alice>uuuC<Bob>pupupuC<Dave>pppC<Eve>pppC<NSS Test CA>CTCCI2S<NSS Generic Crypto Services>ttS<Lib2>ttS<Main>ttS<Lib1>ttNS<NSS Generic Crypto Services>ttS<Lib2>ttS<Main>ttS<Lib1>ttZ
+  1Mi2mz none,key_slot,none         new dir1,dir2,dir3  all  Keyslot test
+all 1S<Lib1>ttMS<Main>ttI2NZ
+  M12miz none,key_slot,none         new dir1,dir2,dir3  all  Main init first
+all M1S<Main>tt2S<Main>ttNS<Main>ttIZ
+  M12miz key_slot,none,none         old dir1,dir2,dir3  all  Main init first - old Style
+all MS<Main>tt1S<Main>tt2S<Main>ttNIE0xffffe09aZE0xffffe09a
+  M12miz list_slots,none,none       new dir1,dir1,dir2  all  Loading the same directory twice
+all MS<NSS Generic Crypto Services>ttS<Main>tt1S<NSS Generic Crypto Services>ttS<Main>tt2S<NSS Generic Crypto Services>ttS<Lib2>ttS<Main>ttNIZ
+  M12miz list_slots,none,none       new dir1,dir1,dir2  libs  Loading the same directory twice - r/w then ro
+all MS<NSS Generic Crypto Services>ttS<Main>tf1S<NSS Generic Crypto Services>ttS<Main>tf2S<NSS Generic Crypto Services>ttS<Lib2>ttS<Main>tfNIZ
+  M12miz list_slots,none,none       new dir1,dir1,dir2  main  Loading the same directory twice - ro then r/w
+sql MS<NSS Generic Crypto Services>ttS<Main>tt1S<NSS Generic Crypto Services>ttS<Lib1>tfS<Main>tt2S<NSS Generic Crypto Services>ttS<Lib2>tfS<Lib1>tfS<Main>ttNIZ
+dbm MS<NSS Generic Crypto Services>ttS<Main>tt1S<NSS Generic Crypto Services>ttS<Main>tt2S<NSS Generic Crypto Services>ttS<Lib2>tfS<Main>ttNIZ
+ M12miM1zim key_slot,none,none       old dir1,dir2,dir3  all  Properly detect shutdown of a closed handle
+all MS<Main>tt1S<Main>tt2S<Main>ttNIE0xffffe09aMS<Main>tt1S<Main>ttZE0xffffe09aS<Main>ttIS<Main>ttN
diff --git a/nss/tests/nssdir b/nss/tests/nssdir
new file mode 100755
index 0000000..884c299
--- /dev/null
+++ b/nss/tests/nssdir
@@ -0,0 +1,28 @@
+if ( "$2" == ""  ) then
+	setenv BUILDDATE `date +%m%d`
+else
+	setenv BUILDDATE $2
+endif
+
+if ( "$1" == ""  ) then
+	setenv NSSVER tip
+else
+	setenv NSSVER $1
+endif
+
+if ( ! ${?QAYEAR} ) then 
+        setenv QAYEAR `date +%Y`
+else if ( "$QAYEAR" == ""  ) then
+	setenv QAYEAR `date +%Y`
+	
+endif
+
+setenv NSS_VER_DIR /share/builds/mccrel3/nss/nss$NSSVER
+setenv NTDIST ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/blowfish_NT4.0_Win95/mozilla/dist
+setenv UXDIST ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/dist
+setenv TESTSCRIPTDIR ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/security/nss/tests
+setenv RESULTDIR ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8/mozilla/tests_results/security
+
+cd ${NSS_VER_DIR}/builds/${QAYEAR}${BUILDDATE}.1/booboo_Solaris8
+pwd
+ls
diff --git a/nss/tests/nsspath b/nss/tests/nsspath
new file mode 100755
index 0000000..5d5ecec
--- /dev/null
+++ b/nss/tests/nsspath
@@ -0,0 +1,12 @@
+#! /bin/tcsh
+
+set PWD=`pwd`
+source /u/sonmi/bin/nssdir $*
+set OBJDIR=`(cd mozilla/security/nss/tests/common; gmake objdir_name)`
+setenv PATH `perl /u/sonmi/bin/path_uniq -s "${PATH}:${UXDIST}/${OBJDIR}/bin"`
+if ( `uname -n` == "iws-perf" ) then
+    setenv LD_LIBRARY_PATH "${UXDIST}/${OBJDIR}/lib:/opt/nfast/toolkits/pkcs11"
+else
+    setenv LD_LIBRARY_PATH "${UXDIST}/${OBJDIR}/lib"
+endif
+cd $PWD
diff --git a/nss/tests/nssqa b/nss/tests/nssqa
new file mode 100755
index 0000000..4411281
--- /dev/null
+++ b/nss/tests/nssqa
@@ -0,0 +1,286 @@
+#! /bin/sh
+
+########################################################################
+#
+# /u/sonmi/bin/nssqa - /u/svbld/bin/init/nss/nssqa
+#
+# this script is supposed to automatically run QA for NSS on all required
+# Unix and Windows (NT and 2000) platforms
+#
+# parameters
+# ----------
+#   nssversion  (supported: 30b, 31, tip)
+#   builddate   (default - today)
+#
+# options
+# -------
+#   -y answer all questions with y - use at your own risk...ignores warnings
+#   -s silent (only usefull with -y)
+#   -h, -? - you guessed right - displays this text
+#   -d debug
+#   -f <filename> - write the (error)output to filename
+#   -cron equivalient to -y -s -d -f $RESULTDIR/$HOST.nssqa
+# 
+# 12/1/00
+# took out the (unused) local directory for releasebuild QA on NT
+# cleaned up 32 - 64 bit issues
+# took hardcoded machinenames out
+########################################################################
+
+O_OPTIONS=ON            # accept options (see above for listing)
+WIN_WAIT_FOREVER=ON     # first we wait forever for a TESTDIR to appear, than 
+                        # we wait forever for the build to finish...
+
+TBX_EXIT=50             # in case we are running on a tinderbox build, any 
+                        # early exit needs to return an error
+. `dirname $0`/header   # utilities, shellfunctions etc, global to NSS QA
+
+if [ -z "$O_TBX" -o "$O_TBX" != "ON" ] ; then
+    is_running ${TMP}/nssqa 
+                        # checks if the file exists, if yes Exits, if not 
+                        # creates to implement a primitive locking mechanism
+fi
+
+KILL_SELFSERV=OFF       # cleanup will also kill the leftover selfserv processes
+
+################################ check_distdir #########################
+# local shell function to check if the DIST directory exists, if not there 
+# is no use to continue the test
+########################################################################
+check_distdir()
+{
+    set_objdir
+
+    if [ ! -d "$LOCALDIST_BIN" ]
+    then
+        Debug "Dist $DIST"
+        Warning "$LOCALDIST_BIN (the dist binaries dir) does not exist"
+        return 1
+    fi
+
+    if [ ! -d "$LOCALDIST" -a ! -h "$LOCALDIST" ]
+    then
+        Debug "Dist $DIST"
+        Warning "$LOCALDIST (the dist directory) does not exist"
+        return 1
+    fi
+
+    Debug "LOCALDIST_BIN $LOCALDIST_BIN"
+    Debug "Dist $DIST"
+    return 0
+}
+
+################################ run_all ###############################
+# local shell function to start the all.sh after asking user and redirect 
+# the output apropriately
+########################################################################
+run_all()        
+{
+    check_distdir || return 1
+    #kill_by_name selfserv
+    ask "Testing $OBJDIR continue with all.sh" "y" "n" || Exit
+
+    Debug "running all.sh in `pwd`"
+    if [ $O_SILENT = ON ]
+    then
+        if [ $O_DEBUG = ON -a $O_FILE = ON ]
+        then
+            all.sh >>$FILENAME 2>>$FILENAME
+        else
+            all.sh >/dev/null 2>/dev/null
+        fi
+    else
+        all.sh
+    fi
+    Debug "Done with all.sh "
+    line
+}
+
+all_sh()
+{
+    echo
+}
+
+
+########################### wait_for_build #############################
+# local shell function to wait until the build is finished
+########################################################################
+wait_for_build()
+{
+  if [ $O_WIN = "ON" ]
+  then
+      WaitForever ${OSDIR}/SVbuild.InProgress.1 0 
+                     #Wait for the build to finish Windows a lot longer
+      OS_TARGET=WINNT;export OS_TARGET;Debug "OS_TARGET set to $OS_TARGET"
+      QA_OS_NAME=`cd ${TESTSCRIPTDIR}/common; gmake objdir_name | \
+          sed -e "s/WINNT4.0.*/Windows-NT-4.0/" -e "s/WINNT5.0.*/Windows-2000/"`
+      Echo "WINDOWS-OS-LINE: $QA_OS_NAME"
+  else
+      Wait ${OSDIR}/SVbuild.InProgress.1 0     
+                     #Wait for the build to finish... Unix a few hours
+      qa_stat_get_sysinfo
+      Echo "UNIX-OS-LINE: $QA_OS"
+  fi
+  find_nt_masterbuild
+}
+
+
+########################### map_os #############################
+# local shell function: From the operatingsystem figure out the name of 
+#     the build ; needed to detemine if the build finished, passed and for
+#     the directory names
+########################################################################
+map_os32()
+{
+    case `uname -s` in
+        SunOS)
+            S_REL=`uname -r | sed -e "s/^[^\.]*\.//g"`
+            if [ `uname -p` = "i386" ] ; then
+                MAPPED_OS=Solaris8_x86
+            elif [ "$S_REL" -lt 8 ] ; then
+                MAPPED_OS=Solaris2.6
+            else
+                MAPPED_OS=Solaris8_forte6
+            fi
+            ;;
+        OSF1)
+            MAPPED_OS=OSF1V4.0
+            ;;
+        Darwin)
+            MAPPED_OS=Darwin6.5
+            ;;	
+        AIX)
+            MAPPED_OS=AIX4.3
+            ;;
+        Linux)
+            RH_MR=`cat /etc/redhat-release | sed \
+                -e "s/Red Hat Linux release //" -e "s/ .*//g" \
+                -e "s/\..*//g"`
+            
+            if [ "$RH_MR" = "6" ] ; then
+                MAPPED_OS=Linux2.2
+            else
+                MAPPED_OS=Linux2.4
+                LD_ASSUME_KERNEL="2.2.5"
+                export LD_ASSUME_KERNEL
+            fi
+            ;;
+        HP-UX)
+            MAPPED_OS=HPUX11.00
+            ;;
+        *)
+            if [ "$os_name" = "Windows" ]
+            then
+                MAPPED_OS=NT4.0
+            else
+                Exit "Sorry, operating system `uname -s` is not supported yet"
+            fi
+            ;;
+    esac
+    set_osdir
+    Debug "Mapped OS to $MAPPED_OS"
+}
+
+############################# nssqa_main ###############################
+# local shell function main controlling function of the nss qa
+########################################################################
+nssqa_main()
+{
+  Debug "In function nssqa_main"
+
+  if [ $O_WIN = "OFF" -a "$O_TBX" = "OFF" -a $O_LOCAL = "OFF" ] ; then
+      if [ ! -h ${NTDIST}/WINNT5.0_DBG.OBJ -o \
+              ! -h ${UXDIST}/SunOS5.8_OPT.OBJ -o \
+              ! -h ${UXDIST}/OSF1V5.0_DBG.OBJ ] ; then
+          # determine if all needed symbolic links are present, in case
+          # we build on one platform and QA on another
+          # create the symbolic links
+          #mksymlinks $* ||
+          `dirname $0`/mksymlinks  $NSSVER $BUILDDATE ||
+              Warning "Can't make the neccessary symbolic links"
+      fi
+  fi
+
+  if [ -d $TESTSCRIPTDIR ]    #the directory mozilla/security/nss/tests, 
+  then            # where all.sh lives
+      cd $TESTSCRIPTDIR
+  else
+      Exit "cant cd to $TESTSCRIPTDIR Exiting"
+  fi
+
+  Debug "Testing from `pwd`"
+  line
+  Debug "HOST: $HOST, DOMSUF: $DOMSUF"
+
+  if [  "$O_TBX" = "OFF" ] ; then
+      map_os32 # From the operatingsystem figure out the name of the build 
+      Debug Testing build for $MAPPED_OS in $OSDIR
+      wait_for_build
+  fi
+  run_all
+  BUILD_OPT=1; export BUILD_OPT; Debug "BUILD_OPT $BUILD_OPT"
+  run_all
+  
+  # now for the 64 bit build!
+  map_os64 # From the operatingsystem figure out the name of the build 
+  if [ -n "$IS_64" ] ; then #Wait for the 64 bit build to finish...
+      Debug "This is a $IS_64 platform"
+      USE_64=1;export USE_64;Debug "Use_64 set to $USE_64"
+      unset BUILD_OPT;export BUILD_OPT;Debug "BUILD_OPT $BUILD_OPT"
+
+      run_all
+      BUILD_OPT=1; export BUILD_OPT; Debug "BUILD_OPT $BUILD_OPT"
+      run_all
+  elif [ "$O_WIN" = "ON" ] ; then
+      OS_TARGET=WIN95;export OS_TARGET
+      Debug "OS_TARGET set to $OS_TARGET"
+      #Echo "WINDOWS-OS-LINE: $os_name $os_full $OS_TARGET"
+      unset BUILD_OPT;export BUILD_OPT;Debug "BUILD_OPT $BUILD_OPT"
+      #if [ "$TEST_LEVEL" = "0" ] ; then
+          #QA_OS_NAME=`cd ${TESTSCRIPTDIR}/common; gmake objdir_name | \
+              #sed -e "s/WINNT4.0.*/Windows-NT-4.0/" -e \
+                     #"s/WINNT5.0.*/Windows-2000/"`
+          #Echo "WINDOWS-OS-LINE: $QA_OS_NAME $OS_TARGET"
+      #fi
+      run_all
+      BUILD_OPT=1; export BUILD_OPT; Debug "BUILD_OPT $BUILD_OPT"
+      run_all
+  else
+      Debug "This is a 32 bit platform"
+  fi
+}
+  
+TEST_LEVEL=0
+
+while [ $TEST_LEVEL -lt 2 ] ; do 
+    export TEST_LEVEL
+    unset BUILD_OPT;export BUILD_OPT;Debug "BUILD_OPT $BUILD_OPT"
+    unset USE_64;export USE_64;Debug "USE_64 $USE_64"
+    bc $TEST_LEVEL
+    Debug "About to start nssqa_main"
+    if [ $O_FILE = ON -a "$O_WIN" != "ON" ] ; then
+        nssqa_main 2>>$FILENAME
+    else
+        nssqa_main
+    fi
+    if [  "$O_TBX" = "ON" ] ; then      # do not do backward compatibility 
+         TEST_LEVEL=3                   # testing on tinderbox
+    else
+         TEST_LEVEL=`expr $TEST_LEVEL + 1 `
+    fi
+done
+
+if [  "$O_TBX" = "ON" -o "$O_LOCAL" = "ON" ] ; then
+#FIXME - maybe it should be copied back to the networkdrive later (-ln)
+    if [ -n "${TMPFILES}" ] ; then #caused problems on tinderbox machines
+        Debug "rm -f ${TMPFILES}"
+        rm -f $TMPFILES 2>/dev/null
+    fi
+    Debug "running qa_stat"
+    . `dirname $0`/qa_stat
+fi
+
+  
+qa_stat_get_sysinfo
+
+Exit "nssqa completed. Done `uname -n` $QA_OS_STRING"
diff --git a/nss/tests/ocsp/ocsp.sh b/nss/tests/ocsp/ocsp.sh
new file mode 100644
index 0000000..246e6e3
--- /dev/null
+++ b/nss/tests/ocsp/ocsp.sh
@@ -0,0 +1,54 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/ocsp/ocsp.sh
+#
+# Script to test NSS OCSP
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## ssl_init ################################
+# local shell function to initialize this script
+########################################################################
+ocsp_init()
+{
+  SCRIPTNAME=ocsp.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+  
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ -z "${IOPR_OCSP_SOURCED}" ]; then
+      . ../iopr/ocsp_iopr.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  SCRIPTNAME=ocsp.sh
+  echo "$SCRIPTNAME: OCSP tests ==============================="
+
+  REQF=${QADIR}/ssl/sslreq.dat
+
+  cd ${CLIENTDIR}
+}
+
+################## main #################################################
+ocsp_init
+ocsp_iopr_run
diff --git a/nss/tests/path_uniq b/nss/tests/path_uniq
new file mode 100755
index 0000000..f29f60a
--- /dev/null
+++ b/nss/tests/path_uniq
@@ -0,0 +1,107 @@
+#! /bin/perl
+
+########################################################################
+#
+# /u/sonmi/bin/path_uniq
+#
+# this script makes components of a PATH like string unique cand prints
+# it to stdout
+#
+# parameters
+# ----------
+#    PATH
+#
+# options
+# -------
+#     -d delimiter - default : 
+#     -s shortens the path
+#
+# usefull enhancements: in the usage part, try to guess what was meant as 
+# a path and echo it to stdout to not break for PATHs with blanks
+#
+########################################################################
+
+sub usage {
+    print STDERR "usage $0 [-s] [-d <delimiter>] PATH\n";
+    print STDERR "    this script makes components of the PATH unique, if you\n";
+    print STDERR "    pass in a searchpath A:B:C:A:B:E it will print A:B:C:E to\n";
+    print STDERR "    the stdout\n\n";
+    print STDERR "    -s will mercylessly cut components from the path, \n";
+    print STDERR "    use at your own risk\n\n";
+    print STDERR "    the parameters you gave were: \n";
+    for ( $i = 0; $i <= $#ARGV; $i++ ) {
+        print STDERR "        $ARGV[$i]\n";
+    }
+    exit ;
+}
+
+
+$i = 0;
+$j = 0;
+$delimiter = ":";
+$searchpath = "";
+@pathcomponents;
+$found=0;
+$newpath="";
+$shorten=0;
+
+for ( $i=0; $i <= $#ARGV; $i++) {
+    if ( $ARGV[$i] eq '-d' ) {
+        $delimiter = $ARGV[++$i];
+    } elsif  ( $ARGV[$i] eq '-s' ) {
+        $shorten=1;
+    } else {
+        $searchpath = $ARGV[$i];
+    }
+}
+if ( $searchpath eq "" ) {
+    usage;
+}
+#print STDERR "delimiter $delimiter\n";
+#print STDERR "shorten $shorten\n";
+#print STDERR "searchpath $searchpath\n";
+
+@pathcomponents=split($delimiter, $searchpath);
+
+for ( $i = 0; $i <= $#pathcomponents; $i++ ) {
+    $found=0;
+    if ( $shorten == 1 ) {
+        if ( "\/tools\/ns-arch\/sparc_sun_solaris2\.4\/lib\/sparcworks\/SUNWspro/bin" eq $pathcomponents[$i] ||
+              "\/h\/tortoise\/export\/share\/builds\/tools\/sparc_sun_solaris2\.5\.1\/perl5\.004\/bin" eq $pathcomponents[$i] ||
+              "\/usr\/dist\/local\/exe" eq $pathcomponents[$i] ||
+              "\/opt\/SUNWspro\/bin" eq $pathcomponents[$i] ||
+              "\/opt\/SUNWwabi\/bin" eq $pathcomponents[$i] ||
+              "\/u\/svbld\/bin" eq $pathcomponents[$i] ||
+              "\/usr\/demos" eq $pathcomponents[$i] ||
+              "\/usr\/audio\/bin" eq $pathcomponents[$i] ||
+              "\/usr\/openwin\/demo" eq $pathcomponents[$i] ||
+              "\/tools\/contrib\/bin" eq $pathcomponents[$i] ||
+              "\/usr\/etc\/" eq $pathcomponents[$i] ||
+              "\/usr\/demos\/bin" eq $pathcomponents[$i] ) {
+
+            
+            #print "dumped: $pathcomponents[$i]\n";
+            next;
+        }
+            #print "keep: $pathcomponents[$i]\n";
+    }
+    for ( $j = 0; $j < $i; $j++ ) {
+        if ( $pathcomponents[$j] eq $pathcomponents[$i] ) {
+            #print "$i and $j match - $pathcomponents[$i] - $pathcomponents[$j]\n";
+            $found=1;
+            last;
+        }
+    }
+    if ( $found == 0 ) {
+        #print "$pathcomponents[$i]:";
+        if ($i == 0) {
+            $newpath = $pathcomponents[$i];
+        } else {
+            $newpath=join($delimiter, $newpath,$pathcomponents[$i]);
+        }
+    }
+}
+print "$newpath\n";
+exit;
+
+
diff --git a/nss/tests/perf/perf.sh b/nss/tests/perf/perf.sh
new file mode 100755
index 0000000..b398a0e
--- /dev/null
+++ b/nss/tests/perf/perf.sh
@@ -0,0 +1,61 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/perf/perf.sh
+#
+# script run from the nightly NSS QA to measure nss performance
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## perf_init ##############################
+# local shell function to initialize this script
+########################################################################
+
+perf_init()
+{
+  SCRIPTNAME="perf.sh"
+  if [ -z "${INIT_SOURCED}" ] ; then
+      cd ../common
+      . ./init.sh
+  fi
+  SCRIPTNAME="perf.sh"
+  PERFDIR=${HOSTDIR}/perf
+  mkdir -p ${PERFDIR}
+}
+
+perf_init
+cd ${PERFDIR}
+RSAPERF_OUT=`${BINDIR}/rsaperf -i 300 -s -n none`
+RSAPERF_OUT=`echo $RSAPERF_OUT | sed \
+                -e "s/^/RSAPERF: $OBJDIR /" \
+                -e 's/microseconds/us/' \
+                -e 's/milliseconds/ms/' \
+                -e 's/seconds/s/' \
+                -e 's/ minutes, and /_min_/'`
+
+echo "$RSAPERF_OUT"
+
+
+
+#FIXME
+#export RSAPERF_OUT
+#
+#perl -e '
+
+#@rsaperf=split(/ /, $ENV{RSAPERF_OUT});
+
+#echo "${RSAPERF_OUT}" | read IT_NUM T1 T2 TOT_TIM TOT_TIM_U \
+    #T3 T4 T5 AVRG_TIM AVRG_TIM_U
+
+#300 iterations in 8.881 seconds one operation every 29606 microseconds
diff --git a/nss/tests/pkcs11/netscape/suites/security/ssl/cert7.db b/nss/tests/pkcs11/netscape/suites/security/ssl/cert7.db
new file mode 100644
index 0000000000000000000000000000000000000000..02f36ae285ea5c823835fb942558359af894724c
GIT binary patch
literal 90112
zcmeEP2_RH$_rEh^-x<5?OCikIrLyl!)(Bzj`@SW~PL`yyL?~J$qKznuB9w}#P$^Qh
zkv1Xz_s&pKdDWY~xBlb%=GDFK-22?~oM$=b{Lb$HL<|@J0N?;X&<+4J;6DKh0DytN
zpbtO-eh6j`D8b*<;D;Fekb@r=@B>Tt+R_jHhJL_%U_S`(Hz9Q5cm0rHoBF$+hJOxT
z0(c4FC4iRzUIKUt;3a^U0A2!k3E(AwmjGS@f1U(LfQQtZsb#78C@CqAQFN2Xl6aHE
zl1LD>5;_r*AR6GufegR|fH4Dr0QegY`U4)qnBdb3{t$znfHf$2G&zct2w_S<goK+K
zqbX73&;c1efs%=U37Q?n1|5<k=~W#40$iP3?J)t4T*i)mL9X_W{&46Tu5bMXAO?+n
zS@3@V>;=Gzih>P+A0s#+JQF;Fq9h^}iqnjHPYHv;34wpr1QZ7orJOVhEiQ+`{#byA
za%gc0^vvPEyLn{(+_u690Yqd9fQsA(kBkH!aKIec&d^_;dia>6fV3{{7E#XVuC9yW
zN1T-Q8afXno%Rzhhqch?eAp5wa%5FptxT>Ti-szNgNFJ#q0{?LGbG*Ax4(!OyZn?s
zvr163!hyy7EO51k<d$5$@4CGEgYg(t?1Rq9u+BK4o?VP1%on9?s|Qv$(x^9gh8@$W
zaN&j{U|)$60k(^IR4HjMtvSPTWrvuJ6M?=;@p<bmAFyN_;(Ii`+qYcE?b4)y@SUO?
zUbUpQ3JI5%$+(X3<=ttd;+K3Ax?goquw_JLa620HYFcMU<lYGJ@gh5iX?9i-#Diy*
zdT09!Q|{}=QeMnDalqY^dF$jGE+O0S>~w$ioIN&Ll}~-vyh!}MPQY-z|8F!7R4X{7
zR<dv@U>Pb3jt12#8&s>pZ>W{cmzvFlV!&!Pl4`x9pR2K}v)4*4EiZdfv<ylLr{kh3
z9vFXrE^#h{KsygtdoBY%S5J)Jra21k>g~m)6d2&*?dKY>>AR{YE+Hi+C1-(J@&+uV
zo)s2Jg_Lf*(Gl*~<>KFPBPED*`3qi{(q%Rrj;I=suH)J_F2+C^w%^u0eACKtBI;Gg
z-m!TfZ=V)hVPq4%Mdwmz<(Ly^gvn%O{q_yo^k(X9*}H0$(hz4EB6e9ldvcY;Lt*Vn
z?a65!58h6LC;?TL?YtL#pR(|25ab1(Z#o2Ueos9&mmOFpb|HsK-fFVwaa#tprk_^q
zKp879&_8rGLek@eLQK(WKcADj_x;DiV%m2e1Y}6-5t6)!$`?Tych|0q{b<hghM@Mj
zA;;a&o}Ocan2>HqS&b5QgpcP?|Ji-o`HD}^_4uE6*4x+^#%1+nuz*aso;2XL?o`i^
zJKTPw+~L{I=layyv%RbYz;JrB)cpocyqKTX4)h|`6F%=v!S8*3Q)qgICTL*ZI6CkP
z$I)UNx@6;M(G6H=91XCX_bgnG5!s{Z`_B1(Rm!u<ytoLmG^%k~{xbE1r~&_?eK~v^
zDLJn?dQp_$SRcb2pG}lQv){k>l)0R{SKT{?&Y~iPVmhJ}bjj9o$=j)t&IzQg^t65Y
zYU^D&L*NnJcQw)k&q_DjTQxkmEfT+Zf2DZ&W>mG17`pgnp>uc7_r{Tte|5I$-Mb1=
zTgrE2*$GAI1_56DYdY&meav7K)WMw0`zMy!Qtb<r*Wy;1I&3APtE_c%dc~dOr@2$j
z#C^e0#=Q4UUtd$*H9oFe(<1%a(&<EA(<p_tb;tfw+@umM@*5_1*2_+oc4hEA5E(BN
zd@JD+GP|bBB18Z-R1`uGoPc-kL%?BhI1HG(P!fQPdgS#v)31dRngNA`W?2#>g_)y&
zfTN!mmkP$m5lx4pfld=6Nufh76YpRzG%Jc3H&fG^xL|_8{f3ISmw%u~fUB1?dId@V
zH(7Ij-gZE<^6Zv`OVu^V)gL^A=0$NsS0a$CGj}m?^z--j!gzq=z|qq+(349=2`z+L
z@o6tY3S(sRnYl*92X~EP0Ja69_THYeYKofOS};+HgZmB%@c+2!{_lI^g~mm*Q`Z==
z>h-E*(UJYbNHq__-uufL4W*T6Jv`)JOwnwi%Nxj1&YrSGUv#SUU!{3W|Ax5C?u65n
z6<x1KRl7P9=<WsSjj~R9^Kyi~x|5}*PfRn+sC+{u&{O+<UvV>fniKE|bGlB$Pf|Vp
z5*SiPI4!4TkT13z&AKP8e4;xc5IZgkktkXeHQ3GUNEmFIfDnZMf6dcGXiwxSz3siE
zkc6L@r+f#`i8J2W4bo0jY^(Pl543pvQR?Pc(I~NZtn>E!!c~1t<*W9MP!#~#y|3vR
zyv{boT4Y6hn63?AU-Nnj#os0)={$bWcM}RD=y&14O5KU|k5(0V4~TCt>Iqz7uz_NX
zoaIqTS6N1im_ZNm#iyJ{B_6yLMsNGR27>Xszi+5O3!DYYe9i;_4mC~`J8nEO>Nsu+
zb`9`y1ov7h7%z+i2DcA`hBlcn5sUyP1Sf~Xkj(C%u2cN{Pf>deTt{t#nU;yZnz8Z9
z**mBx;Y|*_$uZwR1$T5<gY#dR9N*flaiKUMWhO&185t{asbT^!;0k0P2$=;lR)r{P
zC3FQjk{|mAoYCy)_dR0*yIb=IjS?~FhV#Cn1P1%}Q|nMZp~xb$Br_(FCmAO0Azn!w
zKxBrHLzp2(Vf1jw=HCXK1mpf-U>^ps1AwVdfUBn?mxiBrpbwXUhrQ^hEiX7&fNX#s
zoOv?lj8Rh^G&MMPf{i9Y66tz-Ie?2O3yKN%o;36ChF*qZ#l0YM=1(f#o}P|=_KsY-
z0S;&;6f_AaqZH>pz!*(|BE#Jep{JsSrbp4?Zb9zq1#Jl&1E8}rE(mfYfu54CE*w0?
zrHAqG0GI1IL;O8J0h)fV!H*Sa{&_-=n&(yc*H4~V@MX}_pIr;GDDZH0!T<M9SZIOm
z=jOFBEE2hpdW>eo`<iCN=x*zT=*dS4lrkKWBP0|%^&kOXLq%ShBjNwWK8qX033Va@
z$vl6RQ^xp%Rx~*ELo@rV#|PYHv3%NP*+Ey#*<-=KcMAY|Sq+rhoOcDCRm><xoHkKw
zn5cofL_Z&IKTH6$`I}Kr1QLn;%O*QVKNG(|{{Su{Z|?y3r*pU+EoceB-vcb*ZWh!h
zxYc)ev?u30U0Dr{+j)RnR}y9L*8Ywj{%CMJf@=_&vZDv&V&KwWkCsG<<Fs6O_T;?b
zJ;$^5$+>|3EY|OQO9{Kfog-HIU`IPo479gav;!LhK3&w#5v#;9pw>#E(Gt=qDabzt
zDe>$fD)NtftAz&6Ef`(M&M^Yzt<9Htq9?;Nd{Dw#<ZGoBcdY2<_K!9mz0}62c)@u3
z*r7(glgm91o?Igrys?Pr-Q%Hi_O$v$jy`0$yFL^sCT-P@p-N#qe(NfU10BVK6*^4^
zV|Fl2(5j2xIvmS<h549$cDXsx8{qobB~n%?iv1s6YJc>+KP7Nb9=9_E?Hy1VNNwXZ
zVR2*1Fc<*=0uB(*ouoi33EG=pFRII_VBWtbyXnPiO-`1AoIUxg`IV&n-liIog>K2P
zuiYA@U*wnKRFQ~T)l<~{LN<P@+x3SOYUg;z<M<B6pSS4Y`560jQ~VM4Wcy8zSLQNa
z4GXMO(Fig0UF~?&MNg<j`6>MaalSAO?!y+n3A?l7B}WtlqLWwx?uEZ#YlT~XPra}^
z(?3x;psAu56?ypQM(gKwdsZ+wM-h6?%I)~s35aGxvEZgZy05NZ+z5q#{k<ic?LN<d
zU#_M705iCb_JSYHZy54&bL9ASfMDkJ$?54-UHu&G1H3_h>8ve2YcZo`#nC7UDRFS_
z0gY!gxPamgQUBuBk-2k+64o=H1ny_zA<ulggWooCuGIMDC5=2&fTF8rSz}x)uS7p>
z1DcgHJZ~qmqM)R|oKuL{qoU)!&iJc>eOs>S)Yb}Uk|xK}-oL{0r2eI<;goZyrNskA
z854pt^5S&6qw|jIMR*)I5>#^LK<4|S<Q@lAs=d}V=mRLm)e3v)y9>BTlB!<>m1F{)
zo^TknkD8sCVKd`g)_|StCfnJ9e2)~GVr4eMlt=tWCrpodRvSAr5NAI(&G*}8!&lzZ
z;!xvIT%X*vra-N-ai_20@Qa6rCYkG{_FsFXdP&1+I;}flFK_+H4m<60yG{2-Y(IH#
z9qS7^i_@a##&oVVcKDn;$unkcB^`R`jGVu^id9Z_4M+H4g6sU!Sik(&odgZ@pYMlR
zmk<D74!MNjyr2^805@dd29t5F44^QN)t8F&&s%6=lpt>5<eAx8x`NJ|FWo+$)=R9e
zNutpxNwln#tb`;k4g~7i%;6G0Ju+wR+hWym8>o)4@NnS3M5Nv3Yc$L64Zg4S@M`qg
z({rYi5aGHaYOmkc42A8_O9Xc+B+`#52i4YWL{#nQxN(l?grS7ZrTX&~NvV4(?09VN
z_4IN@ooXo%6ES$PTm1e5)07UEz6ZMPt%QuC=}uM{BUui^qNx3shWUrc9w!NJM}w}J
zu8%eHu3gW*={*bwf=*Y^O!2;dzrjwY+-7f`%Q>yHC$+q}H8u+8np^@_C}dTQCPwGj
zZhdBO`6wZc$eI_j@VbMV?Ng5XE}VOMh?mjHgN^UV>*t%KnAZt3^_LlFUp|a>zY)fq
zYjFOEz_@_0`d<1YXDv}#$}3Lm7@t)k-KkhzRBUmeu_DP#uL1H)f3kGu_AKOp$12W}
zYRcz5pCG^msw_XKvfJUXb#prqa$s71sjlDOYl@>#xD`MU+E;#WZ})ZRNCqX2mH>?l
z@V~QBOB7^UpimY|`|yP}PsbmzFg|~_E&q_rxr9Nx?Q2HpH!4iFBUdfgyKPNB-62*7
zEAvl?Tee%gsDXR9KR=prWAEejN-E2HvM8)Z35{2kF}*{oa9c()sPh~y_bEh{rTCnt
zFYPzixw6UR#ku7f@862PX}Za!r&x29+UU{Lrsjv%2bZmXFm<;gCbg#%e()=WotZr?
z3|*uKT!&UxmF0HbqTs(D;BbX6)8NvOHR;y(PKhHY9=nDqDuy5SYOEWqL+k^twue5{
z(Y)PZd`8ooVOL7Yz%hxl?n73BvH63=YGKwdUE{SKnPV!q<X6P)yD<@Tgx3AO`voSl
z*SeBfvhDlUQmfh8sKlu}XL)<^8c^xaS#0#lWWX(=^LiQ7+;vOZXA=uX^6`JfO8_qc
zyaezPz)Jux0lWn862MCUF9Ey+@DjjF055^RK>~1~pSp-DkE)0YkN^K71z|SEfXDws
zsT6qp|D3dvrG{~TSM_G`AxqwXg&etf{68N5k4tlzfqj8!cs%}pHizxYXv{+62#^2A
z<NqD;_<t}}^UL%{JpLb#|Hr1&d?Qr`LSW(X|38&djaq0e`tPS4L*NP(=zlOifD8my
zaDn*b89eP5Y2OgQf&~PLV^eYwNUGrAU{MEePmHVAr>RyJC5;AitHeR9Di*Yg7XNg(
z&{wVI;y9owO9wz{g0PY%5y96gF1hX(vfV}f9|c?!5FhYsHEJvkweKl6%IrEB5+6<6
z89ZGcCXvi6ilLBrc}Pc>{?Yixq@n1V=SlKr-vlNo0gV^as8zOSk2FOL8KLXfoGQ`M
zT0iX?$hA}9@T%$1@(XGDTt+)1x&t&^wwA`pPTq@4C;T{?t&*2xH?r(pS;rk?V_gU?
z=jaE(U<<q!0U$!nK}AMoNvTI^Nl8fTM5IO3PuN13NT@`}hcJXI!%#2>0LBFX(trct
z48H_B3Uh}+IRPTz@5OmQpiz4n6?th6?&Zhu<TGReWJvlM829JAJuZ9uA4uJs$vQwF
zX=ZMO6A=U@7eMiSLe_y$awdPQ@I>rE47L9^faIUPIFlB^1_1LR=AW|x0pKP!DdKO-
zTpZLNXnqkBZJhm3nW|I2{!F;#!#9Y(FzXDQdvKH!9{?tB?s*G-tiJ(h{WVDhC{`wN
zka$8IOaPUGW+-wT?F3}|Tl}Itg$37wGmqC*_hg0nhLx#S-lSIVav0cEr@Z}gwN{Fh
zNa&NKngK%ehQ{M!WE2zmhZPD)onqE=$Oy8<4~0{-Wal5;`j%mLVP}DQ)EyVyHW>yY
zm$I6%@{=QiZ__PE88N|RJp3K&)QT_H3}p0v=qTE*e3kD4N7{1j)1E{T_HvgBtYs13
zoDV_ptz-@<VXm^~)-b;9^$Ct4?s`I0WiMWgxQWO-Gc%-0EEPe*_ba+7y>s<DPrXmy
z^hwkqv$Uj*DkRNgzQj@eYw2Np6mrinJnsw0m3iq~XqctR2-}*pUs0X>2;69VX*#NF
zcZ$WIQ<M2lxqf-zxvH2X&Wyz9SNm8CUQEX)7p^Oq2h@V{Js`9*h;sck{SM8N^8W%c
zi{niB1`Zdx@z1jYNc<!#0QkK*UIA?C7&u2R0MP{O0s7y7(%gBBie6m$K=P#bl@#k>
zL4Z4yeh9I&Al}bdW)Xk`1crj??XV0Smiddl3xs8!=i2*cEc55If_c!vPsu-Dx+EZ4
z8wk!U2TmxGXqj1nD3ojt9WH$X7C<!bycSw_EPAa)@wRBQ5`I_^Md`8aD`l=dlL~P#
zK@7ww8aAI#CFx6yB57xglQA7S&J8aOa*50)EYNAz;dkO$?~y>9`aW`lXAH5U57IYi
zZBDRmzrnWkS(;VshXq-YqS~|@_Hr<EYMHF`U*#HgJX3D3r;oGdz&(*$O&puQns*?#
zcQ}yH*0zcJT3^!OSlt#$V+BlfR|UB&Q^jB{cS<U7CdoKl)tQ5*CUg0Ny|Gud-^I$G
z=&Rj%bAWQF%!-OaJ$-urGV8U2(&nN5hsefwXx%T8%7zP^^&bXm;0IpQQ=$|wKAX9w
z#0&FJzHv6Xd+KFOa)vb5{Ya8%U+zTeydz%>mwEj=18RmXd5?WkU&JAR9b{)H0982g
z8_VBP=6ud>=S@viX1tCP(58(K#WQ!)#(>+c1!D74ouTy9Pn&)jl%%*gn4BgnE(fYS
zN*p{y&m1mkvg*HTcod9hzR?i{qXxj~gA5)8g8@f5ZQ<t)B&@7HY<9f*EG1H8*o~dW
z>~3o<$&Q-P^`~<mNZJv+Cvbe)Q*wK}SbqAN4a<E23T9zG(UutI$c<cK#22}Z8OIO5
zOugU2<#{Q7{BAtI0Dpe(N5vivb?0=+H!;4hE!vqniPfc#I>Jtn98P+7x0gP^#nmQd
zpW{QHX}D79@k@faMhUeWJvfL}m3nKarbKMFAAC7(9xQxNJ|D@W9Xi6>-bw2rTC_1l
zTtElOvbB5c*~mQ;O3k+2#_Y&SreQHA@vfseBHN=v5ef#U1gl^5X~W8Ln+YG^JG7O=
zods<!*gk4&NvVcOyRiPG8i(c6WF1<|j@xV!$l5l{S3?%UbVGs(_Y85f?R0L_k~{K7
z)V%lF^9pvc4Y3385u%opqAtW%!ucxi&OZu!So@aVfX5rI%2s-;Pv5+Kq!B*oc>isB
zautDaY>0PKsdI(w8P{Ce&WOsSlFYMb4qnC}UTD$X<0GxS9!t-+%Gl@-{JJ=K>o(qa
zrc>joUYp3$IS(Hqu9`C1w9}jrT6ceax|sN!M3u#)i-FhwRJs`SJ-lu6*V{H^Kpyo3
z)p;sysyxbkvLv#*r2M3kB&;NoBwWNti42Hp3AYh45FR67Bp5_65-<Xqz_)FF9610Z
z0DPN51F!_>>6ebU1Cs|&y;ZGX&$ZEpoLZns?#V6qX~fb!4)?MkC*t=~-+<MSz5nys
zZ@T&stVWjTDw4GgiQeH=)$G?V-9Y?{`~5o;K=LO|0PuTrOn~nY?Ct-B#9)iHRhBHk
zzUT%l<cw{$+K@NOmI$LiMbk^5*wb%T=BB2Y8bd+eCehVJd;KNcoRj~(P?0KO@pA-c
z$kx1FRoOr>@0MF7u?6;Om;IJseWTkL=-VzgyiR!}u$OE{<906ZEb6fmUK<}l=>yGi
zPmX7ET`@iw`(#b+mh34$HHo`H3@@k)d>wQhMI&9*4uh*IPQk%~A6g)NhO-}JL4d0P
z;0Dl3M7~W&In43oftkC|E)2_A!uI)cbyqKpmpznMsqYvN?Cs}{7DI{Pve^VaU-g}w
zODvg!@#~O@PR7?8^i%5UM|nQzL_RFHLHwRa<6a*$S7%s+47@>thdC?|SYgNl^yni`
z3&1S9&pf9yOD$Fytl$4~Nh_mbO?h?@FfMs;LMV}_i8=TP;%9DzpLOSCg#-9m7h)Ox
za@NH<UY6k;FIe7?S<-<yQ#0TMdS0*ujq|(@Ghr06dCaCbtz!YHab~zkzOqb#O02*8
zPb7KpxU}u%n8`D-tt16^P;^t5JXYnVfj;d&@l}?_009l}Pp+lK7$8_f9pX%!<t+fC
zE8k?4na5WFeGkjagrgJf1(2ZMp$Gh^ewRn*PhsZ3?mr;z9BGt{gp4E#8-|>7_~&qp
zEEq{RQD!T4SJ*wvP>lP1>5#C{s@=SFS-i1EZVi`LzuG2sBlj5lo)d>lI<I}4>|&}N
zykhR^!-2@`;~K~ze%%+PZgZt-iU%Oq<GuGRAdn{pRhC)1#o|(0|COi*hVrq>nBCkR
z{RXd-6ESukHLs|FlC3UXPRsV*%e*|T-@!+oXM@JN2MQO>m&1CS?0zte?9t)(&!U;m
zRv%PWuGsXUjr#D#ZiB>K8-S74_IoX;6sePjt8Qkh2r1ZIpuS1_@Bjr7aznj@!m7&i
zr$WWt5I2@R>(JY+xsj_cD^Vfz6hqu#u<w4PPU(~SmU2q9SC4&Ll}+~q87w=v-+N7w
z(4h_5$7$D5>Xz|dW$&JyO=o9lQ2ike$3I1>ajU|gWE3sM+W0l=Hwceh6zeyyN}FbZ
z>9(BRThv)Mg<sH}YV)Z?%y;g7XGQ+`r&0k0)ClTUsz!1L@;b6yGC4AKvPYy;q^Ag<
z5mdl-!zy6MiAag+Kr{e9;d9Una1L7oAPPA59Y4Ugy#q^g_OoLe4RN+3M8L%%<GYJP
z+njy+kHHUq4Q=p@m4raD%?Apo`#Cy-2o;Ek5Dih&%vmUxePXn8nz;yzMVNhaSp*Y6
z3%)tDG=_Z-4)b>aFJ^3Z+3&L?{}uR>1sBwt2MoNLrq{bazP_>IDTPa*MnQ3XcMShz
z(HjlJ?%2~@0lVWkr~{jaNHA}SJW*Z@Ebt+t3wAwvd-D3+C{$%zr)v8hNPQZnj=Kw1
zh-o#+cPuC1r^yt1vcvPj3gtbwbye<Pe9P@=lE3ky`NIp3x-84j+&#6qS9(?bX(t}K
zTk({*1$B|s$i(Biu2vK2SJhv}M(c5-wzqT@d26vg?l$bV_3?<o(C%k#(p<YiWy`ws
zHT#n)$?dX20~7Bh=<DYx_7q(e52*5{Z0tX&O5T;|oh_KNhk1p3TfgFpY>U;Mr=M`K
zCAAzlnlfbA)u+31!;$W)6M<~+lt+gzk1~JQcCK(bkyq45V?M$M!a@BVLt%FG1Bm}`
z^IpIr0n>leTtD;93waDXTyJ-j?{={C9n!c%VOa6hFReVrdW#5U>Sns$SpL8j0jrc(
z+Aq&f->fqn&Jxca_q6a{)wK)<)_Qs`)snEsse^jdzMP7(hk(NPkar(;$61#?y<i>m
ztc$*IqgQAc#X%j@twbz>Tl2C7I^E97@{zb@T|VAjn3eW%Q_q0KrDat=G%s9!zB62Z
z>}|$DXFH(-BYL#9H@s79%`qhcXN{z+NUozMinKElIqj5rlbNXBR6FctD$x+^&CRlI
z_ptS~Dk!<TssD)=puu^Xa>XD#_fhso<eNiXVaLbr+VBdHrbYPQpl7?UawM96^zmLX
zhL)*AM-zzylPK;P#<)KkYr7U)5V^qWi`{SkeYykr0YI+UIs2bQ`YGYxcVS|gByCU|
z=iC(Z1kZ5Gk|CLumG!^y6F_)LsIn7wgM(%D<@w$v;5G>B0Omr&|M`-c5arh%F0k0n
z=imd@!&L}H8W!i_`g%XT*xEhHjb^TLE-OSkbr}`SdUGXpZ)NWI`Ca^CpZaM<fcF5L
z;9l@H_))~|2MHtynpozd2q1*C*qm+ybz#PVO@@R!+s{%BlOxGAOtg$e%^dAilx7?j
z;%G^*GKI7_M1lxHC_W$l_zf4L**vd6G48^}Ea<;yFaLxVMzOtBSvobxyu$&Om}kHc
zKtgYlC4Yfxf2cq54HZXNyQi>=3xT8h3z&4iQ{0|(o~u?T-Y}cH7GKF0cUCjQv@lTX
zux?MMzG=jfY3sVf)B0iK6|OEo^Qh`xhi(k>d78R-5-z%^<vM9)PDE49FM259FhpS#
zWO{$ZGElSg5`Y|i5%khZ4%;>~Qawl0>@Idl5@Nf^XH<$UJ-|){8b;s#GgR}8of@L(
zg%M$C&Dm)P!2MGsHOTGvg#am_3z4&hCJdn?P6BO|CQ5yu>OSQIim0`-y#$t1TTGYD
zvYjK41S&?lXpmMOYgWA5LaYQ3fDF@Yq-JW$;7CJ@q7ZPR3tv$RgYEsAYSd(Tpg_;r
z&7{hn*H01450p)eD+r_QR#Xa=kGYh}4ND$RjgNVt^|I%jwvL(#?cVqrgEYM^lf%~h
zw#`$!MCDFsf8=Z+cHG;0jOo(0^eSEY{s?X53Hm$LBp>c%m~SoCiz+)|F>bHLB@?Pi
zPgW37B!22?a@7!<U!t`AQQdc&u0a|pW?-gatg>>pK7)pLkSG_Zq>#4|hSl{SRc@T)
z0z|maLwJ7e)wTxcmzIssJ#qPoq7t9DjE9#l`xE3}BvKS=LM$o&A05z2ji7u$QA*)R
zVM?Y+1|!QSodl!*tH3G%bwrFrGK5J4$uK)uGE5%kx=6hL(pdX{_+39w(cB<|Z4?|t
z(!t{3F#0*847%ih=ImZFT+wG|H(FXkLgKTtd*<+$dpMWwO%~dNH*Y`S^KSQrThgmi
zON!iruX@Vgc@mqM?RBH$8HS^NldcN2TlfK*$8UG>xF0)dNtoq%Joxo(UI%+k-51D?
z=X<D(;0bn=!SSaH?w_x}#E|hiCi%u=s^D|uhk|yk=$Y23kkz!>d@D)6c0%QO=Ibd@
zKLg{29O2GqjO)(3*F7B<?fOAyce$P4p@=X`OipJMjac15)Tv%#9|0``?R}@3RT*Mi
z3a(N*Jy1kzHRxXqODjB2<@EMstBCM@vwNW_NBO3bwO((n5>)p)_lC#RQ8+_}^@Dp`
zriVmDYcK<<dxyGQYr<6p?UC%e9IYiW38JKRdQzOFJH~f3h$dz*Hnuu%MLO7i>FmaW
z&6dE~y=1C@TQiWKL!fh<_P|kW@bgdc+c#3U9X)7mdYZvyyOqGI>#c@${rA9t=bzGi
z$hdL(J+Kh?9N@|<Hj?&J-q+`hFrW#b|7(0r3@bc+{EJT{hEc~|lidZ#5+)u8wd1ew
zwc-Zx*QVnasVi91asR(D9Ty7<>)X2dPH<;$9+^VksVh{XM}~V`gMZ$1T<lY!@q@3X
zM2=jbQq+Pz`G2gYR5)?vAkk3XEol_d@~c`2y$$&`yF56LC_UfT(Vi7#>fKOyP+2SP
zJ%1xdlL|U*LhEs_zVubk&IeP>$tt7IkaFqEJA_NJo*khU;m)zjvAn)al|>-ZE8#`9
z{n_<FhThn9f6gXymaWO=>G}Jwm)E6g#_=}U^l?SCQEiP~_4e+Go+<^syVBiL<}tdx
zEunXFXgT&ehWYV4dX{dvJ7FrDM#7Tx@ByoJyX`g@c#zc|s99!ZQQ_m~g=S}%wjHpt
zcqdFalwebw)Gj$rLd>^we?Y9e`k{B>0-M`DFq7<3-sSd6u-~8emVWfy>RK>d9j$*|
z)(X;9FyCnbOPB^lg##H9W1SZ&N?=K*Z<~xW*4+%o1Xubw2jBsB=9%CJn021m_Eyam
zF62D<q35Fnm}upo<P#~hxTKV%q%cYfg<_%wYeRo|>Id(-kozPrL*^oE*rA_q_uxAg
zazf>Y`NnKAhSE9PEo{<LY9=2lShHeSdCMXL6L$}8q`SUjZO=zel90|FEhFZGW;Cye
zYuAtMSd&#$&V;-^w)Vudy+$?}n~ti#_YIZ?mmQN%j3ds?OinP%>t{`O?<sNFzifcl
zs9F%##c+PiPq<e4ISb@Ii9C;rJcrVR+!!nbN+<=?m-XQ1J21ZLw)x%*dgx9t0<eNx
z1gWevT25A4Mp6nT2AzcyfK|W<KA%Ov;RGm#NF?Z~`bx-95ju7<0wNUXkRgr$9Wrx#
zBH+E*2!q5$(GJ+ZeeL|%q-B2J`rY}iuoR0Iqj~R3-mhnkI*d|i<t?c@C_3<jyHSd*
z>0wMUvuBYUd%>!+dtxnkFP>FvOV1|=c>W+ek^fQJCF?C*;&y$E+eE!oWId1f1w0;Z
z&`Vs;8_6P|{e*=>IbkRL5n90-L6swB69GccVyx&YLJZ|DV%mu}Sr=;mvnInNAa(sA
z{bU8+Q@^2pOudy_kNOT(HPtezE=osAEy~9fF%%EU!^qi4bw~ihM+B4vvIqe<30w`E
z`%ey2!`iBly^8<A`oe2bk!R;jOg~V@4dkN$)e<b|C^l;pt+R6jD<0u+BmOR6b>c5v
z>7Po|p!rd}&^HmtWea@s2eW^^@$A{XF1S-#D0l*NV(p&4FMi^uRqrp^X!?dc$S*QH
z_)Ywi#uHTF9{BHjQD}W_|NHnGzAFAWhnZv6EhmfMhYB?!xWUCg@w*tJzo{hV44?+A
zoA#*+>AbSzf7RPA<hwg}ZkMs=1%q`_439N;OC7SP^;RCI)_55l=yxwgD<{KjUr0xb
zg5gP5^0Xi(9^y>5ONP629;6J*r0=KD>z3TX&a^G_ft0M7_JubjK0~WjHyeawvUl|J
z-b|oXU;dVynCk4kwyj)b303RKMVCc%zv|Bu9Hy@!Q=MS5WNtgpyNmmW;^!iLd)&*{
zgl@aNp<p+RQ}`a8j&XhI*5bo}Rhpt1zqV{~j89cp1ogqqRule>HMbKnR)~I)<wZ;n
zVq%r=TIV!Yp71;yQ1(dS%HhiL2ODccqWO2X_e4@}BKBPOMvlS42)6mY_$@uzcXU=n
z2EBxqHS{|Bdj+fIl~Uf@uixLxbA0|1Fk6fj8$AD;RAzQ+0N`i<EI$Va;e}Y*h9mPb
z)*zc;Y2)BCLlw+l2b0!O;<7WO4dPM|DGXHAYl$Df(AYVaLw{%V@-4QfBr2$LhUpFO
zTJDm1#ghaqPt)0E^K>8AZNd#BUH+&zwa3X$Q#6u7gO_R^sv6S!7Wg>5NR_zVb5Ryf
zfzjc9vzhzagBF*E%3*{86E3g!Jra;(Fffag>*{k9P_(2?7(W`B>ZW#!dSlST71iV9
z7;=mc%qlXip71OC7s>$#>0&gCWOn;M7NKS@<QN$<Godi4?Y_Gu(bY_^c-gZ9#F9o2
zGQ&N5<71{Tm=8b9A9?;X3^}c2D!i-2Y9%X=%t6EWi99;z<!`T_lRl(dW0B91Xz?ue
zrH{MHM~r!}RJyyE&;6Qs!DGDjhvauxl_PKIxAb%{gfbxe(@g>?POnwHNxTT?0t}8-
zrKRn>?>V`?NE5<3xeomsCl`3TMWLMgT!>SKR4-0aU1m=_?;Js4cU5oa&pWvm`&4LS
zW4*K_FJIPK|FZfZt`8^xV6IaH&;YZpu=U0NwO>T_#%VK+lNh<lwB{C}(Vozp)+P_c
zzps!ENo~(>X2+0(K+ub#^?=VW96wuz9=gR0EQk{d>VMn+GXog_q`;h32qE*MsDW>x
zK@dND7f8f*DBHP)qY+vJB@CH$WJo@2rWG!2Z#L)30jxyMrRwVJ8UW_j>IOJq&^#zE
zoc+k6Y&6GEgpzh=QCINKH&QkNh(VJbWR~#<uK>t^z0~U{2PqQC49Q}NS&7dfU|axD
zfH(&xN8o?(62ME~zbk>+4XP|c6`%xdS4D7>dSupd4dv;7>BIazLDCtAw-jhgN}(hq
zWj{N-zdZGuTC<R&e8@1UE!C(?G5>>rRWuizYTNQV3chU7I#CUqx4Mic2HYDrsx)@t
zxY6M%wz<mNW5CU7%M1GEt|`CKUY{aU&S$iN7Ec@4l65{vu9!NbGgw{!bmCU13Zhc5
zus0(A-knlkO_x?T!vm~Y<lJ!sQ^W<EHtY1=9o*qHUUp|}l&U@w>nI;XMZQHvMu0Oo
z=qcZX3PuH@{O2qOOGdA-u!mg|EhU8lOP_q{VV^nsg@=7!ul_3!`}N_M+G@9UNgwbb
zH0ze^NYn5SkbZYlGeS)wGmvLIATRb|Owq@45;Wyj!P}79cSJIMqic8eJMLq<78*>;
zr>c~$MAIF&x_c#O)tP(Z8X~l(cgD(-ouQU@czOewfO71Qt$hB-CoMXymVut>U@CGj
z@<hoMlPkAkMNeFHt_hAD|02E*`+ZawvjZ6bv+$u}=lj49>C8aJa!kw{$Ugz)o-rY%
zK-ObfNf~TmXfXTu^Wo3H!%+(ju3OvVCS6I4w*$3B6I;UNTD;t!Z#nn)e%1A~#623T
zE~r`h=mZsbChhK!tW8KM*d)1kN26ozbL#fyL)#xns$mj}bhIru9(>I~b2>Hg68X*D
zlRnYO`tBSdZCiJ({qQzTYqH!&y|S^sVwJ%&XRf45Dp~R1(k&cES1In}$~vV=5RV;P
zmr#*)D1F@6(m<)9R8XJ5&Nvt?l$Va(YAwLlvEWFNkPt_MREm<=EgKk%0=KSUENb>F
zcBEj@zF!J^-Y8+88;1g8VQeH&910_<jQ&n2>a^tM73%vFRl-6Gt{!wsi5LieQJb#F
zp)lG>@cPLv>F_ADp4&y4{4K~@(Q<e%FY9evI-3oGPN(V3GPRGuRiBTwz1dVva5Q&M
zr&V>UufOye+Nll_|NCJ!Bq+LczVO?3#5@nUP<9Jb(fil1I5Ffss!We1IOO*F;l5Ox
zxa1-90(k+jpCv^B2LT)xhLwV{IpJu~-I5KmWMZ)wa|XaSSTYx#6}wna#H?@htKv_P
z!v*5u{n<2vMK@p}m&<>EAPCH)__9kNmrJ0N$J(~m$ez<<V$y~c@0HKBDwo}*8fWkr
zbKYgP>RH9k!3tPQa^-fFQ(BH6*1oI>R2OZY<lk6ySu80h)#duBy_w7x^oBXR%A!s_
zb~qDbm6%Ozq=K0U$g^A}J*j(Ql2w60^q}QxwjIwC1Rrf+{BVu9^!d=e?sjzIx?6XK
znNlFO%sCt<psYV<fWUBiwAB6fc_x>Dwq$TIP>HkPVCLZ*X+i$NCAavn8Y~0)_CI^~
zKl4aK8ocx^SWtyAzWzZ-6+`=CwbY^q=XJL$*7CeM{i?I@xvfy_YaUYond^GxTBAJg
zh<%yKMTdq-&CS9=qmMok4LZE>q<_OAp^>5eh+>L|uNYa;;XhF_6+B4ay?Q-=+vAw$
z$#A}~dhyt%imKiMZR!NmHIsrx$4>J#FVE?qiRoLz7g5mQ_&u*79iuYQIGbk}hSxV^
zN0rDE2Xo*0I{J^L=e>{*8yhL7xlKy_O^;EnG}-fvw9dRBz4#$r(6!d-bvB%=<tw;J
zjeWPQ&>JXK>=hVo$jgp87f*5gg=M%~gXXeZF|xr!&C>5kr_;Gy1NxF4+=3lHyZ=J6
z%<d>7DYLb0;r=e$GHP7Du+u@cS@K>Y17xY!QlY3CC|N1xDN@OIklY~7Cx|7;C-}qh
z_W0)GC4iT}pDqDtJ%xT`5yV*TX#}{YdVDuL|0e@*W)^HYu;_z~gg6Qt<C6s`KW7jB
zY<SUv5ZX(koE7I^Mk(I=P${a^nMZis;)Xz&ohc$`@(Sj@&hXUWo~ih%gzG!HsYzD{
z^)h8vTv6ax`*`Y{IZ#_}Q9&P{`qJ5<lszH(taH921~4ayFvyQ+M!yr<u}tK>wg=5S
zUX_iqq_zoW@K#0-=E>HHokGDk@^%$&OmMi-G`7*i5Ep)5G*46o(KB&jS$B^QozeF{
zqU-2w4i#|=CySA*(RO)v51S63@UtjQHaq&XRoS?le`1h9fV*d4|K_s69@6G2&0rWC
zU1EE7H_6^{A?~|dhs#PE%<EyR?gvkpoqg@Kp6Sts)8sKiw1YLaXJc76yRKZ{D`M)o
z<sjglEPj1Gw~%paNBTloFKiJ0PaX!i0WS*x@c#kf+mfXV%?xgk@C}~>htGk-=fIID
z`vv;@J9_xfvJH?S$!4cD{q<l<`bu0xlYjQ)r}VnnFlfMHs3*}-FnKZ5llUAs<RV#_
z@i}mRR}LIKkV{QL?Mt<vOo1$$RD!gV=nRn&(KEsngdYNh7=;JI55aN)I2QnT1G&GO
z^ACrc0f~mci#Y_YV=?D{6YQ|8QO)mY*Wk&7-6GYG?ZzGAb~mPgX!F166><H_I#WLZ
z>+^DQwa0*S`Yd1t%t-{%QJD}TP5#ShD43>$jo8o=K*bl(Go>NPk@VlX4bwf}i^;x^
zHW={>nfjYjy<S_*Z-@9-cZ2{tU*<A_5!xSW6Ru9%w^|Fa9e*<ff@Ln6<3av6A&|vV
z3N2X(WYG;+$bVd6kyJ?O#v2{seqAp94L4GPNSD9hg(+QT!{Lak@#s3PedA&blwtdA
z-NQGn94De)b?hCR_wn{=u@y!((OYybg;tI^aYmR-R@QIdpiOV4-j=<qRw)f}mLX!7
z)w3s8NjwzRp46V4*74x&G>8&VW!cVq(f26}p9Vo*;Q6LQ0Owc!W3Wr05Xk1T1IxrN
z<WR|5O%^?F%b?cu(~2D^W90?<ht5VwdYn**DO&C4b5i%d|9DtT`_6-a3~4<=k{40=
zA}HhT+I6uX&6(a1)IK-lxEtEjb8HY3((Nd#QNoV!@f_+uyH7h`@#(o9|MSjz8ymy8
ztey-OkO|k52He)2>KSr}+i#RRJTC+S%6e`H1gl3s8v<Euzd<A9=gSQ)mMs?xx11B~
z0l)Y8O+OovUxpH~9QVIy94)q?OE!)c-GGJ0(E!VN&%*T>kv*Ee@0{;fr97+5i;Eyj
zqZ*gxFH=v58t^aLm&3P_lJlyg7e)Dv^)bxx*+e-s`~7=QnajC*)xBfrEGkkcrXxy0
zmuxMUyqzlPoIu)2Pur)jw%(O91Rl|SS0hdEtaP)zRl|eZBJrE|SBjT!MpX-mp^IM@
zI(PScZyXu<S7)2vy{izlrF=)0olul+5a7kXrn8>Z#|%b69n8tRe`1*})xJP^EpDZ$
z!&V}?%33$4SKLW{nmg4@+!q{W%zNMT^)=O9<KwzDEz++oolfL6jZ#=!ckDmKO)AkM
zzhQD`z3gOZR|ek$k?}&ow-PQP`lrt2yGr#HW$pHtzcg<geW6{jAE}k_HIv+8`wh29
za?Gol`86pORJ=jy8_?}vUOJLtzpCvjYtl*X6FY}Itu*}gY__X?1>OGTPld)Zw)pOU
zs`?<-vRo8QdB*hvRUZU1meCOX(M<J0+~IG=SN}l6|Ec=mn-$6zD|VP(BjvlE*GkuP
zbh<2#D<-I5i}!`YBq_9>z6kZWBE}XohPQf`cRtTro3SVQ^h&Eo)+rg6<zA)N6CQ!x
zYL0}zAF(43BF^cce8j+zqw6_pJgn==tx&MKa>MZpJJ-J!@;jary*#sM3wf+FS?-#+
zJ{jUGl|`!*2QxxsIL(Km)N>GKwKpXQU-~CU);PV_&Gt5y;eLC{cvad+)gIYf9~}!`
zwvVjzWYT&O_~?3i!wH(p7ZWr0kRKSMjNh>QypHPH`xzg}$%9+2xl+^7j;-hAcwqIk
zgWxsngk<Z1ex3{0);8ygPcG}z2-bMYy0Q>P`|-$u^`;MQ!?O&sdB2*wpv;pf7z_|;
z_MSS_O?v4m&m*6EmN(Wu9z7{3wD%lSV`-8>tt$Bwhn7;uO_JOw_Rx?-;mqb63_|bx
zFY}7Z^+d!P2VD`)ptwbteS7Mx7Giv#+vwTc7P8W&#>~5P1xC3yk?Cu-eG!tR=S`*=
zNV(WUO>eiHOSY)W;q*S)t#E!77scAniv~ewHX$eDk$m^L<;0T|_cU8&30-8$9Hcd8
z*izExxvQ|LhInGIgycP34|NfKO+nYAM5pJn$Fh=j1@ys&nx01`N0vQrVctZFa(*kn
zC2#q*;(bv}=&10f3a(wp#@-q*Jn%kZo+fy;o$>NvO4D|sw88>ScIR}jN?AI6CaZ^l
z_V<AKknUj})ERTP^g3v25FG)6ut<<Zy53$6-d^aLGVNqYn)$avFT=7Zg2~dznLo{B
zS~x;jc=QYq2!W*fTqtz$8jqWC!KznZMB$;j#J?dB-*qvY{Pl;IW|FPkMlAN30&4xL
z=7^<_|5E^t)am3Q<aFd?Wc*}Cq%fi<gtUZC1n~%0L_Fe84<F*&kC(t7ApzXf^A(>Q
zwg%GD@X0M%87E@VHD`qj3XWC;3pVUKs(vav<o@no&nLHZ%?HibHdN%bIZM=!RSTK%
zNRc7wXS|jw-d_HJ9sv-IhrK--B&)&2HaI`Kfaa!Zfw^5lu25>$ESWX}$vo@+^mFud
z4fMo1$sGNl*amd7In_c~d~jEY_=9ZQj(*ruAvpT@PZS9AZ-K3_g@xTBgs}t&%Rz+2
zjv0i-SFpvuO)N9U`2s~n{xUsS5Qot&E$x<cyWTRdJ5tFmRraM8f$6Oq!^_yx88wEP
zHKkS=y%BaJN|hITy1u_GE+voYecma@K)BxU719E3!#g=QoNrW9?j)l3@7Q%EQwZ2=
zrB88goWW>vRMo4SR@;jtUreO`L-DFO{|a?u^QLWtHPN(Z{1u9cQ{E`+JyFbECWFIa
zEV8_afaXfZdh_u?#sG@qVjB~M(c8@-w$|2OGWI;d(%~nVE=g9sC5fGEhRIIr)s8YM
zt2{Ytp*~U9NXz+3yL^Ru^TkWbTh5Ii-Qd+(X_!FUe;}5{Jxccg1zqXTfny4<E^0Yu
zCpR>$<*(em=j={#U*eHC>lX&g4^bZC{c!fmA!2&v?~O@pnUTLtYao~2wZAI_@o7Q?
z^I*Nbz*O2#G#3BPf4NvM>3sj?7oOVxrq2UJ$1E~6dydaT3MC^6VcBMU9=OBb?DP16
zhX0e#;{uZJ(uDW0pywFTor9{hU2V!f6(4R*@byUrx}MQbbxGIRdr!`-dNjnTIdLM`
z)Qi)%kcwOnILzZAw3qN?SqKNmXoG^D<`&a^2kjf2v)m;(GB3T+dcrkiH&G%UepN@?
zAo)n{3jUhHCr|dBdHd{gFHwg}Yls~B^ihUKs}HHRQ6%}7R8#I2a9uWD>~|~MBTqT&
zR%7zzcE8G#4X5sZv}B=wc-S&6;P4J_vvLkUQ$EieQN-kn2fc(euLvT%iY3nFAW0?%
zw!LwjPRdibNBr`9{FX;<-CHnp4c@FOlE(Ew^b01k1N28~sLM7!K5=r$eLv%S#+I%o
z%LA#5rID%w-}QM292`On7DRZh@})@2zBTmZ;99bpn9ZJ?#<@v)8A2-TV)8B51AWTY
z>?TSNFjeFYxyQr5_43Pi2h^kVH(Rhtv<JIAy+g$ID5^DfjQd(#2bChxsTSX!LOZjS
zl$p<-oJYpzIXzq}JRlg1wv^sm1>b6|j!|wd){H(7QIa=uBI|_pt<Xd2kFP!7uv&%r
z`PnDCveuL|cuQWadUJ7IV}AW*Vi1oX;8a}I91S2f`uHu!d3QZLc>!}ltnnGQhkd9k
zEKq<V!a!+ix4FkodBIe8N^ir1RmvE3Vc5Ot>nn-Lm5(HzmvYRIU|ZAtT&}v>fZWt`
zHIYsp>-K0jQHI+jad+lBDrU(DAl>`@K99v~JRRUfy`AbcB`?`IQU_u}VkaUkqJF{_
z!bGs*A0L7ap$-p#xd3Ycmwy@i#~C<tLit~9M1giJYw};VblSY;^GHqOE6cH2TQ2GL
zM#QRU<5kca`pe!DS~D;IC9Kf1JA==B-k+9Z*av_KOz3(GeyrgjUHzO;B9zpnHpgZJ
zQ2}7l7%Wl&NsTQm;_c@HQg;MEmfegK6M;m|D>-81?Hzz(Wg?f8Mv03{fY@&-3-CY=
z4gMR-Jhb>#k60)qc;@lC>Yl7H->@>(%A3^cT@C}g>Xf%%uGUJC5(#~hR5L(`-q3hl
zjErI;|FA*<sZ-2)4jDnV_@Qu$mhAk4Ti-J5F6=B&kGkWc+a|+6<Wg2MR(^6s@NK#U
zDI+GBjEBEtom%nbnt_bo4;@9@m9O$$;7D7pecF>K!d~uDfwe5+n@bEBT9?crCCpXU
z+#1HWy*|M)#9dE_s_ey!5jPQ;XJ&>}iKQY)_<lt<rFX7==c)JUn?8v;WR{k+QH7*=
z%$GQ-e=R+Xk3#MlhUa|&xiT+(3k|b08DU$K_A9EBAAuW<FHJ{v?M|`yb80f*Dc3I#
zJXaNy#F>#8{c0a;!Henm<id3Y-{`8Dx&7DlJ2ZymLBRh^F(xoS`D<he8;S+%JfNpj
zb@c-&LcRSqeS*y3a3x=#$Fh_Dd_aD&8LRU*v|nUj;%0xgd9lndNs=HxI~2%dTw0!{
zoyVx?#ib7<PkLWTu?`jlxI^iO5KH^WPxA*{1mFPOD}vzskpX5lW23fn=8$i|dVYC0
z6}vT;1X<+3q;)Atw9E{Z9Cm(z4(De!|M~_*=FFWpVGwR+8(3>A79I}lycSw_EPAa)
z@wRBQ5`I_^Md`8aD`l=dlL~P#K@7ww8aAI#CFx6yB57xglQA7S&J8aOa*50)EYNAz
z;dkO$?~y>9`aW`lXAH5U57IYiZBDRmzrnWkS(;VshXq-YqS~|@_Hr<EYMHF`U*#Hg
zJX3D3r;oGdz&(*$O&puQns*>bPdJd!*0zcJT3^!OSlt#$V+BlfR|UB&Q^jB{cS<U7
zCdoKl)tQ5*CUg0Ny|Gud-^I$G=&Rj%bAWQF%!-OaJ$-urGV8U2(&nN5hsefwXx%T8
z%7zP^^&bXm;0IpQQ=$|wKAX9w#0&FJzHv6Xd+KFOa)vb5{Ya8%U+zTeydw|{!Qa){
zOU%ev2^{G5fqpoM9M<~>z;GHg576_=d+d|?{-+}FkZXK#L}7ESQM9bM+#G8Zd-$8J
z(I05|KUt$kIc?$R4J53rK5TZp`Ya_<WY~?J#_VouEy<3W(DkQtA4u8}yeDvc+Ea3S
zyjXtvnhnc+0SabeKGBvK=E#j)VZ;}?jTy%ezf8T~!sU4>e*A7czW{%J??=TR4t3{r
z$u}{+t}WV`I*HY#k2=CmkQ`2Wcej^5z{S-jWuN0ipJ}*K>G4Z~xkd@K8$CFPRh4>c
zsHQ}0w;y~tZXPUrP(B~Yqa8ZJ+ulj*AzHLCL|i}z$+ES3?AgdY6H3jt-Nx+5N~U2k
zCh@MLIU?JmLJ<lErv$5C^=ZS(a+?Vs-#fIG#GM6gF4#V5Ye}hwNxQKAq#B3i(_|f5
z%Z}S@63E&%%vVEpHUb~+8RBN!>D;CzcjS$zdGEF773^XgVh7+OL@g&pU5KrO^HtuR
ze-!qx_AR{uk2hSEt@K!*zIppdBYe>D{@e8ADgxoy5bvZ?=L*>~uDP_G5tT_LnP<-&
zyo^D-(4xD?M_PG3mY#2wvC$#;b#e06ZM^YJr^ZvgHj$-s9zH}|HD$DEr#WHQqpnho
zT&gz1webV5hG|!xQYxj6*495Zx&O7`Dcw`CXI9e3jT*N<G>`vy1hXYTdml|_$qt62
z1MH8H?~eED_`ck^vF_C2cvYR^D6Lx(Y-`0+AJMo0X=H2q066C;;_$KODFkdc4SARE
z<A^6|*_KTINW_JASF`G9Pv`fnQAqcGzcspejmPa1*a6^sFMx#*0NGg3_kR>cFmk%G
zCX3~rVN><(EfjW7J;NF^h(L?)KiXP4pqF|JwGDM0)pDwJl&2^jkz6LhkPwjs5GxR0
zA#xzPN?1p@pD-Bw{1I_fd?WD^z)JuxfxkxrkXryW`{zL0f`fxa9lSj;u3n<{-kxw{
zV_lr9YKHR`#IJq9V+Xi_47U&)q{El41qi*0r9NZ(e7U--7skup6%2>zI|c-M`?;gV
zP$JM(h{fgy8ov&i=wy7oK|iIgew62fPUORK8^rH<^d~370_<cUl$ic!3Cc=Z85L{F
zvx9(f$%7L@i9}7z!AB53!<&a|C?f#qsBJLQGSOEvHvUx37~G!$mH<6H%6v|5ftC&@
zw$e1%4~#mFn}S^fyd3@gXG<V!dD)9%p&(?!L@)xF5S$ziLo&O6x=!))KSk{^m^^su
zt!f2(u8lV2)B;U%Pj10aBbM%Q|1O-mSc32Q-Y4*T-$)1fPZ_X_XS$wiz=}&_xf^H0
zso2Bcyt({=hX0cR+vIudjCjzsHP@cl3tx-{&USYIPvcmf)(U8FTRrl-{6W|H`BkU!
z)imex;(Q6)p7-k~Ve+a56e}Ji<qV#7z8A8Su1HJTZr@(ocM;b^_B0yaEf5shVIC~B
zj3CXRt>NJD><d>)>7^W9avN+v=nVDk8%bS@SZ!hvNW=D~`N&DqH5N5@3yOIA_bcon
z3(p;1!OUeObX;v<)h-#)i>V%B2j5%?*~a1XcoWAce*o*A<?1#Q;~xA4h`XEsnSdXw
z6<ya8jrGp0>@POaUmD2djA`mV*FMR+ESe=o#V}4q#cCo`?xEbnXtfOmHHmc_lC~IL
z^kBcZJ*!@MJE!cJ(h=Rd<KH!41r={ptE38NwLFa!<d4{_w?*~+3Z<SRTlT){TXFlw
zxm10OPBZHJC^>a8-G9k<Y;Y@?YKNqeb<SPC(LRT$!x8uE-Os!@MMh)y#=*bD{?+v(
z9@~Z!{g5dAv2Lf6Yo3(_k#3?!cu%*zIC^p79)@P4_Z6F0ZwVYH)qRx&8S_?*QsndL
zc&FMt8GX&jI^rE?khk&F&Q5|IxAP9ytr3ka+M`~$qVM)tr9fM`kVzz+)cQli@2Nwh
zkBF4fzS<Kd$J>78X_Dde*`@~5?DEnqd%BI?kq7vO9m-Amt-^)RGVd9NTU+~tNV4c}
z*&9}-@K$otpK)ZISYizlPHy`0eU8a@!>L$qcc@VCZ#AbDukrtAz+&UU{|f_l@gZT0
zW1_eEQ^dwnNn%A!r_>K7OjF$b-3IL9TMMl(zq?4m;!_H~TciN%$bj0u5oI}NrC%^?
zD2_tm_F{riENY%R_!BV(1Sb7dA`UEnsm7(U$<EQw1Z3O@nExdufC^}%wxV85O+-CN
zrA<{%d50o|;s$vFISKhQGCHymQaUm${}%o~cnRPofR_MX0(c4FC4iRzUIKru1fWf6
z$KP1pb{5!YFbnxt_j7av-KZW=P!wmlF+ughzSuBBh&<@;fF=}k{541~kPY-ryoA9W
zj;P8ExqJ>o+X+z)#4oxx?mc)x{v>7nImN&}Gb@2F!-ah*Gyph&h^yaFf^g+3N4tiL
zD>TGnsxN`HCNhq27QR6&am~tqG{mu?@c)G&zW8YP&fWK=+3Qld*Sei-R&jgm`I>5Z
z-|sfW7vI|dg(1FpH^FxeajZiIYCHOei}!)X^@6npaXQHJ{ThTbCOkB~h=V~I+ukbF
z$~n#e(Ct411|>tno$b+JWf+|OPYgX+R7J^bK$8?faqzBG1%b$g=4Z)NMxkJ;?GN38
z4Ctd)r7oswr*x;JBtK5(Nm5E2Mqoz}M)21zaQGL)O8_r{|9}J_U@7#2C-=vb`{T*|
z|DTZiW4YYm++dnV6r3GQgouN~=;tN`K#5dKhJC<B(!sKaC>a#?2b=vc=Wq$1yil#g
zR^D-;hcB|;4BgnZ_I79lT=!}nyv(YCbL+U7vNx)YtKl>^vEs@jarLhqVvene6@3v~
zV^Yq%V%Tkr?Fl&}=Pv$rm&dkWtZK=Mp)$Q8HXIV%;J3oY_B@Mln_ofY9fb#(k`}NU
zg1t>4YOT9c7)FC=Xpf$;6wNcb7rAz?LzCbxuvX%{E`Yd9#aX4Q&#NrIb*ke`&_I8V
zp2vl_=3uF6cSaGUx^}s^@qSB-p*?*RaS2TNlv7b9`WnL%({d#*rJBZ#WXQBiH<b1z
z9$D6C!#U>dAKtnTJxEdeR<G;C(L}lmREP_0809N1y~2+thNjs^(#B0<rzLg_)}23)
zbHGl$21B<YOKID;(J`R5ESY+M3(`0FcMn1IiVG*|EV=~YVi7Gfs*3*QB?uSYfQ6C-
zZ=48x7jom6g~6L4gCqILw};bq`wX`8?FiZyd#ktPF^ow(VkCE$#<^_AT+Ym6=ZE3~
z?YXwqM40CiP~;ZX@ePp=phIdVMJQz4@<Jkp)B``fD4alUZmQF5FC2cmy4)^Rd!zil
zbmvrLRo&`ahXrz;Uz88+(mUswGspnzAJI7S6>wsPf7kfl&5^x);flq5lK|`OZi-29
z%ozsCjMw94Y+EJ5%7(JCF-@T-E2od&-4lJcgl^KOnNwEzh3dNqQA>9T*OI+At)AFe
zFke0{vWXx=DQ%C^@zs>oF>;OanIi(t+h5jPRZgGgxC~b?p$K_<uGlsV?mBq4qz@j1
zxwIDXv^|lpZ60sv7ce9k9IHq3(sh2h;{2oM1B;>fUwA$i52J`9Ou3WPZK$%{hL*;p
z+Qz0RPp$cPdp;K5+W&>;WAT2O?|MFP9x&V%9RFXu1n?5TO8_qcyaezPz)Jux0lWn8
z62MCUF9Ey+@DjjF051W&1n?5TO8_qcyaezPz)Jux0lWn862MCUF9Ey+@DligB|rgW
zQ>##{q-Z2(BVSFngEWn(ov@RjiolP+1pNFxG+OvK!Ak%yf&YR8aQHNkR^&5r9k2{4
z{qcQ{yNb>bTjju0tLxUUygg_+ByXJ(*MnH#`cDuzWk(NejretTZXjDemqDPNhpWE}
zREZDDxjK)fkv%(`WCb$rE32VtQPfb96)}=T8DvcHcl7W_gB8i3Q)Ec8+573QN6Vt5
zp_AlDvDuT~c*rMG7RS$&ENFfdFD{L1*#h5GLi3`y=hpV44|cTk#P|n*W&P~HMuDW@
zqIQnSr-IBfp7<S2xEfyJwue49m(sfs#L4~1uY^kqkp%#FFMtFw;yvI;b*3KSR~0uR
z5C2@}iK15GI*)(03sgKXAfX-ziTh@k&D32$AnCrkesLW&L*XWamPSiUNQ+}>_hnI^
z4^e;4n=AwiE?=9+Kwu@c-)iiM!=zt#$1q{?G1=-P7;aCIL2)H>Wy4-r`tZ4&>*YvW
z^N`AoYocScQa^Bwc<tx0X?<reeBufH-5`wyfX7qQmg<#8y;NMo#~s{yrpYJod)Gz>
z=|(MkXd6bscYUARx{Nax*+=flgiDt1e4&HUJY!N8y0(-W3kxn}KtUsx)HY5N7B{90
zgAouQ-~jPl05`-F4kFxjVDWzLX0fkf&GjGiG;<8n_fTnSl95=tZcM9mvnvhsev95)
z{-m{v`e0XteIdbeRN!W!eKgOg@>8yE-6g&!HBY&cFr)L-<yH5X1r>sQNi8vL{mS75
z3`f=2?vS}AKIDusu%^#7d&n$9_Mtuz892hVCUje|->!j?c<ZCC9f+@$2}{oXrzkaU
zn*FM1EjFWeX^Pf@xBj8=iOmmQ%tYFLPmZf<;8K>_#SeAFSt_JF4Ll{_MEZ++V#%5h
zA&|c+@iH@Mks;}{l=ZmGy!|{JxQrZ~UHt?6HlZa@Xxt(s^z|R-2>DAgv2R@pQYV0E
ze7Fj-l2BF;0tL?4dvG&0fkYHp`@DfSzrx5bZzf8BiB?VqB_)mm=UPc|DPb_d2gO8-
zo_}iT8?sQ&Ps=7Dp4OBDY;85^TjRapn*;g7<ulxkPB?11uGrevNq<A0gv2i?uJ?Rq
zRGF}Uf=9&2`RZ$m?b;R=AJ5pG^U6$TKs%WCxY+j)n)jGxoOEfuRUXT-NqM<-dnQ~t
zl^k`=M!=5O!ZgnWekCxCkx?X|A9GrK&!NgdKV#YHaFaSP=ch1o6css)+6*cJI}1So
z$`9p(@|v@tf@E~RymQc$C~}<Q5vUmHqEYnF!(jyA*$7fuX-Tv+N>W-HB?g^^6M*H7
z2|k}iz~KZahDapXuU~Z~CG-U{0wNSR)e}dcSaCb2cUy>+0O;OqghAq>Xb0@y=H&6r
zECYP1)C$iCfDuoB>(@wIG)&CTo!j>ga~0JPcb8&L+j5D-YD^WmX;`LzYwNzGOytUB
zirBk**XIURF`eKzE2elro;z%c@bm~q;>|Y1p=QysjZH0#OueRucbREDIyWktSZkr>
zOH>_j&c662oALCG!`+-u`80C<kjI~&=@E!K{q11|!;YPK*&@HZKZt-lYB<RKCql(e
z#X?04e*OzK0=^A+3E(AwmjGS@cnRPofR_MX0(c4hKa#+#MGgF?3RWyW<#=wv3Vg-I
zKeOT@F)=_)tm5qz;OG?qvKsh<o*--`;R;mb$vHlPABdPpqQoJ~pByPX>-YQ~h5g)U
z2{(!p`W6Do{GD$t&H)eq-nVC%Kf!7|-!{VmN06Bh@?tHuC7%BzUu66GCZdx!q{&8J
QmNH|^{%^}vm}zb+0I?5`5C8xG

literal 0
HcmV?d00001

diff --git a/nss/tests/pkcs11/netscape/suites/security/ssl/key3.db b/nss/tests/pkcs11/netscape/suites/security/ssl/key3.db
new file mode 100644
index 0000000000000000000000000000000000000000..1c015a4a2276504e227e0cff55e0bbedd02f3b27
GIT binary patch
literal 16384
zcmeI$e=O8t7y$71dw0&oUFRw}tF;yxak|A)$dCLZrxFs{+3x%}Vb1PsxL8F;g=tMJ
zrEDSj(Fq+fmxz)$J4XtoVaNO`@^hp+)z;s&*=*0Vy?dU$&%3?PKJR}oBI<JxLO6s7
z3WW63B_bn)sgq_Q((gjuU*Ev5=k*pMXzJUM2}A0v3C$VJ+VCL#nrFlBg$qFd1V8`;
zKmY_l00ck)1V8`;Kwz^7kkAr!kvd5opvtKar~y<ZMMhCl)*wIt1V8`;KmY_l00ck)
z1V8`;Hh}=1gwZTAV#MeBtr0U36ESxabq^%FCNEGhvKEGCQV66!eH?}n5;5Pi1;m_!
zPxCYK{1}G}zOqtL&Whwc4GVD!nl0`#PG6Cf40M^+yUkVB-ib(&Fe!?jy(}q)y%5uA
zc{0Q2?JGQ&q}H8prETPIrq23O?aLl<9sXO}F=i;5qKT)&ZTtNOZWMcGiIlXPHu%v7
zs}iFHeoH{QjebsFnoH*EFRiz5n1#`^iP9$(`{GKRq{S*x{)zoGVm3B)|Jtgfj}d(m
z7t$zoD<U%pb+JCG(at41M`E@8^x7E*`A51vyXIKg6;kJjnA4T3SG<S&eNicpcrDNO
z^33xZPtM3yFWtkmmJiCXcZXw*8{XGbeH*yfYdR~&yIsZ^J)B58>nN5kYsU5A59iW0
zu1T{0Bh#VGyG`^ea+M;>Kyq}BVqrS6X!cmTC3QGAZ18GfX0861pIgn5dnfGD;=jst
zauO~nJ`WKkyX@PtJnF)P9Zk&++s)A%hS{u3Xl{5zPPnCTIJ(2+(1@Vjv!zTF*jMhE
z{h=~8B}uzGX01HlDvfT*AzMuqvfOtJFSAp}lIkZ??atx#uv5(`$JsO0W64FTZGjbr
zqv-FqtYO=V*-nCJ1EEgds`qJr6h|nG;R}KofuX^H;kb)cgRcyFlg#|R*yce6EM5ek
z%ZXqJIT6u#pJ0LT0zY!I{8PZ3AOHd&00JNY0w4eaAOHd&00JNY0{<?sx(WWXU_=lA
a0T2KI5C8!X009sH0T2KI5CDPy6Zi>W4Y9}o

literal 0
HcmV?d00001

diff --git a/nss/tests/pkits/pkits.sh b/nss/tests/pkits/pkits.sh
new file mode 100755
index 0000000..ecf0077
--- /dev/null
+++ b/nss/tests/pkits/pkits.sh
@@ -0,0 +1,1988 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/pkits/pkits.sh
+#
+# Script to test the NIST PKITS tests 
+#
+# needs to work on all Unix and Windows platforms
+#
+# tests implemented:
+#    vfychain 
+#
+# special NOTES
+# ---------------
+# NIST PKITS data needs to be downloaded from
+# http://csrc.nist.gov/pki/testing/x509paths.html
+# Environment variable PKITS_DATA needs to be set to the directory
+# where this data is downloaded, or test data needs to be copied under 
+# the mozilla source tree in mozilla/PKITS_DATA
+########################################################################
+
+############################## pkits_init ##############################
+# local shell function to initialize this script 
+########################################################################
+pkits_init()
+{
+  SCRIPTNAME=pkits.sh
+
+  if [ -z "${CLEANUP}" ] ; then
+      CLEANUP="${SCRIPTNAME}"
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+
+  if [ -z "${PKITS_DATA}" ]; then
+      echo "${SCRIPTNAME}: PKITS data directory not defined, skipping."
+      exit 0
+  fi      
+
+  if [ ! -d "${PKITS_DATA}" ]; then
+      echo "${SCRIPTNAME}: PKITS data directory ${PKITS_DATA} doesn't exist, skipping."
+      exit 0
+  fi
+
+  PKITSDIR=${HOSTDIR}/pkits
+
+  COPYDIR=${PKITSDIR}/copydir
+
+  mkdir -p ${PKITSDIR}
+  mkdir -p ${COPYDIR}
+  mkdir -p ${PKITSDIR}/html
+
+  certs=${PKITS_DATA}/certs
+  crls=${PKITS_DATA}/crls
+
+  cd ${PKITSDIR}
+
+  PKITSdb=${PKITSDIR}/PKITSdb
+  PKITSbkp=${PKITSDIR}/PKITSbkp
+
+  PKITS_LOG=${PKITSDIR}/pkits.log #getting its own logfile
+  pkits_log "Start of logfile $PKITS_LOG"
+
+  if [ ! -d "${PKITSdb}" ]; then
+      mkdir -p ${PKITSdb}
+  else
+      pkits_log "$SCRIPTNAME: WARNING - ${PKITSdb} exists"
+  fi
+
+  if [ ! -d "${PKITSbkp}" ]; then
+      mkdir -p ${PKITSbkp}
+  else
+      pkits_log "$SCRIPTNAME: WARNING - ${PKITSbkp} exists"
+  fi
+
+  echo "HOSTDIR" $HOSTDIR
+  echo "PKITSDIR" $PKITSDIR
+  echo "PKITSdb" $PKITSdb
+  echo "PKITSbkp" $PKITSbkp
+  echo "PKITS_DATA" $PKITS_DATA
+  echo "certs" $certs
+  echo "crls" $crls
+
+  echo nss > ${PKITSdb}/pw
+  ${BINDIR}/certutil -N -d ${PKITSdb} -f ${PKITSdb}/pw
+
+  ${BINDIR}/certutil -A -n TrustAnchorRootCertificate -t "C,C,C" -i \
+      $certs/TrustAnchorRootCertificate.crt -d $PKITSdb
+  if [ -z "$NSS_NO_PKITS_CRLS" ]; then
+    ${BINDIR}/crlutil -I -i $crls/TrustAnchorRootCRL.crl -d ${PKITSdb} -f ${PKITSdb}/pw
+  else
+    html  "<H3>NO CRLs are being used.</H3>"
+    pkits_log "NO CRLs are being used."
+  fi
+
+  cp ${PKITSdb}/* ${PKITSbkp}
+
+  KNOWN_BUG=
+}
+
+############################### pkits_log ##############################
+# write to pkits.log file
+########################################################################
+pkits_log()
+{
+  echo "$SCRIPTNAME $*"
+  echo $* >> ${PKITS_LOG}
+}
+
+restore_db()
+{
+  echo "Restore DB"
+  rm ${PKITSdb}/*
+  cp ${PKITSbkp}/* ${PKITSdb}
+}
+
+log_banner()
+{
+  echo ""
+  echo "--------------------------------------------------------------------"
+  echo "Test case ${VFY_ACTION}"
+  echo ""
+}
+
+start_table()
+{
+  html "<TABLE BORDER=1><TR><TH COLSPAN=3>$*</TH></TR>"
+  html "<TR><TH width=500>Test Case</TH><TH width=50>Result</TH></TR>" 
+  echo ""
+  echo "***************************************************************"
+  echo "$*"
+  echo "***************************************************************"
+}
+
+break_table()
+{
+  html "</TABLE><P>"
+  start_table "$@"
+}
+
+################################ pkits #################################
+# local shell function for positive testcases, calls vfychain, writes 
+# action and options to stdout, sets variable RET and writes results to 
+# the html file results
+########################################################################
+pkits()
+{
+  echo "vfychain -d $PKITSdb -u 4 $*"
+  ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
+  RET=$?
+  CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
+  RET=`expr ${RET} + ${CNT}`
+  cat ${PKITSDIR}/cmdout.txt
+
+  if [ "$RET" -ne 0 ]; then
+      html_failed "${VFY_ACTION} ($RET) "
+      pkits_log "ERROR: ${VFY_ACTION} failed $RET"
+  else
+      html_passed "${VFY_ACTION}"
+      pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
+  fi
+
+  return $RET
+}
+
+################################ pkitsn #################################
+# local shell function for negative testcases, calls vfychain, writes 
+# action and options to stdout, sets variable RET and writes results to 
+# the html file results
+########################################################################
+pkitsn()
+{
+  echo "vfychain -d $PKITSdb -u 4 $*"
+  ${BINDIR}/vfychain -d $PKITSdb -u 4 $* > ${PKITSDIR}/cmdout.txt 2>&1
+  RET=$?
+  CNT=`grep -c ERROR ${PKITSDIR}/cmdout.txt`
+  RET=`expr ${RET} + ${CNT}`
+  cat ${PKITSDIR}/cmdout.txt
+
+  if [ "$RET" -eq 0 ]; then
+      html_failed "${VFY_ACTION} ($RET) "
+      pkits_log "ERROR: ${VFY_ACTION} failed $RET"
+  else
+      html_passed "${VFY_ACTION} ($RET) "
+      pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
+  fi
+  return $RET
+}
+
+################################ crlImport #############################
+# local shell function to import a CRL, calls crlutil -I -i, writes 
+# action and options to stdout
+########################################################################
+crlImport()
+{
+  if [ -z "$NSS_NO_PKITS_CRLS" ]; then
+    echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
+    ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
+    RET=$?
+    cat ${PKITSDIR}/cmdout.txt
+
+    if [ "$RET" -ne 0 ]; then
+        html_failed "${VFY_ACTION} ($RET) "
+        pkits_log "ERROR: ${VFY_ACTION} failed $RET"
+    fi
+  fi
+}
+
+################################ crlImportn #############################
+# local shell function to import an incorrect CRL, calls crlutil -I -i, 
+# writes action and options to stdout
+########################################################################
+crlImportn()
+{
+  RET=0
+  if [ -z "$NSS_NO_PKITS_CRLS" ]; then
+    echo "crlutil -d $PKITSdb -I -f ${PKITSdb}/pw -i $crls/$*"
+    ${BINDIR}/crlutil -d ${PKITSdb} -I -f ${PKITSdb}/pw -i $crls/$* > ${PKITSDIR}/cmdout.txt 2>&1
+    RET=$?
+    cat ${PKITSDIR}/cmdout.txt
+
+    if [ "$RET" -eq 0 ]; then
+        html_failed "${VFY_ACTION} ($RET) "
+        pkits_log "ERROR: ${VFY_ACTION} failed $RET"
+    else
+        html_passed "${VFY_ACTION} ($RET) "
+        pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
+    fi
+  fi
+  return $RET
+}
+
+################################ certImport #############################
+# local shell function to import a Cert, calls certutil -A, writes 
+# action and options to stdout
+########################################################################
+certImport()
+{
+  echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
+  ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
+  RET=$?
+  cat ${PKITSDIR}/cmdout.txt
+
+  if [ "$RET" -ne 0 ]; then
+      html_failed "${VFY_ACTION} ($RET) "
+      pkits_log "ERROR: ${VFY_ACTION} failed $RET"
+  fi
+}
+
+################################ certImportn #############################
+# local shell function to import an incorrect Cert, calls certutil -A, 
+# writes action and options to stdout
+########################################################################
+certImportn()
+{
+  RET=0
+  if [ -z "$NSS_NO_PKITS_CRLS" ]; then
+    echo "certutil -d $PKITSdb -A -t \",,\" -n $* -i $certs/$*.crt"
+    ${BINDIR}/certutil -d $PKITSdb -A -t ",," -n $* -i $certs/$*.crt > ${PKITSDIR}/cmdout.txt 2>&1
+    RET=$?
+    cat ${PKITSDIR}/cmdout.txt
+
+    if [ "$RET" -eq 0 ]; then
+        html_failed "${VFY_ACTION} ($RET) "
+        pkits_log "ERROR: ${VFY_ACTION} failed $RET"
+    else
+        html_passed "${VFY_ACTION} ($RET) "
+        pkits_log "SUCCESS: ${VFY_ACTION} returned as expected $RET"
+    fi
+  fi
+}
+
+############################## pkits_tests_bySection ###################
+# running the various PKITS tests
+########################################################################
+pkits_SignatureVerification()
+{
+  start_table "NIST PKITS Section 4.1: Signature Verification"
+
+  VFY_ACTION="Valid Signatures Test1"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/ValidCertificatePathTest1EE.crt $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid CA Signature Test2"; log_banner
+  certImport BadSignedCACert
+  crlImport BadSignedCACRL.crl
+  pkitsn $certs/InvalidCASignatureTest2EE.crt \
+    $certs/BadSignedCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid EE Signature Test3"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkitsn $certs/InvalidEESignatureTest3EE.crt $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DSA Signatures Test4"; log_banner
+  certImport DSACACert
+  crlImport DSACACRL.crl
+  pkits $certs/ValidDSASignaturesTest4EE.crt $certs/DSACACert.crt
+  restore_db
+
+  # NSS doesn't support DSA parameter inheritance anymore (see bug 671097)
+  # VFY_ACTION="Valid DSA Parameter Inheritance Test5"; log_banner
+  # certImport DSACACert
+  # crlImport DSACACRL.crl
+  # certImport DSAParametersInheritedCACert
+  # crlImport DSAParametersInheritedCACRL.crl
+  # pkits $certs/ValidDSAParameterInheritanceTest5EE.crt \
+  #     $certs/DSAParametersInheritedCACert.crt \
+  #     $certs/DSACACert.crt
+  # restore_db
+
+  VFY_ACTION="Invalid DSA Signature Test6"; log_banner
+  certImport DSACACert
+  crlImport DSACACRL.crl
+  pkitsn $certs/InvalidDSASignatureTest6EE.crt $certs/DSACACert.crt
+  restore_db
+}
+
+pkits_ValidityPeriods()
+{
+  break_table "NIST PKITS Section 4.2: Validity Periods"
+
+  VFY_ACTION="Invalid CA notBefore Date Test1"; log_banner
+  certImport BadnotBeforeDateCACert
+  crlImportn BadnotBeforeDateCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidCAnotBeforeDateTest1EE.crt \
+          $certs/BadnotBeforeDateCACert.crt
+  fi
+  restore_db
+
+  VFY_ACTION="Invalid EE notBefore Date Test2"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkitsn $certs/InvalidEEnotBeforeDateTest2EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid pre2000 UTC notBefore Date Test3"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/Validpre2000UTCnotBeforeDateTest3EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid GeneralizedTime notBefore Date Test4"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/ValidGeneralizedTimenotBeforeDateTest4EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid CA notAfter Date Test5"; log_banner
+  certImport BadnotAfterDateCACert
+  crlImportn BadnotAfterDateCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidCAnotAfterDateTest5EE.crt \
+          $certs/BadnotAfterDateCACert.crt
+  fi
+  restore_db
+
+  VFY_ACTION="Invalid EE notAfter Date Test6"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkitsn $certs/InvalidEEnotAfterDateTest6EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pre2000 UTC EE notAfter Date Test7"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkitsn $certs/Invalidpre2000UTCEEnotAfterDateTest7EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="ValidGeneralizedTime notAfter Date Test8"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/ValidGeneralizedTimenotAfterDateTest8EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+}
+
+pkits_NameChaining()
+{
+  break_table "NIST PKITS Section 4.3: Verifying NameChaining"
+
+  VFY_ACTION="Invalid Name Chaining EE Test1"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkitsn $certs/InvalidNameChainingTest1EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Name Chaining Order Test2"; log_banner
+  certImport NameOrderingCACert
+  crlImport NameOrderCACRL.crl
+  pkitsn $certs/InvalidNameChainingOrderTest2EE.crt \
+      $certs/NameOrderingCACert.crt
+  restore_db
+
+### bug 216123 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Name Chaining Whitespace Test3"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/ValidNameChainingWhitespaceTest3EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Name Chaining Whitespace Test4"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/ValidNameChainingWhitespaceTest4EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Name Chaining Capitalization Test5"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/ValidNameChainingCapitalizationTest5EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+fi
+
+  VFY_ACTION="Valid Name Chaining UIDs Test6"; log_banner
+  certImport UIDCACert
+  crlImport UIDCACRL.crl
+  pkits $certs/ValidNameUIDsTest6EE.crt $certs/UIDCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid RFC3280 Mandatory Attribute Types Test7"; log_banner
+  certImport RFC3280MandatoryAttributeTypesCACert
+  crlImport RFC3280MandatoryAttributeTypesCACRL.crl
+  pkits $certs/ValidRFC3280MandatoryAttributeTypesTest7EE.crt \
+      $certs/RFC3280MandatoryAttributeTypesCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid RFC3280 Optional Attribute Types Test8"; log_banner
+  certImport RFC3280OptionalAttributeTypesCACert
+  crlImport RFC3280OptionalAttributeTypesCACRL.crl
+  pkits $certs/ValidRFC3280OptionalAttributeTypesTest8EE.crt \
+      $certs/RFC3280OptionalAttributeTypesCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid UTF8String Encoded Names Test9"; log_banner
+  certImport UTF8StringEncodedNamesCACert
+  crlImport UTF8StringEncodedNamesCACRL.crl
+  pkits $certs/ValidUTF8StringEncodedNamesTest9EE.crt \
+      $certs/UTF8StringEncodedNamesCACert.crt
+  restore_db
+
+### bug 216123 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Rollover from PrintableString to UTF8String Test10"; log_banner
+  certImport RolloverfromPrintableStringtoUTF8StringCACert
+  crlImport RolloverfromPrintableStringtoUTF8StringCACRL.crl
+  pkits $certs/ValidRolloverfromPrintableStringtoUTF8StringTest10EE.crt \
+      $certs/RolloverfromPrintableStringtoUTF8StringCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid UTF8String case Insensitive Match Test11"; log_banner
+  certImport UTF8StringCaseInsensitiveMatchCACert
+  crlImport UTF8StringCaseInsensitiveMatchCACRL.crl
+  pkits $certs/ValidUTF8StringCaseInsensitiveMatchTest11EE.crt \
+      $certs/UTF8StringCaseInsensitiveMatchCACert.crt
+  restore_db
+fi
+}
+
+pkits_BasicCertRevocation()
+{
+  break_table "NIST PKITS Section 4.4: Basic Certificate Revocation Tests"
+
+### bug 414556 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Missing CRL Test1"; log_banner
+  pkitsn $certs/InvalidMissingCRLTest1EE.crt \
+      $certs/NoCRLCACert.crt
+fi
+
+  VFY_ACTION="Invalid Revoked CA Test2"; log_banner
+  certImport RevokedsubCACert
+  crlImport RevokedsubCACRL.crl
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkitsn $certs/InvalidRevokedCATest2EE.crt \
+     $certs/RevokedsubCACert.crt $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Revoked EE Test3"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkitsn $certs/InvalidRevokedEETest3EE.crt \
+     $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Bad CRL Signature Test4"; log_banner
+  certImport BadCRLSignatureCACert
+  crlImportn BadCRLSignatureCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidBadCRLSignatureTest4EE.crt \
+          $certs/BadCRLSignatureCACert.crt
+  fi
+  restore_db
+
+  VFY_ACTION="Invalid Bad CRL Issuer Name Test5"; log_banner
+  certImport BadCRLIssuerNameCACert
+  crlImportn BadCRLIssuerNameCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidBadCRLIssuerNameTest5EE.crt \
+          $certs/BadCRLIssuerNameCACert.crt
+  fi
+  restore_db
+
+### bug 414556 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Invalid Wrong CRL Test6"; log_banner
+  certImport WrongCRLCACert
+  crlImport WrongCRLCACRL.crl
+  pkitsn $certs/InvalidWrongCRLTest6EE.crt \
+      $certs/WrongCRLCACert.crt
+  restore_db
+fi
+
+  VFY_ACTION="Valid Two CRLs Test7"; log_banner
+  certImport TwoCRLsCACert
+  crlImport TwoCRLsCAGoodCRL.crl
+  crlImportn TwoCRLsCABadCRL.crl
+  pkits $certs/ValidTwoCRLsTest7EE.crt \
+     $certs/TwoCRLsCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Unknown CRL Entry Extension Test8"; log_banner
+  certImport UnknownCRLEntryExtensionCACert
+  crlImportn UnknownCRLEntryExtensionCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidUnknownCRLEntryExtensionTest8EE.crt \
+          $certs/UnknownCRLEntryExtensionCACert.crt
+  fi
+  restore_db
+
+  VFY_ACTION="Invalid Unknown CRL Extension Test9"; log_banner
+  certImport UnknownCRLExtensionCACert
+  crlImportn UnknownCRLExtensionCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidUnknownCRLExtensionTest9EE.crt \
+          $certs/UnknownCRLExtensionCACert.crt
+  fi
+  restore_db
+
+  VFY_ACTION="Invalid Unknown CRL Extension Test10"; log_banner
+  certImport UnknownCRLExtensionCACert
+  crlImportn UnknownCRLExtensionCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidUnknownCRLExtensionTest10EE.crt \
+          $certs/UnknownCRLExtensionCACert.crt
+  fi
+  restore_db
+
+### bug 414563 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Invalid Old CRL nextUpdate Test11"; log_banner
+  certImport OldCRLnextUpdateCACert
+  crlImport OldCRLnextUpdateCACRL.crl
+  pkitsn $certs/InvalidOldCRLnextUpdateTest11EE.crt \
+     $certs/OldCRLnextUpdateCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pre2000 CRL nextUpdate Test12"; log_banner
+  certImport pre2000CRLnextUpdateCACert
+  crlImport pre2000CRLnextUpdateCACRL.crl
+  pkitsn $certs/Invalidpre2000CRLnextUpdateTest12EE.crt \
+     $certs/pre2000CRLnextUpdateCACert.crt
+  restore_db
+fi
+
+  VFY_ACTION="Valid GeneralizedTime CRL nextUpdate Test13"; log_banner
+  certImport GeneralizedTimeCRLnextUpdateCACert
+  crlImport GeneralizedTimeCRLnextUpdateCACRL.crl
+  pkits $certs/ValidGeneralizedTimeCRLnextUpdateTest13EE.crt \
+     $certs/GeneralizedTimeCRLnextUpdateCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Negative Serial Number Test14"; log_banner
+  certImport NegativeSerialNumberCACert
+  crlImport NegativeSerialNumberCACRL.crl
+  pkits $certs/ValidNegativeSerialNumberTest14EE.crt \
+     $certs/NegativeSerialNumberCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Negative Serial Number Test15"; log_banner
+  certImport NegativeSerialNumberCACert
+  crlImport NegativeSerialNumberCACRL.crl
+  pkitsn $certs/InvalidNegativeSerialNumberTest15EE.crt \
+     $certs/NegativeSerialNumberCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Long Serial Number Test16"; log_banner
+  certImport LongSerialNumberCACert
+  crlImport LongSerialNumberCACRL.crl
+  pkits $certs/ValidLongSerialNumberTest16EE.crt \
+     $certs/LongSerialNumberCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Long Serial Number Test17"; log_banner
+  certImport LongSerialNumberCACert
+  crlImport LongSerialNumberCACRL.crl
+  pkits $certs/ValidLongSerialNumberTest17EE.crt \
+     $certs/LongSerialNumberCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Long Serial Number Test18"; log_banner
+  certImport LongSerialNumberCACert
+  crlImport LongSerialNumberCACRL.crl
+  pkitsn $certs/InvalidLongSerialNumberTest18EE.crt \
+     $certs/LongSerialNumberCACert.crt
+  restore_db
+
+### bug 232737 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Separate Certificate and CRL Keys Test19"; log_banner
+  certImport SeparateCertificateandCRLKeysCertificateSigningCACert
+  certImport SeparateCertificateandCRLKeysCRLSigningCert
+  crlImport SeparateCertificateandCRLKeysCRL.crl
+  pkits $certs/ValidSeparateCertificateandCRLKeysTest19EE.crt \
+     $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Separate Certificate and CRL Keys Test20"; log_banner
+  certImport SeparateCertificateandCRLKeysCertificateSigningCACert
+  certImport SeparateCertificateandCRLKeysCRLSigningCert
+  crlImport SeparateCertificateandCRLKeysCRL.crl
+  pkits $certs/InvalidSeparateCertificateandCRLKeysTest20EE.crt \
+     $certs/SeparateCertificateandCRLKeysCRLSigningCert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Separate Certificate and CRL Keys Test21"; log_banner
+  certImport SeparateCertificateandCRLKeysCA2CertificateSigningCACert
+  certImport SeparateCertificateandCRLKeysCA2CRLSigningCert
+  crlImport SeparateCertificateandCRLKeysCA2CRL.crl
+  pkits $certs/InvalidSeparateCertificateandCRLKeysTest21EE.crt \
+     $certs/SeparateCertificateandCRLKeysCA2CRLSigningCert.crt
+  restore_db
+fi
+}
+
+pkits_PathVerificWithSelfIssuedCerts()
+{
+  break_table "NIST PKITS Section 4.5: Self-Issued Certificates"
+
+### bug 232737 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Basic Self-Issued Old With New Test1"; log_banner
+  certImport BasicSelfIssuedNewKeyCACert
+  crlImport BasicSelfIssuedNewKeyCACRL.crl
+  pkits $certs/ValidBasicSelfIssuedOldWithNewTest1EE.crt \
+      $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
+      $certs/BasicSelfIssuedNewKeyCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Basic Self-Issued Old With New Test2"; log_banner
+  certImport BasicSelfIssuedNewKeyCACert
+  crlImport BasicSelfIssuedNewKeyCACRL.crl
+  pkitsn $certs/InvalidBasicSelfIssuedOldWithNewTest2EE.crt \
+      $certs/BasicSelfIssuedNewKeyOldWithNewCACert.crt \
+      $certs/BasicSelfIssuedNewKeyCACert.crt
+  restore_db
+fi
+
+### bugs 321755 & 418769 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Basic Self-Issued New With Old Test3"; log_banner
+  certImport BasicSelfIssuedOldKeyCACert
+  crlImport BasicSelfIssuedOldKeyCACRL.crl
+  pkits $certs/ValidBasicSelfIssuedNewWithOldTest3EE.crt \
+      $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
+      $certs/BasicSelfIssuedOldKeyCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Basic Self-Issued New With Old Test4"; log_banner
+  certImport BasicSelfIssuedOldKeyCACert
+  crlImport BasicSelfIssuedOldKeyCACRL.crl
+  pkits $certs/ValidBasicSelfIssuedNewWithOldTest4EE.crt \
+      $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
+      $certs/BasicSelfIssuedOldKeyCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Basic Self-Issued New With Old Test5"; log_banner
+  certImport BasicSelfIssuedOldKeyCACert
+  crlImport BasicSelfIssuedOldKeyCACRL.crl
+  pkitsn $certs/InvalidBasicSelfIssuedNewWithOldTest5EE.crt \
+      $certs/BasicSelfIssuedOldKeyNewWithOldCACert.crt \
+      $certs/BasicSelfIssuedOldKeyCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Basic Self-Issued CRL Signing Key Test6"; log_banner
+  certImport BasicSelfIssuedCRLSigningKeyCACert
+  crlImport BasicSelfIssuedOldKeyCACRL.crl
+  pkits $certs/ValidBasicSelfIssuedCRLSigningKeyTest6EE.crt \
+      $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
+      $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test7"; log_banner
+  certImport BasicSelfIssuedCRLSigningKeyCACert
+  crlImport BasicSelfIssuedOldKeyCACRL.crl
+  pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest7EE.crt \
+      $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
+      $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Basic Self-Issued CRL Signing Key Test8"; log_banner
+  certImport BasicSelfIssuedCRLSigningKeyCACert
+  crlImport BasicSelfIssuedOldKeyCACRL.crl
+  pkitsn $certs/InvalidBasicSelfIssuedCRLSigningKeyTest8EE.crt \
+      $certs/BasicSelfIssuedCRLSigningKeyCRLCert.crt \
+      $certs/BasicSelfIssuedCRLSigningKeyCACert.crt
+  restore_db
+fi
+}
+
+pkits_BasicConstraints()
+{
+  break_table "NIST PKITS Section 4.6: Verifying Basic Constraints"
+
+  VFY_ACTION="Invalid Missing basicConstraints Test1"; log_banner
+  certImport MissingbasicConstraintsCACert
+  crlImport MissingbasicConstraintsCACRL.crl
+  pkitsn $certs/InvalidMissingbasicConstraintsTest1EE.crt \
+      $certs/MissingbasicConstraintsCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid cA False Test2"; log_banner
+  certImport basicConstraintsCriticalcAFalseCACert
+  crlImport basicConstraintsCriticalcAFalseCACRL.crl
+  pkitsn $certs/InvalidcAFalseTest2EE.crt \
+      $certs/basicConstraintsCriticalcAFalseCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid cA False Test3"; log_banner
+  certImport basicConstraintsNotCriticalcAFalseCACert
+  crlImport basicConstraintsNotCriticalcAFalseCACRL.crl
+  pkitsn $certs/InvalidcAFalseTest3EE.crt \
+      $certs/basicConstraintsNotCriticalcAFalseCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid basicConstraints Not Critical Test4"; log_banner
+  certImport basicConstraintsNotCriticalCACert
+  crlImport basicConstraintsNotCriticalCACRL.crl
+  pkits $certs/ValidbasicConstraintsNotCriticalTest4EE.crt \
+      $certs/basicConstraintsNotCriticalCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pathLenConstraint Test5"; log_banner
+  certImport pathLenConstraint0CACert
+  crlImport pathLenConstraint0CACRL.crl
+  certImport pathLenConstraint0subCACert
+  crlImport pathLenConstraint0subCACRL.crl
+  pkitsn $certs/InvalidpathLenConstraintTest5EE.crt \
+      $certs/pathLenConstraint0subCACert.crt \
+      $certs/pathLenConstraint0CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pathLenConstraint Test6"; log_banner
+  certImport pathLenConstraint0CACert
+  crlImport pathLenConstraint0CACRL.crl
+  certImport pathLenConstraint0subCACert
+  crlImport pathLenConstraint0subCACRL.crl
+  pkitsn $certs/InvalidpathLenConstraintTest6EE.crt \
+      $certs/pathLenConstraint0subCACert.crt \
+      $certs/pathLenConstraint0CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid pathLenConstraint Test7"; log_banner
+  certImport pathLenConstraint0CACert
+  crlImport pathLenConstraint0CACRL.crl
+  pkits $certs/ValidpathLenConstraintTest7EE.crt \
+      $certs/pathLenConstraint0CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid pathLenConstraint test8"; log_banner
+  certImport pathLenConstraint0CACert
+  crlImport pathLenConstraint0CACRL.crl
+  pkits $certs/ValidpathLenConstraintTest8EE.crt \
+      $certs/pathLenConstraint0CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pathLenConstraint Test9"; log_banner
+  certImport pathLenConstraint6CACert
+  crlImport pathLenConstraint6CACRL.crl
+  certImport pathLenConstraint6subCA0Cert
+  crlImport pathLenConstraint6subCA0CRL.crl
+  certImport pathLenConstraint6subsubCA00Cert
+  crlImport pathLenConstraint6subsubCA00CRL.crl
+  pkitsn $certs/InvalidpathLenConstraintTest9EE.crt \
+      $certs/pathLenConstraint6subsubCA00Cert.crt \
+      $certs/pathLenConstraint6subCA0Cert.crt \
+      $certs/pathLenConstraint6CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pathLenConstraint Test10"; log_banner
+  certImport pathLenConstraint6CACert
+  crlImport pathLenConstraint6CACRL.crl
+  certImport pathLenConstraint6subCA0Cert
+  crlImport pathLenConstraint6subCA0CRL.crl
+  certImport pathLenConstraint6subsubCA00Cert
+  crlImport pathLenConstraint6subsubCA00CRL.crl
+  pkitsn $certs/InvalidpathLenConstraintTest10EE.crt \
+      $certs/pathLenConstraint6subsubCA00Cert.crt \
+      $certs/pathLenConstraint6subCA0Cert.crt \
+      $certs/pathLenConstraint6CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pathLenConstraint Test11"; log_banner
+  certImport pathLenConstraint6CACert
+  crlImport pathLenConstraint6CACRL.crl
+  certImport pathLenConstraint6subCA1Cert
+  crlImport pathLenConstraint6subCA1CRL.crl
+  certImport pathLenConstraint6subsubCA11Cert
+  crlImport pathLenConstraint6subsubCA11CRL.crl
+  certImport pathLenConstraint6subsubsubCA11XCert
+  crlImport pathLenConstraint6subsubsubCA11XCRL.crl
+  pkitsn $certs/InvalidpathLenConstraintTest11EE.crt \
+      $certs/pathLenConstraint6subsubsubCA11XCert.crt \
+      $certs/pathLenConstraint6subsubCA11Cert.crt \
+      $certs/pathLenConstraint6subCA1Cert.crt \
+      $certs/pathLenConstraint6CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid pathLenConstraint test12"; log_banner
+  certImport pathLenConstraint6CACert
+  crlImport pathLenConstraint6CACRL.crl
+  certImport pathLenConstraint6subCA1Cert
+  crlImport pathLenConstraint6subCA1CRL.crl
+  certImport pathLenConstraint6subsubCA11Cert
+  crlImport pathLenConstraint6subsubCA11CRL.crl
+  certImport pathLenConstraint6subsubsubCA11XCert
+  crlImport pathLenConstraint6subsubsubCA11XCRL.crl
+  pkitsn $certs/InvalidpathLenConstraintTest12EE.crt \
+      $certs/pathLenConstraint6subsubsubCA11XCert.crt \
+      $certs/pathLenConstraint6subsubCA11Cert.crt \
+      $certs/pathLenConstraint6subCA1Cert.crt \
+      $certs/pathLenConstraint6CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid pathLenConstraint Test13"; log_banner
+  certImport pathLenConstraint6CACert
+  crlImport pathLenConstraint6CACRL.crl
+  certImport pathLenConstraint6subCA4Cert
+  crlImport pathLenConstraint6subCA4CRL.crl
+  certImport pathLenConstraint6subsubCA41Cert
+  crlImport pathLenConstraint6subsubCA41CRL.crl
+  certImport pathLenConstraint6subsubsubCA41XCert
+  crlImport pathLenConstraint6subsubsubCA41XCRL.crl
+  pkits $certs/ValidpathLenConstraintTest13EE.crt \
+      $certs/pathLenConstraint6subsubsubCA41XCert.crt \
+      $certs/pathLenConstraint6subsubCA41Cert.crt \
+      $certs/pathLenConstraint6subCA4Cert.crt \
+      $certs/pathLenConstraint6CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid pathLenConstraint Test14"; log_banner
+  certImport pathLenConstraint6CACert
+  crlImport pathLenConstraint6CACRL.crl
+  certImport pathLenConstraint6subCA4Cert
+  crlImport pathLenConstraint6subCA4CRL.crl
+  certImport pathLenConstraint6subsubCA41Cert
+  crlImport pathLenConstraint6subsubCA41CRL.crl
+  certImport pathLenConstraint6subsubsubCA41XCert
+  crlImport pathLenConstraint6subsubsubCA41XCRL.crl
+  pkits $certs/ValidpathLenConstraintTest14EE.crt \
+      $certs/pathLenConstraint6subsubsubCA41XCert.crt \
+      $certs/pathLenConstraint6subsubCA41Cert.crt \
+      $certs/pathLenConstraint6subCA4Cert.crt \
+      $certs/pathLenConstraint6CACert.crt
+  restore_db
+
+### bug 232737 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Self-Issued pathLenConstraint Test15"; log_banner
+  certImport pathLenConstraint0CACert
+  crlImport pathLenConstraint0CACRL.crl
+  pkits $certs/ValidSelfIssuedpathLenConstraintTest15EE.crt \
+      $certs/pathLenConstraint0SelfIssuedCACert.crt \
+      $certs/pathLenConstraint0CACert.crt
+  restore_db
+fi
+
+  VFY_ACTION="Invalid Self-Issued pathLenConstraint Test16"; log_banner
+  certImport pathLenConstraint0CACert
+  crlImport pathLenConstraint0CACRL.crl
+  certImport pathLenConstraint0subCA2Cert
+  crlImport pathLenConstraint0subCA2CRL.crl
+  pkitsn $certs/InvalidSelfIssuedpathLenConstraintTest16EE.crt \
+      $certs/pathLenConstraint0subCA2Cert.crt \
+      $certs/pathLenConstraint0SelfIssuedCACert.crt \
+      $certs/pathLenConstraint0CACert.crt
+  restore_db
+
+### bug 232737 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Self-Issued pathLenConstraint Test17"; log_banner
+  certImport pathLenConstraint1CACert
+  crlImport pathLenConstraint1CACRL.crl
+  certImport pathLenConstraint1subCACert
+  crlImport pathLenConstraint1subCACRL.crl
+  pkits $certs/ValidSelfIssuedpathLenConstraintTest17EE.crt \
+      $certs/pathLenConstraint1SelfIssuedsubCACert.crt \
+      $certs/pathLenConstraint1subCACert.crt \
+      $certs/pathLenConstraint1SelfIssuedCACert.crt \
+      $certs/pathLenConstraint1CACert.crt
+  restore_db
+fi
+}
+
+pkits_KeyUsage()
+{
+  break_table "NIST PKITS Section 4.7: Key Usage"
+
+  VFY_ACTION="Invalid keyUsage Critical keyCertSign False Test1"; log_banner
+  certImport keyUsageCriticalkeyCertSignFalseCACert
+  crlImport keyUsageCriticalkeyCertSignFalseCACRL.crl
+  pkitsn $certs/InvalidkeyUsageCriticalkeyCertSignFalseTest1EE.crt \
+      $certs/keyUsageCriticalkeyCertSignFalseCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid keyUsage Not Critical keyCertSign False Test2"; log_banner
+  certImport keyUsageNotCriticalkeyCertSignFalseCACert
+  crlImport keyUsageNotCriticalkeyCertSignFalseCACRL.crl
+  pkitsn $certs/InvalidkeyUsageNotCriticalkeyCertSignFalseTest2EE.crt \
+      $certs/keyUsageNotCriticalkeyCertSignFalseCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid keyUsage Not Critical Test3"; log_banner
+  certImport keyUsageNotCriticalCACert
+  crlImport keyUsageNotCriticalCACRL.crl
+  pkits $certs/ValidkeyUsageNotCriticalTest3EE.crt \
+      $certs/keyUsageNotCriticalCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid keyUsage Critical cRLSign False Test4"; log_banner
+  certImport keyUsageCriticalcRLSignFalseCACert
+  crlImportn keyUsageCriticalcRLSignFalseCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidkeyUsageCriticalcRLSignFalseTest4EE.crt \
+          $certs/keyUsageCriticalcRLSignFalseCACert.crt
+  fi
+  restore_db
+
+  VFY_ACTION="Invalid keyUsage Not Critical cRLSign False Test5"; log_banner
+  certImport keyUsageNotCriticalcRLSignFalseCACert
+  crlImportn keyUsageNotCriticalcRLSignFalseCACRL.crl
+  if [ $RET -eq 0 ] ; then 
+      pkitsn $certs/InvalidkeyUsageNotCriticalcRLSignFalseTest5EE.crt \
+          $certs/keyUsageNotCriticalcRLSignFalseCACert.crt
+  fi
+  restore_db
+}
+
+pkits_CertificatePolicies()
+{
+  break_table "NIST PKITS Section 4.8: Certificate Policies"
+
+  VFY_ACTION="All Certificates Same Policy Test1"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/ValidCertificatePathTest1EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="All Certificates No Policies Test2"; log_banner
+  certImport NoPoliciesCACert
+  crlImport NoPoliciesCACRL.crl
+  pkits $certs/AllCertificatesNoPoliciesTest2EE.crt \
+      $certs/NoPoliciesCACert.crt
+  restore_db
+
+  VFY_ACTION="Different Policies Test3"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  certImport PoliciesP2subCACert
+  crlImport PoliciesP2subCACRL.crl
+  pkits $certs/DifferentPoliciesTest3EE.crt \
+      $certs/PoliciesP2subCACert.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Different Policies Test4"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  certImport GoodsubCACert
+  crlImport GoodsubCACRL.crl
+  pkits $certs/DifferentPoliciesTest4EE.crt \
+      $certs/GoodsubCACert.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Different Policies Test5"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  certImport PoliciesP2subCA2Cert
+  crlImport PoliciesP2subCA2CRL.crl
+  pkits $certs/DifferentPoliciesTest5EE.crt \
+      $certs/PoliciesP2subCA2Cert.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Overlapping Policies Test6"; log_banner
+  certImport PoliciesP1234CACert
+  crlImport PoliciesP1234CACRL.crl
+  certImport PoliciesP1234subCAP123Cert
+  crlImport PoliciesP1234subCAP123CRL.crl
+  certImport PoliciesP1234subsubCAP123P12Cert
+  crlImport PoliciesP1234subsubCAP123P12CRL.crl
+  pkits $certs/OverlappingPoliciesTest6EE.crt \
+      $certs/PoliciesP1234subsubCAP123P12Cert.crt \
+      $certs/PoliciesP1234subCAP123Cert.crt \
+      $certs/PoliciesP1234CACert.crt
+  restore_db
+
+  VFY_ACTION="Different Policies Test7"; log_banner
+  certImport PoliciesP123CACert
+  crlImport PoliciesP123CACRL.crl
+  certImport PoliciesP123subCAP12Cert
+  crlImport PoliciesP123subCAP12CRL.crl
+  certImport PoliciesP123subsubCAP12P1Cert
+  crlImport PoliciesP123subsubCAP12P1CRL.crl
+  pkits $certs/DifferentPoliciesTest7EE.crt \
+      $certs/PoliciesP123subsubCAP12P1Cert.crt \
+      $certs/PoliciesP123subCAP12Cert.crt \
+      $certs/PoliciesP123CACert.crt
+  restore_db
+
+  VFY_ACTION="Different Policies Test8"; log_banner
+  certImport PoliciesP12CACert
+  crlImport PoliciesP12CACRL.crl
+  certImport PoliciesP12subCAP1Cert
+  crlImport PoliciesP12subCAP1CRL.crl
+  certImport PoliciesP12subsubCAP1P2Cert
+  crlImport PoliciesP12subsubCAP1P2CRL.crl
+  pkits $certs/DifferentPoliciesTest8EE.crt \
+      $certs/PoliciesP123subsubCAP12P1Cert.crt \
+      $certs/PoliciesP12subCAP1Cert.crt \
+      $certs/PoliciesP12CACert.crt
+  restore_db
+
+  VFY_ACTION="Different Policies Test9"; log_banner
+  certImport PoliciesP123CACert
+  crlImport PoliciesP123CACRL.crl
+  certImport PoliciesP123subCAP12Cert
+  crlImport PoliciesP123subCAP12CRL.crl
+  certImport PoliciesP123subsubCAP12P2Cert
+  crlImport PoliciesP123subsubCAP2P2CRL.crl
+  certImport PoliciesP123subsubsubCAP12P2P1Cert
+  crlImport PoliciesP123subsubsubCAP12P2P1CRL.crl
+  pkits $certs/DifferentPoliciesTest9EE.crt \
+      $certs/PoliciesP123subsubsubCAP12P2P1Cert.crt \
+      $certs/PoliciesP123subsubCAP12P1Cert.crt \
+      $certs/PoliciesP12subCAP1Cert.crt \
+      $certs/PoliciesP12CACert.crt
+  restore_db
+
+  VFY_ACTION="All Certificates Same Policies Test10"; log_banner
+  certImport PoliciesP12CACert
+  crlImport PoliciesP12CACRL.crl
+  pkits $certs/AllCertificatesSamePoliciesTest10EE.crt \
+      $certs/NoPoliciesCACert.crt
+  restore_db
+
+  VFY_ACTION="All Certificates AnyPolicy Test11"; log_banner
+  certImport anyPolicyCACert
+  crlImport anyPolicyCACRL.crl
+  pkits $certs/AllCertificatesanyPolicyTest11EE.crt \
+      $certs/anyPolicyCACert.crt
+  restore_db
+
+  VFY_ACTION="Different Policies Test12"; log_banner
+  certImport PoliciesP3CACert
+  crlImport PoliciesP3CACRL.crl
+  pkits $certs/DifferentPoliciesTest12EE.crt \
+      $certs/PoliciesP3CACert.crt
+  restore_db
+
+  VFY_ACTION="All Certificates Same Policies Test13"; log_banner
+  certImport PoliciesP123CACert
+  crlImport PoliciesP123CACRL.crl
+  pkits $certs/AllCertificatesSamePoliciesTest13EE.crt \
+      $certs/PoliciesP123CACert.crt
+  restore_db
+
+  VFY_ACTION="AnyPolicy Test14"; log_banner
+  certImport anyPolicyCACert
+  crlImport anyPolicyCACRL.crl
+  pkits $certs/AnyPolicyTest14EE.crt \
+      $certs/anyPolicyCACert.crt
+  restore_db
+
+  VFY_ACTION="User Notice Qualifier Test15"; log_banner
+  pkits $certs/UserNoticeQualifierTest15EE.crt
+
+  VFY_ACTION="User Notice Qualifier Test16"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/UserNoticeQualifierTest16EE.crt \
+      $certs/GoodCACert.crt
+
+  VFY_ACTION="User Notice Qualifier Test17"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/UserNoticeQualifierTest17EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="User Notice Qualifier Test18"; log_banner
+  certImport PoliciesP12CACert
+  crlImport PoliciesP12CACRL.crl
+  pkits $certs/UserNoticeQualifierTest18EE.crt \
+      $certs/PoliciesP12CACert.crt
+  restore_db
+
+  VFY_ACTION="User Notice Qualifier Test19"; log_banner
+  pkits $certs/UserNoticeQualifierTest19EE.crt
+
+  VFY_ACTION="CPS Pointer Qualifier Test20"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  pkits $certs/CPSPointerQualifierTest20EE.crt \
+      $certs/GoodCACert.crt
+  restore_db
+}
+
+pkits_RequireExplicitPolicy()
+{
+  break_table "NIST PKITS Section 4.9: Require Explicit Policy"
+
+  VFY_ACTION="Valid RequireExplicitPolicy Test1"; log_banner
+  certImportn requireExplicitPolicy10CACert
+  crlImportn requireExplicitPolicy10CACRL.crl
+  certImport requireExplicitPolicy10subCACert
+  crlImport requireExplicitPolicy10subCACRL.crl
+  certImport requireExplicitPolicy10subsubCACert
+  crlImport requireExplicitPolicy10subsubCACRL.crl
+  certImport requireExplicitPolicy10subsubsubCACert
+  crlImport requireExplicitPolicy10subsubsubCACRL.crl
+  pkits $certs/ValidrequireExplicitPolicyTest1EE.crt \
+      $certs/requireExplicitPolicy10subsubsubCACert.crt \
+      $certs/requireExplicitPolicy10subsubCACert.crt \
+      $certs/requireExplicitPolicy10subCACert.crt \
+      $certs/requireExplicitPolicy10CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid RequireExplicitPolicy Test2"; log_banner
+  certImportn requireExplicitPolicy5CACert
+  crlImportn requireExplicitPolicy5CACRL.crl
+  certImport requireExplicitPolicy5subCACert
+  crlImport requireExplicitPolicy5subCACRL.crl
+  certImport requireExplicitPolicy5subsubCACert
+  crlImport requireExplicitPolicy5subsubCACRL.crl
+  certImport requireExplicitPolicy5subsubsubCACert
+  crlImport requireExplicitPolicy5subsubsubCACRL.crl
+  pkits $certs/ValidrequireExplicitPolicyTest2EE.crt \
+      $certs/requireExplicitPolicy5subsubsubCACert.crt \
+      $certs/requireExplicitPolicy5subsubCACert.crt \
+      $certs/requireExplicitPolicy5subCACert.crt \
+      $certs/requireExplicitPolicy5CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid RequireExplicitPolicy Test3"; log_banner
+  certImportn requireExplicitPolicy4CACert
+  crlImportn requireExplicitPolicy4CACRL.crl
+  certImport requireExplicitPolicy4subCACert
+  crlImport requireExplicitPolicy4subCACRL.crl
+  certImport requireExplicitPolicy4subsubCACert
+  crlImport requireExplicitPolicy4subsubCACRL.crl
+  certImport requireExplicitPolicy4subsubsubCACert
+  crlImport requireExplicitPolicy4subsubsubCACRL.crl
+  pkitsn $certs/InvalidrequireExplicitPolicyTest3EE.crt \
+      $certs/requireExplicitPolicy4subsubsubCACert.crt \
+      $certs/requireExplicitPolicy4subsubCACert.crt \
+      $certs/requireExplicitPolicy4subCACert.crt \
+      $certs/requireExplicitPolicy4CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid RequireExplicitPolicy Test4"; log_banner
+  certImportn requireExplicitPolicy0CACert
+  crlImportn requireExplicitPolicy0CACRL.crl
+  certImport requireExplicitPolicy0subCACert
+  crlImport requireExplicitPolicy0subCACRL.crl
+  certImport requireExplicitPolicy0subsubCACert
+  crlImport requireExplicitPolicy0subsubCACRL.crl
+  certImport requireExplicitPolicy0subsubsubCACert
+  crlImport requireExplicitPolicy0subsubsubCACRL.crl
+  pkits $certs/ValidrequireExplicitPolicyTest4EE.crt \
+      $certs/requireExplicitPolicy0subsubsubCACert.crt \
+      $certs/requireExplicitPolicy0subsubCACert.crt \
+      $certs/requireExplicitPolicy0subCACert.crt \
+      $certs/requireExplicitPolicy0CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid RequireExplicitPolicy Test5"; log_banner
+  certImportn requireExplicitPolicy7CACert
+  crlImportn requireExplicitPolicy7CACRL.crl
+  certImportn requireExplicitPolicy7subCARE2Cert
+  crlImportn requireExplicitPolicy7subCARE2CRL.crl
+  certImportn requireExplicitPolicy7subsubCARE2RE4Cert
+  crlImportn requireExplicitPolicy7subsubCARE2RE4CRL.crl
+  certImport requireExplicitPolicy7subsubsubCARE2RE4Cert
+  crlImport requireExplicitPolicy7subsubsubCARE2RE4CRL.crl
+  pkitsn $certs/InvalidrequireExplicitPolicyTest5EE.crt \
+      $certs/requireExplicitPolicy7subsubsubCARE2RE4Cert.crt \
+      $certs/requireExplicitPolicy7subsubCARE2RE4Cert.crt \
+      $certs/requireExplicitPolicy7subCARE2Cert.crt \
+      $certs/requireExplicitPolicy7CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Self-Issued RequireExplicitPolicy Test6"; log_banner
+  certImportn requireExplicitPolicy2CACert
+  crlImportn requireExplicitPolicy2CACRL.crl
+  pkits $certs/ValidSelfIssuedrequireExplicitPolicyTest6EE.crt \
+      $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
+      $certs/requireExplicitPolicy2CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test7"; log_banner
+  certImportn requireExplicitPolicy2CACert
+  crlImportn requireExplicitPolicy2CACRL.crl
+  certImport requireExplicitPolicy2subCACert
+  crlImport requireExplicitPolicy2subCACRL.crl
+  pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest7EE.crt \
+      $certs/requireExplicitPolicy2subCACert.crt \
+      $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
+      $certs/requireExplicitPolicy2CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued RequireExplicitPolicy Test8"; log_banner
+  certImportn requireExplicitPolicy2CACert
+  crlImportn requireExplicitPolicy2CACRL.crl
+  certImport requireExplicitPolicy2subCACert
+  crlImport requireExplicitPolicy2subCACRL.crl
+  pkitsn $certs/InvalidSelfIssuedrequireExplicitPolicyTest8EE.crt \
+      $certs/requireExplicitPolicy2SelfIssuedsubCACert.crt \
+      $certs/requireExplicitPolicy2subCACert.crt \
+      $certs/requireExplicitPolicy2SelfIssuedCACert.crt \
+      $certs/requireExplicitPolicy2CACert.crt
+  restore_db
+}
+
+pkits_PolicyMappings()
+{
+  break_table "NIST PKITS Section 4.10: Policy Mappings"
+
+  VFY_ACTION="Valid Policy Mapping Test1"; log_banner
+  certImportn Mapping1to2CACert
+  crlImportn Mapping1to2CACRL.crl
+  pkits $certs/ValidPolicyMappingTest1EE.crt \
+      $certs/Mapping1to2CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Policy Mapping Test2"; log_banner
+  certImportn Mapping1to2CACert
+  crlImportn Mapping1to2CACRL.crl
+  pkitsn $certs/InvalidPolicyMappingTest2EE.crt \
+      $certs/Mapping1to2CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test3"; log_banner
+  certImportn P12Mapping1to3CACert
+  crlImportn P12Mapping1to3CACRL.crl
+  certImportn P12Mapping1to3subCACert
+  crlImportn P12Mapping1to3subCACRL.crl
+  certImportn P12Mapping1to3subsubCACert
+  crlImportn P12Mapping1to3subsubCACRL.crl
+  pkits $certs/ValidPolicyMappingTest3EE.crt \
+      $certs/P12Mapping1to3subsubCACert.crt \
+      $certs/P12Mapping1to3subCACert.crt \
+      $certs/P12Mapping1to3CA.crt
+  restore_db
+
+  VFY_ACTION="Invalid Policy Mapping Test4"; log_banner
+  certImportn P12Mapping1to3CACert
+  crlImportn P12Mapping1to3CACRL.crl
+  certImportn P12Mapping1to3subCACert
+  crlImportn P12Mapping1to3subCACRL.crl
+  certImportn P12Mapping1to3subsubCACert
+  crlImportn P12Mapping1to3subsubCACRL.crl
+  pkitsn $certs/InvalidPolicyMappingTest4EE.crt \
+      $certs/P12Mapping1to3subsubCACert.crt \
+      $certs/P12Mapping1to3subCACert.crt \
+      $certs/P12Mapping1to3CA.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test5"; log_banner
+  certImportn P1Mapping1to234CACert
+  crlImportn P1Mapping1to234CACRL.crl
+  certImportn P1Mapping1to234subCACert
+  crlImportn P1Mapping1to234subCACRL.crl
+  pkits $certs/ValidPolicyMappingTest5EE.crt \
+      $certs/P1Mapping1to234subCACert.crt \
+      $certs/P1Mapping1to234CA.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test6"; log_banner
+  certImportn P1Mapping1to234CACert
+  crlImportn P1Mapping1to234CACRL.crl
+  certImportn P1Mapping1to234subCACert
+  crlImportn P1Mapping1to234subCACRL.crl
+  pkits $certs/ValidPolicyMappingTest6EE.crt \
+      $certs/P1Mapping1to234subCACert.crt \
+      $certs/P1Mapping1to234CA.crt
+  restore_db
+
+  VFY_ACTION="Invalid Mapping from anyPolicy Test7"; log_banner
+  certImportn MappingFromanyPolicyCACert
+  crlImportn MappingFromanyPolicyCACRL.crl
+  pkitsn $certs/InvalidMappingFromanyPolicyTest7EE.crt \
+      $certs/MappingFromanyPolicyCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Mapping to anyPolicy Test8"; log_banner
+  certImportn MappingToanyPolicyCACert
+  crlImportn MappingToanyPolicyCACRL.crl
+  pkitsn $certs/InvalidMappingToanyPolicyTest8EE.crt \
+      $certs/MappingToanyPolicyCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test9"; log_banner
+  certImport PanyPolicyMapping1to2CACert
+  crlImport PanyPolicyMapping1to2CACRL.crl
+  pkits $certs/ValidPolicyMappingTest9EE.crt \
+      $certs/PanyPolicyMapping1to2CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Policy Mapping Test10"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  certImportn GoodsubCAPanyPolicyMapping1to2CACert
+  crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
+  pkitsn $certs/InvalidPolicyMappingTest10EE.crt \
+      $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test11"; log_banner
+  certImport GoodCACert
+  crlImport GoodCACRL.crl
+  certImportn GoodsubCAPanyPolicyMapping1to2CACert
+  crlImportn GoodsubCAPanyPolicyMapping1to2CACRL.crl
+  pkits $certs/ValidPolicyMappingTest11EE.crt \
+      $certs/GoodsubCAPanyPolicyMapping1to2CACert.crt \
+      $certs/GoodCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test12"; log_banner
+  certImportn P12Mapping1to3CACert
+  crlImportn P12Mapping1to3CACRL.crl
+  pkits $certs/ValidPolicyMappingTest12EE.crt \
+      $certs/P12Mapping1to3CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test13"; log_banner
+  certImportn P1anyPolicyMapping1to2CACert
+  crlImportn P1anyPolicyMapping1to2CACRL.crl
+  pkits $certs/ValidPolicyMappingTest13EE.crt \
+      $certs/P1anyPolicyMapping1to2CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Policy Mapping Test14"; log_banner
+  certImportn P1anyPolicyMapping1to2CACert
+  crlImportn P1anyPolicyMapping1to2CACRL.crl
+  pkits $certs/ValidPolicyMappingTest14EE.crt \
+      $certs/P1anyPolicyMapping1to2CACert.crt
+  restore_db
+}
+
+
+pkits_InhibitPolicyMapping()
+{
+  break_table "NIST PKITS Section 4.11: Inhibit Policy Mapping"
+
+  VFY_ACTION="Invalid inhibitPolicyMapping Test1"; log_banner
+  certImportn inhibitPolicyMapping0CACert
+  crlImportn inhibitPolicyMapping0CACRL.crl
+  certImportn inhibitPolicyMapping0subCACert
+  crlImportn inhibitPolicyMapping0subCACRL.crl
+  pkitsn $certs/InvalidinhibitPolicyMappingTest1EE.crt \
+      $certs/inhibitPolicyMapping0CACert.crt \
+      $certs/inhibitPolicyMapping0subCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid inhibitPolicyMapping Test2"; log_banner
+  certImportn inhibitPolicyMapping1P12CACert
+  crlImportn inhibitPolicyMapping1P12CACRL.crl
+  certImportn inhibitPolicyMapping1P12subCACert
+  crlImportn inhibitPolicyMapping1P12subCACRL.crl
+  pkits $certs/ValidinhibitPolicyMappingTest2EE.crt \
+      $certs/inhibitPolicyMapping1P12CACert.crt \
+      $certs/inhibitPolicyMapping1P12subCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid inhibitPolicyMapping Test3"; log_banner
+  certImportn inhibitPolicyMapping1P12CACert
+  crlImportn inhibitPolicyMapping1P12CACRL.crl
+  certImportn inhibitPolicyMapping1P12subCACert
+  crlImportn inhibitPolicyMapping1P12subCACRL.crl
+  certImportn inhibitPolicyMapping1P12subsubCACert
+  crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
+  pkitsn $certs/InvalidinhibitPolicyMappingTest3EE.crt \
+      $certs/inhibitPolicyMapping1P12subsubCACert.crt \
+      $certs/inhibitPolicyMapping1P12subCACert.crt \
+      $certs/inhibitPolicyMapping1P12CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid inhibitPolicyMapping Test4"; log_banner
+  certImportn inhibitPolicyMapping1P12CACert
+  crlImportn inhibitPolicyMapping1P12CACRL.crl
+  certImportn inhibitPolicyMapping1P12subCACert
+  crlImportn inhibitPolicyMapping1P12subCACRL.crl
+  certImportn inhibitPolicyMapping1P12subsubCACert
+  crlImportn inhibitPolicyMapping1P12subsubCACRL.crl
+  pkits $certs/ValidinhibitPolicyMappingTest4EE.crt \
+      $certs/inhibitPolicyMapping1P12CACert.crt \
+      $certs/inhibitPolicyMapping1P12subCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid inhibitPolicyMapping Test5"; log_banner
+  certImportn inhibitPolicyMapping5CACert
+  crlImportn inhibitPolicyMapping5CACRL.crl
+  certImportn inhibitPolicyMapping5subCACert
+  crlImportn inhibitPolicyMapping5subCACRL.crl
+  certImport inhibitPolicyMapping5subsubCACert
+  crlImport inhibitPolicyMapping5subsubCACRL.crl
+  pkitsn $certs/InvalidinhibitPolicyMappingTest5EE.crt \
+      $certs/inhibitPolicyMapping5subsubCACert.crt \
+      $certs/inhibitPolicyMapping5subCACert.crt \
+      $certs/inhibitPolicyMapping5CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid inhibitPolicyMapping Test6"; log_banner
+  certImportn inhibitPolicyMapping1P12CACert
+  crlImportn inhibitPolicyMapping1P12CACRL.crl
+  certImportn inhibitPolicyMapping1P12subCAIPM5Cert
+  crlImportn inhibitPolicyMapping1P12subCAIPM5CRL.crl
+  certImport inhibitPolicyMapping1P12subsubCAIPM5Cert
+  crlImportn inhibitPolicyMapping1P12subsubCAIPM5CRL.crl
+  pkitsn $certs/InvalidinhibitPolicyMappingTest6EE.crt \
+      $certs/inhibitPolicyMapping1P12subsubCAIPM5Cert.crt \
+      $certs/inhibitPolicyMapping1P12subCAIPM5Cert.crt \
+      $certs/inhibitPolicyMapping1P12CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Self-Issued inhibitPolicyMapping Test7"; log_banner
+  certImportn inhibitPolicyMapping1P1CACert
+  crlImportn inhibitPolicyMapping1P1CACRL.crl
+  certImportn inhibitPolicyMapping1P1subCACert
+  crlImportn inhibitPolicyMapping1P1subCACRL.crl
+  pkits $certs/ValidSelfIssuedinhibitPolicyMappingTest7EE.crt \
+      $certs/inhibitPolicyMapping1P1subCACert.crt \
+      $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
+      $certs/inhibitPolicyMapping1P1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test8"; log_banner
+  certImportn inhibitPolicyMapping1P1CACert
+  crlImportn inhibitPolicyMapping1P1CACRL.crl
+  certImportn inhibitPolicyMapping1P1subCACert
+  crlImportn inhibitPolicyMapping1P1subCACRL.crl
+  certImport inhibitPolicyMapping1P1subsubCACert
+  crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
+  pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest8EE.crt \
+      $certs/inhibitPolicyMapping1P1subsubCACert.crt \
+      $certs/inhibitPolicyMapping1P1subCACert.crt \
+      $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
+      $certs/inhibitPolicyMapping1P1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test9"; log_banner
+  certImportn inhibitPolicyMapping1P1CACert
+  crlImportn inhibitPolicyMapping1P1CACRL.crl
+  certImportn inhibitPolicyMapping1P1subCACert
+  crlImportn inhibitPolicyMapping1P1subCACRL.crl
+  certImportn inhibitPolicyMapping1P1subsubCACert
+  crlImportn inhibitPolicyMapping1P1subsubCACRL.crl
+  pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest9EE.crt \
+      $certs/inhibitPolicyMapping1P1subsubCACert.crt \
+      $certs/inhibitPolicyMapping1P1subCACert.crt \
+      $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
+      $certs/inhibitPolicyMapping1P1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test10"; log_banner
+  certImportn inhibitPolicyMapping1P1CACert
+  crlImportn inhibitPolicyMapping1P1CACRL.crl
+  certImportn inhibitPolicyMapping1P1subCACert
+  crlImportn inhibitPolicyMapping1P1subCACRL.crl
+  pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest10EE.crt \
+      $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
+      $certs/inhibitPolicyMapping1P1subCACert.crt \
+      $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
+      $certs/inhibitPolicyMapping1P1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued inhibitPolicyMapping Test11"; log_banner
+  certImportn inhibitPolicyMapping1P1CACert
+  crlImportn inhibitPolicyMapping1P1CACRL.crl
+  certImportn inhibitPolicyMapping1P1subCACert
+  crlImportn inhibitPolicyMapping1P1subCACRL.crl
+  pkitsn $certs/InvalidSelfIssuedinhibitPolicyMappingTest11EE.crt \
+      $certs/inhibitPolicyMapping1P1SelfIssuedsubCACert.crt \
+      $certs/inhibitPolicyMapping1P1subCACert.crt \
+      $certs/inhibitPolicyMapping1P1SelfIssuedCACert.crt \
+      $certs/inhibitPolicyMapping1P1CACert.crt
+  restore_db
+}
+
+
+pkits_InhibitAnyPolicy()
+{
+  break_table "NIST PKITS Section 4.12: Inhibit Any Policy"
+
+  VFY_ACTION="Invalid inhibitAnyPolicy Test1"; log_banner
+  certImportn inhibitAnyPolicy0CACert
+  crlImportn inhibitAnyPolicy0CACRL.crl
+  pkitsn $certs/InvalidinhibitAnyPolicyTest1EE.crt \
+      $certs/inhibitAnyPolicy0CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid inhibitAnyPolicy Test2"; log_banner
+  certImportn inhibitAnyPolicy0CACert
+  crlImportn inhibitAnyPolicy0CACRL.crl
+  pkits $certs/ValidinhibitAnyPolicyTest2EE.crt \
+      $certs/inhibitAnyPolicy0CACert.crt
+  restore_db
+
+  VFY_ACTION="inhibitAnyPolicy Test3"; log_banner
+  certImportn inhibitAnyPolicy1CACert
+  crlImportn inhibitAnyPolicy1CACRL.crl
+  certImport inhibitAnyPolicy1subCA1Cert
+  crlImport inhibitAnyPolicy1subCA1CRL.crl
+  pkits $certs/inhibitAnyPolicyTest3EE.crt \
+      $certs/inhibitAnyPolicy1CACert.crt \
+      $certs/inhibitAnyPolicy1subCA1Cert.crt
+  restore_db
+
+  VFY_ACTION="Invalid inhibitAnyPolicy Test4"; log_banner
+  certImportn inhibitAnyPolicy1CACert
+  crlImportn inhibitAnyPolicy1CACRL.crl
+  certImport inhibitAnyPolicy1subCA1Cert
+  crlImport inhibitAnyPolicy1subCA1CRL.crl
+  pkitsn $certs/InvalidinhibitAnyPolicyTest4EE.crt \
+      $certs/inhibitAnyPolicy1CACert.crt \
+      $certs/inhibitAnyPolicy1subCA1Cert.crt
+  restore_db
+
+  VFY_ACTION="Invalid inhibitAnyPolicy Test5"; log_banner
+  certImportn inhibitAnyPolicy5CACert
+  crlImportn inhibitAnyPolicy5CACRL.crl
+  certImportn inhibitAnyPolicy5subCACert
+  crlImportn inhibitAnyPolicy5subCACRL.crl
+  certImport inhibitAnyPolicy5subsubCACert
+  crlImport inhibitAnyPolicy5subsubCACRL.crl
+  pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
+      $certs/inhibitAnyPolicy5CACert.crt \
+      $certs/inhibitAnyPolicy5subCACert.crt \
+      $certs/inhibitAnyPolicy5subsubCACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid inhibitAnyPolicy Test6"; log_banner
+  certImportn inhibitAnyPolicy1CACert
+  crlImportn inhibitAnyPolicy1CACRL.crl
+  certImportn inhibitAnyPolicy1subCAIAP5Cert
+  crlImportn inhibitAnyPolicy1subCAIAP5CRL.crl
+  pkitsn $certs/InvalidinhibitAnyPolicyTest5EE.crt \
+      $certs/inhibitAnyPolicy1CACert.crt \
+      $certs/inhibitAnyPolicy5subCACert.crt \
+      $certs/inhibitAnyPolicy5subsubCACert.crt
+  restore_db
+
+  VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test7"; log_banner
+  certImportn inhibitAnyPolicy1CACert
+  crlImportn inhibitAnyPolicy1CACRL.crl
+  certImport inhibitAnyPolicy1subCA2Cert
+  crlImport inhibitAnyPolicy1subCA2CRL.crl
+  pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest7EE.crt \
+      $certs/inhibitAnyPolicy1CACert.crt \
+      $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
+      $certs/inhibitAnyPolicy1subCA2Cert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test8"; log_banner
+  certImportn inhibitAnyPolicy1CACert
+  crlImportn inhibitAnyPolicy1CACRL.crl
+  certImport inhibitAnyPolicy1subCA2Cert
+  crlImport inhibitAnyPolicy1subCA2CRL.crl
+  certImport inhibitAnyPolicy1subsubCA2Cert
+  crlImport inhibitAnyPolicy1subsubCA2CRL.crl
+  pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest8EE.crt \
+      $certs/inhibitAnyPolicy1CACert.crt \
+      $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
+      $certs/inhibitAnyPolicy1subCA2Cert.crt \
+      $certs/inhibitAnyPolicy1subsubCA2Cert.crt
+  restore_db
+
+  VFY_ACTION="Valid Self-Issued inhibitAnyPolicy Test9"; log_banner
+  certImportn inhibitAnyPolicy1CACert
+  crlImportn inhibitAnyPolicy1CACRL.crl
+  certImport inhibitAnyPolicy1subCA2Cert
+  crlImport inhibitAnyPolicy1subCA2CRL.crl
+  pkits $certs/ValidSelfIssuedinhibitAnyPolicyTest9EE.crt \
+      $certs/inhibitAnyPolicy1CACert.crt \
+      $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
+      $certs/inhibitAnyPolicy1subCA2Cert.crt \
+      $certs/inhibitAnyPolicy1SelfIssuedsubCA2Cert.crt
+  restore_db
+
+  VFY_ACTION="Invalid Self-Issued inhibitAnyPolicy Test10"; log_banner
+  certImportn inhibitAnyPolicy1CACert
+  crlImportn inhibitAnyPolicy1CACRL.crl
+  certImport inhibitAnyPolicy1subCA2Cert
+  crlImport inhibitAnyPolicy1subCA2CRL.crl
+  pkitsn $certs/InvalidSelfIssuedinhibitAnyPolicyTest10EE.crt \
+      $certs/inhibitAnyPolicy1CACert.crt \
+      $certs/inhibitAnyPolicy1SelfIssuedCACert.crt \
+      $certs/inhibitAnyPolicy1subCA2Cert.crt
+  restore_db
+}
+
+
+pkits_NameConstraints()
+{
+  break_table "NIST PKITS Section 4.13: Name Constraints"
+
+  VFY_ACTION="Valid DN nameConstraints Test1"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  pkits $certs/ValidDNnameConstraintsTest1EE.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test2"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest2EE.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test3"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest3EE.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DN nameConstraints Test4"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  pkits $certs/ValidDNnameConstraintsTest4EE.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DN nameConstraints Test5"; log_banner
+  certImport nameConstraintsDN2CACert
+  crlImport nameConstraintsDN2CACRL.crl
+  pkits $certs/ValidDNnameConstraintsTest5EE.crt \
+      $certs/nameConstraintsDN2CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DN nameConstraints Test6"; log_banner
+  certImport nameConstraintsDN3CACert
+  crlImport nameConstraintsDN3CACRL.crl
+  pkits $certs/ValidDNnameConstraintsTest6EE.crt \
+      $certs/nameConstraintsDN3CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test7"; log_banner
+  certImport nameConstraintsDN3CACert
+  crlImport nameConstraintsDN3CACRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest7EE.crt \
+      $certs/nameConstraintsDN3CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test8"; log_banner
+  certImport nameConstraintsDN4CACert
+  crlImport nameConstraintsDN4CACRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest8EE.crt \
+      $certs/nameConstraintsDN4CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test9"; log_banner
+  certImport nameConstraintsDN4CACert
+  crlImport nameConstraintsDN4CACRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest9EE.crt \
+      $certs/nameConstraintsDN4CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test10"; log_banner
+  certImport nameConstraintsDN5CACert
+  crlImport nameConstraintsDN5CACRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest10EE.crt \
+      $certs/nameConstraintsDN5CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DN nameConstraints Test11"; log_banner
+  certImport nameConstraintsDN5CACert
+  crlImport nameConstraintsDN5CACRL.crl
+  pkits $certs/ValidDNnameConstraintsTest11EE.crt \
+      $certs/nameConstraintsDN5CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test12"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  certImport nameConstraintsDN1subCA1Cert
+  crlImport nameConstraintsDN1subCA1CRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest12EE.crt \
+      $certs/nameConstraintsDN1subCA1Cert.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test13"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  certImport nameConstraintsDN1subCA2Cert
+  crlImport nameConstraintsDN1subCA2CRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest13EE.crt \
+      $certs/nameConstraintsDN1subCA2Cert.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DN nameConstraints Test14"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  certImport nameConstraintsDN1subCA2Cert
+  crlImport nameConstraintsDN1subCA2CRL.crl
+  pkits $certs/ValidDNnameConstraintsTest14EE.crt \
+      $certs/nameConstraintsDN1subCA2Cert.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test15"; log_banner
+  certImport nameConstraintsDN3CACert
+  crlImport nameConstraintsDN3CACRL.crl
+  certImport nameConstraintsDN3subCA1Cert
+  crlImport nameConstraintsDN3subCA1CRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest15EE.crt \
+      $certs/nameConstraintsDN3subCA1Cert.crt \
+      $certs/nameConstraintsDN3CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test16"; log_banner
+  certImport nameConstraintsDN3CACert
+  crlImport nameConstraintsDN3CACRL.crl
+  certImport nameConstraintsDN3subCA1Cert
+  crlImport nameConstraintsDN3subCA1CRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest16EE.crt \
+      $certs/nameConstraintsDN3subCA1Cert.crt \
+      $certs/nameConstraintsDN3CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN nameConstraints Test17"; log_banner
+  certImport nameConstraintsDN3CACert
+  crlImport nameConstraintsDN3CACRL.crl
+  certImport nameConstraintsDN3subCA2Cert
+  crlImport nameConstraintsDN3subCA2CRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest17EE.crt \
+      $certs/nameConstraintsDN3subCA2Cert.crt \
+      $certs/nameConstraintsDN3CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DN nameConstraints Test18"; log_banner
+  certImport nameConstraintsDN3CACert
+  crlImport nameConstraintsDN3CACRL.crl
+  certImport nameConstraintsDN3subCA2Cert
+  crlImport nameConstraintsDN3subCA2CRL.crl
+  pkits $certs/ValidDNnameConstraintsTest18EE.crt \
+      $certs/nameConstraintsDN3subCA2Cert.crt \
+      $certs/nameConstraintsDN3CACert.crt
+  restore_db
+
+### bug 232737 ###
+if [ -n "${KNOWN_BUG}" ]; then
+  VFY_ACTION="Valid Self-Issued DN nameConstraints Test19"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  pkits $certs/ValidDNnameConstraintsTest19EE.crt \
+      $certs/nameConstraintsDN1SelfIssuedCACert.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+fi
+
+  VFY_ACTION="Invalid Self-Issued DN nameConstraints Test20"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  pkitsn $certs/InvalidDNnameConstraintsTest20EE.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid RFC822 nameConstraints Test21"; log_banner
+  certImport nameConstraintsRFC822CA1Cert
+  crlImport nameConstraintsRFC822CA1CRL.crl
+  pkits $certs/ValidRFC822nameConstraintsTest21EE.crt \
+      $certs/nameConstraintsRFC822CA1Cert.crt
+  restore_db
+
+  VFY_ACTION="Invalid RFC822 nameConstraints Test22"; log_banner
+  certImport nameConstraintsRFC822CA1Cert
+  crlImport nameConstraintsRFC822CA1CRL.crl
+  pkitsn $certs/InvalidRFC822nameConstraintsTest22EE.crt \
+      $certs/nameConstraintsRFC822CA1Cert.crt
+  restore_db
+
+  VFY_ACTION="Valid RFC822 nameConstraints Test23"; log_banner
+  certImport nameConstraintsRFC822CA2Cert
+  crlImport nameConstraintsRFC822CA2CRL.crl
+  pkits $certs/ValidRFC822nameConstraintsTest23EE.crt \
+      $certs/nameConstraintsRFC822CA2Cert.crt
+  restore_db
+
+  VFY_ACTION="Invalid RFC822 nameConstraints Test24"; log_banner
+  certImport nameConstraintsRFC822CA2Cert
+  crlImport nameConstraintsRFC822CA2CRL.crl
+  pkitsn $certs/InvalidRFC822nameConstraintsTest24EE.crt \
+      $certs/nameConstraintsRFC822CA2Cert.crt
+  restore_db
+
+  VFY_ACTION="Valid RFC822 nameConstraints Test25"; log_banner
+  certImport nameConstraintsRFC822CA3Cert
+  crlImport nameConstraintsRFC822CA3CRL.crl
+  pkits $certs/ValidRFC822nameConstraintsTest25EE.crt \
+      $certs/nameConstraintsRFC822CA3Cert.crt
+  restore_db
+
+  VFY_ACTION="Invalid RFC822 nameConstraints Test26"; log_banner
+  certImport nameConstraintsRFC822CA3Cert
+  crlImport nameConstraintsRFC822CA3CRL.crl
+  pkitsn $certs/InvalidRFC822nameConstraintsTest26EE.crt \
+      $certs/nameConstraintsRFC822CA3Cert.crt
+  restore_db
+
+  VFY_ACTION="Valid DN and RFC822 nameConstraints Test27"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  certImport nameConstraintsDN1subCA3Cert
+  crlImport nameConstraintsDN1subCA3CRL.crl
+  pkits $certs/ValidDNandRFC822nameConstraintsTest27EE.crt \
+      $certs/nameConstraintsDN1subCA3Cert.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN and RFC822 nameConstraints Test28"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  certImport nameConstraintsDN1subCA3Cert
+  crlImport nameConstraintsDN1subCA3CRL.crl
+  pkitsn $certs/InvalidDNandRFC822nameConstraintsTest28EE.crt \
+      $certs/nameConstraintsDN1subCA3Cert.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DN and RFC822 nameConstraints Test29"; log_banner
+  certImport nameConstraintsDN1CACert
+  crlImport nameConstraintsDN1CACRL.crl
+  certImport nameConstraintsDN1subCA3Cert
+  crlImport nameConstraintsDN1subCA3CRL.crl
+  pkitsn $certs/InvalidDNandRFC822nameConstraintsTest29EE.crt \
+      $certs/nameConstraintsDN1subCA3Cert.crt \
+      $certs/nameConstraintsDN1CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DNS nameConstraints Test30"; log_banner
+  certImport nameConstraintsDNS1CACert
+  crlImport nameConstraintsDNS1CACRL.crl
+  pkits $certs/ValidDNSnameConstraintsTest30EE.crt \
+      $certs/nameConstraintsDNS1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DNS nameConstraints Test31"; log_banner
+  certImport nameConstraintsDNS1CACert
+  crlImport nameConstraintsDNS1CACRL.crl
+  pkitsn $certs/InvalidDNSnameConstraintsTest31EE.crt \
+      $certs/nameConstraintsDNS1CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid DNS nameConstraints Test32"; log_banner
+  certImport nameConstraintsDNS2CACert
+  crlImport nameConstraintsDNS2CACRL.crl
+  pkits $certs/ValidDNSnameConstraintsTest32EE.crt \
+      $certs/nameConstraintsDNS2CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DNS nameConstraints Test33"; log_banner
+  certImport nameConstraintsDNS2CACert
+  crlImport nameConstraintsDNS2CACRL.crl
+  pkitsn $certs/InvalidDNSnameConstraintsTest33EE.crt \
+      $certs/nameConstraintsDNS2CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid URI nameConstraints Test34"; log_banner
+  certImport nameConstraintsURI1CACert
+  crlImport nameConstraintsURI1CACRL.crl
+  pkits $certs/ValidURInameConstraintsTest34EE.crt \
+      $certs/nameConstraintsURI1CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid URI nameConstraints Test35"; log_banner
+  certImport nameConstraintsURI1CACert
+  crlImport nameConstraintsURI1CACRL.crl
+  pkitsn $certs/InvalidURInameConstraintsTest35EE.crt \
+      $certs/nameConstraintsURI1CACert.crt
+  restore_db
+
+  VFY_ACTION="Valid URI nameConstraints Test36"; log_banner
+  certImport nameConstraintsURI2CACert
+  crlImport nameConstraintsURI2CACRL.crl
+  pkits $certs/ValidURInameConstraintsTest36EE.crt \
+      $certs/nameConstraintsURI2CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid URI nameConstraints Test37"; log_banner
+  certImport nameConstraintsURI2CACert
+  crlImport nameConstraintsURI2CACRL.crl
+  pkitsn $certs/InvalidURInameConstraintsTest37EE.crt \
+      $certs/nameConstraintsURI2CACert.crt
+  restore_db
+
+  VFY_ACTION="Invalid DNS nameConstraints Test38"; log_banner
+  certImport nameConstraintsDNS1CACert
+  crlImport nameConstraintsDNS1CACRL.crl
+  pkitsn $certs/InvalidDNSnameConstraintsTest38EE.crt \
+      $certs/nameConstraintsDNS1CACert.crt
+  restore_db
+}
+
+pkits_PvtCertExtensions()
+{
+  break_table "NIST PKITS Section 4.16: Private Certificate Extensions"
+
+  VFY_ACTION="Valid Unknown Not Critical Certificate Extension Test1"; log_banner
+  pkits $certs/ValidUnknownNotCriticalCertificateExtensionTest1EE.crt
+
+  VFY_ACTION="Invalid Unknown Critical Certificate Extension Test2"; log_banner
+  pkitsn $certs/InvalidUnknownCriticalCertificateExtensionTest2EE.crt
+}
+
+############################## pkits_cleanup ###########################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+pkits_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+
+################################## main ################################
+pkits_init 
+pkits_SignatureVerification | tee -a $PKITS_LOG
+pkits_ValidityPeriods | tee -a $PKITS_LOG
+pkits_NameChaining | tee -a $PKITS_LOG
+pkits_BasicCertRevocation | tee -a $PKITS_LOG
+pkits_PathVerificWithSelfIssuedCerts | tee -a $PKITS_LOG
+pkits_BasicConstraints | tee -a $PKITS_LOG
+pkits_KeyUsage | tee -a $PKITS_LOG
+if [ -n "$NSS_PKITS_POLICIES" ]; then
+  pkits_CertificatePolicies | tee -a $PKITS_LOG
+  pkits_RequireExplicitPolicy | tee -a $PKITS_LOG
+  pkits_PolicyMappings | tee -a $PKITS_LOG
+  pkits_InhibitPolicyMapping | tee -a $PKITS_LOG
+  pkits_InhibitAnyPolicy | tee -a $PKITS_LOG
+fi
+pkits_NameConstraints | tee -a $PKITS_LOG
+pkits_PvtCertExtensions | tee -a $PKITS_LOG
+pkits_cleanup
+
diff --git a/nss/tests/platformlist b/nss/tests/platformlist
new file mode 100644
index 0000000..19bf821
--- /dev/null
+++ b/nss/tests/platformlist
@@ -0,0 +1,11 @@
+Darwin6.5
+HP-UX_B.11.00_32_bit
+HP-UX_B.11.00_64
+RH_Linux_7.2_(Enigma)
+RH_Linux_7.3_(Valhalla)
+RH_Linux_Advanced_Server_2.1AS_(Pensacola)
+SunOS_5.8_32_bit
+SunOS_5.8_64_bit
+Windows-2000
+Windows-XP
+
diff --git a/nss/tests/platformlist.tbx b/nss/tests/platformlist.tbx
new file mode 100644
index 0000000..435284c
--- /dev/null
+++ b/nss/tests/platformlist.tbx
@@ -0,0 +1,14 @@
+AIX_3_32_bit AIX4.3_DBG.OBJ AIX4.3_OPT.OBJ
+AIX_3_64_bit AIX4.3_DBG.OBJ AIX4.3_OPT.OBJ AIX4.3_64_DBG.OBJ AIX4.3_64_OPT.OBJ
+HP-UX_B.11.00_32_bit  HP-UXB.11.00_DBG.OBJ HP-UXB.11.00_OPT.OBJ
+HP-UX_B.11.00_64_bit  HP-UXB.11.00_DBG.OBJ HP-UXB.11.00_OPT.OBJ 
+OSF1_V4.0 OSF1V4.0D_DBG.OBJ OSF1V4.0D_OPT.OBJ
+OSF1_V5.0 OSF1V5.0_DBG.OBJ OSF1V5.0_OPT.OBJ
+RH_Linux_6.2_(Zoot) Linux2.2_x86_glibc_PTH_DBG.OBJ Linux2.2_x86_glibc_PTH_OPT.OBJ
+RH_Linux_6.1_(Cartman) Linux2.2_x86_glibc_PTH_DBG.OBJ Linux2.2_x86_glibc_PTH_OPT.OBJ
+RH_Linux_6.0_(Hedwig) Linux2.2_x86_glibc_PTH_DBG.OBJ Linux2.2_x86_glibc_PTH_OPT.OBJ
+SunOS_5.6 SunOS5.6_DBG.OBJ SunOS5.6_OPT.OBJ
+SunOS_5.8_32_bit 
+SunOS_5.8_64_bit 
+Windows-2000 WINNT5.0_DBG.OBJ WINNT5.0_OPT.OBJ WIN954.0_DBG.OBJ WIN954.0_OPT.OBJ
+Windows-NT-4.0 WIN954.0_DBG.OBJ WIN954.0_OPT.OBJ WINNT4.0_DBG.OBJ WINNT4.0_OPT.OBJ
diff --git a/nss/tests/qa_stage b/nss/tests/qa_stage
new file mode 100755
index 0000000..f0960c8
--- /dev/null
+++ b/nss/tests/qa_stage
@@ -0,0 +1,336 @@
+#! /bin/sh 
+########################################################################
+#
+# /u/sonmi/bin/qa_stage - /u/svbld/bin/init/nss/qa_stage
+#
+# this script is supposed to convert the tinderbox and daily QA files
+# for use on mozilla.org
+#
+# parameters
+# ----------
+#   nssversion  (supported: 30b, 31, tip)
+#   builddate   (default - today)
+#
+########################################################################
+
+if [ -z "$BUILDNUMBER" ]
+then
+    BUILDNUMBER=1
+fi
+if [ `uname` = "Linux" ] ; then
+    PATH=".:/u/sonmi/bin:/u/sonmi/bin/linux:/usr/bsd:/usr/ucb/:/bin:/usr/bin:/usr/ccs/bin:/usr/sbin:/usr/bin/X11:/usr/etc:/etc:/usr/demos:/usr/demos/bin:/usr/local/bin:/usr/local/X11/bin:/tools/ns/bin"
+    export PATH
+fi
+
+Echo()
+{
+    if [ "$O_SILENT" = "OFF" ] ; then
+        echo $*
+    fi
+}
+
+################################### qa_stage_init ##########################
+# 
+########################################################################
+qa_stage_init()
+{
+    umask 000
+
+    eval_opts $*
+
+    if [ -z "${QAYEAR}" ] ; then 
+        QAYEAR=`date +%Y`
+    elif [ "$QAYEAR" = ""  ] ; then
+        QAYEAR=`date +%Y`
+    fi
+
+    Echo "Init..."
+    DAYBUILD=${QAYEAR}${BUILDDATE}.${BUILDNUMBER}
+    NSS_D0=/share/builds/mccrel3/nss
+    NSS_VER_DIR=${NSS_D0}/nss${NSSVER}
+    NTDIST=${NSS_VER_DIR}/builds/${DAYBUILD}/blowfish_NT4.0_Win95/mozilla/dist
+    UXDIST=${NSS_VER_DIR}/builds/${DAYBUILD}/booboo_Solaris8/mozilla/dist
+    TESTSCRIPTDIR=${NSS_VER_DIR}/builds/${DAYBUILD}/booboo_Solaris8/mozilla/security/nss/tests
+    RESULTDIR=${NSS_VER_DIR}/builds/${DAYBUILD}/booboo_Solaris8/mozilla/tests_results/security
+    TBX_RESULTDIR=${NSS_D0}/nsstip/tinderbox/tests_results/security
+
+    MOZ_D0=/pub/security/nss
+    MOZ_RESULTDIR=${MOZ_D0}/daily_qa/${DAYBUILD}
+    MOZ_TBX_RESULTDIR=${MOZ_D0}/tinderbox
+    
+    export BUILDDATE NSSVER QAYEAR NTDIST UXDIST TESTSCRIPTDIR RESULTDIR 
+
+
+    IPLANET_TBX_URL="http://cindercone.red.iplanet.com${TBX_RESULTDIR}"
+    IPLANET_DQA_URL="http://cindercone.red.iplanet.com${RESULTDIR}"
+
+    MOZ_TBX_URL="ftp://ftp.mozilla.org${MOZ_TBX_RESULTDIR}"
+    MOZ_DQA_URL="ftp://ftp.mozilla.org${MOZ_RESULTDIR}"
+
+    export IPLANET_TBX_URL IPLANET_DQA_URL MOZ_TBX_URL MOZ_DQA_URL
+    STAGE_1=/u/sonmi/tmp/ftp_stage
+    
+    if [ ! -d  $STAGE_1 ] ; then
+        Echo "Staging area daily QA (DQA): $DQA_STAGE does not exist, exit"
+        exit 1
+    fi
+    cd $STAGE_1 || (Echo "Cant cd to $STAGE_1 , exit"; exit)
+    rm all.tar* 2>/dev/null
+    TBX_STAGE=$STAGE_1/tinderbox
+    DQA_STAGE=$STAGE_1/daily_qa/${DAYBUILD}
+    Echo "Staging area tbx: $TBX_STAGE"
+    Echo "Staging area daily QA (DQA): $DQA_STAGE"
+    Echo "Resultdir (sourcedir) for daily QA (RESULTDIR): $RESULTDIR"
+}
+
+################################### qa_stage_dqa ##########################
+# 
+########################################################################
+qa_stage_dqa()
+{
+    Echo "DQA:..."
+    Echo "Resultdir (sourcedir) for daily QA (RESULTDIR): $RESULTDIR"
+#set -x
+    if [ ! -d  $RESULTDIR ] ; then
+        Echo "Resultdir $RESULTDIR does not exist, can't push daily QA"
+        return
+    fi
+    cd $RESULTDIR || return
+    #for w in `find . -name "result*html"`
+    for w in `find . -name "result.html"`
+    do
+        if [ ! -d $DQA_STAGE/`dirname $w` ] ; then
+            mkdir -p $DQA_STAGE/`dirname $w`
+        fi
+        rm $DQA_STAGE/$w 2>/dev/null
+        cat $w | reformat_qa >$DQA_STAGE/$w
+    done
+    for w in `find . -name "output.log" -o  -name "results.html"`
+    do
+#echo $w
+        if [ ! -d $DQA_STAGE/`dirname $w` ] ; then
+            mkdir -p $DQA_STAGE/`dirname $w`
+        fi
+        cp $w $DQA_STAGE/$w
+    done
+}
+
+
+################################### qa_stage_tbx ##########################
+# 
+########################################################################
+qa_stage_tbx()
+{
+    Echo "tbx: "
+    if [ ! -d  $TBX_RESULTDIR ] ; then
+        Echo "TBX_RESULTDIR $TBX_RESULTDIR does not exist"
+        return
+    fi
+    cd $TBX_RESULTDIR || return
+    Echo "find from $TBX_FIND_FROM"
+    for w in `find $TBX_FIND_FROM  -name "result.html"`
+    do
+        if [ ! -d "$TBX_STAGE/`dirname $w`" ] ; then
+            mkdir -p $TBX_STAGE/`dirname $w`
+        fi
+        rm $TBX_STAGE/$w 2>/dev/null
+        cat $w | reformat_qa >$TBX_STAGE/$w
+    done
+    for w in `find $TBX_FIND_FROM -name "output.log" -o  -name "results.html"`
+    do
+        if [ ! -d $TBX_STAGE/`dirname $w` ] ; then
+            mkdir -p $TBX_STAGE/`dirname $w`
+        fi
+        cp $w $TBX_STAGE/$w
+    done
+}
+
+match_tbxdirs()
+{
+    YY=`date +%Y`
+    DD=`date +%d`
+    MM=`date +%m`
+    HH=`date +%H`
+
+    TBX_FIND_FROM="*-$YY$MM$DD-$HH.*"
+    i=$1
+    while [ $i -gt 0 ] ; do
+        i=`expr $i - 1`
+        HH=`expr $HH - 1`
+        if [ $HH -lt 0 ] ; then
+            HH=23
+            DD=`expr $DD - 1`
+            if [ $DD  -eq 0 ] ; then
+                MM=`expr $MM - 1`
+                case $MM in
+                    0)
+                        YY=`expr $YY - 1`
+                        MM=12
+                        DD=31
+                        ;;
+                    [13578]|10|12)
+                        DD=31
+                        ;;
+                    2)
+                        DD=28
+                        ;;
+                    [469]|11)
+                        DD=30
+                        ;;
+                esac
+            fi
+        fi
+        case $MM in
+            [123456789])
+               MM=0$MM
+               ;;
+        esac
+        case $DD in
+            [123456789])
+               DD=0$DD
+               ;;
+        esac
+        case $HH in
+            [0123456789])
+               HH=0$HH
+               ;;
+        esac
+        TBX_FIND_FROM="$TBX_FIND_FROM *-$YY$MM$DD-$HH.*"
+    done
+}
+
+################################### eval_opts ##########################
+# global shell function, evapuates options and parameters, sets flags
+# variables and defaults
+########################################################################
+eval_opts()
+{
+  DO_TBX=OFF
+  DO_DQA=OFF
+  DO_CLEAN=OFF
+  O_SILENT=OFF
+  O_INCREMENTAL=OFF
+  O_MAIL=OFF
+  BUILDDATE=`date +%m%d`
+  NSSVER=tip
+
+  TBX_FIND_FROM="."
+
+  while [ -n "$1" ]
+  do
+    case $1 in
+        -d)
+            DO_DQA=ON
+            ;;
+        -m)
+            O_MAIL=ON
+            shift
+            MAILINGLIST=$1
+            if [ -z "$MAILINGLIST" ]
+            then
+                echo "Error: -m requires a mailinglist to follow, for example sonmi@iplanet.com"
+                exit
+            fi
+            ;;
+        -ti)
+            DO_TBX=ON
+            match_tbxdirs 2
+            O_INCREMENTAL=ON
+            ;;
+        -t)
+            DO_TBX=ON
+            ;;
+        -c)
+            DO_CLEAN=ON
+            ;;
+        -s)
+            O_SILENT=ON
+            ;;
+
+        tip|3[0-9]*)
+            NSSVER=$1
+            ;;
+        [01][0-9][0-3][0-9])
+            BUILDDATE=$1
+            ;;
+    esac
+    shift
+  done
+}
+
+qa_stage_init $*
+
+if [ "$DO_CLEAN" = "ON" ] ; then
+    Echo "Cleaning old stuff"
+    if [ ! -d  $STAGE_1 ] ; then
+        Echo "Staging area daily QA (DQA): $DQA_STAGE does not exist, exit"
+        exit 1
+    fi
+    cd $STAGE_1 || (Echo "Cant cd to $STAGE_1 , exit"; exit)
+    if [ -n "$TBX_STAGE" -a -d "$TBX_STAGE" ] ; then
+        rm -rf $TBX_STAGE/*
+    else
+        Echo "nothing here to clean..."
+    fi
+fi
+if [ "$DO_DQA" = "ON" ] ; then
+    qa_stage_dqa 
+    if [ "$O_MAIL" = "ON" -a -f "$DQA_STAGE/result.html" ] ; then
+         cat $DQA_STAGE/result.html | /usr/sbin/sendmail $MAILINGLIST 
+    fi
+fi
+if [ "$DO_TBX" = "ON" ] ; then
+    qa_stage_tbx
+fi
+if [ ! -d  $STAGE_1 ] ; then
+    Echo "Staging area daily QA (DQA): $DQA_STAGE does not exist, exit"
+    exit 1
+fi
+cd $STAGE_1 || (Echo "Cant cd to $STAGE_1 , exit"; exit)
+Echo "tar..."
+if [ "$O_SILENT" = "ON" ] ; then
+    TARPARAM=cf
+else
+    TARPARAM=cvf
+fi
+
+
+if [ "$DO_DQA" = "ON" -a "$DO_TBX" = "ON" ] ; then
+        Echo "tar $TARPARAM all.tar daily_qa        tinderbox"
+        tar $TARPARAM all.tar daily_qa        tinderbox
+elif [ "$DO_DQA" = "ON" ] ; then
+        Echo "tar $TARPARAM all.tar daily_qa"
+        tar $TARPARAM all.tar daily_qa
+else
+        Echo "tar $TARPARAM all.tar tinderbox"
+        tar $TARPARAM all.tar tinderbox
+fi
+gzip all.tar
+# ssh-agent > /u/sonmi/.ssh/ssh-agent.info
+# setenv like it says in that file
+# ssh-add
+
+SSH_AUTH_SOCK=`grep SSH_AUTH_SOCK /u/sonmi/.ssh/ssh-agent.info | sed -e 's/setenv SSH_AUTH_SOCK //' -e 's/;//'`
+SSH_AGENT_PID=`grep SSH_AGENT_PID /u/sonmi/.ssh/ssh-agent.info | sed -e 's/setenv SSH_AGENT_PID //' -e 's/;//'`
+export SSH_AUTH_SOCK SSH_AGENT_PID
+if [ "$O_SILENT" = "OFF" ] ; then
+   set -x
+   scp all.tar.gz sonmi@stage.mozilla.org:/home/ftp/pub/security/nss
+   ssh -l sonmi stage.mozilla.org '/home/sonmi/bin/nssqa_stage '
+else
+   scp all.tar.gz sonmi@stage.mozilla.org:/home/ftp/pub/security/nss >/dev/null 2>/dev/null 
+   ssh -l sonmi stage.mozilla.org '/home/sonmi/bin/nssqa_stage ' >/dev/null 2>/dev/null 
+fi
+
+#" rlogin huey "
+#" sftp  sonmi@stage.mozilla.org"
+#" cd /home/ftp/pub/security/nss"
+#" lcd tmp/ftp_stage"
+#" put all.tar.gz"
+#" quit "
+#" ssh -l sonmi stage.mozilla.org"
+#" cd /home/ftp/pub/security/nss"
+#" gunzip all.tar.gz"
+#" tar xvf all.tar"
+#" rm all.tar"
+
diff --git a/nss/tests/qa_stat b/nss/tests/qa_stat
new file mode 100755
index 0000000..ddf8dd8
--- /dev/null
+++ b/nss/tests/qa_stat
@@ -0,0 +1,938 @@
+#! /bin/sh 
+########################################################################
+#
+# /u/sonmi/bin/qa_stat - /u/svbld/bin/init/nss/qa_stat
+#
+# this script is supposed to automatically run QA for NSS on all required
+# Unix platforms
+#
+# parameters
+# ----------
+#    nssversion (supported: 30b, 31, tip)
+#    builddate  (default - today)
+#
+# options
+# -------
+#    -y answer all questions with y - use at your own risk...ignores warnings
+#    -s silent (only usefull with -y)
+#    -h, -? - you guessed right - displays this text
+#    -d debug
+#    -f <filename> - write the (error)output to filename
+#    -m <mailinglist> - send filename to mailinglist (csl) only useful
+#        with -f
+#    -cron equivalient to -y -s -d -f $RESULTDIR/$HOST.qa_stat
+#
+########################################################################
+
+O_OPTIONS=ON
+
+TBX_EXIT=49          # in case we are running on a tinderbox build, any
+                          # early exit needs to return an error
+if [ -z "$O_TBX" -o "$O_TBX" = "OFF" ] ; then
+    if [ -z "$O_LOCAL" -o "$O_LOCAL" = "OFF" ] ; then
+        . `dirname $0`/header
+    fi
+fi
+Debug "Sourced header O_TBX=$O_TBX O_LOCAL=$O_LOCAL"
+TBX_EXIT=48
+EARLY_EXIT=TRUE
+
+URL="cindercone.red.iplanet.com"
+
+DOCDIR=/u/sonmi/doc
+
+HTML_ERRORCOLOR=\"#FF0000\"
+HTML_ERRORMSG=Failed
+
+HTML_MISSINGCOLOR=\"#FFFFCC\"
+HTML_MISSINGMSG=Missing
+
+HTML_INCOMPLETECOLOR=$HTML_MISSINGCOLOR
+HTML_INCOMPLETEMSG=Incomplete
+
+HTML_PASSEDCOLOR=\"#66FF99\"
+HTML_PASSEDMSG=Passed
+
+# this file is used to deal with hanging rsh - a new shell is started 
+# for each rsh, and a function is called after it is finished - they
+# communicate with this file
+
+RSH_FILE=$TMP/rsh.$$
+echo >$RSH_FILE
+TMPFILES="$TMPFILES $WARNINGLIST $RSH_FILE "
+RSH_WAIT_TIME=80 #maximum time allowed for the 2 rsh to finish...
+#TOTAL_TESTS=106
+TOTAL_TESTS=252 #tip
+#TOTAL_TESTS=244 #3.4
+#TOTAL_TESTS=123 #3.3.2
+BCT_TOTAL_TESTS=122 #3.2.2
+#TOTAL_TESTS=133 #tip
+
+Debug "NTDIST $NTDIST"
+Debug "UXDIST $UXDIST"
+Debug "TESTSCRIPTDIR $TESTSCRIPTDIR"
+Debug "RESULTDIR $RESULTDIR"
+
+############################### watch_rsh ##############################
+# local shell function, deals with a hanging rsh (kills it...)
+# this function is started as a backgroundprocess before the rsh is started,
+# and writes info to the RSH_FILE, after the rsh is finished it writes finish
+# info to the same file (this time called as a function, forground). 
+# the backgroundprocess stays around for RSH_WAIT_TIME, if then the finish 
+# information is not there attempts to kill the rsh
+#
+# watch_rsh start qa_computername &
+# watch_rsh stop qa_computername 
+#
+########################################################################
+watch_rsh()
+{
+    case $1 in
+        start)
+            echo "$2 started" >>$RSH_FILE
+            sleep $RSH_WAIT_TIME
+            O_ALWAYS_YES=ON # may modify global flags because this is a 
+                            # forked off bg process - kill_by_name otherwise
+                            # will ask the user if it really should be killed 
+            grep "$2 finished" $RSH_FILE >/dev/null || kill_by_name "rsh $2"
+            exit
+            ;;
+        stop)
+            echo "$2 finished" >>$RSH_FILE
+            ;;
+    esac
+}
+
+############################### find_qa_systems ########################
+# local shell function, tries to determine the QA operating system
+# works remotely, and for Windows machines
+########################################################################
+find_qa_systems()
+{
+for QA_SYS in `ls $RESULTDIR | grep '\.1$' | sed -e "s/\..*//" | sort -u`
+do
+    NO_RSH="FALSE"
+    QA_OS=""
+    QA_RHVER=""
+    IS_64=""
+    IS_WIN=""
+
+    grep OS-LINE ${RESULTDIR}/${QA_SYS}.nssqa >/dev/null && NO_RSH=TRUE
+
+    if [ "$NO_RSH" = "TRUE" ]
+    then
+
+        QA_OS=`grep OS-LINE ${RESULTDIR}/${QA_SYS}.nssqa | sort -u | sed \
+            -e "s/.*-OS-LINE: /${QA_SYS}/"`
+        QA_OS_STRING=`echo $QA_OS | sed -e "s/^[_ ]//" -e "s/ /_/g"`
+        echo $QA_OS_STRING >>$PLATFORMLIST
+        if [ "$O_SILENT" != ON ] ; then
+            echo $QA_OS
+        fi
+
+        #grep OS-LINE ${RESULTDIR}/${QA_SYS}.nssqa | sort -u | sed \
+             #-e "s/.*-OS-LINE: /${QA_SYS}_/" >>$PLATFORMLIST
+        #if [ "$O_SILENT" != ON ] ; then
+            #grep OS-LINE ${RESULTDIR}/${QA_SYS}.nssqa | sort -u | sed \
+                 #-e "s/.*-OS-LINE:/${QA_SYS}/" 
+        #fi
+    else
+        REM_SYSNAME=$QA_SYS
+        watch_rsh start $REM_SYSNAME &
+        qa_stat_get_sysinfo $QA_SYS
+        watch_rsh stop $REM_SYSNAME 
+        echo $QA_OS_STRING >>$PLATFORMLIST
+                          # use later for missing list
+    fi
+done
+
+}
+
+################################### qa_stat_init ##########################
+# local shell function, sets the name of the resultfile to:
+#    <filename> if option -f <filename>
+#    $RESULTDIR/result if write permission 
+#        (mozilla/tests_results/security/result)
+#    $HOME/resultNSS${NSSVER}-${BUILDDATE} if no write permission in $RESULTDIR
+########################################################################
+qa_stat_init()
+{
+    if [ $O_FILE = ON -a $O_CRON = OFF ]    # if -f was specified write there 
+    then
+        RFILE=$FILENAME    
+    else
+        RFILE=${RESULTDIR}/result.$$
+        if [ ! -w $RESULTDIR ]
+        then
+            RFILE=$HOME/resultNSS${NSSVER}-${BUILDDATE}.$$
+            Debug "Using alternate resultfile $RFILE"
+        #elif [ $O_CRON = ON ]
+        #then
+             ##find ${RESULTDIR} -exec chmod a+rw {} \;    #FIXME - umask 
+                            ##doesn't seem to work - this is a tmp workaround
+        fi
+    
+        if [ ! -x $RESULTDIR -o ! -r  $RESULTDIR -o ! -w $RESULTDIR ]
+        then
+            glob_usage "$RESULTDIR does not have the right permissions `ls -l $RESULTDIR`"
+        fi
+        if [ -d $RESULTDIR ]
+        then
+            cd $RESULTDIR
+        else
+            glob_usage "$RESULTDIR does not exist"
+        fi
+    fi
+
+    ERRORLIST=${RFILE}.E
+    PLATFORMLIST=${RFILE}.P
+    PERFLIST=${RFILE}.PE
+    TMP_HTML_FILE=${RFILE}.html
+    HTML_FILE=${RESULTDIR}/result.html
+    WARNINGLIST=${RFILE}.W
+    BCMISSINGLIST=${RFILE}.BCM
+    BCERRORLIST=${RFILE}.BCE
+    TMPFILE=${RFILE}.T
+    ML_FILE=${RFILE}.ML
+
+    TMPFILES="$TMPFILES $TMPFILE"
+    TMPFILES="$TMPFILES $ERRORLIST $PLATFORMLIST $PERFLIST $WARNINGLIST \
+       $BCMISSINGLIST $BCERRORLIST $ML_FILE" #FIXME uncomment
+
+    FILENAME=$RFILE        #we might want to mail it...later switch to html file
+    O_FILE="ON"
+
+    rm $ERRORLIST $PLATFORMLIST $PERFLIST $WARNINGLIST \
+       $BCMISSINGLIST $BCERRORLIST $TMP_HTML_FILE  2>/dev/null
+    touch $ERRORLIST $PLATFORMLIST $PERFLIST $WARNINGLIST \
+       $BCMISSINGLIST $BCERRORLIST $TMP_HTML_FILE  2>/dev/null
+
+    if [  $O_WIN = "ON" -a "$O_TBX" = "ON" ] ; then
+        HTML_PATH="http://${URL}${UX_D0}/nss${NSSVER}/tinderbox/tests_results/security/`basename $RESULTDIR`"
+    else
+        HTML_PATH="http://${URL}${RESULTDIR}"
+    fi
+    HREF_TMP_HTML_FILE="${HTML_PATH}/`basename $HTML_FILE`"
+
+    write_qa_header_html >$TMP_HTML_FILE
+}
+
+################################# html_footer #########################
+# local shell function, writes end of the html body
+#######################################################################
+write_qa_header_html()
+{
+echo 'Subject: QA Report ' $NSSVER $BUILDDATE '
+From: sonmi@iplanet.com
+Reply-To: sonmi@iplanet.com
+Content-Type: text/html; charset=us-ascii
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.7 [en] (X11; U; SunOS 5.8 sun4u) [N
+etscape]">
+</head>
+<body>
+<br>
+&nbsp;
+<br>&nbsp;
+<h2>
+<a href="http://tinderbox.mozilla.org/showbuilds.cgi?tree=NSS">Tinderbox</a
+><br>
+<a href="http://cindercone.red.iplanet.com/share/builds/mccrel3/nss/nsstip/tinderbox/tests_results/security/">Tinderbox QA&nbsp;result</a><br>
+<a href="ftp://ftp.mozilla.org/pub/security/nss/daily_qa">Mozilla Daily NSS QA&nbsp;result</a></h2>
+&nbsp;
+
+&nbsp;
+<br>&nbsp;
+<center>
+<h1>
+<a NAME="Top"></a><b><font size=+2>QA&nbsp;Results</font></b></h1></center>
+
+
+<table BORDER WIDTH="100%" NOSAVE >
+<tr>
+<td>&nbsp;<b><font size=+1>Build-OS and version</font></b></td>
+<td><b><font size=+1>QA-OS</font></b></td>
+<td><b><font size=+1>Systemname</font></b></td>
+<td><b><font size=+1>P/F</font></b></td>
+<td><b><font size=+1>result</font></b></td>
+<td><b><font size=+1>output</font></b></td>
+<td><b><font size=+1>errors</font></b></td>
+<td><b><font size=+1>QA time / #</font></b></td>
+</tr>
+'
+}
+
+################################# html_footer #########################
+# local shell function, writes end of the html body
+#######################################################################
+html_footer()
+{
+  echo '</body>'
+  echo '</html>'
+}
+
+################################# setQAsysvars #########################
+# local shell function, sets system specific variables
+########################################################################
+setQAsysvars()
+{
+    if [ "$MACHINE" != "0" ]
+    then
+        MACHINE=`echo $MACHINE | sed -e 's/^bct.//g'`
+        TESTDATE=`ls -ld $MACHINE | awk '{ print $6, $7, $8 }'`
+        TESTNUMBER=`echo $MACHINE | sed -e 's/.*\.//'`
+        SYSNAME=`echo $MACHINE | sed -e 's/\..*//'`
+        Debug "SYSNAME= $SYSNAME"
+
+        if [  "$O_TBX" = "ON" -o "$O_LOCAL" = "ON" ] ; then
+            QA_SYS_OS=$QA_OS
+        else
+            QA_SYS_OS=`grep $SYSNAME $PLATFORMLIST |
+                sed -e 's/
//' | \
+                sort | uniq | sed  -e "s/$SYSNAME//" \
+                -e "s/^_//" | sort | uniq`
+        fi
+        Debug "QA_SYS_OS= $QA_SYS_OS"
+    fi
+    BUILD_SYS=`echo $BUILDPLATFORM | sed -e 's/\.OBJ//' -e 's/_DBG/ Debug/' \
+            -e 's/_OPT/ Optimized/'  -e 's/_64/ 64bit/' -e 's/_glibc_PTH//' \
+            -e 's/_/ /'`
+    Debug "BUILD_SYS=$BUILD_SYS"
+    if [ -f "${RESULTDIR}/${MACHINE}/results.html" ] ; then
+        RESULT="${HTML_PATH}/${MACHINE}/results.html"
+    else
+        RESULT="0"
+    fi
+    if [ -f "${RESULTDIR}/bct/${MACHINE}/results.html" ] ; then
+        BCB_RESULT="${HTML_PATH}/bct/${MACHINE}/results.html"
+    else
+      BCB_RESULT="0"
+    fi
+
+    if [ -f "${RESULTDIR}/${MACHINE}/output.log" ] ; then
+        LOG="${HTML_PATH}/${MACHINE}/output.log"
+    else
+        LOG="0"
+    fi
+    if [ -f "${RESULTDIR}/bct/${MACHINE}/output.log" ] ; then
+        BCB_LOG="${HTML_PATH}/bct/${MACHINE}/output.log"
+    else
+        BCB_LOG="0"
+    fi
+}
+
+################################# html_line() #########################
+# local shell function, writes a line in the html table
+########################################################################
+html_line()
+{
+  echo '<tr NOSAVE>'
+  echo '<td NOSAVE>'$BUILD_SYS'</td>'
+  echo ''
+  if [ "$QA_SYS_OS" != "0" ] ; then
+      echo '<td NOSAVE>'$QA_SYS_OS'</td>'
+  else
+      echo '<td></td>'
+  fi
+  echo ''
+  if [ "$SYSNAME" != "0" ] ; then
+      echo '<td>'$SYSNAME'</td>'
+  else
+      echo '<td></td>'
+  fi
+  #echo '<td>'$SYSNAME $TESTNUMBER $TESTDATE'</td>'
+  echo ''
+  # hopefully we never run more different tests on a tinderbox build...
+  # on win some shells can not handle exit codes greater then 52 (64???)
+  # so for very early exits the codes are set 50-45, for failures later
+  # in the process the higher the number, the more failures
+  if [ "$O_TBX" = "ON" -a "$TBX_EXIT" -gt 45 ] ; then
+      TBX_EXIT=0
+  fi
+  if [ "$1" = "failed" ]
+  then
+      TBX_EXIT=`expr $TBX_EXIT + 1`
+      echo '<td BGCOLOR='$HTML_ERRORCOLOR' NOSAVE><b>'$HTML_ERRORMSG'</b></td>'
+  elif [ "$1" = "passed" ]
+  then
+      echo '<td BGCOLOR='$HTML_PASSEDCOLOR' NOSAVE>'$HTML_PASSEDMSG'</td>'
+  elif [ "$1" = "incomplete" ]
+  then
+      TBX_EXIT=`expr $TBX_EXIT + 1`
+      echo '<td BGCOLOR='$HTML_INCOMPLETECOLOR' NOSAVE>'$HTML_INCOMPLETEMSG'</td>'
+  else
+      TBX_EXIT=`expr $TBX_EXIT + 1`
+      echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE>'$HTML_MISSINGMSG'</td>'    
+  fi
+  if [ "$CURRENT_TABLE" != "BC" ] ; then
+      if [ "$RESULT" = "0" ] ; then
+          echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE>'$HTML_MISSINGMSG'</td>'
+      else
+          echo '<td>&nbsp;<a href="'$RESULT'">result</a>&nbsp;</td>'
+      fi
+      if [ "$LOG" = "0" ] ; then
+          echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE>'$HTML_MISSINGMSG'</td>'
+      else
+          echo '<td>&nbsp;<a href="'$LOG'">log</a>&nbsp;</td>'
+      fi
+      if [ "$1" = "failed" ] ; then
+          echo '<td>&nbsp;<a href="'${HREF_TMP_HTML_FILE}'#errorlist">error</a>&nbsp;</td>'
+      else
+          echo '<td></td>'
+      fi
+  else
+     #<td><b><font size=+1>errors</font></b></td>
+     #<td><b><font size=+1>P/F</font></b></td>
+     #<td><b><font size=+1>P/F</font></b></td>
+
+     #echo '<td><b><font size=+1>All Current</font></b></td>'
+     #echo '<td><b><font size=+1>old dlls</font></b></td>'
+     #echo '<td><b><font size=+1>old executables</font></b></td>'
+      #if [ "$RESULT" != "0" -a "$LOG" != "0" ] ; then
+          #echo '<td><a href="'$RESULT'">result</a>, <a href="'$LOG'">log</td>'
+      #elif [ "$RESULT" = "0" -a "$LOG" != "0" ] ; then
+          #echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE><a href="'$LOG'">log</a></td>'
+      #elif [ "$RESULT" != "0" -a "$LOG" = "0" ] ; then
+          #echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE><a href="'$RESULT'">result</a></td>'
+      #else
+          #echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE>'$HTML_MISSINGMSG'</td>'
+      #fi
+      #if [ "$BCB_RESULT" != "0" -a "$BCB_LOG" != "0" ] ; then
+          #echo '<td><a href="'$BCB_RESULT'">result</a>, <a href="'$BCB_LOG'"> log</td>'
+      #elif [ "$BCB_RESULT" = "0" -a "$BCB_LOG" != "0" ] ; then
+          #echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE><a href="'$BCB_LOG'">log</a></td>'
+      #elif [ "$BCB_RESULT" != "0" -a "$BCB_LOG" = "0" ] ; then
+          #echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE><a href="'$BCB_RESULT'">result</a></td>'
+      #else
+          #echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE>'$HTML_MISSINGMSG'</td>'
+      #fi
+      if [ "$BCB_RESULT" = "0" ] ; then
+          echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE>'$HTML_MISSINGMSG'</td>'
+      else
+          echo '<td>&nbsp;<a href="'$BCB_RESULT'">result</a>&nbsp;</td>'
+      fi
+      if [ "$BCB_LOG" = "0" ] ; then
+          echo '<td BGCOLOR='$HTML_MISSINGCOLOR' NOSAVE>'$HTML_MISSINGMSG'</td>'
+      else
+          echo '<td>&nbsp;<a href="'$BCB_LOG'">log</a>&nbsp;</td>'
+      fi
+  fi
+  echo '<td>'$TESTDATE $TESTNUMBER'</td>'
+  echo '</tr>'
+}
+
+################################# qa_errorlist #########################
+# local shell function, finds problems in the previously run QA
+# linux:the gnu grep, on Linux can output 10 lines above and 3 lines below 
+# the errormessage
+########################################################################
+qa_errorlist()
+{
+    grep "bgcolor=red" ${MACHINES_TO_CHECK}*/results.html | 
+        sed -e 's/.results.html:<TR><TD>/ /' -e 's/<[^>]*>/ /g'
+    grep 'cache hits; .* cache misses, .* cache not reusable' \
+        ${MACHINES_TO_CHECK}*/output.log | 
+        grep strsclnt |
+        grep -v '0 cache hits; 0 cache misses, 0 cache not reusable' | 
+        grep -v ' cache hits; 1 cache misses, 0 cache not reusable'
+    for logfile in ${MACHINES_TO_CHECK}*/output.log; do
+        grep -vi "write to SSL socket" $logfile |
+            grep -vi "HDX PR_Read returned error" |
+            grep -vi "no error" |
+            grep -vi "12285" |
+            grep -i  $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP error 
+            #grep -vi "5938" |  needed for -v option
+            #grep -vi "HDX PR_Read hit EOF" | 
+        grep  -vi "write to SSL socket" $logfile |
+            grep -vi "peer cannot verify" |
+            grep -vi "error" |
+            grep -vi "fatal" |
+            grep -vi "TCP Connection aborted" |
+            grep -vi "TCP connection reset" |
+            grep  $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP  -i failed
+    done
+    grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "segmentation violation" \
+        ${MACHINES_TO_CHECK}*/output.log
+    grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "memory fault" \
+        ${MACHINES_TO_CHECK}*/output.log
+    grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "bus error" \
+        ${MACHINES_TO_CHECK}*/output.log
+    grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "core dumped" \
+        ${MACHINES_TO_CHECK}*/output.log
+    grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP fatal \
+        ${MACHINES_TO_CHECK}*/output.log
+    grep -i  $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP -i\
+        "PKCS12 decode not verified"   ${MACHINES_TO_CHECK}*/output.log
+
+    if [ -n "${MACHINES_TO_CHECK}" ] ; then
+        find ${MACHINES_TO_CHECK}* -name core -print 2>/dev/null |
+            grep -v bct 
+    else
+        find . -name core -print 2>/dev/null |
+            grep -v bct 
+    fi
+}
+
+tbx_missing_platforms ()
+{
+    QA_MISSING="QA report missing"
+    MACHINE="0"
+
+    if [ "$QA_OS_STRING" = "WINNT4.0" ] ; then
+        QA_OS_STRING="Windows-NT-4.0"
+    fi
+    for BUILDPLATFORM in `grep $QA_OS_STRING $TESTSCRIPTDIR/platformlist.tbx`
+    do
+        if [ "$BUILDPLATFORM" != "$QA_OS_STRING" ] ; then
+            Debug  "BUILDPLATFORM = $BUILDPLATFORM QA_OS_STRING = $QA_OS_STRING"
+            grep $BUILDPLATFORM ${MACHINES_TO_CHECK}*/results.html \
+                >/dev/null || {
+                setQAsysvars
+                html_line missing >>$TMP_HTML_FILE
+            }
+        fi
+    done
+}
+
+############################ platform _list ###########################
+# local shell function, generate pass/fail information for each Platform
+########################################################################
+platformlist()
+{
+    grep Platform ${MACHINES_TO_CHECK}*/results.html | 
+        sed -e 's/.results.html:<H4>Platform: /---/' \
+            -e 's/<BR>//' >$TMPFILE
+    # this is done a little complicated to avoid starting a subshell in 
+    # a while read that gets the input from a pipeline, and variables set 
+    #in or underneath this function get unset after done...
+    for  MB in `cat $TMPFILE` ; do
+        MACHINE=`echo $MB | sed -e "s/---.*//"`
+        BUILDPLATFORM=`echo $MB | sed -e "s/.*---//"`
+        grep "${MACHINE}[^0-9]" $ERRORLIST >/dev/null
+        ret=$?
+        setQAsysvars
+        if [ $ret -eq 0 ]
+        then
+            echo "Failed $MACHINE $BUILDPLATFORM" >>$RFILE
+            html_line failed >>$TMP_HTML_FILE
+        else
+            echo "Passed $MACHINE $BUILDPLATFORM" >>$RFILE
+            html_line passed >>$TMP_HTML_FILE
+        fi
+    done 
+}
+
+############################ missing_platforms ###########################
+# local shell function, finds out if we ran on all required platforms
+########################################################################
+missing_platforms()
+{
+    QA_MISSING="QA report missing"
+    MACHINE="0"
+    SYSNAME="0"
+    QA_SYS_OS="0"
+
+    for BUILDPLATFORM in `cat $TESTSCRIPTDIR/platformlist`
+    do
+        grep $BUILDPLATFORM $PLATFORMLIST > /dev/null || {
+            setQAsysvars
+            html_line missing >>$TMP_HTML_FILE
+        }
+    done
+}
+
+############################ incomplete_results ###########################
+# local shell function, finds out if all qa runs were complete
+########################################################################
+incomplete_results ()
+{
+    
+    for w in `ls ${MACHINES_TO_CHECK}*/results.html`
+    do
+      grep bgcolor=red $w || {
+        PASSED_LINES=""
+        PASSED_LINES=`grep bgcolor=lightGreen $w | wc -l`
+        if [ -n "$PASSED_LINES" -a "$PASSED_LINES" -lt "$TOTAL_TESTS" ] ; then
+            BUILDPLATFORM=`grep Platform $w | sed -e 's/<H4>Platform:/    /'                   -e 's/<BR>//'` 
+            MACHINE=`echo $w | sed -e "s/.results.html//"`
+            #MACHINE=`echo $w | sed -e "s/\.[0-9]*.results.html//"`
+            setQAsysvars
+            html_line incomplete >>$TMP_HTML_FILE
+        elif [ "$PASSED_LINES" -gt "$TOTAL_TESTS" ] ; then
+            echo "WARNING - more tests than expected on $w ($PASSED_LINES)" >>$WARNINGLIST
+	fi
+      }
+    done
+}
+
+qa_stat_table()
+{
+    echo '&nbsp;'
+    echo '<br>&nbsp;'
+    echo '<center>'
+    echo '<h1>'
+    echo '<a NAME="'$1'"></a>'$1'</h1></center>'
+    echo '&nbsp;'
+    echo '<table BORDER WIDTH="100%" NOSAVE >'
+    echo '<tr NOSAVE>'
+}
+
+############################### psaperf ########################
+# local shell function, copies results of the daily performance test
+# into a table in the QA report
+########################################################################
+rsaperf()
+{
+    grep RSAPERF */output.log | grep -v "_DBG" > $PERFLIST
+    
+    qa_stat_table "Performance list"
+
+    echo '<td NOSAVE><b><font size=+1>Build-OS and version</font></b></td>'
+    echo '<td><b><font size=+1>Systemname</font></b></td>'
+    echo '<td><b><font size=+1># of iterations</font></b></td>'
+    echo '<td><b><font size=+1>average for one op</font></b></td>'
+    echo '<td><b><font size=+1>Total</font></b></td>'
+    echo '<td><b><font size=+1>QA time / #</font></b></td>'
+    echo '</tr>'
+    cat $PERFLIST | 
+    while read MACHINE BUILDPLATFORM no_iter t1 t2 total total_unit t3 \
+               t4 t5 average average_unit
+    do
+        #caution subshell, variables local to this loop
+        BUILD_SYS=`echo $BUILDPLATFORM | sed -e 's/\.OBJ//' \
+            -e 's/_DBG/ Debug/' \
+            -e 's/_OPT/ Optimized/'  -e 's/_64/ 64bit/' -e 's/_glibc_PTH//' \
+            -e 's/_/ /'`
+        TESTNUMBER=`echo $MACHINE | sed -e 's/[^\.]*\.//' -e 's/\/.*//'`
+        MACHINE=`echo $MACHINE | sed -e 's/\..*//'`
+        TESTDATE=`ls -ld ${MACHINE}.${TESTNUMBER} | awk '{ print $6, $7, $8 }'`
+        echo '<tr>'
+        echo '<td>'$BUILD_SYS'</td>'
+        echo ''
+        echo '<td>'$MACHINE'</td>'
+        echo ''
+        echo '<td>'$no_iter'</td>'
+        echo ''
+        echo '<td>'$average' '$average_unit'</td>'
+        echo ''
+        echo '<td>'$total' '$total_unit'</td>'
+        echo ''
+        echo '<td>'$TESTDATE $TESTNUMBER'</td>'
+        echo ''
+        echo '</tr>'
+    done
+    echo '</table>'
+}
+
+############################### qa_stat_cleanup ########################
+# local shell function, finishes html file, sets variables for global Exit
+########################################################################
+qa_stat_cleanup()
+{
+
+    html_footer >>$TMP_HTML_FILE
+
+    O_DEBUG=OFF
+
+    EARLY_EXIT=FALSE
+    cp $TMP_HTML_FILE $HTML_FILE
+    FILENAME=$HTML_FILE        #we might want to mail it...
+    Exit
+}
+
+
+############################### bc_test ########################
+# local shell function, evaluates the results of the backward u
+# compatibility tests
+########################################################################
+bc_header()
+{
+CURRENT_TABLE="BC"   #so html_line can determine which fields to write
+  
+  qa_stat_table "Backward Compatibility Test"
+  echo '<td NOSAVE><b><font size=+1>Build-OS and version</font></b></td>'
+  echo '<td><b><font size=+1>QA-OS</font></b></td>'
+  echo '<td><b><font size=+1>Systemname</font></b></td>'
+  echo '<td><b><font size=+1>P/F</font></b></td>'
+  #echo '<td><b><font size=+1>All Current</font></b></td>'
+  #echo '<td><b><font size=+1>backward comp. test</font></b></td>'
+  echo '<td><b><font size=+1>result</font></b></td>'
+  echo '<td><b><font size=+1>output</font></b></td>'
+  echo '<td><b><font size=+1>QA time / #</font></b></td>'
+  echo '</tr>'
+
+}
+
+old_bc_test()
+{
+CURRENT_TABLE="BC"   #so html_line can determine which fields to write
+  
+  qa_stat_table "Backward Compatibility Test"
+  echo '<td NOSAVE><b><font size=+1>Build-OS and version</font></b></td>'
+  echo '<td><b><font size=+1>QA-OS</font></b></td>'
+  echo '<td><b><font size=+1>Systemname</font></b></td>'
+  echo '<td><b><font size=+1>P/F</font></b></td>'
+  #echo '<td><b><font size=+1>All Current</font></b></td>'
+  #echo '<td><b><font size=+1>backward comp. test</font></b></td>'
+  echo '<td><b><font size=+1>result</font></b></td>'
+  echo '<td><b><font size=+1>output</font></b></td>'
+  echo '<td><b><font size=+1>QA time / #</font></b></td>'
+  echo '</tr>'
+
+  for w in `ls */results.html`
+  do
+      TMP_RESULT="`dirname $w`/results.tmp"
+      TMP_BC_RESULT="`dirname bct/$w`/results.tmp"
+      rm $TMP_RESULT $TMP_BC_RESULT 2>/dev/null
+      cat $w | sed -e 's/<[^>]*>//g'  -e 's/ /_/g' \
+                   -e 's/signtool_-[vw]/signtool_-vw/' |
+               grep '_[PF]a[si][sl]ed' >$TMP_RESULT
+      cat bct/$w   | sed -e 's/<[^>]*>//g'  -e 's/ /_/g' \
+                         -e 's/signtool_-[vw]/signtool_-vw/' |
+                     grep '_[PF]a[si][sl]ed' >$TMP_BC_RESULT
+      diff $TMP_RESULT $TMP_BC_RESULT    2>>$BCMISSINGLIST |
+           grep -v "Create_objsign_cert_.signtool_-G.*Passed" |
+           grep -v "porting_Alice.s_email_cert" |
+           grep -v "^[0-9,cad]*$" | grep -v "^---$" | grep -v "^---.$" |
+           grep -v "Can.t_run_pk12util_tests_for_NSS_3.2"  >/dev/null && (
+                echo "$w differs" >> $BCMISSINGLIST
+                echo "========================================="
+                echo "diff $w bct/$w"
+                echo "========================================="
+                diff $TMP_RESULT $TMP_BC_RESULT 2>&1 |
+                     grep -v "Create_objsign_cert_.signtool_-G.*Passed" |
+                     grep -v "porting_Alice.s_email_cert" |
+                     grep -v "Can.t_run_pk12util_tests_for_NSS_3.2"  
+           )  2>&1 >>$BCERRORLIST
+
+      #diff -b $w bct/$w  2>>$BCMISSINGLIST | 
+           #grep -v "Create objsign cert .signtool -G.*Passed" |
+           #grep -v "Listing signed files in jar .signtool -v.*Passed" |
+           #grep -v "Listing signed files in jar .signtool -w.*Passed" |
+           #grep -v "backward compatibility" |
+           #grep -v "Can.t run pk12util tests for NSS 3.2" |
+           #grep -v "porting Alice.s email cert " |
+           #grep -v "^---$" | grep -v "^[<> ] $" | 
+           #grep -v "^---.$" | grep -v "^[<> ] .$" | 
+           #grep -v '< </BODY></HTML>' |
+           #grep -v "^[0-9,cad]*$" 2>>$BCMISSINGLIST >/dev/null &&  (
+                #echo "$w differs" >> $BCMISSINGLIST
+                #echo "========================================="
+                #echo "diff $w bct/$w"
+                #echo "========================================="
+                #diff -b $w bct/$w 2>&1 | 
+                     #grep -v "Listing signed files in jar .signtool -v.*Passed" |
+                     #grep -v "Listing signed files in jar .signtool -w.*Passed" |
+                     #grep -v "backward compatibility" |
+                     #grep -v "Can.t run pk12util tests for NSS 3.2" |
+                     #grep -v "porting Alice.s email cert " |
+                     #grep -v "^---$" | grep -v "^[<> ] $" | 
+                     #grep -v "^---.$" | grep -v "^[<> ] .$" | 
+                     #grep -v '< </BODY></HTML>' |
+                     #grep -v "^[0-9,cad]*$" \
+           #)  2>&1 >>$BCERRORLIST
+      rm $TMP_RESULT $TMP_BC_RESULT 2>/dev/null
+  done
+  rm $ERRORLIST
+  cat $BCMISSINGLIST | sed -e "s/^diff: bc_...s.//" \
+                    -e "s/.results.html.*/\/results.html/" | 
+                sort -u > $ERRORLIST
+
+  platformlist  
+  echo '</table>' >>$TMP_HTML_FILE
+
+  head -200 $BCERRORLIST | sed -e 's/<[^>]*>//g' -e "s/^/<br>/" 
+}
+
+bc_test()
+{
+CURRENT_TABLE="BC"   #so html_line can determine which fields to write
+  
+  qa_stat_table "Backward Compatibility Test"
+  echo '<td NOSAVE><b><font size=+1>Build-OS and version</font></b></td>'
+  echo '<td><b><font size=+1>QA-OS</font></b></td>'
+  echo '<td><b><font size=+1>Systemname</font></b></td>'
+  echo '<td><b><font size=+1>P/F</font></b></td>'
+  #echo '<td><b><font size=+1>All Current</font></b></td>'
+  #echo '<td><b><font size=+1>backward comp. test</font></b></td>'
+  echo '<td><b><font size=+1>result</font></b></td>'
+  echo '<td><b><font size=+1>output</font></b></td>'
+  echo '<td><b><font size=+1>QA time / #</font></b></td>'
+  echo '</tr>'
+
+set -x
+  for w in `ls */results.html`
+  do
+      BCT_DIR=`dirname "bct/$w"`
+      BCT_RESULT="bct/$w"
+      BCT_LOG="$BCT_DIR/output.log"
+      grep "bgcolor=red" $BCT_RESULT | 
+           sed -e 's/.results.html:<TR><TD>/ /' -e 's/<[^>]*>/ /g'
+      grep 'cache hits; .* cache misses, .* cache not reusable' \
+        $BCT_LOG |
+        grep -v selfserv |
+        grep -v '0 cache hits; 1 cache misses, 0 cache not reusable' |
+        grep -v '0 cache hits; 0 cache misses, 0 cache not reusable' |
+        grep -v ' cache hits; 1 cache misses, 0 cache not reusable'
+      grep -vi "write to SSL socket" $BCT_LOG |
+        grep -vi "HDX PR_Read returned error" |
+        grep -vi "no error" |
+        grep -vi "12285" |
+        grep -i  $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP error
+      grep  -vi "write to SSL socket" $BCT_LOG |
+        grep -vi "peer cannot verify" |
+        grep -vi "TCP Connection aborted" |
+        grep -vi "error" |
+        grep -vi "fatal" |
+        grep -vi "TCP connection reset" |
+        grep  $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP  -i failed $BCT_LOG
+      grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "segmentation violation"  $BCT_LOG
+      grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "memory fault" $BCT_LOG
+      grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "bus error" $BCT_LOG
+      grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP "core dumped" $BCT_LOG
+      grep -i $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP fatal  $BCT_LOG
+      grep -i  $BEFORE_CONTEXT_GREP $AFTER_CONTEXT_GREP -i "PKCS12 decode not verified"   $BCT_LOG
+      find ${BTC_DIR} -name core -print
+
+  done 2>&1 >>$BCERRORLIST
+  rm $ERRORLIST
+  cat $BCMISSINGLIST | sed -e "s/^diff: bc_...s.//" \
+                    -e "s/.results.html.*/\/results.html/" | 
+                sort -u > $ERRORLIST
+
+  platformlist  
+  echo '</table>' >>$TMP_HTML_FILE
+
+  head -200 $BCERRORLIST | sed -e 's/<[^>]*>//g' -e "s/^/<br>/" 
+}
+
+
+############################### bc_test ########################
+# local shell function, evaluates the results of the backward u
+# compatibility tests
+# move the whole function to old to tests a new solution
+########################################################################
+bc_test_old()
+{
+CURRENT_TABLE="BC"   #so html_line can determine which fields to write
+  
+  qa_stat_table "Backward Compatibility Test"
+  echo '<td NOSAVE><b><font size=+1>Build-OS and version</font></b></td>'
+  echo '<td><b><font size=+1>QA-OS</font></b></td>'
+  echo '<td><b><font size=+1>Systemname</font></b></td>'
+  echo '<td><b><font size=+1>P/F</font></b></td>'
+  #echo '<td><b><font size=+1>All Current</font></b></td>'
+  #echo '<td><b><font size=+1>backward comp. test</font></b></td>'
+  echo '<td><b><font size=+1>result</font></b></td>'
+  echo '<td><b><font size=+1>output</font></b></td>'
+  echo '<td><b><font size=+1>QA time / #</font></b></td>'
+  echo '</tr>'
+
+  for w in `ls */results.html`
+  do
+      diff -b $w bct/$w  2>>$BCMISSINGLIST | 
+           grep -v "Create objsign cert .signtool -G.*Passed" |
+           grep -v "Listing signed files in jar .signtool -v.*Passed" |
+           grep -v "Listing signed files in jar .signtool -w.*Passed" |
+           grep -v "backward compatibility" |
+           grep -v "Can.t run pk12util tests for NSS 3.2" |
+           grep -v "porting Alice.s email cert " |
+           grep -v "^---$" | grep -v "^[<> ] $" | 
+           grep -v "^---.$" | grep -v "^[<> ] .$" | 
+           grep -v '< </BODY></HTML>' |
+           grep -v "^[0-9,cad]*$" 2>>$BCMISSINGLIST >/dev/null &&  (
+                echo "$w differs" >> $BCMISSINGLIST
+                echo "========================================="
+                echo "diff $w bct/$w"
+                echo "========================================="
+                diff -b $w bct/$w 2>&1 | 
+                     grep -v "Listing signed files in jar .signtool -v.*Passed" |
+                     grep -v "Listing signed files in jar .signtool -w.*Passed" |
+                     grep -v "backward compatibility" |
+                     grep -v "Can.t run pk12util tests for NSS 3.2" |
+                     grep -v "porting Alice.s email cert " |
+                     grep -v "^---$" | grep -v "^[<> ] $" | 
+                     grep -v "^---.$" | grep -v "^[<> ] .$" | 
+                     grep -v '< </BODY></HTML>' |
+                     grep -v "^[0-9,cad]*$" \
+           )  2>&1 >>$BCERRORLIST
+  done
+  rm $ERRORLIST
+  cat $BCMISSINGLIST | sed -e "s/^diff: bc_...s.//" \
+                    -e "s/.results.html.*/\/results.html/" | 
+                sort -u > $ERRORLIST
+
+  platformlist  
+  echo '</table>' >>$TMP_HTML_FILE
+
+  head -200 $BCERRORLIST | sed -e 's/<[^>]*>//g' -e "s/^/<br>/" 
+
+}
+
+############################### tbx_main ########################
+# local shell function, tinderbox variation of the qa status script
+########################################################################
+tbx_main()
+{
+    TBX_EXIT=47
+    qa_stat_get_sysinfo # find out the OS we are running and all required tests
+                        # on this OS
+    
+    MACHINES_TO_CHECK=$HOST  #`uname -n` only search the local tests for errors
+    qa_errorlist > $ERRORLIST        # 
+    platformlist 
+    #tbx_missing_platforms  #temp. taken out until we find a better way to
+    #determine if all necessary QA ran - right now we run different 
+    #tinderboxes on one machine
+    incomplete_results 
+    echo '</table>' >>$TMP_HTML_FILE
+    echo '<a NAME="errorlist"></a>' >> $TMP_HTML_FILE
+    cat $ERRORLIST  | sed -e "s/^/<br>/" >>$TMP_HTML_FILE
+
+}
+
+############################### qa_stat_main ########################
+# local shell function, main flow of the qa status script
+########################################################################
+qa_stat_main()
+{
+    find_qa_systems 2>/dev/null
+    MACHINES_TO_CHECK=""   # check all founf qa runs
+    qa_errorlist > $ERRORLIST
+    platformlist 
+    missing_platforms 
+    incomplete_results 
+    echo '</table>' >>$TMP_HTML_FILE
+    echo '<a NAME="errorlist"></a>' >> $TMP_HTML_FILE
+    cat $ERRORLIST  | sed -e "s/^/<br>/" >>$TMP_HTML_FILE
+    cat $WARNINGLIST 2>/dev/null | sed -e "s/^/<br>/" >>$TMP_HTML_FILE 2>/dev/null
+    rsaperf >>$TMP_HTML_FILE
+    bc_header >>$TMP_HTML_FILE
+    MACHINES_TO_CHECK="bct/"
+    TOTAL_TESTS=$BCT_TOTAL_TESTS
+    BEFORE_CONTEXT_GREP="" #WORKAROUND - errors in one outputlog within the first 
+    AFTER_CONTEXT_GREP=""  # or last lines will show up in the next/previos file
+    qa_errorlist > $ERRORLIST
+    platformlist 
+    missing_platforms 
+    incomplete_results 
+    echo '</table>' >>$TMP_HTML_FILE
+    echo '<a NAME="errorlist"></a>' >> $TMP_HTML_FILE
+    cat $ERRORLIST  | sed -e "s/^/<br>/" >>$TMP_HTML_FILE
+    cat $WARNINGLIST 2>/dev/null | sed -e "s/^/<br>/" >>$TMP_HTML_FILE 2>/dev/null
+    #bc_test >>$TMP_HTML_FILE
+}
+
+CURRENT_TABLE="Standard"
+qa_stat_init
+
+if [  "$O_TBX" = "ON" -o "$O_LOCAL" = "ON" ] ; then
+    tbx_main
+else
+    qa_stat_main
+fi
+
+qa_stat_cleanup
diff --git a/nss/tests/qaclean b/nss/tests/qaclean
new file mode 100755
index 0000000..14c71f3
--- /dev/null
+++ b/nss/tests/qaclean
@@ -0,0 +1,144 @@
+#! /bin/sh
+
+########################################################################
+#
+# /u/sonmi/bin/qaclean
+#
+# is supposed to clean up after a "hanging" QA
+#
+# 1) see if there is a lockfile 
+#    if yes: 
+#    1a) kill the process of the lockfile and if possible it's children
+#    1b) rm the lockfile
+# 2) kill selfservers
+# 3) clean up old tmp files
+#
+########################################################################
+
+if [ -z "$TMP" ]
+then
+    if [  -z "$TEMP" ]
+    then
+        TMP="/tmp"
+    else
+        TMP=$TEMP
+    fi
+fi
+if [ ! -w "$TMP" ]
+then
+    echo "Can't write to tmp directory $TMP - exiting"
+    echo "Can't write to tmp directory $TMP - exiting" >&2
+    exit 1
+fi
+
+########################### Ps #########################################
+# platform specific ps
+########################################################################
+Ps()
+{
+    if [ `uname -s` = "SunOS" ]
+    then
+        /usr/5bin/ps -e
+    else
+        ps -e
+    fi
+}
+
+Kill()
+{
+    if [ "$1" = "$$" ]
+    then
+        return
+    fi
+    echo "Killing PID $1"
+    kill $1
+    sleep 1
+    kill -9 $1 2>/dev/null
+}
+
+########################### kill_by_name ################################
+# like killall, only without permissionproblems, kills the process whose 
+# name is given as parameter
+########################################################################
+kill_by_name()
+{
+    echo "Killing all $1"
+ 
+    for PID in `Ps | grep "$1" | grep -v grep | \
+        sed -e "s/^[     ]*//g" -e "s/[     ].*//"`
+    do
+        Kill $PID
+    done
+}
+
+kill_the_rest()
+{
+i=0
+while [ $i -lt $1 ]
+do
+    kill_by_name nssqa
+    kill_by_name selfserv
+    kill_by_name strsclnt
+    kill_by_name all.sh
+    kill_by_name sdr.sh
+    kill_by_name ssl.sh
+    kill_by_name smime.sh
+    i=`expr $i + 1`
+done
+}
+
+nt_warning()
+{
+os_name=`uname -s`
+case $os_name in
+    CYGWIN*|WIN*|Win*)
+        echo
+        echo
+        echo
+        echo "Another Windows problem... If you have not already done so"
+        echo "after this script completes, please reboot, and log in as"
+        echo "user svbld again"
+        echo
+        echo
+        echo
+        ;;
+esac
+}
+
+nt_warning
+case $1 in 
+    -all)
+        for w in tommy booboo kentuckyderby galileo shame axilla columbus \
+                 smarch charm hp64 biggayal orville kwyjibo hbombaix raven \
+                 jordan hornet phaedrus louie box dbldog huey washer dryer \
+                 shabadoo trex bummer compaqtor jellyfish sjsu
+        do
+                echo $w
+                ping $w && rsh $w '/u/sonmi/bin/qaclean'
+        done
+
+        ;;
+    ?*)
+        rsh $1 '/u/sonmi/bin/qaclean'
+        exit
+        ;;
+esac
+
+uname -a
+echo
+
+if [ -f ${TMP}/nssqa.* ]
+then
+    echo "nssqa seems to be running ${TMP}/nssqa.*"
+    #cat ${TMP}/nssqa.*
+    NSSQA_PID=`ls ${TMP}/nssqa.* | sed -e 's/[^.]*\.//'`
+    Kill $NSSQA_PID
+    rm ${TMP}/nssqa.*
+fi
+
+kill_the_rest 3
+ls -l ${TMP}/nsstmp.*
+rm ${TMP}/nsstmp.* 2>/dev/null
+rm ${TMP}/certutilout.* 2>/dev/null
+rm ${TMP}/Pk12*
+nt_warning
diff --git a/nss/tests/remote/Makefile b/nss/tests/remote/Makefile
new file mode 100644
index 0000000..6c6e5bd
--- /dev/null
+++ b/nss/tests/remote/Makefile
@@ -0,0 +1,153 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+TESTPACKAGE="nss-$(OS_TARGET)$(CPU_TAG).tgz"
+RTSH=$(DIST)/../../runtests.sh
+PCFG=$(DIST)/platform.cfg
+
+
+#Hint: In order to test the Makefiles without running the tests, use:
+#      make NSS_CYCLES="standard" NSS_TESTS="dummy"
+
+ifeq ($(OS_TARGET),Android)
+TEST_SHELL?=$$HOME/bin/sh
+ANDROID_PORT?="2222"
+#Define the subset of tests that is known to work on Android
+NSS_CYCLES?="standard pkix upgradedb sharedb"
+NSS_TESTS?="cipher lowhash libpkix cert dbtests tools sdr crmf smime ssl ocsp merge pkits chains"
+NSS_SSL_TESTS?="crl normal_normal iopr"
+NSS_SSL_RUN?="cov auth stress"
+else
+TEST_SHELL?="/bin/sh"
+endif
+
+# Create a package for test execution on a separate system.
+package_for_testing:
+	echo "export OBJDIR=$(OBJDIR_NAME)"     > $(PCFG)
+	echo "export OS_ARCH=$(OS_ARCH)"       >> $(PCFG)
+	echo "export OS_TARGET=$(OS_TARGET)"   >> $(PCFG)
+	echo "export DLL_PREFIX=$(DLL_PREFIX)" >> $(PCFG)
+	echo "export DLL_SUFFIX=$(DLL_SUFFIX)" >> $(PCFG)
+	echo 'echo "set HOST and DOMSUF if your system is not registered in DNS"' > $(RTSH)
+	cat $(PCFG)                                  >> $(RTSH)
+	echo 'export NSS_TESTS=$(NSS_TESTS)'         >> $(RTSH)
+	echo 'export NSS_SSL_TESTS=$(NSS_SSL_TESTS)' >> $(RTSH)
+	echo 'export NSS_SSL_RUN=$(NSS_SSL_RUN)'     >> $(RTSH)
+	echo 'export NSS_CYCLES=$(NSS_CYCLES)'       >> $(RTSH)
+	echo 'export USE_64=$(USE_64)'               >> $(RTSH)
+	echo 'export BUILD_OPT=$(BUILD_OPT)'         >> $(RTSH)
+	echo 'export PKITS_DATA=$(PKITS_DATA)'       >> $(RTSH)
+	echo 'export NSS_DISABLE_ECC=$(NSS_DISABLE_ECC)'                     >> $(RTSH)
+	echo 'export NSPR_LOG_MODULES=$(NSPR_LOG_MODULES)'                   >> $(RTSH)
+ifeq ($(OS_TARGET),Android)
+	# Android doesn't support FIPS tests, because
+	# dladdr does not return a full path for implicitly loaded libraries
+	echo "export NSS_TEST_DISABLE_FIPS=1" >> $(DIST)/platform.cfg
+endif
+ifeq ($(CROSS_COMPILE),1)
+# execute signing on test system
+	echo 'export DIST=$${HOME}/nsstest/dist/'           >> $(RTSH)
+	echo 'export NSPR_LIB_DIR=$${DIST}/$${OBJDIR}/lib/' >> $(RTSH)
+	echo 'echo "signing"'                               >> $(RTSH)
+# work around a bug in Android ash that has a corrupted work directory after login
+	echo 'cd $${HOME}/nsstest'                          >> $(RTSH)
+	echo 'cd nss/cmd/shlibsign'                         >> $(RTSH)
+	echo '$(TEST_SHELL) ./sign.sh $${DIST}/$${OBJDIR}/ $${DIST}/$${OBJDIR}/bin $${OS_TARGET} $${NSPR_LIB_DIR} $${NSPR_LIB_DIR}$${DLL_PREFIX}freebl3.$${DLL_SUFFIX}'  >> $(RTSH)
+	echo '$(TEST_SHELL) ./sign.sh $${DIST}/$${OBJDIR}/ $${DIST}/$${OBJDIR}/bin $${OS_TARGET} $${NSPR_LIB_DIR} $${NSPR_LIB_DIR}$${DLL_PREFIX}softokn3.$${DLL_SUFFIX}' >> $(RTSH)
+	echo '$(TEST_SHELL) ./sign.sh $${DIST}/$${OBJDIR}/ $${DIST}/$${OBJDIR}/bin $${OS_TARGET} $${NSPR_LIB_DIR} $${NSPR_LIB_DIR}$${DLL_PREFIX}nssdbm3.$${DLL_SUFFIX}'  >> $(RTSH)
+ifneq ($(OS_TARGET),Android)
+# Android's ash doesn't support "export -n" yet
+	echo 'export -n DIST'                          >> $(RTSH)
+	echo 'export -n NSPR_LIB_DIR'                  >> $(RTSH)
+endif
+	echo 'cd ../../../'                            >> $(RTSH)
+endif
+	echo 'rm -rf tests_results'                    >> $(RTSH)
+	echo 'echo "running tests"'                    >> $(RTSH)
+	echo 'cd nss/tests'                            >> $(RTSH)
+	# We require progress indication on stdout while running the tests (to avoid timeouts).
+	set -o pipefail
+	echo '$(TEST_SHELL) ./all.sh | tee ../../logfile 2>&1 |grep ": #"'          >> $(RTSH)
+	RETVAL=$?
+	echo 'cd ../../'                               >> $(RTSH)
+	# dump test summary from end of logfile
+	echo 'echo "=========="; tail -100 logfile'    >> $(RTSH)
+	echo 'tar czf tests_results.tgz tests_results'                              >> $(RTSH)
+	echo 'echo "created tests_results.tgz"'                                     >> $(RTSH)
+	echo 'echo "results are in directory: "`ls -1d tests_results/security/*.1`' >> $(RTSH)
+	echo 'echo exit status: $${RETVAL}'                                         >> $(RTSH)
+	echo 'exit $${RETVAL}'                                                      >> $(RTSH)
+	rm -f $(TESTPACKAGE)
+	(cd $(DIST)/../.. ; tar czhf dist/$(TESTPACKAGE) runtests.sh dist/$(OBJDIR_NAME) dist/public nss/tests nss/cmd/bltest/tests nss/cmd/pk11gcmtest/tests nss/cmd/shlibsign; echo "created "`pwd`"/dist/$(TESTPACKAGE)" )
+
+android_run_tests:
+	ssh -p $(ANDROID_PORT) -o CheckHostIP=no $(ANDROID_ADDR)  'pwd; cd; pwd; cd nsstest; export PATH=$$HOME/bin:$$PATH ; $(TEST_SHELL) runtests.sh'
+
+android_install:
+	rm -f $(DIST)/android.sftp
+	echo '-mkdir nsstest' > $(DIST)/android.sftp
+	echo '-rm nsstest/$(TESTPACKAGE)' >> $(DIST)/android.sftp
+	echo 'progress' >> $(DIST)/android.sftp
+	echo 'put $(DIST)/../$(TESTPACKAGE) nsstest' >> $(DIST)/android.sftp
+	sftp -o Port=$(ANDROID_PORT) -o CheckHostIP=no -b $(DIST)/android.sftp $(ANDROID_ADDR)
+	ssh -p $(ANDROID_PORT) -o CheckHostIP=no $(ANDROID_ADDR)  'cd nsstest ; $$HOME/bin/rm -rf logfile runtests.sh dist security tests_results tests_results.tgz;  $$HOME/bin/tar xzf $(TESTPACKAGE)'
+
+WORKDIR="$(DIST)/../../"
+RESULTSPACKAGE=tests_results.tgz
+android_get_result:
+	rm -f $(WORKDIR)/result.sftp $(WORKDIR)/$(RESULTSPACKAGE)
+	echo "progress" > $(WORKDIR)/result.sftp
+	echo 'get nsstest/$(RESULTSPACKAGE) $(WORKDIR)' >> $(WORKDIR)/result.sftp
+	sftp -o Port=$(ANDROID_PORT) -o CheckHostIP=no -b $(WORKDIR)/result.sftp $(ANDROID_ADDR) 
+	(cd $(WORKDIR); tar xzf $(RESULTSPACKAGE); rm -f result.sftp $(RESULTSPACKAGE) )
+
+# Android testing assumes having built with: OS_TARGET=Android CROSS_COMPILE=1
+# Connectivity tested with Android app: SSHDroid
+# Provide appropriate ANDROID_ADDR variable, e.g.:
+#   make test_android ANDROID_ADDR=root@192.168.4.5
+# See also: https://wiki.mozilla.org/NSS:Android
+
+test_android: package_for_testing android_install android_run_tests android_get_result
diff --git a/nss/tests/remote/manifest.mn b/nss/tests/remote/manifest.mn
new file mode 100644
index 0000000..049f161
--- /dev/null
+++ b/nss/tests/remote/manifest.mn
@@ -0,0 +1,6 @@
+# 
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH      = ../..
diff --git a/nss/tests/run_niscc.sh b/nss/tests/run_niscc.sh
new file mode 100755
index 0000000..def3fd0
--- /dev/null
+++ b/nss/tests/run_niscc.sh
@@ -0,0 +1,982 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#
+# PRIOR TO RUNNING THIS SCRIPT
+# you should adjust MAIL_COMMAND and QA_LIST
+#
+# External dependencies:
+# - install the NISCC test files, e.g. at /niscc (readonly OK)
+# - libfaketimeMT because the test certificates have expired
+# - build environment for building NSS
+# - gdb to analyze core files
+# - a command line mail tool (e.g. mailx)
+# - openssl to combine input PEM files into pkcs#12
+# - curl for obtaining version information from the web
+#
+
+################################################################################
+# Print script usage
+################################################################################
+usage()
+{
+    cat << EOF
+Usage: $0 [options]
+
+Test NSS library against NISCC SMIME and TLS testcases.
+
+Options:
+ -h, --help           print this help message and exit
+ -v, --verbose        enable extra verbose output
+     --niscc-home DIR use NISCC testcases from directory DIR (default /niscc)
+     --host HOST      use host HOST (default '127.0.0.1')
+     --threads X      set thread number to X (max. 10, default 10)
+     --out DIR        set DIR as output directory (default '/out')
+     --mail ADDRESS   send mail with test result to ADDRESS
+     --nss DIR        set NSS directory to DIR (default '~/niscc-hg/nss')
+     --nss-hack DIR   set hacked NSS directory to DIR (default '~/niscc-hg/nss_hack')
+     --log-store      store all the logs (only summary by default)
+     --no-build-test  don't pull and build tested NSS
+     --no-build-hack  don't pull and build hacked NSS
+     --test-system    test system installed NSS
+     --date DATE      use DATE in log archive name and outgoing email
+     --libfaketime path.so  use faketime library with LD_PRELOAD=path.so
+     --smallset       test only a very small subset
+
+All options are optional.
+All options (and possibly more) can be also set through environment variables.
+Commandline options have higher priority than environment variables.
+For more information please refer to the source code of this script.
+
+For a successfull run the script NEEDS the core file pattern to be 'core.*',
+e.g. 'core.%t'. You can check the current pattern in
+'/proc/sys/kernel/core_pattern'. Otherwise the test will be unable to detect
+any failures and will pass every time.
+
+It is recommended to use hacked and tested binaries in a location, where their
+absolute path is max. 80 characters. If their path is longer and a core file is
+generated, its properties may be incomplete.
+
+Return value of the script indicates how many failures it experienced.
+
+EOF
+    exit $1
+}
+
+################################################################################
+# Process command-line arguments
+################################################################################
+process_args()
+{
+    HELP="false"
+    args=`getopt -u -l "niscc-home:,host:,threads:,out:,verbose,mail:,nss:,nss-hack:,log-store,no-build-test,no-build-hack,help,test-system,date:,libfaketime:,smallset" -- "hv" $*`
+    [ "$?" != "0" ] && usage 1
+    set -- $args
+    for i; do
+        case "$i" in
+            -v|--verbose)
+                shift
+                VERBOSE="-v"
+                ;;
+            --niscc-home)
+                shift
+                NISCC_HOME="$1"
+                shift
+                ;;
+            --host)
+                shift
+                HOST="$1"
+                shift
+                ;;
+            --threads)
+                shift
+                THREADS="$1"
+                shift
+                ;;
+            --out)
+                shift
+                TEST_OUTPUT="$1"
+                shift
+                ;;
+            --mail)
+                shift
+                USE_MAIL="true"
+                QA_LIST="$1"
+                shift
+                ;;
+            --nss)
+                shift
+                LOCALDIST="$1"
+                shift
+                ;;
+            --nss-hack)
+                shift
+                NSS_HACK="$1"
+                shift
+                ;;
+            --log-store)
+                shift
+                LOG_STORE="true"
+                ;;
+            --no-build-test)
+                shift
+                NO_BUILD_TEST="true"
+                ;;
+            --no-build-hack)
+                shift
+                NO_BUILD_HACK="true"
+                ;;
+            -h|--help)
+                shift
+                HELP="true"
+                ;;
+            --test-system)
+                shift
+                TEST_SYSTEM="true"
+                ;;
+            --date)
+                shift
+                DATE="$1"
+                shift
+                ;;
+            --libfaketime)
+                shift
+                FAKETIMELIB="$1"
+                shift
+                ;;
+            --smallset)
+                shift
+                SMALLSET="true"
+                ;;
+            --)
+                ;;
+            *)
+                ;;
+        esac
+    done
+    [ $HELP = "true" ] && usage 0
+}
+
+################################################################################
+# Create and set needed and useful environment variables
+################################################################################
+create_environment()
+{
+    # Base location of NISCC testcases
+    export NISCC_HOME=${NISCC_HOME:-/niscc}
+
+    # Base location of NSS
+    export HG=${HG:-"$HOME/niscc-hg"}
+
+    # NSS being tested
+    export LOCALDIST=${LOCALDIST:-"${HG}/nss"}
+
+    # Hacked NSS - built with "NISCC_TEST=1"
+    export NSS_HACK=${NSS_HACK:-"${HG}/nss_hack"}
+
+    # Hostname of the testmachine
+    export HOST=${HOST:-127.0.0.1}
+
+    # Whether to store logfiles
+    export LOG_STORE=${LOG_STORE:-"false"}
+
+    # Whether to mail the summary
+    export USE_MAIL=${USE_MAIL:-"false"}
+
+    # How to mail summary
+    export MAIL_COMMAND=${MAIL_COMMAND:-"mailx -S smtp=smtp://your.smtp.server:25 -r your+niscc@email.address"}
+
+    # List of mail addresses where to send summary
+    export QA_LIST=${QA_LIST:-"result@recipient.address"}
+
+    # Whether to use 64b build
+    export USE_64=${USE_64:-1}
+
+    # Directory where to write all the output data (around 650MiB for each run)
+    export TEST_OUTPUT=${TEST_OUTPUT:-"$HOME/out"}
+
+    # How many threads to use in selfserv and strsclnt (max. 10)
+    export THREADS=${THREADS:-10}
+
+    # If true, do not build tthe tested version of NSS
+    export NO_BUILD_TEST=${NO_BUILD_TEST:-"false"}
+
+    # If true, do not build the special NSS version for NISCC
+    export NO_BUILD_HACK=${NO_BUILD_HACK:-"false"}
+
+    # If true, do not rebuild client and server directories
+    export NO_SETUP=${NO_SETUP:-"false"}
+
+    # Location of NISCC SSL/TLS testcases
+    export TEST=${TEST:-"${NISCC_HOME}/NISCC_SSL_testcases"}
+
+    # If true, then be extra verbose
+    export VERBOSE=${VERBOSE:-""}
+
+    # If true, test the system installed NSS
+    export TEST_SYSTEM=${TEST_SYSTEM:-"false"}
+    [ "$TEST_SYSTEM" = "true" ] && export NO_BUILD_TEST="true"
+
+    [ ! -z "$VERBOSE" ] && set -xv
+
+    # Real date for naming of archives (system date must be 2002-11-18 .. 2007-11-18 due to certificate validity
+    DATE=${DATE:-`date`}
+    export DATE=`date -d "$DATE" +%Y%m%d`
+
+    FAKETIMELIB=${FAKETIMELIB:-""}
+    export DATE=`date -d "$DATE" +%Y%m%d`
+
+    # Whether to test only a very small subset
+    export SMALLSET=${SMALLSET:-"false"}
+
+    # Create output dir if it doesn't exist
+    mkdir -p ${TEST_OUTPUT}
+}
+
+################################################################################
+# Do a HG pull of NSS
+################################################################################
+hg_pull()
+{
+    # Tested NSS - by default using HG default tip
+    if [ "$NO_BUILD_TEST" = "false" ]; then
+        echo "cloning NSS sources to be tested from HG"
+        [ ! -d "$LOCALDIST" ] && mkdir -p "$LOCALDIST"
+        cd "$LOCALDIST"
+        [ ! -d "$LOCALDIST/nspr" ] && hg clone --noupdate https://hg.mozilla.org/projects/nspr
+        cd nspr; hg pull; hg update -C -r default; cd ..
+        [ ! -d "$LOCALDIST/nss" ] && hg clone --noupdate https://hg.mozilla.org/projects/nss
+        cd nss; hg pull; hg update -C -r default; cd ..
+        #find . -exec touch {} \;
+    fi
+
+    # Hacked NSS - by default using some RTM version.
+    # Do not use HEAD for hacked NSS - it needs to be stable and bug-free
+    if [ "$NO_BUILD_HACK" = "false" ]; then
+        echo "cloning NSS sources for a hacked build from HG"
+        [ ! -d "$NSS_HACK" ] && mkdir -p "$NSS_HACK"
+        cd "$NSS_HACK"
+        NSPR_TAG=`curl --silent http://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/nsprpub/TAG-INFO | head -1 | sed --regexp-extended 's/[[:space:]]//g' | awk '{print $1}'`
+        NSS_TAG=`curl --silent http://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/TAG-INFO | head -1 | sed --regexp-extended 's/[[:space:]]//g' | awk '{print $1}'`
+        [ ! -d "$NSS_HACK/nspr" ] && hg clone --noupdate https://hg.mozilla.org/projects/nspr
+        cd nspr; hg pull; hg update -C -r "$NSPR_TAG"; cd ..
+        [ ! -d "$NSS_HACK/nss" ] && hg clone --noupdate https://hg.mozilla.org/projects/nss
+        cd nss; hg pull; hg update -C -r "$NSS_TAG"; cd ..
+        #find . -exec touch {} \;
+    fi
+}
+
+################################################################################
+# Build NSS after setting make variable NISCC_TEST
+################################################################################
+build_NSS()
+{
+    # Tested NSS
+    if [ "$NO_BUILD_TEST" = "false" ]; then
+        echo "building NSS to be tested"
+        cd "$LOCALDIST"
+        unset NISCC_TEST
+        cd nss
+        gmake nss_clean_all &>> $TEST_OUTPUT/nisccBuildLog
+        gmake nss_build_all &>> $TEST_OUTPUT/nisccBuildLog
+    fi
+
+    # Hacked NSS
+    if [ "$NO_BUILD_HACK" = "false" ]; then
+        echo "building hacked NSS"
+        cd "$NSS_HACK"
+        export NISCC_TEST=1
+        cd nss
+        gmake nss_clean_all &>> $TEST_OUTPUT/nisccBuildLogHack
+        gmake nss_build_all &>> $TEST_OUTPUT/nisccBuildLogHack
+    fi
+
+    unset NISCC_TEST
+}
+
+################################################################################
+# Set build dir, bin and lib directories
+################################################################################
+init()
+{
+    # Enable useful core files to be generated in case of crash
+    ulimit -c unlimited
+
+    # Pattern of core files, they should be created in current directory
+    echo "core_pattern $(cat /proc/sys/kernel/core_pattern)" > "$TEST_OUTPUT/nisccLog00"
+
+    # gmake is needed in the path for this suite to run
+    echo "PATH $PATH" >> "$TEST_OUTPUT/nisccLog00"
+
+    # Find out hacked NSS version
+    DISTTYPE=`cd "$NSS_HACK/nss/tests/common"; gmake objdir_name`
+    echo "NSS_HACK DISTTYPE $DISTTYPE" >> "$TEST_OUTPUT/nisccLog00"
+    export HACKBIN="$NSS_HACK/dist/$DISTTYPE/bin"
+    export HACKLIB="$NSS_HACK/dist/$DISTTYPE/lib"
+
+    if [ "$TEST_SYSTEM" = "false" ]; then
+        # Find out nss version
+        DISTTYPE=`cd "$LOCALDIST/nss/tests/common"; gmake objdir_name`
+        echo "NSS DISTTYPE $DISTTYPE" >> "$TEST_OUTPUT/nisccLog00"
+        export TESTBIN="$LOCALDIST/dist/$DISTTYPE/bin"
+        export TESTLIB="$LOCALDIST/dist/$DISTTYPE/lib"
+        export TESTTOOLS="$TESTBIN"
+    else
+        # Using system installed NSS
+        echo "USING SYSTEM NSS" >> "$TEST_OUTPUT/nisccLog00"
+        export TESTBIN="/usr/bin"
+        if [ `uname -m` = "x86_64" ]; then
+            export TESTLIB="/usr/lib64"
+            export TESTTOOLS="/usr/lib64/nss/unsupported-tools"
+        else
+            export TESTLIB="/usr/lib"
+            export TESTTOOLS="/usr/lib/nss/unsupported-tools"
+        fi
+    fi
+
+    # Verify NISCC_TEST was set in the proper library
+    if strings "$HACKLIB/libssl3.so" | grep NISCC_TEST > /dev/null 2>&1; then
+        echo "$HACKLIB/libssl3.so contains NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
+    else
+        echo "$HACKLIB/libssl3.so does NOT contain NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
+    fi
+
+    if strings "$TESTLIB/libssl3.so" | grep NISCC_TEST > /dev/null 2>&1; then
+        echo "$TESTLIB/libssl3.so contains NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
+    else
+        echo "$TESTLIB/libssl3.so does NOT contain NISCC_TEST" >> "$TEST_OUTPUT/nisccLog00"
+    fi
+}
+
+################################################################################
+# Setup simple client and server directory
+################################################################################
+ssl_setup_dirs_simple()
+{
+    [ "$NO_SETUP" = "true" ] && return
+
+    echo "Setting up working directories for SSL simple tests"
+
+    CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client"
+    SERVER="$TEST_OUTPUT/niscc_ssl/simple_server"
+
+    # Generate .p12 files
+    openssl pkcs12 -export -inkey "$TEST/client_key.pem" -in "$TEST/client_crt.pem" -out "$TEST_OUTPUT/client_crt.p12" -passout pass:testtest1 -name "client_crt"
+    openssl pkcs12 -export -inkey "$TEST/server_key.pem" -in "$TEST/server_crt.pem" -out "$TEST_OUTPUT/server_crt.p12" -passout pass:testtest1 -name "server_crt"
+
+    # Setup simple client directory
+    rm -rf "$CLIENT"
+    mkdir -p "$CLIENT"
+    echo test > "$CLIENT/password-is-test.txt"
+    export LD_LIBRARY_PATH="$TESTLIB"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -N -d "$CLIENT" -f "$CLIENT/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -A -d "$CLIENT" -n rootca -i "$TEST/rootca.crt" -t "C,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/client_crt.p12" -d "$CLIENT" -k "$CLIENT/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -L -d "$CLIENT" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+
+    # File containg message used for terminating the server
+    echo "GET /stop HTTP/1.0" > "$CLIENT/stop.txt"
+    echo ""                  >> "$CLIENT/stop.txt"
+
+    # Setup simple server directory
+    rm -rf "$SERVER"
+    mkdir -p "$SERVER"
+    echo test > "$SERVER/password-is-test.txt"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -N -d "$SERVER" -f "$SERVER/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -A -d "$SERVER" -n rootca -i "$TEST/rootca.crt" -t "TC,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/server_crt.p12" -d "$SERVER" -k "$SERVER/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -L -d "$SERVER" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+
+    unset LD_LIBRARY_PATH
+}
+
+################################################################################
+# Setup resigned client and server directory
+################################################################################
+ssl_setup_dirs_resigned()
+{
+    [ "$NO_SETUP" = "true" ] && return
+
+    echo "Setting up working directories for SSL resigned tests"
+
+    CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client"
+    SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server"
+
+    # Setup resigned client directory
+    rm -rf "$CLIENT"
+    mkdir -p "$CLIENT"
+    echo test > "$CLIENT/password-is-test.txt"
+    export LD_LIBRARY_PATH="$TESTLIB"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -N -d "$CLIENT" -f "$CLIENT/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -A -d "$CLIENT" -n rootca -i "$TEST/rootca.crt" -t "C,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/client_crt.p12" -d "$CLIENT" -k "$CLIENT/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -L -d "$CLIENT" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+
+    echo "GET /stop HTTP/1.0" > "$CLIENT/stop.txt"
+    echo ""                  >> "$CLIENT/stop.txt"
+
+    # Setup resigned server directory
+    rm -rf "$SERVER"
+    mkdir -p "$SERVER"
+    echo test > "$SERVER/password-is-test.txt"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -N -d "$SERVER" -f "$SERVER/password-is-test.txt" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -A -d "$SERVER" -n rootca -i "$TEST/rootca.crt" -t "TC,C," >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/pk12util" -i "$TEST_OUTPUT/server_crt.p12" -d "$SERVER" -k "$SERVER/password-is-test.txt" -W testtest1 >> "$TEST_OUTPUT/nisccLog00" 2>&1
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/certutil" -L -d "$SERVER" >> "$TEST_OUTPUT/nisccLog00" 2>&1
+
+    unset LD_LIBRARY_PATH
+}
+
+################################################################################
+# NISCC SMIME tests
+################################################################################
+niscc_smime()
+{
+    cd "$TEST_OUTPUT"
+    DATA="$NISCC_HOME/NISCC_SMIME_testcases"
+
+    [ ! -d niscc_smime ] && mkdir -p niscc_smime
+
+    export SMIME_CERT_DB_DIR=envDB
+    export NSS_STRICT_SHUTDOWN=1
+    export NSS_DISABLE_ARENA_FREE_LIST=1
+    export LD_LIBRARY_PATH="$TESTLIB"
+
+    # Generate .p12 files
+    openssl pkcs12 -export -inkey "$DATA/Client.key" -in "$DATA/Client.crt" -out Client.p12 -passout pass:testtest1 &>/dev/null
+    openssl pkcs12 -export -inkey "$DATA/CA.key" -in "$DATA/CA.crt" -out CA.p12 -passout pass:testtest1 &>/dev/null
+
+    # Generate envDB if needed
+    if [ ! -d "$SMIME_CERT_DB_DIR" ]; then
+        mkdir -p "$SMIME_CERT_DB_DIR"
+        echo testtest1 > password-is-testtest1.txt
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/certutil" -N -d "./$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt > /dev/null 2>&1
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt -i "$DATA/CA.crt" -n CA -t "TC,C,"
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt -i "$DATA/Client.crt" -n Client -t "TC,C,"
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/pk12util" -i ./CA.p12 -d "$SMIME_CERT_DB_DIR" -k password-is-testtest1.txt -W testtest1
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/pk12util" -i ./Client.p12 -d "$SMIME_CERT_DB_DIR" -k password-is-testtest1.txt -W testtest1
+    fi
+
+    # if p7m-ed-m-files.txt does not exist, then generate it.
+    [ -f "$DATA/p7m-ed-m-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-ed-m-files.txt" > p7m-ed-m-files.txt
+    export P7M_ED_M_FILES=p7m-ed-m-files.txt
+    if [ "$SMALLSET" = "true" ]; then
+        [ ! -f "$P7M_ED_M_FILES" ] && find "$DATA"/p7m-ed-m-0* -type f -print | head -10 >> "$P7M_ED_M_FILES"
+    else
+        [ ! -f "$P7M_ED_M_FILES" ] && find "$DATA"/p7m-ed-m-0* -type f -print >> "$P7M_ED_M_FILES"
+    fi
+
+    # Test "p7m-ed-m*" testcases
+    echo "Testing SMIME enveloped data testcases"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -p testtest1 -b -i "$P7M_ED_M_FILES" > niscc_smime/p7m-ed-m-results.txt 2>&1
+
+    export SMIME_CERT_DB_DIR=sigDB
+    # Generate sigDB if needed
+    if [ ! -d "$SMIME_CERT_DB_DIR" ]; then
+        mkdir -p "$SMIME_CERT_DB_DIR"
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/certutil" -N -d "$SMIME_CERT_DB_DIR" -f password-is-testtest1.txt
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -i "$DATA/CA.crt" -n CA -t "TC,C,"
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTBIN}/certutil" -A -d "$SMIME_CERT_DB_DIR" -i "$DATA/Client.crt" -n Client -t "TC,C,"
+    fi
+
+    # if p7m-sd-dt-files.txt does not exist, then generate it.
+    [ -f "$DATA/p7m-sd-dt-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-sd-dt-files.txt" > p7m-sd-dt-files.txt
+    export P7M_SD_DT_FILES=p7m-sd-dt-files.txt
+    if [ "$SMALLSET" = "true" ]; then
+        [ ! -f "$P7M_SD_DT_FILES" ] && find "$DATA"/p7m-sd-dt-[cm]-* -type f -print | head -10 >> "$P7M_SD_DT_FILES"
+    else
+        [ ! -f "$P7M_SD_DT_FILES" ] && find "$DATA"/p7m-sd-dt-[cm]-* -type f -print >> "$P7M_SD_DT_FILES"
+    fi
+
+    [ ! -f detached.txt ] && touch detached.txt
+
+    # Test "p7m-sd-dt*" testcases
+    echo "Testing SMIME detached signed data testcases"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -c detached.txt -b -i "$P7M_SD_DT_FILES" > niscc_smime/p7m-sd-dt-results.txt 2>&1
+
+    # if p7m-sd-op-files.txt does not exist, then generate it.
+    [ -f "$DATA/p7m-sd-op-files.txt" ] && sed "s|^|$DATA/|" "$DATA/p7m-sd-op-files.txt" > p7m-sd-op-files.txt
+    export P7M_SD_OP_FILES=p7m-sd-op-files.txt
+    if [ "$SMALLSET" = "true" ]; then
+        [ ! -f "$P7M_SD_OP_FILES" ] && find "$DATA"/p7m-sd-op-[cm]-* -type f -print | head -10 >> "$P7M_SD_OP_FILES"
+    else
+        [ ! -f "$P7M_SD_OP_FILES" ] && find "$DATA"/p7m-sd-op-[cm]-* -type f -print >> "$P7M_SD_OP_FILES"
+    fi
+
+    # Test "p7m-sd-op*" testcases
+    echo "Testing SMIME opaque signed data testcases"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTBIN}/cmsutil" $VERBOSE -D -d "$SMIME_CERT_DB_DIR" -b -i "$P7M_SD_OP_FILES" > niscc_smime/p7m-sd-op-results.txt 2>&1
+
+    unset LD_LIBRARY_PATH
+}
+
+################################################################################
+# Set env variables for NISCC SSL tests
+################################################################################
+niscc_ssl_init()
+{
+    export NSS_STRICT_SHUTDOWN=1
+    export NSS_DISABLE_ARENA_FREE_LIST=1
+    cd "$TEST_OUTPUT"
+}
+
+force_crash()
+{
+    echo "int main(int argc, char *argv[]) { int *i; i = (int*)(void*)1; *i = 1; }" > "$TEST_OUTPUT/crashme.c"
+    gcc -g -o "$TEST_OUTPUT/crashme" "$TEST_OUTPUT/crashme.c"
+    "$TEST_OUTPUT/crashme"
+}
+
+################################################################################
+# Do simple client auth tests
+# Use an altered client against the server
+################################################################################
+ssl_simple_client_auth()
+{
+    echo "Testing SSL simple client auth testcases"
+    export CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client"
+    export SERVER="$TEST_OUTPUT/niscc_ssl/simple_server"
+    export PORT=8443
+    export START_AT=1
+    if [ "$SMALLSET" = "true" ]; then
+        export STOP_AT=10
+    else
+        export STOP_AT=106160
+    fi
+    unset NISCC_TEST
+    export LD_LIBRARY_PATH="$TESTLIB"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTTOOLS}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -rr -t $THREADS -w test > "$TEST_OUTPUT/nisccLog01" 2>&1 &
+
+    export NISCC_TEST="$TEST/simple_client"
+    export LD_LIBRARY_PATH="$HACKLIB"
+
+    for START in `seq $START_AT $THREADS $STOP_AT`; do
+        START_AT=$START \
+        STOP_AT=$(($START+$THREADS)) \
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${HACKBIN}/strsclnt" $VERBOSE -d "$CLIENT" -n client_crt -p $PORT -t $THREADS -c $THREADS -o -N -w test $HOST >> "$TEST_OUTPUT/nisccLog02" 2>&1
+    done
+
+    unset NISCC_TEST
+    echo "starting tstclnt to shutdown simple client selfserv process"
+    for i in `seq 5`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${HACKBIN}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog02" 2>&1
+    done
+
+    unset LD_LIBRARY_PATH
+
+    sleep 1
+}
+
+################################################################################
+# Do simple server auth tests
+# Use an altered server against the client
+################################################################################
+ssl_simple_server_auth()
+{
+    echo "Testing SSL simple server auth testcases"
+    export CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client"
+    export SERVER="$TEST_OUTPUT/niscc_ssl/simple_server"
+    export PORT=8444
+    export START_AT=00000001
+    if [ "$SMALLSET" = "true" ]; then
+        export STOP_AT=00000010
+    else
+        export STOP_AT=00106167
+    fi
+    export LD_LIBRARY_PATH="$HACKLIB"
+    export NISCC_TEST="$TEST/simple_server"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog03" 2>&1 &
+
+    unset NISCC_TEST
+    export LD_LIBRARY_PATH="$TESTLIB"
+    for START in `seq $START_AT $THREADS $STOP_AT`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog04" 2>&1
+    done
+
+    echo "starting tstclnt to shutdown simple server selfserv process"
+    for i in `seq 5`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog04" 2>&1
+    done
+
+    unset LD_LIBRARY_PATH
+
+    sleep 1
+}
+
+################################################################################
+# Do simple rootCA tests
+# Use an altered server against the client
+################################################################################
+ssl_simple_rootca()
+{
+    echo "Testing SSL simple rootCA testcases"
+    export CLIENT="$TEST_OUTPUT/niscc_ssl/simple_client"
+    export SERVER="$TEST_OUTPUT/niscc_ssl/simple_server"
+    export PORT=8445
+    export START_AT=1
+    if [ "$SMALLSET" = "true" ]; then
+        export STOP_AT=10
+    else
+        export STOP_AT=106190
+    fi
+    export LD_LIBRARY_PATH="$HACKLIB"
+    export NISCC_TEST="$TEST/simple_rootca"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog05" 2>&1 &
+
+    unset NISCC_TEST
+    export LD_LIBRARY_PATH="$TESTLIB"
+    for START in `seq $START_AT $THREADS $STOP_AT`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog06" 2>&1
+    done
+
+    echo "starting tstclnt to shutdown simple rootca selfserv process"
+    for i in `seq 5`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog06" 2>&1
+    done
+
+    unset LD_LIBRARY_PATH
+
+    sleep 1
+}
+
+################################################################################
+# Do resigned client auth tests
+# Use an altered client against the server
+################################################################################
+ssl_resigned_client_auth()
+{
+    echo "Testing SSL resigned client auth testcases"
+    export CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client"
+    export SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server"
+    export PORT=8446
+    export START_AT=0
+    if [ "$SMALLSET" = "true" ]; then
+        export STOP_AT=9
+    else
+        export STOP_AT=99981
+    fi
+    unset NISCC_TEST
+    export LD_LIBRARY_PATH="$TESTLIB"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${TESTTOOLS}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -rr -t $THREADS -w test > "$TEST_OUTPUT/nisccLog07" 2>&1 &
+
+    export NISCC_TEST="$TEST/resigned_client"
+    export LD_LIBRARY_PATH="$HACKLIB"
+
+    for START in `seq $START_AT $THREADS $STOP_AT`; do
+        START_AT=$START \
+        STOP_AT=$(($START+$THREADS)) \
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${HACKBIN}/strsclnt" $VERBOSE -d "$CLIENT" -n client_crt -p $PORT -t $THREADS -c $THREADS -o -N -w test $HOST >> "$TEST_OUTPUT/nisccLog08" 2>&1
+    done
+
+    unset NISCC_TEST
+    echo "starting tstclnt to shutdown resigned client selfserv process"
+    for i in `seq 5`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${HACKBIN}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog08" 2>&1
+    done
+
+    unset LD_LIBRARY_PATH
+
+    sleep 1
+}
+
+################################################################################
+# Do resigned server auth tests
+# Use an altered server against the client
+################################################################################
+ssl_resigned_server_auth()
+{
+    echo "Testing SSL resigned server auth testcases"
+    export CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client"
+    export SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server"
+    export PORT=8447
+    export START_AT=0
+    if [ "$SMALLSET" = "true" ]; then
+        export STOP_AT=9
+    else
+        export STOP_AT=100068
+    fi
+    export LD_LIBRARY_PATH="$HACKLIB"
+    export NISCC_TEST="$TEST/resigned_server"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog09" 2>&1 &
+
+    unset NISCC_TEST
+    export LD_LIBRARY_PATH="$TESTLIB"
+    for START in `seq $START_AT $THREADS $STOP_AT`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog10" 2>&1
+    done
+
+    echo "starting tstclnt to shutdown resigned server selfserv process"
+    for i in `seq 5`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog10" 2>&1
+    done
+
+    unset LD_LIBRARY_PATH
+
+    sleep 1
+}
+
+################################################################################
+# Do resigned rootCA tests
+# Use an altered server against the client
+################################################################################
+ssl_resigned_rootca()
+{
+    echo "Testing SSL resigned rootCA testcases"
+    export CLIENT="$TEST_OUTPUT/niscc_ssl/resigned_client"
+    export SERVER="$TEST_OUTPUT/niscc_ssl/resigned_server"
+    export PORT=8448
+    export START_AT=0
+    if [ "$SMALLSET" = "true" ]; then
+        export STOP_AT=9
+    else
+        export STOP_AT=99959
+    fi
+    export LD_LIBRARY_PATH="$HACKLIB"
+    export NISCC_TEST="$TEST/resigned_rootca"
+    LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+    "${HACKBIN}/selfserv" $VERBOSE -p $PORT -d "$SERVER" -n server_crt -t $THREADS -w test > "$TEST_OUTPUT/nisccLog11" 2>&1 &
+
+    unset NISCC_TEST
+    export LD_LIBRARY_PATH="$TESTLIB"
+    for START in `seq $START_AT $THREADS $STOP_AT`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/strsclnt" $VERBOSE -d "$CLIENT" -p $PORT -t $THREADS -c $THREADS -o -N $HOST >> "$TEST_OUTPUT/nisccLog12" 2>&1
+    done
+
+    echo "starting tstclnt to shutdown resigned rootca selfserv process"
+    for i in `seq 5`; do
+        LD_PRELOAD=${FAKETIMELIB} NO_FAKE_STAT=1 FAKETIME="@2004-03-29 14:14:14" \
+        "${TESTTOOLS}/tstclnt" -h $HOST -p $PORT -d "$CLIENT" -n client_crt -o -f -w test < "$CLIENT/stop.txt" >> "$TEST_OUTPUT/nisccLog12" 2>&1
+    done
+
+    unset LD_LIBRARY_PATH
+
+    sleep 1
+}
+
+################################################################################
+# Email the test logfile, and if core found, notify of failure
+################################################################################
+mail_testLog()
+{
+    pushd "$TEST_OUTPUT"
+
+    # remove mozilla nss build false positives and core stored in previous runs
+    find . -name "core*" -print | grep -v coreconf | grep -v core_watch | grep -v archive >> crashLog
+    export SIZE=`cat crashLog | wc -l`
+
+    [ "$USE_MAIL" = "false" ] && return
+
+    # mail text
+    MT=mailText
+    rm -f $MT
+
+    if [ "$SIZE" -ne 1 ]; then
+        echo "### FAILED ###" >> $MT
+        echo "### Exactly one crash is expected." >> $MT
+        echo "### Zero means: crash detection is broken, fix the script!" >> $MT
+        echo "### > 1 means: robustness test failure, fix the bug! (check the logs)" >> $MT
+        cat crashLog >> nisccLogSummary
+        SUBJ="FAILED: NISCC TESTS (check file: crashLog)"
+    else
+        echo ":) PASSED :)" >> $MT
+        SUBJ="PASSED: NISCC tests"
+    fi
+
+    echo "Date used during test run: $DATE" >> $MT
+
+    echo "Count of lines in files:" >> $MT
+    wc -l crashLog nisccBuildLog nisccBuildLogHack nisccLog[0-9]* p7m-* |grep -vw total >> $MT
+    NUM=`cat nisccLog0[123456789] nisccLog1[12] | egrep -ic "success/passed"`
+    echo "Number of times the SSL tests reported success/passed (low expected): $NUM" >> $MT
+    NUM=`cat nisccLog0[123456789] nisccLog1[12] | egrep -ic "problem|failed|error"`
+    echo "Number of times the SSL tests reported problem/failed/error (high expected): $NUM" >> $MT
+    NUM=`cat niscc_smime/p7m*results.txt | egrep -ic "success/passed"`
+    echo "Number of times the S/MIME tests reported success/passed (low expected): $NUM" >> $MT
+    NUM=`cat niscc_smime/p7m*results.txt | egrep -ic "problem|failed|error"`
+    echo "Number of times the S/MIME tests reported problem/failed/error (high expected): $NUM" >> $MT
+    echo "==== tail of nisccBuildLog ====" >> $MT
+    tail -20 nisccBuildLog >> $MT
+    echo "===============================" >> $MT
+    echo "==== tail of nisccBuildLogHack ====" >> $MT
+    tail -20 nisccBuildLogHack >> $MT
+    echo "===================================" >> $MT
+
+    #NUM=``
+    #echo "Number of : $NUM" >> $MT
+
+    cat $MT | $MAIL_COMMAND -s "$SUBJ" $QA_LIST
+
+    popd
+}
+
+################################################################################
+# Summarize all logs
+################################################################################
+log_summary()
+{
+    echo "Summarizing all logs"
+    # Move old logs
+    [ -f "$TEST_OUTPUT/nisccLogSummary" ] && mv nisccLogSummary nisccLogSummary.old
+    [ -f "$TEST_OUTPUT/crashLog" ] && mv crashLog crashLog.old
+
+    for a in $TEST_OUTPUT/nisccLog[0-9]*; do
+        echo ================================== "$a"
+        grep -v using "$a" | sort | uniq -c | sort -b -n +0 -1
+    done > $TEST_OUTPUT/nisccLogSummary
+
+    for a in $TEST_OUTPUT/niscc_smime/p7m-*-results.txt; do
+        echo ================================== "$a"
+        grep -v using "$a" | sort | uniq -c | sort -b -n +0 -1
+    done >> $TEST_OUTPUT/nisccLogSummary
+}
+
+################################################################################
+# Process core files
+################################################################################
+core_process()
+{
+    echo "Processing core files"
+    cd "$TEST_OUTPUT"
+
+    for CORE in `cat crashLog`; do
+        FILE=`file "$CORE" | sed "s/.* from '//" | sed "s/'.*//"`
+        BINARY=`strings "$CORE" | grep "^${FILE}" | tail -1`
+        gdb "$BINARY" "$CORE" << EOF_GDB > "$CORE.details"
+where
+quit
+EOF_GDB
+    done
+}
+
+################################################################################
+# Move the old log files to save them, delete extra log files
+################################################################################
+move_files()
+{
+    echo "Moving and deleting log files"
+    cd "$TEST_OUTPUT"
+
+    rm -rf TRASH
+    mkdir TRASH
+
+    if [ "$LOG_STORE" = "true" ]; then
+        BRANCH=`echo $LOCALDIST | sed "s:.*/\(security.*\)/builds/.*:\1:"`
+        if [ "$BRANCH" = "$LOCALDIST" ]; then
+            ARCHIVE="$TEST_OUTPUT/archive"
+        else
+            ARCHIVE="$TEST_OUTPUT/archive/$BRANCH"
+        fi
+
+        # Check for archive directory
+        if [ ! -d "$ARCHIVE" ]; then
+            mkdir -p "$ARCHIVE"
+        fi
+
+        # Determine next log storage point
+        slot=`ls -1 "$ARCHIVE" | grep $DATE | wc -l`
+        slot=`expr $slot + 1`
+        location="$ARCHIVE/$DATE.$slot"
+        mkdir -p "$location"
+
+        # Archive the logs
+        mv nisccBuildLog "$location" 2> /dev/null
+        mv nisccBuildLogHack "$location" 2> /dev/null
+        mv nisccLogSummary "$location"
+        mv nisccLog* "$location"
+        mv niscc_smime/p7m-ed-m-results.txt "$location"
+        mv niscc_smime/p7m-sd-dt-results.txt "$location"
+        mv niscc_smime/p7m-sd-op-results.txt "$location"
+
+        # Archive any core files produced
+        for core in `cat "$TEST_OUTPUT/crashLog"`; do
+            mv "$core" "$location"
+            mv "$core.details" "$location"
+        done
+        mv crashLog "$location"
+    else
+        # Logs not stored => summaries, crashlog and corefiles not moved, other logs deleted
+        mv nisccLog00 nisccLog01 nisccLog02 nisccLog03 nisccLog04 nisccLog05 nisccLog06 nisccLog07 nisccLog08 nisccLog09 nisccLog10 nisccLog11 nisccLog12 TRASH/
+        mv niscc_smime/p7m-ed-m-results.txt niscc_smime/p7m-sd-dt-results.txt niscc_smime/p7m-sd-op-results.txt TRASH/
+    fi
+    mv envDB sigDB niscc_smime niscc_ssl TRASH/
+    mv CA.p12 Client.p12 client_crt.p12 server_crt.p12 TRASH/
+    mv p7m-ed-m-files.txt p7m-sd-dt-files.txt p7m-sd-op-files.txt password-is-testtest1.txt detached.txt TRASH/
+    mv crashme.c crashme TRASH/
+}
+
+################################################################################
+# Main
+################################################################################
+process_args $*
+create_environment
+hg_pull
+build_NSS
+init
+niscc_smime
+niscc_ssl_init
+force_crash
+ssl_setup_dirs_simple
+    ssl_simple_client_auth
+    ssl_simple_server_auth
+    ssl_simple_rootca
+ssl_setup_dirs_resigned
+    ssl_resigned_client_auth
+    ssl_resigned_server_auth
+    ssl_resigned_rootca
+# no idea what these commented-out lines are supposed to be!
+#ssl_setup_dirs_update
+#    ssl_update_server_auth der
+#    ssl_update_client_auth der
+#    ssl_update_server_auth resigned-der
+#    ssl_update_client_auth resigned-der
+log_summary
+mail_testLog
+core_process
+move_files
+exit $SIZE
diff --git a/nss/tests/sdr/sdr.sh b/nss/tests/sdr/sdr.sh
new file mode 100755
index 0000000..f846e92
--- /dev/null
+++ b/nss/tests/sdr/sdr.sh
@@ -0,0 +1,111 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/sdr/sdr.sh
+#
+# Script to start test basic functionallity of NSS sdr
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## sdr_init ################################
+# local shell function to initialize this script
+########################################################################
+sdr_init()
+{
+  SCRIPTNAME=sdr.sh
+  if [ -z "${CLEANUP}" ] ; then
+      CLEANUP="${SCRIPTNAME}"
+  fi
+  
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  SCRIPTNAME=sdr.sh
+
+  #temporary files
+  VALUE1=$HOSTDIR/tests.v1.$$
+  VALUE2=$HOSTDIR/tests.v2.$$
+  VALUE3=$HOSTDIR/tests.v3.$$
+
+  T1="Test1"
+  T2="The quick brown fox jumped over the lazy dog"
+  T3="1234567"
+
+  SDRDIR=${HOSTDIR}/SDR
+  D_SDR="SDR.$version"
+  if [ ! -d ${SDRDIR} ]; then
+    mkdir -p ${SDRDIR}
+  fi
+
+  PROFILE=.
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+     PROFILE="multiaccess:${D_SDR}"
+  fi
+
+  cd ${SDRDIR}
+  html_head "SDR Tests"
+}
+
+############################## sdr_main ################################
+# local shell function to test NSS SDR
+########################################################################
+sdr_main()
+{
+  echo "$SCRIPTNAME: Creating an SDR key/SDR Encrypt - Value 1"
+  echo "sdrtest -d ${PROFILE} -o ${VALUE1} -t \"${T1}\""
+  ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE1} -t "${T1}"
+  html_msg $? 0 "Creating SDR Key/Encrypt - Value 1"
+
+  echo "$SCRIPTNAME: SDR Encrypt - Value 2"
+  echo "sdrtest -d ${PROFILE} -o ${VALUE2} -t \"${T2}\""
+  ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE2} -t "${T2}"
+  html_msg $? 0 "Encrypt - Value 2"
+
+  echo "$SCRIPTNAME: SDR Encrypt - Value 3"
+  echo "sdrtest -d ${PROFILE} -o ${VALUE3} -t \"${T3}\""
+  ${BINDIR}/sdrtest -d ${PROFILE} -o ${VALUE3} -t "${T3}"
+  html_msg $? 0 "Encrypt - Value 3"
+
+  echo "$SCRIPTNAME: SDR Decrypt - Value 1"
+  echo "sdrtest -d ${PROFILE} -i ${VALUE1} -t \"${T1}\""
+  ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE1} -t "${T1}"
+  html_msg $? 0 "Decrypt - Value 1"
+
+  echo "$SCRIPTNAME: SDR Decrypt - Value 2"
+  echo "sdrtest -d ${PROFILE} -i ${VALUE2} -t \"${T2}\""
+  ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE2} -t "${T2}"
+  html_msg $? 0 "Decrypt - Value 2"
+
+  echo "$SCRIPTNAME: SDR Decrypt - Value 3"
+  echo "sdrtest -d ${PROFILE} -i ${VALUE3} -t \"${T3}\""
+  ${BINDIR}/sdrtest -d ${PROFILE} -i ${VALUE3} -t "${T3}"
+  html_msg $? 0 "Decrypt - Value 3"
+}
+
+############################## sdr_cleanup #############################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+sdr_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+sdr_init
+sdr_main
+sdr_cleanup
diff --git a/nss/tests/set_environment b/nss/tests/set_environment
new file mode 100644
index 0000000..5a3515c
--- /dev/null
+++ b/nss/tests/set_environment
@@ -0,0 +1,234 @@
+#! /bin/sh
+
+########################################################################
+#
+# /u/sonmi/bin/set_environment
+#
+# sourced from the header if running from cron to get the full environment
+# to run nssqa    - also used to unify all nssqa environments
+#
+# This is derived from the .cshrc file for the svbld account.  
+#
+########################################################################
+
+if [ -z "$HOME" ] 
+then
+    HOME=/u/svbld
+fi
+if [ -z "$QASCRIPT_DIR" ]
+then
+    QASCRIPT_DIR=`dirname $0`
+fi
+
+os_name=`uname -s`
+if [ "$os_name" != "Windows_95" -a \
+    "$os_name" != "Windows_NT" -a \
+    "$os_name" != "WINNT" -a \
+    "$os_name" != "Windows" -a \
+    "$os_name" != "Windows_98" -a \
+    "$os_name" != "CYGWIN_NT-4.0" -a \
+    "$os_name" != "CYGWIN_NT-5.0" -a \
+    "$os_name" != "CYGWIN_95-4.0" -a \
+    "$os_name" != "CYGWIN_98-4.10" ]
+then
+    PATH=.:$HOME/bin:/tools/ns/bin:/bin:/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/dist/local/exe:/usr/bin/X11:/usr/audio/bin:/u/sonmi/bin:$PATH
+    JAVA_HOME="D:/i386/jdk1.2.2"
+    JAVA_HOME14="R:/jdk/1.4.0/WINNT"
+fi
+
+CVSROOT=:pserver:svbld@redcvs.red.iplanet.com:/m/src
+
+os_name=`uname -s`
+os_version=`uname -r`
+#os_p=`uname -p`
+os_full=""
+
+if [ -f /u/svbld/bin/nsarch  ]
+then
+    os_full=`/u/svbld/bin/nsarch -f`    #FIXME
+fi
+
+MANPATH=/usr/share/man:/usr/openwin/man:/usr/local/man
+
+RMAIL=rmail
+BEFORE_CONTEXT_GREP=""
+AFTER_CONTEXT_GREP=""
+
+export CVSROOT HOME os_name os_version os_full MANPATH
+
+
+if [ "$os_name" = "HP-UX" ]
+then
+    PATH=$PATH:/usr/local/bin:/opt/aCC/bin:/usr/local/bin/audio:/tools/ns/bin:/etc:/usr/contrib/bin:/usr/contrib/bin/X11:/usr/local/hpux/bin:/nfs/iapp1/hphome/bin:/etc:/u/svbld/bin/HP/perl/bin
+    JAVA_HOME="/share/builds/components/cms_jdk/HP-UX/1.2.2.04"
+    JAVA_HOME14=$JAVA_HOME
+#    JAVA_HOME="/share/builds/components/cms_jdk/HP-UX/1.3.0.00"
+elif [ "$os_name" = "SunOS" ]
+then
+    NATIVE_FLAG="-native"
+    XAPPLRESDIR=/usr/openwin/lib/app-defaults:/usr/local/lib/X11/app-defaults
+    OPENWINHOME=/usr/openwin
+    LD_LIBRARY_PATH=$OPENWINHOME/lib
+    if [ "$os_full" = "SOLARISx86 2.8" -o "$os_full" = "SOLARISx86 2.9" ] 
+    then
+        #PATH=/usr/ucb:/opt/usr/local/bin:$PATH
+        JAVA_HOME="/usr/java1.2"
+	JAVA_HOME14=/share/builds/components/jdk/1.4.0/SunOS_x86
+        PATH=".:/usr/dist/share/forte_dev_i386,v6.2/SUNWspro/bin:/opt/usr/local/perl5/bin:/opt/SUNWspro/bin:/opt/usr/local/bin:/bin:/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/dist/local/exe:/usr/ccs/bin:/usr/ucb/bin:/usr/ucb:/opt/SUNWwabi/bin:/usr/local/bin:/tools/ns/bin:/etc:/tools/contrib/bin"
+    else
+        PATH=/usr/ucb:$PATH
+        JAVA_HOME="/share/builds/components/jdk/1.2.2/SunOS"
+	JAVA_HOME14=/share/builds/components/jdk/1.4.0/SunOS64
+        PATH=/tools/ns/bin:$PATH:/opt/SUNWspro/bin:/usr/bin/X11:/usr/openwin/bin:/usr/openwin/demo
+    
+        if [ "$os_version" = "5.8" -o "$os_version" = "5.7" -o \
+             "$os_version" = "5.9" ]
+        then
+            PATH=$PATH:/usr/dist/pkgs/forte_dev,v6.2/SUNWspro/bin:/tools/ns/workshop/bin
+        else
+            PATH=$PATH:/usr/dist/share/devpro,v5.0/5.x-sparc/bin:/tools/ns/workshop/bin
+        fi
+        PATH=$PATH:/usr/ccs/bin:/usr/ucb/bin:/opt/SUNWwabi/bin:/usr/local/bin:/tools/ns/bin:/etc:/tools/contrib/bin
+     fi
+    export XAPPLRESDIR  OPENWINHOME LD_LIBRARY_PATH
+
+elif [ "$os_name" = "IRIX" ]
+then
+    PATH=$PATH:/tools/ns/bin:/usr/local/bin:/etc:/usr/bsd
+    MANPATH=/tools/ns/man:/usr/local/man
+    JAVA_HOME="/share/builds/components/jdk/1.2.2/IRIX"
+    JAVA_HOME14=$JAVA_HOME
+elif [ "$os_name" = "IRIX64" ]
+then
+    PATH=$PATH:/tools/ns/bin:/usr/local/bin:/etc:/usr/bsd
+    MANPATH=/tools/ns/man:/usr/local/man
+    JAVA_HOME="/share/builds/components/jdk/1.2.2/IRIX"
+    JAVA_HOME14=$JAVA_HOME
+elif [ "$os_name" = "Linux" ]
+then
+    PATH=/lib:/usr/lib:/bin:/sbin:/usr/bin:/usr/sbin:$PATH
+    RMAIL=sendmail
+    #the gnu grep, on Linux can output 10 lines above and 3 lines below 
+    #the errormessage
+    BEFORE_CONTEXT_GREP="--before-context=10"
+    AFTER_CONTEXT_GREP="--after-context=3"
+    JAVA_HOME="/share/builds/components/jdk/1.2.2/Linux"
+    JAVA_HOME14=/share/builds/components/jdk/1.4.0/Linux
+elif [ "$os_name" = "AIX" ]
+then
+    PATH=$PATH:/tools/contrib/bin:/usr/local/bin 
+    TERM=vt100
+    export TERM
+    JAVA_HOME="/share/builds/components/cms_jdk/AIX/1.3.0"
+    JAVA_HOME14=$JAVA_HOME
+elif [ "$os_name" = "OSF1" ]
+then
+    PATH=$PATH:/usr/local/bin
+    JAVA_HOME="/share/builds/components/jdk/1.2.2/OSF1"
+    JAVA_HOME14=$JAVA_HOME
+fi
+
+if [ "$os_name" = "IRIX" ]
+then
+    PATH=/tools/ns-arch/soft/perl-5.004_04/run/default/mips_sgi_irix5.3/bin:$PATH
+elif [ "$os_name" = "IRIX64" ]
+then
+    PATH=/tools/ns-arch/soft/perl-5.004_04/run/default/mips_sgi_irix5.3/bin:$PATH
+fi
+
+O_CYGNUS=OFF
+O_MKS=OFF
+O_WIN=OFF
+
+if [ "$os_name" = "CYGWIN_NT-4.0" -o \
+    "$os_name" = "CYGWIN_NT-5.0" -o \
+    "$os_name" = "CYGWIN_95-4.0" -o \
+    "$os_name" = "CYGWIN_98-4.10" ]
+then
+    #FIXME net use, mount the neccessary pnetwork drives and partitiones first
+    #FIXME - take MKS out of the PATH
+    os_full=$os_name
+    os_name="Windows"
+    O_CYGNUS=ON
+    O_WIN=ON
+    PATH="`dirname $0`:.:/cygdrive/c/cygwin/bin:/cygdrive/z/nstools/bin:/cygdrive/z/nstools/perl5:/cygdrive/z/bin:/cygdrive/c/WINNT/System32:/cygdrive/c/WINNT"
+    RM=/cygdrive/c/cygwin/bin/rm.exe    #FIXME - in case we cant cporrect 
+                                        #these with the PATH alone
+    PATH=`perl $QASCRIPT_DIR/path_uniq "$PATH"`
+    RSH=/cygdrive/c/winnt/system32/rsh
+elif [ "$os_name" = "Windows_95" -o \
+    "$os_name" = "Windows_NT" -o \
+    "$os_name" = "WINNT" -o \
+    "$os_name" = "Windows" -o \
+    "$os_name" = "Windows_98" ]
+then
+    #FIXME net use, mount the neccessary pnetwork drives and partitiones first
+    PATH=`echo $SHELL | sed -e "s/.[kK][sS][Hh].[Ee][Xx][Ee]//g"  \
+				-e "s/.[sS][Hh].[Ee][Xx][Ee]//g"`
+    MOZTOOLS_IN_PATH=NO
+    if [ -n "$MOZ_TOOLS" -a -d  "$MOZ_TOOLS" ] ; then
+        MOZ_TOOLS=`ls -d "$MOZ_TOOLS" | sed -e 's/\\\/\//g'`
+        #echo "MOZ_TOOLS reformated to $MOZ_TOOLS"
+        if [ -d "$MOZ_TOOLS" ] ; then #still exist after reformating?
+            MOZTOOLS_IN_PATH=OK
+        fi
+    fi
+    if [ -n "$MOZTOOLS_IN_PATH" -a "$MOZTOOLS_IN_PATH" = "OK" ] ; then
+        #echo "Use MOZTOOLS in PATH"
+        PATH="$MOZ_TOOLS/bin;$MOZ_TOOLS/perl5;$PATH"
+    elif [ -d Z:/nstools/bin ] ; then
+        PATH="Z:/nstools/bin;Z:/nstools/perl5;$PATH"
+    elif [ -d C:/nstools/bin ] ; then
+        PATH="C:/nstools/bin;C:/nstools/perl5;$PATH"
+    elif [ -d D:/nstools/bin ] ; then
+        PATH="D:/nstools/bin;D:/nstools/perl5;$PATH"
+    elif [ -d D:/i386/nstools/bin ] ; then
+        PATH="D:/i386/nstools/bin;D:/i386/nstools/perl5;$PATH"
+    else
+        echo "FATAL: Can't find nstools"
+        exit
+    fi
+
+    if [  "$os_name" = "Windows_NT" -o \
+        "$os_name" = "WINNT" ]
+    then
+        PATH="${PATH};C:/WINNT/System32;C:/WINNT;.;"
+    fi
+    PATH="`dirname $0`;$PATH"
+    
+    PATH=`perl $QASCRIPT_DIR/path_uniq -d ';' "$PATH"`
+    echo $PATH
+    os_full=$os_name
+    os_name="Windows"
+    O_MKS=ON
+    O_WIN=ON
+    if [ -z $RSH ] ; then 
+        RSH=c:/winnt/system32/rsh
+    fi
+    
+else
+    EDITOR=vi
+    EMACSLOADPATH=/u/svbld/emacs
+    PYTHONPATH=.:/tools/ns/lib/python1.4
+    PAGER=less
+    XMCD_LIBDIR=/usr/local/lib/xmcd
+    DISPLAY=:0.0
+    PATH=`perl $QASCRIPT_DIR/path_uniq "$PATH"`
+    RSH=rsh
+fi
+
+BASEPATH=$PATH    # in  case we we set and reset DIST directories the PATH 
+                # needs to change accordingly
+export PATH EDITOR EMACSLOADPATH PYTHONPATH PAGER XMCD_LIBDIR DISPLAY MANPATH os_full os_name BASEPATH RSH O_WIN
+
+umask 022
+
+system=`uname -n`        # name of this system.
+
+JAVAC=$JAVA_HOME/bin/javac
+JAVA=$JAVA_HOME/bin/java
+JAVAC14=$JAVA_HOME14/bin/javac
+JAVA14=$JAVA_HOME14/bin/java
+#JAVA=$JAVA_HOME/jre/bin/java
+export JAVAC JAVA JAVA_HOME JAVAC14 JAVA_HOME14 JAVA14
+
diff --git a/nss/tests/smime/alice.txt b/nss/tests/smime/alice.txt
new file mode 100644
index 0000000..0378db4
--- /dev/null
+++ b/nss/tests/smime/alice.txt
@@ -0,0 +1,6 @@
+Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
+From: alice@bogus.com
+Subject: message Alice --> Bob
+To: bob@bogus.com
+
+This is a test message from Alice to Bob.
diff --git a/nss/tests/smime/bob.txt b/nss/tests/smime/bob.txt
new file mode 100644
index 0000000..330b2c9
--- /dev/null
+++ b/nss/tests/smime/bob.txt
@@ -0,0 +1,6 @@
+Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
+From: bob@bogus.com
+Subject: message Bob --> Alice
+To: alice@bogus.com
+
+This is a test message from Bob to Alice.
diff --git a/nss/tests/smime/smime.sh b/nss/tests/smime/smime.sh
new file mode 100755
index 0000000..2360100
--- /dev/null
+++ b/nss/tests/smime/smime.sh
@@ -0,0 +1,259 @@
+#! /bin/sh  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/smime/smime.sh
+#
+# Script to test NSS smime
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## smime_init ##############################
+# local shell function to initialize this script
+########################################################################
+smime_init()
+{
+  SCRIPTNAME=smime.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  SCRIPTNAME=smime.sh
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      html_head "S/MIME Tests with ECC"
+  else
+      html_head "S/MIME Tests"
+  fi
+
+  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
+  }
+
+  SMIMEDIR=${HOSTDIR}/smime
+  R_SMIMEDIR=../smime
+  mkdir -p ${SMIMEDIR}
+  cd ${SMIMEDIR}
+  cp ${QADIR}/smime/alice.txt ${SMIMEDIR}
+}
+
+smime_sign()
+{
+  HASH_CMD="-H ${HASH}"
+  SIG=sig.${HASH}
+
+  echo "$SCRIPTNAME: Signing Detached Message {$HASH} ------------------"
+  echo "cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}"
+  ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}
+  html_msg $? 0 "Create Detached Signature Alice (${HASH})" "."
+
+  echo "cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
+  html_msg $? 0 "Verifying Alice's Detached Signature (${HASH})" "."
+
+  echo "$SCRIPTNAME: Signing Attached Message (${HASH}) ------------------"
+  echo "cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}"
+  ${PROFTOOL} ${BINDIR}/cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}
+  html_msg $? 0 "Create Attached Signature Alice (${HASH})" "."
+
+  echo "cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}"
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}
+  html_msg $? 0 "Decode Alice's Attached Signature (${HASH})" "."
+
+  echo "diff alice.txt alice.data.${HASH}"
+  diff alice.txt alice.data.${HASH}
+  html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
+
+# Test ECDSA signing for all hash algorithms.
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
+      echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
+      ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
+      html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."
+
+      echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
+      ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} 
+      html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."
+
+      echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
+      echo "cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
+      ${PROFTOOL} ${BINDIR}/cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
+      html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."
+
+      echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
+      ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
+      html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."
+
+      echo "diff alice.txt alice-ec.data.${HASH}"
+      diff alice.txt alice-ec.data.${HASH}
+      html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
+  fi
+
+}
+
+
+
+smime_p7()
+{
+  echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
+  echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
+  ${PROFTOOL} ${BINDIR}/p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
+  html_msg $? 0 "Creating envelope for user Alice" "."
+
+  echo "p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data"
+  ${PROFTOOL} ${BINDIR}/p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+
+  sed -e '3,8p' -n alice_p7.data > alice_p7.data.sed
+
+  echo "diff alice.txt alice_p7.data.sed"
+  diff alice.txt alice_p7.data.sed
+  html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
+
+  echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e"
+  ${PROFTOOL} ${BINDIR}/p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
+  html_msg $? 0 "Signing file for user Alice" "."
+
+  echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig"
+  ${PROFTOOL} ${BINDIR}/p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
+  html_msg $? 0 "Verifying file delivered to user Alice" "."
+}
+
+############################## smime_main ##############################
+# local shell function to test basic signed and enveloped messages 
+# from 1 --> 2"
+########################################################################
+smime_main()
+{
+
+  HASH=SHA1
+  smime_sign
+  HASH=SHA256
+  smime_sign
+  HASH=SHA384
+  smime_sign
+  HASH=SHA512
+  smime_sign
+
+  echo "$SCRIPTNAME: Enveloped Data Tests ------------------------------"
+  echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\"
+  echo "        -o alice.env"
+  ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
+  html_msg $? 0 "Create Enveloped Data Alice" "."
+
+  echo "cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1"
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
+  html_msg $? 0 "Decode Enveloped Data Alice" "."
+
+  echo "diff alice.txt alice.data1"
+  diff alice.txt alice.data1
+  html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
+
+  # multiple recip
+  echo "$SCRIPTNAME: Testing multiple recipients ------------------------------"
+  echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
+  echo "        -r bob@bogus.com,dave@bogus.com"
+  ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
+          -r bob@bogus.com,dave@bogus.com
+  ret=$?
+  html_msg $ret 0 "Create Multiple Recipients Enveloped Data Alice" "."
+  if [ $ret != 0 ] ; then
+	echo "certutil -L -d ${P_R_ALICEDIR}"
+	${BINDIR}/certutil -L -d ${P_R_ALICEDIR}
+	echo "certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com"
+	${BINDIR}/certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com
+  fi
+
+  echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------"
+  echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
+  echo "        -r eve@bogus.net"
+  ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
+          -r eve@bogus.net
+  ret=$?
+  html_msg $ret 0 "Encrypt to a Multiple Email cert" "."
+
+  echo "cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2"
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
+  html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Bob" "."
+
+  echo "cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3"
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
+  html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Dave" "."
+
+  echo "cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4"
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
+  html_msg $? 0 "Decrypt with a Multiple Email cert" "."
+
+  diff alice.txt alice.data2
+  html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Bob" "."
+
+  diff alice.txt alice.data3
+  html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Dave" "."
+
+  diff alice.txt alice.data4
+  html_msg $? 0 "Compare Decoded with Multiple Email cert" "."
+  
+  echo "$SCRIPTNAME: Sending CERTS-ONLY Message ------------------------------"
+  echo "cmsutil -O -r \"Alice,bob@bogus.com,dave@bogus.com\" \\"
+  echo "        -d ${P_R_ALICEDIR} > co.der"
+  ${PROFTOOL} ${BINDIR}/cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der
+  html_msg $? 0 "Create Certs-Only Alice" "."
+
+  echo "cmsutil -D -i co.der -d ${P_R_BOBDIR}"
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i co.der -d ${P_R_BOBDIR}
+  html_msg $? 0 "Verify Certs-Only by CA" "."
+
+  echo "$SCRIPTNAME: Encrypted-Data Message ---------------------------------"
+  echo "cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \\"
+  echo "        -r \"bob@bogus.com\" > alice.enc"
+  ${PROFTOOL} ${BINDIR}/cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
+          -r "bob@bogus.com" > alice.enc
+  html_msg $? 0 "Create Encrypted-Data" "."
+
+  echo "cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss \\"
+  echo "        -o alice.data2"
+  ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
+  html_msg $? 0 "Decode Encrypted-Data" "."
+
+  diff alice.txt alice.data2
+  html_msg $? 0 "Compare Decoded and Original Data" "."
+}
+  
+############################## smime_cleanup ###########################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+smime_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+smime_init
+smime_main
+smime_p7
+smime_cleanup
+
diff --git a/nss/tests/ssl/ssl.sh b/nss/tests/ssl/ssl.sh
new file mode 100755
index 0000000..972cd07
--- /dev/null
+++ b/nss/tests/ssl/ssl.sh
@@ -0,0 +1,1199 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/ssl/ssl.sh
+#
+# Script to test NSS SSL
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## ssl_init ################################
+# local shell function to initialize this script
+########################################################################
+ssl_init()
+{
+  SCRIPTNAME=ssl.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ -z "${IOPR_SSL_SOURCED}" ]; then
+      . ../iopr/ssl_iopr.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  SCRIPTNAME=ssl.sh
+  echo "$SCRIPTNAME: SSL tests ==============================="
+
+  grep "SUCCESS: SSL passed" $CERT_LOG_FILE >/dev/null || {
+      html_head "SSL Test failure"
+      Exit 8 "Fatal - cert.sh needs to pass first"
+  }
+
+  if [ -z "$NSS_TEST_DISABLE_CRL" ] ; then
+      grep "SUCCESS: SSL CRL prep passed" $CERT_LOG_FILE >/dev/null || {
+          html_head "SSL Test failure"
+          Exit 8 "Fatal - SSL of cert.sh needs to pass first"
+      }
+  fi
+
+  PORT=${PORT-8443}
+  NSS_SSL_TESTS=${NSS_SSL_TESTS:-normal_normal}
+  nss_ssl_run="stapling signed_cert_timestamps cov auth stress"
+  NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run}
+
+  # Test case files
+  SSLCOV=${QADIR}/ssl/sslcov.txt
+  SSLAUTH=${QADIR}/ssl/sslauth.txt
+  SSLSTRESS=${QADIR}/ssl/sslstress.txt
+  SSLPOLICY=${QADIR}/ssl/sslpolicy.txt
+  REQUEST_FILE=${QADIR}/ssl/sslreq.dat
+
+  #temparary files
+  SERVEROUTFILE=${TMP}/tests_server.$$
+  SERVERPID=${TMP}/tests_pid.$$
+
+  R_SERVERPID=../tests_pid.$$
+
+  TEMPFILES="$TMPFILES ${SERVEROUTFILE}  ${SERVERPID}"
+
+  fileout=0 #FIXME, looks like all.sh tried to turn this on but actually didn't
+  #fileout=1
+  #verbose="-v" #FIXME - see where this is usefull
+
+  USER_NICKNAME=TestUser
+  NORM_EXT=""
+
+  EC_SUITES=":C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D"
+  EC_SUITES="${EC_SUITES}:C00E:C00F:C010:C011:C012:C013:C014:C023:C024:C027"
+  EC_SUITES="${EC_SUITES}:C028:C02B:C02C:C02F:C030:CCA8:CCA9:CCAA"
+
+  NON_EC_SUITES=":0016:0032:0033:0038:0039:003B:003C:003D:0040:0041:0067:006A:006B"
+  NON_EC_SUITES="${NON_EC_SUITES}:0084:009C:009D:009E:009F:00A2:00A3:CCAAcdeinvyz"
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      ECC_STRING=" - with ECC"
+      # List of cipher suites to test, including ECC cipher suites.
+      CIPHER_SUITES="-c ${EC_SUITES}${NON_EC_SUITES}"
+  else
+      ECC_STRING=""
+      # List of cipher suites to test, excluding ECC cipher suites.
+      CIPHER_SUITES="-c ${NON_EC_SUITES}"
+  fi
+
+  if [ "${OS_ARCH}" != "WINNT" ]; then
+      ulimit -n 1000 # make sure we have enough file descriptors
+  fi
+
+  cd ${CLIENTDIR}
+}
+
+########################### is_selfserv_alive ##########################
+# local shell function to exit with a fatal error if selfserver is not
+# running
+########################################################################
+is_selfserv_alive()
+{
+  if [ ! -f "${SERVERPID}" ]; then
+      echo "$SCRIPTNAME: Error - selfserv PID file ${SERVERPID} doesn't exist"
+      sleep 5
+      if [ ! -f "${SERVERPID}" ]; then
+          Exit 9 "Fatal - selfserv pid file ${SERVERPID} does not exist"
+      fi
+  fi
+
+  if [ "${OS_ARCH}" = "WINNT" ] && \
+     [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
+      PID=${SHELL_SERVERPID}
+  else
+      PID=`cat ${SERVERPID}`
+  fi
+
+  echo "kill -0 ${PID} >/dev/null 2>/dev/null"
+  kill -0 ${PID} >/dev/null 2>/dev/null || Exit 10 "Fatal - selfserv process not detectable"
+
+  echo "selfserv with PID ${PID} found at `date`"
+}
+
+########################### wait_for_selfserv ##########################
+# local shell function to wait until selfserver is running and initialized
+########################################################################
+wait_for_selfserv()
+{
+  #verbose="-v"
+  echo "trying to connect to selfserv at `date`"
+  echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
+  echo "        -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
+  ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
+          -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
+  if [ $? -ne 0 ]; then
+      sleep 5
+      echo "retrying to connect to selfserv at `date`"
+      echo "tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \\"
+      echo "        -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}"
+      ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} ${CLIENT_OPTIONS} -q \
+              -d ${P_R_CLIENTDIR} $verbose < ${REQUEST_FILE}
+      if [ $? -ne 0 ]; then
+          html_failed "Waiting for Server"
+      fi
+  fi
+  is_selfserv_alive
+}
+
+########################### kill_selfserv ##############################
+# local shell function to kill the selfserver after the tests are done
+########################################################################
+kill_selfserv()
+{
+  if [ "${OS_ARCH}" = "WINNT" ] && \
+     [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
+      PID=${SHELL_SERVERPID}
+  else
+      PID=`cat ${SERVERPID}`
+  fi
+
+  echo "trying to kill selfserv with PID ${PID} at `date`"
+
+  if [ "${OS_ARCH}" = "WINNT" -o "${OS_ARCH}" = "WIN95" -o "${OS_ARCH}" = "OS2" ]; then
+      echo "${KILL} ${PID}"
+      ${KILL} ${PID}
+  else
+      echo "${KILL} -USR1 ${PID}"
+      ${KILL} -USR1 ${PID}
+  fi
+  wait ${PID}
+  if [ ${fileout} -eq 1 ]; then
+      cat ${SERVEROUTFILE}
+  fi
+
+  # On Linux selfserv needs up to 30 seconds to fully die and free
+  # the port.  Wait until the port is free. (Bug 129701)
+  if [ "${OS_ARCH}" = "Linux" ]; then
+      echo "selfserv -b -p ${PORT} 2>/dev/null;"
+      until ${BINDIR}/selfserv -b -p ${PORT} 2>/dev/null; do
+          echo "RETRY: selfserv -b -p ${PORT} 2>/dev/null;"
+          sleep 1
+      done
+  fi
+
+  echo "selfserv with PID ${PID} killed at `date`"
+
+  rm ${SERVERPID}
+  html_detect_core "kill_selfserv core detection step"
+}
+
+########################### start_selfserv #############################
+# local shell function to start the selfserver with the parameters required
+# for this test and log information (parameters, start time)
+# also: wait until the server is up and running
+########################################################################
+start_selfserv()
+{
+  if [ -n "$testname" ] ; then
+      echo "$SCRIPTNAME: $testname ----"
+  fi
+  sparam=`echo $sparam | sed -e 's;_; ;g'`
+  if [ -z "$NSS_DISABLE_ECC" ] && \
+     [ -z "$NO_ECC_CERTS" -o "$NO_ECC_CERTS" != "1"  ] ; then
+      ECC_OPTIONS="-e ${HOSTADDR}-ecmixed -e ${HOSTADDR}-ec"
+  else
+      ECC_OPTIONS=""
+  fi
+  echo "selfserv starting at `date`"
+  echo "selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \\"
+  echo "         ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID}\\"
+  echo "         -V ssl3:tls1.2 $verbose -H 1 &"
+  if [ ${fileout} -eq 1 ]; then
+      ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} -V ssl3:tls1.2 $verbose -H 1 \
+               > ${SERVEROUTFILE} 2>&1 &
+      RET=$?
+  else
+      ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \
+               ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} -V ssl3:tls1.2 $verbose -H 1 &
+      RET=$?
+  fi
+
+  # The PID $! returned by the MKS or Cygwin shell is not the PID of
+  # the real background process, but rather the PID of a helper
+  # process (sh.exe).  MKS's kill command has a bug: invoking kill
+  # on the helper process does not terminate the real background
+  # process.  Our workaround has been to have selfserv save its PID
+  # in the ${SERVERPID} file and "kill" that PID instead.  But this
+  # doesn't work under Cygwin; its kill command doesn't recognize
+  # the PID of the real background process, but it does work on the
+  # PID of the helper process.  So we save the value of $! in the
+  # SHELL_SERVERPID variable, and use it instead of the ${SERVERPID}
+  # file under Cygwin.  (In fact, this should work in any shell
+  # other than the MKS shell.)
+  SHELL_SERVERPID=$!
+  wait_for_selfserv
+
+  if [ "${OS_ARCH}" = "WINNT" ] && \
+     [ "$OS_NAME" = "CYGWIN_NT" -o "$OS_NAME" = "MINGW32_NT" ]; then
+      PID=${SHELL_SERVERPID}
+  else
+      PID=`cat ${SERVERPID}`
+  fi
+
+  echo "selfserv with PID ${PID} started at `date`"
+}
+
+############################## ssl_cov #################################
+# local shell function to perform SSL Cipher Coverage tests
+########################################################################
+ssl_cov()
+{
+  #verbose="-v"
+  html_head "SSL Cipher Coverage $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
+
+  testname=""
+  sparam="$CIPHER_SUITES"
+
+  start_selfserv # Launch the server
+
+  VMIN="ssl3"
+  VMAX="tls1.1"
+
+  exec < ${SSLCOV}
+  while read ectype testmax param testname
+  do
+      echo "${testname}" | grep "EXPORT" > /dev/null
+      EXP=$?
+
+      if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
+      elif [ "`echo $ectype | cut -b 1`" != "#" ] ; then
+          echo "$SCRIPTNAME: running $testname ----------------------------"
+          VMAX="ssl3"
+          if [ "$testmax" = "TLS10" ]; then
+              VMAX="tls1.0"
+          fi
+          if [ "$testmax" = "TLS11" ]; then
+              VMAX="tls1.1"
+          fi
+          if [ "$testmax" = "TLS12" ]; then
+              VMAX="tls1.2"
+          fi
+
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+          echo "        -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
+
+          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+          ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+                  -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
+                  >${TMP}/$HOST.tmp.$$  2>&1
+          ret=$?
+          cat ${TMP}/$HOST.tmp.$$
+          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+          html_msg $ret 0 "${testname}" \
+                   "produced a returncode of $ret, expected is 0"
+      fi
+  done
+
+  kill_selfserv
+  html "</TABLE><BR>"
+}
+
+############################## ssl_auth ################################
+# local shell function to perform SSL  Client Authentication tests
+########################################################################
+ssl_auth()
+{
+  #verbose="-v"
+  html_head "SSL Client Authentication $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
+
+  exec < ${SSLAUTH}
+  while read ectype value sparam cparam testname
+  do
+      [ -z "$ectype" ] && continue
+      echo "${testname}" | grep "don't require client auth" > /dev/null
+      CAUTH=$?
+
+      if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+      elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
+      elif [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
+      elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
+          cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
+          if [ "$ectype" = "SNI" ]; then
+              cparam=`echo $cparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
+              sparam=`echo $sparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
+          fi
+          start_selfserv
+
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+          echo "        ${cparam}  < ${REQUEST_FILE}"
+          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+          ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} $verbose ${CLIENT_OPTIONS} \
+                  -d ${P_R_CLIENTDIR} < ${REQUEST_FILE} \
+                  >${TMP}/$HOST.tmp.$$  2>&1
+          ret=$?
+          cat ${TMP}/$HOST.tmp.$$
+          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+
+          #workaround for bug #402058
+          [ $ret -ne 0 ] && ret=1
+          [ $value -ne 0 ] && value=1
+
+          html_msg $ret $value "${testname}" \
+                   "produced a returncode of $ret, expected is $value"
+          kill_selfserv
+      fi
+  done
+
+  html "</TABLE><BR>"
+}
+
+ssl_stapling_sub()
+{
+    #verbose="-v"
+    testname=$1
+    SO=$2
+    value=$3
+
+    if [ "$NORM_EXT" = "Extended Test" ] ; then
+	# these tests use the ext_client directory for tstclnt,
+	# which doesn't contain the required "TestCA" for server cert
+	# verification, I don't know if it would be OK to add it...
+	echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
+	return 0
+    fi
+    if [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+	return 0
+    fi
+
+    SAVE_SERVER_OPTIONS=${SERVER_OPTIONS}
+    SERVER_OPTIONS="${SERVER_OPTIONS} ${SO}"
+
+    SAVE_P_R_SERVERDIR=${P_R_SERVERDIR}
+    P_R_SERVERDIR=${P_R_SERVERDIR}/../stapling/
+
+    echo "${testname}"
+
+    start_selfserv
+
+    echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+    echo "        -c v -T -O -F -M 1 -V ssl3:tls1.2 < ${REQUEST_FILE}"
+    rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+    ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+	    -d ${P_R_CLIENTDIR} $verbose -c v -T -O -F -M 1 -V ssl3:tls1.2 < ${REQUEST_FILE} \
+	    >${TMP}/$HOST.tmp.$$  2>&1
+    ret=$?
+    cat ${TMP}/$HOST.tmp.$$
+    rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+
+    # hopefully no workaround for bug #402058 needed here?
+    # (see commands in ssl_auth
+
+    html_msg $ret $value "${testname}" \
+	    "produced a returncode of $ret, expected is $value"
+    kill_selfserv
+
+    SERVER_OPTIONS=${SAVE_SERVER_OPTIONS}
+    P_R_SERVERDIR=${SAVE_P_R_SERVERDIR}
+}
+
+ssl_stapling_stress()
+{
+    testname="Stress OCSP stapling, server uses random status"
+    SO="-A TestCA -T random"
+    value=0
+
+    if [ "$NORM_EXT" = "Extended Test" ] ; then
+	# these tests use the ext_client directory for tstclnt,
+	# which doesn't contain the required "TestCA" for server cert
+	# verification, I don't know if it would be OK to add it...
+	echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
+	return 0
+    fi
+    if [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+	return 0
+    fi
+
+    SAVE_SERVER_OPTIONS=${SERVER_OPTIONS}
+    SERVER_OPTIONS="${SERVER_OPTIONS} ${SO}"
+
+    SAVE_P_R_SERVERDIR=${P_R_SERVERDIR}
+    P_R_SERVERDIR=${P_R_SERVERDIR}/../stapling/
+
+    echo "${testname}"
+    start_selfserv
+
+    echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \\"
+    echo "         -c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR}"
+    echo "strsclnt started at `date`"
+    ${PROFTOOL} ${BINDIR}/strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss \
+	    -c 1000 -V ssl3:tls1.2 -N -T $verbose ${HOSTADDR}
+    ret=$?
+
+    echo "strsclnt completed at `date`"
+    html_msg $ret $value \
+	    "${testname}" \
+	    "produced a returncode of $ret, expected is $value."
+    kill_selfserv
+
+    SERVER_OPTIONS=${SAVE_SERVER_OPTIONS}
+    P_R_SERVERDIR=${SAVE_P_R_SERVERDIR}
+}
+
+############################ ssl_stapling ##############################
+# local shell function to perform SSL Cert Status (OCSP Stapling) tests
+########################################################################
+ssl_stapling()
+{
+  html_head "SSL Cert Status (OCSP Stapling) $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
+
+  # tstclnt Exit code:
+  # 0: have fresh and valid revocation data, status good
+  # 1: cert failed to verify, prior to revocation checking
+  # 2: missing, old or invalid revocation data
+  # 3: have fresh and valid revocation data, status revoked
+
+  # selfserv modes
+  # good, revoked, unkown: Include locally signed response. Requires: -A
+  # failure: Include OCSP failure status, such as "try later" (unsigned)
+  # badsig: use a good status but with an invalid signature
+  # corrupted: stapled cert status is an invalid block of data
+
+  ssl_stapling_sub "OCSP stapling, signed response, good status"     "-A TestCA -T good"      0
+  ssl_stapling_sub "OCSP stapling, signed response, revoked status"  "-A TestCA -T revoked"   3
+  ssl_stapling_sub "OCSP stapling, signed response, unknown status"  "-A TestCA -T unknown"   2
+  ssl_stapling_sub "OCSP stapling, unsigned failure response"        "-A TestCA -T failure"   2
+  ssl_stapling_sub "OCSP stapling, good status, bad signature"       "-A TestCA -T badsig"    2
+  ssl_stapling_sub "OCSP stapling, invalid cert status data"         "-A TestCA -T corrupted" 2
+  ssl_stapling_sub "Valid cert, Server doesn't staple"               ""                       2
+
+  ssl_stapling_stress
+
+  html "</TABLE><BR>"
+}
+
+############################ ssl_signed_cert_timestamps #################
+# local shell function to perform SSL Signed Certificate Timestamp tests
+#########################################################################
+ssl_signed_cert_timestamps()
+{
+  #verbose="-v"
+  html_head "SSL Signed Certificate Timestamps $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
+
+    testname="ssl_signed_cert_timestamps"
+    value=0
+
+    if [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+        return 0
+    fi
+
+    echo "${testname}"
+
+    start_selfserv
+
+    # Since we don't have server-side support, this test only covers advertising the
+    # extension in the client hello.
+    echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} $verbose ${CLIENT_OPTIONS} \\"
+    echo "        -U -V tls1.0:tls1.2 < ${REQUEST_FILE}"
+    rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+    ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
+            -d ${P_R_CLIENTDIR} $verbose -U -V tls1.0:tls1.2 < ${REQUEST_FILE} \
+            >${TMP}/$HOST.tmp.$$  2>&1
+    ret=$?
+    cat ${TMP}/$HOST.tmp.$$
+    rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+
+    html_msg $ret $value "${testname}" \
+            "produced a returncode of $ret, expected is $value"
+    kill_selfserv
+  html "</TABLE><BR>"
+}
+
+
+############################## ssl_stress ##############################
+# local shell function to perform SSL stress test
+########################################################################
+ssl_stress()
+{
+  html_head "SSL Stress Test $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
+
+  exec < ${SSLSTRESS}
+  while read ectype value sparam cparam testname
+  do
+      if [ -z "$ectype" ]; then
+          # silently ignore blank lines
+          continue
+      fi
+
+      echo "${testname}" | grep "client auth" > /dev/null
+      CAUTH=$?
+
+      if [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname for $NORM_EXT"
+      elif [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
+      elif [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -ne 0 ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (non-FIPS only)"
+      elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
+          cparam=`echo $cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
+          if [ "$ectype" = "SNI" ]; then
+              cparam=`echo $cparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
+              sparam=`echo $sparam | sed -e "s/Host/$HOST/g" -e "s/Dom/$DOMSUF/g" `
+          fi
+
+          start_selfserv
+
+          if [ "`uname -n`" = "sjsu" ] ; then
+              echo "debugging disapering selfserv... ps -ef | grep selfserv"
+              ps -ef | grep selfserv
+          fi
+
+          echo "strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \\"
+          echo "         -V ssl3:tls1.2 $verbose ${HOSTADDR}"
+          echo "strsclnt started at `date`"
+          ${PROFTOOL} ${BINDIR}/strsclnt -q -p ${PORT} -d ${P_R_CLIENTDIR} ${CLIENT_OPTIONS} -w nss $cparam \
+                   -V ssl3:tls1.2 $verbose ${HOSTADDR}
+          ret=$?
+          echo "strsclnt completed at `date`"
+          html_msg $ret $value \
+                   "${testname}" \
+                   "produced a returncode of $ret, expected is $value. "
+          if [ "`uname -n`" = "sjsu" ] ; then
+              echo "debugging disapering selfserv... ps -ef | grep selfserv"
+              ps -ef | grep selfserv
+          fi
+          kill_selfserv
+      fi
+  done
+
+  html "</TABLE><BR>"
+}
+
+############################ ssl_crl_ssl ###############################
+# local shell function to perform SSL test with/out revoked certs tests
+########################################################################
+ssl_crl_ssl()
+{
+  #verbose="-v"
+  html_head "CRL SSL Client Tests $NORM_EXT $ECC_STRING"
+
+  # Using First CRL Group for this test. There are $CRL_GRP_1_RANGE certs in it.
+  # Cert number $UNREVOKED_CERT_GRP_1 was not revoked
+  CRL_GROUP_BEGIN=$CRL_GRP_1_BEGIN
+  CRL_GROUP_RANGE=$CRL_GRP_1_RANGE
+  UNREVOKED_CERT=$UNREVOKED_CERT_GRP_1
+
+  exec < ${SSLAUTH}
+  while read ectype value sparam cparam testname
+  do
+    [ "$ectype" = "" ] && continue
+    if [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
+        echo "$SCRIPTNAME: skipping $testname (ECC only)"
+    elif [ "$ectype" = "SNI" ]; then
+        continue
+    elif [ "`echo $ectype | cut -b 1`" != "#" ]; then
+	servarg=`echo $sparam | awk '{r=split($0,a,"-r") - 1;print r;}'`
+	pwd=`echo $cparam | grep nss`
+	user=`echo $cparam | grep TestUser`
+	_cparam=$cparam
+	case $servarg in
+	    1) if [ -z "$pwd" -o -z "$user" ]; then
+                 rev_modvalue=0
+               else
+	         rev_modvalue=254
+               fi
+               ;;
+	    2) rev_modvalue=254 ;;
+	    3) if [ -z "$pwd" -o -z "$user" ]; then
+		rev_modvalue=0
+		else
+		rev_modvalue=1
+		fi
+		;;
+	    4) rev_modvalue=1 ;;
+	esac
+	TEMP_NUM=0
+	while [ $TEMP_NUM -lt $CRL_GROUP_RANGE ]
+	  do
+	  CURR_SER_NUM=`expr ${CRL_GROUP_BEGIN} + ${TEMP_NUM}`
+	  TEMP_NUM=`expr $TEMP_NUM + 1`
+	  USER_NICKNAME="TestUser${CURR_SER_NUM}"
+	  cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
+	  start_selfserv
+
+	  echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+	  echo "        ${cparam}  < ${REQUEST_FILE}"
+	  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+	  ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+	      -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
+	      >${TMP}/$HOST.tmp.$$  2>&1
+	  ret=$?
+	  cat ${TMP}/$HOST.tmp.$$
+	  rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+	  if [ $CURR_SER_NUM -ne $UNREVOKED_CERT ]; then
+	      modvalue=$rev_modvalue
+              testAddMsg="revoked"
+	  else
+              testAddMsg="not revoked"
+	      modvalue=$value
+	  fi
+
+	  html_msg $ret $modvalue "${testname} (cert ${USER_NICKNAME} - $testAddMsg)" \
+		"produced a returncode of $ret, expected is $modvalue"
+	  kill_selfserv
+	done
+    fi
+  done
+
+  html "</TABLE><BR>"
+}
+
+############################## ssl_cov #################################
+# local shell function to perform SSL Policy tests
+########################################################################
+ssl_policy()
+{
+  #verbose="-v"
+  html_head "SSL POLICY $NORM_EXT - server $SERVER_MODE/client $CLIENT_MODE $ECC_STRING"
+
+  testname=""
+  sparam="$CIPHER_SUITES"
+
+  if [ ! -f "${P_R_CLIENTDIR}/pkcs11.txt" ] ; then
+      return;
+  fi
+
+  echo "Saving pkcs11.txt"
+  cp ${P_R_CLIENTDIR}/pkcs11.txt ${P_R_CLIENTDIR}/pkcs11.txt.sav
+
+  start_selfserv # Launch the server
+
+  VMIN="ssl3"
+  VMAX="tls1.2"
+
+  exec < ${SSLPOLICY}
+  while read value ectype testmax param policy testname
+  do
+      VMIN="ssl3"
+
+      if [ "$ectype" = "ECC" -a -n "$NSS_DISABLE_ECC" ] ; then
+          echo "$SCRIPTNAME: skipping  $testname (ECC only)"
+      elif [ "`echo $value | cut -b 1`" != "#" ] ; then
+          echo "$SCRIPTNAME: running $testname ----------------------------"
+          VMAX="ssl3"
+          if [ "$testmax" = "TLS10" ]; then
+              VMAX="tls1.0"
+          fi
+          if [ "$testmax" = "TLS11" ]; then
+              VMAX="tls1.1"
+          fi
+          if [ "$testmax" = "TLS12" ]; then
+              VMAX="tls1.2"
+          fi
+
+          # load the policy
+          policy=`echo ${policy} | sed -e 's;_; ;g'`
+
+          cat  > ${P_R_CLIENTDIR}/pkcs11.txt << ++EOF++
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='./client' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+++EOF++
+          echo "config=${policy}" >> ${P_R_CLIENTDIR}/pkcs11.txt
+          echo "" >> ${P_R_CLIENTDIR}/pkcs11.txt
+          echo "library=${DIST}/${OBJDIR}/lib/libnssckbi.so" >> ${P_R_CLIENTDIR}/pkcs11.txt >> ${P_R_CLIENTDIR}/pkcs11.txt
+          cat  >> ${P_R_CLIENTDIR}/pkcs11.txt << ++EOF++
+name=RootCerts
+NSS=trustOrder=100
+++EOF++
+
+          echo "******************************Testing with: "
+	  cat ${P_R_CLIENTDIR}/pkcs11.txt
+          echo "******************************"
+
+          echo "tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} \\"
+          echo "        -f -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE}"
+
+          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+          ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -c ${param} -V ${VMIN}:${VMAX} ${CLIENT_OPTIONS} -f \
+                  -d ${P_R_CLIENTDIR} $verbose -w nss < ${REQUEST_FILE} \
+                  >${TMP}/$HOST.tmp.$$  2>&1
+          ret=$?
+          cat ${TMP}/$HOST.tmp.$$
+          rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+
+          #workaround for bug #402058
+          [ $ret -ne 0 ] && ret=1
+          [ ${value} -ne 0 ] && value=1
+
+          html_msg $ret ${value} "${testname}" \
+                   "produced a returncode of $ret, expected is ${value}"
+      fi
+  done
+  cp ${P_R_CLIENTDIR}/pkcs11.txt.sav ${P_R_CLIENTDIR}/pkcs11.txt
+
+  kill_selfserv
+  html "</TABLE><BR>"
+}
+############################# is_revoked ###############################
+# local shell function to check if certificate is revoked
+########################################################################
+is_revoked() {
+    certNum=$1
+    currLoadedGrp=$2
+
+    found=0
+    ownerGrp=1
+    while [ $ownerGrp -le $TOTAL_GRP_NUM -a $found -eq 0 ]
+      do
+      currGrpBegin=`eval echo \$\{CRL_GRP_${ownerGrp}_BEGIN\}`
+      currGrpRange=`eval echo \$\{CRL_GRP_${ownerGrp}_RANGE\}`
+      currGrpEnd=`expr $currGrpBegin + $currGrpRange - 1`
+      if [ $certNum -ge $currGrpBegin -a $certNum -le $currGrpEnd ]; then
+          found=1
+      else
+          ownerGrp=`expr $ownerGrp + 1`
+      fi
+    done
+    if [ $found -eq 1 -a $currLoadedGrp -lt $ownerGrp ]; then
+        return 1
+    fi
+    if [ $found -eq 0 ]; then
+        return 1
+    fi
+    unrevokedGrpCert=`eval echo \$\{UNREVOKED_CERT_GRP_${ownerGrp}\}`
+    if [ $certNum -eq $unrevokedGrpCert ]; then
+        return 1
+    fi
+    return 0
+}
+
+########################### load_group_crl #############################
+# local shell function to load CRL
+########################################################################
+load_group_crl() {
+    #verbose="-v"
+    group=$1
+    ectype=$2
+
+    OUTFILE_TMP=${TMP}/$HOST.tmp.$$
+    grpBegin=`eval echo \$\{CRL_GRP_${group}_BEGIN\}`
+    grpRange=`eval echo \$\{CRL_GRP_${group}_RANGE\}`
+    grpEnd=`expr $grpBegin + $grpRange - 1`
+
+    if [ "$grpBegin" = "" -o "$grpRange" = "" ]; then
+        ret=1
+        return 1;
+    fi
+
+    # Add -ec suffix for ECC
+    if [ "$ectype" = "ECC" ] ; then
+      ecsuffix="-ec"
+      eccomment="ECC "
+    else
+      ecsuffix=""
+      eccomment=""
+    fi
+
+    if [ "$RELOAD_CRL" != "" ]; then
+        if [ $group -eq 1 ]; then
+            echo "==================== Resetting to group 1 crl ==================="
+            kill_selfserv
+            start_selfserv
+            is_selfserv_alive
+        fi
+        echo "================= Reloading ${eccomment}CRL for group $grpBegin - $grpEnd ============="
+
+        echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+        echo "          -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix}"
+        echo "Request:"
+        echo "GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}"
+        echo ""
+        echo "RELOAD time $i"
+
+        REQF=${R_CLIENTDIR}.crlreq
+        cat > ${REQF} <<_EOF_REQUEST_
+GET crl://${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix}
+
+_EOF_REQUEST_
+
+        ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f  \
+            -d ${R_CLIENTDIR} $verbose -V ssl3:tls1.2 -w nss -n TestUser${UNREVOKED_CERT_GRP_1}${ecsuffix} \
+            >${OUTFILE_TMP}  2>&1 < ${REQF}
+
+        cat ${OUTFILE_TMP}
+        grep "CRL ReCache Error" ${OUTFILE_TMP}
+        if [ $? -eq 0 ]; then
+            ret=1
+            return 1
+        fi
+    else
+        echo "=== Updating DB for group $grpBegin - $grpEnd and restarting selfserv ====="
+
+        kill_selfserv
+        CU_ACTION="Importing ${eccomment}CRL for groups $grpBegin - $grpEnd"
+        crlu -d ${R_SERVERDIR} -I -i ${SERVERDIR}/root.crl_${grpBegin}-${grpEnd}${ecsuffix} \
+             -p ../tests.pw.928
+        ret=$?
+        if [ "$ret" -eq 0 ]; then
+	    html_passed "${CU_ACTION}"
+            return 1
+        fi
+        start_selfserv
+    fi
+    is_selfserv_alive
+    ret=$?
+    echo "================= CRL Reloaded ============="
+}
+
+
+########################### ssl_crl_cache ##############################
+# local shell function to perform SSL test for crl cache functionality
+# with/out revoked certs
+########################################################################
+ssl_crl_cache()
+{
+  #verbose="-v"
+  html_head "Cache CRL SSL Client Tests $NORM_EXT $ECC_STRING"
+  SSLAUTH_TMP=${TMP}/authin.tl.tmp
+  SERV_ARG=-r_-r
+  rm -f ${SSLAUTH_TMP}
+  echo ${SSLAUTH_TMP}
+
+  grep -- " $SERV_ARG " ${SSLAUTH} | grep -v "^#" | grep -v none | grep -v bogus > ${SSLAUTH_TMP}
+  echo $?
+  while [ $? -eq 0 -a -f ${SSLAUTH_TMP} ]
+    do
+    sparam=$SERV_ARG
+    start_selfserv
+    exec < ${SSLAUTH_TMP}
+    while read ectype value sparam cparam testname
+      do
+      [ "$ectype" = "" ] && continue
+      if [ "$ectype" = "ECC" -a  -n "$NSS_DISABLE_ECC" ] ; then
+        echo "$SCRIPTNAME: skipping  $testname (ECC only)"
+      elif [ "$ectype" = "SNI" ]; then
+          continue
+      else
+        servarg=`echo $sparam | awk '{r=split($0,a,"-r") - 1;print r;}'`
+        pwd=`echo $cparam | grep nss`
+        user=`echo $cparam | grep TestUser`
+        _cparam=$cparam
+        case $servarg in
+            1) if [ -z "$pwd" -o -z "$user" ]; then
+                rev_modvalue=0
+                else
+                rev_modvalue=254
+                fi
+                ;;
+            2) rev_modvalue=254 ;;
+
+            3) if [ -z "$pwd" -o -z "$user" ]; then
+                rev_modvalue=0
+                else
+                rev_modvalue=1
+                fi
+                ;;
+            4) rev_modvalue=1 ;;
+	  esac
+        TEMP_NUM=0
+        LOADED_GRP=1
+        while [ ${LOADED_GRP} -le ${TOTAL_GRP_NUM} ]
+          do
+          while [ $TEMP_NUM -lt $TOTAL_CRL_RANGE ]
+            do
+            CURR_SER_NUM=`expr ${CRL_GRP_1_BEGIN} + ${TEMP_NUM}`
+            TEMP_NUM=`expr $TEMP_NUM + 1`
+            USER_NICKNAME="TestUser${CURR_SER_NUM}"
+            cparam=`echo $_cparam | sed -e 's;_; ;g' -e "s/TestUser/$USER_NICKNAME/g" `
+
+            echo "Server Args: $SERV_ARG"
+            echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${R_CLIENTDIR} $verbose \\"
+            echo "        ${cparam}  < ${REQUEST_FILE}"
+            rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+            ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${cparam} \
+	        -d ${R_CLIENTDIR} $verbose < ${REQUEST_FILE} \
+                >${TMP}/$HOST.tmp.$$  2>&1
+            ret=$?
+            cat ${TMP}/$HOST.tmp.$$
+            rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
+            is_revoked ${CURR_SER_NUM} ${LOADED_GRP}
+            isRevoked=$?
+            if [ $isRevoked -eq 0 ]; then
+                modvalue=$rev_modvalue
+                testAddMsg="revoked"
+            else
+                modvalue=$value
+                testAddMsg="not revoked"
+            fi
+
+            is_selfserv_alive
+            ss_status=$?
+            if [ "$ss_status" -ne 0 ]; then
+                html_msg $ret $modvalue \
+                    "${testname}(cert ${USER_NICKNAME} - $testAddMsg)" \
+                    "produced a returncode of $ret, expected is $modvalue. " \
+                    "selfserv is not alive!"
+            else
+                html_msg $ret $modvalue \
+                    "${testname}(cert ${USER_NICKNAME} - $testAddMsg)" \
+                    "produced a returncode of $ret, expected is $modvalue"
+            fi
+          done
+          LOADED_GRP=`expr $LOADED_GRP + 1`
+          TEMP_NUM=0
+          if [ "$LOADED_GRP" -le "$TOTAL_GRP_NUM" ]; then
+              load_group_crl $LOADED_GRP $ectype
+              html_msg $ret 0 "Load group $LOADED_GRP ${eccomment}crl " \
+                  "produced a returncode of $ret, expected is 0"
+          fi
+        done
+        # Restart selfserv to roll back to two initial group 1 crls
+        # TestCA CRL and TestCA-ec CRL
+        kill_selfserv
+        start_selfserv
+      fi
+    done
+    kill_selfserv
+    SERV_ARG="${SERV_ARG}_-r"
+    rm -f ${SSLAUTH_TMP}
+    grep -- " $SERV_ARG " ${SSLAUTH} | grep -v "^#" | grep -v none | grep -v bogus  > ${SSLAUTH_TMP}
+  done
+  TEMPFILES=${SSLAUTH_TMP}
+  html "</TABLE><BR>"
+}
+
+
+############################## ssl_cleanup #############################
+# local shell function to finish this script (no exit since it might be
+# sourced)
+########################################################################
+ssl_cleanup()
+{
+  rm $SERVERPID 2>/dev/null
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+############################## ssl_run #################################
+# local shell function to run coverage, authentication and stress tests
+########################################################################
+ssl_run()
+{
+    for SSL_RUN in ${NSS_SSL_RUN}
+    do
+        case "${SSL_RUN}" in
+        "stapling")
+            if [ -z "$NSS_DISABLE_LIBPKIX" ]; then
+              ssl_stapling
+            fi
+            ;;
+        "signed_cert_timestamps")
+            ssl_signed_cert_timestamps
+            ;;
+        "cov")
+            ssl_cov
+            ;;
+        "auth")
+            ssl_auth
+            ;;
+        "stress")
+            ssl_stress
+            ;;
+         esac
+    done
+}
+
+############################ ssl_run_all ###############################
+# local shell function to run both standard and extended ssl tests
+########################################################################
+ssl_run_all()
+{
+    ORIG_SERVERDIR=$SERVERDIR
+    ORIG_CLIENTDIR=$CLIENTDIR
+    ORIG_R_SERVERDIR=$R_SERVERDIR
+    ORIG_R_CLIENTDIR=$R_CLIENTDIR
+    ORIG_P_R_SERVERDIR=$P_R_SERVERDIR
+    ORIG_P_R_CLIENTDIR=$P_R_CLIENTDIR
+
+    USER_NICKNAME=TestUser
+    NORM_EXT=""
+    cd ${CLIENTDIR}
+
+    ssl_run
+
+    SERVERDIR=$EXT_SERVERDIR
+    CLIENTDIR=$EXT_CLIENTDIR
+    R_SERVERDIR=$R_EXT_SERVERDIR
+    R_CLIENTDIR=$R_EXT_CLIENTDIR
+    P_R_SERVERDIR=$P_R_EXT_SERVERDIR
+    P_R_CLIENTDIR=$P_R_EXT_CLIENTDIR
+
+    USER_NICKNAME=ExtendedSSLUser
+    NORM_EXT="Extended Test"
+    cd ${CLIENTDIR}
+
+    ssl_run
+
+    # the next round of ssl tests will only run if these vars are reset
+    SERVERDIR=$ORIG_SERVERDIR
+    CLIENTDIR=$ORIG_CLIENTDIR
+    R_SERVERDIR=$ORIG_R_SERVERDIR
+    R_CLIENTDIR=$ORIG_R_CLIENTDIR
+    P_R_SERVERDIR=$ORIG_P_R_SERVERDIR
+    P_R_CLIENTDIR=$ORIG_P_R_CLIENTDIR
+
+    USER_NICKNAME=TestUser
+    NORM_EXT=
+    cd ${QADIR}/ssl
+}
+
+############################ ssl_set_fips ##############################
+# local shell function to set FIPS mode on/off
+########################################################################
+ssl_set_fips()
+{
+    CLTSRV=$1
+    ONOFF=$2
+
+    if [ ${CLTSRV} = "server" ]; then
+        DBDIRS="${SERVERDIR} ${EXT_SERVERDIR}"
+    else
+        DBDIRS="${CLIENTDIR} ${EXT_CLIENTDIR}"
+    fi
+
+    if [ "${ONOFF}" = "on" ]; then
+        FIPSMODE=true
+        RET_EXP=0
+    else
+        FIPSMODE=false
+        RET_EXP=1
+    fi
+
+    html_head "SSL - FIPS mode ${ONOFF} for ${CLTSRV}"
+
+    for DBDIR in ${DBDIRS}
+    do
+        EXT_OPT=
+        echo ${DBDIR} | grep ext > /dev/null
+        if [ $? -eq 0 ]; then
+            EXT_OPT="extended "
+        fi
+
+        echo "${SCRIPTNAME}: Turning FIPS ${ONOFF} for the ${EXT_OPT} ${CLTSRV}"
+
+        echo "modutil -dbdir ${DBDIR} -fips ${FIPSMODE} -force"
+        ${BINDIR}/modutil -dbdir ${DBDIR} -fips ${FIPSMODE} -force 2>&1
+        RET=$?
+        html_msg "${RET}" "0" "${TESTNAME} (modutil -fips ${FIPSMODE})" \
+                 "produced a returncode of ${RET}, expected is 0"
+
+        echo "modutil -dbdir ${DBDIR} -list"
+        DBLIST=`${BINDIR}/modutil -dbdir ${DBDIR} -list 2>&1`
+        RET=$?
+        html_msg "${RET}" "0" "${TESTNAME} (modutil -list)" \
+                 "produced a returncode of ${RET}, expected is 0"
+
+        echo "${DBLIST}" | grep "FIPS PKCS #11"
+        RET=$?
+        html_msg "${RET}" "${RET_EXP}" "${TESTNAME} (grep \"FIPS PKCS #11\")" \
+                 "produced a returncode of ${RET}, expected is ${RET_EXP}"
+    done
+
+    html "</TABLE><BR>"
+}
+
+############################ ssl_set_fips ##############################
+# local shell function to run all tests set in NSS_SSL_TESTS variable
+########################################################################
+ssl_run_tests()
+{
+    for SSL_TEST in ${NSS_SSL_TESTS}
+    do
+        case "${SSL_TEST}" in
+        "policy")
+            if [ "${TEST_MODE}" = "SHARED_DB" ] ; then
+	        ssl_policy
+            fi
+            ;;
+        "crl")
+            ssl_crl_ssl
+            ssl_crl_cache
+            ;;
+        "iopr")
+            ssl_iopr_run
+            ;;
+        *)
+            SERVER_MODE=`echo "${SSL_TEST}" | cut -d_ -f1`
+            CLIENT_MODE=`echo "${SSL_TEST}" | cut -d_ -f2`
+
+            case "${SERVER_MODE}" in
+            "normal")
+                SERVER_OPTIONS=
+                ;;
+            "fips")
+                SERVER_OPTIONS=
+                ssl_set_fips server on
+                ;;
+            *)
+                echo "${SCRIPTNAME}: Error: Unknown server mode ${SERVER_MODE}"
+                continue
+                ;;
+            esac
+
+            case "${CLIENT_MODE}" in
+            "normal")
+                CLIENT_OPTIONS=
+                ;;
+            "fips")
+                SERVER_OPTIONS=
+                ssl_set_fips client on
+                ;;
+            *)
+                echo "${SCRIPTNAME}: Error: Unknown client mode ${CLIENT_MODE}"
+                continue
+                ;;
+            esac
+
+            ssl_run_all
+
+            if [ "${SERVER_MODE}" = "fips" ]; then
+                ssl_set_fips server off
+            fi
+
+            if [ "${CLIENT_MODE}" = "fips" ]; then
+                ssl_set_fips client off
+            fi
+            ;;
+        esac
+    done
+}
+
+################################# main #################################
+
+ssl_init
+ssl_run_tests
+ssl_cleanup
+
diff --git a/nss/tests/ssl/ssl_dist_stress.sh b/nss/tests/ssl/ssl_dist_stress.sh
new file mode 100755
index 0000000..a67dfcb
--- /dev/null
+++ b/nss/tests/ssl/ssl_dist_stress.sh
@@ -0,0 +1,313 @@
+#! /bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/ssl/ssl_dist_stress.sh
+#
+# Script to test NSS SSL - distributed stresstest - this script needs to 
+# source the regular ssl.sh (for shellfunctions, certs and variables 
+# initialisation)
+# create certs
+# start server
+# start itself via rsh on different systems to connect back to the server
+# 
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+############################## ssl_ds_init #############################
+# local shell function to initialize this script
+########################################################################
+ssl_ds_init()
+{
+  if [ -z "$GLOB_MIN_CERT" ] ; then
+      GLOB_MIN_CERT=0
+  fi
+  if [ -z "$GLOB_MAX_CERT" ] ; then
+      GLOB_MAX_CERT=200
+  fi
+  IP_PARAM=""
+  CD_QADIR_SSL=""
+
+
+  if [ -n "$1" ] ; then
+      ssl_ds_eval_opts $*
+  fi
+  SCRIPTNAME=ssl_dist_stress.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+  
+  ssl_init  # let some other script do the hard work (initialize, generate certs, ...
+
+  SCRIPTNAME=ssl_dist_stress.sh
+  echo "$SCRIPTNAME: SSL distributed stress tests ==============================="
+
+}
+
+######################### ssl_ds_usage #################################
+# local shell function to explain the usage
+########################################################################
+ssl_ds_usage()
+{
+  echo "Usage: `basename $1`"
+  echo "        -host hostname "
+  echo "           ...host who runs the server, for distributed stress test"
+  echo "        -stress "
+  echo "           ...runs the server sider of the distributed stress test"
+  echo "        -dir unixdirectory "
+  echo "           ...lets the server side of the distributed stress test"
+  echo "              know where to find the scritp to start on the remote side"
+  echo "        -certnum start-end"
+  echo "           ... provides the range of certs for distributed stress test"
+  echo "               for example -certnum 10-20 will connect 10 times"
+  echo "               no blanks in the range string (not 10 - 20)"
+  echo "               valid range ${GLOB_MIN_CERT}-${GLOB_MAX_CERT}"
+  echo "        -? ...prints this text"
+  exit 1 #does not need to be Exit, very early in script
+}
+
+######################### ssl_ds_eval_opts #############################
+# local shell function to deal with options and parameters
+########################################################################
+ssl_ds_eval_opts()
+{
+    #use $0 not $SCRIPTNAM<E, too early, SCRIPTNAME not yet set
+
+  while [ -n "$1" ]
+  do
+    case $1 in
+        -host)
+            BUILD_OPT=1
+            export BUILD_OPT
+            DO_REM_ST="TRUE"
+            shift
+            SERVERHOST=$1
+            HOST=$1
+            if [ -z $SERVERHOST ] ; then
+                echo "$0 `uname -n`: -host requires hostname"
+                ssl_ds_usage
+            fi
+            echo "$0 `uname -n`: host $HOST ($1)"
+            ;;
+        -certn*)
+            shift
+            rangeOK=`echo $1  | sed -e 's/[0-9][0-9]*-[0-9][0-9]*/OK/'`
+            MIN_CERT=`echo $1 | sed -e 's/-[0-9][0-9]*//' -e 's/^00*//'`
+            MAX_CERT=`echo $1 | sed -e 's/[0-9][0-9]*-//' -e 's/^00*//'`
+            if [ -z "$rangeOK" -o "$rangeOK" != "OK" -o \
+                         -z "$MIN_CERT" -o -z "$MAX_CERT" -o \
+                        "$MIN_CERT" -gt "$MAX_CERT" -o \
+                        "$MIN_CERT" -lt "$GLOB_MIN_CERT" -o \
+                        "$MAX_CERT" -gt "$GLOB_MAX_CERT" ] ; then
+                echo "$0 `uname -n`: -certn range not valid"
+                ssl_ds_usage
+            fi
+            echo "$0 `uname -n`: will use certs from $MIN_CERT to $MAX_CERT"
+            ;;
+        -server|-stress|-dist*st*)
+            BUILD_OPT=1
+            export BUILD_OPT
+            DO_DIST_ST="TRUE"
+            ;;
+        -dir|-unixdir|-uxdir|-qadir)
+            shift
+            UX_DIR=$1
+	    #FIXME - we need a default unixdir
+            if [ -z "$UX_DIR" ] ; then # -o ! -d "$UX_DIR" ] ; then can't do, Win doesn't know...
+                echo "$0 `uname -n`: -dir requires directoryname "
+                ssl_ds_usage
+            fi
+            CD_QADIR_SSL="cd $UX_DIR"
+            ;;
+        -ip*)
+            shift
+            IP_ADDRESS=$1
+            if [ -z "$IP_ADDRESS" ] ; then
+                echo "$0 `uname -n`: -ip requires ip-address "
+                ssl_ds_usage
+            fi
+            USE_IP=TRUE
+            IP_PARAM="-ip $IP_ADDRESS"
+            ;;
+        -h|-help|"-?"|*)
+            ssl_ds_usage
+            ;;
+    esac
+    shift
+  done
+}
+
+############################## ssl_ds_rem_stress #######################
+# local shell function to perform the client part of the SSL stress test
+########################################################################
+
+ssl_ds_rem_stress()
+{
+  testname="SSL remote part of Stress test (`uname -n`)"
+  echo "$SCRIPTNAME `uname -n`: $testname"
+
+  #cp -r "${CLIENTDIR}" /tmp/ssl_ds.$$ #FIXME
+  #cd /tmp/ssl_ds.$$
+  #verbose="-v"
+
+  cd ${CLIENTDIR}
+
+  CONTINUE=$MAX_CERT
+  while [ $CONTINUE -ge $MIN_CERT ]
+  do
+      echo "strsclnt -D -p ${PORT} -d ${P_R_CLIENTDIR} -w nss -c 1 $verbose  "
+      echo "         -n TestUser$CONTINUE ${HOSTADDR} #`uname -n`"
+      ${BINDIR}/strsclnt -D -p ${PORT} -d . -w nss -c 1 $verbose  \
+               -n "TestUser$CONTINUE" ${HOSTADDR} &
+               #${HOSTADDR} &
+      CONTINUE=`expr $CONTINUE - 1 `
+      #sleep 4 #give process time to start up
+  done
+
+  html_msg 0 0 "${testname}" #FIXME
+}
+
+######################### ssl_ds_dist_stress ###########################
+# local shell function to perform the server part of the new, distributed 
+# SSL stress test
+########################################################################
+
+ssl_ds_dist_stress()
+{
+  max_clientlist=" 
+               box-200
+               washer-200
+               dryer-200
+               hornet-50
+               shabadoo-50
+               y2sun2-10
+               galileo-10
+               shame-10
+               axilla-10
+               columbus-10
+               smarch-10
+               nugget-10
+               charm-10
+               hp64-10
+               biggayal-10
+               orville-10
+               kwyjibo-10
+               hbombaix-10
+               raven-10
+               jordan-10
+               phaedrus-10
+               louie-10
+               trex-10
+               compaqtor-10"
+
+  #clientlist=" huey-2 dewey-2 hornet-2 shabadoo-2" #FIXME ADJUST
+  clientlist="  box-200 washer-200 huey-200 dewey-200 hornet-200 shabadoo-200 louie-200"
+  #clientlist="  box-2 huey-2 "
+  #clientlist="washer-200 huey-200 dewey-200 hornet-200 "
+
+  html_head "SSL Distributed Stress Test"
+
+  testname="SSL distributed Stress test"
+
+  echo cd "${CLIENTDIR}"
+  cd "${CLIENTDIR}"
+  if [ -z "CD_QADIR_SSL" ] ; then
+      CD_QADIR_SSL="cd $QADIR/ssl"
+  else
+      cp -r $HOSTDIR $HOSTDIR/../../../../../booboo_Solaris8/mozilla/tests_results/security
+  fi
+
+  #sparam=" -t 128 -D -r "
+  sparam=" -t 16 -D -r -r -y "
+  start_selfserv
+
+  for c in $clientlist
+  do
+      client=`echo $c | sed -e "s/-.*//"`
+      number=`echo $c | sed -e "s/.*-//"`
+      CLIENT_OK="TRUE"
+      echo $client
+      ping $client >/dev/null || CLIENT_OK="FALSE"
+      if [ "$CLIENT_OK" = "FALSE" ] ; then
+          echo "$SCRIPTNAME `uname -n`: $client can't be reached - skipping"
+      else
+          get_certrange $number
+          echo "$SCRIPTNAME `uname -n`: $RSH $client -l svbld \\ "
+          echo "       \" $CD_QADIR_SSL ;ssl_dist_stress.sh \\"
+          echo "            -host $HOST -certnum $CERTRANGE $IP_PARAM \" "
+          $RSH $client -l svbld \
+               " $CD_QADIR_SSL;ssl_dist_stress.sh -host $HOST -certnum $CERTRANGE $IP_PARAM " &
+      fi
+  done
+
+  echo cd "${CLIENTDIR}"
+  cd "${CLIENTDIR}"
+
+  sleep 500 # give the clients time to finish #FIXME ADJUST
+ 
+  echo "GET /stop HTTP/1.0\n\n" > stdin.txt #check to make sure it has /r/n
+  echo "tstclnt -h $HOSTADDR -p  8443 -d ${P_R_CLIENTDIR} -n TestUser0 "
+  echo "        -w nss -f < stdin.txt"
+  ${BINDIR}/tstclnt -h $HOSTADDR -p  8443 -d ${P_R_CLIENTDIR} -n TestUser0 \
+	  -w nss -f < stdin.txt
+  
+  html_msg 0 0 "${testname}"
+  html "</TABLE><BR>"
+}
+
+############################ get_certrange #############################
+# local shell function to find the range of certs that the next remote 
+# client is supposed to use (only for server side of the dist stress test
+########################################################################
+get_certrange()
+{
+  rangeOK=`echo $1  | sed -e 's/[0-9][0-9]*/OK/'`
+  if [ -z "$rangeOK" -o "$rangeOK" != "OK" -o $1 = "OK" ] ; then
+      range=10
+      echo "$SCRIPTNAME `uname -n`: $1 is not a valid number of certs "
+      echo "        defaulting to 10 for $client"
+  else
+      range=$1
+      if [ $range -gt $GLOB_MAX_CERT ] ; then
+          range=$GLOB_MAX_CERT
+      fi
+  fi
+  if [ -z "$FROM_CERT" ] ; then    # start new on top of the cert stack
+      FROM_CERT=$GLOB_MAX_CERT
+  elif [ `expr $FROM_CERT - $range + 1 ` -lt  0 ] ; then 
+          FROM_CERT=$GLOB_MAX_CERT # dont let it fall below 0 on the TO_CERT
+
+  fi
+  TO_CERT=`expr $FROM_CERT - $range + 1 `
+  if [ $TO_CERT -lt 0 ] ; then     # it's not that I'm bad in math, I just 
+      TO_CERT=0                    # don't trust expr...
+  fi
+  CERTRANGE="${TO_CERT}-${FROM_CERT}"
+  FROM_CERT=`expr ${TO_CERT} - 1 ` #start the next  client one below 
+}
+
+
+################## main #################################################
+
+DO_DIST_ST="TRUE"
+. ./ssl.sh
+ssl_ds_init $*
+if [ -n  "$DO_REM_ST" -a "$DO_REM_ST" = "TRUE" ] ; then
+    ssl_ds_rem_stress
+    exit 0 #no cleanup on purpose
+elif [ -n  "$DO_DIST_ST" -a "$DO_DIST_ST" = "TRUE" ] ; then
+    ssl_ds_dist_stress
+fi
+ssl_cleanup
diff --git a/nss/tests/ssl/sslauth.txt b/nss/tests/ssl/sslauth.txt
new file mode 100644
index 0000000..82d1dde
--- /dev/null
+++ b/nss/tests/ssl/sslauth.txt
@@ -0,0 +1,76 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file defines the tests for client auth.
+#
+#        expected
+# Enable  return  server     client                         Test Case name
+#  ECC     value  params     params
+# ------- ------  ------     ------                         ---------------
+  noECC     0       -r           -V_ssl3:tls1.2_-w_nss_-n_none           TLS Request don't require client auth (client does not provide auth)
+  noECC     0       -r           -V_ssl3:tls1.2_-w_bogus_-n_TestUser     TLS Request don't require client auth (bad password)
+  noECC     0       -r           -V_ssl3:tls1.2_-w_nss_-n_TestUser       TLS Request don't require client auth (client auth)
+  noECC    254      -r_-r        -V_ssl3:tls1.2_-w_nss_-n_none           TLS Require client auth (client does not provide auth)
+  noECC    254      -r_-r        -V_ssl3:tls1.2_-w_bogus_-n_TestUser     TLS Require client auth (bad password)
+  noECC     0       -r_-r        -V_ssl3:tls1.2_-w_nss_-n_TestUser_      TLS Require client auth (client auth)
+  noECC     0       -r           -V_ssl3:ssl3_-w_nss_-n_none        SSL3 Request don't require client auth (client does not provide auth)
+  noECC     0       -r           -V_ssl3:ssl3_-n_TestUser_-w_bogus  SSL3 Request don't require client auth (bad password)
+  noECC     0       -r           -V_ssl3:ssl3_-n_TestUser_-w_nss    SSL3 Request don't require client auth (client auth)
+  noECC    254      -r_-r        -V_ssl3:ssl3_-w_nss_-n_none        SSL3 Require client auth (client does not provide auth)
+  noECC    254      -r_-r        -V_ssl3:ssl3_-n_TestUser_-w_bogus  SSL3 Require client auth (bad password)
+  noECC     0       -r_-r        -V_ssl3:ssl3_-n_TestUser_-w_nss    SSL3 Require client auth (client auth)
+  noECC     0       -r_-r_-r     -V_ssl3:tls1.2_-w_nss_-n_none        TLS Request don't require client auth on 2nd hs (client does not provide auth)
+  noECC     0       -r_-r_-r     -V_ssl3:tls1.2_-w_bogus_-n_TestUser  TLS Request don't require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r     -V_ssl3:tls1.2_-w_nss_-n_TestUser    TLS Request don't require client auth on 2nd hs (client auth)
+  noECC     1       -r_-r_-r_-r  -V_ssl3:tls1.2_-w_nss_-n_none        TLS Require client auth on 2nd hs (client does not provide auth)
+  noECC     1       -r_-r_-r_-r  -V_ssl3:tls1.2_-w_bogus_-n_TestUser  TLS Require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r_-r  -V_ssl3:tls1.2_-w_nss_-n_TestUser    TLS Require client auth on 2nd hs (client auth)
+  noECC     0       -r_-r_-r     -V_ssl3:tls1.0_-w_nss_-n_none        TLS 1.0 Request don't require client auth on 2nd hs (client does not provide auth)
+  noECC     0       -r_-r_-r     -V_ssl3:tls1.0_-w_bogus_-n_TestUser  TLS 1.0 Request don't require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r     -V_ssl3:tls1.0_-w_nss_-n_TestUser    TLS 1.0 Request don't require client auth on 2nd hs (client auth)
+  noECC     1       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_nss_-n_none        TLS 1.0 Require client auth on 2nd hs (client does not provide auth)
+  noECC     1       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_bogus_-n_TestUser  TLS 1.0 Require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_nss_-n_TestUser    TLS 1.0 Require client auth on 2nd hs (client auth)
+  noECC     0       -r_-r_-r     -V_ssl3:ssl3_-w_nss_-n_none     SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
+  noECC     0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
+  noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-w_nss_-n_none     SSL3 Require client auth on 2nd hs (client does not provide auth)
+  noECC     1       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
+  noECC     0       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
+#
+# Use EC cert for client authentication
+#
+   ECC      0       -r           -V_ssl3:tls1.2_-w_bogus_-n_TestUser-ec     TLS Request don't require client auth (EC) (bad password)
+   ECC      0       -r           -V_ssl3:tls1.2_-w_nss_-n_TestUser-ec       TLS Request don't require client auth (EC) (client auth)
+   ECC     254      -r_-r        -V_ssl3:tls1.2_-w_bogus_-n_TestUser-ec     TLS Require client auth (EC) (bad password)
+   ECC      0       -r_-r        -V_ssl3:tls1.2_-w_nss_-n_TestUser-ec_      TLS Require client auth (EC) (client auth)
+   ECC      0       -r           -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus  SSL3 Request don't require client auth (EC) (bad password)
+   ECC      0       -r           -V_ssl3:ssl3_-n_TestUser-ec_-w_nss    SSL3 Request don't require client auth (EC) (client auth)
+   ECC     254      -r_-r        -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus  SSL3 Require client auth (EC) (bad password)
+   ECC      0       -r_-r        -V_ssl3:ssl3_-n_TestUser-ec_-w_nss    SSL3 Require client auth (EC) (client auth)
+   ECC      0       -r_-r_-r     -V_ssl3:tls1.2_-w_bogus_-n_TestUser-ec  TLS Request don't require client auth on 2nd hs (EC) (bad password)
+   ECC      0       -r_-r_-r     -V_ssl3:tls1.2_-w_nss_-n_TestUser-ec    TLS Request don't require client auth on 2nd hs (EC) (client auth)
+   ECC      1       -r_-r_-r_-r  -V_ssl3:tls1.2_-w_bogus_-n_TestUser-ec  TLS Require client auth on 2nd hs (EC) (bad password)
+   ECC      0       -r_-r_-r_-r  -V_ssl3:tls1.2_-w_nss_-n_TestUser-ec_   TLS Require client auth on 2nd hs (EC) (client auth)
+   ECC      0       -r_-r_-r     -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec  TLS 1.0 Request don't require client auth on 2nd hs (EC) (bad password)
+   ECC      0       -r_-r_-r     -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec    TLS 1.0 Request don't require client auth on 2nd hs (EC) (client auth)
+   ECC      1       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec  TLS 1.0 Require client auth on 2nd hs (EC) (bad password)
+   ECC      0       -r_-r_-r_-r  -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_   TLS 1.0 Require client auth on 2nd hs (EC) (client auth)
+   ECC      0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
+   ECC      0       -r_-r_-r     -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
+   ECC      1       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password)
+   ECC      0       -r_-r_-r_-r  -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
+#
+# SNI Tests
+#
+  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:tls1.2_-w_nss_-n_TestUser                          TLS Server hello response without SNI
+  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
+  SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
+  SNI     0       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-w_nss_-n_TestUser                  SSL3 Server hello response without SNI
+  SNI     1       -r_-a_Host-sni.Dom       -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom  SSL3 Server hello response with SNI: SSL don't have SH extensions
+  SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-w_nss_-n_TestUser                          TLS Server hello response without SNI
+  SNI     0       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom     TLS Server hello response with SNI
+  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
+  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
+  SNI     1       -r_-r_-r_-a_Host-sni.Dom -V_ssl3:tls1.2_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom    TLS Server response with alert
diff --git a/nss/tests/ssl/sslcov.txt b/nss/tests/ssl/sslcov.txt
new file mode 100644
index 0000000..1eb7f47
--- /dev/null
+++ b/nss/tests/ssl/sslcov.txt
@@ -0,0 +1,143 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file enables test coverage of the various SSL ciphers
+#
+# Enable Enable Cipher Test Name 
+#  EC     TLS
+#
+  noECC  SSL3   c    SSL3_RSA_WITH_RC4_128_MD5
+  noECC  SSL3   d    SSL3_RSA_WITH_3DES_EDE_CBC_SHA
+  noECC  SSL3   e    SSL3_RSA_WITH_DES_CBC_SHA
+  noECC  SSL3   i    SSL3_RSA_WITH_NULL_MD5
+  noECC  SSL3   n    SSL3_RSA_WITH_RC4_128_SHA
+  noECC  SSL3   v    SSL3_RSA_WITH_AES_128_CBC_SHA
+  noECC  SSL3   y    SSL3_RSA_WITH_AES_256_CBC_SHA
+  noECC  SSL3   z    SSL3_RSA_WITH_NULL_SHA
+  noECC  TLS12 :009F  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+  noECC  TLS12 :00A3  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
+  noECC  TLS12 :009D  TLS_RSA_WITH_AES_256_GCM_SHA384
+#  noECC  SSL3  :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+#  noECC  SSL3  :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+#
+  noECC  TLS10   c    TLS_RSA_WITH_RC4_128_MD5
+  noECC  TLS10   d    TLS_RSA_WITH_3DES_EDE_CBC_SHA
+  noECC  TLS10   e    TLS_RSA_WITH_DES_CBC_SHA
+  noECC  TLS10   i    TLS_RSA_WITH_NULL_MD5
+  noECC  TLS10   n    TLS_RSA_WITH_RC4_128_SHA
+  noECC  TLS10   v    TLS_RSA_WITH_AES_128_CBC_SHA
+  noECC  TLS10   y    TLS_RSA_WITH_AES_256_CBC_SHA
+  noECC  TLS10   z    TLS_RSA_WITH_NULL_SHA
+#  noECC  TLS10 :0041  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+#  noECC  TLS10 :0084  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+#
+#
+  noECC  TLS11   c    TLS11_RSA_WITH_RC4_128_MD5
+  noECC  TLS11   d    TLS11_RSA_WITH_3DES_EDE_CBC_SHA
+  noECC  TLS11   e    TLS11_RSA_WITH_DES_CBC_SHA
+  noECC  TLS11   i    TLS11_RSA_WITH_NULL_MD5
+  noECC  TLS11   n    TLS11_RSA_WITH_RC4_128_SHA
+  noECC  TLS11   v    TLS11_RSA_WITH_AES_128_CBC_SHA
+  noECC  TLS11   y    TLS11_RSA_WITH_AES_256_CBC_SHA
+  noECC  TLS11   z    TLS11_RSA_WITH_NULL_SHA
+#
+  noECC  TLS12   c    TLS12_RSA_WITH_RC4_128_MD5
+  noECC  TLS12   d    TLS12_RSA_WITH_3DES_EDE_CBC_SHA
+  noECC  TLS12   e    TLS12_RSA_WITH_DES_CBC_SHA
+  noECC  TLS12   i    TLS12_RSA_WITH_NULL_MD5
+  noECC  TLS12   n    TLS12_RSA_WITH_RC4_128_SHA
+  noECC  TLS12   v    TLS12_RSA_WITH_AES_128_CBC_SHA
+  noECC  TLS12   y    TLS12_RSA_WITH_AES_256_CBC_SHA
+  noECC  TLS12   z    TLS12_RSA_WITH_NULL_SHA
+  noECC  TLS12 :0016  TLS12_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+  noECC  TLS12 :0032  TLS12_DHE_DSS_WITH_AES_128_CBC_SHA
+  noECC  TLS12 :0033  TLS12_DHE_RSA_WITH_AES_128_CBC_SHA
+  noECC  TLS12 :0038  TLS12_DHE_DSS_WITH_AES_256_CBC_SHA
+  noECC  TLS12 :0039  TLS12_DHE_RSA_WITH_AES_256_CBC_SHA
+  noECC  TLS12 :003B  TLS12_RSA_WITH_NULL_SHA256
+  noECC  TLS12 :003C  TLS12_RSA_WITH_AES_128_CBC_SHA256
+  noECC  TLS12 :003D  TLS12_RSA_WITH_AES_256_CBC_SHA256
+  noECC  TLS12 :0040  TLS12_DHE_DSS_WITH_AES_128_CBC_SHA256
+  noECC  TLS12 :0067  TLS12_DHE_RSA_WITH_AES_128_CBC_SHA256
+  noECC  TLS12 :006A  TLS12_DHE_DSS_WITH_AES_256_CBC_SHA256
+  noECC  TLS12 :006B  TLS12_DHE_RSA_WITH_AES_256_CBC_SHA256
+  noECC  TLS12 :009C  TLS12_RSA_WITH_AES_128_GCM_SHA256
+  noECC  TLS12 :009E  TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256
+  noECC  TLS12 :00A2  TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256
+  noECC  TLS12 :CCAA  TLS12_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+#
+# ECC ciphers (TLS)
+#
+   ECC   TLS10  :C001 TLS_ECDH_ECDSA_WITH_NULL_SHA
+   ECC   TLS10  :C002 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+   ECC   TLS10  :C003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS10  :C004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+   ECC   TLS10  :C005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+   ECC   TLS10  :C006 TLS_ECDHE_ECDSA_WITH_NULL_SHA
+   ECC   TLS10  :C007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+   ECC   TLS10  :C008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS10  :C009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+   ECC   TLS10  :C00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+   ECC   TLS10  :C00B TLS_ECDH_RSA_WITH_NULL_SHA
+   ECC   TLS10  :C00C TLS_ECDH_RSA_WITH_RC4_128_SHA
+   ECC   TLS10  :C00D TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS10  :C00E TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+   ECC   TLS10  :C00F TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+   ECC   TLS10  :C010 TLS_ECDHE_RSA_WITH_NULL_SHA
+   ECC   TLS10  :C011 TLS_ECDHE_RSA_WITH_RC4_128_SHA
+   ECC   TLS10  :C012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS10  :C013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+   ECC   TLS10  :C014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+#
+   ECC   TLS11  :C001 TLS11_ECDH_ECDSA_WITH_NULL_SHA
+   ECC   TLS11  :C002 TLS11_ECDH_ECDSA_WITH_RC4_128_SHA
+   ECC   TLS11  :C003 TLS11_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS11  :C004 TLS11_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+   ECC   TLS11  :C005 TLS11_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+   ECC   TLS11  :C006 TLS11_ECDHE_ECDSA_WITH_NULL_SHA
+   ECC   TLS11  :C007 TLS11_ECDHE_ECDSA_WITH_RC4_128_SHA
+   ECC   TLS11  :C008 TLS11_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS11  :C009 TLS11_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+   ECC   TLS11  :C00A TLS11_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+   ECC   TLS11  :C00B TLS11_ECDH_RSA_WITH_NULL_SHA
+   ECC   TLS11  :C00C TLS11_ECDH_RSA_WITH_RC4_128_SHA
+   ECC   TLS11  :C00D TLS11_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS11  :C00E TLS11_ECDH_RSA_WITH_AES_128_CBC_SHA
+   ECC   TLS11  :C00F TLS11_ECDH_RSA_WITH_AES_256_CBC_SHA
+   ECC   TLS11  :C010 TLS11_ECDHE_RSA_WITH_NULL_SHA
+   ECC   TLS11  :C011 TLS11_ECDHE_RSA_WITH_RC4_128_SHA
+   ECC   TLS11  :C012 TLS11_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS11  :C013 TLS11_ECDHE_RSA_WITH_AES_128_CBC_SHA
+   ECC   TLS11  :C014 TLS11_ECDHE_RSA_WITH_AES_256_CBC_SHA
+#
+   ECC   TLS12  :C001 TLS12_ECDH_ECDSA_WITH_NULL_SHA
+   ECC   TLS12  :C002 TLS12_ECDH_ECDSA_WITH_RC4_128_SHA
+   ECC   TLS12  :C003 TLS12_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS12  :C004 TLS12_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+   ECC   TLS12  :C005 TLS12_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+   ECC   TLS12  :C006 TLS12_ECDHE_ECDSA_WITH_NULL_SHA
+   ECC   TLS12  :C007 TLS12_ECDHE_ECDSA_WITH_RC4_128_SHA
+   ECC   TLS12  :C008 TLS12_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS12  :C009 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+   ECC   TLS12  :C00A TLS12_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+   ECC   TLS12  :C00B TLS12_ECDH_RSA_WITH_NULL_SHA
+   ECC   TLS12  :C00C TLS12_ECDH_RSA_WITH_RC4_128_SHA
+   ECC   TLS12  :C00D TLS12_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS12  :C00E TLS12_ECDH_RSA_WITH_AES_128_CBC_SHA
+   ECC   TLS12  :C00F TLS12_ECDH_RSA_WITH_AES_256_CBC_SHA
+   ECC   TLS12  :C010 TLS12_ECDHE_RSA_WITH_NULL_SHA
+   ECC   TLS12  :C011 TLS12_ECDHE_RSA_WITH_RC4_128_SHA
+   ECC   TLS12  :C012 TLS12_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+   ECC   TLS12  :C013 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA
+   ECC   TLS12  :C014 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA
+   ECC   TLS12  :C023 TLS12_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+   ECC   TLS12  :C024 TLS12_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+   ECC   TLS12  :C027 TLS12_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+   ECC   TLS12  :C028 TLS12_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+   ECC   TLS12  :C02B TLS12_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+   ECC   TLS12  :C02C TLS12_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+   ECC   TLS12  :C02F TLS12_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+   ECC   TLS12  :C030 TLS12_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+   ECC   TLS12  :CCA8 TLS12_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+   ECC   TLS12  :CCA9 TLS12_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
diff --git a/nss/tests/ssl/sslpolicy.txt b/nss/tests/ssl/sslpolicy.txt
new file mode 100644
index 0000000..82c15d2
--- /dev/null
+++ b/nss/tests/ssl/sslpolicy.txt
@@ -0,0 +1,174 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file enables policy testing
+#
+# The policy string is set to the config= line in the pkcs11.txt
+# it currently has 2 keywords:
+#
+# disallow= turn off the use of this algorithm by policy.
+# allow= allow this algorithm to by used if selected by policy.
+#
+# The syntax is disallow=algorithm{/uses}:algorithm{/uses}
+# where {} signifies an optional element
+#
+# valid algorithms are:
+# ECC curves:
+#	PRIME192V1
+#	PRIME192V2
+#	PRIME192V3
+#	PRIME239V1
+#	PRIME239V2
+#	PRIME239V3
+#	PRIME256V1
+#	SECP112R1
+#	SECP112R2
+#	SECP128R1
+#	SECP128R2
+#	SECP160K1
+#	SECP160R1
+#	SECP160R2
+#	SECP192K1
+#	SECP192R1
+#	SECP224K1
+#	SECP256K1
+#	SECP256R1
+#	SECP384R1
+#	SECP521R1
+#	C2PNB163V1
+#	C2PNB163V2
+#	C2PNB163V3
+#	C2PNB176V1
+#	C2TNB191V1
+#	C2TNB191V2
+#	C2TNB191V3
+#	C2ONB191V4
+#	C2ONB191V5
+#	C2PNB208W1
+#	C2TNB239V1
+#	C2TNB239V2
+#	C2TNB239V3
+#	C2ONB239V4
+#	C2ONB239V5
+#	C2PNB272W1
+#	C2PNB304W1
+#	C2TNB359V1
+#	C2PNB368W1
+#	C2TNB431R1
+#	SECT113R1
+#	SECT131R1
+#	SECT131R1
+#	SECT131R2
+#	SECT163K1
+#	SECT163R1
+#	SECT163R2
+#	SECT193R1
+#	SECT193R2
+#	SECT233K1
+#	SECT233R1
+#	SECT239K1
+#	SECT283K1
+#	SECT283R1
+#	SECT409K1
+#	SECT409R1
+#	SECT571K1
+#	SECT571R1
+# Hashes:
+#	MD2
+#	MD4
+#	MD5
+#	SHA1
+#	SHA224
+#	SHA256
+#	SHA384
+#	SHA512
+# MACs:
+#	HMAC-SHA1
+#	HMAC-SHA224
+#	HMAC-SHA256
+#	HMAC-SHA384
+#	HMAC-SHA512
+#	HMAC-MD5
+# Ciphers:
+#	AES128-CBC
+#	AES192-CBC
+#	AES256-CBC
+#	AES128-GCM
+#	AES192-GCM
+#	AES256-GCM
+#	CAMELLIA128-CBC
+#	CAMELLIA192-CBC
+#	CAMELLIA256-CBC
+#	SEED-CBC
+#	DES-EDE3-CBC
+#	DES-40-CBC
+#	DES-CBC
+#	NULL-CIPHER
+#	RC2
+#	RC4
+#	IDEA
+# Key exchange
+#	RSA
+#	RSA-EXPORT
+#	DHE-RSA
+#	DHE-DSS
+#	DH-RSA
+#	DH-DSS
+#	ECDHE-ECDSA
+#	ECDHE-RSA
+#	ECDH-ECDSA
+#	ECDH-RSA
+# SSL Versions
+#	SSL2.0
+#	SSL3.0
+#	TLS1.0
+#	TLS1.1
+#	TLS1.2
+#	DTLS1.1
+#	DTLS1.2
+# Include all of the above:
+#       ALL
+#-----------------------------------------------
+# Uses are:
+#    ssl
+#    ssl-key-exchange
+#    key-exchange (includes ssl-key-exchange)
+#    cert-signature
+#    signature (includes cert-signature)
+#    all (includes all of the above)
+#-----------------------------------------------
+# In addition there are the following options:
+#     min-rsa
+#     min-dh
+#     min-dsa
+#  they have the following syntax:
+#  allow=min-rsa=512:min-dh=1024
+#
+# Exp Enable Enable Cipher Config Policy      Test Name
+# Ret  EC     TLS
+# turn on single cipher 
+  0 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
+  0 noECC  SSL3   d    disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
+  0 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
+  1 noECC  SSL3   d    disallow=all Disallow All Explicitly.
+# turn off signature only
+  1 noECC  SSL3   d    disallow=sha256 Disallow SHA256 Signatures Explicitly.
+  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
+  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
+# turn off single cipher 
+  1 noECC  SSL3   d    disallow=des-ede3-cbc Disallow Cipher Explicitly
+  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
+  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
+# turn off H-Mac
+  1 noECC  SSL3   d    disallow=hmac-sha1 Disallow HMAC Explicitly
+  1 noECC  SSL3   d    disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
+  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
+# turn off key exchange 
+  1 noECC  SSL3   d    disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
+  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
+  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
+# turn off  version
+  1 noECC  SSL3   d    allow=tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Exlicitly
+  1 noECC  SSL3   d    disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow.
+  1 noECC  SSL3   d    disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly.
diff --git a/nss/tests/ssl/sslreq.dat b/nss/tests/ssl/sslreq.dat
new file mode 100644
index 0000000..2f7ad77
--- /dev/null
+++ b/nss/tests/ssl/sslreq.dat
@@ -0,0 +1,2 @@
+GET / HTTP/1.0
+
diff --git a/nss/tests/ssl/sslreq.txt b/nss/tests/ssl/sslreq.txt
new file mode 100644
index 0000000..c1da607
--- /dev/null
+++ b/nss/tests/ssl/sslreq.txt
@@ -0,0 +1,2 @@
+GET / HTTP/1.0
+
diff --git a/nss/tests/ssl/sslstress.txt b/nss/tests/ssl/sslstress.txt
new file mode 100644
index 0000000..e9defc5
--- /dev/null
+++ b/nss/tests/ssl/sslstress.txt
@@ -0,0 +1,87 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This file defines the stress tests for SSL/TLS.
+#
+#        expected
+# Enable  return  server     client                         Test Case name
+#  ECC    value   params     params
+# ------- ------  ------     ------                         ---------------
+  noECC     0      _         -c_1000_-C_c_-V_ssl3:ssl3               Stress SSL3 RC4 128 with MD5
+  noECC     0      _         -c_1000_-C_c                  Stress TLS  RC4 128 with MD5
+  noECC     0      _         -c_1000_-C_c_-g               Stress TLS  RC4 128 with MD5 (false start)
+  noECC     0      -u        -V_ssl3:tls1.2_-c_1000_-C_c_-u            Stress TLS  RC4 128 with MD5 (session ticket)
+  noECC     0      -z        -V_ssl3:tls1.2_-c_1000_-C_c_-z            Stress TLS  RC4 128 with MD5 (compression)
+  noECC     0      -u_-z     -V_ssl3:tls1.2_-c_1000_-C_c_-u_-z         Stress TLS  RC4 128 with MD5 (session ticket, compression)
+  noECC     0      -u_-z     -V_ssl3:tls1.2_-c_1000_-C_c_-u_-z_-g      Stress TLS  RC4 128 with MD5 (session ticket, compression, false start)
+  SNI       0      -u_-a_Host-sni.Dom -V_tls1.0:tls1.2_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI)
+
+#
+# add client auth versions here...
+#
+  noECC     0      -r_-r     -c_100_-C_c_-V_ssl3:ssl3_-N_-n_TestUser Stress SSL3 RC4 128 with MD5 (no reuse, client auth)
+  noECC     0      -r_-r     -c_100_-C_c_-N_-n_TestUser    Stress TLS RC4 128 with MD5 (no reuse, client auth)
+  noECC     0      -r_-r_-u  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 with MD5 (session ticket, client auth)
+  noECC     0      -r_-r_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 with MD5 (compression, client auth)
+  noECC     0      -r_-r_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-z_-g Stress TLS RC4 128 with MD5 (compression, client auth, false start)
+  noECC     0   -r_-r_-u_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 128 with MD5 (session ticket, compression, client auth)
+  noECC     0   -r_-r_-u_-z  -V_ssl3:tls1.2_-c_100_-C_c_-n_TestUser_-u_-z_-g Stress TLS RC4 128 with MD5 (session ticket, compression, client auth, false start)
+  SNI       0   -r_-r_-u_-a_Host-sni.Dom -V_tls1.0:tls1.2_-c_1000_-C_c_-u Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, default virt host)
+  SNI       0   -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -V_tls1.0:tls1.2_-c_1000_-C_c_-u_-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, change virt host)
+
+#
+# ############################ ECC ciphers ############################
+#
+   ECC      0      -c_:C009  -V_ssl3:tls1.2_-c_100_-C_:C009_-N  Stress TLS  ECDHE-ECDSA AES 128 CBC with SHA (no reuse)
+   ECC      0      -c_:C023  -V_ssl3:tls1.2_-c_100_-C_:C023_-N  Stress TLS  ECDHE-ECDSA AES 128 CBC with SHA256 (no reuse)
+   ECC      0      -c_:C02B  -V_ssl3:tls1.2_-c_100_-C_:C02B_-N  Stress TLS  ECDHE-ECDSA AES 128 GCM (no reuse)
+   ECC      0      -c_:C004  -V_ssl3:tls1.2_-c_100_-C_:C004_-N  Stress TLS  ECDH-ECDSA  AES 128 CBC with SHA (no reuse)
+   ECC      0      -c_:C00E  -V_ssl3:tls1.2_-c_100_-C_:C00E_-N  Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse)
+   ECC      0      -c_:C013  -V_ssl3:tls1.2_-c_1000_-C_:C013    Stress TLS  ECDHE-RSA   AES 128 CBC with SHA
+   ECC      0      -c_:C027  -V_ssl3:tls1.2_-c_1000_-C_:C027    Stress TLS  ECDHE-RSA   AES 128 CBC with SHA256
+   ECC      0      -c_:C02F  -V_ssl3:tls1.2_-c_1000_-C_:C02F    Stress TLS  ECDHE-RSA   AES 128 GCM
+   ECC      0   -c_:C004_-u  -V_ssl3:tls1.2_-c_1000_-C_:C004_-u Stress TLS  ECDH-ECDSA  AES 128 CBC with SHA (session ticket)
+   ECC      0   -c_:C009_-u  -V_ssl3:tls1.2_-c_100_-C_:C009_-u  Stress TLS  ECDHE-ECDSA AES 128 CBC with SHA (session ticket)
+#
+# add client auth versions here...
+#
+   ECC      0      -r_-r_-c_:C009  -V_ssl3:tls1.2_-c_10_-C_:C009_-N_-n_TestUser-ec Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (no reuse, client auth)
+   ECC      0      -r_-r_-c_:C013  -V_ssl3:tls1.2_-c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA (client auth)
+   ECC      0      -r_-r_-c_:C004  -V_ssl3:tls1.2_-c_10_-C_:C004_-N_-n_TestUser-ec Stress TLS ECDH-ECDSA AES 128 CBC with SHA (no reuse, client auth)
+   ECC      0      -r_-r_-c_:C00E  -V_ssl3:tls1.2_-c_10_-C_:C00E_-N_-n_TestUser-ecmixed Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth)
+   ECC      0      -r_-r_-c_:C013  -V_ssl3:tls1.2_-c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth)
+   ECC      0      -r_-r_-c_:C013_-u -V_ssl3:tls1.2_-c_100_-C_:C013_-n_TestUser-ec_-u Stress TLS ECDHE-RSA AES 128 CBC with SHA(session ticket, client auth)
+
+#
+# ############################ DHE ciphers ############################
+#
+   noECC    0      -c_:0016  -V_ssl3:tls1.2_-c_100_-C_:0016_-N  Stress TLS DHE_RSA_WITH_3DES_EDE_CBC_SHA (no reuse)
+   noECC    0      -c_:0033  -V_ssl3:tls1.2_-c_1000_-C_:0033    Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA
+
+
+   noECC    0      -c_:0039  -V_ssl3:tls1.2_-c_100_-C_:0039_-N  Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA (no reuse)
+   noECC    0      -c_:0040  -V_ssl3:tls1.2_-c_100_-C_:0040_-N  Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA256 (no reuse)
+
+#  noECC    0   -c_:0038_-u  -V_ssl3:tls1.2_-c_1000_-C_:0038_-u Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (session ticket)
+# use the above session ticket test, once session tickets with DHE_DSS are working
+   noECC    0      -c_:0038  -V_ssl3:tls1.2_-c_1000_-C_:0038_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (no reuse)
+
+#  noECC    0      -c_:006A  -V_ssl3:tls1.2_-c_1000_-C_:006A    Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256
+# use the above reuse test, once the session cache with DHE_DSS is working
+   noECC    0      -c_:006A  -V_ssl3:tls1.2_-c_1000_-C_:006A_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 (no reuse
+
+   noECC    0      -c_:006B  -V_ssl3:tls1.2_-c_100_-C_:006B_-N  Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA256 (no reuse)
+   noECC    0      -c_:009E  -V_ssl3:tls1.2_-c_100_-C_:009E_-N  Stress TLS DHE_RSA_WITH_AES_128_GCM_SHA256 (no reuse)
+   noECC    0      -c_:009F  -V_ssl3:tls1.2_-c_100_-C_:009F_-N  Stress TLS DHE_RSA_WITH_AES_256_GCM_SHA384 (no reuse)
+#
+# add client auth versions here...
+#
+   noECC    0      -r_-r_-c_:0032  -V_ssl3:tls1.2_-c_100_-C_:0032_-N_-n_TestUser-dsa     Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA (no reuse, client auth)
+   noECC    0      -r_-r_-c_:0067  -V_ssl3:tls1.2_-c_1000_-C_:0067_-n_TestUser-dsamixed  Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA256 (client auth)
+
+#  noECC    0   -r_-r_-c_:00A2_-u  -V_ssl3:tls1.2_-c_1000_-C_:00A2_-n_TestUser-dsa_-u       Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (session ticket, client auth)
+#  noECC    0   -r_-r_-c_:00A3_-u  -V_ssl3:tls1.2_-c_1000_-C_:00A3_-n_TestUser-dsa_-u       Stress TLS DHE_DSS_WITH_AES_256_GCM_SHA384 (session ticket, client auth)
+# use the above session ticket test, once session tickets with DHE_DSS are working
+   noECC    0   -r_-r_-c_:00A2_-u  -V_ssl3:tls1.2_-c_1000_-C_:00A2_-N_-n_TestUser-dsa    Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (no reuse, client auth)
+   noECC    0   -r_-r_-c_:00A3_-u  -V_ssl3:tls1.2_-c_1000_-C_:00A3_-N_-n_TestUser-dsa    Stress TLS DHE_DSS_WITH_AES_256_GCM_SHA384 (no reuse, client auth)
diff --git a/nss/tests/ssl_gtests/ssl_gtests.sh b/nss/tests/ssl_gtests/ssl_gtests.sh
new file mode 100755
index 0000000..9768c5e
--- /dev/null
+++ b/nss/tests/ssl_gtests/ssl_gtests.sh
@@ -0,0 +1,159 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# tests/ssl_gtests/ssl_gtests.sh
+#
+# Script to drive the ssl gtest unit tests
+#
+# needs to work on all Unix and Windows platforms
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+#
+########################################################################
+
+# Generate input to certutil
+certscript() {
+  while [ $# -gt 0 ]; do
+    case $1 in
+      sign) echo 0 ;;
+      kex) echo 2 ;;
+      ca) echo 5;echo 6 ;;
+    esac; shift
+  done;
+  echo 9
+  echo n
+  echo ${ca:-n}
+  echo
+  echo n
+}
+
+# $1: name
+# $2: type
+# $3+: usages: sign or kex
+make_cert() {
+  name=$1
+  type=$2
+  case $type in
+    dsa) type_args='-g 1024' ;;
+    rsa) type_args='-g 1024' ;;
+    rsa2048) type_args='-g 2048';type=rsa ;;
+    rsapss) type_args='-g 1024 --pss';type=rsa ;;
+    p256) type_args='-q nistp256';type=ec ;;
+    p384) type_args='-q secp384r1';type=ec ;;
+    p521) type_args='-q secp521r1';type=ec ;;
+    rsa_ca) type_args='-g 1024';trust='CT,CT,CT';ca=y;type=rsa ;;
+    rsa_chain) type_args='-g 1024';sign='-c rsa_ca';type=rsa;;
+    ecdh_rsa) type_args='-q nistp256';sign='-c rsa_ca';type=ec ;;
+  esac
+  shift 2
+  counter=$(($counter + 1))
+  certscript $@ | ${BINDIR}/certutil -S \
+    -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \
+    -n $name -s "CN=$name" -t ${trust:-,,} ${sign:--x} -m $counter \
+    -w -2 -v 120 -k $type $type_args -Z SHA256 -1 -2
+  html_msg $? 0 "create certificate: $@"
+}
+
+ssl_gtest_certs() {
+  mkdir -p "${SSLGTESTDIR}"
+  cd "${SSLGTESTDIR}"
+
+  PROFILEDIR=`pwd`
+  if [ "${OS_ARCH}" = "WINNT" -a "$OS_NAME" = "CYGWIN_NT" ]; then
+    PROFILEDIR=`cygpath -m "${PROFILEDIR}"`
+  fi
+
+  ${BINDIR}/certutil -N -d "${PROFILEDIR}" --empty-password 2>&1
+  html_msg $? 0 "create ssl_gtest database"
+
+  counter=0
+  make_cert client rsa sign
+  make_cert rsa rsa sign kex
+  make_cert rsa2048 rsa2048 sign kex
+  make_cert rsa_sign rsa sign
+  make_cert rsa_pss rsapss sign
+  make_cert rsa_decrypt rsa kex
+  make_cert ecdsa256 p256 sign
+  make_cert ecdsa384 p384 sign
+  make_cert ecdsa521 p521 sign
+  make_cert ecdh_ecdsa p256 kex
+  make_cert rsa_ca rsa_ca ca
+  make_cert rsa_chain rsa_chain sign
+  make_cert ecdh_rsa ecdh_rsa kex
+  make_cert dsa dsa sign
+}
+
+############################## ssl_gtest_init ##########################
+# local shell function to initialize this script
+########################################################################
+ssl_gtest_init()
+{
+  SCRIPTNAME=ssl_gtest.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+
+  SCRIPTNAME=ssl_gtest.sh
+  html_head SSL Gtests
+
+  if [ ! -d "${SSLGTESTDIR}" ]; then
+    ssl_gtest_certs
+  fi
+
+  cd "${SSLGTESTDIR}"
+}
+
+########################## ssl_gtest_start #########################
+# Local function to actually start the test
+####################################################################
+ssl_gtest_start()
+{
+  if [ ! -f ${BINDIR}/ssl_gtest ]; then
+    html_unknown "Skipping ssl_gtest (not built)"
+    return
+  fi
+
+  SSLGTESTREPORT="${SSLGTESTDIR}/report.xml"
+  PARSED_REPORT="${SSLGTESTDIR}/report.parsed"
+  echo "executing ssl_gtest"
+  ${BINDIR}/ssl_gtest -d "${SSLGTESTDIR}" --gtest_output=xml:"${SSLGTESTREPORT}" \
+                                          --gtest_filter="${GTESTFILTER-*}"
+  html_msg $? 0 "ssl_gtest run successfully"
+  echo "executing sed to parse the xml report"
+  sed -f ${COMMON}/parsegtestreport.sed "${SSLGTESTREPORT}" > "${PARSED_REPORT}"
+  echo "processing the parsed report"
+  cat "${PARSED_REPORT}" | while read result name; do
+    if [ "$result" = "notrun" ]; then
+      echo "$name" SKIPPED
+    elif [ "$result" = "run" ]; then
+      html_passed_ignore_core "$name"
+    else
+      html_failed_ignore_core "$name"
+    fi
+  done
+}
+
+ssl_gtest_cleanup()
+{
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+cd "$(dirname "$0")"
+ssl_gtest_init
+ssl_gtest_start
+ssl_gtest_cleanup
diff --git a/nss/tests/tools/sign.html b/nss/tests/tools/sign.html
new file mode 100644
index 0000000..1ec9f7b
--- /dev/null
+++ b/nss/tests/tools/sign.html
@@ -0,0 +1,8 @@
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<body>
+Sign this javascriptless page.
+</body>
+</html>
diff --git a/nss/tests/tools/signjs.html b/nss/tests/tools/signjs.html
new file mode 100644
index 0000000..ba22925
--- /dev/null
+++ b/nss/tests/tools/signjs.html
@@ -0,0 +1,11 @@
+<html>
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+<body>
+<script language="JavaScript">
+document.write("<h3>Sign this javascript</h3>");
+</script>
+Here's some plain content.
+</body>
+</html>
diff --git a/nss/tests/tools/tools.sh b/nss/tests/tools/tools.sh
new file mode 100644
index 0000000..fc4d250
--- /dev/null
+++ b/nss/tests/tools/tools.sh
@@ -0,0 +1,498 @@
+#! /bin/bash  
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+########################################################################
+#
+# mozilla/security/nss/tests/tools/tools.sh
+#
+# Script to test basic functionality of NSS tools 
+#
+# needs to work on all Unix and Windows platforms
+#
+# tests implemented:
+#    pk12util
+#    signtool
+#
+# special strings
+# ---------------
+#   FIXME ... known problems, search for this string
+#   NOTE .... unexpected behavior
+########################################################################
+
+  export pkcs12v2pbeWithSha1And128BitRc4=\
+"PKCS #12 V2 PBE With SHA-1 and 128 Bit RC4"
+
+  export pkcs12v2pbeWithSha1And40BitRc4=\
+"PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4"
+
+  export pkcs12v2pbeWithSha1AndTripleDESCBC=\
+"PKCS #12 V2 PBE With SHA-1 and Triple DES-CBC"
+
+  export pkcs12v2pbeWithSha1And128BitRc2Cbc=\
+"PKCS #12 V2 PBE With SHA-1 and 128 Bit RC2 CBC"
+
+  export pkcs12v2pbeWithSha1And40BitRc2Cbc=\
+"PKCS #12 V2 PBE With SHA-1 and 40 Bit RC2 CBC"
+
+  export pkcs12v2pbeWithMd2AndDESCBC=\
+"PKCS #5 Password Based Encryption with MD2 and DES-CBC"
+
+  export pkcs12v2pbeWithMd5AndDESCBC=\
+"PKCS #5 Password Based Encryption with MD5 and DES-CBC"
+
+  export pkcs12v2pbeWithSha1AndDESCBC=\
+"PKCS #5 Password Based Encryption with SHA-1 and DES-CBC"
+  
+  export pkcs5pbeWithMD2AndDEScbc=\
+"PKCS #5 Password Based Encryption with MD2 and DES-CBC"
+
+  export pkcs5pbeWithMD5AndDEScbc=\
+"PKCS #5 Password Based Encryption with MD5 and DES-CBC"
+
+  export pkcs5pbeWithSha1AndDEScbc=\
+"PKCS #5 Password Based Encryption with SHA-1 and DES-CBC"
+
+############################## tools_init ##############################
+# local shell function to initialize this script 
+########################################################################
+tools_init()
+{
+  SCRIPTNAME=tools.sh      # sourced - $0 would point to all.sh
+
+  if [ -z "${CLEANUP}" ] ; then     # if nobody else is responsible for
+      CLEANUP="${SCRIPTNAME}"       # cleaning this script will do it
+  fi
+
+  if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
+      cd ../common
+      . ./init.sh
+  fi
+  if [ ! -r $CERT_LOG_FILE ]; then  # we need certificates here
+      cd ../cert
+      . ./cert.sh
+  fi
+  SCRIPTNAME=tools.sh
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      html_head "Tools Tests with ECC"
+  else
+      html_head "Tools Tests"
+  fi
+
+  grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
+      Exit 15 "Fatal - S/MIME of cert.sh needs to pass first"
+  }
+
+  TOOLSDIR=${HOSTDIR}/tools
+  COPYDIR=${TOOLSDIR}/copydir
+  SIGNDIR=${TOOLSDIR}/signdir
+
+  R_TOOLSDIR=../tools
+  R_COPYDIR=../tools/copydir
+  R_SIGNDIR=../tools/signdir
+  P_R_COPYDIR=${R_COPYDIR}
+  P_R_SIGNDIR=${R_SIGNDIR}
+  if [ -n "${MULTIACCESS_DBM}" ]; then
+      P_R_COPYDIR="multiaccess:Tools.$version"
+      P_R_SIGNDIR="multiaccess:Tools.sign.$version"
+  fi
+
+  mkdir -p ${TOOLSDIR}
+  mkdir -p ${COPYDIR}
+  mkdir -p ${SIGNDIR}
+  cp ${ALICEDIR}/* ${SIGNDIR}/
+  mkdir -p ${TOOLSDIR}/html
+  cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html
+
+  cd ${TOOLSDIR}
+}
+
+########################## list_p12_file ###############################
+# List the key and cert in the specified p12 file
+########################################################################
+list_p12_file()
+{
+  echo "$SCRIPTNAME: Listing Alice's pk12 file"
+  echo "pk12util -l ${1} -w ${R_PWFILE}"
+    
+  ${BINDIR}/pk12util -l ${1} -w ${R_PWFILE} 2>&1
+  ret=$?
+  html_msg $ret 0 "Listing ${1} (pk12util -l)"
+  check_tmpfile
+}
+
+########################################################################
+# Import the key and cert from the specified p12 file
+########################################################################
+import_p12_file()
+{
+  echo "$SCRIPTNAME: Importing Alice's pk12 ${1} file"
+  echo "pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
+    
+  ${BINDIR}/pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
+  ret=$?
+  html_msg $ret 0 "Importing ${1} (pk12util -i)"
+  check_tmpfile
+}
+
+########################################################################
+# Export the key and cert to a p12 file using default ciphers
+########################################################################
+export_with_default_ciphers() 
+{
+  echo "$SCRIPTNAME: Exporting Alice's key & cert with [default:default] (pk12util -o)"
+  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
+  echo "         -k ${R_PWFILE} -w ${R_PWFILE}"
+  ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
+                       -k ${R_PWFILE} -w ${R_PWFILE} 2>&1  
+  ret=$?  
+  html_msg $ret 0 "Exporting Alices's key & cert with [default:default] (pk12util -o)"
+  check_tmpfile
+  return $ret
+}
+
+########################################################################
+# Exports key/cert to a p12 file, the key encryption cipher is specified
+# and the cert encryption cipher is blank for default.
+########################################################################
+export_with_key_cipher() 
+{
+  # $1 key encryption cipher   
+  echo "$SCRIPTNAME: Exporting with [${1}:default]"
+  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
+  echo "         -k ${R_PWFILE} -w ${R_PWFILE} -c ${1}"
+  ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
+                     -k ${R_PWFILE} -w ${R_PWFILE} -c "${1}" 2>&1  
+  ret=$?  
+  html_msg $ret 0 "Exporting with [${1}:default] (pk12util -o)"
+  check_tmpfile
+  return $ret
+}
+
+########################################################################
+# Exports key/cert to a p12 file, the key encryption cipher is left
+# empty for default and the cert encryption cipher is specified.
+########################################################################
+export_with_cert_cipher() 
+{
+  # $1 certificate encryption cipher
+  echo "$SCRIPTNAME: Exporting with [default:${1}]"
+  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
+  echo "         -k ${R_PWFILE} -w ${R_PWFILE} -C ${1}"
+  ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
+                     -k ${R_PWFILE} -w ${R_PWFILE} -C "${1}" 2>&1  
+  ret=$?  
+  html_msg $ret 0 "Exporting with [default:${1}] (pk12util -o)"
+  check_tmpfile
+  return $ret
+}
+
+########################################################################
+# Exports key/cert to a p12 file, both the key encryption cipher and
+# the cert encryption cipher are specified.
+########################################################################
+export_with_both_key_and_cert_cipher()
+{
+  # $1 key encryption cipher or ""
+  # $2 certificate encryption cipher or ""
+  
+  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
+  echo "         -k ${R_PWFILE} -w ${R_PWFILE} -c ${1} -C ${2}"     
+  ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
+                       -k ${R_PWFILE} -w ${R_PWFILE} \
+                       -c "${1}" -C "${2}" 2>&1  
+  ret=$?    
+  html_msg $ret 0 "Exporting with [${1}:${2}] (pk12util -o)"
+  check_tmpfile
+  return $ret
+}
+
+########################################################################
+# Exports key and cert to a p12 file, both the key encryption cipher 
+# and the cert encryption cipher are specified. The key and cert are
+# imported and the p12 file is listed
+########################################################################
+export_list_import()
+{
+  # $1 key encryption cipher
+  # $2 certificate encryption cipher
+    
+  if [ "${1}" != "DEFAULT" -a "${2}" != "DEFAULT" ]; then
+      export_with_both_key_and_cert_cipher "${1}" "${2}"
+  elif [ "${1}" != "DEFAULT" -a "${2}" = "DEFAULT" ]; then
+      export_with_key_cipher "${1}"
+  elif [ "${1}" = "DEFAULT" -a "${2}" != "DEFAULT" ]; then
+      export_with_cert_cipher "${2}"
+  else
+      export_with_default_ciphers
+  fi
+    
+  list_p12_file Alice.p12
+  import_p12_file Alice.p12
+}
+
+########################################################################
+# Export using the pkcs5pbe ciphers for key and certificate encryption.
+# List the contents of and import from the p12 file.
+########################################################################
+tools_p12_export_list_import_all_pkcs5pbe_ciphers()
+{  
+  # specify each on key and cert cipher
+  for key_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \
+                    "${pkcs5pbeWithMD5AndDEScbc}" \
+                    "${pkcs5pbeWithSha1AndDEScbc}"\
+                    "DEFAULT"; do
+      for cert_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \
+                         "${pkcs5pbeWithMD5AndDEScbc}" \
+                         "${pkcs5pbeWithSha1AndDEScbc}" \
+                         "DEFAULT"\
+                         "null"; do
+            export_list_import "${key_cipher}" "${cert_cipher}"
+      done       
+  done
+}
+
+########################################################################
+# Export using the pkcs5v2 ciphers for key and certificate encryption.
+# List the contents of and import from the p12 file.
+########################################################################
+tools_p12_export_list_import_all_pkcs5v2_ciphers()
+{
+  # These should pass
+  for key_cipher in\
+    RC2-CBC \
+    DES-EDE3-CBC \
+    AES-128-CBC \
+    AES-192-CBC \
+    AES-256-CBC \
+    CAMELLIA-128-CBC \
+    CAMELLIA-192-CBC \
+    CAMELLIA-256-CBC; do
+
+#---------------------------------------------------------------
+# Bug 452464 - pk12util -o fails when -C option specifies
+# Camellia ciphers
+# FIXME Restore these to the list
+#    CAMELLIA-128-CBC, \
+#    CAMELLIA-192-CBC, \
+#    CAMELLIA-256-CBC, \
+#  when 452464 is fixed
+#---------------------------------------------------------------  
+    for cert_cipher in \
+      RC2-CBC \
+      DES-EDE3-CBC \
+      AES-128-CBC \
+      AES-192-CBC \
+      AES-256-CBC \
+      null; do
+	  export_list_import ${key_cipher} ${cert_cipher}
+	done
+  done
+}
+
+########################################################################
+# Export using the pkcs12v2pbe ciphers for key and certificate encryption.
+# List the contents of and import from the p12 file.
+########################################################################
+tools_p12_export_list_import_all_pkcs12v2pbe_ciphers()
+{ 
+#---------------------------------------------------------------
+# Bug 452471 - pk12util -o fails when -c option specifies pkcs12v2 PBE ciphers
+# FIXME - Restore these to the list 
+#                "${pkcs12v2pbeWithSha1And128BitRc4}" \
+#                "${pkcs12v2pbeWithSha1And40BitRc4}" \
+#	             "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \
+#                "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \
+#                "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \
+#                "${pkcs12v2pbeWithMd2AndDESCBC}" \
+#                "${pkcs12v2pbeWithMd5AndDESCBC}" \
+#                "${pkcs12v2pbeWithSha1AndDESCBC}" \
+#                "DEFAULT"; do
+# when 452471 is fixed
+#---------------------------------------------------------------
+#  for key_cipher in \
+    key_cipher="DEFAULT"
+    for cert_cipher in "${pkcs12v2pbeWithSha1And128BitRc4}" \
+                  "${pkcs12v2pbeWithSha1And40BitRc4}" \
+                  "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \
+                  "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \
+                  "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \
+                  "${pkcs12v2pbeWithMd2AndDESCBC}" \
+                  "${pkcs12v2pbeWithMd5AndDESCBC}" \
+                  "${pkcs12v2pbeWithSha1AndDESCBC}" \
+                  "DEFAULT"\
+                  "null"; do        
+	  export_list_import "${key_cipher}" "${key_cipher}" 
+	done
+  #done
+}
+
+#########################################################################
+# Export with no encryption on key should fail but on cert should pass
+#########################################################################
+tools_p12_export_with_null_ciphers()
+{
+  # use null as the key encryption algorithm default for the cert one
+  # should fail
+  
+  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
+  echo "         -k ${R_PWFILE} -w ${R_PWFILE} -c null"     
+  ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
+                       -k ${R_PWFILE} -w ${R_PWFILE} \
+                       -c null 2>&1  
+  ret=$?
+  html_msg $ret 30 "Exporting with [null:default] (pk12util -o)"
+  check_tmpfile
+
+  # use default as the key encryption algorithm null for the cert one
+  # should pass
+  
+  echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
+  echo "         -k ${R_PWFILE} -w ${R_PWFILE} -C null"     
+  ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
+                       -k ${R_PWFILE} -w ${R_PWFILE} \
+                       -C null 2>&1  
+  ret=$?
+  html_msg $ret 0 "Exporting with [default:null] (pk12util -o)"
+  check_tmpfile
+ 
+}
+
+#########################################################################
+# Exports using the default key and certificate encryption ciphers.
+# Imports from  and lists the contents of the p12 file.
+# Repeats the test with ECC if enabled.
+########################################################################
+tools_p12_export_list_import_with_default_ciphers()
+{
+  echo "$SCRIPTNAME: Exporting Alice's email cert & key - default ciphers"
+  
+  export_list_import "DEFAULT" "DEFAULT"
+
+  if [ -z "$NSS_DISABLE_ECC" ] ; then
+      echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
+      echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
+      echo "         -w ${R_PWFILE}"
+      ${BINDIR}/pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
+           -w ${R_PWFILE} 2>&1 
+      ret=$?
+      html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)"
+      check_tmpfile
+
+      echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------"
+      echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
+      ${BINDIR}/pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
+      ret=$?
+      html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)"
+      check_tmpfile
+
+      echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------"
+      echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}"
+      ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1
+      ret=$?
+      html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)"
+      check_tmpfile
+  fi
+}
+
+############################## tools_p12 ###############################
+# local shell function to test basic functionality of pk12util
+########################################################################
+tools_p12()
+{
+  tools_p12_export_list_import_with_default_ciphers
+  tools_p12_export_list_import_all_pkcs5v2_ciphers
+  tools_p12_export_list_import_all_pkcs5pbe_ciphers
+  tools_p12_export_list_import_all_pkcs12v2pbe_ciphers
+  tools_p12_export_with_null_ciphers
+}
+
+############################## tools_sign ##############################
+# local shell function pk12util uses a hardcoded tmp file, if this exists
+# and is owned by another user we don't get reasonable errormessages 
+########################################################################
+check_tmpfile()
+{
+  if [ $ret != "0" -a -f /tmp/Pk12uTemp ] ; then
+      echo "Error: pk12util temp file exists. Please remove this file and"
+      echo "       rerun the test (/tmp/Pk12uTemp) "
+  fi
+}
+
+############################## tools_sign ##############################
+# local shell function to test basic functionality of signtool
+########################################################################
+tools_sign()
+{
+  echo "$SCRIPTNAME: Create objsign cert -------------------------------"
+  echo "signtool -G \"objectsigner\" -d ${P_R_SIGNDIR} -p \"nss\""
+  ${BINDIR}/signtool -G "objsigner" -d ${P_R_SIGNDIR} -p "nss" 2>&1 <<SIGNSCRIPT
+y
+TEST
+MOZ
+NSS
+NY
+US
+liz
+liz@moz.org
+SIGNSCRIPT
+  html_msg $? 0 "Create objsign cert (signtool -G)"
+
+  echo "$SCRIPTNAME: Signing a jar of files ----------------------------"
+  echo "signtool -Z nojs.jar -d ${P_R_SIGNDIR} -p \"nss\" -k objsigner \\"
+  echo "         ${R_TOOLSDIR}/html"
+  ${BINDIR}/signtool -Z nojs.jar -d ${P_R_SIGNDIR} -p "nss" -k objsigner \
+           ${R_TOOLSDIR}/html
+  html_msg $? 0 "Signing a jar of files (signtool -Z)"
+
+  echo "$SCRIPTNAME: Listing signed files in jar ----------------------"
+  echo "signtool -v nojs.jar -d ${P_R_SIGNDIR} -p nss -k objsigner"
+  ${BINDIR}/signtool -v nojs.jar -d ${P_R_SIGNDIR} -p nss -k objsigner
+  html_msg $? 0 "Listing signed files in jar (signtool -v)"
+
+  echo "$SCRIPTNAME: Show who signed jar ------------------------------"
+  echo "signtool -w nojs.jar -d ${P_R_SIGNDIR}"
+  ${BINDIR}/signtool -w nojs.jar -d ${P_R_SIGNDIR}
+  html_msg $? 0 "Show who signed jar (signtool -w)"
+
+  echo "$SCRIPTNAME: Signing a xpi of files ----------------------------"
+  echo "signtool -Z nojs.xpi -X -d ${P_R_SIGNDIR} -p \"nss\" -k objsigner \\"
+  echo "         ${R_TOOLSDIR}/html"
+  ${BINDIR}/signtool -Z nojs.xpi -X -d ${P_R_SIGNDIR} -p "nss" -k objsigner \
+           ${R_TOOLSDIR}/html
+  html_msg $? 0 "Signing a xpi of files (signtool -Z -X)"
+
+  echo "$SCRIPTNAME: Listing signed files in xpi ----------------------"
+  echo "signtool -v nojs.xpi -d ${P_R_SIGNDIR} -p nss -k objsigner"
+  ${BINDIR}/signtool -v nojs.xpi -d ${P_R_SIGNDIR} -p nss -k objsigner
+  html_msg $? 0 "Listing signed files in xpi (signtool -v)"
+
+  echo "$SCRIPTNAME: Show who signed xpi ------------------------------"
+  echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}"
+  ${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR}
+  html_msg $? 0 "Show who signed xpi (signtool -w)"
+
+}
+
+############################## tools_cleanup ###########################
+# local shell function to finish this script (no exit since it might be 
+# sourced)
+########################################################################
+tools_cleanup()
+{
+  html "</TABLE><BR>"
+  cd ${QADIR}
+  . common/cleanup.sh
+}
+
+################## main #################################################
+
+tools_init
+tools_p12
+tools_sign
+tools_cleanup
+
+
diff --git a/nss/trademarks.txt b/nss/trademarks.txt
new file mode 100755
index 0000000..ce2aaf3
--- /dev/null
+++ b/nss/trademarks.txt
@@ -0,0 +1,129 @@
+The follow may be trademarked by their respective organizations.
+
+3DES            Triple Data Encryption Standard
+AIX
+ANSI            American National Standards Institute
+ASCII           American Standard Code for Information Interchange
+ASN.1           Abstract Syntax Notation 1
+BATON
+BER             Basic Encoding Rules
+BMP             Basic Multilingual Plane
+British Telecom
+CAST
+CAST128
+CAST3
+CAST5
+CCITT           Comité Consultatif International Téléphonique et Télégraphique
+CDMF
+CER             Canonical Encoding Rules
+CRMF            Certificate Request Message Format
+ctags           ctags(1)
+Columbia University
+Cryptoki
+DER             Distinguished Encoding Rules
+DES             Data Encryption Standard
+DES2            Data Encryption Standard (2 key)
+DES3            Data Encryption Standard (3 key / triple)
+DH              Diffie-Hellman
+DICOM
+DLL             Dynamically Loadable Library
+DSA             Digital Signature Algorithm
+Department of Defense
+E.163-4
+ECDSA
+ECMA            European Computers Manufacturing Association
+EDI             Electronic Data Interchange
+emacs           emacs(1)
+EWOS            European Workshop on Open Systems
+Entrust
+Example.com
+FORTEZZA
+GIF             Graphical Interchange Format
+HP		Hewlett Packard
+HPUX
+HTML            Hypertext Markup Language
+IANA            Internet Assigned Numbers Authority
+IBM		International Business Machine
+IDEA
+IEEE
+IPSEC
+IRIX
+ISO             International Organization for Standardization
+ITU             International Telecommunication Union
+Java
+JPEG            Joint Photographic Experts Group
+JUNIPER
+KEA             Key Encryption Algorithm
+LDAP            Lightweight Directory Access Protocol
+LWER            Lightweight Encoding Rules
+Macintosh
+MD2
+MD5
+MIME            Multipurpose Internet Mail Extensions
+MISSI
+Microsoft
+NATO            North Atlantic Treaty Organization
+NSPR            Netscape Portable Runtime
+NSS             Network Security Services
+Netscape
+Netscape Certificate Server
+Netscape Directory
+Nordunet
+OAEP
+OCSP            Online Certificate Status Protocol
+OID             Object Identifier
+OSI             Open Systems Interconnection
+OSF		Open Software Foundation
+OSF1
+PERL            Practical Extraction and Report Language
+PGP             Pretty Good Privacy
+PHG
+PKCS            Public Key Cryptography Standards
+PKIX            Public Key Infrastructure (X.509)
+POSIX
+PTHREADS        Posix Threads
+PURIFY
+RC2
+RC4
+RC5
+RFC
+RSA
+RSA Data Security
+RSA Security
+SHA1            Secure Hashing Algorithm
+SITA            Societe Internationale de Telecommunications Aeronautiques
+SKIPJACK
+SMIME           Secure MIME
+SMPTE           Society of Motion Picture and Television Engineers
+SNMP            Simple Network Management Protocol
+SGI		Silicon Graphics Incorporated
+SSL             Secure Sockets Layer
+Sun
+SunOS
+Solaris
+TLS             Transport Layer Security
+Teletex
+Teletrust
+Telex
+Thawte
+UCS-4           Universal Coded Character Set
+UNIX
+URI             Uniform Resource Identifier
+URL             Uniform Resource Locator
+UTF-8           Unicode Transformation Format
+Unisys
+Verisign
+WIN32           Windows
+WINNT           Windows NT
+Windows
+WordPerfect
+X.121
+X.25
+X.400
+X.509
+X.520
+X9.42
+X9.57
+XAPIA
+Z39.50
+